1354 files changed, 165624 insertions, 204994 deletions

diff --git a/Makefile.todo b/Makefile.todo
index 1c1c395c..6239ef40 100644
--- a/Makefile.todo
+++ b/Makefile.todo
@@ -82,6 +82,8 @@ program-header:
 	cd freebsd/tools/tools/net80211/wlanstats && $(BASE)/userspace-header-gen.py $(BUILD_BSP)/freebsd/tools/tools/net80211/wlanstats/*.o -p wlanstats
 	cd freebsd/usr.bin/netstat && $(BASE)/userspace-header-gen.py $(BUILD_BSP)/freebsd/usr.bin/netstat/*.o -p netstat
 	cd freebsd/usr.sbin/arp && $(BASE)/userspace-header-gen.py $(BUILD_BSP)/freebsd/usr.sbin/arp/*.o -p arp
+	cd ipsec-tools/src/racoon && $(BASE)/userspace-header-gen.py $(BUILD_BSP)/ipsec-tools/src/racoon/*.o -p racoon
+	cd ipsec-tools/src/setkey && $(BASE)/userspace-header-gen.py $(BUILD_BSP)/ipsec-tools/src/setkey/*.o -p setkey
 
 $(LOCAL_INC)/usbdevs.h: $(FREEBSD_SRC)/sys/dev/usb/usbdevs
 	awk -f $(TOOLS)/usbdevs2h.awk $< -h
diff --git a/freebsd-org b/freebsd-org
-Subproject 6c2192b1ef8c50788c751f878552526800b1e31
+Subproject 59f44d20be3f99d181ca742e636d45fc39ec982
diff --git a/freebsd/contrib/tcpdump/print-pflog.c b/freebsd/contrib/tcpdump/print-pflog.c
index 78c3295c..b7706353 100644
--- a/freebsd/contrib/tcpdump/print-pflog.c
+++ b/freebsd/contrib/tcpdump/print-pflog.c
@@ -103,8 +103,12 @@ pflog_print(netdissect_options *ndo, const struct pfloghdr *hdr)
 	else
 		ND_PRINT((ndo, "rule %u.%s.%u/", rulenr, hdr->ruleset, subrulenr));
 
-	ND_PRINT((ndo, "%s: %s %s on %s: ",
-	    tok2str(pf_reasons, "unkn(%u)", hdr->reason),
+	ND_PRINT((ndo, "%s", tok2str(pf_reasons, "unkn(%u)", hdr->reason)));
+
+	if (hdr->uid != UID_MAX)
+		ND_PRINT((ndo, " [uid %u]", (unsigned)hdr->uid));
+
+	ND_PRINT((ndo, ": %s %s on %s: ",
 	    tok2str(pf_actions, "unkn(%u)", hdr->action),
 	    tok2str(pf_directions, "unkn(%u)", hdr->dir),
 	    hdr->ifname));
diff --git a/freebsd/crypto/openssl/crypto/LPdir_unix.c b/freebsd/crypto/openssl/crypto/LPdir_unix.c
index fb24118e..ba056031 100644
--- a/freebsd/crypto/openssl/crypto/LPdir_unix.c
+++ b/freebsd/crypto/openssl/crypto/LPdir_unix.c
@@ -1,7 +1,19 @@
 #include <machine/rtems-bsd-user-space.h>
 
 /*
- * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
+ * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This file is dual-licensed and is also available under the following
+ * terms:
+ *
+ * Copyright (c) 2004, 2018, Richard Levitte <richard@levitte.org>
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -36,6 +48,9 @@
 #ifndef LPDIR_H
 # include "LPdir.h"
 #endif
+#ifdef __VMS
+# include <ctype.h>
+#endif
 
 /*
  * The POSIXly macro for the maximum number of characters in a file path is
@@ -63,6 +78,10 @@
 struct LP_dir_context_st {
     DIR *dir;
     char entry_name[LP_ENTRY_SIZE + 1];
+#ifdef __VMS
+    int expect_file_generations;
+    char previous_entry_name[LP_ENTRY_SIZE + 1];
+#endif
 };
 
 const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
@@ -76,12 +95,21 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
 
     errno = 0;
     if (*ctx == NULL) {
-        *ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX));
+        *ctx = malloc(sizeof(**ctx));
         if (*ctx == NULL) {
             errno = ENOMEM;
             return 0;
         }
-        memset(*ctx, '\0', sizeof(LP_DIR_CTX));
+        memset(*ctx, 0, sizeof(**ctx));
+
+#ifdef __VMS
+        {
+            char c = directory[strlen(directory) - 1];
+
+            if (c == ']' || c == '>' || c == ':')
+                (*ctx)->expect_file_generations = 1;
+        }
+#endif
 
         (*ctx)->dir = opendir(directory);
         if ((*ctx)->dir == NULL) {
@@ -93,6 +121,13 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
         }
     }
 
+#ifdef __VMS
+    strncpy((*ctx)->previous_entry_name, (*ctx)->entry_name,
+            sizeof((*ctx)->previous_entry_name));
+
+ again:
+#endif
+
     direntry = readdir((*ctx)->dir);
     if (direntry == NULL) {
         return 0;
@@ -101,6 +136,18 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
     strncpy((*ctx)->entry_name, direntry->d_name,
             sizeof((*ctx)->entry_name) - 1);
     (*ctx)->entry_name[sizeof((*ctx)->entry_name) - 1] = '\0';
+#ifdef __VMS
+    if ((*ctx)->expect_file_generations) {
+        char *p = (*ctx)->entry_name + strlen((*ctx)->entry_name);
+
+        while(p > (*ctx)->entry_name && isdigit(p[-1]))
+            p--;
+        if (p > (*ctx)->entry_name && p[-1] == ';')
+            p[-1] = '\0';
+        if (strcasecmp((*ctx)->entry_name, (*ctx)->previous_entry_name) == 0)
+            goto again;
+    }
+#endif
     return (*ctx)->entry_name;
 }
 
diff --git a/freebsd/crypto/openssl/crypto/aes/aes.h b/freebsd/crypto/openssl/crypto/aes/aes.h
deleted file mode 100644
index faa66c49..00000000
--- a/freebsd/crypto/openssl/crypto/aes/aes.h
+++ /dev/null
@@ -1,149 +0,0 @@
-/* crypto/aes/aes.h */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#ifndef HEADER_AES_H
-# define HEADER_AES_H
-
-# include <openssl/opensslconf.h>
-
-# ifdef OPENSSL_NO_AES
-#  error AES is disabled.
-# endif
-
-# include <stddef.h>
-
-# define AES_ENCRYPT     1
-# define AES_DECRYPT     0
-
-/*
- * Because array size can't be a const in C, the following two are macros.
- * Both sizes are in bytes.
- */
-# define AES_MAXNR 14
-# define AES_BLOCK_SIZE 16
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* This should be a hidden type, but EVP requires that the size be known */
-struct aes_key_st {
-# ifdef AES_LONG
-    unsigned long rd_key[4 * (AES_MAXNR + 1)];
-# else
-    unsigned int rd_key[4 * (AES_MAXNR + 1)];
-# endif
-    int rounds;
-};
-typedef struct aes_key_st AES_KEY;
-
-const char *AES_options(void);
-
-int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
-                        AES_KEY *key);
-int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
-                        AES_KEY *key);
-
-int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
-                                AES_KEY *key);
-int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits,
-                                AES_KEY *key);
-
-void AES_encrypt(const unsigned char *in, unsigned char *out,
-                 const AES_KEY *key);
-void AES_decrypt(const unsigned char *in, unsigned char *out,
-                 const AES_KEY *key);
-
-void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
-                     const AES_KEY *key, const int enc);
-void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
-                     size_t length, const AES_KEY *key,
-                     unsigned char *ivec, const int enc);
-void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
-                        size_t length, const AES_KEY *key,
-                        unsigned char *ivec, int *num, const int enc);
-void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
-                      size_t length, const AES_KEY *key,
-                      unsigned char *ivec, int *num, const int enc);
-void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
-                      size_t length, const AES_KEY *key,
-                      unsigned char *ivec, int *num, const int enc);
-void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
-                        size_t length, const AES_KEY *key,
-                        unsigned char *ivec, int *num);
-void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
-                        size_t length, const AES_KEY *key,
-                        unsigned char ivec[AES_BLOCK_SIZE],
-                        unsigned char ecount_buf[AES_BLOCK_SIZE],
-                        unsigned int *num);
-/* NB: the IV is _two_ blocks long */
-void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
-                     size_t length, const AES_KEY *key,
-                     unsigned char *ivec, const int enc);
-/* NB: the IV is _four_ blocks long */
-void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
-                        size_t length, const AES_KEY *key,
-                        const AES_KEY *key2, const unsigned char *ivec,
-                        const int enc);
-
-int AES_wrap_key(AES_KEY *key, const unsigned char *iv,
-                 unsigned char *out,
-                 const unsigned char *in, unsigned int inlen);
-int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
-                   unsigned char *out,
-                   const unsigned char *in, unsigned int inlen);
-
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif                          /* !HEADER_AES_H */
diff --git a/freebsd/crypto/openssl/crypto/aes/aes_cbc.c b/freebsd/crypto/openssl/crypto/aes/aes_cbc.c
index 972ecfe0..4aab9f27 100644
--- a/freebsd/crypto/openssl/crypto/aes/aes_cbc.c
+++ b/freebsd/crypto/openssl/crypto/aes/aes_cbc.c
@@ -1,54 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/aes/aes_cbc.c */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/aes.h>
diff --git a/freebsd/crypto/openssl/crypto/aes/aes_cfb.c b/freebsd/crypto/openssl/crypto/aes/aes_cfb.c
index 0d33cce4..3ca8a533 100644
--- a/freebsd/crypto/openssl/crypto/aes/aes_cfb.c
+++ b/freebsd/crypto/openssl/crypto/aes/aes_cfb.c
@@ -1,54 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/aes/aes_cfb.c */
-/* ====================================================================
- * Copyright (c) 2002-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/aes.h>
diff --git a/freebsd/crypto/openssl/crypto/aes/aes_core.c b/freebsd/crypto/openssl/crypto/aes/aes_core.c
index 9d38b731..05c6b85c 100644
--- a/freebsd/crypto/openssl/crypto/aes/aes_core.c
+++ b/freebsd/crypto/openssl/crypto/aes/aes_core.c
@@ -1,6 +1,14 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/aes/aes_core.c */
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
 /**
  * rijndael-alg-fst.c
  *
@@ -8,9 +16,9 @@
  *
  * Optimised ANSI C code for the Rijndael cipher (now AES)
  *
- * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
- * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
- * @author Paulo Barreto <paulo.barreto@terra.com.br>
+ * @author Vincent Rijmen
+ * @author Antoon Bosselaers
+ * @author Paulo Barreto
  *
  * This code is hereby placed in the public domain.
  *
@@ -30,14 +38,10 @@
 /* Note: rewritten a little bit to provide error control and an OpenSSL-
    compatible API */
 
-#ifndef AES_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
 #include <assert.h>
 
 #include <stdlib.h>
+#include <openssl/crypto.h>
 #include <openssl/aes.h>
 #include "aes_locl.h"
 
@@ -627,8 +631,8 @@ static const u32 rcon[] = {
 /**
  * Expand the cipher key into the encryption key schedule.
  */
-int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
-                                AES_KEY *key)
+int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+                        AES_KEY *key)
 {
 
     u32 *rk;
@@ -642,9 +646,9 @@ int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
 
     rk = key->rd_key;
 
-    if (bits==128)
+    if (bits == 128)
         key->rounds = 10;
-    else if (bits==192)
+    else if (bits == 192)
         key->rounds = 12;
     else
         key->rounds = 14;
@@ -729,8 +733,8 @@ int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
 /**
  * Expand the cipher key into the decryption key schedule.
  */
-int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits,
-                                AES_KEY *key)
+int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+                        AES_KEY *key)
 {
 
     u32 *rk;
@@ -738,7 +742,7 @@ int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits,
     u32 temp;
 
     /* first, start with an encryption schedule */
-    status = private_AES_set_encrypt_key(userKey, bits, key);
+    status = AES_set_encrypt_key(userKey, bits, key);
     if (status < 0)
         return status;
 
@@ -1206,11 +1210,11 @@ static const u32 rcon[] = {
 /**
  * Expand the cipher key into the encryption key schedule.
  */
-int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
-                                AES_KEY *key)
+int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+                        AES_KEY *key)
 {
     u32 *rk;
-   	int i = 0;
+    int i = 0;
     u32 temp;
 
     if (!userKey || !key)
@@ -1220,9 +1224,9 @@ int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
 
     rk = key->rd_key;
 
-    if (bits==128)
+    if (bits == 128)
         key->rounds = 10;
-    else if (bits==192)
+    else if (bits == 192)
         key->rounds = 12;
     else
         key->rounds = 14;
@@ -1307,8 +1311,8 @@ int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
 /**
  * Expand the cipher key into the decryption key schedule.
  */
-int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits,
-                                AES_KEY *key)
+int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+                        AES_KEY *key)
 {
 
     u32 *rk;
@@ -1316,7 +1320,7 @@ int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits,
     u32 temp;
 
     /* first, start with an encryption schedule */
-    status = private_AES_set_encrypt_key(userKey, bits, key);
+    status = AES_set_encrypt_key(userKey, bits, key);
     if (status < 0)
         return status;
 
@@ -1353,7 +1357,7 @@ int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits,
             rk[j] = tpe ^ ROTATE(tpd,16) ^
                 ROTATE(tp9,24) ^ ROTATE(tpb,8);
 #else
-            rk[j] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^ 
+            rk[j] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^
                 (tp9 >> 8) ^ (tp9 << 24) ^
                 (tpb >> 24) ^ (tpb << 8);
 #endif
diff --git a/freebsd/crypto/openssl/crypto/aes/aes_ctr.c b/freebsd/crypto/openssl/crypto/aes/aes_ctr.c
deleted file mode 100644
index 53f5343d..00000000
--- a/freebsd/crypto/openssl/crypto/aes/aes_ctr.c
+++ /dev/null
@@ -1,65 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/aes/aes_ctr.c */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#include <openssl/aes.h>
-#include <openssl/modes.h>
-
-void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
-                        size_t length, const AES_KEY *key,
-                        unsigned char ivec[AES_BLOCK_SIZE],
-                        unsigned char ecount_buf[AES_BLOCK_SIZE],
-                        unsigned int *num)
-{
-    CRYPTO_ctr128_encrypt(in, out, length, key, ivec, ecount_buf, num,
-                          (block128_f) AES_encrypt);
-}
diff --git a/freebsd/crypto/openssl/crypto/aes/aes_ecb.c b/freebsd/crypto/openssl/crypto/aes/aes_ecb.c
index b908072c..11938ea2 100644
--- a/freebsd/crypto/openssl/crypto/aes/aes_ecb.c
+++ b/freebsd/crypto/openssl/crypto/aes/aes_ecb.c
@@ -1,61 +1,14 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/aes/aes_ecb.c */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#ifndef AES_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
 #include <assert.h>
 
 #include <openssl/aes.h>
diff --git a/freebsd/crypto/openssl/crypto/aes/aes_ige.c b/freebsd/crypto/openssl/crypto/aes/aes_ige.c
index 36791604..a06e68a7 100644
--- a/freebsd/crypto/openssl/crypto/aes/aes_ige.c
+++ b/freebsd/crypto/openssl/crypto/aes/aes_ige.c
@@ -1,57 +1,15 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/aes/aes_ige.c */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 
 #include <openssl/aes.h>
 #include "aes_locl.h"
@@ -85,6 +43,9 @@ void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
     size_t n;
     size_t len = length;
 
+    if (length == 0)
+        return;
+
     OPENSSL_assert(in && out && key && ivec);
     OPENSSL_assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc));
     OPENSSL_assert((length % AES_BLOCK_SIZE) == 0);
diff --git a/freebsd/crypto/openssl/crypto/aes/aes_locl.h b/freebsd/crypto/openssl/crypto/aes/aes_locl.h
index 7acd74ec..adee29df 100644
--- a/freebsd/crypto/openssl/crypto/aes/aes_locl.h
+++ b/freebsd/crypto/openssl/crypto/aes/aes_locl.h
@@ -1,63 +1,16 @@
-/* crypto/aes/aes.h */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #ifndef HEADER_AES_LOCL_H
 # define HEADER_AES_LOCL_H
 
 # include <openssl/e_os2.h>
-
-# ifdef OPENSSL_NO_AES
-#  error AES is disabled.
-# endif
-
 # include <stdio.h>
 # include <stdlib.h>
 # include <string.h>
diff --git a/freebsd/crypto/openssl/crypto/aes/aes_misc.c b/freebsd/crypto/openssl/crypto/aes/aes_misc.c
index ed324b31..ee1f1246 100644
--- a/freebsd/crypto/openssl/crypto/aes/aes_misc.c
+++ b/freebsd/crypto/openssl/crypto/aes/aes_misc.c
@@ -1,63 +1,18 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/aes/aes_misc.c */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/opensslv.h>
-#include <openssl/crypto.h>
 #include <openssl/aes.h>
 #include "aes_locl.h"
 
-const char AES_version[] = "AES" OPENSSL_VERSION_PTEXT;
-
 const char *AES_options(void)
 {
 #ifdef FULL_UNROLL
@@ -66,23 +21,3 @@ const char *AES_options(void)
     return "aes(partial)";
 #endif
 }
-
-/* FIPS wrapper functions to block low level AES calls in FIPS mode */
-
-int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
-                        AES_KEY *key)
-{
-#ifdef OPENSSL_FIPS
-    fips_cipher_abort(AES);
-#endif
-    return private_AES_set_encrypt_key(userKey, bits, key);
-}
-
-int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
-                        AES_KEY *key)
-{
-#ifdef OPENSSL_FIPS
-    fips_cipher_abort(AES);
-#endif
-    return private_AES_set_decrypt_key(userKey, bits, key);
-}
diff --git a/freebsd/crypto/openssl/crypto/aes/aes_ofb.c b/freebsd/crypto/openssl/crypto/aes/aes_ofb.c
index dd4f09f8..3c394787 100644
--- a/freebsd/crypto/openssl/crypto/aes/aes_ofb.c
+++ b/freebsd/crypto/openssl/crypto/aes/aes_ofb.c
@@ -1,54 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/aes/aes_ofb.c */
-/* ====================================================================
- * Copyright (c) 2002-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/aes.h>
diff --git a/freebsd/crypto/openssl/crypto/aes/aes_wrap.c b/freebsd/crypto/openssl/crypto/aes/aes_wrap.c
index e98ae319..373fb46d 100644
--- a/freebsd/crypto/openssl/crypto/aes/aes_wrap.c
+++ b/freebsd/crypto/openssl/crypto/aes/aes_wrap.c
@@ -1,60 +1,15 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/aes/aes_wrap.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/aes.h>
 #include <openssl/modes.h>
 
diff --git a/freebsd/crypto/openssl/crypto/aria/aria.c b/freebsd/crypto/openssl/crypto/aria/aria.c
new file mode 100644
index 00000000..b6ef5449
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/aria/aria.c
@@ -0,0 +1,1214 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2017, Oracle and/or its affiliates.  All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Copyright (C) 2017 National Security Research Institute. All Rights Reserved.
+ *
+ * Information for ARIA
+ *     http://210.104.33.10/ARIA/index-e.html (English)
+ *     http://seed.kisa.or.kr/ (Korean)
+ *
+ * Public domain version is distributed above.
+ */
+
+#include <openssl/e_os2.h>
+#include "internal/aria.h"
+
+#include <assert.h>
+#include <string.h>
+
+#ifndef OPENSSL_SMALL_FOOTPRINT
+
+/* Begin macro */
+
+/* rotation */
+#define rotl32(v, r) (((uint32_t)(v) << (r)) | ((uint32_t)(v) >> (32 - r)))
+#define rotr32(v, r) (((uint32_t)(v) >> (r)) | ((uint32_t)(v) << (32 - r)))
+
+#define bswap32(v)                                          \
+    (((v) << 24) ^ ((v) >> 24) ^                            \
+    (((v) & 0x0000ff00) << 8) ^ (((v) & 0x00ff0000) >> 8))
+
+#define GET_U8_BE(X, Y) ((uint8_t)((X) >> ((3 - Y) * 8)))
+#define GET_U32_BE(X, Y) (                                  \
+    ((uint32_t)((const uint8_t *)(X))[Y * 4    ] << 24) ^   \
+    ((uint32_t)((const uint8_t *)(X))[Y * 4 + 1] << 16) ^   \
+    ((uint32_t)((const uint8_t *)(X))[Y * 4 + 2] <<  8) ^   \
+    ((uint32_t)((const uint8_t *)(X))[Y * 4 + 3]      )     )
+
+#define PUT_U32_BE(DEST, IDX, VAL)                              \
+    do {                                                        \
+        ((uint8_t *)(DEST))[IDX * 4    ] = GET_U8_BE(VAL, 0);   \
+        ((uint8_t *)(DEST))[IDX * 4 + 1] = GET_U8_BE(VAL, 1);   \
+        ((uint8_t *)(DEST))[IDX * 4 + 2] = GET_U8_BE(VAL, 2);   \
+        ((uint8_t *)(DEST))[IDX * 4 + 3] = GET_U8_BE(VAL, 3);   \
+    } while(0)
+
+#define MAKE_U32(V0, V1, V2, V3) (      \
+    ((uint32_t)((uint8_t)(V0)) << 24) | \
+    ((uint32_t)((uint8_t)(V1)) << 16) | \
+    ((uint32_t)((uint8_t)(V2)) <<  8) | \
+    ((uint32_t)((uint8_t)(V3))      )   )
+
+/* End Macro*/
+
+/* Key Constant
+ * 128bit : 0, 1,    2
+ * 192bit : 1, 2,    3(0)
+ * 256bit : 2, 3(0), 4(1)
+ */
+static const uint32_t Key_RC[5][4] = {
+    { 0x517cc1b7, 0x27220a94, 0xfe13abe8, 0xfa9a6ee0 },
+    { 0x6db14acc, 0x9e21c820, 0xff28b1d5, 0xef5de2b0 },
+    { 0xdb92371d, 0x2126e970, 0x03249775, 0x04e8c90e },
+    { 0x517cc1b7, 0x27220a94, 0xfe13abe8, 0xfa9a6ee0 },
+    { 0x6db14acc, 0x9e21c820, 0xff28b1d5, 0xef5de2b0 }
+};
+
+/* 32bit expanded s-box */
+static const uint32_t S1[256] = {
+    0x00636363, 0x007c7c7c, 0x00777777, 0x007b7b7b,
+    0x00f2f2f2, 0x006b6b6b, 0x006f6f6f, 0x00c5c5c5,
+    0x00303030, 0x00010101, 0x00676767, 0x002b2b2b,
+    0x00fefefe, 0x00d7d7d7, 0x00ababab, 0x00767676,
+    0x00cacaca, 0x00828282, 0x00c9c9c9, 0x007d7d7d,
+    0x00fafafa, 0x00595959, 0x00474747, 0x00f0f0f0,
+    0x00adadad, 0x00d4d4d4, 0x00a2a2a2, 0x00afafaf,
+    0x009c9c9c, 0x00a4a4a4, 0x00727272, 0x00c0c0c0,
+    0x00b7b7b7, 0x00fdfdfd, 0x00939393, 0x00262626,
+    0x00363636, 0x003f3f3f, 0x00f7f7f7, 0x00cccccc,
+    0x00343434, 0x00a5a5a5, 0x00e5e5e5, 0x00f1f1f1,
+    0x00717171, 0x00d8d8d8, 0x00313131, 0x00151515,
+    0x00040404, 0x00c7c7c7, 0x00232323, 0x00c3c3c3,
+    0x00181818, 0x00969696, 0x00050505, 0x009a9a9a,
+    0x00070707, 0x00121212, 0x00808080, 0x00e2e2e2,
+    0x00ebebeb, 0x00272727, 0x00b2b2b2, 0x00757575,
+    0x00090909, 0x00838383, 0x002c2c2c, 0x001a1a1a,
+    0x001b1b1b, 0x006e6e6e, 0x005a5a5a, 0x00a0a0a0,
+    0x00525252, 0x003b3b3b, 0x00d6d6d6, 0x00b3b3b3,
+    0x00292929, 0x00e3e3e3, 0x002f2f2f, 0x00848484,
+    0x00535353, 0x00d1d1d1, 0x00000000, 0x00ededed,
+    0x00202020, 0x00fcfcfc, 0x00b1b1b1, 0x005b5b5b,
+    0x006a6a6a, 0x00cbcbcb, 0x00bebebe, 0x00393939,
+    0x004a4a4a, 0x004c4c4c, 0x00585858, 0x00cfcfcf,
+    0x00d0d0d0, 0x00efefef, 0x00aaaaaa, 0x00fbfbfb,
+    0x00434343, 0x004d4d4d, 0x00333333, 0x00858585,
+    0x00454545, 0x00f9f9f9, 0x00020202, 0x007f7f7f,
+    0x00505050, 0x003c3c3c, 0x009f9f9f, 0x00a8a8a8,
+    0x00515151, 0x00a3a3a3, 0x00404040, 0x008f8f8f,
+    0x00929292, 0x009d9d9d, 0x00383838, 0x00f5f5f5,
+    0x00bcbcbc, 0x00b6b6b6, 0x00dadada, 0x00212121,
+    0x00101010, 0x00ffffff, 0x00f3f3f3, 0x00d2d2d2,
+    0x00cdcdcd, 0x000c0c0c, 0x00131313, 0x00ececec,
+    0x005f5f5f, 0x00979797, 0x00444444, 0x00171717,
+    0x00c4c4c4, 0x00a7a7a7, 0x007e7e7e, 0x003d3d3d,
+    0x00646464, 0x005d5d5d, 0x00191919, 0x00737373,
+    0x00606060, 0x00818181, 0x004f4f4f, 0x00dcdcdc,
+    0x00222222, 0x002a2a2a, 0x00909090, 0x00888888,
+    0x00464646, 0x00eeeeee, 0x00b8b8b8, 0x00141414,
+    0x00dedede, 0x005e5e5e, 0x000b0b0b, 0x00dbdbdb,
+    0x00e0e0e0, 0x00323232, 0x003a3a3a, 0x000a0a0a,
+    0x00494949, 0x00060606, 0x00242424, 0x005c5c5c,
+    0x00c2c2c2, 0x00d3d3d3, 0x00acacac, 0x00626262,
+    0x00919191, 0x00959595, 0x00e4e4e4, 0x00797979,
+    0x00e7e7e7, 0x00c8c8c8, 0x00373737, 0x006d6d6d,
+    0x008d8d8d, 0x00d5d5d5, 0x004e4e4e, 0x00a9a9a9,
+    0x006c6c6c, 0x00565656, 0x00f4f4f4, 0x00eaeaea,
+    0x00656565, 0x007a7a7a, 0x00aeaeae, 0x00080808,
+    0x00bababa, 0x00787878, 0x00252525, 0x002e2e2e,
+    0x001c1c1c, 0x00a6a6a6, 0x00b4b4b4, 0x00c6c6c6,
+    0x00e8e8e8, 0x00dddddd, 0x00747474, 0x001f1f1f,
+    0x004b4b4b, 0x00bdbdbd, 0x008b8b8b, 0x008a8a8a,
+    0x00707070, 0x003e3e3e, 0x00b5b5b5, 0x00666666,
+    0x00484848, 0x00030303, 0x00f6f6f6, 0x000e0e0e,
+    0x00616161, 0x00353535, 0x00575757, 0x00b9b9b9,
+    0x00868686, 0x00c1c1c1, 0x001d1d1d, 0x009e9e9e,
+    0x00e1e1e1, 0x00f8f8f8, 0x00989898, 0x00111111,
+    0x00696969, 0x00d9d9d9, 0x008e8e8e, 0x00949494,
+    0x009b9b9b, 0x001e1e1e, 0x00878787, 0x00e9e9e9,
+    0x00cecece, 0x00555555, 0x00282828, 0x00dfdfdf,
+    0x008c8c8c, 0x00a1a1a1, 0x00898989, 0x000d0d0d,
+    0x00bfbfbf, 0x00e6e6e6, 0x00424242, 0x00686868,
+    0x00414141, 0x00999999, 0x002d2d2d, 0x000f0f0f,
+    0x00b0b0b0, 0x00545454, 0x00bbbbbb, 0x00161616
+};
+
+static const uint32_t S2[256] = {
+    0xe200e2e2, 0x4e004e4e, 0x54005454, 0xfc00fcfc,
+    0x94009494, 0xc200c2c2, 0x4a004a4a, 0xcc00cccc,
+    0x62006262, 0x0d000d0d, 0x6a006a6a, 0x46004646,
+    0x3c003c3c, 0x4d004d4d, 0x8b008b8b, 0xd100d1d1,
+    0x5e005e5e, 0xfa00fafa, 0x64006464, 0xcb00cbcb,
+    0xb400b4b4, 0x97009797, 0xbe00bebe, 0x2b002b2b,
+    0xbc00bcbc, 0x77007777, 0x2e002e2e, 0x03000303,
+    0xd300d3d3, 0x19001919, 0x59005959, 0xc100c1c1,
+    0x1d001d1d, 0x06000606, 0x41004141, 0x6b006b6b,
+    0x55005555, 0xf000f0f0, 0x99009999, 0x69006969,
+    0xea00eaea, 0x9c009c9c, 0x18001818, 0xae00aeae,
+    0x63006363, 0xdf00dfdf, 0xe700e7e7, 0xbb00bbbb,
+    0x00000000, 0x73007373, 0x66006666, 0xfb00fbfb,
+    0x96009696, 0x4c004c4c, 0x85008585, 0xe400e4e4,
+    0x3a003a3a, 0x09000909, 0x45004545, 0xaa00aaaa,
+    0x0f000f0f, 0xee00eeee, 0x10001010, 0xeb00ebeb,
+    0x2d002d2d, 0x7f007f7f, 0xf400f4f4, 0x29002929,
+    0xac00acac, 0xcf00cfcf, 0xad00adad, 0x91009191,
+    0x8d008d8d, 0x78007878, 0xc800c8c8, 0x95009595,
+    0xf900f9f9, 0x2f002f2f, 0xce00cece, 0xcd00cdcd,
+    0x08000808, 0x7a007a7a, 0x88008888, 0x38003838,
+    0x5c005c5c, 0x83008383, 0x2a002a2a, 0x28002828,
+    0x47004747, 0xdb00dbdb, 0xb800b8b8, 0xc700c7c7,
+    0x93009393, 0xa400a4a4, 0x12001212, 0x53005353,
+    0xff00ffff, 0x87008787, 0x0e000e0e, 0x31003131,
+    0x36003636, 0x21002121, 0x58005858, 0x48004848,
+    0x01000101, 0x8e008e8e, 0x37003737, 0x74007474,
+    0x32003232, 0xca00caca, 0xe900e9e9, 0xb100b1b1,
+    0xb700b7b7, 0xab00abab, 0x0c000c0c, 0xd700d7d7,
+    0xc400c4c4, 0x56005656, 0x42004242, 0x26002626,
+    0x07000707, 0x98009898, 0x60006060, 0xd900d9d9,
+    0xb600b6b6, 0xb900b9b9, 0x11001111, 0x40004040,
+    0xec00ecec, 0x20002020, 0x8c008c8c, 0xbd00bdbd,
+    0xa000a0a0, 0xc900c9c9, 0x84008484, 0x04000404,
+    0x49004949, 0x23002323, 0xf100f1f1, 0x4f004f4f,
+    0x50005050, 0x1f001f1f, 0x13001313, 0xdc00dcdc,
+    0xd800d8d8, 0xc000c0c0, 0x9e009e9e, 0x57005757,
+    0xe300e3e3, 0xc300c3c3, 0x7b007b7b, 0x65006565,
+    0x3b003b3b, 0x02000202, 0x8f008f8f, 0x3e003e3e,
+    0xe800e8e8, 0x25002525, 0x92009292, 0xe500e5e5,
+    0x15001515, 0xdd00dddd, 0xfd00fdfd, 0x17001717,
+    0xa900a9a9, 0xbf00bfbf, 0xd400d4d4, 0x9a009a9a,
+    0x7e007e7e, 0xc500c5c5, 0x39003939, 0x67006767,
+    0xfe00fefe, 0x76007676, 0x9d009d9d, 0x43004343,
+    0xa700a7a7, 0xe100e1e1, 0xd000d0d0, 0xf500f5f5,
+    0x68006868, 0xf200f2f2, 0x1b001b1b, 0x34003434,
+    0x70007070, 0x05000505, 0xa300a3a3, 0x8a008a8a,
+    0xd500d5d5, 0x79007979, 0x86008686, 0xa800a8a8,
+    0x30003030, 0xc600c6c6, 0x51005151, 0x4b004b4b,
+    0x1e001e1e, 0xa600a6a6, 0x27002727, 0xf600f6f6,
+    0x35003535, 0xd200d2d2, 0x6e006e6e, 0x24002424,
+    0x16001616, 0x82008282, 0x5f005f5f, 0xda00dada,
+    0xe600e6e6, 0x75007575, 0xa200a2a2, 0xef00efef,
+    0x2c002c2c, 0xb200b2b2, 0x1c001c1c, 0x9f009f9f,
+    0x5d005d5d, 0x6f006f6f, 0x80008080, 0x0a000a0a,
+    0x72007272, 0x44004444, 0x9b009b9b, 0x6c006c6c,
+    0x90009090, 0x0b000b0b, 0x5b005b5b, 0x33003333,
+    0x7d007d7d, 0x5a005a5a, 0x52005252, 0xf300f3f3,
+    0x61006161, 0xa100a1a1, 0xf700f7f7, 0xb000b0b0,
+    0xd600d6d6, 0x3f003f3f, 0x7c007c7c, 0x6d006d6d,
+    0xed00eded, 0x14001414, 0xe000e0e0, 0xa500a5a5,
+    0x3d003d3d, 0x22002222, 0xb300b3b3, 0xf800f8f8,
+    0x89008989, 0xde00dede, 0x71007171, 0x1a001a1a,
+    0xaf00afaf, 0xba00baba, 0xb500b5b5, 0x81008181
+};
+
+static const uint32_t X1[256] = {
+    0x52520052, 0x09090009, 0x6a6a006a, 0xd5d500d5,
+    0x30300030, 0x36360036, 0xa5a500a5, 0x38380038,
+    0xbfbf00bf, 0x40400040, 0xa3a300a3, 0x9e9e009e,
+    0x81810081, 0xf3f300f3, 0xd7d700d7, 0xfbfb00fb,
+    0x7c7c007c, 0xe3e300e3, 0x39390039, 0x82820082,
+    0x9b9b009b, 0x2f2f002f, 0xffff00ff, 0x87870087,
+    0x34340034, 0x8e8e008e, 0x43430043, 0x44440044,
+    0xc4c400c4, 0xdede00de, 0xe9e900e9, 0xcbcb00cb,
+    0x54540054, 0x7b7b007b, 0x94940094, 0x32320032,
+    0xa6a600a6, 0xc2c200c2, 0x23230023, 0x3d3d003d,
+    0xeeee00ee, 0x4c4c004c, 0x95950095, 0x0b0b000b,
+    0x42420042, 0xfafa00fa, 0xc3c300c3, 0x4e4e004e,
+    0x08080008, 0x2e2e002e, 0xa1a100a1, 0x66660066,
+    0x28280028, 0xd9d900d9, 0x24240024, 0xb2b200b2,
+    0x76760076, 0x5b5b005b, 0xa2a200a2, 0x49490049,
+    0x6d6d006d, 0x8b8b008b, 0xd1d100d1, 0x25250025,
+    0x72720072, 0xf8f800f8, 0xf6f600f6, 0x64640064,
+    0x86860086, 0x68680068, 0x98980098, 0x16160016,
+    0xd4d400d4, 0xa4a400a4, 0x5c5c005c, 0xcccc00cc,
+    0x5d5d005d, 0x65650065, 0xb6b600b6, 0x92920092,
+    0x6c6c006c, 0x70700070, 0x48480048, 0x50500050,
+    0xfdfd00fd, 0xeded00ed, 0xb9b900b9, 0xdada00da,
+    0x5e5e005e, 0x15150015, 0x46460046, 0x57570057,
+    0xa7a700a7, 0x8d8d008d, 0x9d9d009d, 0x84840084,
+    0x90900090, 0xd8d800d8, 0xabab00ab, 0x00000000,
+    0x8c8c008c, 0xbcbc00bc, 0xd3d300d3, 0x0a0a000a,
+    0xf7f700f7, 0xe4e400e4, 0x58580058, 0x05050005,
+    0xb8b800b8, 0xb3b300b3, 0x45450045, 0x06060006,
+    0xd0d000d0, 0x2c2c002c, 0x1e1e001e, 0x8f8f008f,
+    0xcaca00ca, 0x3f3f003f, 0x0f0f000f, 0x02020002,
+    0xc1c100c1, 0xafaf00af, 0xbdbd00bd, 0x03030003,
+    0x01010001, 0x13130013, 0x8a8a008a, 0x6b6b006b,
+    0x3a3a003a, 0x91910091, 0x11110011, 0x41410041,
+    0x4f4f004f, 0x67670067, 0xdcdc00dc, 0xeaea00ea,
+    0x97970097, 0xf2f200f2, 0xcfcf00cf, 0xcece00ce,
+    0xf0f000f0, 0xb4b400b4, 0xe6e600e6, 0x73730073,
+    0x96960096, 0xacac00ac, 0x74740074, 0x22220022,
+    0xe7e700e7, 0xadad00ad, 0x35350035, 0x85850085,
+    0xe2e200e2, 0xf9f900f9, 0x37370037, 0xe8e800e8,
+    0x1c1c001c, 0x75750075, 0xdfdf00df, 0x6e6e006e,
+    0x47470047, 0xf1f100f1, 0x1a1a001a, 0x71710071,
+    0x1d1d001d, 0x29290029, 0xc5c500c5, 0x89890089,
+    0x6f6f006f, 0xb7b700b7, 0x62620062, 0x0e0e000e,
+    0xaaaa00aa, 0x18180018, 0xbebe00be, 0x1b1b001b,
+    0xfcfc00fc, 0x56560056, 0x3e3e003e, 0x4b4b004b,
+    0xc6c600c6, 0xd2d200d2, 0x79790079, 0x20200020,
+    0x9a9a009a, 0xdbdb00db, 0xc0c000c0, 0xfefe00fe,
+    0x78780078, 0xcdcd00cd, 0x5a5a005a, 0xf4f400f4,
+    0x1f1f001f, 0xdddd00dd, 0xa8a800a8, 0x33330033,
+    0x88880088, 0x07070007, 0xc7c700c7, 0x31310031,
+    0xb1b100b1, 0x12120012, 0x10100010, 0x59590059,
+    0x27270027, 0x80800080, 0xecec00ec, 0x5f5f005f,
+    0x60600060, 0x51510051, 0x7f7f007f, 0xa9a900a9,
+    0x19190019, 0xb5b500b5, 0x4a4a004a, 0x0d0d000d,
+    0x2d2d002d, 0xe5e500e5, 0x7a7a007a, 0x9f9f009f,
+    0x93930093, 0xc9c900c9, 0x9c9c009c, 0xefef00ef,
+    0xa0a000a0, 0xe0e000e0, 0x3b3b003b, 0x4d4d004d,
+    0xaeae00ae, 0x2a2a002a, 0xf5f500f5, 0xb0b000b0,
+    0xc8c800c8, 0xebeb00eb, 0xbbbb00bb, 0x3c3c003c,
+    0x83830083, 0x53530053, 0x99990099, 0x61610061,
+    0x17170017, 0x2b2b002b, 0x04040004, 0x7e7e007e,
+    0xbaba00ba, 0x77770077, 0xd6d600d6, 0x26260026,
+    0xe1e100e1, 0x69690069, 0x14140014, 0x63630063,
+    0x55550055, 0x21210021, 0x0c0c000c, 0x7d7d007d
+};
+
+static const uint32_t X2[256] = {
+    0x30303000, 0x68686800, 0x99999900, 0x1b1b1b00,
+    0x87878700, 0xb9b9b900, 0x21212100, 0x78787800,
+    0x50505000, 0x39393900, 0xdbdbdb00, 0xe1e1e100,
+    0x72727200, 0x09090900, 0x62626200, 0x3c3c3c00,
+    0x3e3e3e00, 0x7e7e7e00, 0x5e5e5e00, 0x8e8e8e00,
+    0xf1f1f100, 0xa0a0a000, 0xcccccc00, 0xa3a3a300,
+    0x2a2a2a00, 0x1d1d1d00, 0xfbfbfb00, 0xb6b6b600,
+    0xd6d6d600, 0x20202000, 0xc4c4c400, 0x8d8d8d00,
+    0x81818100, 0x65656500, 0xf5f5f500, 0x89898900,
+    0xcbcbcb00, 0x9d9d9d00, 0x77777700, 0xc6c6c600,
+    0x57575700, 0x43434300, 0x56565600, 0x17171700,
+    0xd4d4d400, 0x40404000, 0x1a1a1a00, 0x4d4d4d00,
+    0xc0c0c000, 0x63636300, 0x6c6c6c00, 0xe3e3e300,
+    0xb7b7b700, 0xc8c8c800, 0x64646400, 0x6a6a6a00,
+    0x53535300, 0xaaaaaa00, 0x38383800, 0x98989800,
+    0x0c0c0c00, 0xf4f4f400, 0x9b9b9b00, 0xededed00,
+    0x7f7f7f00, 0x22222200, 0x76767600, 0xafafaf00,
+    0xdddddd00, 0x3a3a3a00, 0x0b0b0b00, 0x58585800,
+    0x67676700, 0x88888800, 0x06060600, 0xc3c3c300,
+    0x35353500, 0x0d0d0d00, 0x01010100, 0x8b8b8b00,
+    0x8c8c8c00, 0xc2c2c200, 0xe6e6e600, 0x5f5f5f00,
+    0x02020200, 0x24242400, 0x75757500, 0x93939300,
+    0x66666600, 0x1e1e1e00, 0xe5e5e500, 0xe2e2e200,
+    0x54545400, 0xd8d8d800, 0x10101000, 0xcecece00,
+    0x7a7a7a00, 0xe8e8e800, 0x08080800, 0x2c2c2c00,
+    0x12121200, 0x97979700, 0x32323200, 0xababab00,
+    0xb4b4b400, 0x27272700, 0x0a0a0a00, 0x23232300,
+    0xdfdfdf00, 0xefefef00, 0xcacaca00, 0xd9d9d900,
+    0xb8b8b800, 0xfafafa00, 0xdcdcdc00, 0x31313100,
+    0x6b6b6b00, 0xd1d1d100, 0xadadad00, 0x19191900,
+    0x49494900, 0xbdbdbd00, 0x51515100, 0x96969600,
+    0xeeeeee00, 0xe4e4e400, 0xa8a8a800, 0x41414100,
+    0xdadada00, 0xffffff00, 0xcdcdcd00, 0x55555500,
+    0x86868600, 0x36363600, 0xbebebe00, 0x61616100,
+    0x52525200, 0xf8f8f800, 0xbbbbbb00, 0x0e0e0e00,
+    0x82828200, 0x48484800, 0x69696900, 0x9a9a9a00,
+    0xe0e0e000, 0x47474700, 0x9e9e9e00, 0x5c5c5c00,
+    0x04040400, 0x4b4b4b00, 0x34343400, 0x15151500,
+    0x79797900, 0x26262600, 0xa7a7a700, 0xdedede00,
+    0x29292900, 0xaeaeae00, 0x92929200, 0xd7d7d700,
+    0x84848400, 0xe9e9e900, 0xd2d2d200, 0xbababa00,
+    0x5d5d5d00, 0xf3f3f300, 0xc5c5c500, 0xb0b0b000,
+    0xbfbfbf00, 0xa4a4a400, 0x3b3b3b00, 0x71717100,
+    0x44444400, 0x46464600, 0x2b2b2b00, 0xfcfcfc00,
+    0xebebeb00, 0x6f6f6f00, 0xd5d5d500, 0xf6f6f600,
+    0x14141400, 0xfefefe00, 0x7c7c7c00, 0x70707000,
+    0x5a5a5a00, 0x7d7d7d00, 0xfdfdfd00, 0x2f2f2f00,
+    0x18181800, 0x83838300, 0x16161600, 0xa5a5a500,
+    0x91919100, 0x1f1f1f00, 0x05050500, 0x95959500,
+    0x74747400, 0xa9a9a900, 0xc1c1c100, 0x5b5b5b00,
+    0x4a4a4a00, 0x85858500, 0x6d6d6d00, 0x13131300,
+    0x07070700, 0x4f4f4f00, 0x4e4e4e00, 0x45454500,
+    0xb2b2b200, 0x0f0f0f00, 0xc9c9c900, 0x1c1c1c00,
+    0xa6a6a600, 0xbcbcbc00, 0xececec00, 0x73737300,
+    0x90909000, 0x7b7b7b00, 0xcfcfcf00, 0x59595900,
+    0x8f8f8f00, 0xa1a1a100, 0xf9f9f900, 0x2d2d2d00,
+    0xf2f2f200, 0xb1b1b100, 0x00000000, 0x94949400,
+    0x37373700, 0x9f9f9f00, 0xd0d0d000, 0x2e2e2e00,
+    0x9c9c9c00, 0x6e6e6e00, 0x28282800, 0x3f3f3f00,
+    0x80808000, 0xf0f0f000, 0x3d3d3d00, 0xd3d3d300,
+    0x25252500, 0x8a8a8a00, 0xb5b5b500, 0xe7e7e700,
+    0x42424200, 0xb3b3b300, 0xc7c7c700, 0xeaeaea00,
+    0xf7f7f700, 0x4c4c4c00, 0x11111100, 0x33333300,
+    0x03030300, 0xa2a2a200, 0xacacac00, 0x60606000
+};
+
+/* Key XOR Layer */
+#define ARIA_ADD_ROUND_KEY(RK, T0, T1, T2, T3)  \
+    do {                                        \
+        (T0) ^= (RK)->u[0];                     \
+        (T1) ^= (RK)->u[1];                     \
+        (T2) ^= (RK)->u[2];                     \
+        (T3) ^= (RK)->u[3];                     \
+    } while(0)
+
+/* S-Box Layer 1 + M */
+#define ARIA_SBOX_LAYER1_WITH_PRE_DIFF(T0, T1, T2, T3)  \
+    do {                                                \
+        (T0) =                                          \
+            S1[GET_U8_BE(T0, 0)] ^                      \
+            S2[GET_U8_BE(T0, 1)] ^                      \
+            X1[GET_U8_BE(T0, 2)] ^                      \
+            X2[GET_U8_BE(T0, 3)];                       \
+        (T1) =                                          \
+            S1[GET_U8_BE(T1, 0)] ^                      \
+            S2[GET_U8_BE(T1, 1)] ^                      \
+            X1[GET_U8_BE(T1, 2)] ^                      \
+            X2[GET_U8_BE(T1, 3)];                       \
+        (T2) =                                          \
+            S1[GET_U8_BE(T2, 0)] ^                      \
+            S2[GET_U8_BE(T2, 1)] ^                      \
+            X1[GET_U8_BE(T2, 2)] ^                      \
+            X2[GET_U8_BE(T2, 3)];                       \
+        (T3) =                                          \
+            S1[GET_U8_BE(T3, 0)] ^                      \
+            S2[GET_U8_BE(T3, 1)] ^                      \
+            X1[GET_U8_BE(T3, 2)] ^                      \
+            X2[GET_U8_BE(T3, 3)];                       \
+    } while(0)
+
+/* S-Box Layer 2 + M */
+#define ARIA_SBOX_LAYER2_WITH_PRE_DIFF(T0, T1, T2, T3)  \
+    do {                                                \
+        (T0) =                                          \
+            X1[GET_U8_BE(T0, 0)] ^                      \
+            X2[GET_U8_BE(T0, 1)] ^                      \
+            S1[GET_U8_BE(T0, 2)] ^                      \
+            S2[GET_U8_BE(T0, 3)];                       \
+        (T1) =                                          \
+            X1[GET_U8_BE(T1, 0)] ^                      \
+            X2[GET_U8_BE(T1, 1)] ^                      \
+            S1[GET_U8_BE(T1, 2)] ^                      \
+            S2[GET_U8_BE(T1, 3)];                       \
+        (T2) =                                          \
+            X1[GET_U8_BE(T2, 0)] ^                      \
+            X2[GET_U8_BE(T2, 1)] ^                      \
+            S1[GET_U8_BE(T2, 2)] ^                      \
+            S2[GET_U8_BE(T2, 3)];                       \
+        (T3) =                                          \
+            X1[GET_U8_BE(T3, 0)] ^                      \
+            X2[GET_U8_BE(T3, 1)] ^                      \
+            S1[GET_U8_BE(T3, 2)] ^                      \
+            S2[GET_U8_BE(T3, 3)];                       \
+    } while(0)
+
+/* Word-level diffusion */
+#define ARIA_DIFF_WORD(T0,T1,T2,T3) \
+    do {                            \
+        (T1) ^= (T2);               \
+        (T2) ^= (T3);               \
+        (T0) ^= (T1);               \
+                                    \
+        (T3) ^= (T1);               \
+        (T2) ^= (T0);               \
+        (T1) ^= (T2);               \
+    } while(0)
+
+/* Byte-level diffusion */
+#define ARIA_DIFF_BYTE(T0, T1, T2, T3)                                  \
+    do {                                                                \
+        (T1) = (((T1) << 8) & 0xff00ff00) ^ (((T1) >> 8) & 0x00ff00ff); \
+        (T2) = rotr32(T2, 16);                                          \
+        (T3) = bswap32(T3);                                             \
+    } while(0)
+
+/* Odd round Substitution & Diffusion */
+#define ARIA_SUBST_DIFF_ODD(T0, T1, T2, T3)             \
+    do {                                                \
+        ARIA_SBOX_LAYER1_WITH_PRE_DIFF(T0, T1, T2, T3); \
+        ARIA_DIFF_WORD(T0, T1, T2, T3);                 \
+        ARIA_DIFF_BYTE(T0, T1, T2, T3);                 \
+        ARIA_DIFF_WORD(T0, T1, T2, T3);                 \
+    } while(0)
+
+/* Even round Substitution & Diffusion */
+#define ARIA_SUBST_DIFF_EVEN(T0, T1, T2, T3)            \
+    do {                                                \
+        ARIA_SBOX_LAYER2_WITH_PRE_DIFF(T0, T1, T2, T3); \
+        ARIA_DIFF_WORD(T0, T1, T2, T3);                 \
+        ARIA_DIFF_BYTE(T2, T3, T0, T1);                 \
+        ARIA_DIFF_WORD(T0, T1, T2, T3);                 \
+    } while(0)
+
+/* Q, R Macro expanded ARIA GSRK */
+#define _ARIA_GSRK(RK, X, Y, Q, R)                  \
+    do {                                            \
+        (RK)->u[0] =                                \
+            ((X)[0]) ^                              \
+            (((Y)[((Q)    ) % 4]) >> (R)) ^         \
+            (((Y)[((Q) + 3) % 4]) << (32 - (R)));   \
+        (RK)->u[1] =                                \
+            ((X)[1]) ^                              \
+            (((Y)[((Q) + 1) % 4]) >> (R)) ^         \
+            (((Y)[((Q)    ) % 4]) << (32 - (R)));   \
+        (RK)->u[2] =                                \
+            ((X)[2]) ^                              \
+            (((Y)[((Q) + 2) % 4]) >> (R)) ^         \
+            (((Y)[((Q) + 1) % 4]) << (32 - (R)));   \
+        (RK)->u[3] =                                \
+            ((X)[3]) ^                              \
+            (((Y)[((Q) + 3) % 4]) >> (R)) ^         \
+            (((Y)[((Q) + 2) % 4]) << (32 - (R)));   \
+    } while(0)
+
+#define ARIA_GSRK(RK, X, Y, N) _ARIA_GSRK(RK, X, Y, 4 - ((N) / 32), (N) % 32)
+
+#define ARIA_DEC_DIFF_BYTE(X, Y, TMP, TMP2)         \
+    do {                                            \
+        (TMP) = (X);                                \
+        (TMP2) = rotr32((TMP), 8);                  \
+        (Y) = (TMP2) ^ rotr32((TMP) ^ (TMP2), 16);  \
+    } while(0)
+
+void aria_encrypt(const unsigned char *in, unsigned char *out,
+                  const ARIA_KEY *key)
+{
+    register uint32_t reg0, reg1, reg2, reg3;
+    int Nr;
+    const ARIA_u128 *rk;
+
+    if (in == NULL || out == NULL || key == NULL) {
+        return;
+    }
+
+    rk = key->rd_key;
+    Nr = key->rounds;
+
+    if (Nr != 12 && Nr != 14 && Nr != 16) {
+        return;
+    }
+
+    reg0 = GET_U32_BE(in, 0);
+    reg1 = GET_U32_BE(in, 1);
+    reg2 = GET_U32_BE(in, 2);
+    reg3 = GET_U32_BE(in, 3);
+
+    ARIA_ADD_ROUND_KEY(rk, reg0, reg1, reg2, reg3);
+    rk++;
+
+    ARIA_SUBST_DIFF_ODD(reg0, reg1, reg2, reg3);
+    ARIA_ADD_ROUND_KEY(rk, reg0, reg1, reg2, reg3);
+    rk++;
+
+    while(Nr -= 2){
+        ARIA_SUBST_DIFF_EVEN(reg0, reg1, reg2, reg3);
+        ARIA_ADD_ROUND_KEY(rk, reg0, reg1, reg2, reg3);
+        rk++;
+
+        ARIA_SUBST_DIFF_ODD(reg0, reg1, reg2, reg3);
+        ARIA_ADD_ROUND_KEY(rk, reg0, reg1, reg2, reg3);
+        rk++;
+    }
+
+    reg0 = rk->u[0] ^ MAKE_U32(
+        (uint8_t)(X1[GET_U8_BE(reg0, 0)]     ),
+        (uint8_t)(X2[GET_U8_BE(reg0, 1)] >> 8),
+        (uint8_t)(S1[GET_U8_BE(reg0, 2)]     ),
+        (uint8_t)(S2[GET_U8_BE(reg0, 3)]     ));
+    reg1 = rk->u[1] ^ MAKE_U32(
+        (uint8_t)(X1[GET_U8_BE(reg1, 0)]     ),
+        (uint8_t)(X2[GET_U8_BE(reg1, 1)] >> 8),
+        (uint8_t)(S1[GET_U8_BE(reg1, 2)]     ),
+        (uint8_t)(S2[GET_U8_BE(reg1, 3)]     ));
+    reg2 = rk->u[2] ^ MAKE_U32(
+        (uint8_t)(X1[GET_U8_BE(reg2, 0)]     ),
+        (uint8_t)(X2[GET_U8_BE(reg2, 1)] >> 8),
+        (uint8_t)(S1[GET_U8_BE(reg2, 2)]     ),
+        (uint8_t)(S2[GET_U8_BE(reg2, 3)]     ));
+    reg3 = rk->u[3] ^ MAKE_U32(
+        (uint8_t)(X1[GET_U8_BE(reg3, 0)]     ),
+        (uint8_t)(X2[GET_U8_BE(reg3, 1)] >> 8),
+        (uint8_t)(S1[GET_U8_BE(reg3, 2)]     ),
+        (uint8_t)(S2[GET_U8_BE(reg3, 3)]     ));
+
+    PUT_U32_BE(out, 0, reg0);
+    PUT_U32_BE(out, 1, reg1);
+    PUT_U32_BE(out, 2, reg2);
+    PUT_U32_BE(out, 3, reg3);
+}
+
+int aria_set_encrypt_key(const unsigned char *userKey, const int bits,
+                         ARIA_KEY *key)
+{
+    register uint32_t reg0, reg1, reg2, reg3;
+    uint32_t w0[4], w1[4], w2[4], w3[4];
+    const uint32_t *ck;
+
+    ARIA_u128 *rk;
+    int Nr = (bits + 256) / 32;
+
+    if (userKey == NULL || key == NULL) {
+        return -1;
+    }
+    if (bits != 128 && bits != 192 && bits != 256) {
+        return -2;
+    }
+
+    rk = key->rd_key;
+    key->rounds = Nr;
+    ck = &Key_RC[(bits - 128) / 64][0];
+
+    w0[0] = GET_U32_BE(userKey, 0);
+    w0[1] = GET_U32_BE(userKey, 1);
+    w0[2] = GET_U32_BE(userKey, 2);
+    w0[3] = GET_U32_BE(userKey, 3);
+
+    reg0 = w0[0] ^ ck[0];
+    reg1 = w0[1] ^ ck[1];
+    reg2 = w0[2] ^ ck[2];
+    reg3 = w0[3] ^ ck[3];
+
+    ARIA_SUBST_DIFF_ODD(reg0, reg1, reg2, reg3);
+
+    if (bits > 128) {
+        w1[0] = GET_U32_BE(userKey, 4);
+        w1[1] = GET_U32_BE(userKey, 5);
+        if (bits > 192) {
+            w1[2] = GET_U32_BE(userKey, 6);
+            w1[3] = GET_U32_BE(userKey, 7);
+        }
+        else {
+            w1[2] = w1[3] = 0;
+        }
+    }
+    else {
+        w1[0] = w1[1] = w1[2] = w1[3] = 0;
+    }
+
+    w1[0] ^= reg0;
+    w1[1] ^= reg1;
+    w1[2] ^= reg2;
+    w1[3] ^= reg3;
+
+    reg0 = w1[0];
+    reg1 = w1[1];
+    reg2 = w1[2];
+    reg3 = w1[3];
+
+    reg0 ^= ck[4];
+    reg1 ^= ck[5];
+    reg2 ^= ck[6];
+    reg3 ^= ck[7];
+
+    ARIA_SUBST_DIFF_EVEN(reg0, reg1, reg2, reg3);
+
+    reg0 ^= w0[0];
+    reg1 ^= w0[1];
+    reg2 ^= w0[2];
+    reg3 ^= w0[3];
+
+    w2[0] = reg0;
+    w2[1] = reg1;
+    w2[2] = reg2;
+    w2[3] = reg3;
+
+    reg0 ^= ck[8];
+    reg1 ^= ck[9];
+    reg2 ^= ck[10];
+    reg3 ^= ck[11];
+
+    ARIA_SUBST_DIFF_ODD(reg0, reg1, reg2, reg3);
+
+    w3[0] = reg0 ^ w1[0];
+    w3[1] = reg1 ^ w1[1];
+    w3[2] = reg2 ^ w1[2];
+    w3[3] = reg3 ^ w1[3];
+
+    ARIA_GSRK(rk, w0, w1, 19);
+    rk++;
+    ARIA_GSRK(rk, w1, w2, 19);
+    rk++;
+    ARIA_GSRK(rk, w2, w3, 19);
+    rk++;
+    ARIA_GSRK(rk, w3, w0, 19);
+
+    rk++;
+    ARIA_GSRK(rk, w0, w1, 31);
+    rk++;
+    ARIA_GSRK(rk, w1, w2, 31);
+    rk++;
+    ARIA_GSRK(rk, w2, w3, 31);
+    rk++;
+    ARIA_GSRK(rk, w3, w0, 31);
+
+    rk++;
+    ARIA_GSRK(rk, w0, w1, 67);
+    rk++;
+    ARIA_GSRK(rk, w1, w2, 67);
+    rk++;
+    ARIA_GSRK(rk, w2, w3, 67);
+    rk++;
+    ARIA_GSRK(rk, w3, w0, 67);
+
+    rk++;
+    ARIA_GSRK(rk, w0, w1, 97);
+    if (bits > 128) {
+        rk++;
+        ARIA_GSRK(rk, w1, w2, 97);
+        rk++;
+        ARIA_GSRK(rk, w2, w3, 97);
+    }
+    if (bits > 192) {
+        rk++;
+        ARIA_GSRK(rk, w3, w0, 97);
+
+        rk++;
+        ARIA_GSRK(rk, w0, w1, 109);
+    }
+
+    return 0;
+}
+
+int aria_set_decrypt_key(const unsigned char *userKey, const int bits,
+                         ARIA_KEY *key)
+{
+    ARIA_u128 *rk_head;
+    ARIA_u128 *rk_tail;
+    register uint32_t w1, w2;
+    register uint32_t reg0, reg1, reg2, reg3;
+    uint32_t s0, s1, s2, s3;
+
+    const int r = aria_set_encrypt_key(userKey, bits, key);
+
+    if (r != 0) {
+        return r;
+    }
+
+    rk_head = key->rd_key;
+    rk_tail = rk_head + key->rounds;
+
+    reg0 = rk_head->u[0];
+    reg1 = rk_head->u[1];
+    reg2 = rk_head->u[2];
+    reg3 = rk_head->u[3];
+
+    memcpy(rk_head, rk_tail, ARIA_BLOCK_SIZE);
+
+    rk_tail->u[0] = reg0;
+    rk_tail->u[1] = reg1;
+    rk_tail->u[2] = reg2;
+    rk_tail->u[3] = reg3;
+
+    rk_head++;
+    rk_tail--;
+
+    for (; rk_head < rk_tail; rk_head++, rk_tail--) {
+        ARIA_DEC_DIFF_BYTE(rk_head->u[0], reg0, w1, w2);
+        ARIA_DEC_DIFF_BYTE(rk_head->u[1], reg1, w1, w2);
+        ARIA_DEC_DIFF_BYTE(rk_head->u[2], reg2, w1, w2);
+        ARIA_DEC_DIFF_BYTE(rk_head->u[3], reg3, w1, w2);
+
+        ARIA_DIFF_WORD(reg0, reg1, reg2, reg3);
+        ARIA_DIFF_BYTE(reg0, reg1, reg2, reg3);
+        ARIA_DIFF_WORD(reg0, reg1, reg2, reg3);
+
+        s0 = reg0;
+        s1 = reg1;
+        s2 = reg2;
+        s3 = reg3;
+
+        ARIA_DEC_DIFF_BYTE(rk_tail->u[0], reg0, w1, w2);
+        ARIA_DEC_DIFF_BYTE(rk_tail->u[1], reg1, w1, w2);
+        ARIA_DEC_DIFF_BYTE(rk_tail->u[2], reg2, w1, w2);
+        ARIA_DEC_DIFF_BYTE(rk_tail->u[3], reg3, w1, w2);
+
+        ARIA_DIFF_WORD(reg0, reg1, reg2, reg3);
+        ARIA_DIFF_BYTE(reg0, reg1, reg2, reg3);
+        ARIA_DIFF_WORD(reg0, reg1, reg2, reg3);
+
+        rk_head->u[0] = reg0;
+        rk_head->u[1] = reg1;
+        rk_head->u[2] = reg2;
+        rk_head->u[3] = reg3;
+
+        rk_tail->u[0] = s0;
+        rk_tail->u[1] = s1;
+        rk_tail->u[2] = s2;
+        rk_tail->u[3] = s3;
+    }
+    ARIA_DEC_DIFF_BYTE(rk_head->u[0], reg0, w1, w2);
+    ARIA_DEC_DIFF_BYTE(rk_head->u[1], reg1, w1, w2);
+    ARIA_DEC_DIFF_BYTE(rk_head->u[2], reg2, w1, w2);
+    ARIA_DEC_DIFF_BYTE(rk_head->u[3], reg3, w1, w2);
+
+    ARIA_DIFF_WORD(reg0, reg1, reg2, reg3);
+    ARIA_DIFF_BYTE(reg0, reg1, reg2, reg3);
+    ARIA_DIFF_WORD(reg0, reg1, reg2, reg3);
+
+    rk_tail->u[0] = reg0;
+    rk_tail->u[1] = reg1;
+    rk_tail->u[2] = reg2;
+    rk_tail->u[3] = reg3;
+
+    return 0;
+}
+
+#else
+
+static const unsigned char sb1[256] = {
+    0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5,
+    0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
+    0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
+    0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
+    0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc,
+    0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
+    0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a,
+    0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
+    0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,
+    0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
+    0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b,
+    0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
+    0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85,
+    0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
+    0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,
+    0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
+    0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17,
+    0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
+    0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88,
+    0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
+    0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c,
+    0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
+    0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9,
+    0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
+    0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6,
+    0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
+    0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,
+    0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
+    0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94,
+    0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
+    0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68,
+    0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
+};
+
+static const unsigned char sb2[256] = {
+    0xe2, 0x4e, 0x54, 0xfc, 0x94, 0xc2, 0x4a, 0xcc,
+    0x62, 0x0d, 0x6a, 0x46, 0x3c, 0x4d, 0x8b, 0xd1,
+    0x5e, 0xfa, 0x64, 0xcb, 0xb4, 0x97, 0xbe, 0x2b,
+    0xbc, 0x77, 0x2e, 0x03, 0xd3, 0x19, 0x59, 0xc1,
+    0x1d, 0x06, 0x41, 0x6b, 0x55, 0xf0, 0x99, 0x69,
+    0xea, 0x9c, 0x18, 0xae, 0x63, 0xdf, 0xe7, 0xbb,
+    0x00, 0x73, 0x66, 0xfb, 0x96, 0x4c, 0x85, 0xe4,
+    0x3a, 0x09, 0x45, 0xaa, 0x0f, 0xee, 0x10, 0xeb,
+    0x2d, 0x7f, 0xf4, 0x29, 0xac, 0xcf, 0xad, 0x91,
+    0x8d, 0x78, 0xc8, 0x95, 0xf9, 0x2f, 0xce, 0xcd,
+    0x08, 0x7a, 0x88, 0x38, 0x5c, 0x83, 0x2a, 0x28,
+    0x47, 0xdb, 0xb8, 0xc7, 0x93, 0xa4, 0x12, 0x53,
+    0xff, 0x87, 0x0e, 0x31, 0x36, 0x21, 0x58, 0x48,
+    0x01, 0x8e, 0x37, 0x74, 0x32, 0xca, 0xe9, 0xb1,
+    0xb7, 0xab, 0x0c, 0xd7, 0xc4, 0x56, 0x42, 0x26,
+    0x07, 0x98, 0x60, 0xd9, 0xb6, 0xb9, 0x11, 0x40,
+    0xec, 0x20, 0x8c, 0xbd, 0xa0, 0xc9, 0x84, 0x04,
+    0x49, 0x23, 0xf1, 0x4f, 0x50, 0x1f, 0x13, 0xdc,
+    0xd8, 0xc0, 0x9e, 0x57, 0xe3, 0xc3, 0x7b, 0x65,
+    0x3b, 0x02, 0x8f, 0x3e, 0xe8, 0x25, 0x92, 0xe5,
+    0x15, 0xdd, 0xfd, 0x17, 0xa9, 0xbf, 0xd4, 0x9a,
+    0x7e, 0xc5, 0x39, 0x67, 0xfe, 0x76, 0x9d, 0x43,
+    0xa7, 0xe1, 0xd0, 0xf5, 0x68, 0xf2, 0x1b, 0x34,
+    0x70, 0x05, 0xa3, 0x8a, 0xd5, 0x79, 0x86, 0xa8,
+    0x30, 0xc6, 0x51, 0x4b, 0x1e, 0xa6, 0x27, 0xf6,
+    0x35, 0xd2, 0x6e, 0x24, 0x16, 0x82, 0x5f, 0xda,
+    0xe6, 0x75, 0xa2, 0xef, 0x2c, 0xb2, 0x1c, 0x9f,
+    0x5d, 0x6f, 0x80, 0x0a, 0x72, 0x44, 0x9b, 0x6c,
+    0x90, 0x0b, 0x5b, 0x33, 0x7d, 0x5a, 0x52, 0xf3,
+    0x61, 0xa1, 0xf7, 0xb0, 0xd6, 0x3f, 0x7c, 0x6d,
+    0xed, 0x14, 0xe0, 0xa5, 0x3d, 0x22, 0xb3, 0xf8,
+    0x89, 0xde, 0x71, 0x1a, 0xaf, 0xba, 0xb5, 0x81
+};
+
+static const unsigned char sb3[256] = {
+    0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38,
+    0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb,
+    0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87,
+    0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb,
+    0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d,
+    0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e,
+    0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2,
+    0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25,
+    0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16,
+    0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92,
+    0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda,
+    0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84,
+    0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a,
+    0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06,
+    0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02,
+    0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b,
+    0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea,
+    0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73,
+    0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85,
+    0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e,
+    0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89,
+    0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b,
+    0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20,
+    0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4,
+    0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31,
+    0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f,
+    0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d,
+    0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef,
+    0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0,
+    0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61,
+    0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26,
+    0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
+};
+
+static const unsigned char sb4[256] = {
+    0x30, 0x68, 0x99, 0x1b, 0x87, 0xb9, 0x21, 0x78,
+    0x50, 0x39, 0xdb, 0xe1, 0x72, 0x09, 0x62, 0x3c,
+    0x3e, 0x7e, 0x5e, 0x8e, 0xf1, 0xa0, 0xcc, 0xa3,
+    0x2a, 0x1d, 0xfb, 0xb6, 0xd6, 0x20, 0xc4, 0x8d,
+    0x81, 0x65, 0xf5, 0x89, 0xcb, 0x9d, 0x77, 0xc6,
+    0x57, 0x43, 0x56, 0x17, 0xd4, 0x40, 0x1a, 0x4d,
+    0xc0, 0x63, 0x6c, 0xe3, 0xb7, 0xc8, 0x64, 0x6a,
+    0x53, 0xaa, 0x38, 0x98, 0x0c, 0xf4, 0x9b, 0xed,
+    0x7f, 0x22, 0x76, 0xaf, 0xdd, 0x3a, 0x0b, 0x58,
+    0x67, 0x88, 0x06, 0xc3, 0x35, 0x0d, 0x01, 0x8b,
+    0x8c, 0xc2, 0xe6, 0x5f, 0x02, 0x24, 0x75, 0x93,
+    0x66, 0x1e, 0xe5, 0xe2, 0x54, 0xd8, 0x10, 0xce,
+    0x7a, 0xe8, 0x08, 0x2c, 0x12, 0x97, 0x32, 0xab,
+    0xb4, 0x27, 0x0a, 0x23, 0xdf, 0xef, 0xca, 0xd9,
+    0xb8, 0xfa, 0xdc, 0x31, 0x6b, 0xd1, 0xad, 0x19,
+    0x49, 0xbd, 0x51, 0x96, 0xee, 0xe4, 0xa8, 0x41,
+    0xda, 0xff, 0xcd, 0x55, 0x86, 0x36, 0xbe, 0x61,
+    0x52, 0xf8, 0xbb, 0x0e, 0x82, 0x48, 0x69, 0x9a,
+    0xe0, 0x47, 0x9e, 0x5c, 0x04, 0x4b, 0x34, 0x15,
+    0x79, 0x26, 0xa7, 0xde, 0x29, 0xae, 0x92, 0xd7,
+    0x84, 0xe9, 0xd2, 0xba, 0x5d, 0xf3, 0xc5, 0xb0,
+    0xbf, 0xa4, 0x3b, 0x71, 0x44, 0x46, 0x2b, 0xfc,
+    0xeb, 0x6f, 0xd5, 0xf6, 0x14, 0xfe, 0x7c, 0x70,
+    0x5a, 0x7d, 0xfd, 0x2f, 0x18, 0x83, 0x16, 0xa5,
+    0x91, 0x1f, 0x05, 0x95, 0x74, 0xa9, 0xc1, 0x5b,
+    0x4a, 0x85, 0x6d, 0x13, 0x07, 0x4f, 0x4e, 0x45,
+    0xb2, 0x0f, 0xc9, 0x1c, 0xa6, 0xbc, 0xec, 0x73,
+    0x90, 0x7b, 0xcf, 0x59, 0x8f, 0xa1, 0xf9, 0x2d,
+    0xf2, 0xb1, 0x00, 0x94, 0x37, 0x9f, 0xd0, 0x2e,
+    0x9c, 0x6e, 0x28, 0x3f, 0x80, 0xf0, 0x3d, 0xd3,
+    0x25, 0x8a, 0xb5, 0xe7, 0x42, 0xb3, 0xc7, 0xea,
+    0xf7, 0x4c, 0x11, 0x33, 0x03, 0xa2, 0xac, 0x60
+};
+
+static const ARIA_u128 c1 = {{
+    0x51, 0x7c, 0xc1, 0xb7, 0x27, 0x22, 0x0a, 0x94,
+    0xfe, 0x13, 0xab, 0xe8, 0xfa, 0x9a, 0x6e, 0xe0
+}};
+
+static const ARIA_u128 c2 = {{
+    0x6d, 0xb1, 0x4a, 0xcc, 0x9e, 0x21, 0xc8, 0x20,
+    0xff, 0x28, 0xb1, 0xd5, 0xef, 0x5d, 0xe2, 0xb0
+}};
+
+static const ARIA_u128 c3 = {{
+    0xdb, 0x92, 0x37, 0x1d, 0x21, 0x26, 0xe9, 0x70,
+    0x03, 0x24, 0x97, 0x75, 0x04, 0xe8, 0xc9, 0x0e
+}};
+
+/*
+ * Exclusive or two 128 bit values into the result.
+ * It is safe for the result to be the same as the either input.
+ */
+static void xor128(ARIA_c128 o, const ARIA_c128 x, const ARIA_u128 *y)
+{
+    int i;
+
+    for (i = 0; i < ARIA_BLOCK_SIZE; i++)
+        o[i] = x[i] ^ y->c[i];
+}
+
+/*
+ * Generalised circular rotate right and exclusive or function.
+ * It is safe for the output to overlap either input.
+ */
+static ossl_inline void rotnr(unsigned int n, ARIA_u128 *o,
+                              const ARIA_u128 *xor, const ARIA_u128 *z)
+{
+    const unsigned int bytes = n / 8, bits = n % 8;
+    unsigned int i;
+    ARIA_u128 t;
+
+    for (i = 0; i < ARIA_BLOCK_SIZE; i++)
+        t.c[(i + bytes) % ARIA_BLOCK_SIZE] = z->c[i];
+    for (i = 0; i < ARIA_BLOCK_SIZE; i++)
+        o->c[i] = ((t.c[i] >> bits) |
+                (t.c[i ? i - 1 : ARIA_BLOCK_SIZE - 1] << (8 - bits))) ^
+                xor->c[i];
+}
+
+/*
+ * Circular rotate 19 bits right and xor.
+ * It is safe for the output to overlap either input.
+ */
+static void rot19r(ARIA_u128 *o, const ARIA_u128 *xor, const ARIA_u128 *z)
+{
+    rotnr(19, o, xor, z);
+}
+
+/*
+ * Circular rotate 31 bits right and xor.
+ * It is safe for the output to overlap either input.
+ */
+static void rot31r(ARIA_u128 *o, const ARIA_u128 *xor, const ARIA_u128 *z)
+{
+    rotnr(31, o, xor, z);
+}
+
+/*
+ * Circular rotate 61 bits left and xor.
+ * It is safe for the output to overlap either input.
+ */
+static void rot61l(ARIA_u128 *o, const ARIA_u128 *xor, const ARIA_u128 *z)
+{
+    rotnr(8 * ARIA_BLOCK_SIZE - 61, o, xor, z);
+}
+
+/*
+ * Circular rotate 31 bits left and xor.
+ * It is safe for the output to overlap either input.
+ */
+static void rot31l(ARIA_u128 *o, const ARIA_u128 *xor, const ARIA_u128 *z)
+{
+    rotnr(8 * ARIA_BLOCK_SIZE - 31, o, xor, z);
+}
+
+/*
+ * Circular rotate 19 bits left and xor.
+ * It is safe for the output to overlap either input.
+ */
+static void rot19l(ARIA_u128 *o, const ARIA_u128 *xor, const ARIA_u128 *z)
+{
+    rotnr(8 * ARIA_BLOCK_SIZE - 19, o, xor, z);
+}
+
+/*
+ * First substitution and xor layer, used for odd steps.
+ * It is safe for the input and output to be the same.
+ */
+static void sl1(ARIA_u128 *o, const ARIA_u128 *x, const ARIA_u128 *y)
+{
+    unsigned int i;
+    for (i = 0; i < ARIA_BLOCK_SIZE; i += 4) {
+        o->c[i    ] = sb1[x->c[i    ] ^ y->c[i    ]];
+        o->c[i + 1] = sb2[x->c[i + 1] ^ y->c[i + 1]];
+        o->c[i + 2] = sb3[x->c[i + 2] ^ y->c[i + 2]];
+        o->c[i + 3] = sb4[x->c[i + 3] ^ y->c[i + 3]];
+    }
+}
+
+/*
+ * Second substitution and xor layer, used for even steps.
+ * It is safe for the input and output to be the same.
+ */
+static void sl2(ARIA_c128 o, const ARIA_u128 *x, const ARIA_u128 *y)
+{
+    unsigned int i;
+    for (i = 0; i < ARIA_BLOCK_SIZE; i += 4) {
+        o[i    ] = sb3[x->c[i	 ] ^ y->c[i    ]];
+        o[i + 1] = sb4[x->c[i + 1] ^ y->c[i + 1]];
+        o[i + 2] = sb1[x->c[i + 2] ^ y->c[i + 2]];
+        o[i + 3] = sb2[x->c[i + 3] ^ y->c[i + 3]];
+    }
+}
+
+/*
+ * Diffusion layer step
+ * It is NOT safe for the input and output to overlap.
+ */
+static void a(ARIA_u128 *y, const ARIA_u128 *x)
+{
+    y->c[ 0] = x->c[ 3] ^ x->c[ 4] ^ x->c[ 6] ^ x->c[ 8] ^
+               x->c[ 9] ^ x->c[13] ^ x->c[14];
+    y->c[ 1] = x->c[ 2] ^ x->c[ 5] ^ x->c[ 7] ^ x->c[ 8] ^
+               x->c[ 9] ^ x->c[12] ^ x->c[15];
+    y->c[ 2] = x->c[ 1] ^ x->c[ 4] ^ x->c[ 6] ^ x->c[10] ^
+               x->c[11] ^ x->c[12] ^ x->c[15];
+    y->c[ 3] = x->c[ 0] ^ x->c[ 5] ^ x->c[ 7] ^ x->c[10] ^
+               x->c[11] ^ x->c[13] ^ x->c[14];
+    y->c[ 4] = x->c[ 0] ^ x->c[ 2] ^ x->c[ 5] ^ x->c[ 8] ^
+               x->c[11] ^ x->c[14] ^ x->c[15];
+    y->c[ 5] = x->c[ 1] ^ x->c[ 3] ^ x->c[ 4] ^ x->c[ 9] ^
+               x->c[10] ^ x->c[14] ^ x->c[15];
+    y->c[ 6] = x->c[ 0] ^ x->c[ 2] ^ x->c[ 7] ^ x->c[ 9] ^
+               x->c[10] ^ x->c[12] ^ x->c[13];
+    y->c[ 7] = x->c[ 1] ^ x->c[ 3] ^ x->c[ 6] ^ x->c[ 8] ^
+               x->c[11] ^ x->c[12] ^ x->c[13];
+    y->c[ 8] = x->c[ 0] ^ x->c[ 1] ^ x->c[ 4] ^ x->c[ 7] ^
+               x->c[10] ^ x->c[13] ^ x->c[15];
+    y->c[ 9] = x->c[ 0] ^ x->c[ 1] ^ x->c[ 5] ^ x->c[ 6] ^
+               x->c[11] ^ x->c[12] ^ x->c[14];
+    y->c[10] = x->c[ 2] ^ x->c[ 3] ^ x->c[ 5] ^ x->c[ 6] ^
+               x->c[ 8] ^ x->c[13] ^ x->c[15];
+    y->c[11] = x->c[ 2] ^ x->c[ 3] ^ x->c[ 4] ^ x->c[ 7] ^
+               x->c[ 9] ^ x->c[12] ^ x->c[14];
+    y->c[12] = x->c[ 1] ^ x->c[ 2] ^ x->c[ 6] ^ x->c[ 7] ^
+               x->c[ 9] ^ x->c[11] ^ x->c[12];
+    y->c[13] = x->c[ 0] ^ x->c[ 3] ^ x->c[ 6] ^ x->c[ 7] ^
+               x->c[ 8] ^ x->c[10] ^ x->c[13];
+    y->c[14] = x->c[ 0] ^ x->c[ 3] ^ x->c[ 4] ^ x->c[ 5] ^
+               x->c[ 9] ^ x->c[11] ^ x->c[14];
+    y->c[15] = x->c[ 1] ^ x->c[ 2] ^ x->c[ 4] ^ x->c[ 5] ^
+               x->c[ 8] ^ x->c[10] ^ x->c[15];
+}
+
+/*
+ * Odd round function
+ * Apply the first substitution layer and then a diffusion step.
+ * It is safe for the input and output to overlap.
+ */
+static ossl_inline void FO(ARIA_u128 *o, const ARIA_u128 *d,
+                           const ARIA_u128 *rk)
+{
+    ARIA_u128 y;
+
+    sl1(&y, d, rk);
+    a(o, &y);
+}
+
+/*
+ * Even round function
+ * Apply the second substitution layer and then a diffusion step.
+ * It is safe for the input and output to overlap.
+ */
+static ossl_inline void FE(ARIA_u128 *o, const ARIA_u128 *d,
+                           const ARIA_u128 *rk)
+{
+    ARIA_u128 y;
+
+    sl2(y.c, d, rk);
+    a(o, &y);
+}
+
+/*
+ * Encrypt or decrypt a single block
+ * in and out can overlap
+ */
+static void do_encrypt(unsigned char *o, const unsigned char *pin,
+                       unsigned int rounds, const ARIA_u128 *keys)
+{
+    ARIA_u128 p;
+    unsigned int i;
+
+    memcpy(&p, pin, sizeof(p));
+    for (i = 0; i < rounds - 2; i += 2) {
+        FO(&p, &p, &keys[i]);
+        FE(&p, &p, &keys[i + 1]);
+    }
+    FO(&p, &p, &keys[rounds - 2]);
+    sl2(o, &p, &keys[rounds - 1]);
+    xor128(o, o, &keys[rounds]);
+}
+
+/*
+ * Encrypt a single block
+ * in and out can overlap
+ */
+void aria_encrypt(const unsigned char *in, unsigned char *out,
+                  const ARIA_KEY *key)
+{
+    assert(in != NULL && out != NULL && key != NULL);
+    do_encrypt(out, in, key->rounds, key->rd_key);
+}
+
+
+/*
+ * Expand the cipher key into the encryption key schedule.
+ * We short circuit execution of the last two
+ * or four rotations based on the key size.
+ */
+int aria_set_encrypt_key(const unsigned char *userKey, const int bits,
+                         ARIA_KEY *key)
+{
+    const ARIA_u128 *ck1, *ck2, *ck3;
+    ARIA_u128 kr, w0, w1, w2, w3;
+
+    if (!userKey || !key)
+        return -1;
+    memcpy(w0.c, userKey, sizeof(w0));
+    switch (bits) {
+    default:
+        return -2;
+    case 128:
+        key->rounds = 12;
+        ck1 = &c1;
+        ck2 = &c2;
+        ck3 = &c3;
+        memset(kr.c, 0, sizeof(kr));
+        break;
+
+    case 192:
+        key->rounds = 14;
+        ck1 = &c2;
+        ck2 = &c3;
+        ck3 = &c1;
+        memcpy(kr.c, userKey + ARIA_BLOCK_SIZE, sizeof(kr) / 2);
+        memset(kr.c + ARIA_BLOCK_SIZE / 2, 0, sizeof(kr) / 2);
+        break;
+
+    case 256:
+        key->rounds = 16;
+        ck1 = &c3;
+        ck2 = &c1;
+        ck3 = &c2;
+        memcpy(kr.c, userKey + ARIA_BLOCK_SIZE, sizeof(kr));
+        break;
+    }
+
+    FO(&w3, &w0, ck1);    xor128(w1.c, w3.c, &kr);
+    FE(&w3, &w1, ck2);    xor128(w2.c, w3.c, &w0);
+    FO(&kr, &w2, ck3);    xor128(w3.c, kr.c, &w1);
+
+    rot19r(&key->rd_key[ 0], &w0, &w1);
+    rot19r(&key->rd_key[ 1], &w1, &w2);
+    rot19r(&key->rd_key[ 2], &w2, &w3);
+    rot19r(&key->rd_key[ 3], &w3, &w0);
+
+    rot31r(&key->rd_key[ 4], &w0, &w1);
+    rot31r(&key->rd_key[ 5], &w1, &w2);
+    rot31r(&key->rd_key[ 6], &w2, &w3);
+    rot31r(&key->rd_key[ 7], &w3, &w0);
+
+    rot61l(&key->rd_key[ 8], &w0, &w1);
+    rot61l(&key->rd_key[ 9], &w1, &w2);
+    rot61l(&key->rd_key[10], &w2, &w3);
+    rot61l(&key->rd_key[11], &w3, &w0);
+
+    rot31l(&key->rd_key[12], &w0, &w1);
+    if (key->rounds > 12) {
+        rot31l(&key->rd_key[13], &w1, &w2);
+        rot31l(&key->rd_key[14], &w2, &w3);
+
+        if (key->rounds > 14) {
+            rot31l(&key->rd_key[15], &w3, &w0);
+            rot19l(&key->rd_key[16], &w0, &w1);
+        }
+    }
+    return 0;
+}
+
+/*
+ * Expand the cipher key into the decryption key schedule.
+ */
+int aria_set_decrypt_key(const unsigned char *userKey, const int bits,
+                         ARIA_KEY *key)
+{
+    ARIA_KEY ek;
+    const int r = aria_set_encrypt_key(userKey, bits, &ek);
+    unsigned int i, rounds = ek.rounds;
+
+    if (r == 0) {
+        key->rounds = rounds;
+        memcpy(&key->rd_key[0], &ek.rd_key[rounds], sizeof(key->rd_key[0]));
+        for (i = 1; i < rounds; i++)
+            a(&key->rd_key[i], &ek.rd_key[rounds - i]);
+        memcpy(&key->rd_key[rounds], &ek.rd_key[0], sizeof(key->rd_key[rounds]));
+    }
+    return r;
+}
+
+#endif
diff --git a/freebsd/crypto/openssl/crypto/arm_arch.h b/freebsd/crypto/openssl/crypto/arm_arch.h
index b84bfc46..3319c2b9 100644
--- a/freebsd/crypto/openssl/crypto/arm_arch.h
+++ b/freebsd/crypto/openssl/crypto/arm_arch.h
@@ -1,3 +1,12 @@
+/*
+ * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
 #ifndef __ARM_ARCH_H__
 # define __ARM_ARCH_H__
 
@@ -20,7 +29,7 @@
 #    endif
   /*
    * Why doesn't gcc define __ARM_ARCH__? Instead it defines
-   * bunch of below macros. See all_architectires[] table in
+   * bunch of below macros. See all_architectures[] table in
    * gcc/config/arm/arm.c. On a side note it defines
    * __ARMEL__/__ARMEB__ for little-/big-endian.
    */
@@ -49,10 +58,6 @@
 #  endif
 # endif
 
-# ifdef OPENSSL_FIPSCANISTER
-#  include <openssl/fipssyms.h>
-# endif
-
 # if !defined(__ARM_MAX_ARCH__)
 #  define __ARM_MAX_ARCH__ __ARM_ARCH__
 # endif
@@ -65,7 +70,7 @@
 #  endif
 # endif
 
-# if !__ASSEMBLER__
+# ifndef __ASSEMBLER__
 extern unsigned int OPENSSL_armcap_P;
 # endif
 
@@ -75,6 +80,7 @@ extern unsigned int OPENSSL_armcap_P;
 # define ARMV8_SHA1      (1<<3)
 # define ARMV8_SHA256    (1<<4)
 # define ARMV8_PMULL     (1<<5)
+# define ARMV8_SHA512    (1<<6)
 
 #endif /* __rtems__ */
 #endif
diff --git a/freebsd/crypto/openssl/crypto/armcap.c b/freebsd/crypto/openssl/crypto/armcap.c
deleted file mode 100644
index fcbc2af6..00000000
--- a/freebsd/crypto/openssl/crypto/armcap.c
+++ /dev/null
@@ -1,169 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <setjmp.h>
-#include <signal.h>
-#include <crypto.h>
-
-#include "arm_arch.h"
-
-#if defined(__rtems__) && defined(__arm__)
-__attribute__ ((visibility("hidden")))
-unsigned int OPENSSL_armcap_P = 0;
-
-#if __ARM_MAX_ARCH__<7
-void OPENSSL_cpuid_setup(void)
-{
-}
-
-unsigned long OPENSSL_rdtsc(void)
-{
-    return 0;
-}
-#else
-static sigset_t all_masked;
-
-static sigjmp_buf ill_jmp;
-static void ill_handler(int sig)
-{
-    siglongjmp(ill_jmp, sig);
-}
-
-/*
- * Following subroutines could have been inlined, but it's not all
- * ARM compilers support inline assembler...
- */
-void _armv7_neon_probe(void);
-void _armv8_aes_probe(void);
-void _armv8_sha1_probe(void);
-void _armv8_sha256_probe(void);
-void _armv8_pmull_probe(void);
-unsigned long _armv7_tick(void);
-
-unsigned long OPENSSL_rdtsc(void)
-{
-    if (OPENSSL_armcap_P & ARMV7_TICK)
-        return _armv7_tick();
-    else
-        return 0;
-}
-
-/*
- * Use a weak reference to getauxval() so we can use it if it is available but
- * don't break the build if it is not.
- */
-# if defined(__GNUC__) && __GNUC__>=2
-void OPENSSL_cpuid_setup(void) __attribute__ ((constructor));
-extern unsigned long getauxval(unsigned long type) __attribute__ ((weak));
-# else
-static unsigned long (*getauxval) (unsigned long) = NULL;
-# endif
-
-/*
- * ARM puts the the feature bits for Crypto Extensions in AT_HWCAP2, whereas
- * AArch64 used AT_HWCAP.
- */
-# if defined(__arm__) || defined (__arm)
-#  define HWCAP                  16
-                                  /* AT_HWCAP */
-#  define HWCAP_NEON             (1 << 12)
-
-#  define HWCAP_CE               26
-                                  /* AT_HWCAP2 */
-#  define HWCAP_CE_AES           (1 << 0)
-#  define HWCAP_CE_PMULL         (1 << 1)
-#  define HWCAP_CE_SHA1          (1 << 2)
-#  define HWCAP_CE_SHA256        (1 << 3)
-# elif defined(__aarch64__)
-#  define HWCAP                  16
-                                  /* AT_HWCAP */
-#  define HWCAP_NEON             (1 << 1)
-
-#  define HWCAP_CE               HWCAP
-#  define HWCAP_CE_AES           (1 << 3)
-#  define HWCAP_CE_PMULL         (1 << 4)
-#  define HWCAP_CE_SHA1          (1 << 5)
-#  define HWCAP_CE_SHA256        (1 << 6)
-# endif
-
-void OPENSSL_cpuid_setup(void)
-{
-    char *e;
-    struct sigaction ill_oact, ill_act;
-    sigset_t oset;
-    static int trigger = 0;
-
-    if (trigger)
-        return;
-    trigger = 1;
-
-    if ((e = getenv("OPENSSL_armcap"))) {
-        OPENSSL_armcap_P = (unsigned int)strtoul(e, NULL, 0);
-        return;
-    }
-
-    sigfillset(&all_masked);
-    sigdelset(&all_masked, SIGILL);
-    sigdelset(&all_masked, SIGTRAP);
-    sigdelset(&all_masked, SIGFPE);
-    sigdelset(&all_masked, SIGBUS);
-    sigdelset(&all_masked, SIGSEGV);
-
-    OPENSSL_armcap_P = 0;
-
-    memset(&ill_act, 0, sizeof(ill_act));
-    ill_act.sa_handler = ill_handler;
-    ill_act.sa_mask = all_masked;
-
-    sigprocmask(SIG_SETMASK, &ill_act.sa_mask, &oset);
-    sigaction(SIGILL, &ill_act, &ill_oact);
-
-    if (getauxval != NULL) {
-        if (getauxval(HWCAP) & HWCAP_NEON) {
-            unsigned long hwcap = getauxval(HWCAP_CE);
-
-            OPENSSL_armcap_P |= ARMV7_NEON;
-
-            if (hwcap & HWCAP_CE_AES)
-                OPENSSL_armcap_P |= ARMV8_AES;
-
-            if (hwcap & HWCAP_CE_PMULL)
-                OPENSSL_armcap_P |= ARMV8_PMULL;
-
-            if (hwcap & HWCAP_CE_SHA1)
-                OPENSSL_armcap_P |= ARMV8_SHA1;
-
-            if (hwcap & HWCAP_CE_SHA256)
-                OPENSSL_armcap_P |= ARMV8_SHA256;
-        }
-    } else if (sigsetjmp(ill_jmp, 1) == 0) {
-        _armv7_neon_probe();
-        OPENSSL_armcap_P |= ARMV7_NEON;
-        if (sigsetjmp(ill_jmp, 1) == 0) {
-            _armv8_pmull_probe();
-            OPENSSL_armcap_P |= ARMV8_PMULL | ARMV8_AES;
-        } else if (sigsetjmp(ill_jmp, 1) == 0) {
-            _armv8_aes_probe();
-            OPENSSL_armcap_P |= ARMV8_AES;
-        }
-        if (sigsetjmp(ill_jmp, 1) == 0) {
-            _armv8_sha1_probe();
-            OPENSSL_armcap_P |= ARMV8_SHA1;
-        }
-        if (sigsetjmp(ill_jmp, 1) == 0) {
-            _armv8_sha256_probe();
-            OPENSSL_armcap_P |= ARMV8_SHA256;
-        }
-    }
-    if (sigsetjmp(ill_jmp, 1) == 0) {
-        _armv7_tick();
-        OPENSSL_armcap_P |= ARMV7_TICK;
-    }
-
-    sigaction(SIGILL, &ill_oact, NULL);
-    sigprocmask(SIG_SETMASK, &oset, NULL);
-}
-#endif
-#endif /* __rtems__ */
diff --git a/freebsd/crypto/openssl/crypto/asn1/a_bitstr.c b/freebsd/crypto/openssl/crypto/asn1/a_bitstr.c
index deb4cb53..49861b84 100644
--- a/freebsd/crypto/openssl/crypto/asn1/a_bitstr.c
+++ b/freebsd/crypto/openssl/crypto/asn1/a_bitstr.c
@@ -1,71 +1,23 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/asn1/a_bitstr.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <limits.h>
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1.h>
+#include "asn1_locl.h"
 
 int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len)
 {
-    return M_ASN1_BIT_STRING_set(x, d, len);
+    return ASN1_STRING_set(x, d, len);
 }
 
 int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
@@ -74,7 +26,7 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
     unsigned char *p, *d;
 
     if (a == NULL)
-        return (0);
+        return 0;
 
     len = a->length;
 
@@ -111,7 +63,7 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
 
     ret = 1 + len;
     if (pp == NULL)
-        return (ret);
+        return ret;
 
     p = *pp;
 
@@ -123,7 +75,7 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
         p[-1] &= (0xff << bits);
     }
     *pp = p;
-    return (ret);
+    return ret;
 }
 
 ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
@@ -145,8 +97,8 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
     }
 
     if ((a == NULL) || ((*a) == NULL)) {
-        if ((ret = M_ASN1_BIT_STRING_new()) == NULL)
-            return (NULL);
+        if ((ret = ASN1_BIT_STRING_new()) == NULL)
+            return NULL;
     } else
         ret = (*a);
 
@@ -164,7 +116,7 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
     ret->flags |= (ASN1_STRING_FLAG_BITS_LEFT | i); /* set */
 
     if (len-- > 1) {            /* using one because of the bits left byte */
-        s = (unsigned char *)OPENSSL_malloc((int)len);
+        s = OPENSSL_malloc((int)len);
         if (s == NULL) {
             i = ERR_R_MALLOC_FAILURE;
             goto err;
@@ -176,23 +128,22 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
         s = NULL;
 
     ret->length = (int)len;
-    if (ret->data != NULL)
-        OPENSSL_free(ret->data);
+    OPENSSL_free(ret->data);
     ret->data = s;
     ret->type = V_ASN1_BIT_STRING;
     if (a != NULL)
         (*a) = ret;
     *pp = p;
-    return (ret);
+    return ret;
  err:
     ASN1err(ASN1_F_C2I_ASN1_BIT_STRING, i);
-    if ((ret != NULL) && ((a == NULL) || (*a != ret)))
-        M_ASN1_BIT_STRING_free(ret);
-    return (NULL);
+    if ((a == NULL) || (*a != ret))
+        ASN1_BIT_STRING_free(ret);
+    return NULL;
 }
 
 /*
- * These next 2 functions from Goetz Babin-Ebell <babinebell@trustcenter.de>
+ * These next 2 functions from Goetz Babin-Ebell.
  */
 int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
 {
@@ -212,12 +163,8 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
 
     if ((a->length < (w + 1)) || (a->data == NULL)) {
         if (!value)
-            return (1);         /* Don't need to set */
-        if (a->data == NULL)
-            c = (unsigned char *)OPENSSL_malloc(w + 1);
-        else
-            c = (unsigned char *)OPENSSL_realloc_clean(a->data,
-                                                       a->length, w + 1);
+            return 1;         /* Don't need to set */
+        c = OPENSSL_clear_realloc(a->data, a->length, w + 1);
         if (c == NULL) {
             ASN1err(ASN1_F_ASN1_BIT_STRING_SET_BIT, ERR_R_MALLOC_FAILURE);
             return 0;
@@ -230,17 +177,17 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
     a->data[w] = ((a->data[w]) & iv) | v;
     while ((a->length > 0) && (a->data[a->length - 1] == 0))
         a->length--;
-    return (1);
+    return 1;
 }
 
-int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n)
+int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n)
 {
     int w, v;
 
     w = n / 8;
     v = 1 << (7 - (n & 0x07));
     if ((a == NULL) || (a->length < (w + 1)) || (a->data == NULL))
-        return (0);
+        return 0;
     return ((a->data[w] & v) != 0);
 }
 
@@ -250,8 +197,8 @@ int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n)
  * which is not specified in 'flags', 1 otherwise.
  * 'len' is the length of 'flags'.
  */
-int ASN1_BIT_STRING_check(ASN1_BIT_STRING *a,
-                          unsigned char *flags, int flags_len)
+int ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a,
+                          const unsigned char *flags, int flags_len)
 {
     int i, ok;
     /* Check if there is one bit set at all. */
diff --git a/freebsd/crypto/openssl/crypto/asn1/a_bool.c b/freebsd/crypto/openssl/crypto/asn1/a_bool.c
deleted file mode 100644
index d0920c3e..00000000
--- a/freebsd/crypto/openssl/crypto/asn1/a_bool.c
+++ /dev/null
@@ -1,127 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/asn1/a_bool.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-
-int i2d_ASN1_BOOLEAN(int a, unsigned char **pp)
-{
-    int r;
-    unsigned char *p, *allocated = NULL;
-
-    r = ASN1_object_size(0, 1, V_ASN1_BOOLEAN);
-    if (pp == NULL)
-        return (r);
-
-    if (*pp == NULL) {
-        if ((p = allocated = OPENSSL_malloc(r)) == NULL) {
-            ASN1err(ASN1_F_I2D_ASN1_BOOLEAN, ERR_R_MALLOC_FAILURE);
-            return 0;
-        }
-    } else {
-        p = *pp;
-    }
-
-    ASN1_put_object(&p, 0, 1, V_ASN1_BOOLEAN, V_ASN1_UNIVERSAL);
-    *p = (unsigned char)a;
-
-
-    /*
-     * If a new buffer was allocated, just return it back.
-     * If not, return the incremented buffer pointer.
-     */
-    *pp = allocated != NULL ? allocated : p + 1;
-    return r;
-}
-
-int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length)
-{
-    int ret = -1;
-    const unsigned char *p;
-    long len;
-    int inf, tag, xclass;
-    int i = 0;
-
-    p = *pp;
-    inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
-    if (inf & 0x80) {
-        i = ASN1_R_BAD_OBJECT_HEADER;
-        goto err;
-    }
-
-    if (tag != V_ASN1_BOOLEAN) {
-        i = ASN1_R_EXPECTING_A_BOOLEAN;
-        goto err;
-    }
-
-    if (len != 1) {
-        i = ASN1_R_BOOLEAN_IS_WRONG_LENGTH;
-        goto err;
-    }
-    ret = (int)*(p++);
-    if (a != NULL)
-        (*a) = ret;
-    *pp = p;
-    return (ret);
- err:
-    ASN1err(ASN1_F_D2I_ASN1_BOOLEAN, i);
-    return (ret);
-}
diff --git a/freebsd/crypto/openssl/crypto/asn1/a_bytes.c b/freebsd/crypto/openssl/crypto/asn1/a_bytes.c
deleted file mode 100644
index 9601eb89..00000000
--- a/freebsd/crypto/openssl/crypto/asn1/a_bytes.c
+++ /dev/null
@@ -1,336 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/asn1/a_bytes.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-
-static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c,
-                                  int depth);
-static ASN1_STRING *int_d2i_ASN1_bytes(ASN1_STRING **a,
-                                       const unsigned char **pp, long length,
-                                       int Ptag, int Pclass, int depth,
-                                       int *perr);
-/*
- * type is a 'bitmap' of acceptable string types.
- */
-ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, const unsigned char **pp,
-                                 long length, int type)
-{
-    ASN1_STRING *ret = NULL;
-    const unsigned char *p;
-    unsigned char *s;
-    long len;
-    int inf, tag, xclass;
-    int i = 0;
-
-    p = *pp;
-    inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
-    if (inf & 0x80)
-        goto err;
-
-    if (tag >= 32) {
-        i = ASN1_R_TAG_VALUE_TOO_HIGH;
-        goto err;
-    }
-    if (!(ASN1_tag2bit(tag) & type)) {
-        i = ASN1_R_WRONG_TYPE;
-        goto err;
-    }
-
-    /* If a bit-string, exit early */
-    if (tag == V_ASN1_BIT_STRING)
-        return (d2i_ASN1_BIT_STRING(a, pp, length));
-
-    if ((a == NULL) || ((*a) == NULL)) {
-        if ((ret = ASN1_STRING_new()) == NULL)
-            return (NULL);
-    } else
-        ret = (*a);
-
-    if (len != 0) {
-        s = OPENSSL_malloc((int)len + 1);
-        if (s == NULL) {
-            i = ERR_R_MALLOC_FAILURE;
-            goto err;
-        }
-        memcpy(s, p, (int)len);
-        s[len] = '\0';
-        p += len;
-    } else
-        s = NULL;
-
-    if (ret->data != NULL)
-        OPENSSL_free(ret->data);
-    ret->length = (int)len;
-    ret->data = s;
-    ret->type = tag;
-    if (a != NULL)
-        (*a) = ret;
-    *pp = p;
-    return (ret);
- err:
-    ASN1err(ASN1_F_D2I_ASN1_TYPE_BYTES, i);
-    if ((ret != NULL) && ((a == NULL) || (*a != ret)))
-        ASN1_STRING_free(ret);
-    return (NULL);
-}
-
-int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass)
-{
-    int ret, r, constructed;
-    unsigned char *p;
-
-    if (a == NULL)
-        return (0);
-
-    if (tag == V_ASN1_BIT_STRING)
-        return (i2d_ASN1_BIT_STRING(a, pp));
-
-    ret = a->length;
-    r = ASN1_object_size(0, ret, tag);
-    if (pp == NULL)
-        return (r);
-    p = *pp;
-
-    if ((tag == V_ASN1_SEQUENCE) || (tag == V_ASN1_SET))
-        constructed = 1;
-    else
-        constructed = 0;
-    ASN1_put_object(&p, constructed, ret, tag, xclass);
-    memcpy(p, a->data, a->length);
-    p += a->length;
-    *pp = p;
-    return (r);
-}
-
-/*
- * Maximum recursion depth of d2i_ASN1_bytes(): much more than should be
- * encountered in pratice.
- */
-
-#define ASN1_BYTES_MAXDEPTH 20
-
-ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
-                            long length, int Ptag, int Pclass)
-{
-    int err = 0;
-    ASN1_STRING *s = int_d2i_ASN1_bytes(a, pp, length, Ptag, Pclass, 0, &err);
-    if (err != 0)
-        ASN1err(ASN1_F_D2I_ASN1_BYTES, err);
-    return s;
-}
-
-static ASN1_STRING *int_d2i_ASN1_bytes(ASN1_STRING **a,
-                                       const unsigned char **pp, long length,
-                                       int Ptag, int Pclass,
-                                       int depth, int *perr)
-{
-    ASN1_STRING *ret = NULL;
-    const unsigned char *p;
-    unsigned char *s;
-    long len;
-    int inf, tag, xclass;
-
-    if (depth > ASN1_BYTES_MAXDEPTH) {
-        *perr = ASN1_R_NESTED_ASN1_STRING;
-        return NULL;
-    }
-
-    if ((a == NULL) || ((*a) == NULL)) {
-        if ((ret = ASN1_STRING_new()) == NULL)
-            return (NULL);
-    } else
-        ret = (*a);
-
-    p = *pp;
-    inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
-    if (inf & 0x80) {
-        *perr = ASN1_R_BAD_OBJECT_HEADER;
-        goto err;
-    }
-
-    if (tag != Ptag) {
-        *perr = ASN1_R_WRONG_TAG;
-        goto err;
-    }
-
-    if (inf & V_ASN1_CONSTRUCTED) {
-        ASN1_const_CTX c;
-
-        c.error = 0;
-        c.pp = pp;
-        c.p = p;
-        c.inf = inf;
-        c.slen = len;
-        c.tag = Ptag;
-        c.xclass = Pclass;
-        c.max = (length == 0) ? 0 : (p + length);
-        if (!asn1_collate_primitive(ret, &c, depth)) {
-            *perr = c.error;
-            goto err;
-        } else {
-            p = c.p;
-        }
-    } else {
-        if (len != 0) {
-            if ((ret->length < len) || (ret->data == NULL)) {
-                s = OPENSSL_malloc((int)len + 1);
-                if (s == NULL) {
-                    *perr = ERR_R_MALLOC_FAILURE;
-                    goto err;
-                }
-                if (ret->data != NULL)
-                    OPENSSL_free(ret->data);
-            } else
-                s = ret->data;
-            memcpy(s, p, (int)len);
-            s[len] = '\0';
-            p += len;
-        } else {
-            s = NULL;
-            if (ret->data != NULL)
-                OPENSSL_free(ret->data);
-        }
-
-        ret->length = (int)len;
-        ret->data = s;
-        ret->type = Ptag;
-    }
-
-    if (a != NULL)
-        (*a) = ret;
-    *pp = p;
-    return (ret);
- err:
-    if ((ret != NULL) && ((a == NULL) || (*a != ret)))
-        ASN1_STRING_free(ret);
-    return (NULL);
-}
-
-/*
- * We are about to parse 0..n d2i_ASN1_bytes objects, we are to collapse them
- * into the one structure that is then returned
- */
-/*
- * There have been a few bug fixes for this function from Paul Keogh
- * <paul.keogh@sse.ie>, many thanks to him
- */
-static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c,
-                                  int depth)
-{
-    ASN1_STRING *os = NULL;
-    BUF_MEM b;
-    int num;
-
-    b.length = 0;
-    b.max = 0;
-    b.data = NULL;
-
-    if (a == NULL) {
-        c->error = ERR_R_PASSED_NULL_PARAMETER;
-        goto err;
-    }
-
-    num = 0;
-    for (;;) {
-        if (c->inf & 1) {
-            c->eos = ASN1_const_check_infinite_end(&c->p,
-                                                   (long)(c->max - c->p));
-            if (c->eos)
-                break;
-        } else {
-            if (c->slen <= 0)
-                break;
-        }
-
-        c->q = c->p;
-        if (int_d2i_ASN1_bytes(&os, &c->p, c->max - c->p, c->tag, c->xclass,
-                               depth + 1, &c->error) == NULL) {
-            goto err;
-        }
-
-        if (!BUF_MEM_grow_clean(&b, num + os->length)) {
-            c->error = ERR_R_BUF_LIB;
-            goto err;
-        }
-        memcpy(&(b.data[num]), os->data, os->length);
-        if (!(c->inf & 1))
-            c->slen -= (c->p - c->q);
-        num += os->length;
-    }
-
-    if (!asn1_const_Finish(c))
-        goto err;
-
-    a->length = num;
-    if (a->data != NULL)
-        OPENSSL_free(a->data);
-    a->data = (unsigned char *)b.data;
-    if (os != NULL)
-        ASN1_STRING_free(os);
-    return (1);
- err:
-    if (os != NULL)
-        ASN1_STRING_free(os);
-    if (b.data != NULL)
-        OPENSSL_free(b.data);
-    return (0);
-}
diff --git a/freebsd/crypto/openssl/crypto/asn1/a_d2i_fp.c b/freebsd/crypto/openssl/crypto/asn1/a_d2i_fp.c
index ea11f67e..8c7a043c 100644
--- a/freebsd/crypto/openssl/crypto/asn1/a_d2i_fp.c
+++ b/freebsd/crypto/openssl/crypto/asn1/a_d2i_fp.c
@@ -1,73 +1,24 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/asn1/a_d2i_fp.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <limits.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
+#include "internal/numbers.h"
 #include <openssl/buffer.h>
-#include <openssl/asn1_mac.h>
-
-static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb);
+#include <openssl/asn1.h>
+#include "internal/asn1_int.h"
 
 #ifndef NO_OLD_ASN1
-# ifndef OPENSSL_NO_FP_API
+# ifndef OPENSSL_NO_STDIO
 
 void *ASN1_d2i_fp(void *(*xnew) (void), d2i_of_void *d2i, FILE *in, void **x)
 {
@@ -76,12 +27,12 @@ void *ASN1_d2i_fp(void *(*xnew) (void), d2i_of_void *d2i, FILE *in, void **x)
 
     if ((b = BIO_new(BIO_s_file())) == NULL) {
         ASN1err(ASN1_F_ASN1_D2I_FP, ERR_R_BUF_LIB);
-        return (NULL);
+        return NULL;
     }
     BIO_set_fp(b, in, BIO_NOCLOSE);
     ret = ASN1_d2i_bio(xnew, d2i, b, x);
     BIO_free(b);
-    return (ret);
+    return ret;
 }
 # endif
 
@@ -99,9 +50,8 @@ void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x)
     p = (unsigned char *)b->data;
     ret = d2i(x, &p, len);
  err:
-    if (b != NULL)
-        BUF_MEM_free(b);
-    return (ret);
+    BUF_MEM_free(b);
+    return ret;
 }
 
 #endif
@@ -120,12 +70,11 @@ void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x)
     p = (const unsigned char *)b->data;
     ret = ASN1_item_d2i(x, &p, len, it);
  err:
-    if (b != NULL)
-        BUF_MEM_free(b);
-    return (ret);
+    BUF_MEM_free(b);
+    return ret;
 }
 
-#ifndef OPENSSL_NO_FP_API
+#ifndef OPENSSL_NO_STDIO
 void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
 {
     BIO *b;
@@ -133,28 +82,31 @@ void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
 
     if ((b = BIO_new(BIO_s_file())) == NULL) {
         ASN1err(ASN1_F_ASN1_ITEM_D2I_FP, ERR_R_BUF_LIB);
-        return (NULL);
+        return NULL;
     }
     BIO_set_fp(b, in, BIO_NOCLOSE);
     ret = ASN1_item_d2i_bio(it, b, x);
     BIO_free(b);
-    return (ret);
+    return ret;
 }
 #endif
 
 #define HEADER_SIZE   8
 #define ASN1_CHUNK_INITIAL_SIZE (16 * 1024)
-static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
+int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
 {
     BUF_MEM *b;
     unsigned char *p;
     int i;
-    ASN1_const_CTX c;
     size_t want = HEADER_SIZE;
-    int eos = 0;
+    uint32_t eos = 0;
     size_t off = 0;
     size_t len = 0;
 
+    const unsigned char *q;
+    long slen;
+    int inf, tag, xclass;
+
     b = BUF_MEM_new();
     if (b == NULL) {
         ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
@@ -186,10 +138,9 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
         /* else data already loaded */
 
         p = (unsigned char *)&(b->data[off]);
-        c.p = p;
-        c.inf = ASN1_get_object(&(c.p), &(c.slen), &(c.tag), &(c.xclass),
-                                len - off);
-        if (c.inf & 0x80) {
+        q = p;
+        inf = ASN1_get_object(&q, &slen, &tag, &xclass, len - off);
+        if (inf & 0x80) {
             unsigned long e;
 
             e = ERR_GET_REASON(ERR_peek_error());
@@ -198,27 +149,27 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
             else
                 ERR_clear_error(); /* clear error */
         }
-        i = c.p - p;            /* header length */
+        i = q - p;            /* header length */
         off += i;               /* end of data */
 
-        if (c.inf & 1) {
+        if (inf & 1) {
             /* no data body so go round again */
-            eos++;
-            if (eos < 0) {
+            if (eos == UINT32_MAX) {
                 ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_HEADER_TOO_LONG);
                 goto err;
             }
+            eos++;
             want = HEADER_SIZE;
-        } else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC)) {
+        } else if (eos && (slen == 0) && (tag == V_ASN1_EOC)) {
             /* eos value, so go back and read another header */
             eos--;
-            if (eos <= 0)
+            if (eos == 0)
                 break;
             else
                 want = HEADER_SIZE;
         } else {
-            /* suck in c.slen bytes of data */
-            want = c.slen;
+            /* suck in slen bytes of data */
+            want = slen;
             if (want > (len - off)) {
                 size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE;
 
@@ -260,12 +211,12 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
                         chunk_max *= 2;
                 }
             }
-            if (off + c.slen < off) {
+            if (off + slen < off) {
                 ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
                 goto err;
             }
-            off += c.slen;
-            if (eos <= 0) {
+            off += slen;
+            if (eos == 0) {
                 break;
             } else
                 want = HEADER_SIZE;
@@ -280,7 +231,6 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
     *pb = b;
     return off;
  err:
-    if (b != NULL)
-        BUF_MEM_free(b);
+    BUF_MEM_free(b);
     return -1;
 }
diff --git a/freebsd/crypto/openssl/crypto/asn1/a_digest.c b/freebsd/crypto/openssl/crypto/asn1/a_digest.c
index beb7ef1a..6c3fc0ea 100644
--- a/freebsd/crypto/openssl/crypto/asn1/a_digest.c
+++ b/freebsd/crypto/openssl/crypto/asn1/a_digest.c
@@ -1,71 +1,19 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/asn1/a_digest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <time.h>
+#include <sys/types.h>
 
-#include "cryptlib.h"
-
-#ifndef NO_SYS_TYPES_H
-# include <sys/types.h>
-#endif
+#include "internal/cryptlib.h"
 
 #include <openssl/err.h>
 #include <openssl/evp.h>
@@ -81,9 +29,9 @@ int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
     unsigned char *str, *p;
 
     i = i2d(data, NULL);
-    if ((str = (unsigned char *)OPENSSL_malloc(i)) == NULL) {
+    if ((str = OPENSSL_malloc(i)) == NULL) {
         ASN1err(ASN1_F_ASN1_DIGEST, ERR_R_MALLOC_FAILURE);
-        return (0);
+        return 0;
     }
     p = str;
     i2d(data, &p);
@@ -93,7 +41,7 @@ int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
         return 0;
     }
     OPENSSL_free(str);
-    return (1);
+    return 1;
 }
 
 #endif
@@ -106,12 +54,12 @@ int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn,
 
     i = ASN1_item_i2d(asn, &str, it);
     if (!str)
-        return (0);
+        return 0;
 
     if (!EVP_Digest(str, i, md, len, type, NULL)) {
         OPENSSL_free(str);
         return 0;
     }
     OPENSSL_free(str);
-    return (1);
+    return 1;
 }
diff --git a/freebsd/crypto/openssl/crypto/asn1/a_dup.c b/freebsd/crypto/openssl/crypto/asn1/a_dup.c
index c887bc25..028da411 100644
--- a/freebsd/crypto/openssl/crypto/asn1/a_dup.c
+++ b/freebsd/crypto/openssl/crypto/asn1/a_dup.c
@@ -1,65 +1,16 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/asn1/a_dup.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1.h>
 
 #ifndef NO_OLD_ASN1
@@ -72,20 +23,20 @@ void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x)
     char *ret;
 
     if (x == NULL)
-        return (NULL);
+        return NULL;
 
     i = i2d(x, NULL);
     b = OPENSSL_malloc(i + 10);
     if (b == NULL) {
         ASN1err(ASN1_F_ASN1_DUP, ERR_R_MALLOC_FAILURE);
-        return (NULL);
+        return NULL;
     }
     p = b;
     i = i2d(x, &p);
     p2 = b;
     ret = d2i(NULL, &p2, i);
     OPENSSL_free(b);
-    return (ret);
+    return ret;
 }
 
 #endif
@@ -105,15 +56,15 @@ void *ASN1_item_dup(const ASN1_ITEM *it, void *x)
     void *ret;
 
     if (x == NULL)
-        return (NULL);
+        return NULL;
 
     i = ASN1_item_i2d(x, &b, it);
     if (b == NULL) {
         ASN1err(ASN1_F_ASN1_ITEM_DUP, ERR_R_MALLOC_FAILURE);
-        return (NULL);
+        return NULL;
     }
     p = b;
     ret = ASN1_item_d2i(NULL, &p, i, it);
     OPENSSL_free(b);
-    return (ret);
+    return ret;
 }
diff --git a/freebsd/crypto/openssl/crypto/asn1/a_enum.c b/freebsd/crypto/openssl/crypto/asn1/a_enum.c
deleted file mode 100644
index fb1be301..00000000
--- a/freebsd/crypto/openssl/crypto/asn1/a_enum.c
+++ /dev/null
@@ -1,183 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/asn1/a_enum.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/bn.h>
-
-/*
- * Code for ENUMERATED type: identical to INTEGER apart from a different tag.
- * for comments on encoding see a_int.c
- */
-
-int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)
-{
-    int j, k;
-    unsigned int i;
-    unsigned char buf[sizeof(long) + 1];
-    long d;
-
-    a->type = V_ASN1_ENUMERATED;
-    if (a->length < (int)(sizeof(long) + 1)) {
-        if (a->data != NULL)
-            OPENSSL_free(a->data);
-        if ((a->data =
-             (unsigned char *)OPENSSL_malloc(sizeof(long) + 1)) != NULL)
-            memset((char *)a->data, 0, sizeof(long) + 1);
-    }
-    if (a->data == NULL) {
-        ASN1err(ASN1_F_ASN1_ENUMERATED_SET, ERR_R_MALLOC_FAILURE);
-        return (0);
-    }
-    d = v;
-    if (d < 0) {
-        d = -d;
-        a->type = V_ASN1_NEG_ENUMERATED;
-    }
-
-    for (i = 0; i < sizeof(long); i++) {
-        if (d == 0)
-            break;
-        buf[i] = (int)d & 0xff;
-        d >>= 8;
-    }
-    j = 0;
-    for (k = i - 1; k >= 0; k--)
-        a->data[j++] = buf[k];
-    a->length = j;
-    return (1);
-}
-
-long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a)
-{
-    int neg = 0, i;
-    long r = 0;
-
-    if (a == NULL)
-        return (0L);
-    i = a->type;
-    if (i == V_ASN1_NEG_ENUMERATED)
-        neg = 1;
-    else if (i != V_ASN1_ENUMERATED)
-        return -1;
-
-    if (a->length > (int)sizeof(long)) {
-        /* hmm... a bit ugly */
-        return (0xffffffffL);
-    }
-    if (a->data == NULL)
-        return 0;
-
-    for (i = 0; i < a->length; i++) {
-        r <<= 8;
-        r |= (unsigned char)a->data[i];
-    }
-    if (neg)
-        r = -r;
-    return (r);
-}
-
-ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai)
-{
-    ASN1_ENUMERATED *ret;
-    int len, j;
-
-    if (ai == NULL)
-        ret = M_ASN1_ENUMERATED_new();
-    else
-        ret = ai;
-    if (ret == NULL) {
-        ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED, ERR_R_NESTED_ASN1_ERROR);
-        goto err;
-    }
-    if (BN_is_negative(bn))
-        ret->type = V_ASN1_NEG_ENUMERATED;
-    else
-        ret->type = V_ASN1_ENUMERATED;
-    j = BN_num_bits(bn);
-    len = ((j == 0) ? 0 : ((j / 8) + 1));
-    if (ret->length < len + 4) {
-        unsigned char *new_data = OPENSSL_realloc(ret->data, len + 4);
-        if (!new_data) {
-            ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-        ret->data = new_data;
-    }
-
-    ret->length = BN_bn2bin(bn, ret->data);
-    return (ret);
- err:
-    if (ret != ai)
-        M_ASN1_ENUMERATED_free(ret);
-    return (NULL);
-}
-
-BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn)
-{
-    BIGNUM *ret;
-
-    if ((ret = BN_bin2bn(ai->data, ai->length, bn)) == NULL)
-        ASN1err(ASN1_F_ASN1_ENUMERATED_TO_BN, ASN1_R_BN_LIB);
-    else if (ai->type == V_ASN1_NEG_ENUMERATED)
-        BN_set_negative(ret, 1);
-    return (ret);
-}
diff --git a/freebsd/crypto/openssl/crypto/asn1/a_gentm.c b/freebsd/crypto/openssl/crypto/asn1/a_gentm.c
index d06192bc..d948b558 100644
--- a/freebsd/crypto/openssl/crypto/asn1/a_gentm.c
+++ b/freebsd/crypto/openssl/crypto/asn1/a_gentm.c
@@ -1,240 +1,31 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/asn1/a_gentm.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 /*
- * GENERALIZEDTIME implementation, written by Steve Henson. Based on UTCTIME
+ * GENERALIZEDTIME implementation. Based on UTCTIME
  */
 
 #include <stdio.h>
 #include <time.h>
-#include "cryptlib.h"
-#include "o_time.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1.h>
 #include "asn1_locl.h"
 
-#if 0
-
-int i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a, unsigned char **pp)
-{
-# ifdef CHARSET_EBCDIC
-    /* KLUDGE! We convert to ascii before writing DER */
-    int len;
-    char tmp[24];
-    ASN1_STRING tmpstr = *(ASN1_STRING *)a;
-
-    len = tmpstr.length;
-    ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof(tmp)) ? sizeof(tmp) : len);
-    tmpstr.data = tmp;
-
-    a = (ASN1_GENERALIZEDTIME *)&tmpstr;
-# endif
-    return (i2d_ASN1_bytes((ASN1_STRING *)a, pp,
-                           V_ASN1_GENERALIZEDTIME, V_ASN1_UNIVERSAL));
-}
-
-ASN1_GENERALIZEDTIME *d2i_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME **a,
-                                               unsigned char **pp,
-                                               long length)
-{
-    ASN1_GENERALIZEDTIME *ret = NULL;
-
-    ret =
-        (ASN1_GENERALIZEDTIME *)d2i_ASN1_bytes((ASN1_STRING **)a, pp, length,
-                                               V_ASN1_GENERALIZEDTIME,
-                                               V_ASN1_UNIVERSAL);
-    if (ret == NULL) {
-        ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME, ERR_R_NESTED_ASN1_ERROR);
-        return (NULL);
-    }
-# ifdef CHARSET_EBCDIC
-    ascii2ebcdic(ret->data, ret->data, ret->length);
-# endif
-    if (!ASN1_GENERALIZEDTIME_check(ret)) {
-        ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME, ASN1_R_INVALID_TIME_FORMAT);
-        goto err;
-    }
-
-    return (ret);
- err:
-    if ((ret != NULL) && ((a == NULL) || (*a != ret)))
-        M_ASN1_GENERALIZEDTIME_free(ret);
-    return (NULL);
-}
-
-#endif
-
+/* This is the primary function used to parse ASN1_GENERALIZEDTIME */
 int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d)
 {
-    static const int min[9] = { 0, 0, 1, 1, 0, 0, 0, 0, 0 };
-    static const int max[9] = { 99, 99, 12, 31, 23, 59, 59, 12, 59 };
-    char *a;
-    int n, i, l, o;
-
+    /* wrapper around asn1_time_to_tm */
     if (d->type != V_ASN1_GENERALIZEDTIME)
-        return (0);
-    l = d->length;
-    a = (char *)d->data;
-    o = 0;
-    /*
-     * GENERALIZEDTIME is similar to UTCTIME except the year is represented
-     * as YYYY. This stuff treats everything as a two digit field so make
-     * first two fields 00 to 99
-     */
-    if (l < 13)
-        goto err;
-    for (i = 0; i < 7; i++) {
-        if ((i == 6) && ((a[o] == 'Z') || (a[o] == '+') || (a[o] == '-'))) {
-            i++;
-            if (tm)
-                tm->tm_sec = 0;
-            break;
-        }
-        if ((a[o] < '0') || (a[o] > '9'))
-            goto err;
-        n = a[o] - '0';
-        if (++o > l)
-            goto err;
-
-        if ((a[o] < '0') || (a[o] > '9'))
-            goto err;
-        n = (n * 10) + a[o] - '0';
-        if (++o > l)
-            goto err;
-
-        if ((n < min[i]) || (n > max[i]))
-            goto err;
-        if (tm) {
-            switch (i) {
-            case 0:
-                tm->tm_year = n * 100 - 1900;
-                break;
-            case 1:
-                tm->tm_year += n;
-                break;
-            case 2:
-                tm->tm_mon = n - 1;
-                break;
-            case 3:
-                tm->tm_mday = n;
-                break;
-            case 4:
-                tm->tm_hour = n;
-                break;
-            case 5:
-                tm->tm_min = n;
-                break;
-            case 6:
-                tm->tm_sec = n;
-                break;
-            }
-        }
-    }
-    /*
-     * Optional fractional seconds: decimal point followed by one or more
-     * digits.
-     */
-    if (a[o] == '.') {
-        if (++o > l)
-            goto err;
-        i = o;
-        while ((a[o] >= '0') && (a[o] <= '9') && (o <= l))
-            o++;
-        /* Must have at least one digit after decimal point */
-        if (i == o)
-            goto err;
-    }
-
-    if (a[o] == 'Z')
-        o++;
-    else if ((a[o] == '+') || (a[o] == '-')) {
-        int offsign = a[o] == '-' ? 1 : -1, offset = 0;
-        o++;
-        if (o + 4 > l)
-            goto err;
-        for (i = 7; i < 9; i++) {
-            if ((a[o] < '0') || (a[o] > '9'))
-                goto err;
-            n = a[o] - '0';
-            o++;
-            if ((a[o] < '0') || (a[o] > '9'))
-                goto err;
-            n = (n * 10) + a[o] - '0';
-            if ((n < min[i]) || (n > max[i]))
-                goto err;
-            if (tm) {
-                if (i == 7)
-                    offset = n * 3600;
-                else if (i == 8)
-                    offset += n * 60;
-            }
-            o++;
-        }
-        if (offset && !OPENSSL_gmtime_adj(tm, 0, offset * offsign))
-            return 0;
-    } else if (a[o]) {
-        /* Missing time zone information. */
-        goto err;
-    }
-    return (o == l);
- err:
-    return (0);
+        return 0;
+    return asn1_time_to_tm(tm, d);
 }
 
 int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *d)
@@ -249,16 +40,15 @@ int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str)
     t.type = V_ASN1_GENERALIZEDTIME;
     t.length = strlen(str);
     t.data = (unsigned char *)str;
-    if (ASN1_GENERALIZEDTIME_check(&t)) {
-        if (s != NULL) {
-            if (!ASN1_STRING_set((ASN1_STRING *)s,
-                                 (unsigned char *)str, t.length))
-                return 0;
-            s->type = V_ASN1_GENERALIZEDTIME;
-        }
-        return (1);
-    } else
-        return (0);
+    t.flags = 0;
+
+    if (!ASN1_GENERALIZEDTIME_check(&t))
+        return 0;
+
+    if (s != NULL && !ASN1_STRING_copy(s, &t))
+        return 0;
+
+    return 1;
 }
 
 ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
@@ -271,44 +61,24 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s,
                                                time_t t, int offset_day,
                                                long offset_sec)
 {
-    char *p;
     struct tm *ts;
     struct tm data;
-    size_t len = 20;
-
-    if (s == NULL)
-        s = M_ASN1_GENERALIZEDTIME_new();
-    if (s == NULL)
-        return (NULL);
 
     ts = OPENSSL_gmtime(&t, &data);
     if (ts == NULL)
-        return (NULL);
+        return NULL;
 
     if (offset_day || offset_sec) {
         if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
             return NULL;
     }
 
-    p = (char *)s->data;
-    if ((p == NULL) || ((size_t)s->length < len)) {
-        p = OPENSSL_malloc(len);
-        if (p == NULL) {
-            ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_ADJ, ERR_R_MALLOC_FAILURE);
-            return (NULL);
-        }
-        if (s->data != NULL)
-            OPENSSL_free(s->data);
-        s->data = (unsigned char *)p;
-    }
+    return asn1_time_from_tm(s, ts, V_ASN1_GENERALIZEDTIME);
+}
 
-    BIO_snprintf(p, len, "%04d%02d%02d%02d%02d%02dZ", ts->tm_year + 1900,
-                 ts->tm_mon + 1, ts->tm_mday, ts->tm_hour, ts->tm_min,
-                 ts->tm_sec);
-    s->length = strlen(p);
-    s->type = V_ASN1_GENERALIZEDTIME;
-#ifdef CHARSET_EBCDIC_not
-    ebcdic2ascii(s->data, s->data, s->length);
-#endif
-    return (s);
+int ASN1_GENERALIZEDTIME_print(BIO *bp, const ASN1_GENERALIZEDTIME *tm)
+{
+    if (tm->type != V_ASN1_GENERALIZEDTIME)
+        return 0;
+    return ASN1_TIME_print(bp, tm);
 }
diff --git a/freebsd/crypto/openssl/crypto/asn1/a_i2d_fp.c b/freebsd/crypto/openssl/crypto/asn1/a_i2d_fp.c
index 8877481a..0781dfec 100644
--- a/freebsd/crypto/openssl/crypto/asn1/a_i2d_fp.c
+++ b/freebsd/crypto/openssl/crypto/asn1/a_i2d_fp.c
@@ -1,71 +1,22 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/asn1/a_i2d_fp.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/buffer.h>
 #include <openssl/asn1.h>
 
 #ifndef NO_OLD_ASN1
 
-# ifndef OPENSSL_NO_FP_API
+# ifndef OPENSSL_NO_STDIO
 int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x)
 {
     BIO *b;
@@ -73,12 +24,12 @@ int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x)
 
     if ((b = BIO_new(BIO_s_file())) == NULL) {
         ASN1err(ASN1_F_ASN1_I2D_FP, ERR_R_BUF_LIB);
-        return (0);
+        return 0;
     }
     BIO_set_fp(b, out, BIO_NOCLOSE);
     ret = ASN1_i2d_bio(i2d, b, x);
     BIO_free(b);
-    return (ret);
+    return ret;
 }
 # endif
 
@@ -92,10 +43,10 @@ int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x)
     if (n <= 0)
         return 0;
 
-    b = (char *)OPENSSL_malloc(n);
+    b = OPENSSL_malloc(n);
     if (b == NULL) {
         ASN1err(ASN1_F_ASN1_I2D_BIO, ERR_R_MALLOC_FAILURE);
-        return (0);
+        return 0;
     }
 
     p = (unsigned char *)b;
@@ -113,12 +64,12 @@ int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x)
         n -= i;
     }
     OPENSSL_free(b);
-    return (ret);
+    return ret;
 }
 
 #endif
 
-#ifndef OPENSSL_NO_FP_API
+#ifndef OPENSSL_NO_STDIO
 int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x)
 {
     BIO *b;
@@ -126,12 +77,12 @@ int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x)
 
     if ((b = BIO_new(BIO_s_file())) == NULL) {
         ASN1err(ASN1_F_ASN1_ITEM_I2D_FP, ERR_R_BUF_LIB);
-        return (0);
+        return 0;
     }
     BIO_set_fp(b, out, BIO_NOCLOSE);
     ret = ASN1_item_i2d_bio(it, b, x);
     BIO_free(b);
-    return (ret);
+    return ret;
 }
 #endif
 
@@ -143,7 +94,7 @@ int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x)
     n = ASN1_item_i2d(x, &b, it);
     if (b == NULL) {
         ASN1err(ASN1_F_ASN1_ITEM_I2D_BIO, ERR_R_MALLOC_FAILURE);
-        return (0);
+        return 0;
     }
 
     for (;;) {
@@ -158,5 +109,5 @@ int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x)
         n -= i;
     }
     OPENSSL_free(b);
-    return (ret);
+    return ret;
 }
diff --git a/freebsd/crypto/openssl/crypto/asn1/a_int.c b/freebsd/crypto/openssl/crypto/asn1/a_int.c
index 563c51bd..686814d7 100644
--- a/freebsd/crypto/openssl/crypto/asn1/a_int.c
+++ b/freebsd/crypto/openssl/crypto/asn1/a_int.c
@@ -1,71 +1,25 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/asn1/a_int.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
+#include "internal/numbers.h"
+#include <limits.h>
 #include <openssl/asn1.h>
 #include <openssl/bn.h>
+#include "asn1_locl.h"
 
 ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x)
 {
-    return M_ASN1_INTEGER_dup(x);
+    return ASN1_STRING_dup(x);
 }
 
 int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y)
@@ -89,10 +43,11 @@ int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y)
 }
 
 /*-
- * This converts an ASN1 INTEGER into its content encoding.
+ * This converts a big endian buffer and sign into its content encoding.
+ * This is used for INTEGER and ENUMERATED types.
  * The internal representation is an ASN1_STRING whose data is a big endian
  * representation of the value, ignoring the sign. The sign is determined by
- * the type: V_ASN1_INTEGER for positive and V_ASN1_NEG_INTEGER for negative.
+ * the type: if type & V_ASN1_NEG is true it is negative, otherwise positive.
  *
  * Positive integers are no problem: they are almost the same as the DER
  * encoding, except if the first byte is >= 0x80 we need to add a zero pad.
@@ -113,165 +68,316 @@ int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y)
  * followed by optional zeros isn't padded.
  */
 
-int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
+/*
+ * If |pad| is zero, the operation is effectively reduced to memcpy,
+ * and if |pad| is 0xff, then it performs two's complement, ~dst + 1.
+ * Note that in latter case sequence of zeros yields itself, and so
+ * does 0x80 followed by any number of zeros. These properties are
+ * used elsewhere below...
+ */
+static void twos_complement(unsigned char *dst, const unsigned char *src,
+                            size_t len, unsigned char pad)
 {
-    int pad = 0, ret, i, neg;
-    unsigned char *p, *n, pb = 0;
+    unsigned int carry = pad & 1;
+
+    /* Begin at the end of the encoding */
+    dst += len;
+    src += len;
+    /* two's complement value: ~value + 1 */
+    while (len-- != 0) {
+        *(--dst) = (unsigned char)(carry += *(--src) ^ pad);
+        carry >>= 8;
+    }
+}
 
-    if (a == NULL)
-        return (0);
-    neg = a->type & V_ASN1_NEG;
-    if (a->length == 0)
-        ret = 1;
-    else {
-        ret = a->length;
-        i = a->data[0];
-        if (ret == 1 && i == 0)
-            neg = 0;
+static size_t i2c_ibuf(const unsigned char *b, size_t blen, int neg,
+                       unsigned char **pp)
+{
+    unsigned int pad = 0;
+    size_t ret, i;
+    unsigned char *p, pb = 0;
+
+    if (b != NULL && blen) {
+        ret = blen;
+        i = b[0];
         if (!neg && (i > 127)) {
             pad = 1;
             pb = 0;
         } else if (neg) {
+            pb = 0xFF;
             if (i > 128) {
                 pad = 1;
-                pb = 0xFF;
             } else if (i == 128) {
                 /*
-                 * Special case: if any other bytes non zero we pad:
-                 * otherwise we don't.
+                 * Special case [of minimal negative for given length]:
+                 * if any other bytes non zero we pad, otherwise we don't.
                  */
-                for (i = 1; i < a->length; i++)
-                    if (a->data[i]) {
-                        pad = 1;
-                        pb = 0xFF;
-                        break;
-                    }
+                for (pad = 0, i = 1; i < blen; i++)
+                    pad |= b[i];
+                pb = pad != 0 ? 0xffU : 0;
+                pad = pb & 1;
             }
         }
         ret += pad;
+    } else {
+        ret = 1;
+        blen = 0;   /* reduce '(b == NULL || blen == 0)' to '(blen == 0)' */
     }
-    if (pp == NULL)
-        return (ret);
-    p = *pp;
 
-    if (pad)
-        *(p++) = pb;
-    if (a->length == 0)
-        *(p++) = 0;
-    else if (!neg)
-        memcpy(p, a->data, (unsigned int)a->length);
-    else {
-        /* Begin at the end of the encoding */
-        n = a->data + a->length - 1;
-        p += a->length - 1;
-        i = a->length;
-        /* Copy zeros to destination as long as source is zero */
-        while (!*n && i > 1) {
-            *(p--) = 0;
-            n--;
-            i--;
+    if (pp == NULL || (p = *pp) == NULL)
+        return ret;
+
+    /*
+     * This magically handles all corner cases, such as '(b == NULL ||
+     * blen == 0)', non-negative value, "negative" zero, 0x80 followed
+     * by any number of zeros...
+     */
+    *p = pb;
+    p += pad;       /* yes, p[0] can be written twice, but it's little
+                     * price to pay for eliminated branches */
+    twos_complement(p, b, blen, pb);
+
+    *pp += ret;
+    return ret;
+}
+
+/*
+ * convert content octets into a big endian buffer. Returns the length
+ * of buffer or 0 on error: for malformed INTEGER. If output buffer is
+ * NULL just return length.
+ */
+
+static size_t c2i_ibuf(unsigned char *b, int *pneg,
+                       const unsigned char *p, size_t plen)
+{
+    int neg, pad;
+    /* Zero content length is illegal */
+    if (plen == 0) {
+        ASN1err(ASN1_F_C2I_IBUF, ASN1_R_ILLEGAL_ZERO_CONTENT);
+        return 0;
+    }
+    neg = p[0] & 0x80;
+    if (pneg)
+        *pneg = neg;
+    /* Handle common case where length is 1 octet separately */
+    if (plen == 1) {
+        if (b != NULL) {
+            if (neg)
+                b[0] = (p[0] ^ 0xFF) + 1;
+            else
+                b[0] = p[0];
         }
-        /* Complement and increment next octet */
-        *(p--) = ((*(n--)) ^ 0xff) + 1;
-        i--;
-        /* Complement any octets left */
-        for (; i > 0; i--)
-            *(p--) = *(n--) ^ 0xff;
+        return 1;
     }
 
-    *pp += ret;
-    return (ret);
+    pad = 0;
+    if (p[0] == 0) {
+        pad = 1;
+    } else if (p[0] == 0xFF) {
+        size_t i;
+
+        /*
+         * Special case [of "one less minimal negative" for given length]:
+         * if any other bytes non zero it was padded, otherwise not.
+         */
+        for (pad = 0, i = 1; i < plen; i++)
+            pad |= p[i];
+        pad = pad != 0 ? 1 : 0;
+    }
+    /* reject illegal padding: first two octets MSB can't match */
+    if (pad && (neg == (p[1] & 0x80))) {
+        ASN1err(ASN1_F_C2I_IBUF, ASN1_R_ILLEGAL_PADDING);
+        return 0;
+    }
+
+    /* skip over pad */
+    p += pad;
+    plen -= pad;
+
+    if (b != NULL)
+        twos_complement(b, p, plen, neg ? 0xffU : 0);
+
+    return plen;
+}
+
+int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
+{
+    return i2c_ibuf(a->data, a->length, a->type & V_ASN1_NEG, pp);
+}
+
+/* Convert big endian buffer into uint64_t, return 0 on error */
+static int asn1_get_uint64(uint64_t *pr, const unsigned char *b, size_t blen)
+{
+    size_t i;
+    uint64_t r;
+
+    if (blen > sizeof(*pr)) {
+        ASN1err(ASN1_F_ASN1_GET_UINT64, ASN1_R_TOO_LARGE);
+        return 0;
+    }
+    if (b == NULL)
+        return 0;
+    for (r = 0, i = 0; i < blen; i++) {
+        r <<= 8;
+        r |= b[i];
+    }
+    *pr = r;
+    return 1;
+}
+
+/*
+ * Write uint64_t to big endian buffer and return offset to first
+ * written octet. In other words it returns offset in range from 0
+ * to 7, with 0 denoting 8 written octets and 7 - one.
+ */
+static size_t asn1_put_uint64(unsigned char b[sizeof(uint64_t)], uint64_t r)
+{
+    size_t off = sizeof(uint64_t);
+
+    do {
+        b[--off] = (unsigned char)r;
+    } while (r >>= 8);
+
+    return off;
 }
 
-/* Convert just ASN1 INTEGER content octets to ASN1_INTEGER structure */
+/*
+ * Absolute value of INT64_MIN: we can't just use -INT64_MIN as gcc produces
+ * overflow warnings.
+ */
+#define ABS_INT64_MIN ((uint64_t)INT64_MAX + (-(INT64_MIN + INT64_MAX)))
 
+/* signed version of asn1_get_uint64 */
+static int asn1_get_int64(int64_t *pr, const unsigned char *b, size_t blen,
+                          int neg)
+{
+    uint64_t r;
+    if (asn1_get_uint64(&r, b, blen) == 0)
+        return 0;
+    if (neg) {
+        if (r <= INT64_MAX) {
+            /* Most significant bit is guaranteed to be clear, negation
+             * is guaranteed to be meaningful in platform-neutral sense. */
+            *pr = -(int64_t)r;
+        } else if (r == ABS_INT64_MIN) {
+            /* This never happens if INT64_MAX == ABS_INT64_MIN, e.g.
+             * on ones'-complement system. */
+            *pr = (int64_t)(0 - r);
+        } else {
+            ASN1err(ASN1_F_ASN1_GET_INT64, ASN1_R_TOO_SMALL);
+            return 0;
+        }
+    } else {
+        if (r <= INT64_MAX) {
+            *pr = (int64_t)r;
+        } else {
+            ASN1err(ASN1_F_ASN1_GET_INT64, ASN1_R_TOO_LARGE);
+            return 0;
+        }
+    }
+    return 1;
+}
+
+/* Convert ASN1 INTEGER content octets to ASN1_INTEGER structure */
 ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
                                long len)
 {
     ASN1_INTEGER *ret = NULL;
-    const unsigned char *p, *pend;
-    unsigned char *to, *s;
-    int i;
+    size_t r;
+    int neg;
+
+    r = c2i_ibuf(NULL, NULL, *pp, len);
+
+    if (r == 0)
+        return NULL;
 
     if ((a == NULL) || ((*a) == NULL)) {
-        if ((ret = M_ASN1_INTEGER_new()) == NULL)
-            return (NULL);
+        ret = ASN1_INTEGER_new();
+        if (ret == NULL)
+            return NULL;
         ret->type = V_ASN1_INTEGER;
     } else
-        ret = (*a);
-
-    p = *pp;
-    pend = p + len;
+        ret = *a;
 
-    /*
-     * We must OPENSSL_malloc stuff, even for 0 bytes otherwise it signifies
-     * a missing NULL parameter.
-     */
-    s = (unsigned char *)OPENSSL_malloc((int)len + 1);
-    if (s == NULL) {
-        i = ERR_R_MALLOC_FAILURE;
+    if (ASN1_STRING_set(ret, NULL, r) == 0)
         goto err;
-    }
-    to = s;
-    if (!len) {
-        /*
-         * Strictly speaking this is an illegal INTEGER but we tolerate it.
-         */
-        ret->type = V_ASN1_INTEGER;
-    } else if (*p & 0x80) {     /* a negative number */
-        ret->type = V_ASN1_NEG_INTEGER;
-        if ((*p == 0xff) && (len != 1)) {
-            p++;
-            len--;
-        }
-        i = len;
-        p += i - 1;
-        to += i - 1;
-        while ((!*p) && i) {
-            *(to--) = 0;
-            i--;
-            p--;
-        }
-        /*
-         * Special case: if all zeros then the number will be of the form FF
-         * followed by n zero bytes: this corresponds to 1 followed by n zero
-         * bytes. We've already written n zeros so we just append an extra
-         * one and set the first byte to a 1. This is treated separately
-         * because it is the only case where the number of bytes is larger
-         * than len.
-         */
-        if (!i) {
-            *s = 1;
-            s[len] = 0;
-            len++;
-        } else {
-            *(to--) = (*(p--) ^ 0xff) + 1;
-            i--;
-            for (; i > 0; i--)
-                *(to--) = *(p--) ^ 0xff;
-        }
-    } else {
-        ret->type = V_ASN1_INTEGER;
-        if ((*p == 0) && (len != 1)) {
-            p++;
-            len--;
-        }
-        memcpy(s, p, (int)len);
-    }
 
-    if (ret->data != NULL)
-        OPENSSL_free(ret->data);
-    ret->data = s;
-    ret->length = (int)len;
+    c2i_ibuf(ret->data, &neg, *pp, len);
+
+    if (neg)
+        ret->type |= V_ASN1_NEG;
+
+    *pp += len;
     if (a != NULL)
         (*a) = ret;
-    *pp = pend;
-    return (ret);
+    return ret;
  err:
-    ASN1err(ASN1_F_C2I_ASN1_INTEGER, i);
-    if ((ret != NULL) && ((a == NULL) || (*a != ret)))
-        M_ASN1_INTEGER_free(ret);
-    return (NULL);
+    ASN1err(ASN1_F_C2I_ASN1_INTEGER, ERR_R_MALLOC_FAILURE);
+    if ((a == NULL) || (*a != ret))
+        ASN1_INTEGER_free(ret);
+    return NULL;
+}
+
+static int asn1_string_get_int64(int64_t *pr, const ASN1_STRING *a, int itype)
+{
+    if (a == NULL) {
+        ASN1err(ASN1_F_ASN1_STRING_GET_INT64, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if ((a->type & ~V_ASN1_NEG) != itype) {
+        ASN1err(ASN1_F_ASN1_STRING_GET_INT64, ASN1_R_WRONG_INTEGER_TYPE);
+        return 0;
+    }
+    return asn1_get_int64(pr, a->data, a->length, a->type & V_ASN1_NEG);
+}
+
+static int asn1_string_set_int64(ASN1_STRING *a, int64_t r, int itype)
+{
+    unsigned char tbuf[sizeof(r)];
+    size_t off;
+
+    a->type = itype;
+    if (r < 0) {
+        /* Most obvious '-r' triggers undefined behaviour for most
+         * common INT64_MIN. Even though below '0 - (uint64_t)r' can
+         * appear two's-complement centric, it does produce correct/
+         * expected result even on one's-complement. This is because
+         * cast to unsigned has to change bit pattern... */
+        off = asn1_put_uint64(tbuf, 0 - (uint64_t)r);
+        a->type |= V_ASN1_NEG;
+    } else {
+        off = asn1_put_uint64(tbuf, r);
+        a->type &= ~V_ASN1_NEG;
+    }
+    return ASN1_STRING_set(a, tbuf + off, sizeof(tbuf) - off);
+}
+
+static int asn1_string_get_uint64(uint64_t *pr, const ASN1_STRING *a,
+                                  int itype)
+{
+    if (a == NULL) {
+        ASN1err(ASN1_F_ASN1_STRING_GET_UINT64, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if ((a->type & ~V_ASN1_NEG) != itype) {
+        ASN1err(ASN1_F_ASN1_STRING_GET_UINT64, ASN1_R_WRONG_INTEGER_TYPE);
+        return 0;
+    }
+    if (a->type & V_ASN1_NEG) {
+        ASN1err(ASN1_F_ASN1_STRING_GET_UINT64, ASN1_R_ILLEGAL_NEGATIVE_VALUE);
+        return 0;
+    }
+    return asn1_get_uint64(pr, a->data, a->length);
+}
+
+static int asn1_string_set_uint64(ASN1_STRING *a, uint64_t r, int itype)
+{
+    unsigned char tbuf[sizeof(r)];
+    size_t off;
+
+    a->type = itype;
+    off = asn1_put_uint64(tbuf, r);
+    return ASN1_STRING_set(a, tbuf + off, sizeof(tbuf) - off);
 }
 
 /*
@@ -291,8 +397,8 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
     int i;
 
     if ((a == NULL) || ((*a) == NULL)) {
-        if ((ret = M_ASN1_INTEGER_new()) == NULL)
-            return (NULL);
+        if ((ret = ASN1_INTEGER_new()) == NULL)
+            return NULL;
         ret->type = V_ASN1_INTEGER;
     } else
         ret = (*a);
@@ -313,7 +419,7 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
      * We must OPENSSL_malloc stuff, even for 0 bytes otherwise it signifies
      * a missing NULL parameter.
      */
-    s = (unsigned char *)OPENSSL_malloc((int)len + 1);
+    s = OPENSSL_malloc((int)len + 1);
     if (s == NULL) {
         i = ERR_R_MALLOC_FAILURE;
         goto err;
@@ -328,139 +434,199 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
         p += len;
     }
 
-    if (ret->data != NULL)
-        OPENSSL_free(ret->data);
+    OPENSSL_free(ret->data);
     ret->data = s;
     ret->length = (int)len;
     if (a != NULL)
         (*a) = ret;
     *pp = p;
-    return (ret);
+    return ret;
  err:
     ASN1err(ASN1_F_D2I_ASN1_UINTEGER, i);
-    if ((ret != NULL) && ((a == NULL) || (*a != ret)))
-        M_ASN1_INTEGER_free(ret);
-    return (NULL);
+    if ((a == NULL) || (*a != ret))
+        ASN1_INTEGER_free(ret);
+    return NULL;
 }
 
-int ASN1_INTEGER_set(ASN1_INTEGER *a, long v)
+static ASN1_STRING *bn_to_asn1_string(const BIGNUM *bn, ASN1_STRING *ai,
+                                      int atype)
 {
-    int j, k;
-    unsigned int i;
-    unsigned char buf[sizeof(long) + 1];
-    long d;
-
-    a->type = V_ASN1_INTEGER;
-    if (a->length < (int)(sizeof(long) + 1)) {
-        if (a->data != NULL)
-            OPENSSL_free(a->data);
-        if ((a->data =
-             (unsigned char *)OPENSSL_malloc(sizeof(long) + 1)) != NULL)
-            memset((char *)a->data, 0, sizeof(long) + 1);
+    ASN1_INTEGER *ret;
+    int len;
+
+    if (ai == NULL) {
+        ret = ASN1_STRING_type_new(atype);
+    } else {
+        ret = ai;
+        ret->type = atype;
     }
-    if (a->data == NULL) {
-        ASN1err(ASN1_F_ASN1_INTEGER_SET, ERR_R_MALLOC_FAILURE);
-        return (0);
+
+    if (ret == NULL) {
+        ASN1err(ASN1_F_BN_TO_ASN1_STRING, ERR_R_NESTED_ASN1_ERROR);
+        goto err;
+    }
+
+    if (BN_is_negative(bn) && !BN_is_zero(bn))
+        ret->type |= V_ASN1_NEG_INTEGER;
+
+    len = BN_num_bytes(bn);
+
+    if (len == 0)
+        len = 1;
+
+    if (ASN1_STRING_set(ret, NULL, len) == 0) {
+        ASN1err(ASN1_F_BN_TO_ASN1_STRING, ERR_R_MALLOC_FAILURE);
+        goto err;
     }
-    d = v;
-    if (d < 0) {
-        d = -d;
-        a->type = V_ASN1_NEG_INTEGER;
+
+    /* Correct zero case */
+    if (BN_is_zero(bn))
+        ret->data[0] = 0;
+    else
+        len = BN_bn2bin(bn, ret->data);
+    ret->length = len;
+    return ret;
+ err:
+    if (ret != ai)
+        ASN1_INTEGER_free(ret);
+    return NULL;
+}
+
+static BIGNUM *asn1_string_to_bn(const ASN1_INTEGER *ai, BIGNUM *bn,
+                                 int itype)
+{
+    BIGNUM *ret;
+
+    if ((ai->type & ~V_ASN1_NEG) != itype) {
+        ASN1err(ASN1_F_ASN1_STRING_TO_BN, ASN1_R_WRONG_INTEGER_TYPE);
+        return NULL;
     }
 
-    for (i = 0; i < sizeof(long); i++) {
-        if (d == 0)
-            break;
-        buf[i] = (int)d & 0xff;
-        d >>= 8;
+    ret = BN_bin2bn(ai->data, ai->length, bn);
+    if (ret == NULL) {
+        ASN1err(ASN1_F_ASN1_STRING_TO_BN, ASN1_R_BN_LIB);
+        return NULL;
     }
-    j = 0;
-    for (k = i - 1; k >= 0; k--)
-        a->data[j++] = buf[k];
-    a->length = j;
-    return (1);
+    if (ai->type & V_ASN1_NEG)
+        BN_set_negative(ret, 1);
+    return ret;
 }
 
-long ASN1_INTEGER_get(const ASN1_INTEGER *a)
+int ASN1_INTEGER_get_int64(int64_t *pr, const ASN1_INTEGER *a)
 {
-    int neg = 0, i;
-    long r = 0;
+    return asn1_string_get_int64(pr, a, V_ASN1_INTEGER);
+}
+
+int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r)
+{
+    return asn1_string_set_int64(a, r, V_ASN1_INTEGER);
+}
 
+int ASN1_INTEGER_get_uint64(uint64_t *pr, const ASN1_INTEGER *a)
+{
+    return asn1_string_get_uint64(pr, a, V_ASN1_INTEGER);
+}
+
+int ASN1_INTEGER_set_uint64(ASN1_INTEGER *a, uint64_t r)
+{
+    return asn1_string_set_uint64(a, r, V_ASN1_INTEGER);
+}
+
+int ASN1_INTEGER_set(ASN1_INTEGER *a, long v)
+{
+    return ASN1_INTEGER_set_int64(a, v);
+}
+
+long ASN1_INTEGER_get(const ASN1_INTEGER *a)
+{
+    int i;
+    int64_t r;
     if (a == NULL)
-        return (0L);
-    i = a->type;
-    if (i == V_ASN1_NEG_INTEGER)
-        neg = 1;
-    else if (i != V_ASN1_INTEGER)
+        return 0;
+    i = ASN1_INTEGER_get_int64(&r, a);
+    if (i == 0)
         return -1;
-
-    if (a->length > (int)sizeof(long)) {
-        /* hmm... a bit ugly, return all ones */
+    if (r > LONG_MAX || r < LONG_MIN)
         return -1;
-    }
-    if (a->data == NULL)
+    return (long)r;
+}
+
+ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai)
+{
+    return bn_to_asn1_string(bn, ai, V_ASN1_INTEGER);
+}
+
+BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn)
+{
+    return asn1_string_to_bn(ai, bn, V_ASN1_INTEGER);
+}
+
+int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_ENUMERATED *a)
+{
+    return asn1_string_get_int64(pr, a, V_ASN1_ENUMERATED);
+}
+
+int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t r)
+{
+    return asn1_string_set_int64(a, r, V_ASN1_ENUMERATED);
+}
+
+int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)
+{
+    return ASN1_ENUMERATED_set_int64(a, v);
+}
+
+long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a)
+{
+    int i;
+    int64_t r;
+    if (a == NULL)
         return 0;
+    if ((a->type & ~V_ASN1_NEG) != V_ASN1_ENUMERATED)
+        return -1;
+    if (a->length > (int)sizeof(long))
+        return 0xffffffffL;
+    i = ASN1_ENUMERATED_get_int64(&r, a);
+    if (i == 0)
+        return -1;
+    if (r > LONG_MAX || r < LONG_MIN)
+        return -1;
+    return (long)r;
+}
 
-    for (i = 0; i < a->length; i++) {
-        r <<= 8;
-        r |= (unsigned char)a->data[i];
-    }
-    if (neg)
-        r = -r;
-    return (r);
+ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai)
+{
+    return bn_to_asn1_string(bn, ai, V_ASN1_ENUMERATED);
 }
 
-ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai)
+BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, BIGNUM *bn)
 {
-    ASN1_INTEGER *ret;
-    int len, j;
+    return asn1_string_to_bn(ai, bn, V_ASN1_ENUMERATED);
+}
 
-    if (ai == NULL)
-        ret = M_ASN1_INTEGER_new();
-    else
-        ret = ai;
-    if (ret == NULL) {
-        ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_NESTED_ASN1_ERROR);
-        goto err;
-    }
-    if (BN_is_negative(bn) && !BN_is_zero(bn))
-        ret->type = V_ASN1_NEG_INTEGER;
-    else
-        ret->type = V_ASN1_INTEGER;
-    j = BN_num_bits(bn);
-    len = ((j == 0) ? 0 : ((j / 8) + 1));
-    if (ret->length < len + 4) {
-        unsigned char *new_data = OPENSSL_realloc(ret->data, len + 4);
-        if (!new_data) {
-            ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-        ret->data = new_data;
-    }
-    ret->length = BN_bn2bin(bn, ret->data);
-    /* Correct zero case */
-    if (!ret->length) {
-        ret->data[0] = 0;
-        ret->length = 1;
+/* Internal functions used by x_int64.c */
+int c2i_uint64_int(uint64_t *ret, int *neg, const unsigned char **pp, long len)
+{
+    unsigned char buf[sizeof(uint64_t)];
+    size_t buflen;
+
+    buflen = c2i_ibuf(NULL, NULL, *pp, len);
+    if (buflen == 0)
+        return 0;
+    if (buflen > sizeof(uint64_t)) {
+        ASN1err(ASN1_F_C2I_UINT64_INT, ASN1_R_TOO_LARGE);
+        return 0;
     }
-    return (ret);
- err:
-    if (ret != ai)
-        M_ASN1_INTEGER_free(ret);
-    return (NULL);
+    (void)c2i_ibuf(buf, neg, *pp, len);
+    return asn1_get_uint64(ret, buf, buflen);
 }
 
-BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn)
+int i2c_uint64_int(unsigned char *p, uint64_t r, int neg)
 {
-    BIGNUM *ret;
+    unsigned char buf[sizeof(uint64_t)];
+    size_t off;
 
-    if ((ret = BN_bin2bn(ai->data, ai->length, bn)) == NULL)
-        ASN1err(ASN1_F_ASN1_INTEGER_TO_BN, ASN1_R_BN_LIB);
-    else if (ai->type == V_ASN1_NEG_INTEGER)
-        BN_set_negative(ret, 1);
-    return (ret);
+    off = asn1_put_uint64(buf, r);
+    return i2c_ibuf(buf + off, sizeof(buf) - off, neg, &p);
 }
 
-IMPLEMENT_STACK_OF(ASN1_INTEGER)
-
-IMPLEMENT_ASN1_SET_OF(ASN1_INTEGER)
diff --git a/freebsd/crypto/openssl/crypto/asn1/a_mbstr.c b/freebsd/crypto/openssl/crypto/asn1/a_mbstr.c
index a00ae090..40605e40 100644
--- a/freebsd/crypto/openssl/crypto/asn1/a_mbstr.c
+++ b/freebsd/crypto/openssl/crypto/asn1/a_mbstr.c
@@ -1,67 +1,17 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* a_mbstr.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include <ctype.h>
-#include "cryptlib.h"
+#include "internal/ctype.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1.h>
 
 static int traverse_string(const unsigned char *p, int len, int inform,
@@ -74,13 +24,12 @@ static int cpy_asc(unsigned long value, void *arg);
 static int cpy_bmp(unsigned long value, void *arg);
 static int cpy_univ(unsigned long value, void *arg);
 static int cpy_utf8(unsigned long value, void *arg);
-static int is_printable(unsigned long value);
 
 /*
  * These functions take a string in UTF8, ASCII or multibyte form and a mask
  * of permissible ASN1 string types. It then works out the minimal type
- * (using the order Printable < IA5 < T61 < BMP < Universal < UTF8) and
- * creates a string of the correct type with the supplied data. Yes this is
+ * (using the order Numeric < Printable < IA5 < T61 < BMP < Universal < UTF8)
+ * and creates a string of the correct type with the supplied data. Yes this is
  * horrible: it has to be :-( The 'ncopy' form checks minimum and maximum
  * size limits too.
  */
@@ -171,7 +120,9 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
 
     /* Now work out output format and string type */
     outform = MBSTRING_ASC;
-    if (mask & B_ASN1_PRINTABLESTRING)
+    if (mask & B_ASN1_NUMERICSTRING)
+        str_type = V_ASN1_NUMERICSTRING;
+    else if (mask & B_ASN1_PRINTABLESTRING)
         str_type = V_ASN1_PRINTABLESTRING;
     else if (mask & B_ASN1_IA5STRING)
         str_type = V_ASN1_IA5STRING;
@@ -192,16 +143,14 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
     if (*out) {
         free_out = 0;
         dest = *out;
-        if (dest->data) {
-            dest->length = 0;
-            OPENSSL_free(dest->data);
-            dest->data = NULL;
-        }
+        OPENSSL_free(dest->data);
+        dest->data = NULL;
+        dest->length = 0;
         dest->type = str_type;
     } else {
         free_out = 1;
         dest = ASN1_STRING_type_new(str_type);
-        if (!dest) {
+        if (dest == NULL) {
             ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE);
             return -1;
         }
@@ -239,7 +188,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
         cpyfunc = cpy_utf8;
         break;
     }
-    if (!(p = OPENSSL_malloc(outlen + 1))) {
+    if ((p = OPENSSL_malloc(outlen + 1)) == NULL) {
         if (free_out)
             ASN1_STRING_free(dest);
         ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE);
@@ -322,11 +271,15 @@ static int out_utf8(unsigned long value, void *arg)
 
 static int type_str(unsigned long value, void *arg)
 {
-    unsigned long types;
-    types = *((unsigned long *)arg);
-    if ((types & B_ASN1_PRINTABLESTRING) && !is_printable(value))
+    unsigned long types = *((unsigned long *)arg);
+    const int native = value > INT_MAX ? INT_MAX : ossl_fromascii(value);
+
+    if ((types & B_ASN1_NUMERICSTRING) && !(ossl_isdigit(native)
+                                            || native == ' '))
+        types &= ~B_ASN1_NUMERICSTRING;
+    if ((types & B_ASN1_PRINTABLESTRING) && !ossl_isasn1print(native))
         types &= ~B_ASN1_PRINTABLESTRING;
-    if ((types & B_ASN1_IA5STRING) && (value > 127))
+    if ((types & B_ASN1_IA5STRING) && !ossl_isascii(native))
         types &= ~B_ASN1_IA5STRING;
     if ((types & B_ASN1_T61STRING) && (value > 0xff))
         types &= ~B_ASN1_T61STRING;
@@ -390,36 +343,3 @@ static int cpy_utf8(unsigned long value, void *arg)
     *p += ret;
     return 1;
 }
-
-/* Return 1 if the character is permitted in a PrintableString */
-static int is_printable(unsigned long value)
-{
-    int ch;
-    if (value > 0x7f)
-        return 0;
-    ch = (int)value;
-    /*
-     * Note: we can't use 'isalnum' because certain accented characters may
-     * count as alphanumeric in some environments.
-     */
-#ifndef CHARSET_EBCDIC
-    if ((ch >= 'a') && (ch <= 'z'))
-        return 1;
-    if ((ch >= 'A') && (ch <= 'Z'))
-        return 1;
-    if ((ch >= '0') && (ch <= '9'))
-        return 1;
-    if ((ch == ' ') || strchr("'()+,-./:=?", ch))
-        return 1;
-#else                           /* CHARSET_EBCDIC */
-    if ((ch >= os_toascii['a']) && (ch <= os_toascii['z']))
-        return 1;
-    if ((ch >= os_toascii['A']) && (ch <= os_toascii['Z']))
-        return 1;
-    if ((ch >= os_toascii['0']) && (ch <= os_toascii['9']))
-        return 1;
-    if ((ch == os_toascii[' ']) || strchr("'()+,-./:=?", os_toebcdic[ch]))
-        return 1;
-#endif                          /* CHARSET_EBCDIC */
-    return 0;
-}
diff --git a/freebsd/crypto/openssl/crypto/asn1/a_object.c b/freebsd/crypto/openssl/crypto/asn1/a_object.c
index 0e30de2f..539cc2ce 100644
--- a/freebsd/crypto/openssl/crypto/asn1/a_object.c
+++ b/freebsd/crypto/openssl/crypto/asn1/a_object.c
@@ -1,78 +1,32 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/asn1/a_object.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <limits.h>
-#include "cryptlib.h"
+#include "internal/ctype.h"
+#include "internal/cryptlib.h"
 #include <openssl/buffer.h>
 #include <openssl/asn1.h>
 #include <openssl/objects.h>
 #include <openssl/bn.h>
+#include "internal/asn1_int.h"
+#include "asn1_locl.h"
 
-int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
+int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp)
 {
     unsigned char *p, *allocated = NULL;
     int objsize;
 
     if ((a == NULL) || (a->data == NULL))
-        return (0);
+        return 0;
 
     objsize = ASN1_object_size(0, a->length, V_ASN1_OBJECT);
     if (pp == NULL || objsize == -1)
@@ -108,7 +62,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
     BIGNUM *bl = NULL;
 
     if (num == 0)
-        return (0);
+        return 0;
     else if (num == -1)
         num = strlen(buf);
 
@@ -144,15 +98,15 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
             c = *(p++);
             if ((c == ' ') || (c == '.'))
                 break;
-            if ((c < '0') || (c > '9')) {
+            if (!ossl_isdigit(c)) {
                 ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_INVALID_DIGIT);
                 goto err;
             }
             if (!use_bn && l >= ((ULONG_MAX - 80) / 10L)) {
                 use_bn = 1;
-                if (!bl)
+                if (bl == NULL)
                     bl = BN_new();
-                if (!bl || !BN_set_word(bl, l))
+                if (bl == NULL || !BN_set_word(bl, l))
                     goto err;
             }
             if (use_bn) {
@@ -184,7 +138,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
                     OPENSSL_free(tmp);
                 tmpsize = blsize + 32;
                 tmp = OPENSSL_malloc(tmpsize);
-                if (!tmp)
+                if (tmp == NULL)
                     goto err;
             }
             while (blsize--) {
@@ -216,42 +170,44 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
     }
     if (tmp != ftmp)
         OPENSSL_free(tmp);
-    if (bl)
-        BN_free(bl);
-    return (len);
+    BN_free(bl);
+    return len;
  err:
     if (tmp != ftmp)
         OPENSSL_free(tmp);
-    if (bl)
-        BN_free(bl);
-    return (0);
+    BN_free(bl);
+    return 0;
 }
 
-int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a)
+int i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a)
 {
     return OBJ_obj2txt(buf, buf_len, a, 0);
 }
 
-int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a)
+int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a)
 {
     char buf[80], *p = buf;
     int i;
 
     if ((a == NULL) || (a->data == NULL))
-        return (BIO_write(bp, "NULL", 4));
+        return BIO_write(bp, "NULL", 4);
     i = i2t_ASN1_OBJECT(buf, sizeof(buf), a);
     if (i > (int)(sizeof(buf) - 1)) {
-        p = OPENSSL_malloc(i + 1);
-        if (!p)
+        if ((p = OPENSSL_malloc(i + 1)) == NULL) {
+            ASN1err(ASN1_F_I2A_ASN1_OBJECT, ERR_R_MALLOC_FAILURE);
             return -1;
+        }
         i2t_ASN1_OBJECT(p, i + 1, a);
     }
-    if (i <= 0)
-        return BIO_write(bp, "<INVALID>", 9);
+    if (i <= 0) {
+        i = BIO_write(bp, "<INVALID>", 9);
+        i += BIO_dump(bp, (const char *)a->data, a->length);
+        return i;
+    }
     BIO_write(bp, p, i);
     if (p != buf)
         OPENSSL_free(p);
-    return (i);
+    return i;
 }
 
 ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
@@ -279,13 +235,13 @@ ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
     return ret;
  err:
     ASN1err(ASN1_F_D2I_ASN1_OBJECT, i);
-    return (NULL);
+    return NULL;
 }
 
 ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
                              long len)
 {
-    ASN1_OBJECT *ret = NULL;
+    ASN1_OBJECT *ret = NULL, tobj;
     const unsigned char *p;
     unsigned char *data;
     int i, length;
@@ -302,6 +258,29 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
     }
     /* Now 0 < len <= INT_MAX, so the cast is safe. */
     length = (int)len;
+    /*
+     * Try to lookup OID in table: these are all valid encodings so if we get
+     * a match we know the OID is valid.
+     */
+    tobj.nid = NID_undef;
+    tobj.data = p;
+    tobj.length = length;
+    tobj.flags = 0;
+    i = OBJ_obj2nid(&tobj);
+    if (i != NID_undef) {
+        /*
+         * Return shared registered OID object: this improves efficiency
+         * because we don't have to return a dynamically allocated OID
+         * and NID lookups can use the cached value.
+         */
+        ret = OBJ_nid2obj(i);
+        if (a) {
+            ASN1_OBJECT_free(*a);
+            *a = ret;
+        }
+        *pp += len;
+        return ret;
+    }
     for (i = 0; i < length; i++, p++) {
         if (*p == 0x80 && (!i || !(p[-1] & 0x80))) {
             ASN1err(ASN1_F_C2I_ASN1_OBJECT, ASN1_R_INVALID_OBJECT_ENCODING);
@@ -316,7 +295,7 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
     if ((a == NULL) || ((*a) == NULL) ||
         !((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC)) {
         if ((ret = ASN1_OBJECT_new()) == NULL)
-            return (NULL);
+            return NULL;
     } else
         ret = (*a);
 
@@ -327,9 +306,8 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
     /* once detached we can change it */
     if ((data == NULL) || (ret->length < length)) {
         ret->length = 0;
-        if (data != NULL)
-            OPENSSL_free(data);
-        data = (unsigned char *)OPENSSL_malloc(length);
+        OPENSSL_free(data);
+        data = OPENSSL_malloc(length);
         if (data == NULL) {
             i = ERR_R_MALLOC_FAILURE;
             goto err;
@@ -348,30 +326,25 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
     if (a != NULL)
         (*a) = ret;
     *pp = p;
-    return (ret);
+    return ret;
  err:
     ASN1err(ASN1_F_C2I_ASN1_OBJECT, i);
-    if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+    if ((a == NULL) || (*a != ret))
         ASN1_OBJECT_free(ret);
-    return (NULL);
+    return NULL;
 }
 
 ASN1_OBJECT *ASN1_OBJECT_new(void)
 {
     ASN1_OBJECT *ret;
 
-    ret = (ASN1_OBJECT *)OPENSSL_malloc(sizeof(ASN1_OBJECT));
+    ret = OPENSSL_zalloc(sizeof(*ret));
     if (ret == NULL) {
         ASN1err(ASN1_F_ASN1_OBJECT_NEW, ERR_R_MALLOC_FAILURE);
-        return (NULL);
+        return NULL;
     }
-    ret->length = 0;
-    ret->data = NULL;
-    ret->nid = 0;
-    ret->sn = NULL;
-    ret->ln = NULL;
     ret->flags = ASN1_OBJECT_FLAG_DYNAMIC;
-    return (ret);
+    return ret;
 }
 
 void ASN1_OBJECT_free(ASN1_OBJECT *a)
@@ -382,16 +355,13 @@ void ASN1_OBJECT_free(ASN1_OBJECT *a)
 #ifndef CONST_STRICT            /* disable purely for compile-time strict
                                  * const checking. Doing this on a "real"
                                  * compile will cause memory leaks */
-        if (a->sn != NULL)
-            OPENSSL_free((void *)a->sn);
-        if (a->ln != NULL)
-            OPENSSL_free((void *)a->ln);
+        OPENSSL_free((void*)a->sn);
+        OPENSSL_free((void*)a->ln);
 #endif
         a->sn = a->ln = NULL;
     }
     if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA) {
-        if (a->data != NULL)
-            OPENSSL_free((void *)a->data);
+        OPENSSL_free((void*)a->data);
         a->data = NULL;
         a->length = 0;
     }
@@ -411,9 +381,5 @@ ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len,
     o.length = len;
     o.flags = ASN1_OBJECT_FLAG_DYNAMIC | ASN1_OBJECT_FLAG_DYNAMIC_STRINGS |
         ASN1_OBJECT_FLAG_DYNAMIC_DATA;
-    return (OBJ_dup(&o));
+    return OBJ_dup(&o);
 }
-
-IMPLEMENT_STACK_OF(ASN1_OBJECT)
-
-IMPLEMENT_ASN1_SET_OF(ASN1_OBJECT)
diff --git a/freebsd/crypto/openssl/crypto/asn1/a_octet.c b/freebsd/crypto/openssl/crypto/asn1/a_octet.c
index 5082eaf3..742a1ada 100644
--- a/freebsd/crypto/openssl/crypto/asn1/a_octet.c
+++ b/freebsd/crypto/openssl/crypto/asn1/a_octet.c
@@ -1,80 +1,31 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/asn1/a_octet.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1.h>
 
 ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *x)
 {
-    return M_ASN1_OCTET_STRING_dup(x);
+    return ASN1_STRING_dup(x);
 }
 
 int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a,
                           const ASN1_OCTET_STRING *b)
 {
-    return M_ASN1_OCTET_STRING_cmp(a, b);
+    return ASN1_STRING_cmp(a, b);
 }
 
 int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, const unsigned char *d,
                           int len)
 {
-    return M_ASN1_OCTET_STRING_set(x, d, len);
+    return ASN1_STRING_set(x, d, len);
 }
diff --git a/freebsd/crypto/openssl/crypto/asn1/a_print.c b/freebsd/crypto/openssl/crypto/asn1/a_print.c
index 3a39cb57..a4a32e2b 100644
--- a/freebsd/crypto/openssl/crypto/asn1/a_print.c
+++ b/freebsd/crypto/openssl/crypto/asn1/a_print.c
@@ -1,65 +1,17 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/asn1/a_print.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/ctype.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1.h>
 
 int ASN1_PRINTABLE_type(const unsigned char *s, int len)
@@ -71,35 +23,20 @@ int ASN1_PRINTABLE_type(const unsigned char *s, int len)
     if (len <= 0)
         len = -1;
     if (s == NULL)
-        return (V_ASN1_PRINTABLESTRING);
+        return V_ASN1_PRINTABLESTRING;
 
     while ((*s) && (len-- != 0)) {
         c = *(s++);
-#ifndef CHARSET_EBCDIC
-        if (!(((c >= 'a') && (c <= 'z')) ||
-              ((c >= 'A') && (c <= 'Z')) ||
-              (c == ' ') ||
-              ((c >= '0') && (c <= '9')) ||
-              (c == ' ') || (c == '\'') ||
-              (c == '(') || (c == ')') ||
-              (c == '+') || (c == ',') ||
-              (c == '-') || (c == '.') ||
-              (c == '/') || (c == ':') || (c == '=') || (c == '?')))
-            ia5 = 1;
-        if (c & 0x80)
-            t61 = 1;
-#else
-        if (!isalnum(c) && (c != ' ') && strchr("'()+,-./:=?", c) == NULL)
+        if (!ossl_isasn1print(c))
             ia5 = 1;
-        if (os_toascii[c] & 0x80)
+        if (!ossl_isascii(c))
             t61 = 1;
-#endif
     }
     if (t61)
-        return (V_ASN1_T61STRING);
+        return V_ASN1_T61STRING;
     if (ia5)
-        return (V_ASN1_IA5STRING);
-    return (V_ASN1_PRINTABLESTRING);
+        return V_ASN1_IA5STRING;
+    return V_ASN1_PRINTABLESTRING;
 }
 
 int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s)
@@ -108,9 +45,9 @@ int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s)
     unsigned char *p;
 
     if (s->type != V_ASN1_UNIVERSALSTRING)
-        return (0);
+        return 0;
     if ((s->length % 4) != 0)
-        return (0);
+        return 0;
     p = s->data;
     for (i = 0; i < s->length; i += 4) {
         if ((p[0] != '\0') || (p[1] != '\0') || (p[2] != '\0'))
@@ -119,7 +56,7 @@ int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s)
             p += 4;
     }
     if (i < s->length)
-        return (0);
+        return 0;
     p = s->data;
     for (i = 3; i < s->length; i += 4) {
         *(p++) = s->data[i];
@@ -127,5 +64,34 @@ int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s)
     *(p) = '\0';
     s->length /= 4;
     s->type = ASN1_PRINTABLE_type(s->data, s->length);
-    return (1);
+    return 1;
+}
+
+int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v)
+{
+    int i, n;
+    char buf[80];
+    const char *p;
+
+    if (v == NULL)
+        return 0;
+    n = 0;
+    p = (const char *)v->data;
+    for (i = 0; i < v->length; i++) {
+        if ((p[i] > '~') || ((p[i] < ' ') &&
+                             (p[i] != '\n') && (p[i] != '\r')))
+            buf[n] = '.';
+        else
+            buf[n] = p[i];
+        n++;
+        if (n >= 80) {
+            if (BIO_write(bp, buf, n) <= 0)
+                return 0;
+            n = 0;
+        }
+    }
+    if (n > 0)
+        if (BIO_write(bp, buf, n) <= 0)
+            return 0;
+    return 1;
 }
diff --git a/freebsd/crypto/openssl/crypto/asn1/a_set.c b/freebsd/crypto/openssl/crypto/asn1/a_set.c
deleted file mode 100644
index 5b88cb1e..00000000
--- a/freebsd/crypto/openssl/crypto/asn1/a_set.c
+++ /dev/null
@@ -1,245 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/asn1/a_set.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <limits.h>
-#include "cryptlib.h"
-#include <openssl/asn1_mac.h>
-
-#ifndef NO_ASN1_OLD
-
-typedef struct {
-    unsigned char *pbData;
-    int cbData;
-} MYBLOB;
-
-/*
- * SetBlobCmp This function compares two elements of SET_OF block
- */
-static int SetBlobCmp(const void *elem1, const void *elem2)
-{
-    const MYBLOB *b1 = (const MYBLOB *)elem1;
-    const MYBLOB *b2 = (const MYBLOB *)elem2;
-    int r;
-
-    r = memcmp(b1->pbData, b2->pbData,
-               b1->cbData < b2->cbData ? b1->cbData : b2->cbData);
-    if (r != 0)
-        return r;
-    return b1->cbData - b2->cbData;
-}
-
-/*
- * int is_set: if TRUE, then sort the contents (i.e. it isn't a SEQUENCE)
- */
-int i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp,
-                 i2d_of_void *i2d, int ex_tag, int ex_class, int is_set)
-{
-    int ret = 0, r;
-    int i;
-    unsigned char *p;
-    unsigned char *pStart, *pTempMem;
-    MYBLOB *rgSetBlob;
-    int totSize;
-
-    if (a == NULL)
-        return (0);
-    for (i = sk_OPENSSL_BLOCK_num(a) - 1; i >= 0; i--) {
-        int tmplen = i2d(sk_OPENSSL_BLOCK_value(a, i), NULL);
-        if (tmplen > INT_MAX - ret)
-            return -1;
-        ret += i2d(sk_OPENSSL_BLOCK_value(a, i), NULL);
-    }
-    r = ASN1_object_size(1, ret, ex_tag);
-    if (pp == NULL || r == -1)
-        return (r);
-
-    p = *pp;
-    ASN1_put_object(&p, 1, ret, ex_tag, ex_class);
-
-/* Modified by gp@nsj.co.jp */
-    /* And then again by Ben */
-    /* And again by Steve */
-
-    if (!is_set || (sk_OPENSSL_BLOCK_num(a) < 2)) {
-        for (i = 0; i < sk_OPENSSL_BLOCK_num(a); i++)
-            i2d(sk_OPENSSL_BLOCK_value(a, i), &p);
-
-        *pp = p;
-        return (r);
-    }
-
-    pStart = p;                 /* Catch the beg of Setblobs */
-    /* In this array we will store the SET blobs */
-    rgSetBlob = OPENSSL_malloc(sk_OPENSSL_BLOCK_num(a) * sizeof(MYBLOB));
-    if (rgSetBlob == NULL) {
-        ASN1err(ASN1_F_I2D_ASN1_SET, ERR_R_MALLOC_FAILURE);
-        return (0);
-    }
-
-    for (i = 0; i < sk_OPENSSL_BLOCK_num(a); i++) {
-        rgSetBlob[i].pbData = p; /* catch each set encode blob */
-        i2d(sk_OPENSSL_BLOCK_value(a, i), &p);
-        rgSetBlob[i].cbData = p - rgSetBlob[i].pbData; /* Length of this
-                                                        * SetBlob */
-    }
-    *pp = p;
-    totSize = p - pStart;       /* This is the total size of all set blobs */
-
-    /*
-     * Now we have to sort the blobs. I am using a simple algo. *Sort ptrs
-     * *Copy to temp-mem *Copy from temp-mem to user-mem
-     */
-    qsort(rgSetBlob, sk_OPENSSL_BLOCK_num(a), sizeof(MYBLOB), SetBlobCmp);
-    if (!(pTempMem = OPENSSL_malloc(totSize))) {
-        ASN1err(ASN1_F_I2D_ASN1_SET, ERR_R_MALLOC_FAILURE);
-        return (0);
-    }
-
-/* Copy to temp mem */
-    p = pTempMem;
-    for (i = 0; i < sk_OPENSSL_BLOCK_num(a); ++i) {
-        memcpy(p, rgSetBlob[i].pbData, rgSetBlob[i].cbData);
-        p += rgSetBlob[i].cbData;
-    }
-
-/* Copy back to user mem*/
-    memcpy(pStart, pTempMem, totSize);
-    OPENSSL_free(pTempMem);
-    OPENSSL_free(rgSetBlob);
-
-    return (r);
-}
-
-STACK_OF(OPENSSL_BLOCK) *d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a,
-                                      const unsigned char **pp,
-                                      long length, d2i_of_void *d2i,
-                                      void (*free_func) (OPENSSL_BLOCK),
-                                      int ex_tag, int ex_class)
-{
-    ASN1_const_CTX c;
-    STACK_OF(OPENSSL_BLOCK) *ret = NULL;
-
-    if ((a == NULL) || ((*a) == NULL)) {
-        if ((ret = sk_OPENSSL_BLOCK_new_null()) == NULL) {
-            ASN1err(ASN1_F_D2I_ASN1_SET, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-    } else
-        ret = (*a);
-
-    c.p = *pp;
-    c.max = (length == 0) ? 0 : (c.p + length);
-
-    c.inf = ASN1_get_object(&c.p, &c.slen, &c.tag, &c.xclass, c.max - c.p);
-    if (c.inf & 0x80)
-        goto err;
-    if (ex_class != c.xclass) {
-        ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_BAD_CLASS);
-        goto err;
-    }
-    if (ex_tag != c.tag) {
-        ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_BAD_TAG);
-        goto err;
-    }
-    if ((c.slen + c.p) > c.max) {
-        ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_LENGTH_ERROR);
-        goto err;
-    }
-    /*
-     * check for infinite constructed - it can be as long as the amount of
-     * data passed to us
-     */
-    if (c.inf == (V_ASN1_CONSTRUCTED + 1))
-        c.slen = length + *pp - c.p;
-    c.max = c.p + c.slen;
-
-    while (c.p < c.max) {
-        char *s;
-
-        if (M_ASN1_D2I_end_sequence())
-            break;
-        /*
-         * XXX: This was called with 4 arguments, incorrectly, it seems if
-         * ((s=func(NULL,&c.p,c.slen,c.max-c.p)) == NULL)
-         */
-        if ((s = d2i(NULL, &c.p, c.slen)) == NULL) {
-            ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_ERROR_PARSING_SET_ELEMENT);
-            asn1_add_error(*pp, (int)(c.p - *pp));
-            goto err;
-        }
-        if (!sk_OPENSSL_BLOCK_push(ret, s))
-            goto err;
-    }
-    if (a != NULL)
-        (*a) = ret;
-    *pp = c.p;
-    return (ret);
- err:
-    if ((ret != NULL) && ((a == NULL) || (*a != ret))) {
-        if (free_func != NULL)
-            sk_OPENSSL_BLOCK_pop_free(ret, free_func);
-        else
-            sk_OPENSSL_BLOCK_free(ret);
-    }
-    return (NULL);
-}
-
-#endif
diff --git a/freebsd/crypto/openssl/crypto/asn1/a_sign.c b/freebsd/crypto/openssl/crypto/asn1/a_sign.c
index b3364317..200e2511 100644
--- a/freebsd/crypto/openssl/crypto/asn1/a_sign.c
+++ b/freebsd/crypto/openssl/crypto/asn1/a_sign.c
@@ -1,131 +1,27 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/asn1/a_sign.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <time.h>
+#include <sys/types.h>
 
-#include "cryptlib.h"
-
-#ifndef NO_SYS_TYPES_H
-# include <sys/types.h>
-#endif
+#include "internal/cryptlib.h"
 
 #include <openssl/bn.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/objects.h>
 #include <openssl/buffer.h>
-#include "asn1_locl.h"
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
 
 #ifndef NO_ASN1_OLD
 
@@ -133,12 +29,15 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2,
               ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey,
               const EVP_MD *type)
 {
-    EVP_MD_CTX ctx;
+    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
     unsigned char *p, *buf_in = NULL, *buf_out = NULL;
     int i, inl = 0, outl = 0, outll = 0;
     X509_ALGOR *a;
 
-    EVP_MD_CTX_init(&ctx);
+    if (ctx == NULL) {
+        ASN1err(ASN1_F_ASN1_SIGN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
     for (i = 0; i < 2; i++) {
         if (i == 0)
             a = algor1;
@@ -173,9 +72,9 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2,
         }
     }
     inl = i2d(data, NULL);
-    buf_in = (unsigned char *)OPENSSL_malloc((unsigned int)inl);
+    buf_in = OPENSSL_malloc((unsigned int)inl);
     outll = outl = EVP_PKEY_size(pkey);
-    buf_out = (unsigned char *)OPENSSL_malloc((unsigned int)outl);
+    buf_out = OPENSSL_malloc((unsigned int)outl);
     if ((buf_in == NULL) || (buf_out == NULL)) {
         outl = 0;
         ASN1err(ASN1_F_ASN1_SIGN, ERR_R_MALLOC_FAILURE);
@@ -184,16 +83,15 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2,
     p = buf_in;
 
     i2d(data, &p);
-    if (!EVP_SignInit_ex(&ctx, type, NULL)
-        || !EVP_SignUpdate(&ctx, (unsigned char *)buf_in, inl)
-        || !EVP_SignFinal(&ctx, (unsigned char *)buf_out,
+    if (!EVP_SignInit_ex(ctx, type, NULL)
+        || !EVP_SignUpdate(ctx, (unsigned char *)buf_in, inl)
+        || !EVP_SignFinal(ctx, (unsigned char *)buf_out,
                           (unsigned int *)&outl, pkey)) {
         outl = 0;
         ASN1err(ASN1_F_ASN1_SIGN, ERR_R_EVP_LIB);
         goto err;
     }
-    if (signature->data != NULL)
-        OPENSSL_free(signature->data);
+    OPENSSL_free(signature->data);
     signature->data = buf_out;
     buf_out = NULL;
     signature->length = outl;
@@ -204,16 +102,10 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2,
     signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
     signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;
  err:
-    EVP_MD_CTX_cleanup(&ctx);
-    if (buf_in != NULL) {
-        OPENSSL_cleanse((char *)buf_in, (unsigned int)inl);
-        OPENSSL_free(buf_in);
-    }
-    if (buf_out != NULL) {
-        OPENSSL_cleanse((char *)buf_out, outll);
-        OPENSSL_free(buf_out);
-    }
-    return (outl);
+    EVP_MD_CTX_free(ctx);
+    OPENSSL_clear_free((char *)buf_in, (unsigned int)inl);
+    OPENSSL_clear_free((char *)buf_out, outll);
+    return outl;
 }
 
 #endif
@@ -222,13 +114,22 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1,
                    X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *asn,
                    EVP_PKEY *pkey, const EVP_MD *type)
 {
-    EVP_MD_CTX ctx;
-    EVP_MD_CTX_init(&ctx);
-    if (!EVP_DigestSignInit(&ctx, NULL, type, NULL, pkey)) {
-        EVP_MD_CTX_cleanup(&ctx);
+    int rv;
+    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+
+    if (ctx == NULL) {
+        ASN1err(ASN1_F_ASN1_ITEM_SIGN, ERR_R_MALLOC_FAILURE);
         return 0;
     }
-    return ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, &ctx);
+    if (!EVP_DigestSignInit(ctx, NULL, type, NULL, pkey)) {
+        EVP_MD_CTX_free(ctx);
+        return 0;
+    }
+
+    rv = ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, ctx);
+
+    EVP_MD_CTX_free(ctx);
+    return rv;
 }
 
 int ASN1_item_sign_ctx(const ASN1_ITEM *it,
@@ -243,11 +144,16 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it,
     int rv;
 
     type = EVP_MD_CTX_md(ctx);
-    pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx);
+    pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx));
 
-    if (!type || !pkey) {
+    if (pkey == NULL) {
         ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_CONTEXT_NOT_INITIALISED);
-        return 0;
+        goto err;
+    }
+
+    if (pkey->ameth == NULL) {
+        ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
+        goto err;
     }
 
     if (pkey->ameth->item_sign) {
@@ -265,21 +171,22 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it,
             ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB);
         if (rv <= 1)
             goto err;
-    } else
+    } else {
         rv = 2;
+    }
 
     if (rv == 2) {
-        if (type->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) {
-            if (!pkey->ameth ||
-                !OBJ_find_sigid_by_algs(&signid,
-                                        EVP_MD_nid(type),
-                                        pkey->ameth->pkey_id)) {
-                ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX,
-                        ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
-                return 0;
-            }
-        } else
-            signid = type->pkey_type;
+        if (type == NULL) {
+            ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_CONTEXT_NOT_INITIALISED);
+            goto err;
+        }
+        if (!OBJ_find_sigid_by_algs(&signid,
+                                    EVP_MD_nid(type),
+                                    pkey->ameth->pkey_id)) {
+            ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX,
+                    ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
+            goto err;
+        }
 
         if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL)
             paramtype = V_ASN1_NULL;
@@ -302,14 +209,12 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it,
         goto err;
     }
 
-    if (!EVP_DigestSignUpdate(ctx, buf_in, inl)
-        || !EVP_DigestSignFinal(ctx, buf_out, &outl)) {
+    if (!EVP_DigestSign(ctx, buf_out, &outl, buf_in, inl)) {
         outl = 0;
         ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB);
         goto err;
     }
-    if (signature->data != NULL)
-        OPENSSL_free(signature->data);
+    OPENSSL_free(signature->data);
     signature->data = buf_out;
     buf_out = NULL;
     signature->length = outl;
@@ -320,14 +225,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it,
     signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
     signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;
  err:
-    EVP_MD_CTX_cleanup(ctx);
-    if (buf_in != NULL) {
-        OPENSSL_cleanse((char *)buf_in, (unsigned int)inl);
-        OPENSSL_free(buf_in);
-    }
-    if (buf_out != NULL) {
-        OPENSSL_cleanse((char *)buf_out, outll);
-        OPENSSL_free(buf_out);
-    }
-    return (outl);
+    OPENSSL_clear_free((char *)buf_in, (unsigned int)inl);
+    OPENSSL_clear_free((char *)buf_out, outll);
+    return outl;
 }
diff --git a/freebsd/crypto/openssl/crypto/asn1/a_strex.c b/freebsd/crypto/openssl/crypto/asn1/a_strex.c
index 031303c3..1d5ad84e 100644
--- a/freebsd/crypto/openssl/crypto/asn1/a_strex.c
+++ b/freebsd/crypto/openssl/crypto/asn1/a_strex.c
@@ -1,67 +1,18 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* a_strex.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000-2018 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <string.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
+#include "internal/asn1_int.h"
 #include <openssl/crypto.h>
 #include <openssl/x509.h>
 #include <openssl/asn1.h>
@@ -77,6 +28,7 @@
 #define CHARTYPE_BS_ESC         (ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253)
 
 #define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \
+                  ASN1_STRFLGS_ESC_2254 | \
                   ASN1_STRFLGS_ESC_QUOTE | \
                   ASN1_STRFLGS_ESC_CTRL | \
                   ASN1_STRFLGS_ESC_MSB)
@@ -85,18 +37,6 @@
  * Three IO functions for sending data to memory, a BIO and and a FILE
  * pointer.
  */
-#if 0                           /* never used */
-static int send_mem_chars(void *arg, const void *buf, int len)
-{
-    unsigned char **out = arg;
-    if (!out)
-        return 1;
-    memcpy(*out, buf, len);
-    *out += len;
-    return 1;
-}
-#endif
-
 static int send_bio_chars(void *arg, const void *buf, int len)
 {
     if (!arg)
@@ -106,6 +46,7 @@ static int send_bio_chars(void *arg, const void *buf, int len)
     return 1;
 }
 
+#ifndef OPENSSL_NO_STDIO
 static int send_fp_chars(void *arg, const void *buf, int len)
 {
     if (!arg)
@@ -114,6 +55,7 @@ static int send_fp_chars(void *arg, const void *buf, int len)
         return 0;
     return 1;
 }
+#endif
 
 typedef int char_io (void *arg, const void *buf, int len);
 
@@ -123,10 +65,11 @@ typedef int char_io (void *arg, const void *buf, int len);
  * even 4 byte forms.
  */
 
-static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes,
+static int do_esc_char(unsigned long c, unsigned short flags, char *do_quotes,
                        char_io *io_ch, void *arg)
 {
-    unsigned char chflgs, chtmp;
+    unsigned short chflgs;
+    unsigned char chtmp;
     char tmphex[HEX_SIZE(long) + 3];
 
     if (c > 0xffffffffL)
@@ -163,7 +106,9 @@ static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes,
             return -1;
         return 2;
     }
-    if (chflgs & (ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB)) {
+    if (chflgs & (ASN1_STRFLGS_ESC_CTRL
+                  | ASN1_STRFLGS_ESC_MSB
+                  | ASN1_STRFLGS_ESC_2254)) {
         BIO_snprintf(tmphex, 11, "\\%02X", chtmp);
         if (!io_ch(arg, tmphex, 3))
             return -1;
@@ -173,7 +118,7 @@ static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes,
      * If we get this far and do any escaping at all must escape the escape
      * character itself: backslash.
      */
-    if (chtmp == '\\' && flags & ESC_FLAGS) {
+    if (chtmp == '\\' && (flags & ESC_FLAGS)) {
         if (!io_ch(arg, "\\\\", 2))
             return -1;
         return 2;
@@ -193,12 +138,14 @@ static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes,
  */
 
 static int do_buf(unsigned char *buf, int buflen,
-                  int type, unsigned char flags, char *quotes, char_io *io_ch,
+                  int type, unsigned short flags, char *quotes, char_io *io_ch,
                   void *arg)
 {
     int i, outlen, len, charwidth;
-    unsigned char orflags, *p, *q;
+    unsigned short orflags;
+    unsigned char *p, *q;
     unsigned long c;
+
     p = buf;
     q = buf + buflen;
     outlen = 0;
@@ -267,17 +214,15 @@ static int do_buf(unsigned char *buf, int buflen,
                  * otherwise each character will be > 0x7f and so the
                  * character will never be escaped on first and last.
                  */
-                len =
-                    do_esc_char(utfbuf[i], (unsigned char)(flags | orflags),
-                                quotes, io_ch, arg);
+                len = do_esc_char(utfbuf[i], flags | orflags, quotes,
+                                  io_ch, arg);
                 if (len < 0)
                     return -1;
                 outlen += len;
             }
         } else {
-            len =
-                do_esc_char(c, (unsigned char)(flags | orflags), quotes,
-                            io_ch, arg);
+            len = do_esc_char(c, flags | orflags, quotes,
+                              io_ch, arg);
             if (len < 0)
                 return -1;
             outlen += len;
@@ -315,7 +260,7 @@ static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf,
  */
 
 static int do_dump(unsigned long lflags, char_io *io_ch, void *arg,
-                   ASN1_STRING *str)
+                   const ASN1_STRING *str)
 {
     /*
      * Placing the ASN1_STRING in a temp ASN1_TYPE allows the DER encoding to
@@ -337,9 +282,10 @@ static int do_dump(unsigned long lflags, char_io *io_ch, void *arg,
     t.type = str->type;
     t.value.ptr = (char *)str;
     der_len = i2d_ASN1_TYPE(&t, NULL);
-    der_buf = OPENSSL_malloc(der_len);
-    if (!der_buf)
+    if ((der_buf = OPENSSL_malloc(der_len)) == NULL) {
+        ASN1err(ASN1_F_DO_DUMP, ERR_R_MALLOC_FAILURE);
         return -1;
+    }
     p = der_buf;
     i2d_ASN1_TYPE(&t, &p);
     outlen = do_hex_dump(io_ch, arg, der_buf, der_len);
@@ -358,12 +304,22 @@ static int do_dump(unsigned long lflags, char_io *io_ch, void *arg,
 static const signed char tag2nbyte[] = {
     -1, -1, -1, -1, -1,         /* 0-4 */
     -1, -1, -1, -1, -1,         /* 5-9 */
-    -1, -1, 0, -1,              /* 10-13 */
-    -1, -1, -1, -1,             /* 15-17 */
-    1, 1, 1,                    /* 18-20 */
-    -1, 1, 1, 1,                /* 21-24 */
-    -1, 1, -1,                  /* 25-27 */
-    4, -1, 2                    /* 28-30 */
+    -1, -1,                     /* 10-11 */
+     0,                         /* 12 V_ASN1_UTF8STRING */
+    -1, -1, -1, -1, -1,         /* 13-17 */
+     1,                         /* 18 V_ASN1_NUMERICSTRING */
+     1,                         /* 19 V_ASN1_PRINTABLESTRING */
+     1,                         /* 20 V_ASN1_T61STRING */
+    -1,                         /* 21 */
+     1,                         /* 22 V_ASN1_IA5STRING */
+     1,                         /* 23 V_ASN1_UTCTIME */
+     1,                         /* 24 V_ASN1_GENERALIZEDTIME */
+    -1,                         /* 25 */
+     1,                         /* 26 V_ASN1_ISO64STRING */
+    -1,                         /* 27 */
+     4,                         /* 28 V_ASN1_UNIVERSALSTRING */
+    -1,                         /* 29 */
+     2                          /* 30 V_ASN1_BMPSTRING */
 };
 
 /*
@@ -373,15 +329,15 @@ static const signed char tag2nbyte[] = {
  */
 
 static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags,
-                       ASN1_STRING *str)
+                       const ASN1_STRING *str)
 {
     int outlen, len;
     int type;
     char quotes;
-    unsigned char flags;
+    unsigned short flags;
     quotes = 0;
     /* Keep a copy of escape flags */
-    flags = (unsigned char)(lflags & ESC_FLAGS);
+    flags = (unsigned short)(lflags & ESC_FLAGS);
 
     type = str->type;
 
@@ -465,14 +421,14 @@ static int do_indent(char_io *io_ch, void *arg, int indent)
 #define FN_WIDTH_LN     25
 #define FN_WIDTH_SN     10
 
-static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n,
+static int do_name_ex(char_io *io_ch, void *arg, const X509_NAME *n,
                       int indent, unsigned long flags)
 {
     int i, prev = -1, orflags, cnt;
     int fn_opt, fn_nid;
     ASN1_OBJECT *fn;
-    ASN1_STRING *val;
-    X509_NAME_ENTRY *ent;
+    const ASN1_STRING *val;
+    const X509_NAME_ENTRY *ent;
     char objtmp[80];
     const char *objbuf;
     int outlen, len;
@@ -536,7 +492,7 @@ static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n,
         else
             ent = X509_NAME_get_entry(n, i);
         if (prev != -1) {
-            if (prev == ent->set) {
+            if (prev == X509_NAME_ENTRY_set(ent)) {
                 if (!io_ch(arg, sep_mv, sep_mv_len))
                     return -1;
                 outlen += sep_mv_len;
@@ -549,7 +505,7 @@ static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n,
                 outlen += indent;
             }
         }
-        prev = ent->set;
+        prev = X509_NAME_ENTRY_set(ent);
         fn = X509_NAME_ENTRY_get_object(ent);
         val = X509_NAME_ENTRY_get_data(ent);
         fn_nid = OBJ_obj2nid(fn);
@@ -603,7 +559,7 @@ static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n,
 
 /* Wrappers round the main functions */
 
-int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent,
+int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent,
                        unsigned long flags)
 {
     if (flags == XN_FLAG_COMPAT)
@@ -611,8 +567,8 @@ int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent,
     return do_name_ex(send_bio_chars, out, nm, indent, flags);
 }
 
-#ifndef OPENSSL_NO_FP_API
-int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent,
+#ifndef OPENSSL_NO_STDIO
+int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent,
                           unsigned long flags)
 {
     if (flags == XN_FLAG_COMPAT) {
@@ -629,13 +585,13 @@ int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent,
 }
 #endif
 
-int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags)
+int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags)
 {
     return do_print_ex(send_bio_chars, out, flags, str);
 }
 
-#ifndef OPENSSL_NO_FP_API
-int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags)
+#ifndef OPENSSL_NO_STDIO
+int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flags)
 {
     return do_print_ex(send_fp_chars, fp, flags, str);
 }
@@ -646,7 +602,7 @@ int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags)
  * in output string or a negative error code
  */
 
-int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in)
+int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in)
 {
     ASN1_STRING stmp, *str = &stmp;
     int mbflag, type, ret;
diff --git a/freebsd/crypto/openssl/crypto/asn1/a_strnid.c b/freebsd/crypto/openssl/crypto/asn1/a_strnid.c
index 902efd12..220ee9d3 100644
--- a/freebsd/crypto/openssl/crypto/asn1/a_strnid.c
+++ b/freebsd/crypto/openssl/crypto/asn1/a_strnid.c
@@ -1,67 +1,16 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* a_strnid.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include <ctype.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1.h>
 #include <openssl/objects.h>
 
@@ -102,19 +51,20 @@ int ASN1_STRING_set_default_mask_asc(const char *p)
 {
     unsigned long mask;
     char *end;
-    if (!strncmp(p, "MASK:", 5)) {
+
+    if (strncmp(p, "MASK:", 5) == 0) {
         if (!p[5])
             return 0;
         mask = strtoul(p + 5, &end, 0);
         if (*end)
             return 0;
-    } else if (!strcmp(p, "nombstr"))
+    } else if (strcmp(p, "nombstr") == 0)
         mask = ~((unsigned long)(B_ASN1_BMPSTRING | B_ASN1_UTF8STRING));
-    else if (!strcmp(p, "pkix"))
+    else if (strcmp(p, "pkix") == 0)
         mask = ~((unsigned long)B_ASN1_T61STRING);
-    else if (!strcmp(p, "utf8only"))
+    else if (strcmp(p, "utf8only") == 0)
         mask = B_ASN1_UTF8STRING;
-    else if (!strcmp(p, "default"))
+    else if (strcmp(p, "default") == 0)
         mask = 0xFFFFFFFFL;
     else
         return 0;
@@ -136,19 +86,20 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out,
     ASN1_STRING *str = NULL;
     unsigned long mask;
     int ret;
-    if (!out)
+
+    if (out == NULL)
         out = &str;
     tbl = ASN1_STRING_TABLE_get(nid);
-    if (tbl) {
+    if (tbl != NULL) {
         mask = tbl->mask;
         if (!(tbl->flags & STABLE_NO_MASK))
             mask &= global_mask;
         ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask,
                                   tbl->minsize, tbl->maxsize);
-    } else
-        ret =
-            ASN1_mbstring_copy(out, in, inlen, inform,
-                               DIRSTRING_TYPE & global_mask);
+    } else {
+        ret = ASN1_mbstring_copy(out, in, inlen, inform,
+                                 DIRSTRING_TYPE & global_mask);
+    }
     if (ret <= 0)
         return NULL;
     return *out;
@@ -158,45 +109,7 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out,
  * Now the tables and helper functions for the string table:
  */
 
-/* size limits: this stuff is taken straight from RFC3280 */
-
-#define ub_name                         32768
-#define ub_common_name                  64
-#define ub_locality_name                128
-#define ub_state_name                   128
-#define ub_organization_name            64
-#define ub_organization_unit_name       64
-#define ub_title                        64
-#define ub_email_address                128
-#define ub_serial_number                64
-
-/* This table must be kept in NID order */
-
-static const ASN1_STRING_TABLE tbl_standard[] = {
-    {NID_commonName, 1, ub_common_name, DIRSTRING_TYPE, 0},
-    {NID_countryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
-    {NID_localityName, 1, ub_locality_name, DIRSTRING_TYPE, 0},
-    {NID_stateOrProvinceName, 1, ub_state_name, DIRSTRING_TYPE, 0},
-    {NID_organizationName, 1, ub_organization_name, DIRSTRING_TYPE, 0},
-    {NID_organizationalUnitName, 1, ub_organization_unit_name, DIRSTRING_TYPE,
-     0},
-    {NID_pkcs9_emailAddress, 1, ub_email_address, B_ASN1_IA5STRING,
-     STABLE_NO_MASK},
-    {NID_pkcs9_unstructuredName, 1, -1, PKCS9STRING_TYPE, 0},
-    {NID_pkcs9_challengePassword, 1, -1, PKCS9STRING_TYPE, 0},
-    {NID_pkcs9_unstructuredAddress, 1, -1, DIRSTRING_TYPE, 0},
-    {NID_givenName, 1, ub_name, DIRSTRING_TYPE, 0},
-    {NID_surname, 1, ub_name, DIRSTRING_TYPE, 0},
-    {NID_initials, 1, ub_name, DIRSTRING_TYPE, 0},
-    {NID_serialNumber, 1, ub_serial_number, B_ASN1_PRINTABLESTRING,
-     STABLE_NO_MASK},
-    {NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
-    {NID_name, 1, ub_name, DIRSTRING_TYPE, 0},
-    {NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
-    {NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK},
-    {NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
-    {NID_jurisdictionCountryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}
-};
+#include "tbl_standard.h"
 
 static int sk_table_cmp(const ASN1_STRING_TABLE *const *a,
                         const ASN1_STRING_TABLE *const *b)
@@ -216,20 +129,56 @@ IMPLEMENT_OBJ_BSEARCH_CMP_FN(ASN1_STRING_TABLE, ASN1_STRING_TABLE, table);
 ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid)
 {
     int idx;
-    ASN1_STRING_TABLE *ttmp;
     ASN1_STRING_TABLE fnd;
+
     fnd.nid = nid;
-    ttmp = OBJ_bsearch_table(&fnd, tbl_standard,
-                             sizeof(tbl_standard) /
-                             sizeof(ASN1_STRING_TABLE));
-    if (ttmp)
-        return ttmp;
-    if (!stable)
+    if (stable) {
+        idx = sk_ASN1_STRING_TABLE_find(stable, &fnd);
+        if (idx >= 0)
+            return sk_ASN1_STRING_TABLE_value(stable, idx);
+    }
+    return OBJ_bsearch_table(&fnd, tbl_standard, OSSL_NELEM(tbl_standard));
+}
+
+/*
+ * Return a string table pointer which can be modified: either directly from
+ * table or a copy of an internal value added to the table.
+ */
+
+static ASN1_STRING_TABLE *stable_get(int nid)
+{
+    ASN1_STRING_TABLE *tmp, *rv;
+
+    /* Always need a string table so allocate one if NULL */
+    if (stable == NULL) {
+        stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp);
+        if (stable == NULL)
+            return NULL;
+    }
+    tmp = ASN1_STRING_TABLE_get(nid);
+    if (tmp != NULL && tmp->flags & STABLE_FLAGS_MALLOC)
+        return tmp;
+    if ((rv = OPENSSL_zalloc(sizeof(*rv))) == NULL) {
+        ASN1err(ASN1_F_STABLE_GET, ERR_R_MALLOC_FAILURE);
         return NULL;
-    idx = sk_ASN1_STRING_TABLE_find(stable, &fnd);
-    if (idx < 0)
+    }
+    if (!sk_ASN1_STRING_TABLE_push(stable, rv)) {
+        OPENSSL_free(rv);
         return NULL;
-    return sk_ASN1_STRING_TABLE_value(stable, idx);
+    }
+    if (tmp != NULL) {
+        rv->nid = tmp->nid;
+        rv->minsize = tmp->minsize;
+        rv->maxsize = tmp->maxsize;
+        rv->mask = tmp->mask;
+        rv->flags = tmp->flags | STABLE_FLAGS_MALLOC;
+    } else {
+        rv->nid = nid;
+        rv->minsize = -1;
+        rv->maxsize = -1;
+        rv->flags = STABLE_FLAGS_MALLOC;
+    }
+    return rv;
 }
 
 int ASN1_STRING_TABLE_add(int nid,
@@ -237,41 +186,29 @@ int ASN1_STRING_TABLE_add(int nid,
                           unsigned long flags)
 {
     ASN1_STRING_TABLE *tmp;
-    char new_nid = 0;
-    flags &= ~STABLE_FLAGS_MALLOC;
-    if (!stable)
-        stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp);
-    if (!stable) {
+
+    tmp = stable_get(nid);
+    if (tmp == NULL) {
         ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, ERR_R_MALLOC_FAILURE);
         return 0;
     }
-    if (!(tmp = ASN1_STRING_TABLE_get(nid))) {
-        tmp = OPENSSL_malloc(sizeof(ASN1_STRING_TABLE));
-        if (!tmp) {
-            ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, ERR_R_MALLOC_FAILURE);
-            return 0;
-        }
-        tmp->flags = flags | STABLE_FLAGS_MALLOC;
-        tmp->nid = nid;
-        tmp->minsize = tmp->maxsize = -1;
-        new_nid = 1;
-    } else
-        tmp->flags = (tmp->flags & STABLE_FLAGS_MALLOC) | flags;
-    if (minsize != -1)
+    if (minsize >= 0)
         tmp->minsize = minsize;
-    if (maxsize != -1)
+    if (maxsize >= 0)
         tmp->maxsize = maxsize;
-    tmp->mask = mask;
-    if (new_nid)
-        sk_ASN1_STRING_TABLE_push(stable, tmp);
+    if (mask)
+        tmp->mask = mask;
+    if (flags)
+        tmp->flags = STABLE_FLAGS_MALLOC | flags;
     return 1;
 }
 
 void ASN1_STRING_TABLE_cleanup(void)
 {
     STACK_OF(ASN1_STRING_TABLE) *tmp;
+
     tmp = stable;
-    if (!tmp)
+    if (tmp == NULL)
         return;
     stable = NULL;
     sk_ASN1_STRING_TABLE_pop_free(tmp, st_free);
@@ -282,36 +219,3 @@ static void st_free(ASN1_STRING_TABLE *tbl)
     if (tbl->flags & STABLE_FLAGS_MALLOC)
         OPENSSL_free(tbl);
 }
-
-
-IMPLEMENT_STACK_OF(ASN1_STRING_TABLE)
-
-#ifdef STRING_TABLE_TEST
-
-main()
-{
-    ASN1_STRING_TABLE *tmp;
-    int i, last_nid = -1;
-
-    for (tmp = tbl_standard, i = 0;
-         i < sizeof(tbl_standard) / sizeof(ASN1_STRING_TABLE); i++, tmp++) {
-        if (tmp->nid < last_nid) {
-            last_nid = 0;
-            break;
-        }
-        last_nid = tmp->nid;
-    }
-
-    if (last_nid != 0) {
-        printf("Table order OK\n");
-        exit(0);
-    }
-
-    for (tmp = tbl_standard, i = 0;
-         i < sizeof(tbl_standard) / sizeof(ASN1_STRING_TABLE); i++, tmp++)
-        printf("Index %d, NID %d, Name=%s\n", i, tmp->nid,
-               OBJ_nid2ln(tmp->nid));
-
-}
-
-#endif
diff --git a/freebsd/crypto/openssl/crypto/asn1/a_time.c b/freebsd/crypto/openssl/crypto/asn1/a_time.c
index c853c070..1031b369 100644
--- a/freebsd/crypto/openssl/crypto/asn1/a_time.c
+++ b/freebsd/crypto/openssl/crypto/asn1/a_time.c
@@ -1,58 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/asn1/a_time.c */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 /*-
@@ -60,13 +14,12 @@
  *    Time ::= CHOICE {
  *      utcTime        UTCTime,
  *      generalTime    GeneralizedTime }
- * written by Steve Henson.
  */
 
 #include <stdio.h>
 #include <time.h>
-#include "cryptlib.h"
-#include "o_time.h"
+#include "internal/ctype.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
 #include "asn1_locl.h"
 
@@ -74,32 +27,290 @@ IMPLEMENT_ASN1_MSTRING(ASN1_TIME, B_ASN1_TIME)
 
 IMPLEMENT_ASN1_FUNCTIONS(ASN1_TIME)
 
-#if 0
-int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp)
+static int is_utc(const int year)
 {
-# ifdef CHARSET_EBCDIC
-    /* KLUDGE! We convert to ascii before writing DER */
-    char tmp[24];
-    ASN1_STRING tmpstr;
+    if (50 <= year && year <= 149)
+        return 1;
+    return 0;
+}
+
+static int leap_year(const int year)
+{
+    if (year % 400 == 0 || (year % 100 != 0 && year % 4 == 0))
+        return 1;
+    return 0;
+}
 
-    if (a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME) {
-        int len;
+/*
+ * Compute the day of the week and the day of the year from the year, month
+ * and day.  The day of the year is straightforward, the day of the week uses
+ * a form of Zeller's congruence.  For this months start with March and are
+ * numbered 4 through 15.
+ */
+static void determine_days(struct tm *tm)
+{
+    static const int ydays[12] = {
+        0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
+    };
+    int y = tm->tm_year + 1900;
+    int m = tm->tm_mon;
+    int d = tm->tm_mday;
+    int c;
 
-        tmpstr = *(ASN1_STRING *)a;
-        len = tmpstr.length;
-        ebcdic2ascii(tmp, tmpstr.data,
-                     (len >= sizeof(tmp)) ? sizeof(tmp) : len);
-        tmpstr.data = tmp;
-        a = (ASN1_GENERALIZEDTIME *)&tmpstr;
+    tm->tm_yday = ydays[m] + d - 1;
+    if (m >= 2) {
+        /* March and onwards can be one day further into the year */
+        tm->tm_yday += leap_year(y);
+        m += 2;
+    } else {
+        /* Treat January and February as part of the previous year */
+        m += 14;
+        y--;
     }
-# endif
-    if (a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME)
-        return (i2d_ASN1_bytes((ASN1_STRING *)a, pp,
-                               a->type, V_ASN1_UNIVERSAL));
-    ASN1err(ASN1_F_I2D_ASN1_TIME, ASN1_R_EXPECTING_A_TIME);
-    return -1;
+    c = y / 100;
+    y %= 100;
+    /* Zeller's congruance */
+    tm->tm_wday = (d + (13 * m) / 5 + y + y / 4 + c / 4 + 5 * c + 6) % 7;
 }
+
+int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d)
+{
+    static const int min[9] = { 0, 0, 1, 1, 0, 0, 0, 0, 0 };
+    static const int max[9] = { 99, 99, 12, 31, 23, 59, 59, 12, 59 };
+    static const int mdays[12] = { 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 };
+    char *a;
+    int n, i, i2, l, o, min_l = 11, strict = 0, end = 6, btz = 5, md;
+    struct tm tmp;
+
+    /*
+     * ASN1_STRING_FLAG_X509_TIME is used to enforce RFC 5280
+     * time string format, in which:
+     *
+     * 1. "seconds" is a 'MUST'
+     * 2. "Zulu" timezone is a 'MUST'
+     * 3. "+|-" is not allowed to indicate a time zone
+     */
+    if (d->type == V_ASN1_UTCTIME) {
+        if (d->flags & ASN1_STRING_FLAG_X509_TIME) {
+            min_l = 13;
+            strict = 1;
+        }
+    } else if (d->type == V_ASN1_GENERALIZEDTIME) {
+        end = 7;
+        btz = 6;
+        if (d->flags & ASN1_STRING_FLAG_X509_TIME) {
+            min_l = 15;
+            strict = 1;
+        } else {
+            min_l = 13;
+        }
+    } else {
+        return 0;
+    }
+
+    l = d->length;
+    a = (char *)d->data;
+    o = 0;
+    memset(&tmp, 0, sizeof(tmp));
+
+    /*
+     * GENERALIZEDTIME is similar to UTCTIME except the year is represented
+     * as YYYY. This stuff treats everything as a two digit field so make
+     * first two fields 00 to 99
+     */
+
+    if (l < min_l)
+        goto err;
+    for (i = 0; i < end; i++) {
+        if (!strict && (i == btz) && ((a[o] == 'Z') || (a[o] == '+') || (a[o] == '-'))) {
+            i++;
+            break;
+        }
+        if (!ossl_isdigit(a[o]))
+            goto err;
+        n = a[o] - '0';
+        /* incomplete 2-digital number */
+        if (++o == l)
+            goto err;
+
+        if (!ossl_isdigit(a[o]))
+            goto err;
+        n = (n * 10) + a[o] - '0';
+        /* no more bytes to read, but we haven't seen time-zone yet */
+        if (++o == l)
+            goto err;
+
+        i2 = (d->type == V_ASN1_UTCTIME) ? i + 1 : i;
+
+        if ((n < min[i2]) || (n > max[i2]))
+            goto err;
+        switch (i2) {
+        case 0:
+            /* UTC will never be here */
+            tmp.tm_year = n * 100 - 1900;
+            break;
+        case 1:
+            if (d->type == V_ASN1_UTCTIME)
+                tmp.tm_year = n < 50 ? n + 100 : n;
+            else
+                tmp.tm_year += n;
+            break;
+        case 2:
+            tmp.tm_mon = n - 1;
+            break;
+        case 3:
+            /* check if tm_mday is valid in tm_mon */
+            if (tmp.tm_mon == 1) {
+                /* it's February */
+                md = mdays[1] + leap_year(tmp.tm_year + 1900);
+            } else {
+                md = mdays[tmp.tm_mon];
+            }
+            if (n > md)
+                goto err;
+            tmp.tm_mday = n;
+            determine_days(&tmp);
+            break;
+        case 4:
+            tmp.tm_hour = n;
+            break;
+        case 5:
+            tmp.tm_min = n;
+            break;
+        case 6:
+            tmp.tm_sec = n;
+            break;
+        }
+    }
+
+    /*
+     * Optional fractional seconds: decimal point followed by one or more
+     * digits.
+     */
+    if (d->type == V_ASN1_GENERALIZEDTIME && a[o] == '.') {
+        if (strict)
+            /* RFC 5280 forbids fractional seconds */
+            goto err;
+        if (++o == l)
+            goto err;
+        i = o;
+        while ((o < l) && ossl_isdigit(a[o]))
+            o++;
+        /* Must have at least one digit after decimal point */
+        if (i == o)
+            goto err;
+        /* no more bytes to read, but we haven't seen time-zone yet */
+        if (o == l)
+            goto err;
+    }
+
+    /*
+     * 'o' will never point to '\0' at this point, the only chance
+     * 'o' can point to '\0' is either the subsequent if or the first
+     * else if is true.
+     */
+    if (a[o] == 'Z') {
+        o++;
+    } else if (!strict && ((a[o] == '+') || (a[o] == '-'))) {
+        int offsign = a[o] == '-' ? 1 : -1;
+        int offset = 0;
+
+        o++;
+        /*
+         * if not equal, no need to do subsequent checks
+         * since the following for-loop will add 'o' by 4
+         * and the final return statement will check if 'l'
+         * and 'o' are equal.
+         */
+        if (o + 4 != l)
+            goto err;
+        for (i = end; i < end + 2; i++) {
+            if (!ossl_isdigit(a[o]))
+                goto err;
+            n = a[o] - '0';
+            o++;
+            if (!ossl_isdigit(a[o]))
+                goto err;
+            n = (n * 10) + a[o] - '0';
+            i2 = (d->type == V_ASN1_UTCTIME) ? i + 1 : i;
+            if ((n < min[i2]) || (n > max[i2]))
+                goto err;
+            /* if tm is NULL, no need to adjust */
+            if (tm != NULL) {
+                if (i == end)
+                    offset = n * 3600;
+                else if (i == end + 1)
+                    offset += n * 60;
+            }
+            o++;
+        }
+        if (offset && !OPENSSL_gmtime_adj(&tmp, 0, offset * offsign))
+            goto err;
+    } else {
+        /* not Z, or not +/- in non-strict mode */
+        goto err;
+    }
+    if (o == l) {
+        /* success, check if tm should be filled */
+        if (tm != NULL)
+            *tm = tmp;
+        return 1;
+    }
+ err:
+    return 0;
+}
+
+ASN1_TIME *asn1_time_from_tm(ASN1_TIME *s, struct tm *ts, int type)
+{
+    char* p;
+    ASN1_TIME *tmps = NULL;
+    const size_t len = 20;
+
+    if (type == V_ASN1_UNDEF) {
+        if (is_utc(ts->tm_year))
+            type = V_ASN1_UTCTIME;
+        else
+            type = V_ASN1_GENERALIZEDTIME;
+    } else if (type == V_ASN1_UTCTIME) {
+        if (!is_utc(ts->tm_year))
+            goto err;
+    } else if (type != V_ASN1_GENERALIZEDTIME) {
+        goto err;
+    }
+
+    if (s == NULL)
+        tmps = ASN1_STRING_new();
+    else
+        tmps = s;
+    if (tmps == NULL)
+        return NULL;
+
+    if (!ASN1_STRING_set(tmps, NULL, len))
+        goto err;
+
+    tmps->type = type;
+    p = (char*)tmps->data;
+
+    if (type == V_ASN1_GENERALIZEDTIME)
+        tmps->length = BIO_snprintf(p, len, "%04d%02d%02d%02d%02d%02dZ",
+                                    ts->tm_year + 1900, ts->tm_mon + 1,
+                                    ts->tm_mday, ts->tm_hour, ts->tm_min,
+                                    ts->tm_sec);
+    else
+        tmps->length = BIO_snprintf(p, len, "%02d%02d%02d%02d%02d%02dZ",
+                                    ts->tm_year % 100, ts->tm_mon + 1,
+                                    ts->tm_mday, ts->tm_hour, ts->tm_min,
+                                    ts->tm_sec);
+
+#ifdef CHARSET_EBCDIC_not
+    ebcdic2ascii(tmps->data, tmps->data, tmps->length);
 #endif
+    return tmps;
+ err:
+    if (tmps != s)
+        ASN1_STRING_free(tmps);
+    return NULL;
+}
 
 ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
 {
@@ -121,12 +332,10 @@ ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t,
         if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
             return NULL;
     }
-    if ((ts->tm_year >= 50) && (ts->tm_year < 150))
-        return ASN1_UTCTIME_adj(s, t, offset_day, offset_sec);
-    return ASN1_GENERALIZEDTIME_adj(s, t, offset_day, offset_sec);
+    return asn1_time_from_tm(s, ts, V_ASN1_UNDEF);
 }
 
-int ASN1_TIME_check(ASN1_TIME *t)
+int ASN1_TIME_check(const ASN1_TIME *t)
 {
     if (t->type == V_ASN1_GENERALIZEDTIME)
         return ASN1_GENERALIZEDTIME_check(t);
@@ -136,103 +345,211 @@ int ASN1_TIME_check(ASN1_TIME *t)
 }
 
 /* Convert an ASN1_TIME structure to GeneralizedTime */
-ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t,
+ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t,
                                                    ASN1_GENERALIZEDTIME **out)
 {
     ASN1_GENERALIZEDTIME *ret = NULL;
-    char *str;
-    int newlen;
+    struct tm tm;
 
-    if (!ASN1_TIME_check(t))
+    if (!ASN1_TIME_to_tm(t, &tm))
         return NULL;
 
-    if (!out || !*out) {
-        if (!(ret = ASN1_GENERALIZEDTIME_new()))
-            goto err;
-    } else {
+    if (out != NULL)
         ret = *out;
-    }
-
-    /* If already GeneralizedTime just copy across */
-    if (t->type == V_ASN1_GENERALIZEDTIME) {
-        if (!ASN1_STRING_set(ret, t->data, t->length))
-            goto err;
-        goto done;
-    }
-
-    /* grow the string */
-    if (!ASN1_STRING_set(ret, NULL, t->length + 2))
-        goto err;
-    /* ASN1_STRING_set() allocated 'len + 1' bytes. */
-    newlen = t->length + 2 + 1;
-    str = (char *)ret->data;
-    /* Work out the century and prepend */
-    if (t->data[0] >= '5')
-        BUF_strlcpy(str, "19", newlen);
-    else
-        BUF_strlcpy(str, "20", newlen);
 
-    BUF_strlcat(str, (char *)t->data, newlen);
+    ret = asn1_time_from_tm(ret, &tm, V_ASN1_GENERALIZEDTIME);
 
- done:
-   if (out != NULL && *out == NULL)
-       *out = ret;
-   return ret;
+    if (out != NULL && ret != NULL)
+        *out = ret;
 
- err:
-    if (out == NULL || *out != ret)
-        ASN1_GENERALIZEDTIME_free(ret);
-    return NULL;
+    return ret;
 }
 
-
 int ASN1_TIME_set_string(ASN1_TIME *s, const char *str)
 {
+    /* Try UTC, if that fails, try GENERALIZED */
+    if (ASN1_UTCTIME_set_string(s, str))
+        return 1;
+    return ASN1_GENERALIZEDTIME_set_string(s, str);
+}
+
+int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str)
+{
     ASN1_TIME t;
+    struct tm tm;
+    int rv = 0;
 
     t.length = strlen(str);
     t.data = (unsigned char *)str;
-    t.flags = 0;
+    t.flags = ASN1_STRING_FLAG_X509_TIME;
 
     t.type = V_ASN1_UTCTIME;
 
     if (!ASN1_TIME_check(&t)) {
         t.type = V_ASN1_GENERALIZEDTIME;
         if (!ASN1_TIME_check(&t))
-            return 0;
+            goto out;
     }
 
-    if (s && !ASN1_STRING_copy((ASN1_STRING *)s, (ASN1_STRING *)&t))
-        return 0;
+    /*
+     * Per RFC 5280 (section 4.1.2.5.), the valid input time
+     * strings should be encoded with the following rules:
+     *
+     * 1. UTC: YYMMDDHHMMSSZ, if YY < 50 (20YY) --> UTC: YYMMDDHHMMSSZ
+     * 2. UTC: YYMMDDHHMMSSZ, if YY >= 50 (19YY) --> UTC: YYMMDDHHMMSSZ
+     * 3. G'd: YYYYMMDDHHMMSSZ, if YYYY >= 2050 --> G'd: YYYYMMDDHHMMSSZ
+     * 4. G'd: YYYYMMDDHHMMSSZ, if YYYY < 2050 --> UTC: YYMMDDHHMMSSZ
+     *
+     * Only strings of the 4th rule should be reformatted, but since a
+     * UTC can only present [1950, 2050), so if the given time string
+     * is less than 1950 (e.g. 19230419000000Z), we do nothing...
+     */
+
+    if (s != NULL && t.type == V_ASN1_GENERALIZEDTIME) {
+        if (!asn1_time_to_tm(&tm, &t))
+            goto out;
+        if (is_utc(tm.tm_year)) {
+            t.length -= 2;
+            /*
+             * it's OK to let original t.data go since that's assigned
+             * to a piece of memory allocated outside of this function.
+             * new t.data would be freed after ASN1_STRING_copy is done.
+             */
+            t.data = OPENSSL_zalloc(t.length + 1);
+            if (t.data == NULL)
+                goto out;
+            memcpy(t.data, str + 2, t.length);
+            t.type = V_ASN1_UTCTIME;
+        }
+    }
+
+    if (s == NULL || ASN1_STRING_copy((ASN1_STRING *)s, (ASN1_STRING *)&t))
+        rv = 1;
 
-    return 1;
+    if (t.data != (unsigned char *)str)
+        OPENSSL_free(t.data);
+out:
+    return rv;
 }
 
-static int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *t)
+int ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm)
 {
-    if (t == NULL) {
+    if (s == NULL) {
         time_t now_t;
+
         time(&now_t);
-        if (OPENSSL_gmtime(&now_t, tm))
+        memset(tm, 0, sizeof(*tm));
+        if (OPENSSL_gmtime(&now_t, tm) != NULL)
             return 1;
         return 0;
     }
 
-    if (t->type == V_ASN1_UTCTIME)
-        return asn1_utctime_to_tm(tm, t);
-    else if (t->type == V_ASN1_GENERALIZEDTIME)
-        return asn1_generalizedtime_to_tm(tm, t);
-
-    return 0;
+    return asn1_time_to_tm(tm, s);
 }
 
 int ASN1_TIME_diff(int *pday, int *psec,
                    const ASN1_TIME *from, const ASN1_TIME *to)
 {
     struct tm tm_from, tm_to;
-    if (!asn1_time_to_tm(&tm_from, from))
+
+    if (!ASN1_TIME_to_tm(from, &tm_from))
         return 0;
-    if (!asn1_time_to_tm(&tm_to, to))
+    if (!ASN1_TIME_to_tm(to, &tm_to))
         return 0;
     return OPENSSL_gmtime_diff(pday, psec, &tm_from, &tm_to);
 }
+
+static const char _asn1_mon[12][4] = {
+    "Jan", "Feb", "Mar", "Apr", "May", "Jun",
+    "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
+};
+
+int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm)
+{
+    char *v;
+    int gmt = 0, l;
+    struct tm stm;
+
+    if (!asn1_time_to_tm(&stm, tm)) {
+        /* asn1_time_to_tm will check the time type */
+        goto err;
+    }
+
+    l = tm->length;
+    v = (char *)tm->data;
+    if (v[l - 1] == 'Z')
+        gmt = 1;
+
+    if (tm->type == V_ASN1_GENERALIZEDTIME) {
+        char *f = NULL;
+        int f_len = 0;
+
+        /*
+         * Try to parse fractional seconds. '14' is the place of
+         * 'fraction point' in a GeneralizedTime string.
+         */
+        if (tm->length > 15 && v[14] == '.') {
+            f = &v[14];
+            f_len = 1;
+            while (14 + f_len < l && ossl_isdigit(f[f_len]))
+                ++f_len;
+        }
+
+        return BIO_printf(bp, "%s %2d %02d:%02d:%02d%.*s %d%s",
+                          _asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour,
+                          stm.tm_min, stm.tm_sec, f_len, f, stm.tm_year + 1900,
+                          (gmt ? " GMT" : "")) > 0;
+    } else {
+        return BIO_printf(bp, "%s %2d %02d:%02d:%02d %d%s",
+                          _asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour,
+                          stm.tm_min, stm.tm_sec, stm.tm_year + 1900,
+                          (gmt ? " GMT" : "")) > 0;
+    }
+ err:
+    BIO_write(bp, "Bad time value", 14);
+    return 0;
+}
+
+int ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t)
+{
+    struct tm stm, ttm;
+    int day, sec;
+
+    if (!ASN1_TIME_to_tm(s, &stm))
+        return -2;
+
+    if (!OPENSSL_gmtime(&t, &ttm))
+        return -2;
+
+    if (!OPENSSL_gmtime_diff(&day, &sec, &ttm, &stm))
+        return -2;
+
+    if (day > 0 || sec > 0)
+        return 1;
+    if (day < 0 || sec < 0)
+        return -1;
+    return 0;
+}
+
+int ASN1_TIME_normalize(ASN1_TIME *t)
+{
+    struct tm tm;
+
+    if (!ASN1_TIME_to_tm(t, &tm))
+        return 0;
+
+    return asn1_time_from_tm(t, &tm, V_ASN1_UNDEF) != NULL;
+}
+
+int ASN1_TIME_compare(const ASN1_TIME *a, const ASN1_TIME *b)
+{
+    int day, sec;
+
+    if (!ASN1_TIME_diff(&day, &sec, b, a))
+        return -2;
+    if (day > 0 || sec > 0)
+        return 1;
+    if (day < 0 || sec < 0)
+        return -1;
+    return 0;
+}
diff --git a/freebsd/crypto/openssl/crypto/asn1/a_type.c b/freebsd/crypto/openssl/crypto/asn1/a_type.c
index 86f87dd3..b72396c1 100644
--- a/freebsd/crypto/openssl/crypto/asn1/a_type.c
+++ b/freebsd/crypto/openssl/crypto/asn1/a_type.c
@@ -1,81 +1,33 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/asn1/a_type.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/objects.h>
+#include "asn1_locl.h"
 
-int ASN1_TYPE_get(ASN1_TYPE *a)
+int ASN1_TYPE_get(const ASN1_TYPE *a)
 {
     if ((a->value.ptr != NULL) || (a->type == V_ASN1_NULL))
-        return (a->type);
+        return a->type;
     else
-        return (0);
+        return 0;
 }
 
 void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value)
 {
     if (a->value.ptr != NULL) {
         ASN1_TYPE **tmp_a = &a;
-        ASN1_primitive_free((ASN1_VALUE **)tmp_a, NULL);
+        asn1_primitive_free((ASN1_VALUE **)tmp_a, NULL, 0);
     }
     a->type = type;
     if (type == V_ASN1_BOOLEAN)
@@ -105,10 +57,6 @@ int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value)
     return 1;
 }
 
-IMPLEMENT_STACK_OF(ASN1_TYPE)
-
-IMPLEMENT_ASN1_SET_OF(ASN1_TYPE)
-
 /* Returns 0 if they are equal, != 0 otherwise. */
 int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b)
 {
@@ -155,3 +103,34 @@ int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b)
 
     return result;
 }
+
+ASN1_TYPE *ASN1_TYPE_pack_sequence(const ASN1_ITEM *it, void *s, ASN1_TYPE **t)
+{
+    ASN1_OCTET_STRING *oct;
+    ASN1_TYPE *rt;
+
+    oct = ASN1_item_pack(s, it, NULL);
+    if (oct == NULL)
+        return NULL;
+
+    if (t && *t) {
+        rt = *t;
+    } else {
+        rt = ASN1_TYPE_new();
+        if (rt == NULL) {
+            ASN1_OCTET_STRING_free(oct);
+            return NULL;
+        }
+        if (t)
+            *t = rt;
+    }
+    ASN1_TYPE_set(rt, V_ASN1_SEQUENCE, oct);
+    return rt;
+}
+
+void *ASN1_TYPE_unpack_sequence(const ASN1_ITEM *it, const ASN1_TYPE *t)
+{
+    if (t == NULL || t->type != V_ASN1_SEQUENCE || t->value.sequence == NULL)
+        return NULL;
+    return ASN1_item_unpack(t->value.sequence, it);
+}
diff --git a/freebsd/crypto/openssl/crypto/asn1/a_utctm.c b/freebsd/crypto/openssl/crypto/asn1/a_utctm.c
index 5422f6fe..8a879618 100644
--- a/freebsd/crypto/openssl/crypto/asn1/a_utctm.c
+++ b/freebsd/crypto/openssl/crypto/asn1/a_utctm.c
@@ -1,207 +1,27 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/asn1/a_utctm.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <time.h>
-#include "cryptlib.h"
-#include "o_time.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1.h>
 #include "asn1_locl.h"
 
-#if 0
-int i2d_ASN1_UTCTIME(ASN1_UTCTIME *a, unsigned char **pp)
-{
-# ifndef CHARSET_EBCDIC
-    return (i2d_ASN1_bytes((ASN1_STRING *)a, pp,
-                           V_ASN1_UTCTIME, V_ASN1_UNIVERSAL));
-# else
-    /* KLUDGE! We convert to ascii before writing DER */
-    int len;
-    char tmp[24];
-    ASN1_STRING x = *(ASN1_STRING *)a;
-
-    len = x.length;
-    ebcdic2ascii(tmp, x.data, (len >= sizeof(tmp)) ? sizeof(tmp) : len);
-    x.data = tmp;
-    return i2d_ASN1_bytes(&x, pp, V_ASN1_UTCTIME, V_ASN1_UNIVERSAL);
-# endif
-}
-
-ASN1_UTCTIME *d2i_ASN1_UTCTIME(ASN1_UTCTIME **a, unsigned char **pp,
-                               long length)
-{
-    ASN1_UTCTIME *ret = NULL;
-
-    ret = (ASN1_UTCTIME *)d2i_ASN1_bytes((ASN1_STRING **)a, pp, length,
-                                         V_ASN1_UTCTIME, V_ASN1_UNIVERSAL);
-    if (ret == NULL) {
-        ASN1err(ASN1_F_D2I_ASN1_UTCTIME, ERR_R_NESTED_ASN1_ERROR);
-        return (NULL);
-    }
-# ifdef CHARSET_EBCDIC
-    ascii2ebcdic(ret->data, ret->data, ret->length);
-# endif
-    if (!ASN1_UTCTIME_check(ret)) {
-        ASN1err(ASN1_F_D2I_ASN1_UTCTIME, ASN1_R_INVALID_TIME_FORMAT);
-        goto err;
-    }
-
-    return (ret);
- err:
-    if ((ret != NULL) && ((a == NULL) || (*a != ret)))
-        M_ASN1_UTCTIME_free(ret);
-    return (NULL);
-}
-
-#endif
-
+/* This is the primary function used to parse ASN1_UTCTIME */
 int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d)
 {
-    static const int min[8] = { 0, 1, 1, 0, 0, 0, 0, 0 };
-    static const int max[8] = { 99, 12, 31, 23, 59, 59, 12, 59 };
-    char *a;
-    int n, i, l, o;
-
+    /* wrapper around ans1_time_to_tm */
     if (d->type != V_ASN1_UTCTIME)
-        return (0);
-    l = d->length;
-    a = (char *)d->data;
-    o = 0;
-
-    if (l < 11)
-        goto err;
-    for (i = 0; i < 6; i++) {
-        if ((i == 5) && ((a[o] == 'Z') || (a[o] == '+') || (a[o] == '-'))) {
-            i++;
-            if (tm)
-                tm->tm_sec = 0;
-            break;
-        }
-        if ((a[o] < '0') || (a[o] > '9'))
-            goto err;
-        n = a[o] - '0';
-        if (++o > l)
-            goto err;
-
-        if ((a[o] < '0') || (a[o] > '9'))
-            goto err;
-        n = (n * 10) + a[o] - '0';
-        if (++o > l)
-            goto err;
-
-        if ((n < min[i]) || (n > max[i]))
-            goto err;
-        if (tm) {
-            switch (i) {
-            case 0:
-                tm->tm_year = n < 50 ? n + 100 : n;
-                break;
-            case 1:
-                tm->tm_mon = n - 1;
-                break;
-            case 2:
-                tm->tm_mday = n;
-                break;
-            case 3:
-                tm->tm_hour = n;
-                break;
-            case 4:
-                tm->tm_min = n;
-                break;
-            case 5:
-                tm->tm_sec = n;
-                break;
-            }
-        }
-    }
-    if (a[o] == 'Z')
-        o++;
-    else if ((a[o] == '+') || (a[o] == '-')) {
-        int offsign = a[o] == '-' ? 1 : -1, offset = 0;
-        o++;
-        if (o + 4 > l)
-            goto err;
-        for (i = 6; i < 8; i++) {
-            if ((a[o] < '0') || (a[o] > '9'))
-                goto err;
-            n = a[o] - '0';
-            o++;
-            if ((a[o] < '0') || (a[o] > '9'))
-                goto err;
-            n = (n * 10) + a[o] - '0';
-            if ((n < min[i]) || (n > max[i]))
-                goto err;
-            if (tm) {
-                if (i == 6)
-                    offset = n * 3600;
-                else if (i == 7)
-                    offset += n * 60;
-            }
-            o++;
-        }
-        if (offset && !OPENSSL_gmtime_adj(tm, 0, offset * offsign))
-            return 0;
-    }
-    return o == l;
- err:
-    return 0;
+        return 0;
+    return asn1_time_to_tm(tm, d);
 }
 
 int ASN1_UTCTIME_check(const ASN1_UTCTIME *d)
@@ -209,6 +29,7 @@ int ASN1_UTCTIME_check(const ASN1_UTCTIME *d)
     return asn1_utctime_to_tm(NULL, d);
 }
 
+/* Sets the string via simple copy without cleaning it up */
 int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str)
 {
     ASN1_UTCTIME t;
@@ -216,16 +37,15 @@ int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str)
     t.type = V_ASN1_UTCTIME;
     t.length = strlen(str);
     t.data = (unsigned char *)str;
-    if (ASN1_UTCTIME_check(&t)) {
-        if (s != NULL) {
-            if (!ASN1_STRING_set((ASN1_STRING *)s,
-                                 (unsigned char *)str, t.length))
-                return 0;
-            s->type = V_ASN1_UTCTIME;
-        }
-        return (1);
-    } else
-        return (0);
+    t.flags = 0;
+
+    if (!ASN1_UTCTIME_check(&t))
+        return 0;
+
+    if (s != NULL && !ASN1_STRING_copy(s, &t))
+        return 0;
+
+    return 1;
 }
 
 ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
@@ -236,56 +56,19 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
 ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
                                int offset_day, long offset_sec)
 {
-    char *p;
     struct tm *ts;
     struct tm data;
-    size_t len = 20;
-    int free_s = 0;
-
-    if (s == NULL) {
-        free_s = 1;
-        s = M_ASN1_UTCTIME_new();
-    }
-    if (s == NULL)
-        goto err;
 
     ts = OPENSSL_gmtime(&t, &data);
     if (ts == NULL)
-        goto err;
+        return NULL;
 
     if (offset_day || offset_sec) {
         if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
-            goto err;
+            return NULL;
     }
 
-    if ((ts->tm_year < 50) || (ts->tm_year >= 150))
-        goto err;
-
-    p = (char *)s->data;
-    if ((p == NULL) || ((size_t)s->length < len)) {
-        p = OPENSSL_malloc(len);
-        if (p == NULL) {
-            ASN1err(ASN1_F_ASN1_UTCTIME_ADJ, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-        if (s->data != NULL)
-            OPENSSL_free(s->data);
-        s->data = (unsigned char *)p;
-    }
-
-    BIO_snprintf(p, len, "%02d%02d%02d%02d%02d%02dZ", ts->tm_year % 100,
-                 ts->tm_mon + 1, ts->tm_mday, ts->tm_hour, ts->tm_min,
-                 ts->tm_sec);
-    s->length = strlen(p);
-    s->type = V_ASN1_UTCTIME;
-#ifdef CHARSET_EBCDIC_not
-    ebcdic2ascii(s->data, s->data, s->length);
-#endif
-    return (s);
- err:
-    if (free_s && s)
-        M_ASN1_UTCTIME_free(s);
-    return NULL;
+    return asn1_time_from_tm(s, ts, V_ASN1_UTCTIME);
 }
 
 int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
@@ -296,59 +79,22 @@ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
     if (!asn1_utctime_to_tm(&stm, s))
         return -2;
 
-    if (!OPENSSL_gmtime(&t, &ttm))
+    if (OPENSSL_gmtime(&t, &ttm) == NULL)
         return -2;
 
     if (!OPENSSL_gmtime_diff(&day, &sec, &ttm, &stm))
         return -2;
 
-    if (day > 0)
-        return 1;
-    if (day < 0)
-        return -1;
-    if (sec > 0)
+    if (day > 0 || sec > 0)
         return 1;
-    if (sec < 0)
+    if (day < 0 || sec < 0)
         return -1;
     return 0;
 }
 
-#if 0
-time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s)
+int ASN1_UTCTIME_print(BIO *bp, const ASN1_UTCTIME *tm)
 {
-    struct tm tm;
-    int offset;
-
-    memset(&tm, '\0', sizeof(tm));
-
-# define g2(p) (((p)[0]-'0')*10+(p)[1]-'0')
-    tm.tm_year = g2(s->data);
-    if (tm.tm_year < 50)
-        tm.tm_year += 100;
-    tm.tm_mon = g2(s->data + 2) - 1;
-    tm.tm_mday = g2(s->data + 4);
-    tm.tm_hour = g2(s->data + 6);
-    tm.tm_min = g2(s->data + 8);
-    tm.tm_sec = g2(s->data + 10);
-    if (s->data[12] == 'Z')
-        offset = 0;
-    else {
-        offset = g2(s->data + 13) * 60 + g2(s->data + 15);
-        if (s->data[12] == '-')
-            offset = -offset;
-    }
-# undef g2
-
-    /*
-     * FIXME: mktime assumes the current timezone
-     * instead of UTC, and unless we rewrite OpenSSL
-     * in Lisp we cannot locally change the timezone
-     * without possibly interfering with other parts
-     * of the program. timegm, which uses UTC, is
-     * non-standard.
-     * Also time_t is inappropriate for general
-     * UTC times because it may a 32 bit type.
-     */
-    return mktime(&tm) - offset * 60;
+    if (tm->type != V_ASN1_UTCTIME)
+        return 0;
+    return ASN1_TIME_print(bp, tm);
 }
-#endif
diff --git a/freebsd/crypto/openssl/crypto/asn1/a_utf8.c b/freebsd/crypto/openssl/crypto/asn1/a_utf8.c
index 1617c5e2..daf6a23f 100644
--- a/freebsd/crypto/openssl/crypto/asn1/a_utf8.c
+++ b/freebsd/crypto/openssl/crypto/asn1/a_utf8.c
@@ -1,65 +1,16 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/asn1/a_utf8.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1.h>
 
 /* UTF8 utilities */
diff --git a/freebsd/crypto/openssl/crypto/asn1/a_verify.c b/freebsd/crypto/openssl/crypto/asn1/a_verify.c
index 3342698f..81fbb517 100644
--- a/freebsd/crypto/openssl/crypto/asn1/a_verify.c
+++ b/freebsd/crypto/openssl/crypto/asn1/a_verify.c
@@ -1,90 +1,42 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/asn1/a_verify.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <time.h>
+#include <sys/types.h>
 
-#include "cryptlib.h"
-#include "asn1_locl.h"
-
-#ifndef NO_SYS_TYPES_H
-# include <sys/types.h>
-#endif
+#include "internal/cryptlib.h"
 
 #include <openssl/bn.h>
 #include <openssl/x509.h>
 #include <openssl/objects.h>
 #include <openssl/buffer.h>
 #include <openssl/evp.h>
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
 
 #ifndef NO_ASN1_OLD
 
 int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
                 char *data, EVP_PKEY *pkey)
 {
-    EVP_MD_CTX ctx;
+    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
     const EVP_MD *type;
     unsigned char *p, *buf_in = NULL;
     int ret = -1, i, inl;
 
-    EVP_MD_CTX_init(&ctx);
+    if (ctx == NULL) {
+        ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
     i = OBJ_obj2nid(a->algorithm);
     type = EVP_get_digestbyname(OBJ_nid2sn(i));
     if (type == NULL) {
@@ -106,31 +58,27 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
     p = buf_in;
 
     i2d(data, &p);
-    if (!EVP_VerifyInit_ex(&ctx, type, NULL)
-        || !EVP_VerifyUpdate(&ctx, (unsigned char *)buf_in, inl)) {
+    ret = EVP_VerifyInit_ex(ctx, type, NULL)
+        && EVP_VerifyUpdate(ctx, (unsigned char *)buf_in, inl);
+
+    OPENSSL_clear_free(buf_in, (unsigned int)inl);
+
+    if (!ret) {
         ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB);
-        ret = 0;
         goto err;
     }
+    ret = -1;
 
-    OPENSSL_cleanse(buf_in, (unsigned int)inl);
-    OPENSSL_free(buf_in);
-
-    if (EVP_VerifyFinal(&ctx, (unsigned char *)signature->data,
+    if (EVP_VerifyFinal(ctx, (unsigned char *)signature->data,
                         (unsigned int)signature->length, pkey) <= 0) {
         ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB);
         ret = 0;
         goto err;
     }
-    /*
-     * we don't need to zero the 'ctx' because we just checked public
-     * information
-     */
-    /* memset(&ctx,0,sizeof(ctx)); */
     ret = 1;
  err:
-    EVP_MD_CTX_cleanup(&ctx);
-    return (ret);
+    EVP_MD_CTX_free(ctx);
+    return ret;
 }
 
 #endif
@@ -138,9 +86,9 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
 int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
                      ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey)
 {
-    EVP_MD_CTX ctx;
+    EVP_MD_CTX *ctx = NULL;
     unsigned char *buf_in = NULL;
-    int ret = -1, inl;
+    int ret = -1, inl = 0;
 
     int mdnid, pknid;
 
@@ -154,7 +102,11 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
         return -1;
     }
 
-    EVP_MD_CTX_init(&ctx);
+    ctx = EVP_MD_CTX_new();
+    if (ctx == NULL) {
+        ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
 
     /* Convert signature OID into digest and public key OIDs */
     if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid)) {
@@ -167,7 +119,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
                     ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
             goto err;
         }
-        ret = pkey->ameth->item_verify(&ctx, it, asn, a, signature, pkey);
+        ret = pkey->ameth->item_verify(ctx, it, asn, a, signature, pkey);
         /*
          * Return value of 2 means carry on, anything else means we exit
          * straight away: either a fatal error of the underlying verification
@@ -191,7 +143,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
             goto err;
         }
 
-        if (!EVP_DigestVerifyInit(&ctx, NULL, type, NULL, pkey)) {
+        if (!EVP_DigestVerifyInit(ctx, NULL, type, NULL, pkey)) {
             ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB);
             ret = 0;
             goto err;
@@ -206,28 +158,15 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
         goto err;
     }
 
-    if (!EVP_DigestVerifyUpdate(&ctx, buf_in, inl)) {
-        ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB);
-        ret = 0;
-        goto err;
-    }
-
-    OPENSSL_cleanse(buf_in, (unsigned int)inl);
-    OPENSSL_free(buf_in);
-
-    if (EVP_DigestVerifyFinal(&ctx, signature->data,
-                              (size_t)signature->length) <= 0) {
+    ret = EVP_DigestVerify(ctx, signature->data, (size_t)signature->length,
+                           buf_in, inl);
+    if (ret <= 0) {
         ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB);
-        ret = 0;
         goto err;
     }
-    /*
-     * we don't need to zero the 'ctx' because we just checked public
-     * information
-     */
-    /* memset(&ctx,0,sizeof(ctx)); */
     ret = 1;
  err:
-    EVP_MD_CTX_cleanup(&ctx);
-    return (ret);
+    OPENSSL_clear_free(buf_in, (unsigned int)inl);
+    EVP_MD_CTX_free(ctx);
+    return ret;
 }
diff --git a/freebsd/crypto/openssl/crypto/asn1/ameth_lib.c b/freebsd/crypto/openssl/crypto/asn1/ameth_lib.c
index 737078f3..7602a8ef 100644
--- a/freebsd/crypto/openssl/crypto/asn1/ameth_lib.c
+++ b/freebsd/crypto/openssl/crypto/asn1/ameth_lib.c
@@ -1,124 +1,28 @@
 #include <machine/rtems-bsd-user-space.h>
 
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2006.
- */
-/* ====================================================================
- * Copyright (c) 2006-2018 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
+#include "e_os.h"               /* for strncasecmp */
+#include "internal/cryptlib.h"
 #include <stdio.h>
-#include "cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
-#ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
-#endif
-#include "asn1_locl.h"
-
-extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[];
-extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[];
-extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth;
-extern const EVP_PKEY_ASN1_METHOD dhx_asn1_meth;
-extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth;
-extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth;
-extern const EVP_PKEY_ASN1_METHOD cmac_asn1_meth;
-
-/* Keep this sorted in type order !! */
-static const EVP_PKEY_ASN1_METHOD *standard_methods[] = {
-#ifndef OPENSSL_NO_RSA
-    &rsa_asn1_meths[0],
-    &rsa_asn1_meths[1],
-#endif
-#ifndef OPENSSL_NO_DH
-    &dh_asn1_meth,
-#endif
-#ifndef OPENSSL_NO_DSA
-    &dsa_asn1_meths[0],
-    &dsa_asn1_meths[1],
-    &dsa_asn1_meths[2],
-    &dsa_asn1_meths[3],
-    &dsa_asn1_meths[4],
-#endif
-#ifndef OPENSSL_NO_EC
-    &eckey_asn1_meth,
-#endif
-    &hmac_asn1_meth,
-#ifndef OPENSSL_NO_CMAC
-    &cmac_asn1_meth,
-#endif
-#ifndef OPENSSL_NO_DH
-    &dhx_asn1_meth
-#endif
-};
+#include <openssl/engine.h>
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
+
+#include "standard_methods.h"
 
 typedef int sk_cmp_fn_type(const char *const *a, const char *const *b);
-DECLARE_STACK_OF(EVP_PKEY_ASN1_METHOD)
 static STACK_OF(EVP_PKEY_ASN1_METHOD) *app_methods = NULL;
 
-#ifdef TEST
-void main()
-{
-    int i;
-    for (i = 0;
-         i < sizeof(standard_methods) / sizeof(EVP_PKEY_ASN1_METHOD *); i++)
-        fprintf(stderr, "Number %d id=%d (%s)\n", i,
-                standard_methods[i]->pkey_id,
-                OBJ_nid2sn(standard_methods[i]->pkey_id));
-}
-#endif
-
 DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_ASN1_METHOD *,
                            const EVP_PKEY_ASN1_METHOD *, ameth);
 
@@ -133,7 +37,7 @@ IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_ASN1_METHOD *,
 
 int EVP_PKEY_asn1_get_count(void)
 {
-    int num = sizeof(standard_methods) / sizeof(EVP_PKEY_ASN1_METHOD *);
+    int num = OSSL_NELEM(standard_methods);
     if (app_methods)
         num += sk_EVP_PKEY_ASN1_METHOD_num(app_methods);
     return num;
@@ -141,7 +45,7 @@ int EVP_PKEY_asn1_get_count(void)
 
 const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx)
 {
-    int num = sizeof(standard_methods) / sizeof(EVP_PKEY_ASN1_METHOD *);
+    int num = OSSL_NELEM(standard_methods);
     if (idx < 0)
         return NULL;
     if (idx < num)
@@ -161,8 +65,7 @@ static const EVP_PKEY_ASN1_METHOD *pkey_asn1_find(int type)
         if (idx >= 0)
             return sk_EVP_PKEY_ASN1_METHOD_value(app_methods, idx);
     }
-    ret = OBJ_bsearch_ameth(&t, standard_methods, sizeof(standard_methods)
-                            / sizeof(EVP_PKEY_ASN1_METHOD *));
+    ret = OBJ_bsearch_ameth(&t, standard_methods, OSSL_NELEM(standard_methods));
     if (!ret || !*ret)
         return NULL;
     return *ret;
@@ -203,7 +106,8 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe,
                                                    const char *str, int len)
 {
     int i;
-    const EVP_PKEY_ASN1_METHOD *ameth;
+    const EVP_PKEY_ASN1_METHOD *ameth = NULL;
+
     if (len == -1)
         len = strlen(str);
     if (pe) {
@@ -223,12 +127,12 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe,
 #endif
         *pe = NULL;
     }
-    for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) {
+    for (i = EVP_PKEY_asn1_get_count(); i-- > 0; ) {
         ameth = EVP_PKEY_asn1_get0(i);
         if (ameth->pkey_flags & ASN1_PKEY_ALIAS)
             continue;
-        if (((int)strlen(ameth->pem_str) == len) &&
-            !strncasecmp(ameth->pem_str, str, len))
+        if ((int)strlen(ameth->pem_str) == len
+            && strncasecmp(ameth->pem_str, str, len) == 0)
             return ameth;
     }
     return NULL;
@@ -236,11 +140,21 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe,
 
 int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth)
 {
+    EVP_PKEY_ASN1_METHOD tmp = { 0, };
+
     if (app_methods == NULL) {
         app_methods = sk_EVP_PKEY_ASN1_METHOD_new(ameth_cmp);
-        if (!app_methods)
+        if (app_methods == NULL)
             return 0;
     }
+
+    tmp.pkey_id = ameth->pkey_id;
+    if (sk_EVP_PKEY_ASN1_METHOD_find(app_methods, &tmp) >= 0) {
+        EVPerr(EVP_F_EVP_PKEY_ASN1_ADD0,
+               EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED);
+        return 0;
+    }
+
     if (!sk_EVP_PKEY_ASN1_METHOD_push(app_methods, ameth))
         return 0;
     sk_EVP_PKEY_ASN1_METHOD_sort(app_methods);
@@ -251,7 +165,7 @@ int EVP_PKEY_asn1_add_alias(int to, int from)
 {
     EVP_PKEY_ASN1_METHOD *ameth;
     ameth = EVP_PKEY_asn1_new(from, ASN1_PKEY_ALIAS, NULL, NULL);
-    if (!ameth)
+    if (ameth == NULL)
         return 0;
     ameth->pkey_base_id = to;
     if (!EVP_PKEY_asn1_add0(ameth)) {
@@ -281,7 +195,7 @@ int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *ppkey_base_id,
     return 1;
 }
 
-const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(EVP_PKEY *pkey)
+const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(const EVP_PKEY *pkey)
 {
     return pkey->ameth;
 }
@@ -289,23 +203,20 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(EVP_PKEY *pkey)
 EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags,
                                         const char *pem_str, const char *info)
 {
-    EVP_PKEY_ASN1_METHOD *ameth;
-    ameth = OPENSSL_malloc(sizeof(EVP_PKEY_ASN1_METHOD));
-    if (!ameth)
-        return NULL;
+    EVP_PKEY_ASN1_METHOD *ameth = OPENSSL_zalloc(sizeof(*ameth));
 
-    memset(ameth, 0, sizeof(EVP_PKEY_ASN1_METHOD));
+    if (ameth == NULL)
+        return NULL;
 
     ameth->pkey_id = id;
     ameth->pkey_base_id = id;
     ameth->pkey_flags = flags | ASN1_PKEY_DYNAMIC;
 
     if (info) {
-        ameth->info = BUF_strdup(info);
+        ameth->info = OPENSSL_strdup(info);
         if (!ameth->info)
             goto err;
-    } else
-        ameth->info = NULL;
+    }
 
     /*
      * One of the following must be true:
@@ -320,44 +231,14 @@ EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags,
         goto err;
 
     if (pem_str) {
-        ameth->pem_str = BUF_strdup(pem_str);
+        ameth->pem_str = OPENSSL_strdup(pem_str);
         if (!ameth->pem_str)
             goto err;
-    } else
-        ameth->pem_str = NULL;
-
-    ameth->pub_decode = 0;
-    ameth->pub_encode = 0;
-    ameth->pub_cmp = 0;
-    ameth->pub_print = 0;
-
-    ameth->priv_decode = 0;
-    ameth->priv_encode = 0;
-    ameth->priv_print = 0;
-
-    ameth->old_priv_encode = 0;
-    ameth->old_priv_decode = 0;
-
-    ameth->item_verify = 0;
-    ameth->item_sign = 0;
-
-    ameth->pkey_size = 0;
-    ameth->pkey_bits = 0;
-
-    ameth->param_decode = 0;
-    ameth->param_encode = 0;
-    ameth->param_missing = 0;
-    ameth->param_copy = 0;
-    ameth->param_cmp = 0;
-    ameth->param_print = 0;
-
-    ameth->pkey_free = 0;
-    ameth->pkey_ctrl = 0;
+    }
 
     return ameth;
 
  err:
-
     EVP_PKEY_asn1_free(ameth);
     return NULL;
 
@@ -395,15 +276,17 @@ void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst,
     dst->item_sign = src->item_sign;
     dst->item_verify = src->item_verify;
 
+    dst->siginf_set = src->siginf_set;
+
+    dst->pkey_check = src->pkey_check;
+
 }
 
 void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth)
 {
     if (ameth && (ameth->pkey_flags & ASN1_PKEY_DYNAMIC)) {
-        if (ameth->pem_str)
-            OPENSSL_free(ameth->pem_str);
-        if (ameth->info)
-            OPENSSL_free(ameth->info);
+        OPENSSL_free(ameth->pem_str);
+        OPENSSL_free(ameth->info);
         OPENSSL_free(ameth);
     }
 }
@@ -431,7 +314,7 @@ void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth,
 
 void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth,
                                int (*priv_decode) (EVP_PKEY *pk,
-                                                   PKCS8_PRIV_KEY_INFO
+                                                   const PKCS8_PRIV_KEY_INFO
                                                    *p8inf),
                                int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8,
                                                    const EVP_PKEY *pk),
@@ -481,6 +364,13 @@ void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
     ameth->pkey_ctrl = pkey_ctrl;
 }
 
+void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth,
+                                     int (*pkey_security_bits) (const EVP_PKEY
+                                                                *pk))
+{
+    ameth->pkey_security_bits = pkey_security_bits;
+}
+
 void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth,
                             int (*item_verify) (EVP_MD_CTX *ctx,
                                                 const ASN1_ITEM *it,
@@ -498,3 +388,62 @@ void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth,
     ameth->item_sign = item_sign;
     ameth->item_verify = item_verify;
 }
+
+void EVP_PKEY_asn1_set_siginf(EVP_PKEY_ASN1_METHOD *ameth,
+                              int (*siginf_set) (X509_SIG_INFO *siginf,
+                                                 const X509_ALGOR *alg,
+                                                 const ASN1_STRING *sig))
+{
+    ameth->siginf_set = siginf_set;
+}
+
+void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth,
+                             int (*pkey_check) (const EVP_PKEY *pk))
+{
+    ameth->pkey_check = pkey_check;
+}
+
+void EVP_PKEY_asn1_set_public_check(EVP_PKEY_ASN1_METHOD *ameth,
+                                    int (*pkey_pub_check) (const EVP_PKEY *pk))
+{
+    ameth->pkey_public_check = pkey_pub_check;
+}
+
+void EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth,
+                                   int (*pkey_param_check) (const EVP_PKEY *pk))
+{
+    ameth->pkey_param_check = pkey_param_check;
+}
+
+void EVP_PKEY_asn1_set_set_priv_key(EVP_PKEY_ASN1_METHOD *ameth,
+                                    int (*set_priv_key) (EVP_PKEY *pk,
+                                                         const unsigned char
+                                                            *priv,
+                                                         size_t len))
+{
+    ameth->set_priv_key = set_priv_key;
+}
+
+void EVP_PKEY_asn1_set_set_pub_key(EVP_PKEY_ASN1_METHOD *ameth,
+                                   int (*set_pub_key) (EVP_PKEY *pk,
+                                                       const unsigned char *pub,
+                                                       size_t len))
+{
+    ameth->set_pub_key = set_pub_key;
+}
+
+void EVP_PKEY_asn1_set_get_priv_key(EVP_PKEY_ASN1_METHOD *ameth,
+                                    int (*get_priv_key) (const EVP_PKEY *pk,
+                                                         unsigned char *priv,
+                                                         size_t *len))
+{
+    ameth->get_priv_key = get_priv_key;
+}
+
+void EVP_PKEY_asn1_set_get_pub_key(EVP_PKEY_ASN1_METHOD *ameth,
+                                   int (*get_pub_key) (const EVP_PKEY *pk,
+                                                       unsigned char *pub,
+                                                       size_t *len))
+{
+    ameth->get_pub_key = get_pub_key;
+}
diff --git a/freebsd/crypto/openssl/crypto/asn1/asn1.h b/freebsd/crypto/openssl/crypto/asn1/asn1.h
deleted file mode 100644
index 36e79d5e..00000000
--- a/freebsd/crypto/openssl/crypto/asn1/asn1.h
+++ /dev/null
@@ -1,1424 +0,0 @@
-/* crypto/asn1/asn1.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_ASN1_H
-# define HEADER_ASN1_H
-
-# include <time.h>
-# include <openssl/e_os2.h>
-# ifndef OPENSSL_NO_BIO
-#  include <openssl/bio.h>
-# endif
-# include <openssl/stack.h>
-# include <openssl/safestack.h>
-
-# include <openssl/symhacks.h>
-
-# include <openssl/ossl_typ.h>
-# ifndef OPENSSL_NO_DEPRECATED
-#  include <openssl/bn.h>
-# endif
-
-# ifdef OPENSSL_BUILD_SHLIBCRYPTO
-#  undef OPENSSL_EXTERN
-#  define OPENSSL_EXTERN OPENSSL_EXPORT
-# endif
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-# define V_ASN1_UNIVERSAL                0x00
-# define V_ASN1_APPLICATION              0x40
-# define V_ASN1_CONTEXT_SPECIFIC         0x80
-# define V_ASN1_PRIVATE                  0xc0
-
-# define V_ASN1_CONSTRUCTED              0x20
-# define V_ASN1_PRIMITIVE_TAG            0x1f
-# define V_ASN1_PRIMATIVE_TAG            0x1f
-
-# define V_ASN1_APP_CHOOSE               -2/* let the recipient choose */
-# define V_ASN1_OTHER                    -3/* used in ASN1_TYPE */
-# define V_ASN1_ANY                      -4/* used in ASN1 template code */
-
-# define V_ASN1_NEG                      0x100/* negative flag */
-
-# define V_ASN1_UNDEF                    -1
-# define V_ASN1_EOC                      0
-# define V_ASN1_BOOLEAN                  1 /**/
-# define V_ASN1_INTEGER                  2
-# define V_ASN1_NEG_INTEGER              (2 | V_ASN1_NEG)
-# define V_ASN1_BIT_STRING               3
-# define V_ASN1_OCTET_STRING             4
-# define V_ASN1_NULL                     5
-# define V_ASN1_OBJECT                   6
-# define V_ASN1_OBJECT_DESCRIPTOR        7
-# define V_ASN1_EXTERNAL                 8
-# define V_ASN1_REAL                     9
-# define V_ASN1_ENUMERATED               10
-# define V_ASN1_NEG_ENUMERATED           (10 | V_ASN1_NEG)
-# define V_ASN1_UTF8STRING               12
-# define V_ASN1_SEQUENCE                 16
-# define V_ASN1_SET                      17
-# define V_ASN1_NUMERICSTRING            18 /**/
-# define V_ASN1_PRINTABLESTRING          19
-# define V_ASN1_T61STRING                20
-# define V_ASN1_TELETEXSTRING            20/* alias */
-# define V_ASN1_VIDEOTEXSTRING           21 /**/
-# define V_ASN1_IA5STRING                22
-# define V_ASN1_UTCTIME                  23
-# define V_ASN1_GENERALIZEDTIME          24 /**/
-# define V_ASN1_GRAPHICSTRING            25 /**/
-# define V_ASN1_ISO64STRING              26 /**/
-# define V_ASN1_VISIBLESTRING            26/* alias */
-# define V_ASN1_GENERALSTRING            27 /**/
-# define V_ASN1_UNIVERSALSTRING          28 /**/
-# define V_ASN1_BMPSTRING                30
-/* For use with d2i_ASN1_type_bytes() */
-# define B_ASN1_NUMERICSTRING    0x0001
-# define B_ASN1_PRINTABLESTRING  0x0002
-# define B_ASN1_T61STRING        0x0004
-# define B_ASN1_TELETEXSTRING    0x0004
-# define B_ASN1_VIDEOTEXSTRING   0x0008
-# define B_ASN1_IA5STRING        0x0010
-# define B_ASN1_GRAPHICSTRING    0x0020
-# define B_ASN1_ISO64STRING      0x0040
-# define B_ASN1_VISIBLESTRING    0x0040
-# define B_ASN1_GENERALSTRING    0x0080
-# define B_ASN1_UNIVERSALSTRING  0x0100
-# define B_ASN1_OCTET_STRING     0x0200
-# define B_ASN1_BIT_STRING       0x0400
-# define B_ASN1_BMPSTRING        0x0800
-# define B_ASN1_UNKNOWN          0x1000
-# define B_ASN1_UTF8STRING       0x2000
-# define B_ASN1_UTCTIME          0x4000
-# define B_ASN1_GENERALIZEDTIME  0x8000
-# define B_ASN1_SEQUENCE         0x10000
-/* For use with ASN1_mbstring_copy() */
-# define MBSTRING_FLAG           0x1000
-# define MBSTRING_UTF8           (MBSTRING_FLAG)
-# define MBSTRING_ASC            (MBSTRING_FLAG|1)
-# define MBSTRING_BMP            (MBSTRING_FLAG|2)
-# define MBSTRING_UNIV           (MBSTRING_FLAG|4)
-# define SMIME_OLDMIME           0x400
-# define SMIME_CRLFEOL           0x800
-# define SMIME_STREAM            0x1000
-    struct X509_algor_st;
-DECLARE_STACK_OF(X509_ALGOR)
-
-# define DECLARE_ASN1_SET_OF(type)/* filled in by mkstack.pl */
-# define IMPLEMENT_ASN1_SET_OF(type)/* nothing, no longer needed */
-
-/*
- * We MUST make sure that, except for constness, asn1_ctx_st and
- * asn1_const_ctx are exactly the same.  Fortunately, as soon as the old ASN1
- * parsing macros are gone, we can throw this away as well...
- */
-typedef struct asn1_ctx_st {
-    unsigned char *p;           /* work char pointer */
-    int eos;                    /* end of sequence read for indefinite
-                                 * encoding */
-    int error;                  /* error code to use when returning an error */
-    int inf;                    /* constructed if 0x20, indefinite is 0x21 */
-    int tag;                    /* tag from last 'get object' */
-    int xclass;                 /* class from last 'get object' */
-    long slen;                  /* length of last 'get object' */
-    unsigned char *max;         /* largest value of p allowed */
-    unsigned char *q;           /* temporary variable */
-    unsigned char **pp;         /* variable */
-    int line;                   /* used in error processing */
-} ASN1_CTX;
-
-typedef struct asn1_const_ctx_st {
-    const unsigned char *p;     /* work char pointer */
-    int eos;                    /* end of sequence read for indefinite
-                                 * encoding */
-    int error;                  /* error code to use when returning an error */
-    int inf;                    /* constructed if 0x20, indefinite is 0x21 */
-    int tag;                    /* tag from last 'get object' */
-    int xclass;                 /* class from last 'get object' */
-    long slen;                  /* length of last 'get object' */
-    const unsigned char *max;   /* largest value of p allowed */
-    const unsigned char *q;     /* temporary variable */
-    const unsigned char **pp;   /* variable */
-    int line;                   /* used in error processing */
-} ASN1_const_CTX;
-
-/*
- * These are used internally in the ASN1_OBJECT to keep track of whether the
- * names and data need to be free()ed
- */
-# define ASN1_OBJECT_FLAG_DYNAMIC         0x01/* internal use */
-# define ASN1_OBJECT_FLAG_CRITICAL        0x02/* critical x509v3 object id */
-# define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04/* internal use */
-# define ASN1_OBJECT_FLAG_DYNAMIC_DATA    0x08/* internal use */
-struct asn1_object_st {
-    const char *sn, *ln;
-    int nid;
-    int length;
-    const unsigned char *data;  /* data remains const after init */
-    int flags;                  /* Should we free this one */
-};
-
-# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */
-/*
- * This indicates that the ASN1_STRING is not a real value but just a place
- * holder for the location where indefinite length constructed data should be
- * inserted in the memory buffer
- */
-# define ASN1_STRING_FLAG_NDEF 0x010
-
-/*
- * This flag is used by the CMS code to indicate that a string is not
- * complete and is a place holder for content when it had all been accessed.
- * The flag will be reset when content has been written to it.
- */
-
-# define ASN1_STRING_FLAG_CONT 0x020
-/*
- * This flag is used by ASN1 code to indicate an ASN1_STRING is an MSTRING
- * type.
- */
-# define ASN1_STRING_FLAG_MSTRING 0x040
-/* This is the base type that holds just about everything :-) */
-struct asn1_string_st {
-    int length;
-    int type;
-    unsigned char *data;
-    /*
-     * The value of the following field depends on the type being held.  It
-     * is mostly being used for BIT_STRING so if the input data has a
-     * non-zero 'unused bits' value, it will be handled correctly
-     */
-    long flags;
-};
-
-/*
- * ASN1_ENCODING structure: this is used to save the received encoding of an
- * ASN1 type. This is useful to get round problems with invalid encodings
- * which can break signatures.
- */
-
-typedef struct ASN1_ENCODING_st {
-    unsigned char *enc;         /* DER encoding */
-    long len;                   /* Length of encoding */
-    int modified;               /* set to 1 if 'enc' is invalid */
-} ASN1_ENCODING;
-
-/* Used with ASN1 LONG type: if a long is set to this it is omitted */
-# define ASN1_LONG_UNDEF 0x7fffffffL
-
-# define STABLE_FLAGS_MALLOC     0x01
-# define STABLE_NO_MASK          0x02
-# define DIRSTRING_TYPE  \
- (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_BMPSTRING|B_ASN1_UTF8STRING)
-# define PKCS9STRING_TYPE (DIRSTRING_TYPE|B_ASN1_IA5STRING)
-
-typedef struct asn1_string_table_st {
-    int nid;
-    long minsize;
-    long maxsize;
-    unsigned long mask;
-    unsigned long flags;
-} ASN1_STRING_TABLE;
-
-DECLARE_STACK_OF(ASN1_STRING_TABLE)
-
-/* size limits: this stuff is taken straight from RFC2459 */
-
-# define ub_name                         32768
-# define ub_common_name                  64
-# define ub_locality_name                128
-# define ub_state_name                   128
-# define ub_organization_name            64
-# define ub_organization_unit_name       64
-# define ub_title                        64
-# define ub_email_address                128
-
-/*
- * Declarations for template structures: for full definitions see asn1t.h
- */
-typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE;
-typedef struct ASN1_TLC_st ASN1_TLC;
-/* This is just an opaque pointer */
-typedef struct ASN1_VALUE_st ASN1_VALUE;
-
-/* Declare ASN1 functions: the implement macro in in asn1t.h */
-
-# define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type)
-
-# define DECLARE_ASN1_ALLOC_FUNCTIONS(type) \
-        DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, type)
-
-# define DECLARE_ASN1_FUNCTIONS_name(type, name) \
-        DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
-        DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name)
-
-# define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \
-        DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
-        DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name)
-
-# define DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \
-        type *d2i_##name(type **a, const unsigned char **in, long len); \
-        int i2d_##name(type *a, unsigned char **out); \
-        DECLARE_ASN1_ITEM(itname)
-
-# define DECLARE_ASN1_ENCODE_FUNCTIONS_const(type, name) \
-        type *d2i_##name(type **a, const unsigned char **in, long len); \
-        int i2d_##name(const type *a, unsigned char **out); \
-        DECLARE_ASN1_ITEM(name)
-
-# define DECLARE_ASN1_NDEF_FUNCTION(name) \
-        int i2d_##name##_NDEF(name *a, unsigned char **out);
-
-# define DECLARE_ASN1_FUNCTIONS_const(name) \
-        DECLARE_ASN1_ALLOC_FUNCTIONS(name) \
-        DECLARE_ASN1_ENCODE_FUNCTIONS_const(name, name)
-
-# define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
-        type *name##_new(void); \
-        void name##_free(type *a);
-
-# define DECLARE_ASN1_PRINT_FUNCTION(stname) \
-        DECLARE_ASN1_PRINT_FUNCTION_fname(stname, stname)
-
-# define DECLARE_ASN1_PRINT_FUNCTION_fname(stname, fname) \
-        int fname##_print_ctx(BIO *out, stname *x, int indent, \
-                                         const ASN1_PCTX *pctx);
-
-# define D2I_OF(type) type *(*)(type **,const unsigned char **,long)
-# define I2D_OF(type) int (*)(type *,unsigned char **)
-# define I2D_OF_const(type) int (*)(const type *,unsigned char **)
-
-# define CHECKED_D2I_OF(type, d2i) \
-    ((d2i_of_void*) (1 ? d2i : ((D2I_OF(type))0)))
-# define CHECKED_I2D_OF(type, i2d) \
-    ((i2d_of_void*) (1 ? i2d : ((I2D_OF(type))0)))
-# define CHECKED_NEW_OF(type, xnew) \
-    ((void *(*)(void)) (1 ? xnew : ((type *(*)(void))0)))
-# define CHECKED_PTR_OF(type, p) \
-    ((void*) (1 ? p : (type*)0))
-# define CHECKED_PPTR_OF(type, p) \
-    ((void**) (1 ? p : (type**)0))
-
-# define TYPEDEF_D2I_OF(type) typedef type *d2i_of_##type(type **,const unsigned char **,long)
-# define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(type *,unsigned char **)
-# define TYPEDEF_D2I2D_OF(type) TYPEDEF_D2I_OF(type); TYPEDEF_I2D_OF(type)
-
-TYPEDEF_D2I2D_OF(void);
-
-/*-
- * The following macros and typedefs allow an ASN1_ITEM
- * to be embedded in a structure and referenced. Since
- * the ASN1_ITEM pointers need to be globally accessible
- * (possibly from shared libraries) they may exist in
- * different forms. On platforms that support it the
- * ASN1_ITEM structure itself will be globally exported.
- * Other platforms will export a function that returns
- * an ASN1_ITEM pointer.
- *
- * To handle both cases transparently the macros below
- * should be used instead of hard coding an ASN1_ITEM
- * pointer in a structure.
- *
- * The structure will look like this:
- *
- * typedef struct SOMETHING_st {
- *      ...
- *      ASN1_ITEM_EXP *iptr;
- *      ...
- * } SOMETHING;
- *
- * It would be initialised as e.g.:
- *
- * SOMETHING somevar = {...,ASN1_ITEM_ref(X509),...};
- *
- * and the actual pointer extracted with:
- *
- * const ASN1_ITEM *it = ASN1_ITEM_ptr(somevar.iptr);
- *
- * Finally an ASN1_ITEM pointer can be extracted from an
- * appropriate reference with: ASN1_ITEM_rptr(X509). This
- * would be used when a function takes an ASN1_ITEM * argument.
- *
- */
-
-# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-/* ASN1_ITEM pointer exported type */
-typedef const ASN1_ITEM ASN1_ITEM_EXP;
-
-/* Macro to obtain ASN1_ITEM pointer from exported type */
-#  define ASN1_ITEM_ptr(iptr) (iptr)
-
-/* Macro to include ASN1_ITEM pointer from base type */
-#  define ASN1_ITEM_ref(iptr) (&(iptr##_it))
-
-#  define ASN1_ITEM_rptr(ref) (&(ref##_it))
-
-#  define DECLARE_ASN1_ITEM(name) \
-        OPENSSL_EXTERN const ASN1_ITEM name##_it;
-
-# else
-
-/*
- * Platforms that can't easily handle shared global variables are declared as
- * functions returning ASN1_ITEM pointers.
- */
-
-/* ASN1_ITEM pointer exported type */
-typedef const ASN1_ITEM *ASN1_ITEM_EXP (void);
-
-/* Macro to obtain ASN1_ITEM pointer from exported type */
-#  define ASN1_ITEM_ptr(iptr) (iptr())
-
-/* Macro to include ASN1_ITEM pointer from base type */
-#  define ASN1_ITEM_ref(iptr) (iptr##_it)
-
-#  define ASN1_ITEM_rptr(ref) (ref##_it())
-
-#  define DECLARE_ASN1_ITEM(name) \
-        const ASN1_ITEM * name##_it(void);
-
-# endif
-
-/* Parameters used by ASN1_STRING_print_ex() */
-
-/*
- * These determine which characters to escape: RFC2253 special characters,
- * control characters and MSB set characters
- */
-
-# define ASN1_STRFLGS_ESC_2253           1
-# define ASN1_STRFLGS_ESC_CTRL           2
-# define ASN1_STRFLGS_ESC_MSB            4
-
-/*
- * This flag determines how we do escaping: normally RC2253 backslash only,
- * set this to use backslash and quote.
- */
-
-# define ASN1_STRFLGS_ESC_QUOTE          8
-
-/* These three flags are internal use only. */
-
-/* Character is a valid PrintableString character */
-# define CHARTYPE_PRINTABLESTRING        0x10
-/* Character needs escaping if it is the first character */
-# define CHARTYPE_FIRST_ESC_2253         0x20
-/* Character needs escaping if it is the last character */
-# define CHARTYPE_LAST_ESC_2253          0x40
-
-/*
- * NB the internal flags are safely reused below by flags handled at the top
- * level.
- */
-
-/*
- * If this is set we convert all character strings to UTF8 first
- */
-
-# define ASN1_STRFLGS_UTF8_CONVERT       0x10
-
-/*
- * If this is set we don't attempt to interpret content: just assume all
- * strings are 1 byte per character. This will produce some pretty odd
- * looking output!
- */
-
-# define ASN1_STRFLGS_IGNORE_TYPE        0x20
-
-/* If this is set we include the string type in the output */
-# define ASN1_STRFLGS_SHOW_TYPE          0x40
-
-/*
- * This determines which strings to display and which to 'dump' (hex dump of
- * content octets or DER encoding). We can only dump non character strings or
- * everything. If we don't dump 'unknown' they are interpreted as character
- * strings with 1 octet per character and are subject to the usual escaping
- * options.
- */
-
-# define ASN1_STRFLGS_DUMP_ALL           0x80
-# define ASN1_STRFLGS_DUMP_UNKNOWN       0x100
-
-/*
- * These determine what 'dumping' does, we can dump the content octets or the
- * DER encoding: both use the RFC2253 #XXXXX notation.
- */
-
-# define ASN1_STRFLGS_DUMP_DER           0x200
-
-/*
- * All the string flags consistent with RFC2253, escaping control characters
- * isn't essential in RFC2253 but it is advisable anyway.
- */
-
-# define ASN1_STRFLGS_RFC2253    (ASN1_STRFLGS_ESC_2253 | \
-                                ASN1_STRFLGS_ESC_CTRL | \
-                                ASN1_STRFLGS_ESC_MSB | \
-                                ASN1_STRFLGS_UTF8_CONVERT | \
-                                ASN1_STRFLGS_DUMP_UNKNOWN | \
-                                ASN1_STRFLGS_DUMP_DER)
-
-DECLARE_STACK_OF(ASN1_INTEGER)
-DECLARE_ASN1_SET_OF(ASN1_INTEGER)
-
-DECLARE_STACK_OF(ASN1_GENERALSTRING)
-
-typedef struct asn1_type_st {
-    int type;
-    union {
-        char *ptr;
-        ASN1_BOOLEAN boolean;
-        ASN1_STRING *asn1_string;
-        ASN1_OBJECT *object;
-        ASN1_INTEGER *integer;
-        ASN1_ENUMERATED *enumerated;
-        ASN1_BIT_STRING *bit_string;
-        ASN1_OCTET_STRING *octet_string;
-        ASN1_PRINTABLESTRING *printablestring;
-        ASN1_T61STRING *t61string;
-        ASN1_IA5STRING *ia5string;
-        ASN1_GENERALSTRING *generalstring;
-        ASN1_BMPSTRING *bmpstring;
-        ASN1_UNIVERSALSTRING *universalstring;
-        ASN1_UTCTIME *utctime;
-        ASN1_GENERALIZEDTIME *generalizedtime;
-        ASN1_VISIBLESTRING *visiblestring;
-        ASN1_UTF8STRING *utf8string;
-        /*
-         * set and sequence are left complete and still contain the set or
-         * sequence bytes
-         */
-        ASN1_STRING *set;
-        ASN1_STRING *sequence;
-        ASN1_VALUE *asn1_value;
-    } value;
-} ASN1_TYPE;
-
-DECLARE_STACK_OF(ASN1_TYPE)
-DECLARE_ASN1_SET_OF(ASN1_TYPE)
-
-typedef STACK_OF(ASN1_TYPE) ASN1_SEQUENCE_ANY;
-
-DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY)
-DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SET_ANY)
-
-typedef struct NETSCAPE_X509_st {
-    ASN1_OCTET_STRING *header;
-    X509 *cert;
-} NETSCAPE_X509;
-
-/* This is used to contain a list of bit names */
-typedef struct BIT_STRING_BITNAME_st {
-    int bitnum;
-    const char *lname;
-    const char *sname;
-} BIT_STRING_BITNAME;
-
-# define M_ASN1_STRING_length(x) ((x)->length)
-# define M_ASN1_STRING_length_set(x, n)  ((x)->length = (n))
-# define M_ASN1_STRING_type(x)   ((x)->type)
-# define M_ASN1_STRING_data(x)   ((x)->data)
-
-/* Macros for string operations */
-# define M_ASN1_BIT_STRING_new() (ASN1_BIT_STRING *)\
-                ASN1_STRING_type_new(V_ASN1_BIT_STRING)
-# define M_ASN1_BIT_STRING_free(a)       ASN1_STRING_free((ASN1_STRING *)a)
-# define M_ASN1_BIT_STRING_dup(a) (ASN1_BIT_STRING *)\
-                ASN1_STRING_dup((const ASN1_STRING *)a)
-# define M_ASN1_BIT_STRING_cmp(a,b) ASN1_STRING_cmp(\
-                (const ASN1_STRING *)a,(const ASN1_STRING *)b)
-# define M_ASN1_BIT_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c)
-
-# define M_ASN1_INTEGER_new()    (ASN1_INTEGER *)\
-                ASN1_STRING_type_new(V_ASN1_INTEGER)
-# define M_ASN1_INTEGER_free(a)          ASN1_STRING_free((ASN1_STRING *)a)
-# define M_ASN1_INTEGER_dup(a) (ASN1_INTEGER *)\
-                ASN1_STRING_dup((const ASN1_STRING *)a)
-# define M_ASN1_INTEGER_cmp(a,b) ASN1_STRING_cmp(\
-                (const ASN1_STRING *)a,(const ASN1_STRING *)b)
-
-# define M_ASN1_ENUMERATED_new() (ASN1_ENUMERATED *)\
-                ASN1_STRING_type_new(V_ASN1_ENUMERATED)
-# define M_ASN1_ENUMERATED_free(a)       ASN1_STRING_free((ASN1_STRING *)a)
-# define M_ASN1_ENUMERATED_dup(a) (ASN1_ENUMERATED *)\
-                ASN1_STRING_dup((const ASN1_STRING *)a)
-# define M_ASN1_ENUMERATED_cmp(a,b)      ASN1_STRING_cmp(\
-                (const ASN1_STRING *)a,(const ASN1_STRING *)b)
-
-# define M_ASN1_OCTET_STRING_new()       (ASN1_OCTET_STRING *)\
-                ASN1_STRING_type_new(V_ASN1_OCTET_STRING)
-# define M_ASN1_OCTET_STRING_free(a)     ASN1_STRING_free((ASN1_STRING *)a)
-# define M_ASN1_OCTET_STRING_dup(a) (ASN1_OCTET_STRING *)\
-                ASN1_STRING_dup((const ASN1_STRING *)a)
-# define M_ASN1_OCTET_STRING_cmp(a,b) ASN1_STRING_cmp(\
-                (const ASN1_STRING *)a,(const ASN1_STRING *)b)
-# define M_ASN1_OCTET_STRING_set(a,b,c)  ASN1_STRING_set((ASN1_STRING *)a,b,c)
-# define M_ASN1_OCTET_STRING_print(a,b)  ASN1_STRING_print(a,(ASN1_STRING *)b)
-# define M_i2d_ASN1_OCTET_STRING(a,pp) \
-                i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_OCTET_STRING,\
-                V_ASN1_UNIVERSAL)
-
-# define B_ASN1_TIME \
-                        B_ASN1_UTCTIME | \
-                        B_ASN1_GENERALIZEDTIME
-
-# define B_ASN1_PRINTABLE \
-                        B_ASN1_NUMERICSTRING| \
-                        B_ASN1_PRINTABLESTRING| \
-                        B_ASN1_T61STRING| \
-                        B_ASN1_IA5STRING| \
-                        B_ASN1_BIT_STRING| \
-                        B_ASN1_UNIVERSALSTRING|\
-                        B_ASN1_BMPSTRING|\
-                        B_ASN1_UTF8STRING|\
-                        B_ASN1_SEQUENCE|\
-                        B_ASN1_UNKNOWN
-
-# define B_ASN1_DIRECTORYSTRING \
-                        B_ASN1_PRINTABLESTRING| \
-                        B_ASN1_TELETEXSTRING|\
-                        B_ASN1_BMPSTRING|\
-                        B_ASN1_UNIVERSALSTRING|\
-                        B_ASN1_UTF8STRING
-
-# define B_ASN1_DISPLAYTEXT \
-                        B_ASN1_IA5STRING| \
-                        B_ASN1_VISIBLESTRING| \
-                        B_ASN1_BMPSTRING|\
-                        B_ASN1_UTF8STRING
-
-# define M_ASN1_PRINTABLE_new()  ASN1_STRING_type_new(V_ASN1_T61STRING)
-# define M_ASN1_PRINTABLE_free(a)        ASN1_STRING_free((ASN1_STRING *)a)
-# define M_i2d_ASN1_PRINTABLE(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
-                pp,a->type,V_ASN1_UNIVERSAL)
-# define M_d2i_ASN1_PRINTABLE(a,pp,l) \
-                d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
-                        B_ASN1_PRINTABLE)
-
-# define M_DIRECTORYSTRING_new() ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING)
-# define M_DIRECTORYSTRING_free(a)       ASN1_STRING_free((ASN1_STRING *)a)
-# define M_i2d_DIRECTORYSTRING(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
-                                                pp,a->type,V_ASN1_UNIVERSAL)
-# define M_d2i_DIRECTORYSTRING(a,pp,l) \
-                d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
-                        B_ASN1_DIRECTORYSTRING)
-
-# define M_DISPLAYTEXT_new() ASN1_STRING_type_new(V_ASN1_VISIBLESTRING)
-# define M_DISPLAYTEXT_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-# define M_i2d_DISPLAYTEXT(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
-                                                pp,a->type,V_ASN1_UNIVERSAL)
-# define M_d2i_DISPLAYTEXT(a,pp,l) \
-                d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
-                        B_ASN1_DISPLAYTEXT)
-
-# define M_ASN1_PRINTABLESTRING_new() (ASN1_PRINTABLESTRING *)\
-                ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING)
-# define M_ASN1_PRINTABLESTRING_free(a)  ASN1_STRING_free((ASN1_STRING *)a)
-# define M_i2d_ASN1_PRINTABLESTRING(a,pp) \
-                i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_PRINTABLESTRING,\
-                V_ASN1_UNIVERSAL)
-# define M_d2i_ASN1_PRINTABLESTRING(a,pp,l) \
-                (ASN1_PRINTABLESTRING *)d2i_ASN1_type_bytes\
-                ((ASN1_STRING **)a,pp,l,B_ASN1_PRINTABLESTRING)
-
-# define M_ASN1_T61STRING_new()  (ASN1_T61STRING *)\
-                ASN1_STRING_type_new(V_ASN1_T61STRING)
-# define M_ASN1_T61STRING_free(a)        ASN1_STRING_free((ASN1_STRING *)a)
-# define M_i2d_ASN1_T61STRING(a,pp) \
-                i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_T61STRING,\
-                V_ASN1_UNIVERSAL)
-# define M_d2i_ASN1_T61STRING(a,pp,l) \
-                (ASN1_T61STRING *)d2i_ASN1_type_bytes\
-                ((ASN1_STRING **)a,pp,l,B_ASN1_T61STRING)
-
-# define M_ASN1_IA5STRING_new()  (ASN1_IA5STRING *)\
-                ASN1_STRING_type_new(V_ASN1_IA5STRING)
-# define M_ASN1_IA5STRING_free(a)        ASN1_STRING_free((ASN1_STRING *)a)
-# define M_ASN1_IA5STRING_dup(a) \
-                (ASN1_IA5STRING *)ASN1_STRING_dup((const ASN1_STRING *)a)
-# define M_i2d_ASN1_IA5STRING(a,pp) \
-                i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_IA5STRING,\
-                        V_ASN1_UNIVERSAL)
-# define M_d2i_ASN1_IA5STRING(a,pp,l) \
-                (ASN1_IA5STRING *)d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l,\
-                        B_ASN1_IA5STRING)
-
-# define M_ASN1_UTCTIME_new()    (ASN1_UTCTIME *)\
-                ASN1_STRING_type_new(V_ASN1_UTCTIME)
-# define M_ASN1_UTCTIME_free(a)  ASN1_STRING_free((ASN1_STRING *)a)
-# define M_ASN1_UTCTIME_dup(a) (ASN1_UTCTIME *)\
-                ASN1_STRING_dup((const ASN1_STRING *)a)
-
-# define M_ASN1_GENERALIZEDTIME_new()    (ASN1_GENERALIZEDTIME *)\
-                ASN1_STRING_type_new(V_ASN1_GENERALIZEDTIME)
-# define M_ASN1_GENERALIZEDTIME_free(a)  ASN1_STRING_free((ASN1_STRING *)a)
-# define M_ASN1_GENERALIZEDTIME_dup(a) (ASN1_GENERALIZEDTIME *)ASN1_STRING_dup(\
-        (const ASN1_STRING *)a)
-
-# define M_ASN1_TIME_new()       (ASN1_TIME *)\
-                ASN1_STRING_type_new(V_ASN1_UTCTIME)
-# define M_ASN1_TIME_free(a)     ASN1_STRING_free((ASN1_STRING *)a)
-# define M_ASN1_TIME_dup(a) (ASN1_TIME *)\
-        ASN1_STRING_dup((const ASN1_STRING *)a)
-
-# define M_ASN1_GENERALSTRING_new()      (ASN1_GENERALSTRING *)\
-                ASN1_STRING_type_new(V_ASN1_GENERALSTRING)
-# define M_ASN1_GENERALSTRING_free(a)    ASN1_STRING_free((ASN1_STRING *)a)
-# define M_i2d_ASN1_GENERALSTRING(a,pp) \
-                i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_GENERALSTRING,\
-                        V_ASN1_UNIVERSAL)
-# define M_d2i_ASN1_GENERALSTRING(a,pp,l) \
-                (ASN1_GENERALSTRING *)d2i_ASN1_type_bytes\
-                ((ASN1_STRING **)a,pp,l,B_ASN1_GENERALSTRING)
-
-# define M_ASN1_UNIVERSALSTRING_new()    (ASN1_UNIVERSALSTRING *)\
-                ASN1_STRING_type_new(V_ASN1_UNIVERSALSTRING)
-# define M_ASN1_UNIVERSALSTRING_free(a)  ASN1_STRING_free((ASN1_STRING *)a)
-# define M_i2d_ASN1_UNIVERSALSTRING(a,pp) \
-                i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UNIVERSALSTRING,\
-                        V_ASN1_UNIVERSAL)
-# define M_d2i_ASN1_UNIVERSALSTRING(a,pp,l) \
-                (ASN1_UNIVERSALSTRING *)d2i_ASN1_type_bytes\
-                ((ASN1_STRING **)a,pp,l,B_ASN1_UNIVERSALSTRING)
-
-# define M_ASN1_BMPSTRING_new()  (ASN1_BMPSTRING *)\
-                ASN1_STRING_type_new(V_ASN1_BMPSTRING)
-# define M_ASN1_BMPSTRING_free(a)        ASN1_STRING_free((ASN1_STRING *)a)
-# define M_i2d_ASN1_BMPSTRING(a,pp) \
-                i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_BMPSTRING,\
-                        V_ASN1_UNIVERSAL)
-# define M_d2i_ASN1_BMPSTRING(a,pp,l) \
-                (ASN1_BMPSTRING *)d2i_ASN1_type_bytes\
-                ((ASN1_STRING **)a,pp,l,B_ASN1_BMPSTRING)
-
-# define M_ASN1_VISIBLESTRING_new()      (ASN1_VISIBLESTRING *)\
-                ASN1_STRING_type_new(V_ASN1_VISIBLESTRING)
-# define M_ASN1_VISIBLESTRING_free(a)    ASN1_STRING_free((ASN1_STRING *)a)
-# define M_i2d_ASN1_VISIBLESTRING(a,pp) \
-                i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_VISIBLESTRING,\
-                        V_ASN1_UNIVERSAL)
-# define M_d2i_ASN1_VISIBLESTRING(a,pp,l) \
-                (ASN1_VISIBLESTRING *)d2i_ASN1_type_bytes\
-                ((ASN1_STRING **)a,pp,l,B_ASN1_VISIBLESTRING)
-
-# define M_ASN1_UTF8STRING_new() (ASN1_UTF8STRING *)\
-                ASN1_STRING_type_new(V_ASN1_UTF8STRING)
-# define M_ASN1_UTF8STRING_free(a)       ASN1_STRING_free((ASN1_STRING *)a)
-# define M_i2d_ASN1_UTF8STRING(a,pp) \
-                i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UTF8STRING,\
-                        V_ASN1_UNIVERSAL)
-# define M_d2i_ASN1_UTF8STRING(a,pp,l) \
-                (ASN1_UTF8STRING *)d2i_ASN1_type_bytes\
-                ((ASN1_STRING **)a,pp,l,B_ASN1_UTF8STRING)
-
-  /* for the is_set parameter to i2d_ASN1_SET */
-# define IS_SEQUENCE     0
-# define IS_SET          1
-
-DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)
-
-int ASN1_TYPE_get(ASN1_TYPE *a);
-void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
-int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value);
-int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b);
-
-ASN1_OBJECT *ASN1_OBJECT_new(void);
-void ASN1_OBJECT_free(ASN1_OBJECT *a);
-int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp);
-ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
-                             long length);
-ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
-                             long length);
-
-DECLARE_ASN1_ITEM(ASN1_OBJECT)
-
-DECLARE_STACK_OF(ASN1_OBJECT)
-DECLARE_ASN1_SET_OF(ASN1_OBJECT)
-
-ASN1_STRING *ASN1_STRING_new(void);
-void ASN1_STRING_free(ASN1_STRING *a);
-void ASN1_STRING_clear_free(ASN1_STRING *a);
-int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str);
-ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *a);
-ASN1_STRING *ASN1_STRING_type_new(int type);
-int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b);
-  /*
-   * Since this is used to store all sorts of things, via macros, for now,
-   * make its data void *
-   */
-int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len);
-void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len);
-int ASN1_STRING_length(const ASN1_STRING *x);
-void ASN1_STRING_length_set(ASN1_STRING *x, int n);
-int ASN1_STRING_type(ASN1_STRING *x);
-unsigned char *ASN1_STRING_data(ASN1_STRING *x);
-
-DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING)
-int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp);
-ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
-                                     const unsigned char **pp, long length);
-int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, int length);
-int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value);
-int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n);
-int ASN1_BIT_STRING_check(ASN1_BIT_STRING *a,
-                          unsigned char *flags, int flags_len);
-
-# ifndef OPENSSL_NO_BIO
-int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
-                               BIT_STRING_BITNAME *tbl, int indent);
-# endif
-int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl);
-int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value,
-                            BIT_STRING_BITNAME *tbl);
-
-int i2d_ASN1_BOOLEAN(int a, unsigned char **pp);
-int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length);
-
-DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER)
-int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp);
-ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
-                               long length);
-ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
-                                long length);
-ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x);
-int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y);
-
-DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED)
-
-int ASN1_UTCTIME_check(const ASN1_UTCTIME *a);
-ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t);
-ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
-                               int offset_day, long offset_sec);
-int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str);
-int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
-# if 0
-time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s);
-# endif
-
-int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *a);
-ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
-                                               time_t t);
-ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s,
-                                               time_t t, int offset_day,
-                                               long offset_sec);
-int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str);
-int ASN1_TIME_diff(int *pday, int *psec,
-                   const ASN1_TIME *from, const ASN1_TIME *to);
-
-DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING)
-ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *a);
-int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a,
-                          const ASN1_OCTET_STRING *b);
-int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data,
-                          int len);
-
-DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING)
-DECLARE_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING)
-DECLARE_ASN1_FUNCTIONS(ASN1_UTF8STRING)
-DECLARE_ASN1_FUNCTIONS(ASN1_NULL)
-DECLARE_ASN1_FUNCTIONS(ASN1_BMPSTRING)
-
-int UTF8_getc(const unsigned char *str, int len, unsigned long *val);
-int UTF8_putc(unsigned char *str, int len, unsigned long value);
-
-DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE)
-
-DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING)
-DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT)
-DECLARE_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING)
-DECLARE_ASN1_FUNCTIONS(ASN1_T61STRING)
-DECLARE_ASN1_FUNCTIONS(ASN1_IA5STRING)
-DECLARE_ASN1_FUNCTIONS(ASN1_GENERALSTRING)
-DECLARE_ASN1_FUNCTIONS(ASN1_UTCTIME)
-DECLARE_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME)
-DECLARE_ASN1_FUNCTIONS(ASN1_TIME)
-
-DECLARE_ASN1_ITEM(ASN1_OCTET_STRING_NDEF)
-
-ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t);
-ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t,
-                         int offset_day, long offset_sec);
-int ASN1_TIME_check(ASN1_TIME *t);
-ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME
-                                                   **out);
-int ASN1_TIME_set_string(ASN1_TIME *s, const char *str);
-
-int i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp,
-                 i2d_of_void *i2d, int ex_tag, int ex_class, int is_set);
-STACK_OF(OPENSSL_BLOCK) *d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a,
-                                      const unsigned char **pp,
-                                      long length, d2i_of_void *d2i,
-                                      void (*free_func) (OPENSSL_BLOCK),
-                                      int ex_tag, int ex_class);
-
-# ifndef OPENSSL_NO_BIO
-int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a);
-int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size);
-int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a);
-int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size);
-int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a);
-int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size);
-int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type);
-# endif
-int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a);
-
-int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num);
-ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len,
-                                const char *sn, const char *ln);
-
-int ASN1_INTEGER_set(ASN1_INTEGER *a, long v);
-long ASN1_INTEGER_get(const ASN1_INTEGER *a);
-ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai);
-BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn);
-
-int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v);
-long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a);
-ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai);
-BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn);
-
-/* General */
-/* given a string, return the correct type, max is the maximum length */
-int ASN1_PRINTABLE_type(const unsigned char *s, int max);
-
-int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass);
-ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
-                            long length, int Ptag, int Pclass);
-unsigned long ASN1_tag2bit(int tag);
-/* type is one or more of the B_ASN1_ values. */
-ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, const unsigned char **pp,
-                                 long length, int type);
-
-/* PARSING */
-int asn1_Finish(ASN1_CTX *c);
-int asn1_const_Finish(ASN1_const_CTX *c);
-
-/* SPECIALS */
-int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
-                    int *pclass, long omax);
-int ASN1_check_infinite_end(unsigned char **p, long len);
-int ASN1_const_check_infinite_end(const unsigned char **p, long len);
-void ASN1_put_object(unsigned char **pp, int constructed, int length,
-                     int tag, int xclass);
-int ASN1_put_eoc(unsigned char **pp);
-int ASN1_object_size(int constructed, int length, int tag);
-
-/* Used to implement other functions */
-void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x);
-
-# define ASN1_dup_of(type,i2d,d2i,x) \
-    ((type*)ASN1_dup(CHECKED_I2D_OF(type, i2d), \
-                     CHECKED_D2I_OF(type, d2i), \
-                     CHECKED_PTR_OF(type, x)))
-
-# define ASN1_dup_of_const(type,i2d,d2i,x) \
-    ((type*)ASN1_dup(CHECKED_I2D_OF(const type, i2d), \
-                     CHECKED_D2I_OF(type, d2i), \
-                     CHECKED_PTR_OF(const type, x)))
-
-void *ASN1_item_dup(const ASN1_ITEM *it, void *x);
-
-/* ASN1 alloc/free macros for when a type is only used internally */
-
-# define M_ASN1_new_of(type) (type *)ASN1_item_new(ASN1_ITEM_rptr(type))
-# define M_ASN1_free_of(x, type) \
-                ASN1_item_free(CHECKED_PTR_OF(type, x), ASN1_ITEM_rptr(type))
-
-# ifndef OPENSSL_NO_FP_API
-void *ASN1_d2i_fp(void *(*xnew) (void), d2i_of_void *d2i, FILE *in, void **x);
-
-#  define ASN1_d2i_fp_of(type,xnew,d2i,in,x) \
-    ((type*)ASN1_d2i_fp(CHECKED_NEW_OF(type, xnew), \
-                        CHECKED_D2I_OF(type, d2i), \
-                        in, \
-                        CHECKED_PPTR_OF(type, x)))
-
-void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x);
-int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x);
-
-#  define ASN1_i2d_fp_of(type,i2d,out,x) \
-    (ASN1_i2d_fp(CHECKED_I2D_OF(type, i2d), \
-                 out, \
-                 CHECKED_PTR_OF(type, x)))
-
-#  define ASN1_i2d_fp_of_const(type,i2d,out,x) \
-    (ASN1_i2d_fp(CHECKED_I2D_OF(const type, i2d), \
-                 out, \
-                 CHECKED_PTR_OF(const type, x)))
-
-int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x);
-int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags);
-# endif
-
-int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in);
-
-# ifndef OPENSSL_NO_BIO
-void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x);
-
-#  define ASN1_d2i_bio_of(type,xnew,d2i,in,x) \
-    ((type*)ASN1_d2i_bio( CHECKED_NEW_OF(type, xnew), \
-                          CHECKED_D2I_OF(type, d2i), \
-                          in, \
-                          CHECKED_PPTR_OF(type, x)))
-
-void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x);
-int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x);
-
-#  define ASN1_i2d_bio_of(type,i2d,out,x) \
-    (ASN1_i2d_bio(CHECKED_I2D_OF(type, i2d), \
-                  out, \
-                  CHECKED_PTR_OF(type, x)))
-
-#  define ASN1_i2d_bio_of_const(type,i2d,out,x) \
-    (ASN1_i2d_bio(CHECKED_I2D_OF(const type, i2d), \
-                  out, \
-                  CHECKED_PTR_OF(const type, x)))
-
-int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x);
-int ASN1_UTCTIME_print(BIO *fp, const ASN1_UTCTIME *a);
-int ASN1_GENERALIZEDTIME_print(BIO *fp, const ASN1_GENERALIZEDTIME *a);
-int ASN1_TIME_print(BIO *fp, const ASN1_TIME *a);
-int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v);
-int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags);
-int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num,
-                  unsigned char *buf, int off);
-int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent);
-int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent,
-                    int dump);
-# endif
-const char *ASN1_tag2str(int tag);
-
-/* Used to load and write netscape format cert */
-
-DECLARE_ASN1_FUNCTIONS(NETSCAPE_X509)
-
-int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s);
-
-int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len);
-int ASN1_TYPE_get_octetstring(ASN1_TYPE *a, unsigned char *data, int max_len);
-int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num,
-                                  unsigned char *data, int len);
-int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a, long *num,
-                                  unsigned char *data, int max_len);
-
-STACK_OF(OPENSSL_BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len,
-                                         d2i_of_void *d2i,
-                                         void (*free_func) (OPENSSL_BLOCK));
-unsigned char *ASN1_seq_pack(STACK_OF(OPENSSL_BLOCK) *safes, i2d_of_void *i2d,
-                             unsigned char **buf, int *len);
-void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i);
-void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it);
-ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d,
-                              ASN1_OCTET_STRING **oct);
-
-# define ASN1_pack_string_of(type,obj,i2d,oct) \
-    (ASN1_pack_string(CHECKED_PTR_OF(type, obj), \
-                      CHECKED_I2D_OF(type, i2d), \
-                      oct))
-
-ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it,
-                            ASN1_OCTET_STRING **oct);
-
-void ASN1_STRING_set_default_mask(unsigned long mask);
-int ASN1_STRING_set_default_mask_asc(const char *p);
-unsigned long ASN1_STRING_get_default_mask(void);
-int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len,
-                       int inform, unsigned long mask);
-int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
-                        int inform, unsigned long mask,
-                        long minsize, long maxsize);
-
-ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out,
-                                    const unsigned char *in, int inlen,
-                                    int inform, int nid);
-ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid);
-int ASN1_STRING_TABLE_add(int, long, long, unsigned long, unsigned long);
-void ASN1_STRING_TABLE_cleanup(void);
-
-/* ASN1 template functions */
-
-/* Old API compatible functions */
-ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it);
-void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it);
-ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **val, const unsigned char **in,
-                          long len, const ASN1_ITEM *it);
-int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);
-int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out,
-                       const ASN1_ITEM *it);
-
-void ASN1_add_oid_module(void);
-
-ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf);
-ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf);
-
-/* ASN1 Print flags */
-
-/* Indicate missing OPTIONAL fields */
-# define ASN1_PCTX_FLAGS_SHOW_ABSENT             0x001
-/* Mark start and end of SEQUENCE */
-# define ASN1_PCTX_FLAGS_SHOW_SEQUENCE           0x002
-/* Mark start and end of SEQUENCE/SET OF */
-# define ASN1_PCTX_FLAGS_SHOW_SSOF               0x004
-/* Show the ASN1 type of primitives */
-# define ASN1_PCTX_FLAGS_SHOW_TYPE               0x008
-/* Don't show ASN1 type of ANY */
-# define ASN1_PCTX_FLAGS_NO_ANY_TYPE             0x010
-/* Don't show ASN1 type of MSTRINGs */
-# define ASN1_PCTX_FLAGS_NO_MSTRING_TYPE         0x020
-/* Don't show field names in SEQUENCE */
-# define ASN1_PCTX_FLAGS_NO_FIELD_NAME           0x040
-/* Show structure names of each SEQUENCE field */
-# define ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME  0x080
-/* Don't show structure name even at top level */
-# define ASN1_PCTX_FLAGS_NO_STRUCT_NAME          0x100
-
-int ASN1_item_print(BIO *out, ASN1_VALUE *ifld, int indent,
-                    const ASN1_ITEM *it, const ASN1_PCTX *pctx);
-ASN1_PCTX *ASN1_PCTX_new(void);
-void ASN1_PCTX_free(ASN1_PCTX *p);
-unsigned long ASN1_PCTX_get_flags(ASN1_PCTX *p);
-void ASN1_PCTX_set_flags(ASN1_PCTX *p, unsigned long flags);
-unsigned long ASN1_PCTX_get_nm_flags(ASN1_PCTX *p);
-void ASN1_PCTX_set_nm_flags(ASN1_PCTX *p, unsigned long flags);
-unsigned long ASN1_PCTX_get_cert_flags(ASN1_PCTX *p);
-void ASN1_PCTX_set_cert_flags(ASN1_PCTX *p, unsigned long flags);
-unsigned long ASN1_PCTX_get_oid_flags(ASN1_PCTX *p);
-void ASN1_PCTX_set_oid_flags(ASN1_PCTX *p, unsigned long flags);
-unsigned long ASN1_PCTX_get_str_flags(ASN1_PCTX *p);
-void ASN1_PCTX_set_str_flags(ASN1_PCTX *p, unsigned long flags);
-
-BIO_METHOD *BIO_f_asn1(void);
-
-BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it);
-
-int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
-                        const ASN1_ITEM *it);
-int PEM_write_bio_ASN1_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
-                              const char *hdr, const ASN1_ITEM *it);
-int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
-                     int ctype_nid, int econt_nid,
-                     STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it);
-ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it);
-int SMIME_crlf_copy(BIO *in, BIO *out, int flags);
-int SMIME_text(BIO *in, BIO *out);
-
-/* BEGIN ERROR CODES */
-/*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-
-void ERR_load_ASN1_strings(void);
-
-/* Error codes for the ASN1 functions. */
-
-/* Function codes. */
-# define ASN1_F_A2D_ASN1_OBJECT                           100
-# define ASN1_F_A2I_ASN1_ENUMERATED                       101
-# define ASN1_F_A2I_ASN1_INTEGER                          102
-# define ASN1_F_A2I_ASN1_STRING                           103
-# define ASN1_F_APPEND_EXP                                176
-# define ASN1_F_ASN1_BIT_STRING_SET_BIT                   183
-# define ASN1_F_ASN1_CB                                   177
-# define ASN1_F_ASN1_CHECK_TLEN                           104
-# define ASN1_F_ASN1_COLLATE_PRIMITIVE                    105
-# define ASN1_F_ASN1_COLLECT                              106
-# define ASN1_F_ASN1_D2I_EX_PRIMITIVE                     108
-# define ASN1_F_ASN1_D2I_FP                               109
-# define ASN1_F_ASN1_D2I_READ_BIO                         107
-# define ASN1_F_ASN1_DIGEST                               184
-# define ASN1_F_ASN1_DO_ADB                               110
-# define ASN1_F_ASN1_DUP                                  111
-# define ASN1_F_ASN1_ENUMERATED_SET                       112
-# define ASN1_F_ASN1_ENUMERATED_TO_BN                     113
-# define ASN1_F_ASN1_EX_C2I                               204
-# define ASN1_F_ASN1_FIND_END                             190
-# define ASN1_F_ASN1_GENERALIZEDTIME_ADJ                  216
-# define ASN1_F_ASN1_GENERALIZEDTIME_SET                  185
-# define ASN1_F_ASN1_GENERATE_V3                          178
-# define ASN1_F_ASN1_GET_OBJECT                           114
-# define ASN1_F_ASN1_HEADER_NEW                           115
-# define ASN1_F_ASN1_I2D_BIO                              116
-# define ASN1_F_ASN1_I2D_FP                               117
-# define ASN1_F_ASN1_INTEGER_SET                          118
-# define ASN1_F_ASN1_INTEGER_TO_BN                        119
-# define ASN1_F_ASN1_ITEM_D2I_FP                          206
-# define ASN1_F_ASN1_ITEM_DUP                             191
-# define ASN1_F_ASN1_ITEM_EX_COMBINE_NEW                  121
-# define ASN1_F_ASN1_ITEM_EX_D2I                          120
-# define ASN1_F_ASN1_ITEM_I2D_BIO                         192
-# define ASN1_F_ASN1_ITEM_I2D_FP                          193
-# define ASN1_F_ASN1_ITEM_PACK                            198
-# define ASN1_F_ASN1_ITEM_SIGN                            195
-# define ASN1_F_ASN1_ITEM_SIGN_CTX                        220
-# define ASN1_F_ASN1_ITEM_UNPACK                          199
-# define ASN1_F_ASN1_ITEM_VERIFY                          197
-# define ASN1_F_ASN1_MBSTRING_NCOPY                       122
-# define ASN1_F_ASN1_OBJECT_NEW                           123
-# define ASN1_F_ASN1_OUTPUT_DATA                          214
-# define ASN1_F_ASN1_PACK_STRING                          124
-# define ASN1_F_ASN1_PCTX_NEW                             205
-# define ASN1_F_ASN1_PKCS5_PBE_SET                        125
-# define ASN1_F_ASN1_SEQ_PACK                             126
-# define ASN1_F_ASN1_SEQ_UNPACK                           127
-# define ASN1_F_ASN1_SIGN                                 128
-# define ASN1_F_ASN1_STR2TYPE                             179
-# define ASN1_F_ASN1_STRING_SET                           186
-# define ASN1_F_ASN1_STRING_TABLE_ADD                     129
-# define ASN1_F_ASN1_STRING_TYPE_NEW                      130
-# define ASN1_F_ASN1_TEMPLATE_EX_D2I                      132
-# define ASN1_F_ASN1_TEMPLATE_NEW                         133
-# define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I                   131
-# define ASN1_F_ASN1_TIME_ADJ                             217
-# define ASN1_F_ASN1_TIME_SET                             175
-# define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING             134
-# define ASN1_F_ASN1_TYPE_GET_OCTETSTRING                 135
-# define ASN1_F_ASN1_UNPACK_STRING                        136
-# define ASN1_F_ASN1_UTCTIME_ADJ                          218
-# define ASN1_F_ASN1_UTCTIME_SET                          187
-# define ASN1_F_ASN1_VERIFY                               137
-# define ASN1_F_B64_READ_ASN1                             209
-# define ASN1_F_B64_WRITE_ASN1                            210
-# define ASN1_F_BIO_NEW_NDEF                              208
-# define ASN1_F_BITSTR_CB                                 180
-# define ASN1_F_BN_TO_ASN1_ENUMERATED                     138
-# define ASN1_F_BN_TO_ASN1_INTEGER                        139
-# define ASN1_F_C2I_ASN1_BIT_STRING                       189
-# define ASN1_F_C2I_ASN1_INTEGER                          194
-# define ASN1_F_C2I_ASN1_OBJECT                           196
-# define ASN1_F_COLLECT_DATA                              140
-# define ASN1_F_D2I_ASN1_BIT_STRING                       141
-# define ASN1_F_D2I_ASN1_BOOLEAN                          142
-# define ASN1_F_D2I_ASN1_BYTES                            143
-# define ASN1_F_D2I_ASN1_GENERALIZEDTIME                  144
-# define ASN1_F_D2I_ASN1_HEADER                           145
-# define ASN1_F_D2I_ASN1_INTEGER                          146
-# define ASN1_F_D2I_ASN1_OBJECT                           147
-# define ASN1_F_D2I_ASN1_SET                              148
-# define ASN1_F_D2I_ASN1_TYPE_BYTES                       149
-# define ASN1_F_D2I_ASN1_UINTEGER                         150
-# define ASN1_F_D2I_ASN1_UTCTIME                          151
-# define ASN1_F_D2I_AUTOPRIVATEKEY                        207
-# define ASN1_F_D2I_NETSCAPE_RSA                          152
-# define ASN1_F_D2I_NETSCAPE_RSA_2                        153
-# define ASN1_F_D2I_PRIVATEKEY                            154
-# define ASN1_F_D2I_PUBLICKEY                             155
-# define ASN1_F_D2I_RSA_NET                               200
-# define ASN1_F_D2I_RSA_NET_2                             201
-# define ASN1_F_D2I_X509                                  156
-# define ASN1_F_D2I_X509_CINF                             157
-# define ASN1_F_D2I_X509_PKEY                             159
-# define ASN1_F_DO_BUF                                    221
-# define ASN1_F_I2D_ASN1_BIO_STREAM                       211
-# define ASN1_F_I2D_ASN1_BOOLEAN                          223
-# define ASN1_F_I2D_ASN1_OBJECT                           222
-# define ASN1_F_I2D_ASN1_SET                              188
-# define ASN1_F_I2D_ASN1_TIME                             160
-# define ASN1_F_I2D_DSA_PUBKEY                            161
-# define ASN1_F_I2D_EC_PUBKEY                             181
-# define ASN1_F_I2D_PRIVATEKEY                            163
-# define ASN1_F_I2D_PUBLICKEY                             164
-# define ASN1_F_I2D_RSA_NET                               162
-# define ASN1_F_I2D_RSA_PUBKEY                            165
-# define ASN1_F_LONG_C2I                                  166
-# define ASN1_F_OID_MODULE_INIT                           174
-# define ASN1_F_PARSE_TAGGING                             182
-# define ASN1_F_PKCS5_PBE2_SET_IV                         167
-# define ASN1_F_PKCS5_PBE_SET                             202
-# define ASN1_F_PKCS5_PBE_SET0_ALGOR                      215
-# define ASN1_F_PKCS5_PBKDF2_SET                          219
-# define ASN1_F_SMIME_READ_ASN1                           212
-# define ASN1_F_SMIME_TEXT                                213
-# define ASN1_F_X509_CINF_NEW                             168
-# define ASN1_F_X509_CRL_ADD0_REVOKED                     169
-# define ASN1_F_X509_INFO_NEW                             170
-# define ASN1_F_X509_NAME_ENCODE                          203
-# define ASN1_F_X509_NAME_EX_D2I                          158
-# define ASN1_F_X509_NAME_EX_NEW                          171
-# define ASN1_F_X509_NEW                                  172
-# define ASN1_F_X509_PKEY_NEW                             173
-
-/* Reason codes. */
-# define ASN1_R_ADDING_OBJECT                             171
-# define ASN1_R_ASN1_PARSE_ERROR                          203
-# define ASN1_R_ASN1_SIG_PARSE_ERROR                      204
-# define ASN1_R_AUX_ERROR                                 100
-# define ASN1_R_BAD_CLASS                                 101
-# define ASN1_R_BAD_OBJECT_HEADER                         102
-# define ASN1_R_BAD_PASSWORD_READ                         103
-# define ASN1_R_BAD_TAG                                   104
-# define ASN1_R_BMPSTRING_IS_WRONG_LENGTH                 214
-# define ASN1_R_BN_LIB                                    105
-# define ASN1_R_BOOLEAN_IS_WRONG_LENGTH                   106
-# define ASN1_R_BUFFER_TOO_SMALL                          107
-# define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER           108
-# define ASN1_R_CONTEXT_NOT_INITIALISED                   217
-# define ASN1_R_DATA_IS_WRONG                             109
-# define ASN1_R_DECODE_ERROR                              110
-# define ASN1_R_DECODING_ERROR                            111
-# define ASN1_R_DEPTH_EXCEEDED                            174
-# define ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED         198
-# define ASN1_R_ENCODE_ERROR                              112
-# define ASN1_R_ERROR_GETTING_TIME                        173
-# define ASN1_R_ERROR_LOADING_SECTION                     172
-# define ASN1_R_ERROR_PARSING_SET_ELEMENT                 113
-# define ASN1_R_ERROR_SETTING_CIPHER_PARAMS               114
-# define ASN1_R_EXPECTING_AN_INTEGER                      115
-# define ASN1_R_EXPECTING_AN_OBJECT                       116
-# define ASN1_R_EXPECTING_A_BOOLEAN                       117
-# define ASN1_R_EXPECTING_A_TIME                          118
-# define ASN1_R_EXPLICIT_LENGTH_MISMATCH                  119
-# define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED              120
-# define ASN1_R_FIELD_MISSING                             121
-# define ASN1_R_FIRST_NUM_TOO_LARGE                       122
-# define ASN1_R_HEADER_TOO_LONG                           123
-# define ASN1_R_ILLEGAL_BITSTRING_FORMAT                  175
-# define ASN1_R_ILLEGAL_BOOLEAN                           176
-# define ASN1_R_ILLEGAL_CHARACTERS                        124
-# define ASN1_R_ILLEGAL_FORMAT                            177
-# define ASN1_R_ILLEGAL_HEX                               178
-# define ASN1_R_ILLEGAL_IMPLICIT_TAG                      179
-# define ASN1_R_ILLEGAL_INTEGER                           180
-# define ASN1_R_ILLEGAL_NESTED_TAGGING                    181
-# define ASN1_R_ILLEGAL_NULL                              125
-# define ASN1_R_ILLEGAL_NULL_VALUE                        182
-# define ASN1_R_ILLEGAL_OBJECT                            183
-# define ASN1_R_ILLEGAL_OPTIONAL_ANY                      126
-# define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE          170
-# define ASN1_R_ILLEGAL_TAGGED_ANY                        127
-# define ASN1_R_ILLEGAL_TIME_VALUE                        184
-# define ASN1_R_INTEGER_NOT_ASCII_FORMAT                  185
-# define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG                128
-# define ASN1_R_INVALID_BIT_STRING_BITS_LEFT              220
-# define ASN1_R_INVALID_BMPSTRING_LENGTH                  129
-# define ASN1_R_INVALID_DIGIT                             130
-# define ASN1_R_INVALID_MIME_TYPE                         205
-# define ASN1_R_INVALID_MODIFIER                          186
-# define ASN1_R_INVALID_NUMBER                            187
-# define ASN1_R_INVALID_OBJECT_ENCODING                   216
-# define ASN1_R_INVALID_SEPARATOR                         131
-# define ASN1_R_INVALID_TIME_FORMAT                       132
-# define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH            133
-# define ASN1_R_INVALID_UTF8STRING                        134
-# define ASN1_R_IV_TOO_LARGE                              135
-# define ASN1_R_LENGTH_ERROR                              136
-# define ASN1_R_LIST_ERROR                                188
-# define ASN1_R_MIME_NO_CONTENT_TYPE                      206
-# define ASN1_R_MIME_PARSE_ERROR                          207
-# define ASN1_R_MIME_SIG_PARSE_ERROR                      208
-# define ASN1_R_MISSING_EOC                               137
-# define ASN1_R_MISSING_SECOND_NUMBER                     138
-# define ASN1_R_MISSING_VALUE                             189
-# define ASN1_R_MSTRING_NOT_UNIVERSAL                     139
-# define ASN1_R_MSTRING_WRONG_TAG                         140
-# define ASN1_R_NESTED_ASN1_STRING                        197
-# define ASN1_R_NESTED_TOO_DEEP                           219
-# define ASN1_R_NON_HEX_CHARACTERS                        141
-# define ASN1_R_NOT_ASCII_FORMAT                          190
-# define ASN1_R_NOT_ENOUGH_DATA                           142
-# define ASN1_R_NO_CONTENT_TYPE                           209
-# define ASN1_R_NO_DEFAULT_DIGEST                         201
-# define ASN1_R_NO_MATCHING_CHOICE_TYPE                   143
-# define ASN1_R_NO_MULTIPART_BODY_FAILURE                 210
-# define ASN1_R_NO_MULTIPART_BOUNDARY                     211
-# define ASN1_R_NO_SIG_CONTENT_TYPE                       212
-# define ASN1_R_NULL_IS_WRONG_LENGTH                      144
-# define ASN1_R_OBJECT_NOT_ASCII_FORMAT                   191
-# define ASN1_R_ODD_NUMBER_OF_CHARS                       145
-# define ASN1_R_PRIVATE_KEY_HEADER_MISSING                146
-# define ASN1_R_SECOND_NUMBER_TOO_LARGE                   147
-# define ASN1_R_SEQUENCE_LENGTH_MISMATCH                  148
-# define ASN1_R_SEQUENCE_NOT_CONSTRUCTED                  149
-# define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG              192
-# define ASN1_R_SHORT_LINE                                150
-# define ASN1_R_SIG_INVALID_MIME_TYPE                     213
-# define ASN1_R_STREAMING_NOT_SUPPORTED                   202
-# define ASN1_R_STRING_TOO_LONG                           151
-# define ASN1_R_STRING_TOO_SHORT                          152
-# define ASN1_R_TAG_VALUE_TOO_HIGH                        153
-# define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154
-# define ASN1_R_TIME_NOT_ASCII_FORMAT                     193
-# define ASN1_R_TOO_LONG                                  155
-# define ASN1_R_TYPE_NOT_CONSTRUCTED                      156
-# define ASN1_R_TYPE_NOT_PRIMITIVE                        218
-# define ASN1_R_UNABLE_TO_DECODE_RSA_KEY                  157
-# define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY          158
-# define ASN1_R_UNEXPECTED_EOC                            159
-# define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH           215
-# define ASN1_R_UNKNOWN_FORMAT                            160
-# define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM          161
-# define ASN1_R_UNKNOWN_OBJECT_TYPE                       162
-# define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE                   163
-# define ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM               199
-# define ASN1_R_UNKNOWN_TAG                               194
-# define ASN1_R_UNKOWN_FORMAT                             195
-# define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE           164
-# define ASN1_R_UNSUPPORTED_CIPHER                        165
-# define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM          166
-# define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE               167
-# define ASN1_R_UNSUPPORTED_TYPE                          196
-# define ASN1_R_WRONG_PUBLIC_KEY_TYPE                     200
-# define ASN1_R_WRONG_TAG                                 168
-# define ASN1_R_WRONG_TYPE                                169
-
-# ifdef  __cplusplus
-}
-# endif
-#endif
diff --git a/freebsd/crypto/openssl/crypto/asn1/asn1_err.c b/freebsd/crypto/openssl/crypto/asn1/asn1_err.c
index 197005ac..e13eca13 100644
--- a/freebsd/crypto/openssl/crypto/asn1/asn1_err.c
+++ b/freebsd/crypto/openssl/crypto/asn1/asn1_err.c
@@ -1,360 +1,352 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/asn1/asn1_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2018 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
 /*
- * NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
-#include <openssl/asn1.h>
+#include <openssl/asn1err.h>
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_ASN1,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_ASN1,0,reason)
-
-static ERR_STRING_DATA ASN1_str_functs[] = {
-    {ERR_FUNC(ASN1_F_A2D_ASN1_OBJECT), "a2d_ASN1_OBJECT"},
-    {ERR_FUNC(ASN1_F_A2I_ASN1_ENUMERATED), "a2i_ASN1_ENUMERATED"},
-    {ERR_FUNC(ASN1_F_A2I_ASN1_INTEGER), "a2i_ASN1_INTEGER"},
-    {ERR_FUNC(ASN1_F_A2I_ASN1_STRING), "a2i_ASN1_STRING"},
-    {ERR_FUNC(ASN1_F_APPEND_EXP), "APPEND_EXP"},
-    {ERR_FUNC(ASN1_F_ASN1_BIT_STRING_SET_BIT), "ASN1_BIT_STRING_set_bit"},
-    {ERR_FUNC(ASN1_F_ASN1_CB), "ASN1_CB"},
-    {ERR_FUNC(ASN1_F_ASN1_CHECK_TLEN), "ASN1_CHECK_TLEN"},
-    {ERR_FUNC(ASN1_F_ASN1_COLLATE_PRIMITIVE), "ASN1_COLLATE_PRIMITIVE"},
-    {ERR_FUNC(ASN1_F_ASN1_COLLECT), "ASN1_COLLECT"},
-    {ERR_FUNC(ASN1_F_ASN1_D2I_EX_PRIMITIVE), "ASN1_D2I_EX_PRIMITIVE"},
-    {ERR_FUNC(ASN1_F_ASN1_D2I_FP), "ASN1_d2i_fp"},
-    {ERR_FUNC(ASN1_F_ASN1_D2I_READ_BIO), "ASN1_D2I_READ_BIO"},
-    {ERR_FUNC(ASN1_F_ASN1_DIGEST), "ASN1_digest"},
-    {ERR_FUNC(ASN1_F_ASN1_DO_ADB), "ASN1_DO_ADB"},
-    {ERR_FUNC(ASN1_F_ASN1_DUP), "ASN1_dup"},
-    {ERR_FUNC(ASN1_F_ASN1_ENUMERATED_SET), "ASN1_ENUMERATED_set"},
-    {ERR_FUNC(ASN1_F_ASN1_ENUMERATED_TO_BN), "ASN1_ENUMERATED_to_BN"},
-    {ERR_FUNC(ASN1_F_ASN1_EX_C2I), "ASN1_EX_C2I"},
-    {ERR_FUNC(ASN1_F_ASN1_FIND_END), "ASN1_FIND_END"},
-    {ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_ADJ), "ASN1_GENERALIZEDTIME_adj"},
-    {ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_SET), "ASN1_GENERALIZEDTIME_set"},
-    {ERR_FUNC(ASN1_F_ASN1_GENERATE_V3), "ASN1_generate_v3"},
-    {ERR_FUNC(ASN1_F_ASN1_GET_OBJECT), "ASN1_get_object"},
-    {ERR_FUNC(ASN1_F_ASN1_HEADER_NEW), "ASN1_HEADER_NEW"},
-    {ERR_FUNC(ASN1_F_ASN1_I2D_BIO), "ASN1_i2d_bio"},
-    {ERR_FUNC(ASN1_F_ASN1_I2D_FP), "ASN1_i2d_fp"},
-    {ERR_FUNC(ASN1_F_ASN1_INTEGER_SET), "ASN1_INTEGER_set"},
-    {ERR_FUNC(ASN1_F_ASN1_INTEGER_TO_BN), "ASN1_INTEGER_to_BN"},
-    {ERR_FUNC(ASN1_F_ASN1_ITEM_D2I_FP), "ASN1_item_d2i_fp"},
-    {ERR_FUNC(ASN1_F_ASN1_ITEM_DUP), "ASN1_item_dup"},
-    {ERR_FUNC(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW), "ASN1_ITEM_EX_COMBINE_NEW"},
-    {ERR_FUNC(ASN1_F_ASN1_ITEM_EX_D2I), "ASN1_ITEM_EX_D2I"},
-    {ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_BIO), "ASN1_item_i2d_bio"},
-    {ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_FP), "ASN1_item_i2d_fp"},
-    {ERR_FUNC(ASN1_F_ASN1_ITEM_PACK), "ASN1_item_pack"},
-    {ERR_FUNC(ASN1_F_ASN1_ITEM_SIGN), "ASN1_item_sign"},
-    {ERR_FUNC(ASN1_F_ASN1_ITEM_SIGN_CTX), "ASN1_item_sign_ctx"},
-    {ERR_FUNC(ASN1_F_ASN1_ITEM_UNPACK), "ASN1_item_unpack"},
-    {ERR_FUNC(ASN1_F_ASN1_ITEM_VERIFY), "ASN1_item_verify"},
-    {ERR_FUNC(ASN1_F_ASN1_MBSTRING_NCOPY), "ASN1_mbstring_ncopy"},
-    {ERR_FUNC(ASN1_F_ASN1_OBJECT_NEW), "ASN1_OBJECT_new"},
-    {ERR_FUNC(ASN1_F_ASN1_OUTPUT_DATA), "ASN1_OUTPUT_DATA"},
-    {ERR_FUNC(ASN1_F_ASN1_PACK_STRING), "ASN1_pack_string"},
-    {ERR_FUNC(ASN1_F_ASN1_PCTX_NEW), "ASN1_PCTX_new"},
-    {ERR_FUNC(ASN1_F_ASN1_PKCS5_PBE_SET), "ASN1_PKCS5_PBE_SET"},
-    {ERR_FUNC(ASN1_F_ASN1_SEQ_PACK), "ASN1_seq_pack"},
-    {ERR_FUNC(ASN1_F_ASN1_SEQ_UNPACK), "ASN1_seq_unpack"},
-    {ERR_FUNC(ASN1_F_ASN1_SIGN), "ASN1_sign"},
-    {ERR_FUNC(ASN1_F_ASN1_STR2TYPE), "ASN1_STR2TYPE"},
-    {ERR_FUNC(ASN1_F_ASN1_STRING_SET), "ASN1_STRING_set"},
-    {ERR_FUNC(ASN1_F_ASN1_STRING_TABLE_ADD), "ASN1_STRING_TABLE_add"},
-    {ERR_FUNC(ASN1_F_ASN1_STRING_TYPE_NEW), "ASN1_STRING_type_new"},
-    {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_EX_D2I), "ASN1_TEMPLATE_EX_D2I"},
-    {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NEW), "ASN1_TEMPLATE_NEW"},
-    {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I), "ASN1_TEMPLATE_NOEXP_D2I"},
-    {ERR_FUNC(ASN1_F_ASN1_TIME_ADJ), "ASN1_TIME_adj"},
-    {ERR_FUNC(ASN1_F_ASN1_TIME_SET), "ASN1_TIME_set"},
-    {ERR_FUNC(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING),
+static const ERR_STRING_DATA ASN1_str_functs[] = {
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_A2D_ASN1_OBJECT, 0), "a2d_ASN1_OBJECT"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_A2I_ASN1_INTEGER, 0), "a2i_ASN1_INTEGER"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_A2I_ASN1_STRING, 0), "a2i_ASN1_STRING"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_APPEND_EXP, 0), "append_exp"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_BIO_INIT, 0), "asn1_bio_init"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_BIT_STRING_SET_BIT, 0),
+     "ASN1_BIT_STRING_set_bit"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_CB, 0), "asn1_cb"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_CHECK_TLEN, 0), "asn1_check_tlen"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_COLLECT, 0), "asn1_collect"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_D2I_EX_PRIMITIVE, 0),
+     "asn1_d2i_ex_primitive"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_D2I_FP, 0), "ASN1_d2i_fp"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_D2I_READ_BIO, 0), "asn1_d2i_read_bio"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_DIGEST, 0), "ASN1_digest"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_DO_ADB, 0), "asn1_do_adb"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_DO_LOCK, 0), "asn1_do_lock"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_DUP, 0), "ASN1_dup"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ENC_SAVE, 0), "asn1_enc_save"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_EX_C2I, 0), "asn1_ex_c2i"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_FIND_END, 0), "asn1_find_end"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_GENERALIZEDTIME_ADJ, 0),
+     "ASN1_GENERALIZEDTIME_adj"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_GENERATE_V3, 0), "ASN1_generate_v3"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_GET_INT64, 0), "asn1_get_int64"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_GET_OBJECT, 0), "ASN1_get_object"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_GET_UINT64, 0), "asn1_get_uint64"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_I2D_BIO, 0), "ASN1_i2d_bio"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_I2D_FP, 0), "ASN1_i2d_fp"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_D2I_FP, 0), "ASN1_item_d2i_fp"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_DUP, 0), "ASN1_item_dup"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_EMBED_D2I, 0),
+     "asn1_item_embed_d2i"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_EMBED_NEW, 0),
+     "asn1_item_embed_new"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_FLAGS_I2D, 0),
+     "asn1_item_flags_i2d"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_I2D_BIO, 0), "ASN1_item_i2d_bio"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_I2D_FP, 0), "ASN1_item_i2d_fp"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_PACK, 0), "ASN1_item_pack"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_SIGN, 0), "ASN1_item_sign"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_SIGN_CTX, 0),
+     "ASN1_item_sign_ctx"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_UNPACK, 0), "ASN1_item_unpack"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_VERIFY, 0), "ASN1_item_verify"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_MBSTRING_NCOPY, 0),
+     "ASN1_mbstring_ncopy"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_OBJECT_NEW, 0), "ASN1_OBJECT_new"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_OUTPUT_DATA, 0), "asn1_output_data"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_PCTX_NEW, 0), "ASN1_PCTX_new"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_PRIMITIVE_NEW, 0),
+     "asn1_primitive_new"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_SCTX_NEW, 0), "ASN1_SCTX_new"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_SIGN, 0), "ASN1_sign"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_STR2TYPE, 0), "asn1_str2type"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_STRING_GET_INT64, 0),
+     "asn1_string_get_int64"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_STRING_GET_UINT64, 0),
+     "asn1_string_get_uint64"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_STRING_SET, 0), "ASN1_STRING_set"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_STRING_TABLE_ADD, 0),
+     "ASN1_STRING_TABLE_add"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_STRING_TO_BN, 0), "asn1_string_to_bn"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_STRING_TYPE_NEW, 0),
+     "ASN1_STRING_type_new"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TEMPLATE_EX_D2I, 0),
+     "asn1_template_ex_d2i"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TEMPLATE_NEW, 0), "asn1_template_new"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, 0),
+     "asn1_template_noexp_d2i"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TIME_ADJ, 0), "ASN1_TIME_adj"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING, 0),
      "ASN1_TYPE_get_int_octetstring"},
-    {ERR_FUNC(ASN1_F_ASN1_TYPE_GET_OCTETSTRING), "ASN1_TYPE_get_octetstring"},
-    {ERR_FUNC(ASN1_F_ASN1_UNPACK_STRING), "ASN1_unpack_string"},
-    {ERR_FUNC(ASN1_F_ASN1_UTCTIME_ADJ), "ASN1_UTCTIME_adj"},
-    {ERR_FUNC(ASN1_F_ASN1_UTCTIME_SET), "ASN1_UTCTIME_set"},
-    {ERR_FUNC(ASN1_F_ASN1_VERIFY), "ASN1_verify"},
-    {ERR_FUNC(ASN1_F_B64_READ_ASN1), "B64_READ_ASN1"},
-    {ERR_FUNC(ASN1_F_B64_WRITE_ASN1), "B64_WRITE_ASN1"},
-    {ERR_FUNC(ASN1_F_BIO_NEW_NDEF), "BIO_new_NDEF"},
-    {ERR_FUNC(ASN1_F_BITSTR_CB), "BITSTR_CB"},
-    {ERR_FUNC(ASN1_F_BN_TO_ASN1_ENUMERATED), "BN_to_ASN1_ENUMERATED"},
-    {ERR_FUNC(ASN1_F_BN_TO_ASN1_INTEGER), "BN_to_ASN1_INTEGER"},
-    {ERR_FUNC(ASN1_F_C2I_ASN1_BIT_STRING), "c2i_ASN1_BIT_STRING"},
-    {ERR_FUNC(ASN1_F_C2I_ASN1_INTEGER), "c2i_ASN1_INTEGER"},
-    {ERR_FUNC(ASN1_F_C2I_ASN1_OBJECT), "c2i_ASN1_OBJECT"},
-    {ERR_FUNC(ASN1_F_COLLECT_DATA), "COLLECT_DATA"},
-    {ERR_FUNC(ASN1_F_D2I_ASN1_BIT_STRING), "D2I_ASN1_BIT_STRING"},
-    {ERR_FUNC(ASN1_F_D2I_ASN1_BOOLEAN), "d2i_ASN1_BOOLEAN"},
-    {ERR_FUNC(ASN1_F_D2I_ASN1_BYTES), "d2i_ASN1_bytes"},
-    {ERR_FUNC(ASN1_F_D2I_ASN1_GENERALIZEDTIME), "D2I_ASN1_GENERALIZEDTIME"},
-    {ERR_FUNC(ASN1_F_D2I_ASN1_HEADER), "D2I_ASN1_HEADER"},
-    {ERR_FUNC(ASN1_F_D2I_ASN1_INTEGER), "D2I_ASN1_INTEGER"},
-    {ERR_FUNC(ASN1_F_D2I_ASN1_OBJECT), "d2i_ASN1_OBJECT"},
-    {ERR_FUNC(ASN1_F_D2I_ASN1_SET), "d2i_ASN1_SET"},
-    {ERR_FUNC(ASN1_F_D2I_ASN1_TYPE_BYTES), "d2i_ASN1_type_bytes"},
-    {ERR_FUNC(ASN1_F_D2I_ASN1_UINTEGER), "d2i_ASN1_UINTEGER"},
-    {ERR_FUNC(ASN1_F_D2I_ASN1_UTCTIME), "D2I_ASN1_UTCTIME"},
-    {ERR_FUNC(ASN1_F_D2I_AUTOPRIVATEKEY), "d2i_AutoPrivateKey"},
-    {ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA), "d2i_Netscape_RSA"},
-    {ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA_2), "D2I_NETSCAPE_RSA_2"},
-    {ERR_FUNC(ASN1_F_D2I_PRIVATEKEY), "d2i_PrivateKey"},
-    {ERR_FUNC(ASN1_F_D2I_PUBLICKEY), "d2i_PublicKey"},
-    {ERR_FUNC(ASN1_F_D2I_RSA_NET), "d2i_RSA_NET"},
-    {ERR_FUNC(ASN1_F_D2I_RSA_NET_2), "D2I_RSA_NET_2"},
-    {ERR_FUNC(ASN1_F_D2I_X509), "D2I_X509"},
-    {ERR_FUNC(ASN1_F_D2I_X509_CINF), "D2I_X509_CINF"},
-    {ERR_FUNC(ASN1_F_D2I_X509_PKEY), "d2i_X509_PKEY"},
-    {ERR_FUNC(ASN1_F_DO_BUF), "DO_BUF"},
-    {ERR_FUNC(ASN1_F_I2D_ASN1_BIO_STREAM), "i2d_ASN1_bio_stream"},
-    {ERR_FUNC(ASN1_F_I2D_ASN1_BOOLEAN), "i2d_ASN1_BOOLEAN"},
-    {ERR_FUNC(ASN1_F_I2D_ASN1_OBJECT), "i2d_ASN1_OBJECT"},
-    {ERR_FUNC(ASN1_F_I2D_ASN1_SET), "i2d_ASN1_SET"},
-    {ERR_FUNC(ASN1_F_I2D_ASN1_TIME), "I2D_ASN1_TIME"},
-    {ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY), "i2d_DSA_PUBKEY"},
-    {ERR_FUNC(ASN1_F_I2D_EC_PUBKEY), "i2d_EC_PUBKEY"},
-    {ERR_FUNC(ASN1_F_I2D_PRIVATEKEY), "i2d_PrivateKey"},
-    {ERR_FUNC(ASN1_F_I2D_PUBLICKEY), "i2d_PublicKey"},
-    {ERR_FUNC(ASN1_F_I2D_RSA_NET), "i2d_RSA_NET"},
-    {ERR_FUNC(ASN1_F_I2D_RSA_PUBKEY), "i2d_RSA_PUBKEY"},
-    {ERR_FUNC(ASN1_F_LONG_C2I), "LONG_C2I"},
-    {ERR_FUNC(ASN1_F_OID_MODULE_INIT), "OID_MODULE_INIT"},
-    {ERR_FUNC(ASN1_F_PARSE_TAGGING), "PARSE_TAGGING"},
-    {ERR_FUNC(ASN1_F_PKCS5_PBE2_SET_IV), "PKCS5_pbe2_set_iv"},
-    {ERR_FUNC(ASN1_F_PKCS5_PBE_SET), "PKCS5_pbe_set"},
-    {ERR_FUNC(ASN1_F_PKCS5_PBE_SET0_ALGOR), "PKCS5_pbe_set0_algor"},
-    {ERR_FUNC(ASN1_F_PKCS5_PBKDF2_SET), "PKCS5_pbkdf2_set"},
-    {ERR_FUNC(ASN1_F_SMIME_READ_ASN1), "SMIME_read_ASN1"},
-    {ERR_FUNC(ASN1_F_SMIME_TEXT), "SMIME_text"},
-    {ERR_FUNC(ASN1_F_X509_CINF_NEW), "X509_CINF_NEW"},
-    {ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED), "X509_CRL_add0_revoked"},
-    {ERR_FUNC(ASN1_F_X509_INFO_NEW), "X509_INFO_new"},
-    {ERR_FUNC(ASN1_F_X509_NAME_ENCODE), "X509_NAME_ENCODE"},
-    {ERR_FUNC(ASN1_F_X509_NAME_EX_D2I), "X509_NAME_EX_D2I"},
-    {ERR_FUNC(ASN1_F_X509_NAME_EX_NEW), "X509_NAME_EX_NEW"},
-    {ERR_FUNC(ASN1_F_X509_NEW), "X509_NEW"},
-    {ERR_FUNC(ASN1_F_X509_PKEY_NEW), "X509_PKEY_new"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TYPE_GET_OCTETSTRING, 0),
+     "ASN1_TYPE_get_octetstring"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_UTCTIME_ADJ, 0), "ASN1_UTCTIME_adj"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_VERIFY, 0), "ASN1_verify"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_B64_READ_ASN1, 0), "b64_read_asn1"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_B64_WRITE_ASN1, 0), "B64_write_ASN1"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_BIO_NEW_NDEF, 0), "BIO_new_NDEF"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_BITSTR_CB, 0), "bitstr_cb"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_BN_TO_ASN1_STRING, 0), "bn_to_asn1_string"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_C2I_ASN1_BIT_STRING, 0),
+     "c2i_ASN1_BIT_STRING"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_C2I_ASN1_INTEGER, 0), "c2i_ASN1_INTEGER"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_C2I_ASN1_OBJECT, 0), "c2i_ASN1_OBJECT"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_C2I_IBUF, 0), "c2i_ibuf"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_C2I_UINT64_INT, 0), "c2i_uint64_int"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_COLLECT_DATA, 0), "collect_data"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_D2I_ASN1_OBJECT, 0), "d2i_ASN1_OBJECT"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_D2I_ASN1_UINTEGER, 0), "d2i_ASN1_UINTEGER"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_D2I_AUTOPRIVATEKEY, 0),
+     "d2i_AutoPrivateKey"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_D2I_PRIVATEKEY, 0), "d2i_PrivateKey"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_D2I_PUBLICKEY, 0), "d2i_PublicKey"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_DO_BUF, 0), "do_buf"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_DO_CREATE, 0), "do_create"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_DO_DUMP, 0), "do_dump"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_DO_TCREATE, 0), "do_tcreate"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2A_ASN1_OBJECT, 0), "i2a_ASN1_OBJECT"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_ASN1_BIO_STREAM, 0),
+     "i2d_ASN1_bio_stream"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_ASN1_OBJECT, 0), "i2d_ASN1_OBJECT"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_DSA_PUBKEY, 0), "i2d_DSA_PUBKEY"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_EC_PUBKEY, 0), "i2d_EC_PUBKEY"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_PRIVATEKEY, 0), "i2d_PrivateKey"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_PUBLICKEY, 0), "i2d_PublicKey"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_RSA_PUBKEY, 0), "i2d_RSA_PUBKEY"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_LONG_C2I, 0), "long_c2i"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_NDEF_PREFIX, 0), "ndef_prefix"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_NDEF_SUFFIX, 0), "ndef_suffix"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_OID_MODULE_INIT, 0), "oid_module_init"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_PARSE_TAGGING, 0), "parse_tagging"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_PKCS5_PBE2_SET_IV, 0), "PKCS5_pbe2_set_iv"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_PKCS5_PBE2_SET_SCRYPT, 0),
+     "PKCS5_pbe2_set_scrypt"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_PKCS5_PBE_SET, 0), "PKCS5_pbe_set"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_PKCS5_PBE_SET0_ALGOR, 0),
+     "PKCS5_pbe_set0_algor"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_PKCS5_PBKDF2_SET, 0), "PKCS5_pbkdf2_set"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_PKCS5_SCRYPT_SET, 0), "pkcs5_scrypt_set"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_SMIME_READ_ASN1, 0), "SMIME_read_ASN1"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_SMIME_TEXT, 0), "SMIME_text"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_STABLE_GET, 0), "stable_get"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_STBL_MODULE_INIT, 0), "stbl_module_init"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_UINT32_C2I, 0), "uint32_c2i"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_UINT32_NEW, 0), "uint32_new"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_UINT64_C2I, 0), "uint64_c2i"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_UINT64_NEW, 0), "uint64_new"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_X509_CRL_ADD0_REVOKED, 0),
+     "X509_CRL_add0_revoked"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_X509_INFO_NEW, 0), "X509_INFO_new"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_X509_NAME_ENCODE, 0), "x509_name_encode"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_X509_NAME_EX_D2I, 0), "x509_name_ex_d2i"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_X509_NAME_EX_NEW, 0), "x509_name_ex_new"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_X509_PKEY_NEW, 0), "X509_PKEY_new"},
     {0, NULL}
 };
 
-static ERR_STRING_DATA ASN1_str_reasons[] = {
-    {ERR_REASON(ASN1_R_ADDING_OBJECT), "adding object"},
-    {ERR_REASON(ASN1_R_ASN1_PARSE_ERROR), "asn1 parse error"},
-    {ERR_REASON(ASN1_R_ASN1_SIG_PARSE_ERROR), "asn1 sig parse error"},
-    {ERR_REASON(ASN1_R_AUX_ERROR), "aux error"},
-    {ERR_REASON(ASN1_R_BAD_CLASS), "bad class"},
-    {ERR_REASON(ASN1_R_BAD_OBJECT_HEADER), "bad object header"},
-    {ERR_REASON(ASN1_R_BAD_PASSWORD_READ), "bad password read"},
-    {ERR_REASON(ASN1_R_BAD_TAG), "bad tag"},
-    {ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH),
-     "bmpstring is wrong length"},
-    {ERR_REASON(ASN1_R_BN_LIB), "bn lib"},
-    {ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH), "boolean is wrong length"},
-    {ERR_REASON(ASN1_R_BUFFER_TOO_SMALL), "buffer too small"},
-    {ERR_REASON(ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),
-     "cipher has no object identifier"},
-    {ERR_REASON(ASN1_R_CONTEXT_NOT_INITIALISED), "context not initialised"},
-    {ERR_REASON(ASN1_R_DATA_IS_WRONG), "data is wrong"},
-    {ERR_REASON(ASN1_R_DECODE_ERROR), "decode error"},
-    {ERR_REASON(ASN1_R_DECODING_ERROR), "decoding error"},
-    {ERR_REASON(ASN1_R_DEPTH_EXCEEDED), "depth exceeded"},
-    {ERR_REASON(ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED),
-     "digest and key type not supported"},
-    {ERR_REASON(ASN1_R_ENCODE_ERROR), "encode error"},
-    {ERR_REASON(ASN1_R_ERROR_GETTING_TIME), "error getting time"},
-    {ERR_REASON(ASN1_R_ERROR_LOADING_SECTION), "error loading section"},
-    {ERR_REASON(ASN1_R_ERROR_PARSING_SET_ELEMENT),
-     "error parsing set element"},
-    {ERR_REASON(ASN1_R_ERROR_SETTING_CIPHER_PARAMS),
-     "error setting cipher params"},
-    {ERR_REASON(ASN1_R_EXPECTING_AN_INTEGER), "expecting an integer"},
-    {ERR_REASON(ASN1_R_EXPECTING_AN_OBJECT), "expecting an object"},
-    {ERR_REASON(ASN1_R_EXPECTING_A_BOOLEAN), "expecting a boolean"},
-    {ERR_REASON(ASN1_R_EXPECTING_A_TIME), "expecting a time"},
-    {ERR_REASON(ASN1_R_EXPLICIT_LENGTH_MISMATCH), "explicit length mismatch"},
-    {ERR_REASON(ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED),
-     "explicit tag not constructed"},
-    {ERR_REASON(ASN1_R_FIELD_MISSING), "field missing"},
-    {ERR_REASON(ASN1_R_FIRST_NUM_TOO_LARGE), "first num too large"},
-    {ERR_REASON(ASN1_R_HEADER_TOO_LONG), "header too long"},
-    {ERR_REASON(ASN1_R_ILLEGAL_BITSTRING_FORMAT), "illegal bitstring format"},
-    {ERR_REASON(ASN1_R_ILLEGAL_BOOLEAN), "illegal boolean"},
-    {ERR_REASON(ASN1_R_ILLEGAL_CHARACTERS), "illegal characters"},
-    {ERR_REASON(ASN1_R_ILLEGAL_FORMAT), "illegal format"},
-    {ERR_REASON(ASN1_R_ILLEGAL_HEX), "illegal hex"},
-    {ERR_REASON(ASN1_R_ILLEGAL_IMPLICIT_TAG), "illegal implicit tag"},
-    {ERR_REASON(ASN1_R_ILLEGAL_INTEGER), "illegal integer"},
-    {ERR_REASON(ASN1_R_ILLEGAL_NESTED_TAGGING), "illegal nested tagging"},
-    {ERR_REASON(ASN1_R_ILLEGAL_NULL), "illegal null"},
-    {ERR_REASON(ASN1_R_ILLEGAL_NULL_VALUE), "illegal null value"},
-    {ERR_REASON(ASN1_R_ILLEGAL_OBJECT), "illegal object"},
-    {ERR_REASON(ASN1_R_ILLEGAL_OPTIONAL_ANY), "illegal optional any"},
-    {ERR_REASON(ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE),
-     "illegal options on item template"},
-    {ERR_REASON(ASN1_R_ILLEGAL_TAGGED_ANY), "illegal tagged any"},
-    {ERR_REASON(ASN1_R_ILLEGAL_TIME_VALUE), "illegal time value"},
-    {ERR_REASON(ASN1_R_INTEGER_NOT_ASCII_FORMAT), "integer not ascii format"},
-    {ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG),
-     "integer too large for long"},
-    {ERR_REASON(ASN1_R_INVALID_BIT_STRING_BITS_LEFT),
-     "invalid bit string bits left"},
-    {ERR_REASON(ASN1_R_INVALID_BMPSTRING_LENGTH), "invalid bmpstring length"},
-    {ERR_REASON(ASN1_R_INVALID_DIGIT), "invalid digit"},
-    {ERR_REASON(ASN1_R_INVALID_MIME_TYPE), "invalid mime type"},
-    {ERR_REASON(ASN1_R_INVALID_MODIFIER), "invalid modifier"},
-    {ERR_REASON(ASN1_R_INVALID_NUMBER), "invalid number"},
-    {ERR_REASON(ASN1_R_INVALID_OBJECT_ENCODING), "invalid object encoding"},
-    {ERR_REASON(ASN1_R_INVALID_SEPARATOR), "invalid separator"},
-    {ERR_REASON(ASN1_R_INVALID_TIME_FORMAT), "invalid time format"},
-    {ERR_REASON(ASN1_R_INVALID_UNIVERSALSTRING_LENGTH),
-     "invalid universalstring length"},
-    {ERR_REASON(ASN1_R_INVALID_UTF8STRING), "invalid utf8string"},
-    {ERR_REASON(ASN1_R_IV_TOO_LARGE), "iv too large"},
-    {ERR_REASON(ASN1_R_LENGTH_ERROR), "length error"},
-    {ERR_REASON(ASN1_R_LIST_ERROR), "list error"},
-    {ERR_REASON(ASN1_R_MIME_NO_CONTENT_TYPE), "mime no content type"},
-    {ERR_REASON(ASN1_R_MIME_PARSE_ERROR), "mime parse error"},
-    {ERR_REASON(ASN1_R_MIME_SIG_PARSE_ERROR), "mime sig parse error"},
-    {ERR_REASON(ASN1_R_MISSING_EOC), "missing eoc"},
-    {ERR_REASON(ASN1_R_MISSING_SECOND_NUMBER), "missing second number"},
-    {ERR_REASON(ASN1_R_MISSING_VALUE), "missing value"},
-    {ERR_REASON(ASN1_R_MSTRING_NOT_UNIVERSAL), "mstring not universal"},
-    {ERR_REASON(ASN1_R_MSTRING_WRONG_TAG), "mstring wrong tag"},
-    {ERR_REASON(ASN1_R_NESTED_ASN1_STRING), "nested asn1 string"},
-    {ERR_REASON(ASN1_R_NESTED_TOO_DEEP), "nested too deep"},
-    {ERR_REASON(ASN1_R_NON_HEX_CHARACTERS), "non hex characters"},
-    {ERR_REASON(ASN1_R_NOT_ASCII_FORMAT), "not ascii format"},
-    {ERR_REASON(ASN1_R_NOT_ENOUGH_DATA), "not enough data"},
-    {ERR_REASON(ASN1_R_NO_CONTENT_TYPE), "no content type"},
-    {ERR_REASON(ASN1_R_NO_DEFAULT_DIGEST), "no default digest"},
-    {ERR_REASON(ASN1_R_NO_MATCHING_CHOICE_TYPE), "no matching choice type"},
-    {ERR_REASON(ASN1_R_NO_MULTIPART_BODY_FAILURE),
-     "no multipart body failure"},
-    {ERR_REASON(ASN1_R_NO_MULTIPART_BOUNDARY), "no multipart boundary"},
-    {ERR_REASON(ASN1_R_NO_SIG_CONTENT_TYPE), "no sig content type"},
-    {ERR_REASON(ASN1_R_NULL_IS_WRONG_LENGTH), "null is wrong length"},
-    {ERR_REASON(ASN1_R_OBJECT_NOT_ASCII_FORMAT), "object not ascii format"},
-    {ERR_REASON(ASN1_R_ODD_NUMBER_OF_CHARS), "odd number of chars"},
-    {ERR_REASON(ASN1_R_PRIVATE_KEY_HEADER_MISSING),
-     "private key header missing"},
-    {ERR_REASON(ASN1_R_SECOND_NUMBER_TOO_LARGE), "second number too large"},
-    {ERR_REASON(ASN1_R_SEQUENCE_LENGTH_MISMATCH), "sequence length mismatch"},
-    {ERR_REASON(ASN1_R_SEQUENCE_NOT_CONSTRUCTED), "sequence not constructed"},
-    {ERR_REASON(ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG),
-     "sequence or set needs config"},
-    {ERR_REASON(ASN1_R_SHORT_LINE), "short line"},
-    {ERR_REASON(ASN1_R_SIG_INVALID_MIME_TYPE), "sig invalid mime type"},
-    {ERR_REASON(ASN1_R_STREAMING_NOT_SUPPORTED), "streaming not supported"},
-    {ERR_REASON(ASN1_R_STRING_TOO_LONG), "string too long"},
-    {ERR_REASON(ASN1_R_STRING_TOO_SHORT), "string too short"},
-    {ERR_REASON(ASN1_R_TAG_VALUE_TOO_HIGH), "tag value too high"},
-    {ERR_REASON(ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),
-     "the asn1 object identifier is not known for this md"},
-    {ERR_REASON(ASN1_R_TIME_NOT_ASCII_FORMAT), "time not ascii format"},
-    {ERR_REASON(ASN1_R_TOO_LONG), "too long"},
-    {ERR_REASON(ASN1_R_TYPE_NOT_CONSTRUCTED), "type not constructed"},
-    {ERR_REASON(ASN1_R_TYPE_NOT_PRIMITIVE), "type not primitive"},
-    {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY), "unable to decode rsa key"},
-    {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),
-     "unable to decode rsa private key"},
-    {ERR_REASON(ASN1_R_UNEXPECTED_EOC), "unexpected eoc"},
-    {ERR_REASON(ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH),
-     "universalstring is wrong length"},
-    {ERR_REASON(ASN1_R_UNKNOWN_FORMAT), "unknown format"},
-    {ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),
-     "unknown message digest algorithm"},
-    {ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE), "unknown object type"},
-    {ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE), "unknown public key type"},
-    {ERR_REASON(ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM),
-     "unknown signature algorithm"},
-    {ERR_REASON(ASN1_R_UNKNOWN_TAG), "unknown tag"},
-    {ERR_REASON(ASN1_R_UNKOWN_FORMAT), "unknown format"},
-    {ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE),
-     "unsupported any defined by type"},
-    {ERR_REASON(ASN1_R_UNSUPPORTED_CIPHER), "unsupported cipher"},
-    {ERR_REASON(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM),
-     "unsupported encryption algorithm"},
-    {ERR_REASON(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE),
-     "unsupported public key type"},
-    {ERR_REASON(ASN1_R_UNSUPPORTED_TYPE), "unsupported type"},
-    {ERR_REASON(ASN1_R_WRONG_PUBLIC_KEY_TYPE), "wrong public key type"},
-    {ERR_REASON(ASN1_R_WRONG_TAG), "wrong tag"},
-    {ERR_REASON(ASN1_R_WRONG_TYPE), "wrong type"},
+static const ERR_STRING_DATA ASN1_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ADDING_OBJECT), "adding object"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ASN1_PARSE_ERROR), "asn1 parse error"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ASN1_SIG_PARSE_ERROR),
+    "asn1 sig parse error"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_AUX_ERROR), "aux error"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BAD_OBJECT_HEADER), "bad object header"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BMPSTRING_IS_WRONG_LENGTH),
+    "bmpstring is wrong length"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BN_LIB), "bn lib"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BOOLEAN_IS_WRONG_LENGTH),
+    "boolean is wrong length"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BUFFER_TOO_SMALL), "buffer too small"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),
+    "cipher has no object identifier"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_CONTEXT_NOT_INITIALISED),
+    "context not initialised"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_DATA_IS_WRONG), "data is wrong"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_DECODE_ERROR), "decode error"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_DEPTH_EXCEEDED), "depth exceeded"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED),
+    "digest and key type not supported"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ENCODE_ERROR), "encode error"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ERROR_GETTING_TIME),
+    "error getting time"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ERROR_LOADING_SECTION),
+    "error loading section"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ERROR_SETTING_CIPHER_PARAMS),
+    "error setting cipher params"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_EXPECTING_AN_INTEGER),
+    "expecting an integer"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_EXPECTING_AN_OBJECT),
+    "expecting an object"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_EXPLICIT_LENGTH_MISMATCH),
+    "explicit length mismatch"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED),
+    "explicit tag not constructed"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_FIELD_MISSING), "field missing"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_FIRST_NUM_TOO_LARGE),
+    "first num too large"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_HEADER_TOO_LONG), "header too long"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_BITSTRING_FORMAT),
+    "illegal bitstring format"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_BOOLEAN), "illegal boolean"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_CHARACTERS),
+    "illegal characters"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_FORMAT), "illegal format"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_HEX), "illegal hex"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_IMPLICIT_TAG),
+    "illegal implicit tag"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_INTEGER), "illegal integer"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_NEGATIVE_VALUE),
+    "illegal negative value"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_NESTED_TAGGING),
+    "illegal nested tagging"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_NULL), "illegal null"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_NULL_VALUE),
+    "illegal null value"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_OBJECT), "illegal object"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_OPTIONAL_ANY),
+    "illegal optional any"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE),
+    "illegal options on item template"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_PADDING), "illegal padding"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_TAGGED_ANY),
+    "illegal tagged any"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_TIME_VALUE),
+    "illegal time value"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_ZERO_CONTENT),
+    "illegal zero content"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INTEGER_NOT_ASCII_FORMAT),
+    "integer not ascii format"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG),
+    "integer too large for long"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_BIT_STRING_BITS_LEFT),
+    "invalid bit string bits left"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_BMPSTRING_LENGTH),
+    "invalid bmpstring length"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_DIGIT), "invalid digit"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_MIME_TYPE), "invalid mime type"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_MODIFIER), "invalid modifier"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_NUMBER), "invalid number"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_OBJECT_ENCODING),
+    "invalid object encoding"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_SCRYPT_PARAMETERS),
+    "invalid scrypt parameters"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_SEPARATOR), "invalid separator"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_STRING_TABLE_VALUE),
+    "invalid string table value"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_UNIVERSALSTRING_LENGTH),
+    "invalid universalstring length"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_UTF8STRING),
+    "invalid utf8string"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_VALUE), "invalid value"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_LIST_ERROR), "list error"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MIME_NO_CONTENT_TYPE),
+    "mime no content type"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MIME_PARSE_ERROR), "mime parse error"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MIME_SIG_PARSE_ERROR),
+    "mime sig parse error"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MISSING_EOC), "missing eoc"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MISSING_SECOND_NUMBER),
+    "missing second number"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MISSING_VALUE), "missing value"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MSTRING_NOT_UNIVERSAL),
+    "mstring not universal"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MSTRING_WRONG_TAG), "mstring wrong tag"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NESTED_ASN1_STRING),
+    "nested asn1 string"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NESTED_TOO_DEEP), "nested too deep"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NON_HEX_CHARACTERS),
+    "non hex characters"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NOT_ASCII_FORMAT), "not ascii format"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NOT_ENOUGH_DATA), "not enough data"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NO_CONTENT_TYPE), "no content type"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NO_MATCHING_CHOICE_TYPE),
+    "no matching choice type"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NO_MULTIPART_BODY_FAILURE),
+    "no multipart body failure"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NO_MULTIPART_BOUNDARY),
+    "no multipart boundary"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NO_SIG_CONTENT_TYPE),
+    "no sig content type"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NULL_IS_WRONG_LENGTH),
+    "null is wrong length"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_OBJECT_NOT_ASCII_FORMAT),
+    "object not ascii format"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ODD_NUMBER_OF_CHARS),
+    "odd number of chars"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SECOND_NUMBER_TOO_LARGE),
+    "second number too large"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SEQUENCE_LENGTH_MISMATCH),
+    "sequence length mismatch"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SEQUENCE_NOT_CONSTRUCTED),
+    "sequence not constructed"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG),
+    "sequence or set needs config"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SHORT_LINE), "short line"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SIG_INVALID_MIME_TYPE),
+    "sig invalid mime type"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_STREAMING_NOT_SUPPORTED),
+    "streaming not supported"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_STRING_TOO_LONG), "string too long"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_STRING_TOO_SHORT), "string too short"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),
+    "the asn1 object identifier is not known for this md"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TIME_NOT_ASCII_FORMAT),
+    "time not ascii format"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TOO_LARGE), "too large"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TOO_LONG), "too long"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TOO_SMALL), "too small"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TYPE_NOT_CONSTRUCTED),
+    "type not constructed"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TYPE_NOT_PRIMITIVE),
+    "type not primitive"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNEXPECTED_EOC), "unexpected eoc"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH),
+    "universalstring is wrong length"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_FORMAT), "unknown format"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),
+    "unknown message digest algorithm"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_OBJECT_TYPE),
+    "unknown object type"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE),
+    "unknown public key type"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM),
+    "unknown signature algorithm"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_TAG), "unknown tag"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE),
+    "unsupported any defined by type"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNSUPPORTED_CIPHER),
+    "unsupported cipher"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE),
+    "unsupported public key type"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNSUPPORTED_TYPE), "unsupported type"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_WRONG_INTEGER_TYPE),
+    "wrong integer type"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_WRONG_PUBLIC_KEY_TYPE),
+    "wrong public key type"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_WRONG_TAG), "wrong tag"},
     {0, NULL}
 };
 
 #endif
 
-void ERR_load_ASN1_strings(void)
+int ERR_load_ASN1_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
-
     if (ERR_func_error_string(ASN1_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, ASN1_str_functs);
-        ERR_load_strings(0, ASN1_str_reasons);
+        ERR_load_strings_const(ASN1_str_functs);
+        ERR_load_strings_const(ASN1_str_reasons);
     }
 #endif
+    return 1;
 }
diff --git a/freebsd/crypto/openssl/crypto/asn1/asn1_gen.c b/freebsd/crypto/openssl/crypto/asn1/asn1_gen.c
index c927a131..8ba1fae9 100644
--- a/freebsd/crypto/openssl/crypto/asn1/asn1_gen.c
+++ b/freebsd/crypto/openssl/crypto/asn1/asn1_gen.c
@@ -1,65 +1,15 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* asn1_gen.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2002.
- */
-/* ====================================================================
- * Copyright (c) 2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1.h>
 #include <openssl/x509v3.h>
 
@@ -114,7 +64,7 @@ typedef struct {
     int exp_count;
 } tag_exp_arg;
 
-static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth,
+static ASN1_TYPE *generate_v3(const char *str, X509V3_CTX *cnf, int depth,
                               int *perr);
 static int bitstr_cb(const char *elem, int len, void *bitstr);
 static int asn1_cb(const char *elem, int len, void *bitstr);
@@ -127,7 +77,7 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf,
 static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype);
 static int asn1_str2tag(const char *tagstr, int len);
 
-ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf)
+ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf)
 {
     X509V3_CTX cnf;
 
@@ -138,7 +88,7 @@ ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf)
     return ASN1_generate_v3(str, &cnf);
 }
 
-ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)
+ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf)
 {
     int err = 0;
     ASN1_TYPE *ret = generate_v3(str, cnf, 0, &err);
@@ -147,7 +97,7 @@ ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)
     return ret;
 }
 
-static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth,
+static ASN1_TYPE *generate_v3(const char *str, X509V3_CTX *cnf, int depth,
                               int *perr)
 {
     ASN1_TYPE *ret;
@@ -161,7 +111,7 @@ static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth,
     unsigned char *p;
     const unsigned char *cp;
     int cpy_len;
-    long hdr_len;
+    long hdr_len = 0;
     int hdr_constructed = 0, hdr_tag, hdr_class;
     int r;
 
@@ -245,7 +195,7 @@ static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth,
     /* Allocate buffer for new encoding */
 
     new_der = OPENSSL_malloc(len);
-    if (!new_der)
+    if (new_der == NULL)
         goto err;
 
     /* Generate tagged encoding */
@@ -282,10 +232,8 @@ static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth,
     ret = d2i_ASN1_TYPE(NULL, &cp, len);
 
  err:
-    if (orig_der)
-        OPENSSL_free(orig_der);
-    if (new_der)
-        OPENSSL_free(new_der);
+    OPENSSL_free(orig_der);
+    OPENSSL_free(new_der);
 
     return ret;
 
@@ -379,16 +327,16 @@ static int asn1_cb(const char *elem, int len, void *bitstr)
             ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_FORMAT);
             return -1;
         }
-        if (!strncmp(vstart, "ASCII", 5))
+        if (strncmp(vstart, "ASCII", 5) == 0)
             arg->format = ASN1_GEN_FORMAT_ASCII;
-        else if (!strncmp(vstart, "UTF8", 4))
+        else if (strncmp(vstart, "UTF8", 4) == 0)
             arg->format = ASN1_GEN_FORMAT_UTF8;
-        else if (!strncmp(vstart, "HEX", 3))
+        else if (strncmp(vstart, "HEX", 3) == 0)
             arg->format = ASN1_GEN_FORMAT_HEX;
-        else if (!strncmp(vstart, "BITLIST", 7))
+        else if (strncmp(vstart, "BITLIST", 7) == 0)
             arg->format = ASN1_GEN_FORMAT_BITLIST;
         else {
-            ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKOWN_FORMAT);
+            ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_FORMAT);
             return -1;
         }
         break;
@@ -445,7 +393,6 @@ static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass)
             ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_MODIFIER);
             ERR_add_error_data(2, "Char=", erch);
             return 0;
-            break;
 
         }
     } else
@@ -497,15 +444,12 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf,
 
     if (derlen < 0)
         goto bad;
-
-    if (!(ret = ASN1_TYPE_new()))
+    if ((ret = ASN1_TYPE_new()) == NULL)
         goto bad;
-
-    if (!(ret->value.asn1_string = ASN1_STRING_type_new(utype)))
+    if ((ret->value.asn1_string = ASN1_STRING_type_new(utype)) == NULL)
         goto bad;
 
     ret->type = utype;
-
     ret->value.asn1_string->data = der;
     ret->value.asn1_string->length = derlen;
 
@@ -513,13 +457,10 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf,
 
  bad:
 
-    if (der)
-        OPENSSL_free(der);
+    OPENSSL_free(der);
 
-    if (sk)
-        sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free);
-    if (sect)
-        X509V3_section_free(cnf, sect);
+    sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free);
+    X509V3_section_free(cnf, sect);
 
     return ret;
 }
@@ -628,8 +569,8 @@ static int asn1_str2tag(const char *tagstr, int len)
         len = strlen(tagstr);
 
     tntmp = tnst;
-    for (i = 0; i < sizeof(tnst) / sizeof(struct tag_name_st); i++, tntmp++) {
-        if ((len == tntmp->len) && !strncmp(tntmp->strnam, tagstr, len))
+    for (i = 0; i < OSSL_NELEM(tnst); i++, tntmp++) {
+        if ((len == tntmp->len) && (strncmp(tntmp->strnam, tagstr, len) == 0))
             return tntmp->tag;
     }
 
@@ -639,15 +580,12 @@ static int asn1_str2tag(const char *tagstr, int len)
 static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)
 {
     ASN1_TYPE *atmp = NULL;
-
     CONF_VALUE vtmp;
-
     unsigned char *rdata;
     long rdlen;
-
     int no_unused = 1;
 
-    if (!(atmp = ASN1_TYPE_new())) {
+    if ((atmp = ASN1_TYPE_new()) == NULL) {
         ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
@@ -684,7 +622,8 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)
             ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_INTEGER_NOT_ASCII_FORMAT);
             goto bad_form;
         }
-        if (!(atmp->value.integer = s2i_ASN1_INTEGER(NULL, (char *)str))) {
+        if ((atmp->value.integer
+                    = s2i_ASN1_INTEGER(NULL, str)) == NULL) {
             ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_INTEGER);
             goto bad_str;
         }
@@ -695,7 +634,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)
             ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_OBJECT_NOT_ASCII_FORMAT);
             goto bad_form;
         }
-        if (!(atmp->value.object = OBJ_txt2obj(str, 0))) {
+        if ((atmp->value.object = OBJ_txt2obj(str, 0)) == NULL) {
             ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_OBJECT);
             goto bad_str;
         }
@@ -707,7 +646,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)
             ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_TIME_NOT_ASCII_FORMAT);
             goto bad_form;
         }
-        if (!(atmp->value.asn1_string = ASN1_STRING_new())) {
+        if ((atmp->value.asn1_string = ASN1_STRING_new()) == NULL) {
             ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
             goto bad_str;
         }
@@ -732,7 +671,6 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)
     case V_ASN1_UNIVERSALSTRING:
     case V_ASN1_GENERALSTRING:
     case V_ASN1_NUMERICSTRING:
-
         if (format == ASN1_GEN_FORMAT_ASCII)
             format = MBSTRING_ASC;
         else if (format == ASN1_GEN_FORMAT_UTF8)
@@ -751,25 +689,20 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)
         break;
 
     case V_ASN1_BIT_STRING:
-
     case V_ASN1_OCTET_STRING:
-
-        if (!(atmp->value.asn1_string = ASN1_STRING_new())) {
+        if ((atmp->value.asn1_string = ASN1_STRING_new()) == NULL) {
             ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
             goto bad_form;
         }
 
         if (format == ASN1_GEN_FORMAT_HEX) {
-
-            if (!(rdata = string_to_hex((char *)str, &rdlen))) {
+            if ((rdata = OPENSSL_hexstr2buf(str, &rdlen)) == NULL) {
                 ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_HEX);
                 goto bad_str;
             }
-
             atmp->value.asn1_string->data = rdata;
             atmp->value.asn1_string->length = rdlen;
             atmp->value.asn1_string->type = utype;
-
         } else if (format == ASN1_GEN_FORMAT_ASCII)
             ASN1_STRING_set(atmp->value.asn1_string, str, -1);
         else if ((format == ASN1_GEN_FORMAT_BITLIST)
@@ -797,7 +730,6 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)
     default:
         ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_UNSUPPORTED_TYPE);
         goto bad_str;
-        break;
     }
 
     atmp->type = utype;
@@ -831,3 +763,29 @@ static int bitstr_cb(const char *elem, int len, void *bitstr)
     }
     return 1;
 }
+
+static int mask_cb(const char *elem, int len, void *arg)
+{
+    unsigned long *pmask = arg, tmpmask;
+    int tag;
+    if (elem == NULL)
+        return 0;
+    if ((len == 3) && (strncmp(elem, "DIR", 3) == 0)) {
+        *pmask |= B_ASN1_DIRECTORYSTRING;
+        return 1;
+    }
+    tag = asn1_str2tag(elem, len);
+    if (!tag || (tag & ASN1_GEN_FLAG))
+        return 0;
+    tmpmask = ASN1_tag2bit(tag);
+    if (!tmpmask)
+        return 0;
+    *pmask |= tmpmask;
+    return 1;
+}
+
+int ASN1_str2mask(const char *str, unsigned long *pmask)
+{
+    *pmask = 0;
+    return CONF_parse_list(str, '|', 1, mask_cb, pmask);
+}
diff --git a/freebsd/crypto/openssl/crypto/asn1/asn1_int.h b/freebsd/crypto/openssl/crypto/asn1/asn1_int.h
deleted file mode 100644
index c9fd8b12..00000000
--- a/freebsd/crypto/openssl/crypto/asn1/asn1_int.h
+++ /dev/null
@@ -1,63 +0,0 @@
-/* asn1t.h */
-/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2006.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* Internal ASN1 template structures and functions: not for application use */
-
-void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it,
-                            int combine);
diff --git a/freebsd/crypto/openssl/crypto/asn1/asn1_item_list.c b/freebsd/crypto/openssl/crypto/asn1/asn1_item_list.c
new file mode 100644
index 00000000..3f9f0fa6
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/asn1/asn1_item_list.c
@@ -0,0 +1,44 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/cms.h>
+#include <openssl/dh.h>
+#include <openssl/ocsp.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pkcs12.h>
+#include <openssl/rsa.h>
+#include <openssl/x509v3.h>
+
+#include "asn1_item_list.h"
+
+const ASN1_ITEM *ASN1_ITEM_lookup(const char *name)
+{
+    size_t i;
+
+    for (i = 0; i < OSSL_NELEM(asn1_item_list); i++) {
+        const ASN1_ITEM *it = ASN1_ITEM_ptr(asn1_item_list[i]);
+
+        if (strcmp(it->sname, name) == 0)
+            return it;
+    }
+    return NULL;
+}
+
+const ASN1_ITEM *ASN1_ITEM_get(size_t i)
+{
+    if (i >= OSSL_NELEM(asn1_item_list))
+        return NULL;
+    return ASN1_ITEM_ptr(asn1_item_list[i]);
+}
diff --git a/freebsd/crypto/openssl/crypto/asn1/asn1_item_list.h b/freebsd/crypto/openssl/crypto/asn1/asn1_item_list.h
new file mode 100644
index 00000000..db8107ed
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/asn1/asn1_item_list.h
@@ -0,0 +1,178 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+static ASN1_ITEM_EXP *asn1_item_list[] = {
+
+    ASN1_ITEM_ref(ACCESS_DESCRIPTION),
+#ifndef OPENSSL_NO_RFC3779
+    ASN1_ITEM_ref(ASIdOrRange),
+    ASN1_ITEM_ref(ASIdentifierChoice),
+    ASN1_ITEM_ref(ASIdentifiers),
+#endif
+    ASN1_ITEM_ref(ASN1_ANY),
+    ASN1_ITEM_ref(ASN1_BIT_STRING),
+    ASN1_ITEM_ref(ASN1_BMPSTRING),
+    ASN1_ITEM_ref(ASN1_BOOLEAN),
+    ASN1_ITEM_ref(ASN1_ENUMERATED),
+    ASN1_ITEM_ref(ASN1_FBOOLEAN),
+    ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
+    ASN1_ITEM_ref(ASN1_GENERALSTRING),
+    ASN1_ITEM_ref(ASN1_IA5STRING),
+    ASN1_ITEM_ref(ASN1_INTEGER),
+    ASN1_ITEM_ref(ASN1_NULL),
+    ASN1_ITEM_ref(ASN1_OBJECT),
+    ASN1_ITEM_ref(ASN1_OCTET_STRING_NDEF),
+    ASN1_ITEM_ref(ASN1_OCTET_STRING),
+    ASN1_ITEM_ref(ASN1_PRINTABLESTRING),
+    ASN1_ITEM_ref(ASN1_PRINTABLE),
+    ASN1_ITEM_ref(ASN1_SEQUENCE_ANY),
+    ASN1_ITEM_ref(ASN1_SEQUENCE),
+    ASN1_ITEM_ref(ASN1_SET_ANY),
+    ASN1_ITEM_ref(ASN1_T61STRING),
+    ASN1_ITEM_ref(ASN1_TBOOLEAN),
+    ASN1_ITEM_ref(ASN1_TIME),
+    ASN1_ITEM_ref(ASN1_UNIVERSALSTRING),
+    ASN1_ITEM_ref(ASN1_UTCTIME),
+    ASN1_ITEM_ref(ASN1_UTF8STRING),
+    ASN1_ITEM_ref(ASN1_VISIBLESTRING),
+#ifndef OPENSSL_NO_RFC3779
+    ASN1_ITEM_ref(ASRange),
+#endif
+    ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
+    ASN1_ITEM_ref(AUTHORITY_KEYID),
+    ASN1_ITEM_ref(BASIC_CONSTRAINTS),
+    ASN1_ITEM_ref(BIGNUM),
+    ASN1_ITEM_ref(CBIGNUM),
+    ASN1_ITEM_ref(CERTIFICATEPOLICIES),
+#ifndef OPENSSL_NO_CMS
+    ASN1_ITEM_ref(CMS_ContentInfo),
+    ASN1_ITEM_ref(CMS_ReceiptRequest),
+#endif
+    ASN1_ITEM_ref(CRL_DIST_POINTS),
+#ifndef OPENSSL_NO_DH
+    ASN1_ITEM_ref(DHparams),
+#endif
+    ASN1_ITEM_ref(DIRECTORYSTRING),
+    ASN1_ITEM_ref(DISPLAYTEXT),
+    ASN1_ITEM_ref(DIST_POINT_NAME),
+    ASN1_ITEM_ref(DIST_POINT),
+#ifndef OPENSSL_NO_EC
+    ASN1_ITEM_ref(ECPARAMETERS),
+    ASN1_ITEM_ref(ECPKPARAMETERS),
+#endif
+    ASN1_ITEM_ref(EDIPARTYNAME),
+    ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
+    ASN1_ITEM_ref(GENERAL_NAMES),
+    ASN1_ITEM_ref(GENERAL_NAME),
+    ASN1_ITEM_ref(GENERAL_SUBTREE),
+#ifndef OPENSSL_NO_RFC3779
+    ASN1_ITEM_ref(IPAddressChoice),
+    ASN1_ITEM_ref(IPAddressFamily),
+    ASN1_ITEM_ref(IPAddressOrRange),
+    ASN1_ITEM_ref(IPAddressRange),
+#endif
+    ASN1_ITEM_ref(ISSUING_DIST_POINT),
+#if OPENSSL_API_COMPAT < 0x10200000L
+    ASN1_ITEM_ref(LONG),
+#endif
+    ASN1_ITEM_ref(NAME_CONSTRAINTS),
+    ASN1_ITEM_ref(NETSCAPE_CERT_SEQUENCE),
+    ASN1_ITEM_ref(NETSCAPE_SPKAC),
+    ASN1_ITEM_ref(NETSCAPE_SPKI),
+    ASN1_ITEM_ref(NOTICEREF),
+#ifndef OPENSSL_NO_OCSP
+    ASN1_ITEM_ref(OCSP_BASICRESP),
+    ASN1_ITEM_ref(OCSP_CERTID),
+    ASN1_ITEM_ref(OCSP_CERTSTATUS),
+    ASN1_ITEM_ref(OCSP_CRLID),
+    ASN1_ITEM_ref(OCSP_ONEREQ),
+    ASN1_ITEM_ref(OCSP_REQINFO),
+    ASN1_ITEM_ref(OCSP_REQUEST),
+    ASN1_ITEM_ref(OCSP_RESPBYTES),
+    ASN1_ITEM_ref(OCSP_RESPDATA),
+    ASN1_ITEM_ref(OCSP_RESPID),
+    ASN1_ITEM_ref(OCSP_RESPONSE),
+    ASN1_ITEM_ref(OCSP_REVOKEDINFO),
+    ASN1_ITEM_ref(OCSP_SERVICELOC),
+    ASN1_ITEM_ref(OCSP_SIGNATURE),
+    ASN1_ITEM_ref(OCSP_SINGLERESP),
+#endif
+    ASN1_ITEM_ref(OTHERNAME),
+    ASN1_ITEM_ref(PBE2PARAM),
+    ASN1_ITEM_ref(PBEPARAM),
+    ASN1_ITEM_ref(PBKDF2PARAM),
+    ASN1_ITEM_ref(PKCS12_AUTHSAFES),
+    ASN1_ITEM_ref(PKCS12_BAGS),
+    ASN1_ITEM_ref(PKCS12_MAC_DATA),
+    ASN1_ITEM_ref(PKCS12_SAFEBAGS),
+    ASN1_ITEM_ref(PKCS12_SAFEBAG),
+    ASN1_ITEM_ref(PKCS12),
+    ASN1_ITEM_ref(PKCS7_ATTR_SIGN),
+    ASN1_ITEM_ref(PKCS7_ATTR_VERIFY),
+    ASN1_ITEM_ref(PKCS7_DIGEST),
+    ASN1_ITEM_ref(PKCS7_ENCRYPT),
+    ASN1_ITEM_ref(PKCS7_ENC_CONTENT),
+    ASN1_ITEM_ref(PKCS7_ENVELOPE),
+    ASN1_ITEM_ref(PKCS7_ISSUER_AND_SERIAL),
+    ASN1_ITEM_ref(PKCS7_RECIP_INFO),
+    ASN1_ITEM_ref(PKCS7_SIGNED),
+    ASN1_ITEM_ref(PKCS7_SIGNER_INFO),
+    ASN1_ITEM_ref(PKCS7_SIGN_ENVELOPE),
+    ASN1_ITEM_ref(PKCS7),
+    ASN1_ITEM_ref(PKCS8_PRIV_KEY_INFO),
+    ASN1_ITEM_ref(PKEY_USAGE_PERIOD),
+    ASN1_ITEM_ref(POLICYINFO),
+    ASN1_ITEM_ref(POLICYQUALINFO),
+    ASN1_ITEM_ref(POLICY_CONSTRAINTS),
+    ASN1_ITEM_ref(POLICY_MAPPINGS),
+    ASN1_ITEM_ref(POLICY_MAPPING),
+    ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION),
+    ASN1_ITEM_ref(PROXY_POLICY),
+#ifndef OPENSSL_NO_RSA
+    ASN1_ITEM_ref(RSAPrivateKey),
+    ASN1_ITEM_ref(RSAPublicKey),
+    ASN1_ITEM_ref(RSA_OAEP_PARAMS),
+    ASN1_ITEM_ref(RSA_PSS_PARAMS),
+#endif
+#ifndef OPENSSL_NO_SCRYPT
+    ASN1_ITEM_ref(SCRYPT_PARAMS),
+#endif
+    ASN1_ITEM_ref(SXNETID),
+    ASN1_ITEM_ref(SXNET),
+    ASN1_ITEM_ref(USERNOTICE),
+    ASN1_ITEM_ref(X509_ALGORS),
+    ASN1_ITEM_ref(X509_ALGOR),
+    ASN1_ITEM_ref(X509_ATTRIBUTE),
+    ASN1_ITEM_ref(X509_CERT_AUX),
+    ASN1_ITEM_ref(X509_CINF),
+    ASN1_ITEM_ref(X509_CRL_INFO),
+    ASN1_ITEM_ref(X509_CRL),
+    ASN1_ITEM_ref(X509_EXTENSIONS),
+    ASN1_ITEM_ref(X509_EXTENSION),
+    ASN1_ITEM_ref(X509_NAME_ENTRY),
+    ASN1_ITEM_ref(X509_NAME),
+    ASN1_ITEM_ref(X509_PUBKEY),
+    ASN1_ITEM_ref(X509_REQ_INFO),
+    ASN1_ITEM_ref(X509_REQ),
+    ASN1_ITEM_ref(X509_REVOKED),
+    ASN1_ITEM_ref(X509_SIG),
+    ASN1_ITEM_ref(X509_VAL),
+    ASN1_ITEM_ref(X509),
+#if OPENSSL_API_COMPAT < 0x10200000L
+    ASN1_ITEM_ref(ZLONG),
+#endif
+    ASN1_ITEM_ref(INT32),
+    ASN1_ITEM_ref(UINT32),
+    ASN1_ITEM_ref(ZINT32),
+    ASN1_ITEM_ref(ZUINT32),
+    ASN1_ITEM_ref(INT64),
+    ASN1_ITEM_ref(UINT64),
+    ASN1_ITEM_ref(ZINT64),
+    ASN1_ITEM_ref(ZUINT64),
+};
diff --git a/freebsd/crypto/openssl/crypto/asn1/asn1_lib.c b/freebsd/crypto/openssl/crypto/asn1/asn1_lib.c
index 9488dd7b..ebf1fd56 100644
--- a/freebsd/crypto/openssl/crypto/asn1/asn1_lib.c
+++ b/freebsd/crypto/openssl/crypto/asn1/asn1_lib.c
@@ -1,73 +1,23 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/asn1/asn1_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <limits.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1.h>
-#include <openssl/asn1_mac.h>
+#include "asn1_locl.h"
 
 static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
                            long max);
 static void asn1_put_length(unsigned char **pp, int length);
-const char ASN1_version[] = "ASN.1" OPENSSL_VERSION_PTEXT;
 
 static int _asn1_check_infinite_end(const unsigned char **p, long len)
 {
@@ -75,12 +25,12 @@ static int _asn1_check_infinite_end(const unsigned char **p, long len)
      * If there is 0 or 1 byte left, the length check should pick things up
      */
     if (len <= 0)
-        return (1);
+        return 1;
     else if ((len >= 2) && ((*p)[0] == 0) && ((*p)[1] == 0)) {
         (*p) += 2;
-        return (1);
+        return 1;
     }
-    return (0);
+    return 0;
 }
 
 int ASN1_check_infinite_end(unsigned char **p, long len)
@@ -139,12 +89,6 @@ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
     if (inf && !(ret & V_ASN1_CONSTRUCTED))
         goto err;
 
-#if 0
-    fprintf(stderr, "p=%d + *plength=%ld > omax=%ld + *pp=%d  (%d > %d)\n",
-            (int)p, *plength, omax, (int)*pp, (int)(p + *plength),
-            (int)(omax + *pp));
-
-#endif
     if (*plength > (omax - (p - *pp))) {
         ASN1err(ASN1_F_ASN1_GET_OBJECT, ASN1_R_TOO_LONG);
         /*
@@ -154,40 +98,54 @@ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
         ret |= 0x80;
     }
     *pp = p;
-    return (ret | inf);
+    return ret | inf;
  err:
     ASN1err(ASN1_F_ASN1_GET_OBJECT, ASN1_R_HEADER_TOO_LONG);
-    return (0x80);
+    return 0x80;
 }
 
+/*
+ * Decode a length field.
+ * The short form is a single byte defining a length 0 - 127.
+ * The long form is a byte 0 - 127 with the top bit set and this indicates
+ * the number of following octets that contain the length.  These octets
+ * are stored most significant digit first.
+ */
 static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
                            long max)
 {
     const unsigned char *p = *pp;
     unsigned long ret = 0;
-    unsigned long i;
+    int i;
 
     if (max-- < 1)
         return 0;
     if (*p == 0x80) {
         *inf = 1;
-        ret = 0;
         p++;
     } else {
         *inf = 0;
         i = *p & 0x7f;
-        if (*(p++) & 0x80) {
-            if (i > sizeof(ret) || max < (long)i)
+        if (*p++ & 0x80) {
+            if (max < i + 1)
                 return 0;
-            while (i-- > 0) {
-                ret <<= 8L;
-                ret |= *(p++);
+            /* Skip leading zeroes */
+            while (i > 0 && *p == 0) {
+                p++;
+                i--;
             }
+            if (i > (int)sizeof(long))
+                return 0;
+            while (i > 0) {
+                ret <<= 8;
+                ret |= *p++;
+                i--;
+            }
+            if (ret > LONG_MAX)
+                return 0;
         } else
             ret = i;
     }
-    if (ret > LONG_MAX)
-        return 0;
     *pp = p;
     *rl = (long)ret;
     return 1;
@@ -284,57 +242,6 @@ int ASN1_object_size(int constructed, int length, int tag)
     return ret + length;
 }
 
-static int _asn1_Finish(ASN1_const_CTX *c)
-{
-    if ((c->inf == (1 | V_ASN1_CONSTRUCTED)) && (!c->eos)) {
-        if (!ASN1_const_check_infinite_end(&c->p, c->slen)) {
-            c->error = ERR_R_MISSING_ASN1_EOS;
-            return (0);
-        }
-    }
-    if (((c->slen != 0) && !(c->inf & 1)) || ((c->slen < 0) && (c->inf & 1))) {
-        c->error = ERR_R_ASN1_LENGTH_MISMATCH;
-        return (0);
-    }
-    return (1);
-}
-
-int asn1_Finish(ASN1_CTX *c)
-{
-    return _asn1_Finish((ASN1_const_CTX *)c);
-}
-
-int asn1_const_Finish(ASN1_const_CTX *c)
-{
-    return _asn1_Finish(c);
-}
-
-int asn1_GetSequence(ASN1_const_CTX *c, long *length)
-{
-    const unsigned char *q;
-
-    q = c->p;
-    c->inf = ASN1_get_object(&(c->p), &(c->slen), &(c->tag), &(c->xclass),
-                             *length);
-    if (c->inf & 0x80) {
-        c->error = ERR_R_BAD_GET_ASN1_OBJECT_CALL;
-        return (0);
-    }
-    if (c->tag != V_ASN1_SEQUENCE) {
-        c->error = ERR_R_EXPECTING_AN_ASN1_SEQUENCE;
-        return (0);
-    }
-    (*length) -= (c->p - q);
-    if (c->max && (*length < 0)) {
-        c->error = ERR_R_ASN1_LENGTH_MISMATCH;
-        return (0);
-    }
-    if (c->inf == (1 | V_ASN1_CONSTRUCTED))
-        c->slen = *length;
-    c->eos = 0;
-    return (1);
-}
-
 int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str)
 {
     if (str == NULL)
@@ -342,7 +249,9 @@ int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str)
     dst->type = str->type;
     if (!ASN1_STRING_set(dst, str->data, str->length))
         return 0;
-    dst->flags = str->flags;
+    /* Copy flags but preserve embed value */
+    dst->flags &= ASN1_STRING_FLAG_EMBED;
+    dst->flags |= str->flags & ~ASN1_STRING_FLAG_EMBED;
     return 1;
 }
 
@@ -352,7 +261,7 @@ ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *str)
     if (!str)
         return NULL;
     ret = ASN1_STRING_new();
-    if (!ret)
+    if (ret == NULL)
         return NULL;
     if (!ASN1_STRING_copy(ret, str)) {
         ASN1_STRING_free(ret);
@@ -368,21 +277,17 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len)
 
     if (len < 0) {
         if (data == NULL)
-            return (0);
+            return 0;
         else
             len = strlen(data);
     }
     if ((str->length <= len) || (str->data == NULL)) {
         c = str->data;
-        if (c == NULL)
-            str->data = OPENSSL_malloc(len + 1);
-        else
-            str->data = OPENSSL_realloc(c, len + 1);
-
+        str->data = OPENSSL_realloc(c, len + 1);
         if (str->data == NULL) {
             ASN1err(ASN1_F_ASN1_STRING_SET, ERR_R_MALLOC_FAILURE);
             str->data = c;
-            return (0);
+            return 0;
         }
     }
     str->length = len;
@@ -391,50 +296,56 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len)
         /* an allowance for strings :-) */
         str->data[len] = '\0';
     }
-    return (1);
+    return 1;
 }
 
 void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len)
 {
-    if (str->data)
-        OPENSSL_free(str->data);
+    OPENSSL_free(str->data);
     str->data = data;
     str->length = len;
 }
 
 ASN1_STRING *ASN1_STRING_new(void)
 {
-    return (ASN1_STRING_type_new(V_ASN1_OCTET_STRING));
+    return ASN1_STRING_type_new(V_ASN1_OCTET_STRING);
 }
 
 ASN1_STRING *ASN1_STRING_type_new(int type)
 {
     ASN1_STRING *ret;
 
-    ret = (ASN1_STRING *)OPENSSL_malloc(sizeof(ASN1_STRING));
+    ret = OPENSSL_zalloc(sizeof(*ret));
     if (ret == NULL) {
         ASN1err(ASN1_F_ASN1_STRING_TYPE_NEW, ERR_R_MALLOC_FAILURE);
-        return (NULL);
+        return NULL;
     }
-    ret->length = 0;
     ret->type = type;
-    ret->data = NULL;
-    ret->flags = 0;
-    return (ret);
+    return ret;
 }
 
-void ASN1_STRING_free(ASN1_STRING *a)
+void asn1_string_embed_free(ASN1_STRING *a, int embed)
 {
     if (a == NULL)
         return;
-    if (a->data && !(a->flags & ASN1_STRING_FLAG_NDEF))
+    if (!(a->flags & ASN1_STRING_FLAG_NDEF))
         OPENSSL_free(a->data);
-    OPENSSL_free(a);
+    if (embed == 0)
+        OPENSSL_free(a);
+}
+
+void ASN1_STRING_free(ASN1_STRING *a)
+{
+    if (a == NULL)
+        return;
+    asn1_string_embed_free(a, a->flags & ASN1_STRING_FLAG_EMBED);
 }
 
 void ASN1_STRING_clear_free(ASN1_STRING *a)
 {
-    if (a && a->data && !(a->flags & ASN1_STRING_FLAG_NDEF))
+    if (a == NULL)
+        return;
+    if (a->data && !(a->flags & ASN1_STRING_FLAG_NDEF))
         OPENSSL_cleanse(a->data, a->length);
     ASN1_STRING_free(a);
 }
@@ -447,39 +358,36 @@ int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
     if (i == 0) {
         i = memcmp(a->data, b->data, a->length);
         if (i == 0)
-            return (a->type - b->type);
+            return a->type - b->type;
         else
-            return (i);
+            return i;
     } else
-        return (i);
+        return i;
 }
 
-void asn1_add_error(const unsigned char *address, int offset)
+int ASN1_STRING_length(const ASN1_STRING *x)
 {
-    char buf1[DECIMAL_SIZE(address) + 1], buf2[DECIMAL_SIZE(offset) + 1];
-
-    BIO_snprintf(buf1, sizeof(buf1), "%lu", (unsigned long)address);
-    BIO_snprintf(buf2, sizeof(buf2), "%d", offset);
-    ERR_add_error_data(4, "address=", buf1, " offset=", buf2);
+    return x->length;
 }
 
-int ASN1_STRING_length(const ASN1_STRING *x)
+void ASN1_STRING_length_set(ASN1_STRING *x, int len)
 {
-    return M_ASN1_STRING_length(x);
+    x->length = len;
 }
 
-void ASN1_STRING_length_set(ASN1_STRING *x, int len)
+int ASN1_STRING_type(const ASN1_STRING *x)
 {
-    M_ASN1_STRING_length_set(x, len);
-    return;
+    return x->type;
 }
 
-int ASN1_STRING_type(ASN1_STRING *x)
+const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x)
 {
-    return M_ASN1_STRING_type(x);
+    return x->data;
 }
 
+# if OPENSSL_API_COMPAT < 0x10100000L
 unsigned char *ASN1_STRING_data(ASN1_STRING *x)
 {
-    return M_ASN1_STRING_data(x);
+    return x->data;
 }
+#endif
diff --git a/freebsd/crypto/openssl/crypto/asn1/asn1_locl.h b/freebsd/crypto/openssl/crypto/asn1/asn1_locl.h
index 4c004fab..cec14172 100644
--- a/freebsd/crypto/openssl/crypto/asn1/asn1_locl.h
+++ b/freebsd/crypto/openssl/crypto/asn1/asn1_locl.h
@@ -1,135 +1,83 @@
-/* asn1t.h */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2006.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2005-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 /* Internal ASN1 structures and functions: not for application use */
 
+int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d);
 int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d);
 int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d);
 
-/* ASN1 print context structure */
+/* ASN1 scan context structure */
 
-struct asn1_pctx_st {
+struct asn1_sctx_st {
+    /* The ASN1_ITEM associated with this field */
+    const ASN1_ITEM *it;
+    /* If ASN1_TEMPLATE associated with this field */
+    const ASN1_TEMPLATE *tt;
+    /* Various flags associated with field and context */
     unsigned long flags;
-    unsigned long nm_flags;
-    unsigned long cert_flags;
-    unsigned long oid_flags;
-    unsigned long str_flags;
-} /* ASN1_PCTX */ ;
+    /* If SEQUENCE OF or SET OF, field index */
+    int skidx;
+    /* ASN1 depth of field */
+    int depth;
+    /* Structure and field name */
+    const char *sname, *fname;
+    /* If a primitive type the type of underlying field */
+    int prim_type;
+    /* The field value itself */
+    ASN1_VALUE **field;
+    /* Callback to pass information to */
+    int (*scan_cb) (ASN1_SCTX *ctx);
+    /* Context specific application data */
+    void *app_data;
+} /* ASN1_SCTX */ ;
 
-/* ASN1 public key method structure */
+typedef struct mime_param_st MIME_PARAM;
+DEFINE_STACK_OF(MIME_PARAM)
+typedef struct mime_header_st MIME_HEADER;
+DEFINE_STACK_OF(MIME_HEADER)
 
-struct evp_pkey_asn1_method_st {
-    int pkey_id;
-    int pkey_base_id;
-    unsigned long pkey_flags;
-    char *pem_str;
-    char *info;
-    int (*pub_decode) (EVP_PKEY *pk, X509_PUBKEY *pub);
-    int (*pub_encode) (X509_PUBKEY *pub, const EVP_PKEY *pk);
-    int (*pub_cmp) (const EVP_PKEY *a, const EVP_PKEY *b);
-    int (*pub_print) (BIO *out, const EVP_PKEY *pkey, int indent,
-                      ASN1_PCTX *pctx);
-    int (*priv_decode) (EVP_PKEY *pk, PKCS8_PRIV_KEY_INFO *p8inf);
-    int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk);
-    int (*priv_print) (BIO *out, const EVP_PKEY *pkey, int indent,
-                       ASN1_PCTX *pctx);
-    int (*pkey_size) (const EVP_PKEY *pk);
-    int (*pkey_bits) (const EVP_PKEY *pk);
-    int (*param_decode) (EVP_PKEY *pkey,
-                         const unsigned char **pder, int derlen);
-    int (*param_encode) (const EVP_PKEY *pkey, unsigned char **pder);
-    int (*param_missing) (const EVP_PKEY *pk);
-    int (*param_copy) (EVP_PKEY *to, const EVP_PKEY *from);
-    int (*param_cmp) (const EVP_PKEY *a, const EVP_PKEY *b);
-    int (*param_print) (BIO *out, const EVP_PKEY *pkey, int indent,
-                        ASN1_PCTX *pctx);
-    int (*sig_print) (BIO *out,
-                      const X509_ALGOR *sigalg, const ASN1_STRING *sig,
-                      int indent, ASN1_PCTX *pctx);
-    void (*pkey_free) (EVP_PKEY *pkey);
-    int (*pkey_ctrl) (EVP_PKEY *pkey, int op, long arg1, void *arg2);
-    /* Legacy functions for old PEM */
-    int (*old_priv_decode) (EVP_PKEY *pkey,
-                            const unsigned char **pder, int derlen);
-    int (*old_priv_encode) (const EVP_PKEY *pkey, unsigned char **pder);
-    /* Custom ASN1 signature verification */
-    int (*item_verify) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
-                        X509_ALGOR *a, ASN1_BIT_STRING *sig, EVP_PKEY *pkey);
-    int (*item_sign) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
-                      X509_ALGOR *alg1, X509_ALGOR *alg2,
-                      ASN1_BIT_STRING *sig);
-} /* EVP_PKEY_ASN1_METHOD */ ;
+void asn1_string_embed_free(ASN1_STRING *a, int embed);
 
-/*
- * Method to handle CRL access. In general a CRL could be very large (several
- * Mb) and can consume large amounts of resources if stored in memory by
- * multiple processes. This method allows general CRL operations to be
- * redirected to more efficient callbacks: for example a CRL entry database.
- */
+int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it);
+int asn1_set_choice_selector(ASN1_VALUE **pval, int value,
+                             const ASN1_ITEM *it);
+
+ASN1_VALUE **asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
+
+const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt,
+                                 int nullerr);
+
+int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it);
+
+void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it);
+void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval,
+                     const ASN1_ITEM *it);
+int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen,
+                  const ASN1_ITEM *it);
+
+void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed);
+void asn1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed);
+void asn1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
+
+ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
+                             long length);
+int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp);
+ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
+                                     const unsigned char **pp, long length);
+int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp);
+ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
+                               long length);
 
-#define X509_CRL_METHOD_DYNAMIC         1
+/* Internal functions used by x_int64.c */
+int c2i_uint64_int(uint64_t *ret, int *neg, const unsigned char **pp, long len);
+int i2c_uint64_int(unsigned char *p, uint64_t r, int neg);
 
-struct x509_crl_method_st {
-    int flags;
-    int (*crl_init) (X509_CRL *crl);
-    int (*crl_free) (X509_CRL *crl);
-    int (*crl_lookup) (X509_CRL *crl, X509_REVOKED **ret,
-                       ASN1_INTEGER *ser, X509_NAME *issuer);
-    int (*crl_verify) (X509_CRL *crl, EVP_PKEY *pk);
-};
+ASN1_TIME *asn1_time_from_tm(ASN1_TIME *s, struct tm *ts, int type);
diff --git a/freebsd/crypto/openssl/crypto/asn1/asn1_mac.h b/freebsd/crypto/openssl/crypto/asn1/asn1_mac.h
deleted file mode 100644
index abc6dc35..00000000
--- a/freebsd/crypto/openssl/crypto/asn1/asn1_mac.h
+++ /dev/null
@@ -1,579 +0,0 @@
-/* crypto/asn1/asn1_mac.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_ASN1_MAC_H
-# define HEADER_ASN1_MAC_H
-
-# include <openssl/asn1.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-# ifndef ASN1_MAC_ERR_LIB
-#  define ASN1_MAC_ERR_LIB        ERR_LIB_ASN1
-# endif
-
-# define ASN1_MAC_H_err(f,r,line) \
-        ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),__FILE__,(line))
-
-# define M_ASN1_D2I_vars(a,type,func) \
-        ASN1_const_CTX c; \
-        type ret=NULL; \
-        \
-        c.pp=(const unsigned char **)pp; \
-        c.q= *(const unsigned char **)pp; \
-        c.error=ERR_R_NESTED_ASN1_ERROR; \
-        if ((a == NULL) || ((*a) == NULL)) \
-                { if ((ret=(type)func()) == NULL) \
-                        { c.line=__LINE__; goto err; } } \
-        else    ret=(*a);
-
-# define M_ASN1_D2I_Init() \
-        c.p= *(const unsigned char **)pp; \
-        c.max=(length == 0)?0:(c.p+length);
-
-# define M_ASN1_D2I_Finish_2(a) \
-        if (!asn1_const_Finish(&c)) \
-                { c.line=__LINE__; goto err; } \
-        *(const unsigned char **)pp=c.p; \
-        if (a != NULL) (*a)=ret; \
-        return(ret);
-
-# define M_ASN1_D2I_Finish(a,func,e) \
-        M_ASN1_D2I_Finish_2(a); \
-err:\
-        ASN1_MAC_H_err((e),c.error,c.line); \
-        asn1_add_error(*(const unsigned char **)pp,(int)(c.q- *pp)); \
-        if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \
-        return(NULL)
-
-# define M_ASN1_D2I_start_sequence() \
-        if (!asn1_GetSequence(&c,&length)) \
-                { c.line=__LINE__; goto err; }
-/* Begin reading ASN1 without a surrounding sequence */
-# define M_ASN1_D2I_begin() \
-        c.slen = length;
-
-/* End reading ASN1 with no check on length */
-# define M_ASN1_D2I_Finish_nolen(a, func, e) \
-        *pp=c.p; \
-        if (a != NULL) (*a)=ret; \
-        return(ret); \
-err:\
-        ASN1_MAC_H_err((e),c.error,c.line); \
-        asn1_add_error(*pp,(int)(c.q- *pp)); \
-        if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \
-        return(NULL)
-
-# define M_ASN1_D2I_end_sequence() \
-        (((c.inf&1) == 0)?(c.slen <= 0): \
-                (c.eos=ASN1_const_check_infinite_end(&c.p,c.slen)))
-
-/* Don't use this with d2i_ASN1_BOOLEAN() */
-# define M_ASN1_D2I_get(b, func) \
-        c.q=c.p; \
-        if (func(&(b),&c.p,c.slen) == NULL) \
-                {c.line=__LINE__; goto err; } \
-        c.slen-=(c.p-c.q);
-
-/* Don't use this with d2i_ASN1_BOOLEAN() */
-# define M_ASN1_D2I_get_x(type,b,func) \
-        c.q=c.p; \
-        if (((D2I_OF(type))func)(&(b),&c.p,c.slen) == NULL) \
-                {c.line=__LINE__; goto err; } \
-        c.slen-=(c.p-c.q);
-
-/* use this instead () */
-# define M_ASN1_D2I_get_int(b,func) \
-        c.q=c.p; \
-        if (func(&(b),&c.p,c.slen) < 0) \
-                {c.line=__LINE__; goto err; } \
-        c.slen-=(c.p-c.q);
-
-# define M_ASN1_D2I_get_opt(b,func,type) \
-        if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) \
-                == (V_ASN1_UNIVERSAL|(type)))) \
-                { \
-                M_ASN1_D2I_get(b,func); \
-                }
-
-# define M_ASN1_D2I_get_int_opt(b,func,type) \
-        if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) \
-                == (V_ASN1_UNIVERSAL|(type)))) \
-                { \
-                M_ASN1_D2I_get_int(b,func); \
-                }
-
-# define M_ASN1_D2I_get_imp(b,func, type) \
-        M_ASN1_next=(_tmp& V_ASN1_CONSTRUCTED)|type; \
-        c.q=c.p; \
-        if (func(&(b),&c.p,c.slen) == NULL) \
-                {c.line=__LINE__; M_ASN1_next_prev = _tmp; goto err; } \
-        c.slen-=(c.p-c.q);\
-        M_ASN1_next_prev=_tmp;
-
-# define M_ASN1_D2I_get_IMP_opt(b,func,tag,type) \
-        if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) == \
-                (V_ASN1_CONTEXT_SPECIFIC|(tag)))) \
-                { \
-                unsigned char _tmp = M_ASN1_next; \
-                M_ASN1_D2I_get_imp(b,func, type);\
-                }
-
-# define M_ASN1_D2I_get_set(r,func,free_func) \
-                M_ASN1_D2I_get_imp_set(r,func,free_func, \
-                        V_ASN1_SET,V_ASN1_UNIVERSAL);
-
-# define M_ASN1_D2I_get_set_type(type,r,func,free_func) \
-                M_ASN1_D2I_get_imp_set_type(type,r,func,free_func, \
-                        V_ASN1_SET,V_ASN1_UNIVERSAL);
-
-# define M_ASN1_D2I_get_set_opt(r,func,free_func) \
-        if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
-                V_ASN1_CONSTRUCTED|V_ASN1_SET)))\
-                { M_ASN1_D2I_get_set(r,func,free_func); }
-
-# define M_ASN1_D2I_get_set_opt_type(type,r,func,free_func) \
-        if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
-                V_ASN1_CONSTRUCTED|V_ASN1_SET)))\
-                { M_ASN1_D2I_get_set_type(type,r,func,free_func); }
-
-# define M_ASN1_I2D_len_SET_opt(a,f) \
-        if ((a != NULL) && (sk_num(a) != 0)) \
-                M_ASN1_I2D_len_SET(a,f);
-
-# define M_ASN1_I2D_put_SET_opt(a,f) \
-        if ((a != NULL) && (sk_num(a) != 0)) \
-                M_ASN1_I2D_put_SET(a,f);
-
-# define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \
-        if ((a != NULL) && (sk_num(a) != 0)) \
-                M_ASN1_I2D_put_SEQUENCE(a,f);
-
-# define M_ASN1_I2D_put_SEQUENCE_opt_type(type,a,f) \
-        if ((a != NULL) && (sk_##type##_num(a) != 0)) \
-                M_ASN1_I2D_put_SEQUENCE_type(type,a,f);
-
-# define M_ASN1_D2I_get_IMP_set_opt(b,func,free_func,tag) \
-        if ((c.slen != 0) && \
-                (M_ASN1_next == \
-                (V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\
-                { \
-                M_ASN1_D2I_get_imp_set(b,func,free_func,\
-                        tag,V_ASN1_CONTEXT_SPECIFIC); \
-                }
-
-# define M_ASN1_D2I_get_IMP_set_opt_type(type,b,func,free_func,tag) \
-        if ((c.slen != 0) && \
-                (M_ASN1_next == \
-                (V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\
-                { \
-                M_ASN1_D2I_get_imp_set_type(type,b,func,free_func,\
-                        tag,V_ASN1_CONTEXT_SPECIFIC); \
-                }
-
-# define M_ASN1_D2I_get_seq(r,func,free_func) \
-                M_ASN1_D2I_get_imp_set(r,func,free_func,\
-                        V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
-
-# define M_ASN1_D2I_get_seq_type(type,r,func,free_func) \
-                M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\
-                                            V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL)
-
-# define M_ASN1_D2I_get_seq_opt(r,func,free_func) \
-        if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
-                V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\
-                { M_ASN1_D2I_get_seq(r,func,free_func); }
-
-# define M_ASN1_D2I_get_seq_opt_type(type,r,func,free_func) \
-        if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
-                V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\
-                { M_ASN1_D2I_get_seq_type(type,r,func,free_func); }
-
-# define M_ASN1_D2I_get_IMP_set(r,func,free_func,x) \
-                M_ASN1_D2I_get_imp_set(r,func,free_func,\
-                        x,V_ASN1_CONTEXT_SPECIFIC);
-
-# define M_ASN1_D2I_get_IMP_set_type(type,r,func,free_func,x) \
-                M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\
-                        x,V_ASN1_CONTEXT_SPECIFIC);
-
-# define M_ASN1_D2I_get_imp_set(r,func,free_func,a,b) \
-        c.q=c.p; \
-        if (d2i_ASN1_SET(&(r),&c.p,c.slen,(char *(*)())func,\
-                (void (*)())free_func,a,b) == NULL) \
-                { c.line=__LINE__; goto err; } \
-        c.slen-=(c.p-c.q);
-
-# define M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,a,b) \
-        c.q=c.p; \
-        if (d2i_ASN1_SET_OF_##type(&(r),&c.p,c.slen,func,\
-                                   free_func,a,b) == NULL) \
-                { c.line=__LINE__; goto err; } \
-        c.slen-=(c.p-c.q);
-
-# define M_ASN1_D2I_get_set_strings(r,func,a,b) \
-        c.q=c.p; \
-        if (d2i_ASN1_STRING_SET(&(r),&c.p,c.slen,a,b) == NULL) \
-                { c.line=__LINE__; goto err; } \
-        c.slen-=(c.p-c.q);
-
-# define M_ASN1_D2I_get_EXP_opt(r,func,tag) \
-        if ((c.slen != 0L) && (M_ASN1_next == \
-                (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \
-                { \
-                int Tinf,Ttag,Tclass; \
-                long Tlen; \
-                \
-                c.q=c.p; \
-                Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
-                if (Tinf & 0x80) \
-                        { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
-                        c.line=__LINE__; goto err; } \
-                if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
-                                        Tlen = c.slen - (c.p - c.q) - 2; \
-                if (func(&(r),&c.p,Tlen) == NULL) \
-                        { c.line=__LINE__; goto err; } \
-                if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
-                        Tlen = c.slen - (c.p - c.q); \
-                        if(!ASN1_const_check_infinite_end(&c.p, Tlen)) \
-                                { c.error=ERR_R_MISSING_ASN1_EOS; \
-                                c.line=__LINE__; goto err; } \
-                }\
-                c.slen-=(c.p-c.q); \
-                }
-
-# define M_ASN1_D2I_get_EXP_set_opt(r,func,free_func,tag,b) \
-        if ((c.slen != 0) && (M_ASN1_next == \
-                (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \
-                { \
-                int Tinf,Ttag,Tclass; \
-                long Tlen; \
-                \
-                c.q=c.p; \
-                Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
-                if (Tinf & 0x80) \
-                        { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
-                        c.line=__LINE__; goto err; } \
-                if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
-                                        Tlen = c.slen - (c.p - c.q) - 2; \
-                if (d2i_ASN1_SET(&(r),&c.p,Tlen,(char *(*)())func, \
-                        (void (*)())free_func, \
-                        b,V_ASN1_UNIVERSAL) == NULL) \
-                        { c.line=__LINE__; goto err; } \
-                if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
-                        Tlen = c.slen - (c.p - c.q); \
-                        if(!ASN1_check_infinite_end(&c.p, Tlen)) \
-                                { c.error=ERR_R_MISSING_ASN1_EOS; \
-                                c.line=__LINE__; goto err; } \
-                }\
-                c.slen-=(c.p-c.q); \
-                }
-
-# define M_ASN1_D2I_get_EXP_set_opt_type(type,r,func,free_func,tag,b) \
-        if ((c.slen != 0) && (M_ASN1_next == \
-                (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \
-                { \
-                int Tinf,Ttag,Tclass; \
-                long Tlen; \
-                \
-                c.q=c.p; \
-                Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
-                if (Tinf & 0x80) \
-                        { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
-                        c.line=__LINE__; goto err; } \
-                if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
-                                        Tlen = c.slen - (c.p - c.q) - 2; \
-                if (d2i_ASN1_SET_OF_##type(&(r),&c.p,Tlen,func, \
-                        free_func,b,V_ASN1_UNIVERSAL) == NULL) \
-                        { c.line=__LINE__; goto err; } \
-                if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
-                        Tlen = c.slen - (c.p - c.q); \
-                        if(!ASN1_check_infinite_end(&c.p, Tlen)) \
-                                { c.error=ERR_R_MISSING_ASN1_EOS; \
-                                c.line=__LINE__; goto err; } \
-                }\
-                c.slen-=(c.p-c.q); \
-                }
-
-/* New macros */
-# define M_ASN1_New_Malloc(ret,type) \
-        if ((ret=(type *)OPENSSL_malloc(sizeof(type))) == NULL) \
-                { c.line=__LINE__; goto err2; }
-
-# define M_ASN1_New(arg,func) \
-        if (((arg)=func()) == NULL) return(NULL)
-
-# define M_ASN1_New_Error(a) \
-/*-     err:    ASN1_MAC_H_err((a),ERR_R_NESTED_ASN1_ERROR,c.line); \
-                return(NULL);*/ \
-        err2:   ASN1_MAC_H_err((a),ERR_R_MALLOC_FAILURE,c.line); \
-                return(NULL)
-
-/*
- * BIG UGLY WARNING! This is so damn ugly I wanna puke.  Unfortunately, some
- * macros that use ASN1_const_CTX still insist on writing in the input
- * stream.  ARGH! ARGH! ARGH! Let's get rid of this macro package. Please? --
- * Richard Levitte
- */
-# define M_ASN1_next             (*((unsigned char *)(c.p)))
-# define M_ASN1_next_prev        (*((unsigned char *)(c.q)))
-
-/*************************************************/
-
-# define M_ASN1_I2D_vars(a)      int r=0,ret=0; \
-                                unsigned char *p; \
-                                if (a == NULL) return(0)
-
-/* Length Macros */
-# define M_ASN1_I2D_len(a,f)     ret+=f(a,NULL)
-# define M_ASN1_I2D_len_IMP_opt(a,f)     if (a != NULL) M_ASN1_I2D_len(a,f)
-
-# define M_ASN1_I2D_len_SET(a,f) \
-                ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET);
-
-# define M_ASN1_I2D_len_SET_type(type,a,f) \
-                ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SET, \
-                                            V_ASN1_UNIVERSAL,IS_SET);
-
-# define M_ASN1_I2D_len_SEQUENCE(a,f) \
-                ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \
-                                  IS_SEQUENCE);
-
-# define M_ASN1_I2D_len_SEQUENCE_type(type,a,f) \
-                ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SEQUENCE, \
-                                            V_ASN1_UNIVERSAL,IS_SEQUENCE)
-
-# define M_ASN1_I2D_len_SEQUENCE_opt(a,f) \
-                if ((a != NULL) && (sk_num(a) != 0)) \
-                        M_ASN1_I2D_len_SEQUENCE(a,f);
-
-# define M_ASN1_I2D_len_SEQUENCE_opt_type(type,a,f) \
-                if ((a != NULL) && (sk_##type##_num(a) != 0)) \
-                        M_ASN1_I2D_len_SEQUENCE_type(type,a,f);
-
-# define M_ASN1_I2D_len_IMP_SET(a,f,x) \
-                ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET);
-
-# define M_ASN1_I2D_len_IMP_SET_type(type,a,f,x) \
-                ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \
-                                            V_ASN1_CONTEXT_SPECIFIC,IS_SET);
-
-# define M_ASN1_I2D_len_IMP_SET_opt(a,f,x) \
-                if ((a != NULL) && (sk_num(a) != 0)) \
-                        ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \
-                                          IS_SET);
-
-# define M_ASN1_I2D_len_IMP_SET_opt_type(type,a,f,x) \
-                if ((a != NULL) && (sk_##type##_num(a) != 0)) \
-                        ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \
-                                               V_ASN1_CONTEXT_SPECIFIC,IS_SET);
-
-# define M_ASN1_I2D_len_IMP_SEQUENCE(a,f,x) \
-                ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \
-                                  IS_SEQUENCE);
-
-# define M_ASN1_I2D_len_IMP_SEQUENCE_opt(a,f,x) \
-                if ((a != NULL) && (sk_num(a) != 0)) \
-                        ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \
-                                          IS_SEQUENCE);
-
-# define M_ASN1_I2D_len_IMP_SEQUENCE_opt_type(type,a,f,x) \
-                if ((a != NULL) && (sk_##type##_num(a) != 0)) \
-                        ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \
-                                                    V_ASN1_CONTEXT_SPECIFIC, \
-                                                    IS_SEQUENCE);
-
-# define M_ASN1_I2D_len_EXP_opt(a,f,mtag,v) \
-                if (a != NULL)\
-                        { \
-                        v=f(a,NULL); \
-                        ret+=ASN1_object_size(1,v,mtag); \
-                        }
-
-# define M_ASN1_I2D_len_EXP_SET_opt(a,f,mtag,tag,v) \
-                if ((a != NULL) && (sk_num(a) != 0))\
-                        { \
-                        v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL,IS_SET); \
-                        ret+=ASN1_object_size(1,v,mtag); \
-                        }
-
-# define M_ASN1_I2D_len_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \
-                if ((a != NULL) && (sk_num(a) != 0))\
-                        { \
-                        v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL, \
-                                       IS_SEQUENCE); \
-                        ret+=ASN1_object_size(1,v,mtag); \
-                        }
-
-# define M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \
-                if ((a != NULL) && (sk_##type##_num(a) != 0))\
-                        { \
-                        v=i2d_ASN1_SET_OF_##type(a,NULL,f,tag, \
-                                                 V_ASN1_UNIVERSAL, \
-                                                 IS_SEQUENCE); \
-                        ret+=ASN1_object_size(1,v,mtag); \
-                        }
-
-/* Put Macros */
-# define M_ASN1_I2D_put(a,f)     f(a,&p)
-
-# define M_ASN1_I2D_put_IMP_opt(a,f,t)   \
-                if (a != NULL) \
-                        { \
-                        unsigned char *q=p; \
-                        f(a,&p); \
-                        *q=(V_ASN1_CONTEXT_SPECIFIC|t|(*q&V_ASN1_CONSTRUCTED));\
-                        }
-
-# define M_ASN1_I2D_put_SET(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SET,\
-                        V_ASN1_UNIVERSAL,IS_SET)
-# define M_ASN1_I2D_put_SET_type(type,a,f) \
-     i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET)
-# define M_ASN1_I2D_put_IMP_SET(a,f,x) i2d_ASN1_SET(a,&p,f,x,\
-                        V_ASN1_CONTEXT_SPECIFIC,IS_SET)
-# define M_ASN1_I2D_put_IMP_SET_type(type,a,f,x) \
-     i2d_ASN1_SET_OF_##type(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET)
-# define M_ASN1_I2D_put_IMP_SEQUENCE(a,f,x) i2d_ASN1_SET(a,&p,f,x,\
-                        V_ASN1_CONTEXT_SPECIFIC,IS_SEQUENCE)
-
-# define M_ASN1_I2D_put_SEQUENCE(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SEQUENCE,\
-                                             V_ASN1_UNIVERSAL,IS_SEQUENCE)
-
-# define M_ASN1_I2D_put_SEQUENCE_type(type,a,f) \
-     i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \
-                            IS_SEQUENCE)
-
-# define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \
-                if ((a != NULL) && (sk_num(a) != 0)) \
-                        M_ASN1_I2D_put_SEQUENCE(a,f);
-
-# define M_ASN1_I2D_put_IMP_SET_opt(a,f,x) \
-                if ((a != NULL) && (sk_num(a) != 0)) \
-                        { i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \
-                                       IS_SET); }
-
-# define M_ASN1_I2D_put_IMP_SET_opt_type(type,a,f,x) \
-                if ((a != NULL) && (sk_##type##_num(a) != 0)) \
-                        { i2d_ASN1_SET_OF_##type(a,&p,f,x, \
-                                                 V_ASN1_CONTEXT_SPECIFIC, \
-                                                 IS_SET); }
-
-# define M_ASN1_I2D_put_IMP_SEQUENCE_opt(a,f,x) \
-                if ((a != NULL) && (sk_num(a) != 0)) \
-                        { i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \
-                                       IS_SEQUENCE); }
-
-# define M_ASN1_I2D_put_IMP_SEQUENCE_opt_type(type,a,f,x) \
-                if ((a != NULL) && (sk_##type##_num(a) != 0)) \
-                        { i2d_ASN1_SET_OF_##type(a,&p,f,x, \
-                                                 V_ASN1_CONTEXT_SPECIFIC, \
-                                                 IS_SEQUENCE); }
-
-# define M_ASN1_I2D_put_EXP_opt(a,f,tag,v) \
-                if (a != NULL) \
-                        { \
-                        ASN1_put_object(&p,1,v,tag,V_ASN1_CONTEXT_SPECIFIC); \
-                        f(a,&p); \
-                        }
-
-# define M_ASN1_I2D_put_EXP_SET_opt(a,f,mtag,tag,v) \
-                if ((a != NULL) && (sk_num(a) != 0)) \
-                        { \
-                        ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
-                        i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SET); \
-                        }
-
-# define M_ASN1_I2D_put_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \
-                if ((a != NULL) && (sk_num(a) != 0)) \
-                        { \
-                        ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
-                        i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SEQUENCE); \
-                        }
-
-# define M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \
-                if ((a != NULL) && (sk_##type##_num(a) != 0)) \
-                        { \
-                        ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
-                        i2d_ASN1_SET_OF_##type(a,&p,f,tag,V_ASN1_UNIVERSAL, \
-                                               IS_SEQUENCE); \
-                        }
-
-# define M_ASN1_I2D_seq_total() \
-                r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); \
-                if (pp == NULL) return(r); \
-                p= *pp; \
-                ASN1_put_object(&p,1,ret,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL)
-
-# define M_ASN1_I2D_INF_seq_start(tag,ctx) \
-                *(p++)=(V_ASN1_CONSTRUCTED|(tag)|(ctx)); \
-                *(p++)=0x80
-
-# define M_ASN1_I2D_INF_seq_end() *(p++)=0x00; *(p++)=0x00
-
-# define M_ASN1_I2D_finish()     *pp=p; \
-                                return(r);
-
-int asn1_GetSequence(ASN1_const_CTX *c, long *length);
-void asn1_add_error(const unsigned char *address, int offset);
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/freebsd/crypto/openssl/crypto/asn1/asn1_par.c b/freebsd/crypto/openssl/crypto/asn1/asn1_par.c
index ad53399e..273fde8a 100644
--- a/freebsd/crypto/openssl/crypto/asn1/asn1_par.c
+++ b/freebsd/crypto/openssl/crypto/asn1/asn1_par.c
@@ -1,65 +1,16 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/asn1/asn1_par.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/buffer.h>
 #include <openssl/objects.h>
 #include <openssl/asn1.h>
@@ -101,20 +52,20 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
 
     if (BIO_printf(bp, fmt, p) <= 0)
         goto err;
-    return (1);
+    return 1;
  err:
-    return (0);
+    return 0;
 }
 
 int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent)
 {
-    return (asn1_parse2(bp, &pp, len, 0, 0, indent, 0));
+    return asn1_parse2(bp, &pp, len, 0, 0, indent, 0);
 }
 
 int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent,
                     int dump)
 {
-    return (asn1_parse2(bp, &pp, len, 0, 0, indent, dump));
+    return asn1_parse2(bp, &pp, len, 0, 0, indent, dump);
 }
 
 static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
@@ -127,28 +78,19 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
     ASN1_OBJECT *o = NULL;
     ASN1_OCTET_STRING *os = NULL;
     /* ASN1_BMPSTRING *bmp=NULL; */
-    int dump_indent;
-
-#if 0
-    dump_indent = indent;
-#else
-    dump_indent = 6;            /* Because we know BIO_dump_indent() */
-#endif
+    int dump_indent, dump_cont = 0;
 
     if (depth > ASN1_PARSE_MAXDEPTH) {
-            BIO_puts(bp, "BAD RECURSION DEPTH\n");
-            return 0;
+        BIO_puts(bp, "BAD RECURSION DEPTH\n");
+        return 0;
     }
 
+    dump_indent = 6;            /* Because we know BIO_dump_indent() */
     p = *pp;
     tot = p + length;
-    op = p - 1;
-    while ((p < tot) && (op < p)) {
+    while (length > 0) {
         op = p;
         j = ASN1_get_object(&p, &len, &tag, &xclass, length);
-#ifdef LINT
-        j = j;
-#endif
         if (j & 0x80) {
             if (BIO_write(bp, "Error in encoding\n", 18) <= 0)
                 goto end;
@@ -175,7 +117,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
         if (!asn1_print_info(bp, tag, xclass, j, (indent) ? depth : 0))
             goto end;
         if (j & V_ASN1_CONSTRUCTED) {
-            const unsigned char *sp;
+            const unsigned char *sp = p;
 
             ep = p + len;
             if (BIO_write(bp, "\n", 1) <= 0)
@@ -186,7 +128,6 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
                 goto end;
             }
             if ((j == 0x21) && (len == 0)) {
-                sp = p;
                 for (;;) {
                     r = asn1_parse2(bp, &p, (long)(tot - p),
                                     offset + (p - *pp), depth + 1,
@@ -205,7 +146,8 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
 
                 while (p < ep) {
                     sp = p;
-                    r = asn1_parse2(bp, &p, tmp, offset + (p - *pp), depth + 1,
+                    r = asn1_parse2(bp, &p, tmp,
+                                    offset + (p - *pp), depth + 1,
                                     indent, dump);
                     if (r == 0) {
                         ret = 0;
@@ -239,19 +181,18 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
                         goto end;
                     i2a_ASN1_OBJECT(bp, o);
                 } else {
-                    if (BIO_write(bp, ":BAD OBJECT", 11) <= 0)
+                    if (BIO_puts(bp, ":BAD OBJECT") <= 0)
                         goto end;
+                    dump_cont = 1;
                 }
             } else if (tag == V_ASN1_BOOLEAN) {
-                int ii;
-
-                opp = op;
-                ii = d2i_ASN1_BOOLEAN(NULL, &opp, len + hl);
-                if (ii < 0) {
-                    if (BIO_write(bp, "Bad boolean\n", 12) <= 0)
+                if (len != 1) {
+                    if (BIO_puts(bp, ":BAD BOOLEAN") <= 0)
                         goto end;
+                    dump_cont = 1;
                 }
-                BIO_printf(bp, ":%d", ii);
+                if (len > 0)
+                    BIO_printf(bp, ":%u", p[0]);
             } else if (tag == V_ASN1_BMPSTRING) {
                 /* do the BMP thang */
             } else if (tag == V_ASN1_OCTET_STRING) {
@@ -308,10 +249,8 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
                         nl = 1;
                     }
                 }
-                if (os != NULL) {
-                    M_ASN1_OCTET_STRING_free(os);
-                    os = NULL;
-                }
+                ASN1_OCTET_STRING_free(os);
+                os = NULL;
             } else if (tag == V_ASN1_INTEGER) {
                 ASN1_INTEGER *bs;
                 int i;
@@ -333,10 +272,11 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
                             goto end;
                     }
                 } else {
-                    if (BIO_write(bp, "BAD INTEGER", 11) <= 0)
+                    if (BIO_puts(bp, ":BAD INTEGER") <= 0)
                         goto end;
+                    dump_cont = 1;
                 }
-                M_ASN1_INTEGER_free(bs);
+                ASN1_INTEGER_free(bs);
             } else if (tag == V_ASN1_ENUMERATED) {
                 ASN1_ENUMERATED *bs;
                 int i;
@@ -358,10 +298,11 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
                             goto end;
                     }
                 } else {
-                    if (BIO_write(bp, "BAD ENUMERATED", 14) <= 0)
+                    if (BIO_puts(bp, ":BAD ENUMERATED") <= 0)
                         goto end;
+                    dump_cont = 1;
                 }
-                M_ASN1_ENUMERATED_free(bs);
+                ASN1_ENUMERATED_free(bs);
             } else if (len > 0 && dump) {
                 if (!nl) {
                     if (BIO_write(bp, "\n", 1) <= 0)
@@ -373,6 +314,18 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
                     goto end;
                 nl = 1;
             }
+            if (dump_cont) {
+                int i;
+                const unsigned char *tmp = op + hl;
+                if (BIO_puts(bp, ":[") <= 0)
+                    goto end;
+                for (i = 0; i < len; i++) {
+                    if (BIO_printf(bp, "%02X", tmp[i]) <= 0)
+                        goto end;
+                }
+                if (BIO_puts(bp, "]") <= 0)
+                    goto end;
+            }
 
             if (!nl) {
                 if (BIO_write(bp, "\n", 1) <= 0)
@@ -388,12 +341,10 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
     }
     ret = 1;
  end:
-    if (o != NULL)
-        ASN1_OBJECT_free(o);
-    if (os != NULL)
-        M_ASN1_OCTET_STRING_free(os);
+    ASN1_OBJECT_free(o);
+    ASN1_OCTET_STRING_free(os);
     *pp = p;
-    return (ret);
+    return ret;
 }
 
 const char *ASN1_tag2str(int tag)
diff --git a/freebsd/crypto/openssl/crypto/asn1/asn_mime.c b/freebsd/crypto/openssl/crypto/asn1/asn_mime.c
index ca9df134..8e19950d 100644
--- a/freebsd/crypto/openssl/crypto/asn1/asn_mime.c
+++ b/freebsd/crypto/openssl/crypto/asn1/asn_mime.c
@@ -1,67 +1,23 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* asn_mime.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 1999-2018 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include <ctype.h>
-#include "cryptlib.h"
+#include "internal/ctype.h"
+#include "internal/cryptlib.h"
 #include <openssl/rand.h>
 #include <openssl/x509.h>
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
+#include "internal/evp_int.h"
+#include "internal/bio.h"
 #include "asn1_locl.h"
 
 /*
@@ -74,41 +30,35 @@
  * from parameter values. Quotes are stripped off
  */
 
-typedef struct {
+struct mime_param_st {
     char *param_name;           /* Param name e.g. "micalg" */
     char *param_value;          /* Param value e.g. "sha1" */
-} MIME_PARAM;
+};
 
-DECLARE_STACK_OF(MIME_PARAM)
-IMPLEMENT_STACK_OF(MIME_PARAM)
-
-typedef struct {
+struct mime_header_st {
     char *name;                 /* Name of line e.g. "content-type" */
     char *value;                /* Value of line e.g. "text/plain" */
     STACK_OF(MIME_PARAM) *params; /* Zero or more parameters */
-} MIME_HEADER;
-
-DECLARE_STACK_OF(MIME_HEADER)
-IMPLEMENT_STACK_OF(MIME_HEADER)
+};
 
 static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
                             const ASN1_ITEM *it);
 static char *strip_ends(char *name);
 static char *strip_start(char *name);
 static char *strip_end(char *name);
-static MIME_HEADER *mime_hdr_new(char *name, char *value);
-static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value);
+static MIME_HEADER *mime_hdr_new(const char *name, const char *value);
+static int mime_hdr_addparam(MIME_HEADER *mhdr, const char *name, const char *value);
 static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio);
 static int mime_hdr_cmp(const MIME_HEADER *const *a,
                         const MIME_HEADER *const *b);
 static int mime_param_cmp(const MIME_PARAM *const *a,
                           const MIME_PARAM *const *b);
 static void mime_param_free(MIME_PARAM *param);
-static int mime_bound_check(char *line, int linelen, char *bound, int blen);
-static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret);
-static int strip_eol(char *linebuf, int *plen);
-static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name);
-static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name);
+static int mime_bound_check(char *line, int linelen, const char *bound, int blen);
+static int multi_split(BIO *bio, const char *bound, STACK_OF(BIO) **ret);
+static int strip_eol(char *linebuf, int *plen, int flags);
+static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, const char *name);
+static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, const char *name);
 static void mime_hdr_free(MIME_HEADER *hdr);
 
 #define MAX_SMLEN 1024
@@ -153,7 +103,7 @@ static int B64_write_ASN1(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
     BIO *b64;
     int r;
     b64 = BIO_new(BIO_f_base64());
-    if (!b64) {
+    if (b64 == NULL) {
         ASN1err(ASN1_F_B64_WRITE_ASN1, ERR_R_MALLOC_FAILURE);
         return 0;
     }
@@ -184,7 +134,8 @@ static ASN1_VALUE *b64_read_asn1(BIO *bio, const ASN1_ITEM *it)
 {
     BIO *b64;
     ASN1_VALUE *val;
-    if (!(b64 = BIO_new(BIO_f_base64()))) {
+
+    if ((b64 = BIO_new(BIO_f_base64())) == NULL) {
         ASN1err(ASN1_F_B64_READ_ASN1, ERR_R_MALLOC_FAILURE);
         return 0;
     }
@@ -193,7 +144,7 @@ static ASN1_VALUE *b64_read_asn1(BIO *bio, const ASN1_ITEM *it)
     if (!val)
         ASN1err(ASN1_F_B64_READ_ASN1, ASN1_R_DECODE_ERROR);
     (void)BIO_flush(bio);
-    bio = BIO_pop(bio);
+    BIO_pop(bio);
     BIO_free(b64);
     return val;
 }
@@ -248,7 +199,6 @@ static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs)
         case NID_id_GostR3411_94:
             BIO_puts(out, "gostr3411-94");
             goto err;
-            break;
 
         default:
             if (have_unknown)
@@ -372,7 +322,7 @@ static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
     int rv = 1;
 
     /*
-     * If data is not deteched or resigning then the output BIO is already
+     * If data is not detached or resigning then the output BIO is already
      * set up to finalise when it is written through.
      */
     if (!(flags & SMIME_DETACHED) || (flags & PKCS7_REUSE_DIGEST)) {
@@ -432,12 +382,13 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it)
     if (bcont)
         *bcont = NULL;
 
-    if (!(headers = mime_parse_hdr(bio))) {
+    if ((headers = mime_parse_hdr(bio)) == NULL) {
         ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_MIME_PARSE_ERROR);
         return NULL;
     }
 
-    if (!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
+    if ((hdr = mime_hdr_find(headers, "content-type")) == NULL
+        || hdr->value == NULL) {
         sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
         ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_CONTENT_TYPE);
         return NULL;
@@ -445,7 +396,7 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it)
 
     /* Handle multipart/signed */
 
-    if (!strcmp(hdr->value, "multipart/signed")) {
+    if (strcmp(hdr->value, "multipart/signed") == 0) {
         /* Split into two parts */
         prm = mime_param_find(hdr, "boundary");
         if (!prm || !prm->param_value) {
@@ -464,7 +415,7 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it)
         /* Parse the signature piece */
         asnin = sk_BIO_value(parts, 1);
 
-        if (!(headers = mime_parse_hdr(asnin))) {
+        if ((headers = mime_parse_hdr(asnin)) == NULL) {
             ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_MIME_SIG_PARSE_ERROR);
             sk_BIO_pop_free(parts, BIO_vfree);
             return NULL;
@@ -472,7 +423,8 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it)
 
         /* Get content type */
 
-        if (!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
+        if ((hdr = mime_hdr_find(headers, "content-type")) == NULL
+            || hdr->value == NULL) {
             sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
             ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_SIG_CONTENT_TYPE);
             sk_BIO_pop_free(parts, BIO_vfree);
@@ -489,7 +441,7 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it)
         }
         sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
         /* Read in ASN1 */
-        if (!(val = b64_read_asn1(asnin, it))) {
+        if ((val = b64_read_asn1(asnin, it)) == NULL) {
             ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_ASN1_SIG_PARSE_ERROR);
             sk_BIO_pop_free(parts, BIO_vfree);
             return NULL;
@@ -516,7 +468,7 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it)
 
     sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
 
-    if (!(val = b64_read_asn1(bio, it))) {
+    if ((val = b64_read_asn1(bio, it)) == NULL) {
         ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_ASN1_PARSE_ERROR);
         return NULL;
     }
@@ -536,20 +488,32 @@ int SMIME_crlf_copy(BIO *in, BIO *out, int flags)
      * when streaming as we don't end up with one OCTET STRING per line.
      */
     bf = BIO_new(BIO_f_buffer());
-    if (!bf)
+    if (bf == NULL)
         return 0;
     out = BIO_push(bf, out);
     if (flags & SMIME_BINARY) {
         while ((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0)
             BIO_write(out, linebuf, len);
     } else {
+        int eolcnt = 0;
         if (flags & SMIME_TEXT)
             BIO_printf(out, "Content-Type: text/plain\r\n\r\n");
         while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) {
-            eol = strip_eol(linebuf, &len);
-            if (len)
+            eol = strip_eol(linebuf, &len, flags);
+            if (len) {
+                /* Not EOF: write out all CRLF */
+                if (flags & SMIME_ASCIICRLF) {
+                    int i;
+                    for (i = 0; i < eolcnt; i++)
+                        BIO_write(out, "\r\n", 2);
+                    eolcnt = 0;
+                }
                 BIO_write(out, linebuf, len);
-            if (eol)
+                if (eol)
+                    BIO_write(out, "\r\n", 2);
+            } else if (flags & SMIME_ASCIICRLF)
+                eolcnt++;
+            else if (eol)
                 BIO_write(out, "\r\n", 2);
         }
     }
@@ -567,11 +531,12 @@ int SMIME_text(BIO *in, BIO *out)
     STACK_OF(MIME_HEADER) *headers;
     MIME_HEADER *hdr;
 
-    if (!(headers = mime_parse_hdr(in))) {
+    if ((headers = mime_parse_hdr(in)) == NULL) {
         ASN1err(ASN1_F_SMIME_TEXT, ASN1_R_MIME_PARSE_ERROR);
         return 0;
     }
-    if (!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
+    if ((hdr = mime_hdr_find(headers, "content-type")) == NULL
+        || hdr->value == NULL) {
         ASN1err(ASN1_F_SMIME_TEXT, ASN1_R_MIME_NO_CONTENT_TYPE);
         sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
         return 0;
@@ -595,7 +560,7 @@ int SMIME_text(BIO *in, BIO *out)
  * canonical parts in a STACK of bios
  */
 
-static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret)
+static int multi_split(BIO *bio, const char *bound, STACK_OF(BIO) **ret)
 {
     char linebuf[MAX_SMLEN];
     int len, blen;
@@ -610,24 +575,32 @@ static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret)
     first = 1;
     parts = sk_BIO_new_null();
     *ret = parts;
+    if (*ret == NULL)
+        return 0;
     while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
         state = mime_bound_check(linebuf, len, bound, blen);
         if (state == 1) {
             first = 1;
             part++;
         } else if (state == 2) {
-            sk_BIO_push(parts, bpart);
+            if (!sk_BIO_push(parts, bpart)) {
+                BIO_free(bpart);
+                return 0;
+            }
             return 1;
         } else if (part) {
             /* Strip CR+LF from linebuf */
-            next_eol = strip_eol(linebuf, &len);
+            next_eol = strip_eol(linebuf, &len, 0);
             if (first) {
                 first = 0;
                 if (bpart)
-                    sk_BIO_push(parts, bpart);
+                    if (!sk_BIO_push(parts, bpart)) {
+                        BIO_free(bpart);
+                        return 0;
+                    }
                 bpart = BIO_new(BIO_s_mem());
                 if (bpart == NULL)
-                    return 1;
+                    return 0;
                 BIO_set_mem_eof_return(bpart, 0);
             } else if (eol)
                 BIO_write(bpart, "\r\n", 2);
@@ -636,6 +609,7 @@ static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret)
                 BIO_write(bpart, linebuf, len);
         }
     }
+    BIO_free(bpart);
     return 0;
 }
 
@@ -654,16 +628,16 @@ static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio)
     char *p, *q, c;
     char *ntmp;
     char linebuf[MAX_SMLEN];
-    MIME_HEADER *mhdr = NULL;
+    MIME_HEADER *mhdr = NULL, *new_hdr = NULL;
     STACK_OF(MIME_HEADER) *headers;
     int len, state, save_state = 0;
 
     headers = sk_MIME_HEADER_new(mime_hdr_cmp);
-    if (!headers)
+    if (headers == NULL)
         return NULL;
     while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
         /* If whitespace at line start then continuation line */
-        if (mhdr && isspace((unsigned char)linebuf[0]))
+        if (mhdr && ossl_isspace(linebuf[0]))
             state = MIME_NAME;
         else
             state = MIME_START;
@@ -691,8 +665,13 @@ static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio)
                 if (c == ';') {
                     mime_debug("Found End Value\n");
                     *p = 0;
-                    mhdr = mime_hdr_new(ntmp, strip_ends(q));
-                    sk_MIME_HEADER_push(headers, mhdr);
+                    new_hdr = mime_hdr_new(ntmp, strip_ends(q));
+                    if (new_hdr == NULL)
+                        goto err;
+                    if (!sk_MIME_HEADER_push(headers, new_hdr))
+                        goto err;
+                    mhdr = new_hdr;
+                    new_hdr = NULL;
                     ntmp = NULL;
                     q = p + 1;
                     state = MIME_NAME;
@@ -743,8 +722,13 @@ static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio)
         }
 
         if (state == MIME_TYPE) {
-            mhdr = mime_hdr_new(ntmp, strip_ends(q));
-            sk_MIME_HEADER_push(headers, mhdr);
+            new_hdr = mime_hdr_new(ntmp, strip_ends(q));
+            if (new_hdr == NULL)
+                goto err;
+            if (!sk_MIME_HEADER_push(headers, new_hdr))
+                goto err;
+            mhdr = new_hdr;
+            new_hdr = NULL;
         } else if (state == MIME_VALUE)
             mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
         if (p == linebuf)
@@ -753,6 +737,10 @@ static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio)
 
     return headers;
 
+err:
+    mime_hdr_free(new_hdr);
+    sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+    return NULL;
 }
 
 static char *strip_ends(char *name)
@@ -773,7 +761,7 @@ static char *strip_start(char *name)
             /* Else null string */
             return NULL;
         }
-        if (!isspace((unsigned char)c))
+        if (!ossl_isspace(c))
             return p;
     }
     return NULL;
@@ -794,7 +782,7 @@ static char *strip_end(char *name)
             *p = 0;
             return name;
         }
-        if (isspace((unsigned char)c))
+        if (ossl_isspace(c))
             *p = 0;
         else
             return name;
@@ -802,77 +790,70 @@ static char *strip_end(char *name)
     return NULL;
 }
 
-static MIME_HEADER *mime_hdr_new(char *name, char *value)
+static MIME_HEADER *mime_hdr_new(const char *name, const char *value)
 {
-    MIME_HEADER *mhdr;
-    char *tmpname, *tmpval, *p;
-    int c;
+    MIME_HEADER *mhdr = NULL;
+    char *tmpname = NULL, *tmpval = NULL, *p;
+
     if (name) {
-        if (!(tmpname = BUF_strdup(name)))
+        if ((tmpname = OPENSSL_strdup(name)) == NULL)
             return NULL;
-        for (p = tmpname; *p; p++) {
-            c = (unsigned char)*p;
-            if (isupper(c)) {
-                c = tolower(c);
-                *p = c;
-            }
-        }
-    } else
-        tmpname = NULL;
+        for (p = tmpname; *p; p++)
+            *p = ossl_tolower(*p);
+    }
     if (value) {
-        if (!(tmpval = BUF_strdup(value)))
-            return NULL;
-        for (p = tmpval; *p; p++) {
-            c = (unsigned char)*p;
-            if (isupper(c)) {
-                c = tolower(c);
-                *p = c;
-            }
-        }
-    } else
-        tmpval = NULL;
-    mhdr = (MIME_HEADER *)OPENSSL_malloc(sizeof(MIME_HEADER));
-    if (!mhdr)
-        return NULL;
+        if ((tmpval = OPENSSL_strdup(value)) == NULL)
+            goto err;
+        for (p = tmpval; *p; p++)
+            *p = ossl_tolower(*p);
+    }
+    mhdr = OPENSSL_malloc(sizeof(*mhdr));
+    if (mhdr == NULL)
+        goto err;
     mhdr->name = tmpname;
     mhdr->value = tmpval;
-    if (!(mhdr->params = sk_MIME_PARAM_new(mime_param_cmp)))
-        return NULL;
+    if ((mhdr->params = sk_MIME_PARAM_new(mime_param_cmp)) == NULL)
+        goto err;
     return mhdr;
+
+ err:
+    OPENSSL_free(tmpname);
+    OPENSSL_free(tmpval);
+    OPENSSL_free(mhdr);
+    return NULL;
 }
 
-static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value)
+static int mime_hdr_addparam(MIME_HEADER *mhdr, const char *name, const char *value)
 {
-    char *tmpname, *tmpval, *p;
-    int c;
-    MIME_PARAM *mparam;
+    char *tmpname = NULL, *tmpval = NULL, *p;
+    MIME_PARAM *mparam = NULL;
+
     if (name) {
-        tmpname = BUF_strdup(name);
+        tmpname = OPENSSL_strdup(name);
         if (!tmpname)
-            return 0;
-        for (p = tmpname; *p; p++) {
-            c = (unsigned char)*p;
-            if (isupper(c)) {
-                c = tolower(c);
-                *p = c;
-            }
-        }
-    } else
-        tmpname = NULL;
+            goto err;
+        for (p = tmpname; *p; p++)
+            *p = ossl_tolower(*p);
+    }
     if (value) {
-        tmpval = BUF_strdup(value);
+        tmpval = OPENSSL_strdup(value);
         if (!tmpval)
-            return 0;
-    } else
-        tmpval = NULL;
+            goto err;
+    }
     /* Parameter values are case sensitive so leave as is */
-    mparam = (MIME_PARAM *)OPENSSL_malloc(sizeof(MIME_PARAM));
-    if (!mparam)
-        return 0;
+    mparam = OPENSSL_malloc(sizeof(*mparam));
+    if (mparam == NULL)
+        goto err;
     mparam->param_name = tmpname;
     mparam->param_value = tmpval;
-    sk_MIME_PARAM_push(mhdr->params, mparam);
+    if (!sk_MIME_PARAM_push(mhdr->params, mparam))
+        goto err;
     return 1;
+ err:
+    OPENSSL_free(tmpname);
+    OPENSSL_free(tmpval);
+    OPENSSL_free(mparam);
+    return 0;
 }
 
 static int mime_hdr_cmp(const MIME_HEADER *const *a,
@@ -881,7 +862,7 @@ static int mime_hdr_cmp(const MIME_HEADER *const *a,
     if (!(*a)->name || !(*b)->name)
         return ! !(*a)->name - ! !(*b)->name;
 
-    return (strcmp((*a)->name, (*b)->name));
+    return strcmp((*a)->name, (*b)->name);
 }
 
 static int mime_param_cmp(const MIME_PARAM *const *a,
@@ -889,39 +870,41 @@ static int mime_param_cmp(const MIME_PARAM *const *a,
 {
     if (!(*a)->param_name || !(*b)->param_name)
         return ! !(*a)->param_name - ! !(*b)->param_name;
-    return (strcmp((*a)->param_name, (*b)->param_name));
+    return strcmp((*a)->param_name, (*b)->param_name);
 }
 
 /* Find a header with a given name (if possible) */
 
-static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name)
+static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, const char *name)
 {
     MIME_HEADER htmp;
     int idx;
-    htmp.name = name;
+
+    htmp.name = (char *)name;
+    htmp.value = NULL;
+    htmp.params = NULL;
+
     idx = sk_MIME_HEADER_find(hdrs, &htmp);
-    if (idx < 0)
-        return NULL;
     return sk_MIME_HEADER_value(hdrs, idx);
 }
 
-static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name)
+static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, const char *name)
 {
     MIME_PARAM param;
     int idx;
-    param.param_name = name;
+
+    param.param_name = (char *)name;
+    param.param_value = NULL;
     idx = sk_MIME_PARAM_find(hdr->params, &param);
-    if (idx < 0)
-        return NULL;
     return sk_MIME_PARAM_value(hdr->params, idx);
 }
 
 static void mime_hdr_free(MIME_HEADER *hdr)
 {
-    if (hdr->name)
-        OPENSSL_free(hdr->name);
-    if (hdr->value)
-        OPENSSL_free(hdr->value);
+    if (hdr == NULL)
+        return;
+    OPENSSL_free(hdr->name);
+    OPENSSL_free(hdr->value);
     if (hdr->params)
         sk_MIME_PARAM_pop_free(hdr->params, mime_param_free);
     OPENSSL_free(hdr);
@@ -929,10 +912,8 @@ static void mime_hdr_free(MIME_HEADER *hdr)
 
 static void mime_param_free(MIME_PARAM *param)
 {
-    if (param->param_name)
-        OPENSSL_free(param->param_name);
-    if (param->param_value)
-        OPENSSL_free(param->param_value);
+    OPENSSL_free(param->param_name);
+    OPENSSL_free(param->param_value);
     OPENSSL_free(param);
 }
 
@@ -942,7 +923,7 @@ static void mime_param_free(MIME_PARAM *param)
  * 1 : part boundary
  * 2 : final boundary
  */
-static int mime_bound_check(char *line, int linelen, char *bound, int blen)
+static int mime_bound_check(char *line, int linelen, const char *bound, int blen)
 {
     if (linelen == -1)
         linelen = strlen(line);
@@ -952,8 +933,9 @@ static int mime_bound_check(char *line, int linelen, char *bound, int blen)
     if (blen + 2 > linelen)
         return 0;
     /* Check for part boundary */
-    if (!strncmp(line, "--", 2) && !strncmp(line + 2, bound, blen)) {
-        if (!strncmp(line + blen + 2, "--", 2))
+    if ((strncmp(line, "--", 2) == 0)
+        && strncmp(line + 2, bound, blen) == 0) {
+        if (strncmp(line + blen + 2, "--", 2) == 0)
             return 2;
         else
             return 1;
@@ -961,18 +943,22 @@ static int mime_bound_check(char *line, int linelen, char *bound, int blen)
     return 0;
 }
 
-static int strip_eol(char *linebuf, int *plen)
+static int strip_eol(char *linebuf, int *plen, int flags)
 {
     int len = *plen;
     char *p, c;
     int is_eol = 0;
-    p = linebuf + len - 1;
+
     for (p = linebuf + len - 1; len > 0; len--, p--) {
         c = *p;
-        if (c == '\n')
+        if (c == '\n') {
             is_eol = 1;
-        else if (c != '\r')
+        } else if (is_eol && flags & SMIME_ASCIICRLF && c == 32) {
+            /* Strip trailing space on a line; 32 == ASCII for ' ' */
+            continue;
+        } else if (c != '\r') {
             break;
+        }
     }
     *plen = len;
     return is_eol;
diff --git a/freebsd/crypto/openssl/crypto/asn1/asn_moid.c b/freebsd/crypto/openssl/crypto/asn1/asn_moid.c
index c2c265ce..50caea71 100644
--- a/freebsd/crypto/openssl/crypto/asn1/asn_moid.c
+++ b/freebsd/crypto/openssl/crypto/asn1/asn_moid.c
@@ -1,75 +1,26 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* asn_moid.c */
 /*
- * Written by Stephen Henson (steve@openssl.org) for the OpenSSL project
- * 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001-2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include <ctype.h>
+#include "internal/ctype.h"
 #include <openssl/crypto.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/conf.h>
-#include <openssl/dso.h>
 #include <openssl/x509.h>
+#include "internal/asn1_int.h"
+#include "internal/objects.h"
 
 /* Simple ASN1 OID module: add all objects in a given section */
 
-static int do_create(char *value, char *name);
+static int do_create(const char *value, const char *name);
 
 static int oid_module_init(CONF_IMODULE *md, const CONF *cnf)
 {
@@ -77,8 +28,9 @@ static int oid_module_init(CONF_IMODULE *md, const CONF *cnf)
     const char *oid_section;
     STACK_OF(CONF_VALUE) *sktmp;
     CONF_VALUE *oval;
+
     oid_section = CONF_imodule_get_value(md);
-    if (!(sktmp = NCONF_get_section(cnf, oid_section))) {
+    if ((sktmp = NCONF_get_section(cnf, oid_section)) == NULL) {
         ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ERROR_LOADING_SECTION);
         return 0;
     }
@@ -94,7 +46,6 @@ static int oid_module_init(CONF_IMODULE *md, const CONF *cnf)
 
 static void oid_module_finish(CONF_IMODULE *md)
 {
-    OBJ_cleanup();
 }
 
 void ASN1_add_oid_module(void)
@@ -108,48 +59,44 @@ void ASN1_add_oid_module(void)
  * shortname = some long name, 1.2.3.4
  */
 
-static int do_create(char *value, char *name)
+static int do_create(const char *value, const char *name)
 {
     int nid;
-    ASN1_OBJECT *oid;
-    char *ln, *ostr, *p, *lntmp;
+    const char *ln, *ostr, *p;
+    char *lntmp = NULL;
+
     p = strrchr(value, ',');
-    if (!p) {
+    if (p == NULL) {
         ln = name;
         ostr = value;
     } else {
-        ln = NULL;
+        ln = value;
         ostr = p + 1;
-        if (!*ostr)
+        if (*ostr == '\0')
             return 0;
-        while (isspace((unsigned char)*ostr))
+        while (ossl_isspace(*ostr))
             ostr++;
-    }
-
-    nid = OBJ_create(ostr, name, ln);
-
-    if (nid == NID_undef)
-        return 0;
-
-    if (p) {
-        ln = value;
-        while (isspace((unsigned char)*ln))
+        while (ossl_isspace(*ln))
             ln++;
         p--;
-        while (isspace((unsigned char)*p)) {
+        while (ossl_isspace(*p)) {
             if (p == ln)
                 return 0;
             p--;
         }
         p++;
-        lntmp = OPENSSL_malloc((p - ln) + 1);
-        if (lntmp == NULL)
+        if ((lntmp = OPENSSL_malloc((p - ln) + 1)) == NULL) {
+            ASN1err(ASN1_F_DO_CREATE, ERR_R_MALLOC_FAILURE);
             return 0;
+        }
         memcpy(lntmp, ln, p - ln);
-        lntmp[p - ln] = 0;
-        oid = OBJ_nid2obj(nid);
-        oid->ln = lntmp;
+        lntmp[p - ln] = '\0';
+        ln = lntmp;
     }
 
-    return 1;
+    nid = OBJ_create(ostr, name, ln);
+
+    OPENSSL_free(lntmp);
+
+    return nid != NID_undef;
 }
diff --git a/freebsd/crypto/openssl/crypto/asn1/asn_mstbl.c b/freebsd/crypto/openssl/crypto/asn1/asn_mstbl.c
new file mode 100644
index 00000000..a6c2b90a
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/asn1/asn_mstbl.c
@@ -0,0 +1,115 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2012-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+/* Multi string module: add table entries from a given section */
+
+static int do_tcreate(const char *value, const char *name);
+
+static int stbl_module_init(CONF_IMODULE *md, const CONF *cnf)
+{
+    int i;
+    const char *stbl_section;
+    STACK_OF(CONF_VALUE) *sktmp;
+    CONF_VALUE *mval;
+
+    stbl_section = CONF_imodule_get_value(md);
+    if ((sktmp = NCONF_get_section(cnf, stbl_section)) == NULL) {
+        ASN1err(ASN1_F_STBL_MODULE_INIT, ASN1_R_ERROR_LOADING_SECTION);
+        return 0;
+    }
+    for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
+        mval = sk_CONF_VALUE_value(sktmp, i);
+        if (!do_tcreate(mval->value, mval->name)) {
+            ASN1err(ASN1_F_STBL_MODULE_INIT, ASN1_R_INVALID_VALUE);
+            return 0;
+        }
+    }
+    return 1;
+}
+
+static void stbl_module_finish(CONF_IMODULE *md)
+{
+    ASN1_STRING_TABLE_cleanup();
+}
+
+void ASN1_add_stable_module(void)
+{
+    CONF_module_add("stbl_section", stbl_module_init, stbl_module_finish);
+}
+
+/*
+ * Create an table entry based on a name value pair. format is oid_name =
+ * n1:v1, n2:v2,... where name is "min", "max", "mask" or "flags".
+ */
+
+static int do_tcreate(const char *value, const char *name)
+{
+    char *eptr;
+    int nid, i, rv = 0;
+    long tbl_min = -1, tbl_max = -1;
+    unsigned long tbl_mask = 0, tbl_flags = 0;
+    STACK_OF(CONF_VALUE) *lst = NULL;
+    CONF_VALUE *cnf = NULL;
+    nid = OBJ_sn2nid(name);
+    if (nid == NID_undef)
+        nid = OBJ_ln2nid(name);
+    if (nid == NID_undef)
+        goto err;
+    lst = X509V3_parse_list(value);
+    if (!lst)
+        goto err;
+    for (i = 0; i < sk_CONF_VALUE_num(lst); i++) {
+        cnf = sk_CONF_VALUE_value(lst, i);
+        if (strcmp(cnf->name, "min") == 0) {
+            tbl_min = strtoul(cnf->value, &eptr, 0);
+            if (*eptr)
+                goto err;
+        } else if (strcmp(cnf->name, "max") == 0) {
+            tbl_max = strtoul(cnf->value, &eptr, 0);
+            if (*eptr)
+                goto err;
+        } else if (strcmp(cnf->name, "mask") == 0) {
+            if (!ASN1_str2mask(cnf->value, &tbl_mask) || !tbl_mask)
+                goto err;
+        } else if (strcmp(cnf->name, "flags") == 0) {
+            if (strcmp(cnf->value, "nomask") == 0)
+                tbl_flags = STABLE_NO_MASK;
+            else if (strcmp(cnf->value, "none") == 0)
+                tbl_flags = STABLE_FLAGS_CLEAR;
+            else
+                goto err;
+        } else
+            goto err;
+    }
+    rv = 1;
+ err:
+    if (rv == 0) {
+        ASN1err(ASN1_F_DO_TCREATE, ASN1_R_INVALID_STRING_TABLE_VALUE);
+        if (cnf)
+            ERR_add_error_data(4, "field=", cnf->name,
+                               ", value=", cnf->value);
+        else
+            ERR_add_error_data(4, "name=", name, ", value=", value);
+    } else {
+        rv = ASN1_STRING_TABLE_add(nid, tbl_min, tbl_max,
+                                   tbl_mask, tbl_flags);
+        if (!rv)
+            ASN1err(ASN1_F_DO_TCREATE, ERR_R_MALLOC_FAILURE);
+    }
+    sk_CONF_VALUE_pop_free(lst, X509V3_conf_free);
+    return rv;
+}
diff --git a/freebsd/crypto/openssl/crypto/asn1/asn_pack.c b/freebsd/crypto/openssl/crypto/asn1/asn_pack.c
index 8ac51cab..97e7c740 100644
--- a/freebsd/crypto/openssl/crypto/asn1/asn_pack.c
+++ b/freebsd/crypto/openssl/crypto/asn1/asn_pack.c
@@ -1,209 +1,64 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* asn_pack.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1.h>
 
-#ifndef NO_ASN1_OLD
-
 /* ASN1 packing and unpacking functions */
 
-/* Turn an ASN1 encoded SEQUENCE OF into a STACK of structures */
-
-STACK_OF(OPENSSL_BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len,
-                                         d2i_of_void *d2i,
-                                         void (*free_func) (OPENSSL_BLOCK))
-{
-    STACK_OF(OPENSSL_BLOCK) *sk;
-    const unsigned char *pbuf;
-    pbuf = buf;
-    if (!(sk = d2i_ASN1_SET(NULL, &pbuf, len, d2i, free_func,
-                            V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL)))
-        ASN1err(ASN1_F_ASN1_SEQ_UNPACK, ASN1_R_DECODE_ERROR);
-    return sk;
-}
-
-/*
- * Turn a STACK structures into an ASN1 encoded SEQUENCE OF structure in a
- * OPENSSL_malloc'ed buffer
- */
-
-unsigned char *ASN1_seq_pack(STACK_OF(OPENSSL_BLOCK) *safes, i2d_of_void *i2d,
-                             unsigned char **buf, int *len)
-{
-    int safelen;
-    unsigned char *safe, *p;
-    if (!(safelen = i2d_ASN1_SET(safes, NULL, i2d, V_ASN1_SEQUENCE,
-                                 V_ASN1_UNIVERSAL, IS_SEQUENCE))) {
-        ASN1err(ASN1_F_ASN1_SEQ_PACK, ASN1_R_ENCODE_ERROR);
-        return NULL;
-    }
-    if (!(safe = OPENSSL_malloc(safelen))) {
-        ASN1err(ASN1_F_ASN1_SEQ_PACK, ERR_R_MALLOC_FAILURE);
-        return NULL;
-    }
-    p = safe;
-    i2d_ASN1_SET(safes, &p, i2d, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL,
-                 IS_SEQUENCE);
-    if (len)
-        *len = safelen;
-    if (buf)
-        *buf = safe;
-    return safe;
-}
-
-/* Extract an ASN1 object from an ASN1_STRING */
-
-void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i)
-{
-    const unsigned char *p;
-    char *ret;
-
-    p = oct->data;
-    if (!(ret = d2i(NULL, &p, oct->length)))
-        ASN1err(ASN1_F_ASN1_UNPACK_STRING, ASN1_R_DECODE_ERROR);
-    return ret;
-}
-
-/* Pack an ASN1 object into an ASN1_STRING */
-
-ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d, ASN1_STRING **oct)
-{
-    unsigned char *p;
-    ASN1_STRING *octmp;
-
-    if (!oct || !*oct) {
-        if (!(octmp = ASN1_STRING_new())) {
-            ASN1err(ASN1_F_ASN1_PACK_STRING, ERR_R_MALLOC_FAILURE);
-            return NULL;
-        }
-        if (oct)
-            *oct = octmp;
-    } else
-        octmp = *oct;
-
-    if (!(octmp->length = i2d(obj, NULL))) {
-        ASN1err(ASN1_F_ASN1_PACK_STRING, ASN1_R_ENCODE_ERROR);
-        goto err;
-    }
-    if (!(p = OPENSSL_malloc(octmp->length))) {
-        ASN1err(ASN1_F_ASN1_PACK_STRING, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-    octmp->data = p;
-    i2d(obj, &p);
-    return octmp;
- err:
-    if (!oct || !*oct) {
-        ASN1_STRING_free(octmp);
-        if (oct)
-            *oct = NULL;
-    }
-    return NULL;
-}
-
-#endif
-
-/* ASN1_ITEM versions of the above */
-
 ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct)
 {
     ASN1_STRING *octmp;
 
-    if (!oct || !*oct) {
-        if (!(octmp = ASN1_STRING_new())) {
+     if (oct == NULL || *oct == NULL) {
+        if ((octmp = ASN1_STRING_new()) == NULL) {
             ASN1err(ASN1_F_ASN1_ITEM_PACK, ERR_R_MALLOC_FAILURE);
             return NULL;
         }
-        if (oct)
-            *oct = octmp;
-    } else
+    } else {
         octmp = *oct;
-
-    if (octmp->data) {
-        OPENSSL_free(octmp->data);
-        octmp->data = NULL;
     }
 
-    if (!(octmp->length = ASN1_item_i2d(obj, &octmp->data, it))) {
+    OPENSSL_free(octmp->data);
+    octmp->data = NULL;
+
+    if ((octmp->length = ASN1_item_i2d(obj, &octmp->data, it)) == 0) {
         ASN1err(ASN1_F_ASN1_ITEM_PACK, ASN1_R_ENCODE_ERROR);
-        return NULL;
+        goto err;
     }
-    if (!octmp->data) {
+    if (octmp->data == NULL) {
         ASN1err(ASN1_F_ASN1_ITEM_PACK, ERR_R_MALLOC_FAILURE);
-        return NULL;
+        goto err;
     }
+
+    if (oct != NULL && *oct == NULL)
+        *oct = octmp;
+
     return octmp;
+ err:
+    if (oct == NULL || *oct == NULL)
+        ASN1_STRING_free(octmp);
+    return NULL;
 }
 
 /* Extract an ASN1 object from an ASN1_STRING */
 
-void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it)
+void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it)
 {
     const unsigned char *p;
     void *ret;
 
     p = oct->data;
-    if (!(ret = ASN1_item_d2i(NULL, &p, oct->length, it)))
+    if ((ret = ASN1_item_d2i(NULL, &p, oct->length, it)) == NULL)
         ASN1err(ASN1_F_ASN1_ITEM_UNPACK, ASN1_R_DECODE_ERROR);
     return ret;
 }
diff --git a/freebsd/crypto/openssl/crypto/asn1/bio_asn1.c b/freebsd/crypto/openssl/crypto/asn1/bio_asn1.c
index 77c6a55e..2e187a0f 100644
--- a/freebsd/crypto/openssl/crypto/asn1/bio_asn1.c
+++ b/freebsd/crypto/openssl/crypto/asn1/bio_asn1.c
@@ -1,62 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* bio_asn1.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 /*
@@ -66,8 +16,9 @@
  */
 
 #include <string.h>
-#include <openssl/bio.h>
+#include "internal/bio.h"
 #include <openssl/asn1.h>
+#include "internal/cryptlib.h"
 
 /* Must be large enough for biggest tag+length */
 #define DEFAULT_ASN1_BUF_SIZE 20
@@ -117,7 +68,7 @@ static int asn1_bio_gets(BIO *h, char *str, int size);
 static long asn1_bio_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int asn1_bio_new(BIO *h);
 static int asn1_bio_free(BIO *data);
-static long asn1_bio_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
+static long asn1_bio_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
 
 static int asn1_bio_init(BIO_ASN1_BUF_CTX *ctx, int size);
 static int asn1_bio_flush_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx,
@@ -127,10 +78,14 @@ static int asn1_bio_setup_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx,
                              asn1_bio_state_t ex_state,
                              asn1_bio_state_t other_state);
 
-static BIO_METHOD methods_asn1 = {
+static const BIO_METHOD methods_asn1 = {
     BIO_TYPE_ASN1,
     "asn1",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
     asn1_bio_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
     asn1_bio_read,
     asn1_bio_puts,
     asn1_bio_gets,
@@ -140,59 +95,56 @@ static BIO_METHOD methods_asn1 = {
     asn1_bio_callback_ctrl,
 };
 
-BIO_METHOD *BIO_f_asn1(void)
+const BIO_METHOD *BIO_f_asn1(void)
 {
-    return (&methods_asn1);
+    return &methods_asn1;
 }
 
 static int asn1_bio_new(BIO *b)
 {
-    BIO_ASN1_BUF_CTX *ctx;
-    ctx = OPENSSL_malloc(sizeof(BIO_ASN1_BUF_CTX));
-    if (!ctx)
+    BIO_ASN1_BUF_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
+
+    if (ctx == NULL)
         return 0;
     if (!asn1_bio_init(ctx, DEFAULT_ASN1_BUF_SIZE)) {
         OPENSSL_free(ctx);
         return 0;
     }
-    b->init = 1;
-    b->ptr = (char *)ctx;
-    b->flags = 0;
+    BIO_set_data(b, ctx);
+    BIO_set_init(b, 1);
+
     return 1;
 }
 
 static int asn1_bio_init(BIO_ASN1_BUF_CTX *ctx, int size)
 {
-    ctx->buf = OPENSSL_malloc(size);
-    if (!ctx->buf)
+    if ((ctx->buf = OPENSSL_malloc(size)) == NULL) {
+        ASN1err(ASN1_F_ASN1_BIO_INIT, ERR_R_MALLOC_FAILURE);
         return 0;
+    }
     ctx->bufsize = size;
-    ctx->bufpos = 0;
-    ctx->buflen = 0;
-    ctx->copylen = 0;
     ctx->asn1_class = V_ASN1_UNIVERSAL;
     ctx->asn1_tag = V_ASN1_OCTET_STRING;
-    ctx->ex_buf = NULL;
-    ctx->ex_len = 0;
-    ctx->ex_pos = 0;
     ctx->state = ASN1_STATE_START;
-    ctx->prefix = ctx->prefix_free = ctx->suffix = ctx->suffix_free = NULL;
-    ctx->ex_arg = NULL;
     return 1;
 }
 
 static int asn1_bio_free(BIO *b)
 {
     BIO_ASN1_BUF_CTX *ctx;
-    ctx = (BIO_ASN1_BUF_CTX *)b->ptr;
+
+    if (b == NULL)
+        return 0;
+
+    ctx = BIO_get_data(b);
     if (ctx == NULL)
         return 0;
-    if (ctx->buf)
-        OPENSSL_free(ctx->buf);
+
+    OPENSSL_free(ctx->buf);
     OPENSSL_free(ctx);
-    b->init = 0;
-    b->ptr = NULL;
-    b->flags = 0;
+    BIO_set_data(b, NULL);
+    BIO_set_init(b, 0);
+
     return 1;
 }
 
@@ -201,10 +153,11 @@ static int asn1_bio_write(BIO *b, const char *in, int inl)
     BIO_ASN1_BUF_CTX *ctx;
     int wrmax, wrlen, ret;
     unsigned char *p;
-    if (!in || (inl < 0) || (b->next_bio == NULL))
-        return 0;
-    ctx = (BIO_ASN1_BUF_CTX *)b->ptr;
-    if (ctx == NULL)
+    BIO *next;
+
+    ctx = BIO_get_data(b);
+    next = BIO_next(b);
+    if (in == NULL || inl < 0 || ctx == NULL || next == NULL)
         return 0;
 
     wrlen = 0;
@@ -212,7 +165,6 @@ static int asn1_bio_write(BIO *b, const char *in, int inl)
 
     for (;;) {
         switch (ctx->state) {
-
             /* Setup prefix data, call it */
         case ASN1_STATE_START:
             if (!asn1_bio_setup_ex(b, ctx, ctx->prefix,
@@ -233,7 +185,8 @@ static int asn1_bio_write(BIO *b, const char *in, int inl)
 
         case ASN1_STATE_HEADER:
             ctx->buflen = ASN1_object_size(0, inl, ctx->asn1_tag) - inl;
-            OPENSSL_assert(ctx->buflen <= ctx->bufsize);
+            if (!ossl_assert(ctx->buflen <= ctx->bufsize))
+                return 0;
             p = ctx->buf;
             ASN1_put_object(&p, 0, inl, ctx->asn1_tag, ctx->asn1_class);
             ctx->copylen = inl;
@@ -242,7 +195,7 @@ static int asn1_bio_write(BIO *b, const char *in, int inl)
             break;
 
         case ASN1_STATE_HEADER_COPY:
-            ret = BIO_write(b->next_bio, ctx->buf + ctx->bufpos, ctx->buflen);
+            ret = BIO_write(next, ctx->buf + ctx->bufpos, ctx->buflen);
             if (ret <= 0)
                 goto done;
 
@@ -262,9 +215,9 @@ static int asn1_bio_write(BIO *b, const char *in, int inl)
                 wrmax = ctx->copylen;
             else
                 wrmax = inl;
-            ret = BIO_write(b->next_bio, in, wrmax);
+            ret = BIO_write(next, in, wrmax);
             if (ret <= 0)
-                break;
+                goto done;
             wrlen += ret;
             ctx->copylen -= ret;
             in += ret;
@@ -278,7 +231,8 @@ static int asn1_bio_write(BIO *b, const char *in, int inl)
 
             break;
 
-        default:
+        case ASN1_STATE_POST_COPY:
+        case ASN1_STATE_DONE:
             BIO_clear_retry_flags(b);
             return 0;
 
@@ -298,10 +252,11 @@ static int asn1_bio_flush_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx,
                              asn1_ps_func *cleanup, asn1_bio_state_t next)
 {
     int ret;
+
     if (ctx->ex_len <= 0)
         return 1;
     for (;;) {
-        ret = BIO_write(b->next_bio, ctx->ex_buf + ctx->ex_pos, ctx->ex_len);
+        ret = BIO_write(BIO_next(b), ctx->ex_buf + ctx->ex_pos, ctx->ex_len);
         if (ret <= 0)
             break;
         ctx->ex_len -= ret;
@@ -336,9 +291,10 @@ static int asn1_bio_setup_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx,
 
 static int asn1_bio_read(BIO *b, char *in, int inl)
 {
-    if (!b->next_bio)
+    BIO *next = BIO_next(b);
+    if (next == NULL)
         return 0;
-    return BIO_read(b->next_bio, in, inl);
+    return BIO_read(next, in, inl);
 }
 
 static int asn1_bio_puts(BIO *b, const char *str)
@@ -348,16 +304,18 @@ static int asn1_bio_puts(BIO *b, const char *str)
 
 static int asn1_bio_gets(BIO *b, char *str, int size)
 {
-    if (!b->next_bio)
+    BIO *next = BIO_next(b);
+    if (next == NULL)
         return 0;
-    return BIO_gets(b->next_bio, str, size);
+    return BIO_gets(next, str, size);
 }
 
-static long asn1_bio_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+static long asn1_bio_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
 {
-    if (b->next_bio == NULL)
-        return (0);
-    return BIO_callback_ctrl(b->next_bio, cmd, fp);
+    BIO *next = BIO_next(b);
+    if (next == NULL)
+        return 0;
+    return BIO_callback_ctrl(next, cmd, fp);
 }
 
 static long asn1_bio_ctrl(BIO *b, int cmd, long arg1, void *arg2)
@@ -365,9 +323,12 @@ static long asn1_bio_ctrl(BIO *b, int cmd, long arg1, void *arg2)
     BIO_ASN1_BUF_CTX *ctx;
     BIO_ASN1_EX_FUNCS *ex_func;
     long ret = 1;
-    ctx = (BIO_ASN1_BUF_CTX *)b->ptr;
+    BIO *next;
+
+    ctx = BIO_get_data(b);
     if (ctx == NULL)
         return 0;
+    next = BIO_next(b);
     switch (cmd) {
 
     case BIO_C_SET_PREFIX:
@@ -403,7 +364,7 @@ static long asn1_bio_ctrl(BIO *b, int cmd, long arg1, void *arg2)
         break;
 
     case BIO_CTRL_FLUSH:
-        if (!b->next_bio)
+        if (next == NULL)
             return 0;
 
         /* Call post function if possible */
@@ -421,17 +382,16 @@ static long asn1_bio_ctrl(BIO *b, int cmd, long arg1, void *arg2)
         }
 
         if (ctx->state == ASN1_STATE_DONE)
-            return BIO_ctrl(b->next_bio, cmd, arg1, arg2);
+            return BIO_ctrl(next, cmd, arg1, arg2);
         else {
             BIO_clear_retry_flags(b);
             return 0;
         }
-        break;
 
     default:
-        if (!b->next_bio)
+        if (next == NULL)
             return 0;
-        return BIO_ctrl(b->next_bio, cmd, arg1, arg2);
+        return BIO_ctrl(next, cmd, arg1, arg2);
 
     }
 
diff --git a/freebsd/crypto/openssl/crypto/asn1/bio_ndef.c b/freebsd/crypto/openssl/crypto/asn1/bio_ndef.c
index 20f03592..cfa4f908 100644
--- a/freebsd/crypto/openssl/crypto/asn1/bio_ndef.c
+++ b/freebsd/crypto/openssl/crypto/asn1/bio_ndef.c
@@ -1,58 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* bio_ndef.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/asn1.h>
@@ -67,7 +21,7 @@
 /*
  * The usage is quite simple, initialize an ASN1 structure, get a BIO from it
  * then any data written through the BIO will end up translated to
- * approptiate format on the fly. The data is streamed out and does *not*
+ * appropriate format on the fly. The data is streamed out and does *not*
  * need to be all held in memory at once. When the BIO is flushed the output
  * is finalized and any signatures etc written out. The BIO is a 'proper'
  * BIO and can handle non blocking I/O correctly. The usage is simple. The
@@ -108,21 +62,21 @@ BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it)
         ASN1err(ASN1_F_BIO_NEW_NDEF, ASN1_R_STREAMING_NOT_SUPPORTED);
         return NULL;
     }
-    ndef_aux = OPENSSL_malloc(sizeof(NDEF_SUPPORT));
+    ndef_aux = OPENSSL_zalloc(sizeof(*ndef_aux));
     asn_bio = BIO_new(BIO_f_asn1());
+    if (ndef_aux == NULL || asn_bio == NULL)
+        goto err;
 
     /* ASN1 bio needs to be next to output BIO */
-
     out = BIO_push(asn_bio, out);
-
-    if (!ndef_aux || !asn_bio || !out)
+    if (out == NULL)
         goto err;
 
     BIO_asn1_set_prefix(asn_bio, ndef_prefix, ndef_prefix_free);
     BIO_asn1_set_suffix(asn_bio, ndef_suffix, ndef_suffix_free);
 
     /*
-     * Now let callback prepend any digest, cipher etc BIOs ASN1 structure
+     * Now let callback prepends any digest, cipher etc BIOs ASN1 structure
      * needs.
      */
 
@@ -138,17 +92,14 @@ BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it)
     ndef_aux->ndef_bio = sarg.ndef_bio;
     ndef_aux->boundary = sarg.boundary;
     ndef_aux->out = out;
-    ndef_aux->derbuf = NULL;
 
     BIO_ctrl(asn_bio, BIO_C_SET_EX_ARG, 0, ndef_aux);
 
     return sarg.ndef_bio;
 
  err:
-    if (asn_bio)
-        BIO_free(asn_bio);
-    if (ndef_aux)
-        OPENSSL_free(ndef_aux);
+    BIO_free(asn_bio);
+    OPENSSL_free(ndef_aux);
     return NULL;
 }
 
@@ -164,9 +115,10 @@ static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg)
     ndef_aux = *(NDEF_SUPPORT **)parg;
 
     derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it);
-    p = OPENSSL_malloc(derlen);
-    if (!p)
+    if ((p = OPENSSL_malloc(derlen)) == NULL) {
+        ASN1err(ASN1_F_NDEF_PREFIX, ERR_R_MALLOC_FAILURE);
         return 0;
+    }
 
     ndef_aux->derbuf = p;
     *pbuf = p;
@@ -190,8 +142,7 @@ static int ndef_prefix_free(BIO *b, unsigned char **pbuf, int *plen,
 
     ndef_aux = *(NDEF_SUPPORT **)parg;
 
-    if (ndef_aux->derbuf)
-        OPENSSL_free(ndef_aux->derbuf);
+    OPENSSL_free(ndef_aux->derbuf);
 
     ndef_aux->derbuf = NULL;
     *pbuf = NULL;
@@ -234,9 +185,10 @@ static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg)
         return 0;
 
     derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it);
-    p = OPENSSL_malloc(derlen);
-    if (!p)
+    if ((p = OPENSSL_malloc(derlen)) == NULL) {
+        ASN1err(ASN1_F_NDEF_SUFFIX, ERR_R_MALLOC_FAILURE);
         return 0;
+    }
 
     ndef_aux->derbuf = p;
     *pbuf = p;
diff --git a/freebsd/crypto/openssl/crypto/asn1/charmap.h b/freebsd/crypto/openssl/crypto/asn1/charmap.h
index 3305ad14..bfccac2c 100644
--- a/freebsd/crypto/openssl/crypto/asn1/charmap.h
+++ b/freebsd/crypto/openssl/crypto/asn1/charmap.h
@@ -1,15 +1,34 @@
 /*
- * Auto generated with chartype.pl script. Mask of various character
- * properties
+ * WARNING: do not edit!
+ * Generated by crypto/asn1/charmap.pl
+ *
+ * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-static const unsigned char char_type[] = {
-    2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
-    2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
-    120, 0, 1, 40, 0, 0, 0, 16, 16, 16, 0, 25, 25, 16, 16, 16,
-    16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 9, 9, 16, 9, 16,
-    0, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16,
-    16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 0, 1, 0, 0, 0,
-    0, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16,
-    16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 0, 0, 0, 0, 2
+#define CHARTYPE_HOST_ANY 4096
+#define CHARTYPE_HOST_DOT 8192
+#define CHARTYPE_HOST_HYPHEN 16384
+#define CHARTYPE_HOST_WILD 32768
+
+/*
+ * Mask of various character properties
+ */
+
+static const unsigned short char_type[] = {
+    1026,    2,    2,    2,    2,    2,    2,    2,    2,    2,    2,    2,
+       2,    2,    2,    2,    2,    2,    2,    2,    2,    2,    2,    2,
+       2,    2,    2,    2,    2,    2,    2,    2,  120,    0,    1,   40,
+       0,    0,    0,   16, 1040, 1040, 33792,   25,   25, 16400, 8208,   16,
+    4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112,   16,    9,
+       9,   16,    9,   16,    0, 4112, 4112, 4112, 4112, 4112, 4112, 4112,
+    4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112,
+    4112, 4112, 4112, 4112, 4112, 4112, 4112,    0, 1025,    0,    0,    0,
+       0, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112,
+    4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112,
+    4112, 4112, 4112,    0,    0,    0,    0,    2
 };
diff --git a/freebsd/crypto/openssl/crypto/asn1/d2i_pr.c b/freebsd/crypto/openssl/crypto/asn1/d2i_pr.c
index a17f8b36..5acb02e1 100644
--- a/freebsd/crypto/openssl/crypto/asn1/d2i_pr.c
+++ b/freebsd/crypto/openssl/crypto/asn1/d2i_pr.c
@@ -1,74 +1,24 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/asn1/d2i_pr.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/bn.h>
 #include <openssl/evp.h>
 #include <openssl/objects.h>
-#ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
-#endif
+#include <openssl/engine.h>
 #include <openssl/x509.h>
 #include <openssl/asn1.h>
-#include "asn1_locl.h"
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
 
 EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
                          long length)
@@ -79,15 +29,13 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
     if ((a == NULL) || (*a == NULL)) {
         if ((ret = EVP_PKEY_new()) == NULL) {
             ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_EVP_LIB);
-            return (NULL);
+            return NULL;
         }
     } else {
         ret = *a;
 #ifndef OPENSSL_NO_ENGINE
-        if (ret->engine) {
-            ENGINE_finish(ret->engine);
-            ret->engine = NULL;
-        }
+        ENGINE_finish(ret->engine);
+        ret->engine = NULL;
 #endif
     }
 
@@ -118,11 +66,11 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
     *pp = p;
     if (a != NULL)
         (*a) = ret;
-    return (ret);
+    return ret;
  err:
-    if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+    if (a == NULL || *a != ret)
         EVP_PKEY_free(ret);
-    return (NULL);
+    return NULL;
 }
 
 /*
diff --git a/freebsd/crypto/openssl/crypto/asn1/d2i_pu.c b/freebsd/crypto/openssl/crypto/asn1/d2i_pu.c
index e4fbe1b6..9f0e572a 100644
--- a/freebsd/crypto/openssl/crypto/asn1/d2i_pu.c
+++ b/freebsd/crypto/openssl/crypto/asn1/d2i_pu.c
@@ -1,78 +1,25 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/asn1/d2i_pu.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/bn.h>
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/asn1.h>
-#ifndef OPENSSL_NO_RSA
-# include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-# include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_EC
-# include <openssl/ec.h>
-#endif
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/ec.h>
+
+#include "internal/evp_int.h"
 
 EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
                         long length)
@@ -82,7 +29,7 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
     if ((a == NULL) || (*a == NULL)) {
         if ((ret = EVP_PKEY_new()) == NULL) {
             ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_EVP_LIB);
-            return (NULL);
+            return NULL;
         }
     } else
         ret = *a;
@@ -95,10 +42,7 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
     switch (EVP_PKEY_id(ret)) {
 #ifndef OPENSSL_NO_RSA
     case EVP_PKEY_RSA:
-        /* TMP UGLY CAST */
-        if ((ret->pkey.rsa = d2i_RSAPublicKey(NULL,
-                                              (const unsigned char **)pp,
-                                              length)) == NULL) {
+        if ((ret->pkey.rsa = d2i_RSAPublicKey(NULL, pp, length)) == NULL) {
             ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB);
             goto err;
         }
@@ -107,8 +51,7 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
 #ifndef OPENSSL_NO_DSA
     case EVP_PKEY_DSA:
         /* TMP UGLY CAST */
-        if (!d2i_DSAPublicKey(&(ret->pkey.dsa),
-                              (const unsigned char **)pp, length)) {
+        if (!d2i_DSAPublicKey(&ret->pkey.dsa, pp, length)) {
             ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB);
             goto err;
         }
@@ -116,8 +59,7 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
 #endif
 #ifndef OPENSSL_NO_EC
     case EVP_PKEY_EC:
-        if (!o2i_ECPublicKey(&(ret->pkey.ec),
-                             (const unsigned char **)pp, length)) {
+        if (!o2i_ECPublicKey(&ret->pkey.ec, pp, length)) {
             ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB);
             goto err;
         }
@@ -126,13 +68,12 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
     default:
         ASN1err(ASN1_F_D2I_PUBLICKEY, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
         goto err;
-        /* break; */
     }
     if (a != NULL)
         (*a) = ret;
-    return (ret);
+    return ret;
  err:
-    if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+    if (a == NULL || *a != ret)
         EVP_PKEY_free(ret);
-    return (NULL);
+    return NULL;
 }
diff --git a/freebsd/crypto/openssl/crypto/asn1/evp_asn1.c b/freebsd/crypto/openssl/crypto/asn1/evp_asn1.c
index 5844cbe0..0e814014 100644
--- a/freebsd/crypto/openssl/crypto/asn1/evp_asn1.c
+++ b/freebsd/crypto/openssl/crypto/asn1/evp_asn1.c
@@ -1,197 +1,117 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/asn1/evp_asn1.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1.h>
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 
 int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len)
 {
     ASN1_STRING *os;
 
-    if ((os = M_ASN1_OCTET_STRING_new()) == NULL)
-        return (0);
-    if (!M_ASN1_OCTET_STRING_set(os, data, len)) {
-        M_ASN1_OCTET_STRING_free(os);
+    if ((os = ASN1_OCTET_STRING_new()) == NULL)
+        return 0;
+    if (!ASN1_OCTET_STRING_set(os, data, len)) {
+        ASN1_OCTET_STRING_free(os);
         return 0;
     }
     ASN1_TYPE_set(a, V_ASN1_OCTET_STRING, os);
-    return (1);
+    return 1;
 }
 
 /* int max_len:  for returned value    */
-int ASN1_TYPE_get_octetstring(ASN1_TYPE *a, unsigned char *data, int max_len)
+int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_len)
 {
     int ret, num;
-    unsigned char *p;
+    const unsigned char *p;
 
     if ((a->type != V_ASN1_OCTET_STRING) || (a->value.octet_string == NULL)) {
         ASN1err(ASN1_F_ASN1_TYPE_GET_OCTETSTRING, ASN1_R_DATA_IS_WRONG);
-        return (-1);
+        return -1;
     }
-    p = M_ASN1_STRING_data(a->value.octet_string);
-    ret = M_ASN1_STRING_length(a->value.octet_string);
+    p = ASN1_STRING_get0_data(a->value.octet_string);
+    ret = ASN1_STRING_length(a->value.octet_string);
     if (ret < max_len)
         num = ret;
     else
         num = max_len;
     memcpy(data, p, num);
-    return (ret);
+    return ret;
 }
 
-int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, unsigned char *data,
-                                  int len)
-{
-    int n, size;
-    ASN1_OCTET_STRING os, *osp;
-    ASN1_INTEGER in;
-    unsigned char *p;
-    unsigned char buf[32];      /* when they have 256bit longs, I'll be in
-                                 * trouble */
-    in.data = buf;
-    in.length = 32;
-    os.data = data;
-    os.type = V_ASN1_OCTET_STRING;
-    os.length = len;
-    ASN1_INTEGER_set(&in, num);
-    n = i2d_ASN1_INTEGER(&in, NULL);
-    n += M_i2d_ASN1_OCTET_STRING(&os, NULL);
-
-    size = ASN1_object_size(1, n, V_ASN1_SEQUENCE);
-
-    if ((osp = ASN1_STRING_new()) == NULL)
-        return (0);
-    /* Grow the 'string' */
-    if (!ASN1_STRING_set(osp, NULL, size)) {
-        ASN1_STRING_free(osp);
-        return (0);
-    }
+typedef struct {
+    int32_t num;
+    ASN1_OCTET_STRING *oct;
+} asn1_int_oct;
 
-    M_ASN1_STRING_length_set(osp, size);
-    p = M_ASN1_STRING_data(osp);
+ASN1_SEQUENCE(asn1_int_oct) = {
+        ASN1_EMBED(asn1_int_oct, num, INT32),
+        ASN1_SIMPLE(asn1_int_oct, oct, ASN1_OCTET_STRING)
+} static_ASN1_SEQUENCE_END(asn1_int_oct)
 
-    ASN1_put_object(&p, 1, n, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
-    i2d_ASN1_INTEGER(&in, &p);
-    M_i2d_ASN1_OCTET_STRING(&os, &p);
+DECLARE_ASN1_ITEM(asn1_int_oct)
 
-    ASN1_TYPE_set(a, V_ASN1_SEQUENCE, osp);
-    return (1);
+int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, unsigned char *data,
+                                  int len)
+{
+    asn1_int_oct atmp;
+    ASN1_OCTET_STRING oct;
+
+    atmp.num = num;
+    atmp.oct = &oct;
+    oct.data = data;
+    oct.type = V_ASN1_OCTET_STRING;
+    oct.length = len;
+    oct.flags = 0;
+
+    if (ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(asn1_int_oct), &atmp, &a))
+        return 1;
+    return 0;
 }
 
 /*
- * we return the actual length..., num may be missing, in which case, set it
- * to zero
+ * we return the actual length...
  */
 /* int max_len:  for returned value    */
-int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a, long *num,
+int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
                                   unsigned char *data, int max_len)
 {
+    asn1_int_oct *atmp = NULL;
     int ret = -1, n;
-    ASN1_INTEGER *ai = NULL;
-    ASN1_OCTET_STRING *os = NULL;
-    const unsigned char *p;
-    long length;
-    ASN1_const_CTX c;
 
     if ((a->type != V_ASN1_SEQUENCE) || (a->value.sequence == NULL)) {
         goto err;
     }
-    p = M_ASN1_STRING_data(a->value.sequence);
-    length = M_ASN1_STRING_length(a->value.sequence);
 
-    c.pp = &p;
-    c.p = p;
-    c.max = p + length;
-    c.error = ASN1_R_DATA_IS_WRONG;
+    atmp = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(asn1_int_oct), a);
 
-    M_ASN1_D2I_start_sequence();
-    c.q = c.p;
-    if ((ai = d2i_ASN1_INTEGER(NULL, &c.p, c.slen)) == NULL)
-        goto err;
-    c.slen -= (c.p - c.q);
-    c.q = c.p;
-    if ((os = d2i_ASN1_OCTET_STRING(NULL, &c.p, c.slen)) == NULL)
-        goto err;
-    c.slen -= (c.p - c.q);
-    if (!M_ASN1_D2I_end_sequence())
+    if (atmp == NULL)
         goto err;
 
     if (num != NULL)
-        *num = ASN1_INTEGER_get(ai);
+        *num = atmp->num;
 
-    ret = M_ASN1_STRING_length(os);
+    ret = ASN1_STRING_length(atmp->oct);
     if (max_len > ret)
         n = ret;
     else
         n = max_len;
 
     if (data != NULL)
-        memcpy(data, M_ASN1_STRING_data(os), n);
-    if (0) {
+        memcpy(data, ASN1_STRING_get0_data(atmp->oct), n);
+    if (ret == -1) {
  err:
         ASN1err(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING, ASN1_R_DATA_IS_WRONG);
     }
-    if (os != NULL)
-        M_ASN1_OCTET_STRING_free(os);
-    if (ai != NULL)
-        M_ASN1_INTEGER_free(ai);
-    return (ret);
+    M_ASN1_free_of(atmp, asn1_int_oct);
+    return ret;
 }
diff --git a/freebsd/crypto/openssl/crypto/asn1/f_enum.c b/freebsd/crypto/openssl/crypto/asn1/f_enum.c
deleted file mode 100644
index f62800b7..00000000
--- a/freebsd/crypto/openssl/crypto/asn1/f_enum.c
+++ /dev/null
@@ -1,205 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/asn1/f_enum.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/asn1.h>
-
-/* Based on a_int.c: equivalent ENUMERATED functions */
-
-int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a)
-{
-    int i, n = 0;
-    static const char *h = "0123456789ABCDEF";
-    char buf[2];
-
-    if (a == NULL)
-        return (0);
-
-    if (a->length == 0) {
-        if (BIO_write(bp, "00", 2) != 2)
-            goto err;
-        n = 2;
-    } else {
-        for (i = 0; i < a->length; i++) {
-            if ((i != 0) && (i % 35 == 0)) {
-                if (BIO_write(bp, "\\\n", 2) != 2)
-                    goto err;
-                n += 2;
-            }
-            buf[0] = h[((unsigned char)a->data[i] >> 4) & 0x0f];
-            buf[1] = h[((unsigned char)a->data[i]) & 0x0f];
-            if (BIO_write(bp, buf, 2) != 2)
-                goto err;
-            n += 2;
-        }
-    }
-    return (n);
- err:
-    return (-1);
-}
-
-int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size)
-{
-    int ret = 0;
-    int i, j, k, m, n, again, bufsize;
-    unsigned char *s = NULL, *sp;
-    unsigned char *bufp;
-    int num = 0, slen = 0, first = 1;
-
-    bs->type = V_ASN1_ENUMERATED;
-
-    bufsize = BIO_gets(bp, buf, size);
-    for (;;) {
-        if (bufsize < 1)
-            goto err_sl;
-        i = bufsize;
-        if (buf[i - 1] == '\n')
-            buf[--i] = '\0';
-        if (i == 0)
-            goto err_sl;
-        if (buf[i - 1] == '\r')
-            buf[--i] = '\0';
-        if (i == 0)
-            goto err_sl;
-        again = (buf[i - 1] == '\\');
-
-        for (j = 0; j < i; j++) {
-            if (!(((buf[j] >= '0') && (buf[j] <= '9')) ||
-                  ((buf[j] >= 'a') && (buf[j] <= 'f')) ||
-                  ((buf[j] >= 'A') && (buf[j] <= 'F')))) {
-                i = j;
-                break;
-            }
-        }
-        buf[i] = '\0';
-        /*
-         * We have now cleared all the crap off the end of the line
-         */
-        if (i < 2)
-            goto err_sl;
-
-        bufp = (unsigned char *)buf;
-        if (first) {
-            first = 0;
-            if ((bufp[0] == '0') && (bufp[1] == '0')) {
-                bufp += 2;
-                i -= 2;
-            }
-        }
-        k = 0;
-        i -= again;
-        if (i % 2 != 0) {
-            ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, ASN1_R_ODD_NUMBER_OF_CHARS);
-            goto err;
-        }
-        i /= 2;
-        if (num + i > slen) {
-            if (s == NULL)
-                sp = (unsigned char *)OPENSSL_malloc((unsigned int)num +
-                                                     i * 2);
-            else
-                sp = (unsigned char *)OPENSSL_realloc(s,
-                                                      (unsigned int)num +
-                                                      i * 2);
-            if (sp == NULL) {
-                ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE);
-                goto err;
-            }
-            s = sp;
-            slen = num + i * 2;
-        }
-        for (j = 0; j < i; j++, k += 2) {
-            for (n = 0; n < 2; n++) {
-                m = bufp[k + n];
-                if ((m >= '0') && (m <= '9'))
-                    m -= '0';
-                else if ((m >= 'a') && (m <= 'f'))
-                    m = m - 'a' + 10;
-                else if ((m >= 'A') && (m <= 'F'))
-                    m = m - 'A' + 10;
-                else {
-                    ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,
-                            ASN1_R_NON_HEX_CHARACTERS);
-                    goto err;
-                }
-                s[num + j] <<= 4;
-                s[num + j] |= m;
-            }
-        }
-        num += i;
-        if (again)
-            bufsize = BIO_gets(bp, buf, size);
-        else
-            break;
-    }
-    bs->length = num;
-    bs->data = s;
-    ret = 1;
- err:
-    if (0) {
- err_sl:
-        ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, ASN1_R_SHORT_LINE);
-    }
-    if (ret != 1)
-        OPENSSL_free(s);
-    return (ret);
-}
diff --git a/freebsd/crypto/openssl/crypto/asn1/f_int.c b/freebsd/crypto/openssl/crypto/asn1/f_int.c
index 35bb4d1f..e606e84d 100644
--- a/freebsd/crypto/openssl/crypto/asn1/f_int.c
+++ b/freebsd/crypto/openssl/crypto/asn1/f_int.c
@@ -1,76 +1,28 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/asn1/f_int.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/ctype.h"
+#include "internal/cryptlib.h"
 #include <openssl/buffer.h>
 #include <openssl/asn1.h>
 
-int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a)
+int i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a)
 {
     int i, n = 0;
     static const char *h = "0123456789ABCDEF";
     char buf[2];
 
     if (a == NULL)
-        return (0);
+        return 0;
 
     if (a->type & V_ASN1_NEG) {
         if (BIO_write(bp, "-", 1) != 1)
@@ -96,14 +48,13 @@ int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a)
             n += 2;
         }
     }
-    return (n);
+    return n;
  err:
-    return (-1);
+    return -1;
 }
 
 int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size)
 {
-    int ret = 0;
     int i, j, k, m, n, again, bufsize;
     unsigned char *s = NULL, *sp;
     unsigned char *bufp;
@@ -114,31 +65,20 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size)
     bufsize = BIO_gets(bp, buf, size);
     for (;;) {
         if (bufsize < 1)
-            goto err_sl;
+            goto err;
         i = bufsize;
         if (buf[i - 1] == '\n')
             buf[--i] = '\0';
         if (i == 0)
-            goto err_sl;
+            goto err;
         if (buf[i - 1] == '\r')
             buf[--i] = '\0';
         if (i == 0)
-            goto err_sl;
+            goto err;
         again = (buf[i - 1] == '\\');
 
         for (j = 0; j < i; j++) {
-#ifndef CHARSET_EBCDIC
-            if (!(((buf[j] >= '0') && (buf[j] <= '9')) ||
-                  ((buf[j] >= 'a') && (buf[j] <= 'f')) ||
-                  ((buf[j] >= 'A') && (buf[j] <= 'F'))))
-#else
-            /*
-             * This #ifdef is not strictly necessary, since the characters
-             * A...F a...f 0...9 are contiguous (yes, even in EBCDIC - but
-             * not the whole alphabet). Nevertheless, isxdigit() is faster.
-             */
-            if (!isxdigit(buf[j]))
-#endif
+            if (!ossl_isxdigit(buf[j]))
             {
                 i = j;
                 break;
@@ -149,7 +89,7 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size)
          * We have now cleared all the crap off the end of the line
          */
         if (i < 2)
-            goto err_sl;
+            goto err;
 
         bufp = (unsigned char *)buf;
         if (first) {
@@ -163,32 +103,24 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size)
         i -= again;
         if (i % 2 != 0) {
             ASN1err(ASN1_F_A2I_ASN1_INTEGER, ASN1_R_ODD_NUMBER_OF_CHARS);
-            goto err;
+            OPENSSL_free(s);
+            return 0;
         }
         i /= 2;
         if (num + i > slen) {
-            if (s == NULL)
-                sp = (unsigned char *)OPENSSL_malloc((unsigned int)num +
-                                                     i * 2);
-            else
-                sp = OPENSSL_realloc_clean(s, slen, num + i * 2);
+            sp = OPENSSL_clear_realloc(s, slen, num + i * 2);
             if (sp == NULL) {
                 ASN1err(ASN1_F_A2I_ASN1_INTEGER, ERR_R_MALLOC_FAILURE);
-                goto err;
+                OPENSSL_free(s);
+                return 0;
             }
             s = sp;
             slen = num + i * 2;
         }
         for (j = 0; j < i; j++, k += 2) {
             for (n = 0; n < 2; n++) {
-                m = bufp[k + n];
-                if ((m >= '0') && (m <= '9'))
-                    m -= '0';
-                else if ((m >= 'a') && (m <= 'f'))
-                    m = m - 'a' + 10;
-                else if ((m >= 'A') && (m <= 'F'))
-                    m = m - 'A' + 10;
-                else {
+                m = OPENSSL_hexchar2int(bufp[k + n]);
+                if (m < 0) {
                     ASN1err(ASN1_F_A2I_ASN1_INTEGER,
                             ASN1_R_NON_HEX_CHARACTERS);
                     goto err;
@@ -205,13 +137,22 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size)
     }
     bs->length = num;
     bs->data = s;
-    ret = 1;
+    return 1;
  err:
-    if (0) {
- err_sl:
-        ASN1err(ASN1_F_A2I_ASN1_INTEGER, ASN1_R_SHORT_LINE);
-    }
-    if (ret != 1)
-        OPENSSL_free(s);
-    return (ret);
+    ASN1err(ASN1_F_A2I_ASN1_INTEGER, ASN1_R_SHORT_LINE);
+    OPENSSL_free(s);
+    return 0;
+}
+
+int i2a_ASN1_ENUMERATED(BIO *bp, const ASN1_ENUMERATED *a)
+{
+    return i2a_ASN1_INTEGER(bp, a);
+}
+
+int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size)
+{
+    int rv = a2i_ASN1_INTEGER(bp, bs, buf, size);
+    if (rv == 1)
+        bs->type = V_ASN1_INTEGER | (bs->type & V_ASN1_NEG);
+    return rv;
 }
diff --git a/freebsd/crypto/openssl/crypto/asn1/f_string.c b/freebsd/crypto/openssl/crypto/asn1/f_string.c
index 99539d68..4ece9d0a 100644
--- a/freebsd/crypto/openssl/crypto/asn1/f_string.c
+++ b/freebsd/crypto/openssl/crypto/asn1/f_string.c
@@ -1,76 +1,28 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/asn1/f_string.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/ctype.h"
+#include "internal/cryptlib.h"
 #include <openssl/buffer.h>
 #include <openssl/asn1.h>
 
-int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type)
+int i2a_ASN1_STRING(BIO *bp, const ASN1_STRING *a, int type)
 {
     int i, n = 0;
     static const char *h = "0123456789ABCDEF";
     char buf[2];
 
     if (a == NULL)
-        return (0);
+        return 0;
 
     if (a->length == 0) {
         if (BIO_write(bp, "0", 1) != 1)
@@ -90,14 +42,13 @@ int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type)
             n += 2;
         }
     }
-    return (n);
+    return n;
  err:
-    return (-1);
+    return -1;
 }
 
 int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size)
 {
-    int ret = 0;
     int i, j, k, m, n, again, bufsize;
     unsigned char *s = NULL, *sp;
     unsigned char *bufp;
@@ -109,7 +60,7 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size)
             if (first)
                 break;
             else
-                goto err_sl;
+                goto err;
         }
         first = 0;
 
@@ -117,27 +68,15 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size)
         if (buf[i - 1] == '\n')
             buf[--i] = '\0';
         if (i == 0)
-            goto err_sl;
+            goto err;
         if (buf[i - 1] == '\r')
             buf[--i] = '\0';
         if (i == 0)
-            goto err_sl;
+            goto err;
         again = (buf[i - 1] == '\\');
 
         for (j = i - 1; j > 0; j--) {
-#ifndef CHARSET_EBCDIC
-            if (!(((buf[j] >= '0') && (buf[j] <= '9')) ||
-                  ((buf[j] >= 'a') && (buf[j] <= 'f')) ||
-                  ((buf[j] >= 'A') && (buf[j] <= 'F'))))
-#else
-            /*
-             * This #ifdef is not strictly necessary, since the characters
-             * A...F a...f 0...9 are contiguous (yes, even in EBCDIC - but
-             * not the whole alphabet). Nevertheless, isxdigit() is faster.
-             */
-            if (!isxdigit(buf[j]))
-#endif
-            {
+            if (!ossl_isxdigit(buf[j])) {
                 i = j;
                 break;
             }
@@ -147,7 +86,7 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size)
          * We have now cleared all the crap off the end of the line
          */
         if (i < 2)
-            goto err_sl;
+            goto err;
 
         bufp = (unsigned char *)buf;
 
@@ -155,37 +94,28 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size)
         i -= again;
         if (i % 2 != 0) {
             ASN1err(ASN1_F_A2I_ASN1_STRING, ASN1_R_ODD_NUMBER_OF_CHARS);
-            goto err;
+            OPENSSL_free(s);
+            return 0;
         }
         i /= 2;
         if (num + i > slen) {
-            if (s == NULL)
-                sp = (unsigned char *)OPENSSL_malloc((unsigned int)num +
-                                                     i * 2);
-            else
-                sp = (unsigned char *)OPENSSL_realloc(s,
-                                                      (unsigned int)num +
-                                                      i * 2);
+            sp = OPENSSL_realloc(s, (unsigned int)num + i * 2);
             if (sp == NULL) {
                 ASN1err(ASN1_F_A2I_ASN1_STRING, ERR_R_MALLOC_FAILURE);
-                goto err;
+                OPENSSL_free(s);
+                return 0;
             }
             s = sp;
             slen = num + i * 2;
         }
         for (j = 0; j < i; j++, k += 2) {
             for (n = 0; n < 2; n++) {
-                m = bufp[k + n];
-                if ((m >= '0') && (m <= '9'))
-                    m -= '0';
-                else if ((m >= 'a') && (m <= 'f'))
-                    m = m - 'a' + 10;
-                else if ((m >= 'A') && (m <= 'F'))
-                    m = m - 'A' + 10;
-                else {
+                m = OPENSSL_hexchar2int(bufp[k + n]);
+                if (m < 0) {
                     ASN1err(ASN1_F_A2I_ASN1_STRING,
                             ASN1_R_NON_HEX_CHARACTERS);
-                    goto err;
+                    OPENSSL_free(s);
+                    return 0;
                 }
                 s[num + j] <<= 4;
                 s[num + j] |= m;
@@ -199,13 +129,10 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size)
     }
     bs->length = num;
     bs->data = s;
-    ret = 1;
+    return 1;
+
  err:
-    if (0) {
- err_sl:
-        ASN1err(ASN1_F_A2I_ASN1_STRING, ASN1_R_SHORT_LINE);
-    }
-    if (ret != 1)
-        OPENSSL_free(s);
-    return (ret);
+    ASN1err(ASN1_F_A2I_ASN1_STRING, ASN1_R_SHORT_LINE);
+    OPENSSL_free(s);
+    return 0;
 }
diff --git a/freebsd/crypto/openssl/crypto/asn1/i2d_pr.c b/freebsd/crypto/openssl/crypto/asn1/i2d_pr.c
index ec3fc5da..403aa1d3 100644
--- a/freebsd/crypto/openssl/crypto/asn1/i2d_pr.c
+++ b/freebsd/crypto/openssl/crypto/asn1/i2d_pr.c
@@ -1,68 +1,20 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/asn1/i2d_pr.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/x509.h>
-#include "asn1_locl.h"
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
 
 int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)
 {
diff --git a/freebsd/crypto/openssl/crypto/asn1/i2d_pu.c b/freebsd/crypto/openssl/crypto/asn1/i2d_pu.c
index ab274b38..dab1b966 100644
--- a/freebsd/crypto/openssl/crypto/asn1/i2d_pu.c
+++ b/freebsd/crypto/openssl/crypto/asn1/i2d_pu.c
@@ -1,95 +1,40 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/asn1/i2d_pu.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/bn.h>
 #include <openssl/evp.h>
 #include <openssl/objects.h>
-#ifndef OPENSSL_NO_RSA
-# include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-# include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_EC
-# include <openssl/ec.h>
-#endif
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/ec.h>
 
 int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp)
 {
-    switch (a->type) {
+    switch (EVP_PKEY_id(a)) {
 #ifndef OPENSSL_NO_RSA
     case EVP_PKEY_RSA:
-        return (i2d_RSAPublicKey(a->pkey.rsa, pp));
+        return i2d_RSAPublicKey(EVP_PKEY_get0_RSA(a), pp);
 #endif
 #ifndef OPENSSL_NO_DSA
     case EVP_PKEY_DSA:
-        return (i2d_DSAPublicKey(a->pkey.dsa, pp));
+        return i2d_DSAPublicKey(EVP_PKEY_get0_DSA(a), pp);
 #endif
 #ifndef OPENSSL_NO_EC
     case EVP_PKEY_EC:
-        return (i2o_ECPublicKey(a->pkey.ec, pp));
+        return i2o_ECPublicKey(EVP_PKEY_get0_EC_KEY(a), pp);
 #endif
     default:
         ASN1err(ASN1_F_I2D_PUBLICKEY, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
-        return (-1);
+        return -1;
     }
 }
diff --git a/freebsd/crypto/openssl/crypto/asn1/n_pkey.c b/freebsd/crypto/openssl/crypto/asn1/n_pkey.c
index 72b4873c..057024d6 100644
--- a/freebsd/crypto/openssl/crypto/asn1/n_pkey.c
+++ b/freebsd/crypto/openssl/crypto/asn1/n_pkey.c
@@ -1,77 +1,31 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/asn1/n_pkey.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
-#include "cryptlib.h"
-#ifndef OPENSSL_NO_RSA
+#include "openssl/opensslconf.h"
+#ifdef OPENSSL_NO_RSA
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include "internal/cryptlib.h"
+# include <stdio.h>
 # include <openssl/rsa.h>
 # include <openssl/objects.h>
 # include <openssl/asn1t.h>
-# include <openssl/asn1_mac.h>
 # include <openssl/evp.h>
 # include <openssl/x509.h>
 
 # ifndef OPENSSL_NO_RC4
 
 typedef struct netscape_pkey_st {
-    long version;
+    int32_t version;
     X509_ALGOR *algor;
     ASN1_OCTET_STRING *private_key;
 } NETSCAPE_PKEY;
@@ -89,259 +43,22 @@ typedef struct netscape_encrypted_pkey_st {
 ASN1_BROKEN_SEQUENCE(NETSCAPE_ENCRYPTED_PKEY) = {
         ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, os, ASN1_OCTET_STRING),
         ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, enckey, X509_SIG)
-} ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY)
+} static_ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY)
 
 DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
 DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY,NETSCAPE_ENCRYPTED_PKEY)
 IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
 
 ASN1_SEQUENCE(NETSCAPE_PKEY) = {
-        ASN1_SIMPLE(NETSCAPE_PKEY, version, LONG),
+        ASN1_EMBED(NETSCAPE_PKEY, version, INT32),
         ASN1_SIMPLE(NETSCAPE_PKEY, algor, X509_ALGOR),
         ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END(NETSCAPE_PKEY)
+} static_ASN1_SEQUENCE_END(NETSCAPE_PKEY)
 
 DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
 DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_PKEY,NETSCAPE_PKEY)
 IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
 
-static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
-                          int (*cb) (char *buf, int len, const char *prompt,
-                                     int verify), int sgckey);
-
-int i2d_Netscape_RSA(const RSA *a, unsigned char **pp,
-                     int (*cb) (char *buf, int len, const char *prompt,
-                                int verify))
-{
-    return i2d_RSA_NET(a, pp, cb, 0);
-}
-
-int i2d_RSA_NET(const RSA *a, unsigned char **pp,
-                int (*cb) (char *buf, int len, const char *prompt,
-                           int verify), int sgckey)
-{
-    int i, j, ret = 0;
-    int rsalen, pkeylen, olen;
-    NETSCAPE_PKEY *pkey = NULL;
-    NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
-    unsigned char buf[256], *zz;
-    unsigned char key[EVP_MAX_KEY_LENGTH];
-    EVP_CIPHER_CTX ctx;
-    EVP_CIPHER_CTX_init(&ctx);
-
-    if (a == NULL)
-        return (0);
-
-    if ((pkey = NETSCAPE_PKEY_new()) == NULL)
-        goto err;
-    if ((enckey = NETSCAPE_ENCRYPTED_PKEY_new()) == NULL)
-        goto err;
-    pkey->version = 0;
-
-    pkey->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption);
-    if ((pkey->algor->parameter = ASN1_TYPE_new()) == NULL)
-        goto err;
-    pkey->algor->parameter->type = V_ASN1_NULL;
-
-    rsalen = i2d_RSAPrivateKey(a, NULL);
-
-    /*
-     * Fake some octet strings just for the initial length calculation.
-     */
-
-    pkey->private_key->length = rsalen;
-
-    pkeylen = i2d_NETSCAPE_PKEY(pkey, NULL);
-
-    enckey->enckey->digest->length = pkeylen;
-
-    enckey->os->length = 11;    /* "private-key" */
-
-    enckey->enckey->algor->algorithm = OBJ_nid2obj(NID_rc4);
-    if ((enckey->enckey->algor->parameter = ASN1_TYPE_new()) == NULL)
-        goto err;
-    enckey->enckey->algor->parameter->type = V_ASN1_NULL;
-
-    if (pp == NULL) {
-        olen = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, NULL);
-        NETSCAPE_PKEY_free(pkey);
-        NETSCAPE_ENCRYPTED_PKEY_free(enckey);
-        return olen;
-    }
-
-    /* Since its RC4 encrypted length is actual length */
-    if ((zz = (unsigned char *)OPENSSL_malloc(rsalen)) == NULL) {
-        ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    pkey->private_key->data = zz;
-    /* Write out private key encoding */
-    i2d_RSAPrivateKey(a, &zz);
-
-    if ((zz = OPENSSL_malloc(pkeylen)) == NULL) {
-        ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    if (!ASN1_STRING_set(enckey->os, "private-key", -1)) {
-        ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-    enckey->enckey->digest->data = zz;
-    i2d_NETSCAPE_PKEY(pkey, &zz);
-
-    /* Wipe the private key encoding */
-    OPENSSL_cleanse(pkey->private_key->data, rsalen);
-
-    if (cb == NULL)
-        cb = EVP_read_pw_string;
-    i = cb((char *)buf, 256, "Enter Private Key password:", 1);
-    if (i != 0) {
-        ASN1err(ASN1_F_I2D_RSA_NET, ASN1_R_BAD_PASSWORD_READ);
-        goto err;
-    }
-    i = strlen((char *)buf);
-    /* If the key is used for SGC the algorithm is modified a little. */
-    if (sgckey) {
-        if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL))
-            goto err;
-        memcpy(buf + 16, "SGCKEYSALT", 10);
-        i = 26;
-    }
-
-    if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i, 1, key, NULL))
-        goto err;
-    OPENSSL_cleanse(buf, 256);
-
-    /* Encrypt private key in place */
-    zz = enckey->enckey->digest->data;
-    if (!EVP_EncryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL))
-        goto err;
-    if (!EVP_EncryptUpdate(&ctx, zz, &i, zz, pkeylen))
-        goto err;
-    if (!EVP_EncryptFinal_ex(&ctx, zz + i, &j))
-        goto err;
-
-    ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp);
- err:
-    EVP_CIPHER_CTX_cleanup(&ctx);
-    NETSCAPE_ENCRYPTED_PKEY_free(enckey);
-    NETSCAPE_PKEY_free(pkey);
-    return (ret);
-}
-
-RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
-                      int (*cb) (char *buf, int len, const char *prompt,
-                                 int verify))
-{
-    return d2i_RSA_NET(a, pp, length, cb, 0);
-}
-
-RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
-                 int (*cb) (char *buf, int len, const char *prompt,
-                            int verify), int sgckey)
-{
-    RSA *ret = NULL;
-    const unsigned char *p;
-    NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
-
-    p = *pp;
-
-    enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length);
-    if (!enckey) {
-        ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_DECODING_ERROR);
-        return NULL;
-    }
-
-    if ((enckey->os->length != 11) || (strncmp("private-key",
-                                               (char *)enckey->os->data,
-                                               11) != 0)) {
-        ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_PRIVATE_KEY_HEADER_MISSING);
-        NETSCAPE_ENCRYPTED_PKEY_free(enckey);
-        return NULL;
-    }
-    if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4) {
-        ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
-        goto err;
-    }
-    if (cb == NULL)
-        cb = EVP_read_pw_string;
-    if ((ret = d2i_RSA_NET_2(a, enckey->enckey->digest, cb, sgckey)) == NULL)
-        goto err;
-
-    *pp = p;
-
- err:
-    NETSCAPE_ENCRYPTED_PKEY_free(enckey);
-    return ret;
-
-}
-
-static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
-                          int (*cb) (char *buf, int len, const char *prompt,
-                                     int verify), int sgckey)
-{
-    NETSCAPE_PKEY *pkey = NULL;
-    RSA *ret = NULL;
-    int i, j;
-    unsigned char buf[256];
-    const unsigned char *zz;
-    unsigned char key[EVP_MAX_KEY_LENGTH];
-    EVP_CIPHER_CTX ctx;
-    EVP_CIPHER_CTX_init(&ctx);
-
-    i = cb((char *)buf, 256, "Enter Private Key password:", 0);
-    if (i != 0) {
-        ASN1err(ASN1_F_D2I_RSA_NET_2, ASN1_R_BAD_PASSWORD_READ);
-        goto err;
-    }
-
-    i = strlen((char *)buf);
-    if (sgckey) {
-        if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL))
-            goto err;
-        memcpy(buf + 16, "SGCKEYSALT", 10);
-        i = 26;
-    }
-
-    if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i, 1, key, NULL))
-        goto err;
-    OPENSSL_cleanse(buf, 256);
-
-    if (!EVP_DecryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL))
-        goto err;
-    if (!EVP_DecryptUpdate(&ctx, os->data, &i, os->data, os->length))
-        goto err;
-    if (!EVP_DecryptFinal_ex(&ctx, &(os->data[i]), &j))
-        goto err;
-    os->length = i + j;
-
-    zz = os->data;
-
-    if ((pkey = d2i_NETSCAPE_PKEY(NULL, &zz, os->length)) == NULL) {
-        ASN1err(ASN1_F_D2I_RSA_NET_2,
-                ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY);
-        goto err;
-    }
-
-    zz = pkey->private_key->data;
-    if ((ret = d2i_RSAPrivateKey(a, &zz, pkey->private_key->length)) == NULL) {
-        ASN1err(ASN1_F_D2I_RSA_NET_2, ASN1_R_UNABLE_TO_DECODE_RSA_KEY);
-        goto err;
-    }
- err:
-    EVP_CIPHER_CTX_cleanup(&ctx);
-    NETSCAPE_PKEY_free(pkey);
-    return (ret);
-}
-
 # endif                         /* OPENSSL_NO_RC4 */
 
-#else                           /* !OPENSSL_NO_RSA */
-
-# if PEDANTIC
-static void *dummy = &dummy;
-# endif
-
 #endif
diff --git a/freebsd/crypto/openssl/crypto/asn1/nsseq.c b/freebsd/crypto/openssl/crypto/asn1/nsseq.c
index b4d1eed4..308c6a74 100644
--- a/freebsd/crypto/openssl/crypto/asn1/nsseq.c
+++ b/freebsd/crypto/openssl/crypto/asn1/nsseq.c
@@ -1,62 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* nsseq.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
diff --git a/freebsd/crypto/openssl/crypto/asn1/p5_pbe.c b/freebsd/crypto/openssl/crypto/asn1/p5_pbe.c
index 8c27bb40..1f583591 100644
--- a/freebsd/crypto/openssl/crypto/asn1/p5_pbe.c
+++ b/freebsd/crypto/openssl/crypto/asn1/p5_pbe.c
@@ -1,66 +1,16 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* p5_pbe.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
 #include <openssl/rand.h>
@@ -81,10 +31,10 @@ int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
 {
     PBEPARAM *pbe = NULL;
     ASN1_STRING *pbe_str = NULL;
-    unsigned char *sstr;
+    unsigned char *sstr = NULL;
 
     pbe = PBEPARAM_new();
-    if (!pbe) {
+    if (pbe == NULL) {
         ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
         goto err;
     }
@@ -96,16 +46,20 @@ int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
     }
     if (!saltlen)
         saltlen = PKCS5_SALT_LEN;
-    if (!ASN1_STRING_set(pbe->salt, NULL, saltlen)) {
+
+    sstr = OPENSSL_malloc(saltlen);
+    if (sstr == NULL) {
         ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
         goto err;
     }
-    sstr = ASN1_STRING_data(pbe->salt);
     if (salt)
         memcpy(sstr, salt, saltlen);
     else if (RAND_bytes(sstr, saltlen) <= 0)
         goto err;
 
+    ASN1_STRING_set0(pbe->salt, sstr, saltlen);
+    sstr = NULL;
+
     if (!ASN1_item_pack(pbe, ASN1_ITEM_rptr(PBEPARAM), &pbe_str)) {
         ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
         goto err;
@@ -118,10 +72,9 @@ int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
         return 1;
 
  err:
-    if (pbe != NULL)
-        PBEPARAM_free(pbe);
-    if (pbe_str != NULL)
-        ASN1_STRING_free(pbe_str);
+    OPENSSL_free(sstr);
+    PBEPARAM_free(pbe);
+    ASN1_STRING_free(pbe_str);
     return 0;
 }
 
@@ -132,7 +85,7 @@ X509_ALGOR *PKCS5_pbe_set(int alg, int iter,
 {
     X509_ALGOR *ret;
     ret = X509_ALGOR_new();
-    if (!ret) {
+    if (ret == NULL) {
         ASN1err(ASN1_F_PKCS5_PBE_SET, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
diff --git a/freebsd/crypto/openssl/crypto/asn1/p5_pbev2.c b/freebsd/crypto/openssl/crypto/asn1/p5_pbev2.c
index 9f9a503b..57176328 100644
--- a/freebsd/crypto/openssl/crypto/asn1/p5_pbev2.c
+++ b/freebsd/crypto/openssl/crypto/asn1/p5_pbev2.c
@@ -1,66 +1,16 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* p5_pbev2.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999-2004.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
 #include <openssl/rand.h>
@@ -95,7 +45,7 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
 {
     X509_ALGOR *scheme = NULL, *ret = NULL;
     int alg_nid, keylen;
-    EVP_CIPHER_CTX ctx;
+    EVP_CIPHER_CTX *ctx = NULL;
     unsigned char iv[EVP_MAX_IV_LENGTH];
     PBE2PARAM *pbe2 = NULL;
 
@@ -106,14 +56,13 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
         goto err;
     }
 
-    if (!(pbe2 = PBE2PARAM_new()))
+    if ((pbe2 = PBE2PARAM_new()) == NULL)
         goto merr;
 
     /* Setup the AlgorithmIdentifier for the encryption scheme */
     scheme = pbe2->encryption;
-
     scheme->algorithm = OBJ_nid2obj(alg_nid);
-    if (!(scheme->parameter = ASN1_TYPE_new()))
+    if ((scheme->parameter = ASN1_TYPE_new()) == NULL)
         goto merr;
 
     /* Create random IV */
@@ -124,14 +73,15 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
             goto err;
     }
 
-    EVP_CIPHER_CTX_init(&ctx);
+    ctx = EVP_CIPHER_CTX_new();
+    if (ctx == NULL)
+        goto merr;
 
     /* Dummy cipherinit to just setup the IV, and PRF */
-    if (!EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0))
+    if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, iv, 0))
         goto err;
-    if (EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
+    if (EVP_CIPHER_param_to_asn1(ctx, scheme->parameter) <= 0) {
         ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
-        EVP_CIPHER_CTX_cleanup(&ctx);
         goto err;
     }
     /*
@@ -139,11 +89,12 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
      * here: just means use default PRF.
      */
     if ((prf_nid == -1) &&
-        EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) {
+        EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) {
         ERR_clear_error();
-        prf_nid = NID_hmacWithSHA1;
+        prf_nid = NID_hmacWithSHA256;
     }
-    EVP_CIPHER_CTX_cleanup(&ctx);
+    EVP_CIPHER_CTX_free(ctx);
+    ctx = NULL;
 
     /* If its RC2 then we'd better setup the key length */
 
@@ -163,19 +114,16 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
 
     /* Now set up top level AlgorithmIdentifier */
 
-    if (!(ret = X509_ALGOR_new()))
-        goto merr;
-    if (!(ret->parameter = ASN1_TYPE_new()))
+    if ((ret = X509_ALGOR_new()) == NULL)
         goto merr;
 
     ret->algorithm = OBJ_nid2obj(NID_pbes2);
 
     /* Encode PBE2PARAM into parameter */
 
-    if (!ASN1_item_pack(pbe2, ASN1_ITEM_rptr(PBE2PARAM),
-                        &ret->parameter->value.sequence))
+    if (!ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(PBE2PARAM), pbe2,
+                                 &ret->parameter))
          goto merr;
-    ret->parameter->type = V_ASN1_SEQUENCE;
 
     PBE2PARAM_free(pbe2);
     pbe2 = NULL;
@@ -186,6 +134,7 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
     ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ERR_R_MALLOC_FAILURE);
 
  err:
+    EVP_CIPHER_CTX_free(ctx);
     PBE2PARAM_free(pbe2);
     /* Note 'scheme' is freed as part of pbe2 */
     X509_ALGOR_free(ret);
@@ -206,17 +155,17 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
     PBKDF2PARAM *kdf = NULL;
     ASN1_OCTET_STRING *osalt = NULL;
 
-    if (!(kdf = PBKDF2PARAM_new()))
+    if ((kdf = PBKDF2PARAM_new()) == NULL)
         goto merr;
-    if (!(osalt = M_ASN1_OCTET_STRING_new()))
+    if ((osalt = ASN1_OCTET_STRING_new()) == NULL)
         goto merr;
 
     kdf->salt->value.octet_string = osalt;
     kdf->salt->type = V_ASN1_OCTET_STRING;
 
-    if (!saltlen)
+    if (saltlen == 0)
         saltlen = PKCS5_SALT_LEN;
-    if (!(osalt->data = OPENSSL_malloc(saltlen)))
+    if ((osalt->data = OPENSSL_malloc(saltlen)) == NULL)
         goto merr;
 
     osalt->length = saltlen;
@@ -235,7 +184,7 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
     /* If have a key len set it up */
 
     if (keylen > 0) {
-        if (!(kdf->keylength = M_ASN1_INTEGER_new()))
+        if ((kdf->keylength = ASN1_INTEGER_new()) == NULL)
             goto merr;
         if (!ASN1_INTEGER_set(kdf->keylength, keylen))
             goto merr;
@@ -244,7 +193,7 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
     /* prf can stay NULL if we are using hmacWithSHA1 */
     if (prf_nid > 0 && prf_nid != NID_hmacWithSHA1) {
         kdf->prf = X509_ALGOR_new();
-        if (!kdf->prf)
+        if (kdf->prf == NULL)
             goto merr;
         X509_ALGOR_set0(kdf->prf, OBJ_nid2obj(prf_nid), V_ASN1_NULL, NULL);
     }
@@ -252,20 +201,16 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
     /* Finally setup the keyfunc structure */
 
     keyfunc = X509_ALGOR_new();
-    if (!keyfunc)
+    if (keyfunc == NULL)
         goto merr;
 
     keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2);
 
     /* Encode PBKDF2PARAM into parameter of pbe2 */
 
-    if (!(keyfunc->parameter = ASN1_TYPE_new()))
-        goto merr;
-
-    if (!ASN1_item_pack(kdf, ASN1_ITEM_rptr(PBKDF2PARAM),
-                        &keyfunc->parameter->value.sequence))
+    if (!ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(PBKDF2PARAM), kdf,
+                                 &keyfunc->parameter))
          goto merr;
-    keyfunc->parameter->type = V_ASN1_SEQUENCE;
 
     PBKDF2PARAM_free(kdf);
     return keyfunc;
diff --git a/freebsd/crypto/openssl/crypto/asn1/p5_scrypt.c b/freebsd/crypto/openssl/crypto/asn1/p5_scrypt.c
new file mode 100644
index 00000000..0ebcf8e8
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/asn1/p5_scrypt.c
@@ -0,0 +1,276 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/rand.h>
+
+#ifndef OPENSSL_NO_SCRYPT
+/* PKCS#5 scrypt password based encryption structures */
+
+ASN1_SEQUENCE(SCRYPT_PARAMS) = {
+        ASN1_SIMPLE(SCRYPT_PARAMS, salt, ASN1_OCTET_STRING),
+        ASN1_SIMPLE(SCRYPT_PARAMS, costParameter, ASN1_INTEGER),
+        ASN1_SIMPLE(SCRYPT_PARAMS, blockSize, ASN1_INTEGER),
+        ASN1_SIMPLE(SCRYPT_PARAMS, parallelizationParameter, ASN1_INTEGER),
+        ASN1_OPT(SCRYPT_PARAMS, keyLength, ASN1_INTEGER),
+} ASN1_SEQUENCE_END(SCRYPT_PARAMS)
+
+IMPLEMENT_ASN1_FUNCTIONS(SCRYPT_PARAMS)
+
+static X509_ALGOR *pkcs5_scrypt_set(const unsigned char *salt, size_t saltlen,
+                                    size_t keylen, uint64_t N, uint64_t r,
+                                    uint64_t p);
+
+/*
+ * Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm using scrypt
+ */
+
+X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher,
+                                  const unsigned char *salt, int saltlen,
+                                  unsigned char *aiv, uint64_t N, uint64_t r,
+                                  uint64_t p)
+{
+    X509_ALGOR *scheme = NULL, *ret = NULL;
+    int alg_nid;
+    size_t keylen = 0;
+    EVP_CIPHER_CTX *ctx = NULL;
+    unsigned char iv[EVP_MAX_IV_LENGTH];
+    PBE2PARAM *pbe2 = NULL;
+
+    if (!cipher) {
+        ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT, ERR_R_PASSED_NULL_PARAMETER);
+        goto err;
+    }
+
+    if (EVP_PBE_scrypt(NULL, 0, NULL, 0, N, r, p, 0, NULL, 0) == 0) {
+        ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT,
+                ASN1_R_INVALID_SCRYPT_PARAMETERS);
+        goto err;
+    }
+
+    alg_nid = EVP_CIPHER_type(cipher);
+    if (alg_nid == NID_undef) {
+        ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT,
+                ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
+        goto err;
+    }
+
+    pbe2 = PBE2PARAM_new();
+    if (pbe2 == NULL)
+        goto merr;
+
+    /* Setup the AlgorithmIdentifier for the encryption scheme */
+    scheme = pbe2->encryption;
+
+    scheme->algorithm = OBJ_nid2obj(alg_nid);
+    scheme->parameter = ASN1_TYPE_new();
+    if (scheme->parameter == NULL)
+        goto merr;
+
+    /* Create random IV */
+    if (EVP_CIPHER_iv_length(cipher)) {
+        if (aiv)
+            memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher));
+        else if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) <= 0)
+            goto err;
+    }
+
+    ctx = EVP_CIPHER_CTX_new();
+    if (ctx == NULL)
+        goto merr;
+
+    /* Dummy cipherinit to just setup the IV */
+    if (EVP_CipherInit_ex(ctx, cipher, NULL, NULL, iv, 0) == 0)
+        goto err;
+    if (EVP_CIPHER_param_to_asn1(ctx, scheme->parameter) <= 0) {
+        ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT,
+                ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
+        goto err;
+    }
+    EVP_CIPHER_CTX_free(ctx);
+    ctx = NULL;
+
+    /* If its RC2 then we'd better setup the key length */
+
+    if (alg_nid == NID_rc2_cbc)
+        keylen = EVP_CIPHER_key_length(cipher);
+
+    /* Setup keyfunc */
+
+    X509_ALGOR_free(pbe2->keyfunc);
+
+    pbe2->keyfunc = pkcs5_scrypt_set(salt, saltlen, keylen, N, r, p);
+
+    if (pbe2->keyfunc == NULL)
+        goto merr;
+
+    /* Now set up top level AlgorithmIdentifier */
+
+    ret = X509_ALGOR_new();
+    if (ret == NULL)
+        goto merr;
+
+    ret->algorithm = OBJ_nid2obj(NID_pbes2);
+
+    /* Encode PBE2PARAM into parameter */
+
+    if (ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(PBE2PARAM), pbe2,
+                                &ret->parameter) == NULL)
+        goto merr;
+
+    PBE2PARAM_free(pbe2);
+    pbe2 = NULL;
+
+    return ret;
+
+ merr:
+    ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT, ERR_R_MALLOC_FAILURE);
+
+ err:
+    PBE2PARAM_free(pbe2);
+    X509_ALGOR_free(ret);
+    EVP_CIPHER_CTX_free(ctx);
+
+    return NULL;
+}
+
+static X509_ALGOR *pkcs5_scrypt_set(const unsigned char *salt, size_t saltlen,
+                                    size_t keylen, uint64_t N, uint64_t r,
+                                    uint64_t p)
+{
+    X509_ALGOR *keyfunc = NULL;
+    SCRYPT_PARAMS *sparam = SCRYPT_PARAMS_new();
+
+    if (sparam == NULL)
+        goto merr;
+
+    if (!saltlen)
+        saltlen = PKCS5_SALT_LEN;
+
+    /* This will either copy salt or grow the buffer */
+    if (ASN1_STRING_set(sparam->salt, salt, saltlen) == 0)
+        goto merr;
+
+    if (salt == NULL && RAND_bytes(sparam->salt->data, saltlen) <= 0)
+        goto err;
+
+    if (ASN1_INTEGER_set_uint64(sparam->costParameter, N) == 0)
+        goto merr;
+
+    if (ASN1_INTEGER_set_uint64(sparam->blockSize, r) == 0)
+        goto merr;
+
+    if (ASN1_INTEGER_set_uint64(sparam->parallelizationParameter, p) == 0)
+        goto merr;
+
+    /* If have a key len set it up */
+
+    if (keylen > 0) {
+        sparam->keyLength = ASN1_INTEGER_new();
+        if (sparam->keyLength == NULL)
+            goto merr;
+        if (ASN1_INTEGER_set_int64(sparam->keyLength, keylen) == 0)
+            goto merr;
+    }
+
+    /* Finally setup the keyfunc structure */
+
+    keyfunc = X509_ALGOR_new();
+    if (keyfunc == NULL)
+        goto merr;
+
+    keyfunc->algorithm = OBJ_nid2obj(NID_id_scrypt);
+
+    /* Encode SCRYPT_PARAMS into parameter of pbe2 */
+
+    if (ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(SCRYPT_PARAMS), sparam,
+                                &keyfunc->parameter) == NULL)
+        goto merr;
+
+    SCRYPT_PARAMS_free(sparam);
+    return keyfunc;
+
+ merr:
+    ASN1err(ASN1_F_PKCS5_SCRYPT_SET, ERR_R_MALLOC_FAILURE);
+ err:
+    SCRYPT_PARAMS_free(sparam);
+    X509_ALGOR_free(keyfunc);
+    return NULL;
+}
+
+int PKCS5_v2_scrypt_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass,
+                             int passlen, ASN1_TYPE *param,
+                             const EVP_CIPHER *c, const EVP_MD *md, int en_de)
+{
+    unsigned char *salt, key[EVP_MAX_KEY_LENGTH];
+    uint64_t p, r, N;
+    size_t saltlen;
+    size_t keylen = 0;
+    int rv = 0;
+    SCRYPT_PARAMS *sparam = NULL;
+
+    if (EVP_CIPHER_CTX_cipher(ctx) == NULL) {
+        EVPerr(EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN, EVP_R_NO_CIPHER_SET);
+        goto err;
+    }
+
+    /* Decode parameter */
+
+    sparam = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(SCRYPT_PARAMS), param);
+
+    if (sparam == NULL) {
+        EVPerr(EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN, EVP_R_DECODE_ERROR);
+        goto err;
+    }
+
+    keylen = EVP_CIPHER_CTX_key_length(ctx);
+
+    /* Now check the parameters of sparam */
+
+    if (sparam->keyLength) {
+        uint64_t spkeylen;
+        if ((ASN1_INTEGER_get_uint64(&spkeylen, sparam->keyLength) == 0)
+            || (spkeylen != keylen)) {
+            EVPerr(EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN,
+                   EVP_R_UNSUPPORTED_KEYLENGTH);
+            goto err;
+        }
+    }
+    /* Check all parameters fit in uint64_t and are acceptable to scrypt */
+    if (ASN1_INTEGER_get_uint64(&N, sparam->costParameter) == 0
+        || ASN1_INTEGER_get_uint64(&r, sparam->blockSize) == 0
+        || ASN1_INTEGER_get_uint64(&p, sparam->parallelizationParameter) == 0
+        || EVP_PBE_scrypt(NULL, 0, NULL, 0, N, r, p, 0, NULL, 0) == 0) {
+        EVPerr(EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN,
+               EVP_R_ILLEGAL_SCRYPT_PARAMETERS);
+        goto err;
+    }
+
+    /* it seems that its all OK */
+
+    salt = sparam->salt->data;
+    saltlen = sparam->salt->length;
+    if (EVP_PBE_scrypt(pass, passlen, salt, saltlen, N, r, p, 0, key, keylen)
+        == 0)
+        goto err;
+    rv = EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);
+ err:
+    if (keylen)
+        OPENSSL_cleanse(key, keylen);
+    SCRYPT_PARAMS_free(sparam);
+    return rv;
+}
+#endif /* OPENSSL_NO_SCRYPT */
diff --git a/freebsd/crypto/openssl/crypto/asn1/p8_pkey.c b/freebsd/crypto/openssl/crypto/asn1/p8_pkey.c
index 531ee4dc..18d476aa 100644
--- a/freebsd/crypto/openssl/crypto/asn1/p8_pkey.c
+++ b/freebsd/crypto/openssl/crypto/asn1/p8_pkey.c
@@ -1,68 +1,19 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* p8_pkey.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
+#include "internal/x509_int.h"
 
 /* Minor tweak to operation: zero private key data */
 static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
@@ -71,10 +22,8 @@ static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
     /* Since the structure must still be valid use ASN1_OP_FREE_PRE */
     if (operation == ASN1_OP_FREE_PRE) {
         PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval;
-        if (key->pkey && key->pkey->type == V_ASN1_OCTET_STRING
-            && key->pkey->value.octet_string != NULL)
-            OPENSSL_cleanse(key->pkey->value.octet_string->data,
-                            key->pkey->value.octet_string->length);
+        if (key->pkey)
+            OPENSSL_cleanse(key->pkey->data, key->pkey->length);
     }
     return 1;
 }
@@ -82,7 +31,7 @@ static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
 ASN1_SEQUENCE_cb(PKCS8_PRIV_KEY_INFO, pkey_cb) = {
         ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, version, ASN1_INTEGER),
         ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkeyalg, X509_ALGOR),
-        ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkey, ASN1_ANY),
+        ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkey, ASN1_OCTET_STRING),
         ASN1_IMP_SET_OF_OPT(PKCS8_PRIV_KEY_INFO, attributes, X509_ATTRIBUTE, 0)
 } ASN1_SEQUENCE_END_cb(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
 
@@ -92,56 +41,42 @@ int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj,
                     int version,
                     int ptype, void *pval, unsigned char *penc, int penclen)
 {
-    unsigned char **ppenc = NULL;
     if (version >= 0) {
         if (!ASN1_INTEGER_set(priv->version, version))
             return 0;
     }
-    if (penc) {
-        int pmtype;
-        ASN1_OCTET_STRING *oct;
-        oct = ASN1_OCTET_STRING_new();
-        if (!oct)
-            return 0;
-        oct->data = penc;
-        ppenc = &oct->data;
-        oct->length = penclen;
-        if (priv->broken == PKCS8_NO_OCTET)
-            pmtype = V_ASN1_SEQUENCE;
-        else
-            pmtype = V_ASN1_OCTET_STRING;
-        ASN1_TYPE_set(priv->pkey, pmtype, oct);
-    }
-    if (!X509_ALGOR_set0(priv->pkeyalg, aobj, ptype, pval)) {
-        /* If call fails do not swallow 'enc' */
-        if (ppenc)
-            *ppenc = NULL;
+    if (!X509_ALGOR_set0(priv->pkeyalg, aobj, ptype, pval))
         return 0;
-    }
+    if (penc)
+        ASN1_STRING_set0(priv->pkey, penc, penclen);
     return 1;
 }
 
-int PKCS8_pkey_get0(ASN1_OBJECT **ppkalg,
+int PKCS8_pkey_get0(const ASN1_OBJECT **ppkalg,
                     const unsigned char **pk, int *ppklen,
-                    X509_ALGOR **pa, PKCS8_PRIV_KEY_INFO *p8)
+                    const X509_ALGOR **pa, const PKCS8_PRIV_KEY_INFO *p8)
 {
     if (ppkalg)
         *ppkalg = p8->pkeyalg->algorithm;
-    if (p8->pkey->type == V_ASN1_OCTET_STRING) {
-        p8->broken = PKCS8_OK;
-        if (pk) {
-            *pk = p8->pkey->value.octet_string->data;
-            *ppklen = p8->pkey->value.octet_string->length;
-        }
-    } else if (p8->pkey->type == V_ASN1_SEQUENCE) {
-        p8->broken = PKCS8_NO_OCTET;
-        if (pk) {
-            *pk = p8->pkey->value.sequence->data;
-            *ppklen = p8->pkey->value.sequence->length;
-        }
-    } else
-        return 0;
+    if (pk) {
+        *pk = ASN1_STRING_get0_data(p8->pkey);
+        *ppklen = ASN1_STRING_length(p8->pkey);
+    }
     if (pa)
         *pa = p8->pkeyalg;
     return 1;
 }
+
+const STACK_OF(X509_ATTRIBUTE) *
+PKCS8_pkey_get0_attrs(const PKCS8_PRIV_KEY_INFO *p8)
+{
+    return p8->attributes;
+}
+
+int PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int nid, int type,
+                                const unsigned char *bytes, int len)
+{
+    if (X509at_add1_attr_by_NID(&p8->attributes, nid, type, bytes, len) != NULL)
+        return 1;
+    return 0;
+}
diff --git a/freebsd/crypto/openssl/crypto/asn1/standard_methods.h b/freebsd/crypto/openssl/crypto/asn1/standard_methods.h
new file mode 100644
index 00000000..e74de55f
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/asn1/standard_methods.h
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This table MUST be kept in ascending order of the NID each method
+ * represents (corresponding to the pkey_id field) as OBJ_bsearch
+ * is used to search it.
+ */
+static const EVP_PKEY_ASN1_METHOD *standard_methods[] = {
+#ifndef OPENSSL_NO_RSA
+    &rsa_asn1_meths[0],
+    &rsa_asn1_meths[1],
+#endif
+#ifndef OPENSSL_NO_DH
+    &dh_asn1_meth,
+#endif
+#ifndef OPENSSL_NO_DSA
+    &dsa_asn1_meths[0],
+    &dsa_asn1_meths[1],
+    &dsa_asn1_meths[2],
+    &dsa_asn1_meths[3],
+    &dsa_asn1_meths[4],
+#endif
+#ifndef OPENSSL_NO_EC
+    &eckey_asn1_meth,
+#endif
+    &hmac_asn1_meth,
+#ifndef OPENSSL_NO_CMAC
+    &cmac_asn1_meth,
+#endif
+#ifndef OPENSSL_NO_RSA
+    &rsa_pss_asn1_meth,
+#endif
+#ifndef OPENSSL_NO_DH
+    &dhx_asn1_meth,
+#endif
+#ifndef OPENSSL_NO_EC
+    &ecx25519_asn1_meth,
+    &ecx448_asn1_meth,
+#endif
+#ifndef OPENSSL_NO_POLY1305
+    &poly1305_asn1_meth,
+#endif
+#ifndef OPENSSL_NO_SIPHASH
+    &siphash_asn1_meth,
+#endif
+#ifndef OPENSSL_NO_EC
+    &ed25519_asn1_meth,
+    &ed448_asn1_meth,
+#endif
+#ifndef OPENSSL_NO_SM2
+    &sm2_asn1_meth,
+#endif
+};
+
diff --git a/freebsd/crypto/openssl/crypto/asn1/t_bitst.c b/freebsd/crypto/openssl/crypto/asn1/t_bitst.c
index 4d230f7d..ad295610 100644
--- a/freebsd/crypto/openssl/crypto/asn1/t_bitst.c
+++ b/freebsd/crypto/openssl/crypto/asn1/t_bitst.c
@@ -1,66 +1,16 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* t_bitst.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
 
@@ -82,7 +32,7 @@ int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
     return 1;
 }
 
-int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value,
+int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, const char *name, int value,
                             BIT_STRING_BITNAME *tbl)
 {
     int bitnum;
@@ -96,11 +46,12 @@ int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value,
     return 1;
 }
 
-int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl)
+int ASN1_BIT_STRING_num_asc(const char *name, BIT_STRING_BITNAME *tbl)
 {
     BIT_STRING_BITNAME *bnam;
     for (bnam = tbl; bnam->lname; bnam++) {
-        if (!strcmp(bnam->sname, name) || !strcmp(bnam->lname, name))
+        if ((strcmp(bnam->sname, name) == 0)
+            || (strcmp(bnam->lname, name) == 0))
             return bnam->bitnum;
     }
     return -1;
diff --git a/freebsd/crypto/openssl/crypto/asn1/t_crl.c b/freebsd/crypto/openssl/crypto/asn1/t_crl.c
deleted file mode 100644
index f7f80963..00000000
--- a/freebsd/crypto/openssl/crypto/asn1/t_crl.c
+++ /dev/null
@@ -1,135 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* t_crl.c */
-/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/bn.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-#ifndef OPENSSL_NO_FP_API
-int X509_CRL_print_fp(FILE *fp, X509_CRL *x)
-{
-    BIO *b;
-    int ret;
-
-    if ((b = BIO_new(BIO_s_file())) == NULL) {
-        X509err(X509_F_X509_CRL_PRINT_FP, ERR_R_BUF_LIB);
-        return (0);
-    }
-    BIO_set_fp(b, fp, BIO_NOCLOSE);
-    ret = X509_CRL_print(b, x);
-    BIO_free(b);
-    return (ret);
-}
-#endif
-
-int X509_CRL_print(BIO *out, X509_CRL *x)
-{
-    STACK_OF(X509_REVOKED) *rev;
-    X509_REVOKED *r;
-    long l;
-    int i;
-    char *p;
-
-    BIO_printf(out, "Certificate Revocation List (CRL):\n");
-    l = X509_CRL_get_version(x);
-    BIO_printf(out, "%8sVersion %lu (0x%lx)\n", "", l + 1, l);
-    i = OBJ_obj2nid(x->sig_alg->algorithm);
-    X509_signature_print(out, x->sig_alg, NULL);
-    p = X509_NAME_oneline(X509_CRL_get_issuer(x), NULL, 0);
-    BIO_printf(out, "%8sIssuer: %s\n", "", p);
-    OPENSSL_free(p);
-    BIO_printf(out, "%8sLast Update: ", "");
-    ASN1_TIME_print(out, X509_CRL_get_lastUpdate(x));
-    BIO_printf(out, "\n%8sNext Update: ", "");
-    if (X509_CRL_get_nextUpdate(x))
-        ASN1_TIME_print(out, X509_CRL_get_nextUpdate(x));
-    else
-        BIO_printf(out, "NONE");
-    BIO_printf(out, "\n");
-
-    X509V3_extensions_print(out, "CRL extensions", x->crl->extensions, 0, 8);
-
-    rev = X509_CRL_get_REVOKED(x);
-
-    if (sk_X509_REVOKED_num(rev) > 0)
-        BIO_printf(out, "Revoked Certificates:\n");
-    else
-        BIO_printf(out, "No Revoked Certificates.\n");
-
-    for (i = 0; i < sk_X509_REVOKED_num(rev); i++) {
-        r = sk_X509_REVOKED_value(rev, i);
-        BIO_printf(out, "    Serial Number: ");
-        i2a_ASN1_INTEGER(out, r->serialNumber);
-        BIO_printf(out, "\n        Revocation Date: ");
-        ASN1_TIME_print(out, r->revocationDate);
-        BIO_printf(out, "\n");
-        X509V3_extensions_print(out, "CRL entry extensions",
-                                r->extensions, 0, 8);
-    }
-    X509_signature_print(out, x->sig_alg, x->signature);
-
-    return 1;
-
-}
diff --git a/freebsd/crypto/openssl/crypto/asn1/t_pkey.c b/freebsd/crypto/openssl/crypto/asn1/t_pkey.c
index 4803cb3d..cf4444c2 100644
--- a/freebsd/crypto/openssl/crypto/asn1/t_pkey.c
+++ b/freebsd/crypto/openssl/crypto/asn1/t_pkey.c
@@ -1,79 +1,61 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/asn1/t_pkey.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/objects.h>
 #include <openssl/buffer.h>
-#include <openssl/bn.h>
+#include "internal/bn_int.h"
+
+/* Number of octets per line */
+#define ASN1_BUF_PRINT_WIDTH    15
+/* Maximum indent */
+#define ASN1_PRINT_MAX_INDENT 128
+
+int ASN1_buf_print(BIO *bp, const unsigned char *buf, size_t buflen, int indent)
+{
+    size_t i;
+
+    for (i = 0; i < buflen; i++) {
+        if ((i % ASN1_BUF_PRINT_WIDTH) == 0) {
+            if (i > 0 && BIO_puts(bp, "\n") <= 0)
+                return 0;
+            if (!BIO_indent(bp, indent, ASN1_PRINT_MAX_INDENT))
+                return 0;
+        }
+        /*
+         * Use colon separators for each octet for compatibility as
+         * this function is used to print out key components.
+         */
+        if (BIO_printf(bp, "%02x%s", buf[i],
+                       (i == buflen - 1) ? "" : ":") <= 0)
+                return 0;
+    }
+    if (BIO_write(bp, "\n", 1) <= 0)
+        return 0;
+    return 1;
+}
 
 int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num,
-                  unsigned char *buf, int off)
+                  unsigned char *ign, int indent)
 {
-    int n, i;
+    int n, rv = 0;
     const char *neg;
+    unsigned char *buf = NULL, *tmp = NULL;
+    int buflen;
 
     if (num == NULL)
-        return (1);
-    neg = (BN_is_negative(num)) ? "-" : "";
-    if (!BIO_indent(bp, off, 128))
+        return 1;
+    neg = BN_is_negative(num) ? "-" : "";
+    if (!BIO_indent(bp, indent, ASN1_PRINT_MAX_INDENT))
         return 0;
     if (BN_is_zero(num)) {
         if (BIO_printf(bp, "%s 0\n", number) <= 0)
@@ -83,33 +65,31 @@ int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num,
 
     if (BN_num_bytes(num) <= BN_BYTES) {
         if (BIO_printf(bp, "%s %s%lu (%s0x%lx)\n", number, neg,
-                       (unsigned long)num->d[0], neg,
-                       (unsigned long)num->d[0])
-            <= 0)
-            return (0);
-    } else {
-        buf[0] = 0;
-        if (BIO_printf(bp, "%s%s", number,
-                       (neg[0] == '-') ? " (Negative)" : "") <= 0)
-            return (0);
-        n = BN_bn2bin(num, &buf[1]);
+                       (unsigned long)bn_get_words(num)[0], neg,
+                       (unsigned long)bn_get_words(num)[0]) <= 0)
+            return 0;
+        return 1;
+    }
 
-        if (buf[1] & 0x80)
-            n++;
-        else
-            buf++;
+    buflen = BN_num_bytes(num) + 1;
+    buf = tmp = OPENSSL_malloc(buflen);
+    if (buf == NULL)
+        goto err;
+    buf[0] = 0;
+    if (BIO_printf(bp, "%s%s\n", number,
+                   (neg[0] == '-') ? " (Negative)" : "") <= 0)
+        goto err;
+    n = BN_bn2bin(num, buf + 1);
 
-        for (i = 0; i < n; i++) {
-            if ((i % 15) == 0) {
-                if (BIO_puts(bp, "\n") <= 0 || !BIO_indent(bp, off + 4, 128))
-                    return 0;
-            }
-            if (BIO_printf(bp, "%02x%s", buf[i], ((i + 1) == n) ? "" : ":")
-                <= 0)
-                return (0);
-        }
-        if (BIO_write(bp, "\n", 1) <= 0)
-            return (0);
-    }
-    return (1);
+    if (buf[1] & 0x80)
+        n++;
+    else
+        tmp++;
+
+    if (ASN1_buf_print(bp, tmp, n, indent + 4) == 0)
+        goto err;
+    rv = 1;
+    err:
+    OPENSSL_clear_free(buf, buflen);
+    return rv;
 }
diff --git a/freebsd/crypto/openssl/crypto/asn1/t_req.c b/freebsd/crypto/openssl/crypto/asn1/t_req.c
deleted file mode 100644
index 86c9c02b..00000000
--- a/freebsd/crypto/openssl/crypto/asn1/t_req.c
+++ /dev/null
@@ -1,257 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/asn1/t_req.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/bn.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#ifndef OPENSSL_NO_RSA
-# include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-# include <openssl/dsa.h>
-#endif
-
-#ifndef OPENSSL_NO_FP_API
-int X509_REQ_print_fp(FILE *fp, X509_REQ *x)
-{
-    BIO *b;
-    int ret;
-
-    if ((b = BIO_new(BIO_s_file())) == NULL) {
-        X509err(X509_F_X509_REQ_PRINT_FP, ERR_R_BUF_LIB);
-        return (0);
-    }
-    BIO_set_fp(b, fp, BIO_NOCLOSE);
-    ret = X509_REQ_print(b, x);
-    BIO_free(b);
-    return (ret);
-}
-#endif
-
-int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags,
-                      unsigned long cflag)
-{
-    unsigned long l;
-    int i;
-    const char *neg;
-    X509_REQ_INFO *ri;
-    EVP_PKEY *pkey;
-    STACK_OF(X509_ATTRIBUTE) *sk;
-    STACK_OF(X509_EXTENSION) *exts;
-    char mlch = ' ';
-    int nmindent = 0;
-
-    if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
-        mlch = '\n';
-        nmindent = 12;
-    }
-
-    if (nmflags == X509_FLAG_COMPAT)
-        nmindent = 16;
-
-    ri = x->req_info;
-    if (!(cflag & X509_FLAG_NO_HEADER)) {
-        if (BIO_write(bp, "Certificate Request:\n", 21) <= 0)
-            goto err;
-        if (BIO_write(bp, "    Data:\n", 10) <= 0)
-            goto err;
-    }
-    if (!(cflag & X509_FLAG_NO_VERSION)) {
-        neg = (ri->version->type == V_ASN1_NEG_INTEGER) ? "-" : "";
-        l = 0;
-        for (i = 0; i < ri->version->length; i++) {
-            l <<= 8;
-            l += ri->version->data[i];
-        }
-        if (BIO_printf(bp, "%8sVersion: %s%lu (%s0x%lx)\n", "", neg, l, neg,
-                       l) <= 0)
-            goto err;
-    }
-    if (!(cflag & X509_FLAG_NO_SUBJECT)) {
-        if (BIO_printf(bp, "        Subject:%c", mlch) <= 0)
-            goto err;
-        if (X509_NAME_print_ex(bp, ri->subject, nmindent, nmflags) < 0)
-            goto err;
-        if (BIO_write(bp, "\n", 1) <= 0)
-            goto err;
-    }
-    if (!(cflag & X509_FLAG_NO_PUBKEY)) {
-        if (BIO_write(bp, "        Subject Public Key Info:\n", 33) <= 0)
-            goto err;
-        if (BIO_printf(bp, "%12sPublic Key Algorithm: ", "") <= 0)
-            goto err;
-        if (i2a_ASN1_OBJECT(bp, ri->pubkey->algor->algorithm) <= 0)
-            goto err;
-        if (BIO_puts(bp, "\n") <= 0)
-            goto err;
-
-        pkey = X509_REQ_get_pubkey(x);
-        if (pkey == NULL) {
-            BIO_printf(bp, "%12sUnable to load Public Key\n", "");
-            ERR_print_errors(bp);
-        } else {
-            EVP_PKEY_print_public(bp, pkey, 16, NULL);
-            EVP_PKEY_free(pkey);
-        }
-    }
-
-    if (!(cflag & X509_FLAG_NO_ATTRIBUTES)) {
-        /* may not be */
-        if (BIO_printf(bp, "%8sAttributes:\n", "") <= 0)
-            goto err;
-
-        sk = x->req_info->attributes;
-        if (sk_X509_ATTRIBUTE_num(sk) == 0) {
-            if (BIO_printf(bp, "%12sa0:00\n", "") <= 0)
-                goto err;
-        } else {
-            for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
-                ASN1_TYPE *at;
-                X509_ATTRIBUTE *a;
-                ASN1_BIT_STRING *bs = NULL;
-                ASN1_TYPE *t;
-                int j, type = 0, count = 1, ii = 0;
-
-                a = sk_X509_ATTRIBUTE_value(sk, i);
-                if (X509_REQ_extension_nid(OBJ_obj2nid(a->object)))
-                    continue;
-                if (BIO_printf(bp, "%12s", "") <= 0)
-                    goto err;
-                if ((j = i2a_ASN1_OBJECT(bp, a->object)) > 0) {
-                    if (a->single) {
-                        t = a->value.single;
-                        type = t->type;
-                        bs = t->value.bit_string;
-                    } else {
-                        ii = 0;
-                        count = sk_ASN1_TYPE_num(a->value.set);
- get_next:
-                        at = sk_ASN1_TYPE_value(a->value.set, ii);
-                        type = at->type;
-                        bs = at->value.asn1_string;
-                    }
-                }
-                for (j = 25 - j; j > 0; j--)
-                    if (BIO_write(bp, " ", 1) != 1)
-                        goto err;
-                if (BIO_puts(bp, ":") <= 0)
-                    goto err;
-                if ((type == V_ASN1_PRINTABLESTRING) ||
-                    (type == V_ASN1_UTF8STRING) ||
-                    (type == V_ASN1_T61STRING) ||
-                    (type == V_ASN1_IA5STRING)) {
-                    if (BIO_write(bp, (char *)bs->data, bs->length)
-                        != bs->length)
-                        goto err;
-                    BIO_puts(bp, "\n");
-                } else {
-                    BIO_puts(bp, "unable to print attribute\n");
-                }
-                if (++ii < count)
-                    goto get_next;
-            }
-        }
-    }
-    if (!(cflag & X509_FLAG_NO_EXTENSIONS)) {
-        exts = X509_REQ_get_extensions(x);
-        if (exts) {
-            BIO_printf(bp, "%8sRequested Extensions:\n", "");
-            for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
-                ASN1_OBJECT *obj;
-                X509_EXTENSION *ex;
-                int j;
-                ex = sk_X509_EXTENSION_value(exts, i);
-                if (BIO_printf(bp, "%12s", "") <= 0)
-                    goto err;
-                obj = X509_EXTENSION_get_object(ex);
-                i2a_ASN1_OBJECT(bp, obj);
-                j = X509_EXTENSION_get_critical(ex);
-                if (BIO_printf(bp, ": %s\n", j ? "critical" : "") <= 0)
-                    goto err;
-                if (!X509V3_EXT_print(bp, ex, cflag, 16)) {
-                    BIO_printf(bp, "%16s", "");
-                    M_ASN1_OCTET_STRING_print(bp, ex->value);
-                }
-                if (BIO_write(bp, "\n", 1) <= 0)
-                    goto err;
-            }
-            sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
-        }
-    }
-
-    if (!(cflag & X509_FLAG_NO_SIGDUMP)) {
-        if (!X509_signature_print(bp, x->sig_alg, x->signature))
-            goto err;
-    }
-
-    return (1);
- err:
-    X509err(X509_F_X509_REQ_PRINT_EX, ERR_R_BUF_LIB);
-    return (0);
-}
-
-int X509_REQ_print(BIO *bp, X509_REQ *x)
-{
-    return X509_REQ_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
-}
diff --git a/freebsd/crypto/openssl/crypto/asn1/t_spki.c b/freebsd/crypto/openssl/crypto/asn1/t_spki.c
index d5f66e48..2a347b45 100644
--- a/freebsd/crypto/openssl/crypto/asn1/t_spki.c
+++ b/freebsd/crypto/openssl/crypto/asn1/t_spki.c
@@ -1,74 +1,20 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* t_spki.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/x509.h>
 #include <openssl/asn1.h>
-#ifndef OPENSSL_NO_RSA
-# include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-# include <openssl/dsa.h>
-#endif
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
 #include <openssl/bn.h>
 
 /* Print out an SPKI */
@@ -77,10 +23,12 @@ int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki)
 {
     EVP_PKEY *pkey;
     ASN1_IA5STRING *chal;
+    ASN1_OBJECT *spkioid;
     int i, n;
     char *s;
     BIO_printf(out, "Netscape SPKI:\n");
-    i = OBJ_obj2nid(spki->spkac->pubkey->algor->algorithm);
+    X509_PUBKEY_get0_param(&spkioid, NULL, NULL, NULL, spki->spkac->pubkey);
+    i = OBJ_obj2nid(spkioid);
     BIO_printf(out, "  Public Key Algorithm: %s\n",
                (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i));
     pkey = X509_PUBKEY_get(spki->spkac->pubkey);
@@ -93,7 +41,7 @@ int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki)
     chal = spki->spkac->challenge;
     if (chal->length)
         BIO_printf(out, "  Challenge String: %s\n", chal->data);
-    i = OBJ_obj2nid(spki->sig_algor->algorithm);
+    i = OBJ_obj2nid(spki->sig_algor.algorithm);
     BIO_printf(out, "  Signature Algorithm: %s",
                (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i));
 
diff --git a/freebsd/crypto/openssl/crypto/asn1/t_x509.c b/freebsd/crypto/openssl/crypto/asn1/t_x509.c
deleted file mode 100644
index 5f8859fa..00000000
--- a/freebsd/crypto/openssl/crypto/asn1/t_x509.c
+++ /dev/null
@@ -1,558 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/asn1/t_x509.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_RSA
-# include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-# include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_EC
-# include <openssl/ec.h>
-#endif
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include "asn1_locl.h"
-
-#ifndef OPENSSL_NO_FP_API
-int X509_print_fp(FILE *fp, X509 *x)
-{
-    return X509_print_ex_fp(fp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
-}
-
-int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag,
-                     unsigned long cflag)
-{
-    BIO *b;
-    int ret;
-
-    if ((b = BIO_new(BIO_s_file())) == NULL) {
-        X509err(X509_F_X509_PRINT_EX_FP, ERR_R_BUF_LIB);
-        return (0);
-    }
-    BIO_set_fp(b, fp, BIO_NOCLOSE);
-    ret = X509_print_ex(b, x, nmflag, cflag);
-    BIO_free(b);
-    return (ret);
-}
-#endif
-
-int X509_print(BIO *bp, X509 *x)
-{
-    return X509_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
-}
-
-int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,
-                  unsigned long cflag)
-{
-    long l;
-    int ret = 0, i;
-    char *m = NULL, mlch = ' ';
-    int nmindent = 0;
-    X509_CINF *ci;
-    ASN1_INTEGER *bs;
-    EVP_PKEY *pkey = NULL;
-    const char *neg;
-
-    if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
-        mlch = '\n';
-        nmindent = 12;
-    }
-
-    if (nmflags == X509_FLAG_COMPAT)
-        nmindent = 16;
-
-    ci = x->cert_info;
-    if (!(cflag & X509_FLAG_NO_HEADER)) {
-        if (BIO_write(bp, "Certificate:\n", 13) <= 0)
-            goto err;
-        if (BIO_write(bp, "    Data:\n", 10) <= 0)
-            goto err;
-    }
-    if (!(cflag & X509_FLAG_NO_VERSION)) {
-        l = X509_get_version(x);
-        if (BIO_printf(bp, "%8sVersion: %lu (0x%lx)\n", "", l + 1, l) <= 0)
-            goto err;
-    }
-    if (!(cflag & X509_FLAG_NO_SERIAL)) {
-
-        if (BIO_write(bp, "        Serial Number:", 22) <= 0)
-            goto err;
-
-        bs = X509_get_serialNumber(x);
-        if (bs->length < (int)sizeof(long)
-            || (bs->length == sizeof(long) && (bs->data[0] & 0x80) == 0)) {
-            l = ASN1_INTEGER_get(bs);
-            if (bs->type == V_ASN1_NEG_INTEGER) {
-                l = -l;
-                neg = "-";
-            } else
-                neg = "";
-            if (BIO_printf(bp, " %s%lu (%s0x%lx)\n", neg, l, neg, l) <= 0)
-                goto err;
-        } else {
-            neg = (bs->type == V_ASN1_NEG_INTEGER) ? " (Negative)" : "";
-            if (BIO_printf(bp, "\n%12s%s", "", neg) <= 0)
-                goto err;
-
-            for (i = 0; i < bs->length; i++) {
-                if (BIO_printf(bp, "%02x%c", bs->data[i],
-                               ((i + 1 == bs->length) ? '\n' : ':')) <= 0)
-                    goto err;
-            }
-        }
-
-    }
-
-    if (!(cflag & X509_FLAG_NO_SIGNAME)) {
-        if (X509_signature_print(bp, ci->signature, NULL) <= 0)
-            goto err;
-#if 0
-        if (BIO_printf(bp, "%8sSignature Algorithm: ", "") <= 0)
-            goto err;
-        if (i2a_ASN1_OBJECT(bp, ci->signature->algorithm) <= 0)
-            goto err;
-        if (BIO_puts(bp, "\n") <= 0)
-            goto err;
-#endif
-    }
-
-    if (!(cflag & X509_FLAG_NO_ISSUER)) {
-        if (BIO_printf(bp, "        Issuer:%c", mlch) <= 0)
-            goto err;
-        if (X509_NAME_print_ex(bp, X509_get_issuer_name(x), nmindent, nmflags)
-            < 0)
-            goto err;
-        if (BIO_write(bp, "\n", 1) <= 0)
-            goto err;
-    }
-    if (!(cflag & X509_FLAG_NO_VALIDITY)) {
-        if (BIO_write(bp, "        Validity\n", 17) <= 0)
-            goto err;
-        if (BIO_write(bp, "            Not Before: ", 24) <= 0)
-            goto err;
-        if (!ASN1_TIME_print(bp, X509_get_notBefore(x)))
-            goto err;
-        if (BIO_write(bp, "\n            Not After : ", 25) <= 0)
-            goto err;
-        if (!ASN1_TIME_print(bp, X509_get_notAfter(x)))
-            goto err;
-        if (BIO_write(bp, "\n", 1) <= 0)
-            goto err;
-    }
-    if (!(cflag & X509_FLAG_NO_SUBJECT)) {
-        if (BIO_printf(bp, "        Subject:%c", mlch) <= 0)
-            goto err;
-        if (X509_NAME_print_ex
-            (bp, X509_get_subject_name(x), nmindent, nmflags) < 0)
-            goto err;
-        if (BIO_write(bp, "\n", 1) <= 0)
-            goto err;
-    }
-    if (!(cflag & X509_FLAG_NO_PUBKEY)) {
-        if (BIO_write(bp, "        Subject Public Key Info:\n", 33) <= 0)
-            goto err;
-        if (BIO_printf(bp, "%12sPublic Key Algorithm: ", "") <= 0)
-            goto err;
-        if (i2a_ASN1_OBJECT(bp, ci->key->algor->algorithm) <= 0)
-            goto err;
-        if (BIO_puts(bp, "\n") <= 0)
-            goto err;
-
-        pkey = X509_get_pubkey(x);
-        if (pkey == NULL) {
-            BIO_printf(bp, "%12sUnable to load Public Key\n", "");
-            ERR_print_errors(bp);
-        } else {
-            EVP_PKEY_print_public(bp, pkey, 16, NULL);
-            EVP_PKEY_free(pkey);
-        }
-    }
-
-    if (!(cflag & X509_FLAG_NO_IDS)) {
-        if (ci->issuerUID) {
-            if (BIO_printf(bp, "%8sIssuer Unique ID: ", "") <= 0)
-                goto err;
-            if (!X509_signature_dump(bp, ci->issuerUID, 12))
-                goto err;
-        }
-        if (ci->subjectUID) {
-            if (BIO_printf(bp, "%8sSubject Unique ID: ", "") <= 0)
-                goto err;
-            if (!X509_signature_dump(bp, ci->subjectUID, 12))
-                goto err;
-        }
-    }
-
-    if (!(cflag & X509_FLAG_NO_EXTENSIONS))
-        X509V3_extensions_print(bp, "X509v3 extensions",
-                                ci->extensions, cflag, 8);
-
-    if (!(cflag & X509_FLAG_NO_SIGDUMP)) {
-        if (X509_signature_print(bp, x->sig_alg, x->signature) <= 0)
-            goto err;
-    }
-    if (!(cflag & X509_FLAG_NO_AUX)) {
-        if (!X509_CERT_AUX_print(bp, x->aux, 0))
-            goto err;
-    }
-    ret = 1;
- err:
-    if (m != NULL)
-        OPENSSL_free(m);
-    return (ret);
-}
-
-int X509_ocspid_print(BIO *bp, X509 *x)
-{
-    unsigned char *der = NULL;
-    unsigned char *dertmp;
-    int derlen;
-    int i;
-    unsigned char SHA1md[SHA_DIGEST_LENGTH];
-
-    /*
-     * display the hash of the subject as it would appear in OCSP requests
-     */
-    if (BIO_printf(bp, "        Subject OCSP hash: ") <= 0)
-        goto err;
-    derlen = i2d_X509_NAME(x->cert_info->subject, NULL);
-    if ((der = dertmp = (unsigned char *)OPENSSL_malloc(derlen)) == NULL)
-        goto err;
-    i2d_X509_NAME(x->cert_info->subject, &dertmp);
-
-    if (!EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL))
-        goto err;
-    for (i = 0; i < SHA_DIGEST_LENGTH; i++) {
-        if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0)
-            goto err;
-    }
-    OPENSSL_free(der);
-    der = NULL;
-
-    /*
-     * display the hash of the public key as it would appear in OCSP requests
-     */
-    if (BIO_printf(bp, "\n        Public key OCSP hash: ") <= 0)
-        goto err;
-
-    if (!EVP_Digest(x->cert_info->key->public_key->data,
-                    x->cert_info->key->public_key->length,
-                    SHA1md, NULL, EVP_sha1(), NULL))
-        goto err;
-    for (i = 0; i < SHA_DIGEST_LENGTH; i++) {
-        if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0)
-            goto err;
-    }
-    BIO_printf(bp, "\n");
-
-    return (1);
- err:
-    if (der != NULL)
-        OPENSSL_free(der);
-    return (0);
-}
-
-int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent)
-{
-    const unsigned char *s;
-    int i, n;
-
-    n = sig->length;
-    s = sig->data;
-    for (i = 0; i < n; i++) {
-        if ((i % 18) == 0) {
-            if (BIO_write(bp, "\n", 1) <= 0)
-                return 0;
-            if (BIO_indent(bp, indent, indent) <= 0)
-                return 0;
-        }
-        if (BIO_printf(bp, "%02x%s", s[i], ((i + 1) == n) ? "" : ":") <= 0)
-            return 0;
-    }
-    if (BIO_write(bp, "\n", 1) != 1)
-        return 0;
-
-    return 1;
-}
-
-int X509_signature_print(BIO *bp, X509_ALGOR *sigalg, ASN1_STRING *sig)
-{
-    int sig_nid;
-    if (BIO_puts(bp, "    Signature Algorithm: ") <= 0)
-        return 0;
-    if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0)
-        return 0;
-
-    sig_nid = OBJ_obj2nid(sigalg->algorithm);
-    if (sig_nid != NID_undef) {
-        int pkey_nid, dig_nid;
-        const EVP_PKEY_ASN1_METHOD *ameth;
-        if (OBJ_find_sigid_algs(sig_nid, &dig_nid, &pkey_nid)) {
-            ameth = EVP_PKEY_asn1_find(NULL, pkey_nid);
-            if (ameth && ameth->sig_print)
-                return ameth->sig_print(bp, sigalg, sig, 9, 0);
-        }
-    }
-    if (sig)
-        return X509_signature_dump(bp, sig, 9);
-    else if (BIO_puts(bp, "\n") <= 0)
-        return 0;
-    return 1;
-}
-
-int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v)
-{
-    int i, n;
-    char buf[80];
-    const char *p;
-
-    if (v == NULL)
-        return (0);
-    n = 0;
-    p = (const char *)v->data;
-    for (i = 0; i < v->length; i++) {
-        if ((p[i] > '~') || ((p[i] < ' ') &&
-                             (p[i] != '\n') && (p[i] != '\r')))
-            buf[n] = '.';
-        else
-            buf[n] = p[i];
-        n++;
-        if (n >= 80) {
-            if (BIO_write(bp, buf, n) <= 0)
-                return (0);
-            n = 0;
-        }
-    }
-    if (n > 0)
-        if (BIO_write(bp, buf, n) <= 0)
-            return (0);
-    return (1);
-}
-
-int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm)
-{
-    if (tm->type == V_ASN1_UTCTIME)
-        return ASN1_UTCTIME_print(bp, tm);
-    if (tm->type == V_ASN1_GENERALIZEDTIME)
-        return ASN1_GENERALIZEDTIME_print(bp, tm);
-    BIO_write(bp, "Bad time value", 14);
-    return (0);
-}
-
-static const char *mon[12] = {
-    "Jan", "Feb", "Mar", "Apr", "May", "Jun",
-    "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
-};
-
-int ASN1_GENERALIZEDTIME_print(BIO *bp, const ASN1_GENERALIZEDTIME *tm)
-{
-    char *v;
-    int gmt = 0;
-    int i;
-    int y = 0, M = 0, d = 0, h = 0, m = 0, s = 0;
-    char *f = NULL;
-    int f_len = 0;
-
-    i = tm->length;
-    v = (char *)tm->data;
-
-    if (i < 12)
-        goto err;
-    if (v[i - 1] == 'Z')
-        gmt = 1;
-    for (i = 0; i < 12; i++)
-        if ((v[i] > '9') || (v[i] < '0'))
-            goto err;
-    y = (v[0] - '0') * 1000 + (v[1] - '0') * 100
-        + (v[2] - '0') * 10 + (v[3] - '0');
-    M = (v[4] - '0') * 10 + (v[5] - '0');
-    if ((M > 12) || (M < 1))
-        goto err;
-    d = (v[6] - '0') * 10 + (v[7] - '0');
-    h = (v[8] - '0') * 10 + (v[9] - '0');
-    m = (v[10] - '0') * 10 + (v[11] - '0');
-    if (tm->length >= 14 &&
-        (v[12] >= '0') && (v[12] <= '9') &&
-        (v[13] >= '0') && (v[13] <= '9')) {
-        s = (v[12] - '0') * 10 + (v[13] - '0');
-        /* Check for fractions of seconds. */
-        if (tm->length >= 15 && v[14] == '.') {
-            int l = tm->length;
-            f = &v[14];         /* The decimal point. */
-            f_len = 1;
-            while (14 + f_len < l && f[f_len] >= '0' && f[f_len] <= '9')
-                ++f_len;
-        }
-    }
-
-    if (BIO_printf(bp, "%s %2d %02d:%02d:%02d%.*s %d%s",
-                   mon[M - 1], d, h, m, s, f_len, f, y,
-                   (gmt) ? " GMT" : "") <= 0)
-        return (0);
-    else
-        return (1);
- err:
-    BIO_write(bp, "Bad time value", 14);
-    return (0);
-}
-
-int ASN1_UTCTIME_print(BIO *bp, const ASN1_UTCTIME *tm)
-{
-    const char *v;
-    int gmt = 0;
-    int i;
-    int y = 0, M = 0, d = 0, h = 0, m = 0, s = 0;
-
-    i = tm->length;
-    v = (const char *)tm->data;
-
-    if (i < 10)
-        goto err;
-    if (v[i - 1] == 'Z')
-        gmt = 1;
-    for (i = 0; i < 10; i++)
-        if ((v[i] > '9') || (v[i] < '0'))
-            goto err;
-    y = (v[0] - '0') * 10 + (v[1] - '0');
-    if (y < 50)
-        y += 100;
-    M = (v[2] - '0') * 10 + (v[3] - '0');
-    if ((M > 12) || (M < 1))
-        goto err;
-    d = (v[4] - '0') * 10 + (v[5] - '0');
-    h = (v[6] - '0') * 10 + (v[7] - '0');
-    m = (v[8] - '0') * 10 + (v[9] - '0');
-    if (tm->length >= 12 &&
-        (v[10] >= '0') && (v[10] <= '9') && (v[11] >= '0') && (v[11] <= '9'))
-        s = (v[10] - '0') * 10 + (v[11] - '0');
-
-    if (BIO_printf(bp, "%s %2d %02d:%02d:%02d %d%s",
-                   mon[M - 1], d, h, m, s, y + 1900,
-                   (gmt) ? " GMT" : "") <= 0)
-        return (0);
-    else
-        return (1);
- err:
-    BIO_write(bp, "Bad time value", 14);
-    return (0);
-}
-
-int X509_NAME_print(BIO *bp, X509_NAME *name, int obase)
-{
-    char *s, *c, *b;
-    int ret = 0, l, i;
-
-    l = 80 - 2 - obase;
-
-    b = X509_NAME_oneline(name, NULL, 0);
-    if (!b)
-        return 0;
-    if (!*b) {
-        OPENSSL_free(b);
-        return 1;
-    }
-    s = b + 1;                  /* skip the first slash */
-
-    c = s;
-    for (;;) {
-#ifndef CHARSET_EBCDIC
-        if (((*s == '/') &&
-             ((s[1] >= 'A') && (s[1] <= 'Z') && ((s[2] == '=') ||
-                                                 ((s[2] >= 'A')
-                                                  && (s[2] <= 'Z')
-                                                  && (s[3] == '='))
-              ))) || (*s == '\0'))
-#else
-        if (((*s == '/') &&
-             (isupper(s[1]) && ((s[2] == '=') ||
-                                (isupper(s[2]) && (s[3] == '='))
-              ))) || (*s == '\0'))
-#endif
-        {
-            i = s - c;
-            if (BIO_write(bp, c, i) != i)
-                goto err;
-            c = s + 1;          /* skip following slash */
-            if (*s != '\0') {
-                if (BIO_write(bp, ", ", 2) != 2)
-                    goto err;
-            }
-            l--;
-        }
-        if (*s == '\0')
-            break;
-        s++;
-        l--;
-    }
-
-    ret = 1;
-    if (0) {
- err:
-        X509err(X509_F_X509_NAME_PRINT, ERR_R_BUF_LIB);
-    }
-    OPENSSL_free(b);
-    return (ret);
-}
diff --git a/freebsd/crypto/openssl/crypto/asn1/t_x509a.c b/freebsd/crypto/openssl/crypto/asn1/t_x509a.c
deleted file mode 100644
index 5fce1cb2..00000000
--- a/freebsd/crypto/openssl/crypto/asn1/t_x509a.c
+++ /dev/null
@@ -1,117 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* t_x509a.c */
-/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/asn1.h>
-#include <openssl/x509.h>
-
-/*
- * X509_CERT_AUX and string set routines
- */
-
-int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent)
-{
-    char oidstr[80], first;
-    int i;
-    if (!aux)
-        return 1;
-    if (aux->trust) {
-        first = 1;
-        BIO_printf(out, "%*sTrusted Uses:\n%*s", indent, "", indent + 2, "");
-        for (i = 0; i < sk_ASN1_OBJECT_num(aux->trust); i++) {
-            if (!first)
-                BIO_puts(out, ", ");
-            else
-                first = 0;
-            OBJ_obj2txt(oidstr, sizeof(oidstr),
-                        sk_ASN1_OBJECT_value(aux->trust, i), 0);
-            BIO_puts(out, oidstr);
-        }
-        BIO_puts(out, "\n");
-    } else
-        BIO_printf(out, "%*sNo Trusted Uses.\n", indent, "");
-    if (aux->reject) {
-        first = 1;
-        BIO_printf(out, "%*sRejected Uses:\n%*s", indent, "", indent + 2, "");
-        for (i = 0; i < sk_ASN1_OBJECT_num(aux->reject); i++) {
-            if (!first)
-                BIO_puts(out, ", ");
-            else
-                first = 0;
-            OBJ_obj2txt(oidstr, sizeof(oidstr),
-                        sk_ASN1_OBJECT_value(aux->reject, i), 0);
-            BIO_puts(out, oidstr);
-        }
-        BIO_puts(out, "\n");
-    } else
-        BIO_printf(out, "%*sNo Rejected Uses.\n", indent, "");
-    if (aux->alias)
-        BIO_printf(out, "%*sAlias: %s\n", indent, "", aux->alias->data);
-    if (aux->keyid) {
-        BIO_printf(out, "%*sKey Id: ", indent, "");
-        for (i = 0; i < aux->keyid->length; i++)
-            BIO_printf(out, "%s%02X", i ? ":" : "", aux->keyid->data[i]);
-        BIO_write(out, "\n", 1);
-    }
-    return 1;
-}
diff --git a/freebsd/crypto/openssl/crypto/asn1/tasn_dec.c b/freebsd/crypto/openssl/crypto/asn1/tasn_dec.c
index d9db75e3..3ebdec46 100644
--- a/freebsd/crypto/openssl/crypto/asn1/tasn_dec.c
+++ b/freebsd/crypto/openssl/crypto/asn1/tasn_dec.c
@@ -1,62 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* tasn_dec.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000-2018 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stddef.h>
@@ -66,6 +16,9 @@
 #include <openssl/objects.h>
 #include <openssl/buffer.h>
 #include <openssl/err.h>
+#include "internal/numbers.h"
+#include "asn1_locl.h"
+
 
 /*
  * Constructed types with a recursive definition (such as can be found in PKCS7)
@@ -75,6 +28,11 @@
  */
 #define ASN1_MAX_CONSTRUCTED_NEST 30
 
+static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
+                               long len, const ASN1_ITEM *it,
+                               int tag, int aclass, char opt, ASN1_TLC *ctx,
+                               int depth);
+
 static int asn1_check_eoc(const unsigned char **in, long len);
 static int asn1_find_end(const unsigned char **in, long len, char inf);
 
@@ -101,6 +59,8 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
                                  const ASN1_ITEM *it,
                                  int tag, int aclass, char opt,
                                  ASN1_TLC *ctx);
+static int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+                       int utype, char *free_cont, const ASN1_ITEM *it);
 
 /* Table to convert tags to bit values, used for MSTRING type */
 static const unsigned long tag2bit[32] = {
@@ -158,39 +118,39 @@ ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval,
     return NULL;
 }
 
-int ASN1_template_d2i(ASN1_VALUE **pval,
-                      const unsigned char **in, long len,
-                      const ASN1_TEMPLATE *tt)
+int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
+                     const ASN1_ITEM *it,
+                     int tag, int aclass, char opt, ASN1_TLC *ctx)
 {
-    ASN1_TLC c;
-    asn1_tlc_clear_nc(&c);
-    return asn1_template_ex_d2i(pval, in, len, tt, 0, &c, 0);
+    int rv;
+    rv = asn1_item_embed_d2i(pval, in, len, it, tag, aclass, opt, ctx, 0);
+    if (rv <= 0)
+        ASN1_item_ex_free(pval, it);
+    return rv;
 }
 
 /*
  * Decode an item, taking care of IMPLICIT tagging, if any. If 'opt' set and
  * tag mismatch return -1 to handle OPTIONAL
  */
-static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in,
-                            long len, const ASN1_ITEM *it, int tag, int aclass,
-                            char opt, ASN1_TLC *ctx, int depth)
+
+static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
+                               long len, const ASN1_ITEM *it,
+                               int tag, int aclass, char opt, ASN1_TLC *ctx,
+                               int depth)
 {
     const ASN1_TEMPLATE *tt, *errtt = NULL;
-    const ASN1_COMPAT_FUNCS *cf;
     const ASN1_EXTERN_FUNCS *ef;
     const ASN1_AUX *aux = it->funcs;
     ASN1_aux_cb *asn1_cb;
     const unsigned char *p = NULL, *q;
-    unsigned char *wp = NULL;   /* BIG FAT WARNING! BREAKS CONST WHERE USED */
-    unsigned char imphack = 0, oclass;
+    unsigned char oclass;
     char seq_eoc, seq_nolen, cst, isopt;
     long tmplen;
     int i;
     int otag;
     int ret = 0;
-    ASN1_VALUE **pchptr, *ptmpval;
-    int combine = aclass & ASN1_TFLG_COMBINE;
-    aclass &= ~ASN1_TFLG_COMBINE;
+    ASN1_VALUE **pchptr;
     if (!pval)
         return 0;
     if (aux && aux->asn1_cb)
@@ -199,7 +159,7 @@ static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in,
         asn1_cb = 0;
 
     if (++depth > ASN1_MAX_CONSTRUCTED_NEST) {
-        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_NESTED_TOO_DEEP);
+        ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_NESTED_TOO_DEEP);
         goto err;
     }
 
@@ -213,7 +173,7 @@ static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in,
              * template in the template itself.
              */
             if ((tag != -1) || opt) {
-                ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
+                ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I,
                         ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE);
                 goto err;
             }
@@ -222,7 +182,6 @@ static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in,
         }
         return asn1_d2i_ex_primitive(pval, in, len, it,
                                      tag, aclass, opt, ctx);
-        break;
 
     case ASN1_ITYPE_MSTRING:
         p = *in;
@@ -230,7 +189,7 @@ static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in,
         ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL,
                               &p, len, -1, 0, 1, ctx);
         if (!ret) {
-            ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+            ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ERR_R_NESTED_ASN1_ERROR);
             goto err;
         }
 
@@ -239,7 +198,7 @@ static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in,
             /* If OPTIONAL, assume this is OK */
             if (opt)
                 return -1;
-            ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MSTRING_NOT_UNIVERSAL);
+            ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_MSTRING_NOT_UNIVERSAL);
             goto err;
         }
         /* Check tag matches bit map */
@@ -247,7 +206,7 @@ static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in,
             /* If OPTIONAL, assume this is OK */
             if (opt)
                 return -1;
-            ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MSTRING_WRONG_TAG);
+            ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_MSTRING_WRONG_TAG);
             goto err;
         }
         return asn1_d2i_ex_primitive(pval, in, len, it, otag, 0, 0, ctx);
@@ -257,66 +216,6 @@ static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in,
         ef = it->funcs;
         return ef->asn1_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx);
 
-    case ASN1_ITYPE_COMPAT:
-        /* we must resort to old style evil hackery */
-        cf = it->funcs;
-
-        /* If OPTIONAL see if it is there */
-        if (opt) {
-            int exptag;
-            p = *in;
-            if (tag == -1)
-                exptag = it->utype;
-            else
-                exptag = tag;
-            /*
-             * Don't care about anything other than presence of expected tag
-             */
-
-            ret = asn1_check_tlen(NULL, NULL, NULL, NULL, NULL,
-                                  &p, len, exptag, aclass, 1, ctx);
-            if (!ret) {
-                ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
-                goto err;
-            }
-            if (ret == -1)
-                return -1;
-        }
-
-        /*
-         * This is the old style evil hack IMPLICIT handling: since the
-         * underlying code is expecting a tag and class other than the one
-         * present we change the buffer temporarily then change it back
-         * afterwards. This doesn't and never did work for tags > 30. Yes
-         * this is *horrible* but it is only needed for old style d2i which
-         * will hopefully not be around for much longer. FIXME: should copy
-         * the buffer then modify it so the input buffer can be const: we
-         * should *always* copy because the old style d2i might modify the
-         * buffer.
-         */
-
-        if (tag != -1) {
-            wp = *(unsigned char **)in;
-            imphack = *wp;
-            if (p == NULL) {
-                ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
-                goto err;
-            }
-            *wp = (unsigned char)((*p & V_ASN1_CONSTRUCTED)
-                                  | it->utype);
-        }
-
-        ptmpval = cf->asn1_d2i(pval, in, len);
-
-        if (tag != -1)
-            *wp = imphack;
-
-        if (ptmpval)
-            return 1;
-
-        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
-        goto err;
-
     case ASN1_ITYPE_CHOICE:
         if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
             goto auxerr;
@@ -326,11 +225,11 @@ static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in,
             if ((i >= 0) && (i < it->tcount)) {
                 tt = it->templates + i;
                 pchptr = asn1_get_field_ptr(pval, tt);
-                ASN1_template_free(pchptr, tt);
+                asn1_template_free(pchptr, tt);
                 asn1_set_choice_selector(pval, -1, it);
             }
         } else if (!ASN1_item_ex_new(pval, it)) {
-            ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+            ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ERR_R_NESTED_ASN1_ERROR);
             goto err;
         }
         /* CHOICE type, try each possibility in turn */
@@ -347,9 +246,13 @@ static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in,
             /* If positive return, read OK, break loop */
             if (ret > 0)
                 break;
-            /* Otherwise must be an ASN1 parsing error */
+            /*
+             * Must be an ASN1 parsing error.
+             * Free up any partial choice value
+             */
+            asn1_template_free(pchptr, tt);
             errtt = tt;
-            ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+            ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ERR_R_NESTED_ASN1_ERROR);
             goto err;
         }
 
@@ -361,11 +264,12 @@ static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in,
                 ASN1_item_ex_free(pval, it);
                 return -1;
             }
-            ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_NO_MATCHING_CHOICE_TYPE);
+            ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_NO_MATCHING_CHOICE_TYPE);
             goto err;
         }
 
         asn1_set_choice_selector(pval, i, it);
+
         if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL))
             goto auxerr;
         *in = p;
@@ -385,7 +289,7 @@ static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in,
         ret = asn1_check_tlen(&len, NULL, NULL, &seq_eoc, &cst,
                               &p, len, tag, aclass, opt, ctx);
         if (!ret) {
-            ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+            ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ERR_R_NESTED_ASN1_ERROR);
             goto err;
         } else if (ret == -1)
             return -1;
@@ -397,12 +301,12 @@ static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in,
         else
             seq_nolen = seq_eoc;
         if (!cst) {
-            ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_SEQUENCE_NOT_CONSTRUCTED);
+            ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_SEQUENCE_NOT_CONSTRUCTED);
             goto err;
         }
 
         if (!*pval && !ASN1_item_ex_new(pval, it)) {
-            ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+            ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ERR_R_NESTED_ASN1_ERROR);
             goto err;
         }
 
@@ -418,7 +322,7 @@ static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in,
                 if (seqtt == NULL)
                     continue;
                 pseqval = asn1_get_field_ptr(pval, seqtt);
-                ASN1_template_free(pseqval, seqtt);
+                asn1_template_free(pseqval, seqtt);
             }
         }
 
@@ -436,7 +340,7 @@ static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in,
             q = p;
             if (asn1_check_eoc(&p, len)) {
                 if (!seq_eoc) {
-                    ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_UNEXPECTED_EOC);
+                    ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_UNEXPECTED_EOC);
                     goto err;
                 }
                 len -= p - q;
@@ -467,7 +371,7 @@ static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in,
                 /*
                  * OPTIONAL component absent. Free and zero the field.
                  */
-                ASN1_template_free(pseqval, seqtt);
+                asn1_template_free(pseqval, seqtt);
                 continue;
             }
             /* Update length */
@@ -476,12 +380,12 @@ static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in,
 
         /* Check for EOC if expecting one */
         if (seq_eoc && !asn1_check_eoc(&p, len)) {
-            ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MISSING_EOC);
+            ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_MISSING_EOC);
             goto err;
         }
         /* Check all data read */
         if (!seq_nolen && len) {
-            ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_SEQUENCE_LENGTH_MISMATCH);
+            ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_SEQUENCE_LENGTH_MISMATCH);
             goto err;
         }
 
@@ -498,10 +402,10 @@ static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in,
             if (seqtt->flags & ASN1_TFLG_OPTIONAL) {
                 ASN1_VALUE **pseqval;
                 pseqval = asn1_get_field_ptr(pval, seqtt);
-                ASN1_template_free(pseqval, seqtt);
+                asn1_template_free(pseqval, seqtt);
             } else {
                 errtt = seqtt;
-                ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_FIELD_MISSING);
+                ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_FIELD_MISSING);
                 goto err;
             }
         }
@@ -517,10 +421,8 @@ static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in,
         return 0;
     }
  auxerr:
-    ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR);
+    ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_AUX_ERROR);
  err:
-    if (combine == 0)
-        ASN1_item_ex_free(pval, it);
     if (errtt)
         ERR_add_error_data(4, "Field=", errtt->field_name,
                            ", Type=", it->sname);
@@ -529,13 +431,6 @@ static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in,
     return 0;
 }
 
-int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
-                     const ASN1_ITEM *it,
-                     int tag, int aclass, char opt, ASN1_TLC *ctx)
-{
-    return asn1_item_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx, 0);
-}
-
 /*
  * Templates are handled with two separate functions. One handles any
  * EXPLICIT tag and the other handles the rest.
@@ -609,7 +504,6 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val,
     return 1;
 
  err:
-    ASN1_template_free(val, tt);
     return 0;
 }
 
@@ -620,6 +514,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
 {
     int flags, aclass;
     int ret;
+    ASN1_VALUE *tval;
     const unsigned char *p, *q;
     if (!val)
         return 0;
@@ -629,6 +524,15 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
     p = *in;
     q = p;
 
+    /*
+     * If field is embedded then val needs fixing so it is a pointer to
+     * a pointer to a field.
+     */
+    if (tt->flags & ASN1_TFLG_EMBED) {
+        tval = (ASN1_VALUE *)val;
+        val = &tval;
+    }
+
     if (flags & ASN1_TFLG_SK_MASK) {
         /* SET OF, SEQUENCE OF */
         int sktag, skaclass;
@@ -653,7 +557,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
         } else if (ret == -1)
             return -1;
         if (!*val)
-            *val = (ASN1_VALUE *)sk_new_null();
+            *val = (ASN1_VALUE *)sk_ASN1_VALUE_new_null();
         else {
             /*
              * We've got a valid STACK: free up any items present
@@ -687,16 +591,19 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
                 break;
             }
             skfield = NULL;
-            if (!asn1_item_ex_d2i(&skfield, &p, len, ASN1_ITEM_ptr(tt->item),
-                                  -1, 0, 0, ctx, depth)) {
+            if (!asn1_item_embed_d2i(&skfield, &p, len,
+                                     ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx,
+                                     depth)) {
                 ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
                         ERR_R_NESTED_ASN1_ERROR);
+                /* |skfield| may be partially allocated despite failure. */
+                ASN1_item_free(skfield, ASN1_ITEM_ptr(tt->item));
                 goto err;
             }
             len -= p - q;
             if (!sk_ASN1_VALUE_push((STACK_OF(ASN1_VALUE) *)*val, skfield)) {
-                ASN1_item_ex_free(&skfield, ASN1_ITEM_ptr(tt->item));
                 ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_MALLOC_FAILURE);
+                ASN1_item_free(skfield, ASN1_ITEM_ptr(tt->item));
                 goto err;
             }
         }
@@ -706,8 +613,9 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
         }
     } else if (flags & ASN1_TFLG_IMPTAG) {
         /* IMPLICIT tagging */
-        ret = asn1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), tt->tag,
-                               aclass, opt, ctx, depth);
+        ret = asn1_item_embed_d2i(val, &p, len,
+                                  ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt,
+                                  ctx, depth);
         if (!ret) {
             ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
             goto err;
@@ -715,9 +623,8 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
             return -1;
     } else {
         /* Nothing special */
-        ret = asn1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
-                               -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx,
-                               depth);
+        ret = asn1_item_embed_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
+                                  -1, 0, opt, ctx, depth);
         if (!ret) {
             ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
             goto err;
@@ -729,7 +636,6 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
     return 1;
 
  err:
-    ASN1_template_free(val, tt);
     return 0;
 }
 
@@ -742,7 +648,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
     long plen;
     char cst, inf, free_cont = 0;
     const unsigned char *p;
-    BUF_MEM buf = { 0, NULL, 0 };
+    BUF_MEM buf = { 0, NULL, 0, 0 };
     const unsigned char *cont = NULL;
     long len;
     if (!pval) {
@@ -797,7 +703,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
         || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER)) {
         /*
          * Clear context cache for type OTHER because the auto clear when we
-         * have a exact match wont work
+         * have a exact match won't work
          */
         if (utype == V_ASN1_OTHER) {
             asn1_tlc_clear(ctx);
@@ -860,15 +766,15 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
     *in = p;
     ret = 1;
  err:
-    if (free_cont && buf.data)
+    if (free_cont)
         OPENSSL_free(buf.data);
     return ret;
 }
 
 /* Translate ASN1 content octets into a structure */
 
-int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
-                int utype, char *free_cont, const ASN1_ITEM *it)
+static int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+                       int utype, char *free_cont, const ASN1_ITEM *it)
 {
     ASN1_VALUE **opval = NULL;
     ASN1_STRING *stmp;
@@ -964,7 +870,7 @@ int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
         /* All based on ASN1_STRING and handled the same */
         if (!*pval) {
             stmp = ASN1_STRING_type_new(utype);
-            if (!stmp) {
+            if (stmp == NULL) {
                 ASN1err(ASN1_F_ASN1_EX_C2I, ERR_R_MALLOC_FAILURE);
                 goto err;
             }
@@ -975,8 +881,7 @@ int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
         }
         /* If we've already allocated a buffer use it */
         if (*free_cont) {
-            if (stmp->data)
-                OPENSSL_free(stmp->data);
+            OPENSSL_free(stmp->data);
             stmp->data = (unsigned char *)cont; /* UGLY CAST! RL */
             stmp->length = len;
             *free_cont = 0;
@@ -1013,7 +918,7 @@ int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
 
 static int asn1_find_end(const unsigned char **in, long len, char inf)
 {
-    int expected_eoc;
+    uint32_t expected_eoc;
     long plen;
     const unsigned char *p = *in, *q;
     /* If not indefinite length constructed just add length */
@@ -1043,10 +948,15 @@ static int asn1_find_end(const unsigned char **in, long len, char inf)
             ASN1err(ASN1_F_ASN1_FIND_END, ERR_R_NESTED_ASN1_ERROR);
             return 0;
         }
-        if (inf)
+        if (inf) {
+            if (expected_eoc == UINT32_MAX) {
+                ASN1err(ASN1_F_ASN1_FIND_END, ERR_R_NESTED_ASN1_ERROR);
+                return 0;
+            }
             expected_eoc++;
-        else
+        } else {
             p += plen;
+        }
         len -= p - q;
     }
     if (expected_eoc) {
@@ -1058,7 +968,7 @@ static int asn1_find_end(const unsigned char **in, long len, char inf)
 }
 
 /*
- * This function collects the asn1 data from a constructred string type into
+ * This function collects the asn1 data from a constructed string type into
  * a buffer. The values of 'in' and 'len' should refer to the contents of the
  * constructed type and 'inf' should be set if it is indefinite length.
  */
diff --git a/freebsd/crypto/openssl/crypto/asn1/tasn_enc.c b/freebsd/crypto/openssl/crypto/asn1/tasn_enc.c
index 6c7980ea..06602792 100644
--- a/freebsd/crypto/openssl/crypto/asn1/tasn_enc.c
+++ b/freebsd/crypto/openssl/crypto/asn1/tasn_enc.c
@@ -1,71 +1,22 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* tasn_enc.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000-2018 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stddef.h>
 #include <string.h>
-#include <limits.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
 #include <openssl/objects.h>
+#include "internal/asn1_int.h"
+#include "asn1_locl.h"
 
 static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
                                  const ASN1_ITEM *it, int tag, int aclass);
@@ -76,6 +27,8 @@ static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
                                 const ASN1_TEMPLATE *tt, int tag, int aclass);
 static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out,
                                const ASN1_ITEM *it, int flags);
+static int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
+                       const ASN1_ITEM *it);
 
 /*
  * Top level i2d equivalents: the 'ndef' variant instructs the encoder to use
@@ -106,12 +59,14 @@ static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out,
     if (out && !*out) {
         unsigned char *p, *buf;
         int len;
+
         len = ASN1_item_ex_i2d(&val, NULL, it, -1, flags);
         if (len <= 0)
             return len;
-        buf = OPENSSL_malloc(len);
-        if (!buf)
+        if ((buf = OPENSSL_malloc(len)) == NULL) {
+            ASN1err(ASN1_F_ASN1_ITEM_FLAGS_I2D, ERR_R_MALLOC_FAILURE);
             return -1;
+        }
         p = buf;
         ASN1_item_ex_i2d(&val, &p, it, -1, flags);
         *out = buf;
@@ -130,9 +85,7 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
                      const ASN1_ITEM *it, int tag, int aclass)
 {
     const ASN1_TEMPLATE *tt = NULL;
-    unsigned char *p = NULL;
     int i, seqcontlen, seqlen, ndef = 1;
-    const ASN1_COMPAT_FUNCS *cf;
     const ASN1_EXTERN_FUNCS *ef;
     const ASN1_AUX *aux = it->funcs;
     ASN1_aux_cb *asn1_cb = 0;
@@ -150,7 +103,6 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
             return asn1_template_ex_i2d(pval, out, it->templates,
                                         tag, aclass);
         return asn1_i2d_ex_primitive(pval, out, it, tag, aclass);
-        break;
 
     case ASN1_ITYPE_MSTRING:
         return asn1_i2d_ex_primitive(pval, out, it, -1, aclass);
@@ -176,20 +128,6 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
         ef = it->funcs;
         return ef->asn1_ex_i2d(pval, out, it, tag, aclass);
 
-    case ASN1_ITYPE_COMPAT:
-        /* old style hackery... */
-        cf = it->funcs;
-        if (out)
-            p = *out;
-        i = cf->asn1_i2d(*pval, out);
-        /*
-         * Fixup for IMPLICIT tag: note this messes up for tags > 30, but so
-         * did the old code. Tags > 30 are very rare anyway.
-         */
-        if (out && (tag != -1))
-            *p = aclass | tag | (*p & V_ASN1_CONSTRUCTED);
-        return i;
-
     case ASN1_ITYPE_NDEF_SEQUENCE:
         /* Use indefinite length constructed if requested */
         if (aclass & ASN1_TFLG_NDEF)
@@ -258,17 +196,21 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
     return 0;
 }
 
-int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out,
-                      const ASN1_TEMPLATE *tt)
-{
-    return asn1_template_ex_i2d(pval, out, tt, -1, 0);
-}
-
 static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
                                 const ASN1_TEMPLATE *tt, int tag, int iclass)
 {
     int i, ret, flags, ttag, tclass, ndef;
+    ASN1_VALUE *tval;
     flags = tt->flags;
+
+    /*
+     * If field is embedded then val needs fixing so it is a pointer to
+     * a pointer to a field.
+     */
+    if (flags & ASN1_TFLG_EMBED) {
+        tval = (ASN1_VALUE *)pval;
+        pval = &tval;
+    }
     /*
      * Work out tag and class to use: tagging may come either from the
      * template or the arguments, not both because this would create
@@ -442,10 +384,10 @@ static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out,
         else {
             derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk)
                                     * sizeof(*derlst));
-            if (!derlst)
+            if (derlst == NULL)
                 return 0;
             tmpdat = OPENSSL_malloc(skcontlen);
-            if (!tmpdat) {
+            if (tmpdat == NULL) {
                 OPENSSL_free(derlst);
                 return 0;
             }
@@ -548,8 +490,8 @@ static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
 
 /* Produce content octets from a structure */
 
-int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
-                const ASN1_ITEM *it)
+static int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
+                       const ASN1_ITEM *it)
 {
     ASN1_BOOLEAN *tbool = NULL;
     ASN1_STRING *strtmp;
@@ -620,7 +562,6 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
     case V_ASN1_BIT_STRING:
         return i2c_ASN1_BIT_STRING((ASN1_BIT_STRING *)*pval,
                                    cout ? &cout : NULL);
-        break;
 
     case V_ASN1_INTEGER:
     case V_ASN1_ENUMERATED:
@@ -628,7 +569,6 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
          * These are all have the same content format as ASN1_INTEGER
          */
         return i2c_ASN1_INTEGER((ASN1_INTEGER *)*pval, cout ? &cout : NULL);
-        break;
 
     case V_ASN1_OCTET_STRING:
     case V_ASN1_NUMERICSTRING:
diff --git a/freebsd/crypto/openssl/crypto/asn1/tasn_fre.c b/freebsd/crypto/openssl/crypto/asn1/tasn_fre.c
index e734f2d5..ab0a7249 100644
--- a/freebsd/crypto/openssl/crypto/asn1/tasn_fre.c
+++ b/freebsd/crypto/openssl/crypto/asn1/tasn_fre.c
@@ -1,90 +1,40 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* tasn_fre.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stddef.h>
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
 #include <openssl/objects.h>
-#include "asn1_int.h"
+#include "asn1_locl.h"
 
 /* Free up an ASN1 structure */
 
 void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it)
 {
-    asn1_item_combine_free(&val, it, 0);
+    asn1_item_embed_free(&val, it, 0);
 }
 
 void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-    asn1_item_combine_free(pval, it, 0);
+    asn1_item_embed_free(pval, it, 0);
 }
 
-void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine)
+void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed)
 {
     const ASN1_TEMPLATE *tt = NULL, *seqtt;
     const ASN1_EXTERN_FUNCS *ef;
-    const ASN1_COMPAT_FUNCS *cf;
     const ASN1_AUX *aux = it->funcs;
     ASN1_aux_cb *asn1_cb;
     int i;
+
     if (!pval)
         return;
     if ((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval)
@@ -98,13 +48,13 @@ void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine)
 
     case ASN1_ITYPE_PRIMITIVE:
         if (it->templates)
-            ASN1_template_free(pval, it->templates);
+            asn1_template_free(pval, it->templates);
         else
-            ASN1_primitive_free(pval, it);
+            asn1_primitive_free(pval, it, embed);
         break;
 
     case ASN1_ITYPE_MSTRING:
-        ASN1_primitive_free(pval, it);
+        asn1_primitive_free(pval, it, embed);
         break;
 
     case ASN1_ITYPE_CHOICE:
@@ -116,24 +66,19 @@ void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine)
         i = asn1_get_choice_selector(pval, it);
         if ((i >= 0) && (i < it->tcount)) {
             ASN1_VALUE **pchval;
+
             tt = it->templates + i;
             pchval = asn1_get_field_ptr(pval, tt);
-            ASN1_template_free(pchval, tt);
+            asn1_template_free(pchval, tt);
         }
         if (asn1_cb)
             asn1_cb(ASN1_OP_FREE_POST, pval, it, NULL);
-        if (!combine) {
+        if (embed == 0) {
             OPENSSL_free(*pval);
             *pval = NULL;
         }
         break;
 
-    case ASN1_ITYPE_COMPAT:
-        cf = it->funcs;
-        if (cf && cf->asn1_free)
-            cf->asn1_free(*pval);
-        break;
-
     case ASN1_ITYPE_EXTERN:
         ef = it->funcs;
         if (ef && ef->asn1_ex_free)
@@ -142,7 +87,7 @@ void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine)
 
     case ASN1_ITYPE_NDEF_SEQUENCE:
     case ASN1_ITYPE_SEQUENCE:
-        if (asn1_do_lock(pval, -1, it) > 0)
+        if (asn1_do_lock(pval, -1, it) != 0) /* if error or ref-counter > 0 */
             return;
         if (asn1_cb) {
             i = asn1_cb(ASN1_OP_FREE_PRE, pval, it, NULL);
@@ -152,21 +97,23 @@ void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine)
         asn1_enc_free(pval, it);
         /*
          * If we free up as normal we will invalidate any ANY DEFINED BY
-         * field and we wont be able to determine the type of the field it
+         * field and we won't be able to determine the type of the field it
          * defines. So free up in reverse order.
          */
-        tt = it->templates + it->tcount - 1;
-        for (i = 0; i < it->tcount; tt--, i++) {
+        tt = it->templates + it->tcount;
+        for (i = 0; i < it->tcount; i++) {
             ASN1_VALUE **pseqval;
+
+            tt--;
             seqtt = asn1_do_adb(pval, tt, 0);
             if (!seqtt)
                 continue;
             pseqval = asn1_get_field_ptr(pval, seqtt);
-            ASN1_template_free(pseqval, seqtt);
+            asn1_template_free(pseqval, seqtt);
         }
         if (asn1_cb)
             asn1_cb(ASN1_OP_FREE_POST, pval, it, NULL);
-        if (!combine) {
+        if (embed == 0) {
             OPENSSL_free(*pval);
             *pval = NULL;
         }
@@ -174,37 +121,53 @@ void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine)
     }
 }
 
-void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
+void asn1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
 {
-    int i;
+    int embed = tt->flags & ASN1_TFLG_EMBED;
+    ASN1_VALUE *tval;
+    if (embed) {
+        tval = (ASN1_VALUE *)pval;
+        pval = &tval;
+    }
     if (tt->flags & ASN1_TFLG_SK_MASK) {
         STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval;
+        int i;
+
         for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
-            ASN1_VALUE *vtmp;
-            vtmp = sk_ASN1_VALUE_value(sk, i);
-            asn1_item_combine_free(&vtmp, ASN1_ITEM_ptr(tt->item), 0);
+            ASN1_VALUE *vtmp = sk_ASN1_VALUE_value(sk, i);
+
+            asn1_item_embed_free(&vtmp, ASN1_ITEM_ptr(tt->item), embed);
         }
         sk_ASN1_VALUE_free(sk);
         *pval = NULL;
-    } else
-        asn1_item_combine_free(pval, ASN1_ITEM_ptr(tt->item),
-                               tt->flags & ASN1_TFLG_COMBINE);
+    } else {
+        asn1_item_embed_free(pval, ASN1_ITEM_ptr(tt->item), embed);
+    }
 }
 
-void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+void asn1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed)
 {
     int utype;
+
+    /* Special case: if 'it' is a primitive with a free_func, use that. */
     if (it) {
-        const ASN1_PRIMITIVE_FUNCS *pf;
-        pf = it->funcs;
-        if (pf && pf->prim_free) {
+        const ASN1_PRIMITIVE_FUNCS *pf = it->funcs;
+
+        if (embed) {
+            if (pf && pf->prim_clear) {
+                pf->prim_clear(pval, it);
+                return;
+            }
+        } else if (pf && pf->prim_free) {
             pf->prim_free(pval, it);
             return;
         }
     }
-    /* Special case: if 'it' is NULL free contents of ASN1_TYPE */
+
+    /* Special case: if 'it' is NULL, free contents of ASN1_TYPE */
     if (!it) {
         ASN1_TYPE *typ = (ASN1_TYPE *)*pval;
+
         utype = typ->type;
         pval = &typ->value.asn1_value;
         if (!*pval)
@@ -235,13 +198,12 @@ void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
         break;
 
     case V_ASN1_ANY:
-        ASN1_primitive_free(pval, NULL);
+        asn1_primitive_free(pval, NULL, 0);
         OPENSSL_free(*pval);
         break;
 
     default:
-        ASN1_STRING_free((ASN1_STRING *)*pval);
-        *pval = NULL;
+        asn1_string_embed_free((ASN1_STRING *)*pval, embed);
         break;
     }
     *pval = NULL;
diff --git a/freebsd/crypto/openssl/crypto/asn1/tasn_new.c b/freebsd/crypto/openssl/crypto/asn1/tasn_new.c
index 3e0f792c..92f01821 100644
--- a/freebsd/crypto/openssl/crypto/asn1/tasn_new.c
+++ b/freebsd/crypto/openssl/crypto/asn1/tasn_new.c
@@ -1,62 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* tasn_new.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000-2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stddef.h>
@@ -65,11 +15,14 @@
 #include <openssl/err.h>
 #include <openssl/asn1t.h>
 #include <string.h>
-#include "asn1_int.h"
+#include "asn1_locl.h"
 
-static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
-                                    int combine);
+static int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
+                               int embed);
+static int asn1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
+                              int embed);
 static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
+static int asn1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
 static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
 static void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
 
@@ -85,14 +38,12 @@ ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it)
 
 int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-    return asn1_item_ex_combine_new(pval, it, 0);
+    return asn1_item_embed_new(pval, it, 0);
 }
 
-static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
-                                    int combine)
+int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed)
 {
     const ASN1_TEMPLATE *tt = NULL;
-    const ASN1_COMPAT_FUNCS *cf;
     const ASN1_EXTERN_FUNCS *ef;
     const ASN1_AUX *aux = it->funcs;
     ASN1_aux_cb *asn1_cb;
@@ -103,9 +54,8 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
     else
         asn1_cb = 0;
 
-#ifdef CRYPTO_MDEBUG
-    if (it->sname)
-        CRYPTO_push_info(it->sname);
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    OPENSSL_mem_debug_push(it->sname ? it->sname : "asn1_item_embed_new");
 #endif
 
     switch (it->itype) {
@@ -118,25 +68,16 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
         }
         break;
 
-    case ASN1_ITYPE_COMPAT:
-        cf = it->funcs;
-        if (cf && cf->asn1_new) {
-            *pval = cf->asn1_new();
-            if (!*pval)
-                goto memerr;
-        }
-        break;
-
     case ASN1_ITYPE_PRIMITIVE:
         if (it->templates) {
-            if (!ASN1_template_new(pval, it->templates))
+            if (!asn1_template_new(pval, it->templates))
                 goto memerr;
-        } else if (!ASN1_primitive_new(pval, it))
+        } else if (!asn1_primitive_new(pval, it, embed))
             goto memerr;
         break;
 
     case ASN1_ITYPE_MSTRING:
-        if (!ASN1_primitive_new(pval, it))
+        if (!asn1_primitive_new(pval, it, embed))
             goto memerr;
         break;
 
@@ -146,18 +87,18 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
             if (!i)
                 goto auxerr;
             if (i == 2) {
-#ifdef CRYPTO_MDEBUG
-                if (it->sname)
-                    CRYPTO_pop_info();
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+                OPENSSL_mem_debug_pop();
 #endif
                 return 1;
             }
         }
-        if (!combine) {
-            *pval = OPENSSL_malloc(it->size);
-            if (!*pval)
-                goto memerr;
+        if (embed) {
             memset(*pval, 0, it->size);
+        } else {
+            *pval = OPENSSL_zalloc(it->size);
+            if (*pval == NULL)
+                goto memerr;
         }
         asn1_set_choice_selector(pval, -1, it);
         if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL))
@@ -171,53 +112,57 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
             if (!i)
                 goto auxerr;
             if (i == 2) {
-#ifdef CRYPTO_MDEBUG
-                if (it->sname)
-                    CRYPTO_pop_info();
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+                OPENSSL_mem_debug_pop();
 #endif
                 return 1;
             }
         }
-        if (!combine) {
-            *pval = OPENSSL_malloc(it->size);
-            if (!*pval)
-                goto memerr;
+        if (embed) {
             memset(*pval, 0, it->size);
-            asn1_do_lock(pval, 0, it);
-            asn1_enc_init(pval, it);
+        } else {
+            *pval = OPENSSL_zalloc(it->size);
+            if (*pval == NULL)
+                goto memerr;
+        }
+        /* 0 : init. lock */
+        if (asn1_do_lock(pval, 0, it) < 0) {
+            if (!embed) {
+                OPENSSL_free(*pval);
+                *pval = NULL;
+            }
+            goto memerr;
         }
+        asn1_enc_init(pval, it);
         for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
             pseqval = asn1_get_field_ptr(pval, tt);
-            if (!ASN1_template_new(pseqval, tt))
+            if (!asn1_template_new(pseqval, tt))
                 goto memerr2;
         }
         if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL))
             goto auxerr2;
         break;
     }
-#ifdef CRYPTO_MDEBUG
-    if (it->sname)
-        CRYPTO_pop_info();
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    OPENSSL_mem_debug_pop();
 #endif
     return 1;
 
  memerr2:
-    asn1_item_combine_free(pval, it, combine);
+    asn1_item_embed_free(pval, it, embed);
  memerr:
-    ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ERR_R_MALLOC_FAILURE);
-#ifdef CRYPTO_MDEBUG
-    if (it->sname)
-        CRYPTO_pop_info();
+    ASN1err(ASN1_F_ASN1_ITEM_EMBED_NEW, ERR_R_MALLOC_FAILURE);
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    OPENSSL_mem_debug_pop();
 #endif
     return 0;
 
  auxerr2:
-    asn1_item_combine_free(pval, it, combine);
+    asn1_item_embed_free(pval, it, embed);
  auxerr:
-    ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ASN1_R_AUX_ERROR);
-#ifdef CRYPTO_MDEBUG
-    if (it->sname)
-        CRYPTO_pop_info();
+    ASN1err(ASN1_F_ASN1_ITEM_EMBED_NEW, ASN1_R_AUX_ERROR);
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    OPENSSL_mem_debug_pop();
 #endif
     return 0;
 
@@ -248,7 +193,6 @@ static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
         asn1_primitive_clear(pval, it);
         break;
 
-    case ASN1_ITYPE_COMPAT:
     case ASN1_ITYPE_CHOICE:
     case ASN1_ITYPE_SEQUENCE:
     case ASN1_ITYPE_NDEF_SEQUENCE:
@@ -257,10 +201,16 @@ static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
     }
 }
 
-int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
+static int asn1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
 {
     const ASN1_ITEM *it = ASN1_ITEM_ptr(tt->item);
+    int embed = tt->flags & ASN1_TFLG_EMBED;
+    ASN1_VALUE *tval;
     int ret;
+    if (embed) {
+        tval = (ASN1_VALUE *)pval;
+        pval = &tval;
+    }
     if (tt->flags & ASN1_TFLG_OPTIONAL) {
         asn1_template_clear(pval, tt);
         return 1;
@@ -271,9 +221,9 @@ int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
         *pval = NULL;
         return 1;
     }
-#ifdef CRYPTO_MDEBUG
-    if (tt->field_name)
-        CRYPTO_push_info(tt->field_name);
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    OPENSSL_mem_debug_push(tt->field_name
+            ? tt->field_name : "asn1_template_new");
 #endif
     /* If SET OF or SEQUENCE OF, its a STACK */
     if (tt->flags & ASN1_TFLG_SK_MASK) {
@@ -289,11 +239,10 @@ int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
         goto done;
     }
     /* Otherwise pass it back to the item routine */
-    ret = asn1_item_ex_combine_new(pval, it, tt->flags & ASN1_TFLG_COMBINE);
+    ret = asn1_item_embed_new(pval, it, embed);
  done:
-#ifdef CRYPTO_MDEBUG
-    if (it->sname)
-        CRYPTO_pop_info();
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    OPENSSL_mem_debug_pop();
 #endif
     return ret;
 }
@@ -312,7 +261,8 @@ static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
  * all the old functions.
  */
 
-int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+static int asn1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
+                              int embed)
 {
     ASN1_TYPE *typ;
     ASN1_STRING *str;
@@ -323,8 +273,14 @@ int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
 
     if (it->funcs) {
         const ASN1_PRIMITIVE_FUNCS *pf = it->funcs;
-        if (pf->prim_new)
+        if (embed) {
+            if (pf->prim_clear) {
+                pf->prim_clear(pval, it);
+                return 1;
+            }
+        } else if (pf->prim_new) {
             return pf->prim_new(pval, it);
+        }
     }
 
     if (it->itype == ASN1_ITYPE_MSTRING)
@@ -345,19 +301,27 @@ int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
         return 1;
 
     case V_ASN1_ANY:
-        typ = OPENSSL_malloc(sizeof(ASN1_TYPE));
-        if (!typ)
+        if ((typ = OPENSSL_malloc(sizeof(*typ))) == NULL) {
+            ASN1err(ASN1_F_ASN1_PRIMITIVE_NEW, ERR_R_MALLOC_FAILURE);
             return 0;
+        }
         typ->value.ptr = NULL;
         typ->type = -1;
         *pval = (ASN1_VALUE *)typ;
         break;
 
     default:
-        str = ASN1_STRING_type_new(utype);
+        if (embed) {
+            str = *(ASN1_STRING **)pval;
+            memset(str, 0, sizeof(*str));
+            str->type = utype;
+            str->flags = ASN1_STRING_FLAG_EMBED;
+        } else {
+            str = ASN1_STRING_type_new(utype);
+            *pval = (ASN1_VALUE *)str;
+        }
         if (it->itype == ASN1_ITYPE_MSTRING && str)
             str->flags |= ASN1_STRING_FLAG_MSTRING;
-        *pval = (ASN1_VALUE *)str;
         break;
     }
     if (*pval)
diff --git a/freebsd/crypto/openssl/crypto/asn1/tasn_prn.c b/freebsd/crypto/openssl/crypto/asn1/tasn_prn.c
index 0dd50646..a1b89d52 100644
--- a/freebsd/crypto/openssl/crypto/asn1/tasn_prn.c
+++ b/freebsd/crypto/openssl/crypto/asn1/tasn_prn.c
@@ -1,72 +1,23 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* tasn_prn.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000,2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stddef.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
 #include <openssl/objects.h>
 #include <openssl/buffer.h>
 #include <openssl/err.h>
 #include <openssl/x509v3.h>
+#include "internal/asn1_int.h"
 #include "asn1_locl.h"
 
 /*
@@ -75,7 +26,7 @@
 
 /* ASN1_PCTX routines */
 
-ASN1_PCTX default_pctx = {
+static ASN1_PCTX default_pctx = {
     ASN1_PCTX_FLAGS_SHOW_ABSENT, /* flags */
     0,                          /* nm_flags */
     0,                          /* cert_flags */
@@ -86,16 +37,12 @@ ASN1_PCTX default_pctx = {
 ASN1_PCTX *ASN1_PCTX_new(void)
 {
     ASN1_PCTX *ret;
-    ret = OPENSSL_malloc(sizeof(ASN1_PCTX));
+
+    ret = OPENSSL_zalloc(sizeof(*ret));
     if (ret == NULL) {
         ASN1err(ASN1_F_ASN1_PCTX_NEW, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
-    ret->flags = 0;
-    ret->nm_flags = 0;
-    ret->cert_flags = 0;
-    ret->oid_flags = 0;
-    ret->str_flags = 0;
     return ret;
 }
 
@@ -104,7 +51,7 @@ void ASN1_PCTX_free(ASN1_PCTX *p)
     OPENSSL_free(p);
 }
 
-unsigned long ASN1_PCTX_get_flags(ASN1_PCTX *p)
+unsigned long ASN1_PCTX_get_flags(const ASN1_PCTX *p)
 {
     return p->flags;
 }
@@ -114,7 +61,7 @@ void ASN1_PCTX_set_flags(ASN1_PCTX *p, unsigned long flags)
     p->flags = flags;
 }
 
-unsigned long ASN1_PCTX_get_nm_flags(ASN1_PCTX *p)
+unsigned long ASN1_PCTX_get_nm_flags(const ASN1_PCTX *p)
 {
     return p->nm_flags;
 }
@@ -124,7 +71,7 @@ void ASN1_PCTX_set_nm_flags(ASN1_PCTX *p, unsigned long flags)
     p->nm_flags = flags;
 }
 
-unsigned long ASN1_PCTX_get_cert_flags(ASN1_PCTX *p)
+unsigned long ASN1_PCTX_get_cert_flags(const ASN1_PCTX *p)
 {
     return p->cert_flags;
 }
@@ -134,7 +81,7 @@ void ASN1_PCTX_set_cert_flags(ASN1_PCTX *p, unsigned long flags)
     p->cert_flags = flags;
 }
 
-unsigned long ASN1_PCTX_get_oid_flags(ASN1_PCTX *p)
+unsigned long ASN1_PCTX_get_oid_flags(const ASN1_PCTX *p)
 {
     return p->oid_flags;
 }
@@ -144,7 +91,7 @@ void ASN1_PCTX_set_oid_flags(ASN1_PCTX *p, unsigned long flags)
     p->oid_flags = flags;
 }
 
-unsigned long ASN1_PCTX_get_str_flags(ASN1_PCTX *p)
+unsigned long ASN1_PCTX_get_str_flags(const ASN1_PCTX *p)
 {
     return p->str_flags;
 }
@@ -161,7 +108,7 @@ static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
                                const char *fname, const char *sname,
                                int nohdr, const ASN1_PCTX *pctx);
 
-int asn1_template_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
+static int asn1_template_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
                             const ASN1_TEMPLATE *tt, const ASN1_PCTX *pctx);
 
 static int asn1_primitive_print(BIO *out, ASN1_VALUE **fld,
@@ -225,7 +172,7 @@ static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
                 return 0;
             break;
         }
-        /* fall thru */
+        /* fall through */
     case ASN1_ITYPE_MSTRING:
         if (!asn1_primitive_print(out, fld, it, indent, fname, sname, pctx))
             return 0;
@@ -249,10 +196,6 @@ static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
         break;
 
     case ASN1_ITYPE_CHOICE:
-#if 0
-        if (!nohdr && !asn1_print_fsname(out, indent, fname, sname, pctx))
-            return 0;
-#endif
         /* CHOICE type, get selector */
         i = asn1_get_choice_selector(fld, it);
         /* This should never happen... */
@@ -320,11 +263,12 @@ static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
     return 1;
 }
 
-int asn1_template_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
+static int asn1_template_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
                             const ASN1_TEMPLATE *tt, const ASN1_PCTX *pctx)
 {
     int i, flags;
     const char *sname, *fname;
+    ASN1_VALUE *tfld;
     flags = tt->flags;
     if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME)
         sname = ASN1_ITEM_ptr(tt->item)->sname;
@@ -334,6 +278,16 @@ int asn1_template_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
         fname = NULL;
     else
         fname = tt->field_name;
+
+    /*
+     * If field is embedded then fld needs fixing so it is a pointer to
+     * a pointer to a field.
+     */
+    if (flags & ASN1_TFLG_EMBED) {
+        tfld = (ASN1_VALUE *)fld;
+        fld = &tfld;
+    }
+
     if (flags & ASN1_TFLG_SK_MASK) {
         char *tname;
         ASN1_VALUE *skitem;
@@ -363,7 +317,8 @@ int asn1_template_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
                                      pctx))
                 return 0;
         }
-        if (!i && BIO_printf(out, "%*s<EMPTY>\n", indent + 2, "") <= 0)
+        if (i == 0 && BIO_printf(out, "%*s<%s>\n", indent + 2, "",
+                                 stack == NULL ? "ABSENT" : "EMPTY") <= 0)
             return 0;
         if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_SEQUENCE) {
             if (BIO_printf(out, "%*s}\n", indent, "") <= 0)
@@ -379,13 +334,8 @@ static int asn1_print_fsname(BIO *out, int indent,
                              const char *fname, const char *sname,
                              const ASN1_PCTX *pctx)
 {
-    static char spaces[] = "                    ";
-    const int nspaces = sizeof(spaces) - 1;
-
-#if 0
-    if (!sname && !fname)
-        return 1;
-#endif
+    static const char spaces[] = "                    ";
+    static const int nspaces = sizeof(spaces) - 1;
 
     while (indent > nspaces) {
         if (BIO_write(out, spaces, nspaces) != nspaces)
@@ -418,8 +368,7 @@ static int asn1_print_fsname(BIO *out, int indent,
     return 1;
 }
 
-static int asn1_print_boolean_ctx(BIO *out, int boolval,
-                                  const ASN1_PCTX *pctx)
+static int asn1_print_boolean(BIO *out, int boolval)
 {
     const char *str;
     switch (boolval) {
@@ -443,8 +392,7 @@ static int asn1_print_boolean_ctx(BIO *out, int boolval,
 
 }
 
-static int asn1_print_integer_ctx(BIO *out, ASN1_INTEGER *str,
-                                  const ASN1_PCTX *pctx)
+static int asn1_print_integer(BIO *out, const ASN1_INTEGER *str)
 {
     char *s;
     int ret = 1;
@@ -457,8 +405,7 @@ static int asn1_print_integer_ctx(BIO *out, ASN1_INTEGER *str,
     return ret;
 }
 
-static int asn1_print_oid_ctx(BIO *out, const ASN1_OBJECT *oid,
-                              const ASN1_PCTX *pctx)
+static int asn1_print_oid(BIO *out, const ASN1_OBJECT *oid)
 {
     char objbuf[80];
     const char *ln;
@@ -471,8 +418,7 @@ static int asn1_print_oid_ctx(BIO *out, const ASN1_OBJECT *oid,
     return 1;
 }
 
-static int asn1_print_obstring_ctx(BIO *out, ASN1_STRING *str, int indent,
-                                   const ASN1_PCTX *pctx)
+static int asn1_print_obstring(BIO *out, const ASN1_STRING *str, int indent)
 {
     if (str->type == V_ASN1_BIT_STRING) {
         if (BIO_printf(out, " (%ld unused bits)\n", str->flags & 0x7) <= 0)
@@ -480,7 +426,7 @@ static int asn1_print_obstring_ctx(BIO *out, ASN1_STRING *str, int indent,
     } else if (BIO_puts(out, "\n") <= 0)
         return 0;
     if ((str->length > 0)
-        && BIO_dump_indent(out, (char *)str->data, str->length,
+        && BIO_dump_indent(out, (const char *)str->data, str->length,
                            indent + 2) <= 0)
         return 0;
     return 1;
@@ -546,13 +492,13 @@ static int asn1_primitive_print(BIO *out, ASN1_VALUE **fld,
             int boolval = *(int *)fld;
             if (boolval == -1)
                 boolval = it->size;
-            ret = asn1_print_boolean_ctx(out, boolval, pctx);
+            ret = asn1_print_boolean(out, boolval);
         }
         break;
 
     case V_ASN1_INTEGER:
     case V_ASN1_ENUMERATED:
-        ret = asn1_print_integer_ctx(out, str, pctx);
+        ret = asn1_print_integer(out, str);
         break;
 
     case V_ASN1_UTCTIME:
@@ -564,12 +510,12 @@ static int asn1_primitive_print(BIO *out, ASN1_VALUE **fld,
         break;
 
     case V_ASN1_OBJECT:
-        ret = asn1_print_oid_ctx(out, (const ASN1_OBJECT *)*fld, pctx);
+        ret = asn1_print_oid(out, (const ASN1_OBJECT *)*fld);
         break;
 
     case V_ASN1_OCTET_STRING:
     case V_ASN1_BIT_STRING:
-        ret = asn1_print_obstring_ctx(out, str, indent, pctx);
+        ret = asn1_print_obstring(out, str, indent);
         needlf = 0;
         break;
 
diff --git a/freebsd/crypto/openssl/crypto/asn1/tasn_scn.c b/freebsd/crypto/openssl/crypto/asn1/tasn_scn.c
new file mode 100644
index 00000000..1db13961
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/asn1/tasn_scn.c
@@ -0,0 +1,67 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stddef.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+#include <openssl/x509v3.h>
+#include "asn1_locl.h"
+
+/*
+ * General ASN1 structure recursive scanner: iterate through all fields
+ * passing details to a callback.
+ */
+
+ASN1_SCTX *ASN1_SCTX_new(int (*scan_cb) (ASN1_SCTX *ctx))
+{
+    ASN1_SCTX *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        ASN1err(ASN1_F_ASN1_SCTX_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    ret->scan_cb = scan_cb;
+    return ret;
+}
+
+void ASN1_SCTX_free(ASN1_SCTX *p)
+{
+    OPENSSL_free(p);
+}
+
+const ASN1_ITEM *ASN1_SCTX_get_item(ASN1_SCTX *p)
+{
+    return p->it;
+}
+
+const ASN1_TEMPLATE *ASN1_SCTX_get_template(ASN1_SCTX *p)
+{
+    return p->tt;
+}
+
+unsigned long ASN1_SCTX_get_flags(ASN1_SCTX *p)
+{
+    return p->flags;
+}
+
+void ASN1_SCTX_set_app_data(ASN1_SCTX *p, void *data)
+{
+    p->app_data = data;
+}
+
+void *ASN1_SCTX_get_app_data(ASN1_SCTX *p)
+{
+    return p->app_data;
+}
diff --git a/freebsd/crypto/openssl/crypto/asn1/tasn_typ.c b/freebsd/crypto/openssl/crypto/asn1/tasn_typ.c
index 45a3e937..84c30ebe 100644
--- a/freebsd/crypto/openssl/crypto/asn1/tasn_typ.c
+++ b/freebsd/crypto/openssl/crypto/asn1/tasn_typ.c
@@ -1,117 +1,52 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* tasn_typ.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
+
 #include <stdio.h>
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
 
 /* Declarations for string types */
 
-
-IMPLEMENT_ASN1_TYPE(ASN1_INTEGER)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_INTEGER)
-
-IMPLEMENT_ASN1_TYPE(ASN1_ENUMERATED)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_ENUMERATED)
-
-IMPLEMENT_ASN1_TYPE(ASN1_BIT_STRING)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_BIT_STRING)
-
-IMPLEMENT_ASN1_TYPE(ASN1_OCTET_STRING)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_OCTET_STRING)
+#define IMPLEMENT_ASN1_STRING_FUNCTIONS(sname) \
+    IMPLEMENT_ASN1_TYPE(sname) \
+    IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(sname, sname, sname) \
+sname *sname##_new(void) \
+{ \
+    return ASN1_STRING_type_new(V_##sname); \
+} \
+void sname##_free(sname *x) \
+{ \
+    ASN1_STRING_free(x); \
+}
+
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_OCTET_STRING)
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_INTEGER)
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_ENUMERATED)
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_BIT_STRING)
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_UTF8STRING)
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_PRINTABLESTRING)
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_T61STRING)
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_IA5STRING)
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_GENERALSTRING)
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_UTCTIME)
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_GENERALIZEDTIME)
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_VISIBLESTRING)
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_UNIVERSALSTRING)
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_BMPSTRING)
 
 IMPLEMENT_ASN1_TYPE(ASN1_NULL)
 IMPLEMENT_ASN1_FUNCTIONS(ASN1_NULL)
 
 IMPLEMENT_ASN1_TYPE(ASN1_OBJECT)
 
-IMPLEMENT_ASN1_TYPE(ASN1_UTF8STRING)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_UTF8STRING)
-
-IMPLEMENT_ASN1_TYPE(ASN1_PRINTABLESTRING)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING)
-
-IMPLEMENT_ASN1_TYPE(ASN1_T61STRING)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_T61STRING)
-
-IMPLEMENT_ASN1_TYPE(ASN1_IA5STRING)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_IA5STRING)
-
-IMPLEMENT_ASN1_TYPE(ASN1_GENERALSTRING)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_GENERALSTRING)
-
-IMPLEMENT_ASN1_TYPE(ASN1_UTCTIME)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_UTCTIME)
-
-IMPLEMENT_ASN1_TYPE(ASN1_GENERALIZEDTIME)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME)
-
-IMPLEMENT_ASN1_TYPE(ASN1_VISIBLESTRING)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_VISIBLESTRING)
-
-IMPLEMENT_ASN1_TYPE(ASN1_UNIVERSALSTRING)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING)
-
-IMPLEMENT_ASN1_TYPE(ASN1_BMPSTRING)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_BMPSTRING)
-
 IMPLEMENT_ASN1_TYPE(ASN1_ANY)
 
 /* Just swallow an ASN1_SEQUENCE in an ASN1_STRING */
diff --git a/freebsd/crypto/openssl/crypto/asn1/tasn_utl.c b/freebsd/crypto/openssl/crypto/asn1/tasn_utl.c
index f2448f57..152f464f 100644
--- a/freebsd/crypto/openssl/crypto/asn1/tasn_utl.c
+++ b/freebsd/crypto/openssl/crypto/asn1/tasn_utl.c
@@ -1,70 +1,23 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* tasn_utl.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000-2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stddef.h>
 #include <string.h>
+#include "internal/cryptlib.h"
+#include "internal/refcount.h"
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
 #include <openssl/objects.h>
 #include <openssl/err.h>
+#include "asn1_locl.h"
 
 /* Utility functions for manipulating fields and offsets */
 
@@ -96,16 +49,21 @@ int asn1_set_choice_selector(ASN1_VALUE **pval, int value,
 }
 
 /*
- * Do reference counting. The value 'op' decides what to do. if it is +1
- * then the count is incremented. If op is 0 count is set to 1. If op is -1
- * count is decremented and the return value is the current refrence count or
- * 0 if no reference count exists.
+ * Do atomic reference counting. The value 'op' decides what to do.
+ * If it is +1 then the count is incremented.
+ * If |op| is 0, lock is initialised and count is set to 1.
+ * If |op| is -1, count is decremented and the return value is the current
+ * reference count or 0 if no reference count is active.
+ * It returns -1 on initialisation error.
+ * Used by ASN1_SEQUENCE construct of X509, X509_REQ, X509_CRL objects
  */
-
 int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it)
 {
     const ASN1_AUX *aux;
-    int *lck, ret;
+    CRYPTO_REF_COUNT *lck;
+    CRYPTO_RWLOCK **lock;
+    int ret = -1;
+
     if ((it->itype != ASN1_ITYPE_SEQUENCE)
         && (it->itype != ASN1_ITYPE_NDEF_SEQUENCE))
         return 0;
@@ -113,18 +71,35 @@ int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it)
     if (!aux || !(aux->flags & ASN1_AFLG_REFCOUNT))
         return 0;
     lck = offset2ptr(*pval, aux->ref_offset);
-    if (op == 0) {
-        *lck = 1;
-        return 1;
-    }
-    ret = CRYPTO_add(lck, op, aux->ref_lock);
+    lock = offset2ptr(*pval, aux->ref_lock);
+
+    switch (op) {
+    case 0:
+        *lck = ret = 1;
+        *lock = CRYPTO_THREAD_lock_new();
+        if (*lock == NULL) {
+            ASN1err(ASN1_F_ASN1_DO_LOCK, ERR_R_MALLOC_FAILURE);
+            return -1;
+        }
+        break;
+    case 1:
+        if (!CRYPTO_UP_REF(lck, &ret, *lock))
+            return -1;
+        break;
+    case -1:
+        if (!CRYPTO_DOWN_REF(lck, &ret, *lock))
+            return -1;  /* failed */
 #ifdef REF_PRINT
-    fprintf(stderr, "%s: Reference Count: %d\n", it->sname, *lck);
-#endif
-#ifdef REF_CHECK
-    if (ret < 0)
-        fprintf(stderr, "%s, bad reference count\n", it->sname);
+        fprintf(stderr, "%p:%4d:%s\n", it, ret, it->sname);
 #endif
+        REF_ASSERT_ISNT(ret < 0);
+        if (ret == 0) {
+            CRYPTO_THREAD_lock_free(*lock);
+            *lock = NULL;
+        }
+        break;
+    }
+
     return ret;
 }
 
@@ -155,8 +130,7 @@ void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
     ASN1_ENCODING *enc;
     enc = asn1_get_enc_ptr(pval, it);
     if (enc) {
-        if (enc->enc)
-            OPENSSL_free(enc->enc);
+        OPENSSL_free(enc->enc);
         enc->enc = NULL;
         enc->len = 0;
         enc->modified = 1;
@@ -171,11 +145,11 @@ int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen,
     if (!enc)
         return 1;
 
-    if (enc->enc)
-        OPENSSL_free(enc->enc);
-    enc->enc = OPENSSL_malloc(inlen);
-    if (!enc->enc)
+    OPENSSL_free(enc->enc);
+    if ((enc->enc = OPENSSL_malloc(inlen)) == NULL) {
+        ASN1err(ASN1_F_ASN1_ENC_SAVE, ERR_R_MALLOC_FAILURE);
         return 0;
+    }
     memcpy(enc->enc, in, inlen);
     enc->len = inlen;
     enc->modified = 0;
@@ -203,8 +177,6 @@ int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval,
 ASN1_VALUE **asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
 {
     ASN1_VALUE **pvaltmp;
-    if (tt->flags & ASN1_TFLG_COMBINE)
-        return pval;
     pvaltmp = offset2ptr(*pval, tt->offset);
     /*
      * NOTE for BOOLEAN types the field is just a plain int so we can't
@@ -251,6 +223,12 @@ const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt,
     else
         selector = ASN1_INTEGER_get((ASN1_INTEGER *)*sfld);
 
+    /* Let application callback translate value */
+    if (adb->adb_cb != NULL && adb->adb_cb(&selector) == 0) {
+        ASN1err(ASN1_F_ASN1_DO_ADB, ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE);
+        return NULL;
+    }
+
     /*
      * Try to find matching entry in table Maybe should check application
      * types first to allow application override? Might also be useful to
diff --git a/freebsd/crypto/openssl/crypto/asn1/tbl_standard.h b/freebsd/crypto/openssl/crypto/asn1/tbl_standard.h
new file mode 100644
index 00000000..777a7344
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/asn1/tbl_standard.h
@@ -0,0 +1,61 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* size limits: this stuff is taken straight from RFC3280 */
+
+#define ub_name                         32768
+#define ub_common_name                  64
+#define ub_locality_name                128
+#define ub_state_name                   128
+#define ub_organization_name            64
+#define ub_organization_unit_name       64
+#define ub_title                        64
+#define ub_email_address                128
+#define ub_serial_number                64
+
+/* From RFC4524 */
+
+#define ub_rfc822_mailbox               256
+
+/* This table must be kept in NID order */
+
+static const ASN1_STRING_TABLE tbl_standard[] = {
+    {NID_commonName, 1, ub_common_name, DIRSTRING_TYPE, 0},
+    {NID_countryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
+    {NID_localityName, 1, ub_locality_name, DIRSTRING_TYPE, 0},
+    {NID_stateOrProvinceName, 1, ub_state_name, DIRSTRING_TYPE, 0},
+    {NID_organizationName, 1, ub_organization_name, DIRSTRING_TYPE, 0},
+    {NID_organizationalUnitName, 1, ub_organization_unit_name, DIRSTRING_TYPE,
+     0},
+    {NID_pkcs9_emailAddress, 1, ub_email_address, B_ASN1_IA5STRING,
+     STABLE_NO_MASK},
+    {NID_pkcs9_unstructuredName, 1, -1, PKCS9STRING_TYPE, 0},
+    {NID_pkcs9_challengePassword, 1, -1, PKCS9STRING_TYPE, 0},
+    {NID_pkcs9_unstructuredAddress, 1, -1, DIRSTRING_TYPE, 0},
+    {NID_givenName, 1, ub_name, DIRSTRING_TYPE, 0},
+    {NID_surname, 1, ub_name, DIRSTRING_TYPE, 0},
+    {NID_initials, 1, ub_name, DIRSTRING_TYPE, 0},
+    {NID_serialNumber, 1, ub_serial_number, B_ASN1_PRINTABLESTRING,
+     STABLE_NO_MASK},
+    {NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
+    {NID_name, 1, ub_name, DIRSTRING_TYPE, 0},
+    {NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
+    {NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK},
+    {NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
+    {NID_rfc822Mailbox, 1, ub_rfc822_mailbox, B_ASN1_IA5STRING,
+     STABLE_NO_MASK},
+    {NID_jurisdictionCountryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
+    {NID_INN, 1, 12, B_ASN1_NUMERICSTRING, STABLE_NO_MASK},
+    {NID_OGRN, 1, 13, B_ASN1_NUMERICSTRING, STABLE_NO_MASK},
+    {NID_SNILS, 1, 11, B_ASN1_NUMERICSTRING, STABLE_NO_MASK},
+    {NID_countryCode3c, 3, 3, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
+    {NID_countryCode3n, 3, 3, B_ASN1_NUMERICSTRING, STABLE_NO_MASK},
+    {NID_dnsName, 0, -1, B_ASN1_UTF8STRING, STABLE_NO_MASK}
+};
+
diff --git a/freebsd/crypto/openssl/crypto/asn1/x_algor.c b/freebsd/crypto/openssl/crypto/asn1/x_algor.c
index 22a173b9..abea3de1 100644
--- a/freebsd/crypto/openssl/crypto/asn1/x_algor.c
+++ b/freebsd/crypto/openssl/crypto/asn1/x_algor.c
@@ -1,68 +1,19 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* x_algor.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stddef.h>
 #include <openssl/x509.h>
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
+#include "internal/evp_int.h"
 
 ASN1_SEQUENCE(X509_ALGOR) = {
         ASN1_SIMPLE(X509_ALGOR, algorithm, ASN1_OBJECT),
@@ -77,38 +28,33 @@ IMPLEMENT_ASN1_FUNCTIONS(X509_ALGOR)
 IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(X509_ALGORS, X509_ALGORS, X509_ALGORS)
 IMPLEMENT_ASN1_DUP_FUNCTION(X509_ALGOR)
 
-IMPLEMENT_STACK_OF(X509_ALGOR)
-IMPLEMENT_ASN1_SET_OF(X509_ALGOR)
-
 int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval)
 {
-    if (!alg)
+    if (alg == NULL)
         return 0;
+
     if (ptype != V_ASN1_UNDEF) {
         if (alg->parameter == NULL)
             alg->parameter = ASN1_TYPE_new();
         if (alg->parameter == NULL)
             return 0;
     }
-    if (alg) {
-        if (alg->algorithm)
-            ASN1_OBJECT_free(alg->algorithm);
-        alg->algorithm = aobj;
-    }
+
+    ASN1_OBJECT_free(alg->algorithm);
+    alg->algorithm = aobj;
+
     if (ptype == 0)
         return 1;
     if (ptype == V_ASN1_UNDEF) {
-        if (alg->parameter) {
-            ASN1_TYPE_free(alg->parameter);
-            alg->parameter = NULL;
-        }
+        ASN1_TYPE_free(alg->parameter);
+        alg->parameter = NULL;
     } else
         ASN1_TYPE_set(alg->parameter, ptype, pval);
     return 1;
 }
 
-void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
-                     X509_ALGOR *algor)
+void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype,
+                     const void **ppval, const X509_ALGOR *algor)
 {
     if (paobj)
         *paobj = algor->algorithm;
diff --git a/freebsd/crypto/openssl/crypto/asn1/x_attrib.c b/freebsd/crypto/openssl/crypto/asn1/x_attrib.c
deleted file mode 100644
index b5be52e5..00000000
--- a/freebsd/crypto/openssl/crypto/asn1/x_attrib.c
+++ /dev/null
@@ -1,126 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/asn1/x_attrib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/objects.h>
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-
-/*-
- * X509_ATTRIBUTE: this has the following form:
- *
- * typedef struct x509_attributes_st
- *      {
- *      ASN1_OBJECT *object;
- *      int single;
- *      union   {
- *              char            *ptr;
- *              STACK_OF(ASN1_TYPE) *set;
- *              ASN1_TYPE       *single;
- *              } value;
- *      } X509_ATTRIBUTE;
- *
- * this needs some extra thought because the CHOICE type is
- * merged with the main structure and because the value can
- * be anything at all we *must* try the SET OF first because
- * the ASN1_ANY type will swallow anything including the whole
- * SET OF structure.
- */
-
-ASN1_CHOICE(X509_ATTRIBUTE_SET) = {
-        ASN1_SET_OF(X509_ATTRIBUTE, value.set, ASN1_ANY),
-        ASN1_SIMPLE(X509_ATTRIBUTE, value.single, ASN1_ANY)
-} ASN1_CHOICE_END_selector(X509_ATTRIBUTE, X509_ATTRIBUTE_SET, single)
-
-ASN1_SEQUENCE(X509_ATTRIBUTE) = {
-        ASN1_SIMPLE(X509_ATTRIBUTE, object, ASN1_OBJECT),
-        /* CHOICE type merged with parent */
-        ASN1_EX_COMBINE(0, 0, X509_ATTRIBUTE_SET)
-} ASN1_SEQUENCE_END(X509_ATTRIBUTE)
-
-IMPLEMENT_ASN1_FUNCTIONS(X509_ATTRIBUTE)
-IMPLEMENT_ASN1_DUP_FUNCTION(X509_ATTRIBUTE)
-
-X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
-{
-    X509_ATTRIBUTE *ret = NULL;
-    ASN1_TYPE *val = NULL;
-
-    if ((ret = X509_ATTRIBUTE_new()) == NULL)
-        return (NULL);
-    ret->object = OBJ_nid2obj(nid);
-    ret->single = 0;
-    if ((ret->value.set = sk_ASN1_TYPE_new_null()) == NULL)
-        goto err;
-    if ((val = ASN1_TYPE_new()) == NULL)
-        goto err;
-    if (!sk_ASN1_TYPE_push(ret->value.set, val))
-        goto err;
-
-    ASN1_TYPE_set(val, atrtype, value);
-    return (ret);
- err:
-    if (ret != NULL)
-        X509_ATTRIBUTE_free(ret);
-    if (val != NULL)
-        ASN1_TYPE_free(val);
-    return (NULL);
-}
diff --git a/freebsd/crypto/openssl/crypto/asn1/x_bignum.c b/freebsd/crypto/openssl/crypto/asn1/x_bignum.c
index b337ca8b..f4068dbb 100644
--- a/freebsd/crypto/openssl/crypto/asn1/x_bignum.c
+++ b/freebsd/crypto/openssl/crypto/asn1/x_bignum.c
@@ -1,66 +1,16 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* x_bignum.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/bn.h>
 
@@ -74,12 +24,15 @@
 #define BN_SENSITIVE    1
 
 static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
+static int bn_secure_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
 static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
 
 static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
                   const ASN1_ITEM *it);
 static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
                   int utype, char *free_cont, const ASN1_ITEM *it);
+static int bn_secure_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+                         int utype, char *free_cont, const ASN1_ITEM *it);
 static int bn_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,
                     int indent, const ASN1_PCTX *pctx);
 
@@ -93,18 +46,37 @@ static ASN1_PRIMITIVE_FUNCS bignum_pf = {
     bn_print
 };
 
+static ASN1_PRIMITIVE_FUNCS cbignum_pf = {
+    NULL, 0,
+    bn_secure_new,
+    bn_free,
+    0,
+    bn_secure_c2i,
+    bn_i2c,
+    bn_print
+};
+
 ASN1_ITEM_start(BIGNUM)
         ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, 0, "BIGNUM"
 ASN1_ITEM_end(BIGNUM)
 
 ASN1_ITEM_start(CBIGNUM)
-        ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, BN_SENSITIVE, "BIGNUM"
+        ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &cbignum_pf, BN_SENSITIVE, "CBIGNUM"
 ASN1_ITEM_end(CBIGNUM)
 
 static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
     *pval = (ASN1_VALUE *)BN_new();
-    if (*pval)
+    if (*pval != NULL)
+        return 1;
+    else
+        return 0;
+}
+
+static int bn_secure_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    *pval = (ASN1_VALUE *)BN_secure_new();
+    if (*pval != NULL)
         return 1;
     else
         return 0;
@@ -157,6 +129,14 @@ static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
     return 1;
 }
 
+static int bn_secure_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+                         int utype, char *free_cont, const ASN1_ITEM *it)
+{
+    if (!*pval)
+        bn_secure_new(pval, it);
+    return bn_c2i(pval, cont, len, utype, free_cont, it);
+}
+
 static int bn_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,
                     int indent, const ASN1_PCTX *pctx)
 {
diff --git a/freebsd/crypto/openssl/crypto/asn1/x_exten.c b/freebsd/crypto/openssl/crypto/asn1/x_exten.c
deleted file mode 100644
index 539f42ed..00000000
--- a/freebsd/crypto/openssl/crypto/asn1/x_exten.c
+++ /dev/null
@@ -1,79 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* x_exten.c */
-/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stddef.h>
-#include <openssl/x509.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-
-ASN1_SEQUENCE(X509_EXTENSION) = {
-        ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT),
-        ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN),
-        ASN1_SIMPLE(X509_EXTENSION, value, ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END(X509_EXTENSION)
-
-ASN1_ITEM_TEMPLATE(X509_EXTENSIONS) =
-        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Extension, X509_EXTENSION)
-ASN1_ITEM_TEMPLATE_END(X509_EXTENSIONS)
-
-IMPLEMENT_ASN1_FUNCTIONS(X509_EXTENSION)
-IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS)
-IMPLEMENT_ASN1_DUP_FUNCTION(X509_EXTENSION)
diff --git a/freebsd/crypto/openssl/crypto/asn1/x_info.c b/freebsd/crypto/openssl/crypto/asn1/x_info.c
index c177fa63..0debbf95 100644
--- a/freebsd/crypto/openssl/crypto/asn1/x_info.c
+++ b/freebsd/crypto/openssl/crypto/asn1/x_info.c
@@ -1,119 +1,41 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/asn1/x_info.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/asn1.h>
 #include <openssl/x509.h>
 
 X509_INFO *X509_INFO_new(void)
 {
-    X509_INFO *ret = NULL;
+    X509_INFO *ret;
 
-    ret = (X509_INFO *)OPENSSL_malloc(sizeof(X509_INFO));
+    ret = OPENSSL_zalloc(sizeof(*ret));
     if (ret == NULL) {
         ASN1err(ASN1_F_X509_INFO_NEW, ERR_R_MALLOC_FAILURE);
-        return (NULL);
+        return NULL;
     }
 
-    ret->enc_cipher.cipher = NULL;
-    ret->enc_len = 0;
-    ret->enc_data = NULL;
-
-    ret->references = 1;
-    ret->x509 = NULL;
-    ret->crl = NULL;
-    ret->x_pkey = NULL;
-    return (ret);
+    return ret;
 }
 
 void X509_INFO_free(X509_INFO *x)
 {
-    int i;
-
     if (x == NULL)
         return;
 
-    i = CRYPTO_add(&x->references, -1, CRYPTO_LOCK_X509_INFO);
-#ifdef REF_PRINT
-    REF_PRINT("X509_INFO", x);
-#endif
-    if (i > 0)
-        return;
-#ifdef REF_CHECK
-    if (i < 0) {
-        fprintf(stderr, "X509_INFO_free, bad reference count\n");
-        abort();
-    }
-#endif
-
-    if (x->x509 != NULL)
-        X509_free(x->x509);
-    if (x->crl != NULL)
-        X509_CRL_free(x->crl);
-    if (x->x_pkey != NULL)
-        X509_PKEY_free(x->x_pkey);
-    if (x->enc_data != NULL)
-        OPENSSL_free(x->enc_data);
+    X509_free(x->x509);
+    X509_CRL_free(x->crl);
+    X509_PKEY_free(x->x_pkey);
+    OPENSSL_free(x->enc_data);
     OPENSSL_free(x);
 }
-
-IMPLEMENT_STACK_OF(X509_INFO)
diff --git a/freebsd/crypto/openssl/crypto/asn1/x_int64.c b/freebsd/crypto/openssl/crypto/asn1/x_int64.c
new file mode 100644
index 00000000..65e8c094
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/asn1/x_int64.c
@@ -0,0 +1,293 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "internal/numbers.h"
+#include <openssl/asn1t.h>
+#include <openssl/bn.h>
+#include "asn1_locl.h"
+
+/*
+ * Custom primitive types for handling int32_t, int64_t, uint32_t, uint64_t.
+ * This converts between an ASN1_INTEGER and those types directly.
+ * This is preferred to using the LONG / ZLONG primitives.
+ */
+
+/*
+ * We abuse the ASN1_ITEM fields |size| as a flags field
+ */
+#define INTxx_FLAG_ZERO_DEFAULT (1<<0)
+#define INTxx_FLAG_SIGNED       (1<<1)
+
+static int uint64_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    if ((*pval = (ASN1_VALUE *)OPENSSL_zalloc(sizeof(uint64_t))) == NULL) {
+        ASN1err(ASN1_F_UINT64_NEW, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    return 1;
+}
+
+static void uint64_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    OPENSSL_free(*pval);
+    *pval = NULL;
+}
+
+static void uint64_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    **(uint64_t **)pval = 0;
+}
+
+static int uint64_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
+                    const ASN1_ITEM *it)
+{
+    uint64_t utmp;
+    int neg = 0;
+    /* this exists to bypass broken gcc optimization */
+    char *cp = (char *)*pval;
+
+    /* use memcpy, because we may not be uint64_t aligned */
+    memcpy(&utmp, cp, sizeof(utmp));
+
+    if ((it->size & INTxx_FLAG_ZERO_DEFAULT) == INTxx_FLAG_ZERO_DEFAULT
+        && utmp == 0)
+        return -1;
+    if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED
+        && (int64_t)utmp < 0) {
+        /* i2c_uint64_int() assumes positive values */
+        utmp = 0 - utmp;
+        neg = 1;
+    }
+
+    return i2c_uint64_int(cont, utmp, neg);
+}
+
+static int uint64_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+                    int utype, char *free_cont, const ASN1_ITEM *it)
+{
+    uint64_t utmp = 0;
+    char *cp;
+    int neg = 0;
+
+    if (*pval == NULL && !uint64_new(pval, it))
+        return 0;
+
+    cp = (char *)*pval;
+
+    /*
+     * Strictly speaking, zero length is malformed.  However, long_c2i
+     * (x_long.c) encodes 0 as a zero length INTEGER (wrongly, of course),
+     * so for the sake of backward compatibility, we still decode zero
+     * length INTEGERs as the number zero.
+     */
+    if (len == 0)
+        goto long_compat;
+
+    if (!c2i_uint64_int(&utmp, &neg, &cont, len))
+        return 0;
+    if ((it->size & INTxx_FLAG_SIGNED) == 0 && neg) {
+        ASN1err(ASN1_F_UINT64_C2I, ASN1_R_ILLEGAL_NEGATIVE_VALUE);
+        return 0;
+    }
+    if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED
+            && !neg && utmp > INT64_MAX) {
+        ASN1err(ASN1_F_UINT64_C2I, ASN1_R_TOO_LARGE);
+        return 0;
+    }
+    if (neg)
+        /* c2i_uint64_int() returns positive values */
+        utmp = 0 - utmp;
+
+ long_compat:
+    memcpy(cp, &utmp, sizeof(utmp));
+    return 1;
+}
+
+static int uint64_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                        int indent, const ASN1_PCTX *pctx)
+{
+    if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED)
+        return BIO_printf(out, "%jd\n", **(int64_t **)pval);
+    return BIO_printf(out, "%ju\n", **(uint64_t **)pval);
+}
+
+/* 32-bit variants */
+
+static int uint32_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    if ((*pval = (ASN1_VALUE *)OPENSSL_zalloc(sizeof(uint32_t))) == NULL) {
+        ASN1err(ASN1_F_UINT32_NEW, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    return 1;
+}
+
+static void uint32_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    OPENSSL_free(*pval);
+    *pval = NULL;
+}
+
+static void uint32_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    **(uint32_t **)pval = 0;
+}
+
+static int uint32_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
+                    const ASN1_ITEM *it)
+{
+    uint32_t utmp;
+    int neg = 0;
+    /* this exists to bypass broken gcc optimization */
+    char *cp = (char *)*pval;
+
+    /* use memcpy, because we may not be uint32_t aligned */
+    memcpy(&utmp, cp, sizeof(utmp));
+
+    if ((it->size & INTxx_FLAG_ZERO_DEFAULT) == INTxx_FLAG_ZERO_DEFAULT
+        && utmp == 0)
+        return -1;
+    if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED
+        && (int32_t)utmp < 0) {
+        /* i2c_uint64_int() assumes positive values */
+        utmp = 0 - utmp;
+        neg = 1;
+    }
+
+    return i2c_uint64_int(cont, (uint64_t)utmp, neg);
+}
+
+/*
+ * Absolute value of INT32_MIN: we can't just use -INT32_MIN as it produces
+ * overflow warnings.
+ */
+
+#define ABS_INT32_MIN ((uint32_t)INT32_MAX + 1)
+
+static int uint32_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+                    int utype, char *free_cont, const ASN1_ITEM *it)
+{
+    uint64_t utmp = 0;
+    uint32_t utmp2 = 0;
+    char *cp;
+    int neg = 0;
+
+    if (*pval == NULL && !uint64_new(pval, it))
+        return 0;
+
+    cp = (char *)*pval;
+
+    /*
+     * Strictly speaking, zero length is malformed.  However, long_c2i
+     * (x_long.c) encodes 0 as a zero length INTEGER (wrongly, of course),
+     * so for the sake of backward compatibility, we still decode zero
+     * length INTEGERs as the number zero.
+     */
+    if (len == 0)
+        goto long_compat;
+
+    if (!c2i_uint64_int(&utmp, &neg, &cont, len))
+        return 0;
+    if ((it->size & INTxx_FLAG_SIGNED) == 0 && neg) {
+        ASN1err(ASN1_F_UINT32_C2I, ASN1_R_ILLEGAL_NEGATIVE_VALUE);
+        return 0;
+    }
+    if (neg) {
+        if (utmp > ABS_INT32_MIN) {
+            ASN1err(ASN1_F_UINT32_C2I, ASN1_R_TOO_SMALL);
+            return 0;
+        }
+        utmp = 0 - utmp;
+    } else {
+        if (((it->size & INTxx_FLAG_SIGNED) != 0 && utmp > INT32_MAX)
+            || ((it->size & INTxx_FLAG_SIGNED) == 0 && utmp > UINT32_MAX)) {
+            ASN1err(ASN1_F_UINT32_C2I, ASN1_R_TOO_LARGE);
+            return 0;
+        }
+    }
+
+ long_compat:
+    utmp2 = (uint32_t)utmp;
+    memcpy(cp, &utmp2, sizeof(utmp2));
+    return 1;
+}
+
+static int uint32_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                        int indent, const ASN1_PCTX *pctx)
+{
+    if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED)
+        return BIO_printf(out, "%d\n", **(int32_t **)pval);
+    return BIO_printf(out, "%u\n", **(uint32_t **)pval);
+}
+
+
+/* Define the primitives themselves */
+
+static ASN1_PRIMITIVE_FUNCS uint32_pf = {
+    NULL, 0,
+    uint32_new,
+    uint32_free,
+    uint32_clear,
+    uint32_c2i,
+    uint32_i2c,
+    uint32_print
+};
+
+static ASN1_PRIMITIVE_FUNCS uint64_pf = {
+    NULL, 0,
+    uint64_new,
+    uint64_free,
+    uint64_clear,
+    uint64_c2i,
+    uint64_i2c,
+    uint64_print
+};
+
+ASN1_ITEM_start(INT32)
+    ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint32_pf,
+    INTxx_FLAG_SIGNED, "INT32"
+ASN1_ITEM_end(INT32)
+
+ASN1_ITEM_start(UINT32)
+    ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint32_pf, 0, "UINT32"
+ASN1_ITEM_end(UINT32)
+
+ASN1_ITEM_start(INT64)
+    ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint64_pf,
+    INTxx_FLAG_SIGNED, "INT64"
+ASN1_ITEM_end(INT64)
+
+ASN1_ITEM_start(UINT64)
+    ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint64_pf, 0, "UINT64"
+ASN1_ITEM_end(UINT64)
+
+ASN1_ITEM_start(ZINT32)
+    ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint32_pf,
+    INTxx_FLAG_ZERO_DEFAULT|INTxx_FLAG_SIGNED, "ZINT32"
+ASN1_ITEM_end(ZINT32)
+
+ASN1_ITEM_start(ZUINT32)
+    ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint32_pf,
+    INTxx_FLAG_ZERO_DEFAULT, "ZUINT32"
+ASN1_ITEM_end(ZUINT32)
+
+ASN1_ITEM_start(ZINT64)
+    ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint64_pf,
+    INTxx_FLAG_ZERO_DEFAULT|INTxx_FLAG_SIGNED, "ZINT64"
+ASN1_ITEM_end(ZINT64)
+
+ASN1_ITEM_start(ZUINT64)
+    ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint64_pf,
+    INTxx_FLAG_ZERO_DEFAULT, "ZUINT64"
+ASN1_ITEM_end(ZUINT64)
+
diff --git a/freebsd/crypto/openssl/crypto/asn1/x_long.c b/freebsd/crypto/openssl/crypto/asn1/x_long.c
index bff8e6cd..6cde15a1 100644
--- a/freebsd/crypto/openssl/crypto/asn1/x_long.c
+++ b/freebsd/crypto/openssl/crypto/asn1/x_long.c
@@ -1,68 +1,23 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* x_long.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
-#include <openssl/bn.h>
+
+#if !(OPENSSL_API_COMPAT < 0x10200000L)
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+#define COPY_SIZE(a, b) (sizeof(a) < sizeof(b) ? sizeof(a) : sizeof(b))
 
 /*
  * Custom primitive type for long handling. This converts between an
@@ -99,27 +54,48 @@ ASN1_ITEM_end(ZLONG)
 
 static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-    *(long *)pval = it->size;
+    memcpy(pval, &it->size, COPY_SIZE(*pval, it->size));
     return 1;
 }
 
 static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-    *(long *)pval = it->size;
+    memcpy(pval, &it->size, COPY_SIZE(*pval, it->size));
+}
+
+/*
+ * Originally BN_num_bits_word was called to perform this operation, but
+ * trouble is that there is no guarantee that sizeof(long) equals to
+ * sizeof(BN_ULONG). BN_ULONG is a configurable type that can be as wide
+ * as long, but also double or half...
+ */
+static int num_bits_ulong(unsigned long value)
+{
+    size_t i;
+    unsigned long ret = 0;
+
+    /*
+     * It is argued that *on average* constant counter loop performs
+     * not worse [if not better] than one with conditional break or
+     * mask-n-table-lookup-style, because of branch misprediction
+     * penalties.
+     */
+    for (i = 0; i < sizeof(value) * 8; i++) {
+        ret += (value != 0);
+        value >>= 1;
+    }
+
+    return (int)ret;
 }
 
 static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
                     const ASN1_ITEM *it)
 {
     long ltmp;
-    unsigned long utmp;
+    unsigned long utmp, sign;
     int clen, pad, i;
-    /* this exists to bypass broken gcc optimization */
-    char *cp = (char *)pval;
-
-    /* use memcpy, because we may not be long aligned */
-    memcpy(&ltmp, cp, sizeof(long));
 
+    memcpy(&ltmp, pval, COPY_SIZE(*pval, ltmp));
     if (ltmp == it->size)
         return -1;
     /*
@@ -127,11 +103,14 @@ static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
      * cleanly handle the padding if only the MSB of the leading octet is
      * set.
      */
-    if (ltmp < 0)
+    if (ltmp < 0) {
+        sign = 0xff;
         utmp = 0 - (unsigned long)ltmp - 1;
-    else
+    } else {
+        sign = 0;
         utmp = ltmp;
-    clen = BN_num_bits_word(utmp);
+    }
+    clen = num_bits_ulong(utmp);
     /* If MSB of leading octet set we need to pad */
     if (!(clen & 0x7))
         pad = 1;
@@ -141,13 +120,11 @@ static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
     /* Convert number of bits to number of octets */
     clen = (clen + 7) >> 3;
 
-    if (cont) {
+    if (cont != NULL) {
         if (pad)
-            *cont++ = (ltmp < 0) ? 0xff : 0;
+            *cont++ = (unsigned char)sign;
         for (i = clen - 1; i >= 0; i--) {
-            cont[i] = (unsigned char)(utmp & 0xff);
-            if (ltmp < 0)
-                cont[i] ^= 0xff;
+            cont[i] = (unsigned char)(utmp ^ sign);
             utmp >>= 8;
         }
     }
@@ -157,12 +134,11 @@ static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
 static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
                     int utype, char *free_cont, const ASN1_ITEM *it)
 {
-    int neg = -1, i;
+    int i;
     long ltmp;
-    unsigned long utmp = 0;
-    char *cp = (char *)pval;
+    unsigned long utmp = 0, sign = 0x100;
 
-    if (len) {
+    if (len > 1) {
         /*
          * Check possible pad byte.  Worst case, we're skipping past actual
          * content, but since that's only with 0x00 and 0xff and we set neg
@@ -172,12 +148,12 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
         case 0xff:
             cont++;
             len--;
-            neg = 1;
+            sign = 0xff;
             break;
         case 0:
             cont++;
             len--;
-            neg = 0;
+            sign = 0;
             break;
         }
     }
@@ -185,36 +161,43 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
         ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
         return 0;
     }
-    if (neg == -1) {
+
+    if (sign == 0x100) {
         /* Is it negative? */
         if (len && (cont[0] & 0x80))
-            neg = 1;
+            sign = 0xff;
         else
-            neg = 0;
+            sign = 0;
+    } else if (((sign ^ cont[0]) & 0x80) == 0) { /* same sign bit? */
+        ASN1err(ASN1_F_LONG_C2I, ASN1_R_ILLEGAL_PADDING);
+        return 0;
     }
     utmp = 0;
     for (i = 0; i < len; i++) {
         utmp <<= 8;
-        if (neg)
-            utmp |= cont[i] ^ 0xff;
-        else
-            utmp |= cont[i];
+        utmp |= cont[i] ^ sign;
     }
     ltmp = (long)utmp;
-    if (neg) {
-        ltmp = -ltmp;
-        ltmp--;
+    if (ltmp < 0) {
+        ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
+        return 0;
     }
+    if (sign)
+        ltmp = -ltmp - 1;
     if (ltmp == it->size) {
         ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
         return 0;
     }
-    memcpy(cp, &ltmp, sizeof(long));
+    memcpy(pval, &ltmp, COPY_SIZE(*pval, ltmp));
     return 1;
 }
 
 static int long_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,
                       int indent, const ASN1_PCTX *pctx)
 {
-    return BIO_printf(out, "%ld\n", *(long *)pval);
+    long l;
+
+    memcpy(&l, pval, COPY_SIZE(*pval, l));
+    return BIO_printf(out, "%ld\n", l);
 }
+#endif
diff --git a/freebsd/crypto/openssl/crypto/asn1/x_nx509.c b/freebsd/crypto/openssl/crypto/asn1/x_nx509.c
deleted file mode 100644
index a695a9be..00000000
--- a/freebsd/crypto/openssl/crypto/asn1/x_nx509.c
+++ /dev/null
@@ -1,74 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* x_nx509.c */
-/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2005.
- */
-/* ====================================================================
- * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stddef.h>
-#include <openssl/x509.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-
-/* Old netscape certificate wrapper format */
-
-ASN1_SEQUENCE(NETSCAPE_X509) = {
-        ASN1_SIMPLE(NETSCAPE_X509, header, ASN1_OCTET_STRING),
-        ASN1_OPT(NETSCAPE_X509, cert, X509)
-} ASN1_SEQUENCE_END(NETSCAPE_X509)
-
-IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_X509)
diff --git a/freebsd/crypto/openssl/crypto/asn1/x_pkey.c b/freebsd/crypto/openssl/crypto/asn1/x_pkey.c
index a3765035..9bdd5f14 100644
--- a/freebsd/crypto/openssl/crypto/asn1/x_pkey.c
+++ b/freebsd/crypto/openssl/crypto/asn1/x_pkey.c
@@ -1,166 +1,49 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/asn1/x_pkey.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/objects.h>
-#include <openssl/asn1_mac.h>
 #include <openssl/x509.h>
 
-/* need to implement */
-int i2d_X509_PKEY(X509_PKEY *a, unsigned char **pp)
-{
-    return (0);
-}
-
-X509_PKEY *d2i_X509_PKEY(X509_PKEY **a, const unsigned char **pp, long length)
-{
-    int i;
-    M_ASN1_D2I_vars(a, X509_PKEY *, X509_PKEY_new);
-
-    M_ASN1_D2I_Init();
-    M_ASN1_D2I_start_sequence();
-    M_ASN1_D2I_get_x(X509_ALGOR, ret->enc_algor, d2i_X509_ALGOR);
-    M_ASN1_D2I_get_x(ASN1_OCTET_STRING, ret->enc_pkey, d2i_ASN1_OCTET_STRING);
-
-    ret->cipher.cipher =
-        EVP_get_cipherbyname(OBJ_nid2ln
-                             (OBJ_obj2nid(ret->enc_algor->algorithm)));
-    if (ret->cipher.cipher == NULL) {
-        c.error = ASN1_R_UNSUPPORTED_CIPHER;
-        c.line = __LINE__;
-        goto err;
-    }
-    if (ret->enc_algor->parameter->type == V_ASN1_OCTET_STRING) {
-        i = ret->enc_algor->parameter->value.octet_string->length;
-        if (i > EVP_MAX_IV_LENGTH) {
-            c.error = ASN1_R_IV_TOO_LARGE;
-            c.line = __LINE__;
-            goto err;
-        }
-        memcpy(ret->cipher.iv,
-               ret->enc_algor->parameter->value.octet_string->data, i);
-    } else
-        memset(ret->cipher.iv, 0, EVP_MAX_IV_LENGTH);
-    M_ASN1_D2I_Finish(a, X509_PKEY_free, ASN1_F_D2I_X509_PKEY);
-}
-
 X509_PKEY *X509_PKEY_new(void)
 {
     X509_PKEY *ret = NULL;
-    ASN1_CTX c;
 
-    ret = OPENSSL_malloc(sizeof(X509_PKEY));
-    if (ret == NULL) {
-        c.line = __LINE__;
+    ret = OPENSSL_zalloc(sizeof(*ret));
+    if (ret == NULL)
         goto err;
-    }
-    ret->version = 0;
+
     ret->enc_algor = X509_ALGOR_new();
-    ret->enc_pkey = M_ASN1_OCTET_STRING_new();
-    ret->dec_pkey = NULL;
-    ret->key_length = 0;
-    ret->key_data = NULL;
-    ret->key_free = 0;
-    ret->cipher.cipher = NULL;
-    memset(ret->cipher.iv, 0, EVP_MAX_IV_LENGTH);
-    ret->references = 1;
-    if (ret->enc_algor == NULL || ret->enc_pkey == NULL) {
-        c.line = __LINE__;
+    ret->enc_pkey = ASN1_OCTET_STRING_new();
+    if (ret->enc_algor == NULL || ret->enc_pkey == NULL)
         goto err;
-    }
+
     return ret;
 err:
     X509_PKEY_free(ret);
-    ASN1_MAC_H_err(ASN1_F_X509_PKEY_NEW, ERR_R_MALLOC_FAILURE, c.line);
+    ASN1err(ASN1_F_X509_PKEY_NEW, ERR_R_MALLOC_FAILURE);
     return NULL;
 }
 
 void X509_PKEY_free(X509_PKEY *x)
 {
-    int i;
-
     if (x == NULL)
         return;
 
-    i = CRYPTO_add(&x->references, -1, CRYPTO_LOCK_X509_PKEY);
-#ifdef REF_PRINT
-    REF_PRINT("X509_PKEY", x);
-#endif
-    if (i > 0)
-        return;
-#ifdef REF_CHECK
-    if (i < 0) {
-        fprintf(stderr, "X509_PKEY_free, bad reference count\n");
-        abort();
-    }
-#endif
-
-    if (x->enc_algor != NULL)
-        X509_ALGOR_free(x->enc_algor);
-    if (x->enc_pkey != NULL)
-        M_ASN1_OCTET_STRING_free(x->enc_pkey);
-    if (x->dec_pkey != NULL)
-        EVP_PKEY_free(x->dec_pkey);
-    if ((x->key_data != NULL) && (x->key_free))
+    X509_ALGOR_free(x->enc_algor);
+    ASN1_OCTET_STRING_free(x->enc_pkey);
+    EVP_PKEY_free(x->dec_pkey);
+    if (x->key_free)
         OPENSSL_free(x->key_data);
     OPENSSL_free(x);
 }
diff --git a/freebsd/crypto/openssl/crypto/asn1/x_req.c b/freebsd/crypto/openssl/crypto/asn1/x_req.c
deleted file mode 100644
index 3b322eba..00000000
--- a/freebsd/crypto/openssl/crypto/asn1/x_req.c
+++ /dev/null
@@ -1,118 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/asn1/x_req.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-
-/*-
- * X509_REQ_INFO is handled in an unusual way to get round
- * invalid encodings. Some broken certificate requests don't
- * encode the attributes field if it is empty. This is in
- * violation of PKCS#10 but we need to tolerate it. We do
- * this by making the attributes field OPTIONAL then using
- * the callback to initialise it to an empty STACK.
- *
- * This means that the field will be correctly encoded unless
- * we NULL out the field.
- *
- * As a result we no longer need the req_kludge field because
- * the information is now contained in the attributes field:
- * 1. If it is NULL then it's the invalid omission.
- * 2. If it is empty it is the correct encoding.
- * 3. If it is not empty then some attributes are present.
- *
- */
-
-static int rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
-                   void *exarg)
-{
-    X509_REQ_INFO *rinf = (X509_REQ_INFO *)*pval;
-
-    if (operation == ASN1_OP_NEW_POST) {
-        rinf->attributes = sk_X509_ATTRIBUTE_new_null();
-        if (!rinf->attributes)
-            return 0;
-    }
-    return 1;
-}
-
-ASN1_SEQUENCE_enc(X509_REQ_INFO, enc, rinf_cb) = {
-        ASN1_SIMPLE(X509_REQ_INFO, version, ASN1_INTEGER),
-        ASN1_SIMPLE(X509_REQ_INFO, subject, X509_NAME),
-        ASN1_SIMPLE(X509_REQ_INFO, pubkey, X509_PUBKEY),
-        /* This isn't really OPTIONAL but it gets round invalid
-         * encodings
-         */
-        ASN1_IMP_SET_OF_OPT(X509_REQ_INFO, attributes, X509_ATTRIBUTE, 0)
-} ASN1_SEQUENCE_END_enc(X509_REQ_INFO, X509_REQ_INFO)
-
-IMPLEMENT_ASN1_FUNCTIONS(X509_REQ_INFO)
-
-ASN1_SEQUENCE_ref(X509_REQ, 0, CRYPTO_LOCK_X509_REQ) = {
-        ASN1_SIMPLE(X509_REQ, req_info, X509_REQ_INFO),
-        ASN1_SIMPLE(X509_REQ, sig_alg, X509_ALGOR),
-        ASN1_SIMPLE(X509_REQ, signature, ASN1_BIT_STRING)
-} ASN1_SEQUENCE_END_ref(X509_REQ, X509_REQ)
-
-IMPLEMENT_ASN1_FUNCTIONS(X509_REQ)
-
-IMPLEMENT_ASN1_DUP_FUNCTION(X509_REQ)
diff --git a/freebsd/crypto/openssl/crypto/asn1/x_sig.c b/freebsd/crypto/openssl/crypto/asn1/x_sig.c
index 89ccab99..53d2e092 100644
--- a/freebsd/crypto/openssl/crypto/asn1/x_sig.c
+++ b/freebsd/crypto/openssl/crypto/asn1/x_sig.c
@@ -1,67 +1,19 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/asn1/x_sig.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
+#include "internal/x509_int.h"
 
 ASN1_SEQUENCE(X509_SIG) = {
         ASN1_SIMPLE(X509_SIG, algor, X509_ALGOR),
@@ -69,3 +21,21 @@ ASN1_SEQUENCE(X509_SIG) = {
 } ASN1_SEQUENCE_END(X509_SIG)
 
 IMPLEMENT_ASN1_FUNCTIONS(X509_SIG)
+
+void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg,
+                   const ASN1_OCTET_STRING **pdigest)
+{
+    if (palg)
+        *palg = sig->algor;
+    if (pdigest)
+        *pdigest = sig->digest;
+}
+
+void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg,
+                   ASN1_OCTET_STRING **pdigest)
+{
+    if (palg)
+        *palg = sig->algor;
+    if (pdigest)
+        *pdigest = sig->digest;
+}
diff --git a/freebsd/crypto/openssl/crypto/asn1/x_spki.c b/freebsd/crypto/openssl/crypto/asn1/x_spki.c
index b4b0814b..9273057f 100644
--- a/freebsd/crypto/openssl/crypto/asn1/x_spki.c
+++ b/freebsd/crypto/openssl/crypto/asn1/x_spki.c
@@ -1,70 +1,16 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/asn1/x_spki.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
- /*
-  * This module was send to me my Pat Richards <patr@x509.com> who wrote it.
-  * It is under my Copyright with his permission
-  */
-
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/x509.h>
 #include <openssl/asn1t.h>
 
@@ -77,7 +23,7 @@ IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_SPKAC)
 
 ASN1_SEQUENCE(NETSCAPE_SPKI) = {
         ASN1_SIMPLE(NETSCAPE_SPKI, spkac, NETSCAPE_SPKAC),
-        ASN1_SIMPLE(NETSCAPE_SPKI, sig_algor, X509_ALGOR),
+        ASN1_EMBED(NETSCAPE_SPKI, sig_algor, X509_ALGOR),
         ASN1_SIMPLE(NETSCAPE_SPKI, signature, ASN1_BIT_STRING)
 } ASN1_SEQUENCE_END(NETSCAPE_SPKI)
 
diff --git a/freebsd/crypto/openssl/crypto/asn1/x_val.c b/freebsd/crypto/openssl/crypto/asn1/x_val.c
index 0b634b1e..dbec891f 100644
--- a/freebsd/crypto/openssl/crypto/asn1/x_val.c
+++ b/freebsd/crypto/openssl/crypto/asn1/x_val.c
@@ -1,65 +1,16 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/asn1/x_val.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
 
diff --git a/freebsd/crypto/openssl/crypto/asn1/x_x509a.c b/freebsd/crypto/openssl/crypto/asn1/x_x509a.c
deleted file mode 100644
index 25784f56..00000000
--- a/freebsd/crypto/openssl/crypto/asn1/x_x509a.c
+++ /dev/null
@@ -1,198 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* a_x509a.c */
-/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-
-/*
- * X509_CERT_AUX routines. These are used to encode additional user
- * modifiable data about a certificate. This data is appended to the X509
- * encoding when the *_X509_AUX routines are used. This means that the
- * "traditional" X509 routines will simply ignore the extra data.
- */
-
-static X509_CERT_AUX *aux_get(X509 *x);
-
-ASN1_SEQUENCE(X509_CERT_AUX) = {
-        ASN1_SEQUENCE_OF_OPT(X509_CERT_AUX, trust, ASN1_OBJECT),
-        ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, reject, ASN1_OBJECT, 0),
-        ASN1_OPT(X509_CERT_AUX, alias, ASN1_UTF8STRING),
-        ASN1_OPT(X509_CERT_AUX, keyid, ASN1_OCTET_STRING),
-        ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, other, X509_ALGOR, 1)
-} ASN1_SEQUENCE_END(X509_CERT_AUX)
-
-IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_AUX)
-
-static X509_CERT_AUX *aux_get(X509 *x)
-{
-    if (!x)
-        return NULL;
-    if (!x->aux && !(x->aux = X509_CERT_AUX_new()))
-        return NULL;
-    return x->aux;
-}
-
-int X509_alias_set1(X509 *x, unsigned char *name, int len)
-{
-    X509_CERT_AUX *aux;
-    if (!name) {
-        if (!x || !x->aux || !x->aux->alias)
-            return 1;
-        ASN1_UTF8STRING_free(x->aux->alias);
-        x->aux->alias = NULL;
-        return 1;
-    }
-    if (!(aux = aux_get(x)))
-        return 0;
-    if (!aux->alias && !(aux->alias = ASN1_UTF8STRING_new()))
-        return 0;
-    return ASN1_STRING_set(aux->alias, name, len);
-}
-
-int X509_keyid_set1(X509 *x, unsigned char *id, int len)
-{
-    X509_CERT_AUX *aux;
-    if (!id) {
-        if (!x || !x->aux || !x->aux->keyid)
-            return 1;
-        ASN1_OCTET_STRING_free(x->aux->keyid);
-        x->aux->keyid = NULL;
-        return 1;
-    }
-    if (!(aux = aux_get(x)))
-        return 0;
-    if (!aux->keyid && !(aux->keyid = ASN1_OCTET_STRING_new()))
-        return 0;
-    return ASN1_STRING_set(aux->keyid, id, len);
-}
-
-unsigned char *X509_alias_get0(X509 *x, int *len)
-{
-    if (!x->aux || !x->aux->alias)
-        return NULL;
-    if (len)
-        *len = x->aux->alias->length;
-    return x->aux->alias->data;
-}
-
-unsigned char *X509_keyid_get0(X509 *x, int *len)
-{
-    if (!x->aux || !x->aux->keyid)
-        return NULL;
-    if (len)
-        *len = x->aux->keyid->length;
-    return x->aux->keyid->data;
-}
-
-int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj)
-{
-    X509_CERT_AUX *aux;
-    ASN1_OBJECT *objtmp;
-    if (!(objtmp = OBJ_dup(obj)))
-        return 0;
-    if (!(aux = aux_get(x)))
-        return 0;
-    if (!aux->trust && !(aux->trust = sk_ASN1_OBJECT_new_null()))
-        return 0;
-    return sk_ASN1_OBJECT_push(aux->trust, objtmp);
-}
-
-int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj)
-{
-    X509_CERT_AUX *aux;
-    ASN1_OBJECT *objtmp;
-    if (!(objtmp = OBJ_dup(obj)))
-        return 0;
-    if (!(aux = aux_get(x)))
-        goto err;
-    if (!aux->reject && !(aux->reject = sk_ASN1_OBJECT_new_null()))
-        goto err;
-    return sk_ASN1_OBJECT_push(aux->reject, objtmp);
- err:
-    ASN1_OBJECT_free(objtmp);
-    return 0;
-}
-
-void X509_trust_clear(X509 *x)
-{
-    if (x->aux && x->aux->trust) {
-        sk_ASN1_OBJECT_pop_free(x->aux->trust, ASN1_OBJECT_free);
-        x->aux->trust = NULL;
-    }
-}
-
-void X509_reject_clear(X509 *x)
-{
-    if (x->aux && x->aux->reject) {
-        sk_ASN1_OBJECT_pop_free(x->aux->reject, ASN1_OBJECT_free);
-        x->aux->reject = NULL;
-    }
-}
-
-ASN1_SEQUENCE(X509_CERT_PAIR) = {
-        ASN1_EXP_OPT(X509_CERT_PAIR, forward, X509, 0),
-        ASN1_EXP_OPT(X509_CERT_PAIR, reverse, X509, 1)
-} ASN1_SEQUENCE_END(X509_CERT_PAIR)
-
-IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_PAIR)
diff --git a/freebsd/crypto/openssl/crypto/async/arch/async_null.c b/freebsd/crypto/openssl/crypto/async/arch/async_null.c
new file mode 100644
index 00000000..295a8832
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/async/arch/async_null.c
@@ -0,0 +1,25 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* This must be the first #include file */
+#include "../async_locl.h"
+
+#ifdef ASYNC_NULL
+int ASYNC_is_capable(void)
+{
+    return 0;
+}
+
+void async_local_cleanup(void)
+{
+}
+#endif
+
diff --git a/freebsd/crypto/openssl/crypto/async/arch/async_null.h b/freebsd/crypto/openssl/crypto/async/arch/async_null.h
new file mode 100644
index 00000000..aef40b5d
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/async/arch/async_null.h
@@ -0,0 +1,30 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/async.h>
+
+/*
+ * If we haven't managed to detect any other async architecture then we default
+ * to NULL.
+ */
+#ifndef ASYNC_ARCH
+# define ASYNC_NULL
+# define ASYNC_ARCH
+
+typedef struct async_fibre_st {
+    int dummy;
+} async_fibre;
+
+
+# define async_fibre_swapcontext(o,n,r)         0
+# define async_fibre_makecontext(c)             0
+# define async_fibre_free(f)
+# define async_fibre_init_dispatcher(f)
+
+#endif
diff --git a/freebsd/crypto/openssl/crypto/async/arch/async_posix.c b/freebsd/crypto/openssl/crypto/async/arch/async_posix.c
new file mode 100644
index 00000000..35229351
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/async/arch/async_posix.c
@@ -0,0 +1,60 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* This must be the first #include file */
+#include "../async_locl.h"
+
+#ifdef ASYNC_POSIX
+
+# include <stddef.h>
+# include <unistd.h>
+
+#define STACKSIZE       32768
+
+int ASYNC_is_capable(void)
+{
+    ucontext_t ctx;
+
+    /*
+     * Some platforms provide getcontext() but it does not work (notably
+     * MacOSX PPC64). Check for a working getcontext();
+     */
+    return getcontext(&ctx) == 0;
+}
+
+void async_local_cleanup(void)
+{
+}
+
+int async_fibre_makecontext(async_fibre *fibre)
+{
+    fibre->env_init = 0;
+    if (getcontext(&fibre->fibre) == 0) {
+        fibre->fibre.uc_stack.ss_sp = OPENSSL_malloc(STACKSIZE);
+        if (fibre->fibre.uc_stack.ss_sp != NULL) {
+            fibre->fibre.uc_stack.ss_size = STACKSIZE;
+            fibre->fibre.uc_link = NULL;
+            makecontext(&fibre->fibre, async_start_func, 0);
+            return 1;
+        }
+    } else {
+        fibre->fibre.uc_stack.ss_sp = NULL;
+    }
+    return 0;
+}
+
+void async_fibre_free(async_fibre *fibre)
+{
+    OPENSSL_free(fibre->fibre.uc_stack.ss_sp);
+    fibre->fibre.uc_stack.ss_sp = NULL;
+}
+
+#endif
diff --git a/freebsd/crypto/openssl/crypto/async/arch/async_posix.h b/freebsd/crypto/openssl/crypto/async/arch/async_posix.h
new file mode 100644
index 00000000..b07c2cb0
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/async/arch/async_posix.h
@@ -0,0 +1,57 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_ASYNC_ARCH_ASYNC_POSIX_H
+#define OPENSSL_ASYNC_ARCH_ASYNC_POSIX_H
+#include <openssl/e_os2.h>
+
+#if defined(OPENSSL_SYS_UNIX) \
+    && defined(OPENSSL_THREADS) && !defined(OPENSSL_NO_ASYNC) \
+    && !defined(__ANDROID__) && !defined(__OpenBSD__)
+
+# include <unistd.h>
+
+# if _POSIX_VERSION >= 200112L
+
+# include <pthread.h>
+
+#  define ASYNC_POSIX
+#  define ASYNC_ARCH
+
+#  include <ucontext.h>
+#  include <setjmp.h>
+
+typedef struct async_fibre_st {
+    ucontext_t fibre;
+    jmp_buf env;
+    int env_init;
+} async_fibre;
+
+static ossl_inline int async_fibre_swapcontext(async_fibre *o, async_fibre *n, int r)
+{
+    o->env_init = 1;
+
+    if (!r || !_setjmp(o->env)) {
+        if (n->env_init)
+            _longjmp(n->env, 1);
+        else
+            setcontext(&n->fibre);
+    }
+
+    return 1;
+}
+
+#  define async_fibre_init_dispatcher(d)
+
+int async_fibre_makecontext(async_fibre *fibre);
+void async_fibre_free(async_fibre *fibre);
+
+# endif
+#endif
+#endif /* OPENSSL_ASYNC_ARCH_ASYNC_POSIX_H */
diff --git a/freebsd/crypto/openssl/crypto/async/arch/async_win.h b/freebsd/crypto/openssl/crypto/async/arch/async_win.h
new file mode 100644
index 00000000..61cfdd72
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/async/arch/async_win.h
@@ -0,0 +1,36 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This is the same detection used in cryptlib to set up the thread local
+ * storage that we depend on, so just copy that
+ */
+#if defined(_WIN32) && !defined(OPENSSL_NO_ASYNC)
+#include <openssl/async.h>
+# define ASYNC_WIN
+# define ASYNC_ARCH
+
+# include <windows.h>
+# include "internal/cryptlib.h"
+
+typedef struct async_fibre_st {
+    LPVOID fibre;
+    int converted;
+} async_fibre;
+
+# define async_fibre_swapcontext(o,n,r) \
+        (SwitchToFiber((n)->fibre), 1)
+# define async_fibre_makecontext(c) \
+        ((c)->fibre = CreateFiber(0, async_start_func_win, 0))
+# define async_fibre_free(f)             (DeleteFiber((f)->fibre))
+
+int async_fibre_init_dispatcher(async_fibre *fibre);
+VOID CALLBACK async_start_func_win(PVOID unused);
+
+#endif
diff --git a/freebsd/crypto/openssl/crypto/async/async.c b/freebsd/crypto/openssl/crypto/async/async.c
new file mode 100644
index 00000000..79ebe2d9
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/async/async.c
@@ -0,0 +1,453 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Without this we start getting longjmp crashes because it thinks we're jumping
+ * up the stack when in fact we are jumping to an entirely different stack. The
+ * cost of this is not having certain buffer overrun/underrun checks etc for
+ * this source file :-(
+ */
+#undef _FORTIFY_SOURCE
+
+/* This must be the first #include file */
+#include "async_locl.h"
+
+#include <openssl/err.h>
+#include "internal/cryptlib_int.h"
+#include <string.h>
+
+#define ASYNC_JOB_RUNNING   0
+#define ASYNC_JOB_PAUSING   1
+#define ASYNC_JOB_PAUSED    2
+#define ASYNC_JOB_STOPPING  3
+
+static CRYPTO_THREAD_LOCAL ctxkey;
+static CRYPTO_THREAD_LOCAL poolkey;
+
+static async_ctx *async_ctx_new(void)
+{
+    async_ctx *nctx;
+
+    if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_ASYNC))
+        return NULL;
+
+    nctx = OPENSSL_malloc(sizeof(*nctx));
+    if (nctx == NULL) {
+        ASYNCerr(ASYNC_F_ASYNC_CTX_NEW, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    async_fibre_init_dispatcher(&nctx->dispatcher);
+    nctx->currjob = NULL;
+    nctx->blocked = 0;
+    if (!CRYPTO_THREAD_set_local(&ctxkey, nctx))
+        goto err;
+
+    return nctx;
+err:
+    OPENSSL_free(nctx);
+
+    return NULL;
+}
+
+async_ctx *async_get_ctx(void)
+{
+    return (async_ctx *)CRYPTO_THREAD_get_local(&ctxkey);
+}
+
+static int async_ctx_free(void)
+{
+    async_ctx *ctx;
+
+    ctx = async_get_ctx();
+
+    if (!CRYPTO_THREAD_set_local(&ctxkey, NULL))
+        return 0;
+
+    OPENSSL_free(ctx);
+
+    return 1;
+}
+
+static ASYNC_JOB *async_job_new(void)
+{
+    ASYNC_JOB *job = NULL;
+
+    job = OPENSSL_zalloc(sizeof(*job));
+    if (job == NULL) {
+        ASYNCerr(ASYNC_F_ASYNC_JOB_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    job->status = ASYNC_JOB_RUNNING;
+
+    return job;
+}
+
+static void async_job_free(ASYNC_JOB *job)
+{
+    if (job != NULL) {
+        OPENSSL_free(job->funcargs);
+        async_fibre_free(&job->fibrectx);
+        OPENSSL_free(job);
+    }
+}
+
+static ASYNC_JOB *async_get_pool_job(void) {
+    ASYNC_JOB *job;
+    async_pool *pool;
+
+    pool = (async_pool *)CRYPTO_THREAD_get_local(&poolkey);
+    if (pool == NULL) {
+        /*
+         * Pool has not been initialised, so init with the defaults, i.e.
+         * no max size and no pre-created jobs
+         */
+        if (ASYNC_init_thread(0, 0) == 0)
+            return NULL;
+        pool = (async_pool *)CRYPTO_THREAD_get_local(&poolkey);
+    }
+
+    job = sk_ASYNC_JOB_pop(pool->jobs);
+    if (job == NULL) {
+        /* Pool is empty */
+        if ((pool->max_size != 0) && (pool->curr_size >= pool->max_size))
+            return NULL;
+
+        job = async_job_new();
+        if (job != NULL) {
+            if (! async_fibre_makecontext(&job->fibrectx)) {
+                async_job_free(job);
+                return NULL;
+            }
+            pool->curr_size++;
+        }
+    }
+    return job;
+}
+
+static void async_release_job(ASYNC_JOB *job) {
+    async_pool *pool;
+
+    pool = (async_pool *)CRYPTO_THREAD_get_local(&poolkey);
+    OPENSSL_free(job->funcargs);
+    job->funcargs = NULL;
+    sk_ASYNC_JOB_push(pool->jobs, job);
+}
+
+void async_start_func(void)
+{
+    ASYNC_JOB *job;
+    async_ctx *ctx = async_get_ctx();
+
+    while (1) {
+        /* Run the job */
+        job = ctx->currjob;
+        job->ret = job->func(job->funcargs);
+
+        /* Stop the job */
+        job->status = ASYNC_JOB_STOPPING;
+        if (!async_fibre_swapcontext(&job->fibrectx,
+                                     &ctx->dispatcher, 1)) {
+            /*
+             * Should not happen. Getting here will close the thread...can't do
+             * much about it
+             */
+            ASYNCerr(ASYNC_F_ASYNC_START_FUNC, ASYNC_R_FAILED_TO_SWAP_CONTEXT);
+        }
+    }
+}
+
+int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *wctx, int *ret,
+                    int (*func)(void *), void *args, size_t size)
+{
+    async_ctx *ctx;
+
+    if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL))
+        return ASYNC_ERR;
+
+    ctx = async_get_ctx();
+    if (ctx == NULL)
+        ctx = async_ctx_new();
+    if (ctx == NULL)
+        return ASYNC_ERR;
+
+    if (*job)
+        ctx->currjob = *job;
+
+    for (;;) {
+        if (ctx->currjob != NULL) {
+            if (ctx->currjob->status == ASYNC_JOB_STOPPING) {
+                *ret = ctx->currjob->ret;
+                ctx->currjob->waitctx = NULL;
+                async_release_job(ctx->currjob);
+                ctx->currjob = NULL;
+                *job = NULL;
+                return ASYNC_FINISH;
+            }
+
+            if (ctx->currjob->status == ASYNC_JOB_PAUSING) {
+                *job = ctx->currjob;
+                ctx->currjob->status = ASYNC_JOB_PAUSED;
+                ctx->currjob = NULL;
+                return ASYNC_PAUSE;
+            }
+
+            if (ctx->currjob->status == ASYNC_JOB_PAUSED) {
+                ctx->currjob = *job;
+                /* Resume previous job */
+                if (!async_fibre_swapcontext(&ctx->dispatcher,
+                        &ctx->currjob->fibrectx, 1)) {
+                    ASYNCerr(ASYNC_F_ASYNC_START_JOB,
+                             ASYNC_R_FAILED_TO_SWAP_CONTEXT);
+                    goto err;
+                }
+                continue;
+            }
+
+            /* Should not happen */
+            ASYNCerr(ASYNC_F_ASYNC_START_JOB, ERR_R_INTERNAL_ERROR);
+            async_release_job(ctx->currjob);
+            ctx->currjob = NULL;
+            *job = NULL;
+            return ASYNC_ERR;
+        }
+
+        /* Start a new job */
+        if ((ctx->currjob = async_get_pool_job()) == NULL)
+            return ASYNC_NO_JOBS;
+
+        if (args != NULL) {
+            ctx->currjob->funcargs = OPENSSL_malloc(size);
+            if (ctx->currjob->funcargs == NULL) {
+                ASYNCerr(ASYNC_F_ASYNC_START_JOB, ERR_R_MALLOC_FAILURE);
+                async_release_job(ctx->currjob);
+                ctx->currjob = NULL;
+                return ASYNC_ERR;
+            }
+            memcpy(ctx->currjob->funcargs, args, size);
+        } else {
+            ctx->currjob->funcargs = NULL;
+        }
+
+        ctx->currjob->func = func;
+        ctx->currjob->waitctx = wctx;
+        if (!async_fibre_swapcontext(&ctx->dispatcher,
+                &ctx->currjob->fibrectx, 1)) {
+            ASYNCerr(ASYNC_F_ASYNC_START_JOB, ASYNC_R_FAILED_TO_SWAP_CONTEXT);
+            goto err;
+        }
+    }
+
+err:
+    async_release_job(ctx->currjob);
+    ctx->currjob = NULL;
+    *job = NULL;
+    return ASYNC_ERR;
+}
+
+int ASYNC_pause_job(void)
+{
+    ASYNC_JOB *job;
+    async_ctx *ctx = async_get_ctx();
+
+    if (ctx == NULL
+            || ctx->currjob == NULL
+            || ctx->blocked) {
+        /*
+         * Could be we've deliberately not been started within a job so this is
+         * counted as success.
+         */
+        return 1;
+    }
+
+    job = ctx->currjob;
+    job->status = ASYNC_JOB_PAUSING;
+
+    if (!async_fibre_swapcontext(&job->fibrectx,
+                                 &ctx->dispatcher, 1)) {
+        ASYNCerr(ASYNC_F_ASYNC_PAUSE_JOB, ASYNC_R_FAILED_TO_SWAP_CONTEXT);
+        return 0;
+    }
+    /* Reset counts of added and deleted fds */
+    async_wait_ctx_reset_counts(job->waitctx);
+
+    return 1;
+}
+
+static void async_empty_pool(async_pool *pool)
+{
+    ASYNC_JOB *job;
+
+    if (!pool || !pool->jobs)
+        return;
+
+    do {
+        job = sk_ASYNC_JOB_pop(pool->jobs);
+        async_job_free(job);
+    } while (job);
+}
+
+int async_init(void)
+{
+    if (!CRYPTO_THREAD_init_local(&ctxkey, NULL))
+        return 0;
+
+    if (!CRYPTO_THREAD_init_local(&poolkey, NULL)) {
+        CRYPTO_THREAD_cleanup_local(&ctxkey);
+        return 0;
+    }
+
+    return 1;
+}
+
+void async_deinit(void)
+{
+    CRYPTO_THREAD_cleanup_local(&ctxkey);
+    CRYPTO_THREAD_cleanup_local(&poolkey);
+}
+
+int ASYNC_init_thread(size_t max_size, size_t init_size)
+{
+    async_pool *pool;
+    size_t curr_size = 0;
+
+    if (init_size > max_size) {
+        ASYNCerr(ASYNC_F_ASYNC_INIT_THREAD, ASYNC_R_INVALID_POOL_SIZE);
+        return 0;
+    }
+
+    if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL))
+        return 0;
+
+    if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_ASYNC))
+        return 0;
+
+    pool = OPENSSL_zalloc(sizeof(*pool));
+    if (pool == NULL) {
+        ASYNCerr(ASYNC_F_ASYNC_INIT_THREAD, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    pool->jobs = sk_ASYNC_JOB_new_reserve(NULL, init_size);
+    if (pool->jobs == NULL) {
+        ASYNCerr(ASYNC_F_ASYNC_INIT_THREAD, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(pool);
+        return 0;
+    }
+
+    pool->max_size = max_size;
+
+    /* Pre-create jobs as required */
+    while (init_size--) {
+        ASYNC_JOB *job;
+        job = async_job_new();
+        if (job == NULL || !async_fibre_makecontext(&job->fibrectx)) {
+            /*
+             * Not actually fatal because we already created the pool, just
+             * skip creation of any more jobs
+             */
+            async_job_free(job);
+            break;
+        }
+        job->funcargs = NULL;
+        sk_ASYNC_JOB_push(pool->jobs, job); /* Cannot fail due to reserve */
+        curr_size++;
+    }
+    pool->curr_size = curr_size;
+    if (!CRYPTO_THREAD_set_local(&poolkey, pool)) {
+        ASYNCerr(ASYNC_F_ASYNC_INIT_THREAD, ASYNC_R_FAILED_TO_SET_POOL);
+        goto err;
+    }
+
+    return 1;
+err:
+    async_empty_pool(pool);
+    sk_ASYNC_JOB_free(pool->jobs);
+    OPENSSL_free(pool);
+    return 0;
+}
+
+void async_delete_thread_state(void)
+{
+    async_pool *pool = (async_pool *)CRYPTO_THREAD_get_local(&poolkey);
+
+    if (pool != NULL) {
+        async_empty_pool(pool);
+        sk_ASYNC_JOB_free(pool->jobs);
+        OPENSSL_free(pool);
+        CRYPTO_THREAD_set_local(&poolkey, NULL);
+    }
+    async_local_cleanup();
+    async_ctx_free();
+}
+
+void ASYNC_cleanup_thread(void)
+{
+    if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL))
+        return;
+
+    async_delete_thread_state();
+}
+
+ASYNC_JOB *ASYNC_get_current_job(void)
+{
+    async_ctx *ctx;
+
+    if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL))
+        return NULL;
+
+    ctx = async_get_ctx();
+    if (ctx == NULL)
+        return NULL;
+
+    return ctx->currjob;
+}
+
+ASYNC_WAIT_CTX *ASYNC_get_wait_ctx(ASYNC_JOB *job)
+{
+    return job->waitctx;
+}
+
+void ASYNC_block_pause(void)
+{
+    async_ctx *ctx;
+
+    if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL))
+        return;
+
+    ctx = async_get_ctx();
+    if (ctx == NULL || ctx->currjob == NULL) {
+        /*
+         * We're not in a job anyway so ignore this
+         */
+        return;
+    }
+    ctx->blocked++;
+}
+
+void ASYNC_unblock_pause(void)
+{
+    async_ctx *ctx;
+
+    if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL))
+        return;
+
+    ctx = async_get_ctx();
+    if (ctx == NULL || ctx->currjob == NULL) {
+        /*
+         * We're not in a job anyway so ignore this
+         */
+        return;
+    }
+    if (ctx->blocked > 0)
+        ctx->blocked--;
+}
diff --git a/freebsd/crypto/openssl/crypto/async/async_err.c b/freebsd/crypto/openssl/crypto/async/async_err.c
new file mode 100644
index 00000000..f373e5bf
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/async/async_err.c
@@ -0,0 +1,53 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/asyncerr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA ASYNC_str_functs[] = {
+    {ERR_PACK(ERR_LIB_ASYNC, ASYNC_F_ASYNC_CTX_NEW, 0), "async_ctx_new"},
+    {ERR_PACK(ERR_LIB_ASYNC, ASYNC_F_ASYNC_INIT_THREAD, 0),
+     "ASYNC_init_thread"},
+    {ERR_PACK(ERR_LIB_ASYNC, ASYNC_F_ASYNC_JOB_NEW, 0), "async_job_new"},
+    {ERR_PACK(ERR_LIB_ASYNC, ASYNC_F_ASYNC_PAUSE_JOB, 0), "ASYNC_pause_job"},
+    {ERR_PACK(ERR_LIB_ASYNC, ASYNC_F_ASYNC_START_FUNC, 0), "async_start_func"},
+    {ERR_PACK(ERR_LIB_ASYNC, ASYNC_F_ASYNC_START_JOB, 0), "ASYNC_start_job"},
+    {ERR_PACK(ERR_LIB_ASYNC, ASYNC_F_ASYNC_WAIT_CTX_SET_WAIT_FD, 0),
+     "ASYNC_WAIT_CTX_set_wait_fd"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA ASYNC_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_ASYNC, 0, ASYNC_R_FAILED_TO_SET_POOL),
+    "failed to set pool"},
+    {ERR_PACK(ERR_LIB_ASYNC, 0, ASYNC_R_FAILED_TO_SWAP_CONTEXT),
+    "failed to swap context"},
+    {ERR_PACK(ERR_LIB_ASYNC, 0, ASYNC_R_INIT_FAILED), "init failed"},
+    {ERR_PACK(ERR_LIB_ASYNC, 0, ASYNC_R_INVALID_POOL_SIZE),
+    "invalid pool size"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_ASYNC_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(ASYNC_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(ASYNC_str_functs);
+        ERR_load_strings_const(ASYNC_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/freebsd/crypto/openssl/crypto/async/async_locl.h b/freebsd/crypto/openssl/crypto/async/async_locl.h
new file mode 100644
index 00000000..d7790293
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/async/async_locl.h
@@ -0,0 +1,77 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Must do this before including any header files, because on MacOS/X <stlib.h>
+ * includes <signal.h> which includes <ucontext.h>
+ */
+#if defined(__APPLE__) && defined(__MACH__) && !defined(_XOPEN_SOURCE)
+# define _XOPEN_SOURCE          /* Otherwise incomplete ucontext_t structure */
+# pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+#endif
+
+#if defined(_WIN32)
+# include <windows.h>
+#endif
+
+#include "internal/async.h"
+#include <openssl/crypto.h>
+
+typedef struct async_ctx_st async_ctx;
+typedef struct async_pool_st async_pool;
+
+#include "arch/async_win.h"
+#include "arch/async_posix.h"
+#include "arch/async_null.h"
+
+struct async_ctx_st {
+    async_fibre dispatcher;
+    ASYNC_JOB *currjob;
+    unsigned int blocked;
+};
+
+struct async_job_st {
+    async_fibre fibrectx;
+    int (*func) (void *);
+    void *funcargs;
+    int ret;
+    int status;
+    ASYNC_WAIT_CTX *waitctx;
+};
+
+struct fd_lookup_st {
+    const void *key;
+    OSSL_ASYNC_FD fd;
+    void *custom_data;
+    void (*cleanup)(ASYNC_WAIT_CTX *, const void *, OSSL_ASYNC_FD, void *);
+    int add;
+    int del;
+    struct fd_lookup_st *next;
+};
+
+struct async_wait_ctx_st {
+    struct fd_lookup_st *fds;
+    size_t numadd;
+    size_t numdel;
+};
+
+DEFINE_STACK_OF(ASYNC_JOB)
+
+struct async_pool_st {
+    STACK_OF(ASYNC_JOB) *jobs;
+    size_t curr_size;
+    size_t max_size;
+};
+
+void async_local_cleanup(void);
+void async_start_func(void);
+async_ctx *async_get_ctx(void);
+
+void async_wait_ctx_reset_counts(ASYNC_WAIT_CTX *ctx);
+
diff --git a/freebsd/crypto/openssl/crypto/async/async_wait.c b/freebsd/crypto/openssl/crypto/async/async_wait.c
new file mode 100644
index 00000000..0491a688
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/async/async_wait.c
@@ -0,0 +1,215 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* This must be the first #include file */
+#include "async_locl.h"
+
+#include <openssl/err.h>
+
+ASYNC_WAIT_CTX *ASYNC_WAIT_CTX_new(void)
+{
+    return OPENSSL_zalloc(sizeof(ASYNC_WAIT_CTX));
+}
+
+void ASYNC_WAIT_CTX_free(ASYNC_WAIT_CTX *ctx)
+{
+    struct fd_lookup_st *curr;
+    struct fd_lookup_st *next;
+
+    if (ctx == NULL)
+        return;
+
+    curr = ctx->fds;
+    while (curr != NULL) {
+        if (!curr->del) {
+            /* Only try and cleanup if it hasn't been marked deleted */
+            if (curr->cleanup != NULL)
+                curr->cleanup(ctx, curr->key, curr->fd, curr->custom_data);
+        }
+        /* Always free the fd_lookup_st */
+        next = curr->next;
+        OPENSSL_free(curr);
+        curr = next;
+    }
+
+    OPENSSL_free(ctx);
+}
+int ASYNC_WAIT_CTX_set_wait_fd(ASYNC_WAIT_CTX *ctx, const void *key,
+                               OSSL_ASYNC_FD fd, void *custom_data,
+                               void (*cleanup)(ASYNC_WAIT_CTX *, const void *,
+                                               OSSL_ASYNC_FD, void *))
+{
+    struct fd_lookup_st *fdlookup;
+
+    if ((fdlookup = OPENSSL_zalloc(sizeof(*fdlookup))) == NULL) {
+        ASYNCerr(ASYNC_F_ASYNC_WAIT_CTX_SET_WAIT_FD, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    fdlookup->key = key;
+    fdlookup->fd = fd;
+    fdlookup->custom_data = custom_data;
+    fdlookup->cleanup = cleanup;
+    fdlookup->add = 1;
+    fdlookup->next = ctx->fds;
+    ctx->fds = fdlookup;
+    ctx->numadd++;
+    return 1;
+}
+
+int ASYNC_WAIT_CTX_get_fd(ASYNC_WAIT_CTX *ctx, const void *key,
+                          OSSL_ASYNC_FD *fd, void **custom_data)
+{
+    struct fd_lookup_st *curr;
+
+    curr = ctx->fds;
+    while (curr != NULL) {
+        if (curr->del) {
+            /* This one has been marked deleted so do nothing */
+            curr = curr->next;
+            continue;
+        }
+        if (curr->key == key) {
+            *fd = curr->fd;
+            *custom_data = curr->custom_data;
+            return 1;
+        }
+        curr = curr->next;
+    }
+    return 0;
+}
+
+int ASYNC_WAIT_CTX_get_all_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *fd,
+                               size_t *numfds)
+{
+    struct fd_lookup_st *curr;
+
+    curr = ctx->fds;
+    *numfds = 0;
+    while (curr != NULL) {
+        if (curr->del) {
+            /* This one has been marked deleted so do nothing */
+            curr = curr->next;
+            continue;
+        }
+        if (fd != NULL) {
+            *fd = curr->fd;
+            fd++;
+        }
+        (*numfds)++;
+        curr = curr->next;
+    }
+    return 1;
+}
+
+int ASYNC_WAIT_CTX_get_changed_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *addfd,
+                                   size_t *numaddfds, OSSL_ASYNC_FD *delfd,
+                                   size_t *numdelfds)
+{
+    struct fd_lookup_st *curr;
+
+    *numaddfds = ctx->numadd;
+    *numdelfds = ctx->numdel;
+    if (addfd == NULL && delfd == NULL)
+        return 1;
+
+    curr = ctx->fds;
+
+    while (curr != NULL) {
+        /* We ignore fds that have been marked as both added and deleted */
+        if (curr->del && !curr->add && (delfd != NULL)) {
+            *delfd = curr->fd;
+            delfd++;
+        }
+        if (curr->add && !curr->del && (addfd != NULL)) {
+            *addfd = curr->fd;
+            addfd++;
+        }
+        curr = curr->next;
+    }
+
+    return 1;
+}
+
+int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key)
+{
+    struct fd_lookup_st *curr, *prev;
+
+    curr = ctx->fds;
+    prev = NULL;
+    while (curr != NULL) {
+        if (curr->del == 1) {
+            /* This one has been marked deleted already so do nothing */
+            prev = curr;
+            curr = curr->next;
+            continue;
+        }
+        if (curr->key == key) {
+            /* If fd has just been added, remove it from the list */
+            if (curr->add == 1) {
+                if (ctx->fds == curr) {
+                    ctx->fds = curr->next;
+                } else {
+                    prev->next = curr->next;
+                }
+
+                /* It is responsibility of the caller to cleanup before calling
+                 * ASYNC_WAIT_CTX_clear_fd
+                 */
+                OPENSSL_free(curr);
+                ctx->numadd--;
+                return 1;
+            }
+
+            /*
+             * Mark it as deleted. We don't call cleanup if explicitly asked
+             * to clear an fd. We assume the caller is going to do that (if
+             * appropriate).
+             */
+            curr->del = 1;
+            ctx->numdel++;
+            return 1;
+        }
+        prev = curr;
+        curr = curr->next;
+    }
+    return 0;
+}
+
+void async_wait_ctx_reset_counts(ASYNC_WAIT_CTX *ctx)
+{
+    struct fd_lookup_st *curr, *prev = NULL;
+
+    ctx->numadd = 0;
+    ctx->numdel = 0;
+
+    curr = ctx->fds;
+
+    while (curr != NULL) {
+        if (curr->del) {
+            if (prev == NULL)
+                ctx->fds = curr->next;
+            else
+                prev->next = curr->next;
+            OPENSSL_free(curr);
+            if (prev == NULL)
+                curr = ctx->fds;
+            else
+                curr = prev->next;
+            continue;
+        }
+        if (curr->add) {
+            curr->add = 0;
+        }
+        prev = curr;
+        curr = curr->next;
+    }
+}
diff --git a/freebsd/crypto/openssl/crypto/bf/bf_cfb64.c b/freebsd/crypto/openssl/crypto/bf/bf_cfb64.c
index d4c76be9..17e805cb 100644
--- a/freebsd/crypto/openssl/crypto/bf/bf_cfb64.c
+++ b/freebsd/crypto/openssl/crypto/bf/bf_cfb64.c
@@ -1,61 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/bf/bf_cfb64.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/blowfish.h>
diff --git a/freebsd/crypto/openssl/crypto/bf/bf_ecb.c b/freebsd/crypto/openssl/crypto/bf/bf_ecb.c
index 573d0728..76a23d87 100644
--- a/freebsd/crypto/openssl/crypto/bf/bf_ecb.c
+++ b/freebsd/crypto/openssl/crypto/bf/bf_ecb.c
@@ -1,61 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/bf/bf_ecb.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/blowfish.h>
@@ -68,17 +19,9 @@
  * SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
  */
 
-const char BF_version[] = "Blowfish" OPENSSL_VERSION_PTEXT;
-
 const char *BF_options(void)
 {
-#ifdef BF_PTR
-    return ("blowfish(ptr)");
-#elif defined(BF_PTR2)
-    return ("blowfish(ptr2)");
-#else
-    return ("blowfish(idx)");
-#endif
+    return "blowfish(ptr)";
 }
 
 void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
diff --git a/freebsd/crypto/openssl/crypto/bf/bf_enc.c b/freebsd/crypto/openssl/crypto/bf/bf_enc.c
index 5edc485b..ee2e1b09 100644
--- a/freebsd/crypto/openssl/crypto/bf/bf_enc.c
+++ b/freebsd/crypto/openssl/crypto/bf/bf_enc.c
@@ -1,61 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/bf/bf_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/blowfish.h>
@@ -74,7 +25,6 @@ to modify the code.
 
 void BF_encrypt(BF_LONG *data, const BF_KEY *key)
 {
-#ifndef BF_PTR2
     register BF_LONG l, r;
     register const BF_LONG *p, *s;
 
@@ -108,50 +58,12 @@ void BF_encrypt(BF_LONG *data, const BF_KEY *key)
 # endif
     r ^= p[BF_ROUNDS + 1];
 
-    data[1] = l & 0xffffffffL;
-    data[0] = r & 0xffffffffL;
-#else
-    register BF_LONG l, r, t, *k;
-
-    l = data[0];
-    r = data[1];
-    k = (BF_LONG *)key;
-
-    l ^= k[0];
-    BF_ENC(r, l, k, 1);
-    BF_ENC(l, r, k, 2);
-    BF_ENC(r, l, k, 3);
-    BF_ENC(l, r, k, 4);
-    BF_ENC(r, l, k, 5);
-    BF_ENC(l, r, k, 6);
-    BF_ENC(r, l, k, 7);
-    BF_ENC(l, r, k, 8);
-    BF_ENC(r, l, k, 9);
-    BF_ENC(l, r, k, 10);
-    BF_ENC(r, l, k, 11);
-    BF_ENC(l, r, k, 12);
-    BF_ENC(r, l, k, 13);
-    BF_ENC(l, r, k, 14);
-    BF_ENC(r, l, k, 15);
-    BF_ENC(l, r, k, 16);
-# if BF_ROUNDS == 20
-    BF_ENC(r, l, k, 17);
-    BF_ENC(l, r, k, 18);
-    BF_ENC(r, l, k, 19);
-    BF_ENC(l, r, k, 20);
-# endif
-    r ^= k[BF_ROUNDS + 1];
-
-    data[1] = l & 0xffffffffL;
-    data[0] = r & 0xffffffffL;
-#endif
+    data[1] = l & 0xffffffffU;
+    data[0] = r & 0xffffffffU;
 }
 
-#ifndef BF_DEFAULT_OPTIONS
-
 void BF_decrypt(BF_LONG *data, const BF_KEY *key)
 {
-# ifndef BF_PTR2
     register BF_LONG l, r;
     register const BF_LONG *p, *s;
 
@@ -185,43 +97,8 @@ void BF_decrypt(BF_LONG *data, const BF_KEY *key)
     BF_ENC(l, r, s, p[1]);
     r ^= p[0];
 
-    data[1] = l & 0xffffffffL;
-    data[0] = r & 0xffffffffL;
-# else
-    register BF_LONG l, r, t, *k;
-
-    l = data[0];
-    r = data[1];
-    k = (BF_LONG *)key;
-
-    l ^= k[BF_ROUNDS + 1];
-#  if BF_ROUNDS == 20
-    BF_ENC(r, l, k, 20);
-    BF_ENC(l, r, k, 19);
-    BF_ENC(r, l, k, 18);
-    BF_ENC(l, r, k, 17);
-#  endif
-    BF_ENC(r, l, k, 16);
-    BF_ENC(l, r, k, 15);
-    BF_ENC(r, l, k, 14);
-    BF_ENC(l, r, k, 13);
-    BF_ENC(r, l, k, 12);
-    BF_ENC(l, r, k, 11);
-    BF_ENC(r, l, k, 10);
-    BF_ENC(l, r, k, 9);
-    BF_ENC(r, l, k, 8);
-    BF_ENC(l, r, k, 7);
-    BF_ENC(r, l, k, 6);
-    BF_ENC(l, r, k, 5);
-    BF_ENC(r, l, k, 4);
-    BF_ENC(l, r, k, 3);
-    BF_ENC(r, l, k, 2);
-    BF_ENC(l, r, k, 1);
-    r ^= k[0];
-
-    data[1] = l & 0xffffffffL;
-    data[0] = r & 0xffffffffL;
-# endif
+    data[1] = l & 0xffffffffU;
+    data[0] = r & 0xffffffffU;
 }
 
 void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
@@ -298,5 +175,3 @@ void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
     tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
     tin[0] = tin[1] = 0;
 }
-
-#endif
diff --git a/freebsd/crypto/openssl/crypto/bf/bf_locl.h b/freebsd/crypto/openssl/crypto/bf/bf_locl.h
index 9448aed4..b1a415e5 100644
--- a/freebsd/crypto/openssl/crypto/bf/bf_locl.h
+++ b/freebsd/crypto/openssl/crypto/bf/bf_locl.h
@@ -1,109 +1,15 @@
-/* crypto/bf/bf_locl.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #ifndef HEADER_BF_LOCL_H
 # define HEADER_BF_LOCL_H
-# include <openssl/opensslconf.h>/* BF_PTR, BF_PTR2 */
-
-# undef c2l
-# define c2l(c,l)        (l =((unsigned long)(*((c)++)))    , \
-                         l|=((unsigned long)(*((c)++)))<< 8L, \
-                         l|=((unsigned long)(*((c)++)))<<16L, \
-                         l|=((unsigned long)(*((c)++)))<<24L)
-
-/* NOTE - c is not incremented as per c2l */
-# undef c2ln
-# define c2ln(c,l1,l2,n) { \
-                        c+=n; \
-                        l1=l2=0; \
-                        switch (n) { \
-                        case 8: l2 =((unsigned long)(*(--(c))))<<24L; \
-                        case 7: l2|=((unsigned long)(*(--(c))))<<16L; \
-                        case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \
-                        case 5: l2|=((unsigned long)(*(--(c))));     \
-                        case 4: l1 =((unsigned long)(*(--(c))))<<24L; \
-                        case 3: l1|=((unsigned long)(*(--(c))))<<16L; \
-                        case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \
-                        case 1: l1|=((unsigned long)(*(--(c))));     \
-                                } \
-                        }
-
-# undef l2c
-# define l2c(l,c)        (*((c)++)=(unsigned char)(((l)     )&0xff), \
-                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>>24L)&0xff))
-
-/* NOTE - c is not incremented as per l2c */
-# undef l2cn
-# define l2cn(l1,l2,c,n) { \
-                        c+=n; \
-                        switch (n) { \
-                        case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
-                        case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
-                        case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
-                        case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \
-                        case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
-                        case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
-                        case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
-                        case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \
-                                } \
-                        }
+# include <openssl/opensslconf.h>
 
 /* NOTE - c is not incremented as per n2l */
 # define n2ln(c,l1,l2,n) { \
@@ -111,12 +17,19 @@
                         l1=l2=0; \
                         switch (n) { \
                         case 8: l2 =((unsigned long)(*(--(c))))    ; \
+                        /* fall thru */                              \
                         case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
+                        /* fall thru */                              \
                         case 6: l2|=((unsigned long)(*(--(c))))<<16; \
+                        /* fall thru */                              \
                         case 5: l2|=((unsigned long)(*(--(c))))<<24; \
+                        /* fall thru */                              \
                         case 4: l1 =((unsigned long)(*(--(c))))    ; \
+                        /* fall thru */                              \
                         case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
+                        /* fall thru */                              \
                         case 2: l1|=((unsigned long)(*(--(c))))<<16; \
+                        /* fall thru */                              \
                         case 1: l1|=((unsigned long)(*(--(c))))<<24; \
                                 } \
                         }
@@ -126,12 +39,19 @@
                         c+=n; \
                         switch (n) { \
                         case 8: *(--(c))=(unsigned char)(((l2)    )&0xff); \
+                        /* fall thru */                                    \
                         case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
+                        /* fall thru */                                    \
                         case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
+                        /* fall thru */                                    \
                         case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
+                        /* fall thru */                                    \
                         case 4: *(--(c))=(unsigned char)(((l1)    )&0xff); \
+                        /* fall thru */                                    \
                         case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
+                        /* fall thru */                                    \
                         case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
+                        /* fall thru */                                    \
                         case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
                                 } \
                         }
@@ -153,69 +73,12 @@
  * to lookup array 0
  */
 
-# if defined(BF_PTR2)
-
-/*
- * This is basically a special Intel version. Point is that Intel
- * doesn't have many registers, but offers a reach choice of addressing
- * modes. So we spare some registers by directly traversing BF_KEY
- * structure and hiring the most decorated addressing mode. The code
- * generated by EGCS is *perfectly* competitive with assembler
- * implementation!
- */
-#  define BF_ENC(LL,R,KEY,Pi) (\
-        LL^=KEY[Pi], \
-        t=  KEY[BF_ROUNDS+2 +   0 + ((R>>24)&0xFF)], \
-        t+= KEY[BF_ROUNDS+2 + 256 + ((R>>16)&0xFF)], \
-        t^= KEY[BF_ROUNDS+2 + 512 + ((R>>8 )&0xFF)], \
-        t+= KEY[BF_ROUNDS+2 + 768 + ((R    )&0xFF)], \
-        LL^=t \
-        )
-
-# elif defined(BF_PTR)
-
-#  ifndef BF_LONG_LOG2
-#   define BF_LONG_LOG2  2      /* default to BF_LONG being 32 bits */
-#  endif
-#  define BF_M  (0xFF<<BF_LONG_LOG2)
-#  define BF_0  (24-BF_LONG_LOG2)
-#  define BF_1  (16-BF_LONG_LOG2)
-#  define BF_2  ( 8-BF_LONG_LOG2)
-#  define BF_3  BF_LONG_LOG2    /* left shift */
-
-/*
- * This is normally very good on RISC platforms where normally you
- * have to explicitly "multiply" array index by sizeof(BF_LONG)
- * in order to calculate the effective address. This implementation
- * excuses CPU from this extra work. Power[PC] uses should have most
- * fun as (R>>BF_i)&BF_M gets folded into a single instruction, namely
- * rlwinm. So let'em double-check if their compiler does it.
- */
-
-#  define BF_ENC(LL,R,S,P) ( \
-        LL^=P, \
-        LL^= (((*(BF_LONG *)((unsigned char *)&(S[  0])+((R>>BF_0)&BF_M))+ \
-                *(BF_LONG *)((unsigned char *)&(S[256])+((R>>BF_1)&BF_M)))^ \
-                *(BF_LONG *)((unsigned char *)&(S[512])+((R>>BF_2)&BF_M)))+ \
-                *(BF_LONG *)((unsigned char *)&(S[768])+((R<<BF_3)&BF_M))) \
-        )
-# else
-
-/*
- * This is a *generic* version. Seem to perform best on platforms that
- * offer explicit support for extraction of 8-bit nibbles preferably
- * complemented with "multiplying" of array index by sizeof(BF_LONG).
- * For the moment of this writing the list comprises Alpha CPU featuring
- * extbl and s[48]addq instructions.
- */
-
-#  define BF_ENC(LL,R,S,P) ( \
+# define BF_ENC(LL,R,S,P) ( \
         LL^=P, \
-        LL^=((( S[       ((int)(R>>24)&0xff)] + \
-                S[0x0100+((int)(R>>16)&0xff)])^ \
-                S[0x0200+((int)(R>> 8)&0xff)])+ \
-                S[0x0300+((int)(R    )&0xff)])&0xffffffffL \
+        LL^=((( S[       ((R>>24)&0xff)] + \
+                S[0x0100+((R>>16)&0xff)])^ \
+                S[0x0200+((R>> 8)&0xff)])+ \
+                S[0x0300+((R    )&0xff)])&0xffffffffU \
         )
-# endif
 
 #endif
diff --git a/freebsd/crypto/openssl/crypto/bf/bf_ofb64.c b/freebsd/crypto/openssl/crypto/bf/bf_ofb64.c
index e110e2d3..02dfb41d 100644
--- a/freebsd/crypto/openssl/crypto/bf/bf_ofb64.c
+++ b/freebsd/crypto/openssl/crypto/bf/bf_ofb64.c
@@ -1,61 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/bf/bf_ofb64.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/blowfish.h>
diff --git a/freebsd/crypto/openssl/crypto/bf/bf_opts.c b/freebsd/crypto/openssl/crypto/bf/bf_opts.c
deleted file mode 100644
index ed239ef3..00000000
--- a/freebsd/crypto/openssl/crypto/bf/bf_opts.c
+++ /dev/null
@@ -1,326 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/bf/bf_opts.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/*
- * define PART1, PART2, PART3 or PART4 to build only with a few of the
- * options. This is for machines with 64k code segment size restrictions.
- */
-
-#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
-# define TIMES
-#endif
-
-#include <stdio.h>
-
-#include <openssl/e_os2.h>
-#include OPENSSL_UNISTD_IO
-OPENSSL_DECLARE_EXIT
-#ifndef OPENSSL_SYS_NETWARE
-# include <signal.h>
-#endif
-#ifndef _IRIX
-# include <time.h>
-#endif
-#ifdef TIMES
-# include <sys/types.h>
-# include <sys/times.h>
-#endif
-    /*
-     * Depending on the VMS version, the tms structure is perhaps defined.
-     * The __TMS macro will show if it was.  If it wasn't defined, we should
-     * undefine TIMES, since that tells the rest of the program how things
-     * should be handled.  -- Richard Levitte
-     */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
-# undef TIMES
-#endif
-#ifndef TIMES
-# include <sys/timeb.h>
-#endif
-#if defined(sun) || defined(__ultrix)
-# define _POSIX_SOURCE
-# include <limits.h>
-# include <sys/param.h>
-#endif
-#include <openssl/blowfish.h>
-#define BF_DEFAULT_OPTIONS
-#undef BF_ENC
-#define BF_encrypt  BF_encrypt_normal
-#undef HEADER_BF_LOCL_H
-#include "bf_enc.c"
-#define BF_PTR
-#undef BF_PTR2
-#undef BF_ENC
-#undef BF_encrypt
-#define BF_encrypt  BF_encrypt_ptr
-#undef HEADER_BF_LOCL_H
-#include "bf_enc.c"
-#undef BF_PTR
-#define BF_PTR2
-#undef BF_ENC
-#undef BF_encrypt
-#define BF_encrypt  BF_encrypt_ptr2
-#undef HEADER_BF_LOCL_H
-#include "bf_enc.c"
-/* The following if from times(3) man page.  It may need to be changed */
-#ifndef HZ
-# ifndef CLK_TCK
-#  ifndef _BSD_CLK_TCK_         /* FreeBSD fix */
-#   define HZ   100.0
-#  else                         /* _BSD_CLK_TCK_ */
-#   define HZ ((double)_BSD_CLK_TCK_)
-#  endif
-# else                          /* CLK_TCK */
-#  define HZ ((double)CLK_TCK)
-# endif
-#endif
-#define BUFSIZE ((long)1024)
-long run = 0;
-
-double Time_F(int s);
-#ifdef SIGALRM
-# if defined(__STDC__) || defined(sgi)
-#  define SIGRETTYPE void
-# else
-#  define SIGRETTYPE int
-# endif
-
-SIGRETTYPE sig_done(int sig);
-SIGRETTYPE sig_done(int sig)
-{
-    signal(SIGALRM, sig_done);
-    run = 0;
-# ifdef LINT
-    sig = sig;
-# endif
-}
-#endif
-
-#define START   0
-#define STOP    1
-
-double Time_F(int s)
-{
-    double ret;
-#ifdef TIMES
-    static struct tms tstart, tend;
-
-    if (s == START) {
-        times(&tstart);
-        return (0);
-    } else {
-        times(&tend);
-        ret = ((double)(tend.tms_utime - tstart.tms_utime)) / HZ;
-        return ((ret == 0.0) ? 1e-6 : ret);
-    }
-#else                           /* !times() */
-    static struct timeb tstart, tend;
-    long i;
-
-    if (s == START) {
-        ftime(&tstart);
-        return (0);
-    } else {
-        ftime(&tend);
-        i = (long)tend.millitm - (long)tstart.millitm;
-        ret = ((double)(tend.time - tstart.time)) + ((double)i) / 1000.0;
-        return ((ret == 0.0) ? 1e-6 : ret);
-    }
-#endif
-}
-
-#ifdef SIGALRM
-# define print_name(name) fprintf(stderr,"Doing %s's for 10 seconds\n",name); alarm(10);
-#else
-# define print_name(name) fprintf(stderr,"Doing %s %ld times\n",name,cb);
-#endif
-
-#define time_it(func,name,index) \
-        print_name(name); \
-        Time_F(START); \
-        for (count=0,run=1; COND(cb); count+=4) \
-                { \
-                unsigned long d[2]; \
-                func(d,&sch); \
-                func(d,&sch); \
-                func(d,&sch); \
-                func(d,&sch); \
-                } \
-        tm[index]=Time_F(STOP); \
-        fprintf(stderr,"%ld %s's in %.2f second\n",count,name,tm[index]); \
-        tm[index]=((double)COUNT(cb))/tm[index];
-
-#define print_it(name,index) \
-        fprintf(stderr,"%s bytes per sec = %12.2f (%5.1fuS)\n",name, \
-                tm[index]*8,1.0e6/tm[index]);
-
-int main(int argc, char **argv)
-{
-    long count;
-    static unsigned char buf[BUFSIZE];
-    static char key[16] = { 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
-        0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0
-    };
-    BF_KEY sch;
-    double d, tm[16], max = 0;
-    int rank[16];
-    char *str[16];
-    int max_idx = 0, i, num = 0, j;
-#ifndef SIGALARM
-    long ca, cb, cc, cd, ce;
-#endif
-
-    for (i = 0; i < 12; i++) {
-        tm[i] = 0.0;
-        rank[i] = 0;
-    }
-
-#ifndef TIMES
-    fprintf(stderr, "To get the most accurate results, try to run this\n");
-    fprintf(stderr, "program when this computer is idle.\n");
-#endif
-
-    BF_set_key(&sch, 16, key);
-
-#ifndef SIGALRM
-    fprintf(stderr, "First we calculate the approximate speed ...\n");
-    count = 10;
-    do {
-        long i;
-        unsigned long data[2];
-
-        count *= 2;
-        Time_F(START);
-        for (i = count; i; i--)
-            BF_encrypt(data, &sch);
-        d = Time_F(STOP);
-    } while (d < 3.0);
-    ca = count;
-    cb = count * 3;
-    cc = count * 3 * 8 / BUFSIZE + 1;
-    cd = count * 8 / BUFSIZE + 1;
-
-    ce = count / 20 + 1;
-# define COND(d) (count != (d))
-# define COUNT(d) (d)
-#else
-# define COND(c) (run)
-# define COUNT(d) (count)
-    signal(SIGALRM, sig_done);
-    alarm(10);
-#endif
-
-    time_it(BF_encrypt_normal, "BF_encrypt_normal ", 0);
-    time_it(BF_encrypt_ptr, "BF_encrypt_ptr    ", 1);
-    time_it(BF_encrypt_ptr2, "BF_encrypt_ptr2   ", 2);
-    num += 3;
-
-    str[0] = "<nothing>";
-    print_it("BF_encrypt_normal ", 0);
-    max = tm[0];
-    max_idx = 0;
-    str[1] = "ptr      ";
-    print_it("BF_encrypt_ptr ", 1);
-    if (max < tm[1]) {
-        max = tm[1];
-        max_idx = 1;
-    }
-    str[2] = "ptr2     ";
-    print_it("BF_encrypt_ptr2 ", 2);
-    if (max < tm[2]) {
-        max = tm[2];
-        max_idx = 2;
-    }
-
-    printf("options    BF ecb/s\n");
-    printf("%s %12.2f 100.0%%\n", str[max_idx], tm[max_idx]);
-    d = tm[max_idx];
-    tm[max_idx] = -2.0;
-    max = -1.0;
-    for (;;) {
-        for (i = 0; i < 3; i++) {
-            if (max < tm[i]) {
-                max = tm[i];
-                j = i;
-            }
-        }
-        if (max < 0.0)
-            break;
-        printf("%s %12.2f  %4.1f%%\n", str[j], tm[j], tm[j] / d * 100.0);
-        tm[j] = -2.0;
-        max = -1.0;
-    }
-
-    switch (max_idx) {
-    case 0:
-        printf("-DBF_DEFAULT_OPTIONS\n");
-        break;
-    case 1:
-        printf("-DBF_PTR\n");
-        break;
-    case 2:
-        printf("-DBF_PTR2\n");
-        break;
-    }
-    exit(0);
-#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
-    return (0);
-#endif
-}
diff --git a/freebsd/crypto/openssl/crypto/bf/bf_pi.h b/freebsd/crypto/openssl/crypto/bf/bf_pi.h
index 46a26739..a054b03f 100644
--- a/freebsd/crypto/openssl/crypto/bf/bf_pi.h
+++ b/freebsd/crypto/openssl/crypto/bf/bf_pi.h
@@ -1,59 +1,10 @@
-/* crypto/bf/bf_pi.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 static const BF_KEY bf_init = {
diff --git a/freebsd/crypto/openssl/crypto/bf/bf_skey.c b/freebsd/crypto/openssl/crypto/bf/bf_skey.c
index e7ab8885..254ae650 100644
--- a/freebsd/crypto/openssl/crypto/bf/bf_skey.c
+++ b/freebsd/crypto/openssl/crypto/bf/bf_skey.c
@@ -1,79 +1,21 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/bf/bf_skey.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <string.h>
-#include <openssl/crypto.h>
 #include <openssl/blowfish.h>
 #include "bf_locl.h"
 #include "bf_pi.h"
 
 void BF_set_key(BF_KEY *key, int len, const unsigned char *data)
-#ifdef OPENSSL_FIPS
-{
-    fips_cipher_abort(BLOWFISH);
-    private_BF_set_key(key, len, data);
-}
-
-void private_BF_set_key(BF_KEY *key, int len, const unsigned char *data)
-#endif
 {
     int i;
     BF_LONG *p, ri, in[2];
diff --git a/freebsd/crypto/openssl/crypto/bf/bfspeed.c b/freebsd/crypto/openssl/crypto/bf/bfspeed.c
deleted file mode 100644
index d8b5744a..00000000
--- a/freebsd/crypto/openssl/crypto/bf/bfspeed.c
+++ /dev/null
@@ -1,267 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/bf/bfspeed.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
-/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
-
-#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
-# define TIMES
-#endif
-
-#include <stdio.h>
-
-#include <openssl/e_os2.h>
-#include OPENSSL_UNISTD_IO
-OPENSSL_DECLARE_EXIT
-#ifndef OPENSSL_SYS_NETWARE
-# include <signal.h>
-#endif
-#ifndef _IRIX
-# include <time.h>
-#endif
-#ifdef TIMES
-# include <sys/types.h>
-# include <sys/times.h>
-#endif
-    /*
-     * Depending on the VMS version, the tms structure is perhaps defined.
-     * The __TMS macro will show if it was.  If it wasn't defined, we should
-     * undefine TIMES, since that tells the rest of the program how things
-     * should be handled.  -- Richard Levitte
-     */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
-# undef TIMES
-#endif
-#ifndef TIMES
-# include <sys/timeb.h>
-#endif
-#if defined(sun) || defined(__ultrix)
-# define _POSIX_SOURCE
-# include <limits.h>
-# include <sys/param.h>
-#endif
-#include <openssl/blowfish.h>
-/* The following if from times(3) man page.  It may need to be changed */
-#ifndef HZ
-# ifndef CLK_TCK
-#  define HZ      100.0
-# else                          /* CLK_TCK */
-#  define HZ ((double)CLK_TCK)
-# endif
-#endif
-#define BUFSIZE ((long)1024)
-long run = 0;
-
-double Time_F(int s);
-#ifdef SIGALRM
-# if defined(__STDC__) || defined(sgi) || defined(_AIX)
-#  define SIGRETTYPE void
-# else
-#  define SIGRETTYPE int
-# endif
-
-SIGRETTYPE sig_done(int sig);
-SIGRETTYPE sig_done(int sig)
-{
-    signal(SIGALRM, sig_done);
-    run = 0;
-# ifdef LINT
-    sig = sig;
-# endif
-}
-#endif
-
-#define START   0
-#define STOP    1
-
-double Time_F(int s)
-{
-    double ret;
-#ifdef TIMES
-    static struct tms tstart, tend;
-
-    if (s == START) {
-        times(&tstart);
-        return (0);
-    } else {
-        times(&tend);
-        ret = ((double)(tend.tms_utime - tstart.tms_utime)) / HZ;
-        return ((ret == 0.0) ? 1e-6 : ret);
-    }
-#else                           /* !times() */
-    static struct timeb tstart, tend;
-    long i;
-
-    if (s == START) {
-        ftime(&tstart);
-        return (0);
-    } else {
-        ftime(&tend);
-        i = (long)tend.millitm - (long)tstart.millitm;
-        ret = ((double)(tend.time - tstart.time)) + ((double)i) / 1e3;
-        return ((ret == 0.0) ? 1e-6 : ret);
-    }
-#endif
-}
-
-int main(int argc, char **argv)
-{
-    long count;
-    static unsigned char buf[BUFSIZE];
-    static unsigned char key[] = {
-        0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
-        0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
-    };
-    BF_KEY sch;
-    double a, b, c, d;
-#ifndef SIGALRM
-    long ca, cb, cc;
-#endif
-
-#ifndef TIMES
-    printf("To get the most accurate results, try to run this\n");
-    printf("program when this computer is idle.\n");
-#endif
-
-#ifndef SIGALRM
-    printf("First we calculate the approximate speed ...\n");
-    BF_set_key(&sch, 16, key);
-    count = 10;
-    do {
-        long i;
-        BF_LONG data[2];
-
-        count *= 2;
-        Time_F(START);
-        for (i = count; i; i--)
-            BF_encrypt(data, &sch);
-        d = Time_F(STOP);
-    } while (d < 3.0);
-    ca = count / 512;
-    cb = count;
-    cc = count * 8 / BUFSIZE + 1;
-    printf("Doing BF_set_key %ld times\n", ca);
-# define COND(d) (count != (d))
-# define COUNT(d) (d)
-#else
-# define COND(c) (run)
-# define COUNT(d) (count)
-    signal(SIGALRM, sig_done);
-    printf("Doing BF_set_key for 10 seconds\n");
-    alarm(10);
-#endif
-
-    Time_F(START);
-    for (count = 0, run = 1; COND(ca); count += 4) {
-        BF_set_key(&sch, 16, key);
-        BF_set_key(&sch, 16, key);
-        BF_set_key(&sch, 16, key);
-        BF_set_key(&sch, 16, key);
-    }
-    d = Time_F(STOP);
-    printf("%ld BF_set_key's in %.2f seconds\n", count, d);
-    a = ((double)COUNT(ca)) / d;
-
-#ifdef SIGALRM
-    printf("Doing BF_encrypt's for 10 seconds\n");
-    alarm(10);
-#else
-    printf("Doing BF_encrypt %ld times\n", cb);
-#endif
-    Time_F(START);
-    for (count = 0, run = 1; COND(cb); count += 4) {
-        BF_LONG data[2];
-
-        BF_encrypt(data, &sch);
-        BF_encrypt(data, &sch);
-        BF_encrypt(data, &sch);
-        BF_encrypt(data, &sch);
-    }
-    d = Time_F(STOP);
-    printf("%ld BF_encrypt's in %.2f second\n", count, d);
-    b = ((double)COUNT(cb) * 8) / d;
-
-#ifdef SIGALRM
-    printf("Doing BF_cbc_encrypt on %ld byte blocks for 10 seconds\n",
-           BUFSIZE);
-    alarm(10);
-#else
-    printf("Doing BF_cbc_encrypt %ld times on %ld byte blocks\n", cc,
-           BUFSIZE);
-#endif
-    Time_F(START);
-    for (count = 0, run = 1; COND(cc); count++)
-        BF_cbc_encrypt(buf, buf, BUFSIZE, &sch, &(key[0]), BF_ENCRYPT);
-    d = Time_F(STOP);
-    printf("%ld BF_cbc_encrypt's of %ld byte blocks in %.2f second\n",
-           count, BUFSIZE, d);
-    c = ((double)COUNT(cc) * BUFSIZE) / d;
-
-    printf("Blowfish set_key       per sec = %12.3f (%9.3fuS)\n", a,
-           1.0e6 / a);
-    printf("Blowfish raw ecb bytes per sec = %12.3f (%9.3fuS)\n", b,
-           8.0e6 / b);
-    printf("Blowfish cbc     bytes per sec = %12.3f (%9.3fuS)\n", c,
-           8.0e6 / c);
-    exit(0);
-#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
-    return (0);
-#endif
-}
diff --git a/freebsd/crypto/openssl/crypto/bf/bftest.c b/freebsd/crypto/openssl/crypto/bf/bftest.c
deleted file mode 100644
index c2a3e206..00000000
--- a/freebsd/crypto/openssl/crypto/bf/bftest.c
+++ /dev/null
@@ -1,540 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/bf/bftest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/*
- * This has been a quickly hacked 'ideatest.c'.  When I add tests for other
- * RC2 modes, more of the code will be uncommented.
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_BF is defined */
-
-#include "../e_os.h"
-
-#ifdef OPENSSL_NO_BF
-int main(int argc, char *argv[])
-{
-    printf("No BF support\n");
-    return (0);
-}
-#else
-# include <openssl/blowfish.h>
-
-# ifdef CHARSET_EBCDIC
-#  include <openssl/ebcdic.h>
-# endif
-
-static char *bf_key[2] = {
-    "abcdefghijklmnopqrstuvwxyz",
-    "Who is John Galt?"
-};
-
-/* big endian */
-static BF_LONG bf_plain[2][2] = {
-    {0x424c4f57L, 0x46495348L},
-    {0xfedcba98L, 0x76543210L}
-};
-
-static BF_LONG bf_cipher[2][2] = {
-    {0x324ed0feL, 0xf413a203L},
-    {0xcc91732bL, 0x8022f684L}
-};
-
-/************/
-
-/* Lets use the DES test vectors :-) */
-# define NUM_TESTS 34
-static unsigned char ecb_data[NUM_TESTS][8] = {
-    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
-    {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
-    {0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
-    {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
-    {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
-    {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
-    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
-    {0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10},
-    {0x7C, 0xA1, 0x10, 0x45, 0x4A, 0x1A, 0x6E, 0x57},
-    {0x01, 0x31, 0xD9, 0x61, 0x9D, 0xC1, 0x37, 0x6E},
-    {0x07, 0xA1, 0x13, 0x3E, 0x4A, 0x0B, 0x26, 0x86},
-    {0x38, 0x49, 0x67, 0x4C, 0x26, 0x02, 0x31, 0x9E},
-    {0x04, 0xB9, 0x15, 0xBA, 0x43, 0xFE, 0xB5, 0xB6},
-    {0x01, 0x13, 0xB9, 0x70, 0xFD, 0x34, 0xF2, 0xCE},
-    {0x01, 0x70, 0xF1, 0x75, 0x46, 0x8F, 0xB5, 0xE6},
-    {0x43, 0x29, 0x7F, 0xAD, 0x38, 0xE3, 0x73, 0xFE},
-    {0x07, 0xA7, 0x13, 0x70, 0x45, 0xDA, 0x2A, 0x16},
-    {0x04, 0x68, 0x91, 0x04, 0xC2, 0xFD, 0x3B, 0x2F},
-    {0x37, 0xD0, 0x6B, 0xB5, 0x16, 0xCB, 0x75, 0x46},
-    {0x1F, 0x08, 0x26, 0x0D, 0x1A, 0xC2, 0x46, 0x5E},
-    {0x58, 0x40, 0x23, 0x64, 0x1A, 0xBA, 0x61, 0x76},
-    {0x02, 0x58, 0x16, 0x16, 0x46, 0x29, 0xB0, 0x07},
-    {0x49, 0x79, 0x3E, 0xBC, 0x79, 0xB3, 0x25, 0x8F},
-    {0x4F, 0xB0, 0x5E, 0x15, 0x15, 0xAB, 0x73, 0xA7},
-    {0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF},
-    {0x01, 0x83, 0x10, 0xDC, 0x40, 0x9B, 0x26, 0xD6},
-    {0x1C, 0x58, 0x7F, 0x1C, 0x13, 0x92, 0x4F, 0xEF},
-    {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01},
-    {0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E},
-    {0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE},
-    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
-    {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
-    {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
-    {0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10}
-};
-
-static unsigned char plain_data[NUM_TESTS][8] = {
-    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
-    {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
-    {0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01},
-    {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
-    {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
-    {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
-    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
-    {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
-    {0x01, 0xA1, 0xD6, 0xD0, 0x39, 0x77, 0x67, 0x42},
-    {0x5C, 0xD5, 0x4C, 0xA8, 0x3D, 0xEF, 0x57, 0xDA},
-    {0x02, 0x48, 0xD4, 0x38, 0x06, 0xF6, 0x71, 0x72},
-    {0x51, 0x45, 0x4B, 0x58, 0x2D, 0xDF, 0x44, 0x0A},
-    {0x42, 0xFD, 0x44, 0x30, 0x59, 0x57, 0x7F, 0xA2},
-    {0x05, 0x9B, 0x5E, 0x08, 0x51, 0xCF, 0x14, 0x3A},
-    {0x07, 0x56, 0xD8, 0xE0, 0x77, 0x47, 0x61, 0xD2},
-    {0x76, 0x25, 0x14, 0xB8, 0x29, 0xBF, 0x48, 0x6A},
-    {0x3B, 0xDD, 0x11, 0x90, 0x49, 0x37, 0x28, 0x02},
-    {0x26, 0x95, 0x5F, 0x68, 0x35, 0xAF, 0x60, 0x9A},
-    {0x16, 0x4D, 0x5E, 0x40, 0x4F, 0x27, 0x52, 0x32},
-    {0x6B, 0x05, 0x6E, 0x18, 0x75, 0x9F, 0x5C, 0xCA},
-    {0x00, 0x4B, 0xD6, 0xEF, 0x09, 0x17, 0x60, 0x62},
-    {0x48, 0x0D, 0x39, 0x00, 0x6E, 0xE7, 0x62, 0xF2},
-    {0x43, 0x75, 0x40, 0xC8, 0x69, 0x8F, 0x3C, 0xFA},
-    {0x07, 0x2D, 0x43, 0xA0, 0x77, 0x07, 0x52, 0x92},
-    {0x02, 0xFE, 0x55, 0x77, 0x81, 0x17, 0xF1, 0x2A},
-    {0x1D, 0x9D, 0x5C, 0x50, 0x18, 0xF7, 0x28, 0xC2},
-    {0x30, 0x55, 0x32, 0x28, 0x6D, 0x6F, 0x29, 0x5A},
-    {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
-    {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
-    {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
-    {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
-    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
-    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
-    {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}
-};
-
-static unsigned char cipher_data[NUM_TESTS][8] = {
-    {0x4E, 0xF9, 0x97, 0x45, 0x61, 0x98, 0xDD, 0x78},
-    {0x51, 0x86, 0x6F, 0xD5, 0xB8, 0x5E, 0xCB, 0x8A},
-    {0x7D, 0x85, 0x6F, 0x9A, 0x61, 0x30, 0x63, 0xF2},
-    {0x24, 0x66, 0xDD, 0x87, 0x8B, 0x96, 0x3C, 0x9D},
-    {0x61, 0xF9, 0xC3, 0x80, 0x22, 0x81, 0xB0, 0x96},
-    {0x7D, 0x0C, 0xC6, 0x30, 0xAF, 0xDA, 0x1E, 0xC7},
-    {0x4E, 0xF9, 0x97, 0x45, 0x61, 0x98, 0xDD, 0x78},
-    {0x0A, 0xCE, 0xAB, 0x0F, 0xC6, 0xA0, 0xA2, 0x8D},
-    {0x59, 0xC6, 0x82, 0x45, 0xEB, 0x05, 0x28, 0x2B},
-    {0xB1, 0xB8, 0xCC, 0x0B, 0x25, 0x0F, 0x09, 0xA0},
-    {0x17, 0x30, 0xE5, 0x77, 0x8B, 0xEA, 0x1D, 0xA4},
-    {0xA2, 0x5E, 0x78, 0x56, 0xCF, 0x26, 0x51, 0xEB},
-    {0x35, 0x38, 0x82, 0xB1, 0x09, 0xCE, 0x8F, 0x1A},
-    {0x48, 0xF4, 0xD0, 0x88, 0x4C, 0x37, 0x99, 0x18},
-    {0x43, 0x21, 0x93, 0xB7, 0x89, 0x51, 0xFC, 0x98},
-    {0x13, 0xF0, 0x41, 0x54, 0xD6, 0x9D, 0x1A, 0xE5},
-    {0x2E, 0xED, 0xDA, 0x93, 0xFF, 0xD3, 0x9C, 0x79},
-    {0xD8, 0x87, 0xE0, 0x39, 0x3C, 0x2D, 0xA6, 0xE3},
-    {0x5F, 0x99, 0xD0, 0x4F, 0x5B, 0x16, 0x39, 0x69},
-    {0x4A, 0x05, 0x7A, 0x3B, 0x24, 0xD3, 0x97, 0x7B},
-    {0x45, 0x20, 0x31, 0xC1, 0xE4, 0xFA, 0xDA, 0x8E},
-    {0x75, 0x55, 0xAE, 0x39, 0xF5, 0x9B, 0x87, 0xBD},
-    {0x53, 0xC5, 0x5F, 0x9C, 0xB4, 0x9F, 0xC0, 0x19},
-    {0x7A, 0x8E, 0x7B, 0xFA, 0x93, 0x7E, 0x89, 0xA3},
-    {0xCF, 0x9C, 0x5D, 0x7A, 0x49, 0x86, 0xAD, 0xB5},
-    {0xD1, 0xAB, 0xB2, 0x90, 0x65, 0x8B, 0xC7, 0x78},
-    {0x55, 0xCB, 0x37, 0x74, 0xD1, 0x3E, 0xF2, 0x01},
-    {0xFA, 0x34, 0xEC, 0x48, 0x47, 0xB2, 0x68, 0xB2},
-    {0xA7, 0x90, 0x79, 0x51, 0x08, 0xEA, 0x3C, 0xAE},
-    {0xC3, 0x9E, 0x07, 0x2D, 0x9F, 0xAC, 0x63, 0x1D},
-    {0x01, 0x49, 0x33, 0xE0, 0xCD, 0xAF, 0xF6, 0xE4},
-    {0xF2, 0x1E, 0x9A, 0x77, 0xB7, 0x1C, 0x49, 0xBC},
-    {0x24, 0x59, 0x46, 0x88, 0x57, 0x54, 0x36, 0x9A},
-    {0x6B, 0x5C, 0x5A, 0x9C, 0x5D, 0x9E, 0x0A, 0x5A},
-};
-
-static unsigned char cbc_key[16] = {
-    0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
-    0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87
-};
-static unsigned char cbc_iv[8] =
-    { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 };
-static char cbc_data[40] = "7654321 Now is the time for ";
-static unsigned char cbc_ok[32] = {
-    0x6B, 0x77, 0xB4, 0xD6, 0x30, 0x06, 0xDE, 0xE6,
-    0x05, 0xB1, 0x56, 0xE2, 0x74, 0x03, 0x97, 0x93,
-    0x58, 0xDE, 0xB9, 0xE7, 0x15, 0x46, 0x16, 0xD9,
-    0x59, 0xF1, 0x65, 0x2B, 0xD5, 0xFF, 0x92, 0xCC
-};
-
-static unsigned char cfb64_ok[] = {
-    0xE7, 0x32, 0x14, 0xA2, 0x82, 0x21, 0x39, 0xCA,
-    0xF2, 0x6E, 0xCF, 0x6D, 0x2E, 0xB9, 0xE7, 0x6E,
-    0x3D, 0xA3, 0xDE, 0x04, 0xD1, 0x51, 0x72, 0x00,
-    0x51, 0x9D, 0x57, 0xA6, 0xC3
-};
-
-static unsigned char ofb64_ok[] = {
-    0xE7, 0x32, 0x14, 0xA2, 0x82, 0x21, 0x39, 0xCA,
-    0x62, 0xB3, 0x43, 0xCC, 0x5B, 0x65, 0x58, 0x73,
-    0x10, 0xDD, 0x90, 0x8D, 0x0C, 0x24, 0x1B, 0x22,
-    0x63, 0xC2, 0xCF, 0x80, 0xDA
-};
-
-# define KEY_TEST_NUM    25
-static unsigned char key_test[KEY_TEST_NUM] = {
-    0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87,
-    0x78, 0x69, 0x5a, 0x4b, 0x3c, 0x2d, 0x1e, 0x0f,
-    0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
-    0x88
-};
-
-static unsigned char key_data[8] =
-    { 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10 };
-
-static unsigned char key_out[KEY_TEST_NUM][8] = {
-    {0xF9, 0xAD, 0x59, 0x7C, 0x49, 0xDB, 0x00, 0x5E},
-    {0xE9, 0x1D, 0x21, 0xC1, 0xD9, 0x61, 0xA6, 0xD6},
-    {0xE9, 0xC2, 0xB7, 0x0A, 0x1B, 0xC6, 0x5C, 0xF3},
-    {0xBE, 0x1E, 0x63, 0x94, 0x08, 0x64, 0x0F, 0x05},
-    {0xB3, 0x9E, 0x44, 0x48, 0x1B, 0xDB, 0x1E, 0x6E},
-    {0x94, 0x57, 0xAA, 0x83, 0xB1, 0x92, 0x8C, 0x0D},
-    {0x8B, 0xB7, 0x70, 0x32, 0xF9, 0x60, 0x62, 0x9D},
-    {0xE8, 0x7A, 0x24, 0x4E, 0x2C, 0xC8, 0x5E, 0x82},
-    {0x15, 0x75, 0x0E, 0x7A, 0x4F, 0x4E, 0xC5, 0x77},
-    {0x12, 0x2B, 0xA7, 0x0B, 0x3A, 0xB6, 0x4A, 0xE0},
-    {0x3A, 0x83, 0x3C, 0x9A, 0xFF, 0xC5, 0x37, 0xF6},
-    {0x94, 0x09, 0xDA, 0x87, 0xA9, 0x0F, 0x6B, 0xF2},
-    {0x88, 0x4F, 0x80, 0x62, 0x50, 0x60, 0xB8, 0xB4},
-    {0x1F, 0x85, 0x03, 0x1C, 0x19, 0xE1, 0x19, 0x68},
-    {0x79, 0xD9, 0x37, 0x3A, 0x71, 0x4C, 0xA3, 0x4F},
-    {0x93, 0x14, 0x28, 0x87, 0xEE, 0x3B, 0xE1, 0x5C},
-    {0x03, 0x42, 0x9E, 0x83, 0x8C, 0xE2, 0xD1, 0x4B},
-    {0xA4, 0x29, 0x9E, 0x27, 0x46, 0x9F, 0xF6, 0x7B},
-    {0xAF, 0xD5, 0xAE, 0xD1, 0xC1, 0xBC, 0x96, 0xA8},
-    {0x10, 0x85, 0x1C, 0x0E, 0x38, 0x58, 0xDA, 0x9F},
-    {0xE6, 0xF5, 0x1E, 0xD7, 0x9B, 0x9D, 0xB2, 0x1F},
-    {0x64, 0xA6, 0xE1, 0x4A, 0xFD, 0x36, 0xB4, 0x6F},
-    {0x80, 0xC7, 0xD7, 0xD4, 0x5A, 0x54, 0x79, 0xAD},
-    {0x05, 0x04, 0x4B, 0x62, 0xFA, 0x52, 0xD0, 0x80},
-};
-
-static int test(void);
-static int print_test_data(void);
-int main(int argc, char *argv[])
-{
-    int ret;
-
-    if (argc > 1)
-        ret = print_test_data();
-    else
-        ret = test();
-
-# ifdef OPENSSL_SYS_NETWARE
-    if (ret)
-        printf("ERROR: %d\n", ret);
-# endif
-    EXIT(ret);
-    return (0);
-}
-
-static int print_test_data(void)
-{
-    unsigned int i, j;
-
-    printf("ecb test data\n");
-    printf("key bytes\t\tclear bytes\t\tcipher bytes\n");
-    for (i = 0; i < NUM_TESTS; i++) {
-        for (j = 0; j < 8; j++)
-            printf("%02X", ecb_data[i][j]);
-        printf("\t");
-        for (j = 0; j < 8; j++)
-            printf("%02X", plain_data[i][j]);
-        printf("\t");
-        for (j = 0; j < 8; j++)
-            printf("%02X", cipher_data[i][j]);
-        printf("\n");
-    }
-
-    printf("set_key test data\n");
-    printf("data[8]= ");
-    for (j = 0; j < 8; j++)
-        printf("%02X", key_data[j]);
-    printf("\n");
-    for (i = 0; i < KEY_TEST_NUM - 1; i++) {
-        printf("c=");
-        for (j = 0; j < 8; j++)
-            printf("%02X", key_out[i][j]);
-        printf(" k[%2u]=", i + 1);
-        for (j = 0; j < i + 1; j++)
-            printf("%02X", key_test[j]);
-        printf("\n");
-    }
-
-    printf("\nchaining mode test data\n");
-    printf("key[16]   = ");
-    for (j = 0; j < 16; j++)
-        printf("%02X", cbc_key[j]);
-    printf("\niv[8]     = ");
-    for (j = 0; j < 8; j++)
-        printf("%02X", cbc_iv[j]);
-    printf("\ndata[%d]  = '%s'", (int)strlen(cbc_data) + 1, cbc_data);
-    printf("\ndata[%d]  = ", (int)strlen(cbc_data) + 1);
-    for (j = 0; j < strlen(cbc_data) + 1; j++)
-        printf("%02X", cbc_data[j]);
-    printf("\n");
-    printf("cbc cipher text\n");
-    printf("cipher[%d]= ", 32);
-    for (j = 0; j < 32; j++)
-        printf("%02X", cbc_ok[j]);
-    printf("\n");
-
-    printf("cfb64 cipher text\n");
-    printf("cipher[%d]= ", (int)strlen(cbc_data) + 1);
-    for (j = 0; j < strlen(cbc_data) + 1; j++)
-        printf("%02X", cfb64_ok[j]);
-    printf("\n");
-
-    printf("ofb64 cipher text\n");
-    printf("cipher[%d]= ", (int)strlen(cbc_data) + 1);
-    for (j = 0; j < strlen(cbc_data) + 1; j++)
-        printf("%02X", ofb64_ok[j]);
-    printf("\n");
-    return (0);
-}
-
-static int test(void)
-{
-    unsigned char cbc_in[40], cbc_out[40], iv[8];
-    int i, n, err = 0;
-    BF_KEY key;
-    BF_LONG data[2];
-    unsigned char out[8];
-    BF_LONG len;
-
-# ifdef CHARSET_EBCDIC
-    ebcdic2ascii(cbc_data, cbc_data, strlen(cbc_data));
-# endif
-
-    printf("testing blowfish in raw ecb mode\n");
-    for (n = 0; n < 2; n++) {
-# ifdef CHARSET_EBCDIC
-        ebcdic2ascii(bf_key[n], bf_key[n], strlen(bf_key[n]));
-# endif
-        BF_set_key(&key, strlen(bf_key[n]), (unsigned char *)bf_key[n]);
-
-        data[0] = bf_plain[n][0];
-        data[1] = bf_plain[n][1];
-        BF_encrypt(data, &key);
-        if (memcmp(&(bf_cipher[n][0]), &(data[0]), 8) != 0) {
-            printf("BF_encrypt error encrypting\n");
-            printf("got     :");
-            for (i = 0; i < 2; i++)
-                printf("%08lX ", (unsigned long)data[i]);
-            printf("\n");
-            printf("expected:");
-            for (i = 0; i < 2; i++)
-                printf("%08lX ", (unsigned long)bf_cipher[n][i]);
-            err = 1;
-            printf("\n");
-        }
-
-        BF_decrypt(&(data[0]), &key);
-        if (memcmp(&(bf_plain[n][0]), &(data[0]), 8) != 0) {
-            printf("BF_encrypt error decrypting\n");
-            printf("got     :");
-            for (i = 0; i < 2; i++)
-                printf("%08lX ", (unsigned long)data[i]);
-            printf("\n");
-            printf("expected:");
-            for (i = 0; i < 2; i++)
-                printf("%08lX ", (unsigned long)bf_plain[n][i]);
-            printf("\n");
-            err = 1;
-        }
-    }
-
-    printf("testing blowfish in ecb mode\n");
-
-    for (n = 0; n < NUM_TESTS; n++) {
-        BF_set_key(&key, 8, ecb_data[n]);
-
-        BF_ecb_encrypt(&(plain_data[n][0]), out, &key, BF_ENCRYPT);
-        if (memcmp(&(cipher_data[n][0]), out, 8) != 0) {
-            printf("BF_ecb_encrypt blowfish error encrypting\n");
-            printf("got     :");
-            for (i = 0; i < 8; i++)
-                printf("%02X ", out[i]);
-            printf("\n");
-            printf("expected:");
-            for (i = 0; i < 8; i++)
-                printf("%02X ", cipher_data[n][i]);
-            err = 1;
-            printf("\n");
-        }
-
-        BF_ecb_encrypt(out, out, &key, BF_DECRYPT);
-        if (memcmp(&(plain_data[n][0]), out, 8) != 0) {
-            printf("BF_ecb_encrypt error decrypting\n");
-            printf("got     :");
-            for (i = 0; i < 8; i++)
-                printf("%02X ", out[i]);
-            printf("\n");
-            printf("expected:");
-            for (i = 0; i < 8; i++)
-                printf("%02X ", plain_data[n][i]);
-            printf("\n");
-            err = 1;
-        }
-    }
-
-    printf("testing blowfish set_key\n");
-    for (n = 1; n < KEY_TEST_NUM; n++) {
-        BF_set_key(&key, n, key_test);
-        BF_ecb_encrypt(key_data, out, &key, BF_ENCRYPT);
-        /* mips-sgi-irix6.5-gcc  vv  -mabi=64 bug workaround */
-        if (memcmp(out, &(key_out[i = n - 1][0]), 8) != 0) {
-            printf("blowfish setkey error\n");
-            err = 1;
-        }
-    }
-
-    printf("testing blowfish in cbc mode\n");
-    len = strlen(cbc_data) + 1;
-
-    BF_set_key(&key, 16, cbc_key);
-    memset(cbc_in, 0, sizeof(cbc_in));
-    memset(cbc_out, 0, sizeof(cbc_out));
-    memcpy(iv, cbc_iv, sizeof(iv));
-    BF_cbc_encrypt((unsigned char *)cbc_data, cbc_out, len,
-                   &key, iv, BF_ENCRYPT);
-    if (memcmp(cbc_out, cbc_ok, 32) != 0) {
-        err = 1;
-        printf("BF_cbc_encrypt encrypt error\n");
-        for (i = 0; i < 32; i++)
-            printf("0x%02X,", cbc_out[i]);
-    }
-    memcpy(iv, cbc_iv, 8);
-    BF_cbc_encrypt(cbc_out, cbc_in, len, &key, iv, BF_DECRYPT);
-    if (memcmp(cbc_in, cbc_data, strlen(cbc_data) + 1) != 0) {
-        printf("BF_cbc_encrypt decrypt error\n");
-        err = 1;
-    }
-
-    printf("testing blowfish in cfb64 mode\n");
-
-    BF_set_key(&key, 16, cbc_key);
-    memset(cbc_in, 0, 40);
-    memset(cbc_out, 0, 40);
-    memcpy(iv, cbc_iv, 8);
-    n = 0;
-    BF_cfb64_encrypt((unsigned char *)cbc_data, cbc_out, (long)13,
-                     &key, iv, &n, BF_ENCRYPT);
-    BF_cfb64_encrypt((unsigned char *)&(cbc_data[13]), &(cbc_out[13]),
-                     len - 13, &key, iv, &n, BF_ENCRYPT);
-    if (memcmp(cbc_out, cfb64_ok, (int)len) != 0) {
-        err = 1;
-        printf("BF_cfb64_encrypt encrypt error\n");
-        for (i = 0; i < (int)len; i++)
-            printf("0x%02X,", cbc_out[i]);
-    }
-    n = 0;
-    memcpy(iv, cbc_iv, 8);
-    BF_cfb64_encrypt(cbc_out, cbc_in, 17, &key, iv, &n, BF_DECRYPT);
-    BF_cfb64_encrypt(&(cbc_out[17]), &(cbc_in[17]), len - 17,
-                     &key, iv, &n, BF_DECRYPT);
-    if (memcmp(cbc_in, cbc_data, (int)len) != 0) {
-        printf("BF_cfb64_encrypt decrypt error\n");
-        err = 1;
-    }
-
-    printf("testing blowfish in ofb64\n");
-
-    BF_set_key(&key, 16, cbc_key);
-    memset(cbc_in, 0, 40);
-    memset(cbc_out, 0, 40);
-    memcpy(iv, cbc_iv, 8);
-    n = 0;
-    BF_ofb64_encrypt((unsigned char *)cbc_data, cbc_out, (long)13, &key, iv,
-                     &n);
-    BF_ofb64_encrypt((unsigned char *)&(cbc_data[13]), &(cbc_out[13]),
-                     len - 13, &key, iv, &n);
-    if (memcmp(cbc_out, ofb64_ok, (int)len) != 0) {
-        err = 1;
-        printf("BF_ofb64_encrypt encrypt error\n");
-        for (i = 0; i < (int)len; i++)
-            printf("0x%02X,", cbc_out[i]);
-    }
-    n = 0;
-    memcpy(iv, cbc_iv, 8);
-    BF_ofb64_encrypt(cbc_out, cbc_in, 17, &key, iv, &n);
-    BF_ofb64_encrypt(&(cbc_out[17]), &(cbc_in[17]), len - 17, &key, iv, &n);
-    if (memcmp(cbc_in, cbc_data, (int)len) != 0) {
-        printf("BF_ofb64_encrypt decrypt error\n");
-        err = 1;
-    }
-
-    return (err);
-}
-#endif
diff --git a/freebsd/crypto/openssl/crypto/bf/blowfish.h b/freebsd/crypto/openssl/crypto/bf/blowfish.h
deleted file mode 100644
index 83293027..00000000
--- a/freebsd/crypto/openssl/crypto/bf/blowfish.h
+++ /dev/null
@@ -1,130 +0,0 @@
-/* crypto/bf/blowfish.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_BLOWFISH_H
-# define HEADER_BLOWFISH_H
-
-# include <openssl/e_os2.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-# ifdef OPENSSL_NO_BF
-#  error BF is disabled.
-# endif
-
-# define BF_ENCRYPT      1
-# define BF_DECRYPT      0
-
-/*-
- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- * ! BF_LONG has to be at least 32 bits wide. If it's wider, then !
- * ! BF_LONG_LOG2 has to be defined along.                        !
- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- */
-
-# if defined(__LP32__)
-#  define BF_LONG unsigned long
-# elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
-#  define BF_LONG unsigned long
-#  define BF_LONG_LOG2 3
-/*
- * _CRAY note. I could declare short, but I have no idea what impact
- * does it have on performance on none-T3E machines. I could declare
- * int, but at least on C90 sizeof(int) can be chosen at compile time.
- * So I've chosen long...
- *                                      <appro@fy.chalmers.se>
- */
-# else
-#  define BF_LONG unsigned int
-# endif
-
-# define BF_ROUNDS       16
-# define BF_BLOCK        8
-
-typedef struct bf_key_st {
-    BF_LONG P[BF_ROUNDS + 2];
-    BF_LONG S[4 * 256];
-} BF_KEY;
-
-# ifdef OPENSSL_FIPS
-void private_BF_set_key(BF_KEY *key, int len, const unsigned char *data);
-# endif
-void BF_set_key(BF_KEY *key, int len, const unsigned char *data);
-
-void BF_encrypt(BF_LONG *data, const BF_KEY *key);
-void BF_decrypt(BF_LONG *data, const BF_KEY *key);
-
-void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
-                    const BF_KEY *key, int enc);
-void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
-                    const BF_KEY *schedule, unsigned char *ivec, int enc);
-void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out,
-                      long length, const BF_KEY *schedule,
-                      unsigned char *ivec, int *num, int enc);
-void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out,
-                      long length, const BF_KEY *schedule,
-                      unsigned char *ivec, int *num);
-const char *BF_options(void);
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/freebsd/crypto/openssl/crypto/bio/b_addr.c b/freebsd/crypto/openssl/crypto/bio/b_addr.c
new file mode 100644
index 00000000..950d87bf
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/bio/b_addr.c
@@ -0,0 +1,899 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <assert.h>
+#include <string.h>
+
+#include "bio_lcl.h"
+#include <openssl/crypto.h>
+
+#ifndef OPENSSL_NO_SOCK
+#include <openssl/err.h>
+#include <openssl/buffer.h>
+#include "internal/thread_once.h"
+
+CRYPTO_RWLOCK *bio_lookup_lock;
+static CRYPTO_ONCE bio_lookup_init = CRYPTO_ONCE_STATIC_INIT;
+
+/*
+ * Throughout this file and bio_lcl.h, the existence of the macro
+ * AI_PASSIVE is used to detect the availability of struct addrinfo,
+ * getnameinfo() and getaddrinfo().  If that macro doesn't exist,
+ * we use our own implementation instead, using gethostbyname,
+ * getservbyname and a few other.
+ */
+
+/**********************************************************************
+ *
+ * Address structure
+ *
+ */
+
+BIO_ADDR *BIO_ADDR_new(void)
+{
+    BIO_ADDR *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        BIOerr(BIO_F_BIO_ADDR_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ret->sa.sa_family = AF_UNSPEC;
+    return ret;
+}
+
+void BIO_ADDR_free(BIO_ADDR *ap)
+{
+    OPENSSL_free(ap);
+}
+
+void BIO_ADDR_clear(BIO_ADDR *ap)
+{
+    memset(ap, 0, sizeof(*ap));
+    ap->sa.sa_family = AF_UNSPEC;
+}
+
+/*
+ * BIO_ADDR_make - non-public routine to fill a BIO_ADDR with the contents
+ * of a struct sockaddr.
+ */
+int BIO_ADDR_make(BIO_ADDR *ap, const struct sockaddr *sa)
+{
+    if (sa->sa_family == AF_INET) {
+        memcpy(&(ap->s_in), sa, sizeof(struct sockaddr_in));
+        return 1;
+    }
+#ifdef AF_INET6
+    if (sa->sa_family == AF_INET6) {
+        memcpy(&(ap->s_in6), sa, sizeof(struct sockaddr_in6));
+        return 1;
+    }
+#endif
+#ifdef AF_UNIX
+    if (sa->sa_family == AF_UNIX) {
+        memcpy(&(ap->s_un), sa, sizeof(struct sockaddr_un));
+        return 1;
+    }
+#endif
+
+    return 0;
+}
+
+int BIO_ADDR_rawmake(BIO_ADDR *ap, int family,
+                     const void *where, size_t wherelen,
+                     unsigned short port)
+{
+#ifdef AF_UNIX
+    if (family == AF_UNIX) {
+        if (wherelen + 1 > sizeof(ap->s_un.sun_path))
+            return 0;
+        memset(&ap->s_un, 0, sizeof(ap->s_un));
+        ap->s_un.sun_family = family;
+        strncpy(ap->s_un.sun_path, where, sizeof(ap->s_un.sun_path) - 1);
+        return 1;
+    }
+#endif
+    if (family == AF_INET) {
+        if (wherelen != sizeof(struct in_addr))
+            return 0;
+        memset(&ap->s_in, 0, sizeof(ap->s_in));
+        ap->s_in.sin_family = family;
+        ap->s_in.sin_port = port;
+        ap->s_in.sin_addr = *(struct in_addr *)where;
+        return 1;
+    }
+#ifdef AF_INET6
+    if (family == AF_INET6) {
+        if (wherelen != sizeof(struct in6_addr))
+            return 0;
+        memset(&ap->s_in6, 0, sizeof(ap->s_in6));
+        ap->s_in6.sin6_family = family;
+        ap->s_in6.sin6_port = port;
+        ap->s_in6.sin6_addr = *(struct in6_addr *)where;
+        return 1;
+    }
+#endif
+
+    return 0;
+}
+
+int BIO_ADDR_family(const BIO_ADDR *ap)
+{
+    return ap->sa.sa_family;
+}
+
+int BIO_ADDR_rawaddress(const BIO_ADDR *ap, void *p, size_t *l)
+{
+    size_t len = 0;
+    const void *addrptr = NULL;
+
+    if (ap->sa.sa_family == AF_INET) {
+        len = sizeof(ap->s_in.sin_addr);
+        addrptr = &ap->s_in.sin_addr;
+    }
+#ifdef AF_INET6
+    else if (ap->sa.sa_family == AF_INET6) {
+        len = sizeof(ap->s_in6.sin6_addr);
+        addrptr = &ap->s_in6.sin6_addr;
+    }
+#endif
+#ifdef AF_UNIX
+    else if (ap->sa.sa_family == AF_UNIX) {
+        len = strlen(ap->s_un.sun_path);
+        addrptr = &ap->s_un.sun_path;
+    }
+#endif
+
+    if (addrptr == NULL)
+        return 0;
+
+    if (p != NULL) {
+        memcpy(p, addrptr, len);
+    }
+    if (l != NULL)
+        *l = len;
+
+    return 1;
+}
+
+unsigned short BIO_ADDR_rawport(const BIO_ADDR *ap)
+{
+    if (ap->sa.sa_family == AF_INET)
+        return ap->s_in.sin_port;
+#ifdef AF_INET6
+    if (ap->sa.sa_family == AF_INET6)
+        return ap->s_in6.sin6_port;
+#endif
+    return 0;
+}
+
+/*-
+ * addr_strings - helper function to get host and service names
+ * @ap: the BIO_ADDR that has the input info
+ * @numeric: 0 if actual names should be returned, 1 if the numeric
+ * representation should be returned.
+ * @hostname: a pointer to a pointer to a memory area to store the
+ * host name or numeric representation.  Unused if NULL.
+ * @service: a pointer to a pointer to a memory area to store the
+ * service name or numeric representation.  Unused if NULL.
+ *
+ * The return value is 0 on failure, with the error code in the error
+ * stack, and 1 on success.
+ */
+static int addr_strings(const BIO_ADDR *ap, int numeric,
+                        char **hostname, char **service)
+{
+    if (BIO_sock_init() != 1)
+        return 0;
+
+    if (1) {
+#ifdef AI_PASSIVE
+        int ret = 0;
+        char host[NI_MAXHOST] = "", serv[NI_MAXSERV] = "";
+        int flags = 0;
+
+        if (numeric)
+            flags |= NI_NUMERICHOST | NI_NUMERICSERV;
+
+        if ((ret = getnameinfo(BIO_ADDR_sockaddr(ap),
+                               BIO_ADDR_sockaddr_size(ap),
+                               host, sizeof(host), serv, sizeof(serv),
+                               flags)) != 0) {
+# ifdef EAI_SYSTEM
+            if (ret == EAI_SYSTEM) {
+                SYSerr(SYS_F_GETNAMEINFO, get_last_socket_error());
+                BIOerr(BIO_F_ADDR_STRINGS, ERR_R_SYS_LIB);
+            } else
+# endif
+            {
+                BIOerr(BIO_F_ADDR_STRINGS, ERR_R_SYS_LIB);
+                ERR_add_error_data(1, gai_strerror(ret));
+            }
+            return 0;
+        }
+
+        /* VMS getnameinfo() has a bug, it doesn't fill in serv, which
+         * leaves it with whatever garbage that happens to be there.
+         * However, we initialise serv with the empty string (serv[0]
+         * is therefore NUL), so it gets real easy to detect when things
+         * didn't go the way one might expect.
+         */
+        if (serv[0] == '\0') {
+            BIO_snprintf(serv, sizeof(serv), "%d",
+                         ntohs(BIO_ADDR_rawport(ap)));
+        }
+
+        if (hostname != NULL)
+            *hostname = OPENSSL_strdup(host);
+        if (service != NULL)
+            *service = OPENSSL_strdup(serv);
+    } else {
+#endif
+        if (hostname != NULL)
+            *hostname = OPENSSL_strdup(inet_ntoa(ap->s_in.sin_addr));
+        if (service != NULL) {
+            char serv[6];        /* port is 16 bits => max 5 decimal digits */
+            BIO_snprintf(serv, sizeof(serv), "%d", ntohs(ap->s_in.sin_port));
+            *service = OPENSSL_strdup(serv);
+        }
+    }
+
+    if ((hostname != NULL && *hostname == NULL)
+            || (service != NULL && *service == NULL)) {
+        if (hostname != NULL) {
+            OPENSSL_free(*hostname);
+            *hostname = NULL;
+        }
+        if (service != NULL) {
+            OPENSSL_free(*service);
+            *service = NULL;
+        }
+        BIOerr(BIO_F_ADDR_STRINGS, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    return 1;
+}
+
+char *BIO_ADDR_hostname_string(const BIO_ADDR *ap, int numeric)
+{
+    char *hostname = NULL;
+
+    if (addr_strings(ap, numeric, &hostname, NULL))
+        return hostname;
+
+    return NULL;
+}
+
+char *BIO_ADDR_service_string(const BIO_ADDR *ap, int numeric)
+{
+    char *service = NULL;
+
+    if (addr_strings(ap, numeric, NULL, &service))
+        return service;
+
+    return NULL;
+}
+
+char *BIO_ADDR_path_string(const BIO_ADDR *ap)
+{
+#ifdef AF_UNIX
+    if (ap->sa.sa_family == AF_UNIX)
+        return OPENSSL_strdup(ap->s_un.sun_path);
+#endif
+    return NULL;
+}
+
+/*
+ * BIO_ADDR_sockaddr - non-public routine to return the struct sockaddr
+ * for a given BIO_ADDR.  In reality, this is simply a type safe cast.
+ * The returned struct sockaddr is const, so it can't be tampered with.
+ */
+const struct sockaddr *BIO_ADDR_sockaddr(const BIO_ADDR *ap)
+{
+    return &(ap->sa);
+}
+
+/*
+ * BIO_ADDR_sockaddr_noconst - non-public function that does the same
+ * as BIO_ADDR_sockaddr, but returns a non-const.  USE WITH CARE, as
+ * it allows you to tamper with the data (and thereby the contents
+ * of the input BIO_ADDR).
+ */
+struct sockaddr *BIO_ADDR_sockaddr_noconst(BIO_ADDR *ap)
+{
+    return &(ap->sa);
+}
+
+/*
+ * BIO_ADDR_sockaddr_size - non-public function that returns the size
+ * of the struct sockaddr the BIO_ADDR is using.  If the protocol family
+ * isn't set or is something other than AF_INET, AF_INET6 or AF_UNIX,
+ * the size of the BIO_ADDR type is returned.
+ */
+socklen_t BIO_ADDR_sockaddr_size(const BIO_ADDR *ap)
+{
+    if (ap->sa.sa_family == AF_INET)
+        return sizeof(ap->s_in);
+#ifdef AF_INET6
+    if (ap->sa.sa_family == AF_INET6)
+        return sizeof(ap->s_in6);
+#endif
+#ifdef AF_UNIX
+    if (ap->sa.sa_family == AF_UNIX)
+        return sizeof(ap->s_un);
+#endif
+    return sizeof(*ap);
+}
+
+/**********************************************************************
+ *
+ * Address info database
+ *
+ */
+
+const BIO_ADDRINFO *BIO_ADDRINFO_next(const BIO_ADDRINFO *bai)
+{
+    if (bai != NULL)
+        return bai->bai_next;
+    return NULL;
+}
+
+int BIO_ADDRINFO_family(const BIO_ADDRINFO *bai)
+{
+    if (bai != NULL)
+        return bai->bai_family;
+    return 0;
+}
+
+int BIO_ADDRINFO_socktype(const BIO_ADDRINFO *bai)
+{
+    if (bai != NULL)
+        return bai->bai_socktype;
+    return 0;
+}
+
+int BIO_ADDRINFO_protocol(const BIO_ADDRINFO *bai)
+{
+    if (bai != NULL) {
+        if (bai->bai_protocol != 0)
+            return bai->bai_protocol;
+
+#ifdef AF_UNIX
+        if (bai->bai_family == AF_UNIX)
+            return 0;
+#endif
+
+        switch (bai->bai_socktype) {
+        case SOCK_STREAM:
+            return IPPROTO_TCP;
+        case SOCK_DGRAM:
+            return IPPROTO_UDP;
+        default:
+            break;
+        }
+    }
+    return 0;
+}
+
+/*
+ * BIO_ADDRINFO_sockaddr_size - non-public function that returns the size
+ * of the struct sockaddr inside the BIO_ADDRINFO.
+ */
+socklen_t BIO_ADDRINFO_sockaddr_size(const BIO_ADDRINFO *bai)
+{
+    if (bai != NULL)
+        return bai->bai_addrlen;
+    return 0;
+}
+
+/*
+ * BIO_ADDRINFO_sockaddr - non-public function that returns bai_addr
+ * as the struct sockaddr it is.
+ */
+const struct sockaddr *BIO_ADDRINFO_sockaddr(const BIO_ADDRINFO *bai)
+{
+    if (bai != NULL)
+        return bai->bai_addr;
+    return NULL;
+}
+
+const BIO_ADDR *BIO_ADDRINFO_address(const BIO_ADDRINFO *bai)
+{
+    if (bai != NULL)
+        return (BIO_ADDR *)bai->bai_addr;
+    return NULL;
+}
+
+void BIO_ADDRINFO_free(BIO_ADDRINFO *bai)
+{
+    if (bai == NULL)
+        return;
+
+#ifdef AI_PASSIVE
+# ifdef AF_UNIX
+#  define _cond bai->bai_family != AF_UNIX
+# else
+#  define _cond 1
+# endif
+    if (_cond) {
+        freeaddrinfo(bai);
+        return;
+    }
+#endif
+
+    /* Free manually when we know that addrinfo_wrap() was used.
+     * See further comment above addrinfo_wrap()
+     */
+    while (bai != NULL) {
+        BIO_ADDRINFO *next = bai->bai_next;
+        OPENSSL_free(bai->bai_addr);
+        OPENSSL_free(bai);
+        bai = next;
+    }
+}
+
+/**********************************************************************
+ *
+ * Service functions
+ *
+ */
+
+/*-
+ * The specs in hostserv can take these forms:
+ *
+ * host:service         => *host = "host", *service = "service"
+ * host:*               => *host = "host", *service = NULL
+ * host:                => *host = "host", *service = NULL
+ * :service             => *host = NULL, *service = "service"
+ * *:service            => *host = NULL, *service = "service"
+ *
+ * in case no : is present in the string, the result depends on
+ * hostserv_prio, as follows:
+ *
+ * when hostserv_prio == BIO_PARSE_PRIO_HOST
+ * host                 => *host = "host", *service untouched
+ *
+ * when hostserv_prio == BIO_PARSE_PRIO_SERV
+ * service              => *host untouched, *service = "service"
+ *
+ */
+int BIO_parse_hostserv(const char *hostserv, char **host, char **service,
+                       enum BIO_hostserv_priorities hostserv_prio)
+{
+    const char *h = NULL; size_t hl = 0;
+    const char *p = NULL; size_t pl = 0;
+
+    if (*hostserv == '[') {
+        if ((p = strchr(hostserv, ']')) == NULL)
+            goto spec_err;
+        h = hostserv + 1;
+        hl = p - h;
+        p++;
+        if (*p == '\0')
+            p = NULL;
+        else if (*p != ':')
+            goto spec_err;
+        else {
+            p++;
+            pl = strlen(p);
+        }
+    } else {
+        const char *p2 = strrchr(hostserv, ':');
+        p = strchr(hostserv, ':');
+
+        /*-
+         * Check for more than one colon.  There are three possible
+         * interpretations:
+         * 1. IPv6 address with port number, last colon being separator.
+         * 2. IPv6 address only.
+         * 3. IPv6 address only if hostserv_prio == BIO_PARSE_PRIO_HOST,
+         *    IPv6 address and port number if hostserv_prio == BIO_PARSE_PRIO_SERV
+         * Because of this ambiguity, we currently choose to make it an
+         * error.
+         */
+        if (p != p2)
+            goto amb_err;
+
+        if (p != NULL) {
+            h = hostserv;
+            hl = p - h;
+            p++;
+            pl = strlen(p);
+        } else if (hostserv_prio == BIO_PARSE_PRIO_HOST) {
+            h = hostserv;
+            hl = strlen(h);
+        } else {
+            p = hostserv;
+            pl = strlen(p);
+        }
+    }
+
+    if (p != NULL && strchr(p, ':'))
+        goto spec_err;
+
+    if (h != NULL && host != NULL) {
+        if (hl == 0
+            || (hl == 1 && h[0] == '*')) {
+            *host = NULL;
+        } else {
+            *host = OPENSSL_strndup(h, hl);
+            if (*host == NULL)
+                goto memerr;
+        }
+    }
+    if (p != NULL && service != NULL) {
+        if (pl == 0
+            || (pl == 1 && p[0] == '*')) {
+            *service = NULL;
+        } else {
+            *service = OPENSSL_strndup(p, pl);
+            if (*service == NULL)
+                goto memerr;
+        }
+    }
+
+    return 1;
+ amb_err:
+    BIOerr(BIO_F_BIO_PARSE_HOSTSERV, BIO_R_AMBIGUOUS_HOST_OR_SERVICE);
+    return 0;
+ spec_err:
+    BIOerr(BIO_F_BIO_PARSE_HOSTSERV, BIO_R_MALFORMED_HOST_OR_SERVICE);
+    return 0;
+ memerr:
+    BIOerr(BIO_F_BIO_PARSE_HOSTSERV, ERR_R_MALLOC_FAILURE);
+    return 0;
+}
+
+/* addrinfo_wrap is used to build our own addrinfo "chain".
+ * (it has only one entry, so calling it a chain may be a stretch)
+ * It should ONLY be called when getaddrinfo() and friends
+ * aren't available, OR when dealing with a non IP protocol
+ * family, such as AF_UNIX
+ *
+ * the return value is 1 on success, or 0 on failure, which
+ * only happens if a memory allocation error occurred.
+ */
+static int addrinfo_wrap(int family, int socktype,
+                         const void *where, size_t wherelen,
+                         unsigned short port,
+                         BIO_ADDRINFO **bai)
+{
+    if ((*bai = OPENSSL_zalloc(sizeof(**bai))) == NULL) {
+        BIOerr(BIO_F_ADDRINFO_WRAP, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    (*bai)->bai_family = family;
+    (*bai)->bai_socktype = socktype;
+    if (socktype == SOCK_STREAM)
+        (*bai)->bai_protocol = IPPROTO_TCP;
+    if (socktype == SOCK_DGRAM)
+        (*bai)->bai_protocol = IPPROTO_UDP;
+#ifdef AF_UNIX
+    if (family == AF_UNIX)
+        (*bai)->bai_protocol = 0;
+#endif
+    {
+        /* Magic: We know that BIO_ADDR_sockaddr_noconst is really
+           just an advanced cast of BIO_ADDR* to struct sockaddr *
+           by the power of union, so while it may seem that we're
+           creating a memory leak here, we are not.  It will be
+           all right. */
+        BIO_ADDR *addr = BIO_ADDR_new();
+        if (addr != NULL) {
+            BIO_ADDR_rawmake(addr, family, where, wherelen, port);
+            (*bai)->bai_addr = BIO_ADDR_sockaddr_noconst(addr);
+        }
+    }
+    (*bai)->bai_next = NULL;
+    if ((*bai)->bai_addr == NULL) {
+        BIO_ADDRINFO_free(*bai);
+        *bai = NULL;
+        return 0;
+    }
+    return 1;
+}
+
+DEFINE_RUN_ONCE_STATIC(do_bio_lookup_init)
+{
+    if (!OPENSSL_init_crypto(0, NULL))
+        return 0;
+    bio_lookup_lock = CRYPTO_THREAD_lock_new();
+    return bio_lookup_lock != NULL;
+}
+
+int BIO_lookup(const char *host, const char *service,
+               enum BIO_lookup_type lookup_type,
+               int family, int socktype, BIO_ADDRINFO **res)
+{
+    return BIO_lookup_ex(host, service, lookup_type, family, socktype, 0, res);
+}
+
+/*-
+ * BIO_lookup_ex - look up the node and service you want to connect to.
+ * @node: the node you want to connect to.
+ * @service: the service you want to connect to.
+ * @lookup_type: declare intent with the result, client or server.
+ * @family: the address family you want to use.  Use AF_UNSPEC for any, or
+ *  AF_INET, AF_INET6 or AF_UNIX.
+ * @socktype: The socket type you want to use.  Can be SOCK_STREAM, SOCK_DGRAM
+ *  or 0 for all.
+ * @protocol: The protocol to use, e.g. IPPROTO_TCP or IPPROTO_UDP or 0 for all.
+ *            Note that some platforms may not return IPPROTO_SCTP without
+ *            explicitly requesting it (i.e. IPPROTO_SCTP may not be returned
+ *            with 0 for the protocol)
+ * @res: Storage place for the resulting list of returned addresses
+ *
+ * This will do a lookup of the node and service that you want to connect to.
+ * It returns a linked list of different addresses you can try to connect to.
+ *
+ * When no longer needed you should call BIO_ADDRINFO_free() to free the result.
+ *
+ * The return value is 1 on success or 0 in case of error.
+ */
+int BIO_lookup_ex(const char *host, const char *service, int lookup_type,
+                  int family, int socktype, int protocol, BIO_ADDRINFO **res)
+{
+    int ret = 0;                 /* Assume failure */
+
+    switch(family) {
+    case AF_INET:
+#ifdef AF_INET6
+    case AF_INET6:
+#endif
+#ifdef AF_UNIX
+    case AF_UNIX:
+#endif
+#ifdef AF_UNSPEC
+    case AF_UNSPEC:
+#endif
+        break;
+    default:
+        BIOerr(BIO_F_BIO_LOOKUP_EX, BIO_R_UNSUPPORTED_PROTOCOL_FAMILY);
+        return 0;
+    }
+
+#ifdef AF_UNIX
+    if (family == AF_UNIX) {
+        if (addrinfo_wrap(family, socktype, host, strlen(host), 0, res))
+            return 1;
+        else
+            BIOerr(BIO_F_BIO_LOOKUP_EX, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+#endif
+
+    if (BIO_sock_init() != 1)
+        return 0;
+
+    if (1) {
+#ifdef AI_PASSIVE
+        int gai_ret = 0;
+        struct addrinfo hints;
+
+        memset(&hints, 0, sizeof(hints));
+
+        hints.ai_family = family;
+        hints.ai_socktype = socktype;
+        hints.ai_protocol = protocol;
+
+        if (lookup_type == BIO_LOOKUP_SERVER)
+            hints.ai_flags |= AI_PASSIVE;
+
+        /* Note that |res| SHOULD be a 'struct addrinfo **' thanks to
+         * macro magic in bio_lcl.h
+         */
+        switch ((gai_ret = getaddrinfo(host, service, &hints, res))) {
+# ifdef EAI_SYSTEM
+        case EAI_SYSTEM:
+            SYSerr(SYS_F_GETADDRINFO, get_last_socket_error());
+            BIOerr(BIO_F_BIO_LOOKUP_EX, ERR_R_SYS_LIB);
+            break;
+# endif
+        case 0:
+            ret = 1;             /* Success */
+            break;
+        default:
+            BIOerr(BIO_F_BIO_LOOKUP_EX, ERR_R_SYS_LIB);
+            ERR_add_error_data(1, gai_strerror(gai_ret));
+            break;
+        }
+    } else {
+#endif
+        const struct hostent *he;
+/*
+ * Because struct hostent is defined for 32-bit pointers only with
+ * VMS C, we need to make sure that '&he_fallback_address' and
+ * '&he_fallback_addresses' are 32-bit pointers
+ */
+#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
+# pragma pointer_size save
+# pragma pointer_size 32
+#endif
+        /* Windows doesn't seem to have in_addr_t */
+#ifdef OPENSSL_SYS_WINDOWS
+        static uint32_t he_fallback_address;
+        static const char *he_fallback_addresses[] =
+            { (char *)&he_fallback_address, NULL };
+#else
+        static in_addr_t he_fallback_address;
+        static const char *he_fallback_addresses[] =
+            { (char *)&he_fallback_address, NULL };
+#endif
+        static const struct hostent he_fallback =
+            { NULL, NULL, AF_INET, sizeof(he_fallback_address),
+              (char **)&he_fallback_addresses };
+#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
+# pragma pointer_size restore
+#endif
+
+        struct servent *se;
+        /* Apparently, on WIN64, s_proto and s_port have traded places... */
+#ifdef _WIN64
+        struct servent se_fallback = { NULL, NULL, NULL, 0 };
+#else
+        struct servent se_fallback = { NULL, NULL, 0, NULL };
+#endif
+
+        if (!RUN_ONCE(&bio_lookup_init, do_bio_lookup_init)) {
+            BIOerr(BIO_F_BIO_LOOKUP_EX, ERR_R_MALLOC_FAILURE);
+            ret = 0;
+            goto err;
+        }
+
+        CRYPTO_THREAD_write_lock(bio_lookup_lock);
+        he_fallback_address = INADDR_ANY;
+        if (host == NULL) {
+            he = &he_fallback;
+            switch(lookup_type) {
+            case BIO_LOOKUP_CLIENT:
+                he_fallback_address = INADDR_LOOPBACK;
+                break;
+            case BIO_LOOKUP_SERVER:
+                he_fallback_address = INADDR_ANY;
+                break;
+            default:
+                /* We forgot to handle a lookup type! */
+                assert("We forgot to handle a lookup type!" == NULL);
+                BIOerr(BIO_F_BIO_LOOKUP_EX, ERR_R_INTERNAL_ERROR);
+                ret = 0;
+                goto err;
+            }
+        } else {
+            he = gethostbyname(host);
+
+            if (he == NULL) {
+#ifndef OPENSSL_SYS_WINDOWS
+                /*
+                 * This might be misleading, because h_errno is used as if
+                 * it was errno. To minimize mixup add 1000. Underlying
+                 * reason for this is that hstrerror is declared obsolete,
+                 * not to mention that a) h_errno is not always guaranteed
+                 * to be meaningless; b) hstrerror can reside in yet another
+                 * library, linking for sake of hstrerror is an overkill;
+                 * c) this path is not executed on contemporary systems
+                 * anyway [above getaddrinfo/gai_strerror is]. We just let
+                 * system administrator figure this out...
+                 */
+                SYSerr(SYS_F_GETHOSTBYNAME, 1000 + h_errno);
+#else
+                SYSerr(SYS_F_GETHOSTBYNAME, WSAGetLastError());
+#endif
+                ret = 0;
+                goto err;
+            }
+        }
+
+        if (service == NULL) {
+            se_fallback.s_port = 0;
+            se_fallback.s_proto = NULL;
+            se = &se_fallback;
+        } else {
+            char *endp = NULL;
+            long portnum = strtol(service, &endp, 10);
+
+/*
+ * Because struct servent is defined for 32-bit pointers only with
+ * VMS C, we need to make sure that 'proto' is a 32-bit pointer.
+ */
+#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
+# pragma pointer_size save
+# pragma pointer_size 32
+#endif
+            char *proto = NULL;
+#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
+# pragma pointer_size restore
+#endif
+
+            switch (socktype) {
+            case SOCK_STREAM:
+                proto = "tcp";
+                break;
+            case SOCK_DGRAM:
+                proto = "udp";
+                break;
+            }
+
+            if (endp != service && *endp == '\0'
+                    && portnum > 0 && portnum < 65536) {
+                se_fallback.s_port = htons((unsigned short)portnum);
+                se_fallback.s_proto = proto;
+                se = &se_fallback;
+            } else if (endp == service) {
+                se = getservbyname(service, proto);
+
+                if (se == NULL) {
+#ifndef OPENSSL_SYS_WINDOWS
+                    SYSerr(SYS_F_GETSERVBYNAME, errno);
+#else
+                    SYSerr(SYS_F_GETSERVBYNAME, WSAGetLastError());
+#endif
+                    goto err;
+                }
+            } else {
+                BIOerr(BIO_F_BIO_LOOKUP_EX, BIO_R_MALFORMED_HOST_OR_SERVICE);
+                goto err;
+            }
+        }
+
+        *res = NULL;
+
+        {
+/*
+ * Because hostent::h_addr_list is an array of 32-bit pointers with VMS C,
+ * we must make sure our iterator designates the same element type, hence
+ * the pointer size dance.
+ */
+#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
+# pragma pointer_size save
+# pragma pointer_size 32
+#endif
+            char **addrlistp;
+#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
+# pragma pointer_size restore
+#endif
+            size_t addresses;
+            BIO_ADDRINFO *tmp_bai = NULL;
+
+            /* The easiest way to create a linked list from an
+               array is to start from the back */
+            for(addrlistp = he->h_addr_list; *addrlistp != NULL;
+                addrlistp++)
+                ;
+
+            for(addresses = addrlistp - he->h_addr_list;
+                addrlistp--, addresses-- > 0; ) {
+                if (!addrinfo_wrap(he->h_addrtype, socktype,
+                                   *addrlistp, he->h_length,
+                                   se->s_port, &tmp_bai))
+                    goto addrinfo_malloc_err;
+                tmp_bai->bai_next = *res;
+                *res = tmp_bai;
+                continue;
+             addrinfo_malloc_err:
+                BIO_ADDRINFO_free(*res);
+                *res = NULL;
+                BIOerr(BIO_F_BIO_LOOKUP_EX, ERR_R_MALLOC_FAILURE);
+                ret = 0;
+                goto err;
+            }
+
+            ret = 1;
+        }
+     err:
+        CRYPTO_THREAD_unlock(bio_lookup_lock);
+    }
+
+    return ret;
+}
+
+#endif /* OPENSSL_NO_SOCK */
diff --git a/freebsd/crypto/openssl/crypto/bio/b_dump.c b/freebsd/crypto/openssl/crypto/bio/b_dump.c
index d4bc5240..1c7f6cf0 100644
--- a/freebsd/crypto/openssl/crypto/bio/b_dump.c
+++ b/freebsd/crypto/openssl/crypto/bio/b_dump.c
@@ -1,61 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/bio/b_dump.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 /*
@@ -63,11 +14,12 @@
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
 #include "bio_lcl.h"
 
 #define DUMP_WIDTH      16
-#define DUMP_WIDTH_LESS_INDENT(i) (DUMP_WIDTH-((i-(i>6?6:i)+3)/4))
+#define DUMP_WIDTH_LESS_INDENT(i) (DUMP_WIDTH - ((i - (i > 6 ? 6 : i) + 3) / 4))
+
+#define SPACE(buf, pos, n)   (sizeof(buf) - (pos) > (n))
 
 int BIO_dump_cb(int (*cb) (const void *data, size_t len, void *u),
                 void *u, const char *s, int len)
@@ -79,65 +31,68 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u),
                        void *u, const char *s, int len, int indent)
 {
     int ret = 0;
-    char buf[288 + 1], tmp[20], str[128 + 1];
-    int i, j, rows;
+    char buf[288 + 1];
+    int i, j, rows, n;
     unsigned char ch;
     int dump_width;
 
     if (indent < 0)
         indent = 0;
-    if (indent) {
-        if (indent > 128)
-            indent = 128;
-        memset(str, ' ', indent);
-    }
-    str[indent] = '\0';
+    else if (indent > 128)
+        indent = 128;
 
     dump_width = DUMP_WIDTH_LESS_INDENT(indent);
-    rows = (len / dump_width);
+    rows = len / dump_width;
     if ((rows * dump_width) < len)
         rows++;
     for (i = 0; i < rows; i++) {
-        BUF_strlcpy(buf, str, sizeof(buf));
-        BIO_snprintf(tmp, sizeof(tmp), "%04x - ", i * dump_width);
-        BUF_strlcat(buf, tmp, sizeof(buf));
+        n = BIO_snprintf(buf, sizeof(buf), "%*s%04x - ", indent, "",
+                         i * dump_width);
         for (j = 0; j < dump_width; j++) {
-            if (((i * dump_width) + j) >= len) {
-                BUF_strlcat(buf, "   ", sizeof(buf));
-            } else {
-                ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff;
-                BIO_snprintf(tmp, sizeof(tmp), "%02x%c", ch,
-                             j == 7 ? '-' : ' ');
-                BUF_strlcat(buf, tmp, sizeof(buf));
+            if (SPACE(buf, n, 3)) {
+                if (((i * dump_width) + j) >= len) {
+                    strcpy(buf + n, "   ");
+                } else {
+                    ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff;
+                    BIO_snprintf(buf + n, 4, "%02x%c", ch,
+                                 j == 7 ? '-' : ' ');
+                }
+                n += 3;
             }
         }
-        BUF_strlcat(buf, "  ", sizeof(buf));
+        if (SPACE(buf, n, 2)) {
+            strcpy(buf + n, "  ");
+            n += 2;
+        }
         for (j = 0; j < dump_width; j++) {
             if (((i * dump_width) + j) >= len)
                 break;
-            ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff;
+            if (SPACE(buf, n, 1)) {
+                ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff;
 #ifndef CHARSET_EBCDIC
-            BIO_snprintf(tmp, sizeof(tmp), "%c",
-                         ((ch >= ' ') && (ch <= '~')) ? ch : '.');
+                buf[n++] = ((ch >= ' ') && (ch <= '~')) ? ch : '.';
 #else
-            BIO_snprintf(tmp, sizeof(tmp), "%c",
-                         ((ch >= os_toascii[' ']) && (ch <= os_toascii['~']))
-                         ? os_toebcdic[ch]
-                         : '.');
+                buf[n++] = ((ch >= os_toascii[' ']) && (ch <= os_toascii['~']))
+                           ? os_toebcdic[ch]
+                           : '.';
 #endif
-            BUF_strlcat(buf, tmp, sizeof(buf));
+                buf[n] = '\0';
+            }
+        }
+        if (SPACE(buf, n, 1)) {
+            buf[n++] = '\n';
+            buf[n] = '\0';
         }
-        BUF_strlcat(buf, "\n", sizeof(buf));
         /*
          * if this is the last call then update the ddt_dump thing so that we
          * will move the selection point in the debug window
          */
-        ret += cb((void *)buf, strlen(buf), u);
+        ret += cb((void *)buf, n, u);
     }
     return ret;
 }
 
-#ifndef OPENSSL_NO_FP_API
+#ifndef OPENSSL_NO_STDIO
 static int write_fp(const void *data, size_t len, void *fp)
 {
     return UP_fwrite(data, len, 1, fp);
diff --git a/freebsd/crypto/openssl/crypto/bio/b_print.c b/freebsd/crypto/openssl/crypto/bio/b_print.c
index 656d63bb..1d6a43ef 100644
--- a/freebsd/crypto/openssl/crypto/bio/b_print.c
+++ b/freebsd/crypto/openssl/crypto/bio/b_print.c
@@ -1,94 +1,21 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/bio/b_print.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* disable assert() unless BIO_DEBUG has been defined */
-#ifndef BIO_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-
 /*
- * Stolen from tjh's ssl/ssl_trc.c stuff.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <string.h>
-#include <ctype.h>
-#include <assert.h>
-#include <limits.h>
-#include "cryptlib.h"
-#ifndef NO_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#include <openssl/bn.h>         /* To get BN_LLONG properly defined */
+#include "internal/cryptlib.h"
+#include "internal/ctype.h"
+#include "internal/numbers.h"
 #include <openssl/bio.h>
 
-#if defined(BN_LLONG) || defined(SIXTY_FOUR_BIT)
-# ifndef HAVE_LONG_LONG
-#  define HAVE_LONG_LONG 1
-# endif
-#endif
-
-/***************************************************************************/
-
 /*
  * Copyright Patrick Powell 1995
  * This code is based on code written by Patrick Powell <papowell@astart.com>
@@ -96,43 +23,18 @@
  * on all source code distributions.
  */
 
-/*-
- * This code contains numerious changes and enhancements which were
- * made by lots of contributors over the last years to Patrick Powell's
- * original code:
- *
- * o Patrick Powell <papowell@astart.com>      (1995)
- * o Brandon Long <blong@fiction.net>          (1996, for Mutt)
- * o Thomas Roessler <roessler@guug.de>        (1998, for Mutt)
- * o Michael Elkins <me@cs.hmc.edu>            (1998, for Mutt)
- * o Andrew Tridgell <tridge@samba.org>        (1998, for Samba)
- * o Luke Mewburn <lukem@netbsd.org>           (1999, for LukemFTP)
- * o Ralf S. Engelschall <rse@engelschall.com> (1999, for Pth)
- * o ...                                       (for OpenSSL)
- */
-
 #ifdef HAVE_LONG_DOUBLE
 # define LDOUBLE long double
 #else
 # define LDOUBLE double
 #endif
 
-#ifdef HAVE_LONG_LONG
-# if defined(_WIN32) && !defined(__GNUC__)
-#  define LLONG __int64
-# else
-#  define LLONG long long
-# endif
-#else
-# define LLONG long
-#endif
-
 static int fmtstr(char **, char **, size_t *, size_t *,
                   const char *, int, int, int);
 static int fmtint(char **, char **, size_t *, size_t *,
-                  LLONG, int, int, int, int);
+                  int64_t, int, int, int, int);
 static int fmtfp(char **, char **, size_t *, size_t *,
-                 LDOUBLE, int, int, int);
+                 LDOUBLE, int, int, int, int);
 static int doapr_outch(char **, char **, size_t *, size_t *, int);
 static int _dopr(char **sbuffer, char **buffer,
                  size_t *maxlen, size_t *retlen, int *truncated,
@@ -149,12 +51,19 @@ static int _dopr(char **sbuffer, char **buffer,
 #define DP_S_DONE       7
 
 /* format flags - Bits */
+/* left-aligned padding */
 #define DP_F_MINUS      (1 << 0)
+/* print an explicit '+' for a value with positive sign */
 #define DP_F_PLUS       (1 << 1)
+/* print an explicit ' ' for a value with positive sign */
 #define DP_F_SPACE      (1 << 2)
+/* print 0/0x prefix for octal/hex and decimal point for floating point */
 #define DP_F_NUM        (1 << 3)
+/* print leading zeroes */
 #define DP_F_ZERO       (1 << 4)
+/* print HEX in UPPPERcase */
 #define DP_F_UP         (1 << 5)
+/* treat value as unsigned */
 #define DP_F_UNSIGNED   (1 << 6)
 
 /* conversion flags */
@@ -162,6 +71,12 @@ static int _dopr(char **sbuffer, char **buffer,
 #define DP_C_LONG       2
 #define DP_C_LDOUBLE    3
 #define DP_C_LLONG      4
+#define DP_C_SIZE       5
+
+/* Floating point formats */
+#define F_FORMAT        0
+#define E_FORMAT        1
+#define G_FORMAT        2
 
 /* some handy macros */
 #define char_to_int(p) (p - '0')
@@ -174,7 +89,7 @@ _dopr(char **sbuffer,
       size_t *retlen, int *truncated, const char *format, va_list args)
 {
     char ch;
-    LLONG value;
+    int64_t value;
     LDOUBLE fvalue;
     char *strvalue;
     int min;
@@ -198,7 +113,7 @@ _dopr(char **sbuffer,
             if (ch == '%')
                 state = DP_S_FLAGS;
             else
-                if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch))
+                if (!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch))
                     return 0;
             ch = *format++;
             break;
@@ -230,7 +145,7 @@ _dopr(char **sbuffer,
             }
             break;
         case DP_S_MIN:
-            if (isdigit((unsigned char)ch)) {
+            if (ossl_isdigit(ch)) {
                 min = 10 * min + char_to_int(ch);
                 ch = *format++;
             } else if (ch == '*') {
@@ -248,7 +163,7 @@ _dopr(char **sbuffer,
                 state = DP_S_MOD;
             break;
         case DP_S_MAX:
-            if (isdigit((unsigned char)ch)) {
+            if (ossl_isdigit(ch)) {
                 if (max < 0)
                     max = 0;
                 max = 10 * max + char_to_int(ch);
@@ -275,6 +190,7 @@ _dopr(char **sbuffer,
                 ch = *format++;
                 break;
             case 'q':
+            case 'j':
                 cflags = DP_C_LLONG;
                 ch = *format++;
                 break;
@@ -282,6 +198,10 @@ _dopr(char **sbuffer,
                 cflags = DP_C_LDOUBLE;
                 ch = *format++;
                 break;
+            case 'z':
+                cflags = DP_C_SIZE;
+                ch = *format++;
+                break;
             default:
                 break;
             }
@@ -299,7 +219,10 @@ _dopr(char **sbuffer,
                     value = va_arg(args, long int);
                     break;
                 case DP_C_LLONG:
-                    value = va_arg(args, LLONG);
+                    value = va_arg(args, int64_t);
+                    break;
+                case DP_C_SIZE:
+                    value = va_arg(args, ossl_ssize_t);
                     break;
                 default:
                     value = va_arg(args, int);
@@ -321,13 +244,16 @@ _dopr(char **sbuffer,
                     value = (unsigned short int)va_arg(args, unsigned int);
                     break;
                 case DP_C_LONG:
-                    value = (LLONG) va_arg(args, unsigned long int);
+                    value = va_arg(args, unsigned long int);
                     break;
                 case DP_C_LLONG:
-                    value = va_arg(args, unsigned LLONG);
+                    value = va_arg(args, uint64_t);
+                    break;
+                case DP_C_SIZE:
+                    value = va_arg(args, size_t);
                     break;
                 default:
-                    value = (LLONG) va_arg(args, unsigned int);
+                    value = va_arg(args, unsigned int);
                     break;
                 }
                 if (!fmtint(sbuffer, buffer, &currlen, maxlen, value,
@@ -341,28 +267,36 @@ _dopr(char **sbuffer,
                 else
                     fvalue = va_arg(args, double);
                 if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max,
-                           flags))
+                           flags, F_FORMAT))
                     return 0;
                 break;
             case 'E':
                 flags |= DP_F_UP;
+                /* fall thru */
             case 'e':
                 if (cflags == DP_C_LDOUBLE)
                     fvalue = va_arg(args, LDOUBLE);
                 else
                     fvalue = va_arg(args, double);
+                if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max,
+                           flags, E_FORMAT))
+                    return 0;
                 break;
             case 'G':
                 flags |= DP_F_UP;
+                /* fall thru */
             case 'g':
                 if (cflags == DP_C_LDOUBLE)
                     fvalue = va_arg(args, LDOUBLE);
                 else
                     fvalue = va_arg(args, double);
+                if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max,
+                           flags, G_FORMAT))
+                    return 0;
                 break;
             case 'c':
-                if(!doapr_outch(sbuffer, buffer, &currlen, maxlen,
-                            va_arg(args, int)))
+                if (!doapr_outch(sbuffer, buffer, &currlen, maxlen,
+                                 va_arg(args, int)))
                     return 0;
                 break;
             case 's':
@@ -378,32 +312,20 @@ _dopr(char **sbuffer,
                     return 0;
                 break;
             case 'p':
-                value = (long)va_arg(args, void *);
+                value = (size_t)va_arg(args, void *);
                 if (!fmtint(sbuffer, buffer, &currlen, maxlen,
                             value, 16, min, max, flags | DP_F_NUM))
                     return 0;
                 break;
-            case 'n':          /* XXX */
-                if (cflags == DP_C_SHORT) {
-                    short int *num;
-                    num = va_arg(args, short int *);
-                    *num = (short int)currlen;
-                } else if (cflags == DP_C_LONG) { /* XXX */
-                    long int *num;
-                    num = va_arg(args, long int *);
-                    *num = (long int)currlen;
-                } else if (cflags == DP_C_LLONG) { /* XXX */
-                    LLONG *num;
-                    num = va_arg(args, LLONG *);
-                    *num = (LLONG) currlen;
-                } else {
+            case 'n':
+                {
                     int *num;
                     num = va_arg(args, int *);
                     *num = currlen;
                 }
                 break;
             case '%':
-                if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch))
+                if (!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch))
                     return 0;
                 break;
             case 'w':
@@ -434,7 +356,7 @@ _dopr(char **sbuffer,
         if (*truncated)
             currlen = *maxlen - 1;
     }
-    if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0'))
+    if (!doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0'))
         return 0;
     *retlen = currlen - 1;
     return 1;
@@ -453,29 +375,38 @@ fmtstr(char **sbuffer,
     if (value == 0)
         value = "<NULL>";
 
-    strln = strlen(value);
-    if (strln > INT_MAX)
-        strln = INT_MAX;
+    strln = OPENSSL_strnlen(value, max < 0 ? SIZE_MAX : (size_t)max);
 
     padlen = min - strln;
     if (min < 0 || padlen < 0)
         padlen = 0;
+    if (max >= 0) {
+        /*
+         * Calculate the maximum output including padding.
+         * Make sure max doesn't overflow into negativity
+         */
+        if (max < INT_MAX - padlen)
+            max += padlen;
+        else
+            max = INT_MAX;
+    }
     if (flags & DP_F_MINUS)
         padlen = -padlen;
 
-    while ((padlen > 0) && (cnt < max)) {
-        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
+    while ((padlen > 0) && (max < 0 || cnt < max)) {
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
             return 0;
         --padlen;
         ++cnt;
     }
-    while (*value && (cnt < max)) {
-        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, *value++))
+    while (strln > 0 && (max < 0 || cnt < max)) {
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, *value++))
             return 0;
+        --strln;
         ++cnt;
     }
-    while ((padlen < 0) && (cnt < max)) {
-        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
+    while ((padlen < 0) && (max < 0 || cnt < max)) {
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
             return 0;
         ++padlen;
         ++cnt;
@@ -487,11 +418,11 @@ static int
 fmtint(char **sbuffer,
        char **buffer,
        size_t *currlen,
-       size_t *maxlen, LLONG value, int base, int min, int max, int flags)
+       size_t *maxlen, int64_t value, int base, int min, int max, int flags)
 {
     int signvalue = 0;
     const char *prefix = "";
-    unsigned LLONG uvalue;
+    uint64_t uvalue;
     char convert[DECIMAL_SIZE(value) + 3];
     int place = 0;
     int spadlen = 0;
@@ -504,7 +435,7 @@ fmtint(char **sbuffer,
     if (!(flags & DP_F_UNSIGNED)) {
         if (value < 0) {
             signvalue = '-';
-            uvalue = 0 - (unsigned LLONG)value;
+            uvalue = 0 - (uint64_t)value;
         } else if (flags & DP_F_PLUS)
             signvalue = '+';
         else if (flags & DP_F_SPACE)
@@ -543,19 +474,19 @@ fmtint(char **sbuffer,
 
     /* spaces */
     while (spadlen > 0) {
-        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
             return 0;
         --spadlen;
     }
 
     /* sign */
     if (signvalue)
-        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
             return 0;
 
     /* prefix */
     while (*prefix) {
-        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix))
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix))
             return 0;
         prefix++;
     }
@@ -563,7 +494,7 @@ fmtint(char **sbuffer,
     /* zeros */
     if (zpadlen > 0) {
         while (zpadlen > 0) {
-            if(!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
+            if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
                 return 0;
             --zpadlen;
         }
@@ -615,23 +546,28 @@ static int
 fmtfp(char **sbuffer,
       char **buffer,
       size_t *currlen,
-      size_t *maxlen, LDOUBLE fvalue, int min, int max, int flags)
+      size_t *maxlen, LDOUBLE fvalue, int min, int max, int flags, int style)
 {
     int signvalue = 0;
     LDOUBLE ufvalue;
+    LDOUBLE tmpvalue;
     char iconvert[20];
     char fconvert[20];
+    char econvert[20];
     int iplace = 0;
     int fplace = 0;
+    int eplace = 0;
     int padlen = 0;
     int zpadlen = 0;
-    long intpart;
-    long fracpart;
-    long max10;
+    long exp = 0;
+    unsigned long intpart;
+    unsigned long fracpart;
+    unsigned long max10;
+    int realstyle;
 
     if (max < 0)
         max = 6;
-    ufvalue = abs_val(fvalue);
+
     if (fvalue < 0)
         signvalue = '-';
     else if (flags & DP_F_PLUS)
@@ -639,7 +575,73 @@ fmtfp(char **sbuffer,
     else if (flags & DP_F_SPACE)
         signvalue = ' ';
 
-    intpart = (long)ufvalue;
+    /*
+     * G_FORMAT sometimes prints like E_FORMAT and sometimes like F_FORMAT
+     * depending on the number to be printed. Work out which one it is and use
+     * that from here on.
+     */
+    if (style == G_FORMAT) {
+        if (fvalue == 0.0) {
+            realstyle = F_FORMAT;
+        } else if (fvalue < 0.0001) {
+            realstyle = E_FORMAT;
+        } else if ((max == 0 && fvalue >= 10)
+                    || (max > 0 && fvalue >= pow_10(max))) {
+            realstyle = E_FORMAT;
+        } else {
+            realstyle = F_FORMAT;
+        }
+    } else {
+        realstyle = style;
+    }
+
+    if (style != F_FORMAT) {
+        tmpvalue = fvalue;
+        /* Calculate the exponent */
+        if (fvalue != 0.0) {
+            while (tmpvalue < 1) {
+                tmpvalue *= 10;
+                exp--;
+            }
+            while (tmpvalue > 10) {
+                tmpvalue /= 10;
+                exp++;
+            }
+        }
+        if (style == G_FORMAT) {
+            /*
+             * In G_FORMAT the "precision" represents significant digits. We
+             * always have at least 1 significant digit.
+             */
+            if (max == 0)
+                max = 1;
+            /* Now convert significant digits to decimal places */
+            if (realstyle == F_FORMAT) {
+                max -= (exp + 1);
+                if (max < 0) {
+                    /*
+                     * Should not happen. If we're in F_FORMAT then exp < max?
+                     */
+                    return 0;
+                }
+            } else {
+                /*
+                 * In E_FORMAT there is always one significant digit in front
+                 * of the decimal point, so:
+                 * significant digits == 1 + decimal places
+                 */
+                max--;
+            }
+        }
+        if (realstyle == E_FORMAT)
+            fvalue = tmpvalue;
+    }
+    ufvalue = abs_val(fvalue);
+    if (ufvalue > ULONG_MAX) {
+        /* Number too big */
+        return 0;
+    }
+    intpart = (unsigned long)ufvalue;
 
     /*
      * sorry, we only support 9 digits past the decimal because of our
@@ -670,16 +672,51 @@ fmtfp(char **sbuffer,
     iconvert[iplace] = 0;
 
     /* convert fractional part */
-    do {
+    while (fplace < max) {
+        if (style == G_FORMAT && fplace == 0 && (fracpart % 10) == 0) {
+            /* We strip trailing zeros in G_FORMAT */
+            max--;
+            fracpart = fracpart / 10;
+            if (fplace < max)
+                continue;
+            break;
+        }
         fconvert[fplace++] = "0123456789"[fracpart % 10];
         fracpart = (fracpart / 10);
-    } while (fplace < max);
+    }
+
     if (fplace == sizeof(fconvert))
         fplace--;
     fconvert[fplace] = 0;
 
-    /* -1 for decimal point, another -1 if we are printing a sign */
-    padlen = min - iplace - max - 1 - ((signvalue) ? 1 : 0);
+    /* convert exponent part */
+    if (realstyle == E_FORMAT) {
+        int tmpexp;
+        if (exp < 0)
+            tmpexp = -exp;
+        else
+            tmpexp = exp;
+
+        do {
+            econvert[eplace++] = "0123456789"[tmpexp % 10];
+            tmpexp = (tmpexp / 10);
+        } while (tmpexp > 0 && eplace < (int)sizeof(econvert));
+        /* Exponent is huge!! Too big to print */
+        if (tmpexp > 0)
+            return 0;
+        /* Add a leading 0 for single digit exponents */
+        if (eplace == 1)
+            econvert[eplace++] = '0';
+    }
+
+    /*
+     * -1 for decimal point (if we have one, i.e. max > 0),
+     * another -1 if we are printing a sign
+     */
+    padlen = min - iplace - max - (max > 0 ? 1 : 0) - ((signvalue) ? 1 : 0);
+    /* Take some off for exponent prefix "+e" and exponent */
+    if (realstyle == E_FORMAT)
+        padlen -= 2 + eplace;
     zpadlen = max - fplace;
     if (zpadlen < 0)
         zpadlen = 0;
@@ -723,8 +760,8 @@ fmtfp(char **sbuffer,
             return 0;
 
         while (fplace > 0) {
-            if(!doapr_outch(sbuffer, buffer, currlen, maxlen,
-                            fconvert[--fplace]))
+            if (!doapr_outch(sbuffer, buffer, currlen, maxlen,
+                             fconvert[--fplace]))
                 return 0;
         }
     }
@@ -733,6 +770,28 @@ fmtfp(char **sbuffer,
             return 0;
         --zpadlen;
     }
+    if (realstyle == E_FORMAT) {
+        char ech;
+
+        if ((flags & DP_F_UP) == 0)
+            ech = 'e';
+        else
+            ech = 'E';
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ech))
+                return 0;
+        if (exp < 0) {
+            if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '-'))
+                    return 0;
+        } else {
+            if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '+'))
+                    return 0;
+        }
+        while (eplace > 0) {
+            if (!doapr_outch(sbuffer, buffer, currlen, maxlen,
+                             econvert[--eplace]))
+                return 0;
+        }
+    }
 
     while (padlen < 0) {
         if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
@@ -748,11 +807,13 @@ static int
 doapr_outch(char **sbuffer,
             char **buffer, size_t *currlen, size_t *maxlen, int c)
 {
-    /* If we haven't at least one buffer, someone has doe a big booboo */
-    assert(*sbuffer != NULL || buffer != NULL);
+    /* If we haven't at least one buffer, someone has done a big booboo */
+    if (!ossl_assert(*sbuffer != NULL || buffer != NULL))
+        return 0;
 
     /* |currlen| must always be <= |*maxlen| */
-    assert(*currlen <= *maxlen);
+    if (!ossl_assert(*currlen <= *maxlen))
+        return 0;
 
     if (buffer && *currlen == *maxlen) {
         if (*maxlen > INT_MAX - BUFFER_INC)
@@ -760,11 +821,13 @@ doapr_outch(char **sbuffer,
 
         *maxlen += BUFFER_INC;
         if (*buffer == NULL) {
-            *buffer = OPENSSL_malloc(*maxlen);
-            if (*buffer == NULL)
+            if ((*buffer = OPENSSL_malloc(*maxlen)) == NULL) {
+                BIOerr(BIO_F_DOAPR_OUTCH, ERR_R_MALLOC_FAILURE);
                 return 0;
+            }
             if (*currlen > 0) {
-                assert(*sbuffer != NULL);
+                if (!ossl_assert(*sbuffer != NULL))
+                    return 0;
                 memcpy(*buffer, *sbuffer, *currlen);
             }
             *sbuffer = NULL;
@@ -799,7 +862,7 @@ int BIO_printf(BIO *bio, const char *format, ...)
     ret = BIO_vprintf(bio, format, args);
 
     va_end(args);
-    return (ret);
+    return ret;
 }
 
 int BIO_vprintf(BIO *bio, const char *format, va_list args)
@@ -815,7 +878,6 @@ int BIO_vprintf(BIO *bio, const char *format, va_list args)
     int ignored;
 
     dynbuf = NULL;
-    CRYPTO_push_info("doapr()");
     if (!_dopr(&hugebufp, &dynbuf, &hugebufsize, &retlen, &ignored, format,
                 args)) {
         OPENSSL_free(dynbuf);
@@ -827,8 +889,7 @@ int BIO_vprintf(BIO *bio, const char *format, va_list args)
     } else {
         ret = BIO_write(bio, hugebuf, (int)retlen);
     }
-    CRYPTO_pop_info();
-    return (ret);
+    return ret;
 }
 
 /*
@@ -847,7 +908,7 @@ int BIO_snprintf(char *buf, size_t n, const char *format, ...)
     ret = BIO_vsnprintf(buf, n, format, args);
 
     va_end(args);
-    return (ret);
+    return ret;
 }
 
 int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
@@ -855,7 +916,7 @@ int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
     size_t retlen;
     int truncated;
 
-    if(!_dopr(&buf, NULL, &n, &retlen, &truncated, format, args))
+    if (!_dopr(&buf, NULL, &n, &retlen, &truncated, format, args))
         return -1;
 
     if (truncated)
diff --git a/freebsd/crypto/openssl/crypto/bio/b_sock.c b/freebsd/crypto/openssl/crypto/bio/b_sock.c
index bde731c6..e3fbfbd1 100644
--- a/freebsd/crypto/openssl/crypto/bio/b_sock.c
+++ b/freebsd/crypto/openssl/crypto/bio/b_sock.c
@@ -1,78 +1,19 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/bio/b_sock.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <stdlib.h>
 #include <errno.h>
-#define USE_SOCKETS
-#include "cryptlib.h"
-#include <openssl/bio.h>
-#if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_BSDSOCK)
-# include <netdb.h>
-# if defined(NETWARE_CLIB)
-#  include <sys/ioctl.h>
-NETDB_DEFINE_CONTEXT
-# endif
-#endif
+#include "bio_lcl.h"
 #ifndef OPENSSL_NO_SOCK
-# include <openssl/dso.h>
 # define SOCKET_PROTOCOL IPPROTO_TCP
 # ifdef SO_MAXCONN
 #  define MAX_LISTEN  SO_MAXCONN
@@ -81,380 +22,99 @@ NETDB_DEFINE_CONTEXT
 # else
 #  define MAX_LISTEN  32
 # endif
-# if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
+# if defined(OPENSSL_SYS_WINDOWS)
 static int wsa_init_done = 0;
 # endif
 
-/*
- * WSAAPI specifier is required to make indirect calls to run-time
- * linked WinSock 2 functions used in this module, to be specific
- * [get|free]addrinfo and getnameinfo. This is because WinSock uses
- * uses non-C calling convention, __stdcall vs. __cdecl, on x86
- * Windows. On non-WinSock platforms WSAAPI needs to be void.
- */
-# ifndef WSAAPI
-#  define WSAAPI
-# endif
-
-# if 0
-static unsigned long BIO_ghbn_hits = 0L;
-static unsigned long BIO_ghbn_miss = 0L;
-
-#  define GHBN_NUM        4
-static struct ghbn_cache_st {
-    char name[129];
-    struct hostent *ent;
-    unsigned long order;
-} ghbn_cache[GHBN_NUM];
-# endif
-
-static int get_ip(const char *str, unsigned char *ip);
-# if 0
-static void ghbn_free(struct hostent *a);
-static struct hostent *ghbn_dup(struct hostent *a);
-# endif
+# if OPENSSL_API_COMPAT < 0x10100000L
 int BIO_get_host_ip(const char *str, unsigned char *ip)
 {
-    int i;
-    int err = 1;
-    int locked = 0;
-    struct hostent *he;
-
-    i = get_ip(str, ip);
-    if (i < 0) {
-        BIOerr(BIO_F_BIO_GET_HOST_IP, BIO_R_INVALID_IP_ADDRESS);
-        goto err;
-    }
+    BIO_ADDRINFO *res = NULL;
+    int ret = 0;
 
-    /*
-     * At this point, we have something that is most probably correct in some
-     * way, so let's init the socket.
-     */
     if (BIO_sock_init() != 1)
         return 0;               /* don't generate another error code here */
 
-    /*
-     * If the string actually contained an IP address, we need not do
-     * anything more
-     */
-    if (i > 0)
-        return (1);
-
-    /* do a gethostbyname */
-    CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME);
-    locked = 1;
-    he = BIO_gethostbyname(str);
-    if (he == NULL) {
-        BIOerr(BIO_F_BIO_GET_HOST_IP, BIO_R_BAD_HOSTNAME_LOOKUP);
-        goto err;
-    }
+    if (BIO_lookup(str, NULL, BIO_LOOKUP_CLIENT, AF_INET, SOCK_STREAM, &res)) {
+        size_t l;
 
-    /* cast to short because of win16 winsock definition */
-    if ((short)he->h_addrtype != AF_INET) {
-        BIOerr(BIO_F_BIO_GET_HOST_IP,
-               BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET);
-        goto err;
+        if (BIO_ADDRINFO_family(res) != AF_INET) {
+            BIOerr(BIO_F_BIO_GET_HOST_IP,
+                   BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET);
+        } else if (BIO_ADDR_rawaddress(BIO_ADDRINFO_address(res), NULL, &l)) {
+            /*
+             * Because only AF_INET addresses will reach this far, we can assert
+             * that l should be 4
+             */
+            if (ossl_assert(l == 4))
+                ret = BIO_ADDR_rawaddress(BIO_ADDRINFO_address(res), ip, &l);
+        }
+        BIO_ADDRINFO_free(res);
+    } else {
+        ERR_add_error_data(2, "host=", str);
     }
-    for (i = 0; i < 4; i++)
-        ip[i] = he->h_addr_list[0][i];
-    err = 0;
 
- err:
-    if (locked)
-        CRYPTO_w_unlock(CRYPTO_LOCK_GETHOSTBYNAME);
-    if (err) {
-        ERR_add_error_data(2, "host=", str);
-        return 0;
-    } else
-        return 1;
+    return ret;
 }
 
 int BIO_get_port(const char *str, unsigned short *port_ptr)
 {
-    int i;
-    struct servent *s;
+    BIO_ADDRINFO *res = NULL;
+    int ret = 0;
 
     if (str == NULL) {
         BIOerr(BIO_F_BIO_GET_PORT, BIO_R_NO_PORT_DEFINED);
-        return (0);
+        return 0;
     }
-    i = atoi(str);
-    if (i != 0)
-        *port_ptr = (unsigned short)i;
-    else {
-        CRYPTO_w_lock(CRYPTO_LOCK_GETSERVBYNAME);
-        /*
-         * Note: under VMS with SOCKETSHR, it seems like the first parameter
-         * is 'char *', instead of 'const char *'
-         */
-# ifndef CONST_STRICT
-        s = getservbyname((char *)str, "tcp");
-# else
-        s = getservbyname(str, "tcp");
-# endif
-        if (s != NULL)
-            *port_ptr = ntohs((unsigned short)s->s_port);
-        CRYPTO_w_unlock(CRYPTO_LOCK_GETSERVBYNAME);
-        if (s == NULL) {
-            if (strcmp(str, "http") == 0)
-                *port_ptr = 80;
-            else if (strcmp(str, "telnet") == 0)
-                *port_ptr = 23;
-            else if (strcmp(str, "socks") == 0)
-                *port_ptr = 1080;
-            else if (strcmp(str, "https") == 0)
-                *port_ptr = 443;
-            else if (strcmp(str, "ssl") == 0)
-                *port_ptr = 443;
-            else if (strcmp(str, "ftp") == 0)
-                *port_ptr = 21;
-            else if (strcmp(str, "gopher") == 0)
-                *port_ptr = 70;
-# if 0
-            else if (strcmp(str, "wais") == 0)
-                *port_ptr = 21;
-# endif
-            else {
-                SYSerr(SYS_F_GETSERVBYNAME, get_last_socket_error());
-                ERR_add_error_data(3, "service='", str, "'");
-                return (0);
-            }
+
+    if (BIO_sock_init() != 1)
+        return 0;               /* don't generate another error code here */
+
+    if (BIO_lookup(NULL, str, BIO_LOOKUP_CLIENT, AF_INET, SOCK_STREAM, &res)) {
+        if (BIO_ADDRINFO_family(res) != AF_INET) {
+            BIOerr(BIO_F_BIO_GET_PORT,
+                   BIO_R_ADDRINFO_ADDR_IS_NOT_AF_INET);
+        } else {
+            *port_ptr = ntohs(BIO_ADDR_rawport(BIO_ADDRINFO_address(res)));
+            ret = 1;
         }
+        BIO_ADDRINFO_free(res);
+    } else {
+        ERR_add_error_data(2, "host=", str);
     }
-    return (1);
+
+    return ret;
 }
+# endif
 
 int BIO_sock_error(int sock)
 {
-    int j, i;
-    union {
-        size_t s;
-        int i;
-    } size;
-
-# if defined(OPENSSL_SYS_BEOS_R5)
-    return 0;
-# endif
+    int j = 0, i;
+    socklen_t size = sizeof(j);
 
-    /* heuristic way to adapt for platforms that expect 64-bit optlen */
-    size.s = 0, size.i = sizeof(j);
     /*
      * Note: under Windows the third parameter is of type (char *) whereas
      * under other systems it is (void *) if you don't have a cast it will
      * choke the compiler: if you do have a cast then you can either go for
      * (char *) or (void *).
      */
-    i = getsockopt(sock, SOL_SOCKET, SO_ERROR, (void *)&j, (void *)&size);
+    i = getsockopt(sock, SOL_SOCKET, SO_ERROR, (void *)&j, &size);
     if (i < 0)
-        return (1);
+        return get_last_socket_error();
     else
-        return (j);
-}
-
-# if 0
-long BIO_ghbn_ctrl(int cmd, int iarg, char *parg)
-{
-    int i;
-    char **p;
-
-    switch (cmd) {
-    case BIO_GHBN_CTRL_HITS:
-        return (BIO_ghbn_hits);
-        /* break; */
-    case BIO_GHBN_CTRL_MISSES:
-        return (BIO_ghbn_miss);
-        /* break; */
-    case BIO_GHBN_CTRL_CACHE_SIZE:
-        return (GHBN_NUM);
-        /* break; */
-    case BIO_GHBN_CTRL_GET_ENTRY:
-        if ((iarg >= 0) && (iarg < GHBN_NUM) && (ghbn_cache[iarg].order > 0)) {
-            p = (char **)parg;
-            if (p == NULL)
-                return (0);
-            *p = ghbn_cache[iarg].name;
-            ghbn_cache[iarg].name[128] = '\0';
-            return (1);
-        }
-        return (0);
-        /* break; */
-    case BIO_GHBN_CTRL_FLUSH:
-        for (i = 0; i < GHBN_NUM; i++)
-            ghbn_cache[i].order = 0;
-        break;
-    default:
-        return (0);
-    }
-    return (1);
+        return j;
 }
-# endif
-
-# if 0
-static struct hostent *ghbn_dup(struct hostent *a)
-{
-    struct hostent *ret;
-    int i, j;
-
-    MemCheck_off();
-    ret = (struct hostent *)OPENSSL_malloc(sizeof(struct hostent));
-    if (ret == NULL)
-        return (NULL);
-    memset(ret, 0, sizeof(struct hostent));
-
-    for (i = 0; a->h_aliases[i] != NULL; i++) ;
-    i++;
-    ret->h_aliases = (char **)OPENSSL_malloc(i * sizeof(char *));
-    if (ret->h_aliases == NULL)
-        goto err;
-    memset(ret->h_aliases, 0, i * sizeof(char *));
-
-    for (i = 0; a->h_addr_list[i] != NULL; i++) ;
-    i++;
-    ret->h_addr_list = (char **)OPENSSL_malloc(i * sizeof(char *));
-    if (ret->h_addr_list == NULL)
-        goto err;
-    memset(ret->h_addr_list, 0, i * sizeof(char *));
-
-    j = strlen(a->h_name) + 1;
-    if ((ret->h_name = OPENSSL_malloc(j)) == NULL)
-        goto err;
-    memcpy((char *)ret->h_name, a->h_name, j);
-    for (i = 0; a->h_aliases[i] != NULL; i++) {
-        j = strlen(a->h_aliases[i]) + 1;
-        if ((ret->h_aliases[i] = OPENSSL_malloc(j)) == NULL)
-            goto err;
-        memcpy(ret->h_aliases[i], a->h_aliases[i], j);
-    }
-    ret->h_length = a->h_length;
-    ret->h_addrtype = a->h_addrtype;
-    for (i = 0; a->h_addr_list[i] != NULL; i++) {
-        if ((ret->h_addr_list[i] = OPENSSL_malloc(a->h_length)) == NULL)
-            goto err;
-        memcpy(ret->h_addr_list[i], a->h_addr_list[i], a->h_length);
-    }
-    if (0) {
- err:
-        if (ret != NULL)
-            ghbn_free(ret);
-        ret = NULL;
-    }
-    MemCheck_on();
-    return (ret);
-}
-
-static void ghbn_free(struct hostent *a)
-{
-    int i;
-
-    if (a == NULL)
-        return;
-
-    if (a->h_aliases != NULL) {
-        for (i = 0; a->h_aliases[i] != NULL; i++)
-            OPENSSL_free(a->h_aliases[i]);
-        OPENSSL_free(a->h_aliases);
-    }
-    if (a->h_addr_list != NULL) {
-        for (i = 0; a->h_addr_list[i] != NULL; i++)
-            OPENSSL_free(a->h_addr_list[i]);
-        OPENSSL_free(a->h_addr_list);
-    }
-    if (a->h_name != NULL)
-        OPENSSL_free(a->h_name);
-    OPENSSL_free(a);
-}
-
-# endif
 
+# if OPENSSL_API_COMPAT < 0x10100000L
 struct hostent *BIO_gethostbyname(const char *name)
 {
-# if 1
     /*
      * Caching gethostbyname() results forever is wrong, so we have to let
      * the true gethostbyname() worry about this
      */
-#  if (defined(NETWARE_BSDSOCK) && !defined(__NOVELL_LIBC__))
-    return gethostbyname((char *)name);
-#  else
     return gethostbyname(name);
-#  endif
-# else
-    struct hostent *ret;
-    int i, lowi = 0, j;
-    unsigned long low = (unsigned long)-1;
-
-#  if 0
-    /*
-     * It doesn't make sense to use locking here: The function interface is
-     * not thread-safe, because threads can never be sure when some other
-     * thread destroys the data they were given a pointer to.
-     */
-    CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME);
-#  endif
-    j = strlen(name);
-    if (j < 128) {
-        for (i = 0; i < GHBN_NUM; i++) {
-            if (low > ghbn_cache[i].order) {
-                low = ghbn_cache[i].order;
-                lowi = i;
-            }
-            if (ghbn_cache[i].order > 0) {
-                if (strncmp(name, ghbn_cache[i].name, 128) == 0)
-                    break;
-            }
-        }
-    } else
-        i = GHBN_NUM;
-
-    if (i == GHBN_NUM) {        /* no hit */
-        BIO_ghbn_miss++;
-        /*
-         * Note: under VMS with SOCKETSHR, it seems like the first parameter
-         * is 'char *', instead of 'const char *'
-         */
-#  ifndef CONST_STRICT
-        ret = gethostbyname((char *)name);
-#  else
-        ret = gethostbyname(name);
-#  endif
-
-        if (ret == NULL)
-            goto end;
-        if (j > 128) {          /* too big to cache */
-#  if 0
-            /*
-             * If we were trying to make this function thread-safe (which is
-             * bound to fail), we'd have to give up in this case (or allocate
-             * more memory).
-             */
-            ret = NULL;
-#  endif
-            goto end;
-        }
-
-        /* else add to cache */
-        if (ghbn_cache[lowi].ent != NULL)
-            ghbn_free(ghbn_cache[lowi].ent); /* XXX not thread-safe */
-        ghbn_cache[lowi].name[0] = '\0';
-
-        if ((ret = ghbn_cache[lowi].ent = ghbn_dup(ret)) == NULL) {
-            BIOerr(BIO_F_BIO_GETHOSTBYNAME, ERR_R_MALLOC_FAILURE);
-            goto end;
-        }
-        strncpy(ghbn_cache[lowi].name, name, 128);
-        ghbn_cache[lowi].order = BIO_ghbn_miss + BIO_ghbn_hits;
-    } else {
-        BIO_ghbn_hits++;
-        ret = ghbn_cache[i].ent;
-        ghbn_cache[i].order = BIO_ghbn_miss + BIO_ghbn_hits;
-    }
- end:
-#  if 0
-    CRYPTO_w_unlock(CRYPTO_LOCK_GETHOSTBYNAME);
-#  endif
-    return (ret);
-# endif
 }
+# endif
 
 int BIO_sock_init(void)
 {
@@ -468,7 +128,7 @@ int BIO_sock_init(void)
         memset(&wsa_state, 0, sizeof(wsa_state));
         /*
          * Not making wsa_state available to the rest of the code is formally
-         * wrong. But the structures we use are [beleived to be] invariable
+         * wrong. But the structures we use are [believed to be] invariable
          * among Winsock DLLs, while API availability is [expected to be]
          * probed at run-time with DSO_global_lookup.
          */
@@ -476,7 +136,7 @@ int BIO_sock_init(void)
             err = WSAGetLastError();
             SYSerr(SYS_F_WSASTARTUP, err);
             BIOerr(BIO_F_BIO_SOCK_INIT, BIO_R_WSASTARTUP);
-            return (-1);
+            return -1;
         }
     }
 # endif                         /* OPENSSL_SYS_WINDOWS */
@@ -484,50 +144,22 @@ int BIO_sock_init(void)
     extern int _watt_do_exit;
     _watt_do_exit = 0;          /* don't make sock_init() call exit() */
     if (sock_init())
-        return (-1);
+        return -1;
 # endif
 
-# if defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)
-    WORD wVerReq;
-    WSADATA wsaData;
-    int err;
-
-    if (!wsa_init_done) {
-        wsa_init_done = 1;
-        wVerReq = MAKEWORD(2, 0);
-        err = WSAStartup(wVerReq, &wsaData);
-        if (err != 0) {
-            SYSerr(SYS_F_WSASTARTUP, err);
-            BIOerr(BIO_F_BIO_SOCK_INIT, BIO_R_WSASTARTUP);
-            return (-1);
-        }
-    }
-# endif
-
-    return (1);
+    return 1;
 }
 
-void BIO_sock_cleanup(void)
+void bio_sock_cleanup_int(void)
 {
 # ifdef OPENSSL_SYS_WINDOWS
     if (wsa_init_done) {
         wsa_init_done = 0;
-#  if 0                         /* this call is claimed to be non-present in
-                                 * Winsock2 */
-        WSACancelBlockingCall();
-#  endif
-        WSACleanup();
-    }
-# elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)
-    if (wsa_init_done) {
-        wsa_init_done = 0;
         WSACleanup();
     }
 # endif
 }
 
-# if !defined(OPENSSL_SYS_VMS) || __VMS_VER >= 70000000
-
 int BIO_socket_ioctl(int fd, long type, void *arg)
 {
     int i;
@@ -563,373 +195,86 @@ int BIO_socket_ioctl(int fd, long type, void *arg)
 #  endif                        /* __DJGPP__ */
     if (i < 0)
         SYSerr(SYS_F_IOCTLSOCKET, get_last_socket_error());
-    return (i);
-}
-# endif                         /* __VMS_VER */
-
-/*
- * The reason I have implemented this instead of using sscanf is because
- * Visual C 1.52c gives an unresolved external when linking a DLL :-(
- */
-static int get_ip(const char *str, unsigned char ip[4])
-{
-    unsigned int tmp[4];
-    int num = 0, c, ok = 0;
-
-    tmp[0] = tmp[1] = tmp[2] = tmp[3] = 0;
-
-    for (;;) {
-        c = *(str++);
-        if ((c >= '0') && (c <= '9')) {
-            ok = 1;
-            tmp[num] = tmp[num] * 10 + c - '0';
-            if (tmp[num] > 255)
-                return (0);
-        } else if (c == '.') {
-            if (!ok)
-                return (-1);
-            if (num == 3)
-                return (0);
-            num++;
-            ok = 0;
-        } else if (c == '\0' && (num == 3) && ok)
-            break;
-        else
-            return (0);
-    }
-    ip[0] = tmp[0];
-    ip[1] = tmp[1];
-    ip[2] = tmp[2];
-    ip[3] = tmp[3];
-    return (1);
+    return i;
 }
 
+# if OPENSSL_API_COMPAT < 0x10100000L
 int BIO_get_accept_socket(char *host, int bind_mode)
 {
-    int ret = 0;
-    union {
-        struct sockaddr sa;
-        struct sockaddr_in sa_in;
-# if OPENSSL_USE_IPV6
-        struct sockaddr_in6 sa_in6;
-# endif
-    } server, client;
-    int s = INVALID_SOCKET, cs, addrlen;
-    unsigned char ip[4];
-    unsigned short port;
-    char *str = NULL, *e;
-    char *h, *p;
-    unsigned long l;
-    int err_num;
-
-    if (BIO_sock_init() != 1)
-        return (INVALID_SOCKET);
-
-    if ((str = BUF_strdup(host)) == NULL)
-        return (INVALID_SOCKET);
-
-    h = p = NULL;
-    h = str;
-    for (e = str; *e; e++) {
-        if (*e == ':') {
-            p = e;
-        } else if (*e == '/') {
-            *e = '\0';
-            break;
-        }
-    }
-    if (p)
-        *p++ = '\0';            /* points at last ':', '::port' is special
-                                 * [see below] */
-    else
-        p = h, h = NULL;
-
-# ifdef EAI_FAMILY
-    do {
-        static union {
-            void *p;
-            int (WSAAPI *f) (const char *, const char *,
-                             const struct addrinfo *, struct addrinfo **);
-        } p_getaddrinfo = {
-            NULL
-        };
-        static union {
-            void *p;
-            void (WSAAPI *f) (struct addrinfo *);
-        } p_freeaddrinfo = {
-            NULL
-        };
-        struct addrinfo *res, hint;
-
-        if (p_getaddrinfo.p == NULL) {
-            if ((p_getaddrinfo.p = DSO_global_lookup("getaddrinfo")) == NULL
-                || (p_freeaddrinfo.p =
-                    DSO_global_lookup("freeaddrinfo")) == NULL)
-                p_getaddrinfo.p = (void *)-1;
-        }
-        if (p_getaddrinfo.p == (void *)-1)
-            break;
+    int s = INVALID_SOCKET;
+    char *h = NULL, *p = NULL;
+    BIO_ADDRINFO *res = NULL;
 
-        /*
-         * '::port' enforces IPv6 wildcard listener. Some OSes, e.g. Solaris,
-         * default to IPv6 without any hint. Also note that commonly IPv6
-         * wildchard socket can service IPv4 connections just as well...
-         */
-        memset(&hint, 0, sizeof(hint));
-        hint.ai_flags = AI_PASSIVE;
-        if (h) {
-            if (strchr(h, ':')) {
-                if (h[1] == '\0')
-                    h = NULL;
-#  if OPENSSL_USE_IPV6
-                hint.ai_family = AF_INET6;
-#  else
-                h = NULL;
-#  endif
-            } else if (h[0] == '*' && h[1] == '\0') {
-                hint.ai_family = AF_INET;
-                h = NULL;
-            }
-        }
-
-        if ((*p_getaddrinfo.f) (h, p, &hint, &res))
-            break;
+    if (!BIO_parse_hostserv(host, &h, &p, BIO_PARSE_PRIO_SERV))
+        return INVALID_SOCKET;
 
-        addrlen = res->ai_addrlen <= sizeof(server) ?
-            res->ai_addrlen : sizeof(server);
-        memcpy(&server, res->ai_addr, addrlen);
-
-        (*p_freeaddrinfo.f) (res);
-        goto again;
-    } while (0);
-# endif
+    if (BIO_sock_init() != 1)
+        return INVALID_SOCKET;
 
-    if (!BIO_get_port(p, &port))
+    if (BIO_lookup(h, p, BIO_LOOKUP_SERVER, AF_UNSPEC, SOCK_STREAM, &res) != 0)
         goto err;
 
-    memset((char *)&server, 0, sizeof(server));
-    server.sa_in.sin_family = AF_INET;
-    server.sa_in.sin_port = htons(port);
-    addrlen = sizeof(server.sa_in);
-
-    if (h == NULL || strcmp(h, "*") == 0)
-        server.sa_in.sin_addr.s_addr = INADDR_ANY;
-    else {
-        if (!BIO_get_host_ip(h, &(ip[0])))
-            goto err;
-        l = (unsigned long)
-            ((unsigned long)ip[0] << 24L) |
-            ((unsigned long)ip[1] << 16L) |
-            ((unsigned long)ip[2] << 8L) | ((unsigned long)ip[3]);
-        server.sa_in.sin_addr.s_addr = htonl(l);
-    }
-
- again:
-    s = socket(server.sa.sa_family, SOCK_STREAM, SOCKET_PROTOCOL);
-    if (s == INVALID_SOCKET) {
-        SYSerr(SYS_F_SOCKET, get_last_socket_error());
-        ERR_add_error_data(3, "port='", host, "'");
-        BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET, BIO_R_UNABLE_TO_CREATE_SOCKET);
+    if ((s = BIO_socket(BIO_ADDRINFO_family(res), BIO_ADDRINFO_socktype(res),
+                        BIO_ADDRINFO_protocol(res), 0)) == INVALID_SOCKET) {
+        s = INVALID_SOCKET;
         goto err;
     }
-# ifdef SO_REUSEADDR
-    if (bind_mode == BIO_BIND_REUSEADDR) {
-        int i = 1;
 
-        ret = setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (char *)&i, sizeof(i));
-        bind_mode = BIO_BIND_NORMAL;
-    }
-# endif
-    if (bind(s, &server.sa, addrlen) == -1) {
-# ifdef SO_REUSEADDR
-        err_num = get_last_socket_error();
-        if ((bind_mode == BIO_BIND_REUSEADDR_IF_UNUSED) &&
-#  ifdef OPENSSL_SYS_WINDOWS
-            /*
-             * Some versions of Windows define EADDRINUSE to a dummy value.
-             */
-            (err_num == WSAEADDRINUSE))
-#  else
-            (err_num == EADDRINUSE))
-#  endif
-        {
-            client = server;
-            if (h == NULL || strcmp(h, "*") == 0) {
-#  if OPENSSL_USE_IPV6
-                if (client.sa.sa_family == AF_INET6) {
-                    memset(&client.sa_in6.sin6_addr, 0,
-                           sizeof(client.sa_in6.sin6_addr));
-                    client.sa_in6.sin6_addr.s6_addr[15] = 1;
-                } else
-#  endif
-                if (client.sa.sa_family == AF_INET) {
-                    client.sa_in.sin_addr.s_addr = htonl(0x7F000001);
-                } else
-                    goto err;
-            }
-            cs = socket(client.sa.sa_family, SOCK_STREAM, SOCKET_PROTOCOL);
-            if (cs != INVALID_SOCKET) {
-                int ii;
-                ii = connect(cs, &client.sa, addrlen);
-                closesocket(cs);
-                if (ii == INVALID_SOCKET) {
-                    bind_mode = BIO_BIND_REUSEADDR;
-                    closesocket(s);
-                    goto again;
-                }
-                /* else error */
-            }
-            /* else error */
-        }
-# endif
-        SYSerr(SYS_F_BIND, err_num);
-        ERR_add_error_data(3, "port='", host, "'");
-        BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET, BIO_R_UNABLE_TO_BIND_SOCKET);
-        goto err;
-    }
-    if (listen(s, MAX_LISTEN) == -1) {
-        SYSerr(SYS_F_BIND, get_last_socket_error());
-        ERR_add_error_data(3, "port='", host, "'");
-        BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET, BIO_R_UNABLE_TO_LISTEN_SOCKET);
-        goto err;
-    }
-    ret = 1;
- err:
-    if (str != NULL)
-        OPENSSL_free(str);
-    if ((ret == 0) && (s != INVALID_SOCKET)) {
-        closesocket(s);
+    if (!BIO_listen(s, BIO_ADDRINFO_address(res),
+                    bind_mode ? BIO_SOCK_REUSEADDR : 0)) {
+        BIO_closesocket(s);
         s = INVALID_SOCKET;
     }
-    return (s);
+
+ err:
+    BIO_ADDRINFO_free(res);
+    OPENSSL_free(h);
+    OPENSSL_free(p);
+
+    return s;
 }
 
-int BIO_accept(int sock, char **addr)
+int BIO_accept(int sock, char **ip_port)
 {
-    int ret = INVALID_SOCKET;
-    unsigned long l;
-    unsigned short port;
-    char *p;
+    BIO_ADDR res;
+    int ret = -1;
 
-    struct {
-        /*
-         * As for following union. Trouble is that there are platforms
-         * that have socklen_t and there are platforms that don't, on
-         * some platforms socklen_t is int and on some size_t. So what
-         * one can do? One can cook #ifdef spaghetti, which is nothing
-         * but masochistic. Or one can do union between int and size_t.
-         * One naturally does it primarily for 64-bit platforms where
-         * sizeof(int) != sizeof(size_t). But would it work? Note that
-         * if size_t member is initialized to 0, then later int member
-         * assignment naturally does the job on little-endian platforms
-         * regardless accept's expectations! What about big-endians?
-         * If accept expects int*, then it works, and if size_t*, then
-         * length value would appear as unreasonably large. But this
-         * won't prevent it from filling in the address structure. The
-         * trouble of course would be if accept returns more data than
-         * actual buffer can accomodate and overwrite stack... That's
-         * where early OPENSSL_assert comes into picture. Besides, the
-         * only 64-bit big-endian platform found so far that expects
-         * size_t* is HP-UX, where stack grows towards higher address.
-         * <appro>
-         */
-        union {
-            size_t s;
-            int i;
-        } len;
-        union {
-            struct sockaddr sa;
-            struct sockaddr_in sa_in;
-# if OPENSSL_USE_IPV6
-            struct sockaddr_in6 sa_in6;
-# endif
-        } from;
-    } sa;
-
-    sa.len.s = 0;
-    sa.len.i = sizeof(sa.from);
-    memset(&sa.from, 0, sizeof(sa.from));
-    ret = accept(sock, &sa.from.sa, (void *)&sa.len);
-    if (sizeof(sa.len.i) != sizeof(sa.len.s) && sa.len.i == 0) {
-        OPENSSL_assert(sa.len.s <= sizeof(sa.from));
-        sa.len.i = (int)sa.len.s;
-        /* use sa.len.i from this point */
-    }
-    if (ret == INVALID_SOCKET) {
-        if (BIO_sock_should_retry(ret))
-            return -2;
+    ret = BIO_accept_ex(sock, &res, 0);
+    if (ret == (int)INVALID_SOCKET) {
+        if (BIO_sock_should_retry(ret)) {
+            ret = -2;
+            goto end;
+        }
         SYSerr(SYS_F_ACCEPT, get_last_socket_error());
         BIOerr(BIO_F_BIO_ACCEPT, BIO_R_ACCEPT_ERROR);
         goto end;
     }
 
-    if (addr == NULL)
-        goto end;
-
-# ifdef EAI_FAMILY
-    do {
-        char h[NI_MAXHOST], s[NI_MAXSERV];
-        size_t nl;
-        static union {
-            void *p;
-            int (WSAAPI *f) (const struct sockaddr *, size_t /* socklen_t */ ,
-                             char *, size_t, char *, size_t, int);
-        } p_getnameinfo = {
-            NULL
-        };
-        /*
-         * 2nd argument to getnameinfo is specified to be socklen_t.
-         * Unfortunately there is a number of environments where socklen_t is
-         * not defined. As it's passed by value, it's safe to pass it as
-         * size_t... <appro>
-         */
+    if (ip_port != NULL) {
+        char *host = BIO_ADDR_hostname_string(&res, 1);
+        char *port = BIO_ADDR_service_string(&res, 1);
+        if (host != NULL && port != NULL)
+            *ip_port = OPENSSL_zalloc(strlen(host) + strlen(port) + 2);
+        else
+            *ip_port = NULL;
 
-        if (p_getnameinfo.p == NULL) {
-            if ((p_getnameinfo.p = DSO_global_lookup("getnameinfo")) == NULL)
-                p_getnameinfo.p = (void *)-1;
-        }
-        if (p_getnameinfo.p == (void *)-1)
-            break;
-
-        if ((*p_getnameinfo.f) (&sa.from.sa, sa.len.i, h, sizeof(h), s,
-                                sizeof(s), NI_NUMERICHOST | NI_NUMERICSERV))
-            break;
-        nl = strlen(h) + strlen(s) + 2;
-        p = *addr;
-        if (p) {
-            *p = '\0';
-            p = OPENSSL_realloc(p, nl);
-        } else {
-            p = OPENSSL_malloc(nl);
-        }
-        if (p == NULL) {
+        if (*ip_port == NULL) {
             BIOerr(BIO_F_BIO_ACCEPT, ERR_R_MALLOC_FAILURE);
-            goto end;
-        }
-        *addr = p;
-        BIO_snprintf(*addr, nl, "%s:%s", h, s);
-        goto end;
-    } while (0);
-# endif
-    if (sa.from.sa.sa_family != AF_INET)
-        goto end;
-    l = ntohl(sa.from.sa_in.sin_addr.s_addr);
-    port = ntohs(sa.from.sa_in.sin_port);
-    if (*addr == NULL) {
-        if ((p = OPENSSL_malloc(24)) == NULL) {
-            BIOerr(BIO_F_BIO_ACCEPT, ERR_R_MALLOC_FAILURE);
-            goto end;
+            BIO_closesocket(ret);
+            ret = (int)INVALID_SOCKET;
+        } else {
+            strcpy(*ip_port, host);
+            strcat(*ip_port, ":");
+            strcat(*ip_port, port);
         }
-        *addr = p;
+        OPENSSL_free(host);
+        OPENSSL_free(port);
     }
-    BIO_snprintf(*addr, 24, "%d.%d.%d.%d:%d",
-                 (unsigned char)(l >> 24L) & 0xff,
-                 (unsigned char)(l >> 16L) & 0xff,
-                 (unsigned char)(l >> 8L) & 0xff,
-                 (unsigned char)(l) & 0xff, port);
+
  end:
-    return (ret);
+    return ret;
 }
+# endif
 
 int BIO_set_tcp_ndelay(int s, int on)
 {
@@ -957,8 +302,70 @@ int BIO_socket_nbio(int s, int mode)
 
     l = mode;
 # ifdef FIONBIO
+    l = mode;
+
     ret = BIO_socket_ioctl(s, FIONBIO, &l);
+# elif defined(F_GETFL) && defined(F_SETFL) && (defined(O_NONBLOCK) || defined(FNDELAY))
+    /* make sure this call always pushes an error level; BIO_socket_ioctl() does so, so we do too. */
+
+    l = fcntl(s, F_GETFL, 0);
+    if (l == -1) {
+        SYSerr(SYS_F_FCNTL, get_last_sys_error());
+        ret = -1;
+    } else {
+#  if defined(O_NONBLOCK)
+        l &= ~O_NONBLOCK;
+#  else
+        l &= ~FNDELAY; /* BSD4.x */
+#  endif
+        if (mode) {
+#  if defined(O_NONBLOCK)
+            l |= O_NONBLOCK;
+#  else
+            l |= FNDELAY; /* BSD4.x */
+#  endif
+        }
+        ret = fcntl(s, F_SETFL, l);
+
+        if (ret < 0) {
+            SYSerr(SYS_F_FCNTL, get_last_sys_error());
+        }
+    }
+# else
+    /* make sure this call always pushes an error level; BIO_socket_ioctl() does so, so we do too. */
+    BIOerr(BIO_F_BIO_SOCKET_NBIO, ERR_R_PASSED_INVALID_ARGUMENT);
 # endif
+
     return (ret == 0);
 }
+
+int BIO_sock_info(int sock,
+                  enum BIO_sock_info_type type, union BIO_sock_info_u *info)
+{
+    switch (type) {
+    case BIO_SOCK_INFO_ADDRESS:
+        {
+            socklen_t addr_len;
+            int ret = 0;
+            addr_len = sizeof(*info->addr);
+            ret = getsockname(sock, BIO_ADDR_sockaddr_noconst(info->addr),
+                              &addr_len);
+            if (ret == -1) {
+                SYSerr(SYS_F_GETSOCKNAME, get_last_socket_error());
+                BIOerr(BIO_F_BIO_SOCK_INFO, BIO_R_GETSOCKNAME_ERROR);
+                return 0;
+            }
+            if ((size_t)addr_len > sizeof(*info->addr)) {
+                BIOerr(BIO_F_BIO_SOCK_INFO, BIO_R_GETSOCKNAME_TRUNCATED_ADDRESS);
+                return 0;
+            }
+        }
+        break;
+    default:
+        BIOerr(BIO_F_BIO_SOCK_INFO, BIO_R_UNKNOWN_INFO_TYPE);
+        return 0;
+    }
+    return 1;
+}
+
 #endif
diff --git a/freebsd/crypto/openssl/crypto/bio/b_sock2.c b/freebsd/crypto/openssl/crypto/bio/b_sock2.c
new file mode 100644
index 00000000..b09e6e21
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/bio/b_sock2.c
@@ -0,0 +1,317 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+
+#include "bio_lcl.h"
+
+#include <openssl/err.h>
+
+#ifndef OPENSSL_NO_SOCK
+# ifdef SO_MAXCONN
+#  define MAX_LISTEN  SO_MAXCONN
+# elif defined(SOMAXCONN)
+#  define MAX_LISTEN  SOMAXCONN
+# else
+#  define MAX_LISTEN  32
+# endif
+
+/*-
+ * BIO_socket - create a socket
+ * @domain: the socket domain (AF_INET, AF_INET6, AF_UNIX, ...)
+ * @socktype: the socket type (SOCK_STEAM, SOCK_DGRAM)
+ * @protocol: the protocol to use (IPPROTO_TCP, IPPROTO_UDP)
+ * @options: BIO socket options (currently unused)
+ *
+ * Creates a socket.  This should be called before calling any
+ * of BIO_connect and BIO_listen.
+ *
+ * Returns the file descriptor on success or INVALID_SOCKET on failure.  On
+ * failure errno is set, and a status is added to the OpenSSL error stack.
+ */
+int BIO_socket(int domain, int socktype, int protocol, int options)
+{
+    int sock = -1;
+
+    if (BIO_sock_init() != 1)
+        return INVALID_SOCKET;
+
+    sock = socket(domain, socktype, protocol);
+    if (sock == -1) {
+        SYSerr(SYS_F_SOCKET, get_last_socket_error());
+        BIOerr(BIO_F_BIO_SOCKET, BIO_R_UNABLE_TO_CREATE_SOCKET);
+        return INVALID_SOCKET;
+    }
+
+    return sock;
+}
+
+/*-
+ * BIO_connect - connect to an address
+ * @sock: the socket to connect with
+ * @addr: the address to connect to
+ * @options: BIO socket options
+ *
+ * Connects to the address using the given socket and options.
+ *
+ * Options can be a combination of the following:
+ * - BIO_SOCK_KEEPALIVE: enable regularly sending keep-alive messages.
+ * - BIO_SOCK_NONBLOCK: Make the socket non-blocking.
+ * - BIO_SOCK_NODELAY: don't delay small messages.
+ *
+ * options holds BIO socket options that can be used
+ * You should call this for every address returned by BIO_lookup
+ * until the connection is successful.
+ *
+ * Returns 1 on success or 0 on failure.  On failure errno is set
+ * and an error status is added to the OpenSSL error stack.
+ */
+int BIO_connect(int sock, const BIO_ADDR *addr, int options)
+{
+    const int on = 1;
+
+    if (sock == -1) {
+        BIOerr(BIO_F_BIO_CONNECT, BIO_R_INVALID_SOCKET);
+        return 0;
+    }
+
+    if (!BIO_socket_nbio(sock, (options & BIO_SOCK_NONBLOCK) != 0))
+        return 0;
+
+    if (options & BIO_SOCK_KEEPALIVE) {
+        if (setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE,
+                       (const void *)&on, sizeof(on)) != 0) {
+            SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error());
+            BIOerr(BIO_F_BIO_CONNECT, BIO_R_UNABLE_TO_KEEPALIVE);
+            return 0;
+        }
+    }
+
+    if (options & BIO_SOCK_NODELAY) {
+        if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY,
+                       (const void *)&on, sizeof(on)) != 0) {
+            SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error());
+            BIOerr(BIO_F_BIO_CONNECT, BIO_R_UNABLE_TO_NODELAY);
+            return 0;
+        }
+    }
+
+    if (connect(sock, BIO_ADDR_sockaddr(addr),
+                BIO_ADDR_sockaddr_size(addr)) == -1) {
+        if (!BIO_sock_should_retry(-1)) {
+            SYSerr(SYS_F_CONNECT, get_last_socket_error());
+            BIOerr(BIO_F_BIO_CONNECT, BIO_R_CONNECT_ERROR);
+        }
+        return 0;
+    }
+    return 1;
+}
+
+/*-
+ * BIO_bind - bind socket to address
+ * @sock: the socket to set
+ * @addr: local address to bind to
+ * @options: BIO socket options
+ *
+ * Binds to the address using the given socket and options.
+ *
+ * Options can be a combination of the following:
+ * - BIO_SOCK_REUSEADDR: Try to reuse the address and port combination
+ *   for a recently closed port.
+ *
+ * When restarting the program it could be that the port is still in use.  If
+ * you set to BIO_SOCK_REUSEADDR option it will try to reuse the port anyway.
+ * It's recommended that you use this.
+ */
+int BIO_bind(int sock, const BIO_ADDR *addr, int options)
+{
+    int on = 1;
+
+    if (sock == -1) {
+        BIOerr(BIO_F_BIO_BIND, BIO_R_INVALID_SOCKET);
+        return 0;
+    }
+
+# ifndef OPENSSL_SYS_WINDOWS
+    /*
+     * SO_REUSEADDR has different behavior on Windows than on
+     * other operating systems, don't set it there.
+     */
+    if (options & BIO_SOCK_REUSEADDR) {
+        if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR,
+                       (const void *)&on, sizeof(on)) != 0) {
+            SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error());
+            BIOerr(BIO_F_BIO_BIND, BIO_R_UNABLE_TO_REUSEADDR);
+            return 0;
+        }
+    }
+# endif
+
+    if (bind(sock, BIO_ADDR_sockaddr(addr), BIO_ADDR_sockaddr_size(addr)) != 0) {
+        SYSerr(SYS_F_BIND, get_last_socket_error());
+        BIOerr(BIO_F_BIO_BIND, BIO_R_UNABLE_TO_BIND_SOCKET);
+        return 0;
+    }
+
+    return 1;
+}
+
+/*-
+ * BIO_listen - Creates a listen socket
+ * @sock: the socket to listen with
+ * @addr: local address to bind to
+ * @options: BIO socket options
+ *
+ * Binds to the address using the given socket and options, then
+ * starts listening for incoming connections.
+ *
+ * Options can be a combination of the following:
+ * - BIO_SOCK_KEEPALIVE: enable regularly sending keep-alive messages.
+ * - BIO_SOCK_NONBLOCK: Make the socket non-blocking.
+ * - BIO_SOCK_NODELAY: don't delay small messages.
+ * - BIO_SOCK_REUSEADDR: Try to reuse the address and port combination
+ *   for a recently closed port.
+ * - BIO_SOCK_V6_ONLY: When creating an IPv6 socket, make it listen only
+ *   for IPv6 addresses and not IPv4 addresses mapped to IPv6.
+ *
+ * It's recommended that you set up both an IPv6 and IPv4 listen socket, and
+ * then check both for new clients that connect to it.  You want to set up
+ * the socket as non-blocking in that case since else it could hang.
+ *
+ * Not all operating systems support IPv4 addresses on an IPv6 socket, and for
+ * others it's an option.  If you pass the BIO_LISTEN_V6_ONLY it will try to
+ * create the IPv6 sockets to only listen for IPv6 connection.
+ *
+ * It could be that the first BIO_listen() call will listen to all the IPv6
+ * and IPv4 addresses and that then trying to bind to the IPv4 address will
+ * fail.  We can't tell the difference between already listening ourself to
+ * it and someone else listening to it when failing and errno is EADDRINUSE, so
+ * it's recommended to not give an error in that case if the first call was
+ * successful.
+ *
+ * When restarting the program it could be that the port is still in use.  If
+ * you set to BIO_SOCK_REUSEADDR option it will try to reuse the port anyway.
+ * It's recommended that you use this.
+ */
+int BIO_listen(int sock, const BIO_ADDR *addr, int options)
+{
+    int on = 1;
+    int socktype;
+    socklen_t socktype_len = sizeof(socktype);
+
+    if (sock == -1) {
+        BIOerr(BIO_F_BIO_LISTEN, BIO_R_INVALID_SOCKET);
+        return 0;
+    }
+
+    if (getsockopt(sock, SOL_SOCKET, SO_TYPE,
+                   (void *)&socktype, &socktype_len) != 0
+        || socktype_len != sizeof(socktype)) {
+        SYSerr(SYS_F_GETSOCKOPT, get_last_socket_error());
+        BIOerr(BIO_F_BIO_LISTEN, BIO_R_GETTING_SOCKTYPE);
+        return 0;
+    }
+
+    if (!BIO_socket_nbio(sock, (options & BIO_SOCK_NONBLOCK) != 0))
+        return 0;
+
+    if (options & BIO_SOCK_KEEPALIVE) {
+        if (setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE,
+                       (const void *)&on, sizeof(on)) != 0) {
+            SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error());
+            BIOerr(BIO_F_BIO_LISTEN, BIO_R_UNABLE_TO_KEEPALIVE);
+            return 0;
+        }
+    }
+
+    if (options & BIO_SOCK_NODELAY) {
+        if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY,
+                       (const void *)&on, sizeof(on)) != 0) {
+            SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error());
+            BIOerr(BIO_F_BIO_LISTEN, BIO_R_UNABLE_TO_NODELAY);
+            return 0;
+        }
+    }
+
+# ifdef IPV6_V6ONLY
+    if (BIO_ADDR_family(addr) == AF_INET6) {
+        /*
+         * Note: Windows default of IPV6_V6ONLY is ON, and Linux is OFF.
+         * Therefore we always have to use setsockopt here.
+         */
+        on = options & BIO_SOCK_V6_ONLY ? 1 : 0;
+        if (setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY,
+                       (const void *)&on, sizeof(on)) != 0) {
+            SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error());
+            BIOerr(BIO_F_BIO_LISTEN, BIO_R_LISTEN_V6_ONLY);
+            return 0;
+        }
+    }
+# endif
+
+    if (!BIO_bind(sock, addr, options))
+        return 0;
+
+    if (socktype != SOCK_DGRAM && listen(sock, MAX_LISTEN) == -1) {
+        SYSerr(SYS_F_LISTEN, get_last_socket_error());
+        BIOerr(BIO_F_BIO_LISTEN, BIO_R_UNABLE_TO_LISTEN_SOCKET);
+        return 0;
+    }
+
+    return 1;
+}
+
+/*-
+ * BIO_accept_ex - Accept new incoming connections
+ * @sock: the listening socket
+ * @addr: the BIO_ADDR to store the peer address in
+ * @options: BIO socket options, applied on the accepted socket.
+ *
+ */
+int BIO_accept_ex(int accept_sock, BIO_ADDR *addr_, int options)
+{
+    socklen_t len;
+    int accepted_sock;
+    BIO_ADDR locaddr;
+    BIO_ADDR *addr = addr_ == NULL ? &locaddr : addr_;
+
+    len = sizeof(*addr);
+    accepted_sock = accept(accept_sock,
+                           BIO_ADDR_sockaddr_noconst(addr), &len);
+    if (accepted_sock == -1) {
+        if (!BIO_sock_should_retry(accepted_sock)) {
+            SYSerr(SYS_F_ACCEPT, get_last_socket_error());
+            BIOerr(BIO_F_BIO_ACCEPT_EX, BIO_R_ACCEPT_ERROR);
+        }
+        return INVALID_SOCKET;
+    }
+
+    if (!BIO_socket_nbio(accepted_sock, (options & BIO_SOCK_NONBLOCK) != 0)) {
+        closesocket(accepted_sock);
+        return INVALID_SOCKET;
+    }
+
+    return accepted_sock;
+}
+
+/*-
+ * BIO_closesocket - Close a socket
+ * @sock: the socket to close
+ */
+int BIO_closesocket(int sock)
+{
+    if (closesocket(sock) < 0)
+        return 0;
+    return 1;
+}
+#endif
diff --git a/freebsd/crypto/openssl/crypto/bio/bf_buff.c b/freebsd/crypto/openssl/crypto/bio/bf_buff.c
index f74ce338..64ff56c0 100644
--- a/freebsd/crypto/openssl/crypto/bio/bf_buff.c
+++ b/freebsd/crypto/openssl/crypto/bio/bf_buff.c
@@ -1,67 +1,18 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/bio/bf_buff.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <errno.h>
-#include "cryptlib.h"
-#include <openssl/bio.h>
+#include "bio_lcl.h"
+#include "internal/cryptlib.h"
 
 static int buffer_write(BIO *h, const char *buf, int num);
 static int buffer_read(BIO *h, char *buf, int size);
@@ -70,13 +21,17 @@ static int buffer_gets(BIO *h, char *str, int size);
 static long buffer_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int buffer_new(BIO *h);
 static int buffer_free(BIO *data);
-static long buffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
+static long buffer_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
 #define DEFAULT_BUFFER_SIZE     4096
 
-static BIO_METHOD methods_buffer = {
+static const BIO_METHOD methods_buffer = {
     BIO_TYPE_BUFFER,
     "buffer",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
     buffer_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
     buffer_read,
     buffer_puts,
     buffer_gets,
@@ -86,40 +41,35 @@ static BIO_METHOD methods_buffer = {
     buffer_callback_ctrl,
 };
 
-BIO_METHOD *BIO_f_buffer(void)
+const BIO_METHOD *BIO_f_buffer(void)
 {
-    return (&methods_buffer);
+    return &methods_buffer;
 }
 
 static int buffer_new(BIO *bi)
 {
-    BIO_F_BUFFER_CTX *ctx;
+    BIO_F_BUFFER_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
 
-    ctx = (BIO_F_BUFFER_CTX *)OPENSSL_malloc(sizeof(BIO_F_BUFFER_CTX));
     if (ctx == NULL)
-        return (0);
-    ctx->ibuf = (char *)OPENSSL_malloc(DEFAULT_BUFFER_SIZE);
+        return 0;
+    ctx->ibuf_size = DEFAULT_BUFFER_SIZE;
+    ctx->ibuf = OPENSSL_malloc(DEFAULT_BUFFER_SIZE);
     if (ctx->ibuf == NULL) {
         OPENSSL_free(ctx);
-        return (0);
+        return 0;
     }
-    ctx->obuf = (char *)OPENSSL_malloc(DEFAULT_BUFFER_SIZE);
+    ctx->obuf_size = DEFAULT_BUFFER_SIZE;
+    ctx->obuf = OPENSSL_malloc(DEFAULT_BUFFER_SIZE);
     if (ctx->obuf == NULL) {
         OPENSSL_free(ctx->ibuf);
         OPENSSL_free(ctx);
-        return (0);
+        return 0;
     }
-    ctx->ibuf_size = DEFAULT_BUFFER_SIZE;
-    ctx->obuf_size = DEFAULT_BUFFER_SIZE;
-    ctx->ibuf_len = 0;
-    ctx->ibuf_off = 0;
-    ctx->obuf_len = 0;
-    ctx->obuf_off = 0;
 
     bi->init = 1;
     bi->ptr = (char *)ctx;
     bi->flags = 0;
-    return (1);
+    return 1;
 }
 
 static int buffer_free(BIO *a)
@@ -127,17 +77,15 @@ static int buffer_free(BIO *a)
     BIO_F_BUFFER_CTX *b;
 
     if (a == NULL)
-        return (0);
+        return 0;
     b = (BIO_F_BUFFER_CTX *)a->ptr;
-    if (b->ibuf != NULL)
-        OPENSSL_free(b->ibuf);
-    if (b->obuf != NULL)
-        OPENSSL_free(b->obuf);
+    OPENSSL_free(b->ibuf);
+    OPENSSL_free(b->obuf);
     OPENSSL_free(a->ptr);
     a->ptr = NULL;
     a->init = 0;
     a->flags = 0;
-    return (1);
+    return 1;
 }
 
 static int buffer_read(BIO *b, char *out, int outl)
@@ -146,11 +94,11 @@ static int buffer_read(BIO *b, char *out, int outl)
     BIO_F_BUFFER_CTX *ctx;
 
     if (out == NULL)
-        return (0);
+        return 0;
     ctx = (BIO_F_BUFFER_CTX *)b->ptr;
 
     if ((ctx == NULL) || (b->next_bio == NULL))
-        return (0);
+        return 0;
     num = 0;
     BIO_clear_retry_flags(b);
 
@@ -165,7 +113,7 @@ static int buffer_read(BIO *b, char *out, int outl)
         ctx->ibuf_len -= i;
         num += i;
         if (outl == i)
-            return (num);
+            return num;
         outl -= i;
         out += i;
     }
@@ -184,11 +132,11 @@ static int buffer_read(BIO *b, char *out, int outl)
                 if (i < 0)
                     return ((num > 0) ? num : i);
                 if (i == 0)
-                    return (num);
+                    return num;
             }
             num += i;
             if (outl == i)
-                return (num);
+                return num;
             out += i;
             outl -= i;
         }
@@ -202,7 +150,7 @@ static int buffer_read(BIO *b, char *out, int outl)
         if (i < 0)
             return ((num > 0) ? num : i);
         if (i == 0)
-            return (num);
+            return num;
     }
     ctx->ibuf_off = 0;
     ctx->ibuf_len = i;
@@ -217,10 +165,10 @@ static int buffer_write(BIO *b, const char *in, int inl)
     BIO_F_BUFFER_CTX *ctx;
 
     if ((in == NULL) || (inl <= 0))
-        return (0);
+        return 0;
     ctx = (BIO_F_BUFFER_CTX *)b->ptr;
     if ((ctx == NULL) || (b->next_bio == NULL))
-        return (0);
+        return 0;
 
     BIO_clear_retry_flags(b);
  start:
@@ -251,7 +199,7 @@ static int buffer_write(BIO *b, const char *in, int inl)
                 if (i < 0)
                     return ((num > 0) ? num : i);
                 if (i == 0)
-                    return (num);
+                    return num;
             }
             ctx->obuf_off += i;
             ctx->obuf_len -= i;
@@ -273,13 +221,13 @@ static int buffer_write(BIO *b, const char *in, int inl)
             if (i < 0)
                 return ((num > 0) ? num : i);
             if (i == 0)
-                return (num);
+                return num;
         }
         num += i;
         in += i;
         inl -= i;
         if (inl == 0)
-            return (num);
+            return num;
     }
 
     /*
@@ -306,7 +254,12 @@ static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr)
         ctx->obuf_off = 0;
         ctx->obuf_len = 0;
         if (b->next_bio == NULL)
-            return (0);
+            return 0;
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    case BIO_CTRL_EOF:
+        if (ctx->ibuf_len > 0)
+            return 0;
         ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
         break;
     case BIO_CTRL_INFO:
@@ -324,7 +277,7 @@ static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr)
         ret = (long)ctx->obuf_len;
         if (ret == 0) {
             if (b->next_bio == NULL)
-                return (0);
+                return 0;
             ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
         }
         break;
@@ -332,7 +285,7 @@ static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr)
         ret = (long)ctx->ibuf_len;
         if (ret == 0) {
             if (b->next_bio == NULL)
-                return (0);
+                return 0;
             ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
         }
         break;
@@ -341,8 +294,7 @@ static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr)
             p1 = OPENSSL_malloc((int)num);
             if (p1 == NULL)
                 goto malloc_error;
-            if (ctx->ibuf != NULL)
-                OPENSSL_free(ctx->ibuf);
+            OPENSSL_free(ctx->ibuf);
             ctx->ibuf = p1;
         }
         ctx->ibuf_off = 0;
@@ -368,12 +320,12 @@ static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr)
         p1 = ctx->ibuf;
         p2 = ctx->obuf;
         if ((ibs > DEFAULT_BUFFER_SIZE) && (ibs != ctx->ibuf_size)) {
-            p1 = (char *)OPENSSL_malloc((int)num);
+            p1 = OPENSSL_malloc((int)num);
             if (p1 == NULL)
                 goto malloc_error;
         }
         if ((obs > DEFAULT_BUFFER_SIZE) && (obs != ctx->obuf_size)) {
-            p2 = (char *)OPENSSL_malloc((int)num);
+            p2 = OPENSSL_malloc((int)num);
             if (p2 == NULL) {
                 if (p1 != ctx->ibuf)
                     OPENSSL_free(p1);
@@ -397,7 +349,7 @@ static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr)
         break;
     case BIO_C_DO_STATE_MACHINE:
         if (b->next_bio == NULL)
-            return (0);
+            return 0;
         BIO_clear_retry_flags(b);
         ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
         BIO_copy_next_retry(b);
@@ -405,7 +357,7 @@ static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr)
 
     case BIO_CTRL_FLUSH:
         if (b->next_bio == NULL)
-            return (0);
+            return 0;
         if (ctx->obuf_len <= 0) {
             ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
             break;
@@ -416,19 +368,14 @@ static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr)
             if (ctx->obuf_len > 0) {
                 r = BIO_write(b->next_bio,
                               &(ctx->obuf[ctx->obuf_off]), ctx->obuf_len);
-#if 0
-                fprintf(stderr, "FLUSH [%3d] %3d -> %3d\n", ctx->obuf_off,
-                        ctx->obuf_len, r);
-#endif
                 BIO_copy_next_retry(b);
                 if (r <= 0)
-                    return ((long)r);
+                    return (long)r;
                 ctx->obuf_off += r;
                 ctx->obuf_len -= r;
             } else {
                 ctx->obuf_len = 0;
                 ctx->obuf_off = 0;
-                ret = 1;
                 break;
             }
         }
@@ -440,30 +387,41 @@ static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr)
             !BIO_set_write_buffer_size(dbio, ctx->obuf_size))
             ret = 0;
         break;
+    case BIO_CTRL_PEEK:
+        /* Ensure there's stuff in the input buffer */
+        {
+            char fake_buf[1];
+            (void)buffer_read(b, fake_buf, 0);
+        }
+        if (num > ctx->ibuf_len)
+            num = ctx->ibuf_len;
+        memcpy(ptr, &(ctx->ibuf[ctx->ibuf_off]), num);
+        ret = num;
+        break;
     default:
         if (b->next_bio == NULL)
-            return (0);
+            return 0;
         ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
         break;
     }
-    return (ret);
+    return ret;
  malloc_error:
     BIOerr(BIO_F_BUFFER_CTRL, ERR_R_MALLOC_FAILURE);
-    return (0);
+    return 0;
 }
 
-static long buffer_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+static long buffer_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
 {
     long ret = 1;
 
     if (b->next_bio == NULL)
-        return (0);
+        return 0;
     switch (cmd) {
     default:
         ret = BIO_callback_ctrl(b->next_bio, cmd, fp);
         break;
     }
-    return (ret);
+    return ret;
 }
 
 static int buffer_gets(BIO *b, char *buf, int size)
@@ -494,7 +452,7 @@ static int buffer_gets(BIO *b, char *buf, int size)
             ctx->ibuf_off += i;
             if (flag || size == 0) {
                 *buf = '\0';
-                return (num);
+                return num;
             }
         } else {                /* read another chunk */
 
@@ -505,7 +463,7 @@ static int buffer_gets(BIO *b, char *buf, int size)
                 if (i < 0)
                     return ((num > 0) ? num : i);
                 if (i == 0)
-                    return (num);
+                    return num;
             }
             ctx->ibuf_len = i;
             ctx->ibuf_off = 0;
@@ -515,5 +473,5 @@ static int buffer_gets(BIO *b, char *buf, int size)
 
 static int buffer_puts(BIO *b, const char *str)
 {
-    return (buffer_write(b, str, strlen(str)));
+    return buffer_write(b, str, strlen(str));
 }
diff --git a/freebsd/crypto/openssl/crypto/bio/bf_lbuf.c b/freebsd/crypto/openssl/crypto/bio/bf_lbuf.c
index 02f4eb11..e96927b0 100644
--- a/freebsd/crypto/openssl/crypto/bio/bf_lbuf.c
+++ b/freebsd/crypto/openssl/crypto/bio/bf_lbuf.c
@@ -1,67 +1,18 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/bio/bf_buff.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <errno.h>
-#include "cryptlib.h"
-#include <openssl/bio.h>
+#include "bio_lcl.h"
+#include "internal/cryptlib.h"
 #include <openssl/evp.h>
 
 static int linebuffer_write(BIO *h, const char *buf, int num);
@@ -71,17 +22,21 @@ static int linebuffer_gets(BIO *h, char *str, int size);
 static long linebuffer_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int linebuffer_new(BIO *h);
 static int linebuffer_free(BIO *data);
-static long linebuffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
+static long linebuffer_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
 
 /* A 10k maximum should be enough for most purposes */
 #define DEFAULT_LINEBUFFER_SIZE 1024*10
 
 /* #define DEBUG */
 
-static BIO_METHOD methods_linebuffer = {
+static const BIO_METHOD methods_linebuffer = {
     BIO_TYPE_LINEBUFFER,
     "linebuffer",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
     linebuffer_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
     linebuffer_read,
     linebuffer_puts,
     linebuffer_gets,
@@ -91,9 +46,9 @@ static BIO_METHOD methods_linebuffer = {
     linebuffer_callback_ctrl,
 };
 
-BIO_METHOD *BIO_f_linebuffer(void)
+const BIO_METHOD *BIO_f_linebuffer(void)
 {
-    return (&methods_linebuffer);
+    return &methods_linebuffer;
 }
 
 typedef struct bio_linebuffer_ctx_struct {
@@ -106,13 +61,15 @@ static int linebuffer_new(BIO *bi)
 {
     BIO_LINEBUFFER_CTX *ctx;
 
-    ctx = (BIO_LINEBUFFER_CTX *)OPENSSL_malloc(sizeof(BIO_LINEBUFFER_CTX));
-    if (ctx == NULL)
-        return (0);
-    ctx->obuf = (char *)OPENSSL_malloc(DEFAULT_LINEBUFFER_SIZE);
+    if ((ctx = OPENSSL_malloc(sizeof(*ctx))) == NULL) {
+        BIOerr(BIO_F_LINEBUFFER_NEW, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ctx->obuf = OPENSSL_malloc(DEFAULT_LINEBUFFER_SIZE);
     if (ctx->obuf == NULL) {
+        BIOerr(BIO_F_LINEBUFFER_NEW, ERR_R_MALLOC_FAILURE);
         OPENSSL_free(ctx);
-        return (0);
+        return 0;
     }
     ctx->obuf_size = DEFAULT_LINEBUFFER_SIZE;
     ctx->obuf_len = 0;
@@ -120,7 +77,7 @@ static int linebuffer_new(BIO *bi)
     bi->init = 1;
     bi->ptr = (char *)ctx;
     bi->flags = 0;
-    return (1);
+    return 1;
 }
 
 static int linebuffer_free(BIO *a)
@@ -128,15 +85,14 @@ static int linebuffer_free(BIO *a)
     BIO_LINEBUFFER_CTX *b;
 
     if (a == NULL)
-        return (0);
+        return 0;
     b = (BIO_LINEBUFFER_CTX *)a->ptr;
-    if (b->obuf != NULL)
-        OPENSSL_free(b->obuf);
+    OPENSSL_free(b->obuf);
     OPENSSL_free(a->ptr);
     a->ptr = NULL;
     a->init = 0;
     a->flags = 0;
-    return (1);
+    return 1;
 }
 
 static int linebuffer_read(BIO *b, char *out, int outl)
@@ -144,13 +100,13 @@ static int linebuffer_read(BIO *b, char *out, int outl)
     int ret = 0;
 
     if (out == NULL)
-        return (0);
+        return 0;
     if (b->next_bio == NULL)
-        return (0);
+        return 0;
     ret = BIO_read(b->next_bio, out, outl);
     BIO_clear_retry_flags(b);
     BIO_copy_next_retry(b);
-    return (ret);
+    return ret;
 }
 
 static int linebuffer_write(BIO *b, const char *in, int inl)
@@ -159,18 +115,19 @@ static int linebuffer_write(BIO *b, const char *in, int inl)
     BIO_LINEBUFFER_CTX *ctx;
 
     if ((in == NULL) || (inl <= 0))
-        return (0);
+        return 0;
     ctx = (BIO_LINEBUFFER_CTX *)b->ptr;
     if ((ctx == NULL) || (b->next_bio == NULL))
-        return (0);
+        return 0;
 
     BIO_clear_retry_flags(b);
 
     do {
         const char *p;
+        char c;
 
-        for (p = in; p < in + inl && *p != '\n'; p++) ;
-        if (*p == '\n') {
+        for (p = in, c = '\0'; p < in + inl && (c = *p) != '\n'; p++) ;
+        if (c == '\n') {
             p++;
             foundnl = 1;
         } else
@@ -200,25 +157,16 @@ static int linebuffer_write(BIO *b, const char *in, int inl)
                     num += i;
                 }
             }
-#if 0
-            BIO_write(b->next_bio, "<*<", 3);
-#endif
             i = BIO_write(b->next_bio, ctx->obuf, ctx->obuf_len);
             if (i <= 0) {
                 ctx->obuf_len = orig_olen;
                 BIO_copy_next_retry(b);
 
-#if 0
-                BIO_write(b->next_bio, ">*>", 3);
-#endif
                 if (i < 0)
                     return ((num > 0) ? num : i);
                 if (i == 0)
-                    return (num);
+                    return num;
             }
-#if 0
-            BIO_write(b->next_bio, ">*>", 3);
-#endif
             if (i < ctx->obuf_len)
                 memmove(ctx->obuf, ctx->obuf + i, ctx->obuf_len - i);
             ctx->obuf_len -= i;
@@ -229,23 +177,14 @@ static int linebuffer_write(BIO *b, const char *in, int inl)
          * if a NL was found and there is anything to write.
          */
         if ((foundnl || p - in > ctx->obuf_size) && p - in > 0) {
-#if 0
-            BIO_write(b->next_bio, "<*<", 3);
-#endif
             i = BIO_write(b->next_bio, in, p - in);
             if (i <= 0) {
                 BIO_copy_next_retry(b);
-#if 0
-                BIO_write(b->next_bio, ">*>", 3);
-#endif
                 if (i < 0)
                     return ((num > 0) ? num : i);
                 if (i == 0)
-                    return (num);
+                    return num;
             }
-#if 0
-            BIO_write(b->next_bio, ">*>", 3);
-#endif
             num += i;
             in += i;
             inl -= i;
@@ -280,7 +219,7 @@ static long linebuffer_ctrl(BIO *b, int cmd, long num, void *ptr)
     case BIO_CTRL_RESET:
         ctx->obuf_len = 0;
         if (b->next_bio == NULL)
-            return (0);
+            return 0;
         ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
         break;
     case BIO_CTRL_INFO:
@@ -290,7 +229,7 @@ static long linebuffer_ctrl(BIO *b, int cmd, long num, void *ptr)
         ret = (long)ctx->obuf_len;
         if (ret == 0) {
             if (b->next_bio == NULL)
-                return (0);
+                return 0;
             ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
         }
         break;
@@ -298,7 +237,7 @@ static long linebuffer_ctrl(BIO *b, int cmd, long num, void *ptr)
         obs = (int)num;
         p = ctx->obuf;
         if ((obs > DEFAULT_LINEBUFFER_SIZE) && (obs != ctx->obuf_size)) {
-            p = (char *)OPENSSL_malloc((int)num);
+            p = OPENSSL_malloc((int)num);
             if (p == NULL)
                 goto malloc_error;
         }
@@ -314,7 +253,7 @@ static long linebuffer_ctrl(BIO *b, int cmd, long num, void *ptr)
         break;
     case BIO_C_DO_STATE_MACHINE:
         if (b->next_bio == NULL)
-            return (0);
+            return 0;
         BIO_clear_retry_flags(b);
         ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
         BIO_copy_next_retry(b);
@@ -322,7 +261,7 @@ static long linebuffer_ctrl(BIO *b, int cmd, long num, void *ptr)
 
     case BIO_CTRL_FLUSH:
         if (b->next_bio == NULL)
-            return (0);
+            return 0;
         if (ctx->obuf_len <= 0) {
             ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
             break;
@@ -332,18 +271,14 @@ static long linebuffer_ctrl(BIO *b, int cmd, long num, void *ptr)
             BIO_clear_retry_flags(b);
             if (ctx->obuf_len > 0) {
                 r = BIO_write(b->next_bio, ctx->obuf, ctx->obuf_len);
-#if 0
-                fprintf(stderr, "FLUSH %3d -> %3d\n", ctx->obuf_len, r);
-#endif
                 BIO_copy_next_retry(b);
                 if (r <= 0)
-                    return ((long)r);
+                    return (long)r;
                 if (r < ctx->obuf_len)
                     memmove(ctx->obuf, ctx->obuf + r, ctx->obuf_len - r);
                 ctx->obuf_len -= r;
             } else {
                 ctx->obuf_len = 0;
-                ret = 1;
                 break;
             }
         }
@@ -356,38 +291,38 @@ static long linebuffer_ctrl(BIO *b, int cmd, long num, void *ptr)
         break;
     default:
         if (b->next_bio == NULL)
-            return (0);
+            return 0;
         ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
         break;
     }
-    return (ret);
+    return ret;
  malloc_error:
     BIOerr(BIO_F_LINEBUFFER_CTRL, ERR_R_MALLOC_FAILURE);
-    return (0);
+    return 0;
 }
 
-static long linebuffer_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+static long linebuffer_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
 {
     long ret = 1;
 
     if (b->next_bio == NULL)
-        return (0);
+        return 0;
     switch (cmd) {
     default:
         ret = BIO_callback_ctrl(b->next_bio, cmd, fp);
         break;
     }
-    return (ret);
+    return ret;
 }
 
 static int linebuffer_gets(BIO *b, char *buf, int size)
 {
     if (b->next_bio == NULL)
-        return (0);
-    return (BIO_gets(b->next_bio, buf, size));
+        return 0;
+    return BIO_gets(b->next_bio, buf, size);
 }
 
 static int linebuffer_puts(BIO *b, const char *str)
 {
-    return (linebuffer_write(b, str, strlen(str)));
+    return linebuffer_write(b, str, strlen(str));
 }
diff --git a/freebsd/crypto/openssl/crypto/bio/bf_nbio.c b/freebsd/crypto/openssl/crypto/bio/bf_nbio.c
index 134e1e10..f7a5e5d0 100644
--- a/freebsd/crypto/openssl/crypto/bio/bf_nbio.c
+++ b/freebsd/crypto/openssl/crypto/bio/bf_nbio.c
@@ -1,68 +1,19 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/bio/bf_nbio.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <errno.h>
-#include "cryptlib.h"
+#include "bio_lcl.h"
+#include "internal/cryptlib.h"
 #include <openssl/rand.h>
-#include <openssl/bio.h>
 
 /*
  * BIO_put and BIO_get both add to the digest, BIO_gets returns the digest
@@ -75,17 +26,21 @@ static int nbiof_gets(BIO *h, char *str, int size);
 static long nbiof_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int nbiof_new(BIO *h);
 static int nbiof_free(BIO *data);
-static long nbiof_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
+static long nbiof_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
 typedef struct nbio_test_st {
     /* only set if we sent a 'should retry' error */
     int lrn;
     int lwn;
 } NBIO_TEST;
 
-static BIO_METHOD methods_nbiof = {
+static const BIO_METHOD methods_nbiof = {
     BIO_TYPE_NBIO_TEST,
     "non-blocking IO test filter",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
     nbiof_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
     nbiof_read,
     nbiof_puts,
     nbiof_gets,
@@ -95,53 +50,50 @@ static BIO_METHOD methods_nbiof = {
     nbiof_callback_ctrl,
 };
 
-BIO_METHOD *BIO_f_nbio_test(void)
+const BIO_METHOD *BIO_f_nbio_test(void)
 {
-    return (&methods_nbiof);
+    return &methods_nbiof;
 }
 
 static int nbiof_new(BIO *bi)
 {
     NBIO_TEST *nt;
 
-    if (!(nt = (NBIO_TEST *)OPENSSL_malloc(sizeof(NBIO_TEST))))
-        return (0);
+    if ((nt = OPENSSL_zalloc(sizeof(*nt))) == NULL) {
+        BIOerr(BIO_F_NBIOF_NEW, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
     nt->lrn = -1;
     nt->lwn = -1;
     bi->ptr = (char *)nt;
     bi->init = 1;
-    bi->flags = 0;
-    return (1);
+    return 1;
 }
 
 static int nbiof_free(BIO *a)
 {
     if (a == NULL)
-        return (0);
-    if (a->ptr != NULL)
-        OPENSSL_free(a->ptr);
+        return 0;
+    OPENSSL_free(a->ptr);
     a->ptr = NULL;
     a->init = 0;
     a->flags = 0;
-    return (1);
+    return 1;
 }
 
 static int nbiof_read(BIO *b, char *out, int outl)
 {
     int ret = 0;
-#if 1
     int num;
     unsigned char n;
-#endif
 
     if (out == NULL)
-        return (0);
+        return 0;
     if (b->next_bio == NULL)
-        return (0);
+        return 0;
 
     BIO_clear_retry_flags(b);
-#if 1
-    if (RAND_bytes(&n, 1) <= 0)
+    if (RAND_priv_bytes(&n, 1) <= 0)
         return -1;
     num = (n & 0x07);
 
@@ -151,14 +103,12 @@ static int nbiof_read(BIO *b, char *out, int outl)
     if (num == 0) {
         ret = -1;
         BIO_set_retry_read(b);
-    } else
-#endif
-    {
+    } else {
         ret = BIO_read(b->next_bio, out, outl);
         if (ret < 0)
             BIO_copy_next_retry(b);
     }
-    return (ret);
+    return ret;
 }
 
 static int nbiof_write(BIO *b, const char *in, int inl)
@@ -169,19 +119,18 @@ static int nbiof_write(BIO *b, const char *in, int inl)
     unsigned char n;
 
     if ((in == NULL) || (inl <= 0))
-        return (0);
+        return 0;
     if (b->next_bio == NULL)
-        return (0);
+        return 0;
     nt = (NBIO_TEST *)b->ptr;
 
     BIO_clear_retry_flags(b);
 
-#if 1
     if (nt->lwn > 0) {
         num = nt->lwn;
         nt->lwn = 0;
     } else {
-        if (RAND_bytes(&n, 1) <= 0)
+        if (RAND_priv_bytes(&n, 1) <= 0)
             return -1;
         num = (n & 7);
     }
@@ -192,16 +141,14 @@ static int nbiof_write(BIO *b, const char *in, int inl)
     if (num == 0) {
         ret = -1;
         BIO_set_retry_write(b);
-    } else
-#endif
-    {
+    } else {
         ret = BIO_write(b->next_bio, in, inl);
         if (ret < 0) {
             BIO_copy_next_retry(b);
             nt->lwn = inl;
         }
     }
-    return (ret);
+    return ret;
 }
 
 static long nbiof_ctrl(BIO *b, int cmd, long num, void *ptr)
@@ -209,7 +156,7 @@ static long nbiof_ctrl(BIO *b, int cmd, long num, void *ptr)
     long ret;
 
     if (b->next_bio == NULL)
-        return (0);
+        return 0;
     switch (cmd) {
     case BIO_C_DO_STATE_MACHINE:
         BIO_clear_retry_flags(b);
@@ -223,33 +170,33 @@ static long nbiof_ctrl(BIO *b, int cmd, long num, void *ptr)
         ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
         break;
     }
-    return (ret);
+    return ret;
 }
 
-static long nbiof_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+static long nbiof_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
 {
     long ret = 1;
 
     if (b->next_bio == NULL)
-        return (0);
+        return 0;
     switch (cmd) {
     default:
         ret = BIO_callback_ctrl(b->next_bio, cmd, fp);
         break;
     }
-    return (ret);
+    return ret;
 }
 
 static int nbiof_gets(BIO *bp, char *buf, int size)
 {
     if (bp->next_bio == NULL)
-        return (0);
-    return (BIO_gets(bp->next_bio, buf, size));
+        return 0;
+    return BIO_gets(bp->next_bio, buf, size);
 }
 
 static int nbiof_puts(BIO *bp, const char *str)
 {
     if (bp->next_bio == NULL)
-        return (0);
-    return (BIO_puts(bp->next_bio, str));
+        return 0;
+    return BIO_puts(bp->next_bio, str);
 }
diff --git a/freebsd/crypto/openssl/crypto/bio/bf_null.c b/freebsd/crypto/openssl/crypto/bio/bf_null.c
index c64526f1..63a6b05f 100644
--- a/freebsd/crypto/openssl/crypto/bio/bf_null.c
+++ b/freebsd/crypto/openssl/crypto/bio/bf_null.c
@@ -1,67 +1,18 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/bio/bf_null.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <errno.h>
-#include "cryptlib.h"
-#include <openssl/bio.h>
+#include "bio_lcl.h"
+#include "internal/cryptlib.h"
 
 /*
  * BIO_put and BIO_get both add to the digest, BIO_gets returns the digest
@@ -72,45 +23,27 @@ static int nullf_read(BIO *h, char *buf, int size);
 static int nullf_puts(BIO *h, const char *str);
 static int nullf_gets(BIO *h, char *str, int size);
 static long nullf_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int nullf_new(BIO *h);
-static int nullf_free(BIO *data);
-static long nullf_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
-static BIO_METHOD methods_nullf = {
+static long nullf_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
+static const BIO_METHOD methods_nullf = {
     BIO_TYPE_NULL_FILTER,
     "NULL filter",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
     nullf_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
     nullf_read,
     nullf_puts,
     nullf_gets,
     nullf_ctrl,
-    nullf_new,
-    nullf_free,
+    NULL,
+    NULL,
     nullf_callback_ctrl,
 };
 
-BIO_METHOD *BIO_f_null(void)
-{
-    return (&methods_nullf);
-}
-
-static int nullf_new(BIO *bi)
-{
-    bi->init = 1;
-    bi->ptr = NULL;
-    bi->flags = 0;
-    return (1);
-}
-
-static int nullf_free(BIO *a)
+const BIO_METHOD *BIO_f_null(void)
 {
-    if (a == NULL)
-        return (0);
-    /*-
-    a->ptr=NULL;
-    a->init=0;
-    a->flags=0;
-    */
-    return (1);
+    return &methods_nullf;
 }
 
 static int nullf_read(BIO *b, char *out, int outl)
@@ -118,13 +51,13 @@ static int nullf_read(BIO *b, char *out, int outl)
     int ret = 0;
 
     if (out == NULL)
-        return (0);
+        return 0;
     if (b->next_bio == NULL)
-        return (0);
+        return 0;
     ret = BIO_read(b->next_bio, out, outl);
     BIO_clear_retry_flags(b);
     BIO_copy_next_retry(b);
-    return (ret);
+    return ret;
 }
 
 static int nullf_write(BIO *b, const char *in, int inl)
@@ -132,13 +65,13 @@ static int nullf_write(BIO *b, const char *in, int inl)
     int ret = 0;
 
     if ((in == NULL) || (inl <= 0))
-        return (0);
+        return 0;
     if (b->next_bio == NULL)
-        return (0);
+        return 0;
     ret = BIO_write(b->next_bio, in, inl);
     BIO_clear_retry_flags(b);
     BIO_copy_next_retry(b);
-    return (ret);
+    return ret;
 }
 
 static long nullf_ctrl(BIO *b, int cmd, long num, void *ptr)
@@ -146,7 +79,7 @@ static long nullf_ctrl(BIO *b, int cmd, long num, void *ptr)
     long ret;
 
     if (b->next_bio == NULL)
-        return (0);
+        return 0;
     switch (cmd) {
     case BIO_C_DO_STATE_MACHINE:
         BIO_clear_retry_flags(b);
@@ -159,33 +92,33 @@ static long nullf_ctrl(BIO *b, int cmd, long num, void *ptr)
     default:
         ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
     }
-    return (ret);
+    return ret;
 }
 
-static long nullf_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+static long nullf_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
 {
     long ret = 1;
 
     if (b->next_bio == NULL)
-        return (0);
+        return 0;
     switch (cmd) {
     default:
         ret = BIO_callback_ctrl(b->next_bio, cmd, fp);
         break;
     }
-    return (ret);
+    return ret;
 }
 
 static int nullf_gets(BIO *bp, char *buf, int size)
 {
     if (bp->next_bio == NULL)
-        return (0);
-    return (BIO_gets(bp->next_bio, buf, size));
+        return 0;
+    return BIO_gets(bp->next_bio, buf, size);
 }
 
 static int nullf_puts(BIO *bp, const char *str)
 {
     if (bp->next_bio == NULL)
-        return (0);
-    return (BIO_puts(bp->next_bio, str));
+        return 0;
+    return BIO_puts(bp->next_bio, str);
 }
diff --git a/freebsd/crypto/openssl/crypto/bio/bio_cb.c b/freebsd/crypto/openssl/crypto/bio/bio_cb.c
index 68daae27..6c1290e9 100644
--- a/freebsd/crypto/openssl/crypto/bio/bio_cb.c
+++ b/freebsd/crypto/openssl/crypto/bio/bio_cb.c
@@ -1,150 +1,100 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/bio/bio_cb.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
-#include "cryptlib.h"
-#include <openssl/bio.h>
+#include "bio_lcl.h"
+#include "internal/cryptlib.h"
 #include <openssl/err.h>
 
-long MS_CALLBACK BIO_debug_callback(BIO *bio, int cmd, const char *argp,
-                                    int argi, long argl, long ret)
+long BIO_debug_callback(BIO *bio, int cmd, const char *argp,
+                        int argi, long argl, long ret)
 {
     BIO *b;
-    MS_STATIC char buf[256];
+    char buf[256];
     char *p;
     long r = 1;
-    int len;
-    size_t p_maxlen;
+    int len, left;
 
     if (BIO_CB_RETURN & cmd)
         r = ret;
 
-    len = BIO_snprintf(buf,sizeof(buf),"BIO[%p]: ",(void *)bio);
+    len = BIO_snprintf(buf, sizeof(buf), "BIO[%p]: ", (void *)bio);
 
     /* Ignore errors and continue printing the other information. */
     if (len < 0)
         len = 0;
     p = buf + len;
-    p_maxlen = sizeof(buf) - len;
+    left = sizeof(buf) - len;
 
     switch (cmd) {
     case BIO_CB_FREE:
-        BIO_snprintf(p, p_maxlen, "Free - %s\n", bio->method->name);
+        BIO_snprintf(p, left, "Free - %s\n", bio->method->name);
         break;
     case BIO_CB_READ:
         if (bio->method->type & BIO_TYPE_DESCRIPTOR)
-            BIO_snprintf(p, p_maxlen, "read(%d,%lu) - %s fd=%d\n",
+            BIO_snprintf(p, left, "read(%d,%lu) - %s fd=%d\n",
                          bio->num, (unsigned long)argi,
                          bio->method->name, bio->num);
         else
-            BIO_snprintf(p, p_maxlen, "read(%d,%lu) - %s\n",
-                         bio->num, (unsigned long)argi, bio->method->name);
+            BIO_snprintf(p, left, "read(%d,%lu) - %s\n",
+                    bio->num, (unsigned long)argi, bio->method->name);
         break;
     case BIO_CB_WRITE:
         if (bio->method->type & BIO_TYPE_DESCRIPTOR)
-            BIO_snprintf(p, p_maxlen, "write(%d,%lu) - %s fd=%d\n",
+            BIO_snprintf(p, left, "write(%d,%lu) - %s fd=%d\n",
                          bio->num, (unsigned long)argi,
                          bio->method->name, bio->num);
         else
-            BIO_snprintf(p, p_maxlen, "write(%d,%lu) - %s\n",
+            BIO_snprintf(p, left, "write(%d,%lu) - %s\n",
                          bio->num, (unsigned long)argi, bio->method->name);
         break;
     case BIO_CB_PUTS:
-        BIO_snprintf(p, p_maxlen, "puts() - %s\n", bio->method->name);
+        BIO_snprintf(p, left, "puts() - %s\n", bio->method->name);
         break;
     case BIO_CB_GETS:
-        BIO_snprintf(p, p_maxlen, "gets(%lu) - %s\n", (unsigned long)argi,
+        BIO_snprintf(p, left, "gets(%lu) - %s\n", (unsigned long)argi,
                      bio->method->name);
         break;
     case BIO_CB_CTRL:
-        BIO_snprintf(p, p_maxlen, "ctrl(%lu) - %s\n", (unsigned long)argi,
+        BIO_snprintf(p, left, "ctrl(%lu) - %s\n", (unsigned long)argi,
                      bio->method->name);
         break;
     case BIO_CB_RETURN | BIO_CB_READ:
-        BIO_snprintf(p, p_maxlen, "read return %ld\n", ret);
+        BIO_snprintf(p, left, "read return %ld\n", ret);
         break;
     case BIO_CB_RETURN | BIO_CB_WRITE:
-        BIO_snprintf(p, p_maxlen, "write return %ld\n", ret);
+        BIO_snprintf(p, left, "write return %ld\n", ret);
         break;
     case BIO_CB_RETURN | BIO_CB_GETS:
-        BIO_snprintf(p, p_maxlen, "gets return %ld\n", ret);
+        BIO_snprintf(p, left, "gets return %ld\n", ret);
         break;
     case BIO_CB_RETURN | BIO_CB_PUTS:
-        BIO_snprintf(p, p_maxlen, "puts return %ld\n", ret);
+        BIO_snprintf(p, left, "puts return %ld\n", ret);
         break;
     case BIO_CB_RETURN | BIO_CB_CTRL:
-        BIO_snprintf(p, p_maxlen, "ctrl return %ld\n", ret);
+        BIO_snprintf(p, left, "ctrl return %ld\n", ret);
         break;
     default:
-        BIO_snprintf(p, p_maxlen, "bio callback - unknown type (%d)\n", cmd);
+        BIO_snprintf(p, left, "bio callback - unknown type (%d)\n", cmd);
         break;
     }
 
     b = (BIO *)bio->cb_arg;
     if (b != NULL)
         BIO_write(b, buf, strlen(buf));
-#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)
+#if !defined(OPENSSL_NO_STDIO)
     else
         fputs(buf, stderr);
 #endif
-    return (r);
+    return r;
 }
diff --git a/freebsd/crypto/openssl/crypto/bio/bio_err.c b/freebsd/crypto/openssl/crypto/bio/bio_err.c
index 43fdabac..a8155c32 100644
--- a/freebsd/crypto/openssl/crypto/bio/bio_err.c
+++ b/freebsd/crypto/openssl/crypto/bio/bio_err.c
@@ -1,159 +1,147 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/bio/bio_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2015 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
 /*
- * NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
-#include <openssl/bio.h>
+#include <openssl/bioerr.h>
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_BIO,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_BIO,0,reason)
-
-static ERR_STRING_DATA BIO_str_functs[] = {
-    {ERR_FUNC(BIO_F_ACPT_STATE), "ACPT_STATE"},
-    {ERR_FUNC(BIO_F_BIO_ACCEPT), "BIO_accept"},
-    {ERR_FUNC(BIO_F_BIO_BER_GET_HEADER), "BIO_BER_GET_HEADER"},
-    {ERR_FUNC(BIO_F_BIO_CALLBACK_CTRL), "BIO_callback_ctrl"},
-    {ERR_FUNC(BIO_F_BIO_CTRL), "BIO_ctrl"},
-    {ERR_FUNC(BIO_F_BIO_GETHOSTBYNAME), "BIO_gethostbyname"},
-    {ERR_FUNC(BIO_F_BIO_GETS), "BIO_gets"},
-    {ERR_FUNC(BIO_F_BIO_GET_ACCEPT_SOCKET), "BIO_get_accept_socket"},
-    {ERR_FUNC(BIO_F_BIO_GET_HOST_IP), "BIO_get_host_ip"},
-    {ERR_FUNC(BIO_F_BIO_GET_PORT), "BIO_get_port"},
-    {ERR_FUNC(BIO_F_BIO_MAKE_PAIR), "BIO_MAKE_PAIR"},
-    {ERR_FUNC(BIO_F_BIO_NEW), "BIO_new"},
-    {ERR_FUNC(BIO_F_BIO_NEW_FILE), "BIO_new_file"},
-    {ERR_FUNC(BIO_F_BIO_NEW_MEM_BUF), "BIO_new_mem_buf"},
-    {ERR_FUNC(BIO_F_BIO_NREAD), "BIO_nread"},
-    {ERR_FUNC(BIO_F_BIO_NREAD0), "BIO_nread0"},
-    {ERR_FUNC(BIO_F_BIO_NWRITE), "BIO_nwrite"},
-    {ERR_FUNC(BIO_F_BIO_NWRITE0), "BIO_nwrite0"},
-    {ERR_FUNC(BIO_F_BIO_PUTS), "BIO_puts"},
-    {ERR_FUNC(BIO_F_BIO_READ), "BIO_read"},
-    {ERR_FUNC(BIO_F_BIO_SOCK_INIT), "BIO_sock_init"},
-    {ERR_FUNC(BIO_F_BIO_WRITE), "BIO_write"},
-    {ERR_FUNC(BIO_F_BUFFER_CTRL), "BUFFER_CTRL"},
-    {ERR_FUNC(BIO_F_CONN_CTRL), "CONN_CTRL"},
-    {ERR_FUNC(BIO_F_CONN_STATE), "CONN_STATE"},
-    {ERR_FUNC(BIO_F_DGRAM_SCTP_READ), "DGRAM_SCTP_READ"},
-    {ERR_FUNC(BIO_F_DGRAM_SCTP_WRITE), "DGRAM_SCTP_WRITE"},
-    {ERR_FUNC(BIO_F_FILE_CTRL), "FILE_CTRL"},
-    {ERR_FUNC(BIO_F_FILE_READ), "FILE_READ"},
-    {ERR_FUNC(BIO_F_LINEBUFFER_CTRL), "LINEBUFFER_CTRL"},
-    {ERR_FUNC(BIO_F_MEM_READ), "MEM_READ"},
-    {ERR_FUNC(BIO_F_MEM_WRITE), "MEM_WRITE"},
-    {ERR_FUNC(BIO_F_SSL_NEW), "SSL_new"},
-    {ERR_FUNC(BIO_F_WSASTARTUP), "WSASTARTUP"},
+static const ERR_STRING_DATA BIO_str_functs[] = {
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_ACPT_STATE, 0), "acpt_state"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_ADDRINFO_WRAP, 0), "addrinfo_wrap"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_ADDR_STRINGS, 0), "addr_strings"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_ACCEPT, 0), "BIO_accept"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_ACCEPT_EX, 0), "BIO_accept_ex"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_ACCEPT_NEW, 0), "BIO_ACCEPT_new"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_ADDR_NEW, 0), "BIO_ADDR_new"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_BIND, 0), "BIO_bind"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_CALLBACK_CTRL, 0), "BIO_callback_ctrl"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_CONNECT, 0), "BIO_connect"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_CONNECT_NEW, 0), "BIO_CONNECT_new"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_CTRL, 0), "BIO_ctrl"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_GETS, 0), "BIO_gets"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_GET_HOST_IP, 0), "BIO_get_host_ip"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_GET_NEW_INDEX, 0), "BIO_get_new_index"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_GET_PORT, 0), "BIO_get_port"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_LISTEN, 0), "BIO_listen"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_LOOKUP, 0), "BIO_lookup"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_LOOKUP_EX, 0), "BIO_lookup_ex"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_MAKE_PAIR, 0), "bio_make_pair"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_METH_NEW, 0), "BIO_meth_new"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_NEW, 0), "BIO_new"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_NEW_DGRAM_SCTP, 0), "BIO_new_dgram_sctp"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_NEW_FILE, 0), "BIO_new_file"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_NEW_MEM_BUF, 0), "BIO_new_mem_buf"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_NREAD, 0), "BIO_nread"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_NREAD0, 0), "BIO_nread0"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_NWRITE, 0), "BIO_nwrite"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_NWRITE0, 0), "BIO_nwrite0"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_PARSE_HOSTSERV, 0), "BIO_parse_hostserv"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_PUTS, 0), "BIO_puts"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_READ, 0), "BIO_read"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_READ_EX, 0), "BIO_read_ex"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_READ_INTERN, 0), "bio_read_intern"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_SOCKET, 0), "BIO_socket"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_SOCKET_NBIO, 0), "BIO_socket_nbio"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_SOCK_INFO, 0), "BIO_sock_info"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_SOCK_INIT, 0), "BIO_sock_init"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_WRITE, 0), "BIO_write"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_WRITE_EX, 0), "BIO_write_ex"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_WRITE_INTERN, 0), "bio_write_intern"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BUFFER_CTRL, 0), "buffer_ctrl"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_CONN_CTRL, 0), "conn_ctrl"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_CONN_STATE, 0), "conn_state"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_DGRAM_SCTP_NEW, 0), "dgram_sctp_new"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_DGRAM_SCTP_READ, 0), "dgram_sctp_read"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_DGRAM_SCTP_WRITE, 0), "dgram_sctp_write"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_DOAPR_OUTCH, 0), "doapr_outch"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_FILE_CTRL, 0), "file_ctrl"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_FILE_READ, 0), "file_read"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_LINEBUFFER_CTRL, 0), "linebuffer_ctrl"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_LINEBUFFER_NEW, 0), "linebuffer_new"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_MEM_WRITE, 0), "mem_write"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_NBIOF_NEW, 0), "nbiof_new"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_SLG_WRITE, 0), "slg_write"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_SSL_NEW, 0), "SSL_new"},
     {0, NULL}
 };
 
-static ERR_STRING_DATA BIO_str_reasons[] = {
-    {ERR_REASON(BIO_R_ACCEPT_ERROR), "accept error"},
-    {ERR_REASON(BIO_R_BAD_FOPEN_MODE), "bad fopen mode"},
-    {ERR_REASON(BIO_R_BAD_HOSTNAME_LOOKUP), "bad hostname lookup"},
-    {ERR_REASON(BIO_R_BROKEN_PIPE), "broken pipe"},
-    {ERR_REASON(BIO_R_CONNECT_ERROR), "connect error"},
-    {ERR_REASON(BIO_R_EOF_ON_MEMORY_BIO), "EOF on memory BIO"},
-    {ERR_REASON(BIO_R_ERROR_SETTING_NBIO), "error setting nbio"},
-    {ERR_REASON(BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET),
-     "error setting nbio on accepted socket"},
-    {ERR_REASON(BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET),
-     "error setting nbio on accept socket"},
-    {ERR_REASON(BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET),
-     "gethostbyname addr is not af inet"},
-    {ERR_REASON(BIO_R_INVALID_ARGUMENT), "invalid argument"},
-    {ERR_REASON(BIO_R_INVALID_IP_ADDRESS), "invalid ip address"},
-    {ERR_REASON(BIO_R_IN_USE), "in use"},
-    {ERR_REASON(BIO_R_KEEPALIVE), "keepalive"},
-    {ERR_REASON(BIO_R_NBIO_CONNECT_ERROR), "nbio connect error"},
-    {ERR_REASON(BIO_R_NO_ACCEPT_PORT_SPECIFIED), "no accept port specified"},
-    {ERR_REASON(BIO_R_NO_HOSTNAME_SPECIFIED), "no hostname specified"},
-    {ERR_REASON(BIO_R_NO_PORT_DEFINED), "no port defined"},
-    {ERR_REASON(BIO_R_NO_PORT_SPECIFIED), "no port specified"},
-    {ERR_REASON(BIO_R_NO_SUCH_FILE), "no such file"},
-    {ERR_REASON(BIO_R_NULL_PARAMETER), "null parameter"},
-    {ERR_REASON(BIO_R_TAG_MISMATCH), "tag mismatch"},
-    {ERR_REASON(BIO_R_UNABLE_TO_BIND_SOCKET), "unable to bind socket"},
-    {ERR_REASON(BIO_R_UNABLE_TO_CREATE_SOCKET), "unable to create socket"},
-    {ERR_REASON(BIO_R_UNABLE_TO_LISTEN_SOCKET), "unable to listen socket"},
-    {ERR_REASON(BIO_R_UNINITIALIZED), "uninitialized"},
-    {ERR_REASON(BIO_R_UNSUPPORTED_METHOD), "unsupported method"},
-    {ERR_REASON(BIO_R_WRITE_TO_READ_ONLY_BIO), "write to read only BIO"},
-    {ERR_REASON(BIO_R_WSASTARTUP), "WSAStartup"},
+static const ERR_STRING_DATA BIO_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_ACCEPT_ERROR), "accept error"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_ADDRINFO_ADDR_IS_NOT_AF_INET),
+    "addrinfo addr is not af inet"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_AMBIGUOUS_HOST_OR_SERVICE),
+    "ambiguous host or service"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_BAD_FOPEN_MODE), "bad fopen mode"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_BROKEN_PIPE), "broken pipe"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_CONNECT_ERROR), "connect error"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET),
+    "gethostbyname addr is not af inet"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_GETSOCKNAME_ERROR), "getsockname error"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_GETSOCKNAME_TRUNCATED_ADDRESS),
+    "getsockname truncated address"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_GETTING_SOCKTYPE), "getting socktype"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_INVALID_ARGUMENT), "invalid argument"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_INVALID_SOCKET), "invalid socket"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_IN_USE), "in use"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_LENGTH_TOO_LONG), "length too long"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_LISTEN_V6_ONLY), "listen v6 only"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_LOOKUP_RETURNED_NOTHING),
+    "lookup returned nothing"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_MALFORMED_HOST_OR_SERVICE),
+    "malformed host or service"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NBIO_CONNECT_ERROR), "nbio connect error"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED),
+    "no accept addr or service specified"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED),
+    "no hostname or service specified"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NO_PORT_DEFINED), "no port defined"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NO_SUCH_FILE), "no such file"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NULL_PARAMETER), "null parameter"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNABLE_TO_BIND_SOCKET),
+    "unable to bind socket"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNABLE_TO_CREATE_SOCKET),
+    "unable to create socket"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNABLE_TO_KEEPALIVE),
+    "unable to keepalive"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNABLE_TO_LISTEN_SOCKET),
+    "unable to listen socket"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNABLE_TO_NODELAY), "unable to nodelay"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNABLE_TO_REUSEADDR),
+    "unable to reuseaddr"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNAVAILABLE_IP_FAMILY),
+    "unavailable ip family"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNINITIALIZED), "uninitialized"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNKNOWN_INFO_TYPE), "unknown info type"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNSUPPORTED_IP_FAMILY),
+    "unsupported ip family"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNSUPPORTED_METHOD), "unsupported method"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNSUPPORTED_PROTOCOL_FAMILY),
+    "unsupported protocol family"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_WRITE_TO_READ_ONLY_BIO),
+    "write to read only BIO"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_WSASTARTUP), "WSAStartup"},
     {0, NULL}
 };
 
 #endif
 
-void ERR_load_BIO_strings(void)
+int ERR_load_BIO_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
-
     if (ERR_func_error_string(BIO_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, BIO_str_functs);
-        ERR_load_strings(0, BIO_str_reasons);
+        ERR_load_strings_const(BIO_str_functs);
+        ERR_load_strings_const(BIO_str_reasons);
     }
 #endif
+    return 1;
 }
diff --git a/freebsd/crypto/openssl/crypto/bio/bio_lcl.h b/freebsd/crypto/openssl/crypto/bio/bio_lcl.h
index 741884da..e2c05a20 100644
--- a/freebsd/crypto/openssl/crypto/bio/bio_lcl.h
+++ b/freebsd/crypto/openssl/crypto/bio/bio_lcl.h
@@ -1,4 +1,156 @@
-#include <openssl/bio.h>
+/*
+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include "internal/sockets.h"
+#include "internal/refcount.h"
+
+/* BEGIN BIO_ADDRINFO/BIO_ADDR stuff. */
+
+#ifndef OPENSSL_NO_SOCK
+/*
+ * Throughout this file and b_addr.c, the existence of the macro
+ * AI_PASSIVE is used to detect the availability of struct addrinfo,
+ * getnameinfo() and getaddrinfo().  If that macro doesn't exist,
+ * we use our own implementation instead.
+ */
+
+/*
+ * It's imperative that these macros get defined before openssl/bio.h gets
+ * included.  Otherwise, the AI_PASSIVE hack will not work properly.
+ * For clarity, we check for internal/cryptlib.h since it's a common header
+ * that also includes bio.h.
+ */
+# ifdef HEADER_CRYPTLIB_H
+#  error internal/cryptlib.h included before bio_lcl.h
+# endif
+# ifdef HEADER_BIO_H
+#  error openssl/bio.h included before bio_lcl.h
+# endif
+
+/*
+ * Undefine AF_UNIX on systems that define it but don't support it.
+ */
+# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_VMS)
+#  undef AF_UNIX
+# endif
+
+# ifdef AI_PASSIVE
+
+/*
+ * There's a bug in VMS C header file netdb.h, where struct addrinfo
+ * always is the P32 variant, but the functions that handle that structure,
+ * such as getaddrinfo() and freeaddrinfo() adapt to the initial pointer
+ * size.  The easiest workaround is to force struct addrinfo to be the
+ * 64-bit variant when compiling in P64 mode.
+ */
+#  if defined(OPENSSL_SYS_VMS) && __INITIAL_POINTER_SIZE == 64
+#   define addrinfo __addrinfo64
+#  endif
+
+#  define bio_addrinfo_st addrinfo
+#  define bai_family      ai_family
+#  define bai_socktype    ai_socktype
+#  define bai_protocol    ai_protocol
+#  define bai_addrlen     ai_addrlen
+#  define bai_addr        ai_addr
+#  define bai_next        ai_next
+# else
+struct bio_addrinfo_st {
+    int bai_family;
+    int bai_socktype;
+    int bai_protocol;
+    size_t bai_addrlen;
+    struct sockaddr *bai_addr;
+    struct bio_addrinfo_st *bai_next;
+};
+# endif
+
+union bio_addr_st {
+    struct sockaddr sa;
+# ifdef AF_INET6
+    struct sockaddr_in6 s_in6;
+# endif
+    struct sockaddr_in s_in;
+# ifdef AF_UNIX
+    struct sockaddr_un s_un;
+# endif
+};
+#endif
+
+/* END BIO_ADDRINFO/BIO_ADDR stuff. */
+
+#include "internal/cryptlib.h"
+#include "internal/bio.h"
+
+typedef struct bio_f_buffer_ctx_struct {
+    /*-
+     * Buffers are setup like this:
+     *
+     * <---------------------- size ----------------------->
+     * +---------------------------------------------------+
+     * | consumed | remaining          | free space        |
+     * +---------------------------------------------------+
+     * <-- off --><------- len ------->
+     */
+    /*- BIO *bio; *//*
+     * this is now in the BIO struct
+     */
+    int ibuf_size;              /* how big is the input buffer */
+    int obuf_size;              /* how big is the output buffer */
+    char *ibuf;                 /* the char array */
+    int ibuf_len;               /* how many bytes are in it */
+    int ibuf_off;               /* write/read offset */
+    char *obuf;                 /* the char array */
+    int obuf_len;               /* how many bytes are in it */
+    int obuf_off;               /* write/read offset */
+} BIO_F_BUFFER_CTX;
+
+struct bio_st {
+    const BIO_METHOD *method;
+    /* bio, mode, argp, argi, argl, ret */
+    BIO_callback_fn callback;
+    BIO_callback_fn_ex callback_ex;
+    char *cb_arg;               /* first argument for the callback */
+    int init;
+    int shutdown;
+    int flags;                  /* extra storage */
+    int retry_reason;
+    int num;
+    void *ptr;
+    struct bio_st *next_bio;    /* used by filter BIOs */
+    struct bio_st *prev_bio;    /* used by filter BIOs */
+    CRYPTO_REF_COUNT references;
+    uint64_t num_read;
+    uint64_t num_write;
+    CRYPTO_EX_DATA ex_data;
+    CRYPTO_RWLOCK *lock;
+};
+
+#ifndef OPENSSL_NO_SOCK
+# ifdef OPENSSL_SYS_VMS
+typedef unsigned int socklen_t;
+# endif
+
+extern CRYPTO_RWLOCK *bio_lookup_lock;
+
+int BIO_ADDR_make(BIO_ADDR *ap, const struct sockaddr *sa);
+const struct sockaddr *BIO_ADDR_sockaddr(const BIO_ADDR *ap);
+struct sockaddr *BIO_ADDR_sockaddr_noconst(BIO_ADDR *ap);
+socklen_t BIO_ADDR_sockaddr_size(const BIO_ADDR *ap);
+socklen_t BIO_ADDRINFO_sockaddr_size(const BIO_ADDRINFO *bai);
+const struct sockaddr *BIO_ADDRINFO_sockaddr(const BIO_ADDRINFO *bai);
+#endif
+
+extern CRYPTO_RWLOCK *bio_type_lock;
+
+void bio_sock_cleanup_int(void);
 
 #if BIO_FLAGS_UPLINK==0
 /* Shortcut UPLINK calls on most platforms... */
@@ -33,4 +185,6 @@
 #  define UP_lseek        lseek
 #  define UP_close        close
 # endif
+
 #endif
+
diff --git a/freebsd/crypto/openssl/crypto/bio/bio_lib.c b/freebsd/crypto/openssl/crypto/bio/bio_lib.c
index 3e28f70d..a669714d 100644
--- a/freebsd/crypto/openssl/crypto/bio/bio_lib.c
+++ b/freebsd/crypto/openssl/crypto/bio/bio_lib.c
@@ -1,140 +1,175 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/bio/bio_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <errno.h>
 #include <openssl/crypto.h>
-#include "cryptlib.h"
-#include <openssl/bio.h>
-#include <openssl/stack.h>
+#include "bio_lcl.h"
+#include "internal/cryptlib.h"
+
+
+/*
+ * Helper macro for the callback to determine whether an operator expects a
+ * len parameter or not
+ */
+#define HAS_LEN_OPER(o)        ((o) == BIO_CB_READ || (o) == BIO_CB_WRITE || \
+                                (o) == BIO_CB_GETS)
 
-BIO *BIO_new(BIO_METHOD *method)
+/*
+ * Helper function to work out whether to call the new style callback or the old
+ * one, and translate between the two.
+ *
+ * This has a long return type for consistency with the old callback. Similarly
+ * for the "long" used for "inret"
+ */
+static long bio_call_callback(BIO *b, int oper, const char *argp, size_t len,
+                              int argi, long argl, long inret, size_t *processed)
 {
-    BIO *ret = NULL;
+    long ret;
+    int bareoper;
 
-    ret = (BIO *)OPENSSL_malloc(sizeof(BIO));
-    if (ret == NULL) {
-        BIOerr(BIO_F_BIO_NEW, ERR_R_MALLOC_FAILURE);
-        return (NULL);
+    if (b->callback_ex != NULL)
+        return b->callback_ex(b, oper, argp, len, argi, argl, inret, processed);
+
+    /* Strip off any BIO_CB_RETURN flag */
+    bareoper = oper & ~BIO_CB_RETURN;
+
+    /*
+     * We have an old style callback, so we will have to do nasty casts and
+     * check for overflows.
+     */
+    if (HAS_LEN_OPER(bareoper)) {
+        /* In this case |len| is set, and should be used instead of |argi| */
+        if (len > INT_MAX)
+            return -1;
+
+        argi = (int)len;
+    }
+
+    if (inret && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) {
+        if (*processed > INT_MAX)
+            return -1;
+        inret = *processed;
     }
-    if (!BIO_set(ret, method)) {
-        OPENSSL_free(ret);
-        ret = NULL;
+
+    ret = b->callback(b, oper, argp, argi, argl, inret);
+
+    if (ret >= 0 && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) {
+        *processed = (size_t)ret;
+        ret = 1;
     }
-    return (ret);
+
+    return ret;
 }
 
-int BIO_set(BIO *bio, BIO_METHOD *method)
+BIO *BIO_new(const BIO_METHOD *method)
 {
+    BIO *bio = OPENSSL_zalloc(sizeof(*bio));
+
+    if (bio == NULL) {
+        BIOerr(BIO_F_BIO_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
     bio->method = method;
-    bio->callback = NULL;
-    bio->cb_arg = NULL;
-    bio->init = 0;
     bio->shutdown = 1;
-    bio->flags = 0;
-    bio->retry_reason = 0;
-    bio->num = 0;
-    bio->ptr = NULL;
-    bio->prev_bio = NULL;
-    bio->next_bio = NULL;
     bio->references = 1;
-    bio->num_read = 0L;
-    bio->num_write = 0L;
-    CRYPTO_new_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data);
-    if (method->create != NULL)
-        if (!method->create(bio)) {
-            CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data);
-            return (0);
-        }
-    return (1);
+
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data))
+        goto err;
+
+    bio->lock = CRYPTO_THREAD_lock_new();
+    if (bio->lock == NULL) {
+        BIOerr(BIO_F_BIO_NEW, ERR_R_MALLOC_FAILURE);
+        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data);
+        goto err;
+    }
+
+    if (method->create != NULL && !method->create(bio)) {
+        BIOerr(BIO_F_BIO_NEW, ERR_R_INIT_FAIL);
+        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data);
+        CRYPTO_THREAD_lock_free(bio->lock);
+        goto err;
+    }
+    if (method->create == NULL)
+        bio->init = 1;
+
+    return bio;
+
+err:
+    OPENSSL_free(bio);
+    return NULL;
 }
 
 int BIO_free(BIO *a)
 {
-    int i;
+    int ret;
 
     if (a == NULL)
-        return (0);
+        return 0;
 
-    i = CRYPTO_add(&a->references, -1, CRYPTO_LOCK_BIO);
-#ifdef REF_PRINT
-    REF_PRINT("BIO", a);
-#endif
-    if (i > 0)
-        return (1);
-#ifdef REF_CHECK
-    if (i < 0) {
-        fprintf(stderr, "BIO_free, bad reference count\n");
-        abort();
-    }
-#endif
-    if ((a->callback != NULL) &&
-        ((i = (int)a->callback(a, BIO_CB_FREE, NULL, 0, 0L, 1L)) <= 0))
-        return (i);
+    if (CRYPTO_DOWN_REF(&a->references, &ret, a->lock) <= 0)
+        return 0;
 
-    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data);
+    REF_PRINT_COUNT("BIO", a);
+    if (ret > 0)
+        return 1;
+    REF_ASSERT_ISNT(ret < 0);
+
+    if (a->callback != NULL || a->callback_ex != NULL) {
+        ret = (int)bio_call_callback(a, BIO_CB_FREE, NULL, 0, 0, 0L, 1L, NULL);
+        if (ret <= 0)
+            return ret;
+    }
 
     if ((a->method != NULL) && (a->method->destroy != NULL))
         a->method->destroy(a);
+
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data);
+
+    CRYPTO_THREAD_lock_free(a->lock);
+
     OPENSSL_free(a);
-    return (1);
+
+    return 1;
+}
+
+void BIO_set_data(BIO *a, void *ptr)
+{
+    a->ptr = ptr;
+}
+
+void *BIO_get_data(BIO *a)
+{
+    return a->ptr;
+}
+
+void BIO_set_init(BIO *a, int init)
+{
+    a->init = init;
+}
+
+int BIO_get_init(BIO *a)
+{
+    return a->init;
+}
+
+void BIO_set_shutdown(BIO *a, int shut)
+{
+    a->shutdown = shut;
+}
+
+int BIO_get_shutdown(BIO *a)
+{
+    return a->shutdown;
 }
 
 void BIO_vfree(BIO *a)
@@ -142,6 +177,18 @@ void BIO_vfree(BIO *a)
     BIO_free(a);
 }
 
+int BIO_up_ref(BIO *a)
+{
+    int i;
+
+    if (CRYPTO_UP_REF(&a->references, &i, a->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("BIO", a);
+    REF_ASSERT_ISNT(i < 2);
+    return ((i > 1) ? 1 : 0);
+}
+
 void BIO_clear_flags(BIO *b, int flags)
 {
     b->flags &= ~flags;
@@ -157,18 +204,26 @@ void BIO_set_flags(BIO *b, int flags)
     b->flags |= flags;
 }
 
-long (*BIO_get_callback(const BIO *b)) (struct bio_st *, int, const char *,
-                                        int, long, long) {
+BIO_callback_fn BIO_get_callback(const BIO *b)
+{
     return b->callback;
 }
 
-void BIO_set_callback(BIO *b,
-                      long (*cb) (struct bio_st *, int, const char *, int,
-                                  long, long))
+void BIO_set_callback(BIO *b, BIO_callback_fn cb)
 {
     b->callback = cb;
 }
 
+BIO_callback_fn_ex BIO_get_callback_ex(const BIO *b)
+{
+    return b->callback_ex;
+}
+
+void BIO_set_callback_ex(BIO *b, BIO_callback_fn_ex cb)
+{
+    b->callback_ex = cb;
+}
+
 void BIO_set_callback_arg(BIO *b, char *arg)
 {
     b->cb_arg = arg;
@@ -189,124 +244,239 @@ int BIO_method_type(const BIO *b)
     return b->method->type;
 }
 
-int BIO_read(BIO *b, void *out, int outl)
+/*
+ * This is essentially the same as BIO_read_ex() except that it allows
+ * 0 or a negative value to indicate failure (retryable or not) in the return.
+ * This is for compatibility with the old style BIO_read(), where existing code
+ * may make assumptions about the return value that it might get.
+ */
+static int bio_read_intern(BIO *b, void *data, size_t dlen, size_t *readbytes)
 {
-    int i;
-    long (*cb) (BIO *, int, const char *, int, long, long);
+    int ret;
 
     if ((b == NULL) || (b->method == NULL) || (b->method->bread == NULL)) {
-        BIOerr(BIO_F_BIO_READ, BIO_R_UNSUPPORTED_METHOD);
-        return (-2);
+        BIOerr(BIO_F_BIO_READ_INTERN, BIO_R_UNSUPPORTED_METHOD);
+        return -2;
     }
 
-    cb = b->callback;
-    if ((cb != NULL) &&
-        ((i = (int)cb(b, BIO_CB_READ, out, outl, 0L, 1L)) <= 0))
-        return (i);
+    if ((b->callback != NULL || b->callback_ex != NULL) &&
+        ((ret = (int)bio_call_callback(b, BIO_CB_READ, data, dlen, 0, 0L, 1L,
+                                       NULL)) <= 0))
+        return ret;
 
     if (!b->init) {
-        BIOerr(BIO_F_BIO_READ, BIO_R_UNINITIALIZED);
-        return (-2);
+        BIOerr(BIO_F_BIO_READ_INTERN, BIO_R_UNINITIALIZED);
+        return -2;
     }
 
-    i = b->method->bread(b, out, outl);
+    ret = b->method->bread(b, data, dlen, readbytes);
+
+    if (ret > 0)
+        b->num_read += (uint64_t)*readbytes;
 
-    if (i > 0)
-        b->num_read += (unsigned long)i;
+    if (b->callback != NULL || b->callback_ex != NULL)
+        ret = (int)bio_call_callback(b, BIO_CB_READ | BIO_CB_RETURN, data,
+                                     dlen, 0, 0L, ret, readbytes);
 
-    if (cb != NULL)
-        i = (int)cb(b, BIO_CB_READ | BIO_CB_RETURN, out, outl, 0L, (long)i);
-    return (i);
+    /* Shouldn't happen */
+    if (ret > 0 && *readbytes > dlen) {
+        BIOerr(BIO_F_BIO_READ_INTERN, ERR_R_INTERNAL_ERROR);
+        return -1;
+    }
+
+    return ret;
 }
 
-int BIO_write(BIO *b, const void *in, int inl)
+int BIO_read(BIO *b, void *data, int dlen)
 {
-    int i;
-    long (*cb) (BIO *, int, const char *, int, long, long);
+    size_t readbytes;
+    int ret;
+
+    if (dlen < 0)
+        return 0;
+
+    ret = bio_read_intern(b, data, (size_t)dlen, &readbytes);
+
+    if (ret > 0) {
+        /* *readbytes should always be <= dlen */
+        ret = (int)readbytes;
+    }
+
+    return ret;
+}
+
+int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes)
+{
+    int ret;
+
+    ret = bio_read_intern(b, data, dlen, readbytes);
+
+    if (ret > 0)
+        ret = 1;
+    else
+        ret = 0;
+
+    return ret;
+}
+
+static int bio_write_intern(BIO *b, const void *data, size_t dlen,
+                            size_t *written)
+{
+    int ret;
 
     if (b == NULL)
-        return (0);
+        return 0;
 
-    cb = b->callback;
     if ((b->method == NULL) || (b->method->bwrite == NULL)) {
-        BIOerr(BIO_F_BIO_WRITE, BIO_R_UNSUPPORTED_METHOD);
-        return (-2);
+        BIOerr(BIO_F_BIO_WRITE_INTERN, BIO_R_UNSUPPORTED_METHOD);
+        return -2;
     }
 
-    if ((cb != NULL) &&
-        ((i = (int)cb(b, BIO_CB_WRITE, in, inl, 0L, 1L)) <= 0))
-        return (i);
+    if ((b->callback != NULL || b->callback_ex != NULL) &&
+        ((ret = (int)bio_call_callback(b, BIO_CB_WRITE, data, dlen, 0, 0L, 1L,
+                                       NULL)) <= 0))
+        return ret;
 
     if (!b->init) {
-        BIOerr(BIO_F_BIO_WRITE, BIO_R_UNINITIALIZED);
-        return (-2);
+        BIOerr(BIO_F_BIO_WRITE_INTERN, BIO_R_UNINITIALIZED);
+        return -2;
     }
 
-    i = b->method->bwrite(b, in, inl);
+    ret = b->method->bwrite(b, data, dlen, written);
 
-    if (i > 0)
-        b->num_write += (unsigned long)i;
+    if (ret > 0)
+        b->num_write += (uint64_t)*written;
 
-    if (cb != NULL)
-        i = (int)cb(b, BIO_CB_WRITE | BIO_CB_RETURN, in, inl, 0L, (long)i);
-    return (i);
+    if (b->callback != NULL || b->callback_ex != NULL)
+        ret = (int)bio_call_callback(b, BIO_CB_WRITE | BIO_CB_RETURN, data,
+                                     dlen, 0, 0L, ret, written);
+
+    return ret;
 }
 
-int BIO_puts(BIO *b, const char *in)
+int BIO_write(BIO *b, const void *data, int dlen)
 {
-    int i;
-    long (*cb) (BIO *, int, const char *, int, long, long);
+    size_t written;
+    int ret;
+
+    if (dlen < 0)
+        return 0;
+
+    ret = bio_write_intern(b, data, (size_t)dlen, &written);
+
+    if (ret > 0) {
+        /* *written should always be <= dlen */
+        ret = (int)written;
+    }
+
+    return ret;
+}
+
+int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written)
+{
+    int ret;
+
+    ret = bio_write_intern(b, data, dlen, written);
+
+    if (ret > 0)
+        ret = 1;
+    else
+        ret = 0;
+
+    return ret;
+}
+
+int BIO_puts(BIO *b, const char *buf)
+{
+    int ret;
+    size_t written = 0;
 
     if ((b == NULL) || (b->method == NULL) || (b->method->bputs == NULL)) {
         BIOerr(BIO_F_BIO_PUTS, BIO_R_UNSUPPORTED_METHOD);
-        return (-2);
+        return -2;
     }
 
-    cb = b->callback;
-
-    if ((cb != NULL) && ((i = (int)cb(b, BIO_CB_PUTS, in, 0, 0L, 1L)) <= 0))
-        return (i);
+    if (b->callback != NULL || b->callback_ex != NULL) {
+        ret = (int)bio_call_callback(b, BIO_CB_PUTS, buf, 0, 0, 0L, 1L, NULL);
+        if (ret <= 0)
+            return ret;
+    }
 
     if (!b->init) {
         BIOerr(BIO_F_BIO_PUTS, BIO_R_UNINITIALIZED);
-        return (-2);
+        return -2;
+    }
+
+    ret = b->method->bputs(b, buf);
+
+    if (ret > 0) {
+        b->num_write += (uint64_t)ret;
+        written = ret;
+        ret = 1;
     }
 
-    i = b->method->bputs(b, in);
+    if (b->callback != NULL || b->callback_ex != NULL)
+        ret = (int)bio_call_callback(b, BIO_CB_PUTS | BIO_CB_RETURN, buf, 0, 0,
+                                     0L, ret, &written);
 
-    if (i > 0)
-        b->num_write += (unsigned long)i;
+    if (ret > 0) {
+        if (written > INT_MAX) {
+            BIOerr(BIO_F_BIO_PUTS, BIO_R_LENGTH_TOO_LONG);
+            ret = -1;
+        } else {
+            ret = (int)written;
+        }
+    }
 
-    if (cb != NULL)
-        i = (int)cb(b, BIO_CB_PUTS | BIO_CB_RETURN, in, 0, 0L, (long)i);
-    return (i);
+    return ret;
 }
 
-int BIO_gets(BIO *b, char *in, int inl)
+int BIO_gets(BIO *b, char *buf, int size)
 {
-    int i;
-    long (*cb) (BIO *, int, const char *, int, long, long);
+    int ret;
+    size_t readbytes = 0;
 
     if ((b == NULL) || (b->method == NULL) || (b->method->bgets == NULL)) {
         BIOerr(BIO_F_BIO_GETS, BIO_R_UNSUPPORTED_METHOD);
-        return (-2);
+        return -2;
     }
 
-    cb = b->callback;
+    if (size < 0) {
+        BIOerr(BIO_F_BIO_GETS, BIO_R_INVALID_ARGUMENT);
+        return 0;
+    }
 
-    if ((cb != NULL) && ((i = (int)cb(b, BIO_CB_GETS, in, inl, 0L, 1L)) <= 0))
-        return (i);
+    if (b->callback != NULL || b->callback_ex != NULL) {
+        ret = (int)bio_call_callback(b, BIO_CB_GETS, buf, size, 0, 0L, 1, NULL);
+        if (ret <= 0)
+            return ret;
+    }
 
     if (!b->init) {
         BIOerr(BIO_F_BIO_GETS, BIO_R_UNINITIALIZED);
-        return (-2);
+        return -2;
     }
 
-    i = b->method->bgets(b, in, inl);
+    ret = b->method->bgets(b, buf, size);
+
+    if (ret > 0) {
+        readbytes = ret;
+        ret = 1;
+    }
+
+    if (b->callback != NULL || b->callback_ex != NULL)
+        ret = (int)bio_call_callback(b, BIO_CB_GETS | BIO_CB_RETURN, buf, size,
+                                     0, 0L, ret, &readbytes);
+
+    if (ret > 0) {
+        /* Shouldn't happen */
+        if (readbytes > (size_t)size)
+            ret = -1;
+        else
+            ret = (int)readbytes;
+    }
 
-    if (cb != NULL)
-        i = (int)cb(b, BIO_CB_GETS | BIO_CB_RETURN, in, inl, 0L, (long)i);
-    return (i);
+    return ret;
 }
 
 int BIO_indent(BIO *b, int indent, int max)
@@ -326,71 +496,73 @@ long BIO_int_ctrl(BIO *b, int cmd, long larg, int iarg)
     int i;
 
     i = iarg;
-    return (BIO_ctrl(b, cmd, larg, (char *)&i));
+    return BIO_ctrl(b, cmd, larg, (char *)&i);
 }
 
-char *BIO_ptr_ctrl(BIO *b, int cmd, long larg)
+void *BIO_ptr_ctrl(BIO *b, int cmd, long larg)
 {
-    char *p = NULL;
+    void *p = NULL;
 
     if (BIO_ctrl(b, cmd, larg, (char *)&p) <= 0)
-        return (NULL);
+        return NULL;
     else
-        return (p);
+        return p;
 }
 
 long BIO_ctrl(BIO *b, int cmd, long larg, void *parg)
 {
     long ret;
-    long (*cb) (BIO *, int, const char *, int, long, long);
 
     if (b == NULL)
-        return (0);
+        return 0;
 
     if ((b->method == NULL) || (b->method->ctrl == NULL)) {
         BIOerr(BIO_F_BIO_CTRL, BIO_R_UNSUPPORTED_METHOD);
-        return (-2);
+        return -2;
     }
 
-    cb = b->callback;
-
-    if ((cb != NULL) &&
-        ((ret = cb(b, BIO_CB_CTRL, parg, cmd, larg, 1L)) <= 0))
-        return (ret);
+    if (b->callback != NULL || b->callback_ex != NULL) {
+        ret = bio_call_callback(b, BIO_CB_CTRL, parg, 0, cmd, larg, 1L, NULL);
+        if (ret <= 0)
+            return ret;
+    }
 
     ret = b->method->ctrl(b, cmd, larg, parg);
 
-    if (cb != NULL)
-        ret = cb(b, BIO_CB_CTRL | BIO_CB_RETURN, parg, cmd, larg, ret);
-    return (ret);
+    if (b->callback != NULL || b->callback_ex != NULL)
+        ret = bio_call_callback(b, BIO_CB_CTRL | BIO_CB_RETURN, parg, 0, cmd,
+                                larg, ret, NULL);
+
+    return ret;
 }
 
-long BIO_callback_ctrl(BIO *b, int cmd,
-                       void (*fp) (struct bio_st *, int, const char *, int,
-                                   long, long))
+long BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
 {
     long ret;
-    long (*cb) (BIO *, int, const char *, int, long, long);
 
     if (b == NULL)
-        return (0);
+        return 0;
 
-    if ((b->method == NULL) || (b->method->callback_ctrl == NULL)) {
+    if ((b->method == NULL) || (b->method->callback_ctrl == NULL)
+            || (cmd != BIO_CTRL_SET_CALLBACK)) {
         BIOerr(BIO_F_BIO_CALLBACK_CTRL, BIO_R_UNSUPPORTED_METHOD);
-        return (-2);
+        return -2;
     }
 
-    cb = b->callback;
-
-    if ((cb != NULL) &&
-        ((ret = cb(b, BIO_CB_CTRL, (void *)&fp, cmd, 0, 1L)) <= 0))
-        return (ret);
+    if (b->callback != NULL || b->callback_ex != NULL) {
+        ret = bio_call_callback(b, BIO_CB_CTRL, (void *)&fp, 0, cmd, 0, 1L,
+                                NULL);
+        if (ret <= 0)
+            return ret;
+    }
 
     ret = b->method->callback_ctrl(b, cmd, fp);
 
-    if (cb != NULL)
-        ret = cb(b, BIO_CB_CTRL | BIO_CB_RETURN, (void *)&fp, cmd, 0, ret);
-    return (ret);
+    if (b->callback != NULL || b->callback_ex != NULL)
+        ret = bio_call_callback(b, BIO_CB_CTRL | BIO_CB_RETURN, (void *)&fp, 0,
+                                cmd, 0, ret, NULL);
+
+    return ret;
 }
 
 /*
@@ -414,7 +586,7 @@ BIO *BIO_push(BIO *b, BIO *bio)
     BIO *lb;
 
     if (b == NULL)
-        return (bio);
+        return bio;
     lb = b;
     while (lb->next_bio != NULL)
         lb = lb->next_bio;
@@ -423,7 +595,7 @@ BIO *BIO_push(BIO *b, BIO *bio)
         bio->prev_bio = lb;
     /* called to do internal processing */
     BIO_ctrl(b, BIO_CTRL_PUSH, 0, lb);
-    return (b);
+    return b;
 }
 
 /* Remove the first and return the rest */
@@ -432,7 +604,7 @@ BIO *BIO_pop(BIO *b)
     BIO *ret;
 
     if (b == NULL)
-        return (NULL);
+        return NULL;
     ret = b->next_bio;
 
     BIO_ctrl(b, BIO_CTRL_POP, 0, b);
@@ -444,7 +616,7 @@ BIO *BIO_pop(BIO *b)
 
     b->next_bio = NULL;
     b->prev_bio = NULL;
-    return (ret);
+    return ret;
 }
 
 BIO *BIO_get_retry_BIO(BIO *bio, int *reason)
@@ -462,19 +634,24 @@ BIO *BIO_get_retry_BIO(BIO *bio, int *reason)
     }
     if (reason != NULL)
         *reason = last->retry_reason;
-    return (last);
+    return last;
 }
 
 int BIO_get_retry_reason(BIO *bio)
 {
-    return (bio->retry_reason);
+    return bio->retry_reason;
+}
+
+void BIO_set_retry_reason(BIO *bio, int reason)
+{
+    bio->retry_reason = reason;
 }
 
 BIO *BIO_find_type(BIO *bio, int type)
 {
     int mt, mask;
 
-    if (!bio)
+    if (bio == NULL)
         return NULL;
     mask = type & 0xff;
     do {
@@ -483,22 +660,27 @@ BIO *BIO_find_type(BIO *bio, int type)
 
             if (!mask) {
                 if (mt & type)
-                    return (bio);
+                    return bio;
             } else if (mt == type)
-                return (bio);
+                return bio;
         }
         bio = bio->next_bio;
     } while (bio != NULL);
-    return (NULL);
+    return NULL;
 }
 
 BIO *BIO_next(BIO *b)
 {
-    if (!b)
+    if (b == NULL)
         return NULL;
     return b->next_bio;
 }
 
+void BIO_set_next(BIO *b, BIO *next)
+{
+    b->next_bio = next;
+}
+
 void BIO_free_all(BIO *bio)
 {
     BIO *b;
@@ -523,6 +705,7 @@ BIO *BIO_dup_chain(BIO *in)
         if ((new_bio = BIO_new(bio->method)) == NULL)
             goto err;
         new_bio->callback = bio->callback;
+        new_bio->callback_ex = bio->callback_ex;
         new_bio->cb_arg = bio->cb_arg;
         new_bio->init = bio->init;
         new_bio->shutdown = bio->shutdown;
@@ -551,11 +734,11 @@ BIO *BIO_dup_chain(BIO *in)
             eoc = new_bio;
         }
     }
-    return (ret);
+    return ret;
  err:
     BIO_free_all(ret);
 
-    return (NULL);
+    return NULL;
 }
 
 void BIO_copy_next_retry(BIO *b)
@@ -564,35 +747,42 @@ void BIO_copy_next_retry(BIO *b)
     b->retry_reason = b->next_bio->retry_reason;
 }
 
-int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-                         CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
-{
-    return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO, argl, argp,
-                                   new_func, dup_func, free_func);
-}
-
 int BIO_set_ex_data(BIO *bio, int idx, void *data)
 {
-    return (CRYPTO_set_ex_data(&(bio->ex_data), idx, data));
+    return CRYPTO_set_ex_data(&(bio->ex_data), idx, data);
 }
 
 void *BIO_get_ex_data(BIO *bio, int idx)
 {
-    return (CRYPTO_get_ex_data(&(bio->ex_data), idx));
+    return CRYPTO_get_ex_data(&(bio->ex_data), idx);
 }
 
-unsigned long BIO_number_read(BIO *bio)
+uint64_t BIO_number_read(BIO *bio)
 {
     if (bio)
         return bio->num_read;
     return 0;
 }
 
-unsigned long BIO_number_written(BIO *bio)
+uint64_t BIO_number_written(BIO *bio)
 {
     if (bio)
         return bio->num_write;
     return 0;
 }
 
-IMPLEMENT_STACK_OF(BIO)
+void bio_free_ex_data(BIO *bio)
+{
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data);
+}
+
+void bio_cleanup(void)
+{
+#ifndef OPENSSL_NO_SOCK
+    bio_sock_cleanup_int();
+    CRYPTO_THREAD_lock_free(bio_lookup_lock);
+    bio_lookup_lock = NULL;
+#endif
+    CRYPTO_THREAD_lock_free(bio_type_lock);
+    bio_type_lock = NULL;
+}
diff --git a/freebsd/crypto/openssl/crypto/bio/bio_meth.c b/freebsd/crypto/openssl/crypto/bio/bio_meth.c
new file mode 100644
index 00000000..bedcbc0b
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/bio/bio_meth.c
@@ -0,0 +1,222 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "bio_lcl.h"
+#include "internal/thread_once.h"
+
+CRYPTO_RWLOCK *bio_type_lock = NULL;
+static CRYPTO_ONCE bio_type_init = CRYPTO_ONCE_STATIC_INIT;
+
+DEFINE_RUN_ONCE_STATIC(do_bio_type_init)
+{
+    bio_type_lock = CRYPTO_THREAD_lock_new();
+    return bio_type_lock != NULL;
+}
+
+int BIO_get_new_index(void)
+{
+    static CRYPTO_REF_COUNT bio_count = BIO_TYPE_START;
+    int newval;
+
+    if (!RUN_ONCE(&bio_type_init, do_bio_type_init)) {
+        BIOerr(BIO_F_BIO_GET_NEW_INDEX, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+    if (!CRYPTO_UP_REF(&bio_count, &newval, bio_type_lock))
+        return -1;
+    return newval;
+}
+
+BIO_METHOD *BIO_meth_new(int type, const char *name)
+{
+    BIO_METHOD *biom = OPENSSL_zalloc(sizeof(BIO_METHOD));
+
+    if (biom == NULL
+            || (biom->name = OPENSSL_strdup(name)) == NULL) {
+        OPENSSL_free(biom);
+        BIOerr(BIO_F_BIO_METH_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    biom->type = type;
+    return biom;
+}
+
+void BIO_meth_free(BIO_METHOD *biom)
+{
+    if (biom != NULL) {
+        OPENSSL_free(biom->name);
+        OPENSSL_free(biom);
+    }
+}
+
+int (*BIO_meth_get_write(const BIO_METHOD *biom)) (BIO *, const char *, int)
+{
+    return biom->bwrite_old;
+}
+
+int (*BIO_meth_get_write_ex(const BIO_METHOD *biom)) (BIO *, const char *, size_t,
+                                                size_t *)
+{
+    return biom->bwrite;
+}
+
+/* Conversion for old style bwrite to new style */
+int bwrite_conv(BIO *bio, const char *data, size_t datal, size_t *written)
+{
+    int ret;
+
+    if (datal > INT_MAX)
+        datal = INT_MAX;
+
+    ret = bio->method->bwrite_old(bio, data, (int)datal);
+
+    if (ret <= 0) {
+        *written = 0;
+        return ret;
+    }
+
+    *written = (size_t)ret;
+
+    return 1;
+}
+
+int BIO_meth_set_write(BIO_METHOD *biom,
+                       int (*bwrite) (BIO *, const char *, int))
+{
+    biom->bwrite_old = bwrite;
+    biom->bwrite = bwrite_conv;
+    return 1;
+}
+
+int BIO_meth_set_write_ex(BIO_METHOD *biom,
+                       int (*bwrite) (BIO *, const char *, size_t, size_t *))
+{
+    biom->bwrite_old = NULL;
+    biom->bwrite = bwrite;
+    return 1;
+}
+
+int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int)
+{
+    return biom->bread_old;
+}
+
+int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *)
+{
+    return biom->bread;
+}
+
+/* Conversion for old style bread to new style */
+int bread_conv(BIO *bio, char *data, size_t datal, size_t *readbytes)
+{
+    int ret;
+
+    if (datal > INT_MAX)
+        datal = INT_MAX;
+
+    ret = bio->method->bread_old(bio, data, (int)datal);
+
+    if (ret <= 0) {
+        *readbytes = 0;
+        return ret;
+    }
+
+    *readbytes = (size_t)ret;
+
+    return 1;
+}
+
+int BIO_meth_set_read(BIO_METHOD *biom,
+                      int (*bread) (BIO *, char *, int))
+{
+    biom->bread_old = bread;
+    biom->bread = bread_conv;
+    return 1;
+}
+
+int BIO_meth_set_read_ex(BIO_METHOD *biom,
+                         int (*bread) (BIO *, char *, size_t, size_t *))
+{
+    biom->bread_old = NULL;
+    biom->bread = bread;
+    return 1;
+}
+
+int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *)
+{
+    return biom->bputs;
+}
+
+int BIO_meth_set_puts(BIO_METHOD *biom,
+                      int (*bputs) (BIO *, const char *))
+{
+    biom->bputs = bputs;
+    return 1;
+}
+
+int (*BIO_meth_get_gets(const BIO_METHOD *biom)) (BIO *, char *, int)
+{
+    return biom->bgets;
+}
+
+int BIO_meth_set_gets(BIO_METHOD *biom,
+                      int (*bgets) (BIO *, char *, int))
+{
+    biom->bgets = bgets;
+    return 1;
+}
+
+long (*BIO_meth_get_ctrl(const BIO_METHOD *biom)) (BIO *, int, long, void *)
+{
+    return biom->ctrl;
+}
+
+int BIO_meth_set_ctrl(BIO_METHOD *biom,
+                      long (*ctrl) (BIO *, int, long, void *))
+{
+    biom->ctrl = ctrl;
+    return 1;
+}
+
+int (*BIO_meth_get_create(const BIO_METHOD *biom)) (BIO *)
+{
+    return biom->create;
+}
+
+int BIO_meth_set_create(BIO_METHOD *biom, int (*create) (BIO *))
+{
+    biom->create = create;
+    return 1;
+}
+
+int (*BIO_meth_get_destroy(const BIO_METHOD *biom)) (BIO *)
+{
+    return biom->destroy;
+}
+
+int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *))
+{
+    biom->destroy = destroy;
+    return 1;
+}
+
+long (*BIO_meth_get_callback_ctrl(const BIO_METHOD *biom)) (BIO *, int, BIO_info_cb *)
+{
+    return biom->callback_ctrl;
+}
+
+int BIO_meth_set_callback_ctrl(BIO_METHOD *biom,
+                               long (*callback_ctrl) (BIO *, int,
+                                                      BIO_info_cb *))
+{
+    biom->callback_ctrl = callback_ctrl;
+    return 1;
+}
diff --git a/freebsd/crypto/openssl/crypto/bio/bss_acpt.c b/freebsd/crypto/openssl/crypto/bio/bss_acpt.c
index 0e04cdc0..e782f0c3 100644
--- a/freebsd/crypto/openssl/crypto/bio/bss_acpt.c
+++ b/freebsd/crypto/openssl/crypto/bio/bss_acpt.c
@@ -1,95 +1,37 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/bio/bss_acpt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <errno.h>
-#define USE_SOCKETS
-#include "cryptlib.h"
-#include <openssl/bio.h>
+#include "bio_lcl.h"
 
 #ifndef OPENSSL_NO_SOCK
 
-# ifdef OPENSSL_SYS_WIN16
-#  define SOCKET_PROTOCOL 0     /* more microsoft stupidity */
-# else
-#  define SOCKET_PROTOCOL IPPROTO_TCP
-# endif
-
-# if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
-/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
-#  undef FIONBIO
-# endif
-
 typedef struct bio_accept_st {
     int state;
+    int accept_family;
+    int bind_mode;     /* Socket mode for BIO_listen */
+    int accepted_mode; /* Socket mode for BIO_accept (set on accepted sock) */
     char *param_addr;
+    char *param_serv;
+
     int accept_sock;
-    int accept_nbio;
-    char *addr;
-    int nbio;
-    /*
-     * If 0, it means normal, if 1, do a connect on bind failure, and if
-     * there is no-one listening, bind with SO_REUSEADDR. If 2, always use
-     * SO_REUSEADDR.
-     */
-    int bind_mode;
+
+    BIO_ADDRINFO *addr_first;
+    const BIO_ADDRINFO *addr_iter;
+    BIO_ADDR cache_accepting_addr;   /* Useful if we asked for port 0 */
+    char *cache_accepting_name, *cache_accepting_serv;
+    BIO_ADDR cache_peer_addr;
+    char *cache_peer_name, *cache_peer_serv;
+
     BIO *bio_chain;
 } BIO_ACCEPT;
 
@@ -105,25 +47,32 @@ static BIO_ACCEPT *BIO_ACCEPT_new(void);
 static void BIO_ACCEPT_free(BIO_ACCEPT *a);
 
 # define ACPT_S_BEFORE                   1
-# define ACPT_S_GET_ACCEPT_SOCKET        2
-# define ACPT_S_OK                       3
+# define ACPT_S_GET_ADDR                 2
+# define ACPT_S_CREATE_SOCKET            3
+# define ACPT_S_LISTEN                   4
+# define ACPT_S_ACCEPT                   5
+# define ACPT_S_OK                       6
 
-static BIO_METHOD methods_acceptp = {
+static const BIO_METHOD methods_acceptp = {
     BIO_TYPE_ACCEPT,
     "socket accept",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
     acpt_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
     acpt_read,
     acpt_puts,
-    NULL,                       /* connect_gets, */
+    NULL,                       /* connect_gets,         */
     acpt_ctrl,
     acpt_new,
     acpt_free,
-    NULL,
+    NULL,                       /* connect_callback_ctrl */
 };
 
-BIO_METHOD *BIO_s_accept(void)
+const BIO_METHOD *BIO_s_accept(void)
 {
-    return (&methods_acceptp);
+    return &methods_acceptp;
 }
 
 static int acpt_new(BIO *bi)
@@ -131,40 +80,41 @@ static int acpt_new(BIO *bi)
     BIO_ACCEPT *ba;
 
     bi->init = 0;
-    bi->num = INVALID_SOCKET;
+    bi->num = (int)INVALID_SOCKET;
     bi->flags = 0;
     if ((ba = BIO_ACCEPT_new()) == NULL)
-        return (0);
+        return 0;
     bi->ptr = (char *)ba;
     ba->state = ACPT_S_BEFORE;
     bi->shutdown = 1;
-    return (1);
+    return 1;
 }
 
 static BIO_ACCEPT *BIO_ACCEPT_new(void)
 {
     BIO_ACCEPT *ret;
 
-    if ((ret = (BIO_ACCEPT *)OPENSSL_malloc(sizeof(BIO_ACCEPT))) == NULL)
-        return (NULL);
-
-    memset(ret, 0, sizeof(BIO_ACCEPT));
-    ret->accept_sock = INVALID_SOCKET;
-    ret->bind_mode = BIO_BIND_NORMAL;
-    return (ret);
+    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) {
+        BIOerr(BIO_F_BIO_ACCEPT_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    ret->accept_family = BIO_FAMILY_IPANY;
+    ret->accept_sock = (int)INVALID_SOCKET;
+    return ret;
 }
 
 static void BIO_ACCEPT_free(BIO_ACCEPT *a)
 {
     if (a == NULL)
         return;
-
-    if (a->param_addr != NULL)
-        OPENSSL_free(a->param_addr);
-    if (a->addr != NULL)
-        OPENSSL_free(a->addr);
-    if (a->bio_chain != NULL)
-        BIO_free(a->bio_chain);
+    OPENSSL_free(a->param_addr);
+    OPENSSL_free(a->param_serv);
+    BIO_ADDRINFO_free(a->addr_first);
+    OPENSSL_free(a->cache_accepting_name);
+    OPENSSL_free(a->cache_accepting_serv);
+    OPENSSL_free(a->cache_peer_name);
+    OPENSSL_free(a->cache_peer_serv);
+    BIO_free(a->bio_chain);
     OPENSSL_free(a);
 }
 
@@ -173,11 +123,11 @@ static void acpt_close_socket(BIO *bio)
     BIO_ACCEPT *c;
 
     c = (BIO_ACCEPT *)bio->ptr;
-    if (c->accept_sock != INVALID_SOCKET) {
+    if (c->accept_sock != (int)INVALID_SOCKET) {
         shutdown(c->accept_sock, 2);
         closesocket(c->accept_sock);
-        c->accept_sock = INVALID_SOCKET;
-        bio->num = INVALID_SOCKET;
+        c->accept_sock = (int)INVALID_SOCKET;
+        bio->num = (int)INVALID_SOCKET;
     }
 }
 
@@ -186,7 +136,7 @@ static int acpt_free(BIO *a)
     BIO_ACCEPT *data;
 
     if (a == NULL)
-        return (0);
+        return 0;
     data = (BIO_ACCEPT *)a->ptr;
 
     if (a->shutdown) {
@@ -196,108 +146,214 @@ static int acpt_free(BIO *a)
         a->flags = 0;
         a->init = 0;
     }
-    return (1);
+    return 1;
 }
 
 static int acpt_state(BIO *b, BIO_ACCEPT *c)
 {
     BIO *bio = NULL, *dbio;
-    int s = -1;
-    int i;
-
- again:
-    switch (c->state) {
-    case ACPT_S_BEFORE:
-        if (c->param_addr == NULL) {
-            BIOerr(BIO_F_ACPT_STATE, BIO_R_NO_ACCEPT_PORT_SPECIFIED);
-            return (-1);
-        }
-        s = BIO_get_accept_socket(c->param_addr, c->bind_mode);
-        if (s == INVALID_SOCKET)
-            return (-1);
-
-        if (c->accept_nbio) {
-            if (!BIO_socket_nbio(s, 1)) {
-                closesocket(s);
-                BIOerr(BIO_F_ACPT_STATE,
-                       BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET);
-                return (-1);
+    int s = -1, ret = -1;
+
+    for (;;) {
+        switch (c->state) {
+        case ACPT_S_BEFORE:
+            if (c->param_addr == NULL && c->param_serv == NULL) {
+                BIOerr(BIO_F_ACPT_STATE, BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED);
+                ERR_add_error_data(4,
+                                   "hostname=", c->param_addr,
+                                   " service=", c->param_serv);
+                goto exit_loop;
             }
-        }
-        c->accept_sock = s;
-        b->num = s;
-        c->state = ACPT_S_GET_ACCEPT_SOCKET;
-        return (1);
-        /* break; */
-    case ACPT_S_GET_ACCEPT_SOCKET:
-        if (b->next_bio != NULL) {
-            c->state = ACPT_S_OK;
-            goto again;
-        }
-        BIO_clear_retry_flags(b);
-        b->retry_reason = 0;
-        i = BIO_accept(c->accept_sock, &(c->addr));
-
-        /* -2 return means we should retry */
-        if (i == -2) {
-            BIO_set_retry_special(b);
-            b->retry_reason = BIO_RR_ACCEPT;
-            return -1;
-        }
 
-        if (i < 0)
-            return (i);
+            /* Because we're starting a new bind, any cached name and serv
+             * are now obsolete and need to be cleaned out.
+             * QUESTION: should this be done in acpt_close_socket() instead?
+             */
+            OPENSSL_free(c->cache_accepting_name);
+            c->cache_accepting_name = NULL;
+            OPENSSL_free(c->cache_accepting_serv);
+            c->cache_accepting_serv = NULL;
+            OPENSSL_free(c->cache_peer_name);
+            c->cache_peer_name = NULL;
+            OPENSSL_free(c->cache_peer_serv);
+            c->cache_peer_serv = NULL;
+
+            c->state = ACPT_S_GET_ADDR;
+            break;
+
+        case ACPT_S_GET_ADDR:
+            {
+                int family = AF_UNSPEC;
+                switch (c->accept_family) {
+                case BIO_FAMILY_IPV6:
+                    if (1) { /* This is a trick we use to avoid bit rot.
+                              * at least the "else" part will always be
+                              * compiled.
+                              */
+#ifdef AF_INET6
+                        family = AF_INET6;
+                    } else {
+#endif
+                        BIOerr(BIO_F_ACPT_STATE, BIO_R_UNAVAILABLE_IP_FAMILY);
+                        goto exit_loop;
+                    }
+                    break;
+                case BIO_FAMILY_IPV4:
+                    family = AF_INET;
+                    break;
+                case BIO_FAMILY_IPANY:
+                    family = AF_UNSPEC;
+                    break;
+                default:
+                    BIOerr(BIO_F_ACPT_STATE, BIO_R_UNSUPPORTED_IP_FAMILY);
+                    goto exit_loop;
+                }
+                if (BIO_lookup(c->param_addr, c->param_serv, BIO_LOOKUP_SERVER,
+                               family, SOCK_STREAM, &c->addr_first) == 0)
+                    goto exit_loop;
+            }
+            if (c->addr_first == NULL) {
+                BIOerr(BIO_F_ACPT_STATE, BIO_R_LOOKUP_RETURNED_NOTHING);
+                goto exit_loop;
+            }
+            /* We're currently not iterating, but set this as preparation
+             * for possible future development in that regard
+             */
+            c->addr_iter = c->addr_first;
+            c->state = ACPT_S_CREATE_SOCKET;
+            break;
+
+        case ACPT_S_CREATE_SOCKET:
+            ret = BIO_socket(BIO_ADDRINFO_family(c->addr_iter),
+                             BIO_ADDRINFO_socktype(c->addr_iter),
+                             BIO_ADDRINFO_protocol(c->addr_iter), 0);
+            if (ret == (int)INVALID_SOCKET) {
+                SYSerr(SYS_F_SOCKET, get_last_socket_error());
+                ERR_add_error_data(4,
+                                   "hostname=", c->param_addr,
+                                   " service=", c->param_serv);
+                BIOerr(BIO_F_ACPT_STATE, BIO_R_UNABLE_TO_CREATE_SOCKET);
+                goto exit_loop;
+            }
+            c->accept_sock = ret;
+            b->num = ret;
+            c->state = ACPT_S_LISTEN;
+            break;
+
+        case ACPT_S_LISTEN:
+            {
+                if (!BIO_listen(c->accept_sock,
+                                BIO_ADDRINFO_address(c->addr_iter),
+                                c->bind_mode)) {
+                    BIO_closesocket(c->accept_sock);
+                    goto exit_loop;
+                }
+            }
 
-        bio = BIO_new_socket(i, BIO_CLOSE);
-        if (bio == NULL)
-            goto err;
+            {
+                union BIO_sock_info_u info;
 
-        BIO_set_callback(bio, BIO_get_callback(b));
-        BIO_set_callback_arg(bio, BIO_get_callback_arg(b));
+                info.addr = &c->cache_accepting_addr;
+                if (!BIO_sock_info(c->accept_sock, BIO_SOCK_INFO_ADDRESS,
+                                   &info)) {
+                    BIO_closesocket(c->accept_sock);
+                    goto exit_loop;
+                }
+            }
 
-        if (c->nbio) {
-            if (!BIO_socket_nbio(i, 1)) {
-                BIOerr(BIO_F_ACPT_STATE,
-                       BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET);
-                goto err;
+            c->cache_accepting_name =
+                BIO_ADDR_hostname_string(&c->cache_accepting_addr, 1);
+            c->cache_accepting_serv =
+                BIO_ADDR_service_string(&c->cache_accepting_addr, 1);
+            c->state = ACPT_S_ACCEPT;
+            s = -1;
+            ret = 1;
+            goto end;
+
+        case ACPT_S_ACCEPT:
+            if (b->next_bio != NULL) {
+                c->state = ACPT_S_OK;
+                break;
+            }
+            BIO_clear_retry_flags(b);
+            b->retry_reason = 0;
+
+            OPENSSL_free(c->cache_peer_name);
+            c->cache_peer_name = NULL;
+            OPENSSL_free(c->cache_peer_serv);
+            c->cache_peer_serv = NULL;
+
+            s = BIO_accept_ex(c->accept_sock, &c->cache_peer_addr,
+                              c->accepted_mode);
+
+            /* If the returned socket is invalid, this might still be
+             * retryable
+             */
+            if (s < 0) {
+                if (BIO_sock_should_retry(s)) {
+                    BIO_set_retry_special(b);
+                    b->retry_reason = BIO_RR_ACCEPT;
+                    goto end;
+                }
             }
-        }
 
-        /*
-         * If the accept BIO has an bio_chain, we dup it and put the new
-         * socket at the end.
-         */
-        if (c->bio_chain != NULL) {
-            if ((dbio = BIO_dup_chain(c->bio_chain)) == NULL)
-                goto err;
-            if (!BIO_push(dbio, bio))
-                goto err;
-            bio = dbio;
-        }
-        if (BIO_push(b, bio) == NULL)
-            goto err;
-
-        c->state = ACPT_S_OK;
-        return (1);
- err:
-        if (bio != NULL)
-            BIO_free(bio);
-        else if (s >= 0)
-            closesocket(s);
-        return (0);
-        /* break; */
-    case ACPT_S_OK:
-        if (b->next_bio == NULL) {
-            c->state = ACPT_S_GET_ACCEPT_SOCKET;
-            goto again;
+            /* If it wasn't retryable, we fail */
+            if (s < 0) {
+                ret = s;
+                goto exit_loop;
+            }
+
+            bio = BIO_new_socket(s, BIO_CLOSE);
+            if (bio == NULL)
+                goto exit_loop;
+
+            BIO_set_callback(bio, BIO_get_callback(b));
+            BIO_set_callback_arg(bio, BIO_get_callback_arg(b));
+
+            /*
+             * If the accept BIO has an bio_chain, we dup it and put the new
+             * socket at the end.
+             */
+            if (c->bio_chain != NULL) {
+                if ((dbio = BIO_dup_chain(c->bio_chain)) == NULL)
+                    goto exit_loop;
+                if (!BIO_push(dbio, bio))
+                    goto exit_loop;
+                bio = dbio;
+            }
+            if (BIO_push(b, bio) == NULL)
+                goto exit_loop;
+
+            c->cache_peer_name =
+                BIO_ADDR_hostname_string(&c->cache_peer_addr, 1);
+            c->cache_peer_serv =
+                BIO_ADDR_service_string(&c->cache_peer_addr, 1);
+            c->state = ACPT_S_OK;
+            bio = NULL;
+            ret = 1;
+            goto end;
+
+        case ACPT_S_OK:
+            if (b->next_bio == NULL) {
+                c->state = ACPT_S_ACCEPT;
+                break;
+            }
+            ret = 1;
+            goto end;
+
+        default:
+            ret = 0;
+            goto end;
         }
-        return (1);
-        /* break; */
-    default:
-        return (0);
-        /* break; */
     }
 
+  exit_loop:
+    if (bio != NULL)
+        BIO_free(bio);
+    else if (s >= 0)
+        BIO_closesocket(s);
+  end:
+    return ret;
 }
 
 static int acpt_read(BIO *b, char *out, int outl)
@@ -311,12 +367,12 @@ static int acpt_read(BIO *b, char *out, int outl)
     while (b->next_bio == NULL) {
         ret = acpt_state(b, data);
         if (ret <= 0)
-            return (ret);
+            return ret;
     }
 
     ret = BIO_read(b->next_bio, out, outl);
     BIO_copy_next_retry(b);
-    return (ret);
+    return ret;
 }
 
 static int acpt_write(BIO *b, const char *in, int inl)
@@ -330,12 +386,12 @@ static int acpt_write(BIO *b, const char *in, int inl)
     while (b->next_bio == NULL) {
         ret = acpt_state(b, data);
         if (ret <= 0)
-            return (ret);
+            return ret;
     }
 
     ret = BIO_write(b->next_bio, in, inl);
     BIO_copy_next_retry(b);
-    return (ret);
+    return ret;
 }
 
 static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr)
@@ -352,6 +408,8 @@ static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr)
         ret = 0;
         data->state = ACPT_S_BEFORE;
         acpt_close_socket(b);
+        BIO_ADDRINFO_free(data->addr_first);
+        data->addr_first = NULL;
         b->flags = 0;
         break;
     case BIO_C_DO_STATE_MACHINE:
@@ -361,27 +419,48 @@ static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr)
     case BIO_C_SET_ACCEPT:
         if (ptr != NULL) {
             if (num == 0) {
+                char *hold_serv = data->param_serv;
+                /* We affect the hostname regardless.  However, the input
+                 * string might contain a host:service spec, so we must
+                 * parse it, which might or might not affect the service
+                 */
+                OPENSSL_free(data->param_addr);
+                data->param_addr = NULL;
+                ret = BIO_parse_hostserv(ptr,
+                                         &data->param_addr,
+                                         &data->param_serv,
+                                         BIO_PARSE_PRIO_SERV);
+                if (hold_serv != data->param_serv)
+                    OPENSSL_free(hold_serv);
                 b->init = 1;
-                if (data->param_addr != NULL)
-                    OPENSSL_free(data->param_addr);
-                data->param_addr = BUF_strdup(ptr);
             } else if (num == 1) {
-                data->accept_nbio = (ptr != NULL);
+                OPENSSL_free(data->param_serv);
+                data->param_serv = BUF_strdup(ptr);
+                b->init = 1;
             } else if (num == 2) {
-                if (data->bio_chain != NULL)
-                    BIO_free(data->bio_chain);
+                data->bind_mode |= BIO_SOCK_NONBLOCK;
+            } else if (num == 3) {
+                BIO_free(data->bio_chain);
                 data->bio_chain = (BIO *)ptr;
+            } else if (num == 4) {
+                data->accept_family = *(int *)ptr;
+            }
+        } else {
+            if (num == 2) {
+                data->bind_mode &= ~BIO_SOCK_NONBLOCK;
             }
         }
         break;
     case BIO_C_SET_NBIO:
-        data->nbio = (int)num;
+        if (num != 0)
+            data->accepted_mode |= BIO_SOCK_NONBLOCK;
+        else
+            data->accepted_mode &= ~BIO_SOCK_NONBLOCK;
         break;
     case BIO_C_SET_FD:
-        b->init = 1;
         b->num = *((int *)ptr);
         data->accept_sock = b->num;
-        data->state = ACPT_S_GET_ACCEPT_SOCKET;
+        data->state = ACPT_S_ACCEPT;
         b->shutdown = (int)num;
         b->init = 1;
         break;
@@ -396,9 +475,35 @@ static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr)
         break;
     case BIO_C_GET_ACCEPT:
         if (b->init) {
-            if (ptr != NULL) {
+            if (num == 0 && ptr != NULL) {
                 pp = (char **)ptr;
-                *pp = data->param_addr;
+                *pp = data->cache_accepting_name;
+            } else if (num == 1 && ptr != NULL) {
+                pp = (char **)ptr;
+                *pp = data->cache_accepting_serv;
+            } else if (num == 2 && ptr != NULL) {
+                pp = (char **)ptr;
+                *pp = data->cache_peer_name;
+            } else if (num == 3 && ptr != NULL) {
+                pp = (char **)ptr;
+                *pp = data->cache_peer_serv;
+            } else if (num == 4) {
+                switch (BIO_ADDRINFO_family(data->addr_iter)) {
+#ifdef AF_INET6
+                case AF_INET6:
+                    ret = BIO_FAMILY_IPV6;
+                    break;
+#endif
+                case AF_INET:
+                    ret = BIO_FAMILY_IPV4;
+                    break;
+                case 0:
+                    ret = data->accept_family;
+                    break;
+                default:
+                    ret = -1;
+                    break;
+                }
             } else
                 ret = -1;
         } else
@@ -423,19 +528,13 @@ static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr)
         ret = (long)data->bind_mode;
         break;
     case BIO_CTRL_DUP:
-/*-     dbio=(BIO *)ptr;
-        if (data->param_port) EAY EAY
-                BIO_set_port(dbio,data->param_port);
-        if (data->param_hostname)
-                BIO_set_hostname(dbio,data->param_hostname);
-        BIO_set_nbio(dbio,data->nbio); */
         break;
 
     default:
         ret = 0;
         break;
     }
-    return (ret);
+    return ret;
 }
 
 static int acpt_puts(BIO *bp, const char *str)
@@ -444,7 +543,7 @@ static int acpt_puts(BIO *bp, const char *str)
 
     n = strlen(str);
     ret = acpt_write(bp, str, n);
-    return (ret);
+    return ret;
 }
 
 BIO *BIO_new_accept(const char *str)
@@ -453,13 +552,11 @@ BIO *BIO_new_accept(const char *str)
 
     ret = BIO_new(BIO_s_accept());
     if (ret == NULL)
-        return (NULL);
-    if (BIO_set_accept_port(ret, str))
-        return (ret);
-    else {
-        BIO_free(ret);
-        return (NULL);
-    }
+        return NULL;
+    if (BIO_set_accept_name(ret, str))
+        return ret;
+    BIO_free(ret);
+    return NULL;
 }
 
 #endif
diff --git a/freebsd/crypto/openssl/crypto/bio/bss_bio.c b/freebsd/crypto/openssl/crypto/bio/bss_bio.c
index 0b7efc05..86d19e4d 100644
--- a/freebsd/crypto/openssl/crypto/bio/bss_bio.c
+++ b/freebsd/crypto/openssl/crypto/bio/bss_bio.c
@@ -1,58 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/bio/bss_bio.c  */
-/* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 /*
@@ -63,39 +17,16 @@
  * See ssl/ssltest.c for some hints on how this can be used.
  */
 
-/* BIO_DEBUG implies BIO_PAIR_DEBUG */
-#ifdef BIO_DEBUG
-# ifndef BIO_PAIR_DEBUG
-#  define BIO_PAIR_DEBUG
-# endif
-#endif
-
-/* disable assert() unless BIO_PAIR_DEBUG has been defined */
-#ifndef BIO_PAIR_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-
+#include "e_os.h"
 #include <assert.h>
 #include <limits.h>
 #include <stdlib.h>
 #include <string.h>
 
-#include <openssl/bio.h>
+#include "bio_lcl.h"
 #include <openssl/err.h>
 #include <openssl/crypto.h>
 
-#include "e_os.h"
-
-/* VxWorks defines SSIZE_MAX with an empty value causing compile errors */
-#if defined(OPENSSL_SYS_VXWORKS)
-# undef SSIZE_MAX
-#endif
-#ifndef SSIZE_MAX
-# define SSIZE_MAX INT_MAX
-#endif
-
 static int bio_new(BIO *bio);
 static int bio_free(BIO *bio);
 static int bio_read(BIO *bio, char *buf, int size);
@@ -106,10 +37,14 @@ static int bio_puts(BIO *bio, const char *str);
 static int bio_make_pair(BIO *bio1, BIO *bio2);
 static void bio_destroy_pair(BIO *bio);
 
-static BIO_METHOD methods_biop = {
+static const BIO_METHOD methods_biop = {
     BIO_TYPE_BIO,
     "BIO pair",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
     bio_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
     bio_read,
     bio_puts,
     NULL /* no bio_gets */ ,
@@ -119,7 +54,7 @@ static BIO_METHOD methods_biop = {
     NULL                        /* no bio_callback_ctrl */
 };
 
-BIO_METHOD *BIO_s_bio(void)
+const BIO_METHOD *BIO_s_bio(void)
 {
     return &methods_biop;
 }
@@ -144,20 +79,13 @@ struct bio_bio_st {
 
 static int bio_new(BIO *bio)
 {
-    struct bio_bio_st *b;
+    struct bio_bio_st *b = OPENSSL_zalloc(sizeof(*b));
 
-    b = OPENSSL_malloc(sizeof(*b));
     if (b == NULL)
         return 0;
 
-    b->peer = NULL;
-    b->closed = 0;
-    b->len = 0;
-    b->offset = 0;
     /* enough for one TLS record (just a default) */
     b->size = 17 * 1024;
-    b->buf = NULL;
-    b->request = 0;
 
     bio->ptr = b;
     return 1;
@@ -176,10 +104,7 @@ static int bio_free(BIO *bio)
     if (b->peer)
         bio_destroy_pair(bio);
 
-    if (b->buf != NULL) {
-        OPENSSL_free(b->buf);
-    }
-
+    OPENSSL_free(b->buf);
     OPENSSL_free(b);
 
     return 1;
@@ -318,8 +243,8 @@ static ossl_ssize_t bio_nread(BIO *bio, char **buf, size_t num_)
     struct bio_bio_st *b, *peer_b;
     ossl_ssize_t num, available;
 
-    if (num_ > SSIZE_MAX)
-        num = SSIZE_MAX;
+    if (num_ > OSSL_SSIZE_MAX)
+        num = OSSL_SSIZE_MAX;
     else
         num = (ossl_ssize_t) num_;
 
@@ -474,8 +399,8 @@ static ossl_ssize_t bio_nwrite(BIO *bio, char **buf, size_t num_)
     struct bio_bio_st *b;
     ossl_ssize_t num, space;
 
-    if (num_ > SSIZE_MAX)
-        num = SSIZE_MAX;
+    if (num_ > OSSL_SSIZE_MAX)
+        num = OSSL_SSIZE_MAX;
     else
         num = (ossl_ssize_t) num_;
 
@@ -513,10 +438,8 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr)
             size_t new_size = num;
 
             if (b->size != new_size) {
-                if (b->buf) {
-                    OPENSSL_free(b->buf);
-                    b->buf = NULL;
-                }
+                OPENSSL_free(b->buf);
+                b->buf = NULL;
                 b->size = new_size;
             }
             ret = 1;
@@ -793,14 +716,10 @@ int BIO_new_bio_pair(BIO **bio1_p, size_t writebuf1,
 
  err:
     if (ret == 0) {
-        if (bio1) {
-            BIO_free(bio1);
-            bio1 = NULL;
-        }
-        if (bio2) {
-            BIO_free(bio2);
-            bio2 = NULL;
-        }
+        BIO_free(bio1);
+        bio1 = NULL;
+        BIO_free(bio2);
+        bio2 = NULL;
     }
 
     *bio1_p = bio1;
diff --git a/freebsd/crypto/openssl/crypto/bio/bss_conn.c b/freebsd/crypto/openssl/crypto/bio/bss_conn.c
index 49c14905..cfbfe40e 100644
--- a/freebsd/crypto/openssl/crypto/bio/bss_conn.c
+++ b/freebsd/crypto/openssl/crypto/bio/bss_conn.c
@@ -1,90 +1,30 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/bio/bss_conn.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <errno.h>
-#define USE_SOCKETS
-#include "cryptlib.h"
-#include <openssl/bio.h>
 
-#ifndef OPENSSL_NO_SOCK
-
-# ifdef OPENSSL_SYS_WIN16
-#  define SOCKET_PROTOCOL 0     /* more microsoft stupidity */
-# else
-#  define SOCKET_PROTOCOL IPPROTO_TCP
-# endif
+#include "bio_lcl.h"
 
-# if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
-/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
-#  undef FIONBIO
-# endif
+#ifndef OPENSSL_NO_SOCK
 
 typedef struct bio_connect_st {
     int state;
+    int connect_family;
     char *param_hostname;
-    char *param_port;
-    int nbio;
-    unsigned char ip[4];
-    unsigned short port;
-    struct sockaddr_in them;
+    char *param_service;
+    int connect_mode;
+
+    BIO_ADDRINFO *addr_first;
+    const BIO_ADDRINFO *addr_iter;
     /*
      * int socket; this will be kept in bio->num so that it is compatible
      * with the bss_sock bio
@@ -94,7 +34,7 @@ typedef struct bio_connect_st {
      * The callback should return 'ret'.  state is for compatibility with the
      * ssl info_callback
      */
-    int (*info_callback) (const BIO *bio, int state, int ret);
+    BIO_info_cb *info_callback;
 } BIO_CONNECT;
 
 static int conn_write(BIO *h, const char *buf, int num);
@@ -103,20 +43,31 @@ static int conn_puts(BIO *h, const char *str);
 static long conn_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int conn_new(BIO *h);
 static int conn_free(BIO *data);
-static long conn_callback_ctrl(BIO *h, int cmd, bio_info_cb *);
+static long conn_callback_ctrl(BIO *h, int cmd, BIO_info_cb *);
 
 static int conn_state(BIO *b, BIO_CONNECT *c);
 static void conn_close_socket(BIO *data);
 BIO_CONNECT *BIO_CONNECT_new(void);
 void BIO_CONNECT_free(BIO_CONNECT *a);
 
-static BIO_METHOD methods_connectp = {
+#define BIO_CONN_S_BEFORE                1
+#define BIO_CONN_S_GET_ADDR              2
+#define BIO_CONN_S_CREATE_SOCKET         3
+#define BIO_CONN_S_CONNECT               4
+#define BIO_CONN_S_OK                    5
+#define BIO_CONN_S_BLOCKED_CONNECT       6
+
+static const BIO_METHOD methods_connectp = {
     BIO_TYPE_CONNECT,
     "socket connect",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
     conn_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
     conn_read,
     conn_puts,
-    NULL,                       /* connect_gets, */
+    NULL,                       /* conn_gets, */
     conn_ctrl,
     conn_new,
     conn_free,
@@ -126,9 +77,7 @@ static BIO_METHOD methods_connectp = {
 static int conn_state(BIO *b, BIO_CONNECT *c)
 {
     int ret = -1, i;
-    unsigned long l;
-    char *p, *q;
-    int (*cb) (const BIO *, int, int) = NULL;
+    BIO_info_cb *cb = NULL;
 
     if (c->info_callback != NULL)
         cb = c->info_callback;
@@ -136,123 +85,103 @@ static int conn_state(BIO *b, BIO_CONNECT *c)
     for (;;) {
         switch (c->state) {
         case BIO_CONN_S_BEFORE:
-            p = c->param_hostname;
-            if (p == NULL) {
-                BIOerr(BIO_F_CONN_STATE, BIO_R_NO_HOSTNAME_SPECIFIED);
+            if (c->param_hostname == NULL && c->param_service == NULL) {
+                BIOerr(BIO_F_CONN_STATE, BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED);
+                ERR_add_error_data(4,
+                                   "hostname=", c->param_hostname,
+                                   " service=", c->param_service);
                 goto exit_loop;
             }
-            for (; *p != '\0'; p++) {
-                if ((*p == ':') || (*p == '/'))
-                    break;
-            }
+            c->state = BIO_CONN_S_GET_ADDR;
+            break;
 
-            i = *p;
-            if ((i == ':') || (i == '/')) {
-
-                *(p++) = '\0';
-                if (i == ':') {
-                    for (q = p; *q; q++)
-                        if (*q == '/') {
-                            *q = '\0';
-                            break;
-                        }
-                    if (c->param_port != NULL)
-                        OPENSSL_free(c->param_port);
-                    c->param_port = BUF_strdup(p);
+        case BIO_CONN_S_GET_ADDR:
+            {
+                int family = AF_UNSPEC;
+                switch (c->connect_family) {
+                case BIO_FAMILY_IPV6:
+                    if (1) { /* This is a trick we use to avoid bit rot.
+                              * at least the "else" part will always be
+                              * compiled.
+                              */
+#ifdef AF_INET6
+                        family = AF_INET6;
+                    } else {
+#endif
+                        BIOerr(BIO_F_CONN_STATE, BIO_R_UNAVAILABLE_IP_FAMILY);
+                        goto exit_loop;
+                    }
+                    break;
+                case BIO_FAMILY_IPV4:
+                    family = AF_INET;
+                    break;
+                case BIO_FAMILY_IPANY:
+                    family = AF_UNSPEC;
+                    break;
+                default:
+                    BIOerr(BIO_F_CONN_STATE, BIO_R_UNSUPPORTED_IP_FAMILY);
+                    goto exit_loop;
                 }
+                if (BIO_lookup(c->param_hostname, c->param_service,
+                               BIO_LOOKUP_CLIENT,
+                               family, SOCK_STREAM, &c->addr_first) == 0)
+                    goto exit_loop;
             }
-
-            if (c->param_port == NULL) {
-                BIOerr(BIO_F_CONN_STATE, BIO_R_NO_PORT_SPECIFIED);
-                ERR_add_error_data(2, "host=", c->param_hostname);
+            if (c->addr_first == NULL) {
+                BIOerr(BIO_F_CONN_STATE, BIO_R_LOOKUP_RETURNED_NOTHING);
                 goto exit_loop;
             }
-            c->state = BIO_CONN_S_GET_IP;
-            break;
-
-        case BIO_CONN_S_GET_IP:
-            if (BIO_get_host_ip(c->param_hostname, &(c->ip[0])) <= 0)
-                goto exit_loop;
-            c->state = BIO_CONN_S_GET_PORT;
-            break;
-
-        case BIO_CONN_S_GET_PORT:
-            if (c->param_port == NULL) {
-                /* abort(); */
-                goto exit_loop;
-            } else if (BIO_get_port(c->param_port, &c->port) <= 0)
-                goto exit_loop;
+            c->addr_iter = c->addr_first;
             c->state = BIO_CONN_S_CREATE_SOCKET;
             break;
 
         case BIO_CONN_S_CREATE_SOCKET:
-            /* now setup address */
-            memset((char *)&c->them, 0, sizeof(c->them));
-            c->them.sin_family = AF_INET;
-            c->them.sin_port = htons((unsigned short)c->port);
-            l = (unsigned long)
-                ((unsigned long)c->ip[0] << 24L) |
-                ((unsigned long)c->ip[1] << 16L) |
-                ((unsigned long)c->ip[2] << 8L) | ((unsigned long)c->ip[3]);
-            c->them.sin_addr.s_addr = htonl(l);
-            c->state = BIO_CONN_S_CREATE_SOCKET;
-
-            ret = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL);
-            if (ret == INVALID_SOCKET) {
+            ret = BIO_socket(BIO_ADDRINFO_family(c->addr_iter),
+                             BIO_ADDRINFO_socktype(c->addr_iter),
+                             BIO_ADDRINFO_protocol(c->addr_iter), 0);
+            if (ret == (int)INVALID_SOCKET) {
                 SYSerr(SYS_F_SOCKET, get_last_socket_error());
-                ERR_add_error_data(4, "host=", c->param_hostname,
-                                   ":", c->param_port);
+                ERR_add_error_data(4,
+                                   "hostname=", c->param_hostname,
+                                   " service=", c->param_service);
                 BIOerr(BIO_F_CONN_STATE, BIO_R_UNABLE_TO_CREATE_SOCKET);
                 goto exit_loop;
             }
             b->num = ret;
-            c->state = BIO_CONN_S_NBIO;
-            break;
-
-        case BIO_CONN_S_NBIO:
-            if (c->nbio) {
-                if (!BIO_socket_nbio(b->num, 1)) {
-                    BIOerr(BIO_F_CONN_STATE, BIO_R_ERROR_SETTING_NBIO);
-                    ERR_add_error_data(4, "host=",
-                                       c->param_hostname, ":", c->param_port);
-                    goto exit_loop;
-                }
-            }
             c->state = BIO_CONN_S_CONNECT;
-
-# if defined(SO_KEEPALIVE) && !defined(OPENSSL_SYS_MPE)
-            i = 1;
-            i = setsockopt(b->num, SOL_SOCKET, SO_KEEPALIVE, (char *)&i,
-                           sizeof(i));
-            if (i < 0) {
-                SYSerr(SYS_F_SOCKET, get_last_socket_error());
-                ERR_add_error_data(4, "host=", c->param_hostname,
-                                   ":", c->param_port);
-                BIOerr(BIO_F_CONN_STATE, BIO_R_KEEPALIVE);
-                goto exit_loop;
-            }
-# endif
             break;
 
         case BIO_CONN_S_CONNECT:
             BIO_clear_retry_flags(b);
-            ret = connect(b->num,
-                          (struct sockaddr *)&c->them, sizeof(c->them));
+            ret = BIO_connect(b->num, BIO_ADDRINFO_address(c->addr_iter),
+                              BIO_SOCK_KEEPALIVE | c->connect_mode);
             b->retry_reason = 0;
-            if (ret < 0) {
+            if (ret == 0) {
                 if (BIO_sock_should_retry(ret)) {
                     BIO_set_retry_special(b);
                     c->state = BIO_CONN_S_BLOCKED_CONNECT;
                     b->retry_reason = BIO_RR_CONNECT;
+                    ERR_clear_error();
+                } else if ((c->addr_iter = BIO_ADDRINFO_next(c->addr_iter))
+                           != NULL) {
+                    /*
+                     * if there are more addresses to try, do that first
+                     */
+                    BIO_closesocket(b->num);
+                    c->state = BIO_CONN_S_CREATE_SOCKET;
+                    ERR_clear_error();
+                    break;
                 } else {
                     SYSerr(SYS_F_CONNECT, get_last_socket_error());
-                    ERR_add_error_data(4, "host=",
-                                       c->param_hostname, ":", c->param_port);
+                    ERR_add_error_data(4,
+                                       "hostname=", c->param_hostname,
+                                       " service=", c->param_service);
                     BIOerr(BIO_F_CONN_STATE, BIO_R_CONNECT_ERROR);
                 }
                 goto exit_loop;
-            } else
+            } else {
                 c->state = BIO_CONN_S_OK;
+            }
             break;
 
         case BIO_CONN_S_BLOCKED_CONNECT:
@@ -260,8 +189,9 @@ static int conn_state(BIO *b, BIO_CONNECT *c)
             if (i) {
                 BIO_clear_retry_flags(b);
                 SYSerr(SYS_F_CONNECT, i);
-                ERR_add_error_data(4, "host=",
-                                   c->param_hostname, ":", c->param_port);
+                ERR_add_error_data(4,
+                                   "hostname=", c->param_hostname,
+                                   " service=", c->param_service);
                 BIOerr(BIO_F_CONN_STATE, BIO_R_NBIO_CONNECT_ERROR);
                 ret = 0;
                 goto exit_loop;
@@ -278,7 +208,7 @@ static int conn_state(BIO *b, BIO_CONNECT *c)
         }
 
         if (cb != NULL) {
-            if (!(ret = cb((BIO *)b, c->state, ret)))
+            if ((ret = cb((BIO *)b, c->state, ret)) == 0)
                 goto end;
         }
     }
@@ -288,55 +218,46 @@ static int conn_state(BIO *b, BIO_CONNECT *c)
     if (cb != NULL)
         ret = cb((BIO *)b, c->state, ret);
  end:
-    return (ret);
+    return ret;
 }
 
 BIO_CONNECT *BIO_CONNECT_new(void)
 {
     BIO_CONNECT *ret;
 
-    if ((ret = (BIO_CONNECT *)OPENSSL_malloc(sizeof(BIO_CONNECT))) == NULL)
-        return (NULL);
+    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) {
+        BIOerr(BIO_F_BIO_CONNECT_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
     ret->state = BIO_CONN_S_BEFORE;
-    ret->param_hostname = NULL;
-    ret->param_port = NULL;
-    ret->info_callback = NULL;
-    ret->nbio = 0;
-    ret->ip[0] = 0;
-    ret->ip[1] = 0;
-    ret->ip[2] = 0;
-    ret->ip[3] = 0;
-    ret->port = 0;
-    memset((char *)&ret->them, 0, sizeof(ret->them));
-    return (ret);
+    ret->connect_family = BIO_FAMILY_IPANY;
+    return ret;
 }
 
 void BIO_CONNECT_free(BIO_CONNECT *a)
 {
     if (a == NULL)
         return;
-
-    if (a->param_hostname != NULL)
-        OPENSSL_free(a->param_hostname);
-    if (a->param_port != NULL)
-        OPENSSL_free(a->param_port);
+    OPENSSL_free(a->param_hostname);
+    OPENSSL_free(a->param_service);
+    BIO_ADDRINFO_free(a->addr_first);
     OPENSSL_free(a);
 }
 
-BIO_METHOD *BIO_s_connect(void)
+const BIO_METHOD *BIO_s_connect(void)
 {
-    return (&methods_connectp);
+    return &methods_connectp;
 }
 
 static int conn_new(BIO *bi)
 {
     bi->init = 0;
-    bi->num = INVALID_SOCKET;
+    bi->num = (int)INVALID_SOCKET;
     bi->flags = 0;
     if ((bi->ptr = (char *)BIO_CONNECT_new()) == NULL)
-        return (0);
+        return 0;
     else
-        return (1);
+        return 1;
 }
 
 static void conn_close_socket(BIO *bio)
@@ -344,12 +265,12 @@ static void conn_close_socket(BIO *bio)
     BIO_CONNECT *c;
 
     c = (BIO_CONNECT *)bio->ptr;
-    if (bio->num != INVALID_SOCKET) {
+    if (bio->num != (int)INVALID_SOCKET) {
         /* Only do a shutdown if things were established */
         if (c->state == BIO_CONN_S_OK)
             shutdown(bio->num, 2);
-        closesocket(bio->num);
-        bio->num = INVALID_SOCKET;
+        BIO_closesocket(bio->num);
+        bio->num = (int)INVALID_SOCKET;
     }
 }
 
@@ -358,7 +279,7 @@ static int conn_free(BIO *a)
     BIO_CONNECT *data;
 
     if (a == NULL)
-        return (0);
+        return 0;
     data = (BIO_CONNECT *)a->ptr;
 
     if (a->shutdown) {
@@ -368,7 +289,7 @@ static int conn_free(BIO *a)
         a->flags = 0;
         a->init = 0;
     }
-    return (1);
+    return 1;
 }
 
 static int conn_read(BIO *b, char *out, int outl)
@@ -380,7 +301,7 @@ static int conn_read(BIO *b, char *out, int outl)
     if (data->state != BIO_CONN_S_OK) {
         ret = conn_state(b, data);
         if (ret <= 0)
-            return (ret);
+            return ret;
     }
 
     if (out != NULL) {
@@ -392,7 +313,7 @@ static int conn_read(BIO *b, char *out, int outl)
                 BIO_set_retry_read(b);
         }
     }
-    return (ret);
+    return ret;
 }
 
 static int conn_write(BIO *b, const char *in, int inl)
@@ -404,7 +325,7 @@ static int conn_write(BIO *b, const char *in, int inl)
     if (data->state != BIO_CONN_S_OK) {
         ret = conn_state(b, data);
         if (ret <= 0)
-            return (ret);
+            return ret;
     }
 
     clear_socket_error();
@@ -414,7 +335,7 @@ static int conn_write(BIO *b, const char *in, int inl)
         if (BIO_sock_should_retry(ret))
             BIO_set_retry_write(b);
     }
-    return (ret);
+    return ret;
 }
 
 static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
@@ -432,6 +353,8 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
         ret = 0;
         data->state = BIO_CONN_S_BEFORE;
         conn_close_socket(b);
+        BIO_ADDRINFO_free(data->addr_first);
+        data->addr_first = NULL;
         b->flags = 0;
         break;
     case BIO_C_DO_STATE_MACHINE:
@@ -444,27 +367,33 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
     case BIO_C_GET_CONNECT:
         if (ptr != NULL) {
             pptr = (const char **)ptr;
-        }
-
-        if (b->init) {
-            if (pptr != NULL) {
-                ret = 1;
-                if (num == 0) {
-                    *pptr = data->param_hostname;
-                } else if (num == 1) {
-                    *pptr = data->param_port;
-                } else if (num == 2) {
-                    *pptr = (char *)&(data->ip[0]);
-                } else {
-                    ret = 0;
+            if (num == 0) {
+                *pptr = data->param_hostname;
+            } else if (num == 1) {
+                *pptr = data->param_service;
+            } else if (num == 2) {
+                *pptr = (const char *)BIO_ADDRINFO_address(data->addr_iter);
+            } else if (num == 3) {
+                switch (BIO_ADDRINFO_family(data->addr_iter)) {
+# ifdef AF_INET6
+                case AF_INET6:
+                    ret = BIO_FAMILY_IPV6;
+                    break;
+# endif
+                case AF_INET:
+                    ret = BIO_FAMILY_IPV4;
+                    break;
+                case 0:
+                    ret = data->connect_family;
+                    break;
+                default:
+                    ret = -1;
+                    break;
                 }
-            }
-            if (num == 3) {
-                ret = data->port;
+            } else {
+                ret = 0;
             }
         } else {
-            if (pptr != NULL)
-                *pptr = "not initialized";
             ret = 0;
         }
         break;
@@ -472,36 +401,46 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
         if (ptr != NULL) {
             b->init = 1;
             if (num == 0) {
-                if (data->param_hostname != NULL)
-                    OPENSSL_free(data->param_hostname);
-                data->param_hostname = BUF_strdup(ptr);
+                char *hold_service = data->param_service;
+                /* We affect the hostname regardless.  However, the input
+                 * string might contain a host:service spec, so we must
+                 * parse it, which might or might not affect the service
+                 */
+                OPENSSL_free(data->param_hostname);
+                data->param_hostname = NULL;
+                ret = BIO_parse_hostserv(ptr,
+                                         &data->param_hostname,
+                                         &data->param_service,
+                                         BIO_PARSE_PRIO_HOST);
+                if (hold_service != data->param_service)
+                    OPENSSL_free(hold_service);
             } else if (num == 1) {
-                if (data->param_port != NULL)
-                    OPENSSL_free(data->param_port);
-                data->param_port = BUF_strdup(ptr);
+                OPENSSL_free(data->param_service);
+                data->param_service = BUF_strdup(ptr);
             } else if (num == 2) {
-                char buf[16];
-                unsigned char *p = ptr;
-
-                BIO_snprintf(buf, sizeof(buf), "%d.%d.%d.%d",
-                             p[0], p[1], p[2], p[3]);
-                if (data->param_hostname != NULL)
-                    OPENSSL_free(data->param_hostname);
-                data->param_hostname = BUF_strdup(buf);
-                memcpy(&(data->ip[0]), ptr, 4);
+                const BIO_ADDR *addr = (const BIO_ADDR *)ptr;
+                if (ret) {
+                    data->param_hostname = BIO_ADDR_hostname_string(addr, 1);
+                    data->param_service = BIO_ADDR_service_string(addr, 1);
+                    BIO_ADDRINFO_free(data->addr_first);
+                    data->addr_first = NULL;
+                    data->addr_iter = NULL;
+                }
             } else if (num == 3) {
-                char buf[DECIMAL_SIZE(int) + 1];
-
-                BIO_snprintf(buf, sizeof(buf), "%d", *(int *)ptr);
-                if (data->param_port != NULL)
-                    OPENSSL_free(data->param_port);
-                data->param_port = BUF_strdup(buf);
-                data->port = *(int *)ptr;
+                data->connect_family = *(int *)ptr;
+            } else {
+                ret = 0;
             }
         }
         break;
     case BIO_C_SET_NBIO:
-        data->nbio = (int)num;
+        if (num != 0)
+            data->connect_mode |= BIO_SOCK_NONBLOCK;
+        else
+            data->connect_mode &= ~BIO_SOCK_NONBLOCK;
+        break;
+    case BIO_C_SET_CONNECT_MODE:
+        data->connect_mode = (int)num;
         break;
     case BIO_C_GET_FD:
         if (b->init) {
@@ -527,35 +466,27 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
     case BIO_CTRL_DUP:
         {
             dbio = (BIO *)ptr;
-            if (data->param_port)
-                BIO_set_conn_port(dbio, data->param_port);
             if (data->param_hostname)
                 BIO_set_conn_hostname(dbio, data->param_hostname);
-            BIO_set_nbio(dbio, data->nbio);
+            if (data->param_service)
+                BIO_set_conn_port(dbio, data->param_service);
+            BIO_set_conn_ip_family(dbio, data->connect_family);
+            BIO_set_conn_mode(dbio, data->connect_mode);
             /*
              * FIXME: the cast of the function seems unlikely to be a good
              * idea
              */
-            (void)BIO_set_info_callback(dbio,
-                                        (bio_info_cb *)data->info_callback);
+            (void)BIO_set_info_callback(dbio, data->info_callback);
         }
         break;
     case BIO_CTRL_SET_CALLBACK:
-        {
-# if 0                          /* FIXME: Should this be used? -- Richard
-                                 * Levitte */
-            BIOerr(BIO_F_CONN_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-            ret = -1;
-# else
-            ret = 0;
-# endif
-        }
+        ret = 0; /* use callback ctrl */
         break;
     case BIO_CTRL_GET_CALLBACK:
         {
-            int (**fptr) (const BIO *bio, int state, int xret);
+            BIO_info_cb **fptr;
 
-            fptr = (int (**)(const BIO *bio, int state, int xret))ptr;
+            fptr = (BIO_info_cb **)ptr;
             *fptr = data->info_callback;
         }
         break;
@@ -563,10 +494,10 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
         ret = 0;
         break;
     }
-    return (ret);
+    return ret;
 }
 
-static long conn_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+static long conn_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
 {
     long ret = 1;
     BIO_CONNECT *data;
@@ -576,15 +507,14 @@ static long conn_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
     switch (cmd) {
     case BIO_CTRL_SET_CALLBACK:
         {
-            data->info_callback =
-                (int (*)(const struct bio_st *, int, int))fp;
+            data->info_callback = fp;
         }
         break;
     default:
         ret = 0;
         break;
     }
-    return (ret);
+    return ret;
 }
 
 static int conn_puts(BIO *bp, const char *str)
@@ -593,7 +523,7 @@ static int conn_puts(BIO *bp, const char *str)
 
     n = strlen(str);
     ret = conn_write(bp, str, n);
-    return (ret);
+    return ret;
 }
 
 BIO *BIO_new_connect(const char *str)
@@ -602,13 +532,11 @@ BIO *BIO_new_connect(const char *str)
 
     ret = BIO_new(BIO_s_connect());
     if (ret == NULL)
-        return (NULL);
+        return NULL;
     if (BIO_set_conn_hostname(ret, str))
-        return (ret);
-    else {
-        BIO_free(ret);
-        return (NULL);
-    }
+        return ret;
+    BIO_free(ret);
+    return NULL;
 }
 
 #endif
diff --git a/freebsd/crypto/openssl/crypto/bio/bss_dgram.c b/freebsd/crypto/openssl/crypto/bio/bss_dgram.c
index a3ab56d0..160a7c8d 100644
--- a/freebsd/crypto/openssl/crypto/bio/bss_dgram.c
+++ b/freebsd/crypto/openssl/crypto/bio/bss_dgram.c
@@ -1,76 +1,20 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/bio/bio_dgram.c */
 /*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <errno.h>
-#define USE_SOCKETS
-#include "cryptlib.h"
 
-#include <openssl/bio.h>
+#include "bio_lcl.h"
 #ifndef OPENSSL_NO_DGRAM
 
-# if defined(OPENSSL_SYS_VMS)
-#  include <sys/timeb.h>
-# endif
-
 # ifndef OPENSSL_NO_SCTP
 #  include <netinet/sctp.h>
 #  include <fcntl.h>
@@ -96,12 +40,6 @@
          ((a)->s6_addr32[2] == htonl(0x0000ffff)))
 # endif
 
-# ifdef WATT32
-#  define sock_write SockWrite  /* Watt-32 uses same names */
-#  define sock_read  SockRead
-#  define sock_puts  SockPuts
-# endif
-
 static int dgram_write(BIO *h, const char *buf, int num);
 static int dgram_read(BIO *h, char *buf, int size);
 static int dgram_puts(BIO *h, const char *str);
@@ -127,47 +65,50 @@ static int BIO_dgram_should_retry(int s);
 
 static void get_current_time(struct timeval *t);
 
-static BIO_METHOD methods_dgramp = {
+static const BIO_METHOD methods_dgramp = {
     BIO_TYPE_DGRAM,
     "datagram socket",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
     dgram_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
     dgram_read,
     dgram_puts,
-    NULL,                       /* dgram_gets, */
+    NULL,                       /* dgram_gets,         */
     dgram_ctrl,
     dgram_new,
     dgram_free,
-    NULL,
+    NULL,                       /* dgram_callback_ctrl */
 };
 
 # ifndef OPENSSL_NO_SCTP
-static BIO_METHOD methods_dgramp_sctp = {
+static const BIO_METHOD methods_dgramp_sctp = {
     BIO_TYPE_DGRAM_SCTP,
     "datagram sctp socket",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
     dgram_sctp_write,
+    /* TODO: Convert to new style write function */
+    bread_conv,
     dgram_sctp_read,
     dgram_sctp_puts,
-    NULL,                       /* dgram_gets, */
+    NULL,                       /* dgram_gets,         */
     dgram_sctp_ctrl,
     dgram_sctp_new,
     dgram_sctp_free,
-    NULL,
+    NULL,                       /* dgram_callback_ctrl */
 };
 # endif
 
 typedef struct bio_dgram_data_st {
-    union {
-        struct sockaddr sa;
-        struct sockaddr_in sa_in;
-# if OPENSSL_USE_IPV6
-        struct sockaddr_in6 sa_in6;
-# endif
-    } peer;
+    BIO_ADDR peer;
     unsigned int connected;
     unsigned int _errno;
     unsigned int mtu;
     struct timeval next_timeout;
     struct timeval socket_timeout;
+    unsigned int peekmode;
 } bio_dgram_data;
 
 # ifndef OPENSSL_NO_SCTP
@@ -178,13 +119,7 @@ typedef struct bio_dgram_sctp_save_message_st {
 } bio_dgram_sctp_save_message;
 
 typedef struct bio_dgram_sctp_data_st {
-    union {
-        struct sockaddr sa;
-        struct sockaddr_in sa_in;
-#  if OPENSSL_USE_IPV6
-        struct sockaddr_in6 sa_in6;
-#  endif
-    } peer;
+    BIO_ADDR peer;
     unsigned int connected;
     unsigned int _errno;
     unsigned int mtu;
@@ -198,13 +133,12 @@ typedef struct bio_dgram_sctp_data_st {
     int ccs_sent;
     int save_shutdown;
     int peer_auth_tested;
-    bio_dgram_sctp_save_message saved_message;
 } bio_dgram_sctp_data;
 # endif
 
-BIO_METHOD *BIO_s_datagram(void)
+const BIO_METHOD *BIO_s_datagram(void)
 {
-    return (&methods_dgramp);
+    return &methods_dgramp;
 }
 
 BIO *BIO_new_dgram(int fd, int close_flag)
@@ -213,25 +147,19 @@ BIO *BIO_new_dgram(int fd, int close_flag)
 
     ret = BIO_new(BIO_s_datagram());
     if (ret == NULL)
-        return (NULL);
+        return NULL;
     BIO_set_fd(ret, fd, close_flag);
-    return (ret);
+    return ret;
 }
 
 static int dgram_new(BIO *bi)
 {
-    bio_dgram_data *data = NULL;
+    bio_dgram_data *data = OPENSSL_zalloc(sizeof(*data));
 
-    bi->init = 0;
-    bi->num = 0;
-    data = OPENSSL_malloc(sizeof(bio_dgram_data));
     if (data == NULL)
         return 0;
-    memset(data, 0x00, sizeof(bio_dgram_data));
     bi->ptr = data;
-
-    bi->flags = 0;
-    return (1);
+    return 1;
 }
 
 static int dgram_free(BIO *a)
@@ -239,29 +167,28 @@ static int dgram_free(BIO *a)
     bio_dgram_data *data;
 
     if (a == NULL)
-        return (0);
+        return 0;
     if (!dgram_clear(a))
         return 0;
 
     data = (bio_dgram_data *)a->ptr;
-    if (data != NULL)
-        OPENSSL_free(data);
+    OPENSSL_free(data);
 
-    return (1);
+    return 1;
 }
 
 static int dgram_clear(BIO *a)
 {
     if (a == NULL)
-        return (0);
+        return 0;
     if (a->shutdown) {
         if (a->init) {
-            SHUTDOWN2(a->num);
+            BIO_closesocket(a->num);
         }
         a->init = 0;
         a->flags = 0;
     }
-    return (1);
+    return 1;
 }
 
 static void dgram_adjust_rcv_timeout(BIO *b)
@@ -319,7 +246,7 @@ static void dgram_adjust_rcv_timeout(BIO *b)
         }
 
         /*
-         * Adjust socket timeout if next handhake message timer will expire
+         * Adjust socket timeout if next handshake message timer will expire
          * earlier.
          */
         if ((data->socket_timeout.tv_sec == 0
@@ -373,39 +300,22 @@ static int dgram_read(BIO *b, char *out, int outl)
 {
     int ret = 0;
     bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+    int flags = 0;
 
-    struct {
-        /*
-         * See commentary in b_sock.c. <appro>
-         */
-        union {
-            size_t s;
-            int i;
-        } len;
-        union {
-            struct sockaddr sa;
-            struct sockaddr_in sa_in;
-# if OPENSSL_USE_IPV6
-            struct sockaddr_in6 sa_in6;
-# endif
-        } peer;
-    } sa;
-
-    sa.len.s = 0;
-    sa.len.i = sizeof(sa.peer);
+    BIO_ADDR peer;
+    socklen_t len = sizeof(peer);
 
     if (out != NULL) {
         clear_socket_error();
-        memset(&sa.peer, 0x00, sizeof(sa.peer));
+        memset(&peer, 0, sizeof(peer));
         dgram_adjust_rcv_timeout(b);
-        ret = recvfrom(b->num, out, outl, 0, &sa.peer.sa, (void *)&sa.len);
-        if (sizeof(sa.len.i) != sizeof(sa.len.s) && sa.len.i == 0) {
-            OPENSSL_assert(sa.len.s <= sizeof(sa.peer));
-            sa.len.i = (int)sa.len.s;
-        }
+        if (data->peekmode)
+            flags = MSG_PEEK;
+        ret = recvfrom(b->num, out, outl, flags,
+                       BIO_ADDR_sockaddr_noconst(&peer), &len);
 
         if (!data->connected && ret >= 0)
-            BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &sa.peer);
+            BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &peer);
 
         BIO_clear_retry_flags(b);
         if (ret < 0) {
@@ -417,7 +327,7 @@ static int dgram_read(BIO *b, char *out, int outl)
 
         dgram_reset_rcv_timeout(b);
     }
-    return (ret);
+    return ret;
 }
 
 static int dgram_write(BIO *b, const char *in, int inl)
@@ -429,19 +339,10 @@ static int dgram_write(BIO *b, const char *in, int inl)
     if (data->connected)
         ret = writesocket(b->num, in, inl);
     else {
-        int peerlen = sizeof(data->peer);
+        int peerlen = BIO_ADDR_sockaddr_size(&data->peer);
 
-        if (data->peer.sa.sa_family == AF_INET)
-            peerlen = sizeof(data->peer.sa_in);
-# if OPENSSL_USE_IPV6
-        else if (data->peer.sa.sa_family == AF_INET6)
-            peerlen = sizeof(data->peer.sa_in6);
-# endif
-# if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK)
-        ret = sendto(b->num, (char *)in, inl, 0, &data->peer.sa, peerlen);
-# else
-        ret = sendto(b->num, in, inl, 0, &data->peer.sa, peerlen);
-# endif
+        ret = sendto(b->num, in, inl, 0,
+                     BIO_ADDR_sockaddr(&data->peer), peerlen);
     }
 
     BIO_clear_retry_flags(b);
@@ -449,23 +350,16 @@ static int dgram_write(BIO *b, const char *in, int inl)
         if (BIO_dgram_should_retry(ret)) {
             BIO_set_retry_write(b);
             data->_errno = get_last_socket_error();
-
-# if 0                          /* higher layers are responsible for querying
-                                 * MTU, if necessary */
-            if (data->_errno == EMSGSIZE)
-                /* retrieve the new MTU */
-                BIO_ctrl(b, BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
-# endif
         }
     }
-    return (ret);
+    return ret;
 }
 
 static long dgram_get_mtu_overhead(bio_dgram_data *data)
 {
     long ret;
 
-    switch (data->peer.sa.sa_family) {
+    switch (BIO_ADDR_family(&data->peer)) {
     case AF_INET:
         /*
          * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP
@@ -474,18 +368,22 @@ static long dgram_get_mtu_overhead(bio_dgram_data *data)
         break;
 # if OPENSSL_USE_IPV6
     case AF_INET6:
+        {
 #  ifdef IN6_IS_ADDR_V4MAPPED
-        if (IN6_IS_ADDR_V4MAPPED(&data->peer.sa_in6.sin6_addr))
-            /*
-             * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP
-             */
-            ret = 28;
-        else
+            struct in6_addr tmp_addr;
+            if (BIO_ADDR_rawaddress(&data->peer, &tmp_addr, NULL)
+                && IN6_IS_ADDR_V4MAPPED(&tmp_addr))
+                /*
+                 * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP
+                 */
+                ret = 28;
+            else
 #  endif
             /*
              * Assume this is UDP - 40 bytes for IP, 8 bytes for UDP
              */
             ret = 48;
+        }
         break;
 # endif
     default:
@@ -500,20 +398,14 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
 {
     long ret = 1;
     int *ip;
-    struct sockaddr *to = NULL;
     bio_dgram_data *data = NULL;
     int sockopt_val = 0;
+    int d_errno;
 # if defined(OPENSSL_SYS_LINUX) && (defined(IP_MTU_DISCOVER) || defined(IP_MTU))
     socklen_t sockopt_len;      /* assume that system supporting IP_MTU is
                                  * modern enough to define socklen_t */
     socklen_t addr_len;
-    union {
-        struct sockaddr sa;
-        struct sockaddr_in s4;
-#  if OPENSSL_USE_IPV6
-        struct sockaddr_in6 s6;
-#  endif
-    } addr;
+    BIO_ADDR addr;
 # endif
 
     data = (bio_dgram_data *)b->ptr;
@@ -556,35 +448,13 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
         ret = 1;
         break;
     case BIO_CTRL_DGRAM_CONNECT:
-        to = (struct sockaddr *)ptr;
-# if 0
-        if (connect(b->num, to, sizeof(struct sockaddr)) < 0) {
-            perror("connect");
-            ret = 0;
-        } else {
-# endif
-            switch (to->sa_family) {
-            case AF_INET:
-                memcpy(&data->peer, to, sizeof(data->peer.sa_in));
-                break;
-# if OPENSSL_USE_IPV6
-            case AF_INET6:
-                memcpy(&data->peer, to, sizeof(data->peer.sa_in6));
-                break;
-# endif
-            default:
-                memcpy(&data->peer, to, sizeof(data->peer.sa));
-                break;
-            }
-# if 0
-        }
-# endif
+        BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr));
         break;
         /* (Linux)kernel sets DF bit on outgoing IP packets */
     case BIO_CTRL_DGRAM_MTU_DISCOVER:
 # if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO)
         addr_len = (socklen_t) sizeof(addr);
-        memset((void *)&addr, 0, sizeof(addr));
+        memset(&addr, 0, sizeof(addr));
         if (getsockname(b->num, &addr.sa, &addr_len) < 0) {
             ret = 0;
             break;
@@ -608,14 +478,14 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
             ret = -1;
             break;
         }
-        ret = -1;
 # else
-        break;
+        ret = -1;
 # endif
+        break;
     case BIO_CTRL_DGRAM_QUERY_MTU:
 # if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU)
         addr_len = (socklen_t) sizeof(addr);
-        memset((void *)&addr, 0, sizeof(addr));
+        memset(&addr, 0, sizeof(addr));
         if (getsockname(b->num, &addr.sa, &addr_len) < 0) {
             ret = 0;
             break;
@@ -663,18 +533,22 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
         break;
     case BIO_CTRL_DGRAM_GET_FALLBACK_MTU:
         ret = -dgram_get_mtu_overhead(data);
-        switch (data->peer.sa.sa_family) {
+        switch (BIO_ADDR_family(&data->peer)) {
         case AF_INET:
             ret += 576;
             break;
 # if OPENSSL_USE_IPV6
         case AF_INET6:
+            {
 #  ifdef IN6_IS_ADDR_V4MAPPED
-            if (IN6_IS_ADDR_V4MAPPED(&data->peer.sa_in6.sin6_addr))
-                ret += 576;
-            else
+                struct in6_addr tmp_addr;
+                if (BIO_ADDR_rawaddress(&data->peer, &tmp_addr, NULL)
+                    && IN6_IS_ADDR_V4MAPPED(&tmp_addr))
+                    ret += 576;
+                else
 #  endif
-                ret += 1280;
+                    ret += 1280;
+            }
             break;
 # endif
         default:
@@ -684,67 +558,29 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
         break;
     case BIO_CTRL_DGRAM_GET_MTU:
         return data->mtu;
-        break;
     case BIO_CTRL_DGRAM_SET_MTU:
         data->mtu = num;
         ret = num;
         break;
     case BIO_CTRL_DGRAM_SET_CONNECTED:
-        to = (struct sockaddr *)ptr;
-
-        if (to != NULL) {
+        if (ptr != NULL) {
             data->connected = 1;
-            switch (to->sa_family) {
-            case AF_INET:
-                memcpy(&data->peer, to, sizeof(data->peer.sa_in));
-                break;
-# if OPENSSL_USE_IPV6
-            case AF_INET6:
-                memcpy(&data->peer, to, sizeof(data->peer.sa_in6));
-                break;
-# endif
-            default:
-                memcpy(&data->peer, to, sizeof(data->peer.sa));
-                break;
-            }
+            BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr));
         } else {
             data->connected = 0;
-            memset(&(data->peer), 0x00, sizeof(data->peer));
+            memset(&data->peer, 0, sizeof(data->peer));
         }
         break;
     case BIO_CTRL_DGRAM_GET_PEER:
-        switch (data->peer.sa.sa_family) {
-        case AF_INET:
-            ret = sizeof(data->peer.sa_in);
-            break;
-# if OPENSSL_USE_IPV6
-        case AF_INET6:
-            ret = sizeof(data->peer.sa_in6);
-            break;
-# endif
-        default:
-            ret = sizeof(data->peer.sa);
-            break;
-        }
+        ret = BIO_ADDR_sockaddr_size(&data->peer);
+        /* FIXME: if num < ret, we will only return part of an address.
+           That should bee an error, no? */
         if (num == 0 || num > ret)
             num = ret;
         memcpy(ptr, &data->peer, (ret = num));
         break;
     case BIO_CTRL_DGRAM_SET_PEER:
-        to = (struct sockaddr *)ptr;
-        switch (to->sa_family) {
-        case AF_INET:
-            memcpy(&data->peer, to, sizeof(data->peer.sa_in));
-            break;
-# if OPENSSL_USE_IPV6
-        case AF_INET6:
-            memcpy(&data->peer, to, sizeof(data->peer.sa_in6));
-            break;
-# endif
-        default:
-            memcpy(&data->peer, to, sizeof(data->peer.sa));
-            break;
-        }
+        BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr));
         break;
     case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT:
         memcpy(&(data->next_timeout), ptr, sizeof(struct timeval));
@@ -867,11 +703,11 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
         /* fall-through */
     case BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP:
 # ifdef OPENSSL_SYS_WINDOWS
-        if (data->_errno == WSAETIMEDOUT)
+        d_errno = (data->_errno == WSAETIMEDOUT);
 # else
-        if (data->_errno == EAGAIN)
+        d_errno = (data->_errno == EAGAIN);
 # endif
-        {
+        if (d_errno) {
             ret = 1;
             data->_errno = 0;
         } else
@@ -944,11 +780,23 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
     case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD:
         ret = dgram_get_mtu_overhead(data);
         break;
+
+    /*
+     * BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE is used here for compatibility
+     * reasons. When BIO_CTRL_DGRAM_SET_PEEK_MODE was first defined its value
+     * was incorrectly clashing with BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE. The
+     * value has been updated to a non-clashing value. However to preserve
+     * binary compatiblity we now respond to both the old value and the new one
+     */
+    case BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE:
+    case BIO_CTRL_DGRAM_SET_PEEK_MODE:
+        data->peekmode = (unsigned int)num;
+        break;
     default:
         ret = 0;
         break;
     }
-    return (ret);
+    return ret;
 }
 
 static int dgram_puts(BIO *bp, const char *str)
@@ -957,13 +805,13 @@ static int dgram_puts(BIO *bp, const char *str)
 
     n = strlen(str);
     ret = dgram_write(bp, str, n);
-    return (ret);
+    return ret;
 }
 
 # ifndef OPENSSL_NO_SCTP
-BIO_METHOD *BIO_s_datagram_sctp(void)
+const BIO_METHOD *BIO_s_datagram_sctp(void)
 {
-    return (&methods_dgramp_sctp);
+    return &methods_dgramp_sctp;
 }
 
 BIO *BIO_new_dgram_sctp(int fd, int close_flag)
@@ -985,7 +833,7 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag)
 
     bio = BIO_new(BIO_s_datagram_sctp());
     if (bio == NULL)
-        return (NULL);
+        return NULL;
     BIO_set_fd(bio, fd, close_flag);
 
     /* Activate SCTP-AUTH for DATA and FORWARD-TSN chunks */
@@ -995,7 +843,9 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag)
                    sizeof(struct sctp_authchunk));
     if (ret < 0) {
         BIO_vfree(bio);
-        return (NULL);
+        BIOerr(BIO_F_BIO_NEW_DGRAM_SCTP, ERR_R_SYS_LIB);
+        ERR_add_error_data(1, "Ensure SCTP AUTH chunks are enabled in kernel");
+        return NULL;
     }
     auth.sauth_chunk = OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE;
     ret =
@@ -1003,29 +853,29 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag)
                    sizeof(struct sctp_authchunk));
     if (ret < 0) {
         BIO_vfree(bio);
-        return (NULL);
+        BIOerr(BIO_F_BIO_NEW_DGRAM_SCTP, ERR_R_SYS_LIB);
+        ERR_add_error_data(1, "Ensure SCTP AUTH chunks are enabled in kernel");
+        return NULL;
     }
 
     /*
      * Test if activation was successful. When using accept(), SCTP-AUTH has
      * to be activated for the listening socket already, otherwise the
-     * connected socket won't use it.
+     * connected socket won't use it. Similarly with connect(): the socket
+     * prior to connection must be activated for SCTP-AUTH
      */
     sockopt_len = (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
-    authchunks = OPENSSL_malloc(sockopt_len);
-    if (!authchunks) {
+    authchunks = OPENSSL_zalloc(sockopt_len);
+    if (authchunks == NULL) {
         BIO_vfree(bio);
-        return (NULL);
+        return NULL;
     }
-    memset(authchunks, 0, sizeof(sockopt_len));
-    ret =
-        getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks,
+    ret = getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks,
                    &sockopt_len);
-
     if (ret < 0) {
         OPENSSL_free(authchunks);
         BIO_vfree(bio);
-        return (NULL);
+        return NULL;
     }
 
     for (p = (unsigned char *)authchunks->gauth_chunks;
@@ -1039,12 +889,18 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag)
 
     OPENSSL_free(authchunks);
 
-    OPENSSL_assert(auth_data);
-    OPENSSL_assert(auth_forward);
+    if (!auth_data || !auth_forward) {
+        BIO_vfree(bio);
+        BIOerr(BIO_F_BIO_NEW_DGRAM_SCTP, ERR_R_SYS_LIB);
+        ERR_add_error_data(1,
+                           "Ensure SCTP AUTH chunks are enabled on the "
+                           "underlying socket");
+        return NULL;
+    }
 
 #  ifdef SCTP_AUTHENTICATION_EVENT
 #   ifdef SCTP_EVENT
-    memset(&event, 0, sizeof(struct sctp_event));
+    memset(&event, 0, sizeof(event));
     event.se_assoc_id = 0;
     event.se_type = SCTP_AUTHENTICATION_EVENT;
     event.se_on = 1;
@@ -1053,14 +909,14 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag)
                    sizeof(struct sctp_event));
     if (ret < 0) {
         BIO_vfree(bio);
-        return (NULL);
+        return NULL;
     }
 #   else
     sockopt_len = (socklen_t) sizeof(struct sctp_event_subscribe);
     ret = getsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event, &sockopt_len);
     if (ret < 0) {
         BIO_vfree(bio);
-        return (NULL);
+        return NULL;
     }
 
     event.sctp_authentication_event = 1;
@@ -1070,7 +926,7 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag)
                    sizeof(struct sctp_event_subscribe));
     if (ret < 0) {
         BIO_vfree(bio);
-        return (NULL);
+        return NULL;
     }
 #   endif
 #  endif
@@ -1084,10 +940,10 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag)
                    sizeof(optval));
     if (ret < 0) {
         BIO_vfree(bio);
-        return (NULL);
+        return NULL;
     }
 
-    return (bio);
+    return bio;
 }
 
 int BIO_dgram_is_sctp(BIO *bio)
@@ -1101,17 +957,17 @@ static int dgram_sctp_new(BIO *bi)
 
     bi->init = 0;
     bi->num = 0;
-    data = OPENSSL_malloc(sizeof(bio_dgram_sctp_data));
-    if (data == NULL)
+    if ((data = OPENSSL_zalloc(sizeof(*data))) == NULL) {
+        BIOerr(BIO_F_DGRAM_SCTP_NEW, ERR_R_MALLOC_FAILURE);
         return 0;
-    memset(data, 0x00, sizeof(bio_dgram_sctp_data));
+    }
 #  ifdef SCTP_PR_SCTP_NONE
     data->prinfo.pr_policy = SCTP_PR_SCTP_NONE;
 #  endif
     bi->ptr = data;
 
     bi->flags = 0;
-    return (1);
+    return 1;
 }
 
 static int dgram_sctp_free(BIO *a)
@@ -1119,18 +975,15 @@ static int dgram_sctp_free(BIO *a)
     bio_dgram_sctp_data *data;
 
     if (a == NULL)
-        return (0);
+        return 0;
     if (!dgram_clear(a))
         return 0;
 
     data = (bio_dgram_sctp_data *) a->ptr;
-    if (data != NULL) {
-        if (data->saved_message.data != NULL)
-            OPENSSL_free(data->saved_message.data);
+    if (data != NULL)
         OPENSSL_free(data);
-    }
 
-    return (1);
+    return 1;
 }
 
 #  ifdef SCTP_AUTHENTICATION_EVENT
@@ -1166,8 +1019,7 @@ static int dgram_sctp_read(BIO *b, char *out, int outl)
         clear_socket_error();
 
         do {
-            memset(&data->rcvinfo, 0x00,
-                   sizeof(struct bio_dgram_sctp_rcvinfo));
+            memset(&data->rcvinfo, 0, sizeof(data->rcvinfo));
             iov.iov_base = out;
             iov.iov_len = outl;
             msg.msg_name = NULL;
@@ -1231,22 +1083,10 @@ static int dgram_sctp_read(BIO *b, char *out, int outl)
                     struct sctp_event_subscribe event;
                     socklen_t eventsize;
 #  endif
-                    /*
-                     * If a message has been delayed until the socket is dry,
-                     * it can be sent now.
-                     */
-                    if (data->saved_message.length > 0) {
-                        dgram_sctp_write(data->saved_message.bio,
-                                         data->saved_message.data,
-                                         data->saved_message.length);
-                        OPENSSL_free(data->saved_message.data);
-                        data->saved_message.data = NULL;
-                        data->saved_message.length = 0;
-                    }
 
                     /* disable sender dry event */
 #  ifdef SCTP_EVENT
-                    memset(&event, 0, sizeof(struct sctp_event));
+                    memset(&event, 0, sizeof(event));
                     event.se_assoc_id = 0;
                     event.se_type = SCTP_SENDER_DRY_EVENT;
                     event.se_on = 0;
@@ -1352,11 +1192,11 @@ static int dgram_sctp_read(BIO *b, char *out, int outl)
             optlen =
                 (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
             authchunks = OPENSSL_malloc(optlen);
-            if (!authchunks) {
+            if (authchunks == NULL) {
                 BIOerr(BIO_F_DGRAM_SCTP_READ, ERR_R_MALLOC_FAILURE);
                 return -1;
             }
-            memset(authchunks, 0, sizeof(optlen));
+            memset(authchunks, 0, optlen);
             ii = getsockopt(b->num, IPPROTO_SCTP, SCTP_PEER_AUTH_CHUNKS,
                             authchunks, &optlen);
 
@@ -1380,9 +1220,17 @@ static int dgram_sctp_read(BIO *b, char *out, int outl)
             data->peer_auth_tested = 1;
         }
     }
-    return (ret);
+    return ret;
 }
 
+/*
+ * dgram_sctp_write - send message on SCTP socket
+ * @b: BIO to write to
+ * @in: data to send
+ * @inl: amount of bytes in @in to send
+ *
+ * Returns -1 on error or the sent amount of bytes on success
+ */
 static int dgram_sctp_write(BIO *b, const char *in, int inl)
 {
     int ret;
@@ -1410,30 +1258,23 @@ static int dgram_sctp_write(BIO *b, const char *in, int inl)
      * parameters and flags.
      */
     if (in[0] != 23) {
-        memset(&handshake_sinfo, 0x00, sizeof(struct bio_dgram_sctp_sndinfo));
+        memset(&handshake_sinfo, 0, sizeof(handshake_sinfo));
 #  ifdef SCTP_SACK_IMMEDIATELY
         handshake_sinfo.snd_flags = SCTP_SACK_IMMEDIATELY;
 #  endif
         sinfo = &handshake_sinfo;
     }
 
-    /*
-     * If we have to send a shutdown alert message and the socket is not dry
-     * yet, we have to save it and send it as soon as the socket gets dry.
-     */
-    if (data->save_shutdown && !BIO_dgram_sctp_wait_for_dry(b)) {
-        char *tmp;
-        data->saved_message.bio = b;
-        if (!(tmp = OPENSSL_malloc(inl))) {
-            BIOerr(BIO_F_DGRAM_SCTP_WRITE, ERR_R_MALLOC_FAILURE);
+    /* We can only send a shutdown alert if the socket is dry */
+    if (data->save_shutdown) {
+        ret = BIO_dgram_sctp_wait_for_dry(b);
+        if (ret < 0)
+            return -1;
+        if (ret == 0) {
+            BIO_clear_retry_flags(b);
+            BIO_set_retry_write(b);
             return -1;
         }
-        if (data->saved_message.data)
-            OPENSSL_free(data->saved_message.data);
-        data->saved_message.data = tmp;
-        memcpy(data->saved_message.data, in, inl);
-        data->saved_message.length = inl;
-        return inl;
     }
 
     iov[0].iov_base = (char *)in;
@@ -1451,7 +1292,7 @@ static int dgram_sctp_write(BIO *b, const char *in, int inl)
     cmsg->cmsg_type = SCTP_SNDINFO;
     cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndinfo));
     sndinfo = (struct sctp_sndinfo *)CMSG_DATA(cmsg);
-    memset(sndinfo, 0, sizeof(struct sctp_sndinfo));
+    memset(sndinfo, 0, sizeof(*sndinfo));
     sndinfo->snd_sid = sinfo->snd_sid;
     sndinfo->snd_flags = sinfo->snd_flags;
     sndinfo->snd_ppid = sinfo->snd_ppid;
@@ -1464,7 +1305,7 @@ static int dgram_sctp_write(BIO *b, const char *in, int inl)
     cmsg->cmsg_type = SCTP_PRINFO;
     cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_prinfo));
     prinfo = (struct sctp_prinfo *)CMSG_DATA(cmsg);
-    memset(prinfo, 0, sizeof(struct sctp_prinfo));
+    memset(prinfo, 0, sizeof(*prinfo));
     prinfo->pr_policy = pinfo->pr_policy;
     prinfo->pr_value = pinfo->pr_value;
     msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_prinfo));
@@ -1474,7 +1315,7 @@ static int dgram_sctp_write(BIO *b, const char *in, int inl)
     cmsg->cmsg_type = SCTP_SNDRCV;
     cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndrcvinfo));
     sndrcvinfo = (struct sctp_sndrcvinfo *)CMSG_DATA(cmsg);
-    memset(sndrcvinfo, 0, sizeof(struct sctp_sndrcvinfo));
+    memset(sndrcvinfo, 0, sizeof(*sndrcvinfo));
     sndrcvinfo->sinfo_stream = sinfo->snd_sid;
     sndrcvinfo->sinfo_flags = sinfo->snd_flags;
 #   ifdef __FreeBSD__
@@ -1495,7 +1336,7 @@ static int dgram_sctp_write(BIO *b, const char *in, int inl)
             data->_errno = get_last_socket_error();
         }
     }
-    return (ret);
+    return ret;
 }
 
 static long dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr)
@@ -1571,7 +1412,7 @@ static long dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr)
             ret = -1;
             break;
         }
-        memset(authkey, 0x00, sockopt_len);
+        memset(authkey, 0, sockopt_len);
         authkey->sca_keynumber = authkeyid.scact_keynumber + 1;
 #  ifndef __FreeBSD__
         /*
@@ -1620,6 +1461,7 @@ static long dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr)
          * we need to deactivate an old key
          */
         data->ccs_sent = 1;
+        /* fall-through */
 
     case BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD:
         /* Returns 0 on success, -1 otherwise. */
@@ -1730,7 +1572,7 @@ static long dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr)
         ret = dgram_ctrl(b, cmd, num, ptr);
         break;
     }
-    return (ret);
+    return ret;
 }
 
 int BIO_dgram_sctp_notification_cb(BIO *b,
@@ -1751,10 +1593,24 @@ int BIO_dgram_sctp_notification_cb(BIO *b,
     return 0;
 }
 
+/*
+ * BIO_dgram_sctp_wait_for_dry - Wait for SCTP SENDER_DRY event
+ * @b: The BIO to check for the dry event
+ *
+ * Wait until the peer confirms all packets have been received, and so that
+ * our kernel doesn't have anything to send anymore.  This is only received by
+ * the peer's kernel, not the application.
+ *
+ * Returns:
+ * -1 on error
+ *  0 when not dry yet
+ *  1 when dry
+ */
 int BIO_dgram_sctp_wait_for_dry(BIO *b)
 {
     int is_dry = 0;
-    int n, sockflags, ret;
+    int sockflags = 0;
+    int n, ret;
     union sctp_notification snp;
     struct msghdr msg;
     struct iovec iov;
@@ -1768,7 +1624,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b)
 
     /* set sender dry event */
 #  ifdef SCTP_EVENT
-    memset(&event, 0, sizeof(struct sctp_event));
+    memset(&event, 0, sizeof(event));
     event.se_assoc_id = 0;
     event.se_type = SCTP_SENDER_DRY_EVENT;
     event.se_on = 1;
@@ -1791,7 +1647,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b)
         return -1;
 
     /* peek for notification */
-    memset(&snp, 0x00, sizeof(union sctp_notification));
+    memset(&snp, 0, sizeof(snp));
     iov.iov_base = (char *)&snp;
     iov.iov_len = sizeof(union sctp_notification);
     msg.msg_name = NULL;
@@ -1813,7 +1669,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b)
 
     /* if we find a notification, process it and try again if necessary */
     while (msg.msg_flags & MSG_NOTIFICATION) {
-        memset(&snp, 0x00, sizeof(union sctp_notification));
+        memset(&snp, 0, sizeof(snp));
         iov.iov_base = (char *)&snp;
         iov.iov_len = sizeof(union sctp_notification);
         msg.msg_name = NULL;
@@ -1838,7 +1694,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b)
 
             /* disable sender dry event */
 #  ifdef SCTP_EVENT
-            memset(&event, 0, sizeof(struct sctp_event));
+            memset(&event, 0, sizeof(event));
             event.se_assoc_id = 0;
             event.se_type = SCTP_SENDER_DRY_EVENT;
             event.se_on = 0;
@@ -1872,7 +1728,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b)
                                        (void *)&snp);
 
         /* found notification, peek again */
-        memset(&snp, 0x00, sizeof(union sctp_notification));
+        memset(&snp, 0, sizeof(snp));
         iov.iov_base = (char *)&snp;
         iov.iov_len = sizeof(union sctp_notification);
         msg.msg_name = NULL;
@@ -1918,7 +1774,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b)
 
     /* Check if there are any messages waiting to be read */
     do {
-        memset(&snp, 0x00, sizeof(union sctp_notification));
+        memset(&snp, 0, sizeof(snp));
         iov.iov_base = (char *)&snp;
         iov.iov_len = sizeof(union sctp_notification);
         msg.msg_name = NULL;
@@ -1941,7 +1797,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b)
                 dgram_sctp_handle_auth_free_key_event(b, &snp);
 #  endif
 
-            memset(&snp, 0x00, sizeof(union sctp_notification));
+            memset(&snp, 0, sizeof(snp));
             iov.iov_base = (char *)&snp;
             iov.iov_len = sizeof(union sctp_notification);
             msg.msg_name = NULL;
@@ -1973,7 +1829,7 @@ static int dgram_sctp_puts(BIO *bp, const char *str)
 
     n = strlen(str);
     ret = dgram_sctp_write(bp, str, n);
-    return (ret);
+    return ret;
 }
 # endif
 
@@ -1992,9 +1848,9 @@ static int BIO_dgram_should_retry(int i)
          */
 # endif
 
-        return (BIO_dgram_non_fatal_error(err));
+        return BIO_dgram_non_fatal_error(err);
     }
-    return (0);
+    return 0;
 }
 
 int BIO_dgram_non_fatal_error(int err)
@@ -2004,12 +1860,6 @@ int BIO_dgram_non_fatal_error(int err)
 #  if defined(WSAEWOULDBLOCK)
     case WSAEWOULDBLOCK:
 #  endif
-
-#  if 0                         /* This appears to always be an error */
-#   if defined(WSAENOTCONN)
-    case WSAENOTCONN:
-#   endif
-#  endif
 # endif
 
 # ifdef EWOULDBLOCK
@@ -2044,12 +1894,11 @@ int BIO_dgram_non_fatal_error(int err)
     case EALREADY:
 # endif
 
-        return (1);
-        /* break; */
+        return 1;
     default:
         break;
     }
-    return (0);
+    return 0;
 }
 
 static void get_current_time(struct timeval *t)
@@ -2070,11 +1919,6 @@ static void get_current_time(struct timeval *t)
 #  endif
     t->tv_sec = (long)(now.ul / 10000000);
     t->tv_usec = ((int)(now.ul % 10000000)) / 10;
-# elif defined(OPENSSL_SYS_VMS)
-    struct timeb tb;
-    ftime(&tb);
-    t->tv_sec = (long)tb.time;
-    t->tv_usec = (long)tb.millitm * 1000;
 # else
     gettimeofday(t, NULL);
 # endif
diff --git a/freebsd/crypto/openssl/crypto/bio/bss_fd.c b/freebsd/crypto/openssl/crypto/bio/bss_fd.c
index 02654d44..ee8f244a 100644
--- a/freebsd/crypto/openssl/crypto/bio/bss_fd.c
+++ b/freebsd/crypto/openssl/crypto/bio/bss_fd.c
@@ -1,67 +1,18 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/bio/bss_fd.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <errno.h>
-#define USE_SOCKETS
-#include "cryptlib.h"
+
+#include "bio_lcl.h"
 
 #if defined(OPENSSL_NO_POSIX_IO)
 /*
@@ -82,7 +33,7 @@ int BIO_fd_should_retry(int i)
     return 0;
 }
 
-BIO_METHOD *BIO_s_fd(void)
+const BIO_METHOD *BIO_s_fd(void)
 {
     return NULL;
 }
@@ -99,8 +50,6 @@ BIO_METHOD *BIO_s_fd(void)
  * file descriptors can only be provided by application. Therefore
  * "UPLINK" calls are due...
  */
-# include "bio_lcl.h"
-
 static int fd_write(BIO *h, const char *buf, int num);
 static int fd_read(BIO *h, char *buf, int size);
 static int fd_puts(BIO *h, const char *str);
@@ -110,21 +59,26 @@ static int fd_new(BIO *h);
 static int fd_free(BIO *data);
 int BIO_fd_should_retry(int s);
 
-static BIO_METHOD methods_fdp = {
-    BIO_TYPE_FD, "file descriptor",
+static const BIO_METHOD methods_fdp = {
+    BIO_TYPE_FD,
+    "file descriptor",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
     fd_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
     fd_read,
     fd_puts,
     fd_gets,
     fd_ctrl,
     fd_new,
     fd_free,
-    NULL,
+    NULL,                       /* fd_callback_ctrl */
 };
 
-BIO_METHOD *BIO_s_fd(void)
+const BIO_METHOD *BIO_s_fd(void)
 {
-    return (&methods_fdp);
+    return &methods_fdp;
 }
 
 BIO *BIO_new_fd(int fd, int close_flag)
@@ -132,9 +86,9 @@ BIO *BIO_new_fd(int fd, int close_flag)
     BIO *ret;
     ret = BIO_new(BIO_s_fd());
     if (ret == NULL)
-        return (NULL);
+        return NULL;
     BIO_set_fd(ret, fd, close_flag);
-    return (ret);
+    return ret;
 }
 
 static int fd_new(BIO *bi)
@@ -143,13 +97,13 @@ static int fd_new(BIO *bi)
     bi->num = -1;
     bi->ptr = NULL;
     bi->flags = BIO_FLAGS_UPLINK; /* essentially redundant */
-    return (1);
+    return 1;
 }
 
 static int fd_free(BIO *a)
 {
     if (a == NULL)
-        return (0);
+        return 0;
     if (a->shutdown) {
         if (a->init) {
             UP_close(a->num);
@@ -157,7 +111,7 @@ static int fd_free(BIO *a)
         a->init = 0;
         a->flags = BIO_FLAGS_UPLINK;
     }
-    return (1);
+    return 1;
 }
 
 static int fd_read(BIO *b, char *out, int outl)
@@ -173,7 +127,7 @@ static int fd_read(BIO *b, char *out, int outl)
                 BIO_set_retry_read(b);
         }
     }
-    return (ret);
+    return ret;
 }
 
 static int fd_write(BIO *b, const char *in, int inl)
@@ -186,7 +140,7 @@ static int fd_write(BIO *b, const char *in, int inl)
         if (BIO_fd_should_retry(ret))
             BIO_set_retry_write(b);
     }
-    return (ret);
+    return ret;
 }
 
 static long fd_ctrl(BIO *b, int cmd, long num, void *ptr)
@@ -197,6 +151,7 @@ static long fd_ctrl(BIO *b, int cmd, long num, void *ptr)
     switch (cmd) {
     case BIO_CTRL_RESET:
         num = 0;
+        /* fall thru */
     case BIO_C_FILE_SEEK:
         ret = (long)UP_lseek(b->num, num, 0);
         break;
@@ -237,7 +192,7 @@ static long fd_ctrl(BIO *b, int cmd, long num, void *ptr)
         ret = 0;
         break;
     }
-    return (ret);
+    return ret;
 }
 
 static int fd_puts(BIO *bp, const char *str)
@@ -246,7 +201,7 @@ static int fd_puts(BIO *bp, const char *str)
 
     n = strlen(str);
     ret = fd_write(bp, str, n);
-    return (ret);
+    return ret;
 }
 
 static int fd_gets(BIO *bp, char *buf, int size)
@@ -255,14 +210,16 @@ static int fd_gets(BIO *bp, char *buf, int size)
     char *ptr = buf;
     char *end = buf + size - 1;
 
-    while ((ptr < end) && (fd_read(bp, ptr, 1) > 0) && (ptr[0] != '\n'))
-        ptr++;
+    while (ptr < end && fd_read(bp, ptr, 1) > 0) {
+        if (*ptr++ == '\n')
+           break;
+    }
 
     ptr[0] = '\0';
 
     if (buf[0] != '\0')
         ret = strlen(buf);
-    return (ret);
+    return ret;
 }
 
 int BIO_fd_should_retry(int i)
@@ -272,15 +229,9 @@ int BIO_fd_should_retry(int i)
     if ((i == 0) || (i == -1)) {
         err = get_last_sys_error();
 
-# if defined(OPENSSL_SYS_WINDOWS) && 0/* more microsoft stupidity? perhaps
-                                       * not? Ben 4/1/99 */
-        if ((i == -1) && (err == 0))
-            return (1);
-# endif
-
-        return (BIO_fd_non_fatal_error(err));
+        return BIO_fd_non_fatal_error(err);
     }
-    return (0);
+    return 0;
 }
 
 int BIO_fd_non_fatal_error(int err)
@@ -322,11 +273,10 @@ int BIO_fd_non_fatal_error(int err)
 # ifdef EALREADY
     case EALREADY:
 # endif
-        return (1);
-        /* break; */
+        return 1;
     default:
         break;
     }
-    return (0);
+    return 0;
 }
 #endif
diff --git a/freebsd/crypto/openssl/crypto/bio/bss_file.c b/freebsd/crypto/openssl/crypto/bio/bss_file.c
index 0f81ccd9..7818cf1d 100644
--- a/freebsd/crypto/openssl/crypto/bio/bss_file.c
+++ b/freebsd/crypto/openssl/crypto/bio/bss_file.c
@@ -1,67 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/bio/bss_file.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/*-
- * 03-Dec-1997  rdenny@dc3.com  Fix bug preventing use of stdin/stdout
- *              with binary data (e.g. asn1parse -inform DER < xxx) under
- *              Windows
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #ifndef HEADER_BSS_FILE_C
@@ -87,91 +32,43 @@
 
 # include <stdio.h>
 # include <errno.h>
-# include "cryptlib.h"
 # include "bio_lcl.h"
 # include <openssl/err.h>
 
-# if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB)
-#  include <nwfileio.h>
-# endif
-
 # if !defined(OPENSSL_NO_STDIO)
 
-static int MS_CALLBACK file_write(BIO *h, const char *buf, int num);
-static int MS_CALLBACK file_read(BIO *h, char *buf, int size);
-static int MS_CALLBACK file_puts(BIO *h, const char *str);
-static int MS_CALLBACK file_gets(BIO *h, char *str, int size);
-static long MS_CALLBACK file_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int MS_CALLBACK file_new(BIO *h);
-static int MS_CALLBACK file_free(BIO *data);
-static BIO_METHOD methods_filep = {
+static int file_write(BIO *h, const char *buf, int num);
+static int file_read(BIO *h, char *buf, int size);
+static int file_puts(BIO *h, const char *str);
+static int file_gets(BIO *h, char *str, int size);
+static long file_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int file_new(BIO *h);
+static int file_free(BIO *data);
+static const BIO_METHOD methods_filep = {
     BIO_TYPE_FILE,
     "FILE pointer",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
     file_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
     file_read,
     file_puts,
     file_gets,
     file_ctrl,
     file_new,
     file_free,
-    NULL,
+    NULL,                      /* file_callback_ctrl */
 };
 
-static FILE *file_fopen(const char *filename, const char *mode)
-{
-    FILE *file = NULL;
-
-#  if defined(_WIN32) && defined(CP_UTF8)
-    int sz, len_0 = (int)strlen(filename) + 1;
-    DWORD flags;
-
-    /*
-     * Basically there are three cases to cover: a) filename is
-     * pure ASCII string; b) actual UTF-8 encoded string and
-     * c) locale-ized string, i.e. one containing 8-bit
-     * characters that are meaningful in current system locale.
-     * If filename is pure ASCII or real UTF-8 encoded string,
-     * MultiByteToWideChar succeeds and _wfopen works. If
-     * filename is locale-ized string, chances are that
-     * MultiByteToWideChar fails reporting
-     * ERROR_NO_UNICODE_TRANSLATION, in which case we fall
-     * back to fopen...
-     */
-    if ((sz = MultiByteToWideChar(CP_UTF8, (flags = MB_ERR_INVALID_CHARS),
-                                  filename, len_0, NULL, 0)) > 0 ||
-        (GetLastError() == ERROR_INVALID_FLAGS &&
-         (sz = MultiByteToWideChar(CP_UTF8, (flags = 0),
-                                   filename, len_0, NULL, 0)) > 0)
-        ) {
-        WCHAR wmode[8];
-        WCHAR *wfilename = _alloca(sz * sizeof(WCHAR));
-
-        if (MultiByteToWideChar(CP_UTF8, flags,
-                                filename, len_0, wfilename, sz) &&
-            MultiByteToWideChar(CP_UTF8, 0, mode, strlen(mode) + 1,
-                                wmode, sizeof(wmode) / sizeof(wmode[0])) &&
-            (file = _wfopen(wfilename, wmode)) == NULL &&
-            (errno == ENOENT || errno == EBADF)
-            ) {
-            /*
-             * UTF-8 decode succeeded, but no file, filename
-             * could still have been locale-ized...
-             */
-            file = fopen(filename, mode);
-        }
-    } else if (GetLastError() == ERROR_NO_UNICODE_TRANSLATION) {
-        file = fopen(filename, mode);
-    }
-#  else
-    file = fopen(filename, mode);
-#  endif
-    return (file);
-}
-
 BIO *BIO_new_file(const char *filename, const char *mode)
 {
     BIO  *ret;
-    FILE *file = file_fopen(filename, mode);
+    FILE *file = openssl_fopen(filename, mode);
+    int fp_flags = BIO_CLOSE;
+
+    if (strchr(mode, 'b') == NULL)
+        fp_flags |= BIO_FP_TEXT;
 
     if (file == NULL) {
         SYSerr(SYS_F_FOPEN, get_last_sys_error());
@@ -184,17 +81,17 @@ BIO *BIO_new_file(const char *filename, const char *mode)
             BIOerr(BIO_F_BIO_NEW_FILE, BIO_R_NO_SUCH_FILE);
         else
             BIOerr(BIO_F_BIO_NEW_FILE, ERR_R_SYS_LIB);
-        return (NULL);
+        return NULL;
     }
     if ((ret = BIO_new(BIO_s_file())) == NULL) {
         fclose(file);
-        return (NULL);
+        return NULL;
     }
 
     BIO_clear_flags(ret, BIO_FLAGS_UPLINK); /* we did fopen -> we disengage
                                              * UPLINK */
-    BIO_set_fp(ret, file, BIO_CLOSE);
-    return (ret);
+    BIO_set_fp(ret, file, fp_flags);
+    return ret;
 }
 
 BIO *BIO_new_fp(FILE *stream, int close_flag)
@@ -202,32 +99,32 @@ BIO *BIO_new_fp(FILE *stream, int close_flag)
     BIO *ret;
 
     if ((ret = BIO_new(BIO_s_file())) == NULL)
-        return (NULL);
+        return NULL;
 
-    BIO_set_flags(ret, BIO_FLAGS_UPLINK); /* redundant, left for
-                                           * documentation puposes */
+    /* redundant flag, left for documentation purposes */
+    BIO_set_flags(ret, BIO_FLAGS_UPLINK);
     BIO_set_fp(ret, stream, close_flag);
-    return (ret);
+    return ret;
 }
 
-BIO_METHOD *BIO_s_file(void)
+const BIO_METHOD *BIO_s_file(void)
 {
-    return (&methods_filep);
+    return &methods_filep;
 }
 
-static int MS_CALLBACK file_new(BIO *bi)
+static int file_new(BIO *bi)
 {
     bi->init = 0;
     bi->num = 0;
     bi->ptr = NULL;
     bi->flags = BIO_FLAGS_UPLINK; /* default to UPLINK */
-    return (1);
+    return 1;
 }
 
-static int MS_CALLBACK file_free(BIO *a)
+static int file_free(BIO *a)
 {
     if (a == NULL)
-        return (0);
+        return 0;
     if (a->shutdown) {
         if ((a->init) && (a->ptr != NULL)) {
             if (a->flags & BIO_FLAGS_UPLINK)
@@ -239,10 +136,10 @@ static int MS_CALLBACK file_free(BIO *a)
         }
         a->init = 0;
     }
-    return (1);
+    return 1;
 }
 
-static int MS_CALLBACK file_read(BIO *b, char *out, int outl)
+static int file_read(BIO *b, char *out, int outl)
 {
     int ret = 0;
 
@@ -259,10 +156,10 @@ static int MS_CALLBACK file_read(BIO *b, char *out, int outl)
             ret = -1;
         }
     }
-    return (ret);
+    return ret;
 }
 
-static int MS_CALLBACK file_write(BIO *b, const char *in, int inl)
+static int file_write(BIO *b, const char *in, int inl)
 {
     int ret = 0;
 
@@ -275,15 +172,15 @@ static int MS_CALLBACK file_write(BIO *b, const char *in, int inl)
             ret = inl;
         /* ret=fwrite(in,1,(int)inl,(FILE *)b->ptr); */
         /*
-         * according to Tim Hudson <tjh@cryptsoft.com>, the commented out
+         * according to Tim Hudson <tjh@openssl.org>, the commented out
          * version above can cause 'inl' write calls under some stupid stdio
          * implementations (VMS)
          */
     }
-    return (ret);
+    return ret;
 }
 
-static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
+static long file_ctrl(BIO *b, int cmd, long num, void *ptr)
 {
     long ret = 1;
     FILE *fp = (FILE *)b->ptr;
@@ -343,13 +240,6 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
                 _setmode(fd, _O_TEXT);
             else
                 _setmode(fd, _O_BINARY);
-#  elif defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB)
-            int fd = fileno((FILE *)ptr);
-            /* Under CLib there are differences in file modes */
-            if (num & BIO_FP_TEXT)
-                setmode(fd, O_TEXT);
-            else
-                setmode(fd, O_BINARY);
 #  elif defined(OPENSSL_SYS_MSDOS)
             int fd = fileno((FILE *)ptr);
             /* Set correct text/binary mode */
@@ -363,7 +253,7 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
                 } else
                     _setmode(fd, _O_BINARY);
             }
-#  elif defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_WIN32_CYGWIN)
+#  elif defined(OPENSSL_SYS_WIN32_CYGWIN)
             int fd = fileno((FILE *)ptr);
             if (num & BIO_FP_TEXT)
                 setmode(fd, O_TEXT);
@@ -377,33 +267,27 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
         b->shutdown = (int)num & BIO_CLOSE;
         if (num & BIO_FP_APPEND) {
             if (num & BIO_FP_READ)
-                BUF_strlcpy(p, "a+", sizeof(p));
+                OPENSSL_strlcpy(p, "a+", sizeof(p));
             else
-                BUF_strlcpy(p, "a", sizeof(p));
+                OPENSSL_strlcpy(p, "a", sizeof(p));
         } else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE))
-            BUF_strlcpy(p, "r+", sizeof(p));
+            OPENSSL_strlcpy(p, "r+", sizeof(p));
         else if (num & BIO_FP_WRITE)
-            BUF_strlcpy(p, "w", sizeof(p));
+            OPENSSL_strlcpy(p, "w", sizeof(p));
         else if (num & BIO_FP_READ)
-            BUF_strlcpy(p, "r", sizeof(p));
+            OPENSSL_strlcpy(p, "r", sizeof(p));
         else {
             BIOerr(BIO_F_FILE_CTRL, BIO_R_BAD_FOPEN_MODE);
             ret = 0;
             break;
         }
-#  if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_WIN32_CYGWIN)
+#  if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32_CYGWIN)
         if (!(num & BIO_FP_TEXT))
-            strcat(p, "b");
+            OPENSSL_strlcat(p, "b", sizeof(p));
         else
-            strcat(p, "t");
+            OPENSSL_strlcat(p, "t", sizeof(p));
 #  endif
-#  if defined(OPENSSL_SYS_NETWARE)
-        if (!(num & BIO_FP_TEXT))
-            strcat(p, "b");
-        else
-            strcat(p, "t");
-#  endif
-        fp = file_fopen(ptr, p);
+        fp = openssl_fopen(ptr, p);
         if (fp == NULL) {
             SYSerr(SYS_F_FOPEN, get_last_sys_error());
             ERR_add_error_data(5, "fopen('", ptr, "','", p, "')");
@@ -451,10 +335,10 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
         ret = 0;
         break;
     }
-    return (ret);
+    return ret;
 }
 
-static int MS_CALLBACK file_gets(BIO *bp, char *buf, int size)
+static int file_gets(BIO *bp, char *buf, int size)
 {
     int ret = 0;
 
@@ -469,16 +353,74 @@ static int MS_CALLBACK file_gets(BIO *bp, char *buf, int size)
     if (buf[0] != '\0')
         ret = strlen(buf);
  err:
-    return (ret);
+    return ret;
 }
 
-static int MS_CALLBACK file_puts(BIO *bp, const char *str)
+static int file_puts(BIO *bp, const char *str)
 {
     int n, ret;
 
     n = strlen(str);
     ret = file_write(bp, str, n);
-    return (ret);
+    return ret;
+}
+
+#else
+
+static int file_write(BIO *b, const char *in, int inl)
+{
+    return -1;
+}
+static int file_read(BIO *b, char *out, int outl)
+{
+    return -1;
+}
+static int file_puts(BIO *bp, const char *str)
+{
+    return -1;
+}
+static int file_gets(BIO *bp, char *buf, int size)
+{
+    return 0;
+}
+static long file_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    return 0;
+}
+static int file_new(BIO *bi)
+{
+    return 0;
+}
+static int file_free(BIO *a)
+{
+    return 0;
+}
+
+static const BIO_METHOD methods_filep = {
+    BIO_TYPE_FILE,
+    "FILE pointer",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
+    file_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
+    file_read,
+    file_puts,
+    file_gets,
+    file_ctrl,
+    file_new,
+    file_free,
+    NULL,                      /* file_callback_ctrl */
+};
+
+const BIO_METHOD *BIO_s_file(void)
+{
+    return &methods_filep;
+}
+
+BIO *BIO_new_file(const char *filename, const char *mode)
+{
+    return NULL;
 }
 
 # endif                         /* OPENSSL_NO_STDIO */
diff --git a/freebsd/crypto/openssl/crypto/bio/bss_log.c b/freebsd/crypto/openssl/crypto/bio/bss_log.c
index d7cb573c..66421e3d 100644
--- a/freebsd/crypto/openssl/crypto/bio/bss_log.c
+++ b/freebsd/crypto/openssl/crypto/bio/bss_log.c
@@ -1,58 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/bio/bss_log.c */
-/* ====================================================================
- * Copyright (c) 1999-2018 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 /*
@@ -67,7 +21,8 @@
 #include <stdio.h>
 #include <errno.h>
 
-#include "cryptlib.h"
+#include "bio_lcl.h"
+#include "internal/cryptlib.h"
 
 #if defined(OPENSSL_SYS_WINCE)
 #elif defined(OPENSSL_SYS_WIN32)
@@ -86,9 +41,7 @@ void *_malloc32(__size_t);
 #  endif                        /* __INITIAL_POINTER_SIZE == 64 */
 # endif                         /* __INITIAL_POINTER_SIZE && defined
                                  * _ANSI_C_SOURCE */
-#elif defined(__ultrix)
-# include <sys/syslog.h>
-#elif defined(OPENSSL_SYS_NETWARE)
+#elif defined(__DJGPP__) && defined(OPENSSL_NO_SOCK)
 # define NO_SYSLOG
 #elif (!defined(MSDOS) || defined(WATT32)) && !defined(OPENSSL_SYS_VXWORKS) && !defined(NO_SYSLOG)
 # include <syslog.h>
@@ -124,50 +77,54 @@ void *_malloc32(__size_t);
 #  define LOG_DAEMON      OPC$M_NM_NTWORK
 # endif
 
-static int MS_CALLBACK slg_write(BIO *h, const char *buf, int num);
-static int MS_CALLBACK slg_puts(BIO *h, const char *str);
-static long MS_CALLBACK slg_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int MS_CALLBACK slg_new(BIO *h);
-static int MS_CALLBACK slg_free(BIO *data);
+static int slg_write(BIO *h, const char *buf, int num);
+static int slg_puts(BIO *h, const char *str);
+static long slg_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int slg_new(BIO *h);
+static int slg_free(BIO *data);
 static void xopenlog(BIO *bp, char *name, int level);
 static void xsyslog(BIO *bp, int priority, const char *string);
 static void xcloselog(BIO *bp);
 
-static BIO_METHOD methods_slg = {
-    BIO_TYPE_MEM, "syslog",
+static const BIO_METHOD methods_slg = {
+    BIO_TYPE_MEM,
+    "syslog",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
     slg_write,
-    NULL,
+    NULL,                      /* slg_write_old,    */
+    NULL,                      /* slg_read,         */
     slg_puts,
     NULL,
     slg_ctrl,
     slg_new,
     slg_free,
-    NULL,
+    NULL,                      /* slg_callback_ctrl */
 };
 
-BIO_METHOD *BIO_s_log(void)
+const BIO_METHOD *BIO_s_log(void)
 {
-    return (&methods_slg);
+    return &methods_slg;
 }
 
-static int MS_CALLBACK slg_new(BIO *bi)
+static int slg_new(BIO *bi)
 {
     bi->init = 1;
     bi->num = 0;
     bi->ptr = NULL;
     xopenlog(bi, "application", LOG_DAEMON);
-    return (1);
+    return 1;
 }
 
-static int MS_CALLBACK slg_free(BIO *a)
+static int slg_free(BIO *a)
 {
     if (a == NULL)
-        return (0);
+        return 0;
     xcloselog(a);
-    return (1);
+    return 1;
 }
 
-static int MS_CALLBACK slg_write(BIO *b, const char *in, int inl)
+static int slg_write(BIO *b, const char *in, int inl)
 {
     int ret = inl;
     char *buf;
@@ -241,8 +198,9 @@ static int MS_CALLBACK slg_write(BIO *b, const char *in, int inl)
         /* The default */
     };
 
-    if ((buf = (char *)OPENSSL_malloc(inl + 1)) == NULL) {
-        return (0);
+    if ((buf = OPENSSL_malloc(inl + 1)) == NULL) {
+        BIOerr(BIO_F_SLG_WRITE, ERR_R_MALLOC_FAILURE);
+        return 0;
     }
     memcpy(buf, in, inl);
     buf[inl] = '\0';
@@ -256,10 +214,10 @@ static int MS_CALLBACK slg_write(BIO *b, const char *in, int inl)
     xsyslog(b, priority, pp);
 
     OPENSSL_free(buf);
-    return (ret);
+    return ret;
 }
 
-static long MS_CALLBACK slg_ctrl(BIO *b, int cmd, long num, void *ptr)
+static long slg_ctrl(BIO *b, int cmd, long num, void *ptr)
 {
     switch (cmd) {
     case BIO_CTRL_SET:
@@ -269,16 +227,16 @@ static long MS_CALLBACK slg_ctrl(BIO *b, int cmd, long num, void *ptr)
     default:
         break;
     }
-    return (0);
+    return 0;
 }
 
-static int MS_CALLBACK slg_puts(BIO *bp, const char *str)
+static int slg_puts(BIO *bp, const char *str)
 {
     int n, ret;
 
     n = strlen(str);
     ret = slg_write(bp, str, n);
-    return (ret);
+    return ret;
 }
 
 # if defined(OPENSSL_SYS_WIN32)
@@ -324,7 +282,7 @@ static void xsyslog(BIO *bp, int priority, const char *string)
         break;
     }
 
-    sprintf(pidbuf, "[%u] ", GetCurrentProcessId());
+    sprintf(pidbuf, "[%lu] ", GetCurrentProcessId());
     lpszStrings[0] = pidbuf;
     lpszStrings[1] = string;
 
diff --git a/freebsd/crypto/openssl/crypto/bio/bss_mem.c b/freebsd/crypto/openssl/crypto/bio/bss_mem.c
index 03404a5b..1aa581ad 100644
--- a/freebsd/crypto/openssl/crypto/bio/bss_mem.c
+++ b/freebsd/crypto/openssl/crypto/bio/bss_mem.c
@@ -1,67 +1,18 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/bio/bss_mem.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <errno.h>
-#include "cryptlib.h"
-#include <openssl/bio.h>
+#include "bio_lcl.h"
+#include "internal/cryptlib.h"
 
 static int mem_write(BIO *h, const char *buf, int num);
 static int mem_read(BIO *h, char *buf, int size);
@@ -69,165 +20,247 @@ static int mem_puts(BIO *h, const char *str);
 static int mem_gets(BIO *h, char *str, int size);
 static long mem_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int mem_new(BIO *h);
+static int secmem_new(BIO *h);
 static int mem_free(BIO *data);
-static BIO_METHOD mem_method = {
+static int mem_buf_free(BIO *data, int free_all);
+static int mem_buf_sync(BIO *h);
+
+static const BIO_METHOD mem_method = {
     BIO_TYPE_MEM,
     "memory buffer",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
     mem_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
     mem_read,
     mem_puts,
     mem_gets,
     mem_ctrl,
     mem_new,
     mem_free,
-    NULL,
+    NULL,                      /* mem_callback_ctrl */
+};
+
+static const BIO_METHOD secmem_method = {
+    BIO_TYPE_MEM,
+    "secure memory buffer",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
+    mem_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
+    mem_read,
+    mem_puts,
+    mem_gets,
+    mem_ctrl,
+    secmem_new,
+    mem_free,
+    NULL,                      /* mem_callback_ctrl */
 };
 
+/* BIO memory stores buffer and read pointer  */
+typedef struct bio_buf_mem_st {
+    struct buf_mem_st *buf;   /* allocated buffer */
+    struct buf_mem_st *readp; /* read pointer */
+} BIO_BUF_MEM;
+
 /*
  * bio->num is used to hold the value to return on 'empty', if it is 0,
  * should_retry is not set
  */
 
-BIO_METHOD *BIO_s_mem(void)
+const BIO_METHOD *BIO_s_mem(void)
 {
-    return (&mem_method);
+    return &mem_method;
 }
 
+const BIO_METHOD *BIO_s_secmem(void)
+{
+    return(&secmem_method);
+}
 
 BIO *BIO_new_mem_buf(const void *buf, int len)
 {
     BIO *ret;
     BUF_MEM *b;
+    BIO_BUF_MEM *bb;
     size_t sz;
 
-    if (!buf) {
+    if (buf == NULL) {
         BIOerr(BIO_F_BIO_NEW_MEM_BUF, BIO_R_NULL_PARAMETER);
         return NULL;
     }
     sz = (len < 0) ? strlen(buf) : (size_t)len;
-    if (!(ret = BIO_new(BIO_s_mem())))
+    if ((ret = BIO_new(BIO_s_mem())) == NULL)
         return NULL;
-    b = (BUF_MEM *)ret->ptr;
+    bb = (BIO_BUF_MEM *)ret->ptr;
+    b = bb->buf;
     /* Cast away const and trust in the MEM_RDONLY flag. */
     b->data = (void *)buf;
     b->length = sz;
     b->max = sz;
+    *bb->readp = *bb->buf;
     ret->flags |= BIO_FLAGS_MEM_RDONLY;
-    /* Since this is static data retrying wont help */
+    /* Since this is static data retrying won't help */
     ret->num = 0;
     return ret;
 }
 
-static int mem_new(BIO *bi)
+static int mem_init(BIO *bi, unsigned long flags)
 {
-    BUF_MEM *b;
+    BIO_BUF_MEM *bb = OPENSSL_zalloc(sizeof(*bb));
 
-    if ((b = BUF_MEM_new()) == NULL)
-        return (0);
+    if (bb == NULL)
+        return 0;
+    if ((bb->buf = BUF_MEM_new_ex(flags)) == NULL) {
+        OPENSSL_free(bb);
+        return 0;
+    }
+    if ((bb->readp = OPENSSL_zalloc(sizeof(*bb->readp))) == NULL) {
+        BUF_MEM_free(bb->buf);
+        OPENSSL_free(bb);
+        return 0;
+    }
+    *bb->readp = *bb->buf;
     bi->shutdown = 1;
     bi->init = 1;
     bi->num = -1;
-    bi->ptr = (char *)b;
-    return (1);
+    bi->ptr = (char *)bb;
+    return 1;
+}
+
+static int mem_new(BIO *bi)
+{
+    return mem_init(bi, 0L);
+}
+
+static int secmem_new(BIO *bi)
+{
+    return mem_init(bi, BUF_MEM_FLAG_SECURE);
 }
 
 static int mem_free(BIO *a)
 {
+    return mem_buf_free(a, 1);
+}
+
+static int mem_buf_free(BIO *a, int free_all)
+{
     if (a == NULL)
-        return (0);
-    if (a->shutdown) {
-        if ((a->init) && (a->ptr != NULL)) {
-            BUF_MEM *b;
-            b = (BUF_MEM *)a->ptr;
-            if (a->flags & BIO_FLAGS_MEM_RDONLY)
-                b->data = NULL;
-            BUF_MEM_free(b);
-            a->ptr = NULL;
+        return 0;
+
+    if (a->shutdown && a->init && a->ptr != NULL) {
+        BIO_BUF_MEM *bb = (BIO_BUF_MEM *)a->ptr;
+        BUF_MEM *b = bb->buf;
+
+        if (a->flags & BIO_FLAGS_MEM_RDONLY)
+            b->data = NULL;
+        BUF_MEM_free(b);
+        if (free_all) {
+            OPENSSL_free(bb->readp);
+            OPENSSL_free(bb);
+        }
+        a->ptr = NULL;
+    }
+    return 1;
+}
+
+/*
+ * Reallocate memory buffer if read pointer differs
+ */
+static int mem_buf_sync(BIO *b)
+{
+    if (b != NULL && b->init != 0 && b->ptr != NULL) {
+        BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)b->ptr;
+
+        if (bbm->readp->data != bbm->buf->data) {
+            memmove(bbm->buf->data, bbm->readp->data, bbm->readp->length);
+            bbm->buf->length = bbm->readp->length;
+            bbm->readp->data = bbm->buf->data;
         }
     }
-    return (1);
+    return 0;
 }
 
 static int mem_read(BIO *b, char *out, int outl)
 {
     int ret = -1;
-    BUF_MEM *bm;
+    BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)b->ptr;
+    BUF_MEM *bm = bbm->readp;
 
-    bm = (BUF_MEM *)b->ptr;
     BIO_clear_retry_flags(b);
     ret = (outl >= 0 && (size_t)outl > bm->length) ? (int)bm->length : outl;
     if ((out != NULL) && (ret > 0)) {
         memcpy(out, bm->data, ret);
         bm->length -= ret;
-        if (b->flags & BIO_FLAGS_MEM_RDONLY)
-            bm->data += ret;
-        else {
-            memmove(&(bm->data[0]), &(bm->data[ret]), bm->length);
-        }
+        bm->data += ret;
     } else if (bm->length == 0) {
         ret = b->num;
         if (ret != 0)
             BIO_set_retry_read(b);
     }
-    return (ret);
+    return ret;
 }
 
 static int mem_write(BIO *b, const char *in, int inl)
 {
     int ret = -1;
     int blen;
-    BUF_MEM *bm;
+    BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)b->ptr;
 
-    bm = (BUF_MEM *)b->ptr;
     if (in == NULL) {
         BIOerr(BIO_F_MEM_WRITE, BIO_R_NULL_PARAMETER);
         goto end;
     }
-
     if (b->flags & BIO_FLAGS_MEM_RDONLY) {
         BIOerr(BIO_F_MEM_WRITE, BIO_R_WRITE_TO_READ_ONLY_BIO);
         goto end;
     }
-
     BIO_clear_retry_flags(b);
     if (inl == 0)
         return 0;
-    blen = bm->length;
-    if (BUF_MEM_grow_clean(bm, blen + inl) != (blen + inl))
+    blen = bbm->readp->length;
+    mem_buf_sync(b);
+    if (BUF_MEM_grow_clean(bbm->buf, blen + inl) == 0)
         goto end;
-    memcpy(&(bm->data[blen]), in, inl);
+    memcpy(bbm->buf->data + blen, in, inl);
+    *bbm->readp = *bbm->buf;
     ret = inl;
  end:
-    return (ret);
+    return ret;
 }
 
 static long mem_ctrl(BIO *b, int cmd, long num, void *ptr)
 {
     long ret = 1;
     char **pptr;
-
-    BUF_MEM *bm = (BUF_MEM *)b->ptr;
+    BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)b->ptr;
+    BUF_MEM *bm;
 
     switch (cmd) {
     case BIO_CTRL_RESET:
+        bm = bbm->buf;
         if (bm->data != NULL) {
             /* For read only case reset to the start again */
-            if (b->flags & BIO_FLAGS_MEM_RDONLY) {
-                bm->data -= bm->max - bm->length;
+            if ((b->flags & BIO_FLAGS_MEM_RDONLY) || (b->flags & BIO_FLAGS_NONCLEAR_RST)) {
                 bm->length = bm->max;
             } else {
                 memset(bm->data, 0, bm->max);
                 bm->length = 0;
             }
+            *bbm->readp = *bbm->buf;
         }
         break;
     case BIO_CTRL_EOF:
+        bm = bbm->readp;
         ret = (long)(bm->length == 0);
         break;
     case BIO_C_SET_BUF_MEM_EOF_RETURN:
         b->num = (int)num;
         break;
     case BIO_CTRL_INFO:
+        bm = bbm->readp;
         ret = (long)bm->length;
         if (ptr != NULL) {
             pptr = (char **)ptr;
@@ -235,12 +268,16 @@ static long mem_ctrl(BIO *b, int cmd, long num, void *ptr)
         }
         break;
     case BIO_C_SET_BUF_MEM:
-        mem_free(b);
+        mem_buf_free(b, 0);
         b->shutdown = (int)num;
-        b->ptr = ptr;
+        bbm->buf = ptr;
+        *bbm->readp = *bbm->buf;
+        b->ptr = bbm;
         break;
     case BIO_C_GET_BUF_MEM_PTR:
         if (ptr != NULL) {
+            mem_buf_sync(b);
+            bm = bbm->readp;
             pptr = (char **)ptr;
             *pptr = (char *)bm;
         }
@@ -251,11 +288,11 @@ static long mem_ctrl(BIO *b, int cmd, long num, void *ptr)
     case BIO_CTRL_SET_CLOSE:
         b->shutdown = (int)num;
         break;
-
     case BIO_CTRL_WPENDING:
         ret = 0L;
         break;
     case BIO_CTRL_PENDING:
+        bm = bbm->readp;
         ret = (long)bm->length;
         break;
     case BIO_CTRL_DUP:
@@ -268,7 +305,7 @@ static long mem_ctrl(BIO *b, int cmd, long num, void *ptr)
         ret = 0;
         break;
     }
-    return (ret);
+    return ret;
 }
 
 static int mem_gets(BIO *bp, char *buf, int size)
@@ -276,7 +313,8 @@ static int mem_gets(BIO *bp, char *buf, int size)
     int i, j;
     int ret = -1;
     char *p;
-    BUF_MEM *bm = (BUF_MEM *)bp->ptr;
+    BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)bp->ptr;
+    BUF_MEM *bm = bbm->readp;
 
     BIO_clear_retry_flags(bp);
     j = bm->length;
@@ -303,7 +341,7 @@ static int mem_gets(BIO *bp, char *buf, int size)
     if (i > 0)
         buf[i] = '\0';
     ret = i;
-    return (ret);
+    return ret;
 }
 
 static int mem_puts(BIO *bp, const char *str)
@@ -313,5 +351,5 @@ static int mem_puts(BIO *bp, const char *str)
     n = strlen(str);
     ret = mem_write(bp, str, n);
     /* memory semantics is that it will always work */
-    return (ret);
+    return ret;
 }
diff --git a/freebsd/crypto/openssl/crypto/bio/bss_null.c b/freebsd/crypto/openssl/crypto/bio/bss_null.c
index 017f730f..2ee44b37 100644
--- a/freebsd/crypto/openssl/crypto/bio/bss_null.c
+++ b/freebsd/crypto/openssl/crypto/bio/bss_null.c
@@ -1,116 +1,54 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/bio/bss_null.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <errno.h>
-#include "cryptlib.h"
-#include <openssl/bio.h>
+#include "bio_lcl.h"
+#include "internal/cryptlib.h"
 
 static int null_write(BIO *h, const char *buf, int num);
 static int null_read(BIO *h, char *buf, int size);
 static int null_puts(BIO *h, const char *str);
 static int null_gets(BIO *h, char *str, int size);
 static long null_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int null_new(BIO *h);
-static int null_free(BIO *data);
-static BIO_METHOD null_method = {
+static const BIO_METHOD null_method = {
     BIO_TYPE_NULL,
     "NULL",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
     null_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
     null_read,
     null_puts,
     null_gets,
     null_ctrl,
-    null_new,
-    null_free,
     NULL,
+    NULL,
+    NULL,                     /* null_callback_ctrl */
 };
 
-BIO_METHOD *BIO_s_null(void)
-{
-    return (&null_method);
-}
-
-static int null_new(BIO *bi)
-{
-    bi->init = 1;
-    bi->num = 0;
-    bi->ptr = (NULL);
-    return (1);
-}
-
-static int null_free(BIO *a)
+const BIO_METHOD *BIO_s_null(void)
 {
-    if (a == NULL)
-        return (0);
-    return (1);
+    return &null_method;
 }
 
 static int null_read(BIO *b, char *out, int outl)
 {
-    return (0);
+    return 0;
 }
 
 static int null_write(BIO *b, const char *in, int inl)
 {
-    return (inl);
+    return inl;
 }
 
 static long null_ctrl(BIO *b, int cmd, long num, void *ptr)
@@ -135,17 +73,17 @@ static long null_ctrl(BIO *b, int cmd, long num, void *ptr)
         ret = 0;
         break;
     }
-    return (ret);
+    return ret;
 }
 
 static int null_gets(BIO *bp, char *buf, int size)
 {
-    return (0);
+    return 0;
 }
 
 static int null_puts(BIO *bp, const char *str)
 {
     if (str == NULL)
-        return (0);
-    return (strlen(str));
+        return 0;
+    return strlen(str);
 }
diff --git a/freebsd/crypto/openssl/crypto/bio/bss_sock.c b/freebsd/crypto/openssl/crypto/bio/bss_sock.c
index c553b071..7d19aaae 100644
--- a/freebsd/crypto/openssl/crypto/bio/bss_sock.c
+++ b/freebsd/crypto/openssl/crypto/bio/bss_sock.c
@@ -1,74 +1,29 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/bio/bss_sock.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <errno.h>
-#define USE_SOCKETS
-#include "cryptlib.h"
+#include "bio_lcl.h"
+#include "internal/cryptlib.h"
 
 #ifndef OPENSSL_NO_SOCK
 
 # include <openssl/bio.h>
 
 # ifdef WATT32
-#  define sock_write SockWrite  /* Watt-32 uses same names */
+/* Watt-32 uses same names */
+#  undef sock_write
+#  undef sock_read
+#  undef sock_puts
+#  define sock_write SockWrite
 #  define sock_read  SockRead
 #  define sock_puts  SockPuts
 # endif
@@ -81,22 +36,26 @@ static int sock_new(BIO *h);
 static int sock_free(BIO *data);
 int BIO_sock_should_retry(int s);
 
-static BIO_METHOD methods_sockp = {
+static const BIO_METHOD methods_sockp = {
     BIO_TYPE_SOCKET,
     "socket",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
     sock_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
     sock_read,
     sock_puts,
-    NULL,                       /* sock_gets, */
+    NULL,                       /* sock_gets,         */
     sock_ctrl,
     sock_new,
     sock_free,
-    NULL,
+    NULL,                       /* sock_callback_ctrl */
 };
 
-BIO_METHOD *BIO_s_socket(void)
+const BIO_METHOD *BIO_s_socket(void)
 {
-    return (&methods_sockp);
+    return &methods_sockp;
 }
 
 BIO *BIO_new_socket(int fd, int close_flag)
@@ -105,9 +64,9 @@ BIO *BIO_new_socket(int fd, int close_flag)
 
     ret = BIO_new(BIO_s_socket());
     if (ret == NULL)
-        return (NULL);
+        return NULL;
     BIO_set_fd(ret, fd, close_flag);
-    return (ret);
+    return ret;
 }
 
 static int sock_new(BIO *bi)
@@ -116,21 +75,21 @@ static int sock_new(BIO *bi)
     bi->num = 0;
     bi->ptr = NULL;
     bi->flags = 0;
-    return (1);
+    return 1;
 }
 
 static int sock_free(BIO *a)
 {
     if (a == NULL)
-        return (0);
+        return 0;
     if (a->shutdown) {
         if (a->init) {
-            SHUTDOWN2(a->num);
+            BIO_closesocket(a->num);
         }
         a->init = 0;
         a->flags = 0;
     }
-    return (1);
+    return 1;
 }
 
 static int sock_read(BIO *b, char *out, int outl)
@@ -146,7 +105,7 @@ static int sock_read(BIO *b, char *out, int outl)
                 BIO_set_retry_read(b);
         }
     }
-    return (ret);
+    return ret;
 }
 
 static int sock_write(BIO *b, const char *in, int inl)
@@ -160,7 +119,7 @@ static int sock_write(BIO *b, const char *in, int inl)
         if (BIO_sock_should_retry(ret))
             BIO_set_retry_write(b);
     }
-    return (ret);
+    return ret;
 }
 
 static long sock_ctrl(BIO *b, int cmd, long num, void *ptr)
@@ -198,7 +157,7 @@ static long sock_ctrl(BIO *b, int cmd, long num, void *ptr)
         ret = 0;
         break;
     }
-    return (ret);
+    return ret;
 }
 
 static int sock_puts(BIO *bp, const char *str)
@@ -207,7 +166,7 @@ static int sock_puts(BIO *bp, const char *str)
 
     n = strlen(str);
     ret = sock_write(bp, str, n);
-    return (ret);
+    return ret;
 }
 
 int BIO_sock_should_retry(int i)
@@ -217,30 +176,18 @@ int BIO_sock_should_retry(int i)
     if ((i == 0) || (i == -1)) {
         err = get_last_socket_error();
 
-# if defined(OPENSSL_SYS_WINDOWS) && 0/* more microsoft stupidity? perhaps
-                                       * not? Ben 4/1/99 */
-        if ((i == -1) && (err == 0))
-            return (1);
-# endif
-
-        return (BIO_sock_non_fatal_error(err));
+        return BIO_sock_non_fatal_error(err);
     }
-    return (0);
+    return 0;
 }
 
 int BIO_sock_non_fatal_error(int err)
 {
     switch (err) {
-# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_NETWARE)
+# if defined(OPENSSL_SYS_WINDOWS)
 #  if defined(WSAEWOULDBLOCK)
     case WSAEWOULDBLOCK:
 #  endif
-
-#  if 0                         /* This appears to always be an error */
-#   if defined(WSAENOTCONN)
-    case WSAENOTCONN:
-#   endif
-#  endif
 # endif
 
 # ifdef EWOULDBLOCK
@@ -278,12 +225,11 @@ int BIO_sock_non_fatal_error(int err)
 # ifdef EALREADY
     case EALREADY:
 # endif
-        return (1);
-        /* break; */
+        return 1;
     default:
         break;
     }
-    return (0);
+    return 0;
 }
 
 #endif                          /* #ifndef OPENSSL_NO_SOCK */
diff --git a/freebsd/crypto/openssl/crypto/blake2/blake2_impl.h b/freebsd/crypto/openssl/crypto/blake2/blake2_impl.h
new file mode 100644
index 00000000..80b717e7
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/blake2/blake2_impl.h
@@ -0,0 +1,129 @@
+/*
+ * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Derived from the BLAKE2 reference implementation written by Samuel Neves.
+ * Copyright 2012, Samuel Neves <sneves@dei.uc.pt>
+ * More information about the BLAKE2 hash function and its implementations
+ * can be found at https://blake2.net.
+ */
+
+#include <string.h>
+
+static ossl_inline uint32_t load32(const uint8_t *src)
+{
+    const union {
+        long one;
+        char little;
+    } is_endian = { 1 };
+
+    if (is_endian.little) {
+        uint32_t w;
+        memcpy(&w, src, sizeof(w));
+        return w;
+    } else {
+        uint32_t w = ((uint32_t)src[0])
+                   | ((uint32_t)src[1] <<  8)
+                   | ((uint32_t)src[2] << 16)
+                   | ((uint32_t)src[3] << 24);
+        return w;
+    }
+}
+
+static ossl_inline uint64_t load64(const uint8_t *src)
+{
+    const union {
+        long one;
+        char little;
+    } is_endian = { 1 };
+
+    if (is_endian.little) {
+        uint64_t w;
+        memcpy(&w, src, sizeof(w));
+        return w;
+    } else {
+        uint64_t w = ((uint64_t)src[0])
+                   | ((uint64_t)src[1] <<  8)
+                   | ((uint64_t)src[2] << 16)
+                   | ((uint64_t)src[3] << 24)
+                   | ((uint64_t)src[4] << 32)
+                   | ((uint64_t)src[5] << 40)
+                   | ((uint64_t)src[6] << 48)
+                   | ((uint64_t)src[7] << 56);
+        return w;
+    }
+}
+
+static ossl_inline void store32(uint8_t *dst, uint32_t w)
+{
+    const union {
+        long one;
+        char little;
+    } is_endian = { 1 };
+
+    if (is_endian.little) {
+        memcpy(dst, &w, sizeof(w));
+    } else {
+        uint8_t *p = (uint8_t *)dst;
+        int i;
+
+        for (i = 0; i < 4; i++)
+            p[i] = (uint8_t)(w >> (8 * i));
+    }
+}
+
+static ossl_inline void store64(uint8_t *dst, uint64_t w)
+{
+    const union {
+        long one;
+        char little;
+    } is_endian = { 1 };
+
+    if (is_endian.little) {
+        memcpy(dst, &w, sizeof(w));
+    } else {
+        uint8_t *p = (uint8_t *)dst;
+        int i;
+
+        for (i = 0; i < 8; i++)
+            p[i] = (uint8_t)(w >> (8 * i));
+    }
+}
+
+static ossl_inline uint64_t load48(const uint8_t *src)
+{
+    uint64_t w = ((uint64_t)src[0])
+               | ((uint64_t)src[1] <<  8)
+               | ((uint64_t)src[2] << 16)
+               | ((uint64_t)src[3] << 24)
+               | ((uint64_t)src[4] << 32)
+               | ((uint64_t)src[5] << 40);
+    return w;
+}
+
+static ossl_inline void store48(uint8_t *dst, uint64_t w)
+{
+    uint8_t *p = (uint8_t *)dst;
+    p[0] = (uint8_t)w;
+    p[1] = (uint8_t)(w>>8);
+    p[2] = (uint8_t)(w>>16);
+    p[3] = (uint8_t)(w>>24);
+    p[4] = (uint8_t)(w>>32);
+    p[5] = (uint8_t)(w>>40);
+}
+
+static ossl_inline uint32_t rotr32(const uint32_t w, const unsigned int c)
+{
+    return (w >> c) | (w << (32 - c));
+}
+
+static ossl_inline uint64_t rotr64(const uint64_t w, const unsigned int c)
+{
+    return (w >> c) | (w << (64 - c));
+}
diff --git a/freebsd/crypto/openssl/crypto/blake2/blake2_locl.h b/freebsd/crypto/openssl/crypto/blake2/blake2_locl.h
new file mode 100644
index 00000000..926bae94
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/blake2/blake2_locl.h
@@ -0,0 +1,90 @@
+/*
+ * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Derived from the BLAKE2 reference implementation written by Samuel Neves.
+ * Copyright 2012, Samuel Neves <sneves@dei.uc.pt>
+ * More information about the BLAKE2 hash function and its implementations
+ * can be found at https://blake2.net.
+ */
+
+#include <stddef.h>
+
+#define BLAKE2S_BLOCKBYTES    64
+#define BLAKE2S_OUTBYTES      32
+#define BLAKE2S_KEYBYTES      32
+#define BLAKE2S_SALTBYTES     8
+#define BLAKE2S_PERSONALBYTES 8
+
+#define BLAKE2B_BLOCKBYTES    128
+#define BLAKE2B_OUTBYTES      64
+#define BLAKE2B_KEYBYTES      64
+#define BLAKE2B_SALTBYTES     16
+#define BLAKE2B_PERSONALBYTES 16
+
+struct blake2s_param_st {
+    uint8_t  digest_length; /* 1 */
+    uint8_t  key_length;    /* 2 */
+    uint8_t  fanout;        /* 3 */
+    uint8_t  depth;         /* 4 */
+    uint8_t  leaf_length[4];/* 8 */
+    uint8_t  node_offset[6];/* 14 */
+    uint8_t  node_depth;    /* 15 */
+    uint8_t  inner_length;  /* 16 */
+    uint8_t  salt[BLAKE2S_SALTBYTES]; /* 24 */
+    uint8_t  personal[BLAKE2S_PERSONALBYTES];  /* 32 */
+};
+
+typedef struct blake2s_param_st BLAKE2S_PARAM;
+
+struct blake2s_ctx_st {
+    uint32_t h[8];
+    uint32_t t[2];
+    uint32_t f[2];
+    uint8_t  buf[BLAKE2S_BLOCKBYTES];
+    size_t   buflen;
+};
+
+struct blake2b_param_st {
+    uint8_t  digest_length; /* 1 */
+    uint8_t  key_length;    /* 2 */
+    uint8_t  fanout;        /* 3 */
+    uint8_t  depth;         /* 4 */
+    uint8_t  leaf_length[4];/* 8 */
+    uint8_t  node_offset[8];/* 16 */
+    uint8_t  node_depth;    /* 17 */
+    uint8_t  inner_length;  /* 18 */
+    uint8_t  reserved[14];  /* 32 */
+    uint8_t  salt[BLAKE2B_SALTBYTES]; /* 48 */
+    uint8_t  personal[BLAKE2B_PERSONALBYTES];  /* 64 */
+};
+
+typedef struct blake2b_param_st BLAKE2B_PARAM;
+
+struct blake2b_ctx_st {
+    uint64_t h[8];
+    uint64_t t[2];
+    uint64_t f[2];
+    uint8_t  buf[BLAKE2B_BLOCKBYTES];
+    size_t   buflen;
+};
+
+#define BLAKE2B_DIGEST_LENGTH 64
+#define BLAKE2S_DIGEST_LENGTH 32
+
+typedef struct blake2s_ctx_st BLAKE2S_CTX;
+typedef struct blake2b_ctx_st BLAKE2B_CTX;
+
+int BLAKE2b_Init(BLAKE2B_CTX *c);
+int BLAKE2b_Update(BLAKE2B_CTX *c, const void *data, size_t datalen);
+int BLAKE2b_Final(unsigned char *md, BLAKE2B_CTX *c);
+
+int BLAKE2s_Init(BLAKE2S_CTX *c);
+int BLAKE2s_Update(BLAKE2S_CTX *c, const void *data, size_t datalen);
+int BLAKE2s_Final(unsigned char *md, BLAKE2S_CTX *c);
diff --git a/freebsd/crypto/openssl/crypto/blake2/blake2b.c b/freebsd/crypto/openssl/crypto/blake2/blake2b.c
new file mode 100644
index 00000000..461d1318
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/blake2/blake2b.c
@@ -0,0 +1,271 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Derived from the BLAKE2 reference implementation written by Samuel Neves.
+ * Copyright 2012, Samuel Neves <sneves@dei.uc.pt>
+ * More information about the BLAKE2 hash function and its implementations
+ * can be found at https://blake2.net.
+ */
+
+#include <assert.h>
+#include <string.h>
+#include <openssl/crypto.h>
+
+#include "blake2_locl.h"
+#include "blake2_impl.h"
+
+static const uint64_t blake2b_IV[8] =
+{
+    0x6a09e667f3bcc908U, 0xbb67ae8584caa73bU,
+    0x3c6ef372fe94f82bU, 0xa54ff53a5f1d36f1U,
+    0x510e527fade682d1U, 0x9b05688c2b3e6c1fU,
+    0x1f83d9abfb41bd6bU, 0x5be0cd19137e2179U
+};
+
+static const uint8_t blake2b_sigma[12][16] =
+{
+    {  0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15 } ,
+    { 14, 10,  4,  8,  9, 15, 13,  6,  1, 12,  0,  2, 11,  7,  5,  3 } ,
+    { 11,  8, 12,  0,  5,  2, 15, 13, 10, 14,  3,  6,  7,  1,  9,  4 } ,
+    {  7,  9,  3,  1, 13, 12, 11, 14,  2,  6,  5, 10,  4,  0, 15,  8 } ,
+    {  9,  0,  5,  7,  2,  4, 10, 15, 14,  1, 11, 12,  6,  8,  3, 13 } ,
+    {  2, 12,  6, 10,  0, 11,  8,  3,  4, 13,  7,  5, 15, 14,  1,  9 } ,
+    { 12,  5,  1, 15, 14, 13,  4, 10,  0,  7,  6,  3,  9,  2,  8, 11 } ,
+    { 13, 11,  7, 14, 12,  1,  3,  9,  5,  0, 15,  4,  8,  6,  2, 10 } ,
+    {  6, 15, 14,  9, 11,  3,  0,  8, 12,  2, 13,  7,  1,  4, 10,  5 } ,
+    { 10,  2,  8,  4,  7,  6,  1,  5, 15, 11,  9, 14,  3, 12, 13 , 0 } ,
+    {  0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15 } ,
+    { 14, 10,  4,  8,  9, 15, 13,  6,  1, 12,  0,  2, 11,  7,  5,  3 }
+};
+
+/* Set that it's the last block we'll compress */
+static ossl_inline void blake2b_set_lastblock(BLAKE2B_CTX *S)
+{
+    S->f[0] = -1;
+}
+
+/* Initialize the hashing state. */
+static ossl_inline void blake2b_init0(BLAKE2B_CTX *S)
+{
+    int i;
+
+    memset(S, 0, sizeof(BLAKE2B_CTX));
+    for (i = 0; i < 8; ++i) {
+        S->h[i] = blake2b_IV[i];
+    }
+}
+
+/* init xors IV with input parameter block */
+static void blake2b_init_param(BLAKE2B_CTX *S, const BLAKE2B_PARAM *P)
+{
+    size_t i;
+    const uint8_t *p = (const uint8_t *)(P);
+    blake2b_init0(S);
+
+    /* The param struct is carefully hand packed, and should be 64 bytes on
+     * every platform. */
+    assert(sizeof(BLAKE2B_PARAM) == 64);
+    /* IV XOR ParamBlock */
+    for (i = 0; i < 8; ++i) {
+        S->h[i] ^= load64(p + sizeof(S->h[i]) * i);
+    }
+}
+
+/* Initialize the hashing context.  Always returns 1. */
+int BLAKE2b_Init(BLAKE2B_CTX *c)
+{
+    BLAKE2B_PARAM P[1];
+    P->digest_length = BLAKE2B_DIGEST_LENGTH;
+    P->key_length    = 0;
+    P->fanout        = 1;
+    P->depth         = 1;
+    store32(P->leaf_length, 0);
+    store64(P->node_offset, 0);
+    P->node_depth    = 0;
+    P->inner_length  = 0;
+    memset(P->reserved, 0, sizeof(P->reserved));
+    memset(P->salt,     0, sizeof(P->salt));
+    memset(P->personal, 0, sizeof(P->personal));
+    blake2b_init_param(c, P);
+    return 1;
+}
+
+/* Permute the state while xoring in the block of data. */
+static void blake2b_compress(BLAKE2B_CTX *S,
+                            const uint8_t *blocks,
+                            size_t len)
+{
+    uint64_t m[16];
+    uint64_t v[16];
+    int i;
+    size_t increment;
+
+    /*
+     * There are two distinct usage vectors for this function:
+     *
+     * a) BLAKE2b_Update uses it to process complete blocks,
+     *    possibly more than one at a time;
+     *
+     * b) BLAK2b_Final uses it to process last block, always
+     *    single but possibly incomplete, in which case caller
+     *    pads input with zeros.
+     */
+    assert(len < BLAKE2B_BLOCKBYTES || len % BLAKE2B_BLOCKBYTES == 0);
+
+    /*
+     * Since last block is always processed with separate call,
+     * |len| not being multiple of complete blocks can be observed
+     * only with |len| being less than BLAKE2B_BLOCKBYTES ("less"
+     * including even zero), which is why following assignment doesn't
+     * have to reside inside the main loop below.
+     */
+    increment = len < BLAKE2B_BLOCKBYTES ? len : BLAKE2B_BLOCKBYTES;
+
+    for (i = 0; i < 8; ++i) {
+        v[i] = S->h[i];
+    }
+
+    do {
+        for (i = 0; i < 16; ++i) {
+            m[i] = load64(blocks + i * sizeof(m[i]));
+        }
+
+        /* blake2b_increment_counter */
+        S->t[0] += increment;
+        S->t[1] += (S->t[0] < increment);
+
+        v[8]  = blake2b_IV[0];
+        v[9]  = blake2b_IV[1];
+        v[10] = blake2b_IV[2];
+        v[11] = blake2b_IV[3];
+        v[12] = S->t[0] ^ blake2b_IV[4];
+        v[13] = S->t[1] ^ blake2b_IV[5];
+        v[14] = S->f[0] ^ blake2b_IV[6];
+        v[15] = S->f[1] ^ blake2b_IV[7];
+#define G(r,i,a,b,c,d) \
+        do { \
+            a = a + b + m[blake2b_sigma[r][2*i+0]]; \
+            d = rotr64(d ^ a, 32); \
+            c = c + d; \
+            b = rotr64(b ^ c, 24); \
+            a = a + b + m[blake2b_sigma[r][2*i+1]]; \
+            d = rotr64(d ^ a, 16); \
+            c = c + d; \
+            b = rotr64(b ^ c, 63); \
+        } while (0)
+#define ROUND(r)  \
+        do { \
+            G(r,0,v[ 0],v[ 4],v[ 8],v[12]); \
+            G(r,1,v[ 1],v[ 5],v[ 9],v[13]); \
+            G(r,2,v[ 2],v[ 6],v[10],v[14]); \
+            G(r,3,v[ 3],v[ 7],v[11],v[15]); \
+            G(r,4,v[ 0],v[ 5],v[10],v[15]); \
+            G(r,5,v[ 1],v[ 6],v[11],v[12]); \
+            G(r,6,v[ 2],v[ 7],v[ 8],v[13]); \
+            G(r,7,v[ 3],v[ 4],v[ 9],v[14]); \
+        } while (0)
+#if defined(OPENSSL_SMALL_FOOTPRINT)
+        /* 3x size reduction on x86_64, almost 7x on ARMv8, 9x on ARMv4 */
+        for (i = 0; i < 12; i++) {
+            ROUND(i);
+        }
+#else
+        ROUND(0);
+        ROUND(1);
+        ROUND(2);
+        ROUND(3);
+        ROUND(4);
+        ROUND(5);
+        ROUND(6);
+        ROUND(7);
+        ROUND(8);
+        ROUND(9);
+        ROUND(10);
+        ROUND(11);
+#endif
+
+        for (i = 0; i < 8; ++i) {
+            S->h[i] = v[i] ^= v[i + 8] ^ S->h[i];
+        }
+#undef G
+#undef ROUND
+        blocks += increment;
+        len -= increment;
+    } while (len);
+}
+
+/* Absorb the input data into the hash state.  Always returns 1. */
+int BLAKE2b_Update(BLAKE2B_CTX *c, const void *data, size_t datalen)
+{
+    const uint8_t *in = data;
+    size_t fill;
+
+    /*
+     * Intuitively one would expect intermediate buffer, c->buf, to
+     * store incomplete blocks. But in this case we are interested to
+     * temporarily stash even complete blocks, because last one in the
+     * stream has to be treated in special way, and at this point we
+     * don't know if last block in *this* call is last one "ever". This
+     * is the reason for why |datalen| is compared as >, and not >=.
+     */
+    fill = sizeof(c->buf) - c->buflen;
+    if (datalen > fill) {
+        if (c->buflen) {
+            memcpy(c->buf + c->buflen, in, fill); /* Fill buffer */
+            blake2b_compress(c, c->buf, BLAKE2B_BLOCKBYTES);
+            c->buflen = 0;
+            in += fill;
+            datalen -= fill;
+        }
+        if (datalen > BLAKE2B_BLOCKBYTES) {
+            size_t stashlen = datalen % BLAKE2B_BLOCKBYTES;
+            /*
+             * If |datalen| is a multiple of the blocksize, stash
+             * last complete block, it can be final one...
+             */
+            stashlen = stashlen ? stashlen : BLAKE2B_BLOCKBYTES;
+            datalen -= stashlen;
+            blake2b_compress(c, in, datalen);
+            in += datalen;
+            datalen = stashlen;
+        }
+    }
+
+    assert(datalen <= BLAKE2B_BLOCKBYTES);
+
+    memcpy(c->buf + c->buflen, in, datalen);
+    c->buflen += datalen; /* Be lazy, do not compress */
+
+    return 1;
+}
+
+/*
+ * Calculate the final hash and save it in md.
+ * Always returns 1.
+ */
+int BLAKE2b_Final(unsigned char *md, BLAKE2B_CTX *c)
+{
+    int i;
+
+    blake2b_set_lastblock(c);
+    /* Padding */
+    memset(c->buf + c->buflen, 0, sizeof(c->buf) - c->buflen);
+    blake2b_compress(c, c->buf, c->buflen);
+
+    /* Output full hash to message digest */
+    for (i = 0; i < 8; ++i) {
+        store64(md + sizeof(c->h[i]) * i, c->h[i]);
+    }
+
+    OPENSSL_cleanse(c, sizeof(BLAKE2B_CTX));
+    return 1;
+}
diff --git a/freebsd/crypto/openssl/crypto/blake2/blake2s.c b/freebsd/crypto/openssl/crypto/blake2/blake2s.c
new file mode 100644
index 00000000..4107930e
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/blake2/blake2s.c
@@ -0,0 +1,265 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Derived from the BLAKE2 reference implementation written by Samuel Neves.
+ * Copyright 2012, Samuel Neves <sneves@dei.uc.pt>
+ * More information about the BLAKE2 hash function and its implementations
+ * can be found at https://blake2.net.
+ */
+
+#include <assert.h>
+#include <string.h>
+#include <openssl/crypto.h>
+
+#include "blake2_locl.h"
+#include "blake2_impl.h"
+
+static const uint32_t blake2s_IV[8] =
+{
+    0x6A09E667U, 0xBB67AE85U, 0x3C6EF372U, 0xA54FF53AU,
+    0x510E527FU, 0x9B05688CU, 0x1F83D9ABU, 0x5BE0CD19U
+};
+
+static const uint8_t blake2s_sigma[10][16] =
+{
+    {  0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15 } ,
+    { 14, 10,  4,  8,  9, 15, 13,  6,  1, 12,  0,  2, 11,  7,  5,  3 } ,
+    { 11,  8, 12,  0,  5,  2, 15, 13, 10, 14,  3,  6,  7,  1,  9,  4 } ,
+    {  7,  9,  3,  1, 13, 12, 11, 14,  2,  6,  5, 10,  4,  0, 15,  8 } ,
+    {  9,  0,  5,  7,  2,  4, 10, 15, 14,  1, 11, 12,  6,  8,  3, 13 } ,
+    {  2, 12,  6, 10,  0, 11,  8,  3,  4, 13,  7,  5, 15, 14,  1,  9 } ,
+    { 12,  5,  1, 15, 14, 13,  4, 10,  0,  7,  6,  3,  9,  2,  8, 11 } ,
+    { 13, 11,  7, 14, 12,  1,  3,  9,  5,  0, 15,  4,  8,  6,  2, 10 } ,
+    {  6, 15, 14,  9, 11,  3,  0,  8, 12,  2, 13,  7,  1,  4, 10,  5 } ,
+    { 10,  2,  8,  4,  7,  6,  1,  5, 15, 11,  9, 14,  3, 12, 13 , 0 } ,
+};
+
+/* Set that it's the last block we'll compress */
+static ossl_inline void blake2s_set_lastblock(BLAKE2S_CTX *S)
+{
+    S->f[0] = -1;
+}
+
+/* Initialize the hashing state. */
+static ossl_inline void blake2s_init0(BLAKE2S_CTX *S)
+{
+    int i;
+
+    memset(S, 0, sizeof(BLAKE2S_CTX));
+    for (i = 0; i < 8; ++i) {
+        S->h[i] = blake2s_IV[i];
+    }
+}
+
+/* init2 xors IV with input parameter block */
+static void blake2s_init_param(BLAKE2S_CTX *S, const BLAKE2S_PARAM *P)
+{
+    const uint8_t *p = (const uint8_t *)(P);
+    size_t i;
+
+    /* The param struct is carefully hand packed, and should be 32 bytes on
+     * every platform. */
+    assert(sizeof(BLAKE2S_PARAM) == 32);
+    blake2s_init0(S);
+    /* IV XOR ParamBlock */
+    for (i = 0; i < 8; ++i) {
+        S->h[i] ^= load32(&p[i*4]);
+    }
+}
+
+/* Initialize the hashing context.  Always returns 1. */
+int BLAKE2s_Init(BLAKE2S_CTX *c)
+{
+    BLAKE2S_PARAM P[1];
+
+    P->digest_length = BLAKE2S_DIGEST_LENGTH;
+    P->key_length    = 0;
+    P->fanout        = 1;
+    P->depth         = 1;
+    store32(P->leaf_length, 0);
+    store48(P->node_offset, 0);
+    P->node_depth    = 0;
+    P->inner_length  = 0;
+    memset(P->salt,     0, sizeof(P->salt));
+    memset(P->personal, 0, sizeof(P->personal));
+    blake2s_init_param(c, P);
+    return 1;
+}
+
+/* Permute the state while xoring in the block of data. */
+static void blake2s_compress(BLAKE2S_CTX *S,
+                            const uint8_t *blocks,
+                            size_t len)
+{
+    uint32_t m[16];
+    uint32_t v[16];
+    size_t i;
+    size_t increment;
+
+    /*
+     * There are two distinct usage vectors for this function:
+     *
+     * a) BLAKE2s_Update uses it to process complete blocks,
+     *    possibly more than one at a time;
+     *
+     * b) BLAK2s_Final uses it to process last block, always
+     *    single but possibly incomplete, in which case caller
+     *    pads input with zeros.
+     */
+    assert(len < BLAKE2S_BLOCKBYTES || len % BLAKE2S_BLOCKBYTES == 0);
+
+    /*
+     * Since last block is always processed with separate call,
+     * |len| not being multiple of complete blocks can be observed
+     * only with |len| being less than BLAKE2S_BLOCKBYTES ("less"
+     * including even zero), which is why following assignment doesn't
+     * have to reside inside the main loop below.
+     */
+    increment = len < BLAKE2S_BLOCKBYTES ? len : BLAKE2S_BLOCKBYTES;
+
+    for (i = 0; i < 8; ++i) {
+        v[i] = S->h[i];
+    }
+
+    do {
+        for (i = 0; i < 16; ++i) {
+            m[i] = load32(blocks + i * sizeof(m[i]));
+        }
+
+        /* blake2s_increment_counter */
+        S->t[0] += increment;
+        S->t[1] += (S->t[0] < increment);
+
+        v[ 8] = blake2s_IV[0];
+        v[ 9] = blake2s_IV[1];
+        v[10] = blake2s_IV[2];
+        v[11] = blake2s_IV[3];
+        v[12] = S->t[0] ^ blake2s_IV[4];
+        v[13] = S->t[1] ^ blake2s_IV[5];
+        v[14] = S->f[0] ^ blake2s_IV[6];
+        v[15] = S->f[1] ^ blake2s_IV[7];
+#define G(r,i,a,b,c,d) \
+        do { \
+            a = a + b + m[blake2s_sigma[r][2*i+0]]; \
+            d = rotr32(d ^ a, 16); \
+            c = c + d; \
+            b = rotr32(b ^ c, 12); \
+            a = a + b + m[blake2s_sigma[r][2*i+1]]; \
+            d = rotr32(d ^ a, 8); \
+            c = c + d; \
+            b = rotr32(b ^ c, 7); \
+        } while (0)
+#define ROUND(r)  \
+        do { \
+            G(r,0,v[ 0],v[ 4],v[ 8],v[12]); \
+            G(r,1,v[ 1],v[ 5],v[ 9],v[13]); \
+            G(r,2,v[ 2],v[ 6],v[10],v[14]); \
+            G(r,3,v[ 3],v[ 7],v[11],v[15]); \
+            G(r,4,v[ 0],v[ 5],v[10],v[15]); \
+            G(r,5,v[ 1],v[ 6],v[11],v[12]); \
+            G(r,6,v[ 2],v[ 7],v[ 8],v[13]); \
+            G(r,7,v[ 3],v[ 4],v[ 9],v[14]); \
+        } while (0)
+#if defined(OPENSSL_SMALL_FOOTPRINT)
+        /* almost 3x reduction on x86_64, 4.5x on ARMv8, 4x on ARMv4 */
+        for (i = 0; i < 10; i++) {
+            ROUND(i);
+        }
+#else
+        ROUND(0);
+        ROUND(1);
+        ROUND(2);
+        ROUND(3);
+        ROUND(4);
+        ROUND(5);
+        ROUND(6);
+        ROUND(7);
+        ROUND(8);
+        ROUND(9);
+#endif
+
+        for (i = 0; i < 8; ++i) {
+            S->h[i] = v[i] ^= v[i + 8] ^ S->h[i];
+        }
+#undef G
+#undef ROUND
+        blocks += increment;
+        len -= increment;
+    } while (len);
+}
+
+/* Absorb the input data into the hash state.  Always returns 1. */
+int BLAKE2s_Update(BLAKE2S_CTX *c, const void *data, size_t datalen)
+{
+    const uint8_t *in = data;
+    size_t fill;
+
+    /*
+     * Intuitively one would expect intermediate buffer, c->buf, to
+     * store incomplete blocks. But in this case we are interested to
+     * temporarily stash even complete blocks, because last one in the
+     * stream has to be treated in special way, and at this point we
+     * don't know if last block in *this* call is last one "ever". This
+     * is the reason for why |datalen| is compared as >, and not >=.
+     */
+    fill = sizeof(c->buf) - c->buflen;
+    if (datalen > fill) {
+        if (c->buflen) {
+            memcpy(c->buf + c->buflen, in, fill); /* Fill buffer */
+            blake2s_compress(c, c->buf, BLAKE2S_BLOCKBYTES);
+            c->buflen = 0;
+            in += fill;
+            datalen -= fill;
+        }
+        if (datalen > BLAKE2S_BLOCKBYTES) {
+            size_t stashlen = datalen % BLAKE2S_BLOCKBYTES;
+            /*
+             * If |datalen| is a multiple of the blocksize, stash
+             * last complete block, it can be final one...
+             */
+            stashlen = stashlen ? stashlen : BLAKE2S_BLOCKBYTES;
+            datalen -= stashlen;
+            blake2s_compress(c, in, datalen);
+            in += datalen;
+            datalen = stashlen;
+        }
+    }
+
+    assert(datalen <= BLAKE2S_BLOCKBYTES);
+
+    memcpy(c->buf + c->buflen, in, datalen);
+    c->buflen += datalen; /* Be lazy, do not compress */
+
+    return 1;
+}
+
+/*
+ * Calculate the final hash and save it in md.
+ * Always returns 1.
+ */
+int BLAKE2s_Final(unsigned char *md, BLAKE2S_CTX *c)
+{
+    int i;
+
+    blake2s_set_lastblock(c);
+    /* Padding */
+    memset(c->buf + c->buflen, 0, sizeof(c->buf) - c->buflen);
+    blake2s_compress(c, c->buf, c->buflen);
+
+    /* Output full hash to temp buffer */
+    for (i = 0; i < 8; ++i) {
+        store32(md + sizeof(c->h[i]) * i, c->h[i]);
+    }
+
+    OPENSSL_cleanse(c, sizeof(BLAKE2S_CTX));
+    return 1;
+}
diff --git a/freebsd/crypto/openssl/crypto/blake2/m_blake2b.c b/freebsd/crypto/openssl/crypto/blake2/m_blake2b.c
new file mode 100644
index 00000000..79f6e537
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/blake2/m_blake2b.c
@@ -0,0 +1,61 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Derived from the BLAKE2 reference implementation written by Samuel Neves.
+ * Copyright 2012, Samuel Neves <sneves@dei.uc.pt>
+ * More information about the BLAKE2 hash function and its implementations
+ * can be found at https://blake2.net.
+ */
+
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_BLAKE2
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include "blake2_locl.h"
+# include "internal/evp_int.h"
+
+static int init(EVP_MD_CTX *ctx)
+{
+    return BLAKE2b_Init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return BLAKE2b_Update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return BLAKE2b_Final(md, EVP_MD_CTX_md_data(ctx));
+}
+
+static const EVP_MD blake2b_md = {
+    NID_blake2b512,
+    0,
+    BLAKE2B_DIGEST_LENGTH,
+    0,
+    init,
+    update,
+    final,
+    NULL,
+    NULL,
+    BLAKE2B_BLOCKBYTES,
+    sizeof(EVP_MD *) + sizeof(BLAKE2B_CTX),
+};
+
+const EVP_MD *EVP_blake2b512(void)
+{
+    return &blake2b_md;
+}
+#endif
diff --git a/freebsd/crypto/openssl/crypto/blake2/m_blake2s.c b/freebsd/crypto/openssl/crypto/blake2/m_blake2s.c
new file mode 100644
index 00000000..d2cbc930
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/blake2/m_blake2s.c
@@ -0,0 +1,61 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Derived from the BLAKE2 reference implementation written by Samuel Neves.
+ * Copyright 2012, Samuel Neves <sneves@dei.uc.pt>
+ * More information about the BLAKE2 hash function and its implementations
+ * can be found at https://blake2.net.
+ */
+
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_BLAKE2
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include "blake2_locl.h"
+# include "internal/evp_int.h"
+
+static int init(EVP_MD_CTX *ctx)
+{
+    return BLAKE2s_Init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return BLAKE2s_Update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return BLAKE2s_Final(md, EVP_MD_CTX_md_data(ctx));
+}
+
+static const EVP_MD blake2s_md = {
+    NID_blake2s256,
+    0,
+    BLAKE2S_DIGEST_LENGTH,
+    0,
+    init,
+    update,
+    final,
+    NULL,
+    NULL,
+    BLAKE2S_BLOCKBYTES,
+    sizeof(EVP_MD *) + sizeof(BLAKE2S_CTX),
+};
+
+const EVP_MD *EVP_blake2s256(void)
+{
+    return &blake2s_md;
+}
+#endif
diff --git a/freebsd/crypto/openssl/crypto/bn/asm/x86_64-gcc.c b/freebsd/crypto/openssl/crypto/bn/asm/x86_64-gcc.c
new file mode 100644
index 00000000..caa2764a
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/bn/asm/x86_64-gcc.c
@@ -0,0 +1,651 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "../bn_lcl.h"
+#if !(defined(__GNUC__) && __GNUC__>=2)
+# include "../bn_asm.c"         /* kind of dirty hack for Sun Studio */
+#else
+/*-
+ * x86_64 BIGNUM accelerator version 0.1, December 2002.
+ *
+ * Implemented by Andy Polyakov <appro@openssl.org> for the OpenSSL
+ * project.
+ *
+ * Rights for redistribution and usage in source and binary forms are
+ * granted according to the OpenSSL license. Warranty of any kind is
+ * disclaimed.
+ *
+ * Q. Version 0.1? It doesn't sound like Andy, he used to assign real
+ *    versions, like 1.0...
+ * A. Well, that's because this code is basically a quick-n-dirty
+ *    proof-of-concept hack. As you can see it's implemented with
+ *    inline assembler, which means that you're bound to GCC and that
+ *    there might be enough room for further improvement.
+ *
+ * Q. Why inline assembler?
+ * A. x86_64 features own ABI which I'm not familiar with. This is
+ *    why I decided to let the compiler take care of subroutine
+ *    prologue/epilogue as well as register allocation. For reference.
+ *    Win64 implements different ABI for AMD64, different from Linux.
+ *
+ * Q. How much faster does it get?
+ * A. 'apps/openssl speed rsa dsa' output with no-asm:
+ *
+ *                        sign    verify    sign/s verify/s
+ *      rsa  512 bits   0.0006s   0.0001s   1683.8  18456.2
+ *      rsa 1024 bits   0.0028s   0.0002s    356.0   6407.0
+ *      rsa 2048 bits   0.0172s   0.0005s     58.0   1957.8
+ *      rsa 4096 bits   0.1155s   0.0018s      8.7    555.6
+ *                        sign    verify    sign/s verify/s
+ *      dsa  512 bits   0.0005s   0.0006s   2100.8   1768.3
+ *      dsa 1024 bits   0.0014s   0.0018s    692.3    559.2
+ *      dsa 2048 bits   0.0049s   0.0061s    204.7    165.0
+ *
+ *    'apps/openssl speed rsa dsa' output with this module:
+ *
+ *                        sign    verify    sign/s verify/s
+ *      rsa  512 bits   0.0004s   0.0000s   2767.1  33297.9
+ *      rsa 1024 bits   0.0012s   0.0001s    867.4  14674.7
+ *      rsa 2048 bits   0.0061s   0.0002s    164.0   5270.0
+ *      rsa 4096 bits   0.0384s   0.0006s     26.1   1650.8
+ *                        sign    verify    sign/s verify/s
+ *      dsa  512 bits   0.0002s   0.0003s   4442.2   3786.3
+ *      dsa 1024 bits   0.0005s   0.0007s   1835.1   1497.4
+ *      dsa 2048 bits   0.0016s   0.0020s    620.4    504.6
+ *
+ *    For the reference. IA-32 assembler implementation performs
+ *    very much like 64-bit code compiled with no-asm on the same
+ *    machine.
+ */
+
+# if defined(_WIN64) || !defined(__LP64__)
+#  define BN_ULONG unsigned long long
+# else
+#  define BN_ULONG unsigned long
+# endif
+
+# undef mul
+# undef mul_add
+
+/*-
+ * "m"(a), "+m"(r)      is the way to favor DirectPath µ-code;
+ * "g"(0)               let the compiler to decide where does it
+ *                      want to keep the value of zero;
+ */
+# define mul_add(r,a,word,carry) do {   \
+        register BN_ULONG high,low;     \
+        asm ("mulq %3"                  \
+                : "=a"(low),"=d"(high)  \
+                : "a"(word),"m"(a)      \
+                : "cc");                \
+        asm ("addq %2,%0; adcq %3,%1"   \
+                : "+r"(carry),"+d"(high)\
+                : "a"(low),"g"(0)       \
+                : "cc");                \
+        asm ("addq %2,%0; adcq %3,%1"   \
+                : "+m"(r),"+d"(high)    \
+                : "r"(carry),"g"(0)     \
+                : "cc");                \
+        carry=high;                     \
+        } while (0)
+
+# define mul(r,a,word,carry) do {       \
+        register BN_ULONG high,low;     \
+        asm ("mulq %3"                  \
+                : "=a"(low),"=d"(high)  \
+                : "a"(word),"g"(a)      \
+                : "cc");                \
+        asm ("addq %2,%0; adcq %3,%1"   \
+                : "+r"(carry),"+d"(high)\
+                : "a"(low),"g"(0)       \
+                : "cc");                \
+        (r)=carry, carry=high;          \
+        } while (0)
+# undef sqr
+# define sqr(r0,r1,a)                   \
+        asm ("mulq %2"                  \
+                : "=a"(r0),"=d"(r1)     \
+                : "a"(a)                \
+                : "cc");
+
+BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num,
+                          BN_ULONG w)
+{
+    BN_ULONG c1 = 0;
+
+    if (num <= 0)
+        return c1;
+
+    while (num & ~3) {
+        mul_add(rp[0], ap[0], w, c1);
+        mul_add(rp[1], ap[1], w, c1);
+        mul_add(rp[2], ap[2], w, c1);
+        mul_add(rp[3], ap[3], w, c1);
+        ap += 4;
+        rp += 4;
+        num -= 4;
+    }
+    if (num) {
+        mul_add(rp[0], ap[0], w, c1);
+        if (--num == 0)
+            return c1;
+        mul_add(rp[1], ap[1], w, c1);
+        if (--num == 0)
+            return c1;
+        mul_add(rp[2], ap[2], w, c1);
+        return c1;
+    }
+
+    return c1;
+}
+
+BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
+{
+    BN_ULONG c1 = 0;
+
+    if (num <= 0)
+        return c1;
+
+    while (num & ~3) {
+        mul(rp[0], ap[0], w, c1);
+        mul(rp[1], ap[1], w, c1);
+        mul(rp[2], ap[2], w, c1);
+        mul(rp[3], ap[3], w, c1);
+        ap += 4;
+        rp += 4;
+        num -= 4;
+    }
+    if (num) {
+        mul(rp[0], ap[0], w, c1);
+        if (--num == 0)
+            return c1;
+        mul(rp[1], ap[1], w, c1);
+        if (--num == 0)
+            return c1;
+        mul(rp[2], ap[2], w, c1);
+    }
+    return c1;
+}
+
+void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
+{
+    if (n <= 0)
+        return;
+
+    while (n & ~3) {
+        sqr(r[0], r[1], a[0]);
+        sqr(r[2], r[3], a[1]);
+        sqr(r[4], r[5], a[2]);
+        sqr(r[6], r[7], a[3]);
+        a += 4;
+        r += 8;
+        n -= 4;
+    }
+    if (n) {
+        sqr(r[0], r[1], a[0]);
+        if (--n == 0)
+            return;
+        sqr(r[2], r[3], a[1]);
+        if (--n == 0)
+            return;
+        sqr(r[4], r[5], a[2]);
+    }
+}
+
+BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
+{
+    BN_ULONG ret, waste;
+
+ asm("divq      %4":"=a"(ret), "=d"(waste)
+ :     "a"(l), "d"(h), "r"(d)
+ :     "cc");
+
+    return ret;
+}
+
+BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                      int n)
+{
+    BN_ULONG ret;
+    size_t i = 0;
+
+    if (n <= 0)
+        return 0;
+
+    asm volatile ("       subq    %0,%0           \n" /* clear carry */
+                  "       jmp     1f              \n"
+                  ".p2align 4                     \n"
+                  "1:     movq    (%4,%2,8),%0    \n"
+                  "       adcq    (%5,%2,8),%0    \n"
+                  "       movq    %0,(%3,%2,8)    \n"
+                  "       lea     1(%2),%2        \n"
+                  "       dec     %1              \n"
+                  "       jnz     1b              \n"
+                  "       sbbq    %0,%0           \n"
+                  :"=&r" (ret), "+c"(n), "+r"(i)
+                  :"r"(rp), "r"(ap), "r"(bp)
+                  :"cc", "memory");
+
+    return ret & 1;
+}
+
+# ifndef SIMICS
+BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                      int n)
+{
+    BN_ULONG ret;
+    size_t i = 0;
+
+    if (n <= 0)
+        return 0;
+
+    asm volatile ("       subq    %0,%0           \n" /* clear borrow */
+                  "       jmp     1f              \n"
+                  ".p2align 4                     \n"
+                  "1:     movq    (%4,%2,8),%0    \n"
+                  "       sbbq    (%5,%2,8),%0    \n"
+                  "       movq    %0,(%3,%2,8)    \n"
+                  "       lea     1(%2),%2        \n"
+                  "       dec     %1              \n"
+                  "       jnz     1b              \n"
+                  "       sbbq    %0,%0           \n"
+                  :"=&r" (ret), "+c"(n), "+r"(i)
+                  :"r"(rp), "r"(ap), "r"(bp)
+                  :"cc", "memory");
+
+    return ret & 1;
+}
+# else
+/* Simics 1.4<7 has buggy sbbq:-( */
+#  define BN_MASK2 0xffffffffffffffffL
+BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+{
+    BN_ULONG t1, t2;
+    int c = 0;
+
+    if (n <= 0)
+        return (BN_ULONG)0;
+
+    for (;;) {
+        t1 = a[0];
+        t2 = b[0];
+        r[0] = (t1 - t2 - c) & BN_MASK2;
+        if (t1 != t2)
+            c = (t1 < t2);
+        if (--n <= 0)
+            break;
+
+        t1 = a[1];
+        t2 = b[1];
+        r[1] = (t1 - t2 - c) & BN_MASK2;
+        if (t1 != t2)
+            c = (t1 < t2);
+        if (--n <= 0)
+            break;
+
+        t1 = a[2];
+        t2 = b[2];
+        r[2] = (t1 - t2 - c) & BN_MASK2;
+        if (t1 != t2)
+            c = (t1 < t2);
+        if (--n <= 0)
+            break;
+
+        t1 = a[3];
+        t2 = b[3];
+        r[3] = (t1 - t2 - c) & BN_MASK2;
+        if (t1 != t2)
+            c = (t1 < t2);
+        if (--n <= 0)
+            break;
+
+        a += 4;
+        b += 4;
+        r += 4;
+    }
+    return c;
+}
+# endif
+
+/* mul_add_c(a,b,c0,c1,c2)  -- c+=a*b for three word number c=(c2,c1,c0) */
+/* mul_add_c2(a,b,c0,c1,c2) -- c+=2*a*b for three word number c=(c2,c1,c0) */
+/* sqr_add_c(a,i,c0,c1,c2)  -- c+=a[i]^2 for three word number c=(c2,c1,c0) */
+/*
+ * sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number
+ * c=(c2,c1,c0)
+ */
+
+/*
+ * Keep in mind that carrying into high part of multiplication result
+ * can not overflow, because it cannot be all-ones.
+ */
+# if 0
+/* original macros are kept for reference purposes */
+#  define mul_add_c(a,b,c0,c1,c2)       do {    \
+        BN_ULONG ta = (a), tb = (b);            \
+        BN_ULONG lo, hi;                        \
+        BN_UMULT_LOHI(lo,hi,ta,tb);             \
+        c0 += lo; hi += (c0<lo)?1:0;            \
+        c1 += hi; c2 += (c1<hi)?1:0;            \
+        } while(0)
+
+#  define mul_add_c2(a,b,c0,c1,c2)      do {    \
+        BN_ULONG ta = (a), tb = (b);            \
+        BN_ULONG lo, hi, tt;                    \
+        BN_UMULT_LOHI(lo,hi,ta,tb);             \
+        c0 += lo; tt = hi+((c0<lo)?1:0);        \
+        c1 += tt; c2 += (c1<tt)?1:0;            \
+        c0 += lo; hi += (c0<lo)?1:0;            \
+        c1 += hi; c2 += (c1<hi)?1:0;            \
+        } while(0)
+
+#  define sqr_add_c(a,i,c0,c1,c2)       do {    \
+        BN_ULONG ta = (a)[i];                   \
+        BN_ULONG lo, hi;                        \
+        BN_UMULT_LOHI(lo,hi,ta,ta);             \
+        c0 += lo; hi += (c0<lo)?1:0;            \
+        c1 += hi; c2 += (c1<hi)?1:0;            \
+        } while(0)
+# else
+#  define mul_add_c(a,b,c0,c1,c2) do {  \
+        BN_ULONG t1,t2;                 \
+        asm ("mulq %3"                  \
+                : "=a"(t1),"=d"(t2)     \
+                : "a"(a),"m"(b)         \
+                : "cc");                \
+        asm ("addq %3,%0; adcq %4,%1; adcq %5,%2"       \
+                : "+r"(c0),"+r"(c1),"+r"(c2)            \
+                : "r"(t1),"r"(t2),"g"(0)                \
+                : "cc");                                \
+        } while (0)
+
+#  define sqr_add_c(a,i,c0,c1,c2) do {  \
+        BN_ULONG t1,t2;                 \
+        asm ("mulq %2"                  \
+                : "=a"(t1),"=d"(t2)     \
+                : "a"(a[i])             \
+                : "cc");                \
+        asm ("addq %3,%0; adcq %4,%1; adcq %5,%2"       \
+                : "+r"(c0),"+r"(c1),"+r"(c2)            \
+                : "r"(t1),"r"(t2),"g"(0)                \
+                : "cc");                                \
+        } while (0)
+
+#  define mul_add_c2(a,b,c0,c1,c2) do { \
+        BN_ULONG t1,t2;                 \
+        asm ("mulq %3"                  \
+                : "=a"(t1),"=d"(t2)     \
+                : "a"(a),"m"(b)         \
+                : "cc");                \
+        asm ("addq %3,%0; adcq %4,%1; adcq %5,%2"       \
+                : "+r"(c0),"+r"(c1),"+r"(c2)            \
+                : "r"(t1),"r"(t2),"g"(0)                \
+                : "cc");                                \
+        asm ("addq %3,%0; adcq %4,%1; adcq %5,%2"       \
+                : "+r"(c0),"+r"(c1),"+r"(c2)            \
+                : "r"(t1),"r"(t2),"g"(0)                \
+                : "cc");                                \
+        } while (0)
+# endif
+
+# define sqr_add_c2(a,i,j,c0,c1,c2)      \
+        mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+
+void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+{
+    BN_ULONG c1, c2, c3;
+
+    c1 = 0;
+    c2 = 0;
+    c3 = 0;
+    mul_add_c(a[0], b[0], c1, c2, c3);
+    r[0] = c1;
+    c1 = 0;
+    mul_add_c(a[0], b[1], c2, c3, c1);
+    mul_add_c(a[1], b[0], c2, c3, c1);
+    r[1] = c2;
+    c2 = 0;
+    mul_add_c(a[2], b[0], c3, c1, c2);
+    mul_add_c(a[1], b[1], c3, c1, c2);
+    mul_add_c(a[0], b[2], c3, c1, c2);
+    r[2] = c3;
+    c3 = 0;
+    mul_add_c(a[0], b[3], c1, c2, c3);
+    mul_add_c(a[1], b[2], c1, c2, c3);
+    mul_add_c(a[2], b[1], c1, c2, c3);
+    mul_add_c(a[3], b[0], c1, c2, c3);
+    r[3] = c1;
+    c1 = 0;
+    mul_add_c(a[4], b[0], c2, c3, c1);
+    mul_add_c(a[3], b[1], c2, c3, c1);
+    mul_add_c(a[2], b[2], c2, c3, c1);
+    mul_add_c(a[1], b[3], c2, c3, c1);
+    mul_add_c(a[0], b[4], c2, c3, c1);
+    r[4] = c2;
+    c2 = 0;
+    mul_add_c(a[0], b[5], c3, c1, c2);
+    mul_add_c(a[1], b[4], c3, c1, c2);
+    mul_add_c(a[2], b[3], c3, c1, c2);
+    mul_add_c(a[3], b[2], c3, c1, c2);
+    mul_add_c(a[4], b[1], c3, c1, c2);
+    mul_add_c(a[5], b[0], c3, c1, c2);
+    r[5] = c3;
+    c3 = 0;
+    mul_add_c(a[6], b[0], c1, c2, c3);
+    mul_add_c(a[5], b[1], c1, c2, c3);
+    mul_add_c(a[4], b[2], c1, c2, c3);
+    mul_add_c(a[3], b[3], c1, c2, c3);
+    mul_add_c(a[2], b[4], c1, c2, c3);
+    mul_add_c(a[1], b[5], c1, c2, c3);
+    mul_add_c(a[0], b[6], c1, c2, c3);
+    r[6] = c1;
+    c1 = 0;
+    mul_add_c(a[0], b[7], c2, c3, c1);
+    mul_add_c(a[1], b[6], c2, c3, c1);
+    mul_add_c(a[2], b[5], c2, c3, c1);
+    mul_add_c(a[3], b[4], c2, c3, c1);
+    mul_add_c(a[4], b[3], c2, c3, c1);
+    mul_add_c(a[5], b[2], c2, c3, c1);
+    mul_add_c(a[6], b[1], c2, c3, c1);
+    mul_add_c(a[7], b[0], c2, c3, c1);
+    r[7] = c2;
+    c2 = 0;
+    mul_add_c(a[7], b[1], c3, c1, c2);
+    mul_add_c(a[6], b[2], c3, c1, c2);
+    mul_add_c(a[5], b[3], c3, c1, c2);
+    mul_add_c(a[4], b[4], c3, c1, c2);
+    mul_add_c(a[3], b[5], c3, c1, c2);
+    mul_add_c(a[2], b[6], c3, c1, c2);
+    mul_add_c(a[1], b[7], c3, c1, c2);
+    r[8] = c3;
+    c3 = 0;
+    mul_add_c(a[2], b[7], c1, c2, c3);
+    mul_add_c(a[3], b[6], c1, c2, c3);
+    mul_add_c(a[4], b[5], c1, c2, c3);
+    mul_add_c(a[5], b[4], c1, c2, c3);
+    mul_add_c(a[6], b[3], c1, c2, c3);
+    mul_add_c(a[7], b[2], c1, c2, c3);
+    r[9] = c1;
+    c1 = 0;
+    mul_add_c(a[7], b[3], c2, c3, c1);
+    mul_add_c(a[6], b[4], c2, c3, c1);
+    mul_add_c(a[5], b[5], c2, c3, c1);
+    mul_add_c(a[4], b[6], c2, c3, c1);
+    mul_add_c(a[3], b[7], c2, c3, c1);
+    r[10] = c2;
+    c2 = 0;
+    mul_add_c(a[4], b[7], c3, c1, c2);
+    mul_add_c(a[5], b[6], c3, c1, c2);
+    mul_add_c(a[6], b[5], c3, c1, c2);
+    mul_add_c(a[7], b[4], c3, c1, c2);
+    r[11] = c3;
+    c3 = 0;
+    mul_add_c(a[7], b[5], c1, c2, c3);
+    mul_add_c(a[6], b[6], c1, c2, c3);
+    mul_add_c(a[5], b[7], c1, c2, c3);
+    r[12] = c1;
+    c1 = 0;
+    mul_add_c(a[6], b[7], c2, c3, c1);
+    mul_add_c(a[7], b[6], c2, c3, c1);
+    r[13] = c2;
+    c2 = 0;
+    mul_add_c(a[7], b[7], c3, c1, c2);
+    r[14] = c3;
+    r[15] = c1;
+}
+
+void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+{
+    BN_ULONG c1, c2, c3;
+
+    c1 = 0;
+    c2 = 0;
+    c3 = 0;
+    mul_add_c(a[0], b[0], c1, c2, c3);
+    r[0] = c1;
+    c1 = 0;
+    mul_add_c(a[0], b[1], c2, c3, c1);
+    mul_add_c(a[1], b[0], c2, c3, c1);
+    r[1] = c2;
+    c2 = 0;
+    mul_add_c(a[2], b[0], c3, c1, c2);
+    mul_add_c(a[1], b[1], c3, c1, c2);
+    mul_add_c(a[0], b[2], c3, c1, c2);
+    r[2] = c3;
+    c3 = 0;
+    mul_add_c(a[0], b[3], c1, c2, c3);
+    mul_add_c(a[1], b[2], c1, c2, c3);
+    mul_add_c(a[2], b[1], c1, c2, c3);
+    mul_add_c(a[3], b[0], c1, c2, c3);
+    r[3] = c1;
+    c1 = 0;
+    mul_add_c(a[3], b[1], c2, c3, c1);
+    mul_add_c(a[2], b[2], c2, c3, c1);
+    mul_add_c(a[1], b[3], c2, c3, c1);
+    r[4] = c2;
+    c2 = 0;
+    mul_add_c(a[2], b[3], c3, c1, c2);
+    mul_add_c(a[3], b[2], c3, c1, c2);
+    r[5] = c3;
+    c3 = 0;
+    mul_add_c(a[3], b[3], c1, c2, c3);
+    r[6] = c1;
+    r[7] = c2;
+}
+
+void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a)
+{
+    BN_ULONG c1, c2, c3;
+
+    c1 = 0;
+    c2 = 0;
+    c3 = 0;
+    sqr_add_c(a, 0, c1, c2, c3);
+    r[0] = c1;
+    c1 = 0;
+    sqr_add_c2(a, 1, 0, c2, c3, c1);
+    r[1] = c2;
+    c2 = 0;
+    sqr_add_c(a, 1, c3, c1, c2);
+    sqr_add_c2(a, 2, 0, c3, c1, c2);
+    r[2] = c3;
+    c3 = 0;
+    sqr_add_c2(a, 3, 0, c1, c2, c3);
+    sqr_add_c2(a, 2, 1, c1, c2, c3);
+    r[3] = c1;
+    c1 = 0;
+    sqr_add_c(a, 2, c2, c3, c1);
+    sqr_add_c2(a, 3, 1, c2, c3, c1);
+    sqr_add_c2(a, 4, 0, c2, c3, c1);
+    r[4] = c2;
+    c2 = 0;
+    sqr_add_c2(a, 5, 0, c3, c1, c2);
+    sqr_add_c2(a, 4, 1, c3, c1, c2);
+    sqr_add_c2(a, 3, 2, c3, c1, c2);
+    r[5] = c3;
+    c3 = 0;
+    sqr_add_c(a, 3, c1, c2, c3);
+    sqr_add_c2(a, 4, 2, c1, c2, c3);
+    sqr_add_c2(a, 5, 1, c1, c2, c3);
+    sqr_add_c2(a, 6, 0, c1, c2, c3);
+    r[6] = c1;
+    c1 = 0;
+    sqr_add_c2(a, 7, 0, c2, c3, c1);
+    sqr_add_c2(a, 6, 1, c2, c3, c1);
+    sqr_add_c2(a, 5, 2, c2, c3, c1);
+    sqr_add_c2(a, 4, 3, c2, c3, c1);
+    r[7] = c2;
+    c2 = 0;
+    sqr_add_c(a, 4, c3, c1, c2);
+    sqr_add_c2(a, 5, 3, c3, c1, c2);
+    sqr_add_c2(a, 6, 2, c3, c1, c2);
+    sqr_add_c2(a, 7, 1, c3, c1, c2);
+    r[8] = c3;
+    c3 = 0;
+    sqr_add_c2(a, 7, 2, c1, c2, c3);
+    sqr_add_c2(a, 6, 3, c1, c2, c3);
+    sqr_add_c2(a, 5, 4, c1, c2, c3);
+    r[9] = c1;
+    c1 = 0;
+    sqr_add_c(a, 5, c2, c3, c1);
+    sqr_add_c2(a, 6, 4, c2, c3, c1);
+    sqr_add_c2(a, 7, 3, c2, c3, c1);
+    r[10] = c2;
+    c2 = 0;
+    sqr_add_c2(a, 7, 4, c3, c1, c2);
+    sqr_add_c2(a, 6, 5, c3, c1, c2);
+    r[11] = c3;
+    c3 = 0;
+    sqr_add_c(a, 6, c1, c2, c3);
+    sqr_add_c2(a, 7, 5, c1, c2, c3);
+    r[12] = c1;
+    c1 = 0;
+    sqr_add_c2(a, 7, 6, c2, c3, c1);
+    r[13] = c2;
+    c2 = 0;
+    sqr_add_c(a, 7, c3, c1, c2);
+    r[14] = c3;
+    r[15] = c1;
+}
+
+void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a)
+{
+    BN_ULONG c1, c2, c3;
+
+    c1 = 0;
+    c2 = 0;
+    c3 = 0;
+    sqr_add_c(a, 0, c1, c2, c3);
+    r[0] = c1;
+    c1 = 0;
+    sqr_add_c2(a, 1, 0, c2, c3, c1);
+    r[1] = c2;
+    c2 = 0;
+    sqr_add_c(a, 1, c3, c1, c2);
+    sqr_add_c2(a, 2, 0, c3, c1, c2);
+    r[2] = c3;
+    c3 = 0;
+    sqr_add_c2(a, 3, 0, c1, c2, c3);
+    sqr_add_c2(a, 2, 1, c1, c2, c3);
+    r[3] = c1;
+    c1 = 0;
+    sqr_add_c(a, 2, c2, c3, c1);
+    sqr_add_c2(a, 3, 1, c2, c3, c1);
+    r[4] = c2;
+    c2 = 0;
+    sqr_add_c2(a, 3, 2, c3, c1, c2);
+    r[5] = c3;
+    c3 = 0;
+    sqr_add_c(a, 3, c1, c2, c3);
+    r[6] = c1;
+    r[7] = c2;
+}
+#endif
diff --git a/freebsd/crypto/openssl/crypto/bn/bn.h b/freebsd/crypto/openssl/crypto/bn/bn.h
deleted file mode 100644
index d4b9f27b..00000000
--- a/freebsd/crypto/openssl/crypto/bn/bn.h
+++ /dev/null
@@ -1,1015 +0,0 @@
-/* crypto/bn/bn.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2018 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the Eric Young open source
- * license provided above.
- *
- * The binary polynomial arithmetic software is originally written by
- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-
-#ifndef HEADER_BN_H
-# define HEADER_BN_H
-
-# include <limits.h>
-# include <openssl/e_os2.h>
-# ifndef OPENSSL_NO_FP_API
-#  include <stdio.h>            /* FILE */
-# endif
-# include <openssl/ossl_typ.h>
-# include <openssl/crypto.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/*
- * These preprocessor symbols control various aspects of the bignum headers
- * and library code. They're not defined by any "normal" configuration, as
- * they are intended for development and testing purposes. NB: defining all
- * three can be useful for debugging application code as well as openssl
- * itself. BN_DEBUG - turn on various debugging alterations to the bignum
- * code BN_DEBUG_RAND - uses random poisoning of unused words to trip up
- * mismanagement of bignum internals. You must also define BN_DEBUG.
- */
-/* #define BN_DEBUG */
-/* #define BN_DEBUG_RAND */
-
-# ifndef OPENSSL_SMALL_FOOTPRINT
-#  define BN_MUL_COMBA
-#  define BN_SQR_COMBA
-#  define BN_RECURSION
-# endif
-
-/*
- * This next option uses the C libraries (2 word)/(1 word) function. If it is
- * not defined, I use my C version (which is slower). The reason for this
- * flag is that when the particular C compiler library routine is used, and
- * the library is linked with a different compiler, the library is missing.
- * This mostly happens when the library is built with gcc and then linked
- * using normal cc.  This would be a common occurrence because gcc normally
- * produces code that is 2 times faster than system compilers for the big
- * number stuff. For machines with only one compiler (or shared libraries),
- * this should be on.  Again this in only really a problem on machines using
- * "long long's", are 32bit, and are not using my assembler code.
- */
-# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || \
-    defined(OPENSSL_SYS_WIN32) || defined(linux)
-#  ifndef BN_DIV2W
-#   define BN_DIV2W
-#  endif
-# endif
-
-/*
- * assuming long is 64bit - this is the DEC Alpha unsigned long long is only
- * 64 bits :-(, don't define BN_LLONG for the DEC Alpha
- */
-# ifdef SIXTY_FOUR_BIT_LONG
-#  define BN_ULLONG       unsigned long long
-#  define BN_ULONG        unsigned long
-#  define BN_LONG         long
-#  define BN_BITS         128
-#  define BN_BYTES        8
-#  define BN_BITS2        64
-#  define BN_BITS4        32
-#  define BN_MASK         (0xffffffffffffffffffffffffffffffffLL)
-#  define BN_MASK2        (0xffffffffffffffffL)
-#  define BN_MASK2l       (0xffffffffL)
-#  define BN_MASK2h       (0xffffffff00000000L)
-#  define BN_MASK2h1      (0xffffffff80000000L)
-#  define BN_TBIT         (0x8000000000000000L)
-#  define BN_DEC_CONV     (10000000000000000000UL)
-#  define BN_DEC_FMT1     "%lu"
-#  define BN_DEC_FMT2     "%019lu"
-#  define BN_DEC_NUM      19
-#  define BN_HEX_FMT1     "%lX"
-#  define BN_HEX_FMT2     "%016lX"
-# endif
-
-/*
- * This is where the long long data type is 64 bits, but long is 32. For
- * machines where there are 64bit registers, this is the mode to use. IRIX,
- * on R4000 and above should use this mode, along with the relevant assembler
- * code :-).  Do NOT define BN_LLONG.
- */
-# ifdef SIXTY_FOUR_BIT
-#  undef BN_LLONG
-#  undef BN_ULLONG
-#  define BN_ULONG        unsigned long long
-#  define BN_LONG         long long
-#  define BN_BITS         128
-#  define BN_BYTES        8
-#  define BN_BITS2        64
-#  define BN_BITS4        32
-#  define BN_MASK2        (0xffffffffffffffffLL)
-#  define BN_MASK2l       (0xffffffffL)
-#  define BN_MASK2h       (0xffffffff00000000LL)
-#  define BN_MASK2h1      (0xffffffff80000000LL)
-#  define BN_TBIT         (0x8000000000000000LL)
-#  define BN_DEC_CONV     (10000000000000000000ULL)
-#  define BN_DEC_FMT1     "%llu"
-#  define BN_DEC_FMT2     "%019llu"
-#  define BN_DEC_NUM      19
-#  define BN_HEX_FMT1     "%llX"
-#  define BN_HEX_FMT2     "%016llX"
-# endif
-
-# ifdef THIRTY_TWO_BIT
-#  ifdef BN_LLONG
-#   if defined(_WIN32) && !defined(__GNUC__)
-#    define BN_ULLONG     unsigned __int64
-#    define BN_MASK       (0xffffffffffffffffI64)
-#   else
-#    define BN_ULLONG     unsigned long long
-#    define BN_MASK       (0xffffffffffffffffLL)
-#   endif
-#  endif
-#  define BN_ULONG        unsigned int
-#  define BN_LONG         int
-#  define BN_BITS         64
-#  define BN_BYTES        4
-#  define BN_BITS2        32
-#  define BN_BITS4        16
-#  define BN_MASK2        (0xffffffffL)
-#  define BN_MASK2l       (0xffff)
-#  define BN_MASK2h1      (0xffff8000L)
-#  define BN_MASK2h       (0xffff0000L)
-#  define BN_TBIT         (0x80000000L)
-#  define BN_DEC_CONV     (1000000000L)
-#  define BN_DEC_FMT1     "%u"
-#  define BN_DEC_FMT2     "%09u"
-#  define BN_DEC_NUM      9
-#  define BN_HEX_FMT1     "%X"
-#  define BN_HEX_FMT2     "%08X"
-# endif
-
-# define BN_DEFAULT_BITS 1280
-
-# define BN_FLG_MALLOCED         0x01
-# define BN_FLG_STATIC_DATA      0x02
-
-/*
- * avoid leaking exponent information through timing,
- * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime,
- * BN_div() will call BN_div_no_branch,
- * BN_mod_inverse() will call BN_mod_inverse_no_branch.
- */
-# define BN_FLG_CONSTTIME        0x04
-
-# ifdef OPENSSL_NO_DEPRECATED
-/* deprecated name for the flag */
-#  define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME
-/*
- * avoid leaking exponent information through timings
- * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime)
- */
-# endif
-
-# ifndef OPENSSL_NO_DEPRECATED
-#  define BN_FLG_FREE             0x8000
-                                       /* used for debuging */
-# endif
-# define BN_set_flags(b,n)       ((b)->flags|=(n))
-# define BN_get_flags(b,n)       ((b)->flags&(n))
-
-/*
- * get a clone of a BIGNUM with changed flags, for *temporary* use only (the
- * two BIGNUMs cannot not be used in parallel!)
- */
-# define BN_with_flags(dest,b,n)  ((dest)->d=(b)->d, \
-                                  (dest)->top=(b)->top, \
-                                  (dest)->dmax=(b)->dmax, \
-                                  (dest)->neg=(b)->neg, \
-                                  (dest)->flags=(((dest)->flags & BN_FLG_MALLOCED) \
-                                                 |  ((b)->flags & ~BN_FLG_MALLOCED) \
-                                                 |  BN_FLG_STATIC_DATA \
-                                                 |  (n)))
-
-/* Already declared in ossl_typ.h */
-# if 0
-typedef struct bignum_st BIGNUM;
-/* Used for temp variables (declaration hidden in bn_lcl.h) */
-typedef struct bignum_ctx BN_CTX;
-typedef struct bn_blinding_st BN_BLINDING;
-typedef struct bn_mont_ctx_st BN_MONT_CTX;
-typedef struct bn_recp_ctx_st BN_RECP_CTX;
-typedef struct bn_gencb_st BN_GENCB;
-# endif
-
-struct bignum_st {
-    BN_ULONG *d;                /* Pointer to an array of 'BN_BITS2' bit
-                                 * chunks. */
-    int top;                    /* Index of last used d +1. */
-    /* The next are internal book keeping for bn_expand. */
-    int dmax;                   /* Size of the d array. */
-    int neg;                    /* one if the number is negative */
-    int flags;
-};
-
-/* Used for montgomery multiplication */
-struct bn_mont_ctx_st {
-    int ri;                     /* number of bits in R */
-    BIGNUM RR;                  /* used to convert to montgomery form */
-    BIGNUM N;                   /* The modulus */
-    BIGNUM Ni;                  /* R*(1/R mod N) - N*Ni = 1 (Ni is only
-                                 * stored for bignum algorithm) */
-    BN_ULONG n0[2];             /* least significant word(s) of Ni; (type
-                                 * changed with 0.9.9, was "BN_ULONG n0;"
-                                 * before) */
-    int flags;
-};
-
-/*
- * Used for reciprocal division/mod functions It cannot be shared between
- * threads
- */
-struct bn_recp_ctx_st {
-    BIGNUM N;                   /* the divisor */
-    BIGNUM Nr;                  /* the reciprocal */
-    int num_bits;
-    int shift;
-    int flags;
-};
-
-/* Used for slow "generation" functions. */
-struct bn_gencb_st {
-    unsigned int ver;           /* To handle binary (in)compatibility */
-    void *arg;                  /* callback-specific data */
-    union {
-        /* if(ver==1) - handles old style callbacks */
-        void (*cb_1) (int, int, void *);
-        /* if(ver==2) - new callback style */
-        int (*cb_2) (int, int, BN_GENCB *);
-    } cb;
-};
-/* Wrapper function to make using BN_GENCB easier,  */
-int BN_GENCB_call(BN_GENCB *cb, int a, int b);
-/* Macro to populate a BN_GENCB structure with an "old"-style callback */
-# define BN_GENCB_set_old(gencb, callback, cb_arg) { \
-                BN_GENCB *tmp_gencb = (gencb); \
-                tmp_gencb->ver = 1; \
-                tmp_gencb->arg = (cb_arg); \
-                tmp_gencb->cb.cb_1 = (callback); }
-/* Macro to populate a BN_GENCB structure with a "new"-style callback */
-# define BN_GENCB_set(gencb, callback, cb_arg) { \
-                BN_GENCB *tmp_gencb = (gencb); \
-                tmp_gencb->ver = 2; \
-                tmp_gencb->arg = (cb_arg); \
-                tmp_gencb->cb.cb_2 = (callback); }
-
-# define BN_prime_checks 0      /* default: select number of iterations based
-                                 * on the size of the number */
-
-/*
- * BN_prime_checks_for_size() returns the number of Miller-Rabin iterations
- * that will be done for checking that a random number is probably prime. The
- * error rate for accepting a composite number as prime depends on the size of
- * the prime |b|. The error rates used are for calculating an RSA key with 2 primes,
- * and so the level is what you would expect for a key of double the size of the
- * prime.
- *
- * This table is generated using the algorithm of FIPS PUB 186-4
- * Digital Signature Standard (DSS), section F.1, page 117.
- * (https://dx.doi.org/10.6028/NIST.FIPS.186-4)
- *
- * The following magma script was used to generate the output:
- * securitybits:=125;
- * k:=1024;
- * for t:=1 to 65 do
- *   for M:=3 to Floor(2*Sqrt(k-1)-1) do
- *     S:=0;
- *     // Sum over m
- *     for m:=3 to M do
- *       s:=0;
- *       // Sum over j
- *       for j:=2 to m do
- *         s+:=(RealField(32)!2)^-(j+(k-1)/j);
- *       end for;
- *       S+:=2^(m-(m-1)*t)*s;
- *     end for;
- *     A:=2^(k-2-M*t);
- *     B:=8*(Pi(RealField(32))^2-6)/3*2^(k-2)*S;
- *     pkt:=2.00743*Log(2)*k*2^-k*(A+B);
- *     seclevel:=Floor(-Log(2,pkt));
- *     if seclevel ge securitybits then
- *       printf "k: %5o, security: %o bits  (t: %o, M: %o)\n",k,seclevel,t,M;
- *       break;
- *     end if;
- *   end for;
- *   if seclevel ge securitybits then break; end if;
- * end for;
- *
- * It can be run online at:
- * http://magma.maths.usyd.edu.au/calc
- *
- * And will output:
- * k:  1024, security: 129 bits  (t: 6, M: 23)
- *
- * k is the number of bits of the prime, securitybits is the level we want to
- * reach.
- *
- * prime length | RSA key size | # MR tests | security level
- * -------------+--------------|------------+---------------
- *  (b) >= 6394 |     >= 12788 |          3 |        256 bit
- *  (b) >= 3747 |     >=  7494 |          3 |        192 bit
- *  (b) >= 1345 |     >=  2690 |          4 |        128 bit
- *  (b) >= 1080 |     >=  2160 |          5 |        128 bit
- *  (b) >=  852 |     >=  1704 |          5 |        112 bit
- *  (b) >=  476 |     >=   952 |          5 |         80 bit
- *  (b) >=  400 |     >=   800 |          6 |         80 bit
- *  (b) >=  347 |     >=   694 |          7 |         80 bit
- *  (b) >=  308 |     >=   616 |          8 |         80 bit
- *  (b) >=   55 |     >=   110 |         27 |         64 bit
- *  (b) >=    6 |     >=    12 |         34 |         64 bit
- */
-
-# define BN_prime_checks_for_size(b) ((b) >= 3747 ?  3 : \
-                                (b) >=  1345 ?  4 : \
-                                (b) >=  476 ?  5 : \
-                                (b) >=  400 ?  6 : \
-                                (b) >=  347 ?  7 : \
-                                (b) >=  308 ?  8 : \
-                                (b) >=  55  ? 27 : \
-                                /* b >= 6 */ 34)
-
-# define BN_num_bytes(a) ((BN_num_bits(a)+7)/8)
-
-/* Note that BN_abs_is_word didn't work reliably for w == 0 until 0.9.8 */
-# define BN_abs_is_word(a,w) ((((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) || \
-                                (((w) == 0) && ((a)->top == 0)))
-# define BN_is_zero(a)       ((a)->top == 0)
-# define BN_is_one(a)        (BN_abs_is_word((a),1) && !(a)->neg)
-# define BN_is_word(a,w)     (BN_abs_is_word((a),(w)) && (!(w) || !(a)->neg))
-# define BN_is_odd(a)        (((a)->top > 0) && ((a)->d[0] & 1))
-
-# define BN_one(a)       (BN_set_word((a),1))
-# define BN_zero_ex(a) \
-        do { \
-                BIGNUM *_tmp_bn = (a); \
-                _tmp_bn->top = 0; \
-                _tmp_bn->neg = 0; \
-        } while(0)
-# ifdef OPENSSL_NO_DEPRECATED
-#  define BN_zero(a)      BN_zero_ex(a)
-# else
-#  define BN_zero(a)      (BN_set_word((a),0))
-# endif
-
-const BIGNUM *BN_value_one(void);
-char *BN_options(void);
-BN_CTX *BN_CTX_new(void);
-# ifndef OPENSSL_NO_DEPRECATED
-void BN_CTX_init(BN_CTX *c);
-# endif
-void BN_CTX_free(BN_CTX *c);
-void BN_CTX_start(BN_CTX *ctx);
-BIGNUM *BN_CTX_get(BN_CTX *ctx);
-void BN_CTX_end(BN_CTX *ctx);
-int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
-int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
-int BN_rand_range(BIGNUM *rnd, const BIGNUM *range);
-int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range);
-int BN_num_bits(const BIGNUM *a);
-int BN_num_bits_word(BN_ULONG);
-BIGNUM *BN_new(void);
-void BN_init(BIGNUM *);
-void BN_clear_free(BIGNUM *a);
-BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
-void BN_swap(BIGNUM *a, BIGNUM *b);
-BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
-int BN_bn2bin(const BIGNUM *a, unsigned char *to);
-BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret);
-int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
-int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
-int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
-int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
-int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
-int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
-int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx);
-/** BN_set_negative sets sign of a BIGNUM
- * \param  b  pointer to the BIGNUM object
- * \param  n  0 if the BIGNUM b should be positive and a value != 0 otherwise
- */
-void BN_set_negative(BIGNUM *b, int n);
-/** BN_is_negative returns 1 if the BIGNUM is negative
- * \param  a  pointer to the BIGNUM object
- * \return 1 if a < 0 and 0 otherwise
- */
-# define BN_is_negative(a) ((a)->neg != 0)
-
-int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
-           BN_CTX *ctx);
-# define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx))
-int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx);
-int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
-               BN_CTX *ctx);
-int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-                     const BIGNUM *m);
-int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
-               BN_CTX *ctx);
-int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-                     const BIGNUM *m);
-int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
-               BN_CTX *ctx);
-int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
-int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
-int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m);
-int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m,
-                  BN_CTX *ctx);
-int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m);
-
-BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w);
-BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w);
-int BN_mul_word(BIGNUM *a, BN_ULONG w);
-int BN_add_word(BIGNUM *a, BN_ULONG w);
-int BN_sub_word(BIGNUM *a, BN_ULONG w);
-int BN_set_word(BIGNUM *a, BN_ULONG w);
-BN_ULONG BN_get_word(const BIGNUM *a);
-
-int BN_cmp(const BIGNUM *a, const BIGNUM *b);
-void BN_free(BIGNUM *a);
-int BN_is_bit_set(const BIGNUM *a, int n);
-int BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
-int BN_lshift1(BIGNUM *r, const BIGNUM *a);
-int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
-
-int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-               const BIGNUM *m, BN_CTX *ctx);
-int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
-                              const BIGNUM *m, BN_CTX *ctx,
-                              BN_MONT_CTX *in_mont);
-int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p,
-                         const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1,
-                     const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m,
-                     BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                      const BIGNUM *m, BN_CTX *ctx);
-
-int BN_mask_bits(BIGNUM *a, int n);
-# ifndef OPENSSL_NO_FP_API
-int BN_print_fp(FILE *fp, const BIGNUM *a);
-# endif
-# ifdef HEADER_BIO_H
-int BN_print(BIO *fp, const BIGNUM *a);
-# else
-int BN_print(void *fp, const BIGNUM *a);
-# endif
-int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx);
-int BN_rshift(BIGNUM *r, const BIGNUM *a, int n);
-int BN_rshift1(BIGNUM *r, const BIGNUM *a);
-void BN_clear(BIGNUM *a);
-BIGNUM *BN_dup(const BIGNUM *a);
-int BN_ucmp(const BIGNUM *a, const BIGNUM *b);
-int BN_set_bit(BIGNUM *a, int n);
-int BN_clear_bit(BIGNUM *a, int n);
-char *BN_bn2hex(const BIGNUM *a);
-char *BN_bn2dec(const BIGNUM *a);
-int BN_hex2bn(BIGNUM **a, const char *str);
-int BN_dec2bn(BIGNUM **a, const char *str);
-int BN_asc2bn(BIGNUM **a, const char *str);
-int BN_gcd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
-int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); /* returns
-                                                                  * -2 for
-                                                                  * error */
-BIGNUM *BN_mod_inverse(BIGNUM *ret,
-                       const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx);
-BIGNUM *BN_mod_sqrt(BIGNUM *ret,
-                    const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx);
-
-void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords);
-
-/* Deprecated versions */
-# ifndef OPENSSL_NO_DEPRECATED
-BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
-                          const BIGNUM *add, const BIGNUM *rem,
-                          void (*callback) (int, int, void *), void *cb_arg);
-int BN_is_prime(const BIGNUM *p, int nchecks,
-                void (*callback) (int, int, void *),
-                BN_CTX *ctx, void *cb_arg);
-int BN_is_prime_fasttest(const BIGNUM *p, int nchecks,
-                         void (*callback) (int, int, void *), BN_CTX *ctx,
-                         void *cb_arg, int do_trial_division);
-# endif                         /* !defined(OPENSSL_NO_DEPRECATED) */
-
-/* Newer versions */
-int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add,
-                         const BIGNUM *rem, BN_GENCB *cb);
-int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb);
-int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx,
-                            int do_trial_division, BN_GENCB *cb);
-
-int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx);
-
-int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
-                            const BIGNUM *Xp, const BIGNUM *Xp1,
-                            const BIGNUM *Xp2, const BIGNUM *e, BN_CTX *ctx,
-                            BN_GENCB *cb);
-int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, BIGNUM *Xp1,
-                              BIGNUM *Xp2, const BIGNUM *Xp, const BIGNUM *e,
-                              BN_CTX *ctx, BN_GENCB *cb);
-
-BN_MONT_CTX *BN_MONT_CTX_new(void);
-void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
-int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-                          BN_MONT_CTX *mont, BN_CTX *ctx);
-# define BN_to_montgomery(r,a,mont,ctx)  BN_mod_mul_montgomery(\
-        (r),(a),&((mont)->RR),(mont),(ctx))
-int BN_from_montgomery(BIGNUM *r, const BIGNUM *a,
-                       BN_MONT_CTX *mont, BN_CTX *ctx);
-void BN_MONT_CTX_free(BN_MONT_CTX *mont);
-int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx);
-BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from);
-BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
-                                    const BIGNUM *mod, BN_CTX *ctx);
-
-/* BN_BLINDING flags */
-# define BN_BLINDING_NO_UPDATE   0x00000001
-# define BN_BLINDING_NO_RECREATE 0x00000002
-
-BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod);
-void BN_BLINDING_free(BN_BLINDING *b);
-int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx);
-int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
-int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
-int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *);
-int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b,
-                          BN_CTX *);
-# ifndef OPENSSL_NO_DEPRECATED
-unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *);
-void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long);
-# endif
-CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *);
-unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
-void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
-BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
-                                      const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
-                                      int (*bn_mod_exp) (BIGNUM *r,
-                                                         const BIGNUM *a,
-                                                         const BIGNUM *p,
-                                                         const BIGNUM *m,
-                                                         BN_CTX *ctx,
-                                                         BN_MONT_CTX *m_ctx),
-                                      BN_MONT_CTX *m_ctx);
-
-# ifndef OPENSSL_NO_DEPRECATED
-void BN_set_params(int mul, int high, int low, int mont);
-int BN_get_params(int which);   /* 0, mul, 1 high, 2 low, 3 mont */
-# endif
-
-void BN_RECP_CTX_init(BN_RECP_CTX *recp);
-BN_RECP_CTX *BN_RECP_CTX_new(void);
-void BN_RECP_CTX_free(BN_RECP_CTX *recp);
-int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *rdiv, BN_CTX *ctx);
-int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
-                          BN_RECP_CTX *recp, BN_CTX *ctx);
-int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                    const BIGNUM *m, BN_CTX *ctx);
-int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
-                BN_RECP_CTX *recp, BN_CTX *ctx);
-
-# ifndef OPENSSL_NO_EC2M
-
-/*
- * Functions for arithmetic over binary polynomials represented by BIGNUMs.
- * The BIGNUM::neg property of BIGNUMs representing binary polynomials is
- * ignored. Note that input arguments are not const so that their bit arrays
- * can be expanded to the appropriate size if needed.
- */
-
-/*
- * r = a + b
- */
-int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
-#  define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b)
-/*
- * r=a mod p
- */
-int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p);
-/* r = (a * b) mod p */
-int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-                    const BIGNUM *p, BN_CTX *ctx);
-/* r = (a * a) mod p */
-int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
-/* r = (1 / b) mod p */
-int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx);
-/* r = (a / b) mod p */
-int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-                    const BIGNUM *p, BN_CTX *ctx);
-/* r = (a ^ b) mod p */
-int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-                    const BIGNUM *p, BN_CTX *ctx);
-/* r = sqrt(a) mod p */
-int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                     BN_CTX *ctx);
-/* r^2 + r = a mod p */
-int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                           BN_CTX *ctx);
-#  define BN_GF2m_cmp(a, b) BN_ucmp((a), (b))
-/*-
- * Some functions allow for representation of the irreducible polynomials
- * as an unsigned int[], say p.  The irreducible f(t) is then of the form:
- *     t^p[0] + t^p[1] + ... + t^p[k]
- * where m = p[0] > p[1] > ... > p[k] = 0.
- */
-/* r = a mod p */
-int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]);
-/* r = (a * b) mod p */
-int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-                        const int p[], BN_CTX *ctx);
-/* r = (a * a) mod p */
-int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[],
-                        BN_CTX *ctx);
-/* r = (1 / b) mod p */
-int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const int p[],
-                        BN_CTX *ctx);
-/* r = (a / b) mod p */
-int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-                        const int p[], BN_CTX *ctx);
-/* r = (a ^ b) mod p */
-int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-                        const int p[], BN_CTX *ctx);
-/* r = sqrt(a) mod p */
-int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a,
-                         const int p[], BN_CTX *ctx);
-/* r^2 + r = a mod p */
-int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a,
-                               const int p[], BN_CTX *ctx);
-int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max);
-int BN_GF2m_arr2poly(const int p[], BIGNUM *a);
-
-# endif
-
-/*
- * faster mod functions for the 'NIST primes' 0 <= a < p^2
- */
-int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
-int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
-int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
-int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
-int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
-
-const BIGNUM *BN_get0_nist_prime_192(void);
-const BIGNUM *BN_get0_nist_prime_224(void);
-const BIGNUM *BN_get0_nist_prime_256(void);
-const BIGNUM *BN_get0_nist_prime_384(void);
-const BIGNUM *BN_get0_nist_prime_521(void);
-
-/* library internal functions */
-
-# define bn_expand(a,bits) \
-    ( \
-        bits > (INT_MAX - BN_BITS2 + 1) ? \
-            NULL \
-        : \
-            (((bits+BN_BITS2-1)/BN_BITS2) <= (a)->dmax) ? \
-                (a) \
-            : \
-                bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2) \
-    )
-
-# define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words)))
-BIGNUM *bn_expand2(BIGNUM *a, int words);
-# ifndef OPENSSL_NO_DEPRECATED
-BIGNUM *bn_dup_expand(const BIGNUM *a, int words); /* unused */
-# endif
-
-/*-
- * Bignum consistency macros
- * There is one "API" macro, bn_fix_top(), for stripping leading zeroes from
- * bignum data after direct manipulations on the data. There is also an
- * "internal" macro, bn_check_top(), for verifying that there are no leading
- * zeroes. Unfortunately, some auditing is required due to the fact that
- * bn_fix_top() has become an overabused duct-tape because bignum data is
- * occasionally passed around in an inconsistent state. So the following
- * changes have been made to sort this out;
- * - bn_fix_top()s implementation has been moved to bn_correct_top()
- * - if BN_DEBUG isn't defined, bn_fix_top() maps to bn_correct_top(), and
- *   bn_check_top() is as before.
- * - if BN_DEBUG *is* defined;
- *   - bn_check_top() tries to pollute unused words even if the bignum 'top' is
- *     consistent. (ed: only if BN_DEBUG_RAND is defined)
- *   - bn_fix_top() maps to bn_check_top() rather than "fixing" anything.
- * The idea is to have debug builds flag up inconsistent bignums when they
- * occur. If that occurs in a bn_fix_top(), we examine the code in question; if
- * the use of bn_fix_top() was appropriate (ie. it follows directly after code
- * that manipulates the bignum) it is converted to bn_correct_top(), and if it
- * was not appropriate, we convert it permanently to bn_check_top() and track
- * down the cause of the bug. Eventually, no internal code should be using the
- * bn_fix_top() macro. External applications and libraries should try this with
- * their own code too, both in terms of building against the openssl headers
- * with BN_DEBUG defined *and* linking with a version of OpenSSL built with it
- * defined. This not only improves external code, it provides more test
- * coverage for openssl's own code.
- */
-
-# ifdef BN_DEBUG
-
-/* We only need assert() when debugging */
-#  include <assert.h>
-
-/*
- * The new BN_FLG_FIXED_TOP flag marks vectors that were not treated with
- * bn_correct_top, in other words such vectors are permitted to have zeros
- * in most significant limbs. Such vectors are used internally to achieve
- * execution time invariance for critical operations with private keys.
- * It's BN_DEBUG-only flag, because user application is not supposed to
- * observe it anyway. Moreover, optimizing compiler would actually remove
- * all operations manipulating the bit in question in non-BN_DEBUG build.
- */
-#  define BN_FLG_FIXED_TOP 0x10000
-#  ifdef BN_DEBUG_RAND
-/* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */
-#   ifndef RAND_pseudo_bytes
-int RAND_pseudo_bytes(unsigned char *buf, int num);
-#    define BN_DEBUG_TRIX
-#   endif
-#   define bn_pollute(a) \
-        do { \
-                const BIGNUM *_bnum1 = (a); \
-                if(_bnum1->top < _bnum1->dmax) { \
-                        unsigned char _tmp_char; \
-                        /* We cast away const without the compiler knowing, any \
-                         * *genuinely* constant variables that aren't mutable \
-                         * wouldn't be constructed with top!=dmax. */ \
-                        BN_ULONG *_not_const; \
-                        memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \
-                        /* Debug only - safe to ignore error return */ \
-                        RAND_pseudo_bytes(&_tmp_char, 1); \
-                        memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \
-                                (_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \
-                } \
-        } while(0)
-#   ifdef BN_DEBUG_TRIX
-#    undef RAND_pseudo_bytes
-#   endif
-#  else
-#   define bn_pollute(a)
-#  endif
-#  define bn_check_top(a) \
-        do { \
-                const BIGNUM *_bnum2 = (a); \
-                if (_bnum2 != NULL) { \
-                        int _top = _bnum2->top; \
-                        assert((_top == 0) || \
-                               (_bnum2->flags & BN_FLG_FIXED_TOP) || \
-                               (_bnum2->d[_top - 1] != 0)); \
-                        bn_pollute(_bnum2); \
-                } \
-        } while(0)
-
-#  define bn_fix_top(a)           bn_check_top(a)
-
-#  define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2)
-#  define bn_wcheck_size(bn, words) \
-        do { \
-                const BIGNUM *_bnum2 = (bn); \
-                assert((words) <= (_bnum2)->dmax && (words) >= (_bnum2)->top); \
-                /* avoid unused variable warning with NDEBUG */ \
-                (void)(_bnum2); \
-        } while(0)
-
-# else                          /* !BN_DEBUG */
-
-#  define BN_FLG_FIXED_TOP 0
-#  define bn_pollute(a)
-#  define bn_check_top(a)
-#  define bn_fix_top(a)           bn_correct_top(a)
-#  define bn_check_size(bn, bits)
-#  define bn_wcheck_size(bn, words)
-
-# endif
-
-# define bn_correct_top(a) \
-        { \
-        BN_ULONG *ftl; \
-        int tmp_top = (a)->top; \
-        if (tmp_top > 0) \
-                { \
-                for (ftl= &((a)->d[tmp_top-1]); tmp_top > 0; tmp_top--) \
-                        if (*(ftl--)) break; \
-                (a)->top = tmp_top; \
-                } \
-        if ((a)->top == 0) \
-            (a)->neg = 0; \
-        bn_pollute(a); \
-        }
-
-BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num,
-                          BN_ULONG w);
-BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
-void bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num);
-BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
-BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
-                      int num);
-BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
-                      int num);
-
-/* Primes from RFC 2409 */
-BIGNUM *get_rfc2409_prime_768(BIGNUM *bn);
-BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn);
-
-/* Primes from RFC 3526 */
-BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn);
-BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn);
-BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn);
-BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn);
-BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn);
-BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn);
-
-int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom);
-
-/* BEGIN ERROR CODES */
-/*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_BN_strings(void);
-
-/* Error codes for the BN functions. */
-
-/* Function codes. */
-# define BN_F_BNRAND                                      127
-# define BN_F_BN_BLINDING_CONVERT_EX                      100
-# define BN_F_BN_BLINDING_CREATE_PARAM                    128
-# define BN_F_BN_BLINDING_INVERT_EX                       101
-# define BN_F_BN_BLINDING_NEW                             102
-# define BN_F_BN_BLINDING_UPDATE                          103
-# define BN_F_BN_BN2DEC                                   104
-# define BN_F_BN_BN2HEX                                   105
-# define BN_F_BN_CTX_GET                                  116
-# define BN_F_BN_CTX_NEW                                  106
-# define BN_F_BN_CTX_START                                129
-# define BN_F_BN_DIV                                      107
-# define BN_F_BN_DIV_NO_BRANCH                            138
-# define BN_F_BN_DIV_RECP                                 130
-# define BN_F_BN_EXP                                      123
-# define BN_F_BN_EXPAND2                                  108
-# define BN_F_BN_EXPAND_INTERNAL                          120
-# define BN_F_BN_GF2M_MOD                                 131
-# define BN_F_BN_GF2M_MOD_EXP                             132
-# define BN_F_BN_GF2M_MOD_MUL                             133
-# define BN_F_BN_GF2M_MOD_SOLVE_QUAD                      134
-# define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR                  135
-# define BN_F_BN_GF2M_MOD_SQR                             136
-# define BN_F_BN_GF2M_MOD_SQRT                            137
-# define BN_F_BN_LSHIFT                                   145
-# define BN_F_BN_MOD_EXP2_MONT                            118
-# define BN_F_BN_MOD_EXP_MONT                             109
-# define BN_F_BN_MOD_EXP_MONT_CONSTTIME                   124
-# define BN_F_BN_MOD_EXP_MONT_WORD                        117
-# define BN_F_BN_MOD_EXP_RECP                             125
-# define BN_F_BN_MOD_EXP_SIMPLE                           126
-# define BN_F_BN_MOD_INVERSE                              110
-# define BN_F_BN_MOD_INVERSE_NO_BRANCH                    139
-# define BN_F_BN_MOD_LSHIFT_QUICK                         119
-# define BN_F_BN_MOD_MUL_RECIPROCAL                       111
-# define BN_F_BN_MOD_SQRT                                 121
-# define BN_F_BN_MPI2BN                                   112
-# define BN_F_BN_NEW                                      113
-# define BN_F_BN_RAND                                     114
-# define BN_F_BN_RAND_RANGE                               122
-# define BN_F_BN_RSHIFT                                   146
-# define BN_F_BN_USUB                                     115
-
-/* Reason codes. */
-# define BN_R_ARG2_LT_ARG3                                100
-# define BN_R_BAD_RECIPROCAL                              101
-# define BN_R_BIGNUM_TOO_LONG                             114
-# define BN_R_BITS_TOO_SMALL                              118
-# define BN_R_CALLED_WITH_EVEN_MODULUS                    102
-# define BN_R_DIV_BY_ZERO                                 103
-# define BN_R_ENCODING_ERROR                              104
-# define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA                105
-# define BN_R_INPUT_NOT_REDUCED                           110
-# define BN_R_INVALID_LENGTH                              106
-# define BN_R_INVALID_RANGE                               115
-# define BN_R_INVALID_SHIFT                               119
-# define BN_R_NOT_A_SQUARE                                111
-# define BN_R_NOT_INITIALIZED                             107
-# define BN_R_NO_INVERSE                                  108
-# define BN_R_NO_SOLUTION                                 116
-# define BN_R_P_IS_NOT_PRIME                              112
-# define BN_R_TOO_MANY_ITERATIONS                         113
-# define BN_R_TOO_MANY_TEMPORARY_VARIABLES                109
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/freebsd/crypto/openssl/crypto/bn/bn_add.c b/freebsd/crypto/openssl/crypto/bn/bn_add.c
index 79c491c7..1d5e2f2e 100644
--- a/freebsd/crypto/openssl/crypto/bn/bn_add.c
+++ b/freebsd/crypto/openssl/crypto/bn/bn_add.c
@@ -1,121 +1,92 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/bn/bn_add.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include "bn_lcl.h"
 
-/* r can == a or b */
+/* signed add of b to a. */
 int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
 {
-    const BIGNUM *tmp;
-    int a_neg = a->neg, ret;
+    int ret, r_neg, cmp_res;
 
     bn_check_top(a);
     bn_check_top(b);
 
-    /*-
-     *  a +  b      a+b
-     *  a + -b      a-b
-     * -a +  b      b-a
-     * -a + -b      -(a+b)
-     */
-    if (a_neg ^ b->neg) {
-        /* only one is negative */
-        if (a_neg) {
-            tmp = a;
-            a = b;
-            b = tmp;
+    if (a->neg == b->neg) {
+        r_neg = a->neg;
+        ret = BN_uadd(r, a, b);
+    } else {
+        cmp_res = BN_ucmp(a, b);
+        if (cmp_res > 0) {
+            r_neg = a->neg;
+            ret = BN_usub(r, a, b);
+        } else if (cmp_res < 0) {
+            r_neg = b->neg;
+            ret = BN_usub(r, b, a);
+        } else {
+            r_neg = 0;
+            BN_zero(r);
+            ret = 1;
         }
+    }
 
-        /* we are now a - b */
+    r->neg = r_neg;
+    bn_check_top(r);
+    return ret;
+}
 
-        if (BN_ucmp(a, b) < 0) {
-            if (!BN_usub(r, b, a))
-                return (0);
-            r->neg = 1;
+/* signed sub of b from a. */
+int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+{
+    int ret, r_neg, cmp_res;
+
+    bn_check_top(a);
+    bn_check_top(b);
+
+    if (a->neg != b->neg) {
+        r_neg = a->neg;
+        ret = BN_uadd(r, a, b);
+    } else {
+        cmp_res = BN_ucmp(a, b);
+        if (cmp_res > 0) {
+            r_neg = a->neg;
+            ret = BN_usub(r, a, b);
+        } else if (cmp_res < 0) {
+            r_neg = !b->neg;
+            ret = BN_usub(r, b, a);
         } else {
-            if (!BN_usub(r, a, b))
-                return (0);
-            r->neg = 0;
+            r_neg = 0;
+            BN_zero(r);
+            ret = 1;
         }
-        return (1);
     }
 
-    ret = BN_uadd(r, a, b);
-    r->neg = a_neg;
+    r->neg = r_neg;
     bn_check_top(r);
     return ret;
 }
 
-/* unsigned add of b to a */
+/* unsigned add of b to a, r can be equal to a or b. */
 int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
 {
     int max, min, dif;
-    BN_ULONG *ap, *bp, *rp, carry, t1, t2;
-    const BIGNUM *tmp;
+    const BN_ULONG *ap, *bp;
+    BN_ULONG *rp, carry, t1, t2;
 
     bn_check_top(a);
     bn_check_top(b);
 
     if (a->top < b->top) {
+        const BIGNUM *tmp;
+
         tmp = a;
         a = b;
         b = tmp;
@@ -136,29 +107,17 @@ int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
     carry = bn_add_words(rp, ap, bp, min);
     rp += min;
     ap += min;
-    bp += min;
-
-    if (carry) {
-        while (dif) {
-            dif--;
-            t1 = *(ap++);
-            t2 = (t1 + 1) & BN_MASK2;
-            *(rp++) = t2;
-            if (t2) {
-                carry = 0;
-                break;
-            }
-        }
-        if (carry) {
-            /* carry != 0 => dif == 0 */
-            *rp = 1;
-            r->top++;
-        }
+
+    while (dif) {
+        dif--;
+        t1 = *(ap++);
+        t2 = (t1 + carry) & BN_MASK2;
+        *(rp++) = t2;
+        carry &= (t2 == 0);
     }
-    if (dif && rp != ap)
-        while (dif--)
-            /* copy remaining words if ap != rp */
-            *(rp++) = *(ap++);
+    *rp = carry;
+    r->top += carry;
+
     r->neg = 0;
     bn_check_top(r);
     return 1;
@@ -168,11 +127,8 @@ int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
 int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
 {
     int max, min, dif;
-    register BN_ULONG t1, t2, *ap, *bp, *rp;
-    int i, carry;
-#if defined(IRIX_CC_BUG) && !defined(LINT)
-    int dummy;
-#endif
+    BN_ULONG t1, t2, borrow, *rp;
+    const BN_ULONG *ap, *bp;
 
     bn_check_top(a);
     bn_check_top(b);
@@ -183,133 +139,35 @@ int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
 
     if (dif < 0) {              /* hmm... should not be happening */
         BNerr(BN_F_BN_USUB, BN_R_ARG2_LT_ARG3);
-        return (0);
+        return 0;
     }
 
     if (bn_wexpand(r, max) == NULL)
-        return (0);
+        return 0;
 
     ap = a->d;
     bp = b->d;
     rp = r->d;
 
-#if 1
-    carry = 0;
-    for (i = min; i != 0; i--) {
-        t1 = *(ap++);
-        t2 = *(bp++);
-        if (carry) {
-            carry = (t1 <= t2);
-            t1 = (t1 - t2 - 1) & BN_MASK2;
-        } else {
-            carry = (t1 < t2);
-            t1 = (t1 - t2) & BN_MASK2;
-        }
-# if defined(IRIX_CC_BUG) && !defined(LINT)
-        dummy = t1;
-# endif
-        *(rp++) = t1 & BN_MASK2;
-    }
-#else
-    carry = bn_sub_words(rp, ap, bp, min);
+    borrow = bn_sub_words(rp, ap, bp, min);
     ap += min;
-    bp += min;
     rp += min;
-#endif
-    if (carry) {                /* subtracted */
-        if (!dif)
-            /* error: a < b */
-            return 0;
-        while (dif) {
-            dif--;
-            t1 = *(ap++);
-            t2 = (t1 - 1) & BN_MASK2;
-            *(rp++) = t2;
-            if (t1)
-                break;
-        }
-    }
-#if 0
-    memcpy(rp, ap, sizeof(*rp) * (max - i));
-#else
-    if (rp != ap) {
-        for (;;) {
-            if (!dif--)
-                break;
-            rp[0] = ap[0];
-            if (!dif--)
-                break;
-            rp[1] = ap[1];
-            if (!dif--)
-                break;
-            rp[2] = ap[2];
-            if (!dif--)
-                break;
-            rp[3] = ap[3];
-            rp += 4;
-            ap += 4;
-        }
-    }
-#endif
-
-    r->top = max;
-    r->neg = 0;
-    bn_correct_top(r);
-    return (1);
-}
-
-int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
-{
-    int max;
-    int add = 0, neg = 0;
-    const BIGNUM *tmp;
-
-    bn_check_top(a);
-    bn_check_top(b);
 
-    /*-
-     *  a -  b      a-b
-     *  a - -b      a+b
-     * -a -  b      -(a+b)
-     * -a - -b      b-a
-     */
-    if (a->neg) {
-        if (b->neg) {
-            tmp = a;
-            a = b;
-            b = tmp;
-        } else {
-            add = 1;
-            neg = 1;
-        }
-    } else {
-        if (b->neg) {
-            add = 1;
-            neg = 0;
-        }
+    while (dif) {
+        dif--;
+        t1 = *(ap++);
+        t2 = (t1 - borrow) & BN_MASK2;
+        *(rp++) = t2;
+        borrow &= (t1 == 0);
     }
 
-    if (add) {
-        if (!BN_uadd(r, a, b))
-            return (0);
-        r->neg = neg;
-        return (1);
-    }
+    while (max && *--rp == 0)
+        max--;
 
-    /* We are actually doing a - b :-) */
+    r->top = max;
+    r->neg = 0;
+    bn_pollute(r);
 
-    max = (a->top > b->top) ? a->top : b->top;
-    if (bn_wexpand(r, max) == NULL)
-        return (0);
-    if (BN_ucmp(a, b) < 0) {
-        if (!BN_usub(r, b, a))
-            return (0);
-        r->neg = 1;
-    } else {
-        if (!BN_usub(r, a, b))
-            return (0);
-        r->neg = 0;
-    }
-    bn_check_top(r);
-    return (1);
+    return 1;
 }
+
diff --git a/freebsd/crypto/openssl/crypto/bn/bn_asm.c b/freebsd/crypto/openssl/crypto/bn/bn_asm.c
index d82b1e76..bfefb8a8 100644
--- a/freebsd/crypto/openssl/crypto/bn/bn_asm.c
+++ b/freebsd/crypto/openssl/crypto/bn/bn_asm.c
@@ -1,71 +1,17 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/bn/bn_asm.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#ifndef BN_DEBUG
-# undef NDEBUG                  /* avoid conflicting definitions */
-# define NDEBUG
-#endif
-
-#include <stdio.h>
 #include <assert.h>
-#include "cryptlib.h"
+#include <openssl/crypto.h>
+#include "internal/cryptlib.h"
 #include "bn_lcl.h"
 
 #if defined(BN_LLONG) || defined(BN_UMULT_HIGH)
@@ -77,7 +23,7 @@ BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num,
 
     assert(num >= 0);
     if (num <= 0)
-        return (c1);
+        return c1;
 
 # ifndef OPENSSL_SMALL_FOOTPRINT
     while (num & ~3) {
@@ -97,7 +43,7 @@ BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num,
         num--;
     }
 
-    return (c1);
+    return c1;
 }
 
 BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
@@ -106,7 +52,7 @@ BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
 
     assert(num >= 0);
     if (num <= 0)
-        return (c1);
+        return c1;
 
 # ifndef OPENSSL_SMALL_FOOTPRINT
     while (num & ~3) {
@@ -125,7 +71,7 @@ BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
         rp++;
         num--;
     }
-    return (c1);
+    return c1;
 }
 
 void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
@@ -164,7 +110,7 @@ BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num,
 
     assert(num >= 0);
     if (num <= 0)
-        return ((BN_ULONG)0);
+        return (BN_ULONG)0;
 
     bl = LBITS(w);
     bh = HBITS(w);
@@ -186,7 +132,7 @@ BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num,
         rp++;
         num--;
     }
-    return (c);
+    return c;
 }
 
 BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
@@ -196,7 +142,7 @@ BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
 
     assert(num >= 0);
     if (num <= 0)
-        return ((BN_ULONG)0);
+        return (BN_ULONG)0;
 
     bl = LBITS(w);
     bh = HBITS(w);
@@ -218,7 +164,7 @@ BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
         rp++;
         num--;
     }
-    return (carry);
+    return carry;
 }
 
 void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
@@ -266,7 +212,7 @@ BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
     int i, count = 2;
 
     if (d == 0)
-        return (BN_MASK2);
+        return BN_MASK2;
 
     i = BN_num_bits_word(d);
     assert((i == BN_BITS2) || (h <= (BN_ULONG)1 << i));
@@ -320,7 +266,7 @@ BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
         l = (l & BN_MASK2l) << BN_BITS4;
     }
     ret |= q;
-    return (ret);
+    return ret;
 }
 #endif                          /* !defined(BN_LLONG) && defined(BN_DIV2W) */
 
@@ -332,7 +278,7 @@ BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
 
     assert(n >= 0);
     if (n <= 0)
-        return ((BN_ULONG)0);
+        return (BN_ULONG)0;
 
 # ifndef OPENSSL_SMALL_FOOTPRINT
     while (n & ~3) {
@@ -363,7 +309,7 @@ BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
         r++;
         n--;
     }
-    return ((BN_ULONG)ll);
+    return (BN_ULONG)ll;
 }
 #else                           /* !BN_LLONG */
 BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
@@ -373,7 +319,7 @@ BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
 
     assert(n >= 0);
     if (n <= 0)
-        return ((BN_ULONG)0);
+        return (BN_ULONG)0;
 
     c = 0;
 # ifndef OPENSSL_SMALL_FOOTPRINT
@@ -420,7 +366,7 @@ BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
         r++;
         n--;
     }
-    return ((BN_ULONG)c);
+    return (BN_ULONG)c;
 }
 #endif                          /* !BN_LLONG */
 
@@ -432,7 +378,7 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
 
     assert(n >= 0);
     if (n <= 0)
-        return ((BN_ULONG)0);
+        return (BN_ULONG)0;
 
 #ifndef OPENSSL_SMALL_FOOTPRINT
     while (n & ~3) {
@@ -473,7 +419,7 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
         r++;
         n--;
     }
-    return (c);
+    return c;
 }
 
 #if defined(BN_MUL_COMBA) && !defined(OPENSSL_SMALL_FOOTPRINT)
@@ -1007,13 +953,13 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
 
 /* hmm... is it faster just to do a multiply? */
 # undef bn_sqr_comba4
+# undef bn_sqr_comba8
 void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a)
 {
     BN_ULONG t[8];
     bn_sqr_normal(r, a, 4, t);
 }
 
-# undef bn_sqr_comba8
 void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a)
 {
     BN_ULONG t[16];
diff --git a/freebsd/crypto/openssl/crypto/bn/bn_blind.c b/freebsd/crypto/openssl/crypto/bn/bn_blind.c
index c3c62ae4..59789ae1 100644
--- a/freebsd/crypto/openssl/crypto/bn/bn_blind.c
+++ b/freebsd/crypto/openssl/crypto/bn/bn_blind.c
@@ -1,118 +1,16 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/bn/bn_blind.c */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
-#include "cryptlib.h"
+#include <openssl/opensslconf.h>
+#include "internal/cryptlib.h"
 #include "bn_lcl.h"
 
 #define BN_BLINDING_COUNTER     32
@@ -122,16 +20,13 @@ struct bn_blinding_st {
     BIGNUM *Ai;
     BIGNUM *e;
     BIGNUM *mod;                /* just a reference */
-#ifndef OPENSSL_NO_DEPRECATED
-    unsigned long thread_id;    /* added in OpenSSL 0.9.6j and 0.9.7b; used
-                                 * only by crypto/rsa/rsa_eay.c, rsa_lib.c */
-#endif
-    CRYPTO_THREADID tid;
+    CRYPTO_THREAD_ID tid;
     int counter;
     unsigned long flags;
     BN_MONT_CTX *m_ctx;
     int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                        const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+    CRYPTO_RWLOCK *lock;
 };
 
 BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod)
@@ -140,15 +35,25 @@ BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod)
 
     bn_check_top(mod);
 
-    if ((ret = (BN_BLINDING *)OPENSSL_malloc(sizeof(BN_BLINDING))) == NULL) {
+    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) {
         BNerr(BN_F_BN_BLINDING_NEW, ERR_R_MALLOC_FAILURE);
-        return (NULL);
+        return NULL;
     }
-    memset(ret, 0, sizeof(BN_BLINDING));
+
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        BNerr(BN_F_BN_BLINDING_NEW, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+
+    BN_BLINDING_set_current_thread(ret);
+
     if (A != NULL) {
         if ((ret->A = BN_dup(A)) == NULL)
             goto err;
     }
+
     if (Ai != NULL) {
         if ((ret->Ai = BN_dup(Ai)) == NULL)
             goto err;
@@ -157,6 +62,7 @@ BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod)
     /* save a copy of mod in the BN_BLINDING structure */
     if ((ret->mod = BN_dup(mod)) == NULL)
         goto err;
+
     if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
         BN_set_flags(ret->mod, BN_FLG_CONSTTIME);
 
@@ -166,27 +72,23 @@ BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod)
      * use.
      */
     ret->counter = -1;
-    CRYPTO_THREADID_current(&ret->tid);
-    return (ret);
+
+    return ret;
+
  err:
-    if (ret != NULL)
-        BN_BLINDING_free(ret);
-    return (NULL);
+    BN_BLINDING_free(ret);
+    return NULL;
 }
 
 void BN_BLINDING_free(BN_BLINDING *r)
 {
     if (r == NULL)
         return;
-
-    if (r->A != NULL)
-        BN_free(r->A);
-    if (r->Ai != NULL)
-        BN_free(r->Ai);
-    if (r->e != NULL)
-        BN_free(r->e);
-    if (r->mod != NULL)
-        BN_free(r->mod);
+    BN_free(r->A);
+    BN_free(r->Ai);
+    BN_free(r->e);
+    BN_free(r->mod);
+    CRYPTO_THREAD_lock_free(r->lock);
     OPENSSL_free(r);
 }
 
@@ -208,17 +110,22 @@ int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx)
         if (!BN_BLINDING_create_param(b, NULL, NULL, ctx, NULL, NULL))
             goto err;
     } else if (!(b->flags & BN_BLINDING_NO_UPDATE)) {
-        if (!BN_mod_mul(b->A, b->A, b->A, b->mod, ctx))
-            goto err;
-        if (!BN_mod_mul(b->Ai, b->Ai, b->Ai, b->mod, ctx))
-            goto err;
+        if (b->m_ctx != NULL) {
+            if (!bn_mul_mont_fixed_top(b->Ai, b->Ai, b->Ai, b->m_ctx, ctx)
+                || !bn_mul_mont_fixed_top(b->A, b->A, b->A, b->m_ctx, ctx))
+                goto err;
+        } else {
+            if (!BN_mod_mul(b->Ai, b->Ai, b->Ai, b->mod, ctx)
+                || !BN_mod_mul(b->A, b->A, b->A, b->mod, ctx))
+                goto err;
+        }
     }
 
     ret = 1;
  err:
     if (b->counter == BN_BLINDING_COUNTER)
         b->counter = 0;
-    return (ret);
+    return ret;
 }
 
 int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx)
@@ -234,22 +141,22 @@ int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx)
 
     if ((b->A == NULL) || (b->Ai == NULL)) {
         BNerr(BN_F_BN_BLINDING_CONVERT_EX, BN_R_NOT_INITIALIZED);
-        return (0);
+        return 0;
     }
 
     if (b->counter == -1)
         /* Fresh blinding, doesn't need updating. */
         b->counter = 0;
     else if (!BN_BLINDING_update(b, ctx))
-        return (0);
+        return 0;
 
-    if (r != NULL) {
-        if (!BN_copy(r, b->Ai))
-            ret = 0;
-    }
+    if (r != NULL && (BN_copy(r, b->Ai) == NULL))
+        return 0;
 
-    if (!BN_mod_mul(n, n, b->A, b->mod, ctx))
-        ret = 0;
+    if (b->m_ctx != NULL)
+        ret = BN_mod_mul_montgomery(n, n, b->A, b->m_ctx, ctx);
+    else
+        ret = BN_mod_mul(n, n, b->A, b->mod, ctx);
 
     return ret;
 }
@@ -266,35 +173,53 @@ int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b,
 
     bn_check_top(n);
 
-    if (r != NULL)
-        ret = BN_mod_mul(n, n, r, b->mod, ctx);
-    else {
-        if (b->Ai == NULL) {
-            BNerr(BN_F_BN_BLINDING_INVERT_EX, BN_R_NOT_INITIALIZED);
-            return (0);
+    if (r == NULL && (r = b->Ai) == NULL) {
+        BNerr(BN_F_BN_BLINDING_INVERT_EX, BN_R_NOT_INITIALIZED);
+        return 0;
+    }
+
+    if (b->m_ctx != NULL) {
+        /* ensure that BN_mod_mul_montgomery takes pre-defined path */
+        if (n->dmax >= r->top) {
+            size_t i, rtop = r->top, ntop = n->top;
+            BN_ULONG mask;
+
+            for (i = 0; i < rtop; i++) {
+                mask = (BN_ULONG)0 - ((i - ntop) >> (8 * sizeof(i) - 1));
+                n->d[i] &= mask;
+            }
+            mask = (BN_ULONG)0 - ((rtop - ntop) >> (8 * sizeof(ntop) - 1));
+            /* always true, if (rtop >= ntop) n->top = r->top; */
+            n->top = (int)(rtop & ~mask) | (ntop & mask);
+            n->flags |= (BN_FLG_FIXED_TOP & ~mask);
         }
-        ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx);
+        ret = BN_mod_mul_montgomery(n, n, r, b->m_ctx, ctx);
+    } else {
+        ret = BN_mod_mul(n, n, r, b->mod, ctx);
     }
 
     bn_check_top(n);
-    return (ret);
+    return ret;
+}
+
+int BN_BLINDING_is_current_thread(BN_BLINDING *b)
+{
+    return CRYPTO_THREAD_compare_id(CRYPTO_THREAD_get_current_id(), b->tid);
 }
 
-#ifndef OPENSSL_NO_DEPRECATED
-unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *b)
+void BN_BLINDING_set_current_thread(BN_BLINDING *b)
 {
-    return b->thread_id;
+    b->tid = CRYPTO_THREAD_get_current_id();
 }
 
-void BN_BLINDING_set_thread_id(BN_BLINDING *b, unsigned long n)
+int BN_BLINDING_lock(BN_BLINDING *b)
 {
-    b->thread_id = n;
+    return CRYPTO_THREAD_write_lock(b->lock);
 }
-#endif
 
-CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *b)
+int BN_BLINDING_unlock(BN_BLINDING *b)
 {
-    return &b->tid;
+    return CRYPTO_THREAD_unlock(b->lock);
 }
 
 unsigned long BN_BLINDING_get_flags(const BN_BLINDING *b)
@@ -334,8 +259,7 @@ BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
         goto err;
 
     if (e != NULL) {
-        if (ret->e != NULL)
-            BN_free(ret->e);
+        BN_free(ret->e);
         ret->e = BN_dup(e);
     }
     if (ret->e == NULL)
@@ -347,38 +271,41 @@ BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
         ret->m_ctx = m_ctx;
 
     do {
-        if (!BN_rand_range(ret->A, ret->mod))
+        int rv;
+        if (!BN_priv_rand_range(ret->A, ret->mod))
             goto err;
-        if (BN_mod_inverse(ret->Ai, ret->A, ret->mod, ctx) == NULL) {
-            /*
-             * this should almost never happen for good RSA keys
-             */
-            unsigned long error = ERR_peek_last_error();
-            if (ERR_GET_REASON(error) == BN_R_NO_INVERSE) {
-                if (retry_counter-- == 0) {
-                    BNerr(BN_F_BN_BLINDING_CREATE_PARAM,
-                          BN_R_TOO_MANY_ITERATIONS);
-                    goto err;
-                }
-                ERR_clear_error();
-            } else
-                goto err;
-        } else
+        if (int_bn_mod_inverse(ret->Ai, ret->A, ret->mod, ctx, &rv))
             break;
+
+        /*
+         * this should almost never happen for good RSA keys
+         */
+        if (!rv)
+            goto err;
+
+        if (retry_counter-- == 0) {
+            BNerr(BN_F_BN_BLINDING_CREATE_PARAM, BN_R_TOO_MANY_ITERATIONS);
+            goto err;
+        }
     } while (1);
 
     if (ret->bn_mod_exp != NULL && ret->m_ctx != NULL) {
-        if (!ret->bn_mod_exp
-            (ret->A, ret->A, ret->e, ret->mod, ctx, ret->m_ctx))
+        if (!ret->bn_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx, ret->m_ctx))
             goto err;
     } else {
         if (!BN_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx))
             goto err;
     }
 
+    if (ret->m_ctx != NULL) {
+        if (!bn_to_mont_fixed_top(ret->Ai, ret->Ai, ret->m_ctx, ctx)
+            || !bn_to_mont_fixed_top(ret->A, ret->A, ret->m_ctx, ctx))
+            goto err;
+    }
+
     return ret;
  err:
-    if (b == NULL && ret != NULL) {
+    if (b == NULL) {
         BN_BLINDING_free(ret);
         ret = NULL;
     }
diff --git a/freebsd/crypto/openssl/crypto/bn/bn_const.c b/freebsd/crypto/openssl/crypto/bn/bn_const.c
index 16395f50..d43a3f10 100644
--- a/freebsd/crypto/openssl/crypto/bn/bn_const.c
+++ b/freebsd/crypto/openssl/crypto/bn/bn_const.c
@@ -1,9 +1,15 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/bn/knownprimes.c */
-/* Insert boilerplate */
+/*
+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
 
-#include "bn.h"
+#include <openssl/bn.h>
 
 /*-
  * "First Oakley Default Group" from RFC2409, section 6.1.
@@ -14,7 +20,7 @@
  * RFC2412 specifies a generator of of 22.
  */
 
-BIGNUM *get_rfc2409_prime_768(BIGNUM *bn)
+BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn)
 {
     static const unsigned char RFC2409_PRIME_768[] = {
         0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
@@ -42,7 +48,7 @@ BIGNUM *get_rfc2409_prime_768(BIGNUM *bn)
  * RFC2412 specifies a generator of 22.
  */
 
-BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn)
+BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn)
 {
     static const unsigned char RFC2409_PRIME_1024[] = {
         0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
@@ -74,7 +80,7 @@ BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn)
  * RFC2312 specifies a generator of 22.
  */
 
-BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn)
+BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn)
 {
     static const unsigned char RFC3526_PRIME_1536[] = {
         0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
@@ -113,7 +119,7 @@ BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn)
  * RFC3526 specifies a generator of 2.
  */
 
-BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn)
+BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn)
 {
     static const unsigned char RFC3526_PRIME_2048[] = {
         0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
@@ -160,7 +166,7 @@ BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn)
  * RFC3526 specifies a generator of 2.
  */
 
-BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn)
+BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn)
 {
     static const unsigned char RFC3526_PRIME_3072[] = {
         0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
@@ -223,7 +229,7 @@ BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn)
  * RFC3526 specifies a generator of 2.
  */
 
-BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn)
+BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn)
 {
     static const unsigned char RFC3526_PRIME_4096[] = {
         0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
@@ -302,7 +308,7 @@ BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn)
  * RFC3526 specifies a generator of 2.
  */
 
-BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn)
+BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn)
 {
     static const unsigned char RFC3526_PRIME_6144[] = {
         0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
@@ -413,7 +419,7 @@ BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn)
  * RFC3526 specifies a generator of 2.
  */
 
-BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn)
+BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn)
 {
     static const unsigned char RFC3526_PRIME_8192[] = {
         0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
diff --git a/freebsd/crypto/openssl/crypto/bn/bn_ctx.c b/freebsd/crypto/openssl/crypto/bn/bn_ctx.c
index fc370fa9..f328793c 100644
--- a/freebsd/crypto/openssl/crypto/bn/bn_ctx.c
+++ b/freebsd/crypto/openssl/crypto/bn/bn_ctx.c
@@ -1,71 +1,15 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/bn/bn_ctx.c */
-/* Written by Ulf Moeller for the OpenSSL project. */
-/* ====================================================================
- * Copyright (c) 1998-2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#if !defined(BN_CTX_DEBUG) && !defined(BN_DEBUG)
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-
-#include <stdio.h>
-#include <assert.h>
-
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include "bn_lcl.h"
 
 /*-
@@ -106,10 +50,7 @@ typedef struct bignum_pool {
 } BN_POOL;
 static void BN_POOL_init(BN_POOL *);
 static void BN_POOL_finish(BN_POOL *);
-#ifndef OPENSSL_NO_DEPRECATED
-static void BN_POOL_reset(BN_POOL *);
-#endif
-static BIGNUM *BN_POOL_get(BN_POOL *);
+static BIGNUM *BN_POOL_get(BN_POOL *, int);
 static void BN_POOL_release(BN_POOL *, unsigned int);
 
 /************/
@@ -125,9 +66,6 @@ typedef struct bignum_ctx_stack {
 } BN_STACK;
 static void BN_STACK_init(BN_STACK *);
 static void BN_STACK_finish(BN_STACK *);
-#ifndef OPENSSL_NO_DEPRECATED
-static void BN_STACK_reset(BN_STACK *);
-#endif
 static int BN_STACK_push(BN_STACK *, unsigned int);
 static unsigned int BN_STACK_pop(BN_STACK *);
 
@@ -147,6 +85,8 @@ struct bignum_ctx {
     int err_stack;
     /* Block "gets" until an "end" (compatibility behaviour) */
     int too_many;
+    /* Flags. */
+    int flags;
 };
 
 /* Enable this to find BN_CTX bugs */
@@ -192,40 +132,27 @@ static void ctxdbg(BN_CTX *ctx)
 # define CTXDBG_RET(ctx,ret)
 #endif
 
-/*
- * This function is an evil legacy and should not be used. This
- * implementation is WYSIWYG, though I've done my best.
- */
-#ifndef OPENSSL_NO_DEPRECATED
-void BN_CTX_init(BN_CTX *ctx)
-{
-    /*
-     * Assume the caller obtained the context via BN_CTX_new() and so is
-     * trying to reset it for use. Nothing else makes sense, least of all
-     * binary compatibility from a time when they could declare a static
-     * variable.
-     */
-    BN_POOL_reset(&ctx->pool);
-    BN_STACK_reset(&ctx->stack);
-    ctx->used = 0;
-    ctx->err_stack = 0;
-    ctx->too_many = 0;
-}
-#endif
 
 BN_CTX *BN_CTX_new(void)
 {
-    BN_CTX *ret = OPENSSL_malloc(sizeof(BN_CTX));
-    if (!ret) {
+    BN_CTX *ret;
+
+    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) {
         BNerr(BN_F_BN_CTX_NEW, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
     /* Initialise the structure */
     BN_POOL_init(&ret->pool);
     BN_STACK_init(&ret->stack);
-    ret->used = 0;
-    ret->err_stack = 0;
-    ret->too_many = 0;
+    return ret;
+}
+
+BN_CTX *BN_CTX_secure_new(void)
+{
+    BN_CTX *ret = BN_CTX_new();
+
+    if (ret != NULL)
+        ret->flags = BN_FLG_SECURE;
     return ret;
 }
 
@@ -287,10 +214,11 @@ void BN_CTX_end(BN_CTX *ctx)
 BIGNUM *BN_CTX_get(BN_CTX *ctx)
 {
     BIGNUM *ret;
+
     CTXDBG_ENTRY("BN_CTX_get", ctx);
     if (ctx->err_stack || ctx->too_many)
         return NULL;
-    if ((ret = BN_POOL_get(&ctx->pool)) == NULL) {
+    if ((ret = BN_POOL_get(&ctx->pool, ctx->flags)) == NULL) {
         /*
          * Setting too_many prevents repeated "get" attempts from cluttering
          * the error stack.
@@ -318,32 +246,26 @@ static void BN_STACK_init(BN_STACK *st)
 
 static void BN_STACK_finish(BN_STACK *st)
 {
-    if (st->size)
-        OPENSSL_free(st->indexes);
+    OPENSSL_free(st->indexes);
+    st->indexes = NULL;
 }
 
-#ifndef OPENSSL_NO_DEPRECATED
-static void BN_STACK_reset(BN_STACK *st)
-{
-    st->depth = 0;
-}
-#endif
 
 static int BN_STACK_push(BN_STACK *st, unsigned int idx)
 {
-    if (st->depth == st->size)
+    if (st->depth == st->size) {
         /* Need to expand */
-    {
-        unsigned int newsize = (st->size ?
-                                (st->size * 3 / 2) : BN_CTX_START_FRAMES);
-        unsigned int *newitems = OPENSSL_malloc(newsize *
-                                                sizeof(unsigned int));
-        if (!newitems)
+        unsigned int newsize =
+            st->size ? (st->size * 3 / 2) : BN_CTX_START_FRAMES;
+        unsigned int *newitems;
+        
+        if ((newitems = OPENSSL_malloc(sizeof(*newitems) * newsize)) == NULL) {
+            BNerr(BN_F_BN_STACK_PUSH, ERR_R_MALLOC_FAILURE);
             return 0;
+        }
         if (st->depth)
-            memcpy(newitems, st->indexes, st->depth * sizeof(unsigned int));
-        if (st->size)
-            OPENSSL_free(st->indexes);
+            memcpy(newitems, st->indexes, sizeof(*newitems) * st->depth);
+        OPENSSL_free(st->indexes);
         st->indexes = newitems;
         st->size = newsize;
     }
@@ -368,55 +290,42 @@ static void BN_POOL_init(BN_POOL *p)
 
 static void BN_POOL_finish(BN_POOL *p)
 {
+    unsigned int loop;
+    BIGNUM *bn;
+
     while (p->head) {
-        unsigned int loop = 0;
-        BIGNUM *bn = p->head->vals;
-        while (loop++ < BN_CTX_POOL_SIZE) {
+        for (loop = 0, bn = p->head->vals; loop++ < BN_CTX_POOL_SIZE; bn++)
             if (bn->d)
                 BN_clear_free(bn);
-            bn++;
-        }
         p->current = p->head->next;
         OPENSSL_free(p->head);
         p->head = p->current;
     }
 }
 
-#ifndef OPENSSL_NO_DEPRECATED
-static void BN_POOL_reset(BN_POOL *p)
-{
-    BN_POOL_ITEM *item = p->head;
-    while (item) {
-        unsigned int loop = 0;
-        BIGNUM *bn = item->vals;
-        while (loop++ < BN_CTX_POOL_SIZE) {
-            if (bn->d)
-                BN_clear(bn);
-            bn++;
-        }
-        item = item->next;
-    }
-    p->current = p->head;
-    p->used = 0;
-}
-#endif
 
-static BIGNUM *BN_POOL_get(BN_POOL *p)
+static BIGNUM *BN_POOL_get(BN_POOL *p, int flag)
 {
+    BIGNUM *bn;
+    unsigned int loop;
+
+    /* Full; allocate a new pool item and link it in. */
     if (p->used == p->size) {
-        BIGNUM *bn;
-        unsigned int loop = 0;
-        BN_POOL_ITEM *item = OPENSSL_malloc(sizeof(BN_POOL_ITEM));
-        if (!item)
+        BN_POOL_ITEM *item;
+        
+        if ((item = OPENSSL_malloc(sizeof(*item))) == NULL) {
+            BNerr(BN_F_BN_POOL_GET, ERR_R_MALLOC_FAILURE);
             return NULL;
-        /* Initialise the structure */
-        bn = item->vals;
-        while (loop++ < BN_CTX_POOL_SIZE)
-            BN_init(bn++);
+        }
+        for (loop = 0, bn = item->vals; loop++ < BN_CTX_POOL_SIZE; bn++) {
+            bn_init(bn);
+            if ((flag & BN_FLG_SECURE) != 0)
+                BN_set_flags(bn, BN_FLG_SECURE);
+        }
         item->prev = p->tail;
         item->next = NULL;
-        /* Link it in */
-        if (!p->head)
+
+        if (p->head == NULL)
             p->head = p->current = p->tail = item;
         else {
             p->tail->next = item;
@@ -428,6 +337,7 @@ static BIGNUM *BN_POOL_get(BN_POOL *p)
         /* Return the first bignum from the new pool */
         return item->vals;
     }
+
     if (!p->used)
         p->current = p->head;
     else if ((p->used % BN_CTX_POOL_SIZE) == 0)
@@ -438,10 +348,11 @@ static BIGNUM *BN_POOL_get(BN_POOL *p)
 static void BN_POOL_release(BN_POOL *p, unsigned int num)
 {
     unsigned int offset = (p->used - 1) % BN_CTX_POOL_SIZE;
+
     p->used -= num;
     while (num--) {
         bn_check_top(p->current->vals + offset);
-        if (!offset) {
+        if (offset == 0) {
             offset = BN_CTX_POOL_SIZE - 1;
             p->current = p->current->prev;
         } else
diff --git a/freebsd/crypto/openssl/crypto/bn/bn_depr.c b/freebsd/crypto/openssl/crypto/bn/bn_depr.c
index 1becf208..7d1b1cf6 100644
--- a/freebsd/crypto/openssl/crypto/bn/bn_depr.c
+++ b/freebsd/crypto/openssl/crypto/bn/bn_depr.c
@@ -1,58 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/bn/bn_depr.c */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 /*
@@ -60,22 +14,22 @@
  * slurp this code if applications are using them directly.
  */
 
-#include <stdio.h>
-#include <time.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-#include <openssl/rand.h>
+#include <openssl/opensslconf.h>
+#if OPENSSL_API_COMPAT >= 0x00908000L
+NON_EMPTY_TRANSLATION_UNIT
+#else
 
-static void *dummy = &dummy;
+# include <stdio.h>
+# include <time.h>
+# include "internal/cryptlib.h"
+# include "bn_lcl.h"
 
-#ifndef OPENSSL_NO_DEPRECATED
 BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
                           const BIGNUM *add, const BIGNUM *rem,
                           void (*callback) (int, int, void *), void *cb_arg)
 {
     BN_GENCB cb;
     BIGNUM *rnd = NULL;
-    int found = 0;
 
     BN_GENCB_set_old(&cb, callback, cb_arg);
 
@@ -88,11 +42,10 @@ BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
         goto err;
 
     /* we have a prime :-) */
-    found = 1;
+    return ret;
  err:
-    if (!found && (ret == NULL) && (rnd != NULL))
-        BN_free(rnd);
-    return (found ? rnd : NULL);
+    BN_free(rnd);
+    return NULL;
 }
 
 int BN_is_prime(const BIGNUM *a, int checks,
diff --git a/freebsd/crypto/openssl/crypto/bn/bn_dh.c b/freebsd/crypto/openssl/crypto/bn/bn_dh.c
new file mode 100644
index 00000000..267d672f
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/bn/bn_dh.c
@@ -0,0 +1,514 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "bn_lcl.h"
+#include "internal/nelem.h"
+
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+#include "internal/bn_dh.h"
+/* DH parameters from RFC5114 */
+
+# if BN_BITS2 == 64
+static const BN_ULONG dh1024_160_p[] = {
+    0xDF1FB2BC2E4A4371ULL, 0xE68CFDA76D4DA708ULL, 0x45BF37DF365C1A65ULL,
+    0xA151AF5F0DC8B4BDULL, 0xFAA31A4FF55BCCC0ULL, 0x4EFFD6FAE5644738ULL,
+    0x98488E9C219A7372ULL, 0xACCBDD7D90C4BD70ULL, 0x24975C3CD49B83BFULL,
+    0x13ECB4AEA9061123ULL, 0x9838EF1E2EE652C0ULL, 0x6073E28675A23D18ULL,
+    0x9A6A9DCA52D23B61ULL, 0x52C99FBCFB06A3C6ULL, 0xDE92DE5EAE5D54ECULL,
+    0xB10B8F96A080E01DULL
+};
+
+static const BN_ULONG dh1024_160_g[] = {
+    0x855E6EEB22B3B2E5ULL, 0x858F4DCEF97C2A24ULL, 0x2D779D5918D08BC8ULL,
+    0xD662A4D18E73AFA3ULL, 0x1DBF0A0169B6A28AULL, 0xA6A24C087A091F53ULL,
+    0x909D0D2263F80A76ULL, 0xD7FBD7D3B9A92EE1ULL, 0x5E91547F9E2749F4ULL,
+    0x160217B4B01B886AULL, 0x777E690F5504F213ULL, 0x266FEA1E5C41564BULL,
+    0xD6406CFF14266D31ULL, 0xF8104DD258AC507FULL, 0x6765A442EFB99905ULL,
+    0xA4D1CBD5C3FD3412ULL
+};
+
+static const BN_ULONG dh1024_160_q[] = {
+    0x64B7CB9D49462353ULL, 0x81A8DF278ABA4E7DULL, 0x00000000F518AA87ULL
+};
+
+static const BN_ULONG dh2048_224_p[] = {
+    0x0AC4DFFE0C10E64FULL, 0xCF9DE5384E71B81CULL, 0x7EF363E2FFA31F71ULL,
+    0xE3FB73C16B8E75B9ULL, 0xC9B53DCF4BA80A29ULL, 0x23F10B0E16E79763ULL,
+    0xC52172E413042E9BULL, 0xBE60E69CC928B2B9ULL, 0x80CD86A1B9E587E8ULL,
+    0x315D75E198C641A4ULL, 0xCDF93ACC44328387ULL, 0x15987D9ADC0A486DULL,
+    0x7310F7121FD5A074ULL, 0x278273C7DE31EFDCULL, 0x1602E714415D9330ULL,
+    0x81286130BC8985DBULL, 0xB3BF8A3170918836ULL, 0x6A00E0A0B9C49708ULL,
+    0xC6BA0B2C8BBC27BEULL, 0xC9F98D11ED34DBF6ULL, 0x7AD5B7D0B6C12207ULL,
+    0xD91E8FEF55B7394BULL, 0x9037C9EDEFDA4DF8ULL, 0x6D3F8152AD6AC212ULL,
+    0x1DE6B85A1274A0A6ULL, 0xEB3D688A309C180EULL, 0xAF9A3C407BA1DF15ULL,
+    0xE6FA141DF95A56DBULL, 0xB54B1597B61D0A75ULL, 0xA20D64E5683B9FD1ULL,
+    0xD660FAA79559C51FULL, 0xAD107E1E9123A9D0ULL
+};
+
+static const BN_ULONG dh2048_224_g[] = {
+    0x84B890D3191F2BFAULL, 0x81BC087F2A7065B3ULL, 0x19C418E1F6EC0179ULL,
+    0x7B5A0F1C71CFFF4CULL, 0xEDFE72FE9B6AA4BDULL, 0x81E1BCFE94B30269ULL,
+    0x566AFBB48D6C0191ULL, 0xB539CCE3409D13CDULL, 0x6AA21E7F5F2FF381ULL,
+    0xD9E263E4770589EFULL, 0x10E183EDD19963DDULL, 0xB70A8137150B8EEBULL,
+    0x051AE3D428C8F8ACULL, 0xBB77A86F0C1AB15BULL, 0x6E3025E316A330EFULL,
+    0x19529A45D6F83456ULL, 0xF180EB34118E98D1ULL, 0xB5F6C6B250717CBEULL,
+    0x09939D54DA7460CDULL, 0xE247150422EA1ED4ULL, 0xB8A762D0521BC98AULL,
+    0xF4D027275AC1348BULL, 0xC17669101999024AULL, 0xBE5E9001A8D66AD7ULL,
+    0xC57DB17C620A8652ULL, 0xAB739D7700C29F52ULL, 0xDD921F01A70C4AFAULL,
+    0xA6824A4E10B9A6F0ULL, 0x74866A08CFE4FFE3ULL, 0x6CDEBE7B89998CAFULL,
+    0x9DF30B5C8FFDAC50ULL, 0xAC4032EF4F2D9AE3ULL
+};
+
+static const BN_ULONG dh2048_224_q[] = {
+    0xBF389A99B36371EBULL, 0x1F80535A4738CEBCULL, 0xC58D93FE99717710ULL,
+    0x00000000801C0D34ULL
+};
+
+static const BN_ULONG dh2048_256_p[] = {
+    0xDB094AE91E1A1597ULL, 0x693877FAD7EF09CAULL, 0x6116D2276E11715FULL,
+    0xA4B54330C198AF12ULL, 0x75F26375D7014103ULL, 0xC3A3960A54E710C3ULL,
+    0xDED4010ABD0BE621ULL, 0xC0B857F689962856ULL, 0xB3CA3F7971506026ULL,
+    0x1CCACB83E6B486F6ULL, 0x67E144E514056425ULL, 0xF6A167B5A41825D9ULL,
+    0x3AD8347796524D8EULL, 0xF13C6D9A51BFA4ABULL, 0x2D52526735488A0EULL,
+    0xB63ACAE1CAA6B790ULL, 0x4FDB70C581B23F76ULL, 0xBC39A0BF12307F5CULL,
+    0xB941F54EB1E59BB8ULL, 0x6C5BFC11D45F9088ULL, 0x22E0B1EF4275BF7BULL,
+    0x91F9E6725B4758C0ULL, 0x5A8A9D306BCF67EDULL, 0x209E0C6497517ABDULL,
+    0x3BF4296D830E9A7CULL, 0x16C3D91134096FAAULL, 0xFAF7DF4561B2AA30ULL,
+    0xE00DF8F1D61957D4ULL, 0x5D2CEED4435E3B00ULL, 0x8CEEF608660DD0F2ULL,
+    0xFFBBD19C65195999ULL, 0x87A8E61DB4B6663CULL
+};
+
+static const BN_ULONG dh2048_256_g[] = {
+    0x664B4C0F6CC41659ULL, 0x5E2327CFEF98C582ULL, 0xD647D148D4795451ULL,
+    0x2F63078490F00EF8ULL, 0x184B523D1DB246C3ULL, 0xC7891428CDC67EB6ULL,
+    0x7FD028370DF92B52ULL, 0xB3353BBB64E0EC37ULL, 0xECD06E1557CD0915ULL,
+    0xB7D2BBD2DF016199ULL, 0xC8484B1E052588B9ULL, 0xDB2A3B7313D3FE14ULL,
+    0xD052B985D182EA0AULL, 0xA4BD1BFFE83B9C80ULL, 0xDFC967C1FB3F2E55ULL,
+    0xB5045AF2767164E1ULL, 0x1D14348F6F2F9193ULL, 0x64E67982428EBC83ULL,
+    0x8AC376D282D6ED38ULL, 0x777DE62AAAB8A862ULL, 0xDDF463E5E9EC144BULL,
+    0x0196F931C77A57F2ULL, 0xA55AE31341000A65ULL, 0x901228F8C28CBB18ULL,
+    0xBC3773BF7E8C6F62ULL, 0xBE3A6C1B0C6B47B1ULL, 0xFF4FED4AAC0BB555ULL,
+    0x10DBC15077BE463FULL, 0x07F4793A1A0BA125ULL, 0x4CA7B18F21EF2054ULL,
+    0x2E77506660EDBD48ULL, 0x3FB32C9B73134D0BULL
+};
+
+static const BN_ULONG dh2048_256_q[] = {
+    0xA308B0FE64F5FBD3ULL, 0x99B1A47D1EB3750BULL, 0xB447997640129DA2ULL,
+    0x8CF83642A709A097ULL
+};
+
+/* Primes from RFC 7919 */
+static const BN_ULONG ffdhe2048_p[] = {
+    0xFFFFFFFFFFFFFFFFULL, 0x886B423861285C97ULL, 0xC6F34A26C1B2EFFAULL,
+    0xC58EF1837D1683B2ULL, 0x3BB5FCBC2EC22005ULL, 0xC3FE3B1B4C6FAD73ULL,
+    0x8E4F1232EEF28183ULL, 0x9172FE9CE98583FFULL, 0xC03404CD28342F61ULL,
+    0x9E02FCE1CDF7E2ECULL, 0x0B07A7C8EE0A6D70ULL, 0xAE56EDE76372BB19ULL,
+    0x1D4F42A3DE394DF4ULL, 0xB96ADAB760D7F468ULL, 0xD108A94BB2C8E3FBULL,
+    0xBC0AB182B324FB61ULL, 0x30ACCA4F483A797AULL, 0x1DF158A136ADE735ULL,
+    0xE2A689DAF3EFE872ULL, 0x984F0C70E0E68B77ULL, 0xB557135E7F57C935ULL,
+    0x856365553DED1AF3ULL, 0x2433F51F5F066ED0ULL, 0xD3DF1ED5D5FD6561ULL,
+    0xF681B202AEC4617AULL, 0x7D2FE363630C75D8ULL, 0xCC939DCE249B3EF9ULL,
+    0xA9E13641146433FBULL, 0xD8B9C583CE2D3695ULL, 0xAFDC5620273D3CF1ULL,
+    0xADF85458A2BB4A9AULL, 0xFFFFFFFFFFFFFFFFULL
+};
+
+static const BN_ULONG ffdhe3072_p[] = {
+    0xFFFFFFFFFFFFFFFFULL, 0x25E41D2B66C62E37ULL, 0x3C1B20EE3FD59D7CULL,
+    0x0ABCD06BFA53DDEFULL, 0x1DBF9A42D5C4484EULL, 0xABC521979B0DEADAULL,
+    0xE86D2BC522363A0DULL, 0x5CAE82AB9C9DF69EULL, 0x64F2E21E71F54BFFULL,
+    0xF4FD4452E2D74DD3ULL, 0xB4130C93BC437944ULL, 0xAEFE130985139270ULL,
+    0x598CB0FAC186D91CULL, 0x7AD91D2691F7F7EEULL, 0x61B46FC9D6E6C907ULL,
+    0xBC34F4DEF99C0238ULL, 0xDE355B3B6519035BULL, 0x886B4238611FCFDCULL,
+    0xC6F34A26C1B2EFFAULL, 0xC58EF1837D1683B2ULL, 0x3BB5FCBC2EC22005ULL,
+    0xC3FE3B1B4C6FAD73ULL, 0x8E4F1232EEF28183ULL, 0x9172FE9CE98583FFULL,
+    0xC03404CD28342F61ULL, 0x9E02FCE1CDF7E2ECULL, 0x0B07A7C8EE0A6D70ULL,
+    0xAE56EDE76372BB19ULL, 0x1D4F42A3DE394DF4ULL, 0xB96ADAB760D7F468ULL,
+    0xD108A94BB2C8E3FBULL, 0xBC0AB182B324FB61ULL, 0x30ACCA4F483A797AULL,
+    0x1DF158A136ADE735ULL, 0xE2A689DAF3EFE872ULL, 0x984F0C70E0E68B77ULL,
+    0xB557135E7F57C935ULL, 0x856365553DED1AF3ULL, 0x2433F51F5F066ED0ULL,
+    0xD3DF1ED5D5FD6561ULL, 0xF681B202AEC4617AULL, 0x7D2FE363630C75D8ULL,
+    0xCC939DCE249B3EF9ULL, 0xA9E13641146433FBULL, 0xD8B9C583CE2D3695ULL,
+    0xAFDC5620273D3CF1ULL, 0xADF85458A2BB4A9AULL, 0xFFFFFFFFFFFFFFFFULL
+};
+
+static const BN_ULONG ffdhe4096_p[] = {
+    0xFFFFFFFFFFFFFFFFULL, 0xC68A007E5E655F6AULL, 0x4DB5A851F44182E1ULL,
+    0x8EC9B55A7F88A46BULL, 0x0A8291CDCEC97DCFULL, 0x2A4ECEA9F98D0ACCULL,
+    0x1A1DB93D7140003CULL, 0x092999A333CB8B7AULL, 0x6DC778F971AD0038ULL,
+    0xA907600A918130C4ULL, 0xED6A1E012D9E6832ULL, 0x7135C886EFB4318AULL,
+    0x87F55BA57E31CC7AULL, 0x7763CF1D55034004ULL, 0xAC7D5F42D69F6D18ULL,
+    0x7930E9E4E58857B6ULL, 0x6E6F52C3164DF4FBULL, 0x25E41D2B669E1EF1ULL,
+    0x3C1B20EE3FD59D7CULL, 0x0ABCD06BFA53DDEFULL, 0x1DBF9A42D5C4484EULL,
+    0xABC521979B0DEADAULL, 0xE86D2BC522363A0DULL, 0x5CAE82AB9C9DF69EULL,
+    0x64F2E21E71F54BFFULL, 0xF4FD4452E2D74DD3ULL, 0xB4130C93BC437944ULL,
+    0xAEFE130985139270ULL, 0x598CB0FAC186D91CULL, 0x7AD91D2691F7F7EEULL,
+    0x61B46FC9D6E6C907ULL, 0xBC34F4DEF99C0238ULL, 0xDE355B3B6519035BULL,
+    0x886B4238611FCFDCULL, 0xC6F34A26C1B2EFFAULL, 0xC58EF1837D1683B2ULL,
+    0x3BB5FCBC2EC22005ULL, 0xC3FE3B1B4C6FAD73ULL, 0x8E4F1232EEF28183ULL,
+    0x9172FE9CE98583FFULL, 0xC03404CD28342F61ULL, 0x9E02FCE1CDF7E2ECULL,
+    0x0B07A7C8EE0A6D70ULL, 0xAE56EDE76372BB19ULL, 0x1D4F42A3DE394DF4ULL,
+    0xB96ADAB760D7F468ULL, 0xD108A94BB2C8E3FBULL, 0xBC0AB182B324FB61ULL,
+    0x30ACCA4F483A797AULL, 0x1DF158A136ADE735ULL, 0xE2A689DAF3EFE872ULL,
+    0x984F0C70E0E68B77ULL, 0xB557135E7F57C935ULL, 0x856365553DED1AF3ULL,
+    0x2433F51F5F066ED0ULL, 0xD3DF1ED5D5FD6561ULL, 0xF681B202AEC4617AULL,
+    0x7D2FE363630C75D8ULL, 0xCC939DCE249B3EF9ULL, 0xA9E13641146433FBULL,
+    0xD8B9C583CE2D3695ULL, 0xAFDC5620273D3CF1ULL, 0xADF85458A2BB4A9AULL,
+    0xFFFFFFFFFFFFFFFFULL
+};
+
+static const BN_ULONG ffdhe6144_p[] = {
+    0xFFFFFFFFFFFFFFFFULL, 0xA40E329CD0E40E65ULL, 0xA41D570D7938DAD4ULL,
+    0x62A69526D43161C1ULL, 0x3FDD4A8E9ADB1E69ULL, 0x5B3B71F9DC6B80D6ULL,
+    0xEC9D1810C6272B04ULL, 0x8CCF2DD5CACEF403ULL, 0xE49F5235C95B9117ULL,
+    0x505DC82DB854338AULL, 0x62292C311562A846ULL, 0xD72B03746AE77F5EULL,
+    0xF9C9091B462D538CULL, 0x0AE8DB5847A67CBEULL, 0xB3A739C122611682ULL,
+    0xEEAAC0232A281BF6ULL, 0x94C6651E77CAF992ULL, 0x763E4E4B94B2BBC1ULL,
+    0x587E38DA0077D9B4ULL, 0x7FB29F8C183023C3ULL, 0x0ABEC1FFF9E3A26EULL,
+    0xA00EF092350511E3ULL, 0xB855322EDB6340D8ULL, 0xA52471F7A9A96910ULL,
+    0x388147FB4CFDB477ULL, 0x9B1F5C3E4E46041FULL, 0xCDAD0657FCCFEC71ULL,
+    0xB38E8C334C701C3AULL, 0x917BDD64B1C0FD4CULL, 0x3BB454329B7624C8ULL,
+    0x23BA4442CAF53EA6ULL, 0x4E677D2C38532A3AULL, 0x0BFD64B645036C7AULL,
+    0xC68A007E5E0DD902ULL, 0x4DB5A851F44182E1ULL, 0x8EC9B55A7F88A46BULL,
+    0x0A8291CDCEC97DCFULL, 0x2A4ECEA9F98D0ACCULL, 0x1A1DB93D7140003CULL,
+    0x092999A333CB8B7AULL, 0x6DC778F971AD0038ULL, 0xA907600A918130C4ULL,
+    0xED6A1E012D9E6832ULL, 0x7135C886EFB4318AULL, 0x87F55BA57E31CC7AULL,
+    0x7763CF1D55034004ULL, 0xAC7D5F42D69F6D18ULL, 0x7930E9E4E58857B6ULL,
+    0x6E6F52C3164DF4FBULL, 0x25E41D2B669E1EF1ULL, 0x3C1B20EE3FD59D7CULL,
+    0x0ABCD06BFA53DDEFULL, 0x1DBF9A42D5C4484EULL, 0xABC521979B0DEADAULL,
+    0xE86D2BC522363A0DULL, 0x5CAE82AB9C9DF69EULL, 0x64F2E21E71F54BFFULL,
+    0xF4FD4452E2D74DD3ULL, 0xB4130C93BC437944ULL, 0xAEFE130985139270ULL,
+    0x598CB0FAC186D91CULL, 0x7AD91D2691F7F7EEULL, 0x61B46FC9D6E6C907ULL,
+    0xBC34F4DEF99C0238ULL, 0xDE355B3B6519035BULL, 0x886B4238611FCFDCULL,
+    0xC6F34A26C1B2EFFAULL, 0xC58EF1837D1683B2ULL, 0x3BB5FCBC2EC22005ULL,
+    0xC3FE3B1B4C6FAD73ULL, 0x8E4F1232EEF28183ULL, 0x9172FE9CE98583FFULL,
+    0xC03404CD28342F61ULL, 0x9E02FCE1CDF7E2ECULL, 0x0B07A7C8EE0A6D70ULL,
+    0xAE56EDE76372BB19ULL, 0x1D4F42A3DE394DF4ULL, 0xB96ADAB760D7F468ULL,
+    0xD108A94BB2C8E3FBULL, 0xBC0AB182B324FB61ULL, 0x30ACCA4F483A797AULL,
+    0x1DF158A136ADE735ULL, 0xE2A689DAF3EFE872ULL, 0x984F0C70E0E68B77ULL,
+    0xB557135E7F57C935ULL, 0x856365553DED1AF3ULL, 0x2433F51F5F066ED0ULL,
+    0xD3DF1ED5D5FD6561ULL, 0xF681B202AEC4617AULL, 0x7D2FE363630C75D8ULL,
+    0xCC939DCE249B3EF9ULL, 0xA9E13641146433FBULL, 0xD8B9C583CE2D3695ULL,
+    0xAFDC5620273D3CF1ULL, 0xADF85458A2BB4A9AULL, 0xFFFFFFFFFFFFFFFFULL
+};
+
+static const BN_ULONG ffdhe8192_p[] = {
+    0xFFFFFFFFFFFFFFFFULL, 0xD68C8BB7C5C6424CULL, 0x011E2A94838FF88CULL,
+    0x0822E506A9F4614EULL, 0x97D11D49F7A8443DULL, 0xA6BBFDE530677F0DULL,
+    0x2F741EF8C1FE86FEULL, 0xFAFABE1C5D71A87EULL, 0xDED2FBABFBE58A30ULL,
+    0xB6855DFE72B0A66EULL, 0x1EFC8CE0BA8A4FE8ULL, 0x83F81D4A3F2FA457ULL,
+    0xA1FE3075A577E231ULL, 0xD5B8019488D9C0A0ULL, 0x624816CDAD9A95F9ULL,
+    0x99E9E31650C1217BULL, 0x51AA691E0E423CFCULL, 0x1C217E6C3826E52CULL,
+    0x51A8A93109703FEEULL, 0xBB7099876A460E74ULL, 0x541FC68C9C86B022ULL,
+    0x59160CC046FD8251ULL, 0x2846C0BA35C35F5CULL, 0x54504AC78B758282ULL,
+    0x29388839D2AF05E4ULL, 0xCB2C0F1CC01BD702ULL, 0x555B2F747C932665ULL,
+    0x86B63142A3AB8829ULL, 0x0B8CC3BDF64B10EFULL, 0x687FEB69EDD1CC5EULL,
+    0xFDB23FCEC9509D43ULL, 0x1E425A31D951AE64ULL, 0x36AD004CF600C838ULL,
+    0xA40E329CCFF46AAAULL, 0xA41D570D7938DAD4ULL, 0x62A69526D43161C1ULL,
+    0x3FDD4A8E9ADB1E69ULL, 0x5B3B71F9DC6B80D6ULL, 0xEC9D1810C6272B04ULL,
+    0x8CCF2DD5CACEF403ULL, 0xE49F5235C95B9117ULL, 0x505DC82DB854338AULL,
+    0x62292C311562A846ULL, 0xD72B03746AE77F5EULL, 0xF9C9091B462D538CULL,
+    0x0AE8DB5847A67CBEULL, 0xB3A739C122611682ULL, 0xEEAAC0232A281BF6ULL,
+    0x94C6651E77CAF992ULL, 0x763E4E4B94B2BBC1ULL, 0x587E38DA0077D9B4ULL,
+    0x7FB29F8C183023C3ULL, 0x0ABEC1FFF9E3A26EULL, 0xA00EF092350511E3ULL,
+    0xB855322EDB6340D8ULL, 0xA52471F7A9A96910ULL, 0x388147FB4CFDB477ULL,
+    0x9B1F5C3E4E46041FULL, 0xCDAD0657FCCFEC71ULL, 0xB38E8C334C701C3AULL,
+    0x917BDD64B1C0FD4CULL, 0x3BB454329B7624C8ULL, 0x23BA4442CAF53EA6ULL,
+    0x4E677D2C38532A3AULL, 0x0BFD64B645036C7AULL, 0xC68A007E5E0DD902ULL,
+    0x4DB5A851F44182E1ULL, 0x8EC9B55A7F88A46BULL, 0x0A8291CDCEC97DCFULL,
+    0x2A4ECEA9F98D0ACCULL, 0x1A1DB93D7140003CULL, 0x092999A333CB8B7AULL,
+    0x6DC778F971AD0038ULL, 0xA907600A918130C4ULL, 0xED6A1E012D9E6832ULL,
+    0x7135C886EFB4318AULL, 0x87F55BA57E31CC7AULL, 0x7763CF1D55034004ULL,
+    0xAC7D5F42D69F6D18ULL, 0x7930E9E4E58857B6ULL, 0x6E6F52C3164DF4FBULL,
+    0x25E41D2B669E1EF1ULL, 0x3C1B20EE3FD59D7CULL, 0x0ABCD06BFA53DDEFULL,
+    0x1DBF9A42D5C4484EULL, 0xABC521979B0DEADAULL, 0xE86D2BC522363A0DULL,
+    0x5CAE82AB9C9DF69EULL, 0x64F2E21E71F54BFFULL, 0xF4FD4452E2D74DD3ULL,
+    0xB4130C93BC437944ULL, 0xAEFE130985139270ULL, 0x598CB0FAC186D91CULL,
+    0x7AD91D2691F7F7EEULL, 0x61B46FC9D6E6C907ULL, 0xBC34F4DEF99C0238ULL,
+    0xDE355B3B6519035BULL, 0x886B4238611FCFDCULL, 0xC6F34A26C1B2EFFAULL,
+    0xC58EF1837D1683B2ULL, 0x3BB5FCBC2EC22005ULL, 0xC3FE3B1B4C6FAD73ULL,
+    0x8E4F1232EEF28183ULL, 0x9172FE9CE98583FFULL, 0xC03404CD28342F61ULL,
+    0x9E02FCE1CDF7E2ECULL, 0x0B07A7C8EE0A6D70ULL, 0xAE56EDE76372BB19ULL,
+    0x1D4F42A3DE394DF4ULL, 0xB96ADAB760D7F468ULL, 0xD108A94BB2C8E3FBULL,
+    0xBC0AB182B324FB61ULL, 0x30ACCA4F483A797AULL, 0x1DF158A136ADE735ULL,
+    0xE2A689DAF3EFE872ULL, 0x984F0C70E0E68B77ULL, 0xB557135E7F57C935ULL,
+    0x856365553DED1AF3ULL, 0x2433F51F5F066ED0ULL, 0xD3DF1ED5D5FD6561ULL,
+    0xF681B202AEC4617AULL, 0x7D2FE363630C75D8ULL, 0xCC939DCE249B3EF9ULL,
+    0xA9E13641146433FBULL, 0xD8B9C583CE2D3695ULL, 0xAFDC5620273D3CF1ULL,
+    0xADF85458A2BB4A9AULL, 0xFFFFFFFFFFFFFFFFULL
+};
+
+# elif BN_BITS2 == 32
+
+static const BN_ULONG dh1024_160_p[] = {
+    0x2E4A4371, 0xDF1FB2BC, 0x6D4DA708, 0xE68CFDA7, 0x365C1A65, 0x45BF37DF,
+    0x0DC8B4BD, 0xA151AF5F, 0xF55BCCC0, 0xFAA31A4F, 0xE5644738, 0x4EFFD6FA,
+    0x219A7372, 0x98488E9C, 0x90C4BD70, 0xACCBDD7D, 0xD49B83BF, 0x24975C3C,
+    0xA9061123, 0x13ECB4AE, 0x2EE652C0, 0x9838EF1E, 0x75A23D18, 0x6073E286,
+    0x52D23B61, 0x9A6A9DCA, 0xFB06A3C6, 0x52C99FBC, 0xAE5D54EC, 0xDE92DE5E,
+    0xA080E01D, 0xB10B8F96
+};
+
+static const BN_ULONG dh1024_160_g[] = {
+    0x22B3B2E5, 0x855E6EEB, 0xF97C2A24, 0x858F4DCE, 0x18D08BC8, 0x2D779D59,
+    0x8E73AFA3, 0xD662A4D1, 0x69B6A28A, 0x1DBF0A01, 0x7A091F53, 0xA6A24C08,
+    0x63F80A76, 0x909D0D22, 0xB9A92EE1, 0xD7FBD7D3, 0x9E2749F4, 0x5E91547F,
+    0xB01B886A, 0x160217B4, 0x5504F213, 0x777E690F, 0x5C41564B, 0x266FEA1E,
+    0x14266D31, 0xD6406CFF, 0x58AC507F, 0xF8104DD2, 0xEFB99905, 0x6765A442,
+    0xC3FD3412, 0xA4D1CBD5
+};
+
+static const BN_ULONG dh1024_160_q[] = {
+    0x49462353, 0x64B7CB9D, 0x8ABA4E7D, 0x81A8DF27, 0xF518AA87
+};
+
+static const BN_ULONG dh2048_224_p[] = {
+    0x0C10E64F, 0x0AC4DFFE, 0x4E71B81C, 0xCF9DE538, 0xFFA31F71, 0x7EF363E2,
+    0x6B8E75B9, 0xE3FB73C1, 0x4BA80A29, 0xC9B53DCF, 0x16E79763, 0x23F10B0E,
+    0x13042E9B, 0xC52172E4, 0xC928B2B9, 0xBE60E69C, 0xB9E587E8, 0x80CD86A1,
+    0x98C641A4, 0x315D75E1, 0x44328387, 0xCDF93ACC, 0xDC0A486D, 0x15987D9A,
+    0x1FD5A074, 0x7310F712, 0xDE31EFDC, 0x278273C7, 0x415D9330, 0x1602E714,
+    0xBC8985DB, 0x81286130, 0x70918836, 0xB3BF8A31, 0xB9C49708, 0x6A00E0A0,
+    0x8BBC27BE, 0xC6BA0B2C, 0xED34DBF6, 0xC9F98D11, 0xB6C12207, 0x7AD5B7D0,
+    0x55B7394B, 0xD91E8FEF, 0xEFDA4DF8, 0x9037C9ED, 0xAD6AC212, 0x6D3F8152,
+    0x1274A0A6, 0x1DE6B85A, 0x309C180E, 0xEB3D688A, 0x7BA1DF15, 0xAF9A3C40,
+    0xF95A56DB, 0xE6FA141D, 0xB61D0A75, 0xB54B1597, 0x683B9FD1, 0xA20D64E5,
+    0x9559C51F, 0xD660FAA7, 0x9123A9D0, 0xAD107E1E
+};
+
+static const BN_ULONG dh2048_224_g[] = {
+    0x191F2BFA, 0x84B890D3, 0x2A7065B3, 0x81BC087F, 0xF6EC0179, 0x19C418E1,
+    0x71CFFF4C, 0x7B5A0F1C, 0x9B6AA4BD, 0xEDFE72FE, 0x94B30269, 0x81E1BCFE,
+    0x8D6C0191, 0x566AFBB4, 0x409D13CD, 0xB539CCE3, 0x5F2FF381, 0x6AA21E7F,
+    0x770589EF, 0xD9E263E4, 0xD19963DD, 0x10E183ED, 0x150B8EEB, 0xB70A8137,
+    0x28C8F8AC, 0x051AE3D4, 0x0C1AB15B, 0xBB77A86F, 0x16A330EF, 0x6E3025E3,
+    0xD6F83456, 0x19529A45, 0x118E98D1, 0xF180EB34, 0x50717CBE, 0xB5F6C6B2,
+    0xDA7460CD, 0x09939D54, 0x22EA1ED4, 0xE2471504, 0x521BC98A, 0xB8A762D0,
+    0x5AC1348B, 0xF4D02727, 0x1999024A, 0xC1766910, 0xA8D66AD7, 0xBE5E9001,
+    0x620A8652, 0xC57DB17C, 0x00C29F52, 0xAB739D77, 0xA70C4AFA, 0xDD921F01,
+    0x10B9A6F0, 0xA6824A4E, 0xCFE4FFE3, 0x74866A08, 0x89998CAF, 0x6CDEBE7B,
+    0x8FFDAC50, 0x9DF30B5C, 0x4F2D9AE3, 0xAC4032EF
+};
+
+static const BN_ULONG dh2048_224_q[] = {
+    0xB36371EB, 0xBF389A99, 0x4738CEBC, 0x1F80535A, 0x99717710, 0xC58D93FE,
+    0x801C0D34
+};
+
+static const BN_ULONG dh2048_256_p[] = {
+    0x1E1A1597, 0xDB094AE9, 0xD7EF09CA, 0x693877FA, 0x6E11715F, 0x6116D227,
+    0xC198AF12, 0xA4B54330, 0xD7014103, 0x75F26375, 0x54E710C3, 0xC3A3960A,
+    0xBD0BE621, 0xDED4010A, 0x89962856, 0xC0B857F6, 0x71506026, 0xB3CA3F79,
+    0xE6B486F6, 0x1CCACB83, 0x14056425, 0x67E144E5, 0xA41825D9, 0xF6A167B5,
+    0x96524D8E, 0x3AD83477, 0x51BFA4AB, 0xF13C6D9A, 0x35488A0E, 0x2D525267,
+    0xCAA6B790, 0xB63ACAE1, 0x81B23F76, 0x4FDB70C5, 0x12307F5C, 0xBC39A0BF,
+    0xB1E59BB8, 0xB941F54E, 0xD45F9088, 0x6C5BFC11, 0x4275BF7B, 0x22E0B1EF,
+    0x5B4758C0, 0x91F9E672, 0x6BCF67ED, 0x5A8A9D30, 0x97517ABD, 0x209E0C64,
+    0x830E9A7C, 0x3BF4296D, 0x34096FAA, 0x16C3D911, 0x61B2AA30, 0xFAF7DF45,
+    0xD61957D4, 0xE00DF8F1, 0x435E3B00, 0x5D2CEED4, 0x660DD0F2, 0x8CEEF608,
+    0x65195999, 0xFFBBD19C, 0xB4B6663C, 0x87A8E61D
+};
+
+static const BN_ULONG dh2048_256_g[] = {
+    0x6CC41659, 0x664B4C0F, 0xEF98C582, 0x5E2327CF, 0xD4795451, 0xD647D148,
+    0x90F00EF8, 0x2F630784, 0x1DB246C3, 0x184B523D, 0xCDC67EB6, 0xC7891428,
+    0x0DF92B52, 0x7FD02837, 0x64E0EC37, 0xB3353BBB, 0x57CD0915, 0xECD06E15,
+    0xDF016199, 0xB7D2BBD2, 0x052588B9, 0xC8484B1E, 0x13D3FE14, 0xDB2A3B73,
+    0xD182EA0A, 0xD052B985, 0xE83B9C80, 0xA4BD1BFF, 0xFB3F2E55, 0xDFC967C1,
+    0x767164E1, 0xB5045AF2, 0x6F2F9193, 0x1D14348F, 0x428EBC83, 0x64E67982,
+    0x82D6ED38, 0x8AC376D2, 0xAAB8A862, 0x777DE62A, 0xE9EC144B, 0xDDF463E5,
+    0xC77A57F2, 0x0196F931, 0x41000A65, 0xA55AE313, 0xC28CBB18, 0x901228F8,
+    0x7E8C6F62, 0xBC3773BF, 0x0C6B47B1, 0xBE3A6C1B, 0xAC0BB555, 0xFF4FED4A,
+    0x77BE463F, 0x10DBC150, 0x1A0BA125, 0x07F4793A, 0x21EF2054, 0x4CA7B18F,
+    0x60EDBD48, 0x2E775066, 0x73134D0B, 0x3FB32C9B
+};
+
+static const BN_ULONG dh2048_256_q[] = {
+    0x64F5FBD3, 0xA308B0FE, 0x1EB3750B, 0x99B1A47D, 0x40129DA2, 0xB4479976,
+    0xA709A097, 0x8CF83642
+};
+
+/* Primes from RFC 7919 */
+
+static const BN_ULONG ffdhe2048_p[] = {
+    0xFFFFFFFF, 0xFFFFFFFF, 0x61285C97, 0x886B4238, 0xC1B2EFFA, 0xC6F34A26,
+    0x7D1683B2, 0xC58EF183, 0x2EC22005, 0x3BB5FCBC, 0x4C6FAD73, 0xC3FE3B1B,
+    0xEEF28183, 0x8E4F1232, 0xE98583FF, 0x9172FE9C, 0x28342F61, 0xC03404CD,
+    0xCDF7E2EC, 0x9E02FCE1, 0xEE0A6D70, 0x0B07A7C8, 0x6372BB19, 0xAE56EDE7,
+    0xDE394DF4, 0x1D4F42A3, 0x60D7F468, 0xB96ADAB7, 0xB2C8E3FB, 0xD108A94B,
+    0xB324FB61, 0xBC0AB182, 0x483A797A, 0x30ACCA4F, 0x36ADE735, 0x1DF158A1,
+    0xF3EFE872, 0xE2A689DA, 0xE0E68B77, 0x984F0C70, 0x7F57C935, 0xB557135E,
+    0x3DED1AF3, 0x85636555, 0x5F066ED0, 0x2433F51F, 0xD5FD6561, 0xD3DF1ED5,
+    0xAEC4617A, 0xF681B202, 0x630C75D8, 0x7D2FE363, 0x249B3EF9, 0xCC939DCE,
+    0x146433FB, 0xA9E13641, 0xCE2D3695, 0xD8B9C583, 0x273D3CF1, 0xAFDC5620,
+    0xA2BB4A9A, 0xADF85458, 0xFFFFFFFF, 0xFFFFFFFF
+};
+
+static const BN_ULONG ffdhe3072_p[] = {
+    0xFFFFFFFF, 0xFFFFFFFF, 0x66C62E37, 0x25E41D2B, 0x3FD59D7C, 0x3C1B20EE,
+    0xFA53DDEF, 0x0ABCD06B, 0xD5C4484E, 0x1DBF9A42, 0x9B0DEADA, 0xABC52197,
+    0x22363A0D, 0xE86D2BC5, 0x9C9DF69E, 0x5CAE82AB, 0x71F54BFF, 0x64F2E21E,
+    0xE2D74DD3, 0xF4FD4452, 0xBC437944, 0xB4130C93, 0x85139270, 0xAEFE1309,
+    0xC186D91C, 0x598CB0FA, 0x91F7F7EE, 0x7AD91D26, 0xD6E6C907, 0x61B46FC9,
+    0xF99C0238, 0xBC34F4DE, 0x6519035B, 0xDE355B3B, 0x611FCFDC, 0x886B4238,
+    0xC1B2EFFA, 0xC6F34A26, 0x7D1683B2, 0xC58EF183, 0x2EC22005, 0x3BB5FCBC,
+    0x4C6FAD73, 0xC3FE3B1B, 0xEEF28183, 0x8E4F1232, 0xE98583FF, 0x9172FE9C,
+    0x28342F61, 0xC03404CD, 0xCDF7E2EC, 0x9E02FCE1, 0xEE0A6D70, 0x0B07A7C8,
+    0x6372BB19, 0xAE56EDE7, 0xDE394DF4, 0x1D4F42A3, 0x60D7F468, 0xB96ADAB7,
+    0xB2C8E3FB, 0xD108A94B, 0xB324FB61, 0xBC0AB182, 0x483A797A, 0x30ACCA4F,
+    0x36ADE735, 0x1DF158A1, 0xF3EFE872, 0xE2A689DA, 0xE0E68B77, 0x984F0C70,
+    0x7F57C935, 0xB557135E, 0x3DED1AF3, 0x85636555, 0x5F066ED0, 0x2433F51F,
+    0xD5FD6561, 0xD3DF1ED5, 0xAEC4617A, 0xF681B202, 0x630C75D8, 0x7D2FE363,
+    0x249B3EF9, 0xCC939DCE, 0x146433FB, 0xA9E13641, 0xCE2D3695, 0xD8B9C583,
+    0x273D3CF1, 0xAFDC5620, 0xA2BB4A9A, 0xADF85458, 0xFFFFFFFF, 0xFFFFFFFF
+};
+
+static const BN_ULONG ffdhe4096_p[] = {
+    0xFFFFFFFF, 0xFFFFFFFF, 0x5E655F6A, 0xC68A007E, 0xF44182E1, 0x4DB5A851,
+    0x7F88A46B, 0x8EC9B55A, 0xCEC97DCF, 0x0A8291CD, 0xF98D0ACC, 0x2A4ECEA9,
+    0x7140003C, 0x1A1DB93D, 0x33CB8B7A, 0x092999A3, 0x71AD0038, 0x6DC778F9,
+    0x918130C4, 0xA907600A, 0x2D9E6832, 0xED6A1E01, 0xEFB4318A, 0x7135C886,
+    0x7E31CC7A, 0x87F55BA5, 0x55034004, 0x7763CF1D, 0xD69F6D18, 0xAC7D5F42,
+    0xE58857B6, 0x7930E9E4, 0x164DF4FB, 0x6E6F52C3, 0x669E1EF1, 0x25E41D2B,
+    0x3FD59D7C, 0x3C1B20EE, 0xFA53DDEF, 0x0ABCD06B, 0xD5C4484E, 0x1DBF9A42,
+    0x9B0DEADA, 0xABC52197, 0x22363A0D, 0xE86D2BC5, 0x9C9DF69E, 0x5CAE82AB,
+    0x71F54BFF, 0x64F2E21E, 0xE2D74DD3, 0xF4FD4452, 0xBC437944, 0xB4130C93,
+    0x85139270, 0xAEFE1309, 0xC186D91C, 0x598CB0FA, 0x91F7F7EE, 0x7AD91D26,
+    0xD6E6C907, 0x61B46FC9, 0xF99C0238, 0xBC34F4DE, 0x6519035B, 0xDE355B3B,
+    0x611FCFDC, 0x886B4238, 0xC1B2EFFA, 0xC6F34A26, 0x7D1683B2, 0xC58EF183,
+    0x2EC22005, 0x3BB5FCBC, 0x4C6FAD73, 0xC3FE3B1B, 0xEEF28183, 0x8E4F1232,
+    0xE98583FF, 0x9172FE9C, 0x28342F61, 0xC03404CD, 0xCDF7E2EC, 0x9E02FCE1,
+    0xEE0A6D70, 0x0B07A7C8, 0x6372BB19, 0xAE56EDE7, 0xDE394DF4, 0x1D4F42A3,
+    0x60D7F468, 0xB96ADAB7, 0xB2C8E3FB, 0xD108A94B, 0xB324FB61, 0xBC0AB182,
+    0x483A797A, 0x30ACCA4F, 0x36ADE735, 0x1DF158A1, 0xF3EFE872, 0xE2A689DA,
+    0xE0E68B77, 0x984F0C70, 0x7F57C935, 0xB557135E, 0x3DED1AF3, 0x85636555,
+    0x5F066ED0, 0x2433F51F, 0xD5FD6561, 0xD3DF1ED5, 0xAEC4617A, 0xF681B202,
+    0x630C75D8, 0x7D2FE363, 0x249B3EF9, 0xCC939DCE, 0x146433FB, 0xA9E13641,
+    0xCE2D3695, 0xD8B9C583, 0x273D3CF1, 0xAFDC5620, 0xA2BB4A9A, 0xADF85458,
+    0xFFFFFFFF, 0xFFFFFFFF
+};
+
+static const BN_ULONG ffdhe6144_p[] = {
+    0xFFFFFFFF, 0xFFFFFFFF, 0xD0E40E65, 0xA40E329C, 0x7938DAD4, 0xA41D570D,
+    0xD43161C1, 0x62A69526, 0x9ADB1E69, 0x3FDD4A8E, 0xDC6B80D6, 0x5B3B71F9,
+    0xC6272B04, 0xEC9D1810, 0xCACEF403, 0x8CCF2DD5, 0xC95B9117, 0xE49F5235,
+    0xB854338A, 0x505DC82D, 0x1562A846, 0x62292C31, 0x6AE77F5E, 0xD72B0374,
+    0x462D538C, 0xF9C9091B, 0x47A67CBE, 0x0AE8DB58, 0x22611682, 0xB3A739C1,
+    0x2A281BF6, 0xEEAAC023, 0x77CAF992, 0x94C6651E, 0x94B2BBC1, 0x763E4E4B,
+    0x0077D9B4, 0x587E38DA, 0x183023C3, 0x7FB29F8C, 0xF9E3A26E, 0x0ABEC1FF,
+    0x350511E3, 0xA00EF092, 0xDB6340D8, 0xB855322E, 0xA9A96910, 0xA52471F7,
+    0x4CFDB477, 0x388147FB, 0x4E46041F, 0x9B1F5C3E, 0xFCCFEC71, 0xCDAD0657,
+    0x4C701C3A, 0xB38E8C33, 0xB1C0FD4C, 0x917BDD64, 0x9B7624C8, 0x3BB45432,
+    0xCAF53EA6, 0x23BA4442, 0x38532A3A, 0x4E677D2C, 0x45036C7A, 0x0BFD64B6,
+    0x5E0DD902, 0xC68A007E, 0xF44182E1, 0x4DB5A851, 0x7F88A46B, 0x8EC9B55A,
+    0xCEC97DCF, 0x0A8291CD, 0xF98D0ACC, 0x2A4ECEA9, 0x7140003C, 0x1A1DB93D,
+    0x33CB8B7A, 0x092999A3, 0x71AD0038, 0x6DC778F9, 0x918130C4, 0xA907600A,
+    0x2D9E6832, 0xED6A1E01, 0xEFB4318A, 0x7135C886, 0x7E31CC7A, 0x87F55BA5,
+    0x55034004, 0x7763CF1D, 0xD69F6D18, 0xAC7D5F42, 0xE58857B6, 0x7930E9E4,
+    0x164DF4FB, 0x6E6F52C3, 0x669E1EF1, 0x25E41D2B, 0x3FD59D7C, 0x3C1B20EE,
+    0xFA53DDEF, 0x0ABCD06B, 0xD5C4484E, 0x1DBF9A42, 0x9B0DEADA, 0xABC52197,
+    0x22363A0D, 0xE86D2BC5, 0x9C9DF69E, 0x5CAE82AB, 0x71F54BFF, 0x64F2E21E,
+    0xE2D74DD3, 0xF4FD4452, 0xBC437944, 0xB4130C93, 0x85139270, 0xAEFE1309,
+    0xC186D91C, 0x598CB0FA, 0x91F7F7EE, 0x7AD91D26, 0xD6E6C907, 0x61B46FC9,
+    0xF99C0238, 0xBC34F4DE, 0x6519035B, 0xDE355B3B, 0x611FCFDC, 0x886B4238,
+    0xC1B2EFFA, 0xC6F34A26, 0x7D1683B2, 0xC58EF183, 0x2EC22005, 0x3BB5FCBC,
+    0x4C6FAD73, 0xC3FE3B1B, 0xEEF28183, 0x8E4F1232, 0xE98583FF, 0x9172FE9C,
+    0x28342F61, 0xC03404CD, 0xCDF7E2EC, 0x9E02FCE1, 0xEE0A6D70, 0x0B07A7C8,
+    0x6372BB19, 0xAE56EDE7, 0xDE394DF4, 0x1D4F42A3, 0x60D7F468, 0xB96ADAB7,
+    0xB2C8E3FB, 0xD108A94B, 0xB324FB61, 0xBC0AB182, 0x483A797A, 0x30ACCA4F,
+    0x36ADE735, 0x1DF158A1, 0xF3EFE872, 0xE2A689DA, 0xE0E68B77, 0x984F0C70,
+    0x7F57C935, 0xB557135E, 0x3DED1AF3, 0x85636555, 0x5F066ED0, 0x2433F51F,
+    0xD5FD6561, 0xD3DF1ED5, 0xAEC4617A, 0xF681B202, 0x630C75D8, 0x7D2FE363,
+    0x249B3EF9, 0xCC939DCE, 0x146433FB, 0xA9E13641, 0xCE2D3695, 0xD8B9C583,
+    0x273D3CF1, 0xAFDC5620, 0xA2BB4A9A, 0xADF85458, 0xFFFFFFFF, 0xFFFFFFFF
+};
+
+static const BN_ULONG ffdhe8192_p[] = {
+    0xFFFFFFFF, 0xFFFFFFFF, 0xC5C6424C, 0xD68C8BB7, 0x838FF88C, 0x011E2A94,
+    0xA9F4614E, 0x0822E506, 0xF7A8443D, 0x97D11D49, 0x30677F0D, 0xA6BBFDE5,
+    0xC1FE86FE, 0x2F741EF8, 0x5D71A87E, 0xFAFABE1C, 0xFBE58A30, 0xDED2FBAB,
+    0x72B0A66E, 0xB6855DFE, 0xBA8A4FE8, 0x1EFC8CE0, 0x3F2FA457, 0x83F81D4A,
+    0xA577E231, 0xA1FE3075, 0x88D9C0A0, 0xD5B80194, 0xAD9A95F9, 0x624816CD,
+    0x50C1217B, 0x99E9E316, 0x0E423CFC, 0x51AA691E, 0x3826E52C, 0x1C217E6C,
+    0x09703FEE, 0x51A8A931, 0x6A460E74, 0xBB709987, 0x9C86B022, 0x541FC68C,
+    0x46FD8251, 0x59160CC0, 0x35C35F5C, 0x2846C0BA, 0x8B758282, 0x54504AC7,
+    0xD2AF05E4, 0x29388839, 0xC01BD702, 0xCB2C0F1C, 0x7C932665, 0x555B2F74,
+    0xA3AB8829, 0x86B63142, 0xF64B10EF, 0x0B8CC3BD, 0xEDD1CC5E, 0x687FEB69,
+    0xC9509D43, 0xFDB23FCE, 0xD951AE64, 0x1E425A31, 0xF600C838, 0x36AD004C,
+    0xCFF46AAA, 0xA40E329C, 0x7938DAD4, 0xA41D570D, 0xD43161C1, 0x62A69526,
+    0x9ADB1E69, 0x3FDD4A8E, 0xDC6B80D6, 0x5B3B71F9, 0xC6272B04, 0xEC9D1810,
+    0xCACEF403, 0x8CCF2DD5, 0xC95B9117, 0xE49F5235, 0xB854338A, 0x505DC82D,
+    0x1562A846, 0x62292C31, 0x6AE77F5E, 0xD72B0374, 0x462D538C, 0xF9C9091B,
+    0x47A67CBE, 0x0AE8DB58, 0x22611682, 0xB3A739C1, 0x2A281BF6, 0xEEAAC023,
+    0x77CAF992, 0x94C6651E, 0x94B2BBC1, 0x763E4E4B, 0x0077D9B4, 0x587E38DA,
+    0x183023C3, 0x7FB29F8C, 0xF9E3A26E, 0x0ABEC1FF, 0x350511E3, 0xA00EF092,
+    0xDB6340D8, 0xB855322E, 0xA9A96910, 0xA52471F7, 0x4CFDB477, 0x388147FB,
+    0x4E46041F, 0x9B1F5C3E, 0xFCCFEC71, 0xCDAD0657, 0x4C701C3A, 0xB38E8C33,
+    0xB1C0FD4C, 0x917BDD64, 0x9B7624C8, 0x3BB45432, 0xCAF53EA6, 0x23BA4442,
+    0x38532A3A, 0x4E677D2C, 0x45036C7A, 0x0BFD64B6, 0x5E0DD902, 0xC68A007E,
+    0xF44182E1, 0x4DB5A851, 0x7F88A46B, 0x8EC9B55A, 0xCEC97DCF, 0x0A8291CD,
+    0xF98D0ACC, 0x2A4ECEA9, 0x7140003C, 0x1A1DB93D, 0x33CB8B7A, 0x092999A3,
+    0x71AD0038, 0x6DC778F9, 0x918130C4, 0xA907600A, 0x2D9E6832, 0xED6A1E01,
+    0xEFB4318A, 0x7135C886, 0x7E31CC7A, 0x87F55BA5, 0x55034004, 0x7763CF1D,
+    0xD69F6D18, 0xAC7D5F42, 0xE58857B6, 0x7930E9E4, 0x164DF4FB, 0x6E6F52C3,
+    0x669E1EF1, 0x25E41D2B, 0x3FD59D7C, 0x3C1B20EE, 0xFA53DDEF, 0x0ABCD06B,
+    0xD5C4484E, 0x1DBF9A42, 0x9B0DEADA, 0xABC52197, 0x22363A0D, 0xE86D2BC5,
+    0x9C9DF69E, 0x5CAE82AB, 0x71F54BFF, 0x64F2E21E, 0xE2D74DD3, 0xF4FD4452,
+    0xBC437944, 0xB4130C93, 0x85139270, 0xAEFE1309, 0xC186D91C, 0x598CB0FA,
+    0x91F7F7EE, 0x7AD91D26, 0xD6E6C907, 0x61B46FC9, 0xF99C0238, 0xBC34F4DE,
+    0x6519035B, 0xDE355B3B, 0x611FCFDC, 0x886B4238, 0xC1B2EFFA, 0xC6F34A26,
+    0x7D1683B2, 0xC58EF183, 0x2EC22005, 0x3BB5FCBC, 0x4C6FAD73, 0xC3FE3B1B,
+    0xEEF28183, 0x8E4F1232, 0xE98583FF, 0x9172FE9C, 0x28342F61, 0xC03404CD,
+    0xCDF7E2EC, 0x9E02FCE1, 0xEE0A6D70, 0x0B07A7C8, 0x6372BB19, 0xAE56EDE7,
+    0xDE394DF4, 0x1D4F42A3, 0x60D7F468, 0xB96ADAB7, 0xB2C8E3FB, 0xD108A94B,
+    0xB324FB61, 0xBC0AB182, 0x483A797A, 0x30ACCA4F, 0x36ADE735, 0x1DF158A1,
+    0xF3EFE872, 0xE2A689DA, 0xE0E68B77, 0x984F0C70, 0x7F57C935, 0xB557135E,
+    0x3DED1AF3, 0x85636555, 0x5F066ED0, 0x2433F51F, 0xD5FD6561, 0xD3DF1ED5,
+    0xAEC4617A, 0xF681B202, 0x630C75D8, 0x7D2FE363, 0x249B3EF9, 0xCC939DCE,
+    0x146433FB, 0xA9E13641, 0xCE2D3695, 0xD8B9C583, 0x273D3CF1, 0xAFDC5620,
+    0xA2BB4A9A, 0xADF85458, 0xFFFFFFFF, 0xFFFFFFFF
+};
+
+# else
+#  error "unsupported BN_BITS2"
+# endif
+
+/* Macro to make a BIGNUM from static data */
+
+# define make_dh_bn(x) extern const BIGNUM _bignum_##x; \
+                       const BIGNUM _bignum_##x = { (BN_ULONG *) x, \
+                        OSSL_NELEM(x),\
+                        OSSL_NELEM(x),\
+                        0, BN_FLG_STATIC_DATA };
+
+static const BN_ULONG value_2 = 2;
+
+const BIGNUM _bignum_const_2 =
+    { (BN_ULONG *)&value_2, 1, 1, 0, BN_FLG_STATIC_DATA };
+
+make_dh_bn(dh1024_160_p)
+make_dh_bn(dh1024_160_g)
+make_dh_bn(dh1024_160_q)
+make_dh_bn(dh2048_224_p)
+make_dh_bn(dh2048_224_g)
+make_dh_bn(dh2048_224_q)
+make_dh_bn(dh2048_256_p)
+make_dh_bn(dh2048_256_g)
+make_dh_bn(dh2048_256_q)
+
+make_dh_bn(ffdhe2048_p)
+make_dh_bn(ffdhe3072_p)
+make_dh_bn(ffdhe4096_p)
+make_dh_bn(ffdhe6144_p)
+make_dh_bn(ffdhe8192_p)
+
+
+#endif
diff --git a/freebsd/crypto/openssl/crypto/bn/bn_div.c b/freebsd/crypto/openssl/crypto/bn/bn_div.c
index 2888becf..a4435c72 100644
--- a/freebsd/crypto/openssl/crypto/bn/bn_div.c
+++ b/freebsd/crypto/openssl/crypto/bn/bn_div.c
@@ -1,66 +1,16 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/bn/bn_div.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/bn.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include "bn_lcl.h"
 
 /* The old slow way */
@@ -76,17 +26,17 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
     bn_check_top(d);
     if (BN_is_zero(d)) {
         BNerr(BN_F_BN_DIV, BN_R_DIV_BY_ZERO);
-        return (0);
+        return 0;
     }
 
     if (BN_ucmp(m, d) < 0) {
         if (rem != NULL) {
             if (BN_copy(rem, m) == NULL)
-                return (0);
+                return 0;
         }
         if (dv != NULL)
             BN_zero(dv);
-        return (1);
+        return 1;
     }
 
     BN_CTX_start(ctx);
@@ -133,7 +83,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
     ret = 1;
  end:
     BN_CTX_end(ctx);
-    return (ret);
+    return ret;
 }
 
 #else
@@ -149,8 +99,6 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
     *   understand why...);
     * - divl doesn't only calculate quotient, but also leaves
     *   remainder in %edx which we can definitely use here:-)
-    *
-    *                                   <appro@fy.chalmers.se>
     */
 #    undef bn_div_words
 #    define bn_div_words(n0,n1,d0)                \
@@ -165,7 +113,6 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
 #   elif defined(__x86_64) && defined(SIXTY_FOUR_BIT_LONG)
    /*
     * Same story here, but it's 128-bit by 64-bit division. Wow!
-    *                                   <appro@fy.chalmers.se>
     */
 #    undef bn_div_words
 #    define bn_div_words(n0,n1,d0)                \
@@ -182,7 +129,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
 # endif                         /* OPENSSL_NO_ASM */
 
 /*-
- * BN_div computes  dv := num / divisor,  rounding towards
+ * BN_div computes  dv := num / divisor, rounding towards
  * zero, and sets up rm  such that  dv*divisor + rm = num  holds.
  * Thus:
  *     dv->neg == num->neg ^ divisor->neg  (unless the result is zero)
@@ -229,28 +176,25 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
 
     if (BN_is_zero(divisor)) {
         BNerr(BN_F_BN_DIV, BN_R_DIV_BY_ZERO);
-        return (0);
+        return 0;
     }
 
     if (!no_branch && BN_ucmp(num, divisor) < 0) {
         if (rm != NULL) {
             if (BN_copy(rm, num) == NULL)
-                return (0);
+                return 0;
         }
         if (dv != NULL)
             BN_zero(dv);
-        return (1);
+        return 1;
     }
 
     BN_CTX_start(ctx);
+    res = (dv == NULL) ? BN_CTX_get(ctx) : dv;
     tmp = BN_CTX_get(ctx);
     snum = BN_CTX_get(ctx);
     sdiv = BN_CTX_get(ctx);
-    if (dv == NULL)
-        res = BN_CTX_get(ctx);
-    else
-        res = dv;
-    if (sdiv == NULL || res == NULL || tmp == NULL || snum == NULL)
+    if (sdiv == NULL)
         goto err;
 
     /* First we normalise the numbers */
@@ -307,9 +251,9 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
     wnump = &(snum->d[num_n - 1]);
 
     /* Setup to 'res' */
-    res->neg = (num->neg ^ divisor->neg);
     if (!bn_wexpand(res, (loop + 1)))
         goto err;
+    res->neg = (num->neg ^ divisor->neg);
     res->top = loop - no_branch;
     resp = &(res->d[loop - 1]);
 
@@ -331,6 +275,9 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
             res->top--;
     }
 
+    /* Increase the resp pointer so that we never create an invalid pointer. */
+    resp++;
+
     /*
      * if res->top == 0 then clear the neg value otherwise decrease the resp
      * pointer
@@ -340,7 +287,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
     else
         resp--;
 
-    for (i = 0; i < loop - 1; i++, wnump--, resp--) {
+    for (i = 0; i < loop - 1; i++, wnump--) {
         BN_ULONG q, l0;
         /*
          * the first part of the loop uses the top two words of snum and sdiv
@@ -365,10 +312,6 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
             q = (BN_ULONG)(((((BN_ULLONG) n0) << BN_BITS2) | n1) / d0);
 #   else
             q = bn_div_words(n0, n1, d0);
-#    ifdef BN_DEBUG_LEVITTE
-            fprintf(stderr, "DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\
-X) -> 0x%08X\n", n0, n1, d0, q);
-#    endif
 #   endif
 
 #   ifndef REMAINDER_IS_ALREADY_CALCULATED
@@ -393,10 +336,6 @@ X) -> 0x%08X\n", n0, n1, d0, q);
             BN_ULONG t2l, t2h;
 
             q = bn_div_words(n0, n1, d0);
-#   ifdef BN_DEBUG_LEVITTE
-            fprintf(stderr, "DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\
-X) -> 0x%08X\n", n0, n1, d0, q);
-#   endif
 #   ifndef REMAINDER_IS_ALREADY_CALCULATED
             rem = (n1 - q * d0) & BN_MASK2;
 #   endif
@@ -454,6 +393,7 @@ X) -> 0x%08X\n", n0, n1, d0, q);
                 (*wnump)++;
         }
         /* store part of the result */
+        resp--;
         *resp = q;
     }
     bn_correct_top(snum);
@@ -471,10 +411,10 @@ X) -> 0x%08X\n", n0, n1, d0, q);
     if (no_branch)
         bn_correct_top(res);
     BN_CTX_end(ctx);
-    return (1);
+    return 1;
  err:
     bn_check_top(rm);
     BN_CTX_end(ctx);
-    return (0);
+    return 0;
 }
 #endif
diff --git a/freebsd/crypto/openssl/crypto/bn/bn_err.c b/freebsd/crypto/openssl/crypto/bn/bn_err.c
index c9f6ee0d..9bae4118 100644
--- a/freebsd/crypto/openssl/crypto/bn/bn_err.c
+++ b/freebsd/crypto/openssl/crypto/bn/bn_err.c
@@ -1,156 +1,120 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/bn/bn_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2015 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
 /*
- * NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
-#include <openssl/bn.h>
+#include <openssl/bnerr.h>
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_BN,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_BN,0,reason)
-
-static ERR_STRING_DATA BN_str_functs[] = {
-    {ERR_FUNC(BN_F_BNRAND), "BNRAND"},
-    {ERR_FUNC(BN_F_BN_BLINDING_CONVERT_EX), "BN_BLINDING_convert_ex"},
-    {ERR_FUNC(BN_F_BN_BLINDING_CREATE_PARAM), "BN_BLINDING_create_param"},
-    {ERR_FUNC(BN_F_BN_BLINDING_INVERT_EX), "BN_BLINDING_invert_ex"},
-    {ERR_FUNC(BN_F_BN_BLINDING_NEW), "BN_BLINDING_new"},
-    {ERR_FUNC(BN_F_BN_BLINDING_UPDATE), "BN_BLINDING_update"},
-    {ERR_FUNC(BN_F_BN_BN2DEC), "BN_bn2dec"},
-    {ERR_FUNC(BN_F_BN_BN2HEX), "BN_bn2hex"},
-    {ERR_FUNC(BN_F_BN_CTX_GET), "BN_CTX_get"},
-    {ERR_FUNC(BN_F_BN_CTX_NEW), "BN_CTX_new"},
-    {ERR_FUNC(BN_F_BN_CTX_START), "BN_CTX_start"},
-    {ERR_FUNC(BN_F_BN_DIV), "BN_div"},
-    {ERR_FUNC(BN_F_BN_DIV_NO_BRANCH), "BN_div_no_branch"},
-    {ERR_FUNC(BN_F_BN_DIV_RECP), "BN_div_recp"},
-    {ERR_FUNC(BN_F_BN_EXP), "BN_exp"},
-    {ERR_FUNC(BN_F_BN_EXPAND2), "bn_expand2"},
-    {ERR_FUNC(BN_F_BN_EXPAND_INTERNAL), "BN_EXPAND_INTERNAL"},
-    {ERR_FUNC(BN_F_BN_GF2M_MOD), "BN_GF2m_mod"},
-    {ERR_FUNC(BN_F_BN_GF2M_MOD_EXP), "BN_GF2m_mod_exp"},
-    {ERR_FUNC(BN_F_BN_GF2M_MOD_MUL), "BN_GF2m_mod_mul"},
-    {ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD), "BN_GF2m_mod_solve_quad"},
-    {ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR), "BN_GF2m_mod_solve_quad_arr"},
-    {ERR_FUNC(BN_F_BN_GF2M_MOD_SQR), "BN_GF2m_mod_sqr"},
-    {ERR_FUNC(BN_F_BN_GF2M_MOD_SQRT), "BN_GF2m_mod_sqrt"},
-    {ERR_FUNC(BN_F_BN_LSHIFT), "BN_lshift"},
-    {ERR_FUNC(BN_F_BN_MOD_EXP2_MONT), "BN_mod_exp2_mont"},
-    {ERR_FUNC(BN_F_BN_MOD_EXP_MONT), "BN_mod_exp_mont"},
-    {ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME), "BN_mod_exp_mont_consttime"},
-    {ERR_FUNC(BN_F_BN_MOD_EXP_MONT_WORD), "BN_mod_exp_mont_word"},
-    {ERR_FUNC(BN_F_BN_MOD_EXP_RECP), "BN_mod_exp_recp"},
-    {ERR_FUNC(BN_F_BN_MOD_EXP_SIMPLE), "BN_mod_exp_simple"},
-    {ERR_FUNC(BN_F_BN_MOD_INVERSE), "BN_mod_inverse"},
-    {ERR_FUNC(BN_F_BN_MOD_INVERSE_NO_BRANCH), "BN_mod_inverse_no_branch"},
-    {ERR_FUNC(BN_F_BN_MOD_LSHIFT_QUICK), "BN_mod_lshift_quick"},
-    {ERR_FUNC(BN_F_BN_MOD_MUL_RECIPROCAL), "BN_mod_mul_reciprocal"},
-    {ERR_FUNC(BN_F_BN_MOD_SQRT), "BN_mod_sqrt"},
-    {ERR_FUNC(BN_F_BN_MPI2BN), "BN_mpi2bn"},
-    {ERR_FUNC(BN_F_BN_NEW), "BN_new"},
-    {ERR_FUNC(BN_F_BN_RAND), "BN_rand"},
-    {ERR_FUNC(BN_F_BN_RAND_RANGE), "BN_rand_range"},
-    {ERR_FUNC(BN_F_BN_RSHIFT), "BN_rshift"},
-    {ERR_FUNC(BN_F_BN_USUB), "BN_usub"},
+static const ERR_STRING_DATA BN_str_functs[] = {
+    {ERR_PACK(ERR_LIB_BN, BN_F_BNRAND, 0), "bnrand"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BNRAND_RANGE, 0), "bnrand_range"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_BLINDING_CONVERT_EX, 0),
+     "BN_BLINDING_convert_ex"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_BLINDING_CREATE_PARAM, 0),
+     "BN_BLINDING_create_param"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_BLINDING_INVERT_EX, 0),
+     "BN_BLINDING_invert_ex"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_BLINDING_NEW, 0), "BN_BLINDING_new"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_BLINDING_UPDATE, 0), "BN_BLINDING_update"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_BN2DEC, 0), "BN_bn2dec"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_BN2HEX, 0), "BN_bn2hex"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_COMPUTE_WNAF, 0), "bn_compute_wNAF"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_CTX_GET, 0), "BN_CTX_get"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_CTX_NEW, 0), "BN_CTX_new"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_CTX_START, 0), "BN_CTX_start"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_DIV, 0), "BN_div"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_DIV_RECP, 0), "BN_div_recp"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_EXP, 0), "BN_exp"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_EXPAND_INTERNAL, 0), "bn_expand_internal"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_GENCB_NEW, 0), "BN_GENCB_new"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_GENERATE_DSA_NONCE, 0),
+     "BN_generate_dsa_nonce"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_GENERATE_PRIME_EX, 0),
+     "BN_generate_prime_ex"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD, 0), "BN_GF2m_mod"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD_EXP, 0), "BN_GF2m_mod_exp"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD_MUL, 0), "BN_GF2m_mod_mul"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD_SOLVE_QUAD, 0),
+     "BN_GF2m_mod_solve_quad"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR, 0),
+     "BN_GF2m_mod_solve_quad_arr"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD_SQR, 0), "BN_GF2m_mod_sqr"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD_SQRT, 0), "BN_GF2m_mod_sqrt"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_LSHIFT, 0), "BN_lshift"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_EXP2_MONT, 0), "BN_mod_exp2_mont"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_EXP_MONT, 0), "BN_mod_exp_mont"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_EXP_MONT_CONSTTIME, 0),
+     "BN_mod_exp_mont_consttime"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_EXP_MONT_WORD, 0),
+     "BN_mod_exp_mont_word"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_EXP_RECP, 0), "BN_mod_exp_recp"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_EXP_SIMPLE, 0), "BN_mod_exp_simple"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_INVERSE, 0), "BN_mod_inverse"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_INVERSE_NO_BRANCH, 0),
+     "BN_mod_inverse_no_branch"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_LSHIFT_QUICK, 0), "BN_mod_lshift_quick"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_SQRT, 0), "BN_mod_sqrt"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_MONT_CTX_NEW, 0), "BN_MONT_CTX_new"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_MPI2BN, 0), "BN_mpi2bn"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_NEW, 0), "BN_new"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_POOL_GET, 0), "BN_POOL_get"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_RAND, 0), "BN_rand"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_RAND_RANGE, 0), "BN_rand_range"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_RECP_CTX_NEW, 0), "BN_RECP_CTX_new"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_RSHIFT, 0), "BN_rshift"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_SET_WORDS, 0), "bn_set_words"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_STACK_PUSH, 0), "BN_STACK_push"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_USUB, 0), "BN_usub"},
     {0, NULL}
 };
 
-static ERR_STRING_DATA BN_str_reasons[] = {
-    {ERR_REASON(BN_R_ARG2_LT_ARG3), "arg2 lt arg3"},
-    {ERR_REASON(BN_R_BAD_RECIPROCAL), "bad reciprocal"},
-    {ERR_REASON(BN_R_BIGNUM_TOO_LONG), "bignum too long"},
-    {ERR_REASON(BN_R_BITS_TOO_SMALL), "bits too small"},
-    {ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS), "called with even modulus"},
-    {ERR_REASON(BN_R_DIV_BY_ZERO), "div by zero"},
-    {ERR_REASON(BN_R_ENCODING_ERROR), "encoding error"},
-    {ERR_REASON(BN_R_EXPAND_ON_STATIC_BIGNUM_DATA),
-     "expand on static bignum data"},
-    {ERR_REASON(BN_R_INPUT_NOT_REDUCED), "input not reduced"},
-    {ERR_REASON(BN_R_INVALID_LENGTH), "invalid length"},
-    {ERR_REASON(BN_R_INVALID_RANGE), "invalid range"},
-    {ERR_REASON(BN_R_INVALID_SHIFT), "invalid shift"},
-    {ERR_REASON(BN_R_NOT_A_SQUARE), "not a square"},
-    {ERR_REASON(BN_R_NOT_INITIALIZED), "not initialized"},
-    {ERR_REASON(BN_R_NO_INVERSE), "no inverse"},
-    {ERR_REASON(BN_R_NO_SOLUTION), "no solution"},
-    {ERR_REASON(BN_R_P_IS_NOT_PRIME), "p is not prime"},
-    {ERR_REASON(BN_R_TOO_MANY_ITERATIONS), "too many iterations"},
-    {ERR_REASON(BN_R_TOO_MANY_TEMPORARY_VARIABLES),
-     "too many temporary variables"},
+static const ERR_STRING_DATA BN_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_ARG2_LT_ARG3), "arg2 lt arg3"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_BAD_RECIPROCAL), "bad reciprocal"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_BIGNUM_TOO_LONG), "bignum too long"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_BITS_TOO_SMALL), "bits too small"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_CALLED_WITH_EVEN_MODULUS),
+    "called with even modulus"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_DIV_BY_ZERO), "div by zero"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_ENCODING_ERROR), "encoding error"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_EXPAND_ON_STATIC_BIGNUM_DATA),
+    "expand on static bignum data"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_INPUT_NOT_REDUCED), "input not reduced"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_INVALID_LENGTH), "invalid length"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_INVALID_RANGE), "invalid range"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_INVALID_SHIFT), "invalid shift"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_NOT_A_SQUARE), "not a square"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_NOT_INITIALIZED), "not initialized"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_NO_INVERSE), "no inverse"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_NO_SOLUTION), "no solution"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_PRIVATE_KEY_TOO_LARGE),
+    "private key too large"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_P_IS_NOT_PRIME), "p is not prime"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_TOO_MANY_ITERATIONS), "too many iterations"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_TOO_MANY_TEMPORARY_VARIABLES),
+    "too many temporary variables"},
     {0, NULL}
 };
 
 #endif
 
-void ERR_load_BN_strings(void)
+int ERR_load_BN_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
-
     if (ERR_func_error_string(BN_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, BN_str_functs);
-        ERR_load_strings(0, BN_str_reasons);
+        ERR_load_strings_const(BN_str_functs);
+        ERR_load_strings_const(BN_str_reasons);
     }
 #endif
+    return 1;
 }
diff --git a/freebsd/crypto/openssl/crypto/bn/bn_exp.c b/freebsd/crypto/openssl/crypto/bn/bn_exp.c
index 423285dc..016d944a 100644
--- a/freebsd/crypto/openssl/crypto/bn/bn_exp.c
+++ b/freebsd/crypto/openssl/crypto/bn/bn_exp.c
@@ -1,118 +1,16 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/bn/bn_exp.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2018 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include "cryptlib.h"
-#include "constant_time_locl.h"
+#include "internal/cryptlib.h"
+#include "internal/constant_time_locl.h"
 #include "bn_lcl.h"
 
 #include <stdlib.h>
@@ -155,10 +53,7 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
     }
 
     BN_CTX_start(ctx);
-    if ((r == a) || (r == p))
-        rr = BN_CTX_get(ctx);
-    else
-        rr = r;
+    rr = ((r == a) || (r == p)) ? BN_CTX_get(ctx) : r;
     v = BN_CTX_get(ctx);
     if (rr == NULL || v == NULL)
         goto err;
@@ -190,7 +85,7 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
  err:
     BN_CTX_end(ctx);
     bn_check_top(r);
-    return (ret);
+    return ret;
 }
 
 int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
@@ -203,7 +98,7 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
     bn_check_top(m);
 
     /*-
-     * For even modulus  m = 2^k*m_odd,  it might make sense to compute
+     * For even modulus  m = 2^k*m_odd, it might make sense to compute
      * a^p mod m_odd  and  a^p mod 2^k  separately (with Montgomery
      * exponentiation for the odd part), using appropriate exponent
      * reductions, and combine the results using the CRT.
@@ -238,13 +133,6 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
 #define RECP_MUL_MOD
 
 #ifdef MONT_MUL_MOD
-    /*
-     * I have finally been able to take out this pre-condition of the top bit
-     * being set.  It was caused by an error in BN_div with negatives.  There
-     * was also another problem when for a^b%m a >= m.  eay 07-May-97
-     */
-    /* if ((m->d[m->top-1]&BN_TBIT) && BN_is_odd(m)) */
-
     if (BN_is_odd(m)) {
 # ifdef MONT_EXP_WORD
         if (a->top == 1 && !a->neg
@@ -269,7 +157,7 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
 #endif
 
     bn_check_top(r);
-    return (ret);
+    return ret;
 }
 
 int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
@@ -305,7 +193,7 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
     BN_CTX_start(ctx);
     aa = BN_CTX_get(ctx);
     val[0] = BN_CTX_get(ctx);
-    if (!aa || !val[0])
+    if (val[0] == NULL)
         goto err;
 
     BN_RECP_CTX_init(&recp);
@@ -404,7 +292,7 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
     BN_CTX_end(ctx);
     BN_RECP_CTX_free(&recp);
     bn_check_top(r);
-    return (ret);
+    return ret;
 }
 
 int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
@@ -430,7 +318,7 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
 
     if (!BN_is_odd(m)) {
         BNerr(BN_F_BN_MOD_EXP_MONT, BN_R_CALLED_WITH_EVEN_MODULUS);
-        return (0);
+        return 0;
     }
     bits = BN_num_bits(p);
     if (bits == 0) {
@@ -448,7 +336,7 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
     d = BN_CTX_get(ctx);
     r = BN_CTX_get(ctx);
     val[0] = BN_CTX_get(ctx);
-    if (!d || !r || !val[0])
+    if (val[0] == NULL)
         goto err;
 
     /*
@@ -470,11 +358,6 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
         aa = val[0];
     } else
         aa = a;
-    if (BN_is_zero(aa)) {
-        BN_zero(rr);
-        ret = 1;
-        goto err;
-    }
     if (!bn_to_mont_fixed_top(val[0], aa, mont, ctx))
         goto err;               /* 1 */
 
@@ -581,14 +464,13 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
         goto err;
     ret = 1;
  err:
-    if ((in_mont == NULL) && (mont != NULL))
+    if (in_mont == NULL)
         BN_MONT_CTX_free(mont);
     BN_CTX_end(ctx);
     bn_check_top(rr);
-    return (ret);
+    return ret;
 }
 
-#if defined(SPARC_T4_MONT)
 static BN_ULONG bn_get_bits(const BIGNUM *a, int bitpos)
 {
     BN_ULONG ret = 0;
@@ -607,7 +489,6 @@ static BN_ULONG bn_get_bits(const BIGNUM *a, int bitpos)
 
     return ret & BN_MASK2;
 }
-#endif
 
 /*
  * BN_mod_exp_mont_consttime() stores the precomputed powers in a specific
@@ -640,6 +521,14 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top,
 {
     int i, j;
     int width = 1 << window;
+    /*
+     * We declare table 'volatile' in order to discourage compiler
+     * from reordering loads from the table. Concern is that if
+     * reordered in specific manner loads might give away the
+     * information we are trying to conceal. Some would argue that
+     * compiler can reorder them anyway, but it can as well be
+     * argued that doing so would be violation of standard...
+     */
     volatile BN_ULONG *table = (volatile BN_ULONG *)buf;
 
     if (bn_wexpand(b, top) == NULL)
@@ -706,7 +595,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
                               const BIGNUM *m, BN_CTX *ctx,
                               BN_MONT_CTX *in_mont)
 {
-    int i, bits, ret = 0, window, wvalue;
+    int i, bits, ret = 0, window, wvalue, wmask, window0;
     int top;
     BN_MONT_CTX *mont = NULL;
 
@@ -725,7 +614,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
 
     if (!BN_is_odd(m)) {
         BNerr(BN_F_BN_MOD_EXP_MONT_CONSTTIME, BN_R_CALLED_WITH_EVEN_MODULUS);
-        return (0);
+        return 0;
     }
 
     top = m->top;
@@ -762,31 +651,33 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
     }
 
 #ifdef RSAZ_ENABLED
-    /*
-     * If the size of the operands allow it, perform the optimized
-     * RSAZ exponentiation. For further information see
-     * crypto/bn/rsaz_exp.c and accompanying assembly modules.
-     */
-    if ((16 == a->top) && (16 == p->top) && (BN_num_bits(m) == 1024)
-        && rsaz_avx2_eligible()) {
-        if (NULL == bn_wexpand(rr, 16))
+    if (!a->neg) {
+        /*
+         * If the size of the operands allow it, perform the optimized
+         * RSAZ exponentiation. For further information see
+         * crypto/bn/rsaz_exp.c and accompanying assembly modules.
+         */
+        if ((16 == a->top) && (16 == p->top) && (BN_num_bits(m) == 1024)
+            && rsaz_avx2_eligible()) {
+            if (NULL == bn_wexpand(rr, 16))
+                goto err;
+            RSAZ_1024_mod_exp_avx2(rr->d, a->d, p->d, m->d, mont->RR.d,
+                                   mont->n0[0]);
+            rr->top = 16;
+            rr->neg = 0;
+            bn_correct_top(rr);
+            ret = 1;
             goto err;
-        RSAZ_1024_mod_exp_avx2(rr->d, a->d, p->d, m->d, mont->RR.d,
-                               mont->n0[0]);
-        rr->top = 16;
-        rr->neg = 0;
-        bn_correct_top(rr);
-        ret = 1;
-        goto err;
-    } else if ((8 == a->top) && (8 == p->top) && (BN_num_bits(m) == 512)) {
-        if (NULL == bn_wexpand(rr, 8))
+        } else if ((8 == a->top) && (8 == p->top) && (BN_num_bits(m) == 512)) {
+            if (NULL == bn_wexpand(rr, 8))
+                goto err;
+            RSAZ_512_mod_exp(rr->d, a->d, p->d, m->d, mont->n0[0], mont->RR.d);
+            rr->top = 8;
+            rr->neg = 0;
+            bn_correct_top(rr);
+            ret = 1;
             goto err;
-        RSAZ_512_mod_exp(rr->d, a->d, p->d, m->d, mont->n0[0], mont->RR.d);
-        rr->top = 8;
-        rr->neg = 0;
-        bn_correct_top(rr);
-        ret = 1;
-        goto err;
+        }
     }
 #endif
 
@@ -824,8 +715,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
     else
 #endif
         if ((powerbufFree =
-             (unsigned char *)OPENSSL_malloc(powerbufLen +
-                                             MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH))
+             OPENSSL_malloc(powerbufLen + MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH))
             == NULL)
         goto err;
 
@@ -860,7 +750,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
 
     /* prepare a^1 in Montgomery domain */
     if (a->neg || BN_ucmp(a, m) >= 0) {
-        if (!BN_mod(&am, a, m, ctx))
+        if (!BN_nnmod(&am, a, m, ctx))
             goto err;
         if (!bn_to_mont_fixed_top(&am, &am, mont, ctx))
             goto err;
@@ -958,20 +848,27 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
         top /= 2;
         bn_flip_t4(np, mont->N.d, top);
 
-        bits--;
-        for (wvalue = 0, i = bits % 5; i >= 0; i--, bits--)
-            wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
+        /*
+         * The exponent may not have a whole number of fixed-size windows.
+         * To simplify the main loop, the initial window has between 1 and
+         * full-window-size bits such that what remains is always a whole
+         * number of windows
+         */
+        window0 = (bits - 1) % 5 + 1;
+        wmask = (1 << window0) - 1;
+        bits -= window0;
+        wvalue = bn_get_bits(p, bits) & wmask;
         bn_gather5_t4(tmp.d, top, powerbuf, wvalue);
 
         /*
          * Scan the exponent one window at a time starting from the most
          * significant bits.
          */
-        while (bits >= 0) {
+        while (bits > 0) {
             if (bits < stride)
-                stride = bits + 1;
+                stride = bits;
             bits -= stride;
-            wvalue = bn_get_bits(p, bits + 1);
+            wvalue = bn_get_bits(p, bits);
 
             if ((*pwr5_worker) (tmp.d, np, n0, powerbuf, wvalue, stride))
                 continue;
@@ -1079,32 +976,36 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
             bn_scatter5(tmp.d, top, powerbuf, i);
         }
 # endif
-        bits--;
-        for (wvalue = 0, i = bits % 5; i >= 0; i--, bits--)
-            wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
+        /*
+         * The exponent may not have a whole number of fixed-size windows.
+         * To simplify the main loop, the initial window has between 1 and
+         * full-window-size bits such that what remains is always a whole
+         * number of windows
+         */
+        window0 = (bits - 1) % 5 + 1;
+        wmask = (1 << window0) - 1;
+        bits -= window0;
+        wvalue = bn_get_bits(p, bits) & wmask;
         bn_gather5(tmp.d, top, powerbuf, wvalue);
 
         /*
          * Scan the exponent one window at a time starting from the most
          * significant bits.
          */
-        if (top & 7)
-            while (bits >= 0) {
-                for (wvalue = 0, i = 0; i < 5; i++, bits--)
-                    wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
-
+        if (top & 7) {
+            while (bits > 0) {
                 bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
                 bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
                 bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
                 bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
                 bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
                 bn_mul_mont_gather5(tmp.d, tmp.d, powerbuf, np, n0, top,
-                                    wvalue);
+                                    bn_get_bits5(p->d, bits -= 5));
+            }
         } else {
-            while (bits >= 0) {
-                wvalue = bn_get_bits5(p->d, bits - 4);
-                bits -= 5;
-                bn_power5(tmp.d, tmp.d, powerbuf, np, n0, top, wvalue);
+            while (bits > 0) {
+                bn_power5(tmp.d, tmp.d, powerbuf, np, n0, top,
+                          bn_get_bits5(p->d, bits -= 5));
             }
         }
 
@@ -1146,28 +1047,45 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
             }
         }
 
-        bits--;
-        for (wvalue = 0, i = bits % window; i >= 0; i--, bits--)
-            wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
+        /*
+         * The exponent may not have a whole number of fixed-size windows.
+         * To simplify the main loop, the initial window has between 1 and
+         * full-window-size bits such that what remains is always a whole
+         * number of windows
+         */
+        window0 = (bits - 1) % window + 1;
+        wmask = (1 << window0) - 1;
+        bits -= window0;
+        wvalue = bn_get_bits(p, bits) & wmask;
         if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&tmp, top, powerbuf, wvalue,
                                             window))
             goto err;
 
+        wmask = (1 << window) - 1;
         /*
          * Scan the exponent one window at a time starting from the most
          * significant bits.
          */
-        while (bits >= 0) {
-            wvalue = 0;         /* The 'value' of the window */
+        while (bits > 0) {
 
-            /* Scan the window, squaring the result as we go */
-            for (i = 0; i < window; i++, bits--) {
+            /* Square the result window-size times */
+            for (i = 0; i < window; i++)
                 if (!bn_mul_mont_fixed_top(&tmp, &tmp, &tmp, mont, ctx))
                     goto err;
-                wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
-            }
 
             /*
+             * Get a window's worth of bits from the exponent
+             * This avoids calling BN_is_bit_set for each bit, which
+             * is not only slower but also makes each bit vulnerable to
+             * EM (and likely other) side-channel attacks like One&Done
+             * (for details see "One&Done: A Single-Decryption EM-Based
+             *  Attack on OpenSSL’s Constant-Time Blinded RSA" by M. Alam,
+             *  H. Khan, M. Dey, N. Sinha, R. Callan, A. Zajic, and
+             *  M. Prvulovic, in USENIX Security'18)
+             */
+            bits -= window;
+            wvalue = bn_get_bits(p, bits) & wmask;
+            /*
              * Fetch the appropriate pre-computed value from the pre-buf
              */
             if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&am, top, powerbuf, wvalue,
@@ -1198,15 +1116,14 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
         goto err;
     ret = 1;
  err:
-    if ((in_mont == NULL) && (mont != NULL))
+    if (in_mont == NULL)
         BN_MONT_CTX_free(mont);
     if (powerbuf != NULL) {
         OPENSSL_cleanse(powerbuf, powerbufLen);
-        if (powerbufFree)
-            OPENSSL_free(powerbufFree);
+        OPENSSL_free(powerbufFree);
     }
     BN_CTX_end(ctx);
-    return (ret);
+    return ret;
 }
 
 int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
@@ -1216,7 +1133,7 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
     int b, bits, ret = 0;
     int r_is_one;
     BN_ULONG w, next_w;
-    BIGNUM *d, *r, *t;
+    BIGNUM *r, *t;
     BIGNUM *swap_tmp;
 #define BN_MOD_MUL_WORD(r, w, m) \
                 (BN_mul_word(r, (w)) && \
@@ -1247,7 +1164,7 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
 
     if (!BN_is_odd(m)) {
         BNerr(BN_F_BN_MOD_EXP_MONT_WORD, BN_R_CALLED_WITH_EVEN_MODULUS);
-        return (0);
+        return 0;
     }
     if (m->top == 1)
         a %= m->d[0];           /* make sure that 'a' is reduced */
@@ -1270,10 +1187,9 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
     }
 
     BN_CTX_start(ctx);
-    d = BN_CTX_get(ctx);
     r = BN_CTX_get(ctx);
     t = BN_CTX_get(ctx);
-    if (d == NULL || r == NULL || t == NULL)
+    if (t == NULL)
         goto err;
 
     if (in_mont != NULL)
@@ -1350,11 +1266,11 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
     }
     ret = 1;
  err:
-    if ((in_mont == NULL) && (mont != NULL))
+    if (in_mont == NULL)
         BN_MONT_CTX_free(mont);
     BN_CTX_end(ctx);
     bn_check_top(rr);
-    return (ret);
+    return ret;
 }
 
 /* The old fallback, simple version :-) */
@@ -1390,7 +1306,7 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
     BN_CTX_start(ctx);
     d = BN_CTX_get(ctx);
     val[0] = BN_CTX_get(ctx);
-    if (!d || !val[0])
+    if (val[0] == NULL)
         goto err;
 
     if (!BN_nnmod(val[0], a, m, ctx))
@@ -1475,5 +1391,5 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
  err:
     BN_CTX_end(ctx);
     bn_check_top(r);
-    return (ret);
+    return ret;
 }
diff --git a/freebsd/crypto/openssl/crypto/bn/bn_exp2.c b/freebsd/crypto/openssl/crypto/bn/bn_exp2.c
index dd388946..d403316c 100644
--- a/freebsd/crypto/openssl/crypto/bn/bn_exp2.c
+++ b/freebsd/crypto/openssl/crypto/bn/bn_exp2.c
@@ -1,118 +1,16 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/bn/bn_exp2.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include "bn_lcl.h"
 
 #define TABLE_SIZE      32
@@ -138,7 +36,7 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
 
     if (!(m->d[0] & 1)) {
         BNerr(BN_F_BN_MOD_EXP2_MONT, BN_R_CALLED_WITH_EVEN_MODULUS);
-        return (0);
+        return 0;
     }
     bits1 = BN_num_bits(p1);
     bits2 = BN_num_bits(p2);
@@ -154,7 +52,7 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
     r = BN_CTX_get(ctx);
     val1[0] = BN_CTX_get(ctx);
     val2[0] = BN_CTX_get(ctx);
-    if (!d || !r || !val1[0] || !val2[0])
+    if (val2[0] == NULL)
         goto err;
 
     if (in_mont != NULL)
@@ -297,9 +195,9 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
         goto err;
     ret = 1;
  err:
-    if ((in_mont == NULL) && (mont != NULL))
+    if (in_mont == NULL)
         BN_MONT_CTX_free(mont);
     BN_CTX_end(ctx);
     bn_check_top(rr);
-    return (ret);
+    return ret;
 }
diff --git a/freebsd/crypto/openssl/crypto/bn/bn_gcd.c b/freebsd/crypto/openssl/crypto/bn/bn_gcd.c
index 214c4f88..73347aac 100644
--- a/freebsd/crypto/openssl/crypto/bn/bn_gcd.c
+++ b/freebsd/crypto/openssl/crypto/bn/bn_gcd.c
@@ -1,117 +1,15 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/bn/bn_gcd.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include "bn_lcl.h"
 
 static BIGNUM *euclid(BIGNUM *a, BIGNUM *b);
@@ -127,7 +25,7 @@ int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx)
     BN_CTX_start(ctx);
     a = BN_CTX_get(ctx);
     b = BN_CTX_get(ctx);
-    if (a == NULL || b == NULL)
+    if (b == NULL)
         goto err;
 
     if (BN_copy(a, in_a) == NULL)
@@ -152,7 +50,7 @@ int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx)
  err:
     BN_CTX_end(ctx);
     bn_check_top(r);
-    return (ret);
+    return ret;
 }
 
 static BIGNUM *euclid(BIGNUM *a, BIGNUM *b)
@@ -215,9 +113,9 @@ static BIGNUM *euclid(BIGNUM *a, BIGNUM *b)
             goto err;
     }
     bn_check_top(a);
-    return (a);
+    return a;
  err:
-    return (NULL);
+    return NULL;
 }
 
 /* solves ax == 1 (mod n) */
@@ -228,10 +126,32 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
 BIGNUM *BN_mod_inverse(BIGNUM *in,
                        const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
 {
+    BIGNUM *rv;
+    int noinv;
+    rv = int_bn_mod_inverse(in, a, n, ctx, &noinv);
+    if (noinv)
+        BNerr(BN_F_BN_MOD_INVERSE, BN_R_NO_INVERSE);
+    return rv;
+}
+
+BIGNUM *int_bn_mod_inverse(BIGNUM *in,
+                           const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx,
+                           int *pnoinv)
+{
     BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL;
     BIGNUM *ret = NULL;
     int sign;
 
+    /* This is invalid input so we don't worry about constant time here */
+    if (BN_abs_is_word(n, 1) || BN_is_zero(n)) {
+        if (pnoinv != NULL)
+            *pnoinv = 1;
+        return NULL;
+    }
+
+    if (pnoinv != NULL)
+        *pnoinv = 0;
+
     if ((BN_get_flags(a, BN_FLG_CONSTTIME) != 0)
         || (BN_get_flags(n, BN_FLG_CONSTTIME) != 0)) {
         return BN_mod_inverse_no_branch(in, a, n, ctx);
@@ -278,11 +198,11 @@ BIGNUM *BN_mod_inverse(BIGNUM *in,
      *      sign*Y*a  ==  A   (mod |n|).
      */
 
-    if (BN_is_odd(n) && (BN_num_bits(n) <= (BN_BITS <= 32 ? 450 : 2048))) {
+    if (BN_is_odd(n) && (BN_num_bits(n) <= 2048)) {
         /*
          * Binary inversion algorithm; requires odd modulus. This is faster
          * than the general algorithm if the modulus is sufficiently small
-         * (about 400 .. 500 bits on 32-bit sytems, but much more on 64-bit
+         * (about 400 .. 500 bits on 32-bit systems, but much more on 64-bit
          * systems)
          */
         int shift;
@@ -366,8 +286,7 @@ BIGNUM *BN_mod_inverse(BIGNUM *in,
                 if (!BN_uadd(Y, Y, X))
                     goto err;
                 /*
-                 * as above, BN_mod_add_quick(Y, Y, X, n) would slow things
-                 * down
+                 * as above, BN_mod_add_quick(Y, Y, X, n) would slow things down
                  */
                 if (!BN_usub(A, A, B))
                     goto err;
@@ -437,8 +356,7 @@ BIGNUM *BN_mod_inverse(BIGNUM *in,
              * (**)  sign*Y*a  ==  D*B + M   (mod |n|).
              */
 
-            tmp = A;            /* keep the BIGNUM object, the value does not
-                                 * matter */
+            tmp = A;    /* keep the BIGNUM object, the value does not matter */
 
             /* (A, B) := (B, A mod B) ... */
             A = B;
@@ -459,15 +377,14 @@ BIGNUM *BN_mod_inverse(BIGNUM *in,
              * i.e.
              *        sign*(Y + D*X)*a  ==  B  (mod |n|).
              *
-             * So if we set  (X, Y, sign) := (Y + D*X, X, -sign),  we arrive back at
+             * So if we set  (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at
              *      -sign*X*a  ==  B   (mod |n|),
              *       sign*Y*a  ==  A   (mod |n|).
              * Note that  X  and  Y  stay non-negative all the time.
              */
 
             /*
-             * most of the time D is very small, so we can optimize tmp :=
-             * D*X+Y
+             * most of the time D is very small, so we can optimize tmp := D*X+Y
              */
             if (BN_is_one(D)) {
                 if (!BN_add(tmp, X, Y))
@@ -492,8 +409,7 @@ BIGNUM *BN_mod_inverse(BIGNUM *in,
                     goto err;
             }
 
-            M = Y;              /* keep the BIGNUM object, the value does not
-                                 * matter */
+            M = Y;      /* keep the BIGNUM object, the value does not matter */
             Y = X;
             X = tmp;
             sign = -sign;
@@ -524,7 +440,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *in,
                 goto err;
         }
     } else {
-        BNerr(BN_F_BN_MOD_INVERSE, BN_R_NO_INVERSE);
+        if (pnoinv)
+            *pnoinv = 1;
         goto err;
     }
     ret = R;
@@ -533,7 +450,7 @@ BIGNUM *BN_mod_inverse(BIGNUM *in,
         BN_free(R);
     BN_CTX_end(ctx);
     bn_check_top(ret);
-    return (ret);
+    return ret;
 }
 
 /*
@@ -545,8 +462,6 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
                                         BN_CTX *ctx)
 {
     BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL;
-    BIGNUM local_A, local_B;
-    BIGNUM *pA, *pB;
     BIGNUM *ret = NULL;
     int sign;
 
@@ -584,11 +499,14 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
          * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked,
          * BN_div_no_branch will be called eventually.
          */
-        pB = &local_B;
-        local_B.flags = 0;
-        BN_with_flags(pB, B, BN_FLG_CONSTTIME);
-        if (!BN_nnmod(B, pB, A, ctx))
-            goto err;
+         {
+            BIGNUM local_B;
+            bn_init(&local_B);
+            BN_with_flags(&local_B, B, BN_FLG_CONSTTIME);
+            if (!BN_nnmod(B, &local_B, A, ctx))
+                goto err;
+            /* Ensure local_B goes out of scope before any further use of B */
+        }
     }
     sign = -1;
     /*-
@@ -612,13 +530,16 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
          * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked,
          * BN_div_no_branch will be called eventually.
          */
-        pA = &local_A;
-        local_A.flags = 0;
-        BN_with_flags(pA, A, BN_FLG_CONSTTIME);
+        {
+            BIGNUM local_A;
+            bn_init(&local_A);
+            BN_with_flags(&local_A, A, BN_FLG_CONSTTIME);
 
-        /* (D, M) := (A/B, A%B) ... */
-        if (!BN_div(D, M, pA, B, ctx))
-            goto err;
+            /* (D, M) := (A/B, A%B) ... */
+            if (!BN_div(D, M, &local_A, B, ctx))
+                goto err;
+            /* Ensure local_A goes out of scope before any further use of A */
+        }
 
         /*-
          * Now
@@ -649,7 +570,7 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
          * i.e.
          *        sign*(Y + D*X)*a  ==  B  (mod |n|).
          *
-         * So if we set  (X, Y, sign) := (Y + D*X, X, -sign),  we arrive back at
+         * So if we set  (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at
          *      -sign*X*a  ==  B   (mod |n|),
          *       sign*Y*a  ==  A   (mod |n|).
          * Note that  X  and  Y  stay non-negative all the time.
@@ -700,5 +621,5 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
         BN_free(R);
     BN_CTX_end(ctx);
     bn_check_top(ret);
-    return (ret);
+    return ret;
 }
diff --git a/freebsd/crypto/openssl/crypto/bn/bn_gf2m.c b/freebsd/crypto/openssl/crypto/bn/bn_gf2m.c
index a2b29e3c..afd0823b 100644
--- a/freebsd/crypto/openssl/crypto/bn/bn_gf2m.c
+++ b/freebsd/crypto/openssl/crypto/bn/bn_gf2m.c
@@ -1,100 +1,19 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/bn/bn_gf2m.c */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
- * to the OpenSSL project.
- *
- * The ECC Code is licensed pursuant to the OpenSSL open source
- * license provided below.
- *
- * In addition, Sun covenants to all licensees who provide a reciprocal
- * covenant with respect to their own patents if any, not to sue under
- * current and future patent claims necessarily infringed by the making,
- * using, practicing, selling, offering for sale and/or otherwise
- * disposing of the ECC Code as delivered hereunder (or portions thereof),
- * provided that such covenant shall not apply:
- *  1) for code that a licensee deletes from the ECC Code;
- *  2) separates from the ECC Code; or
- *  3) for infringements caused by:
- *       i) the modification of the ECC Code or
- *      ii) the combination of the ECC Code with other software or
- *          devices where such combination causes the infringement.
- *
- * The software is originally written by Sheueling Chang Shantz and
- * Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-
 /*
- * NOTE: This file is licensed pursuant to the OpenSSL license below and may
- * be modified; but after modifications, the above covenant may no longer
- * apply! In such cases, the corresponding paragraph ["In addition, Sun
- * covenants ... causes the infringement."] and this note can be edited out;
- * but please keep the Sun copyright notice and attribution.
- */
-
-/* ====================================================================
- * Copyright (c) 1998-2018 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <assert.h>
 #include <limits.h>
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include "bn_lcl.h"
 
 #ifndef OPENSSL_NO_EC2M
@@ -476,8 +395,8 @@ int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p)
     int arr[6];
     bn_check_top(a);
     bn_check_top(p);
-    ret = BN_GF2m_poly2arr(p, arr, sizeof(arr) / sizeof(arr[0]));
-    if (!ret || ret > (int)(sizeof(arr) / sizeof(arr[0]))) {
+    ret = BN_GF2m_poly2arr(p, arr, OSSL_NELEM(arr));
+    if (!ret || ret > (int)OSSL_NELEM(arr)) {
         BNerr(BN_F_BN_GF2M_MOD, BN_R_INVALID_LENGTH);
         return 0;
     }
@@ -554,7 +473,7 @@ int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
     bn_check_top(a);
     bn_check_top(b);
     bn_check_top(p);
-    if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL)
+    if ((arr = OPENSSL_malloc(sizeof(*arr) * max)) == NULL)
         goto err;
     ret = BN_GF2m_poly2arr(p, arr, max);
     if (!ret || ret > max) {
@@ -564,8 +483,7 @@ int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
     ret = BN_GF2m_mod_mul_arr(r, a, b, arr, ctx);
     bn_check_top(r);
  err:
-    if (arr)
-        OPENSSL_free(arr);
+    OPENSSL_free(arr);
     return ret;
 }
 
@@ -613,7 +531,7 @@ int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
 
     bn_check_top(a);
     bn_check_top(p);
-    if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL)
+    if ((arr = OPENSSL_malloc(sizeof(*arr) * max)) == NULL)
         goto err;
     ret = BN_GF2m_poly2arr(p, arr, max);
     if (!ret || ret > max) {
@@ -623,8 +541,7 @@ int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
     ret = BN_GF2m_mod_sqr_arr(r, a, arr, ctx);
     bn_check_top(r);
  err:
-    if (arr)
-        OPENSSL_free(arr);
+    OPENSSL_free(arr);
     return ret;
 }
 
@@ -634,7 +551,8 @@ int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
  * Hernandez, J.L., and Menezes, A.  "Software Implementation of Elliptic
  * Curve Cryptography Over Binary Fields".
  */
-int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+static int BN_GF2m_mod_inv_vartime(BIGNUM *r, const BIGNUM *a,
+                                   const BIGNUM *p, BN_CTX *ctx)
 {
     BIGNUM *b, *c = NULL, *u = NULL, *v = NULL, *tmp;
     int ret = 0;
@@ -644,13 +562,11 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
 
     BN_CTX_start(ctx);
 
-    if ((b = BN_CTX_get(ctx)) == NULL)
-        goto err;
-    if ((c = BN_CTX_get(ctx)) == NULL)
-        goto err;
-    if ((u = BN_CTX_get(ctx)) == NULL)
-        goto err;
-    if ((v = BN_CTX_get(ctx)) == NULL)
+    b = BN_CTX_get(ctx);
+    c = BN_CTX_get(ctx);
+    u = BN_CTX_get(ctx);
+    v = BN_CTX_get(ctx);
+    if (v == NULL)
         goto err;
 
     if (!BN_GF2m_mod(u, a, p))
@@ -802,6 +718,46 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
     return ret;
 }
 
+/*-
+ * Wrapper for BN_GF2m_mod_inv_vartime that blinds the input before calling.
+ * This is not constant time.
+ * But it does eliminate first order deduction on the input.
+ */
+int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+{
+    BIGNUM *b = NULL;
+    int ret = 0;
+
+    BN_CTX_start(ctx);
+    if ((b = BN_CTX_get(ctx)) == NULL)
+        goto err;
+
+    /* generate blinding value */
+    do {
+        if (!BN_priv_rand(b, BN_num_bits(p) - 1,
+                          BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY))
+            goto err;
+    } while (BN_is_zero(b));
+
+    /* r := a * b */
+    if (!BN_GF2m_mod_mul(r, a, b, p, ctx))
+        goto err;
+
+    /* r := 1/(a * b) */
+    if (!BN_GF2m_mod_inv_vartime(r, r, p, ctx))
+        goto err;
+
+    /* r := b/(a * b) = 1/a */
+    if (!BN_GF2m_mod_mul(r, r, b, p, ctx))
+        goto err;
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
 /*
  * Invert xx, reduce modulo p, and store the result in r. r could be xx.
  * This function calls down to the BN_GF2m_mod_inv implementation; this
@@ -829,7 +785,6 @@ int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *xx, const int p[],
     return ret;
 }
 
-# ifndef OPENSSL_SUN_GF2M_DIV
 /*
  * Divide y by x, reduce modulo p, and store the result in r. r could be x
  * or y, x could equal y.
@@ -860,94 +815,6 @@ int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x,
     BN_CTX_end(ctx);
     return ret;
 }
-# else
-/*
- * Divide y by x, reduce modulo p, and store the result in r. r could be x
- * or y, x could equal y. Uses algorithm Modular_Division_GF(2^m) from
- * Chang-Shantz, S.  "From Euclid's GCD to Montgomery Multiplication to the
- * Great Divide".
- */
-int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x,
-                    const BIGNUM *p, BN_CTX *ctx)
-{
-    BIGNUM *a, *b, *u, *v;
-    int ret = 0;
-
-    bn_check_top(y);
-    bn_check_top(x);
-    bn_check_top(p);
-
-    BN_CTX_start(ctx);
-
-    a = BN_CTX_get(ctx);
-    b = BN_CTX_get(ctx);
-    u = BN_CTX_get(ctx);
-    v = BN_CTX_get(ctx);
-    if (v == NULL)
-        goto err;
-
-    /* reduce x and y mod p */
-    if (!BN_GF2m_mod(u, y, p))
-        goto err;
-    if (!BN_GF2m_mod(a, x, p))
-        goto err;
-    if (!BN_copy(b, p))
-        goto err;
-
-    while (!BN_is_odd(a)) {
-        if (!BN_rshift1(a, a))
-            goto err;
-        if (BN_is_odd(u))
-            if (!BN_GF2m_add(u, u, p))
-                goto err;
-        if (!BN_rshift1(u, u))
-            goto err;
-    }
-
-    do {
-        if (BN_GF2m_cmp(b, a) > 0) {
-            if (!BN_GF2m_add(b, b, a))
-                goto err;
-            if (!BN_GF2m_add(v, v, u))
-                goto err;
-            do {
-                if (!BN_rshift1(b, b))
-                    goto err;
-                if (BN_is_odd(v))
-                    if (!BN_GF2m_add(v, v, p))
-                        goto err;
-                if (!BN_rshift1(v, v))
-                    goto err;
-            } while (!BN_is_odd(b));
-        } else if (BN_abs_is_word(a, 1))
-            break;
-        else {
-            if (!BN_GF2m_add(a, a, b))
-                goto err;
-            if (!BN_GF2m_add(u, u, v))
-                goto err;
-            do {
-                if (!BN_rshift1(a, a))
-                    goto err;
-                if (BN_is_odd(u))
-                    if (!BN_GF2m_add(u, u, p))
-                        goto err;
-                if (!BN_rshift1(u, u))
-                    goto err;
-            } while (!BN_is_odd(a));
-        }
-    } while (1);
-
-    if (!BN_copy(r, u))
-        goto err;
-    bn_check_top(r);
-    ret = 1;
-
- err:
-    BN_CTX_end(ctx);
-    return ret;
-}
-# endif
 
 /*
  * Divide yy by xx, reduce modulo p, and store the result in r. r could be xx
@@ -993,7 +860,7 @@ int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
     bn_check_top(b);
 
     if (BN_is_zero(b))
-        return (BN_one(r));
+        return BN_one(r);
 
     if (BN_abs_is_word(b, 1))
         return (BN_copy(r, a) != NULL);
@@ -1038,7 +905,7 @@ int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
     bn_check_top(a);
     bn_check_top(b);
     bn_check_top(p);
-    if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL)
+    if ((arr = OPENSSL_malloc(sizeof(*arr) * max)) == NULL)
         goto err;
     ret = BN_GF2m_poly2arr(p, arr, max);
     if (!ret || ret > max) {
@@ -1048,8 +915,7 @@ int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
     ret = BN_GF2m_mod_exp_arr(r, a, b, arr, ctx);
     bn_check_top(r);
  err:
-    if (arr)
-        OPENSSL_free(arr);
+    OPENSSL_free(arr);
     return ret;
 }
 
@@ -1098,7 +964,7 @@ int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
     int *arr = NULL;
     bn_check_top(a);
     bn_check_top(p);
-    if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL)
+    if ((arr = OPENSSL_malloc(sizeof(*arr) * max)) == NULL)
         goto err;
     ret = BN_GF2m_poly2arr(p, arr, max);
     if (!ret || ret > max) {
@@ -1108,8 +974,7 @@ int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
     ret = BN_GF2m_mod_sqrt_arr(r, a, arr, ctx);
     bn_check_top(r);
  err:
-    if (arr)
-        OPENSSL_free(arr);
+    OPENSSL_free(arr);
     return ret;
 }
 
@@ -1168,7 +1033,7 @@ int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const int p[],
         if (tmp == NULL)
             goto err;
         do {
-            if (!BN_rand(rho, p[0], 0, 0))
+            if (!BN_priv_rand(rho, p[0], BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY))
                 goto err;
             if (!BN_GF2m_mod_arr(rho, rho, p))
                 goto err;
@@ -1229,7 +1094,7 @@ int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
     int *arr = NULL;
     bn_check_top(a);
     bn_check_top(p);
-    if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL)
+    if ((arr = OPENSSL_malloc(sizeof(*arr) * max)) == NULL)
         goto err;
     ret = BN_GF2m_poly2arr(p, arr, max);
     if (!ret || ret > max) {
@@ -1239,8 +1104,7 @@ int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
     ret = BN_GF2m_mod_solve_quad_arr(r, a, arr, ctx);
     bn_check_top(r);
  err:
-    if (arr)
-        OPENSSL_free(arr);
+    OPENSSL_free(arr);
     return ret;
 }
 
diff --git a/freebsd/crypto/openssl/crypto/bn/bn_intern.c b/freebsd/crypto/openssl/crypto/bn/bn_intern.c
new file mode 100644
index 00000000..5dc91f60
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/bn/bn_intern.c
@@ -0,0 +1,201 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include "bn_lcl.h"
+
+/*
+ * Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'.
+ * This is an array  r[]  of values that are either zero or odd with an
+ * absolute value less than  2^w  satisfying
+ *     scalar = \sum_j r[j]*2^j
+ * where at most one of any  w+1  consecutive digits is non-zero
+ * with the exception that the most significant digit may be only
+ * w-1 zeros away from that next non-zero digit.
+ */
+signed char *bn_compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len)
+{
+    int window_val;
+    signed char *r = NULL;
+    int sign = 1;
+    int bit, next_bit, mask;
+    size_t len = 0, j;
+
+    if (BN_is_zero(scalar)) {
+        r = OPENSSL_malloc(1);
+        if (r == NULL) {
+            BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        r[0] = 0;
+        *ret_len = 1;
+        return r;
+    }
+
+    if (w <= 0 || w > 7) {      /* 'signed char' can represent integers with
+                                 * absolute values less than 2^7 */
+        BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    bit = 1 << w;               /* at most 128 */
+    next_bit = bit << 1;        /* at most 256 */
+    mask = next_bit - 1;        /* at most 255 */
+
+    if (BN_is_negative(scalar)) {
+        sign = -1;
+    }
+
+    if (scalar->d == NULL || scalar->top == 0) {
+        BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    len = BN_num_bits(scalar);
+    r = OPENSSL_malloc(len + 1); /*
+                                  * Modified wNAF may be one digit longer than binary representation
+                                  * (*ret_len will be set to the actual length, i.e. at most
+                                  * BN_num_bits(scalar) + 1)
+                                  */
+    if (r == NULL) {
+        BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    window_val = scalar->d[0] & mask;
+    j = 0;
+    while ((window_val != 0) || (j + w + 1 < len)) { /* if j+w+1 >= len,
+                                                      * window_val will not
+                                                      * increase */
+        int digit = 0;
+
+        /* 0 <= window_val <= 2^(w+1) */
+
+        if (window_val & 1) {
+            /* 0 < window_val < 2^(w+1) */
+
+            if (window_val & bit) {
+                digit = window_val - next_bit; /* -2^w < digit < 0 */
+
+#if 1                           /* modified wNAF */
+                if (j + w + 1 >= len) {
+                    /*
+                     * Special case for generating modified wNAFs:
+                     * no new bits will be added into window_val,
+                     * so using a positive digit here will decrease
+                     * the total length of the representation
+                     */
+
+                    digit = window_val & (mask >> 1); /* 0 < digit < 2^w */
+                }
+#endif
+            } else {
+                digit = window_val; /* 0 < digit < 2^w */
+            }
+
+            if (digit <= -bit || digit >= bit || !(digit & 1)) {
+                BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+
+            window_val -= digit;
+
+            /*
+             * now window_val is 0 or 2^(w+1) in standard wNAF generation;
+             * for modified window NAFs, it may also be 2^w
+             */
+            if (window_val != 0 && window_val != next_bit
+                && window_val != bit) {
+                BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+        }
+
+        r[j++] = sign * digit;
+
+        window_val >>= 1;
+        window_val += bit * BN_is_bit_set(scalar, j + w);
+
+        if (window_val > next_bit) {
+            BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+    }
+
+    if (j > len + 1) {
+        BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    *ret_len = j;
+    return r;
+
+ err:
+    OPENSSL_free(r);
+    return NULL;
+}
+
+int bn_get_top(const BIGNUM *a)
+{
+    return a->top;
+}
+
+int bn_get_dmax(const BIGNUM *a)
+{
+    return a->dmax;
+}
+
+void bn_set_all_zero(BIGNUM *a)
+{
+    int i;
+
+    for (i = a->top; i < a->dmax; i++)
+        a->d[i] = 0;
+}
+
+int bn_copy_words(BN_ULONG *out, const BIGNUM *in, int size)
+{
+    if (in->top > size)
+        return 0;
+
+    memset(out, 0, sizeof(*out) * size);
+    if (in->d != NULL)
+        memcpy(out, in->d, sizeof(*out) * in->top);
+    return 1;
+}
+
+BN_ULONG *bn_get_words(const BIGNUM *a)
+{
+    return a->d;
+}
+
+void bn_set_static_words(BIGNUM *a, const BN_ULONG *words, int size)
+{
+    /*
+     * |const| qualifier omission is compensated by BN_FLG_STATIC_DATA
+     * flag, which effectively means "read-only data".
+     */
+    a->d = (BN_ULONG *)words;
+    a->dmax = a->top = size;
+    a->neg = 0;
+    a->flags |= BN_FLG_STATIC_DATA;
+    bn_correct_top(a);
+}
+
+int bn_set_words(BIGNUM *a, const BN_ULONG *words, int num_words)
+{
+    if (bn_wexpand(a, num_words) == NULL) {
+        BNerr(BN_F_BN_SET_WORDS, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    memcpy(a->d, words, sizeof(BN_ULONG) * num_words);
+    a->top = num_words;
+    bn_correct_top(a);
+    return 1;
+}
diff --git a/freebsd/crypto/openssl/crypto/bn/bn_kron.c b/freebsd/crypto/openssl/crypto/bn/bn_kron.c
index c8ce3873..f738dccf 100644
--- a/freebsd/crypto/openssl/crypto/bn/bn_kron.c
+++ b/freebsd/crypto/openssl/crypto/bn/bn_kron.c
@@ -1,61 +1,15 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/bn/bn_kron.c */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include "bn_lcl.h"
 
 /* least significant word */
@@ -94,7 +48,7 @@ int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
         goto end;
 
     /*
-     * Kronecker symbol, imlemented according to Henri Cohen,
+     * Kronecker symbol, implemented according to Henri Cohen,
      * "A Course in Computational Algebraic Number Theory"
      * (algorithm 1.4.10).
      */
diff --git a/freebsd/crypto/openssl/crypto/bn/bn_lcl.h b/freebsd/crypto/openssl/crypto/bn/bn_lcl.h
index 6f7335b7..8a36db2e 100644
--- a/freebsd/crypto/openssl/crypto/bn/bn_lcl.h
+++ b/freebsd/crypto/openssl/crypto/bn/bn_lcl.h
@@ -1,123 +1,267 @@
-/* crypto/bn/bn_lcl.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2018 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #ifndef HEADER_BN_LCL_H
 # define HEADER_BN_LCL_H
 
-# include <openssl/bn.h>
-# include "bn_int.h"
+/*
+ * The EDK2 build doesn't use bn_conf.h; it sets THIRTY_TWO_BIT or
+ * SIXTY_FOUR_BIT in its own environment since it doesn't re-run our
+ * Configure script and needs to support both 32-bit and 64-bit.
+ */
+# include <openssl/opensslconf.h>
 
-#ifdef  __cplusplus
-extern "C" {
-#endif
+# if !defined(OPENSSL_SYS_UEFI)
+#  include "internal/bn_conf.h"
+# endif
+
+# include "internal/bn_int.h"
+
+/*
+ * These preprocessor symbols control various aspects of the bignum headers
+ * and library code. They're not defined by any "normal" configuration, as
+ * they are intended for development and testing purposes. NB: defining all
+ * three can be useful for debugging application code as well as openssl
+ * itself. BN_DEBUG - turn on various debugging alterations to the bignum
+ * code BN_DEBUG_RAND - uses random poisoning of unused words to trip up
+ * mismanagement of bignum internals. You must also define BN_DEBUG.
+ */
+/* #define BN_DEBUG */
+/* #define BN_DEBUG_RAND */
+
+# ifndef OPENSSL_SMALL_FOOTPRINT
+#  define BN_MUL_COMBA
+#  define BN_SQR_COMBA
+#  define BN_RECURSION
+# endif
+
+/*
+ * This next option uses the C libraries (2 word)/(1 word) function. If it is
+ * not defined, I use my C version (which is slower). The reason for this
+ * flag is that when the particular C compiler library routine is used, and
+ * the library is linked with a different compiler, the library is missing.
+ * This mostly happens when the library is built with gcc and then linked
+ * using normal cc.  This would be a common occurrence because gcc normally
+ * produces code that is 2 times faster than system compilers for the big
+ * number stuff. For machines with only one compiler (or shared libraries),
+ * this should be on.  Again this in only really a problem on machines using
+ * "long long's", are 32bit, and are not using my assembler code.
+ */
+# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || \
+    defined(OPENSSL_SYS_WIN32) || defined(linux)
+#  define BN_DIV2W
+# endif
+
+/*
+ * 64-bit processor with LP64 ABI
+ */
+# ifdef SIXTY_FOUR_BIT_LONG
+#  define BN_ULLONG       unsigned long long
+#  define BN_BITS4        32
+#  define BN_MASK2        (0xffffffffffffffffL)
+#  define BN_MASK2l       (0xffffffffL)
+#  define BN_MASK2h       (0xffffffff00000000L)
+#  define BN_MASK2h1      (0xffffffff80000000L)
+#  define BN_DEC_CONV     (10000000000000000000UL)
+#  define BN_DEC_NUM      19
+#  define BN_DEC_FMT1     "%lu"
+#  define BN_DEC_FMT2     "%019lu"
+# endif
+
+/*
+ * 64-bit processor other than LP64 ABI
+ */
+# ifdef SIXTY_FOUR_BIT
+#  undef BN_LLONG
+#  undef BN_ULLONG
+#  define BN_BITS4        32
+#  define BN_MASK2        (0xffffffffffffffffLL)
+#  define BN_MASK2l       (0xffffffffL)
+#  define BN_MASK2h       (0xffffffff00000000LL)
+#  define BN_MASK2h1      (0xffffffff80000000LL)
+#  define BN_DEC_CONV     (10000000000000000000ULL)
+#  define BN_DEC_NUM      19
+#  define BN_DEC_FMT1     "%llu"
+#  define BN_DEC_FMT2     "%019llu"
+# endif
+
+# ifdef THIRTY_TWO_BIT
+#  ifdef BN_LLONG
+#   if defined(_WIN32) && !defined(__GNUC__)
+#    define BN_ULLONG     unsigned __int64
+#   else
+#    define BN_ULLONG     unsigned long long
+#   endif
+#  endif
+#  define BN_BITS4        16
+#  define BN_MASK2        (0xffffffffL)
+#  define BN_MASK2l       (0xffff)
+#  define BN_MASK2h1      (0xffff8000L)
+#  define BN_MASK2h       (0xffff0000L)
+#  define BN_DEC_CONV     (1000000000L)
+#  define BN_DEC_NUM      9
+#  define BN_DEC_FMT1     "%u"
+#  define BN_DEC_FMT2     "%09u"
+# endif
+
+
+/*-
+ * Bignum consistency macros
+ * There is one "API" macro, bn_fix_top(), for stripping leading zeroes from
+ * bignum data after direct manipulations on the data. There is also an
+ * "internal" macro, bn_check_top(), for verifying that there are no leading
+ * zeroes. Unfortunately, some auditing is required due to the fact that
+ * bn_fix_top() has become an overabused duct-tape because bignum data is
+ * occasionally passed around in an inconsistent state. So the following
+ * changes have been made to sort this out;
+ * - bn_fix_top()s implementation has been moved to bn_correct_top()
+ * - if BN_DEBUG isn't defined, bn_fix_top() maps to bn_correct_top(), and
+ *   bn_check_top() is as before.
+ * - if BN_DEBUG *is* defined;
+ *   - bn_check_top() tries to pollute unused words even if the bignum 'top' is
+ *     consistent. (ed: only if BN_DEBUG_RAND is defined)
+ *   - bn_fix_top() maps to bn_check_top() rather than "fixing" anything.
+ * The idea is to have debug builds flag up inconsistent bignums when they
+ * occur. If that occurs in a bn_fix_top(), we examine the code in question; if
+ * the use of bn_fix_top() was appropriate (ie. it follows directly after code
+ * that manipulates the bignum) it is converted to bn_correct_top(), and if it
+ * was not appropriate, we convert it permanently to bn_check_top() and track
+ * down the cause of the bug. Eventually, no internal code should be using the
+ * bn_fix_top() macro. External applications and libraries should try this with
+ * their own code too, both in terms of building against the openssl headers
+ * with BN_DEBUG defined *and* linking with a version of OpenSSL built with it
+ * defined. This not only improves external code, it provides more test
+ * coverage for openssl's own code.
+ */
+
+# ifdef BN_DEBUG
+/*
+ * The new BN_FLG_FIXED_TOP flag marks vectors that were not treated with
+ * bn_correct_top, in other words such vectors are permitted to have zeros
+ * in most significant limbs. Such vectors are used internally to achieve
+ * execution time invariance for critical operations with private keys.
+ * It's BN_DEBUG-only flag, because user application is not supposed to
+ * observe it anyway. Moreover, optimizing compiler would actually remove
+ * all operations manipulating the bit in question in non-BN_DEBUG build.
+ */
+#  define BN_FLG_FIXED_TOP 0x10000
+#  ifdef BN_DEBUG_RAND
+#   define bn_pollute(a) \
+        do { \
+            const BIGNUM *_bnum1 = (a); \
+            if (_bnum1->top < _bnum1->dmax) { \
+                unsigned char _tmp_char; \
+                /* We cast away const without the compiler knowing, any \
+                 * *genuinely* constant variables that aren't mutable \
+                 * wouldn't be constructed with top!=dmax. */ \
+                BN_ULONG *_not_const; \
+                memcpy(&_not_const, &_bnum1->d, sizeof(_not_const)); \
+                RAND_bytes(&_tmp_char, 1); /* Debug only - safe to ignore error return */\
+                memset(_not_const + _bnum1->top, _tmp_char, \
+                       sizeof(*_not_const) * (_bnum1->dmax - _bnum1->top)); \
+            } \
+        } while(0)
+#  else
+#   define bn_pollute(a)
+#  endif
+#  define bn_check_top(a) \
+        do { \
+                const BIGNUM *_bnum2 = (a); \
+                if (_bnum2 != NULL) { \
+                        int _top = _bnum2->top; \
+                        (void)ossl_assert((_top == 0 && !_bnum2->neg) || \
+                                  (_top && ((_bnum2->flags & BN_FLG_FIXED_TOP) \
+                                            || _bnum2->d[_top - 1] != 0))); \
+                        bn_pollute(_bnum2); \
+                } \
+        } while(0)
+
+#  define bn_fix_top(a)           bn_check_top(a)
+
+#  define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2)
+#  define bn_wcheck_size(bn, words) \
+        do { \
+                const BIGNUM *_bnum2 = (bn); \
+                assert((words) <= (_bnum2)->dmax && \
+                       (words) >= (_bnum2)->top); \
+                /* avoid unused variable warning with NDEBUG */ \
+                (void)(_bnum2); \
+        } while(0)
+
+# else                          /* !BN_DEBUG */
+
+#  define BN_FLG_FIXED_TOP 0
+#  define bn_pollute(a)
+#  define bn_check_top(a)
+#  define bn_fix_top(a)           bn_correct_top(a)
+#  define bn_check_size(bn, bits)
+#  define bn_wcheck_size(bn, words)
+
+# endif
+
+BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num,
+                          BN_ULONG w);
+BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
+void bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num);
+BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
+BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                      int num);
+BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                      int num);
+
+struct bignum_st {
+    BN_ULONG *d;                /* Pointer to an array of 'BN_BITS2' bit
+                                 * chunks. */
+    int top;                    /* Index of last used d +1. */
+    /* The next are internal book keeping for bn_expand. */
+    int dmax;                   /* Size of the d array. */
+    int neg;                    /* one if the number is negative */
+    int flags;
+};
+
+/* Used for montgomery multiplication */
+struct bn_mont_ctx_st {
+    int ri;                     /* number of bits in R */
+    BIGNUM RR;                  /* used to convert to montgomery form,
+                                   possibly zero-padded */
+    BIGNUM N;                   /* The modulus */
+    BIGNUM Ni;                  /* R*(1/R mod N) - N*Ni = 1 (Ni is only
+                                 * stored for bignum algorithm) */
+    BN_ULONG n0[2];             /* least significant word(s) of Ni; (type
+                                 * changed with 0.9.9, was "BN_ULONG n0;"
+                                 * before) */
+    int flags;
+};
+
+/*
+ * Used for reciprocal division/mod functions It cannot be shared between
+ * threads
+ */
+struct bn_recp_ctx_st {
+    BIGNUM N;                   /* the divisor */
+    BIGNUM Nr;                  /* the reciprocal */
+    int num_bits;
+    int shift;
+    int flags;
+};
+
+/* Used for slow "generation" functions. */
+struct bn_gencb_st {
+    unsigned int ver;           /* To handle binary (in)compatibility */
+    void *arg;                  /* callback-specific data */
+    union {
+        /* if (ver==1) - handles old style callbacks */
+        void (*cb_1) (int, int, void *);
+        /* if (ver==2) - new callback style */
+        int (*cb_2) (int, int, BN_GENCB *);
+    } cb;
+};
 
 /*-
  * BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions
@@ -144,23 +288,11 @@ extern "C" {
  * (with draws in between).  Very small exponents are often selected
  * with low Hamming weight, so we use  w = 1  for b <= 23.
  */
-# if 1
-#  define BN_window_bits_for_exponent_size(b) \
+# define BN_window_bits_for_exponent_size(b) \
                 ((b) > 671 ? 6 : \
                  (b) > 239 ? 5 : \
                  (b) >  79 ? 4 : \
                  (b) >  23 ? 3 : 1)
-# else
-/*
- * Old SSLeay/OpenSSL table. Maximum window size was 5, so this table differs
- * for b==1024; but it coincides for other interesting values (b==160,
- * b==512).
- */
-#  define BN_window_bits_for_exponent_size(b) \
-                ((b) > 255 ? 5 : \
-                 (b) > 127 ? 4 : \
-                 (b) >  17 ? 3 : 1)
-# endif
 
 /*
  * BN_mod_exp_mont_conttime is based on the assumption that the L1 data cache
@@ -226,59 +358,58 @@ extern "C" {
 # if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC)
 /*
  * BN_UMULT_HIGH section.
- *
- * No, I'm not trying to overwhelm you when stating that the
- * product of N-bit numbers is 2*N bits wide:-) No, I don't expect
- * you to be impressed when I say that if the compiler doesn't
- * support 2*N integer type, then you have to replace every N*N
- * multiplication with 4 (N/2)*(N/2) accompanied by some shifts
- * and additions which unavoidably results in severe performance
- * penalties. Of course provided that the hardware is capable of
- * producing 2*N result... That's when you normally start
- * considering assembler implementation. However! It should be
- * pointed out that some CPUs (most notably Alpha, PowerPC and
- * upcoming IA-64 family:-) provide *separate* instruction
- * calculating the upper half of the product placing the result
- * into a general purpose register. Now *if* the compiler supports
- * inline assembler, then it's not impossible to implement the
- * "bignum" routines (and have the compiler optimize 'em)
- * exhibiting "native" performance in C. That's what BN_UMULT_HIGH
- * macro is about:-)
- *
- *                                      <appro@fy.chalmers.se>
+ * If the compiler doesn't support 2*N integer type, then you have to
+ * replace every N*N multiplication with 4 (N/2)*(N/2) accompanied by some
+ * shifts and additions which unavoidably results in severe performance
+ * penalties. Of course provided that the hardware is capable of producing
+ * 2*N result... That's when you normally start considering assembler
+ * implementation. However! It should be pointed out that some CPUs (e.g.,
+ * PowerPC, Alpha, and IA-64) provide *separate* instruction calculating
+ * the upper half of the product placing the result into a general
+ * purpose register. Now *if* the compiler supports inline assembler,
+ * then it's not impossible to implement the "bignum" routines (and have
+ * the compiler optimize 'em) exhibiting "native" performance in C. That's
+ * what BN_UMULT_HIGH macro is about:-) Note that more recent compilers do
+ * support 2*64 integer type, which is also used here.
  */
-#  if defined(__alpha) && (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT))
+#  if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16 && \
+      (defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG))
+#   define BN_UMULT_HIGH(a,b)          (((__uint128_t)(a)*(b))>>64)
+#   define BN_UMULT_LOHI(low,high,a,b) ({       \
+        __uint128_t ret=(__uint128_t)(a)*(b);   \
+        (high)=ret>>64; (low)=ret;      })
+#  elif defined(__alpha) && (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT))
 #   if defined(__DECC)
 #    include <c_asm.h>
 #    define BN_UMULT_HIGH(a,b)   (BN_ULONG)asm("umulh %a0,%a1,%v0",(a),(b))
 #   elif defined(__GNUC__) && __GNUC__>=2
-#    define BN_UMULT_HIGH(a,b)   ({      \
+#    define BN_UMULT_HIGH(a,b)   ({     \
         register BN_ULONG ret;          \
         asm ("umulh     %1,%2,%0"       \
              : "=r"(ret)                \
              : "r"(a), "r"(b));         \
-        ret;                    })
+        ret;                      })
 #   endif                       /* compiler */
-#  elif defined(_ARCH_PPC) && defined(__64BIT__) && defined(SIXTY_FOUR_BIT_LONG)
+#  elif defined(_ARCH_PPC64) && defined(SIXTY_FOUR_BIT_LONG)
 #   if defined(__GNUC__) && __GNUC__>=2
-#    define BN_UMULT_HIGH(a,b)   ({      \
+#    define BN_UMULT_HIGH(a,b)   ({     \
         register BN_ULONG ret;          \
         asm ("mulhdu    %0,%1,%2"       \
              : "=r"(ret)                \
              : "r"(a), "r"(b));         \
-        ret;                    })
+        ret;                      })
 #   endif                       /* compiler */
 #  elif (defined(__x86_64) || defined(__x86_64__)) && \
        (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT))
 #   if defined(__GNUC__) && __GNUC__>=2
-#    define BN_UMULT_HIGH(a,b)   ({      \
+#    define BN_UMULT_HIGH(a,b)   ({     \
         register BN_ULONG ret,discard;  \
         asm ("mulq      %3"             \
              : "=a"(discard),"=d"(ret)  \
              : "a"(a), "g"(b)           \
              : "cc");                   \
-        ret;                    })
-#    define BN_UMULT_LOHI(low,high,a,b)  \
+        ret;                      })
+#    define BN_UMULT_LOHI(low,high,a,b) \
         asm ("mulq      %3"             \
                 : "=a"(low),"=d"(high)  \
                 : "a"(a),"g"(b)         \
@@ -295,43 +426,29 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b,
 #   endif
 #  elif defined(__mips) && (defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG))
 #   if defined(__GNUC__) && __GNUC__>=2
-#    if __GNUC__>4 || (__GNUC__>=4 && __GNUC_MINOR__>=4)
-                                     /* "h" constraint is no more since 4.4 */
-#     define BN_UMULT_HIGH(a,b)          (((__uint128_t)(a)*(b))>>64)
-#     define BN_UMULT_LOHI(low,high,a,b) ({     \
-        __uint128_t ret=(__uint128_t)(a)*(b);   \
-        (high)=ret>>64; (low)=ret;       })
-#    else
-#     define BN_UMULT_HIGH(a,b) ({      \
+#    define BN_UMULT_HIGH(a,b) ({       \
         register BN_ULONG ret;          \
         asm ("dmultu    %1,%2"          \
              : "=h"(ret)                \
              : "r"(a), "r"(b) : "l");   \
         ret;                    })
-#     define BN_UMULT_LOHI(low,high,a,b)\
+#    define BN_UMULT_LOHI(low,high,a,b) \
         asm ("dmultu    %2,%3"          \
              : "=l"(low),"=h"(high)     \
              : "r"(a), "r"(b));
-#    endif
 #   endif
 #  elif defined(__aarch64__) && defined(SIXTY_FOUR_BIT_LONG)
 #   if defined(__GNUC__) && __GNUC__>=2
-#    define BN_UMULT_HIGH(a,b)   ({      \
+#    define BN_UMULT_HIGH(a,b)   ({     \
         register BN_ULONG ret;          \
         asm ("umulh     %0,%1,%2"       \
              : "=r"(ret)                \
              : "r"(a), "r"(b));         \
-        ret;                    })
+        ret;                      })
 #   endif
 #  endif                        /* cpu */
 # endif                         /* OPENSSL_NO_ASM */
 
-/*************************************************************
- * Using the long long type
- */
-# define Lw(t)    (((BN_ULONG)(t))&BN_MASK2)
-# define Hw(t)    (((BN_ULONG)((t)>>BN_BITS2))&BN_MASK2)
-
 # ifdef BN_DEBUG_RAND
 #  define bn_clear_top2max(a) \
         { \
@@ -345,6 +462,12 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b,
 # endif
 
 # ifdef BN_LLONG
+/*******************************************************************
+ * Using the long long type, has to be twice as wide as BN_ULONG...
+ */
+#  define Lw(t)    (((BN_ULONG)(t))&BN_MASK2)
+#  define Hw(t)    (((BN_ULONG)((t)>>BN_BITS2))&BN_MASK2)
+
 #  define mul_add(r,a,w,c) { \
         BN_ULLONG t; \
         t=(BN_ULLONG)w * (a) + (r) + (c); \
@@ -502,10 +625,10 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b,
         }
 # endif                         /* !BN_LLONG */
 
-# if defined(OPENSSL_DOING_MAKEDEPEND) && defined(OPENSSL_FIPS)
-#  undef bn_div_words
-# endif
+void BN_RECP_CTX_init(BN_RECP_CTX *recp);
+void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
 
+void bn_init(BIGNUM *a);
 void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb);
 void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
 void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
@@ -522,17 +645,27 @@ void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t);
 void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n);
 void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
                           BN_ULONG *t);
-void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2,
-                 BN_ULONG *t);
-BN_ULONG bn_add_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
-                           int cl, int dl);
 BN_ULONG bn_sub_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
                            int cl, int dl);
 int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
                 const BN_ULONG *np, const BN_ULONG *n0, int num);
 
-#ifdef  __cplusplus
+BIGNUM *int_bn_mod_inverse(BIGNUM *in,
+                           const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx,
+                           int *noinv);
+
+int bn_probable_prime_dh(BIGNUM *rnd, int bits,
+                         const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx);
+
+static ossl_inline BIGNUM *bn_expand(BIGNUM *a, int bits)
+{
+    if (bits > (INT_MAX - BN_BITS2 + 1))
+        return NULL;
+
+    if (((bits+BN_BITS2-1)/BN_BITS2) <= (a)->dmax)
+        return a;
+
+    return bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2);
 }
-#endif
 
 #endif
diff --git a/freebsd/crypto/openssl/crypto/bn/bn_lib.c b/freebsd/crypto/openssl/crypto/bn/bn_lib.c
index 755322ce..9d55124a 100644
--- a/freebsd/crypto/openssl/crypto/bn/bn_lib.c
+++ b/freebsd/crypto/openssl/crypto/bn/bn_lib.c
@@ -1,78 +1,23 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/bn/bn_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#ifndef BN_DEBUG
-# undef NDEBUG                  /* avoid conflicting definitions */
-# define NDEBUG
-#endif
-
 #include <assert.h>
 #include <limits.h>
-#include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include "bn_lcl.h"
-
-const char BN_version[] = "Big Number" OPENSSL_VERSION_PTEXT;
+#include <openssl/opensslconf.h>
+#include "internal/constant_time_locl.h"
 
 /* This stuff appears to be completely unused, so is deprecated */
-#ifndef OPENSSL_NO_DEPRECATED
+#if OPENSSL_API_COMPAT < 0x00908000L
 /*-
  * For a 32 bit machine
  * 2 -   4 ==  128
@@ -123,15 +68,15 @@ void BN_set_params(int mult, int high, int low, int mont)
 int BN_get_params(int which)
 {
     if (which == 0)
-        return (bn_limit_bits);
+        return bn_limit_bits;
     else if (which == 1)
-        return (bn_limit_bits_high);
+        return bn_limit_bits_high;
     else if (which == 2)
-        return (bn_limit_bits_low);
+        return bn_limit_bits_low;
     else if (which == 3)
-        return (bn_limit_bits_mont);
+        return bn_limit_bits_mont;
     else
-        return (0);
+        return 0;
 }
 #endif
 
@@ -141,7 +86,7 @@ const BIGNUM *BN_value_one(void)
     static const BIGNUM const_one =
         { (BN_ULONG *)&data_one, 1, 1, 0, BN_FLG_STATIC_DATA };
 
-    return (&const_one);
+    return &const_one;
 }
 
 int BN_num_bits_word(BN_ULONG l)
@@ -199,44 +144,44 @@ int BN_num_bits(const BIGNUM *a)
     return ((i * BN_BITS2) + BN_num_bits_word(a->d[i]));
 }
 
-void BN_clear_free(BIGNUM *a)
+static void bn_free_d(BIGNUM *a)
 {
-    int i;
+    if (BN_get_flags(a, BN_FLG_SECURE))
+        OPENSSL_secure_free(a->d);
+    else
+        OPENSSL_free(a->d);
+}
+
 
+void BN_clear_free(BIGNUM *a)
+{
     if (a == NULL)
         return;
-    bn_check_top(a);
-    if (a->d != NULL) {
+    if (a->d != NULL && !BN_get_flags(a, BN_FLG_STATIC_DATA)) {
         OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0]));
-        if (!(BN_get_flags(a, BN_FLG_STATIC_DATA)))
-            OPENSSL_free(a->d);
+        bn_free_d(a);
     }
-    i = BN_get_flags(a, BN_FLG_MALLOCED);
-    OPENSSL_cleanse(a, sizeof(BIGNUM));
-    if (i)
+    if (BN_get_flags(a, BN_FLG_MALLOCED)) {
+        OPENSSL_cleanse(a, sizeof(*a));
         OPENSSL_free(a);
+    }
 }
 
 void BN_free(BIGNUM *a)
 {
     if (a == NULL)
         return;
-    bn_check_top(a);
-    if ((a->d != NULL) && !(BN_get_flags(a, BN_FLG_STATIC_DATA)))
-        OPENSSL_free(a->d);
+    if (!BN_get_flags(a, BN_FLG_STATIC_DATA))
+        bn_free_d(a);
     if (a->flags & BN_FLG_MALLOCED)
         OPENSSL_free(a);
-    else {
-#ifndef OPENSSL_NO_DEPRECATED
-        a->flags |= BN_FLG_FREE;
-#endif
-        a->d = NULL;
-    }
 }
 
-void BN_init(BIGNUM *a)
+void bn_init(BIGNUM *a)
 {
-    memset(a, 0, sizeof(BIGNUM));
+    static BIGNUM nilbn;
+
+    *a = nilbn;
     bn_check_top(a);
 }
 
@@ -244,26 +189,28 @@ BIGNUM *BN_new(void)
 {
     BIGNUM *ret;
 
-    if ((ret = (BIGNUM *)OPENSSL_malloc(sizeof(BIGNUM))) == NULL) {
+    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) {
         BNerr(BN_F_BN_NEW, ERR_R_MALLOC_FAILURE);
-        return (NULL);
+        return NULL;
     }
     ret->flags = BN_FLG_MALLOCED;
-    ret->top = 0;
-    ret->neg = 0;
-    ret->dmax = 0;
-    ret->d = NULL;
     bn_check_top(ret);
-    return (ret);
+    return ret;
 }
 
-/* This is used both by bn_expand2() and bn_dup_expand() */
+ BIGNUM *BN_secure_new(void)
+ {
+     BIGNUM *ret = BN_new();
+     if (ret != NULL)
+         ret->flags |= BN_FLG_SECURE;
+     return ret;
+ }
+
+/* This is used by bn_expand2() */
 /* The caller MUST check that words > b->dmax before calling this */
 static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
 {
-    BN_ULONG *A, *a = NULL;
-    const BN_ULONG *B;
-    int i;
+    BN_ULONG *a = NULL;
 
     if (words > (INT_MAX / (4 * BN_BITS2))) {
         BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_BIGNUM_TOO_LONG);
@@ -271,122 +218,23 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
     }
     if (BN_get_flags(b, BN_FLG_STATIC_DATA)) {
         BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
-        return (NULL);
+        return NULL;
     }
-    a = A = (BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG) * words);
-    if (A == NULL) {
+    if (BN_get_flags(b, BN_FLG_SECURE))
+        a = OPENSSL_secure_zalloc(words * sizeof(*a));
+    else
+        a = OPENSSL_zalloc(words * sizeof(*a));
+    if (a == NULL) {
         BNerr(BN_F_BN_EXPAND_INTERNAL, ERR_R_MALLOC_FAILURE);
-        return (NULL);
-    }
-#ifdef PURIFY
-    /*
-     * Valgrind complains in BN_consttime_swap because we process the whole
-     * array even if it's not initialised yet. This doesn't matter in that
-     * function - what's important is constant time operation (we're not
-     * actually going to use the data)
-     */
-    memset(a, 0, sizeof(BN_ULONG) * words);
-#endif
-
-#if 1
-    B = b->d;
-    /* Check if the previous number needs to be copied */
-    if (B != NULL) {
-        for (i = b->top >> 2; i > 0; i--, A += 4, B += 4) {
-            /*
-             * The fact that the loop is unrolled
-             * 4-wise is a tribute to Intel. It's
-             * the one that doesn't have enough
-             * registers to accomodate more data.
-             * I'd unroll it 8-wise otherwise:-)
-             *
-             *              <appro@fy.chalmers.se>
-             */
-            BN_ULONG a0, a1, a2, a3;
-            a0 = B[0];
-            a1 = B[1];
-            a2 = B[2];
-            a3 = B[3];
-            A[0] = a0;
-            A[1] = a1;
-            A[2] = a2;
-            A[3] = a3;
-        }
-        /*
-         * workaround for ultrix cc: without 'case 0', the optimizer does
-         * the switch table by doing a=top&3; a--; goto jump_table[a];
-         * which fails for top== 0
-         */
-        switch (b->top & 3) {
-        case 3:
-            A[2] = B[2];
-        case 2:
-            A[1] = B[1];
-        case 1:
-            A[0] = B[0];
-        case 0:
-            ;
-        }
+        return NULL;
     }
-#else
-    memset(A, 0, sizeof(BN_ULONG) * words);
-    memcpy(A, b->d, sizeof(b->d[0]) * b->top);
-#endif
-
-    return (a);
-}
-
-/*
- * This is an internal function that can be used instead of bn_expand2() when
- * there is a need to copy BIGNUMs instead of only expanding the data part,
- * while still expanding them. Especially useful when needing to expand
- * BIGNUMs that are declared 'const' and should therefore not be changed. The
- * reason to use this instead of a BN_dup() followed by a bn_expand2() is
- * memory allocation overhead.  A BN_dup() followed by a bn_expand2() will
- * allocate new memory for the BIGNUM data twice, and free it once, while
- * bn_dup_expand() makes sure allocation is made only once.
- */
-
-#ifndef OPENSSL_NO_DEPRECATED
-BIGNUM *bn_dup_expand(const BIGNUM *b, int words)
-{
-    BIGNUM *r = NULL;
-
-    bn_check_top(b);
-
-    /*
-     * This function does not work if words <= b->dmax && top < words because
-     * BN_dup() does not preserve 'dmax'! (But bn_dup_expand() is not used
-     * anywhere yet.)
-     */
 
-    if (words > b->dmax) {
-        BN_ULONG *a = bn_expand_internal(b, words);
+    assert(b->top <= words);
+    if (b->top > 0)
+        memcpy(a, b->d, sizeof(*a) * b->top);
 
-        if (a) {
-            r = BN_new();
-            if (r) {
-                r->top = b->top;
-                r->dmax = words;
-                r->neg = b->neg;
-                r->d = a;
-            } else {
-                /* r == NULL, BN_new failure */
-                OPENSSL_free(a);
-            }
-        }
-        /*
-         * If a == NULL, there was an error in allocation in
-         * bn_expand_internal(), and NULL should be returned
-         */
-    } else {
-        r = BN_dup(b);
-    }
-
-    bn_check_top(r);
-    return r;
+    return a;
 }
-#endif
 
 /*
  * This is an internal function that should not be used in applications. It
@@ -402,35 +250,14 @@ BIGNUM *bn_expand2(BIGNUM *b, int words)
         BN_ULONG *a = bn_expand_internal(b, words);
         if (!a)
             return NULL;
-        if (b->d)
-            OPENSSL_free(b->d);
+        if (b->d) {
+            OPENSSL_cleanse(b->d, b->dmax * sizeof(b->d[0]));
+            bn_free_d(b);
+        }
         b->d = a;
         b->dmax = words;
     }
 
-/* None of this should be necessary because of what b->top means! */
-#if 0
-    /*
-     * NB: bn_wexpand() calls this only if the BIGNUM really has to grow
-     */
-    if (b->top < b->dmax) {
-        int i;
-        BN_ULONG *A = &(b->d[b->top]);
-        for (i = (b->dmax - b->top) >> 3; i > 0; i--, A += 8) {
-            A[0] = 0;
-            A[1] = 0;
-            A[2] = 0;
-            A[3] = 0;
-            A[4] = 0;
-            A[5] = 0;
-            A[6] = 0;
-            A[7] = 0;
-        }
-        for (i = (b->dmax - b->top) & 7; i > 0; i--, A++)
-            A[0] = 0;
-        assert(A == &(b->d[b->dmax]));
-    }
-#endif
     return b;
 }
 
@@ -442,7 +269,7 @@ BIGNUM *BN_dup(const BIGNUM *a)
         return NULL;
     bn_check_top(a);
 
-    t = BN_new();
+    t = BN_get_flags(a, BN_FLG_SECURE) ? BN_secure_new() : BN_new();
     if (t == NULL)
         return NULL;
     if (!BN_copy(t, a)) {
@@ -455,54 +282,26 @@ BIGNUM *BN_dup(const BIGNUM *a)
 
 BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
 {
-    int i;
-    BN_ULONG *A;
-    const BN_ULONG *B;
-
     bn_check_top(b);
 
     if (a == b)
-        return (a);
+        return a;
     if (bn_wexpand(a, b->top) == NULL)
-        return (NULL);
-
-#if 1
-    A = a->d;
-    B = b->d;
-    for (i = b->top >> 2; i > 0; i--, A += 4, B += 4) {
-        BN_ULONG a0, a1, a2, a3;
-        a0 = B[0];
-        a1 = B[1];
-        a2 = B[2];
-        a3 = B[3];
-        A[0] = a0;
-        A[1] = a1;
-        A[2] = a2;
-        A[3] = a3;
-    }
-    /* ultrix cc workaround, see comments in bn_expand_internal */
-    switch (b->top & 3) {
-    case 3:
-        A[2] = B[2];
-    case 2:
-        A[1] = B[1];
-    case 1:
-        A[0] = B[0];
-    case 0:;
-    }
-#else
-    memcpy(a->d, b->d, sizeof(b->d[0]) * b->top);
-#endif
+        return NULL;
+
+    if (b->top > 0)
+        memcpy(a->d, b->d, sizeof(b->d[0]) * b->top);
 
     a->neg = b->neg;
     a->top = b->top;
     a->flags |= b->flags & BN_FLG_FIXED_TOP;
     bn_check_top(a);
-    return (a);
+    return a;
 }
 
 #define FLAGS_DATA(flags) ((flags) & (BN_FLG_STATIC_DATA \
                                     | BN_FLG_CONSTTIME   \
+                                    | BN_FLG_SECURE      \
                                     | BN_FLG_FIXED_TOP))
 #define FLAGS_STRUCT(flags) ((flags) & (BN_FLG_MALLOCED))
 
@@ -543,9 +342,9 @@ void BN_clear(BIGNUM *a)
 {
     bn_check_top(a);
     if (a->d != NULL)
-        OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0]));
-    a->top = 0;
+        OPENSSL_cleanse(a->d, sizeof(*a->d) * a->dmax);
     a->neg = 0;
+    a->top = 0;
     a->flags &= ~BN_FLG_FIXED_TOP;
 }
 
@@ -563,13 +362,13 @@ int BN_set_word(BIGNUM *a, BN_ULONG w)
 {
     bn_check_top(a);
     if (bn_expand(a, (int)sizeof(BN_ULONG) * 8) == NULL)
-        return (0);
+        return 0;
     a->neg = 0;
     a->d[0] = w;
     a->top = (w ? 1 : 0);
     a->flags &= ~BN_FLG_FIXED_TOP;
     bn_check_top(a);
-    return (1);
+    return 1;
 }
 
 BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
@@ -582,23 +381,25 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
     if (ret == NULL)
         ret = bn = BN_new();
     if (ret == NULL)
-        return (NULL);
+        return NULL;
     bn_check_top(ret);
-    l = 0;
+    /* Skip leading zero's. */
+    for ( ; len > 0 && *s == 0; s++, len--)
+        continue;
     n = len;
     if (n == 0) {
         ret->top = 0;
-        return (ret);
+        return ret;
     }
     i = ((n - 1) / BN_BYTES) + 1;
     m = ((n - 1) % (BN_BYTES));
     if (bn_wexpand(ret, (int)i) == NULL) {
-        if (bn)
-            BN_free(bn);
+        BN_free(bn);
         return NULL;
     }
     ret->top = i;
     ret->neg = 0;
+    l = 0;
     while (n--) {
         l = (l << 8L) | *(s++);
         if (m-- == 0) {
@@ -612,39 +413,53 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
      * bit set (-ve number)
      */
     bn_correct_top(ret);
-    return (ret);
+    return ret;
 }
 
 /* ignore negative */
 static int bn2binpad(const BIGNUM *a, unsigned char *to, int tolen)
 {
     int n;
-    size_t i, inc, lasti, j;
+    size_t i, lasti, j, atop, mask;
     BN_ULONG l;
 
+    /*
+     * In case |a| is fixed-top, BN_num_bytes can return bogus length,
+     * but it's assumed that fixed-top inputs ought to be "nominated"
+     * even for padded output, so it works out...
+     */
     n = BN_num_bytes(a);
-    if (tolen == -1)
+    if (tolen == -1) {
         tolen = n;
-    else if (tolen < n)
-        return -1;
+    } else if (tolen < n) {     /* uncommon/unlike case */
+        BIGNUM temp = *a;
 
-    if (n == 0) {
+        bn_correct_top(&temp);
+        n = BN_num_bytes(&temp);
+        if (tolen < n)
+            return -1;
+    }
+
+    /* Swipe through whole available data and don't give away padded zero. */
+    atop = a->dmax * BN_BYTES;
+    if (atop == 0) {
         OPENSSL_cleanse(to, tolen);
         return tolen;
     }
 
-    lasti = n - 1;
-    for (i = 0, inc = 1, j = tolen; j > 0;) {
+    lasti = atop - 1;
+    atop = a->top * BN_BYTES;
+    for (i = 0, j = 0, to += tolen; j < (size_t)tolen; j++) {
         l = a->d[i / BN_BYTES];
-        to[--j] = (unsigned char)(l >> (8 * (i % BN_BYTES)) & (0 - inc));
-        inc = (i - lasti) >> (8 * sizeof(i) - 1);
-        i += inc; /* stay on top limb */
+        mask = 0 - ((j - atop) >> (8 * sizeof(i) - 1));
+        *--to = (unsigned char)(l >> (8 * (i % BN_BYTES)) & mask);
+        i += (i - lasti) >> (8 * sizeof(i) - 1); /* stay on last limb */
     }
 
     return tolen;
 }
 
-int bn_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen)
+int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen)
 {
     if (tolen < 0)
         return -1;
@@ -653,16 +468,74 @@ int bn_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen)
 
 int BN_bn2bin(const BIGNUM *a, unsigned char *to)
 {
-    int n, i;
+    return bn2binpad(a, to, -1);
+}
+
+BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret)
+{
+    unsigned int i, m;
+    unsigned int n;
     BN_ULONG l;
+    BIGNUM *bn = NULL;
 
+    if (ret == NULL)
+        ret = bn = BN_new();
+    if (ret == NULL)
+        return NULL;
+    bn_check_top(ret);
+    s += len;
+    /* Skip trailing zeroes. */
+    for ( ; len > 0 && s[-1] == 0; s--, len--)
+        continue;
+    n = len;
+    if (n == 0) {
+        ret->top = 0;
+        return ret;
+    }
+    i = ((n - 1) / BN_BYTES) + 1;
+    m = ((n - 1) % (BN_BYTES));
+    if (bn_wexpand(ret, (int)i) == NULL) {
+        BN_free(bn);
+        return NULL;
+    }
+    ret->top = i;
+    ret->neg = 0;
+    l = 0;
+    while (n--) {
+        s--;
+        l = (l << 8L) | *s;
+        if (m-- == 0) {
+            ret->d[--i] = l;
+            l = 0;
+            m = BN_BYTES - 1;
+        }
+    }
+    /*
+     * need to call this due to clear byte at top if avoiding having the top
+     * bit set (-ve number)
+     */
+    bn_correct_top(ret);
+    return ret;
+}
+
+int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen)
+{
+    int i;
+    BN_ULONG l;
     bn_check_top(a);
-    n = i = BN_num_bytes(a);
+    i = BN_num_bytes(a);
+    if (tolen < i)
+        return -1;
+    /* Add trailing zeroes if necessary */
+    if (tolen > i)
+        memset(to + i, 0, tolen - i);
+    to += i;
     while (i--) {
         l = a->d[i / BN_BYTES];
-        *(to++) = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff;
+        to--;
+        *to = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff;
     }
-    return (n);
+    return tolen;
 }
 
 int BN_ucmp(const BIGNUM *a, const BIGNUM *b)
@@ -675,7 +548,7 @@ int BN_ucmp(const BIGNUM *a, const BIGNUM *b)
 
     i = a->top - b->top;
     if (i != 0)
-        return (i);
+        return i;
     ap = a->d;
     bp = b->d;
     for (i = a->top - 1; i >= 0; i--) {
@@ -684,7 +557,7 @@ int BN_ucmp(const BIGNUM *a, const BIGNUM *b)
         if (t1 != t2)
             return ((t1 > t2) ? 1 : -1);
     }
-    return (0);
+    return 0;
 }
 
 int BN_cmp(const BIGNUM *a, const BIGNUM *b)
@@ -695,11 +568,11 @@ int BN_cmp(const BIGNUM *a, const BIGNUM *b)
 
     if ((a == NULL) || (b == NULL)) {
         if (a != NULL)
-            return (-1);
+            return -1;
         else if (b != NULL)
-            return (1);
+            return 1;
         else
-            return (0);
+            return 0;
     }
 
     bn_check_top(a);
@@ -707,9 +580,9 @@ int BN_cmp(const BIGNUM *a, const BIGNUM *b)
 
     if (a->neg != b->neg) {
         if (a->neg)
-            return (-1);
+            return -1;
         else
-            return (1);
+            return 1;
     }
     if (a->neg == 0) {
         gt = 1;
@@ -720,18 +593,18 @@ int BN_cmp(const BIGNUM *a, const BIGNUM *b)
     }
 
     if (a->top > b->top)
-        return (gt);
+        return gt;
     if (a->top < b->top)
-        return (lt);
+        return lt;
     for (i = a->top - 1; i >= 0; i--) {
         t1 = a->d[i];
         t2 = b->d[i];
         if (t1 > t2)
-            return (gt);
+            return gt;
         if (t1 < t2)
-            return (lt);
+            return lt;
     }
-    return (0);
+    return 0;
 }
 
 int BN_set_bit(BIGNUM *a, int n)
@@ -745,7 +618,7 @@ int BN_set_bit(BIGNUM *a, int n)
     j = n % BN_BITS2;
     if (a->top <= i) {
         if (bn_wexpand(a, i + 1) == NULL)
-            return (0);
+            return 0;
         for (k = a->top; k < i + 1; k++)
             a->d[k] = 0;
         a->top = i + 1;
@@ -754,7 +627,7 @@ int BN_set_bit(BIGNUM *a, int n)
 
     a->d[i] |= (((BN_ULONG)1) << j);
     bn_check_top(a);
-    return (1);
+    return 1;
 }
 
 int BN_clear_bit(BIGNUM *a, int n)
@@ -768,11 +641,11 @@ int BN_clear_bit(BIGNUM *a, int n)
     i = n / BN_BITS2;
     j = n % BN_BITS2;
     if (a->top <= i)
-        return (0);
+        return 0;
 
     a->d[i] &= (~(((BN_ULONG)1) << j));
     bn_correct_top(a);
-    return (1);
+    return 1;
 }
 
 int BN_is_bit_set(const BIGNUM *a, int n)
@@ -808,7 +681,7 @@ int BN_mask_bits(BIGNUM *a, int n)
         a->d[w] &= ~(BN_MASK2 << b);
     }
     bn_correct_top(a);
-    return (1);
+    return 1;
 }
 
 void BN_set_negative(BIGNUM *a, int b)
@@ -834,14 +707,14 @@ int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n)
         if (aa != bb)
             return ((aa > bb) ? 1 : -1);
     }
-    return (0);
+    return 0;
 }
 
 /*
  * Here follows a specialised variants of bn_cmp_words().  It has the
- * property of performing the operation on arrays of different sizes. The
+ * capability of performing the operation on arrays of different sizes. The
  * sizes of those arrays is expressed through cl, which is the common length
- * ( basicall, min(len(a),len(b)) ), and dl, which is the delta between the
+ * ( basically, min(len(a),len(b)) ), and dl, which is the delta between the
  * two lengths, calculated as len(a)-len(b). All lengths are the number of
  * BN_ULONGs...
  */
@@ -891,6 +764,34 @@ void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
     a->top ^= t;
     b->top ^= t;
 
+    t = (a->neg ^ b->neg) & condition;
+    a->neg ^= t;
+    b->neg ^= t;
+
+    /*-
+     * Idea behind BN_FLG_STATIC_DATA is actually to
+     * indicate that data may not be written to.
+     * Intention is actually to treat it as it's
+     * read-only data, and some (if not most) of it does
+     * reside in read-only segment. In other words
+     * observation of BN_FLG_STATIC_DATA in
+     * BN_consttime_swap should be treated as fatal
+     * condition. It would either cause SEGV or
+     * effectively cause data corruption.
+     * BN_FLG_MALLOCED refers to BN structure itself,
+     * and hence must be preserved. Remaining flags are
+     * BN_FLG_CONSTIME and BN_FLG_SECURE. Latter must be
+     * preserved, because it determines how x->d was
+     * allocated and hence how to free it. This leaves
+     * BN_FLG_CONSTTIME that one can do something about.
+     * To summarize it's sufficient to mask and swap
+     * BN_FLG_CONSTTIME alone. BN_FLG_STATIC_DATA should
+     * be treated as fatal.
+     */
+    t = ((a->flags ^ b->flags) & BN_FLG_CONSTTIME) & condition;
+    a->flags ^= t;
+    b->flags ^= t;
+
 #define BN_CONSTTIME_SWAP(ind) \
         do { \
                 t = (a->d[ind] ^ b->d[ind]) & condition; \
@@ -926,3 +827,160 @@ void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
     }
 #undef BN_CONSTTIME_SWAP
 }
+
+/* Bits of security, see SP800-57 */
+
+int BN_security_bits(int L, int N)
+{
+    int secbits, bits;
+    if (L >= 15360)
+        secbits = 256;
+    else if (L >= 7680)
+        secbits = 192;
+    else if (L >= 3072)
+        secbits = 128;
+    else if (L >= 2048)
+        secbits = 112;
+    else if (L >= 1024)
+        secbits = 80;
+    else
+        return 0;
+    if (N == -1)
+        return secbits;
+    bits = N / 2;
+    if (bits < 80)
+        return 0;
+    return bits >= secbits ? secbits : bits;
+}
+
+void BN_zero_ex(BIGNUM *a)
+{
+    a->neg = 0;
+    a->top = 0;
+    a->flags &= ~BN_FLG_FIXED_TOP;
+}
+
+int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w)
+{
+    return ((a->top == 1) && (a->d[0] == w)) || ((w == 0) && (a->top == 0));
+}
+
+int BN_is_zero(const BIGNUM *a)
+{
+    return a->top == 0;
+}
+
+int BN_is_one(const BIGNUM *a)
+{
+    return BN_abs_is_word(a, 1) && !a->neg;
+}
+
+int BN_is_word(const BIGNUM *a, const BN_ULONG w)
+{
+    return BN_abs_is_word(a, w) && (!w || !a->neg);
+}
+
+int BN_is_odd(const BIGNUM *a)
+{
+    return (a->top > 0) && (a->d[0] & 1);
+}
+
+int BN_is_negative(const BIGNUM *a)
+{
+    return (a->neg != 0);
+}
+
+int BN_to_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
+                     BN_CTX *ctx)
+{
+    return BN_mod_mul_montgomery(r, a, &(mont->RR), mont, ctx);
+}
+
+void BN_with_flags(BIGNUM *dest, const BIGNUM *b, int flags)
+{
+    dest->d = b->d;
+    dest->top = b->top;
+    dest->dmax = b->dmax;
+    dest->neg = b->neg;
+    dest->flags = ((dest->flags & BN_FLG_MALLOCED)
+                   | (b->flags & ~BN_FLG_MALLOCED)
+                   | BN_FLG_STATIC_DATA | flags);
+}
+
+BN_GENCB *BN_GENCB_new(void)
+{
+    BN_GENCB *ret;
+
+    if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) {
+        BNerr(BN_F_BN_GENCB_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    return ret;
+}
+
+void BN_GENCB_free(BN_GENCB *cb)
+{
+    if (cb == NULL)
+        return;
+    OPENSSL_free(cb);
+}
+
+void BN_set_flags(BIGNUM *b, int n)
+{
+    b->flags |= n;
+}
+
+int BN_get_flags(const BIGNUM *b, int n)
+{
+    return b->flags & n;
+}
+
+/* Populate a BN_GENCB structure with an "old"-style callback */
+void BN_GENCB_set_old(BN_GENCB *gencb, void (*callback) (int, int, void *),
+                      void *cb_arg)
+{
+    BN_GENCB *tmp_gencb = gencb;
+    tmp_gencb->ver = 1;
+    tmp_gencb->arg = cb_arg;
+    tmp_gencb->cb.cb_1 = callback;
+}
+
+/* Populate a BN_GENCB structure with a "new"-style callback */
+void BN_GENCB_set(BN_GENCB *gencb, int (*callback) (int, int, BN_GENCB *),
+                  void *cb_arg)
+{
+    BN_GENCB *tmp_gencb = gencb;
+    tmp_gencb->ver = 2;
+    tmp_gencb->arg = cb_arg;
+    tmp_gencb->cb.cb_2 = callback;
+}
+
+void *BN_GENCB_get_arg(BN_GENCB *cb)
+{
+    return cb->arg;
+}
+
+BIGNUM *bn_wexpand(BIGNUM *a, int words)
+{
+    return (words <= a->dmax) ? a : bn_expand2(a, words);
+}
+
+void bn_correct_top(BIGNUM *a)
+{
+    BN_ULONG *ftl;
+    int tmp_top = a->top;
+
+    if (tmp_top > 0) {
+        for (ftl = &(a->d[tmp_top]); tmp_top > 0; tmp_top--) {
+            ftl--;
+            if (*ftl != 0)
+                break;
+        }
+        a->top = tmp_top;
+    }
+    if (a->top == 0)
+        a->neg = 0;
+    a->flags &= ~BN_FLG_FIXED_TOP;
+    bn_pollute(a);
+}
diff --git a/freebsd/crypto/openssl/crypto/bn/bn_mod.c b/freebsd/crypto/openssl/crypto/bn/bn_mod.c
index 94762168..9dab2edc 100644
--- a/freebsd/crypto/openssl/crypto/bn/bn_mod.c
+++ b/freebsd/crypto/openssl/crypto/bn/bn_mod.c
@@ -1,131 +1,17 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/bn/bn_mod.c */
 /*
- * Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
- * for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2018 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include "bn_lcl.h"
 
-#if 0                           /* now just a #define */
-int BN_mod(BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
-{
-    return (BN_div(NULL, rem, m, d, ctx));
-    /* note that  rem->neg == m->neg  (unless the remainder is zero) */
-}
-#endif
-
 int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
 {
     /*
@@ -169,12 +55,12 @@ int bn_mod_add_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
     BN_ULONG carry, temp, mask, *rp, *tp = storage;
     const BN_ULONG *ap, *bp;
 
-    if (bn_wexpand(r, m->top) == NULL)
+    if (bn_wexpand(r, mtop) == NULL)
         return 0;
 
     if (mtop > sizeof(storage) / sizeof(storage[0])
         && (tp = OPENSSL_malloc(mtop * sizeof(BN_ULONG))) == NULL)
-	return 0;
+        return 0;
 
     ap = a->d != NULL ? a->d : tp;
     bp = b->d != NULL ? b->d : tp;
@@ -199,6 +85,7 @@ int bn_mod_add_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
         ((volatile BN_ULONG *)tp)[i] = 0;
     }
     r->top = mtop;
+    r->flags |= BN_FLG_FIXED_TOP;
     r->neg = 0;
 
     if (tp != storage)
@@ -227,6 +114,70 @@ int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
 }
 
 /*
+ * BN_mod_sub variant that may be used if both a and b are non-negative,
+ * a is less than m, while b is of same bit width as m. It's implemented
+ * as subtraction followed by two conditional additions.
+ *
+ * 0 <= a < m
+ * 0 <= b < 2^w < 2*m
+ *
+ * after subtraction
+ *
+ * -2*m < r = a - b < m
+ *
+ * Thus it takes up to two conditional additions to make |r| positive.
+ */
+int bn_mod_sub_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                         const BIGNUM *m)
+{
+    size_t i, ai, bi, mtop = m->top;
+    BN_ULONG borrow, carry, ta, tb, mask, *rp;
+    const BN_ULONG *ap, *bp;
+
+    if (bn_wexpand(r, mtop) == NULL)
+        return 0;
+
+    rp = r->d;
+    ap = a->d != NULL ? a->d : rp;
+    bp = b->d != NULL ? b->d : rp;
+
+    for (i = 0, ai = 0, bi = 0, borrow = 0; i < mtop;) {
+        mask = (BN_ULONG)0 - ((i - a->top) >> (8 * sizeof(i) - 1));
+        ta = ap[ai] & mask;
+
+        mask = (BN_ULONG)0 - ((i - b->top) >> (8 * sizeof(i) - 1));
+        tb = bp[bi] & mask;
+        rp[i] = ta - tb - borrow;
+        if (ta != tb)
+            borrow = (ta < tb);
+
+        i++;
+        ai += (i - a->dmax) >> (8 * sizeof(i) - 1);
+        bi += (i - b->dmax) >> (8 * sizeof(i) - 1);
+    }
+    ap = m->d;
+    for (i = 0, mask = 0 - borrow, carry = 0; i < mtop; i++) {
+        ta = ((ap[i] & mask) + carry) & BN_MASK2;
+        carry = (ta < carry);
+        rp[i] = (rp[i] + ta) & BN_MASK2;
+        carry += (rp[i] < ta);
+    }
+    borrow -= carry;
+    for (i = 0, mask = 0 - borrow, carry = 0; i < mtop; i++) {
+        ta = ((ap[i] & mask) + carry) & BN_MASK2;
+        carry = (ta < carry);
+        rp[i] = (rp[i] + ta) & BN_MASK2;
+        carry += (rp[i] < ta);
+    }
+
+    r->top = mtop;
+    r->flags |= BN_FLG_FIXED_TOP;
+    r->neg = 0;
+
+    return 1;
+}
+
+/*
  * BN_mod_sub variant that may be used if both a and b are non-negative and
  * less than m
  */
@@ -267,7 +218,7 @@ int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
     ret = 1;
  err:
     BN_CTX_end(ctx);
-    return (ret);
+    return ret;
 }
 
 int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
@@ -319,8 +270,7 @@ int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m,
     ret = BN_mod_lshift_quick(r, r, n, (abs_m ? abs_m : m));
     bn_check_top(r);
 
-    if (abs_m)
-        BN_free(abs_m);
+    BN_free(abs_m);
     return ret;
 }
 
diff --git a/freebsd/crypto/openssl/crypto/bn/bn_mont.c b/freebsd/crypto/openssl/crypto/bn/bn_mont.c
index 7657798a..1b296129 100644
--- a/freebsd/crypto/openssl/crypto/bn/bn_mont.c
+++ b/freebsd/crypto/openssl/crypto/bn/bn_mont.c
@@ -1,114 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/bn/bn_mont.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2018 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 /*
@@ -118,8 +16,7 @@
  * sections 3.8 and 4.2 in http://security.ece.orst.edu/koc/papers/r01rsasw.pdf
  */
 
-#include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include "bn_lcl.h"
 
 #define MONT_WORD               /* use the faster word-based algorithm */
@@ -144,12 +41,12 @@ int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
 {
     BIGNUM *tmp;
     int ret = 0;
-#if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD)
     int num = mont->N.top;
 
+#if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD)
     if (num > 1 && a->top == num && b->top == num) {
         if (bn_wexpand(r, num) == NULL)
-            return (0);
+            return 0;
         if (bn_mul_mont(r->d, a->d, b->d, mont->N.d, mont->n0, num)) {
             r->neg = a->neg ^ b->neg;
             r->top = num;
@@ -159,6 +56,9 @@ int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
     }
 #endif
 
+    if ((a->top + b->top) > 2 * num)
+        return 0;
+
     BN_CTX_start(ctx);
     tmp = BN_CTX_get(ctx);
     if (tmp == NULL)
@@ -166,10 +66,10 @@ int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
 
     bn_check_top(tmp);
     if (a == b) {
-        if (!BN_sqr(tmp, a, ctx))
+        if (!bn_sqr_fixed_top(tmp, a, ctx))
             goto err;
     } else {
-        if (!BN_mul(tmp, a, b, ctx))
+        if (!bn_mul_fixed_top(tmp, a, b, ctx))
             goto err;
     }
     /* reduce from aRR to aR */
@@ -183,7 +83,7 @@ int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
     ret = 1;
  err:
     BN_CTX_end(ctx);
-    return (ret);
+    return ret;
 }
 
 #ifdef MONT_WORD
@@ -192,29 +92,28 @@ static int bn_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
     BIGNUM *n;
     BN_ULONG *ap, *np, *rp, n0, v, carry;
     int nl, max, i;
+    unsigned int rtop;
 
     n = &(mont->N);
     nl = n->top;
     if (nl == 0) {
         ret->top = 0;
-        return (1);
+        return 1;
     }
 
     max = (2 * nl);             /* carry is stored separately */
     if (bn_wexpand(r, max) == NULL)
-        return (0);
+        return 0;
 
     r->neg ^= n->neg;
     np = n->d;
     rp = r->d;
 
     /* clear the top words of T */
-# if 1
-    for (i = r->top; i < max; i++) /* memset? XXX */
-        rp[i] = 0;
-# else
-    memset(&(rp[r->top]), 0, (max - r->top) * sizeof(BN_ULONG));
-# endif
+    for (rtop = r->top, i = 0; i < max; i++) {
+        v = (BN_ULONG)0 - ((i - rtop) >> (8 * sizeof(rtop) - 1));
+        rp[i] &= v;
+    }
 
     r->top = max;
     r->flags |= BN_FLG_FIXED_TOP;
@@ -234,7 +133,7 @@ static int bn_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
     }
 
     if (bn_wexpand(ret, nl) == NULL)
-        return (0);
+        return 0;
     ret->top = nl;
     ret->flags |= BN_FLG_FIXED_TOP;
     ret->neg = r->neg;
@@ -258,13 +157,25 @@ static int bn_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
         ap[i] = 0;
     }
 
-    return (1);
+    return 1;
 }
 #endif                          /* MONT_WORD */
 
 int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
                        BN_CTX *ctx)
 {
+    int retn;
+
+    retn = bn_from_mont_fixed_top(ret, a, mont, ctx);
+    bn_correct_top(ret);
+    bn_check_top(ret);
+
+    return retn;
+}
+
+int bn_from_mont_fixed_top(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
+                           BN_CTX *ctx)
+{
     int retn = 0;
 #ifdef MONT_WORD
     BIGNUM *t;
@@ -272,8 +183,6 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
     BN_CTX_start(ctx);
     if ((t = BN_CTX_get(ctx)) && BN_copy(t, a)) {
         retn = bn_from_montgomery_word(ret, t, mont);
-        bn_correct_top(ret);
-        bn_check_top(ret);
     }
     BN_CTX_end(ctx);
 #else                           /* !MONT_WORD */
@@ -282,7 +191,7 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
     BN_CTX_start(ctx);
     t1 = BN_CTX_get(ctx);
     t2 = BN_CTX_get(ctx);
-    if (t1 == NULL || t2 == NULL)
+    if (t2 == NULL)
         goto err;
 
     if (!BN_copy(t1, a))
@@ -309,7 +218,7 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
  err:
     BN_CTX_end(ctx);
 #endif                          /* MONT_WORD */
-    return (retn);
+    return retn;
 }
 
 int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
@@ -322,20 +231,22 @@ BN_MONT_CTX *BN_MONT_CTX_new(void)
 {
     BN_MONT_CTX *ret;
 
-    if ((ret = (BN_MONT_CTX *)OPENSSL_malloc(sizeof(BN_MONT_CTX))) == NULL)
-        return (NULL);
+    if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) {
+        BNerr(BN_F_BN_MONT_CTX_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
 
     BN_MONT_CTX_init(ret);
     ret->flags = BN_FLG_MALLOCED;
-    return (ret);
+    return ret;
 }
 
 void BN_MONT_CTX_init(BN_MONT_CTX *ctx)
 {
     ctx->ri = 0;
-    BN_init(&(ctx->RR));
-    BN_init(&(ctx->N));
-    BN_init(&(ctx->Ni));
+    bn_init(&ctx->RR);
+    bn_init(&ctx->N);
+    bn_init(&ctx->Ni);
     ctx->n0[0] = ctx->n0[1] = 0;
     ctx->flags = 0;
 }
@@ -344,10 +255,9 @@ void BN_MONT_CTX_free(BN_MONT_CTX *mont)
 {
     if (mont == NULL)
         return;
-
-    BN_clear_free(&(mont->RR));
-    BN_clear_free(&(mont->N));
-    BN_clear_free(&(mont->Ni));
+    BN_clear_free(&mont->RR);
+    BN_clear_free(&mont->N);
+    BN_clear_free(&mont->Ni);
     if (mont->flags & BN_FLG_MALLOCED)
         OPENSSL_free(mont);
 }
@@ -375,7 +285,7 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
         BIGNUM tmod;
         BN_ULONG buf[2];
 
-        BN_init(&tmod);
+        bn_init(&tmod);
         tmod.d = buf;
         tmod.dmax = 2;
         tmod.neg = 0;
@@ -403,7 +313,9 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
         if ((buf[1] = mod->top > 1 ? mod->d[1] : 0))
             tmod.top = 2;
 
-        if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL)
+        if (BN_is_one(&tmod))
+            BN_zero(Ri);
+        else if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL)
             goto err;
         if (!BN_lshift(Ri, Ri, 2 * BN_BITS2))
             goto err;           /* R*Ri */
@@ -436,7 +348,9 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
         buf[1] = 0;
         tmod.top = buf[0] != 0 ? 1 : 0;
         /* Ri = R^-1 mod N */
-        if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL)
+        if (BN_is_one(&tmod))
+            BN_zero(Ri);
+        else if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL)
             goto err;
         if (!BN_lshift(Ri, Ri, BN_BITS2))
             goto err;           /* R*Ri */
@@ -499,7 +413,7 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
 BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from)
 {
     if (to == from)
-        return (to);
+        return to;
 
     if (!BN_copy(&(to->RR), &(from->RR)))
         return NULL;
@@ -510,17 +424,17 @@ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from)
     to->ri = from->ri;
     to->n0[0] = from->n0[0];
     to->n0[1] = from->n0[1];
-    return (to);
+    return to;
 }
 
-BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
+BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_RWLOCK *lock,
                                     const BIGNUM *mod, BN_CTX *ctx)
 {
     BN_MONT_CTX *ret;
 
-    CRYPTO_r_lock(lock);
+    CRYPTO_THREAD_read_lock(lock);
     ret = *pmont;
-    CRYPTO_r_unlock(lock);
+    CRYPTO_THREAD_unlock(lock);
     if (ret)
         return ret;
 
@@ -533,7 +447,7 @@ BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
      * (the losers throw away the work they've done).
      */
     ret = BN_MONT_CTX_new();
-    if (!ret)
+    if (ret == NULL)
         return NULL;
     if (!BN_MONT_CTX_set(ret, mod, ctx)) {
         BN_MONT_CTX_free(ret);
@@ -541,12 +455,12 @@ BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
     }
 
     /* The locked compare-and-set, after the local work is done. */
-    CRYPTO_w_lock(lock);
+    CRYPTO_THREAD_write_lock(lock);
     if (*pmont) {
         BN_MONT_CTX_free(ret);
         ret = *pmont;
     } else
         *pmont = ret;
-    CRYPTO_w_unlock(lock);
+    CRYPTO_THREAD_unlock(lock);
     return ret;
 }
diff --git a/freebsd/crypto/openssl/crypto/bn/bn_mpi.c b/freebsd/crypto/openssl/crypto/bn/bn_mpi.c
index d9a6ad32..4a7290ed 100644
--- a/freebsd/crypto/openssl/crypto/bn/bn_mpi.c
+++ b/freebsd/crypto/openssl/crypto/bn/bn_mpi.c
@@ -1,65 +1,16 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/bn/bn_mpi.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include "bn_lcl.h"
 
 int BN_bn2mpi(const BIGNUM *a, unsigned char *d)
@@ -90,41 +41,48 @@ int BN_bn2mpi(const BIGNUM *a, unsigned char *d)
     return (num + 4 + ext);
 }
 
-BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a)
+BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *ain)
 {
     long len;
     int neg = 0;
+    BIGNUM *a = NULL;
 
     if (n < 4) {
         BNerr(BN_F_BN_MPI2BN, BN_R_INVALID_LENGTH);
-        return (NULL);
+        return NULL;
     }
     len = ((long)d[0] << 24) | ((long)d[1] << 16) | ((int)d[2] << 8) | (int)
         d[3];
     if ((len + 4) != n) {
         BNerr(BN_F_BN_MPI2BN, BN_R_ENCODING_ERROR);
-        return (NULL);
+        return NULL;
     }
 
-    if (a == NULL)
+    if (ain == NULL)
         a = BN_new();
+    else
+        a = ain;
+
     if (a == NULL)
-        return (NULL);
+        return NULL;
 
     if (len == 0) {
         a->neg = 0;
         a->top = 0;
-        return (a);
+        return a;
     }
     d += 4;
     if ((*d) & 0x80)
         neg = 1;
-    if (BN_bin2bn(d, (int)len, a) == NULL)
-        return (NULL);
+    if (BN_bin2bn(d, (int)len, a) == NULL) {
+        if (ain == NULL)
+            BN_free(a);
+        return NULL;
+    }
     a->neg = neg;
     if (neg) {
         BN_clear_bit(a, BN_num_bits(a) - 1);
     }
     bn_check_top(a);
-    return (a);
+    return a;
 }
diff --git a/freebsd/crypto/openssl/crypto/bn/bn_mul.c b/freebsd/crypto/openssl/crypto/bn/bn_mul.c
index 2cd04c19..7ba7067f 100644
--- a/freebsd/crypto/openssl/crypto/bn/bn_mul.c
+++ b/freebsd/crypto/openssl/crypto/bn/bn_mul.c
@@ -1,71 +1,16 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/bn/bn_mul.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#ifndef BN_DEBUG
-# undef NDEBUG                  /* avoid conflicting definitions */
-# define NDEBUG
-#endif
-
-#include <stdio.h>
 #include <assert.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include "bn_lcl.h"
 
 #if defined(OPENSSL_NO_ASM) || !defined(OPENSSL_BN_ASM_PART_WORDS)
@@ -73,7 +18,7 @@
  * Here follows specialised variants of bn_add_words() and bn_sub_words().
  * They have the property performing operations on arrays of different sizes.
  * The sizes of those arrays is expressed through cl, which is the common
- * length ( basicall, min(len(a),len(b)) ), and dl, which is the delta
+ * length ( basically, min(len(a),len(b)) ), and dl, which is the delta
  * between the two lengths, calculated as len(a)-len(b). All lengths are the
  * number of BN_ULONGs...  For the operations that require a result array as
  * parameter, it must have the length cl+abs(dl). These functions should
@@ -98,10 +43,6 @@ BN_ULONG bn_sub_part_words(BN_ULONG *r,
     b += cl;
 
     if (dl < 0) {
-# ifdef BN_COUNT
-        fprintf(stderr, "  bn_sub_part_words %d + %d (dl < 0, c = %d)\n", cl,
-                dl, c);
-# endif
         for (;;) {
             t = b[0];
             r[0] = (0 - t - c) & BN_MASK2;
@@ -136,10 +77,6 @@ BN_ULONG bn_sub_part_words(BN_ULONG *r,
         }
     } else {
         int save_dl = dl;
-# ifdef BN_COUNT
-        fprintf(stderr, "  bn_sub_part_words %d + %d (dl > 0, c = %d)\n", cl,
-                dl, c);
-# endif
         while (c) {
             t = a[0];
             r[0] = (t - c) & BN_MASK2;
@@ -174,20 +111,18 @@ BN_ULONG bn_sub_part_words(BN_ULONG *r,
             r += 4;
         }
         if (dl > 0) {
-# ifdef BN_COUNT
-            fprintf(stderr, "  bn_sub_part_words %d + %d (dl > 0, c == 0)\n",
-                    cl, dl);
-# endif
             if (save_dl > dl) {
                 switch (save_dl - dl) {
                 case 1:
                     r[1] = a[1];
                     if (--dl <= 0)
                         break;
+                    /* fall thru */
                 case 2:
                     r[2] = a[2];
                     if (--dl <= 0)
                         break;
+                    /* fall thru */
                 case 3:
                     r[3] = a[3];
                     if (--dl <= 0)
@@ -198,10 +133,6 @@ BN_ULONG bn_sub_part_words(BN_ULONG *r,
             }
         }
         if (dl > 0) {
-# ifdef BN_COUNT
-            fprintf(stderr, "  bn_sub_part_words %d + %d (dl > 0, copy)\n",
-                    cl, dl);
-# endif
             for (;;) {
                 r[0] = a[0];
                 if (--dl <= 0)
@@ -225,189 +156,6 @@ BN_ULONG bn_sub_part_words(BN_ULONG *r,
 }
 #endif
 
-BN_ULONG bn_add_part_words(BN_ULONG *r,
-                           const BN_ULONG *a, const BN_ULONG *b,
-                           int cl, int dl)
-{
-    BN_ULONG c, l, t;
-
-    assert(cl >= 0);
-    c = bn_add_words(r, a, b, cl);
-
-    if (dl == 0)
-        return c;
-
-    r += cl;
-    a += cl;
-    b += cl;
-
-    if (dl < 0) {
-        int save_dl = dl;
-#ifdef BN_COUNT
-        fprintf(stderr, "  bn_add_part_words %d + %d (dl < 0, c = %d)\n", cl,
-                dl, c);
-#endif
-        while (c) {
-            l = (c + b[0]) & BN_MASK2;
-            c = (l < c);
-            r[0] = l;
-            if (++dl >= 0)
-                break;
-
-            l = (c + b[1]) & BN_MASK2;
-            c = (l < c);
-            r[1] = l;
-            if (++dl >= 0)
-                break;
-
-            l = (c + b[2]) & BN_MASK2;
-            c = (l < c);
-            r[2] = l;
-            if (++dl >= 0)
-                break;
-
-            l = (c + b[3]) & BN_MASK2;
-            c = (l < c);
-            r[3] = l;
-            if (++dl >= 0)
-                break;
-
-            save_dl = dl;
-            b += 4;
-            r += 4;
-        }
-        if (dl < 0) {
-#ifdef BN_COUNT
-            fprintf(stderr, "  bn_add_part_words %d + %d (dl < 0, c == 0)\n",
-                    cl, dl);
-#endif
-            if (save_dl < dl) {
-                switch (dl - save_dl) {
-                case 1:
-                    r[1] = b[1];
-                    if (++dl >= 0)
-                        break;
-                case 2:
-                    r[2] = b[2];
-                    if (++dl >= 0)
-                        break;
-                case 3:
-                    r[3] = b[3];
-                    if (++dl >= 0)
-                        break;
-                }
-                b += 4;
-                r += 4;
-            }
-        }
-        if (dl < 0) {
-#ifdef BN_COUNT
-            fprintf(stderr, "  bn_add_part_words %d + %d (dl < 0, copy)\n",
-                    cl, dl);
-#endif
-            for (;;) {
-                r[0] = b[0];
-                if (++dl >= 0)
-                    break;
-                r[1] = b[1];
-                if (++dl >= 0)
-                    break;
-                r[2] = b[2];
-                if (++dl >= 0)
-                    break;
-                r[3] = b[3];
-                if (++dl >= 0)
-                    break;
-
-                b += 4;
-                r += 4;
-            }
-        }
-    } else {
-        int save_dl = dl;
-#ifdef BN_COUNT
-        fprintf(stderr, "  bn_add_part_words %d + %d (dl > 0)\n", cl, dl);
-#endif
-        while (c) {
-            t = (a[0] + c) & BN_MASK2;
-            c = (t < c);
-            r[0] = t;
-            if (--dl <= 0)
-                break;
-
-            t = (a[1] + c) & BN_MASK2;
-            c = (t < c);
-            r[1] = t;
-            if (--dl <= 0)
-                break;
-
-            t = (a[2] + c) & BN_MASK2;
-            c = (t < c);
-            r[2] = t;
-            if (--dl <= 0)
-                break;
-
-            t = (a[3] + c) & BN_MASK2;
-            c = (t < c);
-            r[3] = t;
-            if (--dl <= 0)
-                break;
-
-            save_dl = dl;
-            a += 4;
-            r += 4;
-        }
-#ifdef BN_COUNT
-        fprintf(stderr, "  bn_add_part_words %d + %d (dl > 0, c == 0)\n", cl,
-                dl);
-#endif
-        if (dl > 0) {
-            if (save_dl > dl) {
-                switch (save_dl - dl) {
-                case 1:
-                    r[1] = a[1];
-                    if (--dl <= 0)
-                        break;
-                case 2:
-                    r[2] = a[2];
-                    if (--dl <= 0)
-                        break;
-                case 3:
-                    r[3] = a[3];
-                    if (--dl <= 0)
-                        break;
-                }
-                a += 4;
-                r += 4;
-            }
-        }
-        if (dl > 0) {
-#ifdef BN_COUNT
-            fprintf(stderr, "  bn_add_part_words %d + %d (dl > 0, copy)\n",
-                    cl, dl);
-#endif
-            for (;;) {
-                r[0] = a[0];
-                if (--dl <= 0)
-                    break;
-                r[1] = a[1];
-                if (--dl <= 0)
-                    break;
-                r[2] = a[2];
-                if (--dl <= 0)
-                    break;
-                r[3] = a[3];
-                if (--dl <= 0)
-                    break;
-
-                a += 4;
-                r += 4;
-            }
-        }
-    }
-    return c;
-}
-
 #ifdef BN_RECURSION
 /*
  * Karatsuba recursive multiplication algorithm (cf. Knuth, The Art of
@@ -434,9 +182,6 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
     unsigned int neg, zero;
     BN_ULONG ln, lo, *p;
 
-# ifdef BN_COUNT
-    fprintf(stderr, " bn_mul_recursive %d%+d * %d%+d\n", n2, dna, n2, dnb);
-# endif
 # ifdef BN_MUL_COMBA
 #  if 0
     if (n2 == 4) {
@@ -503,7 +248,7 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
         if (!zero)
             bn_mul_comba4(&(t[n2]), t, &(t[n]));
         else
-            memset(&(t[n2]), 0, 8 * sizeof(BN_ULONG));
+            memset(&t[n2], 0, sizeof(*t) * 8);
 
         bn_mul_comba4(r, a, b);
         bn_mul_comba4(&(r[n2]), &(a[n]), &(b[n]));
@@ -513,7 +258,7 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
         if (!zero)
             bn_mul_comba8(&(t[n2]), t, &(t[n]));
         else
-            memset(&(t[n2]), 0, 16 * sizeof(BN_ULONG));
+            memset(&t[n2], 0, sizeof(*t) * 16);
 
         bn_mul_comba8(r, a, b);
         bn_mul_comba8(&(r[n2]), &(a[n]), &(b[n]));
@@ -524,7 +269,7 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
         if (!zero)
             bn_mul_recursive(&(t[n2]), t, &(t[n]), n, 0, 0, p);
         else
-            memset(&(t[n2]), 0, n2 * sizeof(BN_ULONG));
+            memset(&t[n2], 0, sizeof(*t) * n2);
         bn_mul_recursive(r, a, b, n, 0, 0, p);
         bn_mul_recursive(&(r[n2]), &(a[n]), &(b[n]), n, dna, dnb, p);
     }
@@ -583,10 +328,6 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
     int c1, c2, neg;
     BN_ULONG ln, lo, *p;
 
-# ifdef BN_COUNT
-    fprintf(stderr, " bn_mul_part_recursive (%d%+d) * (%d%+d)\n",
-            n, tna, n, tnb);
-# endif
     if (n < 8) {
         bn_mul_normal(r, a, n + tna, b, n + tnb);
         return;
@@ -602,7 +343,6 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
         bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */
         break;
     case -3:
-        /* break; */
     case -2:
         bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */
         bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n); /* + */
@@ -611,14 +351,12 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
     case -1:
     case 0:
     case 1:
-        /* break; */
     case 2:
         bn_sub_part_words(t, a, &(a[n]), tna, n - tna); /* + */
         bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */
         neg = 1;
         break;
     case 3:
-        /* break; */
     case 4:
         bn_sub_part_words(t, a, &(a[n]), tna, n - tna);
         bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n);
@@ -633,14 +371,14 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
         bn_mul_comba4(&(t[n2]), t, &(t[n]));
         bn_mul_comba4(r, a, b);
         bn_mul_normal(&(r[n2]), &(a[n]), tn, &(b[n]), tn);
-        memset(&(r[n2 + tn * 2]), 0, sizeof(BN_ULONG) * (n2 - tn * 2));
+        memset(&r[n2 + tn * 2], 0, sizeof(*r) * (n2 - tn * 2));
     } else
 # endif
     if (n == 8) {
         bn_mul_comba8(&(t[n2]), t, &(t[n]));
         bn_mul_comba8(r, a, b);
         bn_mul_normal(&(r[n2]), &(a[n]), tna, &(b[n]), tnb);
-        memset(&(r[n2 + tna + tnb]), 0, sizeof(BN_ULONG) * (n2 - tna - tnb));
+        memset(&r[n2 + tna + tnb], 0, sizeof(*r) * (n2 - tna - tnb));
     } else {
         p = &(t[n2 * 2]);
         bn_mul_recursive(&(t[n2]), t, &(t[n]), n, 0, 0, p);
@@ -656,7 +394,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
         if (j == 0) {
             bn_mul_recursive(&(r[n2]), &(a[n]), &(b[n]),
                              i, tna - i, tnb - i, p);
-            memset(&(r[n2 + i * 2]), 0, sizeof(BN_ULONG) * (n2 - i * 2));
+            memset(&r[n2 + i * 2], 0, sizeof(*r) * (n2 - i * 2));
         } else if (j > 0) {     /* eg, n == 16, i == 8 and tn == 11 */
             bn_mul_part_recursive(&(r[n2]), &(a[n]), &(b[n]),
                                   i, tna - i, tnb - i, p);
@@ -664,7 +402,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
                    sizeof(BN_ULONG) * (n2 - tna - tnb));
         } else {                /* (j < 0) eg, n == 16, i == 8 and tn == 5 */
 
-            memset(&(r[n2]), 0, sizeof(BN_ULONG) * n2);
+            memset(&r[n2], 0, sizeof(*r) * n2);
             if (tna < BN_MUL_RECURSIVE_SIZE_NORMAL
                 && tnb < BN_MUL_RECURSIVE_SIZE_NORMAL) {
                 bn_mul_normal(&(r[n2]), &(a[n]), tna, &(b[n]), tnb);
@@ -743,10 +481,6 @@ void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
 {
     int n = n2 / 2;
 
-# ifdef BN_COUNT
-    fprintf(stderr, " bn_mul_low_recursive %d * %d\n", n2, n2);
-# endif
-
     bn_mul_recursive(r, a, b, n, 0, 0, &(t[0]));
     if (n >= BN_MUL_LOW_RECURSIVE_SIZE_NORMAL) {
         bn_mul_low_recursive(&(t[0]), &(a[0]), &(b[n]), n, &(t[n2]));
@@ -760,183 +494,19 @@ void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
         bn_add_words(&(r[n]), &(r[n]), &(t[n]), n);
     }
 }
+#endif                          /* BN_RECURSION */
 
-/*-
- * a and b must be the same size, which is n2.
- * r needs to be n2 words and t needs to be n2*2
- * l is the low words of the output.
- * t needs to be n2*3
- */
-void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2,
-                 BN_ULONG *t)
+int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
 {
-    int i, n;
-    int c1, c2;
-    int neg, oneg, zero;
-    BN_ULONG ll, lc, *lp, *mp;
-
-# ifdef BN_COUNT
-    fprintf(stderr, " bn_mul_high %d * %d\n", n2, n2);
-# endif
-    n = n2 / 2;
+    int ret = bn_mul_fixed_top(r, a, b, ctx);
 
-    /* Calculate (al-ah)*(bh-bl) */
-    neg = zero = 0;
-    c1 = bn_cmp_words(&(a[0]), &(a[n]), n);
-    c2 = bn_cmp_words(&(b[n]), &(b[0]), n);
-    switch (c1 * 3 + c2) {
-    case -4:
-        bn_sub_words(&(r[0]), &(a[n]), &(a[0]), n);
-        bn_sub_words(&(r[n]), &(b[0]), &(b[n]), n);
-        break;
-    case -3:
-        zero = 1;
-        break;
-    case -2:
-        bn_sub_words(&(r[0]), &(a[n]), &(a[0]), n);
-        bn_sub_words(&(r[n]), &(b[n]), &(b[0]), n);
-        neg = 1;
-        break;
-    case -1:
-    case 0:
-    case 1:
-        zero = 1;
-        break;
-    case 2:
-        bn_sub_words(&(r[0]), &(a[0]), &(a[n]), n);
-        bn_sub_words(&(r[n]), &(b[0]), &(b[n]), n);
-        neg = 1;
-        break;
-    case 3:
-        zero = 1;
-        break;
-    case 4:
-        bn_sub_words(&(r[0]), &(a[0]), &(a[n]), n);
-        bn_sub_words(&(r[n]), &(b[n]), &(b[0]), n);
-        break;
-    }
-
-    oneg = neg;
-    /* t[10] = (a[0]-a[1])*(b[1]-b[0]) */
-    /* r[10] = (a[1]*b[1]) */
-# ifdef BN_MUL_COMBA
-    if (n == 8) {
-        bn_mul_comba8(&(t[0]), &(r[0]), &(r[n]));
-        bn_mul_comba8(r, &(a[n]), &(b[n]));
-    } else
-# endif
-    {
-        bn_mul_recursive(&(t[0]), &(r[0]), &(r[n]), n, 0, 0, &(t[n2]));
-        bn_mul_recursive(r, &(a[n]), &(b[n]), n, 0, 0, &(t[n2]));
-    }
-
-    /*-
-     * s0 == low(al*bl)
-     * s1 == low(ah*bh)+low((al-ah)*(bh-bl))+low(al*bl)+high(al*bl)
-     * We know s0 and s1 so the only unknown is high(al*bl)
-     * high(al*bl) == s1 - low(ah*bh+s0+(al-ah)*(bh-bl))
-     * high(al*bl) == s1 - (r[0]+l[0]+t[0])
-     */
-    if (l != NULL) {
-        lp = &(t[n2 + n]);
-        c1 = (int)(bn_add_words(lp, &(r[0]), &(l[0]), n));
-    } else {
-        c1 = 0;
-        lp = &(r[0]);
-    }
-
-    if (neg)
-        neg = (int)(bn_sub_words(&(t[n2]), lp, &(t[0]), n));
-    else {
-        bn_add_words(&(t[n2]), lp, &(t[0]), n);
-        neg = 0;
-    }
-
-    if (l != NULL) {
-        bn_sub_words(&(t[n2 + n]), &(l[n]), &(t[n2]), n);
-    } else {
-        lp = &(t[n2 + n]);
-        mp = &(t[n2]);
-        for (i = 0; i < n; i++)
-            lp[i] = ((~mp[i]) + 1) & BN_MASK2;
-    }
-
-    /*-
-     * s[0] = low(al*bl)
-     * t[3] = high(al*bl)
-     * t[10] = (a[0]-a[1])*(b[1]-b[0]) neg is the sign
-     * r[10] = (a[1]*b[1])
-     */
-    /*-
-     * R[10] = al*bl
-     * R[21] = al*bl + ah*bh + (a[0]-a[1])*(b[1]-b[0])
-     * R[32] = ah*bh
-     */
-    /*-
-     * R[1]=t[3]+l[0]+r[0](+-)t[0] (have carry/borrow)
-     * R[2]=r[0]+t[3]+r[1](+-)t[1] (have carry/borrow)
-     * R[3]=r[1]+(carry/borrow)
-     */
-    if (l != NULL) {
-        lp = &(t[n2]);
-        c1 = (int)(bn_add_words(lp, &(t[n2 + n]), &(l[0]), n));
-    } else {
-        lp = &(t[n2 + n]);
-        c1 = 0;
-    }
-    c1 += (int)(bn_add_words(&(t[n2]), lp, &(r[0]), n));
-    if (oneg)
-        c1 -= (int)(bn_sub_words(&(t[n2]), &(t[n2]), &(t[0]), n));
-    else
-        c1 += (int)(bn_add_words(&(t[n2]), &(t[n2]), &(t[0]), n));
-
-    c2 = (int)(bn_add_words(&(r[0]), &(r[0]), &(t[n2 + n]), n));
-    c2 += (int)(bn_add_words(&(r[0]), &(r[0]), &(r[n]), n));
-    if (oneg)
-        c2 -= (int)(bn_sub_words(&(r[0]), &(r[0]), &(t[n]), n));
-    else
-        c2 += (int)(bn_add_words(&(r[0]), &(r[0]), &(t[n]), n));
+    bn_correct_top(r);
+    bn_check_top(r);
 
-    if (c1 != 0) {              /* Add starting at r[0], could be +ve or -ve */
-        i = 0;
-        if (c1 > 0) {
-            lc = c1;
-            do {
-                ll = (r[i] + lc) & BN_MASK2;
-                r[i++] = ll;
-                lc = (lc > ll);
-            } while (lc);
-        } else {
-            lc = -c1;
-            do {
-                ll = r[i];
-                r[i++] = (ll - lc) & BN_MASK2;
-                lc = (lc > ll);
-            } while (lc);
-        }
-    }
-    if (c2 != 0) {              /* Add starting at r[1] */
-        i = n;
-        if (c2 > 0) {
-            lc = c2;
-            do {
-                ll = (r[i] + lc) & BN_MASK2;
-                r[i++] = ll;
-                lc = (lc > ll);
-            } while (lc);
-        } else {
-            lc = -c2;
-            do {
-                ll = r[i];
-                r[i++] = (ll - lc) & BN_MASK2;
-                lc = (lc > ll);
-            } while (lc);
-        }
-    }
+    return ret;
 }
-#endif                          /* BN_RECURSION */
 
-int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+int bn_mul_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
 {
     int ret = 0;
     int top, al, bl;
@@ -949,10 +519,6 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
     int j = 0, k;
 #endif
 
-#ifdef BN_COUNT
-    fprintf(stderr, "BN_mul %d * %d\n", a->top, b->top);
-#endif
-
     bn_check_top(a);
     bn_check_top(b);
     bn_check_top(r);
@@ -962,7 +528,7 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
 
     if ((al == 0) || (bl == 0)) {
         BN_zero(r);
-        return (1);
+        return 1;
     }
     top = al + bl;
 
@@ -972,7 +538,6 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
             goto err;
     } else
         rr = r;
-    rr->neg = a->neg ^ b->neg;
 
 #if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
     i = al - bl;
@@ -1044,7 +609,8 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
 #if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
  end:
 #endif
-    bn_correct_top(rr);
+    rr->neg = a->neg ^ b->neg;
+    rr->flags |= BN_FLG_FIXED_TOP;
     if (r != rr && BN_copy(r, rr) == NULL)
         goto err;
 
@@ -1052,17 +618,13 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
  err:
     bn_check_top(r);
     BN_CTX_end(ctx);
-    return (ret);
+    return ret;
 }
 
 void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb)
 {
     BN_ULONG *rr;
 
-#ifdef BN_COUNT
-    fprintf(stderr, " bn_mul_normal %d * %d\n", na, nb);
-#endif
-
     if (na < nb) {
         int itmp;
         BN_ULONG *ltmp;
@@ -1103,9 +665,6 @@ void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb)
 
 void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
 {
-#ifdef BN_COUNT
-    fprintf(stderr, " bn_mul_low_normal %d * %d\n", n, n);
-#endif
     bn_mul_words(r, a, n, b[0]);
 
     for (;;) {
diff --git a/freebsd/crypto/openssl/crypto/bn/bn_nist.c b/freebsd/crypto/openssl/crypto/bn/bn_nist.c
index 6741cb26..69852bda 100644
--- a/freebsd/crypto/openssl/crypto/bn/bn_nist.c
+++ b/freebsd/crypto/openssl/crypto/bn/bn_nist.c
@@ -1,65 +1,16 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/bn/bn_nist.c */
 /*
- * Written by Nils Larsch for the OpenSSL project
- */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include "bn_lcl.h"
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 
 #define BN_NIST_192_TOP (192+BN_BITS2-1)/BN_BITS2
 #define BN_NIST_224_TOP (224+BN_BITS2-1)/BN_BITS2
@@ -305,7 +256,7 @@ static void nist_cp_bn_0(BN_ULONG *dst, const BN_ULONG *src, int top, int max)
     int i;
 
 #ifdef BN_DEBUG
-    OPENSSL_assert(top <= max);
+    (void)ossl_assert(top <= max);
 #endif
     for (i = 0; i < top; i++)
         dst[i] = src[i];
@@ -381,8 +332,8 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
     PTR_SIZE_INT mask;
     static const BIGNUM _bignum_nist_p_192_sqr = {
         (BN_ULONG *)_nist_p_192_sqr,
-        sizeof(_nist_p_192_sqr) / sizeof(_nist_p_192_sqr[0]),
-        sizeof(_nist_p_192_sqr) / sizeof(_nist_p_192_sqr[0]),
+        OSSL_NELEM(_nist_p_192_sqr),
+        OSSL_NELEM(_nist_p_192_sqr),
         0, BN_FLG_STATIC_DATA
     };
 
@@ -526,8 +477,8 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
     } u;
     static const BIGNUM _bignum_nist_p_224_sqr = {
         (BN_ULONG *)_nist_p_224_sqr,
-        sizeof(_nist_p_224_sqr) / sizeof(_nist_p_224_sqr[0]),
-        sizeof(_nist_p_224_sqr) / sizeof(_nist_p_224_sqr[0]),
+        OSSL_NELEM(_nist_p_224_sqr),
+        OSSL_NELEM(_nist_p_224_sqr),
         0, BN_FLG_STATIC_DATA
     };
 
@@ -647,7 +598,7 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 #endif
     } else if (carry < 0) {
         /*
-         * it's a bit more comlicated logic in this case. if bn_add_words
+         * it's a bit more complicated logic in this case. if bn_add_words
          * yields no carry, then result has to be adjusted by unconditionally
          * *adding* the modulus. but if it does, then result has to be
          * compared to the modulus and conditionally adjusted by
@@ -707,8 +658,8 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
     } u;
     static const BIGNUM _bignum_nist_p_256_sqr = {
         (BN_ULONG *)_nist_p_256_sqr,
-        sizeof(_nist_p_256_sqr) / sizeof(_nist_p_256_sqr[0]),
-        sizeof(_nist_p_256_sqr) / sizeof(_nist_p_256_sqr[0]),
+        OSSL_NELEM(_nist_p_256_sqr),
+        OSSL_NELEM(_nist_p_256_sqr),
         0, BN_FLG_STATIC_DATA
     };
 
@@ -953,8 +904,8 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
     } u;
     static const BIGNUM _bignum_nist_p_384_sqr = {
         (BN_ULONG *)_nist_p_384_sqr,
-        sizeof(_nist_p_384_sqr) / sizeof(_nist_p_384_sqr[0]),
-        sizeof(_nist_p_384_sqr) / sizeof(_nist_p_384_sqr[0]),
+        OSSL_NELEM(_nist_p_384_sqr),
+        OSSL_NELEM(_nist_p_384_sqr),
         0, BN_FLG_STATIC_DATA
     };
 
@@ -1211,8 +1162,8 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
     PTR_SIZE_INT mask;
     static const BIGNUM _bignum_nist_p_521_sqr = {
         (BN_ULONG *)_nist_p_521_sqr,
-        sizeof(_nist_p_521_sqr) / sizeof(_nist_p_521_sqr[0]),
-        sizeof(_nist_p_521_sqr) / sizeof(_nist_p_521_sqr[0]),
+        OSSL_NELEM(_nist_p_521_sqr),
+        OSSL_NELEM(_nist_p_521_sqr),
         0, BN_FLG_STATIC_DATA
     };
 
@@ -1241,9 +1192,20 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
                  top - (BN_NIST_521_TOP - 1), BN_NIST_521_TOP);
     /* ... and right shift */
     for (val = t_d[0], i = 0; i < BN_NIST_521_TOP - 1; i++) {
+#if 0
+        /*
+         * MSC ARM compiler [version 2013, presumably even earlier,
+         * much earlier] miscompiles this code, but not one in
+         * #else section. See RT#3541.
+         */
+        tmp = val >> BN_NIST_521_RSHIFT;
+        val = t_d[i + 1];
+        t_d[i] = (tmp | val << BN_NIST_521_LSHIFT) & BN_MASK2;
+#else
         t_d[i] = (val >> BN_NIST_521_RSHIFT |
                   (tmp = t_d[i + 1]) << BN_NIST_521_LSHIFT) & BN_MASK2;
         val = tmp;
+#endif
     }
     t_d[i] = val >> BN_NIST_521_RSHIFT;
     /* lower 521 bits */
@@ -1262,3 +1224,18 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 
     return 1;
 }
+
+int (*BN_nist_mod_func(const BIGNUM *p)) (BIGNUM *r, const BIGNUM *a,
+                                          const BIGNUM *field, BN_CTX *ctx) {
+    if (BN_ucmp(&_bignum_nist_p_192, p) == 0)
+        return BN_nist_mod_192;
+    if (BN_ucmp(&_bignum_nist_p_224, p) == 0)
+        return BN_nist_mod_224;
+    if (BN_ucmp(&_bignum_nist_p_256, p) == 0)
+        return BN_nist_mod_256;
+    if (BN_ucmp(&_bignum_nist_p_384, p) == 0)
+        return BN_nist_mod_384;
+    if (BN_ucmp(&_bignum_nist_p_521, p) == 0)
+        return BN_nist_mod_521;
+    return 0;
+}
diff --git a/freebsd/crypto/openssl/crypto/bn/bn_prime.c b/freebsd/crypto/openssl/crypto/bn/bn_prime.c
index 95b5efaa..9e924a55 100644
--- a/freebsd/crypto/openssl/crypto/bn/bn_prime.c
+++ b/freebsd/crypto/openssl/crypto/bn/bn_prime.c
@@ -1,127 +1,18 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/bn/bn_prime.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <time.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include "bn_lcl.h"
-#include <openssl/rand.h>
-
-/*
- * NB: these functions have been "upgraded", the deprecated versions (which
- * are compatibility wrappers using these functions) are in bn_depr.c. -
- * Geoff
- */
 
 /*
  * The quick sieve algorithm approach to weeding out primes is Philip
@@ -133,12 +24,10 @@
 static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
                    const BIGNUM *a1_odd, int k, BN_CTX *ctx,
                    BN_MONT_CTX *mont);
-static int probable_prime(BIGNUM *rnd, int bits);
-static int probable_prime_dh(BIGNUM *rnd, int bits,
-                             const BIGNUM *add, const BIGNUM *rem,
-                             BN_CTX *ctx);
-static int probable_prime_dh_safe(BIGNUM *rnd, int bits, const BIGNUM *add,
-                                  const BIGNUM *rem, BN_CTX *ctx);
+static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods);
+static int probable_prime_dh_safe(BIGNUM *rnd, int bits,
+                                  const BIGNUM *add, const BIGNUM *rem,
+                                  BN_CTX *ctx);
 
 int BN_GENCB_call(BN_GENCB *cb, int a, int b)
 {
@@ -168,31 +57,46 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
     BIGNUM *t;
     int found = 0;
     int i, j, c1 = 0;
-    BN_CTX *ctx;
+    BN_CTX *ctx = NULL;
+    prime_t *mods = NULL;
     int checks = BN_prime_checks_for_size(bits);
 
+    if (bits < 2) {
+        /* There are no prime numbers this small. */
+        BNerr(BN_F_BN_GENERATE_PRIME_EX, BN_R_BITS_TOO_SMALL);
+        return 0;
+    } else if (bits == 2 && safe) {
+        /* The smallest safe prime (7) is three bits. */
+        BNerr(BN_F_BN_GENERATE_PRIME_EX, BN_R_BITS_TOO_SMALL);
+        return 0;
+    }
+
+    mods = OPENSSL_zalloc(sizeof(*mods) * NUMPRIMES);
+    if (mods == NULL)
+        goto err;
+
     ctx = BN_CTX_new();
     if (ctx == NULL)
         goto err;
     BN_CTX_start(ctx);
     t = BN_CTX_get(ctx);
-    if (!t)
+    if (t == NULL)
         goto err;
  loop:
     /* make a random number and set the top and bottom bits */
     if (add == NULL) {
-        if (!probable_prime(ret, bits))
+        if (!probable_prime(ret, bits, mods))
             goto err;
     } else {
         if (safe) {
             if (!probable_prime_dh_safe(ret, bits, add, rem, ctx))
                 goto err;
         } else {
-            if (!probable_prime_dh(ret, bits, add, rem, ctx))
+            if (!bn_probable_prime_dh(ret, bits, add, rem, ctx))
                 goto err;
         }
     }
-    /* if (BN_mod_word(ret,(BN_ULONG)3) == 1) goto loop; */
+
     if (!BN_GENCB_call(cb, 0, c1++))
         /* aborted */
         goto err;
@@ -232,10 +136,10 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
     /* we have a prime :-) */
     found = 1;
  err:
-    if (ctx != NULL) {
+    OPENSSL_free(mods);
+    if (ctx != NULL)
         BN_CTX_end(ctx);
-        BN_CTX_free(ctx);
-    }
+    BN_CTX_free(ctx);
     bn_check_top(ret);
     return found;
 }
@@ -252,23 +156,29 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
     int i, j, ret = -1;
     int k;
     BN_CTX *ctx = NULL;
-    BIGNUM *A1, *A1_odd, *check; /* taken from ctx */
+    BIGNUM *A1, *A1_odd, *A3, *check; /* taken from ctx */
     BN_MONT_CTX *mont = NULL;
 
-    if (BN_cmp(a, BN_value_one()) <= 0)
+    /* Take care of the really small primes 2 & 3 */
+    if (BN_is_word(a, 2) || BN_is_word(a, 3))
+        return 1;
+
+    /* Check odd and bigger than 1 */
+    if (!BN_is_odd(a) || BN_cmp(a, BN_value_one()) <= 0)
         return 0;
 
     if (checks == BN_prime_checks)
         checks = BN_prime_checks_for_size(BN_num_bits(a));
 
     /* first look for small factors */
-    if (!BN_is_odd(a))
-        /* a is even => a is prime if and only if a == 2 */
-        return BN_is_word(a, 2);
     if (do_trial_division) {
-        for (i = 1; i < NUMPRIMES; i++)
-            if (BN_mod_word(a, primes[i]) == 0)
-                return 0;
+        for (i = 1; i < NUMPRIMES; i++) {
+            BN_ULONG mod = BN_mod_word(a, primes[i]);
+            if (mod == (BN_ULONG)-1)
+                goto err;
+            if (mod == 0)
+                return BN_is_word(a, primes[i]);
+        }
         if (!BN_GENCB_call(cb, 1, -1))
             goto err;
     }
@@ -280,20 +190,18 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
     BN_CTX_start(ctx);
 
     A1 = BN_CTX_get(ctx);
+    A3 = BN_CTX_get(ctx);
     A1_odd = BN_CTX_get(ctx);
     check = BN_CTX_get(ctx);
     if (check == NULL)
         goto err;
 
     /* compute A1 := a - 1 */
-    if (!BN_copy(A1, a))
+    if (!BN_copy(A1, a) || !BN_sub_word(A1, 1))
         goto err;
-    if (!BN_sub_word(A1, 1))
+    /* compute A3 := a - 3 */
+    if (!BN_copy(A3, a) || !BN_sub_word(A3, 3))
         goto err;
-    if (BN_is_zero(A1)) {
-        ret = 0;
-        goto err;
-    }
 
     /* write  A1  as  A1_odd * 2^k */
     k = 1;
@@ -310,11 +218,9 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
         goto err;
 
     for (i = 0; i < checks; i++) {
-        if (!BN_pseudo_rand_range(check, A1))
+        /* 1 < check < a-1 */
+        if (!BN_priv_rand_range(check, A3) || !BN_add_word(check, 2))
             goto err;
-        if (!BN_add_word(check, 1))
-            goto err;
-        /* now 1 <= check < a */
 
         j = witness(check, a, A1, A1_odd, k, ctx, mont);
         if (j == -1)
@@ -333,10 +239,9 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
         if (ctx_passed == NULL)
             BN_CTX_free(ctx);
     }
-    if (mont != NULL)
-        BN_MONT_CTX_free(mont);
+    BN_MONT_CTX_free(mont);
 
-    return (ret);
+    return ret;
 }
 
 static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
@@ -366,41 +271,91 @@ static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
     return 1;
 }
 
-static int probable_prime(BIGNUM *rnd, int bits)
+static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods)
 {
     int i;
-    prime_t mods[NUMPRIMES];
-    BN_ULONG delta, maxdelta;
+    BN_ULONG delta;
+    BN_ULONG maxdelta = BN_MASK2 - primes[NUMPRIMES - 1];
+    char is_single_word = bits <= BN_BITS2;
 
  again:
-    if (!BN_rand(rnd, bits, 1, 1))
-        return (0);
-    /* we now have a random number 'rand' to test. */
-    for (i = 1; i < NUMPRIMES; i++)
-        mods[i] = (prime_t) BN_mod_word(rnd, (BN_ULONG)primes[i]);
-    maxdelta = BN_MASK2 - primes[NUMPRIMES - 1];
+    /* TODO: Not all primes are private */
+    if (!BN_priv_rand(rnd, bits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ODD))
+        return 0;
+    /* we now have a random number 'rnd' to test. */
+    for (i = 1; i < NUMPRIMES; i++) {
+        BN_ULONG mod = BN_mod_word(rnd, (BN_ULONG)primes[i]);
+        if (mod == (BN_ULONG)-1)
+            return 0;
+        mods[i] = (prime_t) mod;
+    }
+    /*
+     * If bits is so small that it fits into a single word then we
+     * additionally don't want to exceed that many bits.
+     */
+    if (is_single_word) {
+        BN_ULONG size_limit;
+
+        if (bits == BN_BITS2) {
+            /*
+             * Shifting by this much has undefined behaviour so we do it a
+             * different way
+             */
+            size_limit = ~((BN_ULONG)0) - BN_get_word(rnd);
+        } else {
+            size_limit = (((BN_ULONG)1) << bits) - BN_get_word(rnd) - 1;
+        }
+        if (size_limit < maxdelta)
+            maxdelta = size_limit;
+    }
     delta = 0;
- loop:for (i = 1; i < NUMPRIMES; i++) {
-        /*
-         * check that rnd is not a prime and also that gcd(rnd-1,primes) == 1
-         * (except for 2)
+ loop:
+    if (is_single_word) {
+        BN_ULONG rnd_word = BN_get_word(rnd);
+
+        /*-
+         * In the case that the candidate prime is a single word then
+         * we check that:
+         *   1) It's greater than primes[i] because we shouldn't reject
+         *      3 as being a prime number because it's a multiple of
+         *      three.
+         *   2) That it's not a multiple of a known prime. We don't
+         *      check that rnd-1 is also coprime to all the known
+         *      primes because there aren't many small primes where
+         *      that's true.
          */
-        if (((mods[i] + delta) % primes[i]) <= 1) {
-            delta += 2;
-            if (delta > maxdelta)
-                goto again;
-            goto loop;
+        for (i = 1; i < NUMPRIMES && primes[i] < rnd_word; i++) {
+            if ((mods[i] + delta) % primes[i] == 0) {
+                delta += 2;
+                if (delta > maxdelta)
+                    goto again;
+                goto loop;
+            }
+        }
+    } else {
+        for (i = 1; i < NUMPRIMES; i++) {
+            /*
+             * check that rnd is not a prime and also that gcd(rnd-1,primes)
+             * == 1 (except for 2)
+             */
+            if (((mods[i] + delta) % primes[i]) <= 1) {
+                delta += 2;
+                if (delta > maxdelta)
+                    goto again;
+                goto loop;
+            }
         }
     }
     if (!BN_add_word(rnd, delta))
-        return (0);
+        return 0;
+    if (BN_num_bits(rnd) != bits)
+        goto again;
     bn_check_top(rnd);
-    return (1);
+    return 1;
 }
 
-static int probable_prime_dh(BIGNUM *rnd, int bits,
-                             const BIGNUM *add, const BIGNUM *rem,
-                             BN_CTX *ctx)
+int bn_probable_prime_dh(BIGNUM *rnd, int bits,
+                         const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx)
 {
     int i, ret = 0;
     BIGNUM *t1;
@@ -409,7 +364,7 @@ static int probable_prime_dh(BIGNUM *rnd, int bits,
     if ((t1 = BN_CTX_get(ctx)) == NULL)
         goto err;
 
-    if (!BN_rand(rnd, bits, 0, 1))
+    if (!BN_rand(rnd, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD))
         goto err;
 
     /* we need ((rnd-rem) % add) == 0 */
@@ -428,19 +383,24 @@ static int probable_prime_dh(BIGNUM *rnd, int bits,
 
     /* we now have a random number 'rand' to test. */
 
- loop:for (i = 1; i < NUMPRIMES; i++) {
+ loop:
+    for (i = 1; i < NUMPRIMES; i++) {
         /* check that rnd is a prime */
-        if (BN_mod_word(rnd, (BN_ULONG)primes[i]) <= 1) {
+        BN_ULONG mod = BN_mod_word(rnd, (BN_ULONG)primes[i]);
+        if (mod == (BN_ULONG)-1)
+            goto err;
+        if (mod <= 1) {
             if (!BN_add(rnd, rnd, add))
                 goto err;
             goto loop;
         }
     }
     ret = 1;
+
  err:
     BN_CTX_end(ctx);
     bn_check_top(rnd);
-    return (ret);
+    return ret;
 }
 
 static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd,
@@ -460,7 +420,7 @@ static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd,
     if (!BN_rshift1(qadd, padd))
         goto err;
 
-    if (!BN_rand(q, bits, 0, 1))
+    if (!BN_rand(q, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD))
         goto err;
 
     /* we need ((rnd-rem) % add) == 0 */
@@ -484,13 +444,17 @@ static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd,
     if (!BN_add_word(p, 1))
         goto err;
 
- loop:for (i = 1; i < NUMPRIMES; i++) {
+ loop:
+    for (i = 1; i < NUMPRIMES; i++) {
         /* check that p and q are prime */
         /*
          * check that for p and q gcd(p-1,primes) == 1 (except for 2)
          */
-        if ((BN_mod_word(p, (BN_ULONG)primes[i]) == 0) ||
-            (BN_mod_word(q, (BN_ULONG)primes[i]) == 0)) {
+        BN_ULONG pmod = BN_mod_word(p, (BN_ULONG)primes[i]);
+        BN_ULONG qmod = BN_mod_word(q, (BN_ULONG)primes[i]);
+        if (pmod == (BN_ULONG)-1 || qmod == (BN_ULONG)-1)
+            goto err;
+        if (pmod == 0 || qmod == 0) {
             if (!BN_add(p, p, padd))
                 goto err;
             if (!BN_add(q, q, qadd))
@@ -499,8 +463,9 @@ static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd,
         }
     }
     ret = 1;
+
  err:
     BN_CTX_end(ctx);
     bn_check_top(p);
-    return (ret);
+    return ret;
 }
diff --git a/freebsd/crypto/openssl/crypto/bn/bn_prime.h b/freebsd/crypto/openssl/crypto/bn/bn_prime.h
index 489af8b4..a64c9630 100644
--- a/freebsd/crypto/openssl/crypto/bn/bn_prime.h
+++ b/freebsd/crypto/openssl/crypto/bn/bn_prime.h
@@ -1,326 +1,273 @@
-/* Auto generated by bn_prime.pl */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * WARNING: do not edit!
+ * Generated by crypto/bn/bn_prime.pl
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
+ * Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#ifndef EIGHT_BIT
-# define NUMPRIMES 2048
 typedef unsigned short prime_t;
-#else
-# define NUMPRIMES 54
-typedef unsigned char prime_t;
-#endif
-static const prime_t primes[NUMPRIMES] = {
-         2,     3,     5,     7,    11,    13,    17,    19,
-        23,    29,    31,    37,    41,    43,    47,    53,
-        59,    61,    67,    71,    73,    79,    83,    89,
-        97,   101,   103,   107,   109,   113,   127,   131,
-       137,   139,   149,   151,   157,   163,   167,   173,
-       179,   181,   191,   193,   197,   199,   211,   223,
-       227,   229,   233,   239,   241,   251,
-#ifndef EIGHT_BIT
-       257,   263,
-       269,   271,   277,   281,   283,   293,   307,   311,
-       313,   317,   331,   337,   347,   349,   353,   359,
-       367,   373,   379,   383,   389,   397,   401,   409,
-       419,   421,   431,   433,   439,   443,   449,   457,
-       461,   463,   467,   479,   487,   491,   499,   503,
-       509,   521,   523,   541,   547,   557,   563,   569,
-       571,   577,   587,   593,   599,   601,   607,   613,
-       617,   619,   631,   641,   643,   647,   653,   659,
-       661,   673,   677,   683,   691,   701,   709,   719,
-       727,   733,   739,   743,   751,   757,   761,   769,
-       773,   787,   797,   809,   811,   821,   823,   827,
-       829,   839,   853,   857,   859,   863,   877,   881,
-       883,   887,   907,   911,   919,   929,   937,   941,
-       947,   953,   967,   971,   977,   983,   991,   997,
-      1009,  1013,  1019,  1021,  1031,  1033,  1039,  1049,
-      1051,  1061,  1063,  1069,  1087,  1091,  1093,  1097,
-      1103,  1109,  1117,  1123,  1129,  1151,  1153,  1163,
-      1171,  1181,  1187,  1193,  1201,  1213,  1217,  1223,
-      1229,  1231,  1237,  1249,  1259,  1277,  1279,  1283,
-      1289,  1291,  1297,  1301,  1303,  1307,  1319,  1321,
-      1327,  1361,  1367,  1373,  1381,  1399,  1409,  1423,
-      1427,  1429,  1433,  1439,  1447,  1451,  1453,  1459,
-      1471,  1481,  1483,  1487,  1489,  1493,  1499,  1511,
-      1523,  1531,  1543,  1549,  1553,  1559,  1567,  1571,
-      1579,  1583,  1597,  1601,  1607,  1609,  1613,  1619,
-      1621,  1627,  1637,  1657,  1663,  1667,  1669,  1693,
-      1697,  1699,  1709,  1721,  1723,  1733,  1741,  1747,
-      1753,  1759,  1777,  1783,  1787,  1789,  1801,  1811,
-      1823,  1831,  1847,  1861,  1867,  1871,  1873,  1877,
-      1879,  1889,  1901,  1907,  1913,  1931,  1933,  1949,
-      1951,  1973,  1979,  1987,  1993,  1997,  1999,  2003,
-      2011,  2017,  2027,  2029,  2039,  2053,  2063,  2069,
-      2081,  2083,  2087,  2089,  2099,  2111,  2113,  2129,
-      2131,  2137,  2141,  2143,  2153,  2161,  2179,  2203,
-      2207,  2213,  2221,  2237,  2239,  2243,  2251,  2267,
-      2269,  2273,  2281,  2287,  2293,  2297,  2309,  2311,
-      2333,  2339,  2341,  2347,  2351,  2357,  2371,  2377,
-      2381,  2383,  2389,  2393,  2399,  2411,  2417,  2423,
-      2437,  2441,  2447,  2459,  2467,  2473,  2477,  2503,
-      2521,  2531,  2539,  2543,  2549,  2551,  2557,  2579,
-      2591,  2593,  2609,  2617,  2621,  2633,  2647,  2657,
-      2659,  2663,  2671,  2677,  2683,  2687,  2689,  2693,
-      2699,  2707,  2711,  2713,  2719,  2729,  2731,  2741,
-      2749,  2753,  2767,  2777,  2789,  2791,  2797,  2801,
-      2803,  2819,  2833,  2837,  2843,  2851,  2857,  2861,
-      2879,  2887,  2897,  2903,  2909,  2917,  2927,  2939,
-      2953,  2957,  2963,  2969,  2971,  2999,  3001,  3011,
-      3019,  3023,  3037,  3041,  3049,  3061,  3067,  3079,
-      3083,  3089,  3109,  3119,  3121,  3137,  3163,  3167,
-      3169,  3181,  3187,  3191,  3203,  3209,  3217,  3221,
-      3229,  3251,  3253,  3257,  3259,  3271,  3299,  3301,
-      3307,  3313,  3319,  3323,  3329,  3331,  3343,  3347,
-      3359,  3361,  3371,  3373,  3389,  3391,  3407,  3413,
-      3433,  3449,  3457,  3461,  3463,  3467,  3469,  3491,
-      3499,  3511,  3517,  3527,  3529,  3533,  3539,  3541,
-      3547,  3557,  3559,  3571,  3581,  3583,  3593,  3607,
-      3613,  3617,  3623,  3631,  3637,  3643,  3659,  3671,
-      3673,  3677,  3691,  3697,  3701,  3709,  3719,  3727,
-      3733,  3739,  3761,  3767,  3769,  3779,  3793,  3797,
-      3803,  3821,  3823,  3833,  3847,  3851,  3853,  3863,
-      3877,  3881,  3889,  3907,  3911,  3917,  3919,  3923,
-      3929,  3931,  3943,  3947,  3967,  3989,  4001,  4003,
-      4007,  4013,  4019,  4021,  4027,  4049,  4051,  4057,
-      4073,  4079,  4091,  4093,  4099,  4111,  4127,  4129,
-      4133,  4139,  4153,  4157,  4159,  4177,  4201,  4211,
-      4217,  4219,  4229,  4231,  4241,  4243,  4253,  4259,
-      4261,  4271,  4273,  4283,  4289,  4297,  4327,  4337,
-      4339,  4349,  4357,  4363,  4373,  4391,  4397,  4409,
-      4421,  4423,  4441,  4447,  4451,  4457,  4463,  4481,
-      4483,  4493,  4507,  4513,  4517,  4519,  4523,  4547,
-      4549,  4561,  4567,  4583,  4591,  4597,  4603,  4621,
-      4637,  4639,  4643,  4649,  4651,  4657,  4663,  4673,
-      4679,  4691,  4703,  4721,  4723,  4729,  4733,  4751,
-      4759,  4783,  4787,  4789,  4793,  4799,  4801,  4813,
-      4817,  4831,  4861,  4871,  4877,  4889,  4903,  4909,
-      4919,  4931,  4933,  4937,  4943,  4951,  4957,  4967,
-      4969,  4973,  4987,  4993,  4999,  5003,  5009,  5011,
-      5021,  5023,  5039,  5051,  5059,  5077,  5081,  5087,
-      5099,  5101,  5107,  5113,  5119,  5147,  5153,  5167,
-      5171,  5179,  5189,  5197,  5209,  5227,  5231,  5233,
-      5237,  5261,  5273,  5279,  5281,  5297,  5303,  5309,
-      5323,  5333,  5347,  5351,  5381,  5387,  5393,  5399,
-      5407,  5413,  5417,  5419,  5431,  5437,  5441,  5443,
-      5449,  5471,  5477,  5479,  5483,  5501,  5503,  5507,
-      5519,  5521,  5527,  5531,  5557,  5563,  5569,  5573,
-      5581,  5591,  5623,  5639,  5641,  5647,  5651,  5653,
-      5657,  5659,  5669,  5683,  5689,  5693,  5701,  5711,
-      5717,  5737,  5741,  5743,  5749,  5779,  5783,  5791,
-      5801,  5807,  5813,  5821,  5827,  5839,  5843,  5849,
-      5851,  5857,  5861,  5867,  5869,  5879,  5881,  5897,
-      5903,  5923,  5927,  5939,  5953,  5981,  5987,  6007,
-      6011,  6029,  6037,  6043,  6047,  6053,  6067,  6073,
-      6079,  6089,  6091,  6101,  6113,  6121,  6131,  6133,
-      6143,  6151,  6163,  6173,  6197,  6199,  6203,  6211,
-      6217,  6221,  6229,  6247,  6257,  6263,  6269,  6271,
-      6277,  6287,  6299,  6301,  6311,  6317,  6323,  6329,
-      6337,  6343,  6353,  6359,  6361,  6367,  6373,  6379,
-      6389,  6397,  6421,  6427,  6449,  6451,  6469,  6473,
-      6481,  6491,  6521,  6529,  6547,  6551,  6553,  6563,
-      6569,  6571,  6577,  6581,  6599,  6607,  6619,  6637,
-      6653,  6659,  6661,  6673,  6679,  6689,  6691,  6701,
-      6703,  6709,  6719,  6733,  6737,  6761,  6763,  6779,
-      6781,  6791,  6793,  6803,  6823,  6827,  6829,  6833,
-      6841,  6857,  6863,  6869,  6871,  6883,  6899,  6907,
-      6911,  6917,  6947,  6949,  6959,  6961,  6967,  6971,
-      6977,  6983,  6991,  6997,  7001,  7013,  7019,  7027,
-      7039,  7043,  7057,  7069,  7079,  7103,  7109,  7121,
-      7127,  7129,  7151,  7159,  7177,  7187,  7193,  7207,
-      7211,  7213,  7219,  7229,  7237,  7243,  7247,  7253,
-      7283,  7297,  7307,  7309,  7321,  7331,  7333,  7349,
-      7351,  7369,  7393,  7411,  7417,  7433,  7451,  7457,
-      7459,  7477,  7481,  7487,  7489,  7499,  7507,  7517,
-      7523,  7529,  7537,  7541,  7547,  7549,  7559,  7561,
-      7573,  7577,  7583,  7589,  7591,  7603,  7607,  7621,
-      7639,  7643,  7649,  7669,  7673,  7681,  7687,  7691,
-      7699,  7703,  7717,  7723,  7727,  7741,  7753,  7757,
-      7759,  7789,  7793,  7817,  7823,  7829,  7841,  7853,
-      7867,  7873,  7877,  7879,  7883,  7901,  7907,  7919,
-      7927,  7933,  7937,  7949,  7951,  7963,  7993,  8009,
-      8011,  8017,  8039,  8053,  8059,  8069,  8081,  8087,
-      8089,  8093,  8101,  8111,  8117,  8123,  8147,  8161,
-      8167,  8171,  8179,  8191,  8209,  8219,  8221,  8231,
-      8233,  8237,  8243,  8263,  8269,  8273,  8287,  8291,
-      8293,  8297,  8311,  8317,  8329,  8353,  8363,  8369,
-      8377,  8387,  8389,  8419,  8423,  8429,  8431,  8443,
-      8447,  8461,  8467,  8501,  8513,  8521,  8527,  8537,
-      8539,  8543,  8563,  8573,  8581,  8597,  8599,  8609,
-      8623,  8627,  8629,  8641,  8647,  8663,  8669,  8677,
-      8681,  8689,  8693,  8699,  8707,  8713,  8719,  8731,
-      8737,  8741,  8747,  8753,  8761,  8779,  8783,  8803,
-      8807,  8819,  8821,  8831,  8837,  8839,  8849,  8861,
-      8863,  8867,  8887,  8893,  8923,  8929,  8933,  8941,
-      8951,  8963,  8969,  8971,  8999,  9001,  9007,  9011,
-      9013,  9029,  9041,  9043,  9049,  9059,  9067,  9091,
-      9103,  9109,  9127,  9133,  9137,  9151,  9157,  9161,
-      9173,  9181,  9187,  9199,  9203,  9209,  9221,  9227,
-      9239,  9241,  9257,  9277,  9281,  9283,  9293,  9311,
-      9319,  9323,  9337,  9341,  9343,  9349,  9371,  9377,
-      9391,  9397,  9403,  9413,  9419,  9421,  9431,  9433,
-      9437,  9439,  9461,  9463,  9467,  9473,  9479,  9491,
-      9497,  9511,  9521,  9533,  9539,  9547,  9551,  9587,
-      9601,  9613,  9619,  9623,  9629,  9631,  9643,  9649,
-      9661,  9677,  9679,  9689,  9697,  9719,  9721,  9733,
-      9739,  9743,  9749,  9767,  9769,  9781,  9787,  9791,
-      9803,  9811,  9817,  9829,  9833,  9839,  9851,  9857,
-      9859,  9871,  9883,  9887,  9901,  9907,  9923,  9929,
-      9931,  9941,  9949,  9967,  9973, 10007, 10009, 10037,
-     10039, 10061, 10067, 10069, 10079, 10091, 10093, 10099,
-     10103, 10111, 10133, 10139, 10141, 10151, 10159, 10163,
-     10169, 10177, 10181, 10193, 10211, 10223, 10243, 10247,
-     10253, 10259, 10267, 10271, 10273, 10289, 10301, 10303,
-     10313, 10321, 10331, 10333, 10337, 10343, 10357, 10369,
-     10391, 10399, 10427, 10429, 10433, 10453, 10457, 10459,
-     10463, 10477, 10487, 10499, 10501, 10513, 10529, 10531,
-     10559, 10567, 10589, 10597, 10601, 10607, 10613, 10627,
-     10631, 10639, 10651, 10657, 10663, 10667, 10687, 10691,
-     10709, 10711, 10723, 10729, 10733, 10739, 10753, 10771,
-     10781, 10789, 10799, 10831, 10837, 10847, 10853, 10859,
-     10861, 10867, 10883, 10889, 10891, 10903, 10909, 10937,
-     10939, 10949, 10957, 10973, 10979, 10987, 10993, 11003,
-     11027, 11047, 11057, 11059, 11069, 11071, 11083, 11087,
-     11093, 11113, 11117, 11119, 11131, 11149, 11159, 11161,
-     11171, 11173, 11177, 11197, 11213, 11239, 11243, 11251,
-     11257, 11261, 11273, 11279, 11287, 11299, 11311, 11317,
-     11321, 11329, 11351, 11353, 11369, 11383, 11393, 11399,
-     11411, 11423, 11437, 11443, 11447, 11467, 11471, 11483,
-     11489, 11491, 11497, 11503, 11519, 11527, 11549, 11551,
-     11579, 11587, 11593, 11597, 11617, 11621, 11633, 11657,
-     11677, 11681, 11689, 11699, 11701, 11717, 11719, 11731,
-     11743, 11777, 11779, 11783, 11789, 11801, 11807, 11813,
-     11821, 11827, 11831, 11833, 11839, 11863, 11867, 11887,
-     11897, 11903, 11909, 11923, 11927, 11933, 11939, 11941,
-     11953, 11959, 11969, 11971, 11981, 11987, 12007, 12011,
-     12037, 12041, 12043, 12049, 12071, 12073, 12097, 12101,
-     12107, 12109, 12113, 12119, 12143, 12149, 12157, 12161,
-     12163, 12197, 12203, 12211, 12227, 12239, 12241, 12251,
-     12253, 12263, 12269, 12277, 12281, 12289, 12301, 12323,
-     12329, 12343, 12347, 12373, 12377, 12379, 12391, 12401,
-     12409, 12413, 12421, 12433, 12437, 12451, 12457, 12473,
-     12479, 12487, 12491, 12497, 12503, 12511, 12517, 12527,
-     12539, 12541, 12547, 12553, 12569, 12577, 12583, 12589,
-     12601, 12611, 12613, 12619, 12637, 12641, 12647, 12653,
-     12659, 12671, 12689, 12697, 12703, 12713, 12721, 12739,
-     12743, 12757, 12763, 12781, 12791, 12799, 12809, 12821,
-     12823, 12829, 12841, 12853, 12889, 12893, 12899, 12907,
-     12911, 12917, 12919, 12923, 12941, 12953, 12959, 12967,
-     12973, 12979, 12983, 13001, 13003, 13007, 13009, 13033,
-     13037, 13043, 13049, 13063, 13093, 13099, 13103, 13109,
-     13121, 13127, 13147, 13151, 13159, 13163, 13171, 13177,
-     13183, 13187, 13217, 13219, 13229, 13241, 13249, 13259,
-     13267, 13291, 13297, 13309, 13313, 13327, 13331, 13337,
-     13339, 13367, 13381, 13397, 13399, 13411, 13417, 13421,
-     13441, 13451, 13457, 13463, 13469, 13477, 13487, 13499,
-     13513, 13523, 13537, 13553, 13567, 13577, 13591, 13597,
-     13613, 13619, 13627, 13633, 13649, 13669, 13679, 13681,
-     13687, 13691, 13693, 13697, 13709, 13711, 13721, 13723,
-     13729, 13751, 13757, 13759, 13763, 13781, 13789, 13799,
-     13807, 13829, 13831, 13841, 13859, 13873, 13877, 13879,
-     13883, 13901, 13903, 13907, 13913, 13921, 13931, 13933,
-     13963, 13967, 13997, 13999, 14009, 14011, 14029, 14033,
-     14051, 14057, 14071, 14081, 14083, 14087, 14107, 14143,
-     14149, 14153, 14159, 14173, 14177, 14197, 14207, 14221,
-     14243, 14249, 14251, 14281, 14293, 14303, 14321, 14323,
-     14327, 14341, 14347, 14369, 14387, 14389, 14401, 14407,
-     14411, 14419, 14423, 14431, 14437, 14447, 14449, 14461,
-     14479, 14489, 14503, 14519, 14533, 14537, 14543, 14549,
-     14551, 14557, 14561, 14563, 14591, 14593, 14621, 14627,
-     14629, 14633, 14639, 14653, 14657, 14669, 14683, 14699,
-     14713, 14717, 14723, 14731, 14737, 14741, 14747, 14753,
-     14759, 14767, 14771, 14779, 14783, 14797, 14813, 14821,
-     14827, 14831, 14843, 14851, 14867, 14869, 14879, 14887,
-     14891, 14897, 14923, 14929, 14939, 14947, 14951, 14957,
-     14969, 14983, 15013, 15017, 15031, 15053, 15061, 15073,
-     15077, 15083, 15091, 15101, 15107, 15121, 15131, 15137,
-     15139, 15149, 15161, 15173, 15187, 15193, 15199, 15217,
-     15227, 15233, 15241, 15259, 15263, 15269, 15271, 15277,
-     15287, 15289, 15299, 15307, 15313, 15319, 15329, 15331,
-     15349, 15359, 15361, 15373, 15377, 15383, 15391, 15401,
-     15413, 15427, 15439, 15443, 15451, 15461, 15467, 15473,
-     15493, 15497, 15511, 15527, 15541, 15551, 15559, 15569,
-     15581, 15583, 15601, 15607, 15619, 15629, 15641, 15643,
-     15647, 15649, 15661, 15667, 15671, 15679, 15683, 15727,
-     15731, 15733, 15737, 15739, 15749, 15761, 15767, 15773,
-     15787, 15791, 15797, 15803, 15809, 15817, 15823, 15859,
-     15877, 15881, 15887, 15889, 15901, 15907, 15913, 15919,
-     15923, 15937, 15959, 15971, 15973, 15991, 16001, 16007,
-     16033, 16057, 16061, 16063, 16067, 16069, 16073, 16087,
-     16091, 16097, 16103, 16111, 16127, 16139, 16141, 16183,
-     16187, 16189, 16193, 16217, 16223, 16229, 16231, 16249,
-     16253, 16267, 16273, 16301, 16319, 16333, 16339, 16349,
-     16361, 16363, 16369, 16381, 16411, 16417, 16421, 16427,
-     16433, 16447, 16451, 16453, 16477, 16481, 16487, 16493,
-     16519, 16529, 16547, 16553, 16561, 16567, 16573, 16603,
-     16607, 16619, 16631, 16633, 16649, 16651, 16657, 16661,
-     16673, 16691, 16693, 16699, 16703, 16729, 16741, 16747,
-     16759, 16763, 16787, 16811, 16823, 16829, 16831, 16843,
-     16871, 16879, 16883, 16889, 16901, 16903, 16921, 16927,
-     16931, 16937, 16943, 16963, 16979, 16981, 16987, 16993,
-     17011, 17021, 17027, 17029, 17033, 17041, 17047, 17053,
-     17077, 17093, 17099, 17107, 17117, 17123, 17137, 17159,
-     17167, 17183, 17189, 17191, 17203, 17207, 17209, 17231,
-     17239, 17257, 17291, 17293, 17299, 17317, 17321, 17327,
-     17333, 17341, 17351, 17359, 17377, 17383, 17387, 17389,
-     17393, 17401, 17417, 17419, 17431, 17443, 17449, 17467,
-     17471, 17477, 17483, 17489, 17491, 17497, 17509, 17519,
-     17539, 17551, 17569, 17573, 17579, 17581, 17597, 17599,
-     17609, 17623, 17627, 17657, 17659, 17669, 17681, 17683,
-     17707, 17713, 17729, 17737, 17747, 17749, 17761, 17783,
-     17789, 17791, 17807, 17827, 17837, 17839, 17851, 17863,
-#endif
+# define NUMPRIMES 2048
+
+static const prime_t primes[2048] = {
+        2,     3,     5,     7,    11,    13,    17,    19,
+       23,    29,    31,    37,    41,    43,    47,    53,
+       59,    61,    67,    71,    73,    79,    83,    89,
+       97,   101,   103,   107,   109,   113,   127,   131,
+      137,   139,   149,   151,   157,   163,   167,   173,
+      179,   181,   191,   193,   197,   199,   211,   223,
+      227,   229,   233,   239,   241,   251,   257,   263,
+      269,   271,   277,   281,   283,   293,   307,   311,
+      313,   317,   331,   337,   347,   349,   353,   359,
+      367,   373,   379,   383,   389,   397,   401,   409,
+      419,   421,   431,   433,   439,   443,   449,   457,
+      461,   463,   467,   479,   487,   491,   499,   503,
+      509,   521,   523,   541,   547,   557,   563,   569,
+      571,   577,   587,   593,   599,   601,   607,   613,
+      617,   619,   631,   641,   643,   647,   653,   659,
+      661,   673,   677,   683,   691,   701,   709,   719,
+      727,   733,   739,   743,   751,   757,   761,   769,
+      773,   787,   797,   809,   811,   821,   823,   827,
+      829,   839,   853,   857,   859,   863,   877,   881,
+      883,   887,   907,   911,   919,   929,   937,   941,
+      947,   953,   967,   971,   977,   983,   991,   997,
+     1009,  1013,  1019,  1021,  1031,  1033,  1039,  1049,
+     1051,  1061,  1063,  1069,  1087,  1091,  1093,  1097,
+     1103,  1109,  1117,  1123,  1129,  1151,  1153,  1163,
+     1171,  1181,  1187,  1193,  1201,  1213,  1217,  1223,
+     1229,  1231,  1237,  1249,  1259,  1277,  1279,  1283,
+     1289,  1291,  1297,  1301,  1303,  1307,  1319,  1321,
+     1327,  1361,  1367,  1373,  1381,  1399,  1409,  1423,
+     1427,  1429,  1433,  1439,  1447,  1451,  1453,  1459,
+     1471,  1481,  1483,  1487,  1489,  1493,  1499,  1511,
+     1523,  1531,  1543,  1549,  1553,  1559,  1567,  1571,
+     1579,  1583,  1597,  1601,  1607,  1609,  1613,  1619,
+     1621,  1627,  1637,  1657,  1663,  1667,  1669,  1693,
+     1697,  1699,  1709,  1721,  1723,  1733,  1741,  1747,
+     1753,  1759,  1777,  1783,  1787,  1789,  1801,  1811,
+     1823,  1831,  1847,  1861,  1867,  1871,  1873,  1877,
+     1879,  1889,  1901,  1907,  1913,  1931,  1933,  1949,
+     1951,  1973,  1979,  1987,  1993,  1997,  1999,  2003,
+     2011,  2017,  2027,  2029,  2039,  2053,  2063,  2069,
+     2081,  2083,  2087,  2089,  2099,  2111,  2113,  2129,
+     2131,  2137,  2141,  2143,  2153,  2161,  2179,  2203,
+     2207,  2213,  2221,  2237,  2239,  2243,  2251,  2267,
+     2269,  2273,  2281,  2287,  2293,  2297,  2309,  2311,
+     2333,  2339,  2341,  2347,  2351,  2357,  2371,  2377,
+     2381,  2383,  2389,  2393,  2399,  2411,  2417,  2423,
+     2437,  2441,  2447,  2459,  2467,  2473,  2477,  2503,
+     2521,  2531,  2539,  2543,  2549,  2551,  2557,  2579,
+     2591,  2593,  2609,  2617,  2621,  2633,  2647,  2657,
+     2659,  2663,  2671,  2677,  2683,  2687,  2689,  2693,
+     2699,  2707,  2711,  2713,  2719,  2729,  2731,  2741,
+     2749,  2753,  2767,  2777,  2789,  2791,  2797,  2801,
+     2803,  2819,  2833,  2837,  2843,  2851,  2857,  2861,
+     2879,  2887,  2897,  2903,  2909,  2917,  2927,  2939,
+     2953,  2957,  2963,  2969,  2971,  2999,  3001,  3011,
+     3019,  3023,  3037,  3041,  3049,  3061,  3067,  3079,
+     3083,  3089,  3109,  3119,  3121,  3137,  3163,  3167,
+     3169,  3181,  3187,  3191,  3203,  3209,  3217,  3221,
+     3229,  3251,  3253,  3257,  3259,  3271,  3299,  3301,
+     3307,  3313,  3319,  3323,  3329,  3331,  3343,  3347,
+     3359,  3361,  3371,  3373,  3389,  3391,  3407,  3413,
+     3433,  3449,  3457,  3461,  3463,  3467,  3469,  3491,
+     3499,  3511,  3517,  3527,  3529,  3533,  3539,  3541,
+     3547,  3557,  3559,  3571,  3581,  3583,  3593,  3607,
+     3613,  3617,  3623,  3631,  3637,  3643,  3659,  3671,
+     3673,  3677,  3691,  3697,  3701,  3709,  3719,  3727,
+     3733,  3739,  3761,  3767,  3769,  3779,  3793,  3797,
+     3803,  3821,  3823,  3833,  3847,  3851,  3853,  3863,
+     3877,  3881,  3889,  3907,  3911,  3917,  3919,  3923,
+     3929,  3931,  3943,  3947,  3967,  3989,  4001,  4003,
+     4007,  4013,  4019,  4021,  4027,  4049,  4051,  4057,
+     4073,  4079,  4091,  4093,  4099,  4111,  4127,  4129,
+     4133,  4139,  4153,  4157,  4159,  4177,  4201,  4211,
+     4217,  4219,  4229,  4231,  4241,  4243,  4253,  4259,
+     4261,  4271,  4273,  4283,  4289,  4297,  4327,  4337,
+     4339,  4349,  4357,  4363,  4373,  4391,  4397,  4409,
+     4421,  4423,  4441,  4447,  4451,  4457,  4463,  4481,
+     4483,  4493,  4507,  4513,  4517,  4519,  4523,  4547,
+     4549,  4561,  4567,  4583,  4591,  4597,  4603,  4621,
+     4637,  4639,  4643,  4649,  4651,  4657,  4663,  4673,
+     4679,  4691,  4703,  4721,  4723,  4729,  4733,  4751,
+     4759,  4783,  4787,  4789,  4793,  4799,  4801,  4813,
+     4817,  4831,  4861,  4871,  4877,  4889,  4903,  4909,
+     4919,  4931,  4933,  4937,  4943,  4951,  4957,  4967,
+     4969,  4973,  4987,  4993,  4999,  5003,  5009,  5011,
+     5021,  5023,  5039,  5051,  5059,  5077,  5081,  5087,
+     5099,  5101,  5107,  5113,  5119,  5147,  5153,  5167,
+     5171,  5179,  5189,  5197,  5209,  5227,  5231,  5233,
+     5237,  5261,  5273,  5279,  5281,  5297,  5303,  5309,
+     5323,  5333,  5347,  5351,  5381,  5387,  5393,  5399,
+     5407,  5413,  5417,  5419,  5431,  5437,  5441,  5443,
+     5449,  5471,  5477,  5479,  5483,  5501,  5503,  5507,
+     5519,  5521,  5527,  5531,  5557,  5563,  5569,  5573,
+     5581,  5591,  5623,  5639,  5641,  5647,  5651,  5653,
+     5657,  5659,  5669,  5683,  5689,  5693,  5701,  5711,
+     5717,  5737,  5741,  5743,  5749,  5779,  5783,  5791,
+     5801,  5807,  5813,  5821,  5827,  5839,  5843,  5849,
+     5851,  5857,  5861,  5867,  5869,  5879,  5881,  5897,
+     5903,  5923,  5927,  5939,  5953,  5981,  5987,  6007,
+     6011,  6029,  6037,  6043,  6047,  6053,  6067,  6073,
+     6079,  6089,  6091,  6101,  6113,  6121,  6131,  6133,
+     6143,  6151,  6163,  6173,  6197,  6199,  6203,  6211,
+     6217,  6221,  6229,  6247,  6257,  6263,  6269,  6271,
+     6277,  6287,  6299,  6301,  6311,  6317,  6323,  6329,
+     6337,  6343,  6353,  6359,  6361,  6367,  6373,  6379,
+     6389,  6397,  6421,  6427,  6449,  6451,  6469,  6473,
+     6481,  6491,  6521,  6529,  6547,  6551,  6553,  6563,
+     6569,  6571,  6577,  6581,  6599,  6607,  6619,  6637,
+     6653,  6659,  6661,  6673,  6679,  6689,  6691,  6701,
+     6703,  6709,  6719,  6733,  6737,  6761,  6763,  6779,
+     6781,  6791,  6793,  6803,  6823,  6827,  6829,  6833,
+     6841,  6857,  6863,  6869,  6871,  6883,  6899,  6907,
+     6911,  6917,  6947,  6949,  6959,  6961,  6967,  6971,
+     6977,  6983,  6991,  6997,  7001,  7013,  7019,  7027,
+     7039,  7043,  7057,  7069,  7079,  7103,  7109,  7121,
+     7127,  7129,  7151,  7159,  7177,  7187,  7193,  7207,
+     7211,  7213,  7219,  7229,  7237,  7243,  7247,  7253,
+     7283,  7297,  7307,  7309,  7321,  7331,  7333,  7349,
+     7351,  7369,  7393,  7411,  7417,  7433,  7451,  7457,
+     7459,  7477,  7481,  7487,  7489,  7499,  7507,  7517,
+     7523,  7529,  7537,  7541,  7547,  7549,  7559,  7561,
+     7573,  7577,  7583,  7589,  7591,  7603,  7607,  7621,
+     7639,  7643,  7649,  7669,  7673,  7681,  7687,  7691,
+     7699,  7703,  7717,  7723,  7727,  7741,  7753,  7757,
+     7759,  7789,  7793,  7817,  7823,  7829,  7841,  7853,
+     7867,  7873,  7877,  7879,  7883,  7901,  7907,  7919,
+     7927,  7933,  7937,  7949,  7951,  7963,  7993,  8009,
+     8011,  8017,  8039,  8053,  8059,  8069,  8081,  8087,
+     8089,  8093,  8101,  8111,  8117,  8123,  8147,  8161,
+     8167,  8171,  8179,  8191,  8209,  8219,  8221,  8231,
+     8233,  8237,  8243,  8263,  8269,  8273,  8287,  8291,
+     8293,  8297,  8311,  8317,  8329,  8353,  8363,  8369,
+     8377,  8387,  8389,  8419,  8423,  8429,  8431,  8443,
+     8447,  8461,  8467,  8501,  8513,  8521,  8527,  8537,
+     8539,  8543,  8563,  8573,  8581,  8597,  8599,  8609,
+     8623,  8627,  8629,  8641,  8647,  8663,  8669,  8677,
+     8681,  8689,  8693,  8699,  8707,  8713,  8719,  8731,
+     8737,  8741,  8747,  8753,  8761,  8779,  8783,  8803,
+     8807,  8819,  8821,  8831,  8837,  8839,  8849,  8861,
+     8863,  8867,  8887,  8893,  8923,  8929,  8933,  8941,
+     8951,  8963,  8969,  8971,  8999,  9001,  9007,  9011,
+     9013,  9029,  9041,  9043,  9049,  9059,  9067,  9091,
+     9103,  9109,  9127,  9133,  9137,  9151,  9157,  9161,
+     9173,  9181,  9187,  9199,  9203,  9209,  9221,  9227,
+     9239,  9241,  9257,  9277,  9281,  9283,  9293,  9311,
+     9319,  9323,  9337,  9341,  9343,  9349,  9371,  9377,
+     9391,  9397,  9403,  9413,  9419,  9421,  9431,  9433,
+     9437,  9439,  9461,  9463,  9467,  9473,  9479,  9491,
+     9497,  9511,  9521,  9533,  9539,  9547,  9551,  9587,
+     9601,  9613,  9619,  9623,  9629,  9631,  9643,  9649,
+     9661,  9677,  9679,  9689,  9697,  9719,  9721,  9733,
+     9739,  9743,  9749,  9767,  9769,  9781,  9787,  9791,
+     9803,  9811,  9817,  9829,  9833,  9839,  9851,  9857,
+     9859,  9871,  9883,  9887,  9901,  9907,  9923,  9929,
+     9931,  9941,  9949,  9967,  9973, 10007, 10009, 10037,
+    10039, 10061, 10067, 10069, 10079, 10091, 10093, 10099,
+    10103, 10111, 10133, 10139, 10141, 10151, 10159, 10163,
+    10169, 10177, 10181, 10193, 10211, 10223, 10243, 10247,
+    10253, 10259, 10267, 10271, 10273, 10289, 10301, 10303,
+    10313, 10321, 10331, 10333, 10337, 10343, 10357, 10369,
+    10391, 10399, 10427, 10429, 10433, 10453, 10457, 10459,
+    10463, 10477, 10487, 10499, 10501, 10513, 10529, 10531,
+    10559, 10567, 10589, 10597, 10601, 10607, 10613, 10627,
+    10631, 10639, 10651, 10657, 10663, 10667, 10687, 10691,
+    10709, 10711, 10723, 10729, 10733, 10739, 10753, 10771,
+    10781, 10789, 10799, 10831, 10837, 10847, 10853, 10859,
+    10861, 10867, 10883, 10889, 10891, 10903, 10909, 10937,
+    10939, 10949, 10957, 10973, 10979, 10987, 10993, 11003,
+    11027, 11047, 11057, 11059, 11069, 11071, 11083, 11087,
+    11093, 11113, 11117, 11119, 11131, 11149, 11159, 11161,
+    11171, 11173, 11177, 11197, 11213, 11239, 11243, 11251,
+    11257, 11261, 11273, 11279, 11287, 11299, 11311, 11317,
+    11321, 11329, 11351, 11353, 11369, 11383, 11393, 11399,
+    11411, 11423, 11437, 11443, 11447, 11467, 11471, 11483,
+    11489, 11491, 11497, 11503, 11519, 11527, 11549, 11551,
+    11579, 11587, 11593, 11597, 11617, 11621, 11633, 11657,
+    11677, 11681, 11689, 11699, 11701, 11717, 11719, 11731,
+    11743, 11777, 11779, 11783, 11789, 11801, 11807, 11813,
+    11821, 11827, 11831, 11833, 11839, 11863, 11867, 11887,
+    11897, 11903, 11909, 11923, 11927, 11933, 11939, 11941,
+    11953, 11959, 11969, 11971, 11981, 11987, 12007, 12011,
+    12037, 12041, 12043, 12049, 12071, 12073, 12097, 12101,
+    12107, 12109, 12113, 12119, 12143, 12149, 12157, 12161,
+    12163, 12197, 12203, 12211, 12227, 12239, 12241, 12251,
+    12253, 12263, 12269, 12277, 12281, 12289, 12301, 12323,
+    12329, 12343, 12347, 12373, 12377, 12379, 12391, 12401,
+    12409, 12413, 12421, 12433, 12437, 12451, 12457, 12473,
+    12479, 12487, 12491, 12497, 12503, 12511, 12517, 12527,
+    12539, 12541, 12547, 12553, 12569, 12577, 12583, 12589,
+    12601, 12611, 12613, 12619, 12637, 12641, 12647, 12653,
+    12659, 12671, 12689, 12697, 12703, 12713, 12721, 12739,
+    12743, 12757, 12763, 12781, 12791, 12799, 12809, 12821,
+    12823, 12829, 12841, 12853, 12889, 12893, 12899, 12907,
+    12911, 12917, 12919, 12923, 12941, 12953, 12959, 12967,
+    12973, 12979, 12983, 13001, 13003, 13007, 13009, 13033,
+    13037, 13043, 13049, 13063, 13093, 13099, 13103, 13109,
+    13121, 13127, 13147, 13151, 13159, 13163, 13171, 13177,
+    13183, 13187, 13217, 13219, 13229, 13241, 13249, 13259,
+    13267, 13291, 13297, 13309, 13313, 13327, 13331, 13337,
+    13339, 13367, 13381, 13397, 13399, 13411, 13417, 13421,
+    13441, 13451, 13457, 13463, 13469, 13477, 13487, 13499,
+    13513, 13523, 13537, 13553, 13567, 13577, 13591, 13597,
+    13613, 13619, 13627, 13633, 13649, 13669, 13679, 13681,
+    13687, 13691, 13693, 13697, 13709, 13711, 13721, 13723,
+    13729, 13751, 13757, 13759, 13763, 13781, 13789, 13799,
+    13807, 13829, 13831, 13841, 13859, 13873, 13877, 13879,
+    13883, 13901, 13903, 13907, 13913, 13921, 13931, 13933,
+    13963, 13967, 13997, 13999, 14009, 14011, 14029, 14033,
+    14051, 14057, 14071, 14081, 14083, 14087, 14107, 14143,
+    14149, 14153, 14159, 14173, 14177, 14197, 14207, 14221,
+    14243, 14249, 14251, 14281, 14293, 14303, 14321, 14323,
+    14327, 14341, 14347, 14369, 14387, 14389, 14401, 14407,
+    14411, 14419, 14423, 14431, 14437, 14447, 14449, 14461,
+    14479, 14489, 14503, 14519, 14533, 14537, 14543, 14549,
+    14551, 14557, 14561, 14563, 14591, 14593, 14621, 14627,
+    14629, 14633, 14639, 14653, 14657, 14669, 14683, 14699,
+    14713, 14717, 14723, 14731, 14737, 14741, 14747, 14753,
+    14759, 14767, 14771, 14779, 14783, 14797, 14813, 14821,
+    14827, 14831, 14843, 14851, 14867, 14869, 14879, 14887,
+    14891, 14897, 14923, 14929, 14939, 14947, 14951, 14957,
+    14969, 14983, 15013, 15017, 15031, 15053, 15061, 15073,
+    15077, 15083, 15091, 15101, 15107, 15121, 15131, 15137,
+    15139, 15149, 15161, 15173, 15187, 15193, 15199, 15217,
+    15227, 15233, 15241, 15259, 15263, 15269, 15271, 15277,
+    15287, 15289, 15299, 15307, 15313, 15319, 15329, 15331,
+    15349, 15359, 15361, 15373, 15377, 15383, 15391, 15401,
+    15413, 15427, 15439, 15443, 15451, 15461, 15467, 15473,
+    15493, 15497, 15511, 15527, 15541, 15551, 15559, 15569,
+    15581, 15583, 15601, 15607, 15619, 15629, 15641, 15643,
+    15647, 15649, 15661, 15667, 15671, 15679, 15683, 15727,
+    15731, 15733, 15737, 15739, 15749, 15761, 15767, 15773,
+    15787, 15791, 15797, 15803, 15809, 15817, 15823, 15859,
+    15877, 15881, 15887, 15889, 15901, 15907, 15913, 15919,
+    15923, 15937, 15959, 15971, 15973, 15991, 16001, 16007,
+    16033, 16057, 16061, 16063, 16067, 16069, 16073, 16087,
+    16091, 16097, 16103, 16111, 16127, 16139, 16141, 16183,
+    16187, 16189, 16193, 16217, 16223, 16229, 16231, 16249,
+    16253, 16267, 16273, 16301, 16319, 16333, 16339, 16349,
+    16361, 16363, 16369, 16381, 16411, 16417, 16421, 16427,
+    16433, 16447, 16451, 16453, 16477, 16481, 16487, 16493,
+    16519, 16529, 16547, 16553, 16561, 16567, 16573, 16603,
+    16607, 16619, 16631, 16633, 16649, 16651, 16657, 16661,
+    16673, 16691, 16693, 16699, 16703, 16729, 16741, 16747,
+    16759, 16763, 16787, 16811, 16823, 16829, 16831, 16843,
+    16871, 16879, 16883, 16889, 16901, 16903, 16921, 16927,
+    16931, 16937, 16943, 16963, 16979, 16981, 16987, 16993,
+    17011, 17021, 17027, 17029, 17033, 17041, 17047, 17053,
+    17077, 17093, 17099, 17107, 17117, 17123, 17137, 17159,
+    17167, 17183, 17189, 17191, 17203, 17207, 17209, 17231,
+    17239, 17257, 17291, 17293, 17299, 17317, 17321, 17327,
+    17333, 17341, 17351, 17359, 17377, 17383, 17387, 17389,
+    17393, 17401, 17417, 17419, 17431, 17443, 17449, 17467,
+    17471, 17477, 17483, 17489, 17491, 17497, 17509, 17519,
+    17539, 17551, 17569, 17573, 17579, 17581, 17597, 17599,
+    17609, 17623, 17627, 17657, 17659, 17669, 17681, 17683,
+    17707, 17713, 17729, 17737, 17747, 17749, 17761, 17783,
+    17789, 17791, 17807, 17827, 17837, 17839, 17851, 17863,
 };
diff --git a/freebsd/crypto/openssl/crypto/bn/bn_print.c b/freebsd/crypto/openssl/crypto/bn/bn_print.c
index b316dcc8..936563ae 100644
--- a/freebsd/crypto/openssl/crypto/bn/bn_print.c
+++ b/freebsd/crypto/openssl/crypto/bn/bn_print.c
@@ -1,67 +1,18 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/bn/bn_print.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include <ctype.h>
+#include "internal/ctype.h"
 #include <limits.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/buffer.h>
 #include "bn_lcl.h"
 
@@ -83,27 +34,27 @@ char *BN_bn2hex(const BIGNUM *a)
     }
     p = buf;
     if (a->neg)
-        *(p++) = '-';
+        *p++ = '-';
     for (i = a->top - 1; i >= 0; i--) {
         for (j = BN_BITS2 - 8; j >= 0; j -= 8) {
             /* strip leading zeros */
-            v = ((int)(a->d[i] >> (long)j)) & 0xff;
-            if (z || (v != 0)) {
-                *(p++) = Hex[v >> 4];
-                *(p++) = Hex[v & 0x0f];
+            v = (int)((a->d[i] >> j) & 0xff);
+            if (z || v != 0) {
+                *p++ = Hex[v >> 4];
+                *p++ = Hex[v & 0x0f];
                 z = 1;
             }
         }
     }
     *p = '\0';
  err:
-    return (buf);
+    return buf;
 }
 
 /* Must 'OPENSSL_free' the returned data */
 char *BN_bn2dec(const BIGNUM *a)
 {
-    int i = 0, num, ok = 0;
+    int i = 0, num, ok = 0, n, tbytes;
     char *buf = NULL;
     char *p;
     BIGNUM *t = NULL;
@@ -113,27 +64,27 @@ char *BN_bn2dec(const BIGNUM *a)
     /*-
      * get an upper bound for the length of the decimal integer
      * num <= (BN_num_bits(a) + 1) * log(2)
-     *     <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1     (rounding error)
-     *     <= BN_num_bits(a)/10 + BN_num_bits/1000 + 1 + 1
+     *     <= 3 * BN_num_bits(a) * 0.101 + log(2) + 1     (rounding error)
+     *     <= 3 * BN_num_bits(a) / 10 + 3 * BN_num_bits / 1000 + 1 + 1
      */
     i = BN_num_bits(a) * 3;
     num = (i / 10 + i / 1000 + 1) + 1;
+    tbytes = num + 3;   /* negative and terminator and one spare? */
     bn_data_num = num / BN_DEC_NUM + 1;
     bn_data = OPENSSL_malloc(bn_data_num * sizeof(BN_ULONG));
-    buf = OPENSSL_malloc(num + 3);
-    if ((buf == NULL) || (bn_data == NULL)) {
+    buf = OPENSSL_malloc(tbytes);
+    if (buf == NULL || bn_data == NULL) {
         BNerr(BN_F_BN_BN2DEC, ERR_R_MALLOC_FAILURE);
         goto err;
     }
     if ((t = BN_dup(a)) == NULL)
         goto err;
 
-#define BUF_REMAIN (num+3 - (size_t)(p - buf))
     p = buf;
     lp = bn_data;
     if (BN_is_zero(t)) {
-        *(p++) = '0';
-        *(p++) = '\0';
+        *p++ = '0';
+        *p++ = '\0';
     } else {
         if (BN_is_negative(t))
             *p++ = '-';
@@ -152,28 +103,26 @@ char *BN_bn2dec(const BIGNUM *a)
          * the last one needs truncation. The blocks need to be reversed in
          * order.
          */
-        BIO_snprintf(p, BUF_REMAIN, BN_DEC_FMT1, *lp);
-        while (*p)
-            p++;
+        n = BIO_snprintf(p, tbytes - (size_t)(p - buf), BN_DEC_FMT1, *lp);
+        if (n < 0)
+            goto err;
+        p += n;
         while (lp != bn_data) {
             lp--;
-            BIO_snprintf(p, BUF_REMAIN, BN_DEC_FMT2, *lp);
-            while (*p)
-                p++;
+            n = BIO_snprintf(p, tbytes - (size_t)(p - buf), BN_DEC_FMT2, *lp);
+            if (n < 0)
+                goto err;
+            p += n;
         }
     }
     ok = 1;
  err:
-    if (bn_data != NULL)
-        OPENSSL_free(bn_data);
-    if (t != NULL)
-        BN_free(t);
-    if (!ok && buf) {
-        OPENSSL_free(buf);
-        buf = NULL;
-    }
-
-    return (buf);
+    OPENSSL_free(bn_data);
+    BN_free(t);
+    if (ok)
+        return buf;
+    OPENSSL_free(buf);
+    return NULL;
 }
 
 int BN_hex2bn(BIGNUM **bn, const char *a)
@@ -183,28 +132,28 @@ int BN_hex2bn(BIGNUM **bn, const char *a)
     int neg = 0, h, m, i, j, k, c;
     int num;
 
-    if ((a == NULL) || (*a == '\0'))
-        return (0);
+    if (a == NULL || *a == '\0')
+        return 0;
 
     if (*a == '-') {
         neg = 1;
         a++;
     }
 
-    for (i = 0; i <= (INT_MAX/4) && isxdigit((unsigned char)a[i]); i++)
+    for (i = 0; i <= INT_MAX / 4 && ossl_isxdigit(a[i]); i++)
         continue;
 
-    if (i > INT_MAX/4)
+    if (i == 0 || i > INT_MAX / 4)
         goto err;
 
     num = i + neg;
     if (bn == NULL)
-        return (num);
+        return num;
 
     /* a is the start of the hex digits, and it is 'i' long */
     if (*bn == NULL) {
         if ((ret = BN_new()) == NULL)
-            return (0);
+            return 0;
     } else {
         ret = *bn;
         BN_zero(ret);
@@ -218,17 +167,12 @@ int BN_hex2bn(BIGNUM **bn, const char *a)
     m = 0;
     h = 0;
     while (j > 0) {
-        m = ((BN_BYTES * 2) <= j) ? (BN_BYTES * 2) : j;
+        m = (BN_BYTES * 2 <= j) ? BN_BYTES * 2 : j;
         l = 0;
         for (;;) {
             c = a[j - m];
-            if ((c >= '0') && (c <= '9'))
-                k = c - '0';
-            else if ((c >= 'a') && (c <= 'f'))
-                k = c - 'a' + 10;
-            else if ((c >= 'A') && (c <= 'F'))
-                k = c - 'A' + 10;
-            else
+            k = OPENSSL_hexchar2int(c);
+            if (k < 0)
                 k = 0;          /* paranoia */
             l = (l << 4) | k;
 
@@ -237,7 +181,7 @@ int BN_hex2bn(BIGNUM **bn, const char *a)
                 break;
             }
         }
-        j -= (BN_BYTES * 2);
+        j -= BN_BYTES * 2;
     }
     ret->top = h;
     bn_correct_top(ret);
@@ -247,11 +191,11 @@ int BN_hex2bn(BIGNUM **bn, const char *a)
     /* Don't set the negative flag if it's zero. */
     if (ret->top != 0)
         ret->neg = neg;
-    return (num);
+    return num;
  err:
     if (*bn == NULL)
         BN_free(ret);
-    return (0);
+    return 0;
 }
 
 int BN_dec2bn(BIGNUM **bn, const char *a)
@@ -261,22 +205,22 @@ int BN_dec2bn(BIGNUM **bn, const char *a)
     int neg = 0, i, j;
     int num;
 
-    if ((a == NULL) || (*a == '\0'))
-        return (0);
+    if (a == NULL || *a == '\0')
+        return 0;
     if (*a == '-') {
         neg = 1;
         a++;
     }
 
-    for (i = 0; i <= (INT_MAX/4) && isdigit((unsigned char)a[i]); i++)
+    for (i = 0; i <= INT_MAX / 4 && ossl_isdigit(a[i]); i++)
         continue;
 
-    if (i > INT_MAX/4)
+    if (i == 0 || i > INT_MAX / 4)
         goto err;
 
     num = i + neg;
     if (bn == NULL)
-        return (num);
+        return num;
 
     /*
      * a is the start of the digits, and it is 'i' long. We chop it into
@@ -284,7 +228,7 @@ int BN_dec2bn(BIGNUM **bn, const char *a)
      */
     if (*bn == NULL) {
         if ((ret = BN_new()) == NULL)
-            return (0);
+            return 0;
     } else {
         ret = *bn;
         BN_zero(ret);
@@ -294,7 +238,7 @@ int BN_dec2bn(BIGNUM **bn, const char *a)
     if (bn_expand(ret, i * 4) == NULL)
         goto err;
 
-    j = BN_DEC_NUM - (i % BN_DEC_NUM);
+    j = BN_DEC_NUM - i % BN_DEC_NUM;
     if (j == BN_DEC_NUM)
         j = 0;
     l = 0;
@@ -303,8 +247,9 @@ int BN_dec2bn(BIGNUM **bn, const char *a)
         l += *a - '0';
         a++;
         if (++j == BN_DEC_NUM) {
-            BN_mul_word(ret, BN_DEC_CONV);
-            BN_add_word(ret, l);
+            if (!BN_mul_word(ret, BN_DEC_CONV)
+                || !BN_add_word(ret, l))
+                goto err;
             l = 0;
             j = 0;
         }
@@ -316,11 +261,11 @@ int BN_dec2bn(BIGNUM **bn, const char *a)
     /* Don't set the negative flag if it's zero. */
     if (ret->top != 0)
         ret->neg = neg;
-    return (num);
+    return num;
  err:
     if (*bn == NULL)
         BN_free(ret);
-    return (0);
+    return 0;
 }
 
 int BN_asc2bn(BIGNUM **bn, const char *a)
@@ -343,19 +288,18 @@ int BN_asc2bn(BIGNUM **bn, const char *a)
     return 1;
 }
 
-#ifndef OPENSSL_NO_BIO
-# ifndef OPENSSL_NO_FP_API
+# ifndef OPENSSL_NO_STDIO
 int BN_print_fp(FILE *fp, const BIGNUM *a)
 {
     BIO *b;
     int ret;
 
     if ((b = BIO_new(BIO_s_file())) == NULL)
-        return (0);
+        return 0;
     BIO_set_fp(b, fp, BIO_NOCLOSE);
     ret = BN_print(b, a);
     BIO_free(b);
-    return (ret);
+    return ret;
 }
 # endif
 
@@ -364,16 +308,16 @@ int BN_print(BIO *bp, const BIGNUM *a)
     int i, j, v, z = 0;
     int ret = 0;
 
-    if ((a->neg) && (BIO_write(bp, "-", 1) != 1))
+    if ((a->neg) && BIO_write(bp, "-", 1) != 1)
         goto end;
-    if (BN_is_zero(a) && (BIO_write(bp, "0", 1) != 1))
+    if (BN_is_zero(a) && BIO_write(bp, "0", 1) != 1)
         goto end;
     for (i = a->top - 1; i >= 0; i--) {
         for (j = BN_BITS2 - 4; j >= 0; j -= 4) {
             /* strip leading zeros */
-            v = ((int)(a->d[i] >> (long)j)) & 0x0f;
-            if (z || (v != 0)) {
-                if (BIO_write(bp, &(Hex[v]), 1) != 1)
+            v = (int)((a->d[i] >> j) & 0x0f);
+            if (z || v != 0) {
+                if (BIO_write(bp, &Hex[v], 1) != 1)
                     goto end;
                 z = 1;
             }
@@ -381,9 +325,8 @@ int BN_print(BIO *bp, const BIGNUM *a)
     }
     ret = 1;
  end:
-    return (ret);
+    return ret;
 }
-#endif
 
 char *BN_options(void)
 {
@@ -393,12 +336,12 @@ char *BN_options(void)
     if (!init) {
         init++;
 #ifdef BN_LLONG
-        BIO_snprintf(data, sizeof(data), "bn(%d,%d)",
-                     (int)sizeof(BN_ULLONG) * 8, (int)sizeof(BN_ULONG) * 8);
+        BIO_snprintf(data, sizeof(data), "bn(%zu,%zu)",
+                     sizeof(BN_ULLONG) * 8, sizeof(BN_ULONG) * 8);
 #else
-        BIO_snprintf(data, sizeof(data), "bn(%d,%d)",
-                     (int)sizeof(BN_ULONG) * 8, (int)sizeof(BN_ULONG) * 8);
+        BIO_snprintf(data, sizeof(data), "bn(%zu,%zu)",
+                     sizeof(BN_ULONG) * 8, sizeof(BN_ULONG) * 8);
 #endif
     }
-    return (data);
+    return data;
 }
diff --git a/freebsd/crypto/openssl/crypto/bn/bn_rand.c b/freebsd/crypto/openssl/crypto/bn/bn_rand.c
index 42dc239c..68ded7c3 100644
--- a/freebsd/crypto/openssl/crypto/bn/bn_rand.c
+++ b/freebsd/crypto/openssl/crypto/bn/bn_rand.c
@@ -1,130 +1,32 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/bn/bn_rand.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <time.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include "bn_lcl.h"
 #include <openssl/rand.h>
+#include <openssl/sha.h>
 
-static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
+typedef enum bnrand_flag_e {
+    NORMAL, TESTING, PRIVATE
+} BNRAND_FLAG;
+
+static int bnrand(BNRAND_FLAG flag, BIGNUM *rnd, int bits, int top, int bottom)
 {
     unsigned char *buf = NULL;
-    int ret = 0, bit, bytes, mask;
-    time_t tim;
+    int b, ret = 0, bit, bytes, mask;
 
     if (bits == 0) {
-        if (top != -1 || bottom != 0)
+        if (top != BN_RAND_TOP_ANY || bottom != BN_RAND_BOTTOM_ANY)
             goto toosmall;
         BN_zero(rnd);
         return 1;
@@ -136,22 +38,18 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
     bit = (bits - 1) % 8;
     mask = 0xff << (bit + 1);
 
-    buf = (unsigned char *)OPENSSL_malloc(bytes);
+    buf = OPENSSL_malloc(bytes);
     if (buf == NULL) {
         BNerr(BN_F_BNRAND, ERR_R_MALLOC_FAILURE);
         goto err;
     }
 
     /* make a random number and set the top and bottom bits */
-    time(&tim);
-    RAND_add(&tim, sizeof(tim), 0.0);
-
-    /* We ignore the value of pseudorand and always call RAND_bytes */
-    if (RAND_bytes(buf, bytes) <= 0)
+    b = flag == NORMAL ? RAND_bytes(buf, bytes) : RAND_priv_bytes(buf, bytes);
+    if (b <= 0)
         goto err;
 
-#if 1
-    if (pseudorand == 2) {
+    if (flag == TESTING) {
         /*
          * generate patterns that are more likely to trigger BN library bugs
          */
@@ -159,7 +57,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
         unsigned char c;
 
         for (i = 0; i < bytes; i++) {
-            if (RAND_pseudo_bytes(&c, 1) < 0)
+            if (RAND_bytes(&c, 1) <= 0)
                 goto err;
             if (c >= 128 && i > 0)
                 buf[i] = buf[i - 1];
@@ -169,7 +67,6 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
                 buf[i] = 255;
         }
     }
-#endif
 
     if (top >= 0) {
         if (top) {
@@ -190,12 +87,9 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
         goto err;
     ret = 1;
  err:
-    if (buf != NULL) {
-        OPENSSL_cleanse(buf, bytes);
-        OPENSSL_free(buf);
-    }
+    OPENSSL_clear_free(buf, bytes);
     bn_check_top(rnd);
-    return (ret);
+    return ret;
 
 toosmall:
     BNerr(BN_F_BNRAND, BN_R_BITS_TOO_SMALL);
@@ -204,31 +98,27 @@ toosmall:
 
 int BN_rand(BIGNUM *rnd, int bits, int top, int bottom)
 {
-    return bnrand(0, rnd, bits, top, bottom);
+    return bnrand(NORMAL, rnd, bits, top, bottom);
 }
 
-int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom)
+int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom)
 {
-    return bnrand(1, rnd, bits, top, bottom);
+    return bnrand(TESTING, rnd, bits, top, bottom);
 }
 
-#if 1
-int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom)
+int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom)
 {
-    return bnrand(2, rnd, bits, top, bottom);
+    return bnrand(PRIVATE, rnd, bits, top, bottom);
 }
-#endif
 
 /* random number r:  0 <= r < range */
-static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range)
+static int bnrand_range(BNRAND_FLAG flag, BIGNUM *r, const BIGNUM *range)
 {
-    int (*bn_rand) (BIGNUM *, int, int, int) =
-        pseudo ? BN_pseudo_rand : BN_rand;
     int n;
     int count = 100;
 
     if (range->neg || BN_is_zero(range)) {
-        BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE);
+        BNerr(BN_F_BNRAND_RANGE, BN_R_INVALID_RANGE);
         return 0;
     }
 
@@ -244,8 +134,9 @@ static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range)
          * than range
          */
         do {
-            if (!bn_rand(r, n + 1, -1, 0))
+            if (!bnrand(flag, r, n + 1, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY))
                 return 0;
+
             /*
              * If r < 3*range, use r := r MOD range (which is either r, r -
              * range, or r - 2*range). Otherwise, iterate once more. Since
@@ -261,7 +152,7 @@ static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range)
             }
 
             if (!--count) {
-                BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS);
+                BNerr(BN_F_BNRAND_RANGE, BN_R_TOO_MANY_ITERATIONS);
                 return 0;
             }
 
@@ -270,11 +161,11 @@ static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range)
     } else {
         do {
             /* range = 11..._2  or  range = 101..._2 */
-            if (!bn_rand(r, n, -1, 0))
+            if (!bnrand(flag, r, n, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY))
                 return 0;
 
             if (!--count) {
-                BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS);
+                BNerr(BN_F_BNRAND_RANGE, BN_R_TOO_MANY_ITERATIONS);
                 return 0;
             }
         }
@@ -287,10 +178,93 @@ static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range)
 
 int BN_rand_range(BIGNUM *r, const BIGNUM *range)
 {
-    return bn_rand_range(0, r, range);
+    return bnrand_range(NORMAL, r, range);
+}
+
+int BN_priv_rand_range(BIGNUM *r, const BIGNUM *range)
+{
+    return bnrand_range(PRIVATE, r, range);
+}
+
+int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom)
+{
+    return BN_rand(rnd, bits, top, bottom);
 }
 
 int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range)
 {
-    return bn_rand_range(1, r, range);
+    return BN_rand_range(r, range);
+}
+
+/*
+ * BN_generate_dsa_nonce generates a random number 0 <= out < range. Unlike
+ * BN_rand_range, it also includes the contents of |priv| and |message| in
+ * the generation so that an RNG failure isn't fatal as long as |priv|
+ * remains secret. This is intended for use in DSA and ECDSA where an RNG
+ * weakness leads directly to private key exposure unless this function is
+ * used.
+ */
+int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range,
+                          const BIGNUM *priv, const unsigned char *message,
+                          size_t message_len, BN_CTX *ctx)
+{
+    SHA512_CTX sha;
+    /*
+     * We use 512 bits of random data per iteration to ensure that we have at
+     * least |range| bits of randomness.
+     */
+    unsigned char random_bytes[64];
+    unsigned char digest[SHA512_DIGEST_LENGTH];
+    unsigned done, todo;
+    /* We generate |range|+8 bytes of random output. */
+    const unsigned num_k_bytes = BN_num_bytes(range) + 8;
+    unsigned char private_bytes[96];
+    unsigned char *k_bytes;
+    int ret = 0;
+
+    k_bytes = OPENSSL_malloc(num_k_bytes);
+    if (k_bytes == NULL)
+        goto err;
+
+    /* We copy |priv| into a local buffer to avoid exposing its length. */
+    todo = sizeof(priv->d[0]) * priv->top;
+    if (todo > sizeof(private_bytes)) {
+        /*
+         * No reasonable DSA or ECDSA key should have a private key this
+         * large and we don't handle this case in order to avoid leaking the
+         * length of the private key.
+         */
+        BNerr(BN_F_BN_GENERATE_DSA_NONCE, BN_R_PRIVATE_KEY_TOO_LARGE);
+        goto err;
+    }
+    memcpy(private_bytes, priv->d, todo);
+    memset(private_bytes + todo, 0, sizeof(private_bytes) - todo);
+
+    for (done = 0; done < num_k_bytes;) {
+        if (RAND_priv_bytes(random_bytes, sizeof(random_bytes)) != 1)
+            goto err;
+        SHA512_Init(&sha);
+        SHA512_Update(&sha, &done, sizeof(done));
+        SHA512_Update(&sha, private_bytes, sizeof(private_bytes));
+        SHA512_Update(&sha, message, message_len);
+        SHA512_Update(&sha, random_bytes, sizeof(random_bytes));
+        SHA512_Final(digest, &sha);
+
+        todo = num_k_bytes - done;
+        if (todo > SHA512_DIGEST_LENGTH)
+            todo = SHA512_DIGEST_LENGTH;
+        memcpy(k_bytes + done, digest, todo);
+        done += todo;
+    }
+
+    if (!BN_bin2bn(k_bytes, num_k_bytes, out))
+        goto err;
+    if (BN_mod(out, out, range, ctx) != 1)
+        goto err;
+    ret = 1;
+
+ err:
+    OPENSSL_free(k_bytes);
+    OPENSSL_cleanse(private_bytes, sizeof(private_bytes));
+    return ret;
 }
diff --git a/freebsd/crypto/openssl/crypto/bn/bn_recp.c b/freebsd/crypto/openssl/crypto/bn/bn_recp.c
index c4353436..8b3ebd29 100644
--- a/freebsd/crypto/openssl/crypto/bn/bn_recp.c
+++ b/freebsd/crypto/openssl/crypto/bn/bn_recp.c
@@ -1,95 +1,45 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/bn/bn_recp.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include "bn_lcl.h"
 
 void BN_RECP_CTX_init(BN_RECP_CTX *recp)
 {
-    BN_init(&(recp->N));
-    BN_init(&(recp->Nr));
-    recp->num_bits = 0;
-    recp->shift = 0;
-    recp->flags = 0;
+    memset(recp, 0, sizeof(*recp));
+    bn_init(&(recp->N));
+    bn_init(&(recp->Nr));
 }
 
 BN_RECP_CTX *BN_RECP_CTX_new(void)
 {
     BN_RECP_CTX *ret;
 
-    if ((ret = (BN_RECP_CTX *)OPENSSL_malloc(sizeof(BN_RECP_CTX))) == NULL)
-        return (NULL);
+    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) {
+        BNerr(BN_F_BN_RECP_CTX_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
 
-    BN_RECP_CTX_init(ret);
+    bn_init(&(ret->N));
+    bn_init(&(ret->Nr));
     ret->flags = BN_FLG_MALLOCED;
-    return (ret);
+    return ret;
 }
 
 void BN_RECP_CTX_free(BN_RECP_CTX *recp)
 {
     if (recp == NULL)
         return;
-
-    BN_free(&(recp->N));
-    BN_free(&(recp->Nr));
+    BN_free(&recp->N);
+    BN_free(&recp->Nr);
     if (recp->flags & BN_FLG_MALLOCED)
         OPENSSL_free(recp);
 }
@@ -101,7 +51,7 @@ int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx)
     BN_zero(&(recp->Nr));
     recp->num_bits = BN_num_bits(d);
     recp->shift = 0;
-    return (1);
+    return 1;
 }
 
 int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
@@ -130,7 +80,7 @@ int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
  err:
     BN_CTX_end(ctx);
     bn_check_top(r);
-    return (ret);
+    return ret;
 }
 
 int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
@@ -140,17 +90,11 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
     BIGNUM *a, *b, *d, *r;
 
     BN_CTX_start(ctx);
+    d = (dv != NULL) ? dv : BN_CTX_get(ctx);
+    r = (rem != NULL) ? rem : BN_CTX_get(ctx);
     a = BN_CTX_get(ctx);
     b = BN_CTX_get(ctx);
-    if (dv != NULL)
-        d = dv;
-    else
-        d = BN_CTX_get(ctx);
-    if (rem != NULL)
-        r = rem;
-    else
-        r = BN_CTX_get(ctx);
-    if (a == NULL || b == NULL || d == NULL || r == NULL)
+    if (b == NULL)
         goto err;
 
     if (BN_ucmp(m, &(recp->N)) < 0) {
@@ -160,7 +104,7 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
             return 0;
         }
         BN_CTX_end(ctx);
-        return (1);
+        return 1;
     }
 
     /*
@@ -201,7 +145,6 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
         goto err;
     r->neg = 0;
 
-#if 1
     j = 0;
     while (BN_ucmp(r, &(recp->N)) >= 0) {
         if (j++ > 2) {
@@ -213,7 +156,6 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
         if (!BN_add_word(d, 1))
             goto err;
     }
-#endif
 
     r->neg = BN_is_zero(r) ? 0 : m->neg;
     d->neg = m->neg ^ recp->N.neg;
@@ -222,7 +164,7 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
     BN_CTX_end(ctx);
     bn_check_top(dv);
     bn_check_top(rem);
-    return (ret);
+    return ret;
 }
 
 /*
@@ -250,5 +192,5 @@ int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx)
  err:
     bn_check_top(r);
     BN_CTX_end(ctx);
-    return (ret);
+    return ret;
 }
diff --git a/freebsd/crypto/openssl/crypto/bn/bn_shift.c b/freebsd/crypto/openssl/crypto/bn/bn_shift.c
index ed2980dc..a619eb55 100644
--- a/freebsd/crypto/openssl/crypto/bn/bn_shift.c
+++ b/freebsd/crypto/openssl/crypto/bn/bn_shift.c
@@ -1,65 +1,15 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/bn/bn_shift.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include "bn_lcl.h"
 
 int BN_lshift1(BIGNUM *r, const BIGNUM *a)
@@ -73,11 +23,11 @@ int BN_lshift1(BIGNUM *r, const BIGNUM *a)
     if (r != a) {
         r->neg = a->neg;
         if (bn_wexpand(r, a->top + 1) == NULL)
-            return (0);
+            return 0;
         r->top = a->top;
     } else {
         if (bn_wexpand(r, a->top + 1) == NULL)
-            return (0);
+            return 0;
     }
     ap = a->d;
     rp = r->d;
@@ -92,7 +42,7 @@ int BN_lshift1(BIGNUM *r, const BIGNUM *a)
         r->top++;
     }
     bn_check_top(r);
-    return (1);
+    return 1;
 }
 
 int BN_rshift1(BIGNUM *r, const BIGNUM *a)
@@ -105,14 +55,14 @@ int BN_rshift1(BIGNUM *r, const BIGNUM *a)
 
     if (BN_is_zero(a)) {
         BN_zero(r);
-        return (1);
+        return 1;
     }
     i = a->top;
     ap = a->d;
     j = i - (ap[i - 1] == 1);
     if (a != r) {
         if (bn_wexpand(r, j) == NULL)
-            return (0);
+            return 0;
         r->neg = a->neg;
     }
     rp = r->d;
@@ -126,8 +76,10 @@ int BN_rshift1(BIGNUM *r, const BIGNUM *a)
         c = (t & 1) ? BN_TBIT : 0;
     }
     r->top = j;
+    if (!r->top)
+        r->neg = 0; /* don't allow negative zero */
     bn_check_top(r);
-    return (1);
+    return 1;
 }
 
 int BN_lshift(BIGNUM *r, const BIGNUM *a, int n)
@@ -144,10 +96,10 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n)
         return 0;
     }
 
-    r->neg = a->neg;
     nw = n / BN_BITS2;
     if (bn_wexpand(r, a->top + nw + 1) == NULL)
-        return (0);
+        return 0;
+    r->neg = a->neg;
     lb = n % BN_BITS2;
     rb = BN_BITS2 - lb;
     f = a->d;
@@ -162,14 +114,11 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n)
             t[nw + i + 1] |= (l >> rb) & BN_MASK2;
             t[nw + i] = (l << lb) & BN_MASK2;
         }
-    memset(t, 0, nw * sizeof(t[0]));
-    /*
-     * for (i=0; i<nw; i++) t[i]=0;
-     */
+    memset(t, 0, sizeof(*t) * nw);
     r->top = a->top + nw + 1;
     bn_correct_top(r);
     bn_check_top(r);
-    return (1);
+    return 1;
 }
 
 int BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
@@ -191,13 +140,13 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
     lb = BN_BITS2 - rb;
     if (nw >= a->top || a->top == 0) {
         BN_zero(r);
-        return (1);
+        return 1;
     }
     i = (BN_num_bits(a) - n + (BN_BITS2 - 1)) / BN_BITS2;
     if (r != a) {
-        r->neg = a->neg;
         if (bn_wexpand(r, i) == NULL)
-            return (0);
+            return 0;
+        r->neg = a->neg;
     } else {
         if (n == 0)
             return 1;           /* or the copying loop will go berserk */
@@ -221,6 +170,8 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
         if ((l = (l >> rb) & BN_MASK2))
             *(t) = l;
     }
+    if (!r->top)
+        r->neg = 0; /* don't allow negative zero */
     bn_check_top(r);
-    return (1);
+    return 1;
 }
diff --git a/freebsd/crypto/openssl/crypto/bn/bn_sqr.c b/freebsd/crypto/openssl/crypto/bn/bn_sqr.c
index bc52dfd0..a8072da1 100644
--- a/freebsd/crypto/openssl/crypto/bn/bn_sqr.c
+++ b/freebsd/crypto/openssl/crypto/bn/bn_sqr.c
@@ -1,65 +1,15 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/bn/bn_sqr.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include "bn_lcl.h"
 
 /* r must not be a */
@@ -68,13 +18,20 @@
  */
 int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
 {
+    int ret = bn_sqr_fixed_top(r, a, ctx);
+
+    bn_correct_top(r);
+    bn_check_top(r);
+
+    return ret;
+}
+
+int bn_sqr_fixed_top(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
+{
     int max, al;
     int ret = 0;
     BIGNUM *tmp, *rr;
 
-#ifdef BN_COUNT
-    fprintf(stderr, "BN_sqr %d * %d\n", a->top, a->top);
-#endif
     bn_check_top(a);
 
     al = a->top;
@@ -87,7 +44,7 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
     BN_CTX_start(ctx);
     rr = (a != r) ? r : BN_CTX_get(ctx);
     tmp = BN_CTX_get(ctx);
-    if (!rr || !tmp)
+    if (rr == NULL || tmp == NULL)
         goto err;
 
     max = 2 * al;               /* Non-zero (from above) */
@@ -138,7 +95,7 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
 
     rr->neg = 0;
     rr->top = max;
-    bn_correct_top(rr);
+    rr->flags |= BN_FLG_FIXED_TOP;
     if (r != rr && BN_copy(r, rr) == NULL)
         goto err;
 
@@ -147,7 +104,7 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
     bn_check_top(rr);
     bn_check_top(tmp);
     BN_CTX_end(ctx);
-    return (ret);
+    return ret;
 }
 
 /* tmp must have 2*n words */
@@ -204,9 +161,6 @@ void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t)
     int zero, c1;
     BN_ULONG ln, lo, *p;
 
-# ifdef BN_COUNT
-    fprintf(stderr, " bn_sqr_recursive %d * %d\n", n2, n2);
-# endif
     if (n2 == 4) {
 # ifndef BN_SQR_COMBA
         bn_sqr_normal(r, a, 4, t);
@@ -242,7 +196,7 @@ void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t)
     if (!zero)
         bn_sqr_recursive(&(t[n2]), t, n, p);
     else
-        memset(&(t[n2]), 0, n2 * sizeof(BN_ULONG));
+        memset(&t[n2], 0, sizeof(*t) * n2);
     bn_sqr_recursive(r, a, n, p);
     bn_sqr_recursive(&(r[n2]), &(a[n]), n, p);
 
diff --git a/freebsd/crypto/openssl/crypto/bn/bn_sqrt.c b/freebsd/crypto/openssl/crypto/bn/bn_sqrt.c
index 5f0acd94..7e6f0b72 100644
--- a/freebsd/crypto/openssl/crypto/bn/bn_sqrt.c
+++ b/freebsd/crypto/openssl/crypto/bn/bn_sqrt.c
@@ -1,65 +1,15 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/bn/bn_sqrt.c */
 /*
- * Written by Lenka Fibikova <fibikova@exp-math.uni-essen.de> and Bodo
- * Moeller for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include "bn_lcl.h"
 
 BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
@@ -91,7 +41,7 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
         }
 
         BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
-        return (NULL);
+        return NULL;
     }
 
     if (BN_is_zero(a) || BN_is_one(a)) {
@@ -231,7 +181,7 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
             if (!BN_set_word(y, i))
                 goto end;
         } else {
-            if (!BN_pseudo_rand(y, BN_num_bits(p), 0, 0))
+            if (!BN_priv_rand(y, BN_num_bits(p), 0, 0))
                 goto end;
             if (BN_ucmp(y, p) >= 0) {
                 if (!(p->neg ? BN_add : BN_sub) (y, y, p))
@@ -400,9 +350,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
 
  end:
     if (err) {
-        if (ret != NULL && ret != in) {
+        if (ret != in)
             BN_clear_free(ret);
-        }
         ret = NULL;
     }
     BN_CTX_end(ctx);
diff --git a/freebsd/crypto/openssl/crypto/srp/srp_grps.h b/freebsd/crypto/openssl/crypto/bn/bn_srp.c
index f76652cb..706e9fb0 100644
--- a/freebsd/crypto/openssl/crypto/srp/srp_grps.h
+++ b/freebsd/crypto/openssl/crypto/bn/bn_srp.c
@@ -1,6 +1,37 @@
-/* start of generated data */
+#include <machine/rtems-bsd-user-space.h>
 
-static BN_ULONG bn_group_1024_value[] = {
+/*
+ * Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "bn_lcl.h"
+#include "internal/nelem.h"
+
+#ifndef OPENSSL_NO_SRP
+
+#include <openssl/srp.h>
+#include "internal/bn_srp.h"
+
+# if (BN_BYTES == 8)
+#  if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
+#   define bn_pack4(a1,a2,a3,a4) ((a1##UI64<<48)|(a2##UI64<<32)|(a3##UI64<<16)|a4##UI64)
+#  elif defined(__arch64__)
+#   define bn_pack4(a1,a2,a3,a4) ((a1##UL<<48)|(a2##UL<<32)|(a3##UL<<16)|a4##UL)
+#  else
+#   define bn_pack4(a1,a2,a3,a4) ((a1##ULL<<48)|(a2##ULL<<32)|(a3##ULL<<16)|a4##ULL)
+#  endif
+# elif (BN_BYTES == 4)
+#  define bn_pack4(a1,a2,a3,a4)  ((a3##UL<<16)|a4##UL), ((a1##UL<<16)|a2##UL)
+# else
+#  error "unsupported BN_BYTES"
+# endif
+
+static const BN_ULONG bn_group_1024_value[] = {
     bn_pack4(0x9FC6, 0x1D2F, 0xC0EB, 0x06E3),
     bn_pack4(0xFD51, 0x38FE, 0x8376, 0x435B),
     bn_pack4(0x2FD4, 0xCBF4, 0x976E, 0xAA9A),
@@ -19,15 +50,15 @@ static BN_ULONG bn_group_1024_value[] = {
     bn_pack4(0xEEAF, 0x0AB9, 0xADB3, 0x8DD6)
 };
 
-static BIGNUM bn_group_1024 = {
-    bn_group_1024_value,
-    (sizeof(bn_group_1024_value)) / sizeof(BN_ULONG),
-    (sizeof(bn_group_1024_value)) / sizeof(BN_ULONG),
+const BIGNUM bn_group_1024 = {
+    (BN_ULONG *)bn_group_1024_value,
+    OSSL_NELEM(bn_group_1024_value),
+    OSSL_NELEM(bn_group_1024_value),
     0,
     BN_FLG_STATIC_DATA
 };
 
-static BN_ULONG bn_group_1536_value[] = {
+static const BN_ULONG bn_group_1536_value[] = {
     bn_pack4(0xCF76, 0xE3FE, 0xD135, 0xF9BB),
     bn_pack4(0x1518, 0x0F93, 0x499A, 0x234D),
     bn_pack4(0x8CE7, 0xA28C, 0x2442, 0xC6F3),
@@ -54,15 +85,15 @@ static BN_ULONG bn_group_1536_value[] = {
     bn_pack4(0x9DEF, 0x3CAF, 0xB939, 0x277A)
 };
 
-static BIGNUM bn_group_1536 = {
-    bn_group_1536_value,
-    (sizeof(bn_group_1536_value)) / sizeof(BN_ULONG),
-    (sizeof(bn_group_1536_value)) / sizeof(BN_ULONG),
+const BIGNUM bn_group_1536 = {
+    (BN_ULONG *)bn_group_1536_value,
+    OSSL_NELEM(bn_group_1536_value),
+    OSSL_NELEM(bn_group_1536_value),
     0,
     BN_FLG_STATIC_DATA
 };
 
-static BN_ULONG bn_group_2048_value[] = {
+static const BN_ULONG bn_group_2048_value[] = {
     bn_pack4(0x0FA7, 0x111F, 0x9E4A, 0xFF73),
     bn_pack4(0x9B65, 0xE372, 0xFCD6, 0x8EF2),
     bn_pack4(0x35DE, 0x236D, 0x525F, 0x5475),
@@ -97,15 +128,15 @@ static BN_ULONG bn_group_2048_value[] = {
     bn_pack4(0xAC6B, 0xDB41, 0x324A, 0x9A9B)
 };
 
-static BIGNUM bn_group_2048 = {
-    bn_group_2048_value,
-    (sizeof(bn_group_2048_value)) / sizeof(BN_ULONG),
-    (sizeof(bn_group_2048_value)) / sizeof(BN_ULONG),
+const BIGNUM bn_group_2048 = {
+    (BN_ULONG *)bn_group_2048_value,
+    OSSL_NELEM(bn_group_2048_value),
+    OSSL_NELEM(bn_group_2048_value),
     0,
     BN_FLG_STATIC_DATA
 };
 
-static BN_ULONG bn_group_3072_value[] = {
+static const BN_ULONG bn_group_3072_value[] = {
     bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF),
     bn_pack4(0x4B82, 0xD120, 0xA93A, 0xD2CA),
     bn_pack4(0x43DB, 0x5BFC, 0xE0FD, 0x108E),
@@ -156,15 +187,15 @@ static BN_ULONG bn_group_3072_value[] = {
     bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF)
 };
 
-static BIGNUM bn_group_3072 = {
-    bn_group_3072_value,
-    (sizeof(bn_group_3072_value)) / sizeof(BN_ULONG),
-    (sizeof(bn_group_3072_value)) / sizeof(BN_ULONG),
+const BIGNUM bn_group_3072 = {
+    (BN_ULONG *)bn_group_3072_value,
+    OSSL_NELEM(bn_group_3072_value),
+    OSSL_NELEM(bn_group_3072_value),
     0,
     BN_FLG_STATIC_DATA
 };
 
-static BN_ULONG bn_group_4096_value[] = {
+static const BN_ULONG bn_group_4096_value[] = {
     bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF),
     bn_pack4(0x4DF4, 0x35C9, 0x3406, 0x3199),
     bn_pack4(0x86FF, 0xB7DC, 0x90A6, 0xC08F),
@@ -231,15 +262,15 @@ static BN_ULONG bn_group_4096_value[] = {
     bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF)
 };
 
-static BIGNUM bn_group_4096 = {
-    bn_group_4096_value,
-    (sizeof(bn_group_4096_value)) / sizeof(BN_ULONG),
-    (sizeof(bn_group_4096_value)) / sizeof(BN_ULONG),
+const BIGNUM bn_group_4096 = {
+    (BN_ULONG *)bn_group_4096_value,
+    OSSL_NELEM(bn_group_4096_value),
+    OSSL_NELEM(bn_group_4096_value),
     0,
     BN_FLG_STATIC_DATA
 };
 
-static BN_ULONG bn_group_6144_value[] = {
+static const BN_ULONG bn_group_6144_value[] = {
     bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF),
     bn_pack4(0xE694, 0xF91E, 0x6DCC, 0x4024),
     bn_pack4(0x12BF, 0x2D5B, 0x0B74, 0x74D6),
@@ -338,15 +369,15 @@ static BN_ULONG bn_group_6144_value[] = {
     bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF)
 };
 
-static BIGNUM bn_group_6144 = {
-    bn_group_6144_value,
-    (sizeof(bn_group_6144_value)) / sizeof(BN_ULONG),
-    (sizeof(bn_group_6144_value)) / sizeof(BN_ULONG),
+const BIGNUM bn_group_6144 = {
+    (BN_ULONG *)bn_group_6144_value,
+    OSSL_NELEM(bn_group_6144_value),
+    OSSL_NELEM(bn_group_6144_value),
     0,
     BN_FLG_STATIC_DATA
 };
 
-static BN_ULONG bn_group_8192_value[] = {
+static const BN_ULONG bn_group_8192_value[] = {
     bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF),
     bn_pack4(0x60C9, 0x80DD, 0x98ED, 0xD3DF),
     bn_pack4(0xC81F, 0x56E8, 0x80B9, 0x6E71),
@@ -477,52 +508,40 @@ static BN_ULONG bn_group_8192_value[] = {
     bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF)
 };
 
-static BIGNUM bn_group_8192 = {
-    bn_group_8192_value,
-    (sizeof(bn_group_8192_value)) / sizeof(BN_ULONG),
-    (sizeof(bn_group_8192_value)) / sizeof(BN_ULONG),
+const BIGNUM bn_group_8192 = {
+    (BN_ULONG *)bn_group_8192_value,
+    OSSL_NELEM(bn_group_8192_value),
+    OSSL_NELEM(bn_group_8192_value),
     0,
     BN_FLG_STATIC_DATA
 };
 
-static BN_ULONG bn_generator_19_value[] = { 19 };
+static const BN_ULONG bn_generator_19_value[] = { 19 };
 
-static BIGNUM bn_generator_19 = {
-    bn_generator_19_value,
+const BIGNUM bn_generator_19 = {
+    (BN_ULONG *)bn_generator_19_value,
     1,
     1,
     0,
     BN_FLG_STATIC_DATA
 };
-static BN_ULONG bn_generator_5_value[] = { 5 };
+static const BN_ULONG bn_generator_5_value[] = { 5 };
 
-static BIGNUM bn_generator_5 = {
-    bn_generator_5_value,
+const BIGNUM bn_generator_5 = {
+    (BN_ULONG *)bn_generator_5_value,
     1,
     1,
     0,
     BN_FLG_STATIC_DATA
 };
-static BN_ULONG bn_generator_2_value[] = { 2 };
+static const BN_ULONG bn_generator_2_value[] = { 2 };
 
-static BIGNUM bn_generator_2 = {
-    bn_generator_2_value,
+const BIGNUM bn_generator_2 = {
+    (BN_ULONG *)bn_generator_2_value,
     1,
     1,
     0,
     BN_FLG_STATIC_DATA
 };
 
-static SRP_gN knowngN[] = {
-    {"8192", &bn_generator_19, &bn_group_8192},
-    {"6144", &bn_generator_5, &bn_group_6144},
-    {"4096", &bn_generator_5, &bn_group_4096},
-    {"3072", &bn_generator_5, &bn_group_3072},
-    {"2048", &bn_generator_2, &bn_group_2048},
-    {"1536", &bn_generator_2, &bn_group_1536},
-    {"1024", &bn_generator_2, &bn_group_1024},
-};
-
-#define KNOWN_GN_NUMBER sizeof(knowngN) / sizeof(SRP_gN)
-
-/* end of generated data */
+#endif
diff --git a/freebsd/crypto/openssl/crypto/bn/bn_word.c b/freebsd/crypto/openssl/crypto/bn/bn_word.c
index 75618e00..eb800176 100644
--- a/freebsd/crypto/openssl/crypto/bn/bn_word.c
+++ b/freebsd/crypto/openssl/crypto/bn/bn_word.c
@@ -1,65 +1,15 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/bn/bn_word.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include "bn_lcl.h"
 
 BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w)
@@ -107,7 +57,7 @@ BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w)
                            (BN_ULLONG) w);
 #endif
     }
-    return ((BN_ULONG)ret);
+    return (BN_ULONG)ret;
 }
 
 BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w)
@@ -141,8 +91,10 @@ BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w)
     if ((a->top > 0) && (a->d[a->top - 1] == 0))
         a->top--;
     ret >>= j;
+    if (!a->top)
+        a->neg = 0; /* don't allow negative zero */
     bn_check_top(a);
-    return (ret);
+    return ret;
 }
 
 int BN_add_word(BIGNUM *a, BN_ULONG w)
@@ -165,7 +117,7 @@ int BN_add_word(BIGNUM *a, BN_ULONG w)
         i = BN_sub_word(a, w);
         if (!BN_is_zero(a))
             a->neg = !(a->neg);
-        return (i);
+        return i;
     }
     for (i = 0; w != 0 && i < a->top; i++) {
         a->d[i] = l = (a->d[i] + w) & BN_MASK2;
@@ -178,7 +130,7 @@ int BN_add_word(BIGNUM *a, BN_ULONG w)
         a->d[i] = w;
     }
     bn_check_top(a);
-    return (1);
+    return 1;
 }
 
 int BN_sub_word(BIGNUM *a, BN_ULONG w)
@@ -203,13 +155,13 @@ int BN_sub_word(BIGNUM *a, BN_ULONG w)
         a->neg = 0;
         i = BN_add_word(a, w);
         a->neg = 1;
-        return (i);
+        return i;
     }
 
     if ((a->top == 1) && (a->d[0] < w)) {
         a->d[0] = w - a->d[0];
         a->neg = 1;
-        return (1);
+        return 1;
     }
     i = 0;
     for (;;) {
@@ -225,7 +177,7 @@ int BN_sub_word(BIGNUM *a, BN_ULONG w)
     if ((a->d[i] == 0) && (i == (a->top - 1)))
         a->top--;
     bn_check_top(a);
-    return (1);
+    return 1;
 }
 
 int BN_mul_word(BIGNUM *a, BN_ULONG w)
@@ -241,11 +193,11 @@ int BN_mul_word(BIGNUM *a, BN_ULONG w)
             ll = bn_mul_words(a->d, a->d, a->top, w);
             if (ll) {
                 if (bn_wexpand(a, a->top + 1) == NULL)
-                    return (0);
+                    return 0;
                 a->d[a->top++] = ll;
             }
         }
     }
     bn_check_top(a);
-    return (1);
+    return 1;
 }
diff --git a/freebsd/crypto/openssl/crypto/bn/bn_x931p.c b/freebsd/crypto/openssl/crypto/bn/bn_x931p.c
index 4e081b2f..838edf86 100644
--- a/freebsd/crypto/openssl/crypto/bn/bn_x931p.c
+++ b/freebsd/crypto/openssl/crypto/bn/bn_x931p.c
@@ -1,66 +1,17 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* bn_x931p.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2005.
- */
-/* ====================================================================
- * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <openssl/bn.h>
+#include "bn_lcl.h"
 
 /* X9.31 routines for prime derivation */
 
@@ -72,7 +23,7 @@
 static int bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx,
                              BN_GENCB *cb)
 {
-    int i = 0;
+    int i = 0, is_prime;
     if (!BN_copy(pi, Xpi))
         return 0;
     if (!BN_is_odd(pi) && !BN_add_word(pi, 1))
@@ -80,8 +31,11 @@ static int bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx,
     for (;;) {
         i++;
         BN_GENCB_call(cb, 0, i);
-        /* NB 27 MR is specificed in X9.31 */
-        if (BN_is_prime_fasttest_ex(pi, 27, ctx, 1, cb))
+        /* NB 27 MR is specified in X9.31 */
+        is_prime = BN_is_prime_fasttest_ex(pi, 27, ctx, 1, cb);
+        if (is_prime < 0)
+            return 0;
+        if (is_prime)
             break;
         if (!BN_add_word(pi, 2))
             return 0;
@@ -110,10 +64,10 @@ int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
         return 0;
 
     BN_CTX_start(ctx);
-    if (!p1)
+    if (p1 == NULL)
         p1 = BN_CTX_get(ctx);
 
-    if (!p2)
+    if (p2 == NULL)
         p2 = BN_CTX_get(ctx);
 
     t = BN_CTX_get(ctx);
@@ -122,6 +76,9 @@ int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
 
     pm1 = BN_CTX_get(ctx);
 
+    if (pm1 == NULL)
+        goto err;
+
     if (!bn_x931_derive_pi(p1, Xp1, ctx, cb))
         goto err;
 
@@ -170,14 +127,18 @@ int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
             goto err;
         if (!BN_gcd(t, pm1, e, ctx))
             goto err;
-        if (BN_is_one(t)
+        if (BN_is_one(t)) {
             /*
              * X9.31 specifies 8 MR and 1 Lucas test or any prime test
              * offering similar or better guarantees 50 MR is considerably
              * better.
              */
-            && BN_is_prime_fasttest_ex(p, 50, ctx, 1, cb))
-            break;
+            int r = BN_is_prime_fasttest_ex(p, 50, ctx, 1, cb);
+            if (r < 0)
+                goto err;
+            if (r)
+                break;
+        }
         if (!BN_add(p, p, p1p2))
             goto err;
     }
@@ -194,8 +155,8 @@ int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
 }
 
 /*
- * Generate pair of paramters Xp, Xq for X9.31 prime generation. Note: nbits
- * paramter is sum of number of bits in both.
+ * Generate pair of parameters Xp, Xq for X9.31 prime generation. Note: nbits
+ * parameter is sum of number of bits in both.
  */
 
 int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx)
@@ -214,7 +175,7 @@ int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx)
      * - 1. By setting the top two bits we ensure that the lower bound is
      * exceeded.
      */
-    if (!BN_rand(Xp, nbits, 1, 0))
+    if (!BN_priv_rand(Xp, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY))
         goto err;
 
     BN_CTX_start(ctx);
@@ -223,10 +184,12 @@ int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx)
         goto err;
 
     for (i = 0; i < 1000; i++) {
-        if (!BN_rand(Xq, nbits, 1, 0))
+        if (!BN_priv_rand(Xq, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY))
             goto err;
+
         /* Check that |Xp - Xq| > 2^(nbits - 100) */
-        BN_sub(t, Xp, Xq);
+        if (!BN_sub(t, Xp, Xq))
+            goto err;
         if (BN_num_bits(t) > (nbits - 100))
             break;
     }
@@ -266,9 +229,9 @@ int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
     if (Xp1 == NULL || Xp2 == NULL)
         goto error;
 
-    if (!BN_rand(Xp1, 101, 0, 0))
+    if (!BN_priv_rand(Xp1, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY))
         goto error;
-    if (!BN_rand(Xp2, 101, 0, 0))
+    if (!BN_priv_rand(Xp2, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY))
         goto error;
     if (!BN_X931_derive_prime_ex(p, p1, p2, Xp, Xp1, Xp2, e, ctx, cb))
         goto error;
diff --git a/freebsd/crypto/openssl/crypto/bn/bnspeed.c b/freebsd/crypto/openssl/crypto/bn/bnspeed.c
deleted file mode 100644
index a7828685..00000000
--- a/freebsd/crypto/openssl/crypto/bn/bnspeed.c
+++ /dev/null
@@ -1,234 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* unused */
-
-/* crypto/bn/bnspeed.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* most of this code has been pilfered from my libdes speed.c program */
-
-#define BASENUM 1000000
-#undef PROG
-#define PROG bnspeed_main
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <signal.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/err.h>
-
-#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
-# define TIMES
-#endif
-
-#ifndef _IRIX
-# include <time.h>
-#endif
-#ifdef TIMES
-# include <sys/types.h>
-# include <sys/times.h>
-#endif
-
-/*
- * Depending on the VMS version, the tms structure is perhaps defined. The
- * __TMS macro will show if it was.  If it wasn't defined, we should undefine
- * TIMES, since that tells the rest of the program how things should be
- * handled.  -- Richard Levitte
- */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
-# undef TIMES
-#endif
-
-#ifndef TIMES
-# include <sys/timeb.h>
-#endif
-
-#if defined(sun) || defined(__ultrix)
-# define _POSIX_SOURCE
-# include <limits.h>
-# include <sys/param.h>
-#endif
-
-#include <openssl/bn.h>
-#include <openssl/x509.h>
-
-/* The following if from times(3) man page.  It may need to be changed */
-#ifndef HZ
-# ifndef CLK_TCK
-#  ifndef _BSD_CLK_TCK_         /* FreeBSD hack */
-#   define HZ   100.0
-#  else                         /* _BSD_CLK_TCK_ */
-#   define HZ ((double)_BSD_CLK_TCK_)
-#  endif
-# else                          /* CLK_TCK */
-#  define HZ ((double)CLK_TCK)
-# endif
-#endif
-
-#undef BUFSIZE
-#define BUFSIZE ((long)1024*8)
-int run = 0;
-
-static double Time_F(int s);
-#define START   0
-#define STOP    1
-
-static double Time_F(int s)
-{
-    double ret;
-#ifdef TIMES
-    static struct tms tstart, tend;
-
-    if (s == START) {
-        times(&tstart);
-        return (0);
-    } else {
-        times(&tend);
-        ret = ((double)(tend.tms_utime - tstart.tms_utime)) / HZ;
-        return ((ret < 1e-3) ? 1e-3 : ret);
-    }
-#else                           /* !times() */
-    static struct timeb tstart, tend;
-    long i;
-
-    if (s == START) {
-        ftime(&tstart);
-        return (0);
-    } else {
-        ftime(&tend);
-        i = (long)tend.millitm - (long)tstart.millitm;
-        ret = ((double)(tend.time - tstart.time)) + ((double)i) / 1000.0;
-        return ((ret < 0.001) ? 0.001 : ret);
-    }
-#endif
-}
-
-#define NUM_SIZES       5
-static int sizes[NUM_SIZES] = { 128, 256, 512, 1024, 2048 };
-
-/*
- * static int sizes[NUM_SIZES]={59,179,299,419,539};
- */
-
-void do_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
-
-int main(int argc, char **argv)
-{
-    BN_CTX *ctx;
-    BIGNUM a, b, c;
-
-    ctx = BN_CTX_new();
-    BN_init(&a);
-    BN_init(&b);
-    BN_init(&c);
-
-    do_mul(&a, &b, &c, ctx);
-}
-
-void do_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
-{
-    int i, j, k;
-    double tm;
-    long num;
-
-    for (i = 0; i < NUM_SIZES; i++) {
-        num = BASENUM;
-        if (i)
-            num /= (i * 3);
-        BN_rand(a, sizes[i], 1, 0);
-        for (j = i; j < NUM_SIZES; j++) {
-            BN_rand(b, sizes[j], 1, 0);
-            Time_F(START);
-            for (k = 0; k < num; k++)
-                BN_mul(r, b, a, ctx);
-            tm = Time_F(STOP);
-            printf("mul %4d x %4d -> %8.3fms\n", sizes[i], sizes[j],
-                   tm * 1000.0 / num);
-        }
-    }
-
-    for (i = 0; i < NUM_SIZES; i++) {
-        num = BASENUM;
-        if (i)
-            num /= (i * 3);
-        BN_rand(a, sizes[i], 1, 0);
-        Time_F(START);
-        for (k = 0; k < num; k++)
-            BN_sqr(r, a, ctx);
-        tm = Time_F(STOP);
-        printf("sqr %4d x %4d -> %8.3fms\n", sizes[i], sizes[i],
-               tm * 1000.0 / num);
-    }
-
-    for (i = 0; i < NUM_SIZES; i++) {
-        num = BASENUM / 10;
-        if (i)
-            num /= (i * 3);
-        BN_rand(a, sizes[i] - 1, 1, 0);
-        for (j = i; j < NUM_SIZES; j++) {
-            BN_rand(b, sizes[j], 1, 0);
-            Time_F(START);
-            for (k = 0; k < 100000; k++)
-                BN_div(r, NULL, b, a, ctx);
-            tm = Time_F(STOP);
-            printf("div %4d / %4d -> %8.3fms\n", sizes[j], sizes[i] - 1,
-                   tm * 1000.0 / num);
-        }
-    }
-}
diff --git a/freebsd/crypto/openssl/crypto/bn/bntest.c b/freebsd/crypto/openssl/crypto/bn/bntest.c
deleted file mode 100644
index ea585878..00000000
--- a/freebsd/crypto/openssl/crypto/bn/bntest.c
+++ /dev/null
@@ -1,2162 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/bn/bntest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the Eric Young open source
- * license provided above.
- *
- * The binary polynomial arithmetic software is originally written by
- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-
-/*
- * Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code
- */
-#ifdef OPENSSL_NO_DEPRECATED
-# undef OPENSSL_NO_DEPRECATED
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "e_os.h"
-
-#include <openssl/bio.h>
-#include <openssl/bn.h>
-#include <openssl/rand.h>
-#include <openssl/x509.h>
-#include <openssl/err.h>
-
-const int num0 = 100;           /* number of tests */
-const int num1 = 50;            /* additional tests for some functions */
-const int num2 = 5;             /* number of tests for slow functions */
-
-int test_add(BIO *bp);
-int test_sub(BIO *bp);
-int test_lshift1(BIO *bp);
-int test_lshift(BIO *bp, BN_CTX *ctx, BIGNUM *a_);
-int test_rshift1(BIO *bp);
-int test_rshift(BIO *bp, BN_CTX *ctx);
-int test_div(BIO *bp, BN_CTX *ctx);
-int test_div_word(BIO *bp);
-int test_div_recp(BIO *bp, BN_CTX *ctx);
-int test_mul(BIO *bp);
-int test_sqr(BIO *bp, BN_CTX *ctx);
-int test_mont(BIO *bp, BN_CTX *ctx);
-int test_mod(BIO *bp, BN_CTX *ctx);
-int test_mod_mul(BIO *bp, BN_CTX *ctx);
-int test_mod_exp(BIO *bp, BN_CTX *ctx);
-int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx);
-int test_mod_exp_mont5(BIO *bp, BN_CTX *ctx);
-int test_exp(BIO *bp, BN_CTX *ctx);
-int test_gf2m_add(BIO *bp);
-int test_gf2m_mod(BIO *bp);
-int test_gf2m_mod_mul(BIO *bp, BN_CTX *ctx);
-int test_gf2m_mod_sqr(BIO *bp, BN_CTX *ctx);
-int test_gf2m_mod_inv(BIO *bp, BN_CTX *ctx);
-int test_gf2m_mod_div(BIO *bp, BN_CTX *ctx);
-int test_gf2m_mod_exp(BIO *bp, BN_CTX *ctx);
-int test_gf2m_mod_sqrt(BIO *bp, BN_CTX *ctx);
-int test_gf2m_mod_solve_quad(BIO *bp, BN_CTX *ctx);
-int test_kron(BIO *bp, BN_CTX *ctx);
-int test_sqrt(BIO *bp, BN_CTX *ctx);
-int rand_neg(void);
-static int results = 0;
-
-static unsigned char lst[] =
-    "\xC6\x4F\x43\x04\x2A\xEA\xCA\x6E\x58\x36\x80\x5B\xE8\xC9"
-    "\x9B\x04\x5D\x48\x36\xC2\xFD\x16\xC9\x64\xF0";
-
-static const char rnd_seed[] =
-    "string to make the random number generator think it has entropy";
-
-static void message(BIO *out, char *m)
-{
-    fprintf(stderr, "test %s\n", m);
-    BIO_puts(out, "print \"test ");
-    BIO_puts(out, m);
-    BIO_puts(out, "\\n\"\n");
-}
-
-int main(int argc, char *argv[])
-{
-    BN_CTX *ctx;
-    BIO *out;
-    char *outfile = NULL;
-
-    results = 0;
-
-    RAND_seed(rnd_seed, sizeof(rnd_seed)); /* or BN_generate_prime may fail */
-
-    argc--;
-    argv++;
-    while (argc >= 1) {
-        if (strcmp(*argv, "-results") == 0)
-            results = 1;
-        else if (strcmp(*argv, "-out") == 0) {
-            if (--argc < 1)
-                break;
-            outfile = *(++argv);
-        }
-        argc--;
-        argv++;
-    }
-
-    ctx = BN_CTX_new();
-    if (ctx == NULL)
-        EXIT(1);
-
-    out = BIO_new(BIO_s_file());
-    if (out == NULL)
-        EXIT(1);
-    if (outfile == NULL) {
-        BIO_set_fp(out, stdout, BIO_NOCLOSE);
-    } else {
-        if (!BIO_write_filename(out, outfile)) {
-            perror(outfile);
-            EXIT(1);
-        }
-    }
-
-    if (!results)
-        BIO_puts(out, "obase=16\nibase=16\n");
-
-    message(out, "BN_add");
-    if (!test_add(out))
-        goto err;
-    (void)BIO_flush(out);
-
-    message(out, "BN_sub");
-    if (!test_sub(out))
-        goto err;
-    (void)BIO_flush(out);
-
-    message(out, "BN_lshift1");
-    if (!test_lshift1(out))
-        goto err;
-    (void)BIO_flush(out);
-
-    message(out, "BN_lshift (fixed)");
-    if (!test_lshift(out, ctx, BN_bin2bn(lst, sizeof(lst) - 1, NULL)))
-        goto err;
-    (void)BIO_flush(out);
-
-    message(out, "BN_lshift");
-    if (!test_lshift(out, ctx, NULL))
-        goto err;
-    (void)BIO_flush(out);
-
-    message(out, "BN_rshift1");
-    if (!test_rshift1(out))
-        goto err;
-    (void)BIO_flush(out);
-
-    message(out, "BN_rshift");
-    if (!test_rshift(out, ctx))
-        goto err;
-    (void)BIO_flush(out);
-
-    message(out, "BN_sqr");
-    if (!test_sqr(out, ctx))
-        goto err;
-    (void)BIO_flush(out);
-
-    message(out, "BN_mul");
-    if (!test_mul(out))
-        goto err;
-    (void)BIO_flush(out);
-
-    message(out, "BN_div");
-    if (!test_div(out, ctx))
-        goto err;
-    (void)BIO_flush(out);
-
-    message(out, "BN_div_word");
-    if (!test_div_word(out))
-        goto err;
-    (void)BIO_flush(out);
-
-    message(out, "BN_div_recp");
-    if (!test_div_recp(out, ctx))
-        goto err;
-    (void)BIO_flush(out);
-
-    message(out, "BN_mod");
-    if (!test_mod(out, ctx))
-        goto err;
-    (void)BIO_flush(out);
-
-    message(out, "BN_mod_mul");
-    if (!test_mod_mul(out, ctx))
-        goto err;
-    (void)BIO_flush(out);
-
-    message(out, "BN_mont");
-    if (!test_mont(out, ctx))
-        goto err;
-    (void)BIO_flush(out);
-
-    message(out, "BN_mod_exp");
-    if (!test_mod_exp(out, ctx))
-        goto err;
-    (void)BIO_flush(out);
-
-    message(out, "BN_mod_exp_mont_consttime");
-    if (!test_mod_exp_mont_consttime(out, ctx))
-        goto err;
-    if (!test_mod_exp_mont5(out, ctx))
-        goto err;
-    (void)BIO_flush(out);
-
-    message(out, "BN_exp");
-    if (!test_exp(out, ctx))
-        goto err;
-    (void)BIO_flush(out);
-
-    message(out, "BN_kronecker");
-    if (!test_kron(out, ctx))
-        goto err;
-    (void)BIO_flush(out);
-
-    message(out, "BN_mod_sqrt");
-    if (!test_sqrt(out, ctx))
-        goto err;
-    (void)BIO_flush(out);
-#ifndef OPENSSL_NO_EC2M
-    message(out, "BN_GF2m_add");
-    if (!test_gf2m_add(out))
-        goto err;
-    (void)BIO_flush(out);
-
-    message(out, "BN_GF2m_mod");
-    if (!test_gf2m_mod(out))
-        goto err;
-    (void)BIO_flush(out);
-
-    message(out, "BN_GF2m_mod_mul");
-    if (!test_gf2m_mod_mul(out, ctx))
-        goto err;
-    (void)BIO_flush(out);
-
-    message(out, "BN_GF2m_mod_sqr");
-    if (!test_gf2m_mod_sqr(out, ctx))
-        goto err;
-    (void)BIO_flush(out);
-
-    message(out, "BN_GF2m_mod_inv");
-    if (!test_gf2m_mod_inv(out, ctx))
-        goto err;
-    (void)BIO_flush(out);
-
-    message(out, "BN_GF2m_mod_div");
-    if (!test_gf2m_mod_div(out, ctx))
-        goto err;
-    (void)BIO_flush(out);
-
-    message(out, "BN_GF2m_mod_exp");
-    if (!test_gf2m_mod_exp(out, ctx))
-        goto err;
-    (void)BIO_flush(out);
-
-    message(out, "BN_GF2m_mod_sqrt");
-    if (!test_gf2m_mod_sqrt(out, ctx))
-        goto err;
-    (void)BIO_flush(out);
-
-    message(out, "BN_GF2m_mod_solve_quad");
-    if (!test_gf2m_mod_solve_quad(out, ctx))
-        goto err;
-    (void)BIO_flush(out);
-#endif
-    BN_CTX_free(ctx);
-    BIO_free(out);
-
-    EXIT(0);
- err:
-    BIO_puts(out, "1\n");       /* make sure the Perl script fed by bc
-                                 * notices the failure, see test_bn in
-                                 * test/Makefile.ssl */
-    (void)BIO_flush(out);
-    ERR_load_crypto_strings();
-    ERR_print_errors_fp(stderr);
-    EXIT(1);
-    return (1);
-}
-
-int test_add(BIO *bp)
-{
-    BIGNUM a, b, c;
-    int i;
-
-    BN_init(&a);
-    BN_init(&b);
-    BN_init(&c);
-
-    BN_bntest_rand(&a, 512, 0, 0);
-    for (i = 0; i < num0; i++) {
-        BN_bntest_rand(&b, 450 + i, 0, 0);
-        a.neg = rand_neg();
-        b.neg = rand_neg();
-        BN_add(&c, &a, &b);
-        if (bp != NULL) {
-            if (!results) {
-                BN_print(bp, &a);
-                BIO_puts(bp, " + ");
-                BN_print(bp, &b);
-                BIO_puts(bp, " - ");
-            }
-            BN_print(bp, &c);
-            BIO_puts(bp, "\n");
-        }
-        a.neg = !a.neg;
-        b.neg = !b.neg;
-        BN_add(&c, &c, &b);
-        BN_add(&c, &c, &a);
-        if (!BN_is_zero(&c)) {
-            fprintf(stderr, "Add test failed!\n");
-            return 0;
-        }
-    }
-    BN_free(&a);
-    BN_free(&b);
-    BN_free(&c);
-    return (1);
-}
-
-int test_sub(BIO *bp)
-{
-    BIGNUM a, b, c;
-    int i;
-
-    BN_init(&a);
-    BN_init(&b);
-    BN_init(&c);
-
-    for (i = 0; i < num0 + num1; i++) {
-        if (i < num1) {
-            BN_bntest_rand(&a, 512, 0, 0);
-            BN_copy(&b, &a);
-            if (BN_set_bit(&a, i) == 0)
-                return (0);
-            BN_add_word(&b, i);
-        } else {
-            BN_bntest_rand(&b, 400 + i - num1, 0, 0);
-            a.neg = rand_neg();
-            b.neg = rand_neg();
-        }
-        BN_sub(&c, &a, &b);
-        if (bp != NULL) {
-            if (!results) {
-                BN_print(bp, &a);
-                BIO_puts(bp, " - ");
-                BN_print(bp, &b);
-                BIO_puts(bp, " - ");
-            }
-            BN_print(bp, &c);
-            BIO_puts(bp, "\n");
-        }
-        BN_add(&c, &c, &b);
-        BN_sub(&c, &c, &a);
-        if (!BN_is_zero(&c)) {
-            fprintf(stderr, "Subtract test failed!\n");
-            return 0;
-        }
-    }
-    BN_free(&a);
-    BN_free(&b);
-    BN_free(&c);
-    return (1);
-}
-
-int test_div(BIO *bp, BN_CTX *ctx)
-{
-    BIGNUM a, b, c, d, e;
-    int i;
-
-    BN_init(&a);
-    BN_init(&b);
-    BN_init(&c);
-    BN_init(&d);
-    BN_init(&e);
-
-    BN_one(&a);
-    BN_zero(&b);
-
-    if (BN_div(&d, &c, &a, &b, ctx)) {
-        fprintf(stderr, "Division by zero succeeded!\n");
-        return 0;
-    }
-
-    for (i = 0; i < num0 + num1; i++) {
-        if (i < num1) {
-            BN_bntest_rand(&a, 400, 0, 0);
-            BN_copy(&b, &a);
-            BN_lshift(&a, &a, i);
-            BN_add_word(&a, i);
-        } else
-            BN_bntest_rand(&b, 50 + 3 * (i - num1), 0, 0);
-        a.neg = rand_neg();
-        b.neg = rand_neg();
-        BN_div(&d, &c, &a, &b, ctx);
-        if (bp != NULL) {
-            if (!results) {
-                BN_print(bp, &a);
-                BIO_puts(bp, " / ");
-                BN_print(bp, &b);
-                BIO_puts(bp, " - ");
-            }
-            BN_print(bp, &d);
-            BIO_puts(bp, "\n");
-
-            if (!results) {
-                BN_print(bp, &a);
-                BIO_puts(bp, " % ");
-                BN_print(bp, &b);
-                BIO_puts(bp, " - ");
-            }
-            BN_print(bp, &c);
-            BIO_puts(bp, "\n");
-        }
-        BN_mul(&e, &d, &b, ctx);
-        BN_add(&d, &e, &c);
-        BN_sub(&d, &d, &a);
-        if (!BN_is_zero(&d)) {
-            fprintf(stderr, "Division test failed!\n");
-            return 0;
-        }
-    }
-    BN_free(&a);
-    BN_free(&b);
-    BN_free(&c);
-    BN_free(&d);
-    BN_free(&e);
-    return (1);
-}
-
-static void print_word(BIO *bp, BN_ULONG w)
-{
-#ifdef SIXTY_FOUR_BIT
-    if (sizeof(w) > sizeof(unsigned long)) {
-        unsigned long h = (unsigned long)(w >> 32), l = (unsigned long)(w);
-
-        if (h)
-            BIO_printf(bp, "%lX%08lX", h, l);
-        else
-            BIO_printf(bp, "%lX", l);
-        return;
-    }
-#endif
-    BIO_printf(bp, BN_HEX_FMT1, w);
-}
-
-int test_div_word(BIO *bp)
-{
-    BIGNUM a, b;
-    BN_ULONG r, rmod, s;
-    int i;
-
-    BN_init(&a);
-    BN_init(&b);
-
-    for (i = 0; i < num0; i++) {
-        do {
-            BN_bntest_rand(&a, 512, -1, 0);
-            BN_bntest_rand(&b, BN_BITS2, -1, 0);
-        } while (BN_is_zero(&b));
-
-        s = b.d[0];
-        BN_copy(&b, &a);
-        rmod = BN_mod_word(&b, s);
-        r = BN_div_word(&b, s);
-
-        if (rmod != r) {
-            fprintf(stderr, "Mod (word) test failed!\n");
-            return 0;
-        }
-
-        if (bp != NULL) {
-            if (!results) {
-                BN_print(bp, &a);
-                BIO_puts(bp, " / ");
-                print_word(bp, s);
-                BIO_puts(bp, " - ");
-            }
-            BN_print(bp, &b);
-            BIO_puts(bp, "\n");
-
-            if (!results) {
-                BN_print(bp, &a);
-                BIO_puts(bp, " % ");
-                print_word(bp, s);
-                BIO_puts(bp, " - ");
-            }
-            print_word(bp, r);
-            BIO_puts(bp, "\n");
-        }
-        BN_mul_word(&b, s);
-        BN_add_word(&b, r);
-        BN_sub(&b, &a, &b);
-        if (!BN_is_zero(&b)) {
-            fprintf(stderr, "Division (word) test failed!\n");
-            return 0;
-        }
-    }
-    BN_free(&a);
-    BN_free(&b);
-    return (1);
-}
-
-int test_div_recp(BIO *bp, BN_CTX *ctx)
-{
-    BIGNUM a, b, c, d, e;
-    BN_RECP_CTX recp;
-    int i;
-
-    BN_RECP_CTX_init(&recp);
-    BN_init(&a);
-    BN_init(&b);
-    BN_init(&c);
-    BN_init(&d);
-    BN_init(&e);
-
-    for (i = 0; i < num0 + num1; i++) {
-        if (i < num1) {
-            BN_bntest_rand(&a, 400, 0, 0);
-            BN_copy(&b, &a);
-            BN_lshift(&a, &a, i);
-            BN_add_word(&a, i);
-        } else
-            BN_bntest_rand(&b, 50 + 3 * (i - num1), 0, 0);
-        a.neg = rand_neg();
-        b.neg = rand_neg();
-        BN_RECP_CTX_set(&recp, &b, ctx);
-        BN_div_recp(&d, &c, &a, &recp, ctx);
-        if (bp != NULL) {
-            if (!results) {
-                BN_print(bp, &a);
-                BIO_puts(bp, " / ");
-                BN_print(bp, &b);
-                BIO_puts(bp, " - ");
-            }
-            BN_print(bp, &d);
-            BIO_puts(bp, "\n");
-
-            if (!results) {
-                BN_print(bp, &a);
-                BIO_puts(bp, " % ");
-                BN_print(bp, &b);
-                BIO_puts(bp, " - ");
-            }
-            BN_print(bp, &c);
-            BIO_puts(bp, "\n");
-        }
-        BN_mul(&e, &d, &b, ctx);
-        BN_add(&d, &e, &c);
-        BN_sub(&d, &d, &a);
-        if (!BN_is_zero(&d)) {
-            fprintf(stderr, "Reciprocal division test failed!\n");
-            fprintf(stderr, "a=");
-            BN_print_fp(stderr, &a);
-            fprintf(stderr, "\nb=");
-            BN_print_fp(stderr, &b);
-            fprintf(stderr, "\n");
-            return 0;
-        }
-    }
-    BN_free(&a);
-    BN_free(&b);
-    BN_free(&c);
-    BN_free(&d);
-    BN_free(&e);
-    BN_RECP_CTX_free(&recp);
-    return (1);
-}
-
-int test_mul(BIO *bp)
-{
-    BIGNUM a, b, c, d, e;
-    int i;
-    BN_CTX *ctx;
-
-    ctx = BN_CTX_new();
-    if (ctx == NULL)
-        EXIT(1);
-
-    BN_init(&a);
-    BN_init(&b);
-    BN_init(&c);
-    BN_init(&d);
-    BN_init(&e);
-
-    for (i = 0; i < num0 + num1; i++) {
-        if (i <= num1) {
-            BN_bntest_rand(&a, 100, 0, 0);
-            BN_bntest_rand(&b, 100, 0, 0);
-        } else
-            BN_bntest_rand(&b, i - num1, 0, 0);
-        a.neg = rand_neg();
-        b.neg = rand_neg();
-        BN_mul(&c, &a, &b, ctx);
-        if (bp != NULL) {
-            if (!results) {
-                BN_print(bp, &a);
-                BIO_puts(bp, " * ");
-                BN_print(bp, &b);
-                BIO_puts(bp, " - ");
-            }
-            BN_print(bp, &c);
-            BIO_puts(bp, "\n");
-        }
-        BN_div(&d, &e, &c, &a, ctx);
-        BN_sub(&d, &d, &b);
-        if (!BN_is_zero(&d) || !BN_is_zero(&e)) {
-            fprintf(stderr, "Multiplication test failed!\n");
-            return 0;
-        }
-    }
-    BN_free(&a);
-    BN_free(&b);
-    BN_free(&c);
-    BN_free(&d);
-    BN_free(&e);
-    BN_CTX_free(ctx);
-    return (1);
-}
-
-int test_sqr(BIO *bp, BN_CTX *ctx)
-{
-    BIGNUM *a, *c, *d, *e;
-    int i, ret = 0;
-
-    a = BN_new();
-    c = BN_new();
-    d = BN_new();
-    e = BN_new();
-    if (a == NULL || c == NULL || d == NULL || e == NULL) {
-        goto err;
-    }
-
-    for (i = 0; i < num0; i++) {
-        BN_bntest_rand(a, 40 + i * 10, 0, 0);
-        a->neg = rand_neg();
-        BN_sqr(c, a, ctx);
-        if (bp != NULL) {
-            if (!results) {
-                BN_print(bp, a);
-                BIO_puts(bp, " * ");
-                BN_print(bp, a);
-                BIO_puts(bp, " - ");
-            }
-            BN_print(bp, c);
-            BIO_puts(bp, "\n");
-        }
-        BN_div(d, e, c, a, ctx);
-        BN_sub(d, d, a);
-        if (!BN_is_zero(d) || !BN_is_zero(e)) {
-            fprintf(stderr, "Square test failed!\n");
-            goto err;
-        }
-    }
-
-    /* Regression test for a BN_sqr overflow bug. */
-    BN_hex2bn(&a,
-              "80000000000000008000000000000001"
-              "FFFFFFFFFFFFFFFE0000000000000000");
-    BN_sqr(c, a, ctx);
-    if (bp != NULL) {
-        if (!results) {
-            BN_print(bp, a);
-            BIO_puts(bp, " * ");
-            BN_print(bp, a);
-            BIO_puts(bp, " - ");
-        }
-        BN_print(bp, c);
-        BIO_puts(bp, "\n");
-    }
-    BN_mul(d, a, a, ctx);
-    if (BN_cmp(c, d)) {
-        fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce "
-                "different results!\n");
-        goto err;
-    }
-
-    /* Regression test for a BN_sqr overflow bug. */
-    BN_hex2bn(&a,
-              "80000000000000000000000080000001"
-              "FFFFFFFE000000000000000000000000");
-    BN_sqr(c, a, ctx);
-    if (bp != NULL) {
-        if (!results) {
-            BN_print(bp, a);
-            BIO_puts(bp, " * ");
-            BN_print(bp, a);
-            BIO_puts(bp, " - ");
-        }
-        BN_print(bp, c);
-        BIO_puts(bp, "\n");
-    }
-    BN_mul(d, a, a, ctx);
-    if (BN_cmp(c, d)) {
-        fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce "
-                "different results!\n");
-        goto err;
-    }
-    ret = 1;
- err:
-    if (a != NULL)
-        BN_free(a);
-    if (c != NULL)
-        BN_free(c);
-    if (d != NULL)
-        BN_free(d);
-    if (e != NULL)
-        BN_free(e);
-    return ret;
-}
-
-int test_mont(BIO *bp, BN_CTX *ctx)
-{
-    BIGNUM a, b, c, d, A, B;
-    BIGNUM n;
-    int i;
-    BN_MONT_CTX *mont;
-
-    BN_init(&a);
-    BN_init(&b);
-    BN_init(&c);
-    BN_init(&d);
-    BN_init(&A);
-    BN_init(&B);
-    BN_init(&n);
-
-    mont = BN_MONT_CTX_new();
-    if (mont == NULL)
-        return 0;
-
-    BN_zero(&n);
-    if (BN_MONT_CTX_set(mont, &n, ctx)) {
-        fprintf(stderr, "BN_MONT_CTX_set succeeded for zero modulus!\n");
-        return 0;
-    }
-
-    BN_set_word(&n, 16);
-    if (BN_MONT_CTX_set(mont, &n, ctx)) {
-        fprintf(stderr, "BN_MONT_CTX_set succeeded for even modulus!\n");
-        return 0;
-    }
-
-    BN_bntest_rand(&a, 100, 0, 0);
-    BN_bntest_rand(&b, 100, 0, 0);
-    for (i = 0; i < num2; i++) {
-        int bits = (200 * (i + 1)) / num2;
-
-        if (bits == 0)
-            continue;
-        BN_bntest_rand(&n, bits, 0, 1);
-        BN_MONT_CTX_set(mont, &n, ctx);
-
-        BN_nnmod(&a, &a, &n, ctx);
-        BN_nnmod(&b, &b, &n, ctx);
-
-        BN_to_montgomery(&A, &a, mont, ctx);
-        BN_to_montgomery(&B, &b, mont, ctx);
-
-        BN_mod_mul_montgomery(&c, &A, &B, mont, ctx);
-        BN_from_montgomery(&A, &c, mont, ctx);
-        if (bp != NULL) {
-            if (!results) {
-#ifdef undef
-                fprintf(stderr, "%d * %d %% %d\n",
-                        BN_num_bits(&a),
-                        BN_num_bits(&b), BN_num_bits(mont->N));
-#endif
-                BN_print(bp, &a);
-                BIO_puts(bp, " * ");
-                BN_print(bp, &b);
-                BIO_puts(bp, " % ");
-                BN_print(bp, &(mont->N));
-                BIO_puts(bp, " - ");
-            }
-            BN_print(bp, &A);
-            BIO_puts(bp, "\n");
-        }
-        BN_mod_mul(&d, &a, &b, &n, ctx);
-        BN_sub(&d, &d, &A);
-        if (!BN_is_zero(&d)) {
-            fprintf(stderr, "Montgomery multiplication test failed!\n");
-            return 0;
-        }
-    }
-    BN_MONT_CTX_free(mont);
-    BN_free(&a);
-    BN_free(&b);
-    BN_free(&c);
-    BN_free(&d);
-    BN_free(&A);
-    BN_free(&B);
-    BN_free(&n);
-    return (1);
-}
-
-int test_mod(BIO *bp, BN_CTX *ctx)
-{
-    BIGNUM *a, *b, *c, *d, *e;
-    int i;
-
-    a = BN_new();
-    b = BN_new();
-    c = BN_new();
-    d = BN_new();
-    e = BN_new();
-
-    BN_bntest_rand(a, 1024, 0, 0);
-    for (i = 0; i < num0; i++) {
-        BN_bntest_rand(b, 450 + i * 10, 0, 0);
-        a->neg = rand_neg();
-        b->neg = rand_neg();
-        BN_mod(c, a, b, ctx);
-        if (bp != NULL) {
-            if (!results) {
-                BN_print(bp, a);
-                BIO_puts(bp, " % ");
-                BN_print(bp, b);
-                BIO_puts(bp, " - ");
-            }
-            BN_print(bp, c);
-            BIO_puts(bp, "\n");
-        }
-        BN_div(d, e, a, b, ctx);
-        BN_sub(e, e, c);
-        if (!BN_is_zero(e)) {
-            fprintf(stderr, "Modulo test failed!\n");
-            return 0;
-        }
-    }
-    BN_free(a);
-    BN_free(b);
-    BN_free(c);
-    BN_free(d);
-    BN_free(e);
-    return (1);
-}
-
-int test_mod_mul(BIO *bp, BN_CTX *ctx)
-{
-    BIGNUM *a, *b, *c, *d, *e;
-    int i, j;
-
-    a = BN_new();
-    b = BN_new();
-    c = BN_new();
-    d = BN_new();
-    e = BN_new();
-
-    BN_one(a);
-    BN_one(b);
-    BN_zero(c);
-    if (BN_mod_mul(e, a, b, c, ctx)) {
-        fprintf(stderr, "BN_mod_mul with zero modulus succeeded!\n");
-        return 0;
-    }
-
-    for (j = 0; j < 3; j++) {
-        BN_bntest_rand(c, 1024, 0, 0);
-        for (i = 0; i < num0; i++) {
-            BN_bntest_rand(a, 475 + i * 10, 0, 0);
-            BN_bntest_rand(b, 425 + i * 11, 0, 0);
-            a->neg = rand_neg();
-            b->neg = rand_neg();
-            if (!BN_mod_mul(e, a, b, c, ctx)) {
-                unsigned long l;
-
-                while ((l = ERR_get_error()))
-                    fprintf(stderr, "ERROR:%s\n", ERR_error_string(l, NULL));
-                EXIT(1);
-            }
-            if (bp != NULL) {
-                if (!results) {
-                    BN_print(bp, a);
-                    BIO_puts(bp, " * ");
-                    BN_print(bp, b);
-                    BIO_puts(bp, " % ");
-                    BN_print(bp, c);
-                    if ((a->neg ^ b->neg) && !BN_is_zero(e)) {
-                        /*
-                         * If (a*b) % c is negative, c must be added in order
-                         * to obtain the normalized remainder (new with
-                         * OpenSSL 0.9.7, previous versions of BN_mod_mul
-                         * could generate negative results)
-                         */
-                        BIO_puts(bp, " + ");
-                        BN_print(bp, c);
-                    }
-                    BIO_puts(bp, " - ");
-                }
-                BN_print(bp, e);
-                BIO_puts(bp, "\n");
-            }
-            BN_mul(d, a, b, ctx);
-            BN_sub(d, d, e);
-            BN_div(a, b, d, c, ctx);
-            if (!BN_is_zero(b)) {
-                fprintf(stderr, "Modulo multiply test failed!\n");
-                ERR_print_errors_fp(stderr);
-                return 0;
-            }
-        }
-    }
-    BN_free(a);
-    BN_free(b);
-    BN_free(c);
-    BN_free(d);
-    BN_free(e);
-    return (1);
-}
-
-int test_mod_exp(BIO *bp, BN_CTX *ctx)
-{
-    BIGNUM *a, *b, *c, *d, *e;
-    int i;
-
-    a = BN_new();
-    b = BN_new();
-    c = BN_new();
-    d = BN_new();
-    e = BN_new();
-
-    BN_one(a);
-    BN_one(b);
-    BN_zero(c);
-    if (BN_mod_exp(d, a, b, c, ctx)) {
-        fprintf(stderr, "BN_mod_exp with zero modulus succeeded!\n");
-        return 0;
-    }
-
-    BN_bntest_rand(c, 30, 0, 1); /* must be odd for montgomery */
-    for (i = 0; i < num2; i++) {
-        BN_bntest_rand(a, 20 + i * 5, 0, 0);
-        BN_bntest_rand(b, 2 + i, 0, 0);
-
-        if (!BN_mod_exp(d, a, b, c, ctx))
-            return (0);
-
-        if (bp != NULL) {
-            if (!results) {
-                BN_print(bp, a);
-                BIO_puts(bp, " ^ ");
-                BN_print(bp, b);
-                BIO_puts(bp, " % ");
-                BN_print(bp, c);
-                BIO_puts(bp, " - ");
-            }
-            BN_print(bp, d);
-            BIO_puts(bp, "\n");
-        }
-        BN_exp(e, a, b, ctx);
-        BN_sub(e, e, d);
-        BN_div(a, b, e, c, ctx);
-        if (!BN_is_zero(b)) {
-            fprintf(stderr, "Modulo exponentiation test failed!\n");
-            return 0;
-        }
-    }
-
-    /* Regression test for carry propagation bug in sqr8x_reduction */
-    BN_hex2bn(&a, "050505050505");
-    BN_hex2bn(&b, "02");
-    BN_hex2bn(&c,
-        "4141414141414141414141274141414141414141414141414141414141414141"
-        "4141414141414141414141414141414141414141414141414141414141414141"
-        "4141414141414141414141800000000000000000000000000000000000000000"
-        "0000000000000000000000000000000000000000000000000000000000000000"
-        "0000000000000000000000000000000000000000000000000000000000000000"
-        "0000000000000000000000000000000000000000000000000000000001");
-    BN_mod_exp(d, a, b, c, ctx);
-    BN_mul(e, a, a, ctx);
-    if (BN_cmp(d, e)) {
-        fprintf(stderr, "BN_mod_exp and BN_mul produce different results!\n");
-        return 0;
-    }
-
-    BN_free(a);
-    BN_free(b);
-    BN_free(c);
-    BN_free(d);
-    BN_free(e);
-    return (1);
-}
-
-int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx)
-{
-    BIGNUM *a, *b, *c, *d, *e;
-    int i;
-
-    a = BN_new();
-    b = BN_new();
-    c = BN_new();
-    d = BN_new();
-    e = BN_new();
-
-    BN_one(a);
-    BN_one(b);
-    BN_zero(c);
-    if (BN_mod_exp_mont_consttime(d, a, b, c, ctx, NULL)) {
-        fprintf(stderr, "BN_mod_exp_mont_consttime with zero modulus "
-                "succeeded\n");
-        return 0;
-    }
-
-    BN_set_word(c, 16);
-    if (BN_mod_exp_mont_consttime(d, a, b, c, ctx, NULL)) {
-        fprintf(stderr, "BN_mod_exp_mont_consttime with even modulus "
-                "succeeded\n");
-        return 0;
-    }
-
-    BN_bntest_rand(c, 30, 0, 1); /* must be odd for montgomery */
-    for (i = 0; i < num2; i++) {
-        BN_bntest_rand(a, 20 + i * 5, 0, 0);
-        BN_bntest_rand(b, 2 + i, 0, 0);
-
-        if (!BN_mod_exp_mont_consttime(d, a, b, c, ctx, NULL))
-            return (00);
-
-        if (bp != NULL) {
-            if (!results) {
-                BN_print(bp, a);
-                BIO_puts(bp, " ^ ");
-                BN_print(bp, b);
-                BIO_puts(bp, " % ");
-                BN_print(bp, c);
-                BIO_puts(bp, " - ");
-            }
-            BN_print(bp, d);
-            BIO_puts(bp, "\n");
-        }
-        BN_exp(e, a, b, ctx);
-        BN_sub(e, e, d);
-        BN_div(a, b, e, c, ctx);
-        if (!BN_is_zero(b)) {
-            fprintf(stderr, "Modulo exponentiation test failed!\n");
-            return 0;
-        }
-    }
-    BN_free(a);
-    BN_free(b);
-    BN_free(c);
-    BN_free(d);
-    BN_free(e);
-    return (1);
-}
-
-/*
- * Test constant-time modular exponentiation with 1024-bit inputs, which on
- * x86_64 cause a different code branch to be taken.
- */
-int test_mod_exp_mont5(BIO *bp, BN_CTX *ctx)
-{
-    BIGNUM *a, *p, *m, *d, *e;
-    BN_MONT_CTX *mont;
-
-    a = BN_new();
-    p = BN_new();
-    m = BN_new();
-    d = BN_new();
-    e = BN_new();
-    mont = BN_MONT_CTX_new();
-
-    BN_bntest_rand(m, 1024, 0, 1); /* must be odd for montgomery */
-    /* Zero exponent */
-    BN_bntest_rand(a, 1024, 0, 0);
-    BN_zero(p);
-    if (!BN_mod_exp_mont_consttime(d, a, p, m, ctx, NULL))
-        return 0;
-    if (!BN_is_one(d)) {
-        fprintf(stderr, "Modular exponentiation test failed!\n");
-        return 0;
-    }
-    /* Zero input */
-    BN_bntest_rand(p, 1024, 0, 0);
-    BN_zero(a);
-    if (!BN_mod_exp_mont_consttime(d, a, p, m, ctx, NULL))
-        return 0;
-    if (!BN_is_zero(d)) {
-        fprintf(stderr, "Modular exponentiation test failed!\n");
-        return 0;
-    }
-    /*
-     * Craft an input whose Montgomery representation is 1, i.e., shorter
-     * than the modulus m, in order to test the const time precomputation
-     * scattering/gathering.
-     */
-    BN_one(a);
-    BN_MONT_CTX_set(mont, m, ctx);
-    if (!BN_from_montgomery(e, a, mont, ctx))
-        return 0;
-    if (!BN_mod_exp_mont_consttime(d, e, p, m, ctx, NULL))
-        return 0;
-    if (!BN_mod_exp_simple(a, e, p, m, ctx))
-        return 0;
-    if (BN_cmp(a, d) != 0) {
-        fprintf(stderr, "Modular exponentiation test failed!\n");
-        return 0;
-    }
-    /* Finally, some regular test vectors. */
-    BN_bntest_rand(e, 1024, 0, 0);
-    if (!BN_mod_exp_mont_consttime(d, e, p, m, ctx, NULL))
-        return 0;
-    if (!BN_mod_exp_simple(a, e, p, m, ctx))
-        return 0;
-    if (BN_cmp(a, d) != 0) {
-        fprintf(stderr, "Modular exponentiation test failed!\n");
-        return 0;
-    }
-    BN_MONT_CTX_free(mont);
-    BN_free(a);
-    BN_free(p);
-    BN_free(m);
-    BN_free(d);
-    BN_free(e);
-    return (1);
-}
-
-int test_exp(BIO *bp, BN_CTX *ctx)
-{
-    BIGNUM *a, *b, *d, *e, *one;
-    int i;
-
-    a = BN_new();
-    b = BN_new();
-    d = BN_new();
-    e = BN_new();
-    one = BN_new();
-    BN_one(one);
-
-    for (i = 0; i < num2; i++) {
-        BN_bntest_rand(a, 20 + i * 5, 0, 0);
-        BN_bntest_rand(b, 2 + i, 0, 0);
-
-        if (BN_exp(d, a, b, ctx) <= 0)
-            return (0);
-
-        if (bp != NULL) {
-            if (!results) {
-                BN_print(bp, a);
-                BIO_puts(bp, " ^ ");
-                BN_print(bp, b);
-                BIO_puts(bp, " - ");
-            }
-            BN_print(bp, d);
-            BIO_puts(bp, "\n");
-        }
-        BN_one(e);
-        for (; !BN_is_zero(b); BN_sub(b, b, one))
-            BN_mul(e, e, a, ctx);
-        BN_sub(e, e, d);
-        if (!BN_is_zero(e)) {
-            fprintf(stderr, "Exponentiation test failed!\n");
-            return 0;
-        }
-    }
-    BN_free(a);
-    BN_free(b);
-    BN_free(d);
-    BN_free(e);
-    BN_free(one);
-    return (1);
-}
-
-#ifndef OPENSSL_NO_EC2M
-int test_gf2m_add(BIO *bp)
-{
-    BIGNUM a, b, c;
-    int i, ret = 0;
-
-    BN_init(&a);
-    BN_init(&b);
-    BN_init(&c);
-
-    for (i = 0; i < num0; i++) {
-        BN_rand(&a, 512, 0, 0);
-        BN_copy(&b, BN_value_one());
-        a.neg = rand_neg();
-        b.neg = rand_neg();
-        BN_GF2m_add(&c, &a, &b);
-# if 0                          /* make test uses ouput in bc but bc can't
-                                 * handle GF(2^m) arithmetic */
-        if (bp != NULL) {
-            if (!results) {
-                BN_print(bp, &a);
-                BIO_puts(bp, " ^ ");
-                BN_print(bp, &b);
-                BIO_puts(bp, " = ");
-            }
-            BN_print(bp, &c);
-            BIO_puts(bp, "\n");
-        }
-# endif
-        /* Test that two added values have the correct parity. */
-        if ((BN_is_odd(&a) && BN_is_odd(&c))
-            || (!BN_is_odd(&a) && !BN_is_odd(&c))) {
-            fprintf(stderr, "GF(2^m) addition test (a) failed!\n");
-            goto err;
-        }
-        BN_GF2m_add(&c, &c, &c);
-        /* Test that c + c = 0. */
-        if (!BN_is_zero(&c)) {
-            fprintf(stderr, "GF(2^m) addition test (b) failed!\n");
-            goto err;
-        }
-    }
-    ret = 1;
- err:
-    BN_free(&a);
-    BN_free(&b);
-    BN_free(&c);
-    return ret;
-}
-
-int test_gf2m_mod(BIO *bp)
-{
-    BIGNUM *a, *b[2], *c, *d, *e;
-    int i, j, ret = 0;
-    int p0[] = { 163, 7, 6, 3, 0, -1 };
-    int p1[] = { 193, 15, 0, -1 };
-
-    a = BN_new();
-    b[0] = BN_new();
-    b[1] = BN_new();
-    c = BN_new();
-    d = BN_new();
-    e = BN_new();
-
-    BN_GF2m_arr2poly(p0, b[0]);
-    BN_GF2m_arr2poly(p1, b[1]);
-
-    for (i = 0; i < num0; i++) {
-        BN_bntest_rand(a, 1024, 0, 0);
-        for (j = 0; j < 2; j++) {
-            BN_GF2m_mod(c, a, b[j]);
-# if 0                          /* make test uses ouput in bc but bc can't
-                                 * handle GF(2^m) arithmetic */
-            if (bp != NULL) {
-                if (!results) {
-                    BN_print(bp, a);
-                    BIO_puts(bp, " % ");
-                    BN_print(bp, b[j]);
-                    BIO_puts(bp, " - ");
-                    BN_print(bp, c);
-                    BIO_puts(bp, "\n");
-                }
-            }
-# endif
-            BN_GF2m_add(d, a, c);
-            BN_GF2m_mod(e, d, b[j]);
-            /* Test that a + (a mod p) mod p == 0. */
-            if (!BN_is_zero(e)) {
-                fprintf(stderr, "GF(2^m) modulo test failed!\n");
-                goto err;
-            }
-        }
-    }
-    ret = 1;
- err:
-    BN_free(a);
-    BN_free(b[0]);
-    BN_free(b[1]);
-    BN_free(c);
-    BN_free(d);
-    BN_free(e);
-    return ret;
-}
-
-int test_gf2m_mod_mul(BIO *bp, BN_CTX *ctx)
-{
-    BIGNUM *a, *b[2], *c, *d, *e, *f, *g, *h;
-    int i, j, ret = 0;
-    int p0[] = { 163, 7, 6, 3, 0, -1 };
-    int p1[] = { 193, 15, 0, -1 };
-
-    a = BN_new();
-    b[0] = BN_new();
-    b[1] = BN_new();
-    c = BN_new();
-    d = BN_new();
-    e = BN_new();
-    f = BN_new();
-    g = BN_new();
-    h = BN_new();
-
-    BN_GF2m_arr2poly(p0, b[0]);
-    BN_GF2m_arr2poly(p1, b[1]);
-
-    for (i = 0; i < num0; i++) {
-        BN_bntest_rand(a, 1024, 0, 0);
-        BN_bntest_rand(c, 1024, 0, 0);
-        BN_bntest_rand(d, 1024, 0, 0);
-        for (j = 0; j < 2; j++) {
-            BN_GF2m_mod_mul(e, a, c, b[j], ctx);
-# if 0                          /* make test uses ouput in bc but bc can't
-                                 * handle GF(2^m) arithmetic */
-            if (bp != NULL) {
-                if (!results) {
-                    BN_print(bp, a);
-                    BIO_puts(bp, " * ");
-                    BN_print(bp, c);
-                    BIO_puts(bp, " % ");
-                    BN_print(bp, b[j]);
-                    BIO_puts(bp, " - ");
-                    BN_print(bp, e);
-                    BIO_puts(bp, "\n");
-                }
-            }
-# endif
-            BN_GF2m_add(f, a, d);
-            BN_GF2m_mod_mul(g, f, c, b[j], ctx);
-            BN_GF2m_mod_mul(h, d, c, b[j], ctx);
-            BN_GF2m_add(f, e, g);
-            BN_GF2m_add(f, f, h);
-            /* Test that (a+d)*c = a*c + d*c. */
-            if (!BN_is_zero(f)) {
-                fprintf(stderr,
-                        "GF(2^m) modular multiplication test failed!\n");
-                goto err;
-            }
-        }
-    }
-    ret = 1;
- err:
-    BN_free(a);
-    BN_free(b[0]);
-    BN_free(b[1]);
-    BN_free(c);
-    BN_free(d);
-    BN_free(e);
-    BN_free(f);
-    BN_free(g);
-    BN_free(h);
-    return ret;
-}
-
-int test_gf2m_mod_sqr(BIO *bp, BN_CTX *ctx)
-{
-    BIGNUM *a, *b[2], *c, *d;
-    int i, j, ret = 0;
-    int p0[] = { 163, 7, 6, 3, 0, -1 };
-    int p1[] = { 193, 15, 0, -1 };
-
-    a = BN_new();
-    b[0] = BN_new();
-    b[1] = BN_new();
-    c = BN_new();
-    d = BN_new();
-
-    BN_GF2m_arr2poly(p0, b[0]);
-    BN_GF2m_arr2poly(p1, b[1]);
-
-    for (i = 0; i < num0; i++) {
-        BN_bntest_rand(a, 1024, 0, 0);
-        for (j = 0; j < 2; j++) {
-            BN_GF2m_mod_sqr(c, a, b[j], ctx);
-            BN_copy(d, a);
-            BN_GF2m_mod_mul(d, a, d, b[j], ctx);
-# if 0                          /* make test uses ouput in bc but bc can't
-                                 * handle GF(2^m) arithmetic */
-            if (bp != NULL) {
-                if (!results) {
-                    BN_print(bp, a);
-                    BIO_puts(bp, " ^ 2 % ");
-                    BN_print(bp, b[j]);
-                    BIO_puts(bp, " = ");
-                    BN_print(bp, c);
-                    BIO_puts(bp, "; a * a = ");
-                    BN_print(bp, d);
-                    BIO_puts(bp, "\n");
-                }
-            }
-# endif
-            BN_GF2m_add(d, c, d);
-            /* Test that a*a = a^2. */
-            if (!BN_is_zero(d)) {
-                fprintf(stderr, "GF(2^m) modular squaring test failed!\n");
-                goto err;
-            }
-        }
-    }
-    ret = 1;
- err:
-    BN_free(a);
-    BN_free(b[0]);
-    BN_free(b[1]);
-    BN_free(c);
-    BN_free(d);
-    return ret;
-}
-
-int test_gf2m_mod_inv(BIO *bp, BN_CTX *ctx)
-{
-    BIGNUM *a, *b[2], *c, *d;
-    int i, j, ret = 0;
-    int p0[] = { 163, 7, 6, 3, 0, -1 };
-    int p1[] = { 193, 15, 0, -1 };
-
-    a = BN_new();
-    b[0] = BN_new();
-    b[1] = BN_new();
-    c = BN_new();
-    d = BN_new();
-
-    BN_GF2m_arr2poly(p0, b[0]);
-    BN_GF2m_arr2poly(p1, b[1]);
-
-    for (i = 0; i < num0; i++) {
-        BN_bntest_rand(a, 512, 0, 0);
-        for (j = 0; j < 2; j++) {
-            BN_GF2m_mod_inv(c, a, b[j], ctx);
-            BN_GF2m_mod_mul(d, a, c, b[j], ctx);
-# if 0                          /* make test uses ouput in bc but bc can't
-                                 * handle GF(2^m) arithmetic */
-            if (bp != NULL) {
-                if (!results) {
-                    BN_print(bp, a);
-                    BIO_puts(bp, " * ");
-                    BN_print(bp, c);
-                    BIO_puts(bp, " - 1 % ");
-                    BN_print(bp, b[j]);
-                    BIO_puts(bp, "\n");
-                }
-            }
-# endif
-            /* Test that ((1/a)*a) = 1. */
-            if (!BN_is_one(d)) {
-                fprintf(stderr, "GF(2^m) modular inversion test failed!\n");
-                goto err;
-            }
-        }
-    }
-    ret = 1;
- err:
-    BN_free(a);
-    BN_free(b[0]);
-    BN_free(b[1]);
-    BN_free(c);
-    BN_free(d);
-    return ret;
-}
-
-int test_gf2m_mod_div(BIO *bp, BN_CTX *ctx)
-{
-    BIGNUM *a, *b[2], *c, *d, *e, *f;
-    int i, j, ret = 0;
-    int p0[] = { 163, 7, 6, 3, 0, -1 };
-    int p1[] = { 193, 15, 0, -1 };
-
-    a = BN_new();
-    b[0] = BN_new();
-    b[1] = BN_new();
-    c = BN_new();
-    d = BN_new();
-    e = BN_new();
-    f = BN_new();
-
-    BN_GF2m_arr2poly(p0, b[0]);
-    BN_GF2m_arr2poly(p1, b[1]);
-
-    for (i = 0; i < num0; i++) {
-        BN_bntest_rand(a, 512, 0, 0);
-        BN_bntest_rand(c, 512, 0, 0);
-        for (j = 0; j < 2; j++) {
-            BN_GF2m_mod_div(d, a, c, b[j], ctx);
-            BN_GF2m_mod_mul(e, d, c, b[j], ctx);
-            BN_GF2m_mod_div(f, a, e, b[j], ctx);
-# if 0                          /* make test uses ouput in bc but bc can't
-                                 * handle GF(2^m) arithmetic */
-            if (bp != NULL) {
-                if (!results) {
-                    BN_print(bp, a);
-                    BIO_puts(bp, " = ");
-                    BN_print(bp, c);
-                    BIO_puts(bp, " * ");
-                    BN_print(bp, d);
-                    BIO_puts(bp, " % ");
-                    BN_print(bp, b[j]);
-                    BIO_puts(bp, "\n");
-                }
-            }
-# endif
-            /* Test that ((a/c)*c)/a = 1. */
-            if (!BN_is_one(f)) {
-                fprintf(stderr, "GF(2^m) modular division test failed!\n");
-                goto err;
-            }
-        }
-    }
-    ret = 1;
- err:
-    BN_free(a);
-    BN_free(b[0]);
-    BN_free(b[1]);
-    BN_free(c);
-    BN_free(d);
-    BN_free(e);
-    BN_free(f);
-    return ret;
-}
-
-int test_gf2m_mod_exp(BIO *bp, BN_CTX *ctx)
-{
-    BIGNUM *a, *b[2], *c, *d, *e, *f;
-    int i, j, ret = 0;
-    int p0[] = { 163, 7, 6, 3, 0, -1 };
-    int p1[] = { 193, 15, 0, -1 };
-
-    a = BN_new();
-    b[0] = BN_new();
-    b[1] = BN_new();
-    c = BN_new();
-    d = BN_new();
-    e = BN_new();
-    f = BN_new();
-
-    BN_GF2m_arr2poly(p0, b[0]);
-    BN_GF2m_arr2poly(p1, b[1]);
-
-    for (i = 0; i < num0; i++) {
-        BN_bntest_rand(a, 512, 0, 0);
-        BN_bntest_rand(c, 512, 0, 0);
-        BN_bntest_rand(d, 512, 0, 0);
-        for (j = 0; j < 2; j++) {
-            BN_GF2m_mod_exp(e, a, c, b[j], ctx);
-            BN_GF2m_mod_exp(f, a, d, b[j], ctx);
-            BN_GF2m_mod_mul(e, e, f, b[j], ctx);
-            BN_add(f, c, d);
-            BN_GF2m_mod_exp(f, a, f, b[j], ctx);
-# if 0                          /* make test uses ouput in bc but bc can't
-                                 * handle GF(2^m) arithmetic */
-            if (bp != NULL) {
-                if (!results) {
-                    BN_print(bp, a);
-                    BIO_puts(bp, " ^ (");
-                    BN_print(bp, c);
-                    BIO_puts(bp, " + ");
-                    BN_print(bp, d);
-                    BIO_puts(bp, ") = ");
-                    BN_print(bp, e);
-                    BIO_puts(bp, "; - ");
-                    BN_print(bp, f);
-                    BIO_puts(bp, " % ");
-                    BN_print(bp, b[j]);
-                    BIO_puts(bp, "\n");
-                }
-            }
-# endif
-            BN_GF2m_add(f, e, f);
-            /* Test that a^(c+d)=a^c*a^d. */
-            if (!BN_is_zero(f)) {
-                fprintf(stderr,
-                        "GF(2^m) modular exponentiation test failed!\n");
-                goto err;
-            }
-        }
-    }
-    ret = 1;
- err:
-    BN_free(a);
-    BN_free(b[0]);
-    BN_free(b[1]);
-    BN_free(c);
-    BN_free(d);
-    BN_free(e);
-    BN_free(f);
-    return ret;
-}
-
-int test_gf2m_mod_sqrt(BIO *bp, BN_CTX *ctx)
-{
-    BIGNUM *a, *b[2], *c, *d, *e, *f;
-    int i, j, ret = 0;
-    int p0[] = { 163, 7, 6, 3, 0, -1 };
-    int p1[] = { 193, 15, 0, -1 };
-
-    a = BN_new();
-    b[0] = BN_new();
-    b[1] = BN_new();
-    c = BN_new();
-    d = BN_new();
-    e = BN_new();
-    f = BN_new();
-
-    BN_GF2m_arr2poly(p0, b[0]);
-    BN_GF2m_arr2poly(p1, b[1]);
-
-    for (i = 0; i < num0; i++) {
-        BN_bntest_rand(a, 512, 0, 0);
-        for (j = 0; j < 2; j++) {
-            BN_GF2m_mod(c, a, b[j]);
-            BN_GF2m_mod_sqrt(d, a, b[j], ctx);
-            BN_GF2m_mod_sqr(e, d, b[j], ctx);
-# if 0                          /* make test uses ouput in bc but bc can't
-                                 * handle GF(2^m) arithmetic */
-            if (bp != NULL) {
-                if (!results) {
-                    BN_print(bp, d);
-                    BIO_puts(bp, " ^ 2 - ");
-                    BN_print(bp, a);
-                    BIO_puts(bp, "\n");
-                }
-            }
-# endif
-            BN_GF2m_add(f, c, e);
-            /* Test that d^2 = a, where d = sqrt(a). */
-            if (!BN_is_zero(f)) {
-                fprintf(stderr, "GF(2^m) modular square root test failed!\n");
-                goto err;
-            }
-        }
-    }
-    ret = 1;
- err:
-    BN_free(a);
-    BN_free(b[0]);
-    BN_free(b[1]);
-    BN_free(c);
-    BN_free(d);
-    BN_free(e);
-    BN_free(f);
-    return ret;
-}
-
-int test_gf2m_mod_solve_quad(BIO *bp, BN_CTX *ctx)
-{
-    BIGNUM *a, *b[2], *c, *d, *e;
-    int i, j, s = 0, t, ret = 0;
-    int p0[] = { 163, 7, 6, 3, 0, -1 };
-    int p1[] = { 193, 15, 0, -1 };
-
-    a = BN_new();
-    b[0] = BN_new();
-    b[1] = BN_new();
-    c = BN_new();
-    d = BN_new();
-    e = BN_new();
-
-    BN_GF2m_arr2poly(p0, b[0]);
-    BN_GF2m_arr2poly(p1, b[1]);
-
-    for (i = 0; i < num0; i++) {
-        BN_bntest_rand(a, 512, 0, 0);
-        for (j = 0; j < 2; j++) {
-            t = BN_GF2m_mod_solve_quad(c, a, b[j], ctx);
-            if (t) {
-                s++;
-                BN_GF2m_mod_sqr(d, c, b[j], ctx);
-                BN_GF2m_add(d, c, d);
-                BN_GF2m_mod(e, a, b[j]);
-# if 0                          /* make test uses ouput in bc but bc can't
-                                 * handle GF(2^m) arithmetic */
-                if (bp != NULL) {
-                    if (!results) {
-                        BN_print(bp, c);
-                        BIO_puts(bp, " is root of z^2 + z = ");
-                        BN_print(bp, a);
-                        BIO_puts(bp, " % ");
-                        BN_print(bp, b[j]);
-                        BIO_puts(bp, "\n");
-                    }
-                }
-# endif
-                BN_GF2m_add(e, e, d);
-                /*
-                 * Test that solution of quadratic c satisfies c^2 + c = a.
-                 */
-                if (!BN_is_zero(e)) {
-                    fprintf(stderr,
-                            "GF(2^m) modular solve quadratic test failed!\n");
-                    goto err;
-                }
-
-            } else {
-# if 0                          /* make test uses ouput in bc but bc can't
-                                 * handle GF(2^m) arithmetic */
-                if (bp != NULL) {
-                    if (!results) {
-                        BIO_puts(bp, "There are no roots of z^2 + z = ");
-                        BN_print(bp, a);
-                        BIO_puts(bp, " % ");
-                        BN_print(bp, b[j]);
-                        BIO_puts(bp, "\n");
-                    }
-                }
-# endif
-            }
-        }
-    }
-    if (s == 0) {
-        fprintf(stderr,
-                "All %i tests of GF(2^m) modular solve quadratic resulted in no roots;\n",
-                num0);
-        fprintf(stderr,
-                "this is very unlikely and probably indicates an error.\n");
-        goto err;
-    }
-    ret = 1;
- err:
-    BN_free(a);
-    BN_free(b[0]);
-    BN_free(b[1]);
-    BN_free(c);
-    BN_free(d);
-    BN_free(e);
-    return ret;
-}
-#endif
-static int genprime_cb(int p, int n, BN_GENCB *arg)
-{
-    char c = '*';
-
-    if (p == 0)
-        c = '.';
-    if (p == 1)
-        c = '+';
-    if (p == 2)
-        c = '*';
-    if (p == 3)
-        c = '\n';
-    putc(c, stderr);
-    fflush(stderr);
-    return 1;
-}
-
-int test_kron(BIO *bp, BN_CTX *ctx)
-{
-    BN_GENCB cb;
-    BIGNUM *a, *b, *r, *t;
-    int i;
-    int legendre, kronecker;
-    int ret = 0;
-
-    a = BN_new();
-    b = BN_new();
-    r = BN_new();
-    t = BN_new();
-    if (a == NULL || b == NULL || r == NULL || t == NULL)
-        goto err;
-
-    BN_GENCB_set(&cb, genprime_cb, NULL);
-
-    /*
-     * We test BN_kronecker(a, b, ctx) just for b odd (Jacobi symbol). In
-     * this case we know that if b is prime, then BN_kronecker(a, b, ctx) is
-     * congruent to $a^{(b-1)/2}$, modulo $b$ (Legendre symbol). So we
-     * generate a random prime b and compare these values for a number of
-     * random a's.  (That is, we run the Solovay-Strassen primality test to
-     * confirm that b is prime, except that we don't want to test whether b
-     * is prime but whether BN_kronecker works.)
-     */
-
-    if (!BN_generate_prime_ex(b, 512, 0, NULL, NULL, &cb))
-        goto err;
-    b->neg = rand_neg();
-    putc('\n', stderr);
-
-    for (i = 0; i < num0; i++) {
-        if (!BN_bntest_rand(a, 512, 0, 0))
-            goto err;
-        a->neg = rand_neg();
-
-        /* t := (|b|-1)/2  (note that b is odd) */
-        if (!BN_copy(t, b))
-            goto err;
-        t->neg = 0;
-        if (!BN_sub_word(t, 1))
-            goto err;
-        if (!BN_rshift1(t, t))
-            goto err;
-        /* r := a^t mod b */
-        b->neg = 0;
-
-        if (!BN_mod_exp_recp(r, a, t, b, ctx))
-            goto err;
-        b->neg = 1;
-
-        if (BN_is_word(r, 1))
-            legendre = 1;
-        else if (BN_is_zero(r))
-            legendre = 0;
-        else {
-            if (!BN_add_word(r, 1))
-                goto err;
-            if (0 != BN_ucmp(r, b)) {
-                fprintf(stderr, "Legendre symbol computation failed\n");
-                goto err;
-            }
-            legendre = -1;
-        }
-
-        kronecker = BN_kronecker(a, b, ctx);
-        if (kronecker < -1)
-            goto err;
-        /* we actually need BN_kronecker(a, |b|) */
-        if (a->neg && b->neg)
-            kronecker = -kronecker;
-
-        if (legendre != kronecker) {
-            fprintf(stderr, "legendre != kronecker; a = ");
-            BN_print_fp(stderr, a);
-            fprintf(stderr, ", b = ");
-            BN_print_fp(stderr, b);
-            fprintf(stderr, "\n");
-            goto err;
-        }
-
-        putc('.', stderr);
-        fflush(stderr);
-    }
-
-    putc('\n', stderr);
-    fflush(stderr);
-    ret = 1;
- err:
-    if (a != NULL)
-        BN_free(a);
-    if (b != NULL)
-        BN_free(b);
-    if (r != NULL)
-        BN_free(r);
-    if (t != NULL)
-        BN_free(t);
-    return ret;
-}
-
-int test_sqrt(BIO *bp, BN_CTX *ctx)
-{
-    BN_GENCB cb;
-    BIGNUM *a, *p, *r;
-    int i, j;
-    int ret = 0;
-
-    a = BN_new();
-    p = BN_new();
-    r = BN_new();
-    if (a == NULL || p == NULL || r == NULL)
-        goto err;
-
-    BN_GENCB_set(&cb, genprime_cb, NULL);
-
-    for (i = 0; i < 16; i++) {
-        if (i < 8) {
-            unsigned primes[8] = { 2, 3, 5, 7, 11, 13, 17, 19 };
-
-            if (!BN_set_word(p, primes[i]))
-                goto err;
-        } else {
-            if (!BN_set_word(a, 32))
-                goto err;
-            if (!BN_set_word(r, 2 * i + 1))
-                goto err;
-
-            if (!BN_generate_prime_ex(p, 256, 0, a, r, &cb))
-                goto err;
-            putc('\n', stderr);
-        }
-        p->neg = rand_neg();
-
-        for (j = 0; j < num2; j++) {
-            /*
-             * construct 'a' such that it is a square modulo p, but in
-             * general not a proper square and not reduced modulo p
-             */
-            if (!BN_bntest_rand(r, 256, 0, 3))
-                goto err;
-            if (!BN_nnmod(r, r, p, ctx))
-                goto err;
-            if (!BN_mod_sqr(r, r, p, ctx))
-                goto err;
-            if (!BN_bntest_rand(a, 256, 0, 3))
-                goto err;
-            if (!BN_nnmod(a, a, p, ctx))
-                goto err;
-            if (!BN_mod_sqr(a, a, p, ctx))
-                goto err;
-            if (!BN_mul(a, a, r, ctx))
-                goto err;
-            if (rand_neg())
-                if (!BN_sub(a, a, p))
-                    goto err;
-
-            if (!BN_mod_sqrt(r, a, p, ctx))
-                goto err;
-            if (!BN_mod_sqr(r, r, p, ctx))
-                goto err;
-
-            if (!BN_nnmod(a, a, p, ctx))
-                goto err;
-
-            if (BN_cmp(a, r) != 0) {
-                fprintf(stderr, "BN_mod_sqrt failed: a = ");
-                BN_print_fp(stderr, a);
-                fprintf(stderr, ", r = ");
-                BN_print_fp(stderr, r);
-                fprintf(stderr, ", p = ");
-                BN_print_fp(stderr, p);
-                fprintf(stderr, "\n");
-                goto err;
-            }
-
-            putc('.', stderr);
-            fflush(stderr);
-        }
-
-        putc('\n', stderr);
-        fflush(stderr);
-    }
-    ret = 1;
- err:
-    if (a != NULL)
-        BN_free(a);
-    if (p != NULL)
-        BN_free(p);
-    if (r != NULL)
-        BN_free(r);
-    return ret;
-}
-
-int test_lshift(BIO *bp, BN_CTX *ctx, BIGNUM *a_)
-{
-    BIGNUM *a, *b, *c, *d;
-    int i;
-
-    b = BN_new();
-    c = BN_new();
-    d = BN_new();
-    BN_one(c);
-
-    if (a_)
-        a = a_;
-    else {
-        a = BN_new();
-        BN_bntest_rand(a, 200, 0, 0);
-        a->neg = rand_neg();
-    }
-    for (i = 0; i < num0; i++) {
-        BN_lshift(b, a, i + 1);
-        BN_add(c, c, c);
-        if (bp != NULL) {
-            if (!results) {
-                BN_print(bp, a);
-                BIO_puts(bp, " * ");
-                BN_print(bp, c);
-                BIO_puts(bp, " - ");
-            }
-            BN_print(bp, b);
-            BIO_puts(bp, "\n");
-        }
-        BN_mul(d, a, c, ctx);
-        BN_sub(d, d, b);
-        if (!BN_is_zero(d)) {
-            fprintf(stderr, "Left shift test failed!\n");
-            fprintf(stderr, "a=");
-            BN_print_fp(stderr, a);
-            fprintf(stderr, "\nb=");
-            BN_print_fp(stderr, b);
-            fprintf(stderr, "\nc=");
-            BN_print_fp(stderr, c);
-            fprintf(stderr, "\nd=");
-            BN_print_fp(stderr, d);
-            fprintf(stderr, "\n");
-            return 0;
-        }
-    }
-    BN_free(a);
-    BN_free(b);
-    BN_free(c);
-    BN_free(d);
-    return (1);
-}
-
-int test_lshift1(BIO *bp)
-{
-    BIGNUM *a, *b, *c;
-    int i;
-
-    a = BN_new();
-    b = BN_new();
-    c = BN_new();
-
-    BN_bntest_rand(a, 200, 0, 0);
-    a->neg = rand_neg();
-    for (i = 0; i < num0; i++) {
-        BN_lshift1(b, a);
-        if (bp != NULL) {
-            if (!results) {
-                BN_print(bp, a);
-                BIO_puts(bp, " * 2");
-                BIO_puts(bp, " - ");
-            }
-            BN_print(bp, b);
-            BIO_puts(bp, "\n");
-        }
-        BN_add(c, a, a);
-        BN_sub(a, b, c);
-        if (!BN_is_zero(a)) {
-            fprintf(stderr, "Left shift one test failed!\n");
-            return 0;
-        }
-
-        BN_copy(a, b);
-    }
-    BN_free(a);
-    BN_free(b);
-    BN_free(c);
-    return (1);
-}
-
-int test_rshift(BIO *bp, BN_CTX *ctx)
-{
-    BIGNUM *a, *b, *c, *d, *e;
-    int i;
-
-    a = BN_new();
-    b = BN_new();
-    c = BN_new();
-    d = BN_new();
-    e = BN_new();
-    BN_one(c);
-
-    BN_bntest_rand(a, 200, 0, 0);
-    a->neg = rand_neg();
-    for (i = 0; i < num0; i++) {
-        BN_rshift(b, a, i + 1);
-        BN_add(c, c, c);
-        if (bp != NULL) {
-            if (!results) {
-                BN_print(bp, a);
-                BIO_puts(bp, " / ");
-                BN_print(bp, c);
-                BIO_puts(bp, " - ");
-            }
-            BN_print(bp, b);
-            BIO_puts(bp, "\n");
-        }
-        BN_div(d, e, a, c, ctx);
-        BN_sub(d, d, b);
-        if (!BN_is_zero(d)) {
-            fprintf(stderr, "Right shift test failed!\n");
-            return 0;
-        }
-    }
-    BN_free(a);
-    BN_free(b);
-    BN_free(c);
-    BN_free(d);
-    BN_free(e);
-    return (1);
-}
-
-int test_rshift1(BIO *bp)
-{
-    BIGNUM *a, *b, *c;
-    int i;
-
-    a = BN_new();
-    b = BN_new();
-    c = BN_new();
-
-    BN_bntest_rand(a, 200, 0, 0);
-    a->neg = rand_neg();
-    for (i = 0; i < num0; i++) {
-        BN_rshift1(b, a);
-        if (bp != NULL) {
-            if (!results) {
-                BN_print(bp, a);
-                BIO_puts(bp, " / 2");
-                BIO_puts(bp, " - ");
-            }
-            BN_print(bp, b);
-            BIO_puts(bp, "\n");
-        }
-        BN_sub(c, a, b);
-        BN_sub(c, c, b);
-        if (!BN_is_zero(c) && !BN_abs_is_word(c, 1)) {
-            fprintf(stderr, "Right shift one test failed!\n");
-            return 0;
-        }
-        BN_copy(a, b);
-    }
-    BN_free(a);
-    BN_free(b);
-    BN_free(c);
-    return (1);
-}
-
-int rand_neg(void)
-{
-    static unsigned int neg = 0;
-    static int sign[8] = { 0, 0, 0, 1, 1, 0, 1, 1 };
-
-    return (sign[(neg++) % 8]);
-}
diff --git a/freebsd/crypto/openssl/crypto/bn/divtest.c b/freebsd/crypto/openssl/crypto/bn/divtest.c
deleted file mode 100644
index 9f6c8529..00000000
--- a/freebsd/crypto/openssl/crypto/bn/divtest.c
+++ /dev/null
@@ -1,44 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-#include <openssl/bn.h>
-#include <openssl/rand.h>
-
-static int Rand(n)
-{
-    unsigned char x[2];
-    RAND_pseudo_bytes(x, 2);
-    return (x[0] + 2 * x[1]);
-}
-
-static void bug(char *m, BIGNUM *a, BIGNUM *b)
-{
-    printf("%s!\na=", m);
-    BN_print_fp(stdout, a);
-    printf("\nb=");
-    BN_print_fp(stdout, b);
-    printf("\n");
-    fflush(stdout);
-}
-
-main()
-{
-    BIGNUM *a = BN_new(), *b = BN_new(), *c = BN_new(), *d = BN_new(),
-        *C = BN_new(), *D = BN_new();
-    BN_RECP_CTX *recp = BN_RECP_CTX_new();
-    BN_CTX *ctx = BN_CTX_new();
-
-    for (;;) {
-        BN_pseudo_rand(a, Rand(), 0, 0);
-        BN_pseudo_rand(b, Rand(), 0, 0);
-        if (BN_is_zero(b))
-            continue;
-
-        BN_RECP_CTX_set(recp, b, ctx);
-        if (BN_div(C, D, a, b, ctx) != 1)
-            bug("BN_div failed", a, b);
-        if (BN_div_recp(c, d, a, recp, ctx) != 1)
-            bug("BN_div_recp failed", a, b);
-        else if (BN_cmp(c, C) != 0 || BN_cmp(c, C) != 0)
-            bug("mismatch", a, b);
-    }
-}
diff --git a/freebsd/crypto/openssl/crypto/bn/expspeed.c b/freebsd/crypto/openssl/crypto/bn/expspeed.c
deleted file mode 100644
index 5c58128c..00000000
--- a/freebsd/crypto/openssl/crypto/bn/expspeed.c
+++ /dev/null
@@ -1,383 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* unused */
-
-/* crypto/bn/expspeed.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* most of this code has been pilfered from my libdes speed.c program */
-
-#define BASENUM 5000
-#define NUM_START 0
-
-/*
- * determine timings for modexp, modmul, modsqr, gcd, Kronecker symbol,
- * modular inverse, or modular square roots
- */
-#define TEST_EXP
-#undef TEST_MUL
-#undef TEST_SQR
-#undef TEST_GCD
-#undef TEST_KRON
-#undef TEST_INV
-#undef TEST_SQRT
-#define P_MOD_64 9              /* least significant 6 bits for prime to be
-                                 * used for BN_sqrt timings */
-
-#if defined(TEST_EXP) + defined(TEST_MUL) + defined(TEST_SQR) + defined(TEST_GCD) + defined(TEST_KRON) + defined(TEST_INV) +defined(TEST_SQRT) != 1
-# error "choose one test"
-#endif
-
-#if defined(TEST_INV) || defined(TEST_SQRT)
-# define C_PRIME
-static void genprime_cb(int p, int n, void *arg);
-#endif
-
-#undef PROG
-#define PROG bnspeed_main
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <signal.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/err.h>
-#include <openssl/rand.h>
-
-#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
-# define TIMES
-#endif
-
-#ifndef _IRIX
-# include <time.h>
-#endif
-#ifdef TIMES
-# include <sys/types.h>
-# include <sys/times.h>
-#endif
-
-/*
- * Depending on the VMS version, the tms structure is perhaps defined. The
- * __TMS macro will show if it was.  If it wasn't defined, we should undefine
- * TIMES, since that tells the rest of the program how things should be
- * handled.  -- Richard Levitte
- */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
-# undef TIMES
-#endif
-
-#ifndef TIMES
-# include <sys/timeb.h>
-#endif
-
-#if defined(sun) || defined(__ultrix)
-# define _POSIX_SOURCE
-# include <limits.h>
-# include <sys/param.h>
-#endif
-
-#include <openssl/bn.h>
-#include <openssl/x509.h>
-
-/* The following if from times(3) man page.  It may need to be changed */
-#ifndef HZ
-# ifndef CLK_TCK
-#  ifndef _BSD_CLK_TCK_         /* FreeBSD hack */
-#   define HZ   100.0
-#  else                         /* _BSD_CLK_TCK_ */
-#   define HZ ((double)_BSD_CLK_TCK_)
-#  endif
-# else                          /* CLK_TCK */
-#  define HZ ((double)CLK_TCK)
-# endif
-#endif
-
-#undef BUFSIZE
-#define BUFSIZE ((long)1024*8)
-int run = 0;
-
-static double Time_F(int s);
-#define START   0
-#define STOP    1
-
-static double Time_F(int s)
-{
-    double ret;
-#ifdef TIMES
-    static struct tms tstart, tend;
-
-    if (s == START) {
-        times(&tstart);
-        return (0);
-    } else {
-        times(&tend);
-        ret = ((double)(tend.tms_utime - tstart.tms_utime)) / HZ;
-        return ((ret < 1e-3) ? 1e-3 : ret);
-    }
-#else                           /* !times() */
-    static struct timeb tstart, tend;
-    long i;
-
-    if (s == START) {
-        ftime(&tstart);
-        return (0);
-    } else {
-        ftime(&tend);
-        i = (long)tend.millitm - (long)tstart.millitm;
-        ret = ((double)(tend.time - tstart.time)) + ((double)i) / 1000.0;
-        return ((ret < 0.001) ? 0.001 : ret);
-    }
-#endif
-}
-
-#define NUM_SIZES       7
-#if NUM_START > NUM_SIZES
-# error "NUM_START > NUM_SIZES"
-#endif
-static int sizes[NUM_SIZES] = { 128, 256, 512, 1024, 2048, 4096, 8192 };
-
-static int mul_c[NUM_SIZES] =
-    { 8 * 8 * 8 * 8 * 8 * 8, 8 * 8 * 8 * 8 * 8, 8 * 8 * 8 * 8, 8 * 8 * 8,
-    8 * 8, 8, 1
-};
-
-/*
- * static int sizes[NUM_SIZES]={59,179,299,419,539};
- */
-
-#define RAND_SEED(string) { const char str[] = string; RAND_seed(string, sizeof(str)); }
-
-void do_mul_exp(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *c, BN_CTX *ctx);
-
-int main(int argc, char **argv)
-{
-    BN_CTX *ctx;
-    BIGNUM *a, *b, *c, *r;
-
-#if 1
-    if (!CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0))
-        abort();
-#endif
-
-    ctx = BN_CTX_new();
-    a = BN_new();
-    b = BN_new();
-    c = BN_new();
-    r = BN_new();
-
-    while (!RAND_status())
-        /* not enough bits */
-        RAND_SEED("I demand a manual recount!");
-
-    do_mul_exp(r, a, b, c, ctx);
-    return 0;
-}
-
-void do_mul_exp(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *c, BN_CTX *ctx)
-{
-    int i, k;
-    double tm;
-    long num;
-
-    num = BASENUM;
-    for (i = NUM_START; i < NUM_SIZES; i++) {
-#ifdef C_PRIME
-# ifdef TEST_SQRT
-        if (!BN_set_word(a, 64))
-            goto err;
-        if (!BN_set_word(b, P_MOD_64))
-            goto err;
-#  define ADD a
-#  define REM b
-# else
-#  define ADD NULL
-#  define REM NULL
-# endif
-        if (!BN_generate_prime(c, sizes[i], 0, ADD, REM, genprime_cb, NULL))
-            goto err;
-        putc('\n', stderr);
-        fflush(stderr);
-#endif
-
-        for (k = 0; k < num; k++) {
-            if (k % 50 == 0) {  /* Average over num/50 different choices of
-                                 * random numbers. */
-                if (!BN_pseudo_rand(a, sizes[i], 1, 0))
-                    goto err;
-
-                if (!BN_pseudo_rand(b, sizes[i], 1, 0))
-                    goto err;
-
-#ifndef C_PRIME
-                if (!BN_pseudo_rand(c, sizes[i], 1, 1))
-                    goto err;
-#endif
-
-#ifdef TEST_SQRT
-                if (!BN_mod_sqr(a, a, c, ctx))
-                    goto err;
-                if (!BN_mod_sqr(b, b, c, ctx))
-                    goto err;
-#else
-                if (!BN_nnmod(a, a, c, ctx))
-                    goto err;
-                if (!BN_nnmod(b, b, c, ctx))
-                    goto err;
-#endif
-
-                if (k == 0)
-                    Time_F(START);
-            }
-#if defined(TEST_EXP)
-            if (!BN_mod_exp(r, a, b, c, ctx))
-                goto err;
-#elif defined(TEST_MUL)
-            {
-                int i = 0;
-                for (i = 0; i < 50; i++)
-                    if (!BN_mod_mul(r, a, b, c, ctx))
-                        goto err;
-            }
-#elif defined(TEST_SQR)
-            {
-                int i = 0;
-                for (i = 0; i < 50; i++) {
-                    if (!BN_mod_sqr(r, a, c, ctx))
-                        goto err;
-                    if (!BN_mod_sqr(r, b, c, ctx))
-                        goto err;
-                }
-            }
-#elif defined(TEST_GCD)
-            if (!BN_gcd(r, a, b, ctx))
-                goto err;
-            if (!BN_gcd(r, b, c, ctx))
-                goto err;
-            if (!BN_gcd(r, c, a, ctx))
-                goto err;
-#elif defined(TEST_KRON)
-            if (-2 == BN_kronecker(a, b, ctx))
-                goto err;
-            if (-2 == BN_kronecker(b, c, ctx))
-                goto err;
-            if (-2 == BN_kronecker(c, a, ctx))
-                goto err;
-#elif defined(TEST_INV)
-            if (!BN_mod_inverse(r, a, c, ctx))
-                goto err;
-            if (!BN_mod_inverse(r, b, c, ctx))
-                goto err;
-#else                           /* TEST_SQRT */
-            if (!BN_mod_sqrt(r, a, c, ctx))
-                goto err;
-            if (!BN_mod_sqrt(r, b, c, ctx))
-                goto err;
-#endif
-        }
-        tm = Time_F(STOP);
-        printf(
-#if defined(TEST_EXP)
-                  "modexp %4d ^ %4d %% %4d"
-#elif defined(TEST_MUL)
-                  "50*modmul %4d %4d %4d"
-#elif defined(TEST_SQR)
-                  "100*modsqr %4d %4d %4d"
-#elif defined(TEST_GCD)
-                  "3*gcd %4d %4d %4d"
-#elif defined(TEST_KRON)
-                  "3*kronecker %4d %4d %4d"
-#elif defined(TEST_INV)
-                  "2*inv %4d %4d mod %4d"
-#else                           /* TEST_SQRT */
-                  "2*sqrt [prime == %d (mod 64)] %4d %4d mod %4d"
-#endif
-                  " -> %8.6fms %5.1f (%ld)\n",
-#ifdef TEST_SQRT
-                  P_MOD_64,
-#endif
-                  sizes[i], sizes[i], sizes[i], tm * 1000.0 / num,
-                  tm * mul_c[i] / num, num);
-        num /= 7;
-        if (num <= 0)
-            num = 1;
-    }
-    return;
-
- err:
-    ERR_print_errors_fp(stderr);
-}
-
-#ifdef C_PRIME
-static void genprime_cb(int p, int n, void *arg)
-{
-    char c = '*';
-
-    if (p == 0)
-        c = '.';
-    if (p == 1)
-        c = '+';
-    if (p == 2)
-        c = '*';
-    if (p == 3)
-        c = '\n';
-    putc(c, stderr);
-    fflush(stderr);
-    (void)n;
-    (void)arg;
-}
-#endif
diff --git a/freebsd/crypto/openssl/crypto/bn/exptest.c b/freebsd/crypto/openssl/crypto/bn/exptest.c
deleted file mode 100644
index ee2cb663..00000000
--- a/freebsd/crypto/openssl/crypto/bn/exptest.c
+++ /dev/null
@@ -1,317 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/bn/exptest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "../e_os.h"
-
-#include <openssl/bio.h>
-#include <openssl/bn.h>
-#include <openssl/rand.h>
-#include <openssl/err.h>
-
-#define NUM_BITS        (BN_BITS*2)
-
-static const char rnd_seed[] =
-    "string to make the random number generator think it has entropy";
-
-/*
- * Test that r == 0 in test_exp_mod_zero(). Returns one on success,
- * returns zero and prints debug output otherwise.
- */
-static int a_is_zero_mod_one(const char *method, const BIGNUM *r,
-                             const BIGNUM *a) {
-    if (!BN_is_zero(r)) {
-        fprintf(stderr, "%s failed:\n", method);
-        fprintf(stderr, "a ** 0 mod 1 = r (should be 0)\n");
-        fprintf(stderr, "a = ");
-        BN_print_fp(stderr, a);
-        fprintf(stderr, "\nr = ");
-        BN_print_fp(stderr, r);
-        fprintf(stderr, "\n");
-        return 0;
-    }
-    return 1;
-}
-
-/*
- * test_exp_mod_zero tests that x**0 mod 1 == 0. It returns zero on success.
- */
-static int test_exp_mod_zero()
-{
-    BIGNUM a, p, m;
-    BIGNUM r;
-    BN_ULONG one_word = 1;
-    BN_CTX *ctx = BN_CTX_new();
-    int ret = 1, failed = 0;
-
-    BN_init(&m);
-    BN_one(&m);
-
-    BN_init(&a);
-    BN_one(&a);
-
-    BN_init(&p);
-    BN_zero(&p);
-
-    BN_init(&r);
-
-    if (!BN_rand(&a, 1024, 0, 0))
-        goto err;
-
-    if (!BN_mod_exp(&r, &a, &p, &m, ctx))
-        goto err;
-
-    if (!a_is_zero_mod_one("BN_mod_exp", &r, &a))
-        failed = 1;
-
-    if (!BN_mod_exp_recp(&r, &a, &p, &m, ctx))
-        goto err;
-
-    if (!a_is_zero_mod_one("BN_mod_exp_recp", &r, &a))
-        failed = 1;
-
-    if (!BN_mod_exp_simple(&r, &a, &p, &m, ctx))
-        goto err;
-
-    if (!a_is_zero_mod_one("BN_mod_exp_simple", &r, &a))
-        failed = 1;
-
-    if (!BN_mod_exp_mont(&r, &a, &p, &m, ctx, NULL))
-        goto err;
-
-    if (!a_is_zero_mod_one("BN_mod_exp_mont", &r, &a))
-        failed = 1;
-
-    if (!BN_mod_exp_mont_consttime(&r, &a, &p, &m, ctx, NULL)) {
-        goto err;
-    }
-
-    if (!a_is_zero_mod_one("BN_mod_exp_mont_consttime", &r, &a))
-        failed = 1;
-
-    /*
-     * A different codepath exists for single word multiplication
-     * in non-constant-time only.
-     */
-    if (!BN_mod_exp_mont_word(&r, one_word, &p, &m, ctx, NULL))
-        goto err;
-
-    if (!BN_is_zero(&r)) {
-        fprintf(stderr, "BN_mod_exp_mont_word failed:\n");
-        fprintf(stderr, "1 ** 0 mod 1 = r (should be 0)\n");
-        fprintf(stderr, "r = ");
-        BN_print_fp(stderr, &r);
-        fprintf(stderr, "\n");
-        return 0;
-    }
-
-    ret = failed;
-
- err:
-    BN_free(&r);
-    BN_free(&a);
-    BN_free(&p);
-    BN_free(&m);
-    BN_CTX_free(ctx);
-
-    return ret;
-}
-
-int main(int argc, char *argv[])
-{
-    BN_CTX *ctx;
-    BIO *out = NULL;
-    int i, ret;
-    unsigned char c;
-    BIGNUM *r_mont, *r_mont_const, *r_recp, *r_simple, *a, *b, *m;
-
-    /*
-     * Seed or BN_rand may fail, and we don't even check its return
-     * value (which we should)
-     */
-    RAND_seed(rnd_seed, sizeof(rnd_seed));
-
-    ERR_load_BN_strings();
-
-    ctx = BN_CTX_new();
-    if (ctx == NULL)
-        EXIT(1);
-    r_mont = BN_new();
-    r_mont_const = BN_new();
-    r_recp = BN_new();
-    r_simple = BN_new();
-    a = BN_new();
-    b = BN_new();
-    m = BN_new();
-    if ((r_mont == NULL) || (r_recp == NULL) || (a == NULL) || (b == NULL))
-        goto err;
-
-    out = BIO_new(BIO_s_file());
-
-    if (out == NULL)
-        EXIT(1);
-    BIO_set_fp(out, stdout, BIO_NOCLOSE);
-
-    for (i = 0; i < 200; i++) {
-        RAND_bytes(&c, 1);
-        c = (c % BN_BITS) - BN_BITS2;
-        BN_rand(a, NUM_BITS + c, 0, 0);
-
-        RAND_bytes(&c, 1);
-        c = (c % BN_BITS) - BN_BITS2;
-        BN_rand(b, NUM_BITS + c, 0, 0);
-
-        RAND_bytes(&c, 1);
-        c = (c % BN_BITS) - BN_BITS2;
-        BN_rand(m, NUM_BITS + c, 0, 1);
-
-        BN_mod(a, a, m, ctx);
-        BN_mod(b, b, m, ctx);
-
-        ret = BN_mod_exp_mont(r_mont, a, b, m, ctx, NULL);
-        if (ret <= 0) {
-            printf("BN_mod_exp_mont() problems\n");
-            ERR_print_errors(out);
-            EXIT(1);
-        }
-
-        ret = BN_mod_exp_recp(r_recp, a, b, m, ctx);
-        if (ret <= 0) {
-            printf("BN_mod_exp_recp() problems\n");
-            ERR_print_errors(out);
-            EXIT(1);
-        }
-
-        ret = BN_mod_exp_simple(r_simple, a, b, m, ctx);
-        if (ret <= 0) {
-            printf("BN_mod_exp_simple() problems\n");
-            ERR_print_errors(out);
-            EXIT(1);
-        }
-
-        ret = BN_mod_exp_mont_consttime(r_mont_const, a, b, m, ctx, NULL);
-        if (ret <= 0) {
-            printf("BN_mod_exp_mont_consttime() problems\n");
-            ERR_print_errors(out);
-            EXIT(1);
-        }
-
-        if (BN_cmp(r_simple, r_mont) == 0
-            && BN_cmp(r_simple, r_recp) == 0
-            && BN_cmp(r_simple, r_mont_const) == 0) {
-            printf(".");
-            fflush(stdout);
-        } else {
-            if (BN_cmp(r_simple, r_mont) != 0)
-                printf("\nsimple and mont results differ\n");
-            if (BN_cmp(r_simple, r_mont_const) != 0)
-                printf("\nsimple and mont const time results differ\n");
-            if (BN_cmp(r_simple, r_recp) != 0)
-                printf("\nsimple and recp results differ\n");
-
-            printf("a (%3d) = ", BN_num_bits(a));
-            BN_print(out, a);
-            printf("\nb (%3d) = ", BN_num_bits(b));
-            BN_print(out, b);
-            printf("\nm (%3d) = ", BN_num_bits(m));
-            BN_print(out, m);
-            printf("\nsimple   =");
-            BN_print(out, r_simple);
-            printf("\nrecp     =");
-            BN_print(out, r_recp);
-            printf("\nmont     =");
-            BN_print(out, r_mont);
-            printf("\nmont_ct  =");
-            BN_print(out, r_mont_const);
-            printf("\n");
-            EXIT(1);
-        }
-    }
-    BN_free(r_mont);
-    BN_free(r_mont_const);
-    BN_free(r_recp);
-    BN_free(r_simple);
-    BN_free(a);
-    BN_free(b);
-    BN_free(m);
-    BN_CTX_free(ctx);
-    ERR_remove_thread_state(NULL);
-    CRYPTO_mem_leaks(out);
-    BIO_free(out);
-    printf("\n");
-
-    if (test_exp_mod_zero() != 0)
-        goto err;
-
-    printf("done\n");
-
-    EXIT(0);
- err:
-    ERR_load_crypto_strings();
-    ERR_print_errors(out);
-#ifdef OPENSSL_SYS_NETWARE
-    printf("ERROR\n");
-#endif
-    EXIT(1);
-    return (1);
-}
diff --git a/freebsd/crypto/openssl/crypto/bn/rsaz_exp.c b/freebsd/crypto/openssl/crypto/bn/rsaz_exp.c
index e8e609b7..8bf4ee51 100644
--- a/freebsd/crypto/openssl/crypto/bn/rsaz_exp.c
+++ b/freebsd/crypto/openssl/crypto/bn/rsaz_exp.c
@@ -1,50 +1,25 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/*****************************************************************************
-*                                                                            *
-*  Copyright (c) 2012, Intel Corporation                                     *
-*                                                                            *
-*  All rights reserved.                                                      *
-*                                                                            *
-*  Redistribution and use in source and binary forms, with or without        *
-*  modification, are permitted provided that the following conditions are    *
-*  met:                                                                      *
-*                                                                            *
-*  *  Redistributions of source code must retain the above copyright         *
-*     notice, this list of conditions and the following disclaimer.          *
-*                                                                            *
-*  *  Redistributions in binary form must reproduce the above copyright      *
-*     notice, this list of conditions and the following disclaimer in the    *
-*     documentation and/or other materials provided with the                 *
-*     distribution.                                                          *
-*                                                                            *
-*  *  Neither the name of the Intel Corporation nor the names of its         *
-*     contributors may be used to endorse or promote products derived from   *
-*     this software without specific prior written permission.               *
-*                                                                            *
-*                                                                            *
-*  THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION ""AS IS"" AND ANY          *
-*  EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE         *
-*  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR        *
-*  PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION OR            *
-*  CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,     *
-*  EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,       *
-*  PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR        *
-*  PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF    *
-*  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING      *
-*  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS        *
-*  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.              *
-*                                                                            *
-******************************************************************************
-* Developers and authors:                                                    *
-* Shay Gueron (1, 2), and Vlad Krasnov (1)                                   *
-* (1) Intel Corporation, Israel Development Center, Haifa, Israel            *
-* (2) University of Haifa, Israel                                            *
-*****************************************************************************/
+/*
+ * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2012, Intel Corporation. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Shay Gueron (1, 2), and Vlad Krasnov (1)
+ * (1) Intel Corporation, Israel Development Center, Haifa, Israel
+ * (2) University of Haifa, Israel
+ */
 
+#include <openssl/opensslconf.h>
 #include "rsaz_exp.h"
 
-#ifdef RSAZ_ENABLED
+#ifndef RSAZ_ENABLED
+NON_EMPTY_TRANSLATION_UNIT
+#else
 
 /*
  * See crypto/bn/asm/rsaz-avx2.pl for further details.
@@ -243,7 +218,7 @@ void RSAZ_1024_mod_exp_avx2(BN_ULONG result_norm[16],
 
         rsaz_1024_sqr_avx2(result, result, m, k0, 5);
 
-        wvalue = *((unsigned short *)&p_str[index / 8]);
+        wvalue = (p_str[(index / 8) + 1] << 8) | p_str[index / 8];
         wvalue = (wvalue >> (index % 8)) & 31;
         index -= 5;
 
@@ -339,10 +314,4 @@ void RSAZ_512_mod_exp(BN_ULONG result[8],
     OPENSSL_cleanse(storage, sizeof(storage));
 }
 
-#else
-
-# if defined(PEDANTIC) || defined(__DECC) || defined(__clang__)
-static void *dummy = &dummy;
-# endif
-
 #endif
diff --git a/freebsd/crypto/openssl/crypto/bn/rsaz_exp.h b/freebsd/crypto/openssl/crypto/bn/rsaz_exp.h
index 229e181f..c5864f8a 100644
--- a/freebsd/crypto/openssl/crypto/bn/rsaz_exp.h
+++ b/freebsd/crypto/openssl/crypto/bn/rsaz_exp.h
@@ -1,44 +1,16 @@
-/*****************************************************************************
-*                                                                            *
-*  Copyright (c) 2012, Intel Corporation                                     *
-*                                                                            *
-*  All rights reserved.                                                      *
-*                                                                            *
-*  Redistribution and use in source and binary forms, with or without        *
-*  modification, are permitted provided that the following conditions are    *
-*  met:                                                                      *
-*                                                                            *
-*  *  Redistributions of source code must retain the above copyright         *
-*     notice, this list of conditions and the following disclaimer.          *
-*                                                                            *
-*  *  Redistributions in binary form must reproduce the above copyright      *
-*     notice, this list of conditions and the following disclaimer in the    *
-*     documentation and/or other materials provided with the                 *
-*     distribution.                                                          *
-*                                                                            *
-*  *  Neither the name of the Intel Corporation nor the names of its         *
-*     contributors may be used to endorse or promote products derived from   *
-*     this software without specific prior written permission.               *
-*                                                                            *
-*                                                                            *
-*  THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION ""AS IS"" AND ANY          *
-*  EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE         *
-*  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR        *
-*  PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION OR            *
-*  CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,     *
-*  EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,       *
-*  PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR        *
-*  PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF    *
-*  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING      *
-*  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS        *
-*  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.              *
-*                                                                            *
-******************************************************************************
-* Developers and authors:                                                    *
-* Shay Gueron (1, 2), and Vlad Krasnov (1)                                   *
-* (1) Intel Corporation, Israel Development Center, Haifa, Israel            *
-* (2) University of Haifa, Israel                                            *
-*****************************************************************************/
+/*
+ * Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2012, Intel Corporation. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Shay Gueron (1, 2), and Vlad Krasnov (1)
+ * (1) Intel Corporation, Israel Development Center, Haifa, Israel
+ * (2) University of Haifa, Israel
+ */
 
 #ifndef RSAZ_EXP_H
 # define RSAZ_EXP_H
@@ -56,7 +28,7 @@ void RSAZ_1024_mod_exp_avx2(BN_ULONG result[16],
                             const BN_ULONG exponent[16],
                             const BN_ULONG m_norm[16], const BN_ULONG RR[16],
                             BN_ULONG k0);
-int rsaz_avx2_eligible();
+int rsaz_avx2_eligible(void);
 
 void RSAZ_512_mod_exp(BN_ULONG result[8],
                       const BN_ULONG base_norm[8], const BN_ULONG exponent[8],
diff --git a/freebsd/crypto/openssl/crypto/bn_int.h b/freebsd/crypto/openssl/crypto/bn_int.h
deleted file mode 100644
index 9c42d6f3..00000000
--- a/freebsd/crypto/openssl/crypto/bn_int.h
+++ /dev/null
@@ -1,15 +0,0 @@
-/*
- * Some BIGNUM functions assume most significant limb to be non-zero, which
- * is customarily arranged by bn_correct_top. Output from below functions
- * is not processed with bn_correct_top, and for this reason it may not be
- * returned out of public API. It may only be passed internally into other
- * functions known to support non-minimal or zero-padded BIGNUMs.
- */
-int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-                          BN_MONT_CTX *mont, BN_CTX *ctx);
-int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
-                         BN_CTX *ctx);
-int bn_mod_add_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-                         const BIGNUM *m);
-
-int bn_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen);
diff --git a/freebsd/crypto/openssl/crypto/buffer/buf_err.c b/freebsd/crypto/openssl/crypto/buffer/buf_err.c
index e2471849..df42d78b 100644
--- a/freebsd/crypto/openssl/crypto/buffer/buf_err.c
+++ b/freebsd/crypto/openssl/crypto/buffer/buf_err.c
@@ -1,99 +1,40 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/buffer/buf_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
 /*
- * NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
-#include <openssl/buffer.h>
+#include <openssl/buffererr.h>
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_BUF,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_BUF,0,reason)
-
-static ERR_STRING_DATA BUF_str_functs[] = {
-    {ERR_FUNC(BUF_F_BUF_MEMDUP), "BUF_memdup"},
-    {ERR_FUNC(BUF_F_BUF_MEM_GROW), "BUF_MEM_grow"},
-    {ERR_FUNC(BUF_F_BUF_MEM_GROW_CLEAN), "BUF_MEM_grow_clean"},
-    {ERR_FUNC(BUF_F_BUF_MEM_NEW), "BUF_MEM_new"},
-    {ERR_FUNC(BUF_F_BUF_STRDUP), "BUF_strdup"},
-    {ERR_FUNC(BUF_F_BUF_STRNDUP), "BUF_strndup"},
+static const ERR_STRING_DATA BUF_str_functs[] = {
+    {ERR_PACK(ERR_LIB_BUF, BUF_F_BUF_MEM_GROW, 0), "BUF_MEM_grow"},
+    {ERR_PACK(ERR_LIB_BUF, BUF_F_BUF_MEM_GROW_CLEAN, 0), "BUF_MEM_grow_clean"},
+    {ERR_PACK(ERR_LIB_BUF, BUF_F_BUF_MEM_NEW, 0), "BUF_MEM_new"},
     {0, NULL}
 };
 
-static ERR_STRING_DATA BUF_str_reasons[] = {
+static const ERR_STRING_DATA BUF_str_reasons[] = {
     {0, NULL}
 };
 
 #endif
 
-void ERR_load_BUF_strings(void)
+int ERR_load_BUF_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
-
     if (ERR_func_error_string(BUF_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, BUF_str_functs);
-        ERR_load_strings(0, BUF_str_reasons);
+        ERR_load_strings_const(BUF_str_functs);
+        ERR_load_strings_const(BUF_str_reasons);
     }
 #endif
+    return 1;
 }
diff --git a/freebsd/crypto/openssl/crypto/buffer/buf_str.c b/freebsd/crypto/openssl/crypto/buffer/buf_str.c
deleted file mode 100644
index 80492f58..00000000
--- a/freebsd/crypto/openssl/crypto/buffer/buf_str.c
+++ /dev/null
@@ -1,139 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/buffer/buffer.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <limits.h>
-#include <openssl/buffer.h>
-
-size_t BUF_strnlen(const char *str, size_t maxlen)
-{
-    const char *p;
-
-    for (p = str; maxlen-- != 0 && *p != '\0'; ++p) ;
-
-    return p - str;
-}
-
-char *BUF_strdup(const char *str)
-{
-    if (str == NULL)
-        return NULL;
-    return BUF_strndup(str, strlen(str));
-}
-
-char *BUF_strndup(const char *str, size_t siz)
-{
-    char *ret;
-
-    if (str == NULL)
-        return NULL;
-
-    siz = BUF_strnlen(str, siz);
-
-    if (siz >= INT_MAX)
-        return NULL;
-
-    ret = OPENSSL_malloc(siz + 1);
-    if (ret == NULL) {
-        BUFerr(BUF_F_BUF_STRNDUP, ERR_R_MALLOC_FAILURE);
-        return NULL;
-    }
-
-    memcpy(ret, str, siz);
-    ret[siz] = '\0';
-
-    return (ret);
-}
-
-void *BUF_memdup(const void *data, size_t siz)
-{
-    void *ret;
-
-    if (data == NULL || siz >= INT_MAX)
-        return NULL;
-
-    ret = OPENSSL_malloc(siz);
-    if (ret == NULL) {
-        BUFerr(BUF_F_BUF_MEMDUP, ERR_R_MALLOC_FAILURE);
-        return NULL;
-    }
-    return memcpy(ret, data, siz);
-}
-
-size_t BUF_strlcpy(char *dst, const char *src, size_t size)
-{
-    size_t l = 0;
-    for (; size > 1 && *src; size--) {
-        *dst++ = *src++;
-        l++;
-    }
-    if (size)
-        *dst = '\0';
-    return l + strlen(src);
-}
-
-size_t BUF_strlcat(char *dst, const char *src, size_t size)
-{
-    size_t l = 0;
-    for (; size > 0 && *dst; size--, dst++)
-        l++;
-    return l + BUF_strlcpy(dst, src, size);
-}
diff --git a/freebsd/crypto/openssl/crypto/buffer/buffer.c b/freebsd/crypto/openssl/crypto/buffer/buffer.c
index c3beca8e..c1a548cf 100644
--- a/freebsd/crypto/openssl/crypto/buffer/buffer.c
+++ b/freebsd/crypto/openssl/crypto/buffer/buffer.c
@@ -1,65 +1,16 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/buffer/buffer.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/buffer.h>
 
 /*
@@ -69,46 +20,72 @@
  */
 #define LIMIT_BEFORE_EXPANSION 0x5ffffffc
 
+BUF_MEM *BUF_MEM_new_ex(unsigned long flags)
+{
+    BUF_MEM *ret;
+
+    ret = BUF_MEM_new();
+    if (ret != NULL)
+        ret->flags = flags;
+    return ret;
+}
+
 BUF_MEM *BUF_MEM_new(void)
 {
     BUF_MEM *ret;
 
-    ret = OPENSSL_malloc(sizeof(BUF_MEM));
+    ret = OPENSSL_zalloc(sizeof(*ret));
     if (ret == NULL) {
         BUFerr(BUF_F_BUF_MEM_NEW, ERR_R_MALLOC_FAILURE);
-        return (NULL);
+        return NULL;
     }
-    ret->length = 0;
-    ret->max = 0;
-    ret->data = NULL;
-    return (ret);
+    return ret;
 }
 
 void BUF_MEM_free(BUF_MEM *a)
 {
     if (a == NULL)
         return;
-
     if (a->data != NULL) {
-        OPENSSL_cleanse(a->data, a->max);
-        OPENSSL_free(a->data);
+        if (a->flags & BUF_MEM_FLAG_SECURE)
+            OPENSSL_secure_clear_free(a->data, a->max);
+        else
+            OPENSSL_clear_free(a->data, a->max);
     }
     OPENSSL_free(a);
 }
 
-int BUF_MEM_grow(BUF_MEM *str, size_t len)
+/* Allocate a block of secure memory; copy over old data if there
+ * was any, and then free it. */
+static char *sec_alloc_realloc(BUF_MEM *str, size_t len)
+{
+    char *ret;
+
+    ret = OPENSSL_secure_malloc(len);
+    if (str->data != NULL) {
+        if (ret != NULL) {
+            memcpy(ret, str->data, str->length);
+            OPENSSL_secure_clear_free(str->data, str->length);
+            str->data = NULL;
+        }
+    }
+    return ret;
+}
+
+size_t BUF_MEM_grow(BUF_MEM *str, size_t len)
 {
     char *ret;
     size_t n;
 
     if (str->length >= len) {
         str->length = len;
-        return (len);
+        return len;
     }
     if (str->max >= len) {
-        memset(&str->data[str->length], 0, len - str->length);
+        if (str->data != NULL)
+            memset(&str->data[str->length], 0, len - str->length);
         str->length = len;
-        return (len);
+        return len;
     }
     /* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
     if (len > LIMIT_BEFORE_EXPANSION) {
@@ -116,8 +93,8 @@ int BUF_MEM_grow(BUF_MEM *str, size_t len)
         return 0;
     }
     n = (len + 3) / 3 * 4;
-    if (str->data == NULL)
-        ret = OPENSSL_malloc(n);
+    if ((str->flags & BUF_MEM_FLAG_SECURE))
+        ret = sec_alloc_realloc(str, n);
     else
         ret = OPENSSL_realloc(str->data, n);
     if (ret == NULL) {
@@ -129,23 +106,24 @@ int BUF_MEM_grow(BUF_MEM *str, size_t len)
         memset(&str->data[str->length], 0, len - str->length);
         str->length = len;
     }
-    return (len);
+    return len;
 }
 
-int BUF_MEM_grow_clean(BUF_MEM *str, size_t len)
+size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len)
 {
     char *ret;
     size_t n;
 
     if (str->length >= len) {
-        memset(&str->data[len], 0, str->length - len);
+        if (str->data != NULL)
+            memset(&str->data[len], 0, str->length - len);
         str->length = len;
-        return (len);
+        return len;
     }
     if (str->max >= len) {
         memset(&str->data[str->length], 0, len - str->length);
         str->length = len;
-        return (len);
+        return len;
     }
     /* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
     if (len > LIMIT_BEFORE_EXPANSION) {
@@ -153,10 +131,10 @@ int BUF_MEM_grow_clean(BUF_MEM *str, size_t len)
         return 0;
     }
     n = (len + 3) / 3 * 4;
-    if (str->data == NULL)
-        ret = OPENSSL_malloc(n);
+    if ((str->flags & BUF_MEM_FLAG_SECURE))
+        ret = sec_alloc_realloc(str, n);
     else
-        ret = OPENSSL_realloc_clean(str->data, str->max, n);
+        ret = OPENSSL_clear_realloc(str->data, str->max, n);
     if (ret == NULL) {
         BUFerr(BUF_F_BUF_MEM_GROW_CLEAN, ERR_R_MALLOC_FAILURE);
         len = 0;
@@ -166,7 +144,7 @@ int BUF_MEM_grow_clean(BUF_MEM *str, size_t len)
         memset(&str->data[str->length], 0, len - str->length);
         str->length = len;
     }
-    return (len);
+    return len;
 }
 
 void BUF_reverse(unsigned char *out, const unsigned char *in, size_t size)
diff --git a/freebsd/crypto/openssl/crypto/buffer/buffer.h b/freebsd/crypto/openssl/crypto/buffer/buffer.h
deleted file mode 100644
index efd240a5..00000000
--- a/freebsd/crypto/openssl/crypto/buffer/buffer.h
+++ /dev/null
@@ -1,125 +0,0 @@
-/* crypto/buffer/buffer.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_BUFFER_H
-# define HEADER_BUFFER_H
-
-# include <openssl/ossl_typ.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-# include <stddef.h>
-
-# if !defined(NO_SYS_TYPES_H)
-#  include <sys/types.h>
-# endif
-
-/* Already declared in ossl_typ.h */
-/* typedef struct buf_mem_st BUF_MEM; */
-
-struct buf_mem_st {
-    size_t length;              /* current number of bytes */
-    char *data;
-    size_t max;                 /* size of buffer */
-};
-
-BUF_MEM *BUF_MEM_new(void);
-void BUF_MEM_free(BUF_MEM *a);
-int BUF_MEM_grow(BUF_MEM *str, size_t len);
-int BUF_MEM_grow_clean(BUF_MEM *str, size_t len);
-size_t BUF_strnlen(const char *str, size_t maxlen);
-char *BUF_strdup(const char *str);
-
-/*
- * Like strndup, but in addition, explicitly guarantees to never read past the
- * first |siz| bytes of |str|.
- */
-char *BUF_strndup(const char *str, size_t siz);
-
-void *BUF_memdup(const void *data, size_t siz);
-void BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz);
-
-/* safe string functions */
-size_t BUF_strlcpy(char *dst, const char *src, size_t siz);
-size_t BUF_strlcat(char *dst, const char *src, size_t siz);
-
-/* BEGIN ERROR CODES */
-/*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_BUF_strings(void);
-
-/* Error codes for the BUF functions. */
-
-/* Function codes. */
-# define BUF_F_BUF_MEMDUP                                 103
-# define BUF_F_BUF_MEM_GROW                               100
-# define BUF_F_BUF_MEM_GROW_CLEAN                         105
-# define BUF_F_BUF_MEM_NEW                                101
-# define BUF_F_BUF_STRDUP                                 102
-# define BUF_F_BUF_STRNDUP                                104
-
-/* Reason codes. */
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/freebsd/crypto/openssl/crypto/buildinf.h b/freebsd/crypto/openssl/crypto/buildinf.h
new file mode 100644
index 00000000..f8cb0965
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/buildinf.h
@@ -0,0 +1,3 @@
+#define	compiler_flags ""
+#define	DATE ""
+#define	PLATFORM ""
diff --git a/freebsd/crypto/openssl/crypto/camellia/camellia.c b/freebsd/crypto/openssl/crypto/camellia/camellia.c
index d6c41111..24f0f862 100644
--- a/freebsd/crypto/openssl/crypto/camellia/camellia.c
+++ b/freebsd/crypto/openssl/crypto/camellia/camellia.c
@@ -1,6 +1,14 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/camellia/camellia.c */
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
 /* ====================================================================
  * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) .
  * ALL RIGHTS RESERVED.
@@ -14,57 +22,6 @@
  * The Camellia Code included herein is developed by
  * NTT (Nippon Telegraph and Telephone Corporation), and is contributed
  * to the OpenSSL project.
- *
- * The Camellia Code is licensed pursuant to the OpenSSL open source
- * license provided below.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
  */
 
 /*
@@ -84,56 +41,16 @@
  * words reasonable performance even with not so modern compilers.
  */
 
-#include "camellia.h"
+#include <openssl/camellia.h>
 #include "cmll_locl.h"
 #include <string.h>
 #include <stdlib.h>
 
-/* 32-bit rotations */
-#if !defined(PEDANTIC) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
-# if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64))
-#  define RightRotate(x, s) _lrotr(x, s)
-#  define LeftRotate(x, s)  _lrotl(x, s)
-#  if _MSC_VER >= 1400
-#   define SWAP(x) _byteswap_ulong(x)
-#  else
-#   define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
-#  endif
-#  define GETU32(p)   SWAP(*((u32 *)(p)))
-#  define PUTU32(p,v) (*((u32 *)(p)) = SWAP((v)))
-# elif defined(__GNUC__) && __GNUC__>=2
-#  if defined(__i386) || defined(__x86_64)
-#   define RightRotate(x,s) ({u32 ret; asm ("rorl %1,%0":"=r"(ret):"I"(s),"0"(x):"cc"); ret; })
-#   define LeftRotate(x,s)  ({u32 ret; asm ("roll %1,%0":"=r"(ret):"I"(s),"0"(x):"cc"); ret; })
-#   if defined(B_ENDIAN)        /* stratus.com does it */
-#    define GETU32(p)   (*(u32 *)(p))
-#    define PUTU32(p,v) (*(u32 *)(p)=(v))
-#   else
-#    define GETU32(p)   ({u32 r=*(const u32 *)(p); asm("bswapl %0":"=r"(r):"0"(r)); r; })
-#    define PUTU32(p,v) ({u32 r=(v); asm("bswapl %0":"=r"(r):"0"(r)); *(u32 *)(p)=r; })
-#   endif
-#  elif defined(_ARCH_PPC) || defined(_ARCH_PPC64) || \
-        defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__)
-#   define LeftRotate(x,s)  ({u32 ret; asm ("rlwinm %0,%1,%2,0,31":"=r"(ret):"r"(x),"I"(s)); ret; })
-#   define RightRotate(x,s) LeftRotate(x,(32-s))
-#  elif defined(__s390x__)
-#   define LeftRotate(x,s)  ({u32 ret; asm ("rll %0,%1,%2":"=r"(ret):"r"(x),"I"(s)); ret; })
-#   define RightRotate(x,s) LeftRotate(x,(32-s))
-#   define GETU32(p)   (*(u32 *)(p))
-#   define PUTU32(p,v) (*(u32 *)(p)=(v))
-#  endif
-# endif
-#endif
-
-#if !defined(RightRotate) && !defined(LeftRotate)
-# define RightRotate(x, s) ( ((x) >> (s)) + ((x) << (32 - s)) )
-# define LeftRotate(x, s)  ( ((x) << (s)) + ((x) >> (32 - s)) )
-#endif
-
-#if !defined(GETU32) && !defined(PUTU32)
-# define GETU32(p)   (((u32)(p)[0] << 24) ^ ((u32)(p)[1] << 16) ^ ((u32)(p)[2] <<  8) ^ ((u32)(p)[3]))
-# define PUTU32(p,v) ((p)[0] = (u8)((v) >> 24), (p)[1] = (u8)((v) >> 16), (p)[2] = (u8)((v) >>  8), (p)[3] = (u8)(v))
-#endif
+#define RightRotate(x, s) ( ((x) >> (s)) + ((x) << (32 - s)) )
+#define LeftRotate(x, s)  ( ((x) << (s)) + ((x) >> (32 - s)) )
+
+#define GETU32(p)   (((u32)(p)[0] << 24) ^ ((u32)(p)[1] << 16) ^ ((u32)(p)[2] <<  8) ^ ((u32)(p)[3]))
+#define PUTU32(p,v) ((p)[0] = (u8)((v) >> 24), (p)[1] = (u8)((v) >> 16), (p)[2] = (u8)((v) >>  8), (p)[3] = (u8)(v))
 
 /* S-box data */
 #define SBOX1_1110 Camellia_SBOX[0]
diff --git a/freebsd/crypto/openssl/crypto/camellia/cmll_cbc.c b/freebsd/crypto/openssl/crypto/camellia/cmll_cbc.c
index 51d38bca..3d1df48f 100644
--- a/freebsd/crypto/openssl/crypto/camellia/cmll_cbc.c
+++ b/freebsd/crypto/openssl/crypto/camellia/cmll_cbc.c
@@ -1,54 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/camellia/camellia_cbc.c */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/camellia.h>
diff --git a/freebsd/crypto/openssl/crypto/camellia/cmll_cfb.c b/freebsd/crypto/openssl/crypto/camellia/cmll_cfb.c
index bc1f1193..e9db335d 100644
--- a/freebsd/crypto/openssl/crypto/camellia/cmll_cfb.c
+++ b/freebsd/crypto/openssl/crypto/camellia/cmll_cfb.c
@@ -1,110 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/camellia/camellia_cfb.c */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/camellia.h>
diff --git a/freebsd/crypto/openssl/crypto/camellia/cmll_ctr.c b/freebsd/crypto/openssl/crypto/camellia/cmll_ctr.c
index 9e21d53e..25c16be2 100644
--- a/freebsd/crypto/openssl/crypto/camellia/cmll_ctr.c
+++ b/freebsd/crypto/openssl/crypto/camellia/cmll_ctr.c
@@ -1,54 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/camellia/camellia_ctr.c */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/camellia.h>
diff --git a/freebsd/crypto/openssl/crypto/camellia/cmll_ecb.c b/freebsd/crypto/openssl/crypto/camellia/cmll_ecb.c
index 8acc937f..5aea86f8 100644
--- a/freebsd/crypto/openssl/crypto/camellia/cmll_ecb.c
+++ b/freebsd/crypto/openssl/crypto/camellia/cmll_ecb.c
@@ -1,73 +1,20 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/camellia/camellia_ecb.c */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#ifndef CAMELLIA_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-#include <assert.h>
-
 #include <openssl/camellia.h>
 #include "cmll_locl.h"
 
 void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out,
                           const CAMELLIA_KEY *key, const int enc)
 {
-
-    assert(in && out && key);
-    assert((CAMELLIA_ENCRYPT == enc) || (CAMELLIA_DECRYPT == enc));
-
     if (CAMELLIA_ENCRYPT == enc)
         Camellia_encrypt(in, out, key);
     else
diff --git a/freebsd/crypto/openssl/crypto/camellia/cmll_locl.h b/freebsd/crypto/openssl/crypto/camellia/cmll_locl.h
index 2bd79b8c..6403b390 100644
--- a/freebsd/crypto/openssl/crypto/camellia/cmll_locl.h
+++ b/freebsd/crypto/openssl/crypto/camellia/cmll_locl.h
@@ -1,4 +1,12 @@
-/* crypto/camellia/camellia_locl.h */
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
 /* ====================================================================
  * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) .
  * ALL RIGHTS RESERVED.
@@ -12,57 +20,6 @@
  * The Camellia Code included herein is developed by
  * NTT (Nippon Telegraph and Telephone Corporation), and is contributed
  * to the OpenSSL project.
- *
- * The Camellia Code is licensed pursuant to the OpenSSL open source
- * license provided below.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
  */
 
 #ifndef HEADER_CAMELLIA_LOCL_H
@@ -83,6 +40,4 @@ void Camellia_EncryptBlock(int keyBitLength, const u8 plaintext[],
                            const KEY_TABLE_TYPE keyTable, u8 ciphertext[]);
 void Camellia_DecryptBlock(int keyBitLength, const u8 ciphertext[],
                            const KEY_TABLE_TYPE keyTable, u8 plaintext[]);
-int private_Camellia_set_key(const unsigned char *userKey, const int bits,
-                             CAMELLIA_KEY *key);
 #endif                          /* #ifndef HEADER_CAMELLIA_LOCL_H */
diff --git a/freebsd/crypto/openssl/crypto/camellia/cmll_misc.c b/freebsd/crypto/openssl/crypto/camellia/cmll_misc.c
index 4da8d875..38aba04f 100644
--- a/freebsd/crypto/openssl/crypto/camellia/cmll_misc.c
+++ b/freebsd/crypto/openssl/crypto/camellia/cmll_misc.c
@@ -1,65 +1,20 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/camellia/camellia_misc.c */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/opensslv.h>
-#include <openssl/crypto.h>
 #include <openssl/camellia.h>
 #include "cmll_locl.h"
 
-const char CAMELLIA_version[] = "CAMELLIA" OPENSSL_VERSION_PTEXT;
-
-int private_Camellia_set_key(const unsigned char *userKey, const int bits,
-                             CAMELLIA_KEY *key)
+int Camellia_set_key(const unsigned char *userKey, const int bits,
+                     CAMELLIA_KEY *key)
 {
     if (!userKey || !key)
         return -1;
diff --git a/freebsd/crypto/openssl/crypto/camellia/cmll_ofb.c b/freebsd/crypto/openssl/crypto/camellia/cmll_ofb.c
index bfcb490e..a1dd3593 100644
--- a/freebsd/crypto/openssl/crypto/camellia/cmll_ofb.c
+++ b/freebsd/crypto/openssl/crypto/camellia/cmll_ofb.c
@@ -1,110 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/camellia/camellia_ofb.c */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/camellia.h>
diff --git a/freebsd/crypto/openssl/crypto/camellia/cmll_utl.c b/freebsd/crypto/openssl/crypto/camellia/cmll_utl.c
deleted file mode 100644
index 737c2dea..00000000
--- a/freebsd/crypto/openssl/crypto/camellia/cmll_utl.c
+++ /dev/null
@@ -1,66 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/camellia/cmll_utl.c */
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#include <openssl/opensslv.h>
-#include <openssl/crypto.h>
-#include <openssl/camellia.h>
-#include "cmll_locl.h"
-
-int Camellia_set_key(const unsigned char *userKey, const int bits,
-                     CAMELLIA_KEY *key)
-{
-#ifdef OPENSSL_FIPS
-    fips_cipher_abort(Camellia);
-#endif
-    return private_Camellia_set_key(userKey, bits, key);
-}
diff --git a/freebsd/crypto/openssl/crypto/cast/c_cfb64.c b/freebsd/crypto/openssl/crypto/cast/c_cfb64.c
index 0459056a..44287b6a 100644
--- a/freebsd/crypto/openssl/crypto/cast/c_cfb64.c
+++ b/freebsd/crypto/openssl/crypto/cast/c_cfb64.c
@@ -1,61 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/cast/c_cfb64.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/cast.h>
diff --git a/freebsd/crypto/openssl/crypto/cast/c_ecb.c b/freebsd/crypto/openssl/crypto/cast/c_ecb.c
index c9a6e652..b3cd0b1e 100644
--- a/freebsd/crypto/openssl/crypto/cast/c_ecb.c
+++ b/freebsd/crypto/openssl/crypto/cast/c_ecb.c
@@ -1,69 +1,18 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/cast/c_ecb.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/cast.h>
 #include "cast_lcl.h"
 #include <openssl/opensslv.h>
 
-const char CAST_version[] = "CAST" OPENSSL_VERSION_PTEXT;
-
 void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out,
                       const CAST_KEY *ks, int enc)
 {
diff --git a/freebsd/crypto/openssl/crypto/cast/c_enc.c b/freebsd/crypto/openssl/crypto/cast/c_enc.c
index 312219a3..78db8c35 100644
--- a/freebsd/crypto/openssl/crypto/cast/c_enc.c
+++ b/freebsd/crypto/openssl/crypto/cast/c_enc.c
@@ -1,61 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/cast/c_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/cast.h>
@@ -63,8 +14,8 @@
 
 void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key)
 {
-    register CAST_LONG l, r, t;
-    const register CAST_LONG *k;
+    CAST_LONG l, r, t;
+    const CAST_LONG *k;
 
     k = &(key->data[0]);
     l = data[0];
@@ -95,8 +46,8 @@ void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key)
 
 void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key)
 {
-    register CAST_LONG l, r, t;
-    const register CAST_LONG *k;
+    CAST_LONG l, r, t;
+    const CAST_LONG *k;
 
     k = &(key->data[0]);
     l = data[0];
diff --git a/freebsd/crypto/openssl/crypto/cast/c_ofb64.c b/freebsd/crypto/openssl/crypto/cast/c_ofb64.c
index d70c2b0d..d0592ffc 100644
--- a/freebsd/crypto/openssl/crypto/cast/c_ofb64.c
+++ b/freebsd/crypto/openssl/crypto/cast/c_ofb64.c
@@ -1,61 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/cast/c_ofb64.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/cast.h>
diff --git a/freebsd/crypto/openssl/crypto/cast/c_skey.c b/freebsd/crypto/openssl/crypto/cast/c_skey.c
index 94038725..50ad7962 100644
--- a/freebsd/crypto/openssl/crypto/cast/c_skey.c
+++ b/freebsd/crypto/openssl/crypto/cast/c_skey.c
@@ -1,64 +1,14 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/cast/c_skey.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include <openssl/crypto.h>
 #include <openssl/cast.h>
 #include "cast_lcl.h"
 #include "cast_s.h"
@@ -74,15 +24,8 @@
 #define S5 CAST_S_table5
 #define S6 CAST_S_table6
 #define S7 CAST_S_table7
-void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data)
-#ifdef OPENSSL_FIPS
-{
-    fips_cipher_abort(CAST);
-    private_CAST_set_key(key, len, data);
-}
 
-void private_CAST_set_key(CAST_KEY *key, int len, const unsigned char *data)
-#endif
+void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data)
 {
     CAST_LONG x[16];
     CAST_LONG z[16];
diff --git a/freebsd/crypto/openssl/crypto/cast/cast.h b/freebsd/crypto/openssl/crypto/cast/cast.h
deleted file mode 100644
index 0003ec9c..00000000
--- a/freebsd/crypto/openssl/crypto/cast/cast.h
+++ /dev/null
@@ -1,107 +0,0 @@
-/* crypto/cast/cast.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_CAST_H
-# define HEADER_CAST_H
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-# include <openssl/opensslconf.h>
-
-# ifdef OPENSSL_NO_CAST
-#  error CAST is disabled.
-# endif
-
-# define CAST_ENCRYPT    1
-# define CAST_DECRYPT    0
-
-# define CAST_LONG unsigned int
-
-# define CAST_BLOCK      8
-# define CAST_KEY_LENGTH 16
-
-typedef struct cast_key_st {
-    CAST_LONG data[32];
-    int short_key;              /* Use reduced rounds for short key */
-} CAST_KEY;
-
-# ifdef OPENSSL_FIPS
-void private_CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
-# endif
-void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
-void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out,
-                      const CAST_KEY *key, int enc);
-void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key);
-void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key);
-void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out,
-                      long length, const CAST_KEY *ks, unsigned char *iv,
-                      int enc);
-void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
-                        long length, const CAST_KEY *schedule,
-                        unsigned char *ivec, int *num, int enc);
-void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out,
-                        long length, const CAST_KEY *schedule,
-                        unsigned char *ivec, int *num);
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/freebsd/crypto/openssl/crypto/cast/cast_lcl.h b/freebsd/crypto/openssl/crypto/cast/cast_lcl.h
index b0f08294..35e89930 100644
--- a/freebsd/crypto/openssl/crypto/cast/cast_lcl.h
+++ b/freebsd/crypto/openssl/crypto/cast/cast_lcl.h
@@ -1,63 +1,12 @@
-/* crypto/cast/cast_lcl.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include "e_os.h"
-
 #ifdef OPENSSL_SYS_WIN32
 # include <stdlib.h>
 #endif
@@ -113,12 +62,19 @@
                         l1=l2=0; \
                         switch (n) { \
                         case 8: l2 =((unsigned long)(*(--(c))))    ; \
+                        /* fall thru */                              \
                         case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
+                        /* fall thru */                              \
                         case 6: l2|=((unsigned long)(*(--(c))))<<16; \
+                        /* fall thru */                              \
                         case 5: l2|=((unsigned long)(*(--(c))))<<24; \
+                        /* fall thru */                              \
                         case 4: l1 =((unsigned long)(*(--(c))))    ; \
+                        /* fall thru */                              \
                         case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
+                        /* fall thru */                              \
                         case 2: l1|=((unsigned long)(*(--(c))))<<16; \
+                        /* fall thru */                              \
                         case 1: l1|=((unsigned long)(*(--(c))))<<24; \
                                 } \
                         }
@@ -128,12 +84,19 @@
                         c+=n; \
                         switch (n) { \
                         case 8: *(--(c))=(unsigned char)(((l2)    )&0xff); \
+                        /* fall thru */                                    \
                         case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
+                        /* fall thru */                                    \
                         case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
+                        /* fall thru */                                    \
                         case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
+                        /* fall thru */                                    \
                         case 4: *(--(c))=(unsigned char)(((l1)    )&0xff); \
+                        /* fall thru */                                    \
                         case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
+                        /* fall thru */                                    \
                         case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
+                        /* fall thru */                                    \
                         case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
                                 } \
                         }
@@ -152,10 +115,8 @@
 
 #if defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)
 # define ROTL(a,n)     (_lrotl(a,n))
-#elif defined(PEDANTIC)
-# define ROTL(a,n)     ((((a)<<(n))&0xffffffffL)|((a)>>((32-(n))&31)))
 #else
-# define ROTL(a,n)     ((((a)<<(n))&0xffffffffL)|((a)>>(32-(n))))
+# define ROTL(a,n)     ((((a)<<(n))&0xffffffffL)|((a)>>((32-(n))&31)))
 #endif
 
 #define C_M    0x3fc
diff --git a/freebsd/crypto/openssl/crypto/cast/cast_s.h b/freebsd/crypto/openssl/crypto/cast/cast_s.h
index 380dc81a..b27415b9 100644
--- a/freebsd/crypto/openssl/crypto/cast/cast_s.h
+++ b/freebsd/crypto/openssl/crypto/cast/cast_s.h
@@ -1,61 +1,13 @@
-/* crypto/cast/cast_s.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
-OPENSSL_GLOBAL const CAST_LONG CAST_S_table0[256] = {
+
+const CAST_LONG CAST_S_table0[256] = {
     0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a,
     0x1e213f2f, 0x9c004dd3, 0x6003e540, 0xcf9fc949,
     0xbfd4af27, 0x88bbbdb5, 0xe2034090, 0x98d09675,
@@ -122,7 +74,7 @@ OPENSSL_GLOBAL const CAST_LONG CAST_S_table0[256] = {
     0x427b169c, 0x5ac9f049, 0xdd8f0f00, 0x5c8165bf,
 };
 
-OPENSSL_GLOBAL const CAST_LONG CAST_S_table1[256] = {
+const CAST_LONG CAST_S_table1[256] = {
     0x1f201094, 0xef0ba75b, 0x69e3cf7e, 0x393f4380,
     0xfe61cf7a, 0xeec5207a, 0x55889c94, 0x72fc0651,
     0xada7ef79, 0x4e1d7235, 0xd55a63ce, 0xde0436ba,
@@ -189,7 +141,7 @@ OPENSSL_GLOBAL const CAST_LONG CAST_S_table1[256] = {
     0x7160a539, 0x73bfbe70, 0x83877605, 0x4523ecf1,
 };
 
-OPENSSL_GLOBAL const CAST_LONG CAST_S_table2[256] = {
+const CAST_LONG CAST_S_table2[256] = {
     0x8defc240, 0x25fa5d9f, 0xeb903dbf, 0xe810c907,
     0x47607fff, 0x369fe44b, 0x8c1fc644, 0xaececa90,
     0xbeb1f9bf, 0xeefbcaea, 0xe8cf1950, 0x51df07ae,
@@ -256,7 +208,7 @@ OPENSSL_GLOBAL const CAST_LONG CAST_S_table2[256] = {
     0xdfef4636, 0xa133c501, 0xe9d3531c, 0xee353783,
 };
 
-OPENSSL_GLOBAL const CAST_LONG CAST_S_table3[256] = {
+const CAST_LONG CAST_S_table3[256] = {
     0x9db30420, 0x1fb6e9de, 0xa7be7bef, 0xd273a298,
     0x4a4f7bdb, 0x64ad8c57, 0x85510443, 0xfa020ed1,
     0x7e287aff, 0xe60fb663, 0x095f35a1, 0x79ebf120,
@@ -323,7 +275,7 @@ OPENSSL_GLOBAL const CAST_LONG CAST_S_table3[256] = {
     0x13ecf0b0, 0xd3ffb372, 0x3f85c5c1, 0x0aef7ed2,
 };
 
-OPENSSL_GLOBAL const CAST_LONG CAST_S_table4[256] = {
+const CAST_LONG CAST_S_table4[256] = {
     0x7ec90c04, 0x2c6e74b9, 0x9b0e66df, 0xa6337911,
     0xb86a7fff, 0x1dd358f5, 0x44dd9d44, 0x1731167f,
     0x08fbf1fa, 0xe7f511cc, 0xd2051b00, 0x735aba00,
@@ -390,7 +342,7 @@ OPENSSL_GLOBAL const CAST_LONG CAST_S_table4[256] = {
     0x5e76ffa8, 0xb1534546, 0x6d47de08, 0xefe9e7d4,
 };
 
-OPENSSL_GLOBAL const CAST_LONG CAST_S_table5[256] = {
+const CAST_LONG CAST_S_table5[256] = {
     0xf6fa8f9d, 0x2cac6ce1, 0x4ca34867, 0xe2337f7c,
     0x95db08e7, 0x016843b4, 0xeced5cbc, 0x325553ac,
     0xbf9f0960, 0xdfa1e2ed, 0x83f0579d, 0x63ed86b9,
@@ -457,7 +409,7 @@ OPENSSL_GLOBAL const CAST_LONG CAST_S_table5[256] = {
     0x48392905, 0xa65b1db8, 0x851c97bd, 0xd675cf2f,
 };
 
-OPENSSL_GLOBAL const CAST_LONG CAST_S_table6[256] = {
+const CAST_LONG CAST_S_table6[256] = {
     0x85e04019, 0x332bf567, 0x662dbfff, 0xcfc65693,
     0x2a8d7f6f, 0xab9bc912, 0xde6008a1, 0x2028da1f,
     0x0227bce7, 0x4d642916, 0x18fac300, 0x50f18b82,
@@ -524,7 +476,7 @@ OPENSSL_GLOBAL const CAST_LONG CAST_S_table6[256] = {
     0xf2a279c7, 0x94e01be8, 0x90716f4b, 0x954b8aa3,
 };
 
-OPENSSL_GLOBAL const CAST_LONG CAST_S_table7[256] = {
+const CAST_LONG CAST_S_table7[256] = {
     0xe216300d, 0xbbddfffc, 0xa7ebdabd, 0x35648095,
     0x7789f8b7, 0xe6c1121b, 0x0e241600, 0x052ce8b5,
     0x11a9cfb0, 0xe5952f11, 0xece7990a, 0x9386d174,
diff --git a/freebsd/crypto/openssl/crypto/cast/cast_spd.c b/freebsd/crypto/openssl/crypto/cast/cast_spd.c
deleted file mode 100644
index 89e90414..00000000
--- a/freebsd/crypto/openssl/crypto/cast/cast_spd.c
+++ /dev/null
@@ -1,264 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/cast/cast_spd.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
-/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
-
-#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
-# define TIMES
-#endif
-
-#include <stdio.h>
-
-#include <openssl/e_os2.h>
-#include OPENSSL_UNISTD_IO
-OPENSSL_DECLARE_EXIT
-#ifndef OPENSSL_SYS_NETWARE
-# include <signal.h>
-#endif
-#ifndef _IRIX
-# include <time.h>
-#endif
-#ifdef TIMES
-# include <sys/types.h>
-# include <sys/times.h>
-#endif
-    /*
-     * Depending on the VMS version, the tms structure is perhaps defined.
-     * The __TMS macro will show if it was.  If it wasn't defined, we should
-     * undefine TIMES, since that tells the rest of the program how things
-     * should be handled.  -- Richard Levitte
-     */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
-# undef TIMES
-#endif
-#ifndef TIMES
-# include <sys/timeb.h>
-#endif
-#if defined(sun) || defined(__ultrix)
-# define _POSIX_SOURCE
-# include <limits.h>
-# include <sys/param.h>
-#endif
-#include <openssl/cast.h>
-/* The following if from times(3) man page.  It may need to be changed */
-#ifndef HZ
-# ifndef CLK_TCK
-#  define HZ      100.0
-# else                          /* CLK_TCK */
-#  define HZ ((double)CLK_TCK)
-# endif
-#endif
-#define BUFSIZE ((long)1024)
-long run = 0;
-
-double Time_F(int s);
-#ifdef SIGALRM
-# if defined(__STDC__) || defined(sgi) || defined(_AIX)
-#  define SIGRETTYPE void
-# else
-#  define SIGRETTYPE int
-# endif
-
-SIGRETTYPE sig_done(int sig);
-SIGRETTYPE sig_done(int sig)
-{
-    signal(SIGALRM, sig_done);
-    run = 0;
-# ifdef LINT
-    sig = sig;
-# endif
-}
-#endif
-
-#define START   0
-#define STOP    1
-
-double Time_F(int s)
-{
-    double ret;
-#ifdef TIMES
-    static struct tms tstart, tend;
-
-    if (s == START) {
-        times(&tstart);
-        return (0);
-    } else {
-        times(&tend);
-        ret = ((double)(tend.tms_utime - tstart.tms_utime)) / HZ;
-        return ((ret == 0.0) ? 1e-6 : ret);
-    }
-#else                           /* !times() */
-    static struct timeb tstart, tend;
-    long i;
-
-    if (s == START) {
-        ftime(&tstart);
-        return (0);
-    } else {
-        ftime(&tend);
-        i = (long)tend.millitm - (long)tstart.millitm;
-        ret = ((double)(tend.time - tstart.time)) + ((double)i) / 1e3;
-        return ((ret == 0.0) ? 1e-6 : ret);
-    }
-#endif
-}
-
-int main(int argc, char **argv)
-{
-    long count;
-    static unsigned char buf[BUFSIZE];
-    static unsigned char key[] = {
-        0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
-        0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
-    };
-    CAST_KEY sch;
-    double a, b, c, d;
-#ifndef SIGALRM
-    long ca, cb, cc;
-#endif
-
-#ifndef TIMES
-    printf("To get the most accurate results, try to run this\n");
-    printf("program when this computer is idle.\n");
-#endif
-
-#ifndef SIGALRM
-    printf("First we calculate the approximate speed ...\n");
-    CAST_set_key(&sch, 16, key);
-    count = 10;
-    do {
-        long i;
-        CAST_LONG data[2];
-
-        count *= 2;
-        Time_F(START);
-        for (i = count; i; i--)
-            CAST_encrypt(data, &sch);
-        d = Time_F(STOP);
-    } while (d < 3.0);
-    ca = count / 512;
-    cb = count;
-    cc = count * 8 / BUFSIZE + 1;
-    printf("Doing CAST_set_key %ld times\n", ca);
-# define COND(d) (count != (d))
-# define COUNT(d) (d)
-#else
-# define COND(c) (run)
-# define COUNT(d) (count)
-    signal(SIGALRM, sig_done);
-    printf("Doing CAST_set_key for 10 seconds\n");
-    alarm(10);
-#endif
-
-    Time_F(START);
-    for (count = 0, run = 1; COND(ca); count += 4) {
-        CAST_set_key(&sch, 16, key);
-        CAST_set_key(&sch, 16, key);
-        CAST_set_key(&sch, 16, key);
-        CAST_set_key(&sch, 16, key);
-    }
-    d = Time_F(STOP);
-    printf("%ld cast set_key's in %.2f seconds\n", count, d);
-    a = ((double)COUNT(ca)) / d;
-
-#ifdef SIGALRM
-    printf("Doing CAST_encrypt's for 10 seconds\n");
-    alarm(10);
-#else
-    printf("Doing CAST_encrypt %ld times\n", cb);
-#endif
-    Time_F(START);
-    for (count = 0, run = 1; COND(cb); count += 4) {
-        CAST_LONG data[2];
-
-        CAST_encrypt(data, &sch);
-        CAST_encrypt(data, &sch);
-        CAST_encrypt(data, &sch);
-        CAST_encrypt(data, &sch);
-    }
-    d = Time_F(STOP);
-    printf("%ld CAST_encrypt's in %.2f second\n", count, d);
-    b = ((double)COUNT(cb) * 8) / d;
-
-#ifdef SIGALRM
-    printf("Doing CAST_cbc_encrypt on %ld byte blocks for 10 seconds\n",
-           BUFSIZE);
-    alarm(10);
-#else
-    printf("Doing CAST_cbc_encrypt %ld times on %ld byte blocks\n", cc,
-           BUFSIZE);
-#endif
-    Time_F(START);
-    for (count = 0, run = 1; COND(cc); count++)
-        CAST_cbc_encrypt(buf, buf, BUFSIZE, &sch, &(key[0]), CAST_ENCRYPT);
-    d = Time_F(STOP);
-    printf("%ld CAST_cbc_encrypt's of %ld byte blocks in %.2f second\n",
-           count, BUFSIZE, d);
-    c = ((double)COUNT(cc) * BUFSIZE) / d;
-
-    printf("CAST set_key       per sec = %12.2f (%9.3fuS)\n", a, 1.0e6 / a);
-    printf("CAST raw ecb bytes per sec = %12.2f (%9.3fuS)\n", b, 8.0e6 / b);
-    printf("CAST cbc     bytes per sec = %12.2f (%9.3fuS)\n", c, 8.0e6 / c);
-    exit(0);
-#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
-    return (0);
-#endif
-}
diff --git a/freebsd/crypto/openssl/crypto/cast/castopts.c b/freebsd/crypto/openssl/crypto/cast/castopts.c
deleted file mode 100644
index d80cecb1..00000000
--- a/freebsd/crypto/openssl/crypto/cast/castopts.c
+++ /dev/null
@@ -1,336 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/cast/castopts.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/*
- * define PART1, PART2, PART3 or PART4 to build only with a few of the
- * options. This is for machines with 64k code segment size restrictions.
- */
-
-#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC))
-# define TIMES
-#endif
-
-#include <stdio.h>
-
-#include <openssl/e_os2.h>
-#include OPENSSL_UNISTD_IO
-OPENSSL_DECLARE_EXIT
-#ifndef OPENSSL_SYS_NETWARE
-# include <signal.h>
-#endif
-#ifndef _IRIX
-# include <time.h>
-#endif
-#ifdef TIMES
-# include <sys/types.h>
-# include <sys/times.h>
-#endif
-    /*
-     * Depending on the VMS version, the tms structure is perhaps defined.
-     * The __TMS macro will show if it was.  If it wasn't defined, we should
-     * undefine TIMES, since that tells the rest of the program how things
-     * should be handled.  -- Richard Levitte
-     */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
-# undef TIMES
-#endif
-#ifndef TIMES
-# include <sys/timeb.h>
-#endif
-#if defined(sun) || defined(__ultrix)
-# define _POSIX_SOURCE
-# include <limits.h>
-# include <sys/param.h>
-#endif
-#include <openssl/cast.h>
-#define CAST_DEFAULT_OPTIONS
-#undef E_CAST
-#define CAST_encrypt  CAST_encrypt_normal
-#define CAST_decrypt  CAST_decrypt_normal
-#define CAST_cbc_encrypt  CAST_cbc_encrypt_normal
-#undef HEADER_CAST_LOCL_H
-#include "c_enc.c"
-#define CAST_PTR
-#undef CAST_PTR2
-#undef E_CAST
-#undef CAST_encrypt
-#undef CAST_decrypt
-#undef CAST_cbc_encrypt
-#define CAST_encrypt  CAST_encrypt_ptr
-#define CAST_decrypt  CAST_decrypt_ptr
-#define CAST_cbc_encrypt  CAST_cbc_encrypt_ptr
-#undef HEADER_CAST_LOCL_H
-#include "c_enc.c"
-#undef CAST_PTR
-#define CAST_PTR2
-#undef E_CAST
-#undef CAST_encrypt
-#undef CAST_decrypt
-#undef CAST_cbc_encrypt
-#define CAST_encrypt  CAST_encrypt_ptr2
-#define CAST_decrypt  CAST_decrypt_ptr2
-#define CAST_cbc_encrypt  CAST_cbc_encrypt_ptr2
-#undef HEADER_CAST_LOCL_H
-#include "c_enc.c"
-/* The following if from times(3) man page.  It may need to be changed */
-#ifndef HZ
-# ifndef CLK_TCK
-#  ifndef _BSD_CLK_TCK_         /* FreeBSD fix */
-#   define HZ   100.0
-#  else                         /* _BSD_CLK_TCK_ */
-#   define HZ ((double)_BSD_CLK_TCK_)
-#  endif
-# else                          /* CLK_TCK */
-#  define HZ ((double)CLK_TCK)
-# endif
-#endif
-#define BUFSIZE ((long)1024)
-long run = 0;
-
-double Time_F(int s);
-#ifdef SIGALRM
-# if defined(__STDC__) || defined(sgi)
-#  define SIGRETTYPE void
-# else
-#  define SIGRETTYPE int
-# endif
-
-SIGRETTYPE sig_done(int sig);
-SIGRETTYPE sig_done(int sig)
-{
-    signal(SIGALRM, sig_done);
-    run = 0;
-# ifdef LINT
-    sig = sig;
-# endif
-}
-#endif
-
-#define START   0
-#define STOP    1
-
-double Time_F(int s)
-{
-    double ret;
-#ifdef TIMES
-    static struct tms tstart, tend;
-
-    if (s == START) {
-        times(&tstart);
-        return (0);
-    } else {
-        times(&tend);
-        ret = ((double)(tend.tms_utime - tstart.tms_utime)) / HZ;
-        return ((ret == 0.0) ? 1e-6 : ret);
-    }
-#else                           /* !times() */
-    static struct timeb tstart, tend;
-    long i;
-
-    if (s == START) {
-        ftime(&tstart);
-        return (0);
-    } else {
-        ftime(&tend);
-        i = (long)tend.millitm - (long)tstart.millitm;
-        ret = ((double)(tend.time - tstart.time)) + ((double)i) / 1000.0;
-        return ((ret == 0.0) ? 1e-6 : ret);
-    }
-#endif
-}
-
-#ifdef SIGALRM
-# define print_name(name) fprintf(stderr,"Doing %s's for 10 seconds\n",name); alarm(10);
-#else
-# define print_name(name) fprintf(stderr,"Doing %s %ld times\n",name,cb);
-#endif
-
-#define time_it(func,name,index) \
-        print_name(name); \
-        Time_F(START); \
-        for (count=0,run=1; COND(cb); count+=4) \
-                { \
-                unsigned long d[2]; \
-                func(d,&sch); \
-                func(d,&sch); \
-                func(d,&sch); \
-                func(d,&sch); \
-                } \
-        tm[index]=Time_F(STOP); \
-        fprintf(stderr,"%ld %s's in %.2f second\n",count,name,tm[index]); \
-        tm[index]=((double)COUNT(cb))/tm[index];
-
-#define print_it(name,index) \
-        fprintf(stderr,"%s bytes per sec = %12.2f (%5.1fuS)\n",name, \
-                tm[index]*8,1.0e6/tm[index]);
-
-int main(int argc, char **argv)
-{
-    long count;
-    static unsigned char buf[BUFSIZE];
-    static char key[16] = { 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
-        0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0
-    };
-    CAST_KEY sch;
-    double d, tm[16], max = 0;
-    int rank[16];
-    char *str[16];
-    int max_idx = 0, i, num = 0, j;
-#ifndef SIGALARM
-    long ca, cb, cc, cd, ce;
-#endif
-
-    for (i = 0; i < 12; i++) {
-        tm[i] = 0.0;
-        rank[i] = 0;
-    }
-
-#ifndef TIMES
-    fprintf(stderr, "To get the most accurate results, try to run this\n");
-    fprintf(stderr, "program when this computer is idle.\n");
-#endif
-
-    CAST_set_key(&sch, 16, key);
-
-#ifndef SIGALRM
-    fprintf(stderr, "First we calculate the approximate speed ...\n");
-    count = 10;
-    do {
-        long i;
-        unsigned long data[2];
-
-        count *= 2;
-        Time_F(START);
-        for (i = count; i; i--)
-            CAST_encrypt(data, &sch);
-        d = Time_F(STOP);
-    } while (d < 3.0);
-    ca = count;
-    cb = count * 3;
-    cc = count * 3 * 8 / BUFSIZE + 1;
-    cd = count * 8 / BUFSIZE + 1;
-
-    ce = count / 20 + 1;
-# define COND(d) (count != (d))
-# define COUNT(d) (d)
-#else
-# define COND(c) (run)
-# define COUNT(d) (count)
-    signal(SIGALRM, sig_done);
-    alarm(10);
-#endif
-
-    time_it(CAST_encrypt_normal, "CAST_encrypt_normal ", 0);
-    time_it(CAST_encrypt_ptr, "CAST_encrypt_ptr    ", 1);
-    time_it(CAST_encrypt_ptr2, "CAST_encrypt_ptr2   ", 2);
-    num += 3;
-
-    str[0] = "<nothing>";
-    print_it("CAST_encrypt_normal ", 0);
-    max = tm[0];
-    max_idx = 0;
-    str[1] = "ptr      ";
-    print_it("CAST_encrypt_ptr ", 1);
-    if (max < tm[1]) {
-        max = tm[1];
-        max_idx = 1;
-    }
-    str[2] = "ptr2     ";
-    print_it("CAST_encrypt_ptr2 ", 2);
-    if (max < tm[2]) {
-        max = tm[2];
-        max_idx = 2;
-    }
-
-    printf("options    CAST ecb/s\n");
-    printf("%s %12.2f 100.0%%\n", str[max_idx], tm[max_idx]);
-    d = tm[max_idx];
-    tm[max_idx] = -2.0;
-    max = -1.0;
-    for (;;) {
-        for (i = 0; i < 3; i++) {
-            if (max < tm[i]) {
-                max = tm[i];
-                j = i;
-            }
-        }
-        if (max < 0.0)
-            break;
-        printf("%s %12.2f  %4.1f%%\n", str[j], tm[j], tm[j] / d * 100.0);
-        tm[j] = -2.0;
-        max = -1.0;
-    }
-
-    switch (max_idx) {
-    case 0:
-        printf("-DCAST_DEFAULT_OPTIONS\n");
-        break;
-    case 1:
-        printf("-DCAST_PTR\n");
-        break;
-    case 2:
-        printf("-DCAST_PTR2\n");
-        break;
-    }
-    exit(0);
-#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
-    return (0);
-#endif
-}
diff --git a/freebsd/crypto/openssl/crypto/cast/casttest.c b/freebsd/crypto/openssl/crypto/cast/casttest.c
deleted file mode 100644
index 16c57aa7..00000000
--- a/freebsd/crypto/openssl/crypto/cast/casttest.c
+++ /dev/null
@@ -1,243 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/cast/casttest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_CAST is defined */
-
-#include "../e_os.h"
-
-#ifdef OPENSSL_NO_CAST
-int main(int argc, char *argv[])
-{
-    printf("No CAST support\n");
-    return (0);
-}
-#else
-# include <openssl/cast.h>
-
-# define FULL_TEST
-
-static unsigned char k[16] = {
-    0x01, 0x23, 0x45, 0x67, 0x12, 0x34, 0x56, 0x78,
-    0x23, 0x45, 0x67, 0x89, 0x34, 0x56, 0x78, 0x9A
-};
-
-static unsigned char in[8] =
-    { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF };
-
-static int k_len[3] = { 16, 10, 5 };
-
-static unsigned char c[3][8] = {
-    {0x23, 0x8B, 0x4F, 0xE5, 0x84, 0x7E, 0x44, 0xB2},
-    {0xEB, 0x6A, 0x71, 0x1A, 0x2C, 0x02, 0x27, 0x1B},
-    {0x7A, 0xC8, 0x16, 0xD1, 0x6E, 0x9B, 0x30, 0x2E},
-};
-
-static unsigned char out[80];
-
-static unsigned char in_a[16] = {
-    0x01, 0x23, 0x45, 0x67, 0x12, 0x34, 0x56, 0x78,
-    0x23, 0x45, 0x67, 0x89, 0x34, 0x56, 0x78, 0x9A
-};
-
-static unsigned char in_b[16] = {
-    0x01, 0x23, 0x45, 0x67, 0x12, 0x34, 0x56, 0x78,
-    0x23, 0x45, 0x67, 0x89, 0x34, 0x56, 0x78, 0x9A
-};
-
-static unsigned char c_a[16] = {
-    0xEE, 0xA9, 0xD0, 0xA2, 0x49, 0xFD, 0x3B, 0xA6,
-    0xB3, 0x43, 0x6F, 0xB8, 0x9D, 0x6D, 0xCA, 0x92
-};
-
-static unsigned char c_b[16] = {
-    0xB2, 0xC9, 0x5E, 0xB0, 0x0C, 0x31, 0xAD, 0x71,
-    0x80, 0xAC, 0x05, 0xB8, 0xE8, 0x3D, 0x69, 0x6E
-};
-
-# if 0
-char *text = "Hello to all people out there";
-
-static unsigned char cfb_key[16] = {
-    0xe1, 0xf0, 0xc3, 0xd2, 0xa5, 0xb4, 0x87, 0x96,
-    0x69, 0x78, 0x4b, 0x5a, 0x2d, 0x3c, 0x0f, 0x1e,
-};
-static unsigned char cfb_iv[80] =
-    { 0x34, 0x12, 0x78, 0x56, 0xab, 0x90, 0xef, 0xcd };
-static unsigned char cfb_buf1[40], cfb_buf2[40], cfb_tmp[8];
-#  define CFB_TEST_SIZE 24
-static unsigned char plain[CFB_TEST_SIZE] = {
-    0x4e, 0x6f, 0x77, 0x20, 0x69, 0x73,
-    0x20, 0x74, 0x68, 0x65, 0x20, 0x74,
-    0x69, 0x6d, 0x65, 0x20, 0x66, 0x6f,
-    0x72, 0x20, 0x61, 0x6c, 0x6c, 0x20
-};
-
-static unsigned char cfb_cipher64[CFB_TEST_SIZE] = {
-    0x59, 0xD8, 0xE2, 0x65, 0x00, 0x58, 0x6C, 0x3F,
-    0x2C, 0x17, 0x25, 0xD0, 0x1A, 0x38, 0xB7, 0x2A,
-    0x39, 0x61, 0x37, 0xDC, 0x79, 0xFB, 0x9F, 0x45
-/*- 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
-    0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,
-    0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/
-};
-# endif
-
-int main(int argc, char *argv[])
-{
-# ifdef FULL_TEST
-    long l;
-    CAST_KEY key_b;
-# endif
-    int i, z, err = 0;
-    CAST_KEY key;
-
-    for (z = 0; z < 3; z++) {
-        CAST_set_key(&key, k_len[z], k);
-
-        CAST_ecb_encrypt(in, out, &key, CAST_ENCRYPT);
-        if (memcmp(out, &(c[z][0]), 8) != 0) {
-            printf("ecb cast error encrypting for keysize %d\n",
-                   k_len[z] * 8);
-            printf("got     :");
-            for (i = 0; i < 8; i++)
-                printf("%02X ", out[i]);
-            printf("\n");
-            printf("expected:");
-            for (i = 0; i < 8; i++)
-                printf("%02X ", c[z][i]);
-            err = 20;
-            printf("\n");
-        }
-
-        CAST_ecb_encrypt(out, out, &key, CAST_DECRYPT);
-        if (memcmp(out, in, 8) != 0) {
-            printf("ecb cast error decrypting for keysize %d\n",
-                   k_len[z] * 8);
-            printf("got     :");
-            for (i = 0; i < 8; i++)
-                printf("%02X ", out[i]);
-            printf("\n");
-            printf("expected:");
-            for (i = 0; i < 8; i++)
-                printf("%02X ", in[i]);
-            printf("\n");
-            err = 3;
-        }
-    }
-    if (err == 0)
-        printf("ecb cast5 ok\n");
-
-# ifdef FULL_TEST
-    {
-        unsigned char out_a[16], out_b[16];
-        static char *hex = "0123456789ABCDEF";
-
-        printf("This test will take some time....");
-        fflush(stdout);
-        memcpy(out_a, in_a, sizeof(in_a));
-        memcpy(out_b, in_b, sizeof(in_b));
-        i = 1;
-
-        for (l = 0; l < 1000000L; l++) {
-            CAST_set_key(&key_b, 16, out_b);
-            CAST_ecb_encrypt(&(out_a[0]), &(out_a[0]), &key_b, CAST_ENCRYPT);
-            CAST_ecb_encrypt(&(out_a[8]), &(out_a[8]), &key_b, CAST_ENCRYPT);
-            CAST_set_key(&key, 16, out_a);
-            CAST_ecb_encrypt(&(out_b[0]), &(out_b[0]), &key, CAST_ENCRYPT);
-            CAST_ecb_encrypt(&(out_b[8]), &(out_b[8]), &key, CAST_ENCRYPT);
-            if ((l & 0xffff) == 0xffff) {
-                printf("%c", hex[i & 0x0f]);
-                fflush(stdout);
-                i++;
-            }
-        }
-
-        if ((memcmp(out_a, c_a, sizeof(c_a)) != 0) ||
-            (memcmp(out_b, c_b, sizeof(c_b)) != 0)) {
-            printf("\n");
-            printf("Error\n");
-
-            printf("A out =");
-            for (i = 0; i < 16; i++)
-                printf("%02X ", out_a[i]);
-            printf("\nactual=");
-            for (i = 0; i < 16; i++)
-                printf("%02X ", c_a[i]);
-            printf("\n");
-
-            printf("B out =");
-            for (i = 0; i < 16; i++)
-                printf("%02X ", out_b[i]);
-            printf("\nactual=");
-            for (i = 0; i < 16; i++)
-                printf("%02X ", c_b[i]);
-            printf("\n");
-        } else
-            printf(" ok\n");
-    }
-# endif
-
-    EXIT(err);
-    return (err);
-}
-#endif
diff --git a/freebsd/crypto/openssl/crypto/chacha/chacha_enc.c b/freebsd/crypto/openssl/crypto/chacha/chacha_enc.c
new file mode 100644
index 00000000..9794ff19
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/chacha/chacha_enc.c
@@ -0,0 +1,123 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Adapted from the public domain code by D. Bernstein from SUPERCOP. */
+
+#include <string.h>
+
+#include "internal/chacha.h"
+
+typedef unsigned int u32;
+typedef unsigned char u8;
+typedef union {
+    u32 u[16];
+    u8 c[64];
+} chacha_buf;
+
+# define ROTATE(v, n) (((v) << (n)) | ((v) >> (32 - (n))))
+
+# define U32TO8_LITTLE(p, v) do { \
+                                (p)[0] = (u8)(v >>  0); \
+                                (p)[1] = (u8)(v >>  8); \
+                                (p)[2] = (u8)(v >> 16); \
+                                (p)[3] = (u8)(v >> 24); \
+                                } while(0)
+
+/* QUARTERROUND updates a, b, c, d with a ChaCha "quarter" round. */
+# define QUARTERROUND(a,b,c,d) ( \
+                x[a] += x[b], x[d] = ROTATE((x[d] ^ x[a]),16), \
+                x[c] += x[d], x[b] = ROTATE((x[b] ^ x[c]),12), \
+                x[a] += x[b], x[d] = ROTATE((x[d] ^ x[a]), 8), \
+                x[c] += x[d], x[b] = ROTATE((x[b] ^ x[c]), 7)  )
+
+/* chacha_core performs 20 rounds of ChaCha on the input words in
+ * |input| and writes the 64 output bytes to |output|. */
+static void chacha20_core(chacha_buf *output, const u32 input[16])
+{
+    u32 x[16];
+    int i;
+    const union {
+        long one;
+        char little;
+    } is_endian = { 1 };
+
+    memcpy(x, input, sizeof(x));
+
+    for (i = 20; i > 0; i -= 2) {
+        QUARTERROUND(0, 4, 8, 12);
+        QUARTERROUND(1, 5, 9, 13);
+        QUARTERROUND(2, 6, 10, 14);
+        QUARTERROUND(3, 7, 11, 15);
+        QUARTERROUND(0, 5, 10, 15);
+        QUARTERROUND(1, 6, 11, 12);
+        QUARTERROUND(2, 7, 8, 13);
+        QUARTERROUND(3, 4, 9, 14);
+    }
+
+    if (is_endian.little) {
+        for (i = 0; i < 16; ++i)
+            output->u[i] = x[i] + input[i];
+    } else {
+        for (i = 0; i < 16; ++i)
+            U32TO8_LITTLE(output->c + 4 * i, (x[i] + input[i]));
+    }
+}
+
+void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp,
+                    size_t len, const unsigned int key[8],
+                    const unsigned int counter[4])
+{
+    u32 input[16];
+    chacha_buf buf;
+    size_t todo, i;
+
+    /* sigma constant "expand 32-byte k" in little-endian encoding */
+    input[0] = ((u32)'e') | ((u32)'x'<<8) | ((u32)'p'<<16) | ((u32)'a'<<24);
+    input[1] = ((u32)'n') | ((u32)'d'<<8) | ((u32)' '<<16) | ((u32)'3'<<24);
+    input[2] = ((u32)'2') | ((u32)'-'<<8) | ((u32)'b'<<16) | ((u32)'y'<<24);
+    input[3] = ((u32)'t') | ((u32)'e'<<8) | ((u32)' '<<16) | ((u32)'k'<<24);
+
+    input[4] = key[0];
+    input[5] = key[1];
+    input[6] = key[2];
+    input[7] = key[3];
+    input[8] = key[4];
+    input[9] = key[5];
+    input[10] = key[6];
+    input[11] = key[7];
+
+    input[12] = counter[0];
+    input[13] = counter[1];
+    input[14] = counter[2];
+    input[15] = counter[3];
+
+    while (len > 0) {
+        todo = sizeof(buf);
+        if (len < todo)
+            todo = len;
+
+        chacha20_core(&buf, input);
+
+        for (i = 0; i < todo; i++)
+            out[i] = inp[i] ^ buf.c[i];
+        out += todo;
+        inp += todo;
+        len -= todo;
+
+        /*
+         * Advance 32-bit counter. Note that as subroutine is so to
+         * say nonce-agnostic, this limited counter width doesn't
+         * prevent caller from implementing wider counter. It would
+         * simply take two calls split on counter overflow...
+         */
+        input[12]++;
+    }
+}
diff --git a/freebsd/crypto/openssl/crypto/cmac/cm_ameth.c b/freebsd/crypto/openssl/crypto/cmac/cm_ameth.c
index 13d1d69b..287eece1 100644
--- a/freebsd/crypto/openssl/crypto/cmac/cm_ameth.c
+++ b/freebsd/crypto/openssl/crypto/cmac/cm_ameth.c
@@ -1,63 +1,19 @@
 #include <machine/rtems-bsd-user-space.h>
 
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2010.
- */
-/* ====================================================================
- * Copyright (c) 2010 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/cmac.h>
-#include "asn1_locl.h"
+#include "internal/asn1_int.h"
 
 /*
  * CMAC "ASN1" method. This is just here to indicate the maximum CMAC output
@@ -71,9 +27,8 @@ static int cmac_size(const EVP_PKEY *pkey)
 
 static void cmac_key_free(EVP_PKEY *pkey)
 {
-    CMAC_CTX *cmctx = (CMAC_CTX *)pkey->pkey.ptr;
-    if (cmctx)
-        CMAC_CTX_free(cmctx);
+    CMAC_CTX *cmctx = EVP_PKEY_get0(pkey);
+    CMAC_CTX_free(cmctx);
 }
 
 const EVP_PKEY_ASN1_METHOD cmac_asn1_meth = {
@@ -89,7 +44,7 @@ const EVP_PKEY_ASN1_METHOD cmac_asn1_meth = {
     0, 0, 0,
 
     cmac_size,
-    0,
+    0, 0,
     0, 0, 0, 0, 0, 0, 0,
 
     cmac_key_free,
diff --git a/freebsd/crypto/openssl/crypto/cmac/cm_pmeth.c b/freebsd/crypto/openssl/crypto/cmac/cm_pmeth.c
index 7f6a900d..00dc0250 100644
--- a/freebsd/crypto/openssl/crypto/cmac/cm_pmeth.c
+++ b/freebsd/crypto/openssl/crypto/cmac/cm_pmeth.c
@@ -1,72 +1,28 @@
 #include <machine/rtems-bsd-user-space.h>
 
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2010.
- */
-/* ====================================================================
- * Copyright (c) 2010 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
+ * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 #include <openssl/evp.h>
 #include <openssl/cmac.h>
-#include "evp_locl.h"
+#include "internal/evp_int.h"
 
 /* The context structure and "key" is simply a CMAC_CTX */
 
 static int pkey_cmac_init(EVP_PKEY_CTX *ctx)
 {
     ctx->data = CMAC_CTX_new();
-    if (!ctx->data)
+    if (ctx->data == NULL)
         return 0;
     ctx->keygen_info_count = 0;
     return 1;
@@ -90,7 +46,7 @@ static int pkey_cmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
 {
     CMAC_CTX *cmkey = CMAC_CTX_new();
     CMAC_CTX *cmctx = ctx->data;
-    if (!cmkey)
+    if (cmkey == NULL)
         return 0;
     if (!CMAC_CTX_copy(cmkey, cmctx)) {
         CMAC_CTX_free(cmkey);
@@ -103,7 +59,7 @@ static int pkey_cmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
 
 static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count)
 {
-    if (!CMAC_Update(ctx->pctx->data, data, count))
+    if (!CMAC_Update(EVP_MD_CTX_pkey_ctx(ctx)->data, data, count))
         return 0;
     return 1;
 }
@@ -111,7 +67,7 @@ static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count)
 static int cmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
 {
     EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT);
-    mctx->update = int_update;
+    EVP_MD_CTX_set_update_fn(mctx, int_update);
     return 1;
 }
 
@@ -159,28 +115,17 @@ static int pkey_cmac_ctrl_str(EVP_PKEY_CTX *ctx,
     if (!value) {
         return 0;
     }
-    if (!strcmp(type, "key")) {
-        void *p = (void *)value;
-        return pkey_cmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, strlen(p), p);
-    }
-    if (!strcmp(type, "cipher")) {
+    if (strcmp(type, "cipher") == 0) {
         const EVP_CIPHER *c;
         c = EVP_get_cipherbyname(value);
         if (!c)
             return 0;
         return pkey_cmac_ctrl(ctx, EVP_PKEY_CTRL_CIPHER, -1, (void *)c);
     }
-    if (!strcmp(type, "hexkey")) {
-        unsigned char *key;
-        int r;
-        long keylen;
-        key = string_to_hex(value, &keylen);
-        if (!key)
-            return 0;
-        r = pkey_cmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, keylen, key);
-        OPENSSL_free(key);
-        return r;
-    }
+    if (strcmp(type, "key") == 0)
+        return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value);
+    if (strcmp(type, "hexkey") == 0)
+        return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value);
     return -2;
 }
 
diff --git a/freebsd/crypto/openssl/crypto/cmac/cmac.c b/freebsd/crypto/openssl/crypto/cmac/cmac.c
index 007602f1..cad96344 100644
--- a/freebsd/crypto/openssl/crypto/cmac/cmac.c
+++ b/freebsd/crypto/openssl/crypto/cmac/cmac.c
@@ -1,72 +1,24 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/cmac/cmac.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2010 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
+ * Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/cmac.h>
-
-#ifdef OPENSSL_FIPS
-# include <openssl/fips.h>
-#endif
+#include <openssl/err.h>
 
 struct CMAC_CTX_st {
     /* Cipher context to use */
-    EVP_CIPHER_CTX cctx;
+    EVP_CIPHER_CTX *cctx;
     /* Keys k1 and k2 */
     unsigned char k1[EVP_MAX_BLOCK_LENGTH];
     unsigned char k2[EVP_MAX_BLOCK_LENGTH];
@@ -80,40 +32,39 @@ struct CMAC_CTX_st {
 
 /* Make temporary keys K1 and K2 */
 
-static void make_kn(unsigned char *k1, unsigned char *l, int bl)
+static void make_kn(unsigned char *k1, const unsigned char *l, int bl)
 {
     int i;
+    unsigned char c = l[0], carry = c >> 7, cnext;
+
     /* Shift block to left, including carry */
-    for (i = 0; i < bl; i++) {
-        k1[i] = l[i] << 1;
-        if (i < bl - 1 && l[i + 1] & 0x80)
-            k1[i] |= 1;
-    }
+    for (i = 0; i < bl - 1; i++, c = cnext)
+        k1[i] = (c << 1) | ((cnext = l[i + 1]) >> 7);
+
     /* If MSB set fixup with R */
-    if (l[0] & 0x80)
-        k1[bl - 1] ^= bl == 16 ? 0x87 : 0x1b;
+    k1[i] = (c << 1) ^ ((0 - carry) & (bl == 16 ? 0x87 : 0x1b));
 }
 
 CMAC_CTX *CMAC_CTX_new(void)
 {
     CMAC_CTX *ctx;
-    ctx = OPENSSL_malloc(sizeof(CMAC_CTX));
-    if (!ctx)
+
+    if ((ctx = OPENSSL_malloc(sizeof(*ctx))) == NULL) {
+        CRYPTOerr(CRYPTO_F_CMAC_CTX_NEW, ERR_R_MALLOC_FAILURE);
         return NULL;
-    EVP_CIPHER_CTX_init(&ctx->cctx);
+    }
+    ctx->cctx = EVP_CIPHER_CTX_new();
+    if (ctx->cctx == NULL) {
+        OPENSSL_free(ctx);
+        return NULL;
+    }
     ctx->nlast_block = -1;
     return ctx;
 }
 
 void CMAC_CTX_cleanup(CMAC_CTX *ctx)
 {
-#ifdef OPENSSL_FIPS
-    if (FIPS_mode() && !ctx->cctx.engine) {
-        FIPS_cmac_ctx_cleanup(ctx);
-        return;
-    }
-#endif
-    EVP_CIPHER_CTX_cleanup(&ctx->cctx);
+    EVP_CIPHER_CTX_reset(ctx->cctx);
     OPENSSL_cleanse(ctx->tbl, EVP_MAX_BLOCK_LENGTH);
     OPENSSL_cleanse(ctx->k1, EVP_MAX_BLOCK_LENGTH);
     OPENSSL_cleanse(ctx->k2, EVP_MAX_BLOCK_LENGTH);
@@ -123,7 +74,7 @@ void CMAC_CTX_cleanup(CMAC_CTX *ctx)
 
 EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx)
 {
-    return &ctx->cctx;
+    return ctx->cctx;
 }
 
 void CMAC_CTX_free(CMAC_CTX *ctx)
@@ -131,6 +82,7 @@ void CMAC_CTX_free(CMAC_CTX *ctx)
     if (!ctx)
         return;
     CMAC_CTX_cleanup(ctx);
+    EVP_CIPHER_CTX_free(ctx->cctx);
     OPENSSL_free(ctx);
 }
 
@@ -139,9 +91,9 @@ int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in)
     int bl;
     if (in->nlast_block == -1)
         return 0;
-    if (!EVP_CIPHER_CTX_copy(&out->cctx, &in->cctx))
+    if (!EVP_CIPHER_CTX_copy(out->cctx, in->cctx))
         return 0;
-    bl = EVP_CIPHER_CTX_block_size(&in->cctx);
+    bl = EVP_CIPHER_CTX_block_size(in->cctx);
     memcpy(out->k1, in->k1, bl);
     memcpy(out->k2, in->k2, bl);
     memcpy(out->tbl, in->tbl, bl);
@@ -153,62 +105,38 @@ int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in)
 int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
               const EVP_CIPHER *cipher, ENGINE *impl)
 {
-    static unsigned char zero_iv[EVP_MAX_BLOCK_LENGTH];
-#ifdef OPENSSL_FIPS
-    if (FIPS_mode()) {
-        /* If we have an ENGINE need to allow non FIPS */
-        if ((impl || ctx->cctx.engine)
-            && !(ctx->cctx.flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)) {
-            EVPerr(EVP_F_CMAC_INIT, EVP_R_DISABLED_FOR_FIPS);
-            return 0;
-        }
-
-        /* Switch to FIPS cipher implementation if possible */
-        if (cipher != NULL) {
-            const EVP_CIPHER *fcipher;
-            fcipher = FIPS_get_cipherbynid(EVP_CIPHER_nid(cipher));
-            if (fcipher != NULL)
-                cipher = fcipher;
-        }
-        /*
-         * Other algorithm blocking will be done in FIPS_cmac_init, via
-         * FIPS_cipherinit().
-         */
-        if (!impl && !ctx->cctx.engine)
-            return FIPS_cmac_init(ctx, key, keylen, cipher, NULL);
-    }
-#endif
+    static const unsigned char zero_iv[EVP_MAX_BLOCK_LENGTH] = { 0 };
     /* All zeros means restart */
     if (!key && !cipher && !impl && keylen == 0) {
         /* Not initialised */
         if (ctx->nlast_block == -1)
             return 0;
-        if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv))
+        if (!EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, NULL, zero_iv))
             return 0;
-        memset(ctx->tbl, 0, EVP_CIPHER_CTX_block_size(&ctx->cctx));
+        memset(ctx->tbl, 0, EVP_CIPHER_CTX_block_size(ctx->cctx));
         ctx->nlast_block = 0;
         return 1;
     }
-    /* Initialiase context */
-    if (cipher && !EVP_EncryptInit_ex(&ctx->cctx, cipher, impl, NULL, NULL))
+    /* Initialise context */
+    if (cipher && !EVP_EncryptInit_ex(ctx->cctx, cipher, impl, NULL, NULL))
         return 0;
     /* Non-NULL key means initialisation complete */
     if (key) {
         int bl;
-        if (!EVP_CIPHER_CTX_cipher(&ctx->cctx))
+        if (!EVP_CIPHER_CTX_cipher(ctx->cctx))
             return 0;
-        if (!EVP_CIPHER_CTX_set_key_length(&ctx->cctx, keylen))
+        if (!EVP_CIPHER_CTX_set_key_length(ctx->cctx, keylen))
             return 0;
-        if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, key, zero_iv))
+        if (!EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, key, zero_iv))
             return 0;
-        bl = EVP_CIPHER_CTX_block_size(&ctx->cctx);
-        if (!EVP_Cipher(&ctx->cctx, ctx->tbl, zero_iv, bl))
+        bl = EVP_CIPHER_CTX_block_size(ctx->cctx);
+        if (!EVP_Cipher(ctx->cctx, ctx->tbl, zero_iv, bl))
             return 0;
         make_kn(ctx->k1, ctx->tbl, bl);
         make_kn(ctx->k2, ctx->k1, bl);
         OPENSSL_cleanse(ctx->tbl, bl);
         /* Reset context again ready for first data block */
-        if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv))
+        if (!EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, NULL, zero_iv))
             return 0;
         /* Zero tbl so resume works */
         memset(ctx->tbl, 0, bl);
@@ -221,15 +149,11 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen)
 {
     const unsigned char *data = in;
     size_t bl;
-#ifdef OPENSSL_FIPS
-    if (FIPS_mode() && !ctx->cctx.engine)
-        return FIPS_cmac_update(ctx, in, dlen);
-#endif
     if (ctx->nlast_block == -1)
         return 0;
     if (dlen == 0)
         return 1;
-    bl = EVP_CIPHER_CTX_block_size(&ctx->cctx);
+    bl = EVP_CIPHER_CTX_block_size(ctx->cctx);
     /* Copy into partial block if we need to */
     if (ctx->nlast_block > 0) {
         size_t nleft;
@@ -244,12 +168,12 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen)
             return 1;
         data += nleft;
         /* Else not final block so encrypt it */
-        if (!EVP_Cipher(&ctx->cctx, ctx->tbl, ctx->last_block, bl))
+        if (!EVP_Cipher(ctx->cctx, ctx->tbl, ctx->last_block, bl))
             return 0;
     }
     /* Encrypt all but one of the complete blocks left */
     while (dlen > bl) {
-        if (!EVP_Cipher(&ctx->cctx, ctx->tbl, data, bl))
+        if (!EVP_Cipher(ctx->cctx, ctx->tbl, data, bl))
             return 0;
         dlen -= bl;
         data += bl;
@@ -264,13 +188,9 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen)
 int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen)
 {
     int i, bl, lb;
-#ifdef OPENSSL_FIPS
-    if (FIPS_mode() && !ctx->cctx.engine)
-        return FIPS_cmac_final(ctx, out, poutlen);
-#endif
     if (ctx->nlast_block == -1)
         return 0;
-    bl = EVP_CIPHER_CTX_block_size(&ctx->cctx);
+    bl = EVP_CIPHER_CTX_block_size(ctx->cctx);
     *poutlen = (size_t)bl;
     if (!out)
         return 1;
@@ -286,7 +206,7 @@ int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen)
         for (i = 0; i < bl; i++)
             out[i] = ctx->last_block[i] ^ ctx->k2[i];
     }
-    if (!EVP_Cipher(&ctx->cctx, out, out, bl)) {
+    if (!EVP_Cipher(ctx->cctx, out, out, bl)) {
         OPENSSL_cleanse(out, bl);
         return 0;
     }
@@ -298,11 +218,11 @@ int CMAC_resume(CMAC_CTX *ctx)
     if (ctx->nlast_block == -1)
         return 0;
     /*
-     * The buffer "tbl" containes the last fully encrypted block which is the
+     * The buffer "tbl" contains the last fully encrypted block which is the
      * last IV (or all zeroes if no last encrypted block). The last block has
-     * not been modified since CMAC_final(). So reinitliasing using the last
+     * not been modified since CMAC_final(). So reinitialising using the last
      * decrypted block will allow CMAC to continue after calling
      * CMAC_Final().
      */
-    return EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, ctx->tbl);
+    return EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, NULL, ctx->tbl);
 }
diff --git a/freebsd/crypto/openssl/crypto/cmac/cmac.h b/freebsd/crypto/openssl/crypto/cmac/cmac.h
deleted file mode 100644
index 175be834..00000000
--- a/freebsd/crypto/openssl/crypto/cmac/cmac.h
+++ /dev/null
@@ -1,82 +0,0 @@
-/* crypto/cmac/cmac.h */
-/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2010 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#ifndef HEADER_CMAC_H
-# define HEADER_CMAC_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-# include <openssl/evp.h>
-
-/* Opaque */
-typedef struct CMAC_CTX_st CMAC_CTX;
-
-CMAC_CTX *CMAC_CTX_new(void);
-void CMAC_CTX_cleanup(CMAC_CTX *ctx);
-void CMAC_CTX_free(CMAC_CTX *ctx);
-EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx);
-int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in);
-
-int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
-              const EVP_CIPHER *cipher, ENGINE *impl);
-int CMAC_Update(CMAC_CTX *ctx, const void *data, size_t dlen);
-int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen);
-int CMAC_resume(CMAC_CTX *ctx);
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/freebsd/crypto/openssl/crypto/cms/cms_asn1.c b/freebsd/crypto/openssl/crypto/cms/cms_asn1.c
index 11a2cbc0..57b8a766 100644
--- a/freebsd/crypto/openssl/crypto/cms/cms_asn1.c
+++ b/freebsd/crypto/openssl/crypto/cms/cms_asn1.c
@@ -1,63 +1,18 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/cms/cms_asn1.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/asn1t.h>
 #include <openssl/pem.h>
 #include <openssl/x509v3.h>
-#include "cms.h"
+#include <openssl/cms.h>
 #include "cms_lcl.h"
 
 
@@ -69,7 +24,7 @@ ASN1_SEQUENCE(CMS_IssuerAndSerialNumber) = {
 ASN1_SEQUENCE(CMS_OtherCertificateFormat) = {
         ASN1_SIMPLE(CMS_OtherCertificateFormat, otherCertFormat, ASN1_OBJECT),
         ASN1_OPT(CMS_OtherCertificateFormat, otherCert, ASN1_ANY)
-} ASN1_SEQUENCE_END(CMS_OtherCertificateFormat)
+} static_ASN1_SEQUENCE_END(CMS_OtherCertificateFormat)
 
 ASN1_CHOICE(CMS_CertificateChoices) = {
         ASN1_SIMPLE(CMS_CertificateChoices, d.certificate, X509),
@@ -82,12 +37,12 @@ ASN1_CHOICE(CMS_CertificateChoices) = {
 ASN1_CHOICE(CMS_SignerIdentifier) = {
         ASN1_SIMPLE(CMS_SignerIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
         ASN1_IMP(CMS_SignerIdentifier, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0)
-} ASN1_CHOICE_END(CMS_SignerIdentifier)
+} static_ASN1_CHOICE_END(CMS_SignerIdentifier)
 
 ASN1_NDEF_SEQUENCE(CMS_EncapsulatedContentInfo) = {
         ASN1_SIMPLE(CMS_EncapsulatedContentInfo, eContentType, ASN1_OBJECT),
         ASN1_NDEF_EXP_OPT(CMS_EncapsulatedContentInfo, eContent, ASN1_OCTET_STRING_NDEF, 0)
-} ASN1_NDEF_SEQUENCE_END(CMS_EncapsulatedContentInfo)
+} static_ASN1_NDEF_SEQUENCE_END(CMS_EncapsulatedContentInfo)
 
 /* Minor tweak to operation: free up signer key, cert */
 static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
@@ -95,18 +50,15 @@ static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
 {
     if (operation == ASN1_OP_FREE_POST) {
         CMS_SignerInfo *si = (CMS_SignerInfo *)*pval;
-        if (si->pkey)
-            EVP_PKEY_free(si->pkey);
-        if (si->signer)
-            X509_free(si->signer);
-        if (si->pctx)
-            EVP_MD_CTX_cleanup(&si->mctx);
+        EVP_PKEY_free(si->pkey);
+        X509_free(si->signer);
+        EVP_MD_CTX_free(si->mctx);
     }
     return 1;
 }
 
 ASN1_SEQUENCE_cb(CMS_SignerInfo, cms_si_cb) = {
-        ASN1_SIMPLE(CMS_SignerInfo, version, LONG),
+        ASN1_EMBED(CMS_SignerInfo, version, INT32),
         ASN1_SIMPLE(CMS_SignerInfo, sid, CMS_SignerIdentifier),
         ASN1_SIMPLE(CMS_SignerInfo, digestAlgorithm, X509_ALGOR),
         ASN1_IMP_SET_OF_OPT(CMS_SignerInfo, signedAttrs, X509_ATTRIBUTE, 0),
@@ -118,7 +70,7 @@ ASN1_SEQUENCE_cb(CMS_SignerInfo, cms_si_cb) = {
 ASN1_SEQUENCE(CMS_OtherRevocationInfoFormat) = {
         ASN1_SIMPLE(CMS_OtherRevocationInfoFormat, otherRevInfoFormat, ASN1_OBJECT),
         ASN1_OPT(CMS_OtherRevocationInfoFormat, otherRevInfo, ASN1_ANY)
-} ASN1_SEQUENCE_END(CMS_OtherRevocationInfoFormat)
+} static_ASN1_SEQUENCE_END(CMS_OtherRevocationInfoFormat)
 
 ASN1_CHOICE(CMS_RevocationInfoChoice) = {
         ASN1_SIMPLE(CMS_RevocationInfoChoice, d.crl, X509_CRL),
@@ -126,7 +78,7 @@ ASN1_CHOICE(CMS_RevocationInfoChoice) = {
 } ASN1_CHOICE_END(CMS_RevocationInfoChoice)
 
 ASN1_NDEF_SEQUENCE(CMS_SignedData) = {
-        ASN1_SIMPLE(CMS_SignedData, version, LONG),
+        ASN1_EMBED(CMS_SignedData, version, INT32),
         ASN1_SET_OF(CMS_SignedData, digestAlgorithms, X509_ALGOR),
         ASN1_SIMPLE(CMS_SignedData, encapContentInfo, CMS_EncapsulatedContentInfo),
         ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0),
@@ -137,16 +89,16 @@ ASN1_NDEF_SEQUENCE(CMS_SignedData) = {
 ASN1_SEQUENCE(CMS_OriginatorInfo) = {
         ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, certificates, CMS_CertificateChoices, 0),
         ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1)
-} ASN1_SEQUENCE_END(CMS_OriginatorInfo)
+} static_ASN1_SEQUENCE_END(CMS_OriginatorInfo)
 
 ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = {
         ASN1_SIMPLE(CMS_EncryptedContentInfo, contentType, ASN1_OBJECT),
         ASN1_SIMPLE(CMS_EncryptedContentInfo, contentEncryptionAlgorithm, X509_ALGOR),
         ASN1_IMP_OPT(CMS_EncryptedContentInfo, encryptedContent, ASN1_OCTET_STRING_NDEF, 0)
-} ASN1_NDEF_SEQUENCE_END(CMS_EncryptedContentInfo)
+} static_ASN1_NDEF_SEQUENCE_END(CMS_EncryptedContentInfo)
 
 ASN1_SEQUENCE(CMS_KeyTransRecipientInfo) = {
-        ASN1_SIMPLE(CMS_KeyTransRecipientInfo, version, LONG),
+        ASN1_EMBED(CMS_KeyTransRecipientInfo, version, INT32),
         ASN1_SIMPLE(CMS_KeyTransRecipientInfo, rid, CMS_SignerIdentifier),
         ASN1_SIMPLE(CMS_KeyTransRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
         ASN1_SIMPLE(CMS_KeyTransRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
@@ -166,15 +118,14 @@ ASN1_SEQUENCE(CMS_RecipientKeyIdentifier) = {
 ASN1_CHOICE(CMS_KeyAgreeRecipientIdentifier) = {
   ASN1_SIMPLE(CMS_KeyAgreeRecipientIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
   ASN1_IMP(CMS_KeyAgreeRecipientIdentifier, d.rKeyId, CMS_RecipientKeyIdentifier, 0)
-} ASN1_CHOICE_END(CMS_KeyAgreeRecipientIdentifier)
+} static_ASN1_CHOICE_END(CMS_KeyAgreeRecipientIdentifier)
 
 static int cms_rek_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
                       void *exarg)
 {
     CMS_RecipientEncryptedKey *rek = (CMS_RecipientEncryptedKey *)*pval;
     if (operation == ASN1_OP_FREE_POST) {
-        if (rek->pkey)
-            EVP_PKEY_free(rek->pkey);
+        EVP_PKEY_free(rek->pkey);
     }
     return 1;
 }
@@ -193,26 +144,27 @@ ASN1_CHOICE(CMS_OriginatorIdentifierOrKey) = {
   ASN1_SIMPLE(CMS_OriginatorIdentifierOrKey, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
   ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0),
   ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.originatorKey, CMS_OriginatorPublicKey, 1)
-} ASN1_CHOICE_END(CMS_OriginatorIdentifierOrKey)
+} static_ASN1_CHOICE_END(CMS_OriginatorIdentifierOrKey)
 
 static int cms_kari_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
                        void *exarg)
 {
     CMS_KeyAgreeRecipientInfo *kari = (CMS_KeyAgreeRecipientInfo *)*pval;
     if (operation == ASN1_OP_NEW_POST) {
-        EVP_CIPHER_CTX_init(&kari->ctx);
-        EVP_CIPHER_CTX_set_flags(&kari->ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
+        kari->ctx = EVP_CIPHER_CTX_new();
+        if (kari->ctx == NULL)
+            return 0;
+        EVP_CIPHER_CTX_set_flags(kari->ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
         kari->pctx = NULL;
     } else if (operation == ASN1_OP_FREE_POST) {
-        if (kari->pctx)
-            EVP_PKEY_CTX_free(kari->pctx);
-        EVP_CIPHER_CTX_cleanup(&kari->ctx);
+        EVP_PKEY_CTX_free(kari->pctx);
+        EVP_CIPHER_CTX_free(kari->ctx);
     }
     return 1;
 }
 
 ASN1_SEQUENCE_cb(CMS_KeyAgreeRecipientInfo, cms_kari_cb) = {
-        ASN1_SIMPLE(CMS_KeyAgreeRecipientInfo, version, LONG),
+        ASN1_EMBED(CMS_KeyAgreeRecipientInfo, version, INT32),
         ASN1_EXP(CMS_KeyAgreeRecipientInfo, originator, CMS_OriginatorIdentifierOrKey, 0),
         ASN1_EXP_OPT(CMS_KeyAgreeRecipientInfo, ukm, ASN1_OCTET_STRING, 1),
         ASN1_SIMPLE(CMS_KeyAgreeRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
@@ -223,17 +175,17 @@ ASN1_SEQUENCE(CMS_KEKIdentifier) = {
         ASN1_SIMPLE(CMS_KEKIdentifier, keyIdentifier, ASN1_OCTET_STRING),
         ASN1_OPT(CMS_KEKIdentifier, date, ASN1_GENERALIZEDTIME),
         ASN1_OPT(CMS_KEKIdentifier, other, CMS_OtherKeyAttribute)
-} ASN1_SEQUENCE_END(CMS_KEKIdentifier)
+} static_ASN1_SEQUENCE_END(CMS_KEKIdentifier)
 
 ASN1_SEQUENCE(CMS_KEKRecipientInfo) = {
-        ASN1_SIMPLE(CMS_KEKRecipientInfo, version, LONG),
+        ASN1_EMBED(CMS_KEKRecipientInfo, version, INT32),
         ASN1_SIMPLE(CMS_KEKRecipientInfo, kekid, CMS_KEKIdentifier),
         ASN1_SIMPLE(CMS_KEKRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
         ASN1_SIMPLE(CMS_KEKRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
 } ASN1_SEQUENCE_END(CMS_KEKRecipientInfo)
 
 ASN1_SEQUENCE(CMS_PasswordRecipientInfo) = {
-        ASN1_SIMPLE(CMS_PasswordRecipientInfo, version, LONG),
+        ASN1_EMBED(CMS_PasswordRecipientInfo, version, INT32),
         ASN1_IMP_OPT(CMS_PasswordRecipientInfo, keyDerivationAlgorithm, X509_ALGOR, 0),
         ASN1_SIMPLE(CMS_PasswordRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
         ASN1_SIMPLE(CMS_PasswordRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
@@ -242,7 +194,7 @@ ASN1_SEQUENCE(CMS_PasswordRecipientInfo) = {
 ASN1_SEQUENCE(CMS_OtherRecipientInfo) = {
   ASN1_SIMPLE(CMS_OtherRecipientInfo, oriType, ASN1_OBJECT),
   ASN1_OPT(CMS_OtherRecipientInfo, oriValue, ASN1_ANY)
-} ASN1_SEQUENCE_END(CMS_OtherRecipientInfo)
+} static_ASN1_SEQUENCE_END(CMS_OtherRecipientInfo)
 
 /* Free up RecipientInfo additional data */
 static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
@@ -252,24 +204,15 @@ static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
         CMS_RecipientInfo *ri = (CMS_RecipientInfo *)*pval;
         if (ri->type == CMS_RECIPINFO_TRANS) {
             CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
-            if (ktri->pkey)
-                EVP_PKEY_free(ktri->pkey);
-            if (ktri->recip)
-                X509_free(ktri->recip);
-            if (ktri->pctx)
-                EVP_PKEY_CTX_free(ktri->pctx);
+            EVP_PKEY_free(ktri->pkey);
+            X509_free(ktri->recip);
+            EVP_PKEY_CTX_free(ktri->pctx);
         } else if (ri->type == CMS_RECIPINFO_KEK) {
             CMS_KEKRecipientInfo *kekri = ri->d.kekri;
-            if (kekri->key) {
-                OPENSSL_cleanse(kekri->key, kekri->keylen);
-                OPENSSL_free(kekri->key);
-            }
+            OPENSSL_clear_free(kekri->key, kekri->keylen);
         } else if (ri->type == CMS_RECIPINFO_PASS) {
             CMS_PasswordRecipientInfo *pwri = ri->d.pwri;
-            if (pwri->pass) {
-                OPENSSL_cleanse(pwri->pass, pwri->passlen);
-                OPENSSL_free(pwri->pass);
-            }
+            OPENSSL_clear_free(pwri->pass, pwri->passlen);
         }
     }
     return 1;
@@ -284,7 +227,7 @@ ASN1_CHOICE_cb(CMS_RecipientInfo, cms_ri_cb) = {
 } ASN1_CHOICE_END_cb(CMS_RecipientInfo, CMS_RecipientInfo, type)
 
 ASN1_NDEF_SEQUENCE(CMS_EnvelopedData) = {
-        ASN1_SIMPLE(CMS_EnvelopedData, version, LONG),
+        ASN1_EMBED(CMS_EnvelopedData, version, INT32),
         ASN1_IMP_OPT(CMS_EnvelopedData, originatorInfo, CMS_OriginatorInfo, 0),
         ASN1_SET_OF(CMS_EnvelopedData, recipientInfos, CMS_RecipientInfo),
         ASN1_SIMPLE(CMS_EnvelopedData, encryptedContentInfo, CMS_EncryptedContentInfo),
@@ -292,20 +235,20 @@ ASN1_NDEF_SEQUENCE(CMS_EnvelopedData) = {
 } ASN1_NDEF_SEQUENCE_END(CMS_EnvelopedData)
 
 ASN1_NDEF_SEQUENCE(CMS_DigestedData) = {
-        ASN1_SIMPLE(CMS_DigestedData, version, LONG),
+        ASN1_EMBED(CMS_DigestedData, version, INT32),
         ASN1_SIMPLE(CMS_DigestedData, digestAlgorithm, X509_ALGOR),
         ASN1_SIMPLE(CMS_DigestedData, encapContentInfo, CMS_EncapsulatedContentInfo),
         ASN1_SIMPLE(CMS_DigestedData, digest, ASN1_OCTET_STRING)
 } ASN1_NDEF_SEQUENCE_END(CMS_DigestedData)
 
 ASN1_NDEF_SEQUENCE(CMS_EncryptedData) = {
-        ASN1_SIMPLE(CMS_EncryptedData, version, LONG),
+        ASN1_EMBED(CMS_EncryptedData, version, INT32),
         ASN1_SIMPLE(CMS_EncryptedData, encryptedContentInfo, CMS_EncryptedContentInfo),
         ASN1_IMP_SET_OF_OPT(CMS_EncryptedData, unprotectedAttrs, X509_ATTRIBUTE, 1)
 } ASN1_NDEF_SEQUENCE_END(CMS_EncryptedData)
 
 ASN1_NDEF_SEQUENCE(CMS_AuthenticatedData) = {
-        ASN1_SIMPLE(CMS_AuthenticatedData, version, LONG),
+        ASN1_EMBED(CMS_AuthenticatedData, version, INT32),
         ASN1_IMP_OPT(CMS_AuthenticatedData, originatorInfo, CMS_OriginatorInfo, 0),
         ASN1_SET_OF(CMS_AuthenticatedData, recipientInfos, CMS_RecipientInfo),
         ASN1_SIMPLE(CMS_AuthenticatedData, macAlgorithm, X509_ALGOR),
@@ -314,10 +257,10 @@ ASN1_NDEF_SEQUENCE(CMS_AuthenticatedData) = {
         ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, authAttrs, X509_ALGOR, 2),
         ASN1_SIMPLE(CMS_AuthenticatedData, mac, ASN1_OCTET_STRING),
         ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, unauthAttrs, X509_ALGOR, 3)
-} ASN1_NDEF_SEQUENCE_END(CMS_AuthenticatedData)
+} static_ASN1_NDEF_SEQUENCE_END(CMS_AuthenticatedData)
 
 ASN1_NDEF_SEQUENCE(CMS_CompressedData) = {
-        ASN1_SIMPLE(CMS_CompressedData, version, LONG),
+        ASN1_EMBED(CMS_CompressedData, version, INT32),
         ASN1_SIMPLE(CMS_CompressedData, compressionAlgorithm, X509_ALGOR),
         ASN1_SIMPLE(CMS_CompressedData, encapContentInfo, CMS_EncapsulatedContentInfo),
 } ASN1_NDEF_SEQUENCE_END(CMS_CompressedData)
@@ -351,6 +294,7 @@ static int cms_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
     case ASN1_OP_STREAM_PRE:
         if (CMS_stream(&sarg->boundary, cms) <= 0)
             return 0;
+        /* fall thru */
     case ASN1_OP_DETACHED_PRE:
         sarg->ndef_bio = CMS_dataInit(cms, sarg->out);
         if (!sarg->ndef_bio)
@@ -396,9 +340,9 @@ ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Verify)
 
 
 ASN1_CHOICE(CMS_ReceiptsFrom) = {
-  ASN1_IMP(CMS_ReceiptsFrom, d.allOrFirstTier, LONG, 0),
+  ASN1_IMP_EMBED(CMS_ReceiptsFrom, d.allOrFirstTier, INT32, 0),
   ASN1_IMP_SEQUENCE_OF(CMS_ReceiptsFrom, d.receiptList, GENERAL_NAMES, 1)
-} ASN1_CHOICE_END(CMS_ReceiptsFrom)
+} static_ASN1_CHOICE_END(CMS_ReceiptsFrom)
 
 ASN1_SEQUENCE(CMS_ReceiptRequest) = {
   ASN1_SIMPLE(CMS_ReceiptRequest, signedContentIdentifier, ASN1_OCTET_STRING),
@@ -407,7 +351,7 @@ ASN1_SEQUENCE(CMS_ReceiptRequest) = {
 } ASN1_SEQUENCE_END(CMS_ReceiptRequest)
 
 ASN1_SEQUENCE(CMS_Receipt) = {
-  ASN1_SIMPLE(CMS_Receipt, version, LONG),
+  ASN1_EMBED(CMS_Receipt, version, INT32),
   ASN1_SIMPLE(CMS_Receipt, contentType, ASN1_OBJECT),
   ASN1_SIMPLE(CMS_Receipt, signedContentIdentifier, ASN1_OCTET_STRING),
   ASN1_SIMPLE(CMS_Receipt, originatorSignatureValue, ASN1_OCTET_STRING)
@@ -428,7 +372,7 @@ ASN1_SEQUENCE(CMS_SharedInfo) = {
   ASN1_SIMPLE(CMS_SharedInfo, keyInfo, X509_ALGOR),
   ASN1_EXP_OPT(CMS_SharedInfo, entityUInfo, ASN1_OCTET_STRING, 0),
   ASN1_EXP_OPT(CMS_SharedInfo, suppPubInfo, ASN1_OCTET_STRING, 2),
-} ASN1_SEQUENCE_END(CMS_SharedInfo)
+} static_ASN1_SEQUENCE_END(CMS_SharedInfo)
 
 int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg,
                           ASN1_OCTET_STRING *ukm, int keylen)
diff --git a/freebsd/crypto/openssl/crypto/cms/cms_att.c b/freebsd/crypto/openssl/crypto/cms/cms_att.c
index d0758063..b5043b7d 100644
--- a/freebsd/crypto/openssl/crypto/cms/cms_att.c
+++ b/freebsd/crypto/openssl/crypto/cms/cms_att.c
@@ -1,64 +1,19 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/cms/cms_att.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/asn1t.h>
 #include <openssl/pem.h>
 #include <openssl/x509v3.h>
 #include <openssl/err.h>
-#include "cms.h"
+#include <openssl/cms.h>
 #include "cms_lcl.h"
 
 /* CMS SignedData Attribute utilities */
@@ -73,7 +28,7 @@ int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, int lastpos)
     return X509at_get_attr_by_NID(si->signedAttrs, nid, lastpos);
 }
 
-int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
+int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, const ASN1_OBJECT *obj,
                                int lastpos)
 {
     return X509at_get_attr_by_OBJ(si->signedAttrs, obj, lastpos);
@@ -122,7 +77,7 @@ int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si,
     return 0;
 }
 
-void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
+void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *oid,
                                   int lastpos, int type)
 {
     return X509at_get0_data_by_OBJ(si->signedAttrs, oid, lastpos, type);
@@ -139,8 +94,8 @@ int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
     return X509at_get_attr_by_NID(si->unsignedAttrs, nid, lastpos);
 }
 
-int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
-                                 int lastpos)
+int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si,
+                                 const ASN1_OBJECT *obj, int lastpos)
 {
     return X509at_get_attr_by_OBJ(si->unsignedAttrs, obj, lastpos);
 }
diff --git a/freebsd/crypto/openssl/crypto/cms/cms_cd.c b/freebsd/crypto/openssl/crypto/cms/cms_cd.c
index 7b2f016e..38c5c567 100644
--- a/freebsd/crypto/openssl/crypto/cms/cms_cd.c
+++ b/freebsd/crypto/openssl/crypto/cms/cms_cd.c
@@ -1,73 +1,24 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/cms/cms_cd.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/pem.h>
 #include <openssl/x509v3.h>
 #include <openssl/err.h>
 #include <openssl/cms.h>
 #include <openssl/bio.h>
-#ifndef OPENSSL_NO_COMP
-# include <openssl/comp.h>
-#endif
+#include <openssl/comp.h>
 #include "cms_lcl.h"
 
-DECLARE_ASN1_ITEM(CMS_CompressedData)
-
 #ifdef ZLIB
 
 /* CMS CompressedData Utilities */
@@ -86,12 +37,12 @@ CMS_ContentInfo *cms_CompressedData_create(int comp_nid)
         return NULL;
     }
     cms = CMS_ContentInfo_new();
-    if (!cms)
+    if (cms == NULL)
         return NULL;
 
     cd = M_ASN1_new_of(CMS_CompressedData);
 
-    if (!cd)
+    if (cd == NULL)
         goto err;
 
     cms->contentType = OBJ_nid2obj(NID_id_smime_ct_compressedData);
@@ -107,17 +58,14 @@ CMS_ContentInfo *cms_CompressedData_create(int comp_nid)
     return cms;
 
  err:
-
-    if (cms)
-        CMS_ContentInfo_free(cms);
-
+    CMS_ContentInfo_free(cms);
     return NULL;
 }
 
 BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms)
 {
     CMS_CompressedData *cd;
-    ASN1_OBJECT *compoid;
+    const ASN1_OBJECT *compoid;
     if (OBJ_obj2nid(cms->contentType) != NID_id_smime_ct_compressedData) {
         CMSerr(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO,
                CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA);
diff --git a/freebsd/crypto/openssl/crypto/cms/cms_dd.c b/freebsd/crypto/openssl/crypto/cms/cms_dd.c
index a90c61a6..4a1efc52 100644
--- a/freebsd/crypto/openssl/crypto/cms/cms_dd.c
+++ b/freebsd/crypto/openssl/crypto/cms/cms_dd.c
@@ -1,60 +1,15 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/cms/cms_dd.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/pem.h>
 #include <openssl/x509v3.h>
@@ -62,8 +17,6 @@
 #include <openssl/cms.h>
 #include "cms_lcl.h"
 
-DECLARE_ASN1_ITEM(CMS_DigestedData)
-
 /* CMS DigestedData Utilities */
 
 CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md)
@@ -71,12 +24,12 @@ CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md)
     CMS_ContentInfo *cms;
     CMS_DigestedData *dd;
     cms = CMS_ContentInfo_new();
-    if (!cms)
+    if (cms == NULL)
         return NULL;
 
     dd = M_ASN1_new_of(CMS_DigestedData);
 
-    if (!dd)
+    if (dd == NULL)
         goto err;
 
     cms->contentType = OBJ_nid2obj(NID_pkcs7_digest);
@@ -85,15 +38,12 @@ CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md)
     dd->version = 0;
     dd->encapContentInfo->eContentType = OBJ_nid2obj(NID_pkcs7_data);
 
-    cms_DigestAlgorithm_set(dd->digestAlgorithm, md);
+    X509_ALGOR_set_md(dd->digestAlgorithm, md);
 
     return cms;
 
  err:
-
-    if (cms)
-        CMS_ContentInfo_free(cms);
-
+    CMS_ContentInfo_free(cms);
     return NULL;
 }
 
@@ -106,19 +56,23 @@ BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms)
 
 int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify)
 {
-    EVP_MD_CTX mctx;
+    EVP_MD_CTX *mctx = EVP_MD_CTX_new();
     unsigned char md[EVP_MAX_MD_SIZE];
     unsigned int mdlen;
     int r = 0;
     CMS_DigestedData *dd;
-    EVP_MD_CTX_init(&mctx);
+
+    if (mctx == NULL) {
+        CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
 
     dd = cms->d.digestedData;
 
-    if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, dd->digestAlgorithm))
+    if (!cms_DigestAlgorithm_find_ctx(mctx, chain, dd->digestAlgorithm))
         goto err;
 
-    if (EVP_DigestFinal_ex(&mctx, md, &mdlen) <= 0)
+    if (EVP_DigestFinal_ex(mctx, md, &mdlen) <= 0)
         goto err;
 
     if (verify) {
@@ -140,7 +94,7 @@ int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify)
     }
 
  err:
-    EVP_MD_CTX_cleanup(&mctx);
+    EVP_MD_CTX_free(mctx);
 
     return r;
 
diff --git a/freebsd/crypto/openssl/crypto/cms/cms_enc.c b/freebsd/crypto/openssl/crypto/cms/cms_enc.c
index f5179bf8..801775b7 100644
--- a/freebsd/crypto/openssl/crypto/cms/cms_enc.c
+++ b/freebsd/crypto/openssl/crypto/cms/cms_enc.c
@@ -1,60 +1,15 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/cms/cms_enc.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
+ * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/pem.h>
 #include <openssl/x509v3.h>
@@ -65,8 +20,6 @@
 
 /* CMS EncryptedData Utilities */
 
-DECLARE_ASN1_ITEM(CMS_EncryptedData)
-
 /* Return BIO based on EncryptedContentInfo and key */
 
 BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
@@ -86,7 +39,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
     enc = ec->cipher ? 1 : 0;
 
     b = BIO_new(BIO_f_cipher());
-    if (!b) {
+    if (b == NULL) {
         CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
@@ -134,7 +87,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
     /* Generate random session key */
     if (!enc || !ec->key) {
         tkey = OPENSSL_malloc(tkeylen);
-        if (!tkey) {
+        if (tkey == NULL) {
             CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ERR_R_MALLOC_FAILURE);
             goto err;
         }
@@ -166,8 +119,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
                 goto err;
             } else {
                 /* Use random key */
-                OPENSSL_cleanse(ec->key, ec->keylen);
-                OPENSSL_free(ec->key);
+                OPENSSL_clear_free(ec->key, ec->keylen);
                 ec->key = tkey;
                 ec->keylen = tkeylen;
                 tkey = NULL;
@@ -201,15 +153,11 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
     ok = 1;
 
  err:
-    if (ec->key && (!keep_key || !ok)) {
-        OPENSSL_cleanse(ec->key, ec->keylen);
-        OPENSSL_free(ec->key);
+    if (!keep_key || !ok) {
+        OPENSSL_clear_free(ec->key, ec->keylen);
         ec->key = NULL;
     }
-    if (tkey) {
-        OPENSSL_cleanse(tkey, tkeylen);
-        OPENSSL_free(tkey);
-    }
+    OPENSSL_clear_free(tkey, tkeylen);
     if (ok)
         return b;
     BIO_free(b);
@@ -222,9 +170,10 @@ int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec,
 {
     ec->cipher = cipher;
     if (key) {
-        ec->key = OPENSSL_malloc(keylen);
-        if (!ec->key)
+        if ((ec->key = OPENSSL_malloc(keylen)) == NULL) {
+            CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT, ERR_R_MALLOC_FAILURE);
             return 0;
+        }
         memcpy(ec->key, key, keylen);
     }
     ec->keylen = keylen;
diff --git a/freebsd/crypto/openssl/crypto/cms/cms_env.c b/freebsd/crypto/openssl/crypto/cms/cms_env.c
index 1f590c84..171c0968 100644
--- a/freebsd/crypto/openssl/crypto/cms/cms_env.c
+++ b/freebsd/crypto/openssl/crypto/cms/cms_env.c
@@ -1,79 +1,27 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/cms/cms_env.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
+ * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/pem.h>
 #include <openssl/x509v3.h>
 #include <openssl/err.h>
 #include <openssl/cms.h>
-#include <openssl/rand.h>
 #include <openssl/aes.h>
 #include "cms_lcl.h"
-#include "asn1_locl.h"
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
 
 /* CMS EnvelopedData Utilities */
 
-DECLARE_ASN1_ITEM(CMS_EnvelopedData)
-DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo)
-DECLARE_ASN1_ITEM(CMS_KEKRecipientInfo)
-DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute)
-
-DECLARE_STACK_OF(CMS_RecipientInfo)
-
 CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms)
 {
     if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped) {
@@ -160,18 +108,17 @@ CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher)
     CMS_ContentInfo *cms;
     CMS_EnvelopedData *env;
     cms = CMS_ContentInfo_new();
-    if (!cms)
+    if (cms == NULL)
         goto merr;
     env = cms_enveloped_data_init(cms);
-    if (!env)
+    if (env == NULL)
         goto merr;
     if (!cms_EncryptedContent_init(env->encryptedContentInfo,
                                    cipher, NULL, 0))
         goto merr;
     return cms;
  merr:
-    if (cms)
-        CMS_ContentInfo_free(cms);
+    CMS_ContentInfo_free(cms);
     CMSerr(CMS_F_CMS_ENVELOPEDDATA_CREATE, ERR_R_MALLOC_FAILURE);
     return NULL;
 }
@@ -209,14 +156,15 @@ static int cms_RecipientInfo_ktri_init(CMS_RecipientInfo *ri, X509 *recip,
     if (!cms_set1_SignerIdentifier(ktri->rid, recip, idtype))
         return 0;
 
-    CRYPTO_add(&recip->references, 1, CRYPTO_LOCK_X509);
-    CRYPTO_add(&pk->references, 1, CRYPTO_LOCK_EVP_PKEY);
+    X509_up_ref(recip);
+    EVP_PKEY_up_ref(pk);
+
     ktri->pkey = pk;
     ktri->recip = recip;
 
     if (flags & CMS_KEY_PARAM) {
         ktri->pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL);
-        if (!ktri->pctx)
+        if (ktri->pctx == NULL)
             return 0;
         if (EVP_PKEY_encrypt_init(ktri->pctx) <= 0)
             return 0;
@@ -244,7 +192,7 @@ CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
     if (!ri)
         goto merr;
 
-    pk = X509_get_pubkey(recip);
+    pk = X509_get0_pubkey(recip);
     if (!pk) {
         CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, CMS_R_ERROR_GETTING_PUBLIC_KEY);
         goto err;
@@ -272,17 +220,12 @@ CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
     if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
         goto merr;
 
-    EVP_PKEY_free(pk);
-
     return ri;
 
  merr:
     CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, ERR_R_MALLOC_FAILURE);
  err:
-    if (ri)
-        M_ASN1_free_of(ri, CMS_RecipientInfo);
-    if (pk)
-        EVP_PKEY_free(pk);
+    M_ASN1_free_of(ri, CMS_RecipientInfo);
     return NULL;
 
 }
@@ -341,6 +284,7 @@ int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey)
         CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY, CMS_R_NOT_KEY_TRANSPORT);
         return 0;
     }
+    EVP_PKEY_free(ri->d.ktri->pkey);
     ri->d.ktri->pkey = pkey;
     return 1;
 }
@@ -372,7 +316,7 @@ static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
             goto err;
     } else {
         pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL);
-        if (!pctx)
+        if (pctx == NULL)
             return 0;
 
         if (EVP_PKEY_encrypt_init(pctx) <= 0)
@@ -404,12 +348,9 @@ static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
     ret = 1;
 
  err:
-    if (pctx) {
-        EVP_PKEY_CTX_free(pctx);
-        ktri->pctx = NULL;
-    }
-    if (ek)
-        OPENSSL_free(ek);
+    EVP_PKEY_CTX_free(pctx);
+    ktri->pctx = NULL;
+    OPENSSL_free(ek);
     return ret;
 
 }
@@ -433,7 +374,7 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
     }
 
     ktri->pctx = EVP_PKEY_CTX_new(pkey, NULL);
-    if (!ktri->pctx)
+    if (ktri->pctx == NULL)
         return 0;
 
     if (EVP_PKEY_decrypt_init(ktri->pctx) <= 0)
@@ -469,20 +410,14 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
 
     ret = 1;
 
-    if (ec->key) {
-        OPENSSL_cleanse(ec->key, ec->keylen);
-        OPENSSL_free(ec->key);
-    }
-
+    OPENSSL_clear_free(ec->key, ec->keylen);
     ec->key = ek;
     ec->keylen = eklen;
 
  err:
-    if (ktri->pctx) {
-        EVP_PKEY_CTX_free(ktri->pctx);
-        ktri->pctx = NULL;
-    }
-    if (!ret && ek)
+    EVP_PKEY_CTX_free(ktri->pctx);
+    ktri->pctx = NULL;
+    if (!ret)
         OPENSSL_free(ek);
 
     return ret;
@@ -621,8 +556,7 @@ CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
  merr:
     CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, ERR_R_MALLOC_FAILURE);
  err:
-    if (ri)
-        M_ASN1_free_of(ri, CMS_RecipientInfo);
+    M_ASN1_free_of(ri, CMS_RecipientInfo);
     return NULL;
 
 }
@@ -705,7 +639,7 @@ static int cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms,
 
     wkey = OPENSSL_malloc(ec->keylen + 8);
 
-    if (!wkey) {
+    if (wkey == NULL) {
         CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, ERR_R_MALLOC_FAILURE);
         goto err;
     }
@@ -723,7 +657,7 @@ static int cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms,
 
  err:
 
-    if (!r && wkey)
+    if (!r)
         OPENSSL_free(wkey);
     OPENSSL_cleanse(&actx, sizeof(actx));
 
@@ -775,7 +709,7 @@ static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms,
 
     ukey = OPENSSL_malloc(kekri->encryptedKey->length - 8);
 
-    if (!ukey) {
+    if (ukey == NULL) {
         CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, ERR_R_MALLOC_FAILURE);
         goto err;
     }
@@ -796,7 +730,7 @@ static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms,
 
  err:
 
-    if (!r && ukey)
+    if (!r)
         OPENSSL_free(ukey);
     OPENSSL_cleanse(&actx, sizeof(actx));
 
@@ -818,7 +752,7 @@ int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
 
     default:
         CMSerr(CMS_F_CMS_RECIPIENTINFO_DECRYPT,
-               CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE);
+               CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE);
         return 0;
     }
 }
@@ -834,11 +768,9 @@ int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
 
     case CMS_RECIPINFO_KEK:
         return cms_RecipientInfo_kekri_encrypt(cms, ri);
-        break;
 
     case CMS_RECIPINFO_PASS:
         return cms_RecipientInfo_pwri_crypt(cms, ri, 1);
-        break;
 
     default:
         CMSerr(CMS_F_CMS_RECIPIENTINFO_ENCRYPT,
@@ -903,10 +835,10 @@ static void cms_env_set_version(CMS_EnvelopedData *env)
             env->version = 2;
         }
     }
-    if (env->version == 2)
-        return;
     if (env->originatorInfo || env->unprotectedAttrs)
         env->version = 2;
+    if (env->version == 2)
+        return;
     env->version = 0;
 }
 
@@ -946,12 +878,9 @@ BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms)
 
  err:
     ec->cipher = NULL;
-    if (ec->key) {
-        OPENSSL_cleanse(ec->key, ec->keylen);
-        OPENSSL_free(ec->key);
-        ec->key = NULL;
-        ec->keylen = 0;
-    }
+    OPENSSL_clear_free(ec->key, ec->keylen);
+    ec->key = NULL;
+    ec->keylen = 0;
     if (ok)
         return ret;
     BIO_free(ret);
diff --git a/freebsd/crypto/openssl/crypto/cms/cms_err.c b/freebsd/crypto/openssl/crypto/cms/cms_err.c
index f2bd612d..1a24220d 100644
--- a/freebsd/crypto/openssl/crypto/cms/cms_err.c
+++ b/freebsd/crypto/openssl/crypto/cms/cms_err.c
@@ -1,311 +1,296 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/cms/cms_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2013 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
 /*
- * NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
-#include <openssl/cms.h>
+#include <openssl/cmserr.h>
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_CMS,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_CMS,0,reason)
-
-static ERR_STRING_DATA CMS_str_functs[] = {
-    {ERR_FUNC(CMS_F_CHECK_CONTENT), "CHECK_CONTENT"},
-    {ERR_FUNC(CMS_F_CMS_ADD0_CERT), "CMS_add0_cert"},
-    {ERR_FUNC(CMS_F_CMS_ADD0_RECIPIENT_KEY), "CMS_add0_recipient_key"},
-    {ERR_FUNC(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD),
+static const ERR_STRING_DATA CMS_str_functs[] = {
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CHECK_CONTENT, 0), "check_content"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD0_CERT, 0), "CMS_add0_cert"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD0_RECIPIENT_KEY, 0),
+     "CMS_add0_recipient_key"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, 0),
      "CMS_add0_recipient_password"},
-    {ERR_FUNC(CMS_F_CMS_ADD1_RECEIPTREQUEST), "CMS_add1_ReceiptRequest"},
-    {ERR_FUNC(CMS_F_CMS_ADD1_RECIPIENT_CERT), "CMS_add1_recipient_cert"},
-    {ERR_FUNC(CMS_F_CMS_ADD1_SIGNER), "CMS_add1_signer"},
-    {ERR_FUNC(CMS_F_CMS_ADD1_SIGNINGTIME), "CMS_ADD1_SIGNINGTIME"},
-    {ERR_FUNC(CMS_F_CMS_COMPRESS), "CMS_compress"},
-    {ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_CREATE), "cms_CompressedData_create"},
-    {ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO),
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD1_RECEIPTREQUEST, 0),
+     "CMS_add1_ReceiptRequest"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD1_RECIPIENT_CERT, 0),
+     "CMS_add1_recipient_cert"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD1_SIGNER, 0), "CMS_add1_signer"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD1_SIGNINGTIME, 0),
+     "cms_add1_signingTime"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_COMPRESS, 0), "CMS_compress"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_COMPRESSEDDATA_CREATE, 0),
+     "cms_CompressedData_create"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_COMPRESSEDDATA_INIT_BIO, 0),
      "cms_CompressedData_init_bio"},
-    {ERR_FUNC(CMS_F_CMS_COPY_CONTENT), "CMS_COPY_CONTENT"},
-    {ERR_FUNC(CMS_F_CMS_COPY_MESSAGEDIGEST), "CMS_COPY_MESSAGEDIGEST"},
-    {ERR_FUNC(CMS_F_CMS_DATA), "CMS_data"},
-    {ERR_FUNC(CMS_F_CMS_DATAFINAL), "CMS_dataFinal"},
-    {ERR_FUNC(CMS_F_CMS_DATAINIT), "CMS_dataInit"},
-    {ERR_FUNC(CMS_F_CMS_DECRYPT), "CMS_decrypt"},
-    {ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_KEY), "CMS_decrypt_set1_key"},
-    {ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_PASSWORD), "CMS_decrypt_set1_password"},
-    {ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_PKEY), "CMS_decrypt_set1_pkey"},
-    {ERR_FUNC(CMS_F_CMS_DIGESTALGORITHM_FIND_CTX),
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_COPY_CONTENT, 0), "cms_copy_content"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_COPY_MESSAGEDIGEST, 0),
+     "cms_copy_messageDigest"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DATA, 0), "CMS_data"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DATAFINAL, 0), "CMS_dataFinal"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DATAINIT, 0), "CMS_dataInit"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DECRYPT, 0), "CMS_decrypt"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DECRYPT_SET1_KEY, 0),
+     "CMS_decrypt_set1_key"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DECRYPT_SET1_PASSWORD, 0),
+     "CMS_decrypt_set1_password"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DECRYPT_SET1_PKEY, 0),
+     "CMS_decrypt_set1_pkey"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DIGESTALGORITHM_FIND_CTX, 0),
      "cms_DigestAlgorithm_find_ctx"},
-    {ERR_FUNC(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO),
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DIGESTALGORITHM_INIT_BIO, 0),
      "cms_DigestAlgorithm_init_bio"},
-    {ERR_FUNC(CMS_F_CMS_DIGESTEDDATA_DO_FINAL), "cms_DigestedData_do_final"},
-    {ERR_FUNC(CMS_F_CMS_DIGEST_VERIFY), "CMS_digest_verify"},
-    {ERR_FUNC(CMS_F_CMS_ENCODE_RECEIPT), "cms_encode_Receipt"},
-    {ERR_FUNC(CMS_F_CMS_ENCRYPT), "CMS_encrypt"},
-    {ERR_FUNC(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO),
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DIGESTEDDATA_DO_FINAL, 0),
+     "cms_DigestedData_do_final"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DIGEST_VERIFY, 0), "CMS_digest_verify"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCODE_RECEIPT, 0), "cms_encode_Receipt"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCRYPT, 0), "CMS_encrypt"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCRYPTEDCONTENT_INIT, 0),
+     "cms_EncryptedContent_init"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, 0),
      "cms_EncryptedContent_init_bio"},
-    {ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT), "CMS_EncryptedData_decrypt"},
-    {ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT), "CMS_EncryptedData_encrypt"},
-    {ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY),
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCRYPTEDDATA_DECRYPT, 0),
+     "CMS_EncryptedData_decrypt"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT, 0),
+     "CMS_EncryptedData_encrypt"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, 0),
      "CMS_EncryptedData_set1_key"},
-    {ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_CREATE), "CMS_EnvelopedData_create"},
-    {ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO),
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENVELOPEDDATA_CREATE, 0),
+     "CMS_EnvelopedData_create"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENVELOPEDDATA_INIT_BIO, 0),
      "cms_EnvelopedData_init_bio"},
-    {ERR_FUNC(CMS_F_CMS_ENVELOPED_DATA_INIT), "CMS_ENVELOPED_DATA_INIT"},
-    {ERR_FUNC(CMS_F_CMS_ENV_ASN1_CTRL), "cms_env_asn1_ctrl"},
-    {ERR_FUNC(CMS_F_CMS_FINAL), "CMS_final"},
-    {ERR_FUNC(CMS_F_CMS_GET0_CERTIFICATE_CHOICES),
-     "CMS_GET0_CERTIFICATE_CHOICES"},
-    {ERR_FUNC(CMS_F_CMS_GET0_CONTENT), "CMS_get0_content"},
-    {ERR_FUNC(CMS_F_CMS_GET0_ECONTENT_TYPE), "CMS_GET0_ECONTENT_TYPE"},
-    {ERR_FUNC(CMS_F_CMS_GET0_ENVELOPED), "cms_get0_enveloped"},
-    {ERR_FUNC(CMS_F_CMS_GET0_REVOCATION_CHOICES),
-     "CMS_GET0_REVOCATION_CHOICES"},
-    {ERR_FUNC(CMS_F_CMS_GET0_SIGNED), "CMS_GET0_SIGNED"},
-    {ERR_FUNC(CMS_F_CMS_MSGSIGDIGEST_ADD1), "cms_msgSigDigest_add1"},
-    {ERR_FUNC(CMS_F_CMS_RECEIPTREQUEST_CREATE0),
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENVELOPED_DATA_INIT, 0),
+     "cms_enveloped_data_init"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENV_ASN1_CTRL, 0), "cms_env_asn1_ctrl"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_FINAL, 0), "CMS_final"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_GET0_CERTIFICATE_CHOICES, 0),
+     "cms_get0_certificate_choices"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_GET0_CONTENT, 0), "CMS_get0_content"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_GET0_ECONTENT_TYPE, 0),
+     "cms_get0_econtent_type"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_GET0_ENVELOPED, 0), "cms_get0_enveloped"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_GET0_REVOCATION_CHOICES, 0),
+     "cms_get0_revocation_choices"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_GET0_SIGNED, 0), "cms_get0_signed"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_MSGSIGDIGEST_ADD1, 0),
+     "cms_msgSigDigest_add1"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECEIPTREQUEST_CREATE0, 0),
      "CMS_ReceiptRequest_create0"},
-    {ERR_FUNC(CMS_F_CMS_RECEIPT_VERIFY), "cms_Receipt_verify"},
-    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_DECRYPT), "CMS_RecipientInfo_decrypt"},
-    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_ENCRYPT), "CMS_RecipientInfo_encrypt"},
-    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT),
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECEIPT_VERIFY, 0), "cms_Receipt_verify"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_DECRYPT, 0),
+     "CMS_RecipientInfo_decrypt"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_ENCRYPT, 0),
+     "CMS_RecipientInfo_encrypt"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT, 0),
      "cms_RecipientInfo_kari_encrypt"},
-    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG),
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG, 0),
      "CMS_RecipientInfo_kari_get0_alg"},
-    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID),
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID, 0),
      "CMS_RecipientInfo_kari_get0_orig_id"},
-    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS),
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS, 0),
      "CMS_RecipientInfo_kari_get0_reks"},
-    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP),
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP, 0),
      "CMS_RecipientInfo_kari_orig_id_cmp"},
-    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT),
-     "CMS_RECIPIENTINFO_KEKRI_DECRYPT"},
-    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT),
-     "CMS_RECIPIENTINFO_KEKRI_ENCRYPT"},
-    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID),
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, 0),
+     "cms_RecipientInfo_kekri_decrypt"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, 0),
+     "cms_RecipientInfo_kekri_encrypt"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID, 0),
      "CMS_RecipientInfo_kekri_get0_id"},
-    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP),
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP, 0),
      "CMS_RecipientInfo_kekri_id_cmp"},
-    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP),
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP, 0),
      "CMS_RecipientInfo_ktri_cert_cmp"},
-    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT),
-     "CMS_RECIPIENTINFO_KTRI_DECRYPT"},
-    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT),
-     "CMS_RECIPIENTINFO_KTRI_ENCRYPT"},
-    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS),
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, 0),
+     "cms_RecipientInfo_ktri_decrypt"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, 0),
+     "cms_RecipientInfo_ktri_encrypt"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS, 0),
      "CMS_RecipientInfo_ktri_get0_algs"},
-    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID),
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID, 0),
      "CMS_RecipientInfo_ktri_get0_signer_id"},
-    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT),
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, 0),
      "cms_RecipientInfo_pwri_crypt"},
-    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_KEY),
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_SET0_KEY, 0),
      "CMS_RecipientInfo_set0_key"},
-    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD),
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD, 0),
      "CMS_RecipientInfo_set0_password"},
-    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY),
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_SET0_PKEY, 0),
      "CMS_RecipientInfo_set0_pkey"},
-    {ERR_FUNC(CMS_F_CMS_SD_ASN1_CTRL), "CMS_SD_ASN1_CTRL"},
-    {ERR_FUNC(CMS_F_CMS_SET1_IAS), "cms_set1_ias"},
-    {ERR_FUNC(CMS_F_CMS_SET1_KEYID), "cms_set1_keyid"},
-    {ERR_FUNC(CMS_F_CMS_SET1_SIGNERIDENTIFIER), "cms_set1_SignerIdentifier"},
-    {ERR_FUNC(CMS_F_CMS_SET_DETACHED), "CMS_set_detached"},
-    {ERR_FUNC(CMS_F_CMS_SIGN), "CMS_sign"},
-    {ERR_FUNC(CMS_F_CMS_SIGNED_DATA_INIT), "CMS_SIGNED_DATA_INIT"},
-    {ERR_FUNC(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN),
-     "CMS_SIGNERINFO_CONTENT_SIGN"},
-    {ERR_FUNC(CMS_F_CMS_SIGNERINFO_SIGN), "CMS_SignerInfo_sign"},
-    {ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY), "CMS_SignerInfo_verify"},
-    {ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CERT),
-     "CMS_SIGNERINFO_VERIFY_CERT"},
-    {ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT),
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SD_ASN1_CTRL, 0), "cms_sd_asn1_ctrl"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SET1_IAS, 0), "cms_set1_ias"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SET1_KEYID, 0), "cms_set1_keyid"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SET1_SIGNERIDENTIFIER, 0),
+     "cms_set1_SignerIdentifier"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SET_DETACHED, 0), "CMS_set_detached"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGN, 0), "CMS_sign"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGNED_DATA_INIT, 0),
+     "cms_signed_data_init"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, 0),
+     "cms_SignerInfo_content_sign"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGNERINFO_SIGN, 0),
+     "CMS_SignerInfo_sign"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGNERINFO_VERIFY, 0),
+     "CMS_SignerInfo_verify"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGNERINFO_VERIFY_CERT, 0),
+     "cms_signerinfo_verify_cert"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, 0),
      "CMS_SignerInfo_verify_content"},
-    {ERR_FUNC(CMS_F_CMS_SIGN_RECEIPT), "CMS_sign_receipt"},
-    {ERR_FUNC(CMS_F_CMS_STREAM), "CMS_stream"},
-    {ERR_FUNC(CMS_F_CMS_UNCOMPRESS), "CMS_uncompress"},
-    {ERR_FUNC(CMS_F_CMS_VERIFY), "CMS_verify"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGN_RECEIPT, 0), "CMS_sign_receipt"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_STREAM, 0), "CMS_stream"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_UNCOMPRESS, 0), "CMS_uncompress"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_VERIFY, 0), "CMS_verify"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_KEK_UNWRAP_KEY, 0), "kek_unwrap_key"},
     {0, NULL}
 };
 
-static ERR_STRING_DATA CMS_str_reasons[] = {
-    {ERR_REASON(CMS_R_ADD_SIGNER_ERROR), "add signer error"},
-    {ERR_REASON(CMS_R_CERTIFICATE_ALREADY_PRESENT),
-     "certificate already present"},
-    {ERR_REASON(CMS_R_CERTIFICATE_HAS_NO_KEYID), "certificate has no keyid"},
-    {ERR_REASON(CMS_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"},
-    {ERR_REASON(CMS_R_CIPHER_INITIALISATION_ERROR),
-     "cipher initialisation error"},
-    {ERR_REASON(CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR),
-     "cipher parameter initialisation error"},
-    {ERR_REASON(CMS_R_CMS_DATAFINAL_ERROR), "cms datafinal error"},
-    {ERR_REASON(CMS_R_CMS_LIB), "cms lib"},
-    {ERR_REASON(CMS_R_CONTENTIDENTIFIER_MISMATCH),
-     "contentidentifier mismatch"},
-    {ERR_REASON(CMS_R_CONTENT_NOT_FOUND), "content not found"},
-    {ERR_REASON(CMS_R_CONTENT_TYPE_MISMATCH), "content type mismatch"},
-    {ERR_REASON(CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA),
-     "content type not compressed data"},
-    {ERR_REASON(CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA),
-     "content type not enveloped data"},
-    {ERR_REASON(CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA),
-     "content type not signed data"},
-    {ERR_REASON(CMS_R_CONTENT_VERIFY_ERROR), "content verify error"},
-    {ERR_REASON(CMS_R_CTRL_ERROR), "ctrl error"},
-    {ERR_REASON(CMS_R_CTRL_FAILURE), "ctrl failure"},
-    {ERR_REASON(CMS_R_DECRYPT_ERROR), "decrypt error"},
-    {ERR_REASON(CMS_R_DIGEST_ERROR), "digest error"},
-    {ERR_REASON(CMS_R_ERROR_GETTING_PUBLIC_KEY), "error getting public key"},
-    {ERR_REASON(CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE),
-     "error reading messagedigest attribute"},
-    {ERR_REASON(CMS_R_ERROR_SETTING_KEY), "error setting key"},
-    {ERR_REASON(CMS_R_ERROR_SETTING_RECIPIENTINFO),
-     "error setting recipientinfo"},
-    {ERR_REASON(CMS_R_INVALID_ENCRYPTED_KEY_LENGTH),
-     "invalid encrypted key length"},
-    {ERR_REASON(CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER),
-     "invalid key encryption parameter"},
-    {ERR_REASON(CMS_R_INVALID_KEY_LENGTH), "invalid key length"},
-    {ERR_REASON(CMS_R_MD_BIO_INIT_ERROR), "md bio init error"},
-    {ERR_REASON(CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH),
-     "messagedigest attribute wrong length"},
-    {ERR_REASON(CMS_R_MESSAGEDIGEST_WRONG_LENGTH),
-     "messagedigest wrong length"},
-    {ERR_REASON(CMS_R_MSGSIGDIGEST_ERROR), "msgsigdigest error"},
-    {ERR_REASON(CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE),
-     "msgsigdigest verification failure"},
-    {ERR_REASON(CMS_R_MSGSIGDIGEST_WRONG_LENGTH),
-     "msgsigdigest wrong length"},
-    {ERR_REASON(CMS_R_NEED_ONE_SIGNER), "need one signer"},
-    {ERR_REASON(CMS_R_NOT_A_SIGNED_RECEIPT), "not a signed receipt"},
-    {ERR_REASON(CMS_R_NOT_ENCRYPTED_DATA), "not encrypted data"},
-    {ERR_REASON(CMS_R_NOT_KEK), "not kek"},
-    {ERR_REASON(CMS_R_NOT_KEY_AGREEMENT), "not key agreement"},
-    {ERR_REASON(CMS_R_NOT_KEY_TRANSPORT), "not key transport"},
-    {ERR_REASON(CMS_R_NOT_PWRI), "not pwri"},
-    {ERR_REASON(CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),
-     "not supported for this key type"},
-    {ERR_REASON(CMS_R_NO_CIPHER), "no cipher"},
-    {ERR_REASON(CMS_R_NO_CONTENT), "no content"},
-    {ERR_REASON(CMS_R_NO_CONTENT_TYPE), "no content type"},
-    {ERR_REASON(CMS_R_NO_DEFAULT_DIGEST), "no default digest"},
-    {ERR_REASON(CMS_R_NO_DIGEST_SET), "no digest set"},
-    {ERR_REASON(CMS_R_NO_KEY), "no key"},
-    {ERR_REASON(CMS_R_NO_KEY_OR_CERT), "no key or cert"},
-    {ERR_REASON(CMS_R_NO_MATCHING_DIGEST), "no matching digest"},
-    {ERR_REASON(CMS_R_NO_MATCHING_RECIPIENT), "no matching recipient"},
-    {ERR_REASON(CMS_R_NO_MATCHING_SIGNATURE), "no matching signature"},
-    {ERR_REASON(CMS_R_NO_MSGSIGDIGEST), "no msgsigdigest"},
-    {ERR_REASON(CMS_R_NO_PASSWORD), "no password"},
-    {ERR_REASON(CMS_R_NO_PRIVATE_KEY), "no private key"},
-    {ERR_REASON(CMS_R_NO_PUBLIC_KEY), "no public key"},
-    {ERR_REASON(CMS_R_NO_RECEIPT_REQUEST), "no receipt request"},
-    {ERR_REASON(CMS_R_NO_SIGNERS), "no signers"},
-    {ERR_REASON(CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),
-     "private key does not match certificate"},
-    {ERR_REASON(CMS_R_RECEIPT_DECODE_ERROR), "receipt decode error"},
-    {ERR_REASON(CMS_R_RECIPIENT_ERROR), "recipient error"},
-    {ERR_REASON(CMS_R_SIGNER_CERTIFICATE_NOT_FOUND),
-     "signer certificate not found"},
-    {ERR_REASON(CMS_R_SIGNFINAL_ERROR), "signfinal error"},
-    {ERR_REASON(CMS_R_SMIME_TEXT_ERROR), "smime text error"},
-    {ERR_REASON(CMS_R_STORE_INIT_ERROR), "store init error"},
-    {ERR_REASON(CMS_R_TYPE_NOT_COMPRESSED_DATA), "type not compressed data"},
-    {ERR_REASON(CMS_R_TYPE_NOT_DATA), "type not data"},
-    {ERR_REASON(CMS_R_TYPE_NOT_DIGESTED_DATA), "type not digested data"},
-    {ERR_REASON(CMS_R_TYPE_NOT_ENCRYPTED_DATA), "type not encrypted data"},
-    {ERR_REASON(CMS_R_TYPE_NOT_ENVELOPED_DATA), "type not enveloped data"},
-    {ERR_REASON(CMS_R_UNABLE_TO_FINALIZE_CONTEXT),
-     "unable to finalize context"},
-    {ERR_REASON(CMS_R_UNKNOWN_CIPHER), "unknown cipher"},
-    {ERR_REASON(CMS_R_UNKNOWN_DIGEST_ALGORIHM), "unknown digest algorihm"},
-    {ERR_REASON(CMS_R_UNKNOWN_ID), "unknown id"},
-    {ERR_REASON(CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM),
-     "unsupported compression algorithm"},
-    {ERR_REASON(CMS_R_UNSUPPORTED_CONTENT_TYPE), "unsupported content type"},
-    {ERR_REASON(CMS_R_UNSUPPORTED_KEK_ALGORITHM),
-     "unsupported kek algorithm"},
-    {ERR_REASON(CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM),
-     "unsupported key encryption algorithm"},
-    {ERR_REASON(CMS_R_UNSUPPORTED_RECIPIENT_TYPE),
-     "unsupported recipient type"},
-    {ERR_REASON(CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE),
-     "unsupported recpientinfo type"},
-    {ERR_REASON(CMS_R_UNSUPPORTED_TYPE), "unsupported type"},
-    {ERR_REASON(CMS_R_UNWRAP_ERROR), "unwrap error"},
-    {ERR_REASON(CMS_R_UNWRAP_FAILURE), "unwrap failure"},
-    {ERR_REASON(CMS_R_VERIFICATION_FAILURE), "verification failure"},
-    {ERR_REASON(CMS_R_WRAP_ERROR), "wrap error"},
+static const ERR_STRING_DATA CMS_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ADD_SIGNER_ERROR), "add signer error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CERTIFICATE_ALREADY_PRESENT),
+    "certificate already present"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CERTIFICATE_HAS_NO_KEYID),
+    "certificate has no keyid"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CERTIFICATE_VERIFY_ERROR),
+    "certificate verify error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CIPHER_INITIALISATION_ERROR),
+    "cipher initialisation error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR),
+    "cipher parameter initialisation error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CMS_DATAFINAL_ERROR),
+    "cms datafinal error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CMS_LIB), "cms lib"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENTIDENTIFIER_MISMATCH),
+    "contentidentifier mismatch"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_NOT_FOUND), "content not found"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_TYPE_MISMATCH),
+    "content type mismatch"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA),
+    "content type not compressed data"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA),
+    "content type not enveloped data"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA),
+    "content type not signed data"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_VERIFY_ERROR),
+    "content verify error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CTRL_ERROR), "ctrl error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CTRL_FAILURE), "ctrl failure"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_DECRYPT_ERROR), "decrypt error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_GETTING_PUBLIC_KEY),
+    "error getting public key"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE),
+    "error reading messagedigest attribute"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_SETTING_KEY), "error setting key"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_SETTING_RECIPIENTINFO),
+    "error setting recipientinfo"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_ENCRYPTED_KEY_LENGTH),
+    "invalid encrypted key length"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER),
+    "invalid key encryption parameter"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_KEY_LENGTH), "invalid key length"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MD_BIO_INIT_ERROR), "md bio init error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH),
+    "messagedigest attribute wrong length"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MESSAGEDIGEST_WRONG_LENGTH),
+    "messagedigest wrong length"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MSGSIGDIGEST_ERROR), "msgsigdigest error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE),
+    "msgsigdigest verification failure"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MSGSIGDIGEST_WRONG_LENGTH),
+    "msgsigdigest wrong length"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NEED_ONE_SIGNER), "need one signer"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_A_SIGNED_RECEIPT),
+    "not a signed receipt"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_ENCRYPTED_DATA), "not encrypted data"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_KEK), "not kek"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_KEY_AGREEMENT), "not key agreement"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_KEY_TRANSPORT), "not key transport"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_PWRI), "not pwri"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),
+    "not supported for this key type"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_CIPHER), "no cipher"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_CONTENT), "no content"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_CONTENT_TYPE), "no content type"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_DEFAULT_DIGEST), "no default digest"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_DIGEST_SET), "no digest set"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_KEY), "no key"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_KEY_OR_CERT), "no key or cert"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_MATCHING_DIGEST), "no matching digest"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_MATCHING_RECIPIENT),
+    "no matching recipient"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_MATCHING_SIGNATURE),
+    "no matching signature"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_MSGSIGDIGEST), "no msgsigdigest"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_PASSWORD), "no password"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_PRIVATE_KEY), "no private key"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_PUBLIC_KEY), "no public key"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_RECEIPT_REQUEST), "no receipt request"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_SIGNERS), "no signers"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),
+    "private key does not match certificate"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_RECEIPT_DECODE_ERROR),
+    "receipt decode error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_RECIPIENT_ERROR), "recipient error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_SIGNER_CERTIFICATE_NOT_FOUND),
+    "signer certificate not found"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_SIGNFINAL_ERROR), "signfinal error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_SMIME_TEXT_ERROR), "smime text error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_STORE_INIT_ERROR), "store init error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_COMPRESSED_DATA),
+    "type not compressed data"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_DATA), "type not data"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_DIGESTED_DATA),
+    "type not digested data"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_ENCRYPTED_DATA),
+    "type not encrypted data"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_ENVELOPED_DATA),
+    "type not enveloped data"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNABLE_TO_FINALIZE_CONTEXT),
+    "unable to finalize context"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNKNOWN_CIPHER), "unknown cipher"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNKNOWN_DIGEST_ALGORITHM),
+    "unknown digest algorithm"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNKNOWN_ID), "unknown id"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM),
+    "unsupported compression algorithm"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_CONTENT_TYPE),
+    "unsupported content type"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_KEK_ALGORITHM),
+    "unsupported kek algorithm"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM),
+    "unsupported key encryption algorithm"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE),
+    "unsupported recipientinfo type"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_RECIPIENT_TYPE),
+    "unsupported recipient type"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_TYPE), "unsupported type"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNWRAP_ERROR), "unwrap error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNWRAP_FAILURE), "unwrap failure"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_VERIFICATION_FAILURE),
+    "verification failure"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_WRAP_ERROR), "wrap error"},
     {0, NULL}
 };
 
 #endif
 
-void ERR_load_CMS_strings(void)
+int ERR_load_CMS_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
-
     if (ERR_func_error_string(CMS_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, CMS_str_functs);
-        ERR_load_strings(0, CMS_str_reasons);
+        ERR_load_strings_const(CMS_str_functs);
+        ERR_load_strings_const(CMS_str_reasons);
     }
 #endif
+    return 1;
 }
diff --git a/freebsd/crypto/openssl/crypto/cms/cms_ess.c b/freebsd/crypto/openssl/crypto/cms/cms_ess.c
index 3a847fd2..ca1043c4 100644
--- a/freebsd/crypto/openssl/crypto/cms/cms_ess.c
+++ b/freebsd/crypto/openssl/crypto/cms/cms_ess.c
@@ -1,60 +1,15 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/cms/cms_ess.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/pem.h>
 #include <openssl/rand.h>
@@ -63,9 +18,6 @@
 #include <openssl/cms.h>
 #include "cms_lcl.h"
 
-DECLARE_ASN1_ITEM(CMS_ReceiptRequest)
-DECLARE_ASN1_ITEM(CMS_Receipt)
-
 IMPLEMENT_ASN1_FUNCTIONS(CMS_ReceiptRequest)
 
 /* ESS services: for now just Signed Receipt related */
@@ -102,7 +54,7 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
     CMS_ReceiptRequest *rr = NULL;
 
     rr = CMS_ReceiptRequest_new();
-    if (!rr)
+    if (rr == NULL)
         goto merr;
     if (id)
         ASN1_STRING_set0(rr->signedContentIdentifier, id, idlen);
@@ -130,9 +82,7 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
     CMSerr(CMS_F_CMS_RECEIPTREQUEST_CREATE0, ERR_R_MALLOC_FAILURE);
 
  err:
-    if (rr)
-        CMS_ReceiptRequest_free(rr);
-
+    CMS_ReceiptRequest_free(rr);
     return NULL;
 
 }
@@ -156,8 +106,7 @@ int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr)
     if (!r)
         CMSerr(CMS_F_CMS_ADD1_RECEIPTREQUEST, ERR_R_MALLOC_FAILURE);
 
-    if (rrder)
-        OPENSSL_free(rrder);
+    OPENSSL_free(rrder);
 
     return r;
 
@@ -340,11 +289,8 @@ int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms)
     r = 1;
 
  err:
-    if (rr)
-        CMS_ReceiptRequest_free(rr);
-    if (rct)
-        M_ASN1_free_of(rct, CMS_Receipt);
-
+    CMS_ReceiptRequest_free(rr);
+    M_ASN1_free_of(rct, CMS_Receipt);
     return r;
 
 }
@@ -388,9 +334,6 @@ ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si)
     os = ASN1_item_pack(&rct, ASN1_ITEM_rptr(CMS_Receipt), NULL);
 
  err:
-    if (rr)
-        CMS_ReceiptRequest_free(rr);
-
+    CMS_ReceiptRequest_free(rr);
     return os;
-
 }
diff --git a/freebsd/crypto/openssl/crypto/cms/cms_io.c b/freebsd/crypto/openssl/crypto/cms/cms_io.c
index 774d1c8e..d81398f1 100644
--- a/freebsd/crypto/openssl/crypto/cms/cms_io.c
+++ b/freebsd/crypto/openssl/crypto/cms/cms_io.c
@@ -1,75 +1,30 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/cms/cms_io.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
 #include <openssl/err.h>
 #include <openssl/pem.h>
-#include "cms.h"
+#include <openssl/cms.h>
 #include "cms_lcl.h"
 
 int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms)
 {
     ASN1_OCTET_STRING **pos;
     pos = CMS_get0_content(cms);
-    if (!pos)
+    if (pos == NULL)
         return 0;
-    if (!*pos)
+    if (*pos == NULL)
         *pos = ASN1_OCTET_STRING_new();
-    if (*pos) {
+    if (*pos != NULL) {
         (*pos)->flags |= ASN1_STRING_FLAG_NDEF;
         (*pos)->flags &= ~ASN1_STRING_FLAG_CONT;
         *boundary = &(*pos)->data;
diff --git a/freebsd/crypto/openssl/crypto/cms/cms_kari.c b/freebsd/crypto/openssl/crypto/cms/cms_kari.c
index b12625ca..0bff7083 100644
--- a/freebsd/crypto/openssl/crypto/cms/cms_kari.c
+++ b/freebsd/crypto/openssl/crypto/cms/cms_kari.c
@@ -1,74 +1,23 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/cms/cms_kari.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2013 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/pem.h>
 #include <openssl/x509v3.h>
 #include <openssl/err.h>
 #include <openssl/cms.h>
-#include <openssl/rand.h>
 #include <openssl/aes.h>
 #include "cms_lcl.h"
-#include "asn1_locl.h"
-
-DECLARE_ASN1_ITEM(CMS_KeyAgreeRecipientInfo)
-DECLARE_ASN1_ITEM(CMS_RecipientEncryptedKey)
-DECLARE_ASN1_ITEM(CMS_OriginatorPublicKey)
-DECLARE_ASN1_ITEM(CMS_RecipientKeyIdentifier)
+#include "internal/asn1_int.h"
 
 /* Key Agreement Recipient Info (KARI) routines */
 
@@ -209,10 +158,9 @@ int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk)
 {
     EVP_PKEY_CTX *pctx;
     CMS_KeyAgreeRecipientInfo *kari = ri->d.kari;
-    if (kari->pctx) {
-        EVP_PKEY_CTX_free(kari->pctx);
-        kari->pctx = NULL;
-    }
+
+    EVP_PKEY_CTX_free(kari->pctx);
+    kari->pctx = NULL;
     if (!pk)
         return 1;
     pctx = EVP_PKEY_CTX_new(pk, NULL);
@@ -221,15 +169,14 @@ int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk)
     kari->pctx = pctx;
     return 1;
  err:
-    if (pctx)
-        EVP_PKEY_CTX_free(pctx);
+    EVP_PKEY_CTX_free(pctx);
     return 0;
 }
 
 EVP_CIPHER_CTX *CMS_RecipientInfo_kari_get0_ctx(CMS_RecipientInfo *ri)
 {
     if (ri->type == CMS_RECIPINFO_AGREE)
-        return &ri->d.kari->ctx;
+        return ri->d.kari->ctx;
     return NULL;
 }
 
@@ -248,22 +195,22 @@ static int cms_kek_cipher(unsigned char **pout, size_t *poutlen,
     int rv = 0;
     unsigned char *out = NULL;
     int outlen;
-    keklen = EVP_CIPHER_CTX_key_length(&kari->ctx);
+    keklen = EVP_CIPHER_CTX_key_length(kari->ctx);
     if (keklen > EVP_MAX_KEY_LENGTH)
         return 0;
     /* Derive KEK */
     if (EVP_PKEY_derive(kari->pctx, kek, &keklen) <= 0)
         goto err;
     /* Set KEK in context */
-    if (!EVP_CipherInit_ex(&kari->ctx, NULL, NULL, kek, NULL, enc))
+    if (!EVP_CipherInit_ex(kari->ctx, NULL, NULL, kek, NULL, enc))
         goto err;
     /* obtain output length of ciphered key */
-    if (!EVP_CipherUpdate(&kari->ctx, NULL, &outlen, in, inlen))
+    if (!EVP_CipherUpdate(kari->ctx, NULL, &outlen, in, inlen))
         goto err;
     out = OPENSSL_malloc(outlen);
-    if (!out)
+    if (out == NULL)
         goto err;
-    if (!EVP_CipherUpdate(&kari->ctx, out, &outlen, in, inlen))
+    if (!EVP_CipherUpdate(kari->ctx, out, &outlen, in, inlen))
         goto err;
     *pout = out;
     *poutlen = (size_t)outlen;
@@ -271,9 +218,10 @@ static int cms_kek_cipher(unsigned char **pout, size_t *poutlen,
 
  err:
     OPENSSL_cleanse(kek, keklen);
-    if (!rv && out)
+    if (!rv)
         OPENSSL_free(out);
-    EVP_CIPHER_CTX_cleanup(&kari->ctx);
+    EVP_CIPHER_CTX_reset(kari->ctx);
+    /* FIXME: WHY IS kari->pctx freed here?  /RL */
     EVP_PKEY_CTX_free(kari->pctx);
     kari->pctx = NULL;
     return rv;
@@ -297,17 +245,13 @@ int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms,
     if (!cms_kek_cipher(&cek, &ceklen, enckey, enckeylen, ri->d.kari, 0))
         goto err;
     ec = cms->d.envelopedData->encryptedContentInfo;
-    if (ec->key) {
-        OPENSSL_cleanse(ec->key, ec->keylen);
-        OPENSSL_free(ec->key);
-    }
+    OPENSSL_clear_free(ec->key, ec->keylen);
     ec->key = cek;
     ec->keylen = ceklen;
     cek = NULL;
     rv = 1;
  err:
-    if (cek)
-        OPENSSL_free(cek);
+    OPENSSL_free(cek);
     return rv;
 }
 
@@ -334,10 +278,9 @@ static int cms_kari_create_ephemeral_key(CMS_KeyAgreeRecipientInfo *kari,
     kari->pctx = pctx;
     rv = 1;
  err:
-    if (!rv && pctx)
+    if (!rv)
         EVP_PKEY_CTX_free(pctx);
-    if (ekey)
-        EVP_PKEY_free(ekey);
+    EVP_PKEY_free(ekey);
     return rv;
 }
 
@@ -380,7 +323,7 @@ int cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip,
     if (!cms_kari_create_ephemeral_key(kari, pk))
         return 0;
 
-    CRYPTO_add(&pk->references, 1, CRYPTO_LOCK_EVP_PKEY);
+    EVP_PKEY_up_ref(pk);
     rek->pkey = pk;
     return 1;
 }
@@ -388,7 +331,7 @@ int cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip,
 static int cms_wrap_init(CMS_KeyAgreeRecipientInfo *kari,
                          const EVP_CIPHER *cipher)
 {
-    EVP_CIPHER_CTX *ctx = &kari->ctx;
+    EVP_CIPHER_CTX *ctx = kari->ctx;
     const EVP_CIPHER *kekcipher;
     int keylen = EVP_CIPHER_key_length(cipher);
     /* If a suitable wrap algorithm is already set nothing to do */
@@ -439,7 +382,7 @@ int cms_RecipientInfo_kari_encrypt(CMS_ContentInfo *cms,
     if (!cms_wrap_init(kari, ec->cipher))
         return 0;
     /*
-     * If no orignator key set up initialise for ephemeral key the public key
+     * If no originator key set up initialise for ephemeral key the public key
      * ASN1 structure will set the actual public key value.
      */
     if (kari->originator->type == -1) {
diff --git a/freebsd/crypto/openssl/crypto/cms/cms_lcl.h b/freebsd/crypto/openssl/crypto/cms/cms_lcl.h
index 20f2c25f..916fcbfb 100644
--- a/freebsd/crypto/openssl/crypto/cms/cms_lcl.h
+++ b/freebsd/crypto/openssl/crypto/cms/cms_lcl.h
@@ -1,64 +1,15 @@
-/* crypto/cms/cms_lcl.h */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
+ * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #ifndef HEADER_CMS_LCL_H
 # define HEADER_CMS_LCL_H
 
-#ifdef __cplusplus
-extern "C" {
-#endif
-
 # include <openssl/x509.h>
 
 /*
@@ -109,8 +60,10 @@ struct CMS_ContentInfo_st {
     } d;
 };
 
+DEFINE_STACK_OF(CMS_CertificateChoices)
+
 struct CMS_SignedData_st {
-    long version;
+    int32_t version;
     STACK_OF(X509_ALGOR) *digestAlgorithms;
     CMS_EncapsulatedContentInfo *encapContentInfo;
     STACK_OF(CMS_CertificateChoices) *certificates;
@@ -126,7 +79,7 @@ struct CMS_EncapsulatedContentInfo_st {
 };
 
 struct CMS_SignerInfo_st {
-    long version;
+    int32_t version;
     CMS_SignerIdentifier *sid;
     X509_ALGOR *digestAlgorithm;
     STACK_OF(X509_ATTRIBUTE) *signedAttrs;
@@ -137,7 +90,7 @@ struct CMS_SignerInfo_st {
     X509 *signer;
     EVP_PKEY *pkey;
     /* Digest and public key context for alternative parameters */
-    EVP_MD_CTX mctx;
+    EVP_MD_CTX *mctx;
     EVP_PKEY_CTX *pctx;
 };
 
@@ -150,7 +103,7 @@ struct CMS_SignerIdentifier_st {
 };
 
 struct CMS_EnvelopedData_st {
-    long version;
+    int32_t version;
     CMS_OriginatorInfo *originatorInfo;
     STACK_OF(CMS_RecipientInfo) *recipientInfos;
     CMS_EncryptedContentInfo *encryptedContentInfo;
@@ -188,7 +141,7 @@ struct CMS_RecipientInfo_st {
 typedef CMS_SignerIdentifier CMS_RecipientIdentifier;
 
 struct CMS_KeyTransRecipientInfo_st {
-    long version;
+    int32_t version;
     CMS_RecipientIdentifier *rid;
     X509_ALGOR *keyEncryptionAlgorithm;
     ASN1_OCTET_STRING *encryptedKey;
@@ -200,7 +153,7 @@ struct CMS_KeyTransRecipientInfo_st {
 };
 
 struct CMS_KeyAgreeRecipientInfo_st {
-    long version;
+    int32_t version;
     CMS_OriginatorIdentifierOrKey *originator;
     ASN1_OCTET_STRING *ukm;
     X509_ALGOR *keyEncryptionAlgorithm;
@@ -208,7 +161,7 @@ struct CMS_KeyAgreeRecipientInfo_st {
     /* Public key context associated with current operation */
     EVP_PKEY_CTX *pctx;
     /* Cipher context for CEK wrapping */
-    EVP_CIPHER_CTX ctx;
+    EVP_CIPHER_CTX *ctx;
 };
 
 struct CMS_OriginatorIdentifierOrKey_st {
@@ -247,7 +200,7 @@ struct CMS_RecipientKeyIdentifier_st {
 };
 
 struct CMS_KEKRecipientInfo_st {
-    long version;
+    int32_t version;
     CMS_KEKIdentifier *kekid;
     X509_ALGOR *keyEncryptionAlgorithm;
     ASN1_OCTET_STRING *encryptedKey;
@@ -263,7 +216,7 @@ struct CMS_KEKIdentifier_st {
 };
 
 struct CMS_PasswordRecipientInfo_st {
-    long version;
+    int32_t version;
     X509_ALGOR *keyDerivationAlgorithm;
     X509_ALGOR *keyEncryptionAlgorithm;
     ASN1_OCTET_STRING *encryptedKey;
@@ -278,20 +231,20 @@ struct CMS_OtherRecipientInfo_st {
 };
 
 struct CMS_DigestedData_st {
-    long version;
+    int32_t version;
     X509_ALGOR *digestAlgorithm;
     CMS_EncapsulatedContentInfo *encapContentInfo;
     ASN1_OCTET_STRING *digest;
 };
 
 struct CMS_EncryptedData_st {
-    long version;
+    int32_t version;
     CMS_EncryptedContentInfo *encryptedContentInfo;
     STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs;
 };
 
 struct CMS_AuthenticatedData_st {
-    long version;
+    int32_t version;
     CMS_OriginatorInfo *originatorInfo;
     STACK_OF(CMS_RecipientInfo) *recipientInfos;
     X509_ALGOR *macAlgorithm;
@@ -303,7 +256,7 @@ struct CMS_AuthenticatedData_st {
 };
 
 struct CMS_CompressedData_st {
-    long version;
+    int32_t version;
     X509_ALGOR *compressionAlgorithm;
     STACK_OF(CMS_RecipientInfo) *recipientInfos;
     CMS_EncapsulatedContentInfo *encapContentInfo;
@@ -375,14 +328,14 @@ struct CMS_ReceiptRequest_st {
 struct CMS_ReceiptsFrom_st {
     int type;
     union {
-        long allOrFirstTier;
+        int32_t allOrFirstTier;
         STACK_OF(GENERAL_NAMES) *receiptList;
     } d;
 };
 # endif
 
 struct CMS_Receipt_st {
-    long version;
+    int32_t version;
     ASN1_OBJECT *contentType;
     ASN1_OCTET_STRING *signedContentIdentifier;
     ASN1_OCTET_STRING *originatorSignatureValue;
@@ -431,7 +384,6 @@ int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert);
 CMS_ContentInfo *cms_CompressedData_create(int comp_nid);
 BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms);
 
-void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md);
 BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm);
 int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
                                  X509_ALGOR *mdalg);
@@ -465,7 +417,21 @@ int cms_RecipientInfo_kari_encrypt(CMS_ContentInfo *cms,
 int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
                                  int en_de);
 
-#ifdef  __cplusplus
-}
-#endif
+DECLARE_ASN1_ITEM(CMS_CertificateChoices)
+DECLARE_ASN1_ITEM(CMS_DigestedData)
+DECLARE_ASN1_ITEM(CMS_EncryptedData)
+DECLARE_ASN1_ITEM(CMS_EnvelopedData)
+DECLARE_ASN1_ITEM(CMS_KEKRecipientInfo)
+DECLARE_ASN1_ITEM(CMS_KeyAgreeRecipientInfo)
+DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo)
+DECLARE_ASN1_ITEM(CMS_OriginatorPublicKey)
+DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute)
+DECLARE_ASN1_ITEM(CMS_Receipt)
+DECLARE_ASN1_ITEM(CMS_ReceiptRequest)
+DECLARE_ASN1_ITEM(CMS_RecipientEncryptedKey)
+DECLARE_ASN1_ITEM(CMS_RecipientKeyIdentifier)
+DECLARE_ASN1_ITEM(CMS_RevocationInfoChoice)
+DECLARE_ASN1_ITEM(CMS_SignedData)
+DECLARE_ASN1_ITEM(CMS_CompressedData)
+
 #endif
diff --git a/freebsd/crypto/openssl/crypto/cms/cms_lib.c b/freebsd/crypto/openssl/crypto/cms/cms_lib.c
index ec4632d7..57ae0abb 100644
--- a/freebsd/crypto/openssl/crypto/cms/cms_lib.c
+++ b/freebsd/crypto/openssl/crypto/cms/cms_lib.c
@@ -1,57 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/cms/cms_lib.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/asn1t.h>
@@ -60,18 +15,13 @@
 #include <openssl/pem.h>
 #include <openssl/bio.h>
 #include <openssl/asn1.h>
-#include "cms.h"
+#include <openssl/cms.h>
 #include "cms_lcl.h"
 
 IMPLEMENT_ASN1_FUNCTIONS(CMS_ContentInfo)
 IMPLEMENT_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
 
-DECLARE_ASN1_ITEM(CMS_CertificateChoices)
-DECLARE_ASN1_ITEM(CMS_RevocationInfoChoice)
-DECLARE_STACK_OF(CMS_CertificateChoices)
-DECLARE_STACK_OF(CMS_RevocationInfoChoice)
-
-const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms)
+const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms)
 {
     return cms->contentType;
 }
@@ -80,7 +30,7 @@ CMS_ContentInfo *cms_Data_create(void)
 {
     CMS_ContentInfo *cms;
     cms = CMS_ContentInfo_new();
-    if (cms) {
+    if (cms != NULL) {
         cms->contentType = OBJ_nid2obj(NID_pkcs7_data);
         /* Never detached */
         CMS_set_detached(cms, 0);
@@ -161,7 +111,7 @@ int CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio)
     ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
     if (!pos)
         return 0;
-    /* If ebmedded content find memory BIO and set content */
+    /* If embedded content find memory BIO and set content */
     if (*pos && ((*pos)->flags & ASN1_STRING_FLAG_CONT)) {
         BIO *mbio;
         unsigned char *cont;
@@ -316,15 +266,13 @@ int CMS_set_detached(CMS_ContentInfo *cms, int detached)
     if (!pos)
         return 0;
     if (detached) {
-        if (*pos) {
-            ASN1_OCTET_STRING_free(*pos);
-            *pos = NULL;
-        }
+        ASN1_OCTET_STRING_free(*pos);
+        *pos = NULL;
         return 1;
     }
-    if (!*pos)
+    if (*pos == NULL)
         *pos = ASN1_OCTET_STRING_new();
-    if (*pos) {
+    if (*pos != NULL) {
         /*
          * NB: special flag to show content is created and not read in.
          */
@@ -335,44 +283,28 @@ int CMS_set_detached(CMS_ContentInfo *cms, int detached)
     return 0;
 }
 
-/* Set up an X509_ALGOR DigestAlgorithmIdentifier from an EVP_MD */
-
-void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md)
-{
-    int param_type;
-
-    if (md->flags & EVP_MD_FLAG_DIGALGID_ABSENT)
-        param_type = V_ASN1_UNDEF;
-    else
-        param_type = V_ASN1_NULL;
-
-    X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL);
-
-}
-
 /* Create a digest BIO from an X509_ALGOR structure */
 
 BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm)
 {
     BIO *mdbio = NULL;
-    ASN1_OBJECT *digestoid;
+    const ASN1_OBJECT *digestoid;
     const EVP_MD *digest;
     X509_ALGOR_get0(&digestoid, NULL, NULL, digestAlgorithm);
     digest = EVP_get_digestbyobj(digestoid);
     if (!digest) {
         CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO,
-               CMS_R_UNKNOWN_DIGEST_ALGORIHM);
+               CMS_R_UNKNOWN_DIGEST_ALGORITHM);
         goto err;
     }
     mdbio = BIO_new(BIO_f_md());
-    if (!mdbio || !BIO_set_md(mdbio, digest)) {
+    if (mdbio == NULL || !BIO_set_md(mdbio, digest)) {
         CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO, CMS_R_MD_BIO_INIT_ERROR);
         goto err;
     }
     return mdbio;
  err:
-    if (mdbio)
-        BIO_free(mdbio);
+    BIO_free(mdbio);
     return NULL;
 }
 
@@ -382,7 +314,7 @@ int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
                                  X509_ALGOR *mdalg)
 {
     int nid;
-    ASN1_OBJECT *mdoid;
+    const ASN1_OBJECT *mdoid;
     X509_ALGOR_get0(&mdoid, NULL, NULL, mdalg);
     nid = OBJ_obj2nid(mdoid);
     /* Look for digest type to match signature */
@@ -479,7 +411,7 @@ int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert)
     int r;
     r = CMS_add0_cert(cms, cert);
     if (r > 0)
-        CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
+        X509_up_ref(cert);
     return r;
 }
 
@@ -541,7 +473,7 @@ int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl)
     int r;
     r = CMS_add0_crl(cms, crl);
     if (r > 0)
-        CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL);
+        X509_CRL_up_ref(crl);
     return r;
 }
 
@@ -566,7 +498,7 @@ STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms)
                 sk_X509_pop_free(certs, X509_free);
                 return NULL;
             }
-            CRYPTO_add(&cch->d.certificate->references, 1, CRYPTO_LOCK_X509);
+            X509_up_ref(cch->d.certificate);
         }
     }
     return certs;
@@ -594,7 +526,7 @@ STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms)
                 sk_X509_CRL_pop_free(crls, X509_CRL_free);
                 return NULL;
             }
-            CRYPTO_add(&rch->d.crl->references, 1, CRYPTO_LOCK_X509_CRL);
+            X509_CRL_up_ref(rch->d.crl);
         }
     }
     return crls;
@@ -611,10 +543,11 @@ int cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert)
 
 int cms_keyid_cert_cmp(ASN1_OCTET_STRING *keyid, X509 *cert)
 {
-    X509_check_purpose(cert, -1, -1);
-    if (!cert->skid)
+    const ASN1_OCTET_STRING *cert_keyid = X509_get0_subject_key_id(cert);
+
+    if (cert_keyid == NULL)
         return -1;
-    return ASN1_OCTET_STRING_cmp(keyid, cert->skid);
+    return ASN1_OCTET_STRING_cmp(keyid, cert_keyid);
 }
 
 int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert)
@@ -627,13 +560,11 @@ int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert)
         goto err;
     if (!ASN1_STRING_copy(ias->serialNumber, X509_get_serialNumber(cert)))
         goto err;
-    if (*pias)
-        M_ASN1_free_of(*pias, CMS_IssuerAndSerialNumber);
+    M_ASN1_free_of(*pias, CMS_IssuerAndSerialNumber);
     *pias = ias;
     return 1;
  err:
-    if (ias)
-        M_ASN1_free_of(ias, CMS_IssuerAndSerialNumber);
+    M_ASN1_free_of(ias, CMS_IssuerAndSerialNumber);
     CMSerr(CMS_F_CMS_SET1_IAS, ERR_R_MALLOC_FAILURE);
     return 0;
 }
@@ -641,18 +572,18 @@ int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert)
 int cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert)
 {
     ASN1_OCTET_STRING *keyid = NULL;
-    X509_check_purpose(cert, -1, -1);
-    if (!cert->skid) {
+    const ASN1_OCTET_STRING *cert_keyid;
+    cert_keyid = X509_get0_subject_key_id(cert);
+    if (cert_keyid == NULL) {
         CMSerr(CMS_F_CMS_SET1_KEYID, CMS_R_CERTIFICATE_HAS_NO_KEYID);
         return 0;
     }
-    keyid = ASN1_STRING_dup(cert->skid);
+    keyid = ASN1_STRING_dup(cert_keyid);
     if (!keyid) {
         CMSerr(CMS_F_CMS_SET1_KEYID, ERR_R_MALLOC_FAILURE);
         return 0;
     }
-    if (*pkeyid)
-        ASN1_OCTET_STRING_free(*pkeyid);
+    ASN1_OCTET_STRING_free(*pkeyid);
     *pkeyid = keyid;
     return 1;
 }
diff --git a/freebsd/crypto/openssl/crypto/cms/cms_pwri.c b/freebsd/crypto/openssl/crypto/cms/cms_pwri.c
index 090fb9e8..24b5e9e4 100644
--- a/freebsd/crypto/openssl/crypto/cms/cms_pwri.c
+++ b/freebsd/crypto/openssl/crypto/cms/cms_pwri.c
@@ -1,60 +1,15 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/cms/cms_pwri.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2009 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ * Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/pem.h>
 #include <openssl/x509v3.h>
@@ -63,7 +18,7 @@
 #include <openssl/rand.h>
 #include <openssl/aes.h>
 #include "cms_lcl.h"
-#include "asn1_locl.h"
+#include "internal/asn1_int.h"
 
 int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri,
                                     unsigned char *pass, ossl_ssize_t passlen)
@@ -92,7 +47,7 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
     CMS_RecipientInfo *ri = NULL;
     CMS_EnvelopedData *env;
     CMS_PasswordRecipientInfo *pwri;
-    EVP_CIPHER_CTX ctx;
+    EVP_CIPHER_CTX *ctx = NULL;
     X509_ALGOR *encalg = NULL;
     unsigned char iv[EVP_MAX_IV_LENGTH];
     int ivlen;
@@ -126,19 +81,19 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
     if (encalg == NULL) {
         goto merr;
     }
-    EVP_CIPHER_CTX_init(&ctx);
+    ctx = EVP_CIPHER_CTX_new();
 
-    if (EVP_EncryptInit_ex(&ctx, kekciph, NULL, NULL, NULL) <= 0) {
+    if (EVP_EncryptInit_ex(ctx, kekciph, NULL, NULL, NULL) <= 0) {
         CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_EVP_LIB);
         goto err;
     }
 
-    ivlen = EVP_CIPHER_CTX_iv_length(&ctx);
+    ivlen = EVP_CIPHER_CTX_iv_length(ctx);
 
     if (ivlen > 0) {
         if (RAND_bytes(iv, ivlen) <= 0)
             goto err;
-        if (EVP_EncryptInit_ex(&ctx, NULL, NULL, NULL, iv) <= 0) {
+        if (EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv) <= 0) {
             CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_EVP_LIB);
             goto err;
         }
@@ -147,24 +102,25 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
             CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_MALLOC_FAILURE);
             goto err;
         }
-        if (EVP_CIPHER_param_to_asn1(&ctx, encalg->parameter) <= 0) {
+        if (EVP_CIPHER_param_to_asn1(ctx, encalg->parameter) <= 0) {
             CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD,
                    CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
             goto err;
         }
     }
 
-    encalg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(&ctx));
+    encalg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx));
 
-    EVP_CIPHER_CTX_cleanup(&ctx);
+    EVP_CIPHER_CTX_free(ctx);
+    ctx = NULL;
 
     /* Initialize recipient info */
     ri = M_ASN1_new_of(CMS_RecipientInfo);
-    if (!ri)
+    if (ri == NULL)
         goto merr;
 
     ri->d.pwri = M_ASN1_new_of(CMS_PasswordRecipientInfo);
-    if (!ri->d.pwri)
+    if (ri->d.pwri == NULL)
         goto merr;
     ri->type = CMS_RECIPINFO_PASS;
 
@@ -172,11 +128,11 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
     /* Since this is overwritten, free up empty structure already there */
     X509_ALGOR_free(pwri->keyEncryptionAlgorithm);
     pwri->keyEncryptionAlgorithm = X509_ALGOR_new();
-    if (!pwri->keyEncryptionAlgorithm)
+    if (pwri->keyEncryptionAlgorithm == NULL)
         goto merr;
     pwri->keyEncryptionAlgorithm->algorithm = OBJ_nid2obj(wrap_nid);
     pwri->keyEncryptionAlgorithm->parameter = ASN1_TYPE_new();
-    if (!pwri->keyEncryptionAlgorithm->parameter)
+    if (pwri->keyEncryptionAlgorithm->parameter == NULL)
         goto merr;
 
     if (!ASN1_item_pack(encalg, ASN1_ITEM_rptr(X509_ALGOR),
@@ -206,11 +162,10 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
  merr:
     CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_MALLOC_FAILURE);
  err:
-    EVP_CIPHER_CTX_cleanup(&ctx);
+    EVP_CIPHER_CTX_free(ctx);
     if (ri)
         M_ASN1_free_of(ri, CMS_RecipientInfo);
-    if (encalg)
-        X509_ALGOR_free(encalg);
+    X509_ALGOR_free(encalg);
     return NULL;
 
 }
@@ -235,25 +190,28 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen,
         /* Invalid size */
         return 0;
     }
-    tmp = OPENSSL_malloc(inlen);
-    if (!tmp)
+    if ((tmp = OPENSSL_malloc(inlen)) == NULL) {
+        CMSerr(CMS_F_KEK_UNWRAP_KEY, ERR_R_MALLOC_FAILURE);
         return 0;
+    }
     /* setup IV by decrypting last two blocks */
-    EVP_DecryptUpdate(ctx, tmp + inlen - 2 * blocklen, &outl,
-                      in + inlen - 2 * blocklen, blocklen * 2);
-    /*
-     * Do a decrypt of last decrypted block to set IV to correct value output
-     * it to start of buffer so we don't corrupt decrypted block this works
-     * because buffer is at least two block lengths long.
-     */
-    EVP_DecryptUpdate(ctx, tmp, &outl, tmp + inlen - blocklen, blocklen);
-    /* Can now decrypt first n - 1 blocks */
-    EVP_DecryptUpdate(ctx, tmp, &outl, in, inlen - blocklen);
-
-    /* Reset IV to original value */
-    EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, NULL);
-    /* Decrypt again */
-    EVP_DecryptUpdate(ctx, tmp, &outl, tmp, inlen);
+    if (!EVP_DecryptUpdate(ctx, tmp + inlen - 2 * blocklen, &outl,
+                           in + inlen - 2 * blocklen, blocklen * 2)
+        /*
+         * Do a decrypt of last decrypted block to set IV to correct value
+         * output it to start of buffer so we don't corrupt decrypted block
+         * this works because buffer is at least two block lengths long.
+         */
+        || !EVP_DecryptUpdate(ctx, tmp, &outl,
+                              tmp + inlen - blocklen, blocklen)
+        /* Can now decrypt first n - 1 blocks */
+        || !EVP_DecryptUpdate(ctx, tmp, &outl, in, inlen - blocklen)
+
+        /* Reset IV to original value */
+        || !EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, NULL)
+        /* Decrypt again */
+        || !EVP_DecryptUpdate(ctx, tmp, &outl, tmp, inlen))
+        goto err;
     /* Check check bytes */
     if (((tmp[1] ^ tmp[4]) & (tmp[2] ^ tmp[5]) & (tmp[3] ^ tmp[6])) != 0xff) {
         /* Check byte failure */
@@ -267,8 +225,7 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen,
     memcpy(out, tmp + 4, *outlen);
     rv = 1;
  err:
-    OPENSSL_cleanse(tmp, inlen);
-    OPENSSL_free(tmp);
+    OPENSSL_clear_free(tmp, inlen);
     return rv;
 
 }
@@ -306,8 +263,9 @@ static int kek_wrap_key(unsigned char *out, size_t *outlen,
             && RAND_bytes(out + 4 + inlen, olen - 4 - inlen) <= 0)
             return 0;
         /* Encrypt twice */
-        EVP_EncryptUpdate(ctx, out, &dummy, out, olen);
-        EVP_EncryptUpdate(ctx, out, &dummy, out, olen);
+        if (!EVP_EncryptUpdate(ctx, out, &dummy, out, olen)
+            || !EVP_EncryptUpdate(ctx, out, &dummy, out, olen))
+            return 0;
     }
 
     *outlen = olen;
@@ -322,11 +280,9 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
 {
     CMS_EncryptedContentInfo *ec;
     CMS_PasswordRecipientInfo *pwri;
-    const unsigned char *p = NULL;
-    int plen;
     int r = 0;
     X509_ALGOR *algtmp, *kekalg = NULL;
-    EVP_CIPHER_CTX kekctx;
+    EVP_CIPHER_CTX *kekctx = NULL;
     const EVP_CIPHER *kekcipher;
     unsigned char *key = NULL;
     size_t keylen;
@@ -334,7 +290,6 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
     ec = cms->d.envelopedData->encryptedContentInfo;
 
     pwri = ri->d.pwri;
-    EVP_CIPHER_CTX_init(&kekctx);
 
     if (!pwri->pass) {
         CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_NO_PASSWORD);
@@ -348,11 +303,9 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
         return 0;
     }
 
-    if (algtmp->parameter->type == V_ASN1_SEQUENCE) {
-        p = algtmp->parameter->value.sequence->data;
-        plen = algtmp->parameter->value.sequence->length;
-        kekalg = d2i_X509_ALGOR(NULL, &p, plen);
-    }
+    kekalg = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(X509_ALGOR),
+                                       algtmp->parameter);
+
     if (kekalg == NULL) {
         CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
                CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER);
@@ -363,14 +316,19 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
 
     if (!kekcipher) {
         CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_UNKNOWN_CIPHER);
-        goto err;
+        return 0;
     }
 
+    kekctx = EVP_CIPHER_CTX_new();
+    if (kekctx == NULL) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
     /* Fixup cipher based on AlgorithmIdentifier to set IV etc */
-    if (!EVP_CipherInit_ex(&kekctx, kekcipher, NULL, NULL, NULL, en_de))
+    if (!EVP_CipherInit_ex(kekctx, kekcipher, NULL, NULL, NULL, en_de))
         goto err;
-    EVP_CIPHER_CTX_set_padding(&kekctx, 0);
-    if (EVP_CIPHER_asn1_to_param(&kekctx, kekalg->parameter) < 0) {
+    EVP_CIPHER_CTX_set_padding(kekctx, 0);
+    if (EVP_CIPHER_asn1_to_param(kekctx, kekalg->parameter) <= 0) {
         CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
                CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
         goto err;
@@ -382,7 +340,7 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
 
     if (EVP_PBE_CipherInit(algtmp->algorithm,
                            (char *)pwri->pass, pwri->passlen,
-                           algtmp->parameter, &kekctx, en_de) < 0) {
+                           algtmp->parameter, kekctx, en_de) < 0) {
         CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_EVP_LIB);
         goto err;
     }
@@ -391,28 +349,28 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
 
     if (en_de) {
 
-        if (!kek_wrap_key(NULL, &keylen, ec->key, ec->keylen, &kekctx))
+        if (!kek_wrap_key(NULL, &keylen, ec->key, ec->keylen, kekctx))
             goto err;
 
         key = OPENSSL_malloc(keylen);
 
-        if (!key)
+        if (key == NULL)
             goto err;
 
-        if (!kek_wrap_key(key, &keylen, ec->key, ec->keylen, &kekctx))
+        if (!kek_wrap_key(key, &keylen, ec->key, ec->keylen, kekctx))
             goto err;
         pwri->encryptedKey->data = key;
         pwri->encryptedKey->length = keylen;
     } else {
         key = OPENSSL_malloc(pwri->encryptedKey->length);
 
-        if (!key) {
+        if (key == NULL) {
             CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_MALLOC_FAILURE);
             goto err;
         }
         if (!kek_unwrap_key(key, &keylen,
                             pwri->encryptedKey->data,
-                            pwri->encryptedKey->length, &kekctx)) {
+                            pwri->encryptedKey->length, kekctx)) {
             CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_UNWRAP_FAILURE);
             goto err;
         }
@@ -426,9 +384,9 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
 
  err:
 
-    EVP_CIPHER_CTX_cleanup(&kekctx);
+    EVP_CIPHER_CTX_free(kekctx);
 
-    if (!r && key)
+    if (!r)
         OPENSSL_free(key);
     X509_ALGOR_free(kekalg);
 
diff --git a/freebsd/crypto/openssl/crypto/cms/cms_sd.c b/freebsd/crypto/openssl/crypto/cms/cms_sd.c
index 36ed2cd2..cac5a516 100644
--- a/freebsd/crypto/openssl/crypto/cms/cms_sd.c
+++ b/freebsd/crypto/openssl/crypto/cms/cms_sd.c
@@ -1,60 +1,15 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/cms/cms_sd.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/pem.h>
 #include <openssl/x509.h>
@@ -62,12 +17,11 @@
 #include <openssl/err.h>
 #include <openssl/cms.h>
 #include "cms_lcl.h"
-#include "asn1_locl.h"
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
 
 /* CMS SignedData Utilities */
 
-DECLARE_ASN1_ITEM(CMS_SignedData)
-
 static CMS_SignedData *cms_get0_signed(CMS_ContentInfo *cms)
 {
     if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_signed) {
@@ -96,7 +50,7 @@ static CMS_SignedData *cms_signed_data_init(CMS_ContentInfo *cms)
     return cms_get0_signed(cms);
 }
 
-/* Just initialize SignedData e.g. for certs only structure */
+/* Just initialise SignedData e.g. for certs only structure */
 
 int CMS_SignedData_init(CMS_ContentInfo *cms)
 {
@@ -284,16 +238,22 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
     si = M_ASN1_new_of(CMS_SignerInfo);
     if (!si)
         goto merr;
+    /* Call for side-effect of computing hash and caching extensions */
     X509_check_purpose(signer, -1, -1);
 
-    CRYPTO_add(&pk->references, 1, CRYPTO_LOCK_EVP_PKEY);
-    CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509);
+    X509_up_ref(signer);
+    EVP_PKEY_up_ref(pk);
 
     si->pkey = pk;
     si->signer = signer;
-    EVP_MD_CTX_init(&si->mctx);
+    si->mctx = EVP_MD_CTX_new();
     si->pctx = NULL;
 
+    if (si->mctx == NULL) {
+        CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
     if (flags & CMS_USE_KEYID) {
         si->version = 3;
         if (sd->version < 3)
@@ -323,11 +283,11 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
         goto err;
     }
 
-    cms_DigestAlgorithm_set(si->digestAlgorithm, md);
+    X509_ALGOR_set_md(si->digestAlgorithm, md);
 
     /* See if digest is present in digestAlgorithms */
     for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) {
-        ASN1_OBJECT *aoid;
+        const ASN1_OBJECT *aoid;
         alg = sk_X509_ALGOR_value(sd->digestAlgorithms, i);
         X509_ALGOR_get0(&aoid, NULL, NULL, alg);
         if (OBJ_obj2nid(aoid) == EVP_MD_type(md))
@@ -336,9 +296,9 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
 
     if (i == sk_X509_ALGOR_num(sd->digestAlgorithms)) {
         alg = X509_ALGOR_new();
-        if (!alg)
+        if (alg == NULL)
             goto merr;
-        cms_DigestAlgorithm_set(alg, md);
+        X509_ALGOR_set_md(alg, md);
         if (!sk_X509_ALGOR_push(sd->digestAlgorithms, alg)) {
             X509_ALGOR_free(alg);
             goto merr;
@@ -349,7 +309,7 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
         goto err;
     if (!(flags & CMS_NOATTR)) {
         /*
-         * Initialialize signed attributes strutucture so other attributes
+         * Initialize signed attributes structure so other attributes
          * such as signing time etc are added later even if we add none here.
          */
         if (!si->signedAttrs) {
@@ -385,13 +345,13 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
     if (flags & CMS_KEY_PARAM) {
         if (flags & CMS_NOATTR) {
             si->pctx = EVP_PKEY_CTX_new(si->pkey, NULL);
-            if (!si->pctx)
+            if (si->pctx == NULL)
                 goto err;
             if (EVP_PKEY_sign_init(si->pctx) <= 0)
                 goto err;
             if (EVP_PKEY_CTX_set_signature_md(si->pctx, md) <= 0)
                 goto err;
-        } else if (EVP_DigestSignInit(&si->mctx, &si->pctx, md, NULL, pk) <=
+        } else if (EVP_DigestSignInit(si->mctx, &si->pctx, md, NULL, pk) <=
                    0)
             goto err;
     }
@@ -406,8 +366,7 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
  merr:
     CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE);
  err:
-    if (si)
-        M_ASN1_free_of(si, CMS_SignerInfo);
+    M_ASN1_free_of(si, CMS_SignerInfo);
     return NULL;
 
 }
@@ -449,7 +408,7 @@ EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si)
 
 EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si)
 {
-    return &si->mctx;
+    return si->mctx;
 }
 
 STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms)
@@ -488,13 +447,11 @@ STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms)
 void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer)
 {
     if (signer) {
-        CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509);
-        if (si->pkey)
-            EVP_PKEY_free(si->pkey);
+        X509_up_ref(signer);
+        EVP_PKEY_free(si->pkey);
         si->pkey = X509_get_pubkey(signer);
     }
-    if (si->signer)
-        X509_free(si->signer);
+    X509_free(si->signer);
     si->signer = signer;
 }
 
@@ -578,19 +535,23 @@ ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si)
 static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
                                        CMS_SignerInfo *si, BIO *chain)
 {
-    EVP_MD_CTX mctx;
+    EVP_MD_CTX *mctx = EVP_MD_CTX_new();
     int r = 0;
     EVP_PKEY_CTX *pctx = NULL;
-    EVP_MD_CTX_init(&mctx);
+
+    if (mctx == NULL) {
+        CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
 
     if (!si->pkey) {
         CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_NO_PRIVATE_KEY);
-        return 0;
+        goto err;
     }
 
-    if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm))
+    if (!cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm))
         goto err;
-    /* Set SignerInfo algortihm details if we used custom parametsr */
+    /* Set SignerInfo algorithm details if we used custom parameter */
     if (si->pctx && !cms_sd_asn1_ctrl(si, 0))
         goto err;
 
@@ -603,7 +564,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
             cms->d.signedData->encapContentInfo->eContentType;
         unsigned char md[EVP_MAX_MD_SIZE];
         unsigned int mdlen;
-        if (!EVP_DigestFinal_ex(&mctx, md, &mdlen))
+        if (!EVP_DigestFinal_ex(mctx, md, &mdlen))
             goto err;
         if (!CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest,
                                          V_ASN1_OCTET_STRING, md, mdlen))
@@ -620,26 +581,28 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
         unsigned char md[EVP_MAX_MD_SIZE];
         unsigned int mdlen;
         pctx = si->pctx;
-        if (!EVP_DigestFinal_ex(&mctx, md, &mdlen))
+        if (!EVP_DigestFinal_ex(mctx, md, &mdlen))
             goto err;
         siglen = EVP_PKEY_size(si->pkey);
         sig = OPENSSL_malloc(siglen);
-        if (!sig) {
+        if (sig == NULL) {
             CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE);
             goto err;
         }
-        if (EVP_PKEY_sign(pctx, sig, &siglen, md, mdlen) <= 0)
+        if (EVP_PKEY_sign(pctx, sig, &siglen, md, mdlen) <= 0) {
+            OPENSSL_free(sig);
             goto err;
+        }
         ASN1_STRING_set0(si->signature, sig, siglen);
     } else {
         unsigned char *sig;
         unsigned int siglen;
         sig = OPENSSL_malloc(EVP_PKEY_size(si->pkey));
-        if (!sig) {
+        if (sig == NULL) {
             CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE);
             goto err;
         }
-        if (!EVP_SignFinal(&mctx, sig, &siglen, si->pkey)) {
+        if (!EVP_SignFinal(mctx, sig, &siglen, si->pkey)) {
             CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_SIGNFINAL_ERROR);
             OPENSSL_free(sig);
             goto err;
@@ -650,9 +613,8 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
     r = 1;
 
  err:
-    EVP_MD_CTX_cleanup(&mctx);
-    if (pctx)
-        EVP_PKEY_CTX_free(pctx);
+    EVP_MD_CTX_free(mctx);
+    EVP_PKEY_CTX_free(pctx);
     return r;
 
 }
@@ -674,8 +636,8 @@ int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain)
 
 int CMS_SignerInfo_sign(CMS_SignerInfo *si)
 {
-    EVP_MD_CTX *mctx = &si->mctx;
-    EVP_PKEY_CTX *pctx;
+    EVP_MD_CTX *mctx = si->mctx;
+    EVP_PKEY_CTX *pctx = NULL;
     unsigned char *abuf = NULL;
     int alen;
     size_t siglen;
@@ -693,9 +655,10 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)
     if (si->pctx)
         pctx = si->pctx;
     else {
-        EVP_MD_CTX_init(mctx);
+        EVP_MD_CTX_reset(mctx);
         if (EVP_DigestSignInit(mctx, &pctx, md, NULL, si->pkey) <= 0)
             goto err;
+        si->pctx = pctx;
     }
 
     if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
@@ -714,7 +677,7 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)
         goto err;
     OPENSSL_free(abuf);
     abuf = OPENSSL_malloc(siglen);
-    if (!abuf)
+    if (abuf == NULL)
         goto err;
     if (EVP_DigestSignFinal(mctx, abuf, &siglen) <= 0)
         goto err;
@@ -725,23 +688,22 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)
         goto err;
     }
 
-    EVP_MD_CTX_cleanup(mctx);
+    EVP_MD_CTX_reset(mctx);
 
     ASN1_STRING_set0(si->signature, abuf, siglen);
 
     return 1;
 
  err:
-    if (abuf)
-        OPENSSL_free(abuf);
-    EVP_MD_CTX_cleanup(mctx);
+    OPENSSL_free(abuf);
+    EVP_MD_CTX_reset(mctx);
     return 0;
 
 }
 
 int CMS_SignerInfo_verify(CMS_SignerInfo *si)
 {
-    EVP_MD_CTX *mctx = &si->mctx;
+    EVP_MD_CTX *mctx = NULL;
     unsigned char *abuf = NULL;
     int alen, r = -1;
     const EVP_MD *md = NULL;
@@ -754,7 +716,11 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si)
     md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
     if (md == NULL)
         return -1;
-    EVP_MD_CTX_init(mctx);
+    if (si->mctx == NULL && (si->mctx = EVP_MD_CTX_new()) == NULL) {
+        CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+    mctx = si->mctx;
     if (EVP_DigestVerifyInit(mctx, &si->pctx, md, NULL, si->pkey) <= 0)
         goto err;
 
@@ -776,7 +742,7 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si)
     if (r <= 0)
         CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE);
  err:
-    EVP_MD_CTX_cleanup(mctx);
+    EVP_MD_CTX_reset(mctx);
     return r;
 }
 
@@ -806,20 +772,23 @@ BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms)
     }
     return chain;
  err:
-    if (chain)
-        BIO_free_all(chain);
+    BIO_free_all(chain);
     return NULL;
 }
 
 int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
 {
     ASN1_OCTET_STRING *os = NULL;
-    EVP_MD_CTX mctx;
+    EVP_MD_CTX *mctx = EVP_MD_CTX_new();
     EVP_PKEY_CTX *pkctx = NULL;
     int r = -1;
     unsigned char mval[EVP_MAX_MD_SIZE];
     unsigned int mlen;
-    EVP_MD_CTX_init(&mctx);
+
+    if (mctx == NULL) {
+        CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
     /* If we have any signed attributes look for messageDigest value */
     if (CMS_signed_get_attr_count(si) >= 0) {
         os = CMS_signed_get0_data_by_OBJ(si,
@@ -832,10 +801,10 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
         }
     }
 
-    if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm))
+    if (!cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm))
         goto err;
 
-    if (EVP_DigestFinal_ex(&mctx, mval, &mlen) <= 0) {
+    if (EVP_DigestFinal_ex(mctx, mval, &mlen) <= 0) {
         CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
                CMS_R_UNABLE_TO_FINALIZE_CONTEXT);
         goto err;
@@ -857,7 +826,7 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
         } else
             r = 1;
     } else {
-        const EVP_MD *md = EVP_MD_CTX_md(&mctx);
+        const EVP_MD *md = EVP_MD_CTX_md(mctx);
         pkctx = EVP_PKEY_CTX_new(si->pkey, NULL);
         if (pkctx == NULL)
             goto err;
@@ -878,9 +847,8 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
     }
 
  err:
-    if (pkctx)
-        EVP_PKEY_CTX_free(pkctx);
-    EVP_MD_CTX_cleanup(&mctx);
+    EVP_PKEY_CTX_free(pkctx);
+    EVP_MD_CTX_free(mctx);
     return r;
 
 }
@@ -905,21 +873,20 @@ int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
     ASN1_INTEGER *key = NULL;
     if (keysize > 0) {
         key = ASN1_INTEGER_new();
-        if (!key || !ASN1_INTEGER_set(key, keysize))
+        if (key == NULL || !ASN1_INTEGER_set(key, keysize))
             return 0;
     }
     alg = X509_ALGOR_new();
-    if (!alg) {
-        if (key)
-            ASN1_INTEGER_free(key);
+    if (alg == NULL) {
+        ASN1_INTEGER_free(key);
         return 0;
     }
 
     X509_ALGOR_set0(alg, OBJ_nid2obj(algnid),
                     key ? V_ASN1_INTEGER : V_ASN1_UNDEF, key);
-    if (!*algs)
+    if (*algs == NULL)
         *algs = sk_X509_ALGOR_new_null();
-    if (!*algs || !sk_X509_ALGOR_push(*algs, alg)) {
+    if (*algs == NULL || !sk_X509_ALGOR_push(*algs, alg)) {
         X509_ALGOR_free(alg);
         return 0;
     }
@@ -945,6 +912,8 @@ static int cms_add_digest_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
 int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap)
 {
     if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1)
+        || !cms_add_digest_smcap(smcap, NID_id_GostR3411_2012_256, -1)
+        || !cms_add_digest_smcap(smcap, NID_id_GostR3411_2012_512, -1)
         || !cms_add_digest_smcap(smcap, NID_id_GostR3411_94, -1)
         || !cms_add_cipher_smcap(smcap, NID_id_Gost28147_89, -1)
         || !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1)
diff --git a/freebsd/crypto/openssl/crypto/cms/cms_smime.c b/freebsd/crypto/openssl/crypto/cms/cms_smime.c
index 50903e49..587923ee 100644
--- a/freebsd/crypto/openssl/crypto/cms/cms_smime.c
+++ b/freebsd/crypto/openssl/crypto/cms/cms_smime.c
@@ -1,83 +1,45 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/cms/cms_smime.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
+ * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 #include <openssl/err.h>
 #include <openssl/cms.h>
 #include "cms_lcl.h"
-#include "asn1_locl.h"
+#include "internal/asn1_int.h"
+
+static BIO *cms_get_text_bio(BIO *out, unsigned int flags)
+{
+    BIO *rbio;
+    if (out == NULL)
+        rbio = BIO_new(BIO_s_null());
+    else if (flags & CMS_TEXT) {
+        rbio = BIO_new(BIO_s_mem());
+        BIO_set_mem_eof_return(rbio, 0);
+    } else
+        rbio = out;
+    return rbio;
+}
 
 static int cms_copy_content(BIO *out, BIO *in, unsigned int flags)
 {
     unsigned char buf[4096];
     int r = 0, i;
-    BIO *tmpout = NULL;
+    BIO *tmpout;
 
-    if (out == NULL)
-        tmpout = BIO_new(BIO_s_null());
-    else if (flags & CMS_TEXT) {
-        tmpout = BIO_new(BIO_s_mem());
-        BIO_set_mem_eof_return(tmpout, 0);
-    } else
-        tmpout = out;
+    tmpout = cms_get_text_bio(out, flags);
 
-    if (!tmpout) {
+    if (tmpout == NULL) {
         CMSerr(CMS_F_CMS_COPY_CONTENT, ERR_R_MALLOC_FAILURE);
         goto err;
     }
@@ -109,7 +71,7 @@ static int cms_copy_content(BIO *out, BIO *in, unsigned int flags)
     r = 1;
 
  err:
-    if (tmpout && (tmpout != out))
+    if (tmpout != out)
         BIO_free(tmpout);
     return r;
 
@@ -248,7 +210,7 @@ CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
         return NULL;
     }
     cms = CMS_ContentInfo_new();
-    if (!cms)
+    if (cms == NULL)
         return NULL;
     if (!CMS_EncryptedData_set1_key(cms, cipher, key, keylen))
         return NULL;
@@ -267,24 +229,28 @@ CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
 static int cms_signerinfo_verify_cert(CMS_SignerInfo *si,
                                       X509_STORE *store,
                                       STACK_OF(X509) *certs,
-                                      STACK_OF(X509_CRL) *crls,
-                                      unsigned int flags)
+                                      STACK_OF(X509_CRL) *crls)
 {
-    X509_STORE_CTX ctx;
+    X509_STORE_CTX *ctx = X509_STORE_CTX_new();
     X509 *signer;
     int i, j, r = 0;
+
+    if (ctx == NULL) {
+        CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
     CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL);
-    if (!X509_STORE_CTX_init(&ctx, store, signer, certs)) {
+    if (!X509_STORE_CTX_init(ctx, store, signer, certs)) {
         CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT, CMS_R_STORE_INIT_ERROR);
         goto err;
     }
-    X509_STORE_CTX_set_default(&ctx, "smime_sign");
+    X509_STORE_CTX_set_default(ctx, "smime_sign");
     if (crls)
-        X509_STORE_CTX_set0_crls(&ctx, crls);
+        X509_STORE_CTX_set0_crls(ctx, crls);
 
-    i = X509_verify_cert(&ctx);
+    i = X509_verify_cert(ctx);
     if (i <= 0) {
-        j = X509_STORE_CTX_get_error(&ctx);
+        j = X509_STORE_CTX_get_error(ctx);
         CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT,
                CMS_R_CERTIFICATE_VERIFY_ERROR);
         ERR_add_error_data(2, "Verify error:",
@@ -293,7 +259,7 @@ static int cms_signerinfo_verify_cert(CMS_SignerInfo *si,
     }
     r = 1;
  err:
-    X509_STORE_CTX_cleanup(&ctx);
+    X509_STORE_CTX_free(ctx);
     return r;
 
 }
@@ -307,10 +273,15 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
     STACK_OF(X509_CRL) *crls = NULL;
     X509 *signer;
     int i, scount = 0, ret = 0;
-    BIO *cmsbio = NULL, *tmpin = NULL;
+    BIO *cmsbio = NULL, *tmpin = NULL, *tmpout = NULL;
 
     if (!dcont && !check_content(cms))
         return 0;
+    if (dcont && !(flags & CMS_BINARY)) {
+        const ASN1_OBJECT *coid = CMS_get0_eContentType(cms);
+        if (OBJ_obj2nid(coid) == NID_id_ct_asciiTextWithCRLF)
+            flags |= CMS_ASCIICRLF;
+    }
 
     /* Attempt to find all signer certificates */
 
@@ -344,8 +315,7 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
             crls = CMS_get1_crls(cms);
         for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
             si = sk_CMS_SignerInfo_value(sinfos, i);
-            if (!cms_signerinfo_verify_cert(si, store,
-                                            cms_certs, crls, flags))
+            if (!cms_signerinfo_verify_cert(si, store, cms_certs, crls))
                 goto err;
         }
     }
@@ -380,14 +350,44 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
         }
     } else
         tmpin = dcont;
+    /*
+     * If not binary mode and detached generate digests by *writing* through
+     * the BIO. That makes it possible to canonicalise the input.
+     */
+    if (!(flags & SMIME_BINARY) && dcont) {
+        /*
+         * Create output BIO so we can either handle text or to ensure
+         * included content doesn't override detached content.
+         */
+        tmpout = cms_get_text_bio(out, flags);
+        if (!tmpout) {
+            CMSerr(CMS_F_CMS_VERIFY, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        cmsbio = CMS_dataInit(cms, tmpout);
+        if (!cmsbio)
+            goto err;
+        /*
+         * Don't use SMIME_TEXT for verify: it adds headers and we want to
+         * remove them.
+         */
+        SMIME_crlf_copy(dcont, cmsbio, flags & ~SMIME_TEXT);
 
-    cmsbio = CMS_dataInit(cms, tmpin);
-    if (!cmsbio)
-        goto err;
+        if (flags & CMS_TEXT) {
+            if (!SMIME_text(tmpout, out)) {
+                CMSerr(CMS_F_CMS_VERIFY, CMS_R_SMIME_TEXT_ERROR);
+                goto err;
+            }
+        }
+    } else {
+        cmsbio = CMS_dataInit(cms, tmpin);
+        if (!cmsbio)
+            goto err;
 
-    if (!cms_copy_content(out, cmsbio, flags))
-        goto err;
+        if (!cms_copy_content(out, cmsbio, flags))
+            goto err;
 
+    }
     if (!(flags & CMS_NO_CONTENT_VERIFY)) {
         for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
             si = sk_CMS_SignerInfo_value(sinfos, i);
@@ -401,17 +401,23 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
     ret = 1;
 
  err:
+    if (!(flags & SMIME_BINARY) && dcont) {
+        do_free_upto(cmsbio, tmpout);
+        if (tmpin != dcont)
+            BIO_free(tmpin);
+    } else {
+        if (dcont && (tmpin == dcont))
+            do_free_upto(cmsbio, dcont);
+        else
+            BIO_free_all(cmsbio);
+    }
 
-    if (dcont && (tmpin == dcont))
-        do_free_upto(cmsbio, dcont);
-    else
-        BIO_free_all(cmsbio);
+    if (out != tmpout)
+        BIO_free_all(tmpout);
 
  err2:
-    if (cms_certs)
-        sk_X509_pop_free(cms_certs, X509_free);
-    if (crls)
-        sk_X509_CRL_pop_free(crls, X509_CRL_free);
+    sk_X509_pop_free(cms_certs, X509_free);
+    sk_X509_CRL_pop_free(crls, X509_CRL_free);
 
     return ret;
 }
@@ -436,8 +442,12 @@ CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
     int i;
 
     cms = CMS_ContentInfo_new();
-    if (!cms || !CMS_SignedData_init(cms))
+    if (cms == NULL || !CMS_SignedData_init(cms))
         goto merr;
+    if (flags & CMS_ASCIICRLF
+        && !CMS_set1_eContentType(cms,
+                                  OBJ_nid2obj(NID_id_ct_asciiTextWithCRLF)))
+        goto err;
 
     if (pkey && !CMS_add1_signer(cms, signcert, pkey, NULL, flags)) {
         CMSerr(CMS_F_CMS_SIGN, CMS_R_ADD_SIGNER_ERROR);
@@ -463,8 +473,7 @@ CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
     CMSerr(CMS_F_CMS_SIGN, ERR_R_MALLOC_FAILURE);
 
  err:
-    if (cms)
-        CMS_ContentInfo_free(cms);
+    CMS_ContentInfo_free(cms);
     return NULL;
 }
 
@@ -528,8 +537,7 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
     r = 1;
 
  err:
-    if (rct_cont)
-        BIO_free(rct_cont);
+    BIO_free(rct_cont);
     if (r)
         return cms;
     CMS_ContentInfo_free(cms);
@@ -566,8 +574,7 @@ CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *data,
  merr:
     CMSerr(CMS_F_CMS_ENCRYPT, ERR_R_MALLOC_FAILURE);
  err:
-    if (cms)
-        CMS_ContentInfo_free(cms);
+    CMS_ContentInfo_free(cms);
     return NULL;
 }
 
@@ -578,19 +585,17 @@ static int cms_kari_set1_pkey(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
     STACK_OF(CMS_RecipientEncryptedKey) *reks;
     CMS_RecipientEncryptedKey *rek;
     reks = CMS_RecipientInfo_kari_get0_reks(ri);
-    if (!cert)
-        return 0;
     for (i = 0; i < sk_CMS_RecipientEncryptedKey_num(reks); i++) {
         int rv;
         rek = sk_CMS_RecipientEncryptedKey_value(reks, i);
-        if (CMS_RecipientEncryptedKey_cert_cmp(rek, cert))
+        if (cert != NULL && CMS_RecipientEncryptedKey_cert_cmp(rek, cert))
             continue;
         CMS_RecipientInfo_kari_set0_pkey(ri, pk);
         rv = CMS_RecipientInfo_kari_decrypt(cms, ri, rek);
         CMS_RecipientInfo_kari_set0_pkey(ri, NULL);
         if (rv > 0)
             return 1;
-        return -1;
+        return cert == NULL ? 0 : -1;
     }
     return 0;
 }
@@ -628,6 +633,7 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
          * all.
          */
         else if (!cert || !CMS_RecipientInfo_ktri_cert_cmp(ri, cert)) {
+            EVP_PKEY_up_ref(pk);
             CMS_RecipientInfo_set0_pkey(ri, pk);
             r = CMS_RecipientInfo_decrypt(cms, ri);
             CMS_RecipientInfo_set0_pkey(ri, NULL);
@@ -654,8 +660,8 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
                 return 1;
         }
     }
-    /* If no cert and not debugging always return success */
-    if (match_ri && !cert && !debug) {
+    /* If no cert, key transport and not debugging always return success */
+    if (cert == NULL && ri_type == CMS_RECIPINFO_TRANS && match_ri && !debug) {
         ERR_clear_error();
         return 1;
     }
@@ -667,7 +673,7 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
 
 int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
                          unsigned char *key, size_t keylen,
-                         unsigned char *id, size_t idlen)
+                         const unsigned char *id, size_t idlen)
 {
     STACK_OF(CMS_RecipientInfo) *ris;
     CMS_RecipientInfo *ri;
@@ -755,7 +761,8 @@ int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags)
 {
     BIO *cmsbio;
     int ret = 0;
-    if (!(cmsbio = CMS_dataInit(cms, dcont))) {
+
+    if ((cmsbio = CMS_dataInit(cms, dcont)) == NULL) {
         CMSerr(CMS_F_CMS_FINAL, CMS_R_CMS_LIB);
         return 0;
     }
diff --git a/freebsd/crypto/openssl/crypto/comp/c_rle.c b/freebsd/crypto/openssl/crypto/comp/c_rle.c
deleted file mode 100644
index 9b9cab2e..00000000
--- a/freebsd/crypto/openssl/crypto/comp/c_rle.c
+++ /dev/null
@@ -1,65 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/objects.h>
-#include <openssl/comp.h>
-
-static int rle_compress_block(COMP_CTX *ctx, unsigned char *out,
-                              unsigned int olen, unsigned char *in,
-                              unsigned int ilen);
-static int rle_expand_block(COMP_CTX *ctx, unsigned char *out,
-                            unsigned int olen, unsigned char *in,
-                            unsigned int ilen);
-
-static COMP_METHOD rle_method = {
-    NID_rle_compression,
-    LN_rle_compression,
-    NULL,
-    NULL,
-    rle_compress_block,
-    rle_expand_block,
-    NULL,
-    NULL,
-};
-
-COMP_METHOD *COMP_rle(void)
-{
-    return (&rle_method);
-}
-
-static int rle_compress_block(COMP_CTX *ctx, unsigned char *out,
-                              unsigned int olen, unsigned char *in,
-                              unsigned int ilen)
-{
-    if (ilen == 0)
-        return 0;
-
-    if (olen <= ilen)
-        return -1;
-
-    *(out++) = 0;
-    memcpy(out, in, ilen);
-    return (ilen + 1);
-}
-
-static int rle_expand_block(COMP_CTX *ctx, unsigned char *out,
-                            unsigned int olen, unsigned char *in,
-                            unsigned int ilen)
-{
-    int i;
-
-    if (ilen == 0)
-        return 0;
-
-    if (olen < (ilen - 1))
-        return -1;
-
-    i = *(in++);
-    if (i != 0)
-        return -1;
-
-    memcpy(out, in, ilen - 1);
-    return (ilen - 1);
-}
diff --git a/freebsd/crypto/openssl/crypto/comp/c_zlib.c b/freebsd/crypto/openssl/crypto/comp/c_zlib.c
index b9fe7e11..63de82be 100644
--- a/freebsd/crypto/openssl/crypto/comp/c_zlib.c
+++ b/freebsd/crypto/openssl/crypto/comp/c_zlib.c
@@ -1,11 +1,23 @@
 #include <machine/rtems-bsd-user-space.h>
 
+/*
+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <openssl/objects.h>
-#include <openssl/comp.h>
+#include "internal/comp.h"
 #include <openssl/err.h>
+#include "internal/cryptlib_int.h"
+#include "internal/bio.h"
+#include "comp_lcl.h"
 
 COMP_METHOD *COMP_zlib(void);
 
@@ -16,8 +28,6 @@ static COMP_METHOD zlib_method_nozlib = {
     NULL,
     NULL,
     NULL,
-    NULL,
-    NULL,
 };
 
 #ifndef ZLIB
@@ -35,14 +45,12 @@ static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out,
                                       unsigned int olen, unsigned char *in,
                                       unsigned int ilen);
 
-/* memory allocations functions for zlib intialization */
+/* memory allocations functions for zlib initialisation */
 static void *zlib_zalloc(void *opaque, unsigned int no, unsigned int size)
 {
     void *p;
 
-    p = OPENSSL_malloc(no * size);
-    if (p)
-        memset(p, 0, no * size);
+    p = OPENSSL_zalloc(no * size);
     return p;
 }
 
@@ -51,28 +59,6 @@ static void zlib_zfree(void *opaque, void *address)
     OPENSSL_free(address);
 }
 
-# if 0
-static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out,
-                               unsigned int olen, unsigned char *in,
-                               unsigned int ilen);
-static int zlib_expand_block(COMP_CTX *ctx, unsigned char *out,
-                             unsigned int olen, unsigned char *in,
-                             unsigned int ilen);
-
-static int zz_uncompress(Bytef *dest, uLongf * destLen, const Bytef *source,
-                         uLong sourceLen);
-
-static COMP_METHOD zlib_stateless_method = {
-    NID_zlib_compression,
-    LN_zlib_compression,
-    NULL,
-    NULL,
-    zlib_compress_block,
-    zlib_expand_block,
-    NULL,
-    NULL,
-};
-# endif
 
 static COMP_METHOD zlib_stateful_method = {
     NID_zlib_compression,
@@ -80,9 +66,7 @@ static COMP_METHOD zlib_stateful_method = {
     zlib_stateful_init,
     zlib_stateful_finish,
     zlib_stateful_compress_block,
-    zlib_stateful_expand_block,
-    NULL,
-    NULL,
+    zlib_stateful_expand_block
 };
 
 /*
@@ -97,7 +81,7 @@ static COMP_METHOD zlib_stateful_method = {
                                  * OPENSSL_SYS_WIN32) */
 
 # ifdef ZLIB_SHARED
-#  include <openssl/dso.h>
+#  include "internal/dso.h"
 
 /* Function pointers */
 typedef int (*compress_ft) (Bytef *dest, uLongf * destLen,
@@ -138,13 +122,10 @@ struct zlib_state {
     z_stream ostream;
 };
 
-static int zlib_stateful_ex_idx = -1;
-
 static int zlib_stateful_init(COMP_CTX *ctx)
 {
     int err;
-    struct zlib_state *state =
-        (struct zlib_state *)OPENSSL_malloc(sizeof(struct zlib_state));
+    struct zlib_state *state = OPENSSL_zalloc(sizeof(*state));
 
     if (state == NULL)
         goto err;
@@ -154,8 +135,6 @@ static int zlib_stateful_init(COMP_CTX *ctx)
     state->istream.opaque = Z_NULL;
     state->istream.next_in = Z_NULL;
     state->istream.next_out = Z_NULL;
-    state->istream.avail_in = 0;
-    state->istream.avail_out = 0;
     err = inflateInit_(&state->istream, ZLIB_VERSION, sizeof(z_stream));
     if (err != Z_OK)
         goto err;
@@ -165,31 +144,24 @@ static int zlib_stateful_init(COMP_CTX *ctx)
     state->ostream.opaque = Z_NULL;
     state->ostream.next_in = Z_NULL;
     state->ostream.next_out = Z_NULL;
-    state->ostream.avail_in = 0;
-    state->ostream.avail_out = 0;
     err = deflateInit_(&state->ostream, Z_DEFAULT_COMPRESSION,
                        ZLIB_VERSION, sizeof(z_stream));
     if (err != Z_OK)
         goto err;
 
-    CRYPTO_new_ex_data(CRYPTO_EX_INDEX_COMP, ctx, &ctx->ex_data);
-    CRYPTO_set_ex_data(&ctx->ex_data, zlib_stateful_ex_idx, state);
+    ctx->data = state;
     return 1;
  err:
-    if (state)
-        OPENSSL_free(state);
+    OPENSSL_free(state);
     return 0;
 }
 
 static void zlib_stateful_finish(COMP_CTX *ctx)
 {
-    struct zlib_state *state =
-        (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data,
-                                                zlib_stateful_ex_idx);
+    struct zlib_state *state = ctx->data;
     inflateEnd(&state->istream);
     deflateEnd(&state->ostream);
     OPENSSL_free(state);
-    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_COMP, ctx, &ctx->ex_data);
 }
 
 static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out,
@@ -197,9 +169,7 @@ static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out,
                                         unsigned int ilen)
 {
     int err = Z_OK;
-    struct zlib_state *state =
-        (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data,
-                                                zlib_stateful_ex_idx);
+    struct zlib_state *state = ctx->data;
 
     if (state == NULL)
         return -1;
@@ -212,11 +182,6 @@ static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out,
         err = deflate(&state->ostream, Z_SYNC_FLUSH);
     if (err != Z_OK)
         return -1;
-# ifdef DEBUG_ZLIB
-    fprintf(stderr, "compress(%4d)->%4d %s\n",
-            ilen, olen - state->ostream.avail_out,
-            (ilen != olen - state->ostream.avail_out) ? "zlib" : "clear");
-# endif
     return olen - state->ostream.avail_out;
 }
 
@@ -225,10 +190,7 @@ static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out,
                                       unsigned int ilen)
 {
     int err = Z_OK;
-
-    struct zlib_state *state =
-        (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data,
-                                                zlib_stateful_ex_idx);
+    struct zlib_state *state = ctx->data;
 
     if (state == NULL)
         return 0;
@@ -241,105 +203,9 @@ static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out,
         err = inflate(&state->istream, Z_SYNC_FLUSH);
     if (err != Z_OK)
         return -1;
-# ifdef DEBUG_ZLIB
-    fprintf(stderr, "expand(%4d)->%4d %s\n",
-            ilen, olen - state->istream.avail_out,
-            (ilen != olen - state->istream.avail_out) ? "zlib" : "clear");
-# endif
     return olen - state->istream.avail_out;
 }
 
-# if 0
-static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out,
-                               unsigned int olen, unsigned char *in,
-                               unsigned int ilen)
-{
-    unsigned long l;
-    int i;
-    int clear = 1;
-
-    if (ilen > 128) {
-        out[0] = 1;
-        l = olen - 1;
-        i = compress(&(out[1]), &l, in, (unsigned long)ilen);
-        if (i != Z_OK)
-            return (-1);
-        if (ilen > l) {
-            clear = 0;
-            l++;
-        }
-    }
-    if (clear) {
-        out[0] = 0;
-        memcpy(&(out[1]), in, ilen);
-        l = ilen + 1;
-    }
-#  ifdef DEBUG_ZLIB
-    fprintf(stderr, "compress(%4d)->%4d %s\n",
-            ilen, (int)l, (clear) ? "clear" : "zlib");
-#  endif
-    return ((int)l);
-}
-
-static int zlib_expand_block(COMP_CTX *ctx, unsigned char *out,
-                             unsigned int olen, unsigned char *in,
-                             unsigned int ilen)
-{
-    unsigned long l;
-    int i;
-
-    if (in[0]) {
-        l = olen;
-        i = zz_uncompress(out, &l, &(in[1]), (unsigned long)ilen - 1);
-        if (i != Z_OK)
-            return (-1);
-    } else {
-        memcpy(out, &(in[1]), ilen - 1);
-        l = ilen - 1;
-    }
-#  ifdef DEBUG_ZLIB
-    fprintf(stderr, "expand  (%4d)->%4d %s\n",
-            ilen, (int)l, in[0] ? "zlib" : "clear");
-#  endif
-    return ((int)l);
-}
-
-static int zz_uncompress(Bytef *dest, uLongf * destLen, const Bytef *source,
-                         uLong sourceLen)
-{
-    z_stream stream;
-    int err;
-
-    stream.next_in = (Bytef *)source;
-    stream.avail_in = (uInt) sourceLen;
-    /* Check for source > 64K on 16-bit machine: */
-    if ((uLong) stream.avail_in != sourceLen)
-        return Z_BUF_ERROR;
-
-    stream.next_out = dest;
-    stream.avail_out = (uInt) * destLen;
-    if ((uLong) stream.avail_out != *destLen)
-        return Z_BUF_ERROR;
-
-    stream.zalloc = (alloc_func) 0;
-    stream.zfree = (free_func) 0;
-
-    err = inflateInit_(&stream, ZLIB_VERSION, sizeof(z_stream));
-    if (err != Z_OK)
-        return err;
-
-    err = inflate(&stream, Z_FINISH);
-    if (err != Z_STREAM_END) {
-        inflateEnd(&stream);
-        return err;
-    }
-    *destLen = stream.total_out;
-
-    err = inflateEnd(&stream);
-    return err;
-}
-# endif
-
 #endif
 
 COMP_METHOD *COMP_zlib(void)
@@ -347,12 +213,19 @@ COMP_METHOD *COMP_zlib(void)
     COMP_METHOD *meth = &zlib_method_nozlib;
 
 #ifdef ZLIB_SHARED
-    if (!zlib_loaded) {
-# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
-        zlib_dso = DSO_load(NULL, "ZLIB1", NULL, 0);
-# else
-        zlib_dso = DSO_load(NULL, "z", NULL, 0);
+    /* LIBZ may be externally defined, and we should respect that value */
+# ifndef LIBZ
+#  if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
+#   define LIBZ "ZLIB1"
+#  elif defined(OPENSSL_SYS_VMS)
+#   define LIBZ "LIBZ"
+#  else
+#   define LIBZ "z"
+#  endif
 # endif
+
+    if (!zlib_loaded) {
+        zlib_dso = DSO_load(NULL, LIBZ, NULL, 0);
         if (zlib_dso != NULL) {
             p_compress = (compress_ft) DSO_bind_func(zlib_dso, "compress");
             p_inflateEnd
@@ -371,43 +244,27 @@ COMP_METHOD *COMP_zlib(void)
                 && p_inflateInit_ && p_deflateEnd
                 && p_deflate && p_deflateInit_ && p_zError)
                 zlib_loaded++;
+
+            if (!OPENSSL_init_crypto(OPENSSL_INIT_ZLIB, NULL)) {
+                comp_zlib_cleanup_int();
+                return meth;
+            }
+            if (zlib_loaded)
+                meth = &zlib_stateful_method;
         }
     }
 #endif
-#ifdef ZLIB_SHARED
-    if (zlib_loaded)
+#if defined(ZLIB)
+    meth = &zlib_stateful_method;
 #endif
-#if defined(ZLIB) || defined(ZLIB_SHARED)
-    {
-        /*
-         * init zlib_stateful_ex_idx here so that in a multi-process
-         * application it's enough to intialize openssl before forking (idx
-         * will be inherited in all the children)
-         */
-        if (zlib_stateful_ex_idx == -1) {
-            CRYPTO_w_lock(CRYPTO_LOCK_COMP);
-            if (zlib_stateful_ex_idx == -1)
-                zlib_stateful_ex_idx =
-                    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP,
-                                            0, NULL, NULL, NULL, NULL);
-            CRYPTO_w_unlock(CRYPTO_LOCK_COMP);
-            if (zlib_stateful_ex_idx == -1)
-                goto err;
-        }
 
-        meth = &zlib_stateful_method;
-    }
- err:
-#endif
-
-    return (meth);
+    return meth;
 }
 
-void COMP_zlib_cleanup(void)
+void comp_zlib_cleanup_int(void)
 {
 #ifdef ZLIB_SHARED
-    if (zlib_dso != NULL)
-        DSO_free(zlib_dso);
+    DSO_free(zlib_dso);
     zlib_dso = NULL;
 #endif
 }
@@ -436,22 +293,26 @@ static int bio_zlib_free(BIO *bi);
 static int bio_zlib_read(BIO *b, char *out, int outl);
 static int bio_zlib_write(BIO *b, const char *in, int inl);
 static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr);
-static long bio_zlib_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp);
+static long bio_zlib_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp);
 
-static BIO_METHOD bio_meth_zlib = {
+static const BIO_METHOD bio_meth_zlib = {
     BIO_TYPE_COMP,
     "zlib",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
     bio_zlib_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
     bio_zlib_read,
-    NULL,
-    NULL,
+    NULL,                      /* bio_zlib_puts, */
+    NULL,                      /* bio_zlib_gets, */
     bio_zlib_ctrl,
     bio_zlib_new,
     bio_zlib_free,
     bio_zlib_callback_ctrl
 };
 
-BIO_METHOD *BIO_f_zlib(void)
+const BIO_METHOD *BIO_f_zlib(void)
 {
     return &bio_meth_zlib;
 }
@@ -466,32 +327,21 @@ static int bio_zlib_new(BIO *bi)
         return 0;
     }
 # endif
-    ctx = OPENSSL_malloc(sizeof(BIO_ZLIB_CTX));
-    if (!ctx) {
+    ctx = OPENSSL_zalloc(sizeof(*ctx));
+    if (ctx == NULL) {
         COMPerr(COMP_F_BIO_ZLIB_NEW, ERR_R_MALLOC_FAILURE);
         return 0;
     }
-    ctx->ibuf = NULL;
-    ctx->obuf = NULL;
     ctx->ibufsize = ZLIB_DEFAULT_BUFSIZE;
     ctx->obufsize = ZLIB_DEFAULT_BUFSIZE;
     ctx->zin.zalloc = Z_NULL;
     ctx->zin.zfree = Z_NULL;
-    ctx->zin.next_in = NULL;
-    ctx->zin.avail_in = 0;
-    ctx->zin.next_out = NULL;
-    ctx->zin.avail_out = 0;
     ctx->zout.zalloc = Z_NULL;
     ctx->zout.zfree = Z_NULL;
-    ctx->zout.next_in = NULL;
-    ctx->zout.avail_in = 0;
-    ctx->zout.next_out = NULL;
-    ctx->zout.avail_out = 0;
-    ctx->odone = 0;
     ctx->comp_level = Z_DEFAULT_COMPRESSION;
-    bi->init = 1;
-    bi->ptr = (char *)ctx;
-    bi->flags = 0;
+    BIO_set_init(bi, 1);
+    BIO_set_data(bi, ctx);
+
     return 1;
 }
 
@@ -500,7 +350,7 @@ static int bio_zlib_free(BIO *bi)
     BIO_ZLIB_CTX *ctx;
     if (!bi)
         return 0;
-    ctx = (BIO_ZLIB_CTX *) bi->ptr;
+    ctx = BIO_get_data(bi);
     if (ctx->ibuf) {
         /* Destroy decompress context */
         inflateEnd(&ctx->zin);
@@ -512,9 +362,9 @@ static int bio_zlib_free(BIO *bi)
         OPENSSL_free(ctx->obuf);
     }
     OPENSSL_free(ctx);
-    bi->ptr = NULL;
-    bi->init = 0;
-    bi->flags = 0;
+    BIO_set_data(bi, NULL);
+    BIO_set_init(bi, 0);
+
     return 1;
 }
 
@@ -523,14 +373,16 @@ static int bio_zlib_read(BIO *b, char *out, int outl)
     BIO_ZLIB_CTX *ctx;
     int ret;
     z_stream *zin;
+    BIO *next = BIO_next(b);
+
     if (!out || !outl)
         return 0;
-    ctx = (BIO_ZLIB_CTX *) b->ptr;
+    ctx = BIO_get_data(b);
     zin = &ctx->zin;
     BIO_clear_retry_flags(b);
     if (!ctx->ibuf) {
         ctx->ibuf = OPENSSL_malloc(ctx->ibufsize);
-        if (!ctx->ibuf) {
+        if (ctx->ibuf == NULL) {
             COMPerr(COMP_F_BIO_ZLIB_READ, ERR_R_MALLOC_FAILURE);
             return 0;
         }
@@ -560,7 +412,7 @@ static int bio_zlib_read(BIO *b, char *out, int outl)
          * No data in input buffer try to read some in, if an error then
          * return the total data read.
          */
-        ret = BIO_read(b->next_bio, ctx->ibuf, ctx->ibufsize);
+        ret = BIO_read(next, ctx->ibuf, ctx->ibufsize);
         if (ret <= 0) {
             /* Total data read */
             int tot = outl - zin->avail_out;
@@ -579,9 +431,11 @@ static int bio_zlib_write(BIO *b, const char *in, int inl)
     BIO_ZLIB_CTX *ctx;
     int ret;
     z_stream *zout;
+    BIO *next = BIO_next(b);
+
     if (!in || !inl)
         return 0;
-    ctx = (BIO_ZLIB_CTX *) b->ptr;
+    ctx = BIO_get_data(b);
     if (ctx->odone)
         return 0;
     zout = &ctx->zout;
@@ -589,7 +443,7 @@ static int bio_zlib_write(BIO *b, const char *in, int inl)
     if (!ctx->obuf) {
         ctx->obuf = OPENSSL_malloc(ctx->obufsize);
         /* Need error here */
-        if (!ctx->obuf) {
+        if (ctx->obuf == NULL) {
             COMPerr(COMP_F_BIO_ZLIB_WRITE, ERR_R_MALLOC_FAILURE);
             return 0;
         }
@@ -605,7 +459,7 @@ static int bio_zlib_write(BIO *b, const char *in, int inl)
     for (;;) {
         /* If data in output buffer write it first */
         while (ctx->ocount) {
-            ret = BIO_write(b->next_bio, ctx->optr, ctx->ocount);
+            ret = BIO_write(next, ctx->optr, ctx->ocount);
             if (ret <= 0) {
                 /* Total data written */
                 int tot = inl - zout->avail_in;
@@ -644,7 +498,9 @@ static int bio_zlib_flush(BIO *b)
     BIO_ZLIB_CTX *ctx;
     int ret;
     z_stream *zout;
-    ctx = (BIO_ZLIB_CTX *) b->ptr;
+    BIO *next = BIO_next(b);
+
+    ctx = BIO_get_data(b);
     /* If no data written or already flush show success */
     if (!ctx->obuf || (ctx->odone && !ctx->ocount))
         return 1;
@@ -656,7 +512,7 @@ static int bio_zlib_flush(BIO *b)
     for (;;) {
         /* If data in output buffer write it first */
         while (ctx->ocount) {
-            ret = BIO_write(b->next_bio, ctx->optr, ctx->ocount);
+            ret = BIO_write(next, ctx->optr, ctx->ocount);
             if (ret <= 0) {
                 BIO_copy_next_retry(b);
                 return ret;
@@ -691,9 +547,11 @@ static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr)
     BIO_ZLIB_CTX *ctx;
     int ret, *ip;
     int ibs, obs;
-    if (!b->next_bio)
+    BIO *next = BIO_next(b);
+
+    if (next == NULL)
         return 0;
-    ctx = (BIO_ZLIB_CTX *) b->ptr;
+    ctx = BIO_get_data(b);
     switch (cmd) {
 
     case BIO_CTRL_RESET:
@@ -705,7 +563,7 @@ static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr)
     case BIO_CTRL_FLUSH:
         ret = bio_zlib_flush(b);
         if (ret > 0)
-            ret = BIO_flush(b->next_bio);
+            ret = BIO_flush(next);
         break;
 
     case BIO_C_SET_BUFF_SIZE:
@@ -723,18 +581,14 @@ static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr)
         }
 
         if (ibs != -1) {
-            if (ctx->ibuf) {
-                OPENSSL_free(ctx->ibuf);
-                ctx->ibuf = NULL;
-            }
+            OPENSSL_free(ctx->ibuf);
+            ctx->ibuf = NULL;
             ctx->ibufsize = ibs;
         }
 
         if (obs != -1) {
-            if (ctx->obuf) {
-                OPENSSL_free(ctx->obuf);
-                ctx->obuf = NULL;
-            }
+            OPENSSL_free(ctx->obuf);
+            ctx->obuf = NULL;
             ctx->obufsize = obs;
         }
         ret = 1;
@@ -742,12 +596,12 @@ static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr)
 
     case BIO_C_DO_STATE_MACHINE:
         BIO_clear_retry_flags(b);
-        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        ret = BIO_ctrl(next, cmd, num, ptr);
         BIO_copy_next_retry(b);
         break;
 
     default:
-        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        ret = BIO_ctrl(next, cmd, num, ptr);
         break;
 
     }
@@ -755,11 +609,12 @@ static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr)
     return ret;
 }
 
-static long bio_zlib_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+static long bio_zlib_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
 {
-    if (!b->next_bio)
+    BIO *next = BIO_next(b);
+    if (next == NULL)
         return 0;
-    return BIO_callback_ctrl(b->next_bio, cmd, fp);
+    return BIO_callback_ctrl(next, cmd, fp);
 }
 
 #endif
diff --git a/freebsd/crypto/openssl/crypto/comp/comp.h b/freebsd/crypto/openssl/crypto/comp/comp.h
deleted file mode 100644
index df599ba3..00000000
--- a/freebsd/crypto/openssl/crypto/comp/comp.h
+++ /dev/null
@@ -1,83 +0,0 @@
-
-#ifndef HEADER_COMP_H
-# define HEADER_COMP_H
-
-# include <openssl/crypto.h>
-
-# ifdef OPENSSL_NO_COMP
-#  error COMP is disabled.
-# endif
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-typedef struct comp_ctx_st COMP_CTX;
-
-struct comp_method_st {
-    int type;                   /* NID for compression library */
-    const char *name;           /* A text string to identify the library */
-    int (*init) (COMP_CTX *ctx);
-    void (*finish) (COMP_CTX *ctx);
-    int (*compress) (COMP_CTX *ctx,
-                     unsigned char *out, unsigned int olen,
-                     unsigned char *in, unsigned int ilen);
-    int (*expand) (COMP_CTX *ctx,
-                   unsigned char *out, unsigned int olen,
-                   unsigned char *in, unsigned int ilen);
-    /*
-     * The following two do NOTHING, but are kept for backward compatibility
-     */
-    long (*ctrl) (void);
-    long (*callback_ctrl) (void);
-};
-
-struct comp_ctx_st {
-    COMP_METHOD *meth;
-    unsigned long compress_in;
-    unsigned long compress_out;
-    unsigned long expand_in;
-    unsigned long expand_out;
-    CRYPTO_EX_DATA ex_data;
-};
-
-COMP_CTX *COMP_CTX_new(COMP_METHOD *meth);
-void COMP_CTX_free(COMP_CTX *ctx);
-int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen,
-                        unsigned char *in, int ilen);
-int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
-                      unsigned char *in, int ilen);
-COMP_METHOD *COMP_rle(void);
-COMP_METHOD *COMP_zlib(void);
-void COMP_zlib_cleanup(void);
-
-# ifdef HEADER_BIO_H
-#  ifdef ZLIB
-BIO_METHOD *BIO_f_zlib(void);
-#  endif
-# endif
-
-/* BEGIN ERROR CODES */
-/*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_COMP_strings(void);
-
-/* Error codes for the COMP functions. */
-
-/* Function codes. */
-# define COMP_F_BIO_ZLIB_FLUSH                            99
-# define COMP_F_BIO_ZLIB_NEW                              100
-# define COMP_F_BIO_ZLIB_READ                             101
-# define COMP_F_BIO_ZLIB_WRITE                            102
-
-/* Reason codes. */
-# define COMP_R_ZLIB_DEFLATE_ERROR                        99
-# define COMP_R_ZLIB_INFLATE_ERROR                        100
-# define COMP_R_ZLIB_NOT_SUPPORTED                        101
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/freebsd/crypto/openssl/crypto/comp/comp_err.c b/freebsd/crypto/openssl/crypto/comp/comp_err.c
index ad8406bf..7e695f56 100644
--- a/freebsd/crypto/openssl/crypto/comp/comp_err.c
+++ b/freebsd/crypto/openssl/crypto/comp/comp_err.c
@@ -1,100 +1,48 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/comp/comp_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
 /*
- * NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
-#include <openssl/comp.h>
+#include <openssl/comperr.h>
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_COMP,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_COMP,0,reason)
-
-static ERR_STRING_DATA COMP_str_functs[] = {
-    {ERR_FUNC(COMP_F_BIO_ZLIB_FLUSH), "BIO_ZLIB_FLUSH"},
-    {ERR_FUNC(COMP_F_BIO_ZLIB_NEW), "BIO_ZLIB_NEW"},
-    {ERR_FUNC(COMP_F_BIO_ZLIB_READ), "BIO_ZLIB_READ"},
-    {ERR_FUNC(COMP_F_BIO_ZLIB_WRITE), "BIO_ZLIB_WRITE"},
+static const ERR_STRING_DATA COMP_str_functs[] = {
+    {ERR_PACK(ERR_LIB_COMP, COMP_F_BIO_ZLIB_FLUSH, 0), "bio_zlib_flush"},
+    {ERR_PACK(ERR_LIB_COMP, COMP_F_BIO_ZLIB_NEW, 0), "bio_zlib_new"},
+    {ERR_PACK(ERR_LIB_COMP, COMP_F_BIO_ZLIB_READ, 0), "bio_zlib_read"},
+    {ERR_PACK(ERR_LIB_COMP, COMP_F_BIO_ZLIB_WRITE, 0), "bio_zlib_write"},
+    {ERR_PACK(ERR_LIB_COMP, COMP_F_COMP_CTX_NEW, 0), "COMP_CTX_new"},
     {0, NULL}
 };
 
-static ERR_STRING_DATA COMP_str_reasons[] = {
-    {ERR_REASON(COMP_R_ZLIB_DEFLATE_ERROR), "zlib deflate error"},
-    {ERR_REASON(COMP_R_ZLIB_INFLATE_ERROR), "zlib inflate error"},
-    {ERR_REASON(COMP_R_ZLIB_NOT_SUPPORTED), "zlib not supported"},
+static const ERR_STRING_DATA COMP_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_COMP, 0, COMP_R_ZLIB_DEFLATE_ERROR),
+    "zlib deflate error"},
+    {ERR_PACK(ERR_LIB_COMP, 0, COMP_R_ZLIB_INFLATE_ERROR),
+    "zlib inflate error"},
+    {ERR_PACK(ERR_LIB_COMP, 0, COMP_R_ZLIB_NOT_SUPPORTED),
+    "zlib not supported"},
     {0, NULL}
 };
 
 #endif
 
-void ERR_load_COMP_strings(void)
+int ERR_load_COMP_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
-
     if (ERR_func_error_string(COMP_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, COMP_str_functs);
-        ERR_load_strings(0, COMP_str_reasons);
+        ERR_load_strings_const(COMP_str_functs);
+        ERR_load_strings_const(COMP_str_reasons);
     }
 #endif
+    return 1;
 }
diff --git a/freebsd/crypto/openssl/crypto/comp/comp_lcl.h b/freebsd/crypto/openssl/crypto/comp/comp_lcl.h
new file mode 100644
index 00000000..aa45fca2
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/comp/comp_lcl.h
@@ -0,0 +1,30 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+struct comp_method_st {
+    int type;                   /* NID for compression library */
+    const char *name;           /* A text string to identify the library */
+    int (*init) (COMP_CTX *ctx);
+    void (*finish) (COMP_CTX *ctx);
+    int (*compress) (COMP_CTX *ctx,
+                     unsigned char *out, unsigned int olen,
+                     unsigned char *in, unsigned int ilen);
+    int (*expand) (COMP_CTX *ctx,
+                   unsigned char *out, unsigned int olen,
+                   unsigned char *in, unsigned int ilen);
+};
+
+struct comp_ctx_st {
+    struct comp_method_st *meth;
+    unsigned long compress_in;
+    unsigned long compress_out;
+    unsigned long expand_in;
+    unsigned long expand_out;
+    void* data;
+};
diff --git a/freebsd/crypto/openssl/crypto/comp/comp_lib.c b/freebsd/crypto/openssl/crypto/comp/comp_lib.c
index 1efd90a3..2b9cebc7 100644
--- a/freebsd/crypto/openssl/crypto/comp/comp_lib.c
+++ b/freebsd/crypto/openssl/crypto/comp/comp_lib.c
@@ -1,33 +1,57 @@
 #include <machine/rtems-bsd-user-space.h>
 
+/*
+ * Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <openssl/objects.h>
 #include <openssl/comp.h>
+#include <openssl/err.h>
+#include "comp_lcl.h"
 
 COMP_CTX *COMP_CTX_new(COMP_METHOD *meth)
 {
     COMP_CTX *ret;
 
-    if ((ret = (COMP_CTX *)OPENSSL_malloc(sizeof(COMP_CTX))) == NULL) {
-        /* ZZZZZZZZZZZZZZZZ */
-        return (NULL);
+    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) {
+        COMPerr(COMP_F_COMP_CTX_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
     }
-    memset(ret, 0, sizeof(COMP_CTX));
     ret->meth = meth;
     if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
         OPENSSL_free(ret);
         ret = NULL;
     }
-    return (ret);
+    return ret;
+}
+
+const COMP_METHOD *COMP_CTX_get_method(const COMP_CTX *ctx)
+{
+    return ctx->meth;
+}
+
+int COMP_get_type(const COMP_METHOD *meth)
+{
+    return meth->type;
+}
+
+const char *COMP_get_name(const COMP_METHOD *meth)
+{
+    return meth->name;
 }
 
 void COMP_CTX_free(COMP_CTX *ctx)
 {
     if (ctx == NULL)
         return;
-
     if (ctx->meth->finish != NULL)
         ctx->meth->finish(ctx);
 
@@ -39,15 +63,14 @@ int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen,
 {
     int ret;
     if (ctx->meth->compress == NULL) {
-        /* ZZZZZZZZZZZZZZZZZ */
-        return (-1);
+        return -1;
     }
     ret = ctx->meth->compress(ctx, out, olen, in, ilen);
     if (ret > 0) {
         ctx->compress_in += ilen;
         ctx->compress_out += ret;
     }
-    return (ret);
+    return ret;
 }
 
 int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
@@ -56,13 +79,17 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
     int ret;
 
     if (ctx->meth->expand == NULL) {
-        /* ZZZZZZZZZZZZZZZZZ */
-        return (-1);
+        return -1;
     }
     ret = ctx->meth->expand(ctx, out, olen, in, ilen);
     if (ret > 0) {
         ctx->expand_in += ilen;
         ctx->expand_out += ret;
     }
-    return (ret);
+    return ret;
+}
+
+int COMP_CTX_get_type(const COMP_CTX* comp)
+{
+    return comp->meth ? comp->meth->type : NID_undef;
 }
diff --git a/freebsd/crypto/openssl/crypto/conf/conf.h b/freebsd/crypto/openssl/crypto/conf/conf.h
deleted file mode 100644
index fe491130..00000000
--- a/freebsd/crypto/openssl/crypto/conf/conf.h
+++ /dev/null
@@ -1,268 +0,0 @@
-/* crypto/conf/conf.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef  HEADER_CONF_H
-# define HEADER_CONF_H
-
-# include <openssl/bio.h>
-# include <openssl/lhash.h>
-# include <openssl/stack.h>
-# include <openssl/safestack.h>
-# include <openssl/e_os2.h>
-
-# include <openssl/ossl_typ.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-typedef struct {
-    char *section;
-    char *name;
-    char *value;
-} CONF_VALUE;
-
-DECLARE_STACK_OF(CONF_VALUE)
-DECLARE_LHASH_OF(CONF_VALUE);
-
-struct conf_st;
-struct conf_method_st;
-typedef struct conf_method_st CONF_METHOD;
-
-struct conf_method_st {
-    const char *name;
-    CONF *(*create) (CONF_METHOD *meth);
-    int (*init) (CONF *conf);
-    int (*destroy) (CONF *conf);
-    int (*destroy_data) (CONF *conf);
-    int (*load_bio) (CONF *conf, BIO *bp, long *eline);
-    int (*dump) (const CONF *conf, BIO *bp);
-    int (*is_number) (const CONF *conf, char c);
-    int (*to_int) (const CONF *conf, char c);
-    int (*load) (CONF *conf, const char *name, long *eline);
-};
-
-/* Module definitions */
-
-typedef struct conf_imodule_st CONF_IMODULE;
-typedef struct conf_module_st CONF_MODULE;
-
-DECLARE_STACK_OF(CONF_MODULE)
-DECLARE_STACK_OF(CONF_IMODULE)
-
-/* DSO module function typedefs */
-typedef int conf_init_func (CONF_IMODULE *md, const CONF *cnf);
-typedef void conf_finish_func (CONF_IMODULE *md);
-
-# define CONF_MFLAGS_IGNORE_ERRORS       0x1
-# define CONF_MFLAGS_IGNORE_RETURN_CODES 0x2
-# define CONF_MFLAGS_SILENT              0x4
-# define CONF_MFLAGS_NO_DSO              0x8
-# define CONF_MFLAGS_IGNORE_MISSING_FILE 0x10
-# define CONF_MFLAGS_DEFAULT_SECTION     0x20
-
-int CONF_set_default_method(CONF_METHOD *meth);
-void CONF_set_nconf(CONF *conf, LHASH_OF(CONF_VALUE) *hash);
-LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file,
-                                long *eline);
-# ifndef OPENSSL_NO_FP_API
-LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp,
-                                   long *eline);
-# endif
-LHASH_OF(CONF_VALUE) *CONF_load_bio(LHASH_OF(CONF_VALUE) *conf, BIO *bp,
-                                    long *eline);
-STACK_OF(CONF_VALUE) *CONF_get_section(LHASH_OF(CONF_VALUE) *conf,
-                                       const char *section);
-char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf, const char *group,
-                      const char *name);
-long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group,
-                     const char *name);
-void CONF_free(LHASH_OF(CONF_VALUE) *conf);
-int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out);
-int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out);
-
-void OPENSSL_config(const char *config_name);
-void OPENSSL_no_config(void);
-
-/*
- * New conf code.  The semantics are different from the functions above. If
- * that wasn't the case, the above functions would have been replaced
- */
-
-struct conf_st {
-    CONF_METHOD *meth;
-    void *meth_data;
-    LHASH_OF(CONF_VALUE) *data;
-};
-
-CONF *NCONF_new(CONF_METHOD *meth);
-CONF_METHOD *NCONF_default(void);
-CONF_METHOD *NCONF_WIN32(void);
-# if 0                          /* Just to give you an idea of what I have in
-                                 * mind */
-CONF_METHOD *NCONF_XML(void);
-# endif
-void NCONF_free(CONF *conf);
-void NCONF_free_data(CONF *conf);
-
-int NCONF_load(CONF *conf, const char *file, long *eline);
-# ifndef OPENSSL_NO_FP_API
-int NCONF_load_fp(CONF *conf, FILE *fp, long *eline);
-# endif
-int NCONF_load_bio(CONF *conf, BIO *bp, long *eline);
-STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,
-                                        const char *section);
-char *NCONF_get_string(const CONF *conf, const char *group, const char *name);
-int NCONF_get_number_e(const CONF *conf, const char *group, const char *name,
-                       long *result);
-int NCONF_dump_fp(const CONF *conf, FILE *out);
-int NCONF_dump_bio(const CONF *conf, BIO *out);
-
-# if 0                          /* The following function has no error
-                                 * checking, and should therefore be avoided */
-long NCONF_get_number(CONF *conf, char *group, char *name);
-# else
-#  define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r)
-# endif
-
-/* Module functions */
-
-int CONF_modules_load(const CONF *cnf, const char *appname,
-                      unsigned long flags);
-int CONF_modules_load_file(const char *filename, const char *appname,
-                           unsigned long flags);
-void CONF_modules_unload(int all);
-void CONF_modules_finish(void);
-void CONF_modules_free(void);
-int CONF_module_add(const char *name, conf_init_func *ifunc,
-                    conf_finish_func *ffunc);
-
-const char *CONF_imodule_get_name(const CONF_IMODULE *md);
-const char *CONF_imodule_get_value(const CONF_IMODULE *md);
-void *CONF_imodule_get_usr_data(const CONF_IMODULE *md);
-void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data);
-CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md);
-unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md);
-void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags);
-void *CONF_module_get_usr_data(CONF_MODULE *pmod);
-void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data);
-
-char *CONF_get1_default_config_file(void);
-
-int CONF_parse_list(const char *list, int sep, int nospc,
-                    int (*list_cb) (const char *elem, int len, void *usr),
-                    void *arg);
-
-void OPENSSL_load_builtin_modules(void);
-
-/* BEGIN ERROR CODES */
-/*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_CONF_strings(void);
-
-/* Error codes for the CONF functions. */
-
-/* Function codes. */
-# define CONF_F_CONF_DUMP_FP                              104
-# define CONF_F_CONF_LOAD                                 100
-# define CONF_F_CONF_LOAD_BIO                             102
-# define CONF_F_CONF_LOAD_FP                              103
-# define CONF_F_CONF_MODULES_LOAD                         116
-# define CONF_F_CONF_PARSE_LIST                           119
-# define CONF_F_DEF_LOAD                                  120
-# define CONF_F_DEF_LOAD_BIO                              121
-# define CONF_F_MODULE_INIT                               115
-# define CONF_F_MODULE_LOAD_DSO                           117
-# define CONF_F_MODULE_RUN                                118
-# define CONF_F_NCONF_DUMP_BIO                            105
-# define CONF_F_NCONF_DUMP_FP                             106
-# define CONF_F_NCONF_GET_NUMBER                          107
-# define CONF_F_NCONF_GET_NUMBER_E                        112
-# define CONF_F_NCONF_GET_SECTION                         108
-# define CONF_F_NCONF_GET_STRING                          109
-# define CONF_F_NCONF_LOAD                                113
-# define CONF_F_NCONF_LOAD_BIO                            110
-# define CONF_F_NCONF_LOAD_FP                             114
-# define CONF_F_NCONF_NEW                                 111
-# define CONF_F_STR_COPY                                  101
-
-/* Reason codes. */
-# define CONF_R_ERROR_LOADING_DSO                         110
-# define CONF_R_LIST_CANNOT_BE_NULL                       115
-# define CONF_R_MISSING_CLOSE_SQUARE_BRACKET              100
-# define CONF_R_MISSING_EQUAL_SIGN                        101
-# define CONF_R_MISSING_FINISH_FUNCTION                   111
-# define CONF_R_MISSING_INIT_FUNCTION                     112
-# define CONF_R_MODULE_INITIALIZATION_ERROR               109
-# define CONF_R_NO_CLOSE_BRACE                            102
-# define CONF_R_NO_CONF                                   105
-# define CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE           106
-# define CONF_R_NO_SECTION                                107
-# define CONF_R_NO_SUCH_FILE                              114
-# define CONF_R_NO_VALUE                                  108
-# define CONF_R_UNABLE_TO_CREATE_NEW_SECTION              103
-# define CONF_R_UNKNOWN_MODULE_NAME                       113
-# define CONF_R_VARIABLE_EXPANSION_TOO_LONG               116
-# define CONF_R_VARIABLE_HAS_NO_VALUE                     104
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/freebsd/crypto/openssl/crypto/conf/conf_api.c b/freebsd/crypto/openssl/crypto/conf/conf_api.c
index e55c2d54..ccb6a2d2 100644
--- a/freebsd/crypto/openssl/crypto/conf/conf_api.c
+++ b/freebsd/crypto/openssl/crypto/conf/conf_api.c
@@ -1,83 +1,24 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* conf_api.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 /* Part of the code in here was originally in conf.c, which is now removed */
 
-#ifndef CONF_DEBUG
-# undef NDEBUG                  /* avoid conflicting definitions */
-# define NDEBUG
-#endif
-
-#include <assert.h>
+#include "e_os.h"
 #include <stdlib.h>
 #include <string.h>
 #include <openssl/conf.h>
 #include <openssl/conf_api.h>
-#include "e_os.h"
 
-static void value_free_hash_doall_arg(CONF_VALUE *a,
-                                      LHASH_OF(CONF_VALUE) *conf);
+static void value_free_hash(const CONF_VALUE *a, LHASH_OF(CONF_VALUE) *conf);
 static void value_free_stack_doall(CONF_VALUE *a);
-static IMPLEMENT_LHASH_DOALL_ARG_FN(value_free_hash, CONF_VALUE,
-                                    LHASH_OF(CONF_VALUE))
-static IMPLEMENT_LHASH_DOALL_FN(value_free_stack, CONF_VALUE)
 
 /* Up until OpenSSL 0.9.5a, this was get_section */
 CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section)
@@ -85,11 +26,11 @@ CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section)
     CONF_VALUE *v, vv;
 
     if ((conf == NULL) || (section == NULL))
-        return (NULL);
+        return NULL;
     vv.name = NULL;
     vv.section = (char *)section;
     v = lh_CONF_VALUE_retrieve(conf->data, &vv);
-    return (v);
+    return v;
 }
 
 /* Up until OpenSSL 0.9.5a, this was CONF_get_section */
@@ -102,7 +43,7 @@ STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf,
     if (v != NULL)
         return ((STACK_OF(CONF_VALUE) *)v->value);
     else
-        return (NULL);
+        return NULL;
 }
 
 int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value)
@@ -134,60 +75,36 @@ char *_CONF_get_string(const CONF *conf, const char *section,
     char *p;
 
     if (name == NULL)
-        return (NULL);
+        return NULL;
     if (conf != NULL) {
         if (section != NULL) {
             vv.name = (char *)name;
             vv.section = (char *)section;
             v = lh_CONF_VALUE_retrieve(conf->data, &vv);
             if (v != NULL)
-                return (v->value);
+                return v->value;
             if (strcmp(section, "ENV") == 0) {
                 p = getenv(name);
                 if (p != NULL)
-                    return (p);
+                    return p;
             }
         }
         vv.section = "default";
         vv.name = (char *)name;
         v = lh_CONF_VALUE_retrieve(conf->data, &vv);
         if (v != NULL)
-            return (v->value);
+            return v->value;
         else
-            return (NULL);
+            return NULL;
     } else
-        return (getenv(name));
-}
-
-#if 0                           /* There's no way to provide error checking
-                                 * with this function, so force implementors
-                                 * of the higher levels to get a string and
-                                 * read the number themselves. */
-long _CONF_get_number(CONF *conf, char *section, char *name)
-{
-    char *str;
-    long ret = 0;
-
-    str = _CONF_get_string(conf, section, name);
-    if (str == NULL)
-        return (0);
-    for (;;) {
-        if (conf->meth->is_number(conf, *str))
-            ret = ret * 10 + conf->meth->to_int(conf, *str);
-        else
-            return (ret);
-        str++;
-    }
+        return getenv(name);
 }
-#endif
 
 static unsigned long conf_value_hash(const CONF_VALUE *v)
 {
-    return (lh_strhash(v->section) << 2) ^ lh_strhash(v->name);
+    return (OPENSSL_LH_strhash(v->section) << 2) ^ OPENSSL_LH_strhash(v->name);
 }
 
-static IMPLEMENT_LHASH_HASH_FN(conf_value, CONF_VALUE)
-
 static int conf_value_cmp(const CONF_VALUE *a, const CONF_VALUE *b)
 {
     int i;
@@ -195,55 +112,54 @@ static int conf_value_cmp(const CONF_VALUE *a, const CONF_VALUE *b)
     if (a->section != b->section) {
         i = strcmp(a->section, b->section);
         if (i)
-            return (i);
+            return i;
     }
 
     if ((a->name != NULL) && (b->name != NULL)) {
         i = strcmp(a->name, b->name);
-        return (i);
+        return i;
     } else if (a->name == b->name)
-        return (0);
+        return 0;
     else
         return ((a->name == NULL) ? -1 : 1);
 }
 
-static IMPLEMENT_LHASH_COMP_FN(conf_value, CONF_VALUE)
-
 int _CONF_new_data(CONF *conf)
 {
     if (conf == NULL) {
         return 0;
     }
-    if (conf->data == NULL)
-        if ((conf->data = lh_CONF_VALUE_new()) == NULL) {
+    if (conf->data == NULL) {
+        conf->data = lh_CONF_VALUE_new(conf_value_hash, conf_value_cmp);
+        if (conf->data == NULL)
             return 0;
-        }
+    }
     return 1;
 }
 
+typedef LHASH_OF(CONF_VALUE) LH_CONF_VALUE;
+
+IMPLEMENT_LHASH_DOALL_ARG_CONST(CONF_VALUE, LH_CONF_VALUE);
+
 void _CONF_free_data(CONF *conf)
 {
     if (conf == NULL || conf->data == NULL)
         return;
 
-    lh_CONF_VALUE_down_load(conf->data) = 0; /* evil thing to make * sure the
-                                              * 'OPENSSL_free()' works as *
-                                              * expected */
-    lh_CONF_VALUE_doall_arg(conf->data,
-                            LHASH_DOALL_ARG_FN(value_free_hash),
-                            LHASH_OF(CONF_VALUE), conf->data);
+    /* evil thing to make sure the 'OPENSSL_free()' works as expected */
+    lh_CONF_VALUE_set_down_load(conf->data, 0);
+    lh_CONF_VALUE_doall_LH_CONF_VALUE(conf->data, value_free_hash, conf->data);
 
     /*
      * We now have only 'section' entries in the hash table. Due to problems
      * with
      */
 
-    lh_CONF_VALUE_doall(conf->data, LHASH_DOALL_FN(value_free_stack));
+    lh_CONF_VALUE_doall(conf->data, value_free_stack_doall);
     lh_CONF_VALUE_free(conf->data);
 }
 
-static void value_free_hash_doall_arg(CONF_VALUE *a,
-                                      LHASH_OF(CONF_VALUE) *conf)
+static void value_free_hash(const CONF_VALUE *a, LHASH_OF(CONF_VALUE) *conf)
 {
     if (a->name != NULL)
         (void)lh_CONF_VALUE_delete(conf, a);
@@ -265,8 +181,7 @@ static void value_free_stack_doall(CONF_VALUE *a)
         OPENSSL_free(vv->name);
         OPENSSL_free(vv);
     }
-    if (sk != NULL)
-        sk_CONF_VALUE_free(sk);
+    sk_CONF_VALUE_free(sk);
     OPENSSL_free(a->section);
     OPENSSL_free(a);
 }
@@ -275,12 +190,12 @@ static void value_free_stack_doall(CONF_VALUE *a)
 CONF_VALUE *_CONF_new_section(CONF *conf, const char *section)
 {
     STACK_OF(CONF_VALUE) *sk = NULL;
-    int ok = 0, i;
+    int i;
     CONF_VALUE *v = NULL, *vv;
 
     if ((sk = sk_CONF_VALUE_new_null()) == NULL)
         goto err;
-    if ((v = OPENSSL_malloc(sizeof(CONF_VALUE))) == NULL)
+    if ((v = OPENSSL_malloc(sizeof(*v))) == NULL)
         goto err;
     i = strlen(section) + 1;
     if ((v->section = OPENSSL_malloc(i)) == NULL)
@@ -291,19 +206,14 @@ CONF_VALUE *_CONF_new_section(CONF *conf, const char *section)
     v->value = (char *)sk;
 
     vv = lh_CONF_VALUE_insert(conf->data, v);
-    OPENSSL_assert(vv == NULL);
-    if (lh_CONF_VALUE_error(conf->data) > 0)
+    if (vv != NULL || lh_CONF_VALUE_error(conf->data) > 0)
         goto err;
-    ok = 1;
+    return v;
+
  err:
-    if (!ok) {
-        if (sk != NULL)
-            sk_CONF_VALUE_free(sk);
-        if (v != NULL)
-            OPENSSL_free(v);
-        v = NULL;
-    }
-    return (v);
+    sk_CONF_VALUE_free(sk);
+    if (v != NULL)
+        OPENSSL_free(v->section);
+    OPENSSL_free(v);
+    return NULL;
 }
-
-IMPLEMENT_STACK_OF(CONF_VALUE)
diff --git a/freebsd/crypto/openssl/crypto/conf/conf_api.h b/freebsd/crypto/openssl/crypto/conf/conf_api.h
deleted file mode 100644
index e478f7df..00000000
--- a/freebsd/crypto/openssl/crypto/conf/conf_api.h
+++ /dev/null
@@ -1,89 +0,0 @@
-/* conf_api.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef  HEADER_CONF_API_H
-# define HEADER_CONF_API_H
-
-# include <openssl/lhash.h>
-# include <openssl/conf.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* Up until OpenSSL 0.9.5a, this was new_section */
-CONF_VALUE *_CONF_new_section(CONF *conf, const char *section);
-/* Up until OpenSSL 0.9.5a, this was get_section */
-CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section);
-/* Up until OpenSSL 0.9.5a, this was CONF_get_section */
-STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf,
-                                               const char *section);
-
-int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value);
-char *_CONF_get_string(const CONF *conf, const char *section,
-                       const char *name);
-long _CONF_get_number(const CONF *conf, const char *section,
-                      const char *name);
-
-int _CONF_new_data(CONF *conf);
-void _CONF_free_data(CONF *conf);
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/freebsd/crypto/openssl/crypto/conf/conf_def.c b/freebsd/crypto/openssl/crypto/conf/conf_def.c
index 8043b7c3..03bf9301 100644
--- a/freebsd/crypto/openssl/crypto/conf/conf_def.c
+++ b/freebsd/crypto/openssl/crypto/conf/conf_def.c
@@ -1,75 +1,37 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/conf/conf.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 /* Part of the code in here was originally in conf.c, which is now removed */
 
 #include <stdio.h>
 #include <string.h>
-#include "cryptlib.h"
-#include <openssl/stack.h>
+#include "internal/cryptlib.h"
+#include "internal/o_dir.h"
 #include <openssl/lhash.h>
 #include <openssl/conf.h>
 #include <openssl/conf_api.h>
 #include "conf_def.h"
 #include <openssl/buffer.h>
 #include <openssl/err.h>
+#ifndef OPENSSL_NO_POSIX_IO
+# include <sys/stat.h>
+# ifdef _WIN32
+#  define stat    _stat
+#  define strcasecmp _stricmp
+# endif
+#endif
+
+#ifndef S_ISDIR
+# define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
+#endif
 
 /*
  * The maximum length we can grow a value to after variable expansion. 64k
@@ -77,13 +39,20 @@
  */
 #define MAX_CONF_VALUE_LENGTH       65536
 
+static int is_keytype(const CONF *conf, char c, unsigned short type);
 static char *eat_ws(CONF *conf, char *p);
+static void trim_ws(CONF *conf, char *start);
 static char *eat_alpha_numeric(CONF *conf, char *p);
 static void clear_comments(CONF *conf, char *p);
 static int str_copy(CONF *conf, char *section, char **to, char *from);
 static char *scan_quote(CONF *conf, char *p);
 static char *scan_dquote(CONF *conf, char *p);
 #define scan_esc(conf,p)        (((IS_EOF((conf),(p)[1]))?((p)+1):((p)+2)))
+#ifndef OPENSSL_NO_POSIX_IO
+static BIO *process_include(char *include, OPENSSL_DIR_CTX **dirctx,
+                            char **dirpath);
+static BIO *get_next_file(const char *path, OPENSSL_DIR_CTX **dirctx);
+#endif
 
 static CONF *def_create(CONF_METHOD *meth);
 static int def_init_default(CONF *conf);
@@ -96,8 +65,6 @@ static int def_dump(const CONF *conf, BIO *bp);
 static int def_is_number(const CONF *conf, char c);
 static int def_to_int(const CONF *conf, char c);
 
-const char CONF_def_version[] = "CONF_def" OPENSSL_VERSION_PTEXT;
-
 static CONF_METHOD default_method = {
     "OpenSSL default",
     def_create,
@@ -124,12 +91,12 @@ static CONF_METHOD WIN32_method = {
     def_load
 };
 
-CONF_METHOD *NCONF_default()
+CONF_METHOD *NCONF_default(void)
 {
     return &default_method;
 }
 
-CONF_METHOD *NCONF_WIN32()
+CONF_METHOD *NCONF_WIN32(void)
 {
     return &WIN32_method;
 }
@@ -138,8 +105,8 @@ static CONF *def_create(CONF_METHOD *meth)
 {
     CONF *ret;
 
-    ret = OPENSSL_malloc(sizeof(CONF) + sizeof(unsigned short *));
-    if (ret)
+    ret = OPENSSL_malloc(sizeof(*ret));
+    if (ret != NULL)
         if (meth->init(ret) == 0) {
             OPENSSL_free(ret);
             ret = NULL;
@@ -153,7 +120,7 @@ static int def_init_default(CONF *conf)
         return 0;
 
     conf->meth = &default_method;
-    conf->meth_data = CONF_type_default;
+    conf->meth_data = (void *)CONF_type_default;
     conf->data = NULL;
 
     return 1;
@@ -227,13 +194,18 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
     char *section = NULL, *buf;
     char *start, *psection, *pname;
     void *h = (void *)(conf->data);
+    STACK_OF(BIO) *biosk = NULL;
+#ifndef OPENSSL_NO_POSIX_IO
+    char *dirpath = NULL;
+    OPENSSL_DIR_CTX *dirctx = NULL;
+#endif
 
     if ((buff = BUF_MEM_new()) == NULL) {
         CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_BUF_LIB);
         goto err;
     }
 
-    section = BUF_strdup("default");
+    section = OPENSSL_strdup("default");
     if (section == NULL) {
         CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
         goto err;
@@ -259,11 +231,39 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
         }
         p = &(buff->data[bufnum]);
         *p = '\0';
+ read_retry:
         BIO_gets(in, p, CONFBUFSIZE - 1);
         p[CONFBUFSIZE - 1] = '\0';
         ii = i = strlen(p);
-        if (i == 0 && !again)
-            break;
+        if (i == 0 && !again) {
+            /* the currently processed BIO is at EOF */
+            BIO *parent;
+
+#ifndef OPENSSL_NO_POSIX_IO
+            /* continue processing with the next file from directory */
+            if (dirctx != NULL) {
+                BIO *next;
+
+                if ((next = get_next_file(dirpath, &dirctx)) != NULL) {
+                    BIO_vfree(in);
+                    in = next;
+                    goto read_retry;
+                } else {
+                    OPENSSL_free(dirpath);
+                    dirpath = NULL;
+                }
+            }
+#endif
+            /* no more files in directory, continue with processing parent */
+            if ((parent = sk_BIO_pop(biosk)) == NULL) {
+                /* everything processed get out of the loop */
+                break;
+            } else {
+                BIO_vfree(in);
+                in = parent;
+                goto read_retry;
+            }
+        }
         again = 0;
         while (i > 0) {
             if ((p[i - 1] != '\r') && (p[i - 1] != '\n'))
@@ -339,7 +339,6 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
             continue;
         } else {
             pname = s;
-            psection = NULL;
             end = eat_alpha_numeric(conf, s);
             if ((end[0] == ':') && (end[1] == ':')) {
                 *end = '\0';
@@ -347,36 +346,63 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
                 psection = pname;
                 pname = end;
                 end = eat_alpha_numeric(conf, end);
+            } else {
+                psection = section;
             }
             p = eat_ws(conf, end);
-            if (*p != '=') {
+            if (strncmp(pname, ".include", 8) == 0 && p != pname + 8) {
+                char *include = NULL;
+                BIO *next;
+
+                trim_ws(conf, p);
+                if (!str_copy(conf, psection, &include, p))
+                    goto err;
+                /* get the BIO of the included file */
+#ifndef OPENSSL_NO_POSIX_IO
+                next = process_include(include, &dirctx, &dirpath);
+                if (include != dirpath) {
+                    /* dirpath will contain include in case of a directory */
+                    OPENSSL_free(include);
+                }
+#else
+                next = BIO_new_file(include, "r");
+                OPENSSL_free(include);
+#endif
+                if (next != NULL) {
+                    /* push the currently processing BIO onto stack */
+                    if (biosk == NULL) {
+                        if ((biosk = sk_BIO_new_null()) == NULL) {
+                            CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
+                            goto err;
+                        }
+                    }
+                    if (!sk_BIO_push(biosk, in)) {
+                        CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
+                        goto err;
+                    }
+                    /* continue with reading from the included BIO */
+                    in = next;
+                }
+                continue;
+            } else if (*p != '=') {
                 CONFerr(CONF_F_DEF_LOAD_BIO, CONF_R_MISSING_EQUAL_SIGN);
                 goto err;
             }
             *end = '\0';
             p++;
             start = eat_ws(conf, p);
-            while (!IS_EOF(conf, *p))
-                p++;
-            p--;
-            while ((p != start) && (IS_WS(conf, *p)))
-                p--;
-            p++;
-            *p = '\0';
+            trim_ws(conf, start);
 
-            if (!(v = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE)))) {
+            if ((v = OPENSSL_malloc(sizeof(*v))) == NULL) {
                 CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
                 goto err;
             }
-            if (psection == NULL)
-                psection = section;
-            v->name = (char *)OPENSSL_malloc(strlen(pname) + 1);
+            v->name = OPENSSL_strdup(pname);
             v->value = NULL;
             if (v->name == NULL) {
                 CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
                 goto err;
             }
-            BUF_strlcpy(v->name, pname, strlen(pname) + 1);
             if (!str_copy(conf, psection, &(v->value), start))
                 goto err;
 
@@ -391,55 +417,54 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
                 }
             } else
                 tv = sv;
-#if 1
             if (_CONF_add_string(conf, tv, v) == 0) {
                 CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
                 goto err;
             }
-#else
-            v->section = tv->section;
-            if (!sk_CONF_VALUE_push(ts, v)) {
-                CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
-                goto err;
-            }
-            vv = (CONF_VALUE *)lh_insert(conf->data, v);
-            if (vv != NULL) {
-                sk_CONF_VALUE_delete_ptr(ts, vv);
-                OPENSSL_free(vv->name);
-                OPENSSL_free(vv->value);
-                OPENSSL_free(vv);
-            }
-#endif
             v = NULL;
         }
     }
-    if (buff != NULL)
-        BUF_MEM_free(buff);
-    if (section != NULL)
-        OPENSSL_free(section);
-    return (1);
+    BUF_MEM_free(buff);
+    OPENSSL_free(section);
+    /*
+     * No need to pop, since we only get here if the stack is empty.
+     * If this causes a BIO leak, THE ISSUE IS SOMEWHERE ELSE!
+     */
+    sk_BIO_free(biosk);
+    return 1;
  err:
-    if (buff != NULL)
-        BUF_MEM_free(buff);
-    if (section != NULL)
-        OPENSSL_free(section);
+    BUF_MEM_free(buff);
+    OPENSSL_free(section);
+    /*
+     * Since |in| is the first element of the stack and should NOT be freed
+     * here, we cannot use sk_BIO_pop_free().  Instead, we pop and free one
+     * BIO at a time, making sure that the last one popped isn't.
+     */
+    while (sk_BIO_num(biosk) > 0) {
+        BIO *popped = sk_BIO_pop(biosk);
+        BIO_vfree(in);
+        in = popped;
+    }
+    sk_BIO_free(biosk);
+#ifndef OPENSSL_NO_POSIX_IO
+    OPENSSL_free(dirpath);
+    if (dirctx != NULL)
+        OPENSSL_DIR_end(&dirctx);
+#endif
     if (line != NULL)
         *line = eline;
     BIO_snprintf(btmp, sizeof(btmp), "%ld", eline);
     ERR_add_error_data(2, "line ", btmp);
-    if ((h != conf->data) && (conf->data != NULL)) {
+    if (h != conf->data) {
         CONF_free(conf->data);
         conf->data = NULL;
     }
     if (v != NULL) {
-        if (v->name != NULL)
-            OPENSSL_free(v->name);
-        if (v->value != NULL)
-            OPENSSL_free(v->value);
-        if (v != NULL)
-            OPENSSL_free(v);
+        OPENSSL_free(v->name);
+        OPENSSL_free(v->value);
+        OPENSSL_free(v);
     }
-    return (0);
+    return 0;
 }
 
 static void clear_comments(CONF *conf, char *p)
@@ -486,7 +511,7 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from)
     BUF_MEM *buf;
 
     if ((buf = BUF_MEM_new()) == NULL)
-        return (0);
+        return 0;
 
     len = strlen(from) + 1;
     if (!BUF_MEM_grow(buf, len))
@@ -554,7 +579,7 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from)
                 s++;
             cp = section;
             e = np = s;
-            while (IS_ALPHA_NUMERIC(conf, *e))
+            while (IS_ALNUM(conf, *e))
                 e++;
             if ((e[0] == ':') && (e[1] == ':')) {
                 cp = np;
@@ -563,7 +588,7 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from)
                 *rrp = '\0';
                 e += 2;
                 np = e;
-                while (IS_ALPHA_NUMERIC(conf, *e))
+                while (IS_ALNUM(conf, *e))
                     e++;
             }
             r = *e;
@@ -623,22 +648,153 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from)
             buf->data[to++] = *(from++);
     }
     buf->data[to] = '\0';
-    if (*pto != NULL)
-        OPENSSL_free(*pto);
+    OPENSSL_free(*pto);
     *pto = buf->data;
     OPENSSL_free(buf);
-    return (1);
+    return 1;
  err:
-    if (buf != NULL)
-        BUF_MEM_free(buf);
-    return (0);
+    BUF_MEM_free(buf);
+    return 0;
+}
+
+#ifndef OPENSSL_NO_POSIX_IO
+/*
+ * Check whether included path is a directory.
+ * Returns next BIO to process and in case of a directory
+ * also an opened directory context and the include path.
+ */
+static BIO *process_include(char *include, OPENSSL_DIR_CTX **dirctx,
+                            char **dirpath)
+{
+    struct stat st = { 0 };
+    BIO *next;
+
+    if (stat(include, &st) < 0) {
+        SYSerr(SYS_F_STAT, errno);
+        ERR_add_error_data(1, include);
+        /* missing include file is not fatal error */
+        return NULL;
+    }
+
+    if (S_ISDIR(st.st_mode)) {
+        if (*dirctx != NULL) {
+            CONFerr(CONF_F_PROCESS_INCLUDE,
+                    CONF_R_RECURSIVE_DIRECTORY_INCLUDE);
+            ERR_add_error_data(1, include);
+            return NULL;
+        }
+        /* a directory, load its contents */
+        if ((next = get_next_file(include, dirctx)) != NULL)
+            *dirpath = include;
+        return next;
+    }
+
+    next = BIO_new_file(include, "r");
+    return next;
+}
+
+/*
+ * Get next file from the directory path.
+ * Returns BIO of the next file to read and updates dirctx.
+ */
+static BIO *get_next_file(const char *path, OPENSSL_DIR_CTX **dirctx)
+{
+    const char *filename;
+
+    while ((filename = OPENSSL_DIR_read(dirctx, path)) != NULL) {
+        size_t namelen;
+
+        namelen = strlen(filename);
+
+
+        if ((namelen > 5 && strcasecmp(filename + namelen - 5, ".conf") == 0)
+            || (namelen > 4 && strcasecmp(filename + namelen - 4, ".cnf") == 0)) {
+            size_t newlen;
+            char *newpath;
+            BIO *bio;
+
+            newlen = strlen(path) + namelen + 2;
+            newpath = OPENSSL_zalloc(newlen);
+            if (newpath == NULL) {
+                CONFerr(CONF_F_GET_NEXT_FILE, ERR_R_MALLOC_FAILURE);
+                break;
+            }
+#ifdef OPENSSL_SYS_VMS
+            /*
+             * If the given path isn't clear VMS syntax,
+             * we treat it as on Unix.
+             */
+            {
+                size_t pathlen = strlen(path);
+
+                if (path[pathlen - 1] == ']' || path[pathlen - 1] == '>'
+                    || path[pathlen - 1] == ':') {
+                    /* Clear VMS directory syntax, just copy as is */
+                    OPENSSL_strlcpy(newpath, path, newlen);
+                }
+            }
+#endif
+            if (newpath[0] == '\0') {
+                OPENSSL_strlcpy(newpath, path, newlen);
+                OPENSSL_strlcat(newpath, "/", newlen);
+            }
+            OPENSSL_strlcat(newpath, filename, newlen);
+
+            bio = BIO_new_file(newpath, "r");
+            OPENSSL_free(newpath);
+            /* Errors when opening files are non-fatal. */
+            if (bio != NULL)
+                return bio;
+        }
+    }
+    OPENSSL_DIR_end(dirctx);
+    *dirctx = NULL;
+    return NULL;
+}
+#endif
+
+static int is_keytype(const CONF *conf, char c, unsigned short type)
+{
+    const unsigned short * keytypes = (const unsigned short *) conf->meth_data;
+    unsigned char key = (unsigned char)c;
+
+#ifdef CHARSET_EBCDIC
+# if CHAR_BIT > 8
+    if (key > 255) {
+        /* key is out of range for os_toascii table */
+        return 0;
+    }
+# endif
+    /* convert key from ebcdic to ascii */
+    key = os_toascii[key];
+#endif
+
+    if (key > 127) {
+        /* key is not a seven bit ascii character */
+        return 0;
+    }
+
+    return (keytypes[key] & type) ? 1 : 0;
 }
 
 static char *eat_ws(CONF *conf, char *p)
 {
     while (IS_WS(conf, *p) && (!IS_EOF(conf, *p)))
         p++;
-    return (p);
+    return p;
+}
+
+static void trim_ws(CONF *conf, char *start)
+{
+    char *p = start;
+
+    while (!IS_EOF(conf, *p))
+        p++;
+    p--;
+    while ((p >= start) && IS_WS(conf, *p))
+        p--;
+    p++;
+    *p = '\0';
 }
 
 static char *eat_alpha_numeric(CONF *conf, char *p)
@@ -648,8 +804,8 @@ static char *eat_alpha_numeric(CONF *conf, char *p)
             p = scan_esc(conf, p);
             continue;
         }
-        if (!IS_ALPHA_NUMERIC_PUNCT(conf, *p))
-            return (p);
+        if (!IS_ALNUM_PUNCT(conf, *p))
+            return p;
         p++;
     }
 }
@@ -663,13 +819,13 @@ static char *scan_quote(CONF *conf, char *p)
         if (IS_ESC(conf, *p)) {
             p++;
             if (IS_EOF(conf, *p))
-                return (p);
+                return p;
         }
         p++;
     }
     if (*p == q)
         p++;
-    return (p);
+    return p;
 }
 
 static char *scan_dquote(CONF *conf, char *p)
@@ -689,10 +845,10 @@ static char *scan_dquote(CONF *conf, char *p)
     }
     if (*p == q)
         p++;
-    return (p);
+    return p;
 }
 
-static void dump_value_doall_arg(CONF_VALUE *a, BIO *out)
+static void dump_value_doall_arg(const CONF_VALUE *a, BIO *out)
 {
     if (a->name)
         BIO_printf(out, "[%s] %s=%s\n", a->section, a->name, a->value);
@@ -700,12 +856,11 @@ static void dump_value_doall_arg(CONF_VALUE *a, BIO *out)
         BIO_printf(out, "[[%s]]\n", a->section);
 }
 
-static IMPLEMENT_LHASH_DOALL_ARG_FN(dump_value, CONF_VALUE, BIO)
+IMPLEMENT_LHASH_DOALL_ARG_CONST(CONF_VALUE, BIO);
 
 static int def_dump(const CONF *conf, BIO *out)
 {
-    lh_CONF_VALUE_doall_arg(conf->data, LHASH_DOALL_ARG_FN(dump_value),
-                            BIO, out);
+    lh_CONF_VALUE_doall_BIO(conf->data, dump_value_doall_arg, out);
     return 1;
 }
 
diff --git a/freebsd/crypto/openssl/crypto/conf/conf_def.h b/freebsd/crypto/openssl/crypto/conf/conf_def.h
index 48b34421..73e88baa 100644
--- a/freebsd/crypto/openssl/crypto/conf/conf_def.h
+++ b/freebsd/crypto/openssl/crypto/conf/conf_def.h
@@ -1,116 +1,43 @@
-/* crypto/conf/conf_def.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
 /*
- * THIS FILE WAS AUTOMAGICALLY GENERATED! Please modify and use keysets.pl to
- * regenerate it.
+ * WARNING: do not edit!
+ * Generated by crypto/conf/keysets.pl
+ *
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#define CONF_NUMBER             1
-#define CONF_UPPER              2
-#define CONF_LOWER              4
-#define CONF_UNDER              256
-#define CONF_PUNCTUATION        512
-#define CONF_WS                 16
-#define CONF_ESC                32
-#define CONF_QUOTE              64
-#define CONF_DQUOTE             1024
-#define CONF_COMMENT            128
-#define CONF_FCOMMENT           2048
-#define CONF_EOF                8
-#define CONF_HIGHBIT            4096
-#define CONF_ALPHA              (CONF_UPPER|CONF_LOWER)
-#define CONF_ALPHA_NUMERIC      (CONF_ALPHA|CONF_NUMBER|CONF_UNDER)
-#define CONF_ALPHA_NUMERIC_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER| \
-                                        CONF_PUNCTUATION)
-
-#define KEYTYPES(c)             ((unsigned short *)((c)->meth_data))
-#ifndef CHARSET_EBCDIC
-# define IS_COMMENT(c,a)        (KEYTYPES(c)[(a)&0xff]&CONF_COMMENT)
-# define IS_FCOMMENT(c,a)       (KEYTYPES(c)[(a)&0xff]&CONF_FCOMMENT)
-# define IS_EOF(c,a)            (KEYTYPES(c)[(a)&0xff]&CONF_EOF)
-# define IS_ESC(c,a)            (KEYTYPES(c)[(a)&0xff]&CONF_ESC)
-# define IS_NUMBER(c,a)         (KEYTYPES(c)[(a)&0xff]&CONF_NUMBER)
-# define IS_WS(c,a)             (KEYTYPES(c)[(a)&0xff]&CONF_WS)
-# define IS_ALPHA_NUMERIC(c,a)  (KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC)
-# define IS_ALPHA_NUMERIC_PUNCT(c,a) \
-                                (KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC_PUNCT)
-# define IS_QUOTE(c,a)          (KEYTYPES(c)[(a)&0xff]&CONF_QUOTE)
-# define IS_DQUOTE(c,a)         (KEYTYPES(c)[(a)&0xff]&CONF_DQUOTE)
-# define IS_HIGHBIT(c,a)        (KEYTYPES(c)[(a)&0xff]&CONF_HIGHBIT)
+#define CONF_NUMBER       1
+#define CONF_UPPER        2
+#define CONF_LOWER        4
+#define CONF_UNDER        256
+#define CONF_PUNCT        512
+#define CONF_WS           16
+#define CONF_ESC          32
+#define CONF_QUOTE        64
+#define CONF_DQUOTE       1024
+#define CONF_COMMENT      128
+#define CONF_FCOMMENT     2048
+#define CONF_EOF          8
+#define CONF_ALPHA        (CONF_UPPER|CONF_LOWER)
+#define CONF_ALNUM        (CONF_ALPHA|CONF_NUMBER|CONF_UNDER)
+#define CONF_ALNUM_PUNCT  (CONF_ALPHA|CONF_NUMBER|CONF_UNDER|CONF_PUNCT)
 
-#else /*CHARSET_EBCDIC*/
 
-# define IS_COMMENT(c,a)        (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_COMMENT)
-# define IS_FCOMMENT(c,a)       (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_FCOMMENT)
-# define IS_EOF(c,a)            (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_EOF)
-# define IS_ESC(c,a)            (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ESC)
-# define IS_NUMBER(c,a)         (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_NUMBER)
-# define IS_WS(c,a)             (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_WS)
-# define IS_ALPHA_NUMERIC(c,a)  (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC)
-# define IS_ALPHA_NUMERIC_PUNCT(c,a) \
-                                (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC_PUNCT)
-# define IS_QUOTE(c,a)          (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_QUOTE)
-# define IS_DQUOTE(c,a)         (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_DQUOTE)
-# define IS_HIGHBIT(c,a)        (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_HIGHBIT)
-#endif /*CHARSET_EBCDIC*/
+#define IS_COMMENT(conf,c)     is_keytype(conf, c, CONF_COMMENT)
+#define IS_FCOMMENT(conf,c)    is_keytype(conf, c, CONF_FCOMMENT)
+#define IS_EOF(conf,c)         is_keytype(conf, c, CONF_EOF)
+#define IS_ESC(conf,c)         is_keytype(conf, c, CONF_ESC)
+#define IS_NUMBER(conf,c)      is_keytype(conf, c, CONF_NUMBER)
+#define IS_WS(conf,c)          is_keytype(conf, c, CONF_WS)
+#define IS_ALNUM(conf,c)       is_keytype(conf, c, CONF_ALNUM)
+#define IS_ALNUM_PUNCT(conf,c) is_keytype(conf, c, CONF_ALNUM_PUNCT)
+#define IS_QUOTE(conf,c)       is_keytype(conf, c, CONF_QUOTE)
+#define IS_DQUOTE(conf,c)      is_keytype(conf, c, CONF_DQUOTE)
 
-static unsigned short CONF_type_default[256] = {
+static const unsigned short CONF_type_default[128] = {
     0x0008, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
     0x0000, 0x0010, 0x0010, 0x0000, 0x0000, 0x0010, 0x0000, 0x0000,
     0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
@@ -127,25 +54,9 @@ static unsigned short CONF_type_default[256] = {
     0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004,
     0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004,
     0x0004, 0x0004, 0x0004, 0x0000, 0x0200, 0x0000, 0x0200, 0x0000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
 };
 
-static unsigned short CONF_type_win32[256] = {
+static const unsigned short CONF_type_win32[128] = {
     0x0008, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
     0x0000, 0x0010, 0x0010, 0x0000, 0x0000, 0x0010, 0x0000, 0x0000,
     0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
@@ -162,20 +73,4 @@ static unsigned short CONF_type_win32[256] = {
     0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004,
     0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004,
     0x0004, 0x0004, 0x0004, 0x0000, 0x0200, 0x0000, 0x0200, 0x0000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
 };
diff --git a/freebsd/crypto/openssl/crypto/conf/conf_err.c b/freebsd/crypto/openssl/crypto/conf/conf_err.c
index e07bf01e..48ca42dd 100644
--- a/freebsd/crypto/openssl/crypto/conf/conf_err.c
+++ b/freebsd/crypto/openssl/crypto/conf/conf_err.c
@@ -1,137 +1,97 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/conf/conf_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
 /*
- * NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
-#include <openssl/conf.h>
+#include <openssl/conferr.h>
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_CONF,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_CONF,0,reason)
-
-static ERR_STRING_DATA CONF_str_functs[] = {
-    {ERR_FUNC(CONF_F_CONF_DUMP_FP), "CONF_dump_fp"},
-    {ERR_FUNC(CONF_F_CONF_LOAD), "CONF_load"},
-    {ERR_FUNC(CONF_F_CONF_LOAD_BIO), "CONF_load_bio"},
-    {ERR_FUNC(CONF_F_CONF_LOAD_FP), "CONF_load_fp"},
-    {ERR_FUNC(CONF_F_CONF_MODULES_LOAD), "CONF_modules_load"},
-    {ERR_FUNC(CONF_F_CONF_PARSE_LIST), "CONF_parse_list"},
-    {ERR_FUNC(CONF_F_DEF_LOAD), "DEF_LOAD"},
-    {ERR_FUNC(CONF_F_DEF_LOAD_BIO), "DEF_LOAD_BIO"},
-    {ERR_FUNC(CONF_F_MODULE_INIT), "MODULE_INIT"},
-    {ERR_FUNC(CONF_F_MODULE_LOAD_DSO), "MODULE_LOAD_DSO"},
-    {ERR_FUNC(CONF_F_MODULE_RUN), "MODULE_RUN"},
-    {ERR_FUNC(CONF_F_NCONF_DUMP_BIO), "NCONF_dump_bio"},
-    {ERR_FUNC(CONF_F_NCONF_DUMP_FP), "NCONF_dump_fp"},
-    {ERR_FUNC(CONF_F_NCONF_GET_NUMBER), "NCONF_get_number"},
-    {ERR_FUNC(CONF_F_NCONF_GET_NUMBER_E), "NCONF_get_number_e"},
-    {ERR_FUNC(CONF_F_NCONF_GET_SECTION), "NCONF_get_section"},
-    {ERR_FUNC(CONF_F_NCONF_GET_STRING), "NCONF_get_string"},
-    {ERR_FUNC(CONF_F_NCONF_LOAD), "NCONF_load"},
-    {ERR_FUNC(CONF_F_NCONF_LOAD_BIO), "NCONF_load_bio"},
-    {ERR_FUNC(CONF_F_NCONF_LOAD_FP), "NCONF_load_fp"},
-    {ERR_FUNC(CONF_F_NCONF_NEW), "NCONF_new"},
-    {ERR_FUNC(CONF_F_STR_COPY), "STR_COPY"},
+static const ERR_STRING_DATA CONF_str_functs[] = {
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_CONF_DUMP_FP, 0), "CONF_dump_fp"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_CONF_LOAD, 0), "CONF_load"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_CONF_LOAD_FP, 0), "CONF_load_fp"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_CONF_PARSE_LIST, 0), "CONF_parse_list"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_DEF_LOAD, 0), "def_load"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_DEF_LOAD_BIO, 0), "def_load_bio"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_GET_NEXT_FILE, 0), "get_next_file"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_MODULE_ADD, 0), "module_add"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_MODULE_INIT, 0), "module_init"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_MODULE_LOAD_DSO, 0), "module_load_dso"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_MODULE_RUN, 0), "module_run"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_DUMP_BIO, 0), "NCONF_dump_bio"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_DUMP_FP, 0), "NCONF_dump_fp"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_GET_NUMBER_E, 0),
+     "NCONF_get_number_e"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_GET_SECTION, 0), "NCONF_get_section"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_GET_STRING, 0), "NCONF_get_string"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_LOAD, 0), "NCONF_load"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_LOAD_BIO, 0), "NCONF_load_bio"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_LOAD_FP, 0), "NCONF_load_fp"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_NEW, 0), "NCONF_new"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_PROCESS_INCLUDE, 0), "process_include"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_SSL_MODULE_INIT, 0), "ssl_module_init"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_STR_COPY, 0), "str_copy"},
     {0, NULL}
 };
 
-static ERR_STRING_DATA CONF_str_reasons[] = {
-    {ERR_REASON(CONF_R_ERROR_LOADING_DSO), "error loading dso"},
-    {ERR_REASON(CONF_R_LIST_CANNOT_BE_NULL), "list cannot be null"},
-    {ERR_REASON(CONF_R_MISSING_CLOSE_SQUARE_BRACKET),
-     "missing close square bracket"},
-    {ERR_REASON(CONF_R_MISSING_EQUAL_SIGN), "missing equal sign"},
-    {ERR_REASON(CONF_R_MISSING_FINISH_FUNCTION), "missing finish function"},
-    {ERR_REASON(CONF_R_MISSING_INIT_FUNCTION), "missing init function"},
-    {ERR_REASON(CONF_R_MODULE_INITIALIZATION_ERROR),
-     "module initialization error"},
-    {ERR_REASON(CONF_R_NO_CLOSE_BRACE), "no close brace"},
-    {ERR_REASON(CONF_R_NO_CONF), "no conf"},
-    {ERR_REASON(CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE),
-     "no conf or environment variable"},
-    {ERR_REASON(CONF_R_NO_SECTION), "no section"},
-    {ERR_REASON(CONF_R_NO_SUCH_FILE), "no such file"},
-    {ERR_REASON(CONF_R_NO_VALUE), "no value"},
-    {ERR_REASON(CONF_R_UNABLE_TO_CREATE_NEW_SECTION),
-     "unable to create new section"},
-    {ERR_REASON(CONF_R_UNKNOWN_MODULE_NAME), "unknown module name"},
-    {ERR_REASON(CONF_R_VARIABLE_EXPANSION_TOO_LONG),
-     "variable expansion too long"},
-    {ERR_REASON(CONF_R_VARIABLE_HAS_NO_VALUE), "variable has no value"},
+static const ERR_STRING_DATA CONF_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_ERROR_LOADING_DSO), "error loading dso"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_LIST_CANNOT_BE_NULL),
+    "list cannot be null"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_MISSING_CLOSE_SQUARE_BRACKET),
+    "missing close square bracket"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_MISSING_EQUAL_SIGN),
+    "missing equal sign"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_MISSING_INIT_FUNCTION),
+    "missing init function"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_MODULE_INITIALIZATION_ERROR),
+    "module initialization error"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NO_CLOSE_BRACE), "no close brace"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NO_CONF), "no conf"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE),
+    "no conf or environment variable"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NO_SECTION), "no section"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NO_SUCH_FILE), "no such file"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NO_VALUE), "no value"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NUMBER_TOO_LARGE), "number too large"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_RECURSIVE_DIRECTORY_INCLUDE),
+    "recursive directory include"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_SSL_COMMAND_SECTION_EMPTY),
+    "ssl command section empty"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_SSL_COMMAND_SECTION_NOT_FOUND),
+    "ssl command section not found"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_SSL_SECTION_EMPTY), "ssl section empty"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_SSL_SECTION_NOT_FOUND),
+    "ssl section not found"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_UNABLE_TO_CREATE_NEW_SECTION),
+    "unable to create new section"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_UNKNOWN_MODULE_NAME),
+    "unknown module name"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_VARIABLE_EXPANSION_TOO_LONG),
+    "variable expansion too long"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_VARIABLE_HAS_NO_VALUE),
+    "variable has no value"},
     {0, NULL}
 };
 
 #endif
 
-void ERR_load_CONF_strings(void)
+int ERR_load_CONF_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
-
     if (ERR_func_error_string(CONF_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, CONF_str_functs);
-        ERR_load_strings(0, CONF_str_reasons);
+        ERR_load_strings_const(CONF_str_functs);
+        ERR_load_strings_const(CONF_str_reasons);
     }
 #endif
+    return 1;
 }
diff --git a/freebsd/crypto/openssl/crypto/conf/conf_lcl.h b/freebsd/crypto/openssl/crypto/conf/conf_lcl.h
new file mode 100644
index 00000000..6e1f7fe0
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/conf/conf_lcl.h
@@ -0,0 +1,11 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+void conf_add_ssl_module(void);
+
diff --git a/freebsd/crypto/openssl/crypto/conf/conf_lib.c b/freebsd/crypto/openssl/crypto/conf/conf_lib.c
index e919552d..3e445512 100644
--- a/freebsd/crypto/openssl/crypto/conf/conf_lib.c
+++ b/freebsd/crypto/openssl/crypto/conf/conf_lib.c
@@ -1,73 +1,25 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* conf_lib.c */
 /*
- * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
+#include "e_os.h"
 #include <stdio.h>
+#include <string.h>
+#include "internal/conf.h"
+#include "internal/ctype.h"
 #include <openssl/crypto.h>
 #include <openssl/err.h>
 #include <openssl/conf.h>
 #include <openssl/conf_api.h>
 #include <openssl/lhash.h>
 
-const char CONF_version[] = "CONF" OPENSSL_VERSION_PTEXT;
-
 static CONF_METHOD *default_CONF_method = NULL;
 
 /* Init a 'CONF' structure from an old LHASH */
@@ -114,13 +66,13 @@ LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file,
     return ltmp;
 }
 
-#ifndef OPENSSL_NO_FP_API
+#ifndef OPENSSL_NO_STDIO
 LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp,
                                    long *eline)
 {
     BIO *btmp;
     LHASH_OF(CONF_VALUE) *ltmp;
-    if (!(btmp = BIO_new_fp(fp, BIO_NOCLOSE))) {
+    if ((btmp = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) {
         CONFerr(CONF_F_CONF_LOAD_FP, ERR_R_BUF_LIB);
         return NULL;
     }
@@ -174,6 +126,7 @@ long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group,
     int status;
     long result = 0;
 
+    ERR_set_mark();
     if (conf == NULL) {
         status = NCONF_get_number_e(NULL, group, name, &result);
     } else {
@@ -181,12 +134,8 @@ long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group,
         CONF_set_nconf(&ctmp, conf);
         status = NCONF_get_number_e(&ctmp, group, name, &result);
     }
-
-    if (status == 0) {
-        /* This function does not believe in errors... */
-        ERR_clear_error();
-    }
-    return result;
+    ERR_pop_to_mark();
+    return status == 0 ? 0L : result;
 }
 
 void CONF_free(LHASH_OF(CONF_VALUE) *conf)
@@ -196,13 +145,13 @@ void CONF_free(LHASH_OF(CONF_VALUE) *conf)
     NCONF_free_data(&ctmp);
 }
 
-#ifndef OPENSSL_NO_FP_API
+#ifndef OPENSSL_NO_STDIO
 int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out)
 {
     BIO *btmp;
     int ret;
 
-    if (!(btmp = BIO_new_fp(out, BIO_NOCLOSE))) {
+    if ((btmp = BIO_new_fp(out, BIO_NOCLOSE)) == NULL) {
         CONFerr(CONF_F_CONF_DUMP_FP, ERR_R_BUF_LIB);
         return 0;
     }
@@ -237,7 +186,7 @@ CONF *NCONF_new(CONF_METHOD *meth)
     ret = meth->create(meth);
     if (ret == NULL) {
         CONFerr(CONF_F_NCONF_NEW, ERR_R_MALLOC_FAILURE);
-        return (NULL);
+        return NULL;
     }
 
     return ret;
@@ -267,12 +216,12 @@ int NCONF_load(CONF *conf, const char *file, long *eline)
     return conf->meth->load(conf, file, eline);
 }
 
-#ifndef OPENSSL_NO_FP_API
+#ifndef OPENSSL_NO_STDIO
 int NCONF_load_fp(CONF *conf, FILE *fp, long *eline)
 {
     BIO *btmp;
     int ret;
-    if (!(btmp = BIO_new_fp(fp, BIO_NOCLOSE))) {
+    if ((btmp = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) {
         CONFerr(CONF_F_NCONF_LOAD_FP, ERR_R_BUF_LIB);
         return 0;
     }
@@ -328,10 +277,23 @@ char *NCONF_get_string(const CONF *conf, const char *group, const char *name)
     return NULL;
 }
 
+static int default_is_number(const CONF *conf, char c)
+{
+    return ossl_isdigit(c);
+}
+
+static int default_to_int(const CONF *conf, char c)
+{
+    return (int)(c - '0');
+}
+
 int NCONF_get_number_e(const CONF *conf, const char *group, const char *name,
                        long *result)
 {
     char *str;
+    long res;
+    int (*is_number)(const CONF *, char) = &default_is_number;
+    int (*to_int)(const CONF *, char) = &default_to_int;
 
     if (result == NULL) {
         CONFerr(CONF_F_NCONF_GET_NUMBER_E, ERR_R_PASSED_NULL_PARAMETER);
@@ -343,20 +305,32 @@ int NCONF_get_number_e(const CONF *conf, const char *group, const char *name,
     if (str == NULL)
         return 0;
 
-    for (*result = 0; conf->meth->is_number(conf, *str);) {
-        *result = (*result) * 10 + conf->meth->to_int(conf, *str);
-        str++;
+    if (conf != NULL) {
+        if (conf->meth->is_number != NULL)
+            is_number = conf->meth->is_number;
+        if (conf->meth->to_int != NULL)
+            to_int = conf->meth->to_int;
+    }
+    for (res = 0; is_number(conf, *str); str++) {
+        const int d = to_int(conf, *str);
+
+        if (res > (LONG_MAX - d) / 10L) {
+            CONFerr(CONF_F_NCONF_GET_NUMBER_E, CONF_R_NUMBER_TOO_LARGE);
+            return 0;
+        }
+        res = res * 10 + d;
     }
 
+    *result = res;
     return 1;
 }
 
-#ifndef OPENSSL_NO_FP_API
+#ifndef OPENSSL_NO_STDIO
 int NCONF_dump_fp(const CONF *conf, FILE *out)
 {
     BIO *btmp;
     int ret;
-    if (!(btmp = BIO_new_fp(out, BIO_NOCLOSE))) {
+    if ((btmp = BIO_new_fp(out, BIO_NOCLOSE)) == NULL) {
         CONFerr(CONF_F_NCONF_DUMP_FP, ERR_R_BUF_LIB);
         return 0;
     }
@@ -376,18 +350,41 @@ int NCONF_dump_bio(const CONF *conf, BIO *out)
     return conf->meth->dump(conf, out);
 }
 
-/* This function should be avoided */
-#if 0
-long NCONF_get_number(CONF *conf, char *group, char *name)
+/*
+ * These routines call the C malloc/free, to avoid intermixing with
+ * OpenSSL function pointers before the library is initialized.
+ */
+OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void)
 {
-    int status;
-    long ret = 0;
+    OPENSSL_INIT_SETTINGS *ret = malloc(sizeof(*ret));
 
-    status = NCONF_get_number_e(conf, group, name, &ret);
-    if (status == 0) {
-        /* This function does not believe in errors... */
-        ERR_get_error();
-    }
+    if (ret != NULL)
+        memset(ret, 0, sizeof(*ret));
     return ret;
 }
+
+
+#ifndef OPENSSL_NO_STDIO
+int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *settings,
+                                    const char *appname)
+{
+    char *newappname = NULL;
+
+    if (appname != NULL) {
+        newappname = strdup(appname);
+        if (newappname == NULL)
+            return 0;
+    }
+
+    free(settings->appname);
+    settings->appname = newappname;
+
+    return 1;
+}
 #endif
+
+void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *settings)
+{
+    free(settings->appname);
+    free(settings);
+}
diff --git a/freebsd/crypto/openssl/crypto/conf/conf_mall.c b/freebsd/crypto/openssl/crypto/conf/conf_mall.c
index b839b183..8fe87bda 100644
--- a/freebsd/crypto/openssl/crypto/conf/conf_mall.c
+++ b/freebsd/crypto/openssl/crypto/conf/conf_mall.c
@@ -1,74 +1,22 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* conf_mall.c */
 /*
- * Written by Stephen Henson (steve@openssl.org) for the OpenSSL project
- * 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <openssl/crypto.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/conf.h>
-#include <openssl/dso.h>
 #include <openssl/x509.h>
 #include <openssl/asn1.h>
-#ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
-#endif
+#include <openssl/engine.h>
+#include "conf_lcl.h"
 
 /* Load all OpenSSL builtin modules */
 
@@ -76,8 +24,10 @@ void OPENSSL_load_builtin_modules(void)
 {
     /* Add builtin modules here */
     ASN1_add_oid_module();
+    ASN1_add_stable_module();
 #ifndef OPENSSL_NO_ENGINE
     ENGINE_add_conf_module();
 #endif
     EVP_add_alg_module();
+    conf_add_ssl_module();
 }
diff --git a/freebsd/crypto/openssl/crypto/conf/conf_mod.c b/freebsd/crypto/openssl/crypto/conf/conf_mod.c
index d355ee83..52fc9911 100644
--- a/freebsd/crypto/openssl/crypto/conf/conf_mod.c
+++ b/freebsd/crypto/openssl/crypto/conf/conf_mod.c
@@ -1,70 +1,20 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* conf_mod.c */
 /*
- * Written by Stephen Henson (steve@openssl.org) for the OpenSSL project
- * 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
+#include "internal/cryptlib.h"
 #include <stdio.h>
 #include <ctype.h>
 #include <openssl/crypto.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/dso.h>
+#include "internal/conf.h"
+#include "internal/dso.h"
 #include <openssl/x509.h>
 
 #define DSO_mod_init_name "OPENSSL_init"
@@ -106,18 +56,22 @@ struct conf_imodule_st {
 static STACK_OF(CONF_MODULE) *supported_modules = NULL;
 static STACK_OF(CONF_IMODULE) *initialized_modules = NULL;
 
+#ifndef __rtems__
 static void module_free(CONF_MODULE *md);
 static void module_finish(CONF_IMODULE *imod);
-static int module_run(const CONF *cnf, char *name, char *value,
+#endif /* __rtems__ */
+static int module_run(const CONF *cnf, const char *name, const char *value,
                       unsigned long flags);
 static CONF_MODULE *module_add(DSO *dso, const char *name,
                                conf_init_func *ifunc,
                                conf_finish_func *ffunc);
-static CONF_MODULE *module_find(char *name);
-static int module_init(CONF_MODULE *pmod, char *name, char *value,
+static CONF_MODULE *module_find(const char *name);
+static int module_init(CONF_MODULE *pmod, const char *name, const char *value,
                        const CONF *cnf);
-static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value,
-                                    unsigned long flags);
+#ifndef __rtems__
+static CONF_MODULE *module_load_dso(const CONF *cnf, const char *name,
+                                    const char *value);
+#endif /* __rtems__ */
 
 /* Main function: load modules from a CONF structure */
 
@@ -168,7 +122,7 @@ int CONF_modules_load_file(const char *filename, const char *appname,
     CONF *conf = NULL;
     int ret = 0;
     conf = NCONF_new(NULL);
-    if (!conf)
+    if (conf == NULL)
         goto err;
 
     if (filename == NULL) {
@@ -197,7 +151,7 @@ int CONF_modules_load_file(const char *filename, const char *appname,
     return ret;
 }
 
-static int module_run(const CONF *cnf, char *name, char *value,
+static int module_run(const CONF *cnf, const char *name, const char *value,
                       unsigned long flags)
 {
     CONF_MODULE *md;
@@ -205,9 +159,11 @@ static int module_run(const CONF *cnf, char *name, char *value,
 
     md = module_find(name);
 
+#ifndef __rtems__
     /* Module not found: try to load DSO */
     if (!md && !(flags & CONF_MFLAGS_NO_DSO))
-        md = module_load_dso(cnf, name, value, flags);
+        md = module_load_dso(cnf, name, value);
+#endif /* __rtems__ */
 
     if (!md) {
         if (!(flags & CONF_MFLAGS_SILENT)) {
@@ -222,6 +178,7 @@ static int module_run(const CONF *cnf, char *name, char *value,
     if (ret <= 0) {
         if (!(flags & CONF_MFLAGS_SILENT)) {
             char rcode[DECIMAL_SIZE(ret) + 1];
+
             CONFerr(CONF_F_MODULE_RUN, CONF_R_MODULE_INITIALIZATION_ERROR);
             BIO_snprintf(rcode, sizeof(rcode), "%-8d", ret);
             ERR_add_error_data(6, "module=", name, ", value=", value,
@@ -232,14 +189,15 @@ static int module_run(const CONF *cnf, char *name, char *value,
     return ret;
 }
 
+#ifndef __rtems__
 /* Load a module from a DSO */
-static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value,
-                                    unsigned long flags)
+static CONF_MODULE *module_load_dso(const CONF *cnf,
+                                    const char *name, const char *value)
 {
     DSO *dso = NULL;
     conf_init_func *ifunc;
     conf_finish_func *ffunc;
-    char *path = NULL;
+    const char *path = NULL;
     int errcode = 0;
     CONF_MODULE *md;
     /* Look for alternative path in module section */
@@ -268,12 +226,12 @@ static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value,
     return md;
 
  err:
-    if (dso)
-        DSO_free(dso);
+    DSO_free(dso);
     CONFerr(CONF_F_MODULE_LOAD_DSO, errcode);
     ERR_add_error_data(4, "module=", name, ", path=", path);
     return NULL;
 }
+#endif /* __rtems__ */
 
 /* add module to list */
 static CONF_MODULE *module_add(DSO *dso, const char *name,
@@ -284,21 +242,22 @@ static CONF_MODULE *module_add(DSO *dso, const char *name,
         supported_modules = sk_CONF_MODULE_new_null();
     if (supported_modules == NULL)
         return NULL;
-    tmod = OPENSSL_malloc(sizeof(CONF_MODULE));
-    if (tmod == NULL)
+    if ((tmod = OPENSSL_zalloc(sizeof(*tmod))) == NULL) {
+        CONFerr(CONF_F_MODULE_ADD, ERR_R_MALLOC_FAILURE);
         return NULL;
+    }
 
     tmod->dso = dso;
-    tmod->name = BUF_strdup(name);
+    tmod->name = OPENSSL_strdup(name);
+    tmod->init = ifunc;
+    tmod->finish = ffunc;
     if (tmod->name == NULL) {
         OPENSSL_free(tmod);
         return NULL;
     }
-    tmod->init = ifunc;
-    tmod->finish = ffunc;
-    tmod->links = 0;
 
     if (!sk_CONF_MODULE_push(supported_modules, tmod)) {
+        OPENSSL_free(tmod->name);
         OPENSSL_free(tmod);
         return NULL;
     }
@@ -312,7 +271,7 @@ static CONF_MODULE *module_add(DSO *dso, const char *name,
  * initialized more than once.
  */
 
-static CONF_MODULE *module_find(char *name)
+static CONF_MODULE *module_find(const char *name)
 {
     CONF_MODULE *tmod;
     int i, nchar;
@@ -326,7 +285,7 @@ static CONF_MODULE *module_find(char *name)
 
     for (i = 0; i < sk_CONF_MODULE_num(supported_modules); i++) {
         tmod = sk_CONF_MODULE_value(supported_modules, i);
-        if (!strncmp(tmod->name, name, nchar))
+        if (strncmp(tmod->name, name, nchar) == 0)
             return tmod;
     }
 
@@ -335,7 +294,7 @@ static CONF_MODULE *module_find(char *name)
 }
 
 /* initialize a module */
-static int module_init(CONF_MODULE *pmod, char *name, char *value,
+static int module_init(CONF_MODULE *pmod, const char *name, const char *value,
                        const CONF *cnf)
 {
     int ret = 1;
@@ -343,13 +302,13 @@ static int module_init(CONF_MODULE *pmod, char *name, char *value,
     CONF_IMODULE *imod = NULL;
 
     /* Otherwise add initialized module to list */
-    imod = OPENSSL_malloc(sizeof(CONF_IMODULE));
-    if (!imod)
+    imod = OPENSSL_malloc(sizeof(*imod));
+    if (imod == NULL)
         goto err;
 
     imod->pmod = pmod;
-    imod->name = BUF_strdup(name);
-    imod->value = BUF_strdup(value);
+    imod->name = OPENSSL_strdup(name);
+    imod->value = OPENSSL_strdup(value);
     imod->usr_data = NULL;
 
     if (!imod->name || !imod->value)
@@ -389,10 +348,8 @@ static int module_init(CONF_MODULE *pmod, char *name, char *value,
 
  memerr:
     if (imod) {
-        if (imod->name)
-            OPENSSL_free(imod->name);
-        if (imod->value)
-            OPENSSL_free(imod->value);
+        OPENSSL_free(imod->name);
+        OPENSSL_free(imod->value);
         OPENSSL_free(imod);
     }
 
@@ -400,6 +357,7 @@ static int module_init(CONF_MODULE *pmod, char *name, char *value,
 
 }
 
+#ifndef __rtems__
 /*
  * Unload any dynamic modules that have a link count of zero: i.e. have no
  * active initialized modules. If 'all' is set then all modules are unloaded
@@ -430,8 +388,7 @@ void CONF_modules_unload(int all)
 /* unload a single module */
 static void module_free(CONF_MODULE *md)
 {
-    if (md->dso)
-        DSO_free(md->dso);
+    DSO_free(md->dso);
     OPENSSL_free(md->name);
     OPENSSL_free(md);
 }
@@ -453,6 +410,8 @@ void CONF_modules_finish(void)
 
 static void module_finish(CONF_IMODULE *imod)
 {
+    if (!imod)
+        return;
     if (imod->pmod->finish)
         imod->pmod->finish(imod);
     imod->pmod->links--;
@@ -460,6 +419,7 @@ static void module_finish(CONF_IMODULE *imod)
     OPENSSL_free(imod->value);
     OPENSSL_free(imod);
 }
+#endif /* __rtems__ */
 
 /* Add a static module to OpenSSL */
 
@@ -472,11 +432,13 @@ int CONF_module_add(const char *name, conf_init_func *ifunc,
         return 0;
 }
 
-void CONF_modules_free(void)
+#ifndef __rtems__
+void conf_modules_free_int(void)
 {
     CONF_modules_finish();
     CONF_modules_unload(1);
 }
+#endif /* __rtems__ */
 
 /* Utility functions */
 
@@ -529,28 +491,28 @@ void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data)
 
 char *CONF_get1_default_config_file(void)
 {
-    char *file;
+    char *file, *sep = "";
     int len;
 
-    file = getenv("OPENSSL_CONF");
-    if (file)
-        return BUF_strdup(file);
+    if (!OPENSSL_issetugid()) {
+        file = getenv("OPENSSL_CONF");
+        if (file)
+            return OPENSSL_strdup(file);
+    }
 
     len = strlen(X509_get_default_cert_area());
 #ifndef OPENSSL_SYS_VMS
     len++;
+    sep = "/";
 #endif
     len += strlen(OPENSSL_CONF);
 
     file = OPENSSL_malloc(len + 1);
 
-    if (!file)
+    if (file == NULL)
         return NULL;
-    BUF_strlcpy(file, X509_get_default_cert_area(), len + 1);
-#ifndef OPENSSL_SYS_VMS
-    BUF_strlcat(file, "/", len + 1);
-#endif
-    BUF_strlcat(file, OPENSSL_CONF, len + 1);
+    BIO_snprintf(file, len + 1, "%s%s%s", X509_get_default_cert_area(),
+                 sep, OPENSSL_CONF);
 
     return file;
 }
diff --git a/freebsd/crypto/openssl/crypto/conf/conf_sap.c b/freebsd/crypto/openssl/crypto/conf/conf_sap.c
index b3e60136..8779ebfe 100644
--- a/freebsd/crypto/openssl/crypto/conf/conf_sap.c
+++ b/freebsd/crypto/openssl/crypto/conf/conf_sap.c
@@ -1,73 +1,24 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* conf_sap.c */
 /*
- * Written by Stephen Henson (steve@openssl.org) for the OpenSSL project
- * 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <openssl/crypto.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/dso.h>
+#include "internal/cryptlib.h"
+#include "internal/conf.h"
 #include <openssl/x509.h>
 #include <openssl/asn1.h>
-#ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
+#include <openssl/engine.h>
+
+#ifdef _WIN32
+# define strdup _strdup
 #endif
 
 /*
@@ -78,7 +29,19 @@
 
 static int openssl_configured = 0;
 
-void OPENSSL_config(const char *config_name)
+#if OPENSSL_API_COMPAT < 0x10100000L
+void OPENSSL_config(const char *appname)
+{
+    OPENSSL_INIT_SETTINGS settings;
+
+    memset(&settings, 0, sizeof(settings));
+    if (appname != NULL)
+        settings.appname = strdup(appname);
+    OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, &settings);
+}
+#endif
+
+void openssl_config_int(const char *appname)
 {
     if (openssl_configured)
         return;
@@ -89,13 +52,15 @@ void OPENSSL_config(const char *config_name)
     ENGINE_load_builtin_engines();
 #endif
     ERR_clear_error();
-    CONF_modules_load_file(NULL, config_name,
+#ifndef OPENSSL_SYS_UEFI
+    CONF_modules_load_file(NULL, appname,
                                CONF_MFLAGS_DEFAULT_SECTION |
                                CONF_MFLAGS_IGNORE_MISSING_FILE);
+#endif
     openssl_configured = 1;
 }
 
-void OPENSSL_no_config()
+void openssl_no_config_int(void)
 {
     openssl_configured = 1;
 }
diff --git a/freebsd/crypto/openssl/crypto/conf/conf_ssl.c b/freebsd/crypto/openssl/crypto/conf/conf_ssl.c
new file mode 100644
index 00000000..0899d0e5
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/conf/conf_ssl.c
@@ -0,0 +1,181 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/conf.h>
+#include <openssl/err.h>
+#include "internal/sslconf.h"
+#include "conf_lcl.h"
+
+/*
+ * SSL library configuration module placeholder. We load it here but defer
+ * all decisions about its contents to libssl.
+ */
+
+struct ssl_conf_name_st {
+    /* Name of this set of commands */
+    char *name;
+    /* List of commands */
+    SSL_CONF_CMD *cmds;
+    /* Number of commands */
+    size_t cmd_count;
+};
+
+struct ssl_conf_cmd_st {
+    /* Command */
+    char *cmd;
+    /* Argument */
+    char *arg;
+};
+
+static struct ssl_conf_name_st *ssl_names;
+static size_t ssl_names_count;
+
+static void ssl_module_free(CONF_IMODULE *md)
+{
+    size_t i, j;
+    if (ssl_names == NULL)
+        return;
+    for (i = 0; i < ssl_names_count; i++) {
+        struct ssl_conf_name_st *tname = ssl_names + i;
+
+        OPENSSL_free(tname->name);
+        for (j = 0; j < tname->cmd_count; j++) {
+            OPENSSL_free(tname->cmds[j].cmd);
+            OPENSSL_free(tname->cmds[j].arg);
+        }
+        OPENSSL_free(tname->cmds);
+    }
+    OPENSSL_free(ssl_names);
+    ssl_names = NULL;
+    ssl_names_count = 0;
+}
+
+static int ssl_module_init(CONF_IMODULE *md, const CONF *cnf)
+{
+    size_t i, j, cnt;
+    int rv = 0;
+    const char *ssl_conf_section;
+    STACK_OF(CONF_VALUE) *cmd_lists;
+
+    ssl_conf_section = CONF_imodule_get_value(md);
+    cmd_lists = NCONF_get_section(cnf, ssl_conf_section);
+    if (sk_CONF_VALUE_num(cmd_lists) <= 0) {
+        if (cmd_lists == NULL)
+            CONFerr(CONF_F_SSL_MODULE_INIT, CONF_R_SSL_SECTION_NOT_FOUND);
+        else
+            CONFerr(CONF_F_SSL_MODULE_INIT, CONF_R_SSL_SECTION_EMPTY);
+        ERR_add_error_data(2, "section=", ssl_conf_section);
+        goto err;
+    }
+    cnt = sk_CONF_VALUE_num(cmd_lists);
+    ssl_module_free(md);
+    ssl_names = OPENSSL_zalloc(sizeof(*ssl_names) * cnt);
+    ssl_names_count = cnt;
+    for (i = 0; i < ssl_names_count; i++) {
+        struct ssl_conf_name_st *ssl_name = ssl_names + i;
+        CONF_VALUE *sect = sk_CONF_VALUE_value(cmd_lists, (int)i);
+        STACK_OF(CONF_VALUE) *cmds = NCONF_get_section(cnf, sect->value);
+
+        if (sk_CONF_VALUE_num(cmds) <= 0) {
+            if (cmds == NULL)
+                CONFerr(CONF_F_SSL_MODULE_INIT,
+                        CONF_R_SSL_COMMAND_SECTION_NOT_FOUND);
+            else
+                CONFerr(CONF_F_SSL_MODULE_INIT,
+                        CONF_R_SSL_COMMAND_SECTION_EMPTY);
+            ERR_add_error_data(4, "name=", sect->name, ", value=", sect->value);
+            goto err;
+        }
+        ssl_name->name = OPENSSL_strdup(sect->name);
+        if (ssl_name->name == NULL)
+            goto err;
+        cnt = sk_CONF_VALUE_num(cmds);
+        ssl_name->cmds = OPENSSL_zalloc(cnt * sizeof(struct ssl_conf_cmd_st));
+        if (ssl_name->cmds == NULL)
+            goto err;
+        ssl_name->cmd_count = cnt;
+        for (j = 0; j < cnt; j++) {
+            const char *name;
+            CONF_VALUE *cmd_conf = sk_CONF_VALUE_value(cmds, (int)j);
+            struct ssl_conf_cmd_st *cmd = ssl_name->cmds + j;
+
+            /* Skip any initial dot in name */
+            name = strchr(cmd_conf->name, '.');
+            if (name != NULL)
+                name++;
+            else
+                name = cmd_conf->name;
+            cmd->cmd = OPENSSL_strdup(name);
+            cmd->arg = OPENSSL_strdup(cmd_conf->value);
+            if (cmd->cmd == NULL || cmd->arg == NULL)
+                goto err;
+        }
+
+    }
+    rv = 1;
+ err:
+    if (rv == 0)
+        ssl_module_free(md);
+    return rv;
+}
+
+/*
+ * Returns the set of commands with index |idx| previously searched for via
+ * conf_ssl_name_find. Also stores the name of the set of commands in |*name|
+ * and the number of commands in the set in |*cnt|.
+ */
+const SSL_CONF_CMD *conf_ssl_get(size_t idx, const char **name, size_t *cnt)
+{
+    *name = ssl_names[idx].name;
+    *cnt = ssl_names[idx].cmd_count;
+    return ssl_names[idx].cmds;
+}
+
+/*
+ * Search for the named set of commands given in |name|. On success return the
+ * index for the command set in |*idx|.
+ * Returns 1 on success or 0 on failure.
+ */
+int conf_ssl_name_find(const char *name, size_t *idx)
+{
+    size_t i;
+    const struct ssl_conf_name_st *nm;
+
+    if (name == NULL)
+        return 0;
+    for (i = 0, nm = ssl_names; i < ssl_names_count; i++, nm++) {
+        if (strcmp(nm->name, name) == 0) {
+            *idx = i;
+            return 1;
+        }
+    }
+    return 0;
+}
+
+/*
+ * Given a command set |cmd|, return details on the command at index |idx| which
+ * must be less than the number of commands in the set (as returned by
+ * conf_ssl_get). The name of the command will be returned in |*cmdstr| and the
+ * argument is returned in |*arg|.
+ */
+void conf_ssl_get_cmd(const SSL_CONF_CMD *cmd, size_t idx, char **cmdstr,
+                      char **arg)
+{
+    *cmdstr = cmd[idx].cmd;
+    *arg = cmd[idx].arg;
+}
+
+void conf_add_ssl_module(void)
+{
+    CONF_module_add("ssl_conf", ssl_module_init, ssl_module_free);
+}
diff --git a/freebsd/crypto/openssl/crypto/constant_time_locl.h b/freebsd/crypto/openssl/crypto/constant_time_locl.h
deleted file mode 100644
index c786aea9..00000000
--- a/freebsd/crypto/openssl/crypto/constant_time_locl.h
+++ /dev/null
@@ -1,211 +0,0 @@
-/* crypto/constant_time_locl.h */
-/*-
- * Utilities for constant-time cryptography.
- *
- * Author: Emilia Kasper (emilia@openssl.org)
- * Based on previous work by Bodo Moeller, Emilia Kasper, Adam Langley
- * (Google).
- * ====================================================================
- * Copyright (c) 2014 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_CONSTANT_TIME_LOCL_H
-# define HEADER_CONSTANT_TIME_LOCL_H
-
-# include "e_os.h"              /* For 'inline' */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*-
- * The boolean methods return a bitmask of all ones (0xff...f) for true
- * and 0 for false. This is useful for choosing a value based on the result
- * of a conditional in constant time. For example,
- *
- * if (a < b) {
- *   c = a;
- * } else {
- *   c = b;
- * }
- *
- * can be written as
- *
- * unsigned int lt = constant_time_lt(a, b);
- * c = constant_time_select(lt, a, b);
- */
-
-/*
- * Returns the given value with the MSB copied to all the other
- * bits. Uses the fact that arithmetic shift shifts-in the sign bit.
- * However, this is not ensured by the C standard so you may need to
- * replace this with something else on odd CPUs.
- */
-static inline unsigned int constant_time_msb(unsigned int a);
-
-/*
- * Returns 0xff..f if a < b and 0 otherwise.
- */
-static inline unsigned int constant_time_lt(unsigned int a, unsigned int b);
-/* Convenience method for getting an 8-bit mask. */
-static inline unsigned char constant_time_lt_8(unsigned int a,
-                                               unsigned int b);
-
-/*
- * Returns 0xff..f if a >= b and 0 otherwise.
- */
-static inline unsigned int constant_time_ge(unsigned int a, unsigned int b);
-/* Convenience method for getting an 8-bit mask. */
-static inline unsigned char constant_time_ge_8(unsigned int a,
-                                               unsigned int b);
-
-/*
- * Returns 0xff..f if a == 0 and 0 otherwise.
- */
-static inline unsigned int constant_time_is_zero(unsigned int a);
-/* Convenience method for getting an 8-bit mask. */
-static inline unsigned char constant_time_is_zero_8(unsigned int a);
-
-/*
- * Returns 0xff..f if a == b and 0 otherwise.
- */
-static inline unsigned int constant_time_eq(unsigned int a, unsigned int b);
-/* Convenience method for getting an 8-bit mask. */
-static inline unsigned char constant_time_eq_8(unsigned int a,
-                                               unsigned int b);
-/* Signed integers. */
-static inline unsigned int constant_time_eq_int(int a, int b);
-/* Convenience method for getting an 8-bit mask. */
-static inline unsigned char constant_time_eq_int_8(int a, int b);
-
-/*-
- * Returns (mask & a) | (~mask & b).
- *
- * When |mask| is all 1s or all 0s (as returned by the methods above),
- * the select methods return either |a| (if |mask| is nonzero) or |b|
- * (if |mask| is zero).
- */
-static inline unsigned int constant_time_select(unsigned int mask,
-                                                unsigned int a,
-                                                unsigned int b);
-/* Convenience method for unsigned chars. */
-static inline unsigned char constant_time_select_8(unsigned char mask,
-                                                   unsigned char a,
-                                                   unsigned char b);
-/* Convenience method for signed integers. */
-static inline int constant_time_select_int(unsigned int mask, int a, int b);
-
-static inline unsigned int constant_time_msb(unsigned int a)
-{
-    return 0 - (a >> (sizeof(a) * 8 - 1));
-}
-
-static inline unsigned int constant_time_lt(unsigned int a, unsigned int b)
-{
-    return constant_time_msb(a ^ ((a ^ b) | ((a - b) ^ b)));
-}
-
-static inline unsigned char constant_time_lt_8(unsigned int a, unsigned int b)
-{
-    return (unsigned char)(constant_time_lt(a, b));
-}
-
-static inline unsigned int constant_time_ge(unsigned int a, unsigned int b)
-{
-    return ~constant_time_lt(a, b);
-}
-
-static inline unsigned char constant_time_ge_8(unsigned int a, unsigned int b)
-{
-    return (unsigned char)(constant_time_ge(a, b));
-}
-
-static inline unsigned int constant_time_is_zero(unsigned int a)
-{
-    return constant_time_msb(~a & (a - 1));
-}
-
-static inline unsigned char constant_time_is_zero_8(unsigned int a)
-{
-    return (unsigned char)(constant_time_is_zero(a));
-}
-
-static inline unsigned int constant_time_eq(unsigned int a, unsigned int b)
-{
-    return constant_time_is_zero(a ^ b);
-}
-
-static inline unsigned char constant_time_eq_8(unsigned int a, unsigned int b)
-{
-    return (unsigned char)(constant_time_eq(a, b));
-}
-
-static inline unsigned int constant_time_eq_int(int a, int b)
-{
-    return constant_time_eq((unsigned)(a), (unsigned)(b));
-}
-
-static inline unsigned char constant_time_eq_int_8(int a, int b)
-{
-    return constant_time_eq_8((unsigned)(a), (unsigned)(b));
-}
-
-static inline unsigned int constant_time_select(unsigned int mask,
-                                                unsigned int a,
-                                                unsigned int b)
-{
-    return (mask & a) | (~mask & b);
-}
-
-static inline unsigned char constant_time_select_8(unsigned char mask,
-                                                   unsigned char a,
-                                                   unsigned char b)
-{
-    return (unsigned char)(constant_time_select(mask, a, b));
-}
-
-static inline int constant_time_select_int(unsigned int mask, int a, int b)
-{
-    return (int)(constant_time_select(mask, (unsigned)(a), (unsigned)(b)));
-}
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif                          /* HEADER_CONSTANT_TIME_LOCL_H */
diff --git a/freebsd/crypto/openssl/crypto/constant_time_test.c b/freebsd/crypto/openssl/crypto/constant_time_test.c
deleted file mode 100644
index be42b138..00000000
--- a/freebsd/crypto/openssl/crypto/constant_time_test.c
+++ /dev/null
@@ -1,306 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/constant_time_test.c */
-/*-
- * Utilities for constant-time cryptography.
- *
- * Author: Emilia Kasper (emilia@openssl.org)
- * Based on previous work by Bodo Moeller, Emilia Kasper, Adam Langley
- * (Google).
- * ====================================================================
- * Copyright (c) 2014 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "../crypto/constant_time_locl.h"
-
-#include <limits.h>
-#include <stdio.h>
-#include <stdlib.h>
-
-static const unsigned int CONSTTIME_TRUE = (unsigned)(~0);
-static const unsigned int CONSTTIME_FALSE = 0;
-static const unsigned char CONSTTIME_TRUE_8 = 0xff;
-static const unsigned char CONSTTIME_FALSE_8 = 0;
-
-static int test_binary_op(unsigned int (*op) (unsigned int a, unsigned int b),
-                          const char *op_name, unsigned int a, unsigned int b,
-                          int is_true)
-{
-    unsigned c = op(a, b);
-    if (is_true && c != CONSTTIME_TRUE) {
-        fprintf(stderr, "Test failed for %s(%du, %du): expected %du "
-                "(TRUE), got %du\n", op_name, a, b, CONSTTIME_TRUE, c);
-        return 1;
-    } else if (!is_true && c != CONSTTIME_FALSE) {
-        fprintf(stderr, "Test failed for  %s(%du, %du): expected %du "
-                "(FALSE), got %du\n", op_name, a, b, CONSTTIME_FALSE, c);
-        return 1;
-    }
-    return 0;
-}
-
-static int test_binary_op_8(unsigned
-                            char (*op) (unsigned int a, unsigned int b),
-                            const char *op_name, unsigned int a,
-                            unsigned int b, int is_true)
-{
-    unsigned char c = op(a, b);
-    if (is_true && c != CONSTTIME_TRUE_8) {
-        fprintf(stderr, "Test failed for %s(%du, %du): expected %u "
-                "(TRUE), got %u\n", op_name, a, b, CONSTTIME_TRUE_8, c);
-        return 1;
-    } else if (!is_true && c != CONSTTIME_FALSE_8) {
-        fprintf(stderr, "Test failed for  %s(%du, %du): expected %u "
-                "(FALSE), got %u\n", op_name, a, b, CONSTTIME_FALSE_8, c);
-        return 1;
-    }
-    return 0;
-}
-
-static int test_is_zero(unsigned int a)
-{
-    unsigned int c = constant_time_is_zero(a);
-    if (a == 0 && c != CONSTTIME_TRUE) {
-        fprintf(stderr, "Test failed for constant_time_is_zero(%du): "
-                "expected %du (TRUE), got %du\n", a, CONSTTIME_TRUE, c);
-        return 1;
-    } else if (a != 0 && c != CONSTTIME_FALSE) {
-        fprintf(stderr, "Test failed for constant_time_is_zero(%du): "
-                "expected %du (FALSE), got %du\n", a, CONSTTIME_FALSE, c);
-        return 1;
-    }
-    return 0;
-}
-
-static int test_is_zero_8(unsigned int a)
-{
-    unsigned char c = constant_time_is_zero_8(a);
-    if (a == 0 && c != CONSTTIME_TRUE_8) {
-        fprintf(stderr, "Test failed for constant_time_is_zero(%du): "
-                "expected %u (TRUE), got %u\n", a, CONSTTIME_TRUE_8, c);
-        return 1;
-    } else if (a != 0 && c != CONSTTIME_FALSE) {
-        fprintf(stderr, "Test failed for constant_time_is_zero(%du): "
-                "expected %u (FALSE), got %u\n", a, CONSTTIME_FALSE_8, c);
-        return 1;
-    }
-    return 0;
-}
-
-static int test_select(unsigned int a, unsigned int b)
-{
-    unsigned int selected = constant_time_select(CONSTTIME_TRUE, a, b);
-    if (selected != a) {
-        fprintf(stderr, "Test failed for constant_time_select(%du, %du,"
-                "%du): expected %du(first value), got %du\n",
-                CONSTTIME_TRUE, a, b, a, selected);
-        return 1;
-    }
-    selected = constant_time_select(CONSTTIME_FALSE, a, b);
-    if (selected != b) {
-        fprintf(stderr, "Test failed for constant_time_select(%du, %du,"
-                "%du): expected %du(second value), got %du\n",
-                CONSTTIME_FALSE, a, b, b, selected);
-        return 1;
-    }
-    return 0;
-}
-
-static int test_select_8(unsigned char a, unsigned char b)
-{
-    unsigned char selected = constant_time_select_8(CONSTTIME_TRUE_8, a, b);
-    if (selected != a) {
-        fprintf(stderr, "Test failed for constant_time_select(%u, %u,"
-                "%u): expected %u(first value), got %u\n",
-                CONSTTIME_TRUE, a, b, a, selected);
-        return 1;
-    }
-    selected = constant_time_select_8(CONSTTIME_FALSE_8, a, b);
-    if (selected != b) {
-        fprintf(stderr, "Test failed for constant_time_select(%u, %u,"
-                "%u): expected %u(second value), got %u\n",
-                CONSTTIME_FALSE, a, b, b, selected);
-        return 1;
-    }
-    return 0;
-}
-
-static int test_select_int(int a, int b)
-{
-    int selected = constant_time_select_int(CONSTTIME_TRUE, a, b);
-    if (selected != a) {
-        fprintf(stderr, "Test failed for constant_time_select(%du, %d,"
-                "%d): expected %d(first value), got %d\n",
-                CONSTTIME_TRUE, a, b, a, selected);
-        return 1;
-    }
-    selected = constant_time_select_int(CONSTTIME_FALSE, a, b);
-    if (selected != b) {
-        fprintf(stderr, "Test failed for constant_time_select(%du, %d,"
-                "%d): expected %d(second value), got %d\n",
-                CONSTTIME_FALSE, a, b, b, selected);
-        return 1;
-    }
-    return 0;
-}
-
-static int test_eq_int(int a, int b)
-{
-    unsigned int equal = constant_time_eq_int(a, b);
-    if (a == b && equal != CONSTTIME_TRUE) {
-        fprintf(stderr, "Test failed for constant_time_eq_int(%d, %d): "
-                "expected %du(TRUE), got %du\n", a, b, CONSTTIME_TRUE, equal);
-        return 1;
-    } else if (a != b && equal != CONSTTIME_FALSE) {
-        fprintf(stderr, "Test failed for constant_time_eq_int(%d, %d): "
-                "expected %du(FALSE), got %du\n",
-                a, b, CONSTTIME_FALSE, equal);
-        return 1;
-    }
-    return 0;
-}
-
-static int test_eq_int_8(int a, int b)
-{
-    unsigned char equal = constant_time_eq_int_8(a, b);
-    if (a == b && equal != CONSTTIME_TRUE_8) {
-        fprintf(stderr, "Test failed for constant_time_eq_int_8(%d, %d): "
-                "expected %u(TRUE), got %u\n", a, b, CONSTTIME_TRUE_8, equal);
-        return 1;
-    } else if (a != b && equal != CONSTTIME_FALSE_8) {
-        fprintf(stderr, "Test failed for constant_time_eq_int_8(%d, %d): "
-                "expected %u(FALSE), got %u\n",
-                a, b, CONSTTIME_FALSE_8, equal);
-        return 1;
-    }
-    return 0;
-}
-
-static unsigned int test_values[] =
-    { 0, 1, 1024, 12345, 32000, UINT_MAX / 2 - 1,
-    UINT_MAX / 2, UINT_MAX / 2 + 1, UINT_MAX - 1,
-    UINT_MAX
-};
-
-static unsigned char test_values_8[] =
-    { 0, 1, 2, 20, 32, 127, 128, 129, 255 };
-
-static int signed_test_values[] = { 0, 1, -1, 1024, -1024, 12345, -12345,
-    32000, -32000, INT_MAX, INT_MIN, INT_MAX - 1,
-    INT_MIN + 1
-};
-
-int main(int argc, char *argv[])
-{
-    unsigned int a, b, i, j;
-    int c, d;
-    unsigned char e, f;
-    int num_failed = 0, num_all = 0;
-    fprintf(stdout, "Testing constant time operations...\n");
-
-    for (i = 0; i < sizeof(test_values) / sizeof(int); ++i) {
-        a = test_values[i];
-        num_failed += test_is_zero(a);
-        num_failed += test_is_zero_8(a);
-        num_all += 2;
-        for (j = 0; j < sizeof(test_values) / sizeof(int); ++j) {
-            b = test_values[j];
-            num_failed += test_binary_op(&constant_time_lt,
-                                         "constant_time_lt", a, b, a < b);
-            num_failed += test_binary_op_8(&constant_time_lt_8,
-                                           "constant_time_lt_8", a, b, a < b);
-            num_failed += test_binary_op(&constant_time_lt,
-                                         "constant_time_lt_8", b, a, b < a);
-            num_failed += test_binary_op_8(&constant_time_lt_8,
-                                           "constant_time_lt_8", b, a, b < a);
-            num_failed += test_binary_op(&constant_time_ge,
-                                         "constant_time_ge", a, b, a >= b);
-            num_failed += test_binary_op_8(&constant_time_ge_8,
-                                           "constant_time_ge_8", a, b,
-                                           a >= b);
-            num_failed +=
-                test_binary_op(&constant_time_ge, "constant_time_ge", b, a,
-                               b >= a);
-            num_failed +=
-                test_binary_op_8(&constant_time_ge_8, "constant_time_ge_8", b,
-                                 a, b >= a);
-            num_failed +=
-                test_binary_op(&constant_time_eq, "constant_time_eq", a, b,
-                               a == b);
-            num_failed +=
-                test_binary_op_8(&constant_time_eq_8, "constant_time_eq_8", a,
-                                 b, a == b);
-            num_failed +=
-                test_binary_op(&constant_time_eq, "constant_time_eq", b, a,
-                               b == a);
-            num_failed +=
-                test_binary_op_8(&constant_time_eq_8, "constant_time_eq_8", b,
-                                 a, b == a);
-            num_failed += test_select(a, b);
-            num_all += 13;
-        }
-    }
-
-    for (i = 0; i < sizeof(signed_test_values) / sizeof(int); ++i) {
-        c = signed_test_values[i];
-        for (j = 0; j < sizeof(signed_test_values) / sizeof(int); ++j) {
-            d = signed_test_values[j];
-            num_failed += test_select_int(c, d);
-            num_failed += test_eq_int(c, d);
-            num_failed += test_eq_int_8(c, d);
-            num_all += 3;
-        }
-    }
-
-    for (i = 0; i < sizeof(test_values_8); ++i) {
-        e = test_values_8[i];
-        for (j = 0; j < sizeof(test_values_8); ++j) {
-            f = test_values_8[j];
-            num_failed += test_select_8(e, f);
-            num_all += 1;
-        }
-    }
-
-    if (!num_failed) {
-        fprintf(stdout, "ok (ran %d tests)\n", num_all);
-        return EXIT_SUCCESS;
-    } else {
-        fprintf(stdout, "%d of %d tests failed!\n", num_failed, num_all);
-        return EXIT_FAILURE;
-    }
-}
diff --git a/freebsd/crypto/openssl/crypto/cpt_err.c b/freebsd/crypto/openssl/crypto/cpt_err.c
index ad9d6ce1..04b3fe3c 100644
--- a/freebsd/crypto/openssl/crypto/cpt_err.c
+++ b/freebsd/crypto/openssl/crypto/cpt_err.c
@@ -1,106 +1,79 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/cpt_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
 /*
- * NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
-#include <openssl/crypto.h>
+#include <openssl/cryptoerr.h>
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_CRYPTO,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_CRYPTO,0,reason)
-
-static ERR_STRING_DATA CRYPTO_str_functs[] = {
-    {ERR_FUNC(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX), "CRYPTO_get_ex_new_index"},
-    {ERR_FUNC(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID), "CRYPTO_get_new_dynlockid"},
-    {ERR_FUNC(CRYPTO_F_CRYPTO_GET_NEW_LOCKID), "CRYPTO_get_new_lockid"},
-    {ERR_FUNC(CRYPTO_F_CRYPTO_SET_EX_DATA), "CRYPTO_set_ex_data"},
-    {ERR_FUNC(CRYPTO_F_DEF_ADD_INDEX), "DEF_ADD_INDEX"},
-    {ERR_FUNC(CRYPTO_F_DEF_GET_CLASS), "DEF_GET_CLASS"},
-    {ERR_FUNC(CRYPTO_F_FIPS_MODE_SET), "FIPS_mode_set"},
-    {ERR_FUNC(CRYPTO_F_INT_DUP_EX_DATA), "INT_DUP_EX_DATA"},
-    {ERR_FUNC(CRYPTO_F_INT_FREE_EX_DATA), "INT_FREE_EX_DATA"},
-    {ERR_FUNC(CRYPTO_F_INT_NEW_EX_DATA), "INT_NEW_EX_DATA"},
+static const ERR_STRING_DATA CRYPTO_str_functs[] = {
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CMAC_CTX_NEW, 0), "CMAC_CTX_new"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_DUP_EX_DATA, 0),
+     "CRYPTO_dup_ex_data"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_FREE_EX_DATA, 0),
+     "CRYPTO_free_ex_data"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX, 0),
+     "CRYPTO_get_ex_new_index"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_MEMDUP, 0), "CRYPTO_memdup"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_NEW_EX_DATA, 0),
+     "CRYPTO_new_ex_data"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_OCB128_COPY_CTX, 0),
+     "CRYPTO_ocb128_copy_ctx"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_OCB128_INIT, 0),
+     "CRYPTO_ocb128_init"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_SET_EX_DATA, 0),
+     "CRYPTO_set_ex_data"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_FIPS_MODE_SET, 0), "FIPS_mode_set"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_GET_AND_LOCK, 0), "get_and_lock"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_ATEXIT, 0), "OPENSSL_atexit"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_BUF2HEXSTR, 0),
+     "OPENSSL_buf2hexstr"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_FOPEN, 0), "openssl_fopen"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_HEXSTR2BUF, 0),
+     "OPENSSL_hexstr2buf"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_INIT_CRYPTO, 0),
+     "OPENSSL_init_crypto"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_LH_NEW, 0), "OPENSSL_LH_new"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_SK_DEEP_COPY, 0),
+     "OPENSSL_sk_deep_copy"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_SK_DUP, 0), "OPENSSL_sk_dup"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_PKEY_HMAC_INIT, 0), "pkey_hmac_init"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_PKEY_POLY1305_INIT, 0),
+     "pkey_poly1305_init"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_PKEY_SIPHASH_INIT, 0),
+     "pkey_siphash_init"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_SK_RESERVE, 0), "sk_reserve"},
     {0, NULL}
 };
 
-static ERR_STRING_DATA CRYPTO_str_reasons[] = {
-    {ERR_REASON(CRYPTO_R_FIPS_MODE_NOT_SUPPORTED), "fips mode not supported"},
-    {ERR_REASON(CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK),
-     "no dynlock create callback"},
+static const ERR_STRING_DATA CRYPTO_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_FIPS_MODE_NOT_SUPPORTED),
+    "fips mode not supported"},
+    {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_ILLEGAL_HEX_DIGIT),
+    "illegal hex digit"},
+    {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_ODD_NUMBER_OF_DIGITS),
+    "odd number of digits"},
     {0, NULL}
 };
 
 #endif
 
-void ERR_load_CRYPTO_strings(void)
+int ERR_load_CRYPTO_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
-
     if (ERR_func_error_string(CRYPTO_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, CRYPTO_str_functs);
-        ERR_load_strings(0, CRYPTO_str_reasons);
+        ERR_load_strings_const(CRYPTO_str_functs);
+        ERR_load_strings_const(CRYPTO_str_reasons);
     }
 #endif
+    return 1;
 }
diff --git a/freebsd/crypto/openssl/crypto/cryptlib.c b/freebsd/crypto/openssl/crypto/cryptlib.c
index 8445beb9..1c2bf796 100644
--- a/freebsd/crypto/openssl/crypto/cryptlib.c
+++ b/freebsd/crypto/openssl/crypto/cryptlib.c
@@ -1,728 +1,155 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/cryptlib.c */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include "cryptlib.h"
+#include "e_os.h"
+#include "internal/cryptlib_int.h"
 #include <openssl/safestack.h>
 
-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
-static double SSLeay_MSVC5_hack = 0.0; /* and for VC1.5 */
-#endif
-
-DECLARE_STACK_OF(CRYPTO_dynlock)
-
-/* real #defines in crypto.h, keep these upto date */
-static const char *const lock_names[CRYPTO_NUM_LOCKS] = {
-    "<<ERROR>>",
-    "err",
-    "ex_data",
-    "x509",
-    "x509_info",
-    "x509_pkey",
-    "x509_crl",
-    "x509_req",
-    "dsa",
-    "rsa",
-    "evp_pkey",
-    "x509_store",
-    "ssl_ctx",
-    "ssl_cert",
-    "ssl_session",
-    "ssl_sess_cert",
-    "ssl",
-    "ssl_method",
-    "rand",
-    "rand2",
-    "debug_malloc",
-    "BIO",
-    "gethostbyname",
-    "getservbyname",
-    "readdir",
-    "RSA_blinding",
-    "dh",
-    "debug_malloc2",
-    "dso",
-    "dynlock",
-    "engine",
-    "ui",
-    "ecdsa",
-    "ec",
-    "ecdh",
-    "bn",
-    "ec_pre_comp",
-    "store",
-    "comp",
-    "fips",
-    "fips2",
-#if CRYPTO_NUM_LOCKS != 41
-# error "Inconsistency between crypto.h and cryptlib.c"
-#endif
-};
-
-/*
- * This is for applications to allocate new type names in the non-dynamic
- * array of lock names.  These are numbered with positive numbers.
- */
-static STACK_OF(OPENSSL_STRING) *app_locks = NULL;
-
-/*
- * For applications that want a more dynamic way of handling threads, the
- * following stack is used.  These are externally numbered with negative
- * numbers.
- */
-static STACK_OF(CRYPTO_dynlock) *dyn_locks = NULL;
-
-static void (MS_FAR *locking_callback) (int mode, int type,
-                                        const char *file, int line) = 0;
-static int (MS_FAR *add_lock_callback) (int *pointer, int amount,
-                                        int type, const char *file,
-                                        int line) = 0;
-#ifndef OPENSSL_NO_DEPRECATED
-static unsigned long (MS_FAR *id_callback) (void) = 0;
-#endif
-static void (MS_FAR *threadid_callback) (CRYPTO_THREADID *) = 0;
-static struct CRYPTO_dynlock_value *(MS_FAR *dynlock_create_callback)
- (const char *file, int line) = 0;
-static void (MS_FAR *dynlock_lock_callback) (int mode,
-                                             struct CRYPTO_dynlock_value *l,
-                                             const char *file, int line) = 0;
-static void (MS_FAR *dynlock_destroy_callback) (struct CRYPTO_dynlock_value
-                                                *l, const char *file,
-                                                int line) = 0;
-
-int CRYPTO_get_new_lockid(char *name)
-{
-    char *str;
-    int i;
-
-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
-    /*
-     * A hack to make Visual C++ 5.0 work correctly when linking as a DLL
-     * using /MT. Without this, the application cannot use any floating point
-     * printf's. It also seems to be needed for Visual C 1.5 (win16)
-     */
-    SSLeay_MSVC5_hack = (double)name[0] * (double)name[1];
-#endif
-
-    if ((app_locks == NULL)
-        && ((app_locks = sk_OPENSSL_STRING_new_null()) == NULL)) {
-        CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID, ERR_R_MALLOC_FAILURE);
-        return (0);
-    }
-    if ((str = BUF_strdup(name)) == NULL) {
-        CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID, ERR_R_MALLOC_FAILURE);
-        return (0);
-    }
-    i = sk_OPENSSL_STRING_push(app_locks, str);
-    if (!i)
-        OPENSSL_free(str);
-    else
-        i += CRYPTO_NUM_LOCKS;  /* gap of one :-) */
-    return (i);
-}
-
-int CRYPTO_num_locks(void)
-{
-    return CRYPTO_NUM_LOCKS;
-}
-
-int CRYPTO_get_new_dynlockid(void)
-{
-    int i = 0;
-    CRYPTO_dynlock *pointer = NULL;
-
-    if (dynlock_create_callback == NULL) {
-        CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,
-                  CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK);
-        return (0);
-    }
-    CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
-    if ((dyn_locks == NULL)
-        && ((dyn_locks = sk_CRYPTO_dynlock_new_null()) == NULL)) {
-        CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
-        CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID, ERR_R_MALLOC_FAILURE);
-        return (0);
-    }
-    CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
-
-    pointer = (CRYPTO_dynlock *) OPENSSL_malloc(sizeof(CRYPTO_dynlock));
-    if (pointer == NULL) {
-        CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID, ERR_R_MALLOC_FAILURE);
-        return (0);
-    }
-    pointer->references = 1;
-    pointer->data = dynlock_create_callback(__FILE__, __LINE__);
-    if (pointer->data == NULL) {
-        OPENSSL_free(pointer);
-        CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID, ERR_R_MALLOC_FAILURE);
-        return (0);
-    }
-
-    CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
-    /* First, try to find an existing empty slot */
-    i = sk_CRYPTO_dynlock_find(dyn_locks, NULL);
-    /* If there was none, push, thereby creating a new one */
-    if (i == -1)
-        /*
-         * Since sk_push() returns the number of items on the stack, not the
-         * location of the pushed item, we need to transform the returned
-         * number into a position, by decreasing it.
-         */
-        i = sk_CRYPTO_dynlock_push(dyn_locks, pointer) - 1;
-    else
-        /*
-         * If we found a place with a NULL pointer, put our pointer in it.
-         */
-        (void)sk_CRYPTO_dynlock_set(dyn_locks, i, pointer);
-    CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
-
-    if (i == -1) {
-        dynlock_destroy_callback(pointer->data, __FILE__, __LINE__);
-        OPENSSL_free(pointer);
-    } else
-        i += 1;                 /* to avoid 0 */
-    return -i;
-}
-
-void CRYPTO_destroy_dynlockid(int i)
-{
-    CRYPTO_dynlock *pointer = NULL;
-    if (i)
-        i = -i - 1;
-    if (dynlock_destroy_callback == NULL)
-        return;
-
-    CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
-
-    if (dyn_locks == NULL || i >= sk_CRYPTO_dynlock_num(dyn_locks)) {
-        CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
-        return;
-    }
-    pointer = sk_CRYPTO_dynlock_value(dyn_locks, i);
-    if (pointer != NULL) {
-        --pointer->references;
-#ifdef REF_CHECK
-        if (pointer->references < 0) {
-            fprintf(stderr,
-                    "CRYPTO_destroy_dynlockid, bad reference count\n");
-            abort();
-        } else
-#endif
-        if (pointer->references <= 0) {
-            (void)sk_CRYPTO_dynlock_set(dyn_locks, i, NULL);
-        } else
-            pointer = NULL;
-    }
-    CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
-
-    if (pointer) {
-        dynlock_destroy_callback(pointer->data, __FILE__, __LINE__);
-        OPENSSL_free(pointer);
-    }
-}
-
-struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i)
-{
-    CRYPTO_dynlock *pointer = NULL;
-    if (i)
-        i = -i - 1;
-
-    CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
-
-    if (dyn_locks != NULL && i < sk_CRYPTO_dynlock_num(dyn_locks))
-        pointer = sk_CRYPTO_dynlock_value(dyn_locks, i);
-    if (pointer)
-        pointer->references++;
-
-    CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
-
-    if (pointer)
-        return pointer->data;
-    return NULL;
-}
-
-struct CRYPTO_dynlock_value *(*CRYPTO_get_dynlock_create_callback(void))
- (const char *file, int line) {
-    return (dynlock_create_callback);
-}
-
-void (*CRYPTO_get_dynlock_lock_callback(void)) (int mode,
-                                                struct CRYPTO_dynlock_value
-                                                *l, const char *file,
-                                                int line) {
-    return (dynlock_lock_callback);
-}
-
-void (*CRYPTO_get_dynlock_destroy_callback(void))
- (struct CRYPTO_dynlock_value *l, const char *file, int line) {
-    return (dynlock_destroy_callback);
-}
-
-void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *(*func)
-                                         (const char *file, int line))
-{
-    dynlock_create_callback = func;
-}
-
-void CRYPTO_set_dynlock_lock_callback(void (*func) (int mode,
-                                                    struct
-                                                    CRYPTO_dynlock_value *l,
-                                                    const char *file,
-                                                    int line))
-{
-    dynlock_lock_callback = func;
-}
-
-void CRYPTO_set_dynlock_destroy_callback(void (*func)
-                                          (struct CRYPTO_dynlock_value *l,
-                                           const char *file, int line))
-{
-    dynlock_destroy_callback = func;
-}
-
-void (*CRYPTO_get_locking_callback(void)) (int mode, int type,
-                                           const char *file, int line) {
-    return (locking_callback);
-}
-
-int (*CRYPTO_get_add_lock_callback(void)) (int *num, int mount, int type,
-                                           const char *file, int line) {
-    return (add_lock_callback);
-}
+#if     defined(__i386)   || defined(__i386__)   || defined(_M_IX86) || \
+        defined(__x86_64) || defined(__x86_64__) || \
+        defined(_M_AMD64) || defined(_M_X64)
 
-void CRYPTO_set_locking_callback(void (*func) (int mode, int type,
-                                               const char *file, int line))
-{
-    /*
-     * Calling this here ensures initialisation before any threads are
-     * started.
-     */
-    OPENSSL_init();
-    locking_callback = func;
-}
+extern unsigned int OPENSSL_ia32cap_P[4];
 
-void CRYPTO_set_add_lock_callback(int (*func) (int *num, int mount, int type,
-                                               const char *file, int line))
-{
-    add_lock_callback = func;
-}
+# if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY)
 
 /*
- * the memset() here and in set_pointer() seem overkill, but for the sake of
- * CRYPTO_THREADID_cmp() this avoids any platform silliness that might cause
- * two "equal" THREADID structs to not be memcmp()-identical.
+ * Purpose of these minimalistic and character-type-agnostic subroutines
+ * is to break dependency on MSVCRT (on Windows) and locale. This makes
+ * OPENSSL_cpuid_setup safe to use as "constructor". "Character-type-
+ * agnostic" means that they work with either wide or 8-bit characters,
+ * exploiting the fact that first 127 characters can be simply casted
+ * between the sets, while the rest would be simply rejected by ossl_is*
+ * subroutines.
  */
-void CRYPTO_THREADID_set_numeric(CRYPTO_THREADID *id, unsigned long val)
-{
-    memset(id, 0, sizeof(*id));
-    id->val = val;
-}
+#  ifdef _WIN32
+typedef WCHAR variant_char;
 
-static const unsigned char hash_coeffs[] = { 3, 5, 7, 11, 13, 17, 19, 23 };
-
-void CRYPTO_THREADID_set_pointer(CRYPTO_THREADID *id, void *ptr)
+static variant_char *ossl_getenv(const char *name)
 {
-    unsigned char *dest = (void *)&id->val;
-    unsigned int accum = 0;
-    unsigned char dnum = sizeof(id->val);
-
-    memset(id, 0, sizeof(*id));
-    id->ptr = ptr;
-    if (sizeof(id->val) >= sizeof(id->ptr)) {
-        /*
-         * 'ptr' can be embedded in 'val' without loss of uniqueness
-         */
-        id->val = (unsigned long)id->ptr;
-        return;
-    }
     /*
-     * hash ptr ==> val. Each byte of 'val' gets the mod-256 total of a
-     * linear function over the bytes in 'ptr', the co-efficients of which
-     * are a sequence of low-primes (hash_coeffs is an 8-element cycle) - the
-     * starting prime for the sequence varies for each byte of 'val' (unique
-     * polynomials unless pointers are >64-bit). For added spice, the totals
-     * accumulate rather than restarting from zero, and the index of the
-     * 'val' byte is added each time (position dependence). If I was a
-     * black-belt, I'd scan big-endian pointers in reverse to give low-order
-     * bits more play, but this isn't crypto and I'd prefer nobody mistake it
-     * as such. Plus I'm lazy.
+     * Since we pull only one environment variable, it's simpler to
+     * to just ignore |name| and use equivalent wide-char L-literal.
+     * As well as to ignore excessively long values...
      */
-    while (dnum--) {
-        const unsigned char *src = (void *)&id->ptr;
-        unsigned char snum = sizeof(id->ptr);
-        while (snum--)
-            accum += *(src++) * hash_coeffs[(snum + dnum) & 7];
-        accum += dnum;
-        *(dest++) = accum & 255;
-    }
-}
-
-#ifdef OPENSSL_FIPS
-extern int FIPS_crypto_threadid_set_callback(void (*func) (CRYPTO_THREADID *));
-#endif
-
-int CRYPTO_THREADID_set_callback(void (*func) (CRYPTO_THREADID *))
-{
-    if (threadid_callback)
-        return 0;
-    threadid_callback = func;
-#ifdef OPENSSL_FIPS
-    FIPS_crypto_threadid_set_callback(func);
-#endif
-    return 1;
-}
-
-void (*CRYPTO_THREADID_get_callback(void)) (CRYPTO_THREADID *) {
-    return threadid_callback;
-}
-
-void CRYPTO_THREADID_current(CRYPTO_THREADID *id)
-{
-    if (threadid_callback) {
-        threadid_callback(id);
-        return;
-    }
-#ifndef OPENSSL_NO_DEPRECATED
-    /* If the deprecated callback was set, fall back to that */
-    if (id_callback) {
-        CRYPTO_THREADID_set_numeric(id, id_callback());
-        return;
-    }
-#endif
-    /* Else pick a backup */
-#ifdef OPENSSL_SYS_WIN16
-    CRYPTO_THREADID_set_numeric(id, (unsigned long)GetCurrentTask());
-#elif defined(OPENSSL_SYS_WIN32)
-    CRYPTO_THREADID_set_numeric(id, (unsigned long)GetCurrentThreadId());
-#elif defined(OPENSSL_SYS_BEOS)
-    CRYPTO_THREADID_set_numeric(id, (unsigned long)find_thread(NULL));
-#else
-    /* For everything else, default to using the address of 'errno' */
-    CRYPTO_THREADID_set_pointer(id, (void *)&errno);
-#endif
-}
+    static WCHAR value[48];
+    DWORD len = GetEnvironmentVariableW(L"OPENSSL_ia32cap", value, 48);
 
-int CRYPTO_THREADID_cmp(const CRYPTO_THREADID *a, const CRYPTO_THREADID *b)
-{
-    return memcmp(a, b, sizeof(*a));
-}
-
-void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dest, const CRYPTO_THREADID *src)
-{
-    memcpy(dest, src, sizeof(*src));
-}
-
-unsigned long CRYPTO_THREADID_hash(const CRYPTO_THREADID *id)
-{
-    return id->val;
-}
-
-#ifndef OPENSSL_NO_DEPRECATED
-unsigned long (*CRYPTO_get_id_callback(void)) (void) {
-    return (id_callback);
+    return (len > 0 && len < 48) ? value : NULL;
 }
+#  else
+typedef char variant_char;
+#   define ossl_getenv getenv
+#  endif
 
-void CRYPTO_set_id_callback(unsigned long (*func) (void))
-{
-    id_callback = func;
-}
+#  include "internal/ctype.h"
 
-unsigned long CRYPTO_thread_id(void)
+static int todigit(variant_char c)
 {
-    unsigned long ret = 0;
+    if (ossl_isdigit(c))
+        return c - '0';
+    else if (ossl_isxdigit(c))
+        return ossl_tolower(c) - 'a' + 10;
 
-    if (id_callback == NULL) {
-# ifdef OPENSSL_SYS_WIN16
-        ret = (unsigned long)GetCurrentTask();
-# elif defined(OPENSSL_SYS_WIN32)
-        ret = (unsigned long)GetCurrentThreadId();
-# elif defined(GETPID_IS_MEANINGLESS)
-        ret = 1L;
-# elif defined(OPENSSL_SYS_BEOS)
-        ret = (unsigned long)find_thread(NULL);
-# else
-        ret = (unsigned long)getpid();
-# endif
-    } else
-        ret = id_callback();
-    return (ret);
+    /* return largest base value to make caller terminate the loop */
+    return 16;
 }
-#endif
 
-void CRYPTO_lock(int mode, int type, const char *file, int line)
+static uint64_t ossl_strtouint64(const variant_char *str)
 {
-#ifdef LOCK_DEBUG
-    {
-        CRYPTO_THREADID id;
-        char *rw_text, *operation_text;
-
-        if (mode & CRYPTO_LOCK)
-            operation_text = "lock  ";
-        else if (mode & CRYPTO_UNLOCK)
-            operation_text = "unlock";
-        else
-            operation_text = "ERROR ";
+    uint64_t ret = 0;
+    unsigned int digit, base = 10;
 
-        if (mode & CRYPTO_READ)
-            rw_text = "r";
-        else if (mode & CRYPTO_WRITE)
-            rw_text = "w";
-        else
-            rw_text = "ERROR";
-
-        CRYPTO_THREADID_current(&id);
-        fprintf(stderr, "lock:%08lx:(%s)%s %-18s %s:%d\n",
-                CRYPTO_THREADID_hash(&id), rw_text, operation_text,
-                CRYPTO_get_lock_name(type), file, line);
+    if (*str == '0') {
+        base = 8, str++;
+        if (ossl_tolower(*str) == 'x')
+            base = 16, str++;
     }
-#endif
-    if (type < 0) {
-        if (dynlock_lock_callback != NULL) {
-            struct CRYPTO_dynlock_value *pointer
-                = CRYPTO_get_dynlock_value(type);
-
-            OPENSSL_assert(pointer != NULL);
 
-            dynlock_lock_callback(mode, pointer, file, line);
+    while((digit = todigit(*str++)) < base)
+        ret = ret * base + digit;
 
-            CRYPTO_destroy_dynlockid(type);
-        }
-    } else if (locking_callback != NULL)
-        locking_callback(mode, type, file, line);
+    return ret;
 }
 
-int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file,
-                    int line)
-{
-    int ret = 0;
-
-    if (add_lock_callback != NULL) {
-#ifdef LOCK_DEBUG
-        int before = *pointer;
-#endif
+static variant_char *ossl_strchr(const variant_char *str, char srch)
+{   variant_char c;
 
-        ret = add_lock_callback(pointer, amount, type, file, line);
-#ifdef LOCK_DEBUG
-        {
-            CRYPTO_THREADID id;
-            CRYPTO_THREADID_current(&id);
-            fprintf(stderr, "ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n",
-                    CRYPTO_THREADID_hash(&id), before, amount, ret,
-                    CRYPTO_get_lock_name(type), file, line);
-        }
-#endif
-    } else {
-        CRYPTO_lock(CRYPTO_LOCK | CRYPTO_WRITE, type, file, line);
-
-        ret = *pointer + amount;
-#ifdef LOCK_DEBUG
-        {
-            CRYPTO_THREADID id;
-            CRYPTO_THREADID_current(&id);
-            fprintf(stderr, "ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n",
-                    CRYPTO_THREADID_hash(&id),
-                    *pointer, amount, ret,
-                    CRYPTO_get_lock_name(type), file, line);
-        }
-#endif
-        *pointer = ret;
-        CRYPTO_lock(CRYPTO_UNLOCK | CRYPTO_WRITE, type, file, line);
+    while((c = *str)) {
+        if (c == srch)
+	    return (variant_char *)str;
+        str++;
     }
-    return (ret);
-}
-
-const char *CRYPTO_get_lock_name(int type)
-{
-    if (type < 0)
-        return ("dynamic");
-    else if (type < CRYPTO_NUM_LOCKS)
-        return (lock_names[type]);
-    else if (type - CRYPTO_NUM_LOCKS > sk_OPENSSL_STRING_num(app_locks))
-        return ("ERROR");
-    else
-        return (sk_OPENSSL_STRING_value(app_locks, type - CRYPTO_NUM_LOCKS));
-}
-
-#if     defined(__i386)   || defined(__i386__)   || defined(_M_IX86) || \
-        defined(__INTEL__) || \
-        defined(__x86_64) || defined(__x86_64__) || \
-        defined(_M_AMD64) || defined(_M_X64)
-
-extern unsigned int OPENSSL_ia32cap_P[4];
-unsigned long *OPENSSL_ia32cap_loc(void)
-{
-    if (sizeof(long) == 4)
-        /*
-         * If 32-bit application pulls address of OPENSSL_ia32cap_P[0]
-         * clear second element to maintain the illusion that vector
-         * is 32-bit.
-         */
-        OPENSSL_ia32cap_P[1] = 0;
-
-    OPENSSL_ia32cap_P[2] = 0;
 
-    return (unsigned long *)OPENSSL_ia32cap_P;
+    return NULL;
 }
 
-# if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY)
 #  define OPENSSL_CPUID_SETUP
-#  if defined(_WIN32)
-typedef unsigned __int64 IA32CAP;
-#  else
-typedef unsigned long long IA32CAP;
-#  endif
+typedef uint64_t IA32CAP;
+
 void OPENSSL_cpuid_setup(void)
 {
     static int trigger = 0;
     IA32CAP OPENSSL_ia32_cpuid(unsigned int *);
     IA32CAP vec;
-    char *env;
+    const variant_char *env;
 
     if (trigger)
         return;
 
     trigger = 1;
-    if ((env = getenv("OPENSSL_ia32cap"))) {
+    if ((env = ossl_getenv("OPENSSL_ia32cap")) != NULL) {
         int off = (env[0] == '~') ? 1 : 0;
-#  if defined(_WIN32)
-        if (!sscanf(env + off, "%I64i", &vec))
-            vec = strtoul(env + off, NULL, 0);
-#  else
-        if (!sscanf(env + off, "%lli", (long long *)&vec))
-            vec = strtoul(env + off, NULL, 0);
-#  endif
-        if (off)
-            vec = OPENSSL_ia32_cpuid(OPENSSL_ia32cap_P) & ~vec;
-        else if (env[0] == ':')
+
+        vec = ossl_strtouint64(env + off);
+
+        if (off) {
+            IA32CAP mask = vec;
+            vec = OPENSSL_ia32_cpuid(OPENSSL_ia32cap_P) & ~mask;
+            if (mask & (1<<24)) {
+                /*
+                 * User disables FXSR bit, mask even other capabilities
+                 * that operate exclusively on XMM, so we don't have to
+                 * double-check all the time. We mask PCLMULQDQ, AMD XOP,
+                 * AES-NI and AVX. Formally speaking we don't have to
+                 * do it in x86_64 case, but we can safely assume that
+                 * x86_64 users won't actually flip this flag.
+                 */
+                vec &= ~((IA32CAP)(1<<1|1<<11|1<<25|1<<28) << 32);
+            }
+        } else if (env[0] == ':') {
             vec = OPENSSL_ia32_cpuid(OPENSSL_ia32cap_P);
+        }
+
+        if ((env = ossl_strchr(env, ':')) != NULL) {
+            IA32CAP vecx;
 
-        OPENSSL_ia32cap_P[2] = 0;
-        if ((env = strchr(env, ':'))) {
-            unsigned int vecx;
             env++;
             off = (env[0] == '~') ? 1 : 0;
-            vecx = strtoul(env + off, NULL, 0);
-            if (off)
-                OPENSSL_ia32cap_P[2] &= ~vecx;
-            else
-                OPENSSL_ia32cap_P[2] = vecx;
+            vecx = ossl_strtouint64(env + off);
+            if (off) {
+                OPENSSL_ia32cap_P[2] &= ~(unsigned int)vecx;
+                OPENSSL_ia32cap_P[3] &= ~(unsigned int)(vecx >> 32);
+            } else {
+                OPENSSL_ia32cap_P[2] = (unsigned int)vecx;
+                OPENSSL_ia32cap_P[3] = (unsigned int)(vecx >> 32);
+            }
+        } else {
+            OPENSSL_ia32cap_P[2] = 0;
+            OPENSSL_ia32cap_P[3] = 0;
         }
-    } else
+    } else {
         vec = OPENSSL_ia32_cpuid(OPENSSL_ia32cap_P);
+    }
 
     /*
      * |(1<<10) sets a reserved bit to signal that variable
@@ -735,68 +162,14 @@ void OPENSSL_cpuid_setup(void)
 # else
 unsigned int OPENSSL_ia32cap_P[4];
 # endif
-
-#else
-unsigned long *OPENSSL_ia32cap_loc(void)
-{
-    return NULL;
-}
 #endif
-int OPENSSL_NONPIC_relocated = 0;
 #if !defined(OPENSSL_CPUID_SETUP) && !defined(OPENSSL_CPUID_OBJ)
 void OPENSSL_cpuid_setup(void)
 {
 }
 #endif
 
-#if (defined(_WIN32) || defined(__CYGWIN__)) && defined(_WINDLL)
-# ifdef __CYGWIN__
-/* pick DLL_[PROCESS|THREAD]_[ATTACH|DETACH] definitions */
-#  include <windows.h>
-/*
- * this has side-effect of _WIN32 getting defined, which otherwise is
- * mutually exclusive with __CYGWIN__...
- */
-# endif
-
-/*
- * All we really need to do is remove the 'error' state when a thread
- * detaches
- */
-
-BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
-{
-    switch (fdwReason) {
-    case DLL_PROCESS_ATTACH:
-        OPENSSL_cpuid_setup();
-# if defined(_WIN32_WINNT)
-        {
-            IMAGE_DOS_HEADER *dos_header = (IMAGE_DOS_HEADER *) hinstDLL;
-            IMAGE_NT_HEADERS *nt_headers;
-
-            if (dos_header->e_magic == IMAGE_DOS_SIGNATURE) {
-                nt_headers = (IMAGE_NT_HEADERS *) ((char *)dos_header
-                                                   + dos_header->e_lfanew);
-                if (nt_headers->Signature == IMAGE_NT_SIGNATURE &&
-                    hinstDLL !=
-                    (HINSTANCE) (nt_headers->OptionalHeader.ImageBase))
-                    OPENSSL_NONPIC_relocated = 1;
-            }
-        }
-# endif
-        break;
-    case DLL_THREAD_ATTACH:
-        break;
-    case DLL_THREAD_DETACH:
-        break;
-    case DLL_PROCESS_DETACH:
-        break;
-    }
-    return (TRUE);
-}
-#endif
-
-#if defined(_WIN32) && !defined(__CYGWIN__)
+#if defined(_WIN32)
 # include <tchar.h>
 # include <signal.h>
 # ifdef __WATCOMC__
@@ -811,6 +184,14 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
 # endif
 
 # if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
+#  ifdef OPENSSL_SYS_WIN_CORE
+
+int OPENSSL_isservice(void)
+{
+    /* OneCore API cannot interact with GUI */
+    return 1;
+}
+#  else
 int OPENSSL_isservice(void)
 {
     HWINSTA h;
@@ -818,17 +199,21 @@ int OPENSSL_isservice(void)
     WCHAR *name;
     static union {
         void *p;
-        int (*f) (void);
+        FARPROC f;
     } _OPENSSL_isservice = {
         NULL
     };
 
     if (_OPENSSL_isservice.p == NULL) {
-        HANDLE h = GetModuleHandle(NULL);
-        if (h != NULL)
-            _OPENSSL_isservice.p = GetProcAddress(h, "_OPENSSL_isservice");
-        if (_OPENSSL_isservice.p == NULL)
+        HANDLE mod = GetModuleHandle(NULL);
+        FARPROC f;
+
+        if (mod != NULL)
+            f = GetProcAddress(mod, "_OPENSSL_isservice");
+        if (f == NULL)
             _OPENSSL_isservice.p = (void *)-1;
+        else
+            _OPENSSL_isservice.f = f;
     }
 
     if (_OPENSSL_isservice.p != (void *)-1)
@@ -851,7 +236,7 @@ int OPENSSL_isservice(void)
 
     len++, len &= ~1;           /* paranoia */
     name[len / sizeof(WCHAR)] = L'\0'; /* paranoia */
-#  if 1
+#   if 1
     /*
      * This doesn't cover "interactive" services [working with real
      * WinSta0's] nor programs started non-interactively by Task Scheduler
@@ -859,14 +244,15 @@ int OPENSSL_isservice(void)
      */
     if (wcsstr(name, L"Service-0x"))
         return 1;
-#  else
+#   else
     /* This covers all non-interactive programs such as services. */
     if (!wcsstr(name, L"WinSta0"))
         return 1;
-#  endif
+#   endif
     else
         return 0;
 }
+#  endif
 # else
 int OPENSSL_isservice(void)
 {
@@ -879,7 +265,13 @@ void OPENSSL_showfatal(const char *fmta, ...)
     va_list ap;
     TCHAR buf[256];
     const TCHAR *fmt;
-# ifdef STD_ERROR_HANDLE        /* what a dirty trick! */
+    /*
+     * First check if it's a console application, in which case the
+     * error message would be printed to standard error.
+     * Windows CE does not have a concept of a console application,
+     * so we need to guard the check.
+     */
+# ifdef STD_ERROR_HANDLE
     HANDLE h;
 
     if ((h = GetStdHandle(STD_ERROR_HANDLE)) != NULL &&
@@ -909,12 +301,9 @@ void OPENSSL_showfatal(const char *fmta, ...)
                 fmt = (const TCHAR *)L"no stack?";
                 break;
             }
-# ifndef OPENSSL_NO_MULTIBYTE
             if (!MultiByteToWideChar(CP_ACP, 0, fmta, len_0, fmtw, len_0))
-# endif
                 for (i = 0; i < len_0; i++)
                     fmtw[i] = (WCHAR)fmta[i];
-
             for (i = 0; i < len_0; i++) {
                 if (fmtw[i] == L'%')
                     do {
@@ -955,11 +344,29 @@ void OPENSSL_showfatal(const char *fmta, ...)
         } while (0);
 
     va_start(ap, fmta);
-    _vsntprintf(buf, sizeof(buf) / sizeof(TCHAR) - 1, fmt, ap);
-    buf[sizeof(buf) / sizeof(TCHAR) - 1] = _T('\0');
+    _vsntprintf(buf, OSSL_NELEM(buf) - 1, fmt, ap);
+    buf[OSSL_NELEM(buf) - 1] = _T('\0');
     va_end(ap);
 
 # if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
+#  ifdef OPENSSL_SYS_WIN_CORE
+    /* ONECORE is always NONGUI and NT >= 0x0601 */
+
+    /*
+    * TODO: (For non GUI and no std error cases)
+    * Add event logging feature here. 
+    */
+    
+#   if !defined(NDEBUG)
+        /*
+        * We are in a situation where we tried to report a critical
+        * error and this failed for some reason. As a last resort,
+        * in debug builds, send output to the debugger or any other
+        * tool like DebugView which can monitor the output.
+        */
+        OutputDebugString(buf);
+#   endif
+#  else
     /* this -------------v--- guards NT-specific calls */
     if (check_winnt() && OPENSSL_isservice() > 0) {
         HANDLE hEventLog = RegisterEventSource(NULL, _T("OpenSSL"));
@@ -969,7 +376,7 @@ void OPENSSL_showfatal(const char *fmta, ...)
 
             if (!ReportEvent(hEventLog, EVENTLOG_ERROR_TYPE, 0, 0, NULL,
                              1, 0, &pmsg, NULL)) {
-#if defined(DEBUG)
+#   if !defined(NDEBUG)
                 /*
                  * We are in a situation where we tried to report a critical
                  * error and this failed for some reason. As a last resort,
@@ -977,23 +384,29 @@ void OPENSSL_showfatal(const char *fmta, ...)
                  * tool like DebugView which can monitor the output.
                  */
                 OutputDebugString(pmsg);
-#endif
+#   endif
             }
 
             (void)DeregisterEventSource(hEventLog);
         }
-    } else
-# endif
+    } else {
         MessageBox(NULL, buf, _T("OpenSSL: FATAL"), MB_OK | MB_ICONERROR);
+    }
+#  endif
+# else
+    MessageBox(NULL, buf, _T("OpenSSL: FATAL"), MB_OK | MB_ICONERROR);
+# endif     
 }
 #else
 void OPENSSL_showfatal(const char *fmta, ...)
 {
+#ifndef OPENSSL_NO_STDIO
     va_list ap;
 
     va_start(ap, fmta);
     vfprintf(stderr, fmta, ap);
     va_end(ap);
+#endif
 }
 
 int OPENSSL_isservice(void)
@@ -1002,12 +415,11 @@ int OPENSSL_isservice(void)
 }
 #endif
 
-void OpenSSLDie(const char *file, int line, const char *assertion)
+void OPENSSL_die(const char *message, const char *file, int line)
 {
-    OPENSSL_showfatal
-        ("%s(%d): OpenSSL internal error, assertion failed: %s\n", file, line,
-         assertion);
-#if !defined(_WIN32) || defined(__CYGWIN__)
+    OPENSSL_showfatal("%s:%d: OpenSSL internal error: %s\n",
+                      file, line, message);
+#if !defined(_WIN32)
     abort();
 #else
     /*
@@ -1020,12 +432,17 @@ void OpenSSLDie(const char *file, int line, const char *assertion)
 #endif
 }
 
-void *OPENSSL_stderr(void)
-{
-    return stderr;
-}
-
-int CRYPTO_memcmp(const volatile void *in_a, const volatile void *in_b, size_t len)
+#if !defined(OPENSSL_CPUID_OBJ)
+/*
+ * The volatile is used to to ensure that the compiler generates code that reads
+ * all values from the array and doesn't try to optimize this away. The standard
+ * doesn't actually require this behavior if the original data pointed to is
+ * not volatile, but compilers do this in practice anyway.
+ *
+ * There are also assembler versions of this function.
+ */
+# undef CRYPTO_memcmp
+int CRYPTO_memcmp(const void * in_a, const void * in_b, size_t len)
 {
     size_t i;
     const volatile unsigned char *a = in_a;
@@ -1037,3 +454,12 @@ int CRYPTO_memcmp(const volatile void *in_a, const volatile void *in_b, size_t l
 
     return x;
 }
+
+/*
+ * For systems that don't provide an instruction counter register or equivalent.
+ */
+uint32_t OPENSSL_rdtsc(void)
+{
+    return 0;
+}
+#endif
diff --git a/freebsd/crypto/openssl/crypto/cryptlib.h b/freebsd/crypto/openssl/crypto/cryptlib.h
deleted file mode 100644
index fba180a6..00000000
--- a/freebsd/crypto/openssl/crypto/cryptlib.h
+++ /dev/null
@@ -1,111 +0,0 @@
-/* crypto/cryptlib.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_CRYPTLIB_H
-# define HEADER_CRYPTLIB_H
-
-# include <stdlib.h>
-# include <string.h>
-
-# include "e_os.h"
-
-# ifdef OPENSSL_USE_APPLINK
-#  define BIO_FLAGS_UPLINK 0x8000
-#  include "ms/uplink.h"
-# endif
-
-# include <openssl/crypto.h>
-# include <openssl/buffer.h>
-# include <openssl/bio.h>
-# include <openssl/err.h>
-# include <openssl/opensslconf.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-# ifndef OPENSSL_SYS_VMS
-#  define X509_CERT_AREA          OPENSSLDIR
-#  define X509_CERT_DIR           OPENSSLDIR "/certs"
-#  define X509_CERT_FILE          OPENSSLDIR "/cert.pem"
-#  define X509_PRIVATE_DIR        OPENSSLDIR "/private"
-# else
-#  define X509_CERT_AREA          "SSLROOT:[000000]"
-#  define X509_CERT_DIR           "SSLCERTS:"
-#  define X509_CERT_FILE          "SSLCERTS:cert.pem"
-#  define X509_PRIVATE_DIR        "SSLPRIVATE:"
-# endif
-
-# define X509_CERT_DIR_EVP        "SSL_CERT_DIR"
-# define X509_CERT_FILE_EVP       "SSL_CERT_FILE"
-
-/* size of string representations */
-# define DECIMAL_SIZE(type)      ((sizeof(type)*8+2)/3+1)
-# define HEX_SIZE(type)          (sizeof(type)*2)
-
-void OPENSSL_cpuid_setup(void);
-extern unsigned int OPENSSL_ia32cap_P[];
-void OPENSSL_showfatal(const char *fmta, ...);
-void *OPENSSL_stderr(void);
-extern int OPENSSL_NONPIC_relocated;
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/freebsd/crypto/openssl/crypto/crypto.h b/freebsd/crypto/openssl/crypto/crypto.h
deleted file mode 100644
index 6c644ce1..00000000
--- a/freebsd/crypto/openssl/crypto/crypto.h
+++ /dev/null
@@ -1,661 +0,0 @@
-/* crypto/crypto.h */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-#ifndef HEADER_CRYPTO_H
-# define HEADER_CRYPTO_H
-
-# include <stdlib.h>
-
-# include <openssl/e_os2.h>
-
-# ifndef OPENSSL_NO_FP_API
-#  include <stdio.h>
-# endif
-
-# include <openssl/stack.h>
-# include <openssl/safestack.h>
-# include <openssl/opensslv.h>
-# include <openssl/ossl_typ.h>
-
-# ifdef CHARSET_EBCDIC
-#  include <openssl/ebcdic.h>
-# endif
-
-/*
- * Resolve problems on some operating systems with symbol names that clash
- * one way or another
- */
-# include <openssl/symhacks.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* Backward compatibility to SSLeay */
-/*
- * This is more to be used to check the correct DLL is being used in the MS
- * world.
- */
-# define SSLEAY_VERSION_NUMBER   OPENSSL_VERSION_NUMBER
-# define SSLEAY_VERSION          0
-/* #define SSLEAY_OPTIONS       1 no longer supported */
-# define SSLEAY_CFLAGS           2
-# define SSLEAY_BUILT_ON         3
-# define SSLEAY_PLATFORM         4
-# define SSLEAY_DIR              5
-
-/* Already declared in ossl_typ.h */
-# if 0
-typedef struct crypto_ex_data_st CRYPTO_EX_DATA;
-/* Called when a new object is created */
-typedef int CRYPTO_EX_new (void *parent, void *ptr, CRYPTO_EX_DATA *ad,
-                           int idx, long argl, void *argp);
-/* Called when an object is free()ed */
-typedef void CRYPTO_EX_free (void *parent, void *ptr, CRYPTO_EX_DATA *ad,
-                             int idx, long argl, void *argp);
-/* Called when we need to dup an object */
-typedef int CRYPTO_EX_dup (CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from,
-                           void *from_d, int idx, long argl, void *argp);
-# endif
-
-/* A generic structure to pass assorted data in a expandable way */
-typedef struct openssl_item_st {
-    int code;
-    void *value;                /* Not used for flag attributes */
-    size_t value_size;          /* Max size of value for output, length for
-                                 * input */
-    size_t *value_length;       /* Returned length of value for output */
-} OPENSSL_ITEM;
-
-/*
- * When changing the CRYPTO_LOCK_* list, be sure to maintin the text lock
- * names in cryptlib.c
- */
-
-# define CRYPTO_LOCK_ERR                 1
-# define CRYPTO_LOCK_EX_DATA             2
-# define CRYPTO_LOCK_X509                3
-# define CRYPTO_LOCK_X509_INFO           4
-# define CRYPTO_LOCK_X509_PKEY           5
-# define CRYPTO_LOCK_X509_CRL            6
-# define CRYPTO_LOCK_X509_REQ            7
-# define CRYPTO_LOCK_DSA                 8
-# define CRYPTO_LOCK_RSA                 9
-# define CRYPTO_LOCK_EVP_PKEY            10
-# define CRYPTO_LOCK_X509_STORE          11
-# define CRYPTO_LOCK_SSL_CTX             12
-# define CRYPTO_LOCK_SSL_CERT            13
-# define CRYPTO_LOCK_SSL_SESSION         14
-# define CRYPTO_LOCK_SSL_SESS_CERT       15
-# define CRYPTO_LOCK_SSL                 16
-# define CRYPTO_LOCK_SSL_METHOD          17
-# define CRYPTO_LOCK_RAND                18
-# define CRYPTO_LOCK_RAND2               19
-# define CRYPTO_LOCK_MALLOC              20
-# define CRYPTO_LOCK_BIO                 21
-# define CRYPTO_LOCK_GETHOSTBYNAME       22
-# define CRYPTO_LOCK_GETSERVBYNAME       23
-# define CRYPTO_LOCK_READDIR             24
-# define CRYPTO_LOCK_RSA_BLINDING        25
-# define CRYPTO_LOCK_DH                  26
-# define CRYPTO_LOCK_MALLOC2             27
-# define CRYPTO_LOCK_DSO                 28
-# define CRYPTO_LOCK_DYNLOCK             29
-# define CRYPTO_LOCK_ENGINE              30
-# define CRYPTO_LOCK_UI                  31
-# define CRYPTO_LOCK_ECDSA               32
-# define CRYPTO_LOCK_EC                  33
-# define CRYPTO_LOCK_ECDH                34
-# define CRYPTO_LOCK_BN                  35
-# define CRYPTO_LOCK_EC_PRE_COMP         36
-# define CRYPTO_LOCK_STORE               37
-# define CRYPTO_LOCK_COMP                38
-# define CRYPTO_LOCK_FIPS                39
-# define CRYPTO_LOCK_FIPS2               40
-# define CRYPTO_NUM_LOCKS                41
-
-# define CRYPTO_LOCK             1
-# define CRYPTO_UNLOCK           2
-# define CRYPTO_READ             4
-# define CRYPTO_WRITE            8
-
-# ifndef OPENSSL_NO_LOCKING
-#  ifndef CRYPTO_w_lock
-#   define CRYPTO_w_lock(type)     \
-        CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
-#   define CRYPTO_w_unlock(type)   \
-        CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
-#   define CRYPTO_r_lock(type)     \
-        CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
-#   define CRYPTO_r_unlock(type)   \
-        CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
-#   define CRYPTO_add(addr,amount,type)    \
-        CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
-#  endif
-# else
-#  define CRYPTO_w_lock(a)
-#  define CRYPTO_w_unlock(a)
-#  define CRYPTO_r_lock(a)
-#  define CRYPTO_r_unlock(a)
-#  define CRYPTO_add(a,b,c)       ((*(a))+=(b))
-# endif
-
-/*
- * Some applications as well as some parts of OpenSSL need to allocate and
- * deallocate locks in a dynamic fashion.  The following typedef makes this
- * possible in a type-safe manner.
- */
-/* struct CRYPTO_dynlock_value has to be defined by the application. */
-typedef struct {
-    int references;
-    struct CRYPTO_dynlock_value *data;
-} CRYPTO_dynlock;
-
-/*
- * The following can be used to detect memory leaks in the SSLeay library. It
- * used, it turns on malloc checking
- */
-
-# define CRYPTO_MEM_CHECK_OFF    0x0/* an enume */
-# define CRYPTO_MEM_CHECK_ON     0x1/* a bit */
-# define CRYPTO_MEM_CHECK_ENABLE 0x2/* a bit */
-# define CRYPTO_MEM_CHECK_DISABLE 0x3/* an enume */
-
-/*
- * The following are bit values to turn on or off options connected to the
- * malloc checking functionality
- */
-
-/* Adds time to the memory checking information */
-# define V_CRYPTO_MDEBUG_TIME    0x1/* a bit */
-/* Adds thread number to the memory checking information */
-# define V_CRYPTO_MDEBUG_THREAD  0x2/* a bit */
-
-# define V_CRYPTO_MDEBUG_ALL (V_CRYPTO_MDEBUG_TIME | V_CRYPTO_MDEBUG_THREAD)
-
-/* predec of the BIO type */
-typedef struct bio_st BIO_dummy;
-
-struct crypto_ex_data_st {
-    STACK_OF(void) *sk;
-    /* gcc is screwing up this data structure :-( */
-    int dummy;
-};
-DECLARE_STACK_OF(void)
-
-/*
- * This stuff is basically class callback functions The current classes are
- * SSL_CTX, SSL, SSL_SESSION, and a few more
- */
-
-typedef struct crypto_ex_data_func_st {
-    long argl;                  /* Arbitary long */
-    void *argp;                 /* Arbitary void * */
-    CRYPTO_EX_new *new_func;
-    CRYPTO_EX_free *free_func;
-    CRYPTO_EX_dup *dup_func;
-} CRYPTO_EX_DATA_FUNCS;
-
-DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS)
-
-/*
- * Per class, we have a STACK of CRYPTO_EX_DATA_FUNCS for each CRYPTO_EX_DATA
- * entry.
- */
-
-# define CRYPTO_EX_INDEX_BIO             0
-# define CRYPTO_EX_INDEX_SSL             1
-# define CRYPTO_EX_INDEX_SSL_CTX         2
-# define CRYPTO_EX_INDEX_SSL_SESSION     3
-# define CRYPTO_EX_INDEX_X509_STORE      4
-# define CRYPTO_EX_INDEX_X509_STORE_CTX  5
-# define CRYPTO_EX_INDEX_RSA             6
-# define CRYPTO_EX_INDEX_DSA             7
-# define CRYPTO_EX_INDEX_DH              8
-# define CRYPTO_EX_INDEX_ENGINE          9
-# define CRYPTO_EX_INDEX_X509            10
-# define CRYPTO_EX_INDEX_UI              11
-# define CRYPTO_EX_INDEX_ECDSA           12
-# define CRYPTO_EX_INDEX_ECDH            13
-# define CRYPTO_EX_INDEX_COMP            14
-# define CRYPTO_EX_INDEX_STORE           15
-
-/*
- * Dynamically assigned indexes start from this value (don't use directly,
- * use via CRYPTO_ex_data_new_class).
- */
-# define CRYPTO_EX_INDEX_USER            100
-
-/*
- * This is the default callbacks, but we can have others as well: this is
- * needed in Win32 where the application malloc and the library malloc may
- * not be the same.
- */
-# define CRYPTO_malloc_init()    CRYPTO_set_mem_functions(\
-        malloc, realloc, free)
-
-# if defined CRYPTO_MDEBUG_ALL || defined CRYPTO_MDEBUG_TIME || defined CRYPTO_MDEBUG_THREAD
-#  ifndef CRYPTO_MDEBUG         /* avoid duplicate #define */
-#   define CRYPTO_MDEBUG
-#  endif
-# endif
-
-/*
- * Set standard debugging functions (not done by default unless CRYPTO_MDEBUG
- * is defined)
- */
-# define CRYPTO_malloc_debug_init()      do {\
-        CRYPTO_set_mem_debug_functions(\
-                CRYPTO_dbg_malloc,\
-                CRYPTO_dbg_realloc,\
-                CRYPTO_dbg_free,\
-                CRYPTO_dbg_set_options,\
-                CRYPTO_dbg_get_options);\
-        } while(0)
-
-int CRYPTO_mem_ctrl(int mode);
-int CRYPTO_is_mem_check_on(void);
-
-/* for applications */
-# define MemCheck_start() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON)
-# define MemCheck_stop() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF)
-
-/* for library-internal use */
-# define MemCheck_on()   CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE)
-# define MemCheck_off()  CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)
-# define is_MemCheck_on() CRYPTO_is_mem_check_on()
-
-# define OPENSSL_malloc(num)     CRYPTO_malloc((int)num,__FILE__,__LINE__)
-# define OPENSSL_strdup(str)     CRYPTO_strdup((str),__FILE__,__LINE__)
-# define OPENSSL_realloc(addr,num) \
-        CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
-# define OPENSSL_realloc_clean(addr,old_num,num) \
-        CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)
-# define OPENSSL_remalloc(addr,num) \
-        CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
-# define OPENSSL_freeFunc        CRYPTO_free
-# define OPENSSL_free(addr)      CRYPTO_free(addr)
-
-# define OPENSSL_malloc_locked(num) \
-        CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)
-# define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)
-
-const char *SSLeay_version(int type);
-unsigned long SSLeay(void);
-
-int OPENSSL_issetugid(void);
-
-/* An opaque type representing an implementation of "ex_data" support */
-typedef struct st_CRYPTO_EX_DATA_IMPL CRYPTO_EX_DATA_IMPL;
-/* Return an opaque pointer to the current "ex_data" implementation */
-const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation(void);
-/* Sets the "ex_data" implementation to be used (if it's not too late) */
-int CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i);
-/* Get a new "ex_data" class, and return the corresponding "class_index" */
-int CRYPTO_ex_data_new_class(void);
-/* Within a given class, get/register a new index */
-int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,
-                            CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
-                            CRYPTO_EX_free *free_func);
-/*
- * Initialise/duplicate/free CRYPTO_EX_DATA variables corresponding to a
- * given class (invokes whatever per-class callbacks are applicable)
- */
-int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad);
-int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
-                       CRYPTO_EX_DATA *from);
-void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad);
-/*
- * Get/set data in a CRYPTO_EX_DATA variable corresponding to a particular
- * index (relative to the class type involved)
- */
-int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val);
-void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx);
-/*
- * This function cleans up all "ex_data" state. It mustn't be called under
- * potential race-conditions.
- */
-void CRYPTO_cleanup_all_ex_data(void);
-
-int CRYPTO_get_new_lockid(char *name);
-
-int CRYPTO_num_locks(void);     /* return CRYPTO_NUM_LOCKS (shared libs!) */
-void CRYPTO_lock(int mode, int type, const char *file, int line);
-void CRYPTO_set_locking_callback(void (*func) (int mode, int type,
-                                               const char *file, int line));
-void (*CRYPTO_get_locking_callback(void)) (int mode, int type,
-                                           const char *file, int line);
-void CRYPTO_set_add_lock_callback(int (*func)
-                                   (int *num, int mount, int type,
-                                    const char *file, int line));
-int (*CRYPTO_get_add_lock_callback(void)) (int *num, int mount, int type,
-                                           const char *file, int line);
-
-/* Don't use this structure directly. */
-typedef struct crypto_threadid_st {
-    void *ptr;
-    unsigned long val;
-} CRYPTO_THREADID;
-/* Only use CRYPTO_THREADID_set_[numeric|pointer]() within callbacks */
-void CRYPTO_THREADID_set_numeric(CRYPTO_THREADID *id, unsigned long val);
-void CRYPTO_THREADID_set_pointer(CRYPTO_THREADID *id, void *ptr);
-int CRYPTO_THREADID_set_callback(void (*threadid_func) (CRYPTO_THREADID *));
-void (*CRYPTO_THREADID_get_callback(void)) (CRYPTO_THREADID *);
-void CRYPTO_THREADID_current(CRYPTO_THREADID *id);
-int CRYPTO_THREADID_cmp(const CRYPTO_THREADID *a, const CRYPTO_THREADID *b);
-void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dest, const CRYPTO_THREADID *src);
-unsigned long CRYPTO_THREADID_hash(const CRYPTO_THREADID *id);
-# ifndef OPENSSL_NO_DEPRECATED
-void CRYPTO_set_id_callback(unsigned long (*func) (void));
-unsigned long (*CRYPTO_get_id_callback(void)) (void);
-unsigned long CRYPTO_thread_id(void);
-# endif
-
-const char *CRYPTO_get_lock_name(int type);
-int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file,
-                    int line);
-
-int CRYPTO_get_new_dynlockid(void);
-void CRYPTO_destroy_dynlockid(int i);
-struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i);
-void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value
-                                        *(*dyn_create_function) (const char
-                                                                 *file,
-                                                                 int line));
-void CRYPTO_set_dynlock_lock_callback(void (*dyn_lock_function)
-                                       (int mode,
-                                        struct CRYPTO_dynlock_value *l,
-                                        const char *file, int line));
-void CRYPTO_set_dynlock_destroy_callback(void (*dyn_destroy_function)
-                                          (struct CRYPTO_dynlock_value *l,
-                                           const char *file, int line));
-struct CRYPTO_dynlock_value
-*(*CRYPTO_get_dynlock_create_callback(void)) (const char *file, int line);
-void (*CRYPTO_get_dynlock_lock_callback(void)) (int mode,
-                                                struct CRYPTO_dynlock_value
-                                                *l, const char *file,
-                                                int line);
-void (*CRYPTO_get_dynlock_destroy_callback(void)) (struct CRYPTO_dynlock_value
-                                                   *l, const char *file,
-                                                   int line);
-
-/*
- * CRYPTO_set_mem_functions includes CRYPTO_set_locked_mem_functions -- call
- * the latter last if you need different functions
- */
-int CRYPTO_set_mem_functions(void *(*m) (size_t), void *(*r) (void *, size_t),
-                             void (*f) (void *));
-int CRYPTO_set_locked_mem_functions(void *(*m) (size_t),
-                                    void (*free_func) (void *));
-int CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int),
-                                void *(*r) (void *, size_t, const char *,
-                                            int), void (*f) (void *));
-int CRYPTO_set_locked_mem_ex_functions(void *(*m) (size_t, const char *, int),
-                                       void (*free_func) (void *));
-int CRYPTO_set_mem_debug_functions(void (*m)
-                                    (void *, int, const char *, int, int),
-                                   void (*r) (void *, void *, int,
-                                              const char *, int, int),
-                                   void (*f) (void *, int), void (*so) (long),
-                                   long (*go) (void));
-void CRYPTO_get_mem_functions(void *(**m) (size_t),
-                              void *(**r) (void *, size_t),
-                              void (**f) (void *));
-void CRYPTO_get_locked_mem_functions(void *(**m) (size_t),
-                                     void (**f) (void *));
-void CRYPTO_get_mem_ex_functions(void *(**m) (size_t, const char *, int),
-                                 void *(**r) (void *, size_t, const char *,
-                                              int), void (**f) (void *));
-void CRYPTO_get_locked_mem_ex_functions(void
-                                        *(**m) (size_t, const char *, int),
-                                        void (**f) (void *));
-void CRYPTO_get_mem_debug_functions(void (**m)
-                                     (void *, int, const char *, int, int),
-                                    void (**r) (void *, void *, int,
-                                                const char *, int, int),
-                                    void (**f) (void *, int),
-                                    void (**so) (long), long (**go) (void));
-
-void *CRYPTO_malloc_locked(int num, const char *file, int line);
-void CRYPTO_free_locked(void *ptr);
-void *CRYPTO_malloc(int num, const char *file, int line);
-char *CRYPTO_strdup(const char *str, const char *file, int line);
-void CRYPTO_free(void *ptr);
-void *CRYPTO_realloc(void *addr, int num, const char *file, int line);
-void *CRYPTO_realloc_clean(void *addr, int old_num, int num, const char *file,
-                           int line);
-void *CRYPTO_remalloc(void *addr, int num, const char *file, int line);
-
-void OPENSSL_cleanse(void *ptr, size_t len);
-
-void CRYPTO_set_mem_debug_options(long bits);
-long CRYPTO_get_mem_debug_options(void);
-
-# define CRYPTO_push_info(info) \
-        CRYPTO_push_info_(info, __FILE__, __LINE__);
-int CRYPTO_push_info_(const char *info, const char *file, int line);
-int CRYPTO_pop_info(void);
-int CRYPTO_remove_all_info(void);
-
-/*
- * Default debugging functions (enabled by CRYPTO_malloc_debug_init() macro;
- * used as default in CRYPTO_MDEBUG compilations):
- */
-/*-
- * The last argument has the following significance:
- *
- * 0:   called before the actual memory allocation has taken place
- * 1:   called after the actual memory allocation has taken place
- */
-void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line,
-                       int before_p);
-void CRYPTO_dbg_realloc(void *addr1, void *addr2, int num, const char *file,
-                        int line, int before_p);
-void CRYPTO_dbg_free(void *addr, int before_p);
-/*-
- * Tell the debugging code about options.  By default, the following values
- * apply:
- *
- * 0:                           Clear all options.
- * V_CRYPTO_MDEBUG_TIME (1):    Set the "Show Time" option.
- * V_CRYPTO_MDEBUG_THREAD (2):  Set the "Show Thread Number" option.
- * V_CRYPTO_MDEBUG_ALL (3):     1 + 2
- */
-void CRYPTO_dbg_set_options(long bits);
-long CRYPTO_dbg_get_options(void);
-
-# ifndef OPENSSL_NO_FP_API
-void CRYPTO_mem_leaks_fp(FILE *);
-# endif
-void CRYPTO_mem_leaks(struct bio_st *bio);
-/* unsigned long order, char *file, int line, int num_bytes, char *addr */
-typedef void *CRYPTO_MEM_LEAK_CB (unsigned long, const char *, int, int,
-                                  void *);
-void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb);
-
-/* die if we have to */
-void OpenSSLDie(const char *file, int line, const char *assertion);
-# define OPENSSL_assert(e)       (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))
-
-unsigned long *OPENSSL_ia32cap_loc(void);
-# define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
-int OPENSSL_isservice(void);
-
-int FIPS_mode(void);
-int FIPS_mode_set(int r);
-
-void OPENSSL_init(void);
-
-# define fips_md_init(alg) fips_md_init_ctx(alg, alg)
-
-# ifdef OPENSSL_FIPS
-#  define fips_md_init_ctx(alg, cx) \
-        int alg##_Init(cx##_CTX *c) \
-        { \
-        if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
-                "Low level API call to digest " #alg " forbidden in FIPS mode!"); \
-        return private_##alg##_Init(c); \
-        } \
-        int private_##alg##_Init(cx##_CTX *c)
-
-#  define fips_cipher_abort(alg) \
-        if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
-                "Low level API call to cipher " #alg " forbidden in FIPS mode!")
-
-# else
-#  define fips_md_init_ctx(alg, cx) \
-        int alg##_Init(cx##_CTX *c)
-#  define fips_cipher_abort(alg) while(0)
-# endif
-
-/*
- * CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal.
- * It takes an amount of time dependent on |len|, but independent of the
- * contents of |a| and |b|. Unlike memcmp, it cannot be used to put elements
- * into a defined order as the return value when a != b is undefined, other
- * than to be non-zero.
- */
-int CRYPTO_memcmp(const volatile void *a, const volatile void *b, size_t len);
-
-/* BEGIN ERROR CODES */
-/*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_CRYPTO_strings(void);
-
-/* Error codes for the CRYPTO functions. */
-
-/* Function codes. */
-# define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX                 100
-# define CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID                103
-# define CRYPTO_F_CRYPTO_GET_NEW_LOCKID                   101
-# define CRYPTO_F_CRYPTO_SET_EX_DATA                      102
-# define CRYPTO_F_DEF_ADD_INDEX                           104
-# define CRYPTO_F_DEF_GET_CLASS                           105
-# define CRYPTO_F_FIPS_MODE_SET                           109
-# define CRYPTO_F_INT_DUP_EX_DATA                         106
-# define CRYPTO_F_INT_FREE_EX_DATA                        107
-# define CRYPTO_F_INT_NEW_EX_DATA                         108
-
-/* Reason codes. */
-# define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED                 101
-# define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK              100
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/freebsd/crypto/openssl/crypto/ct/ct_b64.c b/freebsd/crypto/openssl/crypto/ct/ct_b64.c
new file mode 100644
index 00000000..467334e7
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/ct/ct_b64.c
@@ -0,0 +1,170 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <limits.h>
+#include <string.h>
+
+#include <openssl/ct.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+
+#include "ct_locl.h"
+
+/*
+ * Decodes the base64 string |in| into |out|.
+ * A new string will be malloc'd and assigned to |out|. This will be owned by
+ * the caller. Do not provide a pre-allocated string in |out|.
+ */
+static int ct_base64_decode(const char *in, unsigned char **out)
+{
+    size_t inlen = strlen(in);
+    int outlen, i;
+    unsigned char *outbuf = NULL;
+
+    if (inlen == 0) {
+        *out = NULL;
+        return 0;
+    }
+
+    outlen = (inlen / 4) * 3;
+    outbuf = OPENSSL_malloc(outlen);
+    if (outbuf == NULL) {
+        CTerr(CT_F_CT_BASE64_DECODE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    outlen = EVP_DecodeBlock(outbuf, (unsigned char *)in, inlen);
+    if (outlen < 0) {
+        CTerr(CT_F_CT_BASE64_DECODE, CT_R_BASE64_DECODE_ERROR);
+        goto err;
+    }
+
+    /* Subtract padding bytes from |outlen|.  Any more than 2 is malformed. */
+    i = 0;
+    while (in[--inlen] == '=') {
+        --outlen;
+        if (++i > 2)
+            goto err;
+    }
+
+    *out = outbuf;
+    return outlen;
+err:
+    OPENSSL_free(outbuf);
+    return -1;
+}
+
+SCT *SCT_new_from_base64(unsigned char version, const char *logid_base64,
+                         ct_log_entry_type_t entry_type, uint64_t timestamp,
+                         const char *extensions_base64,
+                         const char *signature_base64)
+{
+    SCT *sct = SCT_new();
+    unsigned char *dec = NULL;
+    const unsigned char* p = NULL;
+    int declen;
+
+    if (sct == NULL) {
+        CTerr(CT_F_SCT_NEW_FROM_BASE64, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    /*
+     * RFC6962 section 4.1 says we "MUST NOT expect this to be 0", but we
+     * can only construct SCT versions that have been defined.
+     */
+    if (!SCT_set_version(sct, version)) {
+        CTerr(CT_F_SCT_NEW_FROM_BASE64, CT_R_SCT_UNSUPPORTED_VERSION);
+        goto err;
+    }
+
+    declen = ct_base64_decode(logid_base64, &dec);
+    if (declen < 0) {
+        CTerr(CT_F_SCT_NEW_FROM_BASE64, X509_R_BASE64_DECODE_ERROR);
+        goto err;
+    }
+    if (!SCT_set0_log_id(sct, dec, declen))
+        goto err;
+    dec = NULL;
+
+    declen = ct_base64_decode(extensions_base64, &dec);
+    if (declen < 0) {
+        CTerr(CT_F_SCT_NEW_FROM_BASE64, X509_R_BASE64_DECODE_ERROR);
+        goto err;
+    }
+    SCT_set0_extensions(sct, dec, declen);
+    dec = NULL;
+
+    declen = ct_base64_decode(signature_base64, &dec);
+    if (declen < 0) {
+        CTerr(CT_F_SCT_NEW_FROM_BASE64, X509_R_BASE64_DECODE_ERROR);
+        goto err;
+    }
+
+    p = dec;
+    if (o2i_SCT_signature(sct, &p, declen) <= 0)
+        goto err;
+    OPENSSL_free(dec);
+    dec = NULL;
+
+    SCT_set_timestamp(sct, timestamp);
+
+    if (!SCT_set_log_entry_type(sct, entry_type))
+        goto err;
+
+    return sct;
+
+ err:
+    OPENSSL_free(dec);
+    SCT_free(sct);
+    return NULL;
+}
+
+/*
+ * Allocate, build and returns a new |ct_log| from input |pkey_base64|
+ * It returns 1 on success,
+ * 0 on decoding failure, or invalid parameter if any
+ * -1 on internal (malloc) failure
+ */
+int CTLOG_new_from_base64(CTLOG **ct_log, const char *pkey_base64, const char *name)
+{
+    unsigned char *pkey_der = NULL;
+    int pkey_der_len;
+    const unsigned char *p;
+    EVP_PKEY *pkey = NULL;
+
+    if (ct_log == NULL) {
+        CTerr(CT_F_CTLOG_NEW_FROM_BASE64, ERR_R_PASSED_INVALID_ARGUMENT);
+        return 0;
+    }
+
+    pkey_der_len = ct_base64_decode(pkey_base64, &pkey_der);
+    if (pkey_der_len < 0) {
+        CTerr(CT_F_CTLOG_NEW_FROM_BASE64, CT_R_LOG_CONF_INVALID_KEY);
+        return 0;
+    }
+
+    p = pkey_der;
+    pkey = d2i_PUBKEY(NULL, &p, pkey_der_len);
+    OPENSSL_free(pkey_der);
+    if (pkey == NULL) {
+        CTerr(CT_F_CTLOG_NEW_FROM_BASE64, CT_R_LOG_CONF_INVALID_KEY);
+        return 0;
+    }
+
+    *ct_log = CTLOG_new(pkey, name);
+    if (*ct_log == NULL) {
+        EVP_PKEY_free(pkey);
+        return 0;
+    }
+
+    return 1;
+}
diff --git a/freebsd/crypto/openssl/crypto/ct/ct_err.c b/freebsd/crypto/openssl/crypto/ct/ct_err.c
new file mode 100644
index 00000000..dee9a9e4
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/ct/ct_err.c
@@ -0,0 +1,98 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/cterr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA CT_str_functs[] = {
+    {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_NEW, 0), "CTLOG_new"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_NEW_FROM_BASE64, 0),
+     "CTLOG_new_from_base64"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_NEW_FROM_CONF, 0), "ctlog_new_from_conf"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_STORE_LOAD_CTX_NEW, 0),
+     "ctlog_store_load_ctx_new"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_STORE_LOAD_FILE, 0),
+     "CTLOG_STORE_load_file"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_STORE_LOAD_LOG, 0),
+     "ctlog_store_load_log"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_STORE_NEW, 0), "CTLOG_STORE_new"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_CT_BASE64_DECODE, 0), "ct_base64_decode"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_CT_POLICY_EVAL_CTX_NEW, 0),
+     "CT_POLICY_EVAL_CTX_new"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_CT_V1_LOG_ID_FROM_PKEY, 0),
+     "ct_v1_log_id_from_pkey"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_I2O_SCT, 0), "i2o_SCT"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_I2O_SCT_LIST, 0), "i2o_SCT_LIST"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_I2O_SCT_SIGNATURE, 0), "i2o_SCT_signature"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_O2I_SCT, 0), "o2i_SCT"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_O2I_SCT_LIST, 0), "o2i_SCT_LIST"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_O2I_SCT_SIGNATURE, 0), "o2i_SCT_signature"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_SCT_CTX_NEW, 0), "SCT_CTX_new"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_SCT_CTX_VERIFY, 0), "SCT_CTX_verify"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_SCT_NEW, 0), "SCT_new"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_SCT_NEW_FROM_BASE64, 0), "SCT_new_from_base64"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET0_LOG_ID, 0), "SCT_set0_log_id"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET1_EXTENSIONS, 0), "SCT_set1_extensions"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET1_LOG_ID, 0), "SCT_set1_log_id"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET1_SIGNATURE, 0), "SCT_set1_signature"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET_LOG_ENTRY_TYPE, 0),
+     "SCT_set_log_entry_type"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET_SIGNATURE_NID, 0),
+     "SCT_set_signature_nid"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET_VERSION, 0), "SCT_set_version"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA CT_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_BASE64_DECODE_ERROR), "base64 decode error"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_INVALID_LOG_ID_LENGTH),
+    "invalid log id length"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_INVALID), "log conf invalid"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_INVALID_KEY),
+    "log conf invalid key"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_MISSING_DESCRIPTION),
+    "log conf missing description"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_MISSING_KEY),
+    "log conf missing key"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_KEY_INVALID), "log key invalid"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_FUTURE_TIMESTAMP),
+    "sct future timestamp"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_INVALID), "sct invalid"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_INVALID_SIGNATURE),
+    "sct invalid signature"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_LIST_INVALID), "sct list invalid"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_LOG_ID_MISMATCH), "sct log id mismatch"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_NOT_SET), "sct not set"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_UNSUPPORTED_VERSION),
+    "sct unsupported version"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_UNRECOGNIZED_SIGNATURE_NID),
+    "unrecognized signature nid"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_UNSUPPORTED_ENTRY_TYPE),
+    "unsupported entry type"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_UNSUPPORTED_VERSION), "unsupported version"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_CT_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(CT_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(CT_str_functs);
+        ERR_load_strings_const(CT_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/freebsd/crypto/openssl/crypto/ct/ct_locl.h b/freebsd/crypto/openssl/crypto/ct/ct_locl.h
new file mode 100644
index 00000000..9f983c91
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/ct/ct_locl.h
@@ -0,0 +1,216 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stddef.h>
+#include <openssl/ct.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/safestack.h>
+
+/*
+ * From RFC6962: opaque SerializedSCT<1..2^16-1>; struct { SerializedSCT
+ * sct_list <1..2^16-1>; } SignedCertificateTimestampList;
+ */
+# define MAX_SCT_SIZE            65535
+# define MAX_SCT_LIST_SIZE       MAX_SCT_SIZE
+
+/*
+ * Macros to read and write integers in network-byte order.
+ */
+
+#define n2s(c,s)        ((s=(((unsigned int)((c)[0]))<< 8)| \
+                            (((unsigned int)((c)[1]))    )),c+=2)
+
+#define s2n(s,c)        ((c[0]=(unsigned char)(((s)>> 8)&0xff), \
+                          c[1]=(unsigned char)(((s)    )&0xff)),c+=2)
+
+#define l2n3(l,c)       ((c[0]=(unsigned char)(((l)>>16)&0xff), \
+                          c[1]=(unsigned char)(((l)>> 8)&0xff), \
+                          c[2]=(unsigned char)(((l)    )&0xff)),c+=3)
+
+#define n2l8(c,l)       (l =((uint64_t)(*((c)++)))<<56, \
+                         l|=((uint64_t)(*((c)++)))<<48, \
+                         l|=((uint64_t)(*((c)++)))<<40, \
+                         l|=((uint64_t)(*((c)++)))<<32, \
+                         l|=((uint64_t)(*((c)++)))<<24, \
+                         l|=((uint64_t)(*((c)++)))<<16, \
+                         l|=((uint64_t)(*((c)++)))<< 8, \
+                         l|=((uint64_t)(*((c)++))))
+
+#define l2n8(l,c)       (*((c)++)=(unsigned char)(((l)>>56)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>48)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>40)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>32)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>24)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+                         *((c)++)=(unsigned char)(((l)    )&0xff))
+
+/* Signed Certificate Timestamp */
+struct sct_st {
+    sct_version_t version;
+    /* If version is not SCT_VERSION_V1, this contains the encoded SCT */
+    unsigned char *sct;
+    size_t sct_len;
+    /* If version is SCT_VERSION_V1, fields below contain components of the SCT */
+    unsigned char *log_id;
+    size_t log_id_len;
+    /*
+    * Note, we cannot distinguish between an unset timestamp, and one
+    * that is set to 0.  However since CT didn't exist in 1970, no real
+    * SCT should ever be set as such.
+    */
+    uint64_t timestamp;
+    unsigned char *ext;
+    size_t ext_len;
+    unsigned char hash_alg;
+    unsigned char sig_alg;
+    unsigned char *sig;
+    size_t sig_len;
+    /* Log entry type */
+    ct_log_entry_type_t entry_type;
+    /* Where this SCT was found, e.g. certificate, OCSP response, etc. */
+    sct_source_t source;
+    /* The result of the last attempt to validate this SCT. */
+    sct_validation_status_t validation_status;
+};
+
+/* Miscellaneous data that is useful when verifying an SCT  */
+struct sct_ctx_st {
+    /* Public key */
+    EVP_PKEY *pkey;
+    /* Hash of public key */
+    unsigned char *pkeyhash;
+    size_t pkeyhashlen;
+    /* For pre-certificate: issuer public key hash */
+    unsigned char *ihash;
+    size_t ihashlen;
+    /* certificate encoding */
+    unsigned char *certder;
+    size_t certderlen;
+    /* pre-certificate encoding */
+    unsigned char *preder;
+    size_t prederlen;
+    /* milliseconds since epoch (to check that the SCT isn't from the future) */
+    uint64_t epoch_time_in_ms;
+};
+
+/* Context when evaluating whether a Certificate Transparency policy is met */
+struct ct_policy_eval_ctx_st {
+    X509 *cert;
+    X509 *issuer;
+    CTLOG_STORE *log_store;
+    /* milliseconds since epoch (to check that SCTs aren't from the future) */
+    uint64_t epoch_time_in_ms;
+};
+
+/*
+ * Creates a new context for verifying an SCT.
+ */
+SCT_CTX *SCT_CTX_new(void);
+/*
+ * Deletes an SCT verification context.
+ */
+void SCT_CTX_free(SCT_CTX *sctx);
+
+/*
+ * Sets the certificate that the SCT was created for.
+ * If *cert does not have a poison extension, presigner must be NULL.
+ * If *cert does not have a poison extension, it may have a single SCT
+ * (NID_ct_precert_scts) extension.
+ * If either *cert or *presigner have an AKID (NID_authority_key_identifier)
+ * extension, both must have one.
+ * Returns 1 on success, 0 on failure.
+ */
+__owur int SCT_CTX_set1_cert(SCT_CTX *sctx, X509 *cert, X509 *presigner);
+
+/*
+ * Sets the issuer of the certificate that the SCT was created for.
+ * This is just a convenience method to save extracting the public key and
+ * calling SCT_CTX_set1_issuer_pubkey().
+ * Issuer must not be NULL.
+ * Returns 1 on success, 0 on failure.
+ */
+__owur int SCT_CTX_set1_issuer(SCT_CTX *sctx, const X509 *issuer);
+
+/*
+ * Sets the public key of the issuer of the certificate that the SCT was created
+ * for.
+ * The public key must not be NULL.
+ * Returns 1 on success, 0 on failure.
+ */
+__owur int SCT_CTX_set1_issuer_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey);
+
+/*
+ * Sets the public key of the CT log that the SCT is from.
+ * Returns 1 on success, 0 on failure.
+ */
+__owur int SCT_CTX_set1_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey);
+
+/*
+ * Sets the time to evaluate the SCT against, in milliseconds since the Unix
+ * epoch. If the SCT's timestamp is after this time, it will be interpreted as
+ * having been issued in the future. RFC6962 states that "TLS clients MUST
+ * reject SCTs whose timestamp is in the future", so an SCT will not validate
+ * in this case.
+ */
+void SCT_CTX_set_time(SCT_CTX *sctx, uint64_t time_in_ms);
+
+/*
+ * Verifies an SCT with the given context.
+ * Returns 1 if the SCT verifies successfully; any other value indicates
+ * failure. See EVP_DigestVerifyFinal() for the meaning of those values.
+ */
+__owur int SCT_CTX_verify(const SCT_CTX *sctx, const SCT *sct);
+
+/*
+ * Does this SCT have the minimum fields populated to be usable?
+ * Returns 1 if so, 0 otherwise.
+ */
+__owur int SCT_is_complete(const SCT *sct);
+
+/*
+ * Does this SCT have the signature-related fields populated?
+ * Returns 1 if so, 0 otherwise.
+ * This checks that the signature and hash algorithms are set to supported
+ * values and that the signature field is set.
+ */
+__owur int SCT_signature_is_complete(const SCT *sct);
+
+/*
+ * TODO(RJPercival): Create an SCT_signature struct and make i2o_SCT_signature
+ * and o2i_SCT_signature conform to the i2d/d2i conventions.
+ */
+
+/*
+* Serialize (to TLS format) an |sct| signature and write it to |out|.
+* If |out| is null, no signature will be output but the length will be returned.
+* If |out| points to a null pointer, a string will be allocated to hold the
+* TLS-format signature. It is the responsibility of the caller to free it.
+* If |out| points to an allocated string, the signature will be written to it.
+* The length of the signature in TLS format will be returned.
+*/
+__owur int i2o_SCT_signature(const SCT *sct, unsigned char **out);
+
+/*
+* Parses an SCT signature in TLS format and populates the |sct| with it.
+* |in| should be a pointer to a string containing the TLS-format signature.
+* |in| will be advanced to the end of the signature if parsing succeeds.
+* |len| should be the length of the signature in |in|.
+* Returns the number of bytes parsed, or a negative integer if an error occurs.
+* If an error occurs, the SCT's signature NID may be updated whilst the
+* signature field itself remains unset.
+*/
+__owur int o2i_SCT_signature(SCT *sct, const unsigned char **in, size_t len);
+
+/*
+ * Handlers for Certificate Transparency X509v3/OCSP extensions
+ */
+extern const X509V3_EXT_METHOD v3_ct_scts[3];
diff --git a/freebsd/crypto/openssl/crypto/ct/ct_log.c b/freebsd/crypto/openssl/crypto/ct/ct_log.c
new file mode 100644
index 00000000..b234fc6b
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/ct/ct_log.c
@@ -0,0 +1,308 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/conf.h>
+#include <openssl/ct.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/safestack.h>
+
+#include "internal/cryptlib.h"
+
+/*
+ * Information about a CT log server.
+ */
+struct ctlog_st {
+    char *name;
+    uint8_t log_id[CT_V1_HASHLEN];
+    EVP_PKEY *public_key;
+};
+
+/*
+ * A store for multiple CTLOG instances.
+ * It takes ownership of any CTLOG instances added to it.
+ */
+struct ctlog_store_st {
+    STACK_OF(CTLOG) *logs;
+};
+
+/* The context when loading a CT log list from a CONF file. */
+typedef struct ctlog_store_load_ctx_st {
+    CTLOG_STORE *log_store;
+    CONF *conf;
+    size_t invalid_log_entries;
+} CTLOG_STORE_LOAD_CTX;
+
+/*
+ * Creates an empty context for loading a CT log store.
+ * It should be populated before use.
+ */
+static CTLOG_STORE_LOAD_CTX *ctlog_store_load_ctx_new(void);
+
+/*
+ * Deletes a CT log store load context.
+ * Does not delete any of the fields.
+ */
+static void ctlog_store_load_ctx_free(CTLOG_STORE_LOAD_CTX* ctx);
+
+static CTLOG_STORE_LOAD_CTX *ctlog_store_load_ctx_new(void)
+{
+    CTLOG_STORE_LOAD_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
+
+    if (ctx == NULL)
+        CTerr(CT_F_CTLOG_STORE_LOAD_CTX_NEW, ERR_R_MALLOC_FAILURE);
+
+    return ctx;
+}
+
+static void ctlog_store_load_ctx_free(CTLOG_STORE_LOAD_CTX* ctx)
+{
+    OPENSSL_free(ctx);
+}
+
+/* Converts a log's public key into a SHA256 log ID */
+static int ct_v1_log_id_from_pkey(EVP_PKEY *pkey,
+                                  unsigned char log_id[CT_V1_HASHLEN])
+{
+    int ret = 0;
+    unsigned char *pkey_der = NULL;
+    int pkey_der_len = i2d_PUBKEY(pkey, &pkey_der);
+
+    if (pkey_der_len <= 0) {
+        CTerr(CT_F_CT_V1_LOG_ID_FROM_PKEY, CT_R_LOG_KEY_INVALID);
+        goto err;
+    }
+
+    SHA256(pkey_der, pkey_der_len, log_id);
+    ret = 1;
+err:
+    OPENSSL_free(pkey_der);
+    return ret;
+}
+
+CTLOG_STORE *CTLOG_STORE_new(void)
+{
+    CTLOG_STORE *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        CTerr(CT_F_CTLOG_STORE_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ret->logs = sk_CTLOG_new_null();
+    if (ret->logs == NULL)
+        goto err;
+
+    return ret;
+err:
+    OPENSSL_free(ret);
+    return NULL;
+}
+
+void CTLOG_STORE_free(CTLOG_STORE *store)
+{
+    if (store != NULL) {
+        sk_CTLOG_pop_free(store->logs, CTLOG_free);
+        OPENSSL_free(store);
+    }
+}
+
+static int ctlog_new_from_conf(CTLOG **ct_log, const CONF *conf, const char *section)
+{
+    const char *description = NCONF_get_string(conf, section, "description");
+    char *pkey_base64;
+
+    if (description == NULL) {
+        CTerr(CT_F_CTLOG_NEW_FROM_CONF, CT_R_LOG_CONF_MISSING_DESCRIPTION);
+        return 0;
+    }
+
+    pkey_base64 = NCONF_get_string(conf, section, "key");
+    if (pkey_base64 == NULL) {
+        CTerr(CT_F_CTLOG_NEW_FROM_CONF, CT_R_LOG_CONF_MISSING_KEY);
+        return 0;
+    }
+
+    return CTLOG_new_from_base64(ct_log, pkey_base64, description);
+}
+
+int CTLOG_STORE_load_default_file(CTLOG_STORE *store)
+{
+    const char *fpath = getenv(CTLOG_FILE_EVP);
+
+    if (fpath == NULL)
+      fpath = CTLOG_FILE;
+
+    return CTLOG_STORE_load_file(store, fpath);
+}
+
+/*
+ * Called by CONF_parse_list, which stops if this returns <= 0,
+ * Otherwise, one bad log entry would stop loading of any of
+ * the following log entries.
+ * It may stop parsing and returns -1 on any internal (malloc) error.
+ */
+static int ctlog_store_load_log(const char *log_name, int log_name_len,
+                                void *arg)
+{
+    CTLOG_STORE_LOAD_CTX *load_ctx = arg;
+    CTLOG *ct_log = NULL;
+    /* log_name may not be null-terminated, so fix that before using it */
+    char *tmp;
+    int ret = 0;
+
+    /* log_name will be NULL for empty list entries */
+    if (log_name == NULL)
+        return 1;
+
+    tmp = OPENSSL_strndup(log_name, log_name_len);
+    if (tmp == NULL)
+        goto mem_err;
+
+    ret = ctlog_new_from_conf(&ct_log, load_ctx->conf, tmp);
+    OPENSSL_free(tmp);
+
+    if (ret < 0) {
+        /* Propagate any internal error */
+        return ret;
+    }
+    if (ret == 0) {
+        /* If we can't load this log, record that fact and skip it */
+        ++load_ctx->invalid_log_entries;
+        return 1;
+    }
+
+    if (!sk_CTLOG_push(load_ctx->log_store->logs, ct_log)) {
+        goto mem_err;
+    }
+    return 1;
+
+mem_err:
+    CTLOG_free(ct_log);
+    CTerr(CT_F_CTLOG_STORE_LOAD_LOG, ERR_R_MALLOC_FAILURE);
+    return -1;
+}
+
+int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file)
+{
+    int ret = 0;
+    char *enabled_logs;
+    CTLOG_STORE_LOAD_CTX* load_ctx = ctlog_store_load_ctx_new();
+
+    if (load_ctx == NULL)
+        return 0;
+    load_ctx->log_store = store;
+    load_ctx->conf = NCONF_new(NULL);
+    if (load_ctx->conf == NULL)
+        goto end;
+
+    if (NCONF_load(load_ctx->conf, file, NULL) <= 0) {
+        CTerr(CT_F_CTLOG_STORE_LOAD_FILE, CT_R_LOG_CONF_INVALID);
+        goto end;
+    }
+
+    enabled_logs = NCONF_get_string(load_ctx->conf, NULL, "enabled_logs");
+    if (enabled_logs == NULL) {
+        CTerr(CT_F_CTLOG_STORE_LOAD_FILE, CT_R_LOG_CONF_INVALID);
+        goto end;
+    }
+
+    if (!CONF_parse_list(enabled_logs, ',', 1, ctlog_store_load_log, load_ctx) ||
+        load_ctx->invalid_log_entries > 0) {
+        CTerr(CT_F_CTLOG_STORE_LOAD_FILE, CT_R_LOG_CONF_INVALID);
+        goto end;
+    }
+
+    ret = 1;
+end:
+    NCONF_free(load_ctx->conf);
+    ctlog_store_load_ctx_free(load_ctx);
+    return ret;
+}
+
+/*
+ * Initialize a new CTLOG object.
+ * Takes ownership of the public key.
+ * Copies the name.
+ */
+CTLOG *CTLOG_new(EVP_PKEY *public_key, const char *name)
+{
+    CTLOG *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        CTerr(CT_F_CTLOG_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ret->name = OPENSSL_strdup(name);
+    if (ret->name == NULL) {
+        CTerr(CT_F_CTLOG_NEW, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (ct_v1_log_id_from_pkey(public_key, ret->log_id) != 1)
+        goto err;
+
+    ret->public_key = public_key;
+    return ret;
+err:
+    CTLOG_free(ret);
+    return NULL;
+}
+
+/* Frees CT log and associated structures */
+void CTLOG_free(CTLOG *log)
+{
+    if (log != NULL) {
+        OPENSSL_free(log->name);
+        EVP_PKEY_free(log->public_key);
+        OPENSSL_free(log);
+    }
+}
+
+const char *CTLOG_get0_name(const CTLOG *log)
+{
+    return log->name;
+}
+
+void CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id,
+                       size_t *log_id_len)
+{
+    *log_id = log->log_id;
+    *log_id_len = CT_V1_HASHLEN;
+}
+
+EVP_PKEY *CTLOG_get0_public_key(const CTLOG *log)
+{
+    return log->public_key;
+}
+
+/*
+ * Given a log ID, finds the matching log.
+ * Returns NULL if no match found.
+ */
+const CTLOG *CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store,
+                                        const uint8_t *log_id,
+                                        size_t log_id_len)
+{
+    int i;
+
+    for (i = 0; i < sk_CTLOG_num(store->logs); ++i) {
+        const CTLOG *log = sk_CTLOG_value(store->logs, i);
+        if (memcmp(log->log_id, log_id, log_id_len) == 0)
+            return log;
+    }
+
+    return NULL;
+}
diff --git a/freebsd/crypto/openssl/crypto/ct/ct_oct.c b/freebsd/crypto/openssl/crypto/ct/ct_oct.c
new file mode 100644
index 00000000..8e1f0339
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/ct/ct_oct.c
@@ -0,0 +1,409 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifdef OPENSSL_NO_CT
+# error "CT is disabled"
+#endif
+
+#include <limits.h>
+#include <string.h>
+
+#include <openssl/asn1.h>
+#include <openssl/buffer.h>
+#include <openssl/ct.h>
+#include <openssl/err.h>
+
+#include "ct_locl.h"
+
+int o2i_SCT_signature(SCT *sct, const unsigned char **in, size_t len)
+{
+    size_t siglen;
+    size_t len_remaining = len;
+    const unsigned char *p;
+
+    if (sct->version != SCT_VERSION_V1) {
+        CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_UNSUPPORTED_VERSION);
+        return -1;
+    }
+    /*
+     * digitally-signed struct header: (1 byte) Hash algorithm (1 byte)
+     * Signature algorithm (2 bytes + ?) Signature
+     *
+     * This explicitly rejects empty signatures: they're invalid for
+     * all supported algorithms.
+     */
+    if (len <= 4) {
+        CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE);
+        return -1;
+    }
+
+    p = *in;
+    /* Get hash and signature algorithm */
+    sct->hash_alg = *p++;
+    sct->sig_alg = *p++;
+    if (SCT_get_signature_nid(sct) == NID_undef) {
+        CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE);
+        return -1;
+    }
+    /* Retrieve signature and check it is consistent with the buffer length */
+    n2s(p, siglen);
+    len_remaining -= (p - *in);
+    if (siglen > len_remaining) {
+        CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE);
+        return -1;
+    }
+
+    if (SCT_set1_signature(sct, p, siglen) != 1)
+        return -1;
+    len_remaining -= siglen;
+    *in = p + siglen;
+
+    return len - len_remaining;
+}
+
+SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len)
+{
+    SCT *sct = NULL;
+    const unsigned char *p;
+
+    if (len == 0 || len > MAX_SCT_SIZE) {
+        CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);
+        goto err;
+    }
+
+    if ((sct = SCT_new()) == NULL)
+        goto err;
+
+    p = *in;
+
+    sct->version = *p;
+    if (sct->version == SCT_VERSION_V1) {
+        int sig_len;
+        size_t len2;
+        /*-
+         * Fixed-length header:
+         *   struct {
+         *     Version sct_version;     (1 byte)
+         *     log_id id;               (32 bytes)
+         *     uint64 timestamp;        (8 bytes)
+         *     CtExtensions extensions; (2 bytes + ?)
+         *   }
+         */
+        if (len < 43) {
+            CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);
+            goto err;
+        }
+        len -= 43;
+        p++;
+        sct->log_id = BUF_memdup(p, CT_V1_HASHLEN);
+        if (sct->log_id == NULL)
+            goto err;
+        sct->log_id_len = CT_V1_HASHLEN;
+        p += CT_V1_HASHLEN;
+
+        n2l8(p, sct->timestamp);
+
+        n2s(p, len2);
+        if (len < len2) {
+            CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);
+            goto err;
+        }
+        if (len2 > 0) {
+            sct->ext = BUF_memdup(p, len2);
+            if (sct->ext == NULL)
+                goto err;
+        }
+        sct->ext_len = len2;
+        p += len2;
+        len -= len2;
+
+        sig_len = o2i_SCT_signature(sct, &p, len);
+        if (sig_len <= 0) {
+            CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);
+            goto err;
+        }
+        len -= sig_len;
+        *in = p + len;
+    } else {
+        /* If not V1 just cache encoding */
+        sct->sct = BUF_memdup(p, len);
+        if (sct->sct == NULL)
+            goto err;
+        sct->sct_len = len;
+        *in = p + len;
+    }
+
+    if (psct != NULL) {
+        SCT_free(*psct);
+        *psct = sct;
+    }
+
+    return sct;
+err:
+    SCT_free(sct);
+    return NULL;
+}
+
+int i2o_SCT_signature(const SCT *sct, unsigned char **out)
+{
+    size_t len;
+    unsigned char *p = NULL, *pstart = NULL;
+
+    if (!SCT_signature_is_complete(sct)) {
+        CTerr(CT_F_I2O_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE);
+        goto err;
+    }
+
+    if (sct->version != SCT_VERSION_V1) {
+        CTerr(CT_F_I2O_SCT_SIGNATURE, CT_R_UNSUPPORTED_VERSION);
+        goto err;
+    }
+
+    /*
+    * (1 byte) Hash algorithm
+    * (1 byte) Signature algorithm
+    * (2 bytes + ?) Signature
+    */
+    len = 4 + sct->sig_len;
+
+    if (out != NULL) {
+        if (*out != NULL) {
+            p = *out;
+            *out += len;
+        } else {
+            pstart = p = OPENSSL_malloc(len);
+            if (p == NULL) {
+                CTerr(CT_F_I2O_SCT_SIGNATURE, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            *out = p;
+        }
+
+        *p++ = sct->hash_alg;
+        *p++ = sct->sig_alg;
+        s2n(sct->sig_len, p);
+        memcpy(p, sct->sig, sct->sig_len);
+    }
+
+    return len;
+err:
+    OPENSSL_free(pstart);
+    return -1;
+}
+
+int i2o_SCT(const SCT *sct, unsigned char **out)
+{
+    size_t len;
+    unsigned char *p = NULL, *pstart = NULL;
+
+    if (!SCT_is_complete(sct)) {
+        CTerr(CT_F_I2O_SCT, CT_R_SCT_NOT_SET);
+        goto err;
+    }
+    /*
+     * Fixed-length header: struct { (1 byte) Version sct_version; (32 bytes)
+     * log_id id; (8 bytes) uint64 timestamp; (2 bytes + ?) CtExtensions
+     * extensions; (1 byte) Hash algorithm (1 byte) Signature algorithm (2
+     * bytes + ?) Signature
+     */
+    if (sct->version == SCT_VERSION_V1)
+        len = 43 + sct->ext_len + 4 + sct->sig_len;
+    else
+        len = sct->sct_len;
+
+    if (out == NULL)
+        return len;
+
+    if (*out != NULL) {
+        p = *out;
+        *out += len;
+    } else {
+        pstart = p = OPENSSL_malloc(len);
+        if (p == NULL) {
+            CTerr(CT_F_I2O_SCT, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        *out = p;
+    }
+
+    if (sct->version == SCT_VERSION_V1) {
+        *p++ = sct->version;
+        memcpy(p, sct->log_id, CT_V1_HASHLEN);
+        p += CT_V1_HASHLEN;
+        l2n8(sct->timestamp, p);
+        s2n(sct->ext_len, p);
+        if (sct->ext_len > 0) {
+            memcpy(p, sct->ext, sct->ext_len);
+            p += sct->ext_len;
+        }
+        if (i2o_SCT_signature(sct, &p) <= 0)
+            goto err;
+    } else {
+        memcpy(p, sct->sct, len);
+    }
+
+    return len;
+err:
+    OPENSSL_free(pstart);
+    return -1;
+}
+
+STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp,
+                            size_t len)
+{
+    STACK_OF(SCT) *sk = NULL;
+    size_t list_len, sct_len;
+
+    if (len < 2 || len > MAX_SCT_LIST_SIZE) {
+        CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID);
+        return NULL;
+    }
+
+    n2s(*pp, list_len);
+    if (list_len != len - 2) {
+        CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID);
+        return NULL;
+    }
+
+    if (a == NULL || *a == NULL) {
+        sk = sk_SCT_new_null();
+        if (sk == NULL)
+            return NULL;
+    } else {
+        SCT *sct;
+
+        /* Use the given stack, but empty it first. */
+        sk = *a;
+        while ((sct = sk_SCT_pop(sk)) != NULL)
+            SCT_free(sct);
+    }
+
+    while (list_len > 0) {
+        SCT *sct;
+
+        if (list_len < 2) {
+            CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID);
+            goto err;
+        }
+        n2s(*pp, sct_len);
+        list_len -= 2;
+
+        if (sct_len == 0 || sct_len > list_len) {
+            CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID);
+            goto err;
+        }
+        list_len -= sct_len;
+
+        if ((sct = o2i_SCT(NULL, pp, sct_len)) == NULL)
+            goto err;
+        if (!sk_SCT_push(sk, sct)) {
+            SCT_free(sct);
+            goto err;
+        }
+    }
+
+    if (a != NULL && *a == NULL)
+        *a = sk;
+    return sk;
+
+ err:
+    if (a == NULL || *a == NULL)
+        SCT_LIST_free(sk);
+    return NULL;
+}
+
+int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp)
+{
+    int len, sct_len, i, is_pp_new = 0;
+    size_t len2;
+    unsigned char *p = NULL, *p2;
+
+    if (pp != NULL) {
+        if (*pp == NULL) {
+            if ((len = i2o_SCT_LIST(a, NULL)) == -1) {
+                CTerr(CT_F_I2O_SCT_LIST, CT_R_SCT_LIST_INVALID);
+                return -1;
+            }
+            if ((*pp = OPENSSL_malloc(len)) == NULL) {
+                CTerr(CT_F_I2O_SCT_LIST, ERR_R_MALLOC_FAILURE);
+                return -1;
+            }
+            is_pp_new = 1;
+        }
+        p = *pp + 2;
+    }
+
+    len2 = 2;
+    for (i = 0; i < sk_SCT_num(a); i++) {
+        if (pp != NULL) {
+            p2 = p;
+            p += 2;
+            if ((sct_len = i2o_SCT(sk_SCT_value(a, i), &p)) == -1)
+                goto err;
+            s2n(sct_len, p2);
+        } else {
+          if ((sct_len = i2o_SCT(sk_SCT_value(a, i), NULL)) == -1)
+              goto err;
+        }
+        len2 += 2 + sct_len;
+    }
+
+    if (len2 > MAX_SCT_LIST_SIZE)
+        goto err;
+
+    if (pp != NULL) {
+        p = *pp;
+        s2n(len2 - 2, p);
+        if (!is_pp_new)
+            *pp += len2;
+    }
+    return len2;
+
+ err:
+    if (is_pp_new) {
+        OPENSSL_free(*pp);
+        *pp = NULL;
+    }
+    return -1;
+}
+
+STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp,
+                            long len)
+{
+    ASN1_OCTET_STRING *oct = NULL;
+    STACK_OF(SCT) *sk = NULL;
+    const unsigned char *p;
+
+    p = *pp;
+    if (d2i_ASN1_OCTET_STRING(&oct, &p, len) == NULL)
+        return NULL;
+
+    p = oct->data;
+    if ((sk = o2i_SCT_LIST(a, &p, oct->length)) != NULL)
+        *pp += len;
+
+    ASN1_OCTET_STRING_free(oct);
+    return sk;
+}
+
+int i2d_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **out)
+{
+    ASN1_OCTET_STRING oct;
+    int len;
+
+    oct.data = NULL;
+    if ((oct.length = i2o_SCT_LIST(a, &oct.data)) == -1)
+        return -1;
+
+    len = i2d_ASN1_OCTET_STRING(&oct, out);
+    OPENSSL_free(oct.data);
+    return len;
+}
diff --git a/freebsd/crypto/openssl/crypto/ct/ct_policy.c b/freebsd/crypto/openssl/crypto/ct/ct_policy.c
new file mode 100644
index 00000000..a9a8db28
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/ct/ct_policy.c
@@ -0,0 +1,100 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifdef OPENSSL_NO_CT
+# error "CT is disabled"
+#endif
+
+#include <openssl/ct.h>
+#include <openssl/err.h>
+#include <time.h>
+
+#include "ct_locl.h"
+
+/*
+ * Number of seconds in the future that an SCT timestamp can be, by default,
+ * without being considered invalid. This is added to time() when setting a
+ * default value for CT_POLICY_EVAL_CTX.epoch_time_in_ms.
+ * It can be overridden by calling CT_POLICY_EVAL_CTX_set_time().
+ */
+static const time_t SCT_CLOCK_DRIFT_TOLERANCE = 300;
+
+CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void)
+{
+    CT_POLICY_EVAL_CTX *ctx = OPENSSL_zalloc(sizeof(CT_POLICY_EVAL_CTX));
+
+    if (ctx == NULL) {
+        CTerr(CT_F_CT_POLICY_EVAL_CTX_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    /* time(NULL) shouldn't ever fail, so don't bother checking for -1. */
+    ctx->epoch_time_in_ms = (uint64_t)(time(NULL) + SCT_CLOCK_DRIFT_TOLERANCE) *
+            1000;
+
+    return ctx;
+}
+
+void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx)
+{
+    if (ctx == NULL)
+        return;
+    X509_free(ctx->cert);
+    X509_free(ctx->issuer);
+    OPENSSL_free(ctx);
+}
+
+int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert)
+{
+    if (!X509_up_ref(cert))
+        return 0;
+    ctx->cert = cert;
+    return 1;
+}
+
+int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer)
+{
+    if (!X509_up_ref(issuer))
+        return 0;
+    ctx->issuer = issuer;
+    return 1;
+}
+
+void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx,
+                                               CTLOG_STORE *log_store)
+{
+    ctx->log_store = log_store;
+}
+
+void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms)
+{
+    ctx->epoch_time_in_ms = time_in_ms;
+}
+
+X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx)
+{
+    return ctx->cert;
+}
+
+X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx)
+{
+    return ctx->issuer;
+}
+
+const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx)
+{
+    return ctx->log_store;
+}
+
+uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx)
+{
+    return ctx->epoch_time_in_ms;
+}
diff --git a/freebsd/crypto/openssl/crypto/ct/ct_prn.c b/freebsd/crypto/openssl/crypto/ct/ct_prn.c
new file mode 100644
index 00000000..e918722c
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/ct/ct_prn.c
@@ -0,0 +1,129 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifdef OPENSSL_NO_CT
+# error "CT is disabled"
+#endif
+
+#include <openssl/asn1.h>
+#include <openssl/bio.h>
+
+#include "ct_locl.h"
+
+static void SCT_signature_algorithms_print(const SCT *sct, BIO *out)
+{
+    int nid = SCT_get_signature_nid(sct);
+
+    if (nid == NID_undef)
+        BIO_printf(out, "%02X%02X", sct->hash_alg, sct->sig_alg);
+    else
+        BIO_printf(out, "%s", OBJ_nid2ln(nid));
+}
+
+static void timestamp_print(uint64_t timestamp, BIO *out)
+{
+    ASN1_GENERALIZEDTIME *gen = ASN1_GENERALIZEDTIME_new();
+    char genstr[20];
+
+    if (gen == NULL)
+        return;
+    ASN1_GENERALIZEDTIME_adj(gen, (time_t)0,
+                             (int)(timestamp / 86400000),
+                             (timestamp % 86400000) / 1000);
+    /*
+     * Note GeneralizedTime from ASN1_GENERALIZETIME_adj is always 15
+     * characters long with a final Z. Update it with fractional seconds.
+     */
+    BIO_snprintf(genstr, sizeof(genstr), "%.14s.%03dZ",
+                 ASN1_STRING_get0_data(gen), (unsigned int)(timestamp % 1000));
+    if (ASN1_GENERALIZEDTIME_set_string(gen, genstr))
+        ASN1_GENERALIZEDTIME_print(out, gen);
+    ASN1_GENERALIZEDTIME_free(gen);
+}
+
+const char *SCT_validation_status_string(const SCT *sct)
+{
+
+    switch (SCT_get_validation_status(sct)) {
+    case SCT_VALIDATION_STATUS_NOT_SET:
+        return "not set";
+    case SCT_VALIDATION_STATUS_UNKNOWN_VERSION:
+        return "unknown version";
+    case SCT_VALIDATION_STATUS_UNKNOWN_LOG:
+        return "unknown log";
+    case SCT_VALIDATION_STATUS_UNVERIFIED:
+        return "unverified";
+    case SCT_VALIDATION_STATUS_INVALID:
+        return "invalid";
+    case SCT_VALIDATION_STATUS_VALID:
+        return "valid";
+    }
+    return "unknown status";
+}
+
+void SCT_print(const SCT *sct, BIO *out, int indent,
+               const CTLOG_STORE *log_store)
+{
+    const CTLOG *log = NULL;
+
+    if (log_store != NULL) {
+        log = CTLOG_STORE_get0_log_by_id(log_store, sct->log_id,
+                                         sct->log_id_len);
+    }
+
+    BIO_printf(out, "%*sSigned Certificate Timestamp:", indent, "");
+    BIO_printf(out, "\n%*sVersion   : ", indent + 4, "");
+
+    if (sct->version != SCT_VERSION_V1) {
+        BIO_printf(out, "unknown\n%*s", indent + 16, "");
+        BIO_hex_string(out, indent + 16, 16, sct->sct, sct->sct_len);
+        return;
+    }
+
+    BIO_printf(out, "v1 (0x0)");
+
+    if (log != NULL) {
+        BIO_printf(out, "\n%*sLog       : %s", indent + 4, "",
+                   CTLOG_get0_name(log));
+    }
+
+    BIO_printf(out, "\n%*sLog ID    : ", indent + 4, "");
+    BIO_hex_string(out, indent + 16, 16, sct->log_id, sct->log_id_len);
+
+    BIO_printf(out, "\n%*sTimestamp : ", indent + 4, "");
+    timestamp_print(sct->timestamp, out);
+
+    BIO_printf(out, "\n%*sExtensions: ", indent + 4, "");
+    if (sct->ext_len == 0)
+        BIO_printf(out, "none");
+    else
+        BIO_hex_string(out, indent + 16, 16, sct->ext, sct->ext_len);
+
+    BIO_printf(out, "\n%*sSignature : ", indent + 4, "");
+    SCT_signature_algorithms_print(sct, out);
+    BIO_printf(out, "\n%*s            ", indent + 4, "");
+    BIO_hex_string(out, indent + 16, 16, sct->sig, sct->sig_len);
+}
+
+void SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent,
+                    const char *separator, const CTLOG_STORE *log_store)
+{
+    int sct_count = sk_SCT_num(sct_list);
+    int i;
+
+    for (i = 0; i < sct_count; ++i) {
+        SCT *sct = sk_SCT_value(sct_list, i);
+
+        SCT_print(sct, out, indent, log_store);
+        if (i < sk_SCT_num(sct_list) - 1)
+            BIO_printf(out, "%s", separator);
+    }
+}
diff --git a/freebsd/crypto/openssl/crypto/ct/ct_sct.c b/freebsd/crypto/openssl/crypto/ct/ct_sct.c
new file mode 100644
index 00000000..fe68d045
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/ct/ct_sct.c
@@ -0,0 +1,398 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifdef OPENSSL_NO_CT
+# error "CT disabled"
+#endif
+
+#include <openssl/ct.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/tls1.h>
+#include <openssl/x509.h>
+
+#include "ct_locl.h"
+
+SCT *SCT_new(void)
+{
+    SCT *sct = OPENSSL_zalloc(sizeof(*sct));
+
+    if (sct == NULL) {
+        CTerr(CT_F_SCT_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    sct->entry_type = CT_LOG_ENTRY_TYPE_NOT_SET;
+    sct->version = SCT_VERSION_NOT_SET;
+    return sct;
+}
+
+void SCT_free(SCT *sct)
+{
+    if (sct == NULL)
+        return;
+
+    OPENSSL_free(sct->log_id);
+    OPENSSL_free(sct->ext);
+    OPENSSL_free(sct->sig);
+    OPENSSL_free(sct->sct);
+    OPENSSL_free(sct);
+}
+
+void SCT_LIST_free(STACK_OF(SCT) *a)
+{
+    sk_SCT_pop_free(a, SCT_free);
+}
+
+int SCT_set_version(SCT *sct, sct_version_t version)
+{
+    if (version != SCT_VERSION_V1) {
+        CTerr(CT_F_SCT_SET_VERSION, CT_R_UNSUPPORTED_VERSION);
+        return 0;
+    }
+    sct->version = version;
+    sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
+    return 1;
+}
+
+int SCT_set_log_entry_type(SCT *sct, ct_log_entry_type_t entry_type)
+{
+    sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
+
+    switch (entry_type) {
+    case CT_LOG_ENTRY_TYPE_X509:
+    case CT_LOG_ENTRY_TYPE_PRECERT:
+        sct->entry_type = entry_type;
+        return 1;
+    case CT_LOG_ENTRY_TYPE_NOT_SET:
+        break;
+    }
+    CTerr(CT_F_SCT_SET_LOG_ENTRY_TYPE, CT_R_UNSUPPORTED_ENTRY_TYPE);
+    return 0;
+}
+
+int SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len)
+{
+    if (sct->version == SCT_VERSION_V1 && log_id_len != CT_V1_HASHLEN) {
+        CTerr(CT_F_SCT_SET0_LOG_ID, CT_R_INVALID_LOG_ID_LENGTH);
+        return 0;
+    }
+
+    OPENSSL_free(sct->log_id);
+    sct->log_id = log_id;
+    sct->log_id_len = log_id_len;
+    sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
+    return 1;
+}
+
+int SCT_set1_log_id(SCT *sct, const unsigned char *log_id, size_t log_id_len)
+{
+    if (sct->version == SCT_VERSION_V1 && log_id_len != CT_V1_HASHLEN) {
+        CTerr(CT_F_SCT_SET1_LOG_ID, CT_R_INVALID_LOG_ID_LENGTH);
+        return 0;
+    }
+
+    OPENSSL_free(sct->log_id);
+    sct->log_id = NULL;
+    sct->log_id_len = 0;
+    sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
+
+    if (log_id != NULL && log_id_len > 0) {
+        sct->log_id = OPENSSL_memdup(log_id, log_id_len);
+        if (sct->log_id == NULL) {
+            CTerr(CT_F_SCT_SET1_LOG_ID, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        sct->log_id_len = log_id_len;
+    }
+    return 1;
+}
+
+
+void SCT_set_timestamp(SCT *sct, uint64_t timestamp)
+{
+    sct->timestamp = timestamp;
+    sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
+}
+
+int SCT_set_signature_nid(SCT *sct, int nid)
+{
+    switch (nid) {
+    case NID_sha256WithRSAEncryption:
+        sct->hash_alg = TLSEXT_hash_sha256;
+        sct->sig_alg = TLSEXT_signature_rsa;
+        sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
+        return 1;
+    case NID_ecdsa_with_SHA256:
+        sct->hash_alg = TLSEXT_hash_sha256;
+        sct->sig_alg = TLSEXT_signature_ecdsa;
+        sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
+        return 1;
+    default:
+        CTerr(CT_F_SCT_SET_SIGNATURE_NID, CT_R_UNRECOGNIZED_SIGNATURE_NID);
+        return 0;
+    }
+}
+
+void SCT_set0_extensions(SCT *sct, unsigned char *ext, size_t ext_len)
+{
+    OPENSSL_free(sct->ext);
+    sct->ext = ext;
+    sct->ext_len = ext_len;
+    sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
+}
+
+int SCT_set1_extensions(SCT *sct, const unsigned char *ext, size_t ext_len)
+{
+    OPENSSL_free(sct->ext);
+    sct->ext = NULL;
+    sct->ext_len = 0;
+    sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
+
+    if (ext != NULL && ext_len > 0) {
+        sct->ext = OPENSSL_memdup(ext, ext_len);
+        if (sct->ext == NULL) {
+            CTerr(CT_F_SCT_SET1_EXTENSIONS, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        sct->ext_len = ext_len;
+    }
+    return 1;
+}
+
+void SCT_set0_signature(SCT *sct, unsigned char *sig, size_t sig_len)
+{
+    OPENSSL_free(sct->sig);
+    sct->sig = sig;
+    sct->sig_len = sig_len;
+    sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
+}
+
+int SCT_set1_signature(SCT *sct, const unsigned char *sig, size_t sig_len)
+{
+    OPENSSL_free(sct->sig);
+    sct->sig = NULL;
+    sct->sig_len = 0;
+    sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
+
+    if (sig != NULL && sig_len > 0) {
+        sct->sig = OPENSSL_memdup(sig, sig_len);
+        if (sct->sig == NULL) {
+            CTerr(CT_F_SCT_SET1_SIGNATURE, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        sct->sig_len = sig_len;
+    }
+    return 1;
+}
+
+sct_version_t SCT_get_version(const SCT *sct)
+{
+    return sct->version;
+}
+
+ct_log_entry_type_t SCT_get_log_entry_type(const SCT *sct)
+{
+    return sct->entry_type;
+}
+
+size_t SCT_get0_log_id(const SCT *sct, unsigned char **log_id)
+{
+    *log_id = sct->log_id;
+    return sct->log_id_len;
+}
+
+uint64_t SCT_get_timestamp(const SCT *sct)
+{
+    return sct->timestamp;
+}
+
+int SCT_get_signature_nid(const SCT *sct)
+{
+    if (sct->version == SCT_VERSION_V1) {
+        if (sct->hash_alg == TLSEXT_hash_sha256) {
+            switch (sct->sig_alg) {
+            case TLSEXT_signature_ecdsa:
+                return NID_ecdsa_with_SHA256;
+            case TLSEXT_signature_rsa:
+                return NID_sha256WithRSAEncryption;
+            default:
+                return NID_undef;
+            }
+        }
+    }
+    return NID_undef;
+}
+
+size_t SCT_get0_extensions(const SCT *sct, unsigned char **ext)
+{
+    *ext = sct->ext;
+    return sct->ext_len;
+}
+
+size_t SCT_get0_signature(const SCT *sct, unsigned char **sig)
+{
+    *sig = sct->sig;
+    return sct->sig_len;
+}
+
+int SCT_is_complete(const SCT *sct)
+{
+    switch (sct->version) {
+    case SCT_VERSION_NOT_SET:
+        return 0;
+    case SCT_VERSION_V1:
+        return sct->log_id != NULL && SCT_signature_is_complete(sct);
+    default:
+        return sct->sct != NULL; /* Just need cached encoding */
+    }
+}
+
+int SCT_signature_is_complete(const SCT *sct)
+{
+    return SCT_get_signature_nid(sct) != NID_undef &&
+        sct->sig != NULL && sct->sig_len > 0;
+}
+
+sct_source_t SCT_get_source(const SCT *sct)
+{
+    return sct->source;
+}
+
+int SCT_set_source(SCT *sct, sct_source_t source)
+{
+    sct->source = source;
+    sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
+    switch (source) {
+    case SCT_SOURCE_TLS_EXTENSION:
+    case SCT_SOURCE_OCSP_STAPLED_RESPONSE:
+        return SCT_set_log_entry_type(sct, CT_LOG_ENTRY_TYPE_X509);
+    case SCT_SOURCE_X509V3_EXTENSION:
+        return SCT_set_log_entry_type(sct, CT_LOG_ENTRY_TYPE_PRECERT);
+    case SCT_SOURCE_UNKNOWN:
+        break;
+    }
+    /* if we aren't sure, leave the log entry type alone */
+    return 1;
+}
+
+sct_validation_status_t SCT_get_validation_status(const SCT *sct)
+{
+    return sct->validation_status;
+}
+
+int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx)
+{
+    int is_sct_valid = -1;
+    SCT_CTX *sctx = NULL;
+    X509_PUBKEY *pub = NULL, *log_pkey = NULL;
+    const CTLOG *log;
+
+    /*
+     * With an unrecognized SCT version we don't know what such an SCT means,
+     * let alone validate one.  So we return validation failure (0).
+     */
+    if (sct->version != SCT_VERSION_V1) {
+        sct->validation_status = SCT_VALIDATION_STATUS_UNKNOWN_VERSION;
+        return 0;
+    }
+
+    log = CTLOG_STORE_get0_log_by_id(ctx->log_store,
+                                     sct->log_id, sct->log_id_len);
+
+    /* Similarly, an SCT from an unknown log also cannot be validated. */
+    if (log == NULL) {
+        sct->validation_status = SCT_VALIDATION_STATUS_UNKNOWN_LOG;
+        return 0;
+    }
+
+    sctx = SCT_CTX_new();
+    if (sctx == NULL)
+        goto err;
+
+    if (X509_PUBKEY_set(&log_pkey, CTLOG_get0_public_key(log)) != 1)
+        goto err;
+    if (SCT_CTX_set1_pubkey(sctx, log_pkey) != 1)
+        goto err;
+
+    if (SCT_get_log_entry_type(sct) == CT_LOG_ENTRY_TYPE_PRECERT) {
+        EVP_PKEY *issuer_pkey;
+
+        if (ctx->issuer == NULL) {
+            sct->validation_status = SCT_VALIDATION_STATUS_UNVERIFIED;
+            goto end;
+        }
+
+        issuer_pkey = X509_get0_pubkey(ctx->issuer);
+
+        if (X509_PUBKEY_set(&pub, issuer_pkey) != 1)
+            goto err;
+        if (SCT_CTX_set1_issuer_pubkey(sctx, pub) != 1)
+            goto err;
+    }
+
+    SCT_CTX_set_time(sctx, ctx->epoch_time_in_ms);
+
+    /*
+     * XXX: Potential for optimization.  This repeats some idempotent heavy
+     * lifting on the certificate for each candidate SCT, and appears to not
+     * use any information in the SCT itself, only the certificate is
+     * processed.  So it may make more sense to to do this just once, perhaps
+     * associated with the shared (by all SCTs) policy eval ctx.
+     *
+     * XXX: Failure here is global (SCT independent) and represents either an
+     * issue with the certificate (e.g. duplicate extensions) or an out of
+     * memory condition.  When the certificate is incompatible with CT, we just
+     * mark the SCTs invalid, rather than report a failure to determine the
+     * validation status.  That way, callbacks that want to do "soft" SCT
+     * processing will not abort handshakes with false positive internal
+     * errors.  Since the function does not distinguish between certificate
+     * issues (peer's fault) and internal problems (out fault) the safe thing
+     * to do is to report a validation failure and let the callback or
+     * application decide what to do.
+     */
+    if (SCT_CTX_set1_cert(sctx, ctx->cert, NULL) != 1)
+        sct->validation_status = SCT_VALIDATION_STATUS_UNVERIFIED;
+    else
+        sct->validation_status = SCT_CTX_verify(sctx, sct) == 1 ?
+            SCT_VALIDATION_STATUS_VALID : SCT_VALIDATION_STATUS_INVALID;
+
+end:
+    is_sct_valid = sct->validation_status == SCT_VALIDATION_STATUS_VALID;
+err:
+    X509_PUBKEY_free(pub);
+    X509_PUBKEY_free(log_pkey);
+    SCT_CTX_free(sctx);
+
+    return is_sct_valid;
+}
+
+int SCT_LIST_validate(const STACK_OF(SCT) *scts, CT_POLICY_EVAL_CTX *ctx)
+{
+    int are_scts_valid = 1;
+    int sct_count = scts != NULL ? sk_SCT_num(scts) : 0;
+    int i;
+
+    for (i = 0; i < sct_count; ++i) {
+        int is_sct_valid = -1;
+        SCT *sct = sk_SCT_value(scts, i);
+
+        if (sct == NULL)
+            continue;
+
+        is_sct_valid = SCT_validate(sct, ctx);
+        if (is_sct_valid < 0)
+            return is_sct_valid;
+        are_scts_valid &= is_sct_valid;
+    }
+
+    return are_scts_valid;
+}
diff --git a/freebsd/crypto/openssl/crypto/ct/ct_sct_ctx.c b/freebsd/crypto/openssl/crypto/ct/ct_sct_ctx.c
new file mode 100644
index 00000000..e207ea45
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/ct/ct_sct_ctx.c
@@ -0,0 +1,265 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifdef OPENSSL_NO_CT
+# error "CT is disabled"
+#endif
+
+#include <stddef.h>
+#include <string.h>
+
+#include <openssl/err.h>
+#include <openssl/obj_mac.h>
+#include <openssl/x509.h>
+
+#include "ct_locl.h"
+
+SCT_CTX *SCT_CTX_new(void)
+{
+    SCT_CTX *sctx = OPENSSL_zalloc(sizeof(*sctx));
+
+    if (sctx == NULL)
+        CTerr(CT_F_SCT_CTX_NEW, ERR_R_MALLOC_FAILURE);
+
+    return sctx;
+}
+
+void SCT_CTX_free(SCT_CTX *sctx)
+{
+    if (sctx == NULL)
+        return;
+    EVP_PKEY_free(sctx->pkey);
+    OPENSSL_free(sctx->pkeyhash);
+    OPENSSL_free(sctx->ihash);
+    OPENSSL_free(sctx->certder);
+    OPENSSL_free(sctx->preder);
+    OPENSSL_free(sctx);
+}
+
+/*
+ * Finds the index of the first extension with the given NID in cert.
+ * If there is more than one extension with that NID, *is_duplicated is set to
+ * 1, otherwise 0 (unless it is NULL).
+ */
+static int ct_x509_get_ext(X509 *cert, int nid, int *is_duplicated)
+{
+    int ret = X509_get_ext_by_NID(cert, nid, -1);
+
+    if (is_duplicated != NULL)
+        *is_duplicated = ret >= 0 && X509_get_ext_by_NID(cert, nid, ret) >= 0;
+
+    return ret;
+}
+
+/*
+ * Modifies a certificate by deleting extensions and copying the issuer and
+ * AKID from the presigner certificate, if necessary.
+ * Returns 1 on success, 0 otherwise.
+ */
+__owur static int ct_x509_cert_fixup(X509 *cert, X509 *presigner)
+{
+    int preidx, certidx;
+    int pre_akid_ext_is_dup, cert_akid_ext_is_dup;
+
+    if (presigner == NULL)
+        return 1;
+
+    preidx = ct_x509_get_ext(presigner, NID_authority_key_identifier,
+                             &pre_akid_ext_is_dup);
+    certidx = ct_x509_get_ext(cert, NID_authority_key_identifier,
+                              &cert_akid_ext_is_dup);
+
+    /* An error occurred whilst searching for the extension */
+    if (preidx < -1 || certidx < -1)
+        return 0;
+    /* Invalid certificate if they contain duplicate extensions */
+    if (pre_akid_ext_is_dup || cert_akid_ext_is_dup)
+        return 0;
+    /* AKID must be present in both certificate or absent in both */
+    if (preidx >= 0 && certidx == -1)
+        return 0;
+    if (preidx == -1 && certidx >= 0)
+        return 0;
+    /* Copy issuer name */
+    if (!X509_set_issuer_name(cert, X509_get_issuer_name(presigner)))
+        return 0;
+    if (preidx != -1) {
+        /* Retrieve and copy AKID encoding */
+        X509_EXTENSION *preext = X509_get_ext(presigner, preidx);
+        X509_EXTENSION *certext = X509_get_ext(cert, certidx);
+        ASN1_OCTET_STRING *preextdata;
+
+        /* Should never happen */
+        if (preext == NULL || certext == NULL)
+            return 0;
+        preextdata = X509_EXTENSION_get_data(preext);
+        if (preextdata == NULL ||
+            !X509_EXTENSION_set_data(certext, preextdata))
+            return 0;
+    }
+    return 1;
+}
+
+int SCT_CTX_set1_cert(SCT_CTX *sctx, X509 *cert, X509 *presigner)
+{
+    unsigned char *certder = NULL, *preder = NULL;
+    X509 *pretmp = NULL;
+    int certderlen = 0, prederlen = 0;
+    int idx = -1;
+    int poison_ext_is_dup, sct_ext_is_dup;
+    int poison_idx = ct_x509_get_ext(cert, NID_ct_precert_poison, &poison_ext_is_dup);
+
+    /* Duplicate poison extensions are present - error */
+    if (poison_ext_is_dup)
+        goto err;
+
+    /* If *cert doesn't have a poison extension, it isn't a precert */
+    if (poison_idx == -1) {
+        /* cert isn't a precert, so we shouldn't have a presigner */
+        if (presigner != NULL)
+            goto err;
+
+        certderlen = i2d_X509(cert, &certder);
+        if (certderlen < 0)
+            goto err;
+    }
+
+    /* See if cert has a precert SCTs extension */
+    idx = ct_x509_get_ext(cert, NID_ct_precert_scts, &sct_ext_is_dup);
+    /* Duplicate SCT extensions are present - error */
+    if (sct_ext_is_dup)
+        goto err;
+
+    if (idx >= 0 && poison_idx >= 0) {
+        /*
+         * cert can't both contain SCTs (i.e. have an SCT extension) and be a
+         * precert (i.e. have a poison extension).
+         */
+        goto err;
+    }
+
+    if (idx == -1) {
+        idx = poison_idx;
+    }
+
+    /*
+     * If either a poison or SCT extension is present, remove it before encoding
+     * cert. This, along with ct_x509_cert_fixup(), gets a TBSCertificate (see
+     * RFC5280) from cert, which is what the CT log signed when it produced the
+     * SCT.
+     */
+    if (idx >= 0) {
+        X509_EXTENSION *ext;
+
+        /* Take a copy of certificate so we don't modify passed version */
+        pretmp = X509_dup(cert);
+        if (pretmp == NULL)
+            goto err;
+
+        ext = X509_delete_ext(pretmp, idx);
+        X509_EXTENSION_free(ext);
+
+        if (!ct_x509_cert_fixup(pretmp, presigner))
+            goto err;
+
+        prederlen = i2d_re_X509_tbs(pretmp, &preder);
+        if (prederlen <= 0)
+            goto err;
+    }
+
+    X509_free(pretmp);
+
+    OPENSSL_free(sctx->certder);
+    sctx->certder = certder;
+    sctx->certderlen = certderlen;
+
+    OPENSSL_free(sctx->preder);
+    sctx->preder = preder;
+    sctx->prederlen = prederlen;
+
+    return 1;
+err:
+    OPENSSL_free(certder);
+    OPENSSL_free(preder);
+    X509_free(pretmp);
+    return 0;
+}
+
+__owur static int ct_public_key_hash(X509_PUBKEY *pkey, unsigned char **hash,
+                                     size_t *hash_len)
+{
+    int ret = 0;
+    unsigned char *md = NULL, *der = NULL;
+    int der_len;
+    unsigned int md_len;
+
+    /* Reuse buffer if possible */
+    if (*hash != NULL && *hash_len >= SHA256_DIGEST_LENGTH) {
+        md = *hash;
+    } else {
+        md = OPENSSL_malloc(SHA256_DIGEST_LENGTH);
+        if (md == NULL)
+            goto err;
+    }
+
+    /* Calculate key hash */
+    der_len = i2d_X509_PUBKEY(pkey, &der);
+    if (der_len <= 0)
+        goto err;
+
+    if (!EVP_Digest(der, der_len, md, &md_len, EVP_sha256(), NULL))
+        goto err;
+
+    if (md != *hash) {
+        OPENSSL_free(*hash);
+        *hash = md;
+        *hash_len = SHA256_DIGEST_LENGTH;
+    }
+
+    md = NULL;
+    ret = 1;
+ err:
+    OPENSSL_free(md);
+    OPENSSL_free(der);
+    return ret;
+}
+
+int SCT_CTX_set1_issuer(SCT_CTX *sctx, const X509 *issuer)
+{
+    return SCT_CTX_set1_issuer_pubkey(sctx, X509_get_X509_PUBKEY(issuer));
+}
+
+int SCT_CTX_set1_issuer_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey)
+{
+    return ct_public_key_hash(pubkey, &sctx->ihash, &sctx->ihashlen);
+}
+
+int SCT_CTX_set1_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey)
+{
+    EVP_PKEY *pkey = X509_PUBKEY_get(pubkey);
+
+    if (pkey == NULL)
+        return 0;
+
+    if (!ct_public_key_hash(pubkey, &sctx->pkeyhash, &sctx->pkeyhashlen)) {
+        EVP_PKEY_free(pkey);
+        return 0;
+    }
+
+    EVP_PKEY_free(sctx->pkey);
+    sctx->pkey = pkey;
+    return 1;
+}
+
+void SCT_CTX_set_time(SCT_CTX *sctx, uint64_t time_in_ms)
+{
+    sctx->epoch_time_in_ms = time_in_ms;
+}
diff --git a/freebsd/crypto/openssl/crypto/ct/ct_vfy.c b/freebsd/crypto/openssl/crypto/ct/ct_vfy.c
new file mode 100644
index 00000000..40a8a0c2
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/ct/ct_vfy.c
@@ -0,0 +1,142 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+
+#include <openssl/ct.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+
+#include "ct_locl.h"
+
+typedef enum sct_signature_type_t {
+    SIGNATURE_TYPE_NOT_SET = -1,
+    SIGNATURE_TYPE_CERT_TIMESTAMP,
+    SIGNATURE_TYPE_TREE_HASH
+} SCT_SIGNATURE_TYPE;
+
+/*
+ * Update encoding for SCT signature verification/generation to supplied
+ * EVP_MD_CTX.
+ */
+static int sct_ctx_update(EVP_MD_CTX *ctx, const SCT_CTX *sctx, const SCT *sct)
+{
+    unsigned char tmpbuf[12];
+    unsigned char *p, *der;
+    size_t derlen;
+    /*+
+     * digitally-signed struct {
+     *   (1 byte) Version sct_version;
+     *   (1 byte) SignatureType signature_type = certificate_timestamp;
+     *   (8 bytes) uint64 timestamp;
+     *   (2 bytes) LogEntryType entry_type;
+     *   (? bytes) select(entry_type) {
+     *     case x509_entry: ASN.1Cert;
+     *     case precert_entry: PreCert;
+     *   } signed_entry;
+     *   (2 bytes + sct->ext_len) CtExtensions extensions;
+     * }
+     */
+    if (sct->entry_type == CT_LOG_ENTRY_TYPE_NOT_SET)
+        return 0;
+    if (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT && sctx->ihash == NULL)
+        return 0;
+
+    p = tmpbuf;
+    *p++ = sct->version;
+    *p++ = SIGNATURE_TYPE_CERT_TIMESTAMP;
+    l2n8(sct->timestamp, p);
+    s2n(sct->entry_type, p);
+
+    if (!EVP_DigestUpdate(ctx, tmpbuf, p - tmpbuf))
+        return 0;
+
+    if (sct->entry_type == CT_LOG_ENTRY_TYPE_X509) {
+        der = sctx->certder;
+        derlen = sctx->certderlen;
+    } else {
+        if (!EVP_DigestUpdate(ctx, sctx->ihash, sctx->ihashlen))
+            return 0;
+        der = sctx->preder;
+        derlen = sctx->prederlen;
+    }
+
+    /* If no encoding available, fatal error */
+    if (der == NULL)
+        return 0;
+
+    /* Include length first */
+    p = tmpbuf;
+    l2n3(derlen, p);
+
+    if (!EVP_DigestUpdate(ctx, tmpbuf, 3))
+        return 0;
+    if (!EVP_DigestUpdate(ctx, der, derlen))
+        return 0;
+
+    /* Add any extensions */
+    p = tmpbuf;
+    s2n(sct->ext_len, p);
+    if (!EVP_DigestUpdate(ctx, tmpbuf, 2))
+        return 0;
+
+    if (sct->ext_len && !EVP_DigestUpdate(ctx, sct->ext, sct->ext_len))
+        return 0;
+
+    return 1;
+}
+
+int SCT_CTX_verify(const SCT_CTX *sctx, const SCT *sct)
+{
+    EVP_MD_CTX *ctx = NULL;
+    int ret = 0;
+
+    if (!SCT_is_complete(sct) || sctx->pkey == NULL ||
+        sct->entry_type == CT_LOG_ENTRY_TYPE_NOT_SET ||
+        (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT && sctx->ihash == NULL)) {
+        CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_NOT_SET);
+        return 0;
+    }
+    if (sct->version != SCT_VERSION_V1) {
+        CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_UNSUPPORTED_VERSION);
+        return 0;
+    }
+    if (sct->log_id_len != sctx->pkeyhashlen ||
+        memcmp(sct->log_id, sctx->pkeyhash, sctx->pkeyhashlen) != 0) {
+        CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_LOG_ID_MISMATCH);
+        return 0;
+    }
+    if (sct->timestamp > sctx->epoch_time_in_ms) {
+        CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_FUTURE_TIMESTAMP);
+        return 0;
+    }
+
+    ctx = EVP_MD_CTX_new();
+    if (ctx == NULL)
+        goto end;
+
+    if (!EVP_DigestVerifyInit(ctx, NULL, EVP_sha256(), NULL, sctx->pkey))
+        goto end;
+
+    if (!sct_ctx_update(ctx, sctx, sct))
+        goto end;
+
+    /* Verify signature */
+    ret = EVP_DigestVerifyFinal(ctx, sct->sig, sct->sig_len);
+    /* If ret < 0 some other error: fall through without setting error */
+    if (ret == 0)
+        CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_INVALID_SIGNATURE);
+
+end:
+    EVP_MD_CTX_free(ctx);
+    return ret;
+}
diff --git a/freebsd/crypto/openssl/crypto/ct/ct_x509v3.c b/freebsd/crypto/openssl/crypto/ct/ct_x509v3.c
new file mode 100644
index 00000000..ce0a49d4
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/ct/ct_x509v3.c
@@ -0,0 +1,106 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifdef OPENSSL_NO_CT
+# error "CT is disabled"
+#endif
+
+#include "ct_locl.h"
+
+static char *i2s_poison(const X509V3_EXT_METHOD *method, void *val)
+{
+    return OPENSSL_strdup("NULL");
+}
+
+static void *s2i_poison(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str)
+{
+   return ASN1_NULL_new();
+}
+
+static int i2r_SCT_LIST(X509V3_EXT_METHOD *method, STACK_OF(SCT) *sct_list,
+                 BIO *out, int indent)
+{
+    SCT_LIST_print(sct_list, out, indent, "\n", NULL);
+    return 1;
+}
+
+static int set_sct_list_source(STACK_OF(SCT) *s, sct_source_t source)
+{
+    if (s != NULL) {
+        int i;
+
+        for (i = 0; i < sk_SCT_num(s); i++) {
+            int res = SCT_set_source(sk_SCT_value(s, i), source);
+
+            if (res != 1) {
+                return 0;
+            }
+        }
+    }
+    return 1;
+}
+
+static STACK_OF(SCT) *x509_ext_d2i_SCT_LIST(STACK_OF(SCT) **a,
+                                            const unsigned char **pp,
+                                            long len)
+{
+     STACK_OF(SCT) *s = d2i_SCT_LIST(a, pp, len);
+
+     if (set_sct_list_source(s, SCT_SOURCE_X509V3_EXTENSION) != 1) {
+         SCT_LIST_free(s);
+         *a = NULL;
+         return NULL;
+     }
+     return s;
+}
+
+static STACK_OF(SCT) *ocsp_ext_d2i_SCT_LIST(STACK_OF(SCT) **a,
+                                            const unsigned char **pp,
+                                            long len)
+{
+    STACK_OF(SCT) *s = d2i_SCT_LIST(a, pp, len);
+
+    if (set_sct_list_source(s, SCT_SOURCE_OCSP_STAPLED_RESPONSE) != 1) {
+        SCT_LIST_free(s);
+        *a = NULL;
+        return NULL;
+    }
+    return s;
+}
+
+/* Handlers for X509v3/OCSP Certificate Transparency extensions */
+const X509V3_EXT_METHOD v3_ct_scts[3] = {
+    /* X509v3 extension in certificates that contains SCTs */
+    { NID_ct_precert_scts, 0, NULL,
+    NULL, (X509V3_EXT_FREE)SCT_LIST_free,
+    (X509V3_EXT_D2I)x509_ext_d2i_SCT_LIST, (X509V3_EXT_I2D)i2d_SCT_LIST,
+    NULL, NULL,
+    NULL, NULL,
+    (X509V3_EXT_I2R)i2r_SCT_LIST, NULL,
+    NULL },
+
+    /* X509v3 extension to mark a certificate as a pre-certificate */
+    { NID_ct_precert_poison, 0, ASN1_ITEM_ref(ASN1_NULL),
+    NULL, NULL, NULL, NULL,
+    i2s_poison, s2i_poison,
+    NULL, NULL,
+    NULL, NULL,
+    NULL },
+
+    /* OCSP extension that contains SCTs */
+    { NID_ct_cert_scts, 0, NULL,
+    0, (X509V3_EXT_FREE)SCT_LIST_free,
+    (X509V3_EXT_D2I)ocsp_ext_d2i_SCT_LIST, (X509V3_EXT_I2D)i2d_SCT_LIST,
+    NULL, NULL,
+    NULL, NULL,
+    (X509V3_EXT_I2R)i2r_SCT_LIST, NULL,
+    NULL },
+};
diff --git a/freebsd/crypto/openssl/crypto/ctype.c b/freebsd/crypto/openssl/crypto/ctype.c
new file mode 100644
index 00000000..1eb6a261
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/ctype.c
@@ -0,0 +1,276 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include <stdio.h>
+#include "internal/ctype.h"
+#include "openssl/ebcdic.h"
+
+/*
+ * Define the character classes for each character in the seven bit ASCII
+ * character set.  This is independent of the host's character set, characters
+ * are converted to ASCII before being used as an index in to this table.
+ * Characters outside of the seven bit ASCII range are detected before indexing.
+ */
+static const unsigned short ctype_char_map[128] = {
+   /* 00 nul */ CTYPE_MASK_cntrl,
+   /* 01 soh */ CTYPE_MASK_cntrl,
+   /* 02 stx */ CTYPE_MASK_cntrl,
+   /* 03 etx */ CTYPE_MASK_cntrl,
+   /* 04 eot */ CTYPE_MASK_cntrl,
+   /* 05 enq */ CTYPE_MASK_cntrl,
+   /* 06 ack */ CTYPE_MASK_cntrl,
+   /* 07 \a  */ CTYPE_MASK_cntrl,
+   /* 08 \b  */ CTYPE_MASK_cntrl,
+   /* 09 \t  */ CTYPE_MASK_blank | CTYPE_MASK_cntrl | CTYPE_MASK_space,
+   /* 0A \n  */ CTYPE_MASK_cntrl | CTYPE_MASK_space,
+   /* 0B \v  */ CTYPE_MASK_cntrl | CTYPE_MASK_space,
+   /* 0C \f  */ CTYPE_MASK_cntrl | CTYPE_MASK_space,
+   /* 0D \r  */ CTYPE_MASK_cntrl | CTYPE_MASK_space,
+   /* 0E so  */ CTYPE_MASK_cntrl,
+   /* 0F si  */ CTYPE_MASK_cntrl,
+   /* 10 dle */ CTYPE_MASK_cntrl,
+   /* 11 dc1 */ CTYPE_MASK_cntrl,
+   /* 12 dc2 */ CTYPE_MASK_cntrl,
+   /* 13 dc3 */ CTYPE_MASK_cntrl,
+   /* 14 dc4 */ CTYPE_MASK_cntrl,
+   /* 15 nak */ CTYPE_MASK_cntrl,
+   /* 16 syn */ CTYPE_MASK_cntrl,
+   /* 17 etb */ CTYPE_MASK_cntrl,
+   /* 18 can */ CTYPE_MASK_cntrl,
+   /* 19 em  */ CTYPE_MASK_cntrl,
+   /* 1A sub */ CTYPE_MASK_cntrl,
+   /* 1B esc */ CTYPE_MASK_cntrl,
+   /* 1C fs  */ CTYPE_MASK_cntrl,
+   /* 1D gs  */ CTYPE_MASK_cntrl,
+   /* 1E rs  */ CTYPE_MASK_cntrl,
+   /* 1F us  */ CTYPE_MASK_cntrl,
+   /* 20     */ CTYPE_MASK_blank | CTYPE_MASK_print | CTYPE_MASK_space
+                | CTYPE_MASK_asn1print,
+   /* 21  !  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 22  "  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 23  #  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 24  $  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 25  %  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 26  &  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 27  '  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+                | CTYPE_MASK_asn1print,
+   /* 28  (  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+                | CTYPE_MASK_asn1print,
+   /* 29  )  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+                | CTYPE_MASK_asn1print,
+   /* 2A  *  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 2B  +  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 2C  ,  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+                | CTYPE_MASK_asn1print,
+   /* 2D  -  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+                | CTYPE_MASK_asn1print,
+   /* 2E  .  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+                | CTYPE_MASK_asn1print,
+   /* 2F  /  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 30  0  */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 31  1  */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 32  2  */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 33  3  */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 34  4  */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 35  5  */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 36  6  */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 37  7  */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 38  8  */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 39  9  */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 3A  :  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+                | CTYPE_MASK_asn1print,
+   /* 3B  ;  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 3C  <  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 3D  =  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 3E  >  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 3F  ?  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+                | CTYPE_MASK_asn1print,
+   /* 40  @  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 41  A  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 42  B  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 43  C  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 44  D  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 45  E  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 46  F  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 47  G  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 48  H  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 49  I  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 4A  J  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 4B  K  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 4C  L  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 4D  M  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 4E  N  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 4F  O  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 50  P  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 51  Q  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 52  R  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 53  S  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 54  T  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 55  U  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 56  V  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 57  W  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 58  X  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 59  Y  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 5A  Z  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 5B  [  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 5C  \  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 5D  ]  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 5E  ^  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 5F  _  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 60  `  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 61  a  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 62  b  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 63  c  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 64  d  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 65  e  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 66  f  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 67  g  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 68  h  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 69  i  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 6A  j  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 6B  k  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 6C  l  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 6D  m  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 6E  n  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 6F  o  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 70  p  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 71  q  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 72  r  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 73  s  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 74  t  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 75  u  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 76  v  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 77  w  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 78  x  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 79  y  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 7A  z  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 7B  {  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 7C  |  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 7D  }  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 7E  ~  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 7F del */ CTYPE_MASK_cntrl
+};
+
+#ifdef CHARSET_EBCDIC
+int ossl_toascii(int c)
+{
+    if (c < -128 || c > 256 || c == EOF)
+        return c;
+    /*
+     * Adjust negatively signed characters.
+     * This is not required for ASCII because any character that sign extends
+     * is not seven bit and all of the checks are on the seven bit characters.
+     * I.e. any check must fail on sign extension.
+     */
+    if (c < 0)
+        c += 256;
+    return os_toascii[c];
+}
+
+int ossl_fromascii(int c)
+{
+    if (c < -128 || c > 256 || c == EOF)
+        return c;
+    if (c < 0)
+        c += 256;
+    return os_toebcdic[c];
+}
+#endif
+
+int ossl_ctype_check(int c, unsigned int mask)
+{
+    const int max = sizeof(ctype_char_map) / sizeof(*ctype_char_map);
+    const int a = ossl_toascii(c);
+
+    return a >= 0 && a < max && (ctype_char_map[a] & mask) != 0;
+}
+
+#if defined(CHARSET_EBCDIC) && !defined(CHARSET_EBCDIC_TEST)
+static const int case_change = 0x40;
+#else
+static const int case_change = 0x20;
+#endif
+
+int ossl_tolower(int c)
+{
+    return ossl_isupper(c) ? c ^ case_change : c;
+}
+
+int ossl_toupper(int c)
+{
+    return ossl_islower(c) ? c ^ case_change : c;
+}
diff --git a/freebsd/crypto/openssl/crypto/cversion.c b/freebsd/crypto/openssl/crypto/cversion.c
index 38131db2..119a135e 100644
--- a/freebsd/crypto/openssl/crypto/cversion.c
+++ b/freebsd/crypto/openssl/crypto/cversion.c
@@ -1,109 +1,46 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/cversion.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 
-#ifndef NO_WINDOWS_BRAINDEATH
-# include "buildinf.h"
-#endif
+#include "buildinf.h"
 
-const char *SSLeay_version(int t)
+unsigned long OpenSSL_version_num(void)
 {
-    if (t == SSLEAY_VERSION)
+    return OPENSSL_VERSION_NUMBER;
+}
+
+const char *OpenSSL_version(int t)
+{
+    switch (t) {
+    case OPENSSL_VERSION:
         return OPENSSL_VERSION_TEXT;
-    if (t == SSLEAY_BUILT_ON) {
-#ifdef DATE
-# ifdef OPENSSL_USE_BUILD_DATE
-        return (DATE);
-# else
-        return ("built on: reproducible build, date unspecified");
-# endif
-#else
-        return ("built on: date not available");
-#endif
-    }
-    if (t == SSLEAY_CFLAGS) {
-#ifdef CFLAGS
-        return (CFLAGS);
-#else
-        return ("compiler: information not available");
-#endif
-    }
-    if (t == SSLEAY_PLATFORM) {
-#ifdef PLATFORM
-        return (PLATFORM);
-#else
-        return ("platform: information not available");
-#endif
-    }
-    if (t == SSLEAY_DIR) {
+    case OPENSSL_BUILT_ON:
+        return DATE;
+    case OPENSSL_CFLAGS:
+        return compiler_flags;
+    case OPENSSL_PLATFORM:
+        return PLATFORM;
+    case OPENSSL_DIR:
 #ifdef OPENSSLDIR
         return "OPENSSLDIR: \"" OPENSSLDIR "\"";
 #else
         return "OPENSSLDIR: N/A";
 #endif
+    case OPENSSL_ENGINES_DIR:
+#ifdef ENGINESDIR
+        return "ENGINESDIR: \"" ENGINESDIR "\"";
+#else
+        return "ENGINESDIR: N/A";
+#endif
     }
-    return ("not available");
-}
-
-unsigned long SSLeay(void)
-{
-    return (SSLEAY_VERSION_NUMBER);
+    return "not available";
 }
diff --git a/freebsd/crypto/openssl/crypto/des/cbc3_enc.c b/freebsd/crypto/openssl/crypto/des/cbc3_enc.c
deleted file mode 100644
index b76d8472..00000000
--- a/freebsd/crypto/openssl/crypto/des/cbc3_enc.c
+++ /dev/null
@@ -1,97 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/des/cbc3_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-
-/* HAS BUGS! DON'T USE - this is only present for use in des.c */
-void DES_3cbc_encrypt(DES_cblock *input, DES_cblock *output, long length,
-                      DES_key_schedule ks1, DES_key_schedule ks2,
-                      DES_cblock *iv1, DES_cblock *iv2, int enc)
-{
-    int off = ((int)length - 1) / 8;
-    long l8 = ((length + 7) / 8) * 8;
-    DES_cblock niv1, niv2;
-
-    if (enc == DES_ENCRYPT) {
-        DES_cbc_encrypt((unsigned char *)input,
-                        (unsigned char *)output, length, &ks1, iv1, enc);
-        if (length >= sizeof(DES_cblock))
-            memcpy(niv1, output[off], sizeof(DES_cblock));
-        DES_cbc_encrypt((unsigned char *)output,
-                        (unsigned char *)output, l8, &ks2, iv1, !enc);
-        DES_cbc_encrypt((unsigned char *)output,
-                        (unsigned char *)output, l8, &ks1, iv2, enc);
-        if (length >= sizeof(DES_cblock))
-            memcpy(niv2, output[off], sizeof(DES_cblock));
-    } else {
-        if (length >= sizeof(DES_cblock))
-            memcpy(niv2, input[off], sizeof(DES_cblock));
-        DES_cbc_encrypt((unsigned char *)input,
-                        (unsigned char *)output, l8, &ks1, iv2, enc);
-        DES_cbc_encrypt((unsigned char *)output,
-                        (unsigned char *)output, l8, &ks2, iv1, !enc);
-        if (length >= sizeof(DES_cblock))
-            memcpy(niv1, output[off], sizeof(DES_cblock));
-        DES_cbc_encrypt((unsigned char *)output,
-                        (unsigned char *)output, length, &ks1, iv1, enc);
-    }
-    memcpy(*iv1, niv1, sizeof(DES_cblock));
-    memcpy(*iv2, niv2, sizeof(DES_cblock));
-}
diff --git a/freebsd/crypto/openssl/crypto/des/cbc_cksm.c b/freebsd/crypto/openssl/crypto/des/cbc_cksm.c
index b239f379..bc57f8ec 100644
--- a/freebsd/crypto/openssl/crypto/des/cbc_cksm.c
+++ b/freebsd/crypto/openssl/crypto/des/cbc_cksm.c
@@ -1,61 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/des/cbc_cksm.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include "des_locl.h"
@@ -84,7 +35,6 @@ DES_LONG DES_cbc_cksum(const unsigned char *in, DES_cblock *output,
         tin1 ^= tout1;
         tin[1] = tin1;
         DES_encrypt1((DES_LONG *)tin, schedule, DES_ENCRYPT);
-        /* fix 15/10/91 eay - thanks to keithr@sco.COM */
         tout0 = tin[0];
         tout1 = tin[1];
     }
@@ -101,5 +51,5 @@ DES_LONG DES_cbc_cksum(const unsigned char *in, DES_cblock *output,
         | ((tout1 >> 8L) & 0x0000FF00)
         | ((tout1 << 8L) & 0x00FF0000)
         | ((tout1 << 24L) & 0xFF000000);
-    return (tout1);
+    return tout1;
 }
diff --git a/freebsd/crypto/openssl/crypto/des/cbc_enc.c b/freebsd/crypto/openssl/crypto/des/cbc_enc.c
index 2e2e23cd..0d6c90a1 100644
--- a/freebsd/crypto/openssl/crypto/des/cbc_enc.c
+++ b/freebsd/crypto/openssl/crypto/des/cbc_enc.c
@@ -1,61 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/des/cbc_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #define CBC_ENC_C__DONT_UPDATE_IV
diff --git a/freebsd/crypto/openssl/crypto/des/cfb64ede.c b/freebsd/crypto/openssl/crypto/des/cfb64ede.c
index b8497c75..4de2ee58 100644
--- a/freebsd/crypto/openssl/crypto/des/cfb64ede.c
+++ b/freebsd/crypto/openssl/crypto/des/cfb64ede.c
@@ -1,65 +1,15 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/des/cfb64ede.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include "des_locl.h"
-#include "e_os.h"
 
 /*
  * The input and output encrypted as though 64bit cfb mode is being used.
@@ -129,16 +79,6 @@ void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
     *num = n;
 }
 
-#ifdef undef                    /* MACRO */
-void DES_ede2_cfb64_encrypt(unsigned char *in, unsigned char *out,
-                            long length, DES_key_schedule ks1,
-                            DES_key_schedule ks2, DES_cblock (*ivec),
-                            int *num, int enc)
-{
-    DES_ede3_cfb64_encrypt(in, out, length, ks1, ks2, ks1, ivec, num, enc);
-}
-#endif
-
 /*
  * This is compatible with the single key CFB-r for DES, even thought that's
  * not what EVP needs.
diff --git a/freebsd/crypto/openssl/crypto/des/cfb64enc.c b/freebsd/crypto/openssl/crypto/des/cfb64enc.c
index 9aef1240..2e98c4a7 100644
--- a/freebsd/crypto/openssl/crypto/des/cfb64enc.c
+++ b/freebsd/crypto/openssl/crypto/des/cfb64enc.c
@@ -1,61 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/des/cfb64enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include "des_locl.h"
diff --git a/freebsd/crypto/openssl/crypto/des/cfb_enc.c b/freebsd/crypto/openssl/crypto/des/cfb_enc.c
index a82a4911..8518e77f 100644
--- a/freebsd/crypto/openssl/crypto/des/cfb_enc.c
+++ b/freebsd/crypto/openssl/crypto/des/cfb_enc.c
@@ -1,61 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/des/cfb_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include "e_os.h"
@@ -88,7 +39,7 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
     unsigned int sh[4];
     unsigned char *ovec = (unsigned char *)sh;
 
-    /* I kind of count that compiler optimizes away this assertioni, */
+    /* I kind of count that compiler optimizes away this assertion, */
     assert(sizeof(sh[0]) == 4); /* as this holds true for all, */
     /* but 16-bit platforms...      */
 
diff --git a/freebsd/crypto/openssl/crypto/des/des.c b/freebsd/crypto/openssl/crypto/des/des.c
deleted file mode 100644
index 8ecc7211..00000000
--- a/freebsd/crypto/openssl/crypto/des/des.c
+++ /dev/null
@@ -1,870 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/des/des.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/opensslconf.h>
-#ifndef OPENSSL_SYS_MSDOS
-# ifndef OPENSSL_SYS_VMS
-#  include OPENSSL_UNISTD
-# else                          /* OPENSSL_SYS_VMS */
-#  ifdef __DECC
-#   include <unistd.h>
-#  else                         /* not __DECC */
-#   include <math.h>
-#  endif                        /* __DECC */
-# endif                         /* OPENSSL_SYS_VMS */
-#else                           /* OPENSSL_SYS_MSDOS */
-# include <io.h>
-#endif
-
-#include <time.h>
-#include "des_ver.h"
-
-#ifdef OPENSSL_SYS_VMS
-# include <types.h>
-# include <stat.h>
-#else
-# ifndef _IRIX
-#  include <sys/types.h>
-# endif
-# include <sys/stat.h>
-#endif
-#include <openssl/des.h>
-#include <openssl/rand.h>
-#include <openssl/ui_compat.h>
-
-void usage(void);
-void doencryption(void);
-int uufwrite(unsigned char *data, int size, unsigned int num, FILE *fp);
-void uufwriteEnd(FILE *fp);
-int uufread(unsigned char *out, int size, unsigned int num, FILE *fp);
-int uuencode(unsigned char *in, int num, unsigned char *out);
-int uudecode(unsigned char *in, int num, unsigned char *out);
-void DES_3cbc_encrypt(DES_cblock *input, DES_cblock *output, long length,
-                      DES_key_schedule sk1, DES_key_schedule sk2,
-                      DES_cblock *ivec1, DES_cblock *ivec2, int enc);
-#ifdef OPENSSL_SYS_VMS
-# define EXIT(a) exit(a&0x10000000L)
-#else
-# define EXIT(a) exit(a)
-#endif
-
-#define BUFSIZE (8*1024)
-#define VERIFY  1
-#define KEYSIZ  8
-#define KEYSIZB 1024            /* should hit tty line limit first :-) */
-char key[KEYSIZB + 1];
-int do_encrypt, longk = 0;
-FILE *DES_IN, *DES_OUT, *CKSUM_OUT;
-char uuname[200];
-unsigned char uubuf[50];
-int uubufnum = 0;
-#define INUUBUFN        (45*100)
-#define OUTUUBUF        (65*100)
-unsigned char b[OUTUUBUF];
-unsigned char bb[300];
-DES_cblock cksum = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
-
-char cksumname[200] = "";
-
-int vflag, cflag, eflag, dflag, kflag, bflag, fflag, sflag, uflag, flag3,
-    hflag, error;
-
-int main(int argc, char **argv)
-{
-    int i;
-    struct stat ins, outs;
-    char *p;
-    char *in = NULL, *out = NULL;
-
-    vflag = cflag = eflag = dflag = kflag = hflag = bflag = fflag = sflag =
-        uflag = flag3 = 0;
-    error = 0;
-    memset(key, 0, sizeof(key));
-
-    for (i = 1; i < argc; i++) {
-        p = argv[i];
-        if ((p[0] == '-') && (p[1] != '\0')) {
-            p++;
-            while (*p) {
-                switch (*(p++)) {
-                case '3':
-                    flag3 = 1;
-                    longk = 1;
-                    break;
-                case 'c':
-                    cflag = 1;
-                    strncpy(cksumname, p, 200);
-                    cksumname[sizeof(cksumname) - 1] = '\0';
-                    p += strlen(cksumname);
-                    break;
-                case 'C':
-                    cflag = 1;
-                    longk = 1;
-                    strncpy(cksumname, p, 200);
-                    cksumname[sizeof(cksumname) - 1] = '\0';
-                    p += strlen(cksumname);
-                    break;
-                case 'e':
-                    eflag = 1;
-                    break;
-                case 'v':
-                    vflag = 1;
-                    break;
-                case 'E':
-                    eflag = 1;
-                    longk = 1;
-                    break;
-                case 'd':
-                    dflag = 1;
-                    break;
-                case 'D':
-                    dflag = 1;
-                    longk = 1;
-                    break;
-                case 'b':
-                    bflag = 1;
-                    break;
-                case 'f':
-                    fflag = 1;
-                    break;
-                case 's':
-                    sflag = 1;
-                    break;
-                case 'u':
-                    uflag = 1;
-                    strncpy(uuname, p, 200);
-                    uuname[sizeof(uuname) - 1] = '\0';
-                    p += strlen(uuname);
-                    break;
-                case 'h':
-                    hflag = 1;
-                    break;
-                case 'k':
-                    kflag = 1;
-                    if ((i + 1) == argc) {
-                        fputs("must have a key with the -k option\n", stderr);
-                        error = 1;
-                    } else {
-                        int j;
-
-                        i++;
-                        strncpy(key, argv[i], KEYSIZB);
-                        for (j = strlen(argv[i]) - 1; j >= 0; j--)
-                            argv[i][j] = '\0';
-                    }
-                    break;
-                default:
-                    fprintf(stderr, "'%c' unknown flag\n", p[-1]);
-                    error = 1;
-                    break;
-                }
-            }
-        } else {
-            if (in == NULL)
-                in = argv[i];
-            else if (out == NULL)
-                out = argv[i];
-            else
-                error = 1;
-        }
-    }
-    if (error)
-        usage();
-    /*-
-     * We either
-     * do checksum or
-     * do encrypt or
-     * do decrypt or
-     * do decrypt then ckecksum or
-     * do checksum then encrypt
-     */
-    if (((eflag + dflag) == 1) || cflag) {
-        if (eflag)
-            do_encrypt = DES_ENCRYPT;
-        if (dflag)
-            do_encrypt = DES_DECRYPT;
-    } else {
-        if (vflag) {
-#ifndef _Windows
-            fprintf(stderr, "des(1) built with %s\n", libdes_version);
-#endif
-            EXIT(1);
-        } else
-            usage();
-    }
-
-#ifndef _Windows
-    if (vflag)
-        fprintf(stderr, "des(1) built with %s\n", libdes_version);
-#endif
-    if ((in != NULL) && (out != NULL) &&
-#ifndef OPENSSL_SYS_MSDOS
-        (stat(in, &ins) != -1) &&
-        (stat(out, &outs) != -1) &&
-        (ins.st_dev == outs.st_dev) && (ins.st_ino == outs.st_ino))
-#else                           /* OPENSSL_SYS_MSDOS */
-        (strcmp(in, out) == 0))
-#endif
-    {
-        fputs("input and output file are the same\n", stderr);
-        EXIT(3);
-    }
-
-    if (!kflag)
-        if (des_read_pw_string
-            (key, KEYSIZB + 1, "Enter key:", eflag ? VERIFY : 0)) {
-            fputs("password error\n", stderr);
-            EXIT(2);
-        }
-
-    if (in == NULL)
-        DES_IN = stdin;
-    else if ((DES_IN = fopen(in, "r")) == NULL) {
-        perror("opening input file");
-        EXIT(4);
-    }
-
-    CKSUM_OUT = stdout;
-    if (out == NULL) {
-        DES_OUT = stdout;
-        CKSUM_OUT = stderr;
-    } else if ((DES_OUT = fopen(out, "w")) == NULL) {
-        perror("opening output file");
-        EXIT(5);
-    }
-#ifdef OPENSSL_SYS_MSDOS
-    /* This should set the file to binary mode. */
-    {
-# include <fcntl.h>
-        if (!(uflag && dflag))
-            setmode(fileno(DES_IN), O_BINARY);
-        if (!(uflag && eflag))
-            setmode(fileno(DES_OUT), O_BINARY);
-    }
-#endif
-
-    doencryption();
-    fclose(DES_IN);
-    fclose(DES_OUT);
-    EXIT(0);
-}
-
-void usage(void)
-{
-    char **u;
-    static const char *Usage[] = {
-        "des <options> [input-file [output-file]]",
-        "options:",
-        "-v         : des(1) version number",
-        "-e         : encrypt using SunOS compatible user key to DES key conversion.",
-        "-E         : encrypt ",
-        "-d         : decrypt using SunOS compatible user key to DES key conversion.",
-        "-D         : decrypt ",
-        "-c[ckname] : generate a cbc_cksum using SunOS compatible user key to",
-        "             DES key conversion and output to ckname (stdout default,",
-        "             stderr if data being output on stdout).  The checksum is",
-        "             generated before encryption and after decryption if used",
-        "             in conjunction with -[eEdD].",
-        "-C[ckname] : generate a cbc_cksum as for -c but compatible with -[ED].",
-        "-k key     : use key 'key'",
-        "-h         : the key that is entered will be a hexadecimal number",
-        "             that is used directly as the des key",
-        "-u[uuname] : input file is uudecoded if -[dD] or output uuencoded data if -[eE]",
-        "             (uuname is the filename to put in the uuencode header).",
-        "-b         : encrypt using DES in ecb encryption mode, the default is cbc mode.",
-        "-3         : encrypt using triple DES encryption.  This uses 2 keys",
-        "             generated from the input key.  If the input key is less",
-        "             than 8 characters long, this is equivalent to normal",
-        "             encryption.  Default is triple cbc, -b makes it triple ecb.",
-        NULL
-    };
-    for (u = (char **)Usage; *u; u++) {
-        fputs(*u, stderr);
-        fputc('\n', stderr);
-    }
-
-    EXIT(1);
-}
-
-void doencryption(void)
-{
-#ifdef _LIBC
-    extern unsigned long time();
-#endif
-
-    register int i;
-    DES_key_schedule ks, ks2;
-    DES_cblock iv, iv2;
-    char *p;
-    int num = 0, j, k, l, rem, ll, len, last, ex = 0;
-    DES_cblock kk, k2;
-    FILE *O;
-    int Exit = 0;
-#ifndef OPENSSL_SYS_MSDOS
-    static unsigned char buf[BUFSIZE + 8], obuf[BUFSIZE + 8];
-#else
-    static unsigned char *buf = NULL, *obuf = NULL;
-
-    if (buf == NULL) {
-        if (((buf = OPENSSL_malloc(BUFSIZE + 8)) == NULL) ||
-            ((obuf = OPENSSL_malloc(BUFSIZE + 8)) == NULL)) {
-            fputs("Not enough memory\n", stderr);
-            Exit = 10;
-            goto problems;
-        }
-    }
-#endif
-
-    if (hflag) {
-        j = (flag3 ? 16 : 8);
-        p = key;
-        for (i = 0; i < j; i++) {
-            k = 0;
-            if ((*p <= '9') && (*p >= '0'))
-                k = (*p - '0') << 4;
-            else if ((*p <= 'f') && (*p >= 'a'))
-                k = (*p - 'a' + 10) << 4;
-            else if ((*p <= 'F') && (*p >= 'A'))
-                k = (*p - 'A' + 10) << 4;
-            else {
-                fputs("Bad hex key\n", stderr);
-                Exit = 9;
-                goto problems;
-            }
-            p++;
-            if ((*p <= '9') && (*p >= '0'))
-                k |= (*p - '0');
-            else if ((*p <= 'f') && (*p >= 'a'))
-                k |= (*p - 'a' + 10);
-            else if ((*p <= 'F') && (*p >= 'A'))
-                k |= (*p - 'A' + 10);
-            else {
-                fputs("Bad hex key\n", stderr);
-                Exit = 9;
-                goto problems;
-            }
-            p++;
-            if (i < 8)
-                kk[i] = k;
-            else
-                k2[i - 8] = k;
-        }
-        DES_set_key_unchecked(&k2, &ks2);
-        OPENSSL_cleanse(k2, sizeof(k2));
-    } else if (longk || flag3) {
-        if (flag3) {
-            DES_string_to_2keys(key, &kk, &k2);
-            DES_set_key_unchecked(&k2, &ks2);
-            OPENSSL_cleanse(k2, sizeof(k2));
-        } else
-            DES_string_to_key(key, &kk);
-    } else
-        for (i = 0; i < KEYSIZ; i++) {
-            l = 0;
-            k = key[i];
-            for (j = 0; j < 8; j++) {
-                if (k & 1)
-                    l++;
-                k >>= 1;
-            }
-            if (l & 1)
-                kk[i] = key[i] & 0x7f;
-            else
-                kk[i] = key[i] | 0x80;
-        }
-
-    DES_set_key_unchecked(&kk, &ks);
-    OPENSSL_cleanse(key, sizeof(key));
-    OPENSSL_cleanse(kk, sizeof(kk));
-    /* woops - A bug that does not showup under unix :-( */
-    memset(iv, 0, sizeof(iv));
-    memset(iv2, 0, sizeof(iv2));
-
-    l = 1;
-    rem = 0;
-    /* first read */
-    if (eflag || (!dflag && cflag)) {
-        for (;;) {
-            num = l = fread(&(buf[rem]), 1, BUFSIZE, DES_IN);
-            l += rem;
-            num += rem;
-            if (l < 0) {
-                perror("read error");
-                Exit = 6;
-                goto problems;
-            }
-
-            rem = l % 8;
-            len = l - rem;
-            if (feof(DES_IN)) {
-                for (i = 7 - rem; i > 0; i--) {
-                    if (RAND_bytes(buf + l++, 1) <= 0)
-                        goto problems;
-                }
-                buf[l++] = rem;
-                ex = 1;
-                len += rem;
-            } else
-                l -= rem;
-
-            if (cflag) {
-                DES_cbc_cksum(buf, &cksum, (long)len, &ks, &cksum);
-                if (!eflag) {
-                    if (feof(DES_IN))
-                        break;
-                    else
-                        continue;
-                }
-            }
-
-            if (bflag && !flag3)
-                for (i = 0; i < l; i += 8)
-                    DES_ecb_encrypt((DES_cblock *)&(buf[i]),
-                                    (DES_cblock *)&(obuf[i]),
-                                    &ks, do_encrypt);
-            else if (flag3 && bflag)
-                for (i = 0; i < l; i += 8)
-                    DES_ecb2_encrypt((DES_cblock *)&(buf[i]),
-                                     (DES_cblock *)&(obuf[i]),
-                                     &ks, &ks2, do_encrypt);
-            else if (flag3 && !bflag) {
-                char tmpbuf[8];
-
-                if (rem)
-                    memcpy(tmpbuf, &(buf[l]), (unsigned int)rem);
-                DES_3cbc_encrypt((DES_cblock *)buf, (DES_cblock *)obuf,
-                                 (long)l, ks, ks2, &iv, &iv2, do_encrypt);
-                if (rem)
-                    memcpy(&(buf[l]), tmpbuf, (unsigned int)rem);
-            } else {
-                DES_cbc_encrypt(buf, obuf, (long)l, &ks, &iv, do_encrypt);
-                if (l >= 8)
-                    memcpy(iv, &(obuf[l - 8]), 8);
-            }
-            if (rem)
-                memcpy(buf, &(buf[l]), (unsigned int)rem);
-
-            i = 0;
-            while (i < l) {
-                if (uflag)
-                    j = uufwrite(obuf, 1, (unsigned int)l - i, DES_OUT);
-                else
-                    j = fwrite(obuf, 1, (unsigned int)l - i, DES_OUT);
-                if (j == -1) {
-                    perror("Write error");
-                    Exit = 7;
-                    goto problems;
-                }
-                i += j;
-            }
-            if (feof(DES_IN)) {
-                if (uflag)
-                    uufwriteEnd(DES_OUT);
-                break;
-            }
-        }
-    } else {                    /* decrypt */
-
-        ex = 1;
-        for (;;) {
-            if (ex) {
-                if (uflag)
-                    l = uufread(buf, 1, BUFSIZE, DES_IN);
-                else
-                    l = fread(buf, 1, BUFSIZE, DES_IN);
-                ex = 0;
-                rem = l % 8;
-                l -= rem;
-            }
-            if (l < 0) {
-                perror("read error");
-                Exit = 6;
-                goto problems;
-            }
-
-            if (bflag && !flag3)
-                for (i = 0; i < l; i += 8)
-                    DES_ecb_encrypt((DES_cblock *)&(buf[i]),
-                                    (DES_cblock *)&(obuf[i]),
-                                    &ks, do_encrypt);
-            else if (flag3 && bflag)
-                for (i = 0; i < l; i += 8)
-                    DES_ecb2_encrypt((DES_cblock *)&(buf[i]),
-                                     (DES_cblock *)&(obuf[i]),
-                                     &ks, &ks2, do_encrypt);
-            else if (flag3 && !bflag) {
-                DES_3cbc_encrypt((DES_cblock *)buf, (DES_cblock *)obuf,
-                                 (long)l, ks, ks2, &iv, &iv2, do_encrypt);
-            } else {
-                DES_cbc_encrypt(buf, obuf, (long)l, &ks, &iv, do_encrypt);
-                if (l >= 8)
-                    memcpy(iv, &(buf[l - 8]), 8);
-            }
-
-            if (uflag)
-                ll = uufread(&(buf[rem]), 1, BUFSIZE, DES_IN);
-            else
-                ll = fread(&(buf[rem]), 1, BUFSIZE, DES_IN);
-            ll += rem;
-            rem = ll % 8;
-            ll -= rem;
-            if (feof(DES_IN) && (ll == 0)) {
-                last = obuf[l - 1];
-
-                if ((last > 7) || (last < 0)) {
-                    fputs("The file was not decrypted correctly.\n", stderr);
-                    Exit = 8;
-                    last = 0;
-                }
-                l = l - 8 + last;
-            }
-            i = 0;
-            if (cflag)
-                DES_cbc_cksum(obuf,
-                              (DES_cblock *)cksum, (long)l / 8 * 8, &ks,
-                              (DES_cblock *)cksum);
-            while (i != l) {
-                j = fwrite(obuf, 1, (unsigned int)l - i, DES_OUT);
-                if (j == -1) {
-                    perror("Write error");
-                    Exit = 7;
-                    goto problems;
-                }
-                i += j;
-            }
-            l = ll;
-            if ((l == 0) && feof(DES_IN))
-                break;
-        }
-    }
-    if (cflag) {
-        l = 0;
-        if (cksumname[0] != '\0') {
-            if ((O = fopen(cksumname, "w")) != NULL) {
-                CKSUM_OUT = O;
-                l = 1;
-            }
-        }
-        for (i = 0; i < 8; i++)
-            fprintf(CKSUM_OUT, "%02X", cksum[i]);
-        fprintf(CKSUM_OUT, "\n");
-        if (l)
-            fclose(CKSUM_OUT);
-    }
- problems:
-    OPENSSL_cleanse(buf, sizeof(buf));
-    OPENSSL_cleanse(obuf, sizeof(obuf));
-    OPENSSL_cleanse(&ks, sizeof(ks));
-    OPENSSL_cleanse(&ks2, sizeof(ks2));
-    OPENSSL_cleanse(iv, sizeof(iv));
-    OPENSSL_cleanse(iv2, sizeof(iv2));
-    OPENSSL_cleanse(kk, sizeof(kk));
-    OPENSSL_cleanse(k2, sizeof(k2));
-    OPENSSL_cleanse(uubuf, sizeof(uubuf));
-    OPENSSL_cleanse(b, sizeof(b));
-    OPENSSL_cleanse(bb, sizeof(bb));
-    OPENSSL_cleanse(cksum, sizeof(cksum));
-    if (Exit)
-        EXIT(Exit);
-}
-
-/*    We ignore this parameter but it should be > ~50 I believe    */
-int uufwrite(unsigned char *data, int size, unsigned int num, FILE *fp)
-{
-    int i, j, left, rem, ret = num;
-    static int start = 1;
-
-    if (start) {
-        fprintf(fp, "begin 600 %s\n",
-                (uuname[0] == '\0') ? "text.d" : uuname);
-        start = 0;
-    }
-
-    if (uubufnum) {
-        if (uubufnum + num < 45) {
-            memcpy(&(uubuf[uubufnum]), data, (unsigned int)num);
-            uubufnum += num;
-            return (num);
-        } else {
-            i = 45 - uubufnum;
-            memcpy(&(uubuf[uubufnum]), data, (unsigned int)i);
-            j = uuencode((unsigned char *)uubuf, 45, b);
-            fwrite(b, 1, (unsigned int)j, fp);
-            uubufnum = 0;
-            data += i;
-            num -= i;
-        }
-    }
-
-    for (i = 0; i < (((int)num) - INUUBUFN); i += INUUBUFN) {
-        j = uuencode(&(data[i]), INUUBUFN, b);
-        fwrite(b, 1, (unsigned int)j, fp);
-    }
-    rem = (num - i) % 45;
-    left = (num - i - rem);
-    if (left) {
-        j = uuencode(&(data[i]), left, b);
-        fwrite(b, 1, (unsigned int)j, fp);
-        i += left;
-    }
-    if (i != num) {
-        memcpy(uubuf, &(data[i]), (unsigned int)rem);
-        uubufnum = rem;
-    }
-    return (ret);
-}
-
-void uufwriteEnd(FILE *fp)
-{
-    int j;
-    static const char *end = " \nend\n";
-
-    if (uubufnum != 0) {
-        uubuf[uubufnum] = '\0';
-        uubuf[uubufnum + 1] = '\0';
-        uubuf[uubufnum + 2] = '\0';
-        j = uuencode(uubuf, uubufnum, b);
-        fwrite(b, 1, (unsigned int)j, fp);
-    }
-    fwrite(end, 1, strlen(end), fp);
-}
-
-/*
- * int size: should always be > ~ 60; I actually ignore this parameter :-)
- */
-int uufread(unsigned char *out, int size, unsigned int num, FILE *fp)
-{
-    int i, j, tot;
-    static int done = 0;
-    static int valid = 0;
-    static int start = 1;
-
-    if (start) {
-        for (;;) {
-            b[0] = '\0';
-            fgets((char *)b, 300, fp);
-            if (b[0] == '\0') {
-                fprintf(stderr, "no 'begin' found in uuencoded input\n");
-                return (-1);
-            }
-            if (strncmp((char *)b, "begin ", 6) == 0)
-                break;
-        }
-        start = 0;
-    }
-    if (done)
-        return (0);
-    tot = 0;
-    if (valid) {
-        memcpy(out, bb, (unsigned int)valid);
-        tot = valid;
-        valid = 0;
-    }
-    for (;;) {
-        b[0] = '\0';
-        fgets((char *)b, 300, fp);
-        if (b[0] == '\0')
-            break;
-        i = strlen((char *)b);
-        if ((b[0] == 'e') && (b[1] == 'n') && (b[2] == 'd')) {
-            done = 1;
-            while (!feof(fp)) {
-                fgets((char *)b, 300, fp);
-            }
-            break;
-        }
-        i = uudecode(b, i, bb);
-        if (i < 0)
-            break;
-        if ((i + tot + 8) > num) {
-            /* num to copy to make it a multiple of 8 */
-            j = (num / 8 * 8) - tot - 8;
-            memcpy(&(out[tot]), bb, (unsigned int)j);
-            tot += j;
-            memcpy(bb, &(bb[j]), (unsigned int)i - j);
-            valid = i - j;
-            break;
-        }
-        memcpy(&(out[tot]), bb, (unsigned int)i);
-        tot += i;
-    }
-    return (tot);
-}
-
-#define ccc2l(c,l)      (l =((DES_LONG)(*((c)++)))<<16, \
-                         l|=((DES_LONG)(*((c)++)))<< 8, \
-                         l|=((DES_LONG)(*((c)++))))
-
-#define l2ccc(l,c)      (*((c)++)=(unsigned char)(((l)>>16)&0xff), \
-                    *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
-                    *((c)++)=(unsigned char)(((l)    )&0xff))
-
-int uuencode(unsigned char *in, int num, unsigned char *out)
-{
-    int j, i, n, tot = 0;
-    DES_LONG l;
-    register unsigned char *p;
-    p = out;
-
-    for (j = 0; j < num; j += 45) {
-        if (j + 45 > num)
-            i = (num - j);
-        else
-            i = 45;
-        *(p++) = i + ' ';
-        for (n = 0; n < i; n += 3) {
-            ccc2l(in, l);
-            *(p++) = ((l >> 18) & 0x3f) + ' ';
-            *(p++) = ((l >> 12) & 0x3f) + ' ';
-            *(p++) = ((l >> 6) & 0x3f) + ' ';
-            *(p++) = ((l) & 0x3f) + ' ';
-            tot += 4;
-        }
-        *(p++) = '\n';
-        tot += 2;
-    }
-    *p = '\0';
-    l = 0;
-    return (tot);
-}
-
-int uudecode(unsigned char *in, int num, unsigned char *out)
-{
-    int j, i, k;
-    unsigned int n = 0, space = 0;
-    DES_LONG l;
-    DES_LONG w, x, y, z;
-    unsigned int blank = (unsigned int)'\n' - ' ';
-
-    for (j = 0; j < num;) {
-        n = *(in++) - ' ';
-        if (n == blank) {
-            n = 0;
-            in--;
-        }
-        if (n > 60) {
-            fprintf(stderr, "uuencoded line length too long\n");
-            return (-1);
-        }
-        j++;
-
-        for (i = 0; i < n; j += 4, i += 3) {
-            /*
-             * the following is for cases where spaces are removed from
-             * lines.
-             */
-            if (space) {
-                w = x = y = z = 0;
-            } else {
-                w = *(in++) - ' ';
-                x = *(in++) - ' ';
-                y = *(in++) - ' ';
-                z = *(in++) - ' ';
-            }
-            if ((w > 63) || (x > 63) || (y > 63) || (z > 63)) {
-                k = 0;
-                if (w == blank)
-                    k = 1;
-                if (x == blank)
-                    k = 2;
-                if (y == blank)
-                    k = 3;
-                if (z == blank)
-                    k = 4;
-                space = 1;
-                switch (k) {
-                case 1:
-                    w = 0;
-                    in--;
-                case 2:
-                    x = 0;
-                    in--;
-                case 3:
-                    y = 0;
-                    in--;
-                case 4:
-                    z = 0;
-                    in--;
-                    break;
-                case 0:
-                    space = 0;
-                    fprintf(stderr, "bad uuencoded data values\n");
-                    w = x = y = z = 0;
-                    return (-1);
-                    break;
-                }
-            }
-            l = (w << 18) | (x << 12) | (y << 6) | (z);
-            l2ccc(l, out);
-        }
-        if (*(in++) != '\n') {
-            fprintf(stderr, "missing nl in uuencoded line\n");
-            w = x = y = z = 0;
-            return (-1);
-        }
-        j++;
-    }
-    *out = '\0';
-    w = x = y = z = 0;
-    return (n);
-}
diff --git a/freebsd/crypto/openssl/crypto/des/des_enc.c b/freebsd/crypto/openssl/crypto/des/des_enc.c
index ad17f51a..20f0bfbf 100644
--- a/freebsd/crypto/openssl/crypto/des/des_enc.c
+++ b/freebsd/crypto/openssl/crypto/des/des_enc.c
@@ -1,75 +1,21 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/des/des_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
+#include <openssl/crypto.h>
 #include "des_locl.h"
 #include "spr.h"
 
 void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc)
 {
     register DES_LONG l, r, t, u;
-#ifdef DES_PTR
-    register const unsigned char *des_SP = (const unsigned char *)DES_SPtrans;
-#endif
-#ifndef DES_UNROLL
-    register int i;
-#endif
     register DES_LONG *s;
 
     r = data[0];
@@ -80,8 +26,7 @@ void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc)
      * Things have been modified so that the initial rotate is done outside
      * the loop.  This required the DES_SPtrans values in sp.h to be rotated
      * 1 bit to the right. One perl script later and things have a 5% speed
-     * up on a sparc2. Thanks to Richard Outerbridge
-     * <71755.204@CompuServe.COM> for pointing this out.
+     * up on a sparc2. Thanks to Richard Outerbridge for pointing this out.
      */
     /* clear the top bits on machines with 8byte longs */
     /* shift left by 2 */
@@ -94,7 +39,6 @@ void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc)
      * loop
      */
     if (enc) {
-#ifdef DES_UNROLL
         D_ENCRYPT(l, r, 0);     /* 1 */
         D_ENCRYPT(r, l, 2);     /* 2 */
         D_ENCRYPT(l, r, 4);     /* 3 */
@@ -111,14 +55,7 @@ void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc)
         D_ENCRYPT(r, l, 26);    /* 14 */
         D_ENCRYPT(l, r, 28);    /* 15 */
         D_ENCRYPT(r, l, 30);    /* 16 */
-#else
-        for (i = 0; i < 32; i += 4) {
-            D_ENCRYPT(l, r, i + 0); /* 1 */
-            D_ENCRYPT(r, l, i + 2); /* 2 */
-        }
-#endif
     } else {
-#ifdef DES_UNROLL
         D_ENCRYPT(l, r, 30);    /* 16 */
         D_ENCRYPT(r, l, 28);    /* 15 */
         D_ENCRYPT(l, r, 26);    /* 14 */
@@ -135,12 +72,6 @@ void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc)
         D_ENCRYPT(r, l, 4);     /* 3 */
         D_ENCRYPT(l, r, 2);     /* 2 */
         D_ENCRYPT(r, l, 0);     /* 1 */
-#else
-        for (i = 30; i > 0; i -= 4) {
-            D_ENCRYPT(l, r, i - 0); /* 16 */
-            D_ENCRYPT(r, l, i - 2); /* 15 */
-        }
-#endif
     }
 
     /* rotate and clear the top bits on machines with 8byte longs */
@@ -156,12 +87,6 @@ void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc)
 void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc)
 {
     register DES_LONG l, r, t, u;
-#ifdef DES_PTR
-    register const unsigned char *des_SP = (const unsigned char *)DES_SPtrans;
-#endif
-#ifndef DES_UNROLL
-    register int i;
-#endif
     register DES_LONG *s;
 
     r = data[0];
@@ -171,8 +96,7 @@ void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc)
      * Things have been modified so that the initial rotate is done outside
      * the loop.  This required the DES_SPtrans values in sp.h to be rotated
      * 1 bit to the right. One perl script later and things have a 5% speed
-     * up on a sparc2. Thanks to Richard Outerbridge
-     * <71755.204@CompuServe.COM> for pointing this out.
+     * up on a sparc2. Thanks to Richard Outerbridge for pointing this out.
      */
     /* clear the top bits on machines with 8byte longs */
     r = ROTATE(r, 29) & 0xffffffffL;
@@ -184,7 +108,6 @@ void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc)
      * loop
      */
     if (enc) {
-#ifdef DES_UNROLL
         D_ENCRYPT(l, r, 0);     /* 1 */
         D_ENCRYPT(r, l, 2);     /* 2 */
         D_ENCRYPT(l, r, 4);     /* 3 */
@@ -201,14 +124,7 @@ void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc)
         D_ENCRYPT(r, l, 26);    /* 14 */
         D_ENCRYPT(l, r, 28);    /* 15 */
         D_ENCRYPT(r, l, 30);    /* 16 */
-#else
-        for (i = 0; i < 32; i += 4) {
-            D_ENCRYPT(l, r, i + 0); /* 1 */
-            D_ENCRYPT(r, l, i + 2); /* 2 */
-        }
-#endif
     } else {
-#ifdef DES_UNROLL
         D_ENCRYPT(l, r, 30);    /* 16 */
         D_ENCRYPT(r, l, 28);    /* 15 */
         D_ENCRYPT(l, r, 26);    /* 14 */
@@ -225,12 +141,6 @@ void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc)
         D_ENCRYPT(r, l, 4);     /* 3 */
         D_ENCRYPT(l, r, 2);     /* 2 */
         D_ENCRYPT(r, l, 0);     /* 1 */
-#else
-        for (i = 30; i > 0; i -= 4) {
-            D_ENCRYPT(l, r, i - 0); /* 16 */
-            D_ENCRYPT(r, l, i - 2); /* 15 */
-        }
-#endif
     }
     /* rotate and clear the top bits on machines with 8byte longs */
     data[0] = ROTATE(l, 3) & 0xffffffffL;
diff --git a/freebsd/crypto/openssl/crypto/des/des_locl.h b/freebsd/crypto/openssl/crypto/des/des_locl.h
index 23ea9d32..f401e6f3 100644
--- a/freebsd/crypto/openssl/crypto/des/des_locl.h
+++ b/freebsd/crypto/openssl/crypto/des/des_locl.h
@@ -1,59 +1,10 @@
-/* crypto/des/des_locl.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #ifndef HEADER_DES_LOCL_H
@@ -61,38 +12,12 @@
 
 # include <openssl/e_os2.h>
 
-# if defined(OPENSSL_SYS_WIN32)
-#  ifndef OPENSSL_SYS_MSDOS
-#   define OPENSSL_SYS_MSDOS
-#  endif
-# endif
-
 # include <stdio.h>
 # include <stdlib.h>
+# include <string.h>
 
-# ifndef OPENSSL_SYS_MSDOS
-#  if !defined(OPENSSL_SYS_VMS) || defined(__DECC)
-#   ifdef OPENSSL_UNISTD
-#    include OPENSSL_UNISTD
-#   else
-#    include <unistd.h>
-#   endif
-#   include <math.h>
-#  endif
-# endif
 # include <openssl/des.h>
 
-# ifdef OPENSSL_SYS_MSDOS       /* Visual C++ 2.1 (Windows NT/95) */
-#  include <stdlib.h>
-#  include <errno.h>
-#  include <time.h>
-#  include <io.h>
-# endif
-
-# if defined(__STDC__) || defined(OPENSSL_SYS_VMS) || defined(M_XENIX) || defined(OPENSSL_SYS_MSDOS)
-#  include <string.h>
-# endif
-
 # ifdef OPENSSL_BUILD_SHLIBCRYPTO
 #  undef OPENSSL_EXTERN
 #  define OPENSSL_EXTERN OPENSSL_EXPORT
@@ -101,10 +26,6 @@
 # define ITERATIONS 16
 # define HALF_ITERATIONS 8
 
-/* used in des_read and des_write */
-# define MAXWRITE        (1024*16)
-# define BSIZE           (MAXWRITE+4)
-
 # define c2l(c,l)        (l =((DES_LONG)(*((c)++)))    , \
                          l|=((DES_LONG)(*((c)++)))<< 8L, \
                          l|=((DES_LONG)(*((c)++)))<<16L, \
@@ -116,13 +37,20 @@
                         l1=l2=0; \
                         switch (n) { \
                         case 8: l2 =((DES_LONG)(*(--(c))))<<24L; \
+                        /* fall thru */                          \
                         case 7: l2|=((DES_LONG)(*(--(c))))<<16L; \
+                        /* fall thru */                          \
                         case 6: l2|=((DES_LONG)(*(--(c))))<< 8L; \
-                        case 5: l2|=((DES_LONG)(*(--(c))));     \
+                        /* fall thru */                          \
+                        case 5: l2|=((DES_LONG)(*(--(c))));      \
+                        /* fall thru */                          \
                         case 4: l1 =((DES_LONG)(*(--(c))))<<24L; \
+                        /* fall thru */                          \
                         case 3: l1|=((DES_LONG)(*(--(c))))<<16L; \
+                        /* fall thru */                          \
                         case 2: l1|=((DES_LONG)(*(--(c))))<< 8L; \
-                        case 1: l1|=((DES_LONG)(*(--(c))));     \
+                        /* fall thru */                          \
+                        case 1: l1|=((DES_LONG)(*(--(c))));      \
                                 } \
                         }
 
@@ -135,7 +63,6 @@
  * replacements for htonl and ntohl since I have no idea what to do when
  * faced with machines with 8 byte longs.
  */
-# define HDRSIZE 4
 
 # define n2l(c,l)        (l =((DES_LONG)(*((c)++)))<<24L, \
                          l|=((DES_LONG)(*((c)++)))<<16L, \
@@ -152,17 +79,24 @@
                         c+=n; \
                         switch (n) { \
                         case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
+                        /* fall thru */                                     \
                         case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
+                        /* fall thru */                                     \
                         case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
+                        /* fall thru */                                     \
                         case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \
+                        /* fall thru */                                     \
                         case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
+                        /* fall thru */                                     \
                         case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
+                        /* fall thru */                                     \
                         case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
+                        /* fall thru */                                     \
                         case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \
                                 } \
                         }
 
-# if (defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER))
+# if defined(_MSC_VER)
 #  define ROTATE(a,n)     (_lrotr(a,n))
 # elif defined(__ICC)
 #  define ROTATE(a,n)     (_rotr(a,n))
@@ -204,171 +138,23 @@
 # endif
 
 /*
- * The changes to this macro may help or hinder, depending on the compiler
- * and the architecture.  gcc2 always seems to do well :-). Inspired by Dana
- * How <how@isl.stanford.edu> DO NOT use the alternative version on machines
- * with 8 byte longs. It does not seem to work on the Alpha, even when
- * DES_LONG is 4 bytes, probably an issue of accessing non-word aligned
- * objects :-(
- */
-# ifdef DES_PTR
-
-/*
  * It recently occurred to me that 0^0^0^0^0^0^0 == 0, so there is no reason
  * to not xor all the sub items together.  This potentially saves a register
  * since things can be xored directly into L
  */
 
-#  if defined(DES_RISC1) || defined(DES_RISC2)
-#   ifdef DES_RISC1
-#    define D_ENCRYPT(LL,R,S) { \
-        unsigned int u1,u2,u3; \
-        LOAD_DATA(R,S,u,t,E0,E1,u1); \
-        u2=(int)u>>8L; \
-        u1=(int)u&0xfc; \
-        u2&=0xfc; \
-        t=ROTATE(t,4); \
-        u>>=16L; \
-        LL^= *(const DES_LONG *)(des_SP      +u1); \
-        LL^= *(const DES_LONG *)(des_SP+0x200+u2); \
-        u3=(int)(u>>8L); \
-        u1=(int)u&0xfc; \
-        u3&=0xfc; \
-        LL^= *(const DES_LONG *)(des_SP+0x400+u1); \
-        LL^= *(const DES_LONG *)(des_SP+0x600+u3); \
-        u2=(int)t>>8L; \
-        u1=(int)t&0xfc; \
-        u2&=0xfc; \
-        t>>=16L; \
-        LL^= *(const DES_LONG *)(des_SP+0x100+u1); \
-        LL^= *(const DES_LONG *)(des_SP+0x300+u2); \
-        u3=(int)t>>8L; \
-        u1=(int)t&0xfc; \
-        u3&=0xfc; \
-        LL^= *(const DES_LONG *)(des_SP+0x500+u1); \
-        LL^= *(const DES_LONG *)(des_SP+0x700+u3); }
-#   endif
-#   ifdef DES_RISC2
-#    define D_ENCRYPT(LL,R,S) { \
-        unsigned int u1,u2,s1,s2; \
-        LOAD_DATA(R,S,u,t,E0,E1,u1); \
-        u2=(int)u>>8L; \
-        u1=(int)u&0xfc; \
-        u2&=0xfc; \
-        t=ROTATE(t,4); \
-        LL^= *(const DES_LONG *)(des_SP      +u1); \
-        LL^= *(const DES_LONG *)(des_SP+0x200+u2); \
-        s1=(int)(u>>16L); \
-        s2=(int)(u>>24L); \
-        s1&=0xfc; \
-        s2&=0xfc; \
-        LL^= *(const DES_LONG *)(des_SP+0x400+s1); \
-        LL^= *(const DES_LONG *)(des_SP+0x600+s2); \
-        u2=(int)t>>8L; \
-        u1=(int)t&0xfc; \
-        u2&=0xfc; \
-        LL^= *(const DES_LONG *)(des_SP+0x100+u1); \
-        LL^= *(const DES_LONG *)(des_SP+0x300+u2); \
-        s1=(int)(t>>16L); \
-        s2=(int)(t>>24L); \
-        s1&=0xfc; \
-        s2&=0xfc; \
-        LL^= *(const DES_LONG *)(des_SP+0x500+s1); \
-        LL^= *(const DES_LONG *)(des_SP+0x700+s2); }
-#   endif
-#  else
-#   define D_ENCRYPT(LL,R,S) { \
+# define D_ENCRYPT(LL,R,S) { \
         LOAD_DATA_tmp(R,S,u,t,E0,E1); \
         t=ROTATE(t,4); \
         LL^= \
-        *(const DES_LONG *)(des_SP      +((u     )&0xfc))^ \
-        *(const DES_LONG *)(des_SP+0x200+((u>> 8L)&0xfc))^ \
-        *(const DES_LONG *)(des_SP+0x400+((u>>16L)&0xfc))^ \
-        *(const DES_LONG *)(des_SP+0x600+((u>>24L)&0xfc))^ \
-        *(const DES_LONG *)(des_SP+0x100+((t     )&0xfc))^ \
-        *(const DES_LONG *)(des_SP+0x300+((t>> 8L)&0xfc))^ \
-        *(const DES_LONG *)(des_SP+0x500+((t>>16L)&0xfc))^ \
-        *(const DES_LONG *)(des_SP+0x700+((t>>24L)&0xfc)); }
-#  endif
-
-# else                          /* original version */
-
-#  if defined(DES_RISC1) || defined(DES_RISC2)
-#   ifdef DES_RISC1
-#    define D_ENCRYPT(LL,R,S) {\
-        unsigned int u1,u2,u3; \
-        LOAD_DATA(R,S,u,t,E0,E1,u1); \
-        u>>=2L; \
-        t=ROTATE(t,6); \
-        u2=(int)u>>8L; \
-        u1=(int)u&0x3f; \
-        u2&=0x3f; \
-        u>>=16L; \
-        LL^=DES_SPtrans[0][u1]; \
-        LL^=DES_SPtrans[2][u2]; \
-        u3=(int)u>>8L; \
-        u1=(int)u&0x3f; \
-        u3&=0x3f; \
-        LL^=DES_SPtrans[4][u1]; \
-        LL^=DES_SPtrans[6][u3]; \
-        u2=(int)t>>8L; \
-        u1=(int)t&0x3f; \
-        u2&=0x3f; \
-        t>>=16L; \
-        LL^=DES_SPtrans[1][u1]; \
-        LL^=DES_SPtrans[3][u2]; \
-        u3=(int)t>>8L; \
-        u1=(int)t&0x3f; \
-        u3&=0x3f; \
-        LL^=DES_SPtrans[5][u1]; \
-        LL^=DES_SPtrans[7][u3]; }
-#   endif
-#   ifdef DES_RISC2
-#    define D_ENCRYPT(LL,R,S) {\
-        unsigned int u1,u2,s1,s2; \
-        LOAD_DATA(R,S,u,t,E0,E1,u1); \
-        u>>=2L; \
-        t=ROTATE(t,6); \
-        u2=(int)u>>8L; \
-        u1=(int)u&0x3f; \
-        u2&=0x3f; \
-        LL^=DES_SPtrans[0][u1]; \
-        LL^=DES_SPtrans[2][u2]; \
-        s1=(int)u>>16L; \
-        s2=(int)u>>24L; \
-        s1&=0x3f; \
-        s2&=0x3f; \
-        LL^=DES_SPtrans[4][s1]; \
-        LL^=DES_SPtrans[6][s2]; \
-        u2=(int)t>>8L; \
-        u1=(int)t&0x3f; \
-        u2&=0x3f; \
-        LL^=DES_SPtrans[1][u1]; \
-        LL^=DES_SPtrans[3][u2]; \
-        s1=(int)t>>16; \
-        s2=(int)t>>24L; \
-        s1&=0x3f; \
-        s2&=0x3f; \
-        LL^=DES_SPtrans[5][s1]; \
-        LL^=DES_SPtrans[7][s2]; }
-#   endif
-
-#  else
-
-#   define D_ENCRYPT(LL,R,S) {\
-        LOAD_DATA_tmp(R,S,u,t,E0,E1); \
-        t=ROTATE(t,4); \
-        LL^=\
-                DES_SPtrans[0][(u>> 2L)&0x3f]^ \
-                DES_SPtrans[2][(u>>10L)&0x3f]^ \
-                DES_SPtrans[4][(u>>18L)&0x3f]^ \
-                DES_SPtrans[6][(u>>26L)&0x3f]^ \
-                DES_SPtrans[1][(t>> 2L)&0x3f]^ \
-                DES_SPtrans[3][(t>>10L)&0x3f]^ \
-                DES_SPtrans[5][(t>>18L)&0x3f]^ \
-                DES_SPtrans[7][(t>>26L)&0x3f]; }
-#  endif
-# endif
+            DES_SPtrans[0][(u>> 2L)&0x3f]^ \
+            DES_SPtrans[2][(u>>10L)&0x3f]^ \
+            DES_SPtrans[4][(u>>18L)&0x3f]^ \
+            DES_SPtrans[6][(u>>26L)&0x3f]^ \
+            DES_SPtrans[1][(t>> 2L)&0x3f]^ \
+            DES_SPtrans[3][(t>>10L)&0x3f]^ \
+            DES_SPtrans[5][(t>>18L)&0x3f]^ \
+            DES_SPtrans[7][(t>>26L)&0x3f]; }
 
         /*-
          * IP and FP
@@ -437,7 +223,4 @@ extern const DES_LONG DES_SPtrans[8][64];
 void fcrypt_body(DES_LONG *out, DES_key_schedule *ks,
                  DES_LONG Eswap0, DES_LONG Eswap1);
 
-# ifdef OPENSSL_SMALL_FOOTPRINT
-#  undef DES_UNROLL
-# endif
 #endif
diff --git a/freebsd/crypto/openssl/crypto/des/des_old.h b/freebsd/crypto/openssl/crypto/des/des_old.h
deleted file mode 100644
index ee7607a2..00000000
--- a/freebsd/crypto/openssl/crypto/des/des_old.h
+++ /dev/null
@@ -1,497 +0,0 @@
-/* crypto/des/des_old.h */
-
-/*-
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- *
- * The function names in here are deprecated and are only present to
- * provide an interface compatible with openssl 0.9.6 and older as
- * well as libdes.  OpenSSL now provides functions where "des_" has
- * been replaced with "DES_" in the names, to make it possible to
- * make incompatible changes that are needed for C type security and
- * other stuff.
- *
- * This include files has two compatibility modes:
- *
- *   - If OPENSSL_DES_LIBDES_COMPATIBILITY is defined, you get an API
- *     that is compatible with libdes and SSLeay.
- *   - If OPENSSL_DES_LIBDES_COMPATIBILITY isn't defined, you get an
- *     API that is compatible with OpenSSL 0.9.5x to 0.9.6x.
- *
- * Note that these modes break earlier snapshots of OpenSSL, where
- * libdes compatibility was the only available mode or (later on) the
- * prefered compatibility mode.  However, after much consideration
- * (and more or less violent discussions with external parties), it
- * was concluded that OpenSSL should be compatible with earlier versions
- * of itself before anything else.  Also, in all honesty, libdes is
- * an old beast that shouldn't really be used any more.
- *
- * Please consider starting to use the DES_ functions rather than the
- * des_ ones.  The des_ functions will disappear completely before
- * OpenSSL 1.0!
- *
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- */
-
-/*
- * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
- * 2001.
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_DES_H
-# define HEADER_DES_H
-
-# include <openssl/e_os2.h>     /* OPENSSL_EXTERN, OPENSSL_NO_DES, DES_LONG */
-
-# ifdef OPENSSL_NO_DES
-#  error DES is disabled.
-# endif
-
-# ifndef HEADER_NEW_DES_H
-#  error You must include des.h, not des_old.h directly.
-# endif
-
-# ifdef _KERBEROS_DES_H
-#  error <openssl/des_old.h> replaces <kerberos/des.h>.
-# endif
-
-# include <openssl/symhacks.h>
-
-# ifdef OPENSSL_BUILD_SHLIBCRYPTO
-#  undef OPENSSL_EXTERN
-#  define OPENSSL_EXTERN OPENSSL_EXPORT
-# endif
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-# ifdef _
-#  undef _
-# endif
-
-typedef unsigned char _ossl_old_des_cblock[8];
-typedef struct _ossl_old_des_ks_struct {
-    union {
-        _ossl_old_des_cblock _;
-        /*
-         * make sure things are correct size on machines with 8 byte longs
-         */
-        DES_LONG pad[2];
-    } ks;
-} _ossl_old_des_key_schedule[16];
-
-# ifndef OPENSSL_DES_LIBDES_COMPATIBILITY
-#  define des_cblock DES_cblock
-#  define const_des_cblock const_DES_cblock
-#  define des_key_schedule DES_key_schedule
-#  define des_ecb3_encrypt(i,o,k1,k2,k3,e)\
-        DES_ecb3_encrypt((i),(o),&(k1),&(k2),&(k3),(e))
-#  define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\
-        DES_ede3_cbc_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(e))
-#  define des_ede3_cbcm_encrypt(i,o,l,k1,k2,k3,iv1,iv2,e)\
-        DES_ede3_cbcm_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv1),(iv2),(e))
-#  define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\
-        DES_ede3_cfb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n),(e))
-#  define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\
-        DES_ede3_ofb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n))
-#  define des_options()\
-        DES_options()
-#  define des_cbc_cksum(i,o,l,k,iv)\
-        DES_cbc_cksum((i),(o),(l),&(k),(iv))
-#  define des_cbc_encrypt(i,o,l,k,iv,e)\
-        DES_cbc_encrypt((i),(o),(l),&(k),(iv),(e))
-#  define des_ncbc_encrypt(i,o,l,k,iv,e)\
-        DES_ncbc_encrypt((i),(o),(l),&(k),(iv),(e))
-#  define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\
-        DES_xcbc_encrypt((i),(o),(l),&(k),(iv),(inw),(outw),(e))
-#  define des_cfb_encrypt(i,o,n,l,k,iv,e)\
-        DES_cfb_encrypt((i),(o),(n),(l),&(k),(iv),(e))
-#  define des_ecb_encrypt(i,o,k,e)\
-        DES_ecb_encrypt((i),(o),&(k),(e))
-#  define des_encrypt1(d,k,e)\
-        DES_encrypt1((d),&(k),(e))
-#  define des_encrypt2(d,k,e)\
-        DES_encrypt2((d),&(k),(e))
-#  define des_encrypt3(d,k1,k2,k3)\
-        DES_encrypt3((d),&(k1),&(k2),&(k3))
-#  define des_decrypt3(d,k1,k2,k3)\
-        DES_decrypt3((d),&(k1),&(k2),&(k3))
-#  define des_xwhite_in2out(k,i,o)\
-        DES_xwhite_in2out((k),(i),(o))
-#  define des_enc_read(f,b,l,k,iv)\
-        DES_enc_read((f),(b),(l),&(k),(iv))
-#  define des_enc_write(f,b,l,k,iv)\
-        DES_enc_write((f),(b),(l),&(k),(iv))
-#  define des_fcrypt(b,s,r)\
-        DES_fcrypt((b),(s),(r))
-#  if 0
-#   define des_crypt(b,s)\
-        DES_crypt((b),(s))
-#   if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) && !defined(__OpenBSD__)
-#    define crypt(b,s)\
-        DES_crypt((b),(s))
-#   endif
-#  endif
-#  define des_ofb_encrypt(i,o,n,l,k,iv)\
-        DES_ofb_encrypt((i),(o),(n),(l),&(k),(iv))
-#  define des_pcbc_encrypt(i,o,l,k,iv,e)\
-        DES_pcbc_encrypt((i),(o),(l),&(k),(iv),(e))
-#  define des_quad_cksum(i,o,l,c,s)\
-        DES_quad_cksum((i),(o),(l),(c),(s))
-#  define des_random_seed(k)\
-        _ossl_096_des_random_seed((k))
-#  define des_random_key(r)\
-        DES_random_key((r))
-#  define des_read_password(k,p,v) \
-        DES_read_password((k),(p),(v))
-#  define des_read_2passwords(k1,k2,p,v) \
-        DES_read_2passwords((k1),(k2),(p),(v))
-#  define des_set_odd_parity(k)\
-        DES_set_odd_parity((k))
-#  define des_check_key_parity(k)\
-        DES_check_key_parity((k))
-#  define des_is_weak_key(k)\
-        DES_is_weak_key((k))
-#  define des_set_key(k,ks)\
-        DES_set_key((k),&(ks))
-#  define des_key_sched(k,ks)\
-        DES_key_sched((k),&(ks))
-#  define des_set_key_checked(k,ks)\
-        DES_set_key_checked((k),&(ks))
-#  define des_set_key_unchecked(k,ks)\
-        DES_set_key_unchecked((k),&(ks))
-#  define des_string_to_key(s,k)\
-        DES_string_to_key((s),(k))
-#  define des_string_to_2keys(s,k1,k2)\
-        DES_string_to_2keys((s),(k1),(k2))
-#  define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\
-        DES_cfb64_encrypt((i),(o),(l),&(ks),(iv),(n),(e))
-#  define des_ofb64_encrypt(i,o,l,ks,iv,n)\
-        DES_ofb64_encrypt((i),(o),(l),&(ks),(iv),(n))
-
-#  define des_ecb2_encrypt(i,o,k1,k2,e) \
-        des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
-
-#  define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
-        des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
-
-#  define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
-        des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
-
-#  define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
-        des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
-
-#  define des_check_key DES_check_key
-#  define des_rw_mode DES_rw_mode
-# else                          /* libdes compatibility */
-/*
- * Map all symbol names to _ossl_old_des_* form, so we avoid all clashes with
- * libdes
- */
-#  define des_cblock _ossl_old_des_cblock
-#  define des_key_schedule _ossl_old_des_key_schedule
-#  define des_ecb3_encrypt(i,o,k1,k2,k3,e)\
-        _ossl_old_des_ecb3_encrypt((i),(o),(k1),(k2),(k3),(e))
-#  define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\
-        _ossl_old_des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(e))
-#  define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\
-        _ossl_old_des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n),(e))
-#  define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\
-        _ossl_old_des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n))
-#  define des_options()\
-        _ossl_old_des_options()
-#  define des_cbc_cksum(i,o,l,k,iv)\
-        _ossl_old_des_cbc_cksum((i),(o),(l),(k),(iv))
-#  define des_cbc_encrypt(i,o,l,k,iv,e)\
-        _ossl_old_des_cbc_encrypt((i),(o),(l),(k),(iv),(e))
-#  define des_ncbc_encrypt(i,o,l,k,iv,e)\
-        _ossl_old_des_ncbc_encrypt((i),(o),(l),(k),(iv),(e))
-#  define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\
-        _ossl_old_des_xcbc_encrypt((i),(o),(l),(k),(iv),(inw),(outw),(e))
-#  define des_cfb_encrypt(i,o,n,l,k,iv,e)\
-        _ossl_old_des_cfb_encrypt((i),(o),(n),(l),(k),(iv),(e))
-#  define des_ecb_encrypt(i,o,k,e)\
-        _ossl_old_des_ecb_encrypt((i),(o),(k),(e))
-#  define des_encrypt(d,k,e)\
-        _ossl_old_des_encrypt((d),(k),(e))
-#  define des_encrypt2(d,k,e)\
-        _ossl_old_des_encrypt2((d),(k),(e))
-#  define des_encrypt3(d,k1,k2,k3)\
-        _ossl_old_des_encrypt3((d),(k1),(k2),(k3))
-#  define des_decrypt3(d,k1,k2,k3)\
-        _ossl_old_des_decrypt3((d),(k1),(k2),(k3))
-#  define des_xwhite_in2out(k,i,o)\
-        _ossl_old_des_xwhite_in2out((k),(i),(o))
-#  define des_enc_read(f,b,l,k,iv)\
-        _ossl_old_des_enc_read((f),(b),(l),(k),(iv))
-#  define des_enc_write(f,b,l,k,iv)\
-        _ossl_old_des_enc_write((f),(b),(l),(k),(iv))
-#  define des_fcrypt(b,s,r)\
-        _ossl_old_des_fcrypt((b),(s),(r))
-#  define des_crypt(b,s)\
-        _ossl_old_des_crypt((b),(s))
-#  if 0
-#   define crypt(b,s)\
-        _ossl_old_crypt((b),(s))
-#  endif
-#  define des_ofb_encrypt(i,o,n,l,k,iv)\
-        _ossl_old_des_ofb_encrypt((i),(o),(n),(l),(k),(iv))
-#  define des_pcbc_encrypt(i,o,l,k,iv,e)\
-        _ossl_old_des_pcbc_encrypt((i),(o),(l),(k),(iv),(e))
-#  define des_quad_cksum(i,o,l,c,s)\
-        _ossl_old_des_quad_cksum((i),(o),(l),(c),(s))
-#  define des_random_seed(k)\
-        _ossl_old_des_random_seed((k))
-#  define des_random_key(r)\
-        _ossl_old_des_random_key((r))
-#  define des_read_password(k,p,v) \
-        _ossl_old_des_read_password((k),(p),(v))
-#  define des_read_2passwords(k1,k2,p,v) \
-        _ossl_old_des_read_2passwords((k1),(k2),(p),(v))
-#  define des_set_odd_parity(k)\
-        _ossl_old_des_set_odd_parity((k))
-#  define des_is_weak_key(k)\
-        _ossl_old_des_is_weak_key((k))
-#  define des_set_key(k,ks)\
-        _ossl_old_des_set_key((k),(ks))
-#  define des_key_sched(k,ks)\
-        _ossl_old_des_key_sched((k),(ks))
-#  define des_string_to_key(s,k)\
-        _ossl_old_des_string_to_key((s),(k))
-#  define des_string_to_2keys(s,k1,k2)\
-        _ossl_old_des_string_to_2keys((s),(k1),(k2))
-#  define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\
-        _ossl_old_des_cfb64_encrypt((i),(o),(l),(ks),(iv),(n),(e))
-#  define des_ofb64_encrypt(i,o,l,ks,iv,n)\
-        _ossl_old_des_ofb64_encrypt((i),(o),(l),(ks),(iv),(n))
-
-#  define des_ecb2_encrypt(i,o,k1,k2,e) \
-        des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
-
-#  define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
-        des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
-
-#  define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
-        des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
-
-#  define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
-        des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
-
-#  define des_check_key DES_check_key
-#  define des_rw_mode DES_rw_mode
-# endif
-
-const char *_ossl_old_des_options(void);
-void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input,
-                                _ossl_old_des_cblock *output,
-                                _ossl_old_des_key_schedule ks1,
-                                _ossl_old_des_key_schedule ks2,
-                                _ossl_old_des_key_schedule ks3, int enc);
-DES_LONG _ossl_old_des_cbc_cksum(_ossl_old_des_cblock *input,
-                                 _ossl_old_des_cblock *output, long length,
-                                 _ossl_old_des_key_schedule schedule,
-                                 _ossl_old_des_cblock *ivec);
-void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock *input,
-                               _ossl_old_des_cblock *output, long length,
-                               _ossl_old_des_key_schedule schedule,
-                               _ossl_old_des_cblock *ivec, int enc);
-void _ossl_old_des_ncbc_encrypt(_ossl_old_des_cblock *input,
-                                _ossl_old_des_cblock *output, long length,
-                                _ossl_old_des_key_schedule schedule,
-                                _ossl_old_des_cblock *ivec, int enc);
-void _ossl_old_des_xcbc_encrypt(_ossl_old_des_cblock *input,
-                                _ossl_old_des_cblock *output, long length,
-                                _ossl_old_des_key_schedule schedule,
-                                _ossl_old_des_cblock *ivec,
-                                _ossl_old_des_cblock *inw,
-                                _ossl_old_des_cblock *outw, int enc);
-void _ossl_old_des_cfb_encrypt(unsigned char *in, unsigned char *out,
-                               int numbits, long length,
-                               _ossl_old_des_key_schedule schedule,
-                               _ossl_old_des_cblock *ivec, int enc);
-void _ossl_old_des_ecb_encrypt(_ossl_old_des_cblock *input,
-                               _ossl_old_des_cblock *output,
-                               _ossl_old_des_key_schedule ks, int enc);
-void _ossl_old_des_encrypt(DES_LONG *data, _ossl_old_des_key_schedule ks,
-                           int enc);
-void _ossl_old_des_encrypt2(DES_LONG *data, _ossl_old_des_key_schedule ks,
-                            int enc);
-void _ossl_old_des_encrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1,
-                            _ossl_old_des_key_schedule ks2,
-                            _ossl_old_des_key_schedule ks3);
-void _ossl_old_des_decrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1,
-                            _ossl_old_des_key_schedule ks2,
-                            _ossl_old_des_key_schedule ks3);
-void _ossl_old_des_ede3_cbc_encrypt(_ossl_old_des_cblock *input,
-                                    _ossl_old_des_cblock *output, long length,
-                                    _ossl_old_des_key_schedule ks1,
-                                    _ossl_old_des_key_schedule ks2,
-                                    _ossl_old_des_key_schedule ks3,
-                                    _ossl_old_des_cblock *ivec, int enc);
-void _ossl_old_des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out,
-                                      long length,
-                                      _ossl_old_des_key_schedule ks1,
-                                      _ossl_old_des_key_schedule ks2,
-                                      _ossl_old_des_key_schedule ks3,
-                                      _ossl_old_des_cblock *ivec, int *num,
-                                      int enc);
-void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out,
-                                      long length,
-                                      _ossl_old_des_key_schedule ks1,
-                                      _ossl_old_des_key_schedule ks2,
-                                      _ossl_old_des_key_schedule ks3,
-                                      _ossl_old_des_cblock *ivec, int *num);
-# if 0
-void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key),
-                                 _ossl_old_des_cblock (*in_white),
-                                 _ossl_old_des_cblock (*out_white));
-# endif
-
-int _ossl_old_des_enc_read(int fd, char *buf, int len,
-                           _ossl_old_des_key_schedule sched,
-                           _ossl_old_des_cblock *iv);
-int _ossl_old_des_enc_write(int fd, char *buf, int len,
-                            _ossl_old_des_key_schedule sched,
-                            _ossl_old_des_cblock *iv);
-char *_ossl_old_des_fcrypt(const char *buf, const char *salt, char *ret);
-char *_ossl_old_des_crypt(const char *buf, const char *salt);
-# if !defined(PERL5) && !defined(NeXT)
-char *_ossl_old_crypt(const char *buf, const char *salt);
-# endif
-void _ossl_old_des_ofb_encrypt(unsigned char *in, unsigned char *out,
-                               int numbits, long length,
-                               _ossl_old_des_key_schedule schedule,
-                               _ossl_old_des_cblock *ivec);
-void _ossl_old_des_pcbc_encrypt(_ossl_old_des_cblock *input,
-                                _ossl_old_des_cblock *output, long length,
-                                _ossl_old_des_key_schedule schedule,
-                                _ossl_old_des_cblock *ivec, int enc);
-DES_LONG _ossl_old_des_quad_cksum(_ossl_old_des_cblock *input,
-                                  _ossl_old_des_cblock *output, long length,
-                                  int out_count, _ossl_old_des_cblock *seed);
-void _ossl_old_des_random_seed(_ossl_old_des_cblock key);
-void _ossl_old_des_random_key(_ossl_old_des_cblock ret);
-int _ossl_old_des_read_password(_ossl_old_des_cblock *key, const char *prompt,
-                                int verify);
-int _ossl_old_des_read_2passwords(_ossl_old_des_cblock *key1,
-                                  _ossl_old_des_cblock *key2,
-                                  const char *prompt, int verify);
-void _ossl_old_des_set_odd_parity(_ossl_old_des_cblock *key);
-int _ossl_old_des_is_weak_key(_ossl_old_des_cblock *key);
-int _ossl_old_des_set_key(_ossl_old_des_cblock *key,
-                          _ossl_old_des_key_schedule schedule);
-int _ossl_old_des_key_sched(_ossl_old_des_cblock *key,
-                            _ossl_old_des_key_schedule schedule);
-void _ossl_old_des_string_to_key(char *str, _ossl_old_des_cblock *key);
-void _ossl_old_des_string_to_2keys(char *str, _ossl_old_des_cblock *key1,
-                                   _ossl_old_des_cblock *key2);
-void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out,
-                                 long length,
-                                 _ossl_old_des_key_schedule schedule,
-                                 _ossl_old_des_cblock *ivec, int *num,
-                                 int enc);
-void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out,
-                                 long length,
-                                 _ossl_old_des_key_schedule schedule,
-                                 _ossl_old_des_cblock *ivec, int *num);
-
-void _ossl_096_des_random_seed(des_cblock *key);
-
-/*
- * The following definitions provide compatibility with the MIT Kerberos
- * library. The _ossl_old_des_key_schedule structure is not binary
- * compatible.
- */
-
-# define _KERBEROS_DES_H
-
-# define KRBDES_ENCRYPT DES_ENCRYPT
-# define KRBDES_DECRYPT DES_DECRYPT
-
-# ifdef KERBEROS
-#  define ENCRYPT DES_ENCRYPT
-#  define DECRYPT DES_DECRYPT
-# endif
-
-# ifndef NCOMPAT
-#  define C_Block des_cblock
-#  define Key_schedule des_key_schedule
-#  define KEY_SZ DES_KEY_SZ
-#  define string_to_key des_string_to_key
-#  define read_pw_string des_read_pw_string
-#  define random_key des_random_key
-#  define pcbc_encrypt des_pcbc_encrypt
-#  define set_key des_set_key
-#  define key_sched des_key_sched
-#  define ecb_encrypt des_ecb_encrypt
-#  define cbc_encrypt des_cbc_encrypt
-#  define ncbc_encrypt des_ncbc_encrypt
-#  define xcbc_encrypt des_xcbc_encrypt
-#  define cbc_cksum des_cbc_cksum
-#  define quad_cksum des_quad_cksum
-#  define check_parity des_check_key_parity
-# endif
-
-# define des_fixup_key_parity DES_fixup_key_parity
-
-#ifdef  __cplusplus
-}
-#endif
-
-/* for DES_read_pw_string et al */
-# include <openssl/ui_compat.h>
-
-#endif
diff --git a/freebsd/crypto/openssl/crypto/des/des_old2.c b/freebsd/crypto/openssl/crypto/des/des_old2.c
deleted file mode 100644
index 394073d3..00000000
--- a/freebsd/crypto/openssl/crypto/des/des_old2.c
+++ /dev/null
@@ -1,82 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/des/des_old.c */
-
-/*
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING The
- * function names in here are deprecated and are only present to provide an
- * interface compatible with OpenSSL 0.9.6c.  OpenSSL now provides functions
- * where "des_" has been replaced with "DES_" in the names, to make it
- * possible to make incompatible changes that are needed for C type security
- * and other stuff. Please consider starting to use the DES_ functions
- * rather than the des_ ones.  The des_ functions will dissapear completely
- * before OpenSSL 1.0! WARNING WARNING WARNING WARNING WARNING WARNING
- * WARNING WARNING
- */
-
-/*
- * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
- * 2001.
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#undef OPENSSL_DES_LIBDES_COMPATIBILITY
-#include <openssl/des.h>
-#include <openssl/rand.h>
-
-void _ossl_096_des_random_seed(DES_cblock *key)
-{
-    RAND_seed(key, sizeof(DES_cblock));
-}
diff --git a/freebsd/crypto/openssl/crypto/des/des_ver.h b/freebsd/crypto/openssl/crypto/des/des_ver.h
deleted file mode 100644
index 276de2b6..00000000
--- a/freebsd/crypto/openssl/crypto/des/des_ver.h
+++ /dev/null
@@ -1,73 +0,0 @@
-/* crypto/des/des_ver.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/e_os2.h>
-
-#ifdef OPENSSL_BUILD_SHLIBCRYPTO
-# undef OPENSSL_EXTERN
-# define OPENSSL_EXTERN OPENSSL_EXPORT
-#endif
-
-/* The following macros make sure the names are different from libdes names */
-#define DES_version OSSL_DES_version
-#define libdes_version OSSL_libdes_version
-
-/* SSLeay version string */
-OPENSSL_EXTERN const char OSSL_DES_version[];
-/* old libdes version string */
-OPENSSL_EXTERN const char OSSL_libdes_version[];
diff --git a/freebsd/crypto/openssl/crypto/des/ecb3_enc.c b/freebsd/crypto/openssl/crypto/des/ecb3_enc.c
index db0a9e8a..fc23ad3e 100644
--- a/freebsd/crypto/openssl/crypto/des/ecb3_enc.c
+++ b/freebsd/crypto/openssl/crypto/des/ecb3_enc.c
@@ -1,61 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/des/ecb3_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include "des_locl.h"
diff --git a/freebsd/crypto/openssl/crypto/des/ecb_enc.c b/freebsd/crypto/openssl/crypto/des/ecb_enc.c
index 08d266d3..d00e67df 100644
--- a/freebsd/crypto/openssl/crypto/des/ecb_enc.c
+++ b/freebsd/crypto/openssl/crypto/des/ecb_enc.c
@@ -1,108 +1,32 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/des/ecb_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include "des_locl.h"
-#include "des_ver.h"
 #include <openssl/opensslv.h>
 #include <openssl/bio.h>
 
-OPENSSL_GLOBAL const char libdes_version[] = "libdes" OPENSSL_VERSION_PTEXT;
-OPENSSL_GLOBAL const char DES_version[] = "DES" OPENSSL_VERSION_PTEXT;
 
 const char *DES_options(void)
 {
     static int init = 1;
-    static char buf[32];
+    static char buf[12];
 
     if (init) {
-        const char *ptr, *unroll, *risc, *size;
-
-#ifdef DES_PTR
-        ptr = "ptr";
-#else
-        ptr = "idx";
-#endif
-#if defined(DES_RISC1) || defined(DES_RISC2)
-# ifdef DES_RISC1
-        risc = "risc1";
-# endif
-# ifdef DES_RISC2
-        risc = "risc2";
-# endif
-#else
-        risc = "cisc";
-#endif
-#ifdef DES_UNROLL
-        unroll = "16";
-#else
-        unroll = "2";
-#endif
         if (sizeof(DES_LONG) != sizeof(long))
-            size = "int";
+            OPENSSL_strlcpy(buf, "des(int)", sizeof(buf));
         else
-            size = "long";
-        BIO_snprintf(buf, sizeof(buf), "des(%s,%s,%s,%s)", ptr, risc, unroll,
-                     size);
+            OPENSSL_strlcpy(buf, "des(long)", sizeof(buf));
         init = 0;
     }
-    return (buf);
+    return buf;
 }
 
 void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output,
diff --git a/freebsd/crypto/openssl/crypto/des/ede_cbcm_enc.c b/freebsd/crypto/openssl/crypto/des/ede_cbcm_enc.c
deleted file mode 100644
index 1b6044c6..00000000
--- a/freebsd/crypto/openssl/crypto/des/ede_cbcm_enc.c
+++ /dev/null
@@ -1,191 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* ede_cbcm_enc.c */
-/*
- * Written by Ben Laurie <ben@algroup.co.uk> for the OpenSSL project 13 Feb
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/*
- *
- * This is an implementation of Triple DES Cipher Block Chaining with Output
- * Feedback Masking, by Coppersmith, Johnson and Matyas, (IBM and Certicom).
- *
- * Note that there is a known attack on this by Biham and Knudsen but it
- * takes a lot of work:
- *
- * http://www.cs.technion.ac.il/users/wwwb/cgi-bin/tr-get.cgi/1998/CS/CS0928.ps.gz
- *
- */
-
-#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_DESCBCM is defined */
-
-#ifndef OPENSSL_NO_DESCBCM
-# include "des_locl.h"
-
-void DES_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out,
-                           long length, DES_key_schedule *ks1,
-                           DES_key_schedule *ks2, DES_key_schedule *ks3,
-                           DES_cblock *ivec1, DES_cblock *ivec2, int enc)
-{
-    register DES_LONG tin0, tin1;
-    register DES_LONG tout0, tout1, xor0, xor1, m0, m1;
-    register long l = length;
-    DES_LONG tin[2];
-    unsigned char *iv1, *iv2;
-
-    iv1 = &(*ivec1)[0];
-    iv2 = &(*ivec2)[0];
-
-    if (enc) {
-        c2l(iv1, m0);
-        c2l(iv1, m1);
-        c2l(iv2, tout0);
-        c2l(iv2, tout1);
-        for (l -= 8; l >= -7; l -= 8) {
-            tin[0] = m0;
-            tin[1] = m1;
-            DES_encrypt1(tin, ks3, 1);
-            m0 = tin[0];
-            m1 = tin[1];
-
-            if (l < 0) {
-                c2ln(in, tin0, tin1, l + 8);
-            } else {
-                c2l(in, tin0);
-                c2l(in, tin1);
-            }
-            tin0 ^= tout0;
-            tin1 ^= tout1;
-
-            tin[0] = tin0;
-            tin[1] = tin1;
-            DES_encrypt1(tin, ks1, 1);
-            tin[0] ^= m0;
-            tin[1] ^= m1;
-            DES_encrypt1(tin, ks2, 0);
-            tin[0] ^= m0;
-            tin[1] ^= m1;
-            DES_encrypt1(tin, ks1, 1);
-            tout0 = tin[0];
-            tout1 = tin[1];
-
-            l2c(tout0, out);
-            l2c(tout1, out);
-        }
-        iv1 = &(*ivec1)[0];
-        l2c(m0, iv1);
-        l2c(m1, iv1);
-
-        iv2 = &(*ivec2)[0];
-        l2c(tout0, iv2);
-        l2c(tout1, iv2);
-    } else {
-        register DES_LONG t0, t1;
-
-        c2l(iv1, m0);
-        c2l(iv1, m1);
-        c2l(iv2, xor0);
-        c2l(iv2, xor1);
-        for (l -= 8; l >= -7; l -= 8) {
-            tin[0] = m0;
-            tin[1] = m1;
-            DES_encrypt1(tin, ks3, 1);
-            m0 = tin[0];
-            m1 = tin[1];
-
-            c2l(in, tin0);
-            c2l(in, tin1);
-
-            t0 = tin0;
-            t1 = tin1;
-
-            tin[0] = tin0;
-            tin[1] = tin1;
-            DES_encrypt1(tin, ks1, 0);
-            tin[0] ^= m0;
-            tin[1] ^= m1;
-            DES_encrypt1(tin, ks2, 1);
-            tin[0] ^= m0;
-            tin[1] ^= m1;
-            DES_encrypt1(tin, ks1, 0);
-            tout0 = tin[0];
-            tout1 = tin[1];
-
-            tout0 ^= xor0;
-            tout1 ^= xor1;
-            if (l < 0) {
-                l2cn(tout0, tout1, out, l + 8);
-            } else {
-                l2c(tout0, out);
-                l2c(tout1, out);
-            }
-            xor0 = t0;
-            xor1 = t1;
-        }
-
-        iv1 = &(*ivec1)[0];
-        l2c(m0, iv1);
-        l2c(m1, iv1);
-
-        iv2 = &(*ivec2)[0];
-        l2c(xor0, iv2);
-        l2c(xor1, iv2);
-    }
-    tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
-    tin[0] = tin[1] = 0;
-}
-#endif
diff --git a/freebsd/crypto/openssl/crypto/des/enc_read.c b/freebsd/crypto/openssl/crypto/des/enc_read.c
deleted file mode 100644
index 70a05d39..00000000
--- a/freebsd/crypto/openssl/crypto/des/enc_read.c
+++ /dev/null
@@ -1,237 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/des/enc_read.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include "cryptlib.h"
-#include "des_locl.h"
-
-/* This has some uglies in it but it works - even over sockets. */
-/*
- * extern int errno;
- */
-OPENSSL_IMPLEMENT_GLOBAL(int, DES_rw_mode, DES_PCBC_MODE)
-
-/*-
- * WARNINGS:
- *
- *  -  The data format used by DES_enc_write() and DES_enc_read()
- *     has a cryptographic weakness: When asked to write more
- *     than MAXWRITE bytes, DES_enc_write will split the data
- *     into several chunks that are all encrypted
- *     using the same IV.  So don't use these functions unless you
- *     are sure you know what you do (in which case you might
- *     not want to use them anyway).
- *
- *  -  This code cannot handle non-blocking sockets.
- *
- *  -  This function uses an internal state and thus cannot be
- *     used on multiple files.
- */
-int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched,
-                 DES_cblock *iv)
-{
-#if defined(OPENSSL_NO_POSIX_IO)
-    return (0);
-#else
-    /* data to be unencrypted */
-    int net_num = 0;
-    static unsigned char *net = NULL;
-    /*
-     * extra unencrypted data for when a block of 100 comes in but is
-     * des_read one byte at a time.
-     */
-    static unsigned char *unnet = NULL;
-    static int unnet_start = 0;
-    static int unnet_left = 0;
-    static unsigned char *tmpbuf = NULL;
-    int i;
-    long num = 0, rnum;
-    unsigned char *p;
-
-    if (tmpbuf == NULL) {
-        tmpbuf = OPENSSL_malloc(BSIZE);
-        if (tmpbuf == NULL)
-            return (-1);
-    }
-    if (net == NULL) {
-        net = OPENSSL_malloc(BSIZE);
-        if (net == NULL)
-            return (-1);
-    }
-    if (unnet == NULL) {
-        unnet = OPENSSL_malloc(BSIZE);
-        if (unnet == NULL)
-            return (-1);
-    }
-    /* left over data from last decrypt */
-    if (unnet_left != 0) {
-        if (unnet_left < len) {
-            /*
-             * we still still need more data but will return with the number
-             * of bytes we have - should always check the return value
-             */
-            memcpy(buf, &(unnet[unnet_start]), unnet_left);
-            /*
-             * eay 26/08/92 I had the next 2 lines reversed :-(
-             */
-            i = unnet_left;
-            unnet_start = unnet_left = 0;
-        } else {
-            memcpy(buf, &(unnet[unnet_start]), len);
-            unnet_start += len;
-            unnet_left -= len;
-            i = len;
-        }
-        return (i);
-    }
-
-    /* We need to get more data. */
-    if (len > MAXWRITE)
-        len = MAXWRITE;
-
-    /* first - get the length */
-    while (net_num < HDRSIZE) {
-# ifndef OPENSSL_SYS_WIN32
-        i = read(fd, (void *)&(net[net_num]), HDRSIZE - net_num);
-# else
-        i = _read(fd, (void *)&(net[net_num]), HDRSIZE - net_num);
-# endif
-# ifdef EINTR
-        if ((i == -1) && (errno == EINTR))
-            continue;
-# endif
-        if (i <= 0)
-            return (0);
-        net_num += i;
-    }
-
-    /* we now have at net_num bytes in net */
-    p = net;
-    /* num=0;  */
-    n2l(p, num);
-    /*
-     * num should be rounded up to the next group of eight we make sure that
-     * we have read a multiple of 8 bytes from the net.
-     */
-    if ((num > MAXWRITE) || (num < 0)) /* error */
-        return (-1);
-    rnum = (num < 8) ? 8 : ((num + 7) / 8 * 8);
-
-    net_num = 0;
-    while (net_num < rnum) {
-# ifndef OPENSSL_SYS_WIN32
-        i = read(fd, (void *)&(net[net_num]), rnum - net_num);
-# else
-        i = _read(fd, (void *)&(net[net_num]), rnum - net_num);
-# endif
-# ifdef EINTR
-        if ((i == -1) && (errno == EINTR))
-            continue;
-# endif
-        if (i <= 0)
-            return (0);
-        net_num += i;
-    }
-
-    /* Check if there will be data left over. */
-    if (len < num) {
-        if (DES_rw_mode & DES_PCBC_MODE)
-            DES_pcbc_encrypt(net, unnet, num, sched, iv, DES_DECRYPT);
-        else
-            DES_cbc_encrypt(net, unnet, num, sched, iv, DES_DECRYPT);
-        memcpy(buf, unnet, len);
-        unnet_start = len;
-        unnet_left = num - len;
-
-        /*
-         * The following line is done because we return num as the number of
-         * bytes read.
-         */
-        num = len;
-    } else {
-        /*-
-         * >output is a multiple of 8 byes, if len < rnum
-         * >we must be careful.  The user must be aware that this
-         * >routine will write more bytes than he asked for.
-         * >The length of the buffer must be correct.
-         * FIXED - Should be ok now 18-9-90 - eay */
-        if (len < rnum) {
-
-            if (DES_rw_mode & DES_PCBC_MODE)
-                DES_pcbc_encrypt(net, tmpbuf, num, sched, iv, DES_DECRYPT);
-            else
-                DES_cbc_encrypt(net, tmpbuf, num, sched, iv, DES_DECRYPT);
-
-            /*
-             * eay 26/08/92 fix a bug that returned more bytes than you asked
-             * for (returned len bytes :-(
-             */
-            memcpy(buf, tmpbuf, num);
-        } else {
-            if (DES_rw_mode & DES_PCBC_MODE)
-                DES_pcbc_encrypt(net, buf, num, sched, iv, DES_DECRYPT);
-            else
-                DES_cbc_encrypt(net, buf, num, sched, iv, DES_DECRYPT);
-        }
-    }
-    return num;
-#endif                          /* OPENSSL_NO_POSIX_IO */
-}
diff --git a/freebsd/crypto/openssl/crypto/des/enc_writ.c b/freebsd/crypto/openssl/crypto/des/enc_writ.c
deleted file mode 100644
index 3b565070..00000000
--- a/freebsd/crypto/openssl/crypto/des/enc_writ.c
+++ /dev/null
@@ -1,184 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/des/enc_writ.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <errno.h>
-#include <time.h>
-#include <stdio.h>
-#include "cryptlib.h"
-#include "des_locl.h"
-#include <openssl/rand.h>
-
-/*-
- * WARNINGS:
- *
- *  -  The data format used by DES_enc_write() and DES_enc_read()
- *     has a cryptographic weakness: When asked to write more
- *     than MAXWRITE bytes, DES_enc_write will split the data
- *     into several chunks that are all encrypted
- *     using the same IV.  So don't use these functions unless you
- *     are sure you know what you do (in which case you might
- *     not want to use them anyway).
- *
- *  -  This code cannot handle non-blocking sockets.
- */
-
-int DES_enc_write(int fd, const void *_buf, int len,
-                  DES_key_schedule *sched, DES_cblock *iv)
-{
-#if defined(OPENSSL_NO_POSIX_IO)
-    return (-1);
-#else
-# ifdef _LIBC
-    extern unsigned long time();
-    extern int write();
-# endif
-    const unsigned char *buf = _buf;
-    long rnum;
-    int i, j, k, outnum;
-    static unsigned char *outbuf = NULL;
-    unsigned char shortbuf[8];
-    unsigned char *p;
-    const unsigned char *cp;
-    static int start = 1;
-
-    if (len < 0)
-        return -1;
-
-    if (outbuf == NULL) {
-        outbuf = OPENSSL_malloc(BSIZE + HDRSIZE);
-        if (outbuf == NULL)
-            return (-1);
-    }
-    /*
-     * If we are sending less than 8 bytes, the same char will look the same
-     * if we don't pad it out with random bytes
-     */
-    if (start) {
-        start = 0;
-    }
-
-    /* lets recurse if we want to send the data in small chunks */
-    if (len > MAXWRITE) {
-        j = 0;
-        for (i = 0; i < len; i += k) {
-            k = DES_enc_write(fd, &(buf[i]),
-                              ((len - i) > MAXWRITE) ? MAXWRITE : (len - i),
-                              sched, iv);
-            if (k < 0)
-                return (k);
-            else
-                j += k;
-        }
-        return (j);
-    }
-
-    /* write length first */
-    p = outbuf;
-    l2n(len, p);
-
-    /* pad short strings */
-    if (len < 8) {
-        cp = shortbuf;
-        memcpy(shortbuf, buf, len);
-        if (RAND_bytes(shortbuf + len, 8 - len) <= 0) {
-            return -1;
-        }
-        rnum = 8;
-    } else {
-        cp = buf;
-        rnum = ((len + 7) / 8 * 8); /* round up to nearest eight */
-    }
-
-    if (DES_rw_mode & DES_PCBC_MODE)
-        DES_pcbc_encrypt(cp, &(outbuf[HDRSIZE]), (len < 8) ? 8 : len, sched,
-                         iv, DES_ENCRYPT);
-    else
-        DES_cbc_encrypt(cp, &(outbuf[HDRSIZE]), (len < 8) ? 8 : len, sched,
-                        iv, DES_ENCRYPT);
-
-    /* output */
-    outnum = rnum + HDRSIZE;
-
-    for (j = 0; j < outnum; j += i) {
-        /*
-         * eay 26/08/92 I was not doing writing from where we got up to.
-         */
-# ifndef _WIN32
-        i = write(fd, (void *)&(outbuf[j]), outnum - j);
-# else
-        i = _write(fd, (void *)&(outbuf[j]), outnum - j);
-# endif
-        if (i == -1) {
-# ifdef EINTR
-            if (errno == EINTR)
-                i = 0;
-            else
-# endif
-                /*
-                 * This is really a bad error - very bad It will stuff-up
-                 * both ends.
-                 */
-                return (-1);
-        }
-    }
-
-    return (len);
-#endif                          /* OPENSSL_NO_POSIX_IO */
-}
diff --git a/freebsd/crypto/openssl/crypto/des/fcrypt.c b/freebsd/crypto/openssl/crypto/des/fcrypt.c
index a5708421..1cb36879 100644
--- a/freebsd/crypto/openssl/crypto/des/fcrypt.c
+++ b/freebsd/crypto/openssl/crypto/des/fcrypt.c
@@ -1,5 +1,14 @@
 #include <machine/rtems-bsd-user-space.h>
 
+/*
+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
 /* NOCW */
 #include <stdio.h>
 #ifdef _OSD_POSIX
@@ -11,24 +20,12 @@
 # include <openssl/ebcdic.h>
 #endif
 
-/*
- * This version of crypt has been developed from my MIT compatible DES
- * library. Eric Young (eay@cryptsoft.com)
- */
-
-/*
- * Modification by Jens Kupferschmidt (Cu) I have included directive PARA for
- * shared memory computers. I have included a directive LONGCRYPT to using
- * this routine to cipher passwords with more then 8 bytes like HP-UX 10.x it
- * used. The MAXPLEN definition is the maximum of length of password and can
- * changed. I have defined 24.
- */
-
+#include <openssl/crypto.h>
 #include "des_locl.h"
 
 /*
  * Added more values to handle illegal salt values the way normal crypt()
- * implementations do.  The patch was sent by Bjorn Gronvall <bg@sics.se>
+ * implementations do.
  */
 static unsigned const char con_salt[128] = {
     0xD2, 0xD3, 0xD4, 0xD5, 0xD6, 0xD7, 0xD8, 0xD9,
@@ -65,33 +62,29 @@ char *DES_crypt(const char *buf, const char *salt)
     static char buff[14];
 
 #ifndef CHARSET_EBCDIC
-    return (DES_fcrypt(buf, salt, buff));
+    return DES_fcrypt(buf, salt, buff);
 #else
     char e_salt[2 + 1];
     char e_buf[32 + 1];         /* replace 32 by 8 ? */
     char *ret;
 
-    /* Copy at most 2 chars of salt */
-    if ((e_salt[0] = salt[0]) != '\0')
-        e_salt[1] = salt[1];
-
-    /* Copy at most 32 chars of password */
-    strncpy(e_buf, buf, sizeof(e_buf));
+    if (salt[0] == '\0' || salt[1] == '\0')
+        return NULL;
 
-    /* Make sure we have a delimiter */
-    e_salt[sizeof(e_salt) - 1] = e_buf[sizeof(e_buf) - 1] = '\0';
-
-    /* Convert the e_salt to ASCII, as that's what DES_fcrypt works on */
+    /* Copy salt, convert to ASCII. */
+    e_salt[0] = salt[0];
+    e_salt[1] = salt[1];
+    e_salt[2] = '\0';
     ebcdic2ascii(e_salt, e_salt, sizeof(e_salt));
 
-    /* Convert the cleartext password to ASCII */
+    /* Convert password to ASCII. */
+    OPENSSL_strlcpy(e_buf, buf, sizeof(e_buf));
     ebcdic2ascii(e_buf, e_buf, sizeof(e_buf));
 
-    /* Encrypt it (from/to ASCII) */
+    /* Encrypt it (from/to ASCII); if it worked, convert back. */
     ret = DES_fcrypt(e_buf, e_salt, buff);
-
-    /* Convert the result back to EBCDIC */
-    ascii2ebcdic(ret, ret, strlen(ret));
+    if (ret != NULL)
+        ascii2ebcdic(ret, ret, strlen(ret));
 
     return ret;
 #endif
@@ -108,25 +101,14 @@ char *DES_fcrypt(const char *buf, const char *salt, char *ret)
     unsigned char *b = bb;
     unsigned char c, u;
 
-    /*
-     * eay 25/08/92 If you call crypt("pwd","*") as often happens when you
-     * have * as the pwd field in /etc/passwd, the function returns
-     * *\0XXXXXXXXX The \0 makes the string look like * so the pwd "*" would
-     * crypt to "*".  This was found when replacing the crypt in our shared
-     * libraries.  People found that the disabled accounts effectively had no
-     * passwd :-(.
-     */
-#ifndef CHARSET_EBCDIC
-    x = ret[0] = ((salt[0] == '\0') ? 'A' : salt[0]);
+    x = ret[0] = salt[0];
+    if (x == 0 || x >= sizeof(con_salt))
+        return NULL;
     Eswap0 = con_salt[x] << 2;
-    x = ret[1] = ((salt[1] == '\0') ? 'A' : salt[1]);
+    x = ret[1] = salt[1];
+    if (x == 0 || x >= sizeof(con_salt))
+        return NULL;
     Eswap1 = con_salt[x] << 6;
-#else
-    x = ret[0] = ((salt[0] == '\0') ? os_toascii['A'] : salt[0]);
-    Eswap0 = con_salt[x] << 2;
-    x = ret[1] = ((salt[1] == '\0') ? os_toascii['A'] : salt[1]);
-    Eswap1 = con_salt[x] << 6;
-#endif
 
     /*
      * EAY r=strlen(buf); r=(r+7)/8;
@@ -165,5 +147,5 @@ char *DES_fcrypt(const char *buf, const char *salt, char *ret)
         ret[i] = cov_2char[c];
     }
     ret[13] = '\0';
-    return (ret);
+    return ret;
 }
diff --git a/freebsd/crypto/openssl/crypto/des/fcrypt_b.c b/freebsd/crypto/openssl/crypto/des/fcrypt_b.c
index ad41bcbd..c4fc202a 100644
--- a/freebsd/crypto/openssl/crypto/des/fcrypt_b.c
+++ b/freebsd/crypto/openssl/crypto/des/fcrypt_b.c
@@ -1,71 +1,16 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/des/fcrypt_b.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 
-/*
- * This version of crypt has been developed from my MIT compatible DES
- * library. The library is available at pub/Crypto/DES at ftp.psy.uq.oz.au
- * Eric Young (eay@cryptsoft.com)
- */
-
 #define DES_FCRYPT
 #include "des_locl.h"
 #undef DES_FCRYPT
@@ -83,9 +28,6 @@ void fcrypt_body(DES_LONG *out, DES_key_schedule *ks, DES_LONG Eswap0,
                  DES_LONG Eswap1)
 {
     register DES_LONG l, r, t, u;
-#ifdef DES_PTR
-    register const unsigned char *des_SP = (const unsigned char *)DES_SPtrans;
-#endif
     register DES_LONG *s;
     register int j;
     register DES_LONG E0, E1;
@@ -98,14 +40,6 @@ void fcrypt_body(DES_LONG *out, DES_key_schedule *ks, DES_LONG Eswap0,
     E1 = Eswap1;
 
     for (j = 0; j < 25; j++) {
-#ifndef DES_UNROLL
-        register int i;
-
-        for (i = 0; i < 32; i += 4) {
-            D_ENCRYPT(l, r, i + 0); /* 1 */
-            D_ENCRYPT(r, l, i + 2); /* 2 */
-        }
-#else
         D_ENCRYPT(l, r, 0);     /* 1 */
         D_ENCRYPT(r, l, 2);     /* 2 */
         D_ENCRYPT(l, r, 4);     /* 3 */
@@ -122,8 +56,6 @@ void fcrypt_body(DES_LONG *out, DES_key_schedule *ks, DES_LONG Eswap0,
         D_ENCRYPT(r, l, 26);    /* 14 */
         D_ENCRYPT(l, r, 28);    /* 15 */
         D_ENCRYPT(r, l, 30);    /* 16 */
-#endif
-
         t = l;
         l = r;
         r = t;
@@ -131,11 +63,11 @@ void fcrypt_body(DES_LONG *out, DES_key_schedule *ks, DES_LONG Eswap0,
     l = ROTATE(l, 3) & 0xffffffffL;
     r = ROTATE(r, 3) & 0xffffffffL;
 
-    PERM_OP(l, r, t, 1, 0x55555555L);
-    PERM_OP(r, l, t, 8, 0x00ff00ffL);
-    PERM_OP(l, r, t, 2, 0x33333333L);
+    PERM_OP(l, r, t,  1, 0x55555555L);
+    PERM_OP(r, l, t,  8, 0x00ff00ffL);
+    PERM_OP(l, r, t,  2, 0x33333333L);
     PERM_OP(r, l, t, 16, 0x0000ffffL);
-    PERM_OP(l, r, t, 4, 0x0f0f0f0fL);
+    PERM_OP(l, r, t,  4, 0x0f0f0f0fL);
 
     out[0] = r;
     out[1] = l;
diff --git a/freebsd/crypto/openssl/crypto/des/ncbc_enc.c b/freebsd/crypto/openssl/crypto/des/ncbc_enc.c
index 8e609ef1..3e0654eb 100644
--- a/freebsd/crypto/openssl/crypto/des/ncbc_enc.c
+++ b/freebsd/crypto/openssl/crypto/des/ncbc_enc.c
@@ -1,67 +1,19 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/des/ncbc_enc.c */
+/*
+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
 /*-
  * #included by:
  *    cbc_enc.c  (DES_cbc_encrypt)
  *    des_enc.c  (DES_ncbc_encrypt)
  */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
 
 #include "des_locl.h"
 
diff --git a/freebsd/crypto/openssl/crypto/des/ofb64ede.c b/freebsd/crypto/openssl/crypto/des/ofb64ede.c
index 36268acd..920fd3bf 100644
--- a/freebsd/crypto/openssl/crypto/des/ofb64ede.c
+++ b/freebsd/crypto/openssl/crypto/des/ofb64ede.c
@@ -1,61 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/des/ofb64ede.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include "des_locl.h"
@@ -104,8 +55,6 @@ void DES_ede3_ofb64_encrypt(register const unsigned char *in,
         n = (n + 1) & 0x07;
     }
     if (save) {
-/*-     v0=ti[0];
-        v1=ti[1];*/
         iv = &(*ivec)[0];
         l2c(v0, iv);
         l2c(v1, iv);
@@ -113,13 +62,3 @@ void DES_ede3_ofb64_encrypt(register const unsigned char *in,
     v0 = v1 = ti[0] = ti[1] = 0;
     *num = n;
 }
-
-#ifdef undef                    /* MACRO */
-void DES_ede2_ofb64_encrypt(register unsigned char *in,
-                            register unsigned char *out, long length,
-                            DES_key_schedule k1, DES_key_schedule k2,
-                            DES_cblock (*ivec), int *num)
-{
-    DES_ede3_ofb64_encrypt(in, out, length, k1, k2, k1, ivec, num);
-}
-#endif
diff --git a/freebsd/crypto/openssl/crypto/des/ofb64enc.c b/freebsd/crypto/openssl/crypto/des/ofb64enc.c
index fecd049d..2f308870 100644
--- a/freebsd/crypto/openssl/crypto/des/ofb64enc.c
+++ b/freebsd/crypto/openssl/crypto/des/ofb64enc.c
@@ -1,61 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/des/ofb64enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include "des_locl.h"
diff --git a/freebsd/crypto/openssl/crypto/des/ofb_enc.c b/freebsd/crypto/openssl/crypto/des/ofb_enc.c
index 7a9ce9a3..9b7c5d2e 100644
--- a/freebsd/crypto/openssl/crypto/des/ofb_enc.c
+++ b/freebsd/crypto/openssl/crypto/des/ofb_enc.c
@@ -1,68 +1,19 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/des/ofb_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include "des_locl.h"
 
 /*
  * The input and output are loaded in multiples of 8 bits. What this means is
- * that if you hame numbits=12 and length=2 the first 12 bits will be
+ * that if you have numbits=12 and length=2 the first 12 bits will be
  * retrieved from the first byte and half the second.  The second 12 bits
  * will come from the 3rd and half the 4th byte.
  */
diff --git a/freebsd/crypto/openssl/crypto/des/pcbc_enc.c b/freebsd/crypto/openssl/crypto/des/pcbc_enc.c
index d5275897..30b6eb3a 100644
--- a/freebsd/crypto/openssl/crypto/des/pcbc_enc.c
+++ b/freebsd/crypto/openssl/crypto/des/pcbc_enc.c
@@ -1,61 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/des/pcbc_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include "des_locl.h"
diff --git a/freebsd/crypto/openssl/crypto/des/qud_cksm.c b/freebsd/crypto/openssl/crypto/des/qud_cksm.c
index 492df9a2..8617de4a 100644
--- a/freebsd/crypto/openssl/crypto/des/qud_cksm.c
+++ b/freebsd/crypto/openssl/crypto/des/qud_cksm.c
@@ -1,61 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/des/qud_cksm.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 /*
@@ -66,7 +17,6 @@
  */
 #include "des_locl.h"
 
-/* bug fix for dos - 7/6/91 - Larry hughes@logos.ucs.indiana.edu */
 #define Q_B0(a) (((DES_LONG)(a)))
 #define Q_B1(a) (((DES_LONG)(a))<<8)
 #define Q_B2(a) (((DES_LONG)(a))<<16)
@@ -83,22 +33,11 @@ DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[],
     int i;
     long l;
     const unsigned char *cp;
-#ifdef _CRAY
-    struct lp_st {
-        int a:32;
-        int b:32;
-    } *lp;
-#else
     DES_LONG *lp;
-#endif
 
     if (out_count < 1)
         out_count = 1;
-#ifdef _CRAY
-    lp = (struct lp_st *)&(output[0])[0];
-#else
     lp = (DES_LONG *)&(output[0])[0];
-#endif
 
     z0 = Q_B0((*seed)[0]) | Q_B1((*seed)[1]) | Q_B2((*seed)[2]) |
         Q_B3((*seed)[3]);
@@ -131,15 +70,9 @@ DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[],
              * The MIT library assumes that the checksum is composed of
              * 2*out_count 32 bit ints
              */
-#ifdef _CRAY
-            (*lp).a = z0;
-            (*lp).b = z1;
-            lp++;
-#else
             *lp++ = z0;
             *lp++ = z1;
-#endif
         }
     }
-    return (z0);
+    return z0;
 }
diff --git a/freebsd/crypto/openssl/crypto/des/rand_key.c b/freebsd/crypto/openssl/crypto/des/rand_key.c
index 793c76b0..f49ff53c 100644
--- a/freebsd/crypto/openssl/crypto/des/rand_key.c
+++ b/freebsd/crypto/openssl/crypto/des/rand_key.c
@@ -1,58 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/des/rand_key.c */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/des.h>
@@ -61,9 +15,9 @@
 int DES_random_key(DES_cblock *ret)
 {
     do {
-        if (RAND_bytes((unsigned char *)ret, sizeof(DES_cblock)) != 1)
-            return (0);
+        if (RAND_priv_bytes((unsigned char *)ret, sizeof(DES_cblock)) != 1)
+            return 0;
     } while (DES_is_weak_key(ret));
     DES_set_odd_parity(ret);
-    return (1);
+    return 1;
 }
diff --git a/freebsd/crypto/openssl/crypto/des/read2pwd.c b/freebsd/crypto/openssl/crypto/des/read2pwd.c
deleted file mode 100644
index 25663076..00000000
--- a/freebsd/crypto/openssl/crypto/des/read2pwd.c
+++ /dev/null
@@ -1,142 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/des/read2pwd.c */
-/* ====================================================================
- * Copyright (c) 2001-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <string.h>
-#include <openssl/des.h>
-#include <openssl/ui.h>
-#include <openssl/crypto.h>
-
-int DES_read_password(DES_cblock *key, const char *prompt, int verify)
-{
-    int ok;
-    char buf[BUFSIZ], buff[BUFSIZ];
-
-    if ((ok = UI_UTIL_read_pw(buf, buff, BUFSIZ, prompt, verify)) == 0)
-        DES_string_to_key(buf, key);
-    OPENSSL_cleanse(buf, BUFSIZ);
-    OPENSSL_cleanse(buff, BUFSIZ);
-    return (ok);
-}
-
-int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2,
-                        const char *prompt, int verify)
-{
-    int ok;
-    char buf[BUFSIZ], buff[BUFSIZ];
-
-    if ((ok = UI_UTIL_read_pw(buf, buff, BUFSIZ, prompt, verify)) == 0)
-        DES_string_to_2keys(buf, key1, key2);
-    OPENSSL_cleanse(buf, BUFSIZ);
-    OPENSSL_cleanse(buff, BUFSIZ);
-    return (ok);
-}
diff --git a/freebsd/crypto/openssl/crypto/des/read_pwd.c b/freebsd/crypto/openssl/crypto/des/read_pwd.c
deleted file mode 100644
index d6ce46a5..00000000
--- a/freebsd/crypto/openssl/crypto/des/read_pwd.c
+++ /dev/null
@@ -1,535 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/des/read_pwd.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/e_os2.h>
-#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WIN32)
-# ifdef OPENSSL_UNISTD
-#  include OPENSSL_UNISTD
-# else
-#  include <unistd.h>
-# endif
-/*
- * If unistd.h defines _POSIX_VERSION, we conclude that we are on a POSIX
- * system and have sigaction and termios.
- */
-# if defined(_POSIX_VERSION)
-
-#  define SIGACTION
-#  if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY)
-#   define TERMIOS
-#  endif
-
-# endif
-#endif
-
-/* Define this if you have sigaction() */
-/* #define SIGACTION */
-
-#ifdef WIN16TTY
-# undef OPENSSL_SYS_WIN16
-# undef _WINDOWS
-# include <graph.h>
-#endif
-
-/* 06-Apr-92 Luke Brennan    Support for VMS */
-#include "des_locl.h"
-#include "cryptlib.h"
-#include <signal.h>
-#include <stdio.h>
-#include <string.h>
-#include <setjmp.h>
-#include <errno.h>
-
-#ifdef OPENSSL_SYS_VMS          /* prototypes for sys$whatever */
-# include <starlet.h>
-# ifdef __DECC
-#  pragma message disable DOLLARID
-# endif
-#endif
-
-#ifdef WIN_CONSOLE_BUG
-# include <windows.h>
-# ifndef OPENSSL_SYS_WINCE
-#  include <wincon.h>
-# endif
-#endif
-
-/*
- * There are 5 types of terminal interface supported, TERMIO, TERMIOS, VMS,
- * MSDOS and SGTTY
- */
-
-#if defined(__sgi) && !defined(TERMIOS)
-# define TERMIOS
-# undef  TERMIO
-# undef  SGTTY
-#endif
-
-#if defined(linux) && !defined(TERMIO)
-# undef  TERMIOS
-# define TERMIO
-# undef  SGTTY
-#endif
-
-#ifdef _LIBC
-# undef  TERMIOS
-# define TERMIO
-# undef  SGTTY
-#endif
-
-#if !defined(TERMIO) && !defined(TERMIOS) && !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_MSDOS) && !defined(MAC_OS_pre_X) && !defined(MAC_OS_GUSI_SOURCE)
-# undef  TERMIOS
-# undef  TERMIO
-# define SGTTY
-#endif
-
-#if defined(OPENSSL_SYS_VXWORKS)
-# undef TERMIOS
-# undef TERMIO
-# undef SGTTY
-#endif
-
-#ifdef TERMIOS
-# include <termios.h>
-# define TTY_STRUCT              struct termios
-# define TTY_FLAGS               c_lflag
-# define TTY_get(tty,data)       tcgetattr(tty,data)
-# define TTY_set(tty,data)       tcsetattr(tty,TCSANOW,data)
-#endif
-
-#ifdef TERMIO
-# include <termio.h>
-# define TTY_STRUCT              struct termio
-# define TTY_FLAGS               c_lflag
-# define TTY_get(tty,data)       ioctl(tty,TCGETA,data)
-# define TTY_set(tty,data)       ioctl(tty,TCSETA,data)
-#endif
-
-#ifdef SGTTY
-# include <sgtty.h>
-# define TTY_STRUCT              struct sgttyb
-# define TTY_FLAGS               sg_flags
-# define TTY_get(tty,data)       ioctl(tty,TIOCGETP,data)
-# define TTY_set(tty,data)       ioctl(tty,TIOCSETP,data)
-#endif
-
-#if !defined(_LIBC) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) && !defined(MAC_OS_pre_X)
-# include <sys/ioctl.h>
-#endif
-
-#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WINCE)
-# include <conio.h>
-# define fgets(a,b,c) noecho_fgets(a,b,c)
-#endif
-
-#ifdef OPENSSL_SYS_VMS
-# include <ssdef.h>
-# include <iodef.h>
-# include <ttdef.h>
-# include <descrip.h>
-struct IOSB {
-    short iosb$w_value;
-    short iosb$w_count;
-    long iosb$l_info;
-};
-#endif
-
-#if defined(MAC_OS_pre_X) || defined(MAC_OS_GUSI_SOURCE)
-/*
- * This one needs work. As a matter of fact the code is unoperational
- * and this is only a trick to get it compiled.
- *                                      <appro@fy.chalmers.se>
- */
-# define TTY_STRUCT int
-#endif
-
-#ifndef NX509_SIG
-# define NX509_SIG 32
-#endif
-
-static void read_till_nl(FILE *);
-static void recsig(int);
-static void pushsig(void);
-static void popsig(void);
-#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN16)
-static int noecho_fgets(char *buf, int size, FILE *tty);
-#endif
-#ifdef SIGACTION
-static struct sigaction savsig[NX509_SIG];
-#else
-static void (*savsig[NX509_SIG]) (int);
-#endif
-static jmp_buf save;
-
-int des_read_pw_string(char *buf, int length, const char *prompt, int verify)
-{
-    char buff[BUFSIZ];
-    int ret;
-
-    ret =
-        des_read_pw(buf, buff, (length > BUFSIZ) ? BUFSIZ : length, prompt,
-                    verify);
-    OPENSSL_cleanse(buff, BUFSIZ);
-    return (ret);
-}
-
-#ifdef OPENSSL_SYS_WINCE
-
-int des_read_pw(char *buf, char *buff, int size, const char *prompt,
-                int verify)
-{
-    memset(buf, 0, size);
-    memset(buff, 0, size);
-    return (0);
-}
-
-#elif defined(OPENSSL_SYS_WIN16)
-
-int des_read_pw(char *buf, char *buff, int size, char *prompt, int verify)
-{
-    memset(buf, 0, size);
-    memset(buff, 0, size);
-    return (0);
-}
-
-#else                           /* !OPENSSL_SYS_WINCE && !OPENSSL_SYS_WIN16 */
-
-static void read_till_nl(FILE *in)
-{
-# define SIZE 4
-    char buf[SIZE + 1];
-
-    do {
-        fgets(buf, SIZE, in);
-    } while (strchr(buf, '\n') == NULL);
-}
-
-/* return 0 if ok, 1 (or -1) otherwise */
-int des_read_pw(char *buf, char *buff, int size, const char *prompt,
-                int verify)
-{
-# ifdef OPENSSL_SYS_VMS
-    struct IOSB iosb;
-    $DESCRIPTOR(terminal, "TT");
-    long tty_orig[3], tty_new[3];
-    long status;
-    unsigned short channel = 0;
-# else
-#  if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__)
-    TTY_STRUCT tty_orig, tty_new;
-#  endif
-# endif
-    int number;
-    int ok;
-    /*
-     * statics are simply to avoid warnings about longjmp clobbering things
-     */
-    static int ps;
-    int is_a_tty;
-    static FILE *tty;
-    char *p;
-
-    if (setjmp(save)) {
-        ok = 0;
-        goto error;
-    }
-
-    number = 5;
-    ok = 0;
-    ps = 0;
-    is_a_tty = 1;
-    tty = NULL;
-
-# ifdef OPENSSL_SYS_MSDOS
-    if ((tty = fopen("con", "r")) == NULL)
-        tty = stdin;
-# elif defined(MAC_OS_pre_X) || defined(OPENSSL_SYS_VXWORKS)
-    tty = stdin;
-# else
-#  ifndef OPENSSL_SYS_MPE
-    if ((tty = fopen("/dev/tty", "r")) == NULL)
-#  endif
-        tty = stdin;
-# endif
-
-# if defined(TTY_get) && !defined(OPENSSL_SYS_VMS)
-    if (TTY_get(fileno(tty), &tty_orig) == -1) {
-#  ifdef ENOTTY
-        if (errno == ENOTTY)
-            is_a_tty = 0;
-        else
-#  endif
-#  ifdef EINVAL
-            /*
-             * Ariel Glenn ariel@columbia.edu reports that solaris can return
-             * EINVAL instead.  This should be ok
-             */
-        if (errno == EINVAL)
-            is_a_tty = 0;
-        else
-#  endif
-            return (-1);
-    }
-    memcpy(&(tty_new), &(tty_orig), sizeof(tty_orig));
-# endif
-# ifdef OPENSSL_SYS_VMS
-    status = sys$assign(&terminal, &channel, 0, 0);
-    if (status != SS$_NORMAL)
-        return (-1);
-    status =
-        sys$qiow(0, channel, IO$_SENSEMODE, &iosb, 0, 0, tty_orig, 12, 0, 0,
-                 0, 0);
-    if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
-        return (-1);
-# endif
-
-    pushsig();
-    ps = 1;
-
-# ifdef TTY_FLAGS
-    tty_new.TTY_FLAGS &= ~ECHO;
-# endif
-
-# if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
-    if (is_a_tty && (TTY_set(fileno(tty), &tty_new) == -1))
-#  ifdef OPENSSL_SYS_MPE
-        ;                       /* MPE lies -- echo really has been disabled */
-#  else
-        return (-1);
-#  endif
-# endif
-# ifdef OPENSSL_SYS_VMS
-    tty_new[0] = tty_orig[0];
-    tty_new[1] = tty_orig[1] | TT$M_NOECHO;
-    tty_new[2] = tty_orig[2];
-    status =
-        sys$qiow(0, channel, IO$_SETMODE, &iosb, 0, 0, tty_new, 12, 0, 0, 0,
-                 0);
-    if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
-        return (-1);
-# endif
-    ps = 2;
-
-    while ((!ok) && (number--)) {
-        fputs(prompt, stderr);
-        fflush(stderr);
-
-        buf[0] = '\0';
-        fgets(buf, size, tty);
-        if (feof(tty))
-            goto error;
-        if (ferror(tty))
-            goto error;
-        if ((p = (char *)strchr(buf, '\n')) != NULL)
-            *p = '\0';
-        else
-            read_till_nl(tty);
-        if (verify) {
-            fprintf(stderr, "\nVerifying password - %s", prompt);
-            fflush(stderr);
-            buff[0] = '\0';
-            fgets(buff, size, tty);
-            if (feof(tty))
-                goto error;
-            if ((p = (char *)strchr(buff, '\n')) != NULL)
-                *p = '\0';
-            else
-                read_till_nl(tty);
-
-            if (strcmp(buf, buff) != 0) {
-                fprintf(stderr, "\nVerify failure");
-                fflush(stderr);
-                break;
-                /* continue; */
-            }
-        }
-        ok = 1;
-    }
-
- error:
-    fprintf(stderr, "\n");
-# if 0
-    perror("fgets(tty)");
-# endif
-    /* What can we do if there is an error? */
-# if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
-    if (ps >= 2)
-        TTY_set(fileno(tty), &tty_orig);
-# endif
-# ifdef OPENSSL_SYS_VMS
-    if (ps >= 2)
-        status =
-            sys$qiow(0, channel, IO$_SETMODE, &iosb, 0, 0, tty_orig, 12, 0, 0,
-                     0, 0);
-# endif
-
-    if (ps >= 1)
-        popsig();
-    if (stdin != tty)
-        fclose(tty);
-# ifdef OPENSSL_SYS_VMS
-    status = sys$dassgn(channel);
-# endif
-    return (!ok);
-}
-
-static void pushsig(void)
-{
-    int i;
-# ifdef SIGACTION
-    struct sigaction sa;
-
-    memset(&sa, 0, sizeof(sa));
-    sa.sa_handler = recsig;
-# endif
-
-    for (i = 1; i < NX509_SIG; i++) {
-# ifdef SIGUSR1
-        if (i == SIGUSR1)
-            continue;
-# endif
-# ifdef SIGUSR2
-        if (i == SIGUSR2)
-            continue;
-# endif
-# ifdef SIGACTION
-        sigaction(i, &sa, &savsig[i]);
-# else
-        savsig[i] = signal(i, recsig);
-# endif
-    }
-
-# ifdef SIGWINCH
-    signal(SIGWINCH, SIG_DFL);
-# endif
-}
-
-static void popsig(void)
-{
-    int i;
-
-    for (i = 1; i < NX509_SIG; i++) {
-# ifdef SIGUSR1
-        if (i == SIGUSR1)
-            continue;
-# endif
-# ifdef SIGUSR2
-        if (i == SIGUSR2)
-            continue;
-# endif
-# ifdef SIGACTION
-        sigaction(i, &savsig[i], NULL);
-# else
-        signal(i, savsig[i]);
-# endif
-    }
-}
-
-static void recsig(int i)
-{
-    longjmp(save, 1);
-# ifdef LINT
-    i = i;
-# endif
-}
-
-# ifdef OPENSSL_SYS_MSDOS
-static int noecho_fgets(char *buf, int size, FILE *tty)
-{
-    int i;
-    char *p;
-
-    p = buf;
-    for (;;) {
-        if (size == 0) {
-            *p = '\0';
-            break;
-        }
-        size--;
-#  ifdef WIN16TTY
-        i = _inchar();
-#  else
-        i = getch();
-#  endif
-        if (i == '\r')
-            i = '\n';
-        *(p++) = i;
-        if (i == '\n') {
-            *p = '\0';
-            break;
-        }
-    }
-#  ifdef WIN_CONSOLE_BUG
-    /*
-     * Win95 has several evil console bugs: one of these is that the last
-     * character read using getch() is passed to the next read: this is
-     * usually a CR so this can be trouble. No STDIO fix seems to work but
-     * flushing the console appears to do the trick.
-     */
-    {
-        HANDLE inh;
-        inh = GetStdHandle(STD_INPUT_HANDLE);
-        FlushConsoleInputBuffer(inh);
-    }
-#  endif
-    return (strlen(buf));
-}
-# endif
-#endif                          /* !OPENSSL_SYS_WINCE && !WIN16 */
diff --git a/freebsd/crypto/openssl/crypto/des/rpc_des.h b/freebsd/crypto/openssl/crypto/des/rpc_des.h
deleted file mode 100644
index 4db9062d..00000000
--- a/freebsd/crypto/openssl/crypto/des/rpc_des.h
+++ /dev/null
@@ -1,130 +0,0 @@
-/* crypto/des/rpc_des.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/*  @(#)des.h   2.2 88/08/10 4.0 RPCSRC; from 2.7 88/02/08 SMI  */
-/*-
- * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
- * unrestricted use provided that this legend is included on all tape
- * media and as a part of the software program in whole or part.  Users
- * may copy or modify Sun RPC without charge, but are not authorized
- * to license or distribute it to anyone else except as part of a product or
- * program developed by the user.
- *
- * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
- * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- *
- * Sun RPC is provided with no support and without any obligation on the
- * part of Sun Microsystems, Inc. to assist in its use, correction,
- * modification or enhancement.
- *
- * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
- * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
- * OR ANY PART THEREOF.
- *
- * In no event will Sun Microsystems, Inc. be liable for any lost revenue
- * or profits or other special, indirect and consequential damages, even if
- * Sun has been advised of the possibility of such damages.
- *
- * Sun Microsystems, Inc.
- * 2550 Garcia Avenue
- * Mountain View, California  94043
- */
-/*
- * Generic DES driver interface
- * Keep this file hardware independent!
- * Copyright (c) 1986 by Sun Microsystems, Inc.
- */
-
-#define DES_MAXLEN      65536   /* maximum # of bytes to encrypt */
-#define DES_QUICKLEN    16      /* maximum # of bytes to encrypt quickly */
-
-#ifdef HEADER_DES_H
-# undef ENCRYPT
-# undef DECRYPT
-#endif
-
-enum desdir { ENCRYPT, DECRYPT };
-enum desmode { CBC, ECB };
-
-/*
- * parameters to ioctl call
- */
-struct desparams {
-    unsigned char des_key[8];   /* key (with low bit parity) */
-    enum desdir des_dir;        /* direction */
-    enum desmode des_mode;      /* mode */
-    unsigned char des_ivec[8];  /* input vector */
-    unsigned des_len;           /* number of bytes to crypt */
-    union {
-        unsigned char UDES_data[DES_QUICKLEN];
-        unsigned char *UDES_buf;
-    } UDES;
-#define des_data UDES.UDES_data /* direct data here if quick */
-#define des_buf  UDES.UDES_buf  /* otherwise, pointer to data */
-};
-
-/*
- * Encrypt an arbitrary sized buffer
- */
-#define DESIOCBLOCK     _IOWR('d', 6, struct desparams)
-
-/*
- * Encrypt of small amount of data, quickly
- */
-#define DESIOCQUICK     _IOWR('d', 7, struct desparams)
diff --git a/freebsd/crypto/openssl/crypto/des/rpc_enc.c b/freebsd/crypto/openssl/crypto/des/rpc_enc.c
deleted file mode 100644
index 8f0b072b..00000000
--- a/freebsd/crypto/openssl/crypto/des/rpc_enc.c
+++ /dev/null
@@ -1,102 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/des/rpc_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "rpc_des.h"
-#include "des_locl.h"
-#include "des_ver.h"
-
-int _des_crypt(char *buf, int len, struct desparams *desp);
-int _des_crypt(char *buf, int len, struct desparams *desp)
-{
-    DES_key_schedule ks;
-    int enc;
-
-    DES_set_key_unchecked(&desp->des_key, &ks);
-    enc = (desp->des_dir == ENCRYPT) ? DES_ENCRYPT : DES_DECRYPT;
-
-    if (desp->des_mode == CBC)
-        DES_ecb_encrypt((const_DES_cblock *)desp->UDES.UDES_buf,
-                        (DES_cblock *)desp->UDES.UDES_buf, &ks, enc);
-    else {
-        DES_ncbc_encrypt(desp->UDES.UDES_buf, desp->UDES.UDES_buf,
-                         len, &ks, &desp->des_ivec, enc);
-#ifdef undef
-        /*
-         * len will always be %8 if called from common_crypt in secure_rpc.
-         * Libdes's cbc encrypt does not copy back the iv, so we have to do
-         * it here.
-         */
-        /* It does now :-) eay 20/09/95 */
-
-        a = (char *)&(desp->UDES.UDES_buf[len - 8]);
-        b = (char *)&(desp->des_ivec[0]);
-
-        *(a++) = *(b++);
-        *(a++) = *(b++);
-        *(a++) = *(b++);
-        *(a++) = *(b++);
-        *(a++) = *(b++);
-        *(a++) = *(b++);
-        *(a++) = *(b++);
-        *(a++) = *(b++);
-#endif
-    }
-    return (1);
-}
diff --git a/freebsd/crypto/openssl/crypto/des/rpw.c b/freebsd/crypto/openssl/crypto/des/rpw.c
deleted file mode 100644
index b5b6460b..00000000
--- a/freebsd/crypto/openssl/crypto/des/rpw.c
+++ /dev/null
@@ -1,96 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/des/rpw.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/des.h>
-
-int main(int argc, char *argv[])
-{
-    DES_cblock k, k1;
-    int i;
-
-    printf("read passwd\n");
-    if ((i = des_read_password(&k, "Enter password:", 0)) == 0) {
-        printf("password = ");
-        for (i = 0; i < 8; i++)
-            printf("%02x ", k[i]);
-    } else
-        printf("error %d\n", i);
-    printf("\n");
-    printf("read 2passwds and verify\n");
-    if ((i = des_read_2passwords(&k, &k1,
-                                 "Enter verified password:", 1)) == 0) {
-        printf("password1 = ");
-        for (i = 0; i < 8; i++)
-            printf("%02x ", k[i]);
-        printf("\n");
-        printf("password2 = ");
-        for (i = 0; i < 8; i++)
-            printf("%02x ", k1[i]);
-        printf("\n");
-        exit(1);
-    } else {
-        printf("error %d\n", i);
-        exit(0);
-    }
-#ifdef LINT
-    return (0);
-#endif
-}
diff --git a/freebsd/crypto/openssl/crypto/des/set_key.c b/freebsd/crypto/openssl/crypto/des/set_key.c
index 446e0861..89a15fdb 100644
--- a/freebsd/crypto/openssl/crypto/des/set_key.c
+++ b/freebsd/crypto/openssl/crypto/des/set_key.c
@@ -1,61 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/des/set_key.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 /*-
@@ -69,10 +20,9 @@
 #include <openssl/crypto.h>
 #include "des_locl.h"
 
+/* defaults to false */
 OPENSSL_IMPLEMENT_GLOBAL(int, DES_check_key, 0)
-                                                    /*
-                                                     * defaults to false
-                                                     */
+
 static const unsigned char odd_parity[256] = {
     1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14,
     16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31,
@@ -116,9 +66,9 @@ int DES_check_key_parity(const_DES_cblock *key)
 
     for (i = 0; i < DES_KEY_SZ; i++) {
         if ((*key)[i] != odd_parity[(*key)[i]])
-            return (0);
+            return 0;
     }
-    return (1);
+    return 1;
 }
 
 /*-
@@ -128,8 +78,6 @@ int DES_check_key_parity(const_DES_cblock *key)
  * %T Security for Computer Networks
  * %I John Wiley & Sons
  * %D 1984
- * Many thanks to smb@ulysses.att.com (Steven Bellovin) for the reference
- * (and actual cblock values).
  */
 #define NUM_WEAK_KEY    16
 static const DES_cblock weak_keys[NUM_WEAK_KEY] = {
@@ -158,15 +106,9 @@ int DES_is_weak_key(const_DES_cblock *key)
     int i;
 
     for (i = 0; i < NUM_WEAK_KEY; i++)
-        /*
-         * Added == 0 to comparison, I obviously don't run this section very
-         * often :-(, thanks to engineering@MorningStar.Com for the fix eay
-         * 93/06/29 Another problem, I was comparing only the first 4 bytes,
-         * 97/03/18
-         */
         if (memcmp(weak_keys[i], key, sizeof(DES_cblock)) == 0)
-            return (1);
-    return (0);
+            return 1;
+    return 0;
 }
 
 /*-
@@ -353,23 +295,14 @@ int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule)
 int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule)
 {
     if (!DES_check_key_parity(key))
-        return (-1);
+        return -1;
     if (DES_is_weak_key(key))
-        return (-2);
+        return -2;
     DES_set_key_unchecked(key, schedule);
     return 0;
 }
 
 void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
-#ifdef OPENSSL_FIPS
-{
-    fips_cipher_abort(DES);
-    private_DES_set_key_unchecked(key, schedule);
-}
-
-void private_DES_set_key_unchecked(const_DES_cblock *key,
-                                   DES_key_schedule *schedule)
-#endif
 {
     static const int shifts2[16] =
         { 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0 };
@@ -389,8 +322,8 @@ void private_DES_set_key_unchecked(const_DES_cblock *key,
     c2l(in, d);
 
     /*
-     * do PC1 in 47 simple operations :-) Thanks to John Fletcher
-     * (john_fletcher@lccmail.ocf.llnl.gov) for the inspiration. :-)
+     * do PC1 in 47 simple operations. Thanks to John Fletcher
+     * for the inspiration.
      */
     PERM_OP(d, c, t, 4, 0x0f0f0f0fL);
     HPERM_OP(c, t, -2, 0xcccc0000L);
@@ -437,13 +370,5 @@ void private_DES_set_key_unchecked(const_DES_cblock *key,
 
 int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule)
 {
-    return (DES_set_key(key, schedule));
+    return DES_set_key(key, schedule);
 }
-
-/*-
-#undef des_fixup_key_parity
-void des_fixup_key_parity(des_cblock *key)
-        {
-        des_set_odd_parity(key);
-        }
-*/
diff --git a/freebsd/crypto/openssl/crypto/des/speed.c b/freebsd/crypto/openssl/crypto/des/speed.c
deleted file mode 100644
index c3f574d3..00000000
--- a/freebsd/crypto/openssl/crypto/des/speed.c
+++ /dev/null
@@ -1,301 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/des/speed.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
-/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
-
-#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
-# define TIMES
-#endif
-
-#include <stdio.h>
-
-#include <openssl/e_os2.h>
-#include OPENSSL_UNISTD_IO
-OPENSSL_DECLARE_EXIT
-#ifndef OPENSSL_SYS_NETWARE
-# include <signal.h>
-# define crypt(c,s) (des_crypt((c),(s)))
-#endif
-#ifndef _IRIX
-# include <time.h>
-#endif
-#ifdef TIMES
-# include <sys/types.h>
-# include <sys/times.h>
-#endif
-    /*
-     * Depending on the VMS version, the tms structure is perhaps defined.
-     * The __TMS macro will show if it was.  If it wasn't defined, we should
-     * undefine TIMES, since that tells the rest of the program how things
-     * should be handled.  -- Richard Levitte
-     */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
-# undef TIMES
-#endif
-#ifndef TIMES
-# include <sys/timeb.h>
-#endif
-#if defined(sun) || defined(__ultrix)
-# define _POSIX_SOURCE
-# include <limits.h>
-# include <sys/param.h>
-#endif
-#include <openssl/des.h>
-/* The following if from times(3) man page.  It may need to be changed */
-#ifndef HZ
-# ifndef CLK_TCK
-#  ifndef _BSD_CLK_TCK_         /* FreeBSD fix */
-#   define HZ   100.0
-#  else                         /* _BSD_CLK_TCK_ */
-#   define HZ ((double)_BSD_CLK_TCK_)
-#  endif
-# else                          /* CLK_TCK */
-#  define HZ ((double)CLK_TCK)
-# endif
-#endif
-#define BUFSIZE ((long)1024)
-long run = 0;
-
-double Time_F(int s);
-#ifdef SIGALRM
-# if defined(__STDC__) || defined(sgi) || defined(_AIX)
-#  define SIGRETTYPE void
-# else
-#  define SIGRETTYPE int
-# endif
-
-SIGRETTYPE sig_done(int sig);
-SIGRETTYPE sig_done(int sig)
-{
-    signal(SIGALRM, sig_done);
-    run = 0;
-# ifdef LINT
-    sig = sig;
-# endif
-}
-#endif
-
-#define START   0
-#define STOP    1
-
-double Time_F(int s)
-{
-    double ret;
-#ifdef TIMES
-    static struct tms tstart, tend;
-
-    if (s == START) {
-        times(&tstart);
-        return (0);
-    } else {
-        times(&tend);
-        ret = ((double)(tend.tms_utime - tstart.tms_utime)) / HZ;
-        return ((ret == 0.0) ? 1e-6 : ret);
-    }
-#else                           /* !times() */
-    static struct timeb tstart, tend;
-    long i;
-
-    if (s == START) {
-        ftime(&tstart);
-        return (0);
-    } else {
-        ftime(&tend);
-        i = (long)tend.millitm - (long)tstart.millitm;
-        ret = ((double)(tend.time - tstart.time)) + ((double)i) / 1e3;
-        return ((ret == 0.0) ? 1e-6 : ret);
-    }
-#endif
-}
-
-int main(int argc, char **argv)
-{
-    long count;
-    static unsigned char buf[BUFSIZE];
-    static DES_cblock key =
-        { 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0 };
-    static DES_cblock key2 =
-        { 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12 };
-    static DES_cblock key3 =
-        { 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34 };
-    DES_key_schedule sch, sch2, sch3;
-    double a, b, c, d, e;
-#ifndef SIGALRM
-    long ca, cb, cc, cd, ce;
-#endif
-
-#ifndef TIMES
-    printf("To get the most accurate results, try to run this\n");
-    printf("program when this computer is idle.\n");
-#endif
-
-    DES_set_key_unchecked(&key2, &sch2);
-    DES_set_key_unchecked(&key3, &sch3);
-
-#ifndef SIGALRM
-    printf("First we calculate the approximate speed ...\n");
-    DES_set_key_unchecked(&key, &sch);
-    count = 10;
-    do {
-        long i;
-        DES_LONG data[2];
-
-        count *= 2;
-        Time_F(START);
-        for (i = count; i; i--)
-            DES_encrypt1(data, &sch, DES_ENCRYPT);
-        d = Time_F(STOP);
-    } while (d < 3.0);
-    ca = count;
-    cb = count * 3;
-    cc = count * 3 * 8 / BUFSIZE + 1;
-    cd = count * 8 / BUFSIZE + 1;
-    ce = count / 20 + 1;
-    printf("Doing set_key %ld times\n", ca);
-# define COND(d) (count != (d))
-# define COUNT(d) (d)
-#else
-# define COND(c) (run)
-# define COUNT(d) (count)
-    signal(SIGALRM, sig_done);
-    printf("Doing set_key for 10 seconds\n");
-    alarm(10);
-#endif
-
-    Time_F(START);
-    for (count = 0, run = 1; COND(ca); count++)
-        DES_set_key_unchecked(&key, &sch);
-    d = Time_F(STOP);
-    printf("%ld set_key's in %.2f seconds\n", count, d);
-    a = ((double)COUNT(ca)) / d;
-
-#ifdef SIGALRM
-    printf("Doing DES_encrypt's for 10 seconds\n");
-    alarm(10);
-#else
-    printf("Doing DES_encrypt %ld times\n", cb);
-#endif
-    Time_F(START);
-    for (count = 0, run = 1; COND(cb); count++) {
-        DES_LONG data[2];
-
-        DES_encrypt1(data, &sch, DES_ENCRYPT);
-    }
-    d = Time_F(STOP);
-    printf("%ld DES_encrypt's in %.2f second\n", count, d);
-    b = ((double)COUNT(cb) * 8) / d;
-
-#ifdef SIGALRM
-    printf("Doing DES_cbc_encrypt on %ld byte blocks for 10 seconds\n",
-           BUFSIZE);
-    alarm(10);
-#else
-    printf("Doing DES_cbc_encrypt %ld times on %ld byte blocks\n", cc,
-           BUFSIZE);
-#endif
-    Time_F(START);
-    for (count = 0, run = 1; COND(cc); count++)
-        DES_ncbc_encrypt(buf, buf, BUFSIZE, &sch, &key, DES_ENCRYPT);
-    d = Time_F(STOP);
-    printf("%ld DES_cbc_encrypt's of %ld byte blocks in %.2f second\n",
-           count, BUFSIZE, d);
-    c = ((double)COUNT(cc) * BUFSIZE) / d;
-
-#ifdef SIGALRM
-    printf("Doing DES_ede_cbc_encrypt on %ld byte blocks for 10 seconds\n",
-           BUFSIZE);
-    alarm(10);
-#else
-    printf("Doing DES_ede_cbc_encrypt %ld times on %ld byte blocks\n", cd,
-           BUFSIZE);
-#endif
-    Time_F(START);
-    for (count = 0, run = 1; COND(cd); count++)
-        DES_ede3_cbc_encrypt(buf, buf, BUFSIZE,
-                             &sch, &sch2, &sch3, &key, DES_ENCRYPT);
-    d = Time_F(STOP);
-    printf("%ld DES_ede_cbc_encrypt's of %ld byte blocks in %.2f second\n",
-           count, BUFSIZE, d);
-    d = ((double)COUNT(cd) * BUFSIZE) / d;
-
-#ifdef SIGALRM
-    printf("Doing crypt for 10 seconds\n");
-    alarm(10);
-#else
-    printf("Doing crypt %ld times\n", ce);
-#endif
-    Time_F(START);
-    for (count = 0, run = 1; COND(ce); count++)
-        crypt("testing1", "ef");
-    e = Time_F(STOP);
-    printf("%ld crypts in %.2f second\n", count, e);
-    e = ((double)COUNT(ce)) / e;
-
-    printf("set_key            per sec = %12.2f (%9.3fuS)\n", a, 1.0e6 / a);
-    printf("DES raw ecb bytes  per sec = %12.2f (%9.3fuS)\n", b, 8.0e6 / b);
-    printf("DES cbc bytes      per sec = %12.2f (%9.3fuS)\n", c, 8.0e6 / c);
-    printf("DES ede cbc bytes  per sec = %12.2f (%9.3fuS)\n", d, 8.0e6 / d);
-    printf("crypt              per sec = %12.2f (%9.3fuS)\n", e, 1.0e6 / e);
-    exit(0);
-#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
-    return (0);
-#endif
-}
diff --git a/freebsd/crypto/openssl/crypto/des/spr.h b/freebsd/crypto/openssl/crypto/des/spr.h
index e85d3100..2404e092 100644
--- a/freebsd/crypto/openssl/crypto/des/spr.h
+++ b/freebsd/crypto/openssl/crypto/des/spr.h
@@ -1,62 +1,13 @@
-/* crypto/des/spr.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-OPENSSL_GLOBAL const DES_LONG DES_SPtrans[8][64] = {
+const DES_LONG DES_SPtrans[8][64] = {
     {
         /* nibble 0 */
         0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L,
diff --git a/freebsd/crypto/openssl/crypto/des/str2key.c b/freebsd/crypto/openssl/crypto/des/str2key.c
index 0b3c130f..92045eac 100644
--- a/freebsd/crypto/openssl/crypto/des/str2key.c
+++ b/freebsd/crypto/openssl/crypto/des/str2key.c
@@ -1,61 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/des/str2key.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/crypto.h>
@@ -65,16 +16,12 @@ void DES_string_to_key(const char *str, DES_cblock *key)
 {
     DES_key_schedule ks;
     int i, length;
-    register unsigned char j;
 
     memset(key, 0, 8);
     length = strlen(str);
-#ifdef OLD_STR_TO_KEY
-    for (i = 0; i < length; i++)
-        (*key)[i % 8] ^= (str[i] << 1);
-#else                           /* MIT COMPATIBLE */
     for (i = 0; i < length; i++) {
-        j = str[i];
+        register unsigned char j = str[i];
+
         if ((i % 16) < 8)
             (*key)[i % 8] ^= (j << 1);
         else {
@@ -85,15 +32,8 @@ void DES_string_to_key(const char *str, DES_cblock *key)
             (*key)[7 - (i % 8)] ^= j;
         }
     }
-#endif
     DES_set_odd_parity(key);
-#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
-    if (DES_is_weak_key(key))
-        (*key)[7] ^= 0xF0;
-    DES_set_key(key, &ks);
-#else
     DES_set_key_unchecked(key, &ks);
-#endif
     DES_cbc_cksum((const unsigned char *)str, key, length, &ks, key);
     OPENSSL_cleanse(&ks, sizeof(ks));
     DES_set_odd_parity(key);
@@ -103,27 +43,13 @@ void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2)
 {
     DES_key_schedule ks;
     int i, length;
-    register unsigned char j;
 
     memset(key1, 0, 8);
     memset(key2, 0, 8);
     length = strlen(str);
-#ifdef OLD_STR_TO_KEY
-    if (length <= 8) {
-        for (i = 0; i < length; i++) {
-            (*key2)[i] = (*key1)[i] = (str[i] << 1);
-        }
-    } else {
-        for (i = 0; i < length; i++) {
-            if ((i / 8) & 1)
-                (*key2)[i % 8] ^= (str[i] << 1);
-            else
-                (*key1)[i % 8] ^= (str[i] << 1);
-        }
-    }
-#else                           /* MIT COMPATIBLE */
     for (i = 0; i < length; i++) {
-        j = str[i];
+        register unsigned char j = str[i];
+
         if ((i % 32) < 16) {
             if ((i % 16) < 8)
                 (*key1)[i % 8] ^= (j << 1);
@@ -141,24 +67,11 @@ void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2)
     }
     if (length <= 8)
         memcpy(key2, key1, 8);
-#endif
     DES_set_odd_parity(key1);
     DES_set_odd_parity(key2);
-#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
-    if (DES_is_weak_key(key1))
-        (*key1)[7] ^= 0xF0;
-    DES_set_key(key1, &ks);
-#else
     DES_set_key_unchecked(key1, &ks);
-#endif
     DES_cbc_cksum((const unsigned char *)str, key1, length, &ks, key1);
-#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
-    if (DES_is_weak_key(key2))
-        (*key2)[7] ^= 0xF0;
-    DES_set_key(key2, &ks);
-#else
     DES_set_key_unchecked(key2, &ks);
-#endif
     DES_cbc_cksum((const unsigned char *)str, key2, length, &ks, key2);
     OPENSSL_cleanse(&ks, sizeof(ks));
     DES_set_odd_parity(key1);
diff --git a/freebsd/crypto/openssl/crypto/des/xcbc_enc.c b/freebsd/crypto/openssl/crypto/des/xcbc_enc.c
index 57340d57..e7eff8b1 100644
--- a/freebsd/crypto/openssl/crypto/des/xcbc_enc.c
+++ b/freebsd/crypto/openssl/crypto/des/xcbc_enc.c
@@ -1,131 +1,18 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/des/xcbc_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include "des_locl.h"
 
 /* RSA's DESX */
 
-#if 0                           /* broken code, preserved just in case anyone
-                                 * specifically looks for this */
-static const unsigned char desx_white_in2out[256] = {
-    0xBD, 0x56, 0xEA, 0xF2, 0xA2, 0xF1, 0xAC, 0x2A, 0xB0, 0x93, 0xD1, 0x9C,
-    0x1B, 0x33, 0xFD, 0xD0,
-    0x30, 0x04, 0xB6, 0xDC, 0x7D, 0xDF, 0x32, 0x4B, 0xF7, 0xCB, 0x45, 0x9B,
-    0x31, 0xBB, 0x21, 0x5A,
-    0x41, 0x9F, 0xE1, 0xD9, 0x4A, 0x4D, 0x9E, 0xDA, 0xA0, 0x68, 0x2C, 0xC3,
-    0x27, 0x5F, 0x80, 0x36,
-    0x3E, 0xEE, 0xFB, 0x95, 0x1A, 0xFE, 0xCE, 0xA8, 0x34, 0xA9, 0x13, 0xF0,
-    0xA6, 0x3F, 0xD8, 0x0C,
-    0x78, 0x24, 0xAF, 0x23, 0x52, 0xC1, 0x67, 0x17, 0xF5, 0x66, 0x90, 0xE7,
-    0xE8, 0x07, 0xB8, 0x60,
-    0x48, 0xE6, 0x1E, 0x53, 0xF3, 0x92, 0xA4, 0x72, 0x8C, 0x08, 0x15, 0x6E,
-    0x86, 0x00, 0x84, 0xFA,
-    0xF4, 0x7F, 0x8A, 0x42, 0x19, 0xF6, 0xDB, 0xCD, 0x14, 0x8D, 0x50, 0x12,
-    0xBA, 0x3C, 0x06, 0x4E,
-    0xEC, 0xB3, 0x35, 0x11, 0xA1, 0x88, 0x8E, 0x2B, 0x94, 0x99, 0xB7, 0x71,
-    0x74, 0xD3, 0xE4, 0xBF,
-    0x3A, 0xDE, 0x96, 0x0E, 0xBC, 0x0A, 0xED, 0x77, 0xFC, 0x37, 0x6B, 0x03,
-    0x79, 0x89, 0x62, 0xC6,
-    0xD7, 0xC0, 0xD2, 0x7C, 0x6A, 0x8B, 0x22, 0xA3, 0x5B, 0x05, 0x5D, 0x02,
-    0x75, 0xD5, 0x61, 0xE3,
-    0x18, 0x8F, 0x55, 0x51, 0xAD, 0x1F, 0x0B, 0x5E, 0x85, 0xE5, 0xC2, 0x57,
-    0x63, 0xCA, 0x3D, 0x6C,
-    0xB4, 0xC5, 0xCC, 0x70, 0xB2, 0x91, 0x59, 0x0D, 0x47, 0x20, 0xC8, 0x4F,
-    0x58, 0xE0, 0x01, 0xE2,
-    0x16, 0x38, 0xC4, 0x6F, 0x3B, 0x0F, 0x65, 0x46, 0xBE, 0x7E, 0x2D, 0x7B,
-    0x82, 0xF9, 0x40, 0xB5,
-    0x1D, 0x73, 0xF8, 0xEB, 0x26, 0xC7, 0x87, 0x97, 0x25, 0x54, 0xB1, 0x28,
-    0xAA, 0x98, 0x9D, 0xA5,
-    0x64, 0x6D, 0x7A, 0xD4, 0x10, 0x81, 0x44, 0xEF, 0x49, 0xD6, 0xAE, 0x2E,
-    0xDD, 0x76, 0x5C, 0x2F,
-    0xA7, 0x1C, 0xC9, 0x09, 0x69, 0x9A, 0x83, 0xCF, 0x29, 0x39, 0xB9, 0xE9,
-    0x4C, 0xFF, 0x43, 0xAB,
-};
-
-void DES_xwhite_in2out(const_DES_cblock *des_key, const_DES_cblock *in_white,
-                       DES_cblock *out_white)
-{
-    int out0, out1;
-    int i;
-    const unsigned char *key = &(*des_key)[0];
-    const unsigned char *in = &(*in_white)[0];
-    unsigned char *out = &(*out_white)[0];
-
-    out[0] = out[1] = out[2] = out[3] = out[4] = out[5] = out[6] = out[7] = 0;
-    out0 = out1 = 0;
-    for (i = 0; i < 8; i++) {
-        out[i] = key[i] ^ desx_white_in2out[out0 ^ out1];
-        out0 = out1;
-        out1 = (int)out[i & 0x07];
-    }
-
-    out0 = out[0];
-    out1 = out[i];              /* BUG: out-of-bounds read */
-    for (i = 0; i < 8; i++) {
-        out[i] = in[i] ^ desx_white_in2out[out0 ^ out1];
-        out0 = out1;
-        out1 = (int)out[i & 0x07];
-    }
-}
-#endif
-
 void DES_xcbc_encrypt(const unsigned char *in, unsigned char *out,
                       long length, DES_key_schedule *schedule,
                       DES_cblock *ivec, const_DES_cblock *inw,
diff --git a/freebsd/crypto/openssl/crypto/dh/dh_ameth.c b/freebsd/crypto/openssl/crypto/dh/dh_ameth.c
index 50c8a50c..89d0c82e 100644
--- a/freebsd/crypto/openssl/crypto/dh/dh_ameth.c
+++ b/freebsd/crypto/openssl/crypto/dh/dh_ameth.c
@@ -1,75 +1,23 @@
 #include <machine/rtems-bsd-user-space.h>
 
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2006.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/x509.h>
 #include <openssl/asn1.h>
-#include <openssl/dh.h>
+#include "dh_locl.h"
 #include <openssl/bn.h>
-#include "asn1_locl.h"
-#ifndef OPENSSL_NO_CMS
-# include <openssl/cms.h>
-#endif
-
-extern const EVP_PKEY_ASN1_METHOD dhx_asn1_meth;
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
+#include <openssl/cms.h>
 
 /*
  * i2d/d2i like DH parameter functions which use the appropriate routine for
@@ -101,8 +49,8 @@ static int dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
     const unsigned char *p, *pm;
     int pklen, pmlen;
     int ptype;
-    void *pval;
-    ASN1_STRING *pstr;
+    const void *pval;
+    const ASN1_STRING *pstr;
     X509_ALGOR *palg;
     ASN1_INTEGER *public_key = NULL;
 
@@ -121,18 +69,18 @@ static int dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
     pm = pstr->data;
     pmlen = pstr->length;
 
-    if (!(dh = d2i_dhp(pkey, &pm, pmlen))) {
+    if ((dh = d2i_dhp(pkey, &pm, pmlen)) == NULL) {
         DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR);
         goto err;
     }
 
-    if (!(public_key = d2i_ASN1_INTEGER(NULL, &p, pklen))) {
+    if ((public_key = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL) {
         DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR);
         goto err;
     }
 
     /* We have parameters now set public key */
-    if (!(dh->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) {
+    if ((dh->pub_key = ASN1_INTEGER_to_BN(public_key, NULL)) == NULL) {
         DHerr(DH_F_DH_PUB_DECODE, DH_R_BN_DECODE_ERROR);
         goto err;
     }
@@ -142,10 +90,8 @@ static int dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
     return 1;
 
  err:
-    if (public_key)
-        ASN1_INTEGER_free(public_key);
-    if (dh)
-        DH_free(dh);
+    ASN1_INTEGER_free(public_key);
+    DH_free(dh);
     return 0;
 
 }
@@ -162,7 +108,7 @@ static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
     dh = pkey->pkey.dh;
 
     str = ASN1_STRING_new();
-    if (!str) {
+    if (str == NULL) {
         DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
         goto err;
     }
@@ -191,28 +137,26 @@ static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
         return 1;
 
  err:
-    if (penc)
-        OPENSSL_free(penc);
-    if (str)
-        ASN1_STRING_free(str);
+    OPENSSL_free(penc);
+    ASN1_STRING_free(str);
 
     return 0;
 }
 
 /*
  * PKCS#8 DH is defined in PKCS#11 of all places. It is similar to DH in that
- * the AlgorithmIdentifier contains the paramaters, the private key is
- * explcitly included and the pubkey must be recalculated.
+ * the AlgorithmIdentifier contains the parameters, the private key is
+ * explicitly included and the pubkey must be recalculated.
  */
 
-static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
+static int dh_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
 {
     const unsigned char *p, *pm;
     int pklen, pmlen;
     int ptype;
-    void *pval;
-    ASN1_STRING *pstr;
-    X509_ALGOR *palg;
+    const void *pval;
+    const ASN1_STRING *pstr;
+    const X509_ALGOR *palg;
     ASN1_INTEGER *privkey = NULL;
 
     DH *dh = NULL;
@@ -224,17 +168,18 @@ static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
 
     if (ptype != V_ASN1_SEQUENCE)
         goto decerr;
-
-    if (!(privkey = d2i_ASN1_INTEGER(NULL, &p, pklen)))
+    if ((privkey = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL)
         goto decerr;
 
     pstr = pval;
     pm = pstr->data;
     pmlen = pstr->length;
-    if (!(dh = d2i_dhp(pkey, &pm, pmlen)))
+    if ((dh = d2i_dhp(pkey, &pm, pmlen)) == NULL)
         goto decerr;
+
     /* We have parameters now set private key */
-    if (!(dh->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) {
+    if ((dh->priv_key = BN_secure_new()) == NULL
+        || !ASN1_INTEGER_to_BN(privkey, dh->priv_key)) {
         DHerr(DH_F_DH_PRIV_DECODE, DH_R_BN_ERROR);
         goto dherr;
     }
@@ -265,7 +210,7 @@ static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
 
     params = ASN1_STRING_new();
 
-    if (!params) {
+    if (params == NULL) {
         DHerr(DH_F_DH_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
         goto err;
     }
@@ -297,29 +242,18 @@ static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
     return 1;
 
  err:
-    if (dp != NULL)
-        OPENSSL_free(dp);
-    if (params != NULL)
-        ASN1_STRING_free(params);
-    if (prkey != NULL)
-        ASN1_STRING_clear_free(prkey);
+    OPENSSL_free(dp);
+    ASN1_STRING_free(params);
+    ASN1_STRING_clear_free(prkey);
     return 0;
 }
 
-static void update_buflen(const BIGNUM *b, size_t *pbuflen)
-{
-    size_t i;
-    if (!b)
-        return;
-    if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
-        *pbuflen = i;
-}
-
 static int dh_param_decode(EVP_PKEY *pkey,
                            const unsigned char **pder, int derlen)
 {
     DH *dh;
-    if (!(dh = d2i_dhp(pkey, pder, derlen))) {
+
+    if ((dh = d2i_dhp(pkey, pder, derlen)) == NULL) {
         DHerr(DH_F_DH_PARAM_DECODE, ERR_R_DH_LIB);
         return 0;
     }
@@ -332,15 +266,10 @@ static int dh_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
     return i2d_dhp(pkey, pkey->pkey.dh, pder);
 }
 
-static int do_dh_print(BIO *bp, const DH *x, int indent,
-                       ASN1_PCTX *ctx, int ptype)
+static int do_dh_print(BIO *bp, const DH *x, int indent, int ptype)
 {
-    unsigned char *m = NULL;
-    int reason = ERR_R_BUF_LIB, ret = 0;
-    size_t buf_len = 0;
-
+    int reason = ERR_R_BUF_LIB;
     const char *ktype = NULL;
-
     BIGNUM *priv_key, *pub_key;
 
     if (ptype == 2)
@@ -353,20 +282,12 @@ static int do_dh_print(BIO *bp, const DH *x, int indent,
     else
         pub_key = NULL;
 
-    update_buflen(x->p, &buf_len);
-
-    if (buf_len == 0) {
+    if (x->p == NULL || (ptype == 2 && priv_key == NULL)
+            || (ptype > 0 && pub_key == NULL)) {
         reason = ERR_R_PASSED_NULL_PARAMETER;
         goto err;
     }
 
-    update_buflen(x->g, &buf_len);
-    update_buflen(x->q, &buf_len);
-    update_buflen(x->j, &buf_len);
-    update_buflen(x->counter, &buf_len);
-    update_buflen(pub_key, &buf_len);
-    update_buflen(priv_key, &buf_len);
-
     if (ptype == 2)
         ktype = "DH Private-Key";
     else if (ptype == 1)
@@ -374,29 +295,23 @@ static int do_dh_print(BIO *bp, const DH *x, int indent,
     else
         ktype = "DH Parameters";
 
-    m = OPENSSL_malloc(buf_len + 10);
-    if (m == NULL) {
-        reason = ERR_R_MALLOC_FAILURE;
-        goto err;
-    }
-
     BIO_indent(bp, indent, 128);
     if (BIO_printf(bp, "%s: (%d bit)\n", ktype, BN_num_bits(x->p)) <= 0)
         goto err;
     indent += 4;
 
-    if (!ASN1_bn_print(bp, "private-key:", priv_key, m, indent))
+    if (!ASN1_bn_print(bp, "private-key:", priv_key, NULL, indent))
         goto err;
-    if (!ASN1_bn_print(bp, "public-key:", pub_key, m, indent))
+    if (!ASN1_bn_print(bp, "public-key:", pub_key, NULL, indent))
         goto err;
 
-    if (!ASN1_bn_print(bp, "prime:", x->p, m, indent))
+    if (!ASN1_bn_print(bp, "prime:", x->p, NULL, indent))
         goto err;
-    if (!ASN1_bn_print(bp, "generator:", x->g, m, indent))
+    if (!ASN1_bn_print(bp, "generator:", x->g, NULL, indent))
         goto err;
-    if (x->q && !ASN1_bn_print(bp, "subgroup order:", x->q, m, indent))
+    if (x->q && !ASN1_bn_print(bp, "subgroup order:", x->q, NULL, indent))
         goto err;
-    if (x->j && !ASN1_bn_print(bp, "subgroup factor:", x->j, m, indent))
+    if (x->j && !ASN1_bn_print(bp, "subgroup factor:", x->j, NULL, indent))
         goto err;
     if (x->seed) {
         int i;
@@ -413,9 +328,9 @@ static int do_dh_print(BIO *bp, const DH *x, int indent,
                 goto err;
         }
         if (BIO_write(bp, "\n", 1) <= 0)
-            return (0);
+            return 0;
     }
-    if (x->counter && !ASN1_bn_print(bp, "counter:", x->counter, m, indent))
+    if (x->counter && !ASN1_bn_print(bp, "counter:", x->counter, NULL, indent))
         goto err;
     if (x->length != 0) {
         BIO_indent(bp, indent, 128);
@@ -424,19 +339,16 @@ static int do_dh_print(BIO *bp, const DH *x, int indent,
             goto err;
     }
 
-    ret = 1;
-    if (0) {
+    return 1;
+
  err:
-        DHerr(DH_F_DO_DH_PRINT, reason);
-    }
-    if (m != NULL)
-        OPENSSL_free(m);
-    return (ret);
+    DHerr(DH_F_DO_DH_PRINT, reason);
+    return 0;
 }
 
 static int int_dh_size(const EVP_PKEY *pkey)
 {
-    return (DH_size(pkey->pkey.dh));
+    return DH_size(pkey->pkey.dh);
 }
 
 static int dh_bits(const EVP_PKEY *pkey)
@@ -444,6 +356,11 @@ static int dh_bits(const EVP_PKEY *pkey)
     return BN_num_bits(pkey->pkey.dh->p);
 }
 
+static int dh_security_bits(const EVP_PKEY *pkey)
+{
+    return DH_security_bits(pkey->pkey.dh);
+}
+
 static int dh_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
 {
     if (BN_cmp(a->pkey.dh->p, b->pkey.dh->p) ||
@@ -459,14 +376,19 @@ static int dh_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
 static int int_dh_bn_cpy(BIGNUM **dst, const BIGNUM *src)
 {
     BIGNUM *a;
-    if (src) {
-        a = BN_dup(src);
-        if (!a)
-            return 0;
-    } else
+
+    /*
+     * If source is read only just copy the pointer, so
+     * we don't have to reallocate it.
+     */
+    if (src == NULL)
         a = NULL;
-    if (*dst)
-        BN_free(*dst);
+    else if (BN_get_flags(src, BN_FLG_STATIC_DATA)
+                && !BN_get_flags(src, BN_FLG_MALLOCED))
+        a = (BIGNUM *)src;
+    else if ((a = BN_dup(src)) == NULL)
+        return 0;
+    BN_clear_free(*dst);
     *dst = a;
     return 1;
 }
@@ -484,13 +406,11 @@ static int int_dh_param_copy(DH *to, const DH *from, int is_x942)
             return 0;
         if (!int_dh_bn_cpy(&to->j, from->j))
             return 0;
-        if (to->seed) {
-            OPENSSL_free(to->seed);
-            to->seed = NULL;
-            to->seedlen = 0;
-        }
+        OPENSSL_free(to->seed);
+        to->seed = NULL;
+        to->seedlen = 0;
         if (from->seed) {
-            to->seed = BUF_memdup(from->seed, from->seedlen);
+            to->seed = OPENSSL_memdup(from->seed, from->seedlen);
             if (!to->seed)
                 return 0;
             to->seedlen = from->seedlen;
@@ -504,7 +424,7 @@ DH *DHparams_dup(DH *dh)
 {
     DH *ret;
     ret = DH_new();
-    if (!ret)
+    if (ret == NULL)
         return NULL;
     if (!int_dh_param_copy(ret, dh, -1)) {
         DH_free(ret);
@@ -515,6 +435,11 @@ DH *DHparams_dup(DH *dh)
 
 static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
 {
+    if (to->pkey.dh == NULL) {
+        to->pkey.dh = DH_new();
+        if (to->pkey.dh == NULL)
+            return 0;
+    }
     return int_dh_param_copy(to->pkey.dh, from->pkey.dh,
                              from->ameth == &dhx_asn1_meth);
 }
@@ -539,24 +464,24 @@ static int dh_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
 static int dh_param_print(BIO *bp, const EVP_PKEY *pkey, int indent,
                           ASN1_PCTX *ctx)
 {
-    return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 0);
+    return do_dh_print(bp, pkey->pkey.dh, indent, 0);
 }
 
 static int dh_public_print(BIO *bp, const EVP_PKEY *pkey, int indent,
                            ASN1_PCTX *ctx)
 {
-    return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 1);
+    return do_dh_print(bp, pkey->pkey.dh, indent, 1);
 }
 
 static int dh_private_print(BIO *bp, const EVP_PKEY *pkey, int indent,
                             ASN1_PCTX *ctx)
 {
-    return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 2);
+    return do_dh_print(bp, pkey->pkey.dh, indent, 2);
 }
 
 int DHparams_print(BIO *bp, const DH *x)
 {
-    return do_dh_print(bp, x, 4, NULL, 0);
+    return do_dh_print(bp, x, 4, 0);
 }
 
 #ifndef OPENSSL_NO_CMS
@@ -586,6 +511,25 @@ static int dh_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
 
 }
 
+static int dh_pkey_public_check(const EVP_PKEY *pkey)
+{
+    DH *dh = pkey->pkey.dh;
+
+    if (dh->pub_key == NULL) {
+        DHerr(DH_F_DH_PKEY_PUBLIC_CHECK, DH_R_MISSING_PUBKEY);
+        return 0;
+    }
+
+    return DH_check_pub_key_ex(dh, dh->pub_key);
+}
+
+static int dh_pkey_param_check(const EVP_PKEY *pkey)
+{
+    DH *dh = pkey->pkey.dh;
+
+    return DH_check_ex(dh);
+}
+
 const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {
     EVP_PKEY_DH,
     EVP_PKEY_DH,
@@ -605,6 +549,7 @@ const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {
 
     int_dh_size,
     dh_bits,
+    dh_security_bits,
 
     dh_param_decode,
     dh_param_encode,
@@ -615,7 +560,13 @@ const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {
     0,
 
     int_dh_free,
-    0
+    0,
+
+    0, 0, 0, 0, 0,
+
+    0,
+    dh_pkey_public_check,
+    dh_pkey_param_check
 };
 
 const EVP_PKEY_ASN1_METHOD dhx_asn1_meth = {
@@ -637,6 +588,7 @@ const EVP_PKEY_ASN1_METHOD dhx_asn1_meth = {
 
     int_dh_size,
     dh_bits,
+    dh_security_bits,
 
     dh_param_decode,
     dh_param_encode,
@@ -647,7 +599,13 @@ const EVP_PKEY_ASN1_METHOD dhx_asn1_meth = {
     0,
 
     int_dh_free,
-    dh_pkey_ctrl
+    dh_pkey_ctrl,
+
+    0, 0, 0, 0, 0,
+
+    0,
+    dh_pkey_public_check,
+    dh_pkey_param_check
 };
 
 #ifndef OPENSSL_NO_CMS
@@ -655,9 +613,9 @@ const EVP_PKEY_ASN1_METHOD dhx_asn1_meth = {
 static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx,
                               X509_ALGOR *alg, ASN1_BIT_STRING *pubkey)
 {
-    ASN1_OBJECT *aoid;
+    const ASN1_OBJECT *aoid;
     int atype;
-    void *aval;
+    const void *aval;
     ASN1_INTEGER *public_key = NULL;
     int rv = 0;
     EVP_PKEY *pkpeer = NULL, *pk = NULL;
@@ -681,35 +639,32 @@ static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx,
     dhpeer = DHparams_dup(pk->pkey.dh);
     /* We have parameters now set public key */
     plen = ASN1_STRING_length(pubkey);
-    p = ASN1_STRING_data(pubkey);
+    p = ASN1_STRING_get0_data(pubkey);
     if (!p || !plen)
         goto err;
 
-    if (!(public_key = d2i_ASN1_INTEGER(NULL, &p, plen))) {
+    if ((public_key = d2i_ASN1_INTEGER(NULL, &p, plen)) == NULL) {
         DHerr(DH_F_DH_CMS_SET_PEERKEY, DH_R_DECODE_ERROR);
         goto err;
     }
 
     /* We have parameters now set public key */
-    if (!(dhpeer->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) {
+    if ((dhpeer->pub_key = ASN1_INTEGER_to_BN(public_key, NULL)) == NULL) {
         DHerr(DH_F_DH_CMS_SET_PEERKEY, DH_R_BN_DECODE_ERROR);
         goto err;
     }
 
     pkpeer = EVP_PKEY_new();
-    if (!pkpeer)
+    if (pkpeer == NULL)
         goto err;
     EVP_PKEY_assign(pkpeer, pk->ameth->pkey_id, dhpeer);
     dhpeer = NULL;
     if (EVP_PKEY_derive_set_peer(pctx, pkpeer) > 0)
         rv = 1;
  err:
-    if (public_key)
-        ASN1_INTEGER_free(public_key);
-    if (pkpeer)
-        EVP_PKEY_free(pkpeer);
-    if (dhpeer)
-        DH_free(dhpeer);
+    ASN1_INTEGER_free(public_key);
+    EVP_PKEY_free(pkpeer);
+    DH_free(dhpeer);
     return rv;
 }
 
@@ -774,7 +729,7 @@ static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
 
     if (ukm) {
         dukmlen = ASN1_STRING_length(ukm);
-        dukm = BUF_memdup(ASN1_STRING_data(ukm), dukmlen);
+        dukm = OPENSSL_memdup(ASN1_STRING_get0_data(ukm), dukmlen);
         if (!dukm)
             goto err;
     }
@@ -785,10 +740,8 @@ static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
 
     rv = 1;
  err:
-    if (kekalg)
-        X509_ALGOR_free(kekalg);
-    if (dukm)
-        OPENSSL_free(dukm);
+    X509_ALGOR_free(kekalg);
+    OPENSSL_free(dukm);
     return rv;
 }
 
@@ -827,7 +780,7 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri)
     EVP_CIPHER_CTX *ctx;
     int keylen;
     X509_ALGOR *talg, *wrap_alg = NULL;
-    ASN1_OBJECT *aoid;
+    const ASN1_OBJECT *aoid;
     ASN1_BIT_STRING *pubkey;
     ASN1_STRING *wrap_str;
     ASN1_OCTET_STRING *ukm;
@@ -848,8 +801,7 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri)
     X509_ALGOR_get0(&aoid, NULL, NULL, talg);
     /* Is everything uninitialised? */
     if (aoid == OBJ_nid2obj(NID_undef)) {
-        ASN1_INTEGER *pubk;
-        pubk = BN_to_ASN1_INTEGER(pkey->pkey.dh->pub_key, NULL);
+        ASN1_INTEGER *pubk = BN_to_ASN1_INTEGER(pkey->pkey.dh->pub_key, NULL);
         if (!pubk)
             goto err;
         /* Set the key */
@@ -867,7 +819,7 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri)
                         V_ASN1_UNDEF, NULL);
     }
 
-    /* See if custom paraneters set */
+    /* See if custom parameters set */
     kdf_type = EVP_PKEY_CTX_get_dh_kdf_type(pctx);
     if (kdf_type <= 0)
         goto err;
@@ -903,11 +855,11 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri)
     /* Package wrap algorithm in an AlgorithmIdentifier */
 
     wrap_alg = X509_ALGOR_new();
-    if (!wrap_alg)
+    if (wrap_alg == NULL)
         goto err;
     wrap_alg->algorithm = OBJ_nid2obj(wrap_nid);
     wrap_alg->parameter = ASN1_TYPE_new();
-    if (!wrap_alg->parameter)
+    if (wrap_alg->parameter == NULL)
         goto err;
     if (EVP_CIPHER_param_to_asn1(ctx, wrap_alg->parameter) <= 0)
         goto err;
@@ -921,7 +873,7 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri)
 
     if (ukm) {
         dukmlen = ASN1_STRING_length(ukm);
-        dukm = BUF_memdup(ASN1_STRING_data(ukm), dukmlen);
+        dukm = OPENSSL_memdup(ASN1_STRING_get0_data(ukm), dukmlen);
         if (!dukm)
             goto err;
     }
@@ -939,7 +891,7 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri)
     if (!penc || !penclen)
         goto err;
     wrap_str = ASN1_STRING_new();
-    if (!wrap_str)
+    if (wrap_str == NULL)
         goto err;
     ASN1_STRING_set0(wrap_str, penc, penclen);
     penc = NULL;
@@ -949,10 +901,8 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri)
     rv = 1;
 
  err:
-    if (penc)
-        OPENSSL_free(penc);
-    if (wrap_alg)
-        X509_ALGOR_free(wrap_alg);
+    OPENSSL_free(penc);
+    X509_ALGOR_free(wrap_alg);
     return rv;
 }
 
diff --git a/freebsd/crypto/openssl/crypto/dh/dh_asn1.c b/freebsd/crypto/openssl/crypto/dh/dh_asn1.c
index 8f7e692a..50a2e39b 100644
--- a/freebsd/crypto/openssl/crypto/dh/dh_asn1.c
+++ b/freebsd/crypto/openssl/crypto/dh/dh_asn1.c
@@ -1,68 +1,18 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* dh_asn1.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/bn.h>
-#include <openssl/dh.h>
+#include "dh_locl.h"
 #include <openssl/objects.h>
 #include <openssl/asn1t.h>
 
@@ -72,7 +22,7 @@ static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
 {
     if (operation == ASN1_OP_NEW_PRE) {
         *pval = (ASN1_VALUE *)DH_new();
-        if (*pval)
+        if (*pval != NULL)
             return 2;
         return 0;
     } else if (operation == ASN1_OP_FREE_PRE) {
@@ -86,7 +36,7 @@ static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
 ASN1_SEQUENCE_cb(DHparams, dh_cb) = {
         ASN1_SIMPLE(DH, p, BIGNUM),
         ASN1_SIMPLE(DH, g, BIGNUM),
-        ASN1_OPT(DH, length, ZLONG),
+        ASN1_OPT_EMBED(DH, length, ZINT32),
 } ASN1_SEQUENCE_END_cb(DH, DHparams)
 
 IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DH, DHparams, DHparams)
@@ -112,7 +62,7 @@ typedef struct {
 ASN1_SEQUENCE(DHvparams) = {
         ASN1_SIMPLE(int_dhvparams, seed, ASN1_BIT_STRING),
         ASN1_SIMPLE(int_dhvparams, counter, BIGNUM)
-} ASN1_SEQUENCE_END_name(int_dhvparams, DHvparams)
+} static_ASN1_SEQUENCE_END_name(int_dhvparams, DHvparams)
 
 ASN1_SEQUENCE(DHxparams) = {
         ASN1_SIMPLE(int_dhx942_dh, p, BIGNUM),
@@ -120,7 +70,7 @@ ASN1_SEQUENCE(DHxparams) = {
         ASN1_SIMPLE(int_dhx942_dh, q, BIGNUM),
         ASN1_OPT(int_dhx942_dh, j, BIGNUM),
         ASN1_OPT(int_dhx942_dh, vparams, DHvparams),
-} ASN1_SEQUENCE_END_name(int_dhx942_dh, DHxparams)
+} static_ASN1_SEQUENCE_END_name(int_dhx942_dh, DHxparams)
 
 int_dhx942_dh *d2i_int_dhx(int_dhx942_dh **a,
                            const unsigned char **pp, long length);
@@ -128,24 +78,23 @@ int i2d_int_dhx(const int_dhx942_dh *a, unsigned char **pp);
 
 IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(int_dhx942_dh, DHxparams, int_dhx)
 
-/* Application leve function: read in X9.42 DH parameters into DH structure */
+/* Application public function: read in X9.42 DH parameters into DH structure */
 
 DH *d2i_DHxparams(DH **a, const unsigned char **pp, long length)
 {
     int_dhx942_dh *dhx = NULL;
     DH *dh = NULL;
     dh = DH_new();
-    if (!dh)
+    if (dh == NULL)
         return NULL;
     dhx = d2i_int_dhx(NULL, pp, length);
-    if (!dhx) {
+    if (dhx == NULL) {
         DH_free(dh);
         return NULL;
     }
 
     if (a) {
-        if (*a)
-            DH_free(*a);
+        DH_free(*a);
         *a = dh;
     }
 
diff --git a/freebsd/crypto/openssl/crypto/dh/dh_check.c b/freebsd/crypto/openssl/crypto/dh/dh_check.c
index cfb4faa6..ff5d8f81 100644
--- a/freebsd/crypto/openssl/crypto/dh/dh_check.c
+++ b/freebsd/crypto/openssl/crypto/dh/dh_check.c
@@ -1,67 +1,71 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/dh/dh_check.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/bn.h>
-#include <openssl/dh.h>
+#include "dh_locl.h"
+
+/*-
+ * Check that p and g are suitable enough
+ *
+ * p is odd
+ * 1 < g < p - 1
+ */
+int DH_check_params_ex(const DH *dh)
+{
+    int errflags = 0;
+
+    (void)DH_check_params(dh, &errflags);
+
+    if ((errflags & DH_CHECK_P_NOT_PRIME) != 0)
+        DHerr(DH_F_DH_CHECK_PARAMS_EX, DH_R_CHECK_P_NOT_PRIME);
+    if ((errflags & DH_NOT_SUITABLE_GENERATOR) != 0)
+        DHerr(DH_F_DH_CHECK_PARAMS_EX, DH_R_NOT_SUITABLE_GENERATOR);
+
+    return errflags == 0;
+}
+
+int DH_check_params(const DH *dh, int *ret)
+{
+    int ok = 0;
+    BIGNUM *tmp = NULL;
+    BN_CTX *ctx = NULL;
+
+    *ret = 0;
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+    tmp = BN_CTX_get(ctx);
+    if (tmp == NULL)
+        goto err;
+
+    if (!BN_is_odd(dh->p))
+        *ret |= DH_CHECK_P_NOT_PRIME;
+    if (BN_is_negative(dh->g) || BN_is_zero(dh->g) || BN_is_one(dh->g))
+        *ret |= DH_NOT_SUITABLE_GENERATOR;
+    if (BN_copy(tmp, dh->p) == NULL || !BN_sub_word(tmp, 1))
+        goto err;
+    if (BN_cmp(dh->g, tmp) >= 0)
+        *ret |= DH_NOT_SUITABLE_GENERATOR;
+
+    ok = 1;
+ err:
+    if (ctx != NULL) {
+        BN_CTX_end(ctx);
+        BN_CTX_free(ctx);
+    }
+    return ok;
+}
 
 /*-
  * Check that p is a safe prime and
@@ -72,10 +76,33 @@
  * for 5, p mod 10 == 3 or 7
  * should hold.
  */
+int DH_check_ex(const DH *dh)
+{
+    int errflags = 0;
+
+    (void)DH_check(dh, &errflags);
+
+    if ((errflags & DH_NOT_SUITABLE_GENERATOR) != 0)
+        DHerr(DH_F_DH_CHECK_EX, DH_R_NOT_SUITABLE_GENERATOR);
+    if ((errflags & DH_CHECK_Q_NOT_PRIME) != 0)
+        DHerr(DH_F_DH_CHECK_EX, DH_R_CHECK_Q_NOT_PRIME);
+    if ((errflags & DH_CHECK_INVALID_Q_VALUE) != 0)
+        DHerr(DH_F_DH_CHECK_EX, DH_R_CHECK_INVALID_Q_VALUE);
+    if ((errflags & DH_CHECK_INVALID_J_VALUE) != 0)
+        DHerr(DH_F_DH_CHECK_EX, DH_R_CHECK_INVALID_J_VALUE);
+    if ((errflags & DH_UNABLE_TO_CHECK_GENERATOR) != 0)
+        DHerr(DH_F_DH_CHECK_EX, DH_R_UNABLE_TO_CHECK_GENERATOR);
+    if ((errflags & DH_CHECK_P_NOT_PRIME) != 0)
+        DHerr(DH_F_DH_CHECK_EX, DH_R_CHECK_P_NOT_PRIME);
+    if ((errflags & DH_CHECK_P_NOT_SAFE_PRIME) != 0)
+        DHerr(DH_F_DH_CHECK_EX, DH_R_CHECK_P_NOT_SAFE_PRIME);
+
+    return errflags == 0;
+}
 
 int DH_check(const DH *dh, int *ret)
 {
-    int ok = 0;
+    int ok = 0, r;
     BN_CTX *ctx = NULL;
     BN_ULONG l;
     BIGNUM *t1 = NULL, *t2 = NULL;
@@ -86,8 +113,6 @@ int DH_check(const DH *dh, int *ret)
         goto err;
     BN_CTX_start(ctx);
     t1 = BN_CTX_get(ctx);
-    if (t1 == NULL)
-        goto err;
     t2 = BN_CTX_get(ctx);
     if (t2 == NULL)
         goto err;
@@ -104,7 +129,10 @@ int DH_check(const DH *dh, int *ret)
             if (!BN_is_one(t1))
                 *ret |= DH_NOT_SUITABLE_GENERATOR;
         }
-        if (!BN_is_prime_ex(dh->q, BN_prime_checks, ctx, NULL))
+        r = BN_is_prime_ex(dh->q, BN_prime_checks, ctx, NULL);
+        if (r < 0)
+            goto err;
+        if (!r)
             *ret |= DH_CHECK_Q_NOT_PRIME;
         /* Check p == 1 mod q  i.e. q divides p - 1 */
         if (!BN_div(t1, t2, dh->p, dh->q, ctx))
@@ -116,29 +144,31 @@ int DH_check(const DH *dh, int *ret)
 
     } else if (BN_is_word(dh->g, DH_GENERATOR_2)) {
         l = BN_mod_word(dh->p, 24);
+        if (l == (BN_ULONG)-1)
+            goto err;
         if (l != 11)
             *ret |= DH_NOT_SUITABLE_GENERATOR;
-    }
-#if 0
-    else if (BN_is_word(dh->g, DH_GENERATOR_3)) {
-        l = BN_mod_word(dh->p, 12);
-        if (l != 5)
-            *ret |= DH_NOT_SUITABLE_GENERATOR;
-    }
-#endif
-    else if (BN_is_word(dh->g, DH_GENERATOR_5)) {
+    } else if (BN_is_word(dh->g, DH_GENERATOR_5)) {
         l = BN_mod_word(dh->p, 10);
+        if (l == (BN_ULONG)-1)
+            goto err;
         if ((l != 3) && (l != 7))
             *ret |= DH_NOT_SUITABLE_GENERATOR;
     } else
         *ret |= DH_UNABLE_TO_CHECK_GENERATOR;
 
-    if (!BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL))
+    r = BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL);
+    if (r < 0)
+        goto err;
+    if (!r)
         *ret |= DH_CHECK_P_NOT_PRIME;
     else if (!dh->q) {
         if (!BN_rshift1(t1, dh->p))
             goto err;
-        if (!BN_is_prime_ex(t1, BN_prime_checks, ctx, NULL))
+        r = BN_is_prime_ex(t1, BN_prime_checks, ctx, NULL);
+        if (r < 0)
+            goto err;
+        if (!r)
             *ret |= DH_CHECK_P_NOT_SAFE_PRIME;
     }
     ok = 1;
@@ -147,7 +177,23 @@ int DH_check(const DH *dh, int *ret)
         BN_CTX_end(ctx);
         BN_CTX_free(ctx);
     }
-    return (ok);
+    return ok;
+}
+
+int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key)
+{
+    int errflags = 0;
+
+    (void)DH_check(dh, &errflags);
+
+    if ((errflags & DH_CHECK_PUBKEY_TOO_SMALL) != 0)
+        DHerr(DH_F_DH_CHECK_PUB_KEY_EX, DH_R_CHECK_PUBKEY_TOO_SMALL);
+    if ((errflags & DH_CHECK_PUBKEY_TOO_LARGE) != 0)
+        DHerr(DH_F_DH_CHECK_PUB_KEY_EX, DH_R_CHECK_PUBKEY_TOO_LARGE);
+    if ((errflags & DH_CHECK_PUBKEY_INVALID) != 0)
+        DHerr(DH_F_DH_CHECK_PUB_KEY_EX, DH_R_CHECK_PUBKEY_INVALID);
+
+    return errflags == 0;
 }
 
 int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
@@ -185,5 +231,5 @@ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
         BN_CTX_end(ctx);
         BN_CTX_free(ctx);
     }
-    return (ok);
+    return ok;
 }
diff --git a/freebsd/crypto/openssl/crypto/dh/dh_depr.c b/freebsd/crypto/openssl/crypto/dh/dh_depr.c
index cf1be8e7..ca90c457 100644
--- a/freebsd/crypto/openssl/crypto/dh/dh_depr.c
+++ b/freebsd/crypto/openssl/crypto/dh/dh_depr.c
@@ -1,83 +1,47 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/dh/dh_depr.c */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 /* This file contains deprecated functions as wrappers to the new ones */
 
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/dh.h>
+#include <openssl/opensslconf.h>
+#if OPENSSL_API_COMPAT >= 0x00908000L
+NON_EMPTY_TRANSLATION_UNIT
+#else
 
-static void *dummy = &dummy;
+# include <stdio.h>
+# include "internal/cryptlib.h"
+# include <openssl/bn.h>
+# include <openssl/dh.h>
 
-#ifndef OPENSSL_NO_DEPRECATED
 DH *DH_generate_parameters(int prime_len, int generator,
                            void (*callback) (int, int, void *), void *cb_arg)
 {
-    BN_GENCB cb;
+    BN_GENCB *cb;
     DH *ret = NULL;
 
     if ((ret = DH_new()) == NULL)
         return NULL;
+    cb = BN_GENCB_new();
+    if (cb == NULL) {
+        DH_free(ret);
+        return NULL;
+    }
 
-    BN_GENCB_set_old(&cb, callback, cb_arg);
+    BN_GENCB_set_old(cb, callback, cb_arg);
 
-    if (DH_generate_parameters_ex(ret, prime_len, generator, &cb))
+    if (DH_generate_parameters_ex(ret, prime_len, generator, cb)) {
+        BN_GENCB_free(cb);
         return ret;
+    }
+    BN_GENCB_free(cb);
     DH_free(ret);
     return NULL;
 }
diff --git a/freebsd/crypto/openssl/crypto/dh/dh_err.c b/freebsd/crypto/openssl/crypto/dh/dh_err.c
index d2c6d863..c68c0d89 100644
--- a/freebsd/crypto/openssl/crypto/dh/dh_err.c
+++ b/freebsd/crypto/openssl/crypto/dh/dh_err.c
@@ -1,128 +1,103 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/dh/dh_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2013 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
 /*
- * NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
-#include <openssl/dh.h>
+#include <openssl/dherr.h>
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_DH,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_DH,0,reason)
-
-static ERR_STRING_DATA DH_str_functs[] = {
-    {ERR_FUNC(DH_F_COMPUTE_KEY), "COMPUTE_KEY"},
-    {ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"},
-    {ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"},
-    {ERR_FUNC(DH_F_DH_CMS_DECRYPT), "DH_CMS_DECRYPT"},
-    {ERR_FUNC(DH_F_DH_CMS_SET_PEERKEY), "DH_CMS_SET_PEERKEY"},
-    {ERR_FUNC(DH_F_DH_CMS_SET_SHARED_INFO), "DH_CMS_SET_SHARED_INFO"},
-    {ERR_FUNC(DH_F_DH_COMPUTE_KEY), "DH_compute_key"},
-    {ERR_FUNC(DH_F_DH_GENERATE_KEY), "DH_generate_key"},
-    {ERR_FUNC(DH_F_DH_GENERATE_PARAMETERS_EX), "DH_generate_parameters_ex"},
-    {ERR_FUNC(DH_F_DH_NEW_METHOD), "DH_new_method"},
-    {ERR_FUNC(DH_F_DH_PARAM_DECODE), "DH_PARAM_DECODE"},
-    {ERR_FUNC(DH_F_DH_PRIV_DECODE), "DH_PRIV_DECODE"},
-    {ERR_FUNC(DH_F_DH_PRIV_ENCODE), "DH_PRIV_ENCODE"},
-    {ERR_FUNC(DH_F_DH_PUB_DECODE), "DH_PUB_DECODE"},
-    {ERR_FUNC(DH_F_DH_PUB_ENCODE), "DH_PUB_ENCODE"},
-    {ERR_FUNC(DH_F_DO_DH_PRINT), "DO_DH_PRINT"},
-    {ERR_FUNC(DH_F_GENERATE_KEY), "GENERATE_KEY"},
-    {ERR_FUNC(DH_F_GENERATE_PARAMETERS), "GENERATE_PARAMETERS"},
-    {ERR_FUNC(DH_F_PKEY_DH_DERIVE), "PKEY_DH_DERIVE"},
-    {ERR_FUNC(DH_F_PKEY_DH_KEYGEN), "PKEY_DH_KEYGEN"},
+static const ERR_STRING_DATA DH_str_functs[] = {
+    {ERR_PACK(ERR_LIB_DH, DH_F_COMPUTE_KEY, 0), "compute_key"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DHPARAMS_PRINT_FP, 0), "DHparams_print_fp"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_BUILTIN_GENPARAMS, 0),
+     "dh_builtin_genparams"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_EX, 0), "DH_check_ex"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PARAMS_EX, 0), "DH_check_params_ex"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PUB_KEY_EX, 0), "DH_check_pub_key_ex"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_DECRYPT, 0), "dh_cms_decrypt"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_SET_PEERKEY, 0), "dh_cms_set_peerkey"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_SET_SHARED_INFO, 0),
+     "dh_cms_set_shared_info"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_METH_DUP, 0), "DH_meth_dup"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_METH_NEW, 0), "DH_meth_new"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_METH_SET1_NAME, 0), "DH_meth_set1_name"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_NEW_BY_NID, 0), "DH_new_by_nid"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_NEW_METHOD, 0), "DH_new_method"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_PARAM_DECODE, 0), "dh_param_decode"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_PKEY_PUBLIC_CHECK, 0),
+     "dh_pkey_public_check"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_PRIV_DECODE, 0), "dh_priv_decode"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_PRIV_ENCODE, 0), "dh_priv_encode"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_PUB_DECODE, 0), "dh_pub_decode"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_PUB_ENCODE, 0), "dh_pub_encode"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DO_DH_PRINT, 0), "do_dh_print"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_GENERATE_KEY, 0), "generate_key"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_PKEY_DH_CTRL_STR, 0), "pkey_dh_ctrl_str"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_PKEY_DH_DERIVE, 0), "pkey_dh_derive"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_PKEY_DH_INIT, 0), "pkey_dh_init"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_PKEY_DH_KEYGEN, 0), "pkey_dh_keygen"},
     {0, NULL}
 };
 
-static ERR_STRING_DATA DH_str_reasons[] = {
-    {ERR_REASON(DH_R_BAD_GENERATOR), "bad generator"},
-    {ERR_REASON(DH_R_BN_DECODE_ERROR), "bn decode error"},
-    {ERR_REASON(DH_R_BN_ERROR), "bn error"},
-    {ERR_REASON(DH_R_DECODE_ERROR), "decode error"},
-    {ERR_REASON(DH_R_INVALID_PUBKEY), "invalid public key"},
-    {ERR_REASON(DH_R_KDF_PARAMETER_ERROR), "kdf parameter error"},
-    {ERR_REASON(DH_R_KEYS_NOT_SET), "keys not set"},
-    {ERR_REASON(DH_R_KEY_SIZE_TOO_SMALL), "key size too small"},
-    {ERR_REASON(DH_R_MODULUS_TOO_LARGE), "modulus too large"},
-    {ERR_REASON(DH_R_NON_FIPS_METHOD), "non fips method"},
-    {ERR_REASON(DH_R_NO_PARAMETERS_SET), "no parameters set"},
-    {ERR_REASON(DH_R_NO_PRIVATE_VALUE), "no private value"},
-    {ERR_REASON(DH_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"},
-    {ERR_REASON(DH_R_PEER_KEY_ERROR), "peer key error"},
-    {ERR_REASON(DH_R_SHARED_INFO_ERROR), "shared info error"},
+static const ERR_STRING_DATA DH_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_BAD_GENERATOR), "bad generator"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_BN_DECODE_ERROR), "bn decode error"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_BN_ERROR), "bn error"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_INVALID_J_VALUE),
+    "check invalid j value"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_INVALID_Q_VALUE),
+    "check invalid q value"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_PUBKEY_INVALID),
+    "check pubkey invalid"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_PUBKEY_TOO_LARGE),
+    "check pubkey too large"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_PUBKEY_TOO_SMALL),
+    "check pubkey too small"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_P_NOT_PRIME), "check p not prime"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_P_NOT_SAFE_PRIME),
+    "check p not safe prime"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_Q_NOT_PRIME), "check q not prime"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_DECODE_ERROR), "decode error"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_INVALID_PARAMETER_NAME),
+    "invalid parameter name"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_INVALID_PARAMETER_NID),
+    "invalid parameter nid"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_INVALID_PUBKEY), "invalid public key"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_KDF_PARAMETER_ERROR), "kdf parameter error"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_KEYS_NOT_SET), "keys not set"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_MISSING_PUBKEY), "missing pubkey"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_MODULUS_TOO_LARGE), "modulus too large"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_NOT_SUITABLE_GENERATOR),
+    "not suitable generator"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_NO_PARAMETERS_SET), "no parameters set"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_NO_PRIVATE_VALUE), "no private value"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_PARAMETER_ENCODING_ERROR),
+    "parameter encoding error"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_PEER_KEY_ERROR), "peer key error"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_SHARED_INFO_ERROR), "shared info error"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_UNABLE_TO_CHECK_GENERATOR),
+    "unable to check generator"},
     {0, NULL}
 };
 
 #endif
 
-void ERR_load_DH_strings(void)
+int ERR_load_DH_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
-
     if (ERR_func_error_string(DH_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, DH_str_functs);
-        ERR_load_strings(0, DH_str_reasons);
+        ERR_load_strings_const(DH_str_functs);
+        ERR_load_strings_const(DH_str_reasons);
     }
 #endif
+    return 1;
 }
diff --git a/freebsd/crypto/openssl/crypto/dh/dh_gen.c b/freebsd/crypto/openssl/crypto/dh/dh_gen.c
index 2ee1d631..74079d40 100644
--- a/freebsd/crypto/openssl/crypto/dh/dh_gen.c
+++ b/freebsd/crypto/openssl/crypto/dh/dh_gen.c
@@ -1,61 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/dh/dh_gen.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 /*
@@ -64,13 +15,9 @@
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/bn.h>
-#include <openssl/dh.h>
-
-#ifdef OPENSSL_FIPS
-# include <openssl/fips.h>
-#endif
+#include "dh_locl.h"
 
 static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
                                 BN_GENCB *cb);
@@ -78,19 +25,8 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
 int DH_generate_parameters_ex(DH *ret, int prime_len, int generator,
                               BN_GENCB *cb)
 {
-#ifdef OPENSSL_FIPS
-    if (FIPS_mode() && !(ret->meth->flags & DH_FLAG_FIPS_METHOD)
-        && !(ret->flags & DH_FLAG_NON_FIPS_ALLOW)) {
-        DHerr(DH_F_DH_GENERATE_PARAMETERS_EX, DH_R_NON_FIPS_METHOD);
-        return 0;
-    }
-#endif
     if (ret->meth->generate_params)
         return ret->meth->generate_params(ret, prime_len, generator, cb);
-#ifdef OPENSSL_FIPS
-    if (FIPS_mode())
-        return FIPS_dh_generate_parameters_ex(ret, prime_len, generator, cb);
-#endif
     return dh_builtin_genparams(ret, prime_len, generator, cb);
 }
 
@@ -109,7 +45,7 @@ int DH_generate_parameters_ex(DH *ret, int prime_len, int generator,
  * for 3, p mod 12 == 5  <<<<< does not work for safe primes.
  * for 5, p mod 10 == 3 or 7
  *
- * Thanks to Phil Karn <karn@qualcomm.com> for the pointers about the
+ * Thanks to Phil Karn for the pointers about the
  * special generators and for answering some of my questions.
  *
  * I've implemented the second simple method :-).
@@ -134,7 +70,7 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
     BN_CTX_start(ctx);
     t1 = BN_CTX_get(ctx);
     t2 = BN_CTX_get(ctx);
-    if (t1 == NULL || t2 == NULL)
+    if (t2 == NULL)
         goto err;
 
     /* Make sure 'ret' has the necessary elements */
@@ -153,17 +89,7 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
         if (!BN_set_word(t2, 11))
             goto err;
         g = 2;
-    }
-#if 0                           /* does not work for safe primes */
-    else if (generator == DH_GENERATOR_3) {
-        if (!BN_set_word(t1, 12))
-            goto err;
-        if (!BN_set_word(t2, 5))
-            goto err;
-        g = 3;
-    }
-#endif
-    else if (generator == DH_GENERATOR_5) {
+    } else if (generator == DH_GENERATOR_5) {
         if (!BN_set_word(t1, 10))
             goto err;
         if (!BN_set_word(t2, 3))
diff --git a/freebsd/crypto/openssl/crypto/dh/dh_kdf.c b/freebsd/crypto/openssl/crypto/dh/dh_kdf.c
index 10a7b61d..1a5a737e 100644
--- a/freebsd/crypto/openssl/crypto/dh/dh_kdf.c
+++ b/freebsd/crypto/openssl/crypto/dh/dh_kdf.c
@@ -1,59 +1,15 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/dh/dh_kdf.c */
 /*
- * Written by Stephen Henson for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 2013 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include <e_os.h>
+#include "e_os.h"
 
 #ifndef OPENSSL_NO_CMS
 #include <string.h>
@@ -62,7 +18,9 @@
 #include <openssl/asn1.h>
 #include <openssl/cms.h>
 
+
 /* Key derivation from X9.42/RFC2631 */
+/* Uses CMS functions, hence the #ifdef wrapper. */
 
 #define DH_KDF_MAX      (1L << 30)
 
@@ -144,7 +102,7 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,
                  ASN1_OBJECT *key_oid,
                  const unsigned char *ukm, size_t ukmlen, const EVP_MD *md)
 {
-    EVP_MD_CTX mctx;
+    EVP_MD_CTX *mctx = NULL;
     int rv = 0;
     unsigned int i;
     size_t mdlen;
@@ -152,31 +110,33 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,
     int derlen;
     if (Zlen > DH_KDF_MAX)
         return 0;
+    mctx = EVP_MD_CTX_new();
+    if (mctx == NULL)
+        return 0;
     mdlen = EVP_MD_size(md);
-    EVP_MD_CTX_init(&mctx);
     derlen = dh_sharedinfo_encode(&der, &ctr, key_oid, outlen, ukm, ukmlen);
     if (derlen == 0)
         goto err;
     for (i = 1;; i++) {
         unsigned char mtmp[EVP_MAX_MD_SIZE];
-        EVP_DigestInit_ex(&mctx, md, NULL);
-        if (!EVP_DigestUpdate(&mctx, Z, Zlen))
+        if (!EVP_DigestInit_ex(mctx, md, NULL)
+            || !EVP_DigestUpdate(mctx, Z, Zlen))
             goto err;
         ctr[3] = i & 0xFF;
         ctr[2] = (i >> 8) & 0xFF;
         ctr[1] = (i >> 16) & 0xFF;
         ctr[0] = (i >> 24) & 0xFF;
-        if (!EVP_DigestUpdate(&mctx, der, derlen))
+        if (!EVP_DigestUpdate(mctx, der, derlen))
             goto err;
         if (outlen >= mdlen) {
-            if (!EVP_DigestFinal(&mctx, out, NULL))
+            if (!EVP_DigestFinal(mctx, out, NULL))
                 goto err;
             outlen -= mdlen;
             if (outlen == 0)
                 break;
             out += mdlen;
         } else {
-            if (!EVP_DigestFinal(&mctx, mtmp, NULL))
+            if (!EVP_DigestFinal(mctx, mtmp, NULL))
                 goto err;
             memcpy(out, mtmp, outlen);
             OPENSSL_cleanse(mtmp, mdlen);
@@ -185,9 +145,8 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,
     }
     rv = 1;
  err:
-    if (der)
-        OPENSSL_free(der);
-    EVP_MD_CTX_cleanup(&mctx);
+    OPENSSL_free(der);
+    EVP_MD_CTX_free(mctx);
     return rv;
 }
 #endif
diff --git a/freebsd/crypto/openssl/crypto/dh/dh_key.c b/freebsd/crypto/openssl/crypto/dh/dh_key.c
index eb40d030..4cf29bc7 100644
--- a/freebsd/crypto/openssl/crypto/dh/dh_key.c
+++ b/freebsd/crypto/openssl/crypto/dh/dh_key.c
@@ -1,68 +1,18 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/dh/dh_key.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/rand.h>
-#include <openssl/dh.h>
+#include "internal/cryptlib.h"
+#include "dh_locl.h"
+#include "internal/bn_int.h"
 
 static int generate_key(DH *dh);
 static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
@@ -74,25 +24,11 @@ static int dh_finish(DH *dh);
 
 int DH_generate_key(DH *dh)
 {
-#ifdef OPENSSL_FIPS
-    if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD)
-        && !(dh->flags & DH_FLAG_NON_FIPS_ALLOW)) {
-        DHerr(DH_F_DH_GENERATE_KEY, DH_R_NON_FIPS_METHOD);
-        return 0;
-    }
-#endif
     return dh->meth->generate_key(dh);
 }
 
 int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
 {
-#ifdef OPENSSL_FIPS
-    if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD)
-        && !(dh->flags & DH_FLAG_NON_FIPS_ALLOW)) {
-        DHerr(DH_F_DH_COMPUTE_KEY, DH_R_NON_FIPS_METHOD);
-        return 0;
-    }
-#endif
     return dh->meth->compute_key(key, pub_key, dh);
 }
 
@@ -117,16 +53,28 @@ static DH_METHOD dh_ossl = {
     dh_bn_mod_exp,
     dh_init,
     dh_finish,
-    0,
+    DH_FLAG_FIPS_METHOD,
     NULL,
     NULL
 };
 
+static const DH_METHOD *default_DH_method = &dh_ossl;
+
 const DH_METHOD *DH_OpenSSL(void)
 {
     return &dh_ossl;
 }
 
+void DH_set_default_method(const DH_METHOD *meth)
+{
+    default_DH_method = meth;
+}
+
+const DH_METHOD *DH_get_default_method(void)
+{
+    return default_DH_method;
+}
+
 static int generate_key(DH *dh)
 {
     int ok = 0;
@@ -146,7 +94,7 @@ static int generate_key(DH *dh)
         goto err;
 
     if (dh->priv_key == NULL) {
-        priv_key = BN_new();
+        priv_key = BN_secure_new();
         if (priv_key == NULL)
             goto err;
         generate_new_key = 1;
@@ -162,7 +110,7 @@ static int generate_key(DH *dh)
 
     if (dh->flags & DH_FLAG_CACHE_MONT_P) {
         mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
-                                      CRYPTO_LOCK_DH, dh->p, ctx);
+                                      dh->lock, dh->p, ctx);
         if (!mont)
             goto err;
     }
@@ -170,31 +118,31 @@ static int generate_key(DH *dh)
     if (generate_new_key) {
         if (dh->q) {
             do {
-                if (!BN_rand_range(priv_key, dh->q))
+                if (!BN_priv_rand_range(priv_key, dh->q))
                     goto err;
             }
             while (BN_is_zero(priv_key) || BN_is_one(priv_key));
         } else {
             /* secret exponent length */
             l = dh->length ? dh->length : BN_num_bits(dh->p) - 1;
-            if (!BN_rand(priv_key, l, 0, 0))
+            if (!BN_priv_rand(priv_key, l, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY))
                 goto err;
         }
     }
 
     {
-        BIGNUM local_prk;
-        BIGNUM *prk;
+        BIGNUM *prk = BN_new();
 
-        if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) {
-            BN_init(&local_prk);
-            prk = &local_prk;
-            BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
-        } else
-            prk = priv_key;
+        if (prk == NULL)
+            goto err;
+        BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
 
-        if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont))
+        if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont)) {
+            BN_free(prk);
             goto err;
+        }
+        /* We MUST free prk before any further use of priv_key */
+        BN_free(prk);
     }
 
     dh->pub_key = pub_key;
@@ -204,12 +152,12 @@ static int generate_key(DH *dh)
     if (ok != 1)
         DHerr(DH_F_GENERATE_KEY, ERR_R_BN_LIB);
 
-    if ((pub_key != NULL) && (dh->pub_key == NULL))
+    if (pub_key != dh->pub_key)
         BN_free(pub_key);
-    if ((priv_key != NULL) && (dh->priv_key == NULL))
+    if (priv_key != dh->priv_key)
         BN_free(priv_key);
     BN_CTX_free(ctx);
-    return (ok);
+    return ok;
 }
 
 static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
@@ -240,11 +188,8 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
 
     if (dh->flags & DH_FLAG_CACHE_MONT_P) {
         mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
-                                      CRYPTO_LOCK_DH, dh->p, ctx);
-        if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) {
-            /* XXX */
-            BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME);
-        }
+                                      dh->lock, dh->p, ctx);
+        BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME);
         if (!mont)
             goto err;
     }
@@ -266,33 +211,24 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
         BN_CTX_end(ctx);
         BN_CTX_free(ctx);
     }
-    return (ret);
+    return ret;
 }
 
 static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
                          const BIGNUM *a, const BIGNUM *p,
                          const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
 {
-    /*
-     * If a is only one word long and constant time is false, use the faster
-     * exponenentiation function.
-     */
-    if (a->top == 1 && ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0)) {
-        BN_ULONG A = a->d[0];
-        return BN_mod_exp_mont_word(r, A, p, m, ctx, m_ctx);
-    } else
-        return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
+    return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
 }
 
 static int dh_init(DH *dh)
 {
     dh->flags |= DH_FLAG_CACHE_MONT_P;
-    return (1);
+    return 1;
 }
 
 static int dh_finish(DH *dh)
 {
-    if (dh->method_mont_p)
-        BN_MONT_CTX_free(dh->method_mont_p);
-    return (1);
+    BN_MONT_CTX_free(dh->method_mont_p);
+    return 1;
 }
diff --git a/freebsd/crypto/openssl/crypto/dh/dh_lib.c b/freebsd/crypto/openssl/crypto/dh/dh_lib.c
index 625cf9c2..ee65d4cf 100644
--- a/freebsd/crypto/openssl/crypto/dh/dh_lib.c
+++ b/freebsd/crypto/openssl/crypto/dh/dh_lib.c
@@ -1,98 +1,20 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/dh/dh_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
+#include "internal/refcount.h"
 #include <openssl/bn.h>
-#include <openssl/dh.h>
-#ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
-#endif
-
-#ifdef OPENSSL_FIPS
-# include <openssl/fips.h>
-#endif
-
-const char DH_version[] = "Diffie-Hellman" OPENSSL_VERSION_PTEXT;
-
-static const DH_METHOD *default_DH_method = NULL;
-
-void DH_set_default_method(const DH_METHOD *meth)
-{
-    default_DH_method = meth;
-}
-
-const DH_METHOD *DH_get_default_method(void)
-{
-    if (!default_DH_method) {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode())
-            return FIPS_dh_openssl();
-        else
-            return DH_OpenSSL();
-#else
-        default_DH_method = DH_OpenSSL();
-#endif
-    }
-    return default_DH_method;
-}
+#include "dh_locl.h"
+#include <openssl/engine.h>
 
 int DH_set_method(DH *dh, const DH_METHOD *meth)
 {
@@ -105,10 +27,8 @@ int DH_set_method(DH *dh, const DH_METHOD *meth)
     if (mtmp->finish)
         mtmp->finish(dh);
 #ifndef OPENSSL_NO_ENGINE
-    if (dh->engine) {
-        ENGINE_finish(dh->engine);
-        dh->engine = NULL;
-    }
+    ENGINE_finish(dh->engine);
+    dh->engine = NULL;
 #endif
     dh->meth = meth;
     if (meth->init)
@@ -123,143 +43,251 @@ DH *DH_new(void)
 
 DH *DH_new_method(ENGINE *engine)
 {
-    DH *ret;
+    DH *ret = OPENSSL_zalloc(sizeof(*ret));
 
-    ret = (DH *)OPENSSL_malloc(sizeof(DH));
     if (ret == NULL) {
         DHerr(DH_F_DH_NEW_METHOD, ERR_R_MALLOC_FAILURE);
-        return (NULL);
+        return NULL;
+    }
+
+    ret->references = 1;
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        DHerr(DH_F_DH_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
     }
 
     ret->meth = DH_get_default_method();
 #ifndef OPENSSL_NO_ENGINE
+    ret->flags = ret->meth->flags;  /* early default init */
     if (engine) {
         if (!ENGINE_init(engine)) {
             DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB);
-            OPENSSL_free(ret);
-            return NULL;
+            goto err;
         }
         ret->engine = engine;
     } else
         ret->engine = ENGINE_get_default_DH();
     if (ret->engine) {
         ret->meth = ENGINE_get_DH(ret->engine);
-        if (!ret->meth) {
+        if (ret->meth == NULL) {
             DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB);
-            ENGINE_finish(ret->engine);
-            OPENSSL_free(ret);
-            return NULL;
+            goto err;
         }
     }
 #endif
 
-    ret->pad = 0;
-    ret->version = 0;
-    ret->p = NULL;
-    ret->g = NULL;
-    ret->length = 0;
-    ret->pub_key = NULL;
-    ret->priv_key = NULL;
-    ret->q = NULL;
-    ret->j = NULL;
-    ret->seed = NULL;
-    ret->seedlen = 0;
-    ret->counter = NULL;
-    ret->method_mont_p = NULL;
-    ret->references = 1;
-    ret->flags = ret->meth->flags & ~DH_FLAG_NON_FIPS_ALLOW;
-    CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
+    ret->flags = ret->meth->flags;
+
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data))
+        goto err;
+
     if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
-#ifndef OPENSSL_NO_ENGINE
-        if (ret->engine)
-            ENGINE_finish(ret->engine);
-#endif
-        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
-        OPENSSL_free(ret);
-        ret = NULL;
+        DHerr(DH_F_DH_NEW_METHOD, ERR_R_INIT_FAIL);
+        goto err;
     }
-    return (ret);
+
+    return ret;
+
+ err:
+    DH_free(ret);
+    return NULL;
 }
 
 void DH_free(DH *r)
 {
     int i;
+
     if (r == NULL)
         return;
-    i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH);
-#ifdef REF_PRINT
-    REF_PRINT("DH", r);
-#endif
+
+    CRYPTO_DOWN_REF(&r->references, &i, r->lock);
+    REF_PRINT_COUNT("DH", r);
     if (i > 0)
         return;
-#ifdef REF_CHECK
-    if (i < 0) {
-        fprintf(stderr, "DH_free, bad reference count\n");
-        abort();
-    }
-#endif
+    REF_ASSERT_ISNT(i < 0);
 
-    if (r->meth->finish)
+    if (r->meth != NULL && r->meth->finish != NULL)
         r->meth->finish(r);
 #ifndef OPENSSL_NO_ENGINE
-    if (r->engine)
-        ENGINE_finish(r->engine);
+    ENGINE_finish(r->engine);
 #endif
 
     CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data);
 
-    if (r->p != NULL)
-        BN_clear_free(r->p);
-    if (r->g != NULL)
-        BN_clear_free(r->g);
-    if (r->q != NULL)
-        BN_clear_free(r->q);
-    if (r->j != NULL)
-        BN_clear_free(r->j);
-    if (r->seed)
-        OPENSSL_free(r->seed);
-    if (r->counter != NULL)
-        BN_clear_free(r->counter);
-    if (r->pub_key != NULL)
-        BN_clear_free(r->pub_key);
-    if (r->priv_key != NULL)
-        BN_clear_free(r->priv_key);
+    CRYPTO_THREAD_lock_free(r->lock);
+
+    BN_clear_free(r->p);
+    BN_clear_free(r->g);
+    BN_clear_free(r->q);
+    BN_clear_free(r->j);
+    OPENSSL_free(r->seed);
+    BN_clear_free(r->counter);
+    BN_clear_free(r->pub_key);
+    BN_clear_free(r->priv_key);
     OPENSSL_free(r);
 }
 
 int DH_up_ref(DH *r)
 {
-    int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DH);
-#ifdef REF_PRINT
-    REF_PRINT("DH", r);
-#endif
-#ifdef REF_CHECK
-    if (i < 2) {
-        fprintf(stderr, "DH_up, bad reference count\n");
-        abort();
-    }
-#endif
+    int i;
+
+    if (CRYPTO_UP_REF(&r->references, &i, r->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("DH", r);
+    REF_ASSERT_ISNT(i < 2);
     return ((i > 1) ? 1 : 0);
 }
 
-int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-                        CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+int DH_set_ex_data(DH *d, int idx, void *arg)
 {
-    return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, argl, argp,
-                                   new_func, dup_func, free_func);
+    return CRYPTO_set_ex_data(&d->ex_data, idx, arg);
 }
 
-int DH_set_ex_data(DH *d, int idx, void *arg)
+void *DH_get_ex_data(DH *d, int idx)
 {
-    return (CRYPTO_set_ex_data(&d->ex_data, idx, arg));
+    return CRYPTO_get_ex_data(&d->ex_data, idx);
 }
 
-void *DH_get_ex_data(DH *d, int idx)
+int DH_bits(const DH *dh)
 {
-    return (CRYPTO_get_ex_data(&d->ex_data, idx));
+    return BN_num_bits(dh->p);
 }
 
 int DH_size(const DH *dh)
 {
-    return (BN_num_bytes(dh->p));
+    return BN_num_bytes(dh->p);
+}
+
+int DH_security_bits(const DH *dh)
+{
+    int N;
+    if (dh->q)
+        N = BN_num_bits(dh->q);
+    else if (dh->length)
+        N = dh->length;
+    else
+        N = -1;
+    return BN_security_bits(BN_num_bits(dh->p), N);
+}
+
+
+void DH_get0_pqg(const DH *dh,
+                 const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
+{
+    if (p != NULL)
+        *p = dh->p;
+    if (q != NULL)
+        *q = dh->q;
+    if (g != NULL)
+        *g = dh->g;
+}
+
+int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
+{
+    /* If the fields p and g in d are NULL, the corresponding input
+     * parameters MUST be non-NULL.  q may remain NULL.
+     */
+    if ((dh->p == NULL && p == NULL)
+        || (dh->g == NULL && g == NULL))
+        return 0;
+
+    if (p != NULL) {
+        BN_free(dh->p);
+        dh->p = p;
+    }
+    if (q != NULL) {
+        BN_free(dh->q);
+        dh->q = q;
+    }
+    if (g != NULL) {
+        BN_free(dh->g);
+        dh->g = g;
+    }
+
+    if (q != NULL) {
+        dh->length = BN_num_bits(q);
+    }
+
+    return 1;
+}
+
+long DH_get_length(const DH *dh)
+{
+    return dh->length;
+}
+
+int DH_set_length(DH *dh, long length)
+{
+    dh->length = length;
+    return 1;
+}
+
+void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
+{
+    if (pub_key != NULL)
+        *pub_key = dh->pub_key;
+    if (priv_key != NULL)
+        *priv_key = dh->priv_key;
+}
+
+int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
+{
+    if (pub_key != NULL) {
+        BN_free(dh->pub_key);
+        dh->pub_key = pub_key;
+    }
+    if (priv_key != NULL) {
+        BN_free(dh->priv_key);
+        dh->priv_key = priv_key;
+    }
+
+    return 1;
+}
+
+const BIGNUM *DH_get0_p(const DH *dh)
+{
+    return dh->p;
+}
+
+const BIGNUM *DH_get0_q(const DH *dh)
+{
+    return dh->q;
+}
+
+const BIGNUM *DH_get0_g(const DH *dh)
+{
+    return dh->g;
+}
+
+const BIGNUM *DH_get0_priv_key(const DH *dh)
+{
+    return dh->priv_key;
+}
+
+const BIGNUM *DH_get0_pub_key(const DH *dh)
+{
+    return dh->pub_key;
+}
+
+void DH_clear_flags(DH *dh, int flags)
+{
+    dh->flags &= ~flags;
+}
+
+int DH_test_flags(const DH *dh, int flags)
+{
+    return dh->flags & flags;
+}
+
+void DH_set_flags(DH *dh, int flags)
+{
+    dh->flags |= flags;
+}
+
+ENGINE *DH_get0_engine(DH *dh)
+{
+    return dh->engine;
 }
diff --git a/freebsd/crypto/openssl/crypto/dh/dh_locl.h b/freebsd/crypto/openssl/crypto/dh/dh_locl.h
new file mode 100644
index 00000000..0a8391a6
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/dh/dh_locl.h
@@ -0,0 +1,57 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/dh.h>
+#include "internal/refcount.h"
+
+struct dh_st {
+    /*
+     * This first argument is used to pick up errors when a DH is passed
+     * instead of a EVP_PKEY
+     */
+    int pad;
+    int version;
+    BIGNUM *p;
+    BIGNUM *g;
+    int32_t length;             /* optional */
+    BIGNUM *pub_key;            /* g^x % p */
+    BIGNUM *priv_key;           /* x */
+    int flags;
+    BN_MONT_CTX *method_mont_p;
+    /* Place holders if we want to do X9.42 DH */
+    BIGNUM *q;
+    BIGNUM *j;
+    unsigned char *seed;
+    int seedlen;
+    BIGNUM *counter;
+    CRYPTO_REF_COUNT references;
+    CRYPTO_EX_DATA ex_data;
+    const DH_METHOD *meth;
+    ENGINE *engine;
+    CRYPTO_RWLOCK *lock;
+};
+
+struct dh_method {
+    char *name;
+    /* Methods here */
+    int (*generate_key) (DH *dh);
+    int (*compute_key) (unsigned char *key, const BIGNUM *pub_key, DH *dh);
+
+    /* Can be null */
+    int (*bn_mod_exp) (const DH *dh, BIGNUM *r, const BIGNUM *a,
+                       const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+                       BN_MONT_CTX *m_ctx);
+    int (*init) (DH *dh);
+    int (*finish) (DH *dh);
+    int flags;
+    char *app_data;
+    /* If this is non-NULL, it will be used to generate parameters */
+    int (*generate_params) (DH *dh, int prime_len, int generator,
+                            BN_GENCB *cb);
+};
diff --git a/freebsd/crypto/openssl/crypto/dh/dh_meth.c b/freebsd/crypto/openssl/crypto/dh/dh_meth.c
new file mode 100644
index 00000000..0fd72aba
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/dh/dh_meth.c
@@ -0,0 +1,175 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "dh_locl.h"
+#include <string.h>
+#include <openssl/err.h>
+
+DH_METHOD *DH_meth_new(const char *name, int flags)
+{
+    DH_METHOD *dhm = OPENSSL_zalloc(sizeof(*dhm));
+
+    if (dhm != NULL) {
+        dhm->flags = flags;
+
+        dhm->name = OPENSSL_strdup(name);
+        if (dhm->name != NULL)
+            return dhm;
+
+        OPENSSL_free(dhm);
+    }
+
+    DHerr(DH_F_DH_METH_NEW, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+void DH_meth_free(DH_METHOD *dhm)
+{
+    if (dhm != NULL) {
+        OPENSSL_free(dhm->name);
+        OPENSSL_free(dhm);
+    }
+}
+
+DH_METHOD *DH_meth_dup(const DH_METHOD *dhm)
+{
+    DH_METHOD *ret = OPENSSL_malloc(sizeof(*ret));
+
+    if (ret != NULL) {
+        memcpy(ret, dhm, sizeof(*dhm));
+
+        ret->name = OPENSSL_strdup(dhm->name);
+        if (ret->name != NULL)
+            return ret;
+
+        OPENSSL_free(ret);
+    }
+
+    DHerr(DH_F_DH_METH_DUP, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+const char *DH_meth_get0_name(const DH_METHOD *dhm)
+{
+    return dhm->name;
+}
+
+int DH_meth_set1_name(DH_METHOD *dhm, const char *name)
+{
+    char *tmpname = OPENSSL_strdup(name);
+
+    if (tmpname == NULL) {
+        DHerr(DH_F_DH_METH_SET1_NAME, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    OPENSSL_free(dhm->name);
+    dhm->name = tmpname;
+
+    return 1;
+}
+
+int DH_meth_get_flags(const DH_METHOD *dhm)
+{
+    return dhm->flags;
+}
+
+int DH_meth_set_flags(DH_METHOD *dhm, int flags)
+{
+    dhm->flags = flags;
+    return 1;
+}
+
+void *DH_meth_get0_app_data(const DH_METHOD *dhm)
+{
+    return dhm->app_data;
+}
+
+int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data)
+{
+    dhm->app_data = app_data;
+    return 1;
+}
+
+int (*DH_meth_get_generate_key(const DH_METHOD *dhm)) (DH *)
+{
+    return dhm->generate_key;
+}
+
+int DH_meth_set_generate_key(DH_METHOD *dhm, int (*generate_key) (DH *))
+{
+    dhm->generate_key = generate_key;
+    return 1;
+}
+
+int (*DH_meth_get_compute_key(const DH_METHOD *dhm))
+        (unsigned char *key, const BIGNUM *pub_key, DH *dh)
+{
+    return dhm->compute_key;
+}
+
+int DH_meth_set_compute_key(DH_METHOD *dhm,
+        int (*compute_key) (unsigned char *key, const BIGNUM *pub_key, DH *dh))
+{
+    dhm->compute_key = compute_key;
+    return 1;
+}
+
+
+int (*DH_meth_get_bn_mod_exp(const DH_METHOD *dhm))
+    (const DH *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *,
+     BN_CTX *, BN_MONT_CTX *)
+{
+    return dhm->bn_mod_exp;
+}
+
+int DH_meth_set_bn_mod_exp(DH_METHOD *dhm,
+    int (*bn_mod_exp) (const DH *, BIGNUM *, const BIGNUM *, const BIGNUM *,
+                       const BIGNUM *, BN_CTX *, BN_MONT_CTX *))
+{
+    dhm->bn_mod_exp = bn_mod_exp;
+    return 1;
+}
+
+int (*DH_meth_get_init(const DH_METHOD *dhm))(DH *)
+{
+    return dhm->init;
+}
+
+int DH_meth_set_init(DH_METHOD *dhm, int (*init)(DH *))
+{
+    dhm->init = init;
+    return 1;
+}
+
+int (*DH_meth_get_finish(const DH_METHOD *dhm)) (DH *)
+{
+    return dhm->finish;
+}
+
+int DH_meth_set_finish(DH_METHOD *dhm, int (*finish) (DH *))
+{
+    dhm->finish = finish;
+    return 1;
+}
+
+int (*DH_meth_get_generate_params(const DH_METHOD *dhm))
+        (DH *, int, int, BN_GENCB *)
+{
+    return dhm->generate_params;
+}
+
+int DH_meth_set_generate_params(DH_METHOD *dhm,
+        int (*generate_params) (DH *, int, int, BN_GENCB *))
+{
+    dhm->generate_params = generate_params;
+    return 1;
+}
diff --git a/freebsd/crypto/openssl/crypto/dh/dh_pmeth.c b/freebsd/crypto/openssl/crypto/dh/dh_pmeth.c
index 6456729b..b2fa93c4 100644
--- a/freebsd/crypto/openssl/crypto/dh/dh_pmeth.c
+++ b/freebsd/crypto/openssl/crypto/dh/dh_pmeth.c
@@ -1,75 +1,24 @@
 #include <machine/rtems-bsd-user-space.h>
 
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2006.
- */
-/* ====================================================================
- * Copyright (c) 2006-2018 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
 #include <openssl/evp.h>
-#include <openssl/dh.h>
+#include "dh_locl.h"
 #include <openssl/bn.h>
-#ifndef OPENSSL_NO_DSA
-# include <openssl/dsa.h>
-#endif
+#include <openssl/dsa.h>
 #include <openssl/objects.h>
-#include "evp_locl.h"
+#include "internal/evp_int.h"
 
 /* DH pkey context structure */
 
@@ -79,9 +28,11 @@ typedef struct {
     int generator;
     int use_dsa;
     int subprime_len;
+    int pad;
     /* message digest used for parameter generation */
     const EVP_MD *md;
     int rfc5114_param;
+    int param_nid;
     /* Keygen callback info */
     int gentmp[2];
     /* KDF (if any) to use for DH */
@@ -100,22 +51,15 @@ typedef struct {
 static int pkey_dh_init(EVP_PKEY_CTX *ctx)
 {
     DH_PKEY_CTX *dctx;
-    dctx = OPENSSL_malloc(sizeof(DH_PKEY_CTX));
-    if (!dctx)
+
+    if ((dctx = OPENSSL_zalloc(sizeof(*dctx))) == NULL) {
+        DHerr(DH_F_PKEY_DH_INIT, ERR_R_MALLOC_FAILURE);
         return 0;
+    }
     dctx->prime_len = 1024;
     dctx->subprime_len = -1;
     dctx->generator = 2;
-    dctx->use_dsa = 0;
-    dctx->md = NULL;
-    dctx->rfc5114_param = 0;
-
     dctx->kdf_type = EVP_PKEY_DH_KDF_NONE;
-    dctx->kdf_oid = NULL;
-    dctx->kdf_md = NULL;
-    dctx->kdf_ukm = NULL;
-    dctx->kdf_ukmlen = 0;
-    dctx->kdf_outlen = 0;
 
     ctx->data = dctx;
     ctx->keygen_info = dctx->gentmp;
@@ -124,6 +68,17 @@ static int pkey_dh_init(EVP_PKEY_CTX *ctx)
     return 1;
 }
 
+static void pkey_dh_cleanup(EVP_PKEY_CTX *ctx)
+{
+    DH_PKEY_CTX *dctx = ctx->data;
+    if (dctx != NULL) {
+        OPENSSL_free(dctx->kdf_ukm);
+        ASN1_OBJECT_free(dctx->kdf_oid);
+        OPENSSL_free(dctx);
+    }
+}
+
+
 static int pkey_dh_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
 {
     DH_PKEY_CTX *dctx, *sctx;
@@ -135,34 +90,26 @@ static int pkey_dh_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
     dctx->subprime_len = sctx->subprime_len;
     dctx->generator = sctx->generator;
     dctx->use_dsa = sctx->use_dsa;
+    dctx->pad = sctx->pad;
     dctx->md = sctx->md;
     dctx->rfc5114_param = sctx->rfc5114_param;
+    dctx->param_nid = sctx->param_nid;
 
     dctx->kdf_type = sctx->kdf_type;
     dctx->kdf_oid = OBJ_dup(sctx->kdf_oid);
-    if (!dctx->kdf_oid)
+    if (dctx->kdf_oid == NULL)
         return 0;
     dctx->kdf_md = sctx->kdf_md;
-    if (dctx->kdf_ukm) {
-        dctx->kdf_ukm = BUF_memdup(sctx->kdf_ukm, sctx->kdf_ukmlen);
+    if (sctx->kdf_ukm != NULL) {
+        dctx->kdf_ukm = OPENSSL_memdup(sctx->kdf_ukm, sctx->kdf_ukmlen);
+        if (dctx->kdf_ukm == NULL)
+          return 0;
         dctx->kdf_ukmlen = sctx->kdf_ukmlen;
     }
     dctx->kdf_outlen = sctx->kdf_outlen;
     return 1;
 }
 
-static void pkey_dh_cleanup(EVP_PKEY_CTX *ctx)
-{
-    DH_PKEY_CTX *dctx = ctx->data;
-    if (dctx) {
-        if (dctx->kdf_ukm)
-            OPENSSL_free(dctx->kdf_ukm);
-        if (dctx->kdf_oid)
-            ASN1_OBJECT_free(dctx->kdf_oid);
-        OPENSSL_free(dctx);
-    }
-}
-
 static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
 {
     DH_PKEY_CTX *dctx = ctx->data;
@@ -179,6 +126,10 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
         dctx->subprime_len = p1;
         return 1;
 
+    case EVP_PKEY_CTRL_DH_PAD:
+        dctx->pad = p1;
+        return 1;
+
     case EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR:
         if (dctx->use_dsa)
             return -2;
@@ -197,11 +148,17 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
         return 1;
 
     case EVP_PKEY_CTRL_DH_RFC5114:
-        if (p1 < 1 || p1 > 3)
+        if (p1 < 1 || p1 > 3 || dctx->param_nid != NID_undef)
             return -2;
         dctx->rfc5114_param = p1;
         return 1;
 
+    case EVP_PKEY_CTRL_DH_NID:
+        if (p1 <= 0 || dctx->rfc5114_param != 0)
+            return -2;
+        dctx->param_nid = p1;
+        return 1;
+
     case EVP_PKEY_CTRL_PEER_KEY:
         /* Default behaviour is OK */
         return 1;
@@ -237,8 +194,7 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
         return 1;
 
     case EVP_PKEY_CTRL_DH_KDF_UKM:
-        if (dctx->kdf_ukm)
-            OPENSSL_free(dctx->kdf_ukm);
+        OPENSSL_free(dctx->kdf_ukm);
         dctx->kdf_ukm = p2;
         if (p2)
             dctx->kdf_ukmlen = p1;
@@ -251,8 +207,7 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
         return dctx->kdf_ukmlen;
 
     case EVP_PKEY_CTRL_DH_KDF_OID:
-        if (dctx->kdf_oid)
-            ASN1_OBJECT_free(dctx->kdf_oid);
+        ASN1_OBJECT_free(dctx->kdf_oid);
         dctx->kdf_oid = p2;
         return 1;
 
@@ -269,12 +224,12 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
 static int pkey_dh_ctrl_str(EVP_PKEY_CTX *ctx,
                             const char *type, const char *value)
 {
-    if (!strcmp(type, "dh_paramgen_prime_len")) {
+    if (strcmp(type, "dh_paramgen_prime_len") == 0) {
         int len;
         len = atoi(value);
         return EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len);
     }
-    if (!strcmp(type, "dh_rfc5114")) {
+    if (strcmp(type, "dh_rfc5114") == 0) {
         DH_PKEY_CTX *dctx = ctx->data;
         int len;
         len = atoi(value);
@@ -283,21 +238,37 @@ static int pkey_dh_ctrl_str(EVP_PKEY_CTX *ctx,
         dctx->rfc5114_param = len;
         return 1;
     }
-    if (!strcmp(type, "dh_paramgen_generator")) {
+    if (strcmp(type, "dh_param") == 0) {
+        DH_PKEY_CTX *dctx = ctx->data;
+        int nid = OBJ_sn2nid(value);
+
+        if (nid == NID_undef) {
+            DHerr(DH_F_PKEY_DH_CTRL_STR, DH_R_INVALID_PARAMETER_NAME);
+            return -2;
+        }
+        dctx->param_nid = nid;
+        return 1;
+    }
+    if (strcmp(type, "dh_paramgen_generator") == 0) {
         int len;
         len = atoi(value);
         return EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, len);
     }
-    if (!strcmp(type, "dh_paramgen_subprime_len")) {
+    if (strcmp(type, "dh_paramgen_subprime_len") == 0) {
         int len;
         len = atoi(value);
         return EVP_PKEY_CTX_set_dh_paramgen_subprime_len(ctx, len);
     }
-    if (!strcmp(type, "dh_paramgen_type")) {
+    if (strcmp(type, "dh_paramgen_type") == 0) {
         int typ;
         typ = atoi(value);
         return EVP_PKEY_CTX_set_dh_paramgen_type(ctx, typ);
     }
+    if (strcmp(type, "dh_pad") == 0) {
+        int pad;
+        pad = atoi(value);
+        return EVP_PKEY_CTX_set_dh_pad(ctx, pad);
+    }
     return -2;
 }
 
@@ -326,7 +297,7 @@ static DSA *dsa_dh_generate(DH_PKEY_CTX *dctx, BN_GENCB *pcb)
     if (dctx->use_dsa > 2)
         return NULL;
     ret = DSA_new();
-    if (!ret)
+    if (ret == NULL)
         return NULL;
     if (subprime_len == -1) {
         if (prime_len >= 2048)
@@ -359,7 +330,7 @@ static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
 {
     DH *dh = NULL;
     DH_PKEY_CTX *dctx = ctx->data;
-    BN_GENCB *pcb, cb;
+    BN_GENCB *pcb;
     int ret;
     if (dctx->rfc5114_param) {
         switch (dctx->rfc5114_param) {
@@ -382,8 +353,17 @@ static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
         return 1;
     }
 
+    if (dctx->param_nid != 0) {
+        if ((dh = DH_new_by_nid(dctx->param_nid)) == NULL)
+            return 0;
+        EVP_PKEY_assign(pkey, EVP_PKEY_DH, dh);
+        return 1;
+    }
+
     if (ctx->pkey_gencb) {
-        pcb = &cb;
+        pcb = BN_GENCB_new();
+        if (pcb == NULL)
+            return 0;
         evp_pkey_set_cb_translate(pcb, ctx);
     } else
         pcb = NULL;
@@ -391,7 +371,8 @@ static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
     if (dctx->use_dsa) {
         DSA *dsa_dh;
         dsa_dh = dsa_dh_generate(dctx, pcb);
-        if (!dsa_dh)
+        BN_GENCB_free(pcb);
+        if (dsa_dh == NULL)
             return 0;
         dh = DSA_dup_DH(dsa_dh);
         DSA_free(dsa_dh);
@@ -402,11 +383,13 @@ static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
     }
 #endif
     dh = DH_new();
-    if (!dh)
+    if (dh == NULL) {
+        BN_GENCB_free(pcb);
         return 0;
+    }
     ret = DH_generate_parameters_ex(dh,
                                     dctx->prime_len, dctx->generator, pcb);
-
+    BN_GENCB_free(pcb);
     if (ret)
         EVP_PKEY_assign_DH(pkey, dh);
     else
@@ -416,17 +399,22 @@ static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
 
 static int pkey_dh_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
 {
+    DH_PKEY_CTX *dctx = ctx->data;
     DH *dh = NULL;
-    if (ctx->pkey == NULL) {
+
+    if (ctx->pkey == NULL && dctx->param_nid == 0) {
         DHerr(DH_F_PKEY_DH_KEYGEN, DH_R_NO_PARAMETERS_SET);
         return 0;
     }
-    dh = DH_new();
-    if (!dh)
+    if (dctx->param_nid != 0)
+        dh = DH_new_by_nid(dctx->param_nid);
+    else
+        dh = DH_new();
+    if (dh == NULL)
         return 0;
     EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, dh);
     /* Note: if error return, pkey is freed by parent routine */
-    if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))
+    if (ctx->pkey != NULL && !EVP_PKEY_copy_parameters(pkey, ctx->pkey))
         return 0;
     return DH_generate_key(pkey->pkey.dh);
 }
@@ -449,7 +437,10 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
             *keylen = DH_size(dh);
             return 1;
         }
-        ret = DH_compute_key(key, dhpub, dh);
+        if (dctx->pad)
+            ret = DH_compute_key_padded(key, dhpub, dh);
+        else
+            ret = DH_compute_key(key, dhpub, dh);
         if (ret < 0)
             return ret;
         *keylen = ret;
@@ -457,6 +448,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
     }
 #ifndef OPENSSL_NO_CMS
     else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {
+
         unsigned char *Z = NULL;
         size_t Zlen = 0;
         if (!dctx->kdf_outlen || !dctx->kdf_oid)
@@ -470,7 +462,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
         ret = 0;
         Zlen = DH_size(dh);
         Z = OPENSSL_malloc(Zlen);
-        if (!Z) {
+        if (Z == NULL) {
             goto err;
         }
         if (DH_compute_key_padded(Z, dhpub, dh) <= 0)
@@ -481,10 +473,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
         *keylen = dctx->kdf_outlen;
         ret = 1;
  err:
-        if (Z) {
-            OPENSSL_cleanse(Z, Zlen);
-            OPENSSL_free(Z);
-        }
+        OPENSSL_clear_free(Z, Zlen);
         return ret;
     }
 #endif
diff --git a/freebsd/crypto/openssl/crypto/dh/dh_prn.c b/freebsd/crypto/openssl/crypto/dh/dh_prn.c
index bd7fb695..ce5b0615 100644
--- a/freebsd/crypto/openssl/crypto/dh/dh_prn.c
+++ b/freebsd/crypto/openssl/crypto/dh/dh_prn.c
@@ -1,69 +1,20 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/asn1/t_pkey.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/dh.h>
 
-#ifndef OPENSSL_NO_FP_API
+#ifndef OPENSSL_NO_STDIO
 int DHparams_print_fp(FILE *fp, const DH *x)
 {
     BIO *b;
@@ -71,11 +22,11 @@ int DHparams_print_fp(FILE *fp, const DH *x)
 
     if ((b = BIO_new(BIO_s_file())) == NULL) {
         DHerr(DH_F_DHPARAMS_PRINT_FP, ERR_R_BUF_LIB);
-        return (0);
+        return 0;
     }
     BIO_set_fp(b, fp, BIO_NOCLOSE);
     ret = DHparams_print(b, x);
     BIO_free(b);
-    return (ret);
+    return ret;
 }
 #endif
diff --git a/freebsd/crypto/openssl/crypto/dh/dh_rfc5114.c b/freebsd/crypto/openssl/crypto/dh/dh_rfc5114.c
index 502a7222..43b32392 100644
--- a/freebsd/crypto/openssl/crypto/dh/dh_rfc5114.c
+++ b/freebsd/crypto/openssl/crypto/dh/dh_rfc5114.c
@@ -1,286 +1,42 @@
 #include <machine/rtems-bsd-user-space.h>
 
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2011.
- */
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/dh.h>
+#include "internal/cryptlib.h"
+#include "dh_locl.h"
 #include <openssl/bn.h>
-
-/* DH parameters from RFC5114 */
-
-#if BN_BITS2 == 64
-static const BN_ULONG dh1024_160_p[] = {
-    0xDF1FB2BC2E4A4371ULL, 0xE68CFDA76D4DA708ULL, 0x45BF37DF365C1A65ULL,
-    0xA151AF5F0DC8B4BDULL, 0xFAA31A4FF55BCCC0ULL, 0x4EFFD6FAE5644738ULL,
-    0x98488E9C219A7372ULL, 0xACCBDD7D90C4BD70ULL, 0x24975C3CD49B83BFULL,
-    0x13ECB4AEA9061123ULL, 0x9838EF1E2EE652C0ULL, 0x6073E28675A23D18ULL,
-    0x9A6A9DCA52D23B61ULL, 0x52C99FBCFB06A3C6ULL, 0xDE92DE5EAE5D54ECULL,
-    0xB10B8F96A080E01DULL
-};
-
-static const BN_ULONG dh1024_160_g[] = {
-    0x855E6EEB22B3B2E5ULL, 0x858F4DCEF97C2A24ULL, 0x2D779D5918D08BC8ULL,
-    0xD662A4D18E73AFA3ULL, 0x1DBF0A0169B6A28AULL, 0xA6A24C087A091F53ULL,
-    0x909D0D2263F80A76ULL, 0xD7FBD7D3B9A92EE1ULL, 0x5E91547F9E2749F4ULL,
-    0x160217B4B01B886AULL, 0x777E690F5504F213ULL, 0x266FEA1E5C41564BULL,
-    0xD6406CFF14266D31ULL, 0xF8104DD258AC507FULL, 0x6765A442EFB99905ULL,
-    0xA4D1CBD5C3FD3412ULL
-};
-
-static const BN_ULONG dh1024_160_q[] = {
-    0x64B7CB9D49462353ULL, 0x81A8DF278ABA4E7DULL, 0x00000000F518AA87ULL
-};
-
-static const BN_ULONG dh2048_224_p[] = {
-    0x0AC4DFFE0C10E64FULL, 0xCF9DE5384E71B81CULL, 0x7EF363E2FFA31F71ULL,
-    0xE3FB73C16B8E75B9ULL, 0xC9B53DCF4BA80A29ULL, 0x23F10B0E16E79763ULL,
-    0xC52172E413042E9BULL, 0xBE60E69CC928B2B9ULL, 0x80CD86A1B9E587E8ULL,
-    0x315D75E198C641A4ULL, 0xCDF93ACC44328387ULL, 0x15987D9ADC0A486DULL,
-    0x7310F7121FD5A074ULL, 0x278273C7DE31EFDCULL, 0x1602E714415D9330ULL,
-    0x81286130BC8985DBULL, 0xB3BF8A3170918836ULL, 0x6A00E0A0B9C49708ULL,
-    0xC6BA0B2C8BBC27BEULL, 0xC9F98D11ED34DBF6ULL, 0x7AD5B7D0B6C12207ULL,
-    0xD91E8FEF55B7394BULL, 0x9037C9EDEFDA4DF8ULL, 0x6D3F8152AD6AC212ULL,
-    0x1DE6B85A1274A0A6ULL, 0xEB3D688A309C180EULL, 0xAF9A3C407BA1DF15ULL,
-    0xE6FA141DF95A56DBULL, 0xB54B1597B61D0A75ULL, 0xA20D64E5683B9FD1ULL,
-    0xD660FAA79559C51FULL, 0xAD107E1E9123A9D0ULL
-};
-
-static const BN_ULONG dh2048_224_g[] = {
-    0x84B890D3191F2BFAULL, 0x81BC087F2A7065B3ULL, 0x19C418E1F6EC0179ULL,
-    0x7B5A0F1C71CFFF4CULL, 0xEDFE72FE9B6AA4BDULL, 0x81E1BCFE94B30269ULL,
-    0x566AFBB48D6C0191ULL, 0xB539CCE3409D13CDULL, 0x6AA21E7F5F2FF381ULL,
-    0xD9E263E4770589EFULL, 0x10E183EDD19963DDULL, 0xB70A8137150B8EEBULL,
-    0x051AE3D428C8F8ACULL, 0xBB77A86F0C1AB15BULL, 0x6E3025E316A330EFULL,
-    0x19529A45D6F83456ULL, 0xF180EB34118E98D1ULL, 0xB5F6C6B250717CBEULL,
-    0x09939D54DA7460CDULL, 0xE247150422EA1ED4ULL, 0xB8A762D0521BC98AULL,
-    0xF4D027275AC1348BULL, 0xC17669101999024AULL, 0xBE5E9001A8D66AD7ULL,
-    0xC57DB17C620A8652ULL, 0xAB739D7700C29F52ULL, 0xDD921F01A70C4AFAULL,
-    0xA6824A4E10B9A6F0ULL, 0x74866A08CFE4FFE3ULL, 0x6CDEBE7B89998CAFULL,
-    0x9DF30B5C8FFDAC50ULL, 0xAC4032EF4F2D9AE3ULL
-};
-
-static const BN_ULONG dh2048_224_q[] = {
-    0xBF389A99B36371EBULL, 0x1F80535A4738CEBCULL, 0xC58D93FE99717710ULL,
-    0x00000000801C0D34ULL
-};
-
-static const BN_ULONG dh2048_256_p[] = {
-    0xDB094AE91E1A1597ULL, 0x693877FAD7EF09CAULL, 0x6116D2276E11715FULL,
-    0xA4B54330C198AF12ULL, 0x75F26375D7014103ULL, 0xC3A3960A54E710C3ULL,
-    0xDED4010ABD0BE621ULL, 0xC0B857F689962856ULL, 0xB3CA3F7971506026ULL,
-    0x1CCACB83E6B486F6ULL, 0x67E144E514056425ULL, 0xF6A167B5A41825D9ULL,
-    0x3AD8347796524D8EULL, 0xF13C6D9A51BFA4ABULL, 0x2D52526735488A0EULL,
-    0xB63ACAE1CAA6B790ULL, 0x4FDB70C581B23F76ULL, 0xBC39A0BF12307F5CULL,
-    0xB941F54EB1E59BB8ULL, 0x6C5BFC11D45F9088ULL, 0x22E0B1EF4275BF7BULL,
-    0x91F9E6725B4758C0ULL, 0x5A8A9D306BCF67EDULL, 0x209E0C6497517ABDULL,
-    0x3BF4296D830E9A7CULL, 0x16C3D91134096FAAULL, 0xFAF7DF4561B2AA30ULL,
-    0xE00DF8F1D61957D4ULL, 0x5D2CEED4435E3B00ULL, 0x8CEEF608660DD0F2ULL,
-    0xFFBBD19C65195999ULL, 0x87A8E61DB4B6663CULL
-};
-
-static const BN_ULONG dh2048_256_g[] = {
-    0x664B4C0F6CC41659ULL, 0x5E2327CFEF98C582ULL, 0xD647D148D4795451ULL,
-    0x2F63078490F00EF8ULL, 0x184B523D1DB246C3ULL, 0xC7891428CDC67EB6ULL,
-    0x7FD028370DF92B52ULL, 0xB3353BBB64E0EC37ULL, 0xECD06E1557CD0915ULL,
-    0xB7D2BBD2DF016199ULL, 0xC8484B1E052588B9ULL, 0xDB2A3B7313D3FE14ULL,
-    0xD052B985D182EA0AULL, 0xA4BD1BFFE83B9C80ULL, 0xDFC967C1FB3F2E55ULL,
-    0xB5045AF2767164E1ULL, 0x1D14348F6F2F9193ULL, 0x64E67982428EBC83ULL,
-    0x8AC376D282D6ED38ULL, 0x777DE62AAAB8A862ULL, 0xDDF463E5E9EC144BULL,
-    0x0196F931C77A57F2ULL, 0xA55AE31341000A65ULL, 0x901228F8C28CBB18ULL,
-    0xBC3773BF7E8C6F62ULL, 0xBE3A6C1B0C6B47B1ULL, 0xFF4FED4AAC0BB555ULL,
-    0x10DBC15077BE463FULL, 0x07F4793A1A0BA125ULL, 0x4CA7B18F21EF2054ULL,
-    0x2E77506660EDBD48ULL, 0x3FB32C9B73134D0BULL
-};
-
-static const BN_ULONG dh2048_256_q[] = {
-    0xA308B0FE64F5FBD3ULL, 0x99B1A47D1EB3750BULL, 0xB447997640129DA2ULL,
-    0x8CF83642A709A097ULL
-};
-
-#elif BN_BITS2 == 32
-
-static const BN_ULONG dh1024_160_p[] = {
-    0x2E4A4371, 0xDF1FB2BC, 0x6D4DA708, 0xE68CFDA7, 0x365C1A65, 0x45BF37DF,
-    0x0DC8B4BD, 0xA151AF5F, 0xF55BCCC0, 0xFAA31A4F, 0xE5644738, 0x4EFFD6FA,
-    0x219A7372, 0x98488E9C, 0x90C4BD70, 0xACCBDD7D, 0xD49B83BF, 0x24975C3C,
-    0xA9061123, 0x13ECB4AE, 0x2EE652C0, 0x9838EF1E, 0x75A23D18, 0x6073E286,
-    0x52D23B61, 0x9A6A9DCA, 0xFB06A3C6, 0x52C99FBC, 0xAE5D54EC, 0xDE92DE5E,
-    0xA080E01D, 0xB10B8F96
-};
-
-static const BN_ULONG dh1024_160_g[] = {
-    0x22B3B2E5, 0x855E6EEB, 0xF97C2A24, 0x858F4DCE, 0x18D08BC8, 0x2D779D59,
-    0x8E73AFA3, 0xD662A4D1, 0x69B6A28A, 0x1DBF0A01, 0x7A091F53, 0xA6A24C08,
-    0x63F80A76, 0x909D0D22, 0xB9A92EE1, 0xD7FBD7D3, 0x9E2749F4, 0x5E91547F,
-    0xB01B886A, 0x160217B4, 0x5504F213, 0x777E690F, 0x5C41564B, 0x266FEA1E,
-    0x14266D31, 0xD6406CFF, 0x58AC507F, 0xF8104DD2, 0xEFB99905, 0x6765A442,
-    0xC3FD3412, 0xA4D1CBD5
-};
-
-static const BN_ULONG dh1024_160_q[] = {
-    0x49462353, 0x64B7CB9D, 0x8ABA4E7D, 0x81A8DF27, 0xF518AA87
-};
-
-static const BN_ULONG dh2048_224_p[] = {
-    0x0C10E64F, 0x0AC4DFFE, 0x4E71B81C, 0xCF9DE538, 0xFFA31F71, 0x7EF363E2,
-    0x6B8E75B9, 0xE3FB73C1, 0x4BA80A29, 0xC9B53DCF, 0x16E79763, 0x23F10B0E,
-    0x13042E9B, 0xC52172E4, 0xC928B2B9, 0xBE60E69C, 0xB9E587E8, 0x80CD86A1,
-    0x98C641A4, 0x315D75E1, 0x44328387, 0xCDF93ACC, 0xDC0A486D, 0x15987D9A,
-    0x1FD5A074, 0x7310F712, 0xDE31EFDC, 0x278273C7, 0x415D9330, 0x1602E714,
-    0xBC8985DB, 0x81286130, 0x70918836, 0xB3BF8A31, 0xB9C49708, 0x6A00E0A0,
-    0x8BBC27BE, 0xC6BA0B2C, 0xED34DBF6, 0xC9F98D11, 0xB6C12207, 0x7AD5B7D0,
-    0x55B7394B, 0xD91E8FEF, 0xEFDA4DF8, 0x9037C9ED, 0xAD6AC212, 0x6D3F8152,
-    0x1274A0A6, 0x1DE6B85A, 0x309C180E, 0xEB3D688A, 0x7BA1DF15, 0xAF9A3C40,
-    0xF95A56DB, 0xE6FA141D, 0xB61D0A75, 0xB54B1597, 0x683B9FD1, 0xA20D64E5,
-    0x9559C51F, 0xD660FAA7, 0x9123A9D0, 0xAD107E1E
-};
-
-static const BN_ULONG dh2048_224_g[] = {
-    0x191F2BFA, 0x84B890D3, 0x2A7065B3, 0x81BC087F, 0xF6EC0179, 0x19C418E1,
-    0x71CFFF4C, 0x7B5A0F1C, 0x9B6AA4BD, 0xEDFE72FE, 0x94B30269, 0x81E1BCFE,
-    0x8D6C0191, 0x566AFBB4, 0x409D13CD, 0xB539CCE3, 0x5F2FF381, 0x6AA21E7F,
-    0x770589EF, 0xD9E263E4, 0xD19963DD, 0x10E183ED, 0x150B8EEB, 0xB70A8137,
-    0x28C8F8AC, 0x051AE3D4, 0x0C1AB15B, 0xBB77A86F, 0x16A330EF, 0x6E3025E3,
-    0xD6F83456, 0x19529A45, 0x118E98D1, 0xF180EB34, 0x50717CBE, 0xB5F6C6B2,
-    0xDA7460CD, 0x09939D54, 0x22EA1ED4, 0xE2471504, 0x521BC98A, 0xB8A762D0,
-    0x5AC1348B, 0xF4D02727, 0x1999024A, 0xC1766910, 0xA8D66AD7, 0xBE5E9001,
-    0x620A8652, 0xC57DB17C, 0x00C29F52, 0xAB739D77, 0xA70C4AFA, 0xDD921F01,
-    0x10B9A6F0, 0xA6824A4E, 0xCFE4FFE3, 0x74866A08, 0x89998CAF, 0x6CDEBE7B,
-    0x8FFDAC50, 0x9DF30B5C, 0x4F2D9AE3, 0xAC4032EF
-};
-
-static const BN_ULONG dh2048_224_q[] = {
-    0xB36371EB, 0xBF389A99, 0x4738CEBC, 0x1F80535A, 0x99717710, 0xC58D93FE,
-    0x801C0D34
-};
-
-static const BN_ULONG dh2048_256_p[] = {
-    0x1E1A1597, 0xDB094AE9, 0xD7EF09CA, 0x693877FA, 0x6E11715F, 0x6116D227,
-    0xC198AF12, 0xA4B54330, 0xD7014103, 0x75F26375, 0x54E710C3, 0xC3A3960A,
-    0xBD0BE621, 0xDED4010A, 0x89962856, 0xC0B857F6, 0x71506026, 0xB3CA3F79,
-    0xE6B486F6, 0x1CCACB83, 0x14056425, 0x67E144E5, 0xA41825D9, 0xF6A167B5,
-    0x96524D8E, 0x3AD83477, 0x51BFA4AB, 0xF13C6D9A, 0x35488A0E, 0x2D525267,
-    0xCAA6B790, 0xB63ACAE1, 0x81B23F76, 0x4FDB70C5, 0x12307F5C, 0xBC39A0BF,
-    0xB1E59BB8, 0xB941F54E, 0xD45F9088, 0x6C5BFC11, 0x4275BF7B, 0x22E0B1EF,
-    0x5B4758C0, 0x91F9E672, 0x6BCF67ED, 0x5A8A9D30, 0x97517ABD, 0x209E0C64,
-    0x830E9A7C, 0x3BF4296D, 0x34096FAA, 0x16C3D911, 0x61B2AA30, 0xFAF7DF45,
-    0xD61957D4, 0xE00DF8F1, 0x435E3B00, 0x5D2CEED4, 0x660DD0F2, 0x8CEEF608,
-    0x65195999, 0xFFBBD19C, 0xB4B6663C, 0x87A8E61D
-};
-
-static const BN_ULONG dh2048_256_g[] = {
-    0x6CC41659, 0x664B4C0F, 0xEF98C582, 0x5E2327CF, 0xD4795451, 0xD647D148,
-    0x90F00EF8, 0x2F630784, 0x1DB246C3, 0x184B523D, 0xCDC67EB6, 0xC7891428,
-    0x0DF92B52, 0x7FD02837, 0x64E0EC37, 0xB3353BBB, 0x57CD0915, 0xECD06E15,
-    0xDF016199, 0xB7D2BBD2, 0x052588B9, 0xC8484B1E, 0x13D3FE14, 0xDB2A3B73,
-    0xD182EA0A, 0xD052B985, 0xE83B9C80, 0xA4BD1BFF, 0xFB3F2E55, 0xDFC967C1,
-    0x767164E1, 0xB5045AF2, 0x6F2F9193, 0x1D14348F, 0x428EBC83, 0x64E67982,
-    0x82D6ED38, 0x8AC376D2, 0xAAB8A862, 0x777DE62A, 0xE9EC144B, 0xDDF463E5,
-    0xC77A57F2, 0x0196F931, 0x41000A65, 0xA55AE313, 0xC28CBB18, 0x901228F8,
-    0x7E8C6F62, 0xBC3773BF, 0x0C6B47B1, 0xBE3A6C1B, 0xAC0BB555, 0xFF4FED4A,
-    0x77BE463F, 0x10DBC150, 0x1A0BA125, 0x07F4793A, 0x21EF2054, 0x4CA7B18F,
-    0x60EDBD48, 0x2E775066, 0x73134D0B, 0x3FB32C9B
-};
-
-static const BN_ULONG dh2048_256_q[] = {
-    0x64F5FBD3, 0xA308B0FE, 0x1EB3750B, 0x99B1A47D, 0x40129DA2, 0xB4479976,
-    0xA709A097, 0x8CF83642
-};
-
-#else
-# error "unsupported BN_BITS2"
-#endif
-
-/* Macro to make a BIGNUM from static data */
-
-#define make_dh_bn(x) static const BIGNUM _bignum_##x = { (BN_ULONG *) x, \
-                        sizeof(x)/sizeof(BN_ULONG),\
-                        sizeof(x)/sizeof(BN_ULONG),\
-                        0, BN_FLG_STATIC_DATA }
+#include "internal/bn_dh.h"
 
 /*
  * Macro to make a DH structure from BIGNUM data. NB: although just copying
- * the BIGNUM static pointers would be more efficient we can't as they get
- * wiped using BN_clear_free() when DH_free() is called.
+ * the BIGNUM static pointers would be more efficient, we can't do that
+ * because they get wiped using BN_clear_free() when DH_free() is called.
  */
 
 #define make_dh(x) \
-DH * DH_get_##x(void) \
-        { \
-        DH *dh; \
-        make_dh_bn(dh##x##_p); \
-        make_dh_bn(dh##x##_q); \
-        make_dh_bn(dh##x##_g); \
-        dh = DH_new(); \
-        if (!dh) \
-                return NULL; \
-        dh->p = BN_dup(&_bignum_dh##x##_p); \
-        dh->g = BN_dup(&_bignum_dh##x##_g); \
-        dh->q = BN_dup(&_bignum_dh##x##_q); \
-        if (!dh->p || !dh->q || !dh->g) \
-                { \
-                DH_free(dh); \
-                return NULL; \
-                } \
-        return dh; \
-        }
+DH *DH_get_##x(void) \
+{ \
+    DH *dh = DH_new(); \
+\
+    if (dh == NULL) \
+        return NULL; \
+    dh->p = BN_dup(&_bignum_dh##x##_p); \
+    dh->g = BN_dup(&_bignum_dh##x##_g); \
+    dh->q = BN_dup(&_bignum_dh##x##_q); \
+    if (dh->p == NULL || dh->q == NULL || dh->g == NULL) {\
+        DH_free(dh); \
+        return NULL; \
+    } \
+    return dh; \
+}
 
 make_dh(1024_160)
 make_dh(2048_224)
diff --git a/freebsd/crypto/openssl/crypto/dh/dh_rfc7919.c b/freebsd/crypto/openssl/crypto/dh/dh_rfc7919.c
new file mode 100644
index 00000000..3cfb991b
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/dh/dh_rfc7919.c
@@ -0,0 +1,76 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "dh_locl.h"
+#include <openssl/bn.h>
+#include <openssl/objects.h>
+#include "internal/bn_dh.h"
+
+static DH *dh_param_init(const BIGNUM *p, int32_t nbits)
+{
+    DH *dh = DH_new();
+    if (dh == NULL)
+        return NULL;
+    dh->p = (BIGNUM *)p;
+    dh->g = (BIGNUM *)&_bignum_const_2;
+    dh->length = nbits;
+    return dh;
+}
+
+DH *DH_new_by_nid(int nid)
+{
+    switch (nid) {
+    case NID_ffdhe2048:
+        return dh_param_init(&_bignum_ffdhe2048_p, 225);
+    case NID_ffdhe3072:
+        return dh_param_init(&_bignum_ffdhe3072_p, 275);
+    case NID_ffdhe4096:
+        return dh_param_init(&_bignum_ffdhe4096_p, 325);
+    case NID_ffdhe6144:
+        return dh_param_init(&_bignum_ffdhe6144_p, 375);
+    case NID_ffdhe8192:
+        return dh_param_init(&_bignum_ffdhe8192_p, 400);
+    default:
+        DHerr(DH_F_DH_NEW_BY_NID, DH_R_INVALID_PARAMETER_NID);
+        return NULL;
+    }
+}
+
+int DH_get_nid(const DH *dh)
+{
+    int nid;
+
+    if (BN_get_word(dh->g) != 2)
+        return NID_undef;
+    if (!BN_cmp(dh->p, &_bignum_ffdhe2048_p))
+        nid = NID_ffdhe2048;
+    else if (!BN_cmp(dh->p, &_bignum_ffdhe3072_p))
+        nid = NID_ffdhe3072;
+    else if (!BN_cmp(dh->p, &_bignum_ffdhe4096_p))
+        nid = NID_ffdhe4096;
+    else if (!BN_cmp(dh->p, &_bignum_ffdhe6144_p))
+        nid = NID_ffdhe6144;
+    else if (!BN_cmp(dh->p, &_bignum_ffdhe8192_p))
+        nid = NID_ffdhe8192;
+    else
+        return NID_undef;
+    if (dh->q != NULL) {
+        BIGNUM *q = BN_dup(dh->p);
+
+        /* Check q = p * 2 + 1 we already know q is odd, so just shift right */
+        if (q == NULL || !BN_rshift1(q, q) || !BN_cmp(dh->q, q))
+            nid = NID_undef;
+        BN_free(q);
+    }
+    return nid;
+}
diff --git a/freebsd/crypto/openssl/crypto/dh/dhtest.c b/freebsd/crypto/openssl/crypto/dh/dhtest.c
deleted file mode 100644
index 747d7e2f..00000000
--- a/freebsd/crypto/openssl/crypto/dh/dhtest.c
+++ /dev/null
@@ -1,645 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/dh/dhtest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/*
- * Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code
- */
-#ifdef OPENSSL_NO_DEPRECATED
-# undef OPENSSL_NO_DEPRECATED
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "../e_os.h"
-
-#include <openssl/crypto.h>
-#include <openssl/bio.h>
-#include <openssl/bn.h>
-#include <openssl/rand.h>
-#include <openssl/err.h>
-
-#ifdef OPENSSL_NO_DH
-int main(int argc, char *argv[])
-{
-    printf("No DH support\n");
-    return (0);
-}
-#else
-# include <openssl/dh.h>
-
-# ifdef OPENSSL_SYS_WIN16
-#  define MS_CALLBACK     _far _loadds
-# else
-#  define MS_CALLBACK
-# endif
-
-static int MS_CALLBACK cb(int p, int n, BN_GENCB *arg);
-
-static const char rnd_seed[] =
-    "string to make the random number generator think it has entropy";
-
-static int run_rfc5114_tests(void);
-
-int main(int argc, char *argv[])
-{
-    BN_GENCB _cb;
-    DH *a;
-    DH *b = NULL;
-    char buf[12];
-    unsigned char *abuf = NULL, *bbuf = NULL;
-    int i, alen, blen, aout, bout, ret = 1;
-    BIO *out;
-
-    CRYPTO_malloc_debug_init();
-    CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
-    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
-# ifdef OPENSSL_SYS_WIN32
-    CRYPTO_malloc_init();
-# endif
-
-    RAND_seed(rnd_seed, sizeof(rnd_seed));
-
-    out = BIO_new(BIO_s_file());
-    if (out == NULL)
-        EXIT(1);
-    BIO_set_fp(out, stdout, BIO_NOCLOSE);
-
-    BN_GENCB_set(&_cb, &cb, out);
-    if (((a = DH_new()) == NULL) || !DH_generate_parameters_ex(a, 64,
-                                                               DH_GENERATOR_5,
-                                                               &_cb))
-        goto err;
-
-    if (!DH_check(a, &i))
-        goto err;
-    if (i & DH_CHECK_P_NOT_PRIME)
-        BIO_puts(out, "p value is not prime\n");
-    if (i & DH_CHECK_P_NOT_SAFE_PRIME)
-        BIO_puts(out, "p value is not a safe prime\n");
-    if (i & DH_UNABLE_TO_CHECK_GENERATOR)
-        BIO_puts(out, "unable to check the generator value\n");
-    if (i & DH_NOT_SUITABLE_GENERATOR)
-        BIO_puts(out, "the g value is not a generator\n");
-
-    BIO_puts(out, "\np    =");
-    BN_print(out, a->p);
-    BIO_puts(out, "\ng    =");
-    BN_print(out, a->g);
-    BIO_puts(out, "\n");
-
-    b = DH_new();
-    if (b == NULL)
-        goto err;
-
-    b->p = BN_dup(a->p);
-    b->g = BN_dup(a->g);
-    if ((b->p == NULL) || (b->g == NULL))
-        goto err;
-
-    /* Set a to run with normal modexp and b to use constant time */
-    a->flags &= ~DH_FLAG_NO_EXP_CONSTTIME;
-    b->flags |= DH_FLAG_NO_EXP_CONSTTIME;
-
-    if (!DH_generate_key(a))
-        goto err;
-    BIO_puts(out, "pri 1=");
-    BN_print(out, a->priv_key);
-    BIO_puts(out, "\npub 1=");
-    BN_print(out, a->pub_key);
-    BIO_puts(out, "\n");
-
-    if (!DH_generate_key(b))
-        goto err;
-    BIO_puts(out, "pri 2=");
-    BN_print(out, b->priv_key);
-    BIO_puts(out, "\npub 2=");
-    BN_print(out, b->pub_key);
-    BIO_puts(out, "\n");
-
-    alen = DH_size(a);
-    abuf = (unsigned char *)OPENSSL_malloc(alen);
-    aout = DH_compute_key(abuf, b->pub_key, a);
-
-    BIO_puts(out, "key1 =");
-    for (i = 0; i < aout; i++) {
-        sprintf(buf, "%02X", abuf[i]);
-        BIO_puts(out, buf);
-    }
-    BIO_puts(out, "\n");
-
-    blen = DH_size(b);
-    bbuf = (unsigned char *)OPENSSL_malloc(blen);
-    bout = DH_compute_key(bbuf, a->pub_key, b);
-
-    BIO_puts(out, "key2 =");
-    for (i = 0; i < bout; i++) {
-        sprintf(buf, "%02X", bbuf[i]);
-        BIO_puts(out, buf);
-    }
-    BIO_puts(out, "\n");
-    if ((aout < 4) || (bout != aout) || (memcmp(abuf, bbuf, aout) != 0)) {
-        fprintf(stderr, "Error in DH routines\n");
-        ret = 1;
-    } else
-        ret = 0;
-    if (!run_rfc5114_tests())
-        ret = 1;
- err:
-    ERR_print_errors_fp(stderr);
-
-    if (abuf != NULL)
-        OPENSSL_free(abuf);
-    if (bbuf != NULL)
-        OPENSSL_free(bbuf);
-    if (b != NULL)
-        DH_free(b);
-    if (a != NULL)
-        DH_free(a);
-    BIO_free(out);
-# ifdef OPENSSL_SYS_NETWARE
-    if (ret)
-        printf("ERROR: %d\n", ret);
-# endif
-    EXIT(ret);
-    return (ret);
-}
-
-static int MS_CALLBACK cb(int p, int n, BN_GENCB *arg)
-{
-    char c = '*';
-
-    if (p == 0)
-        c = '.';
-    if (p == 1)
-        c = '+';
-    if (p == 2)
-        c = '*';
-    if (p == 3)
-        c = '\n';
-    BIO_write(arg->arg, &c, 1);
-    (void)BIO_flush(arg->arg);
-# ifdef LINT
-    p = n;
-# endif
-    return 1;
-}
-
-/* Test data from RFC 5114 */
-
-static const unsigned char dhtest_1024_160_xA[] = {
-    0xB9, 0xA3, 0xB3, 0xAE, 0x8F, 0xEF, 0xC1, 0xA2, 0x93, 0x04, 0x96, 0x50,
-    0x70, 0x86, 0xF8, 0x45, 0x5D, 0x48, 0x94, 0x3E
-};
-
-static const unsigned char dhtest_1024_160_yA[] = {
-    0x2A, 0x85, 0x3B, 0x3D, 0x92, 0x19, 0x75, 0x01, 0xB9, 0x01, 0x5B, 0x2D,
-    0xEB, 0x3E, 0xD8, 0x4F, 0x5E, 0x02, 0x1D, 0xCC, 0x3E, 0x52, 0xF1, 0x09,
-    0xD3, 0x27, 0x3D, 0x2B, 0x75, 0x21, 0x28, 0x1C, 0xBA, 0xBE, 0x0E, 0x76,
-    0xFF, 0x57, 0x27, 0xFA, 0x8A, 0xCC, 0xE2, 0x69, 0x56, 0xBA, 0x9A, 0x1F,
-    0xCA, 0x26, 0xF2, 0x02, 0x28, 0xD8, 0x69, 0x3F, 0xEB, 0x10, 0x84, 0x1D,
-    0x84, 0xA7, 0x36, 0x00, 0x54, 0xEC, 0xE5, 0xA7, 0xF5, 0xB7, 0xA6, 0x1A,
-    0xD3, 0xDF, 0xB3, 0xC6, 0x0D, 0x2E, 0x43, 0x10, 0x6D, 0x87, 0x27, 0xDA,
-    0x37, 0xDF, 0x9C, 0xCE, 0x95, 0xB4, 0x78, 0x75, 0x5D, 0x06, 0xBC, 0xEA,
-    0x8F, 0x9D, 0x45, 0x96, 0x5F, 0x75, 0xA5, 0xF3, 0xD1, 0xDF, 0x37, 0x01,
-    0x16, 0x5F, 0xC9, 0xE5, 0x0C, 0x42, 0x79, 0xCE, 0xB0, 0x7F, 0x98, 0x95,
-    0x40, 0xAE, 0x96, 0xD5, 0xD8, 0x8E, 0xD7, 0x76
-};
-
-static const unsigned char dhtest_1024_160_xB[] = {
-    0x93, 0x92, 0xC9, 0xF9, 0xEB, 0x6A, 0x7A, 0x6A, 0x90, 0x22, 0xF7, 0xD8,
-    0x3E, 0x72, 0x23, 0xC6, 0x83, 0x5B, 0xBD, 0xDA
-};
-
-static const unsigned char dhtest_1024_160_yB[] = {
-    0x71, 0x7A, 0x6C, 0xB0, 0x53, 0x37, 0x1F, 0xF4, 0xA3, 0xB9, 0x32, 0x94,
-    0x1C, 0x1E, 0x56, 0x63, 0xF8, 0x61, 0xA1, 0xD6, 0xAD, 0x34, 0xAE, 0x66,
-    0x57, 0x6D, 0xFB, 0x98, 0xF6, 0xC6, 0xCB, 0xF9, 0xDD, 0xD5, 0xA5, 0x6C,
-    0x78, 0x33, 0xF6, 0xBC, 0xFD, 0xFF, 0x09, 0x55, 0x82, 0xAD, 0x86, 0x8E,
-    0x44, 0x0E, 0x8D, 0x09, 0xFD, 0x76, 0x9E, 0x3C, 0xEC, 0xCD, 0xC3, 0xD3,
-    0xB1, 0xE4, 0xCF, 0xA0, 0x57, 0x77, 0x6C, 0xAA, 0xF9, 0x73, 0x9B, 0x6A,
-    0x9F, 0xEE, 0x8E, 0x74, 0x11, 0xF8, 0xD6, 0xDA, 0xC0, 0x9D, 0x6A, 0x4E,
-    0xDB, 0x46, 0xCC, 0x2B, 0x5D, 0x52, 0x03, 0x09, 0x0E, 0xAE, 0x61, 0x26,
-    0x31, 0x1E, 0x53, 0xFD, 0x2C, 0x14, 0xB5, 0x74, 0xE6, 0xA3, 0x10, 0x9A,
-    0x3D, 0xA1, 0xBE, 0x41, 0xBD, 0xCE, 0xAA, 0x18, 0x6F, 0x5C, 0xE0, 0x67,
-    0x16, 0xA2, 0xB6, 0xA0, 0x7B, 0x3C, 0x33, 0xFE
-};
-
-static const unsigned char dhtest_1024_160_Z[] = {
-    0x5C, 0x80, 0x4F, 0x45, 0x4D, 0x30, 0xD9, 0xC4, 0xDF, 0x85, 0x27, 0x1F,
-    0x93, 0x52, 0x8C, 0x91, 0xDF, 0x6B, 0x48, 0xAB, 0x5F, 0x80, 0xB3, 0xB5,
-    0x9C, 0xAA, 0xC1, 0xB2, 0x8F, 0x8A, 0xCB, 0xA9, 0xCD, 0x3E, 0x39, 0xF3,
-    0xCB, 0x61, 0x45, 0x25, 0xD9, 0x52, 0x1D, 0x2E, 0x64, 0x4C, 0x53, 0xB8,
-    0x07, 0xB8, 0x10, 0xF3, 0x40, 0x06, 0x2F, 0x25, 0x7D, 0x7D, 0x6F, 0xBF,
-    0xE8, 0xD5, 0xE8, 0xF0, 0x72, 0xE9, 0xB6, 0xE9, 0xAF, 0xDA, 0x94, 0x13,
-    0xEA, 0xFB, 0x2E, 0x8B, 0x06, 0x99, 0xB1, 0xFB, 0x5A, 0x0C, 0xAC, 0xED,
-    0xDE, 0xAE, 0xAD, 0x7E, 0x9C, 0xFB, 0xB3, 0x6A, 0xE2, 0xB4, 0x20, 0x83,
-    0x5B, 0xD8, 0x3A, 0x19, 0xFB, 0x0B, 0x5E, 0x96, 0xBF, 0x8F, 0xA4, 0xD0,
-    0x9E, 0x34, 0x55, 0x25, 0x16, 0x7E, 0xCD, 0x91, 0x55, 0x41, 0x6F, 0x46,
-    0xF4, 0x08, 0xED, 0x31, 0xB6, 0x3C, 0x6E, 0x6D
-};
-
-static const unsigned char dhtest_2048_224_xA[] = {
-    0x22, 0xE6, 0x26, 0x01, 0xDB, 0xFF, 0xD0, 0x67, 0x08, 0xA6, 0x80, 0xF7,
-    0x47, 0xF3, 0x61, 0xF7, 0x6D, 0x8F, 0x4F, 0x72, 0x1A, 0x05, 0x48, 0xE4,
-    0x83, 0x29, 0x4B, 0x0C
-};
-
-static const unsigned char dhtest_2048_224_yA[] = {
-    0x1B, 0x3A, 0x63, 0x45, 0x1B, 0xD8, 0x86, 0xE6, 0x99, 0xE6, 0x7B, 0x49,
-    0x4E, 0x28, 0x8B, 0xD7, 0xF8, 0xE0, 0xD3, 0x70, 0xBA, 0xDD, 0xA7, 0xA0,
-    0xEF, 0xD2, 0xFD, 0xE7, 0xD8, 0xF6, 0x61, 0x45, 0xCC, 0x9F, 0x28, 0x04,
-    0x19, 0x97, 0x5E, 0xB8, 0x08, 0x87, 0x7C, 0x8A, 0x4C, 0x0C, 0x8E, 0x0B,
-    0xD4, 0x8D, 0x4A, 0x54, 0x01, 0xEB, 0x1E, 0x87, 0x76, 0xBF, 0xEE, 0xE1,
-    0x34, 0xC0, 0x38, 0x31, 0xAC, 0x27, 0x3C, 0xD9, 0xD6, 0x35, 0xAB, 0x0C,
-    0xE0, 0x06, 0xA4, 0x2A, 0x88, 0x7E, 0x3F, 0x52, 0xFB, 0x87, 0x66, 0xB6,
-    0x50, 0xF3, 0x80, 0x78, 0xBC, 0x8E, 0xE8, 0x58, 0x0C, 0xEF, 0xE2, 0x43,
-    0x96, 0x8C, 0xFC, 0x4F, 0x8D, 0xC3, 0xDB, 0x08, 0x45, 0x54, 0x17, 0x1D,
-    0x41, 0xBF, 0x2E, 0x86, 0x1B, 0x7B, 0xB4, 0xD6, 0x9D, 0xD0, 0xE0, 0x1E,
-    0xA3, 0x87, 0xCB, 0xAA, 0x5C, 0xA6, 0x72, 0xAF, 0xCB, 0xE8, 0xBD, 0xB9,
-    0xD6, 0x2D, 0x4C, 0xE1, 0x5F, 0x17, 0xDD, 0x36, 0xF9, 0x1E, 0xD1, 0xEE,
-    0xDD, 0x65, 0xCA, 0x4A, 0x06, 0x45, 0x5C, 0xB9, 0x4C, 0xD4, 0x0A, 0x52,
-    0xEC, 0x36, 0x0E, 0x84, 0xB3, 0xC9, 0x26, 0xE2, 0x2C, 0x43, 0x80, 0xA3,
-    0xBF, 0x30, 0x9D, 0x56, 0x84, 0x97, 0x68, 0xB7, 0xF5, 0x2C, 0xFD, 0xF6,
-    0x55, 0xFD, 0x05, 0x3A, 0x7E, 0xF7, 0x06, 0x97, 0x9E, 0x7E, 0x58, 0x06,
-    0xB1, 0x7D, 0xFA, 0xE5, 0x3A, 0xD2, 0xA5, 0xBC, 0x56, 0x8E, 0xBB, 0x52,
-    0x9A, 0x7A, 0x61, 0xD6, 0x8D, 0x25, 0x6F, 0x8F, 0xC9, 0x7C, 0x07, 0x4A,
-    0x86, 0x1D, 0x82, 0x7E, 0x2E, 0xBC, 0x8C, 0x61, 0x34, 0x55, 0x31, 0x15,
-    0xB7, 0x0E, 0x71, 0x03, 0x92, 0x0A, 0xA1, 0x6D, 0x85, 0xE5, 0x2B, 0xCB,
-    0xAB, 0x8D, 0x78, 0x6A, 0x68, 0x17, 0x8F, 0xA8, 0xFF, 0x7C, 0x2F, 0x5C,
-    0x71, 0x64, 0x8D, 0x6F
-};
-
-static const unsigned char dhtest_2048_224_xB[] = {
-    0x4F, 0xF3, 0xBC, 0x96, 0xC7, 0xFC, 0x6A, 0x6D, 0x71, 0xD3, 0xB3, 0x63,
-    0x80, 0x0A, 0x7C, 0xDF, 0xEF, 0x6F, 0xC4, 0x1B, 0x44, 0x17, 0xEA, 0x15,
-    0x35, 0x3B, 0x75, 0x90
-};
-
-static const unsigned char dhtest_2048_224_yB[] = {
-    0x4D, 0xCE, 0xE9, 0x92, 0xA9, 0x76, 0x2A, 0x13, 0xF2, 0xF8, 0x38, 0x44,
-    0xAD, 0x3D, 0x77, 0xEE, 0x0E, 0x31, 0xC9, 0x71, 0x8B, 0x3D, 0xB6, 0xC2,
-    0x03, 0x5D, 0x39, 0x61, 0x18, 0x2C, 0x3E, 0x0B, 0xA2, 0x47, 0xEC, 0x41,
-    0x82, 0xD7, 0x60, 0xCD, 0x48, 0xD9, 0x95, 0x99, 0x97, 0x06, 0x22, 0xA1,
-    0x88, 0x1B, 0xBA, 0x2D, 0xC8, 0x22, 0x93, 0x9C, 0x78, 0xC3, 0x91, 0x2C,
-    0x66, 0x61, 0xFA, 0x54, 0x38, 0xB2, 0x07, 0x66, 0x22, 0x2B, 0x75, 0xE2,
-    0x4C, 0x2E, 0x3A, 0xD0, 0xC7, 0x28, 0x72, 0x36, 0x12, 0x95, 0x25, 0xEE,
-    0x15, 0xB5, 0xDD, 0x79, 0x98, 0xAA, 0x04, 0xC4, 0xA9, 0x69, 0x6C, 0xAC,
-    0xD7, 0x17, 0x20, 0x83, 0xA9, 0x7A, 0x81, 0x66, 0x4E, 0xAD, 0x2C, 0x47,
-    0x9E, 0x44, 0x4E, 0x4C, 0x06, 0x54, 0xCC, 0x19, 0xE2, 0x8D, 0x77, 0x03,
-    0xCE, 0xE8, 0xDA, 0xCD, 0x61, 0x26, 0xF5, 0xD6, 0x65, 0xEC, 0x52, 0xC6,
-    0x72, 0x55, 0xDB, 0x92, 0x01, 0x4B, 0x03, 0x7E, 0xB6, 0x21, 0xA2, 0xAC,
-    0x8E, 0x36, 0x5D, 0xE0, 0x71, 0xFF, 0xC1, 0x40, 0x0A, 0xCF, 0x07, 0x7A,
-    0x12, 0x91, 0x3D, 0xD8, 0xDE, 0x89, 0x47, 0x34, 0x37, 0xAB, 0x7B, 0xA3,
-    0x46, 0x74, 0x3C, 0x1B, 0x21, 0x5D, 0xD9, 0xC1, 0x21, 0x64, 0xA7, 0xE4,
-    0x05, 0x31, 0x18, 0xD1, 0x99, 0xBE, 0xC8, 0xEF, 0x6F, 0xC5, 0x61, 0x17,
-    0x0C, 0x84, 0xC8, 0x7D, 0x10, 0xEE, 0x9A, 0x67, 0x4A, 0x1F, 0xA8, 0xFF,
-    0xE1, 0x3B, 0xDF, 0xBA, 0x1D, 0x44, 0xDE, 0x48, 0x94, 0x6D, 0x68, 0xDC,
-    0x0C, 0xDD, 0x77, 0x76, 0x35, 0xA7, 0xAB, 0x5B, 0xFB, 0x1E, 0x4B, 0xB7,
-    0xB8, 0x56, 0xF9, 0x68, 0x27, 0x73, 0x4C, 0x18, 0x41, 0x38, 0xE9, 0x15,
-    0xD9, 0xC3, 0x00, 0x2E, 0xBC, 0xE5, 0x31, 0x20, 0x54, 0x6A, 0x7E, 0x20,
-    0x02, 0x14, 0x2B, 0x6C
-};
-
-static const unsigned char dhtest_2048_224_Z[] = {
-    0x34, 0xD9, 0xBD, 0xDC, 0x1B, 0x42, 0x17, 0x6C, 0x31, 0x3F, 0xEA, 0x03,
-    0x4C, 0x21, 0x03, 0x4D, 0x07, 0x4A, 0x63, 0x13, 0xBB, 0x4E, 0xCD, 0xB3,
-    0x70, 0x3F, 0xFF, 0x42, 0x45, 0x67, 0xA4, 0x6B, 0xDF, 0x75, 0x53, 0x0E,
-    0xDE, 0x0A, 0x9D, 0xA5, 0x22, 0x9D, 0xE7, 0xD7, 0x67, 0x32, 0x28, 0x6C,
-    0xBC, 0x0F, 0x91, 0xDA, 0x4C, 0x3C, 0x85, 0x2F, 0xC0, 0x99, 0xC6, 0x79,
-    0x53, 0x1D, 0x94, 0xC7, 0x8A, 0xB0, 0x3D, 0x9D, 0xEC, 0xB0, 0xA4, 0xE4,
-    0xCA, 0x8B, 0x2B, 0xB4, 0x59, 0x1C, 0x40, 0x21, 0xCF, 0x8C, 0xE3, 0xA2,
-    0x0A, 0x54, 0x1D, 0x33, 0x99, 0x40, 0x17, 0xD0, 0x20, 0x0A, 0xE2, 0xC9,
-    0x51, 0x6E, 0x2F, 0xF5, 0x14, 0x57, 0x79, 0x26, 0x9E, 0x86, 0x2B, 0x0F,
-    0xB4, 0x74, 0xA2, 0xD5, 0x6D, 0xC3, 0x1E, 0xD5, 0x69, 0xA7, 0x70, 0x0B,
-    0x4C, 0x4A, 0xB1, 0x6B, 0x22, 0xA4, 0x55, 0x13, 0x53, 0x1E, 0xF5, 0x23,
-    0xD7, 0x12, 0x12, 0x07, 0x7B, 0x5A, 0x16, 0x9B, 0xDE, 0xFF, 0xAD, 0x7A,
-    0xD9, 0x60, 0x82, 0x84, 0xC7, 0x79, 0x5B, 0x6D, 0x5A, 0x51, 0x83, 0xB8,
-    0x70, 0x66, 0xDE, 0x17, 0xD8, 0xD6, 0x71, 0xC9, 0xEB, 0xD8, 0xEC, 0x89,
-    0x54, 0x4D, 0x45, 0xEC, 0x06, 0x15, 0x93, 0xD4, 0x42, 0xC6, 0x2A, 0xB9,
-    0xCE, 0x3B, 0x1C, 0xB9, 0x94, 0x3A, 0x1D, 0x23, 0xA5, 0xEA, 0x3B, 0xCF,
-    0x21, 0xA0, 0x14, 0x71, 0xE6, 0x7E, 0x00, 0x3E, 0x7F, 0x8A, 0x69, 0xC7,
-    0x28, 0xBE, 0x49, 0x0B, 0x2F, 0xC8, 0x8C, 0xFE, 0xB9, 0x2D, 0xB6, 0xA2,
-    0x15, 0xE5, 0xD0, 0x3C, 0x17, 0xC4, 0x64, 0xC9, 0xAC, 0x1A, 0x46, 0xE2,
-    0x03, 0xE1, 0x3F, 0x95, 0x29, 0x95, 0xFB, 0x03, 0xC6, 0x9D, 0x3C, 0xC4,
-    0x7F, 0xCB, 0x51, 0x0B, 0x69, 0x98, 0xFF, 0xD3, 0xAA, 0x6D, 0xE7, 0x3C,
-    0xF9, 0xF6, 0x38, 0x69
-};
-
-static const unsigned char dhtest_2048_256_xA[] = {
-    0x08, 0x81, 0x38, 0x2C, 0xDB, 0x87, 0x66, 0x0C, 0x6D, 0xC1, 0x3E, 0x61,
-    0x49, 0x38, 0xD5, 0xB9, 0xC8, 0xB2, 0xF2, 0x48, 0x58, 0x1C, 0xC5, 0xE3,
-    0x1B, 0x35, 0x45, 0x43, 0x97, 0xFC, 0xE5, 0x0E
-};
-
-static const unsigned char dhtest_2048_256_yA[] = {
-    0x2E, 0x93, 0x80, 0xC8, 0x32, 0x3A, 0xF9, 0x75, 0x45, 0xBC, 0x49, 0x41,
-    0xDE, 0xB0, 0xEC, 0x37, 0x42, 0xC6, 0x2F, 0xE0, 0xEC, 0xE8, 0x24, 0xA6,
-    0xAB, 0xDB, 0xE6, 0x6C, 0x59, 0xBE, 0xE0, 0x24, 0x29, 0x11, 0xBF, 0xB9,
-    0x67, 0x23, 0x5C, 0xEB, 0xA3, 0x5A, 0xE1, 0x3E, 0x4E, 0xC7, 0x52, 0xBE,
-    0x63, 0x0B, 0x92, 0xDC, 0x4B, 0xDE, 0x28, 0x47, 0xA9, 0xC6, 0x2C, 0xB8,
-    0x15, 0x27, 0x45, 0x42, 0x1F, 0xB7, 0xEB, 0x60, 0xA6, 0x3C, 0x0F, 0xE9,
-    0x15, 0x9F, 0xCC, 0xE7, 0x26, 0xCE, 0x7C, 0xD8, 0x52, 0x3D, 0x74, 0x50,
-    0x66, 0x7E, 0xF8, 0x40, 0xE4, 0x91, 0x91, 0x21, 0xEB, 0x5F, 0x01, 0xC8,
-    0xC9, 0xB0, 0xD3, 0xD6, 0x48, 0xA9, 0x3B, 0xFB, 0x75, 0x68, 0x9E, 0x82,
-    0x44, 0xAC, 0x13, 0x4A, 0xF5, 0x44, 0x71, 0x1C, 0xE7, 0x9A, 0x02, 0xDC,
-    0xC3, 0x42, 0x26, 0x68, 0x47, 0x80, 0xDD, 0xDC, 0xB4, 0x98, 0x59, 0x41,
-    0x06, 0xC3, 0x7F, 0x5B, 0xC7, 0x98, 0x56, 0x48, 0x7A, 0xF5, 0xAB, 0x02,
-    0x2A, 0x2E, 0x5E, 0x42, 0xF0, 0x98, 0x97, 0xC1, 0xA8, 0x5A, 0x11, 0xEA,
-    0x02, 0x12, 0xAF, 0x04, 0xD9, 0xB4, 0xCE, 0xBC, 0x93, 0x7C, 0x3C, 0x1A,
-    0x3E, 0x15, 0xA8, 0xA0, 0x34, 0x2E, 0x33, 0x76, 0x15, 0xC8, 0x4E, 0x7F,
-    0xE3, 0xB8, 0xB9, 0xB8, 0x7F, 0xB1, 0xE7, 0x3A, 0x15, 0xAF, 0x12, 0xA3,
-    0x0D, 0x74, 0x6E, 0x06, 0xDF, 0xC3, 0x4F, 0x29, 0x0D, 0x79, 0x7C, 0xE5,
-    0x1A, 0xA1, 0x3A, 0xA7, 0x85, 0xBF, 0x66, 0x58, 0xAF, 0xF5, 0xE4, 0xB0,
-    0x93, 0x00, 0x3C, 0xBE, 0xAF, 0x66, 0x5B, 0x3C, 0x2E, 0x11, 0x3A, 0x3A,
-    0x4E, 0x90, 0x52, 0x69, 0x34, 0x1D, 0xC0, 0x71, 0x14, 0x26, 0x68, 0x5F,
-    0x4E, 0xF3, 0x7E, 0x86, 0x8A, 0x81, 0x26, 0xFF, 0x3F, 0x22, 0x79, 0xB5,
-    0x7C, 0xA6, 0x7E, 0x29
-};
-
-static const unsigned char dhtest_2048_256_xB[] = {
-    0x7D, 0x62, 0xA7, 0xE3, 0xEF, 0x36, 0xDE, 0x61, 0x7B, 0x13, 0xD1, 0xAF,
-    0xB8, 0x2C, 0x78, 0x0D, 0x83, 0xA2, 0x3B, 0xD4, 0xEE, 0x67, 0x05, 0x64,
-    0x51, 0x21, 0xF3, 0x71, 0xF5, 0x46, 0xA5, 0x3D
-};
-
-static const unsigned char dhtest_2048_256_yB[] = {
-    0x57, 0x5F, 0x03, 0x51, 0xBD, 0x2B, 0x1B, 0x81, 0x74, 0x48, 0xBD, 0xF8,
-    0x7A, 0x6C, 0x36, 0x2C, 0x1E, 0x28, 0x9D, 0x39, 0x03, 0xA3, 0x0B, 0x98,
-    0x32, 0xC5, 0x74, 0x1F, 0xA2, 0x50, 0x36, 0x3E, 0x7A, 0xCB, 0xC7, 0xF7,
-    0x7F, 0x3D, 0xAC, 0xBC, 0x1F, 0x13, 0x1A, 0xDD, 0x8E, 0x03, 0x36, 0x7E,
-    0xFF, 0x8F, 0xBB, 0xB3, 0xE1, 0xC5, 0x78, 0x44, 0x24, 0x80, 0x9B, 0x25,
-    0xAF, 0xE4, 0xD2, 0x26, 0x2A, 0x1A, 0x6F, 0xD2, 0xFA, 0xB6, 0x41, 0x05,
-    0xCA, 0x30, 0xA6, 0x74, 0xE0, 0x7F, 0x78, 0x09, 0x85, 0x20, 0x88, 0x63,
-    0x2F, 0xC0, 0x49, 0x23, 0x37, 0x91, 0xAD, 0x4E, 0xDD, 0x08, 0x3A, 0x97,
-    0x8B, 0x88, 0x3E, 0xE6, 0x18, 0xBC, 0x5E, 0x0D, 0xD0, 0x47, 0x41, 0x5F,
-    0x2D, 0x95, 0xE6, 0x83, 0xCF, 0x14, 0x82, 0x6B, 0x5F, 0xBE, 0x10, 0xD3,
-    0xCE, 0x41, 0xC6, 0xC1, 0x20, 0xC7, 0x8A, 0xB2, 0x00, 0x08, 0xC6, 0x98,
-    0xBF, 0x7F, 0x0B, 0xCA, 0xB9, 0xD7, 0xF4, 0x07, 0xBE, 0xD0, 0xF4, 0x3A,
-    0xFB, 0x29, 0x70, 0xF5, 0x7F, 0x8D, 0x12, 0x04, 0x39, 0x63, 0xE6, 0x6D,
-    0xDD, 0x32, 0x0D, 0x59, 0x9A, 0xD9, 0x93, 0x6C, 0x8F, 0x44, 0x13, 0x7C,
-    0x08, 0xB1, 0x80, 0xEC, 0x5E, 0x98, 0x5C, 0xEB, 0xE1, 0x86, 0xF3, 0xD5,
-    0x49, 0x67, 0x7E, 0x80, 0x60, 0x73, 0x31, 0xEE, 0x17, 0xAF, 0x33, 0x80,
-    0xA7, 0x25, 0xB0, 0x78, 0x23, 0x17, 0xD7, 0xDD, 0x43, 0xF5, 0x9D, 0x7A,
-    0xF9, 0x56, 0x8A, 0x9B, 0xB6, 0x3A, 0x84, 0xD3, 0x65, 0xF9, 0x22, 0x44,
-    0xED, 0x12, 0x09, 0x88, 0x21, 0x93, 0x02, 0xF4, 0x29, 0x24, 0xC7, 0xCA,
-    0x90, 0xB8, 0x9D, 0x24, 0xF7, 0x1B, 0x0A, 0xB6, 0x97, 0x82, 0x3D, 0x7D,
-    0xEB, 0x1A, 0xFF, 0x5B, 0x0E, 0x8E, 0x4A, 0x45, 0xD4, 0x9F, 0x7F, 0x53,
-    0x75, 0x7E, 0x19, 0x13
-};
-
-static const unsigned char dhtest_2048_256_Z[] = {
-    0x86, 0xC7, 0x0B, 0xF8, 0xD0, 0xBB, 0x81, 0xBB, 0x01, 0x07, 0x8A, 0x17,
-    0x21, 0x9C, 0xB7, 0xD2, 0x72, 0x03, 0xDB, 0x2A, 0x19, 0xC8, 0x77, 0xF1,
-    0xD1, 0xF1, 0x9F, 0xD7, 0xD7, 0x7E, 0xF2, 0x25, 0x46, 0xA6, 0x8F, 0x00,
-    0x5A, 0xD5, 0x2D, 0xC8, 0x45, 0x53, 0xB7, 0x8F, 0xC6, 0x03, 0x30, 0xBE,
-    0x51, 0xEA, 0x7C, 0x06, 0x72, 0xCA, 0xC1, 0x51, 0x5E, 0x4B, 0x35, 0xC0,
-    0x47, 0xB9, 0xA5, 0x51, 0xB8, 0x8F, 0x39, 0xDC, 0x26, 0xDA, 0x14, 0xA0,
-    0x9E, 0xF7, 0x47, 0x74, 0xD4, 0x7C, 0x76, 0x2D, 0xD1, 0x77, 0xF9, 0xED,
-    0x5B, 0xC2, 0xF1, 0x1E, 0x52, 0xC8, 0x79, 0xBD, 0x95, 0x09, 0x85, 0x04,
-    0xCD, 0x9E, 0xEC, 0xD8, 0xA8, 0xF9, 0xB3, 0xEF, 0xBD, 0x1F, 0x00, 0x8A,
-    0xC5, 0x85, 0x30, 0x97, 0xD9, 0xD1, 0x83, 0x7F, 0x2B, 0x18, 0xF7, 0x7C,
-    0xD7, 0xBE, 0x01, 0xAF, 0x80, 0xA7, 0xC7, 0xB5, 0xEA, 0x3C, 0xA5, 0x4C,
-    0xC0, 0x2D, 0x0C, 0x11, 0x6F, 0xEE, 0x3F, 0x95, 0xBB, 0x87, 0x39, 0x93,
-    0x85, 0x87, 0x5D, 0x7E, 0x86, 0x74, 0x7E, 0x67, 0x6E, 0x72, 0x89, 0x38,
-    0xAC, 0xBF, 0xF7, 0x09, 0x8E, 0x05, 0xBE, 0x4D, 0xCF, 0xB2, 0x40, 0x52,
-    0xB8, 0x3A, 0xEF, 0xFB, 0x14, 0x78, 0x3F, 0x02, 0x9A, 0xDB, 0xDE, 0x7F,
-    0x53, 0xFA, 0xE9, 0x20, 0x84, 0x22, 0x40, 0x90, 0xE0, 0x07, 0xCE, 0xE9,
-    0x4D, 0x4B, 0xF2, 0xBA, 0xCE, 0x9F, 0xFD, 0x4B, 0x57, 0xD2, 0xAF, 0x7C,
-    0x72, 0x4D, 0x0C, 0xAA, 0x19, 0xBF, 0x05, 0x01, 0xF6, 0xF1, 0x7B, 0x4A,
-    0xA1, 0x0F, 0x42, 0x5E, 0x3E, 0xA7, 0x60, 0x80, 0xB4, 0xB9, 0xD6, 0xB3,
-    0xCE, 0xFE, 0xA1, 0x15, 0xB2, 0xCE, 0xB8, 0x78, 0x9B, 0xB8, 0xA3, 0xB0,
-    0xEA, 0x87, 0xFE, 0xBE, 0x63, 0xB6, 0xC8, 0xF8, 0x46, 0xEC, 0x6D, 0xB0,
-    0xC2, 0x6C, 0x5D, 0x7C
-};
-
-static const unsigned char dhtest_rfc5114_2048_224_bad_y[] = {
-    0x45, 0x32, 0x5F, 0x51, 0x07, 0xE5, 0xDF, 0x1C, 0xD6, 0x02, 0x82, 0xB3,
-    0x32, 0x8F, 0xA4, 0x0F, 0x87, 0xB8, 0x41, 0xFE, 0xB9, 0x35, 0xDE, 0xAD,
-    0xC6, 0x26, 0x85, 0xB4, 0xFF, 0x94, 0x8C, 0x12, 0x4C, 0xBF, 0x5B, 0x20,
-    0xC4, 0x46, 0xA3, 0x26, 0xEB, 0xA4, 0x25, 0xB7, 0x68, 0x8E, 0xCC, 0x67,
-    0xBA, 0xEA, 0x58, 0xD0, 0xF2, 0xE9, 0xD2, 0x24, 0x72, 0x60, 0xDA, 0x88,
-    0x18, 0x9C, 0xE0, 0x31, 0x6A, 0xAD, 0x50, 0x6D, 0x94, 0x35, 0x8B, 0x83,
-    0x4A, 0x6E, 0xFA, 0x48, 0x73, 0x0F, 0x83, 0x87, 0xFF, 0x6B, 0x66, 0x1F,
-    0xA8, 0x82, 0xC6, 0x01, 0xE5, 0x80, 0xB5, 0xB0, 0x52, 0xD0, 0xE9, 0xD8,
-    0x72, 0xF9, 0x7D, 0x5B, 0x8B, 0xA5, 0x4C, 0xA5, 0x25, 0x95, 0x74, 0xE2,
-    0x7A, 0x61, 0x4E, 0xA7, 0x8F, 0x12, 0xE2, 0xD2, 0x9D, 0x8C, 0x02, 0x70,
-    0x34, 0x44, 0x32, 0xC7, 0xB2, 0xF3, 0xB9, 0xFE, 0x17, 0x2B, 0xD6, 0x1F,
-    0x8B, 0x7E, 0x4A, 0xFA, 0xA3, 0xB5, 0x3E, 0x7A, 0x81, 0x9A, 0x33, 0x66,
-    0x62, 0xA4, 0x50, 0x18, 0x3E, 0xA2, 0x5F, 0x00, 0x07, 0xD8, 0x9B, 0x22,
-    0xE4, 0xEC, 0x84, 0xD5, 0xEB, 0x5A, 0xF3, 0x2A, 0x31, 0x23, 0xD8, 0x44,
-    0x22, 0x2A, 0x8B, 0x37, 0x44, 0xCC, 0xC6, 0x87, 0x4B, 0xBE, 0x50, 0x9D,
-    0x4A, 0xC4, 0x8E, 0x45, 0xCF, 0x72, 0x4D, 0xC0, 0x89, 0xB3, 0x72, 0xED,
-    0x33, 0x2C, 0xBC, 0x7F, 0x16, 0x39, 0x3B, 0xEB, 0xD2, 0xDD, 0xA8, 0x01,
-    0x73, 0x84, 0x62, 0xB9, 0x29, 0xD2, 0xC9, 0x51, 0x32, 0x9E, 0x7A, 0x6A,
-    0xCF, 0xC1, 0x0A, 0xDB, 0x0E, 0xE0, 0x62, 0x77, 0x6F, 0x59, 0x62, 0x72,
-    0x5A, 0x69, 0xA6, 0x5B, 0x70, 0xCA, 0x65, 0xC4, 0x95, 0x6F, 0x9A, 0xC2,
-    0xDF, 0x72, 0x6D, 0xB1, 0x1E, 0x54, 0x7B, 0x51, 0xB4, 0xEF, 0x7F, 0x89,
-    0x93, 0x74, 0x89, 0x59
-};
-
-typedef struct {
-    DH *(*get_param) (void);
-    const unsigned char *xA;
-    size_t xA_len;
-    const unsigned char *yA;
-    size_t yA_len;
-    const unsigned char *xB;
-    size_t xB_len;
-    const unsigned char *yB;
-    size_t yB_len;
-    const unsigned char *Z;
-    size_t Z_len;
-} rfc5114_td;
-
-# define make_rfc5114_td(pre) { \
-        DH_get_##pre, \
-        dhtest_##pre##_xA, sizeof(dhtest_##pre##_xA), \
-        dhtest_##pre##_yA, sizeof(dhtest_##pre##_yA), \
-        dhtest_##pre##_xB, sizeof(dhtest_##pre##_xB), \
-        dhtest_##pre##_yB, sizeof(dhtest_##pre##_yB), \
-        dhtest_##pre##_Z, sizeof(dhtest_##pre##_Z) \
-        }
-
-static const rfc5114_td rfctd[] = {
-        make_rfc5114_td(1024_160),
-        make_rfc5114_td(2048_224),
-        make_rfc5114_td(2048_256)
-};
-
-static int run_rfc5114_tests(void)
-{
-    int i;
-    DH *dhA = NULL;
-    DH *dhB = NULL;
-    unsigned char *Z1 = NULL;
-    unsigned char *Z2 = NULL;
-    const rfc5114_td *td = NULL;
-    BIGNUM *bady = NULL;
-
-    for (i = 0; i < (int)(sizeof(rfctd) / sizeof(rfc5114_td)); i++) {
-        td = rfctd + i;
-        /* Set up DH structures setting key components */
-        dhA = td->get_param();
-        dhB = td->get_param();
-        if (!dhA || !dhB)
-            goto bad_err;
-
-        dhA->priv_key = BN_bin2bn(td->xA, td->xA_len, NULL);
-        dhA->pub_key = BN_bin2bn(td->yA, td->yA_len, NULL);
-
-        dhB->priv_key = BN_bin2bn(td->xB, td->xB_len, NULL);
-        dhB->pub_key = BN_bin2bn(td->yB, td->yB_len, NULL);
-
-        if (!dhA->priv_key || !dhA->pub_key
-            || !dhB->priv_key || !dhB->pub_key)
-            goto bad_err;
-
-        if ((td->Z_len != (size_t)DH_size(dhA))
-            || (td->Z_len != (size_t)DH_size(dhB)))
-            goto err;
-
-        Z1 = OPENSSL_malloc(DH_size(dhA));
-        Z2 = OPENSSL_malloc(DH_size(dhB));
-        /*
-         * Work out shared secrets using both sides and compare with expected
-         * values.
-         */
-        if (DH_compute_key(Z1, dhB->pub_key, dhA) == -1)
-            goto bad_err;
-        if (DH_compute_key(Z2, dhA->pub_key, dhB) == -1)
-            goto bad_err;
-
-        if (memcmp(Z1, td->Z, td->Z_len))
-            goto err;
-        if (memcmp(Z2, td->Z, td->Z_len))
-            goto err;
-
-        printf("RFC5114 parameter test %d OK\n", i + 1);
-
-        DH_free(dhA);
-        DH_free(dhB);
-        OPENSSL_free(Z1);
-        OPENSSL_free(Z2);
-        dhA = NULL;
-        dhB = NULL;
-        Z1 = NULL;
-        Z2 = NULL;
-    }
-
-    /* Now i == OSSL_NELEM(rfctd) */
-    /* RFC5114 uses unsafe primes, so now test an invalid y value */
-    dhA = DH_get_2048_224();
-    if (dhA == NULL)
-        goto bad_err;
-    Z1 = OPENSSL_malloc(DH_size(dhA));
-    if (Z1 == NULL)
-        goto bad_err;
-
-    bady = BN_bin2bn(dhtest_rfc5114_2048_224_bad_y,
-                     sizeof(dhtest_rfc5114_2048_224_bad_y), NULL);
-    if (bady == NULL)
-        goto bad_err;
-
-    if (!DH_generate_key(dhA))
-        goto bad_err;
-
-    if (DH_compute_key(Z1, bady, dhA) != -1) {
-        /*
-         * DH_compute_key should fail with -1. If we get here we unexpectedly
-         * allowed an invalid y value
-         */
-        goto err;
-    }
-    /* We'll have a stale error on the queue from the above test so clear it */
-    ERR_clear_error();
-
-    printf("RFC5114 parameter test %d OK\n", i + 1);
-
-    BN_free(bady);
-    DH_free(dhA);
-    OPENSSL_free(Z1);
-
-    return 1;
- bad_err:
-    BN_free(bady);
-    DH_free(dhA);
-    DH_free(dhB);
-    OPENSSL_free(Z1);
-    OPENSSL_free(Z2);
-
-    fprintf(stderr, "Initalisation error RFC5114 set %d\n", i + 1);
-    ERR_print_errors_fp(stderr);
-    return 0;
- err:
-    BN_free(bady);
-    DH_free(dhA);
-    DH_free(dhB);
-    OPENSSL_free(Z1);
-    OPENSSL_free(Z2);
-
-    fprintf(stderr, "Test failed RFC5114 set %d\n", i + 1);
-    return 0;
-}
-
-#endif
diff --git a/freebsd/crypto/openssl/crypto/dh/p1024.c b/freebsd/crypto/openssl/crypto/dh/p1024.c
deleted file mode 100644
index 7d35f263..00000000
--- a/freebsd/crypto/openssl/crypto/dh/p1024.c
+++ /dev/null
@@ -1,94 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/dh/p1024.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/bn.h>
-#include <openssl/asn1.h>
-#include <openssl/dh.h>
-#include <openssl/pem.h>
-
-unsigned char data[] = { 0x97, 0xF6, 0x42, 0x61, 0xCA, 0xB5, 0x05, 0xDD,
-    0x28, 0x28, 0xE1, 0x3F, 0x1D, 0x68, 0xB6, 0xD3,
-    0xDB, 0xD0, 0xF3, 0x13, 0x04, 0x7F, 0x40, 0xE8,
-    0x56, 0xDA, 0x58, 0xCB, 0x13, 0xB8, 0xA1, 0xBF,
-    0x2B, 0x78, 0x3A, 0x4C, 0x6D, 0x59, 0xD5, 0xF9,
-    0x2A, 0xFC, 0x6C, 0xFF, 0x3D, 0x69, 0x3F, 0x78,
-    0xB2, 0x3D, 0x4F, 0x31, 0x60, 0xA9, 0x50, 0x2E,
-    0x3E, 0xFA, 0xF7, 0xAB, 0x5E, 0x1A, 0xD5, 0xA6,
-    0x5E, 0x55, 0x43, 0x13, 0x82, 0x8D, 0xA8, 0x3B,
-    0x9F, 0xF2, 0xD9, 0x41, 0xDE, 0xE9, 0x56, 0x89,
-    0xFA, 0xDA, 0xEA, 0x09, 0x36, 0xAD, 0xDF, 0x19,
-    0x71, 0xFE, 0x63, 0x5B, 0x20, 0xAF, 0x47, 0x03,
-    0x64, 0x60, 0x3C, 0x2D, 0xE0, 0x59, 0xF5, 0x4B,
-    0x65, 0x0A, 0xD8, 0xFA, 0x0C, 0xF7, 0x01, 0x21,
-    0xC7, 0x47, 0x99, 0xD7, 0x58, 0x71, 0x32, 0xBE,
-    0x9B, 0x99, 0x9B, 0xB9, 0xB7, 0x87, 0xE8, 0xAB,
-};
-
-main()
-{
-    DH *dh;
-
-    dh = DH_new();
-    dh->p = BN_bin2bn(data, sizeof(data), NULL);
-    dh->g = BN_new();
-    BN_set_word(dh->g, 2);
-    PEM_write_DHparams(stdout, dh);
-}
diff --git a/freebsd/crypto/openssl/crypto/dh/p192.c b/freebsd/crypto/openssl/crypto/dh/p192.c
deleted file mode 100644
index 5a3fb499..00000000
--- a/freebsd/crypto/openssl/crypto/dh/p192.c
+++ /dev/null
@@ -1,82 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/dh/p192.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/bn.h>
-#include <openssl/asn1.h>
-#include <openssl/dh.h>
-#include <openssl/pem.h>
-
-unsigned char data[] = {
-    0xD4, 0xA0, 0xBA, 0x02, 0x50, 0xB6, 0xFD, 0x2E,
-    0xC6, 0x26, 0xE7, 0xEF, 0xD6, 0x37, 0xDF, 0x76,
-    0xC7, 0x16, 0xE2, 0x2D, 0x09, 0x44, 0xB8, 0x8B,
-};
-
-main()
-{
-    DH *dh;
-
-    dh = DH_new();
-    dh->p = BN_bin2bn(data, sizeof(data), NULL);
-    dh->g = BN_new();
-    BN_set_word(dh->g, 3);
-    PEM_write_DHparams(stdout, dh);
-}
diff --git a/freebsd/crypto/openssl/crypto/dh/p512.c b/freebsd/crypto/openssl/crypto/dh/p512.c
deleted file mode 100644
index dbdf7ddf..00000000
--- a/freebsd/crypto/openssl/crypto/dh/p512.c
+++ /dev/null
@@ -1,87 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/dh/p512.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/bn.h>
-#include <openssl/asn1.h>
-#include <openssl/dh.h>
-#include <openssl/pem.h>
-
-unsigned char data[] = {
-    0xDA, 0x58, 0x3C, 0x16, 0xD9, 0x85, 0x22, 0x89,
-    0xD0, 0xE4, 0xAF, 0x75, 0x6F, 0x4C, 0xCA, 0x92,
-    0xDD, 0x4B, 0xE5, 0x33, 0xB8, 0x04, 0xFB, 0x0F,
-    0xED, 0x94, 0xEF, 0x9C, 0x8A, 0x44, 0x03, 0xED,
-    0x57, 0x46, 0x50, 0xD3, 0x69, 0x99, 0xDB, 0x29,
-    0xD7, 0x76, 0x27, 0x6B, 0xA2, 0xD3, 0xD4, 0x12,
-    0xE2, 0x18, 0xF4, 0xDD, 0x1E, 0x08, 0x4C, 0xF6,
-    0xD8, 0x00, 0x3E, 0x7C, 0x47, 0x74, 0xE8, 0x33,
-};
-
-main()
-{
-    DH *dh;
-
-    dh = DH_new();
-    dh->p = BN_bin2bn(data, sizeof(data), NULL);
-    dh->g = BN_new();
-    BN_set_word(dh->g, 2);
-    PEM_write_DHparams(stdout, dh);
-}
diff --git a/freebsd/crypto/openssl/crypto/dllmain.c b/freebsd/crypto/openssl/crypto/dllmain.c
new file mode 100644
index 00000000..8e64968d
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/dllmain.c
@@ -0,0 +1,48 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include "internal/cryptlib_int.h"
+
+#if defined(_WIN32) || defined(__CYGWIN__)
+# ifdef __CYGWIN__
+/* pick DLL_[PROCESS|THREAD]_[ATTACH|DETACH] definitions */
+#  include <windows.h>
+/*
+ * this has side-effect of _WIN32 getting defined, which otherwise is
+ * mutually exclusive with __CYGWIN__...
+ */
+# endif
+
+/*
+ * All we really need to do is remove the 'error' state when a thread
+ * detaches
+ */
+
+BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved);
+BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
+{
+    switch (fdwReason) {
+    case DLL_PROCESS_ATTACH:
+        OPENSSL_cpuid_setup();
+        break;
+    case DLL_THREAD_ATTACH:
+        break;
+    case DLL_THREAD_DETACH:
+        OPENSSL_thread_stop();
+        break;
+    case DLL_PROCESS_DETACH:
+        break;
+    }
+    return TRUE;
+}
+#endif
+
diff --git a/freebsd/crypto/openssl/crypto/dsa/dsa.h b/freebsd/crypto/openssl/crypto/dsa/dsa.h
deleted file mode 100644
index 3e6984ea..00000000
--- a/freebsd/crypto/openssl/crypto/dsa/dsa.h
+++ /dev/null
@@ -1,335 +0,0 @@
-/* crypto/dsa/dsa.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/*
- * The DSS routines are based on patches supplied by
- * Steven Schoch <schoch@sheba.arc.nasa.gov>.  He basically did the
- * work and I have just tweaked them a little to fit into my
- * stylistic vision for SSLeay :-) */
-
-#ifndef HEADER_DSA_H
-# define HEADER_DSA_H
-
-# include <openssl/e_os2.h>
-
-# ifdef OPENSSL_NO_DSA
-#  error DSA is disabled.
-# endif
-
-# ifndef OPENSSL_NO_BIO
-#  include <openssl/bio.h>
-# endif
-# include <openssl/crypto.h>
-# include <openssl/ossl_typ.h>
-
-# ifndef OPENSSL_NO_DEPRECATED
-#  include <openssl/bn.h>
-#  ifndef OPENSSL_NO_DH
-#   include <openssl/dh.h>
-#  endif
-# endif
-
-# ifndef OPENSSL_DSA_MAX_MODULUS_BITS
-#  define OPENSSL_DSA_MAX_MODULUS_BITS   10000
-# endif
-
-# define DSA_FLAG_CACHE_MONT_P   0x01
-/*
- * new with 0.9.7h; the built-in DSA implementation now uses constant time
- * modular exponentiation for secret exponents by default. This flag causes
- * the faster variable sliding window method to be used for all exponents.
- */
-# define DSA_FLAG_NO_EXP_CONSTTIME       0x02
-
-/*
- * If this flag is set the DSA method is FIPS compliant and can be used in
- * FIPS mode. This is set in the validated module method. If an application
- * sets this flag in its own methods it is its reposibility to ensure the
- * result is compliant.
- */
-
-# define DSA_FLAG_FIPS_METHOD                    0x0400
-
-/*
- * If this flag is set the operations normally disabled in FIPS mode are
- * permitted it is then the applications responsibility to ensure that the
- * usage is compliant.
- */
-
-# define DSA_FLAG_NON_FIPS_ALLOW                 0x0400
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* Already defined in ossl_typ.h */
-/* typedef struct dsa_st DSA; */
-/* typedef struct dsa_method DSA_METHOD; */
-
-typedef struct DSA_SIG_st {
-    BIGNUM *r;
-    BIGNUM *s;
-} DSA_SIG;
-
-struct dsa_method {
-    const char *name;
-    DSA_SIG *(*dsa_do_sign) (const unsigned char *dgst, int dlen, DSA *dsa);
-    int (*dsa_sign_setup) (DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
-                           BIGNUM **rp);
-    int (*dsa_do_verify) (const unsigned char *dgst, int dgst_len,
-                          DSA_SIG *sig, DSA *dsa);
-    int (*dsa_mod_exp) (DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
-                        BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
-                        BN_MONT_CTX *in_mont);
-    /* Can be null */
-    int (*bn_mod_exp) (DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-                       const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-    int (*init) (DSA *dsa);
-    int (*finish) (DSA *dsa);
-    int flags;
-    char *app_data;
-    /* If this is non-NULL, it is used to generate DSA parameters */
-    int (*dsa_paramgen) (DSA *dsa, int bits,
-                         const unsigned char *seed, int seed_len,
-                         int *counter_ret, unsigned long *h_ret,
-                         BN_GENCB *cb);
-    /* If this is non-NULL, it is used to generate DSA keys */
-    int (*dsa_keygen) (DSA *dsa);
-};
-
-struct dsa_st {
-    /*
-     * This first variable is used to pick up errors where a DSA is passed
-     * instead of of a EVP_PKEY
-     */
-    int pad;
-    long version;
-    int write_params;
-    BIGNUM *p;
-    BIGNUM *q;                  /* == 20 */
-    BIGNUM *g;
-    BIGNUM *pub_key;            /* y public key */
-    BIGNUM *priv_key;           /* x private key */
-    BIGNUM *kinv;               /* Signing pre-calc */
-    BIGNUM *r;                  /* Signing pre-calc */
-    int flags;
-    /* Normally used to cache montgomery values */
-    BN_MONT_CTX *method_mont_p;
-    int references;
-    CRYPTO_EX_DATA ex_data;
-    const DSA_METHOD *meth;
-    /* functional reference if 'meth' is ENGINE-provided */
-    ENGINE *engine;
-};
-
-# define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \
-                (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x))
-# define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \
-                (unsigned char *)(x))
-# define d2i_DSAparams_bio(bp,x) ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAparams,bp,x)
-# define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio_of_const(DSA,i2d_DSAparams,bp,x)
-
-DSA *DSAparams_dup(DSA *x);
-DSA_SIG *DSA_SIG_new(void);
-void DSA_SIG_free(DSA_SIG *a);
-int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
-DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length);
-
-DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
-int DSA_do_verify(const unsigned char *dgst, int dgst_len,
-                  DSA_SIG *sig, DSA *dsa);
-
-const DSA_METHOD *DSA_OpenSSL(void);
-
-void DSA_set_default_method(const DSA_METHOD *);
-const DSA_METHOD *DSA_get_default_method(void);
-int DSA_set_method(DSA *dsa, const DSA_METHOD *);
-
-DSA *DSA_new(void);
-DSA *DSA_new_method(ENGINE *engine);
-void DSA_free(DSA *r);
-/* "up" the DSA object's reference count */
-int DSA_up_ref(DSA *r);
-int DSA_size(const DSA *);
-        /* next 4 return -1 on error */
-int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
-int DSA_sign(int type, const unsigned char *dgst, int dlen,
-             unsigned char *sig, unsigned int *siglen, DSA *dsa);
-int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
-               const unsigned char *sigbuf, int siglen, DSA *dsa);
-int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-                         CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-int DSA_set_ex_data(DSA *d, int idx, void *arg);
-void *DSA_get_ex_data(DSA *d, int idx);
-
-DSA *d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length);
-DSA *d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length);
-DSA *d2i_DSAparams(DSA **a, const unsigned char **pp, long length);
-
-/* Deprecated version */
-# ifndef OPENSSL_NO_DEPRECATED
-DSA *DSA_generate_parameters(int bits,
-                             unsigned char *seed, int seed_len,
-                             int *counter_ret, unsigned long *h_ret, void
-                              (*callback) (int, int, void *), void *cb_arg);
-# endif                         /* !defined(OPENSSL_NO_DEPRECATED) */
-
-/* New version */
-int DSA_generate_parameters_ex(DSA *dsa, int bits,
-                               const unsigned char *seed, int seed_len,
-                               int *counter_ret, unsigned long *h_ret,
-                               BN_GENCB *cb);
-
-int DSA_generate_key(DSA *a);
-int i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
-int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);
-int i2d_DSAparams(const DSA *a, unsigned char **pp);
-
-# ifndef OPENSSL_NO_BIO
-int DSAparams_print(BIO *bp, const DSA *x);
-int DSA_print(BIO *bp, const DSA *x, int off);
-# endif
-# ifndef OPENSSL_NO_FP_API
-int DSAparams_print_fp(FILE *fp, const DSA *x);
-int DSA_print_fp(FILE *bp, const DSA *x, int off);
-# endif
-
-# define DSS_prime_checks 64
-/*
- * Primality test according to FIPS PUB 186-4, Appendix C.3. Since we only
- * have one value here we set the number of checks to 64 which is the 128 bit
- * security level that is the highest level and valid for creating a 3072 bit
- * DSA key.
- */
-# define DSA_is_prime(n, callback, cb_arg) \
-        BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg)
-
-# ifndef OPENSSL_NO_DH
-/*
- * Convert DSA structure (key or just parameters) into DH structure (be
- * careful to avoid small subgroup attacks when using this!)
- */
-DH *DSA_dup_DH(const DSA *r);
-# endif
-
-# define EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits) \
-        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \
-                                EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL)
-
-# define EVP_PKEY_CTRL_DSA_PARAMGEN_BITS         (EVP_PKEY_ALG_CTRL + 1)
-# define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS       (EVP_PKEY_ALG_CTRL + 2)
-# define EVP_PKEY_CTRL_DSA_PARAMGEN_MD           (EVP_PKEY_ALG_CTRL + 3)
-
-/* BEGIN ERROR CODES */
-/*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_DSA_strings(void);
-
-/* Error codes for the DSA functions. */
-
-/* Function codes. */
-# define DSA_F_D2I_DSA_SIG                                110
-# define DSA_F_DO_DSA_PRINT                               104
-# define DSA_F_DSAPARAMS_PRINT                            100
-# define DSA_F_DSAPARAMS_PRINT_FP                         101
-# define DSA_F_DSA_BUILTIN_PARAMGEN2                      126
-# define DSA_F_DSA_DO_SIGN                                112
-# define DSA_F_DSA_DO_VERIFY                              113
-# define DSA_F_DSA_GENERATE_KEY                           124
-# define DSA_F_DSA_GENERATE_PARAMETERS_EX                 123
-# define DSA_F_DSA_NEW_METHOD                             103
-# define DSA_F_DSA_PARAM_DECODE                           119
-# define DSA_F_DSA_PRINT_FP                               105
-# define DSA_F_DSA_PRIV_DECODE                            115
-# define DSA_F_DSA_PRIV_ENCODE                            116
-# define DSA_F_DSA_PUB_DECODE                             117
-# define DSA_F_DSA_PUB_ENCODE                             118
-# define DSA_F_DSA_SIGN                                   106
-# define DSA_F_DSA_SIGN_SETUP                             107
-# define DSA_F_DSA_SIG_NEW                                109
-# define DSA_F_DSA_SIG_PRINT                              125
-# define DSA_F_DSA_VERIFY                                 108
-# define DSA_F_I2D_DSA_SIG                                111
-# define DSA_F_OLD_DSA_PRIV_DECODE                        122
-# define DSA_F_PKEY_DSA_CTRL                              120
-# define DSA_F_PKEY_DSA_CTRL_STR                          127
-# define DSA_F_PKEY_DSA_KEYGEN                            121
-# define DSA_F_SIG_CB                                     114
-
-/* Reason codes. */
-# define DSA_R_BAD_Q_VALUE                                102
-# define DSA_R_BN_DECODE_ERROR                            108
-# define DSA_R_BN_ERROR                                   109
-# define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE                100
-# define DSA_R_DECODE_ERROR                               104
-# define DSA_R_INVALID_DIGEST_TYPE                        106
-# define DSA_R_INVALID_PARAMETERS                         112
-# define DSA_R_MISSING_PARAMETERS                         101
-# define DSA_R_MODULUS_TOO_LARGE                          103
-# define DSA_R_NEED_NEW_SETUP_VALUES                      110
-# define DSA_R_NON_FIPS_DSA_METHOD                        111
-# define DSA_R_NO_PARAMETERS_SET                          107
-# define DSA_R_PARAMETER_ENCODING_ERROR                   105
-# define DSA_R_Q_NOT_PRIME                                113
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/freebsd/crypto/openssl/crypto/dsa/dsa_ameth.c b/freebsd/crypto/openssl/crypto/dsa/dsa_ameth.c
index 5244a252..82ca2b14 100644
--- a/freebsd/crypto/openssl/crypto/dsa/dsa_ameth.c
+++ b/freebsd/crypto/openssl/crypto/dsa/dsa_ameth.c
@@ -1,81 +1,31 @@
 #include <machine/rtems-bsd-user-space.h>
 
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2006.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/x509.h>
 #include <openssl/asn1.h>
-#include <openssl/dsa.h>
+#include "dsa_locl.h"
 #include <openssl/bn.h>
-#ifndef OPENSSL_NO_CMS
-# include <openssl/cms.h>
-#endif
-#include "asn1_locl.h"
+#include <openssl/cms.h>
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
 
 static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
 {
     const unsigned char *p, *pm;
     int pklen, pmlen;
     int ptype;
-    void *pval;
-    ASN1_STRING *pstr;
+    const void *pval;
+    const ASN1_STRING *pstr;
     X509_ALGOR *palg;
     ASN1_INTEGER *public_key = NULL;
 
@@ -90,13 +40,13 @@ static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
         pm = pstr->data;
         pmlen = pstr->length;
 
-        if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen))) {
+        if ((dsa = d2i_DSAparams(NULL, &pm, pmlen)) == NULL) {
             DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR);
             goto err;
         }
 
     } else if ((ptype == V_ASN1_NULL) || (ptype == V_ASN1_UNDEF)) {
-        if (!(dsa = DSA_new())) {
+        if ((dsa = DSA_new()) == NULL) {
             DSAerr(DSA_F_DSA_PUB_DECODE, ERR_R_MALLOC_FAILURE);
             goto err;
         }
@@ -105,12 +55,12 @@ static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
         goto err;
     }
 
-    if (!(public_key = d2i_ASN1_INTEGER(NULL, &p, pklen))) {
+    if ((public_key = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL) {
         DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR);
         goto err;
     }
 
-    if (!(dsa->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) {
+    if ((dsa->pub_key = ASN1_INTEGER_to_BN(public_key, NULL)) == NULL) {
         DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_BN_DECODE_ERROR);
         goto err;
     }
@@ -120,10 +70,8 @@ static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
     return 1;
 
  err:
-    if (public_key)
-        ASN1_INTEGER_free(public_key);
-    if (dsa)
-        DSA_free(dsa);
+    ASN1_INTEGER_free(public_key);
+    DSA_free(dsa);
     return 0;
 
 }
@@ -135,12 +83,13 @@ static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
     unsigned char *penc = NULL;
     int penclen;
     ASN1_STRING *str = NULL;
+    ASN1_INTEGER *pubint = NULL;
     ASN1_OBJECT *aobj;
 
     dsa = pkey->pkey.dsa;
     if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) {
         str = ASN1_STRING_new();
-        if (!str) {
+        if (str == NULL) {
             DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
             goto err;
         }
@@ -153,9 +102,15 @@ static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
     } else
         ptype = V_ASN1_UNDEF;
 
-    dsa->write_params = 0;
+    pubint = BN_to_ASN1_INTEGER(dsa->pub_key, NULL);
+
+    if (pubint == NULL) {
+        DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
 
-    penclen = i2d_DSAPublicKey(dsa, &penc);
+    penclen = i2d_ASN1_INTEGER(pubint, &penc);
+    ASN1_INTEGER_free(pubint);
 
     if (penclen <= 0) {
         DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
@@ -170,10 +125,8 @@ static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
         return 1;
 
  err:
-    if (penc)
-        OPENSSL_free(penc);
-    if (str)
-        ASN1_STRING_free(str);
+    OPENSSL_free(penc);
+    ASN1_STRING_free(str);
 
     return 0;
 }
@@ -183,18 +136,17 @@ static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
  * AlgorithmIdentifier the pubkey must be recalculated.
  */
 
-static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
+static int dsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
 {
     const unsigned char *p, *pm;
     int pklen, pmlen;
     int ptype;
-    void *pval;
-    ASN1_STRING *pstr;
-    X509_ALGOR *palg;
+    const void *pval;
+    const ASN1_STRING *pstr;
+    const X509_ALGOR *palg;
     ASN1_INTEGER *privkey = NULL;
     BN_CTX *ctx = NULL;
 
-    STACK_OF(ASN1_TYPE) *ndsa = NULL;
     DSA *dsa = NULL;
 
     int ret = 0;
@@ -203,63 +155,28 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
         return 0;
     X509_ALGOR_get0(NULL, &ptype, &pval, palg);
 
-    /* Check for broken DSA PKCS#8, UGH! */
-    if (*p == (V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED)) {
-        ASN1_TYPE *t1, *t2;
-        if (!(ndsa = d2i_ASN1_SEQUENCE_ANY(NULL, &p, pklen)))
-            goto decerr;
-        if (sk_ASN1_TYPE_num(ndsa) != 2)
-            goto decerr;
-        /*-
-         * Handle Two broken types:
-         * SEQUENCE {parameters, priv_key}
-         * SEQUENCE {pub_key, priv_key}
-         */
-
-        t1 = sk_ASN1_TYPE_value(ndsa, 0);
-        t2 = sk_ASN1_TYPE_value(ndsa, 1);
-        if (t1->type == V_ASN1_SEQUENCE) {
-            p8->broken = PKCS8_EMBEDDED_PARAM;
-            pval = t1->value.ptr;
-        } else if (ptype == V_ASN1_SEQUENCE)
-            p8->broken = PKCS8_NS_DB;
-        else
-            goto decerr;
-
-        if (t2->type != V_ASN1_INTEGER)
-            goto decerr;
-
-        privkey = t2->value.integer;
-    } else {
-        const unsigned char *q = p;
-        if (!(privkey = d2i_ASN1_INTEGER(NULL, &p, pklen)))
-            goto decerr;
-        if (privkey->type == V_ASN1_NEG_INTEGER) {
-            p8->broken = PKCS8_NEG_PRIVKEY;
-            ASN1_STRING_clear_free(privkey);
-            if (!(privkey = d2i_ASN1_UINTEGER(NULL, &q, pklen)))
-                goto decerr;
-        }
-        if (ptype != V_ASN1_SEQUENCE)
-            goto decerr;
-    }
+    if ((privkey = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL)
+        goto decerr;
+    if (privkey->type == V_ASN1_NEG_INTEGER || ptype != V_ASN1_SEQUENCE)
+        goto decerr;
 
     pstr = pval;
     pm = pstr->data;
     pmlen = pstr->length;
-    if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen)))
+    if ((dsa = d2i_DSAparams(NULL, &pm, pmlen)) == NULL)
         goto decerr;
     /* We have parameters now set private key */
-    if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) {
+    if ((dsa->priv_key = BN_secure_new()) == NULL
+        || !ASN1_INTEGER_to_BN(privkey, dsa->priv_key)) {
         DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_BN_ERROR);
         goto dsaerr;
     }
     /* Calculate public key */
-    if (!(dsa->pub_key = BN_new())) {
+    if ((dsa->pub_key = BN_new()) == NULL) {
         DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE);
         goto dsaerr;
     }
-    if (!(ctx = BN_CTX_new())) {
+    if ((ctx = BN_CTX_new()) == NULL) {
         DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE);
         goto dsaerr;
     }
@@ -281,10 +198,7 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
     DSA_free(dsa);
  done:
     BN_CTX_free(ctx);
-    if (ndsa)
-        sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
-    else
-        ASN1_STRING_clear_free(privkey);
+    ASN1_STRING_clear_free(privkey);
     return ret;
 }
 
@@ -302,7 +216,7 @@ static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
 
     params = ASN1_STRING_new();
 
-    if (!params) {
+    if (params == NULL) {
         DSAerr(DSA_F_DSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
         goto err;
     }
@@ -334,23 +248,25 @@ static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
     return 1;
 
  err:
-    if (dp != NULL)
-        OPENSSL_free(dp);
-    if (params != NULL)
-        ASN1_STRING_free(params);
-    if (prkey != NULL)
-        ASN1_STRING_clear_free(prkey);
+    OPENSSL_free(dp);
+    ASN1_STRING_free(params);
+    ASN1_STRING_clear_free(prkey);
     return 0;
 }
 
 static int int_dsa_size(const EVP_PKEY *pkey)
 {
-    return (DSA_size(pkey->pkey.dsa));
+    return DSA_size(pkey->pkey.dsa);
 }
 
 static int dsa_bits(const EVP_PKEY *pkey)
 {
-    return BN_num_bits(pkey->pkey.dsa->p);
+    return DSA_bits(pkey->pkey.dsa);
+}
+
+static int dsa_security_bits(const EVP_PKEY *pkey)
+{
+    return DSA_security_bits(pkey->pkey.dsa);
 }
 
 static int dsa_missing_parameters(const EVP_PKEY *pkey)
@@ -366,22 +282,25 @@ static int dsa_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
 {
     BIGNUM *a;
 
+    if (to->pkey.dsa == NULL) {
+        to->pkey.dsa = DSA_new();
+        if (to->pkey.dsa == NULL)
+            return 0;
+    }
+
     if ((a = BN_dup(from->pkey.dsa->p)) == NULL)
         return 0;
-    if (to->pkey.dsa->p != NULL)
-        BN_free(to->pkey.dsa->p);
+    BN_free(to->pkey.dsa->p);
     to->pkey.dsa->p = a;
 
     if ((a = BN_dup(from->pkey.dsa->q)) == NULL)
         return 0;
-    if (to->pkey.dsa->q != NULL)
-        BN_free(to->pkey.dsa->q);
+    BN_free(to->pkey.dsa->q);
     to->pkey.dsa->q = a;
 
     if ((a = BN_dup(from->pkey.dsa->g)) == NULL)
         return 0;
-    if (to->pkey.dsa->g != NULL)
-        BN_free(to->pkey.dsa->g);
+    BN_free(to->pkey.dsa->g);
     to->pkey.dsa->g = a;
     return 1;
 }
@@ -409,22 +328,10 @@ static void int_dsa_free(EVP_PKEY *pkey)
     DSA_free(pkey->pkey.dsa);
 }
 
-static void update_buflen(const BIGNUM *b, size_t *pbuflen)
-{
-    size_t i;
-    if (!b)
-        return;
-    if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
-        *pbuflen = i;
-}
-
 static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype)
 {
-    unsigned char *m = NULL;
     int ret = 0;
-    size_t buf_len = 0;
     const char *ktype = NULL;
-
     const BIGNUM *priv_key, *pub_key;
 
     if (ptype == 2)
@@ -444,18 +351,6 @@ static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype)
     else
         ktype = "DSA-Parameters";
 
-    update_buflen(x->p, &buf_len);
-    update_buflen(x->q, &buf_len);
-    update_buflen(x->g, &buf_len);
-    update_buflen(priv_key, &buf_len);
-    update_buflen(pub_key, &buf_len);
-
-    m = (unsigned char *)OPENSSL_malloc(buf_len + 10);
-    if (m == NULL) {
-        DSAerr(DSA_F_DO_DSA_PRINT, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
     if (priv_key) {
         if (!BIO_indent(bp, off, 128))
             goto err;
@@ -464,28 +359,27 @@ static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype)
             goto err;
     }
 
-    if (!ASN1_bn_print(bp, "priv:", priv_key, m, off))
+    if (!ASN1_bn_print(bp, "priv:", priv_key, NULL, off))
         goto err;
-    if (!ASN1_bn_print(bp, "pub: ", pub_key, m, off))
+    if (!ASN1_bn_print(bp, "pub: ", pub_key, NULL, off))
         goto err;
-    if (!ASN1_bn_print(bp, "P:   ", x->p, m, off))
+    if (!ASN1_bn_print(bp, "P:   ", x->p, NULL, off))
         goto err;
-    if (!ASN1_bn_print(bp, "Q:   ", x->q, m, off))
+    if (!ASN1_bn_print(bp, "Q:   ", x->q, NULL, off))
         goto err;
-    if (!ASN1_bn_print(bp, "G:   ", x->g, m, off))
+    if (!ASN1_bn_print(bp, "G:   ", x->g, NULL, off))
         goto err;
     ret = 1;
  err:
-    if (m != NULL)
-        OPENSSL_free(m);
-    return (ret);
+    return ret;
 }
 
 static int dsa_param_decode(EVP_PKEY *pkey,
                             const unsigned char **pder, int derlen)
 {
     DSA *dsa;
-    if (!(dsa = d2i_DSAparams(NULL, pder, derlen))) {
+
+    if ((dsa = d2i_DSAparams(NULL, pder, derlen)) == NULL) {
         DSAerr(DSA_F_DSA_PARAM_DECODE, ERR_R_DSA_LIB);
         return 0;
     }
@@ -520,7 +414,8 @@ static int old_dsa_priv_decode(EVP_PKEY *pkey,
                                const unsigned char **pder, int derlen)
 {
     DSA *dsa;
-    if (!(dsa = d2i_DSAPrivateKey(NULL, pder, derlen))) {
+
+    if ((dsa = d2i_DSAPrivateKey(NULL, pder, derlen)) == NULL) {
         DSAerr(DSA_F_OLD_DSA_PRIV_DECODE, ERR_R_DSA_LIB);
         return 0;
     }
@@ -538,6 +433,7 @@ static int dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,
 {
     DSA_SIG *dsa_sig;
     const unsigned char *p;
+
     if (!sig) {
         if (BIO_puts(bp, "\n") <= 0)
             return 0;
@@ -548,27 +444,19 @@ static int dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,
     dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length);
     if (dsa_sig) {
         int rv = 0;
-        size_t buf_len = 0;
-        unsigned char *m = NULL;
-        update_buflen(dsa_sig->r, &buf_len);
-        update_buflen(dsa_sig->s, &buf_len);
-        m = OPENSSL_malloc(buf_len + 10);
-        if (m == NULL) {
-            DSAerr(DSA_F_DSA_SIG_PRINT, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
+        const BIGNUM *r, *s;
+
+        DSA_SIG_get0(dsa_sig, &r, &s);
 
         if (BIO_write(bp, "\n", 1) != 1)
             goto err;
 
-        if (!ASN1_bn_print(bp, "r:   ", dsa_sig->r, m, indent))
+        if (!ASN1_bn_print(bp, "r:   ", r, NULL, indent))
             goto err;
-        if (!ASN1_bn_print(bp, "s:   ", dsa_sig->s, m, indent))
+        if (!ASN1_bn_print(bp, "s:   ", s, NULL, indent))
             goto err;
         rv = 1;
  err:
-        if (m)
-            OPENSSL_free(m);
         DSA_SIG_free(dsa_sig);
         return rv;
     }
@@ -628,7 +516,7 @@ static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
 
 /* NB these are sorted in pkey_id order, lowest first */
 
-const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[] = {
+const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[5] = {
 
     {
      EVP_PKEY_DSA2,
@@ -669,6 +557,7 @@ const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[] = {
 
      int_dsa_size,
      dsa_bits,
+     dsa_security_bits,
 
      dsa_param_decode,
      dsa_param_encode,
diff --git a/freebsd/crypto/openssl/crypto/dsa/dsa_asn1.c b/freebsd/crypto/openssl/crypto/dsa/dsa_asn1.c
index ecabc721..8dd78d77 100644
--- a/freebsd/crypto/openssl/crypto/dsa/dsa_asn1.c
+++ b/freebsd/crypto/openssl/crypto/dsa/dsa_asn1.c
@@ -1,104 +1,71 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* dsa_asn1.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/dsa.h>
+#include "internal/cryptlib.h"
+#include "dsa_locl.h"
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
 #include <openssl/rand.h>
 
-/* Override the default new methods */
-static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
-                  void *exarg)
-{
-    if (operation == ASN1_OP_NEW_PRE) {
-        DSA_SIG *sig;
-        sig = OPENSSL_malloc(sizeof(DSA_SIG));
-        if (!sig) {
-            DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE);
-            return 0;
-        }
-        sig->r = NULL;
-        sig->s = NULL;
-        *pval = (ASN1_VALUE *)sig;
-        return 2;
-    }
-    return 1;
-}
-
-ASN1_SEQUENCE_cb(DSA_SIG, sig_cb) = {
+ASN1_SEQUENCE(DSA_SIG) = {
         ASN1_SIMPLE(DSA_SIG, r, CBIGNUM),
         ASN1_SIMPLE(DSA_SIG, s, CBIGNUM)
-} ASN1_SEQUENCE_END_cb(DSA_SIG, DSA_SIG)
+} static_ASN1_SEQUENCE_END(DSA_SIG)
 
 IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA_SIG, DSA_SIG, DSA_SIG)
 
+DSA_SIG *DSA_SIG_new(void)
+{
+    DSA_SIG *sig = OPENSSL_zalloc(sizeof(*sig));
+    if (sig == NULL)
+        DSAerr(DSA_F_DSA_SIG_NEW, ERR_R_MALLOC_FAILURE);
+    return sig;
+}
+
+void DSA_SIG_free(DSA_SIG *sig)
+{
+    if (sig == NULL)
+        return;
+    BN_clear_free(sig->r);
+    BN_clear_free(sig->s);
+    OPENSSL_free(sig);
+}
+
+void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
+{
+    if (pr != NULL)
+        *pr = sig->r;
+    if (ps != NULL)
+        *ps = sig->s;
+}
+
+int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s)
+{
+    if (r == NULL || s == NULL)
+        return 0;
+    BN_clear_free(sig->r);
+    BN_clear_free(sig->s);
+    sig->r = r;
+    sig->s = s;
+    return 1;
+}
+
 /* Override the default free and new methods */
 static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
                   void *exarg)
 {
     if (operation == ASN1_OP_NEW_PRE) {
         *pval = (ASN1_VALUE *)DSA_new();
-        if (*pval)
+        if (*pval != NULL)
             return 2;
         return 0;
     } else if (operation == ASN1_OP_FREE_PRE) {
@@ -110,13 +77,13 @@ static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
 }
 
 ASN1_SEQUENCE_cb(DSAPrivateKey, dsa_cb) = {
-        ASN1_SIMPLE(DSA, version, LONG),
+        ASN1_EMBED(DSA, version, INT32),
         ASN1_SIMPLE(DSA, p, BIGNUM),
         ASN1_SIMPLE(DSA, q, BIGNUM),
         ASN1_SIMPLE(DSA, g, BIGNUM),
         ASN1_SIMPLE(DSA, pub_key, BIGNUM),
-        ASN1_SIMPLE(DSA, priv_key, BIGNUM)
-} ASN1_SEQUENCE_END_cb(DSA, DSAPrivateKey)
+        ASN1_SIMPLE(DSA, priv_key, CBIGNUM)
+} static_ASN1_SEQUENCE_END_cb(DSA, DSAPrivateKey)
 
 IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPrivateKey, DSAPrivateKey)
 
@@ -124,27 +91,16 @@ ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = {
         ASN1_SIMPLE(DSA, p, BIGNUM),
         ASN1_SIMPLE(DSA, q, BIGNUM),
         ASN1_SIMPLE(DSA, g, BIGNUM),
-} ASN1_SEQUENCE_END_cb(DSA, DSAparams)
+} static_ASN1_SEQUENCE_END_cb(DSA, DSAparams)
 
 IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAparams, DSAparams)
 
-/*
- * DSA public key is a bit trickier... its effectively a CHOICE type decided
- * by a field called write_params which can either write out just the public
- * key as an INTEGER or the parameters and public key in a SEQUENCE
- */
-
-ASN1_SEQUENCE(dsa_pub_internal) = {
+ASN1_SEQUENCE_cb(DSAPublicKey, dsa_cb) = {
         ASN1_SIMPLE(DSA, pub_key, BIGNUM),
         ASN1_SIMPLE(DSA, p, BIGNUM),
         ASN1_SIMPLE(DSA, q, BIGNUM),
         ASN1_SIMPLE(DSA, g, BIGNUM)
-} ASN1_SEQUENCE_END_name(DSA, dsa_pub_internal)
-
-ASN1_CHOICE_cb(DSAPublicKey, dsa_cb) = {
-        ASN1_SIMPLE(DSA, pub_key, BIGNUM),
-        ASN1_EX_COMBINE(0, 0, dsa_pub_internal)
-} ASN1_CHOICE_END_cb(DSA, DSAPublicKey, write_params)
+} static_ASN1_SEQUENCE_END_cb(DSA, DSAPublicKey)
 
 IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey)
 
@@ -157,15 +113,15 @@ int DSA_sign(int type, const unsigned char *dgst, int dlen,
              unsigned char *sig, unsigned int *siglen, DSA *dsa)
 {
     DSA_SIG *s;
-    RAND_seed(dgst, dlen);
+
     s = DSA_do_sign(dgst, dlen, dsa);
     if (s == NULL) {
         *siglen = 0;
-        return (0);
+        return 0;
     }
     *siglen = i2d_DSA_SIG(s, &sig);
     DSA_SIG_free(s);
-    return (1);
+    return 1;
 }
 
 /* data has already been hashed (probably with SHA or SHA-1). */
@@ -186,7 +142,7 @@ int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
 
     s = DSA_SIG_new();
     if (s == NULL)
-        return (ret);
+        return ret;
     if (d2i_DSA_SIG(&s, &p, siglen) == NULL)
         goto err;
     /* Ensure signature uses DER and doesn't have trailing garbage */
@@ -195,10 +151,7 @@ int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
         goto err;
     ret = DSA_do_verify(dgst, dgst_len, s, dsa);
  err:
-    if (derlen > 0) {
-        OPENSSL_cleanse(der, derlen);
-        OPENSSL_free(der);
-    }
+    OPENSSL_clear_free(der, derlen);
     DSA_SIG_free(s);
-    return (ret);
+    return ret;
 }
diff --git a/freebsd/crypto/openssl/crypto/dsa/dsa_depr.c b/freebsd/crypto/openssl/crypto/dsa/dsa_depr.c
index 596c8492..522e0d9b 100644
--- a/freebsd/crypto/openssl/crypto/dsa/dsa_depr.c
+++ b/freebsd/crypto/openssl/crypto/dsa/dsa_depr.c
@@ -1,58 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/dsa/dsa_depr.c */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 /*
@@ -60,56 +14,51 @@
  * version(s).
  */
 
-#undef GENUINE_DSA
-
-#ifdef GENUINE_DSA
-/*
- * Parameter generation follows the original release of FIPS PUB 186,
- * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180)
- */
-# define HASH    EVP_sha()
-#else
 /*
  * Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
  * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in FIPS PUB
  * 180-1)
  */
-# define HASH    EVP_sha1()
-#endif
+#define xxxHASH    EVP_sha1()
 
-static void *dummy = &dummy;
-
-#ifndef OPENSSL_NO_SHA
+#include <openssl/opensslconf.h>
+#if OPENSSL_API_COMPAT >= 0x00908000L
+NON_EMPTY_TRANSLATION_UNIT
+#else
 
 # include <stdio.h>
 # include <time.h>
-# include "cryptlib.h"
+# include "internal/cryptlib.h"
 # include <openssl/evp.h>
 # include <openssl/bn.h>
 # include <openssl/dsa.h>
-# include <openssl/rand.h>
 # include <openssl/sha.h>
 
-# ifndef OPENSSL_NO_DEPRECATED
 DSA *DSA_generate_parameters(int bits,
                              unsigned char *seed_in, int seed_len,
                              int *counter_ret, unsigned long *h_ret,
                              void (*callback) (int, int, void *),
                              void *cb_arg)
 {
-    BN_GENCB cb;
+    BN_GENCB *cb;
     DSA *ret;
 
     if ((ret = DSA_new()) == NULL)
         return NULL;
+    cb = BN_GENCB_new();
+    if (cb == NULL)
+        goto err;
 
-    BN_GENCB_set_old(&cb, callback, cb_arg);
+    BN_GENCB_set_old(cb, callback, cb_arg);
 
     if (DSA_generate_parameters_ex(ret, bits, seed_in, seed_len,
-                                   counter_ret, h_ret, &cb))
+                                   counter_ret, h_ret, cb)) {
+        BN_GENCB_free(cb);
         return ret;
+    }
+    BN_GENCB_free(cb);
+err:
     DSA_free(ret);
     return NULL;
 }
-# endif
 #endif
diff --git a/freebsd/crypto/openssl/crypto/dsa/dsa_err.c b/freebsd/crypto/openssl/crypto/dsa/dsa_err.c
index 7c2491f4..2e944be6 100644
--- a/freebsd/crypto/openssl/crypto/dsa/dsa_err.c
+++ b/freebsd/crypto/openssl/crypto/dsa/dsa_err.c
@@ -1,136 +1,78 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/dsa/dsa_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2018 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
 /*
- * NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
-#include <openssl/dsa.h>
+#include <openssl/dsaerr.h>
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSA,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSA,0,reason)
-
-static ERR_STRING_DATA DSA_str_functs[] = {
-    {ERR_FUNC(DSA_F_D2I_DSA_SIG), "d2i_DSA_SIG"},
-    {ERR_FUNC(DSA_F_DO_DSA_PRINT), "DO_DSA_PRINT"},
-    {ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"},
-    {ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP), "DSAparams_print_fp"},
-    {ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN2), "DSA_BUILTIN_PARAMGEN2"},
-    {ERR_FUNC(DSA_F_DSA_DO_SIGN), "DSA_do_sign"},
-    {ERR_FUNC(DSA_F_DSA_DO_VERIFY), "DSA_do_verify"},
-    {ERR_FUNC(DSA_F_DSA_GENERATE_KEY), "DSA_generate_key"},
-    {ERR_FUNC(DSA_F_DSA_GENERATE_PARAMETERS_EX),
-     "DSA_generate_parameters_ex"},
-    {ERR_FUNC(DSA_F_DSA_NEW_METHOD), "DSA_new_method"},
-    {ERR_FUNC(DSA_F_DSA_PARAM_DECODE), "DSA_PARAM_DECODE"},
-    {ERR_FUNC(DSA_F_DSA_PRINT_FP), "DSA_print_fp"},
-    {ERR_FUNC(DSA_F_DSA_PRIV_DECODE), "DSA_PRIV_DECODE"},
-    {ERR_FUNC(DSA_F_DSA_PRIV_ENCODE), "DSA_PRIV_ENCODE"},
-    {ERR_FUNC(DSA_F_DSA_PUB_DECODE), "DSA_PUB_DECODE"},
-    {ERR_FUNC(DSA_F_DSA_PUB_ENCODE), "DSA_PUB_ENCODE"},
-    {ERR_FUNC(DSA_F_DSA_SIGN), "DSA_sign"},
-    {ERR_FUNC(DSA_F_DSA_SIGN_SETUP), "DSA_sign_setup"},
-    {ERR_FUNC(DSA_F_DSA_SIG_NEW), "DSA_SIG_new"},
-    {ERR_FUNC(DSA_F_DSA_SIG_PRINT), "DSA_SIG_PRINT"},
-    {ERR_FUNC(DSA_F_DSA_VERIFY), "DSA_verify"},
-    {ERR_FUNC(DSA_F_I2D_DSA_SIG), "i2d_DSA_SIG"},
-    {ERR_FUNC(DSA_F_OLD_DSA_PRIV_DECODE), "OLD_DSA_PRIV_DECODE"},
-    {ERR_FUNC(DSA_F_PKEY_DSA_CTRL), "PKEY_DSA_CTRL"},
-    {ERR_FUNC(DSA_F_PKEY_DSA_CTRL_STR), "PKEY_DSA_CTRL_STR"},
-    {ERR_FUNC(DSA_F_PKEY_DSA_KEYGEN), "PKEY_DSA_KEYGEN"},
-    {ERR_FUNC(DSA_F_SIG_CB), "SIG_CB"},
+static const ERR_STRING_DATA DSA_str_functs[] = {
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSAPARAMS_PRINT, 0), "DSAparams_print"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSAPARAMS_PRINT_FP, 0), "DSAparams_print_fp"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_BUILTIN_PARAMGEN, 0),
+     "dsa_builtin_paramgen"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_BUILTIN_PARAMGEN2, 0),
+     "dsa_builtin_paramgen2"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_DO_SIGN, 0), "DSA_do_sign"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_DO_VERIFY, 0), "DSA_do_verify"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_DUP, 0), "DSA_meth_dup"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_NEW, 0), "DSA_meth_new"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_SET1_NAME, 0), "DSA_meth_set1_name"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_NEW_METHOD, 0), "DSA_new_method"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_PARAM_DECODE, 0), "dsa_param_decode"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_PRINT_FP, 0), "DSA_print_fp"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_PRIV_DECODE, 0), "dsa_priv_decode"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_PRIV_ENCODE, 0), "dsa_priv_encode"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_PUB_DECODE, 0), "dsa_pub_decode"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_PUB_ENCODE, 0), "dsa_pub_encode"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_SIGN, 0), "DSA_sign"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_SIGN_SETUP, 0), "DSA_sign_setup"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_SIG_NEW, 0), "DSA_SIG_new"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_OLD_DSA_PRIV_DECODE, 0),
+     "old_dsa_priv_decode"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_PKEY_DSA_CTRL, 0), "pkey_dsa_ctrl"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_PKEY_DSA_CTRL_STR, 0), "pkey_dsa_ctrl_str"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_PKEY_DSA_KEYGEN, 0), "pkey_dsa_keygen"},
     {0, NULL}
 };
 
-static ERR_STRING_DATA DSA_str_reasons[] = {
-    {ERR_REASON(DSA_R_BAD_Q_VALUE), "bad q value"},
-    {ERR_REASON(DSA_R_BN_DECODE_ERROR), "bn decode error"},
-    {ERR_REASON(DSA_R_BN_ERROR), "bn error"},
-    {ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),
-     "data too large for key size"},
-    {ERR_REASON(DSA_R_DECODE_ERROR), "decode error"},
-    {ERR_REASON(DSA_R_INVALID_DIGEST_TYPE), "invalid digest type"},
-    {ERR_REASON(DSA_R_INVALID_PARAMETERS), "invalid parameters"},
-    {ERR_REASON(DSA_R_MISSING_PARAMETERS), "missing parameters"},
-    {ERR_REASON(DSA_R_MODULUS_TOO_LARGE), "modulus too large"},
-    {ERR_REASON(DSA_R_NEED_NEW_SETUP_VALUES), "need new setup values"},
-    {ERR_REASON(DSA_R_NON_FIPS_DSA_METHOD), "non fips dsa method"},
-    {ERR_REASON(DSA_R_NO_PARAMETERS_SET), "no parameters set"},
-    {ERR_REASON(DSA_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"},
-    {ERR_REASON(DSA_R_Q_NOT_PRIME), "q not prime"},
+static const ERR_STRING_DATA DSA_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BAD_Q_VALUE), "bad q value"},
+    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BN_DECODE_ERROR), "bn decode error"},
+    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BN_ERROR), "bn error"},
+    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_DECODE_ERROR), "decode error"},
+    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_INVALID_DIGEST_TYPE),
+    "invalid digest type"},
+    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_INVALID_PARAMETERS), "invalid parameters"},
+    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MISSING_PARAMETERS), "missing parameters"},
+    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MODULUS_TOO_LARGE), "modulus too large"},
+    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_NO_PARAMETERS_SET), "no parameters set"},
+    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_PARAMETER_ENCODING_ERROR),
+    "parameter encoding error"},
+    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_Q_NOT_PRIME), "q not prime"},
+    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_SEED_LEN_SMALL),
+    "seed_len is less than the length of q"},
     {0, NULL}
 };
 
 #endif
 
-void ERR_load_DSA_strings(void)
+int ERR_load_DSA_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
-
     if (ERR_func_error_string(DSA_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, DSA_str_functs);
-        ERR_load_strings(0, DSA_str_reasons);
+        ERR_load_strings_const(DSA_str_functs);
+        ERR_load_strings_const(DSA_str_reasons);
     }
 #endif
+    return 1;
 }
diff --git a/freebsd/crypto/openssl/crypto/dsa/dsa_gen.c b/freebsd/crypto/openssl/crypto/dsa/dsa_gen.c
index ca54fb18..739abcd8 100644
--- a/freebsd/crypto/openssl/crypto/dsa/dsa_gen.c
+++ b/freebsd/crypto/openssl/crypto/dsa/dsa_gen.c
@@ -1,120 +1,38 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/dsa/dsa_gen.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#undef GENUINE_DSA
-
-#ifdef GENUINE_DSA
-/*
- * Parameter generation follows the original release of FIPS PUB 186,
- * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180)
- */
-# define HASH    EVP_sha()
-#else
 /*
  * Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
  * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in FIPS PUB
  * 180-1)
  */
-# define HASH    EVP_sha1()
-#endif
-
-#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_SHA is defined */
-
-#ifndef OPENSSL_NO_SHA
-
-# include <stdio.h>
-# include "cryptlib.h"
-# include <openssl/evp.h>
-# include <openssl/bn.h>
-# include <openssl/rand.h>
-# include <openssl/sha.h>
-# include "dsa_locl.h"
+#define xxxHASH    EVP_sha1()
 
-# ifdef OPENSSL_FIPS
-/* Workaround bug in prototype */
-#  define fips_dsa_builtin_paramgen2 fips_dsa_paramgen_bad
-#  include <openssl/fips.h>
-# endif
+#include <openssl/opensslconf.h>
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+#include <openssl/sha.h>
+#include "dsa_locl.h"
 
 int DSA_generate_parameters_ex(DSA *ret, int bits,
                                const unsigned char *seed_in, int seed_len,
                                int *counter_ret, unsigned long *h_ret,
                                BN_GENCB *cb)
 {
-# ifdef OPENSSL_FIPS
-    if (FIPS_mode() && !(ret->meth->flags & DSA_FLAG_FIPS_METHOD)
-        && !(ret->flags & DSA_FLAG_NON_FIPS_ALLOW)) {
-        DSAerr(DSA_F_DSA_GENERATE_PARAMETERS_EX, DSA_R_NON_FIPS_DSA_METHOD);
-        return 0;
-    }
-# endif
     if (ret->meth->dsa_paramgen)
         return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
                                        counter_ret, h_ret, cb);
-# ifdef OPENSSL_FIPS
-    else if (FIPS_mode()) {
-        return FIPS_dsa_generate_parameters_ex(ret, bits,
-                                               seed_in, seed_len,
-                                               counter_ret, h_ret, cb);
-    }
-# endif
     else {
         const EVP_MD *evpmd = bits >= 2048 ? EVP_sha256() : EVP_sha1();
         size_t qbits = EVP_MD_size(evpmd) * 8;
@@ -164,18 +82,17 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
 
     bits = (bits + 63) / 64 * 64;
 
-    /*
-     * NB: seed_len == 0 is special case: copy generated seed to seed_in if
-     * it is not NULL.
-     */
-    if (seed_len && (seed_len < (size_t)qsize))
-        seed_in = NULL;         /* seed buffer too small -- ignore */
-    if (seed_len > (size_t)qsize)
-        seed_len = qsize;       /* App. 2.2 of FIPS PUB 186 allows larger
-                                 * SEED, but our internal buffers are
-                                 * restricted to 160 bits */
-    if (seed_in != NULL)
+    if (seed_in != NULL) {
+        if (seed_len < (size_t)qsize) {
+            DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN, DSA_R_SEED_LEN_SMALL);
+            return 0;
+        }
+        if (seed_len > (size_t)qsize) {
+            /* Only consume as much seed as is expected. */
+            seed_len = qsize;
+        }
         memcpy(seed, seed_in, seed_len);
+    }
 
     if ((mont = BN_MONT_CTX_new()) == NULL)
         goto err;
@@ -202,20 +119,18 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
 
     for (;;) {
         for (;;) {              /* find q */
-            int seed_is_random;
+            int use_random_seed = (seed_in == NULL);
 
             /* step 1 */
             if (!BN_GENCB_call(cb, 0, m++))
                 goto err;
 
-            if (!seed_len || !seed_in) {
+            if (use_random_seed) {
                 if (RAND_bytes(seed, qsize) <= 0)
                     goto err;
-                seed_is_random = 1;
             } else {
-                seed_is_random = 0;
-                seed_len = 0;   /* use random seed if 'seed_in' turns out to
-                                 * be bad */
+                /* If we come back through, use random seed next time. */
+                seed_in = NULL;
             }
             memcpy(buf, seed, qsize);
             memcpy(buf2, seed, qsize);
@@ -242,7 +157,7 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
 
             /* step 4 */
             r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,
-                                        seed_is_random, cb);
+                                        use_random_seed, cb);
             if (r > 0)
                 break;
             if (r != 0)
@@ -362,12 +277,9 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
     ok = 1;
  err:
     if (ok) {
-        if (ret->p)
-            BN_free(ret->p);
-        if (ret->q)
-            BN_free(ret->q);
-        if (ret->g)
-            BN_free(ret->g);
+        BN_free(ret->p);
+        BN_free(ret->q);
+        BN_free(ret->g);
         ret->p = BN_dup(p);
         ret->q = BN_dup(q);
         ret->g = BN_dup(g);
@@ -382,26 +294,13 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
         if (seed_out)
             memcpy(seed_out, seed, qsize);
     }
-    if (ctx) {
+    if (ctx)
         BN_CTX_end(ctx);
-        BN_CTX_free(ctx);
-    }
-    if (mont != NULL)
-        BN_MONT_CTX_free(mont);
+    BN_CTX_free(ctx);
+    BN_MONT_CTX_free(mont);
     return ok;
 }
 
-# ifdef OPENSSL_FIPS
-#  undef fips_dsa_builtin_paramgen2
-extern int fips_dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
-                                      const EVP_MD *evpmd,
-                                      const unsigned char *seed_in,
-                                      size_t seed_len, int idx,
-                                      unsigned char *seed_out,
-                                      int *counter_ret, unsigned long *h_ret,
-                                      BN_GENCB *cb);
-# endif
-
 /*
  * This is a parameter generation algorithm for the DSA2 algorithm as
  * described in FIPS 186-3.
@@ -424,18 +323,11 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
     int counter = 0;
     int r = 0;
     BN_CTX *ctx = NULL;
-    EVP_MD_CTX mctx;
+    EVP_MD_CTX *mctx = EVP_MD_CTX_new();
     unsigned int h = 2;
 
-# ifdef OPENSSL_FIPS
-
-    if (FIPS_mode())
-        return fips_dsa_builtin_paramgen2(ret, L, N, evpmd,
-                                          seed_in, seed_len, idx,
-                                          seed_out, counter_ret, h_ret, cb);
-# endif
-
-    EVP_MD_CTX_init(&mctx);
+    if (mctx == NULL)
+        goto err;
 
     if (evpmd == NULL) {
         if (N == 160)
@@ -447,7 +339,7 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
     }
 
     mdsize = EVP_MD_size(evpmd);
-    /* If unverificable g generation only don't need seed */
+    /* If unverifiable g generation only don't need seed */
     if (!ret->p || !ret->q || idx >= 0) {
         if (seed_len == 0)
             seed_len = mdsize;
@@ -459,7 +351,7 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
         else
             seed_tmp = OPENSSL_malloc(seed_len);
 
-        if (!seed || !seed_tmp)
+        if (seed == NULL || seed_tmp == NULL)
             goto err;
 
         if (seed_in)
@@ -480,6 +372,8 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
     X = BN_CTX_get(ctx);
     c = BN_CTX_get(ctx);
     test = BN_CTX_get(ctx);
+    if (test == NULL)
+        goto err;
 
     /* if p, q already supplied generate g only */
     if (ret->p && ret->q) {
@@ -656,15 +550,15 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
             md[0] = idx & 0xff;
             md[1] = (h >> 8) & 0xff;
             md[2] = h & 0xff;
-            if (!EVP_DigestInit_ex(&mctx, evpmd, NULL))
+            if (!EVP_DigestInit_ex(mctx, evpmd, NULL))
                 goto err;
-            if (!EVP_DigestUpdate(&mctx, seed_tmp, seed_len))
+            if (!EVP_DigestUpdate(mctx, seed_tmp, seed_len))
                 goto err;
-            if (!EVP_DigestUpdate(&mctx, ggen, sizeof(ggen)))
+            if (!EVP_DigestUpdate(mctx, ggen, sizeof(ggen)))
                 goto err;
-            if (!EVP_DigestUpdate(&mctx, md, 3))
+            if (!EVP_DigestUpdate(mctx, md, 3))
                 goto err;
-            if (!EVP_DigestFinal_ex(&mctx, md, NULL))
+            if (!EVP_DigestFinal_ex(mctx, md, NULL))
                 goto err;
             if (!BN_bin2bn(md, mdsize, test))
                 goto err;
@@ -688,17 +582,14 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
  err:
     if (ok == 1) {
         if (p != ret->p) {
-            if (ret->p)
-                BN_free(ret->p);
+            BN_free(ret->p);
             ret->p = BN_dup(p);
         }
         if (q != ret->q) {
-            if (ret->q)
-                BN_free(ret->q);
+            BN_free(ret->q);
             ret->q = BN_dup(q);
         }
-        if (ret->g)
-            BN_free(ret->g);
+        BN_free(ret->g);
         ret->g = BN_dup(g);
         if (ret->p == NULL || ret->q == NULL || ret->g == NULL) {
             ok = -1;
@@ -709,54 +600,13 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
         if (h_ret != NULL)
             *h_ret = h;
     }
-    if (seed)
-        OPENSSL_free(seed);
+    OPENSSL_free(seed);
     if (seed_out != seed_tmp)
         OPENSSL_free(seed_tmp);
-    if (ctx) {
+    if (ctx)
         BN_CTX_end(ctx);
-        BN_CTX_free(ctx);
-    }
-    if (mont != NULL)
-        BN_MONT_CTX_free(mont);
-    EVP_MD_CTX_cleanup(&mctx);
-    return ok;
-}
-
-int dsa_paramgen_check_g(DSA *dsa)
-{
-    BN_CTX *ctx;
-    BIGNUM *tmp;
-    BN_MONT_CTX *mont = NULL;
-    int rv = -1;
-    ctx = BN_CTX_new();
-    if (!ctx)
-        return -1;
-    BN_CTX_start(ctx);
-    if (BN_cmp(dsa->g, BN_value_one()) <= 0)
-        return 0;
-    if (BN_cmp(dsa->g, dsa->p) >= 0)
-        return 0;
-    tmp = BN_CTX_get(ctx);
-    if (!tmp)
-        goto err;
-    if ((mont = BN_MONT_CTX_new()) == NULL)
-        goto err;
-    if (!BN_MONT_CTX_set(mont, dsa->p, ctx))
-        goto err;
-    /* Work out g^q mod p */
-    if (!BN_mod_exp_mont(tmp, dsa->g, dsa->q, dsa->p, ctx, mont))
-        goto err;
-    if (!BN_cmp(tmp, BN_value_one()))
-        rv = 1;
-    else
-        rv = 0;
- err:
-    BN_CTX_end(ctx);
-    if (mont)
-        BN_MONT_CTX_free(mont);
     BN_CTX_free(ctx);
-    return rv;
-
+    BN_MONT_CTX_free(mont);
+    EVP_MD_CTX_free(mctx);
+    return ok;
 }
-#endif
diff --git a/freebsd/crypto/openssl/crypto/dsa/dsa_key.c b/freebsd/crypto/openssl/crypto/dsa/dsa_key.c
index 3732b13b..a5dfc593 100644
--- a/freebsd/crypto/openssl/crypto/dsa/dsa_key.c
+++ b/freebsd/crypto/openssl/crypto/dsa/dsa_key.c
@@ -1,92 +1,26 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/dsa/dsa_key.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <time.h>
-#include "cryptlib.h"
-#ifndef OPENSSL_NO_SHA
-# include <openssl/bn.h>
-# include <openssl/dsa.h>
-# include <openssl/rand.h>
-
-# ifdef OPENSSL_FIPS
-#  include <openssl/fips.h>
-# endif
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include "dsa_locl.h"
 
 static int dsa_builtin_keygen(DSA *dsa);
 
 int DSA_generate_key(DSA *dsa)
 {
-# ifdef OPENSSL_FIPS
-    if (FIPS_mode() && !(dsa->meth->flags & DSA_FLAG_FIPS_METHOD)
-        && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) {
-        DSAerr(DSA_F_DSA_GENERATE_KEY, DSA_R_NON_FIPS_DSA_METHOD);
-        return 0;
-    }
-# endif
     if (dsa->meth->dsa_keygen)
         return dsa->meth->dsa_keygen(dsa);
-# ifdef OPENSSL_FIPS
-    if (FIPS_mode())
-        return FIPS_dsa_generate_key(dsa);
-# endif
     return dsa_builtin_keygen(dsa);
 }
 
@@ -100,13 +34,13 @@ static int dsa_builtin_keygen(DSA *dsa)
         goto err;
 
     if (dsa->priv_key == NULL) {
-        if ((priv_key = BN_new()) == NULL)
+        if ((priv_key = BN_secure_new()) == NULL)
             goto err;
     } else
         priv_key = dsa->priv_key;
 
     do
-        if (!BN_rand_range(priv_key, dsa->q))
+        if (!BN_priv_rand_range(priv_key, dsa->q))
             goto err;
     while (BN_is_zero(priv_key)) ;
 
@@ -117,18 +51,18 @@ static int dsa_builtin_keygen(DSA *dsa)
         pub_key = dsa->pub_key;
 
     {
-        BIGNUM local_prk;
-        BIGNUM *prk;
+        BIGNUM *prk = BN_new();
 
-        if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
-            BN_init(&local_prk);
-            prk = &local_prk;
-            BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
-        } else
-            prk = priv_key;
+        if (prk == NULL)
+            goto err;
+        BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
 
-        if (!BN_mod_exp(pub_key, dsa->g, prk, dsa->p, ctx))
+        if (!BN_mod_exp(pub_key, dsa->g, prk, dsa->p, ctx)) {
+            BN_free(prk);
             goto err;
+        }
+        /* We MUST free prk before any further use of priv_key */
+        BN_free(prk);
     }
 
     dsa->priv_key = priv_key;
@@ -136,12 +70,10 @@ static int dsa_builtin_keygen(DSA *dsa)
     ok = 1;
 
  err:
-    if ((pub_key != NULL) && (dsa->pub_key == NULL))
+    if (pub_key != dsa->pub_key)
         BN_free(pub_key);
-    if ((priv_key != NULL) && (dsa->priv_key == NULL))
+    if (priv_key != dsa->priv_key)
         BN_free(priv_key);
-    if (ctx != NULL)
-        BN_CTX_free(ctx);
-    return (ok);
+    BN_CTX_free(ctx);
+    return ok;
 }
-#endif
diff --git a/freebsd/crypto/openssl/crypto/dsa/dsa_lib.c b/freebsd/crypto/openssl/crypto/dsa/dsa_lib.c
index 639c91c5..9b0a01f2 100644
--- a/freebsd/crypto/openssl/crypto/dsa/dsa_lib.c
+++ b/freebsd/crypto/openssl/crypto/dsa/dsa_lib.c
@@ -1,104 +1,22 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/dsa/dsa_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
-
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
+#include "internal/refcount.h"
 #include <openssl/bn.h>
-#include <openssl/dsa.h>
+#include "dsa_locl.h"
 #include <openssl/asn1.h>
-#ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
-#endif
-#ifndef OPENSSL_NO_DH
-# include <openssl/dh.h>
-#endif
-
-#ifdef OPENSSL_FIPS
-# include <openssl/fips.h>
-#endif
-
-const char DSA_version[] = "DSA" OPENSSL_VERSION_PTEXT;
-
-static const DSA_METHOD *default_DSA_method = NULL;
-
-void DSA_set_default_method(const DSA_METHOD *meth)
-{
-    default_DSA_method = meth;
-}
-
-const DSA_METHOD *DSA_get_default_method(void)
-{
-    if (!default_DSA_method) {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode())
-            return FIPS_dsa_openssl();
-        else
-            return DSA_OpenSSL();
-#else
-        default_DSA_method = DSA_OpenSSL();
-#endif
-    }
-    return default_DSA_method;
-}
+#include <openssl/engine.h>
+#include <openssl/dh.h>
 
 DSA *DSA_new(void)
 {
@@ -116,10 +34,8 @@ int DSA_set_method(DSA *dsa, const DSA_METHOD *meth)
     if (mtmp->finish)
         mtmp->finish(dsa);
 #ifndef OPENSSL_NO_ENGINE
-    if (dsa->engine) {
-        ENGINE_finish(dsa->engine);
-        dsa->engine = NULL;
-    }
+    ENGINE_finish(dsa->engine);
+    dsa->engine = NULL;
 #endif
     dsa->meth = meth;
     if (meth->init)
@@ -127,65 +43,63 @@ int DSA_set_method(DSA *dsa, const DSA_METHOD *meth)
     return 1;
 }
 
+const DSA_METHOD *DSA_get_method(DSA *d)
+{
+    return d->meth;
+}
+
 DSA *DSA_new_method(ENGINE *engine)
 {
-    DSA *ret;
+    DSA *ret = OPENSSL_zalloc(sizeof(*ret));
 
-    ret = (DSA *)OPENSSL_malloc(sizeof(DSA));
     if (ret == NULL) {
         DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
-        return (NULL);
+        return NULL;
+    }
+
+    ret->references = 1;
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
     }
+
     ret->meth = DSA_get_default_method();
 #ifndef OPENSSL_NO_ENGINE
+    ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW; /* early default init */
     if (engine) {
         if (!ENGINE_init(engine)) {
             DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB);
-            OPENSSL_free(ret);
-            return NULL;
+            goto err;
         }
         ret->engine = engine;
     } else
         ret->engine = ENGINE_get_default_DSA();
     if (ret->engine) {
         ret->meth = ENGINE_get_DSA(ret->engine);
-        if (!ret->meth) {
+        if (ret->meth == NULL) {
             DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB);
-            ENGINE_finish(ret->engine);
-            OPENSSL_free(ret);
-            return NULL;
+            goto err;
         }
     }
 #endif
 
-    ret->pad = 0;
-    ret->version = 0;
-    ret->write_params = 1;
-    ret->p = NULL;
-    ret->q = NULL;
-    ret->g = NULL;
-
-    ret->pub_key = NULL;
-    ret->priv_key = NULL;
+    ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW;
 
-    ret->kinv = NULL;
-    ret->r = NULL;
-    ret->method_mont_p = NULL;
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data))
+        goto err;
 
-    ret->references = 1;
-    ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW;
-    CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
     if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
-#ifndef OPENSSL_NO_ENGINE
-        if (ret->engine)
-            ENGINE_finish(ret->engine);
-#endif
-        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
-        OPENSSL_free(ret);
-        ret = NULL;
+        DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_INIT_FAIL);
+        goto err;
     }
 
-    return (ret);
+    return ret;
+
+ err:
+    DSA_free(ret);
+    return NULL;
 }
 
 void DSA_free(DSA *r)
@@ -195,57 +109,39 @@ void DSA_free(DSA *r)
     if (r == NULL)
         return;
 
-    i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DSA);
-#ifdef REF_PRINT
-    REF_PRINT("DSA", r);
-#endif
+    CRYPTO_DOWN_REF(&r->references, &i, r->lock);
+    REF_PRINT_COUNT("DSA", r);
     if (i > 0)
         return;
-#ifdef REF_CHECK
-    if (i < 0) {
-        fprintf(stderr, "DSA_free, bad reference count\n");
-        abort();
-    }
-#endif
+    REF_ASSERT_ISNT(i < 0);
 
-    if (r->meth->finish)
+    if (r->meth != NULL && r->meth->finish != NULL)
         r->meth->finish(r);
 #ifndef OPENSSL_NO_ENGINE
-    if (r->engine)
-        ENGINE_finish(r->engine);
+    ENGINE_finish(r->engine);
 #endif
 
     CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data);
 
-    if (r->p != NULL)
-        BN_clear_free(r->p);
-    if (r->q != NULL)
-        BN_clear_free(r->q);
-    if (r->g != NULL)
-        BN_clear_free(r->g);
-    if (r->pub_key != NULL)
-        BN_clear_free(r->pub_key);
-    if (r->priv_key != NULL)
-        BN_clear_free(r->priv_key);
-    if (r->kinv != NULL)
-        BN_clear_free(r->kinv);
-    if (r->r != NULL)
-        BN_clear_free(r->r);
+    CRYPTO_THREAD_lock_free(r->lock);
+
+    BN_clear_free(r->p);
+    BN_clear_free(r->q);
+    BN_clear_free(r->g);
+    BN_clear_free(r->pub_key);
+    BN_clear_free(r->priv_key);
     OPENSSL_free(r);
 }
 
 int DSA_up_ref(DSA *r)
 {
-    int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DSA);
-#ifdef REF_PRINT
-    REF_PRINT("DSA", r);
-#endif
-#ifdef REF_CHECK
-    if (i < 2) {
-        fprintf(stderr, "DSA_up_ref, bad reference count\n");
-        abort();
-    }
-#endif
+    int i;
+
+    if (CRYPTO_UP_REF(&r->references, &i, r->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("DSA", r);
+    REF_ASSERT_ISNT(i < 2);
     return ((i > 1) ? 1 : 0);
 }
 
@@ -268,24 +164,24 @@ int DSA_size(const DSA *r)
     i = i2d_ASN1_INTEGER(&bs, NULL);
     i += i;                     /* r and s */
     ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE);
-    return (ret);
+    return ret;
 }
 
-int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-                         CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+int DSA_set_ex_data(DSA *d, int idx, void *arg)
 {
-    return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, argl, argp,
-                                   new_func, dup_func, free_func);
+    return CRYPTO_set_ex_data(&d->ex_data, idx, arg);
 }
 
-int DSA_set_ex_data(DSA *d, int idx, void *arg)
+void *DSA_get_ex_data(DSA *d, int idx)
 {
-    return (CRYPTO_set_ex_data(&d->ex_data, idx, arg));
+    return CRYPTO_get_ex_data(&d->ex_data, idx);
 }
 
-void *DSA_get_ex_data(DSA *d, int idx)
+int DSA_security_bits(const DSA *d)
 {
-    return (CRYPTO_get_ex_data(&d->ex_data, idx));
+    if (d->p && d->q)
+        return BN_security_bits(BN_num_bits(d->p), BN_num_bits(d->q));
+    return -1;
 }
 
 #ifndef OPENSSL_NO_DH
@@ -297,35 +193,168 @@ DH *DSA_dup_DH(const DSA *r)
      */
 
     DH *ret = NULL;
+    BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub_key = NULL, *priv_key = NULL;
 
     if (r == NULL)
         goto err;
     ret = DH_new();
     if (ret == NULL)
         goto err;
-    if (r->p != NULL)
-        if ((ret->p = BN_dup(r->p)) == NULL)
+    if (r->p != NULL || r->g != NULL || r->q != NULL) {
+        if (r->p == NULL || r->g == NULL || r->q == NULL) {
+            /* Shouldn't happen */
             goto err;
-    if (r->q != NULL) {
-        ret->length = BN_num_bits(r->q);
-        if ((ret->q = BN_dup(r->q)) == NULL)
+        }
+        p = BN_dup(r->p);
+        g = BN_dup(r->g);
+        q = BN_dup(r->q);
+        if (p == NULL || g == NULL || q == NULL || !DH_set0_pqg(ret, p, q, g))
             goto err;
+        p = g = q = NULL;
     }
-    if (r->g != NULL)
-        if ((ret->g = BN_dup(r->g)) == NULL)
-            goto err;
-    if (r->pub_key != NULL)
-        if ((ret->pub_key = BN_dup(r->pub_key)) == NULL)
+
+    if (r->pub_key != NULL) {
+        pub_key = BN_dup(r->pub_key);
+        if (pub_key == NULL)
             goto err;
-    if (r->priv_key != NULL)
-        if ((ret->priv_key = BN_dup(r->priv_key)) == NULL)
+        if (r->priv_key != NULL) {
+            priv_key = BN_dup(r->priv_key);
+            if (priv_key == NULL)
+                goto err;
+        }
+        if (!DH_set0_key(ret, pub_key, priv_key))
             goto err;
+    } else if (r->priv_key != NULL) {
+        /* Shouldn't happen */
+        goto err;
+    }
 
     return ret;
 
  err:
-    if (ret != NULL)
-        DH_free(ret);
+    BN_free(p);
+    BN_free(g);
+    BN_free(q);
+    BN_free(pub_key);
+    BN_free(priv_key);
+    DH_free(ret);
     return NULL;
 }
 #endif
+
+void DSA_get0_pqg(const DSA *d,
+                  const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
+{
+    if (p != NULL)
+        *p = d->p;
+    if (q != NULL)
+        *q = d->q;
+    if (g != NULL)
+        *g = d->g;
+}
+
+int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g)
+{
+    /* If the fields p, q and g in d are NULL, the corresponding input
+     * parameters MUST be non-NULL.
+     */
+    if ((d->p == NULL && p == NULL)
+        || (d->q == NULL && q == NULL)
+        || (d->g == NULL && g == NULL))
+        return 0;
+
+    if (p != NULL) {
+        BN_free(d->p);
+        d->p = p;
+    }
+    if (q != NULL) {
+        BN_free(d->q);
+        d->q = q;
+    }
+    if (g != NULL) {
+        BN_free(d->g);
+        d->g = g;
+    }
+
+    return 1;
+}
+
+void DSA_get0_key(const DSA *d,
+                  const BIGNUM **pub_key, const BIGNUM **priv_key)
+{
+    if (pub_key != NULL)
+        *pub_key = d->pub_key;
+    if (priv_key != NULL)
+        *priv_key = d->priv_key;
+}
+
+int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key)
+{
+    /* If the field pub_key in d is NULL, the corresponding input
+     * parameters MUST be non-NULL.  The priv_key field may
+     * be left NULL.
+     */
+    if (d->pub_key == NULL && pub_key == NULL)
+        return 0;
+
+    if (pub_key != NULL) {
+        BN_free(d->pub_key);
+        d->pub_key = pub_key;
+    }
+    if (priv_key != NULL) {
+        BN_free(d->priv_key);
+        d->priv_key = priv_key;
+    }
+
+    return 1;
+}
+
+const BIGNUM *DSA_get0_p(const DSA *d)
+{
+    return d->p;
+}
+
+const BIGNUM *DSA_get0_q(const DSA *d)
+{
+    return d->q;
+}
+
+const BIGNUM *DSA_get0_g(const DSA *d)
+{
+    return d->g;
+}
+
+const BIGNUM *DSA_get0_pub_key(const DSA *d)
+{
+    return d->pub_key;
+}
+
+const BIGNUM *DSA_get0_priv_key(const DSA *d)
+{
+    return d->priv_key;
+}
+
+void DSA_clear_flags(DSA *d, int flags)
+{
+    d->flags &= ~flags;
+}
+
+int DSA_test_flags(const DSA *d, int flags)
+{
+    return d->flags & flags;
+}
+
+void DSA_set_flags(DSA *d, int flags)
+{
+    d->flags |= flags;
+}
+
+ENGINE *DSA_get0_engine(DSA *d)
+{
+    return d->engine;
+}
+
+int DSA_bits(const DSA *dsa)
+{
+    return BN_num_bits(dsa->p);
+}
diff --git a/freebsd/crypto/openssl/crypto/dsa/dsa_locl.h b/freebsd/crypto/openssl/crypto/dsa/dsa_locl.h
index 9c23c3ef..a81a4b49 100644
--- a/freebsd/crypto/openssl/crypto/dsa/dsa_locl.h
+++ b/freebsd/crypto/openssl/crypto/dsa/dsa_locl.h
@@ -1,58 +1,68 @@
-/* ====================================================================
- * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/dsa.h>
+#include "internal/refcount.h"
+
+struct dsa_st {
+    /*
+     * This first variable is used to pick up errors where a DSA is passed
+     * instead of of a EVP_PKEY
+     */
+    int pad;
+    int32_t version;
+    BIGNUM *p;
+    BIGNUM *q;                  /* == 20 */
+    BIGNUM *g;
+    BIGNUM *pub_key;            /* y public key */
+    BIGNUM *priv_key;           /* x private key */
+    int flags;
+    /* Normally used to cache montgomery values */
+    BN_MONT_CTX *method_mont_p;
+    CRYPTO_REF_COUNT references;
+    CRYPTO_EX_DATA ex_data;
+    const DSA_METHOD *meth;
+    /* functional reference if 'meth' is ENGINE-provided */
+    ENGINE *engine;
+    CRYPTO_RWLOCK *lock;
+};
+
+struct DSA_SIG_st {
+    BIGNUM *r;
+    BIGNUM *s;
+};
+
+struct dsa_method {
+    char *name;
+    DSA_SIG *(*dsa_do_sign) (const unsigned char *dgst, int dlen, DSA *dsa);
+    int (*dsa_sign_setup) (DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
+                           BIGNUM **rp);
+    int (*dsa_do_verify) (const unsigned char *dgst, int dgst_len,
+                          DSA_SIG *sig, DSA *dsa);
+    int (*dsa_mod_exp) (DSA *dsa, BIGNUM *rr, const BIGNUM *a1,
+                        const BIGNUM *p1, const BIGNUM *a2, const BIGNUM *p2,
+                        const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont);
+    /* Can be null */
+    int (*bn_mod_exp) (DSA *dsa, BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                       const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+    int (*init) (DSA *dsa);
+    int (*finish) (DSA *dsa);
+    int flags;
+    void *app_data;
+    /* If this is non-NULL, it is used to generate DSA parameters */
+    int (*dsa_paramgen) (DSA *dsa, int bits,
+                         const unsigned char *seed, int seed_len,
+                         int *counter_ret, unsigned long *h_ret,
+                         BN_GENCB *cb);
+    /* If this is non-NULL, it is used to generate DSA keys */
+    int (*dsa_keygen) (DSA *dsa);
+};
 
 int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
                          const EVP_MD *evpmd, const unsigned char *seed_in,
@@ -65,5 +75,3 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
                           size_t seed_len, int idx, unsigned char *seed_out,
                           int *counter_ret, unsigned long *h_ret,
                           BN_GENCB *cb);
-
-int dsa_paramgen_check_g(DSA *dsa);
diff --git a/freebsd/crypto/openssl/crypto/dsa/dsa_meth.c b/freebsd/crypto/openssl/crypto/dsa/dsa_meth.c
new file mode 100644
index 00000000..7995393a
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/dsa/dsa_meth.c
@@ -0,0 +1,226 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+#include "dsa_locl.h"
+#include <string.h>
+#include <openssl/err.h>
+
+DSA_METHOD *DSA_meth_new(const char *name, int flags)
+{
+    DSA_METHOD *dsam = OPENSSL_zalloc(sizeof(*dsam));
+
+    if (dsam != NULL) {
+        dsam->flags = flags;
+
+        dsam->name = OPENSSL_strdup(name);
+        if (dsam->name != NULL)
+            return dsam;
+
+        OPENSSL_free(dsam);
+    }
+
+    DSAerr(DSA_F_DSA_METH_NEW, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+void DSA_meth_free(DSA_METHOD *dsam)
+{
+    if (dsam != NULL) {
+        OPENSSL_free(dsam->name);
+        OPENSSL_free(dsam);
+    }
+}
+
+DSA_METHOD *DSA_meth_dup(const DSA_METHOD *dsam)
+{
+    DSA_METHOD *ret = OPENSSL_malloc(sizeof(*ret));
+
+    if (ret != NULL) {
+        memcpy(ret, dsam, sizeof(*dsam));
+
+        ret->name = OPENSSL_strdup(dsam->name);
+        if (ret->name != NULL)
+            return ret;
+
+        OPENSSL_free(ret);
+    }
+
+    DSAerr(DSA_F_DSA_METH_DUP, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+const char *DSA_meth_get0_name(const DSA_METHOD *dsam)
+{
+    return dsam->name;
+}
+
+int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name)
+{
+    char *tmpname = OPENSSL_strdup(name);
+
+    if (tmpname == NULL) {
+        DSAerr(DSA_F_DSA_METH_SET1_NAME, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    OPENSSL_free(dsam->name);
+    dsam->name = tmpname;
+
+    return 1;
+}
+
+int DSA_meth_get_flags(const DSA_METHOD *dsam)
+{
+    return dsam->flags;
+}
+
+int DSA_meth_set_flags(DSA_METHOD *dsam, int flags)
+{
+    dsam->flags = flags;
+    return 1;
+}
+
+void *DSA_meth_get0_app_data(const DSA_METHOD *dsam)
+{
+    return dsam->app_data;
+}
+
+int DSA_meth_set0_app_data(DSA_METHOD *dsam, void *app_data)
+{
+    dsam->app_data = app_data;
+    return 1;
+}
+
+DSA_SIG *(*DSA_meth_get_sign(const DSA_METHOD *dsam))
+        (const unsigned char *, int, DSA *)
+{
+    return dsam->dsa_do_sign;
+}
+
+int DSA_meth_set_sign(DSA_METHOD *dsam,
+                       DSA_SIG *(*sign) (const unsigned char *, int, DSA *))
+{
+    dsam->dsa_do_sign = sign;
+    return 1;
+}
+
+int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam))
+        (DSA *, BN_CTX *, BIGNUM **, BIGNUM **)
+{
+    return dsam->dsa_sign_setup;
+}
+
+int DSA_meth_set_sign_setup(DSA_METHOD *dsam,
+        int (*sign_setup) (DSA *, BN_CTX *, BIGNUM **, BIGNUM **))
+{
+    dsam->dsa_sign_setup = sign_setup;
+    return 1;
+}
+
+int (*DSA_meth_get_verify(const DSA_METHOD *dsam))
+        (const unsigned char *, int, DSA_SIG *, DSA *)
+{
+    return dsam->dsa_do_verify;
+}
+
+int DSA_meth_set_verify(DSA_METHOD *dsam,
+    int (*verify) (const unsigned char *, int, DSA_SIG *, DSA *))
+{
+    dsam->dsa_do_verify = verify;
+    return 1;
+}
+
+int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam))
+        (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *,
+         const BIGNUM *, const BIGNUM *, BN_CTX *, BN_MONT_CTX *)
+{
+    return dsam->dsa_mod_exp;
+}
+
+int DSA_meth_set_mod_exp(DSA_METHOD *dsam,
+    int (*mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *,
+                    const BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *,
+                    BN_MONT_CTX *))
+{
+    dsam->dsa_mod_exp = mod_exp;
+    return 1;
+}
+
+int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam))
+    (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *,
+     BN_MONT_CTX *)
+{
+    return dsam->bn_mod_exp;
+}
+
+int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam,
+    int (*bn_mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *,
+                       const BIGNUM *, BN_CTX *, BN_MONT_CTX *))
+{
+    dsam->bn_mod_exp = bn_mod_exp;
+    return 1;
+}
+
+int (*DSA_meth_get_init(const DSA_METHOD *dsam))(DSA *)
+{
+    return dsam->init;
+}
+
+int DSA_meth_set_init(DSA_METHOD *dsam, int (*init)(DSA *))
+{
+    dsam->init = init;
+    return 1;
+}
+
+int (*DSA_meth_get_finish(const DSA_METHOD *dsam)) (DSA *)
+{
+    return dsam->finish;
+}
+
+int DSA_meth_set_finish(DSA_METHOD *dsam, int (*finish) (DSA *))
+{
+    dsam->finish = finish;
+    return 1;
+}
+
+int (*DSA_meth_get_paramgen(const DSA_METHOD *dsam))
+        (DSA *, int, const unsigned char *, int, int *, unsigned long *,
+         BN_GENCB *)
+{
+    return dsam->dsa_paramgen;
+}
+
+int DSA_meth_set_paramgen(DSA_METHOD *dsam,
+        int (*paramgen) (DSA *, int, const unsigned char *, int, int *,
+                         unsigned long *, BN_GENCB *))
+{
+    dsam->dsa_paramgen = paramgen;
+    return 1;
+}
+
+int (*DSA_meth_get_keygen(const DSA_METHOD *dsam)) (DSA *)
+{
+    return dsam->dsa_keygen;
+}
+
+int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen) (DSA *))
+{
+    dsam->dsa_keygen = keygen;
+    return 1;
+}
diff --git a/freebsd/crypto/openssl/crypto/dsa/dsa_ossl.c b/freebsd/crypto/openssl/crypto/dsa/dsa_ossl.c
index dc6c2c94..c7e729d3 100644
--- a/freebsd/crypto/openssl/crypto/dsa/dsa_ossl.c
+++ b/freebsd/crypto/openssl/crypto/dsa/dsa_ossl.c
@@ -1,76 +1,26 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/dsa/dsa_ossl.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
-
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/bn.h>
 #include <openssl/sha.h>
-#include <openssl/dsa.h>
-#include <openssl/rand.h>
+#include "dsa_locl.h"
 #include <openssl/asn1.h>
 
 static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+static int dsa_sign_setup_no_digest(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
+                                    BIGNUM **rp);
 static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
-                          BIGNUM **rp);
+                          BIGNUM **rp, const unsigned char *dgst, int dlen);
 static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
                          DSA_SIG *sig, DSA *dsa);
 static int dsa_init(DSA *dsa);
@@ -79,53 +29,29 @@ static int dsa_finish(DSA *dsa);
 static DSA_METHOD openssl_dsa_meth = {
     "OpenSSL DSA method",
     dsa_do_sign,
-    dsa_sign_setup,
+    dsa_sign_setup_no_digest,
     dsa_do_verify,
     NULL,                       /* dsa_mod_exp, */
     NULL,                       /* dsa_bn_mod_exp, */
     dsa_init,
     dsa_finish,
-    0,
+    DSA_FLAG_FIPS_METHOD,
     NULL,
     NULL,
     NULL
 };
 
-/*-
- * These macro wrappers replace attempts to use the dsa_mod_exp() and
- * bn_mod_exp() handlers in the DSA_METHOD structure. We avoid the problem of
- * having a the macro work as an expression by bundling an "err_instr". So;
- *
- *     if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
- *                 dsa->method_mont_p)) goto err;
- *
- * can be replaced by;
- *
- *     DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, &k, dsa->p, ctx,
- *                 dsa->method_mont_p);
- */
+static const DSA_METHOD *default_DSA_method = &openssl_dsa_meth;
+
+void DSA_set_default_method(const DSA_METHOD *meth)
+{
+    default_DSA_method = meth;
+}
 
-#define DSA_MOD_EXP(err_instr,dsa,rr,a1,p1,a2,p2,m,ctx,in_mont) \
-        do { \
-        int _tmp_res53; \
-        if ((dsa)->meth->dsa_mod_exp) \
-                _tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), (a1), (p1), \
-                                (a2), (p2), (m), (ctx), (in_mont)); \
-        else \
-                _tmp_res53 = BN_mod_exp2_mont((rr), (a1), (p1), (a2), (p2), \
-                                (m), (ctx), (in_mont)); \
-        if (!_tmp_res53) err_instr; \
-        } while(0)
-#define DSA_BN_MOD_EXP(err_instr,dsa,r,a,p,m,ctx,m_ctx) \
-        do { \
-        int _tmp_res53; \
-        if ((dsa)->meth->bn_mod_exp) \
-                _tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), (a), (p), \
-                                (m), (ctx), (m_ctx)); \
-        else \
-                _tmp_res53 = BN_mod_exp_mont((r), (a), (p), (m), (ctx), (m_ctx)); \
-        if (!_tmp_res53) err_instr; \
-        } while(0)
+const DSA_METHOD *DSA_get_default_method(void)
+{
+    return default_DSA_method;
+}
 
 const DSA_METHOD *DSA_OpenSSL(void)
 {
@@ -134,21 +60,26 @@ const DSA_METHOD *DSA_OpenSSL(void)
 
 static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 {
-    BIGNUM *kinv = NULL, *r = NULL, *s = NULL;
+    BIGNUM *kinv = NULL;
     BIGNUM *m, *blind, *blindm, *tmp;
     BN_CTX *ctx = NULL;
     int reason = ERR_R_BN_LIB;
     DSA_SIG *ret = NULL;
-    int noredo = 0;
+    int rv = 0;
 
     if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL) {
         reason = DSA_R_MISSING_PARAMETERS;
         goto err;
     }
 
-    s = BN_new();
-    if (s == NULL)
+    ret = DSA_SIG_new();
+    if (ret == NULL)
+        goto err;
+    ret->r = BN_new();
+    ret->s = BN_new();
+    if (ret->r == NULL || ret->s == NULL)
         goto err;
+
     ctx = BN_CTX_new();
     if (ctx == NULL)
         goto err;
@@ -160,16 +91,8 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
         goto err;
 
  redo:
-    if ((dsa->kinv == NULL) || (dsa->r == NULL)) {
-        if (!DSA_sign_setup(dsa, ctx, &kinv, &r))
-            goto err;
-    } else {
-        kinv = dsa->kinv;
-        dsa->kinv = NULL;
-        r = dsa->r;
-        dsa->r = NULL;
-        noredo = 1;
-    }
+    if (!dsa_sign_setup(dsa, ctx, &kinv, &ret->r, dgst, dlen))
+        goto err;
 
     if (dlen > BN_num_bytes(dsa->q))
         /*
@@ -193,7 +116,8 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 
     /* Generate a blinding value */
     do {
-        if (!BN_rand(blind, BN_num_bits(dsa->q) - 1, -1, 0))
+        if (!BN_priv_rand(blind, BN_num_bits(dsa->q) - 1,
+                          BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY))
             goto err;
     } while (BN_is_zero(blind));
     BN_set_flags(blind, BN_FLG_CONSTTIME);
@@ -203,7 +127,7 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
     /* tmp := blind * priv_key * r mod q */
     if (!BN_mod_mul(tmp, blind, dsa->priv_key, dsa->q, ctx))
         goto err;
-    if (!BN_mod_mul(tmp, tmp, r, dsa->q, ctx))
+    if (!BN_mod_mul(tmp, tmp, ret->r, dsa->q, ctx))
         goto err;
 
     /* blindm := blind * m mod q */
@@ -211,53 +135,52 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
         goto err;
 
     /* s : = (blind * priv_key * r) + (blind * m) mod q */
-    if (!BN_mod_add_quick(s, tmp, blindm, dsa->q))
+    if (!BN_mod_add_quick(ret->s, tmp, blindm, dsa->q))
         goto err;
 
     /* s := s * k^-1 mod q */
-    if (!BN_mod_mul(s, s, kinv, dsa->q, ctx))
+    if (!BN_mod_mul(ret->s, ret->s, kinv, dsa->q, ctx))
         goto err;
 
     /* s:= s * blind^-1 mod q */
     if (BN_mod_inverse(blind, blind, dsa->q, ctx) == NULL)
         goto err;
-    if (!BN_mod_mul(s, s, blind, dsa->q, ctx))
+    if (!BN_mod_mul(ret->s, ret->s, blind, dsa->q, ctx))
         goto err;
 
     /*
      * Redo if r or s is zero as required by FIPS 186-3: this is very
      * unlikely.
      */
-    if (BN_is_zero(r) || BN_is_zero(s)) {
-        if (noredo) {
-            reason = DSA_R_NEED_NEW_SETUP_VALUES;
-            goto err;
-        }
+    if (BN_is_zero(ret->r) || BN_is_zero(ret->s))
         goto redo;
-    }
-    ret = DSA_SIG_new();
-    if (ret == NULL)
-        goto err;
-    ret->r = r;
-    ret->s = s;
+
+    rv = 1;
 
  err:
-    if (ret == NULL) {
+    if (rv == 0) {
         DSAerr(DSA_F_DSA_DO_SIGN, reason);
-        BN_free(r);
-        BN_free(s);
+        DSA_SIG_free(ret);
+        ret = NULL;
     }
     BN_CTX_free(ctx);
     BN_clear_free(kinv);
     return ret;
 }
 
-static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
-                          BIGNUM **rp)
+static int dsa_sign_setup_no_digest(DSA *dsa, BN_CTX *ctx_in,
+                                    BIGNUM **kinvp, BIGNUM **rp)
 {
-    BN_CTX *ctx;
-    BIGNUM k, kq, *K, *kinv = NULL, *r = NULL;
-    BIGNUM l, m;
+    return dsa_sign_setup(dsa, ctx_in, kinvp, rp, NULL, 0);
+}
+
+static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
+                          BIGNUM **kinvp, BIGNUM **rp,
+                          const unsigned char *dgst, int dlen)
+{
+    BN_CTX *ctx = NULL;
+    BIGNUM *k, *kinv = NULL, *r = *rp;
+    BIGNUM *l, *m;
     int ret = 0;
     int q_bits;
 
@@ -266,10 +189,11 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
         return 0;
     }
 
-    BN_init(&k);
-    BN_init(&kq);
-    BN_init(&l);
-    BN_init(&m);
+    k = BN_new();
+    l = BN_new();
+    m = BN_new();
+    if (k == NULL || l == NULL || m == NULL)
+        goto err;
 
     if (ctx_in == NULL) {
         if ((ctx = BN_CTX_new()) == NULL)
@@ -277,88 +201,81 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
     } else
         ctx = ctx_in;
 
-    if ((r = BN_new()) == NULL)
-        goto err;
-
     /* Preallocate space */
     q_bits = BN_num_bits(dsa->q);
-    if (!BN_set_bit(&k, q_bits)
-        || !BN_set_bit(&l, q_bits)
-        || !BN_set_bit(&m, q_bits))
+    if (!BN_set_bit(k, q_bits)
+        || !BN_set_bit(l, q_bits)
+        || !BN_set_bit(m, q_bits))
         goto err;
 
     /* Get random k */
-    do
-        if (!BN_rand_range(&k, dsa->q))
+    do {
+        if (dgst != NULL) {
+            /*
+             * We calculate k from SHA512(private_key + H(message) + random).
+             * This protects the private key from a weak PRNG.
+             */
+            if (!BN_generate_dsa_nonce(k, dsa->q, dsa->priv_key, dgst,
+                                       dlen, ctx))
+                goto err;
+        } else if (!BN_priv_rand_range(k, dsa->q))
             goto err;
-    while (BN_is_zero(&k));
-
-    if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
-        BN_set_flags(&k, BN_FLG_CONSTTIME);
-    }
+    } while (BN_is_zero(k));
 
+    BN_set_flags(k, BN_FLG_CONSTTIME);
 
     if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
         if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
-                                    CRYPTO_LOCK_DSA, dsa->p, ctx))
+                                    dsa->lock, dsa->p, ctx))
             goto err;
     }
 
     /* Compute r = (g^k mod p) mod q */
 
-    if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
-        /*
-         * We do not want timing information to leak the length of k, so we
-         * compute G^k using an equivalent scalar of fixed bit-length.
-         *
-         * We unconditionally perform both of these additions to prevent a
-         * small timing information leakage.  We then choose the sum that is
-         * one bit longer than the modulus.
-         *
-         * TODO: revisit the BN_copy aiming for a memory access agnostic
-         * conditional copy.
-         */
-        if (!BN_add(&l, &k, dsa->q)
-            || !BN_add(&m, &l, dsa->q)
-            || !BN_copy(&kq, BN_num_bits(&l) > q_bits ? &l : &m))
-            goto err;
-
-        BN_set_flags(&kq, BN_FLG_CONSTTIME);
+    /*
+     * We do not want timing information to leak the length of k, so we
+     * compute G^k using an equivalent scalar of fixed bit-length.
+     *
+     * We unconditionally perform both of these additions to prevent a
+     * small timing information leakage.  We then choose the sum that is
+     * one bit longer than the modulus.
+     *
+     * TODO: revisit the BN_copy aiming for a memory access agnostic
+     * conditional copy.
+     */
+    if (!BN_add(l, k, dsa->q)
+        || !BN_add(m, l, dsa->q)
+        || !BN_copy(k, BN_num_bits(l) > q_bits ? l : m))
+        goto err;
 
-        K = &kq;
+    if ((dsa)->meth->bn_mod_exp != NULL) {
+            if (!dsa->meth->bn_mod_exp(dsa, r, dsa->g, k, dsa->p, ctx,
+                                       dsa->method_mont_p))
+                goto err;
     } else {
-        K = &k;
+            if (!BN_mod_exp_mont(r, dsa->g, k, dsa->p, ctx, dsa->method_mont_p))
+                goto err;
     }
 
-    DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx,
-                   dsa->method_mont_p);
     if (!BN_mod(r, r, dsa->q, ctx))
         goto err;
 
     /* Compute  part of 's = inv(k) (m + xr) mod q' */
-    if ((kinv = BN_mod_inverse(NULL, &k, dsa->q, ctx)) == NULL)
+    if ((kinv = BN_mod_inverse(NULL, k, dsa->q, ctx)) == NULL)
         goto err;
 
-    if (*kinvp != NULL)
-        BN_clear_free(*kinvp);
+    BN_clear_free(*kinvp);
     *kinvp = kinv;
     kinv = NULL;
-    if (*rp != NULL)
-        BN_clear_free(*rp);
-    *rp = r;
     ret = 1;
  err:
-    if (!ret) {
+    if (!ret)
         DSAerr(DSA_F_DSA_SIGN_SETUP, ERR_R_BN_LIB);
-        if (r != NULL)
-            BN_clear_free(r);
-    }
-    if (ctx_in == NULL)
+    if (ctx != ctx_in)
         BN_CTX_free(ctx);
-    BN_clear_free(&k);
-    BN_clear_free(&kq);
-    BN_clear_free(&l);
-    BN_clear_free(&m);
+    BN_clear_free(k);
+    BN_clear_free(l);
+    BN_clear_free(m);
     return ret;
 }
 
@@ -366,8 +283,9 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
                          DSA_SIG *sig, DSA *dsa)
 {
     BN_CTX *ctx;
-    BIGNUM u1, u2, t1;
+    BIGNUM *u1, *u2, *t1;
     BN_MONT_CTX *mont = NULL;
+    const BIGNUM *r, *s;
     int ret = -1, i;
     if (!dsa->p || !dsa->q || !dsa->g) {
         DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MISSING_PARAMETERS);
@@ -385,20 +303,22 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
         DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MODULUS_TOO_LARGE);
         return -1;
     }
-    BN_init(&u1);
-    BN_init(&u2);
-    BN_init(&t1);
-
-    if ((ctx = BN_CTX_new()) == NULL)
+    u1 = BN_new();
+    u2 = BN_new();
+    t1 = BN_new();
+    ctx = BN_CTX_new();
+    if (u1 == NULL || u2 == NULL || t1 == NULL || ctx == NULL)
         goto err;
 
-    if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
-        BN_ucmp(sig->r, dsa->q) >= 0) {
+    DSA_SIG_get0(sig, &r, &s);
+
+    if (BN_is_zero(r) || BN_is_negative(r) ||
+        BN_ucmp(r, dsa->q) >= 0) {
         ret = 0;
         goto err;
     }
-    if (BN_is_zero(sig->s) || BN_is_negative(sig->s) ||
-        BN_ucmp(sig->s, dsa->q) >= 0) {
+    if (BN_is_zero(s) || BN_is_negative(s) ||
+        BN_ucmp(s, dsa->q) >= 0) {
         ret = 0;
         goto err;
     }
@@ -406,7 +326,7 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
     /*
      * Calculate W = inv(S) mod Q save W in u2
      */
-    if ((BN_mod_inverse(&u2, sig->s, dsa->q, ctx)) == NULL)
+    if ((BN_mod_inverse(u2, s, dsa->q, ctx)) == NULL)
         goto err;
 
     /* save M in u1 */
@@ -417,56 +337,61 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
          * 4.2
          */
         dgst_len = (i >> 3);
-    if (BN_bin2bn(dgst, dgst_len, &u1) == NULL)
+    if (BN_bin2bn(dgst, dgst_len, u1) == NULL)
         goto err;
 
     /* u1 = M * w mod q */
-    if (!BN_mod_mul(&u1, &u1, &u2, dsa->q, ctx))
+    if (!BN_mod_mul(u1, u1, u2, dsa->q, ctx))
         goto err;
 
     /* u2 = r * w mod q */
-    if (!BN_mod_mul(&u2, sig->r, &u2, dsa->q, ctx))
+    if (!BN_mod_mul(u2, r, u2, dsa->q, ctx))
         goto err;
 
     if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
         mont = BN_MONT_CTX_set_locked(&dsa->method_mont_p,
-                                      CRYPTO_LOCK_DSA, dsa->p, ctx);
+                                      dsa->lock, dsa->p, ctx);
         if (!mont)
             goto err;
     }
 
-    DSA_MOD_EXP(goto err, dsa, &t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p,
-                ctx, mont);
-    /* BN_copy(&u1,&t1); */
+    if (dsa->meth->dsa_mod_exp != NULL) {
+        if (!dsa->meth->dsa_mod_exp(dsa, t1, dsa->g, u1, dsa->pub_key, u2,
+                                    dsa->p, ctx, mont))
+            goto err;
+    } else {
+        if (!BN_mod_exp2_mont(t1, dsa->g, u1, dsa->pub_key, u2, dsa->p, ctx,
+                              mont))
+            goto err;
+    }
+
     /* let u1 = u1 mod q */
-    if (!BN_mod(&u1, &t1, dsa->q, ctx))
+    if (!BN_mod(u1, t1, dsa->q, ctx))
         goto err;
 
     /*
      * V is now in u1.  If the signature is correct, it will be equal to R.
      */
-    ret = (BN_ucmp(&u1, sig->r) == 0);
+    ret = (BN_ucmp(u1, r) == 0);
 
  err:
     if (ret < 0)
         DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_BN_LIB);
-    if (ctx != NULL)
-        BN_CTX_free(ctx);
-    BN_free(&u1);
-    BN_free(&u2);
-    BN_free(&t1);
-    return (ret);
+    BN_CTX_free(ctx);
+    BN_free(u1);
+    BN_free(u2);
+    BN_free(t1);
+    return ret;
 }
 
 static int dsa_init(DSA *dsa)
 {
     dsa->flags |= DSA_FLAG_CACHE_MONT_P;
-    return (1);
+    return 1;
 }
 
 static int dsa_finish(DSA *dsa)
 {
-    if (dsa->method_mont_p)
-        BN_MONT_CTX_free(dsa->method_mont_p);
-    return (1);
+    BN_MONT_CTX_free(dsa->method_mont_p);
+    return 1;
 }
diff --git a/freebsd/crypto/openssl/crypto/dsa/dsa_pmeth.c b/freebsd/crypto/openssl/crypto/dsa/dsa_pmeth.c
index c5cf7749..0e2dd54a 100644
--- a/freebsd/crypto/openssl/crypto/dsa/dsa_pmeth.c
+++ b/freebsd/crypto/openssl/crypto/dsa/dsa_pmeth.c
@@ -1,70 +1,21 @@
 #include <machine/rtems-bsd-user-space.h>
 
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2006.
- */
-/* ====================================================================
- * Copyright (c) 2006-2018 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
 #include <openssl/evp.h>
 #include <openssl/bn.h>
-#include "evp_locl.h"
+#include "internal/evp_int.h"
 #include "dsa_locl.h"
 
 /* DSA pkey context structure */
@@ -82,9 +33,9 @@ typedef struct {
 
 static int pkey_dsa_init(EVP_PKEY_CTX *ctx)
 {
-    DSA_PKEY_CTX *dctx;
-    dctx = OPENSSL_malloc(sizeof(DSA_PKEY_CTX));
-    if (!dctx)
+    DSA_PKEY_CTX *dctx = OPENSSL_malloc(sizeof(*dctx));
+
+    if (dctx == NULL)
         return 0;
     dctx->nbits = 1024;
     dctx->qbits = 160;
@@ -101,6 +52,7 @@ static int pkey_dsa_init(EVP_PKEY_CTX *ctx)
 static int pkey_dsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
 {
     DSA_PKEY_CTX *dctx, *sctx;
+
     if (!pkey_dsa_init(dst))
         return 0;
     sctx = src->data;
@@ -115,25 +67,22 @@ static int pkey_dsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
 static void pkey_dsa_cleanup(EVP_PKEY_CTX *ctx)
 {
     DSA_PKEY_CTX *dctx = ctx->data;
-    if (dctx)
-        OPENSSL_free(dctx);
+    OPENSSL_free(dctx);
 }
 
 static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
                          size_t *siglen, const unsigned char *tbs,
                          size_t tbslen)
 {
-    int ret, type;
+    int ret;
     unsigned int sltmp;
     DSA_PKEY_CTX *dctx = ctx->data;
     DSA *dsa = ctx->pkey->pkey.dsa;
 
-    if (dctx->md)
-        type = EVP_MD_type(dctx->md);
-    else
-        type = NID_sha1;
+    if (dctx->md != NULL && tbslen != (size_t)EVP_MD_size(dctx->md))
+        return 0;
 
-    ret = DSA_sign(type, tbs, tbslen, sig, &sltmp, dsa);
+    ret = DSA_sign(0, tbs, tbslen, sig, &sltmp, dsa);
 
     if (ret <= 0)
         return ret;
@@ -145,16 +94,14 @@ static int pkey_dsa_verify(EVP_PKEY_CTX *ctx,
                            const unsigned char *sig, size_t siglen,
                            const unsigned char *tbs, size_t tbslen)
 {
-    int ret, type;
+    int ret;
     DSA_PKEY_CTX *dctx = ctx->data;
     DSA *dsa = ctx->pkey->pkey.dsa;
 
-    if (dctx->md)
-        type = EVP_MD_type(dctx->md);
-    else
-        type = NID_sha1;
+    if (dctx->md != NULL && tbslen != (size_t)EVP_MD_size(dctx->md))
+        return 0;
 
-    ret = DSA_verify(type, tbs, tbslen, sig, siglen, dsa);
+    ret = DSA_verify(0, tbs, tbslen, sig, siglen, dsa);
 
     return ret;
 }
@@ -162,6 +109,7 @@ static int pkey_dsa_verify(EVP_PKEY_CTX *ctx,
 static int pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
 {
     DSA_PKEY_CTX *dctx = ctx->data;
+
     switch (type) {
     case EVP_PKEY_CTRL_DSA_PARAMGEN_BITS:
         if (p1 < 256)
@@ -221,12 +169,12 @@ static int pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
 static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx,
                              const char *type, const char *value)
 {
-    if (!strcmp(type, "dsa_paramgen_bits")) {
+    if (strcmp(type, "dsa_paramgen_bits") == 0) {
         int nbits;
         nbits = atoi(value);
         return EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits);
     }
-    if (!strcmp(type, "dsa_paramgen_q_bits")) {
+    if (strcmp(type, "dsa_paramgen_q_bits") == 0) {
         int qbits = atoi(value);
         return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN,
                                  EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits,
@@ -250,18 +198,24 @@ static int pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
 {
     DSA *dsa = NULL;
     DSA_PKEY_CTX *dctx = ctx->data;
-    BN_GENCB *pcb, cb;
+    BN_GENCB *pcb;
     int ret;
+
     if (ctx->pkey_gencb) {
-        pcb = &cb;
+        pcb = BN_GENCB_new();
+        if (pcb == NULL)
+            return 0;
         evp_pkey_set_cb_translate(pcb, ctx);
     } else
         pcb = NULL;
     dsa = DSA_new();
-    if (!dsa)
+    if (dsa == NULL) {
+        BN_GENCB_free(pcb);
         return 0;
+    }
     ret = dsa_builtin_paramgen(dsa, dctx->nbits, dctx->qbits, dctx->pmd,
                                NULL, 0, NULL, NULL, NULL, pcb);
+    BN_GENCB_free(pcb);
     if (ret)
         EVP_PKEY_assign_DSA(pkey, dsa);
     else
@@ -272,12 +226,13 @@ static int pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
 static int pkey_dsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
 {
     DSA *dsa = NULL;
+
     if (ctx->pkey == NULL) {
         DSAerr(DSA_F_PKEY_DSA_KEYGEN, DSA_R_NO_PARAMETERS_SET);
         return 0;
     }
     dsa = DSA_new();
-    if (!dsa)
+    if (dsa == NULL)
         return 0;
     EVP_PKEY_assign_DSA(pkey, dsa);
     /* Note: if error return, pkey is freed by parent routine */
diff --git a/freebsd/crypto/openssl/crypto/dsa/dsa_prn.c b/freebsd/crypto/openssl/crypto/dsa/dsa_prn.c
index 6bb553c8..cae59eb6 100644
--- a/freebsd/crypto/openssl/crypto/dsa/dsa_prn.c
+++ b/freebsd/crypto/openssl/crypto/dsa/dsa_prn.c
@@ -1,70 +1,20 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/dsa/dsa_prn.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2006.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/dsa.h>
 
-#ifndef OPENSSL_NO_FP_API
+#ifndef OPENSSL_NO_STDIO
 int DSA_print_fp(FILE *fp, const DSA *x, int off)
 {
     BIO *b;
@@ -72,12 +22,12 @@ int DSA_print_fp(FILE *fp, const DSA *x, int off)
 
     if ((b = BIO_new(BIO_s_file())) == NULL) {
         DSAerr(DSA_F_DSA_PRINT_FP, ERR_R_BUF_LIB);
-        return (0);
+        return 0;
     }
     BIO_set_fp(b, fp, BIO_NOCLOSE);
     ret = DSA_print(b, x, off);
     BIO_free(b);
-    return (ret);
+    return ret;
 }
 
 int DSAparams_print_fp(FILE *fp, const DSA *x)
@@ -87,12 +37,12 @@ int DSAparams_print_fp(FILE *fp, const DSA *x)
 
     if ((b = BIO_new(BIO_s_file())) == NULL) {
         DSAerr(DSA_F_DSAPARAMS_PRINT_FP, ERR_R_BUF_LIB);
-        return (0);
+        return 0;
     }
     BIO_set_fp(b, fp, BIO_NOCLOSE);
     ret = DSAparams_print(b, x);
     BIO_free(b);
-    return (ret);
+    return ret;
 }
 #endif
 
@@ -101,7 +51,7 @@ int DSA_print(BIO *bp, const DSA *x, int off)
     EVP_PKEY *pk;
     int ret;
     pk = EVP_PKEY_new();
-    if (!pk || !EVP_PKEY_set1_DSA(pk, (DSA *)x))
+    if (pk == NULL || !EVP_PKEY_set1_DSA(pk, (DSA *)x))
         return 0;
     ret = EVP_PKEY_print_private(bp, pk, off, NULL);
     EVP_PKEY_free(pk);
@@ -113,7 +63,7 @@ int DSAparams_print(BIO *bp, const DSA *x)
     EVP_PKEY *pk;
     int ret;
     pk = EVP_PKEY_new();
-    if (!pk || !EVP_PKEY_set1_DSA(pk, (DSA *)x))
+    if (pk == NULL || !EVP_PKEY_set1_DSA(pk, (DSA *)x))
         return 0;
     ret = EVP_PKEY_print_params(bp, pk, 4, NULL);
     EVP_PKEY_free(pk);
diff --git a/freebsd/crypto/openssl/crypto/dsa/dsa_sign.c b/freebsd/crypto/openssl/crypto/dsa/dsa_sign.c
index 3d665643..bdb079ed 100644
--- a/freebsd/crypto/openssl/crypto/dsa/dsa_sign.c
+++ b/freebsd/crypto/openssl/crypto/dsa/dsa_sign.c
@@ -1,112 +1,26 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/dsa/dsa_sign.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
-
-#include "cryptlib.h"
-#include <openssl/dsa.h>
-#include <openssl/rand.h>
+#include "internal/cryptlib.h"
+#include "dsa_locl.h"
 #include <openssl/bn.h>
 
 DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 {
-#ifdef OPENSSL_FIPS
-    if (FIPS_mode() && !(dsa->meth->flags & DSA_FLAG_FIPS_METHOD)
-        && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) {
-        DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_NON_FIPS_DSA_METHOD);
-        return NULL;
-    }
-#endif
     return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
 }
 
+#if OPENSSL_API_COMPAT < 0x10200000L
 int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
 {
-#ifdef OPENSSL_FIPS
-    if (FIPS_mode() && !(dsa->meth->flags & DSA_FLAG_FIPS_METHOD)
-        && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) {
-        DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_NON_FIPS_DSA_METHOD);
-        return 0;
-    }
-#endif
     return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
 }
-
-DSA_SIG *DSA_SIG_new(void)
-{
-    DSA_SIG *sig;
-    sig = OPENSSL_malloc(sizeof(DSA_SIG));
-    if (!sig)
-        return NULL;
-    sig->r = NULL;
-    sig->s = NULL;
-    return sig;
-}
-
-void DSA_SIG_free(DSA_SIG *sig)
-{
-    if (sig) {
-        if (sig->r)
-            BN_free(sig->r);
-        if (sig->s)
-            BN_free(sig->s);
-        OPENSSL_free(sig);
-    }
-}
+#endif
diff --git a/freebsd/crypto/openssl/crypto/dsa/dsa_vrf.c b/freebsd/crypto/openssl/crypto/dsa/dsa_vrf.c
index 3574d2a5..f60430a0 100644
--- a/freebsd/crypto/openssl/crypto/dsa/dsa_vrf.c
+++ b/freebsd/crypto/openssl/crypto/dsa/dsa_vrf.c
@@ -1,77 +1,19 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/dsa/dsa_vrf.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
-
-#include "cryptlib.h"
-#include <openssl/dsa.h>
+#include "internal/cryptlib.h"
+#include "dsa_locl.h"
 
 int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
                   DSA *dsa)
 {
-#ifdef OPENSSL_FIPS
-    if (FIPS_mode() && !(dsa->meth->flags & DSA_FLAG_FIPS_METHOD)
-        && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) {
-        DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_NON_FIPS_DSA_METHOD);
-        return -1;
-    }
-#endif
     return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
 }
diff --git a/freebsd/crypto/openssl/crypto/dsa/dsagen.c b/freebsd/crypto/openssl/crypto/dsa/dsagen.c
deleted file mode 100644
index cbafa01b..00000000
--- a/freebsd/crypto/openssl/crypto/dsa/dsagen.c
+++ /dev/null
@@ -1,117 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/dsa/dsagen.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/dsa.h>
-
-#define TEST
-#define GENUINE_DSA
-
-#ifdef GENUINE_DSA
-# define LAST_VALUE 0xbd
-#else
-# define LAST_VALUE 0xd3
-#endif
-
-#ifdef TEST
-unsigned char seed[20] = {
-    0xd5, 0x01, 0x4e, 0x4b,
-    0x60, 0xef, 0x2b, 0xa8,
-    0xb6, 0x21, 0x1b, 0x40,
-    0x62, 0xba, 0x32, 0x24,
-    0xe0, 0x42, 0x7d, LAST_VALUE
-};
-#endif
-
-int cb(int p, int n)
-{
-    char c = '*';
-
-    if (p == 0)
-        c = '.';
-    if (p == 1)
-        c = '+';
-    if (p == 2)
-        c = '*';
-    if (p == 3)
-        c = '\n';
-    printf("%c", c);
-    fflush(stdout);
-}
-
-main()
-{
-    int i;
-    BIGNUM *n;
-    BN_CTX *ctx;
-    unsigned char seed_buf[20];
-    DSA *dsa;
-    int counter, h;
-    BIO *bio_err = NULL;
-
-    if (bio_err == NULL)
-        bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
-
-    memcpy(seed_buf, seed, 20);
-    dsa = DSA_generate_parameters(1024, seed, 20, &counter, &h, cb, bio_err);
-
-    if (dsa == NULL)
-        DSA_print(bio_err, dsa, 0);
-}
diff --git a/freebsd/crypto/openssl/crypto/dsa/dsatest.c b/freebsd/crypto/openssl/crypto/dsa/dsatest.c
deleted file mode 100644
index e7c846a1..00000000
--- a/freebsd/crypto/openssl/crypto/dsa/dsatest.c
+++ /dev/null
@@ -1,270 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/dsa/dsatest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/*
- * Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code
- */
-#ifdef OPENSSL_NO_DEPRECATED
-# undef OPENSSL_NO_DEPRECATED
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-
-#include "../e_os.h"
-
-#include <openssl/crypto.h>
-#include <openssl/rand.h>
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-
-#ifdef OPENSSL_NO_DSA
-int main(int argc, char *argv[])
-{
-    printf("No DSA support\n");
-    return (0);
-}
-#else
-# include <openssl/dsa.h>
-
-# ifdef OPENSSL_SYS_WIN16
-#  define MS_CALLBACK     _far _loadds
-# else
-#  define MS_CALLBACK
-# endif
-
-static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *arg);
-
-/*
- * seed, out_p, out_q, out_g are taken from the updated Appendix 5 to FIPS
- * PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1
- */
-static unsigned char seed[20] = {
-    0xd5, 0x01, 0x4e, 0x4b, 0x60, 0xef, 0x2b, 0xa8, 0xb6, 0x21, 0x1b, 0x40,
-    0x62, 0xba, 0x32, 0x24, 0xe0, 0x42, 0x7d, 0xd3,
-};
-
-static unsigned char out_p[] = {
-    0x8d, 0xf2, 0xa4, 0x94, 0x49, 0x22, 0x76, 0xaa,
-    0x3d, 0x25, 0x75, 0x9b, 0xb0, 0x68, 0x69, 0xcb,
-    0xea, 0xc0, 0xd8, 0x3a, 0xfb, 0x8d, 0x0c, 0xf7,
-    0xcb, 0xb8, 0x32, 0x4f, 0x0d, 0x78, 0x82, 0xe5,
-    0xd0, 0x76, 0x2f, 0xc5, 0xb7, 0x21, 0x0e, 0xaf,
-    0xc2, 0xe9, 0xad, 0xac, 0x32, 0xab, 0x7a, 0xac,
-    0x49, 0x69, 0x3d, 0xfb, 0xf8, 0x37, 0x24, 0xc2,
-    0xec, 0x07, 0x36, 0xee, 0x31, 0xc8, 0x02, 0x91,
-};
-
-static unsigned char out_q[] = {
-    0xc7, 0x73, 0x21, 0x8c, 0x73, 0x7e, 0xc8, 0xee,
-    0x99, 0x3b, 0x4f, 0x2d, 0xed, 0x30, 0xf4, 0x8e,
-    0xda, 0xce, 0x91, 0x5f,
-};
-
-static unsigned char out_g[] = {
-    0x62, 0x6d, 0x02, 0x78, 0x39, 0xea, 0x0a, 0x13,
-    0x41, 0x31, 0x63, 0xa5, 0x5b, 0x4c, 0xb5, 0x00,
-    0x29, 0x9d, 0x55, 0x22, 0x95, 0x6c, 0xef, 0xcb,
-    0x3b, 0xff, 0x10, 0xf3, 0x99, 0xce, 0x2c, 0x2e,
-    0x71, 0xcb, 0x9d, 0xe5, 0xfa, 0x24, 0xba, 0xbf,
-    0x58, 0xe5, 0xb7, 0x95, 0x21, 0x92, 0x5c, 0x9c,
-    0xc4, 0x2e, 0x9f, 0x6f, 0x46, 0x4b, 0x08, 0x8c,
-    0xc5, 0x72, 0xaf, 0x53, 0xe6, 0xd7, 0x88, 0x02,
-};
-
-static const unsigned char str1[] = "12345678901234567890";
-
-static const char rnd_seed[] =
-    "string to make the random number generator think it has entropy";
-
-static BIO *bio_err = NULL;
-
-int main(int argc, char **argv)
-{
-    BN_GENCB cb;
-    DSA *dsa = NULL;
-    int counter, ret = 0, i, j;
-    unsigned char buf[256];
-    unsigned long h;
-    unsigned char sig[256];
-    unsigned int siglen;
-
-    if (bio_err == NULL)
-        bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
-
-    CRYPTO_malloc_debug_init();
-    CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
-    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
-    ERR_load_crypto_strings();
-    RAND_seed(rnd_seed, sizeof(rnd_seed));
-
-    BIO_printf(bio_err, "test generation of DSA parameters\n");
-
-    BN_GENCB_set(&cb, dsa_cb, bio_err);
-    if (((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 512,
-                                                                   seed, 20,
-                                                                   &counter,
-                                                                   &h, &cb))
-        goto end;
-
-    BIO_printf(bio_err, "seed\n");
-    for (i = 0; i < 20; i += 4) {
-        BIO_printf(bio_err, "%02X%02X%02X%02X ",
-                   seed[i], seed[i + 1], seed[i + 2], seed[i + 3]);
-    }
-    BIO_printf(bio_err, "\ncounter=%d h=%ld\n", counter, h);
-
-    DSA_print(bio_err, dsa, 0);
-    if (counter != 105) {
-        BIO_printf(bio_err, "counter should be 105\n");
-        goto end;
-    }
-    if (h != 2) {
-        BIO_printf(bio_err, "h should be 2\n");
-        goto end;
-    }
-
-    i = BN_bn2bin(dsa->q, buf);
-    j = sizeof(out_q);
-    if ((i != j) || (memcmp(buf, out_q, i) != 0)) {
-        BIO_printf(bio_err, "q value is wrong\n");
-        goto end;
-    }
-
-    i = BN_bn2bin(dsa->p, buf);
-    j = sizeof(out_p);
-    if ((i != j) || (memcmp(buf, out_p, i) != 0)) {
-        BIO_printf(bio_err, "p value is wrong\n");
-        goto end;
-    }
-
-    i = BN_bn2bin(dsa->g, buf);
-    j = sizeof(out_g);
-    if ((i != j) || (memcmp(buf, out_g, i) != 0)) {
-        BIO_printf(bio_err, "g value is wrong\n");
-        goto end;
-    }
-
-    dsa->flags |= DSA_FLAG_NO_EXP_CONSTTIME;
-    DSA_generate_key(dsa);
-    DSA_sign(0, str1, 20, sig, &siglen, dsa);
-    if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
-        ret = 1;
-
-    dsa->flags &= ~DSA_FLAG_NO_EXP_CONSTTIME;
-    DSA_generate_key(dsa);
-    DSA_sign(0, str1, 20, sig, &siglen, dsa);
-    if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
-        ret = 1;
-
- end:
-    if (!ret)
-        ERR_print_errors(bio_err);
-    if (dsa != NULL)
-        DSA_free(dsa);
-    CRYPTO_cleanup_all_ex_data();
-    ERR_remove_thread_state(NULL);
-    ERR_free_strings();
-    CRYPTO_mem_leaks(bio_err);
-    if (bio_err != NULL) {
-        BIO_free(bio_err);
-        bio_err = NULL;
-    }
-# ifdef OPENSSL_SYS_NETWARE
-    if (!ret)
-        printf("ERROR\n");
-# endif
-    EXIT(!ret);
-    return (0);
-}
-
-static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *arg)
-{
-    char c = '*';
-    static int ok = 0, num = 0;
-
-    if (p == 0) {
-        c = '.';
-        num++;
-    };
-    if (p == 1)
-        c = '+';
-    if (p == 2) {
-        c = '*';
-        ok++;
-    }
-    if (p == 3)
-        c = '\n';
-    BIO_write(arg->arg, &c, 1);
-    (void)BIO_flush(arg->arg);
-
-    if (!ok && (p == 0) && (num > 1)) {
-        BIO_printf((BIO *)arg, "error in dsatest\n");
-        return 0;
-    }
-    return 1;
-}
-#endif
diff --git a/freebsd/crypto/openssl/crypto/dso/dso.h b/freebsd/crypto/openssl/crypto/dso/dso.h
deleted file mode 100644
index c9013f5c..00000000
--- a/freebsd/crypto/openssl/crypto/dso/dso.h
+++ /dev/null
@@ -1,451 +0,0 @@
-/* dso.h */
-/*
- * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_DSO_H
-# define HEADER_DSO_H
-
-# include <openssl/crypto.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* These values are used as commands to DSO_ctrl() */
-# define DSO_CTRL_GET_FLAGS      1
-# define DSO_CTRL_SET_FLAGS      2
-# define DSO_CTRL_OR_FLAGS       3
-
-/*
- * By default, DSO_load() will translate the provided filename into a form
- * typical for the platform (more specifically the DSO_METHOD) using the
- * dso_name_converter function of the method. Eg. win32 will transform "blah"
- * into "blah.dll", and dlfcn will transform it into "libblah.so". The
- * behaviour can be overriden by setting the name_converter callback in the
- * DSO object (using DSO_set_name_converter()). This callback could even
- * utilise the DSO_METHOD's converter too if it only wants to override
- * behaviour for one or two possible DSO methods. However, the following flag
- * can be set in a DSO to prevent *any* native name-translation at all - eg.
- * if the caller has prompted the user for a path to a driver library so the
- * filename should be interpreted as-is.
- */
-# define DSO_FLAG_NO_NAME_TRANSLATION            0x01
-/*
- * An extra flag to give if only the extension should be added as
- * translation.  This is obviously only of importance on Unix and other
- * operating systems where the translation also may prefix the name with
- * something, like 'lib', and ignored everywhere else. This flag is also
- * ignored if DSO_FLAG_NO_NAME_TRANSLATION is used at the same time.
- */
-# define DSO_FLAG_NAME_TRANSLATION_EXT_ONLY      0x02
-
-/*
- * The following flag controls the translation of symbol names to upper case.
- * This is currently only being implemented for OpenVMS.
- */
-# define DSO_FLAG_UPCASE_SYMBOL                  0x10
-
-/*
- * This flag loads the library with public symbols. Meaning: The exported
- * symbols of this library are public to all libraries loaded after this
- * library. At the moment only implemented in unix.
- */
-# define DSO_FLAG_GLOBAL_SYMBOLS                 0x20
-
-typedef void (*DSO_FUNC_TYPE) (void);
-
-typedef struct dso_st DSO;
-
-/*
- * The function prototype used for method functions (or caller-provided
- * callbacks) that transform filenames. They are passed a DSO structure
- * pointer (or NULL if they are to be used independantly of a DSO object) and
- * a filename to transform. They should either return NULL (if there is an
- * error condition) or a newly allocated string containing the transformed
- * form that the caller will need to free with OPENSSL_free() when done.
- */
-typedef char *(*DSO_NAME_CONVERTER_FUNC)(DSO *, const char *);
-/*
- * The function prototype used for method functions (or caller-provided
- * callbacks) that merge two file specifications. They are passed a DSO
- * structure pointer (or NULL if they are to be used independantly of a DSO
- * object) and two file specifications to merge. They should either return
- * NULL (if there is an error condition) or a newly allocated string
- * containing the result of merging that the caller will need to free with
- * OPENSSL_free() when done. Here, merging means that bits and pieces are
- * taken from each of the file specifications and added together in whatever
- * fashion that is sensible for the DSO method in question.  The only rule
- * that really applies is that if the two specification contain pieces of the
- * same type, the copy from the first string takes priority.  One could see
- * it as the first specification is the one given by the user and the second
- * being a bunch of defaults to add on if they're missing in the first.
- */
-typedef char *(*DSO_MERGER_FUNC)(DSO *, const char *, const char *);
-
-typedef struct dso_meth_st {
-    const char *name;
-    /*
-     * Loads a shared library, NB: new DSO_METHODs must ensure that a
-     * successful load populates the loaded_filename field, and likewise a
-     * successful unload OPENSSL_frees and NULLs it out.
-     */
-    int (*dso_load) (DSO *dso);
-    /* Unloads a shared library */
-    int (*dso_unload) (DSO *dso);
-    /* Binds a variable */
-    void *(*dso_bind_var) (DSO *dso, const char *symname);
-    /*
-     * Binds a function - assumes a return type of DSO_FUNC_TYPE. This should
-     * be cast to the real function prototype by the caller. Platforms that
-     * don't have compatible representations for different prototypes (this
-     * is possible within ANSI C) are highly unlikely to have shared
-     * libraries at all, let alone a DSO_METHOD implemented for them.
-     */
-    DSO_FUNC_TYPE (*dso_bind_func) (DSO *dso, const char *symname);
-/* I don't think this would actually be used in any circumstances. */
-# if 0
-    /* Unbinds a variable */
-    int (*dso_unbind_var) (DSO *dso, char *symname, void *symptr);
-    /* Unbinds a function */
-    int (*dso_unbind_func) (DSO *dso, char *symname, DSO_FUNC_TYPE symptr);
-# endif
-    /*
-     * The generic (yuck) "ctrl()" function. NB: Negative return values
-     * (rather than zero) indicate errors.
-     */
-    long (*dso_ctrl) (DSO *dso, int cmd, long larg, void *parg);
-    /*
-     * The default DSO_METHOD-specific function for converting filenames to a
-     * canonical native form.
-     */
-    DSO_NAME_CONVERTER_FUNC dso_name_converter;
-    /*
-     * The default DSO_METHOD-specific function for converting filenames to a
-     * canonical native form.
-     */
-    DSO_MERGER_FUNC dso_merger;
-    /* [De]Initialisation handlers. */
-    int (*init) (DSO *dso);
-    int (*finish) (DSO *dso);
-    /* Return pathname of the module containing location */
-    int (*pathbyaddr) (void *addr, char *path, int sz);
-    /* Perform global symbol lookup, i.e. among *all* modules */
-    void *(*globallookup) (const char *symname);
-} DSO_METHOD;
-
-/**********************************************************************/
-/* The low-level handle type used to refer to a loaded shared library */
-
-struct dso_st {
-    DSO_METHOD *meth;
-    /*
-     * Standard dlopen uses a (void *). Win32 uses a HANDLE. VMS doesn't use
-     * anything but will need to cache the filename for use in the dso_bind
-     * handler. All in all, let each method control its own destiny.
-     * "Handles" and such go in a STACK.
-     */
-    STACK_OF(void) *meth_data;
-    int references;
-    int flags;
-    /*
-     * For use by applications etc ... use this for your bits'n'pieces, don't
-     * touch meth_data!
-     */
-    CRYPTO_EX_DATA ex_data;
-    /*
-     * If this callback function pointer is set to non-NULL, then it will be
-     * used in DSO_load() in place of meth->dso_name_converter. NB: This
-     * should normally set using DSO_set_name_converter().
-     */
-    DSO_NAME_CONVERTER_FUNC name_converter;
-    /*
-     * If this callback function pointer is set to non-NULL, then it will be
-     * used in DSO_load() in place of meth->dso_merger. NB: This should
-     * normally set using DSO_set_merger().
-     */
-    DSO_MERGER_FUNC merger;
-    /*
-     * This is populated with (a copy of) the platform-independant filename
-     * used for this DSO.
-     */
-    char *filename;
-    /*
-     * This is populated with (a copy of) the translated filename by which
-     * the DSO was actually loaded. It is NULL iff the DSO is not currently
-     * loaded. NB: This is here because the filename translation process may
-     * involve a callback being invoked more than once not only to convert to
-     * a platform-specific form, but also to try different filenames in the
-     * process of trying to perform a load. As such, this variable can be
-     * used to indicate (a) whether this DSO structure corresponds to a
-     * loaded library or not, and (b) the filename with which it was actually
-     * loaded.
-     */
-    char *loaded_filename;
-};
-
-DSO *DSO_new(void);
-DSO *DSO_new_method(DSO_METHOD *method);
-int DSO_free(DSO *dso);
-int DSO_flags(DSO *dso);
-int DSO_up_ref(DSO *dso);
-long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg);
-
-/*
- * This function sets the DSO's name_converter callback. If it is non-NULL,
- * then it will be used instead of the associated DSO_METHOD's function. If
- * oldcb is non-NULL then it is set to the function pointer value being
- * replaced. Return value is non-zero for success.
- */
-int DSO_set_name_converter(DSO *dso, DSO_NAME_CONVERTER_FUNC cb,
-                           DSO_NAME_CONVERTER_FUNC *oldcb);
-/*
- * These functions can be used to get/set the platform-independant filename
- * used for a DSO. NB: set will fail if the DSO is already loaded.
- */
-const char *DSO_get_filename(DSO *dso);
-int DSO_set_filename(DSO *dso, const char *filename);
-/*
- * This function will invoke the DSO's name_converter callback to translate a
- * filename, or if the callback isn't set it will instead use the DSO_METHOD's
- * converter. If "filename" is NULL, the "filename" in the DSO itself will be
- * used. If the DSO_FLAG_NO_NAME_TRANSLATION flag is set, then the filename is
- * simply duplicated. NB: This function is usually called from within a
- * DSO_METHOD during the processing of a DSO_load() call, and is exposed so
- * that caller-created DSO_METHODs can do the same thing. A non-NULL return
- * value will need to be OPENSSL_free()'d.
- */
-char *DSO_convert_filename(DSO *dso, const char *filename);
-/*
- * This function will invoke the DSO's merger callback to merge two file
- * specifications, or if the callback isn't set it will instead use the
- * DSO_METHOD's merger.  A non-NULL return value will need to be
- * OPENSSL_free()'d.
- */
-char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2);
-/*
- * If the DSO is currently loaded, this returns the filename that it was
- * loaded under, otherwise it returns NULL. So it is also useful as a test as
- * to whether the DSO is currently loaded. NB: This will not necessarily
- * return the same value as DSO_convert_filename(dso, dso->filename), because
- * the DSO_METHOD's load function may have tried a variety of filenames (with
- * and/or without the aid of the converters) before settling on the one it
- * actually loaded.
- */
-const char *DSO_get_loaded_filename(DSO *dso);
-
-void DSO_set_default_method(DSO_METHOD *meth);
-DSO_METHOD *DSO_get_default_method(void);
-DSO_METHOD *DSO_get_method(DSO *dso);
-DSO_METHOD *DSO_set_method(DSO *dso, DSO_METHOD *meth);
-
-/*
- * The all-singing all-dancing load function, you normally pass NULL for the
- * first and third parameters. Use DSO_up and DSO_free for subsequent
- * reference count handling. Any flags passed in will be set in the
- * constructed DSO after its init() function but before the load operation.
- * If 'dso' is non-NULL, 'flags' is ignored.
- */
-DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags);
-
-/* This function binds to a variable inside a shared library. */
-void *DSO_bind_var(DSO *dso, const char *symname);
-
-/* This function binds to a function inside a shared library. */
-DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname);
-
-/*
- * This method is the default, but will beg, borrow, or steal whatever method
- * should be the default on any particular platform (including
- * DSO_METH_null() if necessary).
- */
-DSO_METHOD *DSO_METHOD_openssl(void);
-
-/*
- * This method is defined for all platforms - if a platform has no DSO
- * support then this will be the only method!
- */
-DSO_METHOD *DSO_METHOD_null(void);
-
-/*
- * If DSO_DLFCN is defined, the standard dlfcn.h-style functions (dlopen,
- * dlclose, dlsym, etc) will be used and incorporated into this method. If
- * not, this method will return NULL.
- */
-DSO_METHOD *DSO_METHOD_dlfcn(void);
-
-/*
- * If DSO_DL is defined, the standard dl.h-style functions (shl_load,
- * shl_unload, shl_findsym, etc) will be used and incorporated into this
- * method. If not, this method will return NULL.
- */
-DSO_METHOD *DSO_METHOD_dl(void);
-
-/* If WIN32 is defined, use DLLs. If not, return NULL. */
-DSO_METHOD *DSO_METHOD_win32(void);
-
-/* If VMS is defined, use shared images. If not, return NULL. */
-DSO_METHOD *DSO_METHOD_vms(void);
-
-/*
- * This function writes null-terminated pathname of DSO module containing
- * 'addr' into 'sz' large caller-provided 'path' and returns the number of
- * characters [including trailing zero] written to it. If 'sz' is 0 or
- * negative, 'path' is ignored and required amount of charachers [including
- * trailing zero] to accomodate pathname is returned. If 'addr' is NULL, then
- * pathname of cryptolib itself is returned. Negative or zero return value
- * denotes error.
- */
-int DSO_pathbyaddr(void *addr, char *path, int sz);
-
-/*
- * This function should be used with caution! It looks up symbols in *all*
- * loaded modules and if module gets unloaded by somebody else attempt to
- * dereference the pointer is doomed to have fatal consequences. Primary
- * usage for this function is to probe *core* system functionality, e.g.
- * check if getnameinfo(3) is available at run-time without bothering about
- * OS-specific details such as libc.so.versioning or where does it actually
- * reside: in libc itself or libsocket.
- */
-void *DSO_global_lookup(const char *name);
-
-/* If BeOS is defined, use shared images. If not, return NULL. */
-DSO_METHOD *DSO_METHOD_beos(void);
-
-/* BEGIN ERROR CODES */
-/*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_DSO_strings(void);
-
-/* Error codes for the DSO functions. */
-
-/* Function codes. */
-# define DSO_F_BEOS_BIND_FUNC                             144
-# define DSO_F_BEOS_BIND_VAR                              145
-# define DSO_F_BEOS_LOAD                                  146
-# define DSO_F_BEOS_NAME_CONVERTER                        147
-# define DSO_F_BEOS_UNLOAD                                148
-# define DSO_F_DLFCN_BIND_FUNC                            100
-# define DSO_F_DLFCN_BIND_VAR                             101
-# define DSO_F_DLFCN_LOAD                                 102
-# define DSO_F_DLFCN_MERGER                               130
-# define DSO_F_DLFCN_NAME_CONVERTER                       123
-# define DSO_F_DLFCN_UNLOAD                               103
-# define DSO_F_DL_BIND_FUNC                               104
-# define DSO_F_DL_BIND_VAR                                105
-# define DSO_F_DL_LOAD                                    106
-# define DSO_F_DL_MERGER                                  131
-# define DSO_F_DL_NAME_CONVERTER                          124
-# define DSO_F_DL_UNLOAD                                  107
-# define DSO_F_DSO_BIND_FUNC                              108
-# define DSO_F_DSO_BIND_VAR                               109
-# define DSO_F_DSO_CONVERT_FILENAME                       126
-# define DSO_F_DSO_CTRL                                   110
-# define DSO_F_DSO_FREE                                   111
-# define DSO_F_DSO_GET_FILENAME                           127
-# define DSO_F_DSO_GET_LOADED_FILENAME                    128
-# define DSO_F_DSO_GLOBAL_LOOKUP                          139
-# define DSO_F_DSO_LOAD                                   112
-# define DSO_F_DSO_MERGE                                  132
-# define DSO_F_DSO_NEW_METHOD                             113
-# define DSO_F_DSO_PATHBYADDR                             140
-# define DSO_F_DSO_SET_FILENAME                           129
-# define DSO_F_DSO_SET_NAME_CONVERTER                     122
-# define DSO_F_DSO_UP_REF                                 114
-# define DSO_F_GLOBAL_LOOKUP_FUNC                         138
-# define DSO_F_PATHBYADDR                                 137
-# define DSO_F_VMS_BIND_SYM                               115
-# define DSO_F_VMS_LOAD                                   116
-# define DSO_F_VMS_MERGER                                 133
-# define DSO_F_VMS_UNLOAD                                 117
-# define DSO_F_WIN32_BIND_FUNC                            118
-# define DSO_F_WIN32_BIND_VAR                             119
-# define DSO_F_WIN32_GLOBALLOOKUP                         142
-# define DSO_F_WIN32_GLOBALLOOKUP_FUNC                    143
-# define DSO_F_WIN32_JOINER                               135
-# define DSO_F_WIN32_LOAD                                 120
-# define DSO_F_WIN32_MERGER                               134
-# define DSO_F_WIN32_NAME_CONVERTER                       125
-# define DSO_F_WIN32_PATHBYADDR                           141
-# define DSO_F_WIN32_SPLITTER                             136
-# define DSO_F_WIN32_UNLOAD                               121
-
-/* Reason codes. */
-# define DSO_R_CTRL_FAILED                                100
-# define DSO_R_DSO_ALREADY_LOADED                         110
-# define DSO_R_EMPTY_FILE_STRUCTURE                       113
-# define DSO_R_FAILURE                                    114
-# define DSO_R_FILENAME_TOO_BIG                           101
-# define DSO_R_FINISH_FAILED                              102
-# define DSO_R_INCORRECT_FILE_SYNTAX                      115
-# define DSO_R_LOAD_FAILED                                103
-# define DSO_R_NAME_TRANSLATION_FAILED                    109
-# define DSO_R_NO_FILENAME                                111
-# define DSO_R_NO_FILE_SPECIFICATION                      116
-# define DSO_R_NULL_HANDLE                                104
-# define DSO_R_SET_FILENAME_FAILED                        112
-# define DSO_R_STACK_ERROR                                105
-# define DSO_R_SYM_FAILURE                                106
-# define DSO_R_UNLOAD_FAILED                              107
-# define DSO_R_UNSUPPORTED                                108
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/freebsd/crypto/openssl/crypto/dso/dso_beos.c b/freebsd/crypto/openssl/crypto/dso/dso_beos.c
deleted file mode 100644
index ba1238fb..00000000
--- a/freebsd/crypto/openssl/crypto/dso/dso_beos.c
+++ /dev/null
@@ -1,255 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* dso_beos.c */
-/*
- * Written by Marcin Konicki (ahwayakchih@neoni.net) for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <string.h>
-#include "cryptlib.h"
-#include <openssl/dso.h>
-
-#if !defined(OPENSSL_SYS_BEOS)
-DSO_METHOD *DSO_METHOD_beos(void)
-{
-    return NULL;
-}
-#else
-
-# include <kernel/image.h>
-
-static int beos_load(DSO *dso);
-static int beos_unload(DSO *dso);
-static void *beos_bind_var(DSO *dso, const char *symname);
-static DSO_FUNC_TYPE beos_bind_func(DSO *dso, const char *symname);
-# if 0
-static int beos_unbind_var(DSO *dso, char *symname, void *symptr);
-static int beos_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr);
-static int beos_init(DSO *dso);
-static int beos_finish(DSO *dso);
-static long beos_ctrl(DSO *dso, int cmd, long larg, void *parg);
-# endif
-static char *beos_name_converter(DSO *dso, const char *filename);
-
-static DSO_METHOD dso_meth_beos = {
-    "OpenSSL 'beos' shared library method",
-    beos_load,
-    beos_unload,
-    beos_bind_var,
-    beos_bind_func,
-/* For now, "unbind" doesn't exist */
-# if 0
-    NULL,                       /* unbind_var */
-    NULL,                       /* unbind_func */
-# endif
-    NULL,                       /* ctrl */
-    beos_name_converter,
-    NULL,                       /* init */
-    NULL                        /* finish */
-};
-
-DSO_METHOD *DSO_METHOD_beos(void)
-{
-    return (&dso_meth_beos);
-}
-
-/*
- * For this DSO_METHOD, our meth_data STACK will contain; (i) a pointer to
- * the handle (image_id) returned from load_add_on().
- */
-
-static int beos_load(DSO *dso)
-{
-    image_id id;
-    /* See applicable comments from dso_dl.c */
-    char *filename = DSO_convert_filename(dso, NULL);
-
-    if (filename == NULL) {
-        DSOerr(DSO_F_BEOS_LOAD, DSO_R_NO_FILENAME);
-        goto err;
-    }
-    id = load_add_on(filename);
-    if (id < 1) {
-        DSOerr(DSO_F_BEOS_LOAD, DSO_R_LOAD_FAILED);
-        ERR_add_error_data(3, "filename(", filename, ")");
-        goto err;
-    }
-    if (!sk_push(dso->meth_data, (char *)id)) {
-        DSOerr(DSO_F_BEOS_LOAD, DSO_R_STACK_ERROR);
-        goto err;
-    }
-    /* Success */
-    dso->loaded_filename = filename;
-    return (1);
- err:
-    /* Cleanup ! */
-    if (filename != NULL)
-        OPENSSL_free(filename);
-    if (id > 0)
-        unload_add_on(id);
-    return (0);
-}
-
-static int beos_unload(DSO *dso)
-{
-    image_id id;
-    if (dso == NULL) {
-        DSOerr(DSO_F_BEOS_UNLOAD, ERR_R_PASSED_NULL_PARAMETER);
-        return (0);
-    }
-    if (sk_num(dso->meth_data) < 1)
-        return (1);
-    id = (image_id) sk_pop(dso->meth_data);
-    if (id < 1) {
-        DSOerr(DSO_F_BEOS_UNLOAD, DSO_R_NULL_HANDLE);
-        return (0);
-    }
-    if (unload_add_on(id) != B_OK) {
-        DSOerr(DSO_F_BEOS_UNLOAD, DSO_R_UNLOAD_FAILED);
-        /*
-         * We should push the value back onto the stack in case of a retry.
-         */
-        sk_push(dso->meth_data, (char *)id);
-        return (0);
-    }
-    return (1);
-}
-
-static void *beos_bind_var(DSO *dso, const char *symname)
-{
-    image_id id;
-    void *sym;
-
-    if ((dso == NULL) || (symname == NULL)) {
-        DSOerr(DSO_F_BEOS_BIND_VAR, ERR_R_PASSED_NULL_PARAMETER);
-        return (NULL);
-    }
-    if (sk_num(dso->meth_data) < 1) {
-        DSOerr(DSO_F_BEOS_BIND_VAR, DSO_R_STACK_ERROR);
-        return (NULL);
-    }
-    id = (image_id) sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
-    if (id < 1) {
-        DSOerr(DSO_F_BEOS_BIND_VAR, DSO_R_NULL_HANDLE);
-        return (NULL);
-    }
-    if (get_image_symbol(id, symname, B_SYMBOL_TYPE_DATA, &sym) != B_OK) {
-        DSOerr(DSO_F_BEOS_BIND_VAR, DSO_R_SYM_FAILURE);
-        ERR_add_error_data(3, "symname(", symname, ")");
-        return (NULL);
-    }
-    return (sym);
-}
-
-static DSO_FUNC_TYPE beos_bind_func(DSO *dso, const char *symname)
-{
-    image_id id;
-    void *sym;
-
-    if ((dso == NULL) || (symname == NULL)) {
-        DSOerr(DSO_F_BEOS_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER);
-        return (NULL);
-    }
-    if (sk_num(dso->meth_data) < 1) {
-        DSOerr(DSO_F_BEOS_BIND_FUNC, DSO_R_STACK_ERROR);
-        return (NULL);
-    }
-    id = (image_id) sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
-    if (id < 1) {
-        DSOerr(DSO_F_BEOS_BIND_FUNC, DSO_R_NULL_HANDLE);
-        return (NULL);
-    }
-    if (get_image_symbol(id, symname, B_SYMBOL_TYPE_TEXT, &sym) != B_OK) {
-        DSOerr(DSO_F_BEOS_BIND_FUNC, DSO_R_SYM_FAILURE);
-        ERR_add_error_data(3, "symname(", symname, ")");
-        return (NULL);
-    }
-    return ((DSO_FUNC_TYPE)sym);
-}
-
-/* This one is the same as the one in dlfcn */
-static char *beos_name_converter(DSO *dso, const char *filename)
-{
-    char *translated;
-    int len, rsize, transform;
-
-    len = strlen(filename);
-    rsize = len + 1;
-    transform = (strstr(filename, "/") == NULL);
-    if (transform) {
-        /* We will convert this to "%s.so" or "lib%s.so" */
-        rsize += 3;             /* The length of ".so" */
-        if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
-            rsize += 3;         /* The length of "lib" */
-    }
-    translated = OPENSSL_malloc(rsize);
-    if (translated == NULL) {
-        DSOerr(DSO_F_BEOS_NAME_CONVERTER, DSO_R_NAME_TRANSLATION_FAILED);
-        return (NULL);
-    }
-    if (transform) {
-        if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
-            sprintf(translated, "lib%s.so", filename);
-        else
-            sprintf(translated, "%s.so", filename);
-    } else
-        sprintf(translated, "%s", filename);
-    return (translated);
-}
-
-#endif
diff --git a/freebsd/crypto/openssl/crypto/dso/dso_dl.c b/freebsd/crypto/openssl/crypto/dso/dso_dl.c
deleted file mode 100644
index db8ca8bc..00000000
--- a/freebsd/crypto/openssl/crypto/dso/dso_dl.c
+++ /dev/null
@@ -1,382 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* dso_dl.c */
-/*
- * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/dso.h>
-
-#ifndef DSO_DL
-DSO_METHOD *DSO_METHOD_dl(void)
-{
-    return NULL;
-}
-#else
-
-# include <dl.h>
-
-/* Part of the hack in "dl_load" ... */
-# define DSO_MAX_TRANSLATED_SIZE 256
-
-static int dl_load(DSO *dso);
-static int dl_unload(DSO *dso);
-static void *dl_bind_var(DSO *dso, const char *symname);
-static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname);
-# if 0
-static int dl_unbind_var(DSO *dso, char *symname, void *symptr);
-static int dl_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr);
-static int dl_init(DSO *dso);
-static int dl_finish(DSO *dso);
-static int dl_ctrl(DSO *dso, int cmd, long larg, void *parg);
-# endif
-static char *dl_name_converter(DSO *dso, const char *filename);
-static char *dl_merger(DSO *dso, const char *filespec1,
-                       const char *filespec2);
-static int dl_pathbyaddr(void *addr, char *path, int sz);
-static void *dl_globallookup(const char *name);
-
-static DSO_METHOD dso_meth_dl = {
-    "OpenSSL 'dl' shared library method",
-    dl_load,
-    dl_unload,
-    dl_bind_var,
-    dl_bind_func,
-/* For now, "unbind" doesn't exist */
-# if 0
-    NULL,                       /* unbind_var */
-    NULL,                       /* unbind_func */
-# endif
-    NULL,                       /* ctrl */
-    dl_name_converter,
-    dl_merger,
-    NULL,                       /* init */
-    NULL,                       /* finish */
-    dl_pathbyaddr,
-    dl_globallookup
-};
-
-DSO_METHOD *DSO_METHOD_dl(void)
-{
-    return (&dso_meth_dl);
-}
-
-/*
- * For this DSO_METHOD, our meth_data STACK will contain; (i) the handle
- * (shl_t) returned from shl_load(). NB: I checked on HPUX11 and shl_t is
- * itself a pointer type so the cast is safe.
- */
-
-static int dl_load(DSO *dso)
-{
-    shl_t ptr = NULL;
-    /*
-     * We don't do any fancy retries or anything, just take the method's (or
-     * DSO's if it has the callback set) best translation of the
-     * platform-independant filename and try once with that.
-     */
-    char *filename = DSO_convert_filename(dso, NULL);
-
-    if (filename == NULL) {
-        DSOerr(DSO_F_DL_LOAD, DSO_R_NO_FILENAME);
-        goto err;
-    }
-    ptr = shl_load(filename, BIND_IMMEDIATE |
-                   (dso->flags & DSO_FLAG_NO_NAME_TRANSLATION ? 0 :
-                    DYNAMIC_PATH), 0L);
-    if (ptr == NULL) {
-        DSOerr(DSO_F_DL_LOAD, DSO_R_LOAD_FAILED);
-        ERR_add_error_data(4, "filename(", filename, "): ", strerror(errno));
-        goto err;
-    }
-    if (!sk_push(dso->meth_data, (char *)ptr)) {
-        DSOerr(DSO_F_DL_LOAD, DSO_R_STACK_ERROR);
-        goto err;
-    }
-    /*
-     * Success, stick the converted filename we've loaded under into the DSO
-     * (it also serves as the indicator that we are currently loaded).
-     */
-    dso->loaded_filename = filename;
-    return (1);
- err:
-    /* Cleanup! */
-    if (filename != NULL)
-        OPENSSL_free(filename);
-    if (ptr != NULL)
-        shl_unload(ptr);
-    return (0);
-}
-
-static int dl_unload(DSO *dso)
-{
-    shl_t ptr;
-    if (dso == NULL) {
-        DSOerr(DSO_F_DL_UNLOAD, ERR_R_PASSED_NULL_PARAMETER);
-        return (0);
-    }
-    if (sk_num(dso->meth_data) < 1)
-        return (1);
-    /* Is this statement legal? */
-    ptr = (shl_t) sk_pop(dso->meth_data);
-    if (ptr == NULL) {
-        DSOerr(DSO_F_DL_UNLOAD, DSO_R_NULL_HANDLE);
-        /*
-         * Should push the value back onto the stack in case of a retry.
-         */
-        sk_push(dso->meth_data, (char *)ptr);
-        return (0);
-    }
-    shl_unload(ptr);
-    return (1);
-}
-
-static void *dl_bind_var(DSO *dso, const char *symname)
-{
-    shl_t ptr;
-    void *sym;
-
-    if ((dso == NULL) || (symname == NULL)) {
-        DSOerr(DSO_F_DL_BIND_VAR, ERR_R_PASSED_NULL_PARAMETER);
-        return (NULL);
-    }
-    if (sk_num(dso->meth_data) < 1) {
-        DSOerr(DSO_F_DL_BIND_VAR, DSO_R_STACK_ERROR);
-        return (NULL);
-    }
-    ptr = (shl_t) sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
-    if (ptr == NULL) {
-        DSOerr(DSO_F_DL_BIND_VAR, DSO_R_NULL_HANDLE);
-        return (NULL);
-    }
-    if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0) {
-        DSOerr(DSO_F_DL_BIND_VAR, DSO_R_SYM_FAILURE);
-        ERR_add_error_data(4, "symname(", symname, "): ", strerror(errno));
-        return (NULL);
-    }
-    return (sym);
-}
-
-static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname)
-{
-    shl_t ptr;
-    void *sym;
-
-    if ((dso == NULL) || (symname == NULL)) {
-        DSOerr(DSO_F_DL_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER);
-        return (NULL);
-    }
-    if (sk_num(dso->meth_data) < 1) {
-        DSOerr(DSO_F_DL_BIND_FUNC, DSO_R_STACK_ERROR);
-        return (NULL);
-    }
-    ptr = (shl_t) sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
-    if (ptr == NULL) {
-        DSOerr(DSO_F_DL_BIND_FUNC, DSO_R_NULL_HANDLE);
-        return (NULL);
-    }
-    if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0) {
-        DSOerr(DSO_F_DL_BIND_FUNC, DSO_R_SYM_FAILURE);
-        ERR_add_error_data(4, "symname(", symname, "): ", strerror(errno));
-        return (NULL);
-    }
-    return ((DSO_FUNC_TYPE)sym);
-}
-
-static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2)
-{
-    char *merged;
-
-    if (!filespec1 && !filespec2) {
-        DSOerr(DSO_F_DL_MERGER, ERR_R_PASSED_NULL_PARAMETER);
-        return (NULL);
-    }
-    /*
-     * If the first file specification is a rooted path, it rules. same goes
-     * if the second file specification is missing.
-     */
-    if (!filespec2 || filespec1[0] == '/') {
-        merged = OPENSSL_malloc(strlen(filespec1) + 1);
-        if (!merged) {
-            DSOerr(DSO_F_DL_MERGER, ERR_R_MALLOC_FAILURE);
-            return (NULL);
-        }
-        strcpy(merged, filespec1);
-    }
-    /*
-     * If the first file specification is missing, the second one rules.
-     */
-    else if (!filespec1) {
-        merged = OPENSSL_malloc(strlen(filespec2) + 1);
-        if (!merged) {
-            DSOerr(DSO_F_DL_MERGER, ERR_R_MALLOC_FAILURE);
-            return (NULL);
-        }
-        strcpy(merged, filespec2);
-    } else
-        /*
-         * This part isn't as trivial as it looks.  It assumes that the
-         * second file specification really is a directory, and makes no
-         * checks whatsoever.  Therefore, the result becomes the
-         * concatenation of filespec2 followed by a slash followed by
-         * filespec1.
-         */
-    {
-        int spec2len, len;
-
-        spec2len = (filespec2 ? strlen(filespec2) : 0);
-        len = spec2len + (filespec1 ? strlen(filespec1) : 0);
-
-        if (filespec2 && filespec2[spec2len - 1] == '/') {
-            spec2len--;
-            len--;
-        }
-        merged = OPENSSL_malloc(len + 2);
-        if (!merged) {
-            DSOerr(DSO_F_DL_MERGER, ERR_R_MALLOC_FAILURE);
-            return (NULL);
-        }
-        strcpy(merged, filespec2);
-        merged[spec2len] = '/';
-        strcpy(&merged[spec2len + 1], filespec1);
-    }
-    return (merged);
-}
-
-/*
- * This function is identical to the one in dso_dlfcn.c, but as it is highly
- * unlikely that both the "dl" *and* "dlfcn" variants are being compiled at
- * the same time, there's no great duplicating the code. Figuring out an
- * elegant way to share one copy of the code would be more difficult and
- * would not leave the implementations independant.
- */
-# if defined(__hpux)
-static const char extension[] = ".sl";
-# else
-static const char extension[] = ".so";
-# endif
-static char *dl_name_converter(DSO *dso, const char *filename)
-{
-    char *translated;
-    int len, rsize, transform;
-
-    len = strlen(filename);
-    rsize = len + 1;
-    transform = (strstr(filename, "/") == NULL);
-    {
-        /* We will convert this to "%s.s?" or "lib%s.s?" */
-        rsize += strlen(extension); /* The length of ".s?" */
-        if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
-            rsize += 3;         /* The length of "lib" */
-    }
-    translated = OPENSSL_malloc(rsize);
-    if (translated == NULL) {
-        DSOerr(DSO_F_DL_NAME_CONVERTER, DSO_R_NAME_TRANSLATION_FAILED);
-        return (NULL);
-    }
-    if (transform) {
-        if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
-            sprintf(translated, "lib%s%s", filename, extension);
-        else
-            sprintf(translated, "%s%s", filename, extension);
-    } else
-        sprintf(translated, "%s", filename);
-    return (translated);
-}
-
-static int dl_pathbyaddr(void *addr, char *path, int sz)
-{
-    struct shl_descriptor inf;
-    int i, len;
-
-    if (addr == NULL) {
-        union {
-            int (*f) (void *, char *, int);
-            void *p;
-        } t = {
-            dl_pathbyaddr
-        };
-        addr = t.p;
-    }
-
-    for (i = -1; shl_get_r(i, &inf) == 0; i++) {
-        if (((size_t)addr >= inf.tstart && (size_t)addr < inf.tend) ||
-            ((size_t)addr >= inf.dstart && (size_t)addr < inf.dend)) {
-            len = (int)strlen(inf.filename);
-            if (sz <= 0)
-                return len + 1;
-            if (len >= sz)
-                len = sz - 1;
-            memcpy(path, inf.filename, len);
-            path[len++] = 0;
-            return len;
-        }
-    }
-
-    return -1;
-}
-
-static void *dl_globallookup(const char *name)
-{
-    void *ret;
-    shl_t h = NULL;
-
-    return shl_findsym(&h, name, TYPE_UNDEFINED, &ret) ? NULL : ret;
-}
-#endif                          /* DSO_DL */
diff --git a/freebsd/crypto/openssl/crypto/dso/dso_dlfcn.c b/freebsd/crypto/openssl/crypto/dso/dso_dlfcn.c
deleted file mode 100644
index 645fbbe7..00000000
--- a/freebsd/crypto/openssl/crypto/dso/dso_dlfcn.c
+++ /dev/null
@@ -1,467 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* dso_dlfcn.c */
-/*
- * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/*
- * We need to do this early, because stdio.h includes the header files that
- * handle _GNU_SOURCE and other similar macros.  Defining it later is simply
- * too late, because those headers are protected from re- inclusion.
- */
-#ifndef _GNU_SOURCE
-# define _GNU_SOURCE            /* make sure dladdr is declared */
-#endif
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/dso.h>
-
-#ifndef DSO_DLFCN
-DSO_METHOD *DSO_METHOD_dlfcn(void)
-{
-    return NULL;
-}
-#else
-
-# ifdef HAVE_DLFCN_H
-#  ifdef __osf__
-#   define __EXTENSIONS__
-#  endif
-#  include <dlfcn.h>
-#  define HAVE_DLINFO 1
-#  if defined(_AIX) || defined(__CYGWIN__) || \
-     defined(__SCO_VERSION__) || defined(_SCO_ELF) || \
-     (defined(__osf__) && !defined(RTLD_NEXT))     || \
-     (defined(__OpenBSD__) && !defined(RTLD_SELF)) || \
-        defined(__ANDROID__)
-#   undef HAVE_DLINFO
-#  endif
-# endif
-
-/* Part of the hack in "dlfcn_load" ... */
-# define DSO_MAX_TRANSLATED_SIZE 256
-
-static int dlfcn_load(DSO *dso);
-static int dlfcn_unload(DSO *dso);
-static void *dlfcn_bind_var(DSO *dso, const char *symname);
-static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname);
-# if 0
-static int dlfcn_unbind(DSO *dso, char *symname, void *symptr);
-static int dlfcn_init(DSO *dso);
-static int dlfcn_finish(DSO *dso);
-static long dlfcn_ctrl(DSO *dso, int cmd, long larg, void *parg);
-# endif
-static char *dlfcn_name_converter(DSO *dso, const char *filename);
-static char *dlfcn_merger(DSO *dso, const char *filespec1,
-                          const char *filespec2);
-static int dlfcn_pathbyaddr(void *addr, char *path, int sz);
-static void *dlfcn_globallookup(const char *name);
-
-static DSO_METHOD dso_meth_dlfcn = {
-    "OpenSSL 'dlfcn' shared library method",
-    dlfcn_load,
-    dlfcn_unload,
-    dlfcn_bind_var,
-    dlfcn_bind_func,
-/* For now, "unbind" doesn't exist */
-# if 0
-    NULL,                       /* unbind_var */
-    NULL,                       /* unbind_func */
-# endif
-    NULL,                       /* ctrl */
-    dlfcn_name_converter,
-    dlfcn_merger,
-    NULL,                       /* init */
-    NULL,                       /* finish */
-    dlfcn_pathbyaddr,
-    dlfcn_globallookup
-};
-
-DSO_METHOD *DSO_METHOD_dlfcn(void)
-{
-    return (&dso_meth_dlfcn);
-}
-
-/*
- * Prior to using the dlopen() function, we should decide on the flag we
- * send. There's a few different ways of doing this and it's a messy
- * venn-diagram to match up which platforms support what. So as we don't have
- * autoconf yet, I'm implementing a hack that could be hacked further
- * relatively easily to deal with cases as we find them. Initially this is to
- * cope with OpenBSD.
- */
-# if defined(__OpenBSD__) || defined(__NetBSD__)
-#  ifdef DL_LAZY
-#   define DLOPEN_FLAG DL_LAZY
-#  else
-#   ifdef RTLD_NOW
-#    define DLOPEN_FLAG RTLD_NOW
-#   else
-#    define DLOPEN_FLAG 0
-#   endif
-#  endif
-# else
-#  ifdef OPENSSL_SYS_SUNOS
-#   define DLOPEN_FLAG 1
-#  else
-#   define DLOPEN_FLAG RTLD_NOW /* Hope this works everywhere else */
-#  endif
-# endif
-
-/*
- * For this DSO_METHOD, our meth_data STACK will contain; (i) the handle
- * (void*) returned from dlopen().
- */
-
-static int dlfcn_load(DSO *dso)
-{
-    void *ptr = NULL;
-    /* See applicable comments in dso_dl.c */
-    char *filename = DSO_convert_filename(dso, NULL);
-    int flags = DLOPEN_FLAG;
-
-    if (filename == NULL) {
-        DSOerr(DSO_F_DLFCN_LOAD, DSO_R_NO_FILENAME);
-        goto err;
-    }
-# ifdef RTLD_GLOBAL
-    if (dso->flags & DSO_FLAG_GLOBAL_SYMBOLS)
-        flags |= RTLD_GLOBAL;
-# endif
-    ptr = dlopen(filename, flags);
-    if (ptr == NULL) {
-        DSOerr(DSO_F_DLFCN_LOAD, DSO_R_LOAD_FAILED);
-        ERR_add_error_data(4, "filename(", filename, "): ", dlerror());
-        goto err;
-    }
-    if (!sk_void_push(dso->meth_data, (char *)ptr)) {
-        DSOerr(DSO_F_DLFCN_LOAD, DSO_R_STACK_ERROR);
-        goto err;
-    }
-    /* Success */
-    dso->loaded_filename = filename;
-    return (1);
- err:
-    /* Cleanup! */
-    if (filename != NULL)
-        OPENSSL_free(filename);
-    if (ptr != NULL)
-        dlclose(ptr);
-    return (0);
-}
-
-static int dlfcn_unload(DSO *dso)
-{
-    void *ptr;
-    if (dso == NULL) {
-        DSOerr(DSO_F_DLFCN_UNLOAD, ERR_R_PASSED_NULL_PARAMETER);
-        return (0);
-    }
-    if (sk_void_num(dso->meth_data) < 1)
-        return (1);
-    ptr = sk_void_pop(dso->meth_data);
-    if (ptr == NULL) {
-        DSOerr(DSO_F_DLFCN_UNLOAD, DSO_R_NULL_HANDLE);
-        /*
-         * Should push the value back onto the stack in case of a retry.
-         */
-        sk_void_push(dso->meth_data, ptr);
-        return (0);
-    }
-    /* For now I'm not aware of any errors associated with dlclose() */
-    dlclose(ptr);
-    return (1);
-}
-
-static void *dlfcn_bind_var(DSO *dso, const char *symname)
-{
-    void *ptr, *sym;
-
-    if ((dso == NULL) || (symname == NULL)) {
-        DSOerr(DSO_F_DLFCN_BIND_VAR, ERR_R_PASSED_NULL_PARAMETER);
-        return (NULL);
-    }
-    if (sk_void_num(dso->meth_data) < 1) {
-        DSOerr(DSO_F_DLFCN_BIND_VAR, DSO_R_STACK_ERROR);
-        return (NULL);
-    }
-    ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1);
-    if (ptr == NULL) {
-        DSOerr(DSO_F_DLFCN_BIND_VAR, DSO_R_NULL_HANDLE);
-        return (NULL);
-    }
-    sym = dlsym(ptr, symname);
-    if (sym == NULL) {
-        DSOerr(DSO_F_DLFCN_BIND_VAR, DSO_R_SYM_FAILURE);
-        ERR_add_error_data(4, "symname(", symname, "): ", dlerror());
-        return (NULL);
-    }
-    return (sym);
-}
-
-static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname)
-{
-    void *ptr;
-    union {
-        DSO_FUNC_TYPE sym;
-        void *dlret;
-    } u;
-
-    if ((dso == NULL) || (symname == NULL)) {
-        DSOerr(DSO_F_DLFCN_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER);
-        return (NULL);
-    }
-    if (sk_void_num(dso->meth_data) < 1) {
-        DSOerr(DSO_F_DLFCN_BIND_FUNC, DSO_R_STACK_ERROR);
-        return (NULL);
-    }
-    ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1);
-    if (ptr == NULL) {
-        DSOerr(DSO_F_DLFCN_BIND_FUNC, DSO_R_NULL_HANDLE);
-        return (NULL);
-    }
-    u.dlret = dlsym(ptr, symname);
-    if (u.dlret == NULL) {
-        DSOerr(DSO_F_DLFCN_BIND_FUNC, DSO_R_SYM_FAILURE);
-        ERR_add_error_data(4, "symname(", symname, "): ", dlerror());
-        return (NULL);
-    }
-    return u.sym;
-}
-
-static char *dlfcn_merger(DSO *dso, const char *filespec1,
-                          const char *filespec2)
-{
-    char *merged;
-
-    if (!filespec1 && !filespec2) {
-        DSOerr(DSO_F_DLFCN_MERGER, ERR_R_PASSED_NULL_PARAMETER);
-        return (NULL);
-    }
-    /*
-     * If the first file specification is a rooted path, it rules. same goes
-     * if the second file specification is missing.
-     */
-    if (!filespec2 || (filespec1 != NULL && filespec1[0] == '/')) {
-        merged = OPENSSL_malloc(strlen(filespec1) + 1);
-        if (!merged) {
-            DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE);
-            return (NULL);
-        }
-        strcpy(merged, filespec1);
-    }
-    /*
-     * If the first file specification is missing, the second one rules.
-     */
-    else if (!filespec1) {
-        merged = OPENSSL_malloc(strlen(filespec2) + 1);
-        if (!merged) {
-            DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE);
-            return (NULL);
-        }
-        strcpy(merged, filespec2);
-    } else {
-        /*
-         * This part isn't as trivial as it looks.  It assumes that the
-         * second file specification really is a directory, and makes no
-         * checks whatsoever.  Therefore, the result becomes the
-         * concatenation of filespec2 followed by a slash followed by
-         * filespec1.
-         */
-        int spec2len, len;
-
-        spec2len = strlen(filespec2);
-        len = spec2len + strlen(filespec1);
-
-        if (spec2len && filespec2[spec2len - 1] == '/') {
-            spec2len--;
-            len--;
-        }
-        merged = OPENSSL_malloc(len + 2);
-        if (!merged) {
-            DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE);
-            return (NULL);
-        }
-        strcpy(merged, filespec2);
-        merged[spec2len] = '/';
-        strcpy(&merged[spec2len + 1], filespec1);
-    }
-    return (merged);
-}
-
-# ifdef OPENSSL_SYS_MACOSX
-#  define DSO_ext ".dylib"
-#  define DSO_extlen 6
-# else
-#  define DSO_ext ".so"
-#  define DSO_extlen 3
-# endif
-
-static char *dlfcn_name_converter(DSO *dso, const char *filename)
-{
-    char *translated;
-    int len, rsize, transform;
-
-    len = strlen(filename);
-    rsize = len + 1;
-    transform = (strstr(filename, "/") == NULL);
-    if (transform) {
-        /* We will convert this to "%s.so" or "lib%s.so" etc */
-        rsize += DSO_extlen;    /* The length of ".so" */
-        if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
-            rsize += 3;         /* The length of "lib" */
-    }
-    translated = OPENSSL_malloc(rsize);
-    if (translated == NULL) {
-        DSOerr(DSO_F_DLFCN_NAME_CONVERTER, DSO_R_NAME_TRANSLATION_FAILED);
-        return (NULL);
-    }
-    if (transform) {
-        if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
-            sprintf(translated, "lib%s" DSO_ext, filename);
-        else
-            sprintf(translated, "%s" DSO_ext, filename);
-    } else
-        sprintf(translated, "%s", filename);
-    return (translated);
-}
-
-# ifdef __sgi
-/*-
-This is a quote from IRIX manual for dladdr(3c):
-
-     <dlfcn.h> does not contain a prototype for dladdr or definition of
-     Dl_info.  The #include <dlfcn.h>  in the SYNOPSIS line is traditional,
-     but contains no dladdr prototype and no IRIX library contains an
-     implementation.  Write your own declaration based on the code below.
-
-     The following code is dependent on internal interfaces that are not
-     part of the IRIX compatibility guarantee; however, there is no future
-     intention to change this interface, so on a practical level, the code
-     below is safe to use on IRIX.
-*/
-#  include <rld_interface.h>
-#  ifndef _RLD_INTERFACE_DLFCN_H_DLADDR
-#   define _RLD_INTERFACE_DLFCN_H_DLADDR
-typedef struct Dl_info {
-    const char *dli_fname;
-    void *dli_fbase;
-    const char *dli_sname;
-    void *dli_saddr;
-    int dli_version;
-    int dli_reserved1;
-    long dli_reserved[4];
-} Dl_info;
-#  else
-typedef struct Dl_info Dl_info;
-#  endif
-#  define _RLD_DLADDR             14
-
-static int dladdr(void *address, Dl_info *dl)
-{
-    void *v;
-    v = _rld_new_interface(_RLD_DLADDR, address, dl);
-    return (int)v;
-}
-# endif                         /* __sgi */
-
-static int dlfcn_pathbyaddr(void *addr, char *path, int sz)
-{
-# ifdef HAVE_DLINFO
-    Dl_info dli;
-    int len;
-
-    if (addr == NULL) {
-        union {
-            int (*f) (void *, char *, int);
-            void *p;
-        } t = {
-            dlfcn_pathbyaddr
-        };
-        addr = t.p;
-    }
-
-    if (dladdr(addr, &dli)) {
-        len = (int)strlen(dli.dli_fname);
-        if (sz <= 0)
-            return len + 1;
-        if (len >= sz)
-            len = sz - 1;
-        memcpy(path, dli.dli_fname, len);
-        path[len++] = 0;
-        return len;
-    }
-
-    ERR_add_error_data(2, "dlfcn_pathbyaddr(): ", dlerror());
-# endif
-    return -1;
-}
-
-static void *dlfcn_globallookup(const char *name)
-{
-    void *ret = NULL, *handle = dlopen(NULL, RTLD_LAZY);
-
-    if (handle) {
-        ret = dlsym(handle, name);
-        dlclose(handle);
-    }
-
-    return ret;
-}
-#endif                          /* DSO_DLFCN */
diff --git a/freebsd/crypto/openssl/crypto/dso/dso_err.c b/freebsd/crypto/openssl/crypto/dso/dso_err.c
deleted file mode 100644
index 01706f56..00000000
--- a/freebsd/crypto/openssl/crypto/dso/dso_err.c
+++ /dev/null
@@ -1,160 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/dso/dso_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/*
- * NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/dso.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSO,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSO,0,reason)
-
-static ERR_STRING_DATA DSO_str_functs[] = {
-    {ERR_FUNC(DSO_F_BEOS_BIND_FUNC), "BEOS_BIND_FUNC"},
-    {ERR_FUNC(DSO_F_BEOS_BIND_VAR), "BEOS_BIND_VAR"},
-    {ERR_FUNC(DSO_F_BEOS_LOAD), "BEOS_LOAD"},
-    {ERR_FUNC(DSO_F_BEOS_NAME_CONVERTER), "BEOS_NAME_CONVERTER"},
-    {ERR_FUNC(DSO_F_BEOS_UNLOAD), "BEOS_UNLOAD"},
-    {ERR_FUNC(DSO_F_DLFCN_BIND_FUNC), "DLFCN_BIND_FUNC"},
-    {ERR_FUNC(DSO_F_DLFCN_BIND_VAR), "DLFCN_BIND_VAR"},
-    {ERR_FUNC(DSO_F_DLFCN_LOAD), "DLFCN_LOAD"},
-    {ERR_FUNC(DSO_F_DLFCN_MERGER), "DLFCN_MERGER"},
-    {ERR_FUNC(DSO_F_DLFCN_NAME_CONVERTER), "DLFCN_NAME_CONVERTER"},
-    {ERR_FUNC(DSO_F_DLFCN_UNLOAD), "DLFCN_UNLOAD"},
-    {ERR_FUNC(DSO_F_DL_BIND_FUNC), "DL_BIND_FUNC"},
-    {ERR_FUNC(DSO_F_DL_BIND_VAR), "DL_BIND_VAR"},
-    {ERR_FUNC(DSO_F_DL_LOAD), "DL_LOAD"},
-    {ERR_FUNC(DSO_F_DL_MERGER), "DL_MERGER"},
-    {ERR_FUNC(DSO_F_DL_NAME_CONVERTER), "DL_NAME_CONVERTER"},
-    {ERR_FUNC(DSO_F_DL_UNLOAD), "DL_UNLOAD"},
-    {ERR_FUNC(DSO_F_DSO_BIND_FUNC), "DSO_bind_func"},
-    {ERR_FUNC(DSO_F_DSO_BIND_VAR), "DSO_bind_var"},
-    {ERR_FUNC(DSO_F_DSO_CONVERT_FILENAME), "DSO_convert_filename"},
-    {ERR_FUNC(DSO_F_DSO_CTRL), "DSO_ctrl"},
-    {ERR_FUNC(DSO_F_DSO_FREE), "DSO_free"},
-    {ERR_FUNC(DSO_F_DSO_GET_FILENAME), "DSO_get_filename"},
-    {ERR_FUNC(DSO_F_DSO_GET_LOADED_FILENAME), "DSO_get_loaded_filename"},
-    {ERR_FUNC(DSO_F_DSO_GLOBAL_LOOKUP), "DSO_global_lookup"},
-    {ERR_FUNC(DSO_F_DSO_LOAD), "DSO_load"},
-    {ERR_FUNC(DSO_F_DSO_MERGE), "DSO_merge"},
-    {ERR_FUNC(DSO_F_DSO_NEW_METHOD), "DSO_new_method"},
-    {ERR_FUNC(DSO_F_DSO_PATHBYADDR), "DSO_pathbyaddr"},
-    {ERR_FUNC(DSO_F_DSO_SET_FILENAME), "DSO_set_filename"},
-    {ERR_FUNC(DSO_F_DSO_SET_NAME_CONVERTER), "DSO_set_name_converter"},
-    {ERR_FUNC(DSO_F_DSO_UP_REF), "DSO_up_ref"},
-    {ERR_FUNC(DSO_F_GLOBAL_LOOKUP_FUNC), "GLOBAL_LOOKUP_FUNC"},
-    {ERR_FUNC(DSO_F_PATHBYADDR), "PATHBYADDR"},
-    {ERR_FUNC(DSO_F_VMS_BIND_SYM), "VMS_BIND_SYM"},
-    {ERR_FUNC(DSO_F_VMS_LOAD), "VMS_LOAD"},
-    {ERR_FUNC(DSO_F_VMS_MERGER), "VMS_MERGER"},
-    {ERR_FUNC(DSO_F_VMS_UNLOAD), "VMS_UNLOAD"},
-    {ERR_FUNC(DSO_F_WIN32_BIND_FUNC), "WIN32_BIND_FUNC"},
-    {ERR_FUNC(DSO_F_WIN32_BIND_VAR), "WIN32_BIND_VAR"},
-    {ERR_FUNC(DSO_F_WIN32_GLOBALLOOKUP), "WIN32_GLOBALLOOKUP"},
-    {ERR_FUNC(DSO_F_WIN32_GLOBALLOOKUP_FUNC), "WIN32_GLOBALLOOKUP_FUNC"},
-    {ERR_FUNC(DSO_F_WIN32_JOINER), "WIN32_JOINER"},
-    {ERR_FUNC(DSO_F_WIN32_LOAD), "WIN32_LOAD"},
-    {ERR_FUNC(DSO_F_WIN32_MERGER), "WIN32_MERGER"},
-    {ERR_FUNC(DSO_F_WIN32_NAME_CONVERTER), "WIN32_NAME_CONVERTER"},
-    {ERR_FUNC(DSO_F_WIN32_PATHBYADDR), "WIN32_PATHBYADDR"},
-    {ERR_FUNC(DSO_F_WIN32_SPLITTER), "WIN32_SPLITTER"},
-    {ERR_FUNC(DSO_F_WIN32_UNLOAD), "WIN32_UNLOAD"},
-    {0, NULL}
-};
-
-static ERR_STRING_DATA DSO_str_reasons[] = {
-    {ERR_REASON(DSO_R_CTRL_FAILED), "control command failed"},
-    {ERR_REASON(DSO_R_DSO_ALREADY_LOADED), "dso already loaded"},
-    {ERR_REASON(DSO_R_EMPTY_FILE_STRUCTURE), "empty file structure"},
-    {ERR_REASON(DSO_R_FAILURE), "failure"},
-    {ERR_REASON(DSO_R_FILENAME_TOO_BIG), "filename too big"},
-    {ERR_REASON(DSO_R_FINISH_FAILED), "cleanup method function failed"},
-    {ERR_REASON(DSO_R_INCORRECT_FILE_SYNTAX), "incorrect file syntax"},
-    {ERR_REASON(DSO_R_LOAD_FAILED), "could not load the shared library"},
-    {ERR_REASON(DSO_R_NAME_TRANSLATION_FAILED), "name translation failed"},
-    {ERR_REASON(DSO_R_NO_FILENAME), "no filename"},
-    {ERR_REASON(DSO_R_NO_FILE_SPECIFICATION), "no file specification"},
-    {ERR_REASON(DSO_R_NULL_HANDLE), "a null shared library handle was used"},
-    {ERR_REASON(DSO_R_SET_FILENAME_FAILED), "set filename failed"},
-    {ERR_REASON(DSO_R_STACK_ERROR), "the meth_data stack is corrupt"},
-    {ERR_REASON(DSO_R_SYM_FAILURE),
-     "could not bind to the requested symbol name"},
-    {ERR_REASON(DSO_R_UNLOAD_FAILED), "could not unload the shared library"},
-    {ERR_REASON(DSO_R_UNSUPPORTED), "functionality not supported"},
-    {0, NULL}
-};
-
-#endif
-
-void ERR_load_DSO_strings(void)
-{
-#ifndef OPENSSL_NO_ERR
-
-    if (ERR_func_error_string(DSO_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, DSO_str_functs);
-        ERR_load_strings(0, DSO_str_reasons);
-    }
-#endif
-}
diff --git a/freebsd/crypto/openssl/crypto/dso/dso_lib.c b/freebsd/crypto/openssl/crypto/dso/dso_lib.c
deleted file mode 100644
index 81cd8e7a..00000000
--- a/freebsd/crypto/openssl/crypto/dso/dso_lib.c
+++ /dev/null
@@ -1,450 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* dso_lib.c */
-/*
- * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <openssl/crypto.h>
-#include "cryptlib.h"
-#include <openssl/dso.h>
-
-static DSO_METHOD *default_DSO_meth = NULL;
-
-DSO *DSO_new(void)
-{
-    return (DSO_new_method(NULL));
-}
-
-void DSO_set_default_method(DSO_METHOD *meth)
-{
-    default_DSO_meth = meth;
-}
-
-DSO_METHOD *DSO_get_default_method(void)
-{
-    return (default_DSO_meth);
-}
-
-DSO_METHOD *DSO_get_method(DSO *dso)
-{
-    return (dso->meth);
-}
-
-DSO_METHOD *DSO_set_method(DSO *dso, DSO_METHOD *meth)
-{
-    DSO_METHOD *mtmp;
-    mtmp = dso->meth;
-    dso->meth = meth;
-    return (mtmp);
-}
-
-DSO *DSO_new_method(DSO_METHOD *meth)
-{
-    DSO *ret;
-
-    if (default_DSO_meth == NULL)
-        /*
-         * We default to DSO_METH_openssl() which in turn defaults to
-         * stealing the "best available" method. Will fallback to
-         * DSO_METH_null() in the worst case.
-         */
-        default_DSO_meth = DSO_METHOD_openssl();
-    ret = (DSO *)OPENSSL_malloc(sizeof(DSO));
-    if (ret == NULL) {
-        DSOerr(DSO_F_DSO_NEW_METHOD, ERR_R_MALLOC_FAILURE);
-        return (NULL);
-    }
-    memset(ret, 0, sizeof(DSO));
-    ret->meth_data = sk_void_new_null();
-    if (ret->meth_data == NULL) {
-        /* sk_new doesn't generate any errors so we do */
-        DSOerr(DSO_F_DSO_NEW_METHOD, ERR_R_MALLOC_FAILURE);
-        OPENSSL_free(ret);
-        return (NULL);
-    }
-    if (meth == NULL)
-        ret->meth = default_DSO_meth;
-    else
-        ret->meth = meth;
-    ret->references = 1;
-    if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
-        sk_void_free(ret->meth_data);
-        OPENSSL_free(ret);
-        ret = NULL;
-    }
-    return (ret);
-}
-
-int DSO_free(DSO *dso)
-{
-    int i;
-
-    if (dso == NULL) {
-        DSOerr(DSO_F_DSO_FREE, ERR_R_PASSED_NULL_PARAMETER);
-        return (0);
-    }
-
-    i = CRYPTO_add(&dso->references, -1, CRYPTO_LOCK_DSO);
-#ifdef REF_PRINT
-    REF_PRINT("DSO", dso);
-#endif
-    if (i > 0)
-        return (1);
-#ifdef REF_CHECK
-    if (i < 0) {
-        fprintf(stderr, "DSO_free, bad reference count\n");
-        abort();
-    }
-#endif
-
-    if ((dso->meth->dso_unload != NULL) && !dso->meth->dso_unload(dso)) {
-        DSOerr(DSO_F_DSO_FREE, DSO_R_UNLOAD_FAILED);
-        return (0);
-    }
-
-    if ((dso->meth->finish != NULL) && !dso->meth->finish(dso)) {
-        DSOerr(DSO_F_DSO_FREE, DSO_R_FINISH_FAILED);
-        return (0);
-    }
-
-    sk_void_free(dso->meth_data);
-    if (dso->filename != NULL)
-        OPENSSL_free(dso->filename);
-    if (dso->loaded_filename != NULL)
-        OPENSSL_free(dso->loaded_filename);
-
-    OPENSSL_free(dso);
-    return (1);
-}
-
-int DSO_flags(DSO *dso)
-{
-    return ((dso == NULL) ? 0 : dso->flags);
-}
-
-int DSO_up_ref(DSO *dso)
-{
-    if (dso == NULL) {
-        DSOerr(DSO_F_DSO_UP_REF, ERR_R_PASSED_NULL_PARAMETER);
-        return (0);
-    }
-
-    CRYPTO_add(&dso->references, 1, CRYPTO_LOCK_DSO);
-    return (1);
-}
-
-DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags)
-{
-    DSO *ret;
-    int allocated = 0;
-
-    if (dso == NULL) {
-        ret = DSO_new_method(meth);
-        if (ret == NULL) {
-            DSOerr(DSO_F_DSO_LOAD, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-        allocated = 1;
-        /* Pass the provided flags to the new DSO object */
-        if (DSO_ctrl(ret, DSO_CTRL_SET_FLAGS, flags, NULL) < 0) {
-            DSOerr(DSO_F_DSO_LOAD, DSO_R_CTRL_FAILED);
-            goto err;
-        }
-    } else
-        ret = dso;
-    /* Don't load if we're currently already loaded */
-    if (ret->filename != NULL) {
-        DSOerr(DSO_F_DSO_LOAD, DSO_R_DSO_ALREADY_LOADED);
-        goto err;
-    }
-    /*
-     * filename can only be NULL if we were passed a dso that already has one
-     * set.
-     */
-    if (filename != NULL)
-        if (!DSO_set_filename(ret, filename)) {
-            DSOerr(DSO_F_DSO_LOAD, DSO_R_SET_FILENAME_FAILED);
-            goto err;
-        }
-    filename = ret->filename;
-    if (filename == NULL) {
-        DSOerr(DSO_F_DSO_LOAD, DSO_R_NO_FILENAME);
-        goto err;
-    }
-    if (ret->meth->dso_load == NULL) {
-        DSOerr(DSO_F_DSO_LOAD, DSO_R_UNSUPPORTED);
-        goto err;
-    }
-    if (!ret->meth->dso_load(ret)) {
-        DSOerr(DSO_F_DSO_LOAD, DSO_R_LOAD_FAILED);
-        goto err;
-    }
-    /* Load succeeded */
-    return (ret);
- err:
-    if (allocated)
-        DSO_free(ret);
-    return (NULL);
-}
-
-void *DSO_bind_var(DSO *dso, const char *symname)
-{
-    void *ret = NULL;
-
-    if ((dso == NULL) || (symname == NULL)) {
-        DSOerr(DSO_F_DSO_BIND_VAR, ERR_R_PASSED_NULL_PARAMETER);
-        return (NULL);
-    }
-    if (dso->meth->dso_bind_var == NULL) {
-        DSOerr(DSO_F_DSO_BIND_VAR, DSO_R_UNSUPPORTED);
-        return (NULL);
-    }
-    if ((ret = dso->meth->dso_bind_var(dso, symname)) == NULL) {
-        DSOerr(DSO_F_DSO_BIND_VAR, DSO_R_SYM_FAILURE);
-        return (NULL);
-    }
-    /* Success */
-    return (ret);
-}
-
-DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname)
-{
-    DSO_FUNC_TYPE ret = NULL;
-
-    if ((dso == NULL) || (symname == NULL)) {
-        DSOerr(DSO_F_DSO_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER);
-        return (NULL);
-    }
-    if (dso->meth->dso_bind_func == NULL) {
-        DSOerr(DSO_F_DSO_BIND_FUNC, DSO_R_UNSUPPORTED);
-        return (NULL);
-    }
-    if ((ret = dso->meth->dso_bind_func(dso, symname)) == NULL) {
-        DSOerr(DSO_F_DSO_BIND_FUNC, DSO_R_SYM_FAILURE);
-        return (NULL);
-    }
-    /* Success */
-    return (ret);
-}
-
-/*
- * I don't really like these *_ctrl functions very much to be perfectly
- * honest. For one thing, I think I have to return a negative value for any
- * error because possible DSO_ctrl() commands may return values such as
- * "size"s that can legitimately be zero (making the standard
- * "if (DSO_cmd(...))" form that works almost everywhere else fail at odd
- * times. I'd prefer "output" values to be passed by reference and the return
- * value as success/failure like usual ... but we conform when we must... :-)
- */
-long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg)
-{
-    if (dso == NULL) {
-        DSOerr(DSO_F_DSO_CTRL, ERR_R_PASSED_NULL_PARAMETER);
-        return (-1);
-    }
-    /*
-     * We should intercept certain generic commands and only pass control to
-     * the method-specific ctrl() function if it's something we don't handle.
-     */
-    switch (cmd) {
-    case DSO_CTRL_GET_FLAGS:
-        return dso->flags;
-    case DSO_CTRL_SET_FLAGS:
-        dso->flags = (int)larg;
-        return (0);
-    case DSO_CTRL_OR_FLAGS:
-        dso->flags |= (int)larg;
-        return (0);
-    default:
-        break;
-    }
-    if ((dso->meth == NULL) || (dso->meth->dso_ctrl == NULL)) {
-        DSOerr(DSO_F_DSO_CTRL, DSO_R_UNSUPPORTED);
-        return (-1);
-    }
-    return (dso->meth->dso_ctrl(dso, cmd, larg, parg));
-}
-
-int DSO_set_name_converter(DSO *dso, DSO_NAME_CONVERTER_FUNC cb,
-                           DSO_NAME_CONVERTER_FUNC *oldcb)
-{
-    if (dso == NULL) {
-        DSOerr(DSO_F_DSO_SET_NAME_CONVERTER, ERR_R_PASSED_NULL_PARAMETER);
-        return (0);
-    }
-    if (oldcb)
-        *oldcb = dso->name_converter;
-    dso->name_converter = cb;
-    return (1);
-}
-
-const char *DSO_get_filename(DSO *dso)
-{
-    if (dso == NULL) {
-        DSOerr(DSO_F_DSO_GET_FILENAME, ERR_R_PASSED_NULL_PARAMETER);
-        return (NULL);
-    }
-    return (dso->filename);
-}
-
-int DSO_set_filename(DSO *dso, const char *filename)
-{
-    char *copied;
-
-    if ((dso == NULL) || (filename == NULL)) {
-        DSOerr(DSO_F_DSO_SET_FILENAME, ERR_R_PASSED_NULL_PARAMETER);
-        return (0);
-    }
-    if (dso->loaded_filename) {
-        DSOerr(DSO_F_DSO_SET_FILENAME, DSO_R_DSO_ALREADY_LOADED);
-        return (0);
-    }
-    /* We'll duplicate filename */
-    copied = OPENSSL_malloc(strlen(filename) + 1);
-    if (copied == NULL) {
-        DSOerr(DSO_F_DSO_SET_FILENAME, ERR_R_MALLOC_FAILURE);
-        return (0);
-    }
-    BUF_strlcpy(copied, filename, strlen(filename) + 1);
-    if (dso->filename)
-        OPENSSL_free(dso->filename);
-    dso->filename = copied;
-    return (1);
-}
-
-char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2)
-{
-    char *result = NULL;
-
-    if (dso == NULL || filespec1 == NULL) {
-        DSOerr(DSO_F_DSO_MERGE, ERR_R_PASSED_NULL_PARAMETER);
-        return (NULL);
-    }
-    if ((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) {
-        if (dso->merger != NULL)
-            result = dso->merger(dso, filespec1, filespec2);
-        else if (dso->meth->dso_merger != NULL)
-            result = dso->meth->dso_merger(dso, filespec1, filespec2);
-    }
-    return (result);
-}
-
-char *DSO_convert_filename(DSO *dso, const char *filename)
-{
-    char *result = NULL;
-
-    if (dso == NULL) {
-        DSOerr(DSO_F_DSO_CONVERT_FILENAME, ERR_R_PASSED_NULL_PARAMETER);
-        return (NULL);
-    }
-    if (filename == NULL)
-        filename = dso->filename;
-    if (filename == NULL) {
-        DSOerr(DSO_F_DSO_CONVERT_FILENAME, DSO_R_NO_FILENAME);
-        return (NULL);
-    }
-    if ((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) {
-        if (dso->name_converter != NULL)
-            result = dso->name_converter(dso, filename);
-        else if (dso->meth->dso_name_converter != NULL)
-            result = dso->meth->dso_name_converter(dso, filename);
-    }
-    if (result == NULL) {
-        result = OPENSSL_malloc(strlen(filename) + 1);
-        if (result == NULL) {
-            DSOerr(DSO_F_DSO_CONVERT_FILENAME, ERR_R_MALLOC_FAILURE);
-            return (NULL);
-        }
-        BUF_strlcpy(result, filename, strlen(filename) + 1);
-    }
-    return (result);
-}
-
-const char *DSO_get_loaded_filename(DSO *dso)
-{
-    if (dso == NULL) {
-        DSOerr(DSO_F_DSO_GET_LOADED_FILENAME, ERR_R_PASSED_NULL_PARAMETER);
-        return (NULL);
-    }
-    return (dso->loaded_filename);
-}
-
-int DSO_pathbyaddr(void *addr, char *path, int sz)
-{
-    DSO_METHOD *meth = default_DSO_meth;
-    if (meth == NULL)
-        meth = DSO_METHOD_openssl();
-    if (meth->pathbyaddr == NULL) {
-        DSOerr(DSO_F_DSO_PATHBYADDR, DSO_R_UNSUPPORTED);
-        return -1;
-    }
-    return (*meth->pathbyaddr) (addr, path, sz);
-}
-
-void *DSO_global_lookup(const char *name)
-{
-    DSO_METHOD *meth = default_DSO_meth;
-    if (meth == NULL)
-        meth = DSO_METHOD_openssl();
-    if (meth->globallookup == NULL) {
-        DSOerr(DSO_F_DSO_GLOBAL_LOOKUP, DSO_R_UNSUPPORTED);
-        return NULL;
-    }
-    return (*meth->globallookup) (name);
-}
diff --git a/freebsd/crypto/openssl/crypto/dso/dso_locl.h b/freebsd/crypto/openssl/crypto/dso/dso_locl.h
new file mode 100644
index 00000000..14a0ccb7
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/dso/dso_locl.h
@@ -0,0 +1,107 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "internal/dso.h"
+#include "internal/dso_conf.h"
+#include "internal/refcount.h"
+
+/**********************************************************************/
+/* The low-level handle type used to refer to a loaded shared library */
+
+struct dso_st {
+    DSO_METHOD *meth;
+    /*
+     * Standard dlopen uses a (void *). Win32 uses a HANDLE. VMS doesn't use
+     * anything but will need to cache the filename for use in the dso_bind
+     * handler. All in all, let each method control its own destiny.
+     * "Handles" and such go in a STACK.
+     */
+    STACK_OF(void) *meth_data;
+    CRYPTO_REF_COUNT references;
+    int flags;
+    /*
+     * For use by applications etc ... use this for your bits'n'pieces, don't
+     * touch meth_data!
+     */
+    CRYPTO_EX_DATA ex_data;
+    /*
+     * If this callback function pointer is set to non-NULL, then it will be
+     * used in DSO_load() in place of meth->dso_name_converter. NB: This
+     * should normally set using DSO_set_name_converter().
+     */
+    DSO_NAME_CONVERTER_FUNC name_converter;
+    /*
+     * If this callback function pointer is set to non-NULL, then it will be
+     * used in DSO_load() in place of meth->dso_merger. NB: This should
+     * normally set using DSO_set_merger().
+     */
+    DSO_MERGER_FUNC merger;
+    /*
+     * This is populated with (a copy of) the platform-independent filename
+     * used for this DSO.
+     */
+    char *filename;
+    /*
+     * This is populated with (a copy of) the translated filename by which
+     * the DSO was actually loaded. It is NULL iff the DSO is not currently
+     * loaded. NB: This is here because the filename translation process may
+     * involve a callback being invoked more than once not only to convert to
+     * a platform-specific form, but also to try different filenames in the
+     * process of trying to perform a load. As such, this variable can be
+     * used to indicate (a) whether this DSO structure corresponds to a
+     * loaded library or not, and (b) the filename with which it was actually
+     * loaded.
+     */
+    char *loaded_filename;
+    CRYPTO_RWLOCK *lock;
+};
+
+struct dso_meth_st {
+    const char *name;
+    /*
+     * Loads a shared library, NB: new DSO_METHODs must ensure that a
+     * successful load populates the loaded_filename field, and likewise a
+     * successful unload OPENSSL_frees and NULLs it out.
+     */
+    int (*dso_load) (DSO *dso);
+    /* Unloads a shared library */
+    int (*dso_unload) (DSO *dso);
+    /*
+     * Binds a function - assumes a return type of DSO_FUNC_TYPE. This should
+     * be cast to the real function prototype by the caller. Platforms that
+     * don't have compatible representations for different prototypes (this
+     * is possible within ANSI C) are highly unlikely to have shared
+     * libraries at all, let alone a DSO_METHOD implemented for them.
+     */
+    DSO_FUNC_TYPE (*dso_bind_func) (DSO *dso, const char *symname);
+    /*
+     * The generic (yuck) "ctrl()" function. NB: Negative return values
+     * (rather than zero) indicate errors.
+     */
+    long (*dso_ctrl) (DSO *dso, int cmd, long larg, void *parg);
+    /*
+     * The default DSO_METHOD-specific function for converting filenames to a
+     * canonical native form.
+     */
+    DSO_NAME_CONVERTER_FUNC dso_name_converter;
+    /*
+     * The default DSO_METHOD-specific function for converting filenames to a
+     * canonical native form.
+     */
+    DSO_MERGER_FUNC dso_merger;
+    /* [De]Initialisation handlers. */
+    int (*init) (DSO *dso);
+    int (*finish) (DSO *dso);
+    /* Return pathname of the module containing location */
+    int (*pathbyaddr) (void *addr, char *path, int sz);
+    /* Perform global symbol lookup, i.e. among *all* modules */
+    void *(*globallookup) (const char *symname);
+};
diff --git a/freebsd/crypto/openssl/crypto/dso/dso_null.c b/freebsd/crypto/openssl/crypto/dso/dso_null.c
deleted file mode 100644
index a3941dc5..00000000
--- a/freebsd/crypto/openssl/crypto/dso/dso_null.c
+++ /dev/null
@@ -1,94 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* dso_null.c */
-/*
- * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/*
- * This "NULL" method is provided as the fallback for systems that have no
- * appropriate support for "shared-libraries".
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/dso.h>
-
-static DSO_METHOD dso_meth_null = {
-    "NULL shared library method",
-    NULL,                       /* load */
-    NULL,                       /* unload */
-    NULL,                       /* bind_var */
-    NULL,                       /* bind_func */
-/* For now, "unbind" doesn't exist */
-#if 0
-    NULL,                       /* unbind_var */
-    NULL,                       /* unbind_func */
-#endif
-    NULL,                       /* ctrl */
-    NULL,                       /* dso_name_converter */
-    NULL,                       /* dso_merger */
-    NULL,                       /* init */
-    NULL,                       /* finish */
-    NULL,                       /* pathbyaddr */
-    NULL                        /* globallookup */
-};
-
-DSO_METHOD *DSO_METHOD_null(void)
-{
-    return (&dso_meth_null);
-}
diff --git a/freebsd/crypto/openssl/crypto/dso/dso_openssl.c b/freebsd/crypto/openssl/crypto/dso/dso_openssl.c
deleted file mode 100644
index 834f9c7c..00000000
--- a/freebsd/crypto/openssl/crypto/dso/dso_openssl.c
+++ /dev/null
@@ -1,85 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* dso_openssl.c */
-/*
- * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/dso.h>
-
-/* We just pinch the method from an appropriate "default" method. */
-
-DSO_METHOD *DSO_METHOD_openssl(void)
-{
-#ifdef DEF_DSO_METHOD
-    return (DEF_DSO_METHOD());
-#elif defined(DSO_DLFCN)
-    return (DSO_METHOD_dlfcn());
-#elif defined(DSO_DL)
-    return (DSO_METHOD_dl());
-#elif defined(DSO_WIN32)
-    return (DSO_METHOD_win32());
-#elif defined(DSO_VMS)
-    return (DSO_METHOD_vms());
-#elif defined(DSO_BEOS)
-    return (DSO_METHOD_beos());
-#else
-    return (DSO_METHOD_null());
-#endif
-}
diff --git a/freebsd/crypto/openssl/crypto/ebcdic.c b/freebsd/crypto/openssl/crypto/ebcdic.c
index 9994389b..35b273f6 100644
--- a/freebsd/crypto/openssl/crypto/ebcdic.c
+++ b/freebsd/crypto/openssl/crypto/ebcdic.c
@@ -1,23 +1,100 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/ebcdic.c */
-
-#ifndef CHARSET_EBCDIC
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
 
 # include <openssl/e_os2.h>
-# if defined(PEDANTIC) || defined(__DECC) || defined(OPENSSL_SYS_MACOSX) || defined(__clang__)
-static void *dummy = &dummy;
-# endif
+#ifndef CHARSET_EBCDIC
+NON_EMPTY_TRANSLATION_UNIT
+#else
 
-#else                           /* CHARSET_EBCDIC */
+# include <openssl/ebcdic.h>
 
-# include "ebcdic.h"
-/*-
- *      Initial Port for  Apache-1.3     by <Martin.Kraemer@Mch.SNI.De>
- *      Adapted for       OpenSSL-0.9.4  by <Martin.Kraemer@Mch.SNI.De>
+# ifdef CHARSET_EBCDIC_TEST
+/*
+ * Here we're looking to test the EBCDIC code on an ASCII system so we don't do
+ * any translation in these tables at all.
  */
 
-# ifdef _OSD_POSIX
+/* The ebcdic-to-ascii table: */
+const unsigned char os_toascii[256] = {
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+    0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+    0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+    0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+    0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+    0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+    0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+    0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+    0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
+    0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+    0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
+    0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
+    0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+    0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
+    0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
+    0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
+    0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
+    0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
+    0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
+    0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
+    0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
+    0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
+    0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
+    0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
+    0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
+    0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
+    0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
+    0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
+    0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
+    0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+    0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
+};
+
+/* The ascii-to-ebcdic table: */
+const unsigned char os_toebcdic[256] = {
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+    0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+    0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+    0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+    0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+    0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+    0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+    0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+    0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
+    0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+    0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
+    0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
+    0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+    0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
+    0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
+    0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
+    0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
+    0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
+    0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
+    0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
+    0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
+    0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
+    0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
+    0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
+    0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
+    0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
+    0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
+    0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
+    0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
+    0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+    0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
+};
+
+# elif defined(_OSD_POSIX)
 /*
  * "BS2000 OSD" is a POSIX subsystem on a main frame. It is made by Siemens
  * AG, Germany, for their BS2000 mainframe machines. Within the POSIX
@@ -175,7 +252,7 @@ const unsigned char os_toebcdic[256] = {
  * systems. It is a modified version of the BS2000 table.
  *
  * Bijective EBCDIC (character set IBM-1047) to US-ASCII table: This table is
- * bijective - there are no ambigous or duplicate characters.
+ * bijective - there are no ambiguous or duplicate characters.
  */
 const unsigned char os_toascii[256] = {
     0x00, 0x01, 0x02, 0x03, 0x85, 0x09, 0x86, 0x7f, /* 00-0f: */
diff --git a/freebsd/crypto/openssl/crypto/ec/curve25519.c b/freebsd/crypto/openssl/crypto/ec/curve25519.c
new file mode 100644
index 00000000..d87e9e6e
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/ec/curve25519.c
@@ -0,0 +1,5459 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include "ec_lcl.h"
+#include <openssl/sha.h>
+
+#if defined(X25519_ASM) && (defined(__x86_64) || defined(__x86_64__) || \
+                            defined(_M_AMD64) || defined(_M_X64))
+
+# define BASE_2_64_IMPLEMENTED
+
+typedef uint64_t fe64[4];
+
+int x25519_fe64_eligible(void);
+
+/*
+ * Following subroutines perform corresponding operations modulo
+ * 2^256-38, i.e. double the curve modulus. However, inputs and
+ * outputs are permitted to be partially reduced, i.e. to remain
+ * in [0..2^256) range. It's all tied up in final fe64_tobytes
+ * that performs full reduction modulo 2^255-19.
+ *
+ * There are no reference C implementations for these.
+ */
+void x25519_fe64_mul(fe64 h, const fe64 f, const fe64 g);
+void x25519_fe64_sqr(fe64 h, const fe64 f);
+void x25519_fe64_mul121666(fe64 h, fe64 f);
+void x25519_fe64_add(fe64 h, const fe64 f, const fe64 g);
+void x25519_fe64_sub(fe64 h, const fe64 f, const fe64 g);
+void x25519_fe64_tobytes(uint8_t *s, const fe64 f);
+# define fe64_mul x25519_fe64_mul
+# define fe64_sqr x25519_fe64_sqr
+# define fe64_mul121666 x25519_fe64_mul121666
+# define fe64_add x25519_fe64_add
+# define fe64_sub x25519_fe64_sub
+# define fe64_tobytes x25519_fe64_tobytes
+
+static uint64_t load_8(const uint8_t *in)
+{
+    uint64_t result;
+
+    result = in[0];
+    result |= ((uint64_t)in[1]) << 8;
+    result |= ((uint64_t)in[2]) << 16;
+    result |= ((uint64_t)in[3]) << 24;
+    result |= ((uint64_t)in[4]) << 32;
+    result |= ((uint64_t)in[5]) << 40;
+    result |= ((uint64_t)in[6]) << 48;
+    result |= ((uint64_t)in[7]) << 56;
+
+    return result;
+}
+
+static void fe64_frombytes(fe64 h, const uint8_t *s)
+{
+    h[0] = load_8(s);
+    h[1] = load_8(s + 8);
+    h[2] = load_8(s + 16);
+    h[3] = load_8(s + 24) & 0x7fffffffffffffff;
+}
+
+static void fe64_0(fe64 h)
+{
+    h[0] = 0;
+    h[1] = 0;
+    h[2] = 0;
+    h[3] = 0;
+}
+
+static void fe64_1(fe64 h)
+{
+    h[0] = 1;
+    h[1] = 0;
+    h[2] = 0;
+    h[3] = 0;
+}
+
+static void fe64_copy(fe64 h, const fe64 f)
+{
+    h[0] = f[0];
+    h[1] = f[1];
+    h[2] = f[2];
+    h[3] = f[3];
+}
+
+static void fe64_cswap(fe64 f, fe64 g, unsigned int b)
+{
+    int i;
+    uint64_t mask = 0 - (uint64_t)b;
+
+    for (i = 0; i < 4; i++) {
+        uint64_t x = f[i] ^ g[i];
+        x &= mask;
+        f[i] ^= x;
+        g[i] ^= x;
+    }
+}
+
+static void fe64_invert(fe64 out, const fe64 z)
+{
+    fe64 t0;
+    fe64 t1;
+    fe64 t2;
+    fe64 t3;
+    int i;
+
+    /*
+     * Compute z ** -1 = z ** (2 ** 255 - 19 - 2) with the exponent as
+     * 2 ** 255 - 21 = (2 ** 5) * (2 ** 250 - 1) + 11.
+     */
+
+    /* t0 = z ** 2 */
+    fe64_sqr(t0, z);
+
+    /* t1 = t0 ** (2 ** 2) = z ** 8 */
+    fe64_sqr(t1, t0);
+    fe64_sqr(t1, t1);
+
+    /* t1 = z * t1 = z ** 9 */
+    fe64_mul(t1, z, t1);
+    /* t0 = t0 * t1 = z ** 11 -- stash t0 away for the end. */
+    fe64_mul(t0, t0, t1);
+
+    /* t2 = t0 ** 2 = z ** 22 */
+    fe64_sqr(t2, t0);
+
+    /* t1 = t1 * t2 = z ** (2 ** 5 - 1) */
+    fe64_mul(t1, t1, t2);
+
+    /* t2 = t1 ** (2 ** 5) = z ** ((2 ** 5) * (2 ** 5 - 1)) */
+    fe64_sqr(t2, t1);
+    for (i = 1; i < 5; ++i)
+        fe64_sqr(t2, t2);
+
+    /* t1 = t1 * t2 = z ** ((2 ** 5 + 1) * (2 ** 5 - 1)) = z ** (2 ** 10 - 1) */
+    fe64_mul(t1, t2, t1);
+
+    /* Continuing similarly... */
+
+    /* t2 = z ** (2 ** 20 - 1) */
+    fe64_sqr(t2, t1);
+    for (i = 1; i < 10; ++i)
+        fe64_sqr(t2, t2);
+
+    fe64_mul(t2, t2, t1);
+
+    /* t2 = z ** (2 ** 40 - 1) */
+    fe64_sqr(t3, t2);
+    for (i = 1; i < 20; ++i)
+        fe64_sqr(t3, t3);
+
+    fe64_mul(t2, t3, t2);
+
+    /* t2 = z ** (2 ** 10) * (2 ** 40 - 1) */
+    for (i = 0; i < 10; ++i)
+        fe64_sqr(t2, t2);
+
+    /* t1 = z ** (2 ** 50 - 1) */
+    fe64_mul(t1, t2, t1);
+
+    /* t2 = z ** (2 ** 100 - 1) */
+    fe64_sqr(t2, t1);
+    for (i = 1; i < 50; ++i)
+        fe64_sqr(t2, t2);
+
+    fe64_mul(t2, t2, t1);
+
+    /* t2 = z ** (2 ** 200 - 1) */
+    fe64_sqr(t3, t2);
+    for (i = 1; i < 100; ++i)
+        fe64_sqr(t3, t3);
+
+    fe64_mul(t2, t3, t2);
+
+    /* t2 = z ** ((2 ** 50) * (2 ** 200 - 1) */
+    for (i = 0; i < 50; ++i)
+        fe64_sqr(t2, t2);
+
+    /* t1 = z ** (2 ** 250 - 1) */
+    fe64_mul(t1, t2, t1);
+
+    /* t1 = z ** ((2 ** 5) * (2 ** 250 - 1)) */
+    for (i = 0; i < 5; ++i)
+        fe64_sqr(t1, t1);
+
+    /* Recall t0 = z ** 11; out = z ** (2 ** 255 - 21) */
+    fe64_mul(out, t1, t0);
+}
+
+/*
+ * Duplicate of original x25519_scalar_mult_generic, but using
+ * fe64_* subroutines.
+ */
+static void x25519_scalar_mulx(uint8_t out[32], const uint8_t scalar[32],
+                               const uint8_t point[32])
+{
+    fe64 x1, x2, z2, x3, z3, tmp0, tmp1;
+    uint8_t e[32];
+    unsigned swap = 0;
+    int pos;
+
+    memcpy(e, scalar, 32);
+    e[0]  &= 0xf8;
+    e[31] &= 0x7f;
+    e[31] |= 0x40;
+    fe64_frombytes(x1, point);
+    fe64_1(x2);
+    fe64_0(z2);
+    fe64_copy(x3, x1);
+    fe64_1(z3);
+
+    for (pos = 254; pos >= 0; --pos) {
+        unsigned int b = 1 & (e[pos / 8] >> (pos & 7));
+
+        swap ^= b;
+        fe64_cswap(x2, x3, swap);
+        fe64_cswap(z2, z3, swap);
+        swap = b;
+        fe64_sub(tmp0, x3, z3);
+        fe64_sub(tmp1, x2, z2);
+        fe64_add(x2, x2, z2);
+        fe64_add(z2, x3, z3);
+        fe64_mul(z3, x2, tmp0);
+        fe64_mul(z2, z2, tmp1);
+        fe64_sqr(tmp0, tmp1);
+        fe64_sqr(tmp1, x2);
+        fe64_add(x3, z3, z2);
+        fe64_sub(z2, z3, z2);
+        fe64_mul(x2, tmp1, tmp0);
+        fe64_sub(tmp1, tmp1, tmp0);
+        fe64_sqr(z2, z2);
+        fe64_mul121666(z3, tmp1);
+        fe64_sqr(x3, x3);
+        fe64_add(tmp0, tmp0, z3);
+        fe64_mul(z3, x1, z2);
+        fe64_mul(z2, tmp1, tmp0);
+    }
+
+    fe64_invert(z2, z2);
+    fe64_mul(x2, x2, z2);
+    fe64_tobytes(out, x2);
+
+    OPENSSL_cleanse(e, sizeof(e));
+}
+#endif
+
+#if defined(X25519_ASM) \
+    || ( (defined(__SIZEOF_INT128__) && __SIZEOF_INT128__ == 16) \
+         && !defined(__sparc__) \
+         && !(defined(__ANDROID__) && !defined(__clang__)) )
+/*
+ * Base 2^51 implementation. It's virtually no different from reference
+ * base 2^25.5 implementation in respect to lax boundary conditions for
+ * intermediate values and even individual limbs. So that whatever you
+ * know about the reference, applies even here...
+ */
+# define BASE_2_51_IMPLEMENTED
+
+typedef uint64_t fe51[5];
+
+static const uint64_t MASK51 = 0x7ffffffffffff;
+
+static uint64_t load_7(const uint8_t *in)
+{
+    uint64_t result;
+
+    result = in[0];
+    result |= ((uint64_t)in[1]) << 8;
+    result |= ((uint64_t)in[2]) << 16;
+    result |= ((uint64_t)in[3]) << 24;
+    result |= ((uint64_t)in[4]) << 32;
+    result |= ((uint64_t)in[5]) << 40;
+    result |= ((uint64_t)in[6]) << 48;
+
+    return result;
+}
+
+static uint64_t load_6(const uint8_t *in)
+{
+    uint64_t result;
+
+    result = in[0];
+    result |= ((uint64_t)in[1]) << 8;
+    result |= ((uint64_t)in[2]) << 16;
+    result |= ((uint64_t)in[3]) << 24;
+    result |= ((uint64_t)in[4]) << 32;
+    result |= ((uint64_t)in[5]) << 40;
+
+    return result;
+}
+
+static void fe51_frombytes(fe51 h, const uint8_t *s)
+{
+    uint64_t h0 = load_7(s);                                /* 56 bits */
+    uint64_t h1 = load_6(s + 7) << 5;                       /* 53 bits */
+    uint64_t h2 = load_7(s + 13) << 2;                      /* 58 bits */
+    uint64_t h3 = load_6(s + 20) << 7;                      /* 55 bits */
+    uint64_t h4 = (load_6(s + 26) & 0x7fffffffffff) << 4;   /* 51 bits */
+
+    h1 |= h0 >> 51; h0 &= MASK51;
+    h2 |= h1 >> 51; h1 &= MASK51;
+    h3 |= h2 >> 51; h2 &= MASK51;
+    h4 |= h3 >> 51; h3 &= MASK51;
+
+    h[0] = h0;
+    h[1] = h1;
+    h[2] = h2;
+    h[3] = h3;
+    h[4] = h4;
+}
+
+static void fe51_tobytes(uint8_t *s, const fe51 h)
+{
+    uint64_t h0 = h[0];
+    uint64_t h1 = h[1];
+    uint64_t h2 = h[2];
+    uint64_t h3 = h[3];
+    uint64_t h4 = h[4];
+    uint64_t q;
+
+    /* compare to modulus */
+    q = (h0 + 19) >> 51;
+    q = (h1 + q) >> 51;
+    q = (h2 + q) >> 51;
+    q = (h3 + q) >> 51;
+    q = (h4 + q) >> 51;
+
+    /* full reduce */
+    h0 += 19 * q;
+    h1 += h0 >> 51; h0 &= MASK51;
+    h2 += h1 >> 51; h1 &= MASK51;
+    h3 += h2 >> 51; h2 &= MASK51;
+    h4 += h3 >> 51; h3 &= MASK51;
+                    h4 &= MASK51;
+
+    /* smash */
+    s[0] = (uint8_t)(h0 >> 0);
+    s[1] = (uint8_t)(h0 >> 8);
+    s[2] = (uint8_t)(h0 >> 16);
+    s[3] = (uint8_t)(h0 >> 24);
+    s[4] = (uint8_t)(h0 >> 32);
+    s[5] = (uint8_t)(h0 >> 40);
+    s[6] = (uint8_t)((h0 >> 48) | ((uint32_t)h1 << 3));
+    s[7] = (uint8_t)(h1 >> 5);
+    s[8] = (uint8_t)(h1 >> 13);
+    s[9] = (uint8_t)(h1 >> 21);
+    s[10] = (uint8_t)(h1 >> 29);
+    s[11] = (uint8_t)(h1 >> 37);
+    s[12] = (uint8_t)((h1 >> 45) | ((uint32_t)h2 << 6));
+    s[13] = (uint8_t)(h2 >> 2);
+    s[14] = (uint8_t)(h2 >> 10);
+    s[15] = (uint8_t)(h2 >> 18);
+    s[16] = (uint8_t)(h2 >> 26);
+    s[17] = (uint8_t)(h2 >> 34);
+    s[18] = (uint8_t)(h2 >> 42);
+    s[19] = (uint8_t)((h2 >> 50) | ((uint32_t)h3 << 1));
+    s[20] = (uint8_t)(h3 >> 7);
+    s[21] = (uint8_t)(h3 >> 15);
+    s[22] = (uint8_t)(h3 >> 23);
+    s[23] = (uint8_t)(h3 >> 31);
+    s[24] = (uint8_t)(h3 >> 39);
+    s[25] = (uint8_t)((h3 >> 47) | ((uint32_t)h4 << 4));
+    s[26] = (uint8_t)(h4 >> 4);
+    s[27] = (uint8_t)(h4 >> 12);
+    s[28] = (uint8_t)(h4 >> 20);
+    s[29] = (uint8_t)(h4 >> 28);
+    s[30] = (uint8_t)(h4 >> 36);
+    s[31] = (uint8_t)(h4 >> 44);
+}
+
+# if defined(X25519_ASM)
+void x25519_fe51_mul(fe51 h, const fe51 f, const fe51 g);
+void x25519_fe51_sqr(fe51 h, const fe51 f);
+void x25519_fe51_mul121666(fe51 h, fe51 f);
+#  define fe51_mul x25519_fe51_mul
+#  define fe51_sq  x25519_fe51_sqr
+#  define fe51_mul121666 x25519_fe51_mul121666
+# else
+
+typedef __uint128_t u128;
+
+static void fe51_mul(fe51 h, const fe51 f, const fe51 g)
+{
+    u128 h0, h1, h2, h3, h4;
+    uint64_t f_i, g0, g1, g2, g3, g4;
+
+    f_i = f[0];
+    h0 = (u128)f_i * (g0 = g[0]);
+    h1 = (u128)f_i * (g1 = g[1]);
+    h2 = (u128)f_i * (g2 = g[2]);
+    h3 = (u128)f_i * (g3 = g[3]);
+    h4 = (u128)f_i * (g4 = g[4]);
+
+    f_i = f[1];
+    h0 += (u128)f_i * (g4 *= 19);
+    h1 += (u128)f_i * g0;
+    h2 += (u128)f_i * g1;
+    h3 += (u128)f_i * g2;
+    h4 += (u128)f_i * g3;
+
+    f_i = f[2];
+    h0 += (u128)f_i * (g3 *= 19);
+    h1 += (u128)f_i * g4;
+    h2 += (u128)f_i * g0;
+    h3 += (u128)f_i * g1;
+    h4 += (u128)f_i * g2;
+
+    f_i = f[3];
+    h0 += (u128)f_i * (g2 *= 19);
+    h1 += (u128)f_i * g3;
+    h2 += (u128)f_i * g4;
+    h3 += (u128)f_i * g0;
+    h4 += (u128)f_i * g1;
+
+    f_i = f[4];
+    h0 += (u128)f_i * (g1 *= 19);
+    h1 += (u128)f_i * g2;
+    h2 += (u128)f_i * g3;
+    h3 += (u128)f_i * g4;
+    h4 += (u128)f_i * g0;
+
+    /* partial [lazy] reduction */
+    h3 += (uint64_t)(h2 >> 51); g2 = (uint64_t)h2 & MASK51;
+    h1 += (uint64_t)(h0 >> 51); g0 = (uint64_t)h0 & MASK51;
+
+    h4 += (uint64_t)(h3 >> 51); g3 = (uint64_t)h3 & MASK51;
+    g2 += (uint64_t)(h1 >> 51); g1 = (uint64_t)h1 & MASK51;
+
+    g0 += (uint64_t)(h4 >> 51) * 19; g4 = (uint64_t)h4 & MASK51;
+    g3 += g2 >> 51; g2 &= MASK51;
+    g1 += g0 >> 51; g0 &= MASK51;
+
+    h[0] = g0;
+    h[1] = g1;
+    h[2] = g2;
+    h[3] = g3;
+    h[4] = g4;
+}
+
+static void fe51_sq(fe51 h, const fe51 f)
+{
+#  if defined(OPENSSL_SMALL_FOOTPRINT)
+    fe51_mul(h, f, f);
+#  else
+    /* dedicated squaring gives 16-25% overall improvement */
+    uint64_t g0 = f[0];
+    uint64_t g1 = f[1];
+    uint64_t g2 = f[2];
+    uint64_t g3 = f[3];
+    uint64_t g4 = f[4];
+    u128 h0, h1, h2, h3, h4;
+
+    h0 = (u128)g0 * g0;     g0 *= 2;
+    h1 = (u128)g0 * g1;
+    h2 = (u128)g0 * g2;
+    h3 = (u128)g0 * g3;
+    h4 = (u128)g0 * g4;
+
+    g0 = g4;                /* borrow g0 */
+    h3 += (u128)g0 * (g4 *= 19);
+
+    h2 += (u128)g1 * g1;    g1 *= 2;
+    h3 += (u128)g1 * g2;
+    h4 += (u128)g1 * g3;
+    h0 += (u128)g1 * g4;
+
+    g0 = g3;                /* borrow g0 */
+    h1 += (u128)g0 * (g3 *= 19);
+    h2 += (u128)(g0 * 2) * g4;
+
+    h4 += (u128)g2 * g2;    g2 *= 2;
+    h0 += (u128)g2 * g3;
+    h1 += (u128)g2 * g4;
+
+    /* partial [lazy] reduction */
+    h3 += (uint64_t)(h2 >> 51); g2 = (uint64_t)h2 & MASK51;
+    h1 += (uint64_t)(h0 >> 51); g0 = (uint64_t)h0 & MASK51;
+
+    h4 += (uint64_t)(h3 >> 51); g3 = (uint64_t)h3 & MASK51;
+    g2 += (uint64_t)(h1 >> 51); g1 = (uint64_t)h1 & MASK51;
+
+    g0 += (uint64_t)(h4 >> 51) * 19; g4 = (uint64_t)h4 & MASK51;
+    g3 += g2 >> 51; g2 &= MASK51;
+    g1 += g0 >> 51; g0 &= MASK51;
+
+    h[0] = g0;
+    h[1] = g1;
+    h[2] = g2;
+    h[3] = g3;
+    h[4] = g4;
+#  endif
+}
+
+static void fe51_mul121666(fe51 h, fe51 f)
+{
+    u128 h0 = f[0] * (u128)121666;
+    u128 h1 = f[1] * (u128)121666;
+    u128 h2 = f[2] * (u128)121666;
+    u128 h3 = f[3] * (u128)121666;
+    u128 h4 = f[4] * (u128)121666;
+    uint64_t g0, g1, g2, g3, g4;
+
+    h3 += (uint64_t)(h2 >> 51); g2 = (uint64_t)h2 & MASK51;
+    h1 += (uint64_t)(h0 >> 51); g0 = (uint64_t)h0 & MASK51;
+
+    h4 += (uint64_t)(h3 >> 51); g3 = (uint64_t)h3 & MASK51;
+    g2 += (uint64_t)(h1 >> 51); g1 = (uint64_t)h1 & MASK51;
+
+    g0 += (uint64_t)(h4 >> 51) * 19; g4 = (uint64_t)h4 & MASK51;
+    g3 += g2 >> 51; g2 &= MASK51;
+    g1 += g0 >> 51; g0 &= MASK51;
+
+    h[0] = g0;
+    h[1] = g1;
+    h[2] = g2;
+    h[3] = g3;
+    h[4] = g4;
+}
+# endif
+
+static void fe51_add(fe51 h, const fe51 f, const fe51 g)
+{
+    h[0] = f[0] + g[0];
+    h[1] = f[1] + g[1];
+    h[2] = f[2] + g[2];
+    h[3] = f[3] + g[3];
+    h[4] = f[4] + g[4];
+}
+
+static void fe51_sub(fe51 h, const fe51 f, const fe51 g)
+{
+    /*
+     * Add 2*modulus to ensure that result remains positive
+     * even if subtrahend is partially reduced.
+     */
+    h[0] = (f[0] + 0xfffffffffffda) - g[0];
+    h[1] = (f[1] + 0xffffffffffffe) - g[1];
+    h[2] = (f[2] + 0xffffffffffffe) - g[2];
+    h[3] = (f[3] + 0xffffffffffffe) - g[3];
+    h[4] = (f[4] + 0xffffffffffffe) - g[4];
+}
+
+static void fe51_0(fe51 h)
+{
+    h[0] = 0;
+    h[1] = 0;
+    h[2] = 0;
+    h[3] = 0;
+    h[4] = 0;
+}
+
+static void fe51_1(fe51 h)
+{
+    h[0] = 1;
+    h[1] = 0;
+    h[2] = 0;
+    h[3] = 0;
+    h[4] = 0;
+}
+
+static void fe51_copy(fe51 h, const fe51 f)
+{
+    h[0] = f[0];
+    h[1] = f[1];
+    h[2] = f[2];
+    h[3] = f[3];
+    h[4] = f[4];
+}
+
+static void fe51_cswap(fe51 f, fe51 g, unsigned int b)
+{
+    int i;
+    uint64_t mask = 0 - (uint64_t)b;
+
+    for (i = 0; i < 5; i++) {
+        int64_t x = f[i] ^ g[i];
+        x &= mask;
+        f[i] ^= x;
+        g[i] ^= x;
+    }
+}
+
+static void fe51_invert(fe51 out, const fe51 z)
+{
+    fe51 t0;
+    fe51 t1;
+    fe51 t2;
+    fe51 t3;
+    int i;
+
+    /*
+     * Compute z ** -1 = z ** (2 ** 255 - 19 - 2) with the exponent as
+     * 2 ** 255 - 21 = (2 ** 5) * (2 ** 250 - 1) + 11.
+     */
+
+    /* t0 = z ** 2 */
+    fe51_sq(t0, z);
+
+    /* t1 = t0 ** (2 ** 2) = z ** 8 */
+    fe51_sq(t1, t0);
+    fe51_sq(t1, t1);
+
+    /* t1 = z * t1 = z ** 9 */
+    fe51_mul(t1, z, t1);
+    /* t0 = t0 * t1 = z ** 11 -- stash t0 away for the end. */
+    fe51_mul(t0, t0, t1);
+
+    /* t2 = t0 ** 2 = z ** 22 */
+    fe51_sq(t2, t0);
+
+    /* t1 = t1 * t2 = z ** (2 ** 5 - 1) */
+    fe51_mul(t1, t1, t2);
+
+    /* t2 = t1 ** (2 ** 5) = z ** ((2 ** 5) * (2 ** 5 - 1)) */
+    fe51_sq(t2, t1);
+    for (i = 1; i < 5; ++i)
+        fe51_sq(t2, t2);
+
+    /* t1 = t1 * t2 = z ** ((2 ** 5 + 1) * (2 ** 5 - 1)) = z ** (2 ** 10 - 1) */
+    fe51_mul(t1, t2, t1);
+
+    /* Continuing similarly... */
+
+    /* t2 = z ** (2 ** 20 - 1) */
+    fe51_sq(t2, t1);
+    for (i = 1; i < 10; ++i)
+        fe51_sq(t2, t2);
+
+    fe51_mul(t2, t2, t1);
+
+    /* t2 = z ** (2 ** 40 - 1) */
+    fe51_sq(t3, t2);
+    for (i = 1; i < 20; ++i)
+        fe51_sq(t3, t3);
+
+    fe51_mul(t2, t3, t2);
+
+    /* t2 = z ** (2 ** 10) * (2 ** 40 - 1) */
+    for (i = 0; i < 10; ++i)
+        fe51_sq(t2, t2);
+
+    /* t1 = z ** (2 ** 50 - 1) */
+    fe51_mul(t1, t2, t1);
+
+    /* t2 = z ** (2 ** 100 - 1) */
+    fe51_sq(t2, t1);
+    for (i = 1; i < 50; ++i)
+        fe51_sq(t2, t2);
+
+    fe51_mul(t2, t2, t1);
+
+    /* t2 = z ** (2 ** 200 - 1) */
+    fe51_sq(t3, t2);
+    for (i = 1; i < 100; ++i)
+        fe51_sq(t3, t3);
+
+    fe51_mul(t2, t3, t2);
+
+    /* t2 = z ** ((2 ** 50) * (2 ** 200 - 1) */
+    for (i = 0; i < 50; ++i)
+        fe51_sq(t2, t2);
+
+    /* t1 = z ** (2 ** 250 - 1) */
+    fe51_mul(t1, t2, t1);
+
+    /* t1 = z ** ((2 ** 5) * (2 ** 250 - 1)) */
+    for (i = 0; i < 5; ++i)
+        fe51_sq(t1, t1);
+
+    /* Recall t0 = z ** 11; out = z ** (2 ** 255 - 21) */
+    fe51_mul(out, t1, t0);
+}
+
+/*
+ * Duplicate of original x25519_scalar_mult_generic, but using
+ * fe51_* subroutines.
+ */
+static void x25519_scalar_mult(uint8_t out[32], const uint8_t scalar[32],
+                               const uint8_t point[32])
+{
+    fe51 x1, x2, z2, x3, z3, tmp0, tmp1;
+    uint8_t e[32];
+    unsigned swap = 0;
+    int pos;
+
+# ifdef BASE_2_64_IMPLEMENTED
+    if (x25519_fe64_eligible()) {
+        x25519_scalar_mulx(out, scalar, point);
+        return;
+    }
+# endif
+
+    memcpy(e, scalar, 32);
+    e[0]  &= 0xf8;
+    e[31] &= 0x7f;
+    e[31] |= 0x40;
+    fe51_frombytes(x1, point);
+    fe51_1(x2);
+    fe51_0(z2);
+    fe51_copy(x3, x1);
+    fe51_1(z3);
+
+    for (pos = 254; pos >= 0; --pos) {
+        unsigned int b = 1 & (e[pos / 8] >> (pos & 7));
+
+        swap ^= b;
+        fe51_cswap(x2, x3, swap);
+        fe51_cswap(z2, z3, swap);
+        swap = b;
+        fe51_sub(tmp0, x3, z3);
+        fe51_sub(tmp1, x2, z2);
+        fe51_add(x2, x2, z2);
+        fe51_add(z2, x3, z3);
+        fe51_mul(z3, tmp0, x2);
+        fe51_mul(z2, z2, tmp1);
+        fe51_sq(tmp0, tmp1);
+        fe51_sq(tmp1, x2);
+        fe51_add(x3, z3, z2);
+        fe51_sub(z2, z3, z2);
+        fe51_mul(x2, tmp1, tmp0);
+        fe51_sub(tmp1, tmp1, tmp0);
+        fe51_sq(z2, z2);
+        fe51_mul121666(z3, tmp1);
+        fe51_sq(x3, x3);
+        fe51_add(tmp0, tmp0, z3);
+        fe51_mul(z3, x1, z2);
+        fe51_mul(z2, tmp1, tmp0);
+    }
+
+    fe51_invert(z2, z2);
+    fe51_mul(x2, x2, z2);
+    fe51_tobytes(out, x2);
+
+    OPENSSL_cleanse(e, sizeof(e));
+}
+#endif
+
+/*
+ * Reference base 2^25.5 implementation.
+ */
+/*
+ * This code is mostly taken from the ref10 version of Ed25519 in SUPERCOP
+ * 20141124 (http://bench.cr.yp.to/supercop.html).
+ *
+ * The field functions are shared by Ed25519 and X25519 where possible.
+ */
+
+/* fe means field element. Here the field is \Z/(2^255-19). An element t,
+ * entries t[0]...t[9], represents the integer t[0]+2^26 t[1]+2^51 t[2]+2^77
+ * t[3]+2^102 t[4]+...+2^230 t[9]. Bounds on each t[i] vary depending on
+ * context.  */
+typedef int32_t fe[10];
+
+static const int64_t kBottom25Bits = 0x1ffffffLL;
+static const int64_t kBottom26Bits = 0x3ffffffLL;
+static const int64_t kTop39Bits = 0xfffffffffe000000LL;
+static const int64_t kTop38Bits = 0xfffffffffc000000LL;
+
+static uint64_t load_3(const uint8_t *in) {
+  uint64_t result;
+  result = (uint64_t)in[0];
+  result |= ((uint64_t)in[1]) << 8;
+  result |= ((uint64_t)in[2]) << 16;
+  return result;
+}
+
+static uint64_t load_4(const uint8_t *in) {
+  uint64_t result;
+  result = (uint64_t)in[0];
+  result |= ((uint64_t)in[1]) << 8;
+  result |= ((uint64_t)in[2]) << 16;
+  result |= ((uint64_t)in[3]) << 24;
+  return result;
+}
+
+static void fe_frombytes(fe h, const uint8_t *s) {
+  /* Ignores top bit of h. */
+  int64_t h0 = load_4(s);
+  int64_t h1 = load_3(s + 4) << 6;
+  int64_t h2 = load_3(s + 7) << 5;
+  int64_t h3 = load_3(s + 10) << 3;
+  int64_t h4 = load_3(s + 13) << 2;
+  int64_t h5 = load_4(s + 16);
+  int64_t h6 = load_3(s + 20) << 7;
+  int64_t h7 = load_3(s + 23) << 5;
+  int64_t h8 = load_3(s + 26) << 4;
+  int64_t h9 = (load_3(s + 29) & 8388607) << 2;
+  int64_t carry0;
+  int64_t carry1;
+  int64_t carry2;
+  int64_t carry3;
+  int64_t carry4;
+  int64_t carry5;
+  int64_t carry6;
+  int64_t carry7;
+  int64_t carry8;
+  int64_t carry9;
+
+  carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits;
+  carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits;
+  carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits;
+  carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits;
+  carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits;
+
+  carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
+  carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits;
+  carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
+  carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits;
+  carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits;
+
+  h[0] = (int32_t)h0;
+  h[1] = (int32_t)h1;
+  h[2] = (int32_t)h2;
+  h[3] = (int32_t)h3;
+  h[4] = (int32_t)h4;
+  h[5] = (int32_t)h5;
+  h[6] = (int32_t)h6;
+  h[7] = (int32_t)h7;
+  h[8] = (int32_t)h8;
+  h[9] = (int32_t)h9;
+}
+
+/* Preconditions:
+ *  |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+ *
+ * Write p=2^255-19; q=floor(h/p).
+ * Basic claim: q = floor(2^(-255)(h + 19 2^(-25)h9 + 2^(-1))).
+ *
+ * Proof:
+ *   Have |h|<=p so |q|<=1 so |19^2 2^(-255) q|<1/4.
+ *   Also have |h-2^230 h9|<2^231 so |19 2^(-255)(h-2^230 h9)|<1/4.
+ *
+ *   Write y=2^(-1)-19^2 2^(-255)q-19 2^(-255)(h-2^230 h9).
+ *   Then 0<y<1.
+ *
+ *   Write r=h-pq.
+ *   Have 0<=r<=p-1=2^255-20.
+ *   Thus 0<=r+19(2^-255)r<r+19(2^-255)2^255<=2^255-1.
+ *
+ *   Write x=r+19(2^-255)r+y.
+ *   Then 0<x<2^255 so floor(2^(-255)x) = 0 so floor(q+2^(-255)x) = q.
+ *
+ *   Have q+2^(-255)x = 2^(-255)(h + 19 2^(-25) h9 + 2^(-1))
+ *   so floor(2^(-255)(h + 19 2^(-25) h9 + 2^(-1))) = q. */
+static void fe_tobytes(uint8_t *s, const fe h) {
+  int32_t h0 = h[0];
+  int32_t h1 = h[1];
+  int32_t h2 = h[2];
+  int32_t h3 = h[3];
+  int32_t h4 = h[4];
+  int32_t h5 = h[5];
+  int32_t h6 = h[6];
+  int32_t h7 = h[7];
+  int32_t h8 = h[8];
+  int32_t h9 = h[9];
+  int32_t q;
+
+  q = (19 * h9 + (((int32_t) 1) << 24)) >> 25;
+  q = (h0 + q) >> 26;
+  q = (h1 + q) >> 25;
+  q = (h2 + q) >> 26;
+  q = (h3 + q) >> 25;
+  q = (h4 + q) >> 26;
+  q = (h5 + q) >> 25;
+  q = (h6 + q) >> 26;
+  q = (h7 + q) >> 25;
+  q = (h8 + q) >> 26;
+  q = (h9 + q) >> 25;
+
+  /* Goal: Output h-(2^255-19)q, which is between 0 and 2^255-20. */
+  h0 += 19 * q;
+  /* Goal: Output h-2^255 q, which is between 0 and 2^255-20. */
+
+  h1 += h0 >> 26; h0 &= kBottom26Bits;
+  h2 += h1 >> 25; h1 &= kBottom25Bits;
+  h3 += h2 >> 26; h2 &= kBottom26Bits;
+  h4 += h3 >> 25; h3 &= kBottom25Bits;
+  h5 += h4 >> 26; h4 &= kBottom26Bits;
+  h6 += h5 >> 25; h5 &= kBottom25Bits;
+  h7 += h6 >> 26; h6 &= kBottom26Bits;
+  h8 += h7 >> 25; h7 &= kBottom25Bits;
+  h9 += h8 >> 26; h8 &= kBottom26Bits;
+                  h9 &= kBottom25Bits;
+                  /* h10 = carry9 */
+
+  /* Goal: Output h0+...+2^255 h10-2^255 q, which is between 0 and 2^255-20.
+   * Have h0+...+2^230 h9 between 0 and 2^255-1;
+   * evidently 2^255 h10-2^255 q = 0.
+   * Goal: Output h0+...+2^230 h9.  */
+
+  s[0] = (uint8_t)(h0 >> 0);
+  s[1] = (uint8_t)(h0 >> 8);
+  s[2] = (uint8_t)(h0 >> 16);
+  s[3] = (uint8_t)((h0 >> 24) | ((uint32_t)(h1) << 2));
+  s[4] = (uint8_t)(h1 >> 6);
+  s[5] = (uint8_t)(h1 >> 14);
+  s[6] = (uint8_t)((h1 >> 22) | ((uint32_t)(h2) << 3));
+  s[7] = (uint8_t)(h2 >> 5);
+  s[8] = (uint8_t)(h2 >> 13);
+  s[9] = (uint8_t)((h2 >> 21) | ((uint32_t)(h3) << 5));
+  s[10] = (uint8_t)(h3 >> 3);
+  s[11] = (uint8_t)(h3 >> 11);
+  s[12] = (uint8_t)((h3 >> 19) | ((uint32_t)(h4) << 6));
+  s[13] = (uint8_t)(h4 >> 2);
+  s[14] = (uint8_t)(h4 >> 10);
+  s[15] = (uint8_t)(h4 >> 18);
+  s[16] = (uint8_t)(h5 >> 0);
+  s[17] = (uint8_t)(h5 >> 8);
+  s[18] = (uint8_t)(h5 >> 16);
+  s[19] = (uint8_t)((h5 >> 24) | ((uint32_t)(h6) << 1));
+  s[20] = (uint8_t)(h6 >> 7);
+  s[21] = (uint8_t)(h6 >> 15);
+  s[22] = (uint8_t)((h6 >> 23) | ((uint32_t)(h7) << 3));
+  s[23] = (uint8_t)(h7 >> 5);
+  s[24] = (uint8_t)(h7 >> 13);
+  s[25] = (uint8_t)((h7 >> 21) | ((uint32_t)(h8) << 4));
+  s[26] = (uint8_t)(h8 >> 4);
+  s[27] = (uint8_t)(h8 >> 12);
+  s[28] = (uint8_t)((h8 >> 20) | ((uint32_t)(h9) << 6));
+  s[29] = (uint8_t)(h9 >> 2);
+  s[30] = (uint8_t)(h9 >> 10);
+  s[31] = (uint8_t)(h9 >> 18);
+}
+
+/* h = f */
+static void fe_copy(fe h, const fe f) {
+  memmove(h, f, sizeof(int32_t) * 10);
+}
+
+/* h = 0 */
+static void fe_0(fe h) { memset(h, 0, sizeof(int32_t) * 10); }
+
+/* h = 1 */
+static void fe_1(fe h) {
+  memset(h, 0, sizeof(int32_t) * 10);
+  h[0] = 1;
+}
+
+/* h = f + g
+ * Can overlap h with f or g.
+ *
+ * Preconditions:
+ *    |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+ *    |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+ *
+ * Postconditions:
+ *    |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. */
+static void fe_add(fe h, const fe f, const fe g) {
+  unsigned i;
+  for (i = 0; i < 10; i++) {
+    h[i] = f[i] + g[i];
+  }
+}
+
+/* h = f - g
+ * Can overlap h with f or g.
+ *
+ * Preconditions:
+ *    |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+ *    |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+ *
+ * Postconditions:
+ *    |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. */
+static void fe_sub(fe h, const fe f, const fe g) {
+  unsigned i;
+  for (i = 0; i < 10; i++) {
+    h[i] = f[i] - g[i];
+  }
+}
+
+/* h = f * g
+ * Can overlap h with f or g.
+ *
+ * Preconditions:
+ *    |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
+ *    |g| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
+ *
+ * Postconditions:
+ *    |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc.
+ *
+ * Notes on implementation strategy:
+ *
+ * Using schoolbook multiplication.
+ * Karatsuba would save a little in some cost models.
+ *
+ * Most multiplications by 2 and 19 are 32-bit precomputations;
+ * cheaper than 64-bit postcomputations.
+ *
+ * There is one remaining multiplication by 19 in the carry chain;
+ * one *19 precomputation can be merged into this,
+ * but the resulting data flow is considerably less clean.
+ *
+ * There are 12 carries below.
+ * 10 of them are 2-way parallelizable and vectorizable.
+ * Can get away with 11 carries, but then data flow is much deeper.
+ *
+ * With tighter constraints on inputs can squeeze carries into int32. */
+static void fe_mul(fe h, const fe f, const fe g) {
+  int32_t f0 = f[0];
+  int32_t f1 = f[1];
+  int32_t f2 = f[2];
+  int32_t f3 = f[3];
+  int32_t f4 = f[4];
+  int32_t f5 = f[5];
+  int32_t f6 = f[6];
+  int32_t f7 = f[7];
+  int32_t f8 = f[8];
+  int32_t f9 = f[9];
+  int32_t g0 = g[0];
+  int32_t g1 = g[1];
+  int32_t g2 = g[2];
+  int32_t g3 = g[3];
+  int32_t g4 = g[4];
+  int32_t g5 = g[5];
+  int32_t g6 = g[6];
+  int32_t g7 = g[7];
+  int32_t g8 = g[8];
+  int32_t g9 = g[9];
+  int32_t g1_19 = 19 * g1; /* 1.959375*2^29 */
+  int32_t g2_19 = 19 * g2; /* 1.959375*2^30; still ok */
+  int32_t g3_19 = 19 * g3;
+  int32_t g4_19 = 19 * g4;
+  int32_t g5_19 = 19 * g5;
+  int32_t g6_19 = 19 * g6;
+  int32_t g7_19 = 19 * g7;
+  int32_t g8_19 = 19 * g8;
+  int32_t g9_19 = 19 * g9;
+  int32_t f1_2 = 2 * f1;
+  int32_t f3_2 = 2 * f3;
+  int32_t f5_2 = 2 * f5;
+  int32_t f7_2 = 2 * f7;
+  int32_t f9_2 = 2 * f9;
+  int64_t f0g0    = f0   * (int64_t) g0;
+  int64_t f0g1    = f0   * (int64_t) g1;
+  int64_t f0g2    = f0   * (int64_t) g2;
+  int64_t f0g3    = f0   * (int64_t) g3;
+  int64_t f0g4    = f0   * (int64_t) g4;
+  int64_t f0g5    = f0   * (int64_t) g5;
+  int64_t f0g6    = f0   * (int64_t) g6;
+  int64_t f0g7    = f0   * (int64_t) g7;
+  int64_t f0g8    = f0   * (int64_t) g8;
+  int64_t f0g9    = f0   * (int64_t) g9;
+  int64_t f1g0    = f1   * (int64_t) g0;
+  int64_t f1g1_2  = f1_2 * (int64_t) g1;
+  int64_t f1g2    = f1   * (int64_t) g2;
+  int64_t f1g3_2  = f1_2 * (int64_t) g3;
+  int64_t f1g4    = f1   * (int64_t) g4;
+  int64_t f1g5_2  = f1_2 * (int64_t) g5;
+  int64_t f1g6    = f1   * (int64_t) g6;
+  int64_t f1g7_2  = f1_2 * (int64_t) g7;
+  int64_t f1g8    = f1   * (int64_t) g8;
+  int64_t f1g9_38 = f1_2 * (int64_t) g9_19;
+  int64_t f2g0    = f2   * (int64_t) g0;
+  int64_t f2g1    = f2   * (int64_t) g1;
+  int64_t f2g2    = f2   * (int64_t) g2;
+  int64_t f2g3    = f2   * (int64_t) g3;
+  int64_t f2g4    = f2   * (int64_t) g4;
+  int64_t f2g5    = f2   * (int64_t) g5;
+  int64_t f2g6    = f2   * (int64_t) g6;
+  int64_t f2g7    = f2   * (int64_t) g7;
+  int64_t f2g8_19 = f2   * (int64_t) g8_19;
+  int64_t f2g9_19 = f2   * (int64_t) g9_19;
+  int64_t f3g0    = f3   * (int64_t) g0;
+  int64_t f3g1_2  = f3_2 * (int64_t) g1;
+  int64_t f3g2    = f3   * (int64_t) g2;
+  int64_t f3g3_2  = f3_2 * (int64_t) g3;
+  int64_t f3g4    = f3   * (int64_t) g4;
+  int64_t f3g5_2  = f3_2 * (int64_t) g5;
+  int64_t f3g6    = f3   * (int64_t) g6;
+  int64_t f3g7_38 = f3_2 * (int64_t) g7_19;
+  int64_t f3g8_19 = f3   * (int64_t) g8_19;
+  int64_t f3g9_38 = f3_2 * (int64_t) g9_19;
+  int64_t f4g0    = f4   * (int64_t) g0;
+  int64_t f4g1    = f4   * (int64_t) g1;
+  int64_t f4g2    = f4   * (int64_t) g2;
+  int64_t f4g3    = f4   * (int64_t) g3;
+  int64_t f4g4    = f4   * (int64_t) g4;
+  int64_t f4g5    = f4   * (int64_t) g5;
+  int64_t f4g6_19 = f4   * (int64_t) g6_19;
+  int64_t f4g7_19 = f4   * (int64_t) g7_19;
+  int64_t f4g8_19 = f4   * (int64_t) g8_19;
+  int64_t f4g9_19 = f4   * (int64_t) g9_19;
+  int64_t f5g0    = f5   * (int64_t) g0;
+  int64_t f5g1_2  = f5_2 * (int64_t) g1;
+  int64_t f5g2    = f5   * (int64_t) g2;
+  int64_t f5g3_2  = f5_2 * (int64_t) g3;
+  int64_t f5g4    = f5   * (int64_t) g4;
+  int64_t f5g5_38 = f5_2 * (int64_t) g5_19;
+  int64_t f5g6_19 = f5   * (int64_t) g6_19;
+  int64_t f5g7_38 = f5_2 * (int64_t) g7_19;
+  int64_t f5g8_19 = f5   * (int64_t) g8_19;
+  int64_t f5g9_38 = f5_2 * (int64_t) g9_19;
+  int64_t f6g0    = f6   * (int64_t) g0;
+  int64_t f6g1    = f6   * (int64_t) g1;
+  int64_t f6g2    = f6   * (int64_t) g2;
+  int64_t f6g3    = f6   * (int64_t) g3;
+  int64_t f6g4_19 = f6   * (int64_t) g4_19;
+  int64_t f6g5_19 = f6   * (int64_t) g5_19;
+  int64_t f6g6_19 = f6   * (int64_t) g6_19;
+  int64_t f6g7_19 = f6   * (int64_t) g7_19;
+  int64_t f6g8_19 = f6   * (int64_t) g8_19;
+  int64_t f6g9_19 = f6   * (int64_t) g9_19;
+  int64_t f7g0    = f7   * (int64_t) g0;
+  int64_t f7g1_2  = f7_2 * (int64_t) g1;
+  int64_t f7g2    = f7   * (int64_t) g2;
+  int64_t f7g3_38 = f7_2 * (int64_t) g3_19;
+  int64_t f7g4_19 = f7   * (int64_t) g4_19;
+  int64_t f7g5_38 = f7_2 * (int64_t) g5_19;
+  int64_t f7g6_19 = f7   * (int64_t) g6_19;
+  int64_t f7g7_38 = f7_2 * (int64_t) g7_19;
+  int64_t f7g8_19 = f7   * (int64_t) g8_19;
+  int64_t f7g9_38 = f7_2 * (int64_t) g9_19;
+  int64_t f8g0    = f8   * (int64_t) g0;
+  int64_t f8g1    = f8   * (int64_t) g1;
+  int64_t f8g2_19 = f8   * (int64_t) g2_19;
+  int64_t f8g3_19 = f8   * (int64_t) g3_19;
+  int64_t f8g4_19 = f8   * (int64_t) g4_19;
+  int64_t f8g5_19 = f8   * (int64_t) g5_19;
+  int64_t f8g6_19 = f8   * (int64_t) g6_19;
+  int64_t f8g7_19 = f8   * (int64_t) g7_19;
+  int64_t f8g8_19 = f8   * (int64_t) g8_19;
+  int64_t f8g9_19 = f8   * (int64_t) g9_19;
+  int64_t f9g0    = f9   * (int64_t) g0;
+  int64_t f9g1_38 = f9_2 * (int64_t) g1_19;
+  int64_t f9g2_19 = f9   * (int64_t) g2_19;
+  int64_t f9g3_38 = f9_2 * (int64_t) g3_19;
+  int64_t f9g4_19 = f9   * (int64_t) g4_19;
+  int64_t f9g5_38 = f9_2 * (int64_t) g5_19;
+  int64_t f9g6_19 = f9   * (int64_t) g6_19;
+  int64_t f9g7_38 = f9_2 * (int64_t) g7_19;
+  int64_t f9g8_19 = f9   * (int64_t) g8_19;
+  int64_t f9g9_38 = f9_2 * (int64_t) g9_19;
+  int64_t h0 = f0g0+f1g9_38+f2g8_19+f3g7_38+f4g6_19+f5g5_38+f6g4_19+f7g3_38+f8g2_19+f9g1_38;
+  int64_t h1 = f0g1+f1g0   +f2g9_19+f3g8_19+f4g7_19+f5g6_19+f6g5_19+f7g4_19+f8g3_19+f9g2_19;
+  int64_t h2 = f0g2+f1g1_2 +f2g0   +f3g9_38+f4g8_19+f5g7_38+f6g6_19+f7g5_38+f8g4_19+f9g3_38;
+  int64_t h3 = f0g3+f1g2   +f2g1   +f3g0   +f4g9_19+f5g8_19+f6g7_19+f7g6_19+f8g5_19+f9g4_19;
+  int64_t h4 = f0g4+f1g3_2 +f2g2   +f3g1_2 +f4g0   +f5g9_38+f6g8_19+f7g7_38+f8g6_19+f9g5_38;
+  int64_t h5 = f0g5+f1g4   +f2g3   +f3g2   +f4g1   +f5g0   +f6g9_19+f7g8_19+f8g7_19+f9g6_19;
+  int64_t h6 = f0g6+f1g5_2 +f2g4   +f3g3_2 +f4g2   +f5g1_2 +f6g0   +f7g9_38+f8g8_19+f9g7_38;
+  int64_t h7 = f0g7+f1g6   +f2g5   +f3g4   +f4g3   +f5g2   +f6g1   +f7g0   +f8g9_19+f9g8_19;
+  int64_t h8 = f0g8+f1g7_2 +f2g6   +f3g5_2 +f4g4   +f5g3_2 +f6g2   +f7g1_2 +f8g0   +f9g9_38;
+  int64_t h9 = f0g9+f1g8   +f2g7   +f3g6   +f4g5   +f5g4   +f6g3   +f7g2   +f8g1   +f9g0   ;
+  int64_t carry0;
+  int64_t carry1;
+  int64_t carry2;
+  int64_t carry3;
+  int64_t carry4;
+  int64_t carry5;
+  int64_t carry6;
+  int64_t carry7;
+  int64_t carry8;
+  int64_t carry9;
+
+  /* |h0| <= (1.65*1.65*2^52*(1+19+19+19+19)+1.65*1.65*2^50*(38+38+38+38+38))
+   *   i.e. |h0| <= 1.4*2^60; narrower ranges for h2, h4, h6, h8
+   * |h1| <= (1.65*1.65*2^51*(1+1+19+19+19+19+19+19+19+19))
+   *   i.e. |h1| <= 1.7*2^59; narrower ranges for h3, h5, h7, h9 */
+
+  carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
+  carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
+  /* |h0| <= 2^25 */
+  /* |h4| <= 2^25 */
+  /* |h1| <= 1.71*2^59 */
+  /* |h5| <= 1.71*2^59 */
+
+  carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits;
+  carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits;
+  /* |h1| <= 2^24; from now on fits into int32 */
+  /* |h5| <= 2^24; from now on fits into int32 */
+  /* |h2| <= 1.41*2^60 */
+  /* |h6| <= 1.41*2^60 */
+
+  carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits;
+  carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits;
+  /* |h2| <= 2^25; from now on fits into int32 unchanged */
+  /* |h6| <= 2^25; from now on fits into int32 unchanged */
+  /* |h3| <= 1.71*2^59 */
+  /* |h7| <= 1.71*2^59 */
+
+  carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits;
+  carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits;
+  /* |h3| <= 2^24; from now on fits into int32 unchanged */
+  /* |h7| <= 2^24; from now on fits into int32 unchanged */
+  /* |h4| <= 1.72*2^34 */
+  /* |h8| <= 1.41*2^60 */
+
+  carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
+  carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits;
+  /* |h4| <= 2^25; from now on fits into int32 unchanged */
+  /* |h8| <= 2^25; from now on fits into int32 unchanged */
+  /* |h5| <= 1.01*2^24 */
+  /* |h9| <= 1.71*2^59 */
+
+  carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits;
+  /* |h9| <= 2^24; from now on fits into int32 unchanged */
+  /* |h0| <= 1.1*2^39 */
+
+  carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
+  /* |h0| <= 2^25; from now on fits into int32 unchanged */
+  /* |h1| <= 1.01*2^24 */
+
+  h[0] = (int32_t)h0;
+  h[1] = (int32_t)h1;
+  h[2] = (int32_t)h2;
+  h[3] = (int32_t)h3;
+  h[4] = (int32_t)h4;
+  h[5] = (int32_t)h5;
+  h[6] = (int32_t)h6;
+  h[7] = (int32_t)h7;
+  h[8] = (int32_t)h8;
+  h[9] = (int32_t)h9;
+}
+
+/* h = f * f
+ * Can overlap h with f.
+ *
+ * Preconditions:
+ *    |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
+ *
+ * Postconditions:
+ *    |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc.
+ *
+ * See fe_mul.c for discussion of implementation strategy. */
+static void fe_sq(fe h, const fe f) {
+  int32_t f0 = f[0];
+  int32_t f1 = f[1];
+  int32_t f2 = f[2];
+  int32_t f3 = f[3];
+  int32_t f4 = f[4];
+  int32_t f5 = f[5];
+  int32_t f6 = f[6];
+  int32_t f7 = f[7];
+  int32_t f8 = f[8];
+  int32_t f9 = f[9];
+  int32_t f0_2 = 2 * f0;
+  int32_t f1_2 = 2 * f1;
+  int32_t f2_2 = 2 * f2;
+  int32_t f3_2 = 2 * f3;
+  int32_t f4_2 = 2 * f4;
+  int32_t f5_2 = 2 * f5;
+  int32_t f6_2 = 2 * f6;
+  int32_t f7_2 = 2 * f7;
+  int32_t f5_38 = 38 * f5; /* 1.959375*2^30 */
+  int32_t f6_19 = 19 * f6; /* 1.959375*2^30 */
+  int32_t f7_38 = 38 * f7; /* 1.959375*2^30 */
+  int32_t f8_19 = 19 * f8; /* 1.959375*2^30 */
+  int32_t f9_38 = 38 * f9; /* 1.959375*2^30 */
+  int64_t f0f0    = f0   * (int64_t) f0;
+  int64_t f0f1_2  = f0_2 * (int64_t) f1;
+  int64_t f0f2_2  = f0_2 * (int64_t) f2;
+  int64_t f0f3_2  = f0_2 * (int64_t) f3;
+  int64_t f0f4_2  = f0_2 * (int64_t) f4;
+  int64_t f0f5_2  = f0_2 * (int64_t) f5;
+  int64_t f0f6_2  = f0_2 * (int64_t) f6;
+  int64_t f0f7_2  = f0_2 * (int64_t) f7;
+  int64_t f0f8_2  = f0_2 * (int64_t) f8;
+  int64_t f0f9_2  = f0_2 * (int64_t) f9;
+  int64_t f1f1_2  = f1_2 * (int64_t) f1;
+  int64_t f1f2_2  = f1_2 * (int64_t) f2;
+  int64_t f1f3_4  = f1_2 * (int64_t) f3_2;
+  int64_t f1f4_2  = f1_2 * (int64_t) f4;
+  int64_t f1f5_4  = f1_2 * (int64_t) f5_2;
+  int64_t f1f6_2  = f1_2 * (int64_t) f6;
+  int64_t f1f7_4  = f1_2 * (int64_t) f7_2;
+  int64_t f1f8_2  = f1_2 * (int64_t) f8;
+  int64_t f1f9_76 = f1_2 * (int64_t) f9_38;
+  int64_t f2f2    = f2   * (int64_t) f2;
+  int64_t f2f3_2  = f2_2 * (int64_t) f3;
+  int64_t f2f4_2  = f2_2 * (int64_t) f4;
+  int64_t f2f5_2  = f2_2 * (int64_t) f5;
+  int64_t f2f6_2  = f2_2 * (int64_t) f6;
+  int64_t f2f7_2  = f2_2 * (int64_t) f7;
+  int64_t f2f8_38 = f2_2 * (int64_t) f8_19;
+  int64_t f2f9_38 = f2   * (int64_t) f9_38;
+  int64_t f3f3_2  = f3_2 * (int64_t) f3;
+  int64_t f3f4_2  = f3_2 * (int64_t) f4;
+  int64_t f3f5_4  = f3_2 * (int64_t) f5_2;
+  int64_t f3f6_2  = f3_2 * (int64_t) f6;
+  int64_t f3f7_76 = f3_2 * (int64_t) f7_38;
+  int64_t f3f8_38 = f3_2 * (int64_t) f8_19;
+  int64_t f3f9_76 = f3_2 * (int64_t) f9_38;
+  int64_t f4f4    = f4   * (int64_t) f4;
+  int64_t f4f5_2  = f4_2 * (int64_t) f5;
+  int64_t f4f6_38 = f4_2 * (int64_t) f6_19;
+  int64_t f4f7_38 = f4   * (int64_t) f7_38;
+  int64_t f4f8_38 = f4_2 * (int64_t) f8_19;
+  int64_t f4f9_38 = f4   * (int64_t) f9_38;
+  int64_t f5f5_38 = f5   * (int64_t) f5_38;
+  int64_t f5f6_38 = f5_2 * (int64_t) f6_19;
+  int64_t f5f7_76 = f5_2 * (int64_t) f7_38;
+  int64_t f5f8_38 = f5_2 * (int64_t) f8_19;
+  int64_t f5f9_76 = f5_2 * (int64_t) f9_38;
+  int64_t f6f6_19 = f6   * (int64_t) f6_19;
+  int64_t f6f7_38 = f6   * (int64_t) f7_38;
+  int64_t f6f8_38 = f6_2 * (int64_t) f8_19;
+  int64_t f6f9_38 = f6   * (int64_t) f9_38;
+  int64_t f7f7_38 = f7   * (int64_t) f7_38;
+  int64_t f7f8_38 = f7_2 * (int64_t) f8_19;
+  int64_t f7f9_76 = f7_2 * (int64_t) f9_38;
+  int64_t f8f8_19 = f8   * (int64_t) f8_19;
+  int64_t f8f9_38 = f8   * (int64_t) f9_38;
+  int64_t f9f9_38 = f9   * (int64_t) f9_38;
+  int64_t h0 = f0f0  +f1f9_76+f2f8_38+f3f7_76+f4f6_38+f5f5_38;
+  int64_t h1 = f0f1_2+f2f9_38+f3f8_38+f4f7_38+f5f6_38;
+  int64_t h2 = f0f2_2+f1f1_2 +f3f9_76+f4f8_38+f5f7_76+f6f6_19;
+  int64_t h3 = f0f3_2+f1f2_2 +f4f9_38+f5f8_38+f6f7_38;
+  int64_t h4 = f0f4_2+f1f3_4 +f2f2   +f5f9_76+f6f8_38+f7f7_38;
+  int64_t h5 = f0f5_2+f1f4_2 +f2f3_2 +f6f9_38+f7f8_38;
+  int64_t h6 = f0f6_2+f1f5_4 +f2f4_2 +f3f3_2 +f7f9_76+f8f8_19;
+  int64_t h7 = f0f7_2+f1f6_2 +f2f5_2 +f3f4_2 +f8f9_38;
+  int64_t h8 = f0f8_2+f1f7_4 +f2f6_2 +f3f5_4 +f4f4   +f9f9_38;
+  int64_t h9 = f0f9_2+f1f8_2 +f2f7_2 +f3f6_2 +f4f5_2;
+  int64_t carry0;
+  int64_t carry1;
+  int64_t carry2;
+  int64_t carry3;
+  int64_t carry4;
+  int64_t carry5;
+  int64_t carry6;
+  int64_t carry7;
+  int64_t carry8;
+  int64_t carry9;
+
+  carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
+  carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
+
+  carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits;
+  carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits;
+
+  carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits;
+  carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits;
+
+  carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits;
+  carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits;
+
+  carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
+  carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits;
+
+  carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits;
+
+  carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
+
+  h[0] = (int32_t)h0;
+  h[1] = (int32_t)h1;
+  h[2] = (int32_t)h2;
+  h[3] = (int32_t)h3;
+  h[4] = (int32_t)h4;
+  h[5] = (int32_t)h5;
+  h[6] = (int32_t)h6;
+  h[7] = (int32_t)h7;
+  h[8] = (int32_t)h8;
+  h[9] = (int32_t)h9;
+}
+
+static void fe_invert(fe out, const fe z) {
+  fe t0;
+  fe t1;
+  fe t2;
+  fe t3;
+  int i;
+
+  /*
+   * Compute z ** -1 = z ** (2 ** 255 - 19 - 2) with the exponent as
+   * 2 ** 255 - 21 = (2 ** 5) * (2 ** 250 - 1) + 11.
+   */
+
+  /* t0 = z ** 2 */
+  fe_sq(t0, z);
+
+  /* t1 = t0 ** (2 ** 2) = z ** 8 */
+  fe_sq(t1, t0);
+  fe_sq(t1, t1);
+
+  /* t1 = z * t1 = z ** 9 */
+  fe_mul(t1, z, t1);
+  /* t0 = t0 * t1 = z ** 11 -- stash t0 away for the end. */
+  fe_mul(t0, t0, t1);
+
+  /* t2 = t0 ** 2 = z ** 22 */
+  fe_sq(t2, t0);
+
+  /* t1 = t1 * t2 = z ** (2 ** 5 - 1) */
+  fe_mul(t1, t1, t2);
+
+  /* t2 = t1 ** (2 ** 5) = z ** ((2 ** 5) * (2 ** 5 - 1)) */
+  fe_sq(t2, t1);
+  for (i = 1; i < 5; ++i) {
+    fe_sq(t2, t2);
+  }
+
+  /* t1 = t1 * t2 = z ** ((2 ** 5 + 1) * (2 ** 5 - 1)) = z ** (2 ** 10 - 1) */
+  fe_mul(t1, t2, t1);
+
+  /* Continuing similarly... */
+
+  /* t2 = z ** (2 ** 20 - 1) */
+  fe_sq(t2, t1);
+  for (i = 1; i < 10; ++i) {
+    fe_sq(t2, t2);
+  }
+  fe_mul(t2, t2, t1);
+
+  /* t2 = z ** (2 ** 40 - 1) */
+  fe_sq(t3, t2);
+  for (i = 1; i < 20; ++i) {
+    fe_sq(t3, t3);
+  }
+  fe_mul(t2, t3, t2);
+
+  /* t2 = z ** (2 ** 10) * (2 ** 40 - 1) */
+  for (i = 0; i < 10; ++i) {
+    fe_sq(t2, t2);
+  }
+  /* t1 = z ** (2 ** 50 - 1) */
+  fe_mul(t1, t2, t1);
+
+  /* t2 = z ** (2 ** 100 - 1) */
+  fe_sq(t2, t1);
+  for (i = 1; i < 50; ++i) {
+    fe_sq(t2, t2);
+  }
+  fe_mul(t2, t2, t1);
+
+  /* t2 = z ** (2 ** 200 - 1) */
+  fe_sq(t3, t2);
+  for (i = 1; i < 100; ++i) {
+    fe_sq(t3, t3);
+  }
+  fe_mul(t2, t3, t2);
+
+  /* t2 = z ** ((2 ** 50) * (2 ** 200 - 1) */
+  fe_sq(t2, t2);
+  for (i = 1; i < 50; ++i) {
+    fe_sq(t2, t2);
+  }
+
+  /* t1 = z ** (2 ** 250 - 1) */
+  fe_mul(t1, t2, t1);
+
+  /* t1 = z ** ((2 ** 5) * (2 ** 250 - 1)) */
+  fe_sq(t1, t1);
+  for (i = 1; i < 5; ++i) {
+    fe_sq(t1, t1);
+  }
+
+  /* Recall t0 = z ** 11; out = z ** (2 ** 255 - 21) */
+  fe_mul(out, t1, t0);
+}
+
+/* h = -f
+ *
+ * Preconditions:
+ *    |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+ *
+ * Postconditions:
+ *    |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. */
+static void fe_neg(fe h, const fe f) {
+  unsigned i;
+  for (i = 0; i < 10; i++) {
+    h[i] = -f[i];
+  }
+}
+
+/* Replace (f,g) with (g,g) if b == 1;
+ * replace (f,g) with (f,g) if b == 0.
+ *
+ * Preconditions: b in {0,1}. */
+static void fe_cmov(fe f, const fe g, unsigned b) {
+  size_t i;
+  b = 0-b;
+  for (i = 0; i < 10; i++) {
+    int32_t x = f[i] ^ g[i];
+    x &= b;
+    f[i] ^= x;
+  }
+}
+
+/* return 0 if f == 0
+ * return 1 if f != 0
+ *
+ * Preconditions:
+ *    |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. */
+static int fe_isnonzero(const fe f) {
+  uint8_t s[32];
+  static const uint8_t zero[32] = {0};
+  fe_tobytes(s, f);
+
+  return CRYPTO_memcmp(s, zero, sizeof(zero)) != 0;
+}
+
+/* return 1 if f is in {1,3,5,...,q-2}
+ * return 0 if f is in {0,2,4,...,q-1}
+ *
+ * Preconditions:
+ *    |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. */
+static int fe_isnegative(const fe f) {
+  uint8_t s[32];
+  fe_tobytes(s, f);
+  return s[0] & 1;
+}
+
+/* h = 2 * f * f
+ * Can overlap h with f.
+ *
+ * Preconditions:
+ *    |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
+ *
+ * Postconditions:
+ *    |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc.
+ *
+ * See fe_mul.c for discussion of implementation strategy. */
+static void fe_sq2(fe h, const fe f) {
+  int32_t f0 = f[0];
+  int32_t f1 = f[1];
+  int32_t f2 = f[2];
+  int32_t f3 = f[3];
+  int32_t f4 = f[4];
+  int32_t f5 = f[5];
+  int32_t f6 = f[6];
+  int32_t f7 = f[7];
+  int32_t f8 = f[8];
+  int32_t f9 = f[9];
+  int32_t f0_2 = 2 * f0;
+  int32_t f1_2 = 2 * f1;
+  int32_t f2_2 = 2 * f2;
+  int32_t f3_2 = 2 * f3;
+  int32_t f4_2 = 2 * f4;
+  int32_t f5_2 = 2 * f5;
+  int32_t f6_2 = 2 * f6;
+  int32_t f7_2 = 2 * f7;
+  int32_t f5_38 = 38 * f5; /* 1.959375*2^30 */
+  int32_t f6_19 = 19 * f6; /* 1.959375*2^30 */
+  int32_t f7_38 = 38 * f7; /* 1.959375*2^30 */
+  int32_t f8_19 = 19 * f8; /* 1.959375*2^30 */
+  int32_t f9_38 = 38 * f9; /* 1.959375*2^30 */
+  int64_t f0f0    = f0   * (int64_t) f0;
+  int64_t f0f1_2  = f0_2 * (int64_t) f1;
+  int64_t f0f2_2  = f0_2 * (int64_t) f2;
+  int64_t f0f3_2  = f0_2 * (int64_t) f3;
+  int64_t f0f4_2  = f0_2 * (int64_t) f4;
+  int64_t f0f5_2  = f0_2 * (int64_t) f5;
+  int64_t f0f6_2  = f0_2 * (int64_t) f6;
+  int64_t f0f7_2  = f0_2 * (int64_t) f7;
+  int64_t f0f8_2  = f0_2 * (int64_t) f8;
+  int64_t f0f9_2  = f0_2 * (int64_t) f9;
+  int64_t f1f1_2  = f1_2 * (int64_t) f1;
+  int64_t f1f2_2  = f1_2 * (int64_t) f2;
+  int64_t f1f3_4  = f1_2 * (int64_t) f3_2;
+  int64_t f1f4_2  = f1_2 * (int64_t) f4;
+  int64_t f1f5_4  = f1_2 * (int64_t) f5_2;
+  int64_t f1f6_2  = f1_2 * (int64_t) f6;
+  int64_t f1f7_4  = f1_2 * (int64_t) f7_2;
+  int64_t f1f8_2  = f1_2 * (int64_t) f8;
+  int64_t f1f9_76 = f1_2 * (int64_t) f9_38;
+  int64_t f2f2    = f2   * (int64_t) f2;
+  int64_t f2f3_2  = f2_2 * (int64_t) f3;
+  int64_t f2f4_2  = f2_2 * (int64_t) f4;
+  int64_t f2f5_2  = f2_2 * (int64_t) f5;
+  int64_t f2f6_2  = f2_2 * (int64_t) f6;
+  int64_t f2f7_2  = f2_2 * (int64_t) f7;
+  int64_t f2f8_38 = f2_2 * (int64_t) f8_19;
+  int64_t f2f9_38 = f2   * (int64_t) f9_38;
+  int64_t f3f3_2  = f3_2 * (int64_t) f3;
+  int64_t f3f4_2  = f3_2 * (int64_t) f4;
+  int64_t f3f5_4  = f3_2 * (int64_t) f5_2;
+  int64_t f3f6_2  = f3_2 * (int64_t) f6;
+  int64_t f3f7_76 = f3_2 * (int64_t) f7_38;
+  int64_t f3f8_38 = f3_2 * (int64_t) f8_19;
+  int64_t f3f9_76 = f3_2 * (int64_t) f9_38;
+  int64_t f4f4    = f4   * (int64_t) f4;
+  int64_t f4f5_2  = f4_2 * (int64_t) f5;
+  int64_t f4f6_38 = f4_2 * (int64_t) f6_19;
+  int64_t f4f7_38 = f4   * (int64_t) f7_38;
+  int64_t f4f8_38 = f4_2 * (int64_t) f8_19;
+  int64_t f4f9_38 = f4   * (int64_t) f9_38;
+  int64_t f5f5_38 = f5   * (int64_t) f5_38;
+  int64_t f5f6_38 = f5_2 * (int64_t) f6_19;
+  int64_t f5f7_76 = f5_2 * (int64_t) f7_38;
+  int64_t f5f8_38 = f5_2 * (int64_t) f8_19;
+  int64_t f5f9_76 = f5_2 * (int64_t) f9_38;
+  int64_t f6f6_19 = f6   * (int64_t) f6_19;
+  int64_t f6f7_38 = f6   * (int64_t) f7_38;
+  int64_t f6f8_38 = f6_2 * (int64_t) f8_19;
+  int64_t f6f9_38 = f6   * (int64_t) f9_38;
+  int64_t f7f7_38 = f7   * (int64_t) f7_38;
+  int64_t f7f8_38 = f7_2 * (int64_t) f8_19;
+  int64_t f7f9_76 = f7_2 * (int64_t) f9_38;
+  int64_t f8f8_19 = f8   * (int64_t) f8_19;
+  int64_t f8f9_38 = f8   * (int64_t) f9_38;
+  int64_t f9f9_38 = f9   * (int64_t) f9_38;
+  int64_t h0 = f0f0  +f1f9_76+f2f8_38+f3f7_76+f4f6_38+f5f5_38;
+  int64_t h1 = f0f1_2+f2f9_38+f3f8_38+f4f7_38+f5f6_38;
+  int64_t h2 = f0f2_2+f1f1_2 +f3f9_76+f4f8_38+f5f7_76+f6f6_19;
+  int64_t h3 = f0f3_2+f1f2_2 +f4f9_38+f5f8_38+f6f7_38;
+  int64_t h4 = f0f4_2+f1f3_4 +f2f2   +f5f9_76+f6f8_38+f7f7_38;
+  int64_t h5 = f0f5_2+f1f4_2 +f2f3_2 +f6f9_38+f7f8_38;
+  int64_t h6 = f0f6_2+f1f5_4 +f2f4_2 +f3f3_2 +f7f9_76+f8f8_19;
+  int64_t h7 = f0f7_2+f1f6_2 +f2f5_2 +f3f4_2 +f8f9_38;
+  int64_t h8 = f0f8_2+f1f7_4 +f2f6_2 +f3f5_4 +f4f4   +f9f9_38;
+  int64_t h9 = f0f9_2+f1f8_2 +f2f7_2 +f3f6_2 +f4f5_2;
+  int64_t carry0;
+  int64_t carry1;
+  int64_t carry2;
+  int64_t carry3;
+  int64_t carry4;
+  int64_t carry5;
+  int64_t carry6;
+  int64_t carry7;
+  int64_t carry8;
+  int64_t carry9;
+
+  h0 += h0;
+  h1 += h1;
+  h2 += h2;
+  h3 += h3;
+  h4 += h4;
+  h5 += h5;
+  h6 += h6;
+  h7 += h7;
+  h8 += h8;
+  h9 += h9;
+
+  carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
+  carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
+
+  carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits;
+  carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits;
+
+  carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits;
+  carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits;
+
+  carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits;
+  carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits;
+
+  carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
+  carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits;
+
+  carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits;
+
+  carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
+
+  h[0] = (int32_t)h0;
+  h[1] = (int32_t)h1;
+  h[2] = (int32_t)h2;
+  h[3] = (int32_t)h3;
+  h[4] = (int32_t)h4;
+  h[5] = (int32_t)h5;
+  h[6] = (int32_t)h6;
+  h[7] = (int32_t)h7;
+  h[8] = (int32_t)h8;
+  h[9] = (int32_t)h9;
+}
+
+static void fe_pow22523(fe out, const fe z) {
+  fe t0;
+  fe t1;
+  fe t2;
+  int i;
+
+  fe_sq(t0, z);
+  fe_sq(t1, t0);
+  for (i = 1; i < 2; ++i) {
+    fe_sq(t1, t1);
+  }
+  fe_mul(t1, z, t1);
+  fe_mul(t0, t0, t1);
+  fe_sq(t0, t0);
+  fe_mul(t0, t1, t0);
+  fe_sq(t1, t0);
+  for (i = 1; i < 5; ++i) {
+    fe_sq(t1, t1);
+  }
+  fe_mul(t0, t1, t0);
+  fe_sq(t1, t0);
+  for (i = 1; i < 10; ++i) {
+    fe_sq(t1, t1);
+  }
+  fe_mul(t1, t1, t0);
+  fe_sq(t2, t1);
+  for (i = 1; i < 20; ++i) {
+    fe_sq(t2, t2);
+  }
+  fe_mul(t1, t2, t1);
+  fe_sq(t1, t1);
+  for (i = 1; i < 10; ++i) {
+    fe_sq(t1, t1);
+  }
+  fe_mul(t0, t1, t0);
+  fe_sq(t1, t0);
+  for (i = 1; i < 50; ++i) {
+    fe_sq(t1, t1);
+  }
+  fe_mul(t1, t1, t0);
+  fe_sq(t2, t1);
+  for (i = 1; i < 100; ++i) {
+    fe_sq(t2, t2);
+  }
+  fe_mul(t1, t2, t1);
+  fe_sq(t1, t1);
+  for (i = 1; i < 50; ++i) {
+    fe_sq(t1, t1);
+  }
+  fe_mul(t0, t1, t0);
+  fe_sq(t0, t0);
+  for (i = 1; i < 2; ++i) {
+    fe_sq(t0, t0);
+  }
+  fe_mul(out, t0, z);
+}
+
+/* ge means group element.
+
+ * Here the group is the set of pairs (x,y) of field elements (see fe.h)
+ * satisfying -x^2 + y^2 = 1 + d x^2y^2
+ * where d = -121665/121666.
+ *
+ * Representations:
+ *   ge_p2 (projective): (X:Y:Z) satisfying x=X/Z, y=Y/Z
+ *   ge_p3 (extended): (X:Y:Z:T) satisfying x=X/Z, y=Y/Z, XY=ZT
+ *   ge_p1p1 (completed): ((X:Z),(Y:T)) satisfying x=X/Z, y=Y/T
+ *   ge_precomp (Duif): (y+x,y-x,2dxy) */
+
+typedef struct {
+  fe X;
+  fe Y;
+  fe Z;
+} ge_p2;
+
+typedef struct {
+  fe X;
+  fe Y;
+  fe Z;
+  fe T;
+} ge_p3;
+
+typedef struct {
+  fe X;
+  fe Y;
+  fe Z;
+  fe T;
+} ge_p1p1;
+
+typedef struct {
+  fe yplusx;
+  fe yminusx;
+  fe xy2d;
+} ge_precomp;
+
+typedef struct {
+  fe YplusX;
+  fe YminusX;
+  fe Z;
+  fe T2d;
+} ge_cached;
+
+static void ge_tobytes(uint8_t *s, const ge_p2 *h) {
+  fe recip;
+  fe x;
+  fe y;
+
+  fe_invert(recip, h->Z);
+  fe_mul(x, h->X, recip);
+  fe_mul(y, h->Y, recip);
+  fe_tobytes(s, y);
+  s[31] ^= fe_isnegative(x) << 7;
+}
+
+static void ge_p3_tobytes(uint8_t *s, const ge_p3 *h) {
+  fe recip;
+  fe x;
+  fe y;
+
+  fe_invert(recip, h->Z);
+  fe_mul(x, h->X, recip);
+  fe_mul(y, h->Y, recip);
+  fe_tobytes(s, y);
+  s[31] ^= fe_isnegative(x) << 7;
+}
+
+static const fe d = {-10913610, 13857413, -15372611, 6949391,   114729,
+                     -8787816,  -6275908, -3247719,  -18696448, -12055116};
+
+static const fe sqrtm1 = {-32595792, -7943725,  9377950,  3500415, 12389472,
+                          -272473,   -25146209, -2005654, 326686,  11406482};
+
+static int ge_frombytes_vartime(ge_p3 *h, const uint8_t *s) {
+  fe u;
+  fe v;
+  fe v3;
+  fe vxx;
+  fe check;
+
+  fe_frombytes(h->Y, s);
+  fe_1(h->Z);
+  fe_sq(u, h->Y);
+  fe_mul(v, u, d);
+  fe_sub(u, u, h->Z); /* u = y^2-1 */
+  fe_add(v, v, h->Z); /* v = dy^2+1 */
+
+  fe_sq(v3, v);
+  fe_mul(v3, v3, v); /* v3 = v^3 */
+  fe_sq(h->X, v3);
+  fe_mul(h->X, h->X, v);
+  fe_mul(h->X, h->X, u); /* x = uv^7 */
+
+  fe_pow22523(h->X, h->X); /* x = (uv^7)^((q-5)/8) */
+  fe_mul(h->X, h->X, v3);
+  fe_mul(h->X, h->X, u); /* x = uv^3(uv^7)^((q-5)/8) */
+
+  fe_sq(vxx, h->X);
+  fe_mul(vxx, vxx, v);
+  fe_sub(check, vxx, u); /* vx^2-u */
+  if (fe_isnonzero(check)) {
+    fe_add(check, vxx, u); /* vx^2+u */
+    if (fe_isnonzero(check)) {
+      return -1;
+    }
+    fe_mul(h->X, h->X, sqrtm1);
+  }
+
+  if (fe_isnegative(h->X) != (s[31] >> 7)) {
+    fe_neg(h->X, h->X);
+  }
+
+  fe_mul(h->T, h->X, h->Y);
+  return 0;
+}
+
+static void ge_p2_0(ge_p2 *h) {
+  fe_0(h->X);
+  fe_1(h->Y);
+  fe_1(h->Z);
+}
+
+static void ge_p3_0(ge_p3 *h) {
+  fe_0(h->X);
+  fe_1(h->Y);
+  fe_1(h->Z);
+  fe_0(h->T);
+}
+
+static void ge_precomp_0(ge_precomp *h) {
+  fe_1(h->yplusx);
+  fe_1(h->yminusx);
+  fe_0(h->xy2d);
+}
+
+/* r = p */
+static void ge_p3_to_p2(ge_p2 *r, const ge_p3 *p) {
+  fe_copy(r->X, p->X);
+  fe_copy(r->Y, p->Y);
+  fe_copy(r->Z, p->Z);
+}
+
+static const fe d2 = {-21827239, -5839606,  -30745221, 13898782, 229458,
+                      15978800,  -12551817, -6495438,  29715968, 9444199};
+
+/* r = p */
+static void ge_p3_to_cached(ge_cached *r, const ge_p3 *p) {
+  fe_add(r->YplusX, p->Y, p->X);
+  fe_sub(r->YminusX, p->Y, p->X);
+  fe_copy(r->Z, p->Z);
+  fe_mul(r->T2d, p->T, d2);
+}
+
+/* r = p */
+static void ge_p1p1_to_p2(ge_p2 *r, const ge_p1p1 *p) {
+  fe_mul(r->X, p->X, p->T);
+  fe_mul(r->Y, p->Y, p->Z);
+  fe_mul(r->Z, p->Z, p->T);
+}
+
+/* r = p */
+static void ge_p1p1_to_p3(ge_p3 *r, const ge_p1p1 *p) {
+  fe_mul(r->X, p->X, p->T);
+  fe_mul(r->Y, p->Y, p->Z);
+  fe_mul(r->Z, p->Z, p->T);
+  fe_mul(r->T, p->X, p->Y);
+}
+
+/* r = 2 * p */
+static void ge_p2_dbl(ge_p1p1 *r, const ge_p2 *p) {
+  fe t0;
+
+  fe_sq(r->X, p->X);
+  fe_sq(r->Z, p->Y);
+  fe_sq2(r->T, p->Z);
+  fe_add(r->Y, p->X, p->Y);
+  fe_sq(t0, r->Y);
+  fe_add(r->Y, r->Z, r->X);
+  fe_sub(r->Z, r->Z, r->X);
+  fe_sub(r->X, t0, r->Y);
+  fe_sub(r->T, r->T, r->Z);
+}
+
+/* r = 2 * p */
+static void ge_p3_dbl(ge_p1p1 *r, const ge_p3 *p) {
+  ge_p2 q;
+  ge_p3_to_p2(&q, p);
+  ge_p2_dbl(r, &q);
+}
+
+/* r = p + q */
+static void ge_madd(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q) {
+  fe t0;
+
+  fe_add(r->X, p->Y, p->X);
+  fe_sub(r->Y, p->Y, p->X);
+  fe_mul(r->Z, r->X, q->yplusx);
+  fe_mul(r->Y, r->Y, q->yminusx);
+  fe_mul(r->T, q->xy2d, p->T);
+  fe_add(t0, p->Z, p->Z);
+  fe_sub(r->X, r->Z, r->Y);
+  fe_add(r->Y, r->Z, r->Y);
+  fe_add(r->Z, t0, r->T);
+  fe_sub(r->T, t0, r->T);
+}
+
+/* r = p - q */
+static void ge_msub(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q) {
+  fe t0;
+
+  fe_add(r->X, p->Y, p->X);
+  fe_sub(r->Y, p->Y, p->X);
+  fe_mul(r->Z, r->X, q->yminusx);
+  fe_mul(r->Y, r->Y, q->yplusx);
+  fe_mul(r->T, q->xy2d, p->T);
+  fe_add(t0, p->Z, p->Z);
+  fe_sub(r->X, r->Z, r->Y);
+  fe_add(r->Y, r->Z, r->Y);
+  fe_sub(r->Z, t0, r->T);
+  fe_add(r->T, t0, r->T);
+}
+
+/* r = p + q */
+static void ge_add(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q) {
+  fe t0;
+
+  fe_add(r->X, p->Y, p->X);
+  fe_sub(r->Y, p->Y, p->X);
+  fe_mul(r->Z, r->X, q->YplusX);
+  fe_mul(r->Y, r->Y, q->YminusX);
+  fe_mul(r->T, q->T2d, p->T);
+  fe_mul(r->X, p->Z, q->Z);
+  fe_add(t0, r->X, r->X);
+  fe_sub(r->X, r->Z, r->Y);
+  fe_add(r->Y, r->Z, r->Y);
+  fe_add(r->Z, t0, r->T);
+  fe_sub(r->T, t0, r->T);
+}
+
+/* r = p - q */
+static void ge_sub(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q) {
+  fe t0;
+
+  fe_add(r->X, p->Y, p->X);
+  fe_sub(r->Y, p->Y, p->X);
+  fe_mul(r->Z, r->X, q->YminusX);
+  fe_mul(r->Y, r->Y, q->YplusX);
+  fe_mul(r->T, q->T2d, p->T);
+  fe_mul(r->X, p->Z, q->Z);
+  fe_add(t0, r->X, r->X);
+  fe_sub(r->X, r->Z, r->Y);
+  fe_add(r->Y, r->Z, r->Y);
+  fe_sub(r->Z, t0, r->T);
+  fe_add(r->T, t0, r->T);
+}
+
+static uint8_t equal(signed char b, signed char c) {
+  uint8_t ub = b;
+  uint8_t uc = c;
+  uint8_t x = ub ^ uc; /* 0: yes; 1..255: no */
+  uint32_t y = x;      /* 0: yes; 1..255: no */
+  y -= 1;              /* 4294967295: yes; 0..254: no */
+  y >>= 31;            /* 1: yes; 0: no */
+  return y;
+}
+
+static void cmov(ge_precomp *t, const ge_precomp *u, uint8_t b) {
+  fe_cmov(t->yplusx, u->yplusx, b);
+  fe_cmov(t->yminusx, u->yminusx, b);
+  fe_cmov(t->xy2d, u->xy2d, b);
+}
+
+/* k25519Precomp[i][j] = (j+1)*256^i*B */
+static const ge_precomp k25519Precomp[32][8] = {
+    {
+        {
+            {25967493, -14356035, 29566456, 3660896, -12694345, 4014787,
+             27544626, -11754271, -6079156, 2047605},
+            {-12545711, 934262, -2722910, 3049990, -727428, 9406986, 12720692,
+             5043384, 19500929, -15469378},
+            {-8738181, 4489570, 9688441, -14785194, 10184609, -12363380,
+             29287919, 11864899, -24514362, -4438546},
+        },
+        {
+            {-12815894, -12976347, -21581243, 11784320, -25355658, -2750717,
+             -11717903, -3814571, -358445, -10211303},
+            {-21703237, 6903825, 27185491, 6451973, -29577724, -9554005,
+             -15616551, 11189268, -26829678, -5319081},
+            {26966642, 11152617, 32442495, 15396054, 14353839, -12752335,
+             -3128826, -9541118, -15472047, -4166697},
+        },
+        {
+            {15636291, -9688557, 24204773, -7912398, 616977, -16685262,
+             27787600, -14772189, 28944400, -1550024},
+            {16568933, 4717097, -11556148, -1102322, 15682896, -11807043,
+             16354577, -11775962, 7689662, 11199574},
+            {30464156, -5976125, -11779434, -15670865, 23220365, 15915852,
+             7512774, 10017326, -17749093, -9920357},
+        },
+        {
+            {-17036878, 13921892, 10945806, -6033431, 27105052, -16084379,
+             -28926210, 15006023, 3284568, -6276540},
+            {23599295, -8306047, -11193664, -7687416, 13236774, 10506355,
+             7464579, 9656445, 13059162, 10374397},
+            {7798556, 16710257, 3033922, 2874086, 28997861, 2835604, 32406664,
+             -3839045, -641708, -101325},
+        },
+        {
+            {10861363, 11473154, 27284546, 1981175, -30064349, 12577861,
+             32867885, 14515107, -15438304, 10819380},
+            {4708026, 6336745, 20377586, 9066809, -11272109, 6594696, -25653668,
+             12483688, -12668491, 5581306},
+            {19563160, 16186464, -29386857, 4097519, 10237984, -4348115,
+             28542350, 13850243, -23678021, -15815942},
+        },
+        {
+            {-15371964, -12862754, 32573250, 4720197, -26436522, 5875511,
+             -19188627, -15224819, -9818940, -12085777},
+            {-8549212, 109983, 15149363, 2178705, 22900618, 4543417, 3044240,
+             -15689887, 1762328, 14866737},
+            {-18199695, -15951423, -10473290, 1707278, -17185920, 3916101,
+             -28236412, 3959421, 27914454, 4383652},
+        },
+        {
+            {5153746, 9909285, 1723747, -2777874, 30523605, 5516873, 19480852,
+             5230134, -23952439, -15175766},
+            {-30269007, -3463509, 7665486, 10083793, 28475525, 1649722,
+             20654025, 16520125, 30598449, 7715701},
+            {28881845, 14381568, 9657904, 3680757, -20181635, 7843316,
+             -31400660, 1370708, 29794553, -1409300},
+        },
+        {
+            {14499471, -2729599, -33191113, -4254652, 28494862, 14271267,
+             30290735, 10876454, -33154098, 2381726},
+            {-7195431, -2655363, -14730155, 462251, -27724326, 3941372,
+             -6236617, 3696005, -32300832, 15351955},
+            {27431194, 8222322, 16448760, -3907995, -18707002, 11938355,
+             -32961401, -2970515, 29551813, 10109425},
+        },
+    },
+    {
+        {
+            {-13657040, -13155431, -31283750, 11777098, 21447386, 6519384,
+             -2378284, -1627556, 10092783, -4764171},
+            {27939166, 14210322, 4677035, 16277044, -22964462, -12398139,
+             -32508754, 12005538, -17810127, 12803510},
+            {17228999, -15661624, -1233527, 300140, -1224870, -11714777,
+             30364213, -9038194, 18016357, 4397660},
+        },
+        {
+            {-10958843, -7690207, 4776341, -14954238, 27850028, -15602212,
+             -26619106, 14544525, -17477504, 982639},
+            {29253598, 15796703, -2863982, -9908884, 10057023, 3163536, 7332899,
+             -4120128, -21047696, 9934963},
+            {5793303, 16271923, -24131614, -10116404, 29188560, 1206517,
+             -14747930, 4559895, -30123922, -10897950},
+        },
+        {
+            {-27643952, -11493006, 16282657, -11036493, 28414021, -15012264,
+             24191034, 4541697, -13338309, 5500568},
+            {12650548, -1497113, 9052871, 11355358, -17680037, -8400164,
+             -17430592, 12264343, 10874051, 13524335},
+            {25556948, -3045990, 714651, 2510400, 23394682, -10415330, 33119038,
+             5080568, -22528059, 5376628},
+        },
+        {
+            {-26088264, -4011052, -17013699, -3537628, -6726793, 1920897,
+             -22321305, -9447443, 4535768, 1569007},
+            {-2255422, 14606630, -21692440, -8039818, 28430649, 8775819,
+             -30494562, 3044290, 31848280, 12543772},
+            {-22028579, 2943893, -31857513, 6777306, 13784462, -4292203,
+             -27377195, -2062731, 7718482, 14474653},
+        },
+        {
+            {2385315, 2454213, -22631320, 46603, -4437935, -15680415, 656965,
+             -7236665, 24316168, -5253567},
+            {13741529, 10911568, -33233417, -8603737, -20177830, -1033297,
+             33040651, -13424532, -20729456, 8321686},
+            {21060490, -2212744, 15712757, -4336099, 1639040, 10656336,
+             23845965, -11874838, -9984458, 608372},
+        },
+        {
+            {-13672732, -15087586, -10889693, -7557059, -6036909, 11305547,
+             1123968, -6780577, 27229399, 23887},
+            {-23244140, -294205, -11744728, 14712571, -29465699, -2029617,
+             12797024, -6440308, -1633405, 16678954},
+            {-29500620, 4770662, -16054387, 14001338, 7830047, 9564805,
+             -1508144, -4795045, -17169265, 4904953},
+        },
+        {
+            {24059557, 14617003, 19037157, -15039908, 19766093, -14906429,
+             5169211, 16191880, 2128236, -4326833},
+            {-16981152, 4124966, -8540610, -10653797, 30336522, -14105247,
+             -29806336, 916033, -6882542, -2986532},
+            {-22630907, 12419372, -7134229, -7473371, -16478904, 16739175,
+             285431, 2763829, 15736322, 4143876},
+        },
+        {
+            {2379352, 11839345, -4110402, -5988665, 11274298, 794957, 212801,
+             -14594663, 23527084, -16458268},
+            {33431127, -11130478, -17838966, -15626900, 8909499, 8376530,
+             -32625340, 4087881, -15188911, -14416214},
+            {1767683, 7197987, -13205226, -2022635, -13091350, 448826, 5799055,
+             4357868, -4774191, -16323038},
+        },
+    },
+    {
+        {
+            {6721966, 13833823, -23523388, -1551314, 26354293, -11863321,
+             23365147, -3949732, 7390890, 2759800},
+            {4409041, 2052381, 23373853, 10530217, 7676779, -12885954, 21302353,
+             -4264057, 1244380, -12919645},
+            {-4421239, 7169619, 4982368, -2957590, 30256825, -2777540, 14086413,
+             9208236, 15886429, 16489664},
+        },
+        {
+            {1996075, 10375649, 14346367, 13311202, -6874135, -16438411,
+             -13693198, 398369, -30606455, -712933},
+            {-25307465, 9795880, -2777414, 14878809, -33531835, 14780363,
+             13348553, 12076947, -30836462, 5113182},
+            {-17770784, 11797796, 31950843, 13929123, -25888302, 12288344,
+             -30341101, -7336386, 13847711, 5387222},
+        },
+        {
+            {-18582163, -3416217, 17824843, -2340966, 22744343, -10442611,
+             8763061, 3617786, -19600662, 10370991},
+            {20246567, -14369378, 22358229, -543712, 18507283, -10413996,
+             14554437, -8746092, 32232924, 16763880},
+            {9648505, 10094563, 26416693, 14745928, -30374318, -6472621,
+             11094161, 15689506, 3140038, -16510092},
+        },
+        {
+            {-16160072, 5472695, 31895588, 4744994, 8823515, 10365685,
+             -27224800, 9448613, -28774454, 366295},
+            {19153450, 11523972, -11096490, -6503142, -24647631, 5420647,
+             28344573, 8041113, 719605, 11671788},
+            {8678025, 2694440, -6808014, 2517372, 4964326, 11152271, -15432916,
+             -15266516, 27000813, -10195553},
+        },
+        {
+            {-15157904, 7134312, 8639287, -2814877, -7235688, 10421742, 564065,
+             5336097, 6750977, -14521026},
+            {11836410, -3979488, 26297894, 16080799, 23455045, 15735944,
+             1695823, -8819122, 8169720, 16220347},
+            {-18115838, 8653647, 17578566, -6092619, -8025777, -16012763,
+             -11144307, -2627664, -5990708, -14166033},
+        },
+        {
+            {-23308498, -10968312, 15213228, -10081214, -30853605, -11050004,
+             27884329, 2847284, 2655861, 1738395},
+            {-27537433, -14253021, -25336301, -8002780, -9370762, 8129821,
+             21651608, -3239336, -19087449, -11005278},
+            {1533110, 3437855, 23735889, 459276, 29970501, 11335377, 26030092,
+             5821408, 10478196, 8544890},
+        },
+        {
+            {32173121, -16129311, 24896207, 3921497, 22579056, -3410854,
+             19270449, 12217473, 17789017, -3395995},
+            {-30552961, -2228401, -15578829, -10147201, 13243889, 517024,
+             15479401, -3853233, 30460520, 1052596},
+            {-11614875, 13323618, 32618793, 8175907, -15230173, 12596687,
+             27491595, -4612359, 3179268, -9478891},
+        },
+        {
+            {31947069, -14366651, -4640583, -15339921, -15125977, -6039709,
+             -14756777, -16411740, 19072640, -9511060},
+            {11685058, 11822410, 3158003, -13952594, 33402194, -4165066,
+             5977896, -5215017, 473099, 5040608},
+            {-20290863, 8198642, -27410132, 11602123, 1290375, -2799760,
+             28326862, 1721092, -19558642, -3131606},
+        },
+    },
+    {
+        {
+            {7881532, 10687937, 7578723, 7738378, -18951012, -2553952, 21820786,
+             8076149, -27868496, 11538389},
+            {-19935666, 3899861, 18283497, -6801568, -15728660, -11249211,
+             8754525, 7446702, -5676054, 5797016},
+            {-11295600, -3793569, -15782110, -7964573, 12708869, -8456199,
+             2014099, -9050574, -2369172, -5877341},
+        },
+        {
+            {-22472376, -11568741, -27682020, 1146375, 18956691, 16640559,
+             1192730, -3714199, 15123619, 10811505},
+            {14352098, -3419715, -18942044, 10822655, 32750596, 4699007, -70363,
+             15776356, -28886779, -11974553},
+            {-28241164, -8072475, -4978962, -5315317, 29416931, 1847569,
+             -20654173, -16484855, 4714547, -9600655},
+        },
+        {
+            {15200332, 8368572, 19679101, 15970074, -31872674, 1959451,
+             24611599, -4543832, -11745876, 12340220},
+            {12876937, -10480056, 33134381, 6590940, -6307776, 14872440,
+             9613953, 8241152, 15370987, 9608631},
+            {-4143277, -12014408, 8446281, -391603, 4407738, 13629032, -7724868,
+             15866074, -28210621, -8814099},
+        },
+        {
+            {26660628, -15677655, 8393734, 358047, -7401291, 992988, -23904233,
+             858697, 20571223, 8420556},
+            {14620715, 13067227, -15447274, 8264467, 14106269, 15080814,
+             33531827, 12516406, -21574435, -12476749},
+            {236881, 10476226, 57258, -14677024, 6472998, 2466984, 17258519,
+             7256740, 8791136, 15069930},
+        },
+        {
+            {1276410, -9371918, 22949635, -16322807, -23493039, -5702186,
+             14711875, 4874229, -30663140, -2331391},
+            {5855666, 4990204, -13711848, 7294284, -7804282, 1924647, -1423175,
+             -7912378, -33069337, 9234253},
+            {20590503, -9018988, 31529744, -7352666, -2706834, 10650548,
+             31559055, -11609587, 18979186, 13396066},
+        },
+        {
+            {24474287, 4968103, 22267082, 4407354, 24063882, -8325180,
+             -18816887, 13594782, 33514650, 7021958},
+            {-11566906, -6565505, -21365085, 15928892, -26158305, 4315421,
+             -25948728, -3916677, -21480480, 12868082},
+            {-28635013, 13504661, 19988037, -2132761, 21078225, 6443208,
+             -21446107, 2244500, -12455797, -8089383},
+        },
+        {
+            {-30595528, 13793479, -5852820, 319136, -25723172, -6263899,
+             33086546, 8957937, -15233648, 5540521},
+            {-11630176, -11503902, -8119500, -7643073, 2620056, 1022908,
+             -23710744, -1568984, -16128528, -14962807},
+            {23152971, 775386, 27395463, 14006635, -9701118, 4649512, 1689819,
+             892185, -11513277, -15205948},
+        },
+        {
+            {9770129, 9586738, 26496094, 4324120, 1556511, -3550024, 27453819,
+             4763127, -19179614, 5867134},
+            {-32765025, 1927590, 31726409, -4753295, 23962434, -16019500,
+             27846559, 5931263, -29749703, -16108455},
+            {27461885, -2977536, 22380810, 1815854, -23033753, -3031938,
+             7283490, -15148073, -19526700, 7734629},
+        },
+    },
+    {
+        {
+            {-8010264, -9590817, -11120403, 6196038, 29344158, -13430885,
+             7585295, -3176626, 18549497, 15302069},
+            {-32658337, -6171222, -7672793, -11051681, 6258878, 13504381,
+             10458790, -6418461, -8872242, 8424746},
+            {24687205, 8613276, -30667046, -3233545, 1863892, -1830544,
+             19206234, 7134917, -11284482, -828919},
+        },
+        {
+            {11334899, -9218022, 8025293, 12707519, 17523892, -10476071,
+             10243738, -14685461, -5066034, 16498837},
+            {8911542, 6887158, -9584260, -6958590, 11145641, -9543680, 17303925,
+             -14124238, 6536641, 10543906},
+            {-28946384, 15479763, -17466835, 568876, -1497683, 11223454,
+             -2669190, -16625574, -27235709, 8876771},
+        },
+        {
+            {-25742899, -12566864, -15649966, -846607, -33026686, -796288,
+             -33481822, 15824474, -604426, -9039817},
+            {10330056, 70051, 7957388, -9002667, 9764902, 15609756, 27698697,
+             -4890037, 1657394, 3084098},
+            {10477963, -7470260, 12119566, -13250805, 29016247, -5365589,
+             31280319, 14396151, -30233575, 15272409},
+        },
+        {
+            {-12288309, 3169463, 28813183, 16658753, 25116432, -5630466,
+             -25173957, -12636138, -25014757, 1950504},
+            {-26180358, 9489187, 11053416, -14746161, -31053720, 5825630,
+             -8384306, -8767532, 15341279, 8373727},
+            {28685821, 7759505, -14378516, -12002860, -31971820, 4079242,
+             298136, -10232602, -2878207, 15190420},
+        },
+        {
+            {-32932876, 13806336, -14337485, -15794431, -24004620, 10940928,
+             8669718, 2742393, -26033313, -6875003},
+            {-1580388, -11729417, -25979658, -11445023, -17411874, -10912854,
+             9291594, -16247779, -12154742, 6048605},
+            {-30305315, 14843444, 1539301, 11864366, 20201677, 1900163,
+             13934231, 5128323, 11213262, 9168384},
+        },
+        {
+            {-26280513, 11007847, 19408960, -940758, -18592965, -4328580,
+             -5088060, -11105150, 20470157, -16398701},
+            {-23136053, 9282192, 14855179, -15390078, -7362815, -14408560,
+             -22783952, 14461608, 14042978, 5230683},
+            {29969567, -2741594, -16711867, -8552442, 9175486, -2468974,
+             21556951, 3506042, -5933891, -12449708},
+        },
+        {
+            {-3144746, 8744661, 19704003, 4581278, -20430686, 6830683,
+             -21284170, 8971513, -28539189, 15326563},
+            {-19464629, 10110288, -17262528, -3503892, -23500387, 1355669,
+             -15523050, 15300988, -20514118, 9168260},
+            {-5353335, 4488613, -23803248, 16314347, 7780487, -15638939,
+             -28948358, 9601605, 33087103, -9011387},
+        },
+        {
+            {-19443170, -15512900, -20797467, -12445323, -29824447, 10229461,
+             -27444329, -15000531, -5996870, 15664672},
+            {23294591, -16632613, -22650781, -8470978, 27844204, 11461195,
+             13099750, -2460356, 18151676, 13417686},
+            {-24722913, -4176517, -31150679, 5988919, -26858785, 6685065,
+             1661597, -12551441, 15271676, -15452665},
+        },
+    },
+    {
+        {
+            {11433042, -13228665, 8239631, -5279517, -1985436, -725718,
+             -18698764, 2167544, -6921301, -13440182},
+            {-31436171, 15575146, 30436815, 12192228, -22463353, 9395379,
+             -9917708, -8638997, 12215110, 12028277},
+            {14098400, 6555944, 23007258, 5757252, -15427832, -12950502,
+             30123440, 4617780, -16900089, -655628},
+        },
+        {
+            {-4026201, -15240835, 11893168, 13718664, -14809462, 1847385,
+             -15819999, 10154009, 23973261, -12684474},
+            {-26531820, -3695990, -1908898, 2534301, -31870557, -16550355,
+             18341390, -11419951, 32013174, -10103539},
+            {-25479301, 10876443, -11771086, -14625140, -12369567, 1838104,
+             21911214, 6354752, 4425632, -837822},
+        },
+        {
+            {-10433389, -14612966, 22229858, -3091047, -13191166, 776729,
+             -17415375, -12020462, 4725005, 14044970},
+            {19268650, -7304421, 1555349, 8692754, -21474059, -9910664, 6347390,
+             -1411784, -19522291, -16109756},
+            {-24864089, 12986008, -10898878, -5558584, -11312371, -148526,
+             19541418, 8180106, 9282262, 10282508},
+        },
+        {
+            {-26205082, 4428547, -8661196, -13194263, 4098402, -14165257,
+             15522535, 8372215, 5542595, -10702683},
+            {-10562541, 14895633, 26814552, -16673850, -17480754, -2489360,
+             -2781891, 6993761, -18093885, 10114655},
+            {-20107055, -929418, 31422704, 10427861, -7110749, 6150669,
+             -29091755, -11529146, 25953725, -106158},
+        },
+        {
+            {-4234397, -8039292, -9119125, 3046000, 2101609, -12607294,
+             19390020, 6094296, -3315279, 12831125},
+            {-15998678, 7578152, 5310217, 14408357, -33548620, -224739,
+             31575954, 6326196, 7381791, -2421839},
+            {-20902779, 3296811, 24736065, -16328389, 18374254, 7318640,
+             6295303, 8082724, -15362489, 12339664},
+        },
+        {
+            {27724736, 2291157, 6088201, -14184798, 1792727, 5857634, 13848414,
+             15768922, 25091167, 14856294},
+            {-18866652, 8331043, 24373479, 8541013, -701998, -9269457, 12927300,
+             -12695493, -22182473, -9012899},
+            {-11423429, -5421590, 11632845, 3405020, 30536730, -11674039,
+             -27260765, 13866390, 30146206, 9142070},
+        },
+        {
+            {3924129, -15307516, -13817122, -10054960, 12291820, -668366,
+             -27702774, 9326384, -8237858, 4171294},
+            {-15921940, 16037937, 6713787, 16606682, -21612135, 2790944,
+             26396185, 3731949, 345228, -5462949},
+            {-21327538, 13448259, 25284571, 1143661, 20614966, -8849387,
+             2031539, -12391231, -16253183, -13582083},
+        },
+        {
+            {31016211, -16722429, 26371392, -14451233, -5027349, 14854137,
+             17477601, 3842657, 28012650, -16405420},
+            {-5075835, 9368966, -8562079, -4600902, -15249953, 6970560,
+             -9189873, 16292057, -8867157, 3507940},
+            {29439664, 3537914, 23333589, 6997794, -17555561, -11018068,
+             -15209202, -15051267, -9164929, 6580396},
+        },
+    },
+    {
+        {
+            {-12185861, -7679788, 16438269, 10826160, -8696817, -6235611,
+             17860444, -9273846, -2095802, 9304567},
+            {20714564, -4336911, 29088195, 7406487, 11426967, -5095705,
+             14792667, -14608617, 5289421, -477127},
+            {-16665533, -10650790, -6160345, -13305760, 9192020, -1802462,
+             17271490, 12349094, 26939669, -3752294},
+        },
+        {
+            {-12889898, 9373458, 31595848, 16374215, 21471720, 13221525,
+             -27283495, -12348559, -3698806, 117887},
+            {22263325, -6560050, 3984570, -11174646, -15114008, -566785,
+             28311253, 5358056, -23319780, 541964},
+            {16259219, 3261970, 2309254, -15534474, -16885711, -4581916,
+             24134070, -16705829, -13337066, -13552195},
+        },
+        {
+            {9378160, -13140186, -22845982, -12745264, 28198281, -7244098,
+             -2399684, -717351, 690426, 14876244},
+            {24977353, -314384, -8223969, -13465086, 28432343, -1176353,
+             -13068804, -12297348, -22380984, 6618999},
+            {-1538174, 11685646, 12944378, 13682314, -24389511, -14413193,
+             8044829, -13817328, 32239829, -5652762},
+        },
+        {
+            {-18603066, 4762990, -926250, 8885304, -28412480, -3187315, 9781647,
+             -10350059, 32779359, 5095274},
+            {-33008130, -5214506, -32264887, -3685216, 9460461, -9327423,
+             -24601656, 14506724, 21639561, -2630236},
+            {-16400943, -13112215, 25239338, 15531969, 3987758, -4499318,
+             -1289502, -6863535, 17874574, 558605},
+        },
+        {
+            {-13600129, 10240081, 9171883, 16131053, -20869254, 9599700,
+             33499487, 5080151, 2085892, 5119761},
+            {-22205145, -2519528, -16381601, 414691, -25019550, 2170430,
+             30634760, -8363614, -31999993, -5759884},
+            {-6845704, 15791202, 8550074, -1312654, 29928809, -12092256,
+             27534430, -7192145, -22351378, 12961482},
+        },
+        {
+            {-24492060, -9570771, 10368194, 11582341, -23397293, -2245287,
+             16533930, 8206996, -30194652, -5159638},
+            {-11121496, -3382234, 2307366, 6362031, -135455, 8868177, -16835630,
+             7031275, 7589640, 8945490},
+            {-32152748, 8917967, 6661220, -11677616, -1192060, -15793393,
+             7251489, -11182180, 24099109, -14456170},
+        },
+        {
+            {5019558, -7907470, 4244127, -14714356, -26933272, 6453165,
+             -19118182, -13289025, -6231896, -10280736},
+            {10853594, 10721687, 26480089, 5861829, -22995819, 1972175,
+             -1866647, -10557898, -3363451, -6441124},
+            {-17002408, 5906790, 221599, -6563147, 7828208, -13248918, 24362661,
+             -2008168, -13866408, 7421392},
+        },
+        {
+            {8139927, -6546497, 32257646, -5890546, 30375719, 1886181,
+             -21175108, 15441252, 28826358, -4123029},
+            {6267086, 9695052, 7709135, -16603597, -32869068, -1886135,
+             14795160, -7840124, 13746021, -1742048},
+            {28584902, 7787108, -6732942, -15050729, 22846041, -7571236,
+             -3181936, -363524, 4771362, -8419958},
+        },
+    },
+    {
+        {
+            {24949256, 6376279, -27466481, -8174608, -18646154, -9930606,
+             33543569, -12141695, 3569627, 11342593},
+            {26514989, 4740088, 27912651, 3697550, 19331575, -11472339, 6809886,
+             4608608, 7325975, -14801071},
+            {-11618399, -14554430, -24321212, 7655128, -1369274, 5214312,
+             -27400540, 10258390, -17646694, -8186692},
+        },
+        {
+            {11431204, 15823007, 26570245, 14329124, 18029990, 4796082,
+             -31446179, 15580664, 9280358, -3973687},
+            {-160783, -10326257, -22855316, -4304997, -20861367, -13621002,
+             -32810901, -11181622, -15545091, 4387441},
+            {-20799378, 12194512, 3937617, -5805892, -27154820, 9340370,
+             -24513992, 8548137, 20617071, -7482001},
+        },
+        {
+            {-938825, -3930586, -8714311, 16124718, 24603125, -6225393,
+             -13775352, -11875822, 24345683, 10325460},
+            {-19855277, -1568885, -22202708, 8714034, 14007766, 6928528,
+             16318175, -1010689, 4766743, 3552007},
+            {-21751364, -16730916, 1351763, -803421, -4009670, 3950935, 3217514,
+             14481909, 10988822, -3994762},
+        },
+        {
+            {15564307, -14311570, 3101243, 5684148, 30446780, -8051356,
+             12677127, -6505343, -8295852, 13296005},
+            {-9442290, 6624296, -30298964, -11913677, -4670981, -2057379,
+             31521204, 9614054, -30000824, 12074674},
+            {4771191, -135239, 14290749, -13089852, 27992298, 14998318,
+             -1413936, -1556716, 29832613, -16391035},
+        },
+        {
+            {7064884, -7541174, -19161962, -5067537, -18891269, -2912736,
+             25825242, 5293297, -27122660, 13101590},
+            {-2298563, 2439670, -7466610, 1719965, -27267541, -16328445,
+             32512469, -5317593, -30356070, -4190957},
+            {-30006540, 10162316, -33180176, 3981723, -16482138, -13070044,
+             14413974, 9515896, 19568978, 9628812},
+        },
+        {
+            {33053803, 199357, 15894591, 1583059, 27380243, -4580435, -17838894,
+             -6106839, -6291786, 3437740},
+            {-18978877, 3884493, 19469877, 12726490, 15913552, 13614290,
+             -22961733, 70104, 7463304, 4176122},
+            {-27124001, 10659917, 11482427, -16070381, 12771467, -6635117,
+             -32719404, -5322751, 24216882, 5944158},
+        },
+        {
+            {8894125, 7450974, -2664149, -9765752, -28080517, -12389115,
+             19345746, 14680796, 11632993, 5847885},
+            {26942781, -2315317, 9129564, -4906607, 26024105, 11769399,
+             -11518837, 6367194, -9727230, 4782140},
+            {19916461, -4828410, -22910704, -11414391, 25606324, -5972441,
+             33253853, 8220911, 6358847, -1873857},
+        },
+        {
+            {801428, -2081702, 16569428, 11065167, 29875704, 96627, 7908388,
+             -4480480, -13538503, 1387155},
+            {19646058, 5720633, -11416706, 12814209, 11607948, 12749789,
+             14147075, 15156355, -21866831, 11835260},
+            {19299512, 1155910, 28703737, 14890794, 2925026, 7269399, 26121523,
+             15467869, -26560550, 5052483},
+        },
+    },
+    {
+        {
+            {-3017432, 10058206, 1980837, 3964243, 22160966, 12322533, -6431123,
+             -12618185, 12228557, -7003677},
+            {32944382, 14922211, -22844894, 5188528, 21913450, -8719943,
+             4001465, 13238564, -6114803, 8653815},
+            {22865569, -4652735, 27603668, -12545395, 14348958, 8234005,
+             24808405, 5719875, 28483275, 2841751},
+        },
+        {
+            {-16420968, -1113305, -327719, -12107856, 21886282, -15552774,
+             -1887966, -315658, 19932058, -12739203},
+            {-11656086, 10087521, -8864888, -5536143, -19278573, -3055912,
+             3999228, 13239134, -4777469, -13910208},
+            {1382174, -11694719, 17266790, 9194690, -13324356, 9720081,
+             20403944, 11284705, -14013818, 3093230},
+        },
+        {
+            {16650921, -11037932, -1064178, 1570629, -8329746, 7352753, -302424,
+             16271225, -24049421, -6691850},
+            {-21911077, -5927941, -4611316, -5560156, -31744103, -10785293,
+             24123614, 15193618, -21652117, -16739389},
+            {-9935934, -4289447, -25279823, 4372842, 2087473, 10399484,
+             31870908, 14690798, 17361620, 11864968},
+        },
+        {
+            {-11307610, 6210372, 13206574, 5806320, -29017692, -13967200,
+             -12331205, -7486601, -25578460, -16240689},
+            {14668462, -12270235, 26039039, 15305210, 25515617, 4542480,
+             10453892, 6577524, 9145645, -6443880},
+            {5974874, 3053895, -9433049, -10385191, -31865124, 3225009,
+             -7972642, 3936128, -5652273, -3050304},
+        },
+        {
+            {30625386, -4729400, -25555961, -12792866, -20484575, 7695099,
+             17097188, -16303496, -27999779, 1803632},
+            {-3553091, 9865099, -5228566, 4272701, -5673832, -16689700,
+             14911344, 12196514, -21405489, 7047412},
+            {20093277, 9920966, -11138194, -5343857, 13161587, 12044805,
+             -32856851, 4124601, -32343828, -10257566},
+        },
+        {
+            {-20788824, 14084654, -13531713, 7842147, 19119038, -13822605,
+             4752377, -8714640, -21679658, 2288038},
+            {-26819236, -3283715, 29965059, 3039786, -14473765, 2540457,
+             29457502, 14625692, -24819617, 12570232},
+            {-1063558, -11551823, 16920318, 12494842, 1278292, -5869109,
+             -21159943, -3498680, -11974704, 4724943},
+        },
+        {
+            {17960970, -11775534, -4140968, -9702530, -8876562, -1410617,
+             -12907383, -8659932, -29576300, 1903856},
+            {23134274, -14279132, -10681997, -1611936, 20684485, 15770816,
+             -12989750, 3190296, 26955097, 14109738},
+            {15308788, 5320727, -30113809, -14318877, 22902008, 7767164,
+             29425325, -11277562, 31960942, 11934971},
+        },
+        {
+            {-27395711, 8435796, 4109644, 12222639, -24627868, 14818669,
+             20638173, 4875028, 10491392, 1379718},
+            {-13159415, 9197841, 3875503, -8936108, -1383712, -5879801,
+             33518459, 16176658, 21432314, 12180697},
+            {-11787308, 11500838, 13787581, -13832590, -22430679, 10140205,
+             1465425, 12689540, -10301319, -13872883},
+        },
+    },
+    {
+        {
+            {5414091, -15386041, -21007664, 9643570, 12834970, 1186149,
+             -2622916, -1342231, 26128231, 6032912},
+            {-26337395, -13766162, 32496025, -13653919, 17847801, -12669156,
+             3604025, 8316894, -25875034, -10437358},
+            {3296484, 6223048, 24680646, -12246460, -23052020, 5903205,
+             -8862297, -4639164, 12376617, 3188849},
+        },
+        {
+            {29190488, -14659046, 27549113, -1183516, 3520066, -10697301,
+             32049515, -7309113, -16109234, -9852307},
+            {-14744486, -9309156, 735818, -598978, -20407687, -5057904,
+             25246078, -15795669, 18640741, -960977},
+            {-6928835, -16430795, 10361374, 5642961, 4910474, 12345252,
+             -31638386, -494430, 10530747, 1053335},
+        },
+        {
+            {-29265967, -14186805, -13538216, -12117373, -19457059, -10655384,
+             -31462369, -2948985, 24018831, 15026644},
+            {-22592535, -3145277, -2289276, 5953843, -13440189, 9425631,
+             25310643, 13003497, -2314791, -15145616},
+            {-27419985, -603321, -8043984, -1669117, -26092265, 13987819,
+             -27297622, 187899, -23166419, -2531735},
+        },
+        {
+            {-21744398, -13810475, 1844840, 5021428, -10434399, -15911473,
+             9716667, 16266922, -5070217, 726099},
+            {29370922, -6053998, 7334071, -15342259, 9385287, 2247707,
+             -13661962, -4839461, 30007388, -15823341},
+            {-936379, 16086691, 23751945, -543318, -1167538, -5189036, 9137109,
+             730663, 9835848, 4555336},
+        },
+        {
+            {-23376435, 1410446, -22253753, -12899614, 30867635, 15826977,
+             17693930, 544696, -11985298, 12422646},
+            {31117226, -12215734, -13502838, 6561947, -9876867, -12757670,
+             -5118685, -4096706, 29120153, 13924425},
+            {-17400879, -14233209, 19675799, -2734756, -11006962, -5858820,
+             -9383939, -11317700, 7240931, -237388},
+        },
+        {
+            {-31361739, -11346780, -15007447, -5856218, -22453340, -12152771,
+             1222336, 4389483, 3293637, -15551743},
+            {-16684801, -14444245, 11038544, 11054958, -13801175, -3338533,
+             -24319580, 7733547, 12796905, -6335822},
+            {-8759414, -10817836, -25418864, 10783769, -30615557, -9746811,
+             -28253339, 3647836, 3222231, -11160462},
+        },
+        {
+            {18606113, 1693100, -25448386, -15170272, 4112353, 10045021,
+             23603893, -2048234, -7550776, 2484985},
+            {9255317, -3131197, -12156162, -1004256, 13098013, -9214866,
+             16377220, -2102812, -19802075, -3034702},
+            {-22729289, 7496160, -5742199, 11329249, 19991973, -3347502,
+             -31718148, 9936966, -30097688, -10618797},
+        },
+        {
+            {21878590, -5001297, 4338336, 13643897, -3036865, 13160960,
+             19708896, 5415497, -7360503, -4109293},
+            {27736861, 10103576, 12500508, 8502413, -3413016, -9633558,
+             10436918, -1550276, -23659143, -8132100},
+            {19492550, -12104365, -29681976, -852630, -3208171, 12403437,
+             30066266, 8367329, 13243957, 8709688},
+        },
+    },
+    {
+        {
+            {12015105, 2801261, 28198131, 10151021, 24818120, -4743133,
+             -11194191, -5645734, 5150968, 7274186},
+            {2831366, -12492146, 1478975, 6122054, 23825128, -12733586,
+             31097299, 6083058, 31021603, -9793610},
+            {-2529932, -2229646, 445613, 10720828, -13849527, -11505937,
+             -23507731, 16354465, 15067285, -14147707},
+        },
+        {
+            {7840942, 14037873, -33364863, 15934016, -728213, -3642706,
+             21403988, 1057586, -19379462, -12403220},
+            {915865, -16469274, 15608285, -8789130, -24357026, 6060030,
+             -17371319, 8410997, -7220461, 16527025},
+            {32922597, -556987, 20336074, -16184568, 10903705, -5384487,
+             16957574, 52992, 23834301, 6588044},
+        },
+        {
+            {32752030, 11232950, 3381995, -8714866, 22652988, -10744103,
+             17159699, 16689107, -20314580, -1305992},
+            {-4689649, 9166776, -25710296, -10847306, 11576752, 12733943,
+             7924251, -2752281, 1976123, -7249027},
+            {21251222, 16309901, -2983015, -6783122, 30810597, 12967303, 156041,
+             -3371252, 12331345, -8237197},
+        },
+        {
+            {8651614, -4477032, -16085636, -4996994, 13002507, 2950805,
+             29054427, -5106970, 10008136, -4667901},
+            {31486080, 15114593, -14261250, 12951354, 14369431, -7387845,
+             16347321, -13662089, 8684155, -10532952},
+            {19443825, 11385320, 24468943, -9659068, -23919258, 2187569,
+             -26263207, -6086921, 31316348, 14219878},
+        },
+        {
+            {-28594490, 1193785, 32245219, 11392485, 31092169, 15722801,
+             27146014, 6992409, 29126555, 9207390},
+            {32382935, 1110093, 18477781, 11028262, -27411763, -7548111,
+             -4980517, 10843782, -7957600, -14435730},
+            {2814918, 7836403, 27519878, -7868156, -20894015, -11553689,
+             -21494559, 8550130, 28346258, 1994730},
+        },
+        {
+            {-19578299, 8085545, -14000519, -3948622, 2785838, -16231307,
+             -19516951, 7174894, 22628102, 8115180},
+            {-30405132, 955511, -11133838, -15078069, -32447087, -13278079,
+             -25651578, 3317160, -9943017, 930272},
+            {-15303681, -6833769, 28856490, 1357446, 23421993, 1057177,
+             24091212, -1388970, -22765376, -10650715},
+        },
+        {
+            {-22751231, -5303997, -12907607, -12768866, -15811511, -7797053,
+             -14839018, -16554220, -1867018, 8398970},
+            {-31969310, 2106403, -4736360, 1362501, 12813763, 16200670,
+             22981545, -6291273, 18009408, -15772772},
+            {-17220923, -9545221, -27784654, 14166835, 29815394, 7444469,
+             29551787, -3727419, 19288549, 1325865},
+        },
+        {
+            {15100157, -15835752, -23923978, -1005098, -26450192, 15509408,
+             12376730, -3479146, 33166107, -8042750},
+            {20909231, 13023121, -9209752, 16251778, -5778415, -8094914,
+             12412151, 10018715, 2213263, -13878373},
+            {32529814, -11074689, 30361439, -16689753, -9135940, 1513226,
+             22922121, 6382134, -5766928, 8371348},
+        },
+    },
+    {
+        {
+            {9923462, 11271500, 12616794, 3544722, -29998368, -1721626,
+             12891687, -8193132, -26442943, 10486144},
+            {-22597207, -7012665, 8587003, -8257861, 4084309, -12970062, 361726,
+             2610596, -23921530, -11455195},
+            {5408411, -1136691, -4969122, 10561668, 24145918, 14240566,
+             31319731, -4235541, 19985175, -3436086},
+        },
+        {
+            {-13994457, 16616821, 14549246, 3341099, 32155958, 13648976,
+             -17577068, 8849297, 65030, 8370684},
+            {-8320926, -12049626, 31204563, 5839400, -20627288, -1057277,
+             -19442942, 6922164, 12743482, -9800518},
+            {-2361371, 12678785, 28815050, 4759974, -23893047, 4884717,
+             23783145, 11038569, 18800704, 255233},
+        },
+        {
+            {-5269658, -1773886, 13957886, 7990715, 23132995, 728773, 13393847,
+             9066957, 19258688, -14753793},
+            {-2936654, -10827535, -10432089, 14516793, -3640786, 4372541,
+             -31934921, 2209390, -1524053, 2055794},
+            {580882, 16705327, 5468415, -2683018, -30926419, -14696000,
+             -7203346, -8994389, -30021019, 7394435},
+        },
+        {
+            {23838809, 1822728, -15738443, 15242727, 8318092, -3733104,
+             -21672180, -3492205, -4821741, 14799921},
+            {13345610, 9759151, 3371034, -16137791, 16353039, 8577942, 31129804,
+             13496856, -9056018, 7402518},
+            {2286874, -4435931, -20042458, -2008336, -13696227, 5038122,
+             11006906, -15760352, 8205061, 1607563},
+        },
+        {
+            {14414086, -8002132, 3331830, -3208217, 22249151, -5594188,
+             18364661, -2906958, 30019587, -9029278},
+            {-27688051, 1585953, -10775053, 931069, -29120221, -11002319,
+             -14410829, 12029093, 9944378, 8024},
+            {4368715, -3709630, 29874200, -15022983, -20230386, -11410704,
+             -16114594, -999085, -8142388, 5640030},
+        },
+        {
+            {10299610, 13746483, 11661824, 16234854, 7630238, 5998374, 9809887,
+             -16694564, 15219798, -14327783},
+            {27425505, -5719081, 3055006, 10660664, 23458024, 595578, -15398605,
+             -1173195, -18342183, 9742717},
+            {6744077, 2427284, 26042789, 2720740, -847906, 1118974, 32324614,
+             7406442, 12420155, 1994844},
+        },
+        {
+            {14012521, -5024720, -18384453, -9578469, -26485342, -3936439,
+             -13033478, -10909803, 24319929, -6446333},
+            {16412690, -4507367, 10772641, 15929391, -17068788, -4658621,
+             10555945, -10484049, -30102368, -4739048},
+            {22397382, -7767684, -9293161, -12792868, 17166287, -9755136,
+             -27333065, 6199366, 21880021, -12250760},
+        },
+        {
+            {-4283307, 5368523, -31117018, 8163389, -30323063, 3209128,
+             16557151, 8890729, 8840445, 4957760},
+            {-15447727, 709327, -6919446, -10870178, -29777922, 6522332,
+             -21720181, 12130072, -14796503, 5005757},
+            {-2114751, -14308128, 23019042, 15765735, -25269683, 6002752,
+             10183197, -13239326, -16395286, -2176112},
+        },
+    },
+    {
+        {
+            {-19025756, 1632005, 13466291, -7995100, -23640451, 16573537,
+             -32013908, -3057104, 22208662, 2000468},
+            {3065073, -1412761, -25598674, -361432, -17683065, -5703415,
+             -8164212, 11248527, -3691214, -7414184},
+            {10379208, -6045554, 8877319, 1473647, -29291284, -12507580,
+             16690915, 2553332, -3132688, 16400289},
+        },
+        {
+            {15716668, 1254266, -18472690, 7446274, -8448918, 6344164,
+             -22097271, -7285580, 26894937, 9132066},
+            {24158887, 12938817, 11085297, -8177598, -28063478, -4457083,
+             -30576463, 64452, -6817084, -2692882},
+            {13488534, 7794716, 22236231, 5989356, 25426474, -12578208, 2350710,
+             -3418511, -4688006, 2364226},
+        },
+        {
+            {16335052, 9132434, 25640582, 6678888, 1725628, 8517937, -11807024,
+             -11697457, 15445875, -7798101},
+            {29004207, -7867081, 28661402, -640412, -12794003, -7943086,
+             31863255, -4135540, -278050, -15759279},
+            {-6122061, -14866665, -28614905, 14569919, -10857999, -3591829,
+             10343412, -6976290, -29828287, -10815811},
+        },
+        {
+            {27081650, 3463984, 14099042, -4517604, 1616303, -6205604, 29542636,
+             15372179, 17293797, 960709},
+            {20263915, 11434237, -5765435, 11236810, 13505955, -10857102,
+             -16111345, 6493122, -19384511, 7639714},
+            {-2830798, -14839232, 25403038, -8215196, -8317012, -16173699,
+             18006287, -16043750, 29994677, -15808121},
+        },
+        {
+            {9769828, 5202651, -24157398, -13631392, -28051003, -11561624,
+             -24613141, -13860782, -31184575, 709464},
+            {12286395, 13076066, -21775189, -1176622, -25003198, 4057652,
+             -32018128, -8890874, 16102007, 13205847},
+            {13733362, 5599946, 10557076, 3195751, -5557991, 8536970, -25540170,
+             8525972, 10151379, 10394400},
+        },
+        {
+            {4024660, -16137551, 22436262, 12276534, -9099015, -2686099,
+             19698229, 11743039, -33302334, 8934414},
+            {-15879800, -4525240, -8580747, -2934061, 14634845, -698278,
+             -9449077, 3137094, -11536886, 11721158},
+            {17555939, -5013938, 8268606, 2331751, -22738815, 9761013, 9319229,
+             8835153, -9205489, -1280045},
+        },
+        {
+            {-461409, -7830014, 20614118, 16688288, -7514766, -4807119,
+             22300304, 505429, 6108462, -6183415},
+            {-5070281, 12367917, -30663534, 3234473, 32617080, -8422642,
+             29880583, -13483331, -26898490, -7867459},
+            {-31975283, 5726539, 26934134, 10237677, -3173717, -605053,
+             24199304, 3795095, 7592688, -14992079},
+        },
+        {
+            {21594432, -14964228, 17466408, -4077222, 32537084, 2739898,
+             6407723, 12018833, -28256052, 4298412},
+            {-20650503, -11961496, -27236275, 570498, 3767144, -1717540,
+             13891942, -1569194, 13717174, 10805743},
+            {-14676630, -15644296, 15287174, 11927123, 24177847, -8175568,
+             -796431, 14860609, -26938930, -5863836},
+        },
+    },
+    {
+        {
+            {12962541, 5311799, -10060768, 11658280, 18855286, -7954201,
+             13286263, -12808704, -4381056, 9882022},
+            {18512079, 11319350, -20123124, 15090309, 18818594, 5271736,
+             -22727904, 3666879, -23967430, -3299429},
+            {-6789020, -3146043, 16192429, 13241070, 15898607, -14206114,
+             -10084880, -6661110, -2403099, 5276065},
+        },
+        {
+            {30169808, -5317648, 26306206, -11750859, 27814964, 7069267,
+             7152851, 3684982, 1449224, 13082861},
+            {10342826, 3098505, 2119311, 193222, 25702612, 12233820, 23697382,
+             15056736, -21016438, -8202000},
+            {-33150110, 3261608, 22745853, 7948688, 19370557, -15177665,
+             -26171976, 6482814, -10300080, -11060101},
+        },
+        {
+            {32869458, -5408545, 25609743, 15678670, -10687769, -15471071,
+             26112421, 2521008, -22664288, 6904815},
+            {29506923, 4457497, 3377935, -9796444, -30510046, 12935080, 1561737,
+             3841096, -29003639, -6657642},
+            {10340844, -6630377, -18656632, -2278430, 12621151, -13339055,
+             30878497, -11824370, -25584551, 5181966},
+        },
+        {
+            {25940115, -12658025, 17324188, -10307374, -8671468, 15029094,
+             24396252, -16450922, -2322852, -12388574},
+            {-21765684, 9916823, -1300409, 4079498, -1028346, 11909559, 1782390,
+             12641087, 20603771, -6561742},
+            {-18882287, -11673380, 24849422, 11501709, 13161720, -4768874,
+             1925523, 11914390, 4662781, 7820689},
+        },
+        {
+            {12241050, -425982, 8132691, 9393934, 32846760, -1599620, 29749456,
+             12172924, 16136752, 15264020},
+            {-10349955, -14680563, -8211979, 2330220, -17662549, -14545780,
+             10658213, 6671822, 19012087, 3772772},
+            {3753511, -3421066, 10617074, 2028709, 14841030, -6721664, 28718732,
+             -15762884, 20527771, 12988982},
+        },
+        {
+            {-14822485, -5797269, -3707987, 12689773, -898983, -10914866,
+             -24183046, -10564943, 3299665, -12424953},
+            {-16777703, -15253301, -9642417, 4978983, 3308785, 8755439, 6943197,
+             6461331, -25583147, 8991218},
+            {-17226263, 1816362, -1673288, -6086439, 31783888, -8175991,
+             -32948145, 7417950, -30242287, 1507265},
+        },
+        {
+            {29692663, 6829891, -10498800, 4334896, 20945975, -11906496,
+             -28887608, 8209391, 14606362, -10647073},
+            {-3481570, 8707081, 32188102, 5672294, 22096700, 1711240, -33020695,
+             9761487, 4170404, -2085325},
+            {-11587470, 14855945, -4127778, -1531857, -26649089, 15084046,
+             22186522, 16002000, -14276837, -8400798},
+        },
+        {
+            {-4811456, 13761029, -31703877, -2483919, -3312471, 7869047,
+             -7113572, -9620092, 13240845, 10965870},
+            {-7742563, -8256762, -14768334, -13656260, -23232383, 12387166,
+             4498947, 14147411, 29514390, 4302863},
+            {-13413405, -12407859, 20757302, -13801832, 14785143, 8976368,
+             -5061276, -2144373, 17846988, -13971927},
+        },
+    },
+    {
+        {
+            {-2244452, -754728, -4597030, -1066309, -6247172, 1455299,
+             -21647728, -9214789, -5222701, 12650267},
+            {-9906797, -16070310, 21134160, 12198166, -27064575, 708126, 387813,
+             13770293, -19134326, 10958663},
+            {22470984, 12369526, 23446014, -5441109, -21520802, -9698723,
+             -11772496, -11574455, -25083830, 4271862},
+        },
+        {
+            {-25169565, -10053642, -19909332, 15361595, -5984358, 2159192,
+             75375, -4278529, -32526221, 8469673},
+            {15854970, 4148314, -8893890, 7259002, 11666551, 13824734,
+             -30531198, 2697372, 24154791, -9460943},
+            {15446137, -15806644, 29759747, 14019369, 30811221, -9610191,
+             -31582008, 12840104, 24913809, 9815020},
+        },
+        {
+            {-4709286, -5614269, -31841498, -12288893, -14443537, 10799414,
+             -9103676, 13438769, 18735128, 9466238},
+            {11933045, 9281483, 5081055, -5183824, -2628162, -4905629, -7727821,
+             -10896103, -22728655, 16199064},
+            {14576810, 379472, -26786533, -8317236, -29426508, -10812974,
+             -102766, 1876699, 30801119, 2164795},
+        },
+        {
+            {15995086, 3199873, 13672555, 13712240, -19378835, -4647646,
+             -13081610, -15496269, -13492807, 1268052},
+            {-10290614, -3659039, -3286592, 10948818, 23037027, 3794475,
+             -3470338, -12600221, -17055369, 3565904},
+            {29210088, -9419337, -5919792, -4952785, 10834811, -13327726,
+             -16512102, -10820713, -27162222, -14030531},
+        },
+        {
+            {-13161890, 15508588, 16663704, -8156150, -28349942, 9019123,
+             -29183421, -3769423, 2244111, -14001979},
+            {-5152875, -3800936, -9306475, -6071583, 16243069, 14684434,
+             -25673088, -16180800, 13491506, 4641841},
+            {10813417, 643330, -19188515, -728916, 30292062, -16600078,
+             27548447, -7721242, 14476989, -12767431},
+        },
+        {
+            {10292079, 9984945, 6481436, 8279905, -7251514, 7032743, 27282937,
+             -1644259, -27912810, 12651324},
+            {-31185513, -813383, 22271204, 11835308, 10201545, 15351028,
+             17099662, 3988035, 21721536, -3148940},
+            {10202177, -6545839, -31373232, -9574638, -32150642, -8119683,
+             -12906320, 3852694, 13216206, 14842320},
+        },
+        {
+            {-15815640, -10601066, -6538952, -7258995, -6984659, -6581778,
+             -31500847, 13765824, -27434397, 9900184},
+            {14465505, -13833331, -32133984, -14738873, -27443187, 12990492,
+             33046193, 15796406, -7051866, -8040114},
+            {30924417, -8279620, 6359016, -12816335, 16508377, 9071735,
+             -25488601, 15413635, 9524356, -7018878},
+        },
+        {
+            {12274201, -13175547, 32627641, -1785326, 6736625, 13267305,
+             5237659, -5109483, 15663516, 4035784},
+            {-2951309, 8903985, 17349946, 601635, -16432815, -4612556,
+             -13732739, -15889334, -22258478, 4659091},
+            {-16916263, -4952973, -30393711, -15158821, 20774812, 15897498,
+             5736189, 15026997, -2178256, -13455585},
+        },
+    },
+    {
+        {
+            {-8858980, -2219056, 28571666, -10155518, -474467, -10105698,
+             -3801496, 278095, 23440562, -290208},
+            {10226241, -5928702, 15139956, 120818, -14867693, 5218603, 32937275,
+             11551483, -16571960, -7442864},
+            {17932739, -12437276, -24039557, 10749060, 11316803, 7535897,
+             22503767, 5561594, -3646624, 3898661},
+        },
+        {
+            {7749907, -969567, -16339731, -16464, -25018111, 15122143, -1573531,
+             7152530, 21831162, 1245233},
+            {26958459, -14658026, 4314586, 8346991, -5677764, 11960072,
+             -32589295, -620035, -30402091, -16716212},
+            {-12165896, 9166947, 33491384, 13673479, 29787085, 13096535,
+             6280834, 14587357, -22338025, 13987525},
+        },
+        {
+            {-24349909, 7778775, 21116000, 15572597, -4833266, -5357778,
+             -4300898, -5124639, -7469781, -2858068},
+            {9681908, -6737123, -31951644, 13591838, -6883821, 386950, 31622781,
+             6439245, -14581012, 4091397},
+            {-8426427, 1470727, -28109679, -1596990, 3978627, -5123623,
+             -19622683, 12092163, 29077877, -14741988},
+        },
+        {
+            {5269168, -6859726, -13230211, -8020715, 25932563, 1763552,
+             -5606110, -5505881, -20017847, 2357889},
+            {32264008, -15407652, -5387735, -1160093, -2091322, -3946900,
+             23104804, -12869908, 5727338, 189038},
+            {14609123, -8954470, -6000566, -16622781, -14577387, -7743898,
+             -26745169, 10942115, -25888931, -14884697},
+        },
+        {
+            {20513500, 5557931, -15604613, 7829531, 26413943, -2019404,
+             -21378968, 7471781, 13913677, -5137875},
+            {-25574376, 11967826, 29233242, 12948236, -6754465, 4713227,
+             -8940970, 14059180, 12878652, 8511905},
+            {-25656801, 3393631, -2955415, -7075526, -2250709, 9366908,
+             -30223418, 6812974, 5568676, -3127656},
+        },
+        {
+            {11630004, 12144454, 2116339, 13606037, 27378885, 15676917,
+             -17408753, -13504373, -14395196, 8070818},
+            {27117696, -10007378, -31282771, -5570088, 1127282, 12772488,
+             -29845906, 10483306, -11552749, -1028714},
+            {10637467, -5688064, 5674781, 1072708, -26343588, -6982302,
+             -1683975, 9177853, -27493162, 15431203},
+        },
+        {
+            {20525145, 10892566, -12742472, 12779443, -29493034, 16150075,
+             -28240519, 14943142, -15056790, -7935931},
+            {-30024462, 5626926, -551567, -9981087, 753598, 11981191, 25244767,
+             -3239766, -3356550, 9594024},
+            {-23752644, 2636870, -5163910, -10103818, 585134, 7877383, 11345683,
+             -6492290, 13352335, -10977084},
+        },
+        {
+            {-1931799, -5407458, 3304649, -12884869, 17015806, -4877091,
+             -29783850, -7752482, -13215537, -319204},
+            {20239939, 6607058, 6203985, 3483793, -18386976, -779229, -20723742,
+             15077870, -22750759, 14523817},
+            {27406042, -6041657, 27423596, -4497394, 4996214, 10002360,
+             -28842031, -4545494, -30172742, -4805667},
+        },
+    },
+    {
+        {
+            {11374242, 12660715, 17861383, -12540833, 10935568, 1099227,
+             -13886076, -9091740, -27727044, 11358504},
+            {-12730809, 10311867, 1510375, 10778093, -2119455, -9145702,
+             32676003, 11149336, -26123651, 4985768},
+            {-19096303, 341147, -6197485, -239033, 15756973, -8796662, -983043,
+             13794114, -19414307, -15621255},
+        },
+        {
+            {6490081, 11940286, 25495923, -7726360, 8668373, -8751316, 3367603,
+             6970005, -1691065, -9004790},
+            {1656497, 13457317, 15370807, 6364910, 13605745, 8362338, -19174622,
+             -5475723, -16796596, -5031438},
+            {-22273315, -13524424, -64685, -4334223, -18605636, -10921968,
+             -20571065, -7007978, -99853, -10237333},
+        },
+        {
+            {17747465, 10039260, 19368299, -4050591, -20630635, -16041286,
+             31992683, -15857976, -29260363, -5511971},
+            {31932027, -4986141, -19612382, 16366580, 22023614, 88450, 11371999,
+             -3744247, 4882242, -10626905},
+            {29796507, 37186, 19818052, 10115756, -11829032, 3352736, 18551198,
+             3272828, -5190932, -4162409},
+        },
+        {
+            {12501286, 4044383, -8612957, -13392385, -32430052, 5136599,
+             -19230378, -3529697, 330070, -3659409},
+            {6384877, 2899513, 17807477, 7663917, -2358888, 12363165, 25366522,
+             -8573892, -271295, 12071499},
+            {-8365515, -4042521, 25133448, -4517355, -6211027, 2265927,
+             -32769618, 1936675, -5159697, 3829363},
+        },
+        {
+            {28425966, -5835433, -577090, -4697198, -14217555, 6870930, 7921550,
+             -6567787, 26333140, 14267664},
+            {-11067219, 11871231, 27385719, -10559544, -4585914, -11189312,
+             10004786, -8709488, -21761224, 8930324},
+            {-21197785, -16396035, 25654216, -1725397, 12282012, 11008919,
+             1541940, 4757911, -26491501, -16408940},
+        },
+        {
+            {13537262, -7759490, -20604840, 10961927, -5922820, -13218065,
+             -13156584, 6217254, -15943699, 13814990},
+            {-17422573, 15157790, 18705543, 29619, 24409717, -260476, 27361681,
+             9257833, -1956526, -1776914},
+            {-25045300, -10191966, 15366585, 15166509, -13105086, 8423556,
+             -29171540, 12361135, -18685978, 4578290},
+        },
+        {
+            {24579768, 3711570, 1342322, -11180126, -27005135, 14124956,
+             -22544529, 14074919, 21964432, 8235257},
+            {-6528613, -2411497, 9442966, -5925588, 12025640, -1487420,
+             -2981514, -1669206, 13006806, 2355433},
+            {-16304899, -13605259, -6632427, -5142349, 16974359, -10911083,
+             27202044, 1719366, 1141648, -12796236},
+        },
+        {
+            {-12863944, -13219986, -8318266, -11018091, -6810145, -4843894,
+             13475066, -3133972, 32674895, 13715045},
+            {11423335, -5468059, 32344216, 8962751, 24989809, 9241752,
+             -13265253, 16086212, -28740881, -15642093},
+            {-1409668, 12530728, -6368726, 10847387, 19531186, -14132160,
+             -11709148, 7791794, -27245943, 4383347},
+        },
+    },
+    {
+        {
+            {-28970898, 5271447, -1266009, -9736989, -12455236, 16732599,
+             -4862407, -4906449, 27193557, 6245191},
+            {-15193956, 5362278, -1783893, 2695834, 4960227, 12840725, 23061898,
+             3260492, 22510453, 8577507},
+            {-12632451, 11257346, -32692994, 13548177, -721004, 10879011,
+             31168030, 13952092, -29571492, -3635906},
+        },
+        {
+            {3877321, -9572739, 32416692, 5405324, -11004407, -13656635,
+             3759769, 11935320, 5611860, 8164018},
+            {-16275802, 14667797, 15906460, 12155291, -22111149, -9039718,
+             32003002, -8832289, 5773085, -8422109},
+            {-23788118, -8254300, 1950875, 8937633, 18686727, 16459170, -905725,
+             12376320, 31632953, 190926},
+        },
+        {
+            {-24593607, -16138885, -8423991, 13378746, 14162407, 6901328,
+             -8288749, 4508564, -25341555, -3627528},
+            {8884438, -5884009, 6023974, 10104341, -6881569, -4941533, 18722941,
+             -14786005, -1672488, 827625},
+            {-32720583, -16289296, -32503547, 7101210, 13354605, 2659080,
+             -1800575, -14108036, -24878478, 1541286},
+        },
+        {
+            {2901347, -1117687, 3880376, -10059388, -17620940, -3612781,
+             -21802117, -3567481, 20456845, -1885033},
+            {27019610, 12299467, -13658288, -1603234, -12861660, -4861471,
+             -19540150, -5016058, 29439641, 15138866},
+            {21536104, -6626420, -32447818, -10690208, -22408077, 5175814,
+             -5420040, -16361163, 7779328, 109896},
+        },
+        {
+            {30279744, 14648750, -8044871, 6425558, 13639621, -743509, 28698390,
+             12180118, 23177719, -554075},
+            {26572847, 3405927, -31701700, 12890905, -19265668, 5335866,
+             -6493768, 2378492, 4439158, -13279347},
+            {-22716706, 3489070, -9225266, -332753, 18875722, -1140095,
+             14819434, -12731527, -17717757, -5461437},
+        },
+        {
+            {-5056483, 16566551, 15953661, 3767752, -10436499, 15627060,
+             -820954, 2177225, 8550082, -15114165},
+            {-18473302, 16596775, -381660, 15663611, 22860960, 15585581,
+             -27844109, -3582739, -23260460, -8428588},
+            {-32480551, 15707275, -8205912, -5652081, 29464558, 2713815,
+             -22725137, 15860482, -21902570, 1494193},
+        },
+        {
+            {-19562091, -14087393, -25583872, -9299552, 13127842, 759709,
+             21923482, 16529112, 8742704, 12967017},
+            {-28464899, 1553205, 32536856, -10473729, -24691605, -406174,
+             -8914625, -2933896, -29903758, 15553883},
+            {21877909, 3230008, 9881174, 10539357, -4797115, 2841332, 11543572,
+             14513274, 19375923, -12647961},
+        },
+        {
+            {8832269, -14495485, 13253511, 5137575, 5037871, 4078777, 24880818,
+             -6222716, 2862653, 9455043},
+            {29306751, 5123106, 20245049, -14149889, 9592566, 8447059, -2077124,
+             -2990080, 15511449, 4789663},
+            {-20679756, 7004547, 8824831, -9434977, -4045704, -3750736,
+             -5754762, 108893, 23513200, 16652362},
+        },
+    },
+    {
+        {
+            {-33256173, 4144782, -4476029, -6579123, 10770039, -7155542,
+             -6650416, -12936300, -18319198, 10212860},
+            {2756081, 8598110, 7383731, -6859892, 22312759, -1105012, 21179801,
+             2600940, -9988298, -12506466},
+            {-24645692, 13317462, -30449259, -15653928, 21365574, -10869657,
+             11344424, 864440, -2499677, -16710063},
+        },
+        {
+            {-26432803, 6148329, -17184412, -14474154, 18782929, -275997,
+             -22561534, 211300, 2719757, 4940997},
+            {-1323882, 3911313, -6948744, 14759765, -30027150, 7851207,
+             21690126, 8518463, 26699843, 5276295},
+            {-13149873, -6429067, 9396249, 365013, 24703301, -10488939, 1321586,
+             149635, -15452774, 7159369},
+        },
+        {
+            {9987780, -3404759, 17507962, 9505530, 9731535, -2165514, 22356009,
+             8312176, 22477218, -8403385},
+            {18155857, -16504990, 19744716, 9006923, 15154154, -10538976,
+             24256460, -4864995, -22548173, 9334109},
+            {2986088, -4911893, 10776628, -3473844, 10620590, -7083203,
+             -21413845, 14253545, -22587149, 536906},
+        },
+        {
+            {4377756, 8115836, 24567078, 15495314, 11625074, 13064599, 7390551,
+             10589625, 10838060, -15420424},
+            {-19342404, 867880, 9277171, -3218459, -14431572, -1986443,
+             19295826, -15796950, 6378260, 699185},
+            {7895026, 4057113, -7081772, -13077756, -17886831, -323126, -716039,
+             15693155, -5045064, -13373962},
+        },
+        {
+            {-7737563, -5869402, -14566319, -7406919, 11385654, 13201616,
+             31730678, -10962840, -3918636, -9669325},
+            {10188286, -15770834, -7336361, 13427543, 22223443, 14896287,
+             30743455, 7116568, -21786507, 5427593},
+            {696102, 13206899, 27047647, -10632082, 15285305, -9853179,
+             10798490, -4578720, 19236243, 12477404},
+        },
+        {
+            {-11229439, 11243796, -17054270, -8040865, -788228, -8167967,
+             -3897669, 11180504, -23169516, 7733644},
+            {17800790, -14036179, -27000429, -11766671, 23887827, 3149671,
+             23466177, -10538171, 10322027, 15313801},
+            {26246234, 11968874, 32263343, -5468728, 6830755, -13323031,
+             -15794704, -101982, -24449242, 10890804},
+        },
+        {
+            {-31365647, 10271363, -12660625, -6267268, 16690207, -13062544,
+             -14982212, 16484931, 25180797, -5334884},
+            {-586574, 10376444, -32586414, -11286356, 19801893, 10997610,
+             2276632, 9482883, 316878, 13820577},
+            {-9882808, -4510367, -2115506, 16457136, -11100081, 11674996,
+             30756178, -7515054, 30696930, -3712849},
+        },
+        {
+            {32988917, -9603412, 12499366, 7910787, -10617257, -11931514,
+             -7342816, -9985397, -32349517, 7392473},
+            {-8855661, 15927861, 9866406, -3649411, -2396914, -16655781,
+             -30409476, -9134995, 25112947, -2926644},
+            {-2504044, -436966, 25621774, -5678772, 15085042, -5479877,
+             -24884878, -13526194, 5537438, -13914319},
+        },
+    },
+    {
+        {
+            {-11225584, 2320285, -9584280, 10149187, -33444663, 5808648,
+             -14876251, -1729667, 31234590, 6090599},
+            {-9633316, 116426, 26083934, 2897444, -6364437, -2688086, 609721,
+             15878753, -6970405, -9034768},
+            {-27757857, 247744, -15194774, -9002551, 23288161, -10011936,
+             -23869595, 6503646, 20650474, 1804084},
+        },
+        {
+            {-27589786, 15456424, 8972517, 8469608, 15640622, 4439847, 3121995,
+             -10329713, 27842616, -202328},
+            {-15306973, 2839644, 22530074, 10026331, 4602058, 5048462, 28248656,
+             5031932, -11375082, 12714369},
+            {20807691, -7270825, 29286141, 11421711, -27876523, -13868230,
+             -21227475, 1035546, -19733229, 12796920},
+        },
+        {
+            {12076899, -14301286, -8785001, -11848922, -25012791, 16400684,
+             -17591495, -12899438, 3480665, -15182815},
+            {-32361549, 5457597, 28548107, 7833186, 7303070, -11953545,
+             -24363064, -15921875, -33374054, 2771025},
+            {-21389266, 421932, 26597266, 6860826, 22486084, -6737172,
+             -17137485, -4210226, -24552282, 15673397},
+        },
+        {
+            {-20184622, 2338216, 19788685, -9620956, -4001265, -8740893,
+             -20271184, 4733254, 3727144, -12934448},
+            {6120119, 814863, -11794402, -622716, 6812205, -15747771, 2019594,
+             7975683, 31123697, -10958981},
+            {30069250, -11435332, 30434654, 2958439, 18399564, -976289,
+             12296869, 9204260, -16432438, 9648165},
+        },
+        {
+            {32705432, -1550977, 30705658, 7451065, -11805606, 9631813, 3305266,
+             5248604, -26008332, -11377501},
+            {17219865, 2375039, -31570947, -5575615, -19459679, 9219903, 294711,
+             15298639, 2662509, -16297073},
+            {-1172927, -7558695, -4366770, -4287744, -21346413, -8434326,
+             32087529, -1222777, 32247248, -14389861},
+        },
+        {
+            {14312628, 1221556, 17395390, -8700143, -4945741, -8684635,
+             -28197744, -9637817, -16027623, -13378845},
+            {-1428825, -9678990, -9235681, 6549687, -7383069, -468664, 23046502,
+             9803137, 17597934, 2346211},
+            {18510800, 15337574, 26171504, 981392, -22241552, 7827556,
+             -23491134, -11323352, 3059833, -11782870},
+        },
+        {
+            {10141598, 6082907, 17829293, -1947643, 9830092, 13613136,
+             -25556636, -5544586, -33502212, 3592096},
+            {33114168, -15889352, -26525686, -13343397, 33076705, 8716171,
+             1151462, 1521897, -982665, -6837803},
+            {-32939165, -4255815, 23947181, -324178, -33072974, -12305637,
+             -16637686, 3891704, 26353178, 693168},
+        },
+        {
+            {30374239, 1595580, -16884039, 13186931, 4600344, 406904, 9585294,
+             -400668, 31375464, 14369965},
+            {-14370654, -7772529, 1510301, 6434173, -18784789, -6262728,
+             32732230, -13108839, 17901441, 16011505},
+            {18171223, -11934626, -12500402, 15197122, -11038147, -15230035,
+             -19172240, -16046376, 8764035, 12309598},
+        },
+    },
+    {
+        {
+            {5975908, -5243188, -19459362, -9681747, -11541277, 14015782,
+             -23665757, 1228319, 17544096, -10593782},
+            {5811932, -1715293, 3442887, -2269310, -18367348, -8359541,
+             -18044043, -15410127, -5565381, 12348900},
+            {-31399660, 11407555, 25755363, 6891399, -3256938, 14872274,
+             -24849353, 8141295, -10632534, -585479},
+        },
+        {
+            {-12675304, 694026, -5076145, 13300344, 14015258, -14451394,
+             -9698672, -11329050, 30944593, 1130208},
+            {8247766, -6710942, -26562381, -7709309, -14401939, -14648910,
+             4652152, 2488540, 23550156, -271232},
+            {17294316, -3788438, 7026748, 15626851, 22990044, 113481, 2267737,
+             -5908146, -408818, -137719},
+        },
+        {
+            {16091085, -16253926, 18599252, 7340678, 2137637, -1221657,
+             -3364161, 14550936, 3260525, -7166271},
+            {-4910104, -13332887, 18550887, 10864893, -16459325, -7291596,
+             -23028869, -13204905, -12748722, 2701326},
+            {-8574695, 16099415, 4629974, -16340524, -20786213, -6005432,
+             -10018363, 9276971, 11329923, 1862132},
+        },
+        {
+            {14763076, -15903608, -30918270, 3689867, 3511892, 10313526,
+             -21951088, 12219231, -9037963, -940300},
+            {8894987, -3446094, 6150753, 3013931, 301220, 15693451, -31981216,
+             -2909717, -15438168, 11595570},
+            {15214962, 3537601, -26238722, -14058872, 4418657, -15230761,
+             13947276, 10730794, -13489462, -4363670},
+        },
+        {
+            {-2538306, 7682793, 32759013, 263109, -29984731, -7955452,
+             -22332124, -10188635, 977108, 699994},
+            {-12466472, 4195084, -9211532, 550904, -15565337, 12917920,
+             19118110, -439841, -30534533, -14337913},
+            {31788461, -14507657, 4799989, 7372237, 8808585, -14747943, 9408237,
+             -10051775, 12493932, -5409317},
+        },
+        {
+            {-25680606, 5260744, -19235809, -6284470, -3695942, 16566087,
+             27218280, 2607121, 29375955, 6024730},
+            {842132, -2794693, -4763381, -8722815, 26332018, -12405641,
+             11831880, 6985184, -9940361, 2854096},
+            {-4847262, -7969331, 2516242, -5847713, 9695691, -7221186, 16512645,
+             960770, 12121869, 16648078},
+        },
+        {
+            {-15218652, 14667096, -13336229, 2013717, 30598287, -464137,
+             -31504922, -7882064, 20237806, 2838411},
+            {-19288047, 4453152, 15298546, -16178388, 22115043, -15972604,
+             12544294, -13470457, 1068881, -12499905},
+            {-9558883, -16518835, 33238498, 13506958, 30505848, -1114596,
+             -8486907, -2630053, 12521378, 4845654},
+        },
+        {
+            {-28198521, 10744108, -2958380, 10199664, 7759311, -13088600,
+             3409348, -873400, -6482306, -12885870},
+            {-23561822, 6230156, -20382013, 10655314, -24040585, -11621172,
+             10477734, -1240216, -3113227, 13974498},
+            {12966261, 15550616, -32038948, -1615346, 21025980, -629444,
+             5642325, 7188737, 18895762, 12629579},
+        },
+    },
+    {
+        {
+            {14741879, -14946887, 22177208, -11721237, 1279741, 8058600,
+             11758140, 789443, 32195181, 3895677},
+            {10758205, 15755439, -4509950, 9243698, -4879422, 6879879, -2204575,
+             -3566119, -8982069, 4429647},
+            {-2453894, 15725973, -20436342, -10410672, -5803908, -11040220,
+             -7135870, -11642895, 18047436, -15281743},
+        },
+        {
+            {-25173001, -11307165, 29759956, 11776784, -22262383, -15820455,
+             10993114, -12850837, -17620701, -9408468},
+            {21987233, 700364, -24505048, 14972008, -7774265, -5718395,
+             32155026, 2581431, -29958985, 8773375},
+            {-25568350, 454463, -13211935, 16126715, 25240068, 8594567,
+             20656846, 12017935, -7874389, -13920155},
+        },
+        {
+            {6028182, 6263078, -31011806, -11301710, -818919, 2461772,
+             -31841174, -5468042, -1721788, -2776725},
+            {-12278994, 16624277, 987579, -5922598, 32908203, 1248608, 7719845,
+             -4166698, 28408820, 6816612},
+            {-10358094, -8237829, 19549651, -12169222, 22082623, 16147817,
+             20613181, 13982702, -10339570, 5067943},
+        },
+        {
+            {-30505967, -3821767, 12074681, 13582412, -19877972, 2443951,
+             -19719286, 12746132, 5331210, -10105944},
+            {30528811, 3601899, -1957090, 4619785, -27361822, -15436388,
+             24180793, -12570394, 27679908, -1648928},
+            {9402404, -13957065, 32834043, 10838634, -26580150, -13237195,
+             26653274, -8685565, 22611444, -12715406},
+        },
+        {
+            {22190590, 1118029, 22736441, 15130463, -30460692, -5991321,
+             19189625, -4648942, 4854859, 6622139},
+            {-8310738, -2953450, -8262579, -3388049, -10401731, -271929,
+             13424426, -3567227, 26404409, 13001963},
+            {-31241838, -15415700, -2994250, 8939346, 11562230, -12840670,
+             -26064365, -11621720, -15405155, 11020693},
+        },
+        {
+            {1866042, -7949489, -7898649, -10301010, 12483315, 13477547,
+             3175636, -12424163, 28761762, 1406734},
+            {-448555, -1777666, 13018551, 3194501, -9580420, -11161737,
+             24760585, -4347088, 25577411, -13378680},
+            {-24290378, 4759345, -690653, -1852816, 2066747, 10693769,
+             -29595790, 9884936, -9368926, 4745410},
+        },
+        {
+            {-9141284, 6049714, -19531061, -4341411, -31260798, 9944276,
+             -15462008, -11311852, 10931924, -11931931},
+            {-16561513, 14112680, -8012645, 4817318, -8040464, -11414606,
+             -22853429, 10856641, -20470770, 13434654},
+            {22759489, -10073434, -16766264, -1871422, 13637442, -10168091,
+             1765144, -12654326, 28445307, -5364710},
+        },
+        {
+            {29875063, 12493613, 2795536, -3786330, 1710620, 15181182,
+             -10195717, -8788675, 9074234, 1167180},
+            {-26205683, 11014233, -9842651, -2635485, -26908120, 7532294,
+             -18716888, -9535498, 3843903, 9367684},
+            {-10969595, -6403711, 9591134, 9582310, 11349256, 108879, 16235123,
+             8601684, -139197, 4242895},
+        },
+    },
+    {
+        {
+            {22092954, -13191123, -2042793, -11968512, 32186753, -11517388,
+             -6574341, 2470660, -27417366, 16625501},
+            {-11057722, 3042016, 13770083, -9257922, 584236, -544855, -7770857,
+             2602725, -27351616, 14247413},
+            {6314175, -10264892, -32772502, 15957557, -10157730, 168750,
+             -8618807, 14290061, 27108877, -1180880},
+        },
+        {
+            {-8586597, -7170966, 13241782, 10960156, -32991015, -13794596,
+             33547976, -11058889, -27148451, 981874},
+            {22833440, 9293594, -32649448, -13618667, -9136966, 14756819,
+             -22928859, -13970780, -10479804, -16197962},
+            {-7768587, 3326786, -28111797, 10783824, 19178761, 14905060,
+             22680049, 13906969, -15933690, 3797899},
+        },
+        {
+            {21721356, -4212746, -12206123, 9310182, -3882239, -13653110,
+             23740224, -2709232, 20491983, -8042152},
+            {9209270, -15135055, -13256557, -6167798, -731016, 15289673,
+             25947805, 15286587, 30997318, -6703063},
+            {7392032, 16618386, 23946583, -8039892, -13265164, -1533858,
+             -14197445, -2321576, 17649998, -250080},
+        },
+        {
+            {-9301088, -14193827, 30609526, -3049543, -25175069, -1283752,
+             -15241566, -9525724, -2233253, 7662146},
+            {-17558673, 1763594, -33114336, 15908610, -30040870, -12174295,
+             7335080, -8472199, -3174674, 3440183},
+            {-19889700, -5977008, -24111293, -9688870, 10799743, -16571957,
+             40450, -4431835, 4862400, 1133},
+        },
+        {
+            {-32856209, -7873957, -5422389, 14860950, -16319031, 7956142,
+             7258061, 311861, -30594991, -7379421},
+            {-3773428, -1565936, 28985340, 7499440, 24445838, 9325937, 29727763,
+             16527196, 18278453, 15405622},
+            {-4381906, 8508652, -19898366, -3674424, -5984453, 15149970,
+             -13313598, 843523, -21875062, 13626197},
+        },
+        {
+            {2281448, -13487055, -10915418, -2609910, 1879358, 16164207,
+             -10783882, 3953792, 13340839, 15928663},
+            {31727126, -7179855, -18437503, -8283652, 2875793, -16390330,
+             -25269894, -7014826, -23452306, 5964753},
+            {4100420, -5959452, -17179337, 6017714, -18705837, 12227141,
+             -26684835, 11344144, 2538215, -7570755},
+        },
+        {
+            {-9433605, 6123113, 11159803, -2156608, 30016280, 14966241,
+             -20474983, 1485421, -629256, -15958862},
+            {-26804558, 4260919, 11851389, 9658551, -32017107, 16367492,
+             -20205425, -13191288, 11659922, -11115118},
+            {26180396, 10015009, -30844224, -8581293, 5418197, 9480663, 2231568,
+             -10170080, 33100372, -1306171},
+        },
+        {
+            {15121113, -5201871, -10389905, 15427821, -27509937, -15992507,
+             21670947, 4486675, -5931810, -14466380},
+            {16166486, -9483733, -11104130, 6023908, -31926798, -1364923,
+             2340060, -16254968, -10735770, -10039824},
+            {28042865, -3557089, -12126526, 12259706, -3717498, -6945899,
+             6766453, -8689599, 18036436, 5803270},
+        },
+    },
+    {
+        {
+            {-817581, 6763912, 11803561, 1585585, 10958447, -2671165, 23855391,
+             4598332, -6159431, -14117438},
+            {-31031306, -14256194, 17332029, -2383520, 31312682, -5967183,
+             696309, 50292, -20095739, 11763584},
+            {-594563, -2514283, -32234153, 12643980, 12650761, 14811489, 665117,
+             -12613632, -19773211, -10713562},
+        },
+        {
+            {30464590, -11262872, -4127476, -12734478, 19835327, -7105613,
+             -24396175, 2075773, -17020157, 992471},
+            {18357185, -6994433, 7766382, 16342475, -29324918, 411174, 14578841,
+             8080033, -11574335, -10601610},
+            {19598397, 10334610, 12555054, 2555664, 18821899, -10339780,
+             21873263, 16014234, 26224780, 16452269},
+        },
+        {
+            {-30223925, 5145196, 5944548, 16385966, 3976735, 2009897, -11377804,
+             -7618186, -20533829, 3698650},
+            {14187449, 3448569, -10636236, -10810935, -22663880, -3433596,
+             7268410, -10890444, 27394301, 12015369},
+            {19695761, 16087646, 28032085, 12999827, 6817792, 11427614,
+             20244189, -1312777, -13259127, -3402461},
+        },
+        {
+            {30860103, 12735208, -1888245, -4699734, -16974906, 2256940,
+             -8166013, 12298312, -8550524, -10393462},
+            {-5719826, -11245325, -1910649, 15569035, 26642876, -7587760,
+             -5789354, -15118654, -4976164, 12651793},
+            {-2848395, 9953421, 11531313, -5282879, 26895123, -12697089,
+             -13118820, -16517902, 9768698, -2533218},
+        },
+        {
+            {-24719459, 1894651, -287698, -4704085, 15348719, -8156530,
+             32767513, 12765450, 4940095, 10678226},
+            {18860224, 15980149, -18987240, -1562570, -26233012, -11071856,
+             -7843882, 13944024, -24372348, 16582019},
+            {-15504260, 4970268, -29893044, 4175593, -20993212, -2199756,
+             -11704054, 15444560, -11003761, 7989037},
+        },
+        {
+            {31490452, 5568061, -2412803, 2182383, -32336847, 4531686,
+             -32078269, 6200206, -19686113, -14800171},
+            {-17308668, -15879940, -31522777, -2831, -32887382, 16375549,
+             8680158, -16371713, 28550068, -6857132},
+            {-28126887, -5688091, 16837845, -1820458, -6850681, 12700016,
+             -30039981, 4364038, 1155602, 5988841},
+        },
+        {
+            {21890435, -13272907, -12624011, 12154349, -7831873, 15300496,
+             23148983, -4470481, 24618407, 8283181},
+            {-33136107, -10512751, 9975416, 6841041, -31559793, 16356536,
+             3070187, -7025928, 1466169, 10740210},
+            {-1509399, -15488185, -13503385, -10655916, 32799044, 909394,
+             -13938903, -5779719, -32164649, -15327040},
+        },
+        {
+            {3960823, -14267803, -28026090, -15918051, -19404858, 13146868,
+             15567327, 951507, -3260321, -573935},
+            {24740841, 5052253, -30094131, 8961361, 25877428, 6165135,
+             -24368180, 14397372, -7380369, -6144105},
+            {-28888365, 3510803, -28103278, -1158478, -11238128, -10631454,
+             -15441463, -14453128, -1625486, -6494814},
+        },
+    },
+    {
+        {
+            {793299, -9230478, 8836302, -6235707, -27360908, -2369593, 33152843,
+             -4885251, -9906200, -621852},
+            {5666233, 525582, 20782575, -8038419, -24538499, 14657740, 16099374,
+             1468826, -6171428, -15186581},
+            {-4859255, -3779343, -2917758, -6748019, 7778750, 11688288,
+             -30404353, -9871238, -1558923, -9863646},
+        },
+        {
+            {10896332, -7719704, 824275, 472601, -19460308, 3009587, 25248958,
+             14783338, -30581476, -15757844},
+            {10566929, 12612572, -31944212, 11118703, -12633376, 12362879,
+             21752402, 8822496, 24003793, 14264025},
+            {27713862, -7355973, -11008240, 9227530, 27050101, 2504721,
+             23886875, -13117525, 13958495, -5732453},
+        },
+        {
+            {-23481610, 4867226, -27247128, 3900521, 29838369, -8212291,
+             -31889399, -10041781, 7340521, -15410068},
+            {4646514, -8011124, -22766023, -11532654, 23184553, 8566613,
+             31366726, -1381061, -15066784, -10375192},
+            {-17270517, 12723032, -16993061, 14878794, 21619651, -6197576,
+             27584817, 3093888, -8843694, 3849921},
+        },
+        {
+            {-9064912, 2103172, 25561640, -15125738, -5239824, 9582958,
+             32477045, -9017955, 5002294, -15550259},
+            {-12057553, -11177906, 21115585, -13365155, 8808712, -12030708,
+             16489530, 13378448, -25845716, 12741426},
+            {-5946367, 10645103, -30911586, 15390284, -3286982, -7118677,
+             24306472, 15852464, 28834118, -7646072},
+        },
+        {
+            {-17335748, -9107057, -24531279, 9434953, -8472084, -583362,
+             -13090771, 455841, 20461858, 5491305},
+            {13669248, -16095482, -12481974, -10203039, -14569770, -11893198,
+             -24995986, 11293807, -28588204, -9421832},
+            {28497928, 6272777, -33022994, 14470570, 8906179, -1225630,
+             18504674, -14165166, 29867745, -8795943},
+        },
+        {
+            {-16207023, 13517196, -27799630, -13697798, 24009064, -6373891,
+             -6367600, -13175392, 22853429, -4012011},
+            {24191378, 16712145, -13931797, 15217831, 14542237, 1646131,
+             18603514, -11037887, 12876623, -2112447},
+            {17902668, 4518229, -411702, -2829247, 26878217, 5258055, -12860753,
+             608397, 16031844, 3723494},
+        },
+        {
+            {-28632773, 12763728, -20446446, 7577504, 33001348, -13017745,
+             17558842, -7872890, 23896954, -4314245},
+            {-20005381, -12011952, 31520464, 605201, 2543521, 5991821, -2945064,
+             7229064, -9919646, -8826859},
+            {28816045, 298879, -28165016, -15920938, 19000928, -1665890,
+             -12680833, -2949325, -18051778, -2082915},
+        },
+        {
+            {16000882, -344896, 3493092, -11447198, -29504595, -13159789,
+             12577740, 16041268, -19715240, 7847707},
+            {10151868, 10572098, 27312476, 7922682, 14825339, 4723128,
+             -32855931, -6519018, -10020567, 3852848},
+            {-11430470, 15697596, -21121557, -4420647, 5386314, 15063598,
+             16514493, -15932110, 29330899, -15076224},
+        },
+    },
+    {
+        {
+            {-25499735, -4378794, -15222908, -6901211, 16615731, 2051784,
+             3303702, 15490, -27548796, 12314391},
+            {15683520, -6003043, 18109120, -9980648, 15337968, -5997823,
+             -16717435, 15921866, 16103996, -3731215},
+            {-23169824, -10781249, 13588192, -1628807, -3798557, -1074929,
+             -19273607, 5402699, -29815713, -9841101},
+        },
+        {
+            {23190676, 2384583, -32714340, 3462154, -29903655, -1529132,
+             -11266856, 8911517, -25205859, 2739713},
+            {21374101, -3554250, -33524649, 9874411, 15377179, 11831242,
+             -33529904, 6134907, 4931255, 11987849},
+            {-7732, -2978858, -16223486, 7277597, 105524, -322051, -31480539,
+             13861388, -30076310, 10117930},
+        },
+        {
+            {-29501170, -10744872, -26163768, 13051539, -25625564, 5089643,
+             -6325503, 6704079, 12890019, 15728940},
+            {-21972360, -11771379, -951059, -4418840, 14704840, 2695116, 903376,
+             -10428139, 12885167, 8311031},
+            {-17516482, 5352194, 10384213, -13811658, 7506451, 13453191,
+             26423267, 4384730, 1888765, -5435404},
+        },
+        {
+            {-25817338, -3107312, -13494599, -3182506, 30896459, -13921729,
+             -32251644, -12707869, -19464434, -3340243},
+            {-23607977, -2665774, -526091, 4651136, 5765089, 4618330, 6092245,
+             14845197, 17151279, -9854116},
+            {-24830458, -12733720, -15165978, 10367250, -29530908, -265356,
+             22825805, -7087279, -16866484, 16176525},
+        },
+        {
+            {-23583256, 6564961, 20063689, 3798228, -4740178, 7359225, 2006182,
+             -10363426, -28746253, -10197509},
+            {-10626600, -4486402, -13320562, -5125317, 3432136, -6393229,
+             23632037, -1940610, 32808310, 1099883},
+            {15030977, 5768825, -27451236, -2887299, -6427378, -15361371,
+             -15277896, -6809350, 2051441, -15225865},
+        },
+        {
+            {-3362323, -7239372, 7517890, 9824992, 23555850, 295369, 5148398,
+             -14154188, -22686354, 16633660},
+            {4577086, -16752288, 13249841, -15304328, 19958763, -14537274,
+             18559670, -10759549, 8402478, -9864273},
+            {-28406330, -1051581, -26790155, -907698, -17212414, -11030789,
+             9453451, -14980072, 17983010, 9967138},
+        },
+        {
+            {-25762494, 6524722, 26585488, 9969270, 24709298, 1220360, -1677990,
+             7806337, 17507396, 3651560},
+            {-10420457, -4118111, 14584639, 15971087, -15768321, 8861010,
+             26556809, -5574557, -18553322, -11357135},
+            {2839101, 14284142, 4029895, 3472686, 14402957, 12689363, -26642121,
+             8459447, -5605463, -7621941},
+        },
+        {
+            {-4839289, -3535444, 9744961, 2871048, 25113978, 3187018, -25110813,
+             -849066, 17258084, -7977739},
+            {18164541, -10595176, -17154882, -1542417, 19237078, -9745295,
+             23357533, -15217008, 26908270, 12150756},
+            {-30264870, -7647865, 5112249, -7036672, -1499807, -6974257, 43168,
+             -5537701, -32302074, 16215819},
+        },
+    },
+    {
+        {
+            {-6898905, 9824394, -12304779, -4401089, -31397141, -6276835,
+             32574489, 12532905, -7503072, -8675347},
+            {-27343522, -16515468, -27151524, -10722951, 946346, 16291093,
+             254968, 7168080, 21676107, -1943028},
+            {21260961, -8424752, -16831886, -11920822, -23677961, 3968121,
+             -3651949, -6215466, -3556191, -7913075},
+        },
+        {
+            {16544754, 13250366, -16804428, 15546242, -4583003, 12757258,
+             -2462308, -8680336, -18907032, -9662799},
+            {-2415239, -15577728, 18312303, 4964443, -15272530, -12653564,
+             26820651, 16690659, 25459437, -4564609},
+            {-25144690, 11425020, 28423002, -11020557, -6144921, -15826224,
+             9142795, -2391602, -6432418, -1644817},
+        },
+        {
+            {-23104652, 6253476, 16964147, -3768872, -25113972, -12296437,
+             -27457225, -16344658, 6335692, 7249989},
+            {-30333227, 13979675, 7503222, -12368314, -11956721, -4621693,
+             -30272269, 2682242, 25993170, -12478523},
+            {4364628, 5930691, 32304656, -10044554, -8054781, 15091131,
+             22857016, -10598955, 31820368, 15075278},
+        },
+        {
+            {31879134, -8918693, 17258761, 90626, -8041836, -4917709, 24162788,
+             -9650886, -17970238, 12833045},
+            {19073683, 14851414, -24403169, -11860168, 7625278, 11091125,
+             -19619190, 2074449, -9413939, 14905377},
+            {24483667, -11935567, -2518866, -11547418, -1553130, 15355506,
+             -25282080, 9253129, 27628530, -7555480},
+        },
+        {
+            {17597607, 8340603, 19355617, 552187, 26198470, -3176583, 4593324,
+             -9157582, -14110875, 15297016},
+            {510886, 14337390, -31785257, 16638632, 6328095, 2713355, -20217417,
+             -11864220, 8683221, 2921426},
+            {18606791, 11874196, 27155355, -5281482, -24031742, 6265446,
+             -25178240, -1278924, 4674690, 13890525},
+        },
+        {
+            {13609624, 13069022, -27372361, -13055908, 24360586, 9592974,
+             14977157, 9835105, 4389687, 288396},
+            {9922506, -519394, 13613107, 5883594, -18758345, -434263, -12304062,
+             8317628, 23388070, 16052080},
+            {12720016, 11937594, -31970060, -5028689, 26900120, 8561328,
+             -20155687, -11632979, -14754271, -10812892},
+        },
+        {
+            {15961858, 14150409, 26716931, -665832, -22794328, 13603569,
+             11829573, 7467844, -28822128, 929275},
+            {11038231, -11582396, -27310482, -7316562, -10498527, -16307831,
+             -23479533, -9371869, -21393143, 2465074},
+            {20017163, -4323226, 27915242, 1529148, 12396362, 15675764,
+             13817261, -9658066, 2463391, -4622140},
+        },
+        {
+            {-16358878, -12663911, -12065183, 4996454, -1256422, 1073572,
+             9583558, 12851107, 4003896, 12673717},
+            {-1731589, -15155870, -3262930, 16143082, 19294135, 13385325,
+             14741514, -9103726, 7903886, 2348101},
+            {24536016, -16515207, 12715592, -3862155, 1511293, 10047386,
+             -3842346, -7129159, -28377538, 10048127},
+        },
+    },
+    {
+        {
+            {-12622226, -6204820, 30718825, 2591312, -10617028, 12192840,
+             18873298, -7297090, -32297756, 15221632},
+            {-26478122, -11103864, 11546244, -1852483, 9180880, 7656409,
+             -21343950, 2095755, 29769758, 6593415},
+            {-31994208, -2907461, 4176912, 3264766, 12538965, -868111, 26312345,
+             -6118678, 30958054, 8292160},
+        },
+        {
+            {31429822, -13959116, 29173532, 15632448, 12174511, -2760094,
+             32808831, 3977186, 26143136, -3148876},
+            {22648901, 1402143, -22799984, 13746059, 7936347, 365344, -8668633,
+             -1674433, -3758243, -2304625},
+            {-15491917, 8012313, -2514730, -12702462, -23965846, -10254029,
+             -1612713, -1535569, -16664475, 8194478},
+        },
+        {
+            {27338066, -7507420, -7414224, 10140405, -19026427, -6589889,
+             27277191, 8855376, 28572286, 3005164},
+            {26287124, 4821776, 25476601, -4145903, -3764513, -15788984,
+             -18008582, 1182479, -26094821, -13079595},
+            {-7171154, 3178080, 23970071, 6201893, -17195577, -4489192,
+             -21876275, -13982627, 32208683, -1198248},
+        },
+        {
+            {-16657702, 2817643, -10286362, 14811298, 6024667, 13349505,
+             -27315504, -10497842, -27672585, -11539858},
+            {15941029, -9405932, -21367050, 8062055, 31876073, -238629,
+             -15278393, -1444429, 15397331, -4130193},
+            {8934485, -13485467, -23286397, -13423241, -32446090, 14047986,
+             31170398, -1441021, -27505566, 15087184},
+        },
+        {
+            {-18357243, -2156491, 24524913, -16677868, 15520427, -6360776,
+             -15502406, 11461896, 16788528, -5868942},
+            {-1947386, 16013773, 21750665, 3714552, -17401782, -16055433,
+             -3770287, -10323320, 31322514, -11615635},
+            {21426655, -5650218, -13648287, -5347537, -28812189, -4920970,
+             -18275391, -14621414, 13040862, -12112948},
+        },
+        {
+            {11293895, 12478086, -27136401, 15083750, -29307421, 14748872,
+             14555558, -13417103, 1613711, 4896935},
+            {-25894883, 15323294, -8489791, -8057900, 25967126, -13425460,
+             2825960, -4897045, -23971776, -11267415},
+            {-15924766, -5229880, -17443532, 6410664, 3622847, 10243618,
+             20615400, 12405433, -23753030, -8436416},
+        },
+        {
+            {-7091295, 12556208, -20191352, 9025187, -17072479, 4333801,
+             4378436, 2432030, 23097949, -566018},
+            {4565804, -16025654, 20084412, -7842817, 1724999, 189254, 24767264,
+             10103221, -18512313, 2424778},
+            {366633, -11976806, 8173090, -6890119, 30788634, 5745705, -7168678,
+             1344109, -3642553, 12412659},
+        },
+        {
+            {-24001791, 7690286, 14929416, -168257, -32210835, -13412986,
+             24162697, -15326504, -3141501, 11179385},
+            {18289522, -14724954, 8056945, 16430056, -21729724, 7842514,
+             -6001441, -1486897, -18684645, -11443503},
+            {476239, 6601091, -6152790, -9723375, 17503545, -4863900, 27672959,
+             13403813, 11052904, 5219329},
+        },
+    },
+    {
+        {
+            {20678546, -8375738, -32671898, 8849123, -5009758, 14574752,
+             31186971, -3973730, 9014762, -8579056},
+            {-13644050, -10350239, -15962508, 5075808, -1514661, -11534600,
+             -33102500, 9160280, 8473550, -3256838},
+            {24900749, 14435722, 17209120, -15292541, -22592275, 9878983,
+             -7689309, -16335821, -24568481, 11788948},
+        },
+        {
+            {-3118155, -11395194, -13802089, 14797441, 9652448, -6845904,
+             -20037437, 10410733, -24568470, -1458691},
+            {-15659161, 16736706, -22467150, 10215878, -9097177, 7563911,
+             11871841, -12505194, -18513325, 8464118},
+            {-23400612, 8348507, -14585951, -861714, -3950205, -6373419,
+             14325289, 8628612, 33313881, -8370517},
+        },
+        {
+            {-20186973, -4967935, 22367356, 5271547, -1097117, -4788838,
+             -24805667, -10236854, -8940735, -5818269},
+            {-6948785, -1795212, -32625683, -16021179, 32635414, -7374245,
+             15989197, -12838188, 28358192, -4253904},
+            {-23561781, -2799059, -32351682, -1661963, -9147719, 10429267,
+             -16637684, 4072016, -5351664, 5596589},
+        },
+        {
+            {-28236598, -3390048, 12312896, 6213178, 3117142, 16078565,
+             29266239, 2557221, 1768301, 15373193},
+            {-7243358, -3246960, -4593467, -7553353, -127927, -912245, -1090902,
+             -4504991, -24660491, 3442910},
+            {-30210571, 5124043, 14181784, 8197961, 18964734, -11939093,
+             22597931, 7176455, -18585478, 13365930},
+        },
+        {
+            {-7877390, -1499958, 8324673, 4690079, 6261860, 890446, 24538107,
+             -8570186, -9689599, -3031667},
+            {25008904, -10771599, -4305031, -9638010, 16265036, 15721635,
+             683793, -11823784, 15723479, -15163481},
+            {-9660625, 12374379, -27006999, -7026148, -7724114, -12314514,
+             11879682, 5400171, 519526, -1235876},
+        },
+        {
+            {22258397, -16332233, -7869817, 14613016, -22520255, -2950923,
+             -20353881, 7315967, 16648397, 7605640},
+            {-8081308, -8464597, -8223311, 9719710, 19259459, -15348212,
+             23994942, -5281555, -9468848, 4763278},
+            {-21699244, 9220969, -15730624, 1084137, -25476107, -2852390,
+             31088447, -7764523, -11356529, 728112},
+        },
+        {
+            {26047220, -11751471, -6900323, -16521798, 24092068, 9158119,
+             -4273545, -12555558, -29365436, -5498272},
+            {17510331, -322857, 5854289, 8403524, 17133918, -3112612, -28111007,
+             12327945, 10750447, 10014012},
+            {-10312768, 3936952, 9156313, -8897683, 16498692, -994647,
+             -27481051, -666732, 3424691, 7540221},
+        },
+        {
+            {30322361, -6964110, 11361005, -4143317, 7433304, 4989748, -7071422,
+             -16317219, -9244265, 15258046},
+            {13054562, -2779497, 19155474, 469045, -12482797, 4566042, 5631406,
+             2711395, 1062915, -5136345},
+            {-19240248, -11254599, -29509029, -7499965, -5835763, 13005411,
+             -6066489, 12194497, 32960380, 1459310},
+        },
+    },
+    {
+        {
+            {19852034, 7027924, 23669353, 10020366, 8586503, -6657907, 394197,
+             -6101885, 18638003, -11174937},
+            {31395534, 15098109, 26581030, 8030562, -16527914, -5007134,
+             9012486, -7584354, -6643087, -5442636},
+            {-9192165, -2347377, -1997099, 4529534, 25766844, 607986, -13222,
+             9677543, -32294889, -6456008},
+        },
+        {
+            {-2444496, -149937, 29348902, 8186665, 1873760, 12489863, -30934579,
+             -7839692, -7852844, -8138429},
+            {-15236356, -15433509, 7766470, 746860, 26346930, -10221762,
+             -27333451, 10754588, -9431476, 5203576},
+            {31834314, 14135496, -770007, 5159118, 20917671, -16768096,
+             -7467973, -7337524, 31809243, 7347066},
+        },
+        {
+            {-9606723, -11874240, 20414459, 13033986, 13716524, -11691881,
+             19797970, -12211255, 15192876, -2087490},
+            {-12663563, -2181719, 1168162, -3804809, 26747877, -14138091,
+             10609330, 12694420, 33473243, -13382104},
+            {33184999, 11180355, 15832085, -11385430, -1633671, 225884,
+             15089336, -11023903, -6135662, 14480053},
+        },
+        {
+            {31308717, -5619998, 31030840, -1897099, 15674547, -6582883,
+             5496208, 13685227, 27595050, 8737275},
+            {-20318852, -15150239, 10933843, -16178022, 8335352, -7546022,
+             -31008351, -12610604, 26498114, 66511},
+            {22644454, -8761729, -16671776, 4884562, -3105614, -13559366,
+             30540766, -4286747, -13327787, -7515095},
+        },
+        {
+            {-28017847, 9834845, 18617207, -2681312, -3401956, -13307506,
+             8205540, 13585437, -17127465, 15115439},
+            {23711543, -672915, 31206561, -8362711, 6164647, -9709987,
+             -33535882, -1426096, 8236921, 16492939},
+            {-23910559, -13515526, -26299483, -4503841, 25005590, -7687270,
+             19574902, 10071562, 6708380, -6222424},
+        },
+        {
+            {2101391, -4930054, 19702731, 2367575, -15427167, 1047675, 5301017,
+             9328700, 29955601, -11678310},
+            {3096359, 9271816, -21620864, -15521844, -14847996, -7592937,
+             -25892142, -12635595, -9917575, 6216608},
+            {-32615849, 338663, -25195611, 2510422, -29213566, -13820213,
+             24822830, -6146567, -26767480, 7525079},
+        },
+        {
+            {-23066649, -13985623, 16133487, -7896178, -3389565, 778788,
+             -910336, -2782495, -19386633, 11994101},
+            {21691500, -13624626, -641331, -14367021, 3285881, -3483596,
+             -25064666, 9718258, -7477437, 13381418},
+            {18445390, -4202236, 14979846, 11622458, -1727110, -3582980,
+             23111648, -6375247, 28535282, 15779576},
+        },
+        {
+            {30098053, 3089662, -9234387, 16662135, -21306940, 11308411,
+             -14068454, 12021730, 9955285, -16303356},
+            {9734894, -14576830, -7473633, -9138735, 2060392, 11313496,
+             -18426029, 9924399, 20194861, 13380996},
+            {-26378102, -7965207, -22167821, 15789297, -18055342, -6168792,
+             -1984914, 15707771, 26342023, 10146099},
+        },
+    },
+    {
+        {
+            {-26016874, -219943, 21339191, -41388, 19745256, -2878700,
+             -29637280, 2227040, 21612326, -545728},
+            {-13077387, 1184228, 23562814, -5970442, -20351244, -6348714,
+             25764461, 12243797, -20856566, 11649658},
+            {-10031494, 11262626, 27384172, 2271902, 26947504, -15997771, 39944,
+             6114064, 33514190, 2333242},
+        },
+        {
+            {-21433588, -12421821, 8119782, 7219913, -21830522, -9016134,
+             -6679750, -12670638, 24350578, -13450001},
+            {-4116307, -11271533, -23886186, 4843615, -30088339, 690623,
+             -31536088, -10406836, 8317860, 12352766},
+            {18200138, -14475911, -33087759, -2696619, -23702521, -9102511,
+             -23552096, -2287550, 20712163, 6719373},
+        },
+        {
+            {26656208, 6075253, -7858556, 1886072, -28344043, 4262326, 11117530,
+             -3763210, 26224235, -3297458},
+            {-17168938, -14854097, -3395676, -16369877, -19954045, 14050420,
+             21728352, 9493610, 18620611, -16428628},
+            {-13323321, 13325349, 11432106, 5964811, 18609221, 6062965,
+             -5269471, -9725556, -30701573, -16479657},
+        },
+        {
+            {-23860538, -11233159, 26961357, 1640861, -32413112, -16737940,
+             12248509, -5240639, 13735342, 1934062},
+            {25089769, 6742589, 17081145, -13406266, 21909293, -16067981,
+             -15136294, -3765346, -21277997, 5473616},
+            {31883677, -7961101, 1083432, -11572403, 22828471, 13290673,
+             -7125085, 12469656, 29111212, -5451014},
+        },
+        {
+            {24244947, -15050407, -26262976, 2791540, -14997599, 16666678,
+             24367466, 6388839, -10295587, 452383},
+            {-25640782, -3417841, 5217916, 16224624, 19987036, -4082269,
+             -24236251, -5915248, 15766062, 8407814},
+            {-20406999, 13990231, 15495425, 16395525, 5377168, 15166495,
+             -8917023, -4388953, -8067909, 2276718},
+        },
+        {
+            {30157918, 12924066, -17712050, 9245753, 19895028, 3368142,
+             -23827587, 5096219, 22740376, -7303417},
+            {2041139, -14256350, 7783687, 13876377, -25946985, -13352459,
+             24051124, 13742383, -15637599, 13295222},
+            {33338237, -8505733, 12532113, 7977527, 9106186, -1715251,
+             -17720195, -4612972, -4451357, -14669444},
+        },
+        {
+            {-20045281, 5454097, -14346548, 6447146, 28862071, 1883651,
+             -2469266, -4141880, 7770569, 9620597},
+            {23208068, 7979712, 33071466, 8149229, 1758231, -10834995, 30945528,
+             -1694323, -33502340, -14767970},
+            {1439958, -16270480, -1079989, -793782, 4625402, 10647766, -5043801,
+             1220118, 30494170, -11440799},
+        },
+        {
+            {-5037580, -13028295, -2970559, -3061767, 15640974, -6701666,
+             -26739026, 926050, -1684339, -13333647},
+            {13908495, -3549272, 30919928, -6273825, -21521863, 7989039,
+             9021034, 9078865, 3353509, 4033511},
+            {-29663431, -15113610, 32259991, -344482, 24295849, -12912123,
+             23161163, 8839127, 27485041, 7356032},
+        },
+    },
+    {
+        {
+            {9661027, 705443, 11980065, -5370154, -1628543, 14661173, -6346142,
+             2625015, 28431036, -16771834},
+            {-23839233, -8311415, -25945511, 7480958, -17681669, -8354183,
+             -22545972, 14150565, 15970762, 4099461},
+            {29262576, 16756590, 26350592, -8793563, 8529671, -11208050,
+             13617293, -9937143, 11465739, 8317062},
+        },
+        {
+            {-25493081, -6962928, 32500200, -9419051, -23038724, -2302222,
+             14898637, 3848455, 20969334, -5157516},
+            {-20384450, -14347713, -18336405, 13884722, -33039454, 2842114,
+             -21610826, -3649888, 11177095, 14989547},
+            {-24496721, -11716016, 16959896, 2278463, 12066309, 10137771,
+             13515641, 2581286, -28487508, 9930240},
+        },
+        {
+            {-17751622, -2097826, 16544300, -13009300, -15914807, -14949081,
+             18345767, -13403753, 16291481, -5314038},
+            {-33229194, 2553288, 32678213, 9875984, 8534129, 6889387, -9676774,
+             6957617, 4368891, 9788741},
+            {16660756, 7281060, -10830758, 12911820, 20108584, -8101676,
+             -21722536, -8613148, 16250552, -11111103},
+        },
+        {
+            {-19765507, 2390526, -16551031, 14161980, 1905286, 6414907, 4689584,
+             10604807, -30190403, 4782747},
+            {-1354539, 14736941, -7367442, -13292886, 7710542, -14155590,
+             -9981571, 4383045, 22546403, 437323},
+            {31665577, -12180464, -16186830, 1491339, -18368625, 3294682,
+             27343084, 2786261, -30633590, -14097016},
+        },
+        {
+            {-14467279, -683715, -33374107, 7448552, 19294360, 14334329,
+             -19690631, 2355319, -19284671, -6114373},
+            {15121312, -15796162, 6377020, -6031361, -10798111, -12957845,
+             18952177, 15496498, -29380133, 11754228},
+            {-2637277, -13483075, 8488727, -14303896, 12728761, -1622493,
+             7141596, 11724556, 22761615, -10134141},
+        },
+        {
+            {16918416, 11729663, -18083579, 3022987, -31015732, -13339659,
+             -28741185, -12227393, 32851222, 11717399},
+            {11166634, 7338049, -6722523, 4531520, -29468672, -7302055,
+             31474879, 3483633, -1193175, -4030831},
+            {-185635, 9921305, 31456609, -13536438, -12013818, 13348923,
+             33142652, 6546660, -19985279, -3948376},
+        },
+        {
+            {-32460596, 11266712, -11197107, -7899103, 31703694, 3855903,
+             -8537131, -12833048, -30772034, -15486313},
+            {-18006477, 12709068, 3991746, -6479188, -21491523, -10550425,
+             -31135347, -16049879, 10928917, 3011958},
+            {-6957757, -15594337, 31696059, 334240, 29576716, 14796075,
+             -30831056, -12805180, 18008031, 10258577},
+        },
+        {
+            {-22448644, 15655569, 7018479, -4410003, -30314266, -1201591,
+             -1853465, 1367120, 25127874, 6671743},
+            {29701166, -14373934, -10878120, 9279288, -17568, 13127210,
+             21382910, 11042292, 25838796, 4642684},
+            {-20430234, 14955537, -24126347, 8124619, -5369288, -5990470,
+             30468147, -13900640, 18423289, 4177476},
+        },
+    },
+};
+
+static uint8_t negative(signed char b) {
+  uint32_t x = b;
+  x >>= 31; /* 1: yes; 0: no */
+  return x;
+}
+
+static void table_select(ge_precomp *t, int pos, signed char b) {
+  ge_precomp minust;
+  uint8_t bnegative = negative(b);
+  uint8_t babs = b - ((uint8_t)((-bnegative) & b) << 1);
+
+  ge_precomp_0(t);
+  cmov(t, &k25519Precomp[pos][0], equal(babs, 1));
+  cmov(t, &k25519Precomp[pos][1], equal(babs, 2));
+  cmov(t, &k25519Precomp[pos][2], equal(babs, 3));
+  cmov(t, &k25519Precomp[pos][3], equal(babs, 4));
+  cmov(t, &k25519Precomp[pos][4], equal(babs, 5));
+  cmov(t, &k25519Precomp[pos][5], equal(babs, 6));
+  cmov(t, &k25519Precomp[pos][6], equal(babs, 7));
+  cmov(t, &k25519Precomp[pos][7], equal(babs, 8));
+  fe_copy(minust.yplusx, t->yminusx);
+  fe_copy(minust.yminusx, t->yplusx);
+  fe_neg(minust.xy2d, t->xy2d);
+  cmov(t, &minust, bnegative);
+}
+
+/* h = a * B
+ * where a = a[0]+256*a[1]+...+256^31 a[31]
+ * B is the Ed25519 base point (x,4/5) with x positive.
+ *
+ * Preconditions:
+ *   a[31] <= 127 */
+static void ge_scalarmult_base(ge_p3 *h, const uint8_t *a) {
+  signed char e[64];
+  signed char carry;
+  ge_p1p1 r;
+  ge_p2 s;
+  ge_precomp t;
+  int i;
+
+  for (i = 0; i < 32; ++i) {
+    e[2 * i + 0] = (a[i] >> 0) & 15;
+    e[2 * i + 1] = (a[i] >> 4) & 15;
+  }
+  /* each e[i] is between 0 and 15 */
+  /* e[63] is between 0 and 7 */
+
+  carry = 0;
+  for (i = 0; i < 63; ++i) {
+    e[i] += carry;
+    carry = e[i] + 8;
+    carry >>= 4;
+    e[i] -= carry << 4;
+  }
+  e[63] += carry;
+  /* each e[i] is between -8 and 8 */
+
+  ge_p3_0(h);
+  for (i = 1; i < 64; i += 2) {
+    table_select(&t, i / 2, e[i]);
+    ge_madd(&r, h, &t);
+    ge_p1p1_to_p3(h, &r);
+  }
+
+  ge_p3_dbl(&r, h);
+  ge_p1p1_to_p2(&s, &r);
+  ge_p2_dbl(&r, &s);
+  ge_p1p1_to_p2(&s, &r);
+  ge_p2_dbl(&r, &s);
+  ge_p1p1_to_p2(&s, &r);
+  ge_p2_dbl(&r, &s);
+  ge_p1p1_to_p3(h, &r);
+
+  for (i = 0; i < 64; i += 2) {
+    table_select(&t, i / 2, e[i]);
+    ge_madd(&r, h, &t);
+    ge_p1p1_to_p3(h, &r);
+  }
+
+  OPENSSL_cleanse(e, sizeof(e));
+}
+
+#if !defined(BASE_2_51_IMPLEMENTED)
+/* Replace (f,g) with (g,f) if b == 1;
+ * replace (f,g) with (f,g) if b == 0.
+ *
+ * Preconditions: b in {0,1}. */
+static void fe_cswap(fe f, fe g, unsigned int b) {
+  size_t i;
+  b = 0-b;
+  for (i = 0; i < 10; i++) {
+    int32_t x = f[i] ^ g[i];
+    x &= b;
+    f[i] ^= x;
+    g[i] ^= x;
+  }
+}
+
+/* h = f * 121666
+ * Can overlap h with f.
+ *
+ * Preconditions:
+ *    |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+ *
+ * Postconditions:
+ *    |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. */
+static void fe_mul121666(fe h, fe f) {
+  int32_t f0 = f[0];
+  int32_t f1 = f[1];
+  int32_t f2 = f[2];
+  int32_t f3 = f[3];
+  int32_t f4 = f[4];
+  int32_t f5 = f[5];
+  int32_t f6 = f[6];
+  int32_t f7 = f[7];
+  int32_t f8 = f[8];
+  int32_t f9 = f[9];
+  int64_t h0 = f0 * (int64_t) 121666;
+  int64_t h1 = f1 * (int64_t) 121666;
+  int64_t h2 = f2 * (int64_t) 121666;
+  int64_t h3 = f3 * (int64_t) 121666;
+  int64_t h4 = f4 * (int64_t) 121666;
+  int64_t h5 = f5 * (int64_t) 121666;
+  int64_t h6 = f6 * (int64_t) 121666;
+  int64_t h7 = f7 * (int64_t) 121666;
+  int64_t h8 = f8 * (int64_t) 121666;
+  int64_t h9 = f9 * (int64_t) 121666;
+  int64_t carry0;
+  int64_t carry1;
+  int64_t carry2;
+  int64_t carry3;
+  int64_t carry4;
+  int64_t carry5;
+  int64_t carry6;
+  int64_t carry7;
+  int64_t carry8;
+  int64_t carry9;
+
+  carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits;
+  carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits;
+  carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits;
+  carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits;
+  carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits;
+
+  carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
+  carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits;
+  carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
+  carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits;
+  carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits;
+
+  h[0] = (int32_t)h0;
+  h[1] = (int32_t)h1;
+  h[2] = (int32_t)h2;
+  h[3] = (int32_t)h3;
+  h[4] = (int32_t)h4;
+  h[5] = (int32_t)h5;
+  h[6] = (int32_t)h6;
+  h[7] = (int32_t)h7;
+  h[8] = (int32_t)h8;
+  h[9] = (int32_t)h9;
+}
+
+static void x25519_scalar_mult_generic(uint8_t out[32],
+                                       const uint8_t scalar[32],
+                                       const uint8_t point[32]) {
+  fe x1, x2, z2, x3, z3, tmp0, tmp1;
+  uint8_t e[32];
+  unsigned swap = 0;
+  int pos;
+
+  memcpy(e, scalar, 32);
+  e[0] &= 248;
+  e[31] &= 127;
+  e[31] |= 64;
+  fe_frombytes(x1, point);
+  fe_1(x2);
+  fe_0(z2);
+  fe_copy(x3, x1);
+  fe_1(z3);
+
+  for (pos = 254; pos >= 0; --pos) {
+    unsigned b = 1 & (e[pos / 8] >> (pos & 7));
+    swap ^= b;
+    fe_cswap(x2, x3, swap);
+    fe_cswap(z2, z3, swap);
+    swap = b;
+    fe_sub(tmp0, x3, z3);
+    fe_sub(tmp1, x2, z2);
+    fe_add(x2, x2, z2);
+    fe_add(z2, x3, z3);
+    fe_mul(z3, tmp0, x2);
+    fe_mul(z2, z2, tmp1);
+    fe_sq(tmp0, tmp1);
+    fe_sq(tmp1, x2);
+    fe_add(x3, z3, z2);
+    fe_sub(z2, z3, z2);
+    fe_mul(x2, tmp1, tmp0);
+    fe_sub(tmp1, tmp1, tmp0);
+    fe_sq(z2, z2);
+    fe_mul121666(z3, tmp1);
+    fe_sq(x3, x3);
+    fe_add(tmp0, tmp0, z3);
+    fe_mul(z3, x1, z2);
+    fe_mul(z2, tmp1, tmp0);
+  }
+
+  fe_invert(z2, z2);
+  fe_mul(x2, x2, z2);
+  fe_tobytes(out, x2);
+
+  OPENSSL_cleanse(e, sizeof(e));
+}
+
+static void x25519_scalar_mult(uint8_t out[32], const uint8_t scalar[32],
+                               const uint8_t point[32]) {
+  x25519_scalar_mult_generic(out, scalar, point);
+}
+#endif
+
+static void slide(signed char *r, const uint8_t *a) {
+  int i;
+  int b;
+  int k;
+
+  for (i = 0; i < 256; ++i) {
+    r[i] = 1 & (a[i >> 3] >> (i & 7));
+  }
+
+  for (i = 0; i < 256; ++i) {
+    if (r[i]) {
+      for (b = 1; b <= 6 && i + b < 256; ++b) {
+        if (r[i + b]) {
+          if (r[i] + (r[i + b] << b) <= 15) {
+            r[i] += r[i + b] << b;
+            r[i + b] = 0;
+          } else if (r[i] - (r[i + b] << b) >= -15) {
+            r[i] -= r[i + b] << b;
+            for (k = i + b; k < 256; ++k) {
+              if (!r[k]) {
+                r[k] = 1;
+                break;
+              }
+              r[k] = 0;
+            }
+          } else {
+            break;
+          }
+        }
+      }
+    }
+  }
+}
+
+static const ge_precomp Bi[8] = {
+    {
+        {25967493, -14356035, 29566456, 3660896, -12694345, 4014787, 27544626,
+         -11754271, -6079156, 2047605},
+        {-12545711, 934262, -2722910, 3049990, -727428, 9406986, 12720692,
+         5043384, 19500929, -15469378},
+        {-8738181, 4489570, 9688441, -14785194, 10184609, -12363380, 29287919,
+         11864899, -24514362, -4438546},
+    },
+    {
+        {15636291, -9688557, 24204773, -7912398, 616977, -16685262, 27787600,
+         -14772189, 28944400, -1550024},
+        {16568933, 4717097, -11556148, -1102322, 15682896, -11807043, 16354577,
+         -11775962, 7689662, 11199574},
+        {30464156, -5976125, -11779434, -15670865, 23220365, 15915852, 7512774,
+         10017326, -17749093, -9920357},
+    },
+    {
+        {10861363, 11473154, 27284546, 1981175, -30064349, 12577861, 32867885,
+         14515107, -15438304, 10819380},
+        {4708026, 6336745, 20377586, 9066809, -11272109, 6594696, -25653668,
+         12483688, -12668491, 5581306},
+        {19563160, 16186464, -29386857, 4097519, 10237984, -4348115, 28542350,
+         13850243, -23678021, -15815942},
+    },
+    {
+        {5153746, 9909285, 1723747, -2777874, 30523605, 5516873, 19480852,
+         5230134, -23952439, -15175766},
+        {-30269007, -3463509, 7665486, 10083793, 28475525, 1649722, 20654025,
+         16520125, 30598449, 7715701},
+        {28881845, 14381568, 9657904, 3680757, -20181635, 7843316, -31400660,
+         1370708, 29794553, -1409300},
+    },
+    {
+        {-22518993, -6692182, 14201702, -8745502, -23510406, 8844726, 18474211,
+         -1361450, -13062696, 13821877},
+        {-6455177, -7839871, 3374702, -4740862, -27098617, -10571707, 31655028,
+         -7212327, 18853322, -14220951},
+        {4566830, -12963868, -28974889, -12240689, -7602672, -2830569, -8514358,
+         -10431137, 2207753, -3209784},
+    },
+    {
+        {-25154831, -4185821, 29681144, 7868801, -6854661, -9423865, -12437364,
+         -663000, -31111463, -16132436},
+        {25576264, -2703214, 7349804, -11814844, 16472782, 9300885, 3844789,
+         15725684, 171356, 6466918},
+        {23103977, 13316479, 9739013, -16149481, 817875, -15038942, 8965339,
+         -14088058, -30714912, 16193877},
+    },
+    {
+        {-33521811, 3180713, -2394130, 14003687, -16903474, -16270840, 17238398,
+         4729455, -18074513, 9256800},
+        {-25182317, -4174131, 32336398, 5036987, -21236817, 11360617, 22616405,
+         9761698, -19827198, 630305},
+        {-13720693, 2639453, -24237460, -7406481, 9494427, -5774029, -6554551,
+         -15960994, -2449256, -14291300},
+    },
+    {
+        {-3151181, -5046075, 9282714, 6866145, -31907062, -863023, -18940575,
+         15033784, 25105118, -7894876},
+        {-24326370, 15950226, -31801215, -14592823, -11662737, -5090925,
+         1573892, -2625887, 2198790, -15804619},
+        {-3099351, 10324967, -2241613, 7453183, -5446979, -2735503, -13812022,
+         -16236442, -32461234, -12290683},
+    },
+};
+
+/* r = a * A + b * B
+ * where a = a[0]+256*a[1]+...+256^31 a[31].
+ * and b = b[0]+256*b[1]+...+256^31 b[31].
+ * B is the Ed25519 base point (x,4/5) with x positive. */
+static void ge_double_scalarmult_vartime(ge_p2 *r, const uint8_t *a,
+                                         const ge_p3 *A, const uint8_t *b) {
+  signed char aslide[256];
+  signed char bslide[256];
+  ge_cached Ai[8]; /* A,3A,5A,7A,9A,11A,13A,15A */
+  ge_p1p1 t;
+  ge_p3 u;
+  ge_p3 A2;
+  int i;
+
+  slide(aslide, a);
+  slide(bslide, b);
+
+  ge_p3_to_cached(&Ai[0], A);
+  ge_p3_dbl(&t, A);
+  ge_p1p1_to_p3(&A2, &t);
+  ge_add(&t, &A2, &Ai[0]);
+  ge_p1p1_to_p3(&u, &t);
+  ge_p3_to_cached(&Ai[1], &u);
+  ge_add(&t, &A2, &Ai[1]);
+  ge_p1p1_to_p3(&u, &t);
+  ge_p3_to_cached(&Ai[2], &u);
+  ge_add(&t, &A2, &Ai[2]);
+  ge_p1p1_to_p3(&u, &t);
+  ge_p3_to_cached(&Ai[3], &u);
+  ge_add(&t, &A2, &Ai[3]);
+  ge_p1p1_to_p3(&u, &t);
+  ge_p3_to_cached(&Ai[4], &u);
+  ge_add(&t, &A2, &Ai[4]);
+  ge_p1p1_to_p3(&u, &t);
+  ge_p3_to_cached(&Ai[5], &u);
+  ge_add(&t, &A2, &Ai[5]);
+  ge_p1p1_to_p3(&u, &t);
+  ge_p3_to_cached(&Ai[6], &u);
+  ge_add(&t, &A2, &Ai[6]);
+  ge_p1p1_to_p3(&u, &t);
+  ge_p3_to_cached(&Ai[7], &u);
+
+  ge_p2_0(r);
+
+  for (i = 255; i >= 0; --i) {
+    if (aslide[i] || bslide[i]) {
+      break;
+    }
+  }
+
+  for (; i >= 0; --i) {
+    ge_p2_dbl(&t, r);
+
+    if (aslide[i] > 0) {
+      ge_p1p1_to_p3(&u, &t);
+      ge_add(&t, &u, &Ai[aslide[i] / 2]);
+    } else if (aslide[i] < 0) {
+      ge_p1p1_to_p3(&u, &t);
+      ge_sub(&t, &u, &Ai[(-aslide[i]) / 2]);
+    }
+
+    if (bslide[i] > 0) {
+      ge_p1p1_to_p3(&u, &t);
+      ge_madd(&t, &u, &Bi[bslide[i] / 2]);
+    } else if (bslide[i] < 0) {
+      ge_p1p1_to_p3(&u, &t);
+      ge_msub(&t, &u, &Bi[(-bslide[i]) / 2]);
+    }
+
+    ge_p1p1_to_p2(r, &t);
+  }
+}
+
+/* The set of scalars is \Z/l
+ * where l = 2^252 + 27742317777372353535851937790883648493. */
+
+/* Input:
+ *   s[0]+256*s[1]+...+256^63*s[63] = s
+ *
+ * Output:
+ *   s[0]+256*s[1]+...+256^31*s[31] = s mod l
+ *   where l = 2^252 + 27742317777372353535851937790883648493.
+ *   Overwrites s in place. */
+static void x25519_sc_reduce(uint8_t *s) {
+  int64_t s0 = 2097151 & load_3(s);
+  int64_t s1 = 2097151 & (load_4(s + 2) >> 5);
+  int64_t s2 = 2097151 & (load_3(s + 5) >> 2);
+  int64_t s3 = 2097151 & (load_4(s + 7) >> 7);
+  int64_t s4 = 2097151 & (load_4(s + 10) >> 4);
+  int64_t s5 = 2097151 & (load_3(s + 13) >> 1);
+  int64_t s6 = 2097151 & (load_4(s + 15) >> 6);
+  int64_t s7 = 2097151 & (load_3(s + 18) >> 3);
+  int64_t s8 = 2097151 & load_3(s + 21);
+  int64_t s9 = 2097151 & (load_4(s + 23) >> 5);
+  int64_t s10 = 2097151 & (load_3(s + 26) >> 2);
+  int64_t s11 = 2097151 & (load_4(s + 28) >> 7);
+  int64_t s12 = 2097151 & (load_4(s + 31) >> 4);
+  int64_t s13 = 2097151 & (load_3(s + 34) >> 1);
+  int64_t s14 = 2097151 & (load_4(s + 36) >> 6);
+  int64_t s15 = 2097151 & (load_3(s + 39) >> 3);
+  int64_t s16 = 2097151 & load_3(s + 42);
+  int64_t s17 = 2097151 & (load_4(s + 44) >> 5);
+  int64_t s18 = 2097151 & (load_3(s + 47) >> 2);
+  int64_t s19 = 2097151 & (load_4(s + 49) >> 7);
+  int64_t s20 = 2097151 & (load_4(s + 52) >> 4);
+  int64_t s21 = 2097151 & (load_3(s + 55) >> 1);
+  int64_t s22 = 2097151 & (load_4(s + 57) >> 6);
+  int64_t s23 = (load_4(s + 60) >> 3);
+  int64_t carry0;
+  int64_t carry1;
+  int64_t carry2;
+  int64_t carry3;
+  int64_t carry4;
+  int64_t carry5;
+  int64_t carry6;
+  int64_t carry7;
+  int64_t carry8;
+  int64_t carry9;
+  int64_t carry10;
+  int64_t carry11;
+  int64_t carry12;
+  int64_t carry13;
+  int64_t carry14;
+  int64_t carry15;
+  int64_t carry16;
+
+  s11 += s23 * 666643;
+  s12 += s23 * 470296;
+  s13 += s23 * 654183;
+  s14 -= s23 * 997805;
+  s15 += s23 * 136657;
+  s16 -= s23 * 683901;
+  s23 = 0;
+
+  s10 += s22 * 666643;
+  s11 += s22 * 470296;
+  s12 += s22 * 654183;
+  s13 -= s22 * 997805;
+  s14 += s22 * 136657;
+  s15 -= s22 * 683901;
+  s22 = 0;
+
+  s9 += s21 * 666643;
+  s10 += s21 * 470296;
+  s11 += s21 * 654183;
+  s12 -= s21 * 997805;
+  s13 += s21 * 136657;
+  s14 -= s21 * 683901;
+  s21 = 0;
+
+  s8 += s20 * 666643;
+  s9 += s20 * 470296;
+  s10 += s20 * 654183;
+  s11 -= s20 * 997805;
+  s12 += s20 * 136657;
+  s13 -= s20 * 683901;
+  s20 = 0;
+
+  s7 += s19 * 666643;
+  s8 += s19 * 470296;
+  s9 += s19 * 654183;
+  s10 -= s19 * 997805;
+  s11 += s19 * 136657;
+  s12 -= s19 * 683901;
+  s19 = 0;
+
+  s6 += s18 * 666643;
+  s7 += s18 * 470296;
+  s8 += s18 * 654183;
+  s9 -= s18 * 997805;
+  s10 += s18 * 136657;
+  s11 -= s18 * 683901;
+  s18 = 0;
+
+  carry6 = (s6 + (1 << 20)) >> 21;
+  s7 += carry6;
+  s6 -= carry6 * (1 << 21);
+  carry8 = (s8 + (1 << 20)) >> 21;
+  s9 += carry8;
+  s8 -= carry8 * (1 << 21);
+  carry10 = (s10 + (1 << 20)) >> 21;
+  s11 += carry10;
+  s10 -= carry10 * (1 << 21);
+  carry12 = (s12 + (1 << 20)) >> 21;
+  s13 += carry12;
+  s12 -= carry12 * (1 << 21);
+  carry14 = (s14 + (1 << 20)) >> 21;
+  s15 += carry14;
+  s14 -= carry14 * (1 << 21);
+  carry16 = (s16 + (1 << 20)) >> 21;
+  s17 += carry16;
+  s16 -= carry16 * (1 << 21);
+
+  carry7 = (s7 + (1 << 20)) >> 21;
+  s8 += carry7;
+  s7 -= carry7 * (1 << 21);
+  carry9 = (s9 + (1 << 20)) >> 21;
+  s10 += carry9;
+  s9 -= carry9 * (1 << 21);
+  carry11 = (s11 + (1 << 20)) >> 21;
+  s12 += carry11;
+  s11 -= carry11 * (1 << 21);
+  carry13 = (s13 + (1 << 20)) >> 21;
+  s14 += carry13;
+  s13 -= carry13 * (1 << 21);
+  carry15 = (s15 + (1 << 20)) >> 21;
+  s16 += carry15;
+  s15 -= carry15 * (1 << 21);
+
+  s5 += s17 * 666643;
+  s6 += s17 * 470296;
+  s7 += s17 * 654183;
+  s8 -= s17 * 997805;
+  s9 += s17 * 136657;
+  s10 -= s17 * 683901;
+  s17 = 0;
+
+  s4 += s16 * 666643;
+  s5 += s16 * 470296;
+  s6 += s16 * 654183;
+  s7 -= s16 * 997805;
+  s8 += s16 * 136657;
+  s9 -= s16 * 683901;
+  s16 = 0;
+
+  s3 += s15 * 666643;
+  s4 += s15 * 470296;
+  s5 += s15 * 654183;
+  s6 -= s15 * 997805;
+  s7 += s15 * 136657;
+  s8 -= s15 * 683901;
+  s15 = 0;
+
+  s2 += s14 * 666643;
+  s3 += s14 * 470296;
+  s4 += s14 * 654183;
+  s5 -= s14 * 997805;
+  s6 += s14 * 136657;
+  s7 -= s14 * 683901;
+  s14 = 0;
+
+  s1 += s13 * 666643;
+  s2 += s13 * 470296;
+  s3 += s13 * 654183;
+  s4 -= s13 * 997805;
+  s5 += s13 * 136657;
+  s6 -= s13 * 683901;
+  s13 = 0;
+
+  s0 += s12 * 666643;
+  s1 += s12 * 470296;
+  s2 += s12 * 654183;
+  s3 -= s12 * 997805;
+  s4 += s12 * 136657;
+  s5 -= s12 * 683901;
+  s12 = 0;
+
+  carry0 = (s0 + (1 << 20)) >> 21;
+  s1 += carry0;
+  s0 -= carry0 * (1 << 21);
+  carry2 = (s2 + (1 << 20)) >> 21;
+  s3 += carry2;
+  s2 -= carry2 * (1 << 21);
+  carry4 = (s4 + (1 << 20)) >> 21;
+  s5 += carry4;
+  s4 -= carry4 * (1 << 21);
+  carry6 = (s6 + (1 << 20)) >> 21;
+  s7 += carry6;
+  s6 -= carry6 * (1 << 21);
+  carry8 = (s8 + (1 << 20)) >> 21;
+  s9 += carry8;
+  s8 -= carry8 * (1 << 21);
+  carry10 = (s10 + (1 << 20)) >> 21;
+  s11 += carry10;
+  s10 -= carry10 * (1 << 21);
+
+  carry1 = (s1 + (1 << 20)) >> 21;
+  s2 += carry1;
+  s1 -= carry1 * (1 << 21);
+  carry3 = (s3 + (1 << 20)) >> 21;
+  s4 += carry3;
+  s3 -= carry3 * (1 << 21);
+  carry5 = (s5 + (1 << 20)) >> 21;
+  s6 += carry5;
+  s5 -= carry5 * (1 << 21);
+  carry7 = (s7 + (1 << 20)) >> 21;
+  s8 += carry7;
+  s7 -= carry7 * (1 << 21);
+  carry9 = (s9 + (1 << 20)) >> 21;
+  s10 += carry9;
+  s9 -= carry9 * (1 << 21);
+  carry11 = (s11 + (1 << 20)) >> 21;
+  s12 += carry11;
+  s11 -= carry11 * (1 << 21);
+
+  s0 += s12 * 666643;
+  s1 += s12 * 470296;
+  s2 += s12 * 654183;
+  s3 -= s12 * 997805;
+  s4 += s12 * 136657;
+  s5 -= s12 * 683901;
+  s12 = 0;
+
+  carry0 = s0 >> 21;
+  s1 += carry0;
+  s0 -= carry0 * (1 << 21);
+  carry1 = s1 >> 21;
+  s2 += carry1;
+  s1 -= carry1 * (1 << 21);
+  carry2 = s2 >> 21;
+  s3 += carry2;
+  s2 -= carry2 * (1 << 21);
+  carry3 = s3 >> 21;
+  s4 += carry3;
+  s3 -= carry3 * (1 << 21);
+  carry4 = s4 >> 21;
+  s5 += carry4;
+  s4 -= carry4 * (1 << 21);
+  carry5 = s5 >> 21;
+  s6 += carry5;
+  s5 -= carry5 * (1 << 21);
+  carry6 = s6 >> 21;
+  s7 += carry6;
+  s6 -= carry6 * (1 << 21);
+  carry7 = s7 >> 21;
+  s8 += carry7;
+  s7 -= carry7 * (1 << 21);
+  carry8 = s8 >> 21;
+  s9 += carry8;
+  s8 -= carry8 * (1 << 21);
+  carry9 = s9 >> 21;
+  s10 += carry9;
+  s9 -= carry9 * (1 << 21);
+  carry10 = s10 >> 21;
+  s11 += carry10;
+  s10 -= carry10 * (1 << 21);
+  carry11 = s11 >> 21;
+  s12 += carry11;
+  s11 -= carry11 * (1 << 21);
+
+  s0 += s12 * 666643;
+  s1 += s12 * 470296;
+  s2 += s12 * 654183;
+  s3 -= s12 * 997805;
+  s4 += s12 * 136657;
+  s5 -= s12 * 683901;
+  s12 = 0;
+
+  carry0 = s0 >> 21;
+  s1 += carry0;
+  s0 -= carry0 * (1 << 21);
+  carry1 = s1 >> 21;
+  s2 += carry1;
+  s1 -= carry1 * (1 << 21);
+  carry2 = s2 >> 21;
+  s3 += carry2;
+  s2 -= carry2 * (1 << 21);
+  carry3 = s3 >> 21;
+  s4 += carry3;
+  s3 -= carry3 * (1 << 21);
+  carry4 = s4 >> 21;
+  s5 += carry4;
+  s4 -= carry4 * (1 << 21);
+  carry5 = s5 >> 21;
+  s6 += carry5;
+  s5 -= carry5 * (1 << 21);
+  carry6 = s6 >> 21;
+  s7 += carry6;
+  s6 -= carry6 * (1 << 21);
+  carry7 = s7 >> 21;
+  s8 += carry7;
+  s7 -= carry7 * (1 << 21);
+  carry8 = s8 >> 21;
+  s9 += carry8;
+  s8 -= carry8 * (1 << 21);
+  carry9 = s9 >> 21;
+  s10 += carry9;
+  s9 -= carry9 * (1 << 21);
+  carry10 = s10 >> 21;
+  s11 += carry10;
+  s10 -= carry10 * (1 << 21);
+
+  s[0] = (uint8_t)(s0 >> 0);
+  s[1] = (uint8_t)(s0 >> 8);
+  s[2] = (uint8_t)((s0 >> 16) | (s1 << 5));
+  s[3] = (uint8_t)(s1 >> 3);
+  s[4] = (uint8_t)(s1 >> 11);
+  s[5] = (uint8_t)((s1 >> 19) | (s2 << 2));
+  s[6] = (uint8_t)(s2 >> 6);
+  s[7] = (uint8_t)((s2 >> 14) | (s3 << 7));
+  s[8] = (uint8_t)(s3 >> 1);
+  s[9] = (uint8_t)(s3 >> 9);
+  s[10] = (uint8_t)((s3 >> 17) | (s4 << 4));
+  s[11] = (uint8_t)(s4 >> 4);
+  s[12] = (uint8_t)(s4 >> 12);
+  s[13] = (uint8_t)((s4 >> 20) | (s5 << 1));
+  s[14] = (uint8_t)(s5 >> 7);
+  s[15] = (uint8_t)((s5 >> 15) | (s6 << 6));
+  s[16] = (uint8_t)(s6 >> 2);
+  s[17] = (uint8_t)(s6 >> 10);
+  s[18] = (uint8_t)((s6 >> 18) | (s7 << 3));
+  s[19] = (uint8_t)(s7 >> 5);
+  s[20] = (uint8_t)(s7 >> 13);
+  s[21] = (uint8_t)(s8 >> 0);
+  s[22] = (uint8_t)(s8 >> 8);
+  s[23] = (uint8_t)((s8 >> 16) | (s9 << 5));
+  s[24] = (uint8_t)(s9 >> 3);
+  s[25] = (uint8_t)(s9 >> 11);
+  s[26] = (uint8_t)((s9 >> 19) | (s10 << 2));
+  s[27] = (uint8_t)(s10 >> 6);
+  s[28] = (uint8_t)((s10 >> 14) | (s11 << 7));
+  s[29] = (uint8_t)(s11 >> 1);
+  s[30] = (uint8_t)(s11 >> 9);
+  s[31] = (uint8_t)(s11 >> 17);
+}
+
+/* Input:
+ *   a[0]+256*a[1]+...+256^31*a[31] = a
+ *   b[0]+256*b[1]+...+256^31*b[31] = b
+ *   c[0]+256*c[1]+...+256^31*c[31] = c
+ *
+ * Output:
+ *   s[0]+256*s[1]+...+256^31*s[31] = (ab+c) mod l
+ *   where l = 2^252 + 27742317777372353535851937790883648493. */
+static void sc_muladd(uint8_t *s, const uint8_t *a, const uint8_t *b,
+                      const uint8_t *c) {
+  int64_t a0 = 2097151 & load_3(a);
+  int64_t a1 = 2097151 & (load_4(a + 2) >> 5);
+  int64_t a2 = 2097151 & (load_3(a + 5) >> 2);
+  int64_t a3 = 2097151 & (load_4(a + 7) >> 7);
+  int64_t a4 = 2097151 & (load_4(a + 10) >> 4);
+  int64_t a5 = 2097151 & (load_3(a + 13) >> 1);
+  int64_t a6 = 2097151 & (load_4(a + 15) >> 6);
+  int64_t a7 = 2097151 & (load_3(a + 18) >> 3);
+  int64_t a8 = 2097151 & load_3(a + 21);
+  int64_t a9 = 2097151 & (load_4(a + 23) >> 5);
+  int64_t a10 = 2097151 & (load_3(a + 26) >> 2);
+  int64_t a11 = (load_4(a + 28) >> 7);
+  int64_t b0 = 2097151 & load_3(b);
+  int64_t b1 = 2097151 & (load_4(b + 2) >> 5);
+  int64_t b2 = 2097151 & (load_3(b + 5) >> 2);
+  int64_t b3 = 2097151 & (load_4(b + 7) >> 7);
+  int64_t b4 = 2097151 & (load_4(b + 10) >> 4);
+  int64_t b5 = 2097151 & (load_3(b + 13) >> 1);
+  int64_t b6 = 2097151 & (load_4(b + 15) >> 6);
+  int64_t b7 = 2097151 & (load_3(b + 18) >> 3);
+  int64_t b8 = 2097151 & load_3(b + 21);
+  int64_t b9 = 2097151 & (load_4(b + 23) >> 5);
+  int64_t b10 = 2097151 & (load_3(b + 26) >> 2);
+  int64_t b11 = (load_4(b + 28) >> 7);
+  int64_t c0 = 2097151 & load_3(c);
+  int64_t c1 = 2097151 & (load_4(c + 2) >> 5);
+  int64_t c2 = 2097151 & (load_3(c + 5) >> 2);
+  int64_t c3 = 2097151 & (load_4(c + 7) >> 7);
+  int64_t c4 = 2097151 & (load_4(c + 10) >> 4);
+  int64_t c5 = 2097151 & (load_3(c + 13) >> 1);
+  int64_t c6 = 2097151 & (load_4(c + 15) >> 6);
+  int64_t c7 = 2097151 & (load_3(c + 18) >> 3);
+  int64_t c8 = 2097151 & load_3(c + 21);
+  int64_t c9 = 2097151 & (load_4(c + 23) >> 5);
+  int64_t c10 = 2097151 & (load_3(c + 26) >> 2);
+  int64_t c11 = (load_4(c + 28) >> 7);
+  int64_t s0;
+  int64_t s1;
+  int64_t s2;
+  int64_t s3;
+  int64_t s4;
+  int64_t s5;
+  int64_t s6;
+  int64_t s7;
+  int64_t s8;
+  int64_t s9;
+  int64_t s10;
+  int64_t s11;
+  int64_t s12;
+  int64_t s13;
+  int64_t s14;
+  int64_t s15;
+  int64_t s16;
+  int64_t s17;
+  int64_t s18;
+  int64_t s19;
+  int64_t s20;
+  int64_t s21;
+  int64_t s22;
+  int64_t s23;
+  int64_t carry0;
+  int64_t carry1;
+  int64_t carry2;
+  int64_t carry3;
+  int64_t carry4;
+  int64_t carry5;
+  int64_t carry6;
+  int64_t carry7;
+  int64_t carry8;
+  int64_t carry9;
+  int64_t carry10;
+  int64_t carry11;
+  int64_t carry12;
+  int64_t carry13;
+  int64_t carry14;
+  int64_t carry15;
+  int64_t carry16;
+  int64_t carry17;
+  int64_t carry18;
+  int64_t carry19;
+  int64_t carry20;
+  int64_t carry21;
+  int64_t carry22;
+
+  s0 = c0 + a0 * b0;
+  s1 = c1 + a0 * b1 + a1 * b0;
+  s2 = c2 + a0 * b2 + a1 * b1 + a2 * b0;
+  s3 = c3 + a0 * b3 + a1 * b2 + a2 * b1 + a3 * b0;
+  s4 = c4 + a0 * b4 + a1 * b3 + a2 * b2 + a3 * b1 + a4 * b0;
+  s5 = c5 + a0 * b5 + a1 * b4 + a2 * b3 + a3 * b2 + a4 * b1 + a5 * b0;
+  s6 = c6 + a0 * b6 + a1 * b5 + a2 * b4 + a3 * b3 + a4 * b2 + a5 * b1 + a6 * b0;
+  s7 = c7 + a0 * b7 + a1 * b6 + a2 * b5 + a3 * b4 + a4 * b3 + a5 * b2 +
+       a6 * b1 + a7 * b0;
+  s8 = c8 + a0 * b8 + a1 * b7 + a2 * b6 + a3 * b5 + a4 * b4 + a5 * b3 +
+       a6 * b2 + a7 * b1 + a8 * b0;
+  s9 = c9 + a0 * b9 + a1 * b8 + a2 * b7 + a3 * b6 + a4 * b5 + a5 * b4 +
+       a6 * b3 + a7 * b2 + a8 * b1 + a9 * b0;
+  s10 = c10 + a0 * b10 + a1 * b9 + a2 * b8 + a3 * b7 + a4 * b6 + a5 * b5 +
+        a6 * b4 + a7 * b3 + a8 * b2 + a9 * b1 + a10 * b0;
+  s11 = c11 + a0 * b11 + a1 * b10 + a2 * b9 + a3 * b8 + a4 * b7 + a5 * b6 +
+        a6 * b5 + a7 * b4 + a8 * b3 + a9 * b2 + a10 * b1 + a11 * b0;
+  s12 = a1 * b11 + a2 * b10 + a3 * b9 + a4 * b8 + a5 * b7 + a6 * b6 + a7 * b5 +
+        a8 * b4 + a9 * b3 + a10 * b2 + a11 * b1;
+  s13 = a2 * b11 + a3 * b10 + a4 * b9 + a5 * b8 + a6 * b7 + a7 * b6 + a8 * b5 +
+        a9 * b4 + a10 * b3 + a11 * b2;
+  s14 = a3 * b11 + a4 * b10 + a5 * b9 + a6 * b8 + a7 * b7 + a8 * b6 + a9 * b5 +
+        a10 * b4 + a11 * b3;
+  s15 = a4 * b11 + a5 * b10 + a6 * b9 + a7 * b8 + a8 * b7 + a9 * b6 + a10 * b5 +
+        a11 * b4;
+  s16 = a5 * b11 + a6 * b10 + a7 * b9 + a8 * b8 + a9 * b7 + a10 * b6 + a11 * b5;
+  s17 = a6 * b11 + a7 * b10 + a8 * b9 + a9 * b8 + a10 * b7 + a11 * b6;
+  s18 = a7 * b11 + a8 * b10 + a9 * b9 + a10 * b8 + a11 * b7;
+  s19 = a8 * b11 + a9 * b10 + a10 * b9 + a11 * b8;
+  s20 = a9 * b11 + a10 * b10 + a11 * b9;
+  s21 = a10 * b11 + a11 * b10;
+  s22 = a11 * b11;
+  s23 = 0;
+
+  carry0 = (s0 + (1 << 20)) >> 21;
+  s1 += carry0;
+  s0 -= carry0 * (1 << 21);
+  carry2 = (s2 + (1 << 20)) >> 21;
+  s3 += carry2;
+  s2 -= carry2 * (1 << 21);
+  carry4 = (s4 + (1 << 20)) >> 21;
+  s5 += carry4;
+  s4 -= carry4 * (1 << 21);
+  carry6 = (s6 + (1 << 20)) >> 21;
+  s7 += carry6;
+  s6 -= carry6 * (1 << 21);
+  carry8 = (s8 + (1 << 20)) >> 21;
+  s9 += carry8;
+  s8 -= carry8 * (1 << 21);
+  carry10 = (s10 + (1 << 20)) >> 21;
+  s11 += carry10;
+  s10 -= carry10 * (1 << 21);
+  carry12 = (s12 + (1 << 20)) >> 21;
+  s13 += carry12;
+  s12 -= carry12 * (1 << 21);
+  carry14 = (s14 + (1 << 20)) >> 21;
+  s15 += carry14;
+  s14 -= carry14 * (1 << 21);
+  carry16 = (s16 + (1 << 20)) >> 21;
+  s17 += carry16;
+  s16 -= carry16 * (1 << 21);
+  carry18 = (s18 + (1 << 20)) >> 21;
+  s19 += carry18;
+  s18 -= carry18 * (1 << 21);
+  carry20 = (s20 + (1 << 20)) >> 21;
+  s21 += carry20;
+  s20 -= carry20 * (1 << 21);
+  carry22 = (s22 + (1 << 20)) >> 21;
+  s23 += carry22;
+  s22 -= carry22 * (1 << 21);
+
+  carry1 = (s1 + (1 << 20)) >> 21;
+  s2 += carry1;
+  s1 -= carry1 * (1 << 21);
+  carry3 = (s3 + (1 << 20)) >> 21;
+  s4 += carry3;
+  s3 -= carry3 * (1 << 21);
+  carry5 = (s5 + (1 << 20)) >> 21;
+  s6 += carry5;
+  s5 -= carry5 * (1 << 21);
+  carry7 = (s7 + (1 << 20)) >> 21;
+  s8 += carry7;
+  s7 -= carry7 * (1 << 21);
+  carry9 = (s9 + (1 << 20)) >> 21;
+  s10 += carry9;
+  s9 -= carry9 * (1 << 21);
+  carry11 = (s11 + (1 << 20)) >> 21;
+  s12 += carry11;
+  s11 -= carry11 * (1 << 21);
+  carry13 = (s13 + (1 << 20)) >> 21;
+  s14 += carry13;
+  s13 -= carry13 * (1 << 21);
+  carry15 = (s15 + (1 << 20)) >> 21;
+  s16 += carry15;
+  s15 -= carry15 * (1 << 21);
+  carry17 = (s17 + (1 << 20)) >> 21;
+  s18 += carry17;
+  s17 -= carry17 * (1 << 21);
+  carry19 = (s19 + (1 << 20)) >> 21;
+  s20 += carry19;
+  s19 -= carry19 * (1 << 21);
+  carry21 = (s21 + (1 << 20)) >> 21;
+  s22 += carry21;
+  s21 -= carry21 * (1 << 21);
+
+  s11 += s23 * 666643;
+  s12 += s23 * 470296;
+  s13 += s23 * 654183;
+  s14 -= s23 * 997805;
+  s15 += s23 * 136657;
+  s16 -= s23 * 683901;
+  s23 = 0;
+
+  s10 += s22 * 666643;
+  s11 += s22 * 470296;
+  s12 += s22 * 654183;
+  s13 -= s22 * 997805;
+  s14 += s22 * 136657;
+  s15 -= s22 * 683901;
+  s22 = 0;
+
+  s9 += s21 * 666643;
+  s10 += s21 * 470296;
+  s11 += s21 * 654183;
+  s12 -= s21 * 997805;
+  s13 += s21 * 136657;
+  s14 -= s21 * 683901;
+  s21 = 0;
+
+  s8 += s20 * 666643;
+  s9 += s20 * 470296;
+  s10 += s20 * 654183;
+  s11 -= s20 * 997805;
+  s12 += s20 * 136657;
+  s13 -= s20 * 683901;
+  s20 = 0;
+
+  s7 += s19 * 666643;
+  s8 += s19 * 470296;
+  s9 += s19 * 654183;
+  s10 -= s19 * 997805;
+  s11 += s19 * 136657;
+  s12 -= s19 * 683901;
+  s19 = 0;
+
+  s6 += s18 * 666643;
+  s7 += s18 * 470296;
+  s8 += s18 * 654183;
+  s9 -= s18 * 997805;
+  s10 += s18 * 136657;
+  s11 -= s18 * 683901;
+  s18 = 0;
+
+  carry6 = (s6 + (1 << 20)) >> 21;
+  s7 += carry6;
+  s6 -= carry6 * (1 << 21);
+  carry8 = (s8 + (1 << 20)) >> 21;
+  s9 += carry8;
+  s8 -= carry8 * (1 << 21);
+  carry10 = (s10 + (1 << 20)) >> 21;
+  s11 += carry10;
+  s10 -= carry10 * (1 << 21);
+  carry12 = (s12 + (1 << 20)) >> 21;
+  s13 += carry12;
+  s12 -= carry12 * (1 << 21);
+  carry14 = (s14 + (1 << 20)) >> 21;
+  s15 += carry14;
+  s14 -= carry14 * (1 << 21);
+  carry16 = (s16 + (1 << 20)) >> 21;
+  s17 += carry16;
+  s16 -= carry16 * (1 << 21);
+
+  carry7 = (s7 + (1 << 20)) >> 21;
+  s8 += carry7;
+  s7 -= carry7 * (1 << 21);
+  carry9 = (s9 + (1 << 20)) >> 21;
+  s10 += carry9;
+  s9 -= carry9 * (1 << 21);
+  carry11 = (s11 + (1 << 20)) >> 21;
+  s12 += carry11;
+  s11 -= carry11 * (1 << 21);
+  carry13 = (s13 + (1 << 20)) >> 21;
+  s14 += carry13;
+  s13 -= carry13 * (1 << 21);
+  carry15 = (s15 + (1 << 20)) >> 21;
+  s16 += carry15;
+  s15 -= carry15 * (1 << 21);
+
+  s5 += s17 * 666643;
+  s6 += s17 * 470296;
+  s7 += s17 * 654183;
+  s8 -= s17 * 997805;
+  s9 += s17 * 136657;
+  s10 -= s17 * 683901;
+  s17 = 0;
+
+  s4 += s16 * 666643;
+  s5 += s16 * 470296;
+  s6 += s16 * 654183;
+  s7 -= s16 * 997805;
+  s8 += s16 * 136657;
+  s9 -= s16 * 683901;
+  s16 = 0;
+
+  s3 += s15 * 666643;
+  s4 += s15 * 470296;
+  s5 += s15 * 654183;
+  s6 -= s15 * 997805;
+  s7 += s15 * 136657;
+  s8 -= s15 * 683901;
+  s15 = 0;
+
+  s2 += s14 * 666643;
+  s3 += s14 * 470296;
+  s4 += s14 * 654183;
+  s5 -= s14 * 997805;
+  s6 += s14 * 136657;
+  s7 -= s14 * 683901;
+  s14 = 0;
+
+  s1 += s13 * 666643;
+  s2 += s13 * 470296;
+  s3 += s13 * 654183;
+  s4 -= s13 * 997805;
+  s5 += s13 * 136657;
+  s6 -= s13 * 683901;
+  s13 = 0;
+
+  s0 += s12 * 666643;
+  s1 += s12 * 470296;
+  s2 += s12 * 654183;
+  s3 -= s12 * 997805;
+  s4 += s12 * 136657;
+  s5 -= s12 * 683901;
+  s12 = 0;
+
+  carry0 = (s0 + (1 << 20)) >> 21;
+  s1 += carry0;
+  s0 -= carry0 * (1 << 21);
+  carry2 = (s2 + (1 << 20)) >> 21;
+  s3 += carry2;
+  s2 -= carry2 * (1 << 21);
+  carry4 = (s4 + (1 << 20)) >> 21;
+  s5 += carry4;
+  s4 -= carry4 * (1 << 21);
+  carry6 = (s6 + (1 << 20)) >> 21;
+  s7 += carry6;
+  s6 -= carry6 * (1 << 21);
+  carry8 = (s8 + (1 << 20)) >> 21;
+  s9 += carry8;
+  s8 -= carry8 * (1 << 21);
+  carry10 = (s10 + (1 << 20)) >> 21;
+  s11 += carry10;
+  s10 -= carry10 * (1 << 21);
+
+  carry1 = (s1 + (1 << 20)) >> 21;
+  s2 += carry1;
+  s1 -= carry1 * (1 << 21);
+  carry3 = (s3 + (1 << 20)) >> 21;
+  s4 += carry3;
+  s3 -= carry3 * (1 << 21);
+  carry5 = (s5 + (1 << 20)) >> 21;
+  s6 += carry5;
+  s5 -= carry5 * (1 << 21);
+  carry7 = (s7 + (1 << 20)) >> 21;
+  s8 += carry7;
+  s7 -= carry7 * (1 << 21);
+  carry9 = (s9 + (1 << 20)) >> 21;
+  s10 += carry9;
+  s9 -= carry9 * (1 << 21);
+  carry11 = (s11 + (1 << 20)) >> 21;
+  s12 += carry11;
+  s11 -= carry11 * (1 << 21);
+
+  s0 += s12 * 666643;
+  s1 += s12 * 470296;
+  s2 += s12 * 654183;
+  s3 -= s12 * 997805;
+  s4 += s12 * 136657;
+  s5 -= s12 * 683901;
+  s12 = 0;
+
+  carry0 = s0 >> 21;
+  s1 += carry0;
+  s0 -= carry0 * (1 << 21);
+  carry1 = s1 >> 21;
+  s2 += carry1;
+  s1 -= carry1 * (1 << 21);
+  carry2 = s2 >> 21;
+  s3 += carry2;
+  s2 -= carry2 * (1 << 21);
+  carry3 = s3 >> 21;
+  s4 += carry3;
+  s3 -= carry3 * (1 << 21);
+  carry4 = s4 >> 21;
+  s5 += carry4;
+  s4 -= carry4 * (1 << 21);
+  carry5 = s5 >> 21;
+  s6 += carry5;
+  s5 -= carry5 * (1 << 21);
+  carry6 = s6 >> 21;
+  s7 += carry6;
+  s6 -= carry6 * (1 << 21);
+  carry7 = s7 >> 21;
+  s8 += carry7;
+  s7 -= carry7 * (1 << 21);
+  carry8 = s8 >> 21;
+  s9 += carry8;
+  s8 -= carry8 * (1 << 21);
+  carry9 = s9 >> 21;
+  s10 += carry9;
+  s9 -= carry9 * (1 << 21);
+  carry10 = s10 >> 21;
+  s11 += carry10;
+  s10 -= carry10 * (1 << 21);
+  carry11 = s11 >> 21;
+  s12 += carry11;
+  s11 -= carry11 * (1 << 21);
+
+  s0 += s12 * 666643;
+  s1 += s12 * 470296;
+  s2 += s12 * 654183;
+  s3 -= s12 * 997805;
+  s4 += s12 * 136657;
+  s5 -= s12 * 683901;
+  s12 = 0;
+
+  carry0 = s0 >> 21;
+  s1 += carry0;
+  s0 -= carry0 * (1 << 21);
+  carry1 = s1 >> 21;
+  s2 += carry1;
+  s1 -= carry1 * (1 << 21);
+  carry2 = s2 >> 21;
+  s3 += carry2;
+  s2 -= carry2 * (1 << 21);
+  carry3 = s3 >> 21;
+  s4 += carry3;
+  s3 -= carry3 * (1 << 21);
+  carry4 = s4 >> 21;
+  s5 += carry4;
+  s4 -= carry4 * (1 << 21);
+  carry5 = s5 >> 21;
+  s6 += carry5;
+  s5 -= carry5 * (1 << 21);
+  carry6 = s6 >> 21;
+  s7 += carry6;
+  s6 -= carry6 * (1 << 21);
+  carry7 = s7 >> 21;
+  s8 += carry7;
+  s7 -= carry7 * (1 << 21);
+  carry8 = s8 >> 21;
+  s9 += carry8;
+  s8 -= carry8 * (1 << 21);
+  carry9 = s9 >> 21;
+  s10 += carry9;
+  s9 -= carry9 * (1 << 21);
+  carry10 = s10 >> 21;
+  s11 += carry10;
+  s10 -= carry10 * (1 << 21);
+
+  s[0] = (uint8_t)(s0 >> 0);
+  s[1] = (uint8_t)(s0 >> 8);
+  s[2] = (uint8_t)((s0 >> 16) | (s1 << 5));
+  s[3] = (uint8_t)(s1 >> 3);
+  s[4] = (uint8_t)(s1 >> 11);
+  s[5] = (uint8_t)((s1 >> 19) | (s2 << 2));
+  s[6] = (uint8_t)(s2 >> 6);
+  s[7] = (uint8_t)((s2 >> 14) | (s3 << 7));
+  s[8] = (uint8_t)(s3 >> 1);
+  s[9] = (uint8_t)(s3 >> 9);
+  s[10] = (uint8_t)((s3 >> 17) | (s4 << 4));
+  s[11] = (uint8_t)(s4 >> 4);
+  s[12] = (uint8_t)(s4 >> 12);
+  s[13] = (uint8_t)((s4 >> 20) | (s5 << 1));
+  s[14] = (uint8_t)(s5 >> 7);
+  s[15] = (uint8_t)((s5 >> 15) | (s6 << 6));
+  s[16] = (uint8_t)(s6 >> 2);
+  s[17] = (uint8_t)(s6 >> 10);
+  s[18] = (uint8_t)((s6 >> 18) | (s7 << 3));
+  s[19] = (uint8_t)(s7 >> 5);
+  s[20] = (uint8_t)(s7 >> 13);
+  s[21] = (uint8_t)(s8 >> 0);
+  s[22] = (uint8_t)(s8 >> 8);
+  s[23] = (uint8_t)((s8 >> 16) | (s9 << 5));
+  s[24] = (uint8_t)(s9 >> 3);
+  s[25] = (uint8_t)(s9 >> 11);
+  s[26] = (uint8_t)((s9 >> 19) | (s10 << 2));
+  s[27] = (uint8_t)(s10 >> 6);
+  s[28] = (uint8_t)((s10 >> 14) | (s11 << 7));
+  s[29] = (uint8_t)(s11 >> 1);
+  s[30] = (uint8_t)(s11 >> 9);
+  s[31] = (uint8_t)(s11 >> 17);
+}
+
+int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len,
+                 const uint8_t public_key[32], const uint8_t private_key[32]) {
+  uint8_t az[SHA512_DIGEST_LENGTH];
+  uint8_t nonce[SHA512_DIGEST_LENGTH];
+  ge_p3 R;
+  uint8_t hram[SHA512_DIGEST_LENGTH];
+  SHA512_CTX hash_ctx;
+
+  SHA512_Init(&hash_ctx);
+  SHA512_Update(&hash_ctx, private_key, 32);
+  SHA512_Final(az, &hash_ctx);
+
+  az[0] &= 248;
+  az[31] &= 63;
+  az[31] |= 64;
+
+  SHA512_Init(&hash_ctx);
+  SHA512_Update(&hash_ctx, az + 32, 32);
+  SHA512_Update(&hash_ctx, message, message_len);
+  SHA512_Final(nonce, &hash_ctx);
+
+  x25519_sc_reduce(nonce);
+  ge_scalarmult_base(&R, nonce);
+  ge_p3_tobytes(out_sig, &R);
+
+  SHA512_Init(&hash_ctx);
+  SHA512_Update(&hash_ctx, out_sig, 32);
+  SHA512_Update(&hash_ctx, public_key, 32);
+  SHA512_Update(&hash_ctx, message, message_len);
+  SHA512_Final(hram, &hash_ctx);
+
+  x25519_sc_reduce(hram);
+  sc_muladd(out_sig + 32, hram, az, nonce);
+
+  OPENSSL_cleanse(&hash_ctx, sizeof(hash_ctx));
+  OPENSSL_cleanse(nonce, sizeof(nonce));
+  OPENSSL_cleanse(az, sizeof(az));
+
+  return 1;
+}
+
+int ED25519_verify(const uint8_t *message, size_t message_len,
+                   const uint8_t signature[64], const uint8_t public_key[32]) {
+  ge_p3 A;
+  uint8_t rcopy[32];
+  uint8_t scopy[32];
+  SHA512_CTX hash_ctx;
+  ge_p2 R;
+  uint8_t rcheck[32];
+  uint8_t h[SHA512_DIGEST_LENGTH];
+
+  if ((signature[63] & 224) != 0 ||
+      ge_frombytes_vartime(&A, public_key) != 0) {
+    return 0;
+  }
+
+  fe_neg(A.X, A.X);
+  fe_neg(A.T, A.T);
+
+  memcpy(rcopy, signature, 32);
+  memcpy(scopy, signature + 32, 32);
+
+  SHA512_Init(&hash_ctx);
+  SHA512_Update(&hash_ctx, signature, 32);
+  SHA512_Update(&hash_ctx, public_key, 32);
+  SHA512_Update(&hash_ctx, message, message_len);
+  SHA512_Final(h, &hash_ctx);
+
+  x25519_sc_reduce(h);
+
+  ge_double_scalarmult_vartime(&R, h, &A, scopy);
+
+  ge_tobytes(rcheck, &R);
+
+  return CRYPTO_memcmp(rcheck, rcopy, sizeof(rcheck)) == 0;
+}
+
+void ED25519_public_from_private(uint8_t out_public_key[32],
+                                 const uint8_t private_key[32]) {
+  uint8_t az[SHA512_DIGEST_LENGTH];
+  ge_p3 A;
+
+  SHA512(private_key, 32, az);
+
+  az[0] &= 248;
+  az[31] &= 63;
+  az[31] |= 64;
+
+  ge_scalarmult_base(&A, az);
+  ge_p3_tobytes(out_public_key, &A);
+
+  OPENSSL_cleanse(az, sizeof(az));
+}
+
+int X25519(uint8_t out_shared_key[32], const uint8_t private_key[32],
+           const uint8_t peer_public_value[32]) {
+  static const uint8_t kZeros[32] = {0};
+  x25519_scalar_mult(out_shared_key, private_key, peer_public_value);
+  /* The all-zero output results when the input is a point of small order. */
+  return CRYPTO_memcmp(kZeros, out_shared_key, 32) != 0;
+}
+
+void X25519_public_from_private(uint8_t out_public_value[32],
+                                const uint8_t private_key[32]) {
+  uint8_t e[32];
+  ge_p3 A;
+  fe zplusy, zminusy, zminusy_inv;
+
+  memcpy(e, private_key, 32);
+  e[0] &= 248;
+  e[31] &= 127;
+  e[31] |= 64;
+
+  ge_scalarmult_base(&A, e);
+
+  /* We only need the u-coordinate of the curve25519 point. The map is
+   * u=(y+1)/(1-y). Since y=Y/Z, this gives u=(Z+Y)/(Z-Y). */
+  fe_add(zplusy, A.Z, A.Y);
+  fe_sub(zminusy, A.Z, A.Y);
+  fe_invert(zminusy_inv, zminusy);
+  fe_mul(zplusy, zplusy, zminusy_inv);
+  fe_tobytes(out_public_value, zplusy);
+
+  OPENSSL_cleanse(e, sizeof(e));
+}
diff --git a/freebsd/crypto/openssl/crypto/ec/curve448/arch_32/arch_intrinsics.h b/freebsd/crypto/openssl/crypto/ec/curve448/arch_32/arch_intrinsics.h
new file mode 100644
index 00000000..48081c77
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/ec/curve448/arch_32/arch_intrinsics.h
@@ -0,0 +1,27 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016 Cryptography Research, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Mike Hamburg
+ */
+
+#ifndef HEADER_ARCH_32_ARCH_INTRINSICS_H
+# define HEADER_ARCH_32_ARCH_INTRINSICS_H
+
+#include "internal/constant_time_locl.h"
+
+# define ARCH_WORD_BITS 32
+
+#define word_is_zero(a)     constant_time_is_zero_32(a)
+
+static ossl_inline uint64_t widemul(uint32_t a, uint32_t b)
+{
+    return ((uint64_t)a) * b;
+}
+
+#endif                          /* HEADER_ARCH_32_ARCH_INTRINSICS_H */
diff --git a/freebsd/crypto/openssl/crypto/ec/curve448/arch_32/f_impl.c b/freebsd/crypto/openssl/crypto/ec/curve448/arch_32/f_impl.c
new file mode 100644
index 00000000..693cdfbc
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/ec/curve448/arch_32/f_impl.c
@@ -0,0 +1,97 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2014 Cryptography Research, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Mike Hamburg
+ */
+
+#include "field.h"
+
+void gf_mul(gf_s * RESTRICT cs, const gf as, const gf bs)
+{
+    const uint32_t *a = as->limb, *b = bs->limb;
+    uint32_t *c = cs->limb;
+    uint64_t accum0 = 0, accum1 = 0, accum2 = 0;
+    uint32_t mask = (1 << 28) - 1;
+    uint32_t aa[8], bb[8];
+    int i, j;
+
+    for (i = 0; i < 8; i++) {
+        aa[i] = a[i] + a[i + 8];
+        bb[i] = b[i] + b[i + 8];
+    }
+
+    for (j = 0; j < 8; j++) {
+        accum2 = 0;
+        for (i = 0; i < j + 1; i++) {
+            accum2 += widemul(a[j - i], b[i]);
+            accum1 += widemul(aa[j - i], bb[i]);
+            accum0 += widemul(a[8 + j - i], b[8 + i]);
+        }
+        accum1 -= accum2;
+        accum0 += accum2;
+        accum2 = 0;
+        for (i = j + 1; i < 8; i++) {
+            accum0 -= widemul(a[8 + j - i], b[i]);
+            accum2 += widemul(aa[8 + j - i], bb[i]);
+            accum1 += widemul(a[16 + j - i], b[8 + i]);
+        }
+        accum1 += accum2;
+        accum0 += accum2;
+        c[j] = ((uint32_t)(accum0)) & mask;
+        c[j + 8] = ((uint32_t)(accum1)) & mask;
+        accum0 >>= 28;
+        accum1 >>= 28;
+    }
+
+    accum0 += accum1;
+    accum0 += c[8];
+    accum1 += c[0];
+    c[8] = ((uint32_t)(accum0)) & mask;
+    c[0] = ((uint32_t)(accum1)) & mask;
+
+    accum0 >>= 28;
+    accum1 >>= 28;
+    c[9] += ((uint32_t)(accum0));
+    c[1] += ((uint32_t)(accum1));
+}
+
+void gf_mulw_unsigned(gf_s * RESTRICT cs, const gf as, uint32_t b)
+{
+    const uint32_t *a = as->limb;
+    uint32_t *c = cs->limb;
+    uint64_t accum0 = 0, accum8 = 0;
+    uint32_t mask = (1 << 28) - 1;
+    int i;
+
+    assert(b <= mask);
+
+    for (i = 0; i < 8; i++) {
+        accum0 += widemul(b, a[i]);
+        accum8 += widemul(b, a[i + 8]);
+        c[i] = accum0 & mask;
+        accum0 >>= 28;
+        c[i + 8] = accum8 & mask;
+        accum8 >>= 28;
+    }
+
+    accum0 += accum8 + c[8];
+    c[8] = ((uint32_t)accum0) & mask;
+    c[9] += (uint32_t)(accum0 >> 28);
+
+    accum8 += c[0];
+    c[0] = ((uint32_t)accum8) & mask;
+    c[1] += (uint32_t)(accum8 >> 28);
+}
+
+void gf_sqr(gf_s * RESTRICT cs, const gf as)
+{
+    gf_mul(cs, as, as);         /* Performs better with a dedicated square */
+}
diff --git a/freebsd/crypto/openssl/crypto/ec/curve448/arch_32/f_impl.h b/freebsd/crypto/openssl/crypto/ec/curve448/arch_32/f_impl.h
new file mode 100644
index 00000000..bbde84a0
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/ec/curve448/arch_32/f_impl.h
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2014-2016 Cryptography Research, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Mike Hamburg
+ */
+
+#ifndef HEADER_ARCH_32_F_IMPL_H
+# define HEADER_ARCH_32_F_IMPL_H
+
+# define GF_HEADROOM 2
+# define LIMB(x) ((x) & ((1 << 28) - 1)), ((x) >> 28)
+# define FIELD_LITERAL(a, b, c, d, e, f, g, h) \
+    {{LIMB(a), LIMB(b), LIMB(c), LIMB(d), LIMB(e), LIMB(f), LIMB(g), LIMB(h)}}
+
+# define LIMB_PLACE_VALUE(i) 28
+
+void gf_add_RAW(gf out, const gf a, const gf b)
+{
+    unsigned int i;
+
+    for (i = 0; i < NLIMBS; i++)
+        out->limb[i] = a->limb[i] + b->limb[i];
+}
+
+void gf_sub_RAW(gf out, const gf a, const gf b)
+{
+    unsigned int i;
+
+    for (i = 0; i < NLIMBS; i++)
+        out->limb[i] = a->limb[i] - b->limb[i];
+}
+
+void gf_bias(gf a, int amt)
+{
+    unsigned int i;
+    uint32_t co1 = ((1 << 28) - 1) * amt, co2 = co1 - amt;
+
+    for (i = 0; i < NLIMBS; i++)
+        a->limb[i] += (i == NLIMBS / 2) ? co2 : co1;
+}
+
+void gf_weak_reduce(gf a)
+{
+    uint32_t mask = (1 << 28) - 1;
+    uint32_t tmp = a->limb[NLIMBS - 1] >> 28;
+    unsigned int i;
+
+    a->limb[NLIMBS / 2] += tmp;
+    for (i = NLIMBS - 1; i > 0; i--)
+        a->limb[i] = (a->limb[i] & mask) + (a->limb[i - 1] >> 28);
+    a->limb[0] = (a->limb[0] & mask) + tmp;
+}
+
+#endif                  /* HEADER_ARCH_32_F_IMPL_H */
diff --git a/freebsd/crypto/openssl/crypto/ec/curve448/curve448.c b/freebsd/crypto/openssl/crypto/ec/curve448/curve448.c
new file mode 100644
index 00000000..c7d3b29b
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/ec/curve448/curve448.c
@@ -0,0 +1,729 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2016 Cryptography Research, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Mike Hamburg
+ */
+#include <openssl/crypto.h>
+#include "word.h"
+#include "field.h"
+
+#include "point_448.h"
+#include "ed448.h"
+#include "curve448_lcl.h"
+
+#define COFACTOR 4
+
+#define C448_WNAF_FIXED_TABLE_BITS 5
+#define C448_WNAF_VAR_TABLE_BITS 3
+
+#define EDWARDS_D       (-39081)
+
+static const curve448_scalar_t precomputed_scalarmul_adjustment = {
+    {
+        {
+            SC_LIMB(0xc873d6d54a7bb0cf), SC_LIMB(0xe933d8d723a70aad),
+            SC_LIMB(0xbb124b65129c96fd), SC_LIMB(0x00000008335dc163)
+        }
+    }
+};
+
+#define TWISTED_D (EDWARDS_D - 1)
+
+#define WBITS C448_WORD_BITS   /* NB this may be different from ARCH_WORD_BITS */
+
+/* Inverse. */
+static void gf_invert(gf y, const gf x, int assert_nonzero)
+{
+    mask_t ret;
+    gf t1, t2;
+
+    gf_sqr(t1, x);              /* o^2 */
+    ret = gf_isr(t2, t1);       /* +-1/sqrt(o^2) = +-1/o */
+    (void)ret;
+    if (assert_nonzero)
+        assert(ret);
+    gf_sqr(t1, t2);
+    gf_mul(t2, t1, x);          /* not direct to y in case of alias. */
+    gf_copy(y, t2);
+}
+
+/** identity = (0,1) */
+const curve448_point_t curve448_point_identity =
+    { {{{{0}}}, {{{1}}}, {{{1}}}, {{{0}}}} };
+
+static void point_double_internal(curve448_point_t p, const curve448_point_t q,
+                                  int before_double)
+{
+    gf a, b, c, d;
+
+    gf_sqr(c, q->x);
+    gf_sqr(a, q->y);
+    gf_add_nr(d, c, a);         /* 2+e */
+    gf_add_nr(p->t, q->y, q->x); /* 2+e */
+    gf_sqr(b, p->t);
+    gf_subx_nr(b, b, d, 3);     /* 4+e */
+    gf_sub_nr(p->t, a, c);      /* 3+e */
+    gf_sqr(p->x, q->z);
+    gf_add_nr(p->z, p->x, p->x); /* 2+e */
+    gf_subx_nr(a, p->z, p->t, 4); /* 6+e */
+    if (GF_HEADROOM == 5)
+        gf_weak_reduce(a);      /* or 1+e */
+    gf_mul(p->x, a, b);
+    gf_mul(p->z, p->t, a);
+    gf_mul(p->y, p->t, d);
+    if (!before_double)
+        gf_mul(p->t, b, d);
+}
+
+void curve448_point_double(curve448_point_t p, const curve448_point_t q)
+{
+    point_double_internal(p, q, 0);
+}
+
+/* Operations on [p]niels */
+static ossl_inline void cond_neg_niels(niels_t n, mask_t neg)
+{
+    gf_cond_swap(n->a, n->b, neg);
+    gf_cond_neg(n->c, neg);
+}
+
+static void pt_to_pniels(pniels_t b, const curve448_point_t a)
+{
+    gf_sub(b->n->a, a->y, a->x);
+    gf_add(b->n->b, a->x, a->y);
+    gf_mulw(b->n->c, a->t, 2 * TWISTED_D);
+    gf_add(b->z, a->z, a->z);
+}
+
+static void pniels_to_pt(curve448_point_t e, const pniels_t d)
+{
+    gf eu;
+
+    gf_add(eu, d->n->b, d->n->a);
+    gf_sub(e->y, d->n->b, d->n->a);
+    gf_mul(e->t, e->y, eu);
+    gf_mul(e->x, d->z, e->y);
+    gf_mul(e->y, d->z, eu);
+    gf_sqr(e->z, d->z);
+}
+
+static void niels_to_pt(curve448_point_t e, const niels_t n)
+{
+    gf_add(e->y, n->b, n->a);
+    gf_sub(e->x, n->b, n->a);
+    gf_mul(e->t, e->y, e->x);
+    gf_copy(e->z, ONE);
+}
+
+static void add_niels_to_pt(curve448_point_t d, const niels_t e,
+                            int before_double)
+{
+    gf a, b, c;
+
+    gf_sub_nr(b, d->y, d->x);   /* 3+e */
+    gf_mul(a, e->a, b);
+    gf_add_nr(b, d->x, d->y);   /* 2+e */
+    gf_mul(d->y, e->b, b);
+    gf_mul(d->x, e->c, d->t);
+    gf_add_nr(c, a, d->y);      /* 2+e */
+    gf_sub_nr(b, d->y, a);      /* 3+e */
+    gf_sub_nr(d->y, d->z, d->x); /* 3+e */
+    gf_add_nr(a, d->x, d->z);   /* 2+e */
+    gf_mul(d->z, a, d->y);
+    gf_mul(d->x, d->y, b);
+    gf_mul(d->y, a, c);
+    if (!before_double)
+        gf_mul(d->t, b, c);
+}
+
+static void sub_niels_from_pt(curve448_point_t d, const niels_t e,
+                              int before_double)
+{
+    gf a, b, c;
+
+    gf_sub_nr(b, d->y, d->x);   /* 3+e */
+    gf_mul(a, e->b, b);
+    gf_add_nr(b, d->x, d->y);   /* 2+e */
+    gf_mul(d->y, e->a, b);
+    gf_mul(d->x, e->c, d->t);
+    gf_add_nr(c, a, d->y);      /* 2+e */
+    gf_sub_nr(b, d->y, a);      /* 3+e */
+    gf_add_nr(d->y, d->z, d->x); /* 2+e */
+    gf_sub_nr(a, d->z, d->x);   /* 3+e */
+    gf_mul(d->z, a, d->y);
+    gf_mul(d->x, d->y, b);
+    gf_mul(d->y, a, c);
+    if (!before_double)
+        gf_mul(d->t, b, c);
+}
+
+static void add_pniels_to_pt(curve448_point_t p, const pniels_t pn,
+                             int before_double)
+{
+    gf L0;
+
+    gf_mul(L0, p->z, pn->z);
+    gf_copy(p->z, L0);
+    add_niels_to_pt(p, pn->n, before_double);
+}
+
+static void sub_pniels_from_pt(curve448_point_t p, const pniels_t pn,
+                               int before_double)
+{
+    gf L0;
+
+    gf_mul(L0, p->z, pn->z);
+    gf_copy(p->z, L0);
+    sub_niels_from_pt(p, pn->n, before_double);
+}
+
+c448_bool_t curve448_point_eq(const curve448_point_t p,
+                              const curve448_point_t q)
+{
+    mask_t succ;
+    gf a, b;
+
+    /* equality mod 2-torsion compares x/y */
+    gf_mul(a, p->y, q->x);
+    gf_mul(b, q->y, p->x);
+    succ = gf_eq(a, b);
+
+    return mask_to_bool(succ);
+}
+
+c448_bool_t curve448_point_valid(const curve448_point_t p)
+{
+    mask_t out;
+    gf a, b, c;
+
+    gf_mul(a, p->x, p->y);
+    gf_mul(b, p->z, p->t);
+    out = gf_eq(a, b);
+    gf_sqr(a, p->x);
+    gf_sqr(b, p->y);
+    gf_sub(a, b, a);
+    gf_sqr(b, p->t);
+    gf_mulw(c, b, TWISTED_D);
+    gf_sqr(b, p->z);
+    gf_add(b, b, c);
+    out &= gf_eq(a, b);
+    out &= ~gf_eq(p->z, ZERO);
+    return mask_to_bool(out);
+}
+
+static ossl_inline void constant_time_lookup_niels(niels_s * RESTRICT ni,
+                                                   const niels_t * table,
+                                                   int nelts, int idx)
+{
+    constant_time_lookup(ni, table, sizeof(niels_s), nelts, idx);
+}
+
+void curve448_precomputed_scalarmul(curve448_point_t out,
+                                    const curve448_precomputed_s * table,
+                                    const curve448_scalar_t scalar)
+{
+    unsigned int i, j, k;
+    const unsigned int n = COMBS_N, t = COMBS_T, s = COMBS_S;
+    niels_t ni;
+    curve448_scalar_t scalar1x;
+
+    curve448_scalar_add(scalar1x, scalar, precomputed_scalarmul_adjustment);
+    curve448_scalar_halve(scalar1x, scalar1x);
+
+    for (i = s; i > 0; i--) {
+        if (i != s)
+            point_double_internal(out, out, 0);
+
+        for (j = 0; j < n; j++) {
+            int tab = 0;
+            mask_t invert;
+
+            for (k = 0; k < t; k++) {
+                unsigned int bit = (i - 1) + s * (k + j * t);
+
+                if (bit < C448_SCALAR_BITS)
+                    tab |=
+                        (scalar1x->limb[bit / WBITS] >> (bit % WBITS) & 1) << k;
+            }
+
+            invert = (tab >> (t - 1)) - 1;
+            tab ^= invert;
+            tab &= (1 << (t - 1)) - 1;
+
+            constant_time_lookup_niels(ni, &table->table[j << (t - 1)],
+                                       1 << (t - 1), tab);
+
+            cond_neg_niels(ni, invert);
+            if ((i != s) || j != 0)
+                add_niels_to_pt(out, ni, j == n - 1 && i != 1);
+            else
+                niels_to_pt(out, ni);
+        }
+    }
+
+    OPENSSL_cleanse(ni, sizeof(ni));
+    OPENSSL_cleanse(scalar1x, sizeof(scalar1x));
+}
+
+void curve448_point_mul_by_ratio_and_encode_like_eddsa(
+                                    uint8_t enc[EDDSA_448_PUBLIC_BYTES],
+                                    const curve448_point_t p)
+{
+    gf x, y, z, t;
+    curve448_point_t q;
+
+    /* The point is now on the twisted curve.  Move it to untwisted. */
+    curve448_point_copy(q, p);
+
+    {
+        /* 4-isogeny: 2xy/(y^+x^2), (y^2-x^2)/(2z^2-y^2+x^2) */
+        gf u;
+
+        gf_sqr(x, q->x);
+        gf_sqr(t, q->y);
+        gf_add(u, x, t);
+        gf_add(z, q->y, q->x);
+        gf_sqr(y, z);
+        gf_sub(y, y, u);
+        gf_sub(z, t, x);
+        gf_sqr(x, q->z);
+        gf_add(t, x, x);
+        gf_sub(t, t, z);
+        gf_mul(x, t, y);
+        gf_mul(y, z, u);
+        gf_mul(z, u, t);
+        OPENSSL_cleanse(u, sizeof(u));
+    }
+
+    /* Affinize */
+    gf_invert(z, z, 1);
+    gf_mul(t, x, z);
+    gf_mul(x, y, z);
+
+    /* Encode */
+    enc[EDDSA_448_PRIVATE_BYTES - 1] = 0;
+    gf_serialize(enc, x, 1);
+    enc[EDDSA_448_PRIVATE_BYTES - 1] |= 0x80 & gf_lobit(t);
+
+    OPENSSL_cleanse(x, sizeof(x));
+    OPENSSL_cleanse(y, sizeof(y));
+    OPENSSL_cleanse(z, sizeof(z));
+    OPENSSL_cleanse(t, sizeof(t));
+    curve448_point_destroy(q);
+}
+
+c448_error_t curve448_point_decode_like_eddsa_and_mul_by_ratio(
+                                curve448_point_t p,
+                                const uint8_t enc[EDDSA_448_PUBLIC_BYTES])
+{
+    uint8_t enc2[EDDSA_448_PUBLIC_BYTES];
+    mask_t low;
+    mask_t succ;
+
+    memcpy(enc2, enc, sizeof(enc2));
+
+    low = ~word_is_zero(enc2[EDDSA_448_PRIVATE_BYTES - 1] & 0x80);
+    enc2[EDDSA_448_PRIVATE_BYTES - 1] &= ~0x80;
+
+    succ = gf_deserialize(p->y, enc2, 1, 0);
+    succ &= word_is_zero(enc2[EDDSA_448_PRIVATE_BYTES - 1]);
+
+    gf_sqr(p->x, p->y);
+    gf_sub(p->z, ONE, p->x);    /* num = 1-y^2 */
+    gf_mulw(p->t, p->x, EDWARDS_D); /* dy^2 */
+    gf_sub(p->t, ONE, p->t);    /* denom = 1-dy^2 or 1-d + dy^2 */
+
+    gf_mul(p->x, p->z, p->t);
+    succ &= gf_isr(p->t, p->x); /* 1/sqrt(num * denom) */
+
+    gf_mul(p->x, p->t, p->z);   /* sqrt(num / denom) */
+    gf_cond_neg(p->x, gf_lobit(p->x) ^ low);
+    gf_copy(p->z, ONE);
+
+    {
+        gf a, b, c, d;
+
+        /* 4-isogeny 2xy/(y^2-ax^2), (y^2+ax^2)/(2-y^2-ax^2) */
+        gf_sqr(c, p->x);
+        gf_sqr(a, p->y);
+        gf_add(d, c, a);
+        gf_add(p->t, p->y, p->x);
+        gf_sqr(b, p->t);
+        gf_sub(b, b, d);
+        gf_sub(p->t, a, c);
+        gf_sqr(p->x, p->z);
+        gf_add(p->z, p->x, p->x);
+        gf_sub(a, p->z, d);
+        gf_mul(p->x, a, b);
+        gf_mul(p->z, p->t, a);
+        gf_mul(p->y, p->t, d);
+        gf_mul(p->t, b, d);
+        OPENSSL_cleanse(a, sizeof(a));
+        OPENSSL_cleanse(b, sizeof(b));
+        OPENSSL_cleanse(c, sizeof(c));
+        OPENSSL_cleanse(d, sizeof(d));
+    }
+
+    OPENSSL_cleanse(enc2, sizeof(enc2));
+    assert(curve448_point_valid(p) || ~succ);
+
+    return c448_succeed_if(mask_to_bool(succ));
+}
+
+c448_error_t x448_int(uint8_t out[X_PUBLIC_BYTES],
+                      const uint8_t base[X_PUBLIC_BYTES],
+                      const uint8_t scalar[X_PRIVATE_BYTES])
+{
+    gf x1, x2, z2, x3, z3, t1, t2;
+    int t;
+    mask_t swap = 0;
+    mask_t nz;
+
+    (void)gf_deserialize(x1, base, 1, 0);
+    gf_copy(x2, ONE);
+    gf_copy(z2, ZERO);
+    gf_copy(x3, x1);
+    gf_copy(z3, ONE);
+
+    for (t = X_PRIVATE_BITS - 1; t >= 0; t--) {
+        uint8_t sb = scalar[t / 8];
+        mask_t k_t;
+
+        /* Scalar conditioning */
+        if (t / 8 == 0)
+            sb &= -(uint8_t)COFACTOR;
+        else if (t == X_PRIVATE_BITS - 1)
+            sb = -1;
+
+        k_t = (sb >> (t % 8)) & 1;
+        k_t = 0 - k_t;             /* set to all 0s or all 1s */
+
+        swap ^= k_t;
+        gf_cond_swap(x2, x3, swap);
+        gf_cond_swap(z2, z3, swap);
+        swap = k_t;
+
+        /*
+         * The "_nr" below skips coefficient reduction. In the following
+         * comments, "2+e" is saying that the coefficients are at most 2+epsilon
+         * times the reduction limit.
+         */
+        gf_add_nr(t1, x2, z2);  /* A = x2 + z2 */ /* 2+e */
+        gf_sub_nr(t2, x2, z2);  /* B = x2 - z2 */ /* 3+e */
+        gf_sub_nr(z2, x3, z3);  /* D = x3 - z3 */ /* 3+e */
+        gf_mul(x2, t1, z2);     /* DA */
+        gf_add_nr(z2, z3, x3);  /* C = x3 + z3 */ /* 2+e */
+        gf_mul(x3, t2, z2);     /* CB */
+        gf_sub_nr(z3, x2, x3);  /* DA-CB */ /* 3+e */
+        gf_sqr(z2, z3);         /* (DA-CB)^2 */
+        gf_mul(z3, x1, z2);     /* z3 = x1(DA-CB)^2 */
+        gf_add_nr(z2, x2, x3);  /* (DA+CB) */ /* 2+e */
+        gf_sqr(x3, z2);         /* x3 = (DA+CB)^2 */
+
+        gf_sqr(z2, t1);         /* AA = A^2 */
+        gf_sqr(t1, t2);         /* BB = B^2 */
+        gf_mul(x2, z2, t1);     /* x2 = AA*BB */
+        gf_sub_nr(t2, z2, t1);  /* E = AA-BB */ /* 3+e */
+
+        gf_mulw(t1, t2, -EDWARDS_D); /* E*-d = a24*E */
+        gf_add_nr(t1, t1, z2);  /* AA + a24*E */ /* 2+e */
+        gf_mul(z2, t2, t1);     /* z2 = E(AA+a24*E) */
+    }
+
+    /* Finish */
+    gf_cond_swap(x2, x3, swap);
+    gf_cond_swap(z2, z3, swap);
+    gf_invert(z2, z2, 0);
+    gf_mul(x1, x2, z2);
+    gf_serialize(out, x1, 1);
+    nz = ~gf_eq(x1, ZERO);
+
+    OPENSSL_cleanse(x1, sizeof(x1));
+    OPENSSL_cleanse(x2, sizeof(x2));
+    OPENSSL_cleanse(z2, sizeof(z2));
+    OPENSSL_cleanse(x3, sizeof(x3));
+    OPENSSL_cleanse(z3, sizeof(z3));
+    OPENSSL_cleanse(t1, sizeof(t1));
+    OPENSSL_cleanse(t2, sizeof(t2));
+
+    return c448_succeed_if(mask_to_bool(nz));
+}
+
+void curve448_point_mul_by_ratio_and_encode_like_x448(uint8_t
+                                                      out[X_PUBLIC_BYTES],
+                                                      const curve448_point_t p)
+{
+    curve448_point_t q;
+
+    curve448_point_copy(q, p);
+    gf_invert(q->t, q->x, 0);   /* 1/x */
+    gf_mul(q->z, q->t, q->y);   /* y/x */
+    gf_sqr(q->y, q->z);         /* (y/x)^2 */
+    gf_serialize(out, q->y, 1);
+    curve448_point_destroy(q);
+}
+
+void x448_derive_public_key(uint8_t out[X_PUBLIC_BYTES],
+                            const uint8_t scalar[X_PRIVATE_BYTES])
+{
+    /* Scalar conditioning */
+    uint8_t scalar2[X_PRIVATE_BYTES];
+    curve448_scalar_t the_scalar;
+    curve448_point_t p;
+    unsigned int i;
+
+    memcpy(scalar2, scalar, sizeof(scalar2));
+    scalar2[0] &= -(uint8_t)COFACTOR;
+
+    scalar2[X_PRIVATE_BYTES - 1] &= ~((0u - 1u) << ((X_PRIVATE_BITS + 7) % 8));
+    scalar2[X_PRIVATE_BYTES - 1] |= 1 << ((X_PRIVATE_BITS + 7) % 8);
+
+    curve448_scalar_decode_long(the_scalar, scalar2, sizeof(scalar2));
+
+    /* Compensate for the encoding ratio */
+    for (i = 1; i < X448_ENCODE_RATIO; i <<= 1)
+        curve448_scalar_halve(the_scalar, the_scalar);
+
+    curve448_precomputed_scalarmul(p, curve448_precomputed_base, the_scalar);
+    curve448_point_mul_by_ratio_and_encode_like_x448(out, p);
+    curve448_point_destroy(p);
+}
+
+/* Control for variable-time scalar multiply algorithms. */
+struct smvt_control {
+    int power, addend;
+};
+
+#if defined(__GNUC__) && (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 3))
+# define NUMTRAILINGZEROS	__builtin_ctz
+#else
+# define NUMTRAILINGZEROS	numtrailingzeros
+static uint32_t numtrailingzeros(uint32_t i)
+{
+    uint32_t tmp;
+    uint32_t num = 31;
+
+    if (i == 0)
+        return 32;
+
+    tmp = i << 16;
+    if (tmp != 0) {
+        i = tmp;
+        num -= 16;
+    }
+    tmp = i << 8;
+    if (tmp != 0) {
+        i = tmp;
+        num -= 8;
+    }
+    tmp = i << 4;
+    if (tmp != 0) {
+        i = tmp;
+        num -= 4;
+    }
+    tmp = i << 2;
+    if (tmp != 0) {
+        i = tmp;
+        num -= 2;
+    }
+    tmp = i << 1;
+    if (tmp != 0)
+        num--;
+
+    return num;
+}
+#endif
+
+static int recode_wnaf(struct smvt_control *control,
+                       /* [nbits/(table_bits + 1) + 3] */
+                       const curve448_scalar_t scalar,
+                       unsigned int table_bits)
+{
+    unsigned int table_size = C448_SCALAR_BITS / (table_bits + 1) + 3;
+    int position = table_size - 1; /* at the end */
+    uint64_t current = scalar->limb[0] & 0xFFFF;
+    uint32_t mask = (1 << (table_bits + 1)) - 1;
+    unsigned int w;
+    const unsigned int B_OVER_16 = sizeof(scalar->limb[0]) / 2;
+    unsigned int n, i;
+
+    /* place the end marker */
+    control[position].power = -1;
+    control[position].addend = 0;
+    position--;
+
+    /*
+     * PERF: Could negate scalar if it's large.  But then would need more cases
+     * in the actual code that uses it, all for an expected reduction of like
+     * 1/5 op. Probably not worth it.
+     */
+
+    for (w = 1; w < (C448_SCALAR_BITS - 1) / 16 + 3; w++) {
+        if (w < (C448_SCALAR_BITS - 1) / 16 + 1) {
+            /* Refill the 16 high bits of current */
+            current += (uint32_t)((scalar->limb[w / B_OVER_16]
+                       >> (16 * (w % B_OVER_16))) << 16);
+        }
+
+        while (current & 0xFFFF) {
+            uint32_t pos = NUMTRAILINGZEROS((uint32_t)current);
+            uint32_t odd = (uint32_t)current >> pos;
+            int32_t delta = odd & mask;
+
+            assert(position >= 0);
+            if (odd & (1 << (table_bits + 1)))
+                delta -= (1 << (table_bits + 1));
+            current -= delta * (1 << pos);
+            control[position].power = pos + 16 * (w - 1);
+            control[position].addend = delta;
+            position--;
+        }
+        current >>= 16;
+    }
+    assert(current == 0);
+
+    position++;
+    n = table_size - position;
+    for (i = 0; i < n; i++)
+        control[i] = control[i + position];
+
+    return n - 1;
+}
+
+static void prepare_wnaf_table(pniels_t * output,
+                               const curve448_point_t working,
+                               unsigned int tbits)
+{
+    curve448_point_t tmp;
+    int i;
+    pniels_t twop;
+
+    pt_to_pniels(output[0], working);
+
+    if (tbits == 0)
+        return;
+
+    curve448_point_double(tmp, working);
+    pt_to_pniels(twop, tmp);
+
+    add_pniels_to_pt(tmp, output[0], 0);
+    pt_to_pniels(output[1], tmp);
+
+    for (i = 2; i < 1 << tbits; i++) {
+        add_pniels_to_pt(tmp, twop, 0);
+        pt_to_pniels(output[i], tmp);
+    }
+
+    curve448_point_destroy(tmp);
+    OPENSSL_cleanse(twop, sizeof(twop));
+}
+
+void curve448_base_double_scalarmul_non_secret(curve448_point_t combo,
+                                               const curve448_scalar_t scalar1,
+                                               const curve448_point_t base2,
+                                               const curve448_scalar_t scalar2)
+{
+    const int table_bits_var = C448_WNAF_VAR_TABLE_BITS;
+    const int table_bits_pre = C448_WNAF_FIXED_TABLE_BITS;
+    struct smvt_control control_var[C448_SCALAR_BITS /
+                                    (C448_WNAF_VAR_TABLE_BITS + 1) + 3];
+    struct smvt_control control_pre[C448_SCALAR_BITS /
+                                    (C448_WNAF_FIXED_TABLE_BITS + 1) + 3];
+    int ncb_pre = recode_wnaf(control_pre, scalar1, table_bits_pre);
+    int ncb_var = recode_wnaf(control_var, scalar2, table_bits_var);
+    pniels_t precmp_var[1 << C448_WNAF_VAR_TABLE_BITS];
+    int contp = 0, contv = 0, i;
+
+    prepare_wnaf_table(precmp_var, base2, table_bits_var);
+    i = control_var[0].power;
+
+    if (i < 0) {
+        curve448_point_copy(combo, curve448_point_identity);
+        return;
+    }
+    if (i > control_pre[0].power) {
+        pniels_to_pt(combo, precmp_var[control_var[0].addend >> 1]);
+        contv++;
+    } else if (i == control_pre[0].power && i >= 0) {
+        pniels_to_pt(combo, precmp_var[control_var[0].addend >> 1]);
+        add_niels_to_pt(combo, curve448_wnaf_base[control_pre[0].addend >> 1],
+                        i);
+        contv++;
+        contp++;
+    } else {
+        i = control_pre[0].power;
+        niels_to_pt(combo, curve448_wnaf_base[control_pre[0].addend >> 1]);
+        contp++;
+    }
+
+    for (i--; i >= 0; i--) {
+        int cv = (i == control_var[contv].power);
+        int cp = (i == control_pre[contp].power);
+
+        point_double_internal(combo, combo, i && !(cv || cp));
+
+        if (cv) {
+            assert(control_var[contv].addend);
+
+            if (control_var[contv].addend > 0)
+                add_pniels_to_pt(combo,
+                                 precmp_var[control_var[contv].addend >> 1],
+                                 i && !cp);
+            else
+                sub_pniels_from_pt(combo,
+                                   precmp_var[(-control_var[contv].addend)
+                                              >> 1], i && !cp);
+            contv++;
+        }
+
+        if (cp) {
+            assert(control_pre[contp].addend);
+
+            if (control_pre[contp].addend > 0)
+                add_niels_to_pt(combo,
+                                curve448_wnaf_base[control_pre[contp].addend
+                                                   >> 1], i);
+            else
+                sub_niels_from_pt(combo,
+                                  curve448_wnaf_base[(-control_pre
+                                                      [contp].addend) >> 1], i);
+            contp++;
+        }
+    }
+
+    /* This function is non-secret, but whatever this is cheap. */
+    OPENSSL_cleanse(control_var, sizeof(control_var));
+    OPENSSL_cleanse(control_pre, sizeof(control_pre));
+    OPENSSL_cleanse(precmp_var, sizeof(precmp_var));
+
+    assert(contv == ncb_var);
+    (void)ncb_var;
+    assert(contp == ncb_pre);
+    (void)ncb_pre;
+}
+
+void curve448_point_destroy(curve448_point_t point)
+{
+    OPENSSL_cleanse(point, sizeof(curve448_point_t));
+}
+
+int X448(uint8_t out_shared_key[56], const uint8_t private_key[56],
+         const uint8_t peer_public_value[56])
+{
+    return x448_int(out_shared_key, peer_public_value, private_key)
+           == C448_SUCCESS;
+}
+
+void X448_public_from_private(uint8_t out_public_value[56],
+                              const uint8_t private_key[56])
+{
+    x448_derive_public_key(out_public_value, private_key);
+}
diff --git a/freebsd/crypto/openssl/crypto/ec/curve448/curve448_lcl.h b/freebsd/crypto/openssl/crypto/ec/curve448/curve448_lcl.h
new file mode 100644
index 00000000..2bc3bd84
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/ec/curve448/curve448_lcl.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+#ifndef HEADER_CURVE448_LCL_H
+# define HEADER_CURVE448_LCL_H
+# include "curve448utils.h"
+
+int X448(uint8_t out_shared_key[56], const uint8_t private_key[56],
+         const uint8_t peer_public_value[56]);
+
+void X448_public_from_private(uint8_t out_public_value[56],
+                              const uint8_t private_key[56]);
+
+int ED448_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len,
+               const uint8_t public_key[57], const uint8_t private_key[57],
+               const uint8_t *context, size_t context_len);
+
+int ED448_verify(const uint8_t *message, size_t message_len,
+                 const uint8_t signature[114], const uint8_t public_key[57],
+                 const uint8_t *context, size_t context_len);
+
+int ED448ph_sign(uint8_t *out_sig, const uint8_t hash[64],
+                 const uint8_t public_key[57], const uint8_t private_key[57],
+                 const uint8_t *context, size_t context_len);
+
+int ED448ph_verify(const uint8_t hash[64], const uint8_t signature[114],
+                   const uint8_t public_key[57], const uint8_t *context,
+                   size_t context_len);
+
+int ED448_public_from_private(uint8_t out_public_key[57],
+                              const uint8_t private_key[57]);
+
+#endif              /* HEADER_CURVE448_LCL_H */
diff --git a/freebsd/crypto/openssl/crypto/ec/curve448/curve448_tables.c b/freebsd/crypto/openssl/crypto/ec/curve448/curve448_tables.c
new file mode 100644
index 00000000..3a6e9fa6
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/ec/curve448/curve448_tables.c
@@ -0,0 +1,477 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2016 Cryptography Research, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Mike Hamburg
+ */
+#include "field.h"
+
+#include "point_448.h"
+
+static const curve448_precomputed_s curve448_precomputed_base_table = {
+    {
+        {{
+            {FIELD_LITERAL(0x00cc3b062366f4cc,0x003d6e34e314aa3c,0x00d51c0a7521774d,0x0094e060eec6ab8b,0x00d21291b4d80082,0x00befed12b55ef1e,0x00c3dd2df5c94518,0x00e0a7b112b8d4e6)},
+            {FIELD_LITERAL(0x0019eb5608d8723a,0x00d1bab52fb3aedb,0x00270a7311ebc90c,0x0037c12b91be7f13,0x005be16cd8b5c704,0x003e181acda888e1,0x00bc1f00fc3fc6d0,0x00d3839bfa319e20)},
+            {FIELD_LITERAL(0x003caeb88611909f,0x00ea8b378c4df3d4,0x00b3295b95a5a19a,0x00a65f97514bdfb5,0x00b39efba743cab1,0x0016ba98b862fd2d,0x0001508812ee71d7,0x000a75740eea114a)},
+        }}, {{
+            {FIELD_LITERAL(0x00ebcf0eb649f823,0x00166d332e98ea03,0x0059ddf64f5cd5f6,0x0047763123d9471b,0x00a64065c53ef62f,0x00978e44c480153d,0x000b5b2a0265f194,0x0046a24b9f32965a)},
+            {FIELD_LITERAL(0x00b9eef787034df0,0x0020bc24de3390cd,0x000022160bae99bb,0x00ae66e886e97946,0x0048d4bbe02cbb8b,0x0072ba97b34e38d4,0x00eae7ec8f03e85a,0x005ba92ecf808b2c)},
+            {FIELD_LITERAL(0x00c9cfbbe74258fd,0x00843a979ea9eaa7,0x000cbb4371cfbe90,0x0059bac8f7f0a628,0x004b3dff882ff530,0x0011869df4d90733,0x00595aa71f4abfc2,0x0070e2d38990c2e6)},
+        }}, {{
+            {FIELD_LITERAL(0x00de2010c0a01733,0x00c739a612e24297,0x00a7212643141d7c,0x00f88444f6b67c11,0x00484b7b16ec28f2,0x009c1b8856af9c68,0x00ff4669591fe9d6,0x0054974be08a32c8)},
+            {FIELD_LITERAL(0x0010de3fd682ceed,0x008c07642d83ca4e,0x0013bb064e00a1cc,0x009411ae27870e11,0x00ea8e5b4d531223,0x0032fe7d2aaece2e,0x00d989e243e7bb41,0x000fe79a508e9b8b)},
+            {FIELD_LITERAL(0x005e0426b9bfc5b1,0x0041a5b1d29ee4fa,0x0015b0def7774391,0x00bc164f1f51af01,0x00d543b0942797b9,0x003c129b6398099c,0x002b114c6e5adf18,0x00b4e630e4018a7b)},
+        }}, {{
+            {FIELD_LITERAL(0x00d490afc95f8420,0x00b096bf50c1d9b9,0x00799fd707679866,0x007c74d9334afbea,0x00efaa8be80ff4ed,0x0075c4943bb81694,0x00c21c2fca161f36,0x00e77035d492bfee)},
+            {FIELD_LITERAL(0x006658a190dd6661,0x00e0e9bab38609a6,0x0028895c802237ed,0x006a0229c494f587,0x002dcde96c9916b7,0x00d158822de16218,0x00173b917a06856f,0x00ca78a79ae07326)},
+            {FIELD_LITERAL(0x00e35bfc79caced4,0x0087238a3e1fe3bb,0x00bcbf0ff4ceff5b,0x00a19c1c94099b91,0x0071e102b49db976,0x0059e3d004eada1e,0x008da78afa58a47e,0x00579c8ebf269187)},
+        }}, {{
+            {FIELD_LITERAL(0x00a16c2905eee75f,0x009d4bcaea2c7e1d,0x00d3bd79bfad19df,0x0050da745193342c,0x006abdb8f6b29ab1,0x00a24fe0a4fef7ef,0x0063730da1057dfb,0x00a08c312c8eb108)},
+            {FIELD_LITERAL(0x00b583be005375be,0x00a40c8f8a4e3df4,0x003fac4a8f5bdbf7,0x00d4481d872cd718,0x004dc8749cdbaefe,0x00cce740d5e5c975,0x000b1c1f4241fd21,0x00a76de1b4e1cd07)},
+            {FIELD_LITERAL(0x007a076500d30b62,0x000a6e117b7f090f,0x00c8712ae7eebd9a,0x000fbd6c1d5f6ff7,0x003a7977246ebf11,0x00166ed969c6600e,0x00aa42e469c98bec,0x00dc58f307cf0666)},
+        }}, {{
+            {FIELD_LITERAL(0x004b491f65a9a28b,0x006a10309e8a55b7,0x00b67210185187ef,0x00cf6497b12d9b8f,0x0085778c56e2b1ba,0x0015b4c07a814d85,0x00686479e62da561,0x008de5d88f114916)},
+            {FIELD_LITERAL(0x00e37c88d6bba7b1,0x003e4577e1b8d433,0x0050d8ea5f510ec0,0x0042fc9f2da9ef59,0x003bd074c1141420,0x00561b8b7b68774e,0x00232e5e5d1013a3,0x006b7f2cb3d7e73f)},
+            {FIELD_LITERAL(0x004bdd0f0b41e6a0,0x001773057c405d24,0x006029f99915bd97,0x006a5ba70a17fe2f,0x0046111977df7e08,0x004d8124c89fb6b7,0x00580983b2bb2724,0x00207bf330d6f3fe)},
+        }}, {{
+            {FIELD_LITERAL(0x007efdc93972a48b,0x002f5e50e78d5fee,0x0080dc11d61c7fe5,0x0065aa598707245b,0x009abba2300641be,0x000c68787656543a,0x00ffe0fef2dc0a17,0x00007ffbd6cb4f3a)},
+            {FIELD_LITERAL(0x0036012f2b836efc,0x00458c126d6b5fbc,0x00a34436d719ad1e,0x0097be6167117dea,0x0009c219c879cff3,0x0065564493e60755,0x00993ac94a8cdec0,0x002d4885a4d0dbaf)},
+            {FIELD_LITERAL(0x00598b60b4c068ba,0x00c547a0be7f1afd,0x009582164acf12af,0x00af4acac4fbbe40,0x005f6ca7c539121a,0x003b6e752ebf9d66,0x00f08a30d5cac5d4,0x00e399bb5f97c5a9)},
+        }}, {{
+            {FIELD_LITERAL(0x007445a0409c0a66,0x00a65c369f3829c0,0x0031d248a4f74826,0x006817f34defbe8e,0x00649741d95ebf2e,0x00d46466ab16b397,0x00fdc35703bee414,0x00343b43334525f8)},
+            {FIELD_LITERAL(0x001796bea93f6401,0x00090c5a42e85269,0x00672412ba1252ed,0x001201d47b6de7de,0x006877bccfe66497,0x00b554fd97a4c161,0x009753f42dbac3cf,0x00e983e3e378270a)},
+            {FIELD_LITERAL(0x00ac3eff18849872,0x00f0eea3bff05690,0x00a6d72c21dd505d,0x001b832642424169,0x00a6813017b540e5,0x00a744bd71b385cd,0x0022a7d089130a7b,0x004edeec9a133486)},
+        }}, {{
+            {FIELD_LITERAL(0x00b2d6729196e8a9,0x0088a9bb2031cef4,0x00579e7787dc1567,0x0030f49feb059190,0x00a0b1d69c7f7d8f,0x0040bdcc6d9d806f,0x00d76c4037edd095,0x00bbf24376415dd7)},
+            {FIELD_LITERAL(0x00240465ff5a7197,0x00bb97e76caf27d0,0x004b4edbf8116d39,0x001d8586f708cbaa,0x000f8ee8ff8e4a50,0x00dde5a1945dd622,0x00e6fc1c0957e07c,0x0041c9cdabfd88a0)},
+            {FIELD_LITERAL(0x005344b0bf5b548c,0x002957d0b705cc99,0x00f586a70390553d,0x0075b3229f583cc3,0x00a1aa78227490e4,0x001bf09cf7957717,0x00cf6bf344325f52,0x0065bd1c23ca3ecf)},
+        }}, {{
+            {FIELD_LITERAL(0x009bff3b3239363c,0x00e17368796ef7c0,0x00528b0fe0971f3a,0x0008014fc8d4a095,0x00d09f2e8a521ec4,0x006713ab5dde5987,0x0003015758e0dbb1,0x00215999f1ba212d)},
+            {FIELD_LITERAL(0x002c88e93527da0e,0x0077c78f3456aad5,0x0071087a0a389d1c,0x00934dac1fb96dbd,0x008470e801162697,0x005bc2196cd4ad49,0x00e535601d5087c3,0x00769888700f497f)},
+            {FIELD_LITERAL(0x00da7a4b557298ad,0x0019d2589ea5df76,0x00ef3e38be0c6497,0x00a9644e1312609a,0x004592f61b2558da,0x0082c1df510d7e46,0x0042809a535c0023,0x00215bcb5afd7757)},
+        }}, {{
+            {FIELD_LITERAL(0x002b9df55a1a4213,0x00dcfc3b464a26be,0x00c4f9e07a8144d5,0x00c8e0617a92b602,0x008e3c93accafae0,0x00bf1bcb95b2ca60,0x004ce2426a613bf3,0x00266cac58e40921)},
+            {FIELD_LITERAL(0x008456d5db76e8f0,0x0032ca9cab2ce163,0x0059f2b8bf91abcf,0x0063c2a021712788,0x00f86155af22f72d,0x00db98b2a6c005a0,0x00ac6e416a693ac4,0x007a93572af53226)},
+            {FIELD_LITERAL(0x0087767520f0de22,0x0091f64012279fb5,0x001050f1f0644999,0x004f097a2477ad3c,0x006b37913a9947bd,0x001a3d78645af241,0x0057832bbb3008a7,0x002c1d902b80dc20)},
+        }}, {{
+            {FIELD_LITERAL(0x001a6002bf178877,0x009bce168aa5af50,0x005fc318ff04a7f5,0x0052818f55c36461,0x008768f5d4b24afb,0x0037ffbae7b69c85,0x0018195a4b61edc0,0x001e12ea088434b2)},
+            {FIELD_LITERAL(0x0047d3f804e7ab07,0x00a809ab5f905260,0x00b3ffc7cdaf306d,0x00746e8ec2d6e509,0x00d0dade8887a645,0x00acceeebde0dd37,0x009bc2579054686b,0x0023804f97f1c2bf)},
+            {FIELD_LITERAL(0x0043e2e2e50b80d7,0x00143aafe4427e0f,0x005594aaecab855b,0x008b12ccaaecbc01,0x002deeb091082bc3,0x009cca4be2ae7514,0x00142b96e696d047,0x00ad2a2b1c05256a)},
+        }}, {{
+            {FIELD_LITERAL(0x003914f2f144b78b,0x007a95dd8bee6f68,0x00c7f4384d61c8e6,0x004e51eb60f1bdb2,0x00f64be7aa4621d8,0x006797bfec2f0ac0,0x007d17aab3c75900,0x001893e73cac8bc5)},
+            {FIELD_LITERAL(0x00140360b768665b,0x00b68aca4967f977,0x0001089b66195ae4,0x00fe71122185e725,0x000bca2618d49637,0x00a54f0557d7e98a,0x00cdcd2f91d6f417,0x00ab8c13741fd793)},
+            {FIELD_LITERAL(0x00725ee6b1e549e0,0x007124a0769777fa,0x000b68fdad07ae42,0x0085b909cd4952df,0x0092d2e3c81606f4,0x009f22f6cac099a0,0x00f59da57f2799a8,0x00f06c090122f777)},
+        }}, {{
+            {FIELD_LITERAL(0x00ce0bed0a3532bc,0x001a5048a22df16b,0x00e31db4cbad8bf1,0x00e89292120cf00e,0x007d1dd1a9b00034,0x00e2a9041ff8f680,0x006a4c837ae596e7,0x00713af1068070b3)},
+            {FIELD_LITERAL(0x00c4fe64ce66d04b,0x00b095d52e09b3d7,0x00758bbecb1a3a8e,0x00f35cce8d0650c0,0x002b878aa5984473,0x0062e0a3b7544ddc,0x00b25b290ed116fe,0x007b0f6abe0bebf2)},
+            {FIELD_LITERAL(0x0081d4e3addae0a8,0x003410c836c7ffcc,0x00c8129ad89e4314,0x000e3d5a23922dcd,0x00d91e46f29c31f3,0x006c728cde8c5947,0x002bc655ba2566c0,0x002ca94721533108)},
+        }}, {{
+            {FIELD_LITERAL(0x0051e4b3f764d8a9,0x0019792d46e904a0,0x00853bc13dbc8227,0x000840208179f12d,0x0068243474879235,0x0013856fbfe374d0,0x00bda12fe8676424,0x00bbb43635926eb2)},
+            {FIELD_LITERAL(0x0012cdc880a93982,0x003c495b21cd1b58,0x00b7e5c93f22a26e,0x0044aa82dfb99458,0x009ba092cdffe9c0,0x00a14b3ab2083b73,0x000271c2f70e1c4b,0x00eea9cac0f66eb8)},
+            {FIELD_LITERAL(0x001a1847c4ac5480,0x00b1b412935bb03a,0x00f74285983bf2b2,0x00624138b5b5d0f1,0x008820c0b03d38bf,0x00b94e50a18c1572,0x0060f6934841798f,0x00c52f5d66d6ebe2)},
+        }}, {{
+            {FIELD_LITERAL(0x00da23d59f9bcea6,0x00e0f27007a06a4b,0x00128b5b43a6758c,0x000cf50190fa8b56,0x00fc877aba2b2d72,0x00623bef52edf53f,0x00e6af6b819669e2,0x00e314dc34fcaa4f)},
+            {FIELD_LITERAL(0x0066e5eddd164d1e,0x00418a7c6fe28238,0x0002e2f37e962c25,0x00f01f56b5975306,0x0048842fa503875c,0x0057b0e968078143,0x00ff683024f3d134,0x0082ae28fcad12e4)},
+            {FIELD_LITERAL(0x0011ddfd21260e42,0x00d05b0319a76892,0x00183ea4368e9b8f,0x00b0815662affc96,0x00b466a5e7ce7c88,0x00db93b07506e6ee,0x0033885f82f62401,0x0086f9090ec9b419)},
+        }}, {{
+            {FIELD_LITERAL(0x00d95d1c5fcb435a,0x0016d1ed6b5086f9,0x00792aa0b7e54d71,0x0067b65715f1925d,0x00a219755ec6176b,0x00bc3f026b12c28f,0x00700c897ffeb93e,0x0089b83f6ec50b46)},
+            {FIELD_LITERAL(0x003c97e6384da36e,0x00423d53eac81a09,0x00b70d68f3cdce35,0x00ee7959b354b92c,0x00f4e9718819c8ca,0x009349f12acbffe9,0x005aee7b62cb7da6,0x00d97764154ffc86)},
+            {FIELD_LITERAL(0x00526324babb46dc,0x002ee99b38d7bf9e,0x007ea51794706ef4,0x00abeb04da6e3c39,0x006b457c1d281060,0x00fe243e9a66c793,0x00378de0fb6c6ee4,0x003e4194b9c3cb93)},
+        }}, {{
+            {FIELD_LITERAL(0x00fed3cd80ca2292,0x0015b043a73ca613,0x000a9fd7bf9be227,0x003b5e03de2db983,0x005af72d46904ef7,0x00c0f1b5c49faa99,0x00dc86fc3bd305e1,0x00c92f08c1cb1797)},
+            {FIELD_LITERAL(0x0079680ce111ed3b,0x001a1ed82806122c,0x000c2e7466d15df3,0x002c407f6f7150fd,0x00c5e7c96b1b0ce3,0x009aa44626863ff9,0x00887b8b5b80be42,0x00b6023cec964825)},
+            {FIELD_LITERAL(0x00e4a8e1048970c8,0x0062887b7830a302,0x00bcf1c8cd81402b,0x0056dbb81a68f5be,0x0014eced83f12452,0x00139e1a510150df,0x00bb81140a82d1a3,0x000febcc1aaf1aa7)},
+        }}, {{
+            {FIELD_LITERAL(0x00a7527958238159,0x0013ec9537a84cd6,0x001d7fee7d562525,0x00b9eefa6191d5e5,0x00dbc97db70bcb8a,0x00481affc7a4d395,0x006f73d3e70c31bb,0x00183f324ed96a61)},
+            {FIELD_LITERAL(0x0039dd7ce7fc6860,0x00d64f6425653da1,0x003e037c7f57d0af,0x0063477a06e2bcf2,0x001727dbb7ac67e6,0x0049589f5efafe2e,0x00fc0fef2e813d54,0x008baa5d087fb50d)},
+            {FIELD_LITERAL(0x0024fb59d9b457c7,0x00a7d4e060223e4c,0x00c118d1b555fd80,0x0082e216c732f22a,0x00cd2a2993089504,0x003638e836a3e13d,0x000d855ee89b4729,0x008ec5b7d4810c91)},
+        }}, {{
+            {FIELD_LITERAL(0x001bf51f7d65cdfd,0x00d14cdafa16a97d,0x002c38e60fcd10e7,0x00a27446e393efbd,0x000b5d8946a71fdd,0x0063df2cde128f2f,0x006c8679569b1888,0x0059ffc4925d732d)},
+            {FIELD_LITERAL(0x00ece96f95f2b66f,0x00ece7952813a27b,0x0026fc36592e489e,0x007157d1a2de0f66,0x00759dc111d86ddf,0x0012881e5780bb0f,0x00c8ccc83ad29496,0x0012b9bd1929eb71)},
+            {FIELD_LITERAL(0x000fa15a20da5df0,0x00349ddb1a46cd31,0x002c512ad1d8e726,0x00047611f669318d,0x009e68fba591e17e,0x004320dffa803906,0x00a640874951a3d3,0x00b6353478baa24f)},
+        }}, {{
+            {FIELD_LITERAL(0x009696510000d333,0x00ec2f788bc04826,0x000e4d02b1f67ba5,0x00659aa8dace08b6,0x00d7a38a3a3ae533,0x008856defa8c746b,0x004d7a4402d3da1a,0x00ea82e06229260f)},
+            {FIELD_LITERAL(0x006a15bb20f75c0c,0x0079a144027a5d0c,0x00d19116ce0b4d70,0x0059b83bcb0b268e,0x005f58f63f16c127,0x0079958318ee2c37,0x00defbb063d07f82,0x00f1f0b931d2d446)},
+            {FIELD_LITERAL(0x00cb5e4c3c35d422,0x008df885ca43577f,0x00fa50b16ca3e471,0x005a0e58e17488c8,0x00b2ceccd6d34d19,0x00f01d5d235e36e9,0x00db2e7e4be6ca44,0x00260ab77f35fccd)},
+        }}, {{
+            {FIELD_LITERAL(0x006f6fd9baac61d5,0x002a7710a020a895,0x009de0db7fc03d4d,0x00cdedcb1875f40b,0x00050caf9b6b1e22,0x005e3a6654456ab0,0x00775fdf8c4423d4,0x0028701ea5738b5d)},
+            {FIELD_LITERAL(0x009ffd90abfeae96,0x00cba3c2b624a516,0x005ef08bcee46c91,0x00e6fde30afb6185,0x00f0b4db4f818ce4,0x006c54f45d2127f5,0x00040125035854c7,0x00372658a3287e13)},
+            {FIELD_LITERAL(0x00d7070fb1beb2ab,0x0078fc845a93896b,0x006894a4b2f224a6,0x005bdd8192b9dbde,0x00b38839874b3a9e,0x00f93618b04b7a57,0x003e3ec75fd2c67e,0x00bf5e6bfc29494a)},
+        }}, {{
+            {FIELD_LITERAL(0x00f19224ebba2aa5,0x0074f89d358e694d,0x00eea486597135ad,0x0081579a4555c7e1,0x0010b9b872930a9d,0x00f002e87a30ecc0,0x009b9d66b6de56e2,0x00a3c4f45e8004eb)},
+            {FIELD_LITERAL(0x0045e8dda9400888,0x002ff12e5fc05db7,0x00a7098d54afe69c,0x00cdbe846a500585,0x00879c1593ca1882,0x003f7a7fea76c8b0,0x002cd73dd0c8e0a1,0x00645d6ce96f51fe)},
+            {FIELD_LITERAL(0x002b7e83e123d6d6,0x00398346f7419c80,0x0042922e55940163,0x005e7fc5601886a3,0x00e88f2cee1d3103,0x00e7fab135f2e377,0x00b059984dbf0ded,0x0009ce080faa5bb8)},
+        }}, {{
+            {FIELD_LITERAL(0x0085e78af7758979,0x00275a4ee1631a3a,0x00d26bc0ed78b683,0x004f8355ea21064f,0x00d618e1a32696e5,0x008d8d7b150e5680,0x00a74cd854b278d2,0x001dd62702203ea0)},
+            {FIELD_LITERAL(0x00f89335c2a59286,0x00a0f5c905d55141,0x00b41fb836ee9382,0x00e235d51730ca43,0x00a5cb37b5c0a69a,0x009b966ffe136c45,0x00cb2ea10bf80ed1,0x00fb2b370b40dc35)},
+            {FIELD_LITERAL(0x00d687d16d4ee8ba,0x0071520bdd069dff,0x00de85c60d32355d,0x0087d2e3565102f4,0x00cde391b8dfc9aa,0x00e18d69efdfefe5,0x004a9d0591954e91,0x00fa36dd8b50eee5)},
+        }}, {{
+            {FIELD_LITERAL(0x002e788749a865f7,0x006e4dc3116861ea,0x009f1428c37276e6,0x00e7d2e0fc1e1226,0x003aeebc6b6c45f6,0x0071a8073bf500c9,0x004b22ad986b530c,0x00f439e63c0d79d4)},
+            {FIELD_LITERAL(0x006bc3d53011f470,0x00032d6e692b83e8,0x00059722f497cd0b,0x0009b4e6f0c497cc,0x0058a804b7cce6c0,0x002b71d3302bbd5d,0x00e2f82a36765fce,0x008dded99524c703)},
+            {FIELD_LITERAL(0x004d058953747d64,0x00701940fe79aa6f,0x00a620ac71c760bf,0x009532b611158b75,0x00547ed7f466f300,0x003cb5ab53a8401a,0x00c7763168ce3120,0x007e48e33e4b9ab2)},
+        }}, {{
+            {FIELD_LITERAL(0x001b2fc57bf3c738,0x006a3f918993fb80,0x0026f7a14fdec288,0x0075a2cdccef08db,0x00d3ecbc9eecdbf1,0x0048c40f06e5bf7f,0x00d63e423009896b,0x000598bc99c056a8)},
+            {FIELD_LITERAL(0x002f194eaafa46dc,0x008e38f57fe87613,0x00dc8e5ae25f4ab2,0x000a17809575e6bd,0x00d3ec7923ba366a,0x003a7e72e0ad75e3,0x0010024b88436e0a,0x00ed3c5444b64051)},
+            {FIELD_LITERAL(0x00831fc1340af342,0x00c9645669466d35,0x007692b4cc5a080f,0x009fd4a47ac9259f,0x001eeddf7d45928b,0x003c0446fc45f28b,0x002c0713aa3e2507,0x0095706935f0f41e)},
+        }}, {{
+            {FIELD_LITERAL(0x00766ae4190ec6d8,0x0065768cabc71380,0x00b902598416cdc2,0x00380021ad38df52,0x008f0b89d6551134,0x004254d4cc62c5a5,0x000d79f4484b9b94,0x00b516732ae3c50e)},
+            {FIELD_LITERAL(0x001fb73475c45509,0x00d2b2e5ea43345a,0x00cb3c3842077bd1,0x0029f90ad820946e,0x007c11b2380778aa,0x009e54ece62c1704,0x004bc60c41ca01c3,0x004525679a5a0b03)},
+            {FIELD_LITERAL(0x00c64fbddbed87b3,0x0040601d11731faa,0x009c22475b6f9d67,0x0024b79dae875f15,0x00616fed3f02c3b0,0x0000cf39f6af2d3b,0x00c46bac0aa9a688,0x00ab23e2800da204)},
+        }}, {{
+            {FIELD_LITERAL(0x000b3a37617632b0,0x00597199fe1cfb6c,0x0042a7ccdfeafdd6,0x004cc9f15ebcea17,0x00f436e596a6b4a4,0x00168861142df0d8,0x000753edfec26af5,0x000c495d7e388116)},
+            {FIELD_LITERAL(0x0017085f4a346148,0x00c7cf7a37f62272,0x001776e129bc5c30,0x009955134c9eef2a,0x001ba5bdf1df07be,0x00ec39497103a55c,0x006578354fda6cfb,0x005f02719d4f15ee)},
+            {FIELD_LITERAL(0x0052b9d9b5d9655d,0x00d4ec7ba1b461c3,0x00f95df4974f280b,0x003d8e5ca11aeb51,0x00d4981eb5a70b26,0x000af9a4f6659f29,0x004598c846faeb43,0x0049d9a183a47670)},
+        }}, {{
+            {FIELD_LITERAL(0x000a72d23dcb3f1f,0x00a3737f84011727,0x00f870c0fbbf4a47,0x00a7aadd04b5c9ca,0x000c7715c67bd072,0x00015a136afcd74e,0x0080d5caea499634,0x0026b448ec7514b7)},
+            {FIELD_LITERAL(0x00b60167d9e7d065,0x00e60ba0d07381e8,0x003a4f17b725c2d4,0x006c19fe176b64fa,0x003b57b31af86ccb,0x0021047c286180fd,0x00bdc8fb00c6dbb6,0x00fe4a9f4bab4f3f)},
+            {FIELD_LITERAL(0x0088ffc3a16111f7,0x009155e4245d0bc8,0x00851d68220572d5,0x00557ace1e514d29,0x0031d7c339d91022,0x00101d0ae2eaceea,0x00246ab3f837b66a,0x00d5216d381ff530)},
+        }}, {{
+            {FIELD_LITERAL(0x0057e7ea35f36dae,0x00f47d7ad15de22e,0x00d757ea4b105115,0x008311457d579d7e,0x00b49b75b1edd4eb,0x0081c7ff742fd63a,0x00ddda3187433df6,0x00475727d55f9c66)},
+            {FIELD_LITERAL(0x00a6295218dc136a,0x00563b3af0e9c012,0x00d3753b0145db1b,0x004550389c043dc1,0x00ea94ae27401bdf,0x002b0b949f2b7956,0x00c63f780ad8e23c,0x00e591c47d6bab15)},
+            {FIELD_LITERAL(0x00416c582b058eb6,0x004107da5b2cc695,0x00b3cd2556aeec64,0x00c0b418267e57a1,0x001799293579bd2e,0x0046ed44590e4d07,0x001d7459b3630a1e,0x00c6afba8b6696aa)},
+        }}, {{
+            {FIELD_LITERAL(0x008d6009b26da3f8,0x00898e88ca06b1ca,0x00edb22b2ed7fe62,0x00fbc93516aabe80,0x008b4b470c42ce0d,0x00e0032ba7d0dcbb,0x00d76da3a956ecc8,0x007f20fe74e3852a)},
+            {FIELD_LITERAL(0x002419222c607674,0x00a7f23af89188b3,0x00ad127284e73d1c,0x008bba582fae1c51,0x00fc6aa7ca9ecab1,0x003df5319eb6c2ba,0x002a05af8a8b199a,0x004bf8354558407c)},
+            {FIELD_LITERAL(0x00ce7d4a30f0fcbf,0x00d02c272629f03d,0x0048c001f7400bc2,0x002c21368011958d,0x0098a550391e96b5,0x002d80b66390f379,0x001fa878760cc785,0x001adfce54b613d5)},
+        }}, {{
+            {FIELD_LITERAL(0x001ed4dc71fa2523,0x005d0bff19bf9b5c,0x00c3801cee065a64,0x001ed0b504323fbf,0x0003ab9fdcbbc593,0x00df82070178b8d2,0x00a2bcaa9c251f85,0x00c628a3674bd02e)},
+            {FIELD_LITERAL(0x006b7a0674f9f8de,0x00a742414e5c7cff,0x0041cbf3c6e13221,0x00e3a64fd207af24,0x0087c05f15fbe8d1,0x004c50936d9e8a33,0x001306ec21042b6d,0x00a4f4137d1141c2)},
+            {FIELD_LITERAL(0x0009e6fb921568b0,0x00b3c60120219118,0x002a6c3460dd503a,0x009db1ef11654b54,0x0063e4bf0be79601,0x00670d34bb2592b9,0x00dcee2f6c4130ce,0x00b2682e88e77f54)},
+        }}, {{
+            {FIELD_LITERAL(0x000d5b4b3da135ab,0x00838f3e5064d81d,0x00d44eb50f6d94ed,0x0008931ab502ac6d,0x00debe01ca3d3586,0x0025c206775f0641,0x005ad4b6ae912763,0x007e2c318ad8f247)},
+            {FIELD_LITERAL(0x00ddbe0750dd1add,0x004b3c7b885844b8,0x00363e7ecf12f1ae,0x0062e953e6438f9d,0x0023cc73b076afe9,0x00b09fa083b4da32,0x00c7c3d2456c541d,0x005b591ec6b694d4)},
+            {FIELD_LITERAL(0x0028656e19d62fcf,0x0052a4af03df148d,0x00122765ddd14e42,0x00f2252904f67157,0x004741965b636f3a,0x006441d296132cb9,0x005e2106f956a5b7,0x00247029592d335c)},
+        }}, {{
+            {FIELD_LITERAL(0x003fe038eb92f894,0x000e6da1b72e8e32,0x003a1411bfcbe0fa,0x00b55d473164a9e4,0x00b9a775ac2df48d,0x0002ddf350659e21,0x00a279a69eb19cb3,0x00f844eab25cba44)},
+            {FIELD_LITERAL(0x00c41d1f9c1f1ac1,0x007b2df4e9f19146,0x00b469355fd5ba7a,0x00b5e1965afc852a,0x00388d5f1e2d8217,0x0022079e4c09ae93,0x0014268acd4ef518,0x00c1dd8d9640464c)},
+            {FIELD_LITERAL(0x0038526adeed0c55,0x00dd68c607e3fe85,0x00f746ddd48a5d57,0x0042f2952b963b7c,0x001cbbd6876d5ec2,0x005e341470bca5c2,0x00871d41e085f413,0x00e53ab098f45732)},
+        }}, {{
+            {FIELD_LITERAL(0x004d51124797c831,0x008f5ae3750347ad,0x0070ced94c1a0c8e,0x00f6db2043898e64,0x000d00c9a5750cd0,0x000741ec59bad712,0x003c9d11aab37b7f,0x00a67ba169807714)},
+            {FIELD_LITERAL(0x00adb2c1566e8b8f,0x0096c68a35771a9a,0x00869933356f334a,0x00ba9c93459f5962,0x009ec73fb6e8ca4b,0x003c3802c27202e1,0x0031f5b733e0c008,0x00f9058c19611fa9)},
+            {FIELD_LITERAL(0x00238f01814a3421,0x00c325a44b6cce28,0x002136f97aeb0e73,0x000cac8268a4afe2,0x0022fd218da471b3,0x009dcd8dfff8def9,0x00cb9f8181d999bb,0x00143ae56edea349)},
+        }}, {{
+            {FIELD_LITERAL(0x0000623bf87622c5,0x00a1966fdd069496,0x00c315b7b812f9fc,0x00bdf5efcd128b97,0x001d464f532e3e16,0x003cd94f081bfd7e,0x00ed9dae12ce4009,0x002756f5736eee70)},
+            {FIELD_LITERAL(0x00a5187e6ee7341b,0x00e6d52e82d83b6e,0x00df3c41323094a7,0x00b3324f444e9de9,0x00689eb21a35bfe5,0x00f16363becd548d,0x00e187cc98e7f60f,0x00127d9062f0ccab)},
+            {FIELD_LITERAL(0x004ad71b31c29e40,0x00a5fcace12fae29,0x004425b5597280ed,0x00e7ef5d716c3346,0x0010b53ada410ac8,0x0092310226060c9b,0x0091c26128729c7e,0x0088b42900f8ec3b)},
+        }}, {{
+            {FIELD_LITERAL(0x00f1e26e9762d4a8,0x00d9d74082183414,0x00ffec9bd57a0282,0x000919e128fd497a,0x00ab7ae7d00fe5f8,0x0054dc442851ff68,0x00c9ebeb3b861687,0x00507f7cab8b698f)},
+            {FIELD_LITERAL(0x00c13c5aae3ae341,0x009c6c9ed98373e7,0x00098f26864577a8,0x0015b886e9488b45,0x0037692c42aadba5,0x00b83170b8e7791c,0x001670952ece1b44,0x00fd932a39276da2)},
+            {FIELD_LITERAL(0x0081a3259bef3398,0x005480fff416107b,0x00ce4f607d21be98,0x003ffc084b41df9b,0x0043d0bb100502d1,0x00ec35f575ba3261,0x00ca18f677300ef3,0x00e8bb0a827d8548)},
+        }}, {{
+            {FIELD_LITERAL(0x00df76b3328ada72,0x002e20621604a7c2,0x00f910638a105b09,0x00ef4724d96ef2cd,0x00377d83d6b8a2f7,0x00b4f48805ade324,0x001cd5da8b152018,0x0045af671a20ca7f)},
+            {FIELD_LITERAL(0x009ae3b93a56c404,0x004a410b7a456699,0x00023a619355e6b2,0x009cdc7297387257,0x0055b94d4ae70d04,0x002cbd607f65b005,0x003208b489697166,0x00ea2aa058867370)},
+            {FIELD_LITERAL(0x00f29d2598ee3f32,0x00b4ac5385d82adc,0x007633eaf04df19b,0x00aa2d3d77ceab01,0x004a2302fcbb778a,0x00927f225d5afa34,0x004a8e9d5047f237,0x008224ae9dbce530)},
+        }}, {{
+            {FIELD_LITERAL(0x001cf640859b02f8,0x00758d1d5d5ce427,0x00763c784ef4604c,0x005fa81aee205270,0x00ac537bfdfc44cb,0x004b919bd342d670,0x00238508d9bf4b7a,0x00154888795644f3)},
+            {FIELD_LITERAL(0x00c845923c084294,0x00072419a201bc25,0x0045f408b5f8e669,0x00e9d6a186b74dfe,0x00e19108c68fa075,0x0017b91d874177b7,0x002f0ca2c7912c5a,0x009400aa385a90a2)},
+            {FIELD_LITERAL(0x0071110b01482184,0x00cfed0044f2bef8,0x0034f2901cf4662e,0x003b4ae2a67f9834,0x00cca9b96fe94810,0x00522507ae77abd0,0x00bac7422721e73e,0x0066622b0f3a62b0)},
+        }}, {{
+            {FIELD_LITERAL(0x00f8ac5cf4705b6a,0x00867d82dcb457e3,0x007e13ab2ccc2ce9,0x009ee9a018d3930e,0x008370f8ecb42df8,0x002d9f019add263e,0x003302385b92d196,0x00a15654536e2c0c)},
+            {FIELD_LITERAL(0x0026ef1614e160af,0x00c023f9edfc9c76,0x00cff090da5f57ba,0x0076db7a66643ae9,0x0019462f8c646999,0x008fec00b3854b22,0x00d55041692a0a1c,0x0065db894215ca00)},
+            {FIELD_LITERAL(0x00a925036e0a451c,0x002a0390c36b6cc1,0x00f27020d90894f4,0x008d90d52cbd3d7f,0x00e1d0137392f3b8,0x00f017c158b51a8f,0x00cac313d3ed7dbc,0x00b99a81e3eb42d3)},
+        }}, {{
+            {FIELD_LITERAL(0x00b54850275fe626,0x0053a3fd1ec71140,0x00e3d2d7dbe096fa,0x00e4ac7b595cce4c,0x0077bad449c0a494,0x00b7c98814afd5b3,0x0057226f58486cf9,0x00b1557154f0cc57)},
+            {FIELD_LITERAL(0x008cc9cd236315c0,0x0031d9c5b39fda54,0x00a5713ef37e1171,0x00293d5ae2886325,0x00c4aba3e05015e1,0x0003f35ef78e4fc6,0x0039d6bd3ac1527b,0x0019d7c3afb77106)},
+            {FIELD_LITERAL(0x007b162931a985af,0x00ad40a2e0daa713,0x006df27c4009f118,0x00503e9f4e2e8bec,0x00751a77c82c182d,0x000298937769245b,0x00ffb1e8fabf9ee5,0x0008334706e09abe)},
+        }}, {{
+            {FIELD_LITERAL(0x00dbca4e98a7dcd9,0x00ee29cfc78bde99,0x00e4a3b6995f52e9,0x0045d70189ae8096,0x00fd2a8a3b9b0d1b,0x00af1793b107d8e1,0x00dbf92cbe4afa20,0x00da60f798e3681d)},
+            {FIELD_LITERAL(0x004246bfcecc627a,0x004ba431246c03a4,0x00bd1d101872d497,0x003b73d3f185ee16,0x001feb2e2678c0e3,0x00ff13c5a89dec76,0x00ed06042e771d8f,0x00a4fd2a897a83dd)},
+            {FIELD_LITERAL(0x009a4a3be50d6597,0x00de3165fc5a1096,0x004f3f56e345b0c7,0x00f7bf721d5ab8bc,0x004313e47b098c50,0x00e4c7d5c0e1adbb,0x002e3e3db365051e,0x00a480c2cd6a96fb)},
+        }}, {{
+            {FIELD_LITERAL(0x00417fa30a7119ed,0x00af257758419751,0x00d358a487b463d4,0x0089703cc720b00d,0x00ce56314ff7f271,0x0064db171ade62c1,0x00640b36d4a22fed,0x00424eb88696d23f)},
+            {FIELD_LITERAL(0x004ede34af2813f3,0x00d4a8e11c9e8216,0x004796d5041de8a5,0x00c4c6b4d21cc987,0x00e8a433ee07fa1e,0x0055720b5abcc5a1,0x008873ea9c74b080,0x005b3fec1ab65d48)},
+            {FIELD_LITERAL(0x0047e5277db70ec5,0x000a096c66db7d6b,0x00b4164cc1730159,0x004a9f783fe720fe,0x00a8177b94449dbc,0x0095a24ff49a599f,0x0069c1c578250cbc,0x00452019213debf4)},
+        }}, {{
+            {FIELD_LITERAL(0x0021ce99e09ebda3,0x00fcbd9f91875ad0,0x009bbf6b7b7a0b5f,0x00388886a69b1940,0x00926a56d0f81f12,0x00e12903c3358d46,0x005dfce4e8e1ce9d,0x0044cfa94e2f7e23)},
+            {FIELD_LITERAL(0x001bd59c09e982ea,0x00f72daeb937b289,0x0018b76dca908e0e,0x00edb498512384ad,0x00ce0243b6cc9538,0x00f96ff690cb4e70,0x007c77bf9f673c8d,0x005bf704c088a528)},
+            {FIELD_LITERAL(0x0093d4628dcb33be,0x0095263d51d42582,0x0049b3222458fe06,0x00e7fce73b653a7f,0x003ca2ebce60b369,0x00c5de239a32bea4,0x0063b8b3d71fb6bf,0x0039aeeb78a1a839)},
+        }}, {{
+            {FIELD_LITERAL(0x007dc52da400336c,0x001fded1e15b9457,0x00902e00f5568e3a,0x00219bef40456d2d,0x005684161fb3dbc9,0x004a4e9be49a76ea,0x006e685ae88b78ff,0x0021c42f13042d3c)},
+            {FIELD_LITERAL(0x00fb22bb5fd3ce50,0x0017b48aada7ae54,0x00fd5c44ad19a536,0x000ccc4e4e55e45c,0x00fd637d45b4c3f5,0x0038914e023c37cf,0x00ac1881d6a8d898,0x00611ed8d3d943a8)},
+            {FIELD_LITERAL(0x0056e2259d113d2b,0x00594819b284ec16,0x00c7bf794bb36696,0x00721ee75097cdc6,0x00f71be9047a2892,0x00df6ba142564edf,0x0069580b7a184e8d,0x00f056e38fca0fee)},
+        }}, {{
+            {FIELD_LITERAL(0x009df98566a18c6d,0x00cf3a200968f219,0x0044ba60da6d9086,0x00dbc9c0e344da03,0x000f9401c4466855,0x00d46a57c5b0a8d1,0x00875a635d7ac7c6,0x00ef4a933b7e0ae6)},
+            {FIELD_LITERAL(0x005e8694077a1535,0x008bef75f71c8f1d,0x000a7c1316423511,0x00906e1d70604320,0x003fc46c1a2ffbd6,0x00d1d5022e68f360,0x002515fba37bbf46,0x00ca16234e023b44)},
+            {FIELD_LITERAL(0x00787c99561f4690,0x00a857a8c1561f27,0x00a10df9223c09fe,0x00b98a9562e3b154,0x004330b8744c3ed2,0x00e06812807ec5c4,0x00e4cf6a7db9f1e3,0x00d95b089f132a34)},
+        }}, {{
+            {FIELD_LITERAL(0x002922b39ca33eec,0x0090d12a5f3ab194,0x00ab60c02fb5f8ed,0x00188d292abba1cf,0x00e10edec9698f6e,0x0069a4d9934133c8,0x0024aac40e6d3d06,0x001702c2177661b0)},
+            {FIELD_LITERAL(0x00139078397030bd,0x000e3c447e859a00,0x0064a5b334c82393,0x00b8aabeb7358093,0x00020778bb9ae73b,0x0032ee94c7892a18,0x008215253cb41bda,0x005e2797593517ae)},
+            {FIELD_LITERAL(0x0083765a5f855d4a,0x0051b6d1351b8ee2,0x00116de548b0f7bb,0x0087bd88703affa0,0x0095b2cc34d7fdd2,0x0084cd81b53f0bc8,0x008562fc995350ed,0x00a39abb193651e3)},
+        }}, {{
+            {FIELD_LITERAL(0x0019e23f0474b114,0x00eb94c2ad3b437e,0x006ddb34683b75ac,0x00391f9209b564c6,0x00083b3bb3bff7aa,0x00eedcd0f6dceefc,0x00b50817f794fe01,0x0036474deaaa75c9)},
+            {FIELD_LITERAL(0x0091868594265aa2,0x00797accae98ca6d,0x0008d8c5f0f8a184,0x00d1f4f1c2b2fe6e,0x0036783dfb48a006,0x008c165120503527,0x0025fd780058ce9b,0x0068beb007be7d27)},
+            {FIELD_LITERAL(0x00d0ff88aa7c90c2,0x00b2c60dacf53394,0x0094a7284d9666d6,0x00bed9022ce7a19d,0x00c51553f0cd7682,0x00c3fb870b124992,0x008d0bc539956c9b,0x00fc8cf258bb8885)},
+        }}, {{
+            {FIELD_LITERAL(0x003667bf998406f8,0x0000115c43a12975,0x001e662f3b20e8fd,0x0019ffa534cb24eb,0x00016be0dc8efb45,0x00ff76a8b26243f5,0x00ae20d241a541e3,0x0069bd6af13cd430)},
+            {FIELD_LITERAL(0x0045fdc16487cda3,0x00b2d8e844cf2ed7,0x00612c50e88c1607,0x00a08aabc66c1672,0x006031fdcbb24d97,0x001b639525744b93,0x004409d62639ab17,0x00a1853d0347ab1d)},
+            {FIELD_LITERAL(0x0075a1a56ebf5c21,0x00a3e72be9ac53ed,0x00efcde1629170c2,0x0004225fe91ef535,0x0088049fc73dfda7,0x004abc74857e1288,0x0024e2434657317c,0x00d98cb3d3e5543c)},
+        }}, {{
+            {FIELD_LITERAL(0x00b4b53eab6bdb19,0x009b22d8b43711d0,0x00d948b9d961785d,0x00cb167b6f279ead,0x00191de3a678e1c9,0x00d9dd9511095c2e,0x00f284324cd43067,0x00ed74fa535151dd)},
+            {FIELD_LITERAL(0x007e32c049b5c477,0x009d2bfdbd9bcfd8,0x00636e93045938c6,0x007fde4af7687298,0x0046a5184fafa5d3,0x0079b1e7f13a359b,0x00875adf1fb927d6,0x00333e21c61bcad2)},
+            {FIELD_LITERAL(0x00048014f73d8b8d,0x0075684aa0966388,0x0092be7df06dc47c,0x0097cebcd0f5568a,0x005a7004d9c4c6a9,0x00b0ecbb659924c7,0x00d90332dd492a7c,0x0057fc14df11493d)},
+        }}, {{
+            {FIELD_LITERAL(0x0008ed8ea0ad95be,0x0041d324b9709645,0x00e25412257a19b4,0x0058df9f3423d8d2,0x00a9ab20def71304,0x009ae0dbf8ac4a81,0x00c9565977e4392a,0x003c9269444baf55)},
+            {FIELD_LITERAL(0x007df6cbb926830b,0x00d336058ae37865,0x007af47dac696423,0x0048d3011ec64ac8,0x006b87666e40049f,0x0036a2e0e51303d7,0x00ba319bd79dbc55,0x003e2737ecc94f53)},
+            {FIELD_LITERAL(0x00d296ff726272d9,0x00f6d097928fcf57,0x00e0e616a55d7013,0x00deaf454ed9eac7,0x0073a56bedef4d92,0x006ccfdf6fc92e19,0x009d1ee1371a7218,0x00ee3c2ee4462d80)},
+        }}, {{
+            {FIELD_LITERAL(0x00437bce9bccdf9d,0x00e0c8e2f85dc0a3,0x00c91a7073995a19,0x00856ec9fe294559,0x009e4b33394b156e,0x00e245b0dc497e5c,0x006a54e687eeaeff,0x00f1cd1cd00fdb7c)},
+            {FIELD_LITERAL(0x008132ae5c5d8cd1,0x00121d68324a1d9f,0x00d6be9dafcb8c76,0x00684d9070edf745,0x00519fbc96d7448e,0x00388182fdc1f27e,0x000235baed41f158,0x00bf6cf6f1a1796a)},
+            {FIELD_LITERAL(0x002adc4b4d148219,0x003084ada0d3a90a,0x0046de8aab0f2e4e,0x00452d342a67b5fd,0x00d4b50f01d4de21,0x00db6d9fc0cefb79,0x008c184c86a462cd,0x00e17c83764d42da)},
+        }}, {{
+            {FIELD_LITERAL(0x007b2743b9a1e01a,0x007847ffd42688c4,0x006c7844d610a316,0x00f0cb8b250aa4b0,0x00a19060143b3ae6,0x0014eb10b77cfd80,0x000170905729dd06,0x00063b5b9cd72477)},
+            {FIELD_LITERAL(0x00ce382dc7993d92,0x00021153e938b4c8,0x00096f7567f48f51,0x0058f81ddfe4b0d5,0x00cc379a56b355c7,0x002c760770d3e819,0x00ee22d1d26e5a40,0x00de6d93d5b082d7)},
+            {FIELD_LITERAL(0x000a91a42c52e056,0x00185f6b77fce7ea,0x000803c51962f6b5,0x0022528582ba563d,0x0043f8040e9856d6,0x0085a29ec81fb860,0x005f9a611549f5ff,0x00c1f974ecbd4b06)},
+        }}, {{
+            {FIELD_LITERAL(0x005b64c6fd65ec97,0x00c1fdd7f877bc7f,0x000d9cc6c89f841c,0x005c97b7f1aff9ad,0x0075e3c61475d47e,0x001ecb1ba8153011,0x00fe7f1c8d71d40d,0x003fa9757a229832)},
+            {FIELD_LITERAL(0x00ffc5c89d2b0cba,0x00d363d42e3e6fc3,0x0019a1a0118e2e8a,0x00f7baeff48882e1,0x001bd5af28c6b514,0x0055476ca2253cb2,0x00d8eb1977e2ddf3,0x00b173b1adb228a1)},
+            {FIELD_LITERAL(0x00f2cb99dd0ad707,0x00e1e08b6859ddd8,0x000008f2d0650bcc,0x00d7ed392f8615c3,0x00976750a94da27f,0x003e83bb0ecb69ba,0x00df8e8d15c14ac6,0x00f9f7174295d9c2)},
+        }}, {{
+            {FIELD_LITERAL(0x00f11cc8e0e70bcb,0x00e5dc689974e7dd,0x0014e409f9ee5870,0x00826e6689acbd63,0x008a6f4e3d895d88,0x00b26a8da41fd4ad,0x000fb7723f83efd7,0x009c749db0a5f6c3)},
+            {FIELD_LITERAL(0x002389319450f9ba,0x003677f31aa1250a,0x0092c3db642f38cb,0x00f8b64c0dfc9773,0x00cd49fe3505b795,0x0068105a4090a510,0x00df0ba2072a8bb6,0x00eb396143afd8be)},
+            {FIELD_LITERAL(0x00a0d4ecfb24cdff,0x00ddaf8008ba6479,0x00f0b3e36d4b0f44,0x003734bd3af1f146,0x00b87e2efc75527e,0x00d230df55ddab50,0x002613257ae56c1d,0x00bc0946d135934d)},
+        }}, {{
+            {FIELD_LITERAL(0x00468711bd994651,0x0033108fa67561bf,0x0089d760192a54b4,0x00adc433de9f1871,0x000467d05f36e050,0x007847e0f0579f7f,0x00a2314ad320052d,0x00b3a93649f0b243)},
+            {FIELD_LITERAL(0x0067f8f0c4fe26c9,0x0079c4a3cc8f67b9,0x0082b1e62f23550d,0x00f2d409caefd7f5,0x0080e67dcdb26e81,0x0087ae993ea1f98a,0x00aa108becf61d03,0x001acf11efb608a3)},
+            {FIELD_LITERAL(0x008225febbab50d9,0x00f3b605e4dd2083,0x00a32b28189e23d2,0x00d507e5e5eb4c97,0x005a1a84e302821f,0x0006f54c1c5f08c7,0x00a347c8cb2843f0,0x0009f73e9544bfa5)},
+        }}, {{
+            {FIELD_LITERAL(0x006c59c9ae744185,0x009fc32f1b4282cd,0x004d6348ca59b1ac,0x00105376881be067,0x00af4096013147dc,0x004abfb5a5cb3124,0x000d2a7f8626c354,0x009c6ed568e07431)},
+            {FIELD_LITERAL(0x00e828333c297f8b,0x009ef3cf8c3f7e1f,0x00ab45f8fff31cb9,0x00c8b4178cb0b013,0x00d0c50dd3260a3f,0x0097126ac257f5bc,0x0042376cc90c705a,0x001d96fdb4a1071e)},
+            {FIELD_LITERAL(0x00542d44d89ee1a8,0x00306642e0442d98,0x0090853872b87338,0x002362cbf22dc044,0x002c222adff663b8,0x0067c924495fcb79,0x000e621d983c977c,0x00df77a9eccb66fb)},
+        }}, {{
+            {FIELD_LITERAL(0x002809e4bbf1814a,0x00b9e854f9fafb32,0x00d35e67c10f7a67,0x008f1bcb76e748cf,0x004224d9515687d2,0x005ba0b774e620c4,0x00b5e57db5d54119,0x00e15babe5683282)},
+            {FIELD_LITERAL(0x00832d02369b482c,0x00cba52ff0d93450,0x003fa9c908d554db,0x008d1e357b54122f,0x00abd91c2dc950c6,0x007eff1df4c0ec69,0x003f6aeb13fb2d31,0x00002d6179fc5b2c)},
+            {FIELD_LITERAL(0x0046c9eda81c9c89,0x00b60cb71c8f62fc,0x0022f5a683baa558,0x00f87319fccdf997,0x009ca09b51ce6a22,0x005b12baf4af7d77,0x008a46524a1e33e2,0x00035a77e988be0d)},
+        }}, {{
+            {FIELD_LITERAL(0x00a7efe46a7dbe2f,0x002f66fd55014fe7,0x006a428afa1ff026,0x0056caaa9604ab72,0x0033f3bcd7fac8ae,0x00ccb1aa01c86764,0x00158d1edf13bf40,0x009848ee76fcf3b4)},
+            {FIELD_LITERAL(0x00a9e7730a819691,0x00d9cc73c4992b70,0x00e299bde067de5a,0x008c314eb705192a,0x00e7226f17e8a3cc,0x0029dfd956e65a47,0x0053a8e839073b12,0x006f942b2ab1597e)},
+            {FIELD_LITERAL(0x001c3d780ecd5e39,0x0094f247fbdcc5fe,0x00d5c786fd527764,0x00b6f4da74f0db2a,0x0080f1f8badcd5fc,0x00f36a373ad2e23b,0x00f804f9f4343bf2,0x00d1af40ec623982)},
+        }}, {{
+            {FIELD_LITERAL(0x0082aeace5f1b144,0x00f68b3108cf4dd3,0x00634af01dde3020,0x000beab5df5c2355,0x00e8b790d1b49b0b,0x00e48d15854e36f4,0x0040ab2d95f3db9f,0x002711c4ed9e899a)},
+            {FIELD_LITERAL(0x0039343746531ebe,0x00c8509d835d429d,0x00e79eceff6b0018,0x004abfd31e8efce5,0x007bbfaaa1e20210,0x00e3be89c193e179,0x001c420f4c31d585,0x00f414a315bef5ae)},
+            {FIELD_LITERAL(0x007c296a24990df8,0x00d5d07525a75588,0x00dd8e113e94b7e7,0x007bbc58febe0cc8,0x0029f51af9bfcad3,0x007e9311ec7ab6f3,0x009a884de1676343,0x0050d5f2dce84be9)},
+        }}, {{
+            {FIELD_LITERAL(0x005fa020cca2450a,0x00491c29db6416d8,0x0037cefe3f9f9a85,0x003d405230647066,0x0049e835f0fdbe89,0x00feb78ac1a0815c,0x00828e4b32dc9724,0x00db84f2dc8d6fd4)},
+            {FIELD_LITERAL(0x0098cddc8b39549a,0x006da37e3b05d22c,0x00ce633cfd4eb3cb,0x00fda288ef526acd,0x0025338878c5d30a,0x00f34438c4e5a1b4,0x00584efea7c310f1,0x0041a551f1b660ad)},
+            {FIELD_LITERAL(0x00d7f7a8fbd6437a,0x0062872413bf3753,0x00ad4bbcb43c584b,0x007fe49be601d7e3,0x0077c659789babf4,0x00eb45fcb06a741b,0x005ce244913f9708,0x0088426401736326)},
+        }}, {{
+            {FIELD_LITERAL(0x007bf562ca768d7c,0x006c1f3a174e387c,0x00f024b447fee939,0x007e7af75f01143f,0x003adb70b4eed89d,0x00e43544021ad79a,0x0091f7f7042011f6,0x0093c1a1ee3a0ddc)},
+            {FIELD_LITERAL(0x00a0b68ec1eb72d2,0x002c03235c0d45a0,0x00553627323fe8c5,0x006186e94b17af94,0x00a9906196e29f14,0x0025b3aee6567733,0x007e0dd840080517,0x0018eb5801a4ba93)},
+            {FIELD_LITERAL(0x00d7fe7017bf6a40,0x006e3f0624be0c42,0x00ffbba205358245,0x00f9fc2cf8194239,0x008d93b37bf15b4e,0x006ddf2e38be8e95,0x002b6e79bf5fcff9,0x00ab355da425e2de)},
+        }}, {{
+            {FIELD_LITERAL(0x00938f97e20be973,0x0099141a36aaf306,0x0057b0ca29e545a1,0x0085db571f9fbc13,0x008b333c554b4693,0x0043ab6ef3e241cb,0x0054fb20aa1e5c70,0x00be0ff852760adf)},
+            {FIELD_LITERAL(0x003973d8938971d6,0x002aca26fa80c1f5,0x00108af1faa6b513,0x00daae275d7924e6,0x0053634ced721308,0x00d2355fe0bbd443,0x00357612b2d22095,0x00f9bb9dd4136cf3)},
+            {FIELD_LITERAL(0x002bff12cf5e03a5,0x001bdb1fa8a19cf8,0x00c91c6793f84d39,0x00f869f1b2eba9af,0x0059bc547dc3236b,0x00d91611d6d38689,0x00e062daaa2c0214,0x00ed3c047cc2bc82)},
+        }}, {{
+            {FIELD_LITERAL(0x000050d70c32b31a,0x001939d576d437b3,0x00d709e598bf9fe6,0x00a885b34bd2ee9e,0x00dd4b5c08ab1a50,0x0091bebd50b55639,0x00cf79ff64acdbc6,0x006067a39d826336)},
+            {FIELD_LITERAL(0x0062dd0fb31be374,0x00fcc96b84c8e727,0x003f64f1375e6ae3,0x0057d9b6dd1af004,0x00d6a167b1103c7b,0x00dd28f3180fb537,0x004ff27ad7167128,0x008934c33461f2ac)},
+            {FIELD_LITERAL(0x0065b472b7900043,0x00ba7efd2ff1064b,0x000b67d6c4c3020f,0x0012d28469f4e46d,0x0031c32939703ec7,0x00b49f0bce133066,0x00f7e10416181d47,0x005c90f51867eecc)},
+        }}, {{
+            {FIELD_LITERAL(0x0051207abd179101,0x00fc2a5c20d9c5da,0x00fb9d5f2701b6df,0x002dd040fdea82b8,0x00f163b0738442ff,0x00d9736bd68855b8,0x00e0d8e93005e61c,0x00df5a40b3988570)},
+            {FIELD_LITERAL(0x0006918f5dfce6dc,0x00d4bf1c793c57fb,0x0069a3f649435364,0x00e89a50e5b0cd6e,0x00b9f6a237e973af,0x006d4ed8b104e41d,0x00498946a3924cd2,0x00c136ec5ac9d4f7)},
+            {FIELD_LITERAL(0x0011a9c290ac5336,0x002b9a2d4a6a6533,0x009a8a68c445d937,0x00361b27b07e5e5c,0x003c043b1755b974,0x00b7eb66cf1155ee,0x0077af5909eefff2,0x0098f609877cc806)},
+        }}, {{
+            {FIELD_LITERAL(0x00ab13af436bf8f4,0x000bcf0a0dac8574,0x00d50c864f705045,0x00c40e611debc842,0x0085010489bd5caa,0x007c5050acec026f,0x00f67d943c8da6d1,0x00de1da0278074c6)},
+            {FIELD_LITERAL(0x00b373076597455f,0x00e83f1af53ac0f5,0x0041f63c01dc6840,0x0097dea19b0c6f4b,0x007f9d63b4c1572c,0x00e692d492d0f5f0,0x00cbcb392e83b4ad,0x0069c0f39ed9b1a8)},
+            {FIELD_LITERAL(0x00861030012707c9,0x009fbbdc7fd4aafb,0x008f591d6b554822,0x00df08a41ea18ade,0x009d7d83e642abea,0x0098c71bda3b78ff,0x0022c89e7021f005,0x0044d29a3fe1e3c4)},
+        }}, {{
+            {FIELD_LITERAL(0x00e748cd7b5c52f2,0x00ea9df883f89cc3,0x0018970df156b6c7,0x00c5a46c2a33a847,0x00cbde395e32aa09,0x0072474ebb423140,0x00fb00053086a23d,0x001dafcfe22d4e1f)},
+            {FIELD_LITERAL(0x00c903ee6d825540,0x00add6c4cf98473e,0x007636efed4227f1,0x00905124ae55e772,0x00e6b38fab12ed53,0x0045e132b863fe55,0x003974662edb366a,0x00b1787052be8208)},
+            {FIELD_LITERAL(0x00a614b00d775c7c,0x00d7c78941cc7754,0x00422dd68b5dabc4,0x00a6110f0167d28b,0x00685a309c252886,0x00b439ffd5143660,0x003656e29ee7396f,0x00c7c9b9ed5ad854)},
+        }}, {{
+            {FIELD_LITERAL(0x0040f7e7c5b37bf2,0x0064e4dc81181bba,0x00a8767ae2a366b6,0x001496b4f90546f2,0x002a28493f860441,0x0021f59513049a3a,0x00852d369a8b7ee3,0x00dd2e7d8b7d30a9)},
+            {FIELD_LITERAL(0x00006e34a35d9fbc,0x00eee4e48b2f019a,0x006b344743003a5f,0x00541d514f04a7e3,0x00e81f9ee7647455,0x005e2b916c438f81,0x00116f8137b7eff0,0x009bd3decc7039d1)},
+            {FIELD_LITERAL(0x0005d226f434110d,0x00af8288b8ef21d5,0x004a7a52ef181c8c,0x00be0b781b4b06de,0x00e6e3627ded07e1,0x00e43aa342272b8b,0x00e86ab424577d84,0x00fb292c566e35bb)},
+        }}, {{
+            {FIELD_LITERAL(0x00334f5303ea1222,0x00dfb3dbeb0a5d3e,0x002940d9592335c1,0x00706a7a63e8938a,0x005a533558bc4caf,0x00558e33192022a9,0x00970d9faf74c133,0x002979fcb63493ca)},
+            {FIELD_LITERAL(0x00e38abece3c82ab,0x005a51f18a2c7a86,0x009dafa2e86d592e,0x00495a62eb688678,0x00b79df74c0eb212,0x0023e8cc78b75982,0x005998cb91075e13,0x00735aa9ba61bc76)},
+            {FIELD_LITERAL(0x00d9f7a82ddbe628,0x00a1fc782889ae0f,0x0071ffda12d14b66,0x0037cf4eca7fb3d5,0x00c80bc242c58808,0x0075bf8c2d08c863,0x008d41f31afc52a7,0x00197962ecf38741)},
+        }}, {{
+            {FIELD_LITERAL(0x006e9f475cccf2ee,0x00454b9cd506430c,0x00224a4fb79ee479,0x0062e3347ef0b5e2,0x0034fd2a3512232a,0x00b8b3cb0f457046,0x00eb20165daa38ec,0x00128eebc2d9c0f7)},
+            {FIELD_LITERAL(0x00bfc5fa1e4ea21f,0x00c21d7b6bb892e6,0x00cf043f3acf0291,0x00c13f2f849b3c90,0x00d1a97ebef10891,0x0061e130a445e7fe,0x0019513fdedbf22b,0x001d60c813bff841)},
+            {FIELD_LITERAL(0x0019561c7fcf0213,0x00e3dca6843ebd77,0x0068ea95b9ca920e,0x009bdfb70f253595,0x00c68f59186aa02a,0x005aee1cca1c3039,0x00ab79a8a937a1ce,0x00b9a0e549959e6f)},
+        }}, {{
+            {FIELD_LITERAL(0x00c79e0b6d97dfbd,0x00917c71fd2bc6e8,0x00db7529ccfb63d8,0x00be5be957f17866,0x00a9e11fdc2cdac1,0x007b91a8e1f44443,0x00a3065e4057d80f,0x004825f5b8d5f6d4)},
+            {FIELD_LITERAL(0x003e4964fa8a8fc8,0x00f6a1cdbcf41689,0x00943cb18fe7fda7,0x00606dafbf34440a,0x005d37a86399c789,0x00e79a2a69417403,0x00fe34f7e68b8866,0x0011f448ed2df10e)},
+            {FIELD_LITERAL(0x00f1f57efcc1fcc4,0x00513679117de154,0x002e5b5b7c86d8c3,0x009f6486561f9cfb,0x00169e74b0170cf7,0x00900205af4af696,0x006acfddb77853f3,0x00df184c90f31068)},
+        }}, {{
+            {FIELD_LITERAL(0x00b37396c3320791,0x00fc7b67175c5783,0x00c36d2cd73ecc38,0x0080ebcc0b328fc5,0x0043a5b22b35d35d,0x00466c9f1713c9da,0x0026ad346dcaa8da,0x007c684e701183a6)},
+            {FIELD_LITERAL(0x00fd579ffb691713,0x00b76af4f81c412d,0x00f239de96110f82,0x00e965fb437f0306,0x00ca7e9436900921,0x00e487f1325fa24a,0x00633907de476380,0x00721c62ac5b8ea0)},
+            {FIELD_LITERAL(0x00c0d54e542eb4f9,0x004ed657171c8dcf,0x00b743a4f7c2a39b,0x00fd9f93ed6cc567,0x00307fae3113e58b,0x0058aa577c93c319,0x00d254556f35b346,0x00491aada2203f0d)},
+        }}, {{
+            {FIELD_LITERAL(0x00dff3103786ff34,0x000144553b1f20c3,0x0095613baeb930e4,0x00098058275ea5d4,0x007cd1402b046756,0x0074d74e4d58aee3,0x005f93fc343ff69b,0x00873df17296b3b0)},
+            {FIELD_LITERAL(0x00c4a1fb48635413,0x00b5dd54423ad59f,0x009ff5d53fd24a88,0x003c98d267fc06a7,0x002db7cb20013641,0x00bd1d6716e191f2,0x006dbc8b29094241,0x0044bbf233dafa2c)},
+            {FIELD_LITERAL(0x0055838d41f531e6,0x00bf6a2dd03c81b2,0x005827a061c4839e,0x0000de2cbb36aac3,0x002efa29d9717478,0x00f9e928cc8a77ba,0x00c134b458def9ef,0x00958a182223fc48)},
+        }}, {{
+            {FIELD_LITERAL(0x000a9ee23c06881f,0x002c727d3d871945,0x00f47d971512d24a,0x00671e816f9ef31a,0x00883af2cfaad673,0x00601f98583d6c9a,0x00b435f5adc79655,0x00ad87b71c04bff2)},
+            {FIELD_LITERAL(0x007860d99db787cf,0x00fda8983018f4a8,0x008c8866bac4743c,0x00ef471f84c82a3f,0x00abea5976d3b8e7,0x00714882896cd015,0x00b49fae584ddac5,0x008e33a1a0b69c81)},
+            {FIELD_LITERAL(0x007b6ee2c9e8a9ec,0x002455dbbd89d622,0x006490cf4eaab038,0x00d925f6c3081561,0x00153b3047de7382,0x003b421f8bdceb6f,0x00761a4a5049da78,0x00980348c5202433)},
+        }}, {{
+            {FIELD_LITERAL(0x007f8a43da97dd5c,0x00058539c800fc7b,0x0040f3cf5a28414a,0x00d68dd0d95283d6,0x004adce9da90146e,0x00befa41c7d4f908,0x007603bc2e3c3060,0x00bdf360ab3545db)},
+            {FIELD_LITERAL(0x00eebfd4e2312cc3,0x00474b2564e4fc8c,0x003303ef14b1da9b,0x003c93e0e66beb1d,0x0013619b0566925a,0x008817c24d901bf3,0x00b62bd8898d218b,0x0075a7716f1e88a2)},
+            {FIELD_LITERAL(0x0009218da1e6890f,0x0026907f5fd02575,0x004dabed5f19d605,0x003abf181870249d,0x00b52fd048cc92c4,0x00b6dd51e415a5c5,0x00d9eb82bd2b4014,0x002c865a43b46b43)},
+        }}, {{
+            {FIELD_LITERAL(0x0070047189452f4c,0x00f7ad12e1ce78d5,0x00af1ba51ec44a8b,0x005f39f63e667cd6,0x00058eac4648425e,0x00d7fdab42bea03b,0x0028576a5688de15,0x00af973209e77c10)},
+            {FIELD_LITERAL(0x00c338b915d8fef0,0x00a893292045c39a,0x0028ab4f2eba6887,0x0060743cb519fd61,0x0006213964093ac0,0x007c0b7a43f6266d,0x008e3557c4fa5bda,0x002da976de7b8d9d)},
+            {FIELD_LITERAL(0x0048729f8a8b6dcd,0x00fe23b85cc4d323,0x00e7384d16e4db0e,0x004a423970678942,0x00ec0b763345d4ba,0x00c477b9f99ed721,0x00c29dad3777b230,0x001c517b466f7df6)},
+        }}, {{
+            {FIELD_LITERAL(0x006366c380f7b574,0x001c7d1f09ff0438,0x003e20a7301f5b22,0x00d3efb1916d28f6,0x0049f4f81060ce83,0x00c69d91ea43ced1,0x002b6f3e5cd269ed,0x005b0fb22ce9ec65)},
+            {FIELD_LITERAL(0x00aa2261022d883f,0x00ebcca4548010ac,0x002528512e28a437,0x0070ca7676b66082,0x0084bda170f7c6d3,0x00581b4747c9b8bb,0x005c96a01061c7e2,0x00fb7c4a362b5273)},
+            {FIELD_LITERAL(0x00c30020eb512d02,0x0060f288283a4d26,0x00b7ed13becde260,0x0075ebb74220f6e9,0x00701079fcfe8a1f,0x001c28fcdff58938,0x002e4544b8f4df6b,0x0060c5bc4f1a7d73)},
+        }}, {{
+            {FIELD_LITERAL(0x00ae307cf069f701,0x005859f222dd618b,0x00212d6c46ec0b0d,0x00a0fe4642afb62d,0x00420d8e4a0a8903,0x00a80ff639bdf7b0,0x0019bee1490b5d8e,0x007439e4b9c27a86)},
+            {FIELD_LITERAL(0x00a94700032a093f,0x0076e96c225216e7,0x00a63a4316e45f91,0x007d8bbb4645d3b2,0x00340a6ff22793eb,0x006f935d4572aeb7,0x00b1fb69f00afa28,0x009e8f3423161ed3)},
+            {FIELD_LITERAL(0x009ef49c6b5ced17,0x00a555e6269e9f0a,0x007e6f1d79ec73b5,0x009ac78695a32ac4,0x0001d77fbbcd5682,0x008cea1fee0aaeed,0x00f42bea82a53462,0x002e46ab96cafcc9)},
+        }}, {{
+            {FIELD_LITERAL(0x0051cfcc5885377a,0x00dce566cb1803ca,0x00430c7643f2c7d4,0x00dce1a1337bdcc0,0x0010d5bd7283c128,0x003b1b547f9b46fe,0x000f245e37e770ab,0x007b72511f022b37)},
+            {FIELD_LITERAL(0x0060db815bc4786c,0x006fab25beedc434,0x00c610d06084797c,0x000c48f08537bec0,0x0031aba51c5b93da,0x007968fa6e01f347,0x0030070da52840c6,0x00c043c225a4837f)},
+            {FIELD_LITERAL(0x001bcfd00649ee93,0x006dceb47e2a0fd5,0x00f2cebda0cf8fd0,0x00b6b9d9d1fbdec3,0x00815262e6490611,0x00ef7f5ce3176760,0x00e49cd0c998d58b,0x005fc6cc269ba57c)},
+        }}, {{
+            {FIELD_LITERAL(0x008940211aa0d633,0x00addae28136571d,0x00d68fdbba20d673,0x003bc6129bc9e21a,0x000346cf184ebe9a,0x0068774d741ebc7f,0x0019d5e9e6966557,0x0003cbd7f981b651)},
+            {FIELD_LITERAL(0x004a2902926f8d3f,0x00ad79b42637ab75,0x0088f60b90f2d4e8,0x0030f54ef0e398c4,0x00021dc9bf99681e,0x007ebf66fde74ee3,0x004ade654386e9a4,0x00e7485066be4c27)},
+            {FIELD_LITERAL(0x00445f1263983be0,0x004cf371dda45e6a,0x00744a89d5a310e7,0x001f20ce4f904833,0x00e746edebe66e29,0x000912ab1f6c153d,0x00f61d77d9b2444c,0x0001499cd6647610)},
+        }}
+    }
+};
+const struct curve448_precomputed_s *curve448_precomputed_base
+    = &curve448_precomputed_base_table;
+
+static const niels_t curve448_wnaf_base_table[32] = {
+    {{
+        {FIELD_LITERAL(0x00303cda6feea532,0x00860f1d5a3850e4,0x00226b9fa4728ccd,0x00e822938a0a0c0c,0x00263a61c9ea9216,0x001204029321b828,0x006a468360983c65,0x0002846f0a782143)},
+        {FIELD_LITERAL(0x00303cda6feea532,0x00860f1d5a3850e4,0x00226b9fa4728ccd,0x006822938a0a0c0c,0x00263a61c9ea9215,0x001204029321b828,0x006a468360983c65,0x0082846f0a782143)},
+        {FIELD_LITERAL(0x00ef8e22b275198d,0x00b0eb141a0b0e8b,0x001f6789da3cb38c,0x006d2ff8ed39073e,0x00610bdb69a167f3,0x00571f306c9689b4,0x00f557e6f84b2df8,0x002affd38b2c86db)},
+    }}, {{
+        {FIELD_LITERAL(0x00cea0fc8d2e88b5,0x00821612d69f1862,0x0074c283b3e67522,0x005a195ba05a876d,0x000cddfe557feea4,0x008046c795bcc5e5,0x00540969f4d6e119,0x00d27f96d6b143d5)},
+        {FIELD_LITERAL(0x000c3b1019d474e8,0x00e19533e4952284,0x00cc9810ba7c920a,0x00f103d2785945ac,0x00bfa5696cc69b34,0x00a8d3d51e9ca839,0x005623cb459586b9,0x00eae7ce1cd52e9e)},
+        {FIELD_LITERAL(0x0005a178751dd7d8,0x002cc3844c69c42f,0x00acbfe5efe10539,0x009c20f43431a65a,0x008435d96374a7b3,0x009ee57566877bd3,0x0044691725ed4757,0x001e87bb2fe2c6b2)},
+    }}, {{
+        {FIELD_LITERAL(0x000cedc4debf7a04,0x002ffa45000470ac,0x002e9f9678201915,0x0017da1208c4fe72,0x007d558cc7d656cb,0x0037a827287cf289,0x00142472d3441819,0x009c21f166cf8dd1)},
+        {FIELD_LITERAL(0x003ef83af164b2f2,0x000949a5a0525d0d,0x00f4498186cac051,0x00e77ac09ef126d2,0x0073ae0b2c9296e9,0x001c163f6922e3ed,0x0062946159321bea,0x00cfb79b22990b39)},
+        {FIELD_LITERAL(0x00b001431ca9e654,0x002d7e5eabcc9a3a,0x0052e8114c2f6747,0x0079ac4f94487f92,0x00bffd919b5d749c,0x00261f92ad15e620,0x00718397b7a97895,0x00c1443e6ebbc0c4)},
+    }}, {{
+        {FIELD_LITERAL(0x00eacd90c1e0a049,0x008977935b149fbe,0x0004cb9ba11c93dc,0x009fbd5b3470844d,0x004bc18c9bfc22cf,0x0057679a991839f3,0x00ef15b76fb4092e,0x0074a5173a225041)},
+        {FIELD_LITERAL(0x003f5f9d7ec4777b,0x00ab2e733c919c94,0x001bb6c035245ae5,0x00a325a49a883630,0x0033e9a9ea3cea2f,0x00e442a1eaa0e844,0x00b2116d5b0e71b8,0x00c16abed6d64047)},
+        {FIELD_LITERAL(0x00c560b5ed051165,0x001945adc5d65094,0x00e221865710f910,0x00cc12bc9e9b8ceb,0x004faa9518914e35,0x0017476d89d42f6d,0x00b8f637c8fa1c8b,0x0088c7d2790864b8)},
+    }}, {{
+        {FIELD_LITERAL(0x00ef7eafc1c69be6,0x0085d3855778fbea,0x002c8d5b450cb6f5,0x004e77de5e1e7fec,0x0047c057893abded,0x001b430b85d51e16,0x00965c7b45640c3c,0x00487b2bb1162b97)},
+        {FIELD_LITERAL(0x0099c73a311beec2,0x00a3eff38d8912ad,0x002efa9d1d7e8972,0x00f717ae1e14d126,0x002833f795850c8b,0x0066c12ad71486bd,0x00ae9889da4820eb,0x00d6044309555c08)},
+        {FIELD_LITERAL(0x004b1c5283d15e41,0x00669d8ea308ff75,0x0004390233f762a1,0x00e1d67b83cb6cec,0x003eebaa964c78b1,0x006b0aff965eb664,0x00b313d4470bdc37,0x008814ffcb3cb9d8)},
+    }}, {{
+        {FIELD_LITERAL(0x009724b8ce68db70,0x007678b5ed006f3d,0x00bdf4b89c0abd73,0x00299748e04c7c6d,0x00ddd86492c3c977,0x00c5a7febfa30a99,0x00ed84715b4b02bb,0x00319568adf70486)},
+        {FIELD_LITERAL(0x0070ff2d864de5bb,0x005a37eeb637ee95,0x0033741c258de160,0x00e6ca5cb1988f46,0x001ceabd92a24661,0x0030957bd500fe40,0x001c3362afe912c5,0x005187889f678bd2)},
+        {FIELD_LITERAL(0x0086835fc62bbdc7,0x009c3516ca4910a1,0x00956c71f8d00783,0x0095c78fcf63235f,0x00fc7ff6ba05c222,0x00cdd8b3f8d74a52,0x00ac5ae16de8256e,0x00e9d4be8ed48624)},
+    }}, {{
+        {FIELD_LITERAL(0x00c0ce11405df2d8,0x004e3f37b293d7b6,0x002410172e1ac6db,0x00b8dbff4bf8143d,0x003a7b409d56eb66,0x003e0f6a0dfef9af,0x0081c4e4d3645be1,0x00ce76076b127623)},
+        {FIELD_LITERAL(0x00f6ee0f98974239,0x0042d89af07d3a4f,0x00846b7fe84346b5,0x006a21fc6a8d39a1,0x00ac8bc2541ff2d9,0x006d4e2a77732732,0x009a39b694cc3f2f,0x0085c0aa2a404c8f)},
+        {FIELD_LITERAL(0x00b261101a218548,0x00c1cae96424277b,0x00869da0a77dd268,0x00bc0b09f8ec83ea,0x00d61027f8e82ba9,0x00aa4c85999dce67,0x00eac3132b9f3fe1,0x00fb9b0cf1c695d2)},
+    }}, {{
+        {FIELD_LITERAL(0x0043079295512f0d,0x0046a009861758e0,0x003ee2842a807378,0x0034cc9d1298e4fa,0x009744eb4d31b3ee,0x00afacec96650cd0,0x00ac891b313761ae,0x00e864d6d26e708a)},
+        {FIELD_LITERAL(0x00a84d7c8a23b491,0x0088e19aa868b27f,0x0005986d43e78ce9,0x00f28012f0606d28,0x0017ded7e10249b3,0x005ed4084b23af9b,0x00b9b0a940564472,0x00ad9056cceeb1f4)},
+        {FIELD_LITERAL(0x00db91b357fe755e,0x00a1aa544b15359c,0x00af4931a0195574,0x007686124fe11aef,0x00d1ead3c7b9ef7e,0x00aaf5fc580f8c15,0x00e727be147ee1ec,0x003c61c1e1577b86)},
+    }}, {{
+        {FIELD_LITERAL(0x009d3fca983220cf,0x00cd11acbc853dc4,0x0017590409d27f1d,0x00d2176698082802,0x00fa01251b2838c8,0x00dd297a0d9b51c6,0x00d76c92c045820a,0x00534bc7c46c9033)},
+        {FIELD_LITERAL(0x0080ed9bc9b07338,0x00fceac7745d2652,0x008a9d55f5f2cc69,0x0096ce72df301ac5,0x00f53232e7974d87,0x0071728c7ae73947,0x0090507602570778,0x00cb81cfd883b1b2)},
+        {FIELD_LITERAL(0x005011aadea373da,0x003a8578ec896034,0x00f20a6535fa6d71,0x005152d31e5a87cf,0x002bac1c8e68ca31,0x00b0e323db4c1381,0x00f1d596b7d5ae25,0x00eae458097cb4e0)},
+    }}, {{
+        {FIELD_LITERAL(0x00920ac80f9b0d21,0x00f80f7f73401246,0x0086d37849b557d6,0x0002bd4b317b752e,0x00b26463993a42bb,0x002070422a73b129,0x00341acaa0380cb3,0x00541914dd66a1b2)},
+        {FIELD_LITERAL(0x00c1513cd66abe8c,0x000139e01118944d,0x0064abbcb8080bbb,0x00b3b08202473142,0x00c629ef25da2403,0x00f0aec3310d9b7f,0x0050b2227472d8cd,0x00f6c8a922d41fb4)},
+        {FIELD_LITERAL(0x001075ccf26b7b1f,0x00bb6bb213170433,0x00e9491ad262da79,0x009ef4f48d2d384c,0x008992770766f09d,0x001584396b6b1101,0x00af3f8676c9feef,0x0024603c40269118)},
+    }}, {{
+        {FIELD_LITERAL(0x009dd7b31319527c,0x001e7ac948d873a9,0x00fa54b46ef9673a,0x0066efb8d5b02fe6,0x00754b1d3928aeae,0x0004262ac72a6f6b,0x0079b7d49a6eb026,0x003126a753540102)},
+        {FIELD_LITERAL(0x009666e24f693947,0x00f714311269d45f,0x0010ffac1d0c851c,0x0066e80c37363497,0x00f1f4ad010c60b0,0x0015c87408470ff7,0x00651d5e9c7766a4,0x008138819d7116de)},
+        {FIELD_LITERAL(0x003934b11c57253b,0x00ef308edf21f46e,0x00e54e99c7a16198,0x0080d57135764e63,0x00751c27b946bc24,0x00dd389ce4e9e129,0x00a1a2bfd1cd84dc,0x002fae73e5149b32)},
+    }}, {{
+        {FIELD_LITERAL(0x00911657dffb4cdd,0x00c100b7cc553d06,0x00449d075ec467cc,0x007062100bc64e70,0x0043cf86f7bd21e7,0x00f401dc4b797dea,0x005224afb2f62e65,0x00d1ede3fb5a42be)},
+        {FIELD_LITERAL(0x00f2ba36a41aa144,0x00a0c22d946ee18f,0x008aae8ef9a14f99,0x00eef4d79b19bb36,0x008e75ce3d27b1fc,0x00a65daa03b29a27,0x00d9cc83684eb145,0x009e1ed80cc2ed74)},
+        {FIELD_LITERAL(0x00bed953d1997988,0x00b93ed175a24128,0x00871c5963fb6365,0x00ca2df20014a787,0x00f5d9c1d0b34322,0x00f6f5942818db0a,0x004cc091f49c9906,0x00e8a188a60bff9f)},
+    }}, {{
+        {FIELD_LITERAL(0x0032c7762032fae8,0x00e4087232e0bc21,0x00f767344b6e8d85,0x00bbf369b76c2aa2,0x008a1f46c6e1570c,0x001368cd9780369f,0x007359a39d079430,0x0003646512921434)},
+        {FIELD_LITERAL(0x007c4b47ca7c73e7,0x005396221039734b,0x008b64ddf0e45d7e,0x00bfad5af285e6c2,0x008ec711c5b1a1a8,0x00cf663301237f98,0x00917ee3f1655126,0x004152f337efedd8)},
+        {FIELD_LITERAL(0x0007c7edc9305daa,0x000a6664f273701c,0x00f6e78795e200b1,0x005d05b9ecd2473e,0x0014f5f17c865786,0x00c7fd2d166fa995,0x004939a2d8eb80e0,0x002244ba0942c199)},
+    }}, {{
+        {FIELD_LITERAL(0x00321e767f0262cf,0x002e57d776caf68e,0x00bf2c94814f0437,0x00c339196acd622f,0x001db4cce71e2770,0x001ded5ddba6eee2,0x0078608ab1554c8d,0x00067fe0ab76365b)},
+        {FIELD_LITERAL(0x00f09758e11e3985,0x00169efdbd64fad3,0x00e8889b7d6dacd6,0x0035cdd58ea88209,0x00bcda47586d7f49,0x003cdddcb2879088,0x0016da70187e954b,0x009556ea2e92aacd)},
+        {FIELD_LITERAL(0x008cab16bd1ff897,0x00b389972cdf753f,0x00ea8ed1e46dfdc0,0x004fe7ef94c589f4,0x002b8ae9b805ecf3,0x0025c08d892874a5,0x0023938e98d44c4c,0x00f759134cabf69c)},
+    }}, {{
+        {FIELD_LITERAL(0x006c2a84678e4b3b,0x007a194aacd1868f,0x00ed0225af424761,0x00da0a6f293c64b8,0x001062ac5c6a7a18,0x0030f5775a8aeef4,0x0002acaad76b7af0,0x00410b8fd63a579f)},
+        {FIELD_LITERAL(0x001ec59db3d9590e,0x001e9e3f1c3f182d,0x0045a9c3ec2cab14,0x0008198572aeb673,0x00773b74068bd167,0x0012535eaa395434,0x0044dba9e3bbb74a,0x002fba4d3c74bd0e)},
+        {FIELD_LITERAL(0x0042bf08fe66922c,0x003318b8fbb49e8c,0x00d75946004aa14c,0x00f601586b42bf1c,0x00c74cf1d912fe66,0x00abcb36974b30ad,0x007eb78720c9d2b8,0x009f54ab7bd4df85)},
+    }}, {{
+        {FIELD_LITERAL(0x00db9fc948f73826,0x00fa8b3746ed8ee9,0x00132cb65aafbeb2,0x00c36ff3fe7925b8,0x00837daed353d2fe,0x00ec661be0667cf4,0x005beb8ed2e90204,0x00d77dd69e564967)},
+        {FIELD_LITERAL(0x0042e6268b861751,0x0008dd0469500c16,0x00b51b57c338a3fd,0x00cc4497d85cff6b,0x002f13d6b57c34a4,0x0083652eaf301105,0x00cc344294cc93a8,0x0060f4d02810e270)},
+        {FIELD_LITERAL(0x00a8954363cd518b,0x00ad171124bccb7b,0x0065f46a4adaae00,0x001b1a5b2a96e500,0x0043fe24f8233285,0x0066996d8ae1f2c3,0x00c530f3264169f9,0x00c0f92d07cf6a57)},
+    }}, {{
+        {FIELD_LITERAL(0x0036a55c6815d943,0x008c8d1def993db3,0x002e0e1e8ff7318f,0x00d883a4b92db00a,0x002f5e781ae33906,0x001a72adb235c06d,0x00f2e59e736e9caa,0x001a4b58e3031914)},
+        {FIELD_LITERAL(0x00d73bfae5e00844,0x00bf459766fb5f52,0x0061b4f5a5313cde,0x004392d4c3b95514,0x000d3551b1077523,0x0000998840ee5d71,0x006de6e340448b7b,0x00251aa504875d6e)},
+        {FIELD_LITERAL(0x003bf343427ac342,0x00adc0a78642b8c5,0x0003b893175a8314,0x0061a34ade5703bc,0x00ea3ea8bb71d632,0x00be0df9a1f198c2,0x0046dd8e7c1635fb,0x00f1523fdd25d5e5)},
+    }}, {{
+        {FIELD_LITERAL(0x00633f63fc9dd406,0x00e713ff80e04a43,0x0060c6e970f2d621,0x00a57cd7f0df1891,0x00f2406a550650bb,0x00b064290efdc684,0x001eab0144d17916,0x00cd15f863c293ab)},
+        {FIELD_LITERAL(0x0029cec55273f70d,0x007044ee275c6340,0x0040f637a93015e2,0x00338bb78db5aae9,0x001491b2a6132147,0x00a125d6cfe6bde3,0x005f7ac561ba8669,0x001d5eaea3fbaacf)},
+        {FIELD_LITERAL(0x00054e9635e3be31,0x000e43f31e2872be,0x00d05b1c9e339841,0x006fac50bd81fd98,0x00cdc7852eaebb09,0x004ff519b061991b,0x009099e8107d4c85,0x00273e24c36a4a61)},
+    }}, {{
+        {FIELD_LITERAL(0x00070b4441ef2c46,0x00efa5b02801a109,0x00bf0b8c3ee64adf,0x008a67e0b3452e98,0x001916b1f2fa7a74,0x00d781a78ff6cdc3,0x008682ce57e5c919,0x00cc1109dd210da3)},
+        {FIELD_LITERAL(0x00cae8aaff388663,0x005e983a35dda1c7,0x007ab1030d8e37f4,0x00e48940f5d032fe,0x006a36f9ef30b331,0x009be6f03958c757,0x0086231ceba91400,0x008bd0f7b823e7aa)},
+        {FIELD_LITERAL(0x00cf881ebef5a45a,0x004ebea78e7c6f2c,0x0090da9209cf26a0,0x00de2b2e4c775b84,0x0071d6031c3c15ae,0x00d9e927ef177d70,0x00894ee8c23896fd,0x00e3b3b401e41aad)},
+    }}, {{
+        {FIELD_LITERAL(0x00204fef26864170,0x00819269c5dee0f8,0x00bfb4713ec97966,0x0026339a6f34df78,0x001f26e64c761dc2,0x00effe3af313cb60,0x00e17b70138f601b,0x00f16e1ccd9ede5e)},
+        {FIELD_LITERAL(0x005d9a8353fdb2db,0x0055cc2048c698f0,0x00f6c4ac89657218,0x00525034d73faeb2,0x00435776fbda3c7d,0x0070ea5312323cbc,0x007a105d44d069fb,0x006dbc8d6dc786aa)},
+        {FIELD_LITERAL(0x0017cff19cd394ec,0x00fef7b810922587,0x00e6483970dff548,0x00ddf36ad6874264,0x00e61778523fcce2,0x0093a66c0c93b24a,0x00fd367114db7f86,0x007652d7ddce26dd)},
+    }}, {{
+        {FIELD_LITERAL(0x00d92ced7ba12843,0x00aea9c7771e86e7,0x0046639693354f7b,0x00a628dbb6a80c47,0x003a0b0507372953,0x00421113ab45c0d9,0x00e545f08362ab7a,0x0028ce087b4d6d96)},
+        {FIELD_LITERAL(0x00a67ee7cf9f99eb,0x005713b275f2ff68,0x00f1d536a841513d,0x00823b59b024712e,0x009c46b9d0d38cec,0x00cdb1595aa2d7d4,0x008375b3423d9af8,0x000ab0b516d978f7)},
+        {FIELD_LITERAL(0x00428dcb3c510b0f,0x00585607ea24bb4e,0x003736bf1603687a,0x00c47e568c4fe3c7,0x003cd00282848605,0x0043a487c3b91939,0x004ffc04e1095a06,0x00a4c989a3d4b918)},
+    }}, {{
+        {FIELD_LITERAL(0x00a8778d0e429f7a,0x004c02b059105a68,0x0016653b609da3ff,0x00d5107bd1a12d27,0x00b4708f9a771cab,0x00bb63b662033f69,0x0072f322240e7215,0x0019445b59c69222)},
+        {FIELD_LITERAL(0x00cf4f6069a658e6,0x0053ca52859436a6,0x0064b994d7e3e117,0x00cb469b9a07f534,0x00cfb68f399e9d47,0x00f0dcb8dac1c6e7,0x00f2ab67f538b3a5,0x0055544f178ab975)},
+        {FIELD_LITERAL(0x0099b7a2685d538c,0x00e2f1897b7c0018,0x003adac8ce48dae3,0x00089276d5c50c0c,0x00172fca07ad6717,0x00cb1a72f54069e5,0x004ee42f133545b3,0x00785f8651362f16)},
+    }}, {{
+        {FIELD_LITERAL(0x0049cbac38509e11,0x0015234505d42cdf,0x00794fb0b5840f1c,0x00496437344045a5,0x0031b6d944e4f9b0,0x00b207318ac1f5d8,0x0000c840da7f5c5d,0x00526f373a5c8814)},
+        {FIELD_LITERAL(0x002c7b7742d1dfd9,0x002cabeb18623c01,0x00055f5e3e044446,0x006c20f3b4ef54ba,0x00c600141ec6b35f,0x00354f437f1a32a3,0x00bac4624a3520f9,0x00c483f734a90691)},
+        {FIELD_LITERAL(0x0053a737d422918d,0x00f7fca1d8758625,0x00c360336dadb04c,0x00f38e3d9158a1b8,0x0069ce3b418e84c6,0x005d1697eca16ead,0x00f8bd6a35ece13d,0x007885dfc2b5afea)},
+    }}, {{
+        {FIELD_LITERAL(0x00c3617ae260776c,0x00b20dc3e96922d7,0x00a1a7802246706a,0x00ca6505a5240244,0x002246b62d919782,0x001439102d7aa9b3,0x00e8af1139e6422c,0x00c888d1b52f2b05)},
+        {FIELD_LITERAL(0x005b67690ffd41d9,0x005294f28df516f9,0x00a879272412fcb9,0x00098b629a6d1c8d,0x00fabd3c8050865a,0x00cd7e5b0a3879c5,0x00153238210f3423,0x00357cac101e9f42)},
+        {FIELD_LITERAL(0x008917b454444fb7,0x00f59247c97e441b,0x00a6200a6815152d,0x0009a4228601d254,0x001c0360559bd374,0x007563362039cb36,0x00bd75b48d74e32b,0x0017f515ac3499e8)},
+    }}, {{
+        {FIELD_LITERAL(0x001532a7ffe41c5a,0x00eb1edce358d6bf,0x00ddbacc7b678a7b,0x008a7b70f3c841a3,0x00f1923bf27d3f4c,0x000b2713ed8f7873,0x00aaf67e29047902,0x0044994a70b3976d)},
+        {FIELD_LITERAL(0x00d54e802082d42c,0x00a55aa0dce7cc6c,0x006477b96073f146,0x0082efe4ceb43594,0x00a922bcba026845,0x0077f19d1ab75182,0x00c2bb2737846e59,0x0004d7eec791dd33)},
+        {FIELD_LITERAL(0x0044588d1a81d680,0x00b0a9097208e4f8,0x00212605350dc57e,0x0028717cd2871123,0x00fb083c100fd979,0x0045a056ce063fdf,0x00a5d604b4dd6a41,0x001dabc08ba4e236)},
+    }}, {{
+        {FIELD_LITERAL(0x00c4887198d7a7fa,0x00244f98fb45784a,0x0045911e15a15d01,0x001d323d374c0966,0x00967c3915196562,0x0039373abd2f3c67,0x000d2c5614312423,0x0041cf2215442ce3)},
+        {FIELD_LITERAL(0x008ede889ada7f06,0x001611e91de2e135,0x00fdb9a458a471b9,0x00563484e03710d1,0x0031cc81925e3070,0x0062c97b3af80005,0x00fa733eea28edeb,0x00e82457e1ebbc88)},
+        {FIELD_LITERAL(0x006a0df5fe9b6f59,0x00a0d4ff46040d92,0x004a7cedb6f93250,0x00d1df8855b8c357,0x00e73a46086fd058,0x0048fb0add6dfe59,0x001e03a28f1b4e3d,0x00a871c993308d76)},
+    }}, {{
+        {FIELD_LITERAL(0x0030dbb2d1766ec8,0x00586c0ad138555e,0x00d1a34f9e91c77c,0x0063408ad0e89014,0x00d61231b05f6f5b,0x0009abf569f5fd8a,0x00aec67a110f1c43,0x0031d1a790938dd7)},
+        {FIELD_LITERAL(0x006cded841e2a862,0x00198d60af0ab6fb,0x0018f09db809e750,0x004e6ac676016263,0x00eafcd1620969cb,0x002c9784ca34917d,0x0054f00079796de7,0x00d9fab5c5972204)},
+        {FIELD_LITERAL(0x004bd0fee2438a83,0x00b571e62b0f83bd,0x0059287d7ce74800,0x00fb3631b645c3f0,0x00a018e977f78494,0x0091e27065c27b12,0x007696c1817165e0,0x008c40be7c45ba3a)},
+    }}, {{
+        {FIELD_LITERAL(0x00a0f326327cb684,0x001c7d0f672680ff,0x008c1c81ffb112d1,0x00f8f801674eddc8,0x00e926d5d48c2a9d,0x005bd6d954c6fe9a,0x004c6b24b4e33703,0x00d05eb5c09105cc)},
+        {FIELD_LITERAL(0x00d61731caacf2cf,0x002df0c7609e01c5,0x00306172208b1e2b,0x00b413fe4fb2b686,0x00826d360902a221,0x003f8d056e67e7f7,0x0065025b0175e989,0x00369add117865eb)},
+        {FIELD_LITERAL(0x00aaf895aec2fa11,0x000f892bc313eb52,0x005b1c794dad050b,0x003f8ec4864cec14,0x00af81058d0b90e5,0x00ebe43e183997bb,0x00a9d610f9f3e615,0x007acd8eec2e88d3)},
+    }}, {{
+        {FIELD_LITERAL(0x0049b2fab13812a3,0x00846db32cd60431,0x000177fa578c8d6c,0x00047d0e2ad4bc51,0x00b158ba38d1e588,0x006a45daad79e3f3,0x000997b93cab887b,0x00c47ea42fa23dc3)},
+        {FIELD_LITERAL(0x0012b6fef7aeb1ca,0x009412768194b6a7,0x00ff0d351f23ab93,0x007e8a14c1aff71b,0x006c1c0170c512bc,0x0016243ea02ab2e5,0x007bb6865b303f3e,0x0015ce6b29b159f4)},
+        {FIELD_LITERAL(0x009961cd02e68108,0x00e2035d3a1d0836,0x005d51f69b5e1a1d,0x004bccb4ea36edcd,0x0069be6a7aeef268,0x0063f4dd9de8d5a7,0x006283783092ca35,0x0075a31af2c35409)},
+    }}, {{
+        {FIELD_LITERAL(0x00c412365162e8cf,0x00012283fb34388a,0x003e6543babf39e2,0x00eead6b3a804978,0x0099c0314e8b326f,0x00e98e0a8d477a4f,0x00d2eb96b127a687,0x00ed8d7df87571bb)},
+        {FIELD_LITERAL(0x00777463e308cacf,0x00c8acb93950132d,0x00ebddbf4ca48b2c,0x0026ad7ca0795a0a,0x00f99a3d9a715064,0x000d60bcf9d4dfcc,0x005e65a73a437a06,0x0019d536a8db56c8)},
+        {FIELD_LITERAL(0x00192d7dd558d135,0x0027cd6a8323ffa7,0x00239f1a412dc1e7,0x0046b4b3be74fc5c,0x0020c47a2bef5bce,0x00aa17e48f43862b,0x00f7e26c96342e5f,0x0008011c530f39a9)},
+    }}, {{
+        {FIELD_LITERAL(0x00aad4ac569bf0f1,0x00a67adc90b27740,0x0048551369a5751a,0x0031252584a3306a,0x0084e15df770e6fc,0x00d7bba1c74b5805,0x00a80ef223af1012,0x0089c85ceb843a34)},
+        {FIELD_LITERAL(0x00c4545be4a54004,0x0099e11f60357e6c,0x001f3936d19515a6,0x007793df84341a6e,0x0051061886717ffa,0x00e9b0a660b28f85,0x0044ea685892de0d,0x000257d2a1fda9d9)},
+        {FIELD_LITERAL(0x007e8b01b24ac8a8,0x006cf3b0b5ca1337,0x00f1607d3e36a570,0x0039b7fab82991a1,0x00231777065840c5,0x00998e5afdd346f9,0x00b7dc3e64acc85f,0x00baacc748013ad6)},
+    }}, {{
+        {FIELD_LITERAL(0x008ea6a4177580bf,0x005fa1953e3f0378,0x005fe409ac74d614,0x00452327f477e047,0x00a4018507fb6073,0x007b6e71951caac8,0x0012b42ab8a6ce91,0x0080eca677294ab7)},
+        {FIELD_LITERAL(0x00a53edc023ba69b,0x00c6afa83ddde2e8,0x00c3f638b307b14e,0x004a357a64414062,0x00e4d94d8b582dc9,0x001739caf71695b7,0x0012431b2ae28de1,0x003b6bc98682907c)},
+        {FIELD_LITERAL(0x008a9a93be1f99d6,0x0079fa627cc699c8,0x00b0cfb134ba84c8,0x001c4b778249419a,0x00df4ab3d9c44f40,0x009f596e6c1a9e3c,0x001979c0df237316,0x00501e953a919b87)},
+    }}
+};
+const niels_t *curve448_wnaf_base = curve448_wnaf_base_table;
diff --git a/freebsd/crypto/openssl/crypto/ec/curve448/curve448utils.h b/freebsd/crypto/openssl/crypto/ec/curve448/curve448utils.h
new file mode 100644
index 00000000..9bf83799
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/ec/curve448/curve448utils.h
@@ -0,0 +1,78 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015 Cryptography Research, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Mike Hamburg
+ */
+
+#ifndef HEADER_CURVE448UTILS_H
+# define HEADER_CURVE448UTILS_H
+
+# include <openssl/e_os2.h>
+
+/*
+ * Internal word types. Somewhat tricky.  This could be decided separately per
+ * platform.  However, the structs do need to be all the same size and
+ * alignment on a given platform to support dynamic linking, since even if you
+ * header was built with eg arch_neon, you might end up linking a library built
+ * with arch_arm32.
+ */
+# ifndef C448_WORD_BITS
+#  if (defined(__SIZEOF_INT128__) && (__SIZEOF_INT128__ == 16)) \
+      && !defined(__sparc__)
+#   define C448_WORD_BITS 64      /* The number of bits in a word */
+#  else
+#   define C448_WORD_BITS 32      /* The number of bits in a word */
+#  endif
+# endif
+
+# if C448_WORD_BITS == 64
+/* Word size for internal computations */
+typedef uint64_t c448_word_t;
+/* Signed word size for internal computations */
+typedef int64_t c448_sword_t;
+/* "Boolean" type, will be set to all-zero or all-one (i.e. -1u) */
+typedef uint64_t c448_bool_t;
+/* Double-word size for internal computations */
+typedef __uint128_t c448_dword_t;
+/* Signed double-word size for internal computations */
+typedef __int128_t c448_dsword_t;
+# elif C448_WORD_BITS == 32
+/* Word size for internal computations */
+typedef uint32_t c448_word_t;
+/* Signed word size for internal computations */
+typedef int32_t c448_sword_t;
+/* "Boolean" type, will be set to all-zero or all-one (i.e. -1u) */
+typedef uint32_t c448_bool_t;
+/* Double-word size for internal computations */
+typedef uint64_t c448_dword_t;
+/* Signed double-word size for internal computations */
+typedef int64_t c448_dsword_t;
+# else
+#  error "Only supporting C448_WORD_BITS = 32 or 64 for now"
+# endif
+
+/* C448_TRUE = -1 so that C448_TRUE & x = x */
+# define C448_TRUE      (0 - (c448_bool_t)1)
+
+/* C448_FALSE = 0 so that C448_FALSE & x = 0 */
+# define C448_FALSE     0
+
+/* Another boolean type used to indicate success or failure. */
+typedef enum {
+    C448_SUCCESS = -1, /**< The operation succeeded. */
+    C448_FAILURE = 0   /**< The operation failed. */
+} c448_error_t;
+
+/* Return success if x is true */
+static ossl_inline c448_error_t c448_succeed_if(c448_bool_t x)
+{
+    return (c448_error_t) x;
+}
+
+#endif                          /* __C448_COMMON_H__ */
diff --git a/freebsd/crypto/openssl/crypto/ec/curve448/ed448.h b/freebsd/crypto/openssl/crypto/ec/curve448/ed448.h
new file mode 100644
index 00000000..5fe939e8
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/ec/curve448/ed448.h
@@ -0,0 +1,195 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2016 Cryptography Research, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Mike Hamburg
+ */
+
+#ifndef HEADER_ED448_H
+# define HEADER_ED448_H
+
+# include "point_448.h"
+
+/* Number of bytes in an EdDSA public key. */
+# define EDDSA_448_PUBLIC_BYTES 57
+
+/* Number of bytes in an EdDSA private key. */
+# define EDDSA_448_PRIVATE_BYTES EDDSA_448_PUBLIC_BYTES
+
+/* Number of bytes in an EdDSA private key. */
+# define EDDSA_448_SIGNATURE_BYTES (EDDSA_448_PUBLIC_BYTES + \
+                                    EDDSA_448_PRIVATE_BYTES)
+
+/* EdDSA encoding ratio. */
+# define C448_EDDSA_ENCODE_RATIO 4
+
+/* EdDSA decoding ratio. */
+# define C448_EDDSA_DECODE_RATIO (4 / 4)
+
+/*
+ * EdDSA key generation.  This function uses a different (non-Decaf) encoding.
+ *
+ * pubkey (out): The public key.
+ * privkey (in): The private key.
+ */
+c448_error_t c448_ed448_derive_public_key(
+                        uint8_t pubkey [EDDSA_448_PUBLIC_BYTES],
+                        const uint8_t privkey [EDDSA_448_PRIVATE_BYTES]);
+
+/*
+ * EdDSA signing.
+ *
+ * signature (out): The signature.
+ * privkey (in): The private key.
+ * pubkey (in):  The public key.
+ * message (in):  The message to sign.
+ * message_len (in):  The length of the message.
+ * prehashed (in):  Nonzero if the message is actually the hash of something
+ *                  you want to sign.
+ * context (in):  A "context" for this signature of up to 255 bytes.
+ * context_len (in):  Length of the context.
+ *
+ * For Ed25519, it is unsafe to use the same key for both prehashed and
+ * non-prehashed messages, at least without some very careful protocol-level
+ * disambiguation.  For Ed448 it is safe.
+ */
+c448_error_t c448_ed448_sign(
+                        uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
+                        const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
+                        const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
+                        const uint8_t *message, size_t message_len,
+                        uint8_t prehashed, const uint8_t *context,
+                        size_t context_len);
+
+/*
+ * EdDSA signing with prehash.
+ *
+ * signature (out): The signature.
+ * privkey (in): The private key.
+ * pubkey (in): The public key.
+ * hash (in): The hash of the message.  This object will not be modified by the
+ *            call.
+ * context (in): A "context" for this signature of up to 255 bytes.  Must be the
+ *               same as what was used for the prehash.
+ * context_len (in): Length of the context.
+ *
+ * For Ed25519, it is unsafe to use the same key for both prehashed and
+ * non-prehashed messages, at least without some very careful protocol-level
+ * disambiguation.  For Ed448 it is safe.
+ */
+c448_error_t c448_ed448_sign_prehash(
+                        uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
+                        const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
+                        const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
+                        const uint8_t hash[64],
+                        const uint8_t *context,
+                        size_t context_len);
+
+/*
+ * EdDSA signature verification.
+ *
+ * Uses the standard (i.e. less-strict) verification formula.
+ *
+ * signature (in): The signature.
+ * pubkey (in): The public key.
+ * message (in): The message to verify.
+ * message_len (in): The length of the message.
+ * prehashed (in): Nonzero if the message is actually the hash of something you
+ *                 want to verify.
+ * context (in): A "context" for this signature of up to 255 bytes.
+ * context_len (in): Length of the context.
+ *
+ * For Ed25519, it is unsafe to use the same key for both prehashed and
+ * non-prehashed messages, at least without some very careful protocol-level
+ * disambiguation.  For Ed448 it is safe.
+ */
+c448_error_t c448_ed448_verify(const uint8_t
+                                 signature[EDDSA_448_SIGNATURE_BYTES],
+                                 const uint8_t
+                                 pubkey[EDDSA_448_PUBLIC_BYTES],
+                                 const uint8_t *message, size_t message_len,
+                                 uint8_t prehashed, const uint8_t *context,
+                                 uint8_t context_len);
+
+/*
+ * EdDSA signature verification.
+ *
+ * Uses the standard (i.e. less-strict) verification formula.
+ *
+ * signature (in): The signature.
+ * pubkey (in): The public key.
+ * hash (in): The hash of the message.  This object will not be modified by the
+ *            call.
+ * context (in): A "context" for this signature of up to 255 bytes.  Must be the
+ *               same as what was used for the prehash.
+ * context_len (in): Length of the context.
+ *
+ * For Ed25519, it is unsafe to use the same key for both prehashed and
+ * non-prehashed messages, at least without some very careful protocol-level
+ * disambiguation.  For Ed448 it is safe.
+ */
+c448_error_t c448_ed448_verify_prehash(
+                    const uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
+                    const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
+                    const uint8_t hash[64],
+                    const uint8_t *context,
+                    uint8_t context_len);
+
+/*
+ * EdDSA point encoding.  Used internally, exposed externally.
+ * Multiplies by C448_EDDSA_ENCODE_RATIO first.
+ *
+ * The multiplication is required because the EdDSA encoding represents
+ * the cofactor information, but the Decaf encoding ignores it (which
+ * is the whole point).  So if you decode from EdDSA and re-encode to
+ * EdDSA, the cofactor info must get cleared, because the intermediate
+ * representation doesn't track it.
+ *
+ * The way we handle this is to multiply by C448_EDDSA_DECODE_RATIO when
+ * decoding, and by C448_EDDSA_ENCODE_RATIO when encoding.  The product of
+ * these ratios is always exactly the cofactor 4, so the cofactor ends up
+ * cleared one way or another.  But exactly how that shakes out depends on the
+ * base points specified in RFC 8032.
+ *
+ * The upshot is that if you pass the Decaf/Ristretto base point to
+ * this function, you will get C448_EDDSA_ENCODE_RATIO times the
+ * EdDSA base point.
+ *
+ * enc (out): The encoded point.
+ * p (in): The point.
+ */
+void curve448_point_mul_by_ratio_and_encode_like_eddsa(
+                                    uint8_t enc [EDDSA_448_PUBLIC_BYTES],
+                                    const curve448_point_t p);
+
+/*
+ * EdDSA point decoding.  Multiplies by C448_EDDSA_DECODE_RATIO, and
+ * ignores cofactor information.
+ *
+ * See notes on curve448_point_mul_by_ratio_and_encode_like_eddsa
+ *
+ * enc (out): The encoded point.
+ * p (in): The point.
+ */
+c448_error_t curve448_point_decode_like_eddsa_and_mul_by_ratio(
+                            curve448_point_t p,
+                            const uint8_t enc[EDDSA_448_PUBLIC_BYTES]);
+
+/*
+ * EdDSA to ECDH private key conversion
+ * Using the appropriate hash function, hash the EdDSA private key
+ * and keep only the lower bytes to get the ECDH private key
+ *
+ * x (out): The ECDH private key as in RFC7748
+ * ed (in): The EdDSA private key
+ */
+c448_error_t c448_ed448_convert_private_key_to_x448(
+                            uint8_t x[X448_PRIVATE_BYTES],
+                            const uint8_t ed[EDDSA_448_PRIVATE_BYTES]);
+
+#endif                          /* HEADER_ED448_H */
diff --git a/freebsd/crypto/openssl/crypto/ec/curve448/eddsa.c b/freebsd/crypto/openssl/crypto/ec/curve448/eddsa.c
new file mode 100644
index 00000000..56911e5d
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/ec/curve448/eddsa.c
@@ -0,0 +1,348 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2016 Cryptography Research, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Mike Hamburg
+ */
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/evp.h>
+#include "curve448_lcl.h"
+#include "word.h"
+#include "ed448.h"
+#include "internal/numbers.h"
+
+#define COFACTOR 4
+
+static c448_error_t oneshot_hash(uint8_t *out, size_t outlen,
+                                 const uint8_t *in, size_t inlen)
+{
+    EVP_MD_CTX *hashctx = EVP_MD_CTX_new();
+
+    if (hashctx == NULL)
+        return C448_FAILURE;
+
+    if (!EVP_DigestInit_ex(hashctx, EVP_shake256(), NULL)
+            || !EVP_DigestUpdate(hashctx, in, inlen)
+            || !EVP_DigestFinalXOF(hashctx, out, outlen)) {
+        EVP_MD_CTX_free(hashctx);
+        return C448_FAILURE;
+    }
+
+    EVP_MD_CTX_free(hashctx);
+    return C448_SUCCESS;
+}
+
+static void clamp(uint8_t secret_scalar_ser[EDDSA_448_PRIVATE_BYTES])
+{
+    secret_scalar_ser[0] &= -COFACTOR;
+    secret_scalar_ser[EDDSA_448_PRIVATE_BYTES - 1] = 0;
+    secret_scalar_ser[EDDSA_448_PRIVATE_BYTES - 2] |= 0x80;
+}
+
+static c448_error_t hash_init_with_dom(EVP_MD_CTX *hashctx, uint8_t prehashed,
+                                       uint8_t for_prehash,
+                                       const uint8_t *context,
+                                       size_t context_len)
+{
+    const char *dom_s = "SigEd448";
+    uint8_t dom[2];
+
+    if (context_len > UINT8_MAX)
+        return C448_FAILURE;
+
+    dom[0] = (uint8_t)(2 - (prehashed == 0 ? 1 : 0)
+                       - (for_prehash == 0 ? 1 : 0));
+    dom[1] = (uint8_t)context_len;
+
+    if (!EVP_DigestInit_ex(hashctx, EVP_shake256(), NULL)
+            || !EVP_DigestUpdate(hashctx, dom_s, strlen(dom_s))
+            || !EVP_DigestUpdate(hashctx, dom, sizeof(dom))
+            || !EVP_DigestUpdate(hashctx, context, context_len))
+        return C448_FAILURE;
+
+    return C448_SUCCESS;
+}
+
+/* In this file because it uses the hash */
+c448_error_t c448_ed448_convert_private_key_to_x448(
+                            uint8_t x[X448_PRIVATE_BYTES],
+                            const uint8_t ed [EDDSA_448_PRIVATE_BYTES])
+{
+    /* pass the private key through oneshot_hash function */
+    /* and keep the first X448_PRIVATE_BYTES bytes */
+    return oneshot_hash(x, X448_PRIVATE_BYTES, ed,
+                        EDDSA_448_PRIVATE_BYTES);
+}
+
+c448_error_t c448_ed448_derive_public_key(
+                        uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
+                        const uint8_t privkey[EDDSA_448_PRIVATE_BYTES])
+{
+    /* only this much used for keygen */
+    uint8_t secret_scalar_ser[EDDSA_448_PRIVATE_BYTES];
+    curve448_scalar_t secret_scalar;
+    unsigned int c;
+    curve448_point_t p;
+
+    if (!oneshot_hash(secret_scalar_ser, sizeof(secret_scalar_ser), privkey,
+                      EDDSA_448_PRIVATE_BYTES))
+        return C448_FAILURE;
+
+    clamp(secret_scalar_ser);
+
+    curve448_scalar_decode_long(secret_scalar, secret_scalar_ser,
+                                sizeof(secret_scalar_ser));
+
+    /*
+     * Since we are going to mul_by_cofactor during encoding, divide by it
+     * here. However, the EdDSA base point is not the same as the decaf base
+     * point if the sigma isogeny is in use: the EdDSA base point is on
+     * Etwist_d/(1-d) and the decaf base point is on Etwist_d, and when
+     * converted it effectively picks up a factor of 2 from the isogenies.  So
+     * we might start at 2 instead of 1.
+     */
+    for (c = 1; c < C448_EDDSA_ENCODE_RATIO; c <<= 1)
+        curve448_scalar_halve(secret_scalar, secret_scalar);
+
+    curve448_precomputed_scalarmul(p, curve448_precomputed_base, secret_scalar);
+
+    curve448_point_mul_by_ratio_and_encode_like_eddsa(pubkey, p);
+
+    /* Cleanup */
+    curve448_scalar_destroy(secret_scalar);
+    curve448_point_destroy(p);
+    OPENSSL_cleanse(secret_scalar_ser, sizeof(secret_scalar_ser));
+
+    return C448_SUCCESS;
+}
+
+c448_error_t c448_ed448_sign(
+                        uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
+                        const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
+                        const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
+                        const uint8_t *message, size_t message_len,
+                        uint8_t prehashed, const uint8_t *context,
+                        size_t context_len)
+{
+    curve448_scalar_t secret_scalar;
+    EVP_MD_CTX *hashctx = EVP_MD_CTX_new();
+    c448_error_t ret = C448_FAILURE;
+    curve448_scalar_t nonce_scalar;
+    uint8_t nonce_point[EDDSA_448_PUBLIC_BYTES] = { 0 };
+    unsigned int c;
+    curve448_scalar_t challenge_scalar;
+
+    if (hashctx == NULL)
+        return C448_FAILURE;
+
+    {
+        /*
+         * Schedule the secret key, First EDDSA_448_PRIVATE_BYTES is serialised
+         * secret scalar,next EDDSA_448_PRIVATE_BYTES bytes is the seed.
+         */
+        uint8_t expanded[EDDSA_448_PRIVATE_BYTES * 2];
+
+        if (!oneshot_hash(expanded, sizeof(expanded), privkey,
+                          EDDSA_448_PRIVATE_BYTES))
+            goto err;
+        clamp(expanded);
+        curve448_scalar_decode_long(secret_scalar, expanded,
+                                    EDDSA_448_PRIVATE_BYTES);
+
+        /* Hash to create the nonce */
+        if (!hash_init_with_dom(hashctx, prehashed, 0, context, context_len)
+                || !EVP_DigestUpdate(hashctx,
+                                     expanded + EDDSA_448_PRIVATE_BYTES,
+                                     EDDSA_448_PRIVATE_BYTES)
+                || !EVP_DigestUpdate(hashctx, message, message_len)) {
+            OPENSSL_cleanse(expanded, sizeof(expanded));
+            goto err;
+        }
+        OPENSSL_cleanse(expanded, sizeof(expanded));
+    }
+
+    /* Decode the nonce */
+    {
+        uint8_t nonce[2 * EDDSA_448_PRIVATE_BYTES];
+
+        if (!EVP_DigestFinalXOF(hashctx, nonce, sizeof(nonce)))
+            goto err;
+        curve448_scalar_decode_long(nonce_scalar, nonce, sizeof(nonce));
+        OPENSSL_cleanse(nonce, sizeof(nonce));
+    }
+
+    {
+        /* Scalarmul to create the nonce-point */
+        curve448_scalar_t nonce_scalar_2;
+        curve448_point_t p;
+
+        curve448_scalar_halve(nonce_scalar_2, nonce_scalar);
+        for (c = 2; c < C448_EDDSA_ENCODE_RATIO; c <<= 1)
+            curve448_scalar_halve(nonce_scalar_2, nonce_scalar_2);
+
+        curve448_precomputed_scalarmul(p, curve448_precomputed_base,
+                                       nonce_scalar_2);
+        curve448_point_mul_by_ratio_and_encode_like_eddsa(nonce_point, p);
+        curve448_point_destroy(p);
+        curve448_scalar_destroy(nonce_scalar_2);
+    }
+
+    {
+        uint8_t challenge[2 * EDDSA_448_PRIVATE_BYTES];
+
+        /* Compute the challenge */
+        if (!hash_init_with_dom(hashctx, prehashed, 0, context, context_len)
+                || !EVP_DigestUpdate(hashctx, nonce_point, sizeof(nonce_point))
+                || !EVP_DigestUpdate(hashctx, pubkey, EDDSA_448_PUBLIC_BYTES)
+                || !EVP_DigestUpdate(hashctx, message, message_len)
+                || !EVP_DigestFinalXOF(hashctx, challenge, sizeof(challenge)))
+            goto err;
+
+        curve448_scalar_decode_long(challenge_scalar, challenge,
+                                    sizeof(challenge));
+        OPENSSL_cleanse(challenge, sizeof(challenge));
+    }
+
+    curve448_scalar_mul(challenge_scalar, challenge_scalar, secret_scalar);
+    curve448_scalar_add(challenge_scalar, challenge_scalar, nonce_scalar);
+
+    OPENSSL_cleanse(signature, EDDSA_448_SIGNATURE_BYTES);
+    memcpy(signature, nonce_point, sizeof(nonce_point));
+    curve448_scalar_encode(&signature[EDDSA_448_PUBLIC_BYTES],
+                           challenge_scalar);
+
+    curve448_scalar_destroy(secret_scalar);
+    curve448_scalar_destroy(nonce_scalar);
+    curve448_scalar_destroy(challenge_scalar);
+
+    ret = C448_SUCCESS;
+ err:
+    EVP_MD_CTX_free(hashctx);
+    return ret;
+}
+
+c448_error_t c448_ed448_sign_prehash(
+                        uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
+                        const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
+                        const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
+                        const uint8_t hash[64], const uint8_t *context,
+                        size_t context_len)
+{
+    return c448_ed448_sign(signature, privkey, pubkey, hash, 64, 1, context,
+                           context_len);
+}
+
+c448_error_t c448_ed448_verify(
+                    const uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
+                    const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
+                    const uint8_t *message, size_t message_len,
+                    uint8_t prehashed, const uint8_t *context,
+                    uint8_t context_len)
+{
+    curve448_point_t pk_point, r_point;
+    c448_error_t error =
+        curve448_point_decode_like_eddsa_and_mul_by_ratio(pk_point, pubkey);
+    curve448_scalar_t challenge_scalar;
+    curve448_scalar_t response_scalar;
+
+    if (C448_SUCCESS != error)
+        return error;
+
+    error =
+        curve448_point_decode_like_eddsa_and_mul_by_ratio(r_point, signature);
+    if (C448_SUCCESS != error)
+        return error;
+
+    {
+        /* Compute the challenge */
+        EVP_MD_CTX *hashctx = EVP_MD_CTX_new();
+        uint8_t challenge[2 * EDDSA_448_PRIVATE_BYTES];
+
+        if (hashctx == NULL
+                || !hash_init_with_dom(hashctx, prehashed, 0, context,
+                                       context_len)
+                || !EVP_DigestUpdate(hashctx, signature, EDDSA_448_PUBLIC_BYTES)
+                || !EVP_DigestUpdate(hashctx, pubkey, EDDSA_448_PUBLIC_BYTES)
+                || !EVP_DigestUpdate(hashctx, message, message_len)
+                || !EVP_DigestFinalXOF(hashctx, challenge, sizeof(challenge))) {
+            EVP_MD_CTX_free(hashctx);
+            return C448_FAILURE;
+        }
+
+        EVP_MD_CTX_free(hashctx);
+        curve448_scalar_decode_long(challenge_scalar, challenge,
+                                    sizeof(challenge));
+        OPENSSL_cleanse(challenge, sizeof(challenge));
+    }
+    curve448_scalar_sub(challenge_scalar, curve448_scalar_zero,
+                        challenge_scalar);
+
+    curve448_scalar_decode_long(response_scalar,
+                                &signature[EDDSA_448_PUBLIC_BYTES],
+                                EDDSA_448_PRIVATE_BYTES);
+
+    /* pk_point = -c(x(P)) + (cx + k)G = kG */
+    curve448_base_double_scalarmul_non_secret(pk_point,
+                                              response_scalar,
+                                              pk_point, challenge_scalar);
+    return c448_succeed_if(curve448_point_eq(pk_point, r_point));
+}
+
+c448_error_t c448_ed448_verify_prehash(
+                    const uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
+                    const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
+                    const uint8_t hash[64], const uint8_t *context,
+                    uint8_t context_len)
+{
+    return c448_ed448_verify(signature, pubkey, hash, 64, 1, context,
+                             context_len);
+}
+
+int ED448_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len,
+               const uint8_t public_key[57], const uint8_t private_key[57],
+               const uint8_t *context, size_t context_len)
+{
+    return c448_ed448_sign(out_sig, private_key, public_key, message,
+                           message_len, 0, context, context_len)
+        == C448_SUCCESS;
+}
+
+int ED448_verify(const uint8_t *message, size_t message_len,
+                 const uint8_t signature[114], const uint8_t public_key[57],
+                 const uint8_t *context, size_t context_len)
+{
+    return c448_ed448_verify(signature, public_key, message, message_len, 0,
+                             context, (uint8_t)context_len) == C448_SUCCESS;
+}
+
+int ED448ph_sign(uint8_t *out_sig, const uint8_t hash[64],
+                 const uint8_t public_key[57], const uint8_t private_key[57],
+                 const uint8_t *context, size_t context_len)
+{
+    return c448_ed448_sign_prehash(out_sig, private_key, public_key, hash,
+                                   context, context_len) == C448_SUCCESS;
+
+}
+
+int ED448ph_verify(const uint8_t hash[64], const uint8_t signature[114],
+                   const uint8_t public_key[57], const uint8_t *context,
+                   size_t context_len)
+{
+    return c448_ed448_verify_prehash(signature, public_key, hash, context,
+                                     (uint8_t)context_len) == C448_SUCCESS;
+}
+
+int ED448_public_from_private(uint8_t out_public_key[57],
+                              const uint8_t private_key[57])
+{
+    return c448_ed448_derive_public_key(out_public_key, private_key)
+        == C448_SUCCESS;
+}
diff --git a/freebsd/crypto/openssl/crypto/ec/curve448/f_generic.c b/freebsd/crypto/openssl/crypto/ec/curve448/f_generic.c
new file mode 100644
index 00000000..c505543c
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/ec/curve448/f_generic.c
@@ -0,0 +1,206 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2016 Cryptography Research, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Mike Hamburg
+ */
+#include "field.h"
+
+static const gf MODULUS = {
+    FIELD_LITERAL(0xffffffffffffff, 0xffffffffffffff, 0xffffffffffffff,
+                  0xffffffffffffff, 0xfffffffffffffe, 0xffffffffffffff,
+                  0xffffffffffffff, 0xffffffffffffff)
+};
+
+/* Serialize to wire format. */
+void gf_serialize(uint8_t serial[SER_BYTES], const gf x, int with_hibit)
+{
+    unsigned int j = 0, fill = 0;
+    dword_t buffer = 0;
+    int i;
+    gf red;
+
+    gf_copy(red, x);
+    gf_strong_reduce(red);
+    if (!with_hibit)
+        assert(gf_hibit(red) == 0);
+
+    for (i = 0; i < (with_hibit ? X_SER_BYTES : SER_BYTES); i++) {
+        if (fill < 8 && j < NLIMBS) {
+            buffer |= ((dword_t) red->limb[LIMBPERM(j)]) << fill;
+            fill += LIMB_PLACE_VALUE(LIMBPERM(j));
+            j++;
+        }
+        serial[i] = (uint8_t)buffer;
+        fill -= 8;
+        buffer >>= 8;
+    }
+}
+
+/* Return high bit of x = low bit of 2x mod p */
+mask_t gf_hibit(const gf x)
+{
+    gf y;
+
+    gf_add(y, x, x);
+    gf_strong_reduce(y);
+    return 0 - (y->limb[0] & 1);
+}
+
+/* Return high bit of x = low bit of 2x mod p */
+mask_t gf_lobit(const gf x)
+{
+    gf y;
+
+    gf_copy(y, x);
+    gf_strong_reduce(y);
+    return 0 - (y->limb[0] & 1);
+}
+
+/* Deserialize from wire format; return -1 on success and 0 on failure. */
+mask_t gf_deserialize(gf x, const uint8_t serial[SER_BYTES], int with_hibit,
+                      uint8_t hi_nmask)
+{
+    unsigned int j = 0, fill = 0;
+    dword_t buffer = 0;
+    dsword_t scarry = 0;
+    const unsigned nbytes = with_hibit ? X_SER_BYTES : SER_BYTES;
+    unsigned int i;
+    mask_t succ;
+
+    for (i = 0; i < NLIMBS; i++) {
+        while (fill < LIMB_PLACE_VALUE(LIMBPERM(i)) && j < nbytes) {
+            uint8_t sj;
+
+            sj = serial[j];
+            if (j == nbytes - 1)
+                sj &= ~hi_nmask;
+            buffer |= ((dword_t) sj) << fill;
+            fill += 8;
+            j++;
+        }
+        x->limb[LIMBPERM(i)] = (word_t)
+            ((i < NLIMBS - 1) ? buffer & LIMB_MASK(LIMBPERM(i)) : buffer);
+        fill -= LIMB_PLACE_VALUE(LIMBPERM(i));
+        buffer >>= LIMB_PLACE_VALUE(LIMBPERM(i));
+        scarry =
+            (scarry + x->limb[LIMBPERM(i)] -
+             MODULUS->limb[LIMBPERM(i)]) >> (8 * sizeof(word_t));
+    }
+    succ = with_hibit ? 0 - (mask_t) 1 : ~gf_hibit(x);
+    return succ & word_is_zero((word_t)buffer) & ~word_is_zero((word_t)scarry);
+}
+
+/* Reduce to canonical form. */
+void gf_strong_reduce(gf a)
+{
+    dsword_t scarry;
+    word_t scarry_0;
+    dword_t carry = 0;
+    unsigned int i;
+
+    /* first, clear high */
+    gf_weak_reduce(a);          /* Determined to have negligible perf impact. */
+
+    /* now the total is less than 2p */
+
+    /* compute total_value - p.  No need to reduce mod p. */
+    scarry = 0;
+    for (i = 0; i < NLIMBS; i++) {
+        scarry = scarry + a->limb[LIMBPERM(i)] - MODULUS->limb[LIMBPERM(i)];
+        a->limb[LIMBPERM(i)] = scarry & LIMB_MASK(LIMBPERM(i));
+        scarry >>= LIMB_PLACE_VALUE(LIMBPERM(i));
+    }
+
+    /*
+     * uncommon case: it was >= p, so now scarry = 0 and this = x common case:
+     * it was < p, so now scarry = -1 and this = x - p + 2^255 so let's add
+     * back in p.  will carry back off the top for 2^255.
+     */
+    assert(scarry == 0 || scarry == -1);
+
+    scarry_0 = (word_t)scarry;
+
+    /* add it back */
+    for (i = 0; i < NLIMBS; i++) {
+        carry =
+            carry + a->limb[LIMBPERM(i)] +
+            (scarry_0 & MODULUS->limb[LIMBPERM(i)]);
+        a->limb[LIMBPERM(i)] = carry & LIMB_MASK(LIMBPERM(i));
+        carry >>= LIMB_PLACE_VALUE(LIMBPERM(i));
+    }
+
+    assert(carry < 2 && ((word_t)carry + scarry_0) == 0);
+}
+
+/* Subtract two gf elements d=a-b */
+void gf_sub(gf d, const gf a, const gf b)
+{
+    gf_sub_RAW(d, a, b);
+    gf_bias(d, 2);
+    gf_weak_reduce(d);
+}
+
+/* Add two field elements d = a+b */
+void gf_add(gf d, const gf a, const gf b)
+{
+    gf_add_RAW(d, a, b);
+    gf_weak_reduce(d);
+}
+
+/* Compare a==b */
+mask_t gf_eq(const gf a, const gf b)
+{
+    gf c;
+    mask_t ret = 0;
+    unsigned int i;
+
+    gf_sub(c, a, b);
+    gf_strong_reduce(c);
+
+    for (i = 0; i < NLIMBS; i++)
+        ret |= c->limb[LIMBPERM(i)];
+
+    return word_is_zero(ret);
+}
+
+mask_t gf_isr(gf a, const gf x)
+{
+    gf L0, L1, L2;
+
+    gf_sqr(L1, x);
+    gf_mul(L2, x, L1);
+    gf_sqr(L1, L2);
+    gf_mul(L2, x, L1);
+    gf_sqrn(L1, L2, 3);
+    gf_mul(L0, L2, L1);
+    gf_sqrn(L1, L0, 3);
+    gf_mul(L0, L2, L1);
+    gf_sqrn(L2, L0, 9);
+    gf_mul(L1, L0, L2);
+    gf_sqr(L0, L1);
+    gf_mul(L2, x, L0);
+    gf_sqrn(L0, L2, 18);
+    gf_mul(L2, L1, L0);
+    gf_sqrn(L0, L2, 37);
+    gf_mul(L1, L2, L0);
+    gf_sqrn(L0, L1, 37);
+    gf_mul(L1, L2, L0);
+    gf_sqrn(L0, L1, 111);
+    gf_mul(L2, L1, L0);
+    gf_sqr(L0, L2);
+    gf_mul(L1, x, L0);
+    gf_sqrn(L0, L1, 223);
+    gf_mul(L1, L2, L0);
+    gf_sqr(L2, L1);
+    gf_mul(L0, L2, x);
+    gf_copy(a, L1);
+    return gf_eq(L0, ONE);
+}
diff --git a/freebsd/crypto/openssl/crypto/ec/curve448/field.h b/freebsd/crypto/openssl/crypto/ec/curve448/field.h
new file mode 100644
index 00000000..d96d4c02
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/ec/curve448/field.h
@@ -0,0 +1,168 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2014 Cryptography Research, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Mike Hamburg
+ */
+
+#ifndef HEADER_FIELD_H
+# define HEADER_FIELD_H
+
+# include "internal/constant_time_locl.h"
+# include <string.h>
+# include <assert.h>
+# include "word.h"
+
+# define NLIMBS (64/sizeof(word_t))
+# define X_SER_BYTES 56
+# define SER_BYTES 56
+
+# if defined(__GNUC__) || defined(__clang__)
+#  define INLINE_UNUSED __inline__ __attribute__((__unused__,__always_inline__))
+#  define RESTRICT __restrict__
+#  define ALIGNED __attribute__((__aligned__(16)))
+# else
+#  define INLINE_UNUSED ossl_inline
+#  define RESTRICT
+#  define ALIGNED
+# endif
+
+typedef struct gf_s {
+    word_t limb[NLIMBS];
+} ALIGNED gf_s, gf[1];
+
+/* RFC 7748 support */
+# define X_PUBLIC_BYTES  X_SER_BYTES
+# define X_PRIVATE_BYTES X_PUBLIC_BYTES
+# define X_PRIVATE_BITS  448
+
+static INLINE_UNUSED void gf_copy(gf out, const gf a)
+{
+    *out = *a;
+}
+
+static INLINE_UNUSED void gf_add_RAW(gf out, const gf a, const gf b);
+static INLINE_UNUSED void gf_sub_RAW(gf out, const gf a, const gf b);
+static INLINE_UNUSED void gf_bias(gf inout, int amount);
+static INLINE_UNUSED void gf_weak_reduce(gf inout);
+
+void gf_strong_reduce(gf inout);
+void gf_add(gf out, const gf a, const gf b);
+void gf_sub(gf out, const gf a, const gf b);
+void gf_mul(gf_s * RESTRICT out, const gf a, const gf b);
+void gf_mulw_unsigned(gf_s * RESTRICT out, const gf a, uint32_t b);
+void gf_sqr(gf_s * RESTRICT out, const gf a);
+mask_t gf_isr(gf a, const gf x); /** a^2 x = 1, QNR, or 0 if x=0.  Return true if successful */
+mask_t gf_eq(const gf x, const gf y);
+mask_t gf_lobit(const gf x);
+mask_t gf_hibit(const gf x);
+
+void gf_serialize(uint8_t *serial, const gf x, int with_highbit);
+mask_t gf_deserialize(gf x, const uint8_t serial[SER_BYTES], int with_hibit,
+                      uint8_t hi_nmask);
+
+# include "f_impl.h"            /* Bring in the inline implementations */
+
+# define LIMBPERM(i) (i)
+# define LIMB_MASK(i) (((1)<<LIMB_PLACE_VALUE(i))-1)
+
+static const gf ZERO = {{{0}}}, ONE = {{{1}}};
+
+/* Square x, n times. */
+static ossl_inline void gf_sqrn(gf_s * RESTRICT y, const gf x, int n)
+{
+    gf tmp;
+
+    assert(n > 0);
+    if (n & 1) {
+        gf_sqr(y, x);
+        n--;
+    } else {
+        gf_sqr(tmp, x);
+        gf_sqr(y, tmp);
+        n -= 2;
+    }
+    for (; n; n -= 2) {
+        gf_sqr(tmp, y);
+        gf_sqr(y, tmp);
+    }
+}
+
+# define gf_add_nr gf_add_RAW
+
+/* Subtract mod p.  Bias by 2 and don't reduce  */
+static ossl_inline void gf_sub_nr(gf c, const gf a, const gf b)
+{
+    gf_sub_RAW(c, a, b);
+    gf_bias(c, 2);
+    if (GF_HEADROOM < 3)
+        gf_weak_reduce(c);
+}
+
+/* Subtract mod p. Bias by amt but don't reduce.  */
+static ossl_inline void gf_subx_nr(gf c, const gf a, const gf b, int amt)
+{
+    gf_sub_RAW(c, a, b);
+    gf_bias(c, amt);
+    if (GF_HEADROOM < amt + 1)
+        gf_weak_reduce(c);
+}
+
+/* Mul by signed int.  Not constant-time WRT the sign of that int. */
+static ossl_inline void gf_mulw(gf c, const gf a, int32_t w)
+{
+    if (w > 0) {
+        gf_mulw_unsigned(c, a, w);
+    } else {
+        gf_mulw_unsigned(c, a, -w);
+        gf_sub(c, ZERO, c);
+    }
+}
+
+/* Constant time, x = is_z ? z : y */
+static ossl_inline void gf_cond_sel(gf x, const gf y, const gf z, mask_t is_z)
+{
+    size_t i;
+
+    for (i = 0; i < NLIMBS; i++) {
+#if ARCH_WORD_BITS == 32
+        x[0].limb[i] = constant_time_select_32(is_z, z[0].limb[i],
+                                               y[0].limb[i]);
+#else
+        /* Must be 64 bit */
+        x[0].limb[i] = constant_time_select_64(is_z, z[0].limb[i],
+                                               y[0].limb[i]);
+#endif
+    }
+}
+
+/* Constant time, if (neg) x=-x; */
+static ossl_inline void gf_cond_neg(gf x, mask_t neg)
+{
+    gf y;
+
+    gf_sub(y, ZERO, x);
+    gf_cond_sel(x, x, y, neg);
+}
+
+/* Constant time, if (swap) (x,y) = (y,x); */
+static ossl_inline void gf_cond_swap(gf x, gf_s * RESTRICT y, mask_t swap)
+{
+    size_t i;
+
+    for (i = 0; i < NLIMBS; i++) {
+#if ARCH_WORD_BITS == 32
+        constant_time_cond_swap_32(swap, &(x[0].limb[i]), &(y->limb[i]));
+#else
+        /* Must be 64 bit */
+        constant_time_cond_swap_64(swap, &(x[0].limb[i]), &(y->limb[i]));
+#endif
+    }
+}
+
+#endif                          /* HEADER_FIELD_H */
diff --git a/freebsd/crypto/openssl/crypto/ec/curve448/point_448.h b/freebsd/crypto/openssl/crypto/ec/curve448/point_448.h
new file mode 100644
index 00000000..0ef3b871
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/ec/curve448/point_448.h
@@ -0,0 +1,301 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2016 Cryptography Research, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Mike Hamburg
+ */
+
+#ifndef HEADER_POINT_448_H
+# define HEADER_POINT_448_H
+
+# include "curve448utils.h"
+# include "field.h"
+
+/* Comb config: number of combs, n, t, s. */
+#define COMBS_N 5
+#define COMBS_T 5
+#define COMBS_S 18
+
+/* Projective Niels coordinates */
+typedef struct {
+    gf a, b, c;
+} niels_s, niels_t[1];
+typedef struct {
+    niels_t n;
+    gf z;
+} pniels_t[1];
+
+/* Precomputed base */
+struct curve448_precomputed_s {
+    niels_t table[COMBS_N << (COMBS_T - 1)];
+};
+
+# define C448_SCALAR_LIMBS ((446-1)/C448_WORD_BITS+1)
+
+/* The number of bits in a scalar */
+# define C448_SCALAR_BITS 446
+
+/* Number of bytes in a serialized scalar. */
+# define C448_SCALAR_BYTES 56
+
+/* X448 encoding ratio. */
+# define X448_ENCODE_RATIO 2
+
+/* Number of bytes in an x448 public key */
+# define X448_PUBLIC_BYTES 56
+
+/* Number of bytes in an x448 private key */
+# define X448_PRIVATE_BYTES 56
+
+/* Twisted Edwards extended homogeneous coordinates */
+typedef struct curve448_point_s {
+    gf x, y, z, t;
+} curve448_point_t[1];
+
+/* Precomputed table based on a point.  Can be trivial implementation. */
+struct curve448_precomputed_s;
+
+/* Precomputed table based on a point.  Can be trivial implementation. */
+typedef struct curve448_precomputed_s curve448_precomputed_s;
+
+/* Scalar is stored packed, because we don't need the speed. */
+typedef struct curve448_scalar_s {
+    c448_word_t limb[C448_SCALAR_LIMBS];
+} curve448_scalar_t[1];
+
+/* A scalar equal to 1. */
+extern const curve448_scalar_t curve448_scalar_one;
+
+/* A scalar equal to 0. */
+extern const curve448_scalar_t curve448_scalar_zero;
+
+/* The identity point on the curve. */
+extern const curve448_point_t curve448_point_identity;
+
+/* Precomputed table for the base point on the curve. */
+extern const struct curve448_precomputed_s *curve448_precomputed_base;
+extern const niels_t *curve448_wnaf_base;
+
+/*
+ * Read a scalar from wire format or from bytes.
+ *
+ * ser (in): Serialized form of a scalar.
+ * out (out): Deserialized form.
+ *
+ * Returns:
+ * C448_SUCCESS: The scalar was correctly encoded.
+ * C448_FAILURE: The scalar was greater than the modulus, and has been reduced
+ * modulo that modulus.
+ */
+c448_error_t curve448_scalar_decode(curve448_scalar_t out,
+                                    const unsigned char ser[C448_SCALAR_BYTES]);
+
+/*
+ * Read a scalar from wire format or from bytes.  Reduces mod scalar prime.
+ *
+ * ser (in): Serialized form of a scalar.
+ * ser_len (in): Length of serialized form.
+ * out (out): Deserialized form.
+ */
+void curve448_scalar_decode_long(curve448_scalar_t out,
+                                 const unsigned char *ser, size_t ser_len);
+
+/*
+ * Serialize a scalar to wire format.
+ *
+ * ser (out): Serialized form of a scalar.
+ * s (in): Deserialized scalar.
+ */
+void curve448_scalar_encode(unsigned char ser[C448_SCALAR_BYTES],
+                            const curve448_scalar_t s);
+
+/*
+ * Add two scalars. |a|, |b| and |out| may alias each other.
+ * 
+ * a (in): One scalar.
+ * b (in): Another scalar.
+ * out (out): a+b.
+ */
+void curve448_scalar_add(curve448_scalar_t out,
+                         const curve448_scalar_t a, const curve448_scalar_t b);
+
+/*
+ * Subtract two scalars.  |a|, |b| and |out| may alias each other.
+ * a (in): One scalar.
+ * b (in): Another scalar.
+ * out (out): a-b.
+ */
+void curve448_scalar_sub(curve448_scalar_t out,
+                         const curve448_scalar_t a, const curve448_scalar_t b);
+
+/*
+ * Multiply two scalars. |a|, |b| and |out| may alias each other.
+ * 
+ * a (in): One scalar.
+ * b (in): Another scalar.
+ * out (out): a*b.
+ */
+void curve448_scalar_mul(curve448_scalar_t out,
+                         const curve448_scalar_t a, const curve448_scalar_t b);
+
+/*
+* Halve a scalar.  |a| and |out| may alias each other.
+* 
+* a (in): A scalar.
+* out (out): a/2.
+*/
+void curve448_scalar_halve(curve448_scalar_t out, const curve448_scalar_t a);
+
+/*
+ * Copy a scalar.  The scalars may alias each other, in which case this
+ * function does nothing.
+ * 
+ * a (in): A scalar.
+ * out (out): Will become a copy of a.
+ */
+static ossl_inline void curve448_scalar_copy(curve448_scalar_t out,
+                                             const curve448_scalar_t a)
+{
+    *out = *a;
+}
+
+/*
+ * Copy a point.  The input and output may alias, in which case this function
+ * does nothing.
+ *
+ * a (out): A copy of the point.
+ * b (in): Any point.
+ */
+static ossl_inline void curve448_point_copy(curve448_point_t a,
+                                            const curve448_point_t b)
+{
+    *a = *b;
+}
+
+/*
+ * Test whether two points are equal.  If yes, return C448_TRUE, else return
+ * C448_FALSE.
+ *
+ * a (in): A point.
+ * b (in): Another point.
+ * 
+ * Returns:
+ * C448_TRUE: The points are equal.
+ * C448_FALSE: The points are not equal.
+ */
+__owur c448_bool_t curve448_point_eq(const curve448_point_t a,
+                                     const curve448_point_t b);
+
+/*
+ * Double a point. Equivalent to curve448_point_add(two_a,a,a), but potentially
+ * faster.
+ *
+ * two_a (out): The sum a+a.
+ * a (in): A point.
+ */
+void curve448_point_double(curve448_point_t two_a, const curve448_point_t a);
+
+/*
+ * RFC 7748 Diffie-Hellman scalarmul.  This function uses a different
+ * (non-Decaf) encoding.
+ *
+ * out (out): The scaled point base*scalar
+ * base (in): The point to be scaled.
+ * scalar (in): The scalar to multiply by.
+ *
+ * Returns:
+ * C448_SUCCESS: The scalarmul succeeded.
+ * C448_FAILURE: The scalarmul didn't succeed, because the base point is in a
+ * small subgroup.
+ */
+__owur c448_error_t x448_int(uint8_t out[X448_PUBLIC_BYTES],
+                             const uint8_t base[X448_PUBLIC_BYTES],
+                             const uint8_t scalar[X448_PRIVATE_BYTES]);
+
+/*
+ * Multiply a point by X448_ENCODE_RATIO, then encode it like RFC 7748.
+ *
+ * This function is mainly used internally, but is exported in case
+ * it will be useful.
+ *
+ * The ratio is necessary because the internal representation doesn't
+ * track the cofactor information, so on output we must clear the cofactor.
+ * This would multiply by the cofactor, but in fact internally points are always
+ * even, so it multiplies by half the cofactor instead.
+ *
+ * As it happens, this aligns with the base point definitions; that is,
+ * if you pass the Decaf/Ristretto base point to this function, the result
+ * will be X448_ENCODE_RATIO times the X448
+ * base point.
+ *
+ * out (out): The scaled and encoded point.
+ * p (in): The point to be scaled and encoded.
+ */
+void curve448_point_mul_by_ratio_and_encode_like_x448(
+                                        uint8_t out[X448_PUBLIC_BYTES],
+                                        const curve448_point_t p);
+
+/*
+ * RFC 7748 Diffie-Hellman base point scalarmul.  This function uses a different
+ * (non-Decaf) encoding.
+ * 
+ * out (out): The scaled point base*scalar
+ * scalar (in): The scalar to multiply by.
+ */
+void x448_derive_public_key(uint8_t out[X448_PUBLIC_BYTES],
+                            const uint8_t scalar[X448_PRIVATE_BYTES]);
+
+/*
+ * Multiply a precomputed base point by a scalar: out = scalar*base.
+ *
+ * scaled (out): The scaled point base*scalar
+ * base (in): The point to be scaled.
+ * scalar (in): The scalar to multiply by.
+ */
+void curve448_precomputed_scalarmul(curve448_point_t scaled,
+                                    const curve448_precomputed_s * base,
+                                    const curve448_scalar_t scalar);
+
+/*
+ * Multiply two base points by two scalars:
+ * combo = scalar1*curve448_point_base + scalar2*base2.
+ *
+ * Otherwise equivalent to curve448_point_double_scalarmul, but may be
+ * faster at the expense of being variable time.
+ *
+ * combo (out): The linear combination scalar1*base + scalar2*base2.
+ * scalar1 (in): A first scalar to multiply by.
+ * base2 (in): A second point to be scaled.
+ * scalar2 (in) A second scalar to multiply by.
+ *
+ * Warning: This function takes variable time, and may leak the scalars used. 
+ * It is designed for signature verification.
+ */
+void curve448_base_double_scalarmul_non_secret(curve448_point_t combo,
+                                               const curve448_scalar_t scalar1,
+                                               const curve448_point_t base2,
+                                               const curve448_scalar_t scalar2);
+
+/*
+ * Test that a point is valid, for debugging purposes.
+ *
+ * to_test (in): The point to test.
+ *
+ * Returns:
+ * C448_TRUE The point is valid.
+ * C448_FALSE The point is invalid.
+ */
+__owur c448_bool_t curve448_point_valid(const curve448_point_t to_test);
+
+/* Overwrite scalar with zeros. */
+void curve448_scalar_destroy(curve448_scalar_t scalar);
+
+/* Overwrite point with zeros. */
+void curve448_point_destroy(curve448_point_t point);
+
+#endif                          /* HEADER_POINT_448_H */
diff --git a/freebsd/crypto/openssl/crypto/ec/curve448/scalar.c b/freebsd/crypto/openssl/crypto/ec/curve448/scalar.c
new file mode 100644
index 00000000..efde5a99
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/ec/curve448/scalar.c
@@ -0,0 +1,237 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2016 Cryptography Research, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Mike Hamburg
+ */
+#include <openssl/crypto.h>
+
+#include "word.h"
+#include "point_448.h"
+
+static const c448_word_t MONTGOMERY_FACTOR = (c448_word_t) 0x3bd440fae918bc5;
+static const curve448_scalar_t sc_p = {
+    {
+        {
+            SC_LIMB(0x2378c292ab5844f3), SC_LIMB(0x216cc2728dc58f55),
+            SC_LIMB(0xc44edb49aed63690), SC_LIMB(0xffffffff7cca23e9),
+            SC_LIMB(0xffffffffffffffff), SC_LIMB(0xffffffffffffffff),
+            SC_LIMB(0x3fffffffffffffff)
+        }
+    }
+}, sc_r2 = {
+    {
+        {
+
+            SC_LIMB(0xe3539257049b9b60), SC_LIMB(0x7af32c4bc1b195d9),
+            SC_LIMB(0x0d66de2388ea1859), SC_LIMB(0xae17cf725ee4d838),
+            SC_LIMB(0x1a9cc14ba3c47c44), SC_LIMB(0x2052bcb7e4d070af),
+            SC_LIMB(0x3402a939f823b729)
+        }
+    }
+};
+
+#define WBITS C448_WORD_BITS   /* NB this may be different from ARCH_WORD_BITS */
+
+const curve448_scalar_t curve448_scalar_one = {{{1}}};
+const curve448_scalar_t curve448_scalar_zero = {{{0}}};
+
+/*
+ * {extra,accum} - sub +? p
+ * Must have extra <= 1
+ */
+static void sc_subx(curve448_scalar_t out,
+                    const c448_word_t accum[C448_SCALAR_LIMBS],
+                    const curve448_scalar_t sub,
+                    const curve448_scalar_t p, c448_word_t extra)
+{
+    c448_dsword_t chain = 0;
+    unsigned int i;
+    c448_word_t borrow;
+
+    for (i = 0; i < C448_SCALAR_LIMBS; i++) {
+        chain = (chain + accum[i]) - sub->limb[i];
+        out->limb[i] = (c448_word_t)chain;
+        chain >>= WBITS;
+    }
+    borrow = (c448_word_t)chain + extra;     /* = 0 or -1 */
+
+    chain = 0;
+    for (i = 0; i < C448_SCALAR_LIMBS; i++) {
+        chain = (chain + out->limb[i]) + (p->limb[i] & borrow);
+        out->limb[i] = (c448_word_t)chain;
+        chain >>= WBITS;
+    }
+}
+
+static void sc_montmul(curve448_scalar_t out, const curve448_scalar_t a,
+                       const curve448_scalar_t b)
+{
+    unsigned int i, j;
+    c448_word_t accum[C448_SCALAR_LIMBS + 1] = { 0 };
+    c448_word_t hi_carry = 0;
+
+    for (i = 0; i < C448_SCALAR_LIMBS; i++) {
+        c448_word_t mand = a->limb[i];
+        const c448_word_t *mier = b->limb;
+
+        c448_dword_t chain = 0;
+        for (j = 0; j < C448_SCALAR_LIMBS; j++) {
+            chain += ((c448_dword_t) mand) * mier[j] + accum[j];
+            accum[j] = (c448_word_t)chain;
+            chain >>= WBITS;
+        }
+        accum[j] = (c448_word_t)chain;
+
+        mand = accum[0] * MONTGOMERY_FACTOR;
+        chain = 0;
+        mier = sc_p->limb;
+        for (j = 0; j < C448_SCALAR_LIMBS; j++) {
+            chain += (c448_dword_t) mand *mier[j] + accum[j];
+            if (j)
+                accum[j - 1] = (c448_word_t)chain;
+            chain >>= WBITS;
+        }
+        chain += accum[j];
+        chain += hi_carry;
+        accum[j - 1] = (c448_word_t)chain;
+        hi_carry = chain >> WBITS;
+    }
+
+    sc_subx(out, accum, sc_p, sc_p, hi_carry);
+}
+
+void curve448_scalar_mul(curve448_scalar_t out, const curve448_scalar_t a,
+                         const curve448_scalar_t b)
+{
+    sc_montmul(out, a, b);
+    sc_montmul(out, out, sc_r2);
+}
+
+void curve448_scalar_sub(curve448_scalar_t out, const curve448_scalar_t a,
+                         const curve448_scalar_t b)
+{
+    sc_subx(out, a->limb, b, sc_p, 0);
+}
+
+void curve448_scalar_add(curve448_scalar_t out, const curve448_scalar_t a,
+                         const curve448_scalar_t b)
+{
+    c448_dword_t chain = 0;
+    unsigned int i;
+
+    for (i = 0; i < C448_SCALAR_LIMBS; i++) {
+        chain = (chain + a->limb[i]) + b->limb[i];
+        out->limb[i] = (c448_word_t)chain;
+        chain >>= WBITS;
+    }
+    sc_subx(out, out->limb, sc_p, sc_p, (c448_word_t)chain);
+}
+
+static ossl_inline void scalar_decode_short(curve448_scalar_t s,
+                                            const unsigned char *ser,
+                                            size_t nbytes)
+{
+    size_t i, j, k = 0;
+
+    for (i = 0; i < C448_SCALAR_LIMBS; i++) {
+        c448_word_t out = 0;
+
+        for (j = 0; j < sizeof(c448_word_t) && k < nbytes; j++, k++)
+            out |= ((c448_word_t) ser[k]) << (8 * j);
+        s->limb[i] = out;
+    }
+}
+
+c448_error_t curve448_scalar_decode(
+                                curve448_scalar_t s,
+                                const unsigned char ser[C448_SCALAR_BYTES])
+{
+    unsigned int i;
+    c448_dsword_t accum = 0;
+
+    scalar_decode_short(s, ser, C448_SCALAR_BYTES);
+    for (i = 0; i < C448_SCALAR_LIMBS; i++)
+        accum = (accum + s->limb[i] - sc_p->limb[i]) >> WBITS;
+    /* Here accum == 0 or -1 */
+
+    curve448_scalar_mul(s, s, curve448_scalar_one); /* ham-handed reduce */
+
+    return c448_succeed_if(~word_is_zero((uint32_t)accum));
+}
+
+void curve448_scalar_destroy(curve448_scalar_t scalar)
+{
+    OPENSSL_cleanse(scalar, sizeof(curve448_scalar_t));
+}
+
+void curve448_scalar_decode_long(curve448_scalar_t s,
+                                 const unsigned char *ser, size_t ser_len)
+{
+    size_t i;
+    curve448_scalar_t t1, t2;
+
+    if (ser_len == 0) {
+        curve448_scalar_copy(s, curve448_scalar_zero);
+        return;
+    }
+
+    i = ser_len - (ser_len % C448_SCALAR_BYTES);
+    if (i == ser_len)
+        i -= C448_SCALAR_BYTES;
+
+    scalar_decode_short(t1, &ser[i], ser_len - i);
+
+    if (ser_len == sizeof(curve448_scalar_t)) {
+        assert(i == 0);
+        /* ham-handed reduce */
+        curve448_scalar_mul(s, t1, curve448_scalar_one);
+        curve448_scalar_destroy(t1);
+        return;
+    }
+
+    while (i) {
+        i -= C448_SCALAR_BYTES;
+        sc_montmul(t1, t1, sc_r2);
+        (void)curve448_scalar_decode(t2, ser + i);
+        curve448_scalar_add(t1, t1, t2);
+    }
+
+    curve448_scalar_copy(s, t1);
+    curve448_scalar_destroy(t1);
+    curve448_scalar_destroy(t2);
+}
+
+void curve448_scalar_encode(unsigned char ser[C448_SCALAR_BYTES],
+                            const curve448_scalar_t s)
+{
+    unsigned int i, j, k = 0;
+
+    for (i = 0; i < C448_SCALAR_LIMBS; i++) {
+        for (j = 0; j < sizeof(c448_word_t); j++, k++)
+            ser[k] = s->limb[i] >> (8 * j);
+    }
+}
+
+void curve448_scalar_halve(curve448_scalar_t out, const curve448_scalar_t a)
+{
+    c448_word_t mask = 0 - (a->limb[0] & 1);
+    c448_dword_t chain = 0;
+    unsigned int i;
+
+    for (i = 0; i < C448_SCALAR_LIMBS; i++) {
+        chain = (chain + a->limb[i]) + (sc_p->limb[i] & mask);
+        out->limb[i] = (c448_word_t)chain;
+        chain >>= C448_WORD_BITS;
+    }
+    for (i = 0; i < C448_SCALAR_LIMBS - 1; i++)
+        out->limb[i] = out->limb[i] >> 1 | out->limb[i + 1] << (WBITS - 1);
+    out->limb[i] = out->limb[i] >> 1 | (c448_word_t)(chain << (WBITS - 1));
+}
diff --git a/freebsd/crypto/openssl/crypto/ec/curve448/word.h b/freebsd/crypto/openssl/crypto/ec/curve448/word.h
new file mode 100644
index 00000000..a48b9e05
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/ec/curve448/word.h
@@ -0,0 +1,81 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2014 Cryptography Research, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Mike Hamburg
+ */
+
+#ifndef HEADER_WORD_H
+# define HEADER_WORD_H
+
+# include <string.h>
+# include <assert.h>
+# include <stdlib.h>
+# include <openssl/e_os2.h>
+# include "arch_intrinsics.h"
+# include "curve448utils.h"
+
+# if (ARCH_WORD_BITS == 64)
+typedef uint64_t word_t, mask_t;
+typedef __uint128_t dword_t;
+typedef int32_t hsword_t;
+typedef int64_t sword_t;
+typedef __int128_t dsword_t;
+# elif (ARCH_WORD_BITS == 32)
+typedef uint32_t word_t, mask_t;
+typedef uint64_t dword_t;
+typedef int16_t hsword_t;
+typedef int32_t sword_t;
+typedef int64_t dsword_t;
+# else
+#  error "For now, we only support 32- and 64-bit architectures."
+# endif
+
+/*
+ * Scalar limbs are keyed off of the API word size instead of the arch word
+ * size.
+ */
+# if C448_WORD_BITS == 64
+#  define SC_LIMB(x) (x)
+# elif C448_WORD_BITS == 32
+#  define SC_LIMB(x) ((uint32_t)(x)),((x) >> 32)
+# else
+#  error "For now we only support 32- and 64-bit architectures."
+# endif
+
+/*
+ * The plan on booleans: The external interface uses c448_bool_t, but this
+ * might be a different size than our particular arch's word_t (and thus
+ * mask_t).  Also, the caller isn't guaranteed to pass it as nonzero.  So
+ * bool_to_mask converts word sizes and checks nonzero. On the flip side,
+ * mask_t is always -1 or 0, but it might be a different size than
+ * c448_bool_t. On the third hand, we have success vs boolean types, but
+ * that's handled in common.h: it converts between c448_bool_t and
+ * c448_error_t.
+ */
+static ossl_inline c448_bool_t mask_to_bool(mask_t m)
+{
+    return (c448_sword_t)(sword_t)m;
+}
+
+static ossl_inline mask_t bool_to_mask(c448_bool_t m)
+{
+    /* On most arches this will be optimized to a simple cast. */
+    mask_t ret = 0;
+    unsigned int i;
+    unsigned int limit = sizeof(c448_bool_t) / sizeof(mask_t);
+
+    if (limit < 1)
+        limit = 1;
+    for (i = 0; i < limit; i++)
+        ret |= ~word_is_zero(m >> (i * 8 * sizeof(word_t)));
+
+    return ret;
+}
+
+#endif                          /* HEADER_WORD_H */
diff --git a/freebsd/crypto/openssl/crypto/ec/ec2_mult.c b/freebsd/crypto/openssl/crypto/ec/ec2_mult.c
deleted file mode 100644
index 31d26dab..00000000
--- a/freebsd/crypto/openssl/crypto/ec/ec2_mult.c
+++ /dev/null
@@ -1,467 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/ec/ec2_mult.c */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
- * to the OpenSSL project.
- *
- * The ECC Code is licensed pursuant to the OpenSSL open source
- * license provided below.
- *
- * The software is originally written by Sheueling Chang Shantz and
- * Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-/* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/err.h>
-
-#include "ec_lcl.h"
-
-#ifndef OPENSSL_NO_EC2M
-
-/*-
- * Compute the x-coordinate x/z for the point 2*(x/z) in Montgomery projective
- * coordinates.
- * Uses algorithm Mdouble in appendix of
- *     Lopez, J. and Dahab, R.  "Fast multiplication on elliptic curves over
- *     GF(2^m) without precomputation" (CHES '99, LNCS 1717).
- * modified to not require precomputation of c=b^{2^{m-1}}.
- */
-static int gf2m_Mdouble(const EC_GROUP *group, BIGNUM *x, BIGNUM *z,
-                        BN_CTX *ctx)
-{
-    BIGNUM *t1;
-    int ret = 0;
-
-    /* Since Mdouble is static we can guarantee that ctx != NULL. */
-    BN_CTX_start(ctx);
-    t1 = BN_CTX_get(ctx);
-    if (t1 == NULL)
-        goto err;
-
-    if (!group->meth->field_sqr(group, x, x, ctx))
-        goto err;
-    if (!group->meth->field_sqr(group, t1, z, ctx))
-        goto err;
-    if (!group->meth->field_mul(group, z, x, t1, ctx))
-        goto err;
-    if (!group->meth->field_sqr(group, x, x, ctx))
-        goto err;
-    if (!group->meth->field_sqr(group, t1, t1, ctx))
-        goto err;
-    if (!group->meth->field_mul(group, t1, &group->b, t1, ctx))
-        goto err;
-    if (!BN_GF2m_add(x, x, t1))
-        goto err;
-
-    ret = 1;
-
- err:
-    BN_CTX_end(ctx);
-    return ret;
-}
-
-/*-
- * Compute the x-coordinate x1/z1 for the point (x1/z1)+(x2/x2) in Montgomery
- * projective coordinates.
- * Uses algorithm Madd in appendix of
- *     Lopez, J. and Dahab, R.  "Fast multiplication on elliptic curves over
- *     GF(2^m) without precomputation" (CHES '99, LNCS 1717).
- */
-static int gf2m_Madd(const EC_GROUP *group, const BIGNUM *x, BIGNUM *x1,
-                     BIGNUM *z1, const BIGNUM *x2, const BIGNUM *z2,
-                     BN_CTX *ctx)
-{
-    BIGNUM *t1, *t2;
-    int ret = 0;
-
-    /* Since Madd is static we can guarantee that ctx != NULL. */
-    BN_CTX_start(ctx);
-    t1 = BN_CTX_get(ctx);
-    t2 = BN_CTX_get(ctx);
-    if (t2 == NULL)
-        goto err;
-
-    if (!BN_copy(t1, x))
-        goto err;
-    if (!group->meth->field_mul(group, x1, x1, z2, ctx))
-        goto err;
-    if (!group->meth->field_mul(group, z1, z1, x2, ctx))
-        goto err;
-    if (!group->meth->field_mul(group, t2, x1, z1, ctx))
-        goto err;
-    if (!BN_GF2m_add(z1, z1, x1))
-        goto err;
-    if (!group->meth->field_sqr(group, z1, z1, ctx))
-        goto err;
-    if (!group->meth->field_mul(group, x1, z1, t1, ctx))
-        goto err;
-    if (!BN_GF2m_add(x1, x1, t2))
-        goto err;
-
-    ret = 1;
-
- err:
-    BN_CTX_end(ctx);
-    return ret;
-}
-
-/*-
- * Compute the x, y affine coordinates from the point (x1, z1) (x2, z2)
- * using Montgomery point multiplication algorithm Mxy() in appendix of
- *     Lopez, J. and Dahab, R.  "Fast multiplication on elliptic curves over
- *     GF(2^m) without precomputation" (CHES '99, LNCS 1717).
- * Returns:
- *     0 on error
- *     1 if return value should be the point at infinity
- *     2 otherwise
- */
-static int gf2m_Mxy(const EC_GROUP *group, const BIGNUM *x, const BIGNUM *y,
-                    BIGNUM *x1, BIGNUM *z1, BIGNUM *x2, BIGNUM *z2,
-                    BN_CTX *ctx)
-{
-    BIGNUM *t3, *t4, *t5;
-    int ret = 0;
-
-    if (BN_is_zero(z1)) {
-        BN_zero(x2);
-        BN_zero(z2);
-        return 1;
-    }
-
-    if (BN_is_zero(z2)) {
-        if (!BN_copy(x2, x))
-            return 0;
-        if (!BN_GF2m_add(z2, x, y))
-            return 0;
-        return 2;
-    }
-
-    /* Since Mxy is static we can guarantee that ctx != NULL. */
-    BN_CTX_start(ctx);
-    t3 = BN_CTX_get(ctx);
-    t4 = BN_CTX_get(ctx);
-    t5 = BN_CTX_get(ctx);
-    if (t5 == NULL)
-        goto err;
-
-    if (!BN_one(t5))
-        goto err;
-
-    if (!group->meth->field_mul(group, t3, z1, z2, ctx))
-        goto err;
-
-    if (!group->meth->field_mul(group, z1, z1, x, ctx))
-        goto err;
-    if (!BN_GF2m_add(z1, z1, x1))
-        goto err;
-    if (!group->meth->field_mul(group, z2, z2, x, ctx))
-        goto err;
-    if (!group->meth->field_mul(group, x1, z2, x1, ctx))
-        goto err;
-    if (!BN_GF2m_add(z2, z2, x2))
-        goto err;
-
-    if (!group->meth->field_mul(group, z2, z2, z1, ctx))
-        goto err;
-    if (!group->meth->field_sqr(group, t4, x, ctx))
-        goto err;
-    if (!BN_GF2m_add(t4, t4, y))
-        goto err;
-    if (!group->meth->field_mul(group, t4, t4, t3, ctx))
-        goto err;
-    if (!BN_GF2m_add(t4, t4, z2))
-        goto err;
-
-    if (!group->meth->field_mul(group, t3, t3, x, ctx))
-        goto err;
-    if (!group->meth->field_div(group, t3, t5, t3, ctx))
-        goto err;
-    if (!group->meth->field_mul(group, t4, t3, t4, ctx))
-        goto err;
-    if (!group->meth->field_mul(group, x2, x1, t3, ctx))
-        goto err;
-    if (!BN_GF2m_add(z2, x2, x))
-        goto err;
-
-    if (!group->meth->field_mul(group, z2, z2, t4, ctx))
-        goto err;
-    if (!BN_GF2m_add(z2, z2, y))
-        goto err;
-
-    ret = 2;
-
- err:
-    BN_CTX_end(ctx);
-    return ret;
-}
-
-/*-
- * Computes scalar*point and stores the result in r.
- * point can not equal r.
- * Uses a modified algorithm 2P of
- *     Lopez, J. and Dahab, R.  "Fast multiplication on elliptic curves over
- *     GF(2^m) without precomputation" (CHES '99, LNCS 1717).
- *
- * To protect against side-channel attack the function uses constant time swap,
- * avoiding conditional branches.
- */
-static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group,
-                                             EC_POINT *r,
-                                             const BIGNUM *scalar,
-                                             const EC_POINT *point,
-                                             BN_CTX *ctx)
-{
-    BIGNUM *x1, *x2, *z1, *z2;
-    int ret = 0, i, group_top;
-    BN_ULONG mask, word;
-
-    if (r == point) {
-        ECerr(EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY, EC_R_INVALID_ARGUMENT);
-        return 0;
-    }
-
-    /* if result should be point at infinity */
-    if ((scalar == NULL) || BN_is_zero(scalar) || (point == NULL) ||
-        EC_POINT_is_at_infinity(group, point)) {
-        return EC_POINT_set_to_infinity(group, r);
-    }
-
-    /* only support affine coordinates */
-    if (!point->Z_is_one)
-        return 0;
-
-    /*
-     * Since point_multiply is static we can guarantee that ctx != NULL.
-     */
-    BN_CTX_start(ctx);
-    x1 = BN_CTX_get(ctx);
-    z1 = BN_CTX_get(ctx);
-    if (z1 == NULL)
-        goto err;
-
-    x2 = &r->X;
-    z2 = &r->Y;
-
-    group_top = group->field.top;
-    if (bn_wexpand(x1, group_top) == NULL
-        || bn_wexpand(z1, group_top) == NULL
-        || bn_wexpand(x2, group_top) == NULL
-        || bn_wexpand(z2, group_top) == NULL)
-        goto err;
-
-    if (!BN_GF2m_mod_arr(x1, &point->X, group->poly))
-        goto err;               /* x1 = x */
-    if (!BN_one(z1))
-        goto err;               /* z1 = 1 */
-    if (!group->meth->field_sqr(group, z2, x1, ctx))
-        goto err;               /* z2 = x1^2 = x^2 */
-    if (!group->meth->field_sqr(group, x2, z2, ctx))
-        goto err;
-    if (!BN_GF2m_add(x2, x2, &group->b))
-        goto err;               /* x2 = x^4 + b */
-
-    /* find top most bit and go one past it */
-    i = scalar->top - 1;
-    mask = BN_TBIT;
-    word = scalar->d[i];
-    while (!(word & mask))
-        mask >>= 1;
-    mask >>= 1;
-    /* if top most bit was at word break, go to next word */
-    if (!mask) {
-        i--;
-        mask = BN_TBIT;
-    }
-
-    for (; i >= 0; i--) {
-        word = scalar->d[i];
-        while (mask) {
-            BN_consttime_swap(word & mask, x1, x2, group_top);
-            BN_consttime_swap(word & mask, z1, z2, group_top);
-            if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx))
-                goto err;
-            if (!gf2m_Mdouble(group, x1, z1, ctx))
-                goto err;
-            BN_consttime_swap(word & mask, x1, x2, group_top);
-            BN_consttime_swap(word & mask, z1, z2, group_top);
-            mask >>= 1;
-        }
-        mask = BN_TBIT;
-    }
-
-    /* convert out of "projective" coordinates */
-    i = gf2m_Mxy(group, &point->X, &point->Y, x1, z1, x2, z2, ctx);
-    if (i == 0)
-        goto err;
-    else if (i == 1) {
-        if (!EC_POINT_set_to_infinity(group, r))
-            goto err;
-    } else {
-        if (!BN_one(&r->Z))
-            goto err;
-        r->Z_is_one = 1;
-    }
-
-    /* GF(2^m) field elements should always have BIGNUM::neg = 0 */
-    BN_set_negative(&r->X, 0);
-    BN_set_negative(&r->Y, 0);
-
-    ret = 1;
-
- err:
-    BN_CTX_end(ctx);
-    return ret;
-}
-
-/*-
- * Computes the sum
- *     scalar*group->generator + scalars[0]*points[0] + ... + scalars[num-1]*points[num-1]
- * gracefully ignoring NULL scalar values.
- */
-int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r,
-                       const BIGNUM *scalar, size_t num,
-                       const EC_POINT *points[], const BIGNUM *scalars[],
-                       BN_CTX *ctx)
-{
-    BN_CTX *new_ctx = NULL;
-    int ret = 0;
-    size_t i;
-    EC_POINT *p = NULL;
-    EC_POINT *acc = NULL;
-
-    if (ctx == NULL) {
-        ctx = new_ctx = BN_CTX_new();
-        if (ctx == NULL)
-            return 0;
-    }
-
-    /*
-     * This implementation is more efficient than the wNAF implementation for
-     * 2 or fewer points.  Use the ec_wNAF_mul implementation for 3 or more
-     * points, or if we can perform a fast multiplication based on
-     * precomputation.
-     */
-    if ((scalar && (num > 1)) || (num > 2)
-        || (num == 0 && EC_GROUP_have_precompute_mult(group))) {
-        ret = ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx);
-        goto err;
-    }
-
-    if ((p = EC_POINT_new(group)) == NULL)
-        goto err;
-    if ((acc = EC_POINT_new(group)) == NULL)
-        goto err;
-
-    if (!EC_POINT_set_to_infinity(group, acc))
-        goto err;
-
-    if (scalar) {
-        if (!ec_GF2m_montgomery_point_multiply
-            (group, p, scalar, group->generator, ctx))
-            goto err;
-        if (BN_is_negative(scalar))
-            if (!group->meth->invert(group, p, ctx))
-                goto err;
-        if (!group->meth->add(group, acc, acc, p, ctx))
-            goto err;
-    }
-
-    for (i = 0; i < num; i++) {
-        if (!ec_GF2m_montgomery_point_multiply
-            (group, p, scalars[i], points[i], ctx))
-            goto err;
-        if (BN_is_negative(scalars[i]))
-            if (!group->meth->invert(group, p, ctx))
-                goto err;
-        if (!group->meth->add(group, acc, acc, p, ctx))
-            goto err;
-    }
-
-    if (!EC_POINT_copy(r, acc))
-        goto err;
-
-    ret = 1;
-
- err:
-    if (p)
-        EC_POINT_free(p);
-    if (acc)
-        EC_POINT_free(acc);
-    if (new_ctx != NULL)
-        BN_CTX_free(new_ctx);
-    return ret;
-}
-
-/*
- * Precomputation for point multiplication: fall back to wNAF methods because
- * ec_GF2m_simple_mul() uses ec_wNAF_mul() if appropriate
- */
-
-int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
-{
-    return ec_wNAF_precompute_mult(group, ctx);
-}
-
-int ec_GF2m_have_precompute_mult(const EC_GROUP *group)
-{
-    return ec_wNAF_have_precompute_mult(group);
-}
-
-#endif
diff --git a/freebsd/crypto/openssl/crypto/ec/ec2_oct.c b/freebsd/crypto/openssl/crypto/ec/ec2_oct.c
index 8a7f63ca..fe0f9eb2 100644
--- a/freebsd/crypto/openssl/crypto/ec/ec2_oct.c
+++ b/freebsd/crypto/openssl/crypto/ec/ec2_oct.c
@@ -1,72 +1,13 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/ec/ec2_oct.c */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
- * to the OpenSSL project.
- *
- * The ECC Code is licensed pursuant to the OpenSSL open source
- * license provided below.
- *
- * The software is originally written by Sheueling Chang Shantz and
- * Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/err.h>
@@ -122,14 +63,14 @@ int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group,
     if (!BN_GF2m_mod_arr(x, x_, group->poly))
         goto err;
     if (BN_is_zero(x)) {
-        if (!BN_GF2m_mod_sqrt_arr(y, &group->b, group->poly, ctx))
+        if (!BN_GF2m_mod_sqrt_arr(y, group->b, group->poly, ctx))
             goto err;
     } else {
         if (!group->meth->field_sqr(group, tmp, x, ctx))
             goto err;
-        if (!group->meth->field_div(group, tmp, &group->b, tmp, ctx))
+        if (!group->meth->field_div(group, tmp, group->b, tmp, ctx))
             goto err;
-        if (!BN_GF2m_add(tmp, &group->a, tmp))
+        if (!BN_GF2m_add(tmp, group->a, tmp))
             goto err;
         if (!BN_GF2m_add(tmp, x, tmp))
             goto err;
@@ -155,15 +96,14 @@ int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group,
         }
     }
 
-    if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx))
+    if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx))
         goto err;
 
     ret = 1;
 
  err:
     BN_CTX_end(ctx);
-    if (new_ctx != NULL)
-        BN_CTX_free(new_ctx);
+    BN_CTX_free(new_ctx);
     return ret;
 }
 
@@ -228,7 +168,7 @@ size_t ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point,
         if (yxi == NULL)
             goto err;
 
-        if (!EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx))
+        if (!EC_POINT_get_affine_coordinates(group, point, x, y, ctx))
             goto err;
 
         buf[0] = form;
@@ -280,15 +220,13 @@ size_t ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point,
 
     if (used_ctx)
         BN_CTX_end(ctx);
-    if (new_ctx != NULL)
-        BN_CTX_free(new_ctx);
+    BN_CTX_free(new_ctx);
     return ret;
 
  err:
     if (used_ctx)
         BN_CTX_end(ctx);
-    if (new_ctx != NULL)
-        BN_CTX_free(new_ctx);
+    BN_CTX_free(new_ctx);
     return 0;
 }
 
@@ -359,19 +297,18 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
 
     if (!BN_bin2bn(buf + 1, field_len, x))
         goto err;
-    if (BN_ucmp(x, &group->field) >= 0) {
+    if (BN_ucmp(x, group->field) >= 0) {
         ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
         goto err;
     }
 
     if (form == POINT_CONVERSION_COMPRESSED) {
-        if (!EC_POINT_set_compressed_coordinates_GF2m
-            (group, point, x, y_bit, ctx))
+        if (!EC_POINT_set_compressed_coordinates(group, point, x, y_bit, ctx))
             goto err;
     } else {
         if (!BN_bin2bn(buf + 1 + field_len, field_len, y))
             goto err;
-        if (BN_ucmp(y, &group->field) >= 0) {
+        if (BN_ucmp(y, group->field) >= 0) {
             ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
             goto err;
         }
@@ -384,22 +321,19 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
             }
         }
 
-        if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx))
+        /*
+         * EC_POINT_set_affine_coordinates is responsible for checking that
+         * the point is on the curve.
+         */
+        if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx))
             goto err;
     }
 
-    /* test required by X9.62 */
-    if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
-        ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
-        goto err;
-    }
-
     ret = 1;
 
  err:
     BN_CTX_end(ctx);
-    if (new_ctx != NULL)
-        BN_CTX_free(new_ctx);
+    BN_CTX_free(new_ctx);
     return ret;
 }
 #endif
diff --git a/freebsd/crypto/openssl/crypto/ec/ec2_smpl.c b/freebsd/crypto/openssl/crypto/ec/ec2_smpl.c
index 6c86d64d..579ac0bf 100644
--- a/freebsd/crypto/openssl/crypto/ec/ec2_smpl.c
+++ b/freebsd/crypto/openssl/crypto/ec/ec2_smpl.c
@@ -1,148 +1,38 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/ec/ec2_smpl.c */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
- * to the OpenSSL project.
- *
- * The ECC Code is licensed pursuant to the OpenSSL open source
- * license provided below.
- *
- * The software is originally written by Sheueling Chang Shantz and
- * Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/err.h>
 
+#include "internal/bn_int.h"
 #include "ec_lcl.h"
 
 #ifndef OPENSSL_NO_EC2M
 
-# ifdef OPENSSL_FIPS
-#  include <openssl/fips.h>
-# endif
-
-const EC_METHOD *EC_GF2m_simple_method(void)
-{
-    static const EC_METHOD ret = {
-        EC_FLAGS_DEFAULT_OCT,
-        NID_X9_62_characteristic_two_field,
-        ec_GF2m_simple_group_init,
-        ec_GF2m_simple_group_finish,
-        ec_GF2m_simple_group_clear_finish,
-        ec_GF2m_simple_group_copy,
-        ec_GF2m_simple_group_set_curve,
-        ec_GF2m_simple_group_get_curve,
-        ec_GF2m_simple_group_get_degree,
-        ec_GF2m_simple_group_check_discriminant,
-        ec_GF2m_simple_point_init,
-        ec_GF2m_simple_point_finish,
-        ec_GF2m_simple_point_clear_finish,
-        ec_GF2m_simple_point_copy,
-        ec_GF2m_simple_point_set_to_infinity,
-        0 /* set_Jprojective_coordinates_GFp */ ,
-        0 /* get_Jprojective_coordinates_GFp */ ,
-        ec_GF2m_simple_point_set_affine_coordinates,
-        ec_GF2m_simple_point_get_affine_coordinates,
-        0, 0, 0,
-        ec_GF2m_simple_add,
-        ec_GF2m_simple_dbl,
-        ec_GF2m_simple_invert,
-        ec_GF2m_simple_is_at_infinity,
-        ec_GF2m_simple_is_on_curve,
-        ec_GF2m_simple_cmp,
-        ec_GF2m_simple_make_affine,
-        ec_GF2m_simple_points_make_affine,
-
-        /*
-         * the following three method functions are defined in ec2_mult.c
-         */
-        ec_GF2m_simple_mul,
-        ec_GF2m_precompute_mult,
-        ec_GF2m_have_precompute_mult,
-
-        ec_GF2m_simple_field_mul,
-        ec_GF2m_simple_field_sqr,
-        ec_GF2m_simple_field_div,
-        0 /* field_encode */ ,
-        0 /* field_decode */ ,
-        0                       /* field_set_to_one */
-    };
-
-# ifdef OPENSSL_FIPS
-    if (FIPS_mode())
-        return fips_ec_gf2m_simple_method();
-# endif
-
-    return &ret;
-}
-
 /*
  * Initialize a GF(2^m)-based EC_GROUP structure. Note that all other members
  * are handled by EC_GROUP_new.
  */
 int ec_GF2m_simple_group_init(EC_GROUP *group)
 {
-    BN_init(&group->field);
-    BN_init(&group->a);
-    BN_init(&group->b);
+    group->field = BN_new();
+    group->a = BN_new();
+    group->b = BN_new();
+
+    if (group->field == NULL || group->a == NULL || group->b == NULL) {
+        BN_free(group->field);
+        BN_free(group->a);
+        BN_free(group->b);
+        return 0;
+    }
     return 1;
 }
 
@@ -152,9 +42,9 @@ int ec_GF2m_simple_group_init(EC_GROUP *group)
  */
 void ec_GF2m_simple_group_finish(EC_GROUP *group)
 {
-    BN_free(&group->field);
-    BN_free(&group->a);
-    BN_free(&group->b);
+    BN_free(group->field);
+    BN_free(group->a);
+    BN_free(group->b);
 }
 
 /*
@@ -163,9 +53,9 @@ void ec_GF2m_simple_group_finish(EC_GROUP *group)
  */
 void ec_GF2m_simple_group_clear_finish(EC_GROUP *group)
 {
-    BN_clear_free(&group->field);
-    BN_clear_free(&group->a);
-    BN_clear_free(&group->b);
+    BN_clear_free(group->field);
+    BN_clear_free(group->a);
+    BN_clear_free(group->b);
     group->poly[0] = 0;
     group->poly[1] = 0;
     group->poly[2] = 0;
@@ -180,12 +70,11 @@ void ec_GF2m_simple_group_clear_finish(EC_GROUP *group)
  */
 int ec_GF2m_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src)
 {
-    int i;
-    if (!BN_copy(&dest->field, &src->field))
+    if (!BN_copy(dest->field, src->field))
         return 0;
-    if (!BN_copy(&dest->a, &src->a))
+    if (!BN_copy(dest->a, src->a))
         return 0;
-    if (!BN_copy(&dest->b, &src->b))
+    if (!BN_copy(dest->b, src->b))
         return 0;
     dest->poly[0] = src->poly[0];
     dest->poly[1] = src->poly[1];
@@ -193,16 +82,14 @@ int ec_GF2m_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src)
     dest->poly[3] = src->poly[3];
     dest->poly[4] = src->poly[4];
     dest->poly[5] = src->poly[5];
-    if (bn_wexpand(&dest->a, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2)
-        == NULL)
+    if (bn_wexpand(dest->a, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) ==
+        NULL)
         return 0;
-    if (bn_wexpand(&dest->b, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2)
-        == NULL)
+    if (bn_wexpand(dest->b, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) ==
+        NULL)
         return 0;
-    for (i = dest->a.top; i < dest->a.dmax; i++)
-        dest->a.d[i] = 0;
-    for (i = dest->b.top; i < dest->b.dmax; i++)
-        dest->b.d[i] = 0;
+    bn_set_all_zero(dest->a);
+    bn_set_all_zero(dest->b);
     return 1;
 }
 
@@ -214,31 +101,29 @@ int ec_GF2m_simple_group_set_curve(EC_GROUP *group,
     int ret = 0, i;
 
     /* group->field */
-    if (!BN_copy(&group->field, p))
+    if (!BN_copy(group->field, p))
         goto err;
-    i = BN_GF2m_poly2arr(&group->field, group->poly, 6) - 1;
+    i = BN_GF2m_poly2arr(group->field, group->poly, 6) - 1;
     if ((i != 5) && (i != 3)) {
         ECerr(EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD);
         goto err;
     }
 
     /* group->a */
-    if (!BN_GF2m_mod_arr(&group->a, a, group->poly))
+    if (!BN_GF2m_mod_arr(group->a, a, group->poly))
         goto err;
-    if (bn_wexpand(&group->a, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2)
+    if (bn_wexpand(group->a, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2)
         == NULL)
         goto err;
-    for (i = group->a.top; i < group->a.dmax; i++)
-        group->a.d[i] = 0;
+    bn_set_all_zero(group->a);
 
     /* group->b */
-    if (!BN_GF2m_mod_arr(&group->b, b, group->poly))
+    if (!BN_GF2m_mod_arr(group->b, b, group->poly))
         goto err;
-    if (bn_wexpand(&group->b, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2)
+    if (bn_wexpand(group->b, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2)
         == NULL)
         goto err;
-    for (i = group->b.top; i < group->b.dmax; i++)
-        group->b.d[i] = 0;
+    bn_set_all_zero(group->b);
 
     ret = 1;
  err:
@@ -255,17 +140,17 @@ int ec_GF2m_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p,
     int ret = 0;
 
     if (p != NULL) {
-        if (!BN_copy(p, &group->field))
+        if (!BN_copy(p, group->field))
             return 0;
     }
 
     if (a != NULL) {
-        if (!BN_copy(a, &group->a))
+        if (!BN_copy(a, group->a))
             goto err;
     }
 
     if (b != NULL) {
-        if (!BN_copy(b, &group->b))
+        if (!BN_copy(b, group->b))
             goto err;
     }
 
@@ -281,7 +166,7 @@ int ec_GF2m_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p,
  */
 int ec_GF2m_simple_group_get_degree(const EC_GROUP *group)
 {
-    return BN_num_bits(&group->field) - 1;
+    return BN_num_bits(group->field) - 1;
 }
 
 /*
@@ -308,7 +193,7 @@ int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *group,
     if (b == NULL)
         goto err;
 
-    if (!BN_GF2m_mod_arr(b, &group->b, group->poly))
+    if (!BN_GF2m_mod_arr(b, group->b, group->poly))
         goto err;
 
     /*
@@ -323,34 +208,40 @@ int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *group,
  err:
     if (ctx != NULL)
         BN_CTX_end(ctx);
-    if (new_ctx != NULL)
-        BN_CTX_free(new_ctx);
+    BN_CTX_free(new_ctx);
     return ret;
 }
 
 /* Initializes an EC_POINT. */
 int ec_GF2m_simple_point_init(EC_POINT *point)
 {
-    BN_init(&point->X);
-    BN_init(&point->Y);
-    BN_init(&point->Z);
+    point->X = BN_new();
+    point->Y = BN_new();
+    point->Z = BN_new();
+
+    if (point->X == NULL || point->Y == NULL || point->Z == NULL) {
+        BN_free(point->X);
+        BN_free(point->Y);
+        BN_free(point->Z);
+        return 0;
+    }
     return 1;
 }
 
 /* Frees an EC_POINT. */
 void ec_GF2m_simple_point_finish(EC_POINT *point)
 {
-    BN_free(&point->X);
-    BN_free(&point->Y);
-    BN_free(&point->Z);
+    BN_free(point->X);
+    BN_free(point->Y);
+    BN_free(point->Z);
 }
 
 /* Clears and frees an EC_POINT. */
 void ec_GF2m_simple_point_clear_finish(EC_POINT *point)
 {
-    BN_clear_free(&point->X);
-    BN_clear_free(&point->Y);
-    BN_clear_free(&point->Z);
+    BN_clear_free(point->X);
+    BN_clear_free(point->Y);
+    BN_clear_free(point->Z);
     point->Z_is_one = 0;
 }
 
@@ -360,13 +251,14 @@ void ec_GF2m_simple_point_clear_finish(EC_POINT *point)
  */
 int ec_GF2m_simple_point_copy(EC_POINT *dest, const EC_POINT *src)
 {
-    if (!BN_copy(&dest->X, &src->X))
+    if (!BN_copy(dest->X, src->X))
         return 0;
-    if (!BN_copy(&dest->Y, &src->Y))
+    if (!BN_copy(dest->Y, src->Y))
         return 0;
-    if (!BN_copy(&dest->Z, &src->Z))
+    if (!BN_copy(dest->Z, src->Z))
         return 0;
     dest->Z_is_one = src->Z_is_one;
+    dest->curve_name = src->curve_name;
 
     return 1;
 }
@@ -379,7 +271,7 @@ int ec_GF2m_simple_point_set_to_infinity(const EC_GROUP *group,
                                          EC_POINT *point)
 {
     point->Z_is_one = 0;
-    BN_zero(&point->Z);
+    BN_zero(point->Z);
     return 1;
 }
 
@@ -399,15 +291,15 @@ int ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP *group,
         return 0;
     }
 
-    if (!BN_copy(&point->X, x))
+    if (!BN_copy(point->X, x))
         goto err;
-    BN_set_negative(&point->X, 0);
-    if (!BN_copy(&point->Y, y))
+    BN_set_negative(point->X, 0);
+    if (!BN_copy(point->Y, y))
         goto err;
-    BN_set_negative(&point->Y, 0);
-    if (!BN_copy(&point->Z, BN_value_one()))
+    BN_set_negative(point->Y, 0);
+    if (!BN_copy(point->Z, BN_value_one()))
         goto err;
-    BN_set_negative(&point->Z, 0);
+    BN_set_negative(point->Z, 0);
     point->Z_is_one = 1;
     ret = 1;
 
@@ -432,18 +324,18 @@ int ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *group,
         return 0;
     }
 
-    if (BN_cmp(&point->Z, BN_value_one())) {
+    if (BN_cmp(point->Z, BN_value_one())) {
         ECerr(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES,
               ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
         return 0;
     }
     if (x != NULL) {
-        if (!BN_copy(x, &point->X))
+        if (!BN_copy(x, point->X))
             goto err;
         BN_set_negative(x, 0);
     }
     if (y != NULL) {
-        if (!BN_copy(y, &point->Y))
+        if (!BN_copy(y, point->Y))
             goto err;
         BN_set_negative(y, 0);
     }
@@ -495,21 +387,21 @@ int ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
         goto err;
 
     if (a->Z_is_one) {
-        if (!BN_copy(x0, &a->X))
+        if (!BN_copy(x0, a->X))
             goto err;
-        if (!BN_copy(y0, &a->Y))
+        if (!BN_copy(y0, a->Y))
             goto err;
     } else {
-        if (!EC_POINT_get_affine_coordinates_GF2m(group, a, x0, y0, ctx))
+        if (!EC_POINT_get_affine_coordinates(group, a, x0, y0, ctx))
             goto err;
     }
     if (b->Z_is_one) {
-        if (!BN_copy(x1, &b->X))
+        if (!BN_copy(x1, b->X))
             goto err;
-        if (!BN_copy(y1, &b->Y))
+        if (!BN_copy(y1, b->Y))
             goto err;
     } else {
-        if (!EC_POINT_get_affine_coordinates_GF2m(group, b, x1, y1, ctx))
+        if (!EC_POINT_get_affine_coordinates(group, b, x1, y1, ctx))
             goto err;
     }
 
@@ -522,7 +414,7 @@ int ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
             goto err;
         if (!group->meth->field_sqr(group, x2, s, ctx))
             goto err;
-        if (!BN_GF2m_add(x2, x2, &group->a))
+        if (!BN_GF2m_add(x2, x2, group->a))
             goto err;
         if (!BN_GF2m_add(x2, x2, s))
             goto err;
@@ -544,7 +436,7 @@ int ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
             goto err;
         if (!BN_GF2m_add(x2, x2, s))
             goto err;
-        if (!BN_GF2m_add(x2, x2, &group->a))
+        if (!BN_GF2m_add(x2, x2, group->a))
             goto err;
     }
 
@@ -557,15 +449,14 @@ int ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
     if (!BN_GF2m_add(y2, y2, y1))
         goto err;
 
-    if (!EC_POINT_set_affine_coordinates_GF2m(group, r, x2, y2, ctx))
+    if (!EC_POINT_set_affine_coordinates(group, r, x2, y2, ctx))
         goto err;
 
     ret = 1;
 
  err:
     BN_CTX_end(ctx);
-    if (new_ctx != NULL)
-        BN_CTX_free(new_ctx);
+    BN_CTX_free(new_ctx);
     return ret;
 }
 
@@ -581,20 +472,20 @@ int ec_GF2m_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
 
 int ec_GF2m_simple_invert(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
 {
-    if (EC_POINT_is_at_infinity(group, point) || BN_is_zero(&point->Y))
+    if (EC_POINT_is_at_infinity(group, point) || BN_is_zero(point->Y))
         /* point is its own inverse */
         return 1;
 
     if (!EC_POINT_make_affine(group, point, ctx))
         return 0;
-    return BN_GF2m_add(&point->Y, &point->X, &point->Y);
+    return BN_GF2m_add(point->Y, point->X, point->Y);
 }
 
 /* Indicates whether the given point is the point at infinity. */
 int ec_GF2m_simple_is_at_infinity(const EC_GROUP *group,
                                   const EC_POINT *point)
 {
-    return BN_is_zero(&point->Z);
+    return BN_is_zero(point->Z);
 }
 
 /*-
@@ -640,26 +531,25 @@ int ec_GF2m_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
      *  <=> x^3 + a*x^2 + x*y + b + y^2 = 0
      *  <=> ((x + a) * x + y ) * x + b + y^2 = 0
      */
-    if (!BN_GF2m_add(lh, &point->X, &group->a))
+    if (!BN_GF2m_add(lh, point->X, group->a))
         goto err;
-    if (!field_mul(group, lh, lh, &point->X, ctx))
+    if (!field_mul(group, lh, lh, point->X, ctx))
         goto err;
-    if (!BN_GF2m_add(lh, lh, &point->Y))
+    if (!BN_GF2m_add(lh, lh, point->Y))
         goto err;
-    if (!field_mul(group, lh, lh, &point->X, ctx))
+    if (!field_mul(group, lh, lh, point->X, ctx))
         goto err;
-    if (!BN_GF2m_add(lh, lh, &group->b))
+    if (!BN_GF2m_add(lh, lh, group->b))
         goto err;
-    if (!field_sqr(group, y2, &point->Y, ctx))
+    if (!field_sqr(group, y2, point->Y, ctx))
         goto err;
     if (!BN_GF2m_add(lh, lh, y2))
         goto err;
     ret = BN_is_zero(lh);
+
  err:
-    if (ctx)
-        BN_CTX_end(ctx);
-    if (new_ctx)
-        BN_CTX_free(new_ctx);
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
     return ret;
 }
 
@@ -685,8 +575,7 @@ int ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a,
         return 1;
 
     if (a->Z_is_one && b->Z_is_one) {
-        return ((BN_cmp(&a->X, &b->X) == 0)
-                && BN_cmp(&a->Y, &b->Y) == 0) ? 0 : 1;
+        return ((BN_cmp(a->X, b->X) == 0) && BN_cmp(a->Y, b->Y) == 0) ? 0 : 1;
     }
 
     if (ctx == NULL) {
@@ -703,17 +592,15 @@ int ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a,
     if (bY == NULL)
         goto err;
 
-    if (!EC_POINT_get_affine_coordinates_GF2m(group, a, aX, aY, ctx))
+    if (!EC_POINT_get_affine_coordinates(group, a, aX, aY, ctx))
         goto err;
-    if (!EC_POINT_get_affine_coordinates_GF2m(group, b, bX, bY, ctx))
+    if (!EC_POINT_get_affine_coordinates(group, b, bX, bY, ctx))
         goto err;
     ret = ((BN_cmp(aX, bX) == 0) && BN_cmp(aY, bY) == 0) ? 0 : 1;
 
  err:
-    if (ctx)
-        BN_CTX_end(ctx);
-    if (new_ctx)
-        BN_CTX_free(new_ctx);
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
     return ret;
 }
 
@@ -740,23 +627,21 @@ int ec_GF2m_simple_make_affine(const EC_GROUP *group, EC_POINT *point,
     if (y == NULL)
         goto err;
 
-    if (!EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx))
+    if (!EC_POINT_get_affine_coordinates(group, point, x, y, ctx))
         goto err;
-    if (!BN_copy(&point->X, x))
+    if (!BN_copy(point->X, x))
         goto err;
-    if (!BN_copy(&point->Y, y))
+    if (!BN_copy(point->Y, y))
         goto err;
-    if (!BN_one(&point->Z))
+    if (!BN_one(point->Z))
         goto err;
     point->Z_is_one = 1;
 
     ret = 1;
 
  err:
-    if (ctx)
-        BN_CTX_end(ctx);
-    if (new_ctx)
-        BN_CTX_free(new_ctx);
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
     return ret;
 }
 
@@ -794,7 +679,278 @@ int ec_GF2m_simple_field_sqr(const EC_GROUP *group, BIGNUM *r,
 int ec_GF2m_simple_field_div(const EC_GROUP *group, BIGNUM *r,
                              const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
 {
-    return BN_GF2m_mod_div(r, a, b, &group->field, ctx);
+    return BN_GF2m_mod_div(r, a, b, group->field, ctx);
+}
+
+/*-
+ * Lopez-Dahab ladder, pre step.
+ * See e.g. "Guide to ECC" Alg 3.40.
+ * Modified to blind s and r independently.
+ * s:= p, r := 2p
+ */
+static
+int ec_GF2m_simple_ladder_pre(const EC_GROUP *group,
+                              EC_POINT *r, EC_POINT *s,
+                              EC_POINT *p, BN_CTX *ctx)
+{
+    /* if p is not affine, something is wrong */
+    if (p->Z_is_one == 0)
+        return 0;
+
+    /* s blinding: make sure lambda (s->Z here) is not zero */
+    do {
+        if (!BN_priv_rand(s->Z, BN_num_bits(group->field) - 1,
+                          BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) {
+            ECerr(EC_F_EC_GF2M_SIMPLE_LADDER_PRE, ERR_R_BN_LIB);
+            return 0;
+        }
+    } while (BN_is_zero(s->Z));
+
+    /* if field_encode defined convert between representations */
+    if ((group->meth->field_encode != NULL
+         && !group->meth->field_encode(group, s->Z, s->Z, ctx))
+        || !group->meth->field_mul(group, s->X, p->X, s->Z, ctx))
+        return 0;
+
+    /* r blinding: make sure lambda (r->Y here for storage) is not zero */
+    do {
+        if (!BN_priv_rand(r->Y, BN_num_bits(group->field) - 1,
+                          BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) {
+            ECerr(EC_F_EC_GF2M_SIMPLE_LADDER_PRE, ERR_R_BN_LIB);
+            return 0;
+        }
+    } while (BN_is_zero(r->Y));
+
+    if ((group->meth->field_encode != NULL
+         && !group->meth->field_encode(group, r->Y, r->Y, ctx))
+        || !group->meth->field_sqr(group, r->Z, p->X, ctx)
+        || !group->meth->field_sqr(group, r->X, r->Z, ctx)
+        || !BN_GF2m_add(r->X, r->X, group->b)
+        || !group->meth->field_mul(group, r->Z, r->Z, r->Y, ctx)
+        || !group->meth->field_mul(group, r->X, r->X, r->Y, ctx))
+        return 0;
+
+    s->Z_is_one = 0;
+    r->Z_is_one = 0;
+
+    return 1;
+}
+
+/*-
+ * Ladder step: differential addition-and-doubling, mixed Lopez-Dahab coords.
+ * http://www.hyperelliptic.org/EFD/g12o/auto-code/shortw/xz/ladder/mladd-2003-s.op3
+ * s := r + s, r := 2r
+ */
+static
+int ec_GF2m_simple_ladder_step(const EC_GROUP *group,
+                               EC_POINT *r, EC_POINT *s,
+                               EC_POINT *p, BN_CTX *ctx)
+{
+    if (!group->meth->field_mul(group, r->Y, r->Z, s->X, ctx)
+        || !group->meth->field_mul(group, s->X, r->X, s->Z, ctx)
+        || !group->meth->field_sqr(group, s->Y, r->Z, ctx)
+        || !group->meth->field_sqr(group, r->Z, r->X, ctx)
+        || !BN_GF2m_add(s->Z, r->Y, s->X)
+        || !group->meth->field_sqr(group, s->Z, s->Z, ctx)
+        || !group->meth->field_mul(group, s->X, r->Y, s->X, ctx)
+        || !group->meth->field_mul(group, r->Y, s->Z, p->X, ctx)
+        || !BN_GF2m_add(s->X, s->X, r->Y)
+        || !group->meth->field_sqr(group, r->Y, r->Z, ctx)
+        || !group->meth->field_mul(group, r->Z, r->Z, s->Y, ctx)
+        || !group->meth->field_sqr(group, s->Y, s->Y, ctx)
+        || !group->meth->field_mul(group, s->Y, s->Y, group->b, ctx)
+        || !BN_GF2m_add(r->X, r->Y, s->Y))
+        return 0;
+
+    return 1;
+}
+
+/*-
+ * Recover affine (x,y) result from Lopez-Dahab r and s, affine p.
+ * See e.g. "Fast Multiplication on Elliptic Curves over GF(2**m)
+ * without Precomputation" (Lopez and Dahab, CHES 1999),
+ * Appendix Alg Mxy.
+ */
+static
+int ec_GF2m_simple_ladder_post(const EC_GROUP *group,
+                               EC_POINT *r, EC_POINT *s,
+                               EC_POINT *p, BN_CTX *ctx)
+{
+    int ret = 0;
+    BIGNUM *t0, *t1, *t2 = NULL;
+
+    if (BN_is_zero(r->Z))
+        return EC_POINT_set_to_infinity(group, r);
+
+    if (BN_is_zero(s->Z)) {
+        if (!EC_POINT_copy(r, p)
+            || !EC_POINT_invert(group, r, ctx)) {
+            ECerr(EC_F_EC_GF2M_SIMPLE_LADDER_POST, ERR_R_EC_LIB);
+            return 0;
+        }
+        return 1;
+    }
+
+    BN_CTX_start(ctx);
+    t0 = BN_CTX_get(ctx);
+    t1 = BN_CTX_get(ctx);
+    t2 = BN_CTX_get(ctx);
+    if (t2 == NULL) {
+        ECerr(EC_F_EC_GF2M_SIMPLE_LADDER_POST, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (!group->meth->field_mul(group, t0, r->Z, s->Z, ctx)
+        || !group->meth->field_mul(group, t1, p->X, r->Z, ctx)
+        || !BN_GF2m_add(t1, r->X, t1)
+        || !group->meth->field_mul(group, t2, p->X, s->Z, ctx)
+        || !group->meth->field_mul(group, r->Z, r->X, t2, ctx)
+        || !BN_GF2m_add(t2, t2, s->X)
+        || !group->meth->field_mul(group, t1, t1, t2, ctx)
+        || !group->meth->field_sqr(group, t2, p->X, ctx)
+        || !BN_GF2m_add(t2, p->Y, t2)
+        || !group->meth->field_mul(group, t2, t2, t0, ctx)
+        || !BN_GF2m_add(t1, t2, t1)
+        || !group->meth->field_mul(group, t2, p->X, t0, ctx)
+        || !BN_GF2m_mod_inv(t2, t2, group->field, ctx)
+        || !group->meth->field_mul(group, t1, t1, t2, ctx)
+        || !group->meth->field_mul(group, r->X, r->Z, t2, ctx)
+        || !BN_GF2m_add(t2, p->X, r->X)
+        || !group->meth->field_mul(group, t2, t2, t1, ctx)
+        || !BN_GF2m_add(r->Y, p->Y, t2)
+        || !BN_one(r->Z))
+        goto err;
+
+    r->Z_is_one = 1;
+
+    /* GF(2^m) field elements should always have BIGNUM::neg = 0 */
+    BN_set_negative(r->X, 0);
+    BN_set_negative(r->Y, 0);
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+static
+int ec_GF2m_simple_points_mul(const EC_GROUP *group, EC_POINT *r,
+                              const BIGNUM *scalar, size_t num,
+                              const EC_POINT *points[],
+                              const BIGNUM *scalars[],
+                              BN_CTX *ctx)
+{
+    int ret = 0;
+    EC_POINT *t = NULL;
+
+    /*-
+     * We limit use of the ladder only to the following cases:
+     * - r := scalar * G
+     *   Fixed point mul: scalar != NULL && num == 0;
+     * - r := scalars[0] * points[0]
+     *   Variable point mul: scalar == NULL && num == 1;
+     * - r := scalar * G + scalars[0] * points[0]
+     *   used, e.g., in ECDSA verification: scalar != NULL && num == 1
+     *
+     * In any other case (num > 1) we use the default wNAF implementation.
+     *
+     * We also let the default implementation handle degenerate cases like group
+     * order or cofactor set to 0.
+     */
+    if (num > 1 || BN_is_zero(group->order) || BN_is_zero(group->cofactor))
+        return ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx);
+
+    if (scalar != NULL && num == 0)
+        /* Fixed point multiplication */
+        return ec_scalar_mul_ladder(group, r, scalar, NULL, ctx);
+
+    if (scalar == NULL && num == 1)
+        /* Variable point multiplication */
+        return ec_scalar_mul_ladder(group, r, scalars[0], points[0], ctx);
+
+    /*-
+     * Double point multiplication:
+     *  r := scalar * G + scalars[0] * points[0]
+     */
+
+    if ((t = EC_POINT_new(group)) == NULL) {
+        ECerr(EC_F_EC_GF2M_SIMPLE_POINTS_MUL, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    if (!ec_scalar_mul_ladder(group, t, scalar, NULL, ctx)
+        || !ec_scalar_mul_ladder(group, r, scalars[0], points[0], ctx)
+        || !EC_POINT_add(group, r, t, r, ctx))
+        goto err;
+
+    ret = 1;
+
+ err:
+    EC_POINT_free(t);
+    return ret;
+}
+
+const EC_METHOD *EC_GF2m_simple_method(void)
+{
+    static const EC_METHOD ret = {
+        EC_FLAGS_DEFAULT_OCT,
+        NID_X9_62_characteristic_two_field,
+        ec_GF2m_simple_group_init,
+        ec_GF2m_simple_group_finish,
+        ec_GF2m_simple_group_clear_finish,
+        ec_GF2m_simple_group_copy,
+        ec_GF2m_simple_group_set_curve,
+        ec_GF2m_simple_group_get_curve,
+        ec_GF2m_simple_group_get_degree,
+        ec_group_simple_order_bits,
+        ec_GF2m_simple_group_check_discriminant,
+        ec_GF2m_simple_point_init,
+        ec_GF2m_simple_point_finish,
+        ec_GF2m_simple_point_clear_finish,
+        ec_GF2m_simple_point_copy,
+        ec_GF2m_simple_point_set_to_infinity,
+        0, /* set_Jprojective_coordinates_GFp */
+        0, /* get_Jprojective_coordinates_GFp */
+        ec_GF2m_simple_point_set_affine_coordinates,
+        ec_GF2m_simple_point_get_affine_coordinates,
+        0, /* point_set_compressed_coordinates */
+        0, /* point2oct */
+        0, /* oct2point */
+        ec_GF2m_simple_add,
+        ec_GF2m_simple_dbl,
+        ec_GF2m_simple_invert,
+        ec_GF2m_simple_is_at_infinity,
+        ec_GF2m_simple_is_on_curve,
+        ec_GF2m_simple_cmp,
+        ec_GF2m_simple_make_affine,
+        ec_GF2m_simple_points_make_affine,
+        ec_GF2m_simple_points_mul,
+        0, /* precompute_mult */
+        0, /* have_precompute_mult */
+        ec_GF2m_simple_field_mul,
+        ec_GF2m_simple_field_sqr,
+        ec_GF2m_simple_field_div,
+        0, /* field_encode */
+        0, /* field_decode */
+        0, /* field_set_to_one */
+        ec_key_simple_priv2oct,
+        ec_key_simple_oct2priv,
+        0, /* set private */
+        ec_key_simple_generate_key,
+        ec_key_simple_check_key,
+        ec_key_simple_generate_public_key,
+        0, /* keycopy */
+        0, /* keyfinish */
+        ecdh_simple_compute_key,
+        0, /* field_inverse_mod_ord */
+        0, /* blind_coordinates */
+        ec_GF2m_simple_ladder_pre,
+        ec_GF2m_simple_ladder_step,
+        ec_GF2m_simple_ladder_post
+    };
+
+    return &ret;
 }
 
 #endif
diff --git a/freebsd/crypto/openssl/crypto/ec/ec_ameth.c b/freebsd/crypto/openssl/crypto/ec/ec_ameth.c
index d29fab1f..a4ecf814 100644
--- a/freebsd/crypto/openssl/crypto/ec/ec_ameth.c
+++ b/freebsd/crypto/openssl/crypto/ec/ec_ameth.c
@@ -1,73 +1,23 @@
 #include <machine/rtems-bsd-user-space.h>
 
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2006.
- */
-/* ====================================================================
- * Copyright (c) 2006-2018 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/x509.h>
 #include <openssl/ec.h>
 #include <openssl/bn.h>
-#ifndef OPENSSL_NO_CMS
-# include <openssl/cms.h>
-#endif
+#include <openssl/cms.h>
 #include <openssl/asn1t.h>
-#include "asn1_locl.h"
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
 #include "ec_lcl.h"
 
 #ifndef OPENSSL_NO_CMS
@@ -93,7 +43,7 @@ static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key)
 
         ASN1_STRING *pstr = NULL;
         pstr = ASN1_STRING_new();
-        if (!pstr)
+        if (pstr == NULL)
             return 0;
         pstr->length = i2d_ECParameters(ec_key, &pstr->data);
         if (pstr->length <= 0) {
@@ -123,7 +73,7 @@ static int eckey_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
     if (penclen <= 0)
         goto err;
     penc = OPENSSL_malloc(penclen);
-    if (!penc)
+    if (penc == NULL)
         goto err;
     p = penc;
     penclen = i2o_ECPublicKey(ec_key, &p);
@@ -137,12 +87,11 @@ static int eckey_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
         ASN1_OBJECT_free(pval);
     else
         ASN1_STRING_free(pval);
-    if (penc)
-        OPENSSL_free(penc);
+    OPENSSL_free(penc);
     return 0;
 }
 
-static EC_KEY *eckey_type2param(int ptype, void *pval)
+static EC_KEY *eckey_type2param(int ptype, const void *pval)
 {
     EC_KEY *eckey = NULL;
     EC_GROUP *group = NULL;
@@ -189,7 +138,7 @@ static EC_KEY *eckey_type2param(int ptype, void *pval)
 static int eckey_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
 {
     const unsigned char *p = NULL;
-    void *pval;
+    const void *pval;
     int ptype, pklen;
     EC_KEY *eckey = NULL;
     X509_ALGOR *palg;
@@ -215,8 +164,7 @@ static int eckey_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
     return 1;
 
  ecerr:
-    if (eckey)
-        EC_KEY_free(eckey);
+    EC_KEY_free(eckey);
     return 0;
 }
 
@@ -236,13 +184,13 @@ static int eckey_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
     return -2;
 }
 
-static int eckey_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
+static int eckey_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
 {
     const unsigned char *p = NULL;
-    void *pval;
+    const void *pval;
     int ptype, pklen;
     EC_KEY *eckey = NULL;
-    X509_ALGOR *palg;
+    const X509_ALGOR *palg;
 
     if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
         return 0;
@@ -259,48 +207,13 @@ static int eckey_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
         goto ecerr;
     }
 
-    /* calculate public key (if necessary) */
-    if (EC_KEY_get0_public_key(eckey) == NULL) {
-        const BIGNUM *priv_key;
-        const EC_GROUP *group;
-        EC_POINT *pub_key;
-        /*
-         * the public key was not included in the SEC1 private key =>
-         * calculate the public key
-         */
-        group = EC_KEY_get0_group(eckey);
-        pub_key = EC_POINT_new(group);
-        if (pub_key == NULL) {
-            ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
-            goto ecliberr;
-        }
-        if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group))) {
-            EC_POINT_free(pub_key);
-            ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
-            goto ecliberr;
-        }
-        priv_key = EC_KEY_get0_private_key(eckey);
-        if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, NULL)) {
-            EC_POINT_free(pub_key);
-            ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
-            goto ecliberr;
-        }
-        if (EC_KEY_set_public_key(eckey, pub_key) == 0) {
-            EC_POINT_free(pub_key);
-            ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
-            goto ecliberr;
-        }
-        EC_POINT_free(pub_key);
-    }
-
     EVP_PKEY_assign_EC_KEY(pkey, eckey);
     return 1;
 
  ecliberr:
     ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
  ecerr:
-    if (eckey)
-        EC_KEY_free(eckey);
+    EC_KEY_free(eckey);
     return 0;
 }
 
@@ -331,8 +244,8 @@ static int eckey_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
         ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB);
         return 0;
     }
-    ep = (unsigned char *)OPENSSL_malloc(eplen);
-    if (!ep) {
+    ep = OPENSSL_malloc(eplen);
+    if (ep == NULL) {
         ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
         return 0;
     }
@@ -359,23 +272,23 @@ static int int_ec_size(const EVP_PKEY *pkey)
 
 static int ec_bits(const EVP_PKEY *pkey)
 {
-    BIGNUM *order = BN_new();
-    const EC_GROUP *group;
-    int ret;
-
-    if (!order) {
-        ERR_clear_error();
-        return 0;
-    }
-    group = EC_KEY_get0_group(pkey->pkey.ec);
-    if (!EC_GROUP_get_order(group, order, NULL)) {
-        ERR_clear_error();
-        return 0;
-    }
+    return EC_GROUP_order_bits(EC_KEY_get0_group(pkey->pkey.ec));
+}
 
-    ret = BN_num_bits(order);
-    BN_free(order);
-    return ret;
+static int ec_security_bits(const EVP_PKEY *pkey)
+{
+    int ecbits = ec_bits(pkey);
+    if (ecbits >= 512)
+        return 256;
+    if (ecbits >= 384)
+        return 192;
+    if (ecbits >= 256)
+        return 128;
+    if (ecbits >= 224)
+        return 112;
+    if (ecbits >= 160)
+        return 80;
+    return ecbits / 2;
 }
 
 static int ec_missing_parameters(const EVP_PKEY *pkey)
@@ -388,12 +301,21 @@ static int ec_missing_parameters(const EVP_PKEY *pkey)
 static int ec_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
 {
     EC_GROUP *group = EC_GROUP_dup(EC_KEY_get0_group(from->pkey.ec));
+
     if (group == NULL)
         return 0;
+    if (to->pkey.ec == NULL) {
+        to->pkey.ec = EC_KEY_new();
+        if (to->pkey.ec == NULL)
+            goto err;
+    }
     if (EC_KEY_set_group(to->pkey.ec, group) == 0)
-        return 0;
+        goto err;
     EC_GROUP_free(group);
     return 1;
+ err:
+    EC_GROUP_free(group);
+    return 0;
 }
 
 static int ec_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
@@ -413,100 +335,81 @@ static void int_ec_free(EVP_PKEY *pkey)
     EC_KEY_free(pkey->pkey.ec);
 }
 
-static int do_EC_KEY_print(BIO *bp, const EC_KEY *x, int off, int ktype)
+typedef enum {
+    EC_KEY_PRINT_PRIVATE,
+    EC_KEY_PRINT_PUBLIC,
+    EC_KEY_PRINT_PARAM
+} ec_print_t;
+
+static int do_EC_KEY_print(BIO *bp, const EC_KEY *x, int off, ec_print_t ktype)
 {
-    unsigned char *buffer = NULL;
     const char *ecstr;
-    size_t buf_len = 0, i;
-    int ret = 0, reason = ERR_R_BIO_LIB;
-    BIGNUM *pub_key = NULL, *order = NULL;
-    BN_CTX *ctx = NULL;
+    unsigned char *priv = NULL, *pub = NULL;
+    size_t privlen = 0, publen = 0;
+    int ret = 0;
     const EC_GROUP *group;
-    const EC_POINT *public_key;
-    const BIGNUM *priv_key;
 
     if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL) {
-        reason = ERR_R_PASSED_NULL_PARAMETER;
-        goto err;
-    }
-
-    ctx = BN_CTX_new();
-    if (ctx == NULL) {
-        reason = ERR_R_MALLOC_FAILURE;
-        goto err;
+        ECerr(EC_F_DO_EC_KEY_PRINT, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
     }
 
-    if (ktype > 0) {
-        public_key = EC_KEY_get0_public_key(x);
-        if (public_key != NULL) {
-            if ((pub_key = EC_POINT_point2bn(group, public_key,
-                                             EC_KEY_get_conv_form(x), NULL,
-                                             ctx)) == NULL) {
-                reason = ERR_R_EC_LIB;
-                goto err;
-            }
-            buf_len = (size_t)BN_num_bytes(pub_key);
-        }
+    if (ktype != EC_KEY_PRINT_PARAM && EC_KEY_get0_public_key(x) != NULL) {
+        publen = EC_KEY_key2buf(x, EC_KEY_get_conv_form(x), &pub, NULL);
+        if (publen == 0)
+            goto err;
     }
 
-    if (ktype == 2) {
-        priv_key = EC_KEY_get0_private_key(x);
-        if (priv_key && (i = (size_t)BN_num_bytes(priv_key)) > buf_len)
-            buf_len = i;
-    } else
-        priv_key = NULL;
-
-    if (ktype > 0) {
-        buf_len += 10;
-        if ((buffer = OPENSSL_malloc(buf_len)) == NULL) {
-            reason = ERR_R_MALLOC_FAILURE;
+    if (ktype == EC_KEY_PRINT_PRIVATE && EC_KEY_get0_private_key(x) != NULL) {
+        privlen = EC_KEY_priv2buf(x, &priv);
+        if (privlen == 0)
             goto err;
-        }
     }
-    if (ktype == 2)
+
+    if (ktype == EC_KEY_PRINT_PRIVATE)
         ecstr = "Private-Key";
-    else if (ktype == 1)
+    else if (ktype == EC_KEY_PRINT_PUBLIC)
         ecstr = "Public-Key";
     else
         ecstr = "ECDSA-Parameters";
 
     if (!BIO_indent(bp, off, 128))
         goto err;
-    if ((order = BN_new()) == NULL)
-        goto err;
-    if (!EC_GROUP_get_order(group, order, NULL))
-        goto err;
-    if (BIO_printf(bp, "%s: (%d bit)\n", ecstr, BN_num_bits(order)) <= 0)
+    if (BIO_printf(bp, "%s: (%d bit)\n", ecstr,
+                   EC_GROUP_order_bits(group)) <= 0)
         goto err;
 
-    if ((priv_key != NULL) && !ASN1_bn_print(bp, "priv:", priv_key,
-                                             buffer, off))
-        goto err;
-    if ((pub_key != NULL) && !ASN1_bn_print(bp, "pub: ", pub_key,
-                                            buffer, off))
-        goto err;
+    if (privlen != 0) {
+        if (BIO_printf(bp, "%*spriv:\n", off, "") <= 0)
+            goto err;
+        if (ASN1_buf_print(bp, priv, privlen, off + 4) == 0)
+            goto err;
+    }
+
+    if (publen != 0) {
+        if (BIO_printf(bp, "%*spub:\n", off, "") <= 0)
+            goto err;
+        if (ASN1_buf_print(bp, pub, publen, off + 4) == 0)
+            goto err;
+    }
+
     if (!ECPKParameters_print(bp, group, off))
         goto err;
     ret = 1;
  err:
     if (!ret)
-        ECerr(EC_F_DO_EC_KEY_PRINT, reason);
-    if (pub_key)
-        BN_free(pub_key);
-    if (order)
-        BN_free(order);
-    if (ctx)
-        BN_CTX_free(ctx);
-    if (buffer != NULL)
-        OPENSSL_free(buffer);
-    return (ret);
+        ECerr(EC_F_DO_EC_KEY_PRINT, ERR_R_EC_LIB);
+    OPENSSL_clear_free(priv, privlen);
+    OPENSSL_free(pub);
+    return ret;
 }
 
 static int eckey_param_decode(EVP_PKEY *pkey,
                               const unsigned char **pder, int derlen)
 {
     EC_KEY *eckey;
-    if (!(eckey = d2i_ECParameters(NULL, pder, derlen))) {
+
+    if ((eckey = d2i_ECParameters(NULL, pder, derlen)) == NULL) {
         ECerr(EC_F_ECKEY_PARAM_DECODE, ERR_R_EC_LIB);
         return 0;
     }
@@ -522,26 +425,27 @@ static int eckey_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
 static int eckey_param_print(BIO *bp, const EVP_PKEY *pkey, int indent,
                              ASN1_PCTX *ctx)
 {
-    return do_EC_KEY_print(bp, pkey->pkey.ec, indent, 0);
+    return do_EC_KEY_print(bp, pkey->pkey.ec, indent, EC_KEY_PRINT_PARAM);
 }
 
 static int eckey_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent,
                            ASN1_PCTX *ctx)
 {
-    return do_EC_KEY_print(bp, pkey->pkey.ec, indent, 1);
+    return do_EC_KEY_print(bp, pkey->pkey.ec, indent, EC_KEY_PRINT_PUBLIC);
 }
 
 static int eckey_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent,
                             ASN1_PCTX *ctx)
 {
-    return do_EC_KEY_print(bp, pkey->pkey.ec, indent, 2);
+    return do_EC_KEY_print(bp, pkey->pkey.ec, indent, EC_KEY_PRINT_PRIVATE);
 }
 
 static int old_ec_priv_decode(EVP_PKEY *pkey,
                               const unsigned char **pder, int derlen)
 {
     EC_KEY *ec;
-    if (!(ec = d2i_ECPrivateKey(NULL, pder, derlen))) {
+
+    if ((ec = d2i_ECPrivateKey(NULL, pder, derlen)) == NULL) {
         ECerr(EC_F_OLD_EC_PRIV_DECODE, EC_R_DECODE_ERROR);
         return 0;
     }
@@ -605,6 +509,13 @@ static int ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
         *(int *)arg2 = NID_sha256;
         return 2;
 
+    case ASN1_PKEY_CTRL_SET1_TLS_ENCPT:
+        return EC_KEY_oct2key(EVP_PKEY_get0_EC_KEY(pkey), arg2, arg1, NULL);
+
+    case ASN1_PKEY_CTRL_GET1_TLS_ENCPT:
+        return EC_KEY_key2buf(EVP_PKEY_get0_EC_KEY(pkey),
+                              POINT_CONVERSION_UNCOMPRESSED, arg2, NULL);
+
     default:
         return -2;
 
@@ -612,6 +523,48 @@ static int ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
 
 }
 
+static int ec_pkey_check(const EVP_PKEY *pkey)
+{
+    EC_KEY *eckey = pkey->pkey.ec;
+
+    /* stay consistent to what EVP_PKEY_check demands */
+    if (eckey->priv_key == NULL) {
+        ECerr(EC_F_EC_PKEY_CHECK, EC_R_MISSING_PRIVATE_KEY);
+        return 0;
+    }
+
+    return EC_KEY_check_key(eckey);
+}
+
+static int ec_pkey_public_check(const EVP_PKEY *pkey)
+{
+    EC_KEY *eckey = pkey->pkey.ec;
+
+    /*
+     * Note: it unnecessary to check eckey->pub_key here since
+     * it will be checked in EC_KEY_check_key(). In fact, the
+     * EC_KEY_check_key() mainly checks the public key, and checks
+     * the private key optionally (only if there is one). So if
+     * someone passes a whole EC key (public + private), this
+     * will also work...
+     */
+
+    return EC_KEY_check_key(eckey);
+}
+
+static int ec_pkey_param_check(const EVP_PKEY *pkey)
+{
+    EC_KEY *eckey = pkey->pkey.ec;
+
+    /* stay consistent to what EVP_PKEY_check demands */
+    if (eckey->group == NULL) {
+        ECerr(EC_F_EC_PKEY_PARAM_CHECK, EC_R_MISSING_PARAMETERS);
+        return 0;
+    }
+
+    return EC_GROUP_check(eckey->group, NULL);
+}
+
 const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = {
     EVP_PKEY_EC,
     EVP_PKEY_EC,
@@ -630,6 +583,7 @@ const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = {
 
     int_ec_size,
     ec_bits,
+    ec_security_bits,
 
     eckey_param_decode,
     eckey_param_encode,
@@ -642,17 +596,44 @@ const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = {
     int_ec_free,
     ec_pkey_ctrl,
     old_ec_priv_decode,
-    old_ec_priv_encode
+    old_ec_priv_encode,
+
+    0, 0, 0,
+
+    ec_pkey_check,
+    ec_pkey_public_check,
+    ec_pkey_param_check
+};
+
+#if !defined(OPENSSL_NO_SM2)
+const EVP_PKEY_ASN1_METHOD sm2_asn1_meth = {
+   EVP_PKEY_SM2,
+   EVP_PKEY_EC,
+   ASN1_PKEY_ALIAS
 };
+#endif
+
+int EC_KEY_print(BIO *bp, const EC_KEY *x, int off)
+{
+    int private = EC_KEY_get0_private_key(x) != NULL;
+
+    return do_EC_KEY_print(bp, x, off,
+                private ? EC_KEY_PRINT_PRIVATE : EC_KEY_PRINT_PUBLIC);
+}
+
+int ECParameters_print(BIO *bp, const EC_KEY *x)
+{
+    return do_EC_KEY_print(bp, x, 4, EC_KEY_PRINT_PARAM);
+}
 
 #ifndef OPENSSL_NO_CMS
 
 static int ecdh_cms_set_peerkey(EVP_PKEY_CTX *pctx,
                                 X509_ALGOR *alg, ASN1_BIT_STRING *pubkey)
 {
-    ASN1_OBJECT *aoid;
+    const ASN1_OBJECT *aoid;
     int atype;
-    void *aval;
+    const void *aval;
     int rv = 0;
     EVP_PKEY *pkpeer = NULL;
     EC_KEY *ecpeer = NULL;
@@ -670,7 +651,7 @@ static int ecdh_cms_set_peerkey(EVP_PKEY_CTX *pctx,
             goto err;
         grp = EC_KEY_get0_group(pk->pkey.ec);
         ecpeer = EC_KEY_new();
-        if (!ecpeer)
+        if (ecpeer == NULL)
             goto err;
         if (!EC_KEY_set_group(ecpeer, grp))
             goto err;
@@ -681,22 +662,20 @@ static int ecdh_cms_set_peerkey(EVP_PKEY_CTX *pctx,
     }
     /* We have parameters now set public key */
     plen = ASN1_STRING_length(pubkey);
-    p = ASN1_STRING_data(pubkey);
+    p = ASN1_STRING_get0_data(pubkey);
     if (!p || !plen)
         goto err;
     if (!o2i_ECPublicKey(&ecpeer, &p, plen))
         goto err;
     pkpeer = EVP_PKEY_new();
-    if (!pkpeer)
+    if (pkpeer == NULL)
         goto err;
     EVP_PKEY_set1_EC_KEY(pkpeer, ecpeer);
     if (EVP_PKEY_derive_set_peer(pctx, pkpeer) > 0)
         rv = 1;
  err:
-    if (ecpeer)
-        EC_KEY_free(ecpeer);
-    if (pkpeer)
-        EVP_PKEY_free(pkpeer);
+    EC_KEY_free(ecpeer);
+    EVP_PKEY_free(pkpeer);
     return rv;
 }
 
@@ -788,10 +767,8 @@ static int ecdh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
 
     rv = 1;
  err:
-    if (kekalg)
-        X509_ALGOR_free(kekalg);
-    if (der)
-        OPENSSL_free(der);
+    X509_ALGOR_free(kekalg);
+    OPENSSL_free(der);
     return rv;
 }
 
@@ -830,7 +807,7 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri)
     EVP_CIPHER_CTX *ctx;
     int keylen;
     X509_ALGOR *talg, *wrap_alg = NULL;
-    ASN1_OBJECT *aoid;
+    const ASN1_OBJECT *aoid;
     ASN1_BIT_STRING *pubkey;
     ASN1_STRING *wrap_str;
     ASN1_OCTET_STRING *ukm;
@@ -859,7 +836,7 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri)
         if (penclen <= 0)
             goto err;
         penc = OPENSSL_malloc(penclen);
-        if (!penc)
+        if (penc == NULL)
             goto err;
         p = penc;
         penclen = i2o_ECPublicKey(eckey, &p);
@@ -874,7 +851,7 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri)
                         V_ASN1_UNDEF, NULL);
     }
 
-    /* See if custom paraneters set */
+    /* See if custom parameters set */
     kdf_type = EVP_PKEY_CTX_get_ecdh_kdf_type(pctx);
     if (kdf_type <= 0)
         goto err;
@@ -893,7 +870,7 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri)
         if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, kdf_type) <= 0)
             goto err;
     } else
-        /* Uknown KDF */
+        /* Unknown KDF */
         goto err;
     if (kdf_md == NULL) {
         /* Fixme later for better MD */
@@ -917,11 +894,11 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri)
     /* Package wrap algorithm in an AlgorithmIdentifier */
 
     wrap_alg = X509_ALGOR_new();
-    if (!wrap_alg)
+    if (wrap_alg == NULL)
         goto err;
     wrap_alg->algorithm = OBJ_nid2obj(wrap_nid);
     wrap_alg->parameter = ASN1_TYPE_new();
-    if (!wrap_alg->parameter)
+    if (wrap_alg->parameter == NULL)
         goto err;
     if (EVP_CIPHER_param_to_asn1(ctx, wrap_alg->parameter) <= 0)
         goto err;
@@ -950,7 +927,7 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri)
     if (!penc || !penclen)
         goto err;
     wrap_str = ASN1_STRING_new();
-    if (!wrap_str)
+    if (wrap_str == NULL)
         goto err;
     ASN1_STRING_set0(wrap_str, penc, penclen);
     penc = NULL;
@@ -959,10 +936,8 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri)
     rv = 1;
 
  err:
-    if (penc)
-        OPENSSL_free(penc);
-    if (wrap_alg)
-        X509_ALGOR_free(wrap_alg);
+    OPENSSL_free(penc);
+    X509_ALGOR_free(wrap_alg);
     return rv;
 }
 
diff --git a/freebsd/crypto/openssl/crypto/ec/ec_asn1.c b/freebsd/crypto/openssl/crypto/ec/ec_asn1.c
index f0d68365..1862e26d 100644
--- a/freebsd/crypto/openssl/crypto/ec/ec_asn1.c
+++ b/freebsd/crypto/openssl/crypto/ec/ec_asn1.c
@@ -1,61 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/ec/ec_asn1.c */
 /*
- * Written by Nils Larsch for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 2000-2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <string.h>
@@ -63,8 +14,7 @@
 #include <openssl/err.h>
 #include <openssl/asn1t.h>
 #include <openssl/objects.h>
-
-#define OSSL_NELEM(x)    (sizeof(x)/sizeof(x[0]))
+#include "internal/nelem.h"
 
 int EC_GROUP_get_basis_type(const EC_GROUP *group)
 {
@@ -140,13 +90,13 @@ int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1,
 
 /* some structures needed for the asn1 encoding */
 typedef struct x9_62_pentanomial_st {
-    long k1;
-    long k2;
-    long k3;
+    int32_t k1;
+    int32_t k2;
+    int32_t k3;
 } X9_62_PENTANOMIAL;
 
 typedef struct x9_62_characteristic_two_st {
-    long m;
+    int32_t m;
     ASN1_OBJECT *type;
     union {
         char *ptr;
@@ -180,14 +130,14 @@ typedef struct x9_62_curve_st {
     ASN1_BIT_STRING *seed;
 } X9_62_CURVE;
 
-typedef struct ec_parameters_st {
-    long version;
+struct ec_parameters_st {
+    int32_t version;
     X9_62_FIELDID *fieldID;
     X9_62_CURVE *curve;
     ASN1_OCTET_STRING *base;
     ASN1_INTEGER *order;
     ASN1_INTEGER *cofactor;
-} ECPARAMETERS;
+} /* ECPARAMETERS */ ;
 
 struct ecpk_parameters_st {
     int type;
@@ -200,7 +150,7 @@ struct ecpk_parameters_st {
 
 /* SEC1 ECPrivateKey */
 typedef struct ec_privatekey_st {
-    long version;
+    int32_t version;
     ASN1_OCTET_STRING *privateKey;
     ECPKPARAMETERS *parameters;
     ASN1_BIT_STRING *publicKey;
@@ -208,10 +158,10 @@ typedef struct ec_privatekey_st {
 
 /* the OpenSSL ASN.1 definitions */
 ASN1_SEQUENCE(X9_62_PENTANOMIAL) = {
-        ASN1_SIMPLE(X9_62_PENTANOMIAL, k1, LONG),
-        ASN1_SIMPLE(X9_62_PENTANOMIAL, k2, LONG),
-        ASN1_SIMPLE(X9_62_PENTANOMIAL, k3, LONG)
-} ASN1_SEQUENCE_END(X9_62_PENTANOMIAL)
+        ASN1_EMBED(X9_62_PENTANOMIAL, k1, INT32),
+        ASN1_EMBED(X9_62_PENTANOMIAL, k2, INT32),
+        ASN1_EMBED(X9_62_PENTANOMIAL, k3, INT32)
+} static_ASN1_SEQUENCE_END(X9_62_PENTANOMIAL)
 
 DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL)
 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL)
@@ -225,10 +175,10 @@ ASN1_ADB(X9_62_CHARACTERISTIC_TWO) = {
 } ASN1_ADB_END(X9_62_CHARACTERISTIC_TWO, 0, type, 0, &char_two_def_tt, NULL);
 
 ASN1_SEQUENCE(X9_62_CHARACTERISTIC_TWO) = {
-        ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, m, LONG),
+        ASN1_EMBED(X9_62_CHARACTERISTIC_TWO, m, INT32),
         ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, type, ASN1_OBJECT),
         ASN1_ADB_OBJECT(X9_62_CHARACTERISTIC_TWO)
-} ASN1_SEQUENCE_END(X9_62_CHARACTERISTIC_TWO)
+} static_ASN1_SEQUENCE_END(X9_62_CHARACTERISTIC_TWO)
 
 DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO)
 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO)
@@ -243,16 +193,16 @@ ASN1_ADB(X9_62_FIELDID) = {
 ASN1_SEQUENCE(X9_62_FIELDID) = {
         ASN1_SIMPLE(X9_62_FIELDID, fieldType, ASN1_OBJECT),
         ASN1_ADB_OBJECT(X9_62_FIELDID)
-} ASN1_SEQUENCE_END(X9_62_FIELDID)
+} static_ASN1_SEQUENCE_END(X9_62_FIELDID)
 
 ASN1_SEQUENCE(X9_62_CURVE) = {
         ASN1_SIMPLE(X9_62_CURVE, a, ASN1_OCTET_STRING),
         ASN1_SIMPLE(X9_62_CURVE, b, ASN1_OCTET_STRING),
         ASN1_OPT(X9_62_CURVE, seed, ASN1_BIT_STRING)
-} ASN1_SEQUENCE_END(X9_62_CURVE)
+} static_ASN1_SEQUENCE_END(X9_62_CURVE)
 
 ASN1_SEQUENCE(ECPARAMETERS) = {
-        ASN1_SIMPLE(ECPARAMETERS, version, LONG),
+        ASN1_EMBED(ECPARAMETERS, version, INT32),
         ASN1_SIMPLE(ECPARAMETERS, fieldID, X9_62_FIELDID),
         ASN1_SIMPLE(ECPARAMETERS, curve, X9_62_CURVE),
         ASN1_SIMPLE(ECPARAMETERS, base, ASN1_OCTET_STRING),
@@ -274,11 +224,11 @@ DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECPKPARAMETERS, ECPKPARAMETERS)
 IMPLEMENT_ASN1_FUNCTIONS_const(ECPKPARAMETERS)
 
 ASN1_SEQUENCE(EC_PRIVATEKEY) = {
-        ASN1_SIMPLE(EC_PRIVATEKEY, version, LONG),
+        ASN1_EMBED(EC_PRIVATEKEY, version, INT32),
         ASN1_SIMPLE(EC_PRIVATEKEY, privateKey, ASN1_OCTET_STRING),
         ASN1_EXP_OPT(EC_PRIVATEKEY, parameters, ECPKPARAMETERS, 0),
         ASN1_EXP_OPT(EC_PRIVATEKEY, publicKey, ASN1_BIT_STRING, 1)
-} ASN1_SEQUENCE_END(EC_PRIVATEKEY)
+} static_ASN1_SEQUENCE_END(EC_PRIVATEKEY)
 
 DECLARE_ASN1_FUNCTIONS_const(EC_PRIVATEKEY)
 DECLARE_ASN1_ENCODE_FUNCTIONS_const(EC_PRIVATEKEY, EC_PRIVATEKEY)
@@ -290,28 +240,6 @@ IMPLEMENT_ASN1_FUNCTIONS_const(EC_PRIVATEKEY)
 static int ec_asn1_group2fieldid(const EC_GROUP *, X9_62_FIELDID *);
 /* ec_asn1_group2curve() sets the values in a X9_62_CURVE object */
 static int ec_asn1_group2curve(const EC_GROUP *, X9_62_CURVE *);
-/*
- * ec_asn1_parameters2group() creates a EC_GROUP object from a ECPARAMETERS
- * object
- */
-static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *);
-/*
- * ec_asn1_group2parameters() creates a ECPARAMETERS object from a EC_GROUP
- * object
- */
-static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *,
-                                              ECPARAMETERS *);
-/*
- * ec_asn1_pkparameters2group() creates a EC_GROUP object from a
- * ECPKPARAMETERS object
- */
-static EC_GROUP *ec_asn1_pkparameters2group(const ECPKPARAMETERS *);
-/*
- * ec_asn1_group2pkparameters() creates a ECPKPARAMETERS object from a
- * EC_GROUP object
- */
-static ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *,
-                                                  ECPKPARAMETERS *);
 
 /* the function definitions */
 
@@ -324,10 +252,8 @@ static int ec_asn1_group2fieldid(const EC_GROUP *group, X9_62_FIELDID *field)
         return 0;
 
     /* clear the old values (if necessary) */
-    if (field->fieldType != NULL)
-        ASN1_OBJECT_free(field->fieldType);
-    if (field->p.other != NULL)
-        ASN1_TYPE_free(field->p.other);
+    ASN1_OBJECT_free(field->fieldType);
+    ASN1_TYPE_free(field->p.other);
 
     nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group));
     /* set OID for the field */
@@ -342,7 +268,7 @@ static int ec_asn1_group2fieldid(const EC_GROUP *group, X9_62_FIELDID *field)
             goto err;
         }
         /* the parameters are specified by the prime number p */
-        if (!EC_GROUP_get_curve_GFp(group, tmp, NULL, NULL, NULL)) {
+        if (!EC_GROUP_get_curve(group, tmp, NULL, NULL, NULL)) {
             ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB);
             goto err;
         }
@@ -352,7 +278,7 @@ static int ec_asn1_group2fieldid(const EC_GROUP *group, X9_62_FIELDID *field)
             ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_ASN1_LIB);
             goto err;
         }
-    } else                      /* nid == NID_X9_62_characteristic_two_field */
+    } else if (nid == NID_X9_62_characteristic_two_field)
 #ifdef OPENSSL_NO_EC2M
     {
         ECerr(EC_F_EC_ASN1_GROUP2FIELDID, EC_R_GF2M_NOT_SUPPORTED);
@@ -392,7 +318,7 @@ static int ec_asn1_group2fieldid(const EC_GROUP *group, X9_62_FIELDID *field)
                 goto err;
 
             char_two->p.tpBasis = ASN1_INTEGER_new();
-            if (!char_two->p.tpBasis) {
+            if (char_two->p.tpBasis == NULL) {
                 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
                 goto err;
             }
@@ -407,7 +333,7 @@ static int ec_asn1_group2fieldid(const EC_GROUP *group, X9_62_FIELDID *field)
                 goto err;
 
             char_two->p.ppBasis = X9_62_PENTANOMIAL_new();
-            if (!char_two->p.ppBasis) {
+            if (char_two->p.ppBasis == NULL) {
                 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
                 goto err;
             }
@@ -420,29 +346,31 @@ static int ec_asn1_group2fieldid(const EC_GROUP *group, X9_62_FIELDID *field)
 
             /* for ONB the parameters are (asn1) NULL */
             char_two->p.onBasis = ASN1_NULL_new();
-            if (!char_two->p.onBasis) {
+            if (char_two->p.onBasis == NULL) {
                 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
                 goto err;
             }
         }
     }
 #endif
+    else {
+        ECerr(EC_F_EC_ASN1_GROUP2FIELDID, EC_R_UNSUPPORTED_FIELD);
+        goto err;
+    }
 
     ok = 1;
 
- err:if (tmp)
-        BN_free(tmp);
-    return (ok);
+ err:
+    BN_free(tmp);
+    return ok;
 }
 
 static int ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve)
 {
-    int ok = 0, nid;
+    int ok = 0;
     BIGNUM *tmp_1 = NULL, *tmp_2 = NULL;
-    unsigned char *buffer_1 = NULL, *buffer_2 = NULL,
-        *a_buf = NULL, *b_buf = NULL;
-    size_t len_1, len_2;
-    unsigned char char_zero = 0;
+    unsigned char *a_buf = NULL, *b_buf = NULL;
+    size_t len;
 
     if (!group || !curve || !curve->a || !curve->b)
         return 0;
@@ -452,62 +380,32 @@ static int ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve)
         goto err;
     }
 
-    nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group));
-
     /* get a and b */
-    if (nid == NID_X9_62_prime_field) {
-        if (!EC_GROUP_get_curve_GFp(group, NULL, tmp_1, tmp_2, NULL)) {
-            ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB);
-            goto err;
-        }
-    }
-#ifndef OPENSSL_NO_EC2M
-    else {                      /* nid == NID_X9_62_characteristic_two_field */
-
-        if (!EC_GROUP_get_curve_GF2m(group, NULL, tmp_1, tmp_2, NULL)) {
-            ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB);
-            goto err;
-        }
+    if (!EC_GROUP_get_curve(group, NULL, tmp_1, tmp_2, NULL)) {
+        ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB);
+        goto err;
     }
-#endif
-    len_1 = (size_t)BN_num_bytes(tmp_1);
-    len_2 = (size_t)BN_num_bytes(tmp_2);
 
-    if (len_1 == 0) {
-        /* len_1 == 0 => a == 0 */
-        a_buf = &char_zero;
-        len_1 = 1;
-    } else {
-        if ((buffer_1 = OPENSSL_malloc(len_1)) == NULL) {
-            ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-        if ((len_1 = BN_bn2bin(tmp_1, buffer_1)) == 0) {
-            ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB);
-            goto err;
-        }
-        a_buf = buffer_1;
+    /*
+     * Per SEC 1, the curve coefficients must be padded up to size. See C.2's
+     * definition of Curve, C.1's definition of FieldElement, and 2.3.5's
+     * definition of how to encode the field elements.
+     */
+    len = ((size_t)EC_GROUP_get_degree(group) + 7) / 8;
+    if ((a_buf = OPENSSL_malloc(len)) == NULL
+        || (b_buf = OPENSSL_malloc(len)) == NULL) {
+        ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);
+        goto err;
     }
-
-    if (len_2 == 0) {
-        /* len_2 == 0 => b == 0 */
-        b_buf = &char_zero;
-        len_2 = 1;
-    } else {
-        if ((buffer_2 = OPENSSL_malloc(len_2)) == NULL) {
-            ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-        if ((len_2 = BN_bn2bin(tmp_2, buffer_2)) == 0) {
-            ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB);
-            goto err;
-        }
-        b_buf = buffer_2;
+    if (BN_bn2binpad(tmp_1, a_buf, len) < 0
+        || BN_bn2binpad(tmp_2, b_buf, len) < 0) {
+        ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB);
+        goto err;
     }
 
     /* set a and b */
-    if (!M_ASN1_OCTET_STRING_set(curve->a, a_buf, len_1) ||
-        !M_ASN1_OCTET_STRING_set(curve->b, b_buf, len_2)) {
+    if (!ASN1_OCTET_STRING_set(curve->a, a_buf, len)
+        || !ASN1_OCTET_STRING_set(curve->b, b_buf, len)) {
         ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB);
         goto err;
     }
@@ -527,141 +425,116 @@ static int ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve)
             goto err;
         }
     } else {
-        if (curve->seed) {
-            ASN1_BIT_STRING_free(curve->seed);
-            curve->seed = NULL;
-        }
+        ASN1_BIT_STRING_free(curve->seed);
+        curve->seed = NULL;
     }
 
     ok = 1;
 
- err:if (buffer_1)
-        OPENSSL_free(buffer_1);
-    if (buffer_2)
-        OPENSSL_free(buffer_2);
-    if (tmp_1)
-        BN_free(tmp_1);
-    if (tmp_2)
-        BN_free(tmp_2);
-    return (ok);
+ err:
+    OPENSSL_free(a_buf);
+    OPENSSL_free(b_buf);
+    BN_free(tmp_1);
+    BN_free(tmp_2);
+    return ok;
 }
 
-static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *group,
-                                              ECPARAMETERS *param)
+ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group,
+                                               ECPARAMETERS *params)
 {
-    int ok = 0;
     size_t len = 0;
     ECPARAMETERS *ret = NULL;
-    BIGNUM *tmp = NULL;
+    const BIGNUM *tmp;
     unsigned char *buffer = NULL;
     const EC_POINT *point = NULL;
     point_conversion_form_t form;
 
-    if ((tmp = BN_new()) == NULL) {
-        ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    if (param == NULL) {
+    if (params == NULL) {
         if ((ret = ECPARAMETERS_new()) == NULL) {
-            ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE);
+            ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
             goto err;
         }
     } else
-        ret = param;
+        ret = params;
 
     /* set the version (always one) */
     ret->version = (long)0x1;
 
     /* set the fieldID */
     if (!ec_asn1_group2fieldid(group, ret->fieldID)) {
-        ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
+        ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_EC_LIB);
         goto err;
     }
 
     /* set the curve */
     if (!ec_asn1_group2curve(group, ret->curve)) {
-        ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
+        ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_EC_LIB);
         goto err;
     }
 
     /* set the base point */
     if ((point = EC_GROUP_get0_generator(group)) == NULL) {
-        ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, EC_R_UNDEFINED_GENERATOR);
+        ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, EC_R_UNDEFINED_GENERATOR);
         goto err;
     }
 
     form = EC_GROUP_get_point_conversion_form(group);
 
-    len = EC_POINT_point2oct(group, point, form, NULL, len, NULL);
+    len = EC_POINT_point2buf(group, point, form, &buffer, NULL);
     if (len == 0) {
-        ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
-        goto err;
-    }
-    if ((buffer = OPENSSL_malloc(len)) == NULL) {
-        ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-    if (!EC_POINT_point2oct(group, point, form, buffer, len, NULL)) {
-        ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
+        ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_EC_LIB);
         goto err;
     }
     if (ret->base == NULL && (ret->base = ASN1_OCTET_STRING_new()) == NULL) {
-        ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-    if (!ASN1_OCTET_STRING_set(ret->base, buffer, len)) {
-        ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB);
+        OPENSSL_free(buffer);
+        ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
         goto err;
     }
+    ASN1_STRING_set0(ret->base, buffer, len);
 
     /* set the order */
-    if (!EC_GROUP_get_order(group, tmp, NULL)) {
-        ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
+    tmp = EC_GROUP_get0_order(group);
+    if (tmp == NULL) {
+        ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_EC_LIB);
         goto err;
     }
     ret->order = BN_to_ASN1_INTEGER(tmp, ret->order);
     if (ret->order == NULL) {
-        ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB);
+        ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_ASN1_LIB);
         goto err;
     }
 
     /* set the cofactor (optional) */
-    if (EC_GROUP_get_cofactor(group, tmp, NULL)) {
+    tmp = EC_GROUP_get0_cofactor(group);
+    if (tmp != NULL) {
         ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor);
         if (ret->cofactor == NULL) {
-            ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB);
+            ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_ASN1_LIB);
             goto err;
         }
     }
 
-    ok = 1;
+    return ret;
 
- err:if (!ok) {
-        if (ret && !param)
-            ECPARAMETERS_free(ret);
-        ret = NULL;
-    }
-    if (tmp)
-        BN_free(tmp);
-    if (buffer)
-        OPENSSL_free(buffer);
-    return (ret);
+ err:
+    if (params == NULL)
+        ECPARAMETERS_free(ret);
+    return NULL;
 }
 
-ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *group,
-                                           ECPKPARAMETERS *params)
+ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group,
+                                            ECPKPARAMETERS *params)
 {
     int ok = 1, tmp;
     ECPKPARAMETERS *ret = params;
 
     if (ret == NULL) {
         if ((ret = ECPKPARAMETERS_new()) == NULL) {
-            ECerr(EC_F_EC_ASN1_GROUP2PKPARAMETERS, ERR_R_MALLOC_FAILURE);
+            ECerr(EC_F_EC_GROUP_GET_ECPKPARAMETERS, ERR_R_MALLOC_FAILURE);
             return NULL;
         }
     } else {
-        if (ret->type == 0 && ret->value.named_curve)
+        if (ret->type == 0)
             ASN1_OBJECT_free(ret->value.named_curve);
         else if (ret->type == 1 && ret->value.parameters)
             ECPARAMETERS_free(ret->value.parameters);
@@ -669,7 +542,7 @@ ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *group,
 
     if (EC_GROUP_get_asn1_flag(group)) {
         /*
-         * use the asn1 OID to describe the the elliptic curve parameters
+         * use the asn1 OID to describe the elliptic curve parameters
          */
         tmp = EC_GROUP_get_curve_name(group);
         if (tmp) {
@@ -677,13 +550,13 @@ ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *group,
             if ((ret->value.named_curve = OBJ_nid2obj(tmp)) == NULL)
                 ok = 0;
         } else
-            /* we don't kmow the nid => ERROR */
+            /* we don't know the nid => ERROR */
             ok = 0;
     } else {
         /* use the ECPARAMETERS structure */
         ret->type = 1;
         if ((ret->value.parameters =
-             ec_asn1_group2parameters(group, NULL)) == NULL)
+             EC_GROUP_get_ecparameters(group, NULL)) == NULL)
             ok = 0;
     }
 
@@ -694,7 +567,7 @@ ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *group,
     return ret;
 }
 
-static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params)
+EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params)
 {
     int ok = 0, tmp;
     EC_GROUP *ret = NULL;
@@ -704,25 +577,30 @@ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params)
 
     if (!params->fieldID || !params->fieldID->fieldType ||
         !params->fieldID->p.ptr) {
-        ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
         goto err;
     }
 
-    /* now extract the curve parameters a and b */
+    /*
+     * Now extract the curve parameters a and b. Note that, although SEC 1
+     * specifies the length of their encodings, historical versions of OpenSSL
+     * encoded them incorrectly, so we must accept any length for backwards
+     * compatibility.
+     */
     if (!params->curve || !params->curve->a ||
         !params->curve->a->data || !params->curve->b ||
         !params->curve->b->data) {
-        ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
         goto err;
     }
     a = BN_bin2bn(params->curve->a->data, params->curve->a->length, NULL);
     if (a == NULL) {
-        ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_BN_LIB);
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_BN_LIB);
         goto err;
     }
     b = BN_bin2bn(params->curve->b->data, params->curve->b->length, NULL);
     if (b == NULL) {
-        ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_BN_LIB);
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_BN_LIB);
         goto err;
     }
 
@@ -731,7 +609,7 @@ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params)
     if (tmp == NID_X9_62_characteristic_two_field)
 #ifdef OPENSSL_NO_EC2M
     {
-        ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_GF2M_NOT_SUPPORTED);
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_GF2M_NOT_SUPPORTED);
         goto err;
     }
 #else
@@ -742,12 +620,12 @@ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params)
 
         field_bits = char_two->m;
         if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) {
-            ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_FIELD_TOO_LARGE);
+            ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_FIELD_TOO_LARGE);
             goto err;
         }
 
         if ((p = BN_new()) == NULL) {
-            ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_MALLOC_FAILURE);
+            ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
             goto err;
         }
 
@@ -758,14 +636,14 @@ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params)
             long tmp_long;
 
             if (!char_two->p.tpBasis) {
-                ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
+                ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
                 goto err;
             }
 
             tmp_long = ASN1_INTEGER_get(char_two->p.tpBasis);
 
             if (!(char_two->m > tmp_long && tmp_long > 0)) {
-                ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP,
+                ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS,
                       EC_R_INVALID_TRINOMIAL_BASIS);
                 goto err;
             }
@@ -782,14 +660,14 @@ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params)
 
             penta = char_two->p.ppBasis;
             if (!penta) {
-                ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
+                ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
                 goto err;
             }
 
             if (!
                 (char_two->m > penta->k3 && penta->k3 > penta->k2
                  && penta->k2 > penta->k1 && penta->k1 > 0)) {
-                ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP,
+                ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS,
                       EC_R_INVALID_PENTANOMIAL_BASIS);
                 goto err;
             }
@@ -806,11 +684,11 @@ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params)
             if (!BN_set_bit(p, 0))
                 goto err;
         } else if (tmp == NID_X9_62_onBasis) {
-            ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_NOT_IMPLEMENTED);
+            ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_NOT_IMPLEMENTED);
             goto err;
         } else {                /* error */
 
-            ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
+            ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
             goto err;
         }
 
@@ -822,44 +700,43 @@ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params)
         /* we have a curve over a prime field */
         /* extract the prime number */
         if (!params->fieldID->p.prime) {
-            ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
+            ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
             goto err;
         }
         p = ASN1_INTEGER_to_BN(params->fieldID->p.prime, NULL);
         if (p == NULL) {
-            ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB);
+            ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_ASN1_LIB);
             goto err;
         }
 
         if (BN_is_negative(p) || BN_is_zero(p)) {
-            ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_FIELD);
+            ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_INVALID_FIELD);
             goto err;
         }
 
         field_bits = BN_num_bits(p);
         if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) {
-            ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_FIELD_TOO_LARGE);
+            ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_FIELD_TOO_LARGE);
             goto err;
         }
 
         /* create the EC_GROUP structure */
         ret = EC_GROUP_new_curve_GFp(p, a, b, NULL);
     } else {
-        ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_FIELD);
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_INVALID_FIELD);
         goto err;
     }
 
     if (ret == NULL) {
-        ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB);
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_EC_LIB);
         goto err;
     }
 
     /* extract seed (optional) */
     if (params->curve->seed != NULL) {
-        if (ret->seed != NULL)
-            OPENSSL_free(ret->seed);
-        if (!(ret->seed = OPENSSL_malloc(params->curve->seed->length))) {
-            ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret->seed);
+        if ((ret->seed = OPENSSL_malloc(params->curve->seed->length)) == NULL) {
+            ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
             goto err;
         }
         memcpy(ret->seed, params->curve->seed->data,
@@ -868,7 +745,7 @@ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params)
     }
 
     if (!params->order || !params->base || !params->base->data) {
-        ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
         goto err;
     }
 
@@ -882,89 +759,83 @@ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params)
     /* extract the ec point */
     if (!EC_POINT_oct2point(ret, point, params->base->data,
                             params->base->length, NULL)) {
-        ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB);
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_EC_LIB);
         goto err;
     }
 
     /* extract the order */
     if ((a = ASN1_INTEGER_to_BN(params->order, a)) == NULL) {
-        ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB);
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_ASN1_LIB);
         goto err;
     }
     if (BN_is_negative(a) || BN_is_zero(a)) {
-        ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_GROUP_ORDER);
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_INVALID_GROUP_ORDER);
         goto err;
     }
     if (BN_num_bits(a) > (int)field_bits + 1) { /* Hasse bound */
-        ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_GROUP_ORDER);
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_INVALID_GROUP_ORDER);
         goto err;
     }
 
     /* extract the cofactor (optional) */
     if (params->cofactor == NULL) {
-        if (b) {
-            BN_free(b);
-            b = NULL;
-        }
+        BN_free(b);
+        b = NULL;
     } else if ((b = ASN1_INTEGER_to_BN(params->cofactor, b)) == NULL) {
-        ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB);
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_ASN1_LIB);
         goto err;
     }
     /* set the generator, order and cofactor (if present) */
     if (!EC_GROUP_set_generator(ret, point, a, b)) {
-        ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB);
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_EC_LIB);
         goto err;
     }
 
     ok = 1;
 
- err:if (!ok) {
-        if (ret)
-            EC_GROUP_clear_free(ret);
+ err:
+    if (!ok) {
+        EC_GROUP_clear_free(ret);
         ret = NULL;
     }
 
-    if (p)
-        BN_free(p);
-    if (a)
-        BN_free(a);
-    if (b)
-        BN_free(b);
-    if (point)
-        EC_POINT_free(point);
-    return (ret);
+    BN_free(p);
+    BN_free(a);
+    BN_free(b);
+    EC_POINT_free(point);
+    return ret;
 }
 
-EC_GROUP *ec_asn1_pkparameters2group(const ECPKPARAMETERS *params)
+EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params)
 {
     EC_GROUP *ret = NULL;
     int tmp = 0;
 
     if (params == NULL) {
-        ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, EC_R_MISSING_PARAMETERS);
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS, EC_R_MISSING_PARAMETERS);
         return NULL;
     }
 
     if (params->type == 0) {    /* the curve is given by an OID */
         tmp = OBJ_obj2nid(params->value.named_curve);
         if ((ret = EC_GROUP_new_by_curve_name(tmp)) == NULL) {
-            ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP,
+            ECerr(EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS,
                   EC_R_EC_GROUP_NEW_BY_NAME_FAILURE);
             return NULL;
         }
         EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_NAMED_CURVE);
     } else if (params->type == 1) { /* the parameters are given by a
                                      * ECPARAMETERS structure */
-        ret = ec_asn1_parameters2group(params->value.parameters);
+        ret = EC_GROUP_new_from_ecparameters(params->value.parameters);
         if (!ret) {
-            ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, ERR_R_EC_LIB);
+            ECerr(EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS, ERR_R_EC_LIB);
             return NULL;
         }
-        EC_GROUP_set_asn1_flag(ret, 0x0);
+        EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_EXPLICIT_CURVE);
     } else if (params->type == 2) { /* implicitlyCA */
         return NULL;
     } else {
-        ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, EC_R_ASN1_ERROR);
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS, EC_R_ASN1_ERROR);
         return NULL;
     }
 
@@ -985,26 +856,26 @@ EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len)
         return NULL;
     }
 
-    if ((group = ec_asn1_pkparameters2group(params)) == NULL) {
+    if ((group = EC_GROUP_new_from_ecpkparameters(params)) == NULL) {
         ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_PKPARAMETERS2GROUP_FAILURE);
         ECPKPARAMETERS_free(params);
         return NULL;
     }
 
-    if (a && *a)
+    if (a) {
         EC_GROUP_clear_free(*a);
-    if (a)
         *a = group;
+    }
 
     ECPKPARAMETERS_free(params);
     *in = p;
-    return (group);
+    return group;
 }
 
 int i2d_ECPKParameters(const EC_GROUP *a, unsigned char **out)
 {
     int ret = 0;
-    ECPKPARAMETERS *tmp = ec_asn1_group2pkparameters(a, NULL);
+    ECPKPARAMETERS *tmp = EC_GROUP_get_ecpkparameters(a, NULL);
     if (tmp == NULL) {
         ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_GROUP2PKPARAMETERS_FAILURE);
         return 0;
@@ -1015,14 +886,13 @@ int i2d_ECPKParameters(const EC_GROUP *a, unsigned char **out)
         return 0;
     }
     ECPKPARAMETERS_free(tmp);
-    return (ret);
+    return ret;
 }
 
 /* some EC_KEY functions */
 
 EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
 {
-    int ok = 0;
     EC_KEY *ret = NULL;
     EC_PRIVATEKEY *priv_key = NULL;
     const unsigned char *p = *in;
@@ -1041,9 +911,8 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
         ret = *a;
 
     if (priv_key->parameters) {
-        if (ret->group)
-            EC_GROUP_clear_free(ret->group);
-        ret->group = ec_asn1_pkparameters2group(priv_key->parameters);
+        EC_GROUP_clear_free(ret->group);
+        ret->group = EC_GROUP_new_from_ecpkparameters(priv_key->parameters);
     }
 
     if (ret->group == NULL) {
@@ -1054,20 +923,16 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
     ret->version = priv_key->version;
 
     if (priv_key->privateKey) {
-        ret->priv_key = BN_bin2bn(M_ASN1_STRING_data(priv_key->privateKey),
-                                  M_ASN1_STRING_length(priv_key->privateKey),
-                                  ret->priv_key);
-        if (ret->priv_key == NULL) {
-            ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_BN_LIB);
+        ASN1_OCTET_STRING *pkey = priv_key->privateKey;
+        if (EC_KEY_oct2priv(ret, ASN1_STRING_get0_data(pkey),
+                            ASN1_STRING_length(pkey)) == 0)
             goto err;
-        }
     } else {
         ECerr(EC_F_D2I_ECPRIVATEKEY, EC_R_MISSING_PRIVATE_KEY);
         goto err;
     }
 
-    if (ret->pub_key)
-        EC_POINT_clear_free(ret->pub_key);
+    EC_POINT_clear_free(ret->pub_key);
     ret->pub_key = EC_POINT_new(ret->group);
     if (ret->pub_key == NULL) {
         ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
@@ -1078,57 +943,42 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
         const unsigned char *pub_oct;
         int pub_oct_len;
 
-        pub_oct = M_ASN1_STRING_data(priv_key->publicKey);
-        pub_oct_len = M_ASN1_STRING_length(priv_key->publicKey);
-        /*
-         * The first byte - point conversion form - must be present.
-         */
-        if (pub_oct_len <= 0) {
-            ECerr(EC_F_D2I_ECPRIVATEKEY, EC_R_BUFFER_TOO_SMALL);
-            goto err;
-        }
-        /* Save the point conversion form. */
-        ret->conv_form = (point_conversion_form_t) (pub_oct[0] & ~0x01);
-        if (!EC_POINT_oct2point(ret->group, ret->pub_key,
-                                pub_oct, (size_t)(pub_oct_len), NULL)) {
+        pub_oct = ASN1_STRING_get0_data(priv_key->publicKey);
+        pub_oct_len = ASN1_STRING_length(priv_key->publicKey);
+        if (!EC_KEY_oct2key(ret, pub_oct, pub_oct_len, NULL)) {
             ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
             goto err;
         }
     } else {
-        if (!EC_POINT_mul
-            (ret->group, ret->pub_key, ret->priv_key, NULL, NULL, NULL)) {
-            ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
-            goto err;
-        }
+        if (ret->group->meth->keygenpub == NULL
+            || ret->group->meth->keygenpub(ret) == 0)
+                goto err;
         /* Remember the original private-key-only encoding. */
         ret->enc_flag |= EC_PKEY_NO_PUBKEY;
     }
 
     if (a)
         *a = ret;
+    EC_PRIVATEKEY_free(priv_key);
     *in = p;
-    ok = 1;
- err:
-    if (!ok) {
-        if (ret && (a == NULL || *a != ret))
-            EC_KEY_free(ret);
-        ret = NULL;
-    }
-
-    if (priv_key)
-        EC_PRIVATEKEY_free(priv_key);
+    return ret;
 
-    return (ret);
+ err:
+    if (a == NULL || *a != ret)
+        EC_KEY_free(ret);
+    EC_PRIVATEKEY_free(priv_key);
+    return NULL;
 }
 
 int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out)
 {
     int ret = 0, ok = 0;
-    unsigned char *buffer = NULL;
-    size_t buf_len = 0, tmp_len, bn_len;
+    unsigned char *priv= NULL, *pub= NULL;
+    size_t privlen = 0, publen = 0;
+
     EC_PRIVATEKEY *priv_key = NULL;
 
-    if (a == NULL || a->group == NULL || a->priv_key == NULL ||
+    if (a == NULL || a->group == NULL ||
         (!(a->enc_flag & EC_PKEY_NO_PUBKEY) && a->pub_key == NULL)) {
         ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
         goto err;
@@ -1141,40 +991,19 @@ int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out)
 
     priv_key->version = a->version;
 
-    bn_len = (size_t)BN_num_bytes(a->priv_key);
-
-    /* Octetstring may need leading zeros if BN is to short */
-
-    buf_len = (EC_GROUP_get_degree(a->group) + 7) / 8;
-
-    if (bn_len > buf_len) {
-        ECerr(EC_F_I2D_ECPRIVATEKEY, EC_R_BUFFER_TOO_SMALL);
-        goto err;
-    }
-
-    buffer = OPENSSL_malloc(buf_len);
-    if (buffer == NULL) {
-        ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
+    privlen = EC_KEY_priv2buf(a, &priv);
 
-    if (!BN_bn2bin(a->priv_key, buffer + buf_len - bn_len)) {
-        ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_BN_LIB);
+    if (privlen == 0) {
+        ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
         goto err;
     }
 
-    if (buf_len - bn_len > 0) {
-        memset(buffer, 0, buf_len - bn_len);
-    }
-
-    if (!M_ASN1_OCTET_STRING_set(priv_key->privateKey, buffer, buf_len)) {
-        ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB);
-        goto err;
-    }
+    ASN1_STRING_set0(priv_key->privateKey, priv, privlen);
+    priv = NULL;
 
     if (!(a->enc_flag & EC_PKEY_NO_PARAMETERS)) {
         if ((priv_key->parameters =
-             ec_asn1_group2pkparameters(a->group,
+             EC_GROUP_get_ecpkparameters(a->group,
                                         priv_key->parameters)) == NULL) {
             ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
             goto err;
@@ -1182,37 +1011,23 @@ int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out)
     }
 
     if (!(a->enc_flag & EC_PKEY_NO_PUBKEY)) {
-        priv_key->publicKey = M_ASN1_BIT_STRING_new();
+        priv_key->publicKey = ASN1_BIT_STRING_new();
         if (priv_key->publicKey == NULL) {
             ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
             goto err;
         }
 
-        tmp_len = EC_POINT_point2oct(a->group, a->pub_key,
-                                     a->conv_form, NULL, 0, NULL);
+        publen = EC_KEY_key2buf(a, a->conv_form, &pub, NULL);
 
-        if (tmp_len > buf_len) {
-            unsigned char *tmp_buffer = OPENSSL_realloc(buffer, tmp_len);
-            if (!tmp_buffer) {
-                ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
-                goto err;
-            }
-            buffer = tmp_buffer;
-            buf_len = tmp_len;
-        }
-
-        if (!EC_POINT_point2oct(a->group, a->pub_key,
-                                a->conv_form, buffer, buf_len, NULL)) {
+        if (publen == 0) {
             ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
             goto err;
         }
 
         priv_key->publicKey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
         priv_key->publicKey->flags |= ASN1_STRING_FLAG_BITS_LEFT;
-        if (!M_ASN1_BIT_STRING_set(priv_key->publicKey, buffer, buf_len)) {
-            ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB);
-            goto err;
-        }
+        ASN1_STRING_set0(priv_key->publicKey, pub, publen);
+        pub = NULL;
     }
 
     if ((ret = i2d_EC_PRIVATEKEY(priv_key, out)) == 0) {
@@ -1221,10 +1036,9 @@ int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out)
     }
     ok = 1;
  err:
-    if (buffer)
-        OPENSSL_free(buffer);
-    if (priv_key)
-        EC_PRIVATEKEY_free(priv_key);
+    OPENSSL_clear_free(priv, privlen);
+    OPENSSL_free(pub);
+    EC_PRIVATEKEY_free(priv_key);
     return (ok ? ret : 0);
 }
 
@@ -1273,28 +1087,21 @@ EC_KEY *o2i_ECPublicKey(EC_KEY **a, const unsigned char **in, long len)
 
     if (a == NULL || (*a) == NULL || (*a)->group == NULL) {
         /*
-         * sorry, but a EC_GROUP-structur is necessary to set the public key
+         * sorry, but a EC_GROUP-structure is necessary to set the public key
          */
         ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER);
         return 0;
     }
     ret = *a;
-    if (ret->pub_key == NULL &&
-        (ret->pub_key = EC_POINT_new(ret->group)) == NULL) {
-        ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_MALLOC_FAILURE);
-        return 0;
-    }
-    if (!EC_POINT_oct2point(ret->group, ret->pub_key, *in, len, NULL)) {
+    if (!EC_KEY_oct2key(ret, *in, len, NULL)) {
         ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_EC_LIB);
         return 0;
     }
-    /* save the point conversion form */
-    ret->conv_form = (point_conversion_form_t) (*in[0] & ~0x01);
     *in += len;
     return ret;
 }
 
-int i2o_ECPublicKey(EC_KEY *a, unsigned char **out)
+int i2o_ECPublicKey(const EC_KEY *a, unsigned char **out)
 {
     size_t buf_len = 0;
     int new_buffer = 0;
@@ -1331,3 +1138,86 @@ int i2o_ECPublicKey(EC_KEY *a, unsigned char **out)
         *out += buf_len;
     return buf_len;
 }
+
+ASN1_SEQUENCE(ECDSA_SIG) = {
+        ASN1_SIMPLE(ECDSA_SIG, r, CBIGNUM),
+        ASN1_SIMPLE(ECDSA_SIG, s, CBIGNUM)
+} static_ASN1_SEQUENCE_END(ECDSA_SIG)
+
+DECLARE_ASN1_FUNCTIONS_const(ECDSA_SIG)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECDSA_SIG, ECDSA_SIG)
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(ECDSA_SIG, ECDSA_SIG, ECDSA_SIG)
+
+ECDSA_SIG *ECDSA_SIG_new(void)
+{
+    ECDSA_SIG *sig = OPENSSL_zalloc(sizeof(*sig));
+    if (sig == NULL)
+        ECerr(EC_F_ECDSA_SIG_NEW, ERR_R_MALLOC_FAILURE);
+    return sig;
+}
+
+void ECDSA_SIG_free(ECDSA_SIG *sig)
+{
+    if (sig == NULL)
+        return;
+    BN_clear_free(sig->r);
+    BN_clear_free(sig->s);
+    OPENSSL_free(sig);
+}
+
+void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
+{
+    if (pr != NULL)
+        *pr = sig->r;
+    if (ps != NULL)
+        *ps = sig->s;
+}
+
+const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig)
+{
+    return sig->r;
+}
+
+const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig)
+{
+    return sig->s;
+}
+
+int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)
+{
+    if (r == NULL || s == NULL)
+        return 0;
+    BN_clear_free(sig->r);
+    BN_clear_free(sig->s);
+    sig->r = r;
+    sig->s = s;
+    return 1;
+}
+
+int ECDSA_size(const EC_KEY *r)
+{
+    int ret, i;
+    ASN1_INTEGER bs;
+    unsigned char buf[4];
+    const EC_GROUP *group;
+
+    if (r == NULL)
+        return 0;
+    group = EC_KEY_get0_group(r);
+    if (group == NULL)
+        return 0;
+
+    i = EC_GROUP_order_bits(group);
+    if (i == 0)
+        return 0;
+    bs.length = (i + 7) / 8;
+    bs.data = buf;
+    bs.type = V_ASN1_INTEGER;
+    /* If the top bit is set the asn1 encoding is 1 larger. */
+    buf[0] = 0xff;
+
+    i = i2d_ASN1_INTEGER(&bs, NULL);
+    i += i;                     /* r and s */
+    ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE);
+    return ret;
+}
diff --git a/freebsd/crypto/openssl/crypto/ec/ec_check.c b/freebsd/crypto/openssl/crypto/ec/ec_check.c
index 04d53296..1125f00c 100644
--- a/freebsd/crypto/openssl/crypto/ec/ec_check.c
+++ b/freebsd/crypto/openssl/crypto/ec/ec_check.c
@@ -1,58 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/ec/ec_check.c */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include "ec_lcl.h"
@@ -61,10 +15,14 @@
 int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx)
 {
     int ret = 0;
-    BIGNUM *order;
+    const BIGNUM *order;
     BN_CTX *new_ctx = NULL;
     EC_POINT *point = NULL;
 
+    /* Custom curves assumed to be correct */
+    if ((group->meth->flags & EC_FLAGS_CUSTOM_CURVE) != 0)
+        return 1;
+
     if (ctx == NULL) {
         ctx = new_ctx = BN_CTX_new();
         if (ctx == NULL) {
@@ -72,9 +30,6 @@ int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx)
             goto err;
         }
     }
-    BN_CTX_start(ctx);
-    if ((order = BN_CTX_get(ctx)) == NULL)
-        goto err;
 
     /* check the discriminant */
     if (!EC_GROUP_check_discriminant(group, ctx)) {
@@ -95,7 +50,8 @@ int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx)
     /* check the order of the generator */
     if ((point = EC_POINT_new(group)) == NULL)
         goto err;
-    if (!EC_GROUP_get_order(group, order, ctx))
+    order = EC_GROUP_get0_order(group);
+    if (order == NULL)
         goto err;
     if (BN_is_zero(order)) {
         ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_ORDER);
@@ -112,11 +68,7 @@ int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx)
     ret = 1;
 
  err:
-    if (ctx != NULL)
-        BN_CTX_end(ctx);
-    if (new_ctx != NULL)
-        BN_CTX_free(new_ctx);
-    if (point)
-        EC_POINT_free(point);
+    BN_CTX_free(new_ctx);
+    EC_POINT_free(point);
     return ret;
 }
diff --git a/freebsd/crypto/openssl/crypto/ec/ec_curve.c b/freebsd/crypto/openssl/crypto/ec/ec_curve.c
index 88e4e2d8..7ffd2eb1 100644
--- a/freebsd/crypto/openssl/crypto/ec/ec_curve.c
+++ b/freebsd/crypto/openssl/crypto/ec/ec_curve.c
@@ -1,74 +1,13 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/ec/ec_curve.c */
 /*
- * Written by Nils Larsch for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2010 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * The elliptic curve binary polynomial software is originally written by
- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
+ * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <string.h>
@@ -76,10 +15,7 @@
 #include <openssl/err.h>
 #include <openssl/obj_mac.h>
 #include <openssl/opensslconf.h>
-
-#ifdef OPENSSL_FIPS
-# include <openssl/fips.h>
-#endif
+#include "internal/nelem.h"
 
 typedef struct {
     int field_type,             /* either NID_X9_62_prime_field or
@@ -1067,16 +1003,6 @@ static const struct {
         NID_X9_62_characteristic_two_field, 0, 21, 2
     },
     {
-        /* no seed */
-# if 0
-        /*
-        * The algorithm used to derive the curve parameters from the seed
-        * used here is slightly different than the algorithm described in
-        * X9.62 .
-        */
-        0x24, 0xB7, 0xB1, 0x37, 0xC8, 0xA1, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75,
-        0x61, 0x51, 0x75, 0x6F, 0xD0, 0xDA, 0x2E, 0x5C,
-# endif
         /* p */
         0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xC9,
@@ -1106,16 +1032,6 @@ static const struct {
         NID_X9_62_characteristic_two_field, 0, 21, 2
     },
     {
-        /* no seed */
-# if 0
-        /*
-        * The seed here was used to created the curve parameters in normal
-        * basis representation (and not the polynomial representation used
-        * here)
-        */
-        0x85, 0xE2, 0x5B, 0xFE, 0x5C, 0x86, 0x22, 0x6C, 0xDB, 0x12, 0x01, 0x6F,
-        0x75, 0x53, 0xF9, 0xD0, 0xE6, 0x93, 0xA2, 0x68,
-# endif
         /* p */
         0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xC9,
@@ -2290,7 +2206,7 @@ static const struct {
 #endif
 
 /*
- * These curves were added by Annie Yousar <a.yousar@informatik.hu-berlin.de>
+ * These curves were added by Annie Yousar.
  * For the definition of RFC 5639 curves see
  * http://www.ietf.org/rfc/rfc5639.txt These curves are generated verifiable
  * at random, nevertheless the seed is omitted as parameter because the
@@ -2837,6 +2753,45 @@ static const struct {
     }
 };
 
+#ifndef OPENSSL_NO_SM2
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 32 * 6];
+} _EC_sm2p256v1 = {
+    {
+       NID_X9_62_prime_field, 0, 32, 1
+    },
+    {
+        /* no seed */
+
+        /* p */
+        0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
+        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+        /* a */
+        0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
+        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc,
+        /* b */
+        0x28, 0xe9, 0xfa, 0x9e, 0x9d, 0x9f, 0x5e, 0x34, 0x4d, 0x5a, 0x9e, 0x4b,
+        0xcf, 0x65, 0x09, 0xa7, 0xf3, 0x97, 0x89, 0xf5, 0x15, 0xab, 0x8f, 0x92,
+        0xdd, 0xbc, 0xbd, 0x41, 0x4d, 0x94, 0x0e, 0x93,
+        /* x */
+        0x32, 0xc4, 0xae, 0x2c, 0x1f, 0x19, 0x81, 0x19, 0x5f, 0x99, 0x04, 0x46,
+        0x6a, 0x39, 0xc9, 0x94, 0x8f, 0xe3, 0x0b, 0xbf, 0xf2, 0x66, 0x0b, 0xe1,
+        0x71, 0x5a, 0x45, 0x89, 0x33, 0x4c, 0x74, 0xc7,
+        /* y */
+        0xbc, 0x37, 0x36, 0xa2, 0xf4, 0xf6, 0x77, 0x9c, 0x59, 0xbd, 0xce, 0xe3,
+        0x6b, 0x69, 0x21, 0x53, 0xd0, 0xa9, 0x87, 0x7c, 0xc6, 0x2a, 0x47, 0x40,
+        0x02, 0xdf, 0x32, 0xe5, 0x21, 0x39, 0xf0, 0xa0,
+        /* order */
+        0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+        0xff, 0xff, 0xff, 0xff, 0x72, 0x03, 0xdf, 0x6b, 0x21, 0xc6, 0x05, 0x2b,
+        0x53, 0xbb, 0xf4, 0x09, 0x39, 0xd5, 0x41, 0x23,
+    }
+};
+#endif /* OPENSSL_NO_SM2 */
+
 typedef struct _ec_list_element_st {
     int nid;
     const EC_CURVE_DATA *data;
@@ -3007,7 +2962,7 @@ static const ec_list_element curve_list[] = {
      "NIST/SECG/WTLS curve over a 233 bit binary field"},
 #endif
     {NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12.h, 0,
-     "WTLS curvs over a 224 bit prime field"},
+     "WTLS curve over a 224 bit prime field"},
 #ifndef OPENSSL_NO_EC2M
     /* IPSec curves */
     {NID_ipsec3, &_EC_IPSEC_155_ID3.h, 0,
@@ -3046,9 +3001,13 @@ static const ec_list_element curve_list[] = {
      "RFC 5639 curve over a 512 bit prime field"},
     {NID_brainpoolP512t1, &_EC_brainpoolP512t1.h, 0,
      "RFC 5639 curve over a 512 bit prime field"},
+#ifndef OPENSSL_NO_SM2
+    {NID_sm2, &_EC_sm2p256v1.h, 0,
+     "SM2 curve over a 256 bit prime field"},
+#endif
 };
 
-#define curve_list_length (sizeof(curve_list)/sizeof(ec_list_element))
+#define curve_list_length OSSL_NELEM(curve_list)
 
 static EC_GROUP *ec_group_new_from_data(const ec_list_element curve)
 {
@@ -3063,6 +3022,10 @@ static EC_GROUP *ec_group_new_from_data(const ec_list_element curve)
     const EC_CURVE_DATA *data;
     const unsigned char *params;
 
+    /* If no curve data curve method must handle everything */
+    if (curve.data == NULL)
+        return EC_GROUP_new(curve.meth != NULL ? curve.meth() : NULL);
+
     if ((ctx = BN_CTX_new()) == NULL) {
         ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE);
         goto err;
@@ -3074,9 +3037,9 @@ static EC_GROUP *ec_group_new_from_data(const ec_list_element curve)
     params = (const unsigned char *)(data + 1); /* skip header */
     params += seed_len;         /* skip seed */
 
-    if (!(p = BN_bin2bn(params + 0 * param_len, param_len, NULL))
-        || !(a = BN_bin2bn(params + 1 * param_len, param_len, NULL))
-        || !(b = BN_bin2bn(params + 2 * param_len, param_len, NULL))) {
+    if ((p = BN_bin2bn(params + 0 * param_len, param_len, NULL)) == NULL
+        || (a = BN_bin2bn(params + 1 * param_len, param_len, NULL)) == NULL
+        || (b = BN_bin2bn(params + 2 * param_len, param_len, NULL)) == NULL) {
         ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
         goto err;
     }
@@ -3105,21 +3068,23 @@ static EC_GROUP *ec_group_new_from_data(const ec_list_element curve)
     }
 #endif
 
+    EC_GROUP_set_curve_name(group, curve.nid);
+
     if ((P = EC_POINT_new(group)) == NULL) {
         ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
         goto err;
     }
 
-    if (!(x = BN_bin2bn(params + 3 * param_len, param_len, NULL))
-        || !(y = BN_bin2bn(params + 4 * param_len, param_len, NULL))) {
+    if ((x = BN_bin2bn(params + 3 * param_len, param_len, NULL)) == NULL
+        || (y = BN_bin2bn(params + 4 * param_len, param_len, NULL)) == NULL) {
         ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
         goto err;
     }
-    if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) {
+    if (!EC_POINT_set_affine_coordinates(group, P, x, y, ctx)) {
         ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
         goto err;
     }
-    if (!(order = BN_bin2bn(params + 5 * param_len, param_len, NULL))
+    if ((order = BN_bin2bn(params + 5 * param_len, param_len, NULL)) == NULL
         || !BN_set_word(x, (BN_ULONG)data->cofactor)) {
         ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
         goto err;
@@ -3140,22 +3105,14 @@ static EC_GROUP *ec_group_new_from_data(const ec_list_element curve)
         EC_GROUP_free(group);
         group = NULL;
     }
-    if (P)
-        EC_POINT_free(P);
-    if (ctx)
-        BN_CTX_free(ctx);
-    if (p)
-        BN_free(p);
-    if (a)
-        BN_free(a);
-    if (b)
-        BN_free(b);
-    if (order)
-        BN_free(order);
-    if (x)
-        BN_free(x);
-    if (y)
-        BN_free(y);
+    EC_POINT_free(P);
+    BN_CTX_free(ctx);
+    BN_free(p);
+    BN_free(a);
+    BN_free(b);
+    BN_free(order);
+    BN_free(x);
+    BN_free(y);
     return group;
 }
 
@@ -3164,10 +3121,6 @@ EC_GROUP *EC_GROUP_new_by_curve_name(int nid)
     size_t i;
     EC_GROUP *ret = NULL;
 
-#ifdef OPENSSL_FIPS
-    if (FIPS_mode())
-        return FIPS_ec_group_new_by_curve_name(nid);
-#endif
     if (nid <= 0)
         return NULL;
 
@@ -3182,8 +3135,6 @@ EC_GROUP *EC_GROUP_new_by_curve_name(int nid)
         return NULL;
     }
 
-    EC_GROUP_set_curve_name(ret, nid);
-
     return ret;
 }
 
@@ -3232,7 +3183,7 @@ static EC_NIST_NAME nist_curves[] = {
 const char *EC_curve_nid2nist(int nid)
 {
     size_t i;
-    for (i = 0; i < sizeof(nist_curves) / sizeof(EC_NIST_NAME); i++) {
+    for (i = 0; i < OSSL_NELEM(nist_curves); i++) {
         if (nist_curves[i].nid == nid)
             return nist_curves[i].name;
     }
@@ -3242,8 +3193,8 @@ const char *EC_curve_nid2nist(int nid)
 int EC_curve_nist2nid(const char *name)
 {
     size_t i;
-    for (i = 0; i < sizeof(nist_curves) / sizeof(EC_NIST_NAME); i++) {
-        if (!strcmp(nist_curves[i].name, name))
+    for (i = 0; i < OSSL_NELEM(nist_curves); i++) {
+        if (strcmp(nist_curves[i].name, name) == 0)
             return nist_curves[i].nid;
     }
     return NID_undef;
diff --git a/freebsd/crypto/openssl/crypto/ec/ec_cvt.c b/freebsd/crypto/openssl/crypto/ec/ec_cvt.c
index 75d766f0..8d614b46 100644
--- a/freebsd/crypto/openssl/crypto/ec/ec_cvt.c
+++ b/freebsd/crypto/openssl/crypto/ec/ec_cvt.c
@@ -1,93 +1,24 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/ec/ec_cvt.c */
 /*
- * Originally written by Bodo Moeller for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * The elliptic curve binary polynomial software is originally written by
- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/err.h>
 #include "ec_lcl.h"
 
-#ifdef OPENSSL_FIPS
-# include <openssl/fips.h>
-#endif
-
 EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a,
                                  const BIGNUM *b, BN_CTX *ctx)
 {
     const EC_METHOD *meth;
     EC_GROUP *ret;
 
-#ifdef OPENSSL_FIPS
-    if (FIPS_mode())
-        return FIPS_ec_group_new_curve_gfp(p, a, b, ctx);
-#endif
 #if defined(OPENSSL_BN_ASM_MONT)
     /*
      * This might appear controversial, but the fact is that generic
@@ -112,44 +43,19 @@ EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a,
      */
     meth = EC_GFp_mont_method();
 #else
-    meth = EC_GFp_nist_method();
+    if (BN_nist_mod_func(p))
+        meth = EC_GFp_nist_method();
+    else
+        meth = EC_GFp_mont_method();
 #endif
 
     ret = EC_GROUP_new(meth);
     if (ret == NULL)
         return NULL;
 
-    if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx)) {
-        unsigned long err;
-
-        err = ERR_peek_last_error();
-
-        if (!(ERR_GET_LIB(err) == ERR_LIB_EC &&
-              ((ERR_GET_REASON(err) == EC_R_NOT_A_NIST_PRIME) ||
-               (ERR_GET_REASON(err) == EC_R_NOT_A_SUPPORTED_NIST_PRIME)))) {
-            /* real error */
-
-            EC_GROUP_clear_free(ret);
-            return NULL;
-        }
-
-        /*
-         * not an actual error, we just cannot use EC_GFp_nist_method
-         */
-
-        ERR_clear_error();
-
+    if (!EC_GROUP_set_curve(ret, p, a, b, ctx)) {
         EC_GROUP_clear_free(ret);
-        meth = EC_GFp_mont_method();
-
-        ret = EC_GROUP_new(meth);
-        if (ret == NULL)
-            return NULL;
-
-        if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx)) {
-            EC_GROUP_clear_free(ret);
-            return NULL;
-        }
+        return NULL;
     }
 
     return ret;
@@ -162,17 +68,13 @@ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
     const EC_METHOD *meth;
     EC_GROUP *ret;
 
-# ifdef OPENSSL_FIPS
-    if (FIPS_mode())
-        return FIPS_ec_group_new_curve_gf2m(p, a, b, ctx);
-# endif
     meth = EC_GF2m_simple_method();
 
     ret = EC_GROUP_new(meth);
     if (ret == NULL)
         return NULL;
 
-    if (!EC_GROUP_set_curve_GF2m(ret, p, a, b, ctx)) {
+    if (!EC_GROUP_set_curve(ret, p, a, b, ctx)) {
         EC_GROUP_clear_free(ret);
         return NULL;
     }
diff --git a/freebsd/crypto/openssl/crypto/ec/ec_err.c b/freebsd/crypto/openssl/crypto/ec/ec_err.c
index ff5eb912..43075308 100644
--- a/freebsd/crypto/openssl/crypto/ec/ec_err.c
+++ b/freebsd/crypto/openssl/crypto/ec/ec_err.c
@@ -1,334 +1,389 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/ec/ec_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2015 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
 /*
- * NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
-#include <openssl/ec.h>
+#include <openssl/ecerr.h>
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_EC,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_EC,0,reason)
-
-static ERR_STRING_DATA EC_str_functs[] = {
-    {ERR_FUNC(EC_F_BN_TO_FELEM), "BN_TO_FELEM"},
-    {ERR_FUNC(EC_F_COMPUTE_WNAF), "COMPUTE_WNAF"},
-    {ERR_FUNC(EC_F_D2I_ECPARAMETERS), "d2i_ECParameters"},
-    {ERR_FUNC(EC_F_D2I_ECPKPARAMETERS), "d2i_ECPKParameters"},
-    {ERR_FUNC(EC_F_D2I_ECPRIVATEKEY), "d2i_ECPrivateKey"},
-    {ERR_FUNC(EC_F_DO_EC_KEY_PRINT), "DO_EC_KEY_PRINT"},
-    {ERR_FUNC(EC_F_ECDH_CMS_DECRYPT), "ECDH_CMS_DECRYPT"},
-    {ERR_FUNC(EC_F_ECDH_CMS_SET_SHARED_INFO), "ECDH_CMS_SET_SHARED_INFO"},
-    {ERR_FUNC(EC_F_ECKEY_PARAM2TYPE), "ECKEY_PARAM2TYPE"},
-    {ERR_FUNC(EC_F_ECKEY_PARAM_DECODE), "ECKEY_PARAM_DECODE"},
-    {ERR_FUNC(EC_F_ECKEY_PRIV_DECODE), "ECKEY_PRIV_DECODE"},
-    {ERR_FUNC(EC_F_ECKEY_PRIV_ENCODE), "ECKEY_PRIV_ENCODE"},
-    {ERR_FUNC(EC_F_ECKEY_PUB_DECODE), "ECKEY_PUB_DECODE"},
-    {ERR_FUNC(EC_F_ECKEY_PUB_ENCODE), "ECKEY_PUB_ENCODE"},
-    {ERR_FUNC(EC_F_ECKEY_TYPE2PARAM), "ECKEY_TYPE2PARAM"},
-    {ERR_FUNC(EC_F_ECPARAMETERS_PRINT), "ECParameters_print"},
-    {ERR_FUNC(EC_F_ECPARAMETERS_PRINT_FP), "ECParameters_print_fp"},
-    {ERR_FUNC(EC_F_ECPKPARAMETERS_PRINT), "ECPKParameters_print"},
-    {ERR_FUNC(EC_F_ECPKPARAMETERS_PRINT_FP), "ECPKParameters_print_fp"},
-    {ERR_FUNC(EC_F_ECP_NISTZ256_GET_AFFINE), "ecp_nistz256_get_affine"},
-    {ERR_FUNC(EC_F_ECP_NISTZ256_MULT_PRECOMPUTE),
+static const ERR_STRING_DATA EC_str_functs[] = {
+    {ERR_PACK(ERR_LIB_EC, EC_F_BN_TO_FELEM, 0), "BN_to_felem"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_D2I_ECPARAMETERS, 0), "d2i_ECParameters"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_D2I_ECPKPARAMETERS, 0), "d2i_ECPKParameters"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_D2I_ECPRIVATEKEY, 0), "d2i_ECPrivateKey"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_DO_EC_KEY_PRINT, 0), "do_EC_KEY_print"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECDH_CMS_DECRYPT, 0), "ecdh_cms_decrypt"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECDH_CMS_SET_SHARED_INFO, 0),
+     "ecdh_cms_set_shared_info"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECDH_COMPUTE_KEY, 0), "ECDH_compute_key"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECDH_SIMPLE_COMPUTE_KEY, 0),
+     "ecdh_simple_compute_key"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_DO_SIGN_EX, 0), "ECDSA_do_sign_ex"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_DO_VERIFY, 0), "ECDSA_do_verify"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_SIGN_EX, 0), "ECDSA_sign_ex"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_SIGN_SETUP, 0), "ECDSA_sign_setup"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_SIG_NEW, 0), "ECDSA_SIG_new"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_VERIFY, 0), "ECDSA_verify"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECD_ITEM_VERIFY, 0), "ecd_item_verify"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_PARAM2TYPE, 0), "eckey_param2type"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_PARAM_DECODE, 0), "eckey_param_decode"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_PRIV_DECODE, 0), "eckey_priv_decode"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_PRIV_ENCODE, 0), "eckey_priv_encode"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_PUB_DECODE, 0), "eckey_pub_decode"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_PUB_ENCODE, 0), "eckey_pub_encode"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_TYPE2PARAM, 0), "eckey_type2param"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECPARAMETERS_PRINT, 0), "ECParameters_print"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECPARAMETERS_PRINT_FP, 0),
+     "ECParameters_print_fp"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECPKPARAMETERS_PRINT, 0),
+     "ECPKParameters_print"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECPKPARAMETERS_PRINT_FP, 0),
+     "ECPKParameters_print_fp"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECP_NISTZ256_GET_AFFINE, 0),
+     "ecp_nistz256_get_affine"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECP_NISTZ256_INV_MOD_ORD, 0),
+     "ecp_nistz256_inv_mod_ord"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECP_NISTZ256_MULT_PRECOMPUTE, 0),
      "ecp_nistz256_mult_precompute"},
-    {ERR_FUNC(EC_F_ECP_NISTZ256_POINTS_MUL), "ecp_nistz256_points_mul"},
-    {ERR_FUNC(EC_F_ECP_NISTZ256_PRE_COMP_NEW), "ecp_nistz256_pre_comp_new"},
-    {ERR_FUNC(EC_F_ECP_NISTZ256_SET_WORDS), "ecp_nistz256_set_words"},
-    {ERR_FUNC(EC_F_ECP_NISTZ256_WINDOWED_MUL), "ecp_nistz256_windowed_mul"},
-    {ERR_FUNC(EC_F_ECP_NIST_MOD_192), "ECP_NIST_MOD_192"},
-    {ERR_FUNC(EC_F_ECP_NIST_MOD_224), "ECP_NIST_MOD_224"},
-    {ERR_FUNC(EC_F_ECP_NIST_MOD_256), "ECP_NIST_MOD_256"},
-    {ERR_FUNC(EC_F_ECP_NIST_MOD_521), "ECP_NIST_MOD_521"},
-    {ERR_FUNC(EC_F_EC_ASN1_GROUP2CURVE), "EC_ASN1_GROUP2CURVE"},
-    {ERR_FUNC(EC_F_EC_ASN1_GROUP2FIELDID), "EC_ASN1_GROUP2FIELDID"},
-    {ERR_FUNC(EC_F_EC_ASN1_GROUP2PARAMETERS), "EC_ASN1_GROUP2PARAMETERS"},
-    {ERR_FUNC(EC_F_EC_ASN1_GROUP2PKPARAMETERS), "EC_ASN1_GROUP2PKPARAMETERS"},
-    {ERR_FUNC(EC_F_EC_ASN1_PARAMETERS2GROUP), "EC_ASN1_PARAMETERS2GROUP"},
-    {ERR_FUNC(EC_F_EC_ASN1_PKPARAMETERS2GROUP), "EC_ASN1_PKPARAMETERS2GROUP"},
-    {ERR_FUNC(EC_F_EC_EX_DATA_SET_DATA), "EC_EX_DATA_set_data"},
-    {ERR_FUNC(EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY),
-     "EC_GF2M_MONTGOMERY_POINT_MULTIPLY"},
-    {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT),
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECP_NISTZ256_POINTS_MUL, 0),
+     "ecp_nistz256_points_mul"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECP_NISTZ256_PRE_COMP_NEW, 0),
+     "ecp_nistz256_pre_comp_new"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECP_NISTZ256_WINDOWED_MUL, 0),
+     "ecp_nistz256_windowed_mul"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECX_KEY_OP, 0), "ecx_key_op"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECX_PRIV_ENCODE, 0), "ecx_priv_encode"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECX_PUB_ENCODE, 0), "ecx_pub_encode"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_ASN1_GROUP2CURVE, 0), "ec_asn1_group2curve"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_ASN1_GROUP2FIELDID, 0),
+     "ec_asn1_group2fieldid"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY, 0),
+     "ec_GF2m_montgomery_point_multiply"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT, 0),
      "ec_GF2m_simple_group_check_discriminant"},
-    {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE, 0),
      "ec_GF2m_simple_group_set_curve"},
-    {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_OCT2POINT), "ec_GF2m_simple_oct2point"},
-    {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT2OCT), "ec_GF2m_simple_point2oct"},
-    {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_LADDER_POST, 0),
+     "ec_GF2m_simple_ladder_post"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_LADDER_PRE, 0),
+     "ec_GF2m_simple_ladder_pre"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_OCT2POINT, 0),
+     "ec_GF2m_simple_oct2point"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_POINT2OCT, 0),
+     "ec_GF2m_simple_point2oct"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_POINTS_MUL, 0),
+     "ec_GF2m_simple_points_mul"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES, 0),
      "ec_GF2m_simple_point_get_affine_coordinates"},
-    {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES, 0),
      "ec_GF2m_simple_point_set_affine_coordinates"},
-    {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES, 0),
      "ec_GF2m_simple_set_compressed_coordinates"},
-    {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_DECODE), "ec_GFp_mont_field_decode"},
-    {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_ENCODE), "ec_GFp_mont_field_encode"},
-    {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_MUL), "ec_GFp_mont_field_mul"},
-    {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_FIELD_DECODE, 0),
+     "ec_GFp_mont_field_decode"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_FIELD_ENCODE, 0),
+     "ec_GFp_mont_field_encode"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_FIELD_MUL, 0),
+     "ec_GFp_mont_field_mul"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE, 0),
      "ec_GFp_mont_field_set_to_one"},
-    {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_SQR), "ec_GFp_mont_field_sqr"},
-    {ERR_FUNC(EC_F_EC_GFP_MONT_GROUP_SET_CURVE),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_FIELD_SQR, 0),
+     "ec_GFp_mont_field_sqr"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_GROUP_SET_CURVE, 0),
      "ec_GFp_mont_group_set_curve"},
-    {ERR_FUNC(EC_F_EC_GFP_MONT_GROUP_SET_CURVE_GFP),
-     "EC_GFP_MONT_GROUP_SET_CURVE_GFP"},
-    {ERR_FUNC(EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE, 0),
      "ec_GFp_nistp224_group_set_curve"},
-    {ERR_FUNC(EC_F_EC_GFP_NISTP224_POINTS_MUL), "ec_GFp_nistp224_points_mul"},
-    {ERR_FUNC(EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP224_POINTS_MUL, 0),
+     "ec_GFp_nistp224_points_mul"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES, 0),
      "ec_GFp_nistp224_point_get_affine_coordinates"},
-    {ERR_FUNC(EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE, 0),
      "ec_GFp_nistp256_group_set_curve"},
-    {ERR_FUNC(EC_F_EC_GFP_NISTP256_POINTS_MUL), "ec_GFp_nistp256_points_mul"},
-    {ERR_FUNC(EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP256_POINTS_MUL, 0),
+     "ec_GFp_nistp256_points_mul"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES, 0),
      "ec_GFp_nistp256_point_get_affine_coordinates"},
-    {ERR_FUNC(EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE, 0),
      "ec_GFp_nistp521_group_set_curve"},
-    {ERR_FUNC(EC_F_EC_GFP_NISTP521_POINTS_MUL), "ec_GFp_nistp521_points_mul"},
-    {ERR_FUNC(EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP521_POINTS_MUL, 0),
+     "ec_GFp_nistp521_points_mul"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES, 0),
      "ec_GFp_nistp521_point_get_affine_coordinates"},
-    {ERR_FUNC(EC_F_EC_GFP_NIST_FIELD_MUL), "ec_GFp_nist_field_mul"},
-    {ERR_FUNC(EC_F_EC_GFP_NIST_FIELD_SQR), "ec_GFp_nist_field_sqr"},
-    {ERR_FUNC(EC_F_EC_GFP_NIST_GROUP_SET_CURVE),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NIST_FIELD_MUL, 0),
+     "ec_GFp_nist_field_mul"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NIST_FIELD_SQR, 0),
+     "ec_GFp_nist_field_sqr"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NIST_GROUP_SET_CURVE, 0),
      "ec_GFp_nist_group_set_curve"},
-    {ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES, 0),
+     "ec_GFp_simple_blind_coordinates"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT, 0),
      "ec_GFp_simple_group_check_discriminant"},
-    {ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, 0),
      "ec_GFp_simple_group_set_curve"},
-    {ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP),
-     "EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP"},
-    {ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR),
-     "EC_GFP_SIMPLE_GROUP_SET_GENERATOR"},
-    {ERR_FUNC(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE), "ec_GFp_simple_make_affine"},
-    {ERR_FUNC(EC_F_EC_GFP_SIMPLE_OCT2POINT), "ec_GFp_simple_oct2point"},
-    {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT2OCT), "ec_GFp_simple_point2oct"},
-    {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_MAKE_AFFINE, 0),
+     "ec_GFp_simple_make_affine"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_OCT2POINT, 0),
+     "ec_GFp_simple_oct2point"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_POINT2OCT, 0),
+     "ec_GFp_simple_point2oct"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, 0),
      "ec_GFp_simple_points_make_affine"},
-    {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES, 0),
      "ec_GFp_simple_point_get_affine_coordinates"},
-    {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP),
-     "EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP"},
-    {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES, 0),
      "ec_GFp_simple_point_set_affine_coordinates"},
-    {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP),
-     "EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP"},
-    {ERR_FUNC(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, 0),
      "ec_GFp_simple_set_compressed_coordinates"},
-    {ERR_FUNC(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP),
-     "EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP"},
-    {ERR_FUNC(EC_F_EC_GROUP_CHECK), "EC_GROUP_check"},
-    {ERR_FUNC(EC_F_EC_GROUP_CHECK_DISCRIMINANT),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_CHECK, 0), "EC_GROUP_check"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_CHECK_DISCRIMINANT, 0),
      "EC_GROUP_check_discriminant"},
-    {ERR_FUNC(EC_F_EC_GROUP_COPY), "EC_GROUP_copy"},
-    {ERR_FUNC(EC_F_EC_GROUP_GET0_GENERATOR), "EC_GROUP_get0_generator"},
-    {ERR_FUNC(EC_F_EC_GROUP_GET_COFACTOR), "EC_GROUP_get_cofactor"},
-    {ERR_FUNC(EC_F_EC_GROUP_GET_CURVE_GF2M), "EC_GROUP_get_curve_GF2m"},
-    {ERR_FUNC(EC_F_EC_GROUP_GET_CURVE_GFP), "EC_GROUP_get_curve_GFp"},
-    {ERR_FUNC(EC_F_EC_GROUP_GET_DEGREE), "EC_GROUP_get_degree"},
-    {ERR_FUNC(EC_F_EC_GROUP_GET_ORDER), "EC_GROUP_get_order"},
-    {ERR_FUNC(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_COPY, 0), "EC_GROUP_copy"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_CURVE, 0), "EC_GROUP_get_curve"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_CURVE_GF2M, 0),
+     "EC_GROUP_get_curve_GF2m"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_CURVE_GFP, 0),
+     "EC_GROUP_get_curve_GFp"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_DEGREE, 0), "EC_GROUP_get_degree"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_ECPARAMETERS, 0),
+     "EC_GROUP_get_ecparameters"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_ECPKPARAMETERS, 0),
+     "EC_GROUP_get_ecpkparameters"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS, 0),
      "EC_GROUP_get_pentanomial_basis"},
-    {ERR_FUNC(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_TRINOMIAL_BASIS, 0),
      "EC_GROUP_get_trinomial_basis"},
-    {ERR_FUNC(EC_F_EC_GROUP_NEW), "EC_GROUP_new"},
-    {ERR_FUNC(EC_F_EC_GROUP_NEW_BY_CURVE_NAME), "EC_GROUP_new_by_curve_name"},
-    {ERR_FUNC(EC_F_EC_GROUP_NEW_FROM_DATA), "EC_GROUP_NEW_FROM_DATA"},
-    {ERR_FUNC(EC_F_EC_GROUP_PRECOMPUTE_MULT), "EC_GROUP_precompute_mult"},
-    {ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GF2M), "EC_GROUP_set_curve_GF2m"},
-    {ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GFP), "EC_GROUP_set_curve_GFp"},
-    {ERR_FUNC(EC_F_EC_GROUP_SET_EXTRA_DATA), "EC_GROUP_SET_EXTRA_DATA"},
-    {ERR_FUNC(EC_F_EC_GROUP_SET_GENERATOR), "EC_GROUP_set_generator"},
-    {ERR_FUNC(EC_F_EC_KEY_CHECK_KEY), "EC_KEY_check_key"},
-    {ERR_FUNC(EC_F_EC_KEY_COPY), "EC_KEY_copy"},
-    {ERR_FUNC(EC_F_EC_KEY_GENERATE_KEY), "EC_KEY_generate_key"},
-    {ERR_FUNC(EC_F_EC_KEY_NEW), "EC_KEY_new"},
-    {ERR_FUNC(EC_F_EC_KEY_PRINT), "EC_KEY_print"},
-    {ERR_FUNC(EC_F_EC_KEY_PRINT_FP), "EC_KEY_print_fp"},
-    {ERR_FUNC(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_NEW, 0), "EC_GROUP_new"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_NEW_BY_CURVE_NAME, 0),
+     "EC_GROUP_new_by_curve_name"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_NEW_FROM_DATA, 0),
+     "ec_group_new_from_data"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, 0),
+     "EC_GROUP_new_from_ecparameters"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS, 0),
+     "EC_GROUP_new_from_ecpkparameters"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_SET_CURVE, 0), "EC_GROUP_set_curve"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_SET_CURVE_GF2M, 0),
+     "EC_GROUP_set_curve_GF2m"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_SET_CURVE_GFP, 0),
+     "EC_GROUP_set_curve_GFp"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_SET_GENERATOR, 0),
+     "EC_GROUP_set_generator"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_SET_SEED, 0), "EC_GROUP_set_seed"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_CHECK_KEY, 0), "EC_KEY_check_key"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_COPY, 0), "EC_KEY_copy"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_GENERATE_KEY, 0), "EC_KEY_generate_key"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_NEW, 0), "EC_KEY_new"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_NEW_METHOD, 0), "EC_KEY_new_method"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_OCT2PRIV, 0), "EC_KEY_oct2priv"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_PRINT, 0), "EC_KEY_print"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_PRINT_FP, 0), "EC_KEY_print_fp"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_PRIV2BUF, 0), "EC_KEY_priv2buf"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_PRIV2OCT, 0), "EC_KEY_priv2oct"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES, 0),
      "EC_KEY_set_public_key_affine_coordinates"},
-    {ERR_FUNC(EC_F_EC_POINTS_MAKE_AFFINE), "EC_POINTs_make_affine"},
-    {ERR_FUNC(EC_F_EC_POINT_ADD), "EC_POINT_add"},
-    {ERR_FUNC(EC_F_EC_POINT_CMP), "EC_POINT_cmp"},
-    {ERR_FUNC(EC_F_EC_POINT_COPY), "EC_POINT_copy"},
-    {ERR_FUNC(EC_F_EC_POINT_DBL), "EC_POINT_dbl"},
-    {ERR_FUNC(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_SIMPLE_CHECK_KEY, 0),
+     "ec_key_simple_check_key"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_SIMPLE_OCT2PRIV, 0),
+     "ec_key_simple_oct2priv"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_SIMPLE_PRIV2OCT, 0),
+     "ec_key_simple_priv2oct"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_PKEY_CHECK, 0), "ec_pkey_check"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_PKEY_PARAM_CHECK, 0), "ec_pkey_param_check"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINTS_MAKE_AFFINE, 0),
+     "EC_POINTs_make_affine"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINTS_MUL, 0), "EC_POINTs_mul"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_ADD, 0), "EC_POINT_add"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_BN2POINT, 0), "EC_POINT_bn2point"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_CMP, 0), "EC_POINT_cmp"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_COPY, 0), "EC_POINT_copy"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_DBL, 0), "EC_POINT_dbl"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_GET_AFFINE_COORDINATES, 0),
+     "EC_POINT_get_affine_coordinates"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, 0),
      "EC_POINT_get_affine_coordinates_GF2m"},
-    {ERR_FUNC(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, 0),
      "EC_POINT_get_affine_coordinates_GFp"},
-    {ERR_FUNC(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, 0),
      "EC_POINT_get_Jprojective_coordinates_GFp"},
-    {ERR_FUNC(EC_F_EC_POINT_INVERT), "EC_POINT_invert"},
-    {ERR_FUNC(EC_F_EC_POINT_IS_AT_INFINITY), "EC_POINT_is_at_infinity"},
-    {ERR_FUNC(EC_F_EC_POINT_IS_ON_CURVE), "EC_POINT_is_on_curve"},
-    {ERR_FUNC(EC_F_EC_POINT_MAKE_AFFINE), "EC_POINT_make_affine"},
-    {ERR_FUNC(EC_F_EC_POINT_MUL), "EC_POINT_mul"},
-    {ERR_FUNC(EC_F_EC_POINT_NEW), "EC_POINT_new"},
-    {ERR_FUNC(EC_F_EC_POINT_OCT2POINT), "EC_POINT_oct2point"},
-    {ERR_FUNC(EC_F_EC_POINT_POINT2OCT), "EC_POINT_point2oct"},
-    {ERR_FUNC(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_INVERT, 0), "EC_POINT_invert"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_IS_AT_INFINITY, 0),
+     "EC_POINT_is_at_infinity"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_IS_ON_CURVE, 0),
+     "EC_POINT_is_on_curve"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_MAKE_AFFINE, 0),
+     "EC_POINT_make_affine"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_NEW, 0), "EC_POINT_new"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_OCT2POINT, 0), "EC_POINT_oct2point"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_POINT2BUF, 0), "EC_POINT_point2buf"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_POINT2OCT, 0), "EC_POINT_point2oct"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_AFFINE_COORDINATES, 0),
+     "EC_POINT_set_affine_coordinates"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, 0),
      "EC_POINT_set_affine_coordinates_GF2m"},
-    {ERR_FUNC(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, 0),
      "EC_POINT_set_affine_coordinates_GFp"},
-    {ERR_FUNC(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_COMPRESSED_COORDINATES, 0),
+     "EC_POINT_set_compressed_coordinates"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, 0),
      "EC_POINT_set_compressed_coordinates_GF2m"},
-    {ERR_FUNC(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, 0),
      "EC_POINT_set_compressed_coordinates_GFp"},
-    {ERR_FUNC(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, 0),
      "EC_POINT_set_Jprojective_coordinates_GFp"},
-    {ERR_FUNC(EC_F_EC_POINT_SET_TO_INFINITY), "EC_POINT_set_to_infinity"},
-    {ERR_FUNC(EC_F_EC_PRE_COMP_DUP), "EC_PRE_COMP_DUP"},
-    {ERR_FUNC(EC_F_EC_PRE_COMP_NEW), "EC_PRE_COMP_NEW"},
-    {ERR_FUNC(EC_F_EC_WNAF_MUL), "ec_wNAF_mul"},
-    {ERR_FUNC(EC_F_EC_WNAF_PRECOMPUTE_MULT), "ec_wNAF_precompute_mult"},
-    {ERR_FUNC(EC_F_I2D_ECPARAMETERS), "i2d_ECParameters"},
-    {ERR_FUNC(EC_F_I2D_ECPKPARAMETERS), "i2d_ECPKParameters"},
-    {ERR_FUNC(EC_F_I2D_ECPRIVATEKEY), "i2d_ECPrivateKey"},
-    {ERR_FUNC(EC_F_I2O_ECPUBLICKEY), "i2o_ECPublicKey"},
-    {ERR_FUNC(EC_F_NISTP224_PRE_COMP_NEW), "NISTP224_PRE_COMP_NEW"},
-    {ERR_FUNC(EC_F_NISTP256_PRE_COMP_NEW), "NISTP256_PRE_COMP_NEW"},
-    {ERR_FUNC(EC_F_NISTP521_PRE_COMP_NEW), "NISTP521_PRE_COMP_NEW"},
-    {ERR_FUNC(EC_F_O2I_ECPUBLICKEY), "o2i_ECPublicKey"},
-    {ERR_FUNC(EC_F_OLD_EC_PRIV_DECODE), "OLD_EC_PRIV_DECODE"},
-    {ERR_FUNC(EC_F_PKEY_EC_CTRL), "PKEY_EC_CTRL"},
-    {ERR_FUNC(EC_F_PKEY_EC_CTRL_STR), "PKEY_EC_CTRL_STR"},
-    {ERR_FUNC(EC_F_PKEY_EC_DERIVE), "PKEY_EC_DERIVE"},
-    {ERR_FUNC(EC_F_PKEY_EC_KEYGEN), "PKEY_EC_KEYGEN"},
-    {ERR_FUNC(EC_F_PKEY_EC_PARAMGEN), "PKEY_EC_PARAMGEN"},
-    {ERR_FUNC(EC_F_PKEY_EC_SIGN), "PKEY_EC_SIGN"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_TO_INFINITY, 0),
+     "EC_POINT_set_to_infinity"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_PRE_COMP_NEW, 0), "ec_pre_comp_new"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_SCALAR_MUL_LADDER, 0),
+     "ec_scalar_mul_ladder"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_WNAF_MUL, 0), "ec_wNAF_mul"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_WNAF_PRECOMPUTE_MULT, 0),
+     "ec_wNAF_precompute_mult"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_I2D_ECPARAMETERS, 0), "i2d_ECParameters"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_I2D_ECPKPARAMETERS, 0), "i2d_ECPKParameters"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_I2D_ECPRIVATEKEY, 0), "i2d_ECPrivateKey"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_I2O_ECPUBLICKEY, 0), "i2o_ECPublicKey"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_NISTP224_PRE_COMP_NEW, 0),
+     "nistp224_pre_comp_new"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_NISTP256_PRE_COMP_NEW, 0),
+     "nistp256_pre_comp_new"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_NISTP521_PRE_COMP_NEW, 0),
+     "nistp521_pre_comp_new"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_O2I_ECPUBLICKEY, 0), "o2i_ECPublicKey"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_OLD_EC_PRIV_DECODE, 0), "old_ec_priv_decode"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_OSSL_ECDH_COMPUTE_KEY, 0),
+     "ossl_ecdh_compute_key"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_OSSL_ECDSA_SIGN_SIG, 0), "ossl_ecdsa_sign_sig"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_OSSL_ECDSA_VERIFY_SIG, 0),
+     "ossl_ecdsa_verify_sig"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_ECD_CTRL, 0), "pkey_ecd_ctrl"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_ECD_DIGESTSIGN, 0), "pkey_ecd_digestsign"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_ECD_DIGESTSIGN25519, 0),
+     "pkey_ecd_digestsign25519"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_ECD_DIGESTSIGN448, 0),
+     "pkey_ecd_digestsign448"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_ECX_DERIVE, 0), "pkey_ecx_derive"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_CTRL, 0), "pkey_ec_ctrl"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_CTRL_STR, 0), "pkey_ec_ctrl_str"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_DERIVE, 0), "pkey_ec_derive"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_INIT, 0), "pkey_ec_init"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_KDF_DERIVE, 0), "pkey_ec_kdf_derive"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_KEYGEN, 0), "pkey_ec_keygen"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_PARAMGEN, 0), "pkey_ec_paramgen"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_SIGN, 0), "pkey_ec_sign"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_VALIDATE_ECX_DERIVE, 0), "validate_ecx_derive"},
     {0, NULL}
 };
 
-static ERR_STRING_DATA EC_str_reasons[] = {
-    {ERR_REASON(EC_R_ASN1_ERROR), "asn1 error"},
-    {ERR_REASON(EC_R_ASN1_UNKNOWN_FIELD), "asn1 unknown field"},
-    {ERR_REASON(EC_R_BIGNUM_OUT_OF_RANGE), "bignum out of range"},
-    {ERR_REASON(EC_R_BUFFER_TOO_SMALL), "buffer too small"},
-    {ERR_REASON(EC_R_COORDINATES_OUT_OF_RANGE), "coordinates out of range"},
-    {ERR_REASON(EC_R_D2I_ECPKPARAMETERS_FAILURE),
-     "d2i ecpkparameters failure"},
-    {ERR_REASON(EC_R_DECODE_ERROR), "decode error"},
-    {ERR_REASON(EC_R_DISCRIMINANT_IS_ZERO), "discriminant is zero"},
-    {ERR_REASON(EC_R_EC_GROUP_NEW_BY_NAME_FAILURE),
-     "ec group new by name failure"},
-    {ERR_REASON(EC_R_FIELD_TOO_LARGE), "field too large"},
-    {ERR_REASON(EC_R_GF2M_NOT_SUPPORTED), "gf2m not supported"},
-    {ERR_REASON(EC_R_GROUP2PKPARAMETERS_FAILURE),
-     "group2pkparameters failure"},
-    {ERR_REASON(EC_R_I2D_ECPKPARAMETERS_FAILURE),
-     "i2d ecpkparameters failure"},
-    {ERR_REASON(EC_R_INCOMPATIBLE_OBJECTS), "incompatible objects"},
-    {ERR_REASON(EC_R_INVALID_ARGUMENT), "invalid argument"},
-    {ERR_REASON(EC_R_INVALID_COMPRESSED_POINT), "invalid compressed point"},
-    {ERR_REASON(EC_R_INVALID_COMPRESSION_BIT), "invalid compression bit"},
-    {ERR_REASON(EC_R_INVALID_CURVE), "invalid curve"},
-    {ERR_REASON(EC_R_INVALID_DIGEST), "invalid digest"},
-    {ERR_REASON(EC_R_INVALID_DIGEST_TYPE), "invalid digest type"},
-    {ERR_REASON(EC_R_INVALID_ENCODING), "invalid encoding"},
-    {ERR_REASON(EC_R_INVALID_FIELD), "invalid field"},
-    {ERR_REASON(EC_R_INVALID_FORM), "invalid form"},
-    {ERR_REASON(EC_R_INVALID_GROUP_ORDER), "invalid group order"},
-    {ERR_REASON(EC_R_INVALID_PENTANOMIAL_BASIS), "invalid pentanomial basis"},
-    {ERR_REASON(EC_R_INVALID_PRIVATE_KEY), "invalid private key"},
-    {ERR_REASON(EC_R_INVALID_TRINOMIAL_BASIS), "invalid trinomial basis"},
-    {ERR_REASON(EC_R_KDF_PARAMETER_ERROR), "kdf parameter error"},
-    {ERR_REASON(EC_R_KEYS_NOT_SET), "keys not set"},
-    {ERR_REASON(EC_R_MISSING_PARAMETERS), "missing parameters"},
-    {ERR_REASON(EC_R_MISSING_PRIVATE_KEY), "missing private key"},
-    {ERR_REASON(EC_R_NOT_A_NIST_PRIME), "not a NIST prime"},
-    {ERR_REASON(EC_R_NOT_A_SUPPORTED_NIST_PRIME),
-     "not a supported NIST prime"},
-    {ERR_REASON(EC_R_NOT_IMPLEMENTED), "not implemented"},
-    {ERR_REASON(EC_R_NOT_INITIALIZED), "not initialized"},
-    {ERR_REASON(EC_R_NO_FIELD_MOD), "no field mod"},
-    {ERR_REASON(EC_R_NO_PARAMETERS_SET), "no parameters set"},
-    {ERR_REASON(EC_R_PASSED_NULL_PARAMETER), "passed null parameter"},
-    {ERR_REASON(EC_R_PEER_KEY_ERROR), "peer key error"},
-    {ERR_REASON(EC_R_PKPARAMETERS2GROUP_FAILURE),
-     "pkparameters2group failure"},
-    {ERR_REASON(EC_R_POINT_AT_INFINITY), "point at infinity"},
-    {ERR_REASON(EC_R_POINT_IS_NOT_ON_CURVE), "point is not on curve"},
-    {ERR_REASON(EC_R_SHARED_INFO_ERROR), "shared info error"},
-    {ERR_REASON(EC_R_SLOT_FULL), "slot full"},
-    {ERR_REASON(EC_R_UNDEFINED_GENERATOR), "undefined generator"},
-    {ERR_REASON(EC_R_UNDEFINED_ORDER), "undefined order"},
-    {ERR_REASON(EC_R_UNKNOWN_GROUP), "unknown group"},
-    {ERR_REASON(EC_R_UNKNOWN_ORDER), "unknown order"},
-    {ERR_REASON(EC_R_UNSUPPORTED_FIELD), "unsupported field"},
-    {ERR_REASON(EC_R_WRONG_CURVE_PARAMETERS), "wrong curve parameters"},
-    {ERR_REASON(EC_R_WRONG_ORDER), "wrong order"},
+static const ERR_STRING_DATA EC_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_ASN1_ERROR), "asn1 error"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_BAD_SIGNATURE), "bad signature"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_BIGNUM_OUT_OF_RANGE), "bignum out of range"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_BUFFER_TOO_SMALL), "buffer too small"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_COORDINATES_OUT_OF_RANGE),
+    "coordinates out of range"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH),
+    "curve does not support ecdh"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING),
+    "curve does not support signing"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_D2I_ECPKPARAMETERS_FAILURE),
+    "d2i ecpkparameters failure"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_DECODE_ERROR), "decode error"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_DISCRIMINANT_IS_ZERO),
+    "discriminant is zero"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_EC_GROUP_NEW_BY_NAME_FAILURE),
+    "ec group new by name failure"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_FIELD_TOO_LARGE), "field too large"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_GF2M_NOT_SUPPORTED), "gf2m not supported"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_GROUP2PKPARAMETERS_FAILURE),
+    "group2pkparameters failure"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_I2D_ECPKPARAMETERS_FAILURE),
+    "i2d ecpkparameters failure"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INCOMPATIBLE_OBJECTS),
+    "incompatible objects"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_ARGUMENT), "invalid argument"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_COMPRESSED_POINT),
+    "invalid compressed point"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_COMPRESSION_BIT),
+    "invalid compression bit"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_CURVE), "invalid curve"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_DIGEST), "invalid digest"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_DIGEST_TYPE), "invalid digest type"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_ENCODING), "invalid encoding"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_FIELD), "invalid field"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_FORM), "invalid form"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_GROUP_ORDER), "invalid group order"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_KEY), "invalid key"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_OUTPUT_LENGTH),
+    "invalid output length"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_PEER_KEY), "invalid peer key"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_PENTANOMIAL_BASIS),
+    "invalid pentanomial basis"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_PRIVATE_KEY), "invalid private key"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_TRINOMIAL_BASIS),
+    "invalid trinomial basis"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_KDF_PARAMETER_ERROR), "kdf parameter error"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_KEYS_NOT_SET), "keys not set"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_LADDER_POST_FAILURE), "ladder post failure"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_LADDER_PRE_FAILURE), "ladder pre failure"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_LADDER_STEP_FAILURE), "ladder step failure"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_MISSING_PARAMETERS), "missing parameters"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_MISSING_PRIVATE_KEY), "missing private key"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_NEED_NEW_SETUP_VALUES),
+    "need new setup values"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_NOT_A_NIST_PRIME), "not a NIST prime"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_NOT_IMPLEMENTED), "not implemented"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_NOT_INITIALIZED), "not initialized"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_NO_PARAMETERS_SET), "no parameters set"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_NO_PRIVATE_VALUE), "no private value"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_OPERATION_NOT_SUPPORTED),
+    "operation not supported"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_PASSED_NULL_PARAMETER),
+    "passed null parameter"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_PEER_KEY_ERROR), "peer key error"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_PKPARAMETERS2GROUP_FAILURE),
+    "pkparameters2group failure"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_POINT_ARITHMETIC_FAILURE),
+    "point arithmetic failure"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_POINT_AT_INFINITY), "point at infinity"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_POINT_COORDINATES_BLIND_FAILURE),
+    "point coordinates blind failure"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_POINT_IS_NOT_ON_CURVE),
+    "point is not on curve"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_RANDOM_NUMBER_GENERATION_FAILED),
+    "random number generation failed"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_SHARED_INFO_ERROR), "shared info error"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_SLOT_FULL), "slot full"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_UNDEFINED_GENERATOR), "undefined generator"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_UNDEFINED_ORDER), "undefined order"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_UNKNOWN_COFACTOR), "unknown cofactor"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_UNKNOWN_GROUP), "unknown group"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_UNKNOWN_ORDER), "unknown order"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_UNSUPPORTED_FIELD), "unsupported field"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_WRONG_CURVE_PARAMETERS),
+    "wrong curve parameters"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_WRONG_ORDER), "wrong order"},
     {0, NULL}
 };
 
 #endif
 
-void ERR_load_EC_strings(void)
+int ERR_load_EC_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
-
     if (ERR_func_error_string(EC_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, EC_str_functs);
-        ERR_load_strings(0, EC_str_reasons);
+        ERR_load_strings_const(EC_str_functs);
+        ERR_load_strings_const(EC_str_reasons);
     }
 #endif
+    return 1;
 }
diff --git a/freebsd/crypto/openssl/crypto/ec/ec_key.c b/freebsd/crypto/openssl/crypto/ec/ec_key.c
index 409bd163..f904c7df 100644
--- a/freebsd/crypto/openssl/crypto/ec/ec_key.c
+++ b/freebsd/crypto/openssl/crypto/ec/ec_key.c
@@ -1,95 +1,25 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/ec/ec_key.c */
 /*
- * Written by Nils Larsch for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
+ * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Portions originally developed by SUN MICROSYSTEMS, INC., and
- * contributed to the OpenSSL project.
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
+#include "internal/cryptlib.h"
 #include <string.h>
 #include "ec_lcl.h"
+#include "internal/refcount.h"
 #include <openssl/err.h>
-#ifdef OPENSSL_FIPS
-# include <openssl/fips.h>
-#endif
+#include <openssl/engine.h>
 
 EC_KEY *EC_KEY_new(void)
 {
-    EC_KEY *ret;
-
-    ret = (EC_KEY *)OPENSSL_malloc(sizeof(EC_KEY));
-    if (ret == NULL) {
-        ECerr(EC_F_EC_KEY_NEW, ERR_R_MALLOC_FAILURE);
-        return (NULL);
-    }
-
-    ret->version = 1;
-    ret->flags = 0;
-    ret->group = NULL;
-    ret->pub_key = NULL;
-    ret->priv_key = NULL;
-    ret->enc_flag = 0;
-    ret->conv_form = POINT_CONVERSION_UNCOMPRESSED;
-    ret->references = 1;
-    ret->method_data = NULL;
-    return (ret);
+    return EC_KEY_new_method(NULL);
 }
 
 EC_KEY *EC_KEY_new_by_curve_name(int nid)
@@ -102,6 +32,11 @@ EC_KEY *EC_KEY_new_by_curve_name(int nid)
         EC_KEY_free(ret);
         return NULL;
     }
+    if (ret->meth->set_group != NULL
+        && ret->meth->set_group(ret, ret->group) == 0) {
+        EC_KEY_free(ret);
+        return NULL;
+    }
     return ret;
 }
 
@@ -112,101 +47,115 @@ void EC_KEY_free(EC_KEY *r)
     if (r == NULL)
         return;
 
-    i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_EC);
-#ifdef REF_PRINT
-    REF_PRINT("EC_KEY", r);
-#endif
+    CRYPTO_DOWN_REF(&r->references, &i, r->lock);
+    REF_PRINT_COUNT("EC_KEY", r);
     if (i > 0)
         return;
-#ifdef REF_CHECK
-    if (i < 0) {
-        fprintf(stderr, "EC_KEY_free, bad reference count\n");
-        abort();
-    }
-#endif
+    REF_ASSERT_ISNT(i < 0);
 
-    if (r->group != NULL)
-        EC_GROUP_free(r->group);
-    if (r->pub_key != NULL)
-        EC_POINT_free(r->pub_key);
-    if (r->priv_key != NULL)
-        BN_clear_free(r->priv_key);
+    if (r->meth != NULL && r->meth->finish != NULL)
+        r->meth->finish(r);
+
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_finish(r->engine);
+#endif
 
-    EC_EX_DATA_free_all_data(&r->method_data);
+    if (r->group && r->group->meth->keyfinish)
+        r->group->meth->keyfinish(r);
 
-    OPENSSL_cleanse((void *)r, sizeof(EC_KEY));
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY, r, &r->ex_data);
+    CRYPTO_THREAD_lock_free(r->lock);
+    EC_GROUP_free(r->group);
+    EC_POINT_free(r->pub_key);
+    BN_clear_free(r->priv_key);
 
-    OPENSSL_free(r);
+    OPENSSL_clear_free((void *)r, sizeof(EC_KEY));
 }
 
 EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src)
 {
-    EC_EXTRA_DATA *d;
-
     if (dest == NULL || src == NULL) {
         ECerr(EC_F_EC_KEY_COPY, ERR_R_PASSED_NULL_PARAMETER);
         return NULL;
     }
+    if (src->meth != dest->meth) {
+        if (dest->meth->finish != NULL)
+            dest->meth->finish(dest);
+        if (dest->group && dest->group->meth->keyfinish)
+            dest->group->meth->keyfinish(dest);
+#ifndef OPENSSL_NO_ENGINE
+        if (ENGINE_finish(dest->engine) == 0)
+            return 0;
+        dest->engine = NULL;
+#endif
+    }
     /* copy the parameters */
-    if (src->group) {
+    if (src->group != NULL) {
         const EC_METHOD *meth = EC_GROUP_method_of(src->group);
         /* clear the old group */
-        if (dest->group)
-            EC_GROUP_free(dest->group);
+        EC_GROUP_free(dest->group);
         dest->group = EC_GROUP_new(meth);
         if (dest->group == NULL)
             return NULL;
         if (!EC_GROUP_copy(dest->group, src->group))
             return NULL;
-    }
-    /*  copy the public key */
-    if (src->pub_key && src->group) {
-        if (dest->pub_key)
+
+        /*  copy the public key */
+        if (src->pub_key != NULL) {
             EC_POINT_free(dest->pub_key);
-        dest->pub_key = EC_POINT_new(src->group);
-        if (dest->pub_key == NULL)
-            return NULL;
-        if (!EC_POINT_copy(dest->pub_key, src->pub_key))
-            return NULL;
-    }
-    /* copy the private key */
-    if (src->priv_key) {
-        if (dest->priv_key == NULL) {
-            dest->priv_key = BN_new();
-            if (dest->priv_key == NULL)
+            dest->pub_key = EC_POINT_new(src->group);
+            if (dest->pub_key == NULL)
+                return NULL;
+            if (!EC_POINT_copy(dest->pub_key, src->pub_key))
+                return NULL;
+        }
+        /* copy the private key */
+        if (src->priv_key != NULL) {
+            if (dest->priv_key == NULL) {
+                dest->priv_key = BN_new();
+                if (dest->priv_key == NULL)
+                    return NULL;
+            }
+            if (!BN_copy(dest->priv_key, src->priv_key))
+                return NULL;
+            if (src->group->meth->keycopy
+                && src->group->meth->keycopy(dest, src) == 0)
                 return NULL;
         }
-        if (!BN_copy(dest->priv_key, src->priv_key))
-            return NULL;
     }
-    /* copy method/extra data */
-    EC_EX_DATA_free_all_data(&dest->method_data);
-
-    for (d = src->method_data; d != NULL; d = d->next) {
-        void *t = d->dup_func(d->data);
 
-        if (t == NULL)
-            return 0;
-        if (!EC_EX_DATA_set_data
-            (&dest->method_data, t, d->dup_func, d->free_func,
-             d->clear_free_func))
-            return 0;
-    }
 
     /* copy the rest */
     dest->enc_flag = src->enc_flag;
     dest->conv_form = src->conv_form;
     dest->version = src->version;
     dest->flags = src->flags;
+    if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_EC_KEY,
+                            &dest->ex_data, &src->ex_data))
+        return NULL;
+
+    if (src->meth != dest->meth) {
+#ifndef OPENSSL_NO_ENGINE
+        if (src->engine != NULL && ENGINE_init(src->engine) == 0)
+            return NULL;
+        dest->engine = src->engine;
+#endif
+        dest->meth = src->meth;
+    }
+
+    if (src->meth->copy != NULL && src->meth->copy(dest, src) == 0)
+        return NULL;
 
     return dest;
 }
 
 EC_KEY *EC_KEY_dup(const EC_KEY *ec_key)
 {
-    EC_KEY *ret = EC_KEY_new();
+    EC_KEY *ret = EC_KEY_new_method(ec_key->engine);
+
     if (ret == NULL)
         return NULL;
+
     if (EC_KEY_copy(ret, ec_key) == NULL) {
         EC_KEY_free(ret);
         return NULL;
@@ -216,38 +165,46 @@ EC_KEY *EC_KEY_dup(const EC_KEY *ec_key)
 
 int EC_KEY_up_ref(EC_KEY *r)
 {
-    int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_EC);
-#ifdef REF_PRINT
-    REF_PRINT("EC_KEY", r);
-#endif
-#ifdef REF_CHECK
-    if (i < 2) {
-        fprintf(stderr, "EC_KEY_up, bad reference count\n");
-        abort();
-    }
-#endif
+    int i;
+
+    if (CRYPTO_UP_REF(&r->references, &i, r->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("EC_KEY", r);
+    REF_ASSERT_ISNT(i < 2);
     return ((i > 1) ? 1 : 0);
 }
 
-int EC_KEY_generate_key(EC_KEY *eckey)
+ENGINE *EC_KEY_get0_engine(const EC_KEY *eckey)
 {
-    int ok = 0;
-    BN_CTX *ctx = NULL;
-    BIGNUM *priv_key = NULL, *order = NULL;
-    EC_POINT *pub_key = NULL;
-
-#ifdef OPENSSL_FIPS
-    if (FIPS_mode())
-        return FIPS_ec_key_generate_key(eckey);
-#endif
+    return eckey->engine;
+}
 
-    if (!eckey || !eckey->group) {
+int EC_KEY_generate_key(EC_KEY *eckey)
+{
+    if (eckey == NULL || eckey->group == NULL) {
         ECerr(EC_F_EC_KEY_GENERATE_KEY, ERR_R_PASSED_NULL_PARAMETER);
         return 0;
     }
+    if (eckey->meth->keygen != NULL)
+        return eckey->meth->keygen(eckey);
+    ECerr(EC_F_EC_KEY_GENERATE_KEY, EC_R_OPERATION_NOT_SUPPORTED);
+    return 0;
+}
+
+int ossl_ec_key_gen(EC_KEY *eckey)
+{
+    return eckey->group->meth->keygen(eckey);
+}
+
+int ec_key_simple_generate_key(EC_KEY *eckey)
+{
+    int ok = 0;
+    BN_CTX *ctx = NULL;
+    BIGNUM *priv_key = NULL;
+    const BIGNUM *order = NULL;
+    EC_POINT *pub_key = NULL;
 
-    if ((order = BN_new()) == NULL)
-        goto err;
     if ((ctx = BN_CTX_new()) == NULL)
         goto err;
 
@@ -258,11 +215,12 @@ int EC_KEY_generate_key(EC_KEY *eckey)
     } else
         priv_key = eckey->priv_key;
 
-    if (!EC_GROUP_get_order(eckey->group, order, ctx))
+    order = EC_GROUP_get0_order(eckey->group);
+    if (order == NULL)
         goto err;
 
     do
-        if (!BN_rand_range(priv_key, order))
+        if (!BN_priv_rand_range(priv_key, order))
             goto err;
     while (BN_is_zero(priv_key)) ;
 
@@ -282,31 +240,49 @@ int EC_KEY_generate_key(EC_KEY *eckey)
     ok = 1;
 
  err:
-    if (order)
-        BN_free(order);
-    if (pub_key != NULL && eckey->pub_key == NULL)
+    if (eckey->pub_key == NULL)
         EC_POINT_free(pub_key);
-    if (priv_key != NULL && eckey->priv_key == NULL)
+    if (eckey->priv_key != priv_key)
         BN_free(priv_key);
-    if (ctx != NULL)
-        BN_CTX_free(ctx);
-    return (ok);
+    BN_CTX_free(ctx);
+    return ok;
+}
+
+int ec_key_simple_generate_public_key(EC_KEY *eckey)
+{
+    return EC_POINT_mul(eckey->group, eckey->pub_key, eckey->priv_key, NULL,
+                        NULL, NULL);
 }
 
 int EC_KEY_check_key(const EC_KEY *eckey)
 {
+    if (eckey == NULL || eckey->group == NULL || eckey->pub_key == NULL) {
+        ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
+    if (eckey->group->meth->keycheck == NULL) {
+        ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+
+    return eckey->group->meth->keycheck(eckey);
+}
+
+int ec_key_simple_check_key(const EC_KEY *eckey)
+{
     int ok = 0;
     BN_CTX *ctx = NULL;
     const BIGNUM *order = NULL;
     EC_POINT *point = NULL;
 
-    if (!eckey || !eckey->group || !eckey->pub_key) {
-        ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER);
+    if (eckey == NULL || eckey->group == NULL || eckey->pub_key == NULL) {
+        ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER);
         return 0;
     }
 
     if (EC_POINT_is_at_infinity(eckey->group, eckey->pub_key)) {
-        ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_AT_INFINITY);
+        ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_POINT_AT_INFINITY);
         goto err;
     }
 
@@ -317,49 +293,47 @@ int EC_KEY_check_key(const EC_KEY *eckey)
 
     /* testing whether the pub_key is on the elliptic curve */
     if (EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx) <= 0) {
-        ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE);
+        ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE);
         goto err;
     }
     /* testing whether pub_key * order is the point at infinity */
-    order = &eckey->group->order;
+    order = eckey->group->order;
     if (BN_is_zero(order)) {
-        ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_INVALID_GROUP_ORDER);
+        ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_INVALID_GROUP_ORDER);
         goto err;
     }
     if (!EC_POINT_mul(eckey->group, point, NULL, eckey->pub_key, order, ctx)) {
-        ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB);
+        ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, ERR_R_EC_LIB);
         goto err;
     }
     if (!EC_POINT_is_at_infinity(eckey->group, point)) {
-        ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_WRONG_ORDER);
+        ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_WRONG_ORDER);
         goto err;
     }
     /*
      * in case the priv_key is present : check if generator * priv_key ==
      * pub_key
      */
-    if (eckey->priv_key) {
+    if (eckey->priv_key != NULL) {
         if (BN_cmp(eckey->priv_key, order) >= 0) {
-            ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_WRONG_ORDER);
+            ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_WRONG_ORDER);
             goto err;
         }
         if (!EC_POINT_mul(eckey->group, point, eckey->priv_key,
                           NULL, NULL, ctx)) {
-            ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB);
+            ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, ERR_R_EC_LIB);
             goto err;
         }
         if (EC_POINT_cmp(eckey->group, point, eckey->pub_key, ctx) != 0) {
-            ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_INVALID_PRIVATE_KEY);
+            ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_INVALID_PRIVATE_KEY);
             goto err;
         }
     }
     ok = 1;
  err:
-    if (ctx != NULL)
-        BN_CTX_free(ctx);
-    if (point != NULL)
-        EC_POINT_free(point);
-    return (ok);
+    BN_CTX_free(ctx);
+    EC_POINT_free(point);
+    return ok;
 }
 
 int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x,
@@ -369,11 +343,8 @@ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x,
     BIGNUM *tx, *ty;
     EC_POINT *point = NULL;
     int ok = 0;
-#ifndef OPENSSL_NO_EC2M
-    int tmp_nid, is_char_two = 0;
-#endif
 
-    if (!key || !key->group || !x || !y) {
+    if (key == NULL || key->group == NULL || x == NULL || y == NULL) {
         ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
               ERR_R_PASSED_NULL_PARAMETER);
         return 0;
@@ -381,10 +352,11 @@ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x,
     ctx = BN_CTX_new();
     if (ctx == NULL)
         return 0;
+
     BN_CTX_start(ctx);
     point = EC_POINT_new(key->group);
 
-    if (!point)
+    if (point == NULL)
         goto err;
 
     tx = BN_CTX_get(ctx);
@@ -392,34 +364,18 @@ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x,
     if (ty == NULL)
         goto err;
 
-#ifndef OPENSSL_NO_EC2M
-    tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(key->group));
-
-    if (tmp_nid == NID_X9_62_characteristic_two_field)
-        is_char_two = 1;
+    if (!EC_POINT_set_affine_coordinates(key->group, point, x, y, ctx))
+        goto err;
+    if (!EC_POINT_get_affine_coordinates(key->group, point, tx, ty, ctx))
+        goto err;
 
-    if (is_char_two) {
-        if (!EC_POINT_set_affine_coordinates_GF2m(key->group, point,
-                                                  x, y, ctx))
-            goto err;
-        if (!EC_POINT_get_affine_coordinates_GF2m(key->group, point,
-                                                  tx, ty, ctx))
-            goto err;
-    } else
-#endif
-    {
-        if (!EC_POINT_set_affine_coordinates_GFp(key->group, point,
-                                                 x, y, ctx))
-            goto err;
-        if (!EC_POINT_get_affine_coordinates_GFp(key->group, point,
-                                                 tx, ty, ctx))
-            goto err;
-    }
     /*
-     * Check if retrieved coordinates match originals: if not values are out
-     * of range.
+     * Check if retrieved coordinates match originals and are less than field
+     * order: if not values are out of range.
      */
-    if (BN_cmp(x, tx) || BN_cmp(y, ty)) {
+    if (BN_cmp(x, tx) || BN_cmp(y, ty)
+        || (BN_cmp(x, key->group->field) >= 0)
+        || (BN_cmp(y, key->group->field) >= 0)) {
         ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
               EC_R_COORDINATES_OUT_OF_RANGE);
         goto err;
@@ -448,8 +404,9 @@ const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key)
 
 int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group)
 {
-    if (key->group != NULL)
-        EC_GROUP_free(key->group);
+    if (key->meth->set_group != NULL && key->meth->set_group(key, group) == 0)
+        return 0;
+    EC_GROUP_free(key->group);
     key->group = EC_GROUP_dup(group);
     return (key->group == NULL) ? 0 : 1;
 }
@@ -461,8 +418,15 @@ const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key)
 
 int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv_key)
 {
-    if (key->priv_key)
-        BN_clear_free(key->priv_key);
+    if (key->group == NULL || key->group->meth == NULL)
+        return 0;
+    if (key->group->meth->set_private != NULL
+        && key->group->meth->set_private(key, priv_key) == 0)
+        return 0;
+    if (key->meth->set_private != NULL
+        && key->meth->set_private(key, priv_key) == 0)
+        return 0;
+    BN_clear_free(key->priv_key);
     key->priv_key = BN_dup(priv_key);
     return (key->priv_key == NULL) ? 0 : 1;
 }
@@ -474,8 +438,10 @@ const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key)
 
 int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub_key)
 {
-    if (key->pub_key != NULL)
-        EC_POINT_free(key->pub_key);
+    if (key->meth->set_public != NULL
+        && key->meth->set_public(key, pub_key) == 0)
+        return 0;
+    EC_POINT_free(key->pub_key);
     key->pub_key = EC_POINT_dup(pub_key, key->group);
     return (key->pub_key == NULL) ? 0 : 1;
 }
@@ -502,41 +468,6 @@ void EC_KEY_set_conv_form(EC_KEY *key, point_conversion_form_t cform)
         EC_GROUP_set_point_conversion_form(key->group, cform);
 }
 
-void *EC_KEY_get_key_method_data(EC_KEY *key,
-                                 void *(*dup_func) (void *),
-                                 void (*free_func) (void *),
-                                 void (*clear_free_func) (void *))
-{
-    void *ret;
-
-    CRYPTO_r_lock(CRYPTO_LOCK_EC);
-    ret =
-        EC_EX_DATA_get_data(key->method_data, dup_func, free_func,
-                            clear_free_func);
-    CRYPTO_r_unlock(CRYPTO_LOCK_EC);
-
-    return ret;
-}
-
-void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data,
-                                    void *(*dup_func) (void *),
-                                    void (*free_func) (void *),
-                                    void (*clear_free_func) (void *))
-{
-    EC_EXTRA_DATA *ex_data;
-
-    CRYPTO_w_lock(CRYPTO_LOCK_EC);
-    ex_data =
-        EC_EX_DATA_get_data(key->method_data, dup_func, free_func,
-                            clear_free_func);
-    if (ex_data == NULL)
-        EC_EX_DATA_set_data(&key->method_data, data, dup_func, free_func,
-                            clear_free_func);
-    CRYPTO_w_unlock(CRYPTO_LOCK_EC);
-
-    return ex_data;
-}
-
 void EC_KEY_set_asn1_flag(EC_KEY *key, int flag)
 {
     if (key->group != NULL)
@@ -564,3 +495,126 @@ void EC_KEY_clear_flags(EC_KEY *key, int flags)
 {
     key->flags &= ~flags;
 }
+
+size_t EC_KEY_key2buf(const EC_KEY *key, point_conversion_form_t form,
+                        unsigned char **pbuf, BN_CTX *ctx)
+{
+    if (key == NULL || key->pub_key == NULL || key->group == NULL)
+        return 0;
+    return EC_POINT_point2buf(key->group, key->pub_key, form, pbuf, ctx);
+}
+
+int EC_KEY_oct2key(EC_KEY *key, const unsigned char *buf, size_t len,
+                   BN_CTX *ctx)
+{
+    if (key == NULL || key->group == NULL)
+        return 0;
+    if (key->pub_key == NULL)
+        key->pub_key = EC_POINT_new(key->group);
+    if (key->pub_key == NULL)
+        return 0;
+    if (EC_POINT_oct2point(key->group, key->pub_key, buf, len, ctx) == 0)
+        return 0;
+    /*
+     * Save the point conversion form.
+     * For non-custom curves the first octet of the buffer (excluding
+     * the last significant bit) contains the point conversion form.
+     * EC_POINT_oct2point() has already performed sanity checking of
+     * the buffer so we know it is valid.
+     */
+    if ((key->group->meth->flags & EC_FLAGS_CUSTOM_CURVE) == 0)
+        key->conv_form = (point_conversion_form_t)(buf[0] & ~0x01);
+    return 1;
+}
+
+size_t EC_KEY_priv2oct(const EC_KEY *eckey,
+                       unsigned char *buf, size_t len)
+{
+    if (eckey->group == NULL || eckey->group->meth == NULL)
+        return 0;
+    if (eckey->group->meth->priv2oct == NULL) {
+        ECerr(EC_F_EC_KEY_PRIV2OCT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+
+    return eckey->group->meth->priv2oct(eckey, buf, len);
+}
+
+size_t ec_key_simple_priv2oct(const EC_KEY *eckey,
+                              unsigned char *buf, size_t len)
+{
+    size_t buf_len;
+
+    buf_len = (EC_GROUP_order_bits(eckey->group) + 7) / 8;
+    if (eckey->priv_key == NULL)
+        return 0;
+    if (buf == NULL)
+        return buf_len;
+    else if (len < buf_len)
+        return 0;
+
+    /* Octetstring may need leading zeros if BN is to short */
+
+    if (BN_bn2binpad(eckey->priv_key, buf, buf_len) == -1) {
+        ECerr(EC_F_EC_KEY_SIMPLE_PRIV2OCT, EC_R_BUFFER_TOO_SMALL);
+        return 0;
+    }
+
+    return buf_len;
+}
+
+int EC_KEY_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len)
+{
+    if (eckey->group == NULL || eckey->group->meth == NULL)
+        return 0;
+    if (eckey->group->meth->oct2priv == NULL) {
+        ECerr(EC_F_EC_KEY_OCT2PRIV, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    return eckey->group->meth->oct2priv(eckey, buf, len);
+}
+
+int ec_key_simple_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len)
+{
+    if (eckey->priv_key == NULL)
+        eckey->priv_key = BN_secure_new();
+    if (eckey->priv_key == NULL) {
+        ECerr(EC_F_EC_KEY_SIMPLE_OCT2PRIV, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    eckey->priv_key = BN_bin2bn(buf, len, eckey->priv_key);
+    if (eckey->priv_key == NULL) {
+        ECerr(EC_F_EC_KEY_SIMPLE_OCT2PRIV, ERR_R_BN_LIB);
+        return 0;
+    }
+    return 1;
+}
+
+size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf)
+{
+    size_t len;
+    unsigned char *buf;
+
+    len = EC_KEY_priv2oct(eckey, NULL, 0);
+    if (len == 0)
+        return 0;
+    if ((buf = OPENSSL_malloc(len)) == NULL) {
+        ECerr(EC_F_EC_KEY_PRIV2BUF, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    len = EC_KEY_priv2oct(eckey, buf, len);
+    if (len == 0) {
+        OPENSSL_free(buf);
+        return 0;
+    }
+    *pbuf = buf;
+    return len;
+}
+
+int EC_KEY_can_sign(const EC_KEY *eckey)
+{
+    if (eckey->group == NULL || eckey->group->meth == NULL
+        || (eckey->group->meth->flags & EC_FLAGS_NO_SIGN))
+        return 0;
+    return 1;
+}
diff --git a/freebsd/crypto/openssl/crypto/ec/ec_kmeth.c b/freebsd/crypto/openssl/crypto/ec/ec_kmeth.c
new file mode 100644
index 00000000..f1a8ad8b
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/ec/ec_kmeth.c
@@ -0,0 +1,319 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include <openssl/ec.h>
+#include <openssl/engine.h>
+#include <openssl/err.h>
+#include "ec_lcl.h"
+
+
+static const EC_KEY_METHOD openssl_ec_key_method = {
+    "OpenSSL EC_KEY method",
+    0,
+    0,0,0,0,0,0,
+    ossl_ec_key_gen,
+    ossl_ecdh_compute_key,
+    ossl_ecdsa_sign,
+    ossl_ecdsa_sign_setup,
+    ossl_ecdsa_sign_sig,
+    ossl_ecdsa_verify,
+    ossl_ecdsa_verify_sig
+};
+
+static const EC_KEY_METHOD *default_ec_key_meth = &openssl_ec_key_method;
+
+const EC_KEY_METHOD *EC_KEY_OpenSSL(void)
+{
+    return &openssl_ec_key_method;
+}
+
+const EC_KEY_METHOD *EC_KEY_get_default_method(void)
+{
+    return default_ec_key_meth;
+}
+
+void EC_KEY_set_default_method(const EC_KEY_METHOD *meth)
+{
+    if (meth == NULL)
+        default_ec_key_meth = &openssl_ec_key_method;
+    else
+        default_ec_key_meth = meth;
+}
+
+const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key)
+{
+    return key->meth;
+}
+
+int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth)
+{
+    void (*finish)(EC_KEY *key) = key->meth->finish;
+
+    if (finish != NULL)
+        finish(key);
+
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_finish(key->engine);
+    key->engine = NULL;
+#endif
+
+    key->meth = meth;
+    if (meth->init != NULL)
+        return meth->init(key);
+    return 1;
+}
+
+EC_KEY *EC_KEY_new_method(ENGINE *engine)
+{
+    EC_KEY *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ret->references = 1;
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+
+    ret->meth = EC_KEY_get_default_method();
+#ifndef OPENSSL_NO_ENGINE
+    if (engine != NULL) {
+        if (!ENGINE_init(engine)) {
+            ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_ENGINE_LIB);
+            goto err;
+        }
+        ret->engine = engine;
+    } else
+        ret->engine = ENGINE_get_default_EC();
+    if (ret->engine != NULL) {
+        ret->meth = ENGINE_get_EC(ret->engine);
+        if (ret->meth == NULL) {
+            ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_ENGINE_LIB);
+            goto err;
+        }
+    }
+#endif
+
+    ret->version = 1;
+    ret->conv_form = POINT_CONVERSION_UNCOMPRESSED;
+
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_EC_KEY, ret, &ret->ex_data)) {
+        goto err;
+    }
+
+    if (ret->meth->init != NULL && ret->meth->init(ret) == 0) {
+        ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_INIT_FAIL);
+        goto err;
+    }
+    return ret;
+
+ err:
+    EC_KEY_free(ret);
+    return NULL;
+}
+
+int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
+                     const EC_KEY *eckey,
+                     void *(*KDF) (const void *in, size_t inlen, void *out,
+                                   size_t *outlen))
+{
+    unsigned char *sec = NULL;
+    size_t seclen;
+    if (eckey->meth->compute_key == NULL) {
+        ECerr(EC_F_ECDH_COMPUTE_KEY, EC_R_OPERATION_NOT_SUPPORTED);
+        return 0;
+    }
+    if (outlen > INT_MAX) {
+        ECerr(EC_F_ECDH_COMPUTE_KEY, EC_R_INVALID_OUTPUT_LENGTH);
+        return 0;
+    }
+    if (!eckey->meth->compute_key(&sec, &seclen, pub_key, eckey))
+        return 0;
+    if (KDF != NULL) {
+        KDF(sec, seclen, out, &outlen);
+    } else {
+        if (outlen > seclen)
+            outlen = seclen;
+        memcpy(out, sec, outlen);
+    }
+    OPENSSL_clear_free(sec, seclen);
+    return outlen;
+}
+
+EC_KEY_METHOD *EC_KEY_METHOD_new(const EC_KEY_METHOD *meth)
+{
+    EC_KEY_METHOD *ret = OPENSSL_zalloc(sizeof(*meth));
+
+    if (ret == NULL)
+        return NULL;
+    if (meth != NULL)
+        *ret = *meth;
+    ret->flags |= EC_KEY_METHOD_DYNAMIC;
+    return ret;
+}
+
+void EC_KEY_METHOD_free(EC_KEY_METHOD *meth)
+{
+    if (meth->flags & EC_KEY_METHOD_DYNAMIC)
+        OPENSSL_free(meth);
+}
+
+void EC_KEY_METHOD_set_init(EC_KEY_METHOD *meth,
+                            int (*init)(EC_KEY *key),
+                            void (*finish)(EC_KEY *key),
+                            int (*copy)(EC_KEY *dest, const EC_KEY *src),
+                            int (*set_group)(EC_KEY *key, const EC_GROUP *grp),
+                            int (*set_private)(EC_KEY *key,
+                                               const BIGNUM *priv_key),
+                            int (*set_public)(EC_KEY *key,
+                                              const EC_POINT *pub_key))
+{
+    meth->init = init;
+    meth->finish = finish;
+    meth->copy = copy;
+    meth->set_group = set_group;
+    meth->set_private = set_private;
+    meth->set_public = set_public;
+}
+
+void EC_KEY_METHOD_set_keygen(EC_KEY_METHOD *meth,
+                              int (*keygen)(EC_KEY *key))
+{
+    meth->keygen = keygen;
+}
+
+void EC_KEY_METHOD_set_compute_key(EC_KEY_METHOD *meth,
+                                   int (*ckey)(unsigned char **psec,
+                                               size_t *pseclen,
+                                               const EC_POINT *pub_key,
+                                               const EC_KEY *ecdh))
+{
+    meth->compute_key = ckey;
+}
+
+void EC_KEY_METHOD_set_sign(EC_KEY_METHOD *meth,
+                            int (*sign)(int type, const unsigned char *dgst,
+                                        int dlen, unsigned char *sig,
+                                        unsigned int *siglen,
+                                        const BIGNUM *kinv, const BIGNUM *r,
+                                        EC_KEY *eckey),
+                            int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in,
+                                              BIGNUM **kinvp, BIGNUM **rp),
+                            ECDSA_SIG *(*sign_sig)(const unsigned char *dgst,
+                                                   int dgst_len,
+                                                   const BIGNUM *in_kinv,
+                                                   const BIGNUM *in_r,
+                                                   EC_KEY *eckey))
+{
+    meth->sign = sign;
+    meth->sign_setup = sign_setup;
+    meth->sign_sig = sign_sig;
+}
+
+void EC_KEY_METHOD_set_verify(EC_KEY_METHOD *meth,
+                              int (*verify)(int type, const unsigned
+                                            char *dgst, int dgst_len,
+                                            const unsigned char *sigbuf,
+                                            int sig_len, EC_KEY *eckey),
+                              int (*verify_sig)(const unsigned char *dgst,
+                                                int dgst_len,
+                                                const ECDSA_SIG *sig,
+                                                EC_KEY *eckey))
+{
+    meth->verify = verify;
+    meth->verify_sig = verify_sig;
+}
+
+void EC_KEY_METHOD_get_init(const EC_KEY_METHOD *meth,
+                            int (**pinit)(EC_KEY *key),
+                            void (**pfinish)(EC_KEY *key),
+                            int (**pcopy)(EC_KEY *dest, const EC_KEY *src),
+                            int (**pset_group)(EC_KEY *key,
+                                               const EC_GROUP *grp),
+                            int (**pset_private)(EC_KEY *key,
+                                                 const BIGNUM *priv_key),
+                            int (**pset_public)(EC_KEY *key,
+                                                const EC_POINT *pub_key))
+{
+    if (pinit != NULL)
+        *pinit = meth->init;
+    if (pfinish != NULL)
+        *pfinish = meth->finish;
+    if (pcopy != NULL)
+        *pcopy = meth->copy;
+    if (pset_group != NULL)
+        *pset_group = meth->set_group;
+    if (pset_private != NULL)
+        *pset_private = meth->set_private;
+    if (pset_public != NULL)
+        *pset_public = meth->set_public;
+}
+
+void EC_KEY_METHOD_get_keygen(const EC_KEY_METHOD *meth,
+                              int (**pkeygen)(EC_KEY *key))
+{
+    if (pkeygen != NULL)
+        *pkeygen = meth->keygen;
+}
+
+void EC_KEY_METHOD_get_compute_key(const EC_KEY_METHOD *meth,
+                                   int (**pck)(unsigned char **pout,
+                                               size_t *poutlen,
+                                               const EC_POINT *pub_key,
+                                               const EC_KEY *ecdh))
+{
+    if (pck != NULL)
+        *pck = meth->compute_key;
+}
+
+void EC_KEY_METHOD_get_sign(const EC_KEY_METHOD *meth,
+                            int (**psign)(int type, const unsigned char *dgst,
+                                          int dlen, unsigned char *sig,
+                                          unsigned int *siglen,
+                                          const BIGNUM *kinv, const BIGNUM *r,
+                                          EC_KEY *eckey),
+                            int (**psign_setup)(EC_KEY *eckey, BN_CTX *ctx_in,
+                                                BIGNUM **kinvp, BIGNUM **rp),
+                            ECDSA_SIG *(**psign_sig)(const unsigned char *dgst,
+                                                     int dgst_len,
+                                                     const BIGNUM *in_kinv,
+                                                     const BIGNUM *in_r,
+                                                     EC_KEY *eckey))
+{
+    if (psign != NULL)
+        *psign = meth->sign;
+    if (psign_setup != NULL)
+        *psign_setup = meth->sign_setup;
+    if (psign_sig != NULL)
+        *psign_sig = meth->sign_sig;
+}
+
+void EC_KEY_METHOD_get_verify(const EC_KEY_METHOD *meth,
+                              int (**pverify)(int type, const unsigned
+                                              char *dgst, int dgst_len,
+                                              const unsigned char *sigbuf,
+                                              int sig_len, EC_KEY *eckey),
+                              int (**pverify_sig)(const unsigned char *dgst,
+                                                  int dgst_len,
+                                                  const ECDSA_SIG *sig,
+                                                  EC_KEY *eckey))
+{
+    if (pverify != NULL)
+        *pverify = meth->verify;
+    if (pverify_sig != NULL)
+        *pverify_sig = meth->verify_sig;
+}
diff --git a/freebsd/crypto/openssl/crypto/ec/ec_lcl.h b/freebsd/crypto/openssl/crypto/ec/ec_lcl.h
index 969fd147..e055ddab 100644
--- a/freebsd/crypto/openssl/crypto/ec/ec_lcl.h
+++ b/freebsd/crypto/openssl/crypto/ec/ec_lcl.h
@@ -1,72 +1,11 @@
-/* crypto/ec/ec_lcl.h */
 /*
- * Originally written by Bodo Moeller for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2010 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * The elliptic curve binary polynomial software is originally written by
- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdlib.h>
@@ -74,6 +13,9 @@
 #include <openssl/obj_mac.h>
 #include <openssl/ec.h>
 #include <openssl/bn.h>
+#include "internal/refcount.h"
+#include "internal/ec_int.h"
+#include "curve448/curve448_lcl.h"
 
 #if defined(__SUNPRO_C)
 # if __SUNPRO_C >= 0x520
@@ -84,6 +26,12 @@
 /* Use default functions for poin2oct, oct2point and compressed coordinates */
 #define EC_FLAGS_DEFAULT_OCT    0x1
 
+/* Use custom formats for EC_GROUP, EC_POINT and EC_KEY */
+#define EC_FLAGS_CUSTOM_CURVE   0x2
+
+/* Curve does not support signing operations */
+#define EC_FLAGS_NO_SIGN        0x4
+
 /*
  * Structure details are not part of the exported interface, so all this may
  * change in future versions.
@@ -102,14 +50,14 @@ struct ec_method_st {
     void (*group_finish) (EC_GROUP *);
     void (*group_clear_finish) (EC_GROUP *);
     int (*group_copy) (EC_GROUP *, const EC_GROUP *);
-    /* used by EC_GROUP_set_curve_GFp, EC_GROUP_get_curve_GFp, */
-    /* EC_GROUP_set_curve_GF2m, and EC_GROUP_get_curve_GF2m: */
+    /* used by EC_GROUP_set_curve, EC_GROUP_get_curve: */
     int (*group_set_curve) (EC_GROUP *, const BIGNUM *p, const BIGNUM *a,
                             const BIGNUM *b, BN_CTX *);
     int (*group_get_curve) (const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b,
                             BN_CTX *);
     /* used by EC_GROUP_get_degree: */
     int (*group_get_degree) (const EC_GROUP *);
+    int (*group_order_bits) (const EC_GROUP *);
     /* used by EC_GROUP_check: */
     int (*group_check_discriminant) (const EC_GROUP *, BN_CTX *);
     /*
@@ -124,9 +72,9 @@ struct ec_method_st {
      * used by EC_POINT_set_to_infinity,
      * EC_POINT_set_Jprojective_coordinates_GFp,
      * EC_POINT_get_Jprojective_coordinates_GFp,
-     * EC_POINT_set_affine_coordinates_GFp,     ..._GF2m,
-     * EC_POINT_get_affine_coordinates_GFp,     ..._GF2m,
-     * EC_POINT_set_compressed_coordinates_GFp, ..._GF2m:
+     * EC_POINT_set_affine_coordinates,
+     * EC_POINT_get_affine_coordinates,
+     * EC_POINT_set_compressed_coordinates:
      */
     int (*point_set_to_infinity) (const EC_GROUP *, EC_POINT *);
     int (*point_set_Jprojective_coordinates_GFp) (const EC_GROUP *,
@@ -172,6 +120,23 @@ struct ec_method_st {
      * EC_POINT_have_precompute_mult (default implementations are used if the
      * 'mul' pointer is 0):
      */
+    /*-
+     * mul() calculates the value
+     *
+     *   r := generator * scalar
+     *        + points[0] * scalars[0]
+     *        + ...
+     *        + points[num-1] * scalars[num-1].
+     *
+     * For a fixed point multiplication (scalar != NULL, num == 0)
+     * or a variable point multiplication (scalar == NULL, num == 1),
+     * mul() must use a constant time algorithm: in both cases callers
+     * should provide an input scalar (either scalar or scalars[0])
+     * in the range [0, ec_group_order); for robustness, implementers
+     * should handle the case when the scalar has not been reduced, but
+     * may treat it as an unusual input, without any constant-timeness
+     * guarantee.
+     */
     int (*mul) (const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
                 size_t num, const EC_POINT *points[], const BIGNUM *scalars[],
                 BN_CTX *);
@@ -196,34 +161,52 @@ struct ec_method_st {
     int (*field_decode) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
                          BN_CTX *);
     int (*field_set_to_one) (const EC_GROUP *, BIGNUM *r, BN_CTX *);
-} /* EC_METHOD */ ;
+    /* private key operations */
+    size_t (*priv2oct)(const EC_KEY *eckey, unsigned char *buf, size_t len);
+    int (*oct2priv)(EC_KEY *eckey, const unsigned char *buf, size_t len);
+    int (*set_private)(EC_KEY *eckey, const BIGNUM *priv_key);
+    int (*keygen)(EC_KEY *eckey);
+    int (*keycheck)(const EC_KEY *eckey);
+    int (*keygenpub)(EC_KEY *eckey);
+    int (*keycopy)(EC_KEY *dst, const EC_KEY *src);
+    void (*keyfinish)(EC_KEY *eckey);
+    /* custom ECDH operation */
+    int (*ecdh_compute_key)(unsigned char **pout, size_t *poutlen,
+                            const EC_POINT *pub_key, const EC_KEY *ecdh);
+    /* Inverse modulo order */
+    int (*field_inverse_mod_ord)(const EC_GROUP *, BIGNUM *r,
+                                 const BIGNUM *x, BN_CTX *);
+    int (*blind_coordinates)(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx);
+    int (*ladder_pre)(const EC_GROUP *group,
+                      EC_POINT *r, EC_POINT *s,
+                      EC_POINT *p, BN_CTX *ctx);
+    int (*ladder_step)(const EC_GROUP *group,
+                       EC_POINT *r, EC_POINT *s,
+                       EC_POINT *p, BN_CTX *ctx);
+    int (*ladder_post)(const EC_GROUP *group,
+                       EC_POINT *r, EC_POINT *s,
+                       EC_POINT *p, BN_CTX *ctx);
+};
 
-typedef struct ec_extra_data_st {
-    struct ec_extra_data_st *next;
-    void *data;
-    void *(*dup_func) (void *);
-    void (*free_func) (void *);
-    void (*clear_free_func) (void *);
-} EC_EXTRA_DATA;                /* used in EC_GROUP */
+/*
+ * Types and functions to manipulate pre-computed values.
+ */
+typedef struct nistp224_pre_comp_st NISTP224_PRE_COMP;
+typedef struct nistp256_pre_comp_st NISTP256_PRE_COMP;
+typedef struct nistp521_pre_comp_st NISTP521_PRE_COMP;
+typedef struct nistz256_pre_comp_st NISTZ256_PRE_COMP;
+typedef struct ec_pre_comp_st EC_PRE_COMP;
 
 struct ec_group_st {
     const EC_METHOD *meth;
     EC_POINT *generator;        /* optional */
-    BIGNUM order, cofactor;
+    BIGNUM *order, *cofactor;
     int curve_name;             /* optional NID for named curve */
     int asn1_flag;              /* flag to control the asn1 encoding */
-    /*
-     * Kludge: upper bit of ans1_flag is used to denote structure
-     * version. Is set, then last field is present. This is done
-     * for interoperation with FIPS code.
-     */
-#define EC_GROUP_ASN1_FLAG_MASK 0x7fffffff
-#define EC_GROUP_VERSION(p) (p->asn1_flag&~EC_GROUP_ASN1_FLAG_MASK)
     point_conversion_form_t asn1_form;
     unsigned char *seed;        /* optional seed for parameters (appears in
                                  * ASN1) */
     size_t seed_len;
-    EC_EXTRA_DATA *extra_data;  /* linked list */
     /*
      * The following members are handled by the method functions, even if
      * they appear generic
@@ -233,7 +216,7 @@ struct ec_group_st {
      * curves over GF(2^m), this is the irreducible polynomial defining the
      * field.
      */
-    BIGNUM field;
+    BIGNUM *field;
     /*
      * Field specification for curves over GF(2^m). The irreducible f(t) is
      * then of the form: t^poly[0] + t^poly[1] + ... + t^poly[k] where m =
@@ -249,7 +232,7 @@ struct ec_group_st {
      * x^3 + a*x + b. For characteristic 2, the curve is defined by an
      * equation of the form y^2 + x*y = x^3 + a*x^2 + b.
      */
-    BIGNUM a, b;
+    BIGNUM *a, *b;
     /* enable optimized point arithmetics for special case */
     int a_is_minus3;
     /* method-specific (e.g., Montgomery structure) */
@@ -259,56 +242,89 @@ struct ec_group_st {
     /* method-specific */
     int (*field_mod_func) (BIGNUM *, const BIGNUM *, const BIGNUM *,
                            BN_CTX *);
-    BN_MONT_CTX *mont_data;     /* data for ECDSA inverse */
-} /* EC_GROUP */ ;
+    /* data for ECDSA inverse */
+    BN_MONT_CTX *mont_data;
+
+    /*
+     * Precomputed values for speed. The PCT_xxx names match the
+     * pre_comp.xxx union names; see the SETPRECOMP and HAVEPRECOMP
+     * macros, below.
+     */
+    enum {
+        PCT_none,
+        PCT_nistp224, PCT_nistp256, PCT_nistp521, PCT_nistz256,
+        PCT_ec
+    } pre_comp_type;
+    union {
+        NISTP224_PRE_COMP *nistp224;
+        NISTP256_PRE_COMP *nistp256;
+        NISTP521_PRE_COMP *nistp521;
+        NISTZ256_PRE_COMP *nistz256;
+        EC_PRE_COMP *ec;
+    } pre_comp;
+};
+
+#define SETPRECOMP(g, type, pre) \
+    g->pre_comp_type = PCT_##type, g->pre_comp.type = pre
+#define HAVEPRECOMP(g, type) \
+    g->pre_comp_type == PCT_##type && g->pre_comp.type != NULL
 
 struct ec_key_st {
+    const EC_KEY_METHOD *meth;
+    ENGINE *engine;
     int version;
     EC_GROUP *group;
     EC_POINT *pub_key;
     BIGNUM *priv_key;
     unsigned int enc_flag;
     point_conversion_form_t conv_form;
-    int references;
+    CRYPTO_REF_COUNT references;
     int flags;
-    EC_EXTRA_DATA *method_data;
-} /* EC_KEY */ ;
-
-/*
- * Basically a 'mixin' for extra data, but available for EC_GROUPs/EC_KEYs
- * only (with visibility limited to 'package' level for now). We use the
- * function pointers as index for retrieval; this obviates global
- * ex_data-style index tables.
- */
-int EC_EX_DATA_set_data(EC_EXTRA_DATA **, void *data,
-                        void *(*dup_func) (void *),
-                        void (*free_func) (void *),
-                        void (*clear_free_func) (void *));
-void *EC_EX_DATA_get_data(const EC_EXTRA_DATA *, void *(*dup_func) (void *),
-                          void (*free_func) (void *),
-                          void (*clear_free_func) (void *));
-void EC_EX_DATA_free_data(EC_EXTRA_DATA **, void *(*dup_func) (void *),
-                          void (*free_func) (void *),
-                          void (*clear_free_func) (void *));
-void EC_EX_DATA_clear_free_data(EC_EXTRA_DATA **, void *(*dup_func) (void *),
-                                void (*free_func) (void *),
-                                void (*clear_free_func) (void *));
-void EC_EX_DATA_free_all_data(EC_EXTRA_DATA **);
-void EC_EX_DATA_clear_free_all_data(EC_EXTRA_DATA **);
+    CRYPTO_EX_DATA ex_data;
+    CRYPTO_RWLOCK *lock;
+};
 
 struct ec_point_st {
     const EC_METHOD *meth;
+    /* NID for the curve if known */
+    int curve_name;
     /*
      * All members except 'meth' are handled by the method functions, even if
      * they appear generic
      */
-    BIGNUM X;
-    BIGNUM Y;
-    BIGNUM Z;                   /* Jacobian projective coordinates: (X, Y, Z)
-                                 * represents (X/Z^2, Y/Z^3) if Z != 0 */
+    BIGNUM *X;
+    BIGNUM *Y;
+    BIGNUM *Z;                  /* Jacobian projective coordinates: * (X, Y,
+                                 * Z) represents (X/Z^2, Y/Z^3) if Z != 0 */
     int Z_is_one;               /* enable optimized point arithmetics for
                                  * special case */
-} /* EC_POINT */ ;
+};
+
+static ossl_inline int ec_point_is_compat(const EC_POINT *point,
+                                          const EC_GROUP *group)
+{
+    if (group->meth != point->meth
+        || (group->curve_name != 0
+            && point->curve_name != 0
+            && group->curve_name != point->curve_name))
+        return 0;
+
+    return 1;
+}
+
+NISTP224_PRE_COMP *EC_nistp224_pre_comp_dup(NISTP224_PRE_COMP *);
+NISTP256_PRE_COMP *EC_nistp256_pre_comp_dup(NISTP256_PRE_COMP *);
+NISTP521_PRE_COMP *EC_nistp521_pre_comp_dup(NISTP521_PRE_COMP *);
+NISTZ256_PRE_COMP *EC_nistz256_pre_comp_dup(NISTZ256_PRE_COMP *);
+NISTP256_PRE_COMP *EC_nistp256_pre_comp_dup(NISTP256_PRE_COMP *);
+EC_PRE_COMP *EC_ec_pre_comp_dup(EC_PRE_COMP *);
+
+void EC_pre_comp_free(EC_GROUP *group);
+void EC_nistp224_pre_comp_free(NISTP224_PRE_COMP *);
+void EC_nistp256_pre_comp_free(NISTP256_PRE_COMP *);
+void EC_nistp521_pre_comp_free(NISTP521_PRE_COMP *);
+void EC_nistz256_pre_comp_free(NISTZ256_PRE_COMP *);
+void EC_ec_pre_comp_free(EC_PRE_COMP *);
 
 /*
  * method functions in ec_mult.c (ec_lib.c uses these as defaults if
@@ -374,6 +390,17 @@ int ec_GFp_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
                             const BIGNUM *b, BN_CTX *);
 int ec_GFp_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
                             BN_CTX *);
+int ec_GFp_simple_blind_coordinates(const EC_GROUP *group, EC_POINT *p,
+                                    BN_CTX *ctx);
+int ec_GFp_simple_ladder_pre(const EC_GROUP *group,
+                             EC_POINT *r, EC_POINT *s,
+                             EC_POINT *p, BN_CTX *ctx);
+int ec_GFp_simple_ladder_step(const EC_GROUP *group,
+                              EC_POINT *r, EC_POINT *s,
+                              EC_POINT *p, BN_CTX *ctx);
+int ec_GFp_simple_ladder_post(const EC_GROUP *group,
+                              EC_POINT *r, EC_POINT *s,
+                              EC_POINT *p, BN_CTX *ctx);
 
 /* method functions in ecp_mont.c */
 int ec_GFp_mont_group_init(EC_GROUP *);
@@ -451,14 +478,6 @@ int ec_GF2m_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
 int ec_GF2m_simple_field_div(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
                              const BIGNUM *b, BN_CTX *);
 
-/* method functions in ec2_mult.c */
-int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r,
-                       const BIGNUM *scalar, size_t num,
-                       const EC_POINT *points[], const BIGNUM *scalars[],
-                       BN_CTX *);
-int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
-int ec_GF2m_have_precompute_mult(const EC_GROUP *group);
-
 #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
 /* method functions in ecp_nistp224.c */
 int ec_GFp_nistp224_group_init(EC_GROUP *group);
@@ -549,7 +568,7 @@ void ec_GFp_nistp_points_make_affine_internal(size_t num, void *point_array,
 void ec_GFp_nistp_recode_scalar_bits(unsigned char *sign,
                                      unsigned char *digit, unsigned char in);
 #endif
-int ec_precompute_mont_data(EC_GROUP *);
+int ec_group_simple_order_bits(const EC_GROUP *group);
 
 #ifdef ECP_NISTZ256_ASM
 /** Returns GFp methods using montgomery multiplication, with x86-64 optimized
@@ -559,10 +578,150 @@ int ec_precompute_mont_data(EC_GROUP *);
 const EC_METHOD *EC_GFp_nistz256_method(void);
 #endif
 
-#ifdef OPENSSL_FIPS
-EC_GROUP *FIPS_ec_group_new_curve_gfp(const BIGNUM *p, const BIGNUM *a,
-                                      const BIGNUM *b, BN_CTX *ctx);
-EC_GROUP *FIPS_ec_group_new_curve_gf2m(const BIGNUM *p, const BIGNUM *a,
-                                       const BIGNUM *b, BN_CTX *ctx);
-EC_GROUP *FIPS_ec_group_new_by_curve_name(int nid);
-#endif
+size_t ec_key_simple_priv2oct(const EC_KEY *eckey,
+                              unsigned char *buf, size_t len);
+int ec_key_simple_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len);
+int ec_key_simple_generate_key(EC_KEY *eckey);
+int ec_key_simple_generate_public_key(EC_KEY *eckey);
+int ec_key_simple_check_key(const EC_KEY *eckey);
+
+/* EC_METHOD definitions */
+
+struct ec_key_method_st {
+    const char *name;
+    int32_t flags;
+    int (*init)(EC_KEY *key);
+    void (*finish)(EC_KEY *key);
+    int (*copy)(EC_KEY *dest, const EC_KEY *src);
+    int (*set_group)(EC_KEY *key, const EC_GROUP *grp);
+    int (*set_private)(EC_KEY *key, const BIGNUM *priv_key);
+    int (*set_public)(EC_KEY *key, const EC_POINT *pub_key);
+    int (*keygen)(EC_KEY *key);
+    int (*compute_key)(unsigned char **pout, size_t *poutlen,
+                       const EC_POINT *pub_key, const EC_KEY *ecdh);
+    int (*sign)(int type, const unsigned char *dgst, int dlen, unsigned char
+                *sig, unsigned int *siglen, const BIGNUM *kinv,
+                const BIGNUM *r, EC_KEY *eckey);
+    int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
+                      BIGNUM **rp);
+    ECDSA_SIG *(*sign_sig)(const unsigned char *dgst, int dgst_len,
+                           const BIGNUM *in_kinv, const BIGNUM *in_r,
+                           EC_KEY *eckey);
+
+    int (*verify)(int type, const unsigned char *dgst, int dgst_len,
+                  const unsigned char *sigbuf, int sig_len, EC_KEY *eckey);
+    int (*verify_sig)(const unsigned char *dgst, int dgst_len,
+                      const ECDSA_SIG *sig, EC_KEY *eckey);
+};
+
+#define EC_KEY_METHOD_DYNAMIC   1
+
+int ossl_ec_key_gen(EC_KEY *eckey);
+int ossl_ecdh_compute_key(unsigned char **pout, size_t *poutlen,
+                          const EC_POINT *pub_key, const EC_KEY *ecdh);
+int ecdh_simple_compute_key(unsigned char **pout, size_t *poutlen,
+                            const EC_POINT *pub_key, const EC_KEY *ecdh);
+
+struct ECDSA_SIG_st {
+    BIGNUM *r;
+    BIGNUM *s;
+};
+
+int ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
+                          BIGNUM **rp);
+int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen,
+                    unsigned char *sig, unsigned int *siglen,
+                    const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey);
+ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
+                               const BIGNUM *in_kinv, const BIGNUM *in_r,
+                               EC_KEY *eckey);
+int ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len,
+                      const unsigned char *sigbuf, int sig_len, EC_KEY *eckey);
+int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
+                          const ECDSA_SIG *sig, EC_KEY *eckey);
+
+int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len,
+                 const uint8_t public_key[32], const uint8_t private_key[32]);
+int ED25519_verify(const uint8_t *message, size_t message_len,
+                   const uint8_t signature[64], const uint8_t public_key[32]);
+void ED25519_public_from_private(uint8_t out_public_key[32],
+                                 const uint8_t private_key[32]);
+
+int X25519(uint8_t out_shared_key[32], const uint8_t private_key[32],
+           const uint8_t peer_public_value[32]);
+void X25519_public_from_private(uint8_t out_public_value[32],
+                                const uint8_t private_key[32]);
+
+/*-
+ * This functions computes a single point multiplication over the EC group,
+ * using, at a high level, a Montgomery ladder with conditional swaps, with
+ * various timing attack defenses.
+ *
+ * It performs either a fixed point multiplication
+ *          (scalar * generator)
+ * when point is NULL, or a variable point multiplication
+ *          (scalar * point)
+ * when point is not NULL.
+ *
+ * `scalar` cannot be NULL and should be in the range [0,n) otherwise all
+ * constant time bets are off (where n is the cardinality of the EC group).
+ *
+ * This function expects `group->order` and `group->cardinality` to be well
+ * defined and non-zero: it fails with an error code otherwise.
+ *
+ * NB: This says nothing about the constant-timeness of the ladder step
+ * implementation (i.e., the default implementation is based on EC_POINT_add and
+ * EC_POINT_dbl, which of course are not constant time themselves) or the
+ * underlying multiprecision arithmetic.
+ *
+ * The product is stored in `r`.
+ *
+ * This is an internal function: callers are in charge of ensuring that the
+ * input parameters `group`, `r`, `scalar` and `ctx` are not NULL.
+ *
+ * Returns 1 on success, 0 otherwise.
+ */
+int ec_scalar_mul_ladder(const EC_GROUP *group, EC_POINT *r,
+                         const BIGNUM *scalar, const EC_POINT *point,
+                         BN_CTX *ctx);
+
+int ec_point_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx);
+
+static ossl_inline int ec_point_ladder_pre(const EC_GROUP *group,
+                                           EC_POINT *r, EC_POINT *s,
+                                           EC_POINT *p, BN_CTX *ctx)
+{
+    if (group->meth->ladder_pre != NULL)
+        return group->meth->ladder_pre(group, r, s, p, ctx);
+
+    if (!EC_POINT_copy(s, p)
+        || !EC_POINT_dbl(group, r, s, ctx))
+        return 0;
+
+    return 1;
+}
+
+static ossl_inline int ec_point_ladder_step(const EC_GROUP *group,
+                                            EC_POINT *r, EC_POINT *s,
+                                            EC_POINT *p, BN_CTX *ctx)
+{
+    if (group->meth->ladder_step != NULL)
+        return group->meth->ladder_step(group, r, s, p, ctx);
+
+    if (!EC_POINT_add(group, s, r, s, ctx)
+        || !EC_POINT_dbl(group, r, r, ctx))
+        return 0;
+
+    return 1;
+
+}
+
+static ossl_inline int ec_point_ladder_post(const EC_GROUP *group,
+                                            EC_POINT *r, EC_POINT *s,
+                                            EC_POINT *p, BN_CTX *ctx)
+{
+    if (group->meth->ladder_post != NULL)
+        return group->meth->ladder_post(group, r, s, p, ctx);
+
+    return 1;
+}
diff --git a/freebsd/crypto/openssl/crypto/ec/ec_lib.c b/freebsd/crypto/openssl/crypto/ec/ec_lib.c
index e7756dc1..7f365de3 100644
--- a/freebsd/crypto/openssl/crypto/ec/ec_lib.c
+++ b/freebsd/crypto/openssl/crypto/ec/ec_lib.c
@@ -1,66 +1,13 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/ec/ec_lib.c */
 /*
- * Originally written by Bodo Moeller for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2018 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Binary polynomial ECC support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <string.h>
@@ -70,8 +17,6 @@
 
 #include "ec_lcl.h"
 
-const char EC_version[] = "EC" OPENSSL_VERSION_PTEXT;
-
 /* functions for EC_GROUP objects */
 
 EC_GROUP *EC_GROUP_new(const EC_METHOD *meth)
@@ -87,34 +32,65 @@ EC_GROUP *EC_GROUP_new(const EC_METHOD *meth)
         return NULL;
     }
 
-    ret = OPENSSL_malloc(sizeof(*ret));
+    ret = OPENSSL_zalloc(sizeof(*ret));
     if (ret == NULL) {
         ECerr(EC_F_EC_GROUP_NEW, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
 
     ret->meth = meth;
-
-    ret->extra_data = NULL;
-    ret->mont_data = NULL;
-
-    ret->generator = NULL;
-    BN_init(&ret->order);
-    BN_init(&ret->cofactor);
-
-    ret->curve_name = 0;
-    ret->asn1_flag = ~EC_GROUP_ASN1_FLAG_MASK;
+    if ((ret->meth->flags & EC_FLAGS_CUSTOM_CURVE) == 0) {
+        ret->order = BN_new();
+        if (ret->order == NULL)
+            goto err;
+        ret->cofactor = BN_new();
+        if (ret->cofactor == NULL)
+            goto err;
+    }
+    ret->asn1_flag = OPENSSL_EC_NAMED_CURVE;
     ret->asn1_form = POINT_CONVERSION_UNCOMPRESSED;
+    if (!meth->group_init(ret))
+        goto err;
+    return ret;
 
-    ret->seed = NULL;
-    ret->seed_len = 0;
+ err:
+    BN_free(ret->order);
+    BN_free(ret->cofactor);
+    OPENSSL_free(ret);
+    return NULL;
+}
 
-    if (!meth->group_init(ret)) {
-        OPENSSL_free(ret);
-        return NULL;
+void EC_pre_comp_free(EC_GROUP *group)
+{
+    switch (group->pre_comp_type) {
+    case PCT_none:
+        break;
+    case PCT_nistz256:
+#ifdef ECP_NISTZ256_ASM
+        EC_nistz256_pre_comp_free(group->pre_comp.nistz256);
+#endif
+        break;
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+    case PCT_nistp224:
+        EC_nistp224_pre_comp_free(group->pre_comp.nistp224);
+        break;
+    case PCT_nistp256:
+        EC_nistp256_pre_comp_free(group->pre_comp.nistp256);
+        break;
+    case PCT_nistp521:
+        EC_nistp521_pre_comp_free(group->pre_comp.nistp521);
+        break;
+#else
+    case PCT_nistp224:
+    case PCT_nistp256:
+    case PCT_nistp521:
+        break;
+#endif
+    case PCT_ec:
+        EC_ec_pre_comp_free(group->pre_comp.ec);
+        break;
     }
-
-    return ret;
+    group->pre_comp.ec = NULL;
 }
 
 void EC_GROUP_free(EC_GROUP *group)
@@ -125,19 +101,12 @@ void EC_GROUP_free(EC_GROUP *group)
     if (group->meth->group_finish != 0)
         group->meth->group_finish(group);
 
-    EC_EX_DATA_free_all_data(&group->extra_data);
-
-    if (EC_GROUP_VERSION(group) && group->mont_data)
-        BN_MONT_CTX_free(group->mont_data);
-
-    if (group->generator != NULL)
-        EC_POINT_free(group->generator);
-    BN_free(&group->order);
-    BN_free(&group->cofactor);
-
-    if (group->seed)
-        OPENSSL_free(group->seed);
-
+    EC_pre_comp_free(group);
+    BN_MONT_CTX_free(group->mont_data);
+    EC_POINT_free(group->generator);
+    BN_free(group->order);
+    BN_free(group->cofactor);
+    OPENSSL_free(group->seed);
     OPENSSL_free(group);
 }
 
@@ -151,29 +120,17 @@ void EC_GROUP_clear_free(EC_GROUP *group)
     else if (group->meth->group_finish != 0)
         group->meth->group_finish(group);
 
-    EC_EX_DATA_clear_free_all_data(&group->extra_data);
-
-    if (EC_GROUP_VERSION(group) && group->mont_data)
-        BN_MONT_CTX_free(group->mont_data);
-
-    if (group->generator != NULL)
-        EC_POINT_clear_free(group->generator);
-    BN_clear_free(&group->order);
-    BN_clear_free(&group->cofactor);
-
-    if (group->seed) {
-        OPENSSL_cleanse(group->seed, group->seed_len);
-        OPENSSL_free(group->seed);
-    }
-
-    OPENSSL_cleanse(group, sizeof(*group));
-    OPENSSL_free(group);
+    EC_pre_comp_free(group);
+    BN_MONT_CTX_free(group->mont_data);
+    EC_POINT_clear_free(group->generator);
+    BN_clear_free(group->order);
+    BN_clear_free(group->cofactor);
+    OPENSSL_clear_free(group->seed, group->seed_len);
+    OPENSSL_clear_free(group, sizeof(*group));
 }
 
 int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src)
 {
-    EC_EXTRA_DATA *d;
-
     if (dest->meth->group_copy == 0) {
         ECerr(EC_F_EC_GROUP_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
         return 0;
@@ -185,20 +142,41 @@ int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src)
     if (dest == src)
         return 1;
 
-    EC_EX_DATA_free_all_data(&dest->extra_data);
-
-    for (d = src->extra_data; d != NULL; d = d->next) {
-        void *t = d->dup_func(d->data);
+    dest->curve_name = src->curve_name;
 
-        if (t == NULL)
-            return 0;
-        if (!EC_EX_DATA_set_data
-            (&dest->extra_data, t, d->dup_func, d->free_func,
-             d->clear_free_func))
-            return 0;
+    /* Copy precomputed */
+    dest->pre_comp_type = src->pre_comp_type;
+    switch (src->pre_comp_type) {
+    case PCT_none:
+        dest->pre_comp.ec = NULL;
+        break;
+    case PCT_nistz256:
+#ifdef ECP_NISTZ256_ASM
+        dest->pre_comp.nistz256 = EC_nistz256_pre_comp_dup(src->pre_comp.nistz256);
+#endif
+        break;
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+    case PCT_nistp224:
+        dest->pre_comp.nistp224 = EC_nistp224_pre_comp_dup(src->pre_comp.nistp224);
+        break;
+    case PCT_nistp256:
+        dest->pre_comp.nistp256 = EC_nistp256_pre_comp_dup(src->pre_comp.nistp256);
+        break;
+    case PCT_nistp521:
+        dest->pre_comp.nistp521 = EC_nistp521_pre_comp_dup(src->pre_comp.nistp521);
+        break;
+#else
+    case PCT_nistp224:
+    case PCT_nistp256:
+    case PCT_nistp521:
+        break;
+#endif
+    case PCT_ec:
+        dest->pre_comp.ec = EC_ec_pre_comp_dup(src->pre_comp.ec);
+        break;
     }
 
-    if (EC_GROUP_VERSION(src) && src->mont_data != NULL) {
+    if (src->mont_data != NULL) {
         if (dest->mont_data == NULL) {
             dest->mont_data = BN_MONT_CTX_new();
             if (dest->mont_data == NULL)
@@ -208,10 +186,8 @@ int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src)
             return 0;
     } else {
         /* src->generator == NULL */
-        if (EC_GROUP_VERSION(dest) && dest->mont_data != NULL) {
-            BN_MONT_CTX_free(dest->mont_data);
-            dest->mont_data = NULL;
-        }
+        BN_MONT_CTX_free(dest->mont_data);
+        dest->mont_data = NULL;
     }
 
     if (src->generator != NULL) {
@@ -224,33 +200,31 @@ int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src)
             return 0;
     } else {
         /* src->generator == NULL */
-        if (dest->generator != NULL) {
-            EC_POINT_clear_free(dest->generator);
-            dest->generator = NULL;
-        }
+        EC_POINT_clear_free(dest->generator);
+        dest->generator = NULL;
     }
 
-    if (!BN_copy(&dest->order, &src->order))
-        return 0;
-    if (!BN_copy(&dest->cofactor, &src->cofactor))
-        return 0;
+    if ((src->meth->flags & EC_FLAGS_CUSTOM_CURVE) == 0) {
+        if (!BN_copy(dest->order, src->order))
+            return 0;
+        if (!BN_copy(dest->cofactor, src->cofactor))
+            return 0;
+    }
 
-    dest->curve_name = src->curve_name;
     dest->asn1_flag = src->asn1_flag;
     dest->asn1_form = src->asn1_form;
 
     if (src->seed) {
-        if (dest->seed)
-            OPENSSL_free(dest->seed);
-        dest->seed = OPENSSL_malloc(src->seed_len);
-        if (dest->seed == NULL)
+        OPENSSL_free(dest->seed);
+        if ((dest->seed = OPENSSL_malloc(src->seed_len)) == NULL) {
+            ECerr(EC_F_EC_GROUP_COPY, ERR_R_MALLOC_FAILURE);
             return 0;
+        }
         if (!memcpy(dest->seed, src->seed, src->seed_len))
             return 0;
         dest->seed_len = src->seed_len;
     } else {
-        if (dest->seed)
-            OPENSSL_free(dest->seed);
+        OPENSSL_free(dest->seed);
         dest->seed = NULL;
         dest->seed_len = 0;
     }
@@ -267,7 +241,7 @@ EC_GROUP *EC_GROUP_dup(const EC_GROUP *a)
         return NULL;
 
     if ((t = EC_GROUP_new(a->meth)) == NULL)
-        return (NULL);
+        return NULL;
     if (!EC_GROUP_copy(t, a))
         goto err;
 
@@ -275,10 +249,9 @@ EC_GROUP *EC_GROUP_dup(const EC_GROUP *a)
 
  err:
     if (!ok) {
-        if (t)
-            EC_GROUP_free(t);
+        EC_GROUP_free(t);
         return NULL;
-    } else
+    }
         return t;
 }
 
@@ -292,6 +265,8 @@ int EC_METHOD_get_field_type(const EC_METHOD *meth)
     return meth->field_type;
 }
 
+static int ec_precompute_mont_data(EC_GROUP *);
+
 int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,
                            const BIGNUM *order, const BIGNUM *cofactor)
 {
@@ -309,23 +284,23 @@ int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,
         return 0;
 
     if (order != NULL) {
-        if (!BN_copy(&group->order, order))
+        if (!BN_copy(group->order, order))
             return 0;
     } else
-        BN_zero(&group->order);
+        BN_zero(group->order);
 
     if (cofactor != NULL) {
-        if (!BN_copy(&group->cofactor, cofactor))
+        if (!BN_copy(group->cofactor, cofactor))
             return 0;
     } else
-        BN_zero(&group->cofactor);
+        BN_zero(group->cofactor);
 
     /*
      * Some groups have an order with
      * factors of two, which makes the Montgomery setup fail.
      * |group->mont_data| will be NULL in this case.
      */
-    if (BN_is_odd(&group->order)) {
+    if (BN_is_odd(group->order)) {
         return ec_precompute_mont_data(group);
     }
 
@@ -341,24 +316,44 @@ const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group)
 
 BN_MONT_CTX *EC_GROUP_get_mont_data(const EC_GROUP *group)
 {
-    return EC_GROUP_VERSION(group) ? group->mont_data : NULL;
+    return group->mont_data;
 }
 
 int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx)
 {
-    if (!BN_copy(order, &group->order))
+    if (group->order == NULL)
+        return 0;
+    if (!BN_copy(order, group->order))
         return 0;
 
     return !BN_is_zero(order);
 }
 
+const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group)
+{
+    return group->order;
+}
+
+int EC_GROUP_order_bits(const EC_GROUP *group)
+{
+    return group->meth->group_order_bits(group);
+}
+
 int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor,
                           BN_CTX *ctx)
 {
-    if (!BN_copy(cofactor, &group->cofactor))
+
+    if (group->cofactor == NULL)
+        return 0;
+    if (!BN_copy(cofactor, group->cofactor))
         return 0;
 
-    return !BN_is_zero(&group->cofactor);
+    return !BN_is_zero(group->cofactor);
+}
+
+const BIGNUM *EC_GROUP_get0_cofactor(const EC_GROUP *group)
+{
+    return group->cofactor;
 }
 
 void EC_GROUP_set_curve_name(EC_GROUP *group, int nid)
@@ -373,13 +368,12 @@ int EC_GROUP_get_curve_name(const EC_GROUP *group)
 
 void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag)
 {
-    group->asn1_flag &= ~EC_GROUP_ASN1_FLAG_MASK;
-    group->asn1_flag |= flag & EC_GROUP_ASN1_FLAG_MASK;
+    group->asn1_flag = flag;
 }
 
 int EC_GROUP_get_asn1_flag(const EC_GROUP *group)
 {
-    return group->asn1_flag & EC_GROUP_ASN1_FLAG_MASK;
+    return group->asn1_flag;
 }
 
 void EC_GROUP_set_point_conversion_form(EC_GROUP *group,
@@ -396,17 +390,17 @@ point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP
 
 size_t EC_GROUP_set_seed(EC_GROUP *group, const unsigned char *p, size_t len)
 {
-    if (group->seed) {
-        OPENSSL_free(group->seed);
-        group->seed = NULL;
-        group->seed_len = 0;
-    }
+    OPENSSL_free(group->seed);
+    group->seed = NULL;
+    group->seed_len = 0;
 
     if (!len || !p)
         return 1;
 
-    if ((group->seed = OPENSSL_malloc(len)) == NULL)
+    if ((group->seed = OPENSSL_malloc(len)) == NULL) {
+        ECerr(EC_F_EC_GROUP_SET_SEED, ERR_R_MALLOC_FAILURE);
         return 0;
+    }
     memcpy(group->seed, p, len);
     group->seed_len = len;
 
@@ -423,48 +417,52 @@ size_t EC_GROUP_get_seed_len(const EC_GROUP *group)
     return group->seed_len;
 }
 
-int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
-                           const BIGNUM *b, BN_CTX *ctx)
+int EC_GROUP_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
+                       const BIGNUM *b, BN_CTX *ctx)
 {
     if (group->meth->group_set_curve == 0) {
-        ECerr(EC_F_EC_GROUP_SET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        ECerr(EC_F_EC_GROUP_SET_CURVE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
         return 0;
     }
     return group->meth->group_set_curve(group, p, a, b, ctx);
 }
 
-int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a,
-                           BIGNUM *b, BN_CTX *ctx)
+int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b,
+                       BN_CTX *ctx)
 {
-    if (group->meth->group_get_curve == 0) {
-        ECerr(EC_F_EC_GROUP_GET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+    if (group->meth->group_get_curve == NULL) {
+        ECerr(EC_F_EC_GROUP_GET_CURVE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
         return 0;
     }
     return group->meth->group_get_curve(group, p, a, b, ctx);
 }
 
-#ifndef OPENSSL_NO_EC2M
+#if OPENSSL_API_COMPAT < 0x10200000L
+int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
+                           const BIGNUM *b, BN_CTX *ctx)
+{
+    return EC_GROUP_set_curve(group, p, a, b, ctx);
+}
+
+int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a,
+                           BIGNUM *b, BN_CTX *ctx)
+{
+    return EC_GROUP_get_curve(group, p, a, b, ctx);
+}
+
+# ifndef OPENSSL_NO_EC2M
 int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
                             const BIGNUM *b, BN_CTX *ctx)
 {
-    if (group->meth->group_set_curve == 0) {
-        ECerr(EC_F_EC_GROUP_SET_CURVE_GF2M,
-              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-        return 0;
-    }
-    return group->meth->group_set_curve(group, p, a, b, ctx);
+    return EC_GROUP_set_curve(group, p, a, b, ctx);
 }
 
 int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a,
                             BIGNUM *b, BN_CTX *ctx)
 {
-    if (group->meth->group_get_curve == 0) {
-        ECerr(EC_F_EC_GROUP_GET_CURVE_GF2M,
-              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-        return 0;
-    }
-    return group->meth->group_get_curve(group, p, a, b, ctx);
+    return EC_GROUP_get_curve(group, p, a, b, ctx);
 }
+# endif
 #endif
 
 int EC_GROUP_get_degree(const EC_GROUP *group)
@@ -500,10 +498,12 @@ int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx)
     if (EC_GROUP_get_curve_name(a) && EC_GROUP_get_curve_name(b) &&
         EC_GROUP_get_curve_name(a) != EC_GROUP_get_curve_name(b))
         return 1;
+    if (a->meth->flags & EC_FLAGS_CUSTOM_CURVE)
+        return 0;
 
-    if (!ctx)
+    if (ctx == NULL)
         ctx_new = ctx = BN_CTX_new();
-    if (!ctx)
+    if (ctx == NULL)
         return -1;
 
     BN_CTX_start(ctx);
@@ -513,10 +513,9 @@ int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx)
     b1 = BN_CTX_get(ctx);
     b2 = BN_CTX_get(ctx);
     b3 = BN_CTX_get(ctx);
-    if (!b3) {
+    if (b3 == NULL) {
         BN_CTX_end(ctx);
-        if (ctx_new)
-            BN_CTX_free(ctx);
+        BN_CTX_free(ctx_new);
         return -1;
     }
 
@@ -537,172 +536,27 @@ int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx)
         r = 1;
 
     if (!r) {
+        const BIGNUM *ao, *bo, *ac, *bc;
         /* compare the order and cofactor */
-        if (!EC_GROUP_get_order(a, a1, ctx) ||
-            !EC_GROUP_get_order(b, b1, ctx) ||
-            !EC_GROUP_get_cofactor(a, a2, ctx) ||
-            !EC_GROUP_get_cofactor(b, b2, ctx)) {
+        ao = EC_GROUP_get0_order(a);
+        bo = EC_GROUP_get0_order(b);
+        ac = EC_GROUP_get0_cofactor(a);
+        bc = EC_GROUP_get0_cofactor(b);
+        if (ao == NULL || bo == NULL) {
             BN_CTX_end(ctx);
-            if (ctx_new)
-                BN_CTX_free(ctx);
+            BN_CTX_free(ctx_new);
             return -1;
         }
-        if (BN_cmp(a1, b1) || BN_cmp(a2, b2))
+        if (BN_cmp(ao, bo) || BN_cmp(ac, bc))
             r = 1;
     }
 
     BN_CTX_end(ctx);
-    if (ctx_new)
-        BN_CTX_free(ctx);
+    BN_CTX_free(ctx_new);
 
     return r;
 }
 
-/* this has 'package' visibility */
-int EC_EX_DATA_set_data(EC_EXTRA_DATA **ex_data, void *data,
-                        void *(*dup_func) (void *),
-                        void (*free_func) (void *),
-                        void (*clear_free_func) (void *))
-{
-    EC_EXTRA_DATA *d;
-
-    if (ex_data == NULL)
-        return 0;
-
-    for (d = *ex_data; d != NULL; d = d->next) {
-        if (d->dup_func == dup_func && d->free_func == free_func
-            && d->clear_free_func == clear_free_func) {
-            ECerr(EC_F_EC_EX_DATA_SET_DATA, EC_R_SLOT_FULL);
-            return 0;
-        }
-    }
-
-    if (data == NULL)
-        /* no explicit entry needed */
-        return 1;
-
-    d = OPENSSL_malloc(sizeof(*d));
-    if (d == NULL)
-        return 0;
-
-    d->data = data;
-    d->dup_func = dup_func;
-    d->free_func = free_func;
-    d->clear_free_func = clear_free_func;
-
-    d->next = *ex_data;
-    *ex_data = d;
-
-    return 1;
-}
-
-/* this has 'package' visibility */
-void *EC_EX_DATA_get_data(const EC_EXTRA_DATA *ex_data,
-                          void *(*dup_func) (void *),
-                          void (*free_func) (void *),
-                          void (*clear_free_func) (void *))
-{
-    const EC_EXTRA_DATA *d;
-
-    for (d = ex_data; d != NULL; d = d->next) {
-        if (d->dup_func == dup_func && d->free_func == free_func
-            && d->clear_free_func == clear_free_func)
-            return d->data;
-    }
-
-    return NULL;
-}
-
-/* this has 'package' visibility */
-void EC_EX_DATA_free_data(EC_EXTRA_DATA **ex_data,
-                          void *(*dup_func) (void *),
-                          void (*free_func) (void *),
-                          void (*clear_free_func) (void *))
-{
-    EC_EXTRA_DATA **p;
-
-    if (ex_data == NULL)
-        return;
-
-    for (p = ex_data; *p != NULL; p = &((*p)->next)) {
-        if ((*p)->dup_func == dup_func && (*p)->free_func == free_func
-            && (*p)->clear_free_func == clear_free_func) {
-            EC_EXTRA_DATA *next = (*p)->next;
-
-            (*p)->free_func((*p)->data);
-            OPENSSL_free(*p);
-
-            *p = next;
-            return;
-        }
-    }
-}
-
-/* this has 'package' visibility */
-void EC_EX_DATA_clear_free_data(EC_EXTRA_DATA **ex_data,
-                                void *(*dup_func) (void *),
-                                void (*free_func) (void *),
-                                void (*clear_free_func) (void *))
-{
-    EC_EXTRA_DATA **p;
-
-    if (ex_data == NULL)
-        return;
-
-    for (p = ex_data; *p != NULL; p = &((*p)->next)) {
-        if ((*p)->dup_func == dup_func && (*p)->free_func == free_func
-            && (*p)->clear_free_func == clear_free_func) {
-            EC_EXTRA_DATA *next = (*p)->next;
-
-            (*p)->clear_free_func((*p)->data);
-            OPENSSL_free(*p);
-
-            *p = next;
-            return;
-        }
-    }
-}
-
-/* this has 'package' visibility */
-void EC_EX_DATA_free_all_data(EC_EXTRA_DATA **ex_data)
-{
-    EC_EXTRA_DATA *d;
-
-    if (ex_data == NULL)
-        return;
-
-    d = *ex_data;
-    while (d) {
-        EC_EXTRA_DATA *next = d->next;
-
-        d->free_func(d->data);
-        OPENSSL_free(d);
-
-        d = next;
-    }
-    *ex_data = NULL;
-}
-
-/* this has 'package' visibility */
-void EC_EX_DATA_clear_free_all_data(EC_EXTRA_DATA **ex_data)
-{
-    EC_EXTRA_DATA *d;
-
-    if (ex_data == NULL)
-        return;
-
-    d = *ex_data;
-    while (d) {
-        EC_EXTRA_DATA *next = d->next;
-
-        d->clear_free_func(d->data);
-        OPENSSL_free(d);
-
-        d = next;
-    }
-    *ex_data = NULL;
-}
-
 /* functions for EC_POINT objects */
 
 EC_POINT *EC_POINT_new(const EC_GROUP *group)
@@ -713,18 +567,19 @@ EC_POINT *EC_POINT_new(const EC_GROUP *group)
         ECerr(EC_F_EC_POINT_NEW, ERR_R_PASSED_NULL_PARAMETER);
         return NULL;
     }
-    if (group->meth->point_init == 0) {
+    if (group->meth->point_init == NULL) {
         ECerr(EC_F_EC_POINT_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
         return NULL;
     }
 
-    ret = OPENSSL_malloc(sizeof(*ret));
+    ret = OPENSSL_zalloc(sizeof(*ret));
     if (ret == NULL) {
         ECerr(EC_F_EC_POINT_NEW, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
 
     ret->meth = group->meth;
+    ret->curve_name = group->curve_name;
 
     if (!ret->meth->point_init(ret)) {
         OPENSSL_free(ret);
@@ -753,8 +608,7 @@ void EC_POINT_clear_free(EC_POINT *point)
         point->meth->point_clear_finish(point);
     else if (point->meth->point_finish != 0)
         point->meth->point_finish(point);
-    OPENSSL_cleanse(point, sizeof(*point));
-    OPENSSL_free(point);
+    OPENSSL_clear_free(point, sizeof(*point));
 }
 
 int EC_POINT_copy(EC_POINT *dest, const EC_POINT *src)
@@ -763,7 +617,10 @@ int EC_POINT_copy(EC_POINT *dest, const EC_POINT *src)
         ECerr(EC_F_EC_POINT_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
         return 0;
     }
-    if (dest->meth != src->meth) {
+    if (dest->meth != src->meth
+            || (dest->curve_name != src->curve_name
+                && dest->curve_name != 0
+                && src->curve_name != 0)) {
         ECerr(EC_F_EC_POINT_COPY, EC_R_INCOMPATIBLE_OBJECTS);
         return 0;
     }
@@ -782,13 +639,13 @@ EC_POINT *EC_POINT_dup(const EC_POINT *a, const EC_GROUP *group)
 
     t = EC_POINT_new(group);
     if (t == NULL)
-        return (NULL);
+        return NULL;
     r = EC_POINT_copy(t, a);
     if (!r) {
         EC_POINT_free(t);
         return NULL;
-    } else
-        return t;
+    }
+    return t;
 }
 
 const EC_METHOD *EC_POINT_method_of(const EC_POINT *point)
@@ -820,7 +677,7 @@ int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group,
               ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
         return 0;
     }
-    if (group->meth != point->meth) {
+    if (!ec_point_is_compat(point, group)) {
         ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP,
               EC_R_INCOMPATIBLE_OBJECTS);
         return 0;
@@ -839,7 +696,7 @@ int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
               ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
         return 0;
     }
-    if (group->meth != point->meth) {
+    if (!ec_point_is_compat(point, group)) {
         ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP,
               EC_R_INCOMPATIBLE_OBJECTS);
         return 0;
@@ -848,76 +705,83 @@ int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
                                                               y, z, ctx);
 }
 
-int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group,
-                                        EC_POINT *point, const BIGNUM *x,
-                                        const BIGNUM *y, BN_CTX *ctx)
+int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *point,
+                                    const BIGNUM *x, const BIGNUM *y,
+                                    BN_CTX *ctx)
 {
-    if (group->meth->point_set_affine_coordinates == 0) {
-        ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP,
+    if (group->meth->point_set_affine_coordinates == NULL) {
+        ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES,
               ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
         return 0;
     }
-    if (group->meth != point->meth) {
-        ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP,
-              EC_R_INCOMPATIBLE_OBJECTS);
+    if (!ec_point_is_compat(point, group)) {
+        ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    if (!group->meth->point_set_affine_coordinates(group, point, x, y, ctx))
+        return 0;
+
+    if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
+        ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES, EC_R_POINT_IS_NOT_ON_CURVE);
         return 0;
     }
-    return group->meth->point_set_affine_coordinates(group, point, x, y, ctx);
+    return 1;
 }
 
-#ifndef OPENSSL_NO_EC2M
+#if OPENSSL_API_COMPAT < 0x10200000L
+int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group,
+                                        EC_POINT *point, const BIGNUM *x,
+                                        const BIGNUM *y, BN_CTX *ctx)
+{
+    return EC_POINT_set_affine_coordinates(group, point, x, y, ctx);
+}
+
+# ifndef OPENSSL_NO_EC2M
 int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group,
                                          EC_POINT *point, const BIGNUM *x,
                                          const BIGNUM *y, BN_CTX *ctx)
 {
-    if (group->meth->point_set_affine_coordinates == 0) {
-        ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M,
+    return EC_POINT_set_affine_coordinates(group, point, x, y, ctx);
+}
+# endif
+#endif
+
+int EC_POINT_get_affine_coordinates(const EC_GROUP *group,
+                                    const EC_POINT *point, BIGNUM *x, BIGNUM *y,
+                                    BN_CTX *ctx)
+{
+    if (group->meth->point_get_affine_coordinates == NULL) {
+        ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES,
               ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
         return 0;
     }
-    if (group->meth != point->meth) {
-        ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M,
-              EC_R_INCOMPATIBLE_OBJECTS);
+    if (!ec_point_is_compat(point, group)) {
+        ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES, EC_R_INCOMPATIBLE_OBJECTS);
         return 0;
     }
-    return group->meth->point_set_affine_coordinates(group, point, x, y, ctx);
+    if (EC_POINT_is_at_infinity(group, point)) {
+        ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES, EC_R_POINT_AT_INFINITY);
+        return 0;
+    }
+    return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);
 }
-#endif
 
+#if OPENSSL_API_COMPAT < 0x10200000L
 int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
                                         const EC_POINT *point, BIGNUM *x,
                                         BIGNUM *y, BN_CTX *ctx)
 {
-    if (group->meth->point_get_affine_coordinates == 0) {
-        ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP,
-              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-        return 0;
-    }
-    if (group->meth != point->meth) {
-        ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP,
-              EC_R_INCOMPATIBLE_OBJECTS);
-        return 0;
-    }
-    return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);
+    return EC_POINT_get_affine_coordinates(group, point, x, y, ctx);
 }
 
-#ifndef OPENSSL_NO_EC2M
+# ifndef OPENSSL_NO_EC2M
 int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group,
                                          const EC_POINT *point, BIGNUM *x,
                                          BIGNUM *y, BN_CTX *ctx)
 {
-    if (group->meth->point_get_affine_coordinates == 0) {
-        ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M,
-              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-        return 0;
-    }
-    if (group->meth != point->meth) {
-        ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M,
-              EC_R_INCOMPATIBLE_OBJECTS);
-        return 0;
-    }
-    return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);
+    return EC_POINT_get_affine_coordinates(group, point, x, y, ctx);
 }
+# endif
 #endif
 
 int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
@@ -927,8 +791,8 @@ int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
         ECerr(EC_F_EC_POINT_ADD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
         return 0;
     }
-    if ((group->meth != r->meth) || (r->meth != a->meth)
-        || (a->meth != b->meth)) {
+    if (!ec_point_is_compat(r, group) || !ec_point_is_compat(a, group)
+        || !ec_point_is_compat(b, group)) {
         ECerr(EC_F_EC_POINT_ADD, EC_R_INCOMPATIBLE_OBJECTS);
         return 0;
     }
@@ -942,7 +806,7 @@ int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
         ECerr(EC_F_EC_POINT_DBL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
         return 0;
     }
-    if ((group->meth != r->meth) || (r->meth != a->meth)) {
+    if (!ec_point_is_compat(r, group) || !ec_point_is_compat(a, group)) {
         ECerr(EC_F_EC_POINT_DBL, EC_R_INCOMPATIBLE_OBJECTS);
         return 0;
     }
@@ -955,7 +819,7 @@ int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx)
         ECerr(EC_F_EC_POINT_INVERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
         return 0;
     }
-    if (group->meth != a->meth) {
+    if (!ec_point_is_compat(a, group)) {
         ECerr(EC_F_EC_POINT_INVERT, EC_R_INCOMPATIBLE_OBJECTS);
         return 0;
     }
@@ -969,7 +833,7 @@ int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
               ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
         return 0;
     }
-    if (group->meth != point->meth) {
+    if (!ec_point_is_compat(point, group)) {
         ECerr(EC_F_EC_POINT_IS_AT_INFINITY, EC_R_INCOMPATIBLE_OBJECTS);
         return 0;
     }
@@ -990,7 +854,7 @@ int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
         ECerr(EC_F_EC_POINT_IS_ON_CURVE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
         return 0;
     }
-    if (group->meth != point->meth) {
+    if (!ec_point_is_compat(point, group)) {
         ECerr(EC_F_EC_POINT_IS_ON_CURVE, EC_R_INCOMPATIBLE_OBJECTS);
         return 0;
     }
@@ -1004,7 +868,7 @@ int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b,
         ECerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
         return -1;
     }
-    if ((group->meth != a->meth) || (a->meth != b->meth)) {
+    if (!ec_point_is_compat(a, group) || !ec_point_is_compat(b, group)) {
         ECerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS);
         return -1;
     }
@@ -1017,7 +881,7 @@ int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
         ECerr(EC_F_EC_POINT_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
         return 0;
     }
-    if (group->meth != point->meth) {
+    if (!ec_point_is_compat(point, group)) {
         ECerr(EC_F_EC_POINT_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS);
         return 0;
     }
@@ -1034,7 +898,7 @@ int EC_POINTs_make_affine(const EC_GROUP *group, size_t num,
         return 0;
     }
     for (i = 0; i < num; i++) {
-        if (group->meth != points[i]->meth) {
+        if (!ec_point_is_compat(points[i], group)) {
             ECerr(EC_F_EC_POINTS_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS);
             return 0;
         }
@@ -1052,11 +916,38 @@ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
                   size_t num, const EC_POINT *points[],
                   const BIGNUM *scalars[], BN_CTX *ctx)
 {
-    if (group->meth->mul == 0)
+    int ret = 0;
+    size_t i = 0;
+    BN_CTX *new_ctx = NULL;
+
+    if ((scalar == NULL) && (num == 0)) {
+        return EC_POINT_set_to_infinity(group, r);
+    }
+
+    if (!ec_point_is_compat(r, group)) {
+        ECerr(EC_F_EC_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    for (i = 0; i < num; i++) {
+        if (!ec_point_is_compat(points[i], group)) {
+            ECerr(EC_F_EC_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS);
+            return 0;
+        }
+    }
+
+    if (ctx == NULL && (ctx = new_ctx = BN_CTX_secure_new()) == NULL) {
+        ECerr(EC_F_EC_POINTS_MUL, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    if (group->meth->mul != NULL)
+        ret = group->meth->mul(group, r, scalar, num, points, scalars, ctx);
+    else
         /* use default */
-        return ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx);
+        ret = ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx);
 
-    return group->meth->mul(group, r, scalar, num, points, scalars, ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
 }
 
 int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar,
@@ -1104,27 +995,22 @@ int EC_GROUP_have_precompute_mult(const EC_GROUP *group)
  * ec_precompute_mont_data sets |group->mont_data| from |group->order| and
  * returns one on success. On error it returns zero.
  */
-int ec_precompute_mont_data(EC_GROUP *group)
+static int ec_precompute_mont_data(EC_GROUP *group)
 {
     BN_CTX *ctx = BN_CTX_new();
     int ret = 0;
 
-    if (!EC_GROUP_VERSION(group))
-        goto err;
-
-    if (group->mont_data) {
-        BN_MONT_CTX_free(group->mont_data);
-        group->mont_data = NULL;
-    }
+    BN_MONT_CTX_free(group->mont_data);
+    group->mont_data = NULL;
 
     if (ctx == NULL)
         goto err;
 
     group->mont_data = BN_MONT_CTX_new();
-    if (!group->mont_data)
+    if (group->mont_data == NULL)
         goto err;
 
-    if (!BN_MONT_CTX_set(group->mont_data, &group->order, ctx)) {
+    if (!BN_MONT_CTX_set(group->mont_data, group->order, ctx)) {
         BN_MONT_CTX_free(group->mont_data);
         group->mont_data = NULL;
         goto err;
@@ -1134,7 +1020,104 @@ int ec_precompute_mont_data(EC_GROUP *group)
 
  err:
 
-    if (ctx)
-        BN_CTX_free(ctx);
+    BN_CTX_free(ctx);
     return ret;
 }
+
+int EC_KEY_set_ex_data(EC_KEY *key, int idx, void *arg)
+{
+    return CRYPTO_set_ex_data(&key->ex_data, idx, arg);
+}
+
+void *EC_KEY_get_ex_data(const EC_KEY *key, int idx)
+{
+    return CRYPTO_get_ex_data(&key->ex_data, idx);
+}
+
+int ec_group_simple_order_bits(const EC_GROUP *group)
+{
+    if (group->order == NULL)
+        return 0;
+    return BN_num_bits(group->order);
+}
+
+static int ec_field_inverse_mod_ord(const EC_GROUP *group, BIGNUM *r,
+                                    const BIGNUM *x, BN_CTX *ctx)
+{
+    BIGNUM *e = NULL;
+    BN_CTX *new_ctx = NULL;
+    int ret = 0;
+
+    if (group->mont_data == NULL)
+        return 0;
+
+    if (ctx == NULL && (ctx = new_ctx = BN_CTX_secure_new()) == NULL)
+        return 0;
+
+    BN_CTX_start(ctx);
+    if ((e = BN_CTX_get(ctx)) == NULL)
+        goto err;
+
+    /*-
+     * We want inverse in constant time, therefore we utilize the fact
+     * order must be prime and use Fermats Little Theorem instead.
+     */
+    if (!BN_set_word(e, 2))
+        goto err;
+    if (!BN_sub(e, group->order, e))
+        goto err;
+    /*-
+     * Exponent e is public.
+     * No need for scatter-gather or BN_FLG_CONSTTIME.
+     */
+    if (!BN_mod_exp_mont(r, x, e, group->order, ctx, group->mont_data))
+        goto err;
+
+    ret = 1;
+
+ err:
+    if (ctx != NULL)
+        BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+/*-
+ * Default behavior, if group->meth->field_inverse_mod_ord is NULL:
+ * - When group->order is even, this function returns an error.
+ * - When group->order is otherwise composite, the correctness
+ *   of the output is not guaranteed.
+ * - When x is outside the range [1, group->order), the correctness
+ *   of the output is not guaranteed.
+ * - Otherwise, this function returns the multiplicative inverse in the
+ *   range [1, group->order).
+ *
+ * EC_METHODs must implement their own field_inverse_mod_ord for
+ * other functionality.
+ */
+int ec_group_do_inverse_ord(const EC_GROUP *group, BIGNUM *res,
+                            const BIGNUM *x, BN_CTX *ctx)
+{
+    if (group->meth->field_inverse_mod_ord != NULL)
+        return group->meth->field_inverse_mod_ord(group, res, x, ctx);
+    else
+        return ec_field_inverse_mod_ord(group, res, x, ctx);
+}
+
+/*-
+ * Coordinate blinding for EC_POINT.
+ *
+ * The underlying EC_METHOD can optionally implement this function:
+ * underlying implementations should return 0 on errors, or 1 on
+ * success.
+ *
+ * This wrapper returns 1 in case the underlying EC_METHOD does not
+ * support coordinate blinding.
+ */
+int ec_point_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx)
+{
+    if (group->meth->blind_coordinates == NULL)
+        return 1; /* ignore if not implemented */
+
+    return group->meth->blind_coordinates(group, p, ctx);
+}
diff --git a/freebsd/crypto/openssl/crypto/ec/ec_mult.c b/freebsd/crypto/openssl/crypto/ec/ec_mult.c
index d37f6470..afdb9fc5 100644
--- a/freebsd/crypto/openssl/crypto/ec/ec_mult.c
+++ b/freebsd/crypto/openssl/crypto/ec/ec_mult.c
@@ -1,73 +1,22 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/ec/ec_mult.c */
 /*
- * Originally written by Bodo Moeller and Nils Larsch for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Portions of this software developed by SUN MICROSYSTEMS, INC.,
- * and contributed to the OpenSSL project.
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <string.h>
-
 #include <openssl/err.h>
 
+#include "internal/cryptlib.h"
+#include "internal/bn_int.h"
 #include "ec_lcl.h"
+#include "internal/refcount.h"
 
 /*
  * This file implements the wNAF-based interleaving multi-exponentiation method
@@ -81,7 +30,7 @@
  */
 
 /* structure for precomputed multiples of the generator */
-typedef struct ec_pre_comp_st {
+struct ec_pre_comp_st {
     const EC_GROUP *group;      /* parent EC_GROUP object */
     size_t blocksize;           /* block size for wNAF splitting */
     size_t numblocks;           /* max. number of blocks for which we have
@@ -91,13 +40,9 @@ typedef struct ec_pre_comp_st {
                                  * generator: 'num' pointers to EC_POINT
                                  * objects followed by a NULL */
     size_t num;                 /* numblocks * 2^(w-1) */
-    int references;
-} EC_PRE_COMP;
-
-/* functions to manage EC_PRE_COMP within the EC_GROUP extra_data framework */
-static void *ec_pre_comp_dup(void *);
-static void ec_pre_comp_free(void *);
-static void ec_pre_comp_clear_free(void *);
+    CRYPTO_REF_COUNT references;
+    CRYPTO_RWLOCK *lock;
+};
 
 static EC_PRE_COMP *ec_pre_comp_new(const EC_GROUP *group)
 {
@@ -106,212 +51,343 @@ static EC_PRE_COMP *ec_pre_comp_new(const EC_GROUP *group)
     if (!group)
         return NULL;
 
-    ret = (EC_PRE_COMP *)OPENSSL_malloc(sizeof(EC_PRE_COMP));
-    if (!ret) {
+    ret = OPENSSL_zalloc(sizeof(*ret));
+    if (ret == NULL) {
         ECerr(EC_F_EC_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
         return ret;
     }
+
     ret->group = group;
     ret->blocksize = 8;         /* default */
-    ret->numblocks = 0;
     ret->w = 4;                 /* default */
-    ret->points = NULL;
-    ret->num = 0;
     ret->references = 1;
+
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        ECerr(EC_F_EC_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
     return ret;
 }
 
-static void *ec_pre_comp_dup(void *src_)
+EC_PRE_COMP *EC_ec_pre_comp_dup(EC_PRE_COMP *pre)
 {
-    EC_PRE_COMP *src = src_;
-
-    /* no need to actually copy, these objects never change! */
-
-    CRYPTO_add(&src->references, 1, CRYPTO_LOCK_EC_PRE_COMP);
-
-    return src_;
+    int i;
+    if (pre != NULL)
+        CRYPTO_UP_REF(&pre->references, &i, pre->lock);
+    return pre;
 }
 
-static void ec_pre_comp_free(void *pre_)
+void EC_ec_pre_comp_free(EC_PRE_COMP *pre)
 {
     int i;
-    EC_PRE_COMP *pre = pre_;
 
-    if (!pre)
+    if (pre == NULL)
         return;
 
-    i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP);
+    CRYPTO_DOWN_REF(&pre->references, &i, pre->lock);
+    REF_PRINT_COUNT("EC_ec", pre);
     if (i > 0)
         return;
+    REF_ASSERT_ISNT(i < 0);
 
-    if (pre->points) {
-        EC_POINT **p;
+    if (pre->points != NULL) {
+        EC_POINT **pts;
 
-        for (p = pre->points; *p != NULL; p++)
-            EC_POINT_free(*p);
+        for (pts = pre->points; *pts != NULL; pts++)
+            EC_POINT_free(*pts);
         OPENSSL_free(pre->points);
     }
+    CRYPTO_THREAD_lock_free(pre->lock);
     OPENSSL_free(pre);
 }
 
-static void ec_pre_comp_clear_free(void *pre_)
+#define EC_POINT_BN_set_flags(P, flags) do { \
+    BN_set_flags((P)->X, (flags)); \
+    BN_set_flags((P)->Y, (flags)); \
+    BN_set_flags((P)->Z, (flags)); \
+} while(0)
+
+/*-
+ * This functions computes a single point multiplication over the EC group,
+ * using, at a high level, a Montgomery ladder with conditional swaps, with
+ * various timing attack defenses.
+ *
+ * It performs either a fixed point multiplication
+ *          (scalar * generator)
+ * when point is NULL, or a variable point multiplication
+ *          (scalar * point)
+ * when point is not NULL.
+ *
+ * `scalar` cannot be NULL and should be in the range [0,n) otherwise all
+ * constant time bets are off (where n is the cardinality of the EC group).
+ *
+ * This function expects `group->order` and `group->cardinality` to be well
+ * defined and non-zero: it fails with an error code otherwise.
+ *
+ * NB: This says nothing about the constant-timeness of the ladder step
+ * implementation (i.e., the default implementation is based on EC_POINT_add and
+ * EC_POINT_dbl, which of course are not constant time themselves) or the
+ * underlying multiprecision arithmetic.
+ *
+ * The product is stored in `r`.
+ *
+ * This is an internal function: callers are in charge of ensuring that the
+ * input parameters `group`, `r`, `scalar` and `ctx` are not NULL.
+ *
+ * Returns 1 on success, 0 otherwise.
+ */
+int ec_scalar_mul_ladder(const EC_GROUP *group, EC_POINT *r,
+                         const BIGNUM *scalar, const EC_POINT *point,
+                         BN_CTX *ctx)
 {
-    int i;
-    EC_PRE_COMP *pre = pre_;
+    int i, cardinality_bits, group_top, kbit, pbit, Z_is_one;
+    EC_POINT *p = NULL;
+    EC_POINT *s = NULL;
+    BIGNUM *k = NULL;
+    BIGNUM *lambda = NULL;
+    BIGNUM *cardinality = NULL;
+    int ret = 0;
 
-    if (!pre)
-        return;
+    /* early exit if the input point is the point at infinity */
+    if (point != NULL && EC_POINT_is_at_infinity(group, point))
+        return EC_POINT_set_to_infinity(group, r);
 
-    i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP);
-    if (i > 0)
-        return;
+    if (BN_is_zero(group->order)) {
+        ECerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_UNKNOWN_ORDER);
+        return 0;
+    }
+    if (BN_is_zero(group->cofactor)) {
+        ECerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_UNKNOWN_COFACTOR);
+        return 0;
+    }
 
-    if (pre->points) {
-        EC_POINT **p;
+    BN_CTX_start(ctx);
 
-        for (p = pre->points; *p != NULL; p++) {
-            EC_POINT_clear_free(*p);
-            OPENSSL_cleanse(p, sizeof(*p));
-        }
-        OPENSSL_free(pre->points);
+    if (((p = EC_POINT_new(group)) == NULL)
+        || ((s = EC_POINT_new(group)) == NULL)) {
+        ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_MALLOC_FAILURE);
+        goto err;
     }
-    OPENSSL_cleanse(pre, sizeof(*pre));
-    OPENSSL_free(pre);
-}
 
-/*-
- * Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'.
- * This is an array  r[]  of values that are either zero or odd with an
- * absolute value less than  2^w  satisfying
- *     scalar = \sum_j r[j]*2^j
- * where at most one of any  w+1  consecutive digits is non-zero
- * with the exception that the most significant digit may be only
- * w-1 zeros away from that next non-zero digit.
- */
-static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len)
-{
-    int window_val;
-    int ok = 0;
-    signed char *r = NULL;
-    int sign = 1;
-    int bit, next_bit, mask;
-    size_t len = 0, j;
-
-    if (BN_is_zero(scalar)) {
-        r = OPENSSL_malloc(1);
-        if (!r) {
-            ECerr(EC_F_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE);
+    if (point == NULL) {
+        if (!EC_POINT_copy(p, group->generator)) {
+            ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_EC_LIB);
+            goto err;
+        }
+    } else {
+        if (!EC_POINT_copy(p, point)) {
+            ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_EC_LIB);
             goto err;
         }
-        r[0] = 0;
-        *ret_len = 1;
-        return r;
     }
 
-    if (w <= 0 || w > 7) {      /* 'signed char' can represent integers with
-                                 * absolute values less than 2^7 */
-        ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+    EC_POINT_BN_set_flags(p, BN_FLG_CONSTTIME);
+    EC_POINT_BN_set_flags(r, BN_FLG_CONSTTIME);
+    EC_POINT_BN_set_flags(s, BN_FLG_CONSTTIME);
+
+    cardinality = BN_CTX_get(ctx);
+    lambda = BN_CTX_get(ctx);
+    k = BN_CTX_get(ctx);
+    if (k == NULL) {
+        ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_MALLOC_FAILURE);
         goto err;
     }
-    bit = 1 << w;               /* at most 128 */
-    next_bit = bit << 1;        /* at most 256 */
-    mask = next_bit - 1;        /* at most 255 */
 
-    if (BN_is_negative(scalar)) {
-        sign = -1;
+    if (!BN_mul(cardinality, group->order, group->cofactor, ctx)) {
+        ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB);
+        goto err;
     }
 
-    if (scalar->d == NULL || scalar->top == 0) {
-        ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+    /*
+     * Group cardinalities are often on a word boundary.
+     * So when we pad the scalar, some timing diff might
+     * pop if it needs to be expanded due to carries.
+     * So expand ahead of time.
+     */
+    cardinality_bits = BN_num_bits(cardinality);
+    group_top = bn_get_top(cardinality);
+    if ((bn_wexpand(k, group_top + 1) == NULL)
+        || (bn_wexpand(lambda, group_top + 1) == NULL)) {
+        ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB);
         goto err;
     }
 
-    len = BN_num_bits(scalar);
-    r = OPENSSL_malloc(len + 1); /* modified wNAF may be one digit longer
-                                  * than binary representation (*ret_len will
-                                  * be set to the actual length, i.e. at most
-                                  * BN_num_bits(scalar) + 1) */
-    if (r == NULL) {
-        ECerr(EC_F_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE);
+    if (!BN_copy(k, scalar)) {
+        ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB);
         goto err;
     }
-    window_val = scalar->d[0] & mask;
-    j = 0;
-    while ((window_val != 0) || (j + w + 1 < len)) { /* if j+w+1 >= len,
-                                                      * window_val will not
-                                                      * increase */
-        int digit = 0;
 
-        /* 0 <= window_val <= 2^(w+1) */
+    BN_set_flags(k, BN_FLG_CONSTTIME);
 
-        if (window_val & 1) {
-            /* 0 < window_val < 2^(w+1) */
-
-            if (window_val & bit) {
-                digit = window_val - next_bit; /* -2^w < digit < 0 */
+    if ((BN_num_bits(k) > cardinality_bits) || (BN_is_negative(k))) {
+        /*-
+         * this is an unusual input, and we don't guarantee
+         * constant-timeness
+         */
+        if (!BN_nnmod(k, k, cardinality, ctx)) {
+            ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB);
+            goto err;
+        }
+    }
 
-#if 1                           /* modified wNAF */
-                if (j + w + 1 >= len) {
-                    /*
-                     * special case for generating modified wNAFs: no new
-                     * bits will be added into window_val, so using a
-                     * positive digit here will decrease the total length of
-                     * the representation
-                     */
+    if (!BN_add(lambda, k, cardinality)) {
+        ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB);
+        goto err;
+    }
+    BN_set_flags(lambda, BN_FLG_CONSTTIME);
+    if (!BN_add(k, lambda, cardinality)) {
+        ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB);
+        goto err;
+    }
+    /*
+     * lambda := scalar + cardinality
+     * k := scalar + 2*cardinality
+     */
+    kbit = BN_is_bit_set(lambda, cardinality_bits);
+    BN_consttime_swap(kbit, k, lambda, group_top + 1);
+
+    group_top = bn_get_top(group->field);
+    if ((bn_wexpand(s->X, group_top) == NULL)
+        || (bn_wexpand(s->Y, group_top) == NULL)
+        || (bn_wexpand(s->Z, group_top) == NULL)
+        || (bn_wexpand(r->X, group_top) == NULL)
+        || (bn_wexpand(r->Y, group_top) == NULL)
+        || (bn_wexpand(r->Z, group_top) == NULL)
+        || (bn_wexpand(p->X, group_top) == NULL)
+        || (bn_wexpand(p->Y, group_top) == NULL)
+        || (bn_wexpand(p->Z, group_top) == NULL)) {
+        ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB);
+        goto err;
+    }
 
-                    digit = window_val & (mask >> 1); /* 0 < digit < 2^w */
-                }
-#endif
-            } else {
-                digit = window_val; /* 0 < digit < 2^w */
-            }
+    /*-
+     * Apply coordinate blinding for EC_POINT.
+     *
+     * The underlying EC_METHOD can optionally implement this function:
+     * ec_point_blind_coordinates() returns 0 in case of errors or 1 on
+     * success or if coordinate blinding is not implemented for this
+     * group.
+     */
+    if (!ec_point_blind_coordinates(group, p, ctx)) {
+        ECerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_POINT_COORDINATES_BLIND_FAILURE);
+        goto err;
+    }
 
-            if (digit <= -bit || digit >= bit || !(digit & 1)) {
-                ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
-                goto err;
-            }
+    /* Initialize the Montgomery ladder */
+    if (!ec_point_ladder_pre(group, r, s, p, ctx)) {
+        ECerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_LADDER_PRE_FAILURE);
+        goto err;
+    }
 
-            window_val -= digit;
+    /* top bit is a 1, in a fixed pos */
+    pbit = 1;
 
-            /*
-             * now window_val is 0 or 2^(w+1) in standard wNAF generation;
-             * for modified window NAFs, it may also be 2^w
-             */
-            if (window_val != 0 && window_val != next_bit
-                && window_val != bit) {
-                ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
-                goto err;
-            }
-        }
+#define EC_POINT_CSWAP(c, a, b, w, t) do {         \
+        BN_consttime_swap(c, (a)->X, (b)->X, w);   \
+        BN_consttime_swap(c, (a)->Y, (b)->Y, w);   \
+        BN_consttime_swap(c, (a)->Z, (b)->Z, w);   \
+        t = ((a)->Z_is_one ^ (b)->Z_is_one) & (c); \
+        (a)->Z_is_one ^= (t);                      \
+        (b)->Z_is_one ^= (t);                      \
+} while(0)
 
-        r[j++] = sign * digit;
+    /*-
+     * The ladder step, with branches, is
+     *
+     * k[i] == 0: S = add(R, S), R = dbl(R)
+     * k[i] == 1: R = add(S, R), S = dbl(S)
+     *
+     * Swapping R, S conditionally on k[i] leaves you with state
+     *
+     * k[i] == 0: T, U = R, S
+     * k[i] == 1: T, U = S, R
+     *
+     * Then perform the ECC ops.
+     *
+     * U = add(T, U)
+     * T = dbl(T)
+     *
+     * Which leaves you with state
+     *
+     * k[i] == 0: U = add(R, S), T = dbl(R)
+     * k[i] == 1: U = add(S, R), T = dbl(S)
+     *
+     * Swapping T, U conditionally on k[i] leaves you with state
+     *
+     * k[i] == 0: R, S = T, U
+     * k[i] == 1: R, S = U, T
+     *
+     * Which leaves you with state
+     *
+     * k[i] == 0: S = add(R, S), R = dbl(R)
+     * k[i] == 1: R = add(S, R), S = dbl(S)
+     *
+     * So we get the same logic, but instead of a branch it's a
+     * conditional swap, followed by ECC ops, then another conditional swap.
+     *
+     * Optimization: The end of iteration i and start of i-1 looks like
+     *
+     * ...
+     * CSWAP(k[i], R, S)
+     * ECC
+     * CSWAP(k[i], R, S)
+     * (next iteration)
+     * CSWAP(k[i-1], R, S)
+     * ECC
+     * CSWAP(k[i-1], R, S)
+     * ...
+     *
+     * So instead of two contiguous swaps, you can merge the condition
+     * bits and do a single swap.
+     *
+     * k[i]   k[i-1]    Outcome
+     * 0      0         No Swap
+     * 0      1         Swap
+     * 1      0         Swap
+     * 1      1         No Swap
+     *
+     * This is XOR. pbit tracks the previous bit of k.
+     */
 
-        window_val >>= 1;
-        window_val += bit * BN_is_bit_set(scalar, j + w);
+    for (i = cardinality_bits - 1; i >= 0; i--) {
+        kbit = BN_is_bit_set(k, i) ^ pbit;
+        EC_POINT_CSWAP(kbit, r, s, group_top, Z_is_one);
 
-        if (window_val > next_bit) {
-            ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+        /* Perform a single step of the Montgomery ladder */
+        if (!ec_point_ladder_step(group, r, s, p, ctx)) {
+            ECerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_LADDER_STEP_FAILURE);
             goto err;
         }
-    }
-
-    if (j > len + 1) {
-        ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+        /*
+         * pbit logic merges this cswap with that of the
+         * next iteration
+         */
+        pbit ^= kbit;
+    }
+    /* one final cswap to move the right value into r */
+    EC_POINT_CSWAP(pbit, r, s, group_top, Z_is_one);
+#undef EC_POINT_CSWAP
+
+    /* Finalize ladder (and recover full point coordinates) */
+    if (!ec_point_ladder_post(group, r, s, p, ctx)) {
+        ECerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_LADDER_POST_FAILURE);
         goto err;
     }
-    len = j;
-    ok = 1;
+
+    ret = 1;
 
  err:
-    if (!ok) {
-        OPENSSL_free(r);
-        r = NULL;
-    }
-    if (ok)
-        *ret_len = len;
-    return r;
+    EC_POINT_free(p);
+    EC_POINT_free(s);
+    BN_CTX_end(ctx);
+
+    return ret;
 }
 
+#undef EC_POINT_BN_set_flags
+
 /*
  * TODO: table should be optimised for the wNAF-based implementation,
  * sometimes smaller windows will give better performance (thus the
@@ -337,7 +413,6 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
                 size_t num, const EC_POINT *points[], const BIGNUM *scalars[],
                 BN_CTX *ctx)
 {
-    BN_CTX *new_ctx = NULL;
     const EC_POINT *generator = NULL;
     EC_POINT *tmp = NULL;
     size_t totalnum;
@@ -362,26 +437,33 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
                                  * precomputation is not available */
     int ret = 0;
 
-    if (group->meth != r->meth) {
-        ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS);
-        return 0;
-    }
-
-    if ((scalar == NULL) && (num == 0)) {
-        return EC_POINT_set_to_infinity(group, r);
-    }
-
-    for (i = 0; i < num; i++) {
-        if (group->meth != points[i]->meth) {
-            ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS);
-            return 0;
+    if (!BN_is_zero(group->order) && !BN_is_zero(group->cofactor)) {
+        /*-
+         * Handle the common cases where the scalar is secret, enforcing a
+         * scalar multiplication implementation based on a Montgomery ladder,
+         * with various timing attack defenses.
+         */
+        if ((scalar != NULL) && (num == 0)) {
+            /*-
+             * In this case we want to compute scalar * GeneratorPoint: this
+             * codepath is reached most prominently by (ephemeral) key
+             * generation of EC cryptosystems (i.e. ECDSA keygen and sign setup,
+             * ECDH keygen/first half), where the scalar is always secret. This
+             * is why we ignore if BN_FLG_CONSTTIME is actually set and we
+             * always call the ladder version.
+             */
+            return ec_scalar_mul_ladder(group, r, scalar, NULL, ctx);
+        }
+        if ((scalar == NULL) && (num == 1)) {
+            /*-
+             * In this case we want to compute scalar * VariablePoint: this
+             * codepath is reached most prominently by the second half of ECDH,
+             * where the secret scalar is multiplied by the peer's public point.
+             * To protect the secret scalar, we ignore if BN_FLG_CONSTTIME is
+             * actually set and we always call the ladder version.
+             */
+            return ec_scalar_mul_ladder(group, r, scalars[0], points[0], ctx);
         }
-    }
-
-    if (ctx == NULL) {
-        ctx = new_ctx = BN_CTX_new();
-        if (ctx == NULL)
-            goto err;
     }
 
     if (scalar != NULL) {
@@ -393,10 +475,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
 
         /* look if we can use precomputed multiples of generator */
 
-        pre_comp =
-            EC_EX_DATA_get_data(group->extra_data, ec_pre_comp_dup,
-                                ec_pre_comp_free, ec_pre_comp_clear_free);
-
+        pre_comp = group->pre_comp.ec;
         if (pre_comp && pre_comp->numblocks
             && (EC_POINT_cmp(group, generator, pre_comp->points[0], ctx) ==
                 0)) {
@@ -439,10 +518,10 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
     val_sub = OPENSSL_malloc(totalnum * sizeof(val_sub[0]));
 
     /* Ensure wNAF is initialised in case we end up going to err */
-    if (wNAF)
+    if (wNAF != NULL)
         wNAF[0] = NULL;         /* preliminary pivot */
 
-    if (!wsize || !wNAF_len || !wNAF || !val_sub) {
+    if (wsize == NULL || wNAF_len == NULL || wNAF == NULL || val_sub == NULL) {
         ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
         goto err;
     }
@@ -460,8 +539,8 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
         num_val += (size_t)1 << (wsize[i] - 1);
         wNAF[i + 1] = NULL;     /* make sure we always have a pivot */
         wNAF[i] =
-            compute_wNAF((i < num ? scalars[i] : scalar), wsize[i],
-                         &wNAF_len[i]);
+            bn_compute_wNAF((i < num ? scalars[i] : scalar), wsize[i],
+                            &wNAF_len[i]);
         if (wNAF[i] == NULL)
             goto err;
         if (wNAF_len[i] > max_len)
@@ -490,7 +569,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
              * use the window size for which we have precomputation
              */
             wsize[num] = pre_comp->w;
-            tmp_wNAF = compute_wNAF(scalar, wsize[num], &tmp_len);
+            tmp_wNAF = bn_compute_wNAF(scalar, wsize[num], &tmp_len);
             if (!tmp_wNAF)
                 goto err;
 
@@ -506,8 +585,6 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
                 wNAF[num] = tmp_wNAF;
                 wNAF[num + 1] = NULL;
                 wNAF_len[num] = tmp_len;
-                if (tmp_len > max_len)
-                    max_len = tmp_len;
                 /*
                  * pre_comp->points starts with the points that we need here:
                  */
@@ -528,6 +605,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
                     numblocks = (tmp_len + blocksize - 1) / blocksize;
                     if (numblocks > pre_comp->numblocks) {
                         ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+                        OPENSSL_free(tmp_wNAF);
                         goto err;
                     }
                     totalnum = num + numblocks;
@@ -542,6 +620,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
                         wNAF_len[i] = blocksize;
                         if (tmp_len < blocksize) {
                             ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+                            OPENSSL_free(tmp_wNAF);
                             goto err;
                         }
                         tmp_len -= blocksize;
@@ -605,7 +684,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
         goto err;
     }
 
-    if (!(tmp = EC_POINT_new(group)))
+    if ((tmp = EC_POINT_new(group)) == NULL)
         goto err;
 
     /*-
@@ -635,11 +714,8 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
         }
     }
 
-#if 1                           /* optional; EC_window_bits_for_scalar_size
-                                 * assumes we do this step */
     if (!EC_POINTs_make_affine(group, num_val, val, ctx))
         goto err;
-#endif
 
     r_is_at_infinity = 1;
 
@@ -696,14 +772,9 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
     ret = 1;
 
  err:
-    if (new_ctx != NULL)
-        BN_CTX_free(new_ctx);
-    if (tmp != NULL)
-        EC_POINT_free(tmp);
-    if (wsize != NULL)
-        OPENSSL_free(wsize);
-    if (wNAF_len != NULL)
-        OPENSSL_free(wNAF_len);
+    EC_POINT_free(tmp);
+    OPENSSL_free(wsize);
+    OPENSSL_free(wNAF_len);
     if (wNAF != NULL) {
         signed char **w;
 
@@ -718,9 +789,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
 
         OPENSSL_free(val);
     }
-    if (val_sub != NULL) {
-        OPENSSL_free(val_sub);
-    }
+    OPENSSL_free(val_sub);
     return ret;
 }
 
@@ -749,16 +818,14 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
     const EC_POINT *generator;
     EC_POINT *tmp_point = NULL, *base = NULL, **var;
     BN_CTX *new_ctx = NULL;
-    BIGNUM *order;
+    const BIGNUM *order;
     size_t i, bits, w, pre_points_per_block, blocksize, numblocks, num;
     EC_POINT **points = NULL;
     EC_PRE_COMP *pre_comp;
     int ret = 0;
 
     /* if there is an old EC_PRE_COMP object, throw it away */
-    EC_EX_DATA_free_data(&group->extra_data, ec_pre_comp_dup,
-                         ec_pre_comp_free, ec_pre_comp_clear_free);
-
+    EC_pre_comp_free(group);
     if ((pre_comp = ec_pre_comp_new(group)) == NULL)
         return 0;
 
@@ -775,11 +842,9 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
     }
 
     BN_CTX_start(ctx);
-    order = BN_CTX_get(ctx);
-    if (order == NULL)
-        goto err;
 
-    if (!EC_GROUP_get_order(group, order, ctx))
+    order = EC_GROUP_get0_order(group);
+    if (order == NULL)
         goto err;
     if (BN_is_zero(order)) {
         ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, EC_R_UNKNOWN_ORDER);
@@ -808,8 +873,8 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
     num = pre_points_per_block * numblocks; /* number of points to compute
                                              * and store */
 
-    points = OPENSSL_malloc(sizeof(EC_POINT *) * (num + 1));
-    if (!points) {
+    points = OPENSSL_malloc(sizeof(*points) * (num + 1));
+    if (points == NULL) {
         ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE);
         goto err;
     }
@@ -823,7 +888,8 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
         }
     }
 
-    if (!(tmp_point = EC_POINT_new(group)) || !(base = EC_POINT_new(group))) {
+    if ((tmp_point = EC_POINT_new(group)) == NULL
+        || (base = EC_POINT_new(group)) == NULL) {
         ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE);
         goto err;
     }
@@ -879,21 +945,15 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
     pre_comp->points = points;
     points = NULL;
     pre_comp->num = num;
-
-    if (!EC_EX_DATA_set_data(&group->extra_data, pre_comp,
-                             ec_pre_comp_dup, ec_pre_comp_free,
-                             ec_pre_comp_clear_free))
-        goto err;
+    SETPRECOMP(group, ec, pre_comp);
     pre_comp = NULL;
-
     ret = 1;
+
  err:
     if (ctx != NULL)
         BN_CTX_end(ctx);
-    if (new_ctx != NULL)
-        BN_CTX_free(new_ctx);
-    if (pre_comp)
-        ec_pre_comp_free(pre_comp);
+    BN_CTX_free(new_ctx);
+    EC_ec_pre_comp_free(pre_comp);
     if (points) {
         EC_POINT **p;
 
@@ -901,19 +961,12 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
             EC_POINT_free(*p);
         OPENSSL_free(points);
     }
-    if (tmp_point)
-        EC_POINT_free(tmp_point);
-    if (base)
-        EC_POINT_free(base);
+    EC_POINT_free(tmp_point);
+    EC_POINT_free(base);
     return ret;
 }
 
 int ec_wNAF_have_precompute_mult(const EC_GROUP *group)
 {
-    if (EC_EX_DATA_get_data
-        (group->extra_data, ec_pre_comp_dup, ec_pre_comp_free,
-         ec_pre_comp_clear_free) != NULL)
-        return 1;
-    else
-        return 0;
+    return HAVEPRECOMP(group, ec);
 }
diff --git a/freebsd/crypto/openssl/crypto/ec/ec_oct.c b/freebsd/crypto/openssl/crypto/ec/ec_oct.c
index a99e501e..be2c6c8e 100644
--- a/freebsd/crypto/openssl/crypto/ec/ec_oct.c
+++ b/freebsd/crypto/openssl/crypto/ec/ec_oct.c
@@ -1,66 +1,13 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/ec/ec_lib.c */
 /*
- * Originally written by Bodo Moeller for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
+ * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Binary polynomial ECC support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <string.h>
@@ -70,18 +17,17 @@
 
 #include "ec_lcl.h"
 
-int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group,
-                                            EC_POINT *point, const BIGNUM *x,
-                                            int y_bit, BN_CTX *ctx)
+int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point,
+                                        const BIGNUM *x, int y_bit, BN_CTX *ctx)
 {
-    if (group->meth->point_set_compressed_coordinates == 0
+    if (group->meth->point_set_compressed_coordinates == NULL
         && !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) {
-        ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP,
+        ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES,
               ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
         return 0;
     }
-    if (group->meth != point->meth) {
-        ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP,
+    if (!ec_point_is_compat(point, group)) {
+        ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES,
               EC_R_INCOMPATIBLE_OBJECTS);
         return 0;
     }
@@ -92,7 +38,7 @@ int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group,
         else
 #ifdef OPENSSL_NO_EC2M
         {
-            ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP,
+            ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES,
                   EC_R_GF2M_NOT_SUPPORTED);
             return 0;
         }
@@ -105,33 +51,22 @@ int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group,
                                                          y_bit, ctx);
 }
 
-#ifndef OPENSSL_NO_EC2M
+#if OPENSSL_API_COMPAT < 0x10200000L
+int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group,
+                                            EC_POINT *point, const BIGNUM *x,
+                                            int y_bit, BN_CTX *ctx)
+{
+    return EC_POINT_set_compressed_coordinates(group, point, x, y_bit, ctx);
+}
+
+# ifndef OPENSSL_NO_EC2M
 int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group,
                                              EC_POINT *point, const BIGNUM *x,
                                              int y_bit, BN_CTX *ctx)
 {
-    if (group->meth->point_set_compressed_coordinates == 0
-        && !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) {
-        ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M,
-              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-        return 0;
-    }
-    if (group->meth != point->meth) {
-        ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M,
-              EC_R_INCOMPATIBLE_OBJECTS);
-        return 0;
-    }
-    if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) {
-        if (group->meth->field_type == NID_X9_62_prime_field)
-            return ec_GFp_simple_set_compressed_coordinates(group, point, x,
-                                                            y_bit, ctx);
-        else
-            return ec_GF2m_simple_set_compressed_coordinates(group, point, x,
-                                                             y_bit, ctx);
-    }
-    return group->meth->point_set_compressed_coordinates(group, point, x,
-                                                         y_bit, ctx);
+    return EC_POINT_set_compressed_coordinates(group, point, x, y_bit, ctx);
 }
+# endif
 #endif
 
 size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point,
@@ -143,7 +78,7 @@ size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point,
         ECerr(EC_F_EC_POINT_POINT2OCT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
         return 0;
     }
-    if (group->meth != point->meth) {
+    if (!ec_point_is_compat(point, group)) {
         ECerr(EC_F_EC_POINT_POINT2OCT, EC_R_INCOMPATIBLE_OBJECTS);
         return 0;
     }
@@ -173,7 +108,7 @@ int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *point,
         ECerr(EC_F_EC_POINT_OCT2POINT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
         return 0;
     }
-    if (group->meth != point->meth) {
+    if (!ec_point_is_compat(point, group)) {
         ECerr(EC_F_EC_POINT_OCT2POINT, EC_R_INCOMPATIBLE_OBJECTS);
         return 0;
     }
@@ -192,3 +127,26 @@ int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *point,
     }
     return group->meth->oct2point(group, point, buf, len, ctx);
 }
+
+size_t EC_POINT_point2buf(const EC_GROUP *group, const EC_POINT *point,
+                          point_conversion_form_t form,
+                          unsigned char **pbuf, BN_CTX *ctx)
+{
+    size_t len;
+    unsigned char *buf;
+
+    len = EC_POINT_point2oct(group, point, form, NULL, 0, NULL);
+    if (len == 0)
+        return 0;
+    if ((buf = OPENSSL_malloc(len)) == NULL) {
+        ECerr(EC_F_EC_POINT_POINT2BUF, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    len = EC_POINT_point2oct(group, point, form, buf, len, ctx);
+    if (len == 0) {
+        OPENSSL_free(buf);
+        return 0;
+    }
+    *pbuf = buf;
+    return len;
+}
diff --git a/freebsd/crypto/openssl/crypto/ec/ec_pmeth.c b/freebsd/crypto/openssl/crypto/ec/ec_pmeth.c
index 4436b691..c8d99316 100644
--- a/freebsd/crypto/openssl/crypto/ec/ec_pmeth.c
+++ b/freebsd/crypto/openssl/crypto/ec/ec_pmeth.c
@@ -1,72 +1,22 @@
 #include <machine/rtems-bsd-user-space.h>
 
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2006.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
 #include <openssl/ec.h>
 #include "ec_lcl.h"
-#include <openssl/ecdsa.h>
 #include <openssl/evp.h>
-#include "evp_locl.h"
+#include "internal/evp_int.h"
 
 /* EC pkey context structure */
 
@@ -93,22 +43,15 @@ typedef struct {
 static int pkey_ec_init(EVP_PKEY_CTX *ctx)
 {
     EC_PKEY_CTX *dctx;
-    dctx = OPENSSL_malloc(sizeof(EC_PKEY_CTX));
-    if (!dctx)
+
+    if ((dctx = OPENSSL_zalloc(sizeof(*dctx))) == NULL) {
+        ECerr(EC_F_PKEY_EC_INIT, ERR_R_MALLOC_FAILURE);
         return 0;
-    dctx->gen_group = NULL;
-    dctx->md = NULL;
+    }
 
     dctx->cofactor_mode = -1;
-    dctx->co_key = NULL;
     dctx->kdf_type = EVP_PKEY_ECDH_KDF_NONE;
-    dctx->kdf_md = NULL;
-    dctx->kdf_outlen = 0;
-    dctx->kdf_ukm = NULL;
-    dctx->kdf_ukmlen = 0;
-
     ctx->data = dctx;
-
     return 1;
 }
 
@@ -135,7 +78,7 @@ static int pkey_ec_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
     dctx->kdf_md = sctx->kdf_md;
     dctx->kdf_outlen = sctx->kdf_outlen;
     if (sctx->kdf_ukm) {
-        dctx->kdf_ukm = BUF_memdup(sctx->kdf_ukm, sctx->kdf_ukmlen);
+        dctx->kdf_ukm = OPENSSL_memdup(sctx->kdf_ukm, sctx->kdf_ukmlen);
         if (!dctx->kdf_ukm)
             return 0;
     } else
@@ -147,14 +90,12 @@ static int pkey_ec_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
 static void pkey_ec_cleanup(EVP_PKEY_CTX *ctx)
 {
     EC_PKEY_CTX *dctx = ctx->data;
-    if (dctx) {
-        if (dctx->gen_group)
-            EC_GROUP_free(dctx->gen_group);
-        if (dctx->co_key)
-            EC_KEY_free(dctx->co_key);
-        if (dctx->kdf_ukm)
-            OPENSSL_free(dctx->kdf_ukm);
+    if (dctx != NULL) {
+        EC_GROUP_free(dctx->gen_group);
+        EC_KEY_free(dctx->co_key);
+        OPENSSL_free(dctx->kdf_ukm);
         OPENSSL_free(dctx);
+        ctx->data = NULL;
     }
 }
 
@@ -165,19 +106,23 @@ static int pkey_ec_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
     unsigned int sltmp;
     EC_PKEY_CTX *dctx = ctx->data;
     EC_KEY *ec = ctx->pkey->pkey.ec;
+    const int sig_sz = ECDSA_size(ec);
+
+    /* ensure cast to size_t is safe */
+    if (!ossl_assert(sig_sz > 0))
+        return 0;
 
-    if (!sig) {
-        *siglen = ECDSA_size(ec);
+    if (sig == NULL) {
+        *siglen = (size_t)sig_sz;
         return 1;
-    } else if (*siglen < (size_t)ECDSA_size(ec)) {
+    }
+
+    if (*siglen < (size_t)sig_sz) {
         ECerr(EC_F_PKEY_EC_SIGN, EC_R_BUFFER_TOO_SMALL);
         return 0;
     }
 
-    if (dctx->md)
-        type = EVP_MD_type(dctx->md);
-    else
-        type = NID_sha1;
+    type = (dctx->md != NULL) ? EVP_MD_type(dctx->md) : NID_sha1;
 
     ret = ECDSA_sign(type, tbs, tbslen, sig, &sltmp, ec);
 
@@ -205,9 +150,8 @@ static int pkey_ec_verify(EVP_PKEY_CTX *ctx,
     return ret;
 }
 
-#ifndef OPENSSL_NO_ECDH
-static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
-                          size_t *keylen)
+#ifndef OPENSSL_NO_EC
+static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
 {
     int ret;
     size_t outlen;
@@ -260,9 +204,10 @@ static int pkey_ec_kdf_derive(EVP_PKEY_CTX *ctx,
         return 0;
     if (!pkey_ec_derive(ctx, NULL, &ktmplen))
         return 0;
-    ktmp = OPENSSL_malloc(ktmplen);
-    if (!ktmp)
+    if ((ktmp = OPENSSL_malloc(ktmplen)) == NULL) {
+        ECerr(EC_F_PKEY_EC_KDF_DERIVE, ERR_R_MALLOC_FAILURE);
         return 0;
+    }
     if (!pkey_ec_derive(ctx, ktmp, &ktmplen))
         goto err;
     /* Do KDF stuff */
@@ -272,10 +217,7 @@ static int pkey_ec_kdf_derive(EVP_PKEY_CTX *ctx,
     rv = 1;
 
  err:
-    if (ktmp) {
-        OPENSSL_cleanse(ktmp, ktmplen);
-        OPENSSL_free(ktmp);
-    }
+    OPENSSL_clear_free(ktmp, ktmplen);
     return rv;
 }
 #endif
@@ -291,8 +233,7 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
             ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_CURVE);
             return 0;
         }
-        if (dctx->gen_group)
-            EC_GROUP_free(dctx->gen_group);
+        EC_GROUP_free(dctx->gen_group);
         dctx->gen_group = group;
         return 1;
 
@@ -304,15 +245,14 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
         EC_GROUP_set_asn1_flag(dctx->gen_group, p1);
         return 1;
 
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     case EVP_PKEY_CTRL_EC_ECDH_COFACTOR:
         if (p1 == -2) {
             if (dctx->cofactor_mode != -1)
                 return dctx->cofactor_mode;
             else {
                 EC_KEY *ec_key = ctx->pkey->pkey.ec;
-                return EC_KEY_get_flags(ec_key) & EC_FLAG_COFACTOR_ECDH ? 1 :
-                    0;
+                return EC_KEY_get_flags(ec_key) & EC_FLAG_COFACTOR_ECDH ? 1 : 0;
             }
         } else if (p1 < -1 || p1 > 1)
             return -2;
@@ -322,7 +262,7 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
             if (!ec_key->group)
                 return -2;
             /* If cofactor is 1 cofactor mode does nothing */
-            if (BN_is_one(&ec_key->group->cofactor))
+            if (BN_is_one(ec_key->group->cofactor))
                 return 1;
             if (!dctx->co_key) {
                 dctx->co_key = EC_KEY_dup(ec_key);
@@ -333,7 +273,7 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
                 EC_KEY_set_flags(dctx->co_key, EC_FLAG_COFACTOR_ECDH);
             else
                 EC_KEY_clear_flags(dctx->co_key, EC_FLAG_COFACTOR_ECDH);
-        } else if (dctx->co_key) {
+        } else {
             EC_KEY_free(dctx->co_key);
             dctx->co_key = NULL;
         }
@@ -367,8 +307,7 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
         return 1;
 
     case EVP_PKEY_CTRL_EC_KDF_UKM:
-        if (dctx->kdf_ukm)
-            OPENSSL_free(dctx->kdf_ukm);
+        OPENSSL_free(dctx->kdf_ukm);
         dctx->kdf_ukm = p2;
         if (p2)
             dctx->kdf_ukmlen = p1;
@@ -413,7 +352,7 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
 static int pkey_ec_ctrl_str(EVP_PKEY_CTX *ctx,
                             const char *type, const char *value)
 {
-    if (!strcmp(type, "ec_paramgen_curve")) {
+    if (strcmp(type, "ec_paramgen_curve") == 0) {
         int nid;
         nid = EC_curve_nist2nid(value);
         if (nid == NID_undef)
@@ -425,23 +364,23 @@ static int pkey_ec_ctrl_str(EVP_PKEY_CTX *ctx,
             return 0;
         }
         return EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid);
-    } else if (!strcmp(type, "ec_param_enc")) {
+    } else if (strcmp(type, "ec_param_enc") == 0) {
         int param_enc;
-        if (!strcmp(value, "explicit"))
+        if (strcmp(value, "explicit") == 0)
             param_enc = 0;
-        else if (!strcmp(value, "named_curve"))
+        else if (strcmp(value, "named_curve") == 0)
             param_enc = OPENSSL_EC_NAMED_CURVE;
         else
             return -2;
         return EVP_PKEY_CTX_set_ec_param_enc(ctx, param_enc);
-    } else if (!strcmp(type, "ecdh_kdf_md")) {
+    } else if (strcmp(type, "ecdh_kdf_md") == 0) {
         const EVP_MD *md;
-        if (!(md = EVP_get_digestbyname(value))) {
+        if ((md = EVP_get_digestbyname(value)) == NULL) {
             ECerr(EC_F_PKEY_EC_CTRL_STR, EC_R_INVALID_DIGEST);
             return 0;
         }
         return EVP_PKEY_CTX_set_ecdh_kdf_md(ctx, md);
-    } else if (!strcmp(type, "ecdh_cofactor_mode")) {
+    } else if (strcmp(type, "ecdh_cofactor_mode") == 0) {
         int co_mode;
         co_mode = atoi(value);
         return EVP_PKEY_CTX_set_ecdh_cofactor_mode(ctx, co_mode);
@@ -454,18 +393,17 @@ static int pkey_ec_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
 {
     EC_KEY *ec = NULL;
     EC_PKEY_CTX *dctx = ctx->data;
-    int ret = 0;
+    int ret;
+
     if (dctx->gen_group == NULL) {
         ECerr(EC_F_PKEY_EC_PARAMGEN, EC_R_NO_PARAMETERS_SET);
         return 0;
     }
     ec = EC_KEY_new();
-    if (!ec)
+    if (ec == NULL)
         return 0;
-    ret = EC_KEY_set_group(ec, dctx->gen_group);
-    if (ret)
-        EVP_PKEY_assign_EC_KEY(pkey, ec);
-    else
+    if (!(ret = EC_KEY_set_group(ec, dctx->gen_group))
+        || !ossl_assert(ret = EVP_PKEY_assign_EC_KEY(pkey, ec)))
         EC_KEY_free(ec);
     return ret;
 }
@@ -474,23 +412,26 @@ static int pkey_ec_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
 {
     EC_KEY *ec = NULL;
     EC_PKEY_CTX *dctx = ctx->data;
+    int ret;
+
     if (ctx->pkey == NULL && dctx->gen_group == NULL) {
         ECerr(EC_F_PKEY_EC_KEYGEN, EC_R_NO_PARAMETERS_SET);
         return 0;
     }
     ec = EC_KEY_new();
-    if (!ec)
+    if (ec == NULL)
+        return 0;
+    if (!ossl_assert(EVP_PKEY_assign_EC_KEY(pkey, ec))) {
+        EC_KEY_free(ec);
         return 0;
-    EVP_PKEY_assign_EC_KEY(pkey, ec);
-    if (ctx->pkey) {
-        /* Note: if error return, pkey is freed by parent routine */
-        if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))
-            return 0;
-    } else {
-        if (!EC_KEY_set_group(ec, dctx->gen_group))
-            return 0;
     }
-    return EC_KEY_generate_key(pkey->pkey.ec);
+    /* Note: if error is returned, we count on caller to free pkey->pkey.ec */
+    if (ctx->pkey != NULL)
+        ret = EVP_PKEY_copy_parameters(pkey, ctx->pkey);
+    else
+        ret = EC_KEY_set_group(ec, dctx->gen_group);
+
+    return ret ? EC_KEY_generate_key(ec) : 0;
 }
 
 const EVP_PKEY_METHOD ec_pkey_meth = {
@@ -516,17 +457,18 @@ const EVP_PKEY_METHOD ec_pkey_meth = {
 
     0, 0, 0, 0,
 
-    0, 0,
+    0,
+    0,
 
-    0, 0,
+    0,
+    0,
 
     0,
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     pkey_ec_kdf_derive,
 #else
     0,
 #endif
-
     pkey_ec_ctrl,
     pkey_ec_ctrl_str
 };
diff --git a/freebsd/crypto/openssl/crypto/ec/ec_print.c b/freebsd/crypto/openssl/crypto/ec/ec_print.c
index 29cb85d4..c94bc164 100644
--- a/freebsd/crypto/openssl/crypto/ec/ec_print.c
+++ b/freebsd/crypto/openssl/crypto/ec/ec_print.c
@@ -1,61 +1,16 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/ec/ec_print.c */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/crypto.h>
+#include <openssl/err.h>
 #include "ec_lcl.h"
 
 BIGNUM *EC_POINT_point2bn(const EC_GROUP *group,
@@ -66,17 +21,10 @@ BIGNUM *EC_POINT_point2bn(const EC_GROUP *group,
     size_t buf_len = 0;
     unsigned char *buf;
 
-    buf_len = EC_POINT_point2oct(group, point, form, NULL, 0, ctx);
-    if (buf_len == 0)
-        return NULL;
-
-    if ((buf = OPENSSL_malloc(buf_len)) == NULL)
-        return NULL;
+    buf_len = EC_POINT_point2buf(group, point, form, &buf, ctx);
 
-    if (!EC_POINT_point2oct(group, point, form, buf, buf_len, ctx)) {
-        OPENSSL_free(buf);
+    if (buf_len == 0)
         return NULL;
-    }
 
     ret = BN_bin2bn(buf, buf_len, ret);
 
@@ -94,9 +42,10 @@ EC_POINT *EC_POINT_bn2point(const EC_GROUP *group,
 
     if ((buf_len = BN_num_bytes(bn)) == 0)
         return NULL;
-    buf = OPENSSL_malloc(buf_len);
-    if (buf == NULL)
+    if ((buf = OPENSSL_malloc(buf_len)) == NULL) {
+        ECerr(EC_F_EC_POINT_BN2POINT, ERR_R_MALLOC_FAILURE);
         return NULL;
+    }
 
     if (!BN_bn2bin(bn, buf)) {
         OPENSSL_free(buf);
@@ -112,7 +61,7 @@ EC_POINT *EC_POINT_bn2point(const EC_GROUP *group,
         ret = point;
 
     if (!EC_POINT_oct2point(group, ret, buf, buf_len, ctx)) {
-        if (point == NULL)
+        if (ret != point)
             EC_POINT_clear_free(ret);
         OPENSSL_free(buf);
         return NULL;
@@ -131,21 +80,14 @@ char *EC_POINT_point2hex(const EC_GROUP *group,
 {
     char *ret, *p;
     size_t buf_len = 0, i;
-    unsigned char *buf, *pbuf;
-
-    buf_len = EC_POINT_point2oct(group, point, form, NULL, 0, ctx);
-    if (buf_len == 0)
-        return NULL;
+    unsigned char *buf = NULL, *pbuf;
 
-    if ((buf = OPENSSL_malloc(buf_len)) == NULL)
-        return NULL;
+    buf_len = EC_POINT_point2buf(group, point, form, &buf, ctx);
 
-    if (!EC_POINT_point2oct(group, point, form, buf, buf_len, ctx)) {
-        OPENSSL_free(buf);
+    if (buf_len == 0)
         return NULL;
-    }
 
-    ret = (char *)OPENSSL_malloc(buf_len * 2 + 2);
+    ret = OPENSSL_malloc(buf_len * 2 + 2);
     if (ret == NULL) {
         OPENSSL_free(buf);
         return NULL;
diff --git a/freebsd/crypto/openssl/crypto/ec/ecdh_kdf.c b/freebsd/crypto/openssl/crypto/ec/ecdh_kdf.c
new file mode 100644
index 00000000..cb850803
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/ec/ecdh_kdf.c
@@ -0,0 +1,70 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include <openssl/ec.h>
+#include <openssl/evp.h>
+
+/* Key derivation function from X9.62/SECG */
+/* Way more than we will ever need */
+#define ECDH_KDF_MAX    (1 << 30)
+
+int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
+                   const unsigned char *Z, size_t Zlen,
+                   const unsigned char *sinfo, size_t sinfolen,
+                   const EVP_MD *md)
+{
+    EVP_MD_CTX *mctx = NULL;
+    int rv = 0;
+    unsigned int i;
+    size_t mdlen;
+    unsigned char ctr[4];
+    if (sinfolen > ECDH_KDF_MAX || outlen > ECDH_KDF_MAX
+        || Zlen > ECDH_KDF_MAX)
+        return 0;
+    mctx = EVP_MD_CTX_new();
+    if (mctx == NULL)
+        return 0;
+    mdlen = EVP_MD_size(md);
+    for (i = 1;; i++) {
+        unsigned char mtmp[EVP_MAX_MD_SIZE];
+        if (!EVP_DigestInit_ex(mctx, md, NULL))
+            goto err;
+        ctr[3] = i & 0xFF;
+        ctr[2] = (i >> 8) & 0xFF;
+        ctr[1] = (i >> 16) & 0xFF;
+        ctr[0] = (i >> 24) & 0xFF;
+        if (!EVP_DigestUpdate(mctx, Z, Zlen))
+            goto err;
+        if (!EVP_DigestUpdate(mctx, ctr, sizeof(ctr)))
+            goto err;
+        if (!EVP_DigestUpdate(mctx, sinfo, sinfolen))
+            goto err;
+        if (outlen >= mdlen) {
+            if (!EVP_DigestFinal(mctx, out, NULL))
+                goto err;
+            outlen -= mdlen;
+            if (outlen == 0)
+                break;
+            out += mdlen;
+        } else {
+            if (!EVP_DigestFinal(mctx, mtmp, NULL))
+                goto err;
+            memcpy(out, mtmp, outlen);
+            OPENSSL_cleanse(mtmp, mdlen);
+            break;
+        }
+    }
+    rv = 1;
+ err:
+    EVP_MD_CTX_free(mctx);
+    return rv;
+}
diff --git a/freebsd/crypto/openssl/crypto/ec/ecdh_ossl.c b/freebsd/crypto/openssl/crypto/ec/ecdh_ossl.c
new file mode 100644
index 00000000..74d1b73e
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/ec/ecdh_ossl.c
@@ -0,0 +1,123 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include <limits.h>
+
+#include "internal/cryptlib.h"
+
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/objects.h>
+#include <openssl/ec.h>
+#include "ec_lcl.h"
+
+int ossl_ecdh_compute_key(unsigned char **psec, size_t *pseclen,
+                          const EC_POINT *pub_key, const EC_KEY *ecdh)
+{
+    if (ecdh->group->meth->ecdh_compute_key == NULL) {
+        ECerr(EC_F_OSSL_ECDH_COMPUTE_KEY, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH);
+        return 0;
+    }
+
+    return ecdh->group->meth->ecdh_compute_key(psec, pseclen, pub_key, ecdh);
+}
+
+/*-
+ * This implementation is based on the following primitives in the IEEE 1363 standard:
+ *  - ECKAS-DH1
+ *  - ECSVDP-DH
+ */
+int ecdh_simple_compute_key(unsigned char **pout, size_t *poutlen,
+                            const EC_POINT *pub_key, const EC_KEY *ecdh)
+{
+    BN_CTX *ctx;
+    EC_POINT *tmp = NULL;
+    BIGNUM *x = NULL;
+    const BIGNUM *priv_key;
+    const EC_GROUP *group;
+    int ret = 0;
+    size_t buflen, len;
+    unsigned char *buf = NULL;
+
+    if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+    x = BN_CTX_get(ctx);
+    if (x == NULL) {
+        ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    priv_key = EC_KEY_get0_private_key(ecdh);
+    if (priv_key == NULL) {
+        ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, EC_R_NO_PRIVATE_VALUE);
+        goto err;
+    }
+
+    group = EC_KEY_get0_group(ecdh);
+
+    if (EC_KEY_get_flags(ecdh) & EC_FLAG_COFACTOR_ECDH) {
+        if (!EC_GROUP_get_cofactor(group, x, NULL) ||
+            !BN_mul(x, x, priv_key, ctx)) {
+            ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        priv_key = x;
+    }
+
+    if ((tmp = EC_POINT_new(group)) == NULL) {
+        ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (!EC_POINT_mul(group, tmp, NULL, pub_key, priv_key, ctx)) {
+        ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, EC_R_POINT_ARITHMETIC_FAILURE);
+        goto err;
+    }
+
+    if (!EC_POINT_get_affine_coordinates(group, tmp, x, NULL, ctx)) {
+        ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, EC_R_POINT_ARITHMETIC_FAILURE);
+        goto err;
+    }
+
+    buflen = (EC_GROUP_get_degree(group) + 7) / 8;
+    len = BN_num_bytes(x);
+    if (len > buflen) {
+        ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    if ((buf = OPENSSL_malloc(buflen)) == NULL) {
+        ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    memset(buf, 0, buflen - len);
+    if (len != (size_t)BN_bn2bin(x, buf + buflen - len)) {
+        ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    *pout = buf;
+    *poutlen = buflen;
+    buf = NULL;
+
+    ret = 1;
+
+ err:
+    EC_POINT_free(tmp);
+    if (ctx)
+        BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    OPENSSL_free(buf);
+    return ret;
+}
diff --git a/freebsd/crypto/openssl/crypto/ec/ecdsa_ossl.c b/freebsd/crypto/openssl/crypto/ec/ecdsa_ossl.c
new file mode 100644
index 00000000..e173047e
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/ec/ecdsa_ossl.c
@@ -0,0 +1,419 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include <openssl/err.h>
+#include <openssl/obj_mac.h>
+#include <openssl/rand.h>
+#include "internal/bn_int.h"
+#include "ec_lcl.h"
+
+int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen,
+                    unsigned char *sig, unsigned int *siglen,
+                    const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey)
+{
+    ECDSA_SIG *s;
+
+    s = ECDSA_do_sign_ex(dgst, dlen, kinv, r, eckey);
+    if (s == NULL) {
+        *siglen = 0;
+        return 0;
+    }
+    *siglen = i2d_ECDSA_SIG(s, &sig);
+    ECDSA_SIG_free(s);
+    return 1;
+}
+
+static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in,
+                            BIGNUM **kinvp, BIGNUM **rp,
+                            const unsigned char *dgst, int dlen)
+{
+    BN_CTX *ctx = NULL;
+    BIGNUM *k = NULL, *r = NULL, *X = NULL;
+    const BIGNUM *order;
+    EC_POINT *tmp_point = NULL;
+    const EC_GROUP *group;
+    int ret = 0;
+    int order_bits;
+
+    if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) {
+        ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
+    if (!EC_KEY_can_sign(eckey)) {
+        ECerr(EC_F_ECDSA_SIGN_SETUP, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING);
+        return 0;
+    }
+
+    if ((ctx = ctx_in) == NULL) {
+        if ((ctx = BN_CTX_new()) == NULL) {
+            ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+    }
+
+    k = BN_new();               /* this value is later returned in *kinvp */
+    r = BN_new();               /* this value is later returned in *rp */
+    X = BN_new();
+    if (k == NULL || r == NULL || X == NULL) {
+        ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if ((tmp_point = EC_POINT_new(group)) == NULL) {
+        ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
+        goto err;
+    }
+    order = EC_GROUP_get0_order(group);
+
+    /* Preallocate space */
+    order_bits = BN_num_bits(order);
+    if (!BN_set_bit(k, order_bits)
+        || !BN_set_bit(r, order_bits)
+        || !BN_set_bit(X, order_bits))
+        goto err;
+
+    do {
+        /* get random k */
+        do {
+            if (dgst != NULL) {
+                if (!BN_generate_dsa_nonce(k, order,
+                                           EC_KEY_get0_private_key(eckey),
+                                           dgst, dlen, ctx)) {
+                    ECerr(EC_F_ECDSA_SIGN_SETUP,
+                          EC_R_RANDOM_NUMBER_GENERATION_FAILED);
+                    goto err;
+                }
+            } else {
+                if (!BN_priv_rand_range(k, order)) {
+                    ECerr(EC_F_ECDSA_SIGN_SETUP,
+                          EC_R_RANDOM_NUMBER_GENERATION_FAILED);
+                    goto err;
+                }
+            }
+        } while (BN_is_zero(k));
+
+        /* compute r the x-coordinate of generator * k */
+        if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) {
+            ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
+            goto err;
+        }
+
+        if (!EC_POINT_get_affine_coordinates(group, tmp_point, X, NULL, ctx)) {
+            ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
+            goto err;
+        }
+
+        if (!BN_nnmod(r, X, order, ctx)) {
+            ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
+            goto err;
+        }
+    } while (BN_is_zero(r));
+
+    /* compute the inverse of k */
+    if (!ec_group_do_inverse_ord(group, k, k, ctx)) {
+        ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    /* clear old values if necessary */
+    BN_clear_free(*rp);
+    BN_clear_free(*kinvp);
+    /* save the pre-computed values  */
+    *rp = r;
+    *kinvp = k;
+    ret = 1;
+ err:
+    if (!ret) {
+        BN_clear_free(k);
+        BN_clear_free(r);
+    }
+    if (ctx != ctx_in)
+        BN_CTX_free(ctx);
+    EC_POINT_free(tmp_point);
+    BN_clear_free(X);
+    return ret;
+}
+
+int ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
+                          BIGNUM **rp)
+{
+    return ecdsa_sign_setup(eckey, ctx_in, kinvp, rp, NULL, 0);
+}
+
+ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
+                               const BIGNUM *in_kinv, const BIGNUM *in_r,
+                               EC_KEY *eckey)
+{
+    int ok = 0, i;
+    BIGNUM *kinv = NULL, *s, *m = NULL;
+    const BIGNUM *order, *ckinv;
+    BN_CTX *ctx = NULL;
+    const EC_GROUP *group;
+    ECDSA_SIG *ret;
+    const BIGNUM *priv_key;
+
+    group = EC_KEY_get0_group(eckey);
+    priv_key = EC_KEY_get0_private_key(eckey);
+
+    if (group == NULL || priv_key == NULL) {
+        ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+
+    if (!EC_KEY_can_sign(eckey)) {
+        ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING);
+        return NULL;
+    }
+
+    ret = ECDSA_SIG_new();
+    if (ret == NULL) {
+        ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    ret->r = BN_new();
+    ret->s = BN_new();
+    if (ret->r == NULL || ret->s == NULL) {
+        ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    s = ret->s;
+
+    if ((ctx = BN_CTX_new()) == NULL
+        || (m = BN_new()) == NULL) {
+        ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    order = EC_GROUP_get0_order(group);
+    i = BN_num_bits(order);
+    /*
+     * Need to truncate digest if it is too long: first truncate whole bytes.
+     */
+    if (8 * dgst_len > i)
+        dgst_len = (i + 7) / 8;
+    if (!BN_bin2bn(dgst, dgst_len, m)) {
+        ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
+        goto err;
+    }
+    /* If still too long, truncate remaining bits with a shift */
+    if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
+        ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
+        goto err;
+    }
+    do {
+        if (in_kinv == NULL || in_r == NULL) {
+            if (!ecdsa_sign_setup(eckey, ctx, &kinv, &ret->r, dgst, dgst_len)) {
+                ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_ECDSA_LIB);
+                goto err;
+            }
+            ckinv = kinv;
+        } else {
+            ckinv = in_kinv;
+            if (BN_copy(ret->r, in_r) == NULL) {
+                ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+        }
+
+        /*
+         * With only one multiplicant being in Montgomery domain
+         * multiplication yields real result without post-conversion.
+         * Also note that all operations but last are performed with
+         * zero-padded vectors. Last operation, BN_mod_mul_montgomery
+         * below, returns user-visible value with removed zero padding.
+         */
+        if (!bn_to_mont_fixed_top(s, ret->r, group->mont_data, ctx)
+            || !bn_mul_mont_fixed_top(s, s, priv_key, group->mont_data, ctx)) {
+            ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
+            goto err;
+        }
+        if (!bn_mod_add_fixed_top(s, s, m, order)) {
+            ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
+            goto err;
+        }
+        /*
+         * |s| can still be larger than modulus, because |m| can be. In
+         * such case we count on Montgomery reduction to tie it up.
+         */
+        if (!bn_to_mont_fixed_top(s, s, group->mont_data, ctx)
+            || !BN_mod_mul_montgomery(s, s, ckinv, group->mont_data, ctx)) {
+            ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
+            goto err;
+        }
+
+        if (BN_is_zero(s)) {
+            /*
+             * if kinv and r have been supplied by the caller, don't
+             * generate new kinv and r values
+             */
+            if (in_kinv != NULL && in_r != NULL) {
+                ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_NEED_NEW_SETUP_VALUES);
+                goto err;
+            }
+        } else {
+            /* s != 0 => we have a valid signature */
+            break;
+        }
+    } while (1);
+
+    ok = 1;
+ err:
+    if (!ok) {
+        ECDSA_SIG_free(ret);
+        ret = NULL;
+    }
+    BN_CTX_free(ctx);
+    BN_clear_free(m);
+    BN_clear_free(kinv);
+    return ret;
+}
+
+/*-
+ * returns
+ *      1: correct signature
+ *      0: incorrect signature
+ *     -1: error
+ */
+int ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len,
+                      const unsigned char *sigbuf, int sig_len, EC_KEY *eckey)
+{
+    ECDSA_SIG *s;
+    const unsigned char *p = sigbuf;
+    unsigned char *der = NULL;
+    int derlen = -1;
+    int ret = -1;
+
+    s = ECDSA_SIG_new();
+    if (s == NULL)
+        return ret;
+    if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL)
+        goto err;
+    /* Ensure signature uses DER and doesn't have trailing garbage */
+    derlen = i2d_ECDSA_SIG(s, &der);
+    if (derlen != sig_len || memcmp(sigbuf, der, derlen) != 0)
+        goto err;
+    ret = ECDSA_do_verify(dgst, dgst_len, s, eckey);
+ err:
+    OPENSSL_clear_free(der, derlen);
+    ECDSA_SIG_free(s);
+    return ret;
+}
+
+int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
+                          const ECDSA_SIG *sig, EC_KEY *eckey)
+{
+    int ret = -1, i;
+    BN_CTX *ctx;
+    const BIGNUM *order;
+    BIGNUM *u1, *u2, *m, *X;
+    EC_POINT *point = NULL;
+    const EC_GROUP *group;
+    const EC_POINT *pub_key;
+
+    /* check input values */
+    if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL ||
+        (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, EC_R_MISSING_PARAMETERS);
+        return -1;
+    }
+
+    if (!EC_KEY_can_sign(eckey)) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING);
+        return -1;
+    }
+
+    ctx = BN_CTX_new();
+    if (ctx == NULL) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+    BN_CTX_start(ctx);
+    u1 = BN_CTX_get(ctx);
+    u2 = BN_CTX_get(ctx);
+    m = BN_CTX_get(ctx);
+    X = BN_CTX_get(ctx);
+    if (X == NULL) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    order = EC_GROUP_get0_order(group);
+    if (order == NULL) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
+        BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) ||
+        BN_is_negative(sig->s) || BN_ucmp(sig->s, order) >= 0) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, EC_R_BAD_SIGNATURE);
+        ret = 0;                /* signature is invalid */
+        goto err;
+    }
+    /* calculate tmp1 = inv(S) mod order */
+    if (!ec_group_do_inverse_ord(group, u2, sig->s, ctx)) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
+        goto err;
+    }
+    /* digest -> m */
+    i = BN_num_bits(order);
+    /*
+     * Need to truncate digest if it is too long: first truncate whole bytes.
+     */
+    if (8 * dgst_len > i)
+        dgst_len = (i + 7) / 8;
+    if (!BN_bin2bn(dgst, dgst_len, m)) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
+        goto err;
+    }
+    /* If still too long truncate remaining bits with a shift */
+    if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
+        goto err;
+    }
+    /* u1 = m * tmp mod order */
+    if (!BN_mod_mul(u1, m, u2, order, ctx)) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
+        goto err;
+    }
+    /* u2 = r * w mod q */
+    if (!BN_mod_mul(u2, sig->r, u2, order, ctx)) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    if ((point = EC_POINT_new(group)) == NULL) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (!EC_POINT_mul(group, point, u1, pub_key, u2, ctx)) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    if (!EC_POINT_get_affine_coordinates(group, point, X, NULL, ctx)) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    if (!BN_nnmod(u1, X, order, ctx)) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
+        goto err;
+    }
+    /*  if the signature is correct u1 is equal to sig->r */
+    ret = (BN_ucmp(u1, sig->r) == 0);
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    EC_POINT_free(point);
+    return ret;
+}
diff --git a/freebsd/crypto/openssl/crypto/ec/ecdsa_sign.c b/freebsd/crypto/openssl/crypto/ec/ecdsa_sign.c
new file mode 100644
index 00000000..dea2f4c2
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/ec/ecdsa_sign.c
@@ -0,0 +1,54 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/ec.h>
+#include "ec_lcl.h"
+#include <openssl/err.h>
+
+ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey)
+{
+    return ECDSA_do_sign_ex(dgst, dlen, NULL, NULL, eckey);
+}
+
+ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dlen,
+                            const BIGNUM *kinv, const BIGNUM *rp,
+                            EC_KEY *eckey)
+{
+    if (eckey->meth->sign_sig != NULL)
+        return eckey->meth->sign_sig(dgst, dlen, kinv, rp, eckey);
+    ECerr(EC_F_ECDSA_DO_SIGN_EX, EC_R_OPERATION_NOT_SUPPORTED);
+    return NULL;
+}
+
+int ECDSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char
+               *sig, unsigned int *siglen, EC_KEY *eckey)
+{
+    return ECDSA_sign_ex(type, dgst, dlen, sig, siglen, NULL, NULL, eckey);
+}
+
+int ECDSA_sign_ex(int type, const unsigned char *dgst, int dlen,
+                  unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv,
+                  const BIGNUM *r, EC_KEY *eckey)
+{
+    if (eckey->meth->sign != NULL)
+        return eckey->meth->sign(type, dgst, dlen, sig, siglen, kinv, r, eckey);
+    ECerr(EC_F_ECDSA_SIGN_EX, EC_R_OPERATION_NOT_SUPPORTED);
+    return 0;
+}
+
+int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
+                     BIGNUM **rp)
+{
+    if (eckey->meth->sign_setup != NULL)
+        return eckey->meth->sign_setup(eckey, ctx_in, kinvp, rp);
+    ECerr(EC_F_ECDSA_SIGN_SETUP, EC_R_OPERATION_NOT_SUPPORTED);
+    return 0;
+}
diff --git a/freebsd/crypto/openssl/crypto/ec/ecdsa_vrf.c b/freebsd/crypto/openssl/crypto/ec/ecdsa_vrf.c
new file mode 100644
index 00000000..de3f01f0
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/ec/ecdsa_vrf.c
@@ -0,0 +1,45 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/ec.h>
+#include "ec_lcl.h"
+#include <openssl/err.h>
+
+/*-
+ * returns
+ *      1: correct signature
+ *      0: incorrect signature
+ *     -1: error
+ */
+int ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
+                    const ECDSA_SIG *sig, EC_KEY *eckey)
+{
+    if (eckey->meth->verify_sig != NULL)
+        return eckey->meth->verify_sig(dgst, dgst_len, sig, eckey);
+    ECerr(EC_F_ECDSA_DO_VERIFY, EC_R_OPERATION_NOT_SUPPORTED);
+    return 0;
+}
+
+/*-
+ * returns
+ *      1: correct signature
+ *      0: incorrect signature
+ *     -1: error
+ */
+int ECDSA_verify(int type, const unsigned char *dgst, int dgst_len,
+                 const unsigned char *sigbuf, int sig_len, EC_KEY *eckey)
+{
+    if (eckey->meth->verify != NULL)
+        return eckey->meth->verify(type, dgst, dgst_len, sigbuf, sig_len,
+                                   eckey);
+    ECerr(EC_F_ECDSA_VERIFY, EC_R_OPERATION_NOT_SUPPORTED);
+    return 0;
+}
diff --git a/freebsd/crypto/openssl/crypto/ec/eck_prn.c b/freebsd/crypto/openssl/crypto/ec/eck_prn.c
index 8694fd76..b858cbf9 100644
--- a/freebsd/crypto/openssl/crypto/ec/eck_prn.c
+++ b/freebsd/crypto/openssl/crypto/ec/eck_prn.c
@@ -1,75 +1,22 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/ec/eck_prn.c */
 /*
- * Written by Nils Larsch for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Portions originally developed by SUN MICROSYSTEMS, INC., and
- * contributed to the OpenSSL project.
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/ec.h>
 #include <openssl/bn.h>
 
-#ifndef OPENSSL_NO_FP_API
+#ifndef OPENSSL_NO_STDIO
 int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off)
 {
     BIO *b;
@@ -77,12 +24,12 @@ int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off)
 
     if ((b = BIO_new(BIO_s_file())) == NULL) {
         ECerr(EC_F_ECPKPARAMETERS_PRINT_FP, ERR_R_BUF_LIB);
-        return (0);
+        return 0;
     }
     BIO_set_fp(b, fp, BIO_NOCLOSE);
     ret = ECPKParameters_print(b, x, off);
     BIO_free(b);
-    return (ret);
+    return ret;
 }
 
 int EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off)
@@ -92,12 +39,12 @@ int EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off)
 
     if ((b = BIO_new(BIO_s_file())) == NULL) {
         ECerr(EC_F_EC_KEY_PRINT_FP, ERR_R_BIO_LIB);
-        return (0);
+        return 0;
     }
     BIO_set_fp(b, fp, BIO_NOCLOSE);
     ret = EC_KEY_print(b, x, off);
     BIO_free(b);
-    return (ret);
+    return ret;
 }
 
 int ECParameters_print_fp(FILE *fp, const EC_KEY *x)
@@ -107,51 +54,25 @@ int ECParameters_print_fp(FILE *fp, const EC_KEY *x)
 
     if ((b = BIO_new(BIO_s_file())) == NULL) {
         ECerr(EC_F_ECPARAMETERS_PRINT_FP, ERR_R_BIO_LIB);
-        return (0);
+        return 0;
     }
     BIO_set_fp(b, fp, BIO_NOCLOSE);
     ret = ECParameters_print(b, x);
     BIO_free(b);
-    return (ret);
-}
-#endif
-
-int EC_KEY_print(BIO *bp, const EC_KEY *x, int off)
-{
-    EVP_PKEY *pk;
-    int ret;
-    pk = EVP_PKEY_new();
-    if (!pk || !EVP_PKEY_set1_EC_KEY(pk, (EC_KEY *)x))
-        return 0;
-    ret = EVP_PKEY_print_private(bp, pk, off, NULL);
-    EVP_PKEY_free(pk);
-    return ret;
-}
-
-int ECParameters_print(BIO *bp, const EC_KEY *x)
-{
-    EVP_PKEY *pk;
-    int ret;
-    pk = EVP_PKEY_new();
-    if (!pk || !EVP_PKEY_set1_EC_KEY(pk, (EC_KEY *)x))
-        return 0;
-    ret = EVP_PKEY_print_params(bp, pk, 4, NULL);
-    EVP_PKEY_free(pk);
     return ret;
 }
+#endif
 
 static int print_bin(BIO *fp, const char *str, const unsigned char *num,
                      size_t len, int off);
 
 int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off)
 {
-    unsigned char *buffer = NULL;
-    size_t buf_len = 0, i;
     int ret = 0, reason = ERR_R_BIO_LIB;
     BN_CTX *ctx = NULL;
     const EC_POINT *point = NULL;
-    BIGNUM *p = NULL, *a = NULL, *b = NULL, *gen = NULL,
-        *order = NULL, *cofactor = NULL;
+    BIGNUM *p = NULL, *a = NULL, *b = NULL, *gen = NULL;
+    const BIGNUM *order = NULL, *cofactor = NULL;
     const unsigned char *seed;
     size_t seed_len = 0;
 
@@ -181,7 +102,6 @@ int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off)
         nid = EC_GROUP_get_curve_name(x);
         if (nid == 0)
             goto err;
-
         if (BIO_printf(bp, "ASN1 OID: %s", OBJ_nid2sn(nid)) <= 0)
             goto err;
         if (BIO_printf(bp, "\n") <= 0)
@@ -203,32 +123,23 @@ int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off)
             is_char_two = 1;
 
         if ((p = BN_new()) == NULL || (a = BN_new()) == NULL ||
-            (b = BN_new()) == NULL || (order = BN_new()) == NULL ||
-            (cofactor = BN_new()) == NULL) {
+            (b = BN_new()) == NULL) {
             reason = ERR_R_MALLOC_FAILURE;
             goto err;
         }
-#ifndef OPENSSL_NO_EC2M
-        if (is_char_two) {
-            if (!EC_GROUP_get_curve_GF2m(x, p, a, b, ctx)) {
-                reason = ERR_R_EC_LIB;
-                goto err;
-            }
-        } else                  /* prime field */
-#endif
-        {
-            if (!EC_GROUP_get_curve_GFp(x, p, a, b, ctx)) {
-                reason = ERR_R_EC_LIB;
-                goto err;
-            }
+
+        if (!EC_GROUP_get_curve(x, p, a, b, ctx)) {
+            reason = ERR_R_EC_LIB;
+            goto err;
         }
 
         if ((point = EC_GROUP_get0_generator(x)) == NULL) {
             reason = ERR_R_EC_LIB;
             goto err;
         }
-        if (!EC_GROUP_get_order(x, order, NULL) ||
-            !EC_GROUP_get_cofactor(x, cofactor, NULL)) {
+        order = EC_GROUP_get0_order(x);
+        cofactor = EC_GROUP_get0_cofactor(x);
+        if (order == NULL) {
             reason = ERR_R_EC_LIB;
             goto err;
         }
@@ -240,27 +151,9 @@ int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off)
             goto err;
         }
 
-        buf_len = (size_t)BN_num_bytes(p);
-        if (buf_len < (i = (size_t)BN_num_bytes(a)))
-            buf_len = i;
-        if (buf_len < (i = (size_t)BN_num_bytes(b)))
-            buf_len = i;
-        if (buf_len < (i = (size_t)BN_num_bytes(gen)))
-            buf_len = i;
-        if (buf_len < (i = (size_t)BN_num_bytes(order)))
-            buf_len = i;
-        if (buf_len < (i = (size_t)BN_num_bytes(cofactor)))
-            buf_len = i;
-
         if ((seed = EC_GROUP_get0_seed(x)) != NULL)
             seed_len = EC_GROUP_get_seed_len(x);
 
-        buf_len += 10;
-        if ((buffer = OPENSSL_malloc(buf_len)) == NULL) {
-            reason = ERR_R_MALLOC_FAILURE;
-            goto err;
-        }
-
         if (!BIO_indent(bp, off, 128))
             goto err;
 
@@ -283,36 +176,36 @@ int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off)
                 goto err;
 
             /* print the polynomial */
-            if ((p != NULL) && !ASN1_bn_print(bp, "Polynomial:", p, buffer,
+            if ((p != NULL) && !ASN1_bn_print(bp, "Polynomial:", p, NULL,
                                               off))
                 goto err;
         } else {
-            if ((p != NULL) && !ASN1_bn_print(bp, "Prime:", p, buffer, off))
+            if ((p != NULL) && !ASN1_bn_print(bp, "Prime:", p, NULL, off))
                 goto err;
         }
-        if ((a != NULL) && !ASN1_bn_print(bp, "A:   ", a, buffer, off))
+        if ((a != NULL) && !ASN1_bn_print(bp, "A:   ", a, NULL, off))
             goto err;
-        if ((b != NULL) && !ASN1_bn_print(bp, "B:   ", b, buffer, off))
+        if ((b != NULL) && !ASN1_bn_print(bp, "B:   ", b, NULL, off))
             goto err;
         if (form == POINT_CONVERSION_COMPRESSED) {
             if ((gen != NULL) && !ASN1_bn_print(bp, gen_compressed, gen,
-                                                buffer, off))
+                                                NULL, off))
                 goto err;
         } else if (form == POINT_CONVERSION_UNCOMPRESSED) {
             if ((gen != NULL) && !ASN1_bn_print(bp, gen_uncompressed, gen,
-                                                buffer, off))
+                                                NULL, off))
                 goto err;
         } else {                /* form == POINT_CONVERSION_HYBRID */
 
             if ((gen != NULL) && !ASN1_bn_print(bp, gen_hybrid, gen,
-                                                buffer, off))
+                                                NULL, off))
                 goto err;
         }
         if ((order != NULL) && !ASN1_bn_print(bp, "Order: ", order,
-                                              buffer, off))
+                                              NULL, off))
             goto err;
         if ((cofactor != NULL) && !ASN1_bn_print(bp, "Cofactor: ", cofactor,
-                                                 buffer, off))
+                                                 NULL, off))
             goto err;
         if (seed && !print_bin(bp, "Seed:", seed, seed_len, off))
             goto err;
@@ -321,23 +214,12 @@ int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off)
  err:
     if (!ret)
         ECerr(EC_F_ECPKPARAMETERS_PRINT, reason);
-    if (p)
-        BN_free(p);
-    if (a)
-        BN_free(a);
-    if (b)
-        BN_free(b);
-    if (gen)
-        BN_free(gen);
-    if (order)
-        BN_free(order);
-    if (cofactor)
-        BN_free(cofactor);
-    if (ctx)
-        BN_CTX_free(ctx);
-    if (buffer != NULL)
-        OPENSSL_free(buffer);
-    return (ret);
+    BN_free(p);
+    BN_free(a);
+    BN_free(b);
+    BN_free(gen);
+    BN_CTX_free(ctx);
+    return ret;
 }
 
 static int print_bin(BIO *fp, const char *name, const unsigned char *buf,
diff --git a/freebsd/crypto/openssl/crypto/ec/ecp_mont.c b/freebsd/crypto/openssl/crypto/ec/ecp_mont.c
index f3524e2c..d63346d6 100644
--- a/freebsd/crypto/openssl/crypto/ec/ecp_mont.c
+++ b/freebsd/crypto/openssl/crypto/ec/ecp_mont.c
@@ -1,74 +1,17 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/ec/ecp_mont.c */
 /*
- * Originally written by Bodo Moeller for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Portions of this software developed by SUN MICROSYSTEMS, INC.,
- * and contributed to the OpenSSL project.
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/err.h>
 
-#ifdef OPENSSL_FIPS
-# include <openssl/fips.h>
-#endif
-
 #include "ec_lcl.h"
 
 const EC_METHOD *EC_GFp_mont_method(void)
@@ -83,6 +26,7 @@ const EC_METHOD *EC_GFp_mont_method(void)
         ec_GFp_mont_group_set_curve,
         ec_GFp_simple_group_get_curve,
         ec_GFp_simple_group_get_degree,
+        ec_group_simple_order_bits,
         ec_GFp_simple_group_check_discriminant,
         ec_GFp_simple_point_init,
         ec_GFp_simple_point_finish,
@@ -110,14 +54,23 @@ const EC_METHOD *EC_GFp_mont_method(void)
         0 /* field_div */ ,
         ec_GFp_mont_field_encode,
         ec_GFp_mont_field_decode,
-        ec_GFp_mont_field_set_to_one
+        ec_GFp_mont_field_set_to_one,
+        ec_key_simple_priv2oct,
+        ec_key_simple_oct2priv,
+        0, /* set private */
+        ec_key_simple_generate_key,
+        ec_key_simple_check_key,
+        ec_key_simple_generate_public_key,
+        0, /* keycopy */
+        0, /* keyfinish */
+        ecdh_simple_compute_key,
+        0, /* field_inverse_mod_ord */
+        ec_GFp_simple_blind_coordinates,
+        ec_GFp_simple_ladder_pre,
+        ec_GFp_simple_ladder_step,
+        ec_GFp_simple_ladder_post
     };
 
-#ifdef OPENSSL_FIPS
-    if (FIPS_mode())
-        return fips_ec_gfp_mont_method();
-#endif
-
     return &ret;
 }
 
@@ -133,40 +86,28 @@ int ec_GFp_mont_group_init(EC_GROUP *group)
 
 void ec_GFp_mont_group_finish(EC_GROUP *group)
 {
-    if (group->field_data1 != NULL) {
-        BN_MONT_CTX_free(group->field_data1);
-        group->field_data1 = NULL;
-    }
-    if (group->field_data2 != NULL) {
-        BN_free(group->field_data2);
-        group->field_data2 = NULL;
-    }
+    BN_MONT_CTX_free(group->field_data1);
+    group->field_data1 = NULL;
+    BN_free(group->field_data2);
+    group->field_data2 = NULL;
     ec_GFp_simple_group_finish(group);
 }
 
 void ec_GFp_mont_group_clear_finish(EC_GROUP *group)
 {
-    if (group->field_data1 != NULL) {
-        BN_MONT_CTX_free(group->field_data1);
-        group->field_data1 = NULL;
-    }
-    if (group->field_data2 != NULL) {
-        BN_clear_free(group->field_data2);
-        group->field_data2 = NULL;
-    }
+    BN_MONT_CTX_free(group->field_data1);
+    group->field_data1 = NULL;
+    BN_clear_free(group->field_data2);
+    group->field_data2 = NULL;
     ec_GFp_simple_group_clear_finish(group);
 }
 
 int ec_GFp_mont_group_copy(EC_GROUP *dest, const EC_GROUP *src)
 {
-    if (dest->field_data1 != NULL) {
-        BN_MONT_CTX_free(dest->field_data1);
-        dest->field_data1 = NULL;
-    }
-    if (dest->field_data2 != NULL) {
-        BN_clear_free(dest->field_data2);
-        dest->field_data2 = NULL;
-    }
+    BN_MONT_CTX_free(dest->field_data1);
+    dest->field_data1 = NULL;
+    BN_clear_free(dest->field_data2);
+    dest->field_data2 = NULL;
 
     if (!ec_GFp_simple_group_copy(dest, src))
         return 0;
@@ -187,10 +128,8 @@ int ec_GFp_mont_group_copy(EC_GROUP *dest, const EC_GROUP *src)
     return 1;
 
  err:
-    if (dest->field_data1 != NULL) {
-        BN_MONT_CTX_free(dest->field_data1);
-        dest->field_data1 = NULL;
-    }
+    BN_MONT_CTX_free(dest->field_data1);
+    dest->field_data1 = NULL;
     return 0;
 }
 
@@ -202,14 +141,10 @@ int ec_GFp_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p,
     BIGNUM *one = NULL;
     int ret = 0;
 
-    if (group->field_data1 != NULL) {
-        BN_MONT_CTX_free(group->field_data1);
-        group->field_data1 = NULL;
-    }
-    if (group->field_data2 != NULL) {
-        BN_free(group->field_data2);
-        group->field_data2 = NULL;
-    }
+    BN_MONT_CTX_free(group->field_data1);
+    group->field_data1 = NULL;
+    BN_free(group->field_data2);
+    group->field_data2 = NULL;
 
     if (ctx == NULL) {
         ctx = new_ctx = BN_CTX_new();
@@ -245,12 +180,9 @@ int ec_GFp_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p,
     }
 
  err:
-    if (new_ctx != NULL)
-        BN_CTX_free(new_ctx);
-    if (mont != NULL)
-        BN_MONT_CTX_free(mont);
-    if (one != NULL)
-        BN_free(one);
+    BN_free(one);
+    BN_CTX_free(new_ctx);
+    BN_MONT_CTX_free(mont);
     return ret;
 }
 
diff --git a/freebsd/crypto/openssl/crypto/ec/ecp_nist.c b/freebsd/crypto/openssl/crypto/ec/ecp_nist.c
index cc717f8f..ed48b784 100644
--- a/freebsd/crypto/openssl/crypto/ec/ecp_nist.c
+++ b/freebsd/crypto/openssl/crypto/ec/ecp_nist.c
@@ -1,66 +1,13 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/ec/ecp_nist.c */
 /*
- * Written by Nils Larsch for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Portions of this software developed by SUN MICROSYSTEMS, INC.,
- * and contributed to the OpenSSL project.
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <limits.h>
@@ -69,10 +16,6 @@
 #include <openssl/obj_mac.h>
 #include "ec_lcl.h"
 
-#ifdef OPENSSL_FIPS
-# include <openssl/fips.h>
-#endif
-
 const EC_METHOD *EC_GFp_nist_method(void)
 {
     static const EC_METHOD ret = {
@@ -85,6 +28,7 @@ const EC_METHOD *EC_GFp_nist_method(void)
         ec_GFp_nist_group_set_curve,
         ec_GFp_simple_group_get_curve,
         ec_GFp_simple_group_get_degree,
+        ec_group_simple_order_bits,
         ec_GFp_simple_group_check_discriminant,
         ec_GFp_simple_point_init,
         ec_GFp_simple_point_finish,
@@ -112,14 +56,23 @@ const EC_METHOD *EC_GFp_nist_method(void)
         0 /* field_div */ ,
         0 /* field_encode */ ,
         0 /* field_decode */ ,
-        0                       /* field_set_to_one */
+        0,                      /* field_set_to_one */
+        ec_key_simple_priv2oct,
+        ec_key_simple_oct2priv,
+        0, /* set private */
+        ec_key_simple_generate_key,
+        ec_key_simple_check_key,
+        ec_key_simple_generate_public_key,
+        0, /* keycopy */
+        0, /* keyfinish */
+        ecdh_simple_compute_key,
+        0, /* field_inverse_mod_ord */
+        ec_GFp_simple_blind_coordinates,
+        ec_GFp_simple_ladder_pre,
+        ec_GFp_simple_ladder_step,
+        ec_GFp_simple_ladder_post
     };
 
-#ifdef OPENSSL_FIPS
-    if (FIPS_mode())
-        return fips_ec_gfp_nist_method();
-#endif
-
     return &ret;
 }
 
@@ -135,15 +88,12 @@ int ec_GFp_nist_group_set_curve(EC_GROUP *group, const BIGNUM *p,
 {
     int ret = 0;
     BN_CTX *new_ctx = NULL;
-    BIGNUM *tmp_bn;
 
     if (ctx == NULL)
         if ((ctx = new_ctx = BN_CTX_new()) == NULL)
             return 0;
 
     BN_CTX_start(ctx);
-    if ((tmp_bn = BN_CTX_get(ctx)) == NULL)
-        goto err;
 
     if (BN_ucmp(BN_get0_nist_prime_192(), p) == 0)
         group->field_mod_func = BN_nist_mod_192;
@@ -164,8 +114,7 @@ int ec_GFp_nist_group_set_curve(EC_GROUP *group, const BIGNUM *p,
 
  err:
     BN_CTX_end(ctx);
-    if (new_ctx != NULL)
-        BN_CTX_free(new_ctx);
+    BN_CTX_free(new_ctx);
     return ret;
 }
 
@@ -185,13 +134,12 @@ int ec_GFp_nist_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
 
     if (!BN_mul(r, a, b, ctx))
         goto err;
-    if (!group->field_mod_func(r, r, &group->field, ctx))
+    if (!group->field_mod_func(r, r, group->field, ctx))
         goto err;
 
     ret = 1;
  err:
-    if (ctx_new)
-        BN_CTX_free(ctx_new);
+    BN_CTX_free(ctx_new);
     return ret;
 }
 
@@ -211,12 +159,11 @@ int ec_GFp_nist_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
 
     if (!BN_sqr(r, a, ctx))
         goto err;
-    if (!group->field_mod_func(r, r, &group->field, ctx))
+    if (!group->field_mod_func(r, r, group->field, ctx))
         goto err;
 
     ret = 1;
  err:
-    if (ctx_new)
-        BN_CTX_free(ctx_new);
+    BN_CTX_free(ctx_new);
     return ret;
 }
diff --git a/freebsd/crypto/openssl/crypto/ec/ecp_nistp224.c b/freebsd/crypto/openssl/crypto/ec/ecp_nistp224.c
index 8cde8002..8df7241e 100644
--- a/freebsd/crypto/openssl/crypto/ec/ecp_nistp224.c
+++ b/freebsd/crypto/openssl/crypto/ec/ecp_nistp224.c
@@ -1,9 +1,14 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/ec/ecp_nistp224.c */
 /*
- * Written by Emilia Kasper (Google) for the OpenSSL project.
+ * Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
+
 /* Copyright 2011 Google Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
@@ -28,24 +33,21 @@
  */
 
 #include <openssl/opensslconf.h>
-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
-
-# ifndef OPENSSL_SYS_VMS
-#  include <stdint.h>
-# else
-#  include <inttypes.h>
-# endif
+#ifdef OPENSSL_NO_EC_NISTP_64_GCC_128
+NON_EMPTY_TRANSLATION_UNIT
+#else
 
+# include <stdint.h>
 # include <string.h>
 # include <openssl/err.h>
 # include "ec_lcl.h"
 
-# if defined(__GNUC__) && (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 1))
+# if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16
   /* even with gcc, the typedef won't work for 32-bit platforms */
 typedef __uint128_t uint128_t;  /* nonstandard; implemented by gcc on 64-bit
                                  * platforms */
 # else
-#  error "Need GCC 3.1 or later to define type uint128_t"
+#  error "Your compiler doesn't appear to support 128-bit integer types"
 # endif
 
 typedef uint8_t u8;
@@ -78,7 +80,7 @@ typedef limb felem[4];
 typedef widelimb widefelem[7];
 
 /*
- * Field element represented as a byte arrary. 28*8 = 224 bits is also the
+ * Field element represented as a byte array. 28*8 = 224 bits is also the
  * group order size for the elliptic curve, and we also use this type for
  * scalars for point multiplication.
  */
@@ -133,84 +135,55 @@ static const felem_bytearray nistp224_curve_params[5] = {
  * locations when doing simple scalar multiplies against the base point,
  * and then another four locations using the second 16 elements.
  */
-static const felem gmul[2][16][3] = { {{{0, 0, 0, 0},
-                                        {0, 0, 0, 0},
-                                        {0, 0, 0, 0}},
-                                       {{0x3280d6115c1d21, 0xc1d356c2112234,
-                                         0x7f321390b94a03, 0xb70e0cbd6bb4bf},
-                                        {0xd5819985007e34, 0x75a05a07476444,
-                                         0xfb4c22dfe6cd43, 0xbd376388b5f723},
-                                        {1, 0, 0, 0}},
-                                       {{0xfd9675666ebbe9, 0xbca7664d40ce5e,
-                                         0x2242df8d8a2a43, 0x1f49bbb0f99bc5},
-                                        {0x29e0b892dc9c43, 0xece8608436e662,
-                                         0xdc858f185310d0, 0x9812dd4eb8d321},
-                                        {1, 0, 0, 0}},
-                                       {{0x6d3e678d5d8eb8, 0x559eed1cb362f1,
-                                         0x16e9a3bbce8a3f, 0xeedcccd8c2a748},
-                                        {0xf19f90ed50266d, 0xabf2b4bf65f9df,
-                                         0x313865468fafec, 0x5cb379ba910a17},
-                                        {1, 0, 0, 0}},
-                                       {{0x0641966cab26e3, 0x91fb2991fab0a0,
-                                         0xefec27a4e13a0b, 0x0499aa8a5f8ebe},
-                                        {0x7510407766af5d, 0x84d929610d5450,
-                                         0x81d77aae82f706, 0x6916f6d4338c5b},
-                                        {1, 0, 0, 0}},
-                                       {{0xea95ac3b1f15c6, 0x086000905e82d4,
-                                         0xdd323ae4d1c8b1, 0x932b56be7685a3},
-                                        {0x9ef93dea25dbbf, 0x41665960f390f0,
-                                         0xfdec76dbe2a8a7, 0x523e80f019062a},
-                                        {1, 0, 0, 0}},
-                                       {{0x822fdd26732c73, 0xa01c83531b5d0f,
-                                         0x363f37347c1ba4, 0xc391b45c84725c},
-                                        {0xbbd5e1b2d6ad24, 0xddfbcde19dfaec,
-                                         0xc393da7e222a7f, 0x1efb7890ede244},
-                                        {1, 0, 0, 0}},
-                                       {{0x4c9e90ca217da1, 0xd11beca79159bb,
-                                         0xff8d33c2c98b7c, 0x2610b39409f849},
-                                        {0x44d1352ac64da0, 0xcdbb7b2c46b4fb,
-                                         0x966c079b753c89, 0xfe67e4e820b112},
-                                        {1, 0, 0, 0}},
-                                       {{0xe28cae2df5312d, 0xc71b61d16f5c6e,
-                                         0x79b7619a3e7c4c, 0x05c73240899b47},
-                                        {0x9f7f6382c73e3a, 0x18615165c56bda,
-                                         0x641fab2116fd56, 0x72855882b08394},
-                                        {1, 0, 0, 0}},
-                                       {{0x0469182f161c09, 0x74a98ca8d00fb5,
-                                         0xb89da93489a3e0, 0x41c98768fb0c1d},
-                                        {0xe5ea05fb32da81, 0x3dce9ffbca6855,
-                                         0x1cfe2d3fbf59e6, 0x0e5e03408738a7},
-                                        {1, 0, 0, 0}},
-                                       {{0xdab22b2333e87f, 0x4430137a5dd2f6,
-                                         0xe03ab9f738beb8, 0xcb0c5d0dc34f24},
-                                        {0x764a7df0c8fda5, 0x185ba5c3fa2044,
-                                         0x9281d688bcbe50, 0xc40331df893881},
-                                        {1, 0, 0, 0}},
-                                       {{0xb89530796f0f60, 0xade92bd26909a3,
-                                         0x1a0c83fb4884da, 0x1765bf22a5a984},
-                                        {0x772a9ee75db09e, 0x23bc6c67cec16f,
-                                         0x4c1edba8b14e2f, 0xe2a215d9611369},
-                                        {1, 0, 0, 0}},
-                                       {{0x571e509fb5efb3, 0xade88696410552,
-                                         0xc8ae85fada74fe, 0x6c7e4be83bbde3},
-                                        {0xff9f51160f4652, 0xb47ce2495a6539,
-                                         0xa2946c53b582f4, 0x286d2db3ee9a60},
-                                        {1, 0, 0, 0}},
-                                       {{0x40bbd5081a44af, 0x0995183b13926c,
-                                         0xbcefba6f47f6d0, 0x215619e9cc0057},
-                                        {0x8bc94d3b0df45e, 0xf11c54a3694f6f,
-                                         0x8631b93cdfe8b5, 0xe7e3f4b0982db9},
-                                        {1, 0, 0, 0}},
-                                       {{0xb17048ab3e1c7b, 0xac38f36ff8a1d8,
-                                         0x1c29819435d2c6, 0xc813132f4c07e9},
-                                        {0x2891425503b11f, 0x08781030579fea,
-                                         0xf5426ba5cc9674, 0x1e28ebf18562bc},
-                                        {1, 0, 0, 0}},
-                                       {{0x9f31997cc864eb, 0x06cd91d28b5e4c,
-                                         0xff17036691a973, 0xf1aef351497c58},
-                                        {0xdd1f2d600564ff, 0xdead073b1402db,
-                                         0x74a684435bd693, 0xeea7471f962558},
-                                        {1, 0, 0, 0}}},
+static const felem gmul[2][16][3] = {
+{{{0, 0, 0, 0},
+  {0, 0, 0, 0},
+  {0, 0, 0, 0}},
+ {{0x3280d6115c1d21, 0xc1d356c2112234, 0x7f321390b94a03, 0xb70e0cbd6bb4bf},
+  {0xd5819985007e34, 0x75a05a07476444, 0xfb4c22dfe6cd43, 0xbd376388b5f723},
+  {1, 0, 0, 0}},
+ {{0xfd9675666ebbe9, 0xbca7664d40ce5e, 0x2242df8d8a2a43, 0x1f49bbb0f99bc5},
+  {0x29e0b892dc9c43, 0xece8608436e662, 0xdc858f185310d0, 0x9812dd4eb8d321},
+  {1, 0, 0, 0}},
+ {{0x6d3e678d5d8eb8, 0x559eed1cb362f1, 0x16e9a3bbce8a3f, 0xeedcccd8c2a748},
+  {0xf19f90ed50266d, 0xabf2b4bf65f9df, 0x313865468fafec, 0x5cb379ba910a17},
+  {1, 0, 0, 0}},
+ {{0x0641966cab26e3, 0x91fb2991fab0a0, 0xefec27a4e13a0b, 0x0499aa8a5f8ebe},
+  {0x7510407766af5d, 0x84d929610d5450, 0x81d77aae82f706, 0x6916f6d4338c5b},
+  {1, 0, 0, 0}},
+ {{0xea95ac3b1f15c6, 0x086000905e82d4, 0xdd323ae4d1c8b1, 0x932b56be7685a3},
+  {0x9ef93dea25dbbf, 0x41665960f390f0, 0xfdec76dbe2a8a7, 0x523e80f019062a},
+  {1, 0, 0, 0}},
+ {{0x822fdd26732c73, 0xa01c83531b5d0f, 0x363f37347c1ba4, 0xc391b45c84725c},
+  {0xbbd5e1b2d6ad24, 0xddfbcde19dfaec, 0xc393da7e222a7f, 0x1efb7890ede244},
+  {1, 0, 0, 0}},
+ {{0x4c9e90ca217da1, 0xd11beca79159bb, 0xff8d33c2c98b7c, 0x2610b39409f849},
+  {0x44d1352ac64da0, 0xcdbb7b2c46b4fb, 0x966c079b753c89, 0xfe67e4e820b112},
+  {1, 0, 0, 0}},
+ {{0xe28cae2df5312d, 0xc71b61d16f5c6e, 0x79b7619a3e7c4c, 0x05c73240899b47},
+  {0x9f7f6382c73e3a, 0x18615165c56bda, 0x641fab2116fd56, 0x72855882b08394},
+  {1, 0, 0, 0}},
+ {{0x0469182f161c09, 0x74a98ca8d00fb5, 0xb89da93489a3e0, 0x41c98768fb0c1d},
+  {0xe5ea05fb32da81, 0x3dce9ffbca6855, 0x1cfe2d3fbf59e6, 0x0e5e03408738a7},
+  {1, 0, 0, 0}},
+ {{0xdab22b2333e87f, 0x4430137a5dd2f6, 0xe03ab9f738beb8, 0xcb0c5d0dc34f24},
+  {0x764a7df0c8fda5, 0x185ba5c3fa2044, 0x9281d688bcbe50, 0xc40331df893881},
+  {1, 0, 0, 0}},
+ {{0xb89530796f0f60, 0xade92bd26909a3, 0x1a0c83fb4884da, 0x1765bf22a5a984},
+  {0x772a9ee75db09e, 0x23bc6c67cec16f, 0x4c1edba8b14e2f, 0xe2a215d9611369},
+  {1, 0, 0, 0}},
+ {{0x571e509fb5efb3, 0xade88696410552, 0xc8ae85fada74fe, 0x6c7e4be83bbde3},
+  {0xff9f51160f4652, 0xb47ce2495a6539, 0xa2946c53b582f4, 0x286d2db3ee9a60},
+  {1, 0, 0, 0}},
+ {{0x40bbd5081a44af, 0x0995183b13926c, 0xbcefba6f47f6d0, 0x215619e9cc0057},
+  {0x8bc94d3b0df45e, 0xf11c54a3694f6f, 0x8631b93cdfe8b5, 0xe7e3f4b0982db9},
+  {1, 0, 0, 0}},
+ {{0xb17048ab3e1c7b, 0xac38f36ff8a1d8, 0x1c29819435d2c6, 0xc813132f4c07e9},
+  {0x2891425503b11f, 0x08781030579fea, 0xf5426ba5cc9674, 0x1e28ebf18562bc},
+  {1, 0, 0, 0}},
+ {{0x9f31997cc864eb, 0x06cd91d28b5e4c, 0xff17036691a973, 0xf1aef351497c58},
+  {0xdd1f2d600564ff, 0xdead073b1402db, 0x74a684435bd693, 0xeea7471f962558},
+  {1, 0, 0, 0}}},
 {{{0, 0, 0, 0},
   {0, 0, 0, 0},
   {0, 0, 0, 0}},
@@ -262,10 +235,11 @@ static const felem gmul[2][16][3] = { {{{0, 0, 0, 0},
 };
 
 /* Precomputation for the group generator. */
-typedef struct {
+struct nistp224_pre_comp_st {
     felem g_pre_comp[2][16][3];
-    int references;
-} NISTP224_PRE_COMP;
+    CRYPTO_REF_COUNT references;
+    CRYPTO_RWLOCK *lock;
+};
 
 const EC_METHOD *EC_GFp_nistp224_method(void)
 {
@@ -279,6 +253,7 @@ const EC_METHOD *EC_GFp_nistp224_method(void)
         ec_GFp_nistp224_group_set_curve,
         ec_GFp_simple_group_get_curve,
         ec_GFp_simple_group_get_degree,
+        ec_group_simple_order_bits,
         ec_GFp_simple_group_check_discriminant,
         ec_GFp_simple_point_init,
         ec_GFp_simple_point_finish,
@@ -308,7 +283,21 @@ const EC_METHOD *EC_GFp_nistp224_method(void)
         0 /* field_div */ ,
         0 /* field_encode */ ,
         0 /* field_decode */ ,
-        0                       /* field_set_to_one */
+        0,                      /* field_set_to_one */
+        ec_key_simple_priv2oct,
+        ec_key_simple_oct2priv,
+        0, /* set private */
+        ec_key_simple_generate_key,
+        ec_key_simple_check_key,
+        ec_key_simple_generate_public_key,
+        0, /* keycopy */
+        0, /* keyfinish */
+        ecdh_simple_compute_key,
+        0, /* field_inverse_mod_ord */
+        0, /* blind_coordinates */
+        0, /* ladder_pre */
+        0, /* ladder_step */
+        0  /* ladder_post */
     };
 
     return &ret;
@@ -413,22 +402,6 @@ static void felem_sum(felem out, const felem in)
     out[3] += in[3];
 }
 
-/* Get negative value: out = -in */
-/* Assumes in[i] < 2^57 */
-static void felem_neg(felem out, const felem in)
-{
-    static const limb two58p2 = (((limb) 1) << 58) + (((limb) 1) << 2);
-    static const limb two58m2 = (((limb) 1) << 58) - (((limb) 1) << 2);
-    static const limb two58m42m2 = (((limb) 1) << 58) -
-        (((limb) 1) << 42) - (((limb) 1) << 2);
-
-    /* Set to 0 mod 2^224-2^96+1 to ensure out > in */
-    out[0] = two58p2 - in[0];
-    out[1] = two58m42m2 - in[1];
-    out[2] = two58m2 - in[2];
-    out[3] = two58m2 - in[3];
-}
-
 /* Subtract field elements: out -= in */
 /* Assumes in[i] < 2^57 */
 static void felem_diff(felem out, const felem in)
@@ -550,11 +523,11 @@ static void felem_mul(widefelem out, const felem in1, const felem in2)
     out[0] = ((widelimb) in1[0]) * in2[0];
     out[1] = ((widelimb) in1[0]) * in2[1] + ((widelimb) in1[1]) * in2[0];
     out[2] = ((widelimb) in1[0]) * in2[2] + ((widelimb) in1[1]) * in2[1] +
-        ((widelimb) in1[2]) * in2[0];
+             ((widelimb) in1[2]) * in2[0];
     out[3] = ((widelimb) in1[0]) * in2[3] + ((widelimb) in1[1]) * in2[2] +
-        ((widelimb) in1[2]) * in2[1] + ((widelimb) in1[3]) * in2[0];
+             ((widelimb) in1[2]) * in2[1] + ((widelimb) in1[3]) * in2[0];
     out[4] = ((widelimb) in1[1]) * in2[3] + ((widelimb) in1[2]) * in2[2] +
-        ((widelimb) in1[3]) * in2[1];
+             ((widelimb) in1[3]) * in2[1];
     out[5] = ((widelimb) in1[2]) * in2[3] + ((widelimb) in1[3]) * in2[2];
     out[6] = ((widelimb) in1[3]) * in2[3];
 }
@@ -698,6 +671,18 @@ static void felem_contract(felem out, const felem in)
 }
 
 /*
+ * Get negative value: out = -in
+ * Requires in[i] < 2^63,
+ * ensures out[0] < 2^56, out[1] < 2^56, out[2] < 2^56, out[3] <= 2^56 + 2^16
+ */
+static void felem_neg(felem out, const felem in)
+{
+    widefelem tmp = {0};
+    felem_diff_128_64(tmp, in);
+    felem_reduce(out, tmp);
+}
+
+/*
  * Zero-check: returns 1 if input is 0, and 0 otherwise. We know that field
  * elements are reduced to in < 2^225, so we only need to check three cases:
  * 0, 2^224 - 2^96 + 1, and 2^225 - 2^97 + 2
@@ -835,7 +820,7 @@ static void copy_conditional(felem out, const felem in, limb icopy)
  * Double an elliptic curve point:
  * (X', Y', Z') = 2 * (X, Y, Z), where
  * X' = (3 * (X - Z^2) * (X + Z^2))^2 - 8 * X * Y^2
- * Y' = 3 * (X - Z^2) * (X + Z^2) * (4 * X * Y^2 - X') - 8 * Y^2
+ * Y' = 3 * (X - Z^2) * (X + Z^2) * (4 * X * Y^2 - X') - 8 * Y^4
  * Z' = (Y + Z)^2 - Y^2 - Z^2 = 2 * Y * Z
  * Outputs can equal corresponding inputs, i.e., x_out == x_in is allowed,
  * while x_out == y_in is not (maybe this works, but it's not tested).
@@ -1104,8 +1089,8 @@ static void select_point(const u64 idx, unsigned int size,
 {
     unsigned i, j;
     limb *outlimbs = &out[0][0];
-    memset(outlimbs, 0, 3 * sizeof(felem));
 
+    memset(out, 0, sizeof(*out) * 3);
     for (i = 0; i < size; i++) {
         const limb *inlimbs = &pre_comp[i][0][0];
         u64 mask = i ^ idx;
@@ -1148,7 +1133,7 @@ static void batch_mul(felem x_out, felem y_out, felem z_out,
     u8 sign, digit;
 
     /* set nq to the point at infinity */
-    memset(nq, 0, 3 * sizeof(felem));
+    memset(nq, 0, sizeof(nq));
 
     /*
      * Loop over all scalars msb-to-lsb, interleaving additions of multiples
@@ -1232,58 +1217,49 @@ static void batch_mul(felem x_out, felem y_out, felem z_out,
  * FUNCTIONS TO MANAGE PRECOMPUTATION
  */
 
-static NISTP224_PRE_COMP *nistp224_pre_comp_new()
+static NISTP224_PRE_COMP *nistp224_pre_comp_new(void)
 {
-    NISTP224_PRE_COMP *ret = NULL;
-    ret = (NISTP224_PRE_COMP *) OPENSSL_malloc(sizeof(*ret));
+    NISTP224_PRE_COMP *ret = OPENSSL_zalloc(sizeof(*ret));
+
     if (!ret) {
         ECerr(EC_F_NISTP224_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
         return ret;
     }
-    memset(ret->g_pre_comp, 0, sizeof(ret->g_pre_comp));
-    ret->references = 1;
-    return ret;
-}
-
-static void *nistp224_pre_comp_dup(void *src_)
-{
-    NISTP224_PRE_COMP *src = src_;
 
-    /* no need to actually copy, these objects never change! */
-    CRYPTO_add(&src->references, 1, CRYPTO_LOCK_EC_PRE_COMP);
+    ret->references = 1;
 
-    return src_;
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        ECerr(EC_F_NISTP224_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+    return ret;
 }
 
-static void nistp224_pre_comp_free(void *pre_)
+NISTP224_PRE_COMP *EC_nistp224_pre_comp_dup(NISTP224_PRE_COMP *p)
 {
     int i;
-    NISTP224_PRE_COMP *pre = pre_;
-
-    if (!pre)
-        return;
-
-    i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP);
-    if (i > 0)
-        return;
-
-    OPENSSL_free(pre);
+    if (p != NULL)
+        CRYPTO_UP_REF(&p->references, &i, p->lock);
+    return p;
 }
 
-static void nistp224_pre_comp_clear_free(void *pre_)
+void EC_nistp224_pre_comp_free(NISTP224_PRE_COMP *p)
 {
     int i;
-    NISTP224_PRE_COMP *pre = pre_;
 
-    if (!pre)
+    if (p == NULL)
         return;
 
-    i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP);
+    CRYPTO_DOWN_REF(&p->references, &i, p->lock);
+    REF_PRINT_COUNT("EC_nistp224", x);
     if (i > 0)
         return;
+    REF_ASSERT_ISNT(i < 0);
 
-    OPENSSL_cleanse(pre, sizeof(*pre));
-    OPENSSL_free(pre);
+    CRYPTO_THREAD_lock_free(p->lock);
+    OPENSSL_free(p);
 }
 
 /******************************************************************************/
@@ -1311,9 +1287,10 @@ int ec_GFp_nistp224_group_set_curve(EC_GROUP *group, const BIGNUM *p,
         if ((ctx = new_ctx = BN_CTX_new()) == NULL)
             return 0;
     BN_CTX_start(ctx);
-    if (((curve_p = BN_CTX_get(ctx)) == NULL) ||
-        ((curve_a = BN_CTX_get(ctx)) == NULL) ||
-        ((curve_b = BN_CTX_get(ctx)) == NULL))
+    curve_p = BN_CTX_get(ctx);
+    curve_a = BN_CTX_get(ctx);
+    curve_b = BN_CTX_get(ctx);
+    if (curve_b == NULL)
         goto err;
     BN_bin2bn(nistp224_curve_params[0], sizeof(felem_bytearray), curve_p);
     BN_bin2bn(nistp224_curve_params[1], sizeof(felem_bytearray), curve_a);
@@ -1327,8 +1304,7 @@ int ec_GFp_nistp224_group_set_curve(EC_GROUP *group, const BIGNUM *p,
     ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);
  err:
     BN_CTX_end(ctx);
-    if (new_ctx != NULL)
-        BN_CTX_free(new_ctx);
+    BN_CTX_free(new_ctx);
     return ret;
 }
 
@@ -1349,8 +1325,8 @@ int ec_GFp_nistp224_point_get_affine_coordinates(const EC_GROUP *group,
               EC_R_POINT_AT_INFINITY);
         return 0;
     }
-    if ((!BN_to_felem(x_in, &point->X)) || (!BN_to_felem(y_in, &point->Y)) ||
-        (!BN_to_felem(z1, &point->Z)))
+    if ((!BN_to_felem(x_in, point->X)) || (!BN_to_felem(y_in, point->Y)) ||
+        (!BN_to_felem(z1, point->Z)))
         return 0;
     felem_inv(z2, z1);
     felem_square(tmp, z2);
@@ -1422,11 +1398,10 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r,
     int j;
     unsigned i;
     int mixed = 0;
-    BN_CTX *new_ctx = NULL;
     BIGNUM *x, *y, *z, *tmp_scalar;
     felem_bytearray g_secret;
     felem_bytearray *secrets = NULL;
-    felem(*pre_comp)[17][3] = NULL;
+    felem (*pre_comp)[17][3] = NULL;
     felem *tmp_felems = NULL;
     felem_bytearray tmp;
     unsigned num_bytes;
@@ -1439,21 +1414,16 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r,
     const EC_POINT *p = NULL;
     const BIGNUM *p_scalar = NULL;
 
-    if (ctx == NULL)
-        if ((ctx = new_ctx = BN_CTX_new()) == NULL)
-            return 0;
     BN_CTX_start(ctx);
-    if (((x = BN_CTX_get(ctx)) == NULL) ||
-        ((y = BN_CTX_get(ctx)) == NULL) ||
-        ((z = BN_CTX_get(ctx)) == NULL) ||
-        ((tmp_scalar = BN_CTX_get(ctx)) == NULL))
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    z = BN_CTX_get(ctx);
+    tmp_scalar = BN_CTX_get(ctx);
+    if (tmp_scalar == NULL)
         goto err;
 
     if (scalar != NULL) {
-        pre = EC_EX_DATA_get_data(group->extra_data,
-                                  nistp224_pre_comp_dup,
-                                  nistp224_pre_comp_free,
-                                  nistp224_pre_comp_clear_free);
+        pre = group->pre_comp.nistp224;
         if (pre)
             /* we have precomputation, try to use it */
             g_pre_comp = (const felem(*)[16][3])pre->g_pre_comp;
@@ -1493,11 +1463,11 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r,
              */
             mixed = 1;
         }
-        secrets = OPENSSL_malloc(num_points * sizeof(felem_bytearray));
-        pre_comp = OPENSSL_malloc(num_points * 17 * 3 * sizeof(felem));
+        secrets = OPENSSL_zalloc(sizeof(*secrets) * num_points);
+        pre_comp = OPENSSL_zalloc(sizeof(*pre_comp) * num_points);
         if (mixed)
             tmp_felems =
-                OPENSSL_malloc((num_points * 17 + 1) * sizeof(felem));
+                OPENSSL_malloc(sizeof(felem) * (num_points * 17 + 1));
         if ((secrets == NULL) || (pre_comp == NULL)
             || (mixed && (tmp_felems == NULL))) {
             ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_MALLOC_FAILURE);
@@ -1508,8 +1478,6 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r,
          * we treat NULL scalars as 0, and NULL points as points at infinity,
          * i.e., they contribute nothing to the linear combination
          */
-        memset(secrets, 0, num_points * sizeof(felem_bytearray));
-        memset(pre_comp, 0, num_points * 17 * 3 * sizeof(felem));
         for (i = 0; i < num_points; ++i) {
             if (i == num)
                 /* the generator */
@@ -1530,7 +1498,7 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r,
                      * this is an unusual input, and we don't guarantee
                      * constant-timeness
                      */
-                    if (!BN_nnmod(tmp_scalar, p_scalar, &group->order, ctx)) {
+                    if (!BN_nnmod(tmp_scalar, p_scalar, group->order, ctx)) {
                         ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB);
                         goto err;
                     }
@@ -1539,9 +1507,9 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r,
                     num_bytes = BN_bn2bin(p_scalar, tmp);
                 flip_endian(secrets[i], tmp, num_bytes);
                 /* precompute multiples */
-                if ((!BN_to_felem(x_out, &p->X)) ||
-                    (!BN_to_felem(y_out, &p->Y)) ||
-                    (!BN_to_felem(z_out, &p->Z)))
+                if ((!BN_to_felem(x_out, p->X)) ||
+                    (!BN_to_felem(y_out, p->Y)) ||
+                    (!BN_to_felem(z_out, p->Z)))
                     goto err;
                 felem_assign(pre_comp[i][1][0], x_out);
                 felem_assign(pre_comp[i][1][1], y_out);
@@ -1576,7 +1544,7 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r,
              * this is an unusual input, and we don't guarantee
              * constant-timeness
              */
-            if (!BN_nnmod(tmp_scalar, scalar, &group->order, ctx)) {
+            if (!BN_nnmod(tmp_scalar, scalar, group->order, ctx)) {
                 ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB);
                 goto err;
             }
@@ -1607,16 +1575,10 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r,
 
  err:
     BN_CTX_end(ctx);
-    if (generator != NULL)
-        EC_POINT_free(generator);
-    if (new_ctx != NULL)
-        BN_CTX_free(new_ctx);
-    if (secrets != NULL)
-        OPENSSL_free(secrets);
-    if (pre_comp != NULL)
-        OPENSSL_free(pre_comp);
-    if (tmp_felems != NULL)
-        OPENSSL_free(tmp_felems);
+    EC_POINT_free(generator);
+    OPENSSL_free(secrets);
+    OPENSSL_free(pre_comp);
+    OPENSSL_free(tmp_felems);
     return ret;
 }
 
@@ -1631,14 +1593,14 @@ int ec_GFp_nistp224_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
     felem tmp_felems[32];
 
     /* throw away old precomputation */
-    EC_EX_DATA_free_data(&group->extra_data, nistp224_pre_comp_dup,
-                         nistp224_pre_comp_free,
-                         nistp224_pre_comp_clear_free);
+    EC_pre_comp_free(group);
     if (ctx == NULL)
         if ((ctx = new_ctx = BN_CTX_new()) == NULL)
             return 0;
     BN_CTX_start(ctx);
-    if (((x = BN_CTX_get(ctx)) == NULL) || ((y = BN_CTX_get(ctx)) == NULL))
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    if (y == NULL)
         goto err;
     /* get the generator */
     if (group->generator == NULL)
@@ -1648,7 +1610,7 @@ int ec_GFp_nistp224_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
         goto err;
     BN_bin2bn(nistp224_curve_params[3], sizeof(felem_bytearray), x);
     BN_bin2bn(nistp224_curve_params[4], sizeof(felem_bytearray), y);
-    if (!EC_POINT_set_affine_coordinates_GFp(group, generator, x, y, ctx))
+    if (!EC_POINT_set_affine_coordinates(group, generator, x, y, ctx))
         goto err;
     if ((pre = nistp224_pre_comp_new()) == NULL)
         goto err;
@@ -1659,9 +1621,9 @@ int ec_GFp_nistp224_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
         memcpy(pre->g_pre_comp, gmul, sizeof(pre->g_pre_comp));
         goto done;
     }
-    if ((!BN_to_felem(pre->g_pre_comp[0][1][0], &group->generator->X)) ||
-        (!BN_to_felem(pre->g_pre_comp[0][1][1], &group->generator->Y)) ||
-        (!BN_to_felem(pre->g_pre_comp[0][1][2], &group->generator->Z)))
+    if ((!BN_to_felem(pre->g_pre_comp[0][1][0], group->generator->X)) ||
+        (!BN_to_felem(pre->g_pre_comp[0][1][1], group->generator->Y)) ||
+        (!BN_to_felem(pre->g_pre_comp[0][1][2], group->generator->Z)))
         goto err;
     /*
      * compute 2^56*G, 2^112*G, 2^168*G for the first table, 2^28*G, 2^84*G,
@@ -1736,34 +1698,20 @@ int ec_GFp_nistp224_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
     make_points_affine(31, &(pre->g_pre_comp[0][1]), tmp_felems);
 
  done:
-    if (!EC_EX_DATA_set_data(&group->extra_data, pre, nistp224_pre_comp_dup,
-                             nistp224_pre_comp_free,
-                             nistp224_pre_comp_clear_free))
-        goto err;
-    ret = 1;
+    SETPRECOMP(group, nistp224, pre);
     pre = NULL;
+    ret = 1;
  err:
     BN_CTX_end(ctx);
-    if (generator != NULL)
-        EC_POINT_free(generator);
-    if (new_ctx != NULL)
-        BN_CTX_free(new_ctx);
-    if (pre)
-        nistp224_pre_comp_free(pre);
+    EC_POINT_free(generator);
+    BN_CTX_free(new_ctx);
+    EC_nistp224_pre_comp_free(pre);
     return ret;
 }
 
 int ec_GFp_nistp224_have_precompute_mult(const EC_GROUP *group)
 {
-    if (EC_EX_DATA_get_data(group->extra_data, nistp224_pre_comp_dup,
-                            nistp224_pre_comp_free,
-                            nistp224_pre_comp_clear_free)
-        != NULL)
-        return 1;
-    else
-        return 0;
+    return HAVEPRECOMP(group, nistp224);
 }
 
-#else
-static void *dummy = &dummy;
 #endif
diff --git a/freebsd/crypto/openssl/crypto/ec/ecp_nistp256.c b/freebsd/crypto/openssl/crypto/ec/ecp_nistp256.c
index d3fb9931..7850a8d2 100644
--- a/freebsd/crypto/openssl/crypto/ec/ecp_nistp256.c
+++ b/freebsd/crypto/openssl/crypto/ec/ecp_nistp256.c
@@ -1,9 +1,14 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/ec/ecp_nistp256.c */
 /*
- * Written by Adam Langley (Google) for the OpenSSL project
+ * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
+
 /* Copyright 2011 Google Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
@@ -29,25 +34,22 @@
  */
 
 #include <openssl/opensslconf.h>
-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
-
-# ifndef OPENSSL_SYS_VMS
-#  include <stdint.h>
-# else
-#  include <inttypes.h>
-# endif
+#ifdef OPENSSL_NO_EC_NISTP_64_GCC_128
+NON_EMPTY_TRANSLATION_UNIT
+#else
 
+# include <stdint.h>
 # include <string.h>
 # include <openssl/err.h>
 # include "ec_lcl.h"
 
-# if defined(__GNUC__) && (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 1))
+# if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16
   /* even with gcc, the typedef won't work for 32-bit platforms */
 typedef __uint128_t uint128_t;  /* nonstandard; implemented by gcc on 64-bit
                                  * platforms */
 typedef __int128_t int128_t;
 # else
-#  error "Need GCC 3.1 or later to define type uint128_t"
+#  error "Your compiler doesn't appear to support 128-bit integer types"
 # endif
 
 typedef uint8_t u8;
@@ -1235,7 +1237,7 @@ static void copy_small_conditional(felem out, const smallfelem in, limb mask)
 }
 
 /*-
- * point_add calcuates (x1, y1, z1) + (x2, y2, z2)
+ * point_add calculates (x1, y1, z1) + (x2, y2, z2)
  *
  * The method is taken from:
  *   http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-2007-bl,
@@ -1632,7 +1634,8 @@ static void select_point(const u64 idx, unsigned int size,
 {
     unsigned i, j;
     u64 *outlimbs = &out[0][0];
-    memset(outlimbs, 0, 3 * sizeof(smallfelem));
+
+    memset(out, 0, sizeof(*out) * 3);
 
     for (i = 0; i < size; i++) {
         const u64 *inlimbs = (u64 *)&pre_comp[i][0][0];
@@ -1676,7 +1679,7 @@ static void batch_mul(felem x_out, felem y_out, felem z_out,
     u8 sign, digit;
 
     /* set nq to the point at infinity */
-    memset(nq, 0, 3 * sizeof(felem));
+    memset(nq, 0, sizeof(nq));
 
     /*
      * Loop over all scalars msb-to-lsb, interleaving additions of multiples
@@ -1763,10 +1766,11 @@ static void batch_mul(felem x_out, felem y_out, felem z_out,
 }
 
 /* Precomputation for the group generator. */
-typedef struct {
+struct nistp256_pre_comp_st {
     smallfelem g_pre_comp[2][16][3];
-    int references;
-} NISTP256_PRE_COMP;
+    CRYPTO_REF_COUNT references;
+    CRYPTO_RWLOCK *lock;
+};
 
 const EC_METHOD *EC_GFp_nistp256_method(void)
 {
@@ -1780,6 +1784,7 @@ const EC_METHOD *EC_GFp_nistp256_method(void)
         ec_GFp_nistp256_group_set_curve,
         ec_GFp_simple_group_get_curve,
         ec_GFp_simple_group_get_degree,
+        ec_group_simple_order_bits,
         ec_GFp_simple_group_check_discriminant,
         ec_GFp_simple_point_init,
         ec_GFp_simple_point_finish,
@@ -1809,7 +1814,21 @@ const EC_METHOD *EC_GFp_nistp256_method(void)
         0 /* field_div */ ,
         0 /* field_encode */ ,
         0 /* field_decode */ ,
-        0                       /* field_set_to_one */
+        0,                      /* field_set_to_one */
+        ec_key_simple_priv2oct,
+        ec_key_simple_oct2priv,
+        0, /* set private */
+        ec_key_simple_generate_key,
+        ec_key_simple_check_key,
+        ec_key_simple_generate_public_key,
+        0, /* keycopy */
+        0, /* keyfinish */
+        ecdh_simple_compute_key,
+        0, /* field_inverse_mod_ord */
+        0, /* blind_coordinates */
+        0, /* ladder_pre */
+        0, /* ladder_step */
+        0  /* ladder_post */
     };
 
     return &ret;
@@ -1820,57 +1839,48 @@ const EC_METHOD *EC_GFp_nistp256_method(void)
  * FUNCTIONS TO MANAGE PRECOMPUTATION
  */
 
-static NISTP256_PRE_COMP *nistp256_pre_comp_new()
+static NISTP256_PRE_COMP *nistp256_pre_comp_new(void)
 {
-    NISTP256_PRE_COMP *ret = NULL;
-    ret = (NISTP256_PRE_COMP *) OPENSSL_malloc(sizeof(*ret));
-    if (!ret) {
+    NISTP256_PRE_COMP *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
         ECerr(EC_F_NISTP256_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
         return ret;
     }
-    memset(ret->g_pre_comp, 0, sizeof(ret->g_pre_comp));
-    ret->references = 1;
-    return ret;
-}
-
-static void *nistp256_pre_comp_dup(void *src_)
-{
-    NISTP256_PRE_COMP *src = src_;
 
-    /* no need to actually copy, these objects never change! */
-    CRYPTO_add(&src->references, 1, CRYPTO_LOCK_EC_PRE_COMP);
+    ret->references = 1;
 
-    return src_;
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        ECerr(EC_F_NISTP256_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+    return ret;
 }
 
-static void nistp256_pre_comp_free(void *pre_)
+NISTP256_PRE_COMP *EC_nistp256_pre_comp_dup(NISTP256_PRE_COMP *p)
 {
     int i;
-    NISTP256_PRE_COMP *pre = pre_;
-
-    if (!pre)
-        return;
-
-    i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP);
-    if (i > 0)
-        return;
-
-    OPENSSL_free(pre);
+    if (p != NULL)
+        CRYPTO_UP_REF(&p->references, &i, p->lock);
+    return p;
 }
 
-static void nistp256_pre_comp_clear_free(void *pre_)
+void EC_nistp256_pre_comp_free(NISTP256_PRE_COMP *pre)
 {
     int i;
-    NISTP256_PRE_COMP *pre = pre_;
 
-    if (!pre)
+    if (pre == NULL)
         return;
 
-    i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP);
+    CRYPTO_DOWN_REF(&pre->references, &i, pre->lock);
+    REF_PRINT_COUNT("EC_nistp256", x);
     if (i > 0)
         return;
+    REF_ASSERT_ISNT(i < 0);
 
-    OPENSSL_cleanse(pre, sizeof(*pre));
+    CRYPTO_THREAD_lock_free(pre->lock);
     OPENSSL_free(pre);
 }
 
@@ -1899,9 +1909,10 @@ int ec_GFp_nistp256_group_set_curve(EC_GROUP *group, const BIGNUM *p,
         if ((ctx = new_ctx = BN_CTX_new()) == NULL)
             return 0;
     BN_CTX_start(ctx);
-    if (((curve_p = BN_CTX_get(ctx)) == NULL) ||
-        ((curve_a = BN_CTX_get(ctx)) == NULL) ||
-        ((curve_b = BN_CTX_get(ctx)) == NULL))
+    curve_p = BN_CTX_get(ctx);
+    curve_a = BN_CTX_get(ctx);
+    curve_b = BN_CTX_get(ctx);
+    if (curve_b == NULL)
         goto err;
     BN_bin2bn(nistp256_curve_params[0], sizeof(felem_bytearray), curve_p);
     BN_bin2bn(nistp256_curve_params[1], sizeof(felem_bytearray), curve_a);
@@ -1915,8 +1926,7 @@ int ec_GFp_nistp256_group_set_curve(EC_GROUP *group, const BIGNUM *p,
     ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);
  err:
     BN_CTX_end(ctx);
-    if (new_ctx != NULL)
-        BN_CTX_free(new_ctx);
+    BN_CTX_free(new_ctx);
     return ret;
 }
 
@@ -1938,8 +1948,8 @@ int ec_GFp_nistp256_point_get_affine_coordinates(const EC_GROUP *group,
               EC_R_POINT_AT_INFINITY);
         return 0;
     }
-    if ((!BN_to_felem(x_in, &point->X)) || (!BN_to_felem(y_in, &point->Y)) ||
-        (!BN_to_felem(z1, &point->Z)))
+    if ((!BN_to_felem(x_in, point->X)) || (!BN_to_felem(y_in, point->Y)) ||
+        (!BN_to_felem(z1, point->Z)))
         return 0;
     felem_inv(z2, z1);
     felem_square(tmp, z2);
@@ -2010,11 +2020,10 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r,
     int ret = 0;
     int j;
     int mixed = 0;
-    BN_CTX *new_ctx = NULL;
     BIGNUM *x, *y, *z, *tmp_scalar;
     felem_bytearray g_secret;
     felem_bytearray *secrets = NULL;
-    smallfelem(*pre_comp)[17][3] = NULL;
+    smallfelem (*pre_comp)[17][3] = NULL;
     smallfelem *tmp_smallfelems = NULL;
     felem_bytearray tmp;
     unsigned i, num_bytes;
@@ -2028,21 +2037,16 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r,
     const EC_POINT *p = NULL;
     const BIGNUM *p_scalar = NULL;
 
-    if (ctx == NULL)
-        if ((ctx = new_ctx = BN_CTX_new()) == NULL)
-            return 0;
     BN_CTX_start(ctx);
-    if (((x = BN_CTX_get(ctx)) == NULL) ||
-        ((y = BN_CTX_get(ctx)) == NULL) ||
-        ((z = BN_CTX_get(ctx)) == NULL) ||
-        ((tmp_scalar = BN_CTX_get(ctx)) == NULL))
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    z = BN_CTX_get(ctx);
+    tmp_scalar = BN_CTX_get(ctx);
+    if (tmp_scalar == NULL)
         goto err;
 
     if (scalar != NULL) {
-        pre = EC_EX_DATA_get_data(group->extra_data,
-                                  nistp256_pre_comp_dup,
-                                  nistp256_pre_comp_free,
-                                  nistp256_pre_comp_clear_free);
+        pre = group->pre_comp.nistp256;
         if (pre)
             /* we have precomputation, try to use it */
             g_pre_comp = (const smallfelem(*)[16][3])pre->g_pre_comp;
@@ -2081,11 +2085,11 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r,
              */
             mixed = 1;
         }
-        secrets = OPENSSL_malloc(num_points * sizeof(felem_bytearray));
-        pre_comp = OPENSSL_malloc(num_points * 17 * 3 * sizeof(smallfelem));
+        secrets = OPENSSL_malloc(sizeof(*secrets) * num_points);
+        pre_comp = OPENSSL_malloc(sizeof(*pre_comp) * num_points);
         if (mixed)
             tmp_smallfelems =
-                OPENSSL_malloc((num_points * 17 + 1) * sizeof(smallfelem));
+              OPENSSL_malloc(sizeof(*tmp_smallfelems) * (num_points * 17 + 1));
         if ((secrets == NULL) || (pre_comp == NULL)
             || (mixed && (tmp_smallfelems == NULL))) {
             ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_MALLOC_FAILURE);
@@ -2096,8 +2100,8 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r,
          * we treat NULL scalars as 0, and NULL points as points at infinity,
          * i.e., they contribute nothing to the linear combination
          */
-        memset(secrets, 0, num_points * sizeof(felem_bytearray));
-        memset(pre_comp, 0, num_points * 17 * 3 * sizeof(smallfelem));
+        memset(secrets, 0, sizeof(*secrets) * num_points);
+        memset(pre_comp, 0, sizeof(*pre_comp) * num_points);
         for (i = 0; i < num_points; ++i) {
             if (i == num)
                 /*
@@ -2121,7 +2125,7 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r,
                      * this is an unusual input, and we don't guarantee
                      * constant-timeness
                      */
-                    if (!BN_nnmod(tmp_scalar, p_scalar, &group->order, ctx)) {
+                    if (!BN_nnmod(tmp_scalar, p_scalar, group->order, ctx)) {
                         ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB);
                         goto err;
                     }
@@ -2130,9 +2134,9 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r,
                     num_bytes = BN_bn2bin(p_scalar, tmp);
                 flip_endian(secrets[i], tmp, num_bytes);
                 /* precompute multiples */
-                if ((!BN_to_felem(x_out, &p->X)) ||
-                    (!BN_to_felem(y_out, &p->Y)) ||
-                    (!BN_to_felem(z_out, &p->Z)))
+                if ((!BN_to_felem(x_out, p->X)) ||
+                    (!BN_to_felem(y_out, p->Y)) ||
+                    (!BN_to_felem(z_out, p->Z)))
                     goto err;
                 felem_shrink(pre_comp[i][1][0], x_out);
                 felem_shrink(pre_comp[i][1][1], y_out);
@@ -2169,7 +2173,7 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r,
              * this is an unusual input, and we don't guarantee
              * constant-timeness
              */
-            if (!BN_nnmod(tmp_scalar, scalar, &group->order, ctx)) {
+            if (!BN_nnmod(tmp_scalar, scalar, group->order, ctx)) {
                 ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB);
                 goto err;
             }
@@ -2200,16 +2204,10 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r,
 
  err:
     BN_CTX_end(ctx);
-    if (generator != NULL)
-        EC_POINT_free(generator);
-    if (new_ctx != NULL)
-        BN_CTX_free(new_ctx);
-    if (secrets != NULL)
-        OPENSSL_free(secrets);
-    if (pre_comp != NULL)
-        OPENSSL_free(pre_comp);
-    if (tmp_smallfelems != NULL)
-        OPENSSL_free(tmp_smallfelems);
+    EC_POINT_free(generator);
+    OPENSSL_free(secrets);
+    OPENSSL_free(pre_comp);
+    OPENSSL_free(tmp_smallfelems);
     return ret;
 }
 
@@ -2225,14 +2223,14 @@ int ec_GFp_nistp256_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
     felem x_tmp, y_tmp, z_tmp;
 
     /* throw away old precomputation */
-    EC_EX_DATA_free_data(&group->extra_data, nistp256_pre_comp_dup,
-                         nistp256_pre_comp_free,
-                         nistp256_pre_comp_clear_free);
+    EC_pre_comp_free(group);
     if (ctx == NULL)
         if ((ctx = new_ctx = BN_CTX_new()) == NULL)
             return 0;
     BN_CTX_start(ctx);
-    if (((x = BN_CTX_get(ctx)) == NULL) || ((y = BN_CTX_get(ctx)) == NULL))
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    if (y == NULL)
         goto err;
     /* get the generator */
     if (group->generator == NULL)
@@ -2242,7 +2240,7 @@ int ec_GFp_nistp256_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
         goto err;
     BN_bin2bn(nistp256_curve_params[3], sizeof(felem_bytearray), x);
     BN_bin2bn(nistp256_curve_params[4], sizeof(felem_bytearray), y);
-    if (!EC_POINT_set_affine_coordinates_GFp(group, generator, x, y, ctx))
+    if (!EC_POINT_set_affine_coordinates(group, generator, x, y, ctx))
         goto err;
     if ((pre = nistp256_pre_comp_new()) == NULL)
         goto err;
@@ -2253,9 +2251,9 @@ int ec_GFp_nistp256_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
         memcpy(pre->g_pre_comp, gmul, sizeof(pre->g_pre_comp));
         goto done;
     }
-    if ((!BN_to_felem(x_tmp, &group->generator->X)) ||
-        (!BN_to_felem(y_tmp, &group->generator->Y)) ||
-        (!BN_to_felem(z_tmp, &group->generator->Z)))
+    if ((!BN_to_felem(x_tmp, group->generator->X)) ||
+        (!BN_to_felem(y_tmp, group->generator->Y)) ||
+        (!BN_to_felem(z_tmp, group->generator->Z)))
         goto err;
     felem_shrink(pre->g_pre_comp[0][1][0], x_tmp);
     felem_shrink(pre->g_pre_comp[0][1][1], y_tmp);
@@ -2339,33 +2337,20 @@ int ec_GFp_nistp256_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
     make_points_affine(31, &(pre->g_pre_comp[0][1]), tmp_smallfelems);
 
  done:
-    if (!EC_EX_DATA_set_data(&group->extra_data, pre, nistp256_pre_comp_dup,
-                             nistp256_pre_comp_free,
-                             nistp256_pre_comp_clear_free))
-        goto err;
-    ret = 1;
+    SETPRECOMP(group, nistp256, pre);
     pre = NULL;
+    ret = 1;
+
  err:
     BN_CTX_end(ctx);
-    if (generator != NULL)
-        EC_POINT_free(generator);
-    if (new_ctx != NULL)
-        BN_CTX_free(new_ctx);
-    if (pre)
-        nistp256_pre_comp_free(pre);
+    EC_POINT_free(generator);
+    BN_CTX_free(new_ctx);
+    EC_nistp256_pre_comp_free(pre);
     return ret;
 }
 
 int ec_GFp_nistp256_have_precompute_mult(const EC_GROUP *group)
 {
-    if (EC_EX_DATA_get_data(group->extra_data, nistp256_pre_comp_dup,
-                            nistp256_pre_comp_free,
-                            nistp256_pre_comp_clear_free)
-        != NULL)
-        return 1;
-    else
-        return 0;
+    return HAVEPRECOMP(group, nistp256);
 }
-#else
-static void *dummy = &dummy;
 #endif
diff --git a/freebsd/crypto/openssl/crypto/ec/ecp_nistp521.c b/freebsd/crypto/openssl/crypto/ec/ecp_nistp521.c
index a07c91f5..0b7b47f0 100644
--- a/freebsd/crypto/openssl/crypto/ec/ecp_nistp521.c
+++ b/freebsd/crypto/openssl/crypto/ec/ecp_nistp521.c
@@ -1,9 +1,14 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/ec/ecp_nistp521.c */
 /*
- * Written by Adam Langley (Google) for the OpenSSL project
+ * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
+
 /* Copyright 2011 Google Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
@@ -28,25 +33,21 @@
  * work which got its smarts from Daniel J. Bernstein's work on the same.
  */
 
-#include <openssl/opensslconf.h>
-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
-
-# ifndef OPENSSL_SYS_VMS
-#  include <stdint.h>
-# else
-#  include <inttypes.h>
-# endif
+#include <openssl/e_os2.h>
+#ifdef OPENSSL_NO_EC_NISTP_64_GCC_128
+NON_EMPTY_TRANSLATION_UNIT
+#else
 
 # include <string.h>
 # include <openssl/err.h>
 # include "ec_lcl.h"
 
-# if defined(__GNUC__) && (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 1))
+# if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16
   /* even with gcc, the typedef won't work for 32-bit platforms */
 typedef __uint128_t uint128_t;  /* nonstandard; implemented by gcc on 64-bit
                                  * platforms */
 # else
-#  error "Need GCC 3.1 or later to define type uint128_t"
+#  error "Your compiler doesn't appear to support 128-bit integer types"
 # endif
 
 typedef uint8_t u8;
@@ -431,19 +432,19 @@ static void felem_square(largefelem out, const felem in)
     out[2] = ((uint128_t) in[0]) * inx2[2] + ((uint128_t) in[1]) * in[1];
     out[3] = ((uint128_t) in[0]) * inx2[3] + ((uint128_t) in[1]) * inx2[2];
     out[4] = ((uint128_t) in[0]) * inx2[4] +
-        ((uint128_t) in[1]) * inx2[3] + ((uint128_t) in[2]) * in[2];
+             ((uint128_t) in[1]) * inx2[3] + ((uint128_t) in[2]) * in[2];
     out[5] = ((uint128_t) in[0]) * inx2[5] +
-        ((uint128_t) in[1]) * inx2[4] + ((uint128_t) in[2]) * inx2[3];
+             ((uint128_t) in[1]) * inx2[4] + ((uint128_t) in[2]) * inx2[3];
     out[6] = ((uint128_t) in[0]) * inx2[6] +
-        ((uint128_t) in[1]) * inx2[5] +
-        ((uint128_t) in[2]) * inx2[4] + ((uint128_t) in[3]) * in[3];
+             ((uint128_t) in[1]) * inx2[5] +
+             ((uint128_t) in[2]) * inx2[4] + ((uint128_t) in[3]) * in[3];
     out[7] = ((uint128_t) in[0]) * inx2[7] +
-        ((uint128_t) in[1]) * inx2[6] +
-        ((uint128_t) in[2]) * inx2[5] + ((uint128_t) in[3]) * inx2[4];
+             ((uint128_t) in[1]) * inx2[6] +
+             ((uint128_t) in[2]) * inx2[5] + ((uint128_t) in[3]) * inx2[4];
     out[8] = ((uint128_t) in[0]) * inx2[8] +
-        ((uint128_t) in[1]) * inx2[7] +
-        ((uint128_t) in[2]) * inx2[6] +
-        ((uint128_t) in[3]) * inx2[5] + ((uint128_t) in[4]) * in[4];
+             ((uint128_t) in[1]) * inx2[7] +
+             ((uint128_t) in[2]) * inx2[6] +
+             ((uint128_t) in[3]) * inx2[5] + ((uint128_t) in[4]) * in[4];
 
     /*
      * The remaining limbs fall above 2^521, with the first falling at 2^522.
@@ -456,21 +457,21 @@ static void felem_square(largefelem out, const felem in)
 
     /* 9 */
     out[0] += ((uint128_t) in[1]) * inx4[8] +
-        ((uint128_t) in[2]) * inx4[7] +
-        ((uint128_t) in[3]) * inx4[6] + ((uint128_t) in[4]) * inx4[5];
+              ((uint128_t) in[2]) * inx4[7] +
+              ((uint128_t) in[3]) * inx4[6] + ((uint128_t) in[4]) * inx4[5];
 
     /* 10 */
     out[1] += ((uint128_t) in[2]) * inx4[8] +
-        ((uint128_t) in[3]) * inx4[7] +
-        ((uint128_t) in[4]) * inx4[6] + ((uint128_t) in[5]) * inx2[5];
+              ((uint128_t) in[3]) * inx4[7] +
+              ((uint128_t) in[4]) * inx4[6] + ((uint128_t) in[5]) * inx2[5];
 
     /* 11 */
     out[2] += ((uint128_t) in[3]) * inx4[8] +
-        ((uint128_t) in[4]) * inx4[7] + ((uint128_t) in[5]) * inx4[6];
+              ((uint128_t) in[4]) * inx4[7] + ((uint128_t) in[5]) * inx4[6];
 
     /* 12 */
     out[3] += ((uint128_t) in[4]) * inx4[8] +
-        ((uint128_t) in[5]) * inx4[7] + ((uint128_t) in[6]) * inx2[6];
+              ((uint128_t) in[5]) * inx4[7] + ((uint128_t) in[6]) * inx2[6];
 
     /* 13 */
     out[4] += ((uint128_t) in[5]) * inx4[8] + ((uint128_t) in[6]) * inx4[7];
@@ -500,87 +501,101 @@ static void felem_mul(largefelem out, const felem in1, const felem in2)
 
     out[0] = ((uint128_t) in1[0]) * in2[0];
 
-    out[1] = ((uint128_t) in1[0]) * in2[1] + ((uint128_t) in1[1]) * in2[0];
+    out[1] = ((uint128_t) in1[0]) * in2[1] +
+             ((uint128_t) in1[1]) * in2[0];
 
     out[2] = ((uint128_t) in1[0]) * in2[2] +
-        ((uint128_t) in1[1]) * in2[1] + ((uint128_t) in1[2]) * in2[0];
+             ((uint128_t) in1[1]) * in2[1] +
+             ((uint128_t) in1[2]) * in2[0];
 
     out[3] = ((uint128_t) in1[0]) * in2[3] +
-        ((uint128_t) in1[1]) * in2[2] +
-        ((uint128_t) in1[2]) * in2[1] + ((uint128_t) in1[3]) * in2[0];
+             ((uint128_t) in1[1]) * in2[2] +
+             ((uint128_t) in1[2]) * in2[1] +
+             ((uint128_t) in1[3]) * in2[0];
 
     out[4] = ((uint128_t) in1[0]) * in2[4] +
-        ((uint128_t) in1[1]) * in2[3] +
-        ((uint128_t) in1[2]) * in2[2] +
-        ((uint128_t) in1[3]) * in2[1] + ((uint128_t) in1[4]) * in2[0];
+             ((uint128_t) in1[1]) * in2[3] +
+             ((uint128_t) in1[2]) * in2[2] +
+             ((uint128_t) in1[3]) * in2[1] +
+             ((uint128_t) in1[4]) * in2[0];
 
     out[5] = ((uint128_t) in1[0]) * in2[5] +
-        ((uint128_t) in1[1]) * in2[4] +
-        ((uint128_t) in1[2]) * in2[3] +
-        ((uint128_t) in1[3]) * in2[2] +
-        ((uint128_t) in1[4]) * in2[1] + ((uint128_t) in1[5]) * in2[0];
+             ((uint128_t) in1[1]) * in2[4] +
+             ((uint128_t) in1[2]) * in2[3] +
+             ((uint128_t) in1[3]) * in2[2] +
+             ((uint128_t) in1[4]) * in2[1] +
+             ((uint128_t) in1[5]) * in2[0];
 
     out[6] = ((uint128_t) in1[0]) * in2[6] +
-        ((uint128_t) in1[1]) * in2[5] +
-        ((uint128_t) in1[2]) * in2[4] +
-        ((uint128_t) in1[3]) * in2[3] +
-        ((uint128_t) in1[4]) * in2[2] +
-        ((uint128_t) in1[5]) * in2[1] + ((uint128_t) in1[6]) * in2[0];
+             ((uint128_t) in1[1]) * in2[5] +
+             ((uint128_t) in1[2]) * in2[4] +
+             ((uint128_t) in1[3]) * in2[3] +
+             ((uint128_t) in1[4]) * in2[2] +
+             ((uint128_t) in1[5]) * in2[1] +
+             ((uint128_t) in1[6]) * in2[0];
 
     out[7] = ((uint128_t) in1[0]) * in2[7] +
-        ((uint128_t) in1[1]) * in2[6] +
-        ((uint128_t) in1[2]) * in2[5] +
-        ((uint128_t) in1[3]) * in2[4] +
-        ((uint128_t) in1[4]) * in2[3] +
-        ((uint128_t) in1[5]) * in2[2] +
-        ((uint128_t) in1[6]) * in2[1] + ((uint128_t) in1[7]) * in2[0];
+             ((uint128_t) in1[1]) * in2[6] +
+             ((uint128_t) in1[2]) * in2[5] +
+             ((uint128_t) in1[3]) * in2[4] +
+             ((uint128_t) in1[4]) * in2[3] +
+             ((uint128_t) in1[5]) * in2[2] +
+             ((uint128_t) in1[6]) * in2[1] +
+             ((uint128_t) in1[7]) * in2[0];
 
     out[8] = ((uint128_t) in1[0]) * in2[8] +
-        ((uint128_t) in1[1]) * in2[7] +
-        ((uint128_t) in1[2]) * in2[6] +
-        ((uint128_t) in1[3]) * in2[5] +
-        ((uint128_t) in1[4]) * in2[4] +
-        ((uint128_t) in1[5]) * in2[3] +
-        ((uint128_t) in1[6]) * in2[2] +
-        ((uint128_t) in1[7]) * in2[1] + ((uint128_t) in1[8]) * in2[0];
+             ((uint128_t) in1[1]) * in2[7] +
+             ((uint128_t) in1[2]) * in2[6] +
+             ((uint128_t) in1[3]) * in2[5] +
+             ((uint128_t) in1[4]) * in2[4] +
+             ((uint128_t) in1[5]) * in2[3] +
+             ((uint128_t) in1[6]) * in2[2] +
+             ((uint128_t) in1[7]) * in2[1] +
+             ((uint128_t) in1[8]) * in2[0];
 
     /* See comment in felem_square about the use of in2x2 here */
 
     out[0] += ((uint128_t) in1[1]) * in2x2[8] +
-        ((uint128_t) in1[2]) * in2x2[7] +
-        ((uint128_t) in1[3]) * in2x2[6] +
-        ((uint128_t) in1[4]) * in2x2[5] +
-        ((uint128_t) in1[5]) * in2x2[4] +
-        ((uint128_t) in1[6]) * in2x2[3] +
-        ((uint128_t) in1[7]) * in2x2[2] + ((uint128_t) in1[8]) * in2x2[1];
+              ((uint128_t) in1[2]) * in2x2[7] +
+              ((uint128_t) in1[3]) * in2x2[6] +
+              ((uint128_t) in1[4]) * in2x2[5] +
+              ((uint128_t) in1[5]) * in2x2[4] +
+              ((uint128_t) in1[6]) * in2x2[3] +
+              ((uint128_t) in1[7]) * in2x2[2] +
+              ((uint128_t) in1[8]) * in2x2[1];
 
     out[1] += ((uint128_t) in1[2]) * in2x2[8] +
-        ((uint128_t) in1[3]) * in2x2[7] +
-        ((uint128_t) in1[4]) * in2x2[6] +
-        ((uint128_t) in1[5]) * in2x2[5] +
-        ((uint128_t) in1[6]) * in2x2[4] +
-        ((uint128_t) in1[7]) * in2x2[3] + ((uint128_t) in1[8]) * in2x2[2];
+              ((uint128_t) in1[3]) * in2x2[7] +
+              ((uint128_t) in1[4]) * in2x2[6] +
+              ((uint128_t) in1[5]) * in2x2[5] +
+              ((uint128_t) in1[6]) * in2x2[4] +
+              ((uint128_t) in1[7]) * in2x2[3] +
+              ((uint128_t) in1[8]) * in2x2[2];
 
     out[2] += ((uint128_t) in1[3]) * in2x2[8] +
-        ((uint128_t) in1[4]) * in2x2[7] +
-        ((uint128_t) in1[5]) * in2x2[6] +
-        ((uint128_t) in1[6]) * in2x2[5] +
-        ((uint128_t) in1[7]) * in2x2[4] + ((uint128_t) in1[8]) * in2x2[3];
+              ((uint128_t) in1[4]) * in2x2[7] +
+              ((uint128_t) in1[5]) * in2x2[6] +
+              ((uint128_t) in1[6]) * in2x2[5] +
+              ((uint128_t) in1[7]) * in2x2[4] +
+              ((uint128_t) in1[8]) * in2x2[3];
 
     out[3] += ((uint128_t) in1[4]) * in2x2[8] +
-        ((uint128_t) in1[5]) * in2x2[7] +
-        ((uint128_t) in1[6]) * in2x2[6] +
-        ((uint128_t) in1[7]) * in2x2[5] + ((uint128_t) in1[8]) * in2x2[4];
+              ((uint128_t) in1[5]) * in2x2[7] +
+              ((uint128_t) in1[6]) * in2x2[6] +
+              ((uint128_t) in1[7]) * in2x2[5] +
+              ((uint128_t) in1[8]) * in2x2[4];
 
     out[4] += ((uint128_t) in1[5]) * in2x2[8] +
-        ((uint128_t) in1[6]) * in2x2[7] +
-        ((uint128_t) in1[7]) * in2x2[6] + ((uint128_t) in1[8]) * in2x2[5];
+              ((uint128_t) in1[6]) * in2x2[7] +
+              ((uint128_t) in1[7]) * in2x2[6] +
+              ((uint128_t) in1[8]) * in2x2[5];
 
     out[5] += ((uint128_t) in1[6]) * in2x2[8] +
-        ((uint128_t) in1[7]) * in2x2[7] + ((uint128_t) in1[8]) * in2x2[6];
+              ((uint128_t) in1[7]) * in2x2[7] +
+              ((uint128_t) in1[8]) * in2x2[6];
 
     out[6] += ((uint128_t) in1[7]) * in2x2[8] +
-        ((uint128_t) in1[8]) * in2x2[7];
+              ((uint128_t) in1[8]) * in2x2[7];
 
     out[7] += ((uint128_t) in1[8]) * in2x2[8];
 }
@@ -1020,7 +1035,7 @@ static void felem_contract(felem out, const felem in)
  * coordinates */
 
 /*-
- * point_double calcuates 2*(x_in, y_in, z_in)
+ * point_double calculates 2*(x_in, y_in, z_in)
  *
  * The method is taken from:
  *   http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2001-b
@@ -1136,16 +1151,16 @@ static void copy_conditional(felem out, const felem in, limb mask)
 }
 
 /*-
- * point_add calcuates (x1, y1, z1) + (x2, y2, z2)
+ * point_add calculates (x1, y1, z1) + (x2, y2, z2)
  *
  * The method is taken from
  *   http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-2007-bl,
  * adapted for mixed addition (z2 = 1, or z2 = 0 for the point at infinity).
  *
  * This function includes a branch for checking whether the two input points
- * are equal (while not equal to the point at infinity). This case never
- * happens during single point multiplication, so there is no timing leak for
- * ECDH or ECDSA signing. */
+ * are equal (while not equal to the point at infinity). See comment below
+ * on constant-time.
+ */
 static void point_add(felem x3, felem y3, felem z3,
                       const felem x1, const felem y1, const felem z1,
                       const int mixed, const felem x2, const felem y2,
@@ -1239,6 +1254,22 @@ static void point_add(felem x3, felem y3, felem z3,
     /* ftmp5[i] < 2^61 */
 
     if (x_equal && y_equal && !z1_is_zero && !z2_is_zero) {
+        /*
+         * This is obviously not constant-time but it will almost-never happen
+         * for ECDH / ECDSA. The case where it can happen is during scalar-mult
+         * where the intermediate value gets very close to the group order.
+         * Since |ec_GFp_nistp_recode_scalar_bits| produces signed digits for
+         * the scalar, it's possible for the intermediate value to be a small
+         * negative multiple of the base point, and for the final signed digit
+         * to be the same value. We believe that this only occurs for the scalar
+         * 1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
+         * ffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb
+         * 71e913863f7, in that case the penultimate intermediate is -9G and
+         * the final digit is also -9G. Since this only happens for a single
+         * scalar, the timing leak is irrelevent. (Any attacker who wanted to
+         * check whether a secret scalar was that exact value, can already do
+         * so.)
+         */
         point_double(x3, y3, z3, x1, y1, z1);
         return;
     }
@@ -1336,9 +1367,10 @@ static void point_add(felem x3, felem y3, felem z3,
  * Tables for other points have table[i] = iG for i in 0 .. 16. */
 
 /* gmul is the table of precomputed base points */
-static const felem gmul[16][3] = { {{0, 0, 0, 0, 0, 0, 0, 0, 0},
-                                    {0, 0, 0, 0, 0, 0, 0, 0, 0},
-                                    {0, 0, 0, 0, 0, 0, 0, 0, 0}},
+static const felem gmul[16][3] = {
+{{0, 0, 0, 0, 0, 0, 0, 0, 0},
+ {0, 0, 0, 0, 0, 0, 0, 0, 0},
+ {0, 0, 0, 0, 0, 0, 0, 0, 0}},
 {{0x017e7e31c2e5bd66, 0x022cf0615a90a6fe, 0x00127a2ffa8de334,
   0x01dfbf9d64a3f877, 0x006b4d3dbaa14b5e, 0x014fed487e0a2bd8,
   0x015b4429c6481390, 0x03a73678fb2d988e, 0x00c6858e06b70404},
@@ -1456,7 +1488,8 @@ static void select_point(const limb idx, unsigned int size,
 {
     unsigned i, j;
     limb *outlimbs = &out[0][0];
-    memset(outlimbs, 0, 3 * sizeof(felem));
+
+    memset(out, 0, sizeof(*out) * 3);
 
     for (i = 0; i < size; i++) {
         const limb *inlimbs = &pre_comp[i][0][0];
@@ -1499,7 +1532,7 @@ static void batch_mul(felem x_out, felem y_out, felem z_out,
     u8 sign, digit;
 
     /* set nq to the point at infinity */
-    memset(nq, 0, 3 * sizeof(felem));
+    memset(nq, 0, sizeof(nq));
 
     /*
      * Loop over all scalars msb-to-lsb, interleaving additions of multiples
@@ -1570,10 +1603,11 @@ static void batch_mul(felem x_out, felem y_out, felem z_out,
 }
 
 /* Precomputation for the group generator. */
-typedef struct {
+struct nistp521_pre_comp_st {
     felem g_pre_comp[16][3];
-    int references;
-} NISTP521_PRE_COMP;
+    CRYPTO_REF_COUNT references;
+    CRYPTO_RWLOCK *lock;
+};
 
 const EC_METHOD *EC_GFp_nistp521_method(void)
 {
@@ -1587,6 +1621,7 @@ const EC_METHOD *EC_GFp_nistp521_method(void)
         ec_GFp_nistp521_group_set_curve,
         ec_GFp_simple_group_get_curve,
         ec_GFp_simple_group_get_degree,
+        ec_group_simple_order_bits,
         ec_GFp_simple_group_check_discriminant,
         ec_GFp_simple_point_init,
         ec_GFp_simple_point_finish,
@@ -1616,7 +1651,21 @@ const EC_METHOD *EC_GFp_nistp521_method(void)
         0 /* field_div */ ,
         0 /* field_encode */ ,
         0 /* field_decode */ ,
-        0                       /* field_set_to_one */
+        0,                      /* field_set_to_one */
+        ec_key_simple_priv2oct,
+        ec_key_simple_oct2priv,
+        0, /* set private */
+        ec_key_simple_generate_key,
+        ec_key_simple_check_key,
+        ec_key_simple_generate_public_key,
+        0, /* keycopy */
+        0, /* keyfinish */
+        ecdh_simple_compute_key,
+        0, /* field_inverse_mod_ord */
+        0, /* blind_coordinates */
+        0, /* ladder_pre */
+        0, /* ladder_step */
+        0  /* ladder_post */
     };
 
     return &ret;
@@ -1627,58 +1676,49 @@ const EC_METHOD *EC_GFp_nistp521_method(void)
  * FUNCTIONS TO MANAGE PRECOMPUTATION
  */
 
-static NISTP521_PRE_COMP *nistp521_pre_comp_new()
+static NISTP521_PRE_COMP *nistp521_pre_comp_new(void)
 {
-    NISTP521_PRE_COMP *ret = NULL;
-    ret = (NISTP521_PRE_COMP *) OPENSSL_malloc(sizeof(NISTP521_PRE_COMP));
-    if (!ret) {
+    NISTP521_PRE_COMP *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
         ECerr(EC_F_NISTP521_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
         return ret;
     }
-    memset(ret->g_pre_comp, 0, sizeof(ret->g_pre_comp));
-    ret->references = 1;
-    return ret;
-}
-
-static void *nistp521_pre_comp_dup(void *src_)
-{
-    NISTP521_PRE_COMP *src = src_;
 
-    /* no need to actually copy, these objects never change! */
-    CRYPTO_add(&src->references, 1, CRYPTO_LOCK_EC_PRE_COMP);
+    ret->references = 1;
 
-    return src_;
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        ECerr(EC_F_NISTP521_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+    return ret;
 }
 
-static void nistp521_pre_comp_free(void *pre_)
+NISTP521_PRE_COMP *EC_nistp521_pre_comp_dup(NISTP521_PRE_COMP *p)
 {
     int i;
-    NISTP521_PRE_COMP *pre = pre_;
-
-    if (!pre)
-        return;
-
-    i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP);
-    if (i > 0)
-        return;
-
-    OPENSSL_free(pre);
+    if (p != NULL)
+        CRYPTO_UP_REF(&p->references, &i, p->lock);
+    return p;
 }
 
-static void nistp521_pre_comp_clear_free(void *pre_)
+void EC_nistp521_pre_comp_free(NISTP521_PRE_COMP *p)
 {
     int i;
-    NISTP521_PRE_COMP *pre = pre_;
 
-    if (!pre)
+    if (p == NULL)
         return;
 
-    i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP);
+    CRYPTO_DOWN_REF(&p->references, &i, p->lock);
+    REF_PRINT_COUNT("EC_nistp521", x);
     if (i > 0)
         return;
+    REF_ASSERT_ISNT(i < 0);
 
-    OPENSSL_cleanse(pre, sizeof(*pre));
-    OPENSSL_free(pre);
+    CRYPTO_THREAD_lock_free(p->lock);
+    OPENSSL_free(p);
 }
 
 /******************************************************************************/
@@ -1706,9 +1746,10 @@ int ec_GFp_nistp521_group_set_curve(EC_GROUP *group, const BIGNUM *p,
         if ((ctx = new_ctx = BN_CTX_new()) == NULL)
             return 0;
     BN_CTX_start(ctx);
-    if (((curve_p = BN_CTX_get(ctx)) == NULL) ||
-        ((curve_a = BN_CTX_get(ctx)) == NULL) ||
-        ((curve_b = BN_CTX_get(ctx)) == NULL))
+    curve_p = BN_CTX_get(ctx);
+    curve_a = BN_CTX_get(ctx);
+    curve_b = BN_CTX_get(ctx);
+    if (curve_b == NULL)
         goto err;
     BN_bin2bn(nistp521_curve_params[0], sizeof(felem_bytearray), curve_p);
     BN_bin2bn(nistp521_curve_params[1], sizeof(felem_bytearray), curve_a);
@@ -1722,8 +1763,7 @@ int ec_GFp_nistp521_group_set_curve(EC_GROUP *group, const BIGNUM *p,
     ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);
  err:
     BN_CTX_end(ctx);
-    if (new_ctx != NULL)
-        BN_CTX_free(new_ctx);
+    BN_CTX_free(new_ctx);
     return ret;
 }
 
@@ -1744,8 +1784,8 @@ int ec_GFp_nistp521_point_get_affine_coordinates(const EC_GROUP *group,
               EC_R_POINT_AT_INFINITY);
         return 0;
     }
-    if ((!BN_to_felem(x_in, &point->X)) || (!BN_to_felem(y_in, &point->Y)) ||
-        (!BN_to_felem(z1, &point->Z)))
+    if ((!BN_to_felem(x_in, point->X)) || (!BN_to_felem(y_in, point->Y)) ||
+        (!BN_to_felem(z1, point->Z)))
         return 0;
     felem_inv(z2, z1);
     felem_square(tmp, z2);
@@ -1817,11 +1857,10 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r,
     int ret = 0;
     int j;
     int mixed = 0;
-    BN_CTX *new_ctx = NULL;
     BIGNUM *x, *y, *z, *tmp_scalar;
     felem_bytearray g_secret;
     felem_bytearray *secrets = NULL;
-    felem(*pre_comp)[17][3] = NULL;
+    felem (*pre_comp)[17][3] = NULL;
     felem *tmp_felems = NULL;
     felem_bytearray tmp;
     unsigned i, num_bytes;
@@ -1834,21 +1873,16 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r,
     const EC_POINT *p = NULL;
     const BIGNUM *p_scalar = NULL;
 
-    if (ctx == NULL)
-        if ((ctx = new_ctx = BN_CTX_new()) == NULL)
-            return 0;
     BN_CTX_start(ctx);
-    if (((x = BN_CTX_get(ctx)) == NULL) ||
-        ((y = BN_CTX_get(ctx)) == NULL) ||
-        ((z = BN_CTX_get(ctx)) == NULL) ||
-        ((tmp_scalar = BN_CTX_get(ctx)) == NULL))
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    z = BN_CTX_get(ctx);
+    tmp_scalar = BN_CTX_get(ctx);
+    if (tmp_scalar == NULL)
         goto err;
 
     if (scalar != NULL) {
-        pre = EC_EX_DATA_get_data(group->extra_data,
-                                  nistp521_pre_comp_dup,
-                                  nistp521_pre_comp_free,
-                                  nistp521_pre_comp_clear_free);
+        pre = group->pre_comp.nistp521;
         if (pre)
             /* we have precomputation, try to use it */
             g_pre_comp = &pre->g_pre_comp[0];
@@ -1888,11 +1922,11 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r,
              */
             mixed = 1;
         }
-        secrets = OPENSSL_malloc(num_points * sizeof(felem_bytearray));
-        pre_comp = OPENSSL_malloc(num_points * 17 * 3 * sizeof(felem));
+        secrets = OPENSSL_zalloc(sizeof(*secrets) * num_points);
+        pre_comp = OPENSSL_zalloc(sizeof(*pre_comp) * num_points);
         if (mixed)
             tmp_felems =
-                OPENSSL_malloc((num_points * 17 + 1) * sizeof(felem));
+                OPENSSL_malloc(sizeof(*tmp_felems) * (num_points * 17 + 1));
         if ((secrets == NULL) || (pre_comp == NULL)
             || (mixed && (tmp_felems == NULL))) {
             ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_MALLOC_FAILURE);
@@ -1903,8 +1937,6 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r,
          * we treat NULL scalars as 0, and NULL points as points at infinity,
          * i.e., they contribute nothing to the linear combination
          */
-        memset(secrets, 0, num_points * sizeof(felem_bytearray));
-        memset(pre_comp, 0, num_points * 17 * 3 * sizeof(felem));
         for (i = 0; i < num_points; ++i) {
             if (i == num)
                 /*
@@ -1928,7 +1960,7 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r,
                      * this is an unusual input, and we don't guarantee
                      * constant-timeness
                      */
-                    if (!BN_nnmod(tmp_scalar, p_scalar, &group->order, ctx)) {
+                    if (!BN_nnmod(tmp_scalar, p_scalar, group->order, ctx)) {
                         ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB);
                         goto err;
                     }
@@ -1937,9 +1969,9 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r,
                     num_bytes = BN_bn2bin(p_scalar, tmp);
                 flip_endian(secrets[i], tmp, num_bytes);
                 /* precompute multiples */
-                if ((!BN_to_felem(x_out, &p->X)) ||
-                    (!BN_to_felem(y_out, &p->Y)) ||
-                    (!BN_to_felem(z_out, &p->Z)))
+                if ((!BN_to_felem(x_out, p->X)) ||
+                    (!BN_to_felem(y_out, p->Y)) ||
+                    (!BN_to_felem(z_out, p->Z)))
                     goto err;
                 memcpy(pre_comp[i][1][0], x_out, sizeof(felem));
                 memcpy(pre_comp[i][1][1], y_out, sizeof(felem));
@@ -1974,7 +2006,7 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r,
              * this is an unusual input, and we don't guarantee
              * constant-timeness
              */
-            if (!BN_nnmod(tmp_scalar, scalar, &group->order, ctx)) {
+            if (!BN_nnmod(tmp_scalar, scalar, group->order, ctx)) {
                 ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB);
                 goto err;
             }
@@ -2006,16 +2038,10 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r,
 
  err:
     BN_CTX_end(ctx);
-    if (generator != NULL)
-        EC_POINT_free(generator);
-    if (new_ctx != NULL)
-        BN_CTX_free(new_ctx);
-    if (secrets != NULL)
-        OPENSSL_free(secrets);
-    if (pre_comp != NULL)
-        OPENSSL_free(pre_comp);
-    if (tmp_felems != NULL)
-        OPENSSL_free(tmp_felems);
+    EC_POINT_free(generator);
+    OPENSSL_free(secrets);
+    OPENSSL_free(pre_comp);
+    OPENSSL_free(tmp_felems);
     return ret;
 }
 
@@ -2030,14 +2056,14 @@ int ec_GFp_nistp521_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
     felem tmp_felems[16];
 
     /* throw away old precomputation */
-    EC_EX_DATA_free_data(&group->extra_data, nistp521_pre_comp_dup,
-                         nistp521_pre_comp_free,
-                         nistp521_pre_comp_clear_free);
+    EC_pre_comp_free(group);
     if (ctx == NULL)
         if ((ctx = new_ctx = BN_CTX_new()) == NULL)
             return 0;
     BN_CTX_start(ctx);
-    if (((x = BN_CTX_get(ctx)) == NULL) || ((y = BN_CTX_get(ctx)) == NULL))
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    if (y == NULL)
         goto err;
     /* get the generator */
     if (group->generator == NULL)
@@ -2047,7 +2073,7 @@ int ec_GFp_nistp521_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
         goto err;
     BN_bin2bn(nistp521_curve_params[3], sizeof(felem_bytearray), x);
     BN_bin2bn(nistp521_curve_params[4], sizeof(felem_bytearray), y);
-    if (!EC_POINT_set_affine_coordinates_GFp(group, generator, x, y, ctx))
+    if (!EC_POINT_set_affine_coordinates(group, generator, x, y, ctx))
         goto err;
     if ((pre = nistp521_pre_comp_new()) == NULL)
         goto err;
@@ -2058,9 +2084,9 @@ int ec_GFp_nistp521_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
         memcpy(pre->g_pre_comp, gmul, sizeof(pre->g_pre_comp));
         goto done;
     }
-    if ((!BN_to_felem(pre->g_pre_comp[1][0], &group->generator->X)) ||
-        (!BN_to_felem(pre->g_pre_comp[1][1], &group->generator->Y)) ||
-        (!BN_to_felem(pre->g_pre_comp[1][2], &group->generator->Z)))
+    if ((!BN_to_felem(pre->g_pre_comp[1][0], group->generator->X)) ||
+        (!BN_to_felem(pre->g_pre_comp[1][1], group->generator->Y)) ||
+        (!BN_to_felem(pre->g_pre_comp[1][2], group->generator->Z)))
         goto err;
     /* compute 2^130*G, 2^260*G, 2^390*G */
     for (i = 1; i <= 4; i <<= 1) {
@@ -2115,34 +2141,20 @@ int ec_GFp_nistp521_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
     make_points_affine(15, &(pre->g_pre_comp[1]), tmp_felems);
 
  done:
-    if (!EC_EX_DATA_set_data(&group->extra_data, pre, nistp521_pre_comp_dup,
-                             nistp521_pre_comp_free,
-                             nistp521_pre_comp_clear_free))
-        goto err;
+    SETPRECOMP(group, nistp521, pre);
     ret = 1;
     pre = NULL;
  err:
     BN_CTX_end(ctx);
-    if (generator != NULL)
-        EC_POINT_free(generator);
-    if (new_ctx != NULL)
-        BN_CTX_free(new_ctx);
-    if (pre)
-        nistp521_pre_comp_free(pre);
+    EC_POINT_free(generator);
+    BN_CTX_free(new_ctx);
+    EC_nistp521_pre_comp_free(pre);
     return ret;
 }
 
 int ec_GFp_nistp521_have_precompute_mult(const EC_GROUP *group)
 {
-    if (EC_EX_DATA_get_data(group->extra_data, nistp521_pre_comp_dup,
-                            nistp521_pre_comp_free,
-                            nistp521_pre_comp_clear_free)
-        != NULL)
-        return 1;
-    else
-        return 0;
+    return HAVEPRECOMP(group, nistp521);
 }
 
-#else
-static void *dummy = &dummy;
 #endif
diff --git a/freebsd/crypto/openssl/crypto/ec/ecp_nistputil.c b/freebsd/crypto/openssl/crypto/ec/ecp_nistputil.c
index bbdfeb46..cca7082c 100644
--- a/freebsd/crypto/openssl/crypto/ec/ecp_nistputil.c
+++ b/freebsd/crypto/openssl/crypto/ec/ecp_nistputil.c
@@ -1,9 +1,14 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/ec/ecp_nistputil.c */
 /*
- * Written by Bodo Moeller for the OpenSSL project.
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
+
 /* Copyright 2011 Google Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
@@ -21,7 +26,9 @@
  */
 
 #include <openssl/opensslconf.h>
-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+#ifdef OPENSSL_NO_EC_NISTP_64_GCC_128
+NON_EMPTY_TRANSLATION_UNIT
+#else
 
 /*
  * Common utility functions for ecp_nistp224.c, ecp_nistp256.c, ecp_nistp521.c.
@@ -215,6 +222,4 @@ void ec_GFp_nistp_recode_scalar_bits(unsigned char *sign,
     *sign = s & 1;
     *digit = d;
 }
-#else
-static void *dummy = &dummy;
 #endif
diff --git a/freebsd/crypto/openssl/crypto/ec/ecp_nistz256.c b/freebsd/crypto/openssl/crypto/ec/ecp_nistz256.c
index 9be2f5d9..25b86e3c 100644
--- a/freebsd/crypto/openssl/crypto/ec/ecp_nistz256.c
+++ b/freebsd/crypto/openssl/crypto/ec/ecp_nistz256.c
@@ -1,41 +1,31 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/******************************************************************************
- *                                                                            *
- * Copyright 2014 Intel Corporation                                           *
- *                                                                            *
- * Licensed under the Apache License, Version 2.0 (the "License");            *
- * you may not use this file except in compliance with the License.           *
- * You may obtain a copy of the License at                                    *
- *                                                                            *
- *    http://www.apache.org/licenses/LICENSE-2.0                              *
- *                                                                            *
- * Unless required by applicable law or agreed to in writing, software        *
- * distributed under the License is distributed on an "AS IS" BASIS,          *
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   *
- * See the License for the specific language governing permissions and        *
- * limitations under the License.                                             *
- *                                                                            *
- ******************************************************************************
- *                                                                            *
- * Developers and authors:                                                    *
- * Shay Gueron (1, 2), and Vlad Krasnov (1)                                   *
- * (1) Intel Corporation, Israel Development Center                           *
- * (2) University of Haifa                                                    *
- * Reference:                                                                 *
- * S.Gueron and V.Krasnov, "Fast Prime Field Elliptic Curve Cryptography with *
- *                          256 Bit Primes"                                   *
- *                                                                            *
- ******************************************************************************/
+/*
+ * Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2014, Intel Corporation. All Rights Reserved.
+ * Copyright (c) 2015, CloudFlare, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Shay Gueron (1, 2), and Vlad Krasnov (1, 3)
+ * (1) Intel Corporation, Israel Development Center, Haifa, Israel
+ * (2) University of Haifa, Israel
+ * (3) CloudFlare, Inc.
+ *
+ * Reference:
+ * S.Gueron and V.Krasnov, "Fast Prime Field Elliptic Curve Cryptography with
+ *                          256 Bit Primes"
+ */
 
 #include <string.h>
 
-#include <openssl/bn.h>
-#include <openssl/err.h>
-#include <openssl/ec.h>
-#include "cryptlib.h"
-
+#include "internal/cryptlib.h"
+#include "internal/bn_int.h"
 #include "ec_lcl.h"
+#include "internal/refcount.h"
 
 #if BN_BITS2 != 64
 # define TOBN(hi,lo)    lo,hi
@@ -70,7 +60,7 @@ typedef struct {
 typedef P256_POINT_AFFINE PRECOMP256_ROW[64];
 
 /* structure for precomputed multiples of the generator */
-typedef struct ec_pre_comp_st {
+struct nistz256_pre_comp_st {
     const EC_GROUP *group;      /* Parent EC_GROUP object */
     size_t w;                   /* Window size */
     /*
@@ -80,8 +70,9 @@ typedef struct ec_pre_comp_st {
      */
     PRECOMP256_ROW *precomp;
     void *precomp_storage;
-    int references;
-} EC_PRE_COMP;
+    CRYPTO_REF_COUNT references;
+    CRYPTO_RWLOCK *lock;
+};
 
 /* Functions implemented in assembly */
 /*
@@ -134,10 +125,14 @@ void ecp_nistz256_from_mont(BN_ULONG res[P256_LIMBS],
 void ecp_nistz256_to_mont(BN_ULONG res[P256_LIMBS],
                           const BN_ULONG in[P256_LIMBS]);
 /* Functions that perform constant time access to the precomputed tables */
-void ecp_nistz256_select_w5(P256_POINT * val,
-                            const P256_POINT * in_t, int index);
-void ecp_nistz256_select_w7(P256_POINT_AFFINE * val,
-                            const P256_POINT_AFFINE * in_t, int index);
+void ecp_nistz256_scatter_w5(P256_POINT *val,
+                             const P256_POINT *in_t, int idx);
+void ecp_nistz256_gather_w5(P256_POINT *val,
+                            const P256_POINT *in_t, int idx);
+void ecp_nistz256_scatter_w7(P256_POINT_AFFINE *val,
+                             const P256_POINT_AFFINE *in_t, int idx);
+void ecp_nistz256_gather_w7(P256_POINT_AFFINE *val,
+                            const P256_POINT_AFFINE *in_t, int idx);
 
 /* One converted into the Montgomery domain */
 static const BN_ULONG ONE[P256_LIMBS] = {
@@ -145,13 +140,10 @@ static const BN_ULONG ONE[P256_LIMBS] = {
     TOBN(0xffffffff, 0xffffffff), TOBN(0x00000000, 0xfffffffe)
 };
 
-static void *ecp_nistz256_pre_comp_dup(void *);
-static void ecp_nistz256_pre_comp_free(void *);
-static void ecp_nistz256_pre_comp_clear_free(void *);
-static EC_PRE_COMP *ecp_nistz256_pre_comp_new(const EC_GROUP *group);
+static NISTZ256_PRE_COMP *ecp_nistz256_pre_comp_new(const EC_GROUP *group);
 
 /* Precomputed tables for the default generator */
-#include "ecp_nistz256_table.c"
+extern const PRECOMP256_ROW ecp_nistz256_precomputed[37];
 
 /* Recode window to a signed digit, see ecp_nistputil.c for details */
 static unsigned int _booth_recode_w5(unsigned int in)
@@ -181,7 +173,7 @@ static unsigned int _booth_recode_w7(unsigned int in)
 static void copy_conditional(BN_ULONG dst[P256_LIMBS],
                              const BN_ULONG src[P256_LIMBS], BN_ULONG move)
 {
-    BN_ULONG mask1 = -move;
+    BN_ULONG mask1 = 0-move;
     BN_ULONG mask2 = ~mask1;
 
     dst[0] = (src[0] & mask1) ^ (dst[0] & mask2);
@@ -200,7 +192,6 @@ static BN_ULONG is_zero(BN_ULONG in)
 {
     in |= (0 - in);
     in = ~in;
-    in &= BN_MASK2;
     in >>= BN_BITS2 - 1;
     return in;
 }
@@ -227,9 +218,9 @@ static BN_ULONG is_equal(const BN_ULONG a[P256_LIMBS],
 static BN_ULONG is_one(const BIGNUM *z)
 {
     BN_ULONG res = 0;
-    BN_ULONG *a = z->d;
+    BN_ULONG *a = bn_get_words(z);
 
-    if (z->top == (P256_LIMBS - P256_LIMBS / 8)) {
+    if (bn_get_top(z) == (P256_LIMBS - P256_LIMBS / 8)) {
         res = a[0] ^ ONE[0];
         res |= a[1] ^ ONE[1];
         res |= a[2] ^ ONE[2];
@@ -249,18 +240,16 @@ static BN_ULONG is_one(const BIGNUM *z)
     return res;
 }
 
-static int ecp_nistz256_set_words(BIGNUM *a, BN_ULONG words[P256_LIMBS])
- {
-     if (bn_wexpand(a, P256_LIMBS) == NULL) {
-         ECerr(EC_F_ECP_NISTZ256_SET_WORDS, ERR_R_MALLOC_FAILURE);
-         return 0;
-     }
-     memcpy(a->d, words, sizeof(BN_ULONG) * P256_LIMBS);
-     a->top = P256_LIMBS;
-     bn_correct_top(a);
-     return 1;
-}
-
+/*
+ * For reference, this macro is used only when new ecp_nistz256 assembly
+ * module is being developed.  For example, configure with
+ * -DECP_NISTZ256_REFERENCE_IMPLEMENTATION and implement only functions
+ * performing simplest arithmetic operations on 256-bit vectors. Then
+ * work on implementation of higher-level functions performing point
+ * operations. Then remove ECP_NISTZ256_REFERENCE_IMPLEMENTATION
+ * and never define it again. (The correct macro denoting presence of
+ * ecp_nistz256 module is ECP_NISTZ256_ASM.)
+ */
 #ifndef ECP_NISTZ256_REFERENCE_IMPLEMENTATION
 void ecp_nistz256_point_double(P256_POINT *r, const P256_POINT *a);
 void ecp_nistz256_point_add(P256_POINT *r,
@@ -582,48 +571,44 @@ static void ecp_nistz256_mod_inverse(BN_ULONG r[P256_LIMBS],
  * ecp_nistz256_bignum_to_field_elem copies the contents of |in| to |out| and
  * returns one if it fits. Otherwise it returns zero.
  */
-static int ecp_nistz256_bignum_to_field_elem(BN_ULONG out[P256_LIMBS],
-                                             const BIGNUM *in)
+__owur static int ecp_nistz256_bignum_to_field_elem(BN_ULONG out[P256_LIMBS],
+                                                    const BIGNUM *in)
 {
-    if (in->top > P256_LIMBS)
-        return 0;
-
-    memset(out, 0, sizeof(BN_ULONG) * P256_LIMBS);
-    memcpy(out, in->d, sizeof(BN_ULONG) * in->top);
-    return 1;
+    return bn_copy_words(out, in, P256_LIMBS);
 }
 
 /* r = sum(scalar[i]*point[i]) */
-static int ecp_nistz256_windowed_mul(const EC_GROUP *group,
-                                      P256_POINT *r,
-                                      const BIGNUM **scalar,
-                                      const EC_POINT **point,
-                                      int num, BN_CTX *ctx)
+__owur static int ecp_nistz256_windowed_mul(const EC_GROUP *group,
+                                            P256_POINT *r,
+                                            const BIGNUM **scalar,
+                                            const EC_POINT **point,
+                                            size_t num, BN_CTX *ctx)
 {
-
-    int i, j, ret = 0;
-    unsigned int index;
+    size_t i;
+    int j, ret = 0;
+    unsigned int idx;
     unsigned char (*p_str)[33] = NULL;
     const unsigned int window_size = 5;
     const unsigned int mask = (1 << (window_size + 1)) - 1;
     unsigned int wvalue;
-    BN_ULONG tmp[P256_LIMBS];
-    ALIGN32 P256_POINT h;
+    P256_POINT *temp;           /* place for 5 temporary points */
     const BIGNUM **scalars = NULL;
     P256_POINT (*table)[16] = NULL;
     void *table_storage = NULL;
 
-    if ((table_storage =
-         OPENSSL_malloc(num * 16 * sizeof(P256_POINT) + 64)) == NULL
+    if ((num * 16 + 6) > OPENSSL_MALLOC_MAX_NELEMS(P256_POINT)
+        || (table_storage =
+            OPENSSL_malloc((num * 16 + 5) * sizeof(P256_POINT) + 64)) == NULL
         || (p_str =
             OPENSSL_malloc(num * 33 * sizeof(unsigned char))) == NULL
         || (scalars = OPENSSL_malloc(num * sizeof(BIGNUM *))) == NULL) {
         ECerr(EC_F_ECP_NISTZ256_WINDOWED_MUL, ERR_R_MALLOC_FAILURE);
         goto err;
-    } else {
-        table = (void *)ALIGNPTR(table_storage, 64);
     }
 
+    table = (void *)ALIGNPTR(table_storage, 64);
+    temp = (P256_POINT *)(table + num);
+
     for (i = 0; i < num; i++) {
         P256_POINT *row = table[i];
 
@@ -633,7 +618,7 @@ static int ecp_nistz256_windowed_mul(const EC_GROUP *group,
 
             if ((mod = BN_CTX_get(ctx)) == NULL)
                 goto err;
-            if (!BN_nnmod(mod, scalar[i], &group->order, ctx)) {
+            if (!BN_nnmod(mod, scalar[i], group->order, ctx)) {
                 ECerr(EC_F_ECP_NISTZ256_WINDOWED_MUL, ERR_R_BN_LIB);
                 goto err;
             }
@@ -641,78 +626,101 @@ static int ecp_nistz256_windowed_mul(const EC_GROUP *group,
         } else
             scalars[i] = scalar[i];
 
-        for (j = 0; j < scalars[i]->top * BN_BYTES; j += BN_BYTES) {
-            BN_ULONG d = scalars[i]->d[j / BN_BYTES];
+        for (j = 0; j < bn_get_top(scalars[i]) * BN_BYTES; j += BN_BYTES) {
+            BN_ULONG d = bn_get_words(scalars[i])[j / BN_BYTES];
 
-            p_str[i][j + 0] = d & 0xff;
-            p_str[i][j + 1] = (d >> 8) & 0xff;
-            p_str[i][j + 2] = (d >> 16) & 0xff;
-            p_str[i][j + 3] = (d >>= 24) & 0xff;
+            p_str[i][j + 0] = (unsigned char)d;
+            p_str[i][j + 1] = (unsigned char)(d >> 8);
+            p_str[i][j + 2] = (unsigned char)(d >> 16);
+            p_str[i][j + 3] = (unsigned char)(d >>= 24);
             if (BN_BYTES == 8) {
                 d >>= 8;
-                p_str[i][j + 4] = d & 0xff;
-                p_str[i][j + 5] = (d >> 8) & 0xff;
-                p_str[i][j + 6] = (d >> 16) & 0xff;
-                p_str[i][j + 7] = (d >> 24) & 0xff;
+                p_str[i][j + 4] = (unsigned char)d;
+                p_str[i][j + 5] = (unsigned char)(d >> 8);
+                p_str[i][j + 6] = (unsigned char)(d >> 16);
+                p_str[i][j + 7] = (unsigned char)(d >> 24);
             }
         }
         for (; j < 33; j++)
             p_str[i][j] = 0;
 
-        /* table[0] is implicitly (0,0,0) (the point at infinity),
-         * therefore it is not stored. All other values are actually
-         * stored with an offset of -1 in table.
-         */
-
-        if (!ecp_nistz256_bignum_to_field_elem(row[1 - 1].X, &point[i]->X)
-            || !ecp_nistz256_bignum_to_field_elem(row[1 - 1].Y, &point[i]->Y)
-            || !ecp_nistz256_bignum_to_field_elem(row[1 - 1].Z, &point[i]->Z)) {
-            ECerr(EC_F_ECP_NISTZ256_WINDOWED_MUL, EC_R_COORDINATES_OUT_OF_RANGE);
+        if (!ecp_nistz256_bignum_to_field_elem(temp[0].X, point[i]->X)
+            || !ecp_nistz256_bignum_to_field_elem(temp[0].Y, point[i]->Y)
+            || !ecp_nistz256_bignum_to_field_elem(temp[0].Z, point[i]->Z)) {
+            ECerr(EC_F_ECP_NISTZ256_WINDOWED_MUL,
+                  EC_R_COORDINATES_OUT_OF_RANGE);
             goto err;
         }
 
-        ecp_nistz256_point_double(&row[ 2 - 1], &row[ 1 - 1]);
-        ecp_nistz256_point_add   (&row[ 3 - 1], &row[ 2 - 1], &row[1 - 1]);
-        ecp_nistz256_point_double(&row[ 4 - 1], &row[ 2 - 1]);
-        ecp_nistz256_point_double(&row[ 6 - 1], &row[ 3 - 1]);
-        ecp_nistz256_point_double(&row[ 8 - 1], &row[ 4 - 1]);
-        ecp_nistz256_point_double(&row[12 - 1], &row[ 6 - 1]);
-        ecp_nistz256_point_add   (&row[ 5 - 1], &row[ 4 - 1], &row[1 - 1]);
-        ecp_nistz256_point_add   (&row[ 7 - 1], &row[ 6 - 1], &row[1 - 1]);
-        ecp_nistz256_point_add   (&row[ 9 - 1], &row[ 8 - 1], &row[1 - 1]);
-        ecp_nistz256_point_add   (&row[13 - 1], &row[12 - 1], &row[1 - 1]);
-        ecp_nistz256_point_double(&row[14 - 1], &row[ 7 - 1]);
-        ecp_nistz256_point_double(&row[10 - 1], &row[ 5 - 1]);
-        ecp_nistz256_point_add   (&row[15 - 1], &row[14 - 1], &row[1 - 1]);
-        ecp_nistz256_point_add   (&row[11 - 1], &row[10 - 1], &row[1 - 1]);
-        ecp_nistz256_point_add   (&row[16 - 1], &row[15 - 1], &row[1 - 1]);
+        /*
+         * row[0] is implicitly (0,0,0) (the point at infinity), therefore it
+         * is not stored. All other values are actually stored with an offset
+         * of -1 in table.
+         */
+
+        ecp_nistz256_scatter_w5  (row, &temp[0], 1);
+        ecp_nistz256_point_double(&temp[1], &temp[0]);              /*1+1=2  */
+        ecp_nistz256_scatter_w5  (row, &temp[1], 2);
+        ecp_nistz256_point_add   (&temp[2], &temp[1], &temp[0]);    /*2+1=3  */
+        ecp_nistz256_scatter_w5  (row, &temp[2], 3);
+        ecp_nistz256_point_double(&temp[1], &temp[1]);              /*2*2=4  */
+        ecp_nistz256_scatter_w5  (row, &temp[1], 4);
+        ecp_nistz256_point_double(&temp[2], &temp[2]);              /*2*3=6  */
+        ecp_nistz256_scatter_w5  (row, &temp[2], 6);
+        ecp_nistz256_point_add   (&temp[3], &temp[1], &temp[0]);    /*4+1=5  */
+        ecp_nistz256_scatter_w5  (row, &temp[3], 5);
+        ecp_nistz256_point_add   (&temp[4], &temp[2], &temp[0]);    /*6+1=7  */
+        ecp_nistz256_scatter_w5  (row, &temp[4], 7);
+        ecp_nistz256_point_double(&temp[1], &temp[1]);              /*2*4=8  */
+        ecp_nistz256_scatter_w5  (row, &temp[1], 8);
+        ecp_nistz256_point_double(&temp[2], &temp[2]);              /*2*6=12 */
+        ecp_nistz256_scatter_w5  (row, &temp[2], 12);
+        ecp_nistz256_point_double(&temp[3], &temp[3]);              /*2*5=10 */
+        ecp_nistz256_scatter_w5  (row, &temp[3], 10);
+        ecp_nistz256_point_double(&temp[4], &temp[4]);              /*2*7=14 */
+        ecp_nistz256_scatter_w5  (row, &temp[4], 14);
+        ecp_nistz256_point_add   (&temp[2], &temp[2], &temp[0]);    /*12+1=13*/
+        ecp_nistz256_scatter_w5  (row, &temp[2], 13);
+        ecp_nistz256_point_add   (&temp[3], &temp[3], &temp[0]);    /*10+1=11*/
+        ecp_nistz256_scatter_w5  (row, &temp[3], 11);
+        ecp_nistz256_point_add   (&temp[4], &temp[4], &temp[0]);    /*14+1=15*/
+        ecp_nistz256_scatter_w5  (row, &temp[4], 15);
+        ecp_nistz256_point_add   (&temp[2], &temp[1], &temp[0]);    /*8+1=9  */
+        ecp_nistz256_scatter_w5  (row, &temp[2], 9);
+        ecp_nistz256_point_double(&temp[1], &temp[1]);              /*2*8=16 */
+        ecp_nistz256_scatter_w5  (row, &temp[1], 16);
     }
 
-    index = 255;
+    idx = 255;
 
-    wvalue = p_str[0][(index - 1) / 8];
-    wvalue = (wvalue >> ((index - 1) % 8)) & mask;
+    wvalue = p_str[0][(idx - 1) / 8];
+    wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
 
-    ecp_nistz256_select_w5(r, table[0], _booth_recode_w5(wvalue) >> 1);
+    /*
+     * We gather to temp[0], because we know it's position relative
+     * to table
+     */
+    ecp_nistz256_gather_w5(&temp[0], table[0], _booth_recode_w5(wvalue) >> 1);
+    memcpy(r, &temp[0], sizeof(temp[0]));
 
-    while (index >= 5) {
-        for (i = (index == 255 ? 1 : 0); i < num; i++) {
-            unsigned int off = (index - 1) / 8;
+    while (idx >= 5) {
+        for (i = (idx == 255 ? 1 : 0); i < num; i++) {
+            unsigned int off = (idx - 1) / 8;
 
             wvalue = p_str[i][off] | p_str[i][off + 1] << 8;
-            wvalue = (wvalue >> ((index - 1) % 8)) & mask;
+            wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
 
             wvalue = _booth_recode_w5(wvalue);
 
-            ecp_nistz256_select_w5(&h, table[i], wvalue >> 1);
+            ecp_nistz256_gather_w5(&temp[0], table[i], wvalue >> 1);
 
-            ecp_nistz256_neg(tmp, h.Y);
-            copy_conditional(h.Y, tmp, (wvalue & 1));
+            ecp_nistz256_neg(temp[1].Y, temp[0].Y);
+            copy_conditional(temp[0].Y, temp[1].Y, (wvalue & 1));
 
-            ecp_nistz256_point_add(r, r, &h);
+            ecp_nistz256_point_add(r, r, &temp[0]);
         }
 
-        index -= window_size;
+        idx -= window_size;
 
         ecp_nistz256_point_double(r, r);
         ecp_nistz256_point_double(r, r);
@@ -728,32 +736,29 @@ static int ecp_nistz256_windowed_mul(const EC_GROUP *group,
 
         wvalue = _booth_recode_w5(wvalue);
 
-        ecp_nistz256_select_w5(&h, table[i], wvalue >> 1);
+        ecp_nistz256_gather_w5(&temp[0], table[i], wvalue >> 1);
 
-        ecp_nistz256_neg(tmp, h.Y);
-        copy_conditional(h.Y, tmp, wvalue & 1);
+        ecp_nistz256_neg(temp[1].Y, temp[0].Y);
+        copy_conditional(temp[0].Y, temp[1].Y, wvalue & 1);
 
-        ecp_nistz256_point_add(r, r, &h);
+        ecp_nistz256_point_add(r, r, &temp[0]);
     }
 
     ret = 1;
  err:
-    if (table_storage)
-        OPENSSL_free(table_storage);
-    if (p_str)
-        OPENSSL_free(p_str);
-    if (scalars)
-        OPENSSL_free(scalars);
+    OPENSSL_free(table_storage);
+    OPENSSL_free(p_str);
+    OPENSSL_free(scalars);
     return ret;
 }
 
 /* Coordinates of G, for which we have precomputed tables */
-const static BN_ULONG def_xG[P256_LIMBS] = {
+static const BN_ULONG def_xG[P256_LIMBS] = {
     TOBN(0x79e730d4, 0x18a9143c), TOBN(0x75ba95fc, 0x5fedb601),
     TOBN(0x79fb732b, 0x77622510), TOBN(0x18905f76, 0xa53755c6)
 };
 
-const static BN_ULONG def_yG[P256_LIMBS] = {
+static const BN_ULONG def_yG[P256_LIMBS] = {
     TOBN(0xddf25357, 0xce95560a), TOBN(0x8b4ab8e4, 0xba19e45c),
     TOBN(0xd2e88688, 0xdd21f325), TOBN(0x8571ff18, 0x25885d85)
 };
@@ -764,13 +769,14 @@ const static BN_ULONG def_yG[P256_LIMBS] = {
  */
 static int ecp_nistz256_is_affine_G(const EC_POINT *generator)
 {
-    return (generator->X.top == P256_LIMBS) &&
-        (generator->Y.top == P256_LIMBS) &&
-        is_equal(generator->X.d, def_xG) &&
-        is_equal(generator->Y.d, def_yG) && is_one(&generator->Z);
+    return (bn_get_top(generator->X) == P256_LIMBS) &&
+        (bn_get_top(generator->Y) == P256_LIMBS) &&
+        is_equal(bn_get_words(generator->X), def_xG) &&
+        is_equal(bn_get_words(generator->Y), def_yG) &&
+        is_one(generator->Z);
 }
 
-static int ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx)
+__owur static int ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx)
 {
     /*
      * We precompute a table for a Booth encoded exponent (wNAF) based
@@ -778,10 +784,10 @@ static int ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx)
      * implicit value of infinity at index zero. We use window of size 7, and
      * therefore require ceil(256/7) = 37 tables.
      */
-    BIGNUM *order;
+    const BIGNUM *order;
     EC_POINT *P = NULL, *T = NULL;
     const EC_POINT *generator;
-    EC_PRE_COMP *pre_comp;
+    NISTZ256_PRE_COMP *pre_comp;
     BN_CTX *new_ctx = NULL;
     int i, j, k, ret = 0;
     size_t w;
@@ -789,11 +795,8 @@ static int ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx)
     PRECOMP256_ROW *preComputedTable = NULL;
     unsigned char *precomp_storage = NULL;
 
-    /* if there is an old EC_PRE_COMP object, throw it away */
-    EC_EX_DATA_free_data(&group->extra_data, ecp_nistz256_pre_comp_dup,
-                         ecp_nistz256_pre_comp_free,
-                         ecp_nistz256_pre_comp_clear_free);
-
+    /* if there is an old NISTZ256_PRE_COMP object, throw it away */
+    EC_pre_comp_free(group);
     generator = EC_GROUP_get0_generator(group);
     if (generator == NULL) {
         ECerr(EC_F_ECP_NISTZ256_MULT_PRECOMPUTE, EC_R_UNDEFINED_GENERATOR);
@@ -818,14 +821,11 @@ static int ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx)
     }
 
     BN_CTX_start(ctx);
-    order = BN_CTX_get(ctx);
 
+    order = EC_GROUP_get0_order(group);
     if (order == NULL)
         goto err;
 
-    if (!EC_GROUP_get_order(group, order, ctx))
-        goto err;
-
     if (BN_is_zero(order)) {
         ECerr(EC_F_ECP_NISTZ256_MULT_PRECOMPUTE, EC_R_UNKNOWN_ORDER);
         goto err;
@@ -837,10 +837,10 @@ static int ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx)
          OPENSSL_malloc(37 * 64 * sizeof(P256_POINT_AFFINE) + 64)) == NULL) {
         ECerr(EC_F_ECP_NISTZ256_MULT_PRECOMPUTE, ERR_R_MALLOC_FAILURE);
         goto err;
-    } else {
-        preComputedTable = (void *)ALIGNPTR(precomp_storage, 64);
     }
 
+    preComputedTable = (void *)ALIGNPTR(precomp_storage, 64);
+
     P = EC_POINT_new(group);
     T = EC_POINT_new(group);
     if (P == NULL || T == NULL)
@@ -857,20 +857,20 @@ static int ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx)
         if (!EC_POINT_copy(P, T))
             goto err;
         for (j = 0; j < 37; j++) {
+            P256_POINT_AFFINE temp;
             /*
              * It would be faster to use EC_POINTs_make_affine and
              * make multiple points affine at the same time.
              */
             if (!EC_POINT_make_affine(group, P, ctx))
                 goto err;
-            if (!ecp_nistz256_bignum_to_field_elem(preComputedTable[j][k].X,
-                                                   &P->X) ||
-                !ecp_nistz256_bignum_to_field_elem(preComputedTable[j][k].Y,
-                                                   &P->Y)) {
+            if (!ecp_nistz256_bignum_to_field_elem(temp.X, P->X) ||
+                !ecp_nistz256_bignum_to_field_elem(temp.Y, P->Y)) {
                 ECerr(EC_F_ECP_NISTZ256_MULT_PRECOMPUTE,
                       EC_R_COORDINATES_OUT_OF_RANGE);
                 goto err;
             }
+            ecp_nistz256_scatter_w7(preComputedTable[j], &temp, k);
             for (i = 0; i < 7; i++) {
                 if (!EC_POINT_dbl(group, P, P, ctx))
                     goto err;
@@ -884,18 +884,9 @@ static int ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx)
     pre_comp->w = w;
     pre_comp->precomp = preComputedTable;
     pre_comp->precomp_storage = precomp_storage;
-
     precomp_storage = NULL;
-
-    if (!EC_EX_DATA_set_data(&group->extra_data, pre_comp,
-                             ecp_nistz256_pre_comp_dup,
-                             ecp_nistz256_pre_comp_free,
-                             ecp_nistz256_pre_comp_clear_free)) {
-        goto err;
-    }
-
+    SETPRECOMP(group, nistz256, pre_comp);
     pre_comp = NULL;
-
     ret = 1;
 
  err:
@@ -903,14 +894,10 @@ static int ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx)
         BN_CTX_end(ctx);
     BN_CTX_free(new_ctx);
 
-    if (pre_comp)
-        ecp_nistz256_pre_comp_free(pre_comp);
-    if (precomp_storage)
-        OPENSSL_free(precomp_storage);
-    if (P)
-        EC_POINT_free(P);
-    if (T)
-        EC_POINT_free(T);
+    EC_nistz256_pre_comp_free(pre_comp);
+    OPENSSL_free(precomp_storage);
+    EC_POINT_free(P);
+    EC_POINT_free(T);
     return ret;
 }
 
@@ -924,16 +911,15 @@ static int ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx)
  * you'd need to compile even asm/ecp_nistz256-avx.pl module.
  */
 #if defined(ECP_NISTZ256_AVX2)
-# if !(defined(__x86_64) || defined(__x86_64__)) || \
-       defined(_M_AMD64) || defined(_MX64)) || \
+# if !(defined(__x86_64) || defined(__x86_64__) || \
+       defined(_M_AMD64) || defined(_M_X64)) || \
      !(defined(__GNUC__) || defined(_MSC_VER)) /* this is for ALIGN32 */
 #  undef ECP_NISTZ256_AVX2
 # else
 /* Constant time access, loading four values, from four consecutive tables */
-void ecp_nistz256_avx2_select_w7(P256_POINT_AFFINE * val,
-                                 const P256_POINT_AFFINE * in_t, int index);
-void ecp_nistz256_avx2_multi_select_w7(void *result, const void *in, int index0,
-                                       int index1, int index2, int index3);
+void ecp_nistz256_avx2_multi_gather_w7(void *result, const void *in,
+                                       int index0, int index1, int index2,
+                                       int index3);
 void ecp_nistz256_avx2_transpose_convert(void *RESULTx4, const void *in);
 void ecp_nistz256_avx2_convert_transpose_back(void *result, const void *Ax4);
 void ecp_nistz256_avx2_point_add_affine_x4(void *RESULTx4, const void *Ax4,
@@ -976,34 +962,34 @@ static void ecp_nistz256_avx2_mul_g(P256_POINT *r,
     unsigned char sign1, digit1;
     unsigned char sign2, digit2;
     unsigned char sign3, digit3;
-    unsigned int index = 0;
+    unsigned int idx = 0;
     BN_ULONG tmp[P256_LIMBS];
     int i;
 
     ALIGN32 BN_ULONG aX4[4 * 9 * 3] = { 0 };
     ALIGN32 BN_ULONG bX4[4 * 9 * 2] = { 0 };
-    ALIGN32 P256_POINT_AFFINE point_arr[P256_LIMBS];
-    ALIGN32 P256_POINT res_point_arr[P256_LIMBS];
+    ALIGN32 P256_POINT_AFFINE point_arr[4];
+    ALIGN32 P256_POINT res_point_arr[4];
 
     /* Initial four windows */
     wvalue = *((u16 *) & p_str[0]);
     wvalue = (wvalue << 1) & mask;
-    index += window_size;
+    idx += window_size;
     booth_recode_w7(&sign0, &digit0, wvalue);
-    wvalue = *((u16 *) & p_str[(index - 1) / 8]);
-    wvalue = (wvalue >> ((index - 1) % 8)) & mask;
-    index += window_size;
+    wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
+    wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+    idx += window_size;
     booth_recode_w7(&sign1, &digit1, wvalue);
-    wvalue = *((u16 *) & p_str[(index - 1) / 8]);
-    wvalue = (wvalue >> ((index - 1) % 8)) & mask;
-    index += window_size;
+    wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
+    wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+    idx += window_size;
     booth_recode_w7(&sign2, &digit2, wvalue);
-    wvalue = *((u16 *) & p_str[(index - 1) / 8]);
-    wvalue = (wvalue >> ((index - 1) % 8)) & mask;
-    index += window_size;
+    wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
+    wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+    idx += window_size;
     booth_recode_w7(&sign3, &digit3, wvalue);
 
-    ecp_nistz256_avx2_multi_select_w7(point_arr, preComputedTable[0],
+    ecp_nistz256_avx2_multi_gather_w7(point_arr, preComputedTable[0],
                                       digit0, digit1, digit2, digit3);
 
     ecp_nistz256_neg(tmp, point_arr[0].Y);
@@ -1020,24 +1006,24 @@ static void ecp_nistz256_avx2_mul_g(P256_POINT *r,
     ecp_nistz256_avx2_to_mont(&aX4[4 * 9], &aX4[4 * 9]);
     ecp_nistz256_avx2_set1(&aX4[4 * 9 * 2]);
 
-    wvalue = *((u16 *) & p_str[(index - 1) / 8]);
-    wvalue = (wvalue >> ((index - 1) % 8)) & mask;
-    index += window_size;
+    wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
+    wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+    idx += window_size;
     booth_recode_w7(&sign0, &digit0, wvalue);
-    wvalue = *((u16 *) & p_str[(index - 1) / 8]);
-    wvalue = (wvalue >> ((index - 1) % 8)) & mask;
-    index += window_size;
+    wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
+    wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+    idx += window_size;
     booth_recode_w7(&sign1, &digit1, wvalue);
-    wvalue = *((u16 *) & p_str[(index - 1) / 8]);
-    wvalue = (wvalue >> ((index - 1) % 8)) & mask;
-    index += window_size;
+    wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
+    wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+    idx += window_size;
     booth_recode_w7(&sign2, &digit2, wvalue);
-    wvalue = *((u16 *) & p_str[(index - 1) / 8]);
-    wvalue = (wvalue >> ((index - 1) % 8)) & mask;
-    index += window_size;
+    wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
+    wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+    idx += window_size;
     booth_recode_w7(&sign3, &digit3, wvalue);
 
-    ecp_nistz256_avx2_multi_select_w7(point_arr, preComputedTable[4 * 1],
+    ecp_nistz256_avx2_multi_gather_w7(point_arr, preComputedTable[4 * 1],
                                       digit0, digit1, digit2, digit3);
 
     ecp_nistz256_neg(tmp, point_arr[0].Y);
@@ -1056,24 +1042,24 @@ static void ecp_nistz256_avx2_mul_g(P256_POINT *r,
     ecp_nistz256_avx2_point_add_affines_x4(aX4, aX4, bX4);
 
     for (i = 2; i < 9; i++) {
-        wvalue = *((u16 *) & p_str[(index - 1) / 8]);
-        wvalue = (wvalue >> ((index - 1) % 8)) & mask;
-        index += window_size;
+        wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
+        wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+        idx += window_size;
         booth_recode_w7(&sign0, &digit0, wvalue);
-        wvalue = *((u16 *) & p_str[(index - 1) / 8]);
-        wvalue = (wvalue >> ((index - 1) % 8)) & mask;
-        index += window_size;
+        wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
+        wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+        idx += window_size;
         booth_recode_w7(&sign1, &digit1, wvalue);
-        wvalue = *((u16 *) & p_str[(index - 1) / 8]);
-        wvalue = (wvalue >> ((index - 1) % 8)) & mask;
-        index += window_size;
+        wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
+        wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+        idx += window_size;
         booth_recode_w7(&sign2, &digit2, wvalue);
-        wvalue = *((u16 *) & p_str[(index - 1) / 8]);
-        wvalue = (wvalue >> ((index - 1) % 8)) & mask;
-        index += window_size;
+        wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
+        wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+        idx += window_size;
         booth_recode_w7(&sign3, &digit3, wvalue);
 
-        ecp_nistz256_avx2_multi_select_w7(point_arr,
+        ecp_nistz256_avx2_multi_gather_w7(point_arr,
                                           preComputedTable[4 * i],
                                           digit0, digit1, digit2, digit3);
 
@@ -1099,11 +1085,11 @@ static void ecp_nistz256_avx2_mul_g(P256_POINT *r,
 
     ecp_nistz256_avx2_convert_transpose_back(res_point_arr, aX4);
     /* Last window is performed serially */
-    wvalue = *((u16 *) & p_str[(index - 1) / 8]);
-    wvalue = (wvalue >> ((index - 1) % 8)) & mask;
+    wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
+    wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
     booth_recode_w7(&sign0, &digit0, wvalue);
-    ecp_nistz256_avx2_select_w7((P256_POINT_AFFINE *) r,
-                                preComputedTable[36], digit0);
+    ecp_nistz256_gather_w7((P256_POINT_AFFINE *)r,
+                           preComputedTable[36], digit0);
     ecp_nistz256_neg(tmp, r->Y);
     copy_conditional(r->Y, tmp, sign0);
     memcpy(r->Z, ONE, sizeof(ONE));
@@ -1116,58 +1102,36 @@ static void ecp_nistz256_avx2_mul_g(P256_POINT *r,
 # endif
 #endif
 
-static int ecp_nistz256_set_from_affine(EC_POINT *out, const EC_GROUP *group,
-                                        const P256_POINT_AFFINE *in,
-                                        BN_CTX *ctx)
+__owur static int ecp_nistz256_set_from_affine(EC_POINT *out, const EC_GROUP *group,
+                                               const P256_POINT_AFFINE *in,
+                                               BN_CTX *ctx)
 {
-    BIGNUM x, y, z;
     int ret = 0;
 
-    /*
-     * |const| qualifier omission is compensated by BN_FLG_STATIC_DATA
-     * flag, which effectively means "read-only data".
-     */
-    x.d = (BN_ULONG *)in->X;
-    x.dmax = x.top = P256_LIMBS;
-    x.neg = 0;
-    x.flags = BN_FLG_STATIC_DATA;
-
-    y.d = (BN_ULONG *)in->Y;
-    y.dmax = y.top = P256_LIMBS;
-    y.neg = 0;
-    y.flags = BN_FLG_STATIC_DATA;
-
-    z.d = (BN_ULONG *)ONE;
-    z.dmax = z.top = P256_LIMBS;
-    z.neg = 0;
-    z.flags = BN_FLG_STATIC_DATA;
-
-    if ((ret = (BN_copy(&out->X, &x) != NULL))
-        && (ret = (BN_copy(&out->Y, &y) != NULL))
-        && (ret = (BN_copy(&out->Z, &z) != NULL)))
+    if ((ret = bn_set_words(out->X, in->X, P256_LIMBS))
+        && (ret = bn_set_words(out->Y, in->Y, P256_LIMBS))
+        && (ret = bn_set_words(out->Z, ONE, P256_LIMBS)))
         out->Z_is_one = 1;
 
     return ret;
 }
 
 /* r = scalar*G + sum(scalars[i]*points[i]) */
-static int ecp_nistz256_points_mul(const EC_GROUP *group,
-                                   EC_POINT *r,
-                                   const BIGNUM *scalar,
-                                   size_t num,
-                                   const EC_POINT *points[],
-                                   const BIGNUM *scalars[], BN_CTX *ctx)
+__owur static int ecp_nistz256_points_mul(const EC_GROUP *group,
+                                          EC_POINT *r,
+                                          const BIGNUM *scalar,
+                                          size_t num,
+                                          const EC_POINT *points[],
+                                          const BIGNUM *scalars[], BN_CTX *ctx)
 {
     int i = 0, ret = 0, no_precomp_for_generator = 0, p_is_infinity = 0;
-    size_t j;
     unsigned char p_str[33] = { 0 };
     const PRECOMP256_ROW *preComputedTable = NULL;
-    const EC_PRE_COMP *pre_comp = NULL;
+    const NISTZ256_PRE_COMP *pre_comp = NULL;
     const EC_POINT *generator = NULL;
-    unsigned int index = 0;
-    BN_CTX *new_ctx = NULL;
     const BIGNUM **new_scalars = NULL;
     const EC_POINT **new_points = NULL;
+    unsigned int idx = 0;
     const unsigned int window_size = 7;
     const unsigned int mask = (1 << (window_size + 1)) - 1;
     unsigned int wvalue;
@@ -1177,27 +1141,11 @@ static int ecp_nistz256_points_mul(const EC_GROUP *group,
     } t, p;
     BIGNUM *tmp_scalar;
 
-    if (group->meth != r->meth) {
-        ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS);
+    if ((num + 1) == 0 || (num + 1) > OPENSSL_MALLOC_MAX_NELEMS(void *)) {
+        ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, ERR_R_MALLOC_FAILURE);
         return 0;
     }
 
-    if ((scalar == NULL) && (num == 0))
-        return EC_POINT_set_to_infinity(group, r);
-
-    for (j = 0; j < num; j++) {
-        if (group->meth != points[j]->meth) {
-            ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS);
-            return 0;
-        }
-    }
-
-    if (ctx == NULL) {
-        ctx = new_ctx = BN_CTX_new();
-        if (ctx == NULL)
-            goto err;
-    }
-
     BN_CTX_start(ctx);
 
     if (scalar) {
@@ -1208,10 +1156,7 @@ static int ecp_nistz256_points_mul(const EC_GROUP *group,
         }
 
         /* look if we can use precomputed multiples of generator */
-        pre_comp =
-            EC_EX_DATA_get_data(group->extra_data, ecp_nistz256_pre_comp_dup,
-                                ecp_nistz256_pre_comp_free,
-                                ecp_nistz256_pre_comp_clear_free);
+        pre_comp = group->pre_comp.nistz256;
 
         if (pre_comp) {
             /*
@@ -1222,8 +1167,9 @@ static int ecp_nistz256_points_mul(const EC_GROUP *group,
             if (pre_comp_generator == NULL)
                 goto err;
 
-            if (!ecp_nistz256_set_from_affine
-                (pre_comp_generator, group, pre_comp->precomp[0], ctx)) {
+            ecp_nistz256_gather_w7(&p.a, pre_comp->precomp[0], 1);
+            if (!ecp_nistz256_set_from_affine(pre_comp_generator,
+                                              group, &p.a, ctx)) {
                 EC_POINT_free(pre_comp_generator);
                 goto err;
             }
@@ -1236,12 +1182,12 @@ static int ecp_nistz256_points_mul(const EC_GROUP *group,
 
         if (preComputedTable == NULL && ecp_nistz256_is_affine_G(generator)) {
             /*
-             * If there is no precomputed data, but the generator
-             * is the default, a hardcoded table of precomputed
-             * data is used. This is because applications, such as
-             * Apache, do not use EC_KEY_precompute_mult.
+             * If there is no precomputed data, but the generator is the
+             * default, a hardcoded table of precomputed data is used. This
+             * is because applications, such as Apache, do not use
+             * EC_KEY_precompute_mult.
              */
-            preComputedTable = (const PRECOMP256_ROW *)ecp_nistz256_precomputed;
+            preComputedTable = ecp_nistz256_precomputed;
         }
 
         if (preComputedTable) {
@@ -1250,26 +1196,26 @@ static int ecp_nistz256_points_mul(const EC_GROUP *group,
                 if ((tmp_scalar = BN_CTX_get(ctx)) == NULL)
                     goto err;
 
-                if (!BN_nnmod(tmp_scalar, scalar, &group->order, ctx)) {
+                if (!BN_nnmod(tmp_scalar, scalar, group->order, ctx)) {
                     ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, ERR_R_BN_LIB);
                     goto err;
                 }
                 scalar = tmp_scalar;
             }
 
-            for (i = 0; i < scalar->top * BN_BYTES; i += BN_BYTES) {
-                BN_ULONG d = scalar->d[i / BN_BYTES];
+            for (i = 0; i < bn_get_top(scalar) * BN_BYTES; i += BN_BYTES) {
+                BN_ULONG d = bn_get_words(scalar)[i / BN_BYTES];
 
-                p_str[i + 0] = d & 0xff;
-                p_str[i + 1] = (d >> 8) & 0xff;
-                p_str[i + 2] = (d >> 16) & 0xff;
-                p_str[i + 3] = (d >>= 24) & 0xff;
+                p_str[i + 0] = (unsigned char)d;
+                p_str[i + 1] = (unsigned char)(d >> 8);
+                p_str[i + 2] = (unsigned char)(d >> 16);
+                p_str[i + 3] = (unsigned char)(d >>= 24);
                 if (BN_BYTES == 8) {
                     d >>= 8;
-                    p_str[i + 4] = d & 0xff;
-                    p_str[i + 5] = (d >> 8) & 0xff;
-                    p_str[i + 6] = (d >> 16) & 0xff;
-                    p_str[i + 7] = (d >> 24) & 0xff;
+                    p_str[i + 4] = (unsigned char)d;
+                    p_str[i + 5] = (unsigned char)(d >> 8);
+                    p_str[i + 6] = (unsigned char)(d >> 16);
+                    p_str[i + 7] = (unsigned char)(d >> 24);
                 }
             }
 
@@ -1286,11 +1232,12 @@ static int ecp_nistz256_points_mul(const EC_GROUP *group,
 
                 /* First window */
                 wvalue = (p_str[0] << 1) & mask;
-                index += window_size;
+                idx += window_size;
 
                 wvalue = _booth_recode_w7(wvalue);
 
-                ecp_nistz256_select_w7(&p.a, preComputedTable[0], wvalue >> 1);
+                ecp_nistz256_gather_w7(&p.a, preComputedTable[0],
+                                       wvalue >> 1);
 
                 ecp_nistz256_neg(p.p.Z, p.p.Y);
                 copy_conditional(p.p.Y, p.p.Z, wvalue & 1);
@@ -1321,14 +1268,14 @@ static int ecp_nistz256_points_mul(const EC_GROUP *group,
                 }
 
                 for (i = 1; i < 37; i++) {
-                    unsigned int off = (index - 1) / 8;
+                    unsigned int off = (idx - 1) / 8;
                     wvalue = p_str[off] | p_str[off + 1] << 8;
-                    wvalue = (wvalue >> ((index - 1) % 8)) & mask;
-                    index += window_size;
+                    wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+                    idx += window_size;
 
                     wvalue = _booth_recode_w7(wvalue);
 
-                    ecp_nistz256_select_w7(&t.a,
+                    ecp_nistz256_gather_w7(&t.a,
                                            preComputedTable[i], wvalue >> 1);
 
                     ecp_nistz256_neg(t.p.Z, t.a.Y);
@@ -1350,13 +1297,13 @@ static int ecp_nistz256_points_mul(const EC_GROUP *group,
          * handled like a normal point.
          */
         new_scalars = OPENSSL_malloc((num + 1) * sizeof(BIGNUM *));
-        if (!new_scalars) {
+        if (new_scalars == NULL) {
             ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, ERR_R_MALLOC_FAILURE);
             goto err;
         }
 
         new_points = OPENSSL_malloc((num + 1) * sizeof(EC_POINT *));
-        if (!new_points) {
+        if (new_points == NULL) {
             ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, ERR_R_MALLOC_FAILURE);
             goto err;
         }
@@ -1384,29 +1331,25 @@ static int ecp_nistz256_points_mul(const EC_GROUP *group,
     }
 
     /* Not constant-time, but we're only operating on the public output. */
-    if (!ecp_nistz256_set_words(&r->X, p.p.X) ||
-        !ecp_nistz256_set_words(&r->Y, p.p.Y) ||
-        !ecp_nistz256_set_words(&r->Z, p.p.Z)) {
+    if (!bn_set_words(r->X, p.p.X, P256_LIMBS) ||
+        !bn_set_words(r->Y, p.p.Y, P256_LIMBS) ||
+        !bn_set_words(r->Z, p.p.Z, P256_LIMBS)) {
         goto err;
     }
-    r->Z_is_one = is_one(&r->Z) & 1;
+    r->Z_is_one = is_one(r->Z) & 1;
 
     ret = 1;
 
 err:
-    if (ctx)
-        BN_CTX_end(ctx);
-    BN_CTX_free(new_ctx);
-    if (new_points)
-        OPENSSL_free(new_points);
-    if (new_scalars)
-        OPENSSL_free(new_scalars);
+    BN_CTX_end(ctx);
+    OPENSSL_free(new_points);
+    OPENSSL_free(new_scalars);
     return ret;
 }
 
-static int ecp_nistz256_get_affine(const EC_GROUP *group,
-                                   const EC_POINT *point,
-                                   BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
+__owur static int ecp_nistz256_get_affine(const EC_GROUP *group,
+                                          const EC_POINT *point,
+                                          BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
 {
     BN_ULONG z_inv2[P256_LIMBS];
     BN_ULONG z_inv3[P256_LIMBS];
@@ -1420,9 +1363,9 @@ static int ecp_nistz256_get_affine(const EC_GROUP *group,
         return 0;
     }
 
-    if (!ecp_nistz256_bignum_to_field_elem(point_x, &point->X) ||
-        !ecp_nistz256_bignum_to_field_elem(point_y, &point->Y) ||
-        !ecp_nistz256_bignum_to_field_elem(point_z, &point->Z)) {
+    if (!ecp_nistz256_bignum_to_field_elem(point_x, point->X) ||
+        !ecp_nistz256_bignum_to_field_elem(point_y, point->Y) ||
+        !ecp_nistz256_bignum_to_field_elem(point_z, point->Z)) {
         ECerr(EC_F_ECP_NISTZ256_GET_AFFINE, EC_R_COORDINATES_OUT_OF_RANGE);
         return 0;
     }
@@ -1433,7 +1376,7 @@ static int ecp_nistz256_get_affine(const EC_GROUP *group,
 
     if (x != NULL) {
         ecp_nistz256_from_mont(x_ret, x_aff);
-        if (!ecp_nistz256_set_words(x, x_ret))
+        if (!bn_set_words(x, x_ret, P256_LIMBS))
             return 0;
     }
 
@@ -1441,97 +1384,262 @@ static int ecp_nistz256_get_affine(const EC_GROUP *group,
         ecp_nistz256_mul_mont(z_inv3, z_inv3, z_inv2);
         ecp_nistz256_mul_mont(y_aff, z_inv3, point_y);
         ecp_nistz256_from_mont(y_ret, y_aff);
-        if (!ecp_nistz256_set_words(y, y_ret))
+        if (!bn_set_words(y, y_ret, P256_LIMBS))
             return 0;
     }
 
     return 1;
 }
 
-static EC_PRE_COMP *ecp_nistz256_pre_comp_new(const EC_GROUP *group)
+static NISTZ256_PRE_COMP *ecp_nistz256_pre_comp_new(const EC_GROUP *group)
 {
-    EC_PRE_COMP *ret = NULL;
+    NISTZ256_PRE_COMP *ret = NULL;
 
     if (!group)
         return NULL;
 
-    ret = (EC_PRE_COMP *)OPENSSL_malloc(sizeof(EC_PRE_COMP));
+    ret = OPENSSL_zalloc(sizeof(*ret));
 
-    if (!ret) {
+    if (ret == NULL) {
         ECerr(EC_F_ECP_NISTZ256_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
         return ret;
     }
 
     ret->group = group;
     ret->w = 6;                 /* default */
-    ret->precomp = NULL;
-    ret->precomp_storage = NULL;
     ret->references = 1;
-    return ret;
-}
-
-static void *ecp_nistz256_pre_comp_dup(void *src_)
-{
-    EC_PRE_COMP *src = src_;
 
-    /* no need to actually copy, these objects never change! */
-    CRYPTO_add(&src->references, 1, CRYPTO_LOCK_EC_PRE_COMP);
-
-    return src_;
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        ECerr(EC_F_ECP_NISTZ256_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+    return ret;
 }
 
-static void ecp_nistz256_pre_comp_free(void *pre_)
+NISTZ256_PRE_COMP *EC_nistz256_pre_comp_dup(NISTZ256_PRE_COMP *p)
 {
     int i;
-    EC_PRE_COMP *pre = pre_;
-
-    if (!pre)
-        return;
-
-    i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP);
-    if (i > 0)
-        return;
-
-    if (pre->precomp_storage)
-        OPENSSL_free(pre->precomp_storage);
-
-    OPENSSL_free(pre);
+    if (p != NULL)
+        CRYPTO_UP_REF(&p->references, &i, p->lock);
+    return p;
 }
 
-static void ecp_nistz256_pre_comp_clear_free(void *pre_)
+void EC_nistz256_pre_comp_free(NISTZ256_PRE_COMP *pre)
 {
     int i;
-    EC_PRE_COMP *pre = pre_;
 
-    if (!pre)
+    if (pre == NULL)
         return;
 
-    i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP);
+    CRYPTO_DOWN_REF(&pre->references, &i, pre->lock);
+    REF_PRINT_COUNT("EC_nistz256", x);
     if (i > 0)
         return;
+    REF_ASSERT_ISNT(i < 0);
 
-    if (pre->precomp_storage) {
-        OPENSSL_cleanse(pre->precomp,
-                        32 * sizeof(unsigned char) * (1 << pre->w) * 2 * 37);
-        OPENSSL_free(pre->precomp_storage);
-    }
-    OPENSSL_cleanse(pre, sizeof(*pre));
+    OPENSSL_free(pre->precomp_storage);
+    CRYPTO_THREAD_lock_free(pre->lock);
     OPENSSL_free(pre);
 }
 
+
 static int ecp_nistz256_window_have_precompute_mult(const EC_GROUP *group)
 {
     /* There is a hard-coded table for the default generator. */
     const EC_POINT *generator = EC_GROUP_get0_generator(group);
+
     if (generator != NULL && ecp_nistz256_is_affine_G(generator)) {
         /* There is a hard-coded table for the default generator. */
         return 1;
     }
 
-    return EC_EX_DATA_get_data(group->extra_data, ecp_nistz256_pre_comp_dup,
-                               ecp_nistz256_pre_comp_free,
-                               ecp_nistz256_pre_comp_clear_free) != NULL;
+    return HAVEPRECOMP(group, nistz256);
+}
+
+#if defined(__x86_64) || defined(__x86_64__) || \
+    defined(_M_AMD64) || defined(_M_X64) || \
+    defined(__powerpc64__) || defined(_ARCH_PP64) || \
+    defined(__aarch64__)
+/*
+ * Montgomery mul modulo Order(P): res = a*b*2^-256 mod Order(P)
+ */
+void ecp_nistz256_ord_mul_mont(BN_ULONG res[P256_LIMBS],
+                               const BN_ULONG a[P256_LIMBS],
+                               const BN_ULONG b[P256_LIMBS]);
+void ecp_nistz256_ord_sqr_mont(BN_ULONG res[P256_LIMBS],
+                               const BN_ULONG a[P256_LIMBS],
+                               int rep);
+
+static int ecp_nistz256_inv_mod_ord(const EC_GROUP *group, BIGNUM *r,
+                                    const BIGNUM *x, BN_CTX *ctx)
+{
+    /* RR = 2^512 mod ord(p256) */
+    static const BN_ULONG RR[P256_LIMBS]  = {
+        TOBN(0x83244c95,0xbe79eea2), TOBN(0x4699799c,0x49bd6fa6),
+        TOBN(0x2845b239,0x2b6bec59), TOBN(0x66e12d94,0xf3d95620)
+    };
+    /* The constant 1 (unlike ONE that is one in Montgomery representation) */
+    static const BN_ULONG one[P256_LIMBS] = {
+        TOBN(0,1), TOBN(0,0), TOBN(0,0), TOBN(0,0)
+    };
+    /*
+     * We don't use entry 0 in the table, so we omit it and address
+     * with -1 offset.
+     */
+    BN_ULONG table[15][P256_LIMBS];
+    BN_ULONG out[P256_LIMBS], t[P256_LIMBS];
+    int i, ret = 0;
+    enum {
+        i_1 = 0, i_10,     i_11,     i_101, i_111, i_1010, i_1111,
+        i_10101, i_101010, i_101111, i_x6,  i_x8,  i_x16,  i_x32
+    };
+
+    /*
+     * Catch allocation failure early.
+     */
+    if (bn_wexpand(r, P256_LIMBS) == NULL) {
+        ECerr(EC_F_ECP_NISTZ256_INV_MOD_ORD, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    if ((BN_num_bits(x) > 256) || BN_is_negative(x)) {
+        BIGNUM *tmp;
+
+        if ((tmp = BN_CTX_get(ctx)) == NULL
+            || !BN_nnmod(tmp, x, group->order, ctx)) {
+            ECerr(EC_F_ECP_NISTZ256_INV_MOD_ORD, ERR_R_BN_LIB);
+            goto err;
+        }
+        x = tmp;
+    }
+
+    if (!ecp_nistz256_bignum_to_field_elem(t, x)) {
+        ECerr(EC_F_ECP_NISTZ256_INV_MOD_ORD, EC_R_COORDINATES_OUT_OF_RANGE);
+        goto err;
+    }
+
+    ecp_nistz256_ord_mul_mont(table[0], t, RR);
+#if 0
+    /*
+     * Original sparse-then-fixed-window algorithm, retained for reference.
+     */
+    for (i = 2; i < 16; i += 2) {
+        ecp_nistz256_ord_sqr_mont(table[i-1], table[i/2-1], 1);
+        ecp_nistz256_ord_mul_mont(table[i], table[i-1], table[0]);
+    }
+
+    /*
+     * The top 128bit of the exponent are highly redudndant, so we
+     * perform an optimized flow
+     */
+    ecp_nistz256_ord_sqr_mont(t, table[15-1], 4);   /* f0 */
+    ecp_nistz256_ord_mul_mont(t, t, table[15-1]);   /* ff */
+
+    ecp_nistz256_ord_sqr_mont(out, t, 8);           /* ff00 */
+    ecp_nistz256_ord_mul_mont(out, out, t);         /* ffff */
+
+    ecp_nistz256_ord_sqr_mont(t, out, 16);          /* ffff0000 */
+    ecp_nistz256_ord_mul_mont(t, t, out);           /* ffffffff */
+
+    ecp_nistz256_ord_sqr_mont(out, t, 64);          /* ffffffff0000000000000000 */
+    ecp_nistz256_ord_mul_mont(out, out, t);         /* ffffffff00000000ffffffff */
+
+    ecp_nistz256_ord_sqr_mont(out, out, 32);        /* ffffffff00000000ffffffff00000000 */
+    ecp_nistz256_ord_mul_mont(out, out, t);         /* ffffffff00000000ffffffffffffffff */
+
+    /*
+     * The bottom 128 bit of the exponent are processed with fixed 4-bit window
+     */
+    for(i = 0; i < 32; i++) {
+        /* expLo - the low 128 bits of the exponent we use (ord(p256) - 2),
+         * split into nibbles */
+        static const unsigned char expLo[32]  = {
+            0xb,0xc,0xe,0x6,0xf,0xa,0xa,0xd,0xa,0x7,0x1,0x7,0x9,0xe,0x8,0x4,
+            0xf,0x3,0xb,0x9,0xc,0xa,0xc,0x2,0xf,0xc,0x6,0x3,0x2,0x5,0x4,0xf
+        };
+
+        ecp_nistz256_ord_sqr_mont(out, out, 4);
+        /* The exponent is public, no need in constant-time access */
+        ecp_nistz256_ord_mul_mont(out, out, table[expLo[i]-1]);
+    }
+#else
+    /*
+     * https://briansmith.org/ecc-inversion-addition-chains-01#p256_scalar_inversion
+     *
+     * Even though this code path spares 12 squarings, 4.5%, and 13
+     * multiplications, 25%, on grand scale sign operation is not that
+     * much faster, not more that 2%...
+     */
+
+    /* pre-calculate powers */
+    ecp_nistz256_ord_sqr_mont(table[i_10], table[i_1], 1);
+
+    ecp_nistz256_ord_mul_mont(table[i_11], table[i_1], table[i_10]);
+
+    ecp_nistz256_ord_mul_mont(table[i_101], table[i_11], table[i_10]);
+
+    ecp_nistz256_ord_mul_mont(table[i_111], table[i_101], table[i_10]);
+
+    ecp_nistz256_ord_sqr_mont(table[i_1010], table[i_101], 1);
+
+    ecp_nistz256_ord_mul_mont(table[i_1111], table[i_1010], table[i_101]);
+
+    ecp_nistz256_ord_sqr_mont(table[i_10101], table[i_1010], 1);
+    ecp_nistz256_ord_mul_mont(table[i_10101], table[i_10101], table[i_1]);
+
+    ecp_nistz256_ord_sqr_mont(table[i_101010], table[i_10101], 1);
+
+    ecp_nistz256_ord_mul_mont(table[i_101111], table[i_101010], table[i_101]);
+
+    ecp_nistz256_ord_mul_mont(table[i_x6], table[i_101010], table[i_10101]);
+
+    ecp_nistz256_ord_sqr_mont(table[i_x8], table[i_x6], 2);
+    ecp_nistz256_ord_mul_mont(table[i_x8], table[i_x8], table[i_11]);
+
+    ecp_nistz256_ord_sqr_mont(table[i_x16], table[i_x8], 8);
+    ecp_nistz256_ord_mul_mont(table[i_x16], table[i_x16], table[i_x8]);
+
+    ecp_nistz256_ord_sqr_mont(table[i_x32], table[i_x16], 16);
+    ecp_nistz256_ord_mul_mont(table[i_x32], table[i_x32], table[i_x16]);
+
+    /* calculations */
+    ecp_nistz256_ord_sqr_mont(out, table[i_x32], 64);
+    ecp_nistz256_ord_mul_mont(out, out, table[i_x32]);
+
+    for (i = 0; i < 27; i++) {
+        static const struct { unsigned char p, i; } chain[27] = {
+            { 32, i_x32 }, { 6,  i_101111 }, { 5,  i_111    },
+            { 4,  i_11  }, { 5,  i_1111   }, { 5,  i_10101  },
+            { 4,  i_101 }, { 3,  i_101    }, { 3,  i_101    },
+            { 5,  i_111 }, { 9,  i_101111 }, { 6,  i_1111   },
+            { 2,  i_1   }, { 5,  i_1      }, { 6,  i_1111   },
+            { 5,  i_111 }, { 4,  i_111    }, { 5,  i_111    },
+            { 5,  i_101 }, { 3,  i_11     }, { 10, i_101111 },
+            { 2,  i_11  }, { 5,  i_11     }, { 5,  i_11     },
+            { 3,  i_1   }, { 7,  i_10101  }, { 6,  i_1111   }
+        };
+
+        ecp_nistz256_ord_sqr_mont(out, out, chain[i].p);
+        ecp_nistz256_ord_mul_mont(out, out, table[chain[i].i]);
+    }
+#endif
+    ecp_nistz256_ord_mul_mont(out, out, one);
+
+    /*
+     * Can't fail, but check return code to be consistent anyway.
+     */
+    if (!bn_set_words(r, out, P256_LIMBS))
+        goto err;
+
+    ret = 1;
+err:
+    return ret;
 }
+#else
+# define ecp_nistz256_inv_mod_ord NULL
+#endif
 
 const EC_METHOD *EC_GFp_nistz256_method(void)
 {
@@ -1545,6 +1653,7 @@ const EC_METHOD *EC_GFp_nistz256_method(void)
         ec_GFp_mont_group_set_curve,
         ec_GFp_simple_group_get_curve,
         ec_GFp_simple_group_get_degree,
+        ec_group_simple_order_bits,
         ec_GFp_simple_group_check_discriminant,
         ec_GFp_simple_point_init,
         ec_GFp_simple_point_finish,
@@ -1572,7 +1681,21 @@ const EC_METHOD *EC_GFp_nistz256_method(void)
         0,                                          /* field_div */
         ec_GFp_mont_field_encode,
         ec_GFp_mont_field_decode,
-        ec_GFp_mont_field_set_to_one
+        ec_GFp_mont_field_set_to_one,
+        ec_key_simple_priv2oct,
+        ec_key_simple_oct2priv,
+        0, /* set private */
+        ec_key_simple_generate_key,
+        ec_key_simple_check_key,
+        ec_key_simple_generate_public_key,
+        0, /* keycopy */
+        0, /* keyfinish */
+        ecdh_simple_compute_key,
+        ecp_nistz256_inv_mod_ord,                   /* can be #define-d NULL */
+        0,                                          /* blind_coordinates */
+        0,                                          /* ladder_pre */
+        0,                                          /* ladder_step */
+        0                                           /* ladder_post */
     };
 
     return &ret;
diff --git a/freebsd/crypto/openssl/crypto/ec/ecp_nistz256_table.c b/freebsd/crypto/openssl/crypto/ec/ecp_nistz256_table.c
index 86dc2777..49829216 100644
--- a/freebsd/crypto/openssl/crypto/ec/ecp_nistz256_table.c
+++ b/freebsd/crypto/openssl/crypto/ec/ecp_nistz256_table.c
@@ -1,6 +1,15 @@
 #include <machine/rtems-bsd-user-space.h>
 
 /*
+ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
  * This is the precomputed constant time access table for the code in
  * ecp_montp256.c, for the default generator. The table consists of 37
  * subtables, each subtable contains 64 affine points. The affine points are
@@ -19,7 +28,7 @@ __attribute((aligned(4096)))
 #elif defined(_MSC_VER)
 __declspec(align(4096))
 #elif defined(__SUNPRO_C)
-# pragma align 64(ecp_nistz256_precomputed)
+# pragma align 4096(ecp_nistz256_precomputed)
 #endif
 static const BN_ULONG ecp_nistz256_precomputed[37][64 *
                                                    sizeof(P256_POINT_AFFINE) /
diff --git a/freebsd/crypto/openssl/crypto/ec/ecp_oct.c b/freebsd/crypto/openssl/crypto/ec/ecp_oct.c
index 3f2f00c2..0c4d24b2 100644
--- a/freebsd/crypto/openssl/crypto/ec/ecp_oct.c
+++ b/freebsd/crypto/openssl/crypto/ec/ecp_oct.c
@@ -1,68 +1,13 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/ec/ecp_oct.c */
 /*
- * Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
- * for the OpenSSL project. Includes code written by Bodo Moeller for the
- * OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
+ * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Portions of this software developed by SUN MICROSYSTEMS, INC.,
- * and contributed to the OpenSSL project.
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/err.h>
@@ -105,7 +50,7 @@ int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group,
      */
 
     /* tmp1 := x^3 */
-    if (!BN_nnmod(x, x_, &group->field, ctx))
+    if (!BN_nnmod(x, x_, group->field, ctx))
         goto err;
     if (group->meth->field_decode == 0) {
         /* field_{sqr,mul} work on standard representation */
@@ -114,48 +59,48 @@ int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group,
         if (!group->meth->field_mul(group, tmp1, tmp2, x_, ctx))
             goto err;
     } else {
-        if (!BN_mod_sqr(tmp2, x_, &group->field, ctx))
+        if (!BN_mod_sqr(tmp2, x_, group->field, ctx))
             goto err;
-        if (!BN_mod_mul(tmp1, tmp2, x_, &group->field, ctx))
+        if (!BN_mod_mul(tmp1, tmp2, x_, group->field, ctx))
             goto err;
     }
 
     /* tmp1 := tmp1 + a*x */
     if (group->a_is_minus3) {
-        if (!BN_mod_lshift1_quick(tmp2, x, &group->field))
+        if (!BN_mod_lshift1_quick(tmp2, x, group->field))
             goto err;
-        if (!BN_mod_add_quick(tmp2, tmp2, x, &group->field))
+        if (!BN_mod_add_quick(tmp2, tmp2, x, group->field))
             goto err;
-        if (!BN_mod_sub_quick(tmp1, tmp1, tmp2, &group->field))
+        if (!BN_mod_sub_quick(tmp1, tmp1, tmp2, group->field))
             goto err;
     } else {
         if (group->meth->field_decode) {
-            if (!group->meth->field_decode(group, tmp2, &group->a, ctx))
+            if (!group->meth->field_decode(group, tmp2, group->a, ctx))
                 goto err;
-            if (!BN_mod_mul(tmp2, tmp2, x, &group->field, ctx))
+            if (!BN_mod_mul(tmp2, tmp2, x, group->field, ctx))
                 goto err;
         } else {
             /* field_mul works on standard representation */
-            if (!group->meth->field_mul(group, tmp2, &group->a, x, ctx))
+            if (!group->meth->field_mul(group, tmp2, group->a, x, ctx))
                 goto err;
         }
 
-        if (!BN_mod_add_quick(tmp1, tmp1, tmp2, &group->field))
+        if (!BN_mod_add_quick(tmp1, tmp1, tmp2, group->field))
             goto err;
     }
 
     /* tmp1 := tmp1 + b */
     if (group->meth->field_decode) {
-        if (!group->meth->field_decode(group, tmp2, &group->b, ctx))
+        if (!group->meth->field_decode(group, tmp2, group->b, ctx))
             goto err;
-        if (!BN_mod_add_quick(tmp1, tmp1, tmp2, &group->field))
+        if (!BN_mod_add_quick(tmp1, tmp1, tmp2, group->field))
             goto err;
     } else {
-        if (!BN_mod_add_quick(tmp1, tmp1, &group->b, &group->field))
+        if (!BN_mod_add_quick(tmp1, tmp1, group->b, group->field))
             goto err;
     }
 
-    if (!BN_mod_sqrt(y, tmp1, &group->field, ctx)) {
+    if (!BN_mod_sqrt(y, tmp1, group->field, ctx)) {
         unsigned long err = ERR_peek_last_error();
 
         if (ERR_GET_LIB(err) == ERR_LIB_BN
@@ -173,7 +118,7 @@ int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group,
         if (BN_is_zero(y)) {
             int kron;
 
-            kron = BN_kronecker(x, &group->field, ctx);
+            kron = BN_kronecker(x, group->field, ctx);
             if (kron == -2)
                 goto err;
 
@@ -182,13 +127,13 @@ int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group,
                       EC_R_INVALID_COMPRESSION_BIT);
             else
                 /*
-                 * BN_mod_sqrt() should have cought this error (not a square)
+                 * BN_mod_sqrt() should have caught this error (not a square)
                  */
                 ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES,
                       EC_R_INVALID_COMPRESSED_POINT);
             goto err;
         }
-        if (!BN_usub(y, &group->field, y))
+        if (!BN_usub(y, group->field, y))
             goto err;
     }
     if (y_bit != BN_is_odd(y)) {
@@ -197,15 +142,14 @@ int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group,
         goto err;
     }
 
-    if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx))
+    if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx))
         goto err;
 
     ret = 1;
 
  err:
     BN_CTX_end(ctx);
-    if (new_ctx != NULL)
-        BN_CTX_free(new_ctx);
+    BN_CTX_free(new_ctx);
     return ret;
 }
 
@@ -239,7 +183,7 @@ size_t ec_GFp_simple_point2oct(const EC_GROUP *group, const EC_POINT *point,
     }
 
     /* ret := required output buffer length */
-    field_len = BN_num_bytes(&group->field);
+    field_len = BN_num_bytes(group->field);
     ret =
         (form ==
          POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len;
@@ -264,7 +208,7 @@ size_t ec_GFp_simple_point2oct(const EC_GROUP *group, const EC_POINT *point,
         if (y == NULL)
             goto err;
 
-        if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx))
+        if (!EC_POINT_get_affine_coordinates(group, point, x, y, ctx))
             goto err;
 
         if ((form == POINT_CONVERSION_COMPRESSED
@@ -314,15 +258,13 @@ size_t ec_GFp_simple_point2oct(const EC_GROUP *group, const EC_POINT *point,
 
     if (used_ctx)
         BN_CTX_end(ctx);
-    if (new_ctx != NULL)
-        BN_CTX_free(new_ctx);
+    BN_CTX_free(new_ctx);
     return ret;
 
  err:
     if (used_ctx)
         BN_CTX_end(ctx);
-    if (new_ctx != NULL)
-        BN_CTX_free(new_ctx);
+    BN_CTX_free(new_ctx);
     return 0;
 }
 
@@ -363,7 +305,7 @@ int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
         return EC_POINT_set_to_infinity(group, point);
     }
 
-    field_len = BN_num_bytes(&group->field);
+    field_len = BN_num_bytes(group->field);
     enc_len =
         (form ==
          POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len;
@@ -387,19 +329,18 @@ int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
 
     if (!BN_bin2bn(buf + 1, field_len, x))
         goto err;
-    if (BN_ucmp(x, &group->field) >= 0) {
+    if (BN_ucmp(x, group->field) >= 0) {
         ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
         goto err;
     }
 
     if (form == POINT_CONVERSION_COMPRESSED) {
-        if (!EC_POINT_set_compressed_coordinates_GFp
-            (group, point, x, y_bit, ctx))
+        if (!EC_POINT_set_compressed_coordinates(group, point, x, y_bit, ctx))
             goto err;
     } else {
         if (!BN_bin2bn(buf + 1 + field_len, field_len, y))
             goto err;
-        if (BN_ucmp(y, &group->field) >= 0) {
+        if (BN_ucmp(y, group->field) >= 0) {
             ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
             goto err;
         }
@@ -410,21 +351,18 @@ int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
             }
         }
 
-        if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx))
+        /*
+         * EC_POINT_set_affine_coordinates is responsible for checking that
+         * the point is on the curve.
+         */
+        if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx))
             goto err;
     }
 
-    /* test required by X9.62 */
-    if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
-        ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
-        goto err;
-    }
-
     ret = 1;
 
  err:
     BN_CTX_end(ctx);
-    if (new_ctx != NULL)
-        BN_CTX_free(new_ctx);
+    BN_CTX_free(new_ctx);
     return ret;
 }
diff --git a/freebsd/crypto/openssl/crypto/ec/ecp_smpl.c b/freebsd/crypto/openssl/crypto/ec/ecp_smpl.c
index 370219a9..c9af6f31 100644
--- a/freebsd/crypto/openssl/crypto/ec/ecp_smpl.c
+++ b/freebsd/crypto/openssl/crypto/ec/ecp_smpl.c
@@ -1,77 +1,18 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/ec/ecp_smpl.c */
 /*
- * Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
- * for the OpenSSL project. Includes code written by Bodo Moeller for the
- * OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Portions of this software developed by SUN MICROSYSTEMS, INC.,
- * and contributed to the OpenSSL project.
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/err.h>
 #include <openssl/symhacks.h>
 
-#ifdef OPENSSL_FIPS
-# include <openssl/fips.h>
-#endif
-
 #include "ec_lcl.h"
 
 const EC_METHOD *EC_GFp_simple_method(void)
@@ -86,6 +27,7 @@ const EC_METHOD *EC_GFp_simple_method(void)
         ec_GFp_simple_group_set_curve,
         ec_GFp_simple_group_get_curve,
         ec_GFp_simple_group_get_degree,
+        ec_group_simple_order_bits,
         ec_GFp_simple_group_check_discriminant,
         ec_GFp_simple_point_init,
         ec_GFp_simple_point_finish,
@@ -113,14 +55,23 @@ const EC_METHOD *EC_GFp_simple_method(void)
         0 /* field_div */ ,
         0 /* field_encode */ ,
         0 /* field_decode */ ,
-        0                       /* field_set_to_one */
+        0,                      /* field_set_to_one */
+        ec_key_simple_priv2oct,
+        ec_key_simple_oct2priv,
+        0, /* set private */
+        ec_key_simple_generate_key,
+        ec_key_simple_check_key,
+        ec_key_simple_generate_public_key,
+        0, /* keycopy */
+        0, /* keyfinish */
+        ecdh_simple_compute_key,
+        0, /* field_inverse_mod_ord */
+        ec_GFp_simple_blind_coordinates,
+        ec_GFp_simple_ladder_pre,
+        ec_GFp_simple_ladder_step,
+        ec_GFp_simple_ladder_post
     };
 
-#ifdef OPENSSL_FIPS
-    if (FIPS_mode())
-        return fips_ec_gfp_simple_method();
-#endif
-
     return &ret;
 }
 
@@ -140,34 +91,40 @@ const EC_METHOD *EC_GFp_simple_method(void)
 
 int ec_GFp_simple_group_init(EC_GROUP *group)
 {
-    BN_init(&group->field);
-    BN_init(&group->a);
-    BN_init(&group->b);
+    group->field = BN_new();
+    group->a = BN_new();
+    group->b = BN_new();
+    if (group->field == NULL || group->a == NULL || group->b == NULL) {
+        BN_free(group->field);
+        BN_free(group->a);
+        BN_free(group->b);
+        return 0;
+    }
     group->a_is_minus3 = 0;
     return 1;
 }
 
 void ec_GFp_simple_group_finish(EC_GROUP *group)
 {
-    BN_free(&group->field);
-    BN_free(&group->a);
-    BN_free(&group->b);
+    BN_free(group->field);
+    BN_free(group->a);
+    BN_free(group->b);
 }
 
 void ec_GFp_simple_group_clear_finish(EC_GROUP *group)
 {
-    BN_clear_free(&group->field);
-    BN_clear_free(&group->a);
-    BN_clear_free(&group->b);
+    BN_clear_free(group->field);
+    BN_clear_free(group->a);
+    BN_clear_free(group->b);
 }
 
 int ec_GFp_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src)
 {
-    if (!BN_copy(&dest->field, &src->field))
+    if (!BN_copy(dest->field, src->field))
         return 0;
-    if (!BN_copy(&dest->a, &src->a))
+    if (!BN_copy(dest->a, src->a))
         return 0;
-    if (!BN_copy(&dest->b, &src->b))
+    if (!BN_copy(dest->b, src->b))
         return 0;
 
     dest->a_is_minus3 = src->a_is_minus3;
@@ -201,37 +158,36 @@ int ec_GFp_simple_group_set_curve(EC_GROUP *group,
         goto err;
 
     /* group->field */
-    if (!BN_copy(&group->field, p))
+    if (!BN_copy(group->field, p))
         goto err;
-    BN_set_negative(&group->field, 0);
+    BN_set_negative(group->field, 0);
 
     /* group->a */
     if (!BN_nnmod(tmp_a, a, p, ctx))
         goto err;
     if (group->meth->field_encode) {
-        if (!group->meth->field_encode(group, &group->a, tmp_a, ctx))
+        if (!group->meth->field_encode(group, group->a, tmp_a, ctx))
             goto err;
-    } else if (!BN_copy(&group->a, tmp_a))
+    } else if (!BN_copy(group->a, tmp_a))
         goto err;
 
     /* group->b */
-    if (!BN_nnmod(&group->b, b, p, ctx))
+    if (!BN_nnmod(group->b, b, p, ctx))
         goto err;
     if (group->meth->field_encode)
-        if (!group->meth->field_encode(group, &group->b, &group->b, ctx))
+        if (!group->meth->field_encode(group, group->b, group->b, ctx))
             goto err;
 
     /* group->a_is_minus3 */
     if (!BN_add_word(tmp_a, 3))
         goto err;
-    group->a_is_minus3 = (0 == BN_cmp(tmp_a, &group->field));
+    group->a_is_minus3 = (0 == BN_cmp(tmp_a, group->field));
 
     ret = 1;
 
  err:
     BN_CTX_end(ctx);
-    if (new_ctx != NULL)
-        BN_CTX_free(new_ctx);
+    BN_CTX_free(new_ctx);
     return ret;
 }
 
@@ -242,7 +198,7 @@ int ec_GFp_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a,
     BN_CTX *new_ctx = NULL;
 
     if (p != NULL) {
-        if (!BN_copy(p, &group->field))
+        if (!BN_copy(p, group->field))
             return 0;
     }
 
@@ -254,20 +210,20 @@ int ec_GFp_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a,
                     return 0;
             }
             if (a != NULL) {
-                if (!group->meth->field_decode(group, a, &group->a, ctx))
+                if (!group->meth->field_decode(group, a, group->a, ctx))
                     goto err;
             }
             if (b != NULL) {
-                if (!group->meth->field_decode(group, b, &group->b, ctx))
+                if (!group->meth->field_decode(group, b, group->b, ctx))
                     goto err;
             }
         } else {
             if (a != NULL) {
-                if (!BN_copy(a, &group->a))
+                if (!BN_copy(a, group->a))
                     goto err;
             }
             if (b != NULL) {
-                if (!BN_copy(b, &group->b))
+                if (!BN_copy(b, group->b))
                     goto err;
             }
         }
@@ -276,21 +232,20 @@ int ec_GFp_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a,
     ret = 1;
 
  err:
-    if (new_ctx)
-        BN_CTX_free(new_ctx);
+    BN_CTX_free(new_ctx);
     return ret;
 }
 
 int ec_GFp_simple_group_get_degree(const EC_GROUP *group)
 {
-    return BN_num_bits(&group->field);
+    return BN_num_bits(group->field);
 }
 
 int ec_GFp_simple_group_check_discriminant(const EC_GROUP *group, BN_CTX *ctx)
 {
     int ret = 0;
     BIGNUM *a, *b, *order, *tmp_1, *tmp_2;
-    const BIGNUM *p = &group->field;
+    const BIGNUM *p = group->field;
     BN_CTX *new_ctx = NULL;
 
     if (ctx == NULL) {
@@ -311,14 +266,14 @@ int ec_GFp_simple_group_check_discriminant(const EC_GROUP *group, BN_CTX *ctx)
         goto err;
 
     if (group->meth->field_decode) {
-        if (!group->meth->field_decode(group, a, &group->a, ctx))
+        if (!group->meth->field_decode(group, a, group->a, ctx))
             goto err;
-        if (!group->meth->field_decode(group, b, &group->b, ctx))
+        if (!group->meth->field_decode(group, b, group->b, ctx))
             goto err;
     } else {
-        if (!BN_copy(a, &group->a))
+        if (!BN_copy(a, group->a))
             goto err;
-        if (!BN_copy(b, &group->b))
+        if (!BN_copy(b, group->b))
             goto err;
     }
 
@@ -355,45 +310,51 @@ int ec_GFp_simple_group_check_discriminant(const EC_GROUP *group, BN_CTX *ctx)
  err:
     if (ctx != NULL)
         BN_CTX_end(ctx);
-    if (new_ctx != NULL)
-        BN_CTX_free(new_ctx);
+    BN_CTX_free(new_ctx);
     return ret;
 }
 
 int ec_GFp_simple_point_init(EC_POINT *point)
 {
-    BN_init(&point->X);
-    BN_init(&point->Y);
-    BN_init(&point->Z);
+    point->X = BN_new();
+    point->Y = BN_new();
+    point->Z = BN_new();
     point->Z_is_one = 0;
 
+    if (point->X == NULL || point->Y == NULL || point->Z == NULL) {
+        BN_free(point->X);
+        BN_free(point->Y);
+        BN_free(point->Z);
+        return 0;
+    }
     return 1;
 }
 
 void ec_GFp_simple_point_finish(EC_POINT *point)
 {
-    BN_free(&point->X);
-    BN_free(&point->Y);
-    BN_free(&point->Z);
+    BN_free(point->X);
+    BN_free(point->Y);
+    BN_free(point->Z);
 }
 
 void ec_GFp_simple_point_clear_finish(EC_POINT *point)
 {
-    BN_clear_free(&point->X);
-    BN_clear_free(&point->Y);
-    BN_clear_free(&point->Z);
+    BN_clear_free(point->X);
+    BN_clear_free(point->Y);
+    BN_clear_free(point->Z);
     point->Z_is_one = 0;
 }
 
 int ec_GFp_simple_point_copy(EC_POINT *dest, const EC_POINT *src)
 {
-    if (!BN_copy(&dest->X, &src->X))
+    if (!BN_copy(dest->X, src->X))
         return 0;
-    if (!BN_copy(&dest->Y, &src->Y))
+    if (!BN_copy(dest->Y, src->Y))
         return 0;
-    if (!BN_copy(&dest->Z, &src->Z))
+    if (!BN_copy(dest->Z, src->Z))
         return 0;
     dest->Z_is_one = src->Z_is_one;
+    dest->curve_name = src->curve_name;
 
     return 1;
 }
@@ -402,7 +363,7 @@ int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *group,
                                         EC_POINT *point)
 {
     point->Z_is_one = 0;
-    BN_zero(&point->Z);
+    BN_zero(point->Z);
     return 1;
 }
 
@@ -423,19 +384,19 @@ int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *group,
     }
 
     if (x != NULL) {
-        if (!BN_nnmod(&point->X, x, &group->field, ctx))
+        if (!BN_nnmod(point->X, x, group->field, ctx))
             goto err;
         if (group->meth->field_encode) {
-            if (!group->meth->field_encode(group, &point->X, &point->X, ctx))
+            if (!group->meth->field_encode(group, point->X, point->X, ctx))
                 goto err;
         }
     }
 
     if (y != NULL) {
-        if (!BN_nnmod(&point->Y, y, &group->field, ctx))
+        if (!BN_nnmod(point->Y, y, group->field, ctx))
             goto err;
         if (group->meth->field_encode) {
-            if (!group->meth->field_encode(group, &point->Y, &point->Y, ctx))
+            if (!group->meth->field_encode(group, point->Y, point->Y, ctx))
                 goto err;
         }
     }
@@ -443,16 +404,16 @@ int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *group,
     if (z != NULL) {
         int Z_is_one;
 
-        if (!BN_nnmod(&point->Z, z, &group->field, ctx))
+        if (!BN_nnmod(point->Z, z, group->field, ctx))
             goto err;
-        Z_is_one = BN_is_one(&point->Z);
+        Z_is_one = BN_is_one(point->Z);
         if (group->meth->field_encode) {
             if (Z_is_one && (group->meth->field_set_to_one != 0)) {
-                if (!group->meth->field_set_to_one(group, &point->Z, ctx))
+                if (!group->meth->field_set_to_one(group, point->Z, ctx))
                     goto err;
             } else {
                 if (!group->
-                    meth->field_encode(group, &point->Z, &point->Z, ctx))
+                    meth->field_encode(group, point->Z, point->Z, ctx))
                     goto err;
             }
         }
@@ -462,8 +423,7 @@ int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *group,
     ret = 1;
 
  err:
-    if (new_ctx != NULL)
-        BN_CTX_free(new_ctx);
+    BN_CTX_free(new_ctx);
     return ret;
 }
 
@@ -483,28 +443,28 @@ int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
         }
 
         if (x != NULL) {
-            if (!group->meth->field_decode(group, x, &point->X, ctx))
+            if (!group->meth->field_decode(group, x, point->X, ctx))
                 goto err;
         }
         if (y != NULL) {
-            if (!group->meth->field_decode(group, y, &point->Y, ctx))
+            if (!group->meth->field_decode(group, y, point->Y, ctx))
                 goto err;
         }
         if (z != NULL) {
-            if (!group->meth->field_decode(group, z, &point->Z, ctx))
+            if (!group->meth->field_decode(group, z, point->Z, ctx))
                 goto err;
         }
     } else {
         if (x != NULL) {
-            if (!BN_copy(x, &point->X))
+            if (!BN_copy(x, point->X))
                 goto err;
         }
         if (y != NULL) {
-            if (!BN_copy(y, &point->Y))
+            if (!BN_copy(y, point->Y))
                 goto err;
         }
         if (z != NULL) {
-            if (!BN_copy(z, &point->Z))
+            if (!BN_copy(z, point->Z))
                 goto err;
         }
     }
@@ -512,8 +472,7 @@ int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
     ret = 1;
 
  err:
-    if (new_ctx != NULL)
-        BN_CTX_free(new_ctx);
+    BN_CTX_free(new_ctx);
     return ret;
 }
 
@@ -568,35 +527,35 @@ int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group,
     /* transform  (X, Y, Z)  into  (x, y) := (X/Z^2, Y/Z^3) */
 
     if (group->meth->field_decode) {
-        if (!group->meth->field_decode(group, Z, &point->Z, ctx))
+        if (!group->meth->field_decode(group, Z, point->Z, ctx))
             goto err;
         Z_ = Z;
     } else {
-        Z_ = &point->Z;
+        Z_ = point->Z;
     }
 
     if (BN_is_one(Z_)) {
         if (group->meth->field_decode) {
             if (x != NULL) {
-                if (!group->meth->field_decode(group, x, &point->X, ctx))
+                if (!group->meth->field_decode(group, x, point->X, ctx))
                     goto err;
             }
             if (y != NULL) {
-                if (!group->meth->field_decode(group, y, &point->Y, ctx))
+                if (!group->meth->field_decode(group, y, point->Y, ctx))
                     goto err;
             }
         } else {
             if (x != NULL) {
-                if (!BN_copy(x, &point->X))
+                if (!BN_copy(x, point->X))
                     goto err;
             }
             if (y != NULL) {
-                if (!BN_copy(y, &point->Y))
+                if (!BN_copy(y, point->Y))
                     goto err;
             }
         }
     } else {
-        if (!BN_mod_inverse(Z_1, Z_, &group->field, ctx)) {
+        if (!BN_mod_inverse(Z_1, Z_, group->field, ctx)) {
             ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES,
                   ERR_R_BN_LIB);
             goto err;
@@ -607,7 +566,7 @@ int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group,
             if (!group->meth->field_sqr(group, Z_2, Z_1, ctx))
                 goto err;
         } else {
-            if (!BN_mod_sqr(Z_2, Z_1, &group->field, ctx))
+            if (!BN_mod_sqr(Z_2, Z_1, group->field, ctx))
                 goto err;
         }
 
@@ -616,7 +575,7 @@ int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group,
              * in the Montgomery case, field_mul will cancel out Montgomery
              * factor in X:
              */
-            if (!group->meth->field_mul(group, x, &point->X, Z_2, ctx))
+            if (!group->meth->field_mul(group, x, point->X, Z_2, ctx))
                 goto err;
         }
 
@@ -628,7 +587,7 @@ int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group,
                 if (!group->meth->field_mul(group, Z_3, Z_2, Z_1, ctx))
                     goto err;
             } else {
-                if (!BN_mod_mul(Z_3, Z_2, Z_1, &group->field, ctx))
+                if (!BN_mod_mul(Z_3, Z_2, Z_1, group->field, ctx))
                     goto err;
             }
 
@@ -636,7 +595,7 @@ int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group,
              * in the Montgomery case, field_mul will cancel out Montgomery
              * factor in Y:
              */
-            if (!group->meth->field_mul(group, y, &point->Y, Z_3, ctx))
+            if (!group->meth->field_mul(group, y, point->Y, Z_3, ctx))
                 goto err;
         }
     }
@@ -645,8 +604,7 @@ int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group,
 
  err:
     BN_CTX_end(ctx);
-    if (new_ctx != NULL)
-        BN_CTX_free(new_ctx);
+    BN_CTX_free(new_ctx);
     return ret;
 }
 
@@ -670,7 +628,7 @@ int ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
 
     field_mul = group->meth->field_mul;
     field_sqr = group->meth->field_sqr;
-    p = &group->field;
+    p = group->field;
 
     if (ctx == NULL) {
         ctx = new_ctx = BN_CTX_new();
@@ -697,44 +655,44 @@ int ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
 
     /* n1, n2 */
     if (b->Z_is_one) {
-        if (!BN_copy(n1, &a->X))
+        if (!BN_copy(n1, a->X))
             goto end;
-        if (!BN_copy(n2, &a->Y))
+        if (!BN_copy(n2, a->Y))
             goto end;
         /* n1 = X_a */
         /* n2 = Y_a */
     } else {
-        if (!field_sqr(group, n0, &b->Z, ctx))
+        if (!field_sqr(group, n0, b->Z, ctx))
             goto end;
-        if (!field_mul(group, n1, &a->X, n0, ctx))
+        if (!field_mul(group, n1, a->X, n0, ctx))
             goto end;
         /* n1 = X_a * Z_b^2 */
 
-        if (!field_mul(group, n0, n0, &b->Z, ctx))
+        if (!field_mul(group, n0, n0, b->Z, ctx))
             goto end;
-        if (!field_mul(group, n2, &a->Y, n0, ctx))
+        if (!field_mul(group, n2, a->Y, n0, ctx))
             goto end;
         /* n2 = Y_a * Z_b^3 */
     }
 
     /* n3, n4 */
     if (a->Z_is_one) {
-        if (!BN_copy(n3, &b->X))
+        if (!BN_copy(n3, b->X))
             goto end;
-        if (!BN_copy(n4, &b->Y))
+        if (!BN_copy(n4, b->Y))
             goto end;
         /* n3 = X_b */
         /* n4 = Y_b */
     } else {
-        if (!field_sqr(group, n0, &a->Z, ctx))
+        if (!field_sqr(group, n0, a->Z, ctx))
             goto end;
-        if (!field_mul(group, n3, &b->X, n0, ctx))
+        if (!field_mul(group, n3, b->X, n0, ctx))
             goto end;
         /* n3 = X_b * Z_a^2 */
 
-        if (!field_mul(group, n0, n0, &a->Z, ctx))
+        if (!field_mul(group, n0, n0, a->Z, ctx))
             goto end;
-        if (!field_mul(group, n4, &b->Y, n0, ctx))
+        if (!field_mul(group, n4, b->Y, n0, ctx))
             goto end;
         /* n4 = Y_b * Z_a^3 */
     }
@@ -756,7 +714,7 @@ int ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
             goto end;
         } else {
             /* a is the inverse of b */
-            BN_zero(&r->Z);
+            BN_zero(r->Z);
             r->Z_is_one = 0;
             ret = 1;
             goto end;
@@ -773,20 +731,20 @@ int ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
 
     /* Z_r */
     if (a->Z_is_one && b->Z_is_one) {
-        if (!BN_copy(&r->Z, n5))
+        if (!BN_copy(r->Z, n5))
             goto end;
     } else {
         if (a->Z_is_one) {
-            if (!BN_copy(n0, &b->Z))
+            if (!BN_copy(n0, b->Z))
                 goto end;
         } else if (b->Z_is_one) {
-            if (!BN_copy(n0, &a->Z))
+            if (!BN_copy(n0, a->Z))
                 goto end;
         } else {
-            if (!field_mul(group, n0, &a->Z, &b->Z, ctx))
+            if (!field_mul(group, n0, a->Z, b->Z, ctx))
                 goto end;
         }
-        if (!field_mul(group, &r->Z, n0, n5, ctx))
+        if (!field_mul(group, r->Z, n0, n5, ctx))
             goto end;
     }
     r->Z_is_one = 0;
@@ -799,12 +757,12 @@ int ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
         goto end;
     if (!field_mul(group, n3, n1, n4, ctx))
         goto end;
-    if (!BN_mod_sub_quick(&r->X, n0, n3, p))
+    if (!BN_mod_sub_quick(r->X, n0, n3, p))
         goto end;
     /* X_r = n6^2 - n5^2 * 'n7' */
 
     /* 'n9' */
-    if (!BN_mod_lshift1_quick(n0, &r->X, p))
+    if (!BN_mod_lshift1_quick(n0, r->X, p))
         goto end;
     if (!BN_mod_sub_quick(n0, n3, n0, p))
         goto end;
@@ -823,7 +781,7 @@ int ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
         if (!BN_add(n0, n0, p))
             goto end;
     /* now  0 <= n0 < 2*p,  and n0 is even */
-    if (!BN_rshift1(&r->Y, n0))
+    if (!BN_rshift1(r->Y, n0))
         goto end;
     /* Y_r = (n6 * 'n9' - 'n8' * 'n5^3') / 2 */
 
@@ -832,8 +790,7 @@ int ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
  end:
     if (ctx)                    /* otherwise we already called BN_CTX_end */
         BN_CTX_end(ctx);
-    if (new_ctx != NULL)
-        BN_CTX_free(new_ctx);
+    BN_CTX_free(new_ctx);
     return ret;
 }
 
@@ -849,14 +806,14 @@ int ec_GFp_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
     int ret = 0;
 
     if (EC_POINT_is_at_infinity(group, a)) {
-        BN_zero(&r->Z);
+        BN_zero(r->Z);
         r->Z_is_one = 0;
         return 1;
     }
 
     field_mul = group->meth->field_mul;
     field_sqr = group->meth->field_sqr;
-    p = &group->field;
+    p = group->field;
 
     if (ctx == NULL) {
         ctx = new_ctx = BN_CTX_new();
@@ -880,21 +837,21 @@ int ec_GFp_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
 
     /* n1 */
     if (a->Z_is_one) {
-        if (!field_sqr(group, n0, &a->X, ctx))
+        if (!field_sqr(group, n0, a->X, ctx))
             goto err;
         if (!BN_mod_lshift1_quick(n1, n0, p))
             goto err;
         if (!BN_mod_add_quick(n0, n0, n1, p))
             goto err;
-        if (!BN_mod_add_quick(n1, n0, &group->a, p))
+        if (!BN_mod_add_quick(n1, n0, group->a, p))
             goto err;
         /* n1 = 3 * X_a^2 + a_curve */
     } else if (group->a_is_minus3) {
-        if (!field_sqr(group, n1, &a->Z, ctx))
+        if (!field_sqr(group, n1, a->Z, ctx))
             goto err;
-        if (!BN_mod_add_quick(n0, &a->X, n1, p))
+        if (!BN_mod_add_quick(n0, a->X, n1, p))
             goto err;
-        if (!BN_mod_sub_quick(n2, &a->X, n1, p))
+        if (!BN_mod_sub_quick(n2, a->X, n1, p))
             goto err;
         if (!field_mul(group, n1, n0, n2, ctx))
             goto err;
@@ -907,17 +864,17 @@ int ec_GFp_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
          *    = 3 * X_a^2 - 3 * Z_a^4
          */
     } else {
-        if (!field_sqr(group, n0, &a->X, ctx))
+        if (!field_sqr(group, n0, a->X, ctx))
             goto err;
         if (!BN_mod_lshift1_quick(n1, n0, p))
             goto err;
         if (!BN_mod_add_quick(n0, n0, n1, p))
             goto err;
-        if (!field_sqr(group, n1, &a->Z, ctx))
+        if (!field_sqr(group, n1, a->Z, ctx))
             goto err;
         if (!field_sqr(group, n1, n1, ctx))
             goto err;
-        if (!field_mul(group, n1, n1, &group->a, ctx))
+        if (!field_mul(group, n1, n1, group->a, ctx))
             goto err;
         if (!BN_mod_add_quick(n1, n1, n0, p))
             goto err;
@@ -926,21 +883,21 @@ int ec_GFp_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
 
     /* Z_r */
     if (a->Z_is_one) {
-        if (!BN_copy(n0, &a->Y))
+        if (!BN_copy(n0, a->Y))
             goto err;
     } else {
-        if (!field_mul(group, n0, &a->Y, &a->Z, ctx))
+        if (!field_mul(group, n0, a->Y, a->Z, ctx))
             goto err;
     }
-    if (!BN_mod_lshift1_quick(&r->Z, n0, p))
+    if (!BN_mod_lshift1_quick(r->Z, n0, p))
         goto err;
     r->Z_is_one = 0;
     /* Z_r = 2 * Y_a * Z_a */
 
     /* n2 */
-    if (!field_sqr(group, n3, &a->Y, ctx))
+    if (!field_sqr(group, n3, a->Y, ctx))
         goto err;
-    if (!field_mul(group, n2, &a->X, n3, ctx))
+    if (!field_mul(group, n2, a->X, n3, ctx))
         goto err;
     if (!BN_mod_lshift_quick(n2, n2, 2, p))
         goto err;
@@ -949,9 +906,9 @@ int ec_GFp_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
     /* X_r */
     if (!BN_mod_lshift1_quick(n0, n2, p))
         goto err;
-    if (!field_sqr(group, &r->X, n1, ctx))
+    if (!field_sqr(group, r->X, n1, ctx))
         goto err;
-    if (!BN_mod_sub_quick(&r->X, &r->X, n0, p))
+    if (!BN_mod_sub_quick(r->X, r->X, n0, p))
         goto err;
     /* X_r = n1^2 - 2 * n2 */
 
@@ -963,11 +920,11 @@ int ec_GFp_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
     /* n3 = 8 * Y_a^4 */
 
     /* Y_r */
-    if (!BN_mod_sub_quick(n0, n2, &r->X, p))
+    if (!BN_mod_sub_quick(n0, n2, r->X, p))
         goto err;
     if (!field_mul(group, n0, n1, n0, ctx))
         goto err;
-    if (!BN_mod_sub_quick(&r->Y, n0, n3, p))
+    if (!BN_mod_sub_quick(r->Y, n0, n3, p))
         goto err;
     /* Y_r = n1 * (n2 - X_r) - n3 */
 
@@ -975,23 +932,22 @@ int ec_GFp_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
 
  err:
     BN_CTX_end(ctx);
-    if (new_ctx != NULL)
-        BN_CTX_free(new_ctx);
+    BN_CTX_free(new_ctx);
     return ret;
 }
 
 int ec_GFp_simple_invert(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
 {
-    if (EC_POINT_is_at_infinity(group, point) || BN_is_zero(&point->Y))
+    if (EC_POINT_is_at_infinity(group, point) || BN_is_zero(point->Y))
         /* point is its own inverse */
         return 1;
 
-    return BN_usub(&point->Y, &group->field, &point->Y);
+    return BN_usub(point->Y, group->field, point->Y);
 }
 
 int ec_GFp_simple_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
 {
-    return BN_is_zero(&point->Z);
+    return BN_is_zero(point->Z);
 }
 
 int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
@@ -1010,7 +966,7 @@ int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
 
     field_mul = group->meth->field_mul;
     field_sqr = group->meth->field_sqr;
-    p = &group->field;
+    p = group->field;
 
     if (ctx == NULL) {
         ctx = new_ctx = BN_CTX_new();
@@ -1037,11 +993,11 @@ int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
      */
 
     /* rh := X^2 */
-    if (!field_sqr(group, rh, &point->X, ctx))
+    if (!field_sqr(group, rh, point->X, ctx))
         goto err;
 
     if (!point->Z_is_one) {
-        if (!field_sqr(group, tmp, &point->Z, ctx))
+        if (!field_sqr(group, tmp, point->Z, ctx))
             goto err;
         if (!field_sqr(group, Z4, tmp, ctx))
             goto err;
@@ -1056,19 +1012,19 @@ int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
                 goto err;
             if (!BN_mod_sub_quick(rh, rh, tmp, p))
                 goto err;
-            if (!field_mul(group, rh, rh, &point->X, ctx))
+            if (!field_mul(group, rh, rh, point->X, ctx))
                 goto err;
         } else {
-            if (!field_mul(group, tmp, Z4, &group->a, ctx))
+            if (!field_mul(group, tmp, Z4, group->a, ctx))
                 goto err;
             if (!BN_mod_add_quick(rh, rh, tmp, p))
                 goto err;
-            if (!field_mul(group, rh, rh, &point->X, ctx))
+            if (!field_mul(group, rh, rh, point->X, ctx))
                 goto err;
         }
 
         /* rh := rh + b*Z^6 */
-        if (!field_mul(group, tmp, &group->b, Z6, ctx))
+        if (!field_mul(group, tmp, group->b, Z6, ctx))
             goto err;
         if (!BN_mod_add_quick(rh, rh, tmp, p))
             goto err;
@@ -1076,25 +1032,24 @@ int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
         /* point->Z_is_one */
 
         /* rh := (rh + a)*X */
-        if (!BN_mod_add_quick(rh, rh, &group->a, p))
+        if (!BN_mod_add_quick(rh, rh, group->a, p))
             goto err;
-        if (!field_mul(group, rh, rh, &point->X, ctx))
+        if (!field_mul(group, rh, rh, point->X, ctx))
             goto err;
         /* rh := rh + b */
-        if (!BN_mod_add_quick(rh, rh, &group->b, p))
+        if (!BN_mod_add_quick(rh, rh, group->b, p))
             goto err;
     }
 
     /* 'lh' := Y^2 */
-    if (!field_sqr(group, tmp, &point->Y, ctx))
+    if (!field_sqr(group, tmp, point->Y, ctx))
         goto err;
 
     ret = (0 == BN_ucmp(tmp, rh));
 
  err:
     BN_CTX_end(ctx);
-    if (new_ctx != NULL)
-        BN_CTX_free(new_ctx);
+    BN_CTX_free(new_ctx);
     return ret;
 }
 
@@ -1124,8 +1079,7 @@ int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a,
         return 1;
 
     if (a->Z_is_one && b->Z_is_one) {
-        return ((BN_cmp(&a->X, &b->X) == 0)
-                && BN_cmp(&a->Y, &b->Y) == 0) ? 0 : 1;
+        return ((BN_cmp(a->X, b->X) == 0) && BN_cmp(a->Y, b->Y) == 0) ? 0 : 1;
     }
 
     field_mul = group->meth->field_mul;
@@ -1153,21 +1107,21 @@ int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a,
      */
 
     if (!b->Z_is_one) {
-        if (!field_sqr(group, Zb23, &b->Z, ctx))
+        if (!field_sqr(group, Zb23, b->Z, ctx))
             goto end;
-        if (!field_mul(group, tmp1, &a->X, Zb23, ctx))
+        if (!field_mul(group, tmp1, a->X, Zb23, ctx))
             goto end;
         tmp1_ = tmp1;
     } else
-        tmp1_ = &a->X;
+        tmp1_ = a->X;
     if (!a->Z_is_one) {
-        if (!field_sqr(group, Za23, &a->Z, ctx))
+        if (!field_sqr(group, Za23, a->Z, ctx))
             goto end;
-        if (!field_mul(group, tmp2, &b->X, Za23, ctx))
+        if (!field_mul(group, tmp2, b->X, Za23, ctx))
             goto end;
         tmp2_ = tmp2;
     } else
-        tmp2_ = &b->X;
+        tmp2_ = b->X;
 
     /* compare  X_a*Z_b^2  with  X_b*Z_a^2 */
     if (BN_cmp(tmp1_, tmp2_) != 0) {
@@ -1176,21 +1130,21 @@ int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a,
     }
 
     if (!b->Z_is_one) {
-        if (!field_mul(group, Zb23, Zb23, &b->Z, ctx))
+        if (!field_mul(group, Zb23, Zb23, b->Z, ctx))
             goto end;
-        if (!field_mul(group, tmp1, &a->Y, Zb23, ctx))
+        if (!field_mul(group, tmp1, a->Y, Zb23, ctx))
             goto end;
         /* tmp1_ = tmp1 */
     } else
-        tmp1_ = &a->Y;
+        tmp1_ = a->Y;
     if (!a->Z_is_one) {
-        if (!field_mul(group, Za23, Za23, &a->Z, ctx))
+        if (!field_mul(group, Za23, Za23, a->Z, ctx))
             goto end;
-        if (!field_mul(group, tmp2, &b->Y, Za23, ctx))
+        if (!field_mul(group, tmp2, b->Y, Za23, ctx))
             goto end;
         /* tmp2_ = tmp2 */
     } else
-        tmp2_ = &b->Y;
+        tmp2_ = b->Y;
 
     /* compare  Y_a*Z_b^3  with  Y_b*Z_a^3 */
     if (BN_cmp(tmp1_, tmp2_) != 0) {
@@ -1203,8 +1157,7 @@ int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a,
 
  end:
     BN_CTX_end(ctx);
-    if (new_ctx != NULL)
-        BN_CTX_free(new_ctx);
+    BN_CTX_free(new_ctx);
     return ret;
 }
 
@@ -1230,9 +1183,9 @@ int ec_GFp_simple_make_affine(const EC_GROUP *group, EC_POINT *point,
     if (y == NULL)
         goto err;
 
-    if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx))
+    if (!EC_POINT_get_affine_coordinates(group, point, x, y, ctx))
         goto err;
-    if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx))
+    if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx))
         goto err;
     if (!point->Z_is_one) {
         ECerr(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE, ERR_R_INTERNAL_ERROR);
@@ -1243,8 +1196,7 @@ int ec_GFp_simple_make_affine(const EC_GROUP *group, EC_POINT *point,
 
  err:
     BN_CTX_end(ctx);
-    if (new_ctx != NULL)
-        BN_CTX_free(new_ctx);
+    BN_CTX_free(new_ctx);
     return ret;
 }
 
@@ -1269,7 +1221,7 @@ int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num,
     BN_CTX_start(ctx);
     tmp = BN_CTX_get(ctx);
     tmp_Z = BN_CTX_get(ctx);
-    if (tmp == NULL || tmp_Z == NULL)
+    if (tmp_Z == NULL)
         goto err;
 
     prod_Z = OPENSSL_malloc(num * sizeof(prod_Z[0]));
@@ -1286,8 +1238,8 @@ int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num,
      * skipping any zero-valued inputs (pretend that they're 1).
      */
 
-    if (!BN_is_zero(&points[0]->Z)) {
-        if (!BN_copy(prod_Z[0], &points[0]->Z))
+    if (!BN_is_zero(points[0]->Z)) {
+        if (!BN_copy(prod_Z[0], points[0]->Z))
             goto err;
     } else {
         if (group->meth->field_set_to_one != 0) {
@@ -1300,9 +1252,10 @@ int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num,
     }
 
     for (i = 1; i < num; i++) {
-        if (!BN_is_zero(&points[i]->Z)) {
-            if (!group->meth->field_mul(group, prod_Z[i], prod_Z[i - 1],
-                                        &points[i]->Z, ctx))
+        if (!BN_is_zero(points[i]->Z)) {
+            if (!group->
+                meth->field_mul(group, prod_Z[i], prod_Z[i - 1], points[i]->Z,
+                                ctx))
                 goto err;
         } else {
             if (!BN_copy(prod_Z[i], prod_Z[i - 1]))
@@ -1315,7 +1268,7 @@ int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num,
      * points[i]->Z by its inverse.
      */
 
-    if (!BN_mod_inverse(tmp, prod_Z[num - 1], &group->field, ctx)) {
+    if (!BN_mod_inverse(tmp, prod_Z[num - 1], group->field, ctx)) {
         ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB);
         goto err;
     }
@@ -1336,7 +1289,7 @@ int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num,
          * Loop invariant: tmp is the product of the inverses of points[0]->Z
          * .. points[i]->Z (zero-valued inputs skipped).
          */
-        if (!BN_is_zero(&points[i]->Z)) {
+        if (!BN_is_zero(points[i]->Z)) {
             /*
              * Set tmp_Z to the inverse of points[i]->Z (as product of Z
              * inverses 0 .. i, Z values 0 .. i - 1).
@@ -1347,17 +1300,17 @@ int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num,
             /*
              * Update tmp to satisfy the loop invariant for i - 1.
              */
-            if (!group->meth->field_mul(group, tmp, tmp, &points[i]->Z, ctx))
+            if (!group->meth->field_mul(group, tmp, tmp, points[i]->Z, ctx))
                 goto err;
             /* Replace points[i]->Z by its inverse. */
-            if (!BN_copy(&points[i]->Z, tmp_Z))
+            if (!BN_copy(points[i]->Z, tmp_Z))
                 goto err;
         }
     }
 
-    if (!BN_is_zero(&points[0]->Z)) {
+    if (!BN_is_zero(points[0]->Z)) {
         /* Replace points[0]->Z by its inverse. */
-        if (!BN_copy(&points[0]->Z, tmp))
+        if (!BN_copy(points[0]->Z, tmp))
             goto err;
     }
 
@@ -1366,24 +1319,24 @@ int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num,
     for (i = 0; i < num; i++) {
         EC_POINT *p = points[i];
 
-        if (!BN_is_zero(&p->Z)) {
+        if (!BN_is_zero(p->Z)) {
             /* turn  (X, Y, 1/Z)  into  (X/Z^2, Y/Z^3, 1) */
 
-            if (!group->meth->field_sqr(group, tmp, &p->Z, ctx))
+            if (!group->meth->field_sqr(group, tmp, p->Z, ctx))
                 goto err;
-            if (!group->meth->field_mul(group, &p->X, &p->X, tmp, ctx))
+            if (!group->meth->field_mul(group, p->X, p->X, tmp, ctx))
                 goto err;
 
-            if (!group->meth->field_mul(group, tmp, tmp, &p->Z, ctx))
+            if (!group->meth->field_mul(group, tmp, tmp, p->Z, ctx))
                 goto err;
-            if (!group->meth->field_mul(group, &p->Y, &p->Y, tmp, ctx))
+            if (!group->meth->field_mul(group, p->Y, p->Y, tmp, ctx))
                 goto err;
 
             if (group->meth->field_set_to_one != 0) {
-                if (!group->meth->field_set_to_one(group, &p->Z, ctx))
+                if (!group->meth->field_set_to_one(group, p->Z, ctx))
                     goto err;
             } else {
-                if (!BN_one(&p->Z))
+                if (!BN_one(p->Z))
                     goto err;
             }
             p->Z_is_one = 1;
@@ -1394,8 +1347,7 @@ int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num,
 
  err:
     BN_CTX_end(ctx);
-    if (new_ctx != NULL)
-        BN_CTX_free(new_ctx);
+    BN_CTX_free(new_ctx);
     if (prod_Z != NULL) {
         for (i = 0; i < num; i++) {
             if (prod_Z[i] == NULL)
@@ -1410,11 +1362,285 @@ int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num,
 int ec_GFp_simple_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
                             const BIGNUM *b, BN_CTX *ctx)
 {
-    return BN_mod_mul(r, a, b, &group->field, ctx);
+    return BN_mod_mul(r, a, b, group->field, ctx);
 }
 
 int ec_GFp_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
                             BN_CTX *ctx)
 {
-    return BN_mod_sqr(r, a, &group->field, ctx);
+    return BN_mod_sqr(r, a, group->field, ctx);
+}
+
+/*-
+ * Apply randomization of EC point projective coordinates:
+ *
+ *   (X, Y ,Z ) = (lambda^2*X, lambda^3*Y, lambda*Z)
+ *   lambda = [1,group->field)
+ *
+ */
+int ec_GFp_simple_blind_coordinates(const EC_GROUP *group, EC_POINT *p,
+                                    BN_CTX *ctx)
+{
+    int ret = 0;
+    BIGNUM *lambda = NULL;
+    BIGNUM *temp = NULL;
+
+    BN_CTX_start(ctx);
+    lambda = BN_CTX_get(ctx);
+    temp = BN_CTX_get(ctx);
+    if (temp == NULL) {
+        ECerr(EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* make sure lambda is not zero */
+    do {
+        if (!BN_priv_rand_range(lambda, group->field)) {
+            ECerr(EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES, ERR_R_BN_LIB);
+            goto err;
+        }
+    } while (BN_is_zero(lambda));
+
+    /* if field_encode defined convert between representations */
+    if (group->meth->field_encode != NULL
+        && !group->meth->field_encode(group, lambda, lambda, ctx))
+        goto err;
+    if (!group->meth->field_mul(group, p->Z, p->Z, lambda, ctx))
+        goto err;
+    if (!group->meth->field_sqr(group, temp, lambda, ctx))
+        goto err;
+    if (!group->meth->field_mul(group, p->X, p->X, temp, ctx))
+        goto err;
+    if (!group->meth->field_mul(group, temp, temp, lambda, ctx))
+        goto err;
+    if (!group->meth->field_mul(group, p->Y, p->Y, temp, ctx))
+        goto err;
+    p->Z_is_one = 0;
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+/*-
+ * Set s := p, r := 2p.
+ *
+ * For doubling we use Formula 3 from Izu-Takagi "A fast parallel elliptic curve
+ * multiplication resistant against side channel attacks" appendix, as described
+ * at
+ * https://hyperelliptic.org/EFD/g1p/auto-shortw-xz.html#doubling-dbl-2002-it-2
+ *
+ * The input point p will be in randomized Jacobian projective coords:
+ *      x = X/Z**2, y=Y/Z**3
+ *
+ * The output points p, s, and r are converted to standard (homogeneous)
+ * projective coords:
+ *      x = X/Z, y=Y/Z
+ */
+int ec_GFp_simple_ladder_pre(const EC_GROUP *group,
+                             EC_POINT *r, EC_POINT *s,
+                             EC_POINT *p, BN_CTX *ctx)
+{
+    BIGNUM *t1, *t2, *t3, *t4, *t5, *t6 = NULL;
+
+    t1 = r->Z;
+    t2 = r->Y;
+    t3 = s->X;
+    t4 = r->X;
+    t5 = s->Y;
+    t6 = s->Z;
+
+    /* convert p: (X,Y,Z) -> (XZ,Y,Z**3) */
+    if (!group->meth->field_mul(group, p->X, p->X, p->Z, ctx)
+        || !group->meth->field_sqr(group, t1, p->Z, ctx)
+        || !group->meth->field_mul(group, p->Z, p->Z, t1, ctx)
+        /* r := 2p */
+        || !group->meth->field_sqr(group, t2, p->X, ctx)
+        || !group->meth->field_sqr(group, t3, p->Z, ctx)
+        || !group->meth->field_mul(group, t4, t3, group->a, ctx)
+        || !BN_mod_sub_quick(t5, t2, t4, group->field)
+        || !BN_mod_add_quick(t2, t2, t4, group->field)
+        || !group->meth->field_sqr(group, t5, t5, ctx)
+        || !group->meth->field_mul(group, t6, t3, group->b, ctx)
+        || !group->meth->field_mul(group, t1, p->X, p->Z, ctx)
+        || !group->meth->field_mul(group, t4, t1, t6, ctx)
+        || !BN_mod_lshift_quick(t4, t4, 3, group->field)
+        /* r->X coord output */
+        || !BN_mod_sub_quick(r->X, t5, t4, group->field)
+        || !group->meth->field_mul(group, t1, t1, t2, ctx)
+        || !group->meth->field_mul(group, t2, t3, t6, ctx)
+        || !BN_mod_add_quick(t1, t1, t2, group->field)
+        /* r->Z coord output */
+        || !BN_mod_lshift_quick(r->Z, t1, 2, group->field)
+        || !EC_POINT_copy(s, p))
+        return 0;
+
+    r->Z_is_one = 0;
+    s->Z_is_one = 0;
+    p->Z_is_one = 0;
+
+    return 1;
+}
+
+/*-
+ * Differential addition-and-doubling using  Eq. (9) and (10) from Izu-Takagi
+ * "A fast parallel elliptic curve multiplication resistant against side channel
+ * attacks", as described at
+ * https://hyperelliptic.org/EFD/g1p/auto-shortw-xz.html#ladder-ladd-2002-it-4
+ */
+int ec_GFp_simple_ladder_step(const EC_GROUP *group,
+                              EC_POINT *r, EC_POINT *s,
+                              EC_POINT *p, BN_CTX *ctx)
+{
+    int ret = 0;
+    BIGNUM *t0, *t1, *t2, *t3, *t4, *t5, *t6, *t7 = NULL;
+
+    BN_CTX_start(ctx);
+    t0 = BN_CTX_get(ctx);
+    t1 = BN_CTX_get(ctx);
+    t2 = BN_CTX_get(ctx);
+    t3 = BN_CTX_get(ctx);
+    t4 = BN_CTX_get(ctx);
+    t5 = BN_CTX_get(ctx);
+    t6 = BN_CTX_get(ctx);
+    t7 = BN_CTX_get(ctx);
+
+    if (t7 == NULL
+        || !group->meth->field_mul(group, t0, r->X, s->X, ctx)
+        || !group->meth->field_mul(group, t1, r->Z, s->Z, ctx)
+        || !group->meth->field_mul(group, t2, r->X, s->Z, ctx)
+        || !group->meth->field_mul(group, t3, r->Z, s->X, ctx)
+        || !group->meth->field_mul(group, t4, group->a, t1, ctx)
+        || !BN_mod_add_quick(t0, t0, t4, group->field)
+        || !BN_mod_add_quick(t4, t3, t2, group->field)
+        || !group->meth->field_mul(group, t0, t4, t0, ctx)
+        || !group->meth->field_sqr(group, t1, t1, ctx)
+        || !BN_mod_lshift_quick(t7, group->b, 2, group->field)
+        || !group->meth->field_mul(group, t1, t7, t1, ctx)
+        || !BN_mod_lshift1_quick(t0, t0, group->field)
+        || !BN_mod_add_quick(t0, t1, t0, group->field)
+        || !BN_mod_sub_quick(t1, t2, t3, group->field)
+        || !group->meth->field_sqr(group, t1, t1, ctx)
+        || !group->meth->field_mul(group, t3, t1, p->X, ctx)
+        || !group->meth->field_mul(group, t0, p->Z, t0, ctx)
+        /* s->X coord output */
+        || !BN_mod_sub_quick(s->X, t0, t3, group->field)
+        /* s->Z coord output */
+        || !group->meth->field_mul(group, s->Z, p->Z, t1, ctx)
+        || !group->meth->field_sqr(group, t3, r->X, ctx)
+        || !group->meth->field_sqr(group, t2, r->Z, ctx)
+        || !group->meth->field_mul(group, t4, t2, group->a, ctx)
+        || !BN_mod_add_quick(t5, r->X, r->Z, group->field)
+        || !group->meth->field_sqr(group, t5, t5, ctx)
+        || !BN_mod_sub_quick(t5, t5, t3, group->field)
+        || !BN_mod_sub_quick(t5, t5, t2, group->field)
+        || !BN_mod_sub_quick(t6, t3, t4, group->field)
+        || !group->meth->field_sqr(group, t6, t6, ctx)
+        || !group->meth->field_mul(group, t0, t2, t5, ctx)
+        || !group->meth->field_mul(group, t0, t7, t0, ctx)
+        /* r->X coord output */
+        || !BN_mod_sub_quick(r->X, t6, t0, group->field)
+        || !BN_mod_add_quick(t6, t3, t4, group->field)
+        || !group->meth->field_sqr(group, t3, t2, ctx)
+        || !group->meth->field_mul(group, t7, t3, t7, ctx)
+        || !group->meth->field_mul(group, t5, t5, t6, ctx)
+        || !BN_mod_lshift1_quick(t5, t5, group->field)
+        /* r->Z coord output */
+        || !BN_mod_add_quick(r->Z, t7, t5, group->field))
+        goto err;
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+/*-
+ * Recovers the y-coordinate of r using Eq. (8) from Brier-Joye, "Weierstrass
+ * Elliptic Curves and Side-Channel Attacks", modified to work in projective
+ * coordinates and return r in Jacobian projective coordinates.
+ *
+ * X4 = two*Y1*X2*Z3*Z2*Z1;
+ * Y4 = two*b*Z3*SQR(Z2*Z1) + Z3*(a*Z2*Z1+X1*X2)*(X1*Z2+X2*Z1) - X3*SQR(X1*Z2-X2*Z1);
+ * Z4 = two*Y1*Z3*SQR(Z2)*Z1;
+ *
+ * Z4 != 0 because:
+ *  - Z1==0 implies p is at infinity, which would have caused an early exit in
+ *    the caller;
+ *  - Z2==0 implies r is at infinity (handled by the BN_is_zero(r->Z) branch);
+ *  - Z3==0 implies s is at infinity (handled by the BN_is_zero(s->Z) branch);
+ *  - Y1==0 implies p has order 2, so either r or s are infinity and handled by
+ *    one of the BN_is_zero(...) branches.
+ */
+int ec_GFp_simple_ladder_post(const EC_GROUP *group,
+                              EC_POINT *r, EC_POINT *s,
+                              EC_POINT *p, BN_CTX *ctx)
+{
+    int ret = 0;
+    BIGNUM *t0, *t1, *t2, *t3, *t4, *t5, *t6 = NULL;
+
+    if (BN_is_zero(r->Z))
+        return EC_POINT_set_to_infinity(group, r);
+
+    if (BN_is_zero(s->Z)) {
+        /* (X,Y,Z) -> (XZ,YZ**2,Z) */
+        if (!group->meth->field_mul(group, r->X, p->X, p->Z, ctx)
+            || !group->meth->field_sqr(group, r->Z, p->Z, ctx)
+            || !group->meth->field_mul(group, r->Y, p->Y, r->Z, ctx)
+            || !BN_copy(r->Z, p->Z)
+            || !EC_POINT_invert(group, r, ctx))
+            return 0;
+        return 1;
+    }
+
+    BN_CTX_start(ctx);
+    t0 = BN_CTX_get(ctx);
+    t1 = BN_CTX_get(ctx);
+    t2 = BN_CTX_get(ctx);
+    t3 = BN_CTX_get(ctx);
+    t4 = BN_CTX_get(ctx);
+    t5 = BN_CTX_get(ctx);
+    t6 = BN_CTX_get(ctx);
+
+    if (t6 == NULL
+        || !BN_mod_lshift1_quick(t0, p->Y, group->field)
+        || !group->meth->field_mul(group, t1, r->X, p->Z, ctx)
+        || !group->meth->field_mul(group, t2, r->Z, s->Z, ctx)
+        || !group->meth->field_mul(group, t2, t1, t2, ctx)
+        || !group->meth->field_mul(group, t3, t2, t0, ctx)
+        || !group->meth->field_mul(group, t2, r->Z, p->Z, ctx)
+        || !group->meth->field_sqr(group, t4, t2, ctx)
+        || !BN_mod_lshift1_quick(t5, group->b, group->field)
+        || !group->meth->field_mul(group, t4, t4, t5, ctx)
+        || !group->meth->field_mul(group, t6, t2, group->a, ctx)
+        || !group->meth->field_mul(group, t5, r->X, p->X, ctx)
+        || !BN_mod_add_quick(t5, t6, t5, group->field)
+        || !group->meth->field_mul(group, t6, r->Z, p->X, ctx)
+        || !BN_mod_add_quick(t2, t6, t1, group->field)
+        || !group->meth->field_mul(group, t5, t5, t2, ctx)
+        || !BN_mod_sub_quick(t6, t6, t1, group->field)
+        || !group->meth->field_sqr(group, t6, t6, ctx)
+        || !group->meth->field_mul(group, t6, t6, s->X, ctx)
+        || !BN_mod_add_quick(t4, t5, t4, group->field)
+        || !group->meth->field_mul(group, t4, t4, s->Z, ctx)
+        || !BN_mod_sub_quick(t4, t4, t6, group->field)
+        || !group->meth->field_sqr(group, t5, r->Z, ctx)
+        || !group->meth->field_mul(group, r->Z, p->Z, s->Z, ctx)
+        || !group->meth->field_mul(group, r->Z, t5, r->Z, ctx)
+        || !group->meth->field_mul(group, r->Z, r->Z, t0, ctx)
+        /* t3 := X, t4 := Y */
+        /* (X,Y,Z) -> (XZ,YZ**2,Z) */
+        || !group->meth->field_mul(group, r->X, t3, r->Z, ctx)
+        || !group->meth->field_sqr(group, t3, r->Z, ctx)
+        || !group->meth->field_mul(group, r->Y, t4, t3, ctx))
+        goto err;
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    return ret;
 }
diff --git a/freebsd/crypto/openssl/crypto/ec/ectest.c b/freebsd/crypto/openssl/crypto/ec/ectest.c
deleted file mode 100644
index 18c7981b..00000000
--- a/freebsd/crypto/openssl/crypto/ec/ectest.c
+++ /dev/null
@@ -1,1872 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/ec/ectest.c */
-/*
- * Originally written by Bodo Moeller for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * The elliptic curve binary polynomial software is originally written by
- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#ifdef FLAT_INC
-# include "e_os.h"
-#else
-# include "../e_os.h"
-#endif
-#include <string.h>
-#include <time.h>
-
-#ifdef OPENSSL_NO_EC
-int main(int argc, char *argv[])
-{
-    puts("Elliptic curves are disabled.");
-    return 0;
-}
-#else
-
-# include <openssl/ec.h>
-# ifndef OPENSSL_NO_ENGINE
-#  include <openssl/engine.h>
-# endif
-# include <openssl/err.h>
-# include <openssl/obj_mac.h>
-# include <openssl/objects.h>
-# include <openssl/rand.h>
-# include <openssl/bn.h>
-# include <openssl/opensslconf.h>
-
-# if defined(_MSC_VER) && defined(_MIPS_) && (_MSC_VER/100==12)
-/* suppress "too big too optimize" warning */
-#  pragma warning(disable:4959)
-# endif
-
-# define ABORT do { \
-        fflush(stdout); \
-        fprintf(stderr, "%s:%d: ABORT\n", __FILE__, __LINE__); \
-        ERR_print_errors_fp(stderr); \
-        EXIT(1); \
-} while (0)
-
-# define TIMING_BASE_PT 0
-# define TIMING_RAND_PT 1
-# define TIMING_SIMUL 2
-
-# if 0
-static void timings(EC_GROUP *group, int type, BN_CTX *ctx)
-{
-    clock_t clck;
-    int i, j;
-    BIGNUM *s;
-    BIGNUM *r[10], *r0[10];
-    EC_POINT *P;
-
-    s = BN_new();
-    if (s == NULL)
-        ABORT;
-
-    fprintf(stdout, "Timings for %d-bit field, ", EC_GROUP_get_degree(group));
-    if (!EC_GROUP_get_order(group, s, ctx))
-        ABORT;
-    fprintf(stdout, "%d-bit scalars ", (int)BN_num_bits(s));
-    fflush(stdout);
-
-    P = EC_POINT_new(group);
-    if (P == NULL)
-        ABORT;
-    EC_POINT_copy(P, EC_GROUP_get0_generator(group));
-
-    for (i = 0; i < 10; i++) {
-        if ((r[i] = BN_new()) == NULL)
-            ABORT;
-        if (!BN_pseudo_rand(r[i], BN_num_bits(s), 0, 0))
-            ABORT;
-        if (type != TIMING_BASE_PT) {
-            if ((r0[i] = BN_new()) == NULL)
-                ABORT;
-            if (!BN_pseudo_rand(r0[i], BN_num_bits(s), 0, 0))
-                ABORT;
-        }
-    }
-
-    clck = clock();
-    for (i = 0; i < 10; i++) {
-        for (j = 0; j < 10; j++) {
-            if (!EC_POINT_mul
-                (group, P, (type != TIMING_RAND_PT) ? r[i] : NULL,
-                 (type != TIMING_BASE_PT) ? P : NULL,
-                 (type != TIMING_BASE_PT) ? r0[i] : NULL, ctx))
-                ABORT;
-        }
-    }
-    clck = clock() - clck;
-
-    fprintf(stdout, "\n");
-
-#  ifdef CLOCKS_PER_SEC
-    /*
-     * "To determine the time in seconds, the value returned by the clock
-     * function should be divided by the value of the macro CLOCKS_PER_SEC."
-     * -- ISO/IEC 9899
-     */
-#   define UNIT "s"
-#  else
-    /*
-     * "`CLOCKS_PER_SEC' undeclared (first use this function)" -- cc on
-     * NeXTstep/OpenStep
-     */
-#   define UNIT "units"
-#   define CLOCKS_PER_SEC 1
-#  endif
-
-    if (type == TIMING_BASE_PT) {
-        fprintf(stdout, "%i %s in %.2f " UNIT "\n", i * j,
-                "base point multiplications", (double)clck / CLOCKS_PER_SEC);
-    } else if (type == TIMING_RAND_PT) {
-        fprintf(stdout, "%i %s in %.2f " UNIT "\n", i * j,
-                "random point multiplications",
-                (double)clck / CLOCKS_PER_SEC);
-    } else if (type == TIMING_SIMUL) {
-        fprintf(stdout, "%i %s in %.2f " UNIT "\n", i * j,
-                "s*P+t*Q operations", (double)clck / CLOCKS_PER_SEC);
-    }
-    fprintf(stdout, "average: %.4f " UNIT "\n",
-            (double)clck / (CLOCKS_PER_SEC * i * j));
-
-    EC_POINT_free(P);
-    BN_free(s);
-    for (i = 0; i < 10; i++) {
-        BN_free(r[i]);
-        if (type != TIMING_BASE_PT)
-            BN_free(r0[i]);
-    }
-}
-# endif
-
-/* test multiplication with group order, long and negative scalars */
-static void group_order_tests(EC_GROUP *group)
-{
-    BIGNUM *n1, *n2, *order;
-    EC_POINT *P = EC_POINT_new(group);
-    EC_POINT *Q = EC_POINT_new(group);
-    BN_CTX *ctx = BN_CTX_new();
-    int i;
-
-    n1 = BN_new();
-    n2 = BN_new();
-    order = BN_new();
-    fprintf(stdout, "verify group order ...");
-    fflush(stdout);
-    if (!EC_GROUP_get_order(group, order, ctx))
-        ABORT;
-    if (!EC_POINT_mul(group, Q, order, NULL, NULL, ctx))
-        ABORT;
-    if (!EC_POINT_is_at_infinity(group, Q))
-        ABORT;
-    fprintf(stdout, ".");
-    fflush(stdout);
-    if (!EC_GROUP_precompute_mult(group, ctx))
-        ABORT;
-    if (!EC_POINT_mul(group, Q, order, NULL, NULL, ctx))
-        ABORT;
-    if (!EC_POINT_is_at_infinity(group, Q))
-        ABORT;
-    fprintf(stdout, " ok\n");
-    fprintf(stdout, "long/negative scalar tests ");
-    for (i = 1; i <= 2; i++) {
-        const BIGNUM *scalars[6];
-        const EC_POINT *points[6];
-
-        fprintf(stdout, i == 1 ?
-                "allowing precomputation ... " :
-                "without precomputation ... ");
-        if (!BN_set_word(n1, i))
-            ABORT;
-        /*
-         * If i == 1, P will be the predefined generator for which
-         * EC_GROUP_precompute_mult has set up precomputation.
-         */
-        if (!EC_POINT_mul(group, P, n1, NULL, NULL, ctx))
-            ABORT;
-
-        if (!BN_one(n1))
-            ABORT;
-        /* n1 = 1 - order */
-        if (!BN_sub(n1, n1, order))
-            ABORT;
-        if (!EC_POINT_mul(group, Q, NULL, P, n1, ctx))
-            ABORT;
-        if (0 != EC_POINT_cmp(group, Q, P, ctx))
-            ABORT;
-
-        /* n2 = 1 + order */
-        if (!BN_add(n2, order, BN_value_one()))
-            ABORT;
-        if (!EC_POINT_mul(group, Q, NULL, P, n2, ctx))
-            ABORT;
-        if (0 != EC_POINT_cmp(group, Q, P, ctx))
-            ABORT;
-
-        /* n2 = (1 - order) * (1 + order) = 1 - order^2 */
-        if (!BN_mul(n2, n1, n2, ctx))
-            ABORT;
-        if (!EC_POINT_mul(group, Q, NULL, P, n2, ctx))
-            ABORT;
-        if (0 != EC_POINT_cmp(group, Q, P, ctx))
-            ABORT;
-
-        /* n2 = order^2 - 1 */
-        BN_set_negative(n2, 0);
-        if (!EC_POINT_mul(group, Q, NULL, P, n2, ctx))
-            ABORT;
-        /* Add P to verify the result. */
-        if (!EC_POINT_add(group, Q, Q, P, ctx))
-            ABORT;
-        if (!EC_POINT_is_at_infinity(group, Q))
-            ABORT;
-
-        /* Exercise EC_POINTs_mul, including corner cases. */
-        if (EC_POINT_is_at_infinity(group, P))
-            ABORT;
-        scalars[0] = n1;
-        points[0] = Q;          /* => infinity */
-        scalars[1] = n2;
-        points[1] = P;          /* => -P */
-        scalars[2] = n1;
-        points[2] = Q;          /* => infinity */
-        scalars[3] = n2;
-        points[3] = Q;          /* => infinity */
-        scalars[4] = n1;
-        points[4] = P;          /* => P */
-        scalars[5] = n2;
-        points[5] = Q;          /* => infinity */
-        if (!EC_POINTs_mul(group, P, NULL, 6, points, scalars, ctx))
-            ABORT;
-        if (!EC_POINT_is_at_infinity(group, P))
-            ABORT;
-    }
-    fprintf(stdout, "ok\n");
-
-    EC_POINT_free(P);
-    EC_POINT_free(Q);
-    BN_free(n1);
-    BN_free(n2);
-    BN_free(order);
-    BN_CTX_free(ctx);
-}
-
-static void prime_field_tests(void)
-{
-    BN_CTX *ctx = NULL;
-    BIGNUM *p, *a, *b;
-    EC_GROUP *group;
-    EC_GROUP *P_160 = NULL, *P_192 = NULL, *P_224 = NULL, *P_256 =
-        NULL, *P_384 = NULL, *P_521 = NULL;
-    EC_POINT *P, *Q, *R;
-    BIGNUM *x, *y, *z;
-    unsigned char buf[100];
-    size_t i, len;
-    int k;
-
-# if 1                          /* optional */
-    ctx = BN_CTX_new();
-    if (!ctx)
-        ABORT;
-# endif
-
-    p = BN_new();
-    a = BN_new();
-    b = BN_new();
-    if (!p || !a || !b)
-        ABORT;
-
-    if (!BN_hex2bn(&p, "17"))
-        ABORT;
-    if (!BN_hex2bn(&a, "1"))
-        ABORT;
-    if (!BN_hex2bn(&b, "1"))
-        ABORT;
-
-    group = EC_GROUP_new(EC_GFp_mont_method()); /* applications should use
-                                                 * EC_GROUP_new_curve_GFp so
-                                                 * that the library gets to
-                                                 * choose the EC_METHOD */
-    if (!group)
-        ABORT;
-
-    if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
-        ABORT;
-
-    {
-        EC_GROUP *tmp;
-        tmp = EC_GROUP_new(EC_GROUP_method_of(group));
-        if (!tmp)
-            ABORT;
-        if (!EC_GROUP_copy(tmp, group))
-            ABORT;
-        EC_GROUP_free(group);
-        group = tmp;
-    }
-
-    if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx))
-        ABORT;
-
-    fprintf(stdout,
-            "Curve defined by Weierstrass equation\n     y^2 = x^3 + a*x + b  (mod 0x");
-    BN_print_fp(stdout, p);
-    fprintf(stdout, ")\n     a = 0x");
-    BN_print_fp(stdout, a);
-    fprintf(stdout, "\n     b = 0x");
-    BN_print_fp(stdout, b);
-    fprintf(stdout, "\n");
-
-    P = EC_POINT_new(group);
-    Q = EC_POINT_new(group);
-    R = EC_POINT_new(group);
-    if (!P || !Q || !R)
-        ABORT;
-
-    if (!EC_POINT_set_to_infinity(group, P))
-        ABORT;
-    if (!EC_POINT_is_at_infinity(group, P))
-        ABORT;
-
-    buf[0] = 0;
-    if (!EC_POINT_oct2point(group, Q, buf, 1, ctx))
-        ABORT;
-
-    if (!EC_POINT_add(group, P, P, Q, ctx))
-        ABORT;
-    if (!EC_POINT_is_at_infinity(group, P))
-        ABORT;
-
-    x = BN_new();
-    y = BN_new();
-    z = BN_new();
-    if (!x || !y || !z)
-        ABORT;
-
-    if (!BN_hex2bn(&x, "D"))
-        ABORT;
-    if (!EC_POINT_set_compressed_coordinates_GFp(group, Q, x, 1, ctx))
-        ABORT;
-    if (EC_POINT_is_on_curve(group, Q, ctx) <= 0) {
-        if (!EC_POINT_get_affine_coordinates_GFp(group, Q, x, y, ctx))
-            ABORT;
-        fprintf(stderr, "Point is not on curve: x = 0x");
-        BN_print_fp(stderr, x);
-        fprintf(stderr, ", y = 0x");
-        BN_print_fp(stderr, y);
-        fprintf(stderr, "\n");
-        ABORT;
-    }
-
-    fprintf(stdout, "A cyclic subgroup:\n");
-    k = 100;
-    do {
-        if (k-- == 0)
-            ABORT;
-
-        if (EC_POINT_is_at_infinity(group, P))
-            fprintf(stdout, "     point at infinity\n");
-        else {
-            if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
-                ABORT;
-
-            fprintf(stdout, "     x = 0x");
-            BN_print_fp(stdout, x);
-            fprintf(stdout, ", y = 0x");
-            BN_print_fp(stdout, y);
-            fprintf(stdout, "\n");
-        }
-
-        if (!EC_POINT_copy(R, P))
-            ABORT;
-        if (!EC_POINT_add(group, P, P, Q, ctx))
-            ABORT;
-
-# if 0                          /* optional */
-        {
-            EC_POINT *points[3];
-
-            points[0] = R;
-            points[1] = Q;
-            points[2] = P;
-            if (!EC_POINTs_make_affine(group, 2, points, ctx))
-                ABORT;
-        }
-# endif
-
-    }
-    while (!EC_POINT_is_at_infinity(group, P));
-
-    if (!EC_POINT_add(group, P, Q, R, ctx))
-        ABORT;
-    if (!EC_POINT_is_at_infinity(group, P))
-        ABORT;
-
-    len =
-        EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf,
-                           sizeof(buf), ctx);
-    if (len == 0)
-        ABORT;
-    if (!EC_POINT_oct2point(group, P, buf, len, ctx))
-        ABORT;
-    if (0 != EC_POINT_cmp(group, P, Q, ctx))
-        ABORT;
-    fprintf(stdout, "Generator as octet string, compressed form:\n     ");
-    for (i = 0; i < len; i++)
-        fprintf(stdout, "%02X", buf[i]);
-
-    len =
-        EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf,
-                           sizeof(buf), ctx);
-    if (len == 0)
-        ABORT;
-    if (!EC_POINT_oct2point(group, P, buf, len, ctx))
-        ABORT;
-    if (0 != EC_POINT_cmp(group, P, Q, ctx))
-        ABORT;
-    fprintf(stdout, "\nGenerator as octet string, uncompressed form:\n     ");
-    for (i = 0; i < len; i++)
-        fprintf(stdout, "%02X", buf[i]);
-
-    len =
-        EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof(buf),
-                           ctx);
-    if (len == 0)
-        ABORT;
-    if (!EC_POINT_oct2point(group, P, buf, len, ctx))
-        ABORT;
-    if (0 != EC_POINT_cmp(group, P, Q, ctx))
-        ABORT;
-    fprintf(stdout, "\nGenerator as octet string, hybrid form:\n     ");
-    for (i = 0; i < len; i++)
-        fprintf(stdout, "%02X", buf[i]);
-
-    if (!EC_POINT_get_Jprojective_coordinates_GFp(group, R, x, y, z, ctx))
-        ABORT;
-    fprintf(stdout,
-            "\nA representation of the inverse of that generator in\nJacobian projective coordinates:\n     X = 0x");
-    BN_print_fp(stdout, x);
-    fprintf(stdout, ", Y = 0x");
-    BN_print_fp(stdout, y);
-    fprintf(stdout, ", Z = 0x");
-    BN_print_fp(stdout, z);
-    fprintf(stdout, "\n");
-
-    if (!EC_POINT_invert(group, P, ctx))
-        ABORT;
-    if (0 != EC_POINT_cmp(group, P, R, ctx))
-        ABORT;
-
-    /*
-     * Curve secp160r1 (Certicom Research SEC 2 Version 1.0, section 2.4.2,
-     * 2000) -- not a NIST curve, but commonly used
-     */
-
-    if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF"))
-        ABORT;
-    if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
-        ABORT;
-    if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC"))
-        ABORT;
-    if (!BN_hex2bn(&b, "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45"))
-        ABORT;
-    if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
-        ABORT;
-
-    if (!BN_hex2bn(&x, "4A96B5688EF573284664698968C38BB913CBFC82"))
-        ABORT;
-    if (!BN_hex2bn(&y, "23a628553168947d59dcc912042351377ac5fb32"))
-        ABORT;
-    if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx))
-        ABORT;
-    if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
-        ABORT;
-    if (!BN_hex2bn(&z, "0100000000000000000001F4C8F927AED3CA752257"))
-        ABORT;
-    if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
-        ABORT;
-
-    if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
-        ABORT;
-    fprintf(stdout, "\nSEC2 curve secp160r1 -- Generator:\n     x = 0x");
-    BN_print_fp(stdout, x);
-    fprintf(stdout, "\n     y = 0x");
-    BN_print_fp(stdout, y);
-    fprintf(stdout, "\n");
-    /* G_y value taken from the standard: */
-    if (!BN_hex2bn(&z, "23a628553168947d59dcc912042351377ac5fb32"))
-        ABORT;
-    if (0 != BN_cmp(y, z))
-        ABORT;
-
-    fprintf(stdout, "verify degree ...");
-    if (EC_GROUP_get_degree(group) != 160)
-        ABORT;
-    fprintf(stdout, " ok\n");
-
-    group_order_tests(group);
-
-    if (!(P_160 = EC_GROUP_new(EC_GROUP_method_of(group))))
-        ABORT;
-    if (!EC_GROUP_copy(P_160, group))
-        ABORT;
-
-    /* Curve P-192 (FIPS PUB 186-2, App. 6) */
-
-    if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF"))
-        ABORT;
-    if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
-        ABORT;
-    if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC"))
-        ABORT;
-    if (!BN_hex2bn(&b, "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1"))
-        ABORT;
-    if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
-        ABORT;
-
-    if (!BN_hex2bn(&x, "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012"))
-        ABORT;
-    if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx))
-        ABORT;
-    if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
-        ABORT;
-    if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831"))
-        ABORT;
-    if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
-        ABORT;
-
-    if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
-        ABORT;
-    fprintf(stdout, "\nNIST curve P-192 -- Generator:\n     x = 0x");
-    BN_print_fp(stdout, x);
-    fprintf(stdout, "\n     y = 0x");
-    BN_print_fp(stdout, y);
-    fprintf(stdout, "\n");
-    /* G_y value taken from the standard: */
-    if (!BN_hex2bn(&z, "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811"))
-        ABORT;
-    if (0 != BN_cmp(y, z))
-        ABORT;
-
-    fprintf(stdout, "verify degree ...");
-    if (EC_GROUP_get_degree(group) != 192)
-        ABORT;
-    fprintf(stdout, " ok\n");
-
-    group_order_tests(group);
-
-    if (!(P_192 = EC_GROUP_new(EC_GROUP_method_of(group))))
-        ABORT;
-    if (!EC_GROUP_copy(P_192, group))
-        ABORT;
-
-    /* Curve P-224 (FIPS PUB 186-2, App. 6) */
-
-    if (!BN_hex2bn
-        (&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001"))
-        ABORT;
-    if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
-        ABORT;
-    if (!BN_hex2bn
-        (&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE"))
-        ABORT;
-    if (!BN_hex2bn
-        (&b, "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4"))
-        ABORT;
-    if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
-        ABORT;
-
-    if (!BN_hex2bn
-        (&x, "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21"))
-        ABORT;
-    if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx))
-        ABORT;
-    if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
-        ABORT;
-    if (!BN_hex2bn
-        (&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D"))
-        ABORT;
-    if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
-        ABORT;
-
-    if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
-        ABORT;
-    fprintf(stdout, "\nNIST curve P-224 -- Generator:\n     x = 0x");
-    BN_print_fp(stdout, x);
-    fprintf(stdout, "\n     y = 0x");
-    BN_print_fp(stdout, y);
-    fprintf(stdout, "\n");
-    /* G_y value taken from the standard: */
-    if (!BN_hex2bn
-        (&z, "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34"))
-        ABORT;
-    if (0 != BN_cmp(y, z))
-        ABORT;
-
-    fprintf(stdout, "verify degree ...");
-    if (EC_GROUP_get_degree(group) != 224)
-        ABORT;
-    fprintf(stdout, " ok\n");
-
-    group_order_tests(group);
-
-    if (!(P_224 = EC_GROUP_new(EC_GROUP_method_of(group))))
-        ABORT;
-    if (!EC_GROUP_copy(P_224, group))
-        ABORT;
-
-    /* Curve P-256 (FIPS PUB 186-2, App. 6) */
-
-    if (!BN_hex2bn
-        (&p,
-         "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF"))
-        ABORT;
-    if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
-        ABORT;
-    if (!BN_hex2bn
-        (&a,
-         "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC"))
-        ABORT;
-    if (!BN_hex2bn
-        (&b,
-         "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B"))
-        ABORT;
-    if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
-        ABORT;
-
-    if (!BN_hex2bn
-        (&x,
-         "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296"))
-        ABORT;
-    if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx))
-        ABORT;
-    if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
-        ABORT;
-    if (!BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E"
-                   "84F3B9CAC2FC632551"))
-        ABORT;
-    if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
-        ABORT;
-
-    if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
-        ABORT;
-    fprintf(stdout, "\nNIST curve P-256 -- Generator:\n     x = 0x");
-    BN_print_fp(stdout, x);
-    fprintf(stdout, "\n     y = 0x");
-    BN_print_fp(stdout, y);
-    fprintf(stdout, "\n");
-    /* G_y value taken from the standard: */
-    if (!BN_hex2bn
-        (&z,
-         "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5"))
-        ABORT;
-    if (0 != BN_cmp(y, z))
-        ABORT;
-
-    fprintf(stdout, "verify degree ...");
-    if (EC_GROUP_get_degree(group) != 256)
-        ABORT;
-    fprintf(stdout, " ok\n");
-
-    group_order_tests(group);
-
-    if (!(P_256 = EC_GROUP_new(EC_GROUP_method_of(group))))
-        ABORT;
-    if (!EC_GROUP_copy(P_256, group))
-        ABORT;
-
-    /* Curve P-384 (FIPS PUB 186-2, App. 6) */
-
-    if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
-                   "FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF"))
-        ABORT;
-    if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
-        ABORT;
-    if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
-                   "FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC"))
-        ABORT;
-    if (!BN_hex2bn(&b, "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141"
-                   "120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF"))
-        ABORT;
-    if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
-        ABORT;
-
-    if (!BN_hex2bn(&x, "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B"
-                   "9859F741E082542A385502F25DBF55296C3A545E3872760AB7"))
-        ABORT;
-    if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx))
-        ABORT;
-    if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
-        ABORT;
-    if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
-                   "FFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973"))
-        ABORT;
-    if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
-        ABORT;
-
-    if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
-        ABORT;
-    fprintf(stdout, "\nNIST curve P-384 -- Generator:\n     x = 0x");
-    BN_print_fp(stdout, x);
-    fprintf(stdout, "\n     y = 0x");
-    BN_print_fp(stdout, y);
-    fprintf(stdout, "\n");
-    /* G_y value taken from the standard: */
-    if (!BN_hex2bn(&z, "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A14"
-                   "7CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F"))
-        ABORT;
-    if (0 != BN_cmp(y, z))
-        ABORT;
-
-    fprintf(stdout, "verify degree ...");
-    if (EC_GROUP_get_degree(group) != 384)
-        ABORT;
-    fprintf(stdout, " ok\n");
-
-    group_order_tests(group);
-
-    if (!(P_384 = EC_GROUP_new(EC_GROUP_method_of(group))))
-        ABORT;
-    if (!EC_GROUP_copy(P_384, group))
-        ABORT;
-
-    /* Curve P-521 (FIPS PUB 186-2, App. 6) */
-
-    if (!BN_hex2bn(&p, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
-                   "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
-                   "FFFFFFFFFFFFFFFFFFFFFFFFFFFF"))
-        ABORT;
-    if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
-        ABORT;
-    if (!BN_hex2bn(&a, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
-                   "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
-                   "FFFFFFFFFFFFFFFFFFFFFFFFFFFC"))
-        ABORT;
-    if (!BN_hex2bn(&b, "051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B"
-                   "315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573"
-                   "DF883D2C34F1EF451FD46B503F00"))
-        ABORT;
-    if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
-        ABORT;
-
-    if (!BN_hex2bn(&x, "C6858E06B70404E9CD9E3ECB662395B4429C648139053F"
-                   "B521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B"
-                   "3C1856A429BF97E7E31C2E5BD66"))
-        ABORT;
-    if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx))
-        ABORT;
-    if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
-        ABORT;
-    if (!BN_hex2bn(&z, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
-                   "FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5"
-                   "C9B8899C47AEBB6FB71E91386409"))
-        ABORT;
-    if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
-        ABORT;
-
-    if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
-        ABORT;
-    fprintf(stdout, "\nNIST curve P-521 -- Generator:\n     x = 0x");
-    BN_print_fp(stdout, x);
-    fprintf(stdout, "\n     y = 0x");
-    BN_print_fp(stdout, y);
-    fprintf(stdout, "\n");
-    /* G_y value taken from the standard: */
-    if (!BN_hex2bn(&z, "11839296A789A3BC0045C8A5FB42C7D1BD998F54449579"
-                   "B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C"
-                   "7086A272C24088BE94769FD16650"))
-        ABORT;
-    if (0 != BN_cmp(y, z))
-        ABORT;
-
-    fprintf(stdout, "verify degree ...");
-    if (EC_GROUP_get_degree(group) != 521)
-        ABORT;
-    fprintf(stdout, " ok\n");
-
-    group_order_tests(group);
-
-    if (!(P_521 = EC_GROUP_new(EC_GROUP_method_of(group))))
-        ABORT;
-    if (!EC_GROUP_copy(P_521, group))
-        ABORT;
-
-    /* more tests using the last curve */
-
-    if (!EC_POINT_copy(Q, P))
-        ABORT;
-    if (EC_POINT_is_at_infinity(group, Q))
-        ABORT;
-    if (!EC_POINT_dbl(group, P, P, ctx))
-        ABORT;
-    if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
-        ABORT;
-    if (!EC_POINT_invert(group, Q, ctx))
-        ABORT;                  /* P = -2Q */
-
-    if (!EC_POINT_add(group, R, P, Q, ctx))
-        ABORT;
-    if (!EC_POINT_add(group, R, R, Q, ctx))
-        ABORT;
-    if (!EC_POINT_is_at_infinity(group, R))
-        ABORT;                  /* R = P + 2Q */
-
-    {
-        const EC_POINT *points[4];
-        const BIGNUM *scalars[4];
-        BIGNUM scalar3;
-
-        if (EC_POINT_is_at_infinity(group, Q))
-            ABORT;
-        points[0] = Q;
-        points[1] = Q;
-        points[2] = Q;
-        points[3] = Q;
-
-        if (!EC_GROUP_get_order(group, z, ctx))
-            ABORT;
-        if (!BN_add(y, z, BN_value_one()))
-            ABORT;
-        if (BN_is_odd(y))
-            ABORT;
-        if (!BN_rshift1(y, y))
-            ABORT;
-        scalars[0] = y;         /* (group order + 1)/2, so y*Q + y*Q = Q */
-        scalars[1] = y;
-
-        fprintf(stdout, "combined multiplication ...");
-        fflush(stdout);
-
-        /* z is still the group order */
-        if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
-            ABORT;
-        if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx))
-            ABORT;
-        if (0 != EC_POINT_cmp(group, P, R, ctx))
-            ABORT;
-        if (0 != EC_POINT_cmp(group, R, Q, ctx))
-            ABORT;
-
-        fprintf(stdout, ".");
-        fflush(stdout);
-
-        if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0))
-            ABORT;
-        if (!BN_add(z, z, y))
-            ABORT;
-        BN_set_negative(z, 1);
-        scalars[0] = y;
-        scalars[1] = z;         /* z = -(order + y) */
-
-        if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
-            ABORT;
-        if (!EC_POINT_is_at_infinity(group, P))
-            ABORT;
-
-        fprintf(stdout, ".");
-        fflush(stdout);
-
-        if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0))
-            ABORT;
-        if (!BN_add(z, x, y))
-            ABORT;
-        BN_set_negative(z, 1);
-        scalars[0] = x;
-        scalars[1] = y;
-        scalars[2] = z;         /* z = -(x+y) */
-
-        BN_init(&scalar3);
-        BN_zero(&scalar3);
-        scalars[3] = &scalar3;
-
-        if (!EC_POINTs_mul(group, P, NULL, 4, points, scalars, ctx))
-            ABORT;
-        if (!EC_POINT_is_at_infinity(group, P))
-            ABORT;
-
-        fprintf(stdout, " ok\n\n");
-
-        BN_free(&scalar3);
-    }
-
-# if 0
-    timings(P_160, TIMING_BASE_PT, ctx);
-    timings(P_160, TIMING_RAND_PT, ctx);
-    timings(P_160, TIMING_SIMUL, ctx);
-    timings(P_192, TIMING_BASE_PT, ctx);
-    timings(P_192, TIMING_RAND_PT, ctx);
-    timings(P_192, TIMING_SIMUL, ctx);
-    timings(P_224, TIMING_BASE_PT, ctx);
-    timings(P_224, TIMING_RAND_PT, ctx);
-    timings(P_224, TIMING_SIMUL, ctx);
-    timings(P_256, TIMING_BASE_PT, ctx);
-    timings(P_256, TIMING_RAND_PT, ctx);
-    timings(P_256, TIMING_SIMUL, ctx);
-    timings(P_384, TIMING_BASE_PT, ctx);
-    timings(P_384, TIMING_RAND_PT, ctx);
-    timings(P_384, TIMING_SIMUL, ctx);
-    timings(P_521, TIMING_BASE_PT, ctx);
-    timings(P_521, TIMING_RAND_PT, ctx);
-    timings(P_521, TIMING_SIMUL, ctx);
-# endif
-
-    if (ctx)
-        BN_CTX_free(ctx);
-    BN_free(p);
-    BN_free(a);
-    BN_free(b);
-    EC_GROUP_free(group);
-    EC_POINT_free(P);
-    EC_POINT_free(Q);
-    EC_POINT_free(R);
-    BN_free(x);
-    BN_free(y);
-    BN_free(z);
-
-    if (P_160)
-        EC_GROUP_free(P_160);
-    if (P_192)
-        EC_GROUP_free(P_192);
-    if (P_224)
-        EC_GROUP_free(P_224);
-    if (P_256)
-        EC_GROUP_free(P_256);
-    if (P_384)
-        EC_GROUP_free(P_384);
-    if (P_521)
-        EC_GROUP_free(P_521);
-
-}
-
-/* Change test based on whether binary point compression is enabled or not. */
-# ifdef OPENSSL_EC_BIN_PT_COMP
-#  define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
-        if (!BN_hex2bn(&x, _x)) ABORT; \
-        if (!EC_POINT_set_compressed_coordinates_GF2m(group, P, x, _y_bit, ctx)) ABORT; \
-        if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \
-        if (!BN_hex2bn(&z, _order)) ABORT; \
-        if (!BN_hex2bn(&cof, _cof)) ABORT; \
-        if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \
-        if (!EC_POINT_get_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \
-        fprintf(stdout, "\n%s -- Generator:\n     x = 0x", _name); \
-        BN_print_fp(stdout, x); \
-        fprintf(stdout, "\n     y = 0x"); \
-        BN_print_fp(stdout, y); \
-        fprintf(stdout, "\n"); \
-        /* G_y value taken from the standard: */ \
-        if (!BN_hex2bn(&z, _y)) ABORT; \
-        if (0 != BN_cmp(y, z)) ABORT;
-# else
-#  define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
-        if (!BN_hex2bn(&x, _x)) ABORT; \
-        if (!BN_hex2bn(&y, _y)) ABORT; \
-        if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \
-        if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \
-        if (!BN_hex2bn(&z, _order)) ABORT; \
-        if (!BN_hex2bn(&cof, _cof)) ABORT; \
-        if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \
-        fprintf(stdout, "\n%s -- Generator:\n     x = 0x", _name); \
-        BN_print_fp(stdout, x); \
-        fprintf(stdout, "\n     y = 0x"); \
-        BN_print_fp(stdout, y); \
-        fprintf(stdout, "\n");
-# endif
-
-# define CHAR2_CURVE_TEST(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
-        if (!BN_hex2bn(&p, _p)) ABORT; \
-        if (!BN_hex2bn(&a, _a)) ABORT; \
-        if (!BN_hex2bn(&b, _b)) ABORT; \
-        if (!EC_GROUP_set_curve_GF2m(group, p, a, b, ctx)) ABORT; \
-        CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
-        fprintf(stdout, "verify degree ..."); \
-        if (EC_GROUP_get_degree(group) != _degree) ABORT; \
-        fprintf(stdout, " ok\n"); \
-        group_order_tests(group); \
-        if (!(_variable = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT; \
-        if (!EC_GROUP_copy(_variable, group)) ABORT; \
-
-# ifndef OPENSSL_NO_EC2M
-
-static void char2_field_tests(void)
-{
-    BN_CTX *ctx = NULL;
-    BIGNUM *p, *a, *b;
-    EC_GROUP *group;
-    EC_GROUP *C2_K163 = NULL, *C2_K233 = NULL, *C2_K283 = NULL, *C2_K409 =
-        NULL, *C2_K571 = NULL;
-    EC_GROUP *C2_B163 = NULL, *C2_B233 = NULL, *C2_B283 = NULL, *C2_B409 =
-        NULL, *C2_B571 = NULL;
-    EC_POINT *P, *Q, *R;
-    BIGNUM *x, *y, *z, *cof;
-    unsigned char buf[100];
-    size_t i, len;
-    int k;
-
-#  if 1                         /* optional */
-    ctx = BN_CTX_new();
-    if (!ctx)
-        ABORT;
-#  endif
-
-    p = BN_new();
-    a = BN_new();
-    b = BN_new();
-    if (!p || !a || !b)
-        ABORT;
-
-    if (!BN_hex2bn(&p, "13"))
-        ABORT;
-    if (!BN_hex2bn(&a, "3"))
-        ABORT;
-    if (!BN_hex2bn(&b, "1"))
-        ABORT;
-
-    group = EC_GROUP_new(EC_GF2m_simple_method()); /* applications should use
-                                                    * EC_GROUP_new_curve_GF2m
-                                                    * so that the library gets
-                                                    * to choose the EC_METHOD */
-    if (!group)
-        ABORT;
-    if (!EC_GROUP_set_curve_GF2m(group, p, a, b, ctx))
-        ABORT;
-
-    {
-        EC_GROUP *tmp;
-        tmp = EC_GROUP_new(EC_GROUP_method_of(group));
-        if (!tmp)
-            ABORT;
-        if (!EC_GROUP_copy(tmp, group))
-            ABORT;
-        EC_GROUP_free(group);
-        group = tmp;
-    }
-
-    if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx))
-        ABORT;
-
-    fprintf(stdout,
-            "Curve defined by Weierstrass equation\n     y^2 + x*y = x^3 + a*x^2 + b  (mod 0x");
-    BN_print_fp(stdout, p);
-    fprintf(stdout, ")\n     a = 0x");
-    BN_print_fp(stdout, a);
-    fprintf(stdout, "\n     b = 0x");
-    BN_print_fp(stdout, b);
-    fprintf(stdout, "\n(0x... means binary polynomial)\n");
-
-    P = EC_POINT_new(group);
-    Q = EC_POINT_new(group);
-    R = EC_POINT_new(group);
-    if (!P || !Q || !R)
-        ABORT;
-
-    if (!EC_POINT_set_to_infinity(group, P))
-        ABORT;
-    if (!EC_POINT_is_at_infinity(group, P))
-        ABORT;
-
-    buf[0] = 0;
-    if (!EC_POINT_oct2point(group, Q, buf, 1, ctx))
-        ABORT;
-
-    if (!EC_POINT_add(group, P, P, Q, ctx))
-        ABORT;
-    if (!EC_POINT_is_at_infinity(group, P))
-        ABORT;
-
-    x = BN_new();
-    y = BN_new();
-    z = BN_new();
-    cof = BN_new();
-    if (!x || !y || !z || !cof)
-        ABORT;
-
-    if (!BN_hex2bn(&x, "6"))
-        ABORT;
-/* Change test based on whether binary point compression is enabled or not. */
-#  ifdef OPENSSL_EC_BIN_PT_COMP
-    if (!EC_POINT_set_compressed_coordinates_GF2m(group, Q, x, 1, ctx))
-        ABORT;
-#  else
-    if (!BN_hex2bn(&y, "8"))
-        ABORT;
-    if (!EC_POINT_set_affine_coordinates_GF2m(group, Q, x, y, ctx))
-        ABORT;
-#  endif
-    if (EC_POINT_is_on_curve(group, Q, ctx) <= 0) {
-/* Change test based on whether binary point compression is enabled or not. */
-#  ifdef OPENSSL_EC_BIN_PT_COMP
-        if (!EC_POINT_get_affine_coordinates_GF2m(group, Q, x, y, ctx))
-            ABORT;
-#  endif
-        fprintf(stderr, "Point is not on curve: x = 0x");
-        BN_print_fp(stderr, x);
-        fprintf(stderr, ", y = 0x");
-        BN_print_fp(stderr, y);
-        fprintf(stderr, "\n");
-        ABORT;
-    }
-
-    fprintf(stdout, "A cyclic subgroup:\n");
-    k = 100;
-    do {
-        if (k-- == 0)
-            ABORT;
-
-        if (EC_POINT_is_at_infinity(group, P))
-            fprintf(stdout, "     point at infinity\n");
-        else {
-            if (!EC_POINT_get_affine_coordinates_GF2m(group, P, x, y, ctx))
-                ABORT;
-
-            fprintf(stdout, "     x = 0x");
-            BN_print_fp(stdout, x);
-            fprintf(stdout, ", y = 0x");
-            BN_print_fp(stdout, y);
-            fprintf(stdout, "\n");
-        }
-
-        if (!EC_POINT_copy(R, P))
-            ABORT;
-        if (!EC_POINT_add(group, P, P, Q, ctx))
-            ABORT;
-    }
-    while (!EC_POINT_is_at_infinity(group, P));
-
-    if (!EC_POINT_add(group, P, Q, R, ctx))
-        ABORT;
-    if (!EC_POINT_is_at_infinity(group, P))
-        ABORT;
-
-/* Change test based on whether binary point compression is enabled or not. */
-#  ifdef OPENSSL_EC_BIN_PT_COMP
-    len =
-        EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf,
-                           sizeof(buf), ctx);
-    if (len == 0)
-        ABORT;
-    if (!EC_POINT_oct2point(group, P, buf, len, ctx))
-        ABORT;
-    if (0 != EC_POINT_cmp(group, P, Q, ctx))
-        ABORT;
-    fprintf(stdout, "Generator as octet string, compressed form:\n     ");
-    for (i = 0; i < len; i++)
-        fprintf(stdout, "%02X", buf[i]);
-#  endif
-
-    len =
-        EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf,
-                           sizeof(buf), ctx);
-    if (len == 0)
-        ABORT;
-    if (!EC_POINT_oct2point(group, P, buf, len, ctx))
-        ABORT;
-    if (0 != EC_POINT_cmp(group, P, Q, ctx))
-        ABORT;
-    fprintf(stdout, "\nGenerator as octet string, uncompressed form:\n     ");
-    for (i = 0; i < len; i++)
-        fprintf(stdout, "%02X", buf[i]);
-
-/* Change test based on whether binary point compression is enabled or not. */
-#  ifdef OPENSSL_EC_BIN_PT_COMP
-    len =
-        EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof(buf),
-                           ctx);
-    if (len == 0)
-        ABORT;
-    if (!EC_POINT_oct2point(group, P, buf, len, ctx))
-        ABORT;
-    if (0 != EC_POINT_cmp(group, P, Q, ctx))
-        ABORT;
-    fprintf(stdout, "\nGenerator as octet string, hybrid form:\n     ");
-    for (i = 0; i < len; i++)
-        fprintf(stdout, "%02X", buf[i]);
-#  endif
-
-    fprintf(stdout, "\n");
-
-    if (!EC_POINT_invert(group, P, ctx))
-        ABORT;
-    if (0 != EC_POINT_cmp(group, P, R, ctx))
-        ABORT;
-
-    /* Curve K-163 (FIPS PUB 186-2, App. 6) */
-    CHAR2_CURVE_TEST
-        ("NIST curve K-163",
-         "0800000000000000000000000000000000000000C9",
-         "1",
-         "1",
-         "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8",
-         "0289070FB05D38FF58321F2E800536D538CCDAA3D9",
-         1, "04000000000000000000020108A2E0CC0D99F8A5EF", "2", 163, C2_K163);
-
-    /* Curve B-163 (FIPS PUB 186-2, App. 6) */
-    CHAR2_CURVE_TEST
-        ("NIST curve B-163",
-         "0800000000000000000000000000000000000000C9",
-         "1",
-         "020A601907B8C953CA1481EB10512F78744A3205FD",
-         "03F0EBA16286A2D57EA0991168D4994637E8343E36",
-         "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1",
-         1, "040000000000000000000292FE77E70C12A4234C33", "2", 163, C2_B163);
-
-    /* Curve K-233 (FIPS PUB 186-2, App. 6) */
-    CHAR2_CURVE_TEST
-        ("NIST curve K-233",
-         "020000000000000000000000000000000000000004000000000000000001",
-         "0",
-         "1",
-         "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126",
-         "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3",
-         0,
-         "008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF",
-         "4", 233, C2_K233);
-
-    /* Curve B-233 (FIPS PUB 186-2, App. 6) */
-    CHAR2_CURVE_TEST
-        ("NIST curve B-233",
-         "020000000000000000000000000000000000000004000000000000000001",
-         "000000000000000000000000000000000000000000000000000000000001",
-         "0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD",
-         "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B",
-         "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052",
-         1,
-         "01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7",
-         "2", 233, C2_B233);
-
-    /* Curve K-283 (FIPS PUB 186-2, App. 6) */
-    CHAR2_CURVE_TEST
-        ("NIST curve K-283",
-         "0800000000000000000000000000000000000000000000000000000000000000000010A1",
-         "0",
-         "1",
-         "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836",
-         "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259",
-         0,
-         "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61",
-         "4", 283, C2_K283);
-
-    /* Curve B-283 (FIPS PUB 186-2, App. 6) */
-    CHAR2_CURVE_TEST
-        ("NIST curve B-283",
-         "0800000000000000000000000000000000000000000000000000000000000000000010A1",
-         "000000000000000000000000000000000000000000000000000000000000000000000001",
-         "027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5",
-         "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053",
-         "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4",
-         1,
-         "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307",
-         "2", 283, C2_B283);
-
-    /* Curve K-409 (FIPS PUB 186-2, App. 6) */
-    CHAR2_CURVE_TEST
-        ("NIST curve K-409",
-         "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",
-         "0",
-         "1",
-         "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746",
-         "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B",
-         1,
-         "007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF",
-         "4", 409, C2_K409);
-
-    /* Curve B-409 (FIPS PUB 186-2, App. 6) */
-    CHAR2_CURVE_TEST
-        ("NIST curve B-409",
-         "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",
-         "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
-         "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F",
-         "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7",
-         "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706",
-         1,
-         "010000000000000000000000000000000000000000000000000001E2AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173",
-         "2", 409, C2_B409);
-
-    /* Curve K-571 (FIPS PUB 186-2, App. 6) */
-    CHAR2_CURVE_TEST
-        ("NIST curve K-571",
-         "80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",
-         "0",
-         "1",
-         "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972",
-         "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3",
-         0,
-         "020000000000000000000000000000000000000000000000000000000000000000000000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001",
-         "4", 571, C2_K571);
-
-    /* Curve B-571 (FIPS PUB 186-2, App. 6) */
-    CHAR2_CURVE_TEST
-        ("NIST curve B-571",
-         "80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",
-         "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
-         "02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A",
-         "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19",
-         "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B",
-         1,
-         "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47",
-         "2", 571, C2_B571);
-
-    /* more tests using the last curve */
-
-    if (!EC_POINT_copy(Q, P))
-        ABORT;
-    if (EC_POINT_is_at_infinity(group, Q))
-        ABORT;
-    if (!EC_POINT_dbl(group, P, P, ctx))
-        ABORT;
-    if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
-        ABORT;
-    if (!EC_POINT_invert(group, Q, ctx))
-        ABORT;                  /* P = -2Q */
-
-    if (!EC_POINT_add(group, R, P, Q, ctx))
-        ABORT;
-    if (!EC_POINT_add(group, R, R, Q, ctx))
-        ABORT;
-    if (!EC_POINT_is_at_infinity(group, R))
-        ABORT;                  /* R = P + 2Q */
-
-    {
-        const EC_POINT *points[3];
-        const BIGNUM *scalars[3];
-
-        if (EC_POINT_is_at_infinity(group, Q))
-            ABORT;
-        points[0] = Q;
-        points[1] = Q;
-        points[2] = Q;
-
-        if (!BN_add(y, z, BN_value_one()))
-            ABORT;
-        if (BN_is_odd(y))
-            ABORT;
-        if (!BN_rshift1(y, y))
-            ABORT;
-        scalars[0] = y;         /* (group order + 1)/2, so y*Q + y*Q = Q */
-        scalars[1] = y;
-
-        fprintf(stdout, "combined multiplication ...");
-        fflush(stdout);
-
-        /* z is still the group order */
-        if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
-            ABORT;
-        if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx))
-            ABORT;
-        if (0 != EC_POINT_cmp(group, P, R, ctx))
-            ABORT;
-        if (0 != EC_POINT_cmp(group, R, Q, ctx))
-            ABORT;
-
-        fprintf(stdout, ".");
-        fflush(stdout);
-
-        if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0))
-            ABORT;
-        if (!BN_add(z, z, y))
-            ABORT;
-        BN_set_negative(z, 1);
-        scalars[0] = y;
-        scalars[1] = z;         /* z = -(order + y) */
-
-        if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
-            ABORT;
-        if (!EC_POINT_is_at_infinity(group, P))
-            ABORT;
-
-        fprintf(stdout, ".");
-        fflush(stdout);
-
-        if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0))
-            ABORT;
-        if (!BN_add(z, x, y))
-            ABORT;
-        BN_set_negative(z, 1);
-        scalars[0] = x;
-        scalars[1] = y;
-        scalars[2] = z;         /* z = -(x+y) */
-
-        if (!EC_POINTs_mul(group, P, NULL, 3, points, scalars, ctx))
-            ABORT;
-        if (!EC_POINT_is_at_infinity(group, P))
-            ABORT;
-
-        fprintf(stdout, " ok\n\n");
-    }
-
-#  if 0
-    timings(C2_K163, TIMING_BASE_PT, ctx);
-    timings(C2_K163, TIMING_RAND_PT, ctx);
-    timings(C2_K163, TIMING_SIMUL, ctx);
-    timings(C2_B163, TIMING_BASE_PT, ctx);
-    timings(C2_B163, TIMING_RAND_PT, ctx);
-    timings(C2_B163, TIMING_SIMUL, ctx);
-    timings(C2_K233, TIMING_BASE_PT, ctx);
-    timings(C2_K233, TIMING_RAND_PT, ctx);
-    timings(C2_K233, TIMING_SIMUL, ctx);
-    timings(C2_B233, TIMING_BASE_PT, ctx);
-    timings(C2_B233, TIMING_RAND_PT, ctx);
-    timings(C2_B233, TIMING_SIMUL, ctx);
-    timings(C2_K283, TIMING_BASE_PT, ctx);
-    timings(C2_K283, TIMING_RAND_PT, ctx);
-    timings(C2_K283, TIMING_SIMUL, ctx);
-    timings(C2_B283, TIMING_BASE_PT, ctx);
-    timings(C2_B283, TIMING_RAND_PT, ctx);
-    timings(C2_B283, TIMING_SIMUL, ctx);
-    timings(C2_K409, TIMING_BASE_PT, ctx);
-    timings(C2_K409, TIMING_RAND_PT, ctx);
-    timings(C2_K409, TIMING_SIMUL, ctx);
-    timings(C2_B409, TIMING_BASE_PT, ctx);
-    timings(C2_B409, TIMING_RAND_PT, ctx);
-    timings(C2_B409, TIMING_SIMUL, ctx);
-    timings(C2_K571, TIMING_BASE_PT, ctx);
-    timings(C2_K571, TIMING_RAND_PT, ctx);
-    timings(C2_K571, TIMING_SIMUL, ctx);
-    timings(C2_B571, TIMING_BASE_PT, ctx);
-    timings(C2_B571, TIMING_RAND_PT, ctx);
-    timings(C2_B571, TIMING_SIMUL, ctx);
-#  endif
-
-    if (ctx)
-        BN_CTX_free(ctx);
-    BN_free(p);
-    BN_free(a);
-    BN_free(b);
-    EC_GROUP_free(group);
-    EC_POINT_free(P);
-    EC_POINT_free(Q);
-    EC_POINT_free(R);
-    BN_free(x);
-    BN_free(y);
-    BN_free(z);
-    BN_free(cof);
-
-    if (C2_K163)
-        EC_GROUP_free(C2_K163);
-    if (C2_B163)
-        EC_GROUP_free(C2_B163);
-    if (C2_K233)
-        EC_GROUP_free(C2_K233);
-    if (C2_B233)
-        EC_GROUP_free(C2_B233);
-    if (C2_K283)
-        EC_GROUP_free(C2_K283);
-    if (C2_B283)
-        EC_GROUP_free(C2_B283);
-    if (C2_K409)
-        EC_GROUP_free(C2_K409);
-    if (C2_B409)
-        EC_GROUP_free(C2_B409);
-    if (C2_K571)
-        EC_GROUP_free(C2_K571);
-    if (C2_B571)
-        EC_GROUP_free(C2_B571);
-
-}
-# endif
-
-static void internal_curve_test(void)
-{
-    EC_builtin_curve *curves = NULL;
-    size_t crv_len = 0, n = 0;
-    int ok = 1;
-
-    crv_len = EC_get_builtin_curves(NULL, 0);
-
-    curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len);
-
-    if (curves == NULL)
-        return;
-
-    if (!EC_get_builtin_curves(curves, crv_len)) {
-        OPENSSL_free(curves);
-        return;
-    }
-
-    fprintf(stdout, "testing internal curves: ");
-
-    for (n = 0; n < crv_len; n++) {
-        EC_GROUP *group = NULL;
-        int nid = curves[n].nid;
-        if ((group = EC_GROUP_new_by_curve_name(nid)) == NULL) {
-            ok = 0;
-            fprintf(stdout, "\nEC_GROUP_new_curve_name() failed with"
-                    " curve %s\n", OBJ_nid2sn(nid));
-            /* try next curve */
-            continue;
-        }
-        if (!EC_GROUP_check(group, NULL)) {
-            ok = 0;
-            fprintf(stdout, "\nEC_GROUP_check() failed with"
-                    " curve %s\n", OBJ_nid2sn(nid));
-            EC_GROUP_free(group);
-            /* try the next curve */
-            continue;
-        }
-        fprintf(stdout, ".");
-        fflush(stdout);
-        EC_GROUP_free(group);
-    }
-    if (ok)
-        fprintf(stdout, " ok\n\n");
-    else {
-        fprintf(stdout, " failed\n\n");
-        ABORT;
-    }
-    OPENSSL_free(curves);
-    return;
-}
-
-# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
-/*
- * nistp_test_params contains magic numbers for testing our optimized
- * implementations of several NIST curves with characteristic > 3.
- */
-struct nistp_test_params {
-    const EC_METHOD *(*meth) ();
-    int degree;
-    /*
-     * Qx, Qy and D are taken from
-     * http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/ECDSA_Prime.pdf
-     * Otherwise, values are standard curve parameters from FIPS 180-3
-     */
-    const char *p, *a, *b, *Qx, *Qy, *Gx, *Gy, *order, *d;
-};
-
-static const struct nistp_test_params nistp_tests_params[] = {
-    {
-     /* P-224 */
-     EC_GFp_nistp224_method,
-     224,
-     /* p */
-     "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",
-     /* a */
-     "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE",
-     /* b */
-     "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4",
-     /* Qx */
-     "E84FB0B8E7000CB657D7973CF6B42ED78B301674276DF744AF130B3E",
-     /* Qy */
-     "4376675C6FC5612C21A0FF2D2A89D2987DF7A2BC52183B5982298555",
-     /* Gx */
-     "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21",
-     /* Gy */
-     "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34",
-     /* order */
-     "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D",
-     /* d */
-     "3F0C488E987C80BE0FEE521F8D90BE6034EC69AE11CA72AA777481E8",
-     },
-    {
-     /* P-256 */
-     EC_GFp_nistp256_method,
-     256,
-     /* p */
-     "ffffffff00000001000000000000000000000000ffffffffffffffffffffffff",
-     /* a */
-     "ffffffff00000001000000000000000000000000fffffffffffffffffffffffc",
-     /* b */
-     "5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b",
-     /* Qx */
-     "b7e08afdfe94bad3f1dc8c734798ba1c62b3a0ad1e9ea2a38201cd0889bc7a19",
-     /* Qy */
-     "3603f747959dbf7a4bb226e41928729063adc7ae43529e61b563bbc606cc5e09",
-     /* Gx */
-     "6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296",
-     /* Gy */
-     "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5",
-     /* order */
-     "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551",
-     /* d */
-     "c477f9f65c22cce20657faa5b2d1d8122336f851a508a1ed04e479c34985bf96",
-     },
-    {
-     /* P-521 */
-     EC_GFp_nistp521_method,
-     521,
-     /* p */
-     "1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
-     /* a */
-     "1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc",
-     /* b */
-     "051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00",
-     /* Qx */
-     "0098e91eef9a68452822309c52fab453f5f117c1da8ed796b255e9ab8f6410cca16e59df403a6bdc6ca467a37056b1e54b3005d8ac030decfeb68df18b171885d5c4",
-     /* Qy */
-     "0164350c321aecfc1cca1ba4364c9b15656150b4b78d6a48d7d28e7f31985ef17be8554376b72900712c4b83ad668327231526e313f5f092999a4632fd50d946bc2e",
-     /* Gx */
-     "c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66",
-     /* Gy */
-     "11839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650",
-     /* order */
-     "1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409",
-     /* d */
-     "0100085f47b8e1b8b11b7eb33028c0b2888e304bfc98501955b45bba1478dc184eeedf09b86a5f7c21994406072787205e69a63709fe35aa93ba333514b24f961722",
-     },
-};
-
-static void nistp_single_test(const struct nistp_test_params *test)
-{
-    BN_CTX *ctx;
-    BIGNUM *p, *a, *b, *x, *y, *n, *m, *order;
-    EC_GROUP *NISTP;
-    EC_POINT *G, *P, *Q, *Q_CHECK;
-
-    fprintf(stdout, "\nNIST curve P-%d (optimised implementation):\n",
-            test->degree);
-    ctx = BN_CTX_new();
-    p = BN_new();
-    a = BN_new();
-    b = BN_new();
-    x = BN_new();
-    y = BN_new();
-    m = BN_new();
-    n = BN_new();
-    order = BN_new();
-
-    NISTP = EC_GROUP_new(test->meth());
-    if (!NISTP)
-        ABORT;
-    if (!BN_hex2bn(&p, test->p))
-        ABORT;
-    if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
-        ABORT;
-    if (!BN_hex2bn(&a, test->a))
-        ABORT;
-    if (!BN_hex2bn(&b, test->b))
-        ABORT;
-    if (!EC_GROUP_set_curve_GFp(NISTP, p, a, b, ctx))
-        ABORT;
-    G = EC_POINT_new(NISTP);
-    P = EC_POINT_new(NISTP);
-    Q = EC_POINT_new(NISTP);
-    Q_CHECK = EC_POINT_new(NISTP);
-    if (!BN_hex2bn(&x, test->Qx))
-        ABORT;
-    if (!BN_hex2bn(&y, test->Qy))
-        ABORT;
-    if (!EC_POINT_set_affine_coordinates_GFp(NISTP, Q_CHECK, x, y, ctx))
-        ABORT;
-    if (!BN_hex2bn(&x, test->Gx))
-        ABORT;
-    if (!BN_hex2bn(&y, test->Gy))
-        ABORT;
-    if (!EC_POINT_set_affine_coordinates_GFp(NISTP, G, x, y, ctx))
-        ABORT;
-    if (!BN_hex2bn(&order, test->order))
-        ABORT;
-    if (!EC_GROUP_set_generator(NISTP, G, order, BN_value_one()))
-        ABORT;
-
-    fprintf(stdout, "verify degree ... ");
-    if (EC_GROUP_get_degree(NISTP) != test->degree)
-        ABORT;
-    fprintf(stdout, "ok\n");
-
-    fprintf(stdout, "NIST test vectors ... ");
-    if (!BN_hex2bn(&n, test->d))
-        ABORT;
-    /* fixed point multiplication */
-    EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx);
-    if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
-        ABORT;
-    /* random point multiplication */
-    EC_POINT_mul(NISTP, Q, NULL, G, n, ctx);
-    if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
-        ABORT;
-
-    /* set generator to P = 2*G, where G is the standard generator */
-    if (!EC_POINT_dbl(NISTP, P, G, ctx))
-        ABORT;
-    if (!EC_GROUP_set_generator(NISTP, P, order, BN_value_one()))
-        ABORT;
-    /* set the scalar to m=n/2, where n is the NIST test scalar */
-    if (!BN_rshift(m, n, 1))
-        ABORT;
-
-    /* test the non-standard generator */
-    /* fixed point multiplication */
-    EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx);
-    if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
-        ABORT;
-    /* random point multiplication */
-    EC_POINT_mul(NISTP, Q, NULL, P, m, ctx);
-    if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
-        ABORT;
-
-    /*
-     * We have not performed precomputation so have_precompute mult should be
-     * false
-     */
-    if (EC_GROUP_have_precompute_mult(NISTP))
-        ABORT;
-
-    /* now repeat all tests with precomputation */
-    if (!EC_GROUP_precompute_mult(NISTP, ctx))
-        ABORT;
-    if (!EC_GROUP_have_precompute_mult(NISTP))
-        ABORT;
-
-    /* fixed point multiplication */
-    EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx);
-    if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
-        ABORT;
-    /* random point multiplication */
-    EC_POINT_mul(NISTP, Q, NULL, P, m, ctx);
-    if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
-        ABORT;
-
-    /* reset generator */
-    if (!EC_GROUP_set_generator(NISTP, G, order, BN_value_one()))
-        ABORT;
-    /* fixed point multiplication */
-    EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx);
-    if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
-        ABORT;
-    /* random point multiplication */
-    EC_POINT_mul(NISTP, Q, NULL, G, n, ctx);
-    if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
-        ABORT;
-
-    fprintf(stdout, "ok\n");
-    group_order_tests(NISTP);
-#  if 0
-    timings(NISTP, TIMING_BASE_PT, ctx);
-    timings(NISTP, TIMING_RAND_PT, ctx);
-#  endif
-    EC_GROUP_free(NISTP);
-    EC_POINT_free(G);
-    EC_POINT_free(P);
-    EC_POINT_free(Q);
-    EC_POINT_free(Q_CHECK);
-    BN_free(n);
-    BN_free(m);
-    BN_free(p);
-    BN_free(a);
-    BN_free(b);
-    BN_free(x);
-    BN_free(y);
-    BN_free(order);
-    BN_CTX_free(ctx);
-}
-
-static void nistp_tests()
-{
-    unsigned i;
-
-    for (i = 0;
-         i < sizeof(nistp_tests_params) / sizeof(struct nistp_test_params);
-         i++) {
-        nistp_single_test(&nistp_tests_params[i]);
-    }
-}
-# endif
-
-static const char rnd_seed[] =
-    "string to make the random number generator think it has entropy";
-
-int main(int argc, char *argv[])
-{
-
-    /* enable memory leak checking unless explicitly disabled */
-    if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL)
-          && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))) {
-        CRYPTO_malloc_debug_init();
-        CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
-    } else {
-        /* OPENSSL_DEBUG_MEMORY=off */
-        CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
-    }
-    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-    ERR_load_crypto_strings();
-
-    RAND_seed(rnd_seed, sizeof(rnd_seed)); /* or BN_generate_prime may fail */
-
-    prime_field_tests();
-    puts("");
-# ifndef OPENSSL_NO_EC2M
-    char2_field_tests();
-# endif
-# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
-    nistp_tests();
-# endif
-    /* test the internal curves */
-    internal_curve_test();
-
-# ifndef OPENSSL_NO_ENGINE
-    ENGINE_cleanup();
-# endif
-    CRYPTO_cleanup_all_ex_data();
-    ERR_free_strings();
-    ERR_remove_thread_state(NULL);
-    CRYPTO_mem_leaks_fp(stderr);
-
-    return 0;
-}
-#endif
diff --git a/freebsd/crypto/openssl/crypto/ec/ecx_meth.c b/freebsd/crypto/openssl/crypto/ec/ecx_meth.c
new file mode 100644
index 00000000..afa19e4b
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/ec/ecx_meth.c
@@ -0,0 +1,842 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/ec.h>
+#include <openssl/rand.h>
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
+#include "ec_lcl.h"
+
+#define X25519_BITS          253
+#define X25519_SECURITY_BITS 128
+
+#define ED25519_SIGSIZE      64
+
+#define X448_BITS            448
+#define ED448_BITS           456
+#define X448_SECURITY_BITS   224
+
+#define ED448_SIGSIZE        114
+
+#define ISX448(id)      ((id) == EVP_PKEY_X448)
+#define IS25519(id)     ((id) == EVP_PKEY_X25519 || (id) == EVP_PKEY_ED25519)
+#define KEYLENID(id)    (IS25519(id) ? X25519_KEYLEN \
+                                     : ((id) == EVP_PKEY_X448 ? X448_KEYLEN \
+                                                              : ED448_KEYLEN))
+#define KEYLEN(p)       KEYLENID((p)->ameth->pkey_id)
+
+
+typedef enum {
+    KEY_OP_PUBLIC,
+    KEY_OP_PRIVATE,
+    KEY_OP_KEYGEN
+} ecx_key_op_t;
+
+/* Setup EVP_PKEY using public, private or generation */
+static int ecx_key_op(EVP_PKEY *pkey, int id, const X509_ALGOR *palg,
+                      const unsigned char *p, int plen, ecx_key_op_t op)
+{
+    ECX_KEY *key = NULL;
+    unsigned char *privkey, *pubkey;
+
+    if (op != KEY_OP_KEYGEN) {
+        if (palg != NULL) {
+            int ptype;
+
+            /* Algorithm parameters must be absent */
+            X509_ALGOR_get0(NULL, &ptype, NULL, palg);
+            if (ptype != V_ASN1_UNDEF) {
+                ECerr(EC_F_ECX_KEY_OP, EC_R_INVALID_ENCODING);
+                return 0;
+            }
+        }
+
+        if (p == NULL || plen != KEYLENID(id)) {
+            ECerr(EC_F_ECX_KEY_OP, EC_R_INVALID_ENCODING);
+            return 0;
+        }
+    }
+
+    key = OPENSSL_zalloc(sizeof(*key));
+    if (key == NULL) {
+        ECerr(EC_F_ECX_KEY_OP, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    pubkey = key->pubkey;
+
+    if (op == KEY_OP_PUBLIC) {
+        memcpy(pubkey, p, plen);
+    } else {
+        privkey = key->privkey = OPENSSL_secure_malloc(KEYLENID(id));
+        if (privkey == NULL) {
+            ECerr(EC_F_ECX_KEY_OP, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (op == KEY_OP_KEYGEN) {
+            if (RAND_priv_bytes(privkey, KEYLENID(id)) <= 0) {
+                OPENSSL_secure_free(privkey);
+                key->privkey = NULL;
+                goto err;
+            }
+            if (id == EVP_PKEY_X25519) {
+                privkey[0] &= 248;
+                privkey[X25519_KEYLEN - 1] &= 127;
+                privkey[X25519_KEYLEN - 1] |= 64;
+            } else if (id == EVP_PKEY_X448) {
+                privkey[0] &= 252;
+                privkey[X448_KEYLEN - 1] |= 128;
+            }
+        } else {
+            memcpy(privkey, p, KEYLENID(id));
+        }
+        switch (id) {
+        case EVP_PKEY_X25519:
+            X25519_public_from_private(pubkey, privkey);
+            break;
+        case EVP_PKEY_ED25519:
+            ED25519_public_from_private(pubkey, privkey);
+            break;
+        case EVP_PKEY_X448:
+            X448_public_from_private(pubkey, privkey);
+            break;
+        case EVP_PKEY_ED448:
+            ED448_public_from_private(pubkey, privkey);
+            break;
+        }
+    }
+
+    EVP_PKEY_assign(pkey, id, key);
+    return 1;
+ err:
+    OPENSSL_free(key);
+    return 0;
+}
+
+static int ecx_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
+{
+    const ECX_KEY *ecxkey = pkey->pkey.ecx;
+    unsigned char *penc;
+
+    if (ecxkey == NULL) {
+        ECerr(EC_F_ECX_PUB_ENCODE, EC_R_INVALID_KEY);
+        return 0;
+    }
+
+    penc = OPENSSL_memdup(ecxkey->pubkey, KEYLEN(pkey));
+    if (penc == NULL) {
+        ECerr(EC_F_ECX_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    if (!X509_PUBKEY_set0_param(pk, OBJ_nid2obj(pkey->ameth->pkey_id),
+                                V_ASN1_UNDEF, NULL, penc, KEYLEN(pkey))) {
+        OPENSSL_free(penc);
+        ECerr(EC_F_ECX_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    return 1;
+}
+
+static int ecx_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
+{
+    const unsigned char *p;
+    int pklen;
+    X509_ALGOR *palg;
+
+    if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
+        return 0;
+    return ecx_key_op(pkey, pkey->ameth->pkey_id, palg, p, pklen,
+                      KEY_OP_PUBLIC);
+}
+
+static int ecx_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+    const ECX_KEY *akey = a->pkey.ecx;
+    const ECX_KEY *bkey = b->pkey.ecx;
+
+    if (akey == NULL || bkey == NULL)
+        return -2;
+
+    return CRYPTO_memcmp(akey->pubkey, bkey->pubkey, KEYLEN(a)) == 0;
+}
+
+static int ecx_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
+{
+    const unsigned char *p;
+    int plen;
+    ASN1_OCTET_STRING *oct = NULL;
+    const X509_ALGOR *palg;
+    int rv;
+
+    if (!PKCS8_pkey_get0(NULL, &p, &plen, &palg, p8))
+        return 0;
+
+    oct = d2i_ASN1_OCTET_STRING(NULL, &p, plen);
+    if (oct == NULL) {
+        p = NULL;
+        plen = 0;
+    } else {
+        p = ASN1_STRING_get0_data(oct);
+        plen = ASN1_STRING_length(oct);
+    }
+
+    rv = ecx_key_op(pkey, pkey->ameth->pkey_id, palg, p, plen, KEY_OP_PRIVATE);
+    ASN1_OCTET_STRING_free(oct);
+    return rv;
+}
+
+static int ecx_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
+{
+    const ECX_KEY *ecxkey = pkey->pkey.ecx;
+    ASN1_OCTET_STRING oct;
+    unsigned char *penc = NULL;
+    int penclen;
+
+    if (ecxkey == NULL || ecxkey->privkey == NULL) {
+        ECerr(EC_F_ECX_PRIV_ENCODE, EC_R_INVALID_PRIVATE_KEY);
+        return 0;
+    }
+
+    oct.data = ecxkey->privkey;
+    oct.length = KEYLEN(pkey);
+    oct.flags = 0;
+
+    penclen = i2d_ASN1_OCTET_STRING(&oct, &penc);
+    if (penclen < 0) {
+        ECerr(EC_F_ECX_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(pkey->ameth->pkey_id), 0,
+                         V_ASN1_UNDEF, NULL, penc, penclen)) {
+        OPENSSL_clear_free(penc, penclen);
+        ECerr(EC_F_ECX_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    return 1;
+}
+
+static int ecx_size(const EVP_PKEY *pkey)
+{
+    return KEYLEN(pkey);
+}
+
+static int ecx_bits(const EVP_PKEY *pkey)
+{
+    if (IS25519(pkey->ameth->pkey_id)) {
+        return X25519_BITS;
+    } else if(ISX448(pkey->ameth->pkey_id)) {
+        return X448_BITS;
+    } else {
+        return ED448_BITS;
+    }
+}
+
+static int ecx_security_bits(const EVP_PKEY *pkey)
+{
+    if (IS25519(pkey->ameth->pkey_id)) {
+        return X25519_SECURITY_BITS;
+    } else {
+        return X448_SECURITY_BITS;
+    }
+}
+
+static void ecx_free(EVP_PKEY *pkey)
+{
+    if (pkey->pkey.ecx != NULL)
+        OPENSSL_secure_clear_free(pkey->pkey.ecx->privkey, KEYLEN(pkey));
+    OPENSSL_free(pkey->pkey.ecx);
+}
+
+/* "parameters" are always equal */
+static int ecx_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+    return 1;
+}
+
+static int ecx_key_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                         ASN1_PCTX *ctx, ecx_key_op_t op)
+{
+    const ECX_KEY *ecxkey = pkey->pkey.ecx;
+    const char *nm = OBJ_nid2ln(pkey->ameth->pkey_id);
+
+    if (op == KEY_OP_PRIVATE) {
+        if (ecxkey == NULL || ecxkey->privkey == NULL) {
+            if (BIO_printf(bp, "%*s<INVALID PRIVATE KEY>\n", indent, "") <= 0)
+                return 0;
+            return 1;
+        }
+        if (BIO_printf(bp, "%*s%s Private-Key:\n", indent, "", nm) <= 0)
+            return 0;
+        if (BIO_printf(bp, "%*spriv:\n", indent, "") <= 0)
+            return 0;
+        if (ASN1_buf_print(bp, ecxkey->privkey, KEYLEN(pkey),
+                           indent + 4) == 0)
+            return 0;
+    } else {
+        if (ecxkey == NULL) {
+            if (BIO_printf(bp, "%*s<INVALID PUBLIC KEY>\n", indent, "") <= 0)
+                return 0;
+            return 1;
+        }
+        if (BIO_printf(bp, "%*s%s Public-Key:\n", indent, "", nm) <= 0)
+            return 0;
+    }
+    if (BIO_printf(bp, "%*spub:\n", indent, "") <= 0)
+        return 0;
+
+    if (ASN1_buf_print(bp, ecxkey->pubkey, KEYLEN(pkey),
+                       indent + 4) == 0)
+        return 0;
+    return 1;
+}
+
+static int ecx_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                          ASN1_PCTX *ctx)
+{
+    return ecx_key_print(bp, pkey, indent, ctx, KEY_OP_PRIVATE);
+}
+
+static int ecx_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                         ASN1_PCTX *ctx)
+{
+    return ecx_key_print(bp, pkey, indent, ctx, KEY_OP_PUBLIC);
+}
+
+static int ecx_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+{
+    switch (op) {
+
+    case ASN1_PKEY_CTRL_SET1_TLS_ENCPT:
+        return ecx_key_op(pkey, pkey->ameth->pkey_id, NULL, arg2, arg1,
+                          KEY_OP_PUBLIC);
+
+    case ASN1_PKEY_CTRL_GET1_TLS_ENCPT:
+        if (pkey->pkey.ecx != NULL) {
+            unsigned char **ppt = arg2;
+
+            *ppt = OPENSSL_memdup(pkey->pkey.ecx->pubkey, KEYLEN(pkey));
+            if (*ppt != NULL)
+                return KEYLEN(pkey);
+        }
+        return 0;
+
+    default:
+        return -2;
+
+    }
+}
+
+static int ecd_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+{
+    switch (op) {
+    case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
+        /* We currently only support Pure EdDSA which takes no digest */
+        *(int *)arg2 = NID_undef;
+        return 2;
+
+    default:
+        return -2;
+
+    }
+}
+
+static int ecx_set_priv_key(EVP_PKEY *pkey, const unsigned char *priv,
+                            size_t len)
+{
+    return ecx_key_op(pkey, pkey->ameth->pkey_id, NULL, priv, len,
+                       KEY_OP_PRIVATE);
+}
+
+static int ecx_set_pub_key(EVP_PKEY *pkey, const unsigned char *pub, size_t len)
+{
+    return ecx_key_op(pkey, pkey->ameth->pkey_id, NULL, pub, len,
+                      KEY_OP_PUBLIC);
+}
+
+static int ecx_get_priv_key(const EVP_PKEY *pkey, unsigned char *priv,
+                            size_t *len)
+{
+    const ECX_KEY *key = pkey->pkey.ecx;
+
+    if (priv == NULL) {
+        *len = KEYLENID(pkey->ameth->pkey_id);
+        return 1;
+    }
+
+    if (key == NULL
+            || key->privkey == NULL
+            || *len < (size_t)KEYLENID(pkey->ameth->pkey_id))
+        return 0;
+
+    *len = KEYLENID(pkey->ameth->pkey_id);
+    memcpy(priv, key->privkey, *len);
+
+    return 1;
+}
+
+static int ecx_get_pub_key(const EVP_PKEY *pkey, unsigned char *pub,
+                           size_t *len)
+{
+    const ECX_KEY *key = pkey->pkey.ecx;
+
+    if (pub == NULL) {
+        *len = KEYLENID(pkey->ameth->pkey_id);
+        return 1;
+    }
+
+    if (key == NULL
+            || *len < (size_t)KEYLENID(pkey->ameth->pkey_id))
+        return 0;
+
+    *len = KEYLENID(pkey->ameth->pkey_id);
+    memcpy(pub, key->pubkey, *len);
+
+    return 1;
+}
+
+const EVP_PKEY_ASN1_METHOD ecx25519_asn1_meth = {
+    EVP_PKEY_X25519,
+    EVP_PKEY_X25519,
+    0,
+    "X25519",
+    "OpenSSL X25519 algorithm",
+
+    ecx_pub_decode,
+    ecx_pub_encode,
+    ecx_pub_cmp,
+    ecx_pub_print,
+
+    ecx_priv_decode,
+    ecx_priv_encode,
+    ecx_priv_print,
+
+    ecx_size,
+    ecx_bits,
+    ecx_security_bits,
+
+    0, 0, 0, 0,
+    ecx_cmp_parameters,
+    0, 0,
+
+    ecx_free,
+    ecx_ctrl,
+    NULL,
+    NULL,
+
+    NULL,
+    NULL,
+    NULL,
+
+    NULL,
+    NULL,
+    NULL,
+
+    ecx_set_priv_key,
+    ecx_set_pub_key,
+    ecx_get_priv_key,
+    ecx_get_pub_key,
+};
+
+const EVP_PKEY_ASN1_METHOD ecx448_asn1_meth = {
+    EVP_PKEY_X448,
+    EVP_PKEY_X448,
+    0,
+    "X448",
+    "OpenSSL X448 algorithm",
+
+    ecx_pub_decode,
+    ecx_pub_encode,
+    ecx_pub_cmp,
+    ecx_pub_print,
+
+    ecx_priv_decode,
+    ecx_priv_encode,
+    ecx_priv_print,
+
+    ecx_size,
+    ecx_bits,
+    ecx_security_bits,
+
+    0, 0, 0, 0,
+    ecx_cmp_parameters,
+    0, 0,
+
+    ecx_free,
+    ecx_ctrl,
+    NULL,
+    NULL,
+
+    NULL,
+    NULL,
+    NULL,
+
+    NULL,
+    NULL,
+    NULL,
+
+    ecx_set_priv_key,
+    ecx_set_pub_key,
+    ecx_get_priv_key,
+    ecx_get_pub_key,
+};
+
+static int ecd_size25519(const EVP_PKEY *pkey)
+{
+    return ED25519_SIGSIZE;
+}
+
+static int ecd_size448(const EVP_PKEY *pkey)
+{
+    return ED448_SIGSIZE;
+}
+
+static int ecd_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+                           X509_ALGOR *sigalg, ASN1_BIT_STRING *str,
+                           EVP_PKEY *pkey)
+{
+    const ASN1_OBJECT *obj;
+    int ptype;
+    int nid;
+
+    /* Sanity check: make sure it is ED25519/ED448 with absent parameters */
+    X509_ALGOR_get0(&obj, &ptype, NULL, sigalg);
+    nid = OBJ_obj2nid(obj);
+    if ((nid != NID_ED25519 && nid != NID_ED448) || ptype != V_ASN1_UNDEF) {
+        ECerr(EC_F_ECD_ITEM_VERIFY, EC_R_INVALID_ENCODING);
+        return 0;
+    }
+
+    if (!EVP_DigestVerifyInit(ctx, NULL, NULL, NULL, pkey))
+        return 0;
+
+    return 2;
+}
+
+static int ecd_item_sign25519(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+                              X509_ALGOR *alg1, X509_ALGOR *alg2,
+                              ASN1_BIT_STRING *str)
+{
+    /* Set algorithms identifiers */
+    X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_ED25519), V_ASN1_UNDEF, NULL);
+    if (alg2)
+        X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_ED25519), V_ASN1_UNDEF, NULL);
+    /* Algorithm idetifiers set: carry on as normal */
+    return 3;
+}
+
+static int ecd_sig_info_set25519(X509_SIG_INFO *siginf, const X509_ALGOR *alg,
+                                 const ASN1_STRING *sig)
+{
+    X509_SIG_INFO_set(siginf, NID_undef, NID_ED25519, X25519_SECURITY_BITS,
+                      X509_SIG_INFO_TLS);
+    return 1;
+}
+
+static int ecd_item_sign448(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+                            X509_ALGOR *alg1, X509_ALGOR *alg2,
+                            ASN1_BIT_STRING *str)
+{
+    /* Set algorithm identifier */
+    X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_ED448), V_ASN1_UNDEF, NULL);
+    if (alg2 != NULL)
+        X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_ED448), V_ASN1_UNDEF, NULL);
+    /* Algorithm identifier set: carry on as normal */
+    return 3;
+}
+
+static int ecd_sig_info_set448(X509_SIG_INFO *siginf, const X509_ALGOR *alg,
+                               const ASN1_STRING *sig)
+{
+    X509_SIG_INFO_set(siginf, NID_undef, NID_ED448, X448_SECURITY_BITS,
+                      X509_SIG_INFO_TLS);
+    return 1;
+}
+
+
+const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth = {
+    EVP_PKEY_ED25519,
+    EVP_PKEY_ED25519,
+    0,
+    "ED25519",
+    "OpenSSL ED25519 algorithm",
+
+    ecx_pub_decode,
+    ecx_pub_encode,
+    ecx_pub_cmp,
+    ecx_pub_print,
+
+    ecx_priv_decode,
+    ecx_priv_encode,
+    ecx_priv_print,
+
+    ecd_size25519,
+    ecx_bits,
+    ecx_security_bits,
+
+    0, 0, 0, 0,
+    ecx_cmp_parameters,
+    0, 0,
+
+    ecx_free,
+    ecd_ctrl,
+    NULL,
+    NULL,
+    ecd_item_verify,
+    ecd_item_sign25519,
+    ecd_sig_info_set25519,
+
+    NULL,
+    NULL,
+    NULL,
+
+    ecx_set_priv_key,
+    ecx_set_pub_key,
+    ecx_get_priv_key,
+    ecx_get_pub_key,
+};
+
+const EVP_PKEY_ASN1_METHOD ed448_asn1_meth = {
+    EVP_PKEY_ED448,
+    EVP_PKEY_ED448,
+    0,
+    "ED448",
+    "OpenSSL ED448 algorithm",
+
+    ecx_pub_decode,
+    ecx_pub_encode,
+    ecx_pub_cmp,
+    ecx_pub_print,
+
+    ecx_priv_decode,
+    ecx_priv_encode,
+    ecx_priv_print,
+
+    ecd_size448,
+    ecx_bits,
+    ecx_security_bits,
+
+    0, 0, 0, 0,
+    ecx_cmp_parameters,
+    0, 0,
+
+    ecx_free,
+    ecd_ctrl,
+    NULL,
+    NULL,
+    ecd_item_verify,
+    ecd_item_sign448,
+    ecd_sig_info_set448,
+
+    NULL,
+    NULL,
+    NULL,
+
+    ecx_set_priv_key,
+    ecx_set_pub_key,
+    ecx_get_priv_key,
+    ecx_get_pub_key,
+};
+
+static int pkey_ecx_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+    return ecx_key_op(pkey, ctx->pmeth->pkey_id, NULL, NULL, 0, KEY_OP_KEYGEN);
+}
+
+static int validate_ecx_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
+                                          size_t *keylen,
+                                          const unsigned char **privkey,
+                                          const unsigned char **pubkey)
+{
+    const ECX_KEY *ecxkey, *peerkey;
+
+    if (ctx->pkey == NULL || ctx->peerkey == NULL) {
+        ECerr(EC_F_VALIDATE_ECX_DERIVE, EC_R_KEYS_NOT_SET);
+        return 0;
+    }
+    ecxkey = ctx->pkey->pkey.ecx;
+    peerkey = ctx->peerkey->pkey.ecx;
+    if (ecxkey == NULL || ecxkey->privkey == NULL) {
+        ECerr(EC_F_VALIDATE_ECX_DERIVE, EC_R_INVALID_PRIVATE_KEY);
+        return 0;
+    }
+    if (peerkey == NULL) {
+        ECerr(EC_F_VALIDATE_ECX_DERIVE, EC_R_INVALID_PEER_KEY);
+        return 0;
+    }
+    *privkey = ecxkey->privkey;
+    *pubkey = peerkey->pubkey;
+
+    return 1;
+}
+
+static int pkey_ecx_derive25519(EVP_PKEY_CTX *ctx, unsigned char *key,
+                                size_t *keylen)
+{
+    const unsigned char *privkey, *pubkey;
+
+    if (!validate_ecx_derive(ctx, key, keylen, &privkey, &pubkey)
+            || (key != NULL
+                && X25519(key, privkey, pubkey) == 0))
+        return 0;
+    *keylen = X25519_KEYLEN;
+    return 1;
+}
+
+static int pkey_ecx_derive448(EVP_PKEY_CTX *ctx, unsigned char *key,
+                              size_t *keylen)
+{
+    const unsigned char *privkey, *pubkey;
+
+    if (!validate_ecx_derive(ctx, key, keylen, &privkey, &pubkey)
+            || (key != NULL
+                && X448(key, privkey, pubkey) == 0))
+        return 0;
+    *keylen = X448_KEYLEN;
+    return 1;
+}
+
+static int pkey_ecx_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    /* Only need to handle peer key for derivation */
+    if (type == EVP_PKEY_CTRL_PEER_KEY)
+        return 1;
+    return -2;
+}
+
+const EVP_PKEY_METHOD ecx25519_pkey_meth = {
+    EVP_PKEY_X25519,
+    0, 0, 0, 0, 0, 0, 0,
+    pkey_ecx_keygen,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    pkey_ecx_derive25519,
+    pkey_ecx_ctrl,
+    0
+};
+
+const EVP_PKEY_METHOD ecx448_pkey_meth = {
+    EVP_PKEY_X448,
+    0, 0, 0, 0, 0, 0, 0,
+    pkey_ecx_keygen,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    pkey_ecx_derive448,
+    pkey_ecx_ctrl,
+    0
+};
+
+static int pkey_ecd_digestsign25519(EVP_MD_CTX *ctx, unsigned char *sig,
+                                    size_t *siglen, const unsigned char *tbs,
+                                    size_t tbslen)
+{
+    const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx;
+
+    if (sig == NULL) {
+        *siglen = ED25519_SIGSIZE;
+        return 1;
+    }
+    if (*siglen < ED25519_SIGSIZE) {
+        ECerr(EC_F_PKEY_ECD_DIGESTSIGN25519, EC_R_BUFFER_TOO_SMALL);
+        return 0;
+    }
+
+    if (ED25519_sign(sig, tbs, tbslen, edkey->pubkey, edkey->privkey) == 0)
+        return 0;
+    *siglen = ED25519_SIGSIZE;
+    return 1;
+}
+
+static int pkey_ecd_digestsign448(EVP_MD_CTX *ctx, unsigned char *sig,
+                                  size_t *siglen, const unsigned char *tbs,
+                                  size_t tbslen)
+{
+    const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx;
+
+    if (sig == NULL) {
+        *siglen = ED448_SIGSIZE;
+        return 1;
+    }
+    if (*siglen < ED448_SIGSIZE) {
+        ECerr(EC_F_PKEY_ECD_DIGESTSIGN448, EC_R_BUFFER_TOO_SMALL);
+        return 0;
+    }
+
+    if (ED448_sign(sig, tbs, tbslen, edkey->pubkey, edkey->privkey, NULL,
+                   0) == 0)
+        return 0;
+    *siglen = ED448_SIGSIZE;
+    return 1;
+}
+
+static int pkey_ecd_digestverify25519(EVP_MD_CTX *ctx, const unsigned char *sig,
+                                      size_t siglen, const unsigned char *tbs,
+                                      size_t tbslen)
+{
+    const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx;
+
+    if (siglen != ED25519_SIGSIZE)
+        return 0;
+
+    return ED25519_verify(tbs, tbslen, sig, edkey->pubkey);
+}
+
+static int pkey_ecd_digestverify448(EVP_MD_CTX *ctx, const unsigned char *sig,
+                                    size_t siglen, const unsigned char *tbs,
+                                    size_t tbslen)
+{
+    const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx;
+
+    if (siglen != ED448_SIGSIZE)
+        return 0;
+
+    return ED448_verify(tbs, tbslen, sig, edkey->pubkey, NULL, 0);
+}
+
+static int pkey_ecd_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    switch (type) {
+    case EVP_PKEY_CTRL_MD:
+        /* Only NULL allowed as digest */
+        if (p2 == NULL || (const EVP_MD *)p2 == EVP_md_null())
+            return 1;
+        ECerr(EC_F_PKEY_ECD_CTRL, EC_R_INVALID_DIGEST_TYPE);
+        return 0;
+
+    case EVP_PKEY_CTRL_DIGESTINIT:
+        return 1;
+    }
+    return -2;
+}
+
+const EVP_PKEY_METHOD ed25519_pkey_meth = {
+    EVP_PKEY_ED25519, EVP_PKEY_FLAG_SIGCTX_CUSTOM,
+    0, 0, 0, 0, 0, 0,
+    pkey_ecx_keygen,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    pkey_ecd_ctrl,
+    0,
+    pkey_ecd_digestsign25519,
+    pkey_ecd_digestverify25519
+};
+
+const EVP_PKEY_METHOD ed448_pkey_meth = {
+    EVP_PKEY_ED448, EVP_PKEY_FLAG_SIGCTX_CUSTOM,
+    0, 0, 0, 0, 0, 0,
+    pkey_ecx_keygen,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    pkey_ecd_ctrl,
+    0,
+    pkey_ecd_digestsign448,
+    pkey_ecd_digestverify448
+};
diff --git a/freebsd/crypto/openssl/crypto/ecdh/ecdh.h b/freebsd/crypto/openssl/crypto/ecdh/ecdh.h
deleted file mode 100644
index 25348b30..00000000
--- a/freebsd/crypto/openssl/crypto/ecdh/ecdh.h
+++ /dev/null
@@ -1,134 +0,0 @@
-/* crypto/ecdh/ecdh.h */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
- * to the OpenSSL project.
- *
- * The ECC Code is licensed pursuant to the OpenSSL open source
- * license provided below.
- *
- * The ECDH software is originally written by Douglas Stebila of
- * Sun Microsystems Laboratories.
- *
- */
-/* ====================================================================
- * Copyright (c) 2000-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#ifndef HEADER_ECDH_H
-# define HEADER_ECDH_H
-
-# include <openssl/opensslconf.h>
-
-# ifdef OPENSSL_NO_ECDH
-#  error ECDH is disabled.
-# endif
-
-# include <openssl/ec.h>
-# include <openssl/ossl_typ.h>
-# ifndef OPENSSL_NO_DEPRECATED
-#  include <openssl/bn.h>
-# endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-# define EC_FLAG_COFACTOR_ECDH   0x1000
-
-const ECDH_METHOD *ECDH_OpenSSL(void);
-
-void ECDH_set_default_method(const ECDH_METHOD *);
-const ECDH_METHOD *ECDH_get_default_method(void);
-int ECDH_set_method(EC_KEY *, const ECDH_METHOD *);
-
-int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
-                     EC_KEY *ecdh, void *(*KDF) (const void *in, size_t inlen,
-                                                 void *out, size_t *outlen));
-
-int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new
-                          *new_func, CRYPTO_EX_dup *dup_func,
-                          CRYPTO_EX_free *free_func);
-int ECDH_set_ex_data(EC_KEY *d, int idx, void *arg);
-void *ECDH_get_ex_data(EC_KEY *d, int idx);
-
-int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
-                   const unsigned char *Z, size_t Zlen,
-                   const unsigned char *sinfo, size_t sinfolen,
-                   const EVP_MD *md);
-
-/* BEGIN ERROR CODES */
-/*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_ECDH_strings(void);
-
-/* Error codes for the ECDH functions. */
-
-/* Function codes. */
-# define ECDH_F_ECDH_CHECK                                102
-# define ECDH_F_ECDH_COMPUTE_KEY                          100
-# define ECDH_F_ECDH_DATA_NEW_METHOD                      101
-
-/* Reason codes. */
-# define ECDH_R_KDF_FAILED                                102
-# define ECDH_R_NON_FIPS_METHOD                           103
-# define ECDH_R_NO_PRIVATE_VALUE                          100
-# define ECDH_R_POINT_ARITHMETIC_FAILURE                  101
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/freebsd/crypto/openssl/crypto/ecdh/ecdhtest.c b/freebsd/crypto/openssl/crypto/ecdh/ecdhtest.c
deleted file mode 100644
index b29cb23e..00000000
--- a/freebsd/crypto/openssl/crypto/ecdh/ecdhtest.c
+++ /dev/null
@@ -1,582 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/ecdh/ecdhtest.c */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
- * to the OpenSSL project.
- *
- * The ECC Code is licensed pursuant to the OpenSSL open source
- * license provided below.
- *
- * The ECDH software is originally written by Douglas Stebila of
- * Sun Microsystems Laboratories.
- *
- */
-/* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "../e_os.h"
-
-#include <openssl/opensslconf.h> /* for OPENSSL_NO_ECDH */
-#include <openssl/crypto.h>
-#include <openssl/bio.h>
-#include <openssl/bn.h>
-#include <openssl/objects.h>
-#include <openssl/rand.h>
-#include <openssl/sha.h>
-#include <openssl/err.h>
-
-#ifdef OPENSSL_NO_ECDH
-int main(int argc, char *argv[])
-{
-    printf("No ECDH support\n");
-    return (0);
-}
-#else
-# include <openssl/ec.h>
-# include <openssl/ecdh.h>
-
-# ifdef OPENSSL_SYS_WIN16
-#  define MS_CALLBACK     _far _loadds
-# else
-#  define MS_CALLBACK
-# endif
-
-# if 0
-static void MS_CALLBACK cb(int p, int n, void *arg);
-# endif
-
-static const char rnd_seed[] =
-    "string to make the random number generator think it has entropy";
-
-static const int KDF1_SHA1_len = 20;
-static void *KDF1_SHA1(const void *in, size_t inlen, void *out,
-                       size_t *outlen)
-{
-# ifndef OPENSSL_NO_SHA
-    if (*outlen < SHA_DIGEST_LENGTH)
-        return NULL;
-    else
-        *outlen = SHA_DIGEST_LENGTH;
-    return SHA1(in, inlen, out);
-# else
-    return NULL;
-# endif
-}
-
-static int test_ecdh_curve(int nid, const char *text, BN_CTX *ctx, BIO *out)
-{
-    EC_KEY *a = NULL;
-    EC_KEY *b = NULL;
-    BIGNUM *x_a = NULL, *y_a = NULL, *x_b = NULL, *y_b = NULL;
-    char buf[12];
-    unsigned char *abuf = NULL, *bbuf = NULL;
-    int i, alen, blen, aout, bout, ret = 0;
-    const EC_GROUP *group;
-
-    a = EC_KEY_new_by_curve_name(nid);
-    b = EC_KEY_new_by_curve_name(nid);
-    if (a == NULL || b == NULL)
-        goto err;
-
-    group = EC_KEY_get0_group(a);
-
-    if ((x_a = BN_new()) == NULL)
-        goto err;
-    if ((y_a = BN_new()) == NULL)
-        goto err;
-    if ((x_b = BN_new()) == NULL)
-        goto err;
-    if ((y_b = BN_new()) == NULL)
-        goto err;
-
-    BIO_puts(out, "Testing key generation with ");
-    BIO_puts(out, text);
-# ifdef NOISY
-    BIO_puts(out, "\n");
-# else
-    (void)BIO_flush(out);
-# endif
-
-    if (!EC_KEY_generate_key(a))
-        goto err;
-
-    if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
-        NID_X9_62_prime_field) {
-        if (!EC_POINT_get_affine_coordinates_GFp
-            (group, EC_KEY_get0_public_key(a), x_a, y_a, ctx))
-            goto err;
-    }
-# ifndef OPENSSL_NO_EC2M
-    else {
-        if (!EC_POINT_get_affine_coordinates_GF2m(group,
-                                                  EC_KEY_get0_public_key(a),
-                                                  x_a, y_a, ctx))
-            goto err;
-    }
-# endif
-# ifdef NOISY
-    BIO_puts(out, "  pri 1=");
-    BN_print(out, a->priv_key);
-    BIO_puts(out, "\n  pub 1=");
-    BN_print(out, x_a);
-    BIO_puts(out, ",");
-    BN_print(out, y_a);
-    BIO_puts(out, "\n");
-# else
-    BIO_printf(out, " .");
-    (void)BIO_flush(out);
-# endif
-
-    if (!EC_KEY_generate_key(b))
-        goto err;
-
-    if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
-        NID_X9_62_prime_field) {
-        if (!EC_POINT_get_affine_coordinates_GFp
-            (group, EC_KEY_get0_public_key(b), x_b, y_b, ctx))
-            goto err;
-    }
-# ifndef OPENSSL_NO_EC2M
-    else {
-        if (!EC_POINT_get_affine_coordinates_GF2m(group,
-                                                  EC_KEY_get0_public_key(b),
-                                                  x_b, y_b, ctx))
-            goto err;
-    }
-# endif
-
-# ifdef NOISY
-    BIO_puts(out, "  pri 2=");
-    BN_print(out, b->priv_key);
-    BIO_puts(out, "\n  pub 2=");
-    BN_print(out, x_b);
-    BIO_puts(out, ",");
-    BN_print(out, y_b);
-    BIO_puts(out, "\n");
-# else
-    BIO_printf(out, ".");
-    (void)BIO_flush(out);
-# endif
-
-    alen = KDF1_SHA1_len;
-    abuf = (unsigned char *)OPENSSL_malloc(alen);
-    aout =
-        ECDH_compute_key(abuf, alen, EC_KEY_get0_public_key(b), a, KDF1_SHA1);
-
-# ifdef NOISY
-    BIO_puts(out, "  key1 =");
-    for (i = 0; i < aout; i++) {
-        sprintf(buf, "%02X", abuf[i]);
-        BIO_puts(out, buf);
-    }
-    BIO_puts(out, "\n");
-# else
-    BIO_printf(out, ".");
-    (void)BIO_flush(out);
-# endif
-
-    blen = KDF1_SHA1_len;
-    bbuf = (unsigned char *)OPENSSL_malloc(blen);
-    bout =
-        ECDH_compute_key(bbuf, blen, EC_KEY_get0_public_key(a), b, KDF1_SHA1);
-
-# ifdef NOISY
-    BIO_puts(out, "  key2 =");
-    for (i = 0; i < bout; i++) {
-        sprintf(buf, "%02X", bbuf[i]);
-        BIO_puts(out, buf);
-    }
-    BIO_puts(out, "\n");
-# else
-    BIO_printf(out, ".");
-    (void)BIO_flush(out);
-# endif
-
-    if ((aout < 4) || (bout != aout) || (memcmp(abuf, bbuf, aout) != 0)) {
-# ifndef NOISY
-        BIO_printf(out, " failed\n\n");
-        BIO_printf(out, "key a:\n");
-        BIO_printf(out, "private key: ");
-        BN_print(out, EC_KEY_get0_private_key(a));
-        BIO_printf(out, "\n");
-        BIO_printf(out, "public key (x,y): ");
-        BN_print(out, x_a);
-        BIO_printf(out, ",");
-        BN_print(out, y_a);
-        BIO_printf(out, "\nkey b:\n");
-        BIO_printf(out, "private key: ");
-        BN_print(out, EC_KEY_get0_private_key(b));
-        BIO_printf(out, "\n");
-        BIO_printf(out, "public key (x,y): ");
-        BN_print(out, x_b);
-        BIO_printf(out, ",");
-        BN_print(out, y_b);
-        BIO_printf(out, "\n");
-        BIO_printf(out, "generated key a: ");
-        for (i = 0; i < bout; i++) {
-            sprintf(buf, "%02X", bbuf[i]);
-            BIO_puts(out, buf);
-        }
-        BIO_printf(out, "\n");
-        BIO_printf(out, "generated key b: ");
-        for (i = 0; i < aout; i++) {
-            sprintf(buf, "%02X", abuf[i]);
-            BIO_puts(out, buf);
-        }
-        BIO_printf(out, "\n");
-# endif
-        fprintf(stderr, "Error in ECDH routines\n");
-        ret = 0;
-    } else {
-# ifndef NOISY
-        BIO_printf(out, " ok\n");
-# endif
-        ret = 1;
-    }
- err:
-    ERR_print_errors_fp(stderr);
-
-    if (abuf != NULL)
-        OPENSSL_free(abuf);
-    if (bbuf != NULL)
-        OPENSSL_free(bbuf);
-    if (x_a)
-        BN_free(x_a);
-    if (y_a)
-        BN_free(y_a);
-    if (x_b)
-        BN_free(x_b);
-    if (y_b)
-        BN_free(y_b);
-    if (b)
-        EC_KEY_free(b);
-    if (a)
-        EC_KEY_free(a);
-    return (ret);
-}
-
-/* Keys and shared secrets from RFC 7027 */
-
-static const unsigned char bp256_da[] = {
-    0x81, 0xDB, 0x1E, 0xE1, 0x00, 0x15, 0x0F, 0xF2, 0xEA, 0x33, 0x8D, 0x70,
-    0x82, 0x71, 0xBE, 0x38, 0x30, 0x0C, 0xB5, 0x42, 0x41, 0xD7, 0x99, 0x50,
-    0xF7, 0x7B, 0x06, 0x30, 0x39, 0x80, 0x4F, 0x1D
-};
-
-static const unsigned char bp256_db[] = {
-    0x55, 0xE4, 0x0B, 0xC4, 0x1E, 0x37, 0xE3, 0xE2, 0xAD, 0x25, 0xC3, 0xC6,
-    0x65, 0x45, 0x11, 0xFF, 0xA8, 0x47, 0x4A, 0x91, 0xA0, 0x03, 0x20, 0x87,
-    0x59, 0x38, 0x52, 0xD3, 0xE7, 0xD7, 0x6B, 0xD3
-};
-
-static const unsigned char bp256_Z[] = {
-    0x89, 0xAF, 0xC3, 0x9D, 0x41, 0xD3, 0xB3, 0x27, 0x81, 0x4B, 0x80, 0x94,
-    0x0B, 0x04, 0x25, 0x90, 0xF9, 0x65, 0x56, 0xEC, 0x91, 0xE6, 0xAE, 0x79,
-    0x39, 0xBC, 0xE3, 0x1F, 0x3A, 0x18, 0xBF, 0x2B
-};
-
-static const unsigned char bp384_da[] = {
-    0x1E, 0x20, 0xF5, 0xE0, 0x48, 0xA5, 0x88, 0x6F, 0x1F, 0x15, 0x7C, 0x74,
-    0xE9, 0x1B, 0xDE, 0x2B, 0x98, 0xC8, 0xB5, 0x2D, 0x58, 0xE5, 0x00, 0x3D,
-    0x57, 0x05, 0x3F, 0xC4, 0xB0, 0xBD, 0x65, 0xD6, 0xF1, 0x5E, 0xB5, 0xD1,
-    0xEE, 0x16, 0x10, 0xDF, 0x87, 0x07, 0x95, 0x14, 0x36, 0x27, 0xD0, 0x42
-};
-
-static const unsigned char bp384_db[] = {
-    0x03, 0x26, 0x40, 0xBC, 0x60, 0x03, 0xC5, 0x92, 0x60, 0xF7, 0x25, 0x0C,
-    0x3D, 0xB5, 0x8C, 0xE6, 0x47, 0xF9, 0x8E, 0x12, 0x60, 0xAC, 0xCE, 0x4A,
-    0xCD, 0xA3, 0xDD, 0x86, 0x9F, 0x74, 0xE0, 0x1F, 0x8B, 0xA5, 0xE0, 0x32,
-    0x43, 0x09, 0xDB, 0x6A, 0x98, 0x31, 0x49, 0x7A, 0xBA, 0xC9, 0x66, 0x70
-};
-
-static const unsigned char bp384_Z[] = {
-    0x0B, 0xD9, 0xD3, 0xA7, 0xEA, 0x0B, 0x3D, 0x51, 0x9D, 0x09, 0xD8, 0xE4,
-    0x8D, 0x07, 0x85, 0xFB, 0x74, 0x4A, 0x6B, 0x35, 0x5E, 0x63, 0x04, 0xBC,
-    0x51, 0xC2, 0x29, 0xFB, 0xBC, 0xE2, 0x39, 0xBB, 0xAD, 0xF6, 0x40, 0x37,
-    0x15, 0xC3, 0x5D, 0x4F, 0xB2, 0xA5, 0x44, 0x4F, 0x57, 0x5D, 0x4F, 0x42
-};
-
-static const unsigned char bp512_da[] = {
-    0x16, 0x30, 0x2F, 0xF0, 0xDB, 0xBB, 0x5A, 0x8D, 0x73, 0x3D, 0xAB, 0x71,
-    0x41, 0xC1, 0xB4, 0x5A, 0xCB, 0xC8, 0x71, 0x59, 0x39, 0x67, 0x7F, 0x6A,
-    0x56, 0x85, 0x0A, 0x38, 0xBD, 0x87, 0xBD, 0x59, 0xB0, 0x9E, 0x80, 0x27,
-    0x96, 0x09, 0xFF, 0x33, 0x3E, 0xB9, 0xD4, 0xC0, 0x61, 0x23, 0x1F, 0xB2,
-    0x6F, 0x92, 0xEE, 0xB0, 0x49, 0x82, 0xA5, 0xF1, 0xD1, 0x76, 0x4C, 0xAD,
-    0x57, 0x66, 0x54, 0x22
-};
-
-static const unsigned char bp512_db[] = {
-    0x23, 0x0E, 0x18, 0xE1, 0xBC, 0xC8, 0x8A, 0x36, 0x2F, 0xA5, 0x4E, 0x4E,
-    0xA3, 0x90, 0x20, 0x09, 0x29, 0x2F, 0x7F, 0x80, 0x33, 0x62, 0x4F, 0xD4,
-    0x71, 0xB5, 0xD8, 0xAC, 0xE4, 0x9D, 0x12, 0xCF, 0xAB, 0xBC, 0x19, 0x96,
-    0x3D, 0xAB, 0x8E, 0x2F, 0x1E, 0xBA, 0x00, 0xBF, 0xFB, 0x29, 0xE4, 0xD7,
-    0x2D, 0x13, 0xF2, 0x22, 0x45, 0x62, 0xF4, 0x05, 0xCB, 0x80, 0x50, 0x36,
-    0x66, 0xB2, 0x54, 0x29
-};
-
-static const unsigned char bp512_Z[] = {
-    0xA7, 0x92, 0x70, 0x98, 0x65, 0x5F, 0x1F, 0x99, 0x76, 0xFA, 0x50, 0xA9,
-    0xD5, 0x66, 0x86, 0x5D, 0xC5, 0x30, 0x33, 0x18, 0x46, 0x38, 0x1C, 0x87,
-    0x25, 0x6B, 0xAF, 0x32, 0x26, 0x24, 0x4B, 0x76, 0xD3, 0x64, 0x03, 0xC0,
-    0x24, 0xD7, 0xBB, 0xF0, 0xAA, 0x08, 0x03, 0xEA, 0xFF, 0x40, 0x5D, 0x3D,
-    0x24, 0xF1, 0x1A, 0x9B, 0x5C, 0x0B, 0xEF, 0x67, 0x9F, 0xE1, 0x45, 0x4B,
-    0x21, 0xC4, 0xCD, 0x1F
-};
-
-/* Given private value and NID, create EC_KEY structure */
-
-static EC_KEY *mk_eckey(int nid, const unsigned char *p, size_t plen)
-{
-    int ok = 0;
-    EC_KEY *k = NULL;
-    BIGNUM *priv = NULL;
-    EC_POINT *pub = NULL;
-    const EC_GROUP *grp;
-    k = EC_KEY_new_by_curve_name(nid);
-    if (!k)
-        goto err;
-    priv = BN_bin2bn(p, plen, NULL);
-    if (!priv)
-        goto err;
-    if (!EC_KEY_set_private_key(k, priv))
-        goto err;
-    grp = EC_KEY_get0_group(k);
-    pub = EC_POINT_new(grp);
-    if (!pub)
-        goto err;
-    if (!EC_POINT_mul(grp, pub, priv, NULL, NULL, NULL))
-        goto err;
-    if (!EC_KEY_set_public_key(k, pub))
-        goto err;
-    ok = 1;
- err:
-    if (priv)
-        BN_clear_free(priv);
-    if (pub)
-        EC_POINT_free(pub);
-    if (ok)
-        return k;
-    else if (k)
-        EC_KEY_free(k);
-    return NULL;
-}
-
-/*
- * Known answer test: compute shared secret and check it matches expected
- * value.
- */
-
-static int ecdh_kat(BIO *out, const char *cname, int nid,
-                    const unsigned char *k1, size_t k1_len,
-                    const unsigned char *k2, size_t k2_len,
-                    const unsigned char *Z, size_t Zlen)
-{
-    int rv = 0;
-    EC_KEY *key1 = NULL, *key2 = NULL;
-    unsigned char *Ztmp = NULL;
-    size_t Ztmplen;
-    BIO_puts(out, "Testing ECDH shared secret with ");
-    BIO_puts(out, cname);
-    key1 = mk_eckey(nid, k1, k1_len);
-    key2 = mk_eckey(nid, k2, k2_len);
-    if (!key1 || !key2)
-        goto err;
-    Ztmplen = (EC_GROUP_get_degree(EC_KEY_get0_group(key1)) + 7) / 8;
-    if (Ztmplen != Zlen)
-        goto err;
-    Ztmp = OPENSSL_malloc(Ztmplen);
-    if (!ECDH_compute_key(Ztmp, Ztmplen,
-                          EC_KEY_get0_public_key(key2), key1, 0))
-        goto err;
-    if (memcmp(Ztmp, Z, Zlen))
-        goto err;
-    memset(Ztmp, 0, Zlen);
-    if (!ECDH_compute_key(Ztmp, Ztmplen,
-                          EC_KEY_get0_public_key(key1), key2, 0))
-        goto err;
-    if (memcmp(Ztmp, Z, Zlen))
-        goto err;
-    rv = 1;
- err:
-    if (key1)
-        EC_KEY_free(key1);
-    if (key2)
-        EC_KEY_free(key2);
-    if (Ztmp)
-        OPENSSL_free(Ztmp);
-    if (rv)
-        BIO_puts(out, " ok\n");
-    else {
-        fprintf(stderr, "Error in ECDH routines\n");
-        ERR_print_errors_fp(stderr);
-    }
-    return rv;
-}
-
-# define test_ecdh_kat(bio, curve, bits) \
-        ecdh_kat(bio, curve, NID_brainpoolP##bits##r1, \
-                bp##bits##_da, sizeof(bp##bits##_da), \
-                bp##bits##_db, sizeof(bp##bits##_db), \
-                bp##bits##_Z, sizeof(bp##bits##_Z))
-
-int main(int argc, char *argv[])
-{
-    BN_CTX *ctx = NULL;
-    int ret = 1;
-    BIO *out;
-
-    CRYPTO_malloc_debug_init();
-    CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
-    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
-# ifdef OPENSSL_SYS_WIN32
-    CRYPTO_malloc_init();
-# endif
-
-    RAND_seed(rnd_seed, sizeof(rnd_seed));
-
-    out = BIO_new(BIO_s_file());
-    if (out == NULL)
-        EXIT(1);
-    BIO_set_fp(out, stdout, BIO_NOCLOSE);
-
-    if ((ctx = BN_CTX_new()) == NULL)
-        goto err;
-
-    /* NIST PRIME CURVES TESTS */
-    if (!test_ecdh_curve
-        (NID_X9_62_prime192v1, "NIST Prime-Curve P-192", ctx, out))
-        goto err;
-    if (!test_ecdh_curve(NID_secp224r1, "NIST Prime-Curve P-224", ctx, out))
-        goto err;
-    if (!test_ecdh_curve
-        (NID_X9_62_prime256v1, "NIST Prime-Curve P-256", ctx, out))
-        goto err;
-    if (!test_ecdh_curve(NID_secp384r1, "NIST Prime-Curve P-384", ctx, out))
-        goto err;
-    if (!test_ecdh_curve(NID_secp521r1, "NIST Prime-Curve P-521", ctx, out))
-        goto err;
-# ifndef OPENSSL_NO_EC2M
-    /* NIST BINARY CURVES TESTS */
-    if (!test_ecdh_curve(NID_sect163k1, "NIST Binary-Curve K-163", ctx, out))
-        goto err;
-    if (!test_ecdh_curve(NID_sect163r2, "NIST Binary-Curve B-163", ctx, out))
-        goto err;
-    if (!test_ecdh_curve(NID_sect233k1, "NIST Binary-Curve K-233", ctx, out))
-        goto err;
-    if (!test_ecdh_curve(NID_sect233r1, "NIST Binary-Curve B-233", ctx, out))
-        goto err;
-    if (!test_ecdh_curve(NID_sect283k1, "NIST Binary-Curve K-283", ctx, out))
-        goto err;
-    if (!test_ecdh_curve(NID_sect283r1, "NIST Binary-Curve B-283", ctx, out))
-        goto err;
-    if (!test_ecdh_curve(NID_sect409k1, "NIST Binary-Curve K-409", ctx, out))
-        goto err;
-    if (!test_ecdh_curve(NID_sect409r1, "NIST Binary-Curve B-409", ctx, out))
-        goto err;
-    if (!test_ecdh_curve(NID_sect571k1, "NIST Binary-Curve K-571", ctx, out))
-        goto err;
-    if (!test_ecdh_curve(NID_sect571r1, "NIST Binary-Curve B-571", ctx, out))
-        goto err;
-# endif
-    if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP256r1", 256))
-        goto err;
-    if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP384r1", 384))
-        goto err;
-    if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP512r1", 512))
-        goto err;
-
-    ret = 0;
-
- err:
-    ERR_print_errors_fp(stderr);
-    if (ctx)
-        BN_CTX_free(ctx);
-    BIO_free(out);
-    CRYPTO_cleanup_all_ex_data();
-    ERR_remove_thread_state(NULL);
-    CRYPTO_mem_leaks_fp(stderr);
-    EXIT(ret);
-    return (ret);
-}
-
-# if 0
-static void MS_CALLBACK cb(int p, int n, void *arg)
-{
-    char c = '*';
-
-    if (p == 0)
-        c = '.';
-    if (p == 1)
-        c = '+';
-    if (p == 2)
-        c = '*';
-    if (p == 3)
-        c = '\n';
-    BIO_write((BIO *)arg, &c, 1);
-    (void)BIO_flush((BIO *)arg);
-#  ifdef LINT
-    p = n;
-#  endif
-}
-# endif
-#endif
diff --git a/freebsd/crypto/openssl/crypto/ecdh/ech_err.c b/freebsd/crypto/openssl/crypto/ecdh/ech_err.c
deleted file mode 100644
index cfb73e75..00000000
--- a/freebsd/crypto/openssl/crypto/ecdh/ech_err.c
+++ /dev/null
@@ -1,100 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/ecdh/ech_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/*
- * NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/ecdh.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_ECDH,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECDH,0,reason)
-
-static ERR_STRING_DATA ECDH_str_functs[] = {
-    {ERR_FUNC(ECDH_F_ECDH_CHECK), "ECDH_CHECK"},
-    {ERR_FUNC(ECDH_F_ECDH_COMPUTE_KEY), "ECDH_compute_key"},
-    {ERR_FUNC(ECDH_F_ECDH_DATA_NEW_METHOD), "ECDH_DATA_new_method"},
-    {0, NULL}
-};
-
-static ERR_STRING_DATA ECDH_str_reasons[] = {
-    {ERR_REASON(ECDH_R_KDF_FAILED), "KDF failed"},
-    {ERR_REASON(ECDH_R_NON_FIPS_METHOD), "non fips method"},
-    {ERR_REASON(ECDH_R_NO_PRIVATE_VALUE), "no private value"},
-    {ERR_REASON(ECDH_R_POINT_ARITHMETIC_FAILURE), "point arithmetic failure"},
-    {0, NULL}
-};
-
-#endif
-
-void ERR_load_ECDH_strings(void)
-{
-#ifndef OPENSSL_NO_ERR
-
-    if (ERR_func_error_string(ECDH_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, ECDH_str_functs);
-        ERR_load_strings(0, ECDH_str_reasons);
-    }
-#endif
-}
diff --git a/freebsd/crypto/openssl/crypto/ecdh/ech_kdf.c b/freebsd/crypto/openssl/crypto/ecdh/ech_kdf.c
deleted file mode 100644
index 320e6387..00000000
--- a/freebsd/crypto/openssl/crypto/ecdh/ech_kdf.c
+++ /dev/null
@@ -1,113 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/ecdh/ec_kdf.c */
-/*
- * Written by Stephen Henson for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 2013 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#define OPENSSL_FIPSAPI
-
-#include <string.h>
-#include <openssl/ecdh.h>
-#include <openssl/evp.h>
-
-/* Key derivation function from X9.62/SECG */
-/* Way more than we will ever need */
-#define ECDH_KDF_MAX    (1 << 30)
-
-int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
-                   const unsigned char *Z, size_t Zlen,
-                   const unsigned char *sinfo, size_t sinfolen,
-                   const EVP_MD *md)
-{
-    EVP_MD_CTX mctx;
-    int rv = 0;
-    unsigned int i;
-    size_t mdlen;
-    unsigned char ctr[4];
-    if (sinfolen > ECDH_KDF_MAX || outlen > ECDH_KDF_MAX
-        || Zlen > ECDH_KDF_MAX)
-        return 0;
-    mdlen = EVP_MD_size(md);
-    EVP_MD_CTX_init(&mctx);
-    for (i = 1;; i++) {
-        unsigned char mtmp[EVP_MAX_MD_SIZE];
-        EVP_DigestInit_ex(&mctx, md, NULL);
-        ctr[3] = i & 0xFF;
-        ctr[2] = (i >> 8) & 0xFF;
-        ctr[1] = (i >> 16) & 0xFF;
-        ctr[0] = (i >> 24) & 0xFF;
-        if (!EVP_DigestUpdate(&mctx, Z, Zlen))
-            goto err;
-        if (!EVP_DigestUpdate(&mctx, ctr, sizeof(ctr)))
-            goto err;
-        if (!EVP_DigestUpdate(&mctx, sinfo, sinfolen))
-            goto err;
-        if (outlen >= mdlen) {
-            if (!EVP_DigestFinal(&mctx, out, NULL))
-                goto err;
-            outlen -= mdlen;
-            if (outlen == 0)
-                break;
-            out += mdlen;
-        } else {
-            if (!EVP_DigestFinal(&mctx, mtmp, NULL))
-                goto err;
-            memcpy(out, mtmp, outlen);
-            OPENSSL_cleanse(mtmp, mdlen);
-            break;
-        }
-    }
-    rv = 1;
- err:
-    EVP_MD_CTX_cleanup(&mctx);
-    return rv;
-}
diff --git a/freebsd/crypto/openssl/crypto/ecdh/ech_key.c b/freebsd/crypto/openssl/crypto/ecdh/ech_key.c
deleted file mode 100644
index 4456a3f7..00000000
--- a/freebsd/crypto/openssl/crypto/ecdh/ech_key.c
+++ /dev/null
@@ -1,83 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/ecdh/ecdh_key.c */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
- * to the OpenSSL project.
- *
- * The ECC Code is licensed pursuant to the OpenSSL open source
- * license provided below.
- *
- * The ECDH software is originally written by Douglas Stebila of
- * Sun Microsystems Laboratories.
- *
- */
-/* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "ech_locl.h"
-
-int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
-                     EC_KEY *eckey,
-                     void *(*KDF) (const void *in, size_t inlen, void *out,
-                                   size_t *outlen))
-{
-    ECDH_DATA *ecdh = ecdh_check(eckey);
-    if (ecdh == NULL)
-        return 0;
-    return ecdh->meth->compute_key(out, outlen, pub_key, eckey, KDF);
-}
diff --git a/freebsd/crypto/openssl/crypto/ecdh/ech_lib.c b/freebsd/crypto/openssl/crypto/ecdh/ech_lib.c
deleted file mode 100644
index 4bf047a6..00000000
--- a/freebsd/crypto/openssl/crypto/ecdh/ech_lib.c
+++ /dev/null
@@ -1,274 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/ecdh/ech_lib.c */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
- * to the OpenSSL project.
- *
- * The ECC Code is licensed pursuant to the OpenSSL open source
- * license provided below.
- *
- * The ECDH software is originally written by Douglas Stebila of
- * Sun Microsystems Laboratories.
- *
- */
-/* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "ech_locl.h"
-#include <string.h>
-#ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
-#endif
-#include <openssl/err.h>
-#ifdef OPENSSL_FIPS
-# include <openssl/fips.h>
-#endif
-
-const char ECDH_version[] = "ECDH" OPENSSL_VERSION_PTEXT;
-
-static const ECDH_METHOD *default_ECDH_method = NULL;
-
-static void *ecdh_data_new(void);
-static void *ecdh_data_dup(void *);
-static void ecdh_data_free(void *);
-
-void ECDH_set_default_method(const ECDH_METHOD *meth)
-{
-    default_ECDH_method = meth;
-}
-
-const ECDH_METHOD *ECDH_get_default_method(void)
-{
-    if (!default_ECDH_method) {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode())
-            return FIPS_ecdh_openssl();
-        else
-            return ECDH_OpenSSL();
-#else
-        default_ECDH_method = ECDH_OpenSSL();
-#endif
-    }
-    return default_ECDH_method;
-}
-
-int ECDH_set_method(EC_KEY *eckey, const ECDH_METHOD *meth)
-{
-    ECDH_DATA *ecdh;
-
-    ecdh = ecdh_check(eckey);
-
-    if (ecdh == NULL)
-        return 0;
-
-#if 0
-    mtmp = ecdh->meth;
-    if (mtmp->finish)
-        mtmp->finish(eckey);
-#endif
-#ifndef OPENSSL_NO_ENGINE
-    if (ecdh->engine) {
-        ENGINE_finish(ecdh->engine);
-        ecdh->engine = NULL;
-    }
-#endif
-    ecdh->meth = meth;
-#if 0
-    if (meth->init)
-        meth->init(eckey);
-#endif
-    return 1;
-}
-
-static ECDH_DATA *ECDH_DATA_new_method(ENGINE *engine)
-{
-    ECDH_DATA *ret;
-
-    ret = (ECDH_DATA *)OPENSSL_malloc(sizeof(ECDH_DATA));
-    if (ret == NULL) {
-        ECDHerr(ECDH_F_ECDH_DATA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
-        return (NULL);
-    }
-
-    ret->init = NULL;
-
-    ret->meth = ECDH_get_default_method();
-    ret->engine = engine;
-#ifndef OPENSSL_NO_ENGINE
-    if (!ret->engine)
-        ret->engine = ENGINE_get_default_ECDH();
-    if (ret->engine) {
-        ret->meth = ENGINE_get_ECDH(ret->engine);
-        if (!ret->meth) {
-            ECDHerr(ECDH_F_ECDH_DATA_NEW_METHOD, ERR_R_ENGINE_LIB);
-            ENGINE_finish(ret->engine);
-            OPENSSL_free(ret);
-            return NULL;
-        }
-    }
-#endif
-
-    ret->flags = ret->meth->flags;
-    CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data);
-#if 0
-    if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
-        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data);
-        OPENSSL_free(ret);
-        ret = NULL;
-    }
-#endif
-    return (ret);
-}
-
-static void *ecdh_data_new(void)
-{
-    return (void *)ECDH_DATA_new_method(NULL);
-}
-
-static void *ecdh_data_dup(void *data)
-{
-    ECDH_DATA *r = (ECDH_DATA *)data;
-
-    /* XXX: dummy operation */
-    if (r == NULL)
-        return NULL;
-
-    return (void *)ecdh_data_new();
-}
-
-void ecdh_data_free(void *data)
-{
-    ECDH_DATA *r = (ECDH_DATA *)data;
-
-#ifndef OPENSSL_NO_ENGINE
-    if (r->engine)
-        ENGINE_finish(r->engine);
-#endif
-
-    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, r, &r->ex_data);
-
-    OPENSSL_cleanse((void *)r, sizeof(ECDH_DATA));
-
-    OPENSSL_free(r);
-}
-
-ECDH_DATA *ecdh_check(EC_KEY *key)
-{
-    ECDH_DATA *ecdh_data;
-
-    void *data = EC_KEY_get_key_method_data(key, ecdh_data_dup,
-                                            ecdh_data_free, ecdh_data_free);
-    if (data == NULL) {
-        ecdh_data = (ECDH_DATA *)ecdh_data_new();
-        if (ecdh_data == NULL)
-            return NULL;
-        data = EC_KEY_insert_key_method_data(key, (void *)ecdh_data,
-                                             ecdh_data_dup, ecdh_data_free,
-                                             ecdh_data_free);
-        if (data != NULL) {
-            /*
-             * Another thread raced us to install the key_method data and
-             * won.
-             */
-            ecdh_data_free(ecdh_data);
-            ecdh_data = (ECDH_DATA *)data;
-        } else if (EC_KEY_get_key_method_data(key, ecdh_data_dup,
-                                              ecdh_data_free,
-                                              ecdh_data_free) != ecdh_data) {
-            /* Or an out of memory error in EC_KEY_insert_key_method_data. */
-            ecdh_data_free(ecdh_data);
-            return NULL;
-        }
-    } else {
-        ecdh_data = (ECDH_DATA *)data;
-    }
-#ifdef OPENSSL_FIPS
-    if (FIPS_mode() && !(ecdh_data->flags & ECDH_FLAG_FIPS_METHOD)
-        && !(EC_KEY_get_flags(key) & EC_FLAG_NON_FIPS_ALLOW)) {
-        ECDHerr(ECDH_F_ECDH_CHECK, ECDH_R_NON_FIPS_METHOD);
-        return NULL;
-    }
-#endif
-
-    return ecdh_data;
-}
-
-int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-                          CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
-{
-    return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDH, argl, argp,
-                                   new_func, dup_func, free_func);
-}
-
-int ECDH_set_ex_data(EC_KEY *d, int idx, void *arg)
-{
-    ECDH_DATA *ecdh;
-    ecdh = ecdh_check(d);
-    if (ecdh == NULL)
-        return 0;
-    return (CRYPTO_set_ex_data(&ecdh->ex_data, idx, arg));
-}
-
-void *ECDH_get_ex_data(EC_KEY *d, int idx)
-{
-    ECDH_DATA *ecdh;
-    ecdh = ecdh_check(d);
-    if (ecdh == NULL)
-        return NULL;
-    return (CRYPTO_get_ex_data(&ecdh->ex_data, idx));
-}
diff --git a/freebsd/crypto/openssl/crypto/ecdh/ech_locl.h b/freebsd/crypto/openssl/crypto/ecdh/ech_locl.h
deleted file mode 100644
index 4e66024c..00000000
--- a/freebsd/crypto/openssl/crypto/ecdh/ech_locl.h
+++ /dev/null
@@ -1,104 +0,0 @@
-/* crypto/ecdh/ech_locl.h */
-/* ====================================================================
- * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_ECH_LOCL_H
-# define HEADER_ECH_LOCL_H
-
-# include <openssl/ecdh.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-struct ecdh_method {
-    const char *name;
-    int (*compute_key) (void *key, size_t outlen, const EC_POINT *pub_key,
-                        EC_KEY *ecdh, void *(*KDF) (const void *in,
-                                                    size_t inlen, void *out,
-                                                    size_t *outlen));
-# if 0
-    int (*init) (EC_KEY *eckey);
-    int (*finish) (EC_KEY *eckey);
-# endif
-    int flags;
-    char *app_data;
-};
-
-/*
- * If this flag is set the ECDH method is FIPS compliant and can be used in
- * FIPS mode. This is set in the validated module method. If an application
- * sets this flag in its own methods it is its responsibility to ensure the
- * result is compliant.
- */
-
-# define ECDH_FLAG_FIPS_METHOD   0x1
-
-typedef struct ecdh_data_st {
-    /* EC_KEY_METH_DATA part */
-    int (*init) (EC_KEY *);
-    /* method specific part */
-    ENGINE *engine;
-    int flags;
-    const ECDH_METHOD *meth;
-    CRYPTO_EX_DATA ex_data;
-} ECDH_DATA;
-
-ECDH_DATA *ecdh_check(EC_KEY *);
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif                          /* HEADER_ECH_LOCL_H */
diff --git a/freebsd/crypto/openssl/crypto/ecdh/ech_ossl.c b/freebsd/crypto/openssl/crypto/ecdh/ech_ossl.c
deleted file mode 100644
index 4f626d17..00000000
--- a/freebsd/crypto/openssl/crypto/ecdh/ech_ossl.c
+++ /dev/null
@@ -1,222 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/ecdh/ech_ossl.c */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
- * to the OpenSSL project.
- *
- * The ECC Code is licensed pursuant to the OpenSSL open source
- * license provided below.
- *
- * The ECDH software is originally written by Douglas Stebila of
- * Sun Microsystems Laboratories.
- *
- */
-/* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <string.h>
-#include <limits.h>
-
-#include "cryptlib.h"
-
-#include "ech_locl.h"
-#include <openssl/err.h>
-#include <openssl/sha.h>
-#include <openssl/obj_mac.h>
-#include <openssl/bn.h>
-
-static int ecdh_compute_key(void *out, size_t len, const EC_POINT *pub_key,
-                            EC_KEY *ecdh,
-                            void *(*KDF) (const void *in, size_t inlen,
-                                          void *out, size_t *outlen));
-
-static ECDH_METHOD openssl_ecdh_meth = {
-    "OpenSSL ECDH method",
-    ecdh_compute_key,
-#if 0
-    NULL,                       /* init */
-    NULL,                       /* finish */
-#endif
-    0,                          /* flags */
-    NULL                        /* app_data */
-};
-
-const ECDH_METHOD *ECDH_OpenSSL(void)
-{
-    return &openssl_ecdh_meth;
-}
-
-/*-
- * This implementation is based on the following primitives in the IEEE 1363 standard:
- *  - ECKAS-DH1
- *  - ECSVDP-DH
- * Finally an optional KDF is applied.
- */
-static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
-                            EC_KEY *ecdh,
-                            void *(*KDF) (const void *in, size_t inlen,
-                                          void *out, size_t *outlen))
-{
-    BN_CTX *ctx;
-    EC_POINT *tmp = NULL;
-    BIGNUM *x = NULL, *y = NULL;
-    const BIGNUM *priv_key;
-    const EC_GROUP *group;
-    int ret = -1;
-    size_t buflen, len;
-    unsigned char *buf = NULL;
-
-    if (outlen > INT_MAX) {
-        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE); /* sort of,
-                                                                 * anyway */
-        return -1;
-    }
-
-    if ((ctx = BN_CTX_new()) == NULL)
-        goto err;
-    BN_CTX_start(ctx);
-    x = BN_CTX_get(ctx);
-    y = BN_CTX_get(ctx);
-
-    priv_key = EC_KEY_get0_private_key(ecdh);
-    if (priv_key == NULL) {
-        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_NO_PRIVATE_VALUE);
-        goto err;
-    }
-
-    group = EC_KEY_get0_group(ecdh);
-
-    if (EC_KEY_get_flags(ecdh) & EC_FLAG_COFACTOR_ECDH) {
-        if (!EC_GROUP_get_cofactor(group, x, ctx) ||
-            !BN_mul(x, x, priv_key, ctx)) {
-            ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-        priv_key = x;
-    }
-
-    if ((tmp = EC_POINT_new(group)) == NULL) {
-        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    if (!EC_POINT_mul(group, tmp, NULL, pub_key, priv_key, ctx)) {
-        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE);
-        goto err;
-    }
-
-    if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
-        NID_X9_62_prime_field) {
-        if (!EC_POINT_get_affine_coordinates_GFp(group, tmp, x, y, ctx)) {
-            ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE);
-            goto err;
-        }
-    }
-#ifndef OPENSSL_NO_EC2M
-    else {
-        if (!EC_POINT_get_affine_coordinates_GF2m(group, tmp, x, y, ctx)) {
-            ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE);
-            goto err;
-        }
-    }
-#endif
-
-    buflen = (EC_GROUP_get_degree(group) + 7) / 8;
-    len = BN_num_bytes(x);
-    if (len > buflen) {
-        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_INTERNAL_ERROR);
-        goto err;
-    }
-    if ((buf = OPENSSL_malloc(buflen)) == NULL) {
-        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    memset(buf, 0, buflen - len);
-    if (len != (size_t)BN_bn2bin(x, buf + buflen - len)) {
-        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
-        goto err;
-    }
-
-    if (KDF != 0) {
-        if (KDF(buf, buflen, out, &outlen) == NULL) {
-            ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_KDF_FAILED);
-            goto err;
-        }
-        ret = outlen;
-    } else {
-        /* no KDF, just copy as much as we can */
-        if (outlen > buflen)
-            outlen = buflen;
-        memcpy(out, buf, outlen);
-        ret = outlen;
-    }
-
- err:
-    if (tmp)
-        EC_POINT_free(tmp);
-    if (ctx)
-        BN_CTX_end(ctx);
-    if (ctx)
-        BN_CTX_free(ctx);
-    if (buf) {
-        OPENSSL_cleanse(buf, buflen);
-        OPENSSL_free(buf);
-    }
-    return (ret);
-}
diff --git a/freebsd/crypto/openssl/crypto/ecdsa/ecdsa.h b/freebsd/crypto/openssl/crypto/ecdsa/ecdsa.h
deleted file mode 100644
index a6f0930f..00000000
--- a/freebsd/crypto/openssl/crypto/ecdsa/ecdsa.h
+++ /dev/null
@@ -1,335 +0,0 @@
-/* crypto/ecdsa/ecdsa.h */
-/**
- * \file   crypto/ecdsa/ecdsa.h Include file for the OpenSSL ECDSA functions
- * \author Written by Nils Larsch for the OpenSSL project
- */
-/* ====================================================================
- * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#ifndef HEADER_ECDSA_H
-# define HEADER_ECDSA_H
-
-# include <openssl/opensslconf.h>
-
-# ifdef OPENSSL_NO_ECDSA
-#  error ECDSA is disabled.
-# endif
-
-# include <openssl/ec.h>
-# include <openssl/ossl_typ.h>
-# ifndef OPENSSL_NO_DEPRECATED
-#  include <openssl/bn.h>
-# endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef struct ECDSA_SIG_st {
-    BIGNUM *r;
-    BIGNUM *s;
-} ECDSA_SIG;
-
-/** Allocates and initialize a ECDSA_SIG structure
- *  \return pointer to a ECDSA_SIG structure or NULL if an error occurred
- */
-ECDSA_SIG *ECDSA_SIG_new(void);
-
-/** frees a ECDSA_SIG structure
- *  \param  sig  pointer to the ECDSA_SIG structure
- */
-void ECDSA_SIG_free(ECDSA_SIG *sig);
-
-/** DER encode content of ECDSA_SIG object (note: this function modifies *pp
- *  (*pp += length of the DER encoded signature)).
- *  \param  sig  pointer to the ECDSA_SIG object
- *  \param  pp   pointer to a unsigned char pointer for the output or NULL
- *  \return the length of the DER encoded ECDSA_SIG object or 0
- */
-int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp);
-
-/** Decodes a DER encoded ECDSA signature (note: this function changes *pp
- *  (*pp += len)).
- *  \param  sig  pointer to ECDSA_SIG pointer (may be NULL)
- *  \param  pp   memory buffer with the DER encoded signature
- *  \param  len  length of the buffer
- *  \return pointer to the decoded ECDSA_SIG structure (or NULL)
- */
-ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len);
-
-/** Computes the ECDSA signature of the given hash value using
- *  the supplied private key and returns the created signature.
- *  \param  dgst      pointer to the hash value
- *  \param  dgst_len  length of the hash value
- *  \param  eckey     EC_KEY object containing a private EC key
- *  \return pointer to a ECDSA_SIG structure or NULL if an error occurred
- */
-ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len,
-                         EC_KEY *eckey);
-
-/** Computes ECDSA signature of a given hash value using the supplied
- *  private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
- *  \param  dgst     pointer to the hash value to sign
- *  \param  dgstlen  length of the hash value
- *  \param  kinv     BIGNUM with a pre-computed inverse k (optional)
- *  \param  rp       BIGNUM with a pre-computed rp value (optioanl),
- *                   see ECDSA_sign_setup
- *  \param  eckey    EC_KEY object containing a private EC key
- *  \return pointer to a ECDSA_SIG structure or NULL if an error occurred
- */
-ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen,
-                            const BIGNUM *kinv, const BIGNUM *rp,
-                            EC_KEY *eckey);
-
-/** Verifies that the supplied signature is a valid ECDSA
- *  signature of the supplied hash value using the supplied public key.
- *  \param  dgst      pointer to the hash value
- *  \param  dgst_len  length of the hash value
- *  \param  sig       ECDSA_SIG structure
- *  \param  eckey     EC_KEY object containing a public EC key
- *  \return 1 if the signature is valid, 0 if the signature is invalid
- *          and -1 on error
- */
-int ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
-                    const ECDSA_SIG *sig, EC_KEY *eckey);
-
-const ECDSA_METHOD *ECDSA_OpenSSL(void);
-
-/** Sets the default ECDSA method
- *  \param  meth  new default ECDSA_METHOD
- */
-void ECDSA_set_default_method(const ECDSA_METHOD *meth);
-
-/** Returns the default ECDSA method
- *  \return pointer to ECDSA_METHOD structure containing the default method
- */
-const ECDSA_METHOD *ECDSA_get_default_method(void);
-
-/** Sets method to be used for the ECDSA operations
- *  \param  eckey  EC_KEY object
- *  \param  meth   new method
- *  \return 1 on success and 0 otherwise
- */
-int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth);
-
-/** Returns the maximum length of the DER encoded signature
- *  \param  eckey  EC_KEY object
- *  \return numbers of bytes required for the DER encoded signature
- */
-int ECDSA_size(const EC_KEY *eckey);
-
-/** Precompute parts of the signing operation
- *  \param  eckey  EC_KEY object containing a private EC key
- *  \param  ctx    BN_CTX object (optional)
- *  \param  kinv   BIGNUM pointer for the inverse of k
- *  \param  rp     BIGNUM pointer for x coordinate of k * generator
- *  \return 1 on success and 0 otherwise
- */
-int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp);
-
-/** Computes ECDSA signature of a given hash value using the supplied
- *  private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
- *  \param  type     this parameter is ignored
- *  \param  dgst     pointer to the hash value to sign
- *  \param  dgstlen  length of the hash value
- *  \param  sig      memory for the DER encoded created signature
- *  \param  siglen   pointer to the length of the returned signature
- *  \param  eckey    EC_KEY object containing a private EC key
- *  \return 1 on success and 0 otherwise
- */
-int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen,
-               unsigned char *sig, unsigned int *siglen, EC_KEY *eckey);
-
-/** Computes ECDSA signature of a given hash value using the supplied
- *  private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
- *  \param  type     this parameter is ignored
- *  \param  dgst     pointer to the hash value to sign
- *  \param  dgstlen  length of the hash value
- *  \param  sig      buffer to hold the DER encoded signature
- *  \param  siglen   pointer to the length of the returned signature
- *  \param  kinv     BIGNUM with a pre-computed inverse k (optional)
- *  \param  rp       BIGNUM with a pre-computed rp value (optioanl),
- *                   see ECDSA_sign_setup
- *  \param  eckey    EC_KEY object containing a private EC key
- *  \return 1 on success and 0 otherwise
- */
-int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen,
-                  unsigned char *sig, unsigned int *siglen,
-                  const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey);
-
-/** Verifies that the given signature is valid ECDSA signature
- *  of the supplied hash value using the specified public key.
- *  \param  type     this parameter is ignored
- *  \param  dgst     pointer to the hash value
- *  \param  dgstlen  length of the hash value
- *  \param  sig      pointer to the DER encoded signature
- *  \param  siglen   length of the DER encoded signature
- *  \param  eckey    EC_KEY object containing a public EC key
- *  \return 1 if the signature is valid, 0 if the signature is invalid
- *          and -1 on error
- */
-int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen,
-                 const unsigned char *sig, int siglen, EC_KEY *eckey);
-
-/* the standard ex_data functions */
-int ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new
-                           *new_func, CRYPTO_EX_dup *dup_func,
-                           CRYPTO_EX_free *free_func);
-int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg);
-void *ECDSA_get_ex_data(EC_KEY *d, int idx);
-
-/** Allocates and initialize a ECDSA_METHOD structure
- *  \param ecdsa_method pointer to ECDSA_METHOD to copy.  (May be NULL)
- *  \return pointer to a ECDSA_METHOD structure or NULL if an error occurred
- */
-
-ECDSA_METHOD *ECDSA_METHOD_new(const ECDSA_METHOD *ecdsa_method);
-
-/** frees a ECDSA_METHOD structure
- *  \param  ecdsa_method  pointer to the ECDSA_METHOD structure
- */
-void ECDSA_METHOD_free(ECDSA_METHOD *ecdsa_method);
-
-/**  Sets application specific data in the ECDSA_METHOD
- *   \param  ecdsa_method pointer to existing ECDSA_METHOD
- *   \param  app application specific data to set
- */
-
-void ECDSA_METHOD_set_app_data(ECDSA_METHOD *ecdsa_method, void *app);
-
-/** Returns application specific data from a ECDSA_METHOD structure
- *  \param ecdsa_method pointer to ECDSA_METHOD structure
- *  \return pointer to application specific data.
- */
-
-void *ECDSA_METHOD_get_app_data(ECDSA_METHOD *ecdsa_method);
-
-/**  Set the ECDSA_do_sign function in the ECDSA_METHOD
- *   \param  ecdsa_method  pointer to existing ECDSA_METHOD
- *   \param  ecdsa_do_sign a funtion of type ECDSA_do_sign
- */
-
-void ECDSA_METHOD_set_sign(ECDSA_METHOD *ecdsa_method,
-                           ECDSA_SIG *(*ecdsa_do_sign) (const unsigned char
-                                                        *dgst, int dgst_len,
-                                                        const BIGNUM *inv,
-                                                        const BIGNUM *rp,
-                                                        EC_KEY *eckey));
-
-/**  Set the  ECDSA_sign_setup function in the ECDSA_METHOD
- *   \param  ecdsa_method  pointer to existing ECDSA_METHOD
- *   \param  ecdsa_sign_setup a funtion of type ECDSA_sign_setup
- */
-
-void ECDSA_METHOD_set_sign_setup(ECDSA_METHOD *ecdsa_method,
-                                 int (*ecdsa_sign_setup) (EC_KEY *eckey,
-                                                          BN_CTX *ctx,
-                                                          BIGNUM **kinv,
-                                                          BIGNUM **r));
-
-/**  Set the ECDSA_do_verify function in the ECDSA_METHOD
- *   \param  ecdsa_method  pointer to existing ECDSA_METHOD
- *   \param  ecdsa_do_verify a funtion of type ECDSA_do_verify
- */
-
-void ECDSA_METHOD_set_verify(ECDSA_METHOD *ecdsa_method,
-                             int (*ecdsa_do_verify) (const unsigned char
-                                                     *dgst, int dgst_len,
-                                                     const ECDSA_SIG *sig,
-                                                     EC_KEY *eckey));
-
-void ECDSA_METHOD_set_flags(ECDSA_METHOD *ecdsa_method, int flags);
-
-/**  Set the flags field in the ECDSA_METHOD
- *   \param  ecdsa_method  pointer to existing ECDSA_METHOD
- *   \param  flags flags value to set
- */
-
-void ECDSA_METHOD_set_name(ECDSA_METHOD *ecdsa_method, char *name);
-
-/**  Set the name field in the ECDSA_METHOD
- *   \param  ecdsa_method  pointer to existing ECDSA_METHOD
- *   \param  name name to set
- */
-
-/* BEGIN ERROR CODES */
-/*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_ECDSA_strings(void);
-
-/* Error codes for the ECDSA functions. */
-
-/* Function codes. */
-# define ECDSA_F_ECDSA_CHECK                              104
-# define ECDSA_F_ECDSA_DATA_NEW_METHOD                    100
-# define ECDSA_F_ECDSA_DO_SIGN                            101
-# define ECDSA_F_ECDSA_DO_VERIFY                          102
-# define ECDSA_F_ECDSA_METHOD_NEW                         105
-# define ECDSA_F_ECDSA_SIGN_SETUP                         103
-
-/* Reason codes. */
-# define ECDSA_R_BAD_SIGNATURE                            100
-# define ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE              101
-# define ECDSA_R_ERR_EC_LIB                               102
-# define ECDSA_R_MISSING_PARAMETERS                       103
-# define ECDSA_R_NEED_NEW_SETUP_VALUES                    106
-# define ECDSA_R_NON_FIPS_METHOD                          107
-# define ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED          104
-# define ECDSA_R_SIGNATURE_MALLOC_FAILED                  105
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/freebsd/crypto/openssl/crypto/ecdsa/ecdsatest.c b/freebsd/crypto/openssl/crypto/ecdsa/ecdsatest.c
deleted file mode 100644
index 13602806..00000000
--- a/freebsd/crypto/openssl/crypto/ecdsa/ecdsatest.c
+++ /dev/null
@@ -1,565 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/ecdsa/ecdsatest.c */
-/*
- * Written by Nils Larsch for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 2000-2018 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * The elliptic curve binary polynomial software is originally written by
- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_ECDSA is defined */
-
-#ifdef OPENSSL_NO_ECDSA
-int main(int argc, char *argv[])
-{
-    puts("Elliptic curves are disabled.");
-    return 0;
-}
-#else
-
-# include <openssl/crypto.h>
-# include <openssl/bio.h>
-# include <openssl/evp.h>
-# include <openssl/bn.h>
-# include <openssl/ecdsa.h>
-# ifndef OPENSSL_NO_ENGINE
-#  include <openssl/engine.h>
-# endif
-# include <openssl/err.h>
-# include <openssl/rand.h>
-
-static const char rnd_seed[] = "string to make the random number generator "
-    "think it has entropy";
-
-/* declaration of the test functions */
-int x9_62_tests(BIO *);
-int x9_62_test_internal(BIO *out, int nid, const char *r, const char *s);
-int test_builtin(BIO *);
-
-/* functions to change the RAND_METHOD */
-int change_rand(void);
-int restore_rand(void);
-int fbytes(unsigned char *buf, int num);
-
-RAND_METHOD fake_rand;
-const RAND_METHOD *old_rand;
-
-int change_rand(void)
-{
-    /* save old rand method */
-    if ((old_rand = RAND_get_rand_method()) == NULL)
-        return 0;
-
-    fake_rand.seed = old_rand->seed;
-    fake_rand.cleanup = old_rand->cleanup;
-    fake_rand.add = old_rand->add;
-    fake_rand.status = old_rand->status;
-    /* use own random function */
-    fake_rand.bytes = fbytes;
-    fake_rand.pseudorand = old_rand->bytes;
-    /* set new RAND_METHOD */
-    if (!RAND_set_rand_method(&fake_rand))
-        return 0;
-    return 1;
-}
-
-int restore_rand(void)
-{
-    if (!RAND_set_rand_method(old_rand))
-        return 0;
-    else
-        return 1;
-}
-
-static int fbytes_counter = 0, use_fake = 0;
-static const char *numbers[8] = {
-    "651056770906015076056810763456358567190100156695615665659",
-    "6140507067065001063065065565667405560006161556565665656654",
-    "8763001015071075675010661307616710783570106710677817767166"
-        "71676178726717",
-    "7000000175690566466555057817571571075705015757757057795755"
-        "55657156756655",
-    "1275552191113212300012030439187146164646146646466749494799",
-    "1542725565216523985789236956265265265235675811949404040041",
-    "1456427555219115346513212300075341203043918714616464614664"
-        "64667494947990",
-    "1712787255652165239672857892369562652652652356758119494040"
-        "40041670216363"
-};
-
-int fbytes(unsigned char *buf, int num)
-{
-    int ret;
-    BIGNUM *tmp = NULL;
-
-    if (use_fake == 0)
-        return old_rand->bytes(buf, num);
-
-    use_fake = 0;
-
-    if (fbytes_counter >= 8)
-        return 0;
-    tmp = BN_new();
-    if (!tmp)
-        return 0;
-    if (!BN_dec2bn(&tmp, numbers[fbytes_counter])) {
-        BN_free(tmp);
-        return 0;
-    }
-    fbytes_counter++;
-    if (num != BN_num_bytes(tmp) || !BN_bn2bin(tmp, buf))
-        ret = 0;
-    else
-        ret = 1;
-    if (tmp)
-        BN_free(tmp);
-    return ret;
-}
-
-/* some tests from the X9.62 draft */
-int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in)
-{
-    int ret = 0;
-    const char message[] = "abc";
-    unsigned char digest[20];
-    unsigned int dgst_len = 0;
-    EVP_MD_CTX md_ctx;
-    EC_KEY *key = NULL;
-    ECDSA_SIG *signature = NULL;
-    BIGNUM *r = NULL, *s = NULL;
-
-    EVP_MD_CTX_init(&md_ctx);
-    /* get the message digest */
-    EVP_DigestInit(&md_ctx, EVP_ecdsa());
-    EVP_DigestUpdate(&md_ctx, (const void *)message, 3);
-    EVP_DigestFinal(&md_ctx, digest, &dgst_len);
-
-    BIO_printf(out, "testing %s: ", OBJ_nid2sn(nid));
-    /* create the key */
-    if ((key = EC_KEY_new_by_curve_name(nid)) == NULL)
-        goto x962_int_err;
-    use_fake = 1;
-    if (!EC_KEY_generate_key(key))
-        goto x962_int_err;
-    BIO_printf(out, ".");
-    (void)BIO_flush(out);
-    /* create the signature */
-    use_fake = 1;
-    signature = ECDSA_do_sign(digest, 20, key);
-    if (signature == NULL)
-        goto x962_int_err;
-    BIO_printf(out, ".");
-    (void)BIO_flush(out);
-    /* compare the created signature with the expected signature */
-    if ((r = BN_new()) == NULL || (s = BN_new()) == NULL)
-        goto x962_int_err;
-    if (!BN_dec2bn(&r, r_in) || !BN_dec2bn(&s, s_in))
-        goto x962_int_err;
-    if (BN_cmp(signature->r, r) || BN_cmp(signature->s, s))
-        goto x962_int_err;
-    BIO_printf(out, ".");
-    (void)BIO_flush(out);
-    /* verify the signature */
-    if (ECDSA_do_verify(digest, 20, signature, key) != 1)
-        goto x962_int_err;
-    BIO_printf(out, ".");
-    (void)BIO_flush(out);
-
-    BIO_printf(out, " ok\n");
-    ret = 1;
- x962_int_err:
-    if (!ret)
-        BIO_printf(out, " failed\n");
-    if (key)
-        EC_KEY_free(key);
-    if (signature)
-        ECDSA_SIG_free(signature);
-    if (r)
-        BN_free(r);
-    if (s)
-        BN_free(s);
-    EVP_MD_CTX_cleanup(&md_ctx);
-    return ret;
-}
-
-int x9_62_tests(BIO *out)
-{
-    int ret = 0;
-
-    BIO_printf(out, "some tests from X9.62:\n");
-
-    /* set own rand method */
-    if (!change_rand())
-        goto x962_err;
-
-    if (!x9_62_test_internal(out, NID_X9_62_prime192v1,
-                             "3342403536405981729393488334694600415596881826869351677613",
-                             "5735822328888155254683894997897571951568553642892029982342"))
-        goto x962_err;
-    if (!x9_62_test_internal(out, NID_X9_62_prime239v1,
-                             "3086361431751678114926225473006680188549593787585317781474"
-                             "62058306432176",
-                             "3238135532097973577080787768312505059318910517550078427819"
-                             "78505179448783"))
-        goto x962_err;
-# ifndef OPENSSL_NO_EC2M
-    if (!x9_62_test_internal(out, NID_X9_62_c2tnb191v1,
-                             "87194383164871543355722284926904419997237591535066528048",
-                             "308992691965804947361541664549085895292153777025772063598"))
-        goto x962_err;
-    if (!x9_62_test_internal(out, NID_X9_62_c2tnb239v1,
-                             "2159633321041961198501834003903461262881815148684178964245"
-                             "5876922391552",
-                             "1970303740007316867383349976549972270528498040721988191026"
-                             "49413465737174"))
-        goto x962_err;
-# endif
-    ret = 1;
- x962_err:
-    if (!restore_rand())
-        ret = 0;
-    return ret;
-}
-
-int test_builtin(BIO *out)
-{
-    EC_builtin_curve *curves = NULL;
-    size_t crv_len = 0, n = 0;
-    EC_KEY *eckey = NULL, *wrong_eckey = NULL;
-    EC_GROUP *group;
-    ECDSA_SIG *ecdsa_sig = NULL;
-    unsigned char digest[20], wrong_digest[20];
-    unsigned char *signature = NULL;
-    const unsigned char *sig_ptr;
-    unsigned char *sig_ptr2;
-    unsigned char *raw_buf = NULL;
-    unsigned int sig_len, degree, r_len, s_len, bn_len, buf_len;
-    int nid, ret = 0;
-
-    /* fill digest values with some random data */
-    if (RAND_pseudo_bytes(digest, 20) <= 0 ||
-        RAND_pseudo_bytes(wrong_digest, 20) <= 0) {
-        BIO_printf(out, "ERROR: unable to get random data\n");
-        goto builtin_err;
-    }
-
-    /*
-     * create and verify a ecdsa signature with every availble curve (with )
-     */
-    BIO_printf(out, "\ntesting ECDSA_sign() and ECDSA_verify() "
-               "with some internal curves:\n");
-
-    /* get a list of all internal curves */
-    crv_len = EC_get_builtin_curves(NULL, 0);
-
-    curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len);
-
-    if (curves == NULL) {
-        BIO_printf(out, "malloc error\n");
-        goto builtin_err;
-    }
-
-    if (!EC_get_builtin_curves(curves, crv_len)) {
-        BIO_printf(out, "unable to get internal curves\n");
-        goto builtin_err;
-    }
-
-    /* now create and verify a signature for every curve */
-    for (n = 0; n < crv_len; n++) {
-        unsigned char dirt, offset;
-
-        nid = curves[n].nid;
-        if (nid == NID_ipsec4)
-            continue;
-        /* create new ecdsa key (== EC_KEY) */
-        if ((eckey = EC_KEY_new()) == NULL)
-            goto builtin_err;
-        group = EC_GROUP_new_by_curve_name(nid);
-        if (group == NULL)
-            goto builtin_err;
-        if (EC_KEY_set_group(eckey, group) == 0)
-            goto builtin_err;
-        EC_GROUP_free(group);
-        degree = EC_GROUP_get_degree(EC_KEY_get0_group(eckey));
-        if (degree < 160)
-            /* drop the curve */
-        {
-            EC_KEY_free(eckey);
-            eckey = NULL;
-            continue;
-        }
-        BIO_printf(out, "%s: ", OBJ_nid2sn(nid));
-        /* create key */
-        if (!EC_KEY_generate_key(eckey)) {
-            BIO_printf(out, " failed\n");
-            goto builtin_err;
-        }
-        /* create second key */
-        if ((wrong_eckey = EC_KEY_new()) == NULL)
-            goto builtin_err;
-        group = EC_GROUP_new_by_curve_name(nid);
-        if (group == NULL)
-            goto builtin_err;
-        if (EC_KEY_set_group(wrong_eckey, group) == 0)
-            goto builtin_err;
-        EC_GROUP_free(group);
-        if (!EC_KEY_generate_key(wrong_eckey)) {
-            BIO_printf(out, " failed\n");
-            goto builtin_err;
-        }
-
-        BIO_printf(out, ".");
-        (void)BIO_flush(out);
-        /* check key */
-        if (!EC_KEY_check_key(eckey)) {
-            BIO_printf(out, " failed\n");
-            goto builtin_err;
-        }
-        BIO_printf(out, ".");
-        (void)BIO_flush(out);
-        /* create signature */
-        sig_len = ECDSA_size(eckey);
-        if ((signature = OPENSSL_malloc(sig_len)) == NULL)
-            goto builtin_err;
-        if (!ECDSA_sign(0, digest, 20, signature, &sig_len, eckey)) {
-            BIO_printf(out, " failed\n");
-            goto builtin_err;
-        }
-        BIO_printf(out, ".");
-        (void)BIO_flush(out);
-        /* verify signature */
-        if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1) {
-            BIO_printf(out, " failed\n");
-            goto builtin_err;
-        }
-        BIO_printf(out, ".");
-        (void)BIO_flush(out);
-        /* verify signature with the wrong key */
-        if (ECDSA_verify(0, digest, 20, signature, sig_len, wrong_eckey) == 1) {
-            BIO_printf(out, " failed\n");
-            goto builtin_err;
-        }
-        BIO_printf(out, ".");
-        (void)BIO_flush(out);
-        /* wrong digest */
-        if (ECDSA_verify(0, wrong_digest, 20, signature, sig_len, eckey) == 1) {
-            BIO_printf(out, " failed\n");
-            goto builtin_err;
-        }
-        BIO_printf(out, ".");
-        (void)BIO_flush(out);
-        /* wrong length */
-        if (ECDSA_verify(0, digest, 20, signature, sig_len - 1, eckey) == 1) {
-            BIO_printf(out, " failed\n");
-            goto builtin_err;
-        }
-        BIO_printf(out, ".");
-        (void)BIO_flush(out);
-
-        /*
-         * Modify a single byte of the signature: to ensure we don't garble
-         * the ASN1 structure, we read the raw signature and modify a byte in
-         * one of the bignums directly.
-         */
-        sig_ptr = signature;
-        if ((ecdsa_sig = d2i_ECDSA_SIG(NULL, &sig_ptr, sig_len)) == NULL) {
-            BIO_printf(out, " failed\n");
-            goto builtin_err;
-        }
-
-        /* Store the two BIGNUMs in raw_buf. */
-        r_len = BN_num_bytes(ecdsa_sig->r);
-        s_len = BN_num_bytes(ecdsa_sig->s);
-        bn_len = (degree + 7) / 8;
-        if ((r_len > bn_len) || (s_len > bn_len)) {
-            BIO_printf(out, " failed\n");
-            goto builtin_err;
-        }
-        buf_len = 2 * bn_len;
-        if ((raw_buf = OPENSSL_malloc(buf_len)) == NULL)
-            goto builtin_err;
-        /* Pad the bignums with leading zeroes. */
-        memset(raw_buf, 0, buf_len);
-        BN_bn2bin(ecdsa_sig->r, raw_buf + bn_len - r_len);
-        BN_bn2bin(ecdsa_sig->s, raw_buf + buf_len - s_len);
-
-        /* Modify a single byte in the buffer. */
-        offset = raw_buf[10] % buf_len;
-        dirt = raw_buf[11] ? raw_buf[11] : 1;
-        raw_buf[offset] ^= dirt;
-        /* Now read the BIGNUMs back in from raw_buf. */
-        if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) ||
-            (BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL))
-            goto builtin_err;
-
-        sig_ptr2 = signature;
-        sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2);
-        if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1) {
-            BIO_printf(out, " failed\n");
-            goto builtin_err;
-        }
-        /*
-         * Sanity check: undo the modification and verify signature.
-         */
-        raw_buf[offset] ^= dirt;
-        if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) ||
-            (BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL))
-            goto builtin_err;
-
-        sig_ptr2 = signature;
-        sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2);
-        if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1) {
-            BIO_printf(out, " failed\n");
-            goto builtin_err;
-        }
-        BIO_printf(out, ".");
-        (void)BIO_flush(out);
-
-        BIO_printf(out, " ok\n");
-        /* cleanup */
-        /* clean bogus errors */
-        ERR_clear_error();
-        OPENSSL_free(signature);
-        signature = NULL;
-        EC_KEY_free(eckey);
-        eckey = NULL;
-        EC_KEY_free(wrong_eckey);
-        wrong_eckey = NULL;
-        ECDSA_SIG_free(ecdsa_sig);
-        ecdsa_sig = NULL;
-        OPENSSL_free(raw_buf);
-        raw_buf = NULL;
-    }
-
-    ret = 1;
- builtin_err:
-    if (eckey)
-        EC_KEY_free(eckey);
-    if (wrong_eckey)
-        EC_KEY_free(wrong_eckey);
-    if (ecdsa_sig)
-        ECDSA_SIG_free(ecdsa_sig);
-    if (signature)
-        OPENSSL_free(signature);
-    if (raw_buf)
-        OPENSSL_free(raw_buf);
-    if (curves)
-        OPENSSL_free(curves);
-
-    return ret;
-}
-
-int main(void)
-{
-    int ret = 1;
-    BIO *out;
-
-    out = BIO_new_fp(stdout, BIO_NOCLOSE);
-
-    /* enable memory leak checking unless explicitly disabled */
-    if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) &&
-          (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))) {
-        CRYPTO_malloc_debug_init();
-        CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
-    } else {
-        /* OPENSSL_DEBUG_MEMORY=off */
-        CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
-    }
-    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
-    ERR_load_crypto_strings();
-
-    /* initialize the prng */
-    RAND_seed(rnd_seed, sizeof(rnd_seed));
-
-    /* the tests */
-    if (!x9_62_tests(out))
-        goto err;
-    if (!test_builtin(out))
-        goto err;
-
-    ret = 0;
- err:
-    if (ret)
-        BIO_printf(out, "\nECDSA test failed\n");
-    else
-        BIO_printf(out, "\nECDSA test passed\n");
-    if (ret)
-        ERR_print_errors(out);
-    CRYPTO_cleanup_all_ex_data();
-    ERR_remove_thread_state(NULL);
-    ERR_free_strings();
-    CRYPTO_mem_leaks(out);
-    if (out != NULL)
-        BIO_free(out);
-    return ret;
-}
-#endif
diff --git a/freebsd/crypto/openssl/crypto/ecdsa/ecs_asn1.c b/freebsd/crypto/openssl/crypto/ecdsa/ecs_asn1.c
deleted file mode 100644
index a27b5bd4..00000000
--- a/freebsd/crypto/openssl/crypto/ecdsa/ecs_asn1.c
+++ /dev/null
@@ -1,69 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/ecdsa/ecs_asn1.c */
-/* ====================================================================
- * Copyright (c) 2000-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "ecs_locl.h"
-#include <openssl/err.h>
-#include <openssl/asn1t.h>
-
-ASN1_SEQUENCE(ECDSA_SIG) = {
-        ASN1_SIMPLE(ECDSA_SIG, r, CBIGNUM),
-        ASN1_SIMPLE(ECDSA_SIG, s, CBIGNUM)
-} ASN1_SEQUENCE_END(ECDSA_SIG)
-
-DECLARE_ASN1_FUNCTIONS_const(ECDSA_SIG)
-DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECDSA_SIG, ECDSA_SIG)
-IMPLEMENT_ASN1_FUNCTIONS_const(ECDSA_SIG)
diff --git a/freebsd/crypto/openssl/crypto/ecdsa/ecs_err.c b/freebsd/crypto/openssl/crypto/ecdsa/ecs_err.c
deleted file mode 100644
index 9f43066b..00000000
--- a/freebsd/crypto/openssl/crypto/ecdsa/ecs_err.c
+++ /dev/null
@@ -1,109 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/ecdsa/ecs_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/*
- * NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/ecdsa.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_ECDSA,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECDSA,0,reason)
-
-static ERR_STRING_DATA ECDSA_str_functs[] = {
-    {ERR_FUNC(ECDSA_F_ECDSA_CHECK), "ECDSA_CHECK"},
-    {ERR_FUNC(ECDSA_F_ECDSA_DATA_NEW_METHOD), "ECDSA_DATA_NEW_METHOD"},
-    {ERR_FUNC(ECDSA_F_ECDSA_DO_SIGN), "ECDSA_do_sign"},
-    {ERR_FUNC(ECDSA_F_ECDSA_DO_VERIFY), "ECDSA_do_verify"},
-    {ERR_FUNC(ECDSA_F_ECDSA_METHOD_NEW), "ECDSA_METHOD_new"},
-    {ERR_FUNC(ECDSA_F_ECDSA_SIGN_SETUP), "ECDSA_sign_setup"},
-    {0, NULL}
-};
-
-static ERR_STRING_DATA ECDSA_str_reasons[] = {
-    {ERR_REASON(ECDSA_R_BAD_SIGNATURE), "bad signature"},
-    {ERR_REASON(ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),
-     "data too large for key size"},
-    {ERR_REASON(ECDSA_R_ERR_EC_LIB), "err ec lib"},
-    {ERR_REASON(ECDSA_R_MISSING_PARAMETERS), "missing parameters"},
-    {ERR_REASON(ECDSA_R_NEED_NEW_SETUP_VALUES), "need new setup values"},
-    {ERR_REASON(ECDSA_R_NON_FIPS_METHOD), "non fips method"},
-    {ERR_REASON(ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED),
-     "random number generation failed"},
-    {ERR_REASON(ECDSA_R_SIGNATURE_MALLOC_FAILED), "signature malloc failed"},
-    {0, NULL}
-};
-
-#endif
-
-void ERR_load_ECDSA_strings(void)
-{
-#ifndef OPENSSL_NO_ERR
-
-    if (ERR_func_error_string(ECDSA_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, ECDSA_str_functs);
-        ERR_load_strings(0, ECDSA_str_reasons);
-    }
-#endif
-}
diff --git a/freebsd/crypto/openssl/crypto/ecdsa/ecs_lib.c b/freebsd/crypto/openssl/crypto/ecdsa/ecs_lib.c
deleted file mode 100644
index d6ae2c01..00000000
--- a/freebsd/crypto/openssl/crypto/ecdsa/ecs_lib.c
+++ /dev/null
@@ -1,363 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/ecdsa/ecs_lib.c */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <string.h>
-#include "ecs_locl.h"
-#ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
-#endif
-#include <openssl/err.h>
-#include <openssl/bn.h>
-#ifdef OPENSSL_FIPS
-# include <openssl/fips.h>
-#endif
-
-const char ECDSA_version[] = "ECDSA" OPENSSL_VERSION_PTEXT;
-
-static const ECDSA_METHOD *default_ECDSA_method = NULL;
-
-static void *ecdsa_data_new(void);
-static void *ecdsa_data_dup(void *);
-static void ecdsa_data_free(void *);
-
-void ECDSA_set_default_method(const ECDSA_METHOD *meth)
-{
-    default_ECDSA_method = meth;
-}
-
-const ECDSA_METHOD *ECDSA_get_default_method(void)
-{
-    if (!default_ECDSA_method) {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode())
-            return FIPS_ecdsa_openssl();
-        else
-            return ECDSA_OpenSSL();
-#else
-        default_ECDSA_method = ECDSA_OpenSSL();
-#endif
-    }
-    return default_ECDSA_method;
-}
-
-int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth)
-{
-    ECDSA_DATA *ecdsa;
-
-    ecdsa = ecdsa_check(eckey);
-
-    if (ecdsa == NULL)
-        return 0;
-
-#ifndef OPENSSL_NO_ENGINE
-    if (ecdsa->engine) {
-        ENGINE_finish(ecdsa->engine);
-        ecdsa->engine = NULL;
-    }
-#endif
-    ecdsa->meth = meth;
-
-    return 1;
-}
-
-static ECDSA_DATA *ECDSA_DATA_new_method(ENGINE *engine)
-{
-    ECDSA_DATA *ret;
-
-    ret = (ECDSA_DATA *)OPENSSL_malloc(sizeof(ECDSA_DATA));
-    if (ret == NULL) {
-        ECDSAerr(ECDSA_F_ECDSA_DATA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
-        return (NULL);
-    }
-
-    ret->init = NULL;
-
-    ret->meth = ECDSA_get_default_method();
-    ret->engine = engine;
-#ifndef OPENSSL_NO_ENGINE
-    if (!ret->engine)
-        ret->engine = ENGINE_get_default_ECDSA();
-    if (ret->engine) {
-        ret->meth = ENGINE_get_ECDSA(ret->engine);
-        if (!ret->meth) {
-            ECDSAerr(ECDSA_F_ECDSA_DATA_NEW_METHOD, ERR_R_ENGINE_LIB);
-            ENGINE_finish(ret->engine);
-            OPENSSL_free(ret);
-            return NULL;
-        }
-    }
-#endif
-
-    ret->flags = ret->meth->flags;
-    CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDSA, ret, &ret->ex_data);
-#if 0
-    if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
-        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDSA, ret, &ret->ex_data);
-        OPENSSL_free(ret);
-        ret = NULL;
-    }
-#endif
-    return (ret);
-}
-
-static void *ecdsa_data_new(void)
-{
-    return (void *)ECDSA_DATA_new_method(NULL);
-}
-
-static void *ecdsa_data_dup(void *data)
-{
-    ECDSA_DATA *r = (ECDSA_DATA *)data;
-
-    /* XXX: dummy operation */
-    if (r == NULL)
-        return NULL;
-
-    return ecdsa_data_new();
-}
-
-static void ecdsa_data_free(void *data)
-{
-    ECDSA_DATA *r = (ECDSA_DATA *)data;
-
-#ifndef OPENSSL_NO_ENGINE
-    if (r->engine)
-        ENGINE_finish(r->engine);
-#endif
-    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDSA, r, &r->ex_data);
-
-    OPENSSL_cleanse((void *)r, sizeof(ECDSA_DATA));
-
-    OPENSSL_free(r);
-}
-
-ECDSA_DATA *ecdsa_check(EC_KEY *key)
-{
-    ECDSA_DATA *ecdsa_data;
-
-    void *data = EC_KEY_get_key_method_data(key, ecdsa_data_dup,
-                                            ecdsa_data_free, ecdsa_data_free);
-    if (data == NULL) {
-        ecdsa_data = (ECDSA_DATA *)ecdsa_data_new();
-        if (ecdsa_data == NULL)
-            return NULL;
-        data = EC_KEY_insert_key_method_data(key, (void *)ecdsa_data,
-                                             ecdsa_data_dup, ecdsa_data_free,
-                                             ecdsa_data_free);
-        if (data != NULL) {
-            /*
-             * Another thread raced us to install the key_method data and
-             * won.
-             */
-            ecdsa_data_free(ecdsa_data);
-            ecdsa_data = (ECDSA_DATA *)data;
-        } else if (EC_KEY_get_key_method_data(key, ecdsa_data_dup,
-                                              ecdsa_data_free,
-                                              ecdsa_data_free) != ecdsa_data) {
-            /* Or an out of memory error in EC_KEY_insert_key_method_data. */
-            ecdsa_data_free(ecdsa_data);
-            return NULL;
-        }
-    } else {
-        ecdsa_data = (ECDSA_DATA *)data;
-    }
-#ifdef OPENSSL_FIPS
-    if (FIPS_mode() && !(ecdsa_data->flags & ECDSA_FLAG_FIPS_METHOD)
-        && !(EC_KEY_get_flags(key) & EC_FLAG_NON_FIPS_ALLOW)) {
-        ECDSAerr(ECDSA_F_ECDSA_CHECK, ECDSA_R_NON_FIPS_METHOD);
-        return NULL;
-    }
-#endif
-
-    return ecdsa_data;
-}
-
-int ECDSA_size(const EC_KEY *r)
-{
-    int ret, i;
-    ASN1_INTEGER bs;
-    BIGNUM *order = NULL;
-    unsigned char buf[4];
-    const EC_GROUP *group;
-
-    if (r == NULL)
-        return 0;
-    group = EC_KEY_get0_group(r);
-    if (group == NULL)
-        return 0;
-
-    if ((order = BN_new()) == NULL)
-        return 0;
-    if (!EC_GROUP_get_order(group, order, NULL)) {
-        BN_clear_free(order);
-        return 0;
-    }
-    i = BN_num_bits(order);
-    bs.length = (i + 7) / 8;
-    bs.data = buf;
-    bs.type = V_ASN1_INTEGER;
-    /* If the top bit is set the asn1 encoding is 1 larger. */
-    buf[0] = 0xff;
-
-    i = i2d_ASN1_INTEGER(&bs, NULL);
-    i += i;                     /* r and s */
-    ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE);
-    BN_clear_free(order);
-    return (ret);
-}
-
-int ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-                           CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
-{
-    return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDSA, argl, argp,
-                                   new_func, dup_func, free_func);
-}
-
-int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg)
-{
-    ECDSA_DATA *ecdsa;
-    ecdsa = ecdsa_check(d);
-    if (ecdsa == NULL)
-        return 0;
-    return (CRYPTO_set_ex_data(&ecdsa->ex_data, idx, arg));
-}
-
-void *ECDSA_get_ex_data(EC_KEY *d, int idx)
-{
-    ECDSA_DATA *ecdsa;
-    ecdsa = ecdsa_check(d);
-    if (ecdsa == NULL)
-        return NULL;
-    return (CRYPTO_get_ex_data(&ecdsa->ex_data, idx));
-}
-
-ECDSA_METHOD *ECDSA_METHOD_new(const ECDSA_METHOD *ecdsa_meth)
-{
-    ECDSA_METHOD *ret;
-
-    ret = OPENSSL_malloc(sizeof(ECDSA_METHOD));
-    if (ret == NULL) {
-        ECDSAerr(ECDSA_F_ECDSA_METHOD_NEW, ERR_R_MALLOC_FAILURE);
-        return NULL;
-    }
-
-    if (ecdsa_meth)
-        *ret = *ecdsa_meth;
-    else {
-        ret->ecdsa_sign_setup = 0;
-        ret->ecdsa_do_sign = 0;
-        ret->ecdsa_do_verify = 0;
-        ret->name = NULL;
-        ret->flags = 0;
-    }
-    ret->flags |= ECDSA_METHOD_FLAG_ALLOCATED;
-    return ret;
-}
-
-void ECDSA_METHOD_set_sign(ECDSA_METHOD *ecdsa_method,
-                           ECDSA_SIG *(*ecdsa_do_sign) (const unsigned char
-                                                        *dgst, int dgst_len,
-                                                        const BIGNUM *inv,
-                                                        const BIGNUM *rp,
-                                                        EC_KEY *eckey))
-{
-    ecdsa_method->ecdsa_do_sign = ecdsa_do_sign;
-}
-
-void ECDSA_METHOD_set_sign_setup(ECDSA_METHOD *ecdsa_method,
-                                 int (*ecdsa_sign_setup) (EC_KEY *eckey,
-                                                          BN_CTX *ctx,
-                                                          BIGNUM **kinv,
-                                                          BIGNUM **r))
-{
-    ecdsa_method->ecdsa_sign_setup = ecdsa_sign_setup;
-}
-
-void ECDSA_METHOD_set_verify(ECDSA_METHOD *ecdsa_method,
-                             int (*ecdsa_do_verify) (const unsigned char
-                                                     *dgst, int dgst_len,
-                                                     const ECDSA_SIG *sig,
-                                                     EC_KEY *eckey))
-{
-    ecdsa_method->ecdsa_do_verify = ecdsa_do_verify;
-}
-
-void ECDSA_METHOD_set_flags(ECDSA_METHOD *ecdsa_method, int flags)
-{
-    ecdsa_method->flags = flags | ECDSA_METHOD_FLAG_ALLOCATED;
-}
-
-void ECDSA_METHOD_set_name(ECDSA_METHOD *ecdsa_method, char *name)
-{
-    ecdsa_method->name = name;
-}
-
-void ECDSA_METHOD_free(ECDSA_METHOD *ecdsa_method)
-{
-    if (ecdsa_method->flags & ECDSA_METHOD_FLAG_ALLOCATED)
-        OPENSSL_free(ecdsa_method);
-}
-
-void ECDSA_METHOD_set_app_data(ECDSA_METHOD *ecdsa_method, void *app)
-{
-    ecdsa_method->app_data = app;
-}
-
-void *ECDSA_METHOD_get_app_data(ECDSA_METHOD *ecdsa_method)
-{
-    return ecdsa_method->app_data;
-}
diff --git a/freebsd/crypto/openssl/crypto/ecdsa/ecs_locl.h b/freebsd/crypto/openssl/crypto/ecdsa/ecs_locl.h
deleted file mode 100644
index d3a5efc5..00000000
--- a/freebsd/crypto/openssl/crypto/ecdsa/ecs_locl.h
+++ /dev/null
@@ -1,120 +0,0 @@
-/* crypto/ecdsa/ecs_locl.h */
-/*
- * Written by Nils Larsch for the OpenSSL project
- */
-/* ====================================================================
- * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_ECS_LOCL_H
-# define HEADER_ECS_LOCL_H
-
-# include <openssl/ecdsa.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-struct ecdsa_method {
-    const char *name;
-    ECDSA_SIG *(*ecdsa_do_sign) (const unsigned char *dgst, int dgst_len,
-                                 const BIGNUM *inv, const BIGNUM *rp,
-                                 EC_KEY *eckey);
-    int (*ecdsa_sign_setup) (EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv,
-                             BIGNUM **r);
-    int (*ecdsa_do_verify) (const unsigned char *dgst, int dgst_len,
-                            const ECDSA_SIG *sig, EC_KEY *eckey);
-# if 0
-    int (*init) (EC_KEY *eckey);
-    int (*finish) (EC_KEY *eckey);
-# endif
-    int flags;
-    void *app_data;
-};
-
-/* The ECDSA_METHOD was allocated and can be freed */
-
-# define ECDSA_METHOD_FLAG_ALLOCATED 0x2
-
-/*
- * If this flag is set the ECDSA method is FIPS compliant and can be used in
- * FIPS mode. This is set in the validated module method. If an application
- * sets this flag in its own methods it is its responsibility to ensure the
- * result is compliant.
- */
-
-# define ECDSA_FLAG_FIPS_METHOD  0x1
-
-typedef struct ecdsa_data_st {
-    /* EC_KEY_METH_DATA part */
-    int (*init) (EC_KEY *);
-    /* method (ECDSA) specific part */
-    ENGINE *engine;
-    int flags;
-    const ECDSA_METHOD *meth;
-    CRYPTO_EX_DATA ex_data;
-} ECDSA_DATA;
-
-/** ecdsa_check
- * checks whether ECKEY->meth_data is a pointer to a ECDSA_DATA structure
- * and if not it removes the old meth_data and creates a ECDSA_DATA structure.
- * \param  eckey pointer to a EC_KEY object
- * \return pointer to a ECDSA_DATA structure
- */
-ECDSA_DATA *ecdsa_check(EC_KEY *eckey);
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif                          /* HEADER_ECS_LOCL_H */
diff --git a/freebsd/crypto/openssl/crypto/ecdsa/ecs_ossl.c b/freebsd/crypto/openssl/crypto/ecdsa/ecs_ossl.c
deleted file mode 100644
index 587ba6bd..00000000
--- a/freebsd/crypto/openssl/crypto/ecdsa/ecs_ossl.c
+++ /dev/null
@@ -1,494 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/ecdsa/ecs_ossl.c */
-/*
- * Written by Nils Larsch for the OpenSSL project
- */
-/* ====================================================================
- * Copyright (c) 1998-2018 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "ecs_locl.h"
-#include <openssl/err.h>
-#include <openssl/obj_mac.h>
-#include <openssl/bn.h>
-#include "bn_int.h"
-
-static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen,
-                                const BIGNUM *, const BIGNUM *,
-                                EC_KEY *eckey);
-static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
-                            BIGNUM **rp);
-static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len,
-                           const ECDSA_SIG *sig, EC_KEY *eckey);
-
-static ECDSA_METHOD openssl_ecdsa_meth = {
-    "OpenSSL ECDSA method",
-    ecdsa_do_sign,
-    ecdsa_sign_setup,
-    ecdsa_do_verify,
-#if 0
-    NULL,                       /* init */
-    NULL,                       /* finish */
-#endif
-    0,                          /* flags */
-    NULL                        /* app_data */
-};
-
-const ECDSA_METHOD *ECDSA_OpenSSL(void)
-{
-    return &openssl_ecdsa_meth;
-}
-
-static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
-                            BIGNUM **rp)
-{
-    BN_CTX *ctx = NULL;
-    BIGNUM *k = NULL, *r = NULL, *order = NULL, *X = NULL;
-    EC_POINT *tmp_point = NULL;
-    const EC_GROUP *group;
-    int ret = 0;
-    int order_bits;
-
-    if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) {
-        ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER);
-        return 0;
-    }
-
-    if (ctx_in == NULL) {
-        if ((ctx = BN_CTX_new()) == NULL) {
-            ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE);
-            return 0;
-        }
-    } else
-        ctx = ctx_in;
-
-    k = BN_new();               /* this value is later returned in *kinvp */
-    r = BN_new();               /* this value is later returned in *rp */
-    order = BN_new();
-    X = BN_new();
-    if (!k || !r || !order || !X) {
-        ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-    if ((tmp_point = EC_POINT_new(group)) == NULL) {
-        ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
-        goto err;
-    }
-    if (!EC_GROUP_get_order(group, order, ctx)) {
-        ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
-        goto err;
-    }
-
-    /* Preallocate space */
-    order_bits = BN_num_bits(order);
-    if (!BN_set_bit(k, order_bits)
-        || !BN_set_bit(r, order_bits)
-        || !BN_set_bit(X, order_bits))
-        goto err;
-
-    do {
-        /* get random k */
-        do
-            if (!BN_rand_range(k, order)) {
-                ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,
-                         ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED);
-                goto err;
-            }
-        while (BN_is_zero(k)) ;
-
-        /*
-         * We do not want timing information to leak the length of k, so we
-         * compute G*k using an equivalent scalar of fixed bit-length.
-         *
-         * We unconditionally perform both of these additions to prevent a
-         * small timing information leakage.  We then choose the sum that is
-         * one bit longer than the order.  This guarantees the code
-         * path used in the constant time implementations elsewhere.
-         *
-         * TODO: revisit the BN_copy aiming for a memory access agnostic
-         * conditional copy.
-         */
-        if (!BN_add(r, k, order)
-            || !BN_add(X, r, order)
-            || !BN_copy(k, BN_num_bits(r) > order_bits ? r : X))
-            goto err;
-
-        /* compute r the x-coordinate of generator * k */
-        if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) {
-            ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
-            goto err;
-        }
-        if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
-            NID_X9_62_prime_field) {
-            if (!EC_POINT_get_affine_coordinates_GFp
-                (group, tmp_point, X, NULL, ctx)) {
-                ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
-                goto err;
-            }
-        }
-#ifndef OPENSSL_NO_EC2M
-        else {                  /* NID_X9_62_characteristic_two_field */
-
-            if (!EC_POINT_get_affine_coordinates_GF2m(group,
-                                                      tmp_point, X, NULL,
-                                                      ctx)) {
-                ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
-                goto err;
-            }
-        }
-#endif
-        if (!BN_nnmod(r, X, order, ctx)) {
-            ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
-            goto err;
-        }
-    }
-    while (BN_is_zero(r));
-
-    /* compute the inverse of k */
-    if (EC_GROUP_get_mont_data(group) != NULL) {
-        /*
-         * We want inverse in constant time, therefore we utilize the fact
-         * order must be prime and use Fermats Little Theorem instead.
-         */
-        if (!BN_set_word(X, 2)) {
-            ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
-            goto err;
-        }
-        if (!BN_mod_sub(X, order, X, order, ctx)) {
-            ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
-            goto err;
-        }
-        BN_set_flags(X, BN_FLG_CONSTTIME);
-        if (!BN_mod_exp_mont_consttime
-            (k, k, X, order, ctx, EC_GROUP_get_mont_data(group))) {
-            ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
-            goto err;
-        }
-    } else {
-        if (!BN_mod_inverse(k, k, order, ctx)) {
-            ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
-            goto err;
-        }
-    }
-
-    /* clear old values if necessary */
-    if (*rp != NULL)
-        BN_clear_free(*rp);
-    if (*kinvp != NULL)
-        BN_clear_free(*kinvp);
-    /* save the pre-computed values  */
-    *rp = r;
-    *kinvp = k;
-    ret = 1;
- err:
-    if (!ret) {
-        if (k != NULL)
-            BN_clear_free(k);
-        if (r != NULL)
-            BN_clear_free(r);
-    }
-    if (ctx_in == NULL)
-        BN_CTX_free(ctx);
-    if (order != NULL)
-        BN_free(order);
-    if (tmp_point != NULL)
-        EC_POINT_free(tmp_point);
-    if (X)
-        BN_clear_free(X);
-    return (ret);
-}
-
-static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
-                                const BIGNUM *in_kinv, const BIGNUM *in_r,
-                                EC_KEY *eckey)
-{
-    int ok = 0, i;
-    BIGNUM *kinv = NULL, *s, *m = NULL, *order = NULL;
-    const BIGNUM *ckinv;
-    BN_CTX *ctx = NULL;
-    const EC_GROUP *group;
-    ECDSA_SIG *ret;
-    ECDSA_DATA *ecdsa;
-    const BIGNUM *priv_key;
-    BN_MONT_CTX *mont_data;
-
-    ecdsa = ecdsa_check(eckey);
-    group = EC_KEY_get0_group(eckey);
-    priv_key = EC_KEY_get0_private_key(eckey);
-
-    if (group == NULL || priv_key == NULL || ecdsa == NULL) {
-        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
-        return NULL;
-    }
-
-    ret = ECDSA_SIG_new();
-    if (!ret) {
-        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-        return NULL;
-    }
-    s = ret->s;
-
-    if ((ctx = BN_CTX_new()) == NULL || (order = BN_new()) == NULL ||
-        (m = BN_new()) == NULL) {
-        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    if (!EC_GROUP_get_order(group, order, ctx)) {
-        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-        goto err;
-    }
-    mont_data = EC_GROUP_get_mont_data(group);
-
-    i = BN_num_bits(order);
-    /*
-     * Need to truncate digest if it is too long: first truncate whole bytes.
-     */
-    if (8 * dgst_len > i)
-        dgst_len = (i + 7) / 8;
-    if (!BN_bin2bn(dgst, dgst_len, m)) {
-        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-        goto err;
-    }
-    /* If still too long truncate remaining bits with a shift */
-    if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
-        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-        goto err;
-    }
-    do {
-        if (in_kinv == NULL || in_r == NULL) {
-            if (!ECDSA_sign_setup(eckey, ctx, &kinv, &ret->r)) {
-                ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_ECDSA_LIB);
-                goto err;
-            }
-            ckinv = kinv;
-        } else {
-            ckinv = in_kinv;
-            if (BN_copy(ret->r, in_r) == NULL) {
-                ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-                goto err;
-            }
-        }
-
-        /*
-         * With only one multiplicant being in Montgomery domain
-         * multiplication yields real result without post-conversion.
-         * Also note that all operations but last are performed with
-         * zero-padded vectors. Last operation, BN_mod_mul_montgomery
-         * below, returns user-visible value with removed zero padding.
-         */
-        if (!bn_to_mont_fixed_top(s, ret->r, mont_data, ctx)
-            || !bn_mul_mont_fixed_top(s, s, priv_key, mont_data, ctx)) {
-            goto err;
-        }
-        if (!bn_mod_add_fixed_top(s, s, m, order)) {
-            ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-            goto err;
-        }
-        /*
-         * |s| can still be larger than modulus, because |m| can be. In
-         * such case we count on Montgomery reduction to tie it up.
-         */
-        if (!bn_to_mont_fixed_top(s, s, mont_data, ctx)
-            || !BN_mod_mul_montgomery(s, s, ckinv, mont_data, ctx)) {
-            ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-            goto err;
-        }
-        if (BN_is_zero(s)) {
-            /*
-             * if kinv and r have been supplied by the caller don't to
-             * generate new kinv and r values
-             */
-            if (in_kinv != NULL && in_r != NULL) {
-                ECDSAerr(ECDSA_F_ECDSA_DO_SIGN,
-                         ECDSA_R_NEED_NEW_SETUP_VALUES);
-                goto err;
-            }
-        } else
-            /* s != 0 => we have a valid signature */
-            break;
-    }
-    while (1);
-
-    ok = 1;
- err:
-    if (!ok) {
-        ECDSA_SIG_free(ret);
-        ret = NULL;
-    }
-    if (ctx)
-        BN_CTX_free(ctx);
-    if (m)
-        BN_clear_free(m);
-    if (order)
-        BN_free(order);
-    if (kinv)
-        BN_clear_free(kinv);
-    return ret;
-}
-
-static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len,
-                           const ECDSA_SIG *sig, EC_KEY *eckey)
-{
-    int ret = -1, i;
-    BN_CTX *ctx;
-    BIGNUM *order, *u1, *u2, *m, *X;
-    EC_POINT *point = NULL;
-    const EC_GROUP *group;
-    const EC_POINT *pub_key;
-
-    /* check input values */
-    if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL ||
-        (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) {
-        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS);
-        return -1;
-    }
-
-    ctx = BN_CTX_new();
-    if (!ctx) {
-        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-        return -1;
-    }
-    BN_CTX_start(ctx);
-    order = BN_CTX_get(ctx);
-    u1 = BN_CTX_get(ctx);
-    u2 = BN_CTX_get(ctx);
-    m = BN_CTX_get(ctx);
-    X = BN_CTX_get(ctx);
-    if (!X) {
-        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
-        goto err;
-    }
-
-    if (!EC_GROUP_get_order(group, order, ctx)) {
-        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-        goto err;
-    }
-
-    if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
-        BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) ||
-        BN_is_negative(sig->s) || BN_ucmp(sig->s, order) >= 0) {
-        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_BAD_SIGNATURE);
-        ret = 0;                /* signature is invalid */
-        goto err;
-    }
-    /* calculate tmp1 = inv(S) mod order */
-    if (!BN_mod_inverse(u2, sig->s, order, ctx)) {
-        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
-        goto err;
-    }
-    /* digest -> m */
-    i = BN_num_bits(order);
-    /*
-     * Need to truncate digest if it is too long: first truncate whole bytes.
-     */
-    if (8 * dgst_len > i)
-        dgst_len = (i + 7) / 8;
-    if (!BN_bin2bn(dgst, dgst_len, m)) {
-        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
-        goto err;
-    }
-    /* If still too long truncate remaining bits with a shift */
-    if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
-        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
-        goto err;
-    }
-    /* u1 = m * tmp mod order */
-    if (!BN_mod_mul(u1, m, u2, order, ctx)) {
-        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
-        goto err;
-    }
-    /* u2 = r * w mod q */
-    if (!BN_mod_mul(u2, sig->r, u2, order, ctx)) {
-        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
-        goto err;
-    }
-
-    if ((point = EC_POINT_new(group)) == NULL) {
-        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-    if (!EC_POINT_mul(group, point, u1, pub_key, u2, ctx)) {
-        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-        goto err;
-    }
-    if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
-        NID_X9_62_prime_field) {
-        if (!EC_POINT_get_affine_coordinates_GFp(group, point, X, NULL, ctx)) {
-            ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-            goto err;
-        }
-    }
-#ifndef OPENSSL_NO_EC2M
-    else {                      /* NID_X9_62_characteristic_two_field */
-
-        if (!EC_POINT_get_affine_coordinates_GF2m(group, point, X, NULL, ctx)) {
-            ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-            goto err;
-        }
-    }
-#endif
-    if (!BN_nnmod(u1, X, order, ctx)) {
-        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
-        goto err;
-    }
-    /*  if the signature is correct u1 is equal to sig->r */
-    ret = (BN_ucmp(u1, sig->r) == 0);
- err:
-    BN_CTX_end(ctx);
-    BN_CTX_free(ctx);
-    if (point)
-        EC_POINT_free(point);
-    return ret;
-}
diff --git a/freebsd/crypto/openssl/crypto/ecdsa/ecs_sign.c b/freebsd/crypto/openssl/crypto/ecdsa/ecs_sign.c
deleted file mode 100644
index 4356c5cf..00000000
--- a/freebsd/crypto/openssl/crypto/ecdsa/ecs_sign.c
+++ /dev/null
@@ -1,108 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/ecdsa/ecdsa_sign.c */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "ecs_locl.h"
-#ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
-#endif
-#include <openssl/rand.h>
-
-ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey)
-{
-    return ECDSA_do_sign_ex(dgst, dlen, NULL, NULL, eckey);
-}
-
-ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dlen,
-                            const BIGNUM *kinv, const BIGNUM *rp,
-                            EC_KEY *eckey)
-{
-    ECDSA_DATA *ecdsa = ecdsa_check(eckey);
-    if (ecdsa == NULL)
-        return NULL;
-    return ecdsa->meth->ecdsa_do_sign(dgst, dlen, kinv, rp, eckey);
-}
-
-int ECDSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char
-               *sig, unsigned int *siglen, EC_KEY *eckey)
-{
-    return ECDSA_sign_ex(type, dgst, dlen, sig, siglen, NULL, NULL, eckey);
-}
-
-int ECDSA_sign_ex(int type, const unsigned char *dgst, int dlen, unsigned char
-                  *sig, unsigned int *siglen, const BIGNUM *kinv,
-                  const BIGNUM *r, EC_KEY *eckey)
-{
-    ECDSA_SIG *s;
-    RAND_seed(dgst, dlen);
-    s = ECDSA_do_sign_ex(dgst, dlen, kinv, r, eckey);
-    if (s == NULL) {
-        *siglen = 0;
-        return 0;
-    }
-    *siglen = i2d_ECDSA_SIG(s, &sig);
-    ECDSA_SIG_free(s);
-    return 1;
-}
-
-int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
-                     BIGNUM **rp)
-{
-    ECDSA_DATA *ecdsa = ecdsa_check(eckey);
-    if (ecdsa == NULL)
-        return 0;
-    return ecdsa->meth->ecdsa_sign_setup(eckey, ctx_in, kinvp, rp);
-}
diff --git a/freebsd/crypto/openssl/crypto/ecdsa/ecs_vrf.c b/freebsd/crypto/openssl/crypto/ecdsa/ecs_vrf.c
deleted file mode 100644
index bc3d4edd..00000000
--- a/freebsd/crypto/openssl/crypto/ecdsa/ecs_vrf.c
+++ /dev/null
@@ -1,114 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/ecdsa/ecdsa_vrf.c */
-/*
- * Written by Nils Larsch for the OpenSSL project
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "ecs_locl.h"
-#include <string.h>
-#ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
-#endif
-
-/*-
- * returns
- *      1: correct signature
- *      0: incorrect signature
- *     -1: error
- */
-int ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
-                    const ECDSA_SIG *sig, EC_KEY *eckey)
-{
-    ECDSA_DATA *ecdsa = ecdsa_check(eckey);
-    if (ecdsa == NULL)
-        return 0;
-    return ecdsa->meth->ecdsa_do_verify(dgst, dgst_len, sig, eckey);
-}
-
-/*-
- * returns
- *      1: correct signature
- *      0: incorrect signature
- *     -1: error
- */
-int ECDSA_verify(int type, const unsigned char *dgst, int dgst_len,
-                 const unsigned char *sigbuf, int sig_len, EC_KEY *eckey)
-{
-    ECDSA_SIG *s;
-    const unsigned char *p = sigbuf;
-    unsigned char *der = NULL;
-    int derlen = -1;
-    int ret = -1;
-
-    s = ECDSA_SIG_new();
-    if (s == NULL)
-        return (ret);
-    if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL)
-        goto err;
-    /* Ensure signature uses DER and doesn't have trailing garbage */
-    derlen = i2d_ECDSA_SIG(s, &der);
-    if (derlen != sig_len || memcmp(sigbuf, der, derlen))
-        goto err;
-    ret = ECDSA_do_verify(dgst, dgst_len, s, eckey);
- err:
-    if (derlen > 0) {
-        OPENSSL_cleanse(der, derlen);
-        OPENSSL_free(der);
-    }
-    ECDSA_SIG_free(s);
-    return (ret);
-}
diff --git a/freebsd/crypto/openssl/crypto/engine/eng_all.c b/freebsd/crypto/openssl/crypto/engine/eng_all.c
index 4c22debe..e1e2b4aa 100644
--- a/freebsd/crypto/openssl/crypto/engine/eng_all.c
+++ b/freebsd/crypto/openssl/crypto/engine/eng_all.c
@@ -1,138 +1,27 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/engine/eng_all.c */
 /*
- * Written by Richard Levitte <richard@levitte.org> for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include "eng_int.h"
 
 void ENGINE_load_builtin_engines(void)
 {
     /* Some ENGINEs need this */
     OPENSSL_cpuid_setup();
-#if 0
-    /*
-     * There's no longer any need for an "openssl" ENGINE unless, one day, it
-     * is the *only* way for standard builtin implementations to be be
-     * accessed (ie. it would be possible to statically link binaries with
-     * *no* builtin implementations).
-     */
-    ENGINE_load_openssl();
-#endif
-#if !defined(OPENSSL_NO_HW) && (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV))
-    ENGINE_load_cryptodev();
-#endif
-#ifndef OPENSSL_NO_RDRAND
-    ENGINE_load_rdrand();
-#endif
-    ENGINE_load_dynamic();
-#ifndef OPENSSL_NO_STATIC_ENGINE
-# ifndef OPENSSL_NO_HW
-#  ifndef OPENSSL_NO_HW_4758_CCA
-    ENGINE_load_4758cca();
-#  endif
-#  ifndef OPENSSL_NO_HW_AEP
-    ENGINE_load_aep();
-#  endif
-#  ifndef OPENSSL_NO_HW_ATALLA
-    ENGINE_load_atalla();
-#  endif
-#  ifndef OPENSSL_NO_HW_CSWIFT
-    ENGINE_load_cswift();
-#  endif
-#  ifndef OPENSSL_NO_HW_NCIPHER
-    ENGINE_load_chil();
-#  endif
-#  ifndef OPENSSL_NO_HW_NURON
-    ENGINE_load_nuron();
-#  endif
-#  ifndef OPENSSL_NO_HW_SUREWARE
-    ENGINE_load_sureware();
-#  endif
-#  ifndef OPENSSL_NO_HW_UBSEC
-    ENGINE_load_ubsec();
-#  endif
-#  ifndef OPENSSL_NO_HW_PADLOCK
-    ENGINE_load_padlock();
-#  endif
-# endif
-# ifndef OPENSSL_NO_GOST
-    ENGINE_load_gost();
-# endif
-# ifndef OPENSSL_NO_GMP
-    ENGINE_load_gmp();
-# endif
-# if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
-    ENGINE_load_capi();
-# endif
-#endif
-    ENGINE_register_all_complete();
+
+    OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL);
 }
 
-#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
+#if (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__DragonFly__)) && OPENSSL_API_COMPAT < 0x10100000L
 void ENGINE_setup_bsd_cryptodev(void)
 {
-    static int bsd_cryptodev_default_loaded = 0;
-    if (!bsd_cryptodev_default_loaded) {
-        ENGINE_load_cryptodev();
-        ENGINE_register_all_complete();
-    }
-    bsd_cryptodev_default_loaded = 1;
 }
 #endif
diff --git a/freebsd/crypto/openssl/crypto/engine/eng_cnf.c b/freebsd/crypto/openssl/crypto/engine/eng_cnf.c
index 095793c2..eb10595f 100644
--- a/freebsd/crypto/openssl/crypto/engine/eng_cnf.c
+++ b/freebsd/crypto/openssl/crypto/engine/eng_cnf.c
@@ -1,62 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* eng_cnf.c */
 /*
- * Written by Stephen Henson (steve@openssl.org) for the OpenSSL project
- * 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include "eng_int.h"
@@ -66,11 +16,11 @@
 
 /* ENGINE config module */
 
-static char *skip_dot(char *name)
+static const char *skip_dot(const char *name)
 {
-    char *p;
-    p = strchr(name, '.');
-    if (p)
+    const char *p = strchr(name, '.');
+
+    if (p != NULL)
         return p + 1;
     return name;
 }
@@ -90,14 +40,14 @@ static int int_engine_init(ENGINE *e)
     return 1;
 }
 
-static int int_engine_configure(char *name, char *value, const CONF *cnf)
+static int int_engine_configure(const char *name, const char *value, const CONF *cnf)
 {
     int i;
     int ret = 0;
     long do_init = -1;
     STACK_OF(CONF_VALUE) *ecmds;
     CONF_VALUE *ecmd = NULL;
-    char *ctrlname, *ctrlvalue;
+    const char *ctrlname, *ctrlvalue;
     ENGINE *e = NULL;
     int soft = 0;
 
@@ -126,12 +76,12 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf)
         /* First handle some special pseudo ctrls */
 
         /* Override engine name to use */
-        if (!strcmp(ctrlname, "engine_id"))
+        if (strcmp(ctrlname, "engine_id") == 0)
             name = ctrlvalue;
-        else if (!strcmp(ctrlname, "soft_load"))
+        else if (strcmp(ctrlname, "soft_load") == 0)
             soft = 1;
         /* Load a dynamic ENGINE */
-        else if (!strcmp(ctrlname, "dynamic_path")) {
+        else if (strcmp(ctrlname, "dynamic_path") == 0) {
             e = ENGINE_by_id("dynamic");
             if (!e)
                 goto err;
@@ -161,9 +111,9 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf)
              * Allow "EMPTY" to mean no value: this allows a valid "value" to
              * be passed to ctrls of type NO_INPUT
              */
-            if (!strcmp(ctrlvalue, "EMPTY"))
+            if (strcmp(ctrlvalue, "EMPTY") == 0)
                 ctrlvalue = NULL;
-            if (!strcmp(ctrlname, "init")) {
+            if (strcmp(ctrlname, "init") == 0) {
                 if (!NCONF_get_number_e(cnf, value, "init", &do_init))
                     goto err;
                 if (do_init == 1) {
@@ -174,7 +124,7 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf)
                               ENGINE_R_INVALID_INIT_VALUE);
                     goto err;
                 }
-            } else if (!strcmp(ctrlname, "default_algorithms")) {
+            } else if (strcmp(ctrlname, "default_algorithms") == 0) {
                 if (!ENGINE_set_default_string(e, ctrlvalue))
                     goto err;
             } else if (!ENGINE_ctrl_cmd_string(e, ctrlname, ctrlvalue, 0))
@@ -196,8 +146,7 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf)
                                ", name=", ecmd->name,
                                ", value=", ecmd->value);
     }
-    if (e)
-        ENGINE_free(e);
+    ENGINE_free(e);
     return ret;
 }
 
@@ -231,6 +180,7 @@ static int int_engine_module_init(CONF_IMODULE *md, const CONF *cnf)
 static void int_engine_module_finish(CONF_IMODULE *md)
 {
     ENGINE *e;
+
     while ((e = sk_ENGINE_pop(initialized_engines)))
         ENGINE_finish(e);
     sk_ENGINE_free(initialized_engines);
diff --git a/freebsd/crypto/openssl/crypto/engine/eng_cryptodev.c b/freebsd/crypto/openssl/crypto/engine/eng_cryptodev.c
deleted file mode 100644
index 1d17290a..00000000
--- a/freebsd/crypto/openssl/crypto/engine/eng_cryptodev.c
+++ /dev/null
@@ -1,1551 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/*
- * Copyright (c) 2002 Bob Beck <beck@openbsd.org>
- * Copyright (c) 2002 Theo de Raadt
- * Copyright (c) 2002 Markus Friedl
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
- * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#include <string.h>
-#include <openssl/objects.h>
-#include <openssl/engine.h>
-#include <openssl/evp.h>
-#include <openssl/bn.h>
-
-#if (defined(__unix__) || defined(unix)) && !defined(USG) && \
-        (defined(OpenBSD) || defined(__FreeBSD__))
-# include <sys/param.h>
-# if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041)
-#  define HAVE_CRYPTODEV
-# endif
-# if (OpenBSD >= 200110)
-#  define HAVE_SYSLOG_R
-# endif
-#endif
-
-#ifndef HAVE_CRYPTODEV
-
-void ENGINE_load_cryptodev(void)
-{
-    /* This is a NOP on platforms without /dev/crypto */
-    return;
-}
-
-#else
-
-# include <sys/types.h>
-# include <crypto/cryptodev.h>
-# include <openssl/dh.h>
-# include <openssl/dsa.h>
-# include <openssl/err.h>
-# include <openssl/rsa.h>
-# include <sys/ioctl.h>
-# include <errno.h>
-# include <stdio.h>
-# include <unistd.h>
-# include <fcntl.h>
-# include <stdarg.h>
-# include <syslog.h>
-# include <errno.h>
-# include <string.h>
-
-struct dev_crypto_state {
-    struct session_op d_sess;
-    int d_fd;
-# ifdef USE_CRYPTODEV_DIGESTS
-    char dummy_mac_key[HASH_MAX_LEN];
-    unsigned char digest_res[HASH_MAX_LEN];
-    char *mac_data;
-    int mac_len;
-# endif
-};
-
-static u_int32_t cryptodev_asymfeat = 0;
-
-static int get_asym_dev_crypto(void);
-static int open_dev_crypto(void);
-static int get_dev_crypto(void);
-static int get_cryptodev_ciphers(const int **cnids);
-# ifdef USE_CRYPTODEV_DIGESTS
-static int get_cryptodev_digests(const int **cnids);
-# endif
-static int cryptodev_usable_ciphers(const int **nids);
-static int cryptodev_usable_digests(const int **nids);
-static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                            const unsigned char *in, size_t inl);
-static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                              const unsigned char *iv, int enc);
-static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx);
-static int cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
-                                    const int **nids, int nid);
-static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
-                                    const int **nids, int nid);
-static int bn2crparam(const BIGNUM *a, struct crparam *crp);
-static int crparam2bn(struct crparam *crp, BIGNUM *a);
-static void zapparams(struct crypt_kop *kop);
-static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r,
-                          int slen, BIGNUM *s);
-
-static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a,
-                                const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
-                                BN_MONT_CTX *m_ctx);
-static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
-                                       BN_CTX *ctx);
-static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
-                                 BN_CTX *ctx);
-static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a,
-                                    const BIGNUM *p, const BIGNUM *m,
-                                    BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
-                                     BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2,
-                                     BIGNUM *p, BN_CTX *ctx,
-                                     BN_MONT_CTX *mont);
-static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
-                                      DSA *dsa);
-static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len,
-                                DSA_SIG *sig, DSA *dsa);
-static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
-                                const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
-                                BN_MONT_CTX *m_ctx);
-static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
-                                    DH *dh);
-static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
-                          void (*f) (void));
-void ENGINE_load_cryptodev(void);
-
-static const ENGINE_CMD_DEFN cryptodev_defns[] = {
-    {0, NULL, NULL, 0}
-};
-
-static struct {
-    int id;
-    int nid;
-    int ivmax;
-    int keylen;
-} ciphers[] = {
-    {
-        CRYPTO_ARC4, NID_rc4, 0, 16,
-    },
-    {
-        CRYPTO_DES_CBC, NID_des_cbc, 8, 8,
-    },
-    {
-        CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24,
-    },
-    {
-        CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16,
-    },
-    {
-        CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24,
-    },
-    {
-        CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32,
-    },
-# ifdef CRYPTO_AES_CTR
-    {
-        CRYPTO_AES_CTR, NID_aes_128_ctr, 14, 16,
-    },
-    {
-        CRYPTO_AES_CTR, NID_aes_192_ctr, 14, 24,
-    },
-    {
-        CRYPTO_AES_CTR, NID_aes_256_ctr, 14, 32,
-    },
-# endif
-    {
-        CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16,
-    },
-    {
-        CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16,
-    },
-    {
-        CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0,
-    },
-    {
-        0, NID_undef, 0, 0,
-    },
-};
-
-# ifdef USE_CRYPTODEV_DIGESTS
-static struct {
-    int id;
-    int nid;
-    int keylen;
-} digests[] = {
-    {
-        CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16
-    },
-    {
-        CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20
-    },
-    {
-        CRYPTO_RIPEMD160_HMAC, NID_ripemd160, 16
-        /* ? */
-    },
-    {
-        CRYPTO_MD5_KPDK, NID_undef, 0
-    },
-    {
-        CRYPTO_SHA1_KPDK, NID_undef, 0
-    },
-    {
-        CRYPTO_MD5, NID_md5, 16
-    },
-    {
-        CRYPTO_SHA1, NID_sha1, 20
-    },
-    {
-        0, NID_undef, 0
-    },
-};
-# endif
-
-/*
- * Return a fd if /dev/crypto seems usable, 0 otherwise.
- */
-static int open_dev_crypto(void)
-{
-    static int fd = -1;
-
-    if (fd == -1) {
-        if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1)
-            return (-1);
-        /* close on exec */
-        if (fcntl(fd, F_SETFD, 1) == -1) {
-            close(fd);
-            fd = -1;
-            return (-1);
-        }
-    }
-    return (fd);
-}
-
-static int get_dev_crypto(void)
-{
-    int fd, retfd;
-
-    if ((fd = open_dev_crypto()) == -1)
-        return (-1);
-# ifndef CRIOGET_NOT_NEEDED
-    if (ioctl(fd, CRIOGET, &retfd) == -1)
-        return (-1);
-
-    /* close on exec */
-    if (fcntl(retfd, F_SETFD, 1) == -1) {
-        close(retfd);
-        return (-1);
-    }
-# else
-    retfd = fd;
-# endif
-    return (retfd);
-}
-
-static void put_dev_crypto(int fd)
-{
-# ifndef CRIOGET_NOT_NEEDED
-    close(fd);
-# endif
-}
-
-/* Caching version for asym operations */
-static int get_asym_dev_crypto(void)
-{
-    static int fd = -1;
-
-    if (fd == -1)
-        fd = get_dev_crypto();
-    return fd;
-}
-
-/*
- * Find out what ciphers /dev/crypto will let us have a session for.
- * XXX note, that some of these openssl doesn't deal with yet!
- * returning them here is harmless, as long as we return NULL
- * when asked for a handler in the cryptodev_engine_ciphers routine
- */
-static int get_cryptodev_ciphers(const int **cnids)
-{
-    static int nids[CRYPTO_ALGORITHM_MAX];
-    struct session_op sess;
-    int fd, i, count = 0;
-
-    if ((fd = get_dev_crypto()) < 0) {
-        *cnids = NULL;
-        return (0);
-    }
-    memset(&sess, 0, sizeof(sess));
-    sess.key = (caddr_t) "123456789abcdefghijklmno";
-
-    for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
-        if (ciphers[i].nid == NID_undef)
-            continue;
-        sess.cipher = ciphers[i].id;
-        sess.keylen = ciphers[i].keylen;
-        sess.mac = 0;
-        if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
-            ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
-            nids[count++] = ciphers[i].nid;
-    }
-    put_dev_crypto(fd);
-
-    if (count > 0)
-        *cnids = nids;
-    else
-        *cnids = NULL;
-    return (count);
-}
-
-# ifdef USE_CRYPTODEV_DIGESTS
-/*
- * Find out what digests /dev/crypto will let us have a session for.
- * XXX note, that some of these openssl doesn't deal with yet!
- * returning them here is harmless, as long as we return NULL
- * when asked for a handler in the cryptodev_engine_digests routine
- */
-static int get_cryptodev_digests(const int **cnids)
-{
-    static int nids[CRYPTO_ALGORITHM_MAX];
-    struct session_op sess;
-    int fd, i, count = 0;
-
-    if ((fd = get_dev_crypto()) < 0) {
-        *cnids = NULL;
-        return (0);
-    }
-    memset(&sess, 0, sizeof(sess));
-    sess.mackey = (caddr_t) "123456789abcdefghijklmno";
-    for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
-        if (digests[i].nid == NID_undef)
-            continue;
-        sess.mac = digests[i].id;
-        sess.mackeylen = digests[i].keylen;
-        sess.cipher = 0;
-        if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
-            ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
-            nids[count++] = digests[i].nid;
-    }
-    put_dev_crypto(fd);
-
-    if (count > 0)
-        *cnids = nids;
-    else
-        *cnids = NULL;
-    return (count);
-}
-# endif                         /* 0 */
-
-/*
- * Find the useable ciphers|digests from dev/crypto - this is the first
- * thing called by the engine init crud which determines what it
- * can use for ciphers from this engine. We want to return
- * only what we can do, anythine else is handled by software.
- *
- * If we can't initialize the device to do anything useful for
- * any reason, we want to return a NULL array, and 0 length,
- * which forces everything to be done is software. By putting
- * the initalization of the device in here, we ensure we can
- * use this engine as the default, and if for whatever reason
- * /dev/crypto won't do what we want it will just be done in
- * software
- *
- * This can (should) be greatly expanded to perhaps take into
- * account speed of the device, and what we want to do.
- * (although the disabling of particular alg's could be controlled
- * by the device driver with sysctl's.) - this is where we
- * want most of the decisions made about what we actually want
- * to use from /dev/crypto.
- */
-static int cryptodev_usable_ciphers(const int **nids)
-{
-    return (get_cryptodev_ciphers(nids));
-}
-
-static int cryptodev_usable_digests(const int **nids)
-{
-# ifdef USE_CRYPTODEV_DIGESTS
-    return (get_cryptodev_digests(nids));
-# else
-    /*
-     * XXXX just disable all digests for now, because it sucks.
-     * we need a better way to decide this - i.e. I may not
-     * want digests on slow cards like hifn on fast machines,
-     * but might want them on slow or loaded machines, etc.
-     * will also want them when using crypto cards that don't
-     * suck moose gonads - would be nice to be able to decide something
-     * as reasonable default without having hackery that's card dependent.
-     * of course, the default should probably be just do everything,
-     * with perhaps a sysctl to turn algoritms off (or have them off
-     * by default) on cards that generally suck like the hifn.
-     */
-    *nids = NULL;
-    return (0);
-# endif
-}
-
-static int
-cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                 const unsigned char *in, size_t inl)
-{
-    struct crypt_op cryp;
-    struct dev_crypto_state *state = ctx->cipher_data;
-    struct session_op *sess = &state->d_sess;
-    const void *iiv;
-    unsigned char save_iv[EVP_MAX_IV_LENGTH];
-
-    if (state->d_fd < 0)
-        return (0);
-    if (!inl)
-        return (1);
-    if ((inl % ctx->cipher->block_size) != 0)
-        return (0);
-
-    memset(&cryp, 0, sizeof(cryp));
-
-    cryp.ses = sess->ses;
-    cryp.flags = 0;
-    cryp.len = inl;
-    cryp.src = (caddr_t) in;
-    cryp.dst = (caddr_t) out;
-    cryp.mac = 0;
-
-    cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
-
-    if (ctx->cipher->iv_len) {
-        cryp.iv = (caddr_t) ctx->iv;
-        if (!ctx->encrypt) {
-            iiv = in + inl - ctx->cipher->iv_len;
-            memcpy(save_iv, iiv, ctx->cipher->iv_len);
-        }
-    } else
-        cryp.iv = NULL;
-
-    if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) {
-        /*
-         * XXX need better errror handling this can fail for a number of
-         * different reasons.
-         */
-        return (0);
-    }
-
-    if (ctx->cipher->iv_len) {
-        if (ctx->encrypt)
-            iiv = out + inl - ctx->cipher->iv_len;
-        else
-            iiv = save_iv;
-        memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
-    }
-    return (1);
-}
-
-static int
-cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                   const unsigned char *iv, int enc)
-{
-    struct dev_crypto_state *state = ctx->cipher_data;
-    struct session_op *sess = &state->d_sess;
-    int cipher = -1, i;
-
-    for (i = 0; ciphers[i].id; i++)
-        if (ctx->cipher->nid == ciphers[i].nid &&
-            ctx->cipher->iv_len <= ciphers[i].ivmax &&
-            ctx->key_len == ciphers[i].keylen) {
-            cipher = ciphers[i].id;
-            break;
-        }
-
-    if (!ciphers[i].id) {
-        state->d_fd = -1;
-        return (0);
-    }
-
-    memset(sess, 0, sizeof(struct session_op));
-
-    if ((state->d_fd = get_dev_crypto()) < 0)
-        return (0);
-
-    sess->key = (caddr_t) key;
-    sess->keylen = ctx->key_len;
-    sess->cipher = cipher;
-
-    if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
-        put_dev_crypto(state->d_fd);
-        state->d_fd = -1;
-        return (0);
-    }
-    return (1);
-}
-
-/*
- * free anything we allocated earlier when initting a
- * session, and close the session.
- */
-static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
-{
-    int ret = 0;
-    struct dev_crypto_state *state = ctx->cipher_data;
-    struct session_op *sess = &state->d_sess;
-
-    if (state->d_fd < 0)
-        return (0);
-
-    /*
-     * XXX if this ioctl fails, someting's wrong. the invoker may have called
-     * us with a bogus ctx, or we could have a device that for whatever
-     * reason just doesn't want to play ball - it's not clear what's right
-     * here - should this be an error? should it just increase a counter,
-     * hmm. For right now, we return 0 - I don't believe that to be "right".
-     * we could call the gorpy openssl lib error handlers that print messages
-     * to users of the library. hmm..
-     */
-
-    if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) {
-        ret = 0;
-    } else {
-        ret = 1;
-    }
-    put_dev_crypto(state->d_fd);
-    state->d_fd = -1;
-
-    return (ret);
-}
-
-/*
- * libcrypto EVP stuff - this is how we get wired to EVP so the engine
- * gets called when libcrypto requests a cipher NID.
- */
-
-/* RC4 */
-const EVP_CIPHER cryptodev_rc4 = {
-    NID_rc4,
-    1, 16, 0,
-    EVP_CIPH_VARIABLE_LENGTH,
-    cryptodev_init_key,
-    cryptodev_cipher,
-    cryptodev_cleanup,
-    sizeof(struct dev_crypto_state),
-    NULL,
-    NULL,
-    NULL
-};
-
-/* DES CBC EVP */
-const EVP_CIPHER cryptodev_des_cbc = {
-    NID_des_cbc,
-    8, 8, 8,
-    EVP_CIPH_CBC_MODE,
-    cryptodev_init_key,
-    cryptodev_cipher,
-    cryptodev_cleanup,
-    sizeof(struct dev_crypto_state),
-    EVP_CIPHER_set_asn1_iv,
-    EVP_CIPHER_get_asn1_iv,
-    NULL
-};
-
-/* 3DES CBC EVP */
-const EVP_CIPHER cryptodev_3des_cbc = {
-    NID_des_ede3_cbc,
-    8, 24, 8,
-    EVP_CIPH_CBC_MODE,
-    cryptodev_init_key,
-    cryptodev_cipher,
-    cryptodev_cleanup,
-    sizeof(struct dev_crypto_state),
-    EVP_CIPHER_set_asn1_iv,
-    EVP_CIPHER_get_asn1_iv,
-    NULL
-};
-
-const EVP_CIPHER cryptodev_bf_cbc = {
-    NID_bf_cbc,
-    8, 16, 8,
-    EVP_CIPH_CBC_MODE,
-    cryptodev_init_key,
-    cryptodev_cipher,
-    cryptodev_cleanup,
-    sizeof(struct dev_crypto_state),
-    EVP_CIPHER_set_asn1_iv,
-    EVP_CIPHER_get_asn1_iv,
-    NULL
-};
-
-const EVP_CIPHER cryptodev_cast_cbc = {
-    NID_cast5_cbc,
-    8, 16, 8,
-    EVP_CIPH_CBC_MODE,
-    cryptodev_init_key,
-    cryptodev_cipher,
-    cryptodev_cleanup,
-    sizeof(struct dev_crypto_state),
-    EVP_CIPHER_set_asn1_iv,
-    EVP_CIPHER_get_asn1_iv,
-    NULL
-};
-
-const EVP_CIPHER cryptodev_aes_cbc = {
-    NID_aes_128_cbc,
-    16, 16, 16,
-    EVP_CIPH_CBC_MODE,
-    cryptodev_init_key,
-    cryptodev_cipher,
-    cryptodev_cleanup,
-    sizeof(struct dev_crypto_state),
-    EVP_CIPHER_set_asn1_iv,
-    EVP_CIPHER_get_asn1_iv,
-    NULL
-};
-
-const EVP_CIPHER cryptodev_aes_192_cbc = {
-    NID_aes_192_cbc,
-    16, 24, 16,
-    EVP_CIPH_CBC_MODE,
-    cryptodev_init_key,
-    cryptodev_cipher,
-    cryptodev_cleanup,
-    sizeof(struct dev_crypto_state),
-    EVP_CIPHER_set_asn1_iv,
-    EVP_CIPHER_get_asn1_iv,
-    NULL
-};
-
-const EVP_CIPHER cryptodev_aes_256_cbc = {
-    NID_aes_256_cbc,
-    16, 32, 16,
-    EVP_CIPH_CBC_MODE,
-    cryptodev_init_key,
-    cryptodev_cipher,
-    cryptodev_cleanup,
-    sizeof(struct dev_crypto_state),
-    EVP_CIPHER_set_asn1_iv,
-    EVP_CIPHER_get_asn1_iv,
-    NULL
-};
-
-# ifdef CRYPTO_AES_CTR
-const EVP_CIPHER cryptodev_aes_ctr = {
-    NID_aes_128_ctr,
-    16, 16, 14,
-    EVP_CIPH_CTR_MODE,
-    cryptodev_init_key,
-    cryptodev_cipher,
-    cryptodev_cleanup,
-    sizeof(struct dev_crypto_state),
-    EVP_CIPHER_set_asn1_iv,
-    EVP_CIPHER_get_asn1_iv,
-    NULL
-};
-
-const EVP_CIPHER cryptodev_aes_ctr_192 = {
-    NID_aes_192_ctr,
-    16, 24, 14,
-    EVP_CIPH_CTR_MODE,
-    cryptodev_init_key,
-    cryptodev_cipher,
-    cryptodev_cleanup,
-    sizeof(struct dev_crypto_state),
-    EVP_CIPHER_set_asn1_iv,
-    EVP_CIPHER_get_asn1_iv,
-    NULL
-};
-
-const EVP_CIPHER cryptodev_aes_ctr_256 = {
-    NID_aes_256_ctr,
-    16, 32, 14,
-    EVP_CIPH_CTR_MODE,
-    cryptodev_init_key,
-    cryptodev_cipher,
-    cryptodev_cleanup,
-    sizeof(struct dev_crypto_state),
-    EVP_CIPHER_set_asn1_iv,
-    EVP_CIPHER_get_asn1_iv,
-    NULL
-};
-# endif
-/*
- * Registered by the ENGINE when used to find out how to deal with
- * a particular NID in the ENGINE. this says what we'll do at the
- * top level - note, that list is restricted by what we answer with
- */
-static int
-cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
-                         const int **nids, int nid)
-{
-    if (!cipher)
-        return (cryptodev_usable_ciphers(nids));
-
-    switch (nid) {
-    case NID_rc4:
-        *cipher = &cryptodev_rc4;
-        break;
-    case NID_des_ede3_cbc:
-        *cipher = &cryptodev_3des_cbc;
-        break;
-    case NID_des_cbc:
-        *cipher = &cryptodev_des_cbc;
-        break;
-    case NID_bf_cbc:
-        *cipher = &cryptodev_bf_cbc;
-        break;
-    case NID_cast5_cbc:
-        *cipher = &cryptodev_cast_cbc;
-        break;
-    case NID_aes_128_cbc:
-        *cipher = &cryptodev_aes_cbc;
-        break;
-    case NID_aes_192_cbc:
-        *cipher = &cryptodev_aes_192_cbc;
-        break;
-    case NID_aes_256_cbc:
-        *cipher = &cryptodev_aes_256_cbc;
-        break;
-# ifdef CRYPTO_AES_CTR
-    case NID_aes_128_ctr:
-        *cipher = &cryptodev_aes_ctr;
-        break;
-    case NID_aes_192_ctr:
-        *cipher = &cryptodev_aes_ctr_192;
-        break;
-    case NID_aes_256_ctr:
-        *cipher = &cryptodev_aes_ctr_256;
-        break;
-# endif
-    default:
-        *cipher = NULL;
-        break;
-    }
-    return (*cipher != NULL);
-}
-
-# ifdef USE_CRYPTODEV_DIGESTS
-
-/* convert digest type to cryptodev */
-static int digest_nid_to_cryptodev(int nid)
-{
-    int i;
-
-    for (i = 0; digests[i].id; i++)
-        if (digests[i].nid == nid)
-            return (digests[i].id);
-    return (0);
-}
-
-static int digest_key_length(int nid)
-{
-    int i;
-
-    for (i = 0; digests[i].id; i++)
-        if (digests[i].nid == nid)
-            return digests[i].keylen;
-    return (0);
-}
-
-static int cryptodev_digest_init(EVP_MD_CTX *ctx)
-{
-    struct dev_crypto_state *state = ctx->md_data;
-    struct session_op *sess = &state->d_sess;
-    int digest;
-
-    if ((digest = digest_nid_to_cryptodev(ctx->digest->type)) == NID_undef) {
-        printf("cryptodev_digest_init: Can't get digest \n");
-        return (0);
-    }
-
-    memset(state, 0, sizeof(struct dev_crypto_state));
-
-    if ((state->d_fd = get_dev_crypto()) < 0) {
-        printf("cryptodev_digest_init: Can't get Dev \n");
-        return (0);
-    }
-
-    sess->mackey = state->dummy_mac_key;
-    sess->mackeylen = digest_key_length(ctx->digest->type);
-    sess->mac = digest;
-
-    if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
-        put_dev_crypto(state->d_fd);
-        state->d_fd = -1;
-        printf("cryptodev_digest_init: Open session failed\n");
-        return (0);
-    }
-
-    return (1);
-}
-
-static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
-                                   size_t count)
-{
-    struct crypt_op cryp;
-    struct dev_crypto_state *state = ctx->md_data;
-    struct session_op *sess = &state->d_sess;
-
-    if (!data || state->d_fd < 0) {
-        printf("cryptodev_digest_update: illegal inputs \n");
-        return (0);
-    }
-
-    if (!count) {
-        return (0);
-    }
-
-    if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
-        /* if application doesn't support one buffer */
-        char *mac_data =
-            OPENSSL_realloc(state->mac_data, state->mac_len + count);
-
-        if (mac_data == NULL) {
-            printf("cryptodev_digest_update: realloc failed\n");
-            return (0);
-        }
-
-        state->mac_data = mac_data;
-        memcpy(state->mac_data + state->mac_len, data, count);
-        state->mac_len += count;
-
-        return (1);
-    }
-
-    memset(&cryp, 0, sizeof(cryp));
-
-    cryp.ses = sess->ses;
-    cryp.flags = 0;
-    cryp.len = count;
-    cryp.src = (caddr_t) data;
-    cryp.dst = NULL;
-    cryp.mac = (caddr_t) state->digest_res;
-    if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
-        printf("cryptodev_digest_update: digest failed\n");
-        return (0);
-    }
-    return (1);
-}
-
-static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
-{
-    struct crypt_op cryp;
-    struct dev_crypto_state *state = ctx->md_data;
-    struct session_op *sess = &state->d_sess;
-
-    int ret = 1;
-
-    if (!md || state->d_fd < 0) {
-        printf("cryptodev_digest_final: illegal input\n");
-        return (0);
-    }
-
-    if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
-        /* if application doesn't support one buffer */
-        memset(&cryp, 0, sizeof(cryp));
-        cryp.ses = sess->ses;
-        cryp.flags = 0;
-        cryp.len = state->mac_len;
-        cryp.src = state->mac_data;
-        cryp.dst = NULL;
-        cryp.mac = (caddr_t) md;
-        if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
-            printf("cryptodev_digest_final: digest failed\n");
-            return (0);
-        }
-
-        return 1;
-    }
-
-    memcpy(md, state->digest_res, ctx->digest->md_size);
-
-    return (ret);
-}
-
-static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
-{
-    int ret = 1;
-    struct dev_crypto_state *state = ctx->md_data;
-    struct session_op *sess = &state->d_sess;
-
-    if (state == NULL)
-        return 0;
-
-    if (state->d_fd < 0) {
-        printf("cryptodev_digest_cleanup: illegal input\n");
-        return (0);
-    }
-
-    if (state->mac_data) {
-        OPENSSL_free(state->mac_data);
-        state->mac_data = NULL;
-        state->mac_len = 0;
-    }
-
-    if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
-        printf("cryptodev_digest_cleanup: failed to close session\n");
-        ret = 0;
-    } else {
-        ret = 1;
-    }
-    put_dev_crypto(state->d_fd);
-    state->d_fd = -1;
-
-    return (ret);
-}
-
-static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
-{
-    struct dev_crypto_state *fstate = from->md_data;
-    struct dev_crypto_state *dstate = to->md_data;
-    struct session_op *sess;
-    int digest;
-
-    if (dstate == NULL || fstate == NULL)
-        return 1;
-
-    memcpy(dstate, fstate, sizeof(struct dev_crypto_state));
-
-    sess = &dstate->d_sess;
-
-    digest = digest_nid_to_cryptodev(to->digest->type);
-
-    sess->mackey = dstate->dummy_mac_key;
-    sess->mackeylen = digest_key_length(to->digest->type);
-    sess->mac = digest;
-
-    dstate->d_fd = get_dev_crypto();
-
-    if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) {
-        put_dev_crypto(dstate->d_fd);
-        dstate->d_fd = -1;
-        printf("cryptodev_digest_init: Open session failed\n");
-        return (0);
-    }
-
-    dstate->mac_len = fstate->mac_len;
-    if (fstate->mac_len != 0) {
-        if (fstate->mac_data != NULL) {
-            dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
-            if (dstate->mac_data == NULL) {
-                printf("cryptodev_digest_init: malloc failed\n");
-                return 0;
-            }
-            memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
-        }
-    }
-
-    return 1;
-}
-
-const EVP_MD cryptodev_sha1 = {
-    NID_sha1,
-    NID_undef,
-    SHA_DIGEST_LENGTH,
-    EVP_MD_FLAG_ONESHOT,
-    cryptodev_digest_init,
-    cryptodev_digest_update,
-    cryptodev_digest_final,
-    cryptodev_digest_copy,
-    cryptodev_digest_cleanup,
-    EVP_PKEY_NULL_method,
-    SHA_CBLOCK,
-    sizeof(struct dev_crypto_state),
-};
-
-const EVP_MD cryptodev_md5 = {
-    NID_md5,
-    NID_undef,
-    16 /* MD5_DIGEST_LENGTH */ ,
-    EVP_MD_FLAG_ONESHOT,
-    cryptodev_digest_init,
-    cryptodev_digest_update,
-    cryptodev_digest_final,
-    cryptodev_digest_copy,
-    cryptodev_digest_cleanup,
-    EVP_PKEY_NULL_method,
-    64 /* MD5_CBLOCK */ ,
-    sizeof(struct dev_crypto_state),
-};
-
-# endif                         /* USE_CRYPTODEV_DIGESTS */
-
-static int
-cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
-                         const int **nids, int nid)
-{
-    if (!digest)
-        return (cryptodev_usable_digests(nids));
-
-    switch (nid) {
-# ifdef USE_CRYPTODEV_DIGESTS
-    case NID_md5:
-        *digest = &cryptodev_md5;
-        break;
-    case NID_sha1:
-        *digest = &cryptodev_sha1;
-        break;
-    default:
-# endif                         /* USE_CRYPTODEV_DIGESTS */
-        *digest = NULL;
-        break;
-    }
-    return (*digest != NULL);
-}
-
-/*
- * Convert a BIGNUM to the representation that /dev/crypto needs.
- * Upon completion of use, the caller is responsible for freeing
- * crp->crp_p.
- */
-static int bn2crparam(const BIGNUM *a, struct crparam *crp)
-{
-    int i, j, k;
-    ssize_t bytes, bits;
-    u_char *b;
-
-    crp->crp_p = NULL;
-    crp->crp_nbits = 0;
-
-    bits = BN_num_bits(a);
-    bytes = (bits + 7) / 8;
-
-    b = malloc(bytes);
-    if (b == NULL)
-        return (1);
-    memset(b, 0, bytes);
-
-    crp->crp_p = (caddr_t) b;
-    crp->crp_nbits = bits;
-
-    for (i = 0, j = 0; i < a->top; i++) {
-        for (k = 0; k < BN_BITS2 / 8; k++) {
-            if ((j + k) >= bytes)
-                return (0);
-            b[j + k] = a->d[i] >> (k * 8);
-        }
-        j += BN_BITS2 / 8;
-    }
-    return (0);
-}
-
-/* Convert a /dev/crypto parameter to a BIGNUM */
-static int crparam2bn(struct crparam *crp, BIGNUM *a)
-{
-    u_int8_t *pd;
-    int i, bytes;
-
-    bytes = (crp->crp_nbits + 7) / 8;
-
-    if (bytes == 0)
-        return (-1);
-
-    if ((pd = (u_int8_t *) malloc(bytes)) == NULL)
-        return (-1);
-
-    for (i = 0; i < bytes; i++)
-        pd[i] = ((char *)crp->crp_p)[bytes - i - 1];
-
-    BN_bin2bn(pd, bytes, a);
-    free(pd);
-
-    return (0);
-}
-
-static void zapparams(struct crypt_kop *kop)
-{
-    int i;
-
-    for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) {
-        OPENSSL_free(kop->crk_param[i].crp_p);
-        kop->crk_param[i].crp_p = NULL;
-        kop->crk_param[i].crp_nbits = 0;
-    }
-}
-
-static int
-cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
-               BIGNUM *s)
-{
-    int fd, ret = -1;
-
-    if ((fd = get_asym_dev_crypto()) < 0)
-        return ret;
-
-    if (r) {
-        kop->crk_param[kop->crk_iparams].crp_p = OPENSSL_malloc(rlen);
-        if (kop->crk_param[kop->crk_iparams].crp_p == NULL)
-            return ret;
-        memset(kop->crk_param[kop->crk_iparams].crp_p, 0, (size_t)rlen);
-        kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
-        kop->crk_oparams++;
-    }
-    if (s) {
-        kop->crk_param[kop->crk_iparams + 1].crp_p = OPENSSL_malloc(slen);
-        /* No need to free the kop->crk_iparams parameter if it was allocated,
-         * callers of this routine have to free allocated parameters through
-         * zapparams both in case of success and failure
-         */
-        if (kop->crk_param[kop->crk_iparams+1].crp_p == NULL)
-            return ret;
-        memset(kop->crk_param[kop->crk_iparams + 1].crp_p, 0, (size_t)slen);
-        kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8;
-        kop->crk_oparams++;
-    }
-
-    if (ioctl(fd, CIOCKEY, kop) == 0) {
-        if (r)
-            crparam2bn(&kop->crk_param[kop->crk_iparams], r);
-        if (s)
-            crparam2bn(&kop->crk_param[kop->crk_iparams + 1], s);
-        ret = 0;
-    }
-
-    return ret;
-}
-
-static int
-cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                     const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
-{
-    struct crypt_kop kop;
-    int ret = 1;
-
-    /*
-     * Currently, we know we can do mod exp iff we can do any asymmetric
-     * operations at all.
-     */
-    if (cryptodev_asymfeat == 0) {
-        ret = BN_mod_exp(r, a, p, m, ctx);
-        return (ret);
-    }
-
-    memset(&kop, 0, sizeof(kop));
-    kop.crk_op = CRK_MOD_EXP;
-
-    /* inputs: a^p % m */
-    if (bn2crparam(a, &kop.crk_param[0]))
-        goto err;
-    if (bn2crparam(p, &kop.crk_param[1]))
-        goto err;
-    if (bn2crparam(m, &kop.crk_param[2]))
-        goto err;
-    kop.crk_iparams = 3;
-
-    if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL)) {
-        const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
-        printf("OCF asym process failed, Running in software\n");
-        ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
-
-    } else if (ECANCELED == kop.crk_status) {
-        const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
-        printf("OCF hardware operation cancelled. Running in Software\n");
-        ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
-    }
-    /* else cryptodev operation worked ok ==> ret = 1 */
-
- err:
-    zapparams(&kop);
-    return (ret);
-}
-
-static int
-cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
-                            BN_CTX *ctx)
-{
-    int r;
-    ctx = BN_CTX_new();
-    r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL);
-    BN_CTX_free(ctx);
-    return (r);
-}
-
-static int
-cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
-{
-    struct crypt_kop kop;
-    int ret = 1;
-
-    if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
-        /* XXX 0 means failure?? */
-        return (0);
-    }
-
-    memset(&kop, 0, sizeof(kop));
-    kop.crk_op = CRK_MOD_EXP_CRT;
-    /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
-    if (bn2crparam(rsa->p, &kop.crk_param[0]))
-        goto err;
-    if (bn2crparam(rsa->q, &kop.crk_param[1]))
-        goto err;
-    if (bn2crparam(I, &kop.crk_param[2]))
-        goto err;
-    if (bn2crparam(rsa->dmp1, &kop.crk_param[3]))
-        goto err;
-    if (bn2crparam(rsa->dmq1, &kop.crk_param[4]))
-        goto err;
-    if (bn2crparam(rsa->iqmp, &kop.crk_param[5]))
-        goto err;
-    kop.crk_iparams = 6;
-
-    if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) {
-        const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
-        printf("OCF asym process failed, running in Software\n");
-        ret = (*meth->rsa_mod_exp) (r0, I, rsa, ctx);
-
-    } else if (ECANCELED == kop.crk_status) {
-        const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
-        printf("OCF hardware operation cancelled. Running in Software\n");
-        ret = (*meth->rsa_mod_exp) (r0, I, rsa, ctx);
-    }
-    /* else cryptodev operation worked ok ==> ret = 1 */
-
- err:
-    zapparams(&kop);
-    return (ret);
-}
-
-static RSA_METHOD cryptodev_rsa = {
-    "cryptodev RSA method",
-    NULL,                       /* rsa_pub_enc */
-    NULL,                       /* rsa_pub_dec */
-    NULL,                       /* rsa_priv_enc */
-    NULL,                       /* rsa_priv_dec */
-    NULL,
-    NULL,
-    NULL,                       /* init */
-    NULL,                       /* finish */
-    0,                          /* flags */
-    NULL,                       /* app_data */
-    NULL,                       /* rsa_sign */
-    NULL                        /* rsa_verify */
-};
-
-static int
-cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-                         const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
-{
-    return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
-}
-
-static int
-cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
-                          BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
-                          BN_CTX *ctx, BN_MONT_CTX *mont)
-{
-    BIGNUM t2;
-    int ret = 0;
-
-    BN_init(&t2);
-
-    /* v = ( g^u1 * y^u2 mod p ) mod q */
-    /* let t1 = g ^ u1 mod p */
-    ret = 0;
-
-    if (!dsa->meth->bn_mod_exp(dsa, t1, dsa->g, u1, dsa->p, ctx, mont))
-        goto err;
-
-    /* let t2 = y ^ u2 mod p */
-    if (!dsa->meth->bn_mod_exp(dsa, &t2, dsa->pub_key, u2, dsa->p, ctx, mont))
-        goto err;
-    /* let u1 = t1 * t2 mod p */
-    if (!BN_mod_mul(u1, t1, &t2, dsa->p, ctx))
-        goto err;
-
-    BN_copy(t1, u1);
-
-    ret = 1;
- err:
-    BN_free(&t2);
-    return (ret);
-}
-
-static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
-                                      DSA *dsa)
-{
-    struct crypt_kop kop;
-    BIGNUM *r = NULL, *s = NULL;
-    DSA_SIG *dsaret = NULL;
-
-    if ((r = BN_new()) == NULL)
-        goto err;
-    if ((s = BN_new()) == NULL) {
-        BN_free(r);
-        goto err;
-    }
-
-    memset(&kop, 0, sizeof(kop));
-    kop.crk_op = CRK_DSA_SIGN;
-
-    /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-    kop.crk_param[0].crp_p = (caddr_t) dgst;
-    kop.crk_param[0].crp_nbits = dlen * 8;
-    if (bn2crparam(dsa->p, &kop.crk_param[1]))
-        goto err;
-    if (bn2crparam(dsa->q, &kop.crk_param[2]))
-        goto err;
-    if (bn2crparam(dsa->g, &kop.crk_param[3]))
-        goto err;
-    if (bn2crparam(dsa->priv_key, &kop.crk_param[4]))
-        goto err;
-    kop.crk_iparams = 5;
-
-    if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r,
-                       BN_num_bytes(dsa->q), s) == 0) {
-        dsaret = DSA_SIG_new();
-        if (dsaret == NULL)
-            goto err;
-        dsaret->r = r;
-        dsaret->s = s;
-        r = s = NULL;
-    } else {
-        const DSA_METHOD *meth = DSA_OpenSSL();
-        dsaret = (meth->dsa_do_sign) (dgst, dlen, dsa);
-    }
- err:
-    BN_free(r);
-    BN_free(s);
-    kop.crk_param[0].crp_p = NULL;
-    zapparams(&kop);
-    return (dsaret);
-}
-
-static int
-cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
-                     DSA_SIG *sig, DSA *dsa)
-{
-    struct crypt_kop kop;
-    int dsaret = 1;
-
-    memset(&kop, 0, sizeof(kop));
-    kop.crk_op = CRK_DSA_VERIFY;
-
-    /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
-    kop.crk_param[0].crp_p = (caddr_t) dgst;
-    kop.crk_param[0].crp_nbits = dlen * 8;
-    if (bn2crparam(dsa->p, &kop.crk_param[1]))
-        goto err;
-    if (bn2crparam(dsa->q, &kop.crk_param[2]))
-        goto err;
-    if (bn2crparam(dsa->g, &kop.crk_param[3]))
-        goto err;
-    if (bn2crparam(dsa->pub_key, &kop.crk_param[4]))
-        goto err;
-    if (bn2crparam(sig->r, &kop.crk_param[5]))
-        goto err;
-    if (bn2crparam(sig->s, &kop.crk_param[6]))
-        goto err;
-    kop.crk_iparams = 7;
-
-    if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
-        /*
-         * OCF success value is 0, if not zero, change dsaret to fail
-         */
-        if (0 != kop.crk_status)
-            dsaret = 0;
-    } else {
-        const DSA_METHOD *meth = DSA_OpenSSL();
-
-        dsaret = (meth->dsa_do_verify) (dgst, dlen, sig, dsa);
-    }
- err:
-    kop.crk_param[0].crp_p = NULL;
-    zapparams(&kop);
-    return (dsaret);
-}
-
-static DSA_METHOD cryptodev_dsa = {
-    "cryptodev DSA method",
-    NULL,
-    NULL,                       /* dsa_sign_setup */
-    NULL,
-    NULL,                       /* dsa_mod_exp */
-    NULL,
-    NULL,                       /* init */
-    NULL,                       /* finish */
-    0,                          /* flags */
-    NULL                        /* app_data */
-};
-
-static int
-cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
-                     const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
-                     BN_MONT_CTX *m_ctx)
-{
-    return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
-}
-
-static int
-cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
-{
-    struct crypt_kop kop;
-    int dhret = 1;
-    int fd, keylen;
-
-    if ((fd = get_asym_dev_crypto()) < 0) {
-        const DH_METHOD *meth = DH_OpenSSL();
-
-        return ((meth->compute_key) (key, pub_key, dh));
-    }
-
-    keylen = BN_num_bits(dh->p);
-
-    memset(&kop, 0, sizeof(kop));
-    kop.crk_op = CRK_DH_COMPUTE_KEY;
-
-    /* inputs: dh->priv_key pub_key dh->p key */
-    if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
-        goto err;
-    if (bn2crparam(pub_key, &kop.crk_param[1]))
-        goto err;
-    if (bn2crparam(dh->p, &kop.crk_param[2]))
-        goto err;
-    kop.crk_iparams = 3;
-
-    kop.crk_param[3].crp_p = (caddr_t) key;
-    kop.crk_param[3].crp_nbits = keylen * 8;
-    kop.crk_oparams = 1;
-
-    if (ioctl(fd, CIOCKEY, &kop) == -1) {
-        const DH_METHOD *meth = DH_OpenSSL();
-
-        dhret = (meth->compute_key) (key, pub_key, dh);
-    }
- err:
-    kop.crk_param[3].crp_p = NULL;
-    zapparams(&kop);
-    return (dhret);
-}
-
-static DH_METHOD cryptodev_dh = {
-    "cryptodev DH method",
-    NULL,                       /* cryptodev_dh_generate_key */
-    NULL,
-    NULL,
-    NULL,
-    NULL,
-    0,                          /* flags */
-    NULL                        /* app_data */
-};
-
-/*
- * ctrl right now is just a wrapper that doesn't do much
- * but I expect we'll want some options soon.
- */
-static int
-cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
-{
-# ifdef HAVE_SYSLOG_R
-    struct syslog_data sd = SYSLOG_DATA_INIT;
-# endif
-
-    switch (cmd) {
-    default:
-# ifdef HAVE_SYSLOG_R
-        syslog_r(LOG_ERR, &sd, "cryptodev_ctrl: unknown command %d", cmd);
-# else
-        syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd);
-# endif
-        break;
-    }
-    return (1);
-}
-
-void ENGINE_load_cryptodev(void)
-{
-    ENGINE *engine = ENGINE_new();
-    int fd;
-
-    if (engine == NULL)
-        return;
-    if ((fd = get_dev_crypto()) < 0) {
-        ENGINE_free(engine);
-        return;
-    }
-
-    /*
-     * find out what asymmetric crypto algorithms we support
-     */
-    if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
-        put_dev_crypto(fd);
-        ENGINE_free(engine);
-        return;
-    }
-    put_dev_crypto(fd);
-
-    if (!ENGINE_set_id(engine, "cryptodev") ||
-        !ENGINE_set_name(engine, "BSD cryptodev engine") ||
-        !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
-        !ENGINE_set_digests(engine, cryptodev_engine_digests) ||
-        !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||
-        !ENGINE_set_cmd_defns(engine, cryptodev_defns)) {
-        ENGINE_free(engine);
-        return;
-    }
-
-    if (ENGINE_set_RSA(engine, &cryptodev_rsa)) {
-        const RSA_METHOD *rsa_meth = RSA_PKCS1_SSLeay();
-
-        cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp;
-        cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp;
-        cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc;
-        cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec;
-        cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc;
-        cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec;
-        if (cryptodev_asymfeat & CRF_MOD_EXP) {
-            cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp;
-            if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
-                cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_mod_exp;
-            else
-                cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_nocrt_mod_exp;
-        }
-    }
-
-    if (ENGINE_set_DSA(engine, &cryptodev_dsa)) {
-        const DSA_METHOD *meth = DSA_OpenSSL();
-
-        memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
-        if (cryptodev_asymfeat & CRF_DSA_SIGN)
-            cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
-        if (cryptodev_asymfeat & CRF_MOD_EXP) {
-            cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
-            cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;
-        }
-        if (cryptodev_asymfeat & CRF_DSA_VERIFY)
-            cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
-    }
-
-    if (ENGINE_set_DH(engine, &cryptodev_dh)) {
-        const DH_METHOD *dh_meth = DH_OpenSSL();
-
-        cryptodev_dh.generate_key = dh_meth->generate_key;
-        cryptodev_dh.compute_key = dh_meth->compute_key;
-        cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp;
-        if (cryptodev_asymfeat & CRF_MOD_EXP) {
-            cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh;
-            if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
-                cryptodev_dh.compute_key = cryptodev_dh_compute_key;
-        }
-    }
-
-    ENGINE_add(engine);
-    ENGINE_free(engine);
-    ERR_clear_error();
-}
-
-#endif                          /* HAVE_CRYPTODEV */
diff --git a/freebsd/crypto/openssl/crypto/engine/eng_ctrl.c b/freebsd/crypto/openssl/crypto/engine/eng_ctrl.c
index b1b27d10..dc99874f 100644
--- a/freebsd/crypto/openssl/crypto/engine/eng_ctrl.c
+++ b/freebsd/crypto/openssl/crypto/engine/eng_ctrl.c
@@ -1,58 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/engine/eng_ctrl.c */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include "eng_int.h"
@@ -111,6 +65,8 @@ static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p,
 {
     int idx;
     char *s = (char *)p;
+    const ENGINE_CMD_DEFN *cdp;
+
     /* Take care of the easy one first (eg. it requires no searches) */
     if (cmd == ENGINE_CTRL_GET_FIRST_CMD_TYPE) {
         if ((e->cmd_defns == NULL) || int_ctrl_cmd_is_null(e->cmd_defns))
@@ -136,42 +92,32 @@ static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p,
         return e->cmd_defns[idx].cmd_num;
     }
     /*
-     * For the rest of the commands, the 'long' argument must specify a valie
+     * For the rest of the commands, the 'long' argument must specify a valid
      * command number - so we need to conduct a search.
      */
-    if ((e->cmd_defns == NULL) || ((idx = int_ctrl_cmd_by_num(e->cmd_defns,
-                                                              (unsigned int)
-                                                              i)) < 0)) {
+    if ((e->cmd_defns == NULL)
+        || ((idx = int_ctrl_cmd_by_num(e->cmd_defns, (unsigned int)i)) < 0)) {
         ENGINEerr(ENGINE_F_INT_CTRL_HELPER, ENGINE_R_INVALID_CMD_NUMBER);
         return -1;
     }
     /* Now the logic splits depending on command type */
+    cdp = &e->cmd_defns[idx];
     switch (cmd) {
     case ENGINE_CTRL_GET_NEXT_CMD_TYPE:
-        idx++;
-        if (int_ctrl_cmd_is_null(e->cmd_defns + idx))
-            /* end-of-list */
-            return 0;
-        else
-            return e->cmd_defns[idx].cmd_num;
+        cdp++;
+        return int_ctrl_cmd_is_null(cdp) ? 0 : cdp->cmd_num;
     case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
-        return strlen(e->cmd_defns[idx].cmd_name);
+        return strlen(cdp->cmd_name);
     case ENGINE_CTRL_GET_NAME_FROM_CMD:
-        return BIO_snprintf(s, strlen(e->cmd_defns[idx].cmd_name) + 1,
-                            "%s", e->cmd_defns[idx].cmd_name);
+        return strlen(strcpy(s, cdp->cmd_name));
     case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
-        if (e->cmd_defns[idx].cmd_desc)
-            return strlen(e->cmd_defns[idx].cmd_desc);
-        return strlen(int_no_description);
+        return strlen(cdp->cmd_desc == NULL ? int_no_description
+                                            : cdp->cmd_desc);
     case ENGINE_CTRL_GET_DESC_FROM_CMD:
-        if (e->cmd_defns[idx].cmd_desc)
-            return BIO_snprintf(s,
-                                strlen(e->cmd_defns[idx].cmd_desc) + 1,
-                                "%s", e->cmd_defns[idx].cmd_desc);
-        return BIO_snprintf(s, strlen(int_no_description) + 1, "%s",
-                            int_no_description);
+        return strlen(strcpy(s, cdp->cmd_desc == NULL ? int_no_description
+                                                      : cdp->cmd_desc));
     case ENGINE_CTRL_GET_CMD_FLAGS:
-        return e->cmd_defns[idx].cmd_flags;
+        return cdp->cmd_flags;
     }
     /* Shouldn't really be here ... */
     ENGINEerr(ENGINE_F_INT_CTRL_HELPER, ENGINE_R_INTERNAL_LIST_ERROR);
@@ -185,9 +131,9 @@ int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
         ENGINEerr(ENGINE_F_ENGINE_CTRL, ERR_R_PASSED_NULL_PARAMETER);
         return 0;
     }
-    CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+    CRYPTO_THREAD_write_lock(global_engine_lock);
     ref_exists = ((e->struct_ref > 0) ? 1 : 0);
-    CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+    CRYPTO_THREAD_unlock(global_engine_lock);
     ctrl_exists = ((e->ctrl == NULL) ? 0 : 1);
     if (!ref_exists) {
         ENGINEerr(ENGINE_F_ENGINE_CTRL, ENGINE_R_NO_REFERENCE);
@@ -251,14 +197,13 @@ int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
 {
     int num;
 
-    if ((e == NULL) || (cmd_name == NULL)) {
+    if (e == NULL || cmd_name == NULL) {
         ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD, ERR_R_PASSED_NULL_PARAMETER);
         return 0;
     }
-    if ((e->ctrl == NULL) || ((num = ENGINE_ctrl(e,
-                                                 ENGINE_CTRL_GET_CMD_FROM_NAME,
-                                                 0, (void *)cmd_name,
-                                                 NULL)) <= 0)) {
+    if (e->ctrl == NULL
+        || (num = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FROM_NAME,
+                              0, (void *)cmd_name, NULL)) <= 0) {
         /*
          * If the command didn't *have* to be supported, we fake success.
          * This allows certain settings to be specified for multiple ENGINEs
@@ -289,15 +234,14 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
     int num, flags;
     long l;
     char *ptr;
-    if ((e == NULL) || (cmd_name == NULL)) {
-        ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
-                  ERR_R_PASSED_NULL_PARAMETER);
+
+    if (e == NULL || cmd_name == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, ERR_R_PASSED_NULL_PARAMETER);
         return 0;
     }
-    if ((e->ctrl == NULL) || ((num = ENGINE_ctrl(e,
-                                                 ENGINE_CTRL_GET_CMD_FROM_NAME,
-                                                 0, (void *)cmd_name,
-                                                 NULL)) <= 0)) {
+    if (e->ctrl == NULL
+        || (num = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FROM_NAME,
+                              0, (void *)cmd_name, NULL)) <= 0) {
         /*
          * If the command didn't *have* to be supported, we fake success.
          * This allows certain settings to be specified for multiple ENGINEs
@@ -318,8 +262,9 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
                   ENGINE_R_CMD_NOT_EXECUTABLE);
         return 0;
     }
-    if ((flags =
-         ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num, NULL, NULL)) < 0) {
+
+    flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num, NULL, NULL);
+    if (flags < 0) {
         /*
          * Shouldn't happen, given that ENGINE_cmd_is_executable() returned
          * success.
diff --git a/freebsd/crypto/openssl/crypto/engine/eng_devcrypto.c b/freebsd/crypto/openssl/crypto/engine/eng_devcrypto.c
new file mode 100644
index 00000000..8e643ad3
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/engine/eng_devcrypto.c
@@ -0,0 +1,680 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <sys/ioctl.h>
+#include <unistd.h>
+#include <assert.h>
+
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <openssl/engine.h>
+#include <openssl/objects.h>
+#include <crypto/cryptodev.h>
+
+#include "internal/engine.h"
+
+#ifdef CRYPTO_ALGORITHM_MIN
+# define CHECK_BSD_STYLE_MACROS
+#endif
+
+/******************************************************************************
+ *
+ * Ciphers
+ *
+ * Because they all do the same basic operation, we have only one set of
+ * method functions for them all to share, and a mapping table between
+ * NIDs and cryptodev IDs, with all the necessary size data.
+ *
+ *****/
+
+struct cipher_ctx {
+    int cfd;
+    struct session_op sess;
+
+    /* to pass from init to do_cipher */
+    const unsigned char *iv;
+    int op;                      /* COP_ENCRYPT or COP_DECRYPT */
+};
+
+static const struct cipher_data_st {
+    int nid;
+    int blocksize;
+    int keylen;
+    int ivlen;
+    int flags;
+    int devcryptoid;
+} cipher_data[] = {
+#ifndef OPENSSL_NO_DES
+    { NID_des_cbc, 8, 8, 8, EVP_CIPH_CBC_MODE, CRYPTO_DES_CBC },
+    { NID_des_ede3_cbc, 8, 24, 8, EVP_CIPH_CBC_MODE, CRYPTO_3DES_CBC },
+#endif
+#ifndef OPENSSL_NO_BF
+    { NID_bf_cbc, 8, 16, 8, EVP_CIPH_CBC_MODE, CRYPTO_BLF_CBC },
+#endif
+#ifndef OPENSSL_NO_CAST
+    { NID_cast5_cbc, 8, 16, 8, EVP_CIPH_CBC_MODE, CRYPTO_CAST_CBC },
+#endif
+    { NID_aes_128_cbc, 16, 128 / 8, 16, EVP_CIPH_CBC_MODE, CRYPTO_AES_CBC },
+    { NID_aes_192_cbc, 16, 192 / 8, 16, EVP_CIPH_CBC_MODE, CRYPTO_AES_CBC },
+    { NID_aes_256_cbc, 16, 256 / 8, 16, EVP_CIPH_CBC_MODE, CRYPTO_AES_CBC },
+#ifndef OPENSSL_NO_RC4
+    { NID_rc4, 1, 16, 0, CRYPTO_ARC4 },
+#endif
+#if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_AES_CTR)
+    { NID_aes_128_ctr, 16, 128 / 8, 16, EVP_CIPH_CTR_MODE, CRYPTO_AES_CTR },
+    { NID_aes_192_ctr, 16, 192 / 8, 16, EVP_CIPH_CTR_MODE, CRYPTO_AES_CTR },
+    { NID_aes_256_ctr, 16, 256 / 8, 16, EVP_CIPH_CTR_MODE, CRYPTO_AES_CTR },
+#endif
+#if 0                            /* Not yet supported */
+    { NID_aes_128_xts, 16, 128 / 8 * 2, 16, EVP_CIPH_XTS_MODE, CRYPTO_AES_XTS },
+    { NID_aes_256_xts, 16, 256 / 8 * 2, 16, EVP_CIPH_XTS_MODE, CRYPTO_AES_XTS },
+#endif
+#if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_AES_ECB)
+    { NID_aes_128_ecb, 16, 128 / 8, 16, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB },
+    { NID_aes_192_ecb, 16, 192 / 8, 16, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB },
+    { NID_aes_256_ecb, 16, 256 / 8, 16, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB },
+#endif
+#if 0                            /* Not yet supported */
+    { NID_aes_128_gcm, 16, 128 / 8, 16, EVP_CIPH_GCM_MODE, CRYPTO_AES_GCM },
+    { NID_aes_192_gcm, 16, 192 / 8, 16, EVP_CIPH_GCM_MODE, CRYPTO_AES_GCM },
+    { NID_aes_256_gcm, 16, 256 / 8, 16, EVP_CIPH_GCM_MODE, CRYPTO_AES_GCM },
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+    { NID_camellia_128_cbc, 16, 128 / 8, 16, EVP_CIPH_CBC_MODE,
+      CRYPTO_CAMELLIA_CBC },
+    { NID_camellia_192_cbc, 16, 192 / 8, 16, EVP_CIPH_CBC_MODE,
+      CRYPTO_CAMELLIA_CBC },
+    { NID_camellia_256_cbc, 16, 256 / 8, 16, EVP_CIPH_CBC_MODE,
+      CRYPTO_CAMELLIA_CBC },
+#endif
+};
+
+static size_t get_cipher_data_index(int nid)
+{
+    size_t i;
+
+    for (i = 0; i < OSSL_NELEM(cipher_data); i++)
+        if (nid == cipher_data[i].nid)
+            return i;
+
+    /*
+     * Code further down must make sure that only NIDs in the table above
+     * are used.  If any other NID reaches this function, there's a grave
+     * coding error further down.
+     */
+    assert("Code that never should be reached" == NULL);
+    return -1;
+}
+
+static const struct cipher_data_st *get_cipher_data(int nid)
+{
+    return &cipher_data[get_cipher_data_index(nid)];
+}
+
+/*
+ * Following are the three necessary functions to map OpenSSL functionality
+ * with cryptodev.
+ */
+
+static int cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                       const unsigned char *iv, int enc)
+{
+    struct cipher_ctx *cipher_ctx =
+        (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
+    const struct cipher_data_st *cipher_d =
+        get_cipher_data(EVP_CIPHER_CTX_nid(ctx));
+
+    if ((cipher_ctx->cfd = open("/dev/crypto", O_RDWR, 0)) < 0) {
+        SYSerr(SYS_F_OPEN, errno);
+        return 0;
+    }
+
+    memset(&cipher_ctx->sess, 0, sizeof(cipher_ctx->sess));
+    cipher_ctx->sess.cipher = cipher_d->devcryptoid;
+    cipher_ctx->sess.keylen = cipher_d->keylen;
+    cipher_ctx->sess.key = (void *)key;
+    cipher_ctx->op = enc ? COP_ENCRYPT : COP_DECRYPT;
+    if (ioctl(cipher_ctx->cfd, CIOCGSESSION, &cipher_ctx->sess) < 0) {
+        SYSerr(SYS_F_IOCTL, errno);
+        close(cipher_ctx->cfd);
+        return 0;
+    }
+
+    return 1;
+}
+
+static int cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                            const unsigned char *in, size_t inl)
+{
+    struct cipher_ctx *cipher_ctx =
+        (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
+    struct crypt_op cryp;
+#if !defined(COP_FLAG_WRITE_IV)
+    unsigned char saved_iv[EVP_MAX_IV_LENGTH];
+#endif
+
+    memset(&cryp, 0, sizeof(cryp));
+    cryp.ses = cipher_ctx->sess.ses;
+    cryp.len = inl;
+    cryp.src = (void *)in;
+    cryp.dst = (void *)out;
+    cryp.iv = (void *)EVP_CIPHER_CTX_iv_noconst(ctx);
+    cryp.op = cipher_ctx->op;
+#if !defined(COP_FLAG_WRITE_IV)
+    cryp.flags = 0;
+
+    if (EVP_CIPHER_CTX_iv_length(ctx) > 0) {
+        assert(inl >= EVP_CIPHER_CTX_iv_length(ctx));
+        if (!EVP_CIPHER_CTX_encrypting(ctx)) {
+            unsigned char *ivptr = in + inl - EVP_CIPHER_CTX_iv_length(ctx);
+
+            memcpy(saved_iv, ivptr, EVP_CIPHER_CTX_iv_length(ctx));
+        }
+    }
+#else
+    cryp.flags = COP_FLAG_WRITE_IV;
+#endif
+
+    if (ioctl(cipher_ctx->cfd, CIOCCRYPT, &cryp) < 0) {
+        SYSerr(SYS_F_IOCTL, errno);
+        return 0;
+    }
+
+#if !defined(COP_FLAG_WRITE_IV)
+    if (EVP_CIPHER_CTX_iv_length(ctx) > 0) {
+        unsigned char *ivptr = saved_iv;
+
+        assert(inl >= EVP_CIPHER_CTX_iv_length(ctx));
+        if (!EVP_CIPHER_CTX_encrypting(ctx))
+            ivptr = out + inl - EVP_CIPHER_CTX_iv_length(ctx);
+
+        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), ivptr,
+               EVP_CIPHER_CTX_iv_length(ctx));
+    }
+#endif
+
+    return 1;
+}
+
+static int cipher_cleanup(EVP_CIPHER_CTX *ctx)
+{
+    struct cipher_ctx *cipher_ctx =
+        (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
+
+    if (ioctl(cipher_ctx->cfd, CIOCFSESSION, &cipher_ctx->sess) < 0) {
+        SYSerr(SYS_F_IOCTL, errno);
+        return 0;
+    }
+    if (close(cipher_ctx->cfd) < 0) {
+        SYSerr(SYS_F_CLOSE, errno);
+        return 0;
+    }
+
+    return 1;
+}
+
+/*
+ * Keep a table of known nids and associated methods.
+ * Note that known_cipher_nids[] isn't necessarily indexed the same way as
+ * cipher_data[] above, which known_cipher_methods[] is.
+ */
+static int known_cipher_nids[OSSL_NELEM(cipher_data)];
+static int known_cipher_nids_amount = -1; /* -1 indicates not yet initialised */
+static EVP_CIPHER *known_cipher_methods[OSSL_NELEM(cipher_data)] = { NULL, };
+
+static void prepare_cipher_methods()
+{
+    size_t i;
+    struct session_op sess;
+    int cfd;
+
+    if ((cfd = open("/dev/crypto", O_RDWR, 0)) < 0)
+        return;
+
+    memset(&sess, 0, sizeof(sess));
+    sess.key = (void *)"01234567890123456789012345678901234567890123456789";
+
+    for (i = 0, known_cipher_nids_amount = 0;
+         i < OSSL_NELEM(cipher_data); i++) {
+
+        /*
+         * Check that the algo is really availably by trying to open and close
+         * a session.
+         */
+        sess.cipher = cipher_data[i].devcryptoid;
+        sess.keylen = cipher_data[i].keylen;
+        if (ioctl(cfd, CIOCGSESSION, &sess) < 0
+            || ioctl(cfd, CIOCFSESSION, &sess) < 0)
+            continue;
+
+        if ((known_cipher_methods[i] =
+                 EVP_CIPHER_meth_new(cipher_data[i].nid,
+                                     cipher_data[i].blocksize,
+                                     cipher_data[i].keylen)) == NULL
+            || !EVP_CIPHER_meth_set_iv_length(known_cipher_methods[i],
+                                              cipher_data[i].ivlen)
+            || !EVP_CIPHER_meth_set_flags(known_cipher_methods[i],
+                                          cipher_data[i].flags
+                                          | EVP_CIPH_FLAG_DEFAULT_ASN1)
+            || !EVP_CIPHER_meth_set_init(known_cipher_methods[i], cipher_init)
+            || !EVP_CIPHER_meth_set_do_cipher(known_cipher_methods[i],
+                                              cipher_do_cipher)
+            || !EVP_CIPHER_meth_set_cleanup(known_cipher_methods[i],
+                                            cipher_cleanup)
+            || !EVP_CIPHER_meth_set_impl_ctx_size(known_cipher_methods[i],
+                                                  sizeof(struct cipher_ctx))) {
+            EVP_CIPHER_meth_free(known_cipher_methods[i]);
+            known_cipher_methods[i] = NULL;
+        } else {
+            known_cipher_nids[known_cipher_nids_amount++] =
+                cipher_data[i].nid;
+        }
+    }
+
+    close(cfd);
+}
+
+static const EVP_CIPHER *get_cipher_method(int nid)
+{
+    size_t i = get_cipher_data_index(nid);
+
+    if (i == (size_t)-1)
+        return NULL;
+    return known_cipher_methods[i];
+}
+
+static int get_cipher_nids(const int **nids)
+{
+    *nids = known_cipher_nids;
+    return known_cipher_nids_amount;
+}
+
+static void destroy_cipher_method(int nid)
+{
+    size_t i = get_cipher_data_index(nid);
+
+    EVP_CIPHER_meth_free(known_cipher_methods[i]);
+    known_cipher_methods[i] = NULL;
+}
+
+static void destroy_all_cipher_methods()
+{
+    size_t i;
+
+    for (i = 0; i < OSSL_NELEM(cipher_data); i++)
+        destroy_cipher_method(cipher_data[i].nid);
+}
+
+static int devcrypto_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+                             const int **nids, int nid)
+{
+    if (cipher == NULL)
+        return get_cipher_nids(nids);
+
+    *cipher = get_cipher_method(nid);
+
+    return *cipher != NULL;
+}
+
+/*
+ * We only support digests if the cryptodev implementation supports multiple
+ * data updates.  Otherwise, we would be forced to maintain a cache, which is
+ * perilous if there's a lot of data coming in (if someone wants to checksum
+ * an OpenSSL tarball, for example).
+ */
+#if defined(COP_FLAG_UPDATE) && defined(COP_FLAG_FINAL)
+
+/******************************************************************************
+ *
+ * Digests
+ *
+ * Because they all do the same basic operation, we have only one set of
+ * method functions for them all to share, and a mapping table between
+ * NIDs and cryptodev IDs, with all the necessary size data.
+ *
+ *****/
+
+struct digest_ctx {
+    int cfd;
+    struct session_op sess;
+    int init;
+};
+
+static const struct digest_data_st {
+    int nid;
+    int digestlen;
+    int devcryptoid;
+} digest_data[] = {
+#ifndef OPENSSL_NO_MD5
+    { NID_md5, 16, CRYPTO_MD5 },
+#endif
+    { NID_sha1, 20, CRYPTO_SHA1 },
+#ifndef OPENSSL_NO_RMD160
+# if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_RIPEMD160)
+    { NID_ripemd160, 20, CRYPTO_RIPEMD160 },
+# endif
+#endif
+#if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_SHA2_224)
+    { NID_sha224, 224 / 8, CRYPTO_SHA2_224 },
+#endif
+#if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_SHA2_256)
+    { NID_sha256, 256 / 8, CRYPTO_SHA2_256 },
+#endif
+#if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_SHA2_384)
+    { NID_sha384, 384 / 8, CRYPTO_SHA2_384 },
+#endif
+#if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_SHA2_512)
+    { NID_sha512, 512 / 8, CRYPTO_SHA2_512 },
+#endif
+};
+
+static size_t get_digest_data_index(int nid)
+{
+    size_t i;
+
+    for (i = 0; i < OSSL_NELEM(digest_data); i++)
+        if (nid == digest_data[i].nid)
+            return i;
+
+    /*
+     * Code further down must make sure that only NIDs in the table above
+     * are used.  If any other NID reaches this function, there's a grave
+     * coding error further down.
+     */
+    assert("Code that never should be reached" == NULL);
+    return -1;
+}
+
+static const struct digest_data_st *get_digest_data(int nid)
+{
+    return &digest_data[get_digest_data_index(nid)];
+}
+
+/*
+ * Following are the four necessary functions to map OpenSSL functionality
+ * with cryptodev.
+ */
+
+static int digest_init(EVP_MD_CTX *ctx)
+{
+    struct digest_ctx *digest_ctx =
+        (struct digest_ctx *)EVP_MD_CTX_md_data(ctx);
+    const struct digest_data_st *digest_d =
+        get_digest_data(EVP_MD_CTX_type(ctx));
+
+    if (digest_ctx->init == 0
+        && (digest_ctx->cfd = open("/dev/crypto", O_RDWR, 0)) < 0) {
+        SYSerr(SYS_F_OPEN, errno);
+        return 0;
+    }
+
+    digest_ctx->init = 1;
+
+    memset(&digest_ctx->sess, 0, sizeof(digest_ctx->sess));
+    digest_ctx->sess.mac = digest_d->devcryptoid;
+    if (ioctl(digest_ctx->cfd, CIOCGSESSION, &digest_ctx->sess) < 0) {
+        SYSerr(SYS_F_IOCTL, errno);
+        close(digest_ctx->cfd);
+        return 0;
+    }
+
+    return 1;
+}
+
+static int digest_op(struct digest_ctx *ctx, const void *src, size_t srclen,
+                     void *res, unsigned int flags)
+{
+    struct crypt_op cryp;
+
+    memset(&cryp, 0, sizeof(cryp));
+    cryp.ses = ctx->sess.ses;
+    cryp.len = srclen;
+    cryp.src = (void *)src;
+    cryp.dst = NULL;
+    cryp.mac = res;
+    cryp.flags = flags;
+    return ioctl(ctx->cfd, CIOCCRYPT, &cryp);
+}
+
+static int digest_update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    struct digest_ctx *digest_ctx =
+        (struct digest_ctx *)EVP_MD_CTX_md_data(ctx);
+
+    if (count == 0)
+        return 1;
+
+    if (digest_op(digest_ctx, data, count, NULL, COP_FLAG_UPDATE) < 0) {
+        SYSerr(SYS_F_IOCTL, errno);
+        return 0;
+    }
+
+    return 1;
+}
+
+static int digest_final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    struct digest_ctx *digest_ctx =
+        (struct digest_ctx *)EVP_MD_CTX_md_data(ctx);
+
+    if (digest_op(digest_ctx, NULL, 0, md, COP_FLAG_FINAL) < 0) {
+        SYSerr(SYS_F_IOCTL, errno);
+        return 0;
+    }
+    if (ioctl(digest_ctx->cfd, CIOCFSESSION, &digest_ctx->sess) < 0) {
+        SYSerr(SYS_F_IOCTL, errno);
+        return 0;
+    }
+
+    return 1;
+}
+
+static int digest_cleanup(EVP_MD_CTX *ctx)
+{
+    struct digest_ctx *digest_ctx =
+        (struct digest_ctx *)EVP_MD_CTX_md_data(ctx);
+
+    if (close(digest_ctx->cfd) < 0) {
+        SYSerr(SYS_F_CLOSE, errno);
+        return 0;
+    }
+
+    return 1;
+}
+
+/*
+ * Keep a table of known nids and associated methods.
+ * Note that known_digest_nids[] isn't necessarily indexed the same way as
+ * digest_data[] above, which known_digest_methods[] is.
+ */
+static int known_digest_nids[OSSL_NELEM(digest_data)];
+static int known_digest_nids_amount = -1; /* -1 indicates not yet initialised */
+static EVP_MD *known_digest_methods[OSSL_NELEM(digest_data)] = { NULL, };
+
+static void prepare_digest_methods()
+{
+    size_t i;
+    struct session_op sess;
+    int cfd;
+
+    if ((cfd = open("/dev/crypto", O_RDWR, 0)) < 0)
+        return;
+
+    memset(&sess, 0, sizeof(sess));
+
+    for (i = 0, known_digest_nids_amount = 0; i < OSSL_NELEM(digest_data);
+         i++) {
+
+        /*
+         * Check that the algo is really availably by trying to open and close
+         * a session.
+         */
+        sess.mac = digest_data[i].devcryptoid;
+        if (ioctl(cfd, CIOCGSESSION, &sess) < 0
+            || ioctl(cfd, CIOCFSESSION, &sess) < 0)
+            continue;
+
+        if ((known_digest_methods[i] = EVP_MD_meth_new(digest_data[i].nid,
+                                                       NID_undef)) == NULL
+            || !EVP_MD_meth_set_result_size(known_digest_methods[i],
+                                            digest_data[i].digestlen)
+            || !EVP_MD_meth_set_init(known_digest_methods[i], digest_init)
+            || !EVP_MD_meth_set_update(known_digest_methods[i], digest_update)
+            || !EVP_MD_meth_set_final(known_digest_methods[i], digest_final)
+            || !EVP_MD_meth_set_cleanup(known_digest_methods[i], digest_cleanup)
+            || !EVP_MD_meth_set_app_datasize(known_digest_methods[i],
+                                             sizeof(struct digest_ctx))) {
+            EVP_MD_meth_free(known_digest_methods[i]);
+            known_digest_methods[i] = NULL;
+        } else {
+            known_digest_nids[known_digest_nids_amount++] = digest_data[i].nid;
+        }
+    }
+
+    close(cfd);
+}
+
+static const EVP_MD *get_digest_method(int nid)
+{
+    size_t i = get_digest_data_index(nid);
+
+    if (i == (size_t)-1)
+        return NULL;
+    return known_digest_methods[i];
+}
+
+static int get_digest_nids(const int **nids)
+{
+    *nids = known_digest_nids;
+    return known_digest_nids_amount;
+}
+
+static void destroy_digest_method(int nid)
+{
+    size_t i = get_digest_data_index(nid);
+
+    EVP_MD_meth_free(known_digest_methods[i]);
+    known_digest_methods[i] = NULL;
+}
+
+static void destroy_all_digest_methods()
+{
+    size_t i;
+
+    for (i = 0; i < OSSL_NELEM(digest_data); i++)
+        destroy_digest_method(digest_data[i].nid);
+}
+
+static int devcrypto_digests(ENGINE *e, const EVP_MD **digest,
+                             const int **nids, int nid)
+{
+    if (digest == NULL)
+        return get_digest_nids(nids);
+
+    *digest = get_digest_method(nid);
+
+    return *digest != NULL;
+}
+
+#endif
+
+/******************************************************************************
+ *
+ * LOAD / UNLOAD
+ *
+ *****/
+
+static int devcrypto_unload(ENGINE *e)
+{
+    destroy_all_cipher_methods();
+#if defined(COP_FLAG_UPDATE) && defined(COP_FLAG_FINAL)
+    destroy_all_digest_methods();
+#endif
+    return 1;
+}
+/*
+ * This engine is always built into libcrypto, so it doesn't offer any
+ * ability to be dynamically loadable.
+ */
+void engine_load_devcrypto_int()
+{
+    ENGINE *e = NULL;
+
+    if (access("/dev/crypto", R_OK | W_OK) < 0) {
+        fprintf(stderr,
+                "/dev/crypto not present, not enabling devcrypto engine\n");
+        return;
+    }
+
+    prepare_cipher_methods();
+#if defined(COP_FLAG_UPDATE) && defined(COP_FLAG_FINAL)
+    prepare_digest_methods();
+#endif
+
+    if ((e = ENGINE_new()) == NULL)
+        return;
+
+    if (!ENGINE_set_id(e, "devcrypto")
+        || !ENGINE_set_name(e, "/dev/crypto engine")
+        || !ENGINE_set_destroy_function(e, devcrypto_unload)
+
+/*
+ * Asymmetric ciphers aren't well supported with /dev/crypto.  Among the BSD
+ * implementations, it seems to only exist in FreeBSD, and regarding the
+ * parameters in its crypt_kop, the manual crypto(4) has this to say:
+ *
+ *    The semantics of these arguments are currently undocumented.
+ *
+ * Reading through the FreeBSD source code doesn't give much more than
+ * their CRK_MOD_EXP implementation for ubsec.
+ *
+ * It doesn't look much better with cryptodev-linux.  They have the crypt_kop
+ * structure as well as the command (CRK_*) in cryptodev.h, but no support
+ * seems to be implemented at all for the moment.
+ *
+ * At the time of writing, it seems impossible to write proper support for
+ * FreeBSD's asym features without some very deep knowledge and access to
+ * specific kernel modules.
+ *
+ * /Richard Levitte, 2017-05-11
+ */
+#if 0
+# ifndef OPENSSL_NO_RSA
+        || !ENGINE_set_RSA(e, devcrypto_rsa)
+# endif
+# ifndef OPENSSL_NO_DSA
+        || !ENGINE_set_DSA(e, devcrypto_dsa)
+# endif
+# ifndef OPENSSL_NO_DH
+        || !ENGINE_set_DH(e, devcrypto_dh)
+# endif
+# ifndef OPENSSL_NO_EC
+        || !ENGINE_set_EC(e, devcrypto_ec)
+# endif
+#endif
+        || !ENGINE_set_ciphers(e, devcrypto_ciphers)
+#if defined(COP_FLAG_UPDATE) && defined(COP_FLAG_FINAL)
+        || !ENGINE_set_digests(e, devcrypto_digests)
+#endif
+        ) {
+        ENGINE_free(e);
+        return;
+    }
+
+    ENGINE_add(e);
+    ENGINE_free(e);          /* Loose our local reference */
+    ERR_clear_error();
+}
diff --git a/freebsd/crypto/openssl/crypto/engine/eng_dyn.c b/freebsd/crypto/openssl/crypto/engine/eng_dyn.c
deleted file mode 100644
index e7dde78c..00000000
--- a/freebsd/crypto/openssl/crypto/engine/eng_dyn.c
+++ /dev/null
@@ -1,572 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/engine/eng_dyn.c */
-/*
- * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
- * 2001.
- */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "eng_int.h"
-#include <openssl/dso.h>
-
-/*
- * Shared libraries implementing ENGINEs for use by the "dynamic" ENGINE
- * loader should implement the hook-up functions with the following
- * prototypes.
- */
-
-/* Our ENGINE handlers */
-static int dynamic_init(ENGINE *e);
-static int dynamic_finish(ENGINE *e);
-static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p,
-                        void (*f) (void));
-/* Predeclare our context type */
-typedef struct st_dynamic_data_ctx dynamic_data_ctx;
-/* The implementation for the important control command */
-static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx);
-
-#define DYNAMIC_CMD_SO_PATH             ENGINE_CMD_BASE
-#define DYNAMIC_CMD_NO_VCHECK           (ENGINE_CMD_BASE + 1)
-#define DYNAMIC_CMD_ID                  (ENGINE_CMD_BASE + 2)
-#define DYNAMIC_CMD_LIST_ADD            (ENGINE_CMD_BASE + 3)
-#define DYNAMIC_CMD_DIR_LOAD            (ENGINE_CMD_BASE + 4)
-#define DYNAMIC_CMD_DIR_ADD             (ENGINE_CMD_BASE + 5)
-#define DYNAMIC_CMD_LOAD                (ENGINE_CMD_BASE + 6)
-
-/* The constants used when creating the ENGINE */
-static const char *engine_dynamic_id = "dynamic";
-static const char *engine_dynamic_name = "Dynamic engine loading support";
-static const ENGINE_CMD_DEFN dynamic_cmd_defns[] = {
-    {DYNAMIC_CMD_SO_PATH,
-     "SO_PATH",
-     "Specifies the path to the new ENGINE shared library",
-     ENGINE_CMD_FLAG_STRING},
-    {DYNAMIC_CMD_NO_VCHECK,
-     "NO_VCHECK",
-     "Specifies to continue even if version checking fails (boolean)",
-     ENGINE_CMD_FLAG_NUMERIC},
-    {DYNAMIC_CMD_ID,
-     "ID",
-     "Specifies an ENGINE id name for loading",
-     ENGINE_CMD_FLAG_STRING},
-    {DYNAMIC_CMD_LIST_ADD,
-     "LIST_ADD",
-     "Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory)",
-     ENGINE_CMD_FLAG_NUMERIC},
-    {DYNAMIC_CMD_DIR_LOAD,
-     "DIR_LOAD",
-     "Specifies whether to load from 'DIR_ADD' directories (0=no,1=yes,2=mandatory)",
-     ENGINE_CMD_FLAG_NUMERIC},
-    {DYNAMIC_CMD_DIR_ADD,
-     "DIR_ADD",
-     "Adds a directory from which ENGINEs can be loaded",
-     ENGINE_CMD_FLAG_STRING},
-    {DYNAMIC_CMD_LOAD,
-     "LOAD",
-     "Load up the ENGINE specified by other settings",
-     ENGINE_CMD_FLAG_NO_INPUT},
-    {0, NULL, NULL, 0}
-};
-
-/*
- * Loading code stores state inside the ENGINE structure via the "ex_data"
- * element. We load all our state into a single structure and use that as a
- * single context in the "ex_data" stack.
- */
-struct st_dynamic_data_ctx {
-    /* The DSO object we load that supplies the ENGINE code */
-    DSO *dynamic_dso;
-    /*
-     * The function pointer to the version checking shared library function
-     */
-    dynamic_v_check_fn v_check;
-    /*
-     * The function pointer to the engine-binding shared library function
-     */
-    dynamic_bind_engine bind_engine;
-    /* The default name/path for loading the shared library */
-    const char *DYNAMIC_LIBNAME;
-    /* Whether to continue loading on a version check failure */
-    int no_vcheck;
-    /* If non-NULL, stipulates the 'id' of the ENGINE to be loaded */
-    const char *engine_id;
-    /*
-     * If non-zero, a successfully loaded ENGINE should be added to the
-     * internal ENGINE list. If 2, the add must succeed or the entire load
-     * should fail.
-     */
-    int list_add_value;
-    /* The symbol name for the version checking function */
-    const char *DYNAMIC_F1;
-    /* The symbol name for the "initialise ENGINE structure" function */
-    const char *DYNAMIC_F2;
-    /*
-     * Whether to never use 'dirs', use 'dirs' as a fallback, or only use
-     * 'dirs' for loading. Default is to use 'dirs' as a fallback.
-     */
-    int dir_load;
-    /* A stack of directories from which ENGINEs could be loaded */
-    STACK_OF(OPENSSL_STRING) *dirs;
-};
-
-/*
- * This is the "ex_data" index we obtain and reserve for use with our context
- * structure.
- */
-static int dynamic_ex_data_idx = -1;
-
-static void int_free_str(char *s)
-{
-    OPENSSL_free(s);
-}
-
-/*
- * Because our ex_data element may or may not get allocated depending on
- * whether a "first-use" occurs before the ENGINE is freed, we have a memory
- * leak problem to solve. We can't declare a "new" handler for the ex_data as
- * we don't want a dynamic_data_ctx in *all* ENGINE structures of all types
- * (this is a bug in the design of CRYPTO_EX_DATA). As such, we just declare
- * a "free" handler and that will get called if an ENGINE is being destroyed
- * and there was an ex_data element corresponding to our context type.
- */
-static void dynamic_data_ctx_free_func(void *parent, void *ptr,
-                                       CRYPTO_EX_DATA *ad, int idx, long argl,
-                                       void *argp)
-{
-    if (ptr) {
-        dynamic_data_ctx *ctx = (dynamic_data_ctx *)ptr;
-        if (ctx->dynamic_dso)
-            DSO_free(ctx->dynamic_dso);
-        if (ctx->DYNAMIC_LIBNAME)
-            OPENSSL_free((void *)ctx->DYNAMIC_LIBNAME);
-        if (ctx->engine_id)
-            OPENSSL_free((void *)ctx->engine_id);
-        if (ctx->dirs)
-            sk_OPENSSL_STRING_pop_free(ctx->dirs, int_free_str);
-        OPENSSL_free(ctx);
-    }
-}
-
-/*
- * Construct the per-ENGINE context. We create it blindly and then use a lock
- * to check for a race - if so, all but one of the threads "racing" will have
- * wasted their time. The alternative involves creating everything inside the
- * lock which is far worse.
- */
-static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx)
-{
-    dynamic_data_ctx *c;
-    c = OPENSSL_malloc(sizeof(dynamic_data_ctx));
-    if (!c) {
-        ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX, ERR_R_MALLOC_FAILURE);
-        return 0;
-    }
-    memset(c, 0, sizeof(dynamic_data_ctx));
-    c->dynamic_dso = NULL;
-    c->v_check = NULL;
-    c->bind_engine = NULL;
-    c->DYNAMIC_LIBNAME = NULL;
-    c->no_vcheck = 0;
-    c->engine_id = NULL;
-    c->list_add_value = 0;
-    c->DYNAMIC_F1 = "v_check";
-    c->DYNAMIC_F2 = "bind_engine";
-    c->dir_load = 1;
-    c->dirs = sk_OPENSSL_STRING_new_null();
-    if (!c->dirs) {
-        ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX, ERR_R_MALLOC_FAILURE);
-        OPENSSL_free(c);
-        return 0;
-    }
-    CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-    if ((*ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e,
-                                                       dynamic_ex_data_idx))
-        == NULL) {
-        /* Good, we're the first */
-        ENGINE_set_ex_data(e, dynamic_ex_data_idx, c);
-        *ctx = c;
-        c = NULL;
-    }
-    CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-    /*
-     * If we lost the race to set the context, c is non-NULL and *ctx is the
-     * context of the thread that won.
-     */
-    if (c) {
-        sk_OPENSSL_STRING_free(c->dirs);
-        OPENSSL_free(c);
-    }
-    return 1;
-}
-
-/*
- * This function retrieves the context structure from an ENGINE's "ex_data",
- * or if it doesn't exist yet, sets it up.
- */
-static dynamic_data_ctx *dynamic_get_data_ctx(ENGINE *e)
-{
-    dynamic_data_ctx *ctx;
-    if (dynamic_ex_data_idx < 0) {
-        /*
-         * Create and register the ENGINE ex_data, and associate our "free"
-         * function with it to ensure any allocated contexts get freed when
-         * an ENGINE goes underground.
-         */
-        int new_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL,
-                                              dynamic_data_ctx_free_func);
-        if (new_idx == -1) {
-            ENGINEerr(ENGINE_F_DYNAMIC_GET_DATA_CTX, ENGINE_R_NO_INDEX);
-            return NULL;
-        }
-        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-        /* Avoid a race by checking again inside this lock */
-        if (dynamic_ex_data_idx < 0) {
-            /* Good, someone didn't beat us to it */
-            dynamic_ex_data_idx = new_idx;
-            new_idx = -1;
-        }
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        /*
-         * In theory we could "give back" the index here if (new_idx>-1), but
-         * it's not possible and wouldn't gain us much if it were.
-         */
-    }
-    ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e, dynamic_ex_data_idx);
-    /* Check if the context needs to be created */
-    if ((ctx == NULL) && !dynamic_set_data_ctx(e, &ctx))
-        /* "set_data" will set errors if necessary */
-        return NULL;
-    return ctx;
-}
-
-static ENGINE *engine_dynamic(void)
-{
-    ENGINE *ret = ENGINE_new();
-    if (!ret)
-        return NULL;
-    if (!ENGINE_set_id(ret, engine_dynamic_id) ||
-        !ENGINE_set_name(ret, engine_dynamic_name) ||
-        !ENGINE_set_init_function(ret, dynamic_init) ||
-        !ENGINE_set_finish_function(ret, dynamic_finish) ||
-        !ENGINE_set_ctrl_function(ret, dynamic_ctrl) ||
-        !ENGINE_set_flags(ret, ENGINE_FLAGS_BY_ID_COPY) ||
-        !ENGINE_set_cmd_defns(ret, dynamic_cmd_defns)) {
-        ENGINE_free(ret);
-        return NULL;
-    }
-    return ret;
-}
-
-void ENGINE_load_dynamic(void)
-{
-    ENGINE *toadd = engine_dynamic();
-    if (!toadd)
-        return;
-    ENGINE_add(toadd);
-    /*
-     * If the "add" worked, it gets a structural reference. So either way, we
-     * release our just-created reference.
-     */
-    ENGINE_free(toadd);
-    /*
-     * If the "add" didn't work, it was probably a conflict because it was
-     * already added (eg. someone calling ENGINE_load_blah then calling
-     * ENGINE_load_builtin_engines() perhaps).
-     */
-    ERR_clear_error();
-}
-
-static int dynamic_init(ENGINE *e)
-{
-    /*
-     * We always return failure - the "dyanamic" engine itself can't be used
-     * for anything.
-     */
-    return 0;
-}
-
-static int dynamic_finish(ENGINE *e)
-{
-    /*
-     * This should never be called on account of "dynamic_init" always
-     * failing.
-     */
-    return 0;
-}
-
-static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
-{
-    dynamic_data_ctx *ctx = dynamic_get_data_ctx(e);
-    int initialised;
-
-    if (!ctx) {
-        ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_NOT_LOADED);
-        return 0;
-    }
-    initialised = ((ctx->dynamic_dso == NULL) ? 0 : 1);
-    /* All our control commands require the ENGINE to be uninitialised */
-    if (initialised) {
-        ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_ALREADY_LOADED);
-        return 0;
-    }
-    switch (cmd) {
-    case DYNAMIC_CMD_SO_PATH:
-        /* a NULL 'p' or a string of zero-length is the same thing */
-        if (p && (strlen((const char *)p) < 1))
-            p = NULL;
-        if (ctx->DYNAMIC_LIBNAME)
-            OPENSSL_free((void *)ctx->DYNAMIC_LIBNAME);
-        if (p)
-            ctx->DYNAMIC_LIBNAME = BUF_strdup(p);
-        else
-            ctx->DYNAMIC_LIBNAME = NULL;
-        return (ctx->DYNAMIC_LIBNAME ? 1 : 0);
-    case DYNAMIC_CMD_NO_VCHECK:
-        ctx->no_vcheck = ((i == 0) ? 0 : 1);
-        return 1;
-    case DYNAMIC_CMD_ID:
-        /* a NULL 'p' or a string of zero-length is the same thing */
-        if (p && (strlen((const char *)p) < 1))
-            p = NULL;
-        if (ctx->engine_id)
-            OPENSSL_free((void *)ctx->engine_id);
-        if (p)
-            ctx->engine_id = BUF_strdup(p);
-        else
-            ctx->engine_id = NULL;
-        return (ctx->engine_id ? 1 : 0);
-    case DYNAMIC_CMD_LIST_ADD:
-        if ((i < 0) || (i > 2)) {
-            ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_INVALID_ARGUMENT);
-            return 0;
-        }
-        ctx->list_add_value = (int)i;
-        return 1;
-    case DYNAMIC_CMD_LOAD:
-        return dynamic_load(e, ctx);
-    case DYNAMIC_CMD_DIR_LOAD:
-        if ((i < 0) || (i > 2)) {
-            ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_INVALID_ARGUMENT);
-            return 0;
-        }
-        ctx->dir_load = (int)i;
-        return 1;
-    case DYNAMIC_CMD_DIR_ADD:
-        /* a NULL 'p' or a string of zero-length is the same thing */
-        if (!p || (strlen((const char *)p) < 1)) {
-            ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_INVALID_ARGUMENT);
-            return 0;
-        }
-        {
-            char *tmp_str = BUF_strdup(p);
-            if (!tmp_str) {
-                ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ERR_R_MALLOC_FAILURE);
-                return 0;
-            }
-            sk_OPENSSL_STRING_insert(ctx->dirs, tmp_str, -1);
-        }
-        return 1;
-    default:
-        break;
-    }
-    ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
-    return 0;
-}
-
-static int int_load(dynamic_data_ctx *ctx)
-{
-    int num, loop;
-    /* Unless told not to, try a direct load */
-    if ((ctx->dir_load != 2) && (DSO_load(ctx->dynamic_dso,
-                                          ctx->DYNAMIC_LIBNAME, NULL,
-                                          0)) != NULL)
-        return 1;
-    /* If we're not allowed to use 'dirs' or we have none, fail */
-    if (!ctx->dir_load || (num = sk_OPENSSL_STRING_num(ctx->dirs)) < 1)
-        return 0;
-    for (loop = 0; loop < num; loop++) {
-        const char *s = sk_OPENSSL_STRING_value(ctx->dirs, loop);
-        char *merge = DSO_merge(ctx->dynamic_dso, ctx->DYNAMIC_LIBNAME, s);
-        if (!merge)
-            return 0;
-        if (DSO_load(ctx->dynamic_dso, merge, NULL, 0)) {
-            /* Found what we're looking for */
-            OPENSSL_free(merge);
-            return 1;
-        }
-        OPENSSL_free(merge);
-    }
-    return 0;
-}
-
-static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx)
-{
-    ENGINE cpy;
-    dynamic_fns fns;
-
-    if (!ctx->dynamic_dso)
-        ctx->dynamic_dso = DSO_new();
-    if (!ctx->DYNAMIC_LIBNAME) {
-        if (!ctx->engine_id)
-            return 0;
-        ctx->DYNAMIC_LIBNAME =
-            DSO_convert_filename(ctx->dynamic_dso, ctx->engine_id);
-    }
-    if (!int_load(ctx)) {
-        ENGINEerr(ENGINE_F_DYNAMIC_LOAD, ENGINE_R_DSO_NOT_FOUND);
-        DSO_free(ctx->dynamic_dso);
-        ctx->dynamic_dso = NULL;
-        return 0;
-    }
-    /* We have to find a bind function otherwise it'll always end badly */
-    if (!
-        (ctx->bind_engine =
-         (dynamic_bind_engine) DSO_bind_func(ctx->dynamic_dso,
-                                             ctx->DYNAMIC_F2))) {
-        ctx->bind_engine = NULL;
-        DSO_free(ctx->dynamic_dso);
-        ctx->dynamic_dso = NULL;
-        ENGINEerr(ENGINE_F_DYNAMIC_LOAD, ENGINE_R_DSO_FAILURE);
-        return 0;
-    }
-    /* Do we perform version checking? */
-    if (!ctx->no_vcheck) {
-        unsigned long vcheck_res = 0;
-        /*
-         * Now we try to find a version checking function and decide how to
-         * cope with failure if/when it fails.
-         */
-        ctx->v_check =
-            (dynamic_v_check_fn) DSO_bind_func(ctx->dynamic_dso,
-                                               ctx->DYNAMIC_F1);
-        if (ctx->v_check)
-            vcheck_res = ctx->v_check(OSSL_DYNAMIC_VERSION);
-        /*
-         * We fail if the version checker veto'd the load *or* if it is
-         * deferring to us (by returning its version) and we think it is too
-         * old.
-         */
-        if (vcheck_res < OSSL_DYNAMIC_OLDEST) {
-            /* Fail */
-            ctx->bind_engine = NULL;
-            ctx->v_check = NULL;
-            DSO_free(ctx->dynamic_dso);
-            ctx->dynamic_dso = NULL;
-            ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
-                      ENGINE_R_VERSION_INCOMPATIBILITY);
-            return 0;
-        }
-    }
-    /*
-     * First binary copy the ENGINE structure so that we can roll back if the
-     * hand-over fails
-     */
-    memcpy(&cpy, e, sizeof(ENGINE));
-    /*
-     * Provide the ERR, "ex_data", memory, and locking callbacks so the
-     * loaded library uses our state rather than its own. FIXME: As noted in
-     * engine.h, much of this would be simplified if each area of code
-     * provided its own "summary" structure of all related callbacks. It
-     * would also increase opaqueness.
-     */
-    fns.static_state = ENGINE_get_static_state();
-    fns.err_fns = ERR_get_implementation();
-    fns.ex_data_fns = CRYPTO_get_ex_data_implementation();
-    CRYPTO_get_mem_functions(&fns.mem_fns.malloc_cb,
-                             &fns.mem_fns.realloc_cb, &fns.mem_fns.free_cb);
-    fns.lock_fns.lock_locking_cb = CRYPTO_get_locking_callback();
-    fns.lock_fns.lock_add_lock_cb = CRYPTO_get_add_lock_callback();
-    fns.lock_fns.dynlock_create_cb = CRYPTO_get_dynlock_create_callback();
-    fns.lock_fns.dynlock_lock_cb = CRYPTO_get_dynlock_lock_callback();
-    fns.lock_fns.dynlock_destroy_cb = CRYPTO_get_dynlock_destroy_callback();
-    /*
-     * Now that we've loaded the dynamic engine, make sure no "dynamic"
-     * ENGINE elements will show through.
-     */
-    engine_set_all_null(e);
-
-    /* Try to bind the ENGINE onto our own ENGINE structure */
-    if (!ctx->bind_engine(e, ctx->engine_id, &fns)) {
-        ctx->bind_engine = NULL;
-        ctx->v_check = NULL;
-        DSO_free(ctx->dynamic_dso);
-        ctx->dynamic_dso = NULL;
-        ENGINEerr(ENGINE_F_DYNAMIC_LOAD, ENGINE_R_INIT_FAILED);
-        /* Copy the original ENGINE structure back */
-        memcpy(e, &cpy, sizeof(ENGINE));
-        return 0;
-    }
-    /* Do we try to add this ENGINE to the internal list too? */
-    if (ctx->list_add_value > 0) {
-        if (!ENGINE_add(e)) {
-            /* Do we tolerate this or fail? */
-            if (ctx->list_add_value > 1) {
-                /*
-                 * Fail - NB: By this time, it's too late to rollback, and
-                 * trying to do so allows the bind_engine() code to have
-                 * created leaks. We just have to fail where we are, after
-                 * the ENGINE has changed.
-                 */
-                ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
-                          ENGINE_R_CONFLICTING_ENGINE_ID);
-                return 0;
-            }
-            /* Tolerate */
-            ERR_clear_error();
-        }
-    }
-    return 1;
-}
diff --git a/freebsd/crypto/openssl/crypto/engine/eng_err.c b/freebsd/crypto/openssl/crypto/engine/eng_err.c
index a77ce9cc..5a427c6a 100644
--- a/freebsd/crypto/openssl/crypto/engine/eng_err.c
+++ b/freebsd/crypto/openssl/crypto/engine/eng_err.c
@@ -1,183 +1,156 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/engine/eng_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2010 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
 /*
- * NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
-#include <openssl/engine.h>
+#include <openssl/engineerr.h>
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_ENGINE,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_ENGINE,0,reason)
-
-static ERR_STRING_DATA ENGINE_str_functs[] = {
-    {ERR_FUNC(ENGINE_F_DYNAMIC_CTRL), "DYNAMIC_CTRL"},
-    {ERR_FUNC(ENGINE_F_DYNAMIC_GET_DATA_CTX), "DYNAMIC_GET_DATA_CTX"},
-    {ERR_FUNC(ENGINE_F_DYNAMIC_LOAD), "DYNAMIC_LOAD"},
-    {ERR_FUNC(ENGINE_F_DYNAMIC_SET_DATA_CTX), "DYNAMIC_SET_DATA_CTX"},
-    {ERR_FUNC(ENGINE_F_ENGINE_ADD), "ENGINE_add"},
-    {ERR_FUNC(ENGINE_F_ENGINE_BY_ID), "ENGINE_by_id"},
-    {ERR_FUNC(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE), "ENGINE_cmd_is_executable"},
-    {ERR_FUNC(ENGINE_F_ENGINE_CTRL), "ENGINE_ctrl"},
-    {ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD), "ENGINE_ctrl_cmd"},
-    {ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD_STRING), "ENGINE_ctrl_cmd_string"},
-    {ERR_FUNC(ENGINE_F_ENGINE_FINISH), "ENGINE_finish"},
-    {ERR_FUNC(ENGINE_F_ENGINE_FREE_UTIL), "ENGINE_FREE_UTIL"},
-    {ERR_FUNC(ENGINE_F_ENGINE_GET_CIPHER), "ENGINE_get_cipher"},
-    {ERR_FUNC(ENGINE_F_ENGINE_GET_DEFAULT_TYPE), "ENGINE_GET_DEFAULT_TYPE"},
-    {ERR_FUNC(ENGINE_F_ENGINE_GET_DIGEST), "ENGINE_get_digest"},
-    {ERR_FUNC(ENGINE_F_ENGINE_GET_NEXT), "ENGINE_get_next"},
-    {ERR_FUNC(ENGINE_F_ENGINE_GET_PKEY_ASN1_METH),
+static const ERR_STRING_DATA ENGINE_str_functs[] = {
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_DIGEST_UPDATE, 0), "digest_update"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_DYNAMIC_CTRL, 0), "dynamic_ctrl"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_DYNAMIC_GET_DATA_CTX, 0),
+     "dynamic_get_data_ctx"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_DYNAMIC_LOAD, 0), "dynamic_load"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_DYNAMIC_SET_DATA_CTX, 0),
+     "dynamic_set_data_ctx"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_ADD, 0), "ENGINE_add"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_BY_ID, 0), "ENGINE_by_id"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_CMD_IS_EXECUTABLE, 0),
+     "ENGINE_cmd_is_executable"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_CTRL, 0), "ENGINE_ctrl"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_CTRL_CMD, 0), "ENGINE_ctrl_cmd"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_CTRL_CMD_STRING, 0),
+     "ENGINE_ctrl_cmd_string"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_FINISH, 0), "ENGINE_finish"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_GET_CIPHER, 0),
+     "ENGINE_get_cipher"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_GET_DIGEST, 0),
+     "ENGINE_get_digest"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_GET_FIRST, 0),
+     "ENGINE_get_first"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_GET_LAST, 0), "ENGINE_get_last"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_GET_NEXT, 0), "ENGINE_get_next"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_GET_PKEY_ASN1_METH, 0),
      "ENGINE_get_pkey_asn1_meth"},
-    {ERR_FUNC(ENGINE_F_ENGINE_GET_PKEY_METH), "ENGINE_get_pkey_meth"},
-    {ERR_FUNC(ENGINE_F_ENGINE_GET_PREV), "ENGINE_get_prev"},
-    {ERR_FUNC(ENGINE_F_ENGINE_INIT), "ENGINE_init"},
-    {ERR_FUNC(ENGINE_F_ENGINE_LIST_ADD), "ENGINE_LIST_ADD"},
-    {ERR_FUNC(ENGINE_F_ENGINE_LIST_REMOVE), "ENGINE_LIST_REMOVE"},
-    {ERR_FUNC(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY), "ENGINE_load_private_key"},
-    {ERR_FUNC(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY), "ENGINE_load_public_key"},
-    {ERR_FUNC(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT),
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_GET_PKEY_METH, 0),
+     "ENGINE_get_pkey_meth"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_GET_PREV, 0), "ENGINE_get_prev"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_INIT, 0), "ENGINE_init"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_LIST_ADD, 0), "engine_list_add"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_LIST_REMOVE, 0),
+     "engine_list_remove"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, 0),
+     "ENGINE_load_private_key"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, 0),
+     "ENGINE_load_public_key"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT, 0),
      "ENGINE_load_ssl_client_cert"},
-    {ERR_FUNC(ENGINE_F_ENGINE_NEW), "ENGINE_new"},
-    {ERR_FUNC(ENGINE_F_ENGINE_REMOVE), "ENGINE_remove"},
-    {ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_STRING),
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_NEW, 0), "ENGINE_new"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_PKEY_ASN1_FIND_STR, 0),
+     "ENGINE_pkey_asn1_find_str"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_REMOVE, 0), "ENGINE_remove"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_SET_DEFAULT_STRING, 0),
      "ENGINE_set_default_string"},
-    {ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_TYPE), "ENGINE_SET_DEFAULT_TYPE"},
-    {ERR_FUNC(ENGINE_F_ENGINE_SET_ID), "ENGINE_set_id"},
-    {ERR_FUNC(ENGINE_F_ENGINE_SET_NAME), "ENGINE_set_name"},
-    {ERR_FUNC(ENGINE_F_ENGINE_TABLE_REGISTER), "ENGINE_TABLE_REGISTER"},
-    {ERR_FUNC(ENGINE_F_ENGINE_UNLOAD_KEY), "ENGINE_UNLOAD_KEY"},
-    {ERR_FUNC(ENGINE_F_ENGINE_UNLOCKED_FINISH), "ENGINE_UNLOCKED_FINISH"},
-    {ERR_FUNC(ENGINE_F_ENGINE_UP_REF), "ENGINE_up_ref"},
-    {ERR_FUNC(ENGINE_F_INT_CTRL_HELPER), "INT_CTRL_HELPER"},
-    {ERR_FUNC(ENGINE_F_INT_ENGINE_CONFIGURE), "INT_ENGINE_CONFIGURE"},
-    {ERR_FUNC(ENGINE_F_INT_ENGINE_MODULE_INIT), "INT_ENGINE_MODULE_INIT"},
-    {ERR_FUNC(ENGINE_F_LOG_MESSAGE), "LOG_MESSAGE"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_SET_ID, 0), "ENGINE_set_id"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_SET_NAME, 0), "ENGINE_set_name"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_TABLE_REGISTER, 0),
+     "engine_table_register"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_UNLOCKED_FINISH, 0),
+     "engine_unlocked_finish"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_UP_REF, 0), "ENGINE_up_ref"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_INT_CLEANUP_ITEM, 0),
+     "int_cleanup_item"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_INT_CTRL_HELPER, 0), "int_ctrl_helper"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_INT_ENGINE_CONFIGURE, 0),
+     "int_engine_configure"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_INT_ENGINE_MODULE_INIT, 0),
+     "int_engine_module_init"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_OSSL_HMAC_INIT, 0), "ossl_hmac_init"},
     {0, NULL}
 };
 
-static ERR_STRING_DATA ENGINE_str_reasons[] = {
-    {ERR_REASON(ENGINE_R_ALREADY_LOADED), "already loaded"},
-    {ERR_REASON(ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER),
-     "argument is not a number"},
-    {ERR_REASON(ENGINE_R_CMD_NOT_EXECUTABLE), "cmd not executable"},
-    {ERR_REASON(ENGINE_R_COMMAND_TAKES_INPUT), "command takes input"},
-    {ERR_REASON(ENGINE_R_COMMAND_TAKES_NO_INPUT), "command takes no input"},
-    {ERR_REASON(ENGINE_R_CONFLICTING_ENGINE_ID), "conflicting engine id"},
-    {ERR_REASON(ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED),
-     "ctrl command not implemented"},
-    {ERR_REASON(ENGINE_R_DH_NOT_IMPLEMENTED), "dh not implemented"},
-    {ERR_REASON(ENGINE_R_DSA_NOT_IMPLEMENTED), "dsa not implemented"},
-    {ERR_REASON(ENGINE_R_DSO_FAILURE), "DSO failure"},
-    {ERR_REASON(ENGINE_R_DSO_NOT_FOUND), "dso not found"},
-    {ERR_REASON(ENGINE_R_ENGINES_SECTION_ERROR), "engines section error"},
-    {ERR_REASON(ENGINE_R_ENGINE_CONFIGURATION_ERROR),
-     "engine configuration error"},
-    {ERR_REASON(ENGINE_R_ENGINE_IS_NOT_IN_LIST), "engine is not in the list"},
-    {ERR_REASON(ENGINE_R_ENGINE_SECTION_ERROR), "engine section error"},
-    {ERR_REASON(ENGINE_R_FAILED_LOADING_PRIVATE_KEY),
-     "failed loading private key"},
-    {ERR_REASON(ENGINE_R_FAILED_LOADING_PUBLIC_KEY),
-     "failed loading public key"},
-    {ERR_REASON(ENGINE_R_FINISH_FAILED), "finish failed"},
-    {ERR_REASON(ENGINE_R_GET_HANDLE_FAILED),
-     "could not obtain hardware handle"},
-    {ERR_REASON(ENGINE_R_ID_OR_NAME_MISSING), "'id' or 'name' missing"},
-    {ERR_REASON(ENGINE_R_INIT_FAILED), "init failed"},
-    {ERR_REASON(ENGINE_R_INTERNAL_LIST_ERROR), "internal list error"},
-    {ERR_REASON(ENGINE_R_INVALID_ARGUMENT), "invalid argument"},
-    {ERR_REASON(ENGINE_R_INVALID_CMD_NAME), "invalid cmd name"},
-    {ERR_REASON(ENGINE_R_INVALID_CMD_NUMBER), "invalid cmd number"},
-    {ERR_REASON(ENGINE_R_INVALID_INIT_VALUE), "invalid init value"},
-    {ERR_REASON(ENGINE_R_INVALID_STRING), "invalid string"},
-    {ERR_REASON(ENGINE_R_NOT_INITIALISED), "not initialised"},
-    {ERR_REASON(ENGINE_R_NOT_LOADED), "not loaded"},
-    {ERR_REASON(ENGINE_R_NO_CONTROL_FUNCTION), "no control function"},
-    {ERR_REASON(ENGINE_R_NO_INDEX), "no index"},
-    {ERR_REASON(ENGINE_R_NO_LOAD_FUNCTION), "no load function"},
-    {ERR_REASON(ENGINE_R_NO_REFERENCE), "no reference"},
-    {ERR_REASON(ENGINE_R_NO_SUCH_ENGINE), "no such engine"},
-    {ERR_REASON(ENGINE_R_NO_UNLOAD_FUNCTION), "no unload function"},
-    {ERR_REASON(ENGINE_R_PROVIDE_PARAMETERS), "provide parameters"},
-    {ERR_REASON(ENGINE_R_RSA_NOT_IMPLEMENTED), "rsa not implemented"},
-    {ERR_REASON(ENGINE_R_UNIMPLEMENTED_CIPHER), "unimplemented cipher"},
-    {ERR_REASON(ENGINE_R_UNIMPLEMENTED_DIGEST), "unimplemented digest"},
-    {ERR_REASON(ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD),
-     "unimplemented public key method"},
-    {ERR_REASON(ENGINE_R_VERSION_INCOMPATIBILITY), "version incompatibility"},
+static const ERR_STRING_DATA ENGINE_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ALREADY_LOADED), "already loaded"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER),
+    "argument is not a number"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_CMD_NOT_EXECUTABLE),
+    "cmd not executable"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_COMMAND_TAKES_INPUT),
+    "command takes input"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_COMMAND_TAKES_NO_INPUT),
+    "command takes no input"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_CONFLICTING_ENGINE_ID),
+    "conflicting engine id"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED),
+    "ctrl command not implemented"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_DSO_FAILURE), "DSO failure"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_DSO_NOT_FOUND), "dso not found"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ENGINES_SECTION_ERROR),
+    "engines section error"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ENGINE_CONFIGURATION_ERROR),
+    "engine configuration error"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ENGINE_IS_NOT_IN_LIST),
+    "engine is not in the list"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ENGINE_SECTION_ERROR),
+    "engine section error"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_FAILED_LOADING_PRIVATE_KEY),
+    "failed loading private key"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_FAILED_LOADING_PUBLIC_KEY),
+    "failed loading public key"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_FINISH_FAILED), "finish failed"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ID_OR_NAME_MISSING),
+    "'id' or 'name' missing"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INIT_FAILED), "init failed"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INTERNAL_LIST_ERROR),
+    "internal list error"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INVALID_ARGUMENT),
+    "invalid argument"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INVALID_CMD_NAME),
+    "invalid cmd name"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INVALID_CMD_NUMBER),
+    "invalid cmd number"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INVALID_INIT_VALUE),
+    "invalid init value"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INVALID_STRING), "invalid string"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NOT_INITIALISED), "not initialised"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NOT_LOADED), "not loaded"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NO_CONTROL_FUNCTION),
+    "no control function"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NO_INDEX), "no index"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NO_LOAD_FUNCTION),
+    "no load function"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NO_REFERENCE), "no reference"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NO_SUCH_ENGINE), "no such engine"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_UNIMPLEMENTED_CIPHER),
+    "unimplemented cipher"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_UNIMPLEMENTED_DIGEST),
+    "unimplemented digest"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD),
+    "unimplemented public key method"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_VERSION_INCOMPATIBILITY),
+    "version incompatibility"},
     {0, NULL}
 };
 
 #endif
 
-void ERR_load_ENGINE_strings(void)
+int ERR_load_ENGINE_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
-
     if (ERR_func_error_string(ENGINE_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, ENGINE_str_functs);
-        ERR_load_strings(0, ENGINE_str_reasons);
+        ERR_load_strings_const(ENGINE_str_functs);
+        ERR_load_strings_const(ENGINE_str_reasons);
     }
 #endif
+    return 1;
 }
diff --git a/freebsd/crypto/openssl/crypto/engine/eng_fat.c b/freebsd/crypto/openssl/crypto/engine/eng_fat.c
index 16b2dacc..9a900ac5 100644
--- a/freebsd/crypto/openssl/crypto/engine/eng_fat.c
+++ b/freebsd/crypto/openssl/crypto/engine/eng_fat.c
@@ -1,63 +1,13 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/engine/eng_fat.c */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include "eng_int.h"
@@ -81,12 +31,8 @@ int ENGINE_set_default(ENGINE *e, unsigned int flags)
     if ((flags & ENGINE_METHOD_DH) && !ENGINE_set_default_DH(e))
         return 0;
 #endif
-#ifndef OPENSSL_NO_ECDH
-    if ((flags & ENGINE_METHOD_ECDH) && !ENGINE_set_default_ECDH(e))
-        return 0;
-#endif
-#ifndef OPENSSL_NO_ECDSA
-    if ((flags & ENGINE_METHOD_ECDSA) && !ENGINE_set_default_ECDSA(e))
+#ifndef OPENSSL_NO_EC
+    if ((flags & ENGINE_METHOD_EC) && !ENGINE_set_default_EC(e))
         return 0;
 #endif
     if ((flags & ENGINE_METHOD_RAND) && !ENGINE_set_default_RAND(e))
@@ -107,29 +53,27 @@ static int int_def_cb(const char *alg, int len, void *arg)
     unsigned int *pflags = arg;
     if (alg == NULL)
         return 0;
-    if (!strncmp(alg, "ALL", len))
+    if (strncmp(alg, "ALL", len) == 0)
         *pflags |= ENGINE_METHOD_ALL;
-    else if (!strncmp(alg, "RSA", len))
+    else if (strncmp(alg, "RSA", len) == 0)
         *pflags |= ENGINE_METHOD_RSA;
-    else if (!strncmp(alg, "DSA", len))
+    else if (strncmp(alg, "DSA", len) == 0)
         *pflags |= ENGINE_METHOD_DSA;
-    else if (!strncmp(alg, "ECDH", len))
-        *pflags |= ENGINE_METHOD_ECDH;
-    else if (!strncmp(alg, "ECDSA", len))
-        *pflags |= ENGINE_METHOD_ECDSA;
-    else if (!strncmp(alg, "DH", len))
+    else if (strncmp(alg, "DH", len) == 0)
         *pflags |= ENGINE_METHOD_DH;
-    else if (!strncmp(alg, "RAND", len))
+    else if (strncmp(alg, "EC", len) == 0)
+        *pflags |= ENGINE_METHOD_EC;
+    else if (strncmp(alg, "RAND", len) == 0)
         *pflags |= ENGINE_METHOD_RAND;
-    else if (!strncmp(alg, "CIPHERS", len))
+    else if (strncmp(alg, "CIPHERS", len) == 0)
         *pflags |= ENGINE_METHOD_CIPHERS;
-    else if (!strncmp(alg, "DIGESTS", len))
+    else if (strncmp(alg, "DIGESTS", len) == 0)
         *pflags |= ENGINE_METHOD_DIGESTS;
-    else if (!strncmp(alg, "PKEY", len))
+    else if (strncmp(alg, "PKEY", len) == 0)
         *pflags |= ENGINE_METHOD_PKEY_METHS | ENGINE_METHOD_PKEY_ASN1_METHS;
-    else if (!strncmp(alg, "PKEY_CRYPTO", len))
+    else if (strncmp(alg, "PKEY_CRYPTO", len) == 0)
         *pflags |= ENGINE_METHOD_PKEY_METHS;
-    else if (!strncmp(alg, "PKEY_ASN1", len))
+    else if (strncmp(alg, "PKEY_ASN1", len) == 0)
         *pflags |= ENGINE_METHOD_PKEY_ASN1_METHS;
     else
         return 0;
@@ -161,11 +105,8 @@ int ENGINE_register_complete(ENGINE *e)
 #ifndef OPENSSL_NO_DH
     ENGINE_register_DH(e);
 #endif
-#ifndef OPENSSL_NO_ECDH
-    ENGINE_register_ECDH(e);
-#endif
-#ifndef OPENSSL_NO_ECDSA
-    ENGINE_register_ECDSA(e);
+#ifndef OPENSSL_NO_EC
+    ENGINE_register_EC(e);
 #endif
     ENGINE_register_RAND(e);
     ENGINE_register_pkey_meths(e);
diff --git a/freebsd/crypto/openssl/crypto/engine/eng_init.c b/freebsd/crypto/openssl/crypto/engine/eng_init.c
index 24aa0a31..bd74ef19 100644
--- a/freebsd/crypto/openssl/crypto/engine/eng_init.c
+++ b/freebsd/crypto/openssl/crypto/engine/eng_init.c
@@ -1,60 +1,15 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/engine/eng_init.c */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
+#include "e_os.h"
 #include "eng_int.h"
 
 /*
@@ -78,8 +33,8 @@ int engine_unlocked_init(ENGINE *e)
          */
         e->struct_ref++;
         e->funct_ref++;
-        engine_ref_debug(e, 0, 1)
-            engine_ref_debug(e, 1, 1)
+        engine_ref_debug(e, 0, 1);
+        engine_ref_debug(e, 1, 1);
     }
     return to_return;
 }
@@ -104,19 +59,14 @@ int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers)
     engine_ref_debug(e, 1, -1);
     if ((e->funct_ref == 0) && e->finish) {
         if (unlock_for_handlers)
-            CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+            CRYPTO_THREAD_unlock(global_engine_lock);
         to_return = e->finish(e);
         if (unlock_for_handlers)
-            CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+            CRYPTO_THREAD_write_lock(global_engine_lock);
         if (!to_return)
             return 0;
     }
-#ifdef REF_CHECK
-    if (e->funct_ref < 0) {
-        fprintf(stderr, "ENGINE_finish, bad functional reference count\n");
-        abort();
-    }
-#endif
+    REF_ASSERT_ISNT(e->funct_ref < 0);
     /* Release the structural reference too */
     if (!engine_free_util(e, 0)) {
         ENGINEerr(ENGINE_F_ENGINE_UNLOCKED_FINISH, ENGINE_R_FINISH_FAILED);
@@ -133,9 +83,13 @@ int ENGINE_init(ENGINE *e)
         ENGINEerr(ENGINE_F_ENGINE_INIT, ERR_R_PASSED_NULL_PARAMETER);
         return 0;
     }
-    CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+    if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)) {
+        ENGINEerr(ENGINE_F_ENGINE_INIT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    CRYPTO_THREAD_write_lock(global_engine_lock);
     ret = engine_unlocked_init(e);
-    CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+    CRYPTO_THREAD_unlock(global_engine_lock);
     return ret;
 }
 
@@ -144,13 +98,11 @@ int ENGINE_finish(ENGINE *e)
 {
     int to_return = 1;
 
-    if (e == NULL) {
-        ENGINEerr(ENGINE_F_ENGINE_FINISH, ERR_R_PASSED_NULL_PARAMETER);
-        return 0;
-    }
-    CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+    if (e == NULL)
+        return 1;
+    CRYPTO_THREAD_write_lock(global_engine_lock);
     to_return = engine_unlocked_finish(e, 1);
-    CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+    CRYPTO_THREAD_unlock(global_engine_lock);
     if (!to_return) {
         ENGINEerr(ENGINE_F_ENGINE_FINISH, ENGINE_R_FINISH_FAILED);
         return 0;
diff --git a/freebsd/crypto/openssl/crypto/engine/eng_int.h b/freebsd/crypto/openssl/crypto/engine/eng_int.h
index 46f163b1..b9548334 100644
--- a/freebsd/crypto/openssl/crypto/engine/eng_int.h
+++ b/freebsd/crypto/openssl/crypto/engine/eng_int.h
@@ -1,77 +1,22 @@
-/* crypto/engine/eng_int.h */
 /*
- * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #ifndef HEADER_ENGINE_INT_H
 # define HEADER_ENGINE_INT_H
 
-# include "cryptlib.h"
-/* Take public definitions from engine.h */
-# include <openssl/engine.h>
+# include "internal/cryptlib.h"
+# include "internal/engine.h"
+# include "internal/thread_once.h"
+# include "internal/refcount.h"
 
-#ifdef  __cplusplus
-extern "C" {
-#endif
+extern CRYPTO_RWLOCK *global_engine_lock;
 
 /*
  * If we compile with this symbol defined, then both reference counts in the
@@ -88,7 +33,7 @@ extern "C" {
                 (unsigned int)(e), (isfunct ? "funct" : "struct"), \
                 ((isfunct) ? ((e)->funct_ref - (diff)) : ((e)->struct_ref - (diff))), \
                 ((isfunct) ? (e)->funct_ref : (e)->struct_ref), \
-                (__FILE__), (__LINE__));
+                (OPENSSL_FILE), (OPENSSL_LINE))
 
 # else
 
@@ -98,20 +43,20 @@ extern "C" {
 
 /*
  * Any code that will need cleanup operations should use these functions to
- * register callbacks. ENGINE_cleanup() will call all registered callbacks in
- * order. NB: both the "add" functions assume CRYPTO_LOCK_ENGINE to already be
- * held (in "write" mode).
+ * register callbacks. engine_cleanup_int() will call all registered
+ * callbacks in order. NB: both the "add" functions assume the engine lock to
+ * already be held (in "write" mode).
  */
 typedef void (ENGINE_CLEANUP_CB) (void);
 typedef struct st_engine_cleanup_item {
     ENGINE_CLEANUP_CB *cb;
 } ENGINE_CLEANUP_ITEM;
-DECLARE_STACK_OF(ENGINE_CLEANUP_ITEM)
+DEFINE_STACK_OF(ENGINE_CLEANUP_ITEM)
 void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb);
 void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb);
 
 /* We need stacks of ENGINEs for use in eng_table.c */
-DECLARE_STACK_OF(ENGINE)
+DEFINE_STACK_OF(ENGINE)
 
 /*
  * If this symbol is defined then engine_table_select(), the function that is
@@ -136,7 +81,7 @@ ENGINE *engine_table_select(ENGINE_TABLE **table, int nid);
 # else
 ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f,
                                 int l);
-#  define engine_table_select(t,n) engine_table_select_tmp(t,n,__FILE__,__LINE__)
+#  define engine_table_select(t,n) engine_table_select_tmp(t,n,OPENSSL_FILE,OPENSSL_LINE)
 # endif
 typedef void (engine_table_doall_cb) (int nid, STACK_OF(ENGINE) *sk,
                                       ENGINE *def, void *arg);
@@ -146,11 +91,11 @@ void engine_table_doall(ENGINE_TABLE *table, engine_table_doall_cb *cb,
 /*
  * Internal versions of API functions that have control over locking. These
  * are used between C files when functionality needs to be shared but the
- * caller may already be controlling of the CRYPTO_LOCK_ENGINE lock.
+ * caller may already be controlling of the engine lock.
  */
 int engine_unlocked_init(ENGINE *e);
 int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers);
-int engine_free_util(ENGINE *e, int locked);
+int engine_free_util(ENGINE *e, int not_locked);
 
 /*
  * This function will reset all "set"able values in an ENGINE to NULL. This
@@ -169,6 +114,10 @@ void engine_set_all_null(ENGINE *e);
 void engine_pkey_meths_free(ENGINE *e);
 void engine_pkey_asn1_meths_free(ENGINE *e);
 
+/* Once initialisation function */
+extern CRYPTO_ONCE engine_lock_init;
+DECLARE_RUN_ONCE(do_engine_lock_init)
+
 /*
  * This is a structure for storing implementations of various crypto
  * algorithms and functions.
@@ -179,10 +128,8 @@ struct engine_st {
     const RSA_METHOD *rsa_meth;
     const DSA_METHOD *dsa_meth;
     const DH_METHOD *dh_meth;
-    const ECDH_METHOD *ecdh_meth;
-    const ECDSA_METHOD *ecdsa_meth;
+    const EC_KEY_METHOD *ec_meth;
     const RAND_METHOD *rand_meth;
-    const STORE_METHOD *store_meth;
     /* Cipher handling is via this callback */
     ENGINE_CIPHERS_PTR ciphers;
     /* Digest handling is via this callback */
@@ -201,10 +148,10 @@ struct engine_st {
     const ENGINE_CMD_DEFN *cmd_defns;
     int flags;
     /* reference count on the structure itself */
-    int struct_ref;
+    CRYPTO_REF_COUNT struct_ref;
     /*
      * reference count on usability of the engine type. NB: This controls the
-     * loading and initialisation of any functionlity required by this
+     * loading and initialisation of any functionality required by this
      * engine, whereas the previous count is simply to cope with
      * (de)allocation of this structure. Hence, running_ref <= struct_ref at
      * all times.
@@ -217,8 +164,8 @@ struct engine_st {
     struct engine_st *next;
 };
 
-#ifdef  __cplusplus
-}
-#endif
+typedef struct st_engine_pile ENGINE_PILE;
+
+DEFINE_LHASH_OF(ENGINE_PILE);
 
 #endif                          /* HEADER_ENGINE_INT_H */
diff --git a/freebsd/crypto/openssl/crypto/engine/eng_lib.c b/freebsd/crypto/openssl/crypto/engine/eng_lib.c
index 34c6d479..a098c6d9 100644
--- a/freebsd/crypto/openssl/crypto/engine/eng_lib.c
+++ b/freebsd/crypto/openssl/crypto/engine/eng_lib.c
@@ -1,82 +1,48 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/engine/eng_lib.c */
 /*
- * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999-2018 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
+#include "e_os.h"
 #include "eng_int.h"
 #include <openssl/rand.h>
+#include "internal/refcount.h"
+
+CRYPTO_RWLOCK *global_engine_lock;
+
+CRYPTO_ONCE engine_lock_init = CRYPTO_ONCE_STATIC_INIT;
 
 /* The "new"/"free" stuff first */
 
+DEFINE_RUN_ONCE(do_engine_lock_init)
+{
+    if (!OPENSSL_init_crypto(0, NULL))
+        return 0;
+    global_engine_lock = CRYPTO_THREAD_lock_new();
+    return global_engine_lock != NULL;
+}
+
 ENGINE *ENGINE_new(void)
 {
     ENGINE *ret;
 
-    ret = (ENGINE *)OPENSSL_malloc(sizeof(ENGINE));
-    if (ret == NULL) {
+    if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)
+        || (ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) {
         ENGINEerr(ENGINE_F_ENGINE_NEW, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
-    memset(ret, 0, sizeof(ENGINE));
     ret->struct_ref = 1;
-    engine_ref_debug(ret, 0, 1)
-        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ENGINE, ret, &ret->ex_data);
+    engine_ref_debug(ret, 0, 1);
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ENGINE, ret, &ret->ex_data)) {
+        OPENSSL_free(ret);
+        return NULL;
+    }
     return ret;
 }
 
@@ -93,7 +59,6 @@ void engine_set_all_null(ENGINE *e)
     e->dsa_meth = NULL;
     e->dh_meth = NULL;
     e->rand_meth = NULL;
-    e->store_meth = NULL;
     e->ciphers = NULL;
     e->digests = NULL;
     e->destroy = NULL;
@@ -106,27 +71,20 @@ void engine_set_all_null(ENGINE *e)
     e->flags = 0;
 }
 
-int engine_free_util(ENGINE *e, int locked)
+int engine_free_util(ENGINE *e, int not_locked)
 {
     int i;
 
-    if (e == NULL) {
-        ENGINEerr(ENGINE_F_ENGINE_FREE_UTIL, ERR_R_PASSED_NULL_PARAMETER);
-        return 0;
-    }
-    if (locked)
-        i = CRYPTO_add(&e->struct_ref, -1, CRYPTO_LOCK_ENGINE);
+    if (e == NULL)
+        return 1;
+    if (not_locked)
+        CRYPTO_DOWN_REF(&e->struct_ref, &i, global_engine_lock);
     else
         i = --e->struct_ref;
-    engine_ref_debug(e, 0, -1)
-        if (i > 0)
+    engine_ref_debug(e, 0, -1);
+    if (i > 0)
         return 1;
-#ifdef REF_CHECK
-    if (i < 0) {
-        fprintf(stderr, "ENGINE_free, bad structural reference count\n");
-        abort();
-    }
-#endif
+    REF_ASSERT_ISNT(i < 0);
     /* Free up any dynamically allocated public key methods */
     engine_pkey_meths_free(e);
     engine_pkey_asn1_meths_free(e);
@@ -149,8 +107,8 @@ int ENGINE_free(ENGINE *e)
 /* Cleanup stuff */
 
 /*
- * ENGINE_cleanup() is coded such that anything that does work that will need
- * cleanup can register a "cleanup" callback here. That way we don't get
+ * engine_cleanup_int() is coded such that anything that does work that will
+ * need cleanup can register a "cleanup" callback here. That way we don't get
  * linker bloat by referring to all *possible* cleanups, but any linker bloat
  * into code "X" will cause X's cleanup function to end up here.
  */
@@ -167,9 +125,12 @@ static int int_cleanup_check(int create)
 
 static ENGINE_CLEANUP_ITEM *int_cleanup_item(ENGINE_CLEANUP_CB *cb)
 {
-    ENGINE_CLEANUP_ITEM *item = OPENSSL_malloc(sizeof(ENGINE_CLEANUP_ITEM));
-    if (!item)
+    ENGINE_CLEANUP_ITEM *item;
+    
+    if ((item = OPENSSL_malloc(sizeof(*item))) == NULL) {
+        ENGINEerr(ENGINE_F_INT_CLEANUP_ITEM, ERR_R_MALLOC_FAILURE);
         return NULL;
+    }
     item->cb = cb;
     return item;
 }
@@ -177,6 +138,7 @@ static ENGINE_CLEANUP_ITEM *int_cleanup_item(ENGINE_CLEANUP_CB *cb)
 void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb)
 {
     ENGINE_CLEANUP_ITEM *item;
+
     if (!int_cleanup_check(1))
         return;
     item = int_cleanup_item(cb);
@@ -203,38 +165,26 @@ static void engine_cleanup_cb_free(ENGINE_CLEANUP_ITEM *item)
     OPENSSL_free(item);
 }
 
-void ENGINE_cleanup(void)
+void engine_cleanup_int(void)
 {
     if (int_cleanup_check(0)) {
         sk_ENGINE_CLEANUP_ITEM_pop_free(cleanup_stack,
                                         engine_cleanup_cb_free);
         cleanup_stack = NULL;
     }
-    /*
-     * FIXME: This should be handled (somehow) through RAND, eg. by it
-     * registering a cleanup callback.
-     */
-    RAND_set_rand_method(NULL);
+    CRYPTO_THREAD_lock_free(global_engine_lock);
 }
 
 /* Now the "ex_data" support */
 
-int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-                            CRYPTO_EX_dup *dup_func,
-                            CRYPTO_EX_free *free_func)
-{
-    return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, argl, argp,
-                                   new_func, dup_func, free_func);
-}
-
 int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg)
 {
-    return (CRYPTO_set_ex_data(&e->ex_data, idx, arg));
+    return CRYPTO_set_ex_data(&e->ex_data, idx, arg);
 }
 
 void *ENGINE_get_ex_data(const ENGINE *e, int idx)
 {
-    return (CRYPTO_get_ex_data(&e->ex_data, idx));
+    return CRYPTO_get_ex_data(&e->ex_data, idx);
 }
 
 /*
diff --git a/freebsd/crypto/openssl/crypto/engine/eng_list.c b/freebsd/crypto/openssl/crypto/engine/eng_list.c
index 5c727d95..b38a826a 100644
--- a/freebsd/crypto/openssl/crypto/engine/eng_list.c
+++ b/freebsd/crypto/openssl/crypto/engine/eng_list.c
@@ -1,67 +1,13 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/engine/eng_list.c */
 /*
- * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include "eng_int.h"
@@ -69,8 +15,8 @@
 /*
  * The linked-list of pointers to engine types. engine_list_head incorporates
  * an implicit structural reference but engine_list_tail does not - the
- * latter is a computational niceity and only points to something that is
- * already pointed to by its predecessor in the list (or engine_list_head
+ * latter is a computational optimization and only points to something that
+ * is already pointed to by its predecessor in the list (or engine_list_head
  * itself). In the same way, the use of the "prev" pointer in each ENGINE is
  * to save excessive list iteration, it doesn't correspond to an extra
  * structural reference. Hence, engine_list_head, and each non-null "next"
@@ -82,7 +28,7 @@ static ENGINE *engine_list_tail = NULL;
 
 /*
  * This cleanup function is only needed internally. If it should be called,
- * we register it with the "ENGINE_cleanup()" stack to be called during
+ * we register it with the "engine_cleanup_int()" stack to be called during
  * cleanup.
  */
 
@@ -99,7 +45,7 @@ static void engine_list_cleanup(void)
 
 /*
  * These static functions starting with a lower case "engine_" always take
- * place when CRYPTO_LOCK_ENGINE has been locked up.
+ * place when global_engine_lock has been locked up.
  */
 static int engine_list_add(ENGINE *e)
 {
@@ -144,9 +90,9 @@ static int engine_list_add(ENGINE *e)
      * Having the engine in the list assumes a structural reference.
      */
     e->struct_ref++;
-    engine_ref_debug(e, 0, 1)
-        /* However it came to be, e is the last item in the list. */
-        engine_list_tail = e;
+    engine_ref_debug(e, 0, 1);
+    /* However it came to be, e is the last item in the list. */
+    engine_list_tail = e;
     e->next = NULL;
     return 1;
 }
@@ -187,13 +133,18 @@ ENGINE *ENGINE_get_first(void)
 {
     ENGINE *ret;
 
-    CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+    if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)) {
+        ENGINEerr(ENGINE_F_ENGINE_GET_FIRST, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    CRYPTO_THREAD_write_lock(global_engine_lock);
     ret = engine_list_head;
     if (ret) {
         ret->struct_ref++;
-        engine_ref_debug(ret, 0, 1)
+        engine_ref_debug(ret, 0, 1);
     }
-    CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+    CRYPTO_THREAD_unlock(global_engine_lock);
     return ret;
 }
 
@@ -201,13 +152,18 @@ ENGINE *ENGINE_get_last(void)
 {
     ENGINE *ret;
 
-    CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+    if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)) {
+        ENGINEerr(ENGINE_F_ENGINE_GET_LAST, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    CRYPTO_THREAD_write_lock(global_engine_lock);
     ret = engine_list_tail;
     if (ret) {
         ret->struct_ref++;
-        engine_ref_debug(ret, 0, 1)
+        engine_ref_debug(ret, 0, 1);
     }
-    CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+    CRYPTO_THREAD_unlock(global_engine_lock);
     return ret;
 }
 
@@ -219,14 +175,14 @@ ENGINE *ENGINE_get_next(ENGINE *e)
         ENGINEerr(ENGINE_F_ENGINE_GET_NEXT, ERR_R_PASSED_NULL_PARAMETER);
         return 0;
     }
-    CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+    CRYPTO_THREAD_write_lock(global_engine_lock);
     ret = e->next;
     if (ret) {
-        /* Return a valid structural refernce to the next ENGINE */
+        /* Return a valid structural reference to the next ENGINE */
         ret->struct_ref++;
-        engine_ref_debug(ret, 0, 1)
+        engine_ref_debug(ret, 0, 1);
     }
-    CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+    CRYPTO_THREAD_unlock(global_engine_lock);
     /* Release the structural reference to the previous ENGINE */
     ENGINE_free(e);
     return ret;
@@ -239,14 +195,14 @@ ENGINE *ENGINE_get_prev(ENGINE *e)
         ENGINEerr(ENGINE_F_ENGINE_GET_PREV, ERR_R_PASSED_NULL_PARAMETER);
         return 0;
     }
-    CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+    CRYPTO_THREAD_write_lock(global_engine_lock);
     ret = e->prev;
     if (ret) {
         /* Return a valid structural reference to the next ENGINE */
         ret->struct_ref++;
-        engine_ref_debug(ret, 0, 1)
+        engine_ref_debug(ret, 0, 1);
     }
-    CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+    CRYPTO_THREAD_unlock(global_engine_lock);
     /* Release the structural reference to the previous ENGINE */
     ENGINE_free(e);
     return ret;
@@ -264,12 +220,12 @@ int ENGINE_add(ENGINE *e)
         ENGINEerr(ENGINE_F_ENGINE_ADD, ENGINE_R_ID_OR_NAME_MISSING);
         return 0;
     }
-    CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+    CRYPTO_THREAD_write_lock(global_engine_lock);
     if (!engine_list_add(e)) {
         ENGINEerr(ENGINE_F_ENGINE_ADD, ENGINE_R_INTERNAL_LIST_ERROR);
         to_return = 0;
     }
-    CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+    CRYPTO_THREAD_unlock(global_engine_lock);
     return to_return;
 }
 
@@ -281,12 +237,12 @@ int ENGINE_remove(ENGINE *e)
         ENGINEerr(ENGINE_F_ENGINE_REMOVE, ERR_R_PASSED_NULL_PARAMETER);
         return 0;
     }
-    CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+    CRYPTO_THREAD_write_lock(global_engine_lock);
     if (!engine_list_remove(e)) {
         ENGINEerr(ENGINE_F_ENGINE_REMOVE, ENGINE_R_INTERNAL_LIST_ERROR);
         to_return = 0;
     }
-    CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+    CRYPTO_THREAD_unlock(global_engine_lock);
     return to_return;
 }
 
@@ -303,14 +259,10 @@ static void engine_cpy(ENGINE *dest, const ENGINE *src)
 #ifndef OPENSSL_NO_DH
     dest->dh_meth = src->dh_meth;
 #endif
-#ifndef OPENSSL_NO_ECDH
-    dest->ecdh_meth = src->ecdh_meth;
-#endif
-#ifndef OPENSSL_NO_ECDSA
-    dest->ecdsa_meth = src->ecdsa_meth;
+#ifndef OPENSSL_NO_EC
+    dest->ec_meth = src->ec_meth;
 #endif
     dest->rand_meth = src->rand_meth;
-    dest->store_meth = src->store_meth;
     dest->ciphers = src->ciphers;
     dest->digests = src->digests;
     dest->pkey_meths = src->pkey_meths;
@@ -327,16 +279,23 @@ static void engine_cpy(ENGINE *dest, const ENGINE *src)
 ENGINE *ENGINE_by_id(const char *id)
 {
     ENGINE *iterator;
+#ifndef __rtems__
     char *load_dir = NULL;
+#endif /* __rtems__ */
     if (id == NULL) {
         ENGINEerr(ENGINE_F_ENGINE_BY_ID, ERR_R_PASSED_NULL_PARAMETER);
         return NULL;
     }
-    CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+    if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)) {
+        ENGINEerr(ENGINE_F_ENGINE_BY_ID, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    CRYPTO_THREAD_write_lock(global_engine_lock);
     iterator = engine_list_head;
     while (iterator && (strcmp(id, iterator->id) != 0))
         iterator = iterator->next;
-    if (iterator) {
+    if (iterator != NULL) {
         /*
          * We need to return a structural reference. If this is an ENGINE
          * type that returns copies, make a duplicate - otherwise increment
@@ -344,7 +303,7 @@ ENGINE *ENGINE_by_id(const char *id)
          */
         if (iterator->flags & ENGINE_FLAGS_BY_ID_COPY) {
             ENGINE *cp = ENGINE_new();
-            if (!cp)
+            if (cp == NULL)
                 iterator = NULL;
             else {
                 engine_cpy(cp, iterator);
@@ -352,31 +311,20 @@ ENGINE *ENGINE_by_id(const char *id)
             }
         } else {
             iterator->struct_ref++;
-            engine_ref_debug(iterator, 0, 1)
+            engine_ref_debug(iterator, 0, 1);
         }
     }
-    CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-#if 0
-    if (iterator == NULL) {
-        ENGINEerr(ENGINE_F_ENGINE_BY_ID, ENGINE_R_NO_SUCH_ENGINE);
-        ERR_add_error_data(2, "id=", id);
-    }
-    return iterator;
-#else
-    /* EEK! Experimental code starts */
-    if (iterator)
+    CRYPTO_THREAD_unlock(global_engine_lock);
+    if (iterator != NULL)
         return iterator;
+#ifndef __rtems__
     /*
-     * Prevent infinite recusrion if we're looking for the dynamic engine.
+     * Prevent infinite recursion if we're looking for the dynamic engine.
      */
     if (strcmp(id, "dynamic")) {
-# ifdef OPENSSL_SYS_VMS
-        if ((load_dir = getenv("OPENSSL_ENGINES")) == 0)
-            load_dir = "SSLROOT:[ENGINES]";
-# else
-        if ((load_dir = getenv("OPENSSL_ENGINES")) == 0)
+        if (OPENSSL_issetugid()
+                || (load_dir = getenv("OPENSSL_ENGINES")) == NULL)
             load_dir = ENGINESDIR;
-# endif
         iterator = ENGINE_by_id("dynamic");
         if (!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) ||
             !ENGINE_ctrl_cmd_string(iterator, "DIR_LOAD", "2", 0) ||
@@ -388,20 +336,21 @@ ENGINE *ENGINE_by_id(const char *id)
         return iterator;
     }
  notfound:
+#endif /* __rtems__ */
     ENGINE_free(iterator);
     ENGINEerr(ENGINE_F_ENGINE_BY_ID, ENGINE_R_NO_SUCH_ENGINE);
     ERR_add_error_data(2, "id=", id);
     return NULL;
     /* EEK! Experimental code ends */
-#endif
 }
 
 int ENGINE_up_ref(ENGINE *e)
 {
+    int i;
     if (e == NULL) {
         ENGINEerr(ENGINE_F_ENGINE_UP_REF, ERR_R_PASSED_NULL_PARAMETER);
         return 0;
     }
-    CRYPTO_add(&e->struct_ref, 1, CRYPTO_LOCK_ENGINE);
+    CRYPTO_UP_REF(&e->struct_ref, &i, global_engine_lock);
     return 1;
 }
diff --git a/freebsd/crypto/openssl/crypto/engine/eng_openssl.c b/freebsd/crypto/openssl/crypto/engine/eng_openssl.c
index 70dae1bf..5a094a1d 100644
--- a/freebsd/crypto/openssl/crypto/engine/eng_openssl.c
+++ b/freebsd/crypto/openssl/crypto/engine/eng_openssl.c
@@ -1,86 +1,28 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/engine/eng_openssl.c */
 /*
- * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <openssl/crypto.h>
-#include "cryptlib.h"
-#include <openssl/engine.h>
-#include <openssl/dso.h>
+#include "internal/cryptlib.h"
+#include "internal/engine.h"
 #include <openssl/pem.h>
 #include <openssl/evp.h>
 #include <openssl/rand.h>
-#ifndef OPENSSL_NO_RSA
-# include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-# include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-# include <openssl/dh.h>
-#endif
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/dh.h>
+
+#include <openssl/hmac.h>
+#include <openssl/x509v3.h>
 
 /*
  * This testing gunk is implemented (and explained) lower down. It also
@@ -88,7 +30,11 @@
  * this is no longer automatic in ENGINE_load_builtin_engines().
  */
 #define TEST_ENG_OPENSSL_RC4
+#ifndef OPENSSL_NO_STDIO
 #define TEST_ENG_OPENSSL_PKEY
+#endif
+/* #define TEST_ENG_OPENSSL_HMAC */
+/* #define TEST_ENG_OPENSSL_HMAC_INIT */
 /* #define TEST_ENG_OPENSSL_RC4_OTHERS */
 #define TEST_ENG_OPENSSL_RC4_P_INIT
 /* #define TEST_ENG_OPENSSL_RC4_P_CIPHER */
@@ -105,13 +51,8 @@
 # undef TEST_ENG_OPENSSL_RC4_P_INIT
 # undef TEST_ENG_OPENSSL_RC4_P_CIPHER
 #endif
-#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA0) || defined(OPENSSL_NO_SHA1)
-# undef TEST_ENG_OPENSSL_SHA
-# undef TEST_ENG_OPENSSL_SHA_OTHERS
-# undef TEST_ENG_OPENSSL_SHA_P_INIT
-# undef TEST_ENG_OPENSSL_SHA_P_UPDATE
-# undef TEST_ENG_OPENSSL_SHA_P_FINAL
-#endif
+
+static int openssl_destroy(ENGINE *e);
 
 #ifdef TEST_ENG_OPENSSL_RC4
 static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
@@ -128,6 +69,12 @@ static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,
                                       void *callback_data);
 #endif
 
+#ifdef TEST_ENG_OPENSSL_HMAC
+static int ossl_register_hmac_meth(void);
+static int ossl_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
+                           const int **nids, int nid);
+#endif
+
 /* The constants used when creating the ENGINE */
 static const char *engine_openssl_id = "openssl";
 static const char *engine_openssl_name = "Software engine support";
@@ -140,6 +87,7 @@ static int bind_helper(ENGINE *e)
 {
     if (!ENGINE_set_id(e, engine_openssl_id)
         || !ENGINE_set_name(e, engine_openssl_name)
+        || !ENGINE_set_destroy_function(e, openssl_destroy)
 #ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS
 # ifndef OPENSSL_NO_RSA
         || !ENGINE_set_RSA(e, RSA_get_default_method())
@@ -147,16 +95,13 @@ static int bind_helper(ENGINE *e)
 # ifndef OPENSSL_NO_DSA
         || !ENGINE_set_DSA(e, DSA_get_default_method())
 # endif
-# ifndef OPENSSL_NO_ECDH
-        || !ENGINE_set_ECDH(e, ECDH_OpenSSL())
-# endif
-# ifndef OPENSSL_NO_ECDSA
-        || !ENGINE_set_ECDSA(e, ECDSA_OpenSSL())
+# ifndef OPENSSL_NO_EC
+        || !ENGINE_set_EC(e, EC_KEY_OpenSSL())
 # endif
 # ifndef OPENSSL_NO_DH
         || !ENGINE_set_DH(e, DH_get_default_method())
 # endif
-        || !ENGINE_set_RAND(e, RAND_SSLeay())
+        || !ENGINE_set_RAND(e, RAND_OpenSSL())
 # ifdef TEST_ENG_OPENSSL_RC4
         || !ENGINE_set_ciphers(e, openssl_ciphers)
 # endif
@@ -167,6 +112,10 @@ static int bind_helper(ENGINE *e)
 #ifdef TEST_ENG_OPENSSL_PKEY
         || !ENGINE_set_load_privkey_function(e, openssl_load_privkey)
 #endif
+#ifdef TEST_ENG_OPENSSL_HMAC
+        || !ossl_register_hmac_meth()
+        || !ENGINE_set_pkey_meths(e, ossl_pkey_meths)
+#endif
         )
         return 0;
     /*
@@ -180,7 +129,7 @@ static int bind_helper(ENGINE *e)
 static ENGINE *engine_openssl(void)
 {
     ENGINE *ret = ENGINE_new();
-    if (!ret)
+    if (ret == NULL)
         return NULL;
     if (!bind_helper(ret)) {
         ENGINE_free(ret);
@@ -189,7 +138,7 @@ static ENGINE *engine_openssl(void)
     return ret;
 }
 
-void ENGINE_load_openssl(void)
+void engine_load_openssl_int(void)
 {
     ENGINE *toadd = engine_openssl();
     if (!toadd)
@@ -234,14 +183,11 @@ IMPLEMENT_DYNAMIC_CHECK_FN()
  */
 # include <openssl/rc4.h>
 # define TEST_RC4_KEY_SIZE               16
-static int test_cipher_nids[] = { NID_rc4, NID_rc4_40 };
-
-static int test_cipher_nids_number = 2;
 typedef struct {
     unsigned char key[TEST_RC4_KEY_SIZE];
     RC4_KEY ks;
 } TEST_RC4_KEY;
-# define test(ctx) ((TEST_RC4_KEY *)(ctx)->cipher_data)
+# define test(ctx) ((TEST_RC4_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx))
 static int test_rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                              const unsigned char *iv, int enc)
 {
@@ -264,47 +210,86 @@ static int test_rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     return 1;
 }
 
-static const EVP_CIPHER test_r4_cipher = {
-    NID_rc4,
-    1, TEST_RC4_KEY_SIZE, 0,
-    EVP_CIPH_VARIABLE_LENGTH,
-    test_rc4_init_key,
-    test_rc4_cipher,
-    NULL,
-    sizeof(TEST_RC4_KEY),
-    NULL,
-    NULL,
-    NULL,
-    NULL
-};
-
-static const EVP_CIPHER test_r4_40_cipher = {
-    NID_rc4_40,
-    1, 5 /* 40 bit */ , 0,
-    EVP_CIPH_VARIABLE_LENGTH,
-    test_rc4_init_key,
-    test_rc4_cipher,
-    NULL,
-    sizeof(TEST_RC4_KEY),
-    NULL,
-    NULL,
-    NULL,
-    NULL
-};
+static EVP_CIPHER *r4_cipher = NULL;
+static const EVP_CIPHER *test_r4_cipher(void)
+{
+    if (r4_cipher == NULL) {
+        EVP_CIPHER *cipher;
+
+        if ((cipher = EVP_CIPHER_meth_new(NID_rc4, 1, TEST_RC4_KEY_SIZE)) == NULL
+            || !EVP_CIPHER_meth_set_iv_length(cipher, 0)
+            || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_VARIABLE_LENGTH)
+            || !EVP_CIPHER_meth_set_init(cipher, test_rc4_init_key)
+            || !EVP_CIPHER_meth_set_do_cipher(cipher, test_rc4_cipher)
+            || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(TEST_RC4_KEY))) {
+            EVP_CIPHER_meth_free(cipher);
+            cipher = NULL;
+        }
+        r4_cipher = cipher;
+    }
+    return r4_cipher;
+}
+static void test_r4_cipher_destroy(void)
+{
+    EVP_CIPHER_meth_free(r4_cipher);
+    r4_cipher = NULL;
+}
+
+static EVP_CIPHER *r4_40_cipher = NULL;
+static const EVP_CIPHER *test_r4_40_cipher(void)
+{
+    if (r4_40_cipher == NULL) {
+        EVP_CIPHER *cipher;
+
+        if ((cipher = EVP_CIPHER_meth_new(NID_rc4, 1, 5 /* 40 bits */)) == NULL
+            || !EVP_CIPHER_meth_set_iv_length(cipher, 0)
+            || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_VARIABLE_LENGTH)
+            || !EVP_CIPHER_meth_set_init(cipher, test_rc4_init_key)
+            || !EVP_CIPHER_meth_set_do_cipher(cipher, test_rc4_cipher)
+            || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(TEST_RC4_KEY))) {
+            EVP_CIPHER_meth_free(cipher);
+            cipher = NULL;
+        }
+        r4_40_cipher = cipher;
+    }
+    return r4_40_cipher;
+}
+static void test_r4_40_cipher_destroy(void)
+{
+    EVP_CIPHER_meth_free(r4_40_cipher);
+    r4_40_cipher = NULL;
+}
+static int test_cipher_nids(const int **nids)
+{
+    static int cipher_nids[4] = { 0, 0, 0, 0 };
+    static int pos = 0;
+    static int init = 0;
+
+    if (!init) {
+        const EVP_CIPHER *cipher;
+        if ((cipher = test_r4_cipher()) != NULL)
+            cipher_nids[pos++] = EVP_CIPHER_nid(cipher);
+        if ((cipher = test_r4_40_cipher()) != NULL)
+            cipher_nids[pos++] = EVP_CIPHER_nid(cipher);
+        cipher_nids[pos] = 0;
+        init = 1;
+    }
+    *nids = cipher_nids;
+    return pos;
+}
 
 static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
                            const int **nids, int nid)
 {
     if (!cipher) {
         /* We are returning a list of supported nids */
-        *nids = test_cipher_nids;
-        return test_cipher_nids_number;
+        return test_cipher_nids(nids);
     }
     /* We are being asked for a specific cipher */
     if (nid == NID_rc4)
-        *cipher = &test_r4_cipher;
+        *cipher = test_r4_cipher();
     else if (nid == NID_rc4_40)
-        *cipher = &test_r4_40_cipher;
+        *cipher = test_r4_40_cipher();
     else {
 # ifdef TEST_ENG_OPENSSL_RC4_OTHERS
         fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) returning NULL for "
@@ -320,15 +305,13 @@ static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
 #ifdef TEST_ENG_OPENSSL_SHA
 /* Much the same sort of comment as for TEST_ENG_OPENSSL_RC4 */
 # include <openssl/sha.h>
-static int test_digest_nids[] = { NID_sha1 };
 
-static int test_digest_nids_number = 1;
 static int test_sha1_init(EVP_MD_CTX *ctx)
 {
 # ifdef TEST_ENG_OPENSSL_SHA_P_INIT
     fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_init() called\n");
 # endif
-    return SHA1_Init(ctx->md_data);
+    return SHA1_Init(EVP_MD_CTX_md_data(ctx));
 }
 
 static int test_sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count)
@@ -336,7 +319,7 @@ static int test_sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count)
 # ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE
     fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n");
 # endif
-    return SHA1_Update(ctx->md_data, data, count);
+    return SHA1_Update(EVP_MD_CTX_md_data(ctx), data, count);
 }
 
 static int test_sha1_final(EVP_MD_CTX *ctx, unsigned char *md)
@@ -344,35 +327,63 @@ static int test_sha1_final(EVP_MD_CTX *ctx, unsigned char *md)
 # ifdef TEST_ENG_OPENSSL_SHA_P_FINAL
     fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_final() called\n");
 # endif
-    return SHA1_Final(md, ctx->md_data);
-}
-
-static const EVP_MD test_sha_md = {
-    NID_sha1,
-    NID_sha1WithRSAEncryption,
-    SHA_DIGEST_LENGTH,
-    0,
-    test_sha1_init,
-    test_sha1_update,
-    test_sha1_final,
-    NULL,
-    NULL,
-    EVP_PKEY_RSA_method,
-    SHA_CBLOCK,
-    sizeof(EVP_MD *) + sizeof(SHA_CTX),
-};
+    return SHA1_Final(md, EVP_MD_CTX_md_data(ctx));
+}
+
+static EVP_MD *sha1_md = NULL;
+static const EVP_MD *test_sha_md(void)
+{
+    if (sha1_md == NULL) {
+        EVP_MD *md;
+
+        if ((md = EVP_MD_meth_new(NID_sha1, NID_sha1WithRSAEncryption)) == NULL
+            || !EVP_MD_meth_set_result_size(md, SHA_DIGEST_LENGTH)
+            || !EVP_MD_meth_set_input_blocksize(md, SHA_CBLOCK)
+            || !EVP_MD_meth_set_app_datasize(md,
+                                             sizeof(EVP_MD *) + sizeof(SHA_CTX))
+            || !EVP_MD_meth_set_flags(md, 0)
+            || !EVP_MD_meth_set_init(md, test_sha1_init)
+            || !EVP_MD_meth_set_update(md, test_sha1_update)
+            || !EVP_MD_meth_set_final(md, test_sha1_final)) {
+            EVP_MD_meth_free(md);
+            md = NULL;
+        }
+        sha1_md = md;
+    }
+    return sha1_md;
+}
+static void test_sha_md_destroy(void)
+{
+    EVP_MD_meth_free(sha1_md);
+    sha1_md = NULL;
+}
+static int test_digest_nids(const int **nids)
+{
+    static int digest_nids[2] = { 0, 0 };
+    static int pos = 0;
+    static int init = 0;
+
+    if (!init) {
+        const EVP_MD *md;
+        if ((md = test_sha_md()) != NULL)
+            digest_nids[pos++] = EVP_MD_type(md);
+        digest_nids[pos] = 0;
+        init = 1;
+    }
+    *nids = digest_nids;
+    return pos;
+}
 
 static int openssl_digests(ENGINE *e, const EVP_MD **digest,
                            const int **nids, int nid)
 {
     if (!digest) {
         /* We are returning a list of supported nids */
-        *nids = test_digest_nids;
-        return test_digest_nids_number;
+        return test_digest_nids(nids);
     }
     /* We are being asked for a specific digest */
     if (nid == NID_sha1)
-        *digest = &test_sha_md;
+        *digest = test_sha_md();
     else {
 # ifdef TEST_ENG_OPENSSL_SHA_OTHERS
         fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) returning NULL for "
@@ -402,3 +413,238 @@ static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,
     return key;
 }
 #endif
+
+#ifdef TEST_ENG_OPENSSL_HMAC
+
+/*
+ * Experimental HMAC redirection implementation: mainly copied from
+ * hm_pmeth.c
+ */
+
+/* HMAC pkey context structure */
+
+typedef struct {
+    const EVP_MD *md;           /* MD for HMAC use */
+    ASN1_OCTET_STRING ktmp;     /* Temp storage for key */
+    HMAC_CTX *ctx;
+} OSSL_HMAC_PKEY_CTX;
+
+static int ossl_hmac_init(EVP_PKEY_CTX *ctx)
+{
+    OSSL_HMAC_PKEY_CTX *hctx;
+
+    if ((hctx = OPENSSL_zalloc(sizeof(*hctx))) == NULL) {
+        ENGINEerr(ENGINE_F_OSSL_HMAC_INIT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    hctx->ktmp.type = V_ASN1_OCTET_STRING;
+    hctx->ctx = HMAC_CTX_new();
+    if (hctx->ctx == NULL) {
+        OPENSSL_free(hctx);
+        return 0;
+    }
+    EVP_PKEY_CTX_set_data(ctx, hctx);
+    EVP_PKEY_CTX_set0_keygen_info(ctx, NULL, 0);
+# ifdef TEST_ENG_OPENSSL_HMAC_INIT
+    fprintf(stderr, "(TEST_ENG_OPENSSL_HMAC) ossl_hmac_init() called\n");
+# endif
+    return 1;
+}
+
+static void ossl_hmac_cleanup(EVP_PKEY_CTX *ctx);
+
+static int ossl_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
+{
+    OSSL_HMAC_PKEY_CTX *sctx, *dctx;
+
+    /* allocate memory for dst->data and a new HMAC_CTX in dst->data->ctx */
+    if (!ossl_hmac_init(dst))
+        return 0;
+    sctx = EVP_PKEY_CTX_get_data(src);
+    dctx = EVP_PKEY_CTX_get_data(dst);
+    dctx->md = sctx->md;
+    if (!HMAC_CTX_copy(dctx->ctx, sctx->ctx))
+        goto err;
+    if (sctx->ktmp.data) {
+        if (!ASN1_OCTET_STRING_set(&dctx->ktmp,
+                                   sctx->ktmp.data, sctx->ktmp.length))
+            goto err;
+    }
+    return 1;
+err:
+    /* release HMAC_CTX in dst->data->ctx and memory allocated for dst->data */
+    ossl_hmac_cleanup(dst);
+    return 0;
+}
+
+static void ossl_hmac_cleanup(EVP_PKEY_CTX *ctx)
+{
+    OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
+
+    if (hctx) {
+        HMAC_CTX_free(hctx->ctx);
+        OPENSSL_clear_free(hctx->ktmp.data, hctx->ktmp.length);
+        OPENSSL_free(hctx);
+        EVP_PKEY_CTX_set_data(ctx, NULL);
+    }
+}
+
+static int ossl_hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+    ASN1_OCTET_STRING *hkey = NULL;
+    OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
+    if (!hctx->ktmp.data)
+        return 0;
+    hkey = ASN1_OCTET_STRING_dup(&hctx->ktmp);
+    if (!hkey)
+        return 0;
+    EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, hkey);
+
+    return 1;
+}
+
+static int ossl_int_update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(EVP_MD_CTX_pkey_ctx(ctx));
+    if (!HMAC_Update(hctx->ctx, data, count))
+        return 0;
+    return 1;
+}
+
+static int ossl_hmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
+{
+    EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT);
+    EVP_MD_CTX_set_update_fn(mctx, ossl_int_update);
+    return 1;
+}
+
+static int ossl_hmac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig,
+                             size_t *siglen, EVP_MD_CTX *mctx)
+{
+    unsigned int hlen;
+    OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
+    int l = EVP_MD_CTX_size(mctx);
+
+    if (l < 0)
+        return 0;
+    *siglen = l;
+    if (!sig)
+        return 1;
+
+    if (!HMAC_Final(hctx->ctx, sig, &hlen))
+        return 0;
+    *siglen = (size_t)hlen;
+    return 1;
+}
+
+static int ossl_hmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
+    EVP_PKEY *pk;
+    ASN1_OCTET_STRING *key;
+    switch (type) {
+
+    case EVP_PKEY_CTRL_SET_MAC_KEY:
+        if ((!p2 && p1 > 0) || (p1 < -1))
+            return 0;
+        if (!ASN1_OCTET_STRING_set(&hctx->ktmp, p2, p1))
+            return 0;
+        break;
+
+    case EVP_PKEY_CTRL_MD:
+        hctx->md = p2;
+        break;
+
+    case EVP_PKEY_CTRL_DIGESTINIT:
+        pk = EVP_PKEY_CTX_get0_pkey(ctx);
+        key = EVP_PKEY_get0(pk);
+        if (!HMAC_Init_ex(hctx->ctx, key->data, key->length, hctx->md, NULL))
+            return 0;
+        break;
+
+    default:
+        return -2;
+
+    }
+    return 1;
+}
+
+static int ossl_hmac_ctrl_str(EVP_PKEY_CTX *ctx,
+                              const char *type, const char *value)
+{
+    if (!value) {
+        return 0;
+    }
+    if (strcmp(type, "key") == 0) {
+        void *p = (void *)value;
+        return ossl_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, -1, p);
+    }
+    if (strcmp(type, "hexkey") == 0) {
+        unsigned char *key;
+        int r;
+        long keylen;
+        key = OPENSSL_hexstr2buf(value, &keylen);
+        if (!key)
+            return 0;
+        r = ossl_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, keylen, key);
+        OPENSSL_free(key);
+        return r;
+    }
+    return -2;
+}
+
+static EVP_PKEY_METHOD *ossl_hmac_meth;
+
+static int ossl_register_hmac_meth(void)
+{
+    EVP_PKEY_METHOD *meth;
+    meth = EVP_PKEY_meth_new(EVP_PKEY_HMAC, 0);
+    if (meth == NULL)
+        return 0;
+    EVP_PKEY_meth_set_init(meth, ossl_hmac_init);
+    EVP_PKEY_meth_set_copy(meth, ossl_hmac_copy);
+    EVP_PKEY_meth_set_cleanup(meth, ossl_hmac_cleanup);
+
+    EVP_PKEY_meth_set_keygen(meth, 0, ossl_hmac_keygen);
+
+    EVP_PKEY_meth_set_signctx(meth, ossl_hmac_signctx_init,
+                              ossl_hmac_signctx);
+
+    EVP_PKEY_meth_set_ctrl(meth, ossl_hmac_ctrl, ossl_hmac_ctrl_str);
+    ossl_hmac_meth = meth;
+    return 1;
+}
+
+static int ossl_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
+                           const int **nids, int nid)
+{
+    static int ossl_pkey_nids[] = {
+        EVP_PKEY_HMAC,
+        0
+    };
+    if (!pmeth) {
+        *nids = ossl_pkey_nids;
+        return 1;
+    }
+
+    if (nid == EVP_PKEY_HMAC) {
+        *pmeth = ossl_hmac_meth;
+        return 1;
+    }
+
+    *pmeth = NULL;
+    return 0;
+}
+
+#endif
+
+int openssl_destroy(ENGINE *e)
+{
+    test_sha_md_destroy();
+#ifdef TEST_ENG_OPENSSL_RC4
+    test_r4_cipher_destroy();
+    test_r4_40_cipher_destroy();
+#endif
+    return 1;
+}
+
diff --git a/freebsd/crypto/openssl/crypto/engine/eng_pkey.c b/freebsd/crypto/openssl/crypto/engine/eng_pkey.c
index 434233ae..5bf3e82b 100644
--- a/freebsd/crypto/openssl/crypto/engine/eng_pkey.c
+++ b/freebsd/crypto/openssl/crypto/engine/eng_pkey.c
@@ -1,58 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/engine/eng_pkey.c */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include "eng_int.h"
@@ -108,13 +62,13 @@ EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
                   ERR_R_PASSED_NULL_PARAMETER);
         return 0;
     }
-    CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+    CRYPTO_THREAD_write_lock(global_engine_lock);
     if (e->funct_ref == 0) {
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        CRYPTO_THREAD_unlock(global_engine_lock);
         ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, ENGINE_R_NOT_INITIALISED);
         return 0;
     }
-    CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+    CRYPTO_THREAD_unlock(global_engine_lock);
     if (!e->load_privkey) {
         ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
                   ENGINE_R_NO_LOAD_FUNCTION);
@@ -139,13 +93,13 @@ EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
                   ERR_R_PASSED_NULL_PARAMETER);
         return 0;
     }
-    CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+    CRYPTO_THREAD_write_lock(global_engine_lock);
     if (e->funct_ref == 0) {
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        CRYPTO_THREAD_unlock(global_engine_lock);
         ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, ENGINE_R_NOT_INITIALISED);
         return 0;
     }
-    CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+    CRYPTO_THREAD_unlock(global_engine_lock);
     if (!e->load_pubkey) {
         ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, ENGINE_R_NO_LOAD_FUNCTION);
         return 0;
@@ -170,14 +124,14 @@ int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
                   ERR_R_PASSED_NULL_PARAMETER);
         return 0;
     }
-    CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+    CRYPTO_THREAD_write_lock(global_engine_lock);
     if (e->funct_ref == 0) {
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        CRYPTO_THREAD_unlock(global_engine_lock);
         ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
                   ENGINE_R_NOT_INITIALISED);
         return 0;
     }
-    CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+    CRYPTO_THREAD_unlock(global_engine_lock);
     if (!e->load_ssl_client_cert) {
         ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
                   ENGINE_R_NO_LOAD_FUNCTION);
diff --git a/freebsd/crypto/openssl/crypto/engine/eng_rdrand.c b/freebsd/crypto/openssl/crypto/engine/eng_rdrand.c
index dd36c824..12346d2d 100644
--- a/freebsd/crypto/openssl/crypto/engine/eng_rdrand.c
+++ b/freebsd/crypto/openssl/crypto/engine/eng_rdrand.c
@@ -1,88 +1,36 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
+/*
+ * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/opensslconf.h>
 
 #include <stdio.h>
 #include <string.h>
-#include <openssl/engine.h>
+#include "internal/engine.h"
 #include <openssl/rand.h>
 #include <openssl/err.h>
+#include <openssl/crypto.h>
 
 #if (defined(__i386)   || defined(__i386__)   || defined(_M_IX86) || \
      defined(__x86_64) || defined(__x86_64__) || \
      defined(_M_AMD64) || defined (_M_X64)) && defined(OPENSSL_CPUID_OBJ)
 
-size_t OPENSSL_ia32_rdrand(void);
+size_t OPENSSL_ia32_rdrand_bytes(unsigned char *buf, size_t len);
 
 static int get_random_bytes(unsigned char *buf, int num)
 {
-    size_t rnd;
-
-    while (num >= (int)sizeof(size_t)) {
-        if ((rnd = OPENSSL_ia32_rdrand()) == 0)
-            return 0;
-
-        *((size_t *)buf) = rnd;
-        buf += sizeof(size_t);
-        num -= sizeof(size_t);
-    }
-    if (num) {
-        if ((rnd = OPENSSL_ia32_rdrand()) == 0)
-            return 0;
-
-        memcpy(buf, &rnd, num);
+    if (num < 0) {
+        return 0;
     }
 
-    return 1;
+    return (size_t)num == OPENSSL_ia32_rdrand_bytes(buf, (size_t)num);
 }
 
 static int random_status(void)
@@ -122,7 +70,7 @@ static int bind_helper(ENGINE *e)
 static ENGINE *ENGINE_rdrand(void)
 {
     ENGINE *ret = ENGINE_new();
-    if (!ret)
+    if (ret == NULL)
         return NULL;
     if (!bind_helper(ret)) {
         ENGINE_free(ret);
@@ -131,7 +79,7 @@ static ENGINE *ENGINE_rdrand(void)
     return ret;
 }
 
-void ENGINE_load_rdrand(void)
+void engine_load_rdrand_int(void)
 {
     extern unsigned int OPENSSL_ia32cap_P[];
 
@@ -145,7 +93,7 @@ void ENGINE_load_rdrand(void)
     }
 }
 #else
-void ENGINE_load_rdrand(void)
+void engine_load_rdrand_int(void)
 {
 }
 #endif
diff --git a/freebsd/crypto/openssl/crypto/engine/eng_table.c b/freebsd/crypto/openssl/crypto/engine/eng_table.c
index ade6dc29..4ecec3eb 100644
--- a/freebsd/crypto/openssl/crypto/engine/eng_table.c
+++ b/freebsd/crypto/openssl/crypto/engine/eng_table.c
@@ -1,66 +1,21 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* ====================================================================
- * Copyright (c) 2001-2018 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/lhash.h>
 #include "eng_int.h"
 
 /* The type of the items in the table */
-typedef struct st_engine_pile {
+struct st_engine_pile {
     /* The 'nid' of this algorithm/mode */
     int nid;
     /* ENGINEs that implement this algorithm/mode. */
@@ -71,9 +26,7 @@ typedef struct st_engine_pile {
      * Zero if 'sk' is newer than the cached 'funct', non-zero otherwise
      */
     int uptodate;
-} ENGINE_PILE;
-
-DECLARE_LHASH_OF(ENGINE_PILE);
+};
 
 /* The type exposed in eng_int.h */
 struct st_engine_table {
@@ -110,9 +63,6 @@ static int engine_pile_cmp(const ENGINE_PILE *a, const ENGINE_PILE *b)
     return a->nid - b->nid;
 }
 
-static IMPLEMENT_LHASH_HASH_FN(engine_pile, ENGINE_PILE)
-static IMPLEMENT_LHASH_COMP_FN(engine_pile, ENGINE_PILE)
-
 static int int_table_check(ENGINE_TABLE **t, int create)
 {
     LHASH_OF(ENGINE_PILE) *lh;
@@ -121,7 +71,7 @@ static int int_table_check(ENGINE_TABLE **t, int create)
         return 1;
     if (!create)
         return 0;
-    if ((lh = lh_ENGINE_PILE_new()) == NULL)
+    if ((lh = lh_ENGINE_PILE_new(engine_pile_hash, engine_pile_cmp)) == NULL)
         return 0;
     *t = (ENGINE_TABLE *)lh;
     return 1;
@@ -137,7 +87,7 @@ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
 {
     int ret = 0, added = 0;
     ENGINE_PILE tmplate, *fnd;
-    CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+    CRYPTO_THREAD_write_lock(global_engine_lock);
     if (!(*table))
         added = 1;
     if (!int_table_check(table, 1))
@@ -149,8 +99,8 @@ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
         tmplate.nid = *nids;
         fnd = lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate);
         if (!fnd) {
-            fnd = OPENSSL_malloc(sizeof(ENGINE_PILE));
-            if (!fnd)
+            fnd = OPENSSL_malloc(sizeof(*fnd));
+            if (fnd == NULL)
                 goto end;
             fnd->uptodate = 1;
             fnd->nid = *nids;
@@ -167,7 +117,7 @@ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
                 goto end;
             }
         }
-        /* A registration shouldn't add duplciate entries */
+        /* A registration shouldn't add duplicate entries */
         (void)sk_ENGINE_delete_ptr(fnd->sk, e);
         /*
          * if 'setdefault', this ENGINE goes to the head of the list
@@ -191,14 +141,14 @@ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
     }
     ret = 1;
  end:
-    CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+    CRYPTO_THREAD_unlock(global_engine_lock);
     return ret;
 }
 
-static void int_unregister_cb_doall_arg(ENGINE_PILE *pile, ENGINE *e)
+static void int_unregister_cb(ENGINE_PILE *pile, ENGINE *e)
 {
     int n;
-    /* Iterate the 'c->sk' stack removing any occurance of 'e' */
+    /* Iterate the 'c->sk' stack removing any occurrence of 'e' */
     while ((n = sk_ENGINE_find(pile->sk, e)) >= 0) {
         (void)sk_ENGINE_delete(pile->sk, n);
         pile->uptodate = 0;
@@ -209,38 +159,35 @@ static void int_unregister_cb_doall_arg(ENGINE_PILE *pile, ENGINE *e)
     }
 }
 
-static IMPLEMENT_LHASH_DOALL_ARG_FN(int_unregister_cb, ENGINE_PILE, ENGINE)
+IMPLEMENT_LHASH_DOALL_ARG(ENGINE_PILE, ENGINE);
 
 void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e)
 {
-    CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+    CRYPTO_THREAD_write_lock(global_engine_lock);
     if (int_table_check(table, 0))
-        lh_ENGINE_PILE_doall_arg(&(*table)->piles,
-                                 LHASH_DOALL_ARG_FN(int_unregister_cb),
-                                 ENGINE, e);
-    CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        lh_ENGINE_PILE_doall_ENGINE(&(*table)->piles, int_unregister_cb, e);
+    CRYPTO_THREAD_unlock(global_engine_lock);
 }
 
 static void int_cleanup_cb_doall(ENGINE_PILE *p)
 {
+    if (!p)
+        return;
     sk_ENGINE_free(p->sk);
     if (p->funct)
         engine_unlocked_finish(p->funct, 0);
     OPENSSL_free(p);
 }
 
-static IMPLEMENT_LHASH_DOALL_FN(int_cleanup_cb, ENGINE_PILE)
-
 void engine_table_cleanup(ENGINE_TABLE **table)
 {
-    CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+    CRYPTO_THREAD_write_lock(global_engine_lock);
     if (*table) {
-        lh_ENGINE_PILE_doall(&(*table)->piles,
-                             LHASH_DOALL_FN(int_cleanup_cb));
+        lh_ENGINE_PILE_doall(&(*table)->piles, int_cleanup_cb_doall);
         lh_ENGINE_PILE_free(&(*table)->piles);
         *table = NULL;
     }
-    CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+    CRYPTO_THREAD_unlock(global_engine_lock);
 }
 
 /* return a functional reference for a given 'nid' */
@@ -263,7 +210,7 @@ ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f,
         return NULL;
     }
     ERR_set_mark();
-    CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+    CRYPTO_THREAD_write_lock(global_engine_lock);
     /*
      * Check again inside the lock otherwise we could race against cleanup
      * operations. But don't worry about a fprintf(stderr).
@@ -334,7 +281,7 @@ ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f,
         fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching "
                 "'no matching ENGINE'\n", f, l, nid);
 #endif
-    CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+    CRYPTO_THREAD_unlock(global_engine_lock);
     /*
      * Whatever happened, any failed init()s are not failures in this
      * context, so clear our error state.
@@ -345,12 +292,12 @@ ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f,
 
 /* Table enumeration */
 
-static void int_cb_doall_arg(ENGINE_PILE *pile, ENGINE_PILE_DOALL *dall)
+static void int_dall(const ENGINE_PILE *pile, ENGINE_PILE_DOALL *dall)
 {
     dall->cb(pile->nid, pile->sk, pile->funct, dall->arg);
 }
 
-static IMPLEMENT_LHASH_DOALL_ARG_FN(int_cb, ENGINE_PILE, ENGINE_PILE_DOALL)
+IMPLEMENT_LHASH_DOALL_ARG_CONST(ENGINE_PILE, ENGINE_PILE_DOALL);
 
 void engine_table_doall(ENGINE_TABLE *table, engine_table_doall_cb *cb,
                         void *arg)
@@ -359,7 +306,5 @@ void engine_table_doall(ENGINE_TABLE *table, engine_table_doall_cb *cb,
     dall.cb = cb;
     dall.arg = arg;
     if (table)
-        lh_ENGINE_PILE_doall_arg(&table->piles,
-                                 LHASH_DOALL_ARG_FN(int_cb),
-                                 ENGINE_PILE_DOALL, &dall);
+        lh_ENGINE_PILE_doall_ENGINE_PILE_DOALL(&table->piles, int_dall, &dall);
 }
diff --git a/freebsd/crypto/openssl/crypto/engine/enginetest.c b/freebsd/crypto/openssl/crypto/engine/enginetest.c
deleted file mode 100644
index 6c57f779..00000000
--- a/freebsd/crypto/openssl/crypto/engine/enginetest.c
+++ /dev/null
@@ -1,271 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/engine/enginetest.c */
-/*
- * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/e_os2.h>
-
-#ifdef OPENSSL_NO_ENGINE
-int main(int argc, char *argv[])
-{
-    printf("No ENGINE support\n");
-    return (0);
-}
-#else
-# include <openssl/buffer.h>
-# include <openssl/crypto.h>
-# include <openssl/engine.h>
-# include <openssl/err.h>
-
-static void display_engine_list(void)
-{
-    ENGINE *h;
-    int loop;
-
-    h = ENGINE_get_first();
-    loop = 0;
-    printf("listing available engine types\n");
-    while (h) {
-        printf("engine %i, id = \"%s\", name = \"%s\"\n",
-               loop++, ENGINE_get_id(h), ENGINE_get_name(h));
-        h = ENGINE_get_next(h);
-    }
-    printf("end of list\n");
-    /*
-     * ENGINE_get_first() increases the struct_ref counter, so we must call
-     * ENGINE_free() to decrease it again
-     */
-    ENGINE_free(h);
-}
-
-int main(int argc, char *argv[])
-{
-    ENGINE *block[512];
-    char buf[256];
-    const char *id, *name;
-    ENGINE *ptr;
-    int loop;
-    int to_return = 1;
-    ENGINE *new_h1 = NULL;
-    ENGINE *new_h2 = NULL;
-    ENGINE *new_h3 = NULL;
-    ENGINE *new_h4 = NULL;
-
-    /* enable memory leak checking unless explicitly disabled */
-    if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL)
-          && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))) {
-        CRYPTO_malloc_debug_init();
-        CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
-    } else {
-        /* OPENSSL_DEBUG_MEMORY=off */
-        CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
-    }
-    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-    ERR_load_crypto_strings();
-
-    memset(block, 0, 512 * sizeof(ENGINE *));
-    if (((new_h1 = ENGINE_new()) == NULL) ||
-        !ENGINE_set_id(new_h1, "test_id0") ||
-        !ENGINE_set_name(new_h1, "First test item") ||
-        ((new_h2 = ENGINE_new()) == NULL) ||
-        !ENGINE_set_id(new_h2, "test_id1") ||
-        !ENGINE_set_name(new_h2, "Second test item") ||
-        ((new_h3 = ENGINE_new()) == NULL) ||
-        !ENGINE_set_id(new_h3, "test_id2") ||
-        !ENGINE_set_name(new_h3, "Third test item") ||
-        ((new_h4 = ENGINE_new()) == NULL) ||
-        !ENGINE_set_id(new_h4, "test_id3") ||
-        !ENGINE_set_name(new_h4, "Fourth test item")) {
-        printf("Couldn't set up test ENGINE structures\n");
-        goto end;
-    }
-    printf("\nenginetest beginning\n\n");
-    display_engine_list();
-    if (!ENGINE_add(new_h1)) {
-        printf("Add failed!\n");
-        goto end;
-    }
-    display_engine_list();
-    ptr = ENGINE_get_first();
-    if (!ENGINE_remove(ptr)) {
-        printf("Remove failed!\n");
-        goto end;
-    }
-    if (ptr)
-        ENGINE_free(ptr);
-    display_engine_list();
-    if (!ENGINE_add(new_h3) || !ENGINE_add(new_h2)) {
-        printf("Add failed!\n");
-        goto end;
-    }
-    display_engine_list();
-    if (!ENGINE_remove(new_h2)) {
-        printf("Remove failed!\n");
-        goto end;
-    }
-    display_engine_list();
-    if (!ENGINE_add(new_h4)) {
-        printf("Add failed!\n");
-        goto end;
-    }
-    display_engine_list();
-    if (ENGINE_add(new_h3)) {
-        printf("Add *should* have failed but didn't!\n");
-        goto end;
-    } else
-        printf("Add that should fail did.\n");
-    ERR_clear_error();
-    if (ENGINE_remove(new_h2)) {
-        printf("Remove *should* have failed but didn't!\n");
-        goto end;
-    } else
-        printf("Remove that should fail did.\n");
-    ERR_clear_error();
-    if (!ENGINE_remove(new_h3)) {
-        printf("Remove failed!\n");
-        goto end;
-    }
-    display_engine_list();
-    if (!ENGINE_remove(new_h4)) {
-        printf("Remove failed!\n");
-        goto end;
-    }
-    display_engine_list();
-    /*
-     * Depending on whether there's any hardware support compiled in, this
-     * remove may be destined to fail.
-     */
-    ptr = ENGINE_get_first();
-    if (ptr)
-        if (!ENGINE_remove(ptr))
-            printf("Remove failed!i - probably no hardware "
-                   "support present.\n");
-    if (ptr)
-        ENGINE_free(ptr);
-    display_engine_list();
-    if (!ENGINE_add(new_h1) || !ENGINE_remove(new_h1)) {
-        printf("Couldn't add and remove to an empty list!\n");
-        goto end;
-    } else
-        printf("Successfully added and removed to an empty list!\n");
-    printf("About to beef up the engine-type list\n");
-    for (loop = 0; loop < 512; loop++) {
-        sprintf(buf, "id%i", loop);
-        id = BUF_strdup(buf);
-        sprintf(buf, "Fake engine type %i", loop);
-        name = BUF_strdup(buf);
-        if (((block[loop] = ENGINE_new()) == NULL) ||
-            !ENGINE_set_id(block[loop], id) ||
-            !ENGINE_set_name(block[loop], name)) {
-            printf("Couldn't create block of ENGINE structures.\n"
-                   "I'll probably also core-dump now, damn.\n");
-            goto end;
-        }
-    }
-    for (loop = 0; loop < 512; loop++) {
-        if (!ENGINE_add(block[loop])) {
-            printf("\nAdding stopped at %i, (%s,%s)\n",
-                   loop, ENGINE_get_id(block[loop]),
-                   ENGINE_get_name(block[loop]));
-            goto cleanup_loop;
-        } else
-            printf(".");
-        fflush(stdout);
-    }
- cleanup_loop:
-    printf("\nAbout to empty the engine-type list\n");
-    while ((ptr = ENGINE_get_first()) != NULL) {
-        if (!ENGINE_remove(ptr)) {
-            printf("\nRemove failed!\n");
-            goto end;
-        }
-        ENGINE_free(ptr);
-        printf(".");
-        fflush(stdout);
-    }
-    for (loop = 0; loop < 512; loop++) {
-        OPENSSL_free((void *)ENGINE_get_id(block[loop]));
-        OPENSSL_free((void *)ENGINE_get_name(block[loop]));
-    }
-    printf("\nTests completed happily\n");
-    to_return = 0;
- end:
-    if (to_return)
-        ERR_print_errors_fp(stderr);
-    if (new_h1)
-        ENGINE_free(new_h1);
-    if (new_h2)
-        ENGINE_free(new_h2);
-    if (new_h3)
-        ENGINE_free(new_h3);
-    if (new_h4)
-        ENGINE_free(new_h4);
-    for (loop = 0; loop < 512; loop++)
-        if (block[loop])
-            ENGINE_free(block[loop]);
-    ENGINE_cleanup();
-    CRYPTO_cleanup_all_ex_data();
-    ERR_free_strings();
-    ERR_remove_thread_state(NULL);
-    CRYPTO_mem_leaks_fp(stderr);
-    return to_return;
-}
-#endif
diff --git a/freebsd/crypto/openssl/crypto/engine/tb_asnmth.c b/freebsd/crypto/openssl/crypto/engine/tb_asnmth.c
index 82dd9e48..58a7a35d 100644
--- a/freebsd/crypto/openssl/crypto/engine/tb_asnmth.c
+++ b/freebsd/crypto/openssl/crypto/engine/tb_asnmth.c
@@ -1,62 +1,18 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* ====================================================================
- * Copyright (c) 2006-2018 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
+#include "e_os.h"
 #include "eng_int.h"
-#include "asn1_locl.h"
 #include <openssl/evp.h>
+#include "internal/asn1_int.h"
 
 /*
  * If this symbol is defined then ENGINE_get_pkey_asn1_meth_engine(), the
@@ -193,8 +149,8 @@ const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e,
     nidcount = e->pkey_asn1_meths(e, NULL, &nids, 0);
     for (i = 0; i < nidcount; i++) {
         e->pkey_asn1_meths(e, &ameth, NULL, nids[i]);
-        if (((int)strlen(ameth->pem_str) == len) &&
-            !strncasecmp(ameth->pem_str, str, len))
+        if (((int)strlen(ameth->pem_str) == len)
+            && strncasecmp(ameth->pem_str, str, len) == 0)
             return ameth;
     }
     return NULL;
@@ -217,8 +173,9 @@ static void look_str_cb(int nid, STACK_OF(ENGINE) *sk, ENGINE *def, void *arg)
         ENGINE *e = sk_ENGINE_value(sk, i);
         EVP_PKEY_ASN1_METHOD *ameth;
         e->pkey_asn1_meths(e, &ameth, NULL, nid);
-        if (ameth != NULL && ((int)strlen(ameth->pem_str) == lk->len) &&
-            !strncasecmp(ameth->pem_str, lk->str, lk->len)) {
+        if (ameth != NULL
+                && ((int)strlen(ameth->pem_str) == lk->len)
+                && strncasecmp(ameth->pem_str, lk->str, lk->len) == 0) {
             lk->e = e;
             lk->ameth = ameth;
             return;
@@ -235,14 +192,20 @@ const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe,
     fstr.ameth = NULL;
     fstr.str = str;
     fstr.len = len;
-    CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+
+    if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)) {
+        ENGINEerr(ENGINE_F_ENGINE_PKEY_ASN1_FIND_STR, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    CRYPTO_THREAD_write_lock(global_engine_lock);
     engine_table_doall(pkey_asn1_meth_table, look_str_cb, &fstr);
     /* If found obtain a structural reference to engine */
     if (fstr.e) {
         fstr.e->struct_ref++;
-        engine_ref_debug(fstr.e, 0, 1)
+        engine_ref_debug(fstr.e, 0, 1);
     }
     *pe = fstr.e;
-    CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+    CRYPTO_THREAD_unlock(global_engine_lock);
     return fstr.ameth;
 }
diff --git a/freebsd/crypto/openssl/crypto/engine/tb_cipher.c b/freebsd/crypto/openssl/crypto/engine/tb_cipher.c
index 16e8450c..9eef20cb 100644
--- a/freebsd/crypto/openssl/crypto/engine/tb_cipher.c
+++ b/freebsd/crypto/openssl/crypto/engine/tb_cipher.c
@@ -1,68 +1,16 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include "eng_int.h"
 
-/*
- * If this symbol is defined then ENGINE_get_cipher_engine(), the function
- * that is used by EVP to hook in cipher code and cache defaults (etc), will
- * display brief debugging summaries to stderr with the 'nid'.
- */
-/* #define ENGINE_CIPHER_DEBUG */
-
 static ENGINE_TABLE *cipher_table = NULL;
 
 void ENGINE_unregister_ciphers(ENGINE *e)
@@ -88,7 +36,7 @@ int ENGINE_register_ciphers(ENGINE *e)
     return 1;
 }
 
-void ENGINE_register_all_ciphers()
+void ENGINE_register_all_ciphers(void)
 {
     ENGINE *e;
 
diff --git a/freebsd/crypto/openssl/crypto/engine/tb_dh.c b/freebsd/crypto/openssl/crypto/engine/tb_dh.c
index 0c6f43d2..e67d7536 100644
--- a/freebsd/crypto/openssl/crypto/engine/tb_dh.c
+++ b/freebsd/crypto/openssl/crypto/engine/tb_dh.c
@@ -1,68 +1,16 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include "eng_int.h"
 
-/*
- * If this symbol is defined then ENGINE_get_default_DH(), the function that
- * is used by DH to hook in implementation code and cache defaults (etc),
- * will display brief debugging summaries to stderr with the 'nid'.
- */
-/* #define ENGINE_DH_DEBUG */
-
 static ENGINE_TABLE *dh_table = NULL;
 static const int dummy_nid = 1;
 
@@ -85,7 +33,7 @@ int ENGINE_register_DH(ENGINE *e)
     return 1;
 }
 
-void ENGINE_register_all_DH()
+void ENGINE_register_all_DH(void)
 {
     ENGINE *e;
 
diff --git a/freebsd/crypto/openssl/crypto/engine/tb_digest.c b/freebsd/crypto/openssl/crypto/engine/tb_digest.c
index 90066081..6ceb67d5 100644
--- a/freebsd/crypto/openssl/crypto/engine/tb_digest.c
+++ b/freebsd/crypto/openssl/crypto/engine/tb_digest.c
@@ -1,68 +1,16 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include "eng_int.h"
 
-/*
- * If this symbol is defined then ENGINE_get_digest_engine(), the function
- * that is used by EVP to hook in digest code and cache defaults (etc), will
- * display brief debugging summaries to stderr with the 'nid'.
- */
-/* #define ENGINE_DIGEST_DEBUG */
-
 static ENGINE_TABLE *digest_table = NULL;
 
 void ENGINE_unregister_digests(ENGINE *e)
@@ -88,7 +36,7 @@ int ENGINE_register_digests(ENGINE *e)
     return 1;
 }
 
-void ENGINE_register_all_digests()
+void ENGINE_register_all_digests(void)
 {
     ENGINE *e;
 
diff --git a/freebsd/crypto/openssl/crypto/engine/tb_dsa.c b/freebsd/crypto/openssl/crypto/engine/tb_dsa.c
index 75d9f789..6eb6a15f 100644
--- a/freebsd/crypto/openssl/crypto/engine/tb_dsa.c
+++ b/freebsd/crypto/openssl/crypto/engine/tb_dsa.c
@@ -1,68 +1,16 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include "eng_int.h"
 
-/*
- * If this symbol is defined then ENGINE_get_default_DSA(), the function that
- * is used by DSA to hook in implementation code and cache defaults (etc),
- * will display brief debugging summaries to stderr with the 'nid'.
- */
-/* #define ENGINE_DSA_DEBUG */
-
 static ENGINE_TABLE *dsa_table = NULL;
 static const int dummy_nid = 1;
 
@@ -85,7 +33,7 @@ int ENGINE_register_DSA(ENGINE *e)
     return 1;
 }
 
-void ENGINE_register_all_DSA()
+void ENGINE_register_all_DSA(void)
 {
     ENGINE *e;
 
diff --git a/freebsd/crypto/openssl/crypto/engine/tb_ecdh.c b/freebsd/crypto/openssl/crypto/engine/tb_ecdh.c
deleted file mode 100644
index 744b18f0..00000000
--- a/freebsd/crypto/openssl/crypto/engine/tb_ecdh.c
+++ /dev/null
@@ -1,141 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/engine/tb_ecdh.c */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
- * to the OpenSSL project.
- *
- * The ECC Code is licensed pursuant to the OpenSSL open source
- * license provided below.
- *
- * The ECDH engine software is originally written by Nils Gura and
- * Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-/* ====================================================================
- * Copyright (c) 2000-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "eng_int.h"
-
-/*
- * If this symbol is defined then ENGINE_get_default_ECDH(), the function
- * that is used by ECDH to hook in implementation code and cache defaults
- * (etc), will display brief debugging summaries to stderr with the 'nid'.
- */
-/* #define ENGINE_ECDH_DEBUG */
-
-static ENGINE_TABLE *ecdh_table = NULL;
-static const int dummy_nid = 1;
-
-void ENGINE_unregister_ECDH(ENGINE *e)
-{
-    engine_table_unregister(&ecdh_table, e);
-}
-
-static void engine_unregister_all_ECDH(void)
-{
-    engine_table_cleanup(&ecdh_table);
-}
-
-int ENGINE_register_ECDH(ENGINE *e)
-{
-    if (e->ecdh_meth)
-        return engine_table_register(&ecdh_table,
-                                     engine_unregister_all_ECDH, e,
-                                     &dummy_nid, 1, 0);
-    return 1;
-}
-
-void ENGINE_register_all_ECDH()
-{
-    ENGINE *e;
-
-    for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
-        ENGINE_register_ECDH(e);
-}
-
-int ENGINE_set_default_ECDH(ENGINE *e)
-{
-    if (e->ecdh_meth)
-        return engine_table_register(&ecdh_table,
-                                     engine_unregister_all_ECDH, e,
-                                     &dummy_nid, 1, 1);
-    return 1;
-}
-
-/*
- * Exposed API function to get a functional reference from the implementation
- * table (ie. try to get a functional reference from the tabled structural
- * references).
- */
-ENGINE *ENGINE_get_default_ECDH(void)
-{
-    return engine_table_select(&ecdh_table, dummy_nid);
-}
-
-/* Obtains an ECDH implementation from an ENGINE functional reference */
-const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *e)
-{
-    return e->ecdh_meth;
-}
-
-/* Sets an ECDH implementation in an ENGINE structure */
-int ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *ecdh_meth)
-{
-    e->ecdh_meth = ecdh_meth;
-    return 1;
-}
diff --git a/freebsd/crypto/openssl/crypto/engine/tb_ecdsa.c b/freebsd/crypto/openssl/crypto/engine/tb_ecdsa.c
deleted file mode 100644
index 1fd9ccd2..00000000
--- a/freebsd/crypto/openssl/crypto/engine/tb_ecdsa.c
+++ /dev/null
@@ -1,126 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* ====================================================================
- * Copyright (c) 2000-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "eng_int.h"
-
-/*
- * If this symbol is defined then ENGINE_get_default_ECDSA(), the function
- * that is used by ECDSA to hook in implementation code and cache defaults
- * (etc), will display brief debugging summaries to stderr with the 'nid'.
- */
-/* #define ENGINE_ECDSA_DEBUG */
-
-static ENGINE_TABLE *ecdsa_table = NULL;
-static const int dummy_nid = 1;
-
-void ENGINE_unregister_ECDSA(ENGINE *e)
-{
-    engine_table_unregister(&ecdsa_table, e);
-}
-
-static void engine_unregister_all_ECDSA(void)
-{
-    engine_table_cleanup(&ecdsa_table);
-}
-
-int ENGINE_register_ECDSA(ENGINE *e)
-{
-    if (e->ecdsa_meth)
-        return engine_table_register(&ecdsa_table,
-                                     engine_unregister_all_ECDSA, e,
-                                     &dummy_nid, 1, 0);
-    return 1;
-}
-
-void ENGINE_register_all_ECDSA()
-{
-    ENGINE *e;
-
-    for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
-        ENGINE_register_ECDSA(e);
-}
-
-int ENGINE_set_default_ECDSA(ENGINE *e)
-{
-    if (e->ecdsa_meth)
-        return engine_table_register(&ecdsa_table,
-                                     engine_unregister_all_ECDSA, e,
-                                     &dummy_nid, 1, 1);
-    return 1;
-}
-
-/*
- * Exposed API function to get a functional reference from the implementation
- * table (ie. try to get a functional reference from the tabled structural
- * references).
- */
-ENGINE *ENGINE_get_default_ECDSA(void)
-{
-    return engine_table_select(&ecdsa_table, dummy_nid);
-}
-
-/* Obtains an ECDSA implementation from an ENGINE functional reference */
-const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *e)
-{
-    return e->ecdsa_meth;
-}
-
-/* Sets an ECDSA implementation in an ENGINE structure */
-int ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *ecdsa_meth)
-{
-    e->ecdsa_meth = ecdsa_meth;
-    return 1;
-}
diff --git a/freebsd/crypto/openssl/crypto/engine/tb_eckey.c b/freebsd/crypto/openssl/crypto/engine/tb_eckey.c
new file mode 100644
index 00000000..e12f89e1
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/engine/tb_eckey.c
@@ -0,0 +1,74 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "eng_int.h"
+
+static ENGINE_TABLE *dh_table = NULL;
+static const int dummy_nid = 1;
+
+void ENGINE_unregister_EC(ENGINE *e)
+{
+    engine_table_unregister(&dh_table, e);
+}
+
+static void engine_unregister_all_EC(void)
+{
+    engine_table_cleanup(&dh_table);
+}
+
+int ENGINE_register_EC(ENGINE *e)
+{
+    if (e->ec_meth != NULL)
+        return engine_table_register(&dh_table,
+                                     engine_unregister_all_EC, e, &dummy_nid,
+                                     1, 0);
+    return 1;
+}
+
+void ENGINE_register_all_EC(void)
+{
+    ENGINE *e;
+
+    for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+        ENGINE_register_EC(e);
+}
+
+int ENGINE_set_default_EC(ENGINE *e)
+{
+    if (e->ec_meth != NULL)
+        return engine_table_register(&dh_table,
+                                     engine_unregister_all_EC, e, &dummy_nid,
+                                     1, 1);
+    return 1;
+}
+
+/*
+ * Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references).
+ */
+ENGINE *ENGINE_get_default_EC(void)
+{
+    return engine_table_select(&dh_table, dummy_nid);
+}
+
+/* Obtains an EC_KEY implementation from an ENGINE functional reference */
+const EC_KEY_METHOD *ENGINE_get_EC(const ENGINE *e)
+{
+    return e->ec_meth;
+}
+
+/* Sets an EC_KEY implementation in an ENGINE structure */
+int ENGINE_set_EC(ENGINE *e, const EC_KEY_METHOD *ec_meth)
+{
+    e->ec_meth = ec_meth;
+    return 1;
+}
diff --git a/freebsd/crypto/openssl/crypto/engine/tb_pkmeth.c b/freebsd/crypto/openssl/crypto/engine/tb_pkmeth.c
index 0c1751cd..ad9f6a64 100644
--- a/freebsd/crypto/openssl/crypto/engine/tb_pkmeth.c
+++ b/freebsd/crypto/openssl/crypto/engine/tb_pkmeth.c
@@ -1,69 +1,17 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include "eng_int.h"
 #include <openssl/evp.h>
 
-/*
- * If this symbol is defined then ENGINE_get_pkey_meth_engine(), the function
- * that is used by EVP to hook in pkey_meth code and cache defaults (etc),
- * will display brief debugging summaries to stderr with the 'nid'.
- */
-/* #define ENGINE_PKEY_METH_DEBUG */
-
 static ENGINE_TABLE *pkey_meth_table = NULL;
 
 void ENGINE_unregister_pkey_meths(ENGINE *e)
@@ -89,7 +37,7 @@ int ENGINE_register_pkey_meths(ENGINE *e)
     return 1;
 }
 
-void ENGINE_register_all_pkey_meths()
+void ENGINE_register_all_pkey_meths(void)
 {
     ENGINE *e;
 
diff --git a/freebsd/crypto/openssl/crypto/engine/tb_rand.c b/freebsd/crypto/openssl/crypto/engine/tb_rand.c
index ab586b12..da9e6ecd 100644
--- a/freebsd/crypto/openssl/crypto/engine/tb_rand.c
+++ b/freebsd/crypto/openssl/crypto/engine/tb_rand.c
@@ -1,68 +1,16 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include "eng_int.h"
 
-/*
- * If this symbol is defined then ENGINE_get_default_RAND(), the function
- * that is used by RAND to hook in implementation code and cache defaults
- * (etc), will display brief debugging summaries to stderr with the 'nid'.
- */
-/* #define ENGINE_RAND_DEBUG */
-
 static ENGINE_TABLE *rand_table = NULL;
 static const int dummy_nid = 1;
 
@@ -85,7 +33,7 @@ int ENGINE_register_RAND(ENGINE *e)
     return 1;
 }
 
-void ENGINE_register_all_RAND()
+void ENGINE_register_all_RAND(void)
 {
     ENGINE *e;
 
diff --git a/freebsd/crypto/openssl/crypto/engine/tb_rsa.c b/freebsd/crypto/openssl/crypto/engine/tb_rsa.c
index ceefee38..2eb36d49 100644
--- a/freebsd/crypto/openssl/crypto/engine/tb_rsa.c
+++ b/freebsd/crypto/openssl/crypto/engine/tb_rsa.c
@@ -1,68 +1,16 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include "eng_int.h"
 
-/*
- * If this symbol is defined then ENGINE_get_default_RSA(), the function that
- * is used by RSA to hook in implementation code and cache defaults (etc),
- * will display brief debugging summaries to stderr with the 'nid'.
- */
-/* #define ENGINE_RSA_DEBUG */
-
 static ENGINE_TABLE *rsa_table = NULL;
 static const int dummy_nid = 1;
 
@@ -85,7 +33,7 @@ int ENGINE_register_RSA(ENGINE *e)
     return 1;
 }
 
-void ENGINE_register_all_RSA()
+void ENGINE_register_all_RSA(void)
 {
     ENGINE *e;
 
diff --git a/freebsd/crypto/openssl/crypto/engine/tb_store.c b/freebsd/crypto/openssl/crypto/engine/tb_store.c
deleted file mode 100644
index ebc00d87..00000000
--- a/freebsd/crypto/openssl/crypto/engine/tb_store.c
+++ /dev/null
@@ -1,131 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "eng_int.h"
-
-/*
- * If this symbol is defined then ENGINE_get_default_STORE(), the function
- * that is used by STORE to hook in implementation code and cache defaults
- * (etc), will display brief debugging summaries to stderr with the 'nid'.
- */
-/* #define ENGINE_STORE_DEBUG */
-
-static ENGINE_TABLE *store_table = NULL;
-static const int dummy_nid = 1;
-
-void ENGINE_unregister_STORE(ENGINE *e)
-{
-    engine_table_unregister(&store_table, e);
-}
-
-static void engine_unregister_all_STORE(void)
-{
-    engine_table_cleanup(&store_table);
-}
-
-int ENGINE_register_STORE(ENGINE *e)
-{
-    if (e->store_meth)
-        return engine_table_register(&store_table,
-                                     engine_unregister_all_STORE, e,
-                                     &dummy_nid, 1, 0);
-    return 1;
-}
-
-void ENGINE_register_all_STORE()
-{
-    ENGINE *e;
-
-    for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
-        ENGINE_register_STORE(e);
-}
-
-/* The following two functions are removed because they're useless. */
-#if 0
-int ENGINE_set_default_STORE(ENGINE *e)
-{
-    if (e->store_meth)
-        return engine_table_register(&store_table,
-                                     engine_unregister_all_STORE, e,
-                                     &dummy_nid, 1, 1);
-    return 1;
-}
-#endif
-
-#if 0
-/*
- * Exposed API function to get a functional reference from the implementation
- * table (ie. try to get a functional reference from the tabled structural
- * references).
- */
-ENGINE *ENGINE_get_default_STORE(void)
-{
-    return engine_table_select(&store_table, dummy_nid);
-}
-#endif
-
-/* Obtains an STORE implementation from an ENGINE functional reference */
-const STORE_METHOD *ENGINE_get_STORE(const ENGINE *e)
-{
-    return e->store_meth;
-}
-
-/* Sets an STORE implementation in an ENGINE structure */
-int ENGINE_set_STORE(ENGINE *e, const STORE_METHOD *store_meth)
-{
-    e->store_meth = store_meth;
-    return 1;
-}
diff --git a/freebsd/crypto/openssl/crypto/err/err.c b/freebsd/crypto/openssl/crypto/err/err.c
index 3f16a7b0..d6462549 100644
--- a/freebsd/crypto/openssl/crypto/err/err.c
+++ b/freebsd/crypto/openssl/crypto/err/err.c
@@ -1,130 +1,28 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/err/err.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <stdarg.h>
 #include <string.h>
-#include "cryptlib.h"
-#include <openssl/lhash.h>
+#include "internal/cryptlib_int.h"
+#include "internal/err.h"
+#include "internal/err_int.h"
+#include <openssl/err.h>
 #include <openssl/crypto.h>
 #include <openssl/buffer.h>
 #include <openssl/bio.h>
-#include <openssl/err.h>
-
-DECLARE_LHASH_OF(ERR_STRING_DATA);
-DECLARE_LHASH_OF(ERR_STATE);
+#include <openssl/opensslconf.h>
+#include "internal/thread_once.h"
 
-static void err_load_strings(int lib, ERR_STRING_DATA *str);
+static int err_load_strings(const ERR_STRING_DATA *str);
 
 static void ERR_STATE_free(ERR_STATE *s);
 #ifndef OPENSSL_NO_ERR
@@ -144,6 +42,8 @@ static ERR_STRING_DATA ERR_str_libraries[] = {
     {ERR_PACK(ERR_LIB_CONF, 0, 0), "configuration file routines"},
     {ERR_PACK(ERR_LIB_CRYPTO, 0, 0), "common libcrypto routines"},
     {ERR_PACK(ERR_LIB_EC, 0, 0), "elliptic curve routines"},
+    {ERR_PACK(ERR_LIB_ECDSA, 0, 0), "ECDSA routines"},
+    {ERR_PACK(ERR_LIB_ECDH, 0, 0), "ECDH routines"},
     {ERR_PACK(ERR_LIB_SSL, 0, 0), "SSL routines"},
     {ERR_PACK(ERR_LIB_BIO, 0, 0), "BIO routines"},
     {ERR_PACK(ERR_LIB_PKCS7, 0, 0), "PKCS7 routines"},
@@ -154,9 +54,15 @@ static ERR_STRING_DATA ERR_str_libraries[] = {
     {ERR_PACK(ERR_LIB_TS, 0, 0), "time stamp routines"},
     {ERR_PACK(ERR_LIB_ENGINE, 0, 0), "engine routines"},
     {ERR_PACK(ERR_LIB_OCSP, 0, 0), "OCSP routines"},
+    {ERR_PACK(ERR_LIB_UI, 0, 0), "UI routines"},
     {ERR_PACK(ERR_LIB_FIPS, 0, 0), "FIPS routines"},
     {ERR_PACK(ERR_LIB_CMS, 0, 0), "CMS routines"},
     {ERR_PACK(ERR_LIB_HMAC, 0, 0), "HMAC routines"},
+    {ERR_PACK(ERR_LIB_CT, 0, 0), "CT routines"},
+    {ERR_PACK(ERR_LIB_ASYNC, 0, 0), "ASYNC routines"},
+    {ERR_PACK(ERR_LIB_KDF, 0, 0), "KDF routines"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, 0), "STORE routines"},
+    {ERR_PACK(ERR_LIB_SM2, 0, 0), "SM2 routines"},
     {0, NULL},
 };
 
@@ -174,7 +80,19 @@ static ERR_STRING_DATA ERR_str_functs[] = {
 # endif
     {ERR_PACK(0, SYS_F_OPENDIR, 0), "opendir"},
     {ERR_PACK(0, SYS_F_FREAD, 0), "fread"},
+    {ERR_PACK(0, SYS_F_GETADDRINFO, 0), "getaddrinfo"},
+    {ERR_PACK(0, SYS_F_GETNAMEINFO, 0), "getnameinfo"},
+    {ERR_PACK(0, SYS_F_SETSOCKOPT, 0), "setsockopt"},
+    {ERR_PACK(0, SYS_F_GETSOCKOPT, 0), "getsockopt"},
+    {ERR_PACK(0, SYS_F_GETSOCKNAME, 0), "getsockname"},
+    {ERR_PACK(0, SYS_F_GETHOSTBYNAME, 0), "gethostbyname"},
     {ERR_PACK(0, SYS_F_FFLUSH, 0), "fflush"},
+    {ERR_PACK(0, SYS_F_OPEN, 0), "open"},
+    {ERR_PACK(0, SYS_F_CLOSE, 0), "close"},
+    {ERR_PACK(0, SYS_F_IOCTL, 0), "ioctl"},
+    {ERR_PACK(0, SYS_F_STAT, 0), "stat"},
+    {ERR_PACK(0, SYS_F_FCNTL, 0), "fcntl"},
+    {ERR_PACK(0, SYS_F_FSTAT, 0), "fstat"},
     {0, NULL},
 };
 
@@ -190,25 +108,16 @@ static ERR_STRING_DATA ERR_str_reasons[] = {
     {ERR_R_DSA_LIB, "DSA lib"},
     {ERR_R_X509_LIB, "X509 lib"},
     {ERR_R_ASN1_LIB, "ASN1 lib"},
-    {ERR_R_CONF_LIB, "CONF lib"},
-    {ERR_R_CRYPTO_LIB, "CRYPTO lib"},
     {ERR_R_EC_LIB, "EC lib"},
-    {ERR_R_SSL_LIB, "SSL lib"},
     {ERR_R_BIO_LIB, "BIO lib"},
     {ERR_R_PKCS7_LIB, "PKCS7 lib"},
     {ERR_R_X509V3_LIB, "X509V3 lib"},
-    {ERR_R_PKCS12_LIB, "PKCS12 lib"},
-    {ERR_R_RAND_LIB, "RAND lib"},
-    {ERR_R_DSO_LIB, "DSO lib"},
     {ERR_R_ENGINE_LIB, "ENGINE lib"},
-    {ERR_R_OCSP_LIB, "OCSP lib"},
-    {ERR_R_TS_LIB, "TS lib"},
+    {ERR_R_UI_LIB, "UI lib"},
+    {ERR_R_OSSL_STORE_LIB, "STORE lib"},
+    {ERR_R_ECDSA_LIB, "ECDSA lib"},
 
     {ERR_R_NESTED_ASN1_ERROR, "nested asn1 error"},
-    {ERR_R_BAD_ASN1_OBJECT_HEADER, "bad asn1 object header"},
-    {ERR_R_BAD_GET_ASN1_OBJECT_CALL, "bad get asn1 object call"},
-    {ERR_R_EXPECTING_AN_ASN1_SEQUENCE, "expecting an asn1 sequence"},
-    {ERR_R_ASN1_LENGTH_MISMATCH, "asn1 length mismatch"},
     {ERR_R_MISSING_ASN1_EOS, "missing asn1 eos"},
 
     {ERR_R_FATAL, "fatal"},
@@ -218,125 +127,33 @@ static ERR_STRING_DATA ERR_str_reasons[] = {
     {ERR_R_PASSED_NULL_PARAMETER, "passed a null parameter"},
     {ERR_R_INTERNAL_ERROR, "internal error"},
     {ERR_R_DISABLED, "called a function that was disabled at compile-time"},
+    {ERR_R_INIT_FAIL, "init fail"},
+    {ERR_R_OPERATION_FAIL, "operation fail"},
 
     {0, NULL},
 };
 #endif
 
-/* Define the predeclared (but externally opaque) "ERR_FNS" type */
-struct st_ERR_FNS {
-    /* Works on the "error_hash" string table */
-    LHASH_OF(ERR_STRING_DATA) *(*cb_err_get) (int create);
-    void (*cb_err_del) (void);
-    ERR_STRING_DATA *(*cb_err_get_item) (const ERR_STRING_DATA *);
-    ERR_STRING_DATA *(*cb_err_set_item) (ERR_STRING_DATA *);
-    ERR_STRING_DATA *(*cb_err_del_item) (ERR_STRING_DATA *);
-    /* Works on the "thread_hash" error-state table */
-    LHASH_OF(ERR_STATE) *(*cb_thread_get) (int create);
-    void (*cb_thread_release) (LHASH_OF(ERR_STATE) **hash);
-    ERR_STATE *(*cb_thread_get_item) (const ERR_STATE *);
-    ERR_STATE *(*cb_thread_set_item) (ERR_STATE *);
-    void (*cb_thread_del_item) (const ERR_STATE *);
-    /* Returns the next available error "library" numbers */
-    int (*cb_get_next_lib) (void);
-};
+static CRYPTO_ONCE err_init = CRYPTO_ONCE_STATIC_INIT;
+static int set_err_thread_local;
+static CRYPTO_THREAD_LOCAL err_thread_local;
 
-/* Predeclarations of the "err_defaults" functions */
-static LHASH_OF(ERR_STRING_DATA) *int_err_get(int create);
-static void int_err_del(void);
-static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *);
-static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *);
-static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *);
-static LHASH_OF(ERR_STATE) *int_thread_get(int create);
-static void int_thread_release(LHASH_OF(ERR_STATE) **hash);
-static ERR_STATE *int_thread_get_item(const ERR_STATE *);
-static ERR_STATE *int_thread_set_item(ERR_STATE *);
-static void int_thread_del_item(const ERR_STATE *);
-static int int_err_get_next_lib(void);
-/* The static ERR_FNS table using these defaults functions */
-static const ERR_FNS err_defaults = {
-    int_err_get,
-    int_err_del,
-    int_err_get_item,
-    int_err_set_item,
-    int_err_del_item,
-    int_thread_get,
-    int_thread_release,
-    int_thread_get_item,
-    int_thread_set_item,
-    int_thread_del_item,
-    int_err_get_next_lib
-};
+static CRYPTO_ONCE err_string_init = CRYPTO_ONCE_STATIC_INIT;
+static CRYPTO_RWLOCK *err_string_lock;
 
-/* The replacable table of ERR_FNS functions we use at run-time */
-static const ERR_FNS *err_fns = NULL;
-
-/* Eg. rather than using "err_get()", use "ERRFN(err_get)()". */
-#define ERRFN(a) err_fns->cb_##a
+static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *);
 
 /*
- * The internal state used by "err_defaults" - as such, the setting, reading,
- * creating, and deleting of this data should only be permitted via the
- * "err_defaults" functions. This way, a linked module can completely defer
- * all ERR state operation (together with requisite locking) to the
- * implementations and state in the loading application.
+ * The internal state
  */
+
 static LHASH_OF(ERR_STRING_DATA) *int_error_hash = NULL;
-static LHASH_OF(ERR_STATE) *int_thread_hash = NULL;
-static int int_thread_hash_references = 0;
 static int int_err_library_number = ERR_LIB_USER;
 
-/*
- * Internal function that checks whether "err_fns" is set and if not, sets it
- * to the defaults.
- */
-static void err_fns_check(void)
-{
-    if (err_fns)
-        return;
-
-    CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-    if (!err_fns)
-        err_fns = &err_defaults;
-    CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-}
-
-/* API functions to get or set the underlying ERR functions. */
-
-const ERR_FNS *ERR_get_implementation(void)
-{
-    err_fns_check();
-    return err_fns;
-}
-
-int ERR_set_implementation(const ERR_FNS *fns)
-{
-    int ret = 0;
-
-    CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-    /*
-     * It's too late if 'err_fns' is non-NULL. BTW: not much point setting an
-     * error is there?!
-     */
-    if (!err_fns) {
-        err_fns = fns;
-        ret = 1;
-    }
-    CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-    return ret;
-}
-
-/*
- * These are the callbacks provided to "lh_new()" when creating the LHASH
- * tables internal to the "err_defaults" implementation.
- */
-
 static unsigned long get_error_values(int inc, int top, const char **file,
                                       int *line, const char **data,
                                       int *flags);
 
-/* The internal functions used in the "err_defaults" implementation */
-
 static unsigned long err_string_data_hash(const ERR_STRING_DATA *a)
 {
     unsigned long ret, l;
@@ -346,221 +163,25 @@ static unsigned long err_string_data_hash(const ERR_STRING_DATA *a)
     return (ret ^ ret % 19 * 13);
 }
 
-static IMPLEMENT_LHASH_HASH_FN(err_string_data, ERR_STRING_DATA)
-
 static int err_string_data_cmp(const ERR_STRING_DATA *a,
                                const ERR_STRING_DATA *b)
 {
-    return (int)(a->error - b->error);
-}
-
-static IMPLEMENT_LHASH_COMP_FN(err_string_data, ERR_STRING_DATA)
-
-static LHASH_OF(ERR_STRING_DATA) *int_err_get(int create)
-{
-    LHASH_OF(ERR_STRING_DATA) *ret = NULL;
-
-    CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-    if (!int_error_hash && create) {
-        CRYPTO_push_info("int_err_get (err.c)");
-        int_error_hash = lh_ERR_STRING_DATA_new();
-        CRYPTO_pop_info();
-    }
-    if (int_error_hash)
-        ret = int_error_hash;
-    CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-
-    return ret;
-}
-
-static void int_err_del(void)
-{
-    CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-    if (int_error_hash) {
-        lh_ERR_STRING_DATA_free(int_error_hash);
-        int_error_hash = NULL;
-    }
-    CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+    if (a->error == b->error)
+        return 0;
+    return a->error > b->error ? 1 : -1;
 }
 
 static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *d)
 {
-    ERR_STRING_DATA *p;
-    LHASH_OF(ERR_STRING_DATA) *hash;
+    ERR_STRING_DATA *p = NULL;
 
-    err_fns_check();
-    hash = ERRFN(err_get) (0);
-    if (!hash)
-        return NULL;
-
-    CRYPTO_r_lock(CRYPTO_LOCK_ERR);
-    p = lh_ERR_STRING_DATA_retrieve(hash, d);
-    CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
+    CRYPTO_THREAD_read_lock(err_string_lock);
+    p = lh_ERR_STRING_DATA_retrieve(int_error_hash, d);
+    CRYPTO_THREAD_unlock(err_string_lock);
 
     return p;
 }
 
-static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *d)
-{
-    ERR_STRING_DATA *p;
-    LHASH_OF(ERR_STRING_DATA) *hash;
-
-    err_fns_check();
-    hash = ERRFN(err_get) (1);
-    if (!hash)
-        return NULL;
-
-    CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-    p = lh_ERR_STRING_DATA_insert(hash, d);
-    CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-
-    return p;
-}
-
-static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *d)
-{
-    ERR_STRING_DATA *p;
-    LHASH_OF(ERR_STRING_DATA) *hash;
-
-    err_fns_check();
-    hash = ERRFN(err_get) (0);
-    if (!hash)
-        return NULL;
-
-    CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-    p = lh_ERR_STRING_DATA_delete(hash, d);
-    CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-
-    return p;
-}
-
-static unsigned long err_state_hash(const ERR_STATE *a)
-{
-    return CRYPTO_THREADID_hash(&a->tid) * 13;
-}
-
-static IMPLEMENT_LHASH_HASH_FN(err_state, ERR_STATE)
-
-static int err_state_cmp(const ERR_STATE *a, const ERR_STATE *b)
-{
-    return CRYPTO_THREADID_cmp(&a->tid, &b->tid);
-}
-
-static IMPLEMENT_LHASH_COMP_FN(err_state, ERR_STATE)
-
-static LHASH_OF(ERR_STATE) *int_thread_get(int create)
-{
-    LHASH_OF(ERR_STATE) *ret = NULL;
-
-    CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-    if (!int_thread_hash && create) {
-        CRYPTO_push_info("int_thread_get (err.c)");
-        int_thread_hash = lh_ERR_STATE_new();
-        CRYPTO_pop_info();
-    }
-    if (int_thread_hash) {
-        int_thread_hash_references++;
-        ret = int_thread_hash;
-    }
-    CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-    return ret;
-}
-
-static void int_thread_release(LHASH_OF(ERR_STATE) **hash)
-{
-    int i;
-
-    if (hash == NULL || *hash == NULL)
-        return;
-
-    i = CRYPTO_add(&int_thread_hash_references, -1, CRYPTO_LOCK_ERR);
-
-#ifdef REF_PRINT
-    fprintf(stderr, "%4d:%s\n", int_thread_hash_references, "ERR");
-#endif
-    if (i > 0)
-        return;
-#ifdef REF_CHECK
-    if (i < 0) {
-        fprintf(stderr, "int_thread_release, bad reference count\n");
-        abort();                /* ok */
-    }
-#endif
-    *hash = NULL;
-}
-
-static ERR_STATE *int_thread_get_item(const ERR_STATE *d)
-{
-    ERR_STATE *p;
-    LHASH_OF(ERR_STATE) *hash;
-
-    err_fns_check();
-    hash = ERRFN(thread_get) (0);
-    if (!hash)
-        return NULL;
-
-    CRYPTO_r_lock(CRYPTO_LOCK_ERR);
-    p = lh_ERR_STATE_retrieve(hash, d);
-    CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
-
-    ERRFN(thread_release) (&hash);
-    return p;
-}
-
-static ERR_STATE *int_thread_set_item(ERR_STATE *d)
-{
-    ERR_STATE *p;
-    LHASH_OF(ERR_STATE) *hash;
-
-    err_fns_check();
-    hash = ERRFN(thread_get) (1);
-    if (!hash)
-        return NULL;
-
-    CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-    p = lh_ERR_STATE_insert(hash, d);
-    CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-
-    ERRFN(thread_release) (&hash);
-    return p;
-}
-
-static void int_thread_del_item(const ERR_STATE *d)
-{
-    ERR_STATE *p;
-    LHASH_OF(ERR_STATE) *hash;
-
-    err_fns_check();
-    hash = ERRFN(thread_get) (0);
-    if (!hash)
-        return;
-
-    CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-    p = lh_ERR_STATE_delete(hash, d);
-    /* make sure we don't leak memory */
-    if (int_thread_hash_references == 1
-        && int_thread_hash && lh_ERR_STATE_num_items(int_thread_hash) == 0) {
-        lh_ERR_STATE_free(int_thread_hash);
-        int_thread_hash = NULL;
-    }
-    CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-
-    ERRFN(thread_release) (&hash);
-    if (p)
-        ERR_STATE_free(p);
-}
-
-static int int_err_get_next_lib(void)
-{
-    int ret;
-
-    CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-    ret = int_err_library_number++;
-    CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-
-    return ret;
-}
-
 #ifndef OPENSSL_NO_ERR
 # define NUM_SYS_STR_REASONS 127
 # define LEN_SYS_STR_REASON 32
@@ -580,34 +201,23 @@ static void build_SYS_str_reasons(void)
 {
     /* OPENSSL_malloc cannot be used here, use static storage instead */
     static char strerror_tab[NUM_SYS_STR_REASONS][LEN_SYS_STR_REASON];
-    int i;
     static int init = 1;
+    int i;
 
-    CRYPTO_r_lock(CRYPTO_LOCK_ERR);
-    if (!init) {
-        CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
-        return;
-    }
-
-    CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
-    CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+    CRYPTO_THREAD_write_lock(err_string_lock);
     if (!init) {
-        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+        CRYPTO_THREAD_unlock(err_string_lock);
         return;
     }
 
     for (i = 1; i <= NUM_SYS_STR_REASONS; i++) {
         ERR_STRING_DATA *str = &SYS_str_reasons[i - 1];
 
-        str->error = (unsigned long)i;
+        str->error = ERR_PACK(ERR_LIB_SYS, 0, i);
         if (str->string == NULL) {
             char (*dest)[LEN_SYS_STR_REASON] = &(strerror_tab[i - 1]);
-            char *src = strerror(i);
-            if (src != NULL) {
-                strncpy(*dest, src, sizeof(*dest));
-                (*dest)[sizeof(*dest) - 1] = '\0';
+            if (openssl_strerror_r(i, *dest, sizeof(*dest)))
                 str->string = *dest;
-            }
         }
         if (str->string == NULL)
             str->string = "unknown";
@@ -620,29 +230,28 @@ static void build_SYS_str_reasons(void)
 
     init = 0;
 
-    CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+    CRYPTO_THREAD_unlock(err_string_lock);
+    err_load_strings(SYS_str_reasons);
 }
 #endif
 
-#define err_clear_data(p,i) \
+#define err_clear_data(p, i) \
         do { \
-        if (((p)->err_data[i] != NULL) && \
-                (p)->err_data_flags[i] & ERR_TXT_MALLOCED) \
-                {  \
+            if ((p)->err_data_flags[i] & ERR_TXT_MALLOCED) {\
                 OPENSSL_free((p)->err_data[i]); \
-                (p)->err_data[i]=NULL; \
-                } \
-        (p)->err_data_flags[i]=0; \
-        } while(0)
+                (p)->err_data[i] = NULL; \
+            } \
+            (p)->err_data_flags[i] = 0; \
+        } while (0)
 
-#define err_clear(p,i) \
+#define err_clear(p, i) \
         do { \
-        (p)->err_flags[i]=0; \
-        (p)->err_buffer[i]=0; \
-        err_clear_data(p,i); \
-        (p)->err_file[i]=NULL; \
-        (p)->err_line[i]= -1; \
-        } while(0)
+            err_clear_data(p, i); \
+            (p)->err_flags[i] = 0; \
+            (p)->err_buffer[i] = 0; \
+            (p)->err_file[i] = NULL; \
+            (p)->err_line[i] = -1; \
+        } while (0)
 
 static void ERR_STATE_free(ERR_STATE *s)
 {
@@ -650,55 +259,117 @@ static void ERR_STATE_free(ERR_STATE *s)
 
     if (s == NULL)
         return;
-
     for (i = 0; i < ERR_NUM_ERRORS; i++) {
         err_clear_data(s, i);
     }
     OPENSSL_free(s);
 }
 
-void ERR_load_ERR_strings(void)
+DEFINE_RUN_ONCE_STATIC(do_err_strings_init)
+{
+    if (!OPENSSL_init_crypto(0, NULL))
+        return 0;
+    err_string_lock = CRYPTO_THREAD_lock_new();
+    if (err_string_lock == NULL)
+        return 0;
+    int_error_hash = lh_ERR_STRING_DATA_new(err_string_data_hash,
+                                            err_string_data_cmp);
+    if (int_error_hash == NULL) {
+        CRYPTO_THREAD_lock_free(err_string_lock);
+        err_string_lock = NULL;
+        return 0;
+    }
+    return 1;
+}
+
+void err_cleanup(void)
+{
+    if (set_err_thread_local != 0)
+        CRYPTO_THREAD_cleanup_local(&err_thread_local);
+    CRYPTO_THREAD_lock_free(err_string_lock);
+    err_string_lock = NULL;
+    lh_ERR_STRING_DATA_free(int_error_hash);
+    int_error_hash = NULL;
+}
+
+/*
+ * Legacy; pack in the library.
+ */
+static void err_patch(int lib, ERR_STRING_DATA *str)
+{
+    unsigned long plib = ERR_PACK(lib, 0, 0);
+
+    for (; str->error != 0; str++)
+        str->error |= plib;
+}
+
+/*
+ * Hash in |str| error strings. Assumes the URN_ONCE was done.
+ */
+static int err_load_strings(const ERR_STRING_DATA *str)
+{
+    CRYPTO_THREAD_write_lock(err_string_lock);
+    for (; str->error; str++)
+        (void)lh_ERR_STRING_DATA_insert(int_error_hash,
+                                       (ERR_STRING_DATA *)str);
+    CRYPTO_THREAD_unlock(err_string_lock);
+    return 1;
+}
+
+int ERR_load_ERR_strings(void)
 {
-    err_fns_check();
 #ifndef OPENSSL_NO_ERR
-    err_load_strings(0, ERR_str_libraries);
-    err_load_strings(0, ERR_str_reasons);
-    err_load_strings(ERR_LIB_SYS, ERR_str_functs);
+    if (!RUN_ONCE(&err_string_init, do_err_strings_init))
+        return 0;
+
+    err_load_strings(ERR_str_libraries);
+    err_load_strings(ERR_str_reasons);
+    err_patch(ERR_LIB_SYS, ERR_str_functs);
+    err_load_strings(ERR_str_functs);
     build_SYS_str_reasons();
-    err_load_strings(ERR_LIB_SYS, SYS_str_reasons);
 #endif
+    return 1;
 }
 
-static void err_load_strings(int lib, ERR_STRING_DATA *str)
+int ERR_load_strings(int lib, ERR_STRING_DATA *str)
 {
-    while (str->error) {
-        if (lib)
-            str->error |= ERR_PACK(lib, 0, 0);
-        ERRFN(err_set_item) (str);
-        str++;
-    }
+    if (ERR_load_ERR_strings() == 0)
+        return 0;
+
+    err_patch(lib, str);
+    err_load_strings(str);
+    return 1;
 }
 
-void ERR_load_strings(int lib, ERR_STRING_DATA *str)
+int ERR_load_strings_const(const ERR_STRING_DATA *str)
 {
-    ERR_load_ERR_strings();
-    err_load_strings(lib, str);
+    if (ERR_load_ERR_strings() == 0)
+        return 0;
+    err_load_strings(str);
+    return 1;
 }
 
-void ERR_unload_strings(int lib, ERR_STRING_DATA *str)
+int ERR_unload_strings(int lib, ERR_STRING_DATA *str)
 {
-    while (str->error) {
-        if (lib)
-            str->error |= ERR_PACK(lib, 0, 0);
-        ERRFN(err_del_item) (str);
-        str++;
-    }
+    if (!RUN_ONCE(&err_string_init, do_err_strings_init))
+        return 0;
+
+    CRYPTO_THREAD_write_lock(err_string_lock);
+    /*
+     * We don't need to ERR_PACK the lib, since that was done (to
+     * the table) when it was loaded.
+     */
+    for (; str->error; str++)
+        (void)lh_ERR_STRING_DATA_delete(int_error_hash, str);
+    CRYPTO_THREAD_unlock(err_string_lock);
+
+    return 1;
 }
 
-void ERR_free_strings(void)
+void err_free_strings_int(void)
 {
-    err_fns_check();
-    ERRFN(err_del) ();
+    if (!RUN_ONCE(&err_string_init, do_err_strings_init))
+        return;
 }
 
 /********************************************************/
@@ -757,50 +428,50 @@ void ERR_clear_error(void)
 
 unsigned long ERR_get_error(void)
 {
-    return (get_error_values(1, 0, NULL, NULL, NULL, NULL));
+    return get_error_values(1, 0, NULL, NULL, NULL, NULL);
 }
 
 unsigned long ERR_get_error_line(const char **file, int *line)
 {
-    return (get_error_values(1, 0, file, line, NULL, NULL));
+    return get_error_values(1, 0, file, line, NULL, NULL);
 }
 
 unsigned long ERR_get_error_line_data(const char **file, int *line,
                                       const char **data, int *flags)
 {
-    return (get_error_values(1, 0, file, line, data, flags));
+    return get_error_values(1, 0, file, line, data, flags);
 }
 
 unsigned long ERR_peek_error(void)
 {
-    return (get_error_values(0, 0, NULL, NULL, NULL, NULL));
+    return get_error_values(0, 0, NULL, NULL, NULL, NULL);
 }
 
 unsigned long ERR_peek_error_line(const char **file, int *line)
 {
-    return (get_error_values(0, 0, file, line, NULL, NULL));
+    return get_error_values(0, 0, file, line, NULL, NULL);
 }
 
 unsigned long ERR_peek_error_line_data(const char **file, int *line,
                                        const char **data, int *flags)
 {
-    return (get_error_values(0, 0, file, line, data, flags));
+    return get_error_values(0, 0, file, line, data, flags);
 }
 
 unsigned long ERR_peek_last_error(void)
 {
-    return (get_error_values(0, 1, NULL, NULL, NULL, NULL));
+    return get_error_values(0, 1, NULL, NULL, NULL, NULL);
 }
 
 unsigned long ERR_peek_last_error_line(const char **file, int *line)
 {
-    return (get_error_values(0, 1, file, line, NULL, NULL));
+    return get_error_values(0, 1, file, line, NULL, NULL);
 }
 
 unsigned long ERR_peek_last_error_line_data(const char **file, int *line,
                                             const char **data, int *flags)
 {
-    return (get_error_values(0, 1, file, line, data, flags));
+    return get_error_values(0, 1, file, line, data, flags);
 }
 
 static unsigned long get_error_values(int inc, int top, const char **file,
@@ -841,15 +512,13 @@ static unsigned long get_error_values(int inc, int top, const char **file,
         es->err_buffer[i] = 0;
     }
 
-    if ((file != NULL) && (line != NULL)) {
+    if (file != NULL && line != NULL) {
         if (es->err_file[i] == NULL) {
             *file = "NA";
-            if (line != NULL)
-                *line = 0;
+            *line = 0;
         } else {
             *file = es->err_file[i];
-            if (line != NULL)
-                *line = es->err_line[i];
+            *line = es->err_line[i];
         }
     }
 
@@ -881,49 +550,33 @@ void ERR_error_string_n(unsigned long e, char *buf, size_t len)
         return;
 
     l = ERR_GET_LIB(e);
-    f = ERR_GET_FUNC(e);
-    r = ERR_GET_REASON(e);
-
     ls = ERR_lib_error_string(e);
-    fs = ERR_func_error_string(e);
-    rs = ERR_reason_error_string(e);
-
-    if (ls == NULL)
+    if (ls == NULL) {
         BIO_snprintf(lsbuf, sizeof(lsbuf), "lib(%lu)", l);
-    if (fs == NULL)
+        ls = lsbuf;
+    }
+
+    fs = ERR_func_error_string(e);
+    f = ERR_GET_FUNC(e);
+    if (fs == NULL) {
         BIO_snprintf(fsbuf, sizeof(fsbuf), "func(%lu)", f);
-    if (rs == NULL)
+        fs = fsbuf;
+    }
+
+    rs = ERR_reason_error_string(e);
+    r = ERR_GET_REASON(e);
+    if (rs == NULL) {
         BIO_snprintf(rsbuf, sizeof(rsbuf), "reason(%lu)", r);
+        rs = rsbuf;
+    }
 
-    BIO_snprintf(buf, len, "error:%08lX:%s:%s:%s", e, ls ? ls : lsbuf,
-                 fs ? fs : fsbuf, rs ? rs : rsbuf);
+    BIO_snprintf(buf, len, "error:%08lX:%s:%s:%s", e, ls, fs, rs);
     if (strlen(buf) == len - 1) {
-        /*
-         * output may be truncated; make sure we always have 5
-         * colon-separated fields, i.e. 4 colons ...
-         */
-#define NUM_COLONS 4
-        if (len > NUM_COLONS) { /* ... if possible */
-            int i;
-            char *s = buf;
-
-            for (i = 0; i < NUM_COLONS; i++) {
-                char *colon = strchr(s, ':');
-                if (colon == NULL || colon > &buf[len - 1] - NUM_COLONS + i) {
-                    /*
-                     * set colon no. i at last possible position (buf[len-1]
-                     * is the terminating 0)
-                     */
-                    colon = &buf[len - 1] - NUM_COLONS + i;
-                    *colon = ':';
-                }
-                s = colon + 1;
-            }
-        }
+        /* Didn't fit; use a minimal format. */
+        BIO_snprintf(buf, len, "err:%lx:%lx:%lx:%lx", e, l, f, r);
     }
 }
 
-/* BAD for multi-threading: uses a local buffer if ret == NULL */
 /*
  * ERR_error_string_n should be used instead for ret != NULL as
  * ERR_error_string cannot know how large the buffer is
@@ -934,38 +587,22 @@ char *ERR_error_string(unsigned long e, char *ret)
 
     if (ret == NULL)
         ret = buf;
-    ERR_error_string_n(e, ret, 256);
-
+    ERR_error_string_n(e, ret, (int)sizeof(buf));
     return ret;
 }
 
-LHASH_OF(ERR_STRING_DATA) *ERR_get_string_table(void)
-{
-    err_fns_check();
-    return ERRFN(err_get) (0);
-}
-
-LHASH_OF(ERR_STATE) *ERR_get_err_state_table(void)
-{
-    err_fns_check();
-    return ERRFN(thread_get) (0);
-}
-
-void ERR_release_err_state_table(LHASH_OF(ERR_STATE) **hash)
-{
-    err_fns_check();
-    ERRFN(thread_release) (hash);
-}
-
 const char *ERR_lib_error_string(unsigned long e)
 {
     ERR_STRING_DATA d, *p;
     unsigned long l;
 
-    err_fns_check();
+    if (!RUN_ONCE(&err_string_init, do_err_strings_init)) {
+        return NULL;
+    }
+
     l = ERR_GET_LIB(e);
     d.error = ERR_PACK(l, 0, 0);
-    p = ERRFN(err_get_item) (&d);
+    p = int_err_get_item(&d);
     return ((p == NULL) ? NULL : p->string);
 }
 
@@ -974,11 +611,14 @@ const char *ERR_func_error_string(unsigned long e)
     ERR_STRING_DATA d, *p;
     unsigned long l, f;
 
-    err_fns_check();
+    if (!RUN_ONCE(&err_string_init, do_err_strings_init)) {
+        return NULL;
+    }
+
     l = ERR_GET_LIB(e);
     f = ERR_GET_FUNC(e);
     d.error = ERR_PACK(l, f, 0);
-    p = ERRFN(err_get_item) (&d);
+    p = int_err_get_item(&d);
     return ((p == NULL) ? NULL : p->string);
 }
 
@@ -987,84 +627,126 @@ const char *ERR_reason_error_string(unsigned long e)
     ERR_STRING_DATA d, *p = NULL;
     unsigned long l, r;
 
-    err_fns_check();
+    if (!RUN_ONCE(&err_string_init, do_err_strings_init)) {
+        return NULL;
+    }
+
     l = ERR_GET_LIB(e);
     r = ERR_GET_REASON(e);
     d.error = ERR_PACK(l, 0, r);
-    p = ERRFN(err_get_item) (&d);
+    p = int_err_get_item(&d);
     if (!p) {
         d.error = ERR_PACK(0, 0, r);
-        p = ERRFN(err_get_item) (&d);
+        p = int_err_get_item(&d);
     }
     return ((p == NULL) ? NULL : p->string);
 }
 
-void ERR_remove_thread_state(const CRYPTO_THREADID *id)
+void err_delete_thread_state(void)
 {
-    ERR_STATE tmp;
+    ERR_STATE *state = CRYPTO_THREAD_get_local(&err_thread_local);
+    if (state == NULL)
+        return;
 
-    if (id)
-        CRYPTO_THREADID_cpy(&tmp.tid, id);
-    else
-        CRYPTO_THREADID_current(&tmp.tid);
-    err_fns_check();
-    /*
-     * thread_del_item automatically destroys the LHASH if the number of
-     * items reaches zero.
-     */
-    ERRFN(thread_del_item) (&tmp);
+    CRYPTO_THREAD_set_local(&err_thread_local, NULL);
+    ERR_STATE_free(state);
+}
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+void ERR_remove_thread_state(void *dummy)
+{
 }
+#endif
 
-#ifndef OPENSSL_NO_DEPRECATED
+#if OPENSSL_API_COMPAT < 0x10000000L
 void ERR_remove_state(unsigned long pid)
 {
-    ERR_remove_thread_state(NULL);
 }
 #endif
 
+DEFINE_RUN_ONCE_STATIC(err_do_init)
+{
+    set_err_thread_local = 1;
+    return CRYPTO_THREAD_init_local(&err_thread_local, NULL);
+}
+
 ERR_STATE *ERR_get_state(void)
 {
-    ERR_STATE *ret, tmp, *tmpp = NULL;
-    int i;
-    CRYPTO_THREADID tid;
+    ERR_STATE *state;
+
+    if (!OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL))
+        return NULL;
+
+    if (!RUN_ONCE(&err_init, err_do_init))
+        return NULL;
 
-    err_fns_check();
-    CRYPTO_THREADID_current(&tid);
-    CRYPTO_THREADID_cpy(&tmp.tid, &tid);
-    ret = ERRFN(thread_get_item) (&tmp);
+    state = CRYPTO_THREAD_get_local(&err_thread_local);
+    if (state == (ERR_STATE*)-1)
+        return NULL;
+
+    if (state == NULL) {
+        if (!CRYPTO_THREAD_set_local(&err_thread_local, (ERR_STATE*)-1))
+            return NULL;
 
-    /* ret == the error state, if NULL, make a new one */
-    if (ret == NULL) {
-        ret = (ERR_STATE *)OPENSSL_malloc(sizeof(ERR_STATE));
-        if (ret == NULL)
+        if ((state = OPENSSL_zalloc(sizeof(*state))) == NULL) {
+            CRYPTO_THREAD_set_local(&err_thread_local, NULL);
             return NULL;
-        CRYPTO_THREADID_cpy(&ret->tid, &tid);
-        ret->top = 0;
-        ret->bottom = 0;
-        for (i = 0; i < ERR_NUM_ERRORS; i++) {
-            ret->err_data[i] = NULL;
-            ret->err_data_flags[i] = 0;
         }
-        tmpp = ERRFN(thread_set_item) (ret);
-        /* To check if insertion failed, do a get. */
-        if (ERRFN(thread_get_item) (ret) != ret) {
-            ERR_STATE_free(ret); /* could not insert it */
+
+        if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_ERR_STATE)
+                || !CRYPTO_THREAD_set_local(&err_thread_local, state)) {
+            ERR_STATE_free(state);
+            CRYPTO_THREAD_set_local(&err_thread_local, NULL);
             return NULL;
         }
-        /*
-         * If a race occured in this function and we came second, tmpp is the
-         * first one that we just replaced.
-         */
-        if (tmpp)
-            ERR_STATE_free(tmpp);
+
+        /* Ignore failures from these */
+        OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
     }
-    return ret;
+
+    return state;
+}
+
+/*
+ * err_shelve_state returns the current thread local error state
+ * and freezes the error module until err_unshelve_state is called.
+ */
+int err_shelve_state(void **state)
+{
+    if (!OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL))
+        return 0;
+
+    if (!RUN_ONCE(&err_init, err_do_init))
+        return 0;
+
+    *state = CRYPTO_THREAD_get_local(&err_thread_local);
+    if (!CRYPTO_THREAD_set_local(&err_thread_local, (ERR_STATE*)-1))
+        return 0;
+
+    return 1;
+}
+
+/*
+ * err_unshelve_state restores the error state that was returned
+ * by err_shelve_state previously.
+ */
+void err_unshelve_state(void* state)
+{
+    if (state != (void*)-1)
+        CRYPTO_THREAD_set_local(&err_thread_local, (ERR_STATE*)state);
 }
 
 int ERR_get_next_error_library(void)
 {
-    err_fns_check();
-    return ERRFN(get_next_lib) ();
+    int ret;
+
+    if (!RUN_ONCE(&err_string_init, do_err_strings_init))
+        return 0;
+
+    CRYPTO_THREAD_write_lock(err_string_lock);
+    ret = int_err_library_number++;
+    CRYPTO_THREAD_unlock(err_string_lock);
+    return ret;
 }
 
 void ERR_set_error_data(char *data, int flags)
@@ -1097,28 +779,28 @@ void ERR_add_error_vdata(int num, va_list args)
     char *str, *p, *a;
 
     s = 80;
-    str = OPENSSL_malloc(s + 1);
-    if (str == NULL)
+    if ((str = OPENSSL_malloc(s + 1)) == NULL) {
+        /* ERRerr(ERR_F_ERR_ADD_ERROR_VDATA, ERR_R_MALLOC_FAILURE); */
         return;
+    }
     str[0] = '\0';
 
     n = 0;
     for (i = 0; i < num; i++) {
         a = va_arg(args, char *);
-        /* ignore NULLs, thanks to Bob Beck <beck@obtuse.com> */
-        if (a != NULL) {
-            n += strlen(a);
-            if (n > s) {
-                s = n + 20;
-                p = OPENSSL_realloc(str, s + 1);
-                if (p == NULL) {
-                    OPENSSL_free(str);
-                    return;
-                } else
-                    str = p;
+        if (a == NULL)
+            a = "<NULL>";
+        n += strlen(a);
+        if (n > s) {
+            s = n + 20;
+            p = OPENSSL_realloc(str, s + 1);
+            if (p == NULL) {
+                OPENSSL_free(str);
+                return;
             }
-            BUF_strlcat(str, a, (size_t)s + 1);
+            str = p;
         }
+        OPENSSL_strlcat(str, a, (size_t)s + 1);
     }
     ERR_set_error_data(str, ERR_TXT_MALLOCED | ERR_TXT_STRING);
 }
@@ -1148,9 +830,7 @@ int ERR_pop_to_mark(void)
     while (es->bottom != es->top
            && (es->err_flags[es->top] & ERR_FLAG_MARK) == 0) {
         err_clear(es, es->top);
-        es->top -= 1;
-        if (es->top == -1)
-            es->top = ERR_NUM_ERRORS - 1;
+        es->top = es->top > 0 ? es->top - 1 : ERR_NUM_ERRORS - 1;
     }
 
     if (es->bottom == es->top)
@@ -1158,3 +838,24 @@ int ERR_pop_to_mark(void)
     es->err_flags[es->top] &= ~ERR_FLAG_MARK;
     return 1;
 }
+
+int ERR_clear_last_mark(void)
+{
+    ERR_STATE *es;
+    int top;
+
+    es = ERR_get_state();
+    if (es == NULL)
+        return 0;
+
+    top = es->top;
+    while (es->bottom != top
+           && (es->err_flags[top] & ERR_FLAG_MARK) == 0) {
+        top = top > 0 ? top - 1 : ERR_NUM_ERRORS - 1;
+    }
+
+    if (es->bottom == top)
+        return 0;
+    es->err_flags[top] &= ~ERR_FLAG_MARK;
+    return 1;
+}
diff --git a/freebsd/crypto/openssl/crypto/err/err.h b/freebsd/crypto/openssl/crypto/err/err.h
deleted file mode 100644
index f4236562..00000000
--- a/freebsd/crypto/openssl/crypto/err/err.h
+++ /dev/null
@@ -1,390 +0,0 @@
-/* crypto/err/err.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_ERR_H
-# define HEADER_ERR_H
-
-# include <openssl/e_os2.h>
-
-# ifndef OPENSSL_NO_FP_API
-#  include <stdio.h>
-#  include <stdlib.h>
-# endif
-
-# include <openssl/ossl_typ.h>
-# ifndef OPENSSL_NO_BIO
-#  include <openssl/bio.h>
-# endif
-# ifndef OPENSSL_NO_LHASH
-#  include <openssl/lhash.h>
-# endif
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-# ifndef OPENSSL_NO_ERR
-#  define ERR_PUT_error(a,b,c,d,e)        ERR_put_error(a,b,c,d,e)
-# else
-#  define ERR_PUT_error(a,b,c,d,e)        ERR_put_error(a,b,c,NULL,0)
-# endif
-
-# include <errno.h>
-
-# define ERR_TXT_MALLOCED        0x01
-# define ERR_TXT_STRING          0x02
-
-# define ERR_FLAG_MARK           0x01
-
-# define ERR_NUM_ERRORS  16
-typedef struct err_state_st {
-    CRYPTO_THREADID tid;
-    int err_flags[ERR_NUM_ERRORS];
-    unsigned long err_buffer[ERR_NUM_ERRORS];
-    char *err_data[ERR_NUM_ERRORS];
-    int err_data_flags[ERR_NUM_ERRORS];
-    const char *err_file[ERR_NUM_ERRORS];
-    int err_line[ERR_NUM_ERRORS];
-    int top, bottom;
-} ERR_STATE;
-
-/* library */
-# define ERR_LIB_NONE            1
-# define ERR_LIB_SYS             2
-# define ERR_LIB_BN              3
-# define ERR_LIB_RSA             4
-# define ERR_LIB_DH              5
-# define ERR_LIB_EVP             6
-# define ERR_LIB_BUF             7
-# define ERR_LIB_OBJ             8
-# define ERR_LIB_PEM             9
-# define ERR_LIB_DSA             10
-# define ERR_LIB_X509            11
-/* #define ERR_LIB_METH         12 */
-# define ERR_LIB_ASN1            13
-# define ERR_LIB_CONF            14
-# define ERR_LIB_CRYPTO          15
-# define ERR_LIB_EC              16
-# define ERR_LIB_SSL             20
-/* #define ERR_LIB_SSL23        21 */
-/* #define ERR_LIB_SSL2         22 */
-/* #define ERR_LIB_SSL3         23 */
-/* #define ERR_LIB_RSAREF       30 */
-/* #define ERR_LIB_PROXY        31 */
-# define ERR_LIB_BIO             32
-# define ERR_LIB_PKCS7           33
-# define ERR_LIB_X509V3          34
-# define ERR_LIB_PKCS12          35
-# define ERR_LIB_RAND            36
-# define ERR_LIB_DSO             37
-# define ERR_LIB_ENGINE          38
-# define ERR_LIB_OCSP            39
-# define ERR_LIB_UI              40
-# define ERR_LIB_COMP            41
-# define ERR_LIB_ECDSA           42
-# define ERR_LIB_ECDH            43
-# define ERR_LIB_STORE           44
-# define ERR_LIB_FIPS            45
-# define ERR_LIB_CMS             46
-# define ERR_LIB_TS              47
-# define ERR_LIB_HMAC            48
-# define ERR_LIB_JPAKE           49
-
-# define ERR_LIB_USER            128
-
-# define SYSerr(f,r)  ERR_PUT_error(ERR_LIB_SYS,(f),(r),__FILE__,__LINE__)
-# define BNerr(f,r)   ERR_PUT_error(ERR_LIB_BN,(f),(r),__FILE__,__LINE__)
-# define RSAerr(f,r)  ERR_PUT_error(ERR_LIB_RSA,(f),(r),__FILE__,__LINE__)
-# define DHerr(f,r)   ERR_PUT_error(ERR_LIB_DH,(f),(r),__FILE__,__LINE__)
-# define EVPerr(f,r)  ERR_PUT_error(ERR_LIB_EVP,(f),(r),__FILE__,__LINE__)
-# define BUFerr(f,r)  ERR_PUT_error(ERR_LIB_BUF,(f),(r),__FILE__,__LINE__)
-# define OBJerr(f,r)  ERR_PUT_error(ERR_LIB_OBJ,(f),(r),__FILE__,__LINE__)
-# define PEMerr(f,r)  ERR_PUT_error(ERR_LIB_PEM,(f),(r),__FILE__,__LINE__)
-# define DSAerr(f,r)  ERR_PUT_error(ERR_LIB_DSA,(f),(r),__FILE__,__LINE__)
-# define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),__FILE__,__LINE__)
-# define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),__FILE__,__LINE__)
-# define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),__FILE__,__LINE__)
-# define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),__FILE__,__LINE__)
-# define ECerr(f,r)   ERR_PUT_error(ERR_LIB_EC,(f),(r),__FILE__,__LINE__)
-# define SSLerr(f,r)  ERR_PUT_error(ERR_LIB_SSL,(f),(r),__FILE__,__LINE__)
-# define BIOerr(f,r)  ERR_PUT_error(ERR_LIB_BIO,(f),(r),__FILE__,__LINE__)
-# define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),__FILE__,__LINE__)
-# define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),__FILE__,__LINE__)
-# define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),__FILE__,__LINE__)
-# define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),__FILE__,__LINE__)
-# define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),__FILE__,__LINE__)
-# define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),__FILE__,__LINE__)
-# define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),__FILE__,__LINE__)
-# define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),__FILE__,__LINE__)
-# define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),__FILE__,__LINE__)
-# define ECDSAerr(f,r)  ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),__FILE__,__LINE__)
-# define ECDHerr(f,r)  ERR_PUT_error(ERR_LIB_ECDH,(f),(r),__FILE__,__LINE__)
-# define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__)
-# define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),__FILE__,__LINE__)
-# define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),__FILE__,__LINE__)
-# define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),__FILE__,__LINE__)
-# define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),__FILE__,__LINE__)
-# define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),__FILE__,__LINE__)
-
-/*
- * Borland C seems too stupid to be able to shift and do longs in the
- * pre-processor :-(
- */
-# define ERR_PACK(l,f,r)         (((((unsigned long)l)&0xffL)*0x1000000)| \
-                                ((((unsigned long)f)&0xfffL)*0x1000)| \
-                                ((((unsigned long)r)&0xfffL)))
-# define ERR_GET_LIB(l)          (int)((((unsigned long)l)>>24L)&0xffL)
-# define ERR_GET_FUNC(l)         (int)((((unsigned long)l)>>12L)&0xfffL)
-# define ERR_GET_REASON(l)       (int)((l)&0xfffL)
-# define ERR_FATAL_ERROR(l)      (int)((l)&ERR_R_FATAL)
-
-/* OS functions */
-# define SYS_F_FOPEN             1
-# define SYS_F_CONNECT           2
-# define SYS_F_GETSERVBYNAME     3
-# define SYS_F_SOCKET            4
-# define SYS_F_IOCTLSOCKET       5
-# define SYS_F_BIND              6
-# define SYS_F_LISTEN            7
-# define SYS_F_ACCEPT            8
-# define SYS_F_WSASTARTUP        9/* Winsock stuff */
-# define SYS_F_OPENDIR           10
-# define SYS_F_FREAD             11
-# define SYS_F_FFLUSH            18
-
-/* reasons */
-# define ERR_R_SYS_LIB   ERR_LIB_SYS/* 2 */
-# define ERR_R_BN_LIB    ERR_LIB_BN/* 3 */
-# define ERR_R_RSA_LIB   ERR_LIB_RSA/* 4 */
-# define ERR_R_DH_LIB    ERR_LIB_DH/* 5 */
-# define ERR_R_EVP_LIB   ERR_LIB_EVP/* 6 */
-# define ERR_R_BUF_LIB   ERR_LIB_BUF/* 7 */
-# define ERR_R_OBJ_LIB   ERR_LIB_OBJ/* 8 */
-# define ERR_R_PEM_LIB   ERR_LIB_PEM/* 9 */
-# define ERR_R_DSA_LIB   ERR_LIB_DSA/* 10 */
-# define ERR_R_X509_LIB  ERR_LIB_X509/* 11 */
-# define ERR_R_ASN1_LIB  ERR_LIB_ASN1/* 13 */
-# define ERR_R_CONF_LIB  ERR_LIB_CONF/* 14 */
-# define ERR_R_CRYPTO_LIB ERR_LIB_CRYPTO/* 15 */
-# define ERR_R_EC_LIB    ERR_LIB_EC/* 16 */
-# define ERR_R_SSL_LIB   ERR_LIB_SSL/* 20 */
-# define ERR_R_BIO_LIB   ERR_LIB_BIO/* 32 */
-# define ERR_R_PKCS7_LIB ERR_LIB_PKCS7/* 33 */
-# define ERR_R_X509V3_LIB ERR_LIB_X509V3/* 34 */
-# define ERR_R_PKCS12_LIB ERR_LIB_PKCS12/* 35 */
-# define ERR_R_RAND_LIB  ERR_LIB_RAND/* 36 */
-# define ERR_R_DSO_LIB   ERR_LIB_DSO/* 37 */
-# define ERR_R_ENGINE_LIB ERR_LIB_ENGINE/* 38 */
-# define ERR_R_OCSP_LIB  ERR_LIB_OCSP/* 39 */
-# define ERR_R_UI_LIB    ERR_LIB_UI/* 40 */
-# define ERR_R_COMP_LIB  ERR_LIB_COMP/* 41 */
-# define ERR_R_ECDSA_LIB ERR_LIB_ECDSA/* 42 */
-# define ERR_R_ECDH_LIB  ERR_LIB_ECDH/* 43 */
-# define ERR_R_STORE_LIB ERR_LIB_STORE/* 44 */
-# define ERR_R_TS_LIB    ERR_LIB_TS/* 45 */
-
-# define ERR_R_NESTED_ASN1_ERROR                 58
-# define ERR_R_BAD_ASN1_OBJECT_HEADER            59
-# define ERR_R_BAD_GET_ASN1_OBJECT_CALL          60
-# define ERR_R_EXPECTING_AN_ASN1_SEQUENCE        61
-# define ERR_R_ASN1_LENGTH_MISMATCH              62
-# define ERR_R_MISSING_ASN1_EOS                  63
-
-/* fatal error */
-# define ERR_R_FATAL                             64
-# define ERR_R_MALLOC_FAILURE                    (1|ERR_R_FATAL)
-# define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED       (2|ERR_R_FATAL)
-# define ERR_R_PASSED_NULL_PARAMETER             (3|ERR_R_FATAL)
-# define ERR_R_INTERNAL_ERROR                    (4|ERR_R_FATAL)
-# define ERR_R_DISABLED                          (5|ERR_R_FATAL)
-
-/*
- * 99 is the maximum possible ERR_R_... code, higher values are reserved for
- * the individual libraries
- */
-
-typedef struct ERR_string_data_st {
-    unsigned long error;
-    const char *string;
-} ERR_STRING_DATA;
-
-void ERR_put_error(int lib, int func, int reason, const char *file, int line);
-void ERR_set_error_data(char *data, int flags);
-
-unsigned long ERR_get_error(void);
-unsigned long ERR_get_error_line(const char **file, int *line);
-unsigned long ERR_get_error_line_data(const char **file, int *line,
-                                      const char **data, int *flags);
-unsigned long ERR_peek_error(void);
-unsigned long ERR_peek_error_line(const char **file, int *line);
-unsigned long ERR_peek_error_line_data(const char **file, int *line,
-                                       const char **data, int *flags);
-unsigned long ERR_peek_last_error(void);
-unsigned long ERR_peek_last_error_line(const char **file, int *line);
-unsigned long ERR_peek_last_error_line_data(const char **file, int *line,
-                                            const char **data, int *flags);
-void ERR_clear_error(void);
-char *ERR_error_string(unsigned long e, char *buf);
-void ERR_error_string_n(unsigned long e, char *buf, size_t len);
-const char *ERR_lib_error_string(unsigned long e);
-const char *ERR_func_error_string(unsigned long e);
-const char *ERR_reason_error_string(unsigned long e);
-void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u),
-                         void *u);
-# ifndef OPENSSL_NO_FP_API
-void ERR_print_errors_fp(FILE *fp);
-# endif
-# ifndef OPENSSL_NO_BIO
-void ERR_print_errors(BIO *bp);
-# endif
-void ERR_add_error_data(int num, ...);
-void ERR_add_error_vdata(int num, va_list args);
-void ERR_load_strings(int lib, ERR_STRING_DATA str[]);
-void ERR_unload_strings(int lib, ERR_STRING_DATA str[]);
-void ERR_load_ERR_strings(void);
-void ERR_load_crypto_strings(void);
-void ERR_free_strings(void);
-
-void ERR_remove_thread_state(const CRYPTO_THREADID *tid);
-# ifndef OPENSSL_NO_DEPRECATED
-void ERR_remove_state(unsigned long pid); /* if zero we look it up */
-# endif
-ERR_STATE *ERR_get_state(void);
-
-# ifndef OPENSSL_NO_LHASH
-LHASH_OF(ERR_STRING_DATA) *ERR_get_string_table(void);
-LHASH_OF(ERR_STATE) *ERR_get_err_state_table(void);
-void ERR_release_err_state_table(LHASH_OF(ERR_STATE) **hash);
-# endif
-
-int ERR_get_next_error_library(void);
-
-int ERR_set_mark(void);
-int ERR_pop_to_mark(void);
-
-/* Already defined in ossl_typ.h */
-/* typedef struct st_ERR_FNS ERR_FNS; */
-/*
- * An application can use this function and provide the return value to
- * loaded modules that should use the application's ERR state/functionality
- */
-const ERR_FNS *ERR_get_implementation(void);
-/*
- * A loaded module should call this function prior to any ERR operations
- * using the application's "ERR_FNS".
- */
-int ERR_set_implementation(const ERR_FNS *fns);
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/freebsd/crypto/openssl/crypto/err/err_all.c b/freebsd/crypto/openssl/crypto/err/err_all.c
index 2d30fc05..bff3a6fd 100644
--- a/freebsd/crypto/openssl/crypto/err/err_all.c
+++ b/freebsd/crypto/openssl/crypto/err/err_all.c
@@ -1,170 +1,105 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/err/err_all.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include <openssl/asn1.h>
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_EC
-# include <openssl/ec.h>
-#endif
-#include <openssl/buffer.h>
-#include <openssl/bio.h>
-#ifndef OPENSSL_NO_COMP
-# include <openssl/comp.h>
-#endif
-#ifndef OPENSSL_NO_RSA
-# include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-# include <openssl/dh.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-# include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_ECDSA
-# include <openssl/ecdsa.h>
-#endif
-#ifndef OPENSSL_NO_ECDH
-# include <openssl/ecdh.h>
-#endif
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/pem2.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/conf.h>
-#include <openssl/pkcs12.h>
-#include <openssl/rand.h>
-#include <openssl/dso.h>
-#ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
-#endif
-#include <openssl/ui.h>
-#include <openssl/ocsp.h>
+#include "internal/err_int.h"
+#include <openssl/asn1err.h>
+#include <openssl/bnerr.h>
+#include <openssl/ecerr.h>
+#include <openssl/buffererr.h>
+#include <openssl/bioerr.h>
+#include <openssl/comperr.h>
+#include <openssl/rsaerr.h>
+#include <openssl/dherr.h>
+#include <openssl/dsaerr.h>
+#include <openssl/evperr.h>
+#include <openssl/objectserr.h>
+#include <openssl/pemerr.h>
+#include <openssl/pkcs7err.h>
+#include <openssl/x509err.h>
+#include <openssl/x509v3err.h>
+#include <openssl/conferr.h>
+#include <openssl/pkcs12err.h>
+#include <openssl/randerr.h>
+#include "internal/dso.h"
+#include <openssl/engineerr.h>
+#include <openssl/uierr.h>
+#include <openssl/ocsperr.h>
 #include <openssl/err.h>
-#ifdef OPENSSL_FIPS
-# include <openssl/fips.h>
-#endif
-#include <openssl/ts.h>
-#ifndef OPENSSL_NO_CMS
-# include <openssl/cms.h>
-#endif
-#ifndef OPENSSL_NO_JPAKE
-# include <openssl/jpake.h>
-#endif
+#include <openssl/tserr.h>
+#include <openssl/cmserr.h>
+#include <openssl/cterr.h>
+#include <openssl/asyncerr.h>
+#include <openssl/kdferr.h>
+#include <openssl/storeerr.h>
 
-void ERR_load_crypto_strings(void)
+int err_load_crypto_strings_int(void)
 {
+    if (
 #ifndef OPENSSL_NO_ERR
-    ERR_load_ERR_strings();     /* include error strings for SYSerr */
-    ERR_load_BN_strings();
+        ERR_load_ERR_strings() == 0 ||    /* include error strings for SYSerr */
+        ERR_load_BN_strings() == 0 ||
 # ifndef OPENSSL_NO_RSA
-    ERR_load_RSA_strings();
+        ERR_load_RSA_strings() == 0 ||
 # endif
 # ifndef OPENSSL_NO_DH
-    ERR_load_DH_strings();
+        ERR_load_DH_strings() == 0 ||
 # endif
-    ERR_load_EVP_strings();
-    ERR_load_BUF_strings();
-    ERR_load_OBJ_strings();
-    ERR_load_PEM_strings();
+        ERR_load_EVP_strings() == 0 ||
+        ERR_load_BUF_strings() == 0 ||
+        ERR_load_OBJ_strings() == 0 ||
+        ERR_load_PEM_strings() == 0 ||
 # ifndef OPENSSL_NO_DSA
-    ERR_load_DSA_strings();
+        ERR_load_DSA_strings() == 0 ||
 # endif
-    ERR_load_X509_strings();
-    ERR_load_ASN1_strings();
-    ERR_load_CONF_strings();
-    ERR_load_CRYPTO_strings();
+        ERR_load_X509_strings() == 0 ||
+        ERR_load_ASN1_strings() == 0 ||
+        ERR_load_CONF_strings() == 0 ||
+        ERR_load_CRYPTO_strings() == 0 ||
 # ifndef OPENSSL_NO_COMP
-    ERR_load_COMP_strings();
+        ERR_load_COMP_strings() == 0 ||
 # endif
 # ifndef OPENSSL_NO_EC
-    ERR_load_EC_strings();
+        ERR_load_EC_strings() == 0 ||
 # endif
-# ifndef OPENSSL_NO_ECDSA
-    ERR_load_ECDSA_strings();
+        /* skip ERR_load_SSL_strings() because it is not in this library */
+        ERR_load_BIO_strings() == 0 ||
+        ERR_load_PKCS7_strings() == 0 ||
+        ERR_load_X509V3_strings() == 0 ||
+        ERR_load_PKCS12_strings() == 0 ||
+        ERR_load_RAND_strings() == 0 ||
+#ifndef __rtems__
+        ERR_load_DSO_strings() == 0 ||
+#endif /* __rtems__ */
+# ifndef OPENSSL_NO_TS
+        ERR_load_TS_strings() == 0 ||
 # endif
-# ifndef OPENSSL_NO_ECDH
-    ERR_load_ECDH_strings();
-# endif
-    /* skip ERR_load_SSL_strings() because it is not in this library */
-    ERR_load_BIO_strings();
-    ERR_load_PKCS7_strings();
-    ERR_load_X509V3_strings();
-    ERR_load_PKCS12_strings();
-    ERR_load_RAND_strings();
-    ERR_load_DSO_strings();
-    ERR_load_TS_strings();
 # ifndef OPENSSL_NO_ENGINE
-    ERR_load_ENGINE_strings();
+        ERR_load_ENGINE_strings() == 0 ||
 # endif
-    ERR_load_OCSP_strings();
-    ERR_load_UI_strings();
-# ifdef OPENSSL_FIPS
-    ERR_load_FIPS_strings();
+# ifndef OPENSSL_NO_OCSP
+        ERR_load_OCSP_strings() == 0 ||
 # endif
+        ERR_load_UI_strings() == 0 ||
 # ifndef OPENSSL_NO_CMS
-    ERR_load_CMS_strings();
+        ERR_load_CMS_strings() == 0 ||
 # endif
-# ifndef OPENSSL_NO_JPAKE
-    ERR_load_JPAKE_strings();
+# ifndef OPENSSL_NO_CT
+        ERR_load_CT_strings() == 0 ||
 # endif
+        ERR_load_ASYNC_strings() == 0 ||
 #endif
+        ERR_load_KDF_strings() == 0 ||
+        ERR_load_OSSL_STORE_strings() == 0)
+        return 0;
+
+    return 1;
 }
diff --git a/freebsd/crypto/openssl/crypto/err/err_prn.c b/freebsd/crypto/openssl/crypto/err/err_prn.c
index 6adff26a..0459b5b8 100644
--- a/freebsd/crypto/openssl/crypto/err/err_prn.c
+++ b/freebsd/crypto/openssl/crypto/err/err_prn.c
@@ -1,66 +1,16 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/err/err_prn.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/lhash.h>
+#include "internal/cryptlib.h"
 #include <openssl/crypto.h>
 #include <openssl/buffer.h>
 #include <openssl/err.h>
@@ -73,37 +23,27 @@ void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u),
     char buf2[4096];
     const char *file, *data;
     int line, flags;
-    unsigned long es;
-    CRYPTO_THREADID cur;
+    /*
+     * We don't know what kind of thing CRYPTO_THREAD_ID is. Here is our best
+     * attempt to convert it into something we can print.
+     */
+    union {
+        CRYPTO_THREAD_ID tid;
+        unsigned long ltid;
+    } tid;
+
+    tid.ltid = 0;
+    tid.tid = CRYPTO_THREAD_get_current_id();
 
-    CRYPTO_THREADID_current(&cur);
-    es = CRYPTO_THREADID_hash(&cur);
     while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0) {
         ERR_error_string_n(l, buf, sizeof(buf));
-        BIO_snprintf(buf2, sizeof(buf2), "%lu:%s:%s:%d:%s\n", es, buf,
+        BIO_snprintf(buf2, sizeof(buf2), "%lu:%s:%s:%d:%s\n", tid.ltid, buf,
                      file, line, (flags & ERR_TXT_STRING) ? data : "");
         if (cb(buf2, strlen(buf2), u) <= 0)
             break;              /* abort outputting the error report */
     }
 }
 
-#ifndef OPENSSL_NO_FP_API
-static int print_fp(const char *str, size_t len, void *fp)
-{
-    BIO bio;
-
-    BIO_set(&bio, BIO_s_file());
-    BIO_set_fp(&bio, fp, BIO_NOCLOSE);
-
-    return BIO_printf(&bio, "%s", str);
-}
-
-void ERR_print_errors_fp(FILE *fp)
-{
-    ERR_print_errors_cb(print_fp, fp);
-}
-#endif
-
 static int print_bio(const char *str, size_t len, void *bp)
 {
     return BIO_write((BIO *)bp, str, len);
@@ -113,3 +53,15 @@ void ERR_print_errors(BIO *bp)
 {
     ERR_print_errors_cb(print_bio, bp);
 }
+
+#ifndef OPENSSL_NO_STDIO
+void ERR_print_errors_fp(FILE *fp)
+{
+    BIO *bio = BIO_new_fp(fp, BIO_NOCLOSE);
+    if (bio == NULL)
+        return;
+
+    ERR_print_errors_cb(print_bio, bio);
+    BIO_free(bio);
+}
+#endif
diff --git a/freebsd/crypto/openssl/crypto/evp/bio_b64.c b/freebsd/crypto/openssl/crypto/evp/bio_b64.c
index 442b41e0..35829b2d 100644
--- a/freebsd/crypto/openssl/crypto/evp/bio_b64.c
+++ b/freebsd/crypto/openssl/crypto/evp/bio_b64.c
@@ -1,79 +1,28 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/evp/bio_b64.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <errno.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/buffer.h>
 #include <openssl/evp.h>
+#include "internal/bio.h"
 
 static int b64_write(BIO *h, const char *buf, int num);
 static int b64_read(BIO *h, char *buf, int size);
 static int b64_puts(BIO *h, const char *str);
-/*
- * static int b64_gets(BIO *h, char *str, int size);
- */
 static long b64_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int b64_new(BIO *h);
 static int b64_free(BIO *data);
-static long b64_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
+static long b64_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
 #define B64_BLOCK_SIZE  1024
 #define B64_BLOCK_SIZE2 768
 #define B64_NONE        0
@@ -91,14 +40,19 @@ typedef struct b64_struct {
     int encode;
     int start;                  /* have we started decoding yet? */
     int cont;                   /* <= 0 when finished */
-    EVP_ENCODE_CTX base64;
+    EVP_ENCODE_CTX *base64;
     char buf[EVP_ENCODE_LENGTH(B64_BLOCK_SIZE) + 10];
     char tmp[B64_BLOCK_SIZE];
 } BIO_B64_CTX;
 
-static BIO_METHOD methods_b64 = {
-    BIO_TYPE_BASE64, "base64 encoding",
+static const BIO_METHOD methods_b64 = {
+    BIO_TYPE_BASE64,
+    "base64 encoding",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
     b64_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
     b64_read,
     b64_puts,
     NULL,                       /* b64_gets, */
@@ -108,43 +62,51 @@ static BIO_METHOD methods_b64 = {
     b64_callback_ctrl,
 };
 
-BIO_METHOD *BIO_f_base64(void)
+
+const BIO_METHOD *BIO_f_base64(void)
 {
-    return (&methods_b64);
+    return &methods_b64;
 }
 
 static int b64_new(BIO *bi)
 {
     BIO_B64_CTX *ctx;
 
-    ctx = (BIO_B64_CTX *)OPENSSL_malloc(sizeof(BIO_B64_CTX));
-    if (ctx == NULL)
-        return (0);
+    if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
+        EVPerr(EVP_F_B64_NEW, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
 
-    ctx->buf_len = 0;
-    ctx->tmp_len = 0;
-    ctx->tmp_nl = 0;
-    ctx->buf_off = 0;
     ctx->cont = 1;
     ctx->start = 1;
-    ctx->encode = 0;
+    ctx->base64 = EVP_ENCODE_CTX_new();
+    if (ctx->base64 == NULL) {
+        OPENSSL_free(ctx);
+        return 0;
+    }
 
-    bi->init = 1;
-    bi->ptr = (char *)ctx;
-    bi->flags = 0;
-    bi->num = 0;
-    return (1);
+    BIO_set_data(bi, ctx);
+    BIO_set_init(bi, 1);
+
+    return 1;
 }
 
 static int b64_free(BIO *a)
 {
+    BIO_B64_CTX *ctx;
     if (a == NULL)
-        return (0);
-    OPENSSL_free(a->ptr);
-    a->ptr = NULL;
-    a->init = 0;
-    a->flags = 0;
-    return (1);
+        return 0;
+
+    ctx = BIO_get_data(a);
+    if (ctx == NULL)
+        return 0;
+
+    EVP_ENCODE_CTX_free(ctx->base64);
+    OPENSSL_free(ctx);
+    BIO_set_data(a, NULL);
+    BIO_set_init(a, 0);
+
+    return 1;
 }
 
 static int b64_read(BIO *b, char *out, int outl)
@@ -152,13 +114,15 @@ static int b64_read(BIO *b, char *out, int outl)
     int ret = 0, i, ii, j, k, x, n, num, ret_code = 0;
     BIO_B64_CTX *ctx;
     unsigned char *p, *q;
+    BIO *next;
 
     if (out == NULL)
-        return (0);
-    ctx = (BIO_B64_CTX *)b->ptr;
+        return 0;
+    ctx = (BIO_B64_CTX *)BIO_get_data(b);
 
-    if ((ctx == NULL) || (b->next_bio == NULL))
-        return (0);
+    next = BIO_next(b);
+    if ((ctx == NULL) || (next == NULL))
+        return 0;
 
     BIO_clear_retry_flags(b);
 
@@ -167,7 +131,7 @@ static int b64_read(BIO *b, char *out, int outl)
         ctx->buf_len = 0;
         ctx->buf_off = 0;
         ctx->tmp_len = 0;
-        EVP_DecodeInit(&(ctx->base64));
+        EVP_DecodeInit(ctx->base64);
     }
 
     /* First check if there are bytes decoded/encoded */
@@ -198,14 +162,14 @@ static int b64_read(BIO *b, char *out, int outl)
         if (ctx->cont <= 0)
             break;
 
-        i = BIO_read(b->next_bio, &(ctx->tmp[ctx->tmp_len]),
+        i = BIO_read(next, &(ctx->tmp[ctx->tmp_len]),
                      B64_BLOCK_SIZE - ctx->tmp_len);
 
         if (i <= 0) {
             ret_code = i;
 
             /* Should we continue next time we are called? */
-            if (!BIO_should_retry(b->next_bio)) {
+            if (!BIO_should_retry(next)) {
                 ctx->cont = i;
                 /* If buffer empty break */
                 if (ctx->tmp_len == 0)
@@ -246,11 +210,11 @@ static int b64_read(BIO *b, char *out, int outl)
                     continue;
                 }
 
-                k = EVP_DecodeUpdate(&(ctx->base64),
+                k = EVP_DecodeUpdate(ctx->base64,
                                      (unsigned char *)ctx->buf,
                                      &num, p, q - p);
                 if ((k <= 0) && (num == 0) && (ctx->start))
-                    EVP_DecodeInit(&ctx->base64);
+                    EVP_DecodeInit(ctx->base64);
                 else {
                     if (p != (unsigned char *)
                         &(ctx->tmp[0])) {
@@ -259,7 +223,7 @@ static int b64_read(BIO *b, char *out, int outl)
                         for (x = 0; x < i; x++)
                             ctx->tmp[x] = p[x];
                     }
-                    EVP_DecodeInit(&ctx->base64);
+                    EVP_DecodeInit(ctx->base64);
                     ctx->start = 0;
                     break;
                 }
@@ -300,11 +264,7 @@ static int b64_read(BIO *b, char *out, int outl)
         if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) {
             int z, jj;
 
-#if 0
-            jj = (i >> 2) << 2;
-#else
             jj = i & ~3;        /* process per 4 */
-#endif
             z = EVP_DecodeBlock((unsigned char *)ctx->buf,
                                 (unsigned char *)ctx->tmp, jj);
             if (jj > 2) {
@@ -327,7 +287,7 @@ static int b64_read(BIO *b, char *out, int outl)
             }
             i = z;
         } else {
-            i = EVP_DecodeUpdate(&(ctx->base64),
+            i = EVP_DecodeUpdate(ctx->base64,
                                  (unsigned char *)ctx->buf, &ctx->buf_len,
                                  (unsigned char *)ctx->tmp, i);
             ctx->tmp_len = 0;
@@ -373,8 +333,13 @@ static int b64_write(BIO *b, const char *in, int inl)
     int n;
     int i;
     BIO_B64_CTX *ctx;
+    BIO *next;
+
+    ctx = (BIO_B64_CTX *)BIO_get_data(b);
+    next = BIO_next(b);
+    if ((ctx == NULL) || (next == NULL))
+        return 0;
 
-    ctx = (BIO_B64_CTX *)b->ptr;
     BIO_clear_retry_flags(b);
 
     if (ctx->encode != B64_ENCODE) {
@@ -382,7 +347,7 @@ static int b64_write(BIO *b, const char *in, int inl)
         ctx->buf_len = 0;
         ctx->buf_off = 0;
         ctx->tmp_len = 0;
-        EVP_EncodeInit(&(ctx->base64));
+        EVP_EncodeInit(ctx->base64);
     }
 
     OPENSSL_assert(ctx->buf_off < (int)sizeof(ctx->buf));
@@ -390,10 +355,10 @@ static int b64_write(BIO *b, const char *in, int inl)
     OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
     n = ctx->buf_len - ctx->buf_off;
     while (n > 0) {
-        i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n);
+        i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n);
         if (i <= 0) {
             BIO_copy_next_retry(b);
-            return (i);
+            return i;
         }
         OPENSSL_assert(i <= n);
         ctx->buf_off += i;
@@ -406,7 +371,7 @@ static int b64_write(BIO *b, const char *in, int inl)
     ctx->buf_len = 0;
 
     if ((in == NULL) || (inl <= 0))
-        return (0);
+        return 0;
 
     while (inl > 0) {
         n = (inl > B64_BLOCK_SIZE) ? B64_BLOCK_SIZE : inl;
@@ -451,9 +416,10 @@ static int b64_write(BIO *b, const char *in, int inl)
                 ret += n;
             }
         } else {
-            EVP_EncodeUpdate(&(ctx->base64),
-                             (unsigned char *)ctx->buf, &ctx->buf_len,
-                             (unsigned char *)in, n);
+            if (!EVP_EncodeUpdate(ctx->base64,
+                                 (unsigned char *)ctx->buf, &ctx->buf_len,
+                                 (unsigned char *)in, n))
+                return ((ret == 0) ? -1 : ret);
             OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
             OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
             ret += n;
@@ -464,7 +430,7 @@ static int b64_write(BIO *b, const char *in, int inl)
         ctx->buf_off = 0;
         n = ctx->buf_len;
         while (n > 0) {
-            i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n);
+            i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n);
             if (i <= 0) {
                 BIO_copy_next_retry(b);
                 return ((ret == 0) ? i : ret);
@@ -478,7 +444,7 @@ static int b64_write(BIO *b, const char *in, int inl)
         ctx->buf_len = 0;
         ctx->buf_off = 0;
     }
-    return (ret);
+    return ret;
 }
 
 static long b64_ctrl(BIO *b, int cmd, long num, void *ptr)
@@ -486,36 +452,40 @@ static long b64_ctrl(BIO *b, int cmd, long num, void *ptr)
     BIO_B64_CTX *ctx;
     long ret = 1;
     int i;
+    BIO *next;
 
-    ctx = (BIO_B64_CTX *)b->ptr;
+    ctx = (BIO_B64_CTX *)BIO_get_data(b);
+    next = BIO_next(b);
+    if ((ctx == NULL) || (next == NULL))
+        return 0;
 
     switch (cmd) {
     case BIO_CTRL_RESET:
         ctx->cont = 1;
         ctx->start = 1;
         ctx->encode = B64_NONE;
-        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        ret = BIO_ctrl(next, cmd, num, ptr);
         break;
     case BIO_CTRL_EOF:         /* More to read */
         if (ctx->cont <= 0)
             ret = 1;
         else
-            ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+            ret = BIO_ctrl(next, cmd, num, ptr);
         break;
     case BIO_CTRL_WPENDING:    /* More to write in buffer */
         OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
         ret = ctx->buf_len - ctx->buf_off;
         if ((ret == 0) && (ctx->encode != B64_NONE)
-            && (ctx->base64.num != 0))
+            && (EVP_ENCODE_CTX_num(ctx->base64) != 0))
             ret = 1;
         else if (ret <= 0)
-            ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+            ret = BIO_ctrl(next, cmd, num, ptr);
         break;
     case BIO_CTRL_PENDING:     /* More to read in buffer */
         OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
         ret = ctx->buf_len - ctx->buf_off;
         if (ret <= 0)
-            ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+            ret = BIO_ctrl(next, cmd, num, ptr);
         break;
     case BIO_CTRL_FLUSH:
         /* do a final write */
@@ -534,20 +504,21 @@ static long b64_ctrl(BIO *b, int cmd, long num, void *ptr)
                 ctx->tmp_len = 0;
                 goto again;
             }
-        } else if (ctx->encode != B64_NONE && ctx->base64.num != 0) {
+        } else if (ctx->encode != B64_NONE
+                   && EVP_ENCODE_CTX_num(ctx->base64) != 0) {
             ctx->buf_off = 0;
-            EVP_EncodeFinal(&(ctx->base64),
+            EVP_EncodeFinal(ctx->base64,
                             (unsigned char *)ctx->buf, &(ctx->buf_len));
             /* push out the bytes */
             goto again;
         }
         /* Finally flush the underlying BIO */
-        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        ret = BIO_ctrl(next, cmd, num, ptr);
         break;
 
     case BIO_C_DO_STATE_MACHINE:
         BIO_clear_retry_flags(b);
-        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        ret = BIO_ctrl(next, cmd, num, ptr);
         BIO_copy_next_retry(b);
         break;
 
@@ -557,24 +528,25 @@ static long b64_ctrl(BIO *b, int cmd, long num, void *ptr)
     case BIO_CTRL_GET:
     case BIO_CTRL_SET:
     default:
-        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        ret = BIO_ctrl(next, cmd, num, ptr);
         break;
     }
-    return (ret);
+    return ret;
 }
 
-static long b64_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+static long b64_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
 {
     long ret = 1;
+    BIO *next = BIO_next(b);
 
-    if (b->next_bio == NULL)
-        return (0);
+    if (next == NULL)
+        return 0;
     switch (cmd) {
     default:
-        ret = BIO_callback_ctrl(b->next_bio, cmd, fp);
+        ret = BIO_callback_ctrl(next, cmd, fp);
         break;
     }
-    return (ret);
+    return ret;
 }
 
 static int b64_puts(BIO *b, const char *str)
diff --git a/freebsd/crypto/openssl/crypto/evp/bio_enc.c b/freebsd/crypto/openssl/crypto/evp/bio_enc.c
index 7e317aae..9a499407 100644
--- a/freebsd/crypto/openssl/crypto/evp/bio_enc.c
+++ b/freebsd/crypto/openssl/crypto/evp/bio_enc.c
@@ -1,83 +1,30 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/evp/bio_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <errno.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/buffer.h>
 #include <openssl/evp.h>
+#include "internal/bio.h"
 
 static int enc_write(BIO *h, const char *buf, int num);
 static int enc_read(BIO *h, char *buf, int size);
-/*
- * static int enc_puts(BIO *h, const char *str);
- */
-/*
- * static int enc_gets(BIO *h, char *str, int size);
- */
 static long enc_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int enc_new(BIO *h);
 static int enc_free(BIO *data);
-static long enc_callback_ctrl(BIO *h, int cmd, bio_info_cb *fps);
+static long enc_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fps);
 #define ENC_BLOCK_SIZE  (1024*4)
-#define BUF_OFFSET      (EVP_MAX_BLOCK_LENGTH*2)
+#define ENC_MIN_CHUNK   (256)
+#define BUF_OFFSET      (ENC_MIN_CHUNK + EVP_MAX_BLOCK_LENGTH)
 
 typedef struct enc_struct {
     int buf_len;
@@ -85,17 +32,23 @@ typedef struct enc_struct {
     int cont;                   /* <= 0 when finished */
     int finished;
     int ok;                     /* bad decrypt */
-    EVP_CIPHER_CTX cipher;
+    EVP_CIPHER_CTX *cipher;
+    unsigned char *read_start, *read_end;
     /*
      * buf is larger than ENC_BLOCK_SIZE because EVP_DecryptUpdate can return
      * up to a block more data than is presented to it
      */
-    char buf[ENC_BLOCK_SIZE + BUF_OFFSET + 2];
+    unsigned char buf[BUF_OFFSET + ENC_BLOCK_SIZE];
 } BIO_ENC_CTX;
 
-static BIO_METHOD methods_enc = {
-    BIO_TYPE_CIPHER, "cipher",
+static const BIO_METHOD methods_enc = {
+    BIO_TYPE_CIPHER,
+    "cipher",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
     enc_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
     enc_read,
     NULL,                       /* enc_puts, */
     NULL,                       /* enc_gets, */
@@ -105,30 +58,32 @@ static BIO_METHOD methods_enc = {
     enc_callback_ctrl,
 };
 
-BIO_METHOD *BIO_f_cipher(void)
+const BIO_METHOD *BIO_f_cipher(void)
 {
-    return (&methods_enc);
+    return &methods_enc;
 }
 
 static int enc_new(BIO *bi)
 {
     BIO_ENC_CTX *ctx;
 
-    ctx = (BIO_ENC_CTX *)OPENSSL_malloc(sizeof(BIO_ENC_CTX));
-    if (ctx == NULL)
-        return (0);
-    EVP_CIPHER_CTX_init(&ctx->cipher);
+    if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
+        EVPerr(EVP_F_ENC_NEW, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
 
-    ctx->buf_len = 0;
-    ctx->buf_off = 0;
+    ctx->cipher = EVP_CIPHER_CTX_new();
+    if (ctx->cipher == NULL) {
+        OPENSSL_free(ctx);
+        return 0;
+    }
     ctx->cont = 1;
-    ctx->finished = 0;
     ctx->ok = 1;
+    ctx->read_end = ctx->read_start = &(ctx->buf[BUF_OFFSET]);
+    BIO_set_data(bi, ctx);
+    BIO_set_init(bi, 1);
 
-    bi->init = 0;
-    bi->ptr = (char *)ctx;
-    bi->flags = 0;
-    return (1);
+    return 1;
 }
 
 static int enc_free(BIO *a)
@@ -136,28 +91,33 @@ static int enc_free(BIO *a)
     BIO_ENC_CTX *b;
 
     if (a == NULL)
-        return (0);
-    b = (BIO_ENC_CTX *)a->ptr;
-    EVP_CIPHER_CTX_cleanup(&(b->cipher));
-    OPENSSL_cleanse(a->ptr, sizeof(BIO_ENC_CTX));
-    OPENSSL_free(a->ptr);
-    a->ptr = NULL;
-    a->init = 0;
-    a->flags = 0;
-    return (1);
+        return 0;
+
+    b = BIO_get_data(a);
+    if (b == NULL)
+        return 0;
+
+    EVP_CIPHER_CTX_free(b->cipher);
+    OPENSSL_clear_free(b, sizeof(BIO_ENC_CTX));
+    BIO_set_data(a, NULL);
+    BIO_set_init(a, 0);
+
+    return 1;
 }
 
 static int enc_read(BIO *b, char *out, int outl)
 {
-    int ret = 0, i;
+    int ret = 0, i, blocksize;
     BIO_ENC_CTX *ctx;
+    BIO *next;
 
     if (out == NULL)
-        return (0);
-    ctx = (BIO_ENC_CTX *)b->ptr;
+        return 0;
+    ctx = BIO_get_data(b);
 
-    if ((ctx == NULL) || (b->next_bio == NULL))
-        return (0);
+    next = BIO_next(b);
+    if ((ctx == NULL) || (next == NULL))
+        return 0;
 
     /* First check if there are bytes decoded/encoded */
     if (ctx->buf_len > 0) {
@@ -175,6 +135,10 @@ static int enc_read(BIO *b, char *out, int outl)
         }
     }
 
+    blocksize = EVP_CIPHER_CTX_block_size(ctx->cipher);
+    if (blocksize == 1)
+        blocksize = 0;
+
     /*
      * At this point, we have room of outl bytes and an empty buffer, so we
      * should read in some more.
@@ -184,18 +148,21 @@ static int enc_read(BIO *b, char *out, int outl)
         if (ctx->cont <= 0)
             break;
 
-        /*
-         * read in at IV offset, read the EVP_Cipher documentation about why
-         */
-        i = BIO_read(b->next_bio, &(ctx->buf[BUF_OFFSET]), ENC_BLOCK_SIZE);
+        if (ctx->read_start == ctx->read_end) { /* time to read more data */
+            ctx->read_end = ctx->read_start = &(ctx->buf[BUF_OFFSET]);
+            i = BIO_read(next, ctx->read_start, ENC_BLOCK_SIZE);
+            if (i > 0)
+                ctx->read_end += i;
+        } else {
+            i = ctx->read_end - ctx->read_start;
+        }
 
         if (i <= 0) {
             /* Should be continue next time we are called? */
-            if (!BIO_should_retry(b->next_bio)) {
+            if (!BIO_should_retry(next)) {
                 ctx->cont = i;
-                i = EVP_CipherFinal_ex(&(ctx->cipher),
-                                       (unsigned char *)ctx->buf,
-                                       &(ctx->buf_len));
+                i = EVP_CipherFinal_ex(ctx->cipher,
+                                       ctx->buf, &(ctx->buf_len));
                 ctx->ok = i;
                 ctx->buf_off = 0;
             } else {
@@ -203,14 +170,40 @@ static int enc_read(BIO *b, char *out, int outl)
                 break;
             }
         } else {
-            if (!EVP_CipherUpdate(&ctx->cipher,
-                                  (unsigned char *)ctx->buf, &ctx->buf_len,
-                                  (unsigned char *)&(ctx->buf[BUF_OFFSET]),
-                                  i)) {
+            if (outl > ENC_MIN_CHUNK) {
+                /*
+                 * Depending on flags block cipher decrypt can write
+                 * one extra block and then back off, i.e. output buffer
+                 * has to accommodate extra block...
+                 */
+                int j = outl - blocksize, buf_len;
+
+                if (!EVP_CipherUpdate(ctx->cipher,
+                                      (unsigned char *)out, &buf_len,
+                                      ctx->read_start, i > j ? j : i)) {
+                    BIO_clear_retry_flags(b);
+                    return 0;
+                }
+                ret += buf_len;
+                out += buf_len;
+                outl -= buf_len;
+
+                if ((i -= j) <= 0) {
+                    ctx->read_start = ctx->read_end;
+                    continue;
+                }
+                ctx->read_start += j;
+            }
+            if (i > ENC_MIN_CHUNK)
+                i = ENC_MIN_CHUNK;
+            if (!EVP_CipherUpdate(ctx->cipher,
+                                  ctx->buf, &ctx->buf_len,
+                                  ctx->read_start, i)) {
                 BIO_clear_retry_flags(b);
                 ctx->ok = 0;
                 return 0;
             }
+            ctx->read_start += i;
             ctx->cont = 1;
             /*
              * Note: it is possible for EVP_CipherUpdate to decrypt zero
@@ -244,17 +237,22 @@ static int enc_write(BIO *b, const char *in, int inl)
 {
     int ret = 0, n, i;
     BIO_ENC_CTX *ctx;
+    BIO *next;
+
+    ctx = BIO_get_data(b);
+    next = BIO_next(b);
+    if ((ctx == NULL) || (next == NULL))
+        return 0;
 
-    ctx = (BIO_ENC_CTX *)b->ptr;
     ret = inl;
 
     BIO_clear_retry_flags(b);
     n = ctx->buf_len - ctx->buf_off;
     while (n > 0) {
-        i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n);
+        i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n);
         if (i <= 0) {
             BIO_copy_next_retry(b);
-            return (i);
+            return i;
         }
         ctx->buf_off += i;
         n -= i;
@@ -262,14 +260,14 @@ static int enc_write(BIO *b, const char *in, int inl)
     /* at this point all pending data has been written */
 
     if ((in == NULL) || (inl <= 0))
-        return (0);
+        return 0;
 
     ctx->buf_off = 0;
     while (inl > 0) {
         n = (inl > ENC_BLOCK_SIZE) ? ENC_BLOCK_SIZE : inl;
-        if (!EVP_CipherUpdate(&ctx->cipher,
-                              (unsigned char *)ctx->buf, &ctx->buf_len,
-                              (unsigned char *)in, n)) {
+        if (!EVP_CipherUpdate(ctx->cipher,
+                              ctx->buf, &ctx->buf_len,
+                              (const unsigned char *)in, n)) {
             BIO_clear_retry_flags(b);
             ctx->ok = 0;
             return 0;
@@ -280,7 +278,7 @@ static int enc_write(BIO *b, const char *in, int inl)
         ctx->buf_off = 0;
         n = ctx->buf_len;
         while (n > 0) {
-            i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n);
+            i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n);
             if (i <= 0) {
                 BIO_copy_next_retry(b);
                 return (ret == inl) ? i : ret - inl;
@@ -292,7 +290,7 @@ static int enc_write(BIO *b, const char *in, int inl)
         ctx->buf_off = 0;
     }
     BIO_copy_next_retry(b);
-    return (ret);
+    return ret;
 }
 
 static long enc_ctrl(BIO *b, int cmd, long num, void *ptr)
@@ -302,32 +300,37 @@ static long enc_ctrl(BIO *b, int cmd, long num, void *ptr)
     long ret = 1;
     int i;
     EVP_CIPHER_CTX **c_ctx;
+    BIO *next;
 
-    ctx = (BIO_ENC_CTX *)b->ptr;
+    ctx = BIO_get_data(b);
+    next = BIO_next(b);
+    if (ctx == NULL)
+        return 0;
 
     switch (cmd) {
     case BIO_CTRL_RESET:
         ctx->ok = 1;
         ctx->finished = 0;
-        EVP_CipherInit_ex(&(ctx->cipher), NULL, NULL, NULL, NULL,
-                          ctx->cipher.encrypt);
-        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        if (!EVP_CipherInit_ex(ctx->cipher, NULL, NULL, NULL, NULL,
+                               EVP_CIPHER_CTX_encrypting(ctx->cipher)))
+            return 0;
+        ret = BIO_ctrl(next, cmd, num, ptr);
         break;
     case BIO_CTRL_EOF:         /* More to read */
         if (ctx->cont <= 0)
             ret = 1;
         else
-            ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+            ret = BIO_ctrl(next, cmd, num, ptr);
         break;
     case BIO_CTRL_WPENDING:
         ret = ctx->buf_len - ctx->buf_off;
         if (ret <= 0)
-            ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+            ret = BIO_ctrl(next, cmd, num, ptr);
         break;
     case BIO_CTRL_PENDING:     /* More to read in buffer */
         ret = ctx->buf_len - ctx->buf_off;
         if (ret <= 0)
-            ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+            ret = BIO_ctrl(next, cmd, num, ptr);
         break;
     case BIO_CTRL_FLUSH:
         /* do a final write */
@@ -341,7 +344,7 @@ static long enc_ctrl(BIO *b, int cmd, long num, void *ptr)
         if (!ctx->finished) {
             ctx->finished = 1;
             ctx->buf_off = 0;
-            ret = EVP_CipherFinal_ex(&(ctx->cipher),
+            ret = EVP_CipherFinal_ex(ctx->cipher,
                                      (unsigned char *)ctx->buf,
                                      &(ctx->buf_len));
             ctx->ok = (int)ret;
@@ -353,87 +356,76 @@ static long enc_ctrl(BIO *b, int cmd, long num, void *ptr)
         }
 
         /* Finally flush the underlying BIO */
-        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        ret = BIO_ctrl(next, cmd, num, ptr);
         break;
     case BIO_C_GET_CIPHER_STATUS:
         ret = (long)ctx->ok;
         break;
     case BIO_C_DO_STATE_MACHINE:
         BIO_clear_retry_flags(b);
-        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        ret = BIO_ctrl(next, cmd, num, ptr);
         BIO_copy_next_retry(b);
         break;
     case BIO_C_GET_CIPHER_CTX:
         c_ctx = (EVP_CIPHER_CTX **)ptr;
-        (*c_ctx) = &(ctx->cipher);
-        b->init = 1;
+        *c_ctx = ctx->cipher;
+        BIO_set_init(b, 1);
         break;
     case BIO_CTRL_DUP:
         dbio = (BIO *)ptr;
-        dctx = (BIO_ENC_CTX *)dbio->ptr;
-        EVP_CIPHER_CTX_init(&dctx->cipher);
-        ret = EVP_CIPHER_CTX_copy(&dctx->cipher, &ctx->cipher);
+        dctx = BIO_get_data(dbio);
+        dctx->cipher = EVP_CIPHER_CTX_new();
+        if (dctx->cipher == NULL)
+            return 0;
+        ret = EVP_CIPHER_CTX_copy(dctx->cipher, ctx->cipher);
         if (ret)
-            dbio->init = 1;
+            BIO_set_init(dbio, 1);
         break;
     default:
-        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        ret = BIO_ctrl(next, cmd, num, ptr);
         break;
     }
-    return (ret);
+    return ret;
 }
 
-static long enc_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+static long enc_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
 {
     long ret = 1;
+    BIO *next = BIO_next(b);
 
-    if (b->next_bio == NULL)
-        return (0);
+    if (next == NULL)
+        return 0;
     switch (cmd) {
     default:
-        ret = BIO_callback_ctrl(b->next_bio, cmd, fp);
+        ret = BIO_callback_ctrl(next, cmd, fp);
         break;
     }
-    return (ret);
+    return ret;
 }
 
-/*-
-void BIO_set_cipher_ctx(b,c)
-BIO *b;
-EVP_CIPHER_ctx *c;
-        {
-        if (b == NULL) return;
-
-        if ((b->callback != NULL) &&
-                (b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,0L) <= 0))
-                return;
-
-        b->init=1;
-        ctx=(BIO_ENC_CTX *)b->ptr;
-        memcpy(ctx->cipher,c,sizeof(EVP_CIPHER_CTX));
-
-        if (b->callback != NULL)
-                b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L);
-        }
-*/
-
-void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k,
-                    const unsigned char *i, int e)
+int BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k,
+                   const unsigned char *i, int e)
 {
     BIO_ENC_CTX *ctx;
+    long (*callback) (struct bio_st *, int, const char *, int, long, long);
 
-    if (b == NULL)
-        return;
+    ctx = BIO_get_data(b);
+    if (ctx == NULL)
+        return 0;
+
+    callback = BIO_get_callback(b);
+
+    if ((callback != NULL) &&
+            (callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e,
+                      0L) <= 0))
+        return 0;
 
-    if ((b->callback != NULL) &&
-        (b->callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, 0L) <=
-         0))
-        return;
+    BIO_set_init(b, 1);
 
-    b->init = 1;
-    ctx = (BIO_ENC_CTX *)b->ptr;
-    EVP_CipherInit_ex(&(ctx->cipher), c, NULL, k, i, e);
+    if (!EVP_CipherInit_ex(ctx->cipher, c, NULL, k, i, e))
+        return 0;
 
-    if (b->callback != NULL)
-        b->callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, 1L);
+    if (callback != NULL)
+        return callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, 1L);
+    return 1;
 }
diff --git a/freebsd/crypto/openssl/crypto/evp/bio_md.c b/freebsd/crypto/openssl/crypto/evp/bio_md.c
index 3e6309f8..ba860112 100644
--- a/freebsd/crypto/openssl/crypto/evp/bio_md.c
+++ b/freebsd/crypto/openssl/crypto/evp/bio_md.c
@@ -1,68 +1,22 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/evp/bio_md.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <errno.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/buffer.h>
 #include <openssl/evp.h>
+#include "internal/evp_int.h"
+#include "evp_locl.h"
+#include "internal/bio.h"
 
 /*
  * BIO_put and BIO_get both add to the digest, BIO_gets returns the digest
@@ -70,18 +24,20 @@
 
 static int md_write(BIO *h, char const *buf, int num);
 static int md_read(BIO *h, char *buf, int size);
-/*
- * static int md_puts(BIO *h, const char *str);
- */
 static int md_gets(BIO *h, char *str, int size);
 static long md_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int md_new(BIO *h);
 static int md_free(BIO *data);
-static long md_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
+static long md_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
 
-static BIO_METHOD methods_md = {
-    BIO_TYPE_MD, "message digest",
+static const BIO_METHOD methods_md = {
+    BIO_TYPE_MD,
+    "message digest",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
     md_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
     md_read,
     NULL,                       /* md_puts, */
     md_gets,
@@ -91,73 +47,79 @@ static BIO_METHOD methods_md = {
     md_callback_ctrl,
 };
 
-BIO_METHOD *BIO_f_md(void)
+const BIO_METHOD *BIO_f_md(void)
 {
-    return (&methods_md);
+    return &methods_md;
 }
 
 static int md_new(BIO *bi)
 {
     EVP_MD_CTX *ctx;
 
-    ctx = EVP_MD_CTX_create();
+    ctx = EVP_MD_CTX_new();
     if (ctx == NULL)
-        return (0);
+        return 0;
 
-    bi->init = 0;
-    bi->ptr = (char *)ctx;
-    bi->flags = 0;
-    return (1);
+    BIO_set_init(bi, 1);
+    BIO_set_data(bi, ctx);
+
+    return 1;
 }
 
 static int md_free(BIO *a)
 {
     if (a == NULL)
-        return (0);
-    EVP_MD_CTX_destroy(a->ptr);
-    a->ptr = NULL;
-    a->init = 0;
-    a->flags = 0;
-    return (1);
+        return 0;
+    EVP_MD_CTX_free(BIO_get_data(a));
+    BIO_set_data(a, NULL);
+    BIO_set_init(a, 0);
+
+    return 1;
 }
 
 static int md_read(BIO *b, char *out, int outl)
 {
     int ret = 0;
     EVP_MD_CTX *ctx;
+    BIO *next;
 
     if (out == NULL)
-        return (0);
-    ctx = b->ptr;
+        return 0;
 
-    if ((ctx == NULL) || (b->next_bio == NULL))
-        return (0);
+    ctx = BIO_get_data(b);
+    next = BIO_next(b);
 
-    ret = BIO_read(b->next_bio, out, outl);
-    if (b->init) {
+    if ((ctx == NULL) || (next == NULL))
+        return 0;
+
+    ret = BIO_read(next, out, outl);
+    if (BIO_get_init(b)) {
         if (ret > 0) {
             if (EVP_DigestUpdate(ctx, (unsigned char *)out,
                                  (unsigned int)ret) <= 0)
-                return (-1);
+                return -1;
         }
     }
     BIO_clear_retry_flags(b);
     BIO_copy_next_retry(b);
-    return (ret);
+    return ret;
 }
 
 static int md_write(BIO *b, const char *in, int inl)
 {
     int ret = 0;
     EVP_MD_CTX *ctx;
+    BIO *next;
 
     if ((in == NULL) || (inl <= 0))
-        return (0);
-    ctx = b->ptr;
+        return 0;
+
+    ctx = BIO_get_data(b);
+    next = BIO_next(b);
+    if ((ctx != NULL) && (next != NULL))
+        ret = BIO_write(next, in, inl);
 
-    if ((ctx != NULL) && (b->next_bio != NULL))
-        ret = BIO_write(b->next_bio, in, inl);
-    if (b->init) {
+    if (BIO_get_init(b)) {
         if (ret > 0) {
             if (!EVP_DigestUpdate(ctx, (const unsigned char *)in,
                                   (unsigned int)ret)) {
@@ -166,11 +128,11 @@ static int md_write(BIO *b, const char *in, int inl)
             }
         }
     }
-    if (b->next_bio != NULL) {
+    if (next != NULL) {
         BIO_clear_retry_flags(b);
         BIO_copy_next_retry(b);
     }
-    return (ret);
+    return ret;
 }
 
 static long md_ctrl(BIO *b, int cmd, long num, void *ptr)
@@ -179,21 +141,23 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr)
     const EVP_MD **ppmd;
     EVP_MD *md;
     long ret = 1;
-    BIO *dbio;
+    BIO *dbio, *next;
+
 
-    ctx = b->ptr;
+    ctx = BIO_get_data(b);
+    next = BIO_next(b);
 
     switch (cmd) {
     case BIO_CTRL_RESET:
-        if (b->init)
+        if (BIO_get_init(b))
             ret = EVP_DigestInit_ex(ctx, ctx->digest, NULL);
         else
             ret = 0;
         if (ret > 0)
-            ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+            ret = BIO_ctrl(next, cmd, num, ptr);
         break;
     case BIO_C_GET_MD:
-        if (b->init) {
+        if (BIO_get_init(b)) {
             ppmd = ptr;
             *ppmd = ctx->digest;
         } else
@@ -202,17 +166,17 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr)
     case BIO_C_GET_MD_CTX:
         pctx = ptr;
         *pctx = ctx;
-        b->init = 1;
+        BIO_set_init(b, 1);
         break;
     case BIO_C_SET_MD_CTX:
-        if (b->init)
-            b->ptr = ptr;
+        if (BIO_get_init(b))
+            BIO_set_data(b, ptr);
         else
             ret = 0;
         break;
     case BIO_C_DO_STATE_MACHINE:
         BIO_clear_retry_flags(b);
-        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        ret = BIO_ctrl(next, cmd, num, ptr);
         BIO_copy_next_retry(b);
         break;
 
@@ -220,34 +184,38 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr)
         md = ptr;
         ret = EVP_DigestInit_ex(ctx, md, NULL);
         if (ret > 0)
-            b->init = 1;
+            BIO_set_init(b, 1);
         break;
     case BIO_CTRL_DUP:
         dbio = ptr;
-        dctx = dbio->ptr;
+        dctx = BIO_get_data(dbio);
         if (!EVP_MD_CTX_copy_ex(dctx, ctx))
             return 0;
-        b->init = 1;
+        BIO_set_init(b, 1);
         break;
     default:
-        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        ret = BIO_ctrl(next, cmd, num, ptr);
         break;
     }
-    return (ret);
+    return ret;
 }
 
-static long md_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+static long md_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
 {
     long ret = 1;
+    BIO *next;
+
+    next = BIO_next(b);
+
+    if (next == NULL)
+        return 0;
 
-    if (b->next_bio == NULL)
-        return (0);
     switch (cmd) {
     default:
-        ret = BIO_callback_ctrl(b->next_bio, cmd, fp);
+        ret = BIO_callback_ctrl(next, cmd, fp);
         break;
     }
-    return (ret);
+    return ret;
 }
 
 static int md_gets(BIO *bp, char *buf, int size)
@@ -255,20 +223,13 @@ static int md_gets(BIO *bp, char *buf, int size)
     EVP_MD_CTX *ctx;
     unsigned int ret;
 
-    ctx = bp->ptr;
+    ctx = BIO_get_data(bp);
+
     if (size < ctx->digest->md_size)
-        return (0);
+        return 0;
+
     if (EVP_DigestFinal_ex(ctx, (unsigned char *)buf, &ret) <= 0)
         return -1;
 
-    return ((int)ret);
+    return (int)ret;
 }
-
-/*-
-static int md_puts(bp,str)
-BIO *bp;
-char *str;
-        {
-        return(-1);
-        }
-*/
diff --git a/freebsd/crypto/openssl/crypto/evp/bio_ok.c b/freebsd/crypto/openssl/crypto/evp/bio_ok.c
index e6783f95..1d21bd0b 100644
--- a/freebsd/crypto/openssl/crypto/evp/bio_ok.c
+++ b/freebsd/crypto/openssl/crypto/evp/bio_ok.c
@@ -1,65 +1,16 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/evp/bio_ok.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 /*-
-        From: Arne Ansper <arne@cyber.ee>
+        From: Arne Ansper
 
         Why BIO_f_reliable?
 
@@ -122,23 +73,24 @@
 #include <stdio.h>
 #include <errno.h>
 #include <assert.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/buffer.h>
-#include <openssl/bio.h>
+#include "internal/bio.h"
 #include <openssl/evp.h>
 #include <openssl/rand.h>
+#include "internal/evp_int.h"
 
 static int ok_write(BIO *h, const char *buf, int num);
 static int ok_read(BIO *h, char *buf, int size);
 static long ok_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int ok_new(BIO *h);
 static int ok_free(BIO *data);
-static long ok_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
+static long ok_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
 
-static int sig_out(BIO *b);
-static int sig_in(BIO *b);
-static int block_out(BIO *b);
-static int block_in(BIO *b);
+static __owur int sig_out(BIO *b);
+static __owur int sig_in(BIO *b);
+static __owur int block_out(BIO *b);
+static __owur int block_in(BIO *b);
 #define OK_BLOCK_SIZE   (1024*4)
 #define OK_BLOCK_BLOCK  4
 #define IOBS            (OK_BLOCK_SIZE+ OK_BLOCK_BLOCK+ 3*EVP_MAX_MD_SIZE)
@@ -151,15 +103,20 @@ typedef struct ok_struct {
     size_t buf_off_save;
     int cont;                   /* <= 0 when finished */
     int finished;
-    EVP_MD_CTX md;
+    EVP_MD_CTX *md;
     int blockout;               /* output block is ready */
     int sigio;                  /* must process signature */
     unsigned char buf[IOBS];
 } BIO_OK_CTX;
 
-static BIO_METHOD methods_ok = {
-    BIO_TYPE_CIPHER, "reliable",
+static const BIO_METHOD methods_ok = {
+    BIO_TYPE_CIPHER,
+    "reliable",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
     ok_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
     ok_read,
     NULL,                       /* ok_puts, */
     NULL,                       /* ok_gets, */
@@ -169,60 +126,64 @@ static BIO_METHOD methods_ok = {
     ok_callback_ctrl,
 };
 
-BIO_METHOD *BIO_f_reliable(void)
+const BIO_METHOD *BIO_f_reliable(void)
 {
-    return (&methods_ok);
+    return &methods_ok;
 }
 
 static int ok_new(BIO *bi)
 {
     BIO_OK_CTX *ctx;
 
-    ctx = (BIO_OK_CTX *)OPENSSL_malloc(sizeof(BIO_OK_CTX));
-    if (ctx == NULL)
-        return (0);
+    if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
+        EVPerr(EVP_F_OK_NEW, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
 
-    ctx->buf_len = 0;
-    ctx->buf_off = 0;
-    ctx->buf_len_save = 0;
-    ctx->buf_off_save = 0;
     ctx->cont = 1;
-    ctx->finished = 0;
-    ctx->blockout = 0;
     ctx->sigio = 1;
+    ctx->md = EVP_MD_CTX_new();
+    if (ctx->md == NULL) {
+        OPENSSL_free(ctx);
+        return 0;
+    }
+    BIO_set_init(bi, 0);
+    BIO_set_data(bi, ctx);
 
-    EVP_MD_CTX_init(&ctx->md);
-
-    bi->init = 0;
-    bi->ptr = (char *)ctx;
-    bi->flags = 0;
-    return (1);
+    return 1;
 }
 
 static int ok_free(BIO *a)
 {
+    BIO_OK_CTX *ctx;
+
     if (a == NULL)
-        return (0);
-    EVP_MD_CTX_cleanup(&((BIO_OK_CTX *)a->ptr)->md);
-    OPENSSL_cleanse(a->ptr, sizeof(BIO_OK_CTX));
-    OPENSSL_free(a->ptr);
-    a->ptr = NULL;
-    a->init = 0;
-    a->flags = 0;
-    return (1);
+        return 0;
+
+    ctx = BIO_get_data(a);
+
+    EVP_MD_CTX_free(ctx->md);
+    OPENSSL_clear_free(ctx, sizeof(BIO_OK_CTX));
+    BIO_set_data(a, NULL);
+    BIO_set_init(a, 0);
+
+    return 1;
 }
 
 static int ok_read(BIO *b, char *out, int outl)
 {
     int ret = 0, i, n;
     BIO_OK_CTX *ctx;
+    BIO *next;
 
     if (out == NULL)
-        return (0);
-    ctx = (BIO_OK_CTX *)b->ptr;
+        return 0;
+
+    ctx = BIO_get_data(b);
+    next = BIO_next(b);
 
-    if ((ctx == NULL) || (b->next_bio == NULL) || (b->init == 0))
-        return (0);
+    if ((ctx == NULL) || (next == NULL) || (BIO_get_init(b) == 0))
+        return 0;
 
     while (outl > 0) {
 
@@ -261,7 +222,7 @@ static int ok_read(BIO *b, char *out, int outl)
 
         /* no clean bytes in buffer -- fill it */
         n = IOBS - ctx->buf_len;
-        i = BIO_read(b->next_bio, &(ctx->buf[ctx->buf_len]), n);
+        i = BIO_read(next, &(ctx->buf[ctx->buf_len]), n);
 
         if (i <= 0)
             break;              /* nothing new */
@@ -292,22 +253,24 @@ static int ok_read(BIO *b, char *out, int outl)
 
     BIO_clear_retry_flags(b);
     BIO_copy_next_retry(b);
-    return (ret);
+    return ret;
 }
 
 static int ok_write(BIO *b, const char *in, int inl)
 {
     int ret = 0, n, i;
     BIO_OK_CTX *ctx;
+    BIO *next;
 
     if (inl <= 0)
         return inl;
 
-    ctx = (BIO_OK_CTX *)b->ptr;
+    ctx = BIO_get_data(b);
+    next = BIO_next(b);
     ret = inl;
 
-    if ((ctx == NULL) || (b->next_bio == NULL) || (b->init == 0))
-        return (0);
+    if ((ctx == NULL) || (next == NULL) || (BIO_get_init(b) == 0))
+        return 0;
 
     if (ctx->sigio && !sig_out(b))
         return 0;
@@ -316,12 +279,12 @@ static int ok_write(BIO *b, const char *in, int inl)
         BIO_clear_retry_flags(b);
         n = ctx->buf_len - ctx->buf_off;
         while (ctx->blockout && n > 0) {
-            i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n);
+            i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n);
             if (i <= 0) {
                 BIO_copy_next_retry(b);
                 if (!BIO_should_retry(b))
                     ctx->cont = 0;
-                return (i);
+                return i;
             }
             ctx->buf_off += i;
             n -= i;
@@ -335,13 +298,12 @@ static int ok_write(BIO *b, const char *in, int inl)
         }
 
         if ((in == NULL) || (inl <= 0))
-            return (0);
+            return 0;
 
         n = (inl + ctx->buf_len > OK_BLOCK_SIZE + OK_BLOCK_BLOCK) ?
             (int)(OK_BLOCK_SIZE + OK_BLOCK_BLOCK - ctx->buf_len) : inl;
 
-        memcpy((unsigned char *)(&(ctx->buf[ctx->buf_len])),
-               (unsigned char *)in, n);
+        memcpy(&ctx->buf[ctx->buf_len], in, n);
         ctx->buf_len += n;
         inl -= n;
         in += n;
@@ -356,7 +318,7 @@ static int ok_write(BIO *b, const char *in, int inl)
 
     BIO_clear_retry_flags(b);
     BIO_copy_next_retry(b);
-    return (ret);
+    return ret;
 }
 
 static long ok_ctrl(BIO *b, int cmd, long num, void *ptr)
@@ -366,8 +328,10 @@ static long ok_ctrl(BIO *b, int cmd, long num, void *ptr)
     const EVP_MD **ppmd;
     long ret = 1;
     int i;
+    BIO *next;
 
-    ctx = b->ptr;
+    ctx = BIO_get_data(b);
+    next = BIO_next(b);
 
     switch (cmd) {
     case BIO_CTRL_RESET:
@@ -379,19 +343,19 @@ static long ok_ctrl(BIO *b, int cmd, long num, void *ptr)
         ctx->finished = 0;
         ctx->blockout = 0;
         ctx->sigio = 1;
-        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        ret = BIO_ctrl(next, cmd, num, ptr);
         break;
     case BIO_CTRL_EOF:         /* More to read */
         if (ctx->cont <= 0)
             ret = 1;
         else
-            ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+            ret = BIO_ctrl(next, cmd, num, ptr);
         break;
     case BIO_CTRL_PENDING:     /* More to read in buffer */
     case BIO_CTRL_WPENDING:    /* More to read in buffer */
         ret = ctx->blockout ? ctx->buf_len - ctx->buf_off : 0;
         if (ret <= 0)
-            ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+            ret = BIO_ctrl(next, cmd, num, ptr);
         break;
     case BIO_CTRL_FLUSH:
         /* do a final write */
@@ -412,11 +376,11 @@ static long ok_ctrl(BIO *b, int cmd, long num, void *ptr)
         ctx->cont = (int)ret;
 
         /* Finally flush the underlying BIO */
-        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        ret = BIO_ctrl(next, cmd, num, ptr);
         break;
     case BIO_C_DO_STATE_MACHINE:
         BIO_clear_retry_flags(b);
-        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        ret = BIO_ctrl(next, cmd, num, ptr);
         BIO_copy_next_retry(b);
         break;
     case BIO_CTRL_INFO:
@@ -424,36 +388,41 @@ static long ok_ctrl(BIO *b, int cmd, long num, void *ptr)
         break;
     case BIO_C_SET_MD:
         md = ptr;
-        if (!EVP_DigestInit_ex(&ctx->md, md, NULL))
+        if (!EVP_DigestInit_ex(ctx->md, md, NULL))
             return 0;
-        b->init = 1;
+        BIO_set_init(b, 1);
         break;
     case BIO_C_GET_MD:
-        if (b->init) {
+        if (BIO_get_init(b)) {
             ppmd = ptr;
-            *ppmd = ctx->md.digest;
+            *ppmd = EVP_MD_CTX_md(ctx->md);
         } else
             ret = 0;
         break;
     default:
-        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        ret = BIO_ctrl(next, cmd, num, ptr);
         break;
     }
-    return (ret);
+    return ret;
 }
 
-static long ok_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+static long ok_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
 {
     long ret = 1;
+    BIO *next;
+
+    next = BIO_next(b);
+
+    if (next == NULL)
+        return 0;
 
-    if (b->next_bio == NULL)
-        return (0);
     switch (cmd) {
     default:
-        ret = BIO_callback_ctrl(b->next_bio, cmd, fp);
+        ret = BIO_callback_ctrl(next, cmd, fp);
         break;
     }
-    return (ret);
+
+    return ret;
 }
 
 static void longswap(void *_ptr, size_t len)
@@ -480,30 +449,36 @@ static int sig_out(BIO *b)
 {
     BIO_OK_CTX *ctx;
     EVP_MD_CTX *md;
+    const EVP_MD *digest;
+    int md_size;
+    void *md_data;
 
-    ctx = b->ptr;
-    md = &ctx->md;
+    ctx = BIO_get_data(b);
+    md = ctx->md;
+    digest = EVP_MD_CTX_md(md);
+    md_size = EVP_MD_size(digest);
+    md_data = EVP_MD_CTX_md_data(md);
 
-    if (ctx->buf_len + 2 * md->digest->md_size > OK_BLOCK_SIZE)
+    if (ctx->buf_len + 2 * md_size > OK_BLOCK_SIZE)
         return 1;
 
-    if (!EVP_DigestInit_ex(md, md->digest, NULL))
+    if (!EVP_DigestInit_ex(md, digest, NULL))
         goto berr;
     /*
      * FIXME: there's absolutely no guarantee this makes any sense at all,
      * particularly now EVP_MD_CTX has been restructured.
      */
-    if (RAND_bytes(md->md_data, md->digest->md_size) <= 0)
+    if (RAND_bytes(md_data, md_size) <= 0)
         goto berr;
-    memcpy(&(ctx->buf[ctx->buf_len]), md->md_data, md->digest->md_size);
-    longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size);
-    ctx->buf_len += md->digest->md_size;
+    memcpy(&(ctx->buf[ctx->buf_len]), md_data, md_size);
+    longswap(&(ctx->buf[ctx->buf_len]), md_size);
+    ctx->buf_len += md_size;
 
     if (!EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN)))
         goto berr;
     if (!EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL))
         goto berr;
-    ctx->buf_len += md->digest->md_size;
+    ctx->buf_len += md_size;
     ctx->blockout = 1;
     ctx->sigio = 0;
     return 1;
@@ -518,25 +493,31 @@ static int sig_in(BIO *b)
     EVP_MD_CTX *md;
     unsigned char tmp[EVP_MAX_MD_SIZE];
     int ret = 0;
+    const EVP_MD *digest;
+    int md_size;
+    void *md_data;
 
-    ctx = b->ptr;
-    md = &ctx->md;
+    ctx = BIO_get_data(b);
+    md = ctx->md;
+    digest = EVP_MD_CTX_md(md);
+    md_size = EVP_MD_size(digest);
+    md_data = EVP_MD_CTX_md_data(md);
 
-    if ((int)(ctx->buf_len - ctx->buf_off) < 2 * md->digest->md_size)
+    if ((int)(ctx->buf_len - ctx->buf_off) < 2 * md_size)
         return 1;
 
-    if (!EVP_DigestInit_ex(md, md->digest, NULL))
+    if (!EVP_DigestInit_ex(md, digest, NULL))
         goto berr;
-    memcpy(md->md_data, &(ctx->buf[ctx->buf_off]), md->digest->md_size);
-    longswap(md->md_data, md->digest->md_size);
-    ctx->buf_off += md->digest->md_size;
+    memcpy(md_data, &(ctx->buf[ctx->buf_off]), md_size);
+    longswap(md_data, md_size);
+    ctx->buf_off += md_size;
 
     if (!EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN)))
         goto berr;
     if (!EVP_DigestFinal_ex(md, tmp, NULL))
         goto berr;
-    ret = memcmp(&(ctx->buf[ctx->buf_off]), tmp, md->digest->md_size) == 0;
-    ctx->buf_off += md->digest->md_size;
+    ret = memcmp(&(ctx->buf[ctx->buf_off]), tmp, md_size) == 0;
+    ctx->buf_off += md_size;
     if (ret == 1) {
         ctx->sigio = 0;
         if (ctx->buf_len != ctx->buf_off) {
@@ -559,9 +540,13 @@ static int block_out(BIO *b)
     BIO_OK_CTX *ctx;
     EVP_MD_CTX *md;
     unsigned long tl;
+    const EVP_MD *digest;
+    int md_size;
 
-    ctx = b->ptr;
-    md = &ctx->md;
+    ctx = BIO_get_data(b);
+    md = ctx->md;
+    digest = EVP_MD_CTX_md(md);
+    md_size = EVP_MD_size(digest);
 
     tl = ctx->buf_len - OK_BLOCK_BLOCK;
     ctx->buf[0] = (unsigned char)(tl >> 24);
@@ -573,7 +558,7 @@ static int block_out(BIO *b)
         goto berr;
     if (!EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL))
         goto berr;
-    ctx->buf_len += md->digest->md_size;
+    ctx->buf_len += md_size;
     ctx->blockout = 1;
     return 1;
  berr:
@@ -587,9 +572,11 @@ static int block_in(BIO *b)
     EVP_MD_CTX *md;
     unsigned long tl = 0;
     unsigned char tmp[EVP_MAX_MD_SIZE];
+    int md_size;
 
-    ctx = b->ptr;
-    md = &ctx->md;
+    ctx = BIO_get_data(b);
+    md = ctx->md;
+    md_size = EVP_MD_size(EVP_MD_CTX_md(md));
 
     assert(sizeof(tl) >= OK_BLOCK_BLOCK); /* always true */
     tl = ctx->buf[0];
@@ -600,7 +587,7 @@ static int block_in(BIO *b)
     tl <<= 8;
     tl |= ctx->buf[3];
 
-    if (ctx->buf_len < tl + OK_BLOCK_BLOCK + md->digest->md_size)
+    if (ctx->buf_len < tl + OK_BLOCK_BLOCK + md_size)
         return 1;
 
     if (!EVP_DigestUpdate(md,
@@ -608,10 +595,9 @@ static int block_in(BIO *b)
         goto berr;
     if (!EVP_DigestFinal_ex(md, tmp, NULL))
         goto berr;
-    if (memcmp(&(ctx->buf[tl + OK_BLOCK_BLOCK]), tmp, md->digest->md_size) ==
-        0) {
+    if (memcmp(&(ctx->buf[tl + OK_BLOCK_BLOCK]), tmp, md_size) == 0) {
         /* there might be parts from next block lurking around ! */
-        ctx->buf_off_save = tl + OK_BLOCK_BLOCK + md->digest->md_size;
+        ctx->buf_off_save = tl + OK_BLOCK_BLOCK + md_size;
         ctx->buf_len_save = ctx->buf_len;
         ctx->buf_off = OK_BLOCK_BLOCK;
         ctx->buf_len = tl + OK_BLOCK_BLOCK;
diff --git a/freebsd/crypto/openssl/crypto/evp/c_all.c b/freebsd/crypto/openssl/crypto/evp/c_all.c
deleted file mode 100644
index ff3e45d1..00000000
--- a/freebsd/crypto/openssl/crypto/evp/c_all.c
+++ /dev/null
@@ -1,87 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/evp/c_all.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
-#endif
-
-#if 0
-# undef OpenSSL_add_all_algorithms
-
-void OpenSSL_add_all_algorithms(void)
-{
-    OPENSSL_add_all_algorithms_noconf();
-}
-#endif
-
-void OPENSSL_add_all_algorithms_noconf(void)
-{
-    /*
-     * For the moment OPENSSL_cpuid_setup does something
-     * only on IA-32, but we reserve the option for all
-     * platforms...
-     */
-    OPENSSL_cpuid_setup();
-    OpenSSL_add_all_ciphers();
-    OpenSSL_add_all_digests();
-}
diff --git a/freebsd/crypto/openssl/crypto/evp/c_allc.c b/freebsd/crypto/openssl/crypto/evp/c_allc.c
index 1656e9fc..13494164 100644
--- a/freebsd/crypto/openssl/crypto/evp/c_allc.c
+++ b/freebsd/crypto/openssl/crypto/evp/c_allc.c
@@ -1,70 +1,22 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/evp/c_allc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/evp.h>
+#include "internal/evp_int.h"
 #include <openssl/pkcs12.h>
 #include <openssl/objects.h>
 
-void OpenSSL_add_all_ciphers(void)
+void openssl_add_all_ciphers_int(void)
 {
 
 #ifndef OPENSSL_NO_DES
@@ -94,8 +46,13 @@ void OpenSSL_add_all_ciphers(void)
 
     EVP_add_cipher(EVP_des_ecb());
     EVP_add_cipher(EVP_des_ede());
+    EVP_add_cipher_alias(SN_des_ede_ecb, "DES-EDE-ECB");
+    EVP_add_cipher_alias(SN_des_ede_ecb, "des-ede-ecb");
     EVP_add_cipher(EVP_des_ede3());
+    EVP_add_cipher_alias(SN_des_ede3_ecb, "DES-EDE3-ECB");
+    EVP_add_cipher_alias(SN_des_ede3_ecb, "des-ede3-ecb");
     EVP_add_cipher(EVP_des_ede3_wrap());
+    EVP_add_cipher_alias(SN_id_smime_alg_CMS3DESwrap, "des3-wrap");
 #endif
 
 #ifndef OPENSSL_NO_RC4
@@ -124,6 +81,16 @@ void OpenSSL_add_all_ciphers(void)
     EVP_add_cipher_alias(SN_seed_cbc, "seed");
 #endif
 
+#ifndef OPENSSL_NO_SM4
+    EVP_add_cipher(EVP_sm4_ecb());
+    EVP_add_cipher(EVP_sm4_cbc());
+    EVP_add_cipher(EVP_sm4_cfb());
+    EVP_add_cipher(EVP_sm4_ofb());
+    EVP_add_cipher(EVP_sm4_ctr());
+    EVP_add_cipher_alias(SN_sm4_cbc, "SM4");
+    EVP_add_cipher_alias(SN_sm4_cbc, "sm4");
+#endif
+
 #ifndef OPENSSL_NO_RC2
     EVP_add_cipher(EVP_rc2_ecb());
     EVP_add_cipher(EVP_rc2_cfb());
@@ -133,6 +100,9 @@ void OpenSSL_add_all_ciphers(void)
     EVP_add_cipher(EVP_rc2_64_cbc());
     EVP_add_cipher_alias(SN_rc2_cbc, "RC2");
     EVP_add_cipher_alias(SN_rc2_cbc, "rc2");
+    EVP_add_cipher_alias(SN_rc2_cbc, "rc2-128");
+    EVP_add_cipher_alias(SN_rc2_64_cbc, "rc2-64");
+    EVP_add_cipher_alias(SN_rc2_40_cbc, "rc2-40");
 #endif
 
 #ifndef OPENSSL_NO_BF
@@ -165,7 +135,6 @@ void OpenSSL_add_all_ciphers(void)
     EVP_add_cipher_alias(SN_rc5_cbc, "RC5");
 #endif
 
-#ifndef OPENSSL_NO_AES
     EVP_add_cipher(EVP_aes_128_ecb());
     EVP_add_cipher(EVP_aes_128_cbc());
     EVP_add_cipher(EVP_aes_128_cfb());
@@ -174,9 +143,14 @@ void OpenSSL_add_all_ciphers(void)
     EVP_add_cipher(EVP_aes_128_ofb());
     EVP_add_cipher(EVP_aes_128_ctr());
     EVP_add_cipher(EVP_aes_128_gcm());
+#ifndef OPENSSL_NO_OCB
+    EVP_add_cipher(EVP_aes_128_ocb());
+#endif
     EVP_add_cipher(EVP_aes_128_xts());
     EVP_add_cipher(EVP_aes_128_ccm());
     EVP_add_cipher(EVP_aes_128_wrap());
+    EVP_add_cipher_alias(SN_id_aes128_wrap, "aes128-wrap");
+    EVP_add_cipher(EVP_aes_128_wrap_pad());
     EVP_add_cipher_alias(SN_aes_128_cbc, "AES128");
     EVP_add_cipher_alias(SN_aes_128_cbc, "aes128");
     EVP_add_cipher(EVP_aes_192_ecb());
@@ -187,8 +161,13 @@ void OpenSSL_add_all_ciphers(void)
     EVP_add_cipher(EVP_aes_192_ofb());
     EVP_add_cipher(EVP_aes_192_ctr());
     EVP_add_cipher(EVP_aes_192_gcm());
+#ifndef OPENSSL_NO_OCB
+    EVP_add_cipher(EVP_aes_192_ocb());
+#endif
     EVP_add_cipher(EVP_aes_192_ccm());
     EVP_add_cipher(EVP_aes_192_wrap());
+    EVP_add_cipher_alias(SN_id_aes192_wrap, "aes192-wrap");
+    EVP_add_cipher(EVP_aes_192_wrap_pad());
     EVP_add_cipher_alias(SN_aes_192_cbc, "AES192");
     EVP_add_cipher_alias(SN_aes_192_cbc, "aes192");
     EVP_add_cipher(EVP_aes_256_ecb());
@@ -199,19 +178,55 @@ void OpenSSL_add_all_ciphers(void)
     EVP_add_cipher(EVP_aes_256_ofb());
     EVP_add_cipher(EVP_aes_256_ctr());
     EVP_add_cipher(EVP_aes_256_gcm());
+#ifndef OPENSSL_NO_OCB
+    EVP_add_cipher(EVP_aes_256_ocb());
+#endif
     EVP_add_cipher(EVP_aes_256_xts());
     EVP_add_cipher(EVP_aes_256_ccm());
     EVP_add_cipher(EVP_aes_256_wrap());
+    EVP_add_cipher_alias(SN_id_aes256_wrap, "aes256-wrap");
+    EVP_add_cipher(EVP_aes_256_wrap_pad());
     EVP_add_cipher_alias(SN_aes_256_cbc, "AES256");
     EVP_add_cipher_alias(SN_aes_256_cbc, "aes256");
-# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
     EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1());
     EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1());
-# endif
-# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256)
     EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256());
     EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256());
-# endif
+
+#ifndef OPENSSL_NO_ARIA
+    EVP_add_cipher(EVP_aria_128_ecb());
+    EVP_add_cipher(EVP_aria_128_cbc());
+    EVP_add_cipher(EVP_aria_128_cfb());
+    EVP_add_cipher(EVP_aria_128_cfb1());
+    EVP_add_cipher(EVP_aria_128_cfb8());
+    EVP_add_cipher(EVP_aria_128_ctr());
+    EVP_add_cipher(EVP_aria_128_ofb());
+    EVP_add_cipher(EVP_aria_128_gcm());
+    EVP_add_cipher(EVP_aria_128_ccm());
+    EVP_add_cipher_alias(SN_aria_128_cbc, "ARIA128");
+    EVP_add_cipher_alias(SN_aria_128_cbc, "aria128");
+    EVP_add_cipher(EVP_aria_192_ecb());
+    EVP_add_cipher(EVP_aria_192_cbc());
+    EVP_add_cipher(EVP_aria_192_cfb());
+    EVP_add_cipher(EVP_aria_192_cfb1());
+    EVP_add_cipher(EVP_aria_192_cfb8());
+    EVP_add_cipher(EVP_aria_192_ctr());
+    EVP_add_cipher(EVP_aria_192_ofb());
+    EVP_add_cipher(EVP_aria_192_gcm());
+    EVP_add_cipher(EVP_aria_192_ccm());
+    EVP_add_cipher_alias(SN_aria_192_cbc, "ARIA192");
+    EVP_add_cipher_alias(SN_aria_192_cbc, "aria192");
+    EVP_add_cipher(EVP_aria_256_ecb());
+    EVP_add_cipher(EVP_aria_256_cbc());
+    EVP_add_cipher(EVP_aria_256_cfb());
+    EVP_add_cipher(EVP_aria_256_cfb1());
+    EVP_add_cipher(EVP_aria_256_cfb8());
+    EVP_add_cipher(EVP_aria_256_ctr());
+    EVP_add_cipher(EVP_aria_256_ofb());
+    EVP_add_cipher(EVP_aria_256_gcm());
+    EVP_add_cipher(EVP_aria_256_ccm());
+    EVP_add_cipher_alias(SN_aria_256_cbc, "ARIA256");
+    EVP_add_cipher_alias(SN_aria_256_cbc, "aria256");
 #endif
 
 #ifndef OPENSSL_NO_CAMELLIA
@@ -239,5 +254,15 @@ void OpenSSL_add_all_ciphers(void)
     EVP_add_cipher(EVP_camellia_256_ofb());
     EVP_add_cipher_alias(SN_camellia_256_cbc, "CAMELLIA256");
     EVP_add_cipher_alias(SN_camellia_256_cbc, "camellia256");
+    EVP_add_cipher(EVP_camellia_128_ctr());
+    EVP_add_cipher(EVP_camellia_192_ctr());
+    EVP_add_cipher(EVP_camellia_256_ctr());
+#endif
+
+#ifndef OPENSSL_NO_CHACHA
+    EVP_add_cipher(EVP_chacha20());
+# ifndef OPENSSL_NO_POLY1305
+    EVP_add_cipher(EVP_chacha20_poly1305());
+# endif
 #endif
 }
diff --git a/freebsd/crypto/openssl/crypto/evp/c_alld.c b/freebsd/crypto/openssl/crypto/evp/c_alld.c
index f5cd22ba..dc9c95d5 100644
--- a/freebsd/crypto/openssl/crypto/evp/c_alld.c
+++ b/freebsd/crypto/openssl/crypto/evp/c_alld.c
@@ -1,116 +1,62 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/evp/c_alld.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/evp.h>
+#include "internal/evp_int.h"
 #include <openssl/pkcs12.h>
 #include <openssl/objects.h>
 
-void OpenSSL_add_all_digests(void)
+void openssl_add_all_digests_int(void)
 {
 #ifndef OPENSSL_NO_MD4
     EVP_add_digest(EVP_md4());
 #endif
 #ifndef OPENSSL_NO_MD5
     EVP_add_digest(EVP_md5());
-    EVP_add_digest_alias(SN_md5, "ssl2-md5");
     EVP_add_digest_alias(SN_md5, "ssl3-md5");
+    EVP_add_digest(EVP_md5_sha1());
 #endif
-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0)
-    EVP_add_digest(EVP_sha());
-# ifndef OPENSSL_NO_DSA
-    EVP_add_digest(EVP_dss());
-# endif
-#endif
-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
     EVP_add_digest(EVP_sha1());
     EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
     EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
-# ifndef OPENSSL_NO_DSA
-    EVP_add_digest(EVP_dss1());
-    EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2);
-    EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1");
-    EVP_add_digest_alias(SN_dsaWithSHA1, "dss1");
-# endif
-# ifndef OPENSSL_NO_ECDSA
-    EVP_add_digest(EVP_ecdsa());
-# endif
-#endif
 #if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES)
     EVP_add_digest(EVP_mdc2());
 #endif
-#ifndef OPENSSL_NO_RIPEMD
+#ifndef OPENSSL_NO_RMD160
     EVP_add_digest(EVP_ripemd160());
     EVP_add_digest_alias(SN_ripemd160, "ripemd");
     EVP_add_digest_alias(SN_ripemd160, "rmd160");
 #endif
-#ifndef OPENSSL_NO_SHA256
     EVP_add_digest(EVP_sha224());
     EVP_add_digest(EVP_sha256());
-#endif
-#ifndef OPENSSL_NO_SHA512
     EVP_add_digest(EVP_sha384());
     EVP_add_digest(EVP_sha512());
-#endif
+    EVP_add_digest(EVP_sha512_224());
+    EVP_add_digest(EVP_sha512_256());
 #ifndef OPENSSL_NO_WHIRLPOOL
     EVP_add_digest(EVP_whirlpool());
 #endif
+#ifndef OPENSSL_NO_SM3
+    EVP_add_digest(EVP_sm3());
+#endif
+#ifndef OPENSSL_NO_BLAKE2
+    EVP_add_digest(EVP_blake2b512());
+    EVP_add_digest(EVP_blake2s256());
+#endif
+    EVP_add_digest(EVP_sha3_224());
+    EVP_add_digest(EVP_sha3_256());
+    EVP_add_digest(EVP_sha3_384());
+    EVP_add_digest(EVP_sha3_512());
+    EVP_add_digest(EVP_shake128());
+    EVP_add_digest(EVP_shake256());
 }
diff --git a/freebsd/crypto/openssl/crypto/evp/cmeth_lib.c b/freebsd/crypto/openssl/crypto/evp/cmeth_lib.c
new file mode 100644
index 00000000..d4f023ed
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/evp/cmeth_lib.c
@@ -0,0 +1,153 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+
+#include <openssl/evp.h>
+#include "internal/evp_int.h"
+#include "evp_locl.h"
+
+EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len)
+{
+    EVP_CIPHER *cipher = OPENSSL_zalloc(sizeof(EVP_CIPHER));
+
+    if (cipher != NULL) {
+        cipher->nid = cipher_type;
+        cipher->block_size = block_size;
+        cipher->key_len = key_len;
+    }
+    return cipher;
+}
+
+EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher)
+{
+    EVP_CIPHER *to = EVP_CIPHER_meth_new(cipher->nid, cipher->block_size,
+                                         cipher->key_len);
+
+    if (to != NULL)
+        memcpy(to, cipher, sizeof(*to));
+    return to;
+}
+
+void EVP_CIPHER_meth_free(EVP_CIPHER *cipher)
+{
+    OPENSSL_free(cipher);
+}
+
+int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len)
+{
+    cipher->iv_len = iv_len;
+    return 1;
+}
+
+int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags)
+{
+    cipher->flags = flags;
+    return 1;
+}
+
+int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size)
+{
+    cipher->ctx_size = ctx_size;
+    return 1;
+}
+
+int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher,
+                             int (*init) (EVP_CIPHER_CTX *ctx,
+                                          const unsigned char *key,
+                                          const unsigned char *iv,
+                                          int enc))
+{
+    cipher->init = init;
+    return 1;
+}
+
+int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher,
+                                  int (*do_cipher) (EVP_CIPHER_CTX *ctx,
+                                                    unsigned char *out,
+                                                    const unsigned char *in,
+                                                    size_t inl))
+{
+    cipher->do_cipher = do_cipher;
+    return 1;
+}
+
+int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher,
+                                int (*cleanup) (EVP_CIPHER_CTX *))
+{
+    cipher->cleanup = cleanup;
+    return 1;
+}
+
+int EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher,
+                                        int (*set_asn1_parameters) (EVP_CIPHER_CTX *,
+                                                                    ASN1_TYPE *))
+{
+    cipher->set_asn1_parameters = set_asn1_parameters;
+    return 1;
+}
+
+int EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher,
+                                        int (*get_asn1_parameters) (EVP_CIPHER_CTX *,
+                                                                    ASN1_TYPE *))
+{
+    cipher->get_asn1_parameters = get_asn1_parameters;
+    return 1;
+}
+
+int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher,
+                             int (*ctrl) (EVP_CIPHER_CTX *, int type,
+                                          int arg, void *ptr))
+{
+    cipher->ctrl = ctrl;
+    return 1;
+}
+
+
+int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx,
+                                                          const unsigned char *key,
+                                                          const unsigned char *iv,
+                                                          int enc)
+{
+    return cipher->init;
+}
+int (*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx,
+                                                               unsigned char *out,
+                                                               const unsigned char *in,
+                                                               size_t inl)
+{
+    return cipher->do_cipher;
+}
+
+int (*EVP_CIPHER_meth_get_cleanup(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *)
+{
+    return cipher->cleanup;
+}
+
+int (*EVP_CIPHER_meth_get_set_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
+                                                                     ASN1_TYPE *)
+{
+    return cipher->set_asn1_parameters;
+}
+
+int (*EVP_CIPHER_meth_get_get_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
+                                                               ASN1_TYPE *)
+{
+    return cipher->get_asn1_parameters;
+}
+
+int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
+                                                          int type, int arg,
+                                                          void *ptr)
+{
+    return cipher->ctrl;
+}
+
diff --git a/freebsd/crypto/openssl/crypto/evp/digest.c b/freebsd/crypto/openssl/crypto/evp/digest.c
index e35855d9..9111c19a 100644
--- a/freebsd/crypto/openssl/crypto/evp/digest.c
+++ b/freebsd/crypto/openssl/crypto/evp/digest.c
@@ -1,175 +1,82 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/evp/digest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/objects.h>
 #include <openssl/evp.h>
+#include <openssl/engine.h>
+#include "internal/evp_int.h"
+#include "evp_locl.h"
+
+/* This call frees resources associated with the context */
+int EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
+{
+    if (ctx == NULL)
+        return 1;
+
+    /*
+     * Don't assume ctx->md_data was cleaned in EVP_Digest_Final, because
+     * sometimes only copies of the context are ever finalised.
+     */
+    if (ctx->digest && ctx->digest->cleanup
+        && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED))
+        ctx->digest->cleanup(ctx);
+    if (ctx->digest && ctx->digest->ctx_size && ctx->md_data
+        && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) {
+        OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
+    }
+    /*
+     * pctx should be freed by the user of EVP_MD_CTX
+     * if EVP_MD_CTX_FLAG_KEEP_PKEY_CTX is set
+     */
+    if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX))
+        EVP_PKEY_CTX_free(ctx->pctx);
 #ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
+    ENGINE_finish(ctx->engine);
 #endif
+    OPENSSL_cleanse(ctx, sizeof(*ctx));
 
-#ifdef OPENSSL_FIPS
-# include <openssl/fips.h>
-# include "evp_locl.h"
-#endif
+    return 1;
+}
 
-void EVP_MD_CTX_init(EVP_MD_CTX *ctx)
+EVP_MD_CTX *EVP_MD_CTX_new(void)
 {
-    memset(ctx, '\0', sizeof(*ctx));
+    return OPENSSL_zalloc(sizeof(EVP_MD_CTX));
 }
 
-EVP_MD_CTX *EVP_MD_CTX_create(void)
+void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
 {
-    EVP_MD_CTX *ctx = OPENSSL_malloc(sizeof(*ctx));
-
-    if (ctx)
-        EVP_MD_CTX_init(ctx);
-
-    return ctx;
+    EVP_MD_CTX_reset(ctx);
+    OPENSSL_free(ctx);
 }
 
 int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type)
 {
-    EVP_MD_CTX_init(ctx);
+    EVP_MD_CTX_reset(ctx);
     return EVP_DigestInit_ex(ctx, type, NULL);
 }
 
 int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
 {
     EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
-#ifdef OPENSSL_FIPS
-    /* If FIPS mode switch to approved implementation if possible */
-    if (FIPS_mode()) {
-        const EVP_MD *fipsmd;
-        if (type) {
-            fipsmd = evp_get_fips_md(type);
-            if (fipsmd)
-                type = fipsmd;
-        }
-    }
-#endif
 #ifndef OPENSSL_NO_ENGINE
     /*
      * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so
      * this context may already have an ENGINE! Try to avoid releasing the
      * previous handle, re-querying for an ENGINE, and having a
-     * reinitialisation, when it may all be unecessary.
+     * reinitialisation, when it may all be unnecessary.
      */
-    if (ctx->engine && ctx->digest && (!type ||
-                                       (type
-                                        && (type->type ==
-                                            ctx->digest->type))))
+    if (ctx->engine && ctx->digest &&
+        (type == NULL || (type->type == ctx->digest->type)))
         goto skip_to_init;
     if (type) {
         /*
@@ -177,21 +84,21 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
          * previous check attempted to avoid this if the same ENGINE and
          * EVP_MD could be used).
          */
-        if (ctx->engine)
-            ENGINE_finish(ctx->engine);
-        if (impl) {
+        ENGINE_finish(ctx->engine);
+        if (impl != NULL) {
             if (!ENGINE_init(impl)) {
                 EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR);
                 return 0;
             }
-        } else
+        } else {
             /* Ask if an ENGINE is reserved for this job */
             impl = ENGINE_get_digest_engine(type->type);
-        if (impl) {
+        }
+        if (impl != NULL) {
             /* There's an ENGINE for this job ... (apparently) */
             const EVP_MD *d = ENGINE_get_digest(impl, type->type);
-            if (!d) {
-                /* Same comment from evp_enc.c */
+
+            if (d == NULL) {
                 EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR);
                 ENGINE_finish(impl);
                 return 0;
@@ -215,13 +122,13 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
 #endif
     if (ctx->digest != type) {
         if (ctx->digest && ctx->digest->ctx_size) {
-            OPENSSL_free(ctx->md_data);
+            OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
             ctx->md_data = NULL;
         }
         ctx->digest = type;
         if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) {
             ctx->update = type->update;
-            ctx->md_data = OPENSSL_malloc(type->ctx_size);
+            ctx->md_data = OPENSSL_zalloc(type->ctx_size);
             if (ctx->md_data == NULL) {
                 EVPerr(EVP_F_EVP_DIGESTINIT_EX, ERR_R_MALLOC_FAILURE);
                 return 0;
@@ -240,24 +147,11 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
     }
     if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT)
         return 1;
-#ifdef OPENSSL_FIPS
-    if (FIPS_mode()) {
-        if (FIPS_digestinit(ctx, type))
-            return 1;
-        OPENSSL_free(ctx->md_data);
-        ctx->md_data = NULL;
-        return 0;
-    }
-#endif
     return ctx->digest->init(ctx);
 }
 
 int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
 {
-#ifdef OPENSSL_FIPS
-    if (FIPS_mode())
-        return FIPS_digestupdate(ctx, data, count);
-#endif
     return ctx->update(ctx, data, count);
 }
 
@@ -266,7 +160,7 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
 {
     int ret;
     ret = EVP_DigestFinal_ex(ctx, md, size);
-    EVP_MD_CTX_cleanup(ctx);
+    EVP_MD_CTX_reset(ctx);
     return ret;
 }
 
@@ -274,10 +168,6 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
 int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
 {
     int ret;
-#ifdef OPENSSL_FIPS
-    if (FIPS_mode())
-        return FIPS_digestfinal(ctx, md, size);
-#endif
 
     OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
     ret = ctx->digest->final(ctx, md);
@@ -291,9 +181,30 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
     return ret;
 }
 
+int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t size)
+{
+    int ret = 0;
+
+    if (ctx->digest->flags & EVP_MD_FLAG_XOF
+        && size <= INT_MAX
+        && ctx->digest->md_ctrl(ctx, EVP_MD_CTRL_XOF_LEN, (int)size, NULL)) {
+        ret = ctx->digest->final(ctx, md);
+
+        if (ctx->digest->cleanup != NULL) {
+            ctx->digest->cleanup(ctx);
+            EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
+        }
+        OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size);
+    } else {
+        EVPerr(EVP_F_EVP_DIGESTFINALXOF, EVP_R_NOT_XOF_OR_INVALID_LENGTH);
+    }
+
+    return ret;
+}
+
 int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
 {
-    EVP_MD_CTX_init(out);
+    EVP_MD_CTX_reset(out);
     return EVP_MD_CTX_copy_ex(out, in);
 }
 
@@ -317,15 +228,25 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
         EVP_MD_CTX_set_flags(out, EVP_MD_CTX_FLAG_REUSE);
     } else
         tmp_buf = NULL;
-    EVP_MD_CTX_cleanup(out);
+    EVP_MD_CTX_reset(out);
     memcpy(out, in, sizeof(*out));
 
+    /* copied EVP_MD_CTX should free the copied EVP_PKEY_CTX */
+    EVP_MD_CTX_clear_flags(out, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX);
+
+    /* Null these variables, since they are getting fixed up
+     * properly below.  Anything else may cause a memleak and/or
+     * double free if any of the memory allocations below fail
+     */
+    out->md_data = NULL;
+    out->pctx = NULL;
+
     if (in->md_data && out->digest->ctx_size) {
         if (tmp_buf)
             out->md_data = tmp_buf;
         else {
             out->md_data = OPENSSL_malloc(out->digest->ctx_size);
-            if (!out->md_data) {
+            if (out->md_data == NULL) {
                 EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, ERR_R_MALLOC_FAILURE);
                 return 0;
             }
@@ -338,7 +259,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
     if (in->pctx) {
         out->pctx = EVP_PKEY_CTX_dup(in->pctx);
         if (!out->pctx) {
-            EVP_MD_CTX_cleanup(out);
+            EVP_MD_CTX_reset(out);
             return 0;
         }
     }
@@ -353,58 +274,27 @@ int EVP_Digest(const void *data, size_t count,
                unsigned char *md, unsigned int *size, const EVP_MD *type,
                ENGINE *impl)
 {
-    EVP_MD_CTX ctx;
+    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
     int ret;
 
-    EVP_MD_CTX_init(&ctx);
-    EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_ONESHOT);
-    ret = EVP_DigestInit_ex(&ctx, type, impl)
-        && EVP_DigestUpdate(&ctx, data, count)
-        && EVP_DigestFinal_ex(&ctx, md, size);
-    EVP_MD_CTX_cleanup(&ctx);
+    if (ctx == NULL)
+        return 0;
+    EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_ONESHOT);
+    ret = EVP_DigestInit_ex(ctx, type, impl)
+        && EVP_DigestUpdate(ctx, data, count)
+        && EVP_DigestFinal_ex(ctx, md, size);
+    EVP_MD_CTX_free(ctx);
 
     return ret;
 }
 
-void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
-{
-    if (ctx) {
-        EVP_MD_CTX_cleanup(ctx);
-        OPENSSL_free(ctx);
-    }
-}
-
-/* This call frees resources associated with the context */
-int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
+int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2)
 {
-#ifndef OPENSSL_FIPS
-    /*
-     * Don't assume ctx->md_data was cleaned in EVP_Digest_Final, because
-     * sometimes only copies of the context are ever finalised.
-     */
-    if (ctx->digest && ctx->digest->cleanup
-        && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED))
-        ctx->digest->cleanup(ctx);
-    if (ctx->digest && ctx->digest->ctx_size && ctx->md_data
-        && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) {
-        OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size);
-        OPENSSL_free(ctx->md_data);
+    if (ctx->digest && ctx->digest->md_ctrl) {
+        int ret = ctx->digest->md_ctrl(ctx, cmd, p1, p2);
+        if (ret <= 0)
+            return 0;
+        return 1;
     }
-#endif
-    if (ctx->pctx)
-        EVP_PKEY_CTX_free(ctx->pctx);
-#ifndef OPENSSL_NO_ENGINE
-    if (ctx->engine)
-        /*
-         * The EVP_MD we used belongs to an ENGINE, release the functional
-         * reference we held for this reason.
-         */
-        ENGINE_finish(ctx->engine);
-#endif
-#ifdef OPENSSL_FIPS
-    FIPS_md_ctx_cleanup(ctx);
-#endif
-    memset(ctx, '\0', sizeof(*ctx));
-
-    return 1;
+    return 0;
 }
diff --git a/freebsd/crypto/openssl/crypto/evp/e_aes.c b/freebsd/crypto/openssl/crypto/evp/e_aes.c
index 187aaa14..7c2e780a 100644
--- a/freebsd/crypto/openssl/crypto/evp/e_aes.c
+++ b/freebsd/crypto/openssl/crypto/evp/e_aes.c
@@ -1,69 +1,25 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* ====================================================================
- * Copyright (c) 2001-2018 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+/*
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/opensslconf.h>
-#ifndef OPENSSL_NO_AES
 #include <openssl/crypto.h>
-# include <openssl/evp.h>
-# include <openssl/err.h>
-# include <string.h>
-# include <assert.h>
-# include <openssl/aes.h>
-# include "evp_locl.h"
-# include "modes_lcl.h"
-# include <openssl/rand.h>
-
-# undef EVP_CIPH_FLAG_FIPS
-# define EVP_CIPH_FLAG_FIPS 0
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <string.h>
+#include <assert.h>
+#include <openssl/aes.h>
+#include "internal/evp_int.h"
+#include "modes_lcl.h"
+#include <openssl/rand.h>
+#include "evp_locl.h"
 
 typedef struct {
     union {
@@ -115,13 +71,38 @@ typedef struct {
     int tag_set;                /* Set if tag is valid */
     int len_set;                /* Set if message length set */
     int L, M;                   /* L and M parameters from RFC3610 */
+    int tls_aad_len;            /* TLS AAD length */
     CCM128_CONTEXT ccm;
     ccm128_f str;
 } EVP_AES_CCM_CTX;
 
-# define MAXBITCHUNK     ((size_t)1<<(sizeof(size_t)*8-4))
+#ifndef OPENSSL_NO_OCB
+typedef struct {
+    union {
+        double align;
+        AES_KEY ks;
+    } ksenc;                    /* AES key schedule to use for encryption */
+    union {
+        double align;
+        AES_KEY ks;
+    } ksdec;                    /* AES key schedule to use for decryption */
+    int key_set;                /* Set if key initialised */
+    int iv_set;                 /* Set if an iv is set */
+    OCB128_CONTEXT ocb;
+    unsigned char *iv;          /* Temporary IV store */
+    unsigned char tag[16];
+    unsigned char data_buf[16]; /* Store partial data blocks */
+    unsigned char aad_buf[16];  /* Store partial AAD blocks */
+    int data_buf_len;
+    int aad_buf_len;
+    int ivlen;                  /* IV length */
+    int taglen;
+} EVP_AES_OCB_CTX;
+#endif
 
-# ifdef VPAES_ASM
+#define MAXBITCHUNK     ((size_t)1<<(sizeof(size_t)*8-4))
+
+#ifdef VPAES_ASM
 int vpaes_set_encrypt_key(const unsigned char *userKey, int bits,
                           AES_KEY *key);
 int vpaes_set_decrypt_key(const unsigned char *userKey, int bits,
@@ -136,8 +117,8 @@ void vpaes_cbc_encrypt(const unsigned char *in,
                        unsigned char *out,
                        size_t length,
                        const AES_KEY *key, unsigned char *ivec, int enc);
-# endif
-# ifdef BSAES_ASM
+#endif
+#ifdef BSAES_ASM
 void bsaes_cbc_encrypt(const unsigned char *in, unsigned char *out,
                        size_t length, const AES_KEY *key,
                        unsigned char ivec[16], int enc);
@@ -150,54 +131,71 @@ void bsaes_xts_encrypt(const unsigned char *inp, unsigned char *out,
 void bsaes_xts_decrypt(const unsigned char *inp, unsigned char *out,
                        size_t len, const AES_KEY *key1,
                        const AES_KEY *key2, const unsigned char iv[16]);
-# endif
-# ifdef AES_CTR_ASM
+#endif
+#ifdef AES_CTR_ASM
 void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out,
                        size_t blocks, const AES_KEY *key,
                        const unsigned char ivec[AES_BLOCK_SIZE]);
-# endif
-# ifdef AES_XTS_ASM
+#endif
+#ifdef AES_XTS_ASM
 void AES_xts_encrypt(const unsigned char *inp, unsigned char *out, size_t len,
                      const AES_KEY *key1, const AES_KEY *key2,
                      const unsigned char iv[16]);
 void AES_xts_decrypt(const unsigned char *inp, unsigned char *out, size_t len,
                      const AES_KEY *key1, const AES_KEY *key2,
                      const unsigned char iv[16]);
-# endif
+#endif
 
-# if     defined(OPENSSL_CPUID_OBJ) && (defined(__powerpc__) || defined(__ppc__) || defined(_ARCH_PPC))
-#  include "ppc_arch.h"
-#  ifdef VPAES_ASM
-#   define VPAES_CAPABLE (OPENSSL_ppccap_P & PPC_ALTIVEC)
-#  endif
-#  define HWAES_CAPABLE  (OPENSSL_ppccap_P & PPC_CRYPTO207)
-#  define HWAES_set_encrypt_key aes_p8_set_encrypt_key
-#  define HWAES_set_decrypt_key aes_p8_set_decrypt_key
-#  define HWAES_encrypt aes_p8_encrypt
-#  define HWAES_decrypt aes_p8_decrypt
-#  define HWAES_cbc_encrypt aes_p8_cbc_encrypt
-#  define HWAES_ctr32_encrypt_blocks aes_p8_ctr32_encrypt_blocks
+/* increment counter (64-bit int) by 1 */
+static void ctr64_inc(unsigned char *counter)
+{
+    int n = 8;
+    unsigned char c;
+
+    do {
+        --n;
+        c = counter[n];
+        ++c;
+        counter[n] = c;
+        if (c)
+            return;
+    } while (n);
+}
+
+#if defined(OPENSSL_CPUID_OBJ) && (defined(__powerpc__) || defined(__ppc__) || defined(_ARCH_PPC))
+# include "ppc_arch.h"
+# ifdef VPAES_ASM
+#  define VPAES_CAPABLE (OPENSSL_ppccap_P & PPC_ALTIVEC)
 # endif
+# define HWAES_CAPABLE  (OPENSSL_ppccap_P & PPC_CRYPTO207)
+# define HWAES_set_encrypt_key aes_p8_set_encrypt_key
+# define HWAES_set_decrypt_key aes_p8_set_decrypt_key
+# define HWAES_encrypt aes_p8_encrypt
+# define HWAES_decrypt aes_p8_decrypt
+# define HWAES_cbc_encrypt aes_p8_cbc_encrypt
+# define HWAES_ctr32_encrypt_blocks aes_p8_ctr32_encrypt_blocks
+# define HWAES_xts_encrypt aes_p8_xts_encrypt
+# define HWAES_xts_decrypt aes_p8_xts_decrypt
+#endif
 
-# if     defined(AES_ASM) && !defined(I386_ONLY) &&      (  \
+#if     defined(AES_ASM) && !defined(I386_ONLY) &&      (  \
         ((defined(__i386)       || defined(__i386__)    || \
           defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2))|| \
         defined(__x86_64)       || defined(__x86_64__)  || \
-        defined(_M_AMD64)       || defined(_M_X64)      || \
-        defined(__INTEL__)                              )
+        defined(_M_AMD64)       || defined(_M_X64)      )
 
 extern unsigned int OPENSSL_ia32cap_P[];
 
-#  ifdef VPAES_ASM
-#   define VPAES_CAPABLE   (OPENSSL_ia32cap_P[1]&(1<<(41-32)))
-#  endif
-#  ifdef BSAES_ASM
-#   define BSAES_CAPABLE   (OPENSSL_ia32cap_P[1]&(1<<(41-32)))
-#  endif
+# ifdef VPAES_ASM
+#  define VPAES_CAPABLE   (OPENSSL_ia32cap_P[1]&(1<<(41-32)))
+# endif
+# ifdef BSAES_ASM
+#  define BSAES_CAPABLE   (OPENSSL_ia32cap_P[1]&(1<<(41-32)))
+# endif
 /*
  * AES-NI section
  */
-#  define AESNI_CAPABLE   (OPENSSL_ia32cap_P[1]&(1<<(57-32)))
+# define AESNI_CAPABLE   (OPENSSL_ia32cap_P[1]&(1<<(57-32)))
 
 int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
                           AES_KEY *key);
@@ -248,41 +246,43 @@ void aesni_ccm64_decrypt_blocks(const unsigned char *in,
                                 const unsigned char ivec[16],
                                 unsigned char cmac[16]);
 
-#  if defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)
+# if defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)
 size_t aesni_gcm_encrypt(const unsigned char *in,
                          unsigned char *out,
                          size_t len,
                          const void *key, unsigned char ivec[16], u64 *Xi);
-#   define AES_gcm_encrypt aesni_gcm_encrypt
+#  define AES_gcm_encrypt aesni_gcm_encrypt
 size_t aesni_gcm_decrypt(const unsigned char *in,
                          unsigned char *out,
                          size_t len,
                          const void *key, unsigned char ivec[16], u64 *Xi);
-#   define AES_gcm_decrypt aesni_gcm_decrypt
+#  define AES_gcm_decrypt aesni_gcm_decrypt
 void gcm_ghash_avx(u64 Xi[2], const u128 Htable[16], const u8 *in,
                    size_t len);
-#   define AES_GCM_ASM(gctx)       (gctx->ctr==aesni_ctr32_encrypt_blocks && \
+#  define AES_GCM_ASM(gctx)       (gctx->ctr==aesni_ctr32_encrypt_blocks && \
                                  gctx->gcm.ghash==gcm_ghash_avx)
-#   define AES_GCM_ASM2(gctx)      (gctx->gcm.block==(block128_f)aesni_encrypt && \
+#  define AES_GCM_ASM2(gctx)      (gctx->gcm.block==(block128_f)aesni_encrypt && \
                                  gctx->gcm.ghash==gcm_ghash_avx)
-#   undef AES_GCM_ASM2          /* minor size optimization */
-#  endif
+#  undef AES_GCM_ASM2          /* minor size optimization */
+# endif
 
 static int aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                           const unsigned char *iv, int enc)
 {
     int ret, mode;
-    EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data;
+    EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
 
-    mode = ctx->cipher->flags & EVP_CIPH_MODE;
+    mode = EVP_CIPHER_CTX_mode(ctx);
     if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
         && !enc) {
-        ret = aesni_set_decrypt_key(key, ctx->key_len * 8, ctx->cipher_data);
+        ret = aesni_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                    &dat->ks.ks);
         dat->block = (block128_f) aesni_decrypt;
         dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
             (cbc128_f) aesni_cbc_encrypt : NULL;
     } else {
-        ret = aesni_set_encrypt_key(key, ctx->key_len * 8, ctx->cipher_data);
+        ret = aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                    &dat->ks.ks);
         dat->block = (block128_f) aesni_encrypt;
         if (mode == EVP_CIPH_CBC_MODE)
             dat->stream.cbc = (cbc128_f) aesni_cbc_encrypt;
@@ -303,7 +303,9 @@ static int aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 static int aesni_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                             const unsigned char *in, size_t len)
 {
-    aesni_cbc_encrypt(in, out, len, ctx->cipher_data, ctx->iv, ctx->encrypt);
+    aesni_cbc_encrypt(in, out, len, &EVP_C_DATA(EVP_AES_KEY,ctx)->ks.ks,
+                      EVP_CIPHER_CTX_iv_noconst(ctx),
+                      EVP_CIPHER_CTX_encrypting(ctx));
 
     return 1;
 }
@@ -311,44 +313,46 @@ static int aesni_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 static int aesni_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                             const unsigned char *in, size_t len)
 {
-    size_t bl = ctx->cipher->block_size;
+    size_t bl = EVP_CIPHER_CTX_block_size(ctx);
 
     if (len < bl)
         return 1;
 
-    aesni_ecb_encrypt(in, out, len, ctx->cipher_data, ctx->encrypt);
+    aesni_ecb_encrypt(in, out, len, &EVP_C_DATA(EVP_AES_KEY,ctx)->ks.ks,
+                      EVP_CIPHER_CTX_encrypting(ctx));
 
     return 1;
 }
 
-#  define aesni_ofb_cipher aes_ofb_cipher
+# define aesni_ofb_cipher aes_ofb_cipher
 static int aesni_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                             const unsigned char *in, size_t len);
 
-#  define aesni_cfb_cipher aes_cfb_cipher
+# define aesni_cfb_cipher aes_cfb_cipher
 static int aesni_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                             const unsigned char *in, size_t len);
 
-#  define aesni_cfb8_cipher aes_cfb8_cipher
+# define aesni_cfb8_cipher aes_cfb8_cipher
 static int aesni_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                              const unsigned char *in, size_t len);
 
-#  define aesni_cfb1_cipher aes_cfb1_cipher
+# define aesni_cfb1_cipher aes_cfb1_cipher
 static int aesni_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                              const unsigned char *in, size_t len);
 
-#  define aesni_ctr_cipher aes_ctr_cipher
+# define aesni_ctr_cipher aes_ctr_cipher
 static int aesni_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                             const unsigned char *in, size_t len);
 
 static int aesni_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                               const unsigned char *iv, int enc)
 {
-    EVP_AES_GCM_CTX *gctx = ctx->cipher_data;
+    EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx);
     if (!iv && !key)
         return 1;
     if (key) {
-        aesni_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
+        aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                              &gctx->ks.ks);
         CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f) aesni_encrypt);
         gctx->ctr = (ctr128_f) aesni_ctr32_encrypt_blocks;
         /*
@@ -373,31 +377,34 @@ static int aesni_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
     return 1;
 }
 
-#  define aesni_gcm_cipher aes_gcm_cipher
+# define aesni_gcm_cipher aes_gcm_cipher
 static int aesni_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                             const unsigned char *in, size_t len);
 
 static int aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                               const unsigned char *iv, int enc)
 {
-    EVP_AES_XTS_CTX *xctx = ctx->cipher_data;
+    EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx);
     if (!iv && !key)
         return 1;
 
     if (key) {
         /* key_len is two AES keys */
         if (enc) {
-            aesni_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
+            aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4,
+                                  &xctx->ks1.ks);
             xctx->xts.block1 = (block128_f) aesni_encrypt;
             xctx->stream = aesni_xts_encrypt;
         } else {
-            aesni_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
+            aesni_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4,
+                                  &xctx->ks1.ks);
             xctx->xts.block1 = (block128_f) aesni_decrypt;
             xctx->stream = aesni_xts_decrypt;
         }
 
-        aesni_set_encrypt_key(key + ctx->key_len / 2,
-                              ctx->key_len * 4, &xctx->ks2.ks);
+        aesni_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2,
+                              EVP_CIPHER_CTX_key_length(ctx) * 4,
+                              &xctx->ks2.ks);
         xctx->xts.block2 = (block128_f) aesni_encrypt;
 
         xctx->xts.key1 = &xctx->ks1;
@@ -405,24 +412,25 @@ static int aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 
     if (iv) {
         xctx->xts.key2 = &xctx->ks2;
-        memcpy(ctx->iv, iv, 16);
+        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 16);
     }
 
     return 1;
 }
 
-#  define aesni_xts_cipher aes_xts_cipher
+# define aesni_xts_cipher aes_xts_cipher
 static int aesni_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                             const unsigned char *in, size_t len);
 
 static int aesni_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                               const unsigned char *iv, int enc)
 {
-    EVP_AES_CCM_CTX *cctx = ctx->cipher_data;
+    EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx);
     if (!iv && !key)
         return 1;
     if (key) {
-        aesni_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks.ks);
+        aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                              &cctx->ks.ks);
         CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
                            &cctx->ks, (block128_f) aesni_encrypt);
         cctx->str = enc ? (ccm128_f) aesni_ccm64_encrypt_blocks :
@@ -430,17 +438,86 @@ static int aesni_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
         cctx->key_set = 1;
     }
     if (iv) {
-        memcpy(ctx->iv, iv, 15 - cctx->L);
+        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 15 - cctx->L);
         cctx->iv_set = 1;
     }
     return 1;
 }
 
-#  define aesni_ccm_cipher aes_ccm_cipher
+# define aesni_ccm_cipher aes_ccm_cipher
 static int aesni_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                             const unsigned char *in, size_t len);
 
-#  define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
+# ifndef OPENSSL_NO_OCB
+void aesni_ocb_encrypt(const unsigned char *in, unsigned char *out,
+                       size_t blocks, const void *key,
+                       size_t start_block_num,
+                       unsigned char offset_i[16],
+                       const unsigned char L_[][16],
+                       unsigned char checksum[16]);
+void aesni_ocb_decrypt(const unsigned char *in, unsigned char *out,
+                       size_t blocks, const void *key,
+                       size_t start_block_num,
+                       unsigned char offset_i[16],
+                       const unsigned char L_[][16],
+                       unsigned char checksum[16]);
+
+static int aesni_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                              const unsigned char *iv, int enc)
+{
+    EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,ctx);
+    if (!iv && !key)
+        return 1;
+    if (key) {
+        do {
+            /*
+             * We set both the encrypt and decrypt key here because decrypt
+             * needs both. We could possibly optimise to remove setting the
+             * decrypt for an encryption operation.
+             */
+            aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                  &octx->ksenc.ks);
+            aesni_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                  &octx->ksdec.ks);
+            if (!CRYPTO_ocb128_init(&octx->ocb,
+                                    &octx->ksenc.ks, &octx->ksdec.ks,
+                                    (block128_f) aesni_encrypt,
+                                    (block128_f) aesni_decrypt,
+                                    enc ? aesni_ocb_encrypt
+                                        : aesni_ocb_decrypt))
+                return 0;
+        }
+        while (0);
+
+        /*
+         * If we have an iv we can set it directly, otherwise use saved IV.
+         */
+        if (iv == NULL && octx->iv_set)
+            iv = octx->iv;
+        if (iv) {
+            if (CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen)
+                != 1)
+                return 0;
+            octx->iv_set = 1;
+        }
+        octx->key_set = 1;
+    } else {
+        /* If key set use IV, otherwise copy */
+        if (octx->key_set)
+            CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen);
+        else
+            memcpy(octx->iv, iv, octx->ivlen);
+        octx->iv_set = 1;
+    }
+    return 1;
+}
+
+#  define aesni_ocb_cipher aes_ocb_cipher
+static int aesni_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                            const unsigned char *in, size_t len);
+# endif                        /* OPENSSL_NO_OCB */
+
+# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
 static const EVP_CIPHER aesni_##keylen##_##mode = { \
         nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
         flags|EVP_CIPH_##MODE##_MODE,   \
@@ -461,7 +538,7 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \
 const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
 { return AESNI_CAPABLE?&aesni_##keylen##_##mode:&aes_##keylen##_##mode; }
 
-#  define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \
+# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \
 static const EVP_CIPHER aesni_##keylen##_##mode = { \
         nid##_##keylen##_##mode,blocksize, \
         (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \
@@ -483,13 +560,24 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \
 const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
 { return AESNI_CAPABLE?&aesni_##keylen##_##mode:&aes_##keylen##_##mode; }
 
-# elif   defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))
+#elif   defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))
 
-#  include "sparc_arch.h"
+# include "sparc_arch.h"
 
 extern unsigned int OPENSSL_sparcv9cap_P[];
 
-#  define SPARC_AES_CAPABLE       (OPENSSL_sparcv9cap_P[1] & CFR_AES)
+/*
+ * Initial Fujitsu SPARC64 X support
+ */
+# define HWAES_CAPABLE           (OPENSSL_sparcv9cap_P[0] & SPARCV9_FJAESX)
+# define HWAES_set_encrypt_key aes_fx_set_encrypt_key
+# define HWAES_set_decrypt_key aes_fx_set_decrypt_key
+# define HWAES_encrypt aes_fx_encrypt
+# define HWAES_decrypt aes_fx_decrypt
+# define HWAES_cbc_encrypt aes_fx_cbc_encrypt
+# define HWAES_ctr32_encrypt_blocks aes_fx_ctr32_encrypt_blocks
+
+# define SPARC_AES_CAPABLE       (OPENSSL_sparcv9cap_P[1] & CFR_AES)
 
 void aes_t4_set_encrypt_key(const unsigned char *key, int bits, AES_KEY *ks);
 void aes_t4_set_decrypt_key(const unsigned char *key, int bits, AES_KEY *ks);
@@ -506,7 +594,7 @@ void aes_t4_decrypt(const unsigned char *in, unsigned char *out,
  * non-key-length specific routines would require conditional branches
  * either in inner loops or on subroutines' entries. Former is hardly
  * acceptable, while latter means code size increase to size occupied
- * by multiple key-length specfic subroutines, so why fight?
+ * by multiple key-length specific subroutines, so why fight?
  */
 void aes128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
                            size_t len, const AES_KEY *key,
@@ -552,14 +640,14 @@ static int aes_t4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                            const unsigned char *iv, int enc)
 {
     int ret, mode, bits;
-    EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data;
+    EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
 
-    mode = ctx->cipher->flags & EVP_CIPH_MODE;
-    bits = ctx->key_len * 8;
+    mode = EVP_CIPHER_CTX_mode(ctx);
+    bits = EVP_CIPHER_CTX_key_length(ctx) * 8;
     if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
         && !enc) {
         ret = 0;
-        aes_t4_set_decrypt_key(key, bits, ctx->cipher_data);
+        aes_t4_set_decrypt_key(key, bits, &dat->ks.ks);
         dat->block = (block128_f) aes_t4_decrypt;
         switch (bits) {
         case 128:
@@ -579,7 +667,7 @@ static int aes_t4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
         }
     } else {
         ret = 0;
-        aes_t4_set_encrypt_key(key, bits, ctx->cipher_data);
+        aes_t4_set_encrypt_key(key, bits, &dat->ks.ks);
         dat->block = (block128_f) aes_t4_encrypt;
         switch (bits) {
         case 128:
@@ -619,42 +707,42 @@ static int aes_t4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
     return 1;
 }
 
-#  define aes_t4_cbc_cipher aes_cbc_cipher
+# define aes_t4_cbc_cipher aes_cbc_cipher
 static int aes_t4_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                              const unsigned char *in, size_t len);
 
-#  define aes_t4_ecb_cipher aes_ecb_cipher
+# define aes_t4_ecb_cipher aes_ecb_cipher
 static int aes_t4_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                              const unsigned char *in, size_t len);
 
-#  define aes_t4_ofb_cipher aes_ofb_cipher
+# define aes_t4_ofb_cipher aes_ofb_cipher
 static int aes_t4_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                              const unsigned char *in, size_t len);
 
-#  define aes_t4_cfb_cipher aes_cfb_cipher
+# define aes_t4_cfb_cipher aes_cfb_cipher
 static int aes_t4_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                              const unsigned char *in, size_t len);
 
-#  define aes_t4_cfb8_cipher aes_cfb8_cipher
+# define aes_t4_cfb8_cipher aes_cfb8_cipher
 static int aes_t4_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                               const unsigned char *in, size_t len);
 
-#  define aes_t4_cfb1_cipher aes_cfb1_cipher
+# define aes_t4_cfb1_cipher aes_cfb1_cipher
 static int aes_t4_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                               const unsigned char *in, size_t len);
 
-#  define aes_t4_ctr_cipher aes_ctr_cipher
+# define aes_t4_ctr_cipher aes_ctr_cipher
 static int aes_t4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                              const unsigned char *in, size_t len);
 
 static int aes_t4_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                                const unsigned char *iv, int enc)
 {
-    EVP_AES_GCM_CTX *gctx = ctx->cipher_data;
+    EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx);
     if (!iv && !key)
         return 1;
     if (key) {
-        int bits = ctx->key_len * 8;
+        int bits = EVP_CIPHER_CTX_key_length(ctx) * 8;
         aes_t4_set_encrypt_key(key, bits, &gctx->ks.ks);
         CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
                            (block128_f) aes_t4_encrypt);
@@ -693,19 +781,19 @@ static int aes_t4_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
     return 1;
 }
 
-#  define aes_t4_gcm_cipher aes_gcm_cipher
+# define aes_t4_gcm_cipher aes_gcm_cipher
 static int aes_t4_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                              const unsigned char *in, size_t len);
 
 static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                                const unsigned char *iv, int enc)
 {
-    EVP_AES_XTS_CTX *xctx = ctx->cipher_data;
+    EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx);
     if (!iv && !key)
         return 1;
 
     if (key) {
-        int bits = ctx->key_len * 4;
+        int bits = EVP_CIPHER_CTX_key_length(ctx) * 4;
         xctx->stream = NULL;
         /* key_len is two AES keys */
         if (enc) {
@@ -715,11 +803,6 @@ static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
             case 128:
                 xctx->stream = aes128_t4_xts_encrypt;
                 break;
-#  if 0                         /* not yet */
-            case 192:
-                xctx->stream = aes192_t4_xts_encrypt;
-                break;
-#  endif
             case 256:
                 xctx->stream = aes256_t4_xts_encrypt;
                 break;
@@ -727,17 +810,13 @@ static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                 return 0;
             }
         } else {
-            aes_t4_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
+            aes_t4_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4,
+                                   &xctx->ks1.ks);
             xctx->xts.block1 = (block128_f) aes_t4_decrypt;
             switch (bits) {
             case 128:
                 xctx->stream = aes128_t4_xts_decrypt;
                 break;
-#  if 0                         /* not yet */
-            case 192:
-                xctx->stream = aes192_t4_xts_decrypt;
-                break;
-#  endif
             case 256:
                 xctx->stream = aes256_t4_xts_decrypt;
                 break;
@@ -746,8 +825,9 @@ static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
             }
         }
 
-        aes_t4_set_encrypt_key(key + ctx->key_len / 2,
-                               ctx->key_len * 4, &xctx->ks2.ks);
+        aes_t4_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2,
+                               EVP_CIPHER_CTX_key_length(ctx) * 4,
+                               &xctx->ks2.ks);
         xctx->xts.block2 = (block128_f) aes_t4_encrypt;
 
         xctx->xts.key1 = &xctx->ks1;
@@ -755,61 +835,97 @@ static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 
     if (iv) {
         xctx->xts.key2 = &xctx->ks2;
-        memcpy(ctx->iv, iv, 16);
+        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 16);
     }
 
     return 1;
 }
 
-#  define aes_t4_xts_cipher aes_xts_cipher
+# define aes_t4_xts_cipher aes_xts_cipher
 static int aes_t4_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                              const unsigned char *in, size_t len);
 
 static int aes_t4_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                                const unsigned char *iv, int enc)
 {
-    EVP_AES_CCM_CTX *cctx = ctx->cipher_data;
+    EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx);
     if (!iv && !key)
         return 1;
     if (key) {
-        int bits = ctx->key_len * 8;
+        int bits = EVP_CIPHER_CTX_key_length(ctx) * 8;
         aes_t4_set_encrypt_key(key, bits, &cctx->ks.ks);
         CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
                            &cctx->ks, (block128_f) aes_t4_encrypt);
-#  if 0                         /* not yet */
-        switch (bits) {
-        case 128:
-            cctx->str = enc ? (ccm128_f) aes128_t4_ccm64_encrypt :
-                (ccm128_f) ae128_t4_ccm64_decrypt;
-            break;
-        case 192:
-            cctx->str = enc ? (ccm128_f) aes192_t4_ccm64_encrypt :
-                (ccm128_f) ae192_t4_ccm64_decrypt;
-            break;
-        case 256:
-            cctx->str = enc ? (ccm128_f) aes256_t4_ccm64_encrypt :
-                (ccm128_f) ae256_t4_ccm64_decrypt;
-            break;
-        default:
-            return 0;
-        }
-#  else
         cctx->str = NULL;
-#  endif
         cctx->key_set = 1;
     }
     if (iv) {
-        memcpy(ctx->iv, iv, 15 - cctx->L);
+        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 15 - cctx->L);
         cctx->iv_set = 1;
     }
     return 1;
 }
 
-#  define aes_t4_ccm_cipher aes_ccm_cipher
+# define aes_t4_ccm_cipher aes_ccm_cipher
 static int aes_t4_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                              const unsigned char *in, size_t len);
 
-#  define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
+# ifndef OPENSSL_NO_OCB
+static int aes_t4_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                               const unsigned char *iv, int enc)
+{
+    EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,ctx);
+    if (!iv && !key)
+        return 1;
+    if (key) {
+        do {
+            /*
+             * We set both the encrypt and decrypt key here because decrypt
+             * needs both. We could possibly optimise to remove setting the
+             * decrypt for an encryption operation.
+             */
+            aes_t4_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                   &octx->ksenc.ks);
+            aes_t4_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                   &octx->ksdec.ks);
+            if (!CRYPTO_ocb128_init(&octx->ocb,
+                                    &octx->ksenc.ks, &octx->ksdec.ks,
+                                    (block128_f) aes_t4_encrypt,
+                                    (block128_f) aes_t4_decrypt,
+                                    NULL))
+                return 0;
+        }
+        while (0);
+
+        /*
+         * If we have an iv we can set it directly, otherwise use saved IV.
+         */
+        if (iv == NULL && octx->iv_set)
+            iv = octx->iv;
+        if (iv) {
+            if (CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen)
+                != 1)
+                return 0;
+            octx->iv_set = 1;
+        }
+        octx->key_set = 1;
+    } else {
+        /* If key set use IV, otherwise copy */
+        if (octx->key_set)
+            CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen);
+        else
+            memcpy(octx->iv, iv, octx->ivlen);
+        octx->iv_set = 1;
+    }
+    return 1;
+}
+
+#  define aes_t4_ocb_cipher aes_ocb_cipher
+static int aes_t4_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                             const unsigned char *in, size_t len);
+# endif                        /* OPENSSL_NO_OCB */
+
+# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
 static const EVP_CIPHER aes_t4_##keylen##_##mode = { \
         nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
         flags|EVP_CIPH_##MODE##_MODE,   \
@@ -830,7 +946,7 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \
 const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
 { return SPARC_AES_CAPABLE?&aes_t4_##keylen##_##mode:&aes_##keylen##_##mode; }
 
-#  define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \
+# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \
 static const EVP_CIPHER aes_t4_##keylen##_##mode = { \
         nid##_##keylen##_##mode,blocksize, \
         (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \
@@ -852,9 +968,1524 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \
 const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
 { return SPARC_AES_CAPABLE?&aes_t4_##keylen##_##mode:&aes_##keylen##_##mode; }
 
-# else
+#elif defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
+/*
+ * IBM S390X support
+ */
+# include "s390x_arch.h"
+
+typedef struct {
+    union {
+        double align;
+        /*-
+         * KM-AES parameter block - begin
+         * (see z/Architecture Principles of Operation >= SA22-7832-06)
+         */
+        struct {
+            unsigned char k[32];
+        } param;
+        /* KM-AES parameter block - end */
+    } km;
+    unsigned int fc;
+} S390X_AES_ECB_CTX;
+
+typedef struct {
+    union {
+        double align;
+        /*-
+         * KMO-AES parameter block - begin
+         * (see z/Architecture Principles of Operation >= SA22-7832-08)
+         */
+        struct {
+            unsigned char cv[16];
+            unsigned char k[32];
+        } param;
+        /* KMO-AES parameter block - end */
+    } kmo;
+    unsigned int fc;
+
+    int res;
+} S390X_AES_OFB_CTX;
+
+typedef struct {
+    union {
+        double align;
+        /*-
+         * KMF-AES parameter block - begin
+         * (see z/Architecture Principles of Operation >= SA22-7832-08)
+         */
+        struct {
+            unsigned char cv[16];
+            unsigned char k[32];
+        } param;
+        /* KMF-AES parameter block - end */
+    } kmf;
+    unsigned int fc;
+
+    int res;
+} S390X_AES_CFB_CTX;
+
+typedef struct {
+    union {
+        double align;
+        /*-
+         * KMA-GCM-AES parameter block - begin
+         * (see z/Architecture Principles of Operation >= SA22-7832-11)
+         */
+        struct {
+            unsigned char reserved[12];
+            union {
+                unsigned int w;
+                unsigned char b[4];
+            } cv;
+            union {
+                unsigned long long g[2];
+                unsigned char b[16];
+            } t;
+            unsigned char h[16];
+            unsigned long long taadl;
+            unsigned long long tpcl;
+            union {
+                unsigned long long g[2];
+                unsigned int w[4];
+            } j0;
+            unsigned char k[32];
+        } param;
+        /* KMA-GCM-AES parameter block - end */
+    } kma;
+    unsigned int fc;
+    int key_set;
+
+    unsigned char *iv;
+    int ivlen;
+    int iv_set;
+    int iv_gen;
+
+    int taglen;
+
+    unsigned char ares[16];
+    unsigned char mres[16];
+    unsigned char kres[16];
+    int areslen;
+    int mreslen;
+    int kreslen;
+
+    int tls_aad_len;
+} S390X_AES_GCM_CTX;
+
+typedef struct {
+    union {
+        double align;
+        /*-
+         * Padding is chosen so that ccm.kmac_param.k overlaps with key.k and
+         * ccm.fc with key.k.rounds. Remember that on s390x, an AES_KEY's
+         * rounds field is used to store the function code and that the key
+         * schedule is not stored (if aes hardware support is detected).
+         */
+        struct {
+            unsigned char pad[16];
+            AES_KEY k;
+        } key;
+
+        struct {
+            /*-
+             * KMAC-AES parameter block - begin
+             * (see z/Architecture Principles of Operation >= SA22-7832-08)
+             */
+            struct {
+                union {
+                    unsigned long long g[2];
+                    unsigned char b[16];
+                } icv;
+                unsigned char k[32];
+            } kmac_param;
+            /* KMAC-AES paramater block - end */
+
+            union {
+                unsigned long long g[2];
+                unsigned char b[16];
+            } nonce;
+            union {
+                unsigned long long g[2];
+                unsigned char b[16];
+            } buf;
+
+            unsigned long long blocks;
+            int l;
+            int m;
+            int tls_aad_len;
+            int iv_set;
+            int tag_set;
+            int len_set;
+            int key_set;
+
+            unsigned char pad[140];
+            unsigned int fc;
+        } ccm;
+    } aes;
+} S390X_AES_CCM_CTX;
+
+/* Convert key size to function code: [16,24,32] -> [18,19,20]. */
+# define S390X_AES_FC(keylen)  (S390X_AES_128 + ((((keylen) << 3) - 128) >> 6))
+
+/* Most modes of operation need km for partial block processing. */
+# define S390X_aes_128_CAPABLE (OPENSSL_s390xcap_P.km[0] &	\
+                                S390X_CAPBIT(S390X_AES_128))
+# define S390X_aes_192_CAPABLE (OPENSSL_s390xcap_P.km[0] &	\
+                                S390X_CAPBIT(S390X_AES_192))
+# define S390X_aes_256_CAPABLE (OPENSSL_s390xcap_P.km[0] &	\
+                                S390X_CAPBIT(S390X_AES_256))
+
+# define s390x_aes_init_key aes_init_key
+static int s390x_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                              const unsigned char *iv, int enc);
+
+# define S390X_aes_128_cbc_CAPABLE	1	/* checked by callee */
+# define S390X_aes_192_cbc_CAPABLE	1
+# define S390X_aes_256_cbc_CAPABLE	1
+# define S390X_AES_CBC_CTX		EVP_AES_KEY
+
+# define s390x_aes_cbc_init_key aes_init_key
+
+# define s390x_aes_cbc_cipher aes_cbc_cipher
+static int s390x_aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t len);
+
+# define S390X_aes_128_ecb_CAPABLE	S390X_aes_128_CAPABLE
+# define S390X_aes_192_ecb_CAPABLE	S390X_aes_192_CAPABLE
+# define S390X_aes_256_ecb_CAPABLE	S390X_aes_256_CAPABLE
+
+static int s390x_aes_ecb_init_key(EVP_CIPHER_CTX *ctx,
+                                  const unsigned char *key,
+                                  const unsigned char *iv, int enc)
+{
+    S390X_AES_ECB_CTX *cctx = EVP_C_DATA(S390X_AES_ECB_CTX, ctx);
+    const int keylen = EVP_CIPHER_CTX_key_length(ctx);
+
+    cctx->fc = S390X_AES_FC(keylen);
+    if (!enc)
+        cctx->fc |= S390X_DECRYPT;
+
+    memcpy(cctx->km.param.k, key, keylen);
+    return 1;
+}
+
+static int s390x_aes_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t len)
+{
+    S390X_AES_ECB_CTX *cctx = EVP_C_DATA(S390X_AES_ECB_CTX, ctx);
+
+    s390x_km(in, len, out, cctx->fc, &cctx->km.param);
+    return 1;
+}
+
+# define S390X_aes_128_ofb_CAPABLE (S390X_aes_128_CAPABLE &&		\
+                                    (OPENSSL_s390xcap_P.kmo[0] &	\
+                                     S390X_CAPBIT(S390X_AES_128)))
+# define S390X_aes_192_ofb_CAPABLE (S390X_aes_192_CAPABLE &&		\
+                                    (OPENSSL_s390xcap_P.kmo[0] &	\
+                                     S390X_CAPBIT(S390X_AES_192)))
+# define S390X_aes_256_ofb_CAPABLE (S390X_aes_256_CAPABLE &&		\
+                                    (OPENSSL_s390xcap_P.kmo[0] &	\
+                                     S390X_CAPBIT(S390X_AES_256)))
+
+static int s390x_aes_ofb_init_key(EVP_CIPHER_CTX *ctx,
+                                  const unsigned char *key,
+                                  const unsigned char *ivec, int enc)
+{
+    S390X_AES_OFB_CTX *cctx = EVP_C_DATA(S390X_AES_OFB_CTX, ctx);
+    const unsigned char *iv = EVP_CIPHER_CTX_original_iv(ctx);
+    const int keylen = EVP_CIPHER_CTX_key_length(ctx);
+    const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
+
+    memcpy(cctx->kmo.param.cv, iv, ivlen);
+    memcpy(cctx->kmo.param.k, key, keylen);
+    cctx->fc = S390X_AES_FC(keylen);
+    cctx->res = 0;
+    return 1;
+}
+
+static int s390x_aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t len)
+{
+    S390X_AES_OFB_CTX *cctx = EVP_C_DATA(S390X_AES_OFB_CTX, ctx);
+    int n = cctx->res;
+    int rem;
+
+    while (n && len) {
+        *out = *in ^ cctx->kmo.param.cv[n];
+        n = (n + 1) & 0xf;
+        --len;
+        ++in;
+        ++out;
+    }
+
+    rem = len & 0xf;
+
+    len &= ~(size_t)0xf;
+    if (len) {
+        s390x_kmo(in, len, out, cctx->fc, &cctx->kmo.param);
+
+        out += len;
+        in += len;
+    }
+
+    if (rem) {
+        s390x_km(cctx->kmo.param.cv, 16, cctx->kmo.param.cv, cctx->fc,
+                 cctx->kmo.param.k);
+
+        while (rem--) {
+            out[n] = in[n] ^ cctx->kmo.param.cv[n];
+            ++n;
+        }
+    }
+
+    cctx->res = n;
+    return 1;
+}
+
+# define S390X_aes_128_cfb_CAPABLE (S390X_aes_128_CAPABLE &&		\
+                                    (OPENSSL_s390xcap_P.kmf[0] &	\
+                                     S390X_CAPBIT(S390X_AES_128)))
+# define S390X_aes_192_cfb_CAPABLE (S390X_aes_192_CAPABLE &&		\
+                                    (OPENSSL_s390xcap_P.kmf[0] &	\
+                                     S390X_CAPBIT(S390X_AES_192)))
+# define S390X_aes_256_cfb_CAPABLE (S390X_aes_256_CAPABLE &&		\
+                                    (OPENSSL_s390xcap_P.kmf[0] &	\
+                                     S390X_CAPBIT(S390X_AES_256)))
+
+static int s390x_aes_cfb_init_key(EVP_CIPHER_CTX *ctx,
+                                  const unsigned char *key,
+                                  const unsigned char *ivec, int enc)
+{
+    S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);
+    const unsigned char *iv = EVP_CIPHER_CTX_original_iv(ctx);
+    const int keylen = EVP_CIPHER_CTX_key_length(ctx);
+    const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
+
+    cctx->fc = S390X_AES_FC(keylen);
+    cctx->fc |= 16 << 24;   /* 16 bytes cipher feedback */
+    if (!enc)
+        cctx->fc |= S390X_DECRYPT;
+
+    cctx->res = 0;
+    memcpy(cctx->kmf.param.cv, iv, ivlen);
+    memcpy(cctx->kmf.param.k, key, keylen);
+    return 1;
+}
+
+static int s390x_aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t len)
+{
+    S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);
+    const int keylen = EVP_CIPHER_CTX_key_length(ctx);
+    const int enc = EVP_CIPHER_CTX_encrypting(ctx);
+    int n = cctx->res;
+    int rem;
+    unsigned char tmp;
+
+    while (n && len) {
+        tmp = *in;
+        *out = cctx->kmf.param.cv[n] ^ tmp;
+        cctx->kmf.param.cv[n] = enc ? *out : tmp;
+        n = (n + 1) & 0xf;
+        --len;
+        ++in;
+        ++out;
+    }
+
+    rem = len & 0xf;
+
+    len &= ~(size_t)0xf;
+    if (len) {
+        s390x_kmf(in, len, out, cctx->fc, &cctx->kmf.param);
+
+        out += len;
+        in += len;
+    }
+
+    if (rem) {
+        s390x_km(cctx->kmf.param.cv, 16, cctx->kmf.param.cv,
+                 S390X_AES_FC(keylen), cctx->kmf.param.k);
+
+        while (rem--) {
+            tmp = in[n];
+            out[n] = cctx->kmf.param.cv[n] ^ tmp;
+            cctx->kmf.param.cv[n] = enc ? out[n] : tmp;
+            ++n;
+        }
+    }
+
+    cctx->res = n;
+    return 1;
+}
+
+# define S390X_aes_128_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] &	\
+                                     S390X_CAPBIT(S390X_AES_128))
+# define S390X_aes_192_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] &	\
+                                     S390X_CAPBIT(S390X_AES_192))
+# define S390X_aes_256_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] &	\
+                                     S390X_CAPBIT(S390X_AES_256))
+
+static int s390x_aes_cfb8_init_key(EVP_CIPHER_CTX *ctx,
+                                   const unsigned char *key,
+                                   const unsigned char *ivec, int enc)
+{
+    S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);
+    const unsigned char *iv = EVP_CIPHER_CTX_original_iv(ctx);
+    const int keylen = EVP_CIPHER_CTX_key_length(ctx);
+    const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
+
+    cctx->fc = S390X_AES_FC(keylen);
+    cctx->fc |= 1 << 24;   /* 1 byte cipher feedback */
+    if (!enc)
+        cctx->fc |= S390X_DECRYPT;
+
+    memcpy(cctx->kmf.param.cv, iv, ivlen);
+    memcpy(cctx->kmf.param.k, key, keylen);
+    return 1;
+}
+
+static int s390x_aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                 const unsigned char *in, size_t len)
+{
+    S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);
+
+    s390x_kmf(in, len, out, cctx->fc, &cctx->kmf.param);
+    return 1;
+}
+
+# define S390X_aes_128_cfb1_CAPABLE	0
+# define S390X_aes_192_cfb1_CAPABLE	0
+# define S390X_aes_256_cfb1_CAPABLE	0
+
+# define s390x_aes_cfb1_init_key aes_init_key
+
+# define s390x_aes_cfb1_cipher aes_cfb1_cipher
+static int s390x_aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                 const unsigned char *in, size_t len);
+
+# define S390X_aes_128_ctr_CAPABLE	1	/* checked by callee */
+# define S390X_aes_192_ctr_CAPABLE	1
+# define S390X_aes_256_ctr_CAPABLE	1
+# define S390X_AES_CTR_CTX		EVP_AES_KEY
+
+# define s390x_aes_ctr_init_key aes_init_key
+
+# define s390x_aes_ctr_cipher aes_ctr_cipher
+static int s390x_aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t len);
+
+# define S390X_aes_128_gcm_CAPABLE (S390X_aes_128_CAPABLE &&		\
+                                    (OPENSSL_s390xcap_P.kma[0] &	\
+                                     S390X_CAPBIT(S390X_AES_128)))
+# define S390X_aes_192_gcm_CAPABLE (S390X_aes_192_CAPABLE &&		\
+                                    (OPENSSL_s390xcap_P.kma[0] &	\
+                                     S390X_CAPBIT(S390X_AES_192)))
+# define S390X_aes_256_gcm_CAPABLE (S390X_aes_256_CAPABLE &&		\
+                                    (OPENSSL_s390xcap_P.kma[0] &	\
+                                     S390X_CAPBIT(S390X_AES_256)))
+
+/* iv + padding length for iv lenghts != 12 */
+# define S390X_gcm_ivpadlen(i)	((((i) + 15) >> 4 << 4) + 16)
+
+/*-
+ * Process additional authenticated data. Returns 0 on success. Code is
+ * big-endian.
+ */
+static int s390x_aes_gcm_aad(S390X_AES_GCM_CTX *ctx, const unsigned char *aad,
+                             size_t len)
+{
+    unsigned long long alen;
+    int n, rem;
+
+    if (ctx->kma.param.tpcl)
+        return -2;
+
+    alen = ctx->kma.param.taadl + len;
+    if (alen > (U64(1) << 61) || (sizeof(len) == 8 && alen < len))
+        return -1;
+    ctx->kma.param.taadl = alen;
+
+    n = ctx->areslen;
+    if (n) {
+        while (n && len) {
+            ctx->ares[n] = *aad;
+            n = (n + 1) & 0xf;
+            ++aad;
+            --len;
+        }
+        /* ctx->ares contains a complete block if offset has wrapped around */
+        if (!n) {
+            s390x_kma(ctx->ares, 16, NULL, 0, NULL, ctx->fc, &ctx->kma.param);
+            ctx->fc |= S390X_KMA_HS;
+        }
+        ctx->areslen = n;
+    }
+
+    rem = len & 0xf;
+
+    len &= ~(size_t)0xf;
+    if (len) {
+        s390x_kma(aad, len, NULL, 0, NULL, ctx->fc, &ctx->kma.param);
+        aad += len;
+        ctx->fc |= S390X_KMA_HS;
+    }
+
+    if (rem) {
+        ctx->areslen = rem;
+
+        do {
+            --rem;
+            ctx->ares[rem] = aad[rem];
+        } while (rem);
+    }
+    return 0;
+}
 
-#  define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
+/*-
+ * En/de-crypt plain/cipher-text and authenticate ciphertext. Returns 0 for
+ * success. Code is big-endian.
+ */
+static int s390x_aes_gcm(S390X_AES_GCM_CTX *ctx, const unsigned char *in,
+                         unsigned char *out, size_t len)
+{
+    const unsigned char *inptr;
+    unsigned long long mlen;
+    union {
+        unsigned int w[4];
+        unsigned char b[16];
+    } buf;
+    size_t inlen;
+    int n, rem, i;
+
+    mlen = ctx->kma.param.tpcl + len;
+    if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len))
+        return -1;
+    ctx->kma.param.tpcl = mlen;
+
+    n = ctx->mreslen;
+    if (n) {
+        inptr = in;
+        inlen = len;
+        while (n && inlen) {
+            ctx->mres[n] = *inptr;
+            n = (n + 1) & 0xf;
+            ++inptr;
+            --inlen;
+        }
+        /* ctx->mres contains a complete block if offset has wrapped around */
+        if (!n) {
+            s390x_kma(ctx->ares, ctx->areslen, ctx->mres, 16, buf.b,
+                      ctx->fc | S390X_KMA_LAAD, &ctx->kma.param);
+            ctx->fc |= S390X_KMA_HS;
+            ctx->areslen = 0;
+
+            /* previous call already encrypted/decrypted its remainder,
+             * see comment below */
+            n = ctx->mreslen;
+            while (n) {
+                *out = buf.b[n];
+                n = (n + 1) & 0xf;
+                ++out;
+                ++in;
+                --len;
+            }
+            ctx->mreslen = 0;
+        }
+    }
+
+    rem = len & 0xf;
+
+    len &= ~(size_t)0xf;
+    if (len) {
+        s390x_kma(ctx->ares, ctx->areslen, in, len, out,
+                  ctx->fc | S390X_KMA_LAAD, &ctx->kma.param);
+        in += len;
+        out += len;
+        ctx->fc |= S390X_KMA_HS;
+        ctx->areslen = 0;
+    }
+
+    /*-
+     * If there is a remainder, it has to be saved such that it can be
+     * processed by kma later. However, we also have to do the for-now
+     * unauthenticated encryption/decryption part here and now...
+     */
+    if (rem) {
+        if (!ctx->mreslen) {
+            buf.w[0] = ctx->kma.param.j0.w[0];
+            buf.w[1] = ctx->kma.param.j0.w[1];
+            buf.w[2] = ctx->kma.param.j0.w[2];
+            buf.w[3] = ctx->kma.param.cv.w + 1;
+            s390x_km(buf.b, 16, ctx->kres, ctx->fc & 0x1f, &ctx->kma.param.k);
+        }
+
+        n = ctx->mreslen;
+        for (i = 0; i < rem; i++) {
+            ctx->mres[n + i] = in[i];
+            out[i] = in[i] ^ ctx->kres[n + i];
+        }
+
+        ctx->mreslen += rem;
+    }
+    return 0;
+}
+
+/*-
+ * Initialize context structure. Code is big-endian.
+ */
+static void s390x_aes_gcm_setiv(S390X_AES_GCM_CTX *ctx,
+                                const unsigned char *iv)
+{
+    ctx->kma.param.t.g[0] = 0;
+    ctx->kma.param.t.g[1] = 0;
+    ctx->kma.param.tpcl = 0;
+    ctx->kma.param.taadl = 0;
+    ctx->mreslen = 0;
+    ctx->areslen = 0;
+    ctx->kreslen = 0;
+
+    if (ctx->ivlen == 12) {
+        memcpy(&ctx->kma.param.j0, iv, ctx->ivlen);
+        ctx->kma.param.j0.w[3] = 1;
+        ctx->kma.param.cv.w = 1;
+    } else {
+        /* ctx->iv has the right size and is already padded. */
+        memcpy(ctx->iv, iv, ctx->ivlen);
+        s390x_kma(ctx->iv, S390X_gcm_ivpadlen(ctx->ivlen), NULL, 0, NULL,
+                  ctx->fc, &ctx->kma.param);
+        ctx->fc |= S390X_KMA_HS;
+
+        ctx->kma.param.j0.g[0] = ctx->kma.param.t.g[0];
+        ctx->kma.param.j0.g[1] = ctx->kma.param.t.g[1];
+        ctx->kma.param.cv.w = ctx->kma.param.j0.w[3];
+        ctx->kma.param.t.g[0] = 0;
+        ctx->kma.param.t.g[1] = 0;
+    }
+}
+
+/*-
+ * Performs various operations on the context structure depending on control
+ * type. Returns 1 for success, 0 for failure and -1 for unknown control type.
+ * Code is big-endian.
+ */
+static int s390x_aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+{
+    S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, c);
+    S390X_AES_GCM_CTX *gctx_out;
+    EVP_CIPHER_CTX *out;
+    unsigned char *buf, *iv;
+    int ivlen, enc, len;
+
+    switch (type) {
+    case EVP_CTRL_INIT:
+        ivlen = EVP_CIPHER_CTX_iv_length(c);
+        iv = EVP_CIPHER_CTX_iv_noconst(c);
+        gctx->key_set = 0;
+        gctx->iv_set = 0;
+        gctx->ivlen = ivlen;
+        gctx->iv = iv;
+        gctx->taglen = -1;
+        gctx->iv_gen = 0;
+        gctx->tls_aad_len = -1;
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_IVLEN:
+        if (arg <= 0)
+            return 0;
+
+        if (arg != 12) {
+            iv = EVP_CIPHER_CTX_iv_noconst(c);
+            len = S390X_gcm_ivpadlen(arg);
+
+            /* Allocate memory for iv if needed. */
+            if (gctx->ivlen == 12 || len > S390X_gcm_ivpadlen(gctx->ivlen)) {
+                if (gctx->iv != iv)
+                    OPENSSL_free(gctx->iv);
+
+                if ((gctx->iv = OPENSSL_malloc(len)) == NULL) {
+                    EVPerr(EVP_F_S390X_AES_GCM_CTRL, ERR_R_MALLOC_FAILURE);
+                    return 0;
+                }
+            }
+            /* Add padding. */
+            memset(gctx->iv + arg, 0, len - arg - 8);
+            *((unsigned long long *)(gctx->iv + len - 8)) = arg << 3;
+        }
+        gctx->ivlen = arg;
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_TAG:
+        buf = EVP_CIPHER_CTX_buf_noconst(c);
+        enc = EVP_CIPHER_CTX_encrypting(c);
+        if (arg <= 0 || arg > 16 || enc)
+            return 0;
+
+        memcpy(buf, ptr, arg);
+        gctx->taglen = arg;
+        return 1;
+
+    case EVP_CTRL_AEAD_GET_TAG:
+        enc = EVP_CIPHER_CTX_encrypting(c);
+        if (arg <= 0 || arg > 16 || !enc || gctx->taglen < 0)
+            return 0;
+
+        memcpy(ptr, gctx->kma.param.t.b, arg);
+        return 1;
+
+    case EVP_CTRL_GCM_SET_IV_FIXED:
+        /* Special case: -1 length restores whole iv */
+        if (arg == -1) {
+            memcpy(gctx->iv, ptr, gctx->ivlen);
+            gctx->iv_gen = 1;
+            return 1;
+        }
+        /*
+         * Fixed field must be at least 4 bytes and invocation field at least
+         * 8.
+         */
+        if ((arg < 4) || (gctx->ivlen - arg) < 8)
+            return 0;
+
+        if (arg)
+            memcpy(gctx->iv, ptr, arg);
+
+        enc = EVP_CIPHER_CTX_encrypting(c);
+        if (enc && RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0)
+            return 0;
+
+        gctx->iv_gen = 1;
+        return 1;
+
+    case EVP_CTRL_GCM_IV_GEN:
+        if (gctx->iv_gen == 0 || gctx->key_set == 0)
+            return 0;
+
+        s390x_aes_gcm_setiv(gctx, gctx->iv);
+
+        if (arg <= 0 || arg > gctx->ivlen)
+            arg = gctx->ivlen;
+
+        memcpy(ptr, gctx->iv + gctx->ivlen - arg, arg);
+        /*
+         * Invocation field will be at least 8 bytes in size and so no need
+         * to check wrap around or increment more than last 8 bytes.
+         */
+        ctr64_inc(gctx->iv + gctx->ivlen - 8);
+        gctx->iv_set = 1;
+        return 1;
+
+    case EVP_CTRL_GCM_SET_IV_INV:
+        enc = EVP_CIPHER_CTX_encrypting(c);
+        if (gctx->iv_gen == 0 || gctx->key_set == 0 || enc)
+            return 0;
+
+        memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg);
+        s390x_aes_gcm_setiv(gctx, gctx->iv);
+        gctx->iv_set = 1;
+        return 1;
+
+    case EVP_CTRL_AEAD_TLS1_AAD:
+        /* Save the aad for later use. */
+        if (arg != EVP_AEAD_TLS1_AAD_LEN)
+            return 0;
+
+        buf = EVP_CIPHER_CTX_buf_noconst(c);
+        memcpy(buf, ptr, arg);
+        gctx->tls_aad_len = arg;
+
+        len = buf[arg - 2] << 8 | buf[arg - 1];
+        /* Correct length for explicit iv. */
+        if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN)
+            return 0;
+        len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
+
+        /* If decrypting correct for tag too. */
+        enc = EVP_CIPHER_CTX_encrypting(c);
+        if (!enc) {
+            if (len < EVP_GCM_TLS_TAG_LEN)
+                return 0;
+            len -= EVP_GCM_TLS_TAG_LEN;
+        }
+        buf[arg - 2] = len >> 8;
+        buf[arg - 1] = len & 0xff;
+        /* Extra padding: tag appended to record. */
+        return EVP_GCM_TLS_TAG_LEN;
+
+    case EVP_CTRL_COPY:
+        out = ptr;
+        gctx_out = EVP_C_DATA(S390X_AES_GCM_CTX, out);
+        iv = EVP_CIPHER_CTX_iv_noconst(c);
+
+        if (gctx->iv == iv) {
+            gctx_out->iv = EVP_CIPHER_CTX_iv_noconst(out);
+        } else {
+            len = S390X_gcm_ivpadlen(gctx->ivlen);
+
+            if ((gctx_out->iv = OPENSSL_malloc(len)) == NULL) {
+                EVPerr(EVP_F_S390X_AES_GCM_CTRL, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+
+            memcpy(gctx_out->iv, gctx->iv, len);
+        }
+        return 1;
+
+    default:
+        return -1;
+    }
+}
+
+/*-
+ * Set key and/or iv. Returns 1 on success. Otherwise 0 is returned.
+ */
+static int s390x_aes_gcm_init_key(EVP_CIPHER_CTX *ctx,
+                                  const unsigned char *key,
+                                  const unsigned char *iv, int enc)
+{
+    S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, ctx);
+    int keylen;
+
+    if (iv == NULL && key == NULL)
+        return 1;
+
+    if (key != NULL) {
+        keylen = EVP_CIPHER_CTX_key_length(ctx);
+        memcpy(&gctx->kma.param.k, key, keylen);
+
+        gctx->fc = S390X_AES_FC(keylen);
+        if (!enc)
+            gctx->fc |= S390X_DECRYPT;
+
+        if (iv == NULL && gctx->iv_set)
+            iv = gctx->iv;
+
+        if (iv != NULL) {
+            s390x_aes_gcm_setiv(gctx, iv);
+            gctx->iv_set = 1;
+        }
+        gctx->key_set = 1;
+    } else {
+        if (gctx->key_set)
+            s390x_aes_gcm_setiv(gctx, iv);
+        else
+            memcpy(gctx->iv, iv, gctx->ivlen);
+
+        gctx->iv_set = 1;
+        gctx->iv_gen = 0;
+    }
+    return 1;
+}
+
+/*-
+ * En/de-crypt and authenticate TLS packet. Returns the number of bytes written
+ * if successful. Otherwise -1 is returned. Code is big-endian.
+ */
+static int s390x_aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                    const unsigned char *in, size_t len)
+{
+    S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, ctx);
+    const unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx);
+    const int enc = EVP_CIPHER_CTX_encrypting(ctx);
+    int rv = -1;
+
+    if (out != in || len < (EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN))
+        return -1;
+
+    if (EVP_CIPHER_CTX_ctrl(ctx, enc ? EVP_CTRL_GCM_IV_GEN
+                                     : EVP_CTRL_GCM_SET_IV_INV,
+                            EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0)
+        goto err;
+
+    in += EVP_GCM_TLS_EXPLICIT_IV_LEN;
+    out += EVP_GCM_TLS_EXPLICIT_IV_LEN;
+    len -= EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
+
+    gctx->kma.param.taadl = gctx->tls_aad_len << 3;
+    gctx->kma.param.tpcl = len << 3;
+    s390x_kma(buf, gctx->tls_aad_len, in, len, out,
+              gctx->fc | S390X_KMA_LAAD | S390X_KMA_LPC, &gctx->kma.param);
+
+    if (enc) {
+        memcpy(out + len, gctx->kma.param.t.b, EVP_GCM_TLS_TAG_LEN);
+        rv = len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
+    } else {
+        if (CRYPTO_memcmp(gctx->kma.param.t.b, in + len,
+                          EVP_GCM_TLS_TAG_LEN)) {
+            OPENSSL_cleanse(out, len);
+            goto err;
+        }
+        rv = len;
+    }
+err:
+    gctx->iv_set = 0;
+    gctx->tls_aad_len = -1;
+    return rv;
+}
+
+/*-
+ * Called from EVP layer to initialize context, process additional
+ * authenticated data, en/de-crypt plain/cipher-text and authenticate
+ * ciphertext or process a TLS packet, depending on context. Returns bytes
+ * written on success. Otherwise -1 is returned. Code is big-endian.
+ */
+static int s390x_aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t len)
+{
+    S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, ctx);
+    unsigned char *buf, tmp[16];
+    int enc;
+
+    if (!gctx->key_set)
+        return -1;
+
+    if (gctx->tls_aad_len >= 0)
+        return s390x_aes_gcm_tls_cipher(ctx, out, in, len);
+
+    if (!gctx->iv_set)
+        return -1;
+
+    if (in != NULL) {
+        if (out == NULL) {
+            if (s390x_aes_gcm_aad(gctx, in, len))
+                return -1;
+        } else {
+            if (s390x_aes_gcm(gctx, in, out, len))
+                return -1;
+        }
+        return len;
+    } else {
+        gctx->kma.param.taadl <<= 3;
+        gctx->kma.param.tpcl <<= 3;
+        s390x_kma(gctx->ares, gctx->areslen, gctx->mres, gctx->mreslen, tmp,
+                  gctx->fc | S390X_KMA_LAAD | S390X_KMA_LPC, &gctx->kma.param);
+        /* recall that we already did en-/decrypt gctx->mres
+         * and returned it to caller... */
+        OPENSSL_cleanse(tmp, gctx->mreslen);
+        gctx->iv_set = 0;
+
+        enc = EVP_CIPHER_CTX_encrypting(ctx);
+        if (enc) {
+            gctx->taglen = 16;
+        } else {
+            if (gctx->taglen < 0)
+                return -1;
+
+            buf = EVP_CIPHER_CTX_buf_noconst(ctx);
+            if (CRYPTO_memcmp(buf, gctx->kma.param.t.b, gctx->taglen))
+                return -1;
+        }
+        return 0;
+    }
+}
+
+static int s390x_aes_gcm_cleanup(EVP_CIPHER_CTX *c)
+{
+    S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, c);
+    const unsigned char *iv;
+
+    if (gctx == NULL)
+        return 0;
+
+    iv = EVP_CIPHER_CTX_iv(c);
+    if (iv != gctx->iv)
+        OPENSSL_free(gctx->iv);
+
+    OPENSSL_cleanse(gctx, sizeof(*gctx));
+    return 1;
+}
+
+# define S390X_AES_XTS_CTX		EVP_AES_XTS_CTX
+# define S390X_aes_128_xts_CAPABLE	1	/* checked by callee */
+# define S390X_aes_256_xts_CAPABLE	1
+
+# define s390x_aes_xts_init_key aes_xts_init_key
+static int s390x_aes_xts_init_key(EVP_CIPHER_CTX *ctx,
+                                  const unsigned char *key,
+                                  const unsigned char *iv, int enc);
+# define s390x_aes_xts_cipher aes_xts_cipher
+static int s390x_aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t len);
+# define s390x_aes_xts_ctrl aes_xts_ctrl
+static int s390x_aes_xts_ctrl(EVP_CIPHER_CTX *, int type, int arg, void *ptr);
+# define s390x_aes_xts_cleanup aes_xts_cleanup
+
+# define S390X_aes_128_ccm_CAPABLE (S390X_aes_128_CAPABLE &&		\
+                                    (OPENSSL_s390xcap_P.kmac[0] &	\
+                                     S390X_CAPBIT(S390X_AES_128)))
+# define S390X_aes_192_ccm_CAPABLE (S390X_aes_192_CAPABLE &&		\
+                                    (OPENSSL_s390xcap_P.kmac[0] &	\
+                                     S390X_CAPBIT(S390X_AES_192)))
+# define S390X_aes_256_ccm_CAPABLE (S390X_aes_256_CAPABLE &&		\
+                                    (OPENSSL_s390xcap_P.kmac[0] &	\
+                                     S390X_CAPBIT(S390X_AES_256)))
+
+# define S390X_CCM_AAD_FLAG	0x40
+
+/*-
+ * Set nonce and length fields. Code is big-endian.
+ */
+static inline void s390x_aes_ccm_setiv(S390X_AES_CCM_CTX *ctx,
+                                          const unsigned char *nonce,
+                                          size_t mlen)
+{
+    ctx->aes.ccm.nonce.b[0] &= ~S390X_CCM_AAD_FLAG;
+    ctx->aes.ccm.nonce.g[1] = mlen;
+    memcpy(ctx->aes.ccm.nonce.b + 1, nonce, 15 - ctx->aes.ccm.l);
+}
+
+/*-
+ * Process additional authenticated data. Code is big-endian.
+ */
+static void s390x_aes_ccm_aad(S390X_AES_CCM_CTX *ctx, const unsigned char *aad,
+                              size_t alen)
+{
+    unsigned char *ptr;
+    int i, rem;
+
+    if (!alen)
+        return;
+
+    ctx->aes.ccm.nonce.b[0] |= S390X_CCM_AAD_FLAG;
+
+    /* Suppress 'type-punned pointer dereference' warning. */
+    ptr = ctx->aes.ccm.buf.b;
+
+    if (alen < ((1 << 16) - (1 << 8))) {
+        *(uint16_t *)ptr = alen;
+        i = 2;
+    } else if (sizeof(alen) == 8
+               && alen >= (size_t)1 << (32 % (sizeof(alen) * 8))) {
+        *(uint16_t *)ptr = 0xffff;
+        *(uint64_t *)(ptr + 2) = alen;
+        i = 10;
+    } else {
+        *(uint16_t *)ptr = 0xfffe;
+        *(uint32_t *)(ptr + 2) = alen;
+        i = 6;
+    }
+
+    while (i < 16 && alen) {
+        ctx->aes.ccm.buf.b[i] = *aad;
+        ++aad;
+        --alen;
+        ++i;
+    }
+    while (i < 16) {
+        ctx->aes.ccm.buf.b[i] = 0;
+        ++i;
+    }
+
+    ctx->aes.ccm.kmac_param.icv.g[0] = 0;
+    ctx->aes.ccm.kmac_param.icv.g[1] = 0;
+    s390x_kmac(ctx->aes.ccm.nonce.b, 32, ctx->aes.ccm.fc,
+               &ctx->aes.ccm.kmac_param);
+    ctx->aes.ccm.blocks += 2;
+
+    rem = alen & 0xf;
+    alen &= ~(size_t)0xf;
+    if (alen) {
+        s390x_kmac(aad, alen, ctx->aes.ccm.fc, &ctx->aes.ccm.kmac_param);
+        ctx->aes.ccm.blocks += alen >> 4;
+        aad += alen;
+    }
+    if (rem) {
+        for (i = 0; i < rem; i++)
+            ctx->aes.ccm.kmac_param.icv.b[i] ^= aad[i];
+
+        s390x_km(ctx->aes.ccm.kmac_param.icv.b, 16,
+                 ctx->aes.ccm.kmac_param.icv.b, ctx->aes.ccm.fc,
+                 ctx->aes.ccm.kmac_param.k);
+        ctx->aes.ccm.blocks++;
+    }
+}
+
+/*-
+ * En/de-crypt plain/cipher-text. Compute tag from plaintext. Returns 0 for
+ * success.
+ */
+static int s390x_aes_ccm(S390X_AES_CCM_CTX *ctx, const unsigned char *in,
+                         unsigned char *out, size_t len, int enc)
+{
+    size_t n, rem;
+    unsigned int i, l, num;
+    unsigned char flags;
+
+    flags = ctx->aes.ccm.nonce.b[0];
+    if (!(flags & S390X_CCM_AAD_FLAG)) {
+        s390x_km(ctx->aes.ccm.nonce.b, 16, ctx->aes.ccm.kmac_param.icv.b,
+                 ctx->aes.ccm.fc, ctx->aes.ccm.kmac_param.k);
+        ctx->aes.ccm.blocks++;
+    }
+    l = flags & 0x7;
+    ctx->aes.ccm.nonce.b[0] = l;
+
+    /*-
+     * Reconstruct length from encoded length field
+     * and initialize it with counter value.
+     */
+    n = 0;
+    for (i = 15 - l; i < 15; i++) {
+        n |= ctx->aes.ccm.nonce.b[i];
+        ctx->aes.ccm.nonce.b[i] = 0;
+        n <<= 8;
+    }
+    n |= ctx->aes.ccm.nonce.b[15];
+    ctx->aes.ccm.nonce.b[15] = 1;
+
+    if (n != len)
+        return -1;		/* length mismatch */
+
+    if (enc) {
+        /* Two operations per block plus one for tag encryption */
+        ctx->aes.ccm.blocks += (((len + 15) >> 4) << 1) + 1;
+        if (ctx->aes.ccm.blocks > (1ULL << 61))
+            return -2;		/* too much data */
+    }
+
+    num = 0;
+    rem = len & 0xf;
+    len &= ~(size_t)0xf;
+
+    if (enc) {
+        /* mac-then-encrypt */
+        if (len)
+            s390x_kmac(in, len, ctx->aes.ccm.fc, &ctx->aes.ccm.kmac_param);
+        if (rem) {
+            for (i = 0; i < rem; i++)
+                ctx->aes.ccm.kmac_param.icv.b[i] ^= in[len + i];
+
+            s390x_km(ctx->aes.ccm.kmac_param.icv.b, 16,
+                     ctx->aes.ccm.kmac_param.icv.b, ctx->aes.ccm.fc,
+                     ctx->aes.ccm.kmac_param.k);
+        }
+
+        CRYPTO_ctr128_encrypt_ctr32(in, out, len + rem, &ctx->aes.key.k,
+                                    ctx->aes.ccm.nonce.b, ctx->aes.ccm.buf.b,
+                                    &num, (ctr128_f)AES_ctr32_encrypt);
+    } else {
+        /* decrypt-then-mac */
+        CRYPTO_ctr128_encrypt_ctr32(in, out, len + rem, &ctx->aes.key.k,
+                                    ctx->aes.ccm.nonce.b, ctx->aes.ccm.buf.b,
+                                    &num, (ctr128_f)AES_ctr32_encrypt);
+
+        if (len)
+            s390x_kmac(out, len, ctx->aes.ccm.fc, &ctx->aes.ccm.kmac_param);
+        if (rem) {
+            for (i = 0; i < rem; i++)
+                ctx->aes.ccm.kmac_param.icv.b[i] ^= out[len + i];
+
+            s390x_km(ctx->aes.ccm.kmac_param.icv.b, 16,
+                     ctx->aes.ccm.kmac_param.icv.b, ctx->aes.ccm.fc,
+                     ctx->aes.ccm.kmac_param.k);
+        }
+    }
+    /* encrypt tag */
+    for (i = 15 - l; i < 16; i++)
+        ctx->aes.ccm.nonce.b[i] = 0;
+
+    s390x_km(ctx->aes.ccm.nonce.b, 16, ctx->aes.ccm.buf.b, ctx->aes.ccm.fc,
+             ctx->aes.ccm.kmac_param.k);
+    ctx->aes.ccm.kmac_param.icv.g[0] ^= ctx->aes.ccm.buf.g[0];
+    ctx->aes.ccm.kmac_param.icv.g[1] ^= ctx->aes.ccm.buf.g[1];
+
+    ctx->aes.ccm.nonce.b[0] = flags;	/* restore flags field */
+    return 0;
+}
+
+/*-
+ * En/de-crypt and authenticate TLS packet. Returns the number of bytes written
+ * if successful. Otherwise -1 is returned.
+ */
+static int s390x_aes_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                    const unsigned char *in, size_t len)
+{
+    S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx);
+    unsigned char *ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
+    unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx);
+    const int enc = EVP_CIPHER_CTX_encrypting(ctx);
+
+    if (out != in
+            || len < (EVP_CCM_TLS_EXPLICIT_IV_LEN + (size_t)cctx->aes.ccm.m))
+        return -1;
+
+    if (enc) {
+        /* Set explicit iv (sequence number). */
+        memcpy(out, buf, EVP_CCM_TLS_EXPLICIT_IV_LEN);
+    }
+
+    len -= EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->aes.ccm.m;
+    /*-
+     * Get explicit iv (sequence number). We already have fixed iv
+     * (server/client_write_iv) here.
+     */
+    memcpy(ivec + EVP_CCM_TLS_FIXED_IV_LEN, in, EVP_CCM_TLS_EXPLICIT_IV_LEN);
+    s390x_aes_ccm_setiv(cctx, ivec, len);
+
+    /* Process aad (sequence number|type|version|length) */
+    s390x_aes_ccm_aad(cctx, buf, cctx->aes.ccm.tls_aad_len);
+
+    in += EVP_CCM_TLS_EXPLICIT_IV_LEN;
+    out += EVP_CCM_TLS_EXPLICIT_IV_LEN;
+
+    if (enc) {
+        if (s390x_aes_ccm(cctx, in, out, len, enc))
+            return -1;
+
+        memcpy(out + len, cctx->aes.ccm.kmac_param.icv.b, cctx->aes.ccm.m);
+        return len + EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->aes.ccm.m;
+    } else {
+        if (!s390x_aes_ccm(cctx, in, out, len, enc)) {
+            if (!CRYPTO_memcmp(cctx->aes.ccm.kmac_param.icv.b, in + len,
+                               cctx->aes.ccm.m))
+                return len;
+        }
+
+        OPENSSL_cleanse(out, len);
+        return -1;
+    }
+}
+
+/*-
+ * Set key and flag field and/or iv. Returns 1 if successful. Otherwise 0 is
+ * returned.
+ */
+static int s390x_aes_ccm_init_key(EVP_CIPHER_CTX *ctx,
+                                  const unsigned char *key,
+                                  const unsigned char *iv, int enc)
+{
+    S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx);
+    unsigned char *ivec;
+    int keylen;
+
+    if (iv == NULL && key == NULL)
+        return 1;
+
+    if (key != NULL) {
+        keylen = EVP_CIPHER_CTX_key_length(ctx);
+        cctx->aes.ccm.fc = S390X_AES_FC(keylen);
+        memcpy(cctx->aes.ccm.kmac_param.k, key, keylen);
+
+        /* Store encoded m and l. */
+        cctx->aes.ccm.nonce.b[0] = ((cctx->aes.ccm.l - 1) & 0x7)
+                                 | (((cctx->aes.ccm.m - 2) >> 1) & 0x7) << 3;
+        memset(cctx->aes.ccm.nonce.b + 1, 0,
+               sizeof(cctx->aes.ccm.nonce.b));
+        cctx->aes.ccm.blocks = 0;
+
+        cctx->aes.ccm.key_set = 1;
+    }
+
+    if (iv != NULL) {
+        ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
+        memcpy(ivec, iv, 15 - cctx->aes.ccm.l);
+
+        cctx->aes.ccm.iv_set = 1;
+    }
+
+    return 1;
+}
+
+/*-
+ * Called from EVP layer to initialize context, process additional
+ * authenticated data, en/de-crypt plain/cipher-text and authenticate
+ * plaintext or process a TLS packet, depending on context. Returns bytes
+ * written on success. Otherwise -1 is returned.
+ */
+static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t len)
+{
+    S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx);
+    const int enc = EVP_CIPHER_CTX_encrypting(ctx);
+    int rv;
+    unsigned char *buf, *ivec;
+
+    if (!cctx->aes.ccm.key_set)
+        return -1;
+
+    if (cctx->aes.ccm.tls_aad_len >= 0)
+        return s390x_aes_ccm_tls_cipher(ctx, out, in, len);
+
+    /*-
+     * Final(): Does not return any data. Recall that ccm is mac-then-encrypt
+     * so integrity must be checked already at Update() i.e., before
+     * potentially corrupted data is output.
+     */
+    if (in == NULL && out != NULL)
+        return 0;
+
+    if (!cctx->aes.ccm.iv_set)
+        return -1;
+
+    if (!enc && !cctx->aes.ccm.tag_set)
+        return -1;
+
+    if (out == NULL) {
+        /* Update(): Pass message length. */
+        if (in == NULL) {
+            ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
+            s390x_aes_ccm_setiv(cctx, ivec, len);
+
+            cctx->aes.ccm.len_set = 1;
+            return len;
+        }
+
+        /* Update(): Process aad. */
+        if (!cctx->aes.ccm.len_set && len)
+            return -1;
+
+        s390x_aes_ccm_aad(cctx, in, len);
+        return len;
+    }
+
+    /* Update(): Process message. */
+
+    if (!cctx->aes.ccm.len_set) {
+        /*-
+         * In case message length was not previously set explicitely via
+         * Update(), set it now.
+         */
+        ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
+        s390x_aes_ccm_setiv(cctx, ivec, len);
+
+        cctx->aes.ccm.len_set = 1;
+    }
+
+    if (enc) {
+        if (s390x_aes_ccm(cctx, in, out, len, enc))
+            return -1;
+
+        cctx->aes.ccm.tag_set = 1;
+        return len;
+    } else {
+        rv = -1;
+
+        if (!s390x_aes_ccm(cctx, in, out, len, enc)) {
+            buf = EVP_CIPHER_CTX_buf_noconst(ctx);
+            if (!CRYPTO_memcmp(cctx->aes.ccm.kmac_param.icv.b, buf,
+                               cctx->aes.ccm.m))
+                rv = len;
+        }
+
+        if (rv == -1)
+            OPENSSL_cleanse(out, len);
+
+        cctx->aes.ccm.iv_set = 0;
+        cctx->aes.ccm.tag_set = 0;
+        cctx->aes.ccm.len_set = 0;
+        return rv;
+    }
+}
+
+/*-
+ * Performs various operations on the context structure depending on control
+ * type. Returns 1 for success, 0 for failure and -1 for unknown control type.
+ * Code is big-endian.
+ */
+static int s390x_aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+{
+    S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, c);
+    unsigned char *buf, *iv;
+    int enc, len;
+
+    switch (type) {
+    case EVP_CTRL_INIT:
+        cctx->aes.ccm.key_set = 0;
+        cctx->aes.ccm.iv_set = 0;
+        cctx->aes.ccm.l = 8;
+        cctx->aes.ccm.m = 12;
+        cctx->aes.ccm.tag_set = 0;
+        cctx->aes.ccm.len_set = 0;
+        cctx->aes.ccm.tls_aad_len = -1;
+        return 1;
+
+    case EVP_CTRL_AEAD_TLS1_AAD:
+        if (arg != EVP_AEAD_TLS1_AAD_LEN)
+            return 0;
+
+        /* Save the aad for later use. */
+        buf = EVP_CIPHER_CTX_buf_noconst(c);
+        memcpy(buf, ptr, arg);
+        cctx->aes.ccm.tls_aad_len = arg;
+
+        len = buf[arg - 2] << 8 | buf[arg - 1];
+        if (len < EVP_CCM_TLS_EXPLICIT_IV_LEN)
+            return 0;
+
+        /* Correct length for explicit iv. */
+        len -= EVP_CCM_TLS_EXPLICIT_IV_LEN;
+
+        enc = EVP_CIPHER_CTX_encrypting(c);
+        if (!enc) {
+            if (len < cctx->aes.ccm.m)
+                return 0;
+
+            /* Correct length for tag. */
+            len -= cctx->aes.ccm.m;
+        }
+
+        buf[arg - 2] = len >> 8;
+        buf[arg - 1] = len & 0xff;
+
+        /* Extra padding: tag appended to record. */
+        return cctx->aes.ccm.m;
+
+    case EVP_CTRL_CCM_SET_IV_FIXED:
+        if (arg != EVP_CCM_TLS_FIXED_IV_LEN)
+            return 0;
+
+        /* Copy to first part of the iv. */
+        iv = EVP_CIPHER_CTX_iv_noconst(c);
+        memcpy(iv, ptr, arg);
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_IVLEN:
+        arg = 15 - arg;
+        /* fall-through */
+
+    case EVP_CTRL_CCM_SET_L:
+        if (arg < 2 || arg > 8)
+            return 0;
+
+        cctx->aes.ccm.l = arg;
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_TAG:
+        if ((arg & 1) || arg < 4 || arg > 16)
+            return 0;
+
+        enc = EVP_CIPHER_CTX_encrypting(c);
+        if (enc && ptr)
+            return 0;
+
+        if (ptr) {
+            cctx->aes.ccm.tag_set = 1;
+            buf = EVP_CIPHER_CTX_buf_noconst(c);
+            memcpy(buf, ptr, arg);
+        }
+
+        cctx->aes.ccm.m = arg;
+        return 1;
+
+    case EVP_CTRL_AEAD_GET_TAG:
+        enc = EVP_CIPHER_CTX_encrypting(c);
+        if (!enc || !cctx->aes.ccm.tag_set)
+            return 0;
+
+        if(arg < cctx->aes.ccm.m)
+            return 0;
+
+        memcpy(ptr, cctx->aes.ccm.kmac_param.icv.b, cctx->aes.ccm.m);
+        cctx->aes.ccm.tag_set = 0;
+        cctx->aes.ccm.iv_set = 0;
+        cctx->aes.ccm.len_set = 0;
+        return 1;
+
+    case EVP_CTRL_COPY:
+        return 1;
+
+    default:
+        return -1;
+    }
+}
+
+# define s390x_aes_ccm_cleanup aes_ccm_cleanup
+
+# ifndef OPENSSL_NO_OCB
+#  define S390X_AES_OCB_CTX		EVP_AES_OCB_CTX
+#  define S390X_aes_128_ocb_CAPABLE	0
+#  define S390X_aes_192_ocb_CAPABLE	0
+#  define S390X_aes_256_ocb_CAPABLE	0
+
+#  define s390x_aes_ocb_init_key aes_ocb_init_key
+static int s390x_aes_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                                  const unsigned char *iv, int enc);
+#  define s390x_aes_ocb_cipher aes_ocb_cipher
+static int s390x_aes_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t len);
+#  define s390x_aes_ocb_cleanup aes_ocb_cleanup
+static int s390x_aes_ocb_cleanup(EVP_CIPHER_CTX *);
+#  define s390x_aes_ocb_ctrl aes_ocb_ctrl
+static int s390x_aes_ocb_ctrl(EVP_CIPHER_CTX *, int type, int arg, void *ptr);
+# endif
+
+# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,	\
+                              MODE,flags)				\
+static const EVP_CIPHER s390x_aes_##keylen##_##mode = {			\
+    nid##_##keylen##_##nmode,blocksize,					\
+    keylen / 8,								\
+    ivlen,								\
+    flags | EVP_CIPH_##MODE##_MODE,					\
+    s390x_aes_##mode##_init_key,					\
+    s390x_aes_##mode##_cipher,						\
+    NULL,								\
+    sizeof(S390X_AES_##MODE##_CTX),					\
+    NULL,								\
+    NULL,								\
+    NULL,								\
+    NULL								\
+};									\
+static const EVP_CIPHER aes_##keylen##_##mode = {			\
+    nid##_##keylen##_##nmode,						\
+    blocksize,								\
+    keylen / 8,								\
+    ivlen,								\
+    flags | EVP_CIPH_##MODE##_MODE,					\
+    aes_init_key,							\
+    aes_##mode##_cipher,						\
+    NULL,								\
+    sizeof(EVP_AES_KEY),						\
+    NULL,								\
+    NULL,								\
+    NULL,								\
+    NULL								\
+};									\
+const EVP_CIPHER *EVP_aes_##keylen##_##mode(void)			\
+{									\
+    return S390X_aes_##keylen##_##mode##_CAPABLE ?			\
+           &s390x_aes_##keylen##_##mode : &aes_##keylen##_##mode;	\
+}
+
+# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags)\
+static const EVP_CIPHER s390x_aes_##keylen##_##mode = {			\
+    nid##_##keylen##_##mode,						\
+    blocksize,								\
+    (EVP_CIPH_##MODE##_MODE == EVP_CIPH_XTS_MODE ? 2 : 1) * keylen / 8,	\
+    ivlen,								\
+    flags | EVP_CIPH_##MODE##_MODE,					\
+    s390x_aes_##mode##_init_key,					\
+    s390x_aes_##mode##_cipher,						\
+    s390x_aes_##mode##_cleanup,						\
+    sizeof(S390X_AES_##MODE##_CTX),					\
+    NULL,								\
+    NULL,								\
+    s390x_aes_##mode##_ctrl,						\
+    NULL								\
+};									\
+static const EVP_CIPHER aes_##keylen##_##mode = {			\
+    nid##_##keylen##_##mode,blocksize,					\
+    (EVP_CIPH_##MODE##_MODE == EVP_CIPH_XTS_MODE ? 2 : 1) * keylen / 8,	\
+    ivlen,								\
+    flags | EVP_CIPH_##MODE##_MODE,					\
+    aes_##mode##_init_key,						\
+    aes_##mode##_cipher,						\
+    aes_##mode##_cleanup,						\
+    sizeof(EVP_AES_##MODE##_CTX),					\
+    NULL,								\
+    NULL,								\
+    aes_##mode##_ctrl,							\
+    NULL								\
+};									\
+const EVP_CIPHER *EVP_aes_##keylen##_##mode(void)			\
+{									\
+    return S390X_aes_##keylen##_##mode##_CAPABLE ?			\
+           &s390x_aes_##keylen##_##mode : &aes_##keylen##_##mode;	\
+}
+
+#else
+
+# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
 static const EVP_CIPHER aes_##keylen##_##mode = { \
         nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
         flags|EVP_CIPH_##MODE##_MODE,   \
@@ -866,7 +2497,7 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \
 const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
 { return &aes_##keylen##_##mode; }
 
-#  define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \
+# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \
 static const EVP_CIPHER aes_##keylen##_##mode = { \
         nid##_##keylen##_##mode,blocksize, \
         (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \
@@ -878,25 +2509,29 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \
         NULL,NULL,aes_##mode##_ctrl,NULL }; \
 const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
 { return &aes_##keylen##_##mode; }
-# endif
 
-# if defined(OPENSSL_CPUID_OBJ) && (defined(__arm__) || defined(__arm) || defined(__aarch64__))
-#  include "arm_arch.h"
-#  if __ARM_MAX_ARCH__>=7
-#   if defined(BSAES_ASM)
-#    define BSAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON)
-#   endif
-#   define HWAES_CAPABLE (OPENSSL_armcap_P & ARMV8_AES)
-#   define HWAES_set_encrypt_key aes_v8_set_encrypt_key
-#   define HWAES_set_decrypt_key aes_v8_set_decrypt_key
-#   define HWAES_encrypt aes_v8_encrypt
-#   define HWAES_decrypt aes_v8_decrypt
-#   define HWAES_cbc_encrypt aes_v8_cbc_encrypt
-#   define HWAES_ctr32_encrypt_blocks aes_v8_ctr32_encrypt_blocks
+#endif
+
+#if defined(OPENSSL_CPUID_OBJ) && (defined(__arm__) || defined(__arm) || defined(__aarch64__))
+# include "arm_arch.h"
+# if __ARM_MAX_ARCH__>=7
+#  if defined(BSAES_ASM)
+#   define BSAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON)
+#  endif
+#  if defined(VPAES_ASM)
+#   define VPAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON)
 #  endif
+#  define HWAES_CAPABLE (OPENSSL_armcap_P & ARMV8_AES)
+#  define HWAES_set_encrypt_key aes_v8_set_encrypt_key
+#  define HWAES_set_decrypt_key aes_v8_set_decrypt_key
+#  define HWAES_encrypt aes_v8_encrypt
+#  define HWAES_decrypt aes_v8_decrypt
+#  define HWAES_cbc_encrypt aes_v8_cbc_encrypt
+#  define HWAES_ctr32_encrypt_blocks aes_v8_ctr32_encrypt_blocks
 # endif
+#endif
 
-# if defined(HWAES_CAPABLE)
+#if defined(HWAES_CAPABLE)
 int HWAES_set_encrypt_key(const unsigned char *userKey, const int bits,
                           AES_KEY *key);
 int HWAES_set_decrypt_key(const unsigned char *userKey, const int bits,
@@ -911,9 +2546,15 @@ void HWAES_cbc_encrypt(const unsigned char *in, unsigned char *out,
 void HWAES_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out,
                                 size_t len, const AES_KEY *key,
                                 const unsigned char ivec[16]);
-# endif
+void HWAES_xts_encrypt(const unsigned char *inp, unsigned char *out,
+                       size_t len, const AES_KEY *key1,
+                       const AES_KEY *key2, const unsigned char iv[16]);
+void HWAES_xts_decrypt(const unsigned char *inp, unsigned char *out,
+                       size_t len, const AES_KEY *key1,
+                       const AES_KEY *key2, const unsigned char iv[16]);
+#endif
 
-# define BLOCK_CIPHER_generic_pack(nid,keylen,flags)             \
+#define BLOCK_CIPHER_generic_pack(nid,keylen,flags)             \
         BLOCK_CIPHER_generic(nid,keylen,16,16,cbc,cbc,CBC,flags|EVP_CIPH_FLAG_DEFAULT_ASN1)     \
         BLOCK_CIPHER_generic(nid,keylen,16,0,ecb,ecb,ECB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1)      \
         BLOCK_CIPHER_generic(nid,keylen,1,16,ofb128,ofb,OFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1)   \
@@ -926,85 +2567,97 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                         const unsigned char *iv, int enc)
 {
     int ret, mode;
-    EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data;
+    EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
 
-    mode = ctx->cipher->flags & EVP_CIPH_MODE;
+    mode = EVP_CIPHER_CTX_mode(ctx);
     if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
-        && !enc)
-# ifdef HWAES_CAPABLE
+        && !enc) {
+#ifdef HWAES_CAPABLE
         if (HWAES_CAPABLE) {
-            ret = HWAES_set_decrypt_key(key, ctx->key_len * 8, &dat->ks.ks);
+            ret = HWAES_set_decrypt_key(key,
+                                        EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                        &dat->ks.ks);
             dat->block = (block128_f) HWAES_decrypt;
             dat->stream.cbc = NULL;
-#  ifdef HWAES_cbc_encrypt
+# ifdef HWAES_cbc_encrypt
             if (mode == EVP_CIPH_CBC_MODE)
                 dat->stream.cbc = (cbc128_f) HWAES_cbc_encrypt;
-#  endif
-        } else
 # endif
-# ifdef BSAES_CAPABLE
+        } else
+#endif
+#ifdef BSAES_CAPABLE
         if (BSAES_CAPABLE && mode == EVP_CIPH_CBC_MODE) {
-            ret = AES_set_decrypt_key(key, ctx->key_len * 8, &dat->ks.ks);
+            ret = AES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                      &dat->ks.ks);
             dat->block = (block128_f) AES_decrypt;
             dat->stream.cbc = (cbc128_f) bsaes_cbc_encrypt;
         } else
-# endif
-# ifdef VPAES_CAPABLE
+#endif
+#ifdef VPAES_CAPABLE
         if (VPAES_CAPABLE) {
-            ret = vpaes_set_decrypt_key(key, ctx->key_len * 8, &dat->ks.ks);
+            ret = vpaes_set_decrypt_key(key,
+                                        EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                        &dat->ks.ks);
             dat->block = (block128_f) vpaes_decrypt;
             dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
                 (cbc128_f) vpaes_cbc_encrypt : NULL;
         } else
-# endif
+#endif
         {
-            ret = AES_set_decrypt_key(key, ctx->key_len * 8, &dat->ks.ks);
+            ret = AES_set_decrypt_key(key,
+                                      EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                      &dat->ks.ks);
             dat->block = (block128_f) AES_decrypt;
             dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
                 (cbc128_f) AES_cbc_encrypt : NULL;
+        }
     } else
-# ifdef HWAES_CAPABLE
+#ifdef HWAES_CAPABLE
     if (HWAES_CAPABLE) {
-        ret = HWAES_set_encrypt_key(key, ctx->key_len * 8, &dat->ks.ks);
+        ret = HWAES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                    &dat->ks.ks);
         dat->block = (block128_f) HWAES_encrypt;
         dat->stream.cbc = NULL;
-#  ifdef HWAES_cbc_encrypt
+# ifdef HWAES_cbc_encrypt
         if (mode == EVP_CIPH_CBC_MODE)
             dat->stream.cbc = (cbc128_f) HWAES_cbc_encrypt;
         else
-#  endif
-#  ifdef HWAES_ctr32_encrypt_blocks
+# endif
+# ifdef HWAES_ctr32_encrypt_blocks
         if (mode == EVP_CIPH_CTR_MODE)
             dat->stream.ctr = (ctr128_f) HWAES_ctr32_encrypt_blocks;
         else
-#  endif
+# endif
             (void)0;            /* terminate potentially open 'else' */
     } else
-# endif
-# ifdef BSAES_CAPABLE
+#endif
+#ifdef BSAES_CAPABLE
     if (BSAES_CAPABLE && mode == EVP_CIPH_CTR_MODE) {
-        ret = AES_set_encrypt_key(key, ctx->key_len * 8, &dat->ks.ks);
+        ret = AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                  &dat->ks.ks);
         dat->block = (block128_f) AES_encrypt;
         dat->stream.ctr = (ctr128_f) bsaes_ctr32_encrypt_blocks;
     } else
-# endif
-# ifdef VPAES_CAPABLE
+#endif
+#ifdef VPAES_CAPABLE
     if (VPAES_CAPABLE) {
-        ret = vpaes_set_encrypt_key(key, ctx->key_len * 8, &dat->ks.ks);
+        ret = vpaes_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                    &dat->ks.ks);
         dat->block = (block128_f) vpaes_encrypt;
         dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
             (cbc128_f) vpaes_cbc_encrypt : NULL;
     } else
-# endif
+#endif
     {
-        ret = AES_set_encrypt_key(key, ctx->key_len * 8, &dat->ks.ks);
+        ret = AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                  &dat->ks.ks);
         dat->block = (block128_f) AES_encrypt;
         dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
             (cbc128_f) AES_cbc_encrypt : NULL;
-# ifdef AES_CTR_ASM
+#ifdef AES_CTR_ASM
         if (mode == EVP_CIPH_CTR_MODE)
             dat->stream.ctr = (ctr128_f) AES_ctr32_encrypt;
-# endif
+#endif
     }
 
     if (ret < 0) {
@@ -1018,14 +2671,18 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 static int aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                           const unsigned char *in, size_t len)
 {
-    EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data;
+    EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
 
     if (dat->stream.cbc)
-        (*dat->stream.cbc) (in, out, len, &dat->ks, ctx->iv, ctx->encrypt);
-    else if (ctx->encrypt)
-        CRYPTO_cbc128_encrypt(in, out, len, &dat->ks, ctx->iv, dat->block);
+        (*dat->stream.cbc) (in, out, len, &dat->ks,
+                            EVP_CIPHER_CTX_iv_noconst(ctx),
+                            EVP_CIPHER_CTX_encrypting(ctx));
+    else if (EVP_CIPHER_CTX_encrypting(ctx))
+        CRYPTO_cbc128_encrypt(in, out, len, &dat->ks,
+                              EVP_CIPHER_CTX_iv_noconst(ctx), dat->block);
     else
-        CRYPTO_cbc128_decrypt(in, out, len, &dat->ks, ctx->iv, dat->block);
+        CRYPTO_cbc128_decrypt(in, out, len, &dat->ks,
+                              EVP_CIPHER_CTX_iv_noconst(ctx), dat->block);
 
     return 1;
 }
@@ -1033,9 +2690,9 @@ static int aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 static int aes_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                           const unsigned char *in, size_t len)
 {
-    size_t bl = ctx->cipher->block_size;
+    size_t bl = EVP_CIPHER_CTX_block_size(ctx);
     size_t i;
-    EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data;
+    EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
 
     if (len < bl)
         return 1;
@@ -1049,54 +2706,72 @@ static int aes_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 static int aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                           const unsigned char *in, size_t len)
 {
-    EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data;
+    EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
 
+    int num = EVP_CIPHER_CTX_num(ctx);
     CRYPTO_ofb128_encrypt(in, out, len, &dat->ks,
-                          ctx->iv, &ctx->num, dat->block);
+                          EVP_CIPHER_CTX_iv_noconst(ctx), &num, dat->block);
+    EVP_CIPHER_CTX_set_num(ctx, num);
     return 1;
 }
 
 static int aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                           const unsigned char *in, size_t len)
 {
-    EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data;
+    EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
 
+    int num = EVP_CIPHER_CTX_num(ctx);
     CRYPTO_cfb128_encrypt(in, out, len, &dat->ks,
-                          ctx->iv, &ctx->num, ctx->encrypt, dat->block);
+                          EVP_CIPHER_CTX_iv_noconst(ctx), &num,
+                          EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+    EVP_CIPHER_CTX_set_num(ctx, num);
     return 1;
 }
 
 static int aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                            const unsigned char *in, size_t len)
 {
-    EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data;
+    EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
 
+    int num = EVP_CIPHER_CTX_num(ctx);
     CRYPTO_cfb128_8_encrypt(in, out, len, &dat->ks,
-                            ctx->iv, &ctx->num, ctx->encrypt, dat->block);
+                            EVP_CIPHER_CTX_iv_noconst(ctx), &num,
+                            EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+    EVP_CIPHER_CTX_set_num(ctx, num);
     return 1;
 }
 
 static int aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                            const unsigned char *in, size_t len)
 {
-    EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data;
+    EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
 
-    if (ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) {
+    if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) {
+        int num = EVP_CIPHER_CTX_num(ctx);
         CRYPTO_cfb128_1_encrypt(in, out, len, &dat->ks,
-                                ctx->iv, &ctx->num, ctx->encrypt, dat->block);
+                                EVP_CIPHER_CTX_iv_noconst(ctx), &num,
+                                EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+        EVP_CIPHER_CTX_set_num(ctx, num);
         return 1;
     }
 
     while (len >= MAXBITCHUNK) {
+        int num = EVP_CIPHER_CTX_num(ctx);
         CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, &dat->ks,
-                                ctx->iv, &ctx->num, ctx->encrypt, dat->block);
+                                EVP_CIPHER_CTX_iv_noconst(ctx), &num,
+                                EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+        EVP_CIPHER_CTX_set_num(ctx, num);
         len -= MAXBITCHUNK;
         out += MAXBITCHUNK;
         in  += MAXBITCHUNK;
     }
-    if (len)
+    if (len) {
+        int num = EVP_CIPHER_CTX_num(ctx);
         CRYPTO_cfb128_1_encrypt(in, out, len * 8, &dat->ks,
-                                ctx->iv, &ctx->num, ctx->encrypt, dat->block);
+                                EVP_CIPHER_CTX_iv_noconst(ctx), &num,
+                                EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+        EVP_CIPHER_CTX_set_num(ctx, num);
+    }
 
     return 1;
 }
@@ -1104,53 +2779,41 @@ static int aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 static int aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                           const unsigned char *in, size_t len)
 {
-    unsigned int num = ctx->num;
-    EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data;
+    unsigned int num = EVP_CIPHER_CTX_num(ctx);
+    EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
 
     if (dat->stream.ctr)
         CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks,
-                                    ctx->iv, ctx->buf, &num, dat->stream.ctr);
+                                    EVP_CIPHER_CTX_iv_noconst(ctx),
+                                    EVP_CIPHER_CTX_buf_noconst(ctx),
+                                    &num, dat->stream.ctr);
     else
         CRYPTO_ctr128_encrypt(in, out, len, &dat->ks,
-                              ctx->iv, ctx->buf, &num, dat->block);
-    ctx->num = (size_t)num;
+                              EVP_CIPHER_CTX_iv_noconst(ctx),
+                              EVP_CIPHER_CTX_buf_noconst(ctx), &num,
+                              dat->block);
+    EVP_CIPHER_CTX_set_num(ctx, num);
     return 1;
 }
 
-BLOCK_CIPHER_generic_pack(NID_aes, 128, EVP_CIPH_FLAG_FIPS)
-    BLOCK_CIPHER_generic_pack(NID_aes, 192, EVP_CIPH_FLAG_FIPS)
-    BLOCK_CIPHER_generic_pack(NID_aes, 256, EVP_CIPH_FLAG_FIPS)
+BLOCK_CIPHER_generic_pack(NID_aes, 128, 0)
+    BLOCK_CIPHER_generic_pack(NID_aes, 192, 0)
+    BLOCK_CIPHER_generic_pack(NID_aes, 256, 0)
 
 static int aes_gcm_cleanup(EVP_CIPHER_CTX *c)
 {
-    EVP_AES_GCM_CTX *gctx = c->cipher_data;
+    EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,c);
     if (gctx == NULL)
         return 0;
     OPENSSL_cleanse(&gctx->gcm, sizeof(gctx->gcm));
-    if (gctx->iv != c->iv)
+    if (gctx->iv != EVP_CIPHER_CTX_iv_noconst(c))
         OPENSSL_free(gctx->iv);
     return 1;
 }
 
-/* increment counter (64-bit int) by 1 */
-static void ctr64_inc(unsigned char *counter)
-{
-    int n = 8;
-    unsigned char c;
-
-    do {
-        --n;
-        c = counter[n];
-        ++c;
-        counter[n] = c;
-        if (c)
-            return;
-    } while (n);
-}
-
 static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
 {
-    EVP_AES_GCM_CTX *gctx = c->cipher_data;
+    EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,c);
     switch (type) {
     case EVP_CTRL_INIT:
         gctx->key_set = 0;
@@ -1162,29 +2825,31 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
         gctx->tls_aad_len = -1;
         return 1;
 
-    case EVP_CTRL_GCM_SET_IVLEN:
+    case EVP_CTRL_AEAD_SET_IVLEN:
         if (arg <= 0)
             return 0;
         /* Allocate memory for IV if needed */
         if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) {
             if (gctx->iv != c->iv)
                 OPENSSL_free(gctx->iv);
-            gctx->iv = OPENSSL_malloc(arg);
-            if (!gctx->iv)
+            if ((gctx->iv = OPENSSL_malloc(arg)) == NULL) {
+                EVPerr(EVP_F_AES_GCM_CTRL, ERR_R_MALLOC_FAILURE);
                 return 0;
+            }
         }
         gctx->ivlen = arg;
         return 1;
 
-    case EVP_CTRL_GCM_SET_TAG:
+    case EVP_CTRL_AEAD_SET_TAG:
         if (arg <= 0 || arg > 16 || c->encrypt)
             return 0;
         memcpy(c->buf, ptr, arg);
         gctx->taglen = arg;
         return 1;
 
-    case EVP_CTRL_GCM_GET_TAG:
-        if (arg <= 0 || arg > 16 || !c->encrypt || gctx->taglen < 0)
+    case EVP_CTRL_AEAD_GET_TAG:
+        if (arg <= 0 || arg > 16 || !c->encrypt
+            || gctx->taglen < 0)
             return 0;
         memcpy(ptr, c->buf, arg);
         return 1;
@@ -1259,7 +2924,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
     case EVP_CTRL_COPY:
         {
             EVP_CIPHER_CTX *out = ptr;
-            EVP_AES_GCM_CTX *gctx_out = out->cipher_data;
+            EVP_AES_GCM_CTX *gctx_out = EVP_C_DATA(EVP_AES_GCM_CTX,out);
             if (gctx->gcm.key) {
                 if (gctx->gcm.key != &gctx->ks)
                     return 0;
@@ -1268,9 +2933,10 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
             if (gctx->iv == c->iv)
                 gctx_out->iv = out->iv;
             else {
-                gctx_out->iv = OPENSSL_malloc(gctx->ivlen);
-                if (!gctx_out->iv)
+                if ((gctx_out->iv = OPENSSL_malloc(gctx->ivlen)) == NULL) {
+                    EVPerr(EVP_F_AES_GCM_CTRL, ERR_R_MALLOC_FAILURE);
                     return 0;
+                }
                 memcpy(gctx_out->iv, gctx->iv, gctx->ivlen);
             }
             return 1;
@@ -1285,25 +2951,25 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
 static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                             const unsigned char *iv, int enc)
 {
-    EVP_AES_GCM_CTX *gctx = ctx->cipher_data;
+    EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx);
     if (!iv && !key)
         return 1;
     if (key) {
         do {
-# ifdef HWAES_CAPABLE
+#ifdef HWAES_CAPABLE
             if (HWAES_CAPABLE) {
                 HWAES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
                 CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
                                    (block128_f) HWAES_encrypt);
-#  ifdef HWAES_ctr32_encrypt_blocks
+# ifdef HWAES_ctr32_encrypt_blocks
                 gctx->ctr = (ctr128_f) HWAES_ctr32_encrypt_blocks;
-#  else
+# else
                 gctx->ctr = NULL;
-#  endif
+# endif
                 break;
             } else
-# endif
-# ifdef BSAES_CAPABLE
+#endif
+#ifdef BSAES_CAPABLE
             if (BSAES_CAPABLE) {
                 AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
                 CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
@@ -1311,8 +2977,8 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                 gctx->ctr = (ctr128_f) bsaes_ctr32_encrypt_blocks;
                 break;
             } else
-# endif
-# ifdef VPAES_CAPABLE
+#endif
+#ifdef VPAES_CAPABLE
             if (VPAES_CAPABLE) {
                 vpaes_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
                 CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
@@ -1320,17 +2986,17 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                 gctx->ctr = NULL;
                 break;
             } else
-# endif
+#endif
                 (void)0;        /* terminate potentially open 'else' */
 
             AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
             CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
                                (block128_f) AES_encrypt);
-# ifdef AES_CTR_ASM
+#ifdef AES_CTR_ASM
             gctx->ctr = (ctr128_f) AES_ctr32_encrypt;
-# else
+#else
             gctx->ctr = NULL;
-# endif
+#endif
         } while (0);
 
         /*
@@ -1365,7 +3031,7 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                               const unsigned char *in, size_t len)
 {
-    EVP_AES_GCM_CTX *gctx = ctx->cipher_data;
+    EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx);
     int rv = -1;
     /* Encrypt/decrypt must be performed in place */
     if (out != in
@@ -1375,8 +3041,8 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
      * Set IV from start of buffer or generate IV and write to start of
      * buffer.
      */
-    if (EVP_CIPHER_CTX_ctrl(ctx, ctx->encrypt ?
-                            EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV,
+    if (EVP_CIPHER_CTX_ctrl(ctx, ctx->encrypt ? EVP_CTRL_GCM_IV_GEN
+                                              : EVP_CTRL_GCM_SET_IV_INV,
                             EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0)
         goto err;
     /* Use saved AAD */
@@ -1390,7 +3056,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
         /* Encrypt payload */
         if (gctx->ctr) {
             size_t bulk = 0;
-# if defined(AES_GCM_ASM)
+#if defined(AES_GCM_ASM)
             if (len >= 32 && AES_GCM_ASM(gctx)) {
                 if (CRYPTO_gcm128_encrypt(&gctx->gcm, NULL, NULL, 0))
                     return -1;
@@ -1400,7 +3066,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                        gctx->gcm.Yi.c, gctx->gcm.Xi.u);
                 gctx->gcm.len.u[1] += bulk;
             }
-# endif
+#endif
             if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm,
                                             in + bulk,
                                             out + bulk,
@@ -1408,7 +3074,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                 goto err;
         } else {
             size_t bulk = 0;
-# if defined(AES_GCM_ASM2)
+#if defined(AES_GCM_ASM2)
             if (len >= 32 && AES_GCM_ASM2(gctx)) {
                 if (CRYPTO_gcm128_encrypt(&gctx->gcm, NULL, NULL, 0))
                     return -1;
@@ -1418,7 +3084,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                        gctx->gcm.Yi.c, gctx->gcm.Xi.u);
                 gctx->gcm.len.u[1] += bulk;
             }
-# endif
+#endif
             if (CRYPTO_gcm128_encrypt(&gctx->gcm,
                                       in + bulk, out + bulk, len - bulk))
                 goto err;
@@ -1431,7 +3097,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
         /* Decrypt */
         if (gctx->ctr) {
             size_t bulk = 0;
-# if defined(AES_GCM_ASM)
+#if defined(AES_GCM_ASM)
             if (len >= 16 && AES_GCM_ASM(gctx)) {
                 if (CRYPTO_gcm128_decrypt(&gctx->gcm, NULL, NULL, 0))
                     return -1;
@@ -1441,7 +3107,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                        gctx->gcm.Yi.c, gctx->gcm.Xi.u);
                 gctx->gcm.len.u[1] += bulk;
             }
-# endif
+#endif
             if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm,
                                             in + bulk,
                                             out + bulk,
@@ -1449,7 +3115,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                 goto err;
         } else {
             size_t bulk = 0;
-# if defined(AES_GCM_ASM2)
+#if defined(AES_GCM_ASM2)
             if (len >= 16 && AES_GCM_ASM2(gctx)) {
                 if (CRYPTO_gcm128_decrypt(&gctx->gcm, NULL, NULL, 0))
                     return -1;
@@ -1459,7 +3125,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                        gctx->gcm.Yi.c, gctx->gcm.Xi.u);
                 gctx->gcm.len.u[1] += bulk;
             }
-# endif
+#endif
             if (CRYPTO_gcm128_decrypt(&gctx->gcm,
                                       in + bulk, out + bulk, len - bulk))
                 goto err;
@@ -1483,7 +3149,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                           const unsigned char *in, size_t len)
 {
-    EVP_AES_GCM_CTX *gctx = ctx->cipher_data;
+    EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx);
     /* If not set up, return error */
     if (!gctx->key_set)
         return -1;
@@ -1500,7 +3166,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
         } else if (ctx->encrypt) {
             if (gctx->ctr) {
                 size_t bulk = 0;
-# if defined(AES_GCM_ASM)
+#if defined(AES_GCM_ASM)
                 if (len >= 32 && AES_GCM_ASM(gctx)) {
                     size_t res = (16 - gctx->gcm.mres) % 16;
 
@@ -1514,7 +3180,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                     gctx->gcm.len.u[1] += bulk;
                     bulk += res;
                 }
-# endif
+#endif
                 if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm,
                                                 in + bulk,
                                                 out + bulk,
@@ -1522,7 +3188,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                     return -1;
             } else {
                 size_t bulk = 0;
-# if defined(AES_GCM_ASM2)
+#if defined(AES_GCM_ASM2)
                 if (len >= 32 && AES_GCM_ASM2(gctx)) {
                     size_t res = (16 - gctx->gcm.mres) % 16;
 
@@ -1536,7 +3202,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                     gctx->gcm.len.u[1] += bulk;
                     bulk += res;
                 }
-# endif
+#endif
                 if (CRYPTO_gcm128_encrypt(&gctx->gcm,
                                           in + bulk, out + bulk, len - bulk))
                     return -1;
@@ -1544,7 +3210,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
         } else {
             if (gctx->ctr) {
                 size_t bulk = 0;
-# if defined(AES_GCM_ASM)
+#if defined(AES_GCM_ASM)
                 if (len >= 16 && AES_GCM_ASM(gctx)) {
                     size_t res = (16 - gctx->gcm.mres) % 16;
 
@@ -1558,7 +3224,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                     gctx->gcm.len.u[1] += bulk;
                     bulk += res;
                 }
-# endif
+#endif
                 if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm,
                                                 in + bulk,
                                                 out + bulk,
@@ -1566,7 +3232,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                     return -1;
             } else {
                 size_t bulk = 0;
-# if defined(AES_GCM_ASM2)
+#if defined(AES_GCM_ASM2)
                 if (len >= 16 && AES_GCM_ASM2(gctx)) {
                     size_t res = (16 - gctx->gcm.mres) % 16;
 
@@ -1580,7 +3246,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                     gctx->gcm.len.u[1] += bulk;
                     bulk += res;
                 }
-# endif
+#endif
                 if (CRYPTO_gcm128_decrypt(&gctx->gcm,
                                           in + bulk, out + bulk, len - bulk))
                     return -1;
@@ -1605,27 +3271,24 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 
 }
 
-# define CUSTOM_FLAGS    (EVP_CIPH_FLAG_DEFAULT_ASN1 \
+#define CUSTOM_FLAGS    (EVP_CIPH_FLAG_DEFAULT_ASN1 \
                 | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
                 | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \
                 | EVP_CIPH_CUSTOM_COPY)
 
 BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, gcm, GCM,
-                    EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_AEAD_CIPHER |
-                    CUSTOM_FLAGS)
+                    EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
     BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, gcm, GCM,
-                    EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_AEAD_CIPHER |
-                    CUSTOM_FLAGS)
+                    EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
     BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, gcm, GCM,
-                    EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_AEAD_CIPHER |
-                    CUSTOM_FLAGS)
+                    EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
 
 static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
 {
-    EVP_AES_XTS_CTX *xctx = c->cipher_data;
+    EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,c);
     if (type == EVP_CTRL_COPY) {
         EVP_CIPHER_CTX *out = ptr;
-        EVP_AES_XTS_CTX *xctx_out = out->cipher_data;
+        EVP_AES_XTS_CTX *xctx_out = EVP_C_DATA(EVP_AES_XTS_CTX,out);
         if (xctx->xts.key1) {
             if (xctx->xts.key1 != &xctx->ks1)
                 return 0;
@@ -1648,75 +3311,90 @@ static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
 static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                             const unsigned char *iv, int enc)
 {
-    EVP_AES_XTS_CTX *xctx = ctx->cipher_data;
+    EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx);
     if (!iv && !key)
         return 1;
 
     if (key)
         do {
-# ifdef AES_XTS_ASM
+#ifdef AES_XTS_ASM
             xctx->stream = enc ? AES_xts_encrypt : AES_xts_decrypt;
-# else
+#else
             xctx->stream = NULL;
-# endif
+#endif
             /* key_len is two AES keys */
-# ifdef HWAES_CAPABLE
+#ifdef HWAES_CAPABLE
             if (HWAES_CAPABLE) {
                 if (enc) {
-                    HWAES_set_encrypt_key(key, ctx->key_len * 4,
+                    HWAES_set_encrypt_key(key,
+                                          EVP_CIPHER_CTX_key_length(ctx) * 4,
                                           &xctx->ks1.ks);
                     xctx->xts.block1 = (block128_f) HWAES_encrypt;
+# ifdef HWAES_xts_encrypt
+                    xctx->stream = HWAES_xts_encrypt;
+# endif
                 } else {
-                    HWAES_set_decrypt_key(key, ctx->key_len * 4,
+                    HWAES_set_decrypt_key(key,
+                                          EVP_CIPHER_CTX_key_length(ctx) * 4,
                                           &xctx->ks1.ks);
                     xctx->xts.block1 = (block128_f) HWAES_decrypt;
+# ifdef HWAES_xts_decrypt
+                    xctx->stream = HWAES_xts_decrypt;
+#endif
                 }
 
-                HWAES_set_encrypt_key(key + ctx->key_len / 2,
-                                      ctx->key_len * 4, &xctx->ks2.ks);
+                HWAES_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2,
+                                      EVP_CIPHER_CTX_key_length(ctx) * 4,
+                                      &xctx->ks2.ks);
                 xctx->xts.block2 = (block128_f) HWAES_encrypt;
 
                 xctx->xts.key1 = &xctx->ks1;
                 break;
             } else
-# endif
-# ifdef BSAES_CAPABLE
+#endif
+#ifdef BSAES_CAPABLE
             if (BSAES_CAPABLE)
                 xctx->stream = enc ? bsaes_xts_encrypt : bsaes_xts_decrypt;
             else
-# endif
-# ifdef VPAES_CAPABLE
+#endif
+#ifdef VPAES_CAPABLE
             if (VPAES_CAPABLE) {
                 if (enc) {
-                    vpaes_set_encrypt_key(key, ctx->key_len * 4,
+                    vpaes_set_encrypt_key(key,
+                                          EVP_CIPHER_CTX_key_length(ctx) * 4,
                                           &xctx->ks1.ks);
                     xctx->xts.block1 = (block128_f) vpaes_encrypt;
                 } else {
-                    vpaes_set_decrypt_key(key, ctx->key_len * 4,
+                    vpaes_set_decrypt_key(key,
+                                          EVP_CIPHER_CTX_key_length(ctx) * 4,
                                           &xctx->ks1.ks);
                     xctx->xts.block1 = (block128_f) vpaes_decrypt;
                 }
 
-                vpaes_set_encrypt_key(key + ctx->key_len / 2,
-                                      ctx->key_len * 4, &xctx->ks2.ks);
+                vpaes_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2,
+                                      EVP_CIPHER_CTX_key_length(ctx) * 4,
+                                      &xctx->ks2.ks);
                 xctx->xts.block2 = (block128_f) vpaes_encrypt;
 
                 xctx->xts.key1 = &xctx->ks1;
                 break;
             } else
-# endif
+#endif
                 (void)0;        /* terminate potentially open 'else' */
 
             if (enc) {
-                AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
+                AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4,
+                                    &xctx->ks1.ks);
                 xctx->xts.block1 = (block128_f) AES_encrypt;
             } else {
-                AES_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
+                AES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4,
+                                    &xctx->ks1.ks);
                 xctx->xts.block1 = (block128_f) AES_decrypt;
             }
 
-            AES_set_encrypt_key(key + ctx->key_len / 2,
-                                ctx->key_len * 4, &xctx->ks2.ks);
+            AES_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2,
+                                EVP_CIPHER_CTX_key_length(ctx) * 4,
+                                &xctx->ks2.ks);
             xctx->xts.block2 = (block128_f) AES_encrypt;
 
             xctx->xts.key1 = &xctx->ks1;
@@ -1724,7 +3402,7 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 
     if (iv) {
         xctx->xts.key2 = &xctx->ks2;
-        memcpy(ctx->iv, iv, 16);
+        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 16);
     }
 
     return 1;
@@ -1733,34 +3411,34 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 static int aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                           const unsigned char *in, size_t len)
 {
-    EVP_AES_XTS_CTX *xctx = ctx->cipher_data;
+    EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx);
     if (!xctx->xts.key1 || !xctx->xts.key2)
         return 0;
     if (!out || !in || len < AES_BLOCK_SIZE)
         return 0;
     if (xctx->stream)
         (*xctx->stream) (in, out, len,
-                         xctx->xts.key1, xctx->xts.key2, ctx->iv);
-    else if (CRYPTO_xts128_encrypt(&xctx->xts, ctx->iv, in, out, len,
-                                   ctx->encrypt))
+                         xctx->xts.key1, xctx->xts.key2,
+                         EVP_CIPHER_CTX_iv_noconst(ctx));
+    else if (CRYPTO_xts128_encrypt(&xctx->xts, EVP_CIPHER_CTX_iv_noconst(ctx),
+                                   in, out, len,
+                                   EVP_CIPHER_CTX_encrypting(ctx)))
         return 0;
     return 1;
 }
 
-# define aes_xts_cleanup NULL
+#define aes_xts_cleanup NULL
 
-# define XTS_FLAGS       (EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV \
+#define XTS_FLAGS       (EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV \
                          | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \
                          | EVP_CIPH_CUSTOM_COPY)
 
-BLOCK_CIPHER_custom(NID_aes, 128, 1, 16, xts, XTS,
-                    EVP_CIPH_FLAG_FIPS | XTS_FLAGS)
-    BLOCK_CIPHER_custom(NID_aes, 256, 1, 16, xts, XTS,
-                    EVP_CIPH_FLAG_FIPS | XTS_FLAGS)
+BLOCK_CIPHER_custom(NID_aes, 128, 1, 16, xts, XTS, XTS_FLAGS)
+    BLOCK_CIPHER_custom(NID_aes, 256, 1, 16, xts, XTS, XTS_FLAGS)
 
 static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
 {
-    EVP_AES_CCM_CTX *cctx = c->cipher_data;
+    EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,c);
     switch (type) {
     case EVP_CTRL_INIT:
         cctx->key_set = 0;
@@ -1769,30 +3447,66 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
         cctx->M = 12;
         cctx->tag_set = 0;
         cctx->len_set = 0;
+        cctx->tls_aad_len = -1;
+        return 1;
+
+    case EVP_CTRL_AEAD_TLS1_AAD:
+        /* Save the AAD for later use */
+        if (arg != EVP_AEAD_TLS1_AAD_LEN)
+            return 0;
+        memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg);
+        cctx->tls_aad_len = arg;
+        {
+            uint16_t len =
+                EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] << 8
+                | EVP_CIPHER_CTX_buf_noconst(c)[arg - 1];
+            /* Correct length for explicit IV */
+            if (len < EVP_CCM_TLS_EXPLICIT_IV_LEN)
+                return 0;
+            len -= EVP_CCM_TLS_EXPLICIT_IV_LEN;
+            /* If decrypting correct for tag too */
+            if (!EVP_CIPHER_CTX_encrypting(c)) {
+                if (len < cctx->M)
+                    return 0;
+                len -= cctx->M;
+            }
+            EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] = len >> 8;
+            EVP_CIPHER_CTX_buf_noconst(c)[arg - 1] = len & 0xff;
+        }
+        /* Extra padding: tag appended to record */
+        return cctx->M;
+
+    case EVP_CTRL_CCM_SET_IV_FIXED:
+        /* Sanity check length */
+        if (arg != EVP_CCM_TLS_FIXED_IV_LEN)
+            return 0;
+        /* Just copy to first part of IV */
+        memcpy(EVP_CIPHER_CTX_iv_noconst(c), ptr, arg);
         return 1;
 
-    case EVP_CTRL_CCM_SET_IVLEN:
+    case EVP_CTRL_AEAD_SET_IVLEN:
         arg = 15 - arg;
+        /* fall thru */
     case EVP_CTRL_CCM_SET_L:
         if (arg < 2 || arg > 8)
             return 0;
         cctx->L = arg;
         return 1;
 
-    case EVP_CTRL_CCM_SET_TAG:
+    case EVP_CTRL_AEAD_SET_TAG:
         if ((arg & 1) || arg < 4 || arg > 16)
             return 0;
-        if (c->encrypt && ptr)
+        if (EVP_CIPHER_CTX_encrypting(c) && ptr)
             return 0;
         if (ptr) {
             cctx->tag_set = 1;
-            memcpy(c->buf, ptr, arg);
+            memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg);
         }
         cctx->M = arg;
         return 1;
 
-    case EVP_CTRL_CCM_GET_TAG:
-        if (!c->encrypt || !cctx->tag_set)
+    case EVP_CTRL_AEAD_GET_TAG:
+        if (!EVP_CIPHER_CTX_encrypting(c) || !cctx->tag_set)
             return 0;
         if (!CRYPTO_ccm128_tag(&cctx->ccm, ptr, (size_t)arg))
             return 0;
@@ -1804,7 +3518,7 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
     case EVP_CTRL_COPY:
         {
             EVP_CIPHER_CTX *out = ptr;
-            EVP_AES_CCM_CTX *cctx_out = out->cipher_data;
+            EVP_AES_CCM_CTX *cctx_out = EVP_C_DATA(EVP_AES_CCM_CTX,out);
             if (cctx->ccm.key) {
                 if (cctx->ccm.key != &cctx->ks)
                     return 0;
@@ -1822,14 +3536,15 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
 static int aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                             const unsigned char *iv, int enc)
 {
-    EVP_AES_CCM_CTX *cctx = ctx->cipher_data;
+    EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx);
     if (!iv && !key)
         return 1;
     if (key)
         do {
-# ifdef HWAES_CAPABLE
+#ifdef HWAES_CAPABLE
             if (HWAES_CAPABLE) {
-                HWAES_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks.ks);
+                HWAES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                      &cctx->ks.ks);
 
                 CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
                                    &cctx->ks, (block128_f) HWAES_encrypt);
@@ -1837,43 +3552,105 @@ static int aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                 cctx->key_set = 1;
                 break;
             } else
-# endif
-# ifdef VPAES_CAPABLE
+#endif
+#ifdef VPAES_CAPABLE
             if (VPAES_CAPABLE) {
-                vpaes_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks.ks);
+                vpaes_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                      &cctx->ks.ks);
                 CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
                                    &cctx->ks, (block128_f) vpaes_encrypt);
                 cctx->str = NULL;
                 cctx->key_set = 1;
                 break;
             }
-# endif
-            AES_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks.ks);
+#endif
+            AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                &cctx->ks.ks);
             CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
                                &cctx->ks, (block128_f) AES_encrypt);
             cctx->str = NULL;
             cctx->key_set = 1;
         } while (0);
     if (iv) {
-        memcpy(ctx->iv, iv, 15 - cctx->L);
+        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 15 - cctx->L);
         cctx->iv_set = 1;
     }
     return 1;
 }
 
+static int aes_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, size_t len)
+{
+    EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx);
+    CCM128_CONTEXT *ccm = &cctx->ccm;
+    /* Encrypt/decrypt must be performed in place */
+    if (out != in || len < (EVP_CCM_TLS_EXPLICIT_IV_LEN + (size_t)cctx->M))
+        return -1;
+    /* If encrypting set explicit IV from sequence number (start of AAD) */
+    if (EVP_CIPHER_CTX_encrypting(ctx))
+        memcpy(out, EVP_CIPHER_CTX_buf_noconst(ctx),
+               EVP_CCM_TLS_EXPLICIT_IV_LEN);
+    /* Get rest of IV from explicit IV */
+    memcpy(EVP_CIPHER_CTX_iv_noconst(ctx) + EVP_CCM_TLS_FIXED_IV_LEN, in,
+           EVP_CCM_TLS_EXPLICIT_IV_LEN);
+    /* Correct length value */
+    len -= EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M;
+    if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx), 15 - cctx->L,
+                            len))
+            return -1;
+    /* Use saved AAD */
+    CRYPTO_ccm128_aad(ccm, EVP_CIPHER_CTX_buf_noconst(ctx), cctx->tls_aad_len);
+    /* Fix buffer to point to payload */
+    in += EVP_CCM_TLS_EXPLICIT_IV_LEN;
+    out += EVP_CCM_TLS_EXPLICIT_IV_LEN;
+    if (EVP_CIPHER_CTX_encrypting(ctx)) {
+        if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len,
+                                                    cctx->str) :
+            CRYPTO_ccm128_encrypt(ccm, in, out, len))
+            return -1;
+        if (!CRYPTO_ccm128_tag(ccm, out + len, cctx->M))
+            return -1;
+        return len + EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M;
+    } else {
+        if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len,
+                                                     cctx->str) :
+            !CRYPTO_ccm128_decrypt(ccm, in, out, len)) {
+            unsigned char tag[16];
+            if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) {
+                if (!CRYPTO_memcmp(tag, in + len, cctx->M))
+                    return len;
+            }
+        }
+        OPENSSL_cleanse(out, len);
+        return -1;
+    }
+}
+
 static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                           const unsigned char *in, size_t len)
 {
-    EVP_AES_CCM_CTX *cctx = ctx->cipher_data;
+    EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx);
     CCM128_CONTEXT *ccm = &cctx->ccm;
     /* If not set up, return error */
-    if (!cctx->iv_set && !cctx->key_set)
+    if (!cctx->key_set)
         return -1;
-    if (!ctx->encrypt && !cctx->tag_set)
+
+    if (cctx->tls_aad_len >= 0)
+        return aes_ccm_tls_cipher(ctx, out, in, len);
+
+    /* EVP_*Final() doesn't return any data */
+    if (in == NULL && out != NULL)
+        return 0;
+
+    if (!cctx->iv_set)
+        return -1;
+
+    if (!EVP_CIPHER_CTX_encrypting(ctx) && !cctx->tag_set)
         return -1;
     if (!out) {
         if (!in) {
-            if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, len))
+            if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx),
+                                    15 - cctx->L, len))
                 return -1;
             cctx->len_set = 1;
             return len;
@@ -1884,16 +3661,14 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
         CRYPTO_ccm128_aad(ccm, in, len);
         return len;
     }
-    /* EVP_*Final() doesn't return any data */
-    if (!in)
-        return 0;
     /* If not set length yet do it */
     if (!cctx->len_set) {
-        if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, len))
+        if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx),
+                                15 - cctx->L, len))
             return -1;
         cctx->len_set = 1;
     }
-    if (ctx->encrypt) {
+    if (EVP_CIPHER_CTX_encrypting(ctx)) {
         if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len,
                                                     cctx->str) :
             CRYPTO_ccm128_encrypt(ccm, in, out, len))
@@ -1907,7 +3682,8 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
             !CRYPTO_ccm128_decrypt(ccm, in, out, len)) {
             unsigned char tag[16];
             if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) {
-                if (!CRYPTO_memcmp(tag, ctx->buf, cctx->M))
+                if (!CRYPTO_memcmp(tag, EVP_CIPHER_CTX_buf_noconst(ctx),
+                                   cctx->M))
                     rv = len;
             }
         }
@@ -1918,18 +3694,17 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
         cctx->len_set = 0;
         return rv;
     }
-
 }
 
-# define aes_ccm_cleanup NULL
+#define aes_ccm_cleanup NULL
 
 BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, ccm, CCM,
-                    EVP_CIPH_FLAG_FIPS | CUSTOM_FLAGS)
+                    EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
     BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, ccm, CCM,
-                    EVP_CIPH_FLAG_FIPS | CUSTOM_FLAGS)
+                        EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
     BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, ccm, CCM,
-                    EVP_CIPH_FLAG_FIPS | CUSTOM_FLAGS)
-#endif
+                        EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+
 typedef struct {
     union {
         double align;
@@ -1942,20 +3717,22 @@ typedef struct {
 static int aes_wrap_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                              const unsigned char *iv, int enc)
 {
-    EVP_AES_WRAP_CTX *wctx = ctx->cipher_data;
+    EVP_AES_WRAP_CTX *wctx = EVP_C_DATA(EVP_AES_WRAP_CTX,ctx);
     if (!iv && !key)
         return 1;
     if (key) {
-        if (ctx->encrypt)
-            AES_set_encrypt_key(key, ctx->key_len * 8, &wctx->ks.ks);
+        if (EVP_CIPHER_CTX_encrypting(ctx))
+            AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                &wctx->ks.ks);
         else
-            AES_set_decrypt_key(key, ctx->key_len * 8, &wctx->ks.ks);
+            AES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                &wctx->ks.ks);
         if (!iv)
             wctx->iv = NULL;
     }
     if (iv) {
-        memcpy(ctx->iv, iv, 8);
-        wctx->iv = ctx->iv;
+        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, EVP_CIPHER_CTX_iv_length(ctx));
+        wctx->iv = EVP_CIPHER_CTX_iv_noconst(ctx);
     }
     return 1;
 }
@@ -1963,28 +3740,59 @@ static int aes_wrap_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 static int aes_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                            const unsigned char *in, size_t inlen)
 {
-    EVP_AES_WRAP_CTX *wctx = ctx->cipher_data;
+    EVP_AES_WRAP_CTX *wctx = EVP_C_DATA(EVP_AES_WRAP_CTX,ctx);
     size_t rv;
+    /* AES wrap with padding has IV length of 4, without padding 8 */
+    int pad = EVP_CIPHER_CTX_iv_length(ctx) == 4;
+    /* No final operation so always return zero length */
     if (!in)
         return 0;
-    if (inlen % 8)
+    /* Input length must always be non-zero */
+    if (!inlen)
         return -1;
-    if (ctx->encrypt && inlen < 8)
+    /* If decrypting need at least 16 bytes and multiple of 8 */
+    if (!EVP_CIPHER_CTX_encrypting(ctx) && (inlen < 16 || inlen & 0x7))
         return -1;
-    if (!ctx->encrypt && inlen < 16)
+    /* If not padding input must be multiple of 8 */
+    if (!pad && inlen & 0x7)
         return -1;
+    if (is_partially_overlapping(out, in, inlen)) {
+        EVPerr(EVP_F_AES_WRAP_CIPHER, EVP_R_PARTIALLY_OVERLAPPING);
+        return 0;
+    }
     if (!out) {
-        if (ctx->encrypt)
+        if (EVP_CIPHER_CTX_encrypting(ctx)) {
+            /* If padding round up to multiple of 8 */
+            if (pad)
+                inlen = (inlen + 7) / 8 * 8;
+            /* 8 byte prefix */
             return inlen + 8;
-        else
+        } else {
+            /*
+             * If not padding output will be exactly 8 bytes smaller than
+             * input. If padding it will be at least 8 bytes smaller but we
+             * don't know how much.
+             */
             return inlen - 8;
+        }
+    }
+    if (pad) {
+        if (EVP_CIPHER_CTX_encrypting(ctx))
+            rv = CRYPTO_128_wrap_pad(&wctx->ks.ks, wctx->iv,
+                                     out, in, inlen,
+                                     (block128_f) AES_encrypt);
+        else
+            rv = CRYPTO_128_unwrap_pad(&wctx->ks.ks, wctx->iv,
+                                       out, in, inlen,
+                                       (block128_f) AES_decrypt);
+    } else {
+        if (EVP_CIPHER_CTX_encrypting(ctx))
+            rv = CRYPTO_128_wrap(&wctx->ks.ks, wctx->iv,
+                                 out, in, inlen, (block128_f) AES_encrypt);
+        else
+            rv = CRYPTO_128_unwrap(&wctx->ks.ks, wctx->iv,
+                                   out, in, inlen, (block128_f) AES_decrypt);
     }
-    if (ctx->encrypt)
-        rv = CRYPTO_128_wrap(&wctx->ks.ks, wctx->iv, out, in, inlen,
-                             (block128_f) AES_encrypt);
-    else
-        rv = CRYPTO_128_unwrap(&wctx->ks.ks, wctx->iv, out, in, inlen,
-                               (block128_f) AES_decrypt);
     return rv ? (int)rv : -1;
 }
 
@@ -2033,3 +3841,372 @@ const EVP_CIPHER *EVP_aes_256_wrap(void)
 {
     return &aes_256_wrap;
 }
+
+static const EVP_CIPHER aes_128_wrap_pad = {
+    NID_id_aes128_wrap_pad,
+    8, 16, 4, WRAP_FLAGS,
+    aes_wrap_init_key, aes_wrap_cipher,
+    NULL,
+    sizeof(EVP_AES_WRAP_CTX),
+    NULL, NULL, NULL, NULL
+};
+
+const EVP_CIPHER *EVP_aes_128_wrap_pad(void)
+{
+    return &aes_128_wrap_pad;
+}
+
+static const EVP_CIPHER aes_192_wrap_pad = {
+    NID_id_aes192_wrap_pad,
+    8, 24, 4, WRAP_FLAGS,
+    aes_wrap_init_key, aes_wrap_cipher,
+    NULL,
+    sizeof(EVP_AES_WRAP_CTX),
+    NULL, NULL, NULL, NULL
+};
+
+const EVP_CIPHER *EVP_aes_192_wrap_pad(void)
+{
+    return &aes_192_wrap_pad;
+}
+
+static const EVP_CIPHER aes_256_wrap_pad = {
+    NID_id_aes256_wrap_pad,
+    8, 32, 4, WRAP_FLAGS,
+    aes_wrap_init_key, aes_wrap_cipher,
+    NULL,
+    sizeof(EVP_AES_WRAP_CTX),
+    NULL, NULL, NULL, NULL
+};
+
+const EVP_CIPHER *EVP_aes_256_wrap_pad(void)
+{
+    return &aes_256_wrap_pad;
+}
+
+#ifndef OPENSSL_NO_OCB
+static int aes_ocb_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+{
+    EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,c);
+    EVP_CIPHER_CTX *newc;
+    EVP_AES_OCB_CTX *new_octx;
+
+    switch (type) {
+    case EVP_CTRL_INIT:
+        octx->key_set = 0;
+        octx->iv_set = 0;
+        octx->ivlen = EVP_CIPHER_CTX_iv_length(c);
+        octx->iv = EVP_CIPHER_CTX_iv_noconst(c);
+        octx->taglen = 16;
+        octx->data_buf_len = 0;
+        octx->aad_buf_len = 0;
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_IVLEN:
+        /* IV len must be 1 to 15 */
+        if (arg <= 0 || arg > 15)
+            return 0;
+
+        octx->ivlen = arg;
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_TAG:
+        if (!ptr) {
+            /* Tag len must be 0 to 16 */
+            if (arg < 0 || arg > 16)
+                return 0;
+
+            octx->taglen = arg;
+            return 1;
+        }
+        if (arg != octx->taglen || EVP_CIPHER_CTX_encrypting(c))
+            return 0;
+        memcpy(octx->tag, ptr, arg);
+        return 1;
+
+    case EVP_CTRL_AEAD_GET_TAG:
+        if (arg != octx->taglen || !EVP_CIPHER_CTX_encrypting(c))
+            return 0;
+
+        memcpy(ptr, octx->tag, arg);
+        return 1;
+
+    case EVP_CTRL_COPY:
+        newc = (EVP_CIPHER_CTX *)ptr;
+        new_octx = EVP_C_DATA(EVP_AES_OCB_CTX,newc);
+        return CRYPTO_ocb128_copy_ctx(&new_octx->ocb, &octx->ocb,
+                                      &new_octx->ksenc.ks,
+                                      &new_octx->ksdec.ks);
+
+    default:
+        return -1;
+
+    }
+}
+
+# ifdef HWAES_CAPABLE
+#  ifdef HWAES_ocb_encrypt
+void HWAES_ocb_encrypt(const unsigned char *in, unsigned char *out,
+                       size_t blocks, const void *key,
+                       size_t start_block_num,
+                       unsigned char offset_i[16],
+                       const unsigned char L_[][16],
+                       unsigned char checksum[16]);
+#  else
+#    define HWAES_ocb_encrypt ((ocb128_f)NULL)
+#  endif
+#  ifdef HWAES_ocb_decrypt
+void HWAES_ocb_decrypt(const unsigned char *in, unsigned char *out,
+                       size_t blocks, const void *key,
+                       size_t start_block_num,
+                       unsigned char offset_i[16],
+                       const unsigned char L_[][16],
+                       unsigned char checksum[16]);
+#  else
+#    define HWAES_ocb_decrypt ((ocb128_f)NULL)
+#  endif
+# endif
+
+static int aes_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                            const unsigned char *iv, int enc)
+{
+    EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,ctx);
+    if (!iv && !key)
+        return 1;
+    if (key) {
+        do {
+            /*
+             * We set both the encrypt and decrypt key here because decrypt
+             * needs both. We could possibly optimise to remove setting the
+             * decrypt for an encryption operation.
+             */
+# ifdef HWAES_CAPABLE
+            if (HWAES_CAPABLE) {
+                HWAES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                      &octx->ksenc.ks);
+                HWAES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                      &octx->ksdec.ks);
+                if (!CRYPTO_ocb128_init(&octx->ocb,
+                                        &octx->ksenc.ks, &octx->ksdec.ks,
+                                        (block128_f) HWAES_encrypt,
+                                        (block128_f) HWAES_decrypt,
+                                        enc ? HWAES_ocb_encrypt
+                                            : HWAES_ocb_decrypt))
+                    return 0;
+                break;
+            }
+# endif
+# ifdef VPAES_CAPABLE
+            if (VPAES_CAPABLE) {
+                vpaes_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                      &octx->ksenc.ks);
+                vpaes_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                      &octx->ksdec.ks);
+                if (!CRYPTO_ocb128_init(&octx->ocb,
+                                        &octx->ksenc.ks, &octx->ksdec.ks,
+                                        (block128_f) vpaes_encrypt,
+                                        (block128_f) vpaes_decrypt,
+                                        NULL))
+                    return 0;
+                break;
+            }
+# endif
+            AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                &octx->ksenc.ks);
+            AES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                &octx->ksdec.ks);
+            if (!CRYPTO_ocb128_init(&octx->ocb,
+                                    &octx->ksenc.ks, &octx->ksdec.ks,
+                                    (block128_f) AES_encrypt,
+                                    (block128_f) AES_decrypt,
+                                    NULL))
+                return 0;
+        }
+        while (0);
+
+        /*
+         * If we have an iv we can set it directly, otherwise use saved IV.
+         */
+        if (iv == NULL && octx->iv_set)
+            iv = octx->iv;
+        if (iv) {
+            if (CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen)
+                != 1)
+                return 0;
+            octx->iv_set = 1;
+        }
+        octx->key_set = 1;
+    } else {
+        /* If key set use IV, otherwise copy */
+        if (octx->key_set)
+            CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen);
+        else
+            memcpy(octx->iv, iv, octx->ivlen);
+        octx->iv_set = 1;
+    }
+    return 1;
+}
+
+static int aes_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, size_t len)
+{
+    unsigned char *buf;
+    int *buf_len;
+    int written_len = 0;
+    size_t trailing_len;
+    EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,ctx);
+
+    /* If IV or Key not set then return error */
+    if (!octx->iv_set)
+        return -1;
+
+    if (!octx->key_set)
+        return -1;
+
+    if (in != NULL) {
+        /*
+         * Need to ensure we are only passing full blocks to low level OCB
+         * routines. We do it here rather than in EVP_EncryptUpdate/
+         * EVP_DecryptUpdate because we need to pass full blocks of AAD too
+         * and those routines don't support that
+         */
+
+        /* Are we dealing with AAD or normal data here? */
+        if (out == NULL) {
+            buf = octx->aad_buf;
+            buf_len = &(octx->aad_buf_len);
+        } else {
+            buf = octx->data_buf;
+            buf_len = &(octx->data_buf_len);
+
+            if (is_partially_overlapping(out + *buf_len, in, len)) {
+                EVPerr(EVP_F_AES_OCB_CIPHER, EVP_R_PARTIALLY_OVERLAPPING);
+                return 0;
+            }
+        }
+
+        /*
+         * If we've got a partially filled buffer from a previous call then
+         * use that data first
+         */
+        if (*buf_len > 0) {
+            unsigned int remaining;
+
+            remaining = AES_BLOCK_SIZE - (*buf_len);
+            if (remaining > len) {
+                memcpy(buf + (*buf_len), in, len);
+                *(buf_len) += len;
+                return 0;
+            }
+            memcpy(buf + (*buf_len), in, remaining);
+
+            /*
+             * If we get here we've filled the buffer, so process it
+             */
+            len -= remaining;
+            in += remaining;
+            if (out == NULL) {
+                if (!CRYPTO_ocb128_aad(&octx->ocb, buf, AES_BLOCK_SIZE))
+                    return -1;
+            } else if (EVP_CIPHER_CTX_encrypting(ctx)) {
+                if (!CRYPTO_ocb128_encrypt(&octx->ocb, buf, out,
+                                           AES_BLOCK_SIZE))
+                    return -1;
+            } else {
+                if (!CRYPTO_ocb128_decrypt(&octx->ocb, buf, out,
+                                           AES_BLOCK_SIZE))
+                    return -1;
+            }
+            written_len = AES_BLOCK_SIZE;
+            *buf_len = 0;
+            if (out != NULL)
+                out += AES_BLOCK_SIZE;
+        }
+
+        /* Do we have a partial block to handle at the end? */
+        trailing_len = len % AES_BLOCK_SIZE;
+
+        /*
+         * If we've got some full blocks to handle, then process these first
+         */
+        if (len != trailing_len) {
+            if (out == NULL) {
+                if (!CRYPTO_ocb128_aad(&octx->ocb, in, len - trailing_len))
+                    return -1;
+            } else if (EVP_CIPHER_CTX_encrypting(ctx)) {
+                if (!CRYPTO_ocb128_encrypt
+                    (&octx->ocb, in, out, len - trailing_len))
+                    return -1;
+            } else {
+                if (!CRYPTO_ocb128_decrypt
+                    (&octx->ocb, in, out, len - trailing_len))
+                    return -1;
+            }
+            written_len += len - trailing_len;
+            in += len - trailing_len;
+        }
+
+        /* Handle any trailing partial block */
+        if (trailing_len > 0) {
+            memcpy(buf, in, trailing_len);
+            *buf_len = trailing_len;
+        }
+
+        return written_len;
+    } else {
+        /*
+         * First of all empty the buffer of any partial block that we might
+         * have been provided - both for data and AAD
+         */
+        if (octx->data_buf_len > 0) {
+            if (EVP_CIPHER_CTX_encrypting(ctx)) {
+                if (!CRYPTO_ocb128_encrypt(&octx->ocb, octx->data_buf, out,
+                                           octx->data_buf_len))
+                    return -1;
+            } else {
+                if (!CRYPTO_ocb128_decrypt(&octx->ocb, octx->data_buf, out,
+                                           octx->data_buf_len))
+                    return -1;
+            }
+            written_len = octx->data_buf_len;
+            octx->data_buf_len = 0;
+        }
+        if (octx->aad_buf_len > 0) {
+            if (!CRYPTO_ocb128_aad
+                (&octx->ocb, octx->aad_buf, octx->aad_buf_len))
+                return -1;
+            octx->aad_buf_len = 0;
+        }
+        /* If decrypting then verify */
+        if (!EVP_CIPHER_CTX_encrypting(ctx)) {
+            if (octx->taglen < 0)
+                return -1;
+            if (CRYPTO_ocb128_finish(&octx->ocb,
+                                     octx->tag, octx->taglen) != 0)
+                return -1;
+            octx->iv_set = 0;
+            return written_len;
+        }
+        /* If encrypting then just get the tag */
+        if (CRYPTO_ocb128_tag(&octx->ocb, octx->tag, 16) != 1)
+            return -1;
+        /* Don't reuse the IV */
+        octx->iv_set = 0;
+        return written_len;
+    }
+}
+
+static int aes_ocb_cleanup(EVP_CIPHER_CTX *c)
+{
+    EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,c);
+    CRYPTO_ocb128_cleanup(&octx->ocb);
+    return 1;
+}
+
+BLOCK_CIPHER_custom(NID_aes, 128, 16, 12, ocb, OCB,
+                    EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+BLOCK_CIPHER_custom(NID_aes, 192, 16, 12, ocb, OCB,
+                    EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+BLOCK_CIPHER_custom(NID_aes, 256, 16, 12, ocb, OCB,
+                    EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+#endif                         /* OPENSSL_NO_OCB */
diff --git a/freebsd/crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c b/freebsd/crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c
index 90be1fb0..c1ba3873 100644
--- a/freebsd/crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/freebsd/crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -1,52 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* ====================================================================
- * Copyright (c) 2011-2013 The OpenSSL Project.  All rights reserved.
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/opensslconf.h>
@@ -54,31 +14,14 @@
 #include <stdio.h>
 #include <string.h>
 
-#if !defined(OPENSSL_NO_AES) && !defined(OPENSSL_NO_SHA1)
-
-# include <openssl/evp.h>
-# include <openssl/objects.h>
-# include <openssl/aes.h>
-# include <openssl/sha.h>
-# include <openssl/rand.h>
-# include "modes_lcl.h"
-# include "constant_time_locl.h"
-
-# ifndef EVP_CIPH_FLAG_AEAD_CIPHER
-#  define EVP_CIPH_FLAG_AEAD_CIPHER       0x200000
-#  define EVP_CTRL_AEAD_TLS1_AAD          0x16
-#  define EVP_CTRL_AEAD_SET_MAC_KEY       0x17
-# endif
-
-# if !defined(EVP_CIPH_FLAG_DEFAULT_ASN1)
-#  define EVP_CIPH_FLAG_DEFAULT_ASN1 0
-# endif
-
-# if !defined(EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)
-#  define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0
-# endif
-
-# define TLS1_1_VERSION 0x0302
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/aes.h>
+#include <openssl/sha.h>
+#include <openssl/rand.h>
+#include "modes_lcl.h"
+#include "internal/evp_int.h"
+#include "internal/constant_time_locl.h"
 
 typedef struct {
     AES_KEY ks;
@@ -90,15 +33,14 @@ typedef struct {
     } aux;
 } EVP_AES_HMAC_SHA1;
 
-# define NO_PAYLOAD_LENGTH       ((size_t)-1)
+#define NO_PAYLOAD_LENGTH       ((size_t)-1)
 
-# if     defined(AES_ASM) &&     ( \
+#if     defined(AES_ASM) &&     ( \
         defined(__x86_64)       || defined(__x86_64__)  || \
-        defined(_M_AMD64)       || defined(_M_X64)      || \
-        defined(__INTEL__)      )
+        defined(_M_AMD64)       || defined(_M_X64)      )
 
 extern unsigned int OPENSSL_ia32cap_P[];
-#  define AESNI_CAPABLE   (1<<(57-32))
+# define AESNI_CAPABLE   (1<<(57-32))
 
 int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
                           AES_KEY *key);
@@ -118,7 +60,7 @@ void aesni256_cbc_sha1_dec(const void *inp, void *out, size_t blocks,
                            const AES_KEY *key, unsigned char iv[16],
                            SHA_CTX *ctx, const void *in0);
 
-#  define data(ctx) ((EVP_AES_HMAC_SHA1 *)(ctx)->cipher_data)
+# define data(ctx) ((EVP_AES_HMAC_SHA1 *)EVP_CIPHER_CTX_get_cipher_data(ctx))
 
 static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
                                         const unsigned char *inkey,
@@ -128,9 +70,13 @@ static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
     int ret;
 
     if (enc)
-        ret = aesni_set_encrypt_key(inkey, ctx->key_len * 8, &key->ks);
+        ret = aesni_set_encrypt_key(inkey,
+                                    EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                    &key->ks);
     else
-        ret = aesni_set_decrypt_key(inkey, ctx->key_len * 8, &key->ks);
+        ret = aesni_set_decrypt_key(inkey,
+                                    EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                    &key->ks);
 
     SHA1_Init(&key->head);      /* handy when benchmarking */
     key->tail = key->head;
@@ -141,12 +87,12 @@ static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
     return ret < 0 ? 0 : 1;
 }
 
-#  define STITCHED_CALL
-#  undef  STITCHED_DECRYPT_CALL
+# define STITCHED_CALL
+# undef  STITCHED_DECRYPT_CALL
 
-#  if !defined(STITCHED_CALL)
-#   define aes_off 0
-#  endif
+# if !defined(STITCHED_CALL)
+#  define aes_off 0
+# endif
 
 void sha1_block_data_order(void *c, const void *p, size_t len);
 
@@ -181,12 +127,12 @@ static void sha1_update(SHA_CTX *c, const void *data, size_t len)
         SHA1_Update(c, ptr, res);
 }
 
-#  ifdef SHA1_Update
-#   undef SHA1_Update
-#  endif
-#  define SHA1_Update sha1_update
+# ifdef SHA1_Update
+#  undef SHA1_Update
+# endif
+# define SHA1_Update sha1_update
 
-#  if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
+# if !defined(OPENSSL_NO_MULTIBLOCK)
 
 typedef struct {
     unsigned int A[8], B[8], C[8], D[8], E[8];
@@ -225,9 +171,9 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key,
         0;
     size_t ret = 0;
     u8 *IVs;
-#   if defined(BSWAP8)
+#  if defined(BSWAP8)
     u64 seqnum;
-#   endif
+#  endif
 
     /* ask for IVs in bulk */
     if (RAND_bytes((IVs = blocks[0].c), 16 * x4) <= 0)
@@ -261,15 +207,15 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key,
         IVs += 16;
     }
 
-#   if defined(BSWAP8)
+#  if defined(BSWAP8)
     memcpy(blocks[0].c, key->md.data, 8);
     seqnum = BSWAP8(blocks[0].q[0]);
-#   endif
+#  endif
     for (i = 0; i < x4; i++) {
         unsigned int len = (i == (x4 - 1) ? last : frag);
-#   if !defined(BSWAP8)
+#  if !defined(BSWAP8)
         unsigned int carry, j;
-#   endif
+#  endif
 
         ctx->A[i] = key->md.h0;
         ctx->B[i] = key->md.h1;
@@ -278,14 +224,14 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key,
         ctx->E[i] = key->md.h4;
 
         /* fix seqnum */
-#   if defined(BSWAP8)
+#  if defined(BSWAP8)
         blocks[i].q[0] = BSWAP8(seqnum + i);
-#   else
+#  else
         for (carry = i, j = 8; j--;) {
             blocks[i].c[j] = ((u8 *)key->md.data)[j] + carry;
             carry = (blocks[i].c[j] - carry) >> (sizeof(carry) * 8 - 1);
         }
-#   endif
+#  endif
         blocks[i].c[8] = ((u8 *)key->md.data)[8];
         blocks[i].c[9] = ((u8 *)key->md.data)[9];
         blocks[i].c[10] = ((u8 *)key->md.data)[10];
@@ -304,10 +250,10 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key,
     /* hash 13-byte headers and first 64-13 bytes of inputs */
     sha1_multi_block(ctx, edges, n4x);
     /* hash bulk inputs */
-#   define MAXCHUNKSIZE    2048
-#   if     MAXCHUNKSIZE%64
-#    error  "MAXCHUNKSIZE is not divisible by 64"
-#   elif   MAXCHUNKSIZE
+#  define MAXCHUNKSIZE    2048
+#  if     MAXCHUNKSIZE%64
+#   error  "MAXCHUNKSIZE is not divisible by 64"
+#  elif   MAXCHUNKSIZE
     /*
      * goal is to minimize pressure on L1 cache by moving in shorter steps,
      * so that hashed data is still in the cache by the time we encrypt it
@@ -336,8 +282,8 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key,
             minblocks -= MAXCHUNKSIZE / 64;
         } while (minblocks > MAXCHUNKSIZE / 64);
     }
-#   endif
-#   undef  MAXCHUNKSIZE
+#  endif
+#  undef  MAXCHUNKSIZE
     sha1_multi_block(ctx, hash_d, n4x);
 
     memset(blocks, 0, sizeof(blocks));
@@ -352,18 +298,18 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key,
         len += 64 + 13;         /* 64 is HMAC header */
         len *= 8;               /* convert to bits */
         if (off < (64 - 8)) {
-#   ifdef BSWAP4
+#  ifdef BSWAP4
             blocks[i].d[15] = BSWAP4(len);
-#   else
+#  else
             PUTU32(blocks[i].c + 60, len);
-#   endif
+#  endif
             edges[i].blocks = 1;
         } else {
-#   ifdef BSWAP4
+#  ifdef BSWAP4
             blocks[i].d[31] = BSWAP4(len);
-#   else
+#  else
             PUTU32(blocks[i].c + 124, len);
-#   endif
+#  endif
             edges[i].blocks = 2;
         }
         edges[i].ptr = blocks[i].c;
@@ -374,7 +320,7 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key,
 
     memset(blocks, 0, sizeof(blocks));
     for (i = 0; i < x4; i++) {
-#   ifdef BSWAP4
+#  ifdef BSWAP4
         blocks[i].d[0] = BSWAP4(ctx->A[i]);
         ctx->A[i] = key->tail.h0;
         blocks[i].d[1] = BSWAP4(ctx->B[i]);
@@ -387,7 +333,7 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key,
         ctx->E[i] = key->tail.h4;
         blocks[i].c[20] = 0x80;
         blocks[i].d[15] = BSWAP4((64 + 20) * 8);
-#   else
+#  else
         PUTU32(blocks[i].c + 0, ctx->A[i]);
         ctx->A[i] = key->tail.h0;
         PUTU32(blocks[i].c + 4, ctx->B[i]);
@@ -400,7 +346,7 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key,
         ctx->E[i] = key->tail.h4;
         blocks[i].c[20] = 0x80;
         PUTU32(blocks[i].c + 60, (64 + 20) * 8);
-#   endif
+#  endif
         edges[i].ptr = blocks[i].c;
         edges[i].blocks = 1;
     }
@@ -453,7 +399,7 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key,
 
     return ret;
 }
-#  endif
+# endif
 
 static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                       const unsigned char *in, size_t len)
@@ -463,18 +409,18 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     size_t plen = key->payload_length, iv = 0, /* explicit IV in TLS 1.1 and
                                                 * later */
         sha_off = 0;
-#  if defined(STITCHED_CALL)
+# if defined(STITCHED_CALL)
     size_t aes_off = 0, blocks;
 
     sha_off = SHA_CBLOCK - key->md.num;
-#  endif
+# endif
 
     key->payload_length = NO_PAYLOAD_LENGTH;
 
     if (len % AES_BLOCK_SIZE)
         return 0;
 
-    if (ctx->encrypt) {
+    if (EVP_CIPHER_CTX_encrypting(ctx)) {
         if (plen == NO_PAYLOAD_LENGTH)
             plen = len;
         else if (len !=
@@ -484,13 +430,14 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
         else if (key->aux.tls_ver >= TLS1_1_VERSION)
             iv = AES_BLOCK_SIZE;
 
-#  if defined(STITCHED_CALL)
+# if defined(STITCHED_CALL)
         if (plen > (sha_off + iv)
             && (blocks = (plen - (sha_off + iv)) / SHA_CBLOCK)) {
             SHA1_Update(&key->md, in + iv, sha_off);
 
             aesni_cbc_sha1_enc(in, out, blocks, &key->ks,
-                               ctx->iv, &key->md, in + iv + sha_off);
+                               EVP_CIPHER_CTX_iv_noconst(ctx),
+                               &key->md, in + iv + sha_off);
             blocks *= SHA_CBLOCK;
             aes_off += blocks;
             sha_off += blocks;
@@ -501,7 +448,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
         } else {
             sha_off = 0;
         }
-#  endif
+# endif
         sha_off += iv;
         SHA1_Update(&key->md, in + sha_off, plen - sha_off);
 
@@ -521,10 +468,10 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                 out[plen] = l;
             /* encrypt HMAC|padding at once */
             aesni_cbc_encrypt(out + aes_off, out + aes_off, len - aes_off,
-                              &key->ks, ctx->iv, 1);
+                              &key->ks, EVP_CIPHER_CTX_iv_noconst(ctx), 1);
         } else {
             aesni_cbc_encrypt(in + aes_off, out + aes_off, len - aes_off,
-                              &key->ks, ctx->iv, 1);
+                              &key->ks, EVP_CIPHER_CTX_iv_noconst(ctx), 1);
         }
     } else {
         union {
@@ -543,10 +490,10 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                 unsigned int u[SHA_LBLOCK];
                 unsigned char c[SHA_CBLOCK];
             } *data = (void *)key->md.data;
-#  if defined(STITCHED_DECRYPT_CALL)
+# if defined(STITCHED_DECRYPT_CALL)
             unsigned char tail_iv[AES_BLOCK_SIZE];
             int stitch = 0;
-#  endif
+# endif
 
             if ((key->aux.tls_aad[plen - 4] << 8 | key->aux.tls_aad[plen - 3])
                 >= TLS1_1_VERSION) {
@@ -554,14 +501,15 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                     return 0;
 
                 /* omit explicit iv */
-                memcpy(ctx->iv, in, AES_BLOCK_SIZE);
+                memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), in, AES_BLOCK_SIZE);
+
                 in += AES_BLOCK_SIZE;
                 out += AES_BLOCK_SIZE;
                 len -= AES_BLOCK_SIZE;
             } else if (len < (SHA_DIGEST_LENGTH + 1))
                 return 0;
 
-#  if defined(STITCHED_DECRYPT_CALL)
+# if defined(STITCHED_DECRYPT_CALL)
             if (len >= 1024 && ctx->key_len == 32) {
                 /* decrypt last block */
                 memcpy(tail_iv, in + len - 2 * AES_BLOCK_SIZE,
@@ -571,9 +519,10 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                   &key->ks, tail_iv, 0);
                 stitch = 1;
             } else
-#  endif
+# endif
                 /* decrypt HMAC|padding at once */
-                aesni_cbc_encrypt(in, out, len, &key->ks, ctx->iv, 0);
+                aesni_cbc_encrypt(in, out, len, &key->ks,
+                                  EVP_CIPHER_CTX_iv_noconst(ctx), 0);
 
             /* figure out payload length */
             pad = out[len - 1];
@@ -600,7 +549,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
             key->md = key->head;
             SHA1_Update(&key->md, key->aux.tls_aad, plen);
 
-#  if defined(STITCHED_DECRYPT_CALL)
+# if defined(STITCHED_DECRYPT_CALL)
             if (stitch) {
                 blocks = (len - (256 + 32 + SHA_CBLOCK)) / SHA_CBLOCK;
                 aes_off = len - AES_BLOCK_SIZE - blocks * SHA_CBLOCK;
@@ -621,9 +570,9 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                 key->md.Nl += (blocks << 3); /* at most 18 bits */
                 memcpy(ctx->iv, tail_iv, AES_BLOCK_SIZE);
             }
-#  endif
+# endif
 
-#  if 1
+# if 1      /* see original reference version in #else */
             len -= SHA_DIGEST_LENGTH; /* amend mac */
             if (len >= (256 + SHA_CBLOCK)) {
                 j = (len - (256 + SHA_CBLOCK)) & (0 - SHA_CBLOCK);
@@ -636,15 +585,15 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 
             /* but pretend as if we hashed padded payload */
             bitlen = key->md.Nl + (inp_len << 3); /* at most 18 bits */
-#   ifdef BSWAP4
+#  ifdef BSWAP4
             bitlen = BSWAP4(bitlen);
-#   else
+#  else
             mac.c[0] = 0;
             mac.c[1] = (unsigned char)(bitlen >> 16);
             mac.c[2] = (unsigned char)(bitlen >> 8);
             mac.c[3] = (unsigned char)bitlen;
             bitlen = mac.u[0];
-#   endif
+#  endif
 
             pmac->u[0] = 0;
             pmac->u[1] = 0;
@@ -701,13 +650,13 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
             pmac->u[3] |= key->md.h3 & mask;
             pmac->u[4] |= key->md.h4 & mask;
 
-#   ifdef BSWAP4
+#  ifdef BSWAP4
             pmac->u[0] = BSWAP4(pmac->u[0]);
             pmac->u[1] = BSWAP4(pmac->u[1]);
             pmac->u[2] = BSWAP4(pmac->u[2]);
             pmac->u[3] = BSWAP4(pmac->u[3]);
             pmac->u[4] = BSWAP4(pmac->u[4]);
-#   else
+#  else
             for (i = 0; i < 5; i++) {
                 res = pmac->u[i];
                 pmac->c[4 * i + 0] = (unsigned char)(res >> 24);
@@ -715,9 +664,9 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                 pmac->c[4 * i + 2] = (unsigned char)(res >> 8);
                 pmac->c[4 * i + 3] = (unsigned char)res;
             }
-#   endif
+#  endif
             len += SHA_DIGEST_LENGTH;
-#  else
+# else      /* pre-lucky-13 reference version of above */
             SHA1_Update(&key->md, out, inp_len);
             res = key->md.num;
             SHA1_Final(pmac->c, &key->md);
@@ -736,7 +685,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                 for (; inp_blocks < pad_blocks; inp_blocks++)
                     sha1_block_data_order(&key->md, data, 1);
             }
-#  endif
+# endif
             key->md = key->tail;
             SHA1_Update(&key->md, pmac->c, SHA_DIGEST_LENGTH);
             SHA1_Final(pmac->c, &key->md);
@@ -744,7 +693,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
             /* verify HMAC */
             out += inp_len;
             len -= inp_len;
-#  if 1
+# if 1      /* see original reference version in #else */
             {
                 unsigned char *p = out + len - 1 - maxpad - SHA_DIGEST_LENGTH;
                 size_t off = out - p;
@@ -766,7 +715,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                 res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1));
                 ret &= (int)~res;
             }
-#  else
+# else      /* pre-lucky-13 reference version of above */
             for (res = 0, i = 0; i < SHA_DIGEST_LENGTH; i++)
                 res |= out[i] ^ pmac->c[i];
             res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1));
@@ -780,10 +729,10 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 
             res = (0 - res) >> (sizeof(res) * 8 - 1);
             ret &= (int)~res;
-#  endif
+# endif
             return ret;
         } else {
-#  if defined(STITCHED_DECRYPT_CALL)
+# if defined(STITCHED_DECRYPT_CALL)
             if (len >= 1024 && ctx->key_len == 32) {
                 if (sha_off %= SHA_CBLOCK)
                     blocks = (len - 3 * SHA_CBLOCK) / SHA_CBLOCK;
@@ -806,9 +755,10 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                 if (key->md.Nl < (unsigned int)blocks)
                     key->md.Nh++;
             } else
-#  endif
+# endif
                 /* decrypt HMAC|padding at once */
-                aesni_cbc_encrypt(in, out, len, &key->ks, ctx->iv, 0);
+                aesni_cbc_encrypt(in, out, len, &key->ks,
+                                  EVP_CIPHER_CTX_iv_noconst(ctx), 0);
 
             SHA1_Update(&key->md, out, len);
         }
@@ -859,10 +809,10 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
 
             if (arg != EVP_AEAD_TLS1_AAD_LEN)
                 return -1;
- 
+
             len = p[arg - 2] << 8 | p[arg - 1];
 
-            if (ctx->encrypt) {
+            if (EVP_CIPHER_CTX_encrypting(ctx)) {
                 key->payload_length = len;
                 if ((key->aux.tls_ver =
                      p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) {
@@ -885,7 +835,7 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
                 return SHA_DIGEST_LENGTH;
             }
         }
-#  if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
+# if !defined(OPENSSL_NO_MULTIBLOCK)
     case EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE:
         return (int)(5 + 16 + ((arg + 20 + 16) & -16));
     case EVP_CTRL_TLS1_1_MULTIBLOCK_AAD:
@@ -900,7 +850,7 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
 
             inp_len = param->inp[11] << 8 | param->inp[12];
 
-            if (ctx->encrypt) {
+            if (EVP_CIPHER_CTX_encrypting(ctx)) {
                 if ((param->inp[9] << 8 | param->inp[10]) < TLS1_1_VERSION)
                     return -1;
 
@@ -948,19 +898,19 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
                                                    param->interleave / 4);
         }
     case EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT:
-#  endif
+# endif
     default:
         return -1;
     }
 }
 
 static EVP_CIPHER aesni_128_cbc_hmac_sha1_cipher = {
-#  ifdef NID_aes_128_cbc_hmac_sha1
+# ifdef NID_aes_128_cbc_hmac_sha1
     NID_aes_128_cbc_hmac_sha1,
-#  else
+# else
     NID_undef,
-#  endif
-    16, 16, 16,
+# endif
+    AES_BLOCK_SIZE, 16, AES_BLOCK_SIZE,
     EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 |
         EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK,
     aesni_cbc_hmac_sha1_init_key,
@@ -974,12 +924,12 @@ static EVP_CIPHER aesni_128_cbc_hmac_sha1_cipher = {
 };
 
 static EVP_CIPHER aesni_256_cbc_hmac_sha1_cipher = {
-#  ifdef NID_aes_256_cbc_hmac_sha1
+# ifdef NID_aes_256_cbc_hmac_sha1
     NID_aes_256_cbc_hmac_sha1,
-#  else
+# else
     NID_undef,
-#  endif
-    16, 32, 16,
+# endif
+    AES_BLOCK_SIZE, 32, AES_BLOCK_SIZE,
     EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 |
         EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK,
     aesni_cbc_hmac_sha1_init_key,
@@ -1003,7 +953,7 @@ const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void)
     return (OPENSSL_ia32cap_P[1] & AESNI_CAPABLE ?
             &aesni_256_cbc_hmac_sha1_cipher : NULL);
 }
-# else
+#else
 const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void)
 {
     return NULL;
@@ -1013,5 +963,4 @@ const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void)
 {
     return NULL;
 }
-# endif
 #endif
diff --git a/freebsd/crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha256.c b/freebsd/crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha256.c
index 49e41a4c..807a693b 100644
--- a/freebsd/crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha256.c
+++ b/freebsd/crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha256.c
@@ -1,52 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* ====================================================================
- * Copyright (c) 2011-2013 The OpenSSL Project.  All rights reserved.
+/*
+ * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/opensslconf.h>
@@ -54,31 +14,15 @@
 #include <stdio.h>
 #include <string.h>
 
-#if !defined(OPENSSL_NO_AES) && !defined(OPENSSL_NO_SHA256)
-
-# include <openssl/evp.h>
-# include <openssl/objects.h>
-# include <openssl/aes.h>
-# include <openssl/sha.h>
-# include <openssl/rand.h>
-# include "modes_lcl.h"
-# include "constant_time_locl.h"
 
-# ifndef EVP_CIPH_FLAG_AEAD_CIPHER
-#  define EVP_CIPH_FLAG_AEAD_CIPHER       0x200000
-#  define EVP_CTRL_AEAD_TLS1_AAD          0x16
-#  define EVP_CTRL_AEAD_SET_MAC_KEY       0x17
-# endif
-
-# if !defined(EVP_CIPH_FLAG_DEFAULT_ASN1)
-#  define EVP_CIPH_FLAG_DEFAULT_ASN1 0
-# endif
-
-# if !defined(EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)
-#  define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0
-# endif
-
-# define TLS1_1_VERSION 0x0302
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/aes.h>
+#include <openssl/sha.h>
+#include <openssl/rand.h>
+#include "modes_lcl.h"
+#include "internal/constant_time_locl.h"
+#include "internal/evp_int.h"
 
 typedef struct {
     AES_KEY ks;
@@ -92,13 +36,12 @@ typedef struct {
 
 # define NO_PAYLOAD_LENGTH       ((size_t)-1)
 
-# if     defined(AES_ASM) &&     ( \
+#if     defined(AES_ASM) &&     ( \
         defined(__x86_64)       || defined(__x86_64__)  || \
-        defined(_M_AMD64)       || defined(_M_X64)      || \
-        defined(__INTEL__)      )
+        defined(_M_AMD64)       || defined(_M_X64)      )
 
 extern unsigned int OPENSSL_ia32cap_P[];
-#  define AESNI_CAPABLE   (1<<(57-32))
+# define AESNI_CAPABLE   (1<<(57-32))
 
 int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
                           AES_KEY *key);
@@ -114,7 +57,7 @@ int aesni_cbc_sha256_enc(const void *inp, void *out, size_t blocks,
                          const AES_KEY *key, unsigned char iv[16],
                          SHA256_CTX *ctx, const void *in0);
 
-#  define data(ctx) ((EVP_AES_HMAC_SHA256 *)(ctx)->cipher_data)
+# define data(ctx) ((EVP_AES_HMAC_SHA256 *)EVP_CIPHER_CTX_get_cipher_data(ctx))
 
 static int aesni_cbc_hmac_sha256_init_key(EVP_CIPHER_CTX *ctx,
                                           const unsigned char *inkey,
@@ -124,10 +67,13 @@ static int aesni_cbc_hmac_sha256_init_key(EVP_CIPHER_CTX *ctx,
     int ret;
 
     if (enc)
-        memset(&key->ks, 0, sizeof(key->ks.rd_key)),
-            ret = aesni_set_encrypt_key(inkey, ctx->key_len * 8, &key->ks);
+        ret = aesni_set_encrypt_key(inkey,
+                                    EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                    &key->ks);
     else
-        ret = aesni_set_decrypt_key(inkey, ctx->key_len * 8, &key->ks);
+        ret = aesni_set_decrypt_key(inkey,
+                                    EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                    &key->ks);
 
     SHA256_Init(&key->head);    /* handy when benchmarking */
     key->tail = key->head;
@@ -138,11 +84,11 @@ static int aesni_cbc_hmac_sha256_init_key(EVP_CIPHER_CTX *ctx,
     return ret < 0 ? 0 : 1;
 }
 
-#  define STITCHED_CALL
+# define STITCHED_CALL
 
-#  if !defined(STITCHED_CALL)
-#   define aes_off 0
-#  endif
+# if !defined(STITCHED_CALL)
+#  define aes_off 0
+# endif
 
 void sha256_block_data_order(void *c, const void *p, size_t len);
 
@@ -177,12 +123,12 @@ static void sha256_update(SHA256_CTX *c, const void *data, size_t len)
         SHA256_Update(c, ptr, res);
 }
 
-#  ifdef SHA256_Update
-#   undef SHA256_Update
-#  endif
-#  define SHA256_Update sha256_update
+# ifdef SHA256_Update
+#  undef SHA256_Update
+# endif
+# define SHA256_Update sha256_update
 
-#  if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
+# if !defined(OPENSSL_NO_MULTIBLOCK)
 
 typedef struct {
     unsigned int A[8], B[8], C[8], D[8], E[8], F[8], G[8], H[8];
@@ -221,9 +167,9 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key,
         0;
     size_t ret = 0;
     u8 *IVs;
-#   if defined(BSWAP8)
+#  if defined(BSWAP8)
     u64 seqnum;
-#   endif
+#  endif
 
     /* ask for IVs in bulk */
     if (RAND_bytes((IVs = blocks[0].c), 16 * x4) <= 0)
@@ -258,15 +204,15 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key,
         IVs += 16;
     }
 
-#   if defined(BSWAP8)
+#  if defined(BSWAP8)
     memcpy(blocks[0].c, key->md.data, 8);
     seqnum = BSWAP8(blocks[0].q[0]);
-#   endif
+#  endif
     for (i = 0; i < x4; i++) {
         unsigned int len = (i == (x4 - 1) ? last : frag);
-#   if !defined(BSWAP8)
+#  if !defined(BSWAP8)
         unsigned int carry, j;
-#   endif
+#  endif
 
         ctx->A[i] = key->md.h[0];
         ctx->B[i] = key->md.h[1];
@@ -278,14 +224,14 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key,
         ctx->H[i] = key->md.h[7];
 
         /* fix seqnum */
-#   if defined(BSWAP8)
+#  if defined(BSWAP8)
         blocks[i].q[0] = BSWAP8(seqnum + i);
-#   else
+#  else
         for (carry = i, j = 8; j--;) {
             blocks[i].c[j] = ((u8 *)key->md.data)[j] + carry;
             carry = (blocks[i].c[j] - carry) >> (sizeof(carry) * 8 - 1);
         }
-#   endif
+#  endif
         blocks[i].c[8] = ((u8 *)key->md.data)[8];
         blocks[i].c[9] = ((u8 *)key->md.data)[9];
         blocks[i].c[10] = ((u8 *)key->md.data)[10];
@@ -304,10 +250,10 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key,
     /* hash 13-byte headers and first 64-13 bytes of inputs */
     sha256_multi_block(ctx, edges, n4x);
     /* hash bulk inputs */
-#   define MAXCHUNKSIZE    2048
-#   if     MAXCHUNKSIZE%64
-#    error  "MAXCHUNKSIZE is not divisible by 64"
-#   elif   MAXCHUNKSIZE
+#  define MAXCHUNKSIZE    2048
+#  if     MAXCHUNKSIZE%64
+#   error  "MAXCHUNKSIZE is not divisible by 64"
+#  elif   MAXCHUNKSIZE
     /*
      * goal is to minimize pressure on L1 cache by moving in shorter steps,
      * so that hashed data is still in the cache by the time we encrypt it
@@ -336,8 +282,8 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key,
             minblocks -= MAXCHUNKSIZE / 64;
         } while (minblocks > MAXCHUNKSIZE / 64);
     }
-#   endif
-#   undef  MAXCHUNKSIZE
+#  endif
+#  undef  MAXCHUNKSIZE
     sha256_multi_block(ctx, hash_d, n4x);
 
     memset(blocks, 0, sizeof(blocks));
@@ -352,18 +298,18 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key,
         len += 64 + 13;         /* 64 is HMAC header */
         len *= 8;               /* convert to bits */
         if (off < (64 - 8)) {
-#   ifdef BSWAP4
+#  ifdef BSWAP4
             blocks[i].d[15] = BSWAP4(len);
-#   else
+#  else
             PUTU32(blocks[i].c + 60, len);
-#   endif
+#  endif
             edges[i].blocks = 1;
         } else {
-#   ifdef BSWAP4
+#  ifdef BSWAP4
             blocks[i].d[31] = BSWAP4(len);
-#   else
+#  else
             PUTU32(blocks[i].c + 124, len);
-#   endif
+#  endif
             edges[i].blocks = 2;
         }
         edges[i].ptr = blocks[i].c;
@@ -374,7 +320,7 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key,
 
     memset(blocks, 0, sizeof(blocks));
     for (i = 0; i < x4; i++) {
-#   ifdef BSWAP4
+#  ifdef BSWAP4
         blocks[i].d[0] = BSWAP4(ctx->A[i]);
         ctx->A[i] = key->tail.h[0];
         blocks[i].d[1] = BSWAP4(ctx->B[i]);
@@ -393,7 +339,7 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key,
         ctx->H[i] = key->tail.h[7];
         blocks[i].c[32] = 0x80;
         blocks[i].d[15] = BSWAP4((64 + 32) * 8);
-#   else
+#  else
         PUTU32(blocks[i].c + 0, ctx->A[i]);
         ctx->A[i] = key->tail.h[0];
         PUTU32(blocks[i].c + 4, ctx->B[i]);
@@ -412,7 +358,7 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key,
         ctx->H[i] = key->tail.h[7];
         blocks[i].c[32] = 0x80;
         PUTU32(blocks[i].c + 60, (64 + 32) * 8);
-#   endif
+#  endif
         edges[i].ptr = blocks[i].c;
         edges[i].blocks = 1;
     }
@@ -468,7 +414,7 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key,
 
     return ret;
 }
-#  endif
+# endif
 
 static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
                                         unsigned char *out,
@@ -479,18 +425,18 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
     size_t plen = key->payload_length, iv = 0, /* explicit IV in TLS 1.1 and
                                                 * later */
         sha_off = 0;
-#  if defined(STITCHED_CALL)
+# if defined(STITCHED_CALL)
     size_t aes_off = 0, blocks;
 
     sha_off = SHA256_CBLOCK - key->md.num;
-#  endif
+# endif
 
     key->payload_length = NO_PAYLOAD_LENGTH;
 
     if (len % AES_BLOCK_SIZE)
         return 0;
 
-    if (ctx->encrypt) {
+    if (EVP_CIPHER_CTX_encrypting(ctx)) {
         if (plen == NO_PAYLOAD_LENGTH)
             plen = len;
         else if (len !=
@@ -500,7 +446,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
         else if (key->aux.tls_ver >= TLS1_1_VERSION)
             iv = AES_BLOCK_SIZE;
 
-#  if defined(STITCHED_CALL)
+# if defined(STITCHED_CALL)
         /*
          * Assembly stitch handles AVX-capable processors, but its
          * performance is not optimal on AMD Jaguar, ~40% worse, for
@@ -520,7 +466,8 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
             SHA256_Update(&key->md, in + iv, sha_off);
 
             (void)aesni_cbc_sha256_enc(in, out, blocks, &key->ks,
-                                       ctx->iv, &key->md, in + iv + sha_off);
+                                       EVP_CIPHER_CTX_iv_noconst(ctx),
+                                       &key->md, in + iv + sha_off);
             blocks *= SHA256_CBLOCK;
             aes_off += blocks;
             sha_off += blocks;
@@ -531,7 +478,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
         } else {
             sha_off = 0;
         }
-#  endif
+# endif
         sha_off += iv;
         SHA256_Update(&key->md, in + sha_off, plen - sha_off);
 
@@ -551,10 +498,10 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
                 out[plen] = l;
             /* encrypt HMAC|padding at once */
             aesni_cbc_encrypt(out + aes_off, out + aes_off, len - aes_off,
-                              &key->ks, ctx->iv, 1);
+                              &key->ks, EVP_CIPHER_CTX_iv_noconst(ctx), 1);
         } else {
             aesni_cbc_encrypt(in + aes_off, out + aes_off, len - aes_off,
-                              &key->ks, ctx->iv, 1);
+                              &key->ks, EVP_CIPHER_CTX_iv_noconst(ctx), 1);
         }
     } else {
         union {
@@ -566,7 +513,8 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
         pmac = (void *)(((size_t)mac.c + 63) & ((size_t)0 - 64));
 
         /* decrypt HMAC|padding at once */
-        aesni_cbc_encrypt(in, out, len, &key->ks, ctx->iv, 0);
+        aesni_cbc_encrypt(in, out, len, &key->ks,
+                          EVP_CIPHER_CTX_iv_noconst(ctx), 0);
 
         if (plen != NO_PAYLOAD_LENGTH) { /* "TLS" mode of operation */
             size_t inp_len, mask, j, i;
@@ -613,7 +561,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
             key->md = key->head;
             SHA256_Update(&key->md, key->aux.tls_aad, plen);
 
-#  if 1
+# if 1      /* see original reference version in #else */
             len -= SHA256_DIGEST_LENGTH; /* amend mac */
             if (len >= (256 + SHA256_CBLOCK)) {
                 j = (len - (256 + SHA256_CBLOCK)) & (0 - SHA256_CBLOCK);
@@ -626,15 +574,15 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
 
             /* but pretend as if we hashed padded payload */
             bitlen = key->md.Nl + (inp_len << 3); /* at most 18 bits */
-#   ifdef BSWAP4
+#  ifdef BSWAP4
             bitlen = BSWAP4(bitlen);
-#   else
+#  else
             mac.c[0] = 0;
             mac.c[1] = (unsigned char)(bitlen >> 16);
             mac.c[2] = (unsigned char)(bitlen >> 8);
             mac.c[3] = (unsigned char)bitlen;
             bitlen = mac.u[0];
-#   endif
+#  endif
 
             pmac->u[0] = 0;
             pmac->u[1] = 0;
@@ -703,7 +651,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
             pmac->u[6] |= key->md.h[6] & mask;
             pmac->u[7] |= key->md.h[7] & mask;
 
-#   ifdef BSWAP4
+#  ifdef BSWAP4
             pmac->u[0] = BSWAP4(pmac->u[0]);
             pmac->u[1] = BSWAP4(pmac->u[1]);
             pmac->u[2] = BSWAP4(pmac->u[2]);
@@ -712,7 +660,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
             pmac->u[5] = BSWAP4(pmac->u[5]);
             pmac->u[6] = BSWAP4(pmac->u[6]);
             pmac->u[7] = BSWAP4(pmac->u[7]);
-#   else
+#  else
             for (i = 0; i < 8; i++) {
                 res = pmac->u[i];
                 pmac->c[4 * i + 0] = (unsigned char)(res >> 24);
@@ -720,9 +668,9 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
                 pmac->c[4 * i + 2] = (unsigned char)(res >> 8);
                 pmac->c[4 * i + 3] = (unsigned char)res;
             }
-#   endif
+#  endif
             len += SHA256_DIGEST_LENGTH;
-#  else
+# else
             SHA256_Update(&key->md, out, inp_len);
             res = key->md.num;
             SHA256_Final(pmac->c, &key->md);
@@ -741,7 +689,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
                 for (; inp_blocks < pad_blocks; inp_blocks++)
                     sha1_block_data_order(&key->md, data, 1);
             }
-#  endif
+# endif      /* pre-lucky-13 reference version of above */
             key->md = key->tail;
             SHA256_Update(&key->md, pmac->c, SHA256_DIGEST_LENGTH);
             SHA256_Final(pmac->c, &key->md);
@@ -749,7 +697,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
             /* verify HMAC */
             out += inp_len;
             len -= inp_len;
-#  if 1
+# if 1      /* see original reference version in #else */
             {
                 unsigned char *p =
                     out + len - 1 - maxpad - SHA256_DIGEST_LENGTH;
@@ -772,7 +720,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
                 res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1));
                 ret &= (int)~res;
             }
-#  else
+# else      /* pre-lucky-13 reference version of above */
             for (res = 0, i = 0; i < SHA256_DIGEST_LENGTH; i++)
                 res |= out[i] ^ pmac->c[i];
             res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1));
@@ -786,7 +734,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
 
             res = (0 - res) >> (sizeof(res) * 8 - 1);
             ret &= (int)~res;
-#  endif
+# endif
             return ret;
         } else {
             SHA256_Update(&key->md, out, len);
@@ -800,6 +748,7 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
                                       void *ptr)
 {
     EVP_AES_HMAC_SHA256 *key = data(ctx);
+    unsigned int u_arg = (unsigned int)arg;
 
     switch (type) {
     case EVP_CTRL_AEAD_SET_MAC_KEY:
@@ -809,7 +758,10 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
 
             memset(hmac_key, 0, sizeof(hmac_key));
 
-            if (arg > (int)sizeof(hmac_key)) {
+            if (arg < 0)
+                return -1;
+
+            if (u_arg > sizeof(hmac_key)) {
                 SHA256_Init(&key->head);
                 SHA256_Update(&key->head, ptr, arg);
                 SHA256_Final(hmac_key, &key->head);
@@ -841,7 +793,7 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
 
             len = p[arg - 2] << 8 | p[arg - 1];
 
-            if (ctx->encrypt) {
+            if (EVP_CIPHER_CTX_encrypting(ctx)) {
                 key->payload_length = len;
                 if ((key->aux.tls_ver =
                      p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) {
@@ -864,7 +816,7 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
                 return SHA256_DIGEST_LENGTH;
             }
         }
-#  if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
+# if !defined(OPENSSL_NO_MULTIBLOCK)
     case EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE:
         return (int)(5 + 16 + ((arg + 32 + 16) & -16));
     case EVP_CTRL_TLS1_1_MULTIBLOCK_AAD:
@@ -874,12 +826,15 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
             unsigned int n4x = 1, x4;
             unsigned int frag, last, packlen, inp_len;
 
-            if (arg < (int)sizeof(EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM))
+            if (arg < 0)
+                return -1;
+
+            if (u_arg < sizeof(EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM))
                 return -1;
 
             inp_len = param->inp[11] << 8 | param->inp[12];
 
-            if (ctx->encrypt) {
+            if (EVP_CIPHER_CTX_encrypting(ctx)) {
                 if ((param->inp[9] << 8 | param->inp[10]) < TLS1_1_VERSION)
                     return -1;
 
@@ -927,19 +882,19 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
                                                    param->interleave / 4);
         }
     case EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT:
-#  endif
+# endif
     default:
         return -1;
     }
 }
 
 static EVP_CIPHER aesni_128_cbc_hmac_sha256_cipher = {
-#  ifdef NID_aes_128_cbc_hmac_sha256
+# ifdef NID_aes_128_cbc_hmac_sha256
     NID_aes_128_cbc_hmac_sha256,
-#  else
+# else
     NID_undef,
-#  endif
-    16, 16, 16,
+# endif
+    AES_BLOCK_SIZE, 16, AES_BLOCK_SIZE,
     EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 |
         EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK,
     aesni_cbc_hmac_sha256_init_key,
@@ -953,12 +908,12 @@ static EVP_CIPHER aesni_128_cbc_hmac_sha256_cipher = {
 };
 
 static EVP_CIPHER aesni_256_cbc_hmac_sha256_cipher = {
-#  ifdef NID_aes_256_cbc_hmac_sha256
+# ifdef NID_aes_256_cbc_hmac_sha256
     NID_aes_256_cbc_hmac_sha256,
-#  else
+# else
     NID_undef,
-#  endif
-    16, 32, 16,
+# endif
+    AES_BLOCK_SIZE, 32, AES_BLOCK_SIZE,
     EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 |
         EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK,
     aesni_cbc_hmac_sha256_init_key,
@@ -984,7 +939,7 @@ const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void)
             aesni_cbc_sha256_enc(NULL, NULL, 0, NULL, NULL, NULL, NULL) ?
             &aesni_256_cbc_hmac_sha256_cipher : NULL);
 }
-# else
+#else
 const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha256(void)
 {
     return NULL;
@@ -994,5 +949,4 @@ const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void)
 {
     return NULL;
 }
-# endif
 #endif
diff --git a/freebsd/crypto/openssl/crypto/evp/e_aria.c b/freebsd/crypto/openssl/crypto/evp/e_aria.c
new file mode 100644
index 00000000..33ff1186
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/evp/e_aria.c
@@ -0,0 +1,758 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2017, Oracle and/or its affiliates.  All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#ifndef OPENSSL_NO_ARIA
+# include <openssl/evp.h>
+# include <openssl/modes.h>
+# include <openssl/rand.h>
+# include <openssl/rand_drbg.h>
+# include "internal/aria.h"
+# include "internal/evp_int.h"
+# include "modes_lcl.h"
+# include "evp_locl.h"
+
+/* ARIA subkey Structure */
+typedef struct {
+    ARIA_KEY ks;
+} EVP_ARIA_KEY;
+
+/* ARIA GCM context */
+typedef struct {
+    union {
+        double align;
+        ARIA_KEY ks;
+    } ks;                       /* ARIA subkey to use */
+    int key_set;                /* Set if key initialised */
+    int iv_set;                 /* Set if an iv is set */
+    GCM128_CONTEXT gcm;
+    unsigned char *iv;          /* Temporary IV store */
+    int ivlen;                  /* IV length */
+    int taglen;
+    int iv_gen;                 /* It is OK to generate IVs */
+    int tls_aad_len;            /* TLS AAD length */
+} EVP_ARIA_GCM_CTX;
+
+/* ARIA CCM context */
+typedef struct {
+    union {
+        double align;
+        ARIA_KEY ks;
+    } ks;                       /* ARIA key schedule to use */
+    int key_set;                /* Set if key initialised */
+    int iv_set;                 /* Set if an iv is set */
+    int tag_set;                /* Set if tag is valid */
+    int len_set;                /* Set if message length set */
+    int L, M;                   /* L and M parameters from RFC3610 */
+    int tls_aad_len;            /* TLS AAD length */
+    CCM128_CONTEXT ccm;
+    ccm128_f str;
+} EVP_ARIA_CCM_CTX;
+
+/* The subkey for ARIA is generated. */
+static int aria_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                            const unsigned char *iv, int enc)
+{
+    int ret;
+    int mode = EVP_CIPHER_CTX_mode(ctx);
+
+    if (enc || (mode != EVP_CIPH_ECB_MODE && mode != EVP_CIPH_CBC_MODE))
+        ret = aria_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                        EVP_CIPHER_CTX_get_cipher_data(ctx));
+    else
+        ret = aria_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                        EVP_CIPHER_CTX_get_cipher_data(ctx));
+    if (ret < 0) {
+        EVPerr(EVP_F_ARIA_INIT_KEY,EVP_R_ARIA_KEY_SETUP_FAILED);
+        return 0;
+    }
+    return 1;
+}
+
+static void aria_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t len, const ARIA_KEY *key,
+                             unsigned char *ivec, const int enc)
+{
+
+    if (enc)
+        CRYPTO_cbc128_encrypt(in, out, len, key, ivec,
+                              (block128_f) aria_encrypt);
+    else
+        CRYPTO_cbc128_decrypt(in, out, len, key, ivec,
+                              (block128_f) aria_encrypt);
+}
+
+static void aria_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+                                size_t length, const ARIA_KEY *key,
+                                unsigned char *ivec, int *num, const int enc)
+{
+
+    CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc,
+                          (block128_f) aria_encrypt);
+}
+
+static void aria_cfb1_encrypt(const unsigned char *in, unsigned char *out,
+                              size_t length, const ARIA_KEY *key,
+                              unsigned char *ivec, int *num, const int enc)
+{
+    CRYPTO_cfb128_1_encrypt(in, out, length, key, ivec, num, enc,
+                            (block128_f) aria_encrypt);
+}
+
+static void aria_cfb8_encrypt(const unsigned char *in, unsigned char *out,
+                              size_t length, const ARIA_KEY *key,
+                              unsigned char *ivec, int *num, const int enc)
+{
+    CRYPTO_cfb128_8_encrypt(in, out, length, key, ivec, num, enc,
+                            (block128_f) aria_encrypt);
+}
+
+static void aria_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                             const ARIA_KEY *key, const int enc)
+{
+    aria_encrypt(in, out, key);
+}
+
+static void aria_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t length, const ARIA_KEY *key,
+                             unsigned char *ivec, int *num)
+{
+    CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num,
+                         (block128_f) aria_encrypt);
+}
+
+IMPLEMENT_BLOCK_CIPHER(aria_128, ks, aria, EVP_ARIA_KEY,
+                        NID_aria_128, 16, 16, 16, 128,
+                        0, aria_init_key, NULL,
+                        EVP_CIPHER_set_asn1_iv,
+                        EVP_CIPHER_get_asn1_iv,
+                        NULL)
+IMPLEMENT_BLOCK_CIPHER(aria_192, ks, aria, EVP_ARIA_KEY,
+                        NID_aria_192, 16, 24, 16, 128,
+                        0, aria_init_key, NULL,
+                        EVP_CIPHER_set_asn1_iv,
+                        EVP_CIPHER_get_asn1_iv,
+                        NULL)
+IMPLEMENT_BLOCK_CIPHER(aria_256, ks, aria, EVP_ARIA_KEY,
+                        NID_aria_256, 16, 32, 16, 128,
+                        0, aria_init_key, NULL,
+                        EVP_CIPHER_set_asn1_iv,
+                        EVP_CIPHER_get_asn1_iv,
+                        NULL)
+
+# define IMPLEMENT_ARIA_CFBR(ksize,cbits) \
+                IMPLEMENT_CFBR(aria,aria,EVP_ARIA_KEY,ks,ksize,cbits,16,0)
+IMPLEMENT_ARIA_CFBR(128,1)
+IMPLEMENT_ARIA_CFBR(192,1)
+IMPLEMENT_ARIA_CFBR(256,1)
+IMPLEMENT_ARIA_CFBR(128,8)
+IMPLEMENT_ARIA_CFBR(192,8)
+IMPLEMENT_ARIA_CFBR(256,8)
+
+# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
+static const EVP_CIPHER aria_##keylen##_##mode = { \
+        nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
+        flags|EVP_CIPH_##MODE##_MODE,   \
+        aria_init_key,                  \
+        aria_##mode##_cipher,           \
+        NULL,                           \
+        sizeof(EVP_ARIA_KEY),           \
+        NULL,NULL,NULL,NULL };          \
+const EVP_CIPHER *EVP_aria_##keylen##_##mode(void) \
+{ return &aria_##keylen##_##mode; }
+
+static int aria_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                               const unsigned char *in, size_t len)
+{
+    unsigned int num = EVP_CIPHER_CTX_num(ctx);
+    EVP_ARIA_KEY *dat = EVP_C_DATA(EVP_ARIA_KEY,ctx);
+
+    CRYPTO_ctr128_encrypt(in, out, len, &dat->ks,
+                          EVP_CIPHER_CTX_iv_noconst(ctx),
+                          EVP_CIPHER_CTX_buf_noconst(ctx), &num,
+                          (block128_f) aria_encrypt);
+    EVP_CIPHER_CTX_set_num(ctx, num);
+    return 1;
+}
+
+BLOCK_CIPHER_generic(NID_aria, 128, 1, 16, ctr, ctr, CTR, 0)
+BLOCK_CIPHER_generic(NID_aria, 192, 1, 16, ctr, ctr, CTR, 0)
+BLOCK_CIPHER_generic(NID_aria, 256, 1, 16, ctr, ctr, CTR, 0)
+
+/* Authenticated cipher modes (GCM/CCM) */
+
+/* increment counter (64-bit int) by 1 */
+static void ctr64_inc(unsigned char *counter)
+{
+    int n = 8;
+    unsigned char c;
+
+    do {
+        --n;
+        c = counter[n];
+        ++c;
+        counter[n] = c;
+        if (c)
+            return;
+    } while (n);
+}
+
+static int aria_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                                 const unsigned char *iv, int enc)
+{
+    int ret;
+    EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX,ctx);
+
+    if (!iv && !key)
+        return 1;
+    if (key) {
+        ret = aria_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                   &gctx->ks.ks);
+        CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
+                           (block128_f) aria_encrypt);
+        if (ret < 0) {
+            EVPerr(EVP_F_ARIA_GCM_INIT_KEY,EVP_R_ARIA_KEY_SETUP_FAILED);
+            return 0;
+        }
+
+        /*
+         * If we have an iv can set it directly, otherwise use saved IV.
+         */
+        if (iv == NULL && gctx->iv_set)
+            iv = gctx->iv;
+        if (iv) {
+            CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
+            gctx->iv_set = 1;
+        }
+        gctx->key_set = 1;
+    } else {
+        /* If key set use IV, otherwise copy */
+        if (gctx->key_set)
+            CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
+        else
+            memcpy(gctx->iv, iv, gctx->ivlen);
+        gctx->iv_set = 1;
+        gctx->iv_gen = 0;
+    }
+    return 1;
+}
+
+static int aria_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+{
+    EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX,c);
+
+    switch (type) {
+    case EVP_CTRL_INIT:
+        gctx->key_set = 0;
+        gctx->iv_set = 0;
+        gctx->ivlen = EVP_CIPHER_CTX_iv_length(c);
+        gctx->iv = EVP_CIPHER_CTX_iv_noconst(c);
+        gctx->taglen = -1;
+        gctx->iv_gen = 0;
+        gctx->tls_aad_len = -1;
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_IVLEN:
+        if (arg <= 0)
+            return 0;
+        /* Allocate memory for IV if needed */
+        if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) {
+            if (gctx->iv != EVP_CIPHER_CTX_iv_noconst(c))
+                OPENSSL_free(gctx->iv);
+            if ((gctx->iv = OPENSSL_malloc(arg)) == NULL) {
+                EVPerr(EVP_F_ARIA_GCM_CTRL, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+        }
+        gctx->ivlen = arg;
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_TAG:
+        if (arg <= 0 || arg > 16 || EVP_CIPHER_CTX_encrypting(c))
+            return 0;
+        memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg);
+        gctx->taglen = arg;
+        return 1;
+
+    case EVP_CTRL_AEAD_GET_TAG:
+        if (arg <= 0 || arg > 16 || !EVP_CIPHER_CTX_encrypting(c)
+            || gctx->taglen < 0)
+            return 0;
+        memcpy(ptr, EVP_CIPHER_CTX_buf_noconst(c), arg);
+        return 1;
+
+    case EVP_CTRL_GCM_SET_IV_FIXED:
+        /* Special case: -1 length restores whole IV */
+        if (arg == -1) {
+            memcpy(gctx->iv, ptr, gctx->ivlen);
+            gctx->iv_gen = 1;
+            return 1;
+        }
+        /*
+         * Fixed field must be at least 4 bytes and invocation field at least
+         * 8.
+         */
+        if ((arg < 4) || (gctx->ivlen - arg) < 8)
+            return 0;
+        if (arg)
+            memcpy(gctx->iv, ptr, arg);
+        if (EVP_CIPHER_CTX_encrypting(c)
+            && RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0)
+            return 0;
+        gctx->iv_gen = 1;
+        return 1;
+
+    case EVP_CTRL_GCM_IV_GEN:
+        if (gctx->iv_gen == 0 || gctx->key_set == 0)
+            return 0;
+        CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen);
+        if (arg <= 0 || arg > gctx->ivlen)
+            arg = gctx->ivlen;
+        memcpy(ptr, gctx->iv + gctx->ivlen - arg, arg);
+        /*
+         * Invocation field will be at least 8 bytes in size and so no need
+         * to check wrap around or increment more than last 8 bytes.
+         */
+        ctr64_inc(gctx->iv + gctx->ivlen - 8);
+        gctx->iv_set = 1;
+        return 1;
+
+    case EVP_CTRL_GCM_SET_IV_INV:
+        if (gctx->iv_gen == 0 || gctx->key_set == 0
+            || EVP_CIPHER_CTX_encrypting(c))
+            return 0;
+        memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg);
+        CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen);
+        gctx->iv_set = 1;
+        return 1;
+
+    case EVP_CTRL_AEAD_TLS1_AAD:
+        /* Save the AAD for later use */
+        if (arg != EVP_AEAD_TLS1_AAD_LEN)
+            return 0;
+        memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg);
+        gctx->tls_aad_len = arg;
+        {
+            unsigned int len =
+                EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] << 8
+                | EVP_CIPHER_CTX_buf_noconst(c)[arg - 1];
+            /* Correct length for explicit IV */
+            if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN)
+                return 0;
+            len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
+            /* If decrypting correct for tag too */
+            if (!EVP_CIPHER_CTX_encrypting(c)) {
+                if (len < EVP_GCM_TLS_TAG_LEN)
+                    return 0;
+                len -= EVP_GCM_TLS_TAG_LEN;
+            }
+            EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] = len >> 8;
+            EVP_CIPHER_CTX_buf_noconst(c)[arg - 1] = len & 0xff;
+        }
+        /* Extra padding: tag appended to record */
+        return EVP_GCM_TLS_TAG_LEN;
+
+    case EVP_CTRL_COPY:
+        {
+            EVP_CIPHER_CTX *out = ptr;
+            EVP_ARIA_GCM_CTX *gctx_out = EVP_C_DATA(EVP_ARIA_GCM_CTX,out);
+            if (gctx->gcm.key) {
+                if (gctx->gcm.key != &gctx->ks)
+                    return 0;
+                gctx_out->gcm.key = &gctx_out->ks;
+            }
+            if (gctx->iv == EVP_CIPHER_CTX_iv_noconst(c))
+                gctx_out->iv = EVP_CIPHER_CTX_iv_noconst(out);
+            else {
+                if ((gctx_out->iv = OPENSSL_malloc(gctx->ivlen)) == NULL) {
+                    EVPerr(EVP_F_ARIA_GCM_CTRL, ERR_R_MALLOC_FAILURE);
+                    return 0;
+                }
+                memcpy(gctx_out->iv, gctx->iv, gctx->ivlen);
+            }
+            return 1;
+        }
+
+    default:
+        return -1;
+
+    }
+}
+
+static int aria_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, size_t len)
+{
+    EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX,ctx);
+    int rv = -1;
+
+    /* Encrypt/decrypt must be performed in place */
+    if (out != in
+        || len < (EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN))
+        return -1;
+    /*
+     * Set IV from start of buffer or generate IV and write to start of
+     * buffer.
+     */
+    if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CIPHER_CTX_encrypting(ctx) ?
+                            EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV,
+                            EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0)
+        goto err;
+    /* Use saved AAD */
+    if (CRYPTO_gcm128_aad(&gctx->gcm, EVP_CIPHER_CTX_buf_noconst(ctx),
+                          gctx->tls_aad_len))
+        goto err;
+    /* Fix buffer and length to point to payload */
+    in += EVP_GCM_TLS_EXPLICIT_IV_LEN;
+    out += EVP_GCM_TLS_EXPLICIT_IV_LEN;
+    len -= EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
+    if (EVP_CIPHER_CTX_encrypting(ctx)) {
+        /* Encrypt payload */
+        if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, len))
+            goto err;
+        out += len;
+        /* Finally write tag */
+        CRYPTO_gcm128_tag(&gctx->gcm, out, EVP_GCM_TLS_TAG_LEN);
+        rv = len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
+    } else {
+        /* Decrypt */
+        if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, len))
+            goto err;
+        /* Retrieve tag */
+        CRYPTO_gcm128_tag(&gctx->gcm, EVP_CIPHER_CTX_buf_noconst(ctx),
+                          EVP_GCM_TLS_TAG_LEN);
+        /* If tag mismatch wipe buffer */
+        if (CRYPTO_memcmp(EVP_CIPHER_CTX_buf_noconst(ctx), in + len,
+                          EVP_GCM_TLS_TAG_LEN)) {
+            OPENSSL_cleanse(out, len);
+            goto err;
+        }
+        rv = len;
+    }
+
+ err:
+    gctx->iv_set = 0;
+    gctx->tls_aad_len = -1;
+    return rv;
+}
+
+static int aria_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, size_t len)
+{
+    EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX,ctx);
+
+    /* If not set up, return error */
+    if (!gctx->key_set)
+        return -1;
+
+    if (gctx->tls_aad_len >= 0)
+        return aria_gcm_tls_cipher(ctx, out, in, len);
+
+    if (!gctx->iv_set)
+        return -1;
+    if (in) {
+        if (out == NULL) {
+            if (CRYPTO_gcm128_aad(&gctx->gcm, in, len))
+                return -1;
+        } else if (EVP_CIPHER_CTX_encrypting(ctx)) {
+            if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, len))
+                return -1;
+        } else {
+            if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, len))
+                return -1;
+        }
+        return len;
+    }
+    if (!EVP_CIPHER_CTX_encrypting(ctx)) {
+        if (gctx->taglen < 0)
+            return -1;
+        if (CRYPTO_gcm128_finish(&gctx->gcm,
+                                 EVP_CIPHER_CTX_buf_noconst(ctx),
+                                 gctx->taglen) != 0)
+            return -1;
+        gctx->iv_set = 0;
+        return 0;
+    }
+    CRYPTO_gcm128_tag(&gctx->gcm, EVP_CIPHER_CTX_buf_noconst(ctx), 16);
+    gctx->taglen = 16;
+    /* Don't reuse the IV */
+    gctx->iv_set = 0;
+    return 0;
+}
+
+static int aria_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                            const unsigned char *iv, int enc)
+{
+    int ret;
+    EVP_ARIA_CCM_CTX *cctx = EVP_C_DATA(EVP_ARIA_CCM_CTX,ctx);
+
+    if (!iv && !key)
+        return 1;
+
+    if (key) {
+        ret = aria_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                   &cctx->ks.ks);
+        CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
+                           &cctx->ks, (block128_f) aria_encrypt);
+        if (ret < 0) {
+            EVPerr(EVP_F_ARIA_CCM_INIT_KEY,EVP_R_ARIA_KEY_SETUP_FAILED);
+            return 0;
+        }
+        cctx->str = NULL;
+        cctx->key_set = 1;
+    }
+    if (iv) {
+        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 15 - cctx->L);
+        cctx->iv_set = 1;
+    }
+    return 1;
+}
+
+static int aria_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+{
+    EVP_ARIA_CCM_CTX *cctx = EVP_C_DATA(EVP_ARIA_CCM_CTX,c);
+
+    switch (type) {
+    case EVP_CTRL_INIT:
+        cctx->key_set = 0;
+        cctx->iv_set = 0;
+        cctx->L = 8;
+        cctx->M = 12;
+        cctx->tag_set = 0;
+        cctx->len_set = 0;
+        cctx->tls_aad_len = -1;
+        return 1;
+
+    case EVP_CTRL_AEAD_TLS1_AAD:
+        /* Save the AAD for later use */
+        if (arg != EVP_AEAD_TLS1_AAD_LEN)
+            return 0;
+        memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg);
+        cctx->tls_aad_len = arg;
+        {
+            uint16_t len =
+                EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] << 8
+                | EVP_CIPHER_CTX_buf_noconst(c)[arg - 1];
+            /* Correct length for explicit IV */
+            if (len < EVP_CCM_TLS_EXPLICIT_IV_LEN)
+                return 0;
+            len -= EVP_CCM_TLS_EXPLICIT_IV_LEN;
+            /* If decrypting correct for tag too */
+            if (!EVP_CIPHER_CTX_encrypting(c)) {
+                if (len < cctx->M)
+                    return 0;
+                len -= cctx->M;
+            }
+            EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] = len >> 8;
+            EVP_CIPHER_CTX_buf_noconst(c)[arg - 1] = len & 0xff;
+        }
+        /* Extra padding: tag appended to record */
+        return cctx->M;
+
+    case EVP_CTRL_CCM_SET_IV_FIXED:
+        /* Sanity check length */
+        if (arg != EVP_CCM_TLS_FIXED_IV_LEN)
+            return 0;
+        /* Just copy to first part of IV */
+        memcpy(EVP_CIPHER_CTX_iv_noconst(c), ptr, arg);
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_IVLEN:
+        arg = 15 - arg;
+        /* fall thru */
+    case EVP_CTRL_CCM_SET_L:
+        if (arg < 2 || arg > 8)
+            return 0;
+        cctx->L = arg;
+        return 1;
+    case EVP_CTRL_AEAD_SET_TAG:
+        if ((arg & 1) || arg < 4 || arg > 16)
+            return 0;
+        if (EVP_CIPHER_CTX_encrypting(c) && ptr)
+            return 0;
+        if (ptr) {
+            cctx->tag_set = 1;
+            memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg);
+        }
+        cctx->M = arg;
+        return 1;
+
+    case EVP_CTRL_AEAD_GET_TAG:
+        if (!EVP_CIPHER_CTX_encrypting(c) || !cctx->tag_set)
+            return 0;
+        if (!CRYPTO_ccm128_tag(&cctx->ccm, ptr, (size_t)arg))
+            return 0;
+        cctx->tag_set = 0;
+        cctx->iv_set = 0;
+        cctx->len_set = 0;
+        return 1;
+
+    case EVP_CTRL_COPY:
+        {
+            EVP_CIPHER_CTX *out = ptr;
+            EVP_ARIA_CCM_CTX *cctx_out = EVP_C_DATA(EVP_ARIA_CCM_CTX,out);
+            if (cctx->ccm.key) {
+                if (cctx->ccm.key != &cctx->ks)
+                    return 0;
+                cctx_out->ccm.key = &cctx_out->ks;
+            }
+            return 1;
+        }
+
+    default:
+        return -1;
+    }
+}
+
+static int aria_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, size_t len)
+{
+    EVP_ARIA_CCM_CTX *cctx = EVP_C_DATA(EVP_ARIA_CCM_CTX,ctx);
+    CCM128_CONTEXT *ccm = &cctx->ccm;
+
+    /* Encrypt/decrypt must be performed in place */
+    if (out != in || len < (EVP_CCM_TLS_EXPLICIT_IV_LEN + (size_t)cctx->M))
+        return -1;
+    /* If encrypting set explicit IV from sequence number (start of AAD) */
+    if (EVP_CIPHER_CTX_encrypting(ctx))
+        memcpy(out, EVP_CIPHER_CTX_buf_noconst(ctx),
+               EVP_CCM_TLS_EXPLICIT_IV_LEN);
+    /* Get rest of IV from explicit IV */
+    memcpy(EVP_CIPHER_CTX_iv_noconst(ctx) + EVP_CCM_TLS_FIXED_IV_LEN, in,
+           EVP_CCM_TLS_EXPLICIT_IV_LEN);
+    /* Correct length value */
+    len -= EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M;
+    if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx), 15 - cctx->L,
+                            len))
+            return -1;
+    /* Use saved AAD */
+    CRYPTO_ccm128_aad(ccm, EVP_CIPHER_CTX_buf_noconst(ctx), cctx->tls_aad_len);
+    /* Fix buffer to point to payload */
+    in += EVP_CCM_TLS_EXPLICIT_IV_LEN;
+    out += EVP_CCM_TLS_EXPLICIT_IV_LEN;
+    if (EVP_CIPHER_CTX_encrypting(ctx)) {
+        if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len, cctx->str)
+                      : CRYPTO_ccm128_encrypt(ccm, in, out, len))
+            return -1;
+        if (!CRYPTO_ccm128_tag(ccm, out + len, cctx->M))
+            return -1;
+        return len + EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M;
+    } else {
+        if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len, cctx->str)
+                      : !CRYPTO_ccm128_decrypt(ccm, in, out, len)) {
+            unsigned char tag[16];
+            if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) {
+                if (!CRYPTO_memcmp(tag, in + len, cctx->M))
+                    return len;
+            }
+        }
+        OPENSSL_cleanse(out, len);
+        return -1;
+    }
+}
+
+static int aria_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, size_t len)
+{
+    EVP_ARIA_CCM_CTX *cctx = EVP_C_DATA(EVP_ARIA_CCM_CTX,ctx);
+    CCM128_CONTEXT *ccm = &cctx->ccm;
+
+    /* If not set up, return error */
+    if (!cctx->key_set)
+        return -1;
+
+    if (cctx->tls_aad_len >= 0)
+        return aria_ccm_tls_cipher(ctx, out, in, len);
+
+    /* EVP_*Final() doesn't return any data */
+    if (in == NULL && out != NULL)
+        return 0;
+
+    if (!cctx->iv_set)
+        return -1;
+
+    if (!EVP_CIPHER_CTX_encrypting(ctx) && !cctx->tag_set)
+        return -1;
+    if (!out) {
+        if (!in) {
+            if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx),
+                                    15 - cctx->L, len))
+                return -1;
+            cctx->len_set = 1;
+            return len;
+        }
+        /* If have AAD need message length */
+        if (!cctx->len_set && len)
+            return -1;
+        CRYPTO_ccm128_aad(ccm, in, len);
+        return len;
+    }
+    /* If not set length yet do it */
+    if (!cctx->len_set) {
+        if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx),
+                                15 - cctx->L, len))
+            return -1;
+        cctx->len_set = 1;
+    }
+    if (EVP_CIPHER_CTX_encrypting(ctx)) {
+        if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len, cctx->str)
+                      : CRYPTO_ccm128_encrypt(ccm, in, out, len))
+            return -1;
+        cctx->tag_set = 1;
+        return len;
+    } else {
+        int rv = -1;
+        if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len,
+                                                     cctx->str) :
+            !CRYPTO_ccm128_decrypt(ccm, in, out, len)) {
+            unsigned char tag[16];
+            if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) {
+                if (!CRYPTO_memcmp(tag, EVP_CIPHER_CTX_buf_noconst(ctx),
+                                   cctx->M))
+                    rv = len;
+            }
+        }
+        if (rv == -1)
+            OPENSSL_cleanse(out, len);
+        cctx->iv_set = 0;
+        cctx->tag_set = 0;
+        cctx->len_set = 0;
+        return rv;
+    }
+}
+
+#define ARIA_AUTH_FLAGS  (EVP_CIPH_FLAG_DEFAULT_ASN1 \
+                          | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
+                          | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \
+                          | EVP_CIPH_CUSTOM_COPY | EVP_CIPH_FLAG_AEAD_CIPHER)
+
+#define BLOCK_CIPHER_aead(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
+static const EVP_CIPHER aria_##keylen##_##mode = { \
+        nid##_##keylen##_##nmode,                  \
+        blocksize, keylen/8, ivlen,                \
+        ARIA_AUTH_FLAGS|EVP_CIPH_##MODE##_MODE,    \
+        aria_##mode##_init_key,                    \
+        aria_##mode##_cipher,                      \
+        NULL,                                      \
+        sizeof(EVP_ARIA_##MODE##_CTX),             \
+        NULL,NULL,aria_##mode##_ctrl,NULL };       \
+const EVP_CIPHER *EVP_aria_##keylen##_##mode(void) \
+{ return (EVP_CIPHER*)&aria_##keylen##_##mode; }
+
+BLOCK_CIPHER_aead(NID_aria, 128, 1, 12, gcm, gcm, GCM, 0)
+BLOCK_CIPHER_aead(NID_aria, 192, 1, 12, gcm, gcm, GCM, 0)
+BLOCK_CIPHER_aead(NID_aria, 256, 1, 12, gcm, gcm, GCM, 0)
+
+BLOCK_CIPHER_aead(NID_aria, 128, 1, 12, ccm, ccm, CCM, 0)
+BLOCK_CIPHER_aead(NID_aria, 192, 1, 12, ccm, ccm, CCM, 0)
+BLOCK_CIPHER_aead(NID_aria, 256, 1, 12, ccm, ccm, CCM, 0)
+
+#endif
diff --git a/freebsd/crypto/openssl/crypto/evp/e_bf.c b/freebsd/crypto/openssl/crypto/evp/e_bf.c
index a94d05da..c94920cd 100644
--- a/freebsd/crypto/openssl/crypto/evp/e_bf.c
+++ b/freebsd/crypto/openssl/crypto/evp/e_bf.c
@@ -1,68 +1,19 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/evp/e_bf.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #ifndef OPENSSL_NO_BF
 # include <openssl/evp.h>
-# include "evp_locl.h"
+# include "internal/evp_int.h"
 # include <openssl/objects.h>
 # include <openssl/blowfish.h>
 
diff --git a/freebsd/crypto/openssl/crypto/evp/e_camellia.c b/freebsd/crypto/openssl/crypto/evp/e_camellia.c
index 277ced92..5d8d2801 100644
--- a/freebsd/crypto/openssl/crypto/evp/e_camellia.c
+++ b/freebsd/crypto/openssl/crypto/evp/e_camellia.c
@@ -1,68 +1,25 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/evp/e_camellia.c */
-/* ====================================================================
- * Copyright (c) 2006-2018 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/opensslconf.h>
-#ifndef OPENSSL_NO_CAMELLIA
+#ifdef OPENSSL_NO_CAMELLIA
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
 # include <openssl/evp.h>
 # include <openssl/err.h>
 # include <string.h>
 # include <assert.h>
 # include <openssl/camellia.h>
-# include "evp_locl.h"
+# include "internal/evp_int.h"
 # include "modes_lcl.h"
 
 static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
@@ -121,10 +78,11 @@ static int cmll_t4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                             const unsigned char *iv, int enc)
 {
     int ret, mode, bits;
-    EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data;
+    EVP_CAMELLIA_KEY *dat =
+        (EVP_CAMELLIA_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx);
 
-    mode = ctx->cipher->flags & EVP_CIPH_MODE;
-    bits = ctx->key_len * 8;
+    mode = EVP_CIPHER_CTX_mode(ctx);
+    bits = EVP_CIPHER_CTX_key_length(ctx) * 8;
 
     cmll_t4_set_key(key, bits, &dat->ks);
 
@@ -250,24 +208,23 @@ const EVP_CIPHER *EVP_camellia_##keylen##_##mode(void) \
         BLOCK_CIPHER_generic(nid,keylen,1,16,ofb128,ofb,OFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1)   \
         BLOCK_CIPHER_generic(nid,keylen,1,16,cfb128,cfb,CFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1)   \
         BLOCK_CIPHER_generic(nid,keylen,1,16,cfb1,cfb1,CFB,flags)       \
-        BLOCK_CIPHER_generic(nid,keylen,1,16,cfb8,cfb8,CFB,flags)
-# if 0                          /* not yet, missing NID */
-BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags)
-# endif
+        BLOCK_CIPHER_generic(nid,keylen,1,16,cfb8,cfb8,CFB,flags)       \
+        BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags)
+
 /* The subkey for Camellia is generated. */
 static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                              const unsigned char *iv, int enc)
 {
     int ret, mode;
-    EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data;
+    EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
 
-    ret = Camellia_set_key(key, ctx->key_len * 8, &dat->ks);
+    ret = Camellia_set_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, &dat->ks);
     if (ret < 0) {
         EVPerr(EVP_F_CAMELLIA_INIT_KEY, EVP_R_CAMELLIA_KEY_SETUP_FAILED);
         return 0;
     }
 
-    mode = ctx->cipher->flags & EVP_CIPH_MODE;
+    mode = EVP_CIPHER_CTX_mode(ctx);
     if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
         && !enc) {
         dat->block = (block128_f) Camellia_decrypt;
@@ -285,14 +242,18 @@ static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 static int camellia_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                const unsigned char *in, size_t len)
 {
-    EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data;
+    EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
 
     if (dat->stream.cbc)
-        (*dat->stream.cbc) (in, out, len, &dat->ks, ctx->iv, ctx->encrypt);
-    else if (ctx->encrypt)
-        CRYPTO_cbc128_encrypt(in, out, len, &dat->ks, ctx->iv, dat->block);
+        (*dat->stream.cbc) (in, out, len, &dat->ks,
+                            EVP_CIPHER_CTX_iv_noconst(ctx),
+                            EVP_CIPHER_CTX_encrypting(ctx));
+    else if (EVP_CIPHER_CTX_encrypting(ctx))
+        CRYPTO_cbc128_encrypt(in, out, len, &dat->ks,
+                              EVP_CIPHER_CTX_iv_noconst(ctx), dat->block);
     else
-        CRYPTO_cbc128_decrypt(in, out, len, &dat->ks, ctx->iv, dat->block);
+        CRYPTO_cbc128_decrypt(in, out, len, &dat->ks,
+                              EVP_CIPHER_CTX_iv_noconst(ctx), dat->block);
 
     return 1;
 }
@@ -300,9 +261,9 @@ static int camellia_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 static int camellia_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                const unsigned char *in, size_t len)
 {
-    size_t bl = ctx->cipher->block_size;
+    size_t bl = EVP_CIPHER_CTX_block_size(ctx);
     size_t i;
-    EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data;
+    EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
 
     if (len < bl)
         return 1;
@@ -316,83 +277,92 @@ static int camellia_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 static int camellia_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                const unsigned char *in, size_t len)
 {
-    EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data;
+    EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
 
+    int num = EVP_CIPHER_CTX_num(ctx);
     CRYPTO_ofb128_encrypt(in, out, len, &dat->ks,
-                          ctx->iv, &ctx->num, dat->block);
+                          EVP_CIPHER_CTX_iv_noconst(ctx), &num, dat->block);
+    EVP_CIPHER_CTX_set_num(ctx, num);
     return 1;
 }
 
 static int camellia_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                const unsigned char *in, size_t len)
 {
-    EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data;
+    EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
 
+    int num = EVP_CIPHER_CTX_num(ctx);
     CRYPTO_cfb128_encrypt(in, out, len, &dat->ks,
-                          ctx->iv, &ctx->num, ctx->encrypt, dat->block);
+                          EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+    EVP_CIPHER_CTX_set_num(ctx, num);
     return 1;
 }
 
 static int camellia_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                 const unsigned char *in, size_t len)
 {
-    EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data;
+    EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
 
+    int num = EVP_CIPHER_CTX_num(ctx);
     CRYPTO_cfb128_8_encrypt(in, out, len, &dat->ks,
-                            ctx->iv, &ctx->num, ctx->encrypt, dat->block);
+                            EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+    EVP_CIPHER_CTX_set_num(ctx, num);
     return 1;
 }
 
 static int camellia_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                 const unsigned char *in, size_t len)
 {
-    EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data;
+    EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
 
-    if (ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) {
+    if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) {
+        int num = EVP_CIPHER_CTX_num(ctx);
         CRYPTO_cfb128_1_encrypt(in, out, len, &dat->ks,
-                                ctx->iv, &ctx->num, ctx->encrypt, dat->block);
+                                EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+        EVP_CIPHER_CTX_set_num(ctx, num);
         return 1;
     }
 
     while (len >= MAXBITCHUNK) {
+        int num = EVP_CIPHER_CTX_num(ctx);
         CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, &dat->ks,
-                                ctx->iv, &ctx->num, ctx->encrypt, dat->block);
+                                EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+        EVP_CIPHER_CTX_set_num(ctx, num);
         len -= MAXBITCHUNK;
         out += MAXBITCHUNK;
         in  += MAXBITCHUNK;
     }
-    if (len)
+    if (len) {
+        int num = EVP_CIPHER_CTX_num(ctx);
         CRYPTO_cfb128_1_encrypt(in, out, len * 8, &dat->ks,
-                                ctx->iv, &ctx->num, ctx->encrypt, dat->block);
+                                EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+        EVP_CIPHER_CTX_set_num(ctx, num);
+    }
 
     return 1;
 }
 
-# if 0                          /* not yet, missing NID */
 static int camellia_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                const unsigned char *in, size_t len)
 {
-    unsigned int num = ctx->num;
-    EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data;
+    unsigned int num = EVP_CIPHER_CTX_num(ctx);
+    EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
 
     if (dat->stream.ctr)
         CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks,
-                                    ctx->iv, ctx->buf, &num, dat->stream.ctr);
+                                    EVP_CIPHER_CTX_iv_noconst(ctx),
+                                    EVP_CIPHER_CTX_buf_noconst(ctx), &num,
+                                    dat->stream.ctr);
     else
         CRYPTO_ctr128_encrypt(in, out, len, &dat->ks,
-                              ctx->iv, ctx->buf, &num, dat->block);
-    ctx->num = (size_t)num;
+                              EVP_CIPHER_CTX_iv_noconst(ctx),
+                              EVP_CIPHER_CTX_buf_noconst(ctx), &num,
+                              dat->block);
+    EVP_CIPHER_CTX_set_num(ctx, num);
     return 1;
 }
-# endif
 
 BLOCK_CIPHER_generic_pack(NID_camellia, 128, 0)
     BLOCK_CIPHER_generic_pack(NID_camellia, 192, 0)
     BLOCK_CIPHER_generic_pack(NID_camellia, 256, 0)
-#else
-
-# ifdef PEDANTIC
-static void *dummy = &dummy;
-# endif
-
 #endif
diff --git a/freebsd/crypto/openssl/crypto/evp/e_cast.c b/freebsd/crypto/openssl/crypto/evp/e_cast.c
index e9029e95..43b6fef9 100644
--- a/freebsd/crypto/openssl/crypto/evp/e_cast.c
+++ b/freebsd/crypto/openssl/crypto/evp/e_cast.c
@@ -1,70 +1,21 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/evp/e_cast.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 
 #ifndef OPENSSL_NO_CAST
 # include <openssl/evp.h>
 # include <openssl/objects.h>
-# include "evp_locl.h"
+# include "internal/evp_int.h"
 # include <openssl/cast.h>
 
 static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
diff --git a/freebsd/crypto/openssl/crypto/evp/e_chacha20_poly1305.c b/freebsd/crypto/openssl/crypto/evp/e_chacha20_poly1305.c
new file mode 100644
index 00000000..3f73fd19
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/evp/e_chacha20_poly1305.c
@@ -0,0 +1,632 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_CHACHA
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include "evp_locl.h"
+# include "internal/evp_int.h"
+# include "internal/chacha.h"
+
+typedef struct {
+    union {
+        double align;   /* this ensures even sizeof(EVP_CHACHA_KEY)%8==0 */
+        unsigned int d[CHACHA_KEY_SIZE / 4];
+    } key;
+    unsigned int  counter[CHACHA_CTR_SIZE / 4];
+    unsigned char buf[CHACHA_BLK_SIZE];
+    unsigned int  partial_len;
+} EVP_CHACHA_KEY;
+
+#define data(ctx)   ((EVP_CHACHA_KEY *)(ctx)->cipher_data)
+
+static int chacha_init_key(EVP_CIPHER_CTX *ctx,
+                           const unsigned char user_key[CHACHA_KEY_SIZE],
+                           const unsigned char iv[CHACHA_CTR_SIZE], int enc)
+{
+    EVP_CHACHA_KEY *key = data(ctx);
+    unsigned int i;
+
+    if (user_key)
+        for (i = 0; i < CHACHA_KEY_SIZE; i+=4) {
+            key->key.d[i/4] = CHACHA_U8TOU32(user_key+i);
+        }
+
+    if (iv)
+        for (i = 0; i < CHACHA_CTR_SIZE; i+=4) {
+            key->counter[i/4] = CHACHA_U8TOU32(iv+i);
+        }
+
+    key->partial_len = 0;
+
+    return 1;
+}
+
+static int chacha_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
+                         const unsigned char *inp, size_t len)
+{
+    EVP_CHACHA_KEY *key = data(ctx);
+    unsigned int n, rem, ctr32;
+
+    if ((n = key->partial_len)) {
+        while (len && n < CHACHA_BLK_SIZE) {
+            *out++ = *inp++ ^ key->buf[n++];
+            len--;
+        }
+        key->partial_len = n;
+
+        if (len == 0)
+            return 1;
+
+        if (n == CHACHA_BLK_SIZE) {
+            key->partial_len = 0;
+            key->counter[0]++;
+            if (key->counter[0] == 0)
+                key->counter[1]++;
+        }
+    }
+
+    rem = (unsigned int)(len % CHACHA_BLK_SIZE);
+    len -= rem;
+    ctr32 = key->counter[0];
+    while (len >= CHACHA_BLK_SIZE) {
+        size_t blocks = len / CHACHA_BLK_SIZE;
+        /*
+         * 1<<28 is just a not-so-small yet not-so-large number...
+         * Below condition is practically never met, but it has to
+         * be checked for code correctness.
+         */
+        if (sizeof(size_t)>sizeof(unsigned int) && blocks>(1U<<28))
+            blocks = (1U<<28);
+
+        /*
+         * As ChaCha20_ctr32 operates on 32-bit counter, caller
+         * has to handle overflow. 'if' below detects the
+         * overflow, which is then handled by limiting the
+         * amount of blocks to the exact overflow point...
+         */
+        ctr32 += (unsigned int)blocks;
+        if (ctr32 < blocks) {
+            blocks -= ctr32;
+            ctr32 = 0;
+        }
+        blocks *= CHACHA_BLK_SIZE;
+        ChaCha20_ctr32(out, inp, blocks, key->key.d, key->counter);
+        len -= blocks;
+        inp += blocks;
+        out += blocks;
+
+        key->counter[0] = ctr32;
+        if (ctr32 == 0) key->counter[1]++;
+    }
+
+    if (rem) {
+        memset(key->buf, 0, sizeof(key->buf));
+        ChaCha20_ctr32(key->buf, key->buf, CHACHA_BLK_SIZE,
+                       key->key.d, key->counter);
+        for (n = 0; n < rem; n++)
+            out[n] = inp[n] ^ key->buf[n];
+        key->partial_len = rem;
+    }
+
+    return 1;
+}
+
+static const EVP_CIPHER chacha20 = {
+    NID_chacha20,
+    1,                      /* block_size */
+    CHACHA_KEY_SIZE,        /* key_len */
+    CHACHA_CTR_SIZE,        /* iv_len, 128-bit counter in the context */
+    EVP_CIPH_CUSTOM_IV | EVP_CIPH_ALWAYS_CALL_INIT,
+    chacha_init_key,
+    chacha_cipher,
+    NULL,
+    sizeof(EVP_CHACHA_KEY),
+    NULL,
+    NULL,
+    NULL,
+    NULL
+};
+
+const EVP_CIPHER *EVP_chacha20(void)
+{
+    return &chacha20;
+}
+
+# ifndef OPENSSL_NO_POLY1305
+#  include "internal/poly1305.h"
+
+typedef struct {
+    EVP_CHACHA_KEY key;
+    unsigned int nonce[12/4];
+    unsigned char tag[POLY1305_BLOCK_SIZE];
+    unsigned char tls_aad[POLY1305_BLOCK_SIZE];
+    struct { uint64_t aad, text; } len;
+    int aad, mac_inited, tag_len, nonce_len;
+    size_t tls_payload_length;
+} EVP_CHACHA_AEAD_CTX;
+
+#  define NO_TLS_PAYLOAD_LENGTH ((size_t)-1)
+#  define aead_data(ctx)        ((EVP_CHACHA_AEAD_CTX *)(ctx)->cipher_data)
+#  define POLY1305_ctx(actx)    ((POLY1305 *)(actx + 1))
+
+static int chacha20_poly1305_init_key(EVP_CIPHER_CTX *ctx,
+                                      const unsigned char *inkey,
+                                      const unsigned char *iv, int enc)
+{
+    EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx);
+
+    if (!inkey && !iv)
+        return 1;
+
+    actx->len.aad = 0;
+    actx->len.text = 0;
+    actx->aad = 0;
+    actx->mac_inited = 0;
+    actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH;
+
+    if (iv != NULL) {
+        unsigned char temp[CHACHA_CTR_SIZE] = { 0 };
+
+        /* pad on the left */
+        if (actx->nonce_len <= CHACHA_CTR_SIZE)
+            memcpy(temp + CHACHA_CTR_SIZE - actx->nonce_len, iv,
+                   actx->nonce_len);
+
+        chacha_init_key(ctx, inkey, temp, enc);
+
+        actx->nonce[0] = actx->key.counter[1];
+        actx->nonce[1] = actx->key.counter[2];
+        actx->nonce[2] = actx->key.counter[3];
+    } else {
+        chacha_init_key(ctx, inkey, NULL, enc);
+    }
+
+    return 1;
+}
+
+#  if !defined(OPENSSL_SMALL_FOOTPRINT)
+
+#   if defined(POLY1305_ASM) && (defined(__x86_64) || defined(__x86_64__) || \
+                                 defined(_M_AMD64) || defined(_M_X64))
+#    define XOR128_HELPERS
+void *xor128_encrypt_n_pad(void *out, const void *inp, void *otp, size_t len);
+void *xor128_decrypt_n_pad(void *out, const void *inp, void *otp, size_t len);
+static const unsigned char zero[4 * CHACHA_BLK_SIZE] = { 0 };
+#   else
+static const unsigned char zero[2 * CHACHA_BLK_SIZE] = { 0 };
+#   endif
+
+static int chacha20_poly1305_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                        const unsigned char *in, size_t len)
+{
+    EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx);
+    size_t tail, tohash_len, buf_len, plen = actx->tls_payload_length;
+    unsigned char *buf, *tohash, *ctr, storage[sizeof(zero) + 32];
+
+    if (len != plen + POLY1305_BLOCK_SIZE)
+        return -1;
+
+    buf = storage + ((0 - (size_t)storage) & 15);   /* align */
+    ctr = buf + CHACHA_BLK_SIZE;
+    tohash = buf + CHACHA_BLK_SIZE - POLY1305_BLOCK_SIZE;
+
+#   ifdef XOR128_HELPERS
+    if (plen <= 3 * CHACHA_BLK_SIZE) {
+        actx->key.counter[0] = 0;
+        buf_len = (plen + 2 * CHACHA_BLK_SIZE - 1) & (0 - CHACHA_BLK_SIZE);
+        ChaCha20_ctr32(buf, zero, buf_len, actx->key.key.d,
+                       actx->key.counter);
+        Poly1305_Init(POLY1305_ctx(actx), buf);
+        actx->key.partial_len = 0;
+        memcpy(tohash, actx->tls_aad, POLY1305_BLOCK_SIZE);
+        tohash_len = POLY1305_BLOCK_SIZE;
+        actx->len.aad = EVP_AEAD_TLS1_AAD_LEN;
+        actx->len.text = plen;
+
+        if (plen) {
+            if (ctx->encrypt)
+                ctr = xor128_encrypt_n_pad(out, in, ctr, plen);
+            else
+                ctr = xor128_decrypt_n_pad(out, in, ctr, plen);
+
+            in += plen;
+            out += plen;
+            tohash_len = (size_t)(ctr - tohash);
+        }
+    }
+#   else
+    if (plen <= CHACHA_BLK_SIZE) {
+        size_t i;
+
+        actx->key.counter[0] = 0;
+        ChaCha20_ctr32(buf, zero, (buf_len = 2 * CHACHA_BLK_SIZE),
+                       actx->key.key.d, actx->key.counter);
+        Poly1305_Init(POLY1305_ctx(actx), buf);
+        actx->key.partial_len = 0;
+        memcpy(tohash, actx->tls_aad, POLY1305_BLOCK_SIZE);
+        tohash_len = POLY1305_BLOCK_SIZE;
+        actx->len.aad = EVP_AEAD_TLS1_AAD_LEN;
+        actx->len.text = plen;
+
+        if (ctx->encrypt) {
+            for (i = 0; i < plen; i++) {
+                out[i] = ctr[i] ^= in[i];
+            }
+        } else {
+            for (i = 0; i < plen; i++) {
+                unsigned char c = in[i];
+                out[i] = ctr[i] ^ c;
+                ctr[i] = c;
+            }
+        }
+
+        in += i;
+        out += i;
+
+        tail = (0 - i) & (POLY1305_BLOCK_SIZE - 1);
+        memset(ctr + i, 0, tail);
+        ctr += i + tail;
+        tohash_len += i + tail;
+    }
+#   endif
+    else {
+        actx->key.counter[0] = 0;
+        ChaCha20_ctr32(buf, zero, (buf_len = CHACHA_BLK_SIZE),
+                       actx->key.key.d, actx->key.counter);
+        Poly1305_Init(POLY1305_ctx(actx), buf);
+        actx->key.counter[0] = 1;
+        actx->key.partial_len = 0;
+        Poly1305_Update(POLY1305_ctx(actx), actx->tls_aad, POLY1305_BLOCK_SIZE);
+        tohash = ctr;
+        tohash_len = 0;
+        actx->len.aad = EVP_AEAD_TLS1_AAD_LEN;
+        actx->len.text = plen;
+
+        if (ctx->encrypt) {
+            ChaCha20_ctr32(out, in, plen, actx->key.key.d, actx->key.counter);
+            Poly1305_Update(POLY1305_ctx(actx), out, plen);
+        } else {
+            Poly1305_Update(POLY1305_ctx(actx), in, plen);
+            ChaCha20_ctr32(out, in, plen, actx->key.key.d, actx->key.counter);
+        }
+
+        in += plen;
+        out += plen;
+        tail = (0 - plen) & (POLY1305_BLOCK_SIZE - 1);
+        Poly1305_Update(POLY1305_ctx(actx), zero, tail);
+    }
+
+    {
+        const union {
+            long one;
+            char little;
+        } is_endian = { 1 };
+
+        if (is_endian.little) {
+            memcpy(ctr, (unsigned char *)&actx->len, POLY1305_BLOCK_SIZE);
+        } else {
+            ctr[0]  = (unsigned char)(actx->len.aad);
+            ctr[1]  = (unsigned char)(actx->len.aad>>8);
+            ctr[2]  = (unsigned char)(actx->len.aad>>16);
+            ctr[3]  = (unsigned char)(actx->len.aad>>24);
+            ctr[4]  = (unsigned char)(actx->len.aad>>32);
+            ctr[5]  = (unsigned char)(actx->len.aad>>40);
+            ctr[6]  = (unsigned char)(actx->len.aad>>48);
+            ctr[7]  = (unsigned char)(actx->len.aad>>56);
+
+            ctr[8]  = (unsigned char)(actx->len.text);
+            ctr[9]  = (unsigned char)(actx->len.text>>8);
+            ctr[10] = (unsigned char)(actx->len.text>>16);
+            ctr[11] = (unsigned char)(actx->len.text>>24);
+            ctr[12] = (unsigned char)(actx->len.text>>32);
+            ctr[13] = (unsigned char)(actx->len.text>>40);
+            ctr[14] = (unsigned char)(actx->len.text>>48);
+            ctr[15] = (unsigned char)(actx->len.text>>56);
+        }
+        tohash_len += POLY1305_BLOCK_SIZE;
+    }
+
+    Poly1305_Update(POLY1305_ctx(actx), tohash, tohash_len);
+    OPENSSL_cleanse(buf, buf_len);
+    Poly1305_Final(POLY1305_ctx(actx), ctx->encrypt ? actx->tag
+                                                    : tohash);
+
+    actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH;
+
+    if (ctx->encrypt) {
+        memcpy(out, actx->tag, POLY1305_BLOCK_SIZE);
+    } else {
+        if (CRYPTO_memcmp(tohash, in, POLY1305_BLOCK_SIZE)) {
+            memset(out - (len - POLY1305_BLOCK_SIZE), 0,
+                   len - POLY1305_BLOCK_SIZE);
+            return -1;
+        }
+    }
+
+    return len;
+}
+#  else
+static const unsigned char zero[CHACHA_BLK_SIZE] = { 0 };
+#  endif
+
+static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                    const unsigned char *in, size_t len)
+{
+    EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx);
+    size_t rem, plen = actx->tls_payload_length;
+
+    if (!actx->mac_inited) {
+#  if !defined(OPENSSL_SMALL_FOOTPRINT)
+        if (plen != NO_TLS_PAYLOAD_LENGTH && out != NULL)
+            return chacha20_poly1305_tls_cipher(ctx, out, in, len);
+#  endif
+        actx->key.counter[0] = 0;
+        ChaCha20_ctr32(actx->key.buf, zero, CHACHA_BLK_SIZE,
+                       actx->key.key.d, actx->key.counter);
+        Poly1305_Init(POLY1305_ctx(actx), actx->key.buf);
+        actx->key.counter[0] = 1;
+        actx->key.partial_len = 0;
+        actx->len.aad = actx->len.text = 0;
+        actx->mac_inited = 1;
+        if (plen != NO_TLS_PAYLOAD_LENGTH) {
+            Poly1305_Update(POLY1305_ctx(actx), actx->tls_aad,
+                            EVP_AEAD_TLS1_AAD_LEN);
+            actx->len.aad = EVP_AEAD_TLS1_AAD_LEN;
+            actx->aad = 1;
+        }
+    }
+
+    if (in) {                                   /* aad or text */
+        if (out == NULL) {                      /* aad */
+            Poly1305_Update(POLY1305_ctx(actx), in, len);
+            actx->len.aad += len;
+            actx->aad = 1;
+            return len;
+        } else {                                /* plain- or ciphertext */
+            if (actx->aad) {                    /* wrap up aad */
+                if ((rem = (size_t)actx->len.aad % POLY1305_BLOCK_SIZE))
+                    Poly1305_Update(POLY1305_ctx(actx), zero,
+                                    POLY1305_BLOCK_SIZE - rem);
+                actx->aad = 0;
+            }
+
+            actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH;
+            if (plen == NO_TLS_PAYLOAD_LENGTH)
+                plen = len;
+            else if (len != plen + POLY1305_BLOCK_SIZE)
+                return -1;
+
+            if (ctx->encrypt) {                 /* plaintext */
+                chacha_cipher(ctx, out, in, plen);
+                Poly1305_Update(POLY1305_ctx(actx), out, plen);
+                in += plen;
+                out += plen;
+                actx->len.text += plen;
+            } else {                            /* ciphertext */
+                Poly1305_Update(POLY1305_ctx(actx), in, plen);
+                chacha_cipher(ctx, out, in, plen);
+                in += plen;
+                out += plen;
+                actx->len.text += plen;
+            }
+        }
+    }
+    if (in == NULL                              /* explicit final */
+        || plen != len) {                       /* or tls mode */
+        const union {
+            long one;
+            char little;
+        } is_endian = { 1 };
+        unsigned char temp[POLY1305_BLOCK_SIZE];
+
+        if (actx->aad) {                        /* wrap up aad */
+            if ((rem = (size_t)actx->len.aad % POLY1305_BLOCK_SIZE))
+                Poly1305_Update(POLY1305_ctx(actx), zero,
+                                POLY1305_BLOCK_SIZE - rem);
+            actx->aad = 0;
+        }
+
+        if ((rem = (size_t)actx->len.text % POLY1305_BLOCK_SIZE))
+            Poly1305_Update(POLY1305_ctx(actx), zero,
+                            POLY1305_BLOCK_SIZE - rem);
+
+        if (is_endian.little) {
+            Poly1305_Update(POLY1305_ctx(actx),
+                            (unsigned char *)&actx->len, POLY1305_BLOCK_SIZE);
+        } else {
+            temp[0]  = (unsigned char)(actx->len.aad);
+            temp[1]  = (unsigned char)(actx->len.aad>>8);
+            temp[2]  = (unsigned char)(actx->len.aad>>16);
+            temp[3]  = (unsigned char)(actx->len.aad>>24);
+            temp[4]  = (unsigned char)(actx->len.aad>>32);
+            temp[5]  = (unsigned char)(actx->len.aad>>40);
+            temp[6]  = (unsigned char)(actx->len.aad>>48);
+            temp[7]  = (unsigned char)(actx->len.aad>>56);
+
+            temp[8]  = (unsigned char)(actx->len.text);
+            temp[9]  = (unsigned char)(actx->len.text>>8);
+            temp[10] = (unsigned char)(actx->len.text>>16);
+            temp[11] = (unsigned char)(actx->len.text>>24);
+            temp[12] = (unsigned char)(actx->len.text>>32);
+            temp[13] = (unsigned char)(actx->len.text>>40);
+            temp[14] = (unsigned char)(actx->len.text>>48);
+            temp[15] = (unsigned char)(actx->len.text>>56);
+
+            Poly1305_Update(POLY1305_ctx(actx), temp, POLY1305_BLOCK_SIZE);
+        }
+        Poly1305_Final(POLY1305_ctx(actx), ctx->encrypt ? actx->tag
+                                                        : temp);
+        actx->mac_inited = 0;
+
+        if (in != NULL && len != plen) {        /* tls mode */
+            if (ctx->encrypt) {
+                memcpy(out, actx->tag, POLY1305_BLOCK_SIZE);
+            } else {
+                if (CRYPTO_memcmp(temp, in, POLY1305_BLOCK_SIZE)) {
+                    memset(out - plen, 0, plen);
+                    return -1;
+                }
+            }
+        }
+        else if (!ctx->encrypt) {
+            if (CRYPTO_memcmp(temp, actx->tag, actx->tag_len))
+                return -1;
+        }
+    }
+    return len;
+}
+
+static int chacha20_poly1305_cleanup(EVP_CIPHER_CTX *ctx)
+{
+    EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx);
+    if (actx)
+        OPENSSL_cleanse(ctx->cipher_data, sizeof(*actx) + Poly1305_ctx_size());
+    return 1;
+}
+
+static int chacha20_poly1305_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+                                  void *ptr)
+{
+    EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx);
+
+    switch(type) {
+    case EVP_CTRL_INIT:
+        if (actx == NULL)
+            actx = ctx->cipher_data
+                 = OPENSSL_zalloc(sizeof(*actx) + Poly1305_ctx_size());
+        if (actx == NULL) {
+            EVPerr(EVP_F_CHACHA20_POLY1305_CTRL, EVP_R_INITIALIZATION_ERROR);
+            return 0;
+        }
+        actx->len.aad = 0;
+        actx->len.text = 0;
+        actx->aad = 0;
+        actx->mac_inited = 0;
+        actx->tag_len = 0;
+        actx->nonce_len = 12;
+        actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH;
+        memset(actx->tls_aad, 0, POLY1305_BLOCK_SIZE);
+        return 1;
+
+    case EVP_CTRL_COPY:
+        if (actx) {
+            EVP_CIPHER_CTX *dst = (EVP_CIPHER_CTX *)ptr;
+
+            dst->cipher_data =
+                   OPENSSL_memdup(actx, sizeof(*actx) + Poly1305_ctx_size());
+            if (dst->cipher_data == NULL) {
+                EVPerr(EVP_F_CHACHA20_POLY1305_CTRL, EVP_R_COPY_ERROR);
+                return 0;
+            }
+        }
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_IVLEN:
+        if (arg <= 0 || arg > CHACHA_CTR_SIZE)
+            return 0;
+        actx->nonce_len = arg;
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_IV_FIXED:
+        if (arg != 12)
+            return 0;
+        actx->nonce[0] = actx->key.counter[1]
+                       = CHACHA_U8TOU32((unsigned char *)ptr);
+        actx->nonce[1] = actx->key.counter[2]
+                       = CHACHA_U8TOU32((unsigned char *)ptr+4);
+        actx->nonce[2] = actx->key.counter[3]
+                       = CHACHA_U8TOU32((unsigned char *)ptr+8);
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_TAG:
+        if (arg <= 0 || arg > POLY1305_BLOCK_SIZE)
+            return 0;
+        if (ptr != NULL) {
+            memcpy(actx->tag, ptr, arg);
+            actx->tag_len = arg;
+        }
+        return 1;
+
+    case EVP_CTRL_AEAD_GET_TAG:
+        if (arg <= 0 || arg > POLY1305_BLOCK_SIZE || !ctx->encrypt)
+            return 0;
+        memcpy(ptr, actx->tag, arg);
+        return 1;
+
+    case EVP_CTRL_AEAD_TLS1_AAD:
+        if (arg != EVP_AEAD_TLS1_AAD_LEN)
+            return 0;
+        {
+            unsigned int len;
+            unsigned char *aad = ptr;
+
+            memcpy(actx->tls_aad, ptr, EVP_AEAD_TLS1_AAD_LEN);
+            len = aad[EVP_AEAD_TLS1_AAD_LEN - 2] << 8 |
+                  aad[EVP_AEAD_TLS1_AAD_LEN - 1];
+            aad = actx->tls_aad;
+            if (!ctx->encrypt) {
+                if (len < POLY1305_BLOCK_SIZE)
+                    return 0;
+                len -= POLY1305_BLOCK_SIZE;     /* discount attached tag */
+                aad[EVP_AEAD_TLS1_AAD_LEN - 2] = (unsigned char)(len >> 8);
+                aad[EVP_AEAD_TLS1_AAD_LEN - 1] = (unsigned char)len;
+            }
+            actx->tls_payload_length = len;
+
+            /*
+             * merge record sequence number as per RFC7905
+             */
+            actx->key.counter[1] = actx->nonce[0];
+            actx->key.counter[2] = actx->nonce[1] ^ CHACHA_U8TOU32(aad);
+            actx->key.counter[3] = actx->nonce[2] ^ CHACHA_U8TOU32(aad+4);
+            actx->mac_inited = 0;
+
+            return POLY1305_BLOCK_SIZE;         /* tag length */
+        }
+
+    case EVP_CTRL_AEAD_SET_MAC_KEY:
+        /* no-op */
+        return 1;
+
+    default:
+        return -1;
+    }
+}
+
+static EVP_CIPHER chacha20_poly1305 = {
+    NID_chacha20_poly1305,
+    1,                  /* block_size */
+    CHACHA_KEY_SIZE,    /* key_len */
+    12,                 /* iv_len, 96-bit nonce in the context */
+    EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_CUSTOM_IV |
+    EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT |
+    EVP_CIPH_CUSTOM_COPY | EVP_CIPH_FLAG_CUSTOM_CIPHER,
+    chacha20_poly1305_init_key,
+    chacha20_poly1305_cipher,
+    chacha20_poly1305_cleanup,
+    0,          /* 0 moves context-specific structure allocation to ctrl */
+    NULL,       /* set_asn1_parameters */
+    NULL,       /* get_asn1_parameters */
+    chacha20_poly1305_ctrl,
+    NULL        /* app_data */
+};
+
+const EVP_CIPHER *EVP_chacha20_poly1305(void)
+{
+    return(&chacha20_poly1305);
+}
+# endif
+#endif
diff --git a/freebsd/crypto/openssl/crypto/evp/e_des.c b/freebsd/crypto/openssl/crypto/evp/e_des.c
index 0ecad8c9..8eed0336 100644
--- a/freebsd/crypto/openssl/crypto/evp/e_des.c
+++ b/freebsd/crypto/openssl/crypto/evp/e_des.c
@@ -1,69 +1,20 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/evp/e_des.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #ifndef OPENSSL_NO_DES
 # include <openssl/evp.h>
 # include <openssl/objects.h>
-# include "evp_locl.h"
+# include "internal/evp_int.h"
 # include <openssl/des.h>
 # include <openssl/rand.h>
 
@@ -108,7 +59,8 @@ static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 {
     BLOCK_CIPHER_ecb_loop()
         DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i),
-                        ctx->cipher_data, ctx->encrypt);
+                        EVP_CIPHER_CTX_get_cipher_data(ctx),
+                        EVP_CIPHER_CTX_encrypting(ctx));
     return 1;
 }
 
@@ -116,37 +68,49 @@ static int des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                           const unsigned char *in, size_t inl)
 {
     while (inl >= EVP_MAXCHUNK) {
-        DES_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data,
-                          (DES_cblock *)ctx->iv, &ctx->num);
+        int num = EVP_CIPHER_CTX_num(ctx);
+        DES_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK,
+                          EVP_CIPHER_CTX_get_cipher_data(ctx),
+                          (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), &num);
+        EVP_CIPHER_CTX_set_num(ctx, num);
         inl -= EVP_MAXCHUNK;
         in += EVP_MAXCHUNK;
         out += EVP_MAXCHUNK;
     }
-    if (inl)
-        DES_ofb64_encrypt(in, out, (long)inl, ctx->cipher_data,
-                          (DES_cblock *)ctx->iv, &ctx->num);
+    if (inl) {
+        int num = EVP_CIPHER_CTX_num(ctx);
+        DES_ofb64_encrypt(in, out, (long)inl,
+                          EVP_CIPHER_CTX_get_cipher_data(ctx),
+                          (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), &num);
+        EVP_CIPHER_CTX_set_num(ctx, num);
+    }
     return 1;
 }
 
 static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                           const unsigned char *in, size_t inl)
 {
-    EVP_DES_KEY *dat = (EVP_DES_KEY *) ctx->cipher_data;
+    EVP_DES_KEY *dat = (EVP_DES_KEY *) EVP_CIPHER_CTX_get_cipher_data(ctx);
 
     if (dat->stream.cbc != NULL) {
-        (*dat->stream.cbc) (in, out, inl, &dat->ks.ks, ctx->iv);
+        (*dat->stream.cbc) (in, out, inl, &dat->ks.ks,
+                            EVP_CIPHER_CTX_iv_noconst(ctx));
         return 1;
     }
     while (inl >= EVP_MAXCHUNK) {
-        DES_ncbc_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data,
-                         (DES_cblock *)ctx->iv, ctx->encrypt);
+        DES_ncbc_encrypt(in, out, (long)EVP_MAXCHUNK,
+                         EVP_CIPHER_CTX_get_cipher_data(ctx),
+                         (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                         EVP_CIPHER_CTX_encrypting(ctx));
         inl -= EVP_MAXCHUNK;
         in += EVP_MAXCHUNK;
         out += EVP_MAXCHUNK;
     }
     if (inl)
-        DES_ncbc_encrypt(in, out, (long)inl, ctx->cipher_data,
-                         (DES_cblock *)ctx->iv, ctx->encrypt);
+        DES_ncbc_encrypt(in, out, (long)inl,
+                         EVP_CIPHER_CTX_get_cipher_data(ctx),
+                         (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                         EVP_CIPHER_CTX_encrypting(ctx));
     return 1;
 }
 
@@ -154,15 +118,24 @@ static int des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                             const unsigned char *in, size_t inl)
 {
     while (inl >= EVP_MAXCHUNK) {
-        DES_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data,
-                          (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
+        int num = EVP_CIPHER_CTX_num(ctx);
+        DES_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK,
+                          EVP_CIPHER_CTX_get_cipher_data(ctx),
+                          (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), &num,
+                          EVP_CIPHER_CTX_encrypting(ctx));
+        EVP_CIPHER_CTX_set_num(ctx, num);
         inl -= EVP_MAXCHUNK;
         in += EVP_MAXCHUNK;
         out += EVP_MAXCHUNK;
     }
-    if (inl)
-        DES_cfb64_encrypt(in, out, (long)inl, ctx->cipher_data,
-                          (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
+    if (inl) {
+        int num = EVP_CIPHER_CTX_num(ctx);
+        DES_cfb64_encrypt(in, out, (long)inl,
+                          EVP_CIPHER_CTX_get_cipher_data(ctx),
+                          (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), &num,
+                          EVP_CIPHER_CTX_encrypting(ctx));
+        EVP_CIPHER_CTX_set_num(ctx, num);
+    }
     return 1;
 }
 
@@ -182,8 +155,9 @@ static int des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     while (inl && inl >= chunk) {
         for (n = 0; n < chunk * 8; ++n) {
             c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
-            DES_cfb_encrypt(c, d, 1, 1, ctx->cipher_data,
-                            (DES_cblock *)ctx->iv, ctx->encrypt);
+            DES_cfb_encrypt(c, d, 1, 1, EVP_CIPHER_CTX_get_cipher_data(ctx),
+                            (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                            EVP_CIPHER_CTX_encrypting(ctx));
             out[n / 8] =
                 (out[n / 8] & ~(0x80 >> (unsigned int)(n % 8))) |
                 ((d[0] & 0x80) >> (unsigned int)(n % 8));
@@ -202,15 +176,19 @@ static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                            const unsigned char *in, size_t inl)
 {
     while (inl >= EVP_MAXCHUNK) {
-        DES_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK, ctx->cipher_data,
-                        (DES_cblock *)ctx->iv, ctx->encrypt);
+        DES_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK,
+                        EVP_CIPHER_CTX_get_cipher_data(ctx),
+                        (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                        EVP_CIPHER_CTX_encrypting(ctx));
         inl -= EVP_MAXCHUNK;
         in += EVP_MAXCHUNK;
         out += EVP_MAXCHUNK;
     }
     if (inl)
-        DES_cfb_encrypt(in, out, 8, (long)inl, ctx->cipher_data,
-                        (DES_cblock *)ctx->iv, ctx->encrypt);
+        DES_cfb_encrypt(in, out, 8, (long)inl,
+                        EVP_CIPHER_CTX_get_cipher_data(ctx),
+                        (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                        EVP_CIPHER_CTX_encrypting(ctx));
     return 1;
 }
 
@@ -230,12 +208,12 @@ static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                         const unsigned char *iv, int enc)
 {
     DES_cblock *deskey = (DES_cblock *)key;
-    EVP_DES_KEY *dat = (EVP_DES_KEY *) ctx->cipher_data;
+    EVP_DES_KEY *dat = (EVP_DES_KEY *) EVP_CIPHER_CTX_get_cipher_data(ctx);
 
     dat->stream.cbc = NULL;
 # if defined(SPARC_DES_CAPABLE)
     if (SPARC_DES_CAPABLE) {
-        int mode = ctx->cipher->flags & EVP_CIPH_MODE;
+        int mode = EVP_CIPHER_CTX_mode(ctx);
 
         if (mode == EVP_CIPH_CBC_MODE) {
             des_t4_key_expand(key, &dat->ks.ks);
@@ -244,12 +222,7 @@ static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
         }
     }
 # endif
-# ifdef EVP_CHECK_DES_KEY
-    if (DES_set_key_checked(deskey, dat->ks.ks) != 0)
-        return 0;
-# else
-    DES_set_key_unchecked(deskey, ctx->cipher_data);
-# endif
+    DES_set_key_unchecked(deskey, EVP_CIPHER_CTX_get_cipher_data(ctx));
     return 1;
 }
 
@@ -258,7 +231,7 @@ static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
 
     switch (type) {
     case EVP_CTRL_RAND_KEY:
-        if (RAND_bytes(ptr, 8) <= 0)
+        if (RAND_priv_bytes(ptr, 8) <= 0)
             return 0;
         DES_set_odd_parity((DES_cblock *)ptr);
         return 1;
diff --git a/freebsd/crypto/openssl/crypto/evp/e_des3.c b/freebsd/crypto/openssl/crypto/evp/e_des3.c
index d19667b8..865e9c06 100644
--- a/freebsd/crypto/openssl/crypto/evp/e_des3.c
+++ b/freebsd/crypto/openssl/crypto/evp/e_des3.c
@@ -1,75 +1,23 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/evp/e_des3.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #ifndef OPENSSL_NO_DES
 # include <openssl/evp.h>
 # include <openssl/objects.h>
-# include "evp_locl.h"
+# include "internal/evp_int.h"
 # include <openssl/des.h>
 # include <openssl/rand.h>
-
-/* Block use of implementations in FIPS mode */
-# undef EVP_CIPH_FLAG_FIPS
-# define EVP_CIPH_FLAG_FIPS      0
+# include "evp_locl.h"
 
 typedef struct {
     union {
@@ -109,7 +57,7 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 
 static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
 
-# define data(ctx) ((DES_EDE_KEY *)(ctx)->cipher_data)
+# define data(ctx) EVP_C_DATA(DES_EDE_KEY,ctx)
 
 /*
  * Because of various casts and different args can't use
@@ -123,7 +71,7 @@ static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
         DES_ecb3_encrypt((const_DES_cblock *)(in + i),
                          (DES_cblock *)(out + i),
                          &data(ctx)->ks1, &data(ctx)->ks2,
-                         &data(ctx)->ks3, ctx->encrypt);
+                         &data(ctx)->ks3, EVP_CIPHER_CTX_encrypting(ctx));
     return 1;
 }
 
@@ -131,20 +79,26 @@ static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                               const unsigned char *in, size_t inl)
 {
     while (inl >= EVP_MAXCHUNK) {
+        int num = EVP_CIPHER_CTX_num(ctx);
         DES_ede3_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK,
                                &data(ctx)->ks1, &data(ctx)->ks2,
-                               &data(ctx)->ks3, (DES_cblock *)ctx->iv,
-                               &ctx->num);
+                               &data(ctx)->ks3,
+                               (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                               &num);
+        EVP_CIPHER_CTX_set_num(ctx, num);
         inl -= EVP_MAXCHUNK;
         in += EVP_MAXCHUNK;
         out += EVP_MAXCHUNK;
     }
-    if (inl)
+    if (inl) {
+        int num = EVP_CIPHER_CTX_num(ctx);
         DES_ede3_ofb64_encrypt(in, out, (long)inl,
                                &data(ctx)->ks1, &data(ctx)->ks2,
-                               &data(ctx)->ks3, (DES_cblock *)ctx->iv,
-                               &ctx->num);
-
+                               &data(ctx)->ks3,
+                               (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                               &num);
+        EVP_CIPHER_CTX_set_num(ctx, num);
+    }
     return 1;
 }
 
@@ -153,26 +107,17 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 {
     DES_EDE_KEY *dat = data(ctx);
 
-# ifdef KSSL_DEBUG
-    {
-        int i;
-        fprintf(stderr, "des_ede_cbc_cipher(ctx=%p, buflen=%d)\n", ctx,
-                ctx->buf_len);
-        fprintf(stderr, "\t iv= ");
-        for (i = 0; i < 8; i++)
-            fprintf(stderr, "%02X", ctx->iv[i]);
-        fprintf(stderr, "\n");
-    }
-# endif                         /* KSSL_DEBUG */
-    if (dat->stream.cbc) {
-        (*dat->stream.cbc) (in, out, inl, dat->ks.ks, ctx->iv);
+    if (dat->stream.cbc != NULL) {
+        (*dat->stream.cbc) (in, out, inl, dat->ks.ks,
+                            EVP_CIPHER_CTX_iv_noconst(ctx));
         return 1;
     }
 
     while (inl >= EVP_MAXCHUNK) {
         DES_ede3_cbc_encrypt(in, out, (long)EVP_MAXCHUNK,
                              &dat->ks1, &dat->ks2, &dat->ks3,
-                             (DES_cblock *)ctx->iv, ctx->encrypt);
+                             (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                             EVP_CIPHER_CTX_encrypting(ctx));
         inl -= EVP_MAXCHUNK;
         in += EVP_MAXCHUNK;
         out += EVP_MAXCHUNK;
@@ -180,7 +125,8 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     if (inl)
         DES_ede3_cbc_encrypt(in, out, (long)inl,
                              &dat->ks1, &dat->ks2, &dat->ks3,
-                             (DES_cblock *)ctx->iv, ctx->encrypt);
+                             (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                             EVP_CIPHER_CTX_encrypting(ctx));
     return 1;
 }
 
@@ -188,19 +134,26 @@ static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                 const unsigned char *in, size_t inl)
 {
     while (inl >= EVP_MAXCHUNK) {
+        int num = EVP_CIPHER_CTX_num(ctx);
         DES_ede3_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK,
                                &data(ctx)->ks1, &data(ctx)->ks2,
-                               &data(ctx)->ks3, (DES_cblock *)ctx->iv,
-                               &ctx->num, ctx->encrypt);
+                               &data(ctx)->ks3,
+                               (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                               &num, EVP_CIPHER_CTX_encrypting(ctx));
+        EVP_CIPHER_CTX_set_num(ctx, num);
         inl -= EVP_MAXCHUNK;
         in += EVP_MAXCHUNK;
         out += EVP_MAXCHUNK;
     }
-    if (inl)
+    if (inl) {
+        int num = EVP_CIPHER_CTX_num(ctx);
         DES_ede3_cfb64_encrypt(in, out, (long)inl,
                                &data(ctx)->ks1, &data(ctx)->ks2,
-                               &data(ctx)->ks3, (DES_cblock *)ctx->iv,
-                               &ctx->num, ctx->encrypt);
+                               &data(ctx)->ks3,
+                               (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                               &num, EVP_CIPHER_CTX_encrypting(ctx));
+        EVP_CIPHER_CTX_set_num(ctx, num);
+    }
     return 1;
 }
 
@@ -220,8 +173,9 @@ static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
         c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
         DES_ede3_cfb_encrypt(c, d, 1, 1,
                              &data(ctx)->ks1, &data(ctx)->ks2,
-                             &data(ctx)->ks3, (DES_cblock *)ctx->iv,
-                             ctx->encrypt);
+                             &data(ctx)->ks3,
+                             (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                             EVP_CIPHER_CTX_encrypting(ctx));
         out[n / 8] = (out[n / 8] & ~(0x80 >> (unsigned int)(n % 8)))
             | ((d[0] & 0x80) >> (unsigned int)(n % 8));
     }
@@ -235,8 +189,9 @@ static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     while (inl >= EVP_MAXCHUNK) {
         DES_ede3_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK,
                              &data(ctx)->ks1, &data(ctx)->ks2,
-                             &data(ctx)->ks3, (DES_cblock *)ctx->iv,
-                             ctx->encrypt);
+                             &data(ctx)->ks3,
+                             (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                             EVP_CIPHER_CTX_encrypting(ctx));
         inl -= EVP_MAXCHUNK;
         in += EVP_MAXCHUNK;
         out += EVP_MAXCHUNK;
@@ -244,8 +199,9 @@ static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     if (inl)
         DES_ede3_cfb_encrypt(in, out, 8, (long)inl,
                              &data(ctx)->ks1, &data(ctx)->ks2,
-                             &data(ctx)->ks3, (DES_cblock *)ctx->iv,
-                             ctx->encrypt);
+                             &data(ctx)->ks3,
+                             (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                             EVP_CIPHER_CTX_encrypting(ctx));
     return 1;
 }
 
@@ -257,19 +213,16 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
 # define des_ede3_cbc_cipher des_ede_cbc_cipher
 # define des_ede3_ecb_cipher des_ede_ecb_cipher
     BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
-                  EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_FIPS |
-                  EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL, NULL,
-                  des3_ctrl)
+                  EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
+                  des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
 
     BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 1,
-                     EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_FIPS |
-                     EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL,
-                     NULL, des3_ctrl)
+                     EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
+                     des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
 
     BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 8,
-                     EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_FIPS |
-                     EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL,
-                     NULL, des3_ctrl)
+                     EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
+                     des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
 
 static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                             const unsigned char *iv, int enc)
@@ -280,7 +233,7 @@ static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
     dat->stream.cbc = NULL;
 # if defined(SPARC_DES_CAPABLE)
     if (SPARC_DES_CAPABLE) {
-        int mode = ctx->cipher->flags & EVP_CIPH_MODE;
+        int mode = EVP_CIPHER_CTX_mode(ctx);
 
         if (mode == EVP_CIPH_CBC_MODE) {
             des_t4_key_expand(&deskey[0], &dat->ks1);
@@ -292,14 +245,8 @@ static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
         }
     }
 # endif
-# ifdef EVP_CHECK_DES_KEY
-    if (DES_set_key_checked(&deskey[0], &dat->ks1)
-        || DES_set_key_checked(&deskey[1], &dat->ks2))
-        return 0;
-# else
     DES_set_key_unchecked(&deskey[0], &dat->ks1);
     DES_set_key_unchecked(&deskey[1], &dat->ks2);
-# endif
     memcpy(&dat->ks3, &dat->ks1, sizeof(dat->ks1));
     return 1;
 }
@@ -310,27 +257,10 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
     DES_cblock *deskey = (DES_cblock *)key;
     DES_EDE_KEY *dat = data(ctx);
 
-# ifdef KSSL_DEBUG
-    {
-        int i;
-        fprintf(stderr, "des_ede3_init_key(ctx=%p)\n", ctx);
-        fprintf(stderr, "\tKEY= ");
-        for (i = 0; i < 24; i++)
-            fprintf(stderr, "%02X", key[i]);
-        fprintf(stderr, "\n");
-        if (iv) {
-            fprintf(stderr, "\t IV= ");
-            for (i = 0; i < 8; i++)
-                fprintf(stderr, "%02X", iv[i]);
-            fprintf(stderr, "\n");
-        }
-    }
-# endif                         /* KSSL_DEBUG */
-
     dat->stream.cbc = NULL;
 # if defined(SPARC_DES_CAPABLE)
     if (SPARC_DES_CAPABLE) {
-        int mode = ctx->cipher->flags & EVP_CIPH_MODE;
+        int mode = EVP_CIPHER_CTX_mode(ctx);
 
         if (mode == EVP_CIPH_CBC_MODE) {
             des_t4_key_expand(&deskey[0], &dat->ks1);
@@ -342,32 +272,25 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
         }
     }
 # endif
-# ifdef EVP_CHECK_DES_KEY
-    if (DES_set_key_checked(&deskey[0], &dat->ks1)
-        || DES_set_key_checked(&deskey[1], &dat->ks2)
-        || DES_set_key_checked(&deskey[2], &dat->ks3))
-        return 0;
-# else
     DES_set_key_unchecked(&deskey[0], &dat->ks1);
     DES_set_key_unchecked(&deskey[1], &dat->ks2);
     DES_set_key_unchecked(&deskey[2], &dat->ks3);
-# endif
     return 1;
 }
 
-static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+static int des3_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
 {
 
     DES_cblock *deskey = ptr;
 
     switch (type) {
     case EVP_CTRL_RAND_KEY:
-        if (RAND_bytes(ptr, c->key_len) <= 0)
+        if (RAND_priv_bytes(ptr, EVP_CIPHER_CTX_key_length(ctx)) <= 0)
             return 0;
         DES_set_odd_parity(deskey);
-        if (c->key_len >= 16)
+        if (EVP_CIPHER_CTX_key_length(ctx) >= 16)
             DES_set_odd_parity(deskey + 1);
-        if (c->key_len >= 24)
+        if (EVP_CIPHER_CTX_key_length(ctx) >= 24)
             DES_set_odd_parity(deskey + 2);
         return 1;
 
@@ -386,9 +309,8 @@ const EVP_CIPHER *EVP_des_ede3(void)
     return &des_ede3_ecb;
 }
 
-# ifndef OPENSSL_NO_SHA
 
-#  include <openssl/sha.h>
+# include <openssl/sha.h>
 
 static const unsigned char wrap_iv[8] =
     { 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05 };
@@ -402,7 +324,7 @@ static int des_ede3_unwrap(EVP_CIPHER_CTX *ctx, unsigned char *out,
         return -1;
     if (out == NULL)
         return inl - 16;
-    memcpy(ctx->iv, wrap_iv, 8);
+    memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), wrap_iv, 8);
     /* Decrypt first block which will end up as icv */
     des_ede_cbc_cipher(ctx, icv, in, 8);
     /* Decrypt central blocks */
@@ -420,7 +342,7 @@ static int des_ede3_unwrap(EVP_CIPHER_CTX *ctx, unsigned char *out,
     /* Reverse order of everything */
     BUF_reverse(icv, NULL, 8);
     BUF_reverse(out, NULL, inl - 16);
-    BUF_reverse(ctx->iv, iv, 8);
+    BUF_reverse(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 8);
     /* Decrypt again using new IV */
     des_ede_cbc_cipher(ctx, out, out, inl - 16);
     des_ede_cbc_cipher(ctx, icv, icv, 8);
@@ -432,7 +354,7 @@ static int des_ede3_unwrap(EVP_CIPHER_CTX *ctx, unsigned char *out,
     OPENSSL_cleanse(icv, 8);
     OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH);
     OPENSSL_cleanse(iv, 8);
-    OPENSSL_cleanse(ctx->iv, 8);
+    OPENSSL_cleanse(EVP_CIPHER_CTX_iv_noconst(ctx), 8);
     if (rv == -1)
         OPENSSL_cleanse(out, inl - 16);
 
@@ -452,13 +374,13 @@ static int des_ede3_wrap(EVP_CIPHER_CTX *ctx, unsigned char *out,
     memcpy(out + inl + 8, sha1tmp, 8);
     OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH);
     /* Generate random IV */
-    if (RAND_bytes(ctx->iv, 8) <= 0)
+    if (RAND_bytes(EVP_CIPHER_CTX_iv_noconst(ctx), 8) <= 0)
         return -1;
-    memcpy(out, ctx->iv, 8);
+    memcpy(out, EVP_CIPHER_CTX_iv_noconst(ctx), 8);
     /* Encrypt everything after IV in place */
     des_ede_cbc_cipher(ctx, out + 8, out + 8, inl + 8);
     BUF_reverse(out, NULL, inl + 16);
-    memcpy(ctx->iv, wrap_iv, 8);
+    memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), wrap_iv, 8);
     des_ede_cbc_cipher(ctx, out, out, inl + 16);
     return inl + 16;
 }
@@ -473,7 +395,13 @@ static int des_ede3_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
      */
     if (inl >= EVP_MAXCHUNK || inl % 8)
         return -1;
-    if (ctx->encrypt)
+
+    if (is_partially_overlapping(out, in, inl)) {
+        EVPerr(EVP_F_DES_EDE3_WRAP_CIPHER, EVP_R_PARTIALLY_OVERLAPPING);
+        return 0;
+    }
+
+    if (EVP_CIPHER_CTX_encrypting(ctx))
         return des_ede3_wrap(ctx, out, in, inl);
     else
         return des_ede3_unwrap(ctx, out, in, inl);
@@ -495,5 +423,4 @@ const EVP_CIPHER *EVP_des_ede3_wrap(void)
     return &des3_wrap;
 }
 
-# endif
 #endif
diff --git a/freebsd/crypto/openssl/crypto/evp/e_idea.c b/freebsd/crypto/openssl/crypto/evp/e_idea.c
index 17062409..97515ff3 100644
--- a/freebsd/crypto/openssl/crypto/evp/e_idea.c
+++ b/freebsd/crypto/openssl/crypto/evp/e_idea.c
@@ -1,77 +1,34 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/evp/e_idea.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 
 #ifndef OPENSSL_NO_IDEA
 # include <openssl/evp.h>
 # include <openssl/objects.h>
-# include "evp_locl.h"
+# include "internal/evp_int.h"
 # include <openssl/idea.h>
 
+/* Can't use IMPLEMENT_BLOCK_CIPHER because IDEA_ecb_encrypt is different */
+
+typedef struct {
+    IDEA_KEY_SCHEDULE ks;
+} EVP_IDEA_KEY;
+
 static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                          const unsigned char *iv, int enc);
 
 /*
- * NB idea_ecb_encrypt doesn't take an 'encrypt' argument so we treat it as a
+ * NB IDEA_ecb_encrypt doesn't take an 'encrypt' argument so we treat it as a
  * special case
  */
 
@@ -79,21 +36,15 @@ static int idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                            const unsigned char *in, size_t inl)
 {
     BLOCK_CIPHER_ecb_loop()
-        idea_ecb_encrypt(in + i, out + i, ctx->cipher_data);
+        IDEA_ecb_encrypt(in + i, out + i, &EVP_C_DATA(EVP_IDEA_KEY,ctx)->ks);
     return 1;
 }
 
-/* Can't use IMPLEMENT_BLOCK_CIPHER because idea_ecb_encrypt is different */
-
-typedef struct {
-    IDEA_KEY_SCHEDULE ks;
-} EVP_IDEA_KEY;
-
-BLOCK_CIPHER_func_cbc(idea, idea, EVP_IDEA_KEY, ks)
-    BLOCK_CIPHER_func_ofb(idea, idea, 64, EVP_IDEA_KEY, ks)
-    BLOCK_CIPHER_func_cfb(idea, idea, 64, EVP_IDEA_KEY, ks)
+BLOCK_CIPHER_func_cbc(idea, IDEA, EVP_IDEA_KEY, ks)
+BLOCK_CIPHER_func_ofb(idea, IDEA, 64, EVP_IDEA_KEY, ks)
+BLOCK_CIPHER_func_cfb(idea, IDEA, 64, EVP_IDEA_KEY, ks)
 
-    BLOCK_CIPHER_defs(idea, IDEA_KEY_SCHEDULE, NID_idea, 8, 16, 8, 64,
+BLOCK_CIPHER_defs(idea, IDEA_KEY_SCHEDULE, NID_idea, 8, 16, 8, 64,
                   0, idea_init_key, NULL,
                   EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
 
@@ -107,12 +58,12 @@ static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
             enc = 1;
     }
     if (enc)
-        idea_set_encrypt_key(key, ctx->cipher_data);
+        IDEA_set_encrypt_key(key, &EVP_C_DATA(EVP_IDEA_KEY,ctx)->ks);
     else {
         IDEA_KEY_SCHEDULE tmp;
 
-        idea_set_encrypt_key(key, &tmp);
-        idea_set_decrypt_key(&tmp, ctx->cipher_data);
+        IDEA_set_encrypt_key(key, &tmp);
+        IDEA_set_decrypt_key(&tmp, &EVP_C_DATA(EVP_IDEA_KEY,ctx)->ks);
         OPENSSL_cleanse((unsigned char *)&tmp, sizeof(IDEA_KEY_SCHEDULE));
     }
     return 1;
diff --git a/freebsd/crypto/openssl/crypto/evp/e_null.c b/freebsd/crypto/openssl/crypto/evp/e_null.c
index 1f91c912..c534811f 100644
--- a/freebsd/crypto/openssl/crypto/evp/e_null.c
+++ b/freebsd/crypto/openssl/crypto/evp/e_null.c
@@ -1,67 +1,19 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/evp/e_null.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/objects.h>
+#include "internal/evp_int.h"
 
 static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                          const unsigned char *iv, int enc);
@@ -69,8 +21,7 @@ static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                        const unsigned char *in, size_t inl);
 static const EVP_CIPHER n_cipher = {
     NID_undef,
-    1, 0, 0,
-    0,
+    1, 0, 0, 0,
     null_init_key,
     null_cipher,
     NULL,
@@ -83,13 +34,12 @@ static const EVP_CIPHER n_cipher = {
 
 const EVP_CIPHER *EVP_enc_null(void)
 {
-    return (&n_cipher);
+    return &n_cipher;
 }
 
 static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                          const unsigned char *iv, int enc)
 {
-    /*      memset(&(ctx->c),0,sizeof(ctx->c)); */
     return 1;
 }
 
@@ -97,6 +47,6 @@ static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                        const unsigned char *in, size_t inl)
 {
     if (in != out)
-        memcpy((char *)out, (const char *)in, inl);
+        memcpy(out, in, inl);
     return 1;
 }
diff --git a/freebsd/crypto/openssl/crypto/evp/e_old.c b/freebsd/crypto/openssl/crypto/evp/e_old.c
index b23af3b1..dbcabb8d 100644
--- a/freebsd/crypto/openssl/crypto/evp/e_old.c
+++ b/freebsd/crypto/openssl/crypto/evp/e_old.c
@@ -1,66 +1,17 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/evp/e_old.c */
 /*
- * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
- * 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#ifdef OPENSSL_NO_DEPRECATED
-static void *dummy = &dummy;
+#include <openssl/opensslconf.h>
+#if OPENSSL_API_COMPAT >= 0x00908000L
+NON_EMPTY_TRANSLATION_UNIT
 #else
 
 # include <openssl/evp.h>
@@ -140,27 +91,25 @@ const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void)
 }
 # endif
 
-# ifndef OPENSSL_NO_AES
-#  undef EVP_aes_128_cfb
+# undef EVP_aes_128_cfb
 const EVP_CIPHER *EVP_aes_128_cfb(void);
 const EVP_CIPHER *EVP_aes_128_cfb(void)
 {
     return EVP_aes_128_cfb128();
 }
 
-#  undef EVP_aes_192_cfb
+# undef EVP_aes_192_cfb
 const EVP_CIPHER *EVP_aes_192_cfb(void);
 const EVP_CIPHER *EVP_aes_192_cfb(void)
 {
     return EVP_aes_192_cfb128();
 }
 
-#  undef EVP_aes_256_cfb
+# undef EVP_aes_256_cfb
 const EVP_CIPHER *EVP_aes_256_cfb(void);
 const EVP_CIPHER *EVP_aes_256_cfb(void)
 {
     return EVP_aes_256_cfb128();
 }
-# endif
 
 #endif
diff --git a/freebsd/crypto/openssl/crypto/evp/e_rc2.c b/freebsd/crypto/openssl/crypto/evp/e_rc2.c
index abb7c1b6..24f33206 100644
--- a/freebsd/crypto/openssl/crypto/evp/e_rc2.c
+++ b/freebsd/crypto/openssl/crypto/evp/e_rc2.c
@@ -1,71 +1,22 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/evp/e_rc2.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 
 #ifndef OPENSSL_NO_RC2
 
 # include <openssl/evp.h>
 # include <openssl/objects.h>
-# include "evp_locl.h"
+# include "internal/evp_int.h"
 # include <openssl/rc2.h>
 
 static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
@@ -81,7 +32,7 @@ typedef struct {
     RC2_KEY ks;                 /* key schedule */
 } EVP_RC2_KEY;
 
-# define data(ctx)       ((EVP_RC2_KEY *)(ctx)->cipher_data)
+# define data(ctx)       EVP_C_DATA(EVP_RC2_KEY,ctx)
 
 IMPLEMENT_BLOCK_CIPHER(rc2, ks, RC2, EVP_RC2_KEY, NID_rc2,
                        8,
@@ -123,12 +74,12 @@ static const EVP_CIPHER r2_40_cbc_cipher = {
 
 const EVP_CIPHER *EVP_rc2_64_cbc(void)
 {
-    return (&r2_64_cbc_cipher);
+    return &r2_64_cbc_cipher;
 }
 
 const EVP_CIPHER *EVP_rc2_40_cbc(void)
 {
-    return (&r2_40_cbc_cipher);
+    return &r2_40_cbc_cipher;
 }
 
 static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
@@ -145,13 +96,13 @@ static int rc2_meth_to_magic(EVP_CIPHER_CTX *e)
 
     EVP_CIPHER_CTX_ctrl(e, EVP_CTRL_GET_RC2_KEY_BITS, 0, &i);
     if (i == 128)
-        return (RC2_128_MAGIC);
+        return RC2_128_MAGIC;
     else if (i == 64)
-        return (RC2_64_MAGIC);
+        return RC2_64_MAGIC;
     else if (i == 40)
-        return (RC2_40_MAGIC);
+        return RC2_40_MAGIC;
     else
-        return (0);
+        return 0;
 }
 
 static int rc2_magic_to_meth(int i)
@@ -164,7 +115,7 @@ static int rc2_magic_to_meth(int i)
         return 40;
     else {
         EVPerr(EVP_F_RC2_MAGIC_TO_METH, EVP_R_UNSUPPORTED_KEY_SIZE);
-        return (0);
+        return 0;
     }
 }
 
@@ -181,16 +132,17 @@ static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
         OPENSSL_assert(l <= sizeof(iv));
         i = ASN1_TYPE_get_int_octetstring(type, &num, iv, l);
         if (i != (int)l)
-            return (-1);
+            return -1;
         key_bits = rc2_magic_to_meth((int)num);
         if (!key_bits)
-            return (-1);
+            return -1;
         if (i > 0 && !EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1))
             return -1;
         EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL);
-        EVP_CIPHER_CTX_set_key_length(c, key_bits / 8);
+        if (EVP_CIPHER_CTX_set_key_length(c, key_bits / 8) <= 0)
+            return -1;
     }
-    return (i);
+    return i;
 }
 
 static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
@@ -201,9 +153,11 @@ static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
     if (type != NULL) {
         num = rc2_meth_to_magic(c);
         j = EVP_CIPHER_CTX_iv_length(c);
-        i = ASN1_TYPE_set_int_octetstring(type, num, c->oiv, j);
+        i = ASN1_TYPE_set_int_octetstring(type, num,
+                                          (unsigned char *)EVP_CIPHER_CTX_original_iv(c),
+                                          j);
     }
-    return (i);
+    return i;
 }
 
 static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
diff --git a/freebsd/crypto/openssl/crypto/evp/e_rc4.c b/freebsd/crypto/openssl/crypto/evp/e_rc4.c
index 85ffdad9..1f7a3b25 100644
--- a/freebsd/crypto/openssl/crypto/evp/e_rc4.c
+++ b/freebsd/crypto/openssl/crypto/evp/e_rc4.c
@@ -1,81 +1,30 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/evp/e_rc4.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 
 #ifndef OPENSSL_NO_RC4
 
 # include <openssl/evp.h>
-# include "evp_locl.h"
 # include <openssl/objects.h>
 # include <openssl/rc4.h>
 
-/* FIXME: surely this is available elsewhere? */
-# define EVP_RC4_KEY_SIZE                16
+# include "internal/evp_int.h"
 
 typedef struct {
     RC4_KEY ks;                 /* working key */
 } EVP_RC4_KEY;
 
-# define data(ctx) ((EVP_RC4_KEY *)(ctx)->cipher_data)
+# define data(ctx) ((EVP_RC4_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx))
 
 static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                         const unsigned char *iv, int enc);
@@ -111,12 +60,12 @@ static const EVP_CIPHER r4_40_cipher = {
 
 const EVP_CIPHER *EVP_rc4(void)
 {
-    return (&r4_cipher);
+    return &r4_cipher;
 }
 
 const EVP_CIPHER *EVP_rc4_40(void)
 {
-    return (&r4_40_cipher);
+    return &r4_40_cipher;
 }
 
 static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
diff --git a/freebsd/crypto/openssl/crypto/evp/e_rc4_hmac_md5.c b/freebsd/crypto/openssl/crypto/evp/e_rc4_hmac_md5.c
index 36d6b4c9..ecbde1d7 100644
--- a/freebsd/crypto/openssl/crypto/evp/e_rc4_hmac_md5.c
+++ b/freebsd/crypto/openssl/crypto/evp/e_rc4_hmac_md5.c
@@ -1,52 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/opensslconf.h>
@@ -61,15 +21,7 @@
 # include <openssl/objects.h>
 # include <openssl/rc4.h>
 # include <openssl/md5.h>
-
-# ifndef EVP_CIPH_FLAG_AEAD_CIPHER
-#  define EVP_CIPH_FLAG_AEAD_CIPHER       0x200000
-#  define EVP_CTRL_AEAD_TLS1_AAD          0x16
-#  define EVP_CTRL_AEAD_SET_MAC_KEY       0x17
-# endif
-
-/* FIXME: surely this is available elsewhere? */
-# define EVP_RC4_KEY_SIZE                16
+# include "internal/evp_int.h"
 
 typedef struct {
     RC4_KEY ks;
@@ -82,7 +34,7 @@ typedef struct {
 void rc4_md5_enc(RC4_KEY *key, const void *in0, void *out,
                  MD5_CTX *ctx, const void *inp, size_t blocks);
 
-# define data(ctx) ((EVP_RC4_HMAC_MD5 *)(ctx)->cipher_data)
+# define data(ctx) ((EVP_RC4_HMAC_MD5 *)EVP_CIPHER_CTX_get_cipher_data(ctx))
 
 static int rc4_hmac_md5_init_key(EVP_CIPHER_CTX *ctx,
                                  const unsigned char *inkey,
@@ -103,9 +55,7 @@ static int rc4_hmac_md5_init_key(EVP_CIPHER_CTX *ctx,
 
 # if     defined(RC4_ASM) && defined(MD5_ASM) &&     (	   \
         defined(__x86_64)       || defined(__x86_64__)  || \
-        defined(_M_AMD64)       || defined(_M_X64)      || \
-        defined(__INTEL__)              ) && \
-        !(defined(__APPLE__) && defined(__MACH__))
+        defined(_M_AMD64)       || defined(_M_X64)      )
 #  define STITCHED_CALL
 # endif
 
@@ -130,7 +80,7 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     if (plen != NO_PAYLOAD_LENGTH && len != (plen + MD5_DIGEST_LENGTH))
         return 0;
 
-    if (ctx->encrypt) {
+    if (EVP_CIPHER_CTX_encrypting(ctx)) {
         if (plen == NO_PAYLOAD_LENGTH)
             plen = len;
 # if defined(STITCHED_CALL)
@@ -270,7 +220,7 @@ static int rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
 
             len = p[arg - 2] << 8 | p[arg - 1];
 
-            if (!ctx->encrypt) {
+            if (!EVP_CIPHER_CTX_encrypting(ctx)) {
                 if (len < MD5_DIGEST_LENGTH)
                     return -1;
                 len -= MD5_DIGEST_LENGTH;
@@ -309,6 +259,6 @@ static EVP_CIPHER r4_hmac_md5_cipher = {
 
 const EVP_CIPHER *EVP_rc4_hmac_md5(void)
 {
-    return (&r4_hmac_md5_cipher);
+    return &r4_hmac_md5_cipher;
 }
 #endif
diff --git a/freebsd/crypto/openssl/crypto/evp/e_rc5.c b/freebsd/crypto/openssl/crypto/evp/e_rc5.c
deleted file mode 100644
index 3429cbfe..00000000
--- a/freebsd/crypto/openssl/crypto/evp/e_rc5.c
+++ /dev/null
@@ -1,124 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/evp/e_rc5.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-
-#ifndef OPENSSL_NO_RC5
-
-# include <openssl/evp.h>
-# include <openssl/objects.h>
-# include "evp_locl.h"
-# include <openssl/rc5.h>
-
-static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                               const unsigned char *iv, int enc);
-static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
-
-typedef struct {
-    int rounds;                 /* number of rounds */
-    RC5_32_KEY ks;              /* key schedule */
-} EVP_RC5_KEY;
-
-# define data(ctx)       EVP_C_DATA(EVP_RC5_KEY,ctx)
-
-IMPLEMENT_BLOCK_CIPHER(rc5_32_12_16, ks, RC5_32, EVP_RC5_KEY, NID_rc5,
-                       8, RC5_32_KEY_LENGTH, 8, 64,
-                       EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
-                       r_32_12_16_init_key, NULL, NULL, NULL, rc5_ctrl)
-
-static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
-{
-    switch (type) {
-    case EVP_CTRL_INIT:
-        data(c)->rounds = RC5_12_ROUNDS;
-        return 1;
-
-    case EVP_CTRL_GET_RC5_ROUNDS:
-        *(int *)ptr = data(c)->rounds;
-        return 1;
-
-    case EVP_CTRL_SET_RC5_ROUNDS:
-        switch (arg) {
-        case RC5_8_ROUNDS:
-        case RC5_12_ROUNDS:
-        case RC5_16_ROUNDS:
-            data(c)->rounds = arg;
-            return 1;
-
-        default:
-            EVPerr(EVP_F_RC5_CTRL, EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS);
-            return 0;
-        }
-
-    default:
-        return -1;
-    }
-}
-
-static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                               const unsigned char *iv, int enc)
-{
-    RC5_32_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx),
-                   key, data(ctx)->rounds);
-    return 1;
-}
-
-#endif
diff --git a/freebsd/crypto/openssl/crypto/evp/e_seed.c b/freebsd/crypto/openssl/crypto/evp/e_seed.c
index 05144139..c1284303 100644
--- a/freebsd/crypto/openssl/crypto/evp/e_seed.c
+++ b/freebsd/crypto/openssl/crypto/evp/e_seed.c
@@ -1,68 +1,24 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/evp/e_seed.c */
-/* ====================================================================
- * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/opensslconf.h>
-#ifndef OPENSSL_NO_SEED
+#ifdef OPENSSL_NO_SEED
+NON_EMPTY_TRANSLATION_UNIT
+#else
 # include <openssl/evp.h>
 # include <openssl/err.h>
 # include <string.h>
 # include <assert.h>
 # include <openssl/seed.h>
-# include "evp_locl.h"
+# include "internal/evp_int.h"
 
 static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                          const unsigned char *iv, int enc);
@@ -78,7 +34,7 @@ IMPLEMENT_BLOCK_CIPHER(seed, ks, SEED, EVP_SEED_KEY, NID_seed,
 static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                          const unsigned char *iv, int enc)
 {
-    SEED_set_key(key, ctx->cipher_data);
+    SEED_set_key(key, &EVP_C_DATA(EVP_SEED_KEY,ctx)->ks);
     return 1;
 }
 
diff --git a/freebsd/crypto/openssl/crypto/evp/e_sm4.c b/freebsd/crypto/openssl/crypto/evp/e_sm4.c
new file mode 100644
index 00000000..7f6c34ef
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/evp/e_sm4.c
@@ -0,0 +1,102 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ * Ported from Ribose contributions from Botan.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#ifndef OPENSSL_NO_SM4
+# include <openssl/evp.h>
+# include <openssl/modes.h>
+# include "internal/sm4.h"
+# include "internal/evp_int.h"
+
+typedef struct {
+    SM4_KEY ks;
+} EVP_SM4_KEY;
+
+static int sm4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                        const unsigned char *iv, int enc)
+{
+    SM4_set_key(key, EVP_CIPHER_CTX_get_cipher_data(ctx));
+    return 1;
+}
+
+static void sm4_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                            size_t len, const SM4_KEY *key,
+                            unsigned char *ivec, const int enc)
+{
+    if (enc)
+        CRYPTO_cbc128_encrypt(in, out, len, key, ivec,
+                              (block128_f)SM4_encrypt);
+    else
+        CRYPTO_cbc128_decrypt(in, out, len, key, ivec,
+                              (block128_f)SM4_decrypt);
+}
+
+static void sm4_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+                               size_t length, const SM4_KEY *key,
+                               unsigned char *ivec, int *num, const int enc)
+{
+    CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc,
+                          (block128_f)SM4_encrypt);
+}
+
+static void sm4_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                            const SM4_KEY *key, const int enc)
+{
+    if (enc)
+        SM4_encrypt(in, out, key);
+    else
+        SM4_decrypt(in, out, key);
+}
+
+static void sm4_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+                               size_t length, const SM4_KEY *key,
+                               unsigned char *ivec, int *num)
+{
+    CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num,
+                          (block128_f)SM4_encrypt);
+}
+
+IMPLEMENT_BLOCK_CIPHER(sm4, ks, sm4, EVP_SM4_KEY, NID_sm4,
+                       16, 16, 16, 128, EVP_CIPH_FLAG_DEFAULT_ASN1,
+                       sm4_init_key, 0, 0, 0, 0)
+
+static int sm4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, size_t len)
+{
+    unsigned int num = EVP_CIPHER_CTX_num(ctx);
+    EVP_SM4_KEY *dat = EVP_C_DATA(EVP_SM4_KEY, ctx);
+
+    CRYPTO_ctr128_encrypt(in, out, len, &dat->ks,
+                          EVP_CIPHER_CTX_iv_noconst(ctx),
+                          EVP_CIPHER_CTX_buf_noconst(ctx), &num,
+                          (block128_f)SM4_encrypt);
+    EVP_CIPHER_CTX_set_num(ctx, num);
+    return 1;
+}
+
+static const EVP_CIPHER sm4_ctr_mode = {
+    NID_sm4_ctr, 1, 16, 16,
+    EVP_CIPH_CTR_MODE,
+    sm4_init_key,
+    sm4_ctr_cipher,
+    NULL,
+    sizeof(EVP_SM4_KEY),
+    NULL, NULL, NULL, NULL
+};
+
+const EVP_CIPHER *EVP_sm4_ctr(void)
+{
+    return &sm4_ctr_mode;
+}
+
+#endif
diff --git a/freebsd/crypto/openssl/crypto/evp/e_xcbc_d.c b/freebsd/crypto/openssl/crypto/evp/e_xcbc_d.c
index 66d2caa0..d363accb 100644
--- a/freebsd/crypto/openssl/crypto/evp/e_xcbc_d.c
+++ b/freebsd/crypto/openssl/crypto/evp/e_xcbc_d.c
@@ -1,71 +1,22 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/evp/e_xcbc_d.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 
 #ifndef OPENSSL_NO_DES
 
 # include <openssl/evp.h>
 # include <openssl/objects.h>
-# include "evp_locl.h"
+# include "internal/evp_int.h"
 # include <openssl/des.h>
 
 static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
@@ -79,7 +30,7 @@ typedef struct {
     DES_cblock outw;
 } DESX_CBC_KEY;
 
-# define data(ctx) ((DESX_CBC_KEY *)(ctx)->cipher_data)
+# define data(ctx) EVP_C_DATA(DESX_CBC_KEY,ctx)
 
 static const EVP_CIPHER d_xcbc_cipher = {
     NID_desx_cbc,
@@ -97,7 +48,7 @@ static const EVP_CIPHER d_xcbc_cipher = {
 
 const EVP_CIPHER *EVP_desx_cbc(void)
 {
-    return (&d_xcbc_cipher);
+    return &d_xcbc_cipher;
 }
 
 static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
@@ -117,16 +68,18 @@ static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 {
     while (inl >= EVP_MAXCHUNK) {
         DES_xcbc_encrypt(in, out, (long)EVP_MAXCHUNK, &data(ctx)->ks,
-                         (DES_cblock *)&(ctx->iv[0]),
-                         &data(ctx)->inw, &data(ctx)->outw, ctx->encrypt);
+                         (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                         &data(ctx)->inw, &data(ctx)->outw,
+                         EVP_CIPHER_CTX_encrypting(ctx));
         inl -= EVP_MAXCHUNK;
         in += EVP_MAXCHUNK;
         out += EVP_MAXCHUNK;
     }
     if (inl)
         DES_xcbc_encrypt(in, out, (long)inl, &data(ctx)->ks,
-                         (DES_cblock *)&(ctx->iv[0]),
-                         &data(ctx)->inw, &data(ctx)->outw, ctx->encrypt);
+                         (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                         &data(ctx)->inw, &data(ctx)->outw,
+                         EVP_CIPHER_CTX_encrypting(ctx));
     return 1;
 }
 #endif
diff --git a/freebsd/crypto/openssl/crypto/evp/encode.c b/freebsd/crypto/openssl/crypto/evp/encode.c
index 5847a763..fc1cc944 100644
--- a/freebsd/crypto/openssl/crypto/evp/encode.c
+++ b/freebsd/crypto/openssl/crypto/evp/encode.c
@@ -1,71 +1,30 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/evp/encode.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <limits.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/evp.h>
+#include "evp_locl.h"
+#include "internal/evp_int.h"
+
+static unsigned char conv_ascii2bin(unsigned char a,
+                                    const unsigned char *table);
+static int evp_encodeblock_int(EVP_ENCODE_CTX *ctx, unsigned char *t,
+                               const unsigned char *f, int dlen);
+static int evp_decodeblock_int(EVP_ENCODE_CTX *ctx, unsigned char *t,
+                               const unsigned char *f, int n);
 
-static unsigned char conv_ascii2bin(unsigned char a);
 #ifndef CHARSET_EBCDIC
-# define conv_bin2ascii(a)       (data_bin2ascii[(a)&0x3f])
+# define conv_bin2ascii(a, table)       ((table)[(a)&0x3f])
 #else
 /*
  * We assume that PEM encoded files are EBCDIC files (i.e., printable text
@@ -73,7 +32,7 @@ static unsigned char conv_ascii2bin(unsigned char a);
  * (text) format again. (No need for conversion in the conv_bin2ascii macro,
  * as the underlying textstring data_bin2ascii[] is already EBCDIC)
  */
-# define conv_bin2ascii(a)       (data_bin2ascii[(a)&0x3f])
+# define conv_bin2ascii(a, table)       ((table)[(a)&0x3f])
 #endif
 
 /*-
@@ -88,8 +47,13 @@ static unsigned char conv_ascii2bin(unsigned char a);
 #define CHUNKS_PER_LINE (64/4)
 #define CHAR_PER_LINE   (64+1)
 
-static const unsigned char data_bin2ascii[65] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ\
-abcdefghijklmnopqrstuvwxyz0123456789+/";
+static const unsigned char data_bin2ascii[65] =
+    "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+
+/* SRP uses a different base64 alphabet */
+static const unsigned char srpdata_bin2ascii[65] =
+    "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./";
+
 
 /*-
  * 0xF0 is a EOLN
@@ -105,7 +69,7 @@ abcdefghijklmnopqrstuvwxyz0123456789+/";
 #define B64_WS                  0xE0
 #define B64_ERROR               0xFF
 #define B64_NOT_BASE64(a)       (((a)|0x13) == 0xF3)
-#define B64_BASE64(a)           !B64_NOT_BASE64(a)
+#define B64_BASE64(a)           (!B64_NOT_BASE64(a))
 
 static const unsigned char data_ascii2bin[128] = {
     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
@@ -126,31 +90,78 @@ static const unsigned char data_ascii2bin[128] = {
     0x31, 0x32, 0x33, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
 };
 
+static const unsigned char srpdata_ascii2bin[128] = {
+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xFF, 0xE0, 0xF0, 0xFF, 0xFF, 0xF1, 0xFF, 0xFF,
+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xE0, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xF2, 0x3E, 0x3F,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x08, 0x09, 0xFF, 0xFF, 0xFF, 0x00, 0xFF, 0xFF,
+    0xFF, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10,
+    0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
+    0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20,
+    0x21, 0x22, 0x23, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xFF, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A,
+    0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32,
+    0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A,
+    0x3B, 0x3C, 0x3D, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+};
+
 #ifndef CHARSET_EBCDIC
-static unsigned char conv_ascii2bin(unsigned char a)
+static unsigned char conv_ascii2bin(unsigned char a, const unsigned char *table)
 {
     if (a & 0x80)
         return B64_ERROR;
-    return data_ascii2bin[a];
+    return table[a];
 }
 #else
-static unsigned char conv_ascii2bin(unsigned char a)
+static unsigned char conv_ascii2bin(unsigned char a, const unsigned char *table)
 {
     a = os_toascii[a];
     if (a & 0x80)
         return B64_ERROR;
-    return data_ascii2bin[a];
+    return table[a];
 }
 #endif
 
+EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void)
+{
+    return OPENSSL_zalloc(sizeof(EVP_ENCODE_CTX));
+}
+
+void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx)
+{
+    OPENSSL_free(ctx);
+}
+
+int EVP_ENCODE_CTX_copy(EVP_ENCODE_CTX *dctx, EVP_ENCODE_CTX *sctx)
+{
+    memcpy(dctx, sctx, sizeof(EVP_ENCODE_CTX));
+
+    return 1;
+}
+
+int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx)
+{
+    return ctx->num;
+}
+
+void evp_encode_ctx_set_flags(EVP_ENCODE_CTX *ctx, unsigned int flags)
+{
+    ctx->flags = flags;
+}
+
 void EVP_EncodeInit(EVP_ENCODE_CTX *ctx)
 {
     ctx->length = 48;
     ctx->num = 0;
     ctx->line_num = 0;
+    ctx->flags = 0;
 }
 
-void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
+int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
                       const unsigned char *in, int inl)
 {
     int i, j;
@@ -158,43 +169,51 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
 
     *outl = 0;
     if (inl <= 0)
-        return;
+        return 0;
     OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data));
     if (ctx->length - ctx->num > inl) {
         memcpy(&(ctx->enc_data[ctx->num]), in, inl);
         ctx->num += inl;
-        return;
+        return 1;
     }
     if (ctx->num != 0) {
         i = ctx->length - ctx->num;
         memcpy(&(ctx->enc_data[ctx->num]), in, i);
         in += i;
         inl -= i;
-        j = EVP_EncodeBlock(out, ctx->enc_data, ctx->length);
+        j = evp_encodeblock_int(ctx, out, ctx->enc_data, ctx->length);
         ctx->num = 0;
         out += j;
-        *(out++) = '\n';
+        total = j;
+        if ((ctx->flags & EVP_ENCODE_CTX_NO_NEWLINES) == 0) {
+            *(out++) = '\n';
+            total++;
+        }
         *out = '\0';
-        total = j + 1;
     }
     while (inl >= ctx->length && total <= INT_MAX) {
-        j = EVP_EncodeBlock(out, in, ctx->length);
+        j = evp_encodeblock_int(ctx, out, in, ctx->length);
         in += ctx->length;
         inl -= ctx->length;
         out += j;
-        *(out++) = '\n';
+        total += j;
+        if ((ctx->flags & EVP_ENCODE_CTX_NO_NEWLINES) == 0) {
+            *(out++) = '\n';
+            total++;
+        }
         *out = '\0';
-        total += j + 1;
     }
     if (total > INT_MAX) {
         /* Too much output data! */
         *outl = 0;
-        return;
+        return 0;
     }
     if (inl != 0)
         memcpy(&(ctx->enc_data[0]), in, inl);
     ctx->num = inl;
     *outl = total;
+
+    return 1;
 }
 
 void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl)
@@ -202,35 +221,43 @@ void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl)
     unsigned int ret = 0;
 
     if (ctx->num != 0) {
-        ret = EVP_EncodeBlock(out, ctx->enc_data, ctx->num);
-        out[ret++] = '\n';
+        ret = evp_encodeblock_int(ctx, out, ctx->enc_data, ctx->num);
+        if ((ctx->flags & EVP_ENCODE_CTX_NO_NEWLINES) == 0)
+            out[ret++] = '\n';
         out[ret] = '\0';
         ctx->num = 0;
     }
     *outl = ret;
 }
 
-int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int dlen)
+static int evp_encodeblock_int(EVP_ENCODE_CTX *ctx, unsigned char *t,
+                               const unsigned char *f, int dlen)
 {
     int i, ret = 0;
     unsigned long l;
+    const unsigned char *table;
+
+    if (ctx != NULL && (ctx->flags & EVP_ENCODE_CTX_USE_SRP_ALPHABET) != 0)
+        table = srpdata_bin2ascii;
+    else
+        table = data_bin2ascii;
 
     for (i = dlen; i > 0; i -= 3) {
         if (i >= 3) {
             l = (((unsigned long)f[0]) << 16L) |
                 (((unsigned long)f[1]) << 8L) | f[2];
-            *(t++) = conv_bin2ascii(l >> 18L);
-            *(t++) = conv_bin2ascii(l >> 12L);
-            *(t++) = conv_bin2ascii(l >> 6L);
-            *(t++) = conv_bin2ascii(l);
+            *(t++) = conv_bin2ascii(l >> 18L, table);
+            *(t++) = conv_bin2ascii(l >> 12L, table);
+            *(t++) = conv_bin2ascii(l >> 6L, table);
+            *(t++) = conv_bin2ascii(l, table);
         } else {
             l = ((unsigned long)f[0]) << 16L;
             if (i == 2)
                 l |= ((unsigned long)f[1] << 8L);
 
-            *(t++) = conv_bin2ascii(l >> 18L);
-            *(t++) = conv_bin2ascii(l >> 12L);
-            *(t++) = (i == 1) ? '=' : conv_bin2ascii(l >> 6L);
+            *(t++) = conv_bin2ascii(l >> 18L, table);
+            *(t++) = conv_bin2ascii(l >> 12L, table);
+            *(t++) = (i == 1) ? '=' : conv_bin2ascii(l >> 6L, table);
             *(t++) = '=';
         }
         ret += 4;
@@ -238,16 +265,21 @@ int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int dlen)
     }
 
     *t = '\0';
-    return (ret);
+    return ret;
+}
+
+int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int dlen)
+{
+    return evp_encodeblock_int(NULL, t, f, dlen);
 }
 
 void EVP_DecodeInit(EVP_ENCODE_CTX *ctx)
 {
-    /* Only ctx->num is used during decoding. */
+    /* Only ctx->num and ctx->flags are used during decoding. */
     ctx->num = 0;
     ctx->length = 0;
     ctx->line_num = 0;
-    ctx->expect_nl = 0;
+    ctx->flags = 0;
 }
 
 /*-
@@ -275,6 +307,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
 {
     int seof = 0, eof = 0, rv = -1, ret = 0, i, v, tmp, n, decoded_len;
     unsigned char *d;
+    const unsigned char *table;
 
     n = ctx->num;
     d = ctx->enc_data;
@@ -291,9 +324,14 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
         goto end;
     }
 
+    if ((ctx->flags & EVP_ENCODE_CTX_USE_SRP_ALPHABET) != 0)
+        table = srpdata_ascii2bin;
+    else
+        table = data_ascii2bin;
+
     for (i = 0; i < inl; i++) {
         tmp = *(in++);
-        v = conv_ascii2bin(tmp);
+        v = conv_ascii2bin(tmp, table);
         if (v == B64_ERROR) {
             rv = -1;
             goto end;
@@ -333,7 +371,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
         }
 
         if (n == 64) {
-            decoded_len = EVP_DecodeBlock(out, d, n);
+            decoded_len = evp_decodeblock_int(ctx, out, d, n);
             n = 0;
             if (decoded_len < 0 || eof > decoded_len) {
                 rv = -1;
@@ -352,7 +390,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
 tail:
     if (n > 0) {
         if ((n & 3) == 0) {
-            decoded_len = EVP_DecodeBlock(out, d, n);
+            decoded_len = evp_decodeblock_int(ctx, out, d, n);
             n = 0;
             if (decoded_len < 0 || eof > decoded_len) {
                 rv = -1;
@@ -371,16 +409,23 @@ end:
     /* Legacy behaviour. This should probably rather be zeroed on error. */
     *outl = ret;
     ctx->num = n;
-    return (rv);
+    return rv;
 }
 
-int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n)
+static int evp_decodeblock_int(EVP_ENCODE_CTX *ctx, unsigned char *t,
+                               const unsigned char *f, int n)
 {
     int i, ret = 0, a, b, c, d;
     unsigned long l;
+    const unsigned char *table;
+
+    if (ctx != NULL && (ctx->flags & EVP_ENCODE_CTX_USE_SRP_ALPHABET) != 0)
+        table = srpdata_ascii2bin;
+    else
+        table = data_ascii2bin;
 
     /* trim white space from the start of the line. */
-    while ((conv_ascii2bin(*f) == B64_WS) && (n > 0)) {
+    while ((conv_ascii2bin(*f, table) == B64_WS) && (n > 0)) {
         f++;
         n--;
     }
@@ -389,19 +434,19 @@ int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n)
      * strip off stuff at the end of the line ascii2bin values B64_WS,
      * B64_EOLN, B64_EOLN and B64_EOF
      */
-    while ((n > 3) && (B64_NOT_BASE64(conv_ascii2bin(f[n - 1]))))
+    while ((n > 3) && (B64_NOT_BASE64(conv_ascii2bin(f[n - 1], table))))
         n--;
 
     if (n % 4 != 0)
-        return (-1);
+        return -1;
 
     for (i = 0; i < n; i += 4) {
-        a = conv_ascii2bin(*(f++));
-        b = conv_ascii2bin(*(f++));
-        c = conv_ascii2bin(*(f++));
-        d = conv_ascii2bin(*(f++));
+        a = conv_ascii2bin(*(f++), table);
+        b = conv_ascii2bin(*(f++), table);
+        c = conv_ascii2bin(*(f++), table);
+        d = conv_ascii2bin(*(f++), table);
         if ((a & 0x80) || (b & 0x80) || (c & 0x80) || (d & 0x80))
-            return (-1);
+            return -1;
         l = ((((unsigned long)a) << 18L) |
              (((unsigned long)b) << 12L) |
              (((unsigned long)c) << 6L) | (((unsigned long)d)));
@@ -410,7 +455,12 @@ int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n)
         *(t++) = (unsigned char)(l) & 0xff;
         ret += 3;
     }
-    return (ret);
+    return ret;
+}
+
+int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n)
+{
+    return evp_decodeblock_int(NULL, t, f, n);
 }
 
 int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl)
@@ -419,44 +469,12 @@ int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl)
 
     *outl = 0;
     if (ctx->num != 0) {
-        i = EVP_DecodeBlock(out, ctx->enc_data, ctx->num);
+        i = evp_decodeblock_int(ctx, out, ctx->enc_data, ctx->num);
         if (i < 0)
-            return (-1);
+            return -1;
         ctx->num = 0;
         *outl = i;
-        return (1);
+        return 1;
     } else
-        return (1);
+        return 1;
 }
-
-#ifdef undef
-int EVP_DecodeValid(unsigned char *buf, int len)
-{
-    int i, num = 0, bad = 0;
-
-    if (len == 0)
-        return (-1);
-    while (conv_ascii2bin(*buf) == B64_WS) {
-        buf++;
-        len--;
-        if (len == 0)
-            return (-1);
-    }
-
-    for (i = len; i >= 4; i -= 4) {
-        if ((conv_ascii2bin(buf[0]) >= 0x40) ||
-            (conv_ascii2bin(buf[1]) >= 0x40) ||
-            (conv_ascii2bin(buf[2]) >= 0x40) ||
-            (conv_ascii2bin(buf[3]) >= 0x40))
-            return (-1);
-        buf += 4;
-        num += 1 + (buf[2] != '=') + (buf[3] != '=');
-    }
-    if ((i == 1) && (conv_ascii2bin(buf[0]) == B64_EOLN))
-        return (num);
-    if ((i == 2) && (conv_ascii2bin(buf[0]) == B64_EOLN) &&
-        (conv_ascii2bin(buf[0]) == B64_EOLN))
-        return (num);
-    return (1);
-}
-#endif
diff --git a/freebsd/crypto/openssl/crypto/evp/evp_acnf.c b/freebsd/crypto/openssl/crypto/evp/evp_acnf.c
deleted file mode 100644
index ab388878..00000000
--- a/freebsd/crypto/openssl/crypto/evp/evp_acnf.c
+++ /dev/null
@@ -1,75 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* evp_acnf.c */
-/*
- * Written by Stephen Henson (steve@openssl.org) for the OpenSSL project
- * 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/conf.h>
-
-/*
- * Load all algorithms and configure OpenSSL. This function is called
- * automatically when OPENSSL_LOAD_CONF is set.
- */
-
-void OPENSSL_add_all_algorithms_conf(void)
-{
-    OPENSSL_add_all_algorithms_noconf();
-    OPENSSL_config(NULL);
-}
diff --git a/freebsd/crypto/openssl/crypto/evp/evp_cnf.c b/freebsd/crypto/openssl/crypto/evp/evp_cnf.c
index f2a47158..c8020626 100644
--- a/freebsd/crypto/openssl/crypto/evp/evp_cnf.c
+++ b/freebsd/crypto/openssl/crypto/evp/evp_cnf.c
@@ -1,75 +1,20 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* evp_cnf.c */
 /*
- * Written by Stephen Henson (steve@openssl.org) for the OpenSSL project
- * 2007.
- */
-/* ====================================================================
- * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2012-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include <ctype.h>
 #include <openssl/crypto.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/conf.h>
-#include <openssl/dso.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
-#ifdef OPENSSL_FIPS
-# include <openssl/fips.h>
-#endif
 
 /* Algorithm configuration module. */
 
@@ -79,30 +24,23 @@ static int alg_module_init(CONF_IMODULE *md, const CONF *cnf)
     const char *oid_section;
     STACK_OF(CONF_VALUE) *sktmp;
     CONF_VALUE *oval;
+
     oid_section = CONF_imodule_get_value(md);
-    if (!(sktmp = NCONF_get_section(cnf, oid_section))) {
+    if ((sktmp = NCONF_get_section(cnf, oid_section)) == NULL) {
         EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_ERROR_LOADING_SECTION);
         return 0;
     }
     for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
         oval = sk_CONF_VALUE_value(sktmp, i);
-        if (!strcmp(oval->name, "fips_mode")) {
+        if (strcmp(oval->name, "fips_mode") == 0) {
             int m;
             if (!X509V3_get_value_bool(oval, &m)) {
                 EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_INVALID_FIPS_MODE);
                 return 0;
             }
             if (m > 0) {
-#ifdef OPENSSL_FIPS
-                if (!FIPS_mode() && !FIPS_mode_set(1)) {
-                    EVPerr(EVP_F_ALG_MODULE_INIT,
-                           EVP_R_ERROR_SETTING_FIPS_MODE);
-                    return 0;
-                }
-#else
                 EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_FIPS_MODE_NOT_SUPPORTED);
                 return 0;
-#endif
             }
         } else {
             EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_UNKNOWN_OPTION);
diff --git a/freebsd/crypto/openssl/crypto/evp/evp_enc.c b/freebsd/crypto/openssl/crypto/evp/evp_enc.c
index 6334e026..e284e32a 100644
--- a/freebsd/crypto/openssl/crypto/evp/evp_enc.c
+++ b/freebsd/crypto/openssl/crypto/evp/evp_enc.c
@@ -1,103 +1,60 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/evp/evp_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include <assert.h>
+#include "internal/cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/err.h>
 #include <openssl/rand.h>
-#ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
-#endif
-#ifdef OPENSSL_FIPS
-# include <openssl/fips.h>
-#endif
+#include <openssl/rand_drbg.h>
+#include <openssl/engine.h>
+#include "internal/evp_int.h"
 #include "evp_locl.h"
 
-#ifdef OPENSSL_FIPS
-# define M_do_cipher(ctx, out, in, inl) FIPS_cipher(ctx, out, in, inl)
-#else
-# define M_do_cipher(ctx, out, in, inl) ctx->cipher->do_cipher(ctx, out, in, inl)
+int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c)
+{
+    if (c == NULL)
+        return 1;
+    if (c->cipher != NULL) {
+        if (c->cipher->cleanup && !c->cipher->cleanup(c))
+            return 0;
+        /* Cleanse cipher context data */
+        if (c->cipher_data && c->cipher->ctx_size)
+            OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
+    }
+    OPENSSL_free(c->cipher_data);
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_finish(c->engine);
 #endif
+    memset(c, 0, sizeof(*c));
+    return 1;
+}
 
-const char EVP_version[] = "EVP" OPENSSL_VERSION_PTEXT;
-
-void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
+EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
 {
-    memset(ctx, 0, sizeof(EVP_CIPHER_CTX));
-    /* ctx->cipher=NULL; */
+    return OPENSSL_zalloc(sizeof(EVP_CIPHER_CTX));
 }
 
-EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
+void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
 {
-    EVP_CIPHER_CTX *ctx = OPENSSL_malloc(sizeof(*ctx));
-    if (ctx)
-        EVP_CIPHER_CTX_init(ctx);
-    return ctx;
+    EVP_CIPHER_CTX_reset(ctx);
+    OPENSSL_free(ctx);
 }
 
 int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                    const unsigned char *key, const unsigned char *iv, int enc)
 {
-    if (cipher)
-        EVP_CIPHER_CTX_init(ctx);
+    if (cipher != NULL)
+        EVP_CIPHER_CTX_reset(ctx);
     return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc);
 }
 
@@ -117,12 +74,10 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
      * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so
      * this context may already have an ENGINE! Try to avoid releasing the
      * previous handle, re-querying for an ENGINE, and having a
-     * reinitialisation, when it may all be unecessary.
+     * reinitialisation, when it may all be unnecessary.
      */
-    if (ctx->engine && ctx->cipher && (!cipher ||
-                                       (cipher
-                                        && (cipher->nid ==
-                                            ctx->cipher->nid))))
+    if (ctx->engine && ctx->cipher
+        && (cipher == NULL || cipher->nid == ctx->cipher->nid))
         goto skip_to_init;
 #endif
     if (cipher) {
@@ -133,7 +88,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
          */
         if (ctx->cipher) {
             unsigned long flags = ctx->flags;
-            EVP_CIPHER_CTX_cleanup(ctx);
+            EVP_CIPHER_CTX_reset(ctx);
             /* Restore encrypt and flags */
             ctx->encrypt = enc;
             ctx->flags = flags;
@@ -154,7 +109,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                 /*
                  * One positive side-effect of US's export control history,
                  * is that we should at least be able to avoid using US
-                 * mispellings of "initialisation"?
+                 * misspellings of "initialisation"?
                  */
                 EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
                 return 0;
@@ -170,20 +125,10 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
             ctx->engine = NULL;
 #endif
 
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode()) {
-            const EVP_CIPHER *fcipher = NULL;
-            if (cipher)
-                fcipher = evp_get_fips_cipher(cipher);
-            if (fcipher)
-                cipher = fcipher;
-            return FIPS_cipherinit(ctx, cipher, key, iv, enc);
-        }
-#endif
         ctx->cipher = cipher;
         if (ctx->cipher->ctx_size) {
-            ctx->cipher_data = OPENSSL_malloc(ctx->cipher->ctx_size);
-            if (!ctx->cipher_data) {
+            ctx->cipher_data = OPENSSL_zalloc(ctx->cipher->ctx_size);
+            if (ctx->cipher_data == NULL) {
                 ctx->cipher = NULL;
                 EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE);
                 return 0;
@@ -208,10 +153,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
 #ifndef OPENSSL_NO_ENGINE
  skip_to_init:
 #endif
-#ifdef OPENSSL_FIPS
-    if (FIPS_mode())
-        return FIPS_cipherinit(ctx, cipher, key, iv, enc);
-#endif
     /* we assume block size is a power of 2 in *cryptUpdate */
     OPENSSL_assert(ctx->cipher->block_size == 1
                    || ctx->cipher->block_size == 8
@@ -223,7 +164,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
         return 0;
     }
 
-    if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) {
+    if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_CUSTOM_IV)) {
         switch (EVP_CIPHER_CTX_mode(ctx)) {
 
         case EVP_CIPH_STREAM_CIPHER:
@@ -254,7 +195,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
 
         default:
             return 0;
-            break;
         }
     }
 
@@ -319,13 +259,61 @@ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
     return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0);
 }
 
+/*
+ * According to the letter of standard difference between pointers
+ * is specified to be valid only within same object. This makes
+ * it formally challenging to determine if input and output buffers
+ * are not partially overlapping with standard pointer arithmetic.
+ */
+#ifdef PTRDIFF_T
+# undef PTRDIFF_T
+#endif
+#if defined(OPENSSL_SYS_VMS) && __INITIAL_POINTER_SIZE==64
+/*
+ * Then we have VMS that distinguishes itself by adhering to
+ * sizeof(size_t)==4 even in 64-bit builds, which means that
+ * difference between two pointers might be truncated to 32 bits.
+ * In the context one can even wonder how comparison for
+ * equality is implemented. To be on the safe side we adhere to
+ * PTRDIFF_T even for comparison for equality.
+ */
+# define PTRDIFF_T uint64_t
+#else
+# define PTRDIFF_T size_t
+#endif
+
+int is_partially_overlapping(const void *ptr1, const void *ptr2, int len)
+{
+    PTRDIFF_T diff = (PTRDIFF_T)ptr1-(PTRDIFF_T)ptr2;
+    /*
+     * Check for partially overlapping buffers. [Binary logical
+     * operations are used instead of boolean to minimize number
+     * of conditional branches.]
+     */
+    int overlapped = (len > 0) & (diff != 0) & ((diff < (PTRDIFF_T)len) |
+                                                (diff > (0 - (PTRDIFF_T)len)));
+
+    return overlapped;
+}
+
 int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
                       const unsigned char *in, int inl)
 {
-    int i, j, bl;
+    int i, j, bl, cmpl = inl;
+
+    if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
+        cmpl = (cmpl + 7) / 8;
+
+    bl = ctx->cipher->block_size;
 
     if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
-        i = M_do_cipher(ctx, out, in, inl);
+        /* If block size > 1 then the cipher will have to do this check */
+        if (bl == 1 && is_partially_overlapping(out, in, cmpl)) {
+            EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
+            return 0;
+        }
+
+        i = ctx->cipher->do_cipher(ctx, out, in, inl);
         if (i < 0)
             return 0;
         else
@@ -337,9 +325,13 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
         *outl = 0;
         return inl == 0;
     }
+    if (is_partially_overlapping(out + ctx->buf_len, in, cmpl)) {
+        EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
+        return 0;
+    }
 
     if (ctx->buf_len == 0 && (inl & (ctx->block_mask)) == 0) {
-        if (M_do_cipher(ctx, out, in, inl)) {
+        if (ctx->cipher->do_cipher(ctx, out, in, inl)) {
             *outl = inl;
             return 1;
         } else {
@@ -348,7 +340,6 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
         }
     }
     i = ctx->buf_len;
-    bl = ctx->cipher->block_size;
     OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
     if (i != 0) {
         if (bl - i > inl) {
@@ -359,10 +350,10 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
         } else {
             j = bl - i;
             memcpy(&(ctx->buf[i]), in, j);
-            if (!M_do_cipher(ctx, out, ctx->buf, bl))
-                return 0;
             inl -= j;
             in += j;
+            if (!ctx->cipher->do_cipher(ctx, out, ctx->buf, bl))
+                return 0;
             out += bl;
             *outl = bl;
         }
@@ -371,7 +362,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
     i = inl & (bl - 1);
     inl -= i;
     if (inl > 0) {
-        if (!M_do_cipher(ctx, out, in, inl))
+        if (!ctx->cipher->do_cipher(ctx, out, in, inl))
             return 0;
         *outl += inl;
     }
@@ -395,7 +386,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
     unsigned int i, b, bl;
 
     if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
-        ret = M_do_cipher(ctx, out, NULL, 0);
+        ret = ctx->cipher->do_cipher(ctx, out, NULL, 0);
         if (ret < 0)
             return 0;
         else
@@ -423,7 +414,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
     n = b - bl;
     for (i = bl; i < b; i++)
         ctx->buf[i] = n;
-    ret = M_do_cipher(ctx, out, ctx->buf, b);
+    ret = ctx->cipher->do_cipher(ctx, out, ctx->buf, b);
 
     if (ret)
         *outl = b;
@@ -434,11 +425,21 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
                       const unsigned char *in, int inl)
 {
-    int fix_len;
+    int fix_len, cmpl = inl;
     unsigned int b;
 
+    b = ctx->cipher->block_size;
+
+    if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
+        cmpl = (cmpl + 7) / 8;
+
     if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
-        fix_len = M_do_cipher(ctx, out, in, inl);
+        if (b == 1 && is_partially_overlapping(out, in, cmpl)) {
+            EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
+            return 0;
+        }
+
+        fix_len = ctx->cipher->do_cipher(ctx, out, in, inl);
         if (fix_len < 0) {
             *outl = 0;
             return 0;
@@ -455,10 +456,15 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
     if (ctx->flags & EVP_CIPH_NO_PADDING)
         return EVP_EncryptUpdate(ctx, out, outl, in, inl);
 
-    b = ctx->cipher->block_size;
     OPENSSL_assert(b <= sizeof(ctx->final));
 
     if (ctx->final_used) {
+        /* see comment about PTRDIFF_T comparison above */
+        if (((PTRDIFF_T)out == (PTRDIFF_T)in)
+            || is_partially_overlapping(out, in, b)) {
+            EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
+            return 0;
+        }
         memcpy(out, ctx->final, b);
         out += b;
         fix_len = 1;
@@ -499,7 +505,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
     *outl = 0;
 
     if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
-        i = M_do_cipher(ctx, out, NULL, 0);
+        i = ctx->cipher->do_cipher(ctx, out, NULL, 0);
         if (i < 0)
             return 0;
         else
@@ -520,7 +526,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
     if (b > 1) {
         if (ctx->buf_len || !ctx->final_used) {
             EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_WRONG_FINAL_BLOCK_LENGTH);
-            return (0);
+            return 0;
         }
         OPENSSL_assert(b <= sizeof(ctx->final));
 
@@ -531,12 +537,12 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
         n = ctx->final[b - 1];
         if (n == 0 || n > (int)b) {
             EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
-            return (0);
+            return 0;
         }
         for (i = 0; i < n; i++) {
             if (ctx->final[--b] != n) {
                 EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
-                return (0);
+                return 0;
             }
         }
         n = ctx->cipher->block_size - n;
@@ -545,42 +551,6 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
         *outl = n;
     } else
         *outl = 0;
-    return (1);
-}
-
-void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
-{
-    if (ctx) {
-        EVP_CIPHER_CTX_cleanup(ctx);
-        OPENSSL_free(ctx);
-    }
-}
-
-int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
-{
-#ifndef OPENSSL_FIPS
-    if (c->cipher != NULL) {
-        if (c->cipher->cleanup && !c->cipher->cleanup(c))
-            return 0;
-        /* Cleanse cipher context data */
-        if (c->cipher_data)
-            OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
-    }
-    if (c->cipher_data)
-        OPENSSL_free(c->cipher_data);
-#endif
-#ifndef OPENSSL_NO_ENGINE
-    if (c->engine)
-        /*
-         * The EVP_CIPHER we used belongs to an ENGINE, release the
-         * functional reference we held for this reason.
-         */
-        ENGINE_finish(c->engine);
-#endif
-#ifdef OPENSSL_FIPS
-    FIPS_cipher_ctx_cleanup(c);
-#endif
-    memset(c, 0, sizeof(EVP_CIPHER_CTX));
     return 1;
 }
 
@@ -610,6 +580,7 @@ int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
 int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
 {
     int ret;
+
     if (!ctx->cipher) {
         EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET);
         return 0;
@@ -633,7 +604,7 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
 {
     if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
         return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key);
-    if (RAND_bytes(key, ctx->key_len) <= 0)
+    if (RAND_priv_bytes(key, ctx->key_len) <= 0)
         return 0;
     return 1;
 }
@@ -652,12 +623,12 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
     }
 #endif
 
-    EVP_CIPHER_CTX_cleanup(out);
+    EVP_CIPHER_CTX_reset(out);
     memcpy(out, in, sizeof(*out));
 
     if (in->cipher_data && in->cipher->ctx_size) {
         out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size);
-        if (!out->cipher_data) {
+        if (out->cipher_data == NULL) {
             out->cipher = NULL;
             EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_MALLOC_FAILURE);
             return 0;
diff --git a/freebsd/crypto/openssl/crypto/evp/evp_err.c b/freebsd/crypto/openssl/crypto/evp/evp_err.c
index b7df52a9..d83e3b71 100644
--- a/freebsd/crypto/openssl/crypto/evp/evp_err.c
+++ b/freebsd/crypto/openssl/crypto/evp/evp_err.c
@@ -1,257 +1,283 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/evp/evp_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2016 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
 /*
- * NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
-#include <openssl/evp.h>
+#include <openssl/evperr.h>
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_EVP,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_EVP,0,reason)
-
-static ERR_STRING_DATA EVP_str_functs[] = {
-    {ERR_FUNC(EVP_F_AESNI_INIT_KEY), "AESNI_INIT_KEY"},
-    {ERR_FUNC(EVP_F_AESNI_XTS_CIPHER), "AESNI_XTS_CIPHER"},
-    {ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"},
-    {ERR_FUNC(EVP_F_AES_T4_INIT_KEY), "AES_T4_INIT_KEY"},
-    {ERR_FUNC(EVP_F_AES_XTS), "AES_XTS"},
-    {ERR_FUNC(EVP_F_AES_XTS_CIPHER), "AES_XTS_CIPHER"},
-    {ERR_FUNC(EVP_F_ALG_MODULE_INIT), "ALG_MODULE_INIT"},
-    {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "CAMELLIA_INIT_KEY"},
-    {ERR_FUNC(EVP_F_CMAC_INIT), "CMAC_INIT"},
-    {ERR_FUNC(EVP_F_CMLL_T4_INIT_KEY), "CMLL_T4_INIT_KEY"},
-    {ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"},
-    {ERR_FUNC(EVP_F_DO_SIGVER_INIT), "DO_SIGVER_INIT"},
-    {ERR_FUNC(EVP_F_DSAPKEY2PKCS8), "DSAPKEY2PKCS8"},
-    {ERR_FUNC(EVP_F_DSA_PKEY2PKCS8), "DSA_PKEY2PKCS8"},
-    {ERR_FUNC(EVP_F_ECDSA_PKEY2PKCS8), "ECDSA_PKEY2PKCS8"},
-    {ERR_FUNC(EVP_F_ECKEY_PKEY2PKCS8), "ECKEY_PKEY2PKCS8"},
-    {ERR_FUNC(EVP_F_EVP_CIPHERINIT_EX), "EVP_CipherInit_ex"},
-    {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_COPY), "EVP_CIPHER_CTX_copy"},
-    {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL), "EVP_CIPHER_CTX_ctrl"},
-    {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH),
+static const ERR_STRING_DATA EVP_str_functs[] = {
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_AESNI_INIT_KEY, 0), "aesni_init_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_GCM_CTRL, 0), "aes_gcm_ctrl"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_INIT_KEY, 0), "aes_init_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_OCB_CIPHER, 0), "aes_ocb_cipher"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_T4_INIT_KEY, 0), "aes_t4_init_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_WRAP_CIPHER, 0), "aes_wrap_cipher"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_ALG_MODULE_INIT, 0), "alg_module_init"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_ARIA_CCM_INIT_KEY, 0), "aria_ccm_init_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_ARIA_GCM_CTRL, 0), "aria_gcm_ctrl"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_ARIA_GCM_INIT_KEY, 0), "aria_gcm_init_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_ARIA_INIT_KEY, 0), "aria_init_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_B64_NEW, 0), "b64_new"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_CAMELLIA_INIT_KEY, 0), "camellia_init_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_CHACHA20_POLY1305_CTRL, 0),
+     "chacha20_poly1305_ctrl"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_CMLL_T4_INIT_KEY, 0), "cmll_t4_init_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_DES_EDE3_WRAP_CIPHER, 0),
+     "des_ede3_wrap_cipher"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_DO_SIGVER_INIT, 0), "do_sigver_init"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_ENC_NEW, 0), "enc_new"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHERINIT_EX, 0), "EVP_CipherInit_ex"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_ASN1_TO_PARAM, 0),
+     "EVP_CIPHER_asn1_to_param"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_CTX_COPY, 0),
+     "EVP_CIPHER_CTX_copy"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_CTX_CTRL, 0),
+     "EVP_CIPHER_CTX_ctrl"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH, 0),
      "EVP_CIPHER_CTX_set_key_length"},
-    {ERR_FUNC(EVP_F_EVP_DECRYPTFINAL_EX), "EVP_DecryptFinal_ex"},
-    {ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"},
-    {ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"},
-    {ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"},
-    {ERR_FUNC(EVP_F_EVP_MD_SIZE), "EVP_MD_size"},
-    {ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"},
-    {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD), "EVP_PBE_alg_add"},
-    {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD_TYPE), "EVP_PBE_alg_add_type"},
-    {ERR_FUNC(EVP_F_EVP_PBE_CIPHERINIT), "EVP_PBE_CipherInit"},
-    {ERR_FUNC(EVP_F_EVP_PKCS82PKEY), "EVP_PKCS82PKEY"},
-    {ERR_FUNC(EVP_F_EVP_PKCS82PKEY_BROKEN), "EVP_PKCS82PKEY_BROKEN"},
-    {ERR_FUNC(EVP_F_EVP_PKEY2PKCS8_BROKEN), "EVP_PKEY2PKCS8_broken"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_COPY_PARAMETERS), "EVP_PKEY_copy_parameters"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_CTX_CTRL), "EVP_PKEY_CTX_ctrl"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_CTX_CTRL_STR), "EVP_PKEY_CTX_ctrl_str"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_CTX_DUP), "EVP_PKEY_CTX_dup"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT), "EVP_PKEY_decrypt"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT_INIT), "EVP_PKEY_decrypt_init"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT_OLD), "EVP_PKEY_decrypt_old"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_DERIVE), "EVP_PKEY_derive"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_DERIVE_INIT), "EVP_PKEY_derive_init"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_DERIVE_SET_PEER), "EVP_PKEY_derive_set_peer"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT), "EVP_PKEY_encrypt"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT_INIT), "EVP_PKEY_encrypt_init"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT_OLD), "EVP_PKEY_encrypt_old"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_GET1_DH), "EVP_PKEY_get1_DH"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_GET1_DSA), "EVP_PKEY_get1_DSA"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_GET1_ECDSA), "EVP_PKEY_GET1_ECDSA"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_GET1_EC_KEY), "EVP_PKEY_get1_EC_KEY"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_GET1_RSA), "EVP_PKEY_get1_RSA"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN), "EVP_PKEY_keygen"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN_INIT), "EVP_PKEY_keygen_init"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_NEW), "EVP_PKEY_new"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_PARAMGEN), "EVP_PKEY_paramgen"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_PARAMGEN_INIT), "EVP_PKEY_paramgen_init"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_SIGN), "EVP_PKEY_sign"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_SIGN_INIT), "EVP_PKEY_sign_init"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_VERIFY), "EVP_PKEY_verify"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_VERIFY_INIT), "EVP_PKEY_verify_init"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_VERIFY_RECOVER), "EVP_PKEY_verify_recover"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT),
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_PARAM_TO_ASN1, 0),
+     "EVP_CIPHER_param_to_asn1"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DECRYPTFINAL_EX, 0),
+     "EVP_DecryptFinal_ex"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DECRYPTUPDATE, 0), "EVP_DecryptUpdate"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DIGESTFINALXOF, 0), "EVP_DigestFinalXOF"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DIGESTINIT_EX, 0), "EVP_DigestInit_ex"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTFINAL_EX, 0),
+     "EVP_EncryptFinal_ex"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTUPDATE, 0), "EVP_EncryptUpdate"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MD_CTX_COPY_EX, 0), "EVP_MD_CTX_copy_ex"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MD_SIZE, 0), "EVP_MD_size"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_OPENINIT, 0), "EVP_OpenInit"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PBE_ALG_ADD, 0), "EVP_PBE_alg_add"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PBE_ALG_ADD_TYPE, 0),
+     "EVP_PBE_alg_add_type"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PBE_CIPHERINIT, 0), "EVP_PBE_CipherInit"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PBE_SCRYPT, 0), "EVP_PBE_scrypt"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKCS82PKEY, 0), "EVP_PKCS82PKEY"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY2PKCS8, 0), "EVP_PKEY2PKCS8"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_ASN1_ADD0, 0), "EVP_PKEY_asn1_add0"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_CHECK, 0), "EVP_PKEY_check"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_COPY_PARAMETERS, 0),
+     "EVP_PKEY_copy_parameters"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_CTX_CTRL, 0), "EVP_PKEY_CTX_ctrl"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_CTX_CTRL_STR, 0),
+     "EVP_PKEY_CTX_ctrl_str"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_CTX_DUP, 0), "EVP_PKEY_CTX_dup"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_CTX_MD, 0), "EVP_PKEY_CTX_md"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_DECRYPT, 0), "EVP_PKEY_decrypt"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_DECRYPT_INIT, 0),
+     "EVP_PKEY_decrypt_init"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_DECRYPT_OLD, 0),
+     "EVP_PKEY_decrypt_old"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_DERIVE, 0), "EVP_PKEY_derive"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_DERIVE_INIT, 0),
+     "EVP_PKEY_derive_init"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_DERIVE_SET_PEER, 0),
+     "EVP_PKEY_derive_set_peer"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_ENCRYPT, 0), "EVP_PKEY_encrypt"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_ENCRYPT_INIT, 0),
+     "EVP_PKEY_encrypt_init"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_ENCRYPT_OLD, 0),
+     "EVP_PKEY_encrypt_old"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET0_DH, 0), "EVP_PKEY_get0_DH"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET0_DSA, 0), "EVP_PKEY_get0_DSA"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET0_EC_KEY, 0),
+     "EVP_PKEY_get0_EC_KEY"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET0_HMAC, 0), "EVP_PKEY_get0_hmac"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET0_POLY1305, 0),
+     "EVP_PKEY_get0_poly1305"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET0_RSA, 0), "EVP_PKEY_get0_RSA"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET0_SIPHASH, 0),
+     "EVP_PKEY_get0_siphash"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET_RAW_PRIVATE_KEY, 0),
+     "EVP_PKEY_get_raw_private_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET_RAW_PUBLIC_KEY, 0),
+     "EVP_PKEY_get_raw_public_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_KEYGEN, 0), "EVP_PKEY_keygen"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_KEYGEN_INIT, 0),
+     "EVP_PKEY_keygen_init"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_METH_ADD0, 0), "EVP_PKEY_meth_add0"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_METH_NEW, 0), "EVP_PKEY_meth_new"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_NEW, 0), "EVP_PKEY_new"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_NEW_CMAC_KEY, 0),
+     "EVP_PKEY_new_CMAC_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY, 0),
+     "EVP_PKEY_new_raw_private_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_NEW_RAW_PUBLIC_KEY, 0),
+     "EVP_PKEY_new_raw_public_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_PARAMGEN, 0), "EVP_PKEY_paramgen"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_PARAMGEN_INIT, 0),
+     "EVP_PKEY_paramgen_init"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_PARAM_CHECK, 0),
+     "EVP_PKEY_param_check"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_PUBLIC_CHECK, 0),
+     "EVP_PKEY_public_check"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_SET1_ENGINE, 0),
+     "EVP_PKEY_set1_engine"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_SET_ALIAS_TYPE, 0),
+     "EVP_PKEY_set_alias_type"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_SIGN, 0), "EVP_PKEY_sign"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_SIGN_INIT, 0), "EVP_PKEY_sign_init"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_VERIFY, 0), "EVP_PKEY_verify"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_VERIFY_INIT, 0),
+     "EVP_PKEY_verify_init"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_VERIFY_RECOVER, 0),
+     "EVP_PKEY_verify_recover"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT, 0),
      "EVP_PKEY_verify_recover_init"},
-    {ERR_FUNC(EVP_F_EVP_RIJNDAEL), "EVP_RIJNDAEL"},
-    {ERR_FUNC(EVP_F_EVP_SIGNFINAL), "EVP_SignFinal"},
-    {ERR_FUNC(EVP_F_EVP_VERIFYFINAL), "EVP_VerifyFinal"},
-    {ERR_FUNC(EVP_F_FIPS_CIPHERINIT), "FIPS_CIPHERINIT"},
-    {ERR_FUNC(EVP_F_FIPS_CIPHER_CTX_COPY), "FIPS_CIPHER_CTX_COPY"},
-    {ERR_FUNC(EVP_F_FIPS_CIPHER_CTX_CTRL), "FIPS_CIPHER_CTX_CTRL"},
-    {ERR_FUNC(EVP_F_FIPS_CIPHER_CTX_SET_KEY_LENGTH),
-     "FIPS_CIPHER_CTX_SET_KEY_LENGTH"},
-    {ERR_FUNC(EVP_F_FIPS_DIGESTINIT), "FIPS_DIGESTINIT"},
-    {ERR_FUNC(EVP_F_FIPS_MD_CTX_COPY), "FIPS_MD_CTX_COPY"},
-    {ERR_FUNC(EVP_F_HMAC_INIT_EX), "HMAC_Init_ex"},
-    {ERR_FUNC(EVP_F_INT_CTX_NEW), "INT_CTX_NEW"},
-    {ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN), "PKCS5_PBE_keyivgen"},
-    {ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN), "PKCS5_v2_PBE_keyivgen"},
-    {ERR_FUNC(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN), "PKCS5_V2_PBKDF2_KEYIVGEN"},
-    {ERR_FUNC(EVP_F_PKCS8_SET_BROKEN), "PKCS8_set_broken"},
-    {ERR_FUNC(EVP_F_PKEY_SET_TYPE), "PKEY_SET_TYPE"},
-    {ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "RC2_MAGIC_TO_METH"},
-    {ERR_FUNC(EVP_F_RC5_CTRL), "RC5_CTRL"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_SIGNFINAL, 0), "EVP_SignFinal"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_VERIFYFINAL, 0), "EVP_VerifyFinal"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_INT_CTX_NEW, 0), "int_ctx_new"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_OK_NEW, 0), "ok_new"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_PKCS5_PBE_KEYIVGEN, 0), "PKCS5_PBE_keyivgen"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_PKCS5_V2_PBE_KEYIVGEN, 0),
+     "PKCS5_v2_PBE_keyivgen"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, 0),
+     "PKCS5_v2_PBKDF2_keyivgen"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN, 0),
+     "PKCS5_v2_scrypt_keyivgen"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_PKEY_SET_TYPE, 0), "pkey_set_type"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_RC2_MAGIC_TO_METH, 0), "rc2_magic_to_meth"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_RC5_CTRL, 0), "rc5_ctrl"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_S390X_AES_GCM_CTRL, 0), "s390x_aes_gcm_ctrl"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_UPDATE, 0), "update"},
     {0, NULL}
 };
 
-static ERR_STRING_DATA EVP_str_reasons[] = {
-    {ERR_REASON(EVP_R_AES_IV_SETUP_FAILED), "aes iv setup failed"},
-    {ERR_REASON(EVP_R_AES_KEY_SETUP_FAILED), "aes key setup failed"},
-    {ERR_REASON(EVP_R_ASN1_LIB), "asn1 lib"},
-    {ERR_REASON(EVP_R_BAD_BLOCK_LENGTH), "bad block length"},
-    {ERR_REASON(EVP_R_BAD_DECRYPT), "bad decrypt"},
-    {ERR_REASON(EVP_R_BAD_KEY_LENGTH), "bad key length"},
-    {ERR_REASON(EVP_R_BN_DECODE_ERROR), "bn decode error"},
-    {ERR_REASON(EVP_R_BN_PUBKEY_ERROR), "bn pubkey error"},
-    {ERR_REASON(EVP_R_BUFFER_TOO_SMALL), "buffer too small"},
-    {ERR_REASON(EVP_R_CAMELLIA_KEY_SETUP_FAILED),
-     "camellia key setup failed"},
-    {ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR), "cipher parameter error"},
-    {ERR_REASON(EVP_R_COMMAND_NOT_SUPPORTED), "command not supported"},
-    {ERR_REASON(EVP_R_CTRL_NOT_IMPLEMENTED), "ctrl not implemented"},
-    {ERR_REASON(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED),
-     "ctrl operation not implemented"},
-    {ERR_REASON(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH),
-     "data not multiple of block length"},
-    {ERR_REASON(EVP_R_DECODE_ERROR), "decode error"},
-    {ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES), "different key types"},
-    {ERR_REASON(EVP_R_DIFFERENT_PARAMETERS), "different parameters"},
-    {ERR_REASON(EVP_R_DISABLED_FOR_FIPS), "disabled for fips"},
-    {ERR_REASON(EVP_R_ENCODE_ERROR), "encode error"},
-    {ERR_REASON(EVP_R_ERROR_LOADING_SECTION), "error loading section"},
-    {ERR_REASON(EVP_R_ERROR_SETTING_FIPS_MODE), "error setting fips mode"},
-    {ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR), "evp pbe cipherinit error"},
-    {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY), "expecting an rsa key"},
-    {ERR_REASON(EVP_R_EXPECTING_A_DH_KEY), "expecting a dh key"},
-    {ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY), "expecting a dsa key"},
-    {ERR_REASON(EVP_R_EXPECTING_A_ECDSA_KEY), "expecting a ecdsa key"},
-    {ERR_REASON(EVP_R_EXPECTING_A_EC_KEY), "expecting a ec key"},
-    {ERR_REASON(EVP_R_FIPS_MODE_NOT_SUPPORTED), "fips mode not supported"},
-    {ERR_REASON(EVP_R_INITIALIZATION_ERROR), "initialization error"},
-    {ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED), "input not initialized"},
-    {ERR_REASON(EVP_R_INVALID_DIGEST), "invalid digest"},
-    {ERR_REASON(EVP_R_INVALID_FIPS_MODE), "invalid fips mode"},
-    {ERR_REASON(EVP_R_INVALID_KEY), "invalid key"},
-    {ERR_REASON(EVP_R_INVALID_KEY_LENGTH), "invalid key length"},
-    {ERR_REASON(EVP_R_INVALID_OPERATION), "invalid operation"},
-    {ERR_REASON(EVP_R_IV_TOO_LARGE), "iv too large"},
-    {ERR_REASON(EVP_R_KEYGEN_FAILURE), "keygen failure"},
-    {ERR_REASON(EVP_R_MESSAGE_DIGEST_IS_NULL), "message digest is null"},
-    {ERR_REASON(EVP_R_METHOD_NOT_SUPPORTED), "method not supported"},
-    {ERR_REASON(EVP_R_MISSING_PARAMETERS), "missing parameters"},
-    {ERR_REASON(EVP_R_NO_CIPHER_SET), "no cipher set"},
-    {ERR_REASON(EVP_R_NO_DEFAULT_DIGEST), "no default digest"},
-    {ERR_REASON(EVP_R_NO_DIGEST_SET), "no digest set"},
-    {ERR_REASON(EVP_R_NO_DSA_PARAMETERS), "no dsa parameters"},
-    {ERR_REASON(EVP_R_NO_KEY_SET), "no key set"},
-    {ERR_REASON(EVP_R_NO_OPERATION_SET), "no operation set"},
-    {ERR_REASON(EVP_R_NO_SIGN_FUNCTION_CONFIGURED),
-     "no sign function configured"},
-    {ERR_REASON(EVP_R_NO_VERIFY_FUNCTION_CONFIGURED),
-     "no verify function configured"},
-    {ERR_REASON(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),
-     "operation not supported for this keytype"},
-    {ERR_REASON(EVP_R_OPERATON_NOT_INITIALIZED), "operaton not initialized"},
-    {ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE),
-     "pkcs8 unknown broken type"},
-    {ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR), "private key decode error"},
-    {ERR_REASON(EVP_R_PRIVATE_KEY_ENCODE_ERROR), "private key encode error"},
-    {ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"},
-    {ERR_REASON(EVP_R_TOO_LARGE), "too large"},
-    {ERR_REASON(EVP_R_UNKNOWN_CIPHER), "unknown cipher"},
-    {ERR_REASON(EVP_R_UNKNOWN_DIGEST), "unknown digest"},
-    {ERR_REASON(EVP_R_UNKNOWN_OPTION), "unknown option"},
-    {ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM), "unknown pbe algorithm"},
-    {ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS),
-     "unsuported number of rounds"},
-    {ERR_REASON(EVP_R_UNSUPPORTED_ALGORITHM), "unsupported algorithm"},
-    {ERR_REASON(EVP_R_UNSUPPORTED_CIPHER), "unsupported cipher"},
-    {ERR_REASON(EVP_R_UNSUPPORTED_KEYLENGTH), "unsupported keylength"},
-    {ERR_REASON(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION),
-     "unsupported key derivation function"},
-    {ERR_REASON(EVP_R_UNSUPPORTED_KEY_SIZE), "unsupported key size"},
-    {ERR_REASON(EVP_R_UNSUPPORTED_PRF), "unsupported prf"},
-    {ERR_REASON(EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM),
-     "unsupported private key algorithm"},
-    {ERR_REASON(EVP_R_UNSUPPORTED_SALT_TYPE), "unsupported salt type"},
-    {ERR_REASON(EVP_R_WRAP_MODE_NOT_ALLOWED), "wrap mode not allowed"},
-    {ERR_REASON(EVP_R_WRONG_FINAL_BLOCK_LENGTH), "wrong final block length"},
-    {ERR_REASON(EVP_R_WRONG_PUBLIC_KEY_TYPE), "wrong public key type"},
+static const ERR_STRING_DATA EVP_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_AES_KEY_SETUP_FAILED),
+    "aes key setup failed"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ARIA_KEY_SETUP_FAILED),
+    "aria key setup failed"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_BAD_DECRYPT), "bad decrypt"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_BUFFER_TOO_SMALL), "buffer too small"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CAMELLIA_KEY_SETUP_FAILED),
+    "camellia key setup failed"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CIPHER_PARAMETER_ERROR),
+    "cipher parameter error"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_COMMAND_NOT_SUPPORTED),
+    "command not supported"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_COPY_ERROR), "copy error"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CTRL_NOT_IMPLEMENTED),
+    "ctrl not implemented"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED),
+    "ctrl operation not implemented"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH),
+    "data not multiple of block length"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DECODE_ERROR), "decode error"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DIFFERENT_KEY_TYPES),
+    "different key types"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DIFFERENT_PARAMETERS),
+    "different parameters"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ERROR_LOADING_SECTION),
+    "error loading section"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ERROR_SETTING_FIPS_MODE),
+    "error setting fips mode"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_AN_HMAC_KEY),
+    "expecting an hmac key"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_AN_RSA_KEY),
+    "expecting an rsa key"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_A_DH_KEY), "expecting a dh key"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_A_DSA_KEY),
+    "expecting a dsa key"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_A_EC_KEY), "expecting a ec key"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_A_POLY1305_KEY),
+    "expecting a poly1305 key"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_A_SIPHASH_KEY),
+    "expecting a siphash key"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_FIPS_MODE_NOT_SUPPORTED),
+    "fips mode not supported"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_GET_RAW_KEY_FAILED), "get raw key failed"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ILLEGAL_SCRYPT_PARAMETERS),
+    "illegal scrypt parameters"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INITIALIZATION_ERROR),
+    "initialization error"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INPUT_NOT_INITIALIZED),
+    "input not initialized"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_DIGEST), "invalid digest"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_FIPS_MODE), "invalid fips mode"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_KEY), "invalid key"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_KEY_LENGTH), "invalid key length"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_OPERATION), "invalid operation"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_KEYGEN_FAILURE), "keygen failure"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_KEY_SETUP_FAILED), "key setup failed"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_MEMORY_LIMIT_EXCEEDED),
+    "memory limit exceeded"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_MESSAGE_DIGEST_IS_NULL),
+    "message digest is null"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_METHOD_NOT_SUPPORTED),
+    "method not supported"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_MISSING_PARAMETERS), "missing parameters"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NOT_XOF_OR_INVALID_LENGTH),
+    "not XOF or invalid length"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_CIPHER_SET), "no cipher set"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_DEFAULT_DIGEST), "no default digest"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_DIGEST_SET), "no digest set"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_KEY_SET), "no key set"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_OPERATION_SET), "no operation set"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ONLY_ONESHOT_SUPPORTED),
+    "only oneshot supported"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),
+    "operation not supported for this keytype"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATON_NOT_INITIALIZED),
+    "operaton not initialized"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARTIALLY_OVERLAPPING),
+    "partially overlapping buffers"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PBKDF2_ERROR), "pbkdf2 error"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED),
+    "pkey application asn1 method already registered"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PRIVATE_KEY_DECODE_ERROR),
+    "private key decode error"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PRIVATE_KEY_ENCODE_ERROR),
+    "private key encode error"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_CIPHER), "unknown cipher"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_DIGEST), "unknown digest"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_OPTION), "unknown option"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_PBE_ALGORITHM),
+    "unknown pbe algorithm"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_ALGORITHM),
+    "unsupported algorithm"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_CIPHER), "unsupported cipher"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_KEYLENGTH),
+    "unsupported keylength"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION),
+    "unsupported key derivation function"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_KEY_SIZE),
+    "unsupported key size"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS),
+    "unsupported number of rounds"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_PRF), "unsupported prf"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM),
+    "unsupported private key algorithm"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_SALT_TYPE),
+    "unsupported salt type"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_WRAP_MODE_NOT_ALLOWED),
+    "wrap mode not allowed"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_WRONG_FINAL_BLOCK_LENGTH),
+    "wrong final block length"},
     {0, NULL}
 };
 
 #endif
 
-void ERR_load_EVP_strings(void)
+int ERR_load_EVP_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
-
     if (ERR_func_error_string(EVP_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, EVP_str_functs);
-        ERR_load_strings(0, EVP_str_reasons);
+        ERR_load_strings_const(EVP_str_functs);
+        ERR_load_strings_const(EVP_str_reasons);
     }
 #endif
+    return 1;
 }
diff --git a/freebsd/crypto/openssl/crypto/evp/evp_extra_test.c b/freebsd/crypto/openssl/crypto/evp/evp_extra_test.c
deleted file mode 100644
index ffaf19d9..00000000
--- a/freebsd/crypto/openssl/crypto/evp/evp_extra_test.c
+++ /dev/null
@@ -1,491 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* Copyright (c) 2014, Google Inc.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-/* ====================================================================
- * Copyright (c) 1998-2015 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/bio.h>
-#include <openssl/crypto.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/rsa.h>
-#include <openssl/x509.h>
-
-/*
- * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
- * should never use this key anywhere but in an example.
- */
-static const unsigned char kExampleRSAKeyDER[] = {
-    0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
-    0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
-    0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
-    0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
-    0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
-    0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
-    0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
-    0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
-    0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
-    0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
-    0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
-    0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
-    0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
-    0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
-    0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
-    0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
-    0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
-    0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
-    0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
-    0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
-    0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
-    0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
-    0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
-    0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
-    0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
-    0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
-    0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
-    0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
-    0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
-    0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
-    0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
-    0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
-    0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
-    0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
-    0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
-    0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
-    0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
-    0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
-    0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
-    0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
-    0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
-    0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
-    0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
-    0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
-    0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
-    0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
-    0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
-    0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
-    0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
-    0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
-    0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
-};
-
-static const unsigned char kMsg[] = { 1, 2, 3, 4 };
-
-static const unsigned char kSignature[] = {
-    0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
-    0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
-    0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
-    0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
-    0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
-    0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
-    0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
-    0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
-    0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
-    0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
-    0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
-};
-
-/*
- * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
- * PrivateKeyInfo.
- */
-static const unsigned char kExampleRSAKeyPKCS8[] = {
-    0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
-    0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
-    0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
-    0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
-    0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
-    0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
-    0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
-    0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
-    0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
-    0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
-    0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
-    0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
-    0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
-    0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
-    0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
-    0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
-    0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
-    0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
-    0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
-    0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
-    0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
-    0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
-    0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
-    0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
-    0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
-    0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
-    0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
-    0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
-    0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
-    0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
-    0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
-    0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
-    0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
-    0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
-    0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
-    0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
-    0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
-    0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
-    0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
-    0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
-    0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
-    0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
-    0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
-    0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
-    0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
-    0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
-    0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
-    0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
-    0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
-    0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
-    0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
-    0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
-    0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
-};
-
-#ifndef OPENSSL_NO_EC
-/*
- * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
- * structure.
- */
-static const unsigned char kExampleECKeyDER[] = {
-    0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
-    0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
-    0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
-    0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
-    0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
-    0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
-    0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
-    0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
-    0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
-    0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
-    0xc1,
-};
-
-/*
- * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
- * structure. The private key is equal to the order and will fail to import
- */
-static const unsigned char kExampleBadECKeyDER[] = {
-    0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
-    0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
-    0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
-    0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-    0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
-    0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
-    0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
-    0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
-    0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
-};
-#endif
-
-static EVP_PKEY *load_example_rsa_key(void)
-{
-    EVP_PKEY *ret = NULL;
-    const unsigned char *derp = kExampleRSAKeyDER;
-    EVP_PKEY *pkey = NULL;
-    RSA *rsa = NULL;
-
-    if (!d2i_RSAPrivateKey(&rsa, &derp, sizeof(kExampleRSAKeyDER))) {
-        return NULL;
-    }
-
-    pkey = EVP_PKEY_new();
-    if (pkey == NULL || !EVP_PKEY_set1_RSA(pkey, rsa)) {
-        goto out;
-    }
-
-    ret = pkey;
-    pkey = NULL;
-
- out:
-    if (pkey) {
-        EVP_PKEY_free(pkey);
-    }
-    if (rsa) {
-        RSA_free(rsa);
-    }
-
-    return ret;
-}
-
-static int test_EVP_DigestSignInit(void)
-{
-    int ret = 0;
-    EVP_PKEY *pkey = NULL;
-    unsigned char *sig = NULL;
-    size_t sig_len = 0;
-    EVP_MD_CTX md_ctx, md_ctx_verify;
-
-    EVP_MD_CTX_init(&md_ctx);
-    EVP_MD_CTX_init(&md_ctx_verify);
-
-    pkey = load_example_rsa_key();
-    if (pkey == NULL ||
-        !EVP_DigestSignInit(&md_ctx, NULL, EVP_sha256(), NULL, pkey) ||
-        !EVP_DigestSignUpdate(&md_ctx, kMsg, sizeof(kMsg))) {
-        goto out;
-    }
-    /* Determine the size of the signature. */
-    if (!EVP_DigestSignFinal(&md_ctx, NULL, &sig_len)) {
-        goto out;
-    }
-    /* Sanity check for testing. */
-    if (sig_len != (size_t)EVP_PKEY_size(pkey)) {
-        fprintf(stderr, "sig_len mismatch\n");
-        goto out;
-    }
-
-    sig = OPENSSL_malloc(sig_len);
-    if (sig == NULL || !EVP_DigestSignFinal(&md_ctx, sig, &sig_len)) {
-        goto out;
-    }
-
-    /* Ensure that the signature round-trips. */
-    if (!EVP_DigestVerifyInit(&md_ctx_verify, NULL, EVP_sha256(), NULL, pkey)
-        || !EVP_DigestVerifyUpdate(&md_ctx_verify, kMsg, sizeof(kMsg))
-        || !EVP_DigestVerifyFinal(&md_ctx_verify, sig, sig_len)) {
-        goto out;
-    }
-
-    ret = 1;
-
- out:
-    if (!ret) {
-        ERR_print_errors_fp(stderr);
-    }
-
-    EVP_MD_CTX_cleanup(&md_ctx);
-    EVP_MD_CTX_cleanup(&md_ctx_verify);
-    if (pkey) {
-        EVP_PKEY_free(pkey);
-    }
-    if (sig) {
-        OPENSSL_free(sig);
-    }
-
-    return ret;
-}
-
-static int test_EVP_DigestVerifyInit(void)
-{
-    int ret = 0;
-    EVP_PKEY *pkey = NULL;
-    EVP_MD_CTX md_ctx;
-
-    EVP_MD_CTX_init(&md_ctx);
-
-    pkey = load_example_rsa_key();
-    if (pkey == NULL ||
-        !EVP_DigestVerifyInit(&md_ctx, NULL, EVP_sha256(), NULL, pkey) ||
-        !EVP_DigestVerifyUpdate(&md_ctx, kMsg, sizeof(kMsg)) ||
-        !EVP_DigestVerifyFinal(&md_ctx, kSignature, sizeof(kSignature))) {
-        goto out;
-    }
-    ret = 1;
-
- out:
-    if (!ret) {
-        ERR_print_errors_fp(stderr);
-    }
-
-    EVP_MD_CTX_cleanup(&md_ctx);
-    if (pkey) {
-        EVP_PKEY_free(pkey);
-    }
-
-    return ret;
-}
-
-static int test_d2i_AutoPrivateKey(const unsigned char *input,
-                                   size_t input_len, int expected_id)
-{
-    int ret = 0;
-    const unsigned char *p;
-    EVP_PKEY *pkey = NULL;
-
-    p = input;
-    pkey = d2i_AutoPrivateKey(NULL, &p, input_len);
-    if (pkey == NULL || p != input + input_len) {
-        fprintf(stderr, "d2i_AutoPrivateKey failed\n");
-        goto done;
-    }
-
-    if (EVP_PKEY_id(pkey) != expected_id) {
-        fprintf(stderr, "Did not decode expected type\n");
-        goto done;
-    }
-
-    ret = 1;
-
- done:
-    if (!ret) {
-        ERR_print_errors_fp(stderr);
-    }
-
-    if (pkey != NULL) {
-        EVP_PKEY_free(pkey);
-    }
-    return ret;
-}
-
-#ifndef OPENSSL_NO_EC
-/* Tests loading a bad key in PKCS8 format */
-static int test_EVP_PKCS82PKEY(void)
-{
-    int ret = 0;
-    const unsigned char *derp = kExampleBadECKeyDER;
-    PKCS8_PRIV_KEY_INFO *p8inf = NULL;
-    EVP_PKEY *pkey = NULL;
-
-    p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp, sizeof(kExampleBadECKeyDER));
-
-    if (!p8inf || derp != kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)) {
-        fprintf(stderr, "Failed to parse key\n");
-        goto done;
-    }
-
-    pkey = EVP_PKCS82PKEY(p8inf);
-    if (pkey) {
-        fprintf(stderr, "Imported invalid EC key\n");
-        goto done;
-    }
-
-    ret = 1;
-
- done:
-    if (p8inf != NULL) {
-        PKCS8_PRIV_KEY_INFO_free(p8inf);
-    }
-
-    if (pkey != NULL) {
-        EVP_PKEY_free(pkey);
-    }
-
-    return ret;
-}
-#endif
-
-int main(void)
-{
-    CRYPTO_malloc_debug_init();
-    CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
-    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
-    ERR_load_crypto_strings();
-    /* Load up the software EVP_CIPHER and EVP_MD definitions */
-    OpenSSL_add_all_ciphers();
-    OpenSSL_add_all_digests();
-
-    if (!test_EVP_DigestSignInit()) {
-        fprintf(stderr, "EVP_DigestSignInit failed\n");
-        return 1;
-    }
-
-    if (!test_EVP_DigestVerifyInit()) {
-        fprintf(stderr, "EVP_DigestVerifyInit failed\n");
-        return 1;
-    }
-
-    if (!test_d2i_AutoPrivateKey(kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER),
-                                 EVP_PKEY_RSA)) {
-        fprintf(stderr, "d2i_AutoPrivateKey(kExampleRSAKeyDER) failed\n");
-        return 1;
-    }
-
-    if (!test_d2i_AutoPrivateKey
-        (kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA)) {
-        fprintf(stderr, "d2i_AutoPrivateKey(kExampleRSAKeyPKCS8) failed\n");
-        return 1;
-    }
-
-#ifndef OPENSSL_NO_EC
-    if (!test_d2i_AutoPrivateKey(kExampleECKeyDER, sizeof(kExampleECKeyDER),
-                                 EVP_PKEY_EC)) {
-        fprintf(stderr, "d2i_AutoPrivateKey(kExampleECKeyDER) failed\n");
-        return 1;
-    }
-
-    if (!test_EVP_PKCS82PKEY()) {
-        fprintf(stderr, "test_EVP_PKCS82PKEY failed\n");
-        return 1;
-    }
-#endif
-
-    EVP_cleanup();
-    CRYPTO_cleanup_all_ex_data();
-    ERR_remove_thread_state(NULL);
-    ERR_free_strings();
-    CRYPTO_mem_leaks_fp(stderr);
-
-    printf("PASS\n");
-    return 0;
-}
diff --git a/freebsd/crypto/openssl/crypto/evp/evp_key.c b/freebsd/crypto/openssl/crypto/evp/evp_key.c
index 9544f496..4cb5ae48 100644
--- a/freebsd/crypto/openssl/crypto/evp/evp_key.c
+++ b/freebsd/crypto/openssl/crypto/evp/evp_key.c
@@ -1,65 +1,16 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/evp/evp_key.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/x509.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
@@ -81,9 +32,9 @@ void EVP_set_pw_prompt(const char *prompt)
 char *EVP_get_pw_prompt(void)
 {
     if (prompt_string[0] == '\0')
-        return (NULL);
+        return NULL;
     else
-        return (prompt_string);
+        return prompt_string;
 }
 
 /*
@@ -127,40 +78,42 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
                    int datal, int count, unsigned char *key,
                    unsigned char *iv)
 {
-    EVP_MD_CTX c;
+    EVP_MD_CTX *c;
     unsigned char md_buf[EVP_MAX_MD_SIZE];
     int niv, nkey, addmd = 0;
     unsigned int mds = 0, i;
     int rv = 0;
-    nkey = type->key_len;
-    niv = type->iv_len;
+    nkey = EVP_CIPHER_key_length(type);
+    niv = EVP_CIPHER_iv_length(type);
     OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH);
     OPENSSL_assert(niv <= EVP_MAX_IV_LENGTH);
 
     if (data == NULL)
-        return (nkey);
+        return nkey;
 
-    EVP_MD_CTX_init(&c);
+    c = EVP_MD_CTX_new();
+    if (c == NULL)
+        goto err;
     for (;;) {
-        if (!EVP_DigestInit_ex(&c, md, NULL))
+        if (!EVP_DigestInit_ex(c, md, NULL))
             goto err;
         if (addmd++)
-            if (!EVP_DigestUpdate(&c, &(md_buf[0]), mds))
+            if (!EVP_DigestUpdate(c, &(md_buf[0]), mds))
                 goto err;
-        if (!EVP_DigestUpdate(&c, data, datal))
+        if (!EVP_DigestUpdate(c, data, datal))
             goto err;
         if (salt != NULL)
-            if (!EVP_DigestUpdate(&c, salt, PKCS5_SALT_LEN))
+            if (!EVP_DigestUpdate(c, salt, PKCS5_SALT_LEN))
                 goto err;
-        if (!EVP_DigestFinal_ex(&c, &(md_buf[0]), &mds))
+        if (!EVP_DigestFinal_ex(c, &(md_buf[0]), &mds))
             goto err;
 
         for (i = 1; i < (unsigned int)count; i++) {
-            if (!EVP_DigestInit_ex(&c, md, NULL))
+            if (!EVP_DigestInit_ex(c, md, NULL))
                 goto err;
-            if (!EVP_DigestUpdate(&c, &(md_buf[0]), mds))
+            if (!EVP_DigestUpdate(c, &(md_buf[0]), mds))
                 goto err;
-            if (!EVP_DigestFinal_ex(&c, &(md_buf[0]), &mds))
+            if (!EVP_DigestFinal_ex(c, &(md_buf[0]), &mds))
                 goto err;
         }
         i = 0;
@@ -191,9 +144,9 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
         if ((nkey == 0) && (niv == 0))
             break;
     }
-    rv = type->key_len;
+    rv = EVP_CIPHER_key_length(type);
  err:
-    EVP_MD_CTX_cleanup(&c);
+    EVP_MD_CTX_free(c);
     OPENSSL_cleanse(md_buf, sizeof(md_buf));
     return rv;
 }
diff --git a/freebsd/crypto/openssl/crypto/evp/evp_lib.c b/freebsd/crypto/openssl/crypto/evp/evp_lib.c
index 2df20613..280e7dad 100644
--- a/freebsd/crypto/openssl/crypto/evp/evp_lib.c
+++ b/freebsd/crypto/openssl/crypto/evp/evp_lib.c
@@ -1,71 +1,20 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/evp/evp_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/objects.h>
-#ifdef OPENSSL_FIPS
-# include <openssl/fips.h>
-# include "evp_locl.h"
-#endif
+#include "internal/evp_int.h"
+#include "evp_locl.h"
 
 int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
 {
@@ -84,7 +33,8 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
         case EVP_CIPH_GCM_MODE:
         case EVP_CIPH_CCM_MODE:
         case EVP_CIPH_XTS_MODE:
-            ret = -1;
+        case EVP_CIPH_OCB_MODE:
+            ret = -2;
             break;
 
         default:
@@ -92,7 +42,13 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
         }
     } else
         ret = -1;
-    return (ret);
+    if (ret <= 0)
+        EVPerr(EVP_F_EVP_CIPHER_PARAM_TO_ASN1, ret == -2 ?
+               ASN1_R_UNSUPPORTED_CIPHER :
+               EVP_R_CIPHER_PARAMETER_ERROR);
+    if (ret < -1)
+        ret = -1;
+    return ret;
 }
 
 int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
@@ -111,7 +67,8 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
         case EVP_CIPH_GCM_MODE:
         case EVP_CIPH_CCM_MODE:
         case EVP_CIPH_XTS_MODE:
-            ret = -1;
+        case EVP_CIPH_OCB_MODE:
+            ret = -2;
             break;
 
         default:
@@ -120,7 +77,13 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
         }
     } else
         ret = -1;
-    return (ret);
+    if (ret <= 0)
+        EVPerr(EVP_F_EVP_CIPHER_ASN1_TO_PARAM, ret == -2 ?
+               EVP_R_UNSUPPORTED_CIPHER :
+               EVP_R_CIPHER_PARAMETER_ERROR);
+    if (ret < -1)
+        ret = -1;
+    return ret;
 }
 
 int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
@@ -133,11 +96,11 @@ int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
         OPENSSL_assert(l <= sizeof(c->iv));
         i = ASN1_TYPE_get_octetstring(type, c->oiv, l);
         if (i != (int)l)
-            return (-1);
+            return -1;
         else if (i > 0)
             memcpy(c->iv, c->oiv, l);
     }
-    return (i);
+    return i;
 }
 
 int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
@@ -150,7 +113,7 @@ int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
         OPENSSL_assert(j <= sizeof(c->iv));
         i = ASN1_TYPE_set_octetstring(type, c->oiv, j);
     }
-    return (i);
+    return i;
 }
 
 /* Convert the various cipher NIDs and dummies to a proper OID NID */
@@ -206,7 +169,7 @@ int EVP_CIPHER_type(const EVP_CIPHER *ctx)
     default:
         /* Check it has an OID and it is valid */
         otmp = OBJ_nid2obj(nid);
-        if (!otmp || !otmp->data)
+        if (OBJ_get0_data(otmp) == NULL)
             nid = NID_undef;
         ASN1_OBJECT_free(otmp);
         return nid;
@@ -223,6 +186,11 @@ int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx)
     return ctx->cipher->block_size;
 }
 
+int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *e)
+{
+    return e->ctx_size;
+}
+
 int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                const unsigned char *in, unsigned int inl)
 {
@@ -234,24 +202,14 @@ const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx)
     return ctx->cipher;
 }
 
-unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher)
+int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx)
 {
-#ifdef OPENSSL_FIPS
-    const EVP_CIPHER *fcipher;
-    fcipher = evp_get_fips_cipher(cipher);
-    if (fcipher && fcipher->flags & EVP_CIPH_FLAG_FIPS)
-        return cipher->flags | EVP_CIPH_FLAG_FIPS;
-#endif
-    return cipher->flags;
+    return ctx->encrypt;
 }
 
-unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx)
+unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher)
 {
-#ifdef OPENSSL_FIPS
-    return EVP_CIPHER_flags(ctx->cipher);
-#else
-    return ctx->cipher->flags;
-#endif
+    return cipher->flags;
 }
 
 void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx)
@@ -264,6 +222,21 @@ void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data)
     ctx->app_data = data;
 }
 
+void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx)
+{
+    return ctx->cipher_data;
+}
+
+void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data)
+{
+    void *old_cipher_data;
+
+    old_cipher_data = ctx->cipher_data;
+    ctx->cipher_data = cipher_data;
+
+    return old_cipher_data;
+}
+
 int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher)
 {
     return cipher->iv_len;
@@ -274,6 +247,36 @@ int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx)
     return ctx->cipher->iv_len;
 }
 
+const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx)
+{
+    return ctx->oiv;
+}
+
+const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx)
+{
+    return ctx->iv;
+}
+
+unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx)
+{
+    return ctx->iv;
+}
+
+unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx)
+{
+    return ctx->buf;
+}
+
+int EVP_CIPHER_CTX_num(const EVP_CIPHER_CTX *ctx)
+{
+    return ctx->num;
+}
+
+void EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num)
+{
+    ctx->num = num;
+}
+
 int EVP_CIPHER_key_length(const EVP_CIPHER *cipher)
 {
     return cipher->key_len;
@@ -318,42 +321,134 @@ int EVP_MD_size(const EVP_MD *md)
     return md->md_size;
 }
 
-#ifdef OPENSSL_FIPS
-
-const EVP_MD *evp_get_fips_md(const EVP_MD *md)
+unsigned long EVP_MD_flags(const EVP_MD *md)
 {
-    int nid = EVP_MD_type(md);
-    if (nid == NID_dsa)
-        return FIPS_evp_dss1();
-    else if (nid == NID_dsaWithSHA)
-        return FIPS_evp_dss();
-    else if (nid == NID_ecdsa_with_SHA1)
-        return FIPS_evp_ecdsa();
-    else
-        return FIPS_get_digestbynid(nid);
+    return md->flags;
 }
 
-const EVP_CIPHER *evp_get_fips_cipher(const EVP_CIPHER *cipher)
+EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type)
 {
-    int nid = cipher->nid;
-    if (nid == NID_undef)
-        return FIPS_evp_enc_null();
-    else
-        return FIPS_get_cipherbynid(nid);
+    EVP_MD *md = OPENSSL_zalloc(sizeof(*md));
+
+    if (md != NULL) {
+        md->type = md_type;
+        md->pkey_type = pkey_type;
+    }
+    return md;
 }
+EVP_MD *EVP_MD_meth_dup(const EVP_MD *md)
+{
+    EVP_MD *to = EVP_MD_meth_new(md->type, md->pkey_type);
 
-#endif
+    if (to != NULL)
+        memcpy(to, md, sizeof(*to));
+    return to;
+}
+void EVP_MD_meth_free(EVP_MD *md)
+{
+    OPENSSL_free(md);
+}
+int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize)
+{
+    md->block_size = blocksize;
+    return 1;
+}
+int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize)
+{
+    md->md_size = resultsize;
+    return 1;
+}
+int EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize)
+{
+    md->ctx_size = datasize;
+    return 1;
+}
+int EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags)
+{
+    md->flags = flags;
+    return 1;
+}
+int EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx))
+{
+    md->init = init;
+    return 1;
+}
+int EVP_MD_meth_set_update(EVP_MD *md, int (*update)(EVP_MD_CTX *ctx,
+                                                     const void *data,
+                                                     size_t count))
+{
+    md->update = update;
+    return 1;
+}
+int EVP_MD_meth_set_final(EVP_MD *md, int (*final)(EVP_MD_CTX *ctx,
+                                                   unsigned char *md))
+{
+    md->final = final;
+    return 1;
+}
+int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to,
+                                                 const EVP_MD_CTX *from))
+{
+    md->copy = copy;
+    return 1;
+}
+int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx))
+{
+    md->cleanup = cleanup;
+    return 1;
+}
+int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd,
+                                                 int p1, void *p2))
+{
+    md->md_ctrl = ctrl;
+    return 1;
+}
 
-unsigned long EVP_MD_flags(const EVP_MD *md)
+int EVP_MD_meth_get_input_blocksize(const EVP_MD *md)
+{
+    return md->block_size;
+}
+int EVP_MD_meth_get_result_size(const EVP_MD *md)
+{
+    return md->md_size;
+}
+int EVP_MD_meth_get_app_datasize(const EVP_MD *md)
+{
+    return md->ctx_size;
+}
+unsigned long EVP_MD_meth_get_flags(const EVP_MD *md)
 {
-#ifdef OPENSSL_FIPS
-    const EVP_MD *fmd;
-    fmd = evp_get_fips_md(md);
-    if (fmd && fmd->flags & EVP_MD_FLAG_FIPS)
-        return md->flags | EVP_MD_FLAG_FIPS;
-#endif
     return md->flags;
 }
+int (*EVP_MD_meth_get_init(const EVP_MD *md))(EVP_MD_CTX *ctx)
+{
+    return md->init;
+}
+int (*EVP_MD_meth_get_update(const EVP_MD *md))(EVP_MD_CTX *ctx,
+                                                const void *data,
+                                                size_t count)
+{
+    return md->update;
+}
+int (*EVP_MD_meth_get_final(const EVP_MD *md))(EVP_MD_CTX *ctx,
+                                               unsigned char *md)
+{
+    return md->final;
+}
+int (*EVP_MD_meth_get_copy(const EVP_MD *md))(EVP_MD_CTX *to,
+                                              const EVP_MD_CTX *from)
+{
+    return md->copy;
+}
+int (*EVP_MD_meth_get_cleanup(const EVP_MD *md))(EVP_MD_CTX *ctx)
+{
+    return md->cleanup;
+}
+int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
+                                              int p1, void *p2)
+{
+    return md->md_ctrl;
+}
 
 const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx)
 {
@@ -362,6 +457,48 @@ const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx)
     return ctx->digest;
 }
 
+EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx)
+{
+    return ctx->pctx;
+}
+
+void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx)
+{
+    /*
+     * it's reasonable to set NULL pctx (a.k.a clear the ctx->pctx), so
+     * we have to deal with the cleanup job here.
+     */
+    if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX))
+        EVP_PKEY_CTX_free(ctx->pctx);
+
+    ctx->pctx = pctx;
+
+    if (pctx != NULL) {
+        /* make sure pctx is not freed when destroying EVP_MD_CTX */
+        EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX);
+    } else {
+        EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX);
+    }
+}
+
+void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx)
+{
+    return ctx->md_data;
+}
+
+int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx,
+                                             const void *data, size_t count)
+{
+    return ctx->update;
+}
+
+void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx,
+                              int (*update) (EVP_MD_CTX *ctx,
+                                             const void *data, size_t count))
+{
+    ctx->update = update;
+}
+
 void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags)
 {
     ctx->flags |= flags;
diff --git a/freebsd/crypto/openssl/crypto/evp/evp_locl.h b/freebsd/crypto/openssl/crypto/evp/evp_locl.h
index bee7f6d1..f1589d68 100644
--- a/freebsd/crypto/openssl/crypto/evp/evp_locl.h
+++ b/freebsd/crypto/openssl/crypto/evp/evp_locl.h
@@ -1,373 +1,68 @@
-/* evp_locl.h */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999-2018 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-/* Macros to code block cipher wrappers */
-
-/* Wrapper functions for each cipher mode */
-
-#define BLOCK_CIPHER_ecb_loop() \
-        size_t i, bl; \
-        bl = ctx->cipher->block_size;\
-        if(inl < bl) return 1;\
-        inl -= bl; \
-        for(i=0; i <= inl; i+=bl)
-
-#define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \
-static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
-{\
-        BLOCK_CIPHER_ecb_loop() \
-                cprefix##_ecb_encrypt(in + i, out + i, &((kstruct *)ctx->cipher_data)->ksched, ctx->encrypt);\
-        return 1;\
-}
-
-#define EVP_MAXCHUNK ((size_t)1<<(sizeof(long)*8-2))
-
-#define BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) \
-static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
-{\
-        while(inl>=EVP_MAXCHUNK)\
-            {\
-            cprefix##_ofb##cbits##_encrypt(in, out, (long)EVP_MAXCHUNK, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num);\
-            inl-=EVP_MAXCHUNK;\
-            in +=EVP_MAXCHUNK;\
-            out+=EVP_MAXCHUNK;\
-            }\
-        if (inl)\
-            cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num);\
-        return 1;\
-}
-
-#define BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \
-static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
-{\
-        while(inl>=EVP_MAXCHUNK) \
-            {\
-            cprefix##_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, ctx->encrypt);\
-            inl-=EVP_MAXCHUNK;\
-            in +=EVP_MAXCHUNK;\
-            out+=EVP_MAXCHUNK;\
-            }\
-        if (inl)\
-            cprefix##_cbc_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, ctx->encrypt);\
-        return 1;\
-}
-
-#define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \
-static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
-{\
-        size_t chunk=EVP_MAXCHUNK;\
-        if (cbits==1)  chunk>>=3;\
-        if (inl<chunk) chunk=inl;\
-        while(inl && inl>=chunk)\
-            {\
-            cprefix##_cfb##cbits##_encrypt(in, out, (long)((cbits==1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ?chunk*8:chunk), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\
-            inl-=chunk;\
-            in +=chunk;\
-            out+=chunk;\
-            if(inl<chunk) chunk=inl;\
-            }\
-        return 1;\
-}
-
-#define BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \
-        BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \
-        BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \
-        BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \
-        BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched)
-
-#define BLOCK_CIPHER_def1(cname, nmode, mode, MODE, kstruct, nid, block_size, \
-                          key_len, iv_len, flags, init_key, cleanup, \
-                          set_asn1, get_asn1, ctrl) \
-static const EVP_CIPHER cname##_##mode = { \
-        nid##_##nmode, block_size, key_len, iv_len, \
-        flags | EVP_CIPH_##MODE##_MODE, \
-        init_key, \
-        cname##_##mode##_cipher, \
-        cleanup, \
-        sizeof(kstruct), \
-        set_asn1, get_asn1,\
-        ctrl, \
-        NULL \
-}; \
-const EVP_CIPHER *EVP_##cname##_##mode(void) { return &cname##_##mode; }
-
-#define BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, \
-                             iv_len, flags, init_key, cleanup, set_asn1, \
-                             get_asn1, ctrl) \
-BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid, block_size, key_len, \
-                  iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
-
-#define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, \
-                             iv_len, cbits, flags, init_key, cleanup, \
-                             set_asn1, get_asn1, ctrl) \
-BLOCK_CIPHER_def1(cname, cfb##cbits, cfb##cbits, CFB, kstruct, nid, 1, \
-                  key_len, iv_len, flags, init_key, cleanup, set_asn1, \
-                  get_asn1, ctrl)
-
-#define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, \
-                             iv_len, cbits, flags, init_key, cleanup, \
-                             set_asn1, get_asn1, ctrl) \
-BLOCK_CIPHER_def1(cname, ofb##cbits, ofb, OFB, kstruct, nid, 1, \
-                  key_len, iv_len, flags, init_key, cleanup, set_asn1, \
-                  get_asn1, ctrl)
-
-#define BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, \
-                             flags, init_key, cleanup, set_asn1, \
-                             get_asn1, ctrl) \
-BLOCK_CIPHER_def1(cname, ecb, ecb, ECB, kstruct, nid, block_size, key_len, \
-                  0, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
-
-#define BLOCK_CIPHER_defs(cname, kstruct, \
-                          nid, block_size, key_len, iv_len, cbits, flags, \
-                          init_key, cleanup, set_asn1, get_asn1, ctrl) \
-BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags, \
-                     init_key, cleanup, set_asn1, get_asn1, ctrl) \
-BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, iv_len, cbits, \
-                     flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \
-BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, iv_len, cbits, \
-                     flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \
-BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, flags, \
-                     init_key, cleanup, set_asn1, get_asn1, ctrl)
-
-/*-
-#define BLOCK_CIPHER_defs(cname, kstruct, \
-                                nid, block_size, key_len, iv_len, flags,\
-                                 init_key, cleanup, set_asn1, get_asn1, ctrl)\
-static const EVP_CIPHER cname##_cbc = {\
-        nid##_cbc, block_size, key_len, iv_len, \
-        flags | EVP_CIPH_CBC_MODE,\
-        init_key,\
-        cname##_cbc_cipher,\
-        cleanup,\
-        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
-                sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
-        set_asn1, get_asn1,\
-        ctrl, \
-        NULL \
-};\
-const EVP_CIPHER *EVP_##cname##_cbc(void) { return &cname##_cbc; }\
-static const EVP_CIPHER cname##_cfb = {\
-        nid##_cfb64, 1, key_len, iv_len, \
-        flags | EVP_CIPH_CFB_MODE,\
-        init_key,\
-        cname##_cfb_cipher,\
-        cleanup,\
-        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
-                sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
-        set_asn1, get_asn1,\
-        ctrl,\
-        NULL \
-};\
-const EVP_CIPHER *EVP_##cname##_cfb(void) { return &cname##_cfb; }\
-static const EVP_CIPHER cname##_ofb = {\
-        nid##_ofb64, 1, key_len, iv_len, \
-        flags | EVP_CIPH_OFB_MODE,\
-        init_key,\
-        cname##_ofb_cipher,\
-        cleanup,\
-        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
-                sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
-        set_asn1, get_asn1,\
-        ctrl,\
-        NULL \
-};\
-const EVP_CIPHER *EVP_##cname##_ofb(void) { return &cname##_ofb; }\
-static const EVP_CIPHER cname##_ecb = {\
-        nid##_ecb, block_size, key_len, iv_len, \
-        flags | EVP_CIPH_ECB_MODE,\
-        init_key,\
-        cname##_ecb_cipher,\
-        cleanup,\
-        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
-                sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
-        set_asn1, get_asn1,\
-        ctrl,\
-        NULL \
-};\
-const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; }
-*/
-
-#define IMPLEMENT_BLOCK_CIPHER(cname, ksched, cprefix, kstruct, nid, \
-                               block_size, key_len, iv_len, cbits, \
-                               flags, init_key, \
-                               cleanup, set_asn1, get_asn1, ctrl) \
-        BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \
-        BLOCK_CIPHER_defs(cname, kstruct, nid, block_size, key_len, iv_len, \
-                          cbits, flags, init_key, cleanup, set_asn1, \
-                          get_asn1, ctrl)
-
-#define EVP_C_DATA(kstruct, ctx)        ((kstruct *)(ctx)->cipher_data)
-
-#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len) \
-        BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \
-        BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \
-                             NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \
-                             0, cipher##_init_key, NULL, \
-                             EVP_CIPHER_set_asn1_iv, \
-                             EVP_CIPHER_get_asn1_iv, \
-                             NULL)
-
-struct evp_pkey_ctx_st {
-    /* Method associated with this operation */
-    const EVP_PKEY_METHOD *pmeth;
-    /* Engine that implements this method or NULL if builtin */
-    ENGINE *engine;
-    /* Key: may be NULL */
-    EVP_PKEY *pkey;
-    /* Peer key for key agreement, may be NULL */
-    EVP_PKEY *peerkey;
-    /* Actual operation */
-    int operation;
-    /* Algorithm specific data */
-    void *data;
-    /* Application specific data */
-    void *app_data;
-    /* Keygen callback */
-    EVP_PKEY_gen_cb *pkey_gencb;
-    /* implementation specific keygen data */
-    int *keygen_info;
-    int keygen_info_count;
-} /* EVP_PKEY_CTX */ ;
-
-#define EVP_PKEY_FLAG_DYNAMIC   1
-
-struct evp_pkey_method_st {
-    int pkey_id;
-    int flags;
-    int (*init) (EVP_PKEY_CTX *ctx);
-    int (*copy) (EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src);
-    void (*cleanup) (EVP_PKEY_CTX *ctx);
-    int (*paramgen_init) (EVP_PKEY_CTX *ctx);
-    int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
-    int (*keygen_init) (EVP_PKEY_CTX *ctx);
-    int (*keygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
-    int (*sign_init) (EVP_PKEY_CTX *ctx);
-    int (*sign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
-                 const unsigned char *tbs, size_t tbslen);
-    int (*verify_init) (EVP_PKEY_CTX *ctx);
-    int (*verify) (EVP_PKEY_CTX *ctx,
-                   const unsigned char *sig, size_t siglen,
-                   const unsigned char *tbs, size_t tbslen);
-    int (*verify_recover_init) (EVP_PKEY_CTX *ctx);
-    int (*verify_recover) (EVP_PKEY_CTX *ctx,
-                           unsigned char *rout, size_t *routlen,
-                           const unsigned char *sig, size_t siglen);
-    int (*signctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
-    int (*signctx) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
-                    EVP_MD_CTX *mctx);
-    int (*verifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
-    int (*verifyctx) (EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen,
-                      EVP_MD_CTX *mctx);
-    int (*encrypt_init) (EVP_PKEY_CTX *ctx);
-    int (*encrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
-                    const unsigned char *in, size_t inlen);
-    int (*decrypt_init) (EVP_PKEY_CTX *ctx);
-    int (*decrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
-                    const unsigned char *in, size_t inlen);
-    int (*derive_init) (EVP_PKEY_CTX *ctx);
-    int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
-    int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
-    int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value);
-} /* EVP_PKEY_METHOD */ ;
-
-void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx);
+/* EVP_MD_CTX related stuff */
+
+struct evp_md_ctx_st {
+    const EVP_MD *digest;
+    ENGINE *engine;             /* functional reference if 'digest' is
+                                 * ENGINE-provided */
+    unsigned long flags;
+    void *md_data;
+    /* Public key context for sign/verify */
+    EVP_PKEY_CTX *pctx;
+    /* Update function: usually copied from EVP_MD */
+    int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count);
+} /* EVP_MD_CTX */ ;
+
+struct evp_cipher_ctx_st {
+    const EVP_CIPHER *cipher;
+    ENGINE *engine;             /* functional reference if 'cipher' is
+                                 * ENGINE-provided */
+    int encrypt;                /* encrypt or decrypt */
+    int buf_len;                /* number we have left */
+    unsigned char oiv[EVP_MAX_IV_LENGTH]; /* original iv */
+    unsigned char iv[EVP_MAX_IV_LENGTH]; /* working iv */
+    unsigned char buf[EVP_MAX_BLOCK_LENGTH]; /* saved partial block */
+    int num;                    /* used by cfb/ofb/ctr mode */
+    /* FIXME: Should this even exist? It appears unused */
+    void *app_data;             /* application stuff */
+    int key_len;                /* May change for variable length cipher */
+    unsigned long flags;        /* Various flags */
+    void *cipher_data;          /* per EVP data */
+    int final_used;
+    int block_mask;
+    unsigned char final[EVP_MAX_BLOCK_LENGTH]; /* possible final block */
+} /* EVP_CIPHER_CTX */ ;
 
 int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass,
                              int passlen, ASN1_TYPE *param,
                              const EVP_CIPHER *c, const EVP_MD *md,
                              int en_de);
 
-const EVP_MD *evp_get_fips_md(const EVP_MD *md);
-const EVP_CIPHER *evp_get_fips_cipher(const EVP_CIPHER *cipher);
-
-#ifdef OPENSSL_FIPS
-
-# ifdef OPENSSL_DOING_MAKEDEPEND
-#  undef SHA1_Init
-#  undef SHA1_Update
-#  undef SHA224_Init
-#  undef SHA256_Init
-#  undef SHA384_Init
-#  undef SHA512_Init
-#  undef DES_set_key_unchecked
-# endif
-
-# define RIPEMD160_Init  private_RIPEMD160_Init
-# define WHIRLPOOL_Init  private_WHIRLPOOL_Init
-# define MD5_Init        private_MD5_Init
-# define MD4_Init        private_MD4_Init
-# define MD2_Init        private_MD2_Init
-# define MDC2_Init       private_MDC2_Init
-# define SHA_Init        private_SHA_Init
-# define SHA1_Init       private_SHA1_Init
-# define SHA224_Init     private_SHA224_Init
-# define SHA256_Init     private_SHA256_Init
-# define SHA384_Init     private_SHA384_Init
-# define SHA512_Init     private_SHA512_Init
-
-# define BF_set_key      private_BF_set_key
-# define CAST_set_key    private_CAST_set_key
-# define idea_set_encrypt_key    private_idea_set_encrypt_key
-# define SEED_set_key    private_SEED_set_key
-# define RC2_set_key     private_RC2_set_key
-# define RC4_set_key     private_RC4_set_key
-# define DES_set_key_unchecked   private_DES_set_key_unchecked
-# define Camellia_set_key        private_Camellia_set_key
-
-#endif
+struct evp_Encode_Ctx_st {
+    /* number saved in a partial encode/decode */
+    int num;
+    /*
+     * The length is either the output line length (in input bytes) or the
+     * shortest input line length that is ok.  Once decoding begins, the
+     * length is adjusted up each time a longer line is decoded
+     */
+    int length;
+    /* data to encode */
+    unsigned char enc_data[80];
+    /* number read on current line */
+    int line_num;
+    unsigned int flags;
+};
+
+typedef struct evp_pbe_st EVP_PBE_CTL;
+DEFINE_STACK_OF(EVP_PBE_CTL)
+
+int is_partially_overlapping(const void *ptr1, const void *ptr2, int len);
diff --git a/freebsd/crypto/openssl/crypto/evp/evp_pbe.c b/freebsd/crypto/openssl/crypto/evp/evp_pbe.c
index 627678fc..4e5365cd 100644
--- a/freebsd/crypto/openssl/crypto/evp/evp_pbe.c
+++ b/freebsd/crypto/openssl/crypto/evp/evp_pbe.c
@@ -1,66 +1,16 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* evp_pbe.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/pkcs12.h>
 #include <openssl/x509.h>
@@ -68,18 +18,17 @@
 
 /* Password based encryption (PBE) functions */
 
-DECLARE_STACK_OF(EVP_PBE_CTL)
-static STACK_OF(EVP_PBE_CTL) *pbe_algs;
-
 /* Setup a cipher context from a PBE algorithm */
 
-typedef struct {
+struct evp_pbe_st {
     int pbe_type;
     int pbe_nid;
     int cipher_nid;
     int md_nid;
     EVP_PBE_KEYGEN *keygen;
-} EVP_PBE_CTL;
+};
+
+static STACK_OF(EVP_PBE_CTL) *pbe_algs;
 
 static const EVP_PBE_CTL builtin_pbe[] = {
     {EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndDES_CBC,
@@ -89,9 +38,7 @@ static const EVP_PBE_CTL builtin_pbe[] = {
     {EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndRC2_CBC,
      NID_rc2_64_cbc, NID_sha1, PKCS5_PBE_keyivgen},
 
-#ifndef OPENSSL_NO_HMAC
     {EVP_PBE_TYPE_OUTER, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen},
-#endif
 
     {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC4,
      NID_rc4, NID_sha1, PKCS12_PBE_keyivgen},
@@ -106,9 +53,8 @@ static const EVP_PBE_CTL builtin_pbe[] = {
     {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And40BitRC2_CBC,
      NID_rc2_40_cbc, NID_sha1, PKCS12_PBE_keyivgen},
 
-#ifndef OPENSSL_NO_HMAC
     {EVP_PBE_TYPE_OUTER, NID_pbes2, -1, -1, PKCS5_v2_PBE_keyivgen},
-#endif
+
     {EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndRC2_CBC,
      NID_rc2_64_cbc, NID_md2, PKCS5_PBE_keyivgen},
     {EVP_PBE_TYPE_OUTER, NID_pbeWithMD5AndRC2_CBC,
@@ -117,38 +63,25 @@ static const EVP_PBE_CTL builtin_pbe[] = {
      NID_des_cbc, NID_sha1, PKCS5_PBE_keyivgen},
 
     {EVP_PBE_TYPE_PRF, NID_hmacWithSHA1, -1, NID_sha1, 0},
+    {EVP_PBE_TYPE_PRF, NID_hmac_md5, -1, NID_md5, 0},
+    {EVP_PBE_TYPE_PRF, NID_hmac_sha1, -1, NID_sha1, 0},
     {EVP_PBE_TYPE_PRF, NID_hmacWithMD5, -1, NID_md5, 0},
     {EVP_PBE_TYPE_PRF, NID_hmacWithSHA224, -1, NID_sha224, 0},
     {EVP_PBE_TYPE_PRF, NID_hmacWithSHA256, -1, NID_sha256, 0},
     {EVP_PBE_TYPE_PRF, NID_hmacWithSHA384, -1, NID_sha384, 0},
     {EVP_PBE_TYPE_PRF, NID_hmacWithSHA512, -1, NID_sha512, 0},
     {EVP_PBE_TYPE_PRF, NID_id_HMACGostR3411_94, -1, NID_id_GostR3411_94, 0},
-};
-
-#ifdef TEST
-int main(int argc, char **argv)
-{
-    int i, nid_md, nid_cipher;
-    EVP_PBE_CTL *tpbe, *tpbe2;
-    /*
-     * OpenSSL_add_all_algorithms();
-     */
-
-    for (i = 0; i < sizeof(builtin_pbe) / sizeof(EVP_PBE_CTL); i++) {
-        tpbe = builtin_pbe + i;
-        fprintf(stderr, "%d %d %s ", tpbe->pbe_type, tpbe->pbe_nid,
-                OBJ_nid2sn(tpbe->pbe_nid));
-        if (EVP_PBE_find(tpbe->pbe_type, tpbe->pbe_nid,
-                         &nid_cipher, &nid_md, 0))
-            fprintf(stderr, "Found %s %s\n",
-                    OBJ_nid2sn(nid_cipher), OBJ_nid2sn(nid_md));
-        else
-            fprintf(stderr, "Find ERROR!!\n");
-    }
-
-    return 0;
-}
+    {EVP_PBE_TYPE_PRF, NID_id_tc26_hmac_gost_3411_2012_256, -1,
+     NID_id_GostR3411_2012_256, 0},
+    {EVP_PBE_TYPE_PRF, NID_id_tc26_hmac_gost_3411_2012_512, -1,
+     NID_id_GostR3411_2012_512, 0},
+    {EVP_PBE_TYPE_PRF, NID_hmacWithSHA512_224, -1, NID_sha512_224, 0},
+    {EVP_PBE_TYPE_PRF, NID_hmacWithSHA512_256, -1, NID_sha512_256, 0},
+    {EVP_PBE_TYPE_KDF, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen},
+#ifndef OPENSSL_NO_SCRYPT
+    {EVP_PBE_TYPE_KDF, NID_id_scrypt, -1, -1, PKCS5_v2_scrypt_keyivgen}
 #endif
+};
 
 int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
                        ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de)
@@ -163,7 +96,7 @@ int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
         char obj_tmp[80];
         EVPerr(EVP_F_EVP_PBE_CIPHERINIT, EVP_R_UNKNOWN_PBE_ALGORITHM);
         if (!pbe_obj)
-            BUF_strlcpy(obj_tmp, "NULL", sizeof(obj_tmp));
+            OPENSSL_strlcpy(obj_tmp, "NULL", sizeof(obj_tmp));
         else
             i2t_ASN1_OBJECT(obj_tmp, sizeof(obj_tmp), pbe_obj);
         ERR_add_error_data(2, "TYPE=", obj_tmp);
@@ -246,7 +179,10 @@ int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid,
     pbe_tmp->md_nid = md_nid;
     pbe_tmp->keygen = keygen;
 
-    sk_EVP_PBE_CTL_push(pbe_algs, pbe_tmp);
+    if (!sk_EVP_PBE_CTL_push(pbe_algs, pbe_tmp)) {
+        OPENSSL_free(pbe_tmp);
+        goto err;
+    }
     return 1;
 
  err:
@@ -258,6 +194,7 @@ int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,
                     EVP_PBE_KEYGEN *keygen)
 {
     int cipher_nid, md_nid;
+
     if (cipher)
         cipher_nid = EVP_CIPHER_nid(cipher);
     else
@@ -282,14 +219,12 @@ int EVP_PBE_find(int type, int pbe_nid,
     pbelu.pbe_type = type;
     pbelu.pbe_nid = pbe_nid;
 
-    if (pbe_algs) {
+    if (pbe_algs != NULL) {
         i = sk_EVP_PBE_CTL_find(pbe_algs, &pbelu);
-        if (i != -1)
-            pbetmp = sk_EVP_PBE_CTL_value(pbe_algs, i);
+        pbetmp = sk_EVP_PBE_CTL_value(pbe_algs, i);
     }
     if (pbetmp == NULL) {
-        pbetmp = OBJ_bsearch_pbe2(&pbelu, builtin_pbe,
-                                  sizeof(builtin_pbe) / sizeof(EVP_PBE_CTL));
+        pbetmp = OBJ_bsearch_pbe2(&pbelu, builtin_pbe, OSSL_NELEM(builtin_pbe));
     }
     if (pbetmp == NULL)
         return 0;
@@ -304,7 +239,7 @@ int EVP_PBE_find(int type, int pbe_nid,
 
 static void free_evp_pbe_ctl(EVP_PBE_CTL *pbe)
 {
-    OPENSSL_freeFunc(pbe);
+    OPENSSL_free(pbe);
 }
 
 void EVP_PBE_cleanup(void)
@@ -312,3 +247,18 @@ void EVP_PBE_cleanup(void)
     sk_EVP_PBE_CTL_pop_free(pbe_algs, free_evp_pbe_ctl);
     pbe_algs = NULL;
 }
+
+int EVP_PBE_get(int *ptype, int *ppbe_nid, size_t num)
+{
+    const EVP_PBE_CTL *tpbe;
+
+    if (num >= OSSL_NELEM(builtin_pbe))
+        return 0;
+
+    tpbe = builtin_pbe + num;
+    if (ptype)
+        *ptype = tpbe->pbe_type;
+    if (ppbe_nid)
+        *ppbe_nid = tpbe->pbe_nid;
+    return 1;
+}
diff --git a/freebsd/crypto/openssl/crypto/evp/evp_pkey.c b/freebsd/crypto/openssl/crypto/evp/evp_pkey.c
index 3ce3a804..0bf79483 100644
--- a/freebsd/crypto/openssl/crypto/evp/evp_pkey.c
+++ b/freebsd/crypto/openssl/crypto/evp/evp_pkey.c
@@ -1,83 +1,35 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* evp_pkey.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/x509.h>
 #include <openssl/rand.h>
-#include "asn1_locl.h"
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
+#include "internal/x509_int.h"
 
 /* Extract a private key from a PKCS8 structure */
 
-EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8)
+EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8)
 {
     EVP_PKEY *pkey = NULL;
-    ASN1_OBJECT *algoid;
+    const ASN1_OBJECT *algoid;
     char obj_tmp[80];
 
     if (!PKCS8_pkey_get0(&algoid, NULL, NULL, NULL, p8))
         return NULL;
 
-    if (!(pkey = EVP_PKEY_new())) {
+    if ((pkey = EVP_PKEY_new()) == NULL) {
         EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
@@ -106,68 +58,36 @@ EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8)
     return NULL;
 }
 
-PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey)
-{
-    return EVP_PKEY2PKCS8_broken(pkey, PKCS8_OK);
-}
-
 /* Turn a private key into a PKCS8 structure */
 
-PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken)
+PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey)
 {
-    PKCS8_PRIV_KEY_INFO *p8;
-
-    if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) {
-        EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, ERR_R_MALLOC_FAILURE);
+    PKCS8_PRIV_KEY_INFO *p8 = PKCS8_PRIV_KEY_INFO_new();
+    if (p8  == NULL) {
+        EVPerr(EVP_F_EVP_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
-    p8->broken = broken;
 
     if (pkey->ameth) {
         if (pkey->ameth->priv_encode) {
             if (!pkey->ameth->priv_encode(p8, pkey)) {
-                EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,
-                       EVP_R_PRIVATE_KEY_ENCODE_ERROR);
+                EVPerr(EVP_F_EVP_PKEY2PKCS8, EVP_R_PRIVATE_KEY_ENCODE_ERROR);
                 goto error;
             }
         } else {
-            EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, EVP_R_METHOD_NOT_SUPPORTED);
+            EVPerr(EVP_F_EVP_PKEY2PKCS8, EVP_R_METHOD_NOT_SUPPORTED);
             goto error;
         }
     } else {
-        EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,
-               EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
+        EVPerr(EVP_F_EVP_PKEY2PKCS8, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
         goto error;
     }
-    RAND_add(p8->pkey->value.octet_string->data,
-             p8->pkey->value.octet_string->length, 0.0);
     return p8;
  error:
     PKCS8_PRIV_KEY_INFO_free(p8);
     return NULL;
 }
 
-PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken)
-{
-    switch (broken) {
-
-    case PKCS8_OK:
-        p8->broken = PKCS8_OK;
-        return p8;
-        break;
-
-    case PKCS8_NO_OCTET:
-        p8->broken = PKCS8_NO_OCTET;
-        p8->pkey->type = V_ASN1_SEQUENCE;
-        return p8;
-        break;
-
-    default:
-        EVPerr(EVP_F_PKCS8_SET_BROKEN, EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE);
-        return NULL;
-    }
-}
-
 /* EVP_PKEY attribute functions */
 
 int EVP_PKEY_get_attr_count(const EVP_PKEY *key)
@@ -180,7 +100,7 @@ int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, int lastpos)
     return X509at_get_attr_by_NID(key->attributes, nid, lastpos);
 }
 
-int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, ASN1_OBJECT *obj,
+int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, const ASN1_OBJECT *obj,
                              int lastpos)
 {
     return X509at_get_attr_by_OBJ(key->attributes, obj, lastpos);
diff --git a/freebsd/crypto/openssl/crypto/evp/evp_test.c b/freebsd/crypto/openssl/crypto/evp/evp_test.c
deleted file mode 100644
index 02047207..00000000
--- a/freebsd/crypto/openssl/crypto/evp/evp_test.c
+++ /dev/null
@@ -1,600 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* Written by Ben Laurie, 2001 */
-/*
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include <stdio.h>
-#include <string.h>
-
-#include "../e_os.h"
-
-#include <openssl/opensslconf.h>
-#include <openssl/evp.h>
-#ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
-#endif
-#include <openssl/err.h>
-#include <openssl/conf.h>
-
-static void hexdump(FILE *f, const char *title, const unsigned char *s, int l)
-{
-    int n = 0;
-
-    fprintf(f, "%s", title);
-    for (; n < l; ++n) {
-        if ((n % 16) == 0)
-            fprintf(f, "\n%04x", n);
-        fprintf(f, " %02x", s[n]);
-    }
-    fprintf(f, "\n");
-}
-
-static int convert(unsigned char *s)
-{
-    unsigned char *d;
-    int digits = 0;
-
-    for (d = s; *s; s += 2, ++d) {
-        unsigned int n;
-
-        if (!s[1]) {
-            fprintf(stderr, "Odd number of hex digits!");
-            EXIT(4);
-        }
-        sscanf((char *)s, "%2x", &n);
-        *d = (unsigned char)n;
-        digits++;
-    }
-    return digits;
-}
-
-static char *sstrsep(char **string, const char *delim)
-{
-    char isdelim[256];
-    char *token = *string;
-
-    if (**string == 0)
-        return NULL;
-
-    memset(isdelim, 0, 256);
-    isdelim[0] = 1;
-
-    while (*delim) {
-        isdelim[(unsigned char)(*delim)] = 1;
-        delim++;
-    }
-
-    while (!isdelim[(unsigned char)(**string)]) {
-        (*string)++;
-    }
-
-    if (**string) {
-        **string = 0;
-        (*string)++;
-    }
-
-    return token;
-}
-
-static unsigned char *ustrsep(char **p, const char *sep)
-{
-    return (unsigned char *)sstrsep(p, sep);
-}
-
-static int test1_exit(int ec)
-{
-    EXIT(ec);
-    return (0);                 /* To keep some compilers quiet */
-}
-
-static void test1(const EVP_CIPHER *c, const unsigned char *key, int kn,
-                  const unsigned char *iv, int in,
-                  const unsigned char *plaintext, int pn,
-                  const unsigned char *ciphertext, int cn,
-                  const unsigned char *aad, int an,
-                  const unsigned char *tag, int tn, int encdec)
-{
-    EVP_CIPHER_CTX ctx;
-    unsigned char out[4096];
-    int outl, outl2, mode;
-
-    printf("Testing cipher %s%s\n", EVP_CIPHER_name(c),
-           (encdec ==
-            1 ? "(encrypt)" : (encdec ==
-                               0 ? "(decrypt)" : "(encrypt/decrypt)")));
-    hexdump(stdout, "Key", key, kn);
-    if (in)
-        hexdump(stdout, "IV", iv, in);
-    hexdump(stdout, "Plaintext", plaintext, pn);
-    hexdump(stdout, "Ciphertext", ciphertext, cn);
-    if (an)
-        hexdump(stdout, "AAD", aad, an);
-    if (tn)
-        hexdump(stdout, "Tag", tag, tn);
-    mode = EVP_CIPHER_mode(c);
-    if (kn != EVP_CIPHER_key_length(c)) {
-        fprintf(stderr, "Key length doesn't match, got %d expected %lu\n", kn,
-                (unsigned long)EVP_CIPHER_key_length(c));
-        test1_exit(5);
-    }
-    EVP_CIPHER_CTX_init(&ctx);
-    EVP_CIPHER_CTX_set_flags(&ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
-    if (encdec != 0) {
-        if (mode == EVP_CIPH_GCM_MODE) {
-            if (!EVP_EncryptInit_ex(&ctx, c, NULL, NULL, NULL)) {
-                fprintf(stderr, "EncryptInit failed\n");
-                ERR_print_errors_fp(stderr);
-                test1_exit(10);
-            }
-            if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, in, NULL)) {
-                fprintf(stderr, "IV length set failed\n");
-                ERR_print_errors_fp(stderr);
-                test1_exit(11);
-            }
-            if (!EVP_EncryptInit_ex(&ctx, NULL, NULL, key, iv)) {
-                fprintf(stderr, "Key/IV set failed\n");
-                ERR_print_errors_fp(stderr);
-                test1_exit(12);
-            }
-            if (an && !EVP_EncryptUpdate(&ctx, NULL, &outl, aad, an)) {
-                fprintf(stderr, "AAD set failed\n");
-                ERR_print_errors_fp(stderr);
-                test1_exit(13);
-            }
-        } else if (mode == EVP_CIPH_CCM_MODE) {
-            if (!EVP_EncryptInit_ex(&ctx, c, NULL, NULL, NULL)) {
-                fprintf(stderr, "EncryptInit failed\n");
-                ERR_print_errors_fp(stderr);
-                test1_exit(10);
-            }
-            if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN, in, NULL)) {
-                fprintf(stderr, "IV length set failed\n");
-                ERR_print_errors_fp(stderr);
-                test1_exit(11);
-            }
-            if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG, tn, NULL)) {
-                fprintf(stderr, "Tag length set failed\n");
-                ERR_print_errors_fp(stderr);
-                test1_exit(11);
-            }
-            if (!EVP_EncryptInit_ex(&ctx, NULL, NULL, key, iv)) {
-                fprintf(stderr, "Key/IV set failed\n");
-                ERR_print_errors_fp(stderr);
-                test1_exit(12);
-            }
-            if (!EVP_EncryptUpdate(&ctx, NULL, &outl, NULL, pn)) {
-                fprintf(stderr, "Plaintext length set failed\n");
-                ERR_print_errors_fp(stderr);
-                test1_exit(12);
-            }
-            if (an && !EVP_EncryptUpdate(&ctx, NULL, &outl, aad, an)) {
-                fprintf(stderr, "AAD set failed\n");
-                ERR_print_errors_fp(stderr);
-                test1_exit(13);
-            }
-        } else if (mode == EVP_CIPH_WRAP_MODE) {
-            if (!EVP_EncryptInit_ex(&ctx, c, NULL, key, in ? iv : NULL)) {
-                fprintf(stderr, "EncryptInit failed\n");
-                ERR_print_errors_fp(stderr);
-                test1_exit(10);
-            }
-        } else if (!EVP_EncryptInit_ex(&ctx, c, NULL, key, iv)) {
-            fprintf(stderr, "EncryptInit failed\n");
-            ERR_print_errors_fp(stderr);
-            test1_exit(10);
-        }
-        EVP_CIPHER_CTX_set_padding(&ctx, 0);
-
-        if (!EVP_EncryptUpdate(&ctx, out, &outl, plaintext, pn)) {
-            fprintf(stderr, "Encrypt failed\n");
-            ERR_print_errors_fp(stderr);
-            test1_exit(6);
-        }
-        if (!EVP_EncryptFinal_ex(&ctx, out + outl, &outl2)) {
-            fprintf(stderr, "EncryptFinal failed\n");
-            ERR_print_errors_fp(stderr);
-            test1_exit(7);
-        }
-
-        if (outl + outl2 != cn) {
-            fprintf(stderr, "Ciphertext length mismatch got %d expected %d\n",
-                    outl + outl2, cn);
-            test1_exit(8);
-        }
-
-        if (memcmp(out, ciphertext, cn)) {
-            fprintf(stderr, "Ciphertext mismatch\n");
-            hexdump(stderr, "Got", out, cn);
-            hexdump(stderr, "Expected", ciphertext, cn);
-            test1_exit(9);
-        }
-        if (mode == EVP_CIPH_GCM_MODE || mode == EVP_CIPH_CCM_MODE) {
-            unsigned char rtag[16];
-            /*
-             * Note: EVP_CTRL_CCM_GET_TAG has same value as
-             * EVP_CTRL_GCM_GET_TAG
-             */
-            if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, tn, rtag)) {
-                fprintf(stderr, "Get tag failed\n");
-                ERR_print_errors_fp(stderr);
-                test1_exit(14);
-            }
-            if (memcmp(rtag, tag, tn)) {
-                fprintf(stderr, "Tag mismatch\n");
-                hexdump(stderr, "Got", rtag, tn);
-                hexdump(stderr, "Expected", tag, tn);
-                test1_exit(9);
-            }
-        }
-    }
-
-    if (encdec <= 0) {
-        if (mode == EVP_CIPH_GCM_MODE) {
-            if (!EVP_DecryptInit_ex(&ctx, c, NULL, NULL, NULL)) {
-                fprintf(stderr, "EncryptInit failed\n");
-                ERR_print_errors_fp(stderr);
-                test1_exit(10);
-            }
-            if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, in, NULL)) {
-                fprintf(stderr, "IV length set failed\n");
-                ERR_print_errors_fp(stderr);
-                test1_exit(11);
-            }
-            if (!EVP_DecryptInit_ex(&ctx, NULL, NULL, key, iv)) {
-                fprintf(stderr, "Key/IV set failed\n");
-                ERR_print_errors_fp(stderr);
-                test1_exit(12);
-            }
-            if (!EVP_CIPHER_CTX_ctrl
-                (&ctx, EVP_CTRL_GCM_SET_TAG, tn, (void *)tag)) {
-                fprintf(stderr, "Set tag failed\n");
-                ERR_print_errors_fp(stderr);
-                test1_exit(14);
-            }
-            if (an && !EVP_DecryptUpdate(&ctx, NULL, &outl, aad, an)) {
-                fprintf(stderr, "AAD set failed\n");
-                ERR_print_errors_fp(stderr);
-                test1_exit(13);
-            }
-        } else if (mode == EVP_CIPH_CCM_MODE) {
-            if (!EVP_DecryptInit_ex(&ctx, c, NULL, NULL, NULL)) {
-                fprintf(stderr, "DecryptInit failed\n");
-                ERR_print_errors_fp(stderr);
-                test1_exit(10);
-            }
-            if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN, in, NULL)) {
-                fprintf(stderr, "IV length set failed\n");
-                ERR_print_errors_fp(stderr);
-                test1_exit(11);
-            }
-            if (!EVP_CIPHER_CTX_ctrl
-                (&ctx, EVP_CTRL_CCM_SET_TAG, tn, (void *)tag)) {
-                fprintf(stderr, "Tag length set failed\n");
-                ERR_print_errors_fp(stderr);
-                test1_exit(11);
-            }
-            if (!EVP_DecryptInit_ex(&ctx, NULL, NULL, key, iv)) {
-                fprintf(stderr, "Key/Nonce set failed\n");
-                ERR_print_errors_fp(stderr);
-                test1_exit(12);
-            }
-            if (!EVP_DecryptUpdate(&ctx, NULL, &outl, NULL, pn)) {
-                fprintf(stderr, "Plaintext length set failed\n");
-                ERR_print_errors_fp(stderr);
-                test1_exit(12);
-            }
-            if (an && !EVP_EncryptUpdate(&ctx, NULL, &outl, aad, an)) {
-                fprintf(stderr, "AAD set failed\n");
-                ERR_print_errors_fp(stderr);
-                test1_exit(13);
-            }
-        } else if (mode == EVP_CIPH_WRAP_MODE) {
-            if (!EVP_DecryptInit_ex(&ctx, c, NULL, key, in ? iv : NULL)) {
-                fprintf(stderr, "EncryptInit failed\n");
-                ERR_print_errors_fp(stderr);
-                test1_exit(10);
-            }
-        } else if (!EVP_DecryptInit_ex(&ctx, c, NULL, key, iv)) {
-            fprintf(stderr, "DecryptInit failed\n");
-            ERR_print_errors_fp(stderr);
-            test1_exit(11);
-        }
-        EVP_CIPHER_CTX_set_padding(&ctx, 0);
-
-        if (!EVP_DecryptUpdate(&ctx, out, &outl, ciphertext, cn)) {
-            fprintf(stderr, "Decrypt failed\n");
-            ERR_print_errors_fp(stderr);
-            test1_exit(6);
-        }
-        if (mode != EVP_CIPH_CCM_MODE
-            && !EVP_DecryptFinal_ex(&ctx, out + outl, &outl2)) {
-            fprintf(stderr, "DecryptFinal failed\n");
-            ERR_print_errors_fp(stderr);
-            test1_exit(7);
-        }
-
-        if (outl + outl2 != pn) {
-            fprintf(stderr, "Plaintext length mismatch got %d expected %d\n",
-                    outl + outl2, pn);
-            test1_exit(8);
-        }
-
-        if (memcmp(out, plaintext, pn)) {
-            fprintf(stderr, "Plaintext mismatch\n");
-            hexdump(stderr, "Got", out, pn);
-            hexdump(stderr, "Expected", plaintext, pn);
-            test1_exit(9);
-        }
-    }
-
-    EVP_CIPHER_CTX_cleanup(&ctx);
-
-    printf("\n");
-}
-
-static int test_cipher(const char *cipher, const unsigned char *key, int kn,
-                       const unsigned char *iv, int in,
-                       const unsigned char *plaintext, int pn,
-                       const unsigned char *ciphertext, int cn,
-                       const unsigned char *aad, int an,
-                       const unsigned char *tag, int tn, int encdec)
-{
-    const EVP_CIPHER *c;
-
-    c = EVP_get_cipherbyname(cipher);
-    if (!c)
-        return 0;
-
-    test1(c, key, kn, iv, in, plaintext, pn, ciphertext, cn, aad, an, tag, tn,
-          encdec);
-
-    return 1;
-}
-
-static int test_digest(const char *digest,
-                       const unsigned char *plaintext, int pn,
-                       const unsigned char *ciphertext, unsigned int cn)
-{
-    const EVP_MD *d;
-    EVP_MD_CTX ctx;
-    unsigned char md[EVP_MAX_MD_SIZE];
-    unsigned int mdn;
-
-    d = EVP_get_digestbyname(digest);
-    if (!d)
-        return 0;
-
-    printf("Testing digest %s\n", EVP_MD_name(d));
-    hexdump(stdout, "Plaintext", plaintext, pn);
-    hexdump(stdout, "Digest", ciphertext, cn);
-
-    EVP_MD_CTX_init(&ctx);
-    if (!EVP_DigestInit_ex(&ctx, d, NULL)) {
-        fprintf(stderr, "DigestInit failed\n");
-        ERR_print_errors_fp(stderr);
-        EXIT(100);
-    }
-    if (!EVP_DigestUpdate(&ctx, plaintext, pn)) {
-        fprintf(stderr, "DigestUpdate failed\n");
-        ERR_print_errors_fp(stderr);
-        EXIT(101);
-    }
-    if (!EVP_DigestFinal_ex(&ctx, md, &mdn)) {
-        fprintf(stderr, "DigestFinal failed\n");
-        ERR_print_errors_fp(stderr);
-        EXIT(101);
-    }
-    EVP_MD_CTX_cleanup(&ctx);
-
-    if (mdn != cn) {
-        fprintf(stderr, "Digest length mismatch, got %d expected %d\n", mdn,
-                cn);
-        EXIT(102);
-    }
-
-    if (memcmp(md, ciphertext, cn)) {
-        fprintf(stderr, "Digest mismatch\n");
-        hexdump(stderr, "Got", md, cn);
-        hexdump(stderr, "Expected", ciphertext, cn);
-        EXIT(103);
-    }
-
-    printf("\n");
-
-    EVP_MD_CTX_cleanup(&ctx);
-
-    return 1;
-}
-
-int main(int argc, char **argv)
-{
-    const char *szTestFile;
-    FILE *f;
-
-    if (argc != 2) {
-        fprintf(stderr, "%s <test file>\n", argv[0]);
-        EXIT(1);
-    }
-    CRYPTO_malloc_debug_init();
-    CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
-    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
-    szTestFile = argv[1];
-
-    f = fopen(szTestFile, "r");
-    if (!f) {
-        perror(szTestFile);
-        EXIT(2);
-    }
-    ERR_load_crypto_strings();
-    /* Load up the software EVP_CIPHER and EVP_MD definitions */
-    OpenSSL_add_all_ciphers();
-    OpenSSL_add_all_digests();
-#ifndef OPENSSL_NO_ENGINE
-    /* Load all compiled-in ENGINEs */
-    ENGINE_load_builtin_engines();
-#endif
-#if 0
-    OPENSSL_config();
-#endif
-#ifndef OPENSSL_NO_ENGINE
-    /*
-     * Register all available ENGINE implementations of ciphers and digests.
-     * This could perhaps be changed to "ENGINE_register_all_complete()"?
-     */
-    ENGINE_register_all_ciphers();
-    ENGINE_register_all_digests();
-    /*
-     * If we add command-line options, this statement should be switchable.
-     * It'll prevent ENGINEs being ENGINE_init()ialised for cipher/digest use
-     * if they weren't already initialised.
-     */
-    /* ENGINE_set_cipher_flags(ENGINE_CIPHER_FLAG_NOINIT); */
-#endif
-
-    for (;;) {
-        char line[4096];
-        char *p;
-        char *cipher;
-        unsigned char *iv, *key, *plaintext, *ciphertext, *aad, *tag;
-        int encdec;
-        int kn, in, pn, cn;
-        int an = 0;
-        int tn = 0;
-
-        if (!fgets((char *)line, sizeof(line), f))
-            break;
-        if (line[0] == '#' || line[0] == '\n')
-            continue;
-        p = line;
-        cipher = sstrsep(&p, ":");
-        key = ustrsep(&p, ":");
-        iv = ustrsep(&p, ":");
-        plaintext = ustrsep(&p, ":");
-        ciphertext = ustrsep(&p, ":");
-        if (p[-1] == '\n') {
-            encdec = -1;
-            p[-1] = '\0';
-            tag = aad = NULL;
-            an = tn = 0;
-        } else {
-            aad = ustrsep(&p, ":");
-            tag = ustrsep(&p, ":");
-            if (tag == NULL) {
-                p = (char *)aad;
-                tag = aad = NULL;
-                an = tn = 0;
-            }
-            if (p[-1] == '\n') {
-                encdec = -1;
-                p[-1] = '\0';
-            } else
-                encdec = atoi(sstrsep(&p, "\n"));
-        }
-
-        kn = convert(key);
-        in = convert(iv);
-        pn = convert(plaintext);
-        cn = convert(ciphertext);
-        if (aad) {
-            an = convert(aad);
-            tn = convert(tag);
-        }
-
-        if (!test_cipher
-            (cipher, key, kn, iv, in, plaintext, pn, ciphertext, cn, aad, an,
-             tag, tn, encdec)
-            && !test_digest(cipher, plaintext, pn, ciphertext, cn)) {
-#ifdef OPENSSL_NO_AES
-            if (strstr(cipher, "AES") == cipher) {
-                fprintf(stdout, "Cipher disabled, skipping %s\n", cipher);
-                continue;
-            }
-#endif
-#ifdef OPENSSL_NO_DES
-            if (strstr(cipher, "DES") == cipher) {
-                fprintf(stdout, "Cipher disabled, skipping %s\n", cipher);
-                continue;
-            }
-#endif
-#ifdef OPENSSL_NO_RC4
-            if (strstr(cipher, "RC4") == cipher) {
-                fprintf(stdout, "Cipher disabled, skipping %s\n", cipher);
-                continue;
-            }
-#endif
-#ifdef OPENSSL_NO_CAMELLIA
-            if (strstr(cipher, "CAMELLIA") == cipher) {
-                fprintf(stdout, "Cipher disabled, skipping %s\n", cipher);
-                continue;
-            }
-#endif
-#ifdef OPENSSL_NO_SEED
-            if (strstr(cipher, "SEED") == cipher) {
-                fprintf(stdout, "Cipher disabled, skipping %s\n", cipher);
-                continue;
-            }
-#endif
-            fprintf(stderr, "Can't find %s\n", cipher);
-            EXIT(3);
-        }
-    }
-    fclose(f);
-
-#ifndef OPENSSL_NO_ENGINE
-    ENGINE_cleanup();
-#endif
-    EVP_cleanup();
-    CRYPTO_cleanup_all_ex_data();
-    ERR_remove_thread_state(NULL);
-    ERR_free_strings();
-    CRYPTO_mem_leaks_fp(stderr);
-
-    return 0;
-}
diff --git a/freebsd/crypto/openssl/crypto/evp/m_dss.c b/freebsd/crypto/openssl/crypto/evp/m_dss.c
deleted file mode 100644
index 91cce925..00000000
--- a/freebsd/crypto/openssl/crypto/evp/m_dss.c
+++ /dev/null
@@ -1,106 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/evp/m_dss.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/sha.h>
-#ifndef OPENSSL_NO_DSA
-# include <openssl/dsa.h>
-#endif
-
-#ifndef OPENSSL_NO_SHA
-
-static int init(EVP_MD_CTX *ctx)
-{
-    return SHA1_Init(ctx->md_data);
-}
-
-static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
-{
-    return SHA1_Update(ctx->md_data, data, count);
-}
-
-static int final(EVP_MD_CTX *ctx, unsigned char *md)
-{
-    return SHA1_Final(md, ctx->md_data);
-}
-
-static const EVP_MD dsa_md = {
-    NID_dsaWithSHA,
-    NID_dsaWithSHA,
-    SHA_DIGEST_LENGTH,
-    EVP_MD_FLAG_PKEY_DIGEST,
-    init,
-    update,
-    final,
-    NULL,
-    NULL,
-    EVP_PKEY_DSA_method,
-    SHA_CBLOCK,
-    sizeof(EVP_MD *) + sizeof(SHA_CTX),
-};
-
-const EVP_MD *EVP_dss(void)
-{
-    return (&dsa_md);
-}
-#endif
diff --git a/freebsd/crypto/openssl/crypto/evp/m_dss1.c b/freebsd/crypto/openssl/crypto/evp/m_dss1.c
deleted file mode 100644
index 268dda74..00000000
--- a/freebsd/crypto/openssl/crypto/evp/m_dss1.c
+++ /dev/null
@@ -1,107 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/evp/m_dss1.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-
-#ifndef OPENSSL_NO_SHA
-
-# include <openssl/evp.h>
-# include <openssl/objects.h>
-# include <openssl/sha.h>
-# ifndef OPENSSL_NO_DSA
-#  include <openssl/dsa.h>
-# endif
-
-static int init(EVP_MD_CTX *ctx)
-{
-    return SHA1_Init(ctx->md_data);
-}
-
-static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
-{
-    return SHA1_Update(ctx->md_data, data, count);
-}
-
-static int final(EVP_MD_CTX *ctx, unsigned char *md)
-{
-    return SHA1_Final(md, ctx->md_data);
-}
-
-static const EVP_MD dss1_md = {
-    NID_dsa,
-    NID_dsaWithSHA1,
-    SHA_DIGEST_LENGTH,
-    EVP_MD_FLAG_PKEY_DIGEST,
-    init,
-    update,
-    final,
-    NULL,
-    NULL,
-    EVP_PKEY_DSA_method,
-    SHA_CBLOCK,
-    sizeof(EVP_MD *) + sizeof(SHA_CTX),
-};
-
-const EVP_MD *EVP_dss1(void)
-{
-    return (&dss1_md);
-}
-#endif
diff --git a/freebsd/crypto/openssl/crypto/evp/m_ecdsa.c b/freebsd/crypto/openssl/crypto/evp/m_ecdsa.c
deleted file mode 100644
index 22e67e7e..00000000
--- a/freebsd/crypto/openssl/crypto/evp/m_ecdsa.c
+++ /dev/null
@@ -1,156 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/evp/m_ecdsa.c */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-#ifndef OPENSSL_NO_SHA
-
-static int init(EVP_MD_CTX *ctx)
-{
-    return SHA1_Init(ctx->md_data);
-}
-
-static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
-{
-    return SHA1_Update(ctx->md_data, data, count);
-}
-
-static int final(EVP_MD_CTX *ctx, unsigned char *md)
-{
-    return SHA1_Final(md, ctx->md_data);
-}
-
-static const EVP_MD ecdsa_md = {
-    NID_ecdsa_with_SHA1,
-    NID_ecdsa_with_SHA1,
-    SHA_DIGEST_LENGTH,
-    EVP_MD_FLAG_PKEY_DIGEST,
-    init,
-    update,
-    final,
-    NULL,
-    NULL,
-    EVP_PKEY_ECDSA_method,
-    SHA_CBLOCK,
-    sizeof(EVP_MD *) + sizeof(SHA_CTX),
-};
-
-const EVP_MD *EVP_ecdsa(void)
-{
-    return (&ecdsa_md);
-}
-#endif
diff --git a/freebsd/crypto/openssl/crypto/evp/m_md2.c b/freebsd/crypto/openssl/crypto/evp/m_md2.c
index 6accd63f..a6cecb6a 100644
--- a/freebsd/crypto/openssl/crypto/evp/m_md2.c
+++ b/freebsd/crypto/openssl/crypto/evp/m_md2.c
@@ -1,65 +1,16 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/evp/m_md2.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 
 #ifndef OPENSSL_NO_MD2
 
@@ -67,23 +18,23 @@
 # include <openssl/objects.h>
 # include <openssl/x509.h>
 # include <openssl/md2.h>
-# ifndef OPENSSL_NO_RSA
-#  include <openssl/rsa.h>
-# endif
+# include <openssl/rsa.h>
+
+#include "internal/evp_int.h"
 
 static int init(EVP_MD_CTX *ctx)
 {
-    return MD2_Init(ctx->md_data);
+    return MD2_Init(EVP_MD_CTX_md_data(ctx));
 }
 
 static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
 {
-    return MD2_Update(ctx->md_data, data, count);
+    return MD2_Update(EVP_MD_CTX_md_data(ctx), data, count);
 }
 
 static int final(EVP_MD_CTX *ctx, unsigned char *md)
 {
-    return MD2_Final(md, ctx->md_data);
+    return MD2_Final(md, EVP_MD_CTX_md_data(ctx));
 }
 
 static const EVP_MD md2_md = {
@@ -96,13 +47,12 @@ static const EVP_MD md2_md = {
     final,
     NULL,
     NULL,
-    EVP_PKEY_RSA_method,
     MD2_BLOCK,
     sizeof(EVP_MD *) + sizeof(MD2_CTX),
 };
 
 const EVP_MD *EVP_md2(void)
 {
-    return (&md2_md);
+    return &md2_md;
 }
 #endif
diff --git a/freebsd/crypto/openssl/crypto/evp/m_md4.c b/freebsd/crypto/openssl/crypto/evp/m_md4.c
index 441458ad..e20ee907 100644
--- a/freebsd/crypto/openssl/crypto/evp/m_md4.c
+++ b/freebsd/crypto/openssl/crypto/evp/m_md4.c
@@ -1,65 +1,16 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/evp/m_md4.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 
 #ifndef OPENSSL_NO_MD4
 
@@ -67,25 +18,22 @@
 # include <openssl/objects.h>
 # include <openssl/x509.h>
 # include <openssl/md4.h>
-# ifndef OPENSSL_NO_RSA
-#  include <openssl/rsa.h>
-# endif
-
-# include "evp_locl.h"
+# include <openssl/rsa.h>
+# include "internal/evp_int.h"
 
 static int init(EVP_MD_CTX *ctx)
 {
-    return MD4_Init(ctx->md_data);
+    return MD4_Init(EVP_MD_CTX_md_data(ctx));
 }
 
 static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
 {
-    return MD4_Update(ctx->md_data, data, count);
+    return MD4_Update(EVP_MD_CTX_md_data(ctx), data, count);
 }
 
 static int final(EVP_MD_CTX *ctx, unsigned char *md)
 {
-    return MD4_Final(md, ctx->md_data);
+    return MD4_Final(md, EVP_MD_CTX_md_data(ctx));
 }
 
 static const EVP_MD md4_md = {
@@ -98,13 +46,12 @@ static const EVP_MD md4_md = {
     final,
     NULL,
     NULL,
-    EVP_PKEY_RSA_method,
     MD4_CBLOCK,
     sizeof(EVP_MD *) + sizeof(MD4_CTX),
 };
 
 const EVP_MD *EVP_md4(void)
 {
-    return (&md4_md);
+    return &md4_md;
 }
 #endif
diff --git a/freebsd/crypto/openssl/crypto/evp/m_md5.c b/freebsd/crypto/openssl/crypto/evp/m_md5.c
index c2e1506e..472883b9 100644
--- a/freebsd/crypto/openssl/crypto/evp/m_md5.c
+++ b/freebsd/crypto/openssl/crypto/evp/m_md5.c
@@ -1,65 +1,16 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/evp/m_md5.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 
 #ifndef OPENSSL_NO_MD5
 
@@ -67,24 +18,22 @@
 # include <openssl/objects.h>
 # include <openssl/x509.h>
 # include <openssl/md5.h>
-# ifndef OPENSSL_NO_RSA
-#  include <openssl/rsa.h>
-# endif
-# include "evp_locl.h"
+# include <openssl/rsa.h>
+# include "internal/evp_int.h"
 
 static int init(EVP_MD_CTX *ctx)
 {
-    return MD5_Init(ctx->md_data);
+    return MD5_Init(EVP_MD_CTX_md_data(ctx));
 }
 
 static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
 {
-    return MD5_Update(ctx->md_data, data, count);
+    return MD5_Update(EVP_MD_CTX_md_data(ctx), data, count);
 }
 
 static int final(EVP_MD_CTX *ctx, unsigned char *md)
 {
-    return MD5_Final(md, ctx->md_data);
+    return MD5_Final(md, EVP_MD_CTX_md_data(ctx));
 }
 
 static const EVP_MD md5_md = {
@@ -97,13 +46,12 @@ static const EVP_MD md5_md = {
     final,
     NULL,
     NULL,
-    EVP_PKEY_RSA_method,
     MD5_CBLOCK,
     sizeof(EVP_MD *) + sizeof(MD5_CTX),
 };
 
 const EVP_MD *EVP_md5(void)
 {
-    return (&md5_md);
+    return &md5_md;
 }
 #endif
diff --git a/freebsd/crypto/openssl/crypto/evp/m_md5_sha1.c b/freebsd/crypto/openssl/crypto/evp/m_md5_sha1.c
new file mode 100644
index 00000000..2af7df0d
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/evp/m_md5_sha1.c
@@ -0,0 +1,144 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#if !defined(OPENSSL_NO_MD5)
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include <openssl/x509.h>
+# include <openssl/md5.h>
+# include <openssl/sha.h>
+# include "internal/cryptlib.h"
+# include "internal/evp_int.h"
+# include <openssl/rsa.h>
+
+struct md5_sha1_ctx {
+    MD5_CTX md5;
+    SHA_CTX sha1;
+};
+
+static int init(EVP_MD_CTX *ctx)
+{
+    struct md5_sha1_ctx *mctx = EVP_MD_CTX_md_data(ctx);
+    if (!MD5_Init(&mctx->md5))
+        return 0;
+    return SHA1_Init(&mctx->sha1);
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    struct md5_sha1_ctx *mctx = EVP_MD_CTX_md_data(ctx);
+    if (!MD5_Update(&mctx->md5, data, count))
+        return 0;
+    return SHA1_Update(&mctx->sha1, data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    struct md5_sha1_ctx *mctx = EVP_MD_CTX_md_data(ctx);
+    if (!MD5_Final(md, &mctx->md5))
+        return 0;
+    return SHA1_Final(md + MD5_DIGEST_LENGTH, &mctx->sha1);
+}
+
+static int ctrl(EVP_MD_CTX *ctx, int cmd, int mslen, void *ms)
+{
+    unsigned char padtmp[48];
+    unsigned char md5tmp[MD5_DIGEST_LENGTH];
+    unsigned char sha1tmp[SHA_DIGEST_LENGTH];
+    struct md5_sha1_ctx *mctx;
+
+    if (cmd != EVP_CTRL_SSL3_MASTER_SECRET)
+        return -2;
+
+    if (ctx == NULL)
+        return 0;
+
+    mctx = EVP_MD_CTX_md_data(ctx);
+
+    /* SSLv3 client auth handling: see RFC-6101 5.6.8 */
+    if (mslen != 48)
+        return 0;
+
+    /* At this point hash contains all handshake messages, update
+     * with master secret and pad_1.
+     */
+
+    if (update(ctx, ms, mslen) <= 0)
+        return 0;
+
+    /* Set padtmp to pad_1 value */
+    memset(padtmp, 0x36, sizeof(padtmp));
+
+    if (!MD5_Update(&mctx->md5, padtmp, sizeof(padtmp)))
+        return 0;
+
+    if (!MD5_Final(md5tmp, &mctx->md5))
+        return 0;
+
+    if (!SHA1_Update(&mctx->sha1, padtmp, 40))
+        return 0;
+
+    if (!SHA1_Final(sha1tmp, &mctx->sha1))
+        return 0;
+
+    /* Reinitialise context */
+
+    if (!init(ctx))
+        return 0;
+
+    if (update(ctx, ms, mslen) <= 0)
+        return 0;
+
+    /* Set padtmp to pad_2 value */
+    memset(padtmp, 0x5c, sizeof(padtmp));
+
+    if (!MD5_Update(&mctx->md5, padtmp, sizeof(padtmp)))
+        return 0;
+
+    if (!MD5_Update(&mctx->md5, md5tmp, sizeof(md5tmp)))
+        return 0;
+
+    if (!SHA1_Update(&mctx->sha1, padtmp, 40))
+        return 0;
+
+    if (!SHA1_Update(&mctx->sha1, sha1tmp, sizeof(sha1tmp)))
+        return 0;
+
+    /* Now when ctx is finalised it will return the SSL v3 hash value */
+
+    OPENSSL_cleanse(md5tmp, sizeof(md5tmp));
+    OPENSSL_cleanse(sha1tmp, sizeof(sha1tmp));
+
+    return 1;
+
+}
+
+static const EVP_MD md5_sha1_md = {
+    NID_md5_sha1,
+    NID_md5_sha1,
+    MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
+    0,
+    init,
+    update,
+    final,
+    NULL,
+    NULL,
+    MD5_CBLOCK,
+    sizeof(EVP_MD *) + sizeof(struct md5_sha1_ctx),
+    ctrl
+};
+
+const EVP_MD *EVP_md5_sha1(void)
+{
+    return &md5_sha1_md;
+}
+#endif
diff --git a/freebsd/crypto/openssl/crypto/evp/m_mdc2.c b/freebsd/crypto/openssl/crypto/evp/m_mdc2.c
index e31bab88..59bb8459 100644
--- a/freebsd/crypto/openssl/crypto/evp/m_mdc2.c
+++ b/freebsd/crypto/openssl/crypto/evp/m_mdc2.c
@@ -1,65 +1,16 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/evp/m_mdc2.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 
 #ifndef OPENSSL_NO_MDC2
 
@@ -67,25 +18,22 @@
 # include <openssl/objects.h>
 # include <openssl/x509.h>
 # include <openssl/mdc2.h>
-# ifndef OPENSSL_NO_RSA
-#  include <openssl/rsa.h>
-# endif
-
-# include "evp_locl.h"
+# include <openssl/rsa.h>
+# include "internal/evp_int.h"
 
 static int init(EVP_MD_CTX *ctx)
 {
-    return MDC2_Init(ctx->md_data);
+    return MDC2_Init(EVP_MD_CTX_md_data(ctx));
 }
 
 static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
 {
-    return MDC2_Update(ctx->md_data, data, count);
+    return MDC2_Update(EVP_MD_CTX_md_data(ctx), data, count);
 }
 
 static int final(EVP_MD_CTX *ctx, unsigned char *md)
 {
-    return MDC2_Final(md, ctx->md_data);
+    return MDC2_Final(md, EVP_MD_CTX_md_data(ctx));
 }
 
 static const EVP_MD mdc2_md = {
@@ -98,13 +46,12 @@ static const EVP_MD mdc2_md = {
     final,
     NULL,
     NULL,
-    EVP_PKEY_RSA_ASN1_OCTET_STRING_method,
     MDC2_BLOCK,
     sizeof(EVP_MD *) + sizeof(MDC2_CTX),
 };
 
 const EVP_MD *EVP_mdc2(void)
 {
-    return (&mdc2_md);
+    return &mdc2_md;
 }
 #endif
diff --git a/freebsd/crypto/openssl/crypto/evp/m_null.c b/freebsd/crypto/openssl/crypto/evp/m_null.c
index a8ffda60..57d5fbef 100644
--- a/freebsd/crypto/openssl/crypto/evp/m_null.c
+++ b/freebsd/crypto/openssl/crypto/evp/m_null.c
@@ -1,68 +1,20 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/evp/m_null.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
+#include "internal/evp_int.h"
 
 static int init(EVP_MD_CTX *ctx)
 {
@@ -89,12 +41,11 @@ static const EVP_MD null_md = {
     final,
     NULL,
     NULL,
-    EVP_PKEY_NULL_method,
     0,
     sizeof(EVP_MD *),
 };
 
 const EVP_MD *EVP_md_null(void)
 {
-    return (&null_md);
+    return &null_md;
 }
diff --git a/freebsd/crypto/openssl/crypto/evp/m_ripemd.c b/freebsd/crypto/openssl/crypto/evp/m_ripemd.c
index 77d0fb69..de4bc100 100644
--- a/freebsd/crypto/openssl/crypto/evp/m_ripemd.c
+++ b/freebsd/crypto/openssl/crypto/evp/m_ripemd.c
@@ -1,90 +1,39 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/evp/m_ripemd.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 
-#ifndef OPENSSL_NO_RIPEMD
+#ifndef OPENSSL_NO_RMD160
 
 # include <openssl/ripemd.h>
 # include <openssl/evp.h>
 # include <openssl/objects.h>
 # include <openssl/x509.h>
-# ifndef OPENSSL_NO_RSA
-#  include <openssl/rsa.h>
-# endif
-# include "evp_locl.h"
+# include <openssl/rsa.h>
+# include "internal/evp_int.h"
 
 static int init(EVP_MD_CTX *ctx)
 {
-    return RIPEMD160_Init(ctx->md_data);
+    return RIPEMD160_Init(EVP_MD_CTX_md_data(ctx));
 }
 
 static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
 {
-    return RIPEMD160_Update(ctx->md_data, data, count);
+    return RIPEMD160_Update(EVP_MD_CTX_md_data(ctx), data, count);
 }
 
 static int final(EVP_MD_CTX *ctx, unsigned char *md)
 {
-    return RIPEMD160_Final(md, ctx->md_data);
+    return RIPEMD160_Final(md, EVP_MD_CTX_md_data(ctx));
 }
 
 static const EVP_MD ripemd160_md = {
@@ -97,13 +46,12 @@ static const EVP_MD ripemd160_md = {
     final,
     NULL,
     NULL,
-    EVP_PKEY_RSA_method,
     RIPEMD160_CBLOCK,
     sizeof(EVP_MD *) + sizeof(RIPEMD160_CTX),
 };
 
 const EVP_MD *EVP_ripemd160(void)
 {
-    return (&ripemd160_md);
+    return &ripemd160_md;
 }
 #endif
diff --git a/freebsd/crypto/openssl/crypto/evp/m_sha.c b/freebsd/crypto/openssl/crypto/evp/m_sha.c
deleted file mode 100644
index b4568bb6..00000000
--- a/freebsd/crypto/openssl/crypto/evp/m_sha.c
+++ /dev/null
@@ -1,108 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/evp/m_sha.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-
-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0)
-
-# include <openssl/evp.h>
-# include <openssl/objects.h>
-# include <openssl/x509.h>
-# ifndef OPENSSL_NO_RSA
-#  include <openssl/rsa.h>
-# endif
-# include "evp_locl.h"
-
-static int init(EVP_MD_CTX *ctx)
-{
-    return SHA_Init(ctx->md_data);
-}
-
-static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
-{
-    return SHA_Update(ctx->md_data, data, count);
-}
-
-static int final(EVP_MD_CTX *ctx, unsigned char *md)
-{
-    return SHA_Final(md, ctx->md_data);
-}
-
-static const EVP_MD sha_md = {
-    NID_sha,
-    NID_shaWithRSAEncryption,
-    SHA_DIGEST_LENGTH,
-    0,
-    init,
-    update,
-    final,
-    NULL,
-    NULL,
-    EVP_PKEY_RSA_method,
-    SHA_CBLOCK,
-    sizeof(EVP_MD *) + sizeof(SHA_CTX),
-};
-
-const EVP_MD *EVP_sha(void)
-{
-    return (&sha_md);
-}
-#endif
diff --git a/freebsd/crypto/openssl/crypto/evp/m_sha1.c b/freebsd/crypto/openssl/crypto/evp/m_sha1.c
index 402dfd44..6184a8c9 100644
--- a/freebsd/crypto/openssl/crypto/evp/m_sha1.c
+++ b/freebsd/crypto/openssl/crypto/evp/m_sha1.c
@@ -1,237 +1,299 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/evp/m_sha1.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
-
-#ifndef OPENSSL_NO_SHA
+#include "internal/cryptlib.h"
 
-# include <openssl/evp.h>
-# include <openssl/objects.h>
-# include <openssl/sha.h>
-# ifndef OPENSSL_NO_RSA
-#  include <openssl/rsa.h>
-# endif
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/sha.h>
+#include <openssl/rsa.h>
+#include "internal/evp_int.h"
+#include "internal/sha.h"
 
 static int init(EVP_MD_CTX *ctx)
 {
-    return SHA1_Init(ctx->md_data);
+    return SHA1_Init(EVP_MD_CTX_md_data(ctx));
 }
 
 static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
 {
-    return SHA1_Update(ctx->md_data, data, count);
+    return SHA1_Update(EVP_MD_CTX_md_data(ctx), data, count);
 }
 
 static int final(EVP_MD_CTX *ctx, unsigned char *md)
 {
-    return SHA1_Final(md, ctx->md_data);
+    return SHA1_Final(md, EVP_MD_CTX_md_data(ctx));
+}
+
+static int ctrl(EVP_MD_CTX *ctx, int cmd, int mslen, void *ms)
+{
+    unsigned char padtmp[40];
+    unsigned char sha1tmp[SHA_DIGEST_LENGTH];
+
+    SHA_CTX *sha1;
+
+    if (cmd != EVP_CTRL_SSL3_MASTER_SECRET)
+        return -2;
+
+    if (ctx == NULL)
+        return 0;
+
+    sha1 = EVP_MD_CTX_md_data(ctx);
+
+    /* SSLv3 client auth handling: see RFC-6101 5.6.8 */
+    if (mslen != 48)
+        return 0;
+
+    /* At this point hash contains all handshake messages, update
+     * with master secret and pad_1.
+     */
+
+    if (SHA1_Update(sha1, ms, mslen) <= 0)
+        return 0;
+
+    /* Set padtmp to pad_1 value */
+    memset(padtmp, 0x36, sizeof(padtmp));
+
+    if (!SHA1_Update(sha1, padtmp, sizeof(padtmp)))
+        return 0;
+
+    if (!SHA1_Final(sha1tmp, sha1))
+        return 0;
+
+    /* Reinitialise context */
+
+    if (!SHA1_Init(sha1))
+        return 0;
+
+    if (SHA1_Update(sha1, ms, mslen) <= 0)
+        return 0;
+
+    /* Set padtmp to pad_2 value */
+    memset(padtmp, 0x5c, sizeof(padtmp));
+
+    if (!SHA1_Update(sha1, padtmp, sizeof(padtmp)))
+        return 0;
+
+    if (!SHA1_Update(sha1, sha1tmp, sizeof(sha1tmp)))
+        return 0;
+
+    /* Now when ctx is finalised it will return the SSL v3 hash value */
+    OPENSSL_cleanse(sha1tmp, sizeof(sha1tmp));
+
+    return 1;
+
 }
 
 static const EVP_MD sha1_md = {
     NID_sha1,
     NID_sha1WithRSAEncryption,
     SHA_DIGEST_LENGTH,
-    EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT,
+    EVP_MD_FLAG_DIGALGID_ABSENT,
     init,
     update,
     final,
     NULL,
     NULL,
-    EVP_PKEY_RSA_method,
     SHA_CBLOCK,
     sizeof(EVP_MD *) + sizeof(SHA_CTX),
+    ctrl
 };
 
 const EVP_MD *EVP_sha1(void)
 {
-    return (&sha1_md);
+    return &sha1_md;
 }
-#endif
 
-#ifndef OPENSSL_NO_SHA256
 static int init224(EVP_MD_CTX *ctx)
 {
-    return SHA224_Init(ctx->md_data);
+    return SHA224_Init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int update224(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return SHA224_Update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int final224(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return SHA224_Final(md, EVP_MD_CTX_md_data(ctx));
 }
 
 static int init256(EVP_MD_CTX *ctx)
 {
-    return SHA256_Init(ctx->md_data);
+    return SHA256_Init(EVP_MD_CTX_md_data(ctx));
 }
 
-/*
- * Even though there're separate SHA224_[Update|Final], we call
- * SHA256 functions even in SHA224 context. This is what happens
- * there anyway, so we can spare few CPU cycles:-)
- */
 static int update256(EVP_MD_CTX *ctx, const void *data, size_t count)
 {
-    return SHA256_Update(ctx->md_data, data, count);
+    return SHA256_Update(EVP_MD_CTX_md_data(ctx), data, count);
 }
 
 static int final256(EVP_MD_CTX *ctx, unsigned char *md)
 {
-    return SHA256_Final(md, ctx->md_data);
+    return SHA256_Final(md, EVP_MD_CTX_md_data(ctx));
 }
 
 static const EVP_MD sha224_md = {
     NID_sha224,
     NID_sha224WithRSAEncryption,
     SHA224_DIGEST_LENGTH,
-    EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT,
+    EVP_MD_FLAG_DIGALGID_ABSENT,
     init224,
-    update256,
-    final256,
+    update224,
+    final224,
     NULL,
     NULL,
-    EVP_PKEY_RSA_method,
     SHA256_CBLOCK,
     sizeof(EVP_MD *) + sizeof(SHA256_CTX),
 };
 
 const EVP_MD *EVP_sha224(void)
 {
-    return (&sha224_md);
+    return &sha224_md;
 }
 
 static const EVP_MD sha256_md = {
     NID_sha256,
     NID_sha256WithRSAEncryption,
     SHA256_DIGEST_LENGTH,
-    EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT,
+    EVP_MD_FLAG_DIGALGID_ABSENT,
     init256,
     update256,
     final256,
     NULL,
     NULL,
-    EVP_PKEY_RSA_method,
     SHA256_CBLOCK,
     sizeof(EVP_MD *) + sizeof(SHA256_CTX),
 };
 
 const EVP_MD *EVP_sha256(void)
 {
-    return (&sha256_md);
+    return &sha256_md;
+}
+
+static int init512_224(EVP_MD_CTX *ctx)
+{
+    return sha512_224_init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int init512_256(EVP_MD_CTX *ctx)
+{
+    return sha512_256_init(EVP_MD_CTX_md_data(ctx));
 }
-#endif                          /* ifndef OPENSSL_NO_SHA256 */
 
-#ifndef OPENSSL_NO_SHA512
 static int init384(EVP_MD_CTX *ctx)
 {
-    return SHA384_Init(ctx->md_data);
+    return SHA384_Init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int update384(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return SHA384_Update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int final384(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return SHA384_Final(md, EVP_MD_CTX_md_data(ctx));
 }
 
 static int init512(EVP_MD_CTX *ctx)
 {
-    return SHA512_Init(ctx->md_data);
+    return SHA512_Init(EVP_MD_CTX_md_data(ctx));
 }
 
 /* See comment in SHA224/256 section */
 static int update512(EVP_MD_CTX *ctx, const void *data, size_t count)
 {
-    return SHA512_Update(ctx->md_data, data, count);
+    return SHA512_Update(EVP_MD_CTX_md_data(ctx), data, count);
 }
 
 static int final512(EVP_MD_CTX *ctx, unsigned char *md)
 {
-    return SHA512_Final(md, ctx->md_data);
+    return SHA512_Final(md, EVP_MD_CTX_md_data(ctx));
+}
+
+static const EVP_MD sha512_224_md = {
+    NID_sha512_224,
+    NID_sha512_224WithRSAEncryption,
+    SHA224_DIGEST_LENGTH,
+    EVP_MD_FLAG_DIGALGID_ABSENT,
+    init512_224,
+    update512,
+    final512,
+    NULL,
+    NULL,
+    SHA512_CBLOCK,
+    sizeof(EVP_MD *) + sizeof(SHA512_CTX),
+};
+
+const EVP_MD *EVP_sha512_224(void)
+{
+    return &sha512_224_md;
+}
+
+static const EVP_MD sha512_256_md = {
+    NID_sha512_256,
+    NID_sha512_256WithRSAEncryption,
+    SHA256_DIGEST_LENGTH,
+    EVP_MD_FLAG_DIGALGID_ABSENT,
+    init512_256,
+    update512,
+    final512,
+    NULL,
+    NULL,
+    SHA512_CBLOCK,
+    sizeof(EVP_MD *) + sizeof(SHA512_CTX),
+};
+
+const EVP_MD *EVP_sha512_256(void)
+{
+    return &sha512_256_md;
 }
 
 static const EVP_MD sha384_md = {
     NID_sha384,
     NID_sha384WithRSAEncryption,
     SHA384_DIGEST_LENGTH,
-    EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT,
+    EVP_MD_FLAG_DIGALGID_ABSENT,
     init384,
-    update512,
-    final512,
+    update384,
+    final384,
     NULL,
     NULL,
-    EVP_PKEY_RSA_method,
     SHA512_CBLOCK,
     sizeof(EVP_MD *) + sizeof(SHA512_CTX),
 };
 
 const EVP_MD *EVP_sha384(void)
 {
-    return (&sha384_md);
+    return &sha384_md;
 }
 
 static const EVP_MD sha512_md = {
     NID_sha512,
     NID_sha512WithRSAEncryption,
     SHA512_DIGEST_LENGTH,
-    EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT,
+    EVP_MD_FLAG_DIGALGID_ABSENT,
     init512,
     update512,
     final512,
     NULL,
     NULL,
-    EVP_PKEY_RSA_method,
     SHA512_CBLOCK,
     sizeof(EVP_MD *) + sizeof(SHA512_CTX),
 };
 
 const EVP_MD *EVP_sha512(void)
 {
-    return (&sha512_md);
+    return &sha512_md;
 }
-#endif                          /* ifndef OPENSSL_NO_SHA512 */
diff --git a/freebsd/crypto/openssl/crypto/evp/m_sha3.c b/freebsd/crypto/openssl/crypto/evp/m_sha3.c
new file mode 100644
index 00000000..bbe306f9
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/evp/m_sha3.c
@@ -0,0 +1,408 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include "internal/evp_int.h"
+#include "evp_locl.h"
+
+size_t SHA3_absorb(uint64_t A[5][5], const unsigned char *inp, size_t len,
+                   size_t r);
+void SHA3_squeeze(uint64_t A[5][5], unsigned char *out, size_t len, size_t r);
+
+#define KECCAK1600_WIDTH 1600
+
+typedef struct {
+    uint64_t A[5][5];
+    size_t block_size;          /* cached ctx->digest->block_size */
+    size_t md_size;             /* output length, variable in XOF */
+    size_t num;                 /* used bytes in below buffer */
+    unsigned char buf[KECCAK1600_WIDTH / 8 - 32];
+    unsigned char pad;
+} KECCAK1600_CTX;
+
+static int init(EVP_MD_CTX *evp_ctx, unsigned char pad)
+{
+    KECCAK1600_CTX *ctx = evp_ctx->md_data;
+    size_t bsz = evp_ctx->digest->block_size;
+
+    if (bsz <= sizeof(ctx->buf)) {
+        memset(ctx->A, 0, sizeof(ctx->A));
+
+        ctx->num = 0;
+        ctx->block_size = bsz;
+        ctx->md_size = evp_ctx->digest->md_size;
+        ctx->pad = pad;
+
+        return 1;
+    }
+
+    return 0;
+}
+
+static int sha3_init(EVP_MD_CTX *evp_ctx)
+{
+    return init(evp_ctx, '\x06');
+}
+
+static int shake_init(EVP_MD_CTX *evp_ctx)
+{
+    return init(evp_ctx, '\x1f');
+}
+
+static int sha3_update(EVP_MD_CTX *evp_ctx, const void *_inp, size_t len)
+{
+    KECCAK1600_CTX *ctx = evp_ctx->md_data;
+    const unsigned char *inp = _inp;
+    size_t bsz = ctx->block_size;
+    size_t num, rem;
+
+    if (len == 0)
+        return 1;
+
+    if ((num = ctx->num) != 0) {      /* process intermediate buffer? */
+        rem = bsz - num;
+
+        if (len < rem) {
+            memcpy(ctx->buf + num, inp, len);
+            ctx->num += len;
+            return 1;
+        }
+        /*
+         * We have enough data to fill or overflow the intermediate
+         * buffer. So we append |rem| bytes and process the block,
+         * leaving the rest for later processing...
+         */
+        memcpy(ctx->buf + num, inp, rem);
+        inp += rem, len -= rem;
+        (void)SHA3_absorb(ctx->A, ctx->buf, bsz, bsz);
+        ctx->num = 0;
+        /* ctx->buf is processed, ctx->num is guaranteed to be zero */
+    }
+
+    if (len >= bsz)
+        rem = SHA3_absorb(ctx->A, inp, len, bsz);
+    else
+        rem = len;
+
+    if (rem) {
+        memcpy(ctx->buf, inp + len - rem, rem);
+        ctx->num = rem;
+    }
+
+    return 1;
+}
+
+static int sha3_final(EVP_MD_CTX *evp_ctx, unsigned char *md)
+{
+    KECCAK1600_CTX *ctx = evp_ctx->md_data;
+    size_t bsz = ctx->block_size;
+    size_t num = ctx->num;
+
+    /*
+     * Pad the data with 10*1. Note that |num| can be |bsz - 1|
+     * in which case both byte operations below are performed on
+     * same byte...
+     */
+    memset(ctx->buf + num, 0, bsz - num);
+    ctx->buf[num] = ctx->pad;
+    ctx->buf[bsz - 1] |= 0x80;
+
+    (void)SHA3_absorb(ctx->A, ctx->buf, bsz, bsz);
+
+    SHA3_squeeze(ctx->A, md, ctx->md_size, bsz);
+
+    return 1;
+}
+
+static int shake_ctrl(EVP_MD_CTX *evp_ctx, int cmd, int p1, void *p2)
+{
+    KECCAK1600_CTX *ctx = evp_ctx->md_data;
+
+    switch (cmd) {
+    case EVP_MD_CTRL_XOF_LEN:
+        ctx->md_size = p1;
+        return 1;
+    default:
+        return 0;
+    }
+}
+
+#if defined(OPENSSL_CPUID_OBJ) && defined(__s390__) && defined(KECCAK1600_ASM)
+/*
+ * IBM S390X support
+ */
+# include "s390x_arch.h"
+
+# define S390X_SHA3_FC(ctx)     ((ctx)->pad)
+
+# define S390X_sha3_224_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] &      \
+                                  S390X_CAPBIT(S390X_SHA3_224)) &&  \
+                                 (OPENSSL_s390xcap_P.klmd[0] &      \
+                                  S390X_CAPBIT(S390X_SHA3_224)))
+# define S390X_sha3_256_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] &      \
+                                  S390X_CAPBIT(S390X_SHA3_256)) &&  \
+                                 (OPENSSL_s390xcap_P.klmd[0] &      \
+                                  S390X_CAPBIT(S390X_SHA3_256)))
+# define S390X_sha3_384_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] &      \
+                                  S390X_CAPBIT(S390X_SHA3_384)) &&  \
+                                 (OPENSSL_s390xcap_P.klmd[0] &      \
+                                  S390X_CAPBIT(S390X_SHA3_384)))
+# define S390X_sha3_512_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] &      \
+                                  S390X_CAPBIT(S390X_SHA3_512)) &&  \
+                                 (OPENSSL_s390xcap_P.klmd[0] &      \
+                                  S390X_CAPBIT(S390X_SHA3_512)))
+# define S390X_shake128_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] &      \
+                                  S390X_CAPBIT(S390X_SHAKE_128)) && \
+                                 (OPENSSL_s390xcap_P.klmd[0] &      \
+                                  S390X_CAPBIT(S390X_SHAKE_128)))
+# define S390X_shake256_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] &      \
+                                  S390X_CAPBIT(S390X_SHAKE_256)) && \
+                                 (OPENSSL_s390xcap_P.klmd[0] &      \
+                                  S390X_CAPBIT(S390X_SHAKE_256)))
+
+/* Convert md-size to block-size. */
+# define S390X_KECCAK1600_BSZ(n) ((KECCAK1600_WIDTH - ((n) << 1)) >> 3)
+
+static int s390x_sha3_init(EVP_MD_CTX *evp_ctx)
+{
+    KECCAK1600_CTX *ctx = evp_ctx->md_data;
+    const size_t bsz = evp_ctx->digest->block_size;
+
+    /*-
+     * KECCAK1600_CTX structure's pad field is used to store the KIMD/KLMD
+     * function code.
+     */
+    switch (bsz) {
+    case S390X_KECCAK1600_BSZ(224):
+        ctx->pad = S390X_SHA3_224;
+        break;
+    case S390X_KECCAK1600_BSZ(256):
+        ctx->pad = S390X_SHA3_256;
+        break;
+    case S390X_KECCAK1600_BSZ(384):
+        ctx->pad = S390X_SHA3_384;
+        break;
+    case S390X_KECCAK1600_BSZ(512):
+        ctx->pad = S390X_SHA3_512;
+        break;
+    default:
+        return 0;
+    }
+
+    memset(ctx->A, 0, sizeof(ctx->A));
+    ctx->num = 0;
+    ctx->block_size = bsz;
+    ctx->md_size = evp_ctx->digest->md_size;
+    return 1;
+}
+
+static int s390x_shake_init(EVP_MD_CTX *evp_ctx)
+{
+    KECCAK1600_CTX *ctx = evp_ctx->md_data;
+    const size_t bsz = evp_ctx->digest->block_size;
+
+    /*-
+     * KECCAK1600_CTX structure's pad field is used to store the KIMD/KLMD
+     * function code.
+     */
+    switch (bsz) {
+    case S390X_KECCAK1600_BSZ(128):
+        ctx->pad = S390X_SHAKE_128;
+        break;
+    case S390X_KECCAK1600_BSZ(256):
+        ctx->pad = S390X_SHAKE_256;
+        break;
+    default:
+        return 0;
+    }
+
+    memset(ctx->A, 0, sizeof(ctx->A));
+    ctx->num = 0;
+    ctx->block_size = bsz;
+    ctx->md_size = evp_ctx->digest->md_size;
+    return 1;
+}
+
+static int s390x_sha3_update(EVP_MD_CTX *evp_ctx, const void *_inp, size_t len)
+{
+    KECCAK1600_CTX *ctx = evp_ctx->md_data;
+    const unsigned char *inp = _inp;
+    const size_t bsz = ctx->block_size;
+    size_t num, rem;
+
+    if (len == 0)
+        return 1;
+
+    if ((num = ctx->num) != 0) {
+        rem = bsz - num;
+
+        if (len < rem) {
+            memcpy(ctx->buf + num, inp, len);
+            ctx->num += len;
+            return 1;
+        }
+        memcpy(ctx->buf + num, inp, rem);
+        inp += rem;
+        len -= rem;
+        s390x_kimd(ctx->buf, bsz, ctx->pad, ctx->A);
+        ctx->num = 0;
+    }
+    rem = len % bsz;
+
+    s390x_kimd(inp, len - rem, ctx->pad, ctx->A);
+
+    if (rem) {
+        memcpy(ctx->buf, inp + len - rem, rem);
+        ctx->num = rem;
+    }
+    return 1;
+}
+
+static int s390x_sha3_final(EVP_MD_CTX *evp_ctx, unsigned char *md)
+{
+    KECCAK1600_CTX *ctx = evp_ctx->md_data;
+
+    s390x_klmd(ctx->buf, ctx->num, NULL, 0, ctx->pad, ctx->A);
+    memcpy(md, ctx->A, ctx->md_size);
+    return 1;
+}
+
+static int s390x_shake_final(EVP_MD_CTX *evp_ctx, unsigned char *md)
+{
+    KECCAK1600_CTX *ctx = evp_ctx->md_data;
+
+    s390x_klmd(ctx->buf, ctx->num, md, ctx->md_size, ctx->pad, ctx->A);
+    return 1;
+}
+
+# define EVP_MD_SHA3(bitlen)                         \
+const EVP_MD *EVP_sha3_##bitlen(void)                \
+{                                                    \
+    static const EVP_MD s390x_sha3_##bitlen##_md = { \
+        NID_sha3_##bitlen,                           \
+        NID_RSA_SHA3_##bitlen,                       \
+        bitlen / 8,                                  \
+        EVP_MD_FLAG_DIGALGID_ABSENT,                 \
+        s390x_sha3_init,                             \
+        s390x_sha3_update,                           \
+        s390x_sha3_final,                            \
+        NULL,                                        \
+        NULL,                                        \
+        (KECCAK1600_WIDTH - bitlen * 2) / 8,         \
+        sizeof(KECCAK1600_CTX),                      \
+    };                                               \
+    static const EVP_MD sha3_##bitlen##_md = {       \
+        NID_sha3_##bitlen,                           \
+        NID_RSA_SHA3_##bitlen,                       \
+        bitlen / 8,                                  \
+        EVP_MD_FLAG_DIGALGID_ABSENT,                 \
+        sha3_init,                                   \
+        sha3_update,                                 \
+        sha3_final,                                  \
+        NULL,                                        \
+        NULL,                                        \
+        (KECCAK1600_WIDTH - bitlen * 2) / 8,         \
+        sizeof(KECCAK1600_CTX),                      \
+    };                                               \
+    return S390X_sha3_##bitlen##_CAPABLE ?           \
+           &s390x_sha3_##bitlen##_md :               \
+           &sha3_##bitlen##_md;                      \
+}
+
+# define EVP_MD_SHAKE(bitlen)                        \
+const EVP_MD *EVP_shake##bitlen(void)                \
+{                                                    \
+    static const EVP_MD s390x_shake##bitlen##_md = { \
+        NID_shake##bitlen,                           \
+        0,                                           \
+        bitlen / 8,                                  \
+        EVP_MD_FLAG_XOF,                             \
+        s390x_shake_init,                            \
+        s390x_sha3_update,                           \
+        s390x_shake_final,                           \
+        NULL,                                        \
+        NULL,                                        \
+        (KECCAK1600_WIDTH - bitlen * 2) / 8,         \
+        sizeof(KECCAK1600_CTX),                      \
+        shake_ctrl                                   \
+    };                                               \
+    static const EVP_MD shake##bitlen##_md = {       \
+        NID_shake##bitlen,                           \
+        0,                                           \
+        bitlen / 8,                                  \
+        EVP_MD_FLAG_XOF,                             \
+        shake_init,                                  \
+        sha3_update,                                 \
+        sha3_final,                                  \
+        NULL,                                        \
+        NULL,                                        \
+        (KECCAK1600_WIDTH - bitlen * 2) / 8,         \
+        sizeof(KECCAK1600_CTX),                      \
+        shake_ctrl                                   \
+    };                                               \
+    return S390X_shake##bitlen##_CAPABLE ?           \
+           &s390x_shake##bitlen##_md :               \
+           &shake##bitlen##_md;                      \
+}
+
+#else
+
+# define EVP_MD_SHA3(bitlen)                    \
+const EVP_MD *EVP_sha3_##bitlen(void)           \
+{                                               \
+    static const EVP_MD sha3_##bitlen##_md = {  \
+        NID_sha3_##bitlen,                      \
+        NID_RSA_SHA3_##bitlen,                  \
+        bitlen / 8,                             \
+        EVP_MD_FLAG_DIGALGID_ABSENT,            \
+        sha3_init,                              \
+        sha3_update,                            \
+        sha3_final,                             \
+        NULL,                                   \
+        NULL,                                   \
+        (KECCAK1600_WIDTH - bitlen * 2) / 8,    \
+        sizeof(KECCAK1600_CTX),                 \
+    };                                          \
+    return &sha3_##bitlen##_md;                 \
+}
+
+# define EVP_MD_SHAKE(bitlen)                   \
+const EVP_MD *EVP_shake##bitlen(void)           \
+{                                               \
+    static const EVP_MD shake##bitlen##_md = {  \
+        NID_shake##bitlen,                      \
+        0,                                      \
+        bitlen / 8,                             \
+        EVP_MD_FLAG_XOF,                        \
+        shake_init,                             \
+        sha3_update,                            \
+        sha3_final,                             \
+        NULL,                                   \
+        NULL,                                   \
+        (KECCAK1600_WIDTH - bitlen * 2) / 8,    \
+        sizeof(KECCAK1600_CTX),                 \
+        shake_ctrl                              \
+    };                                          \
+    return &shake##bitlen##_md;                 \
+}
+#endif
+
+EVP_MD_SHA3(224)
+EVP_MD_SHA3(256)
+EVP_MD_SHA3(384)
+EVP_MD_SHA3(512)
+
+EVP_MD_SHAKE(128)
+EVP_MD_SHAKE(256)
diff --git a/freebsd/crypto/openssl/crypto/evp/m_sigver.c b/freebsd/crypto/openssl/crypto/evp/m_sigver.c
index 4f16794f..ac751d2b 100644
--- a/freebsd/crypto/openssl/crypto/evp/m_sigver.c
+++ b/freebsd/crypto/openssl/crypto/evp/m_sigver.c
@@ -1,71 +1,28 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* m_sigver.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2006.
- */
-/* ====================================================================
- * Copyright (c) 2006,2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
+#include "internal/evp_int.h"
 #include "evp_locl.h"
 
+static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen)
+{
+    EVPerr(EVP_F_UPDATE, EVP_R_ONLY_ONESHOT_SUPPORTED);
+    return 0;
+}
+
 static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                           const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey,
                           int ver)
@@ -94,15 +51,23 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
             if (ctx->pctx->pmeth->verifyctx_init(ctx->pctx, ctx) <= 0)
                 return 0;
             ctx->pctx->operation = EVP_PKEY_OP_VERIFYCTX;
-        } else if (EVP_PKEY_verify_init(ctx->pctx) <= 0)
+        } else if (ctx->pctx->pmeth->digestverify != 0) {
+            ctx->pctx->operation = EVP_PKEY_OP_VERIFY;
+            ctx->update = update;
+        } else if (EVP_PKEY_verify_init(ctx->pctx) <= 0) {
             return 0;
+        }
     } else {
         if (ctx->pctx->pmeth->signctx_init) {
             if (ctx->pctx->pmeth->signctx_init(ctx->pctx, ctx) <= 0)
                 return 0;
             ctx->pctx->operation = EVP_PKEY_OP_SIGNCTX;
-        } else if (EVP_PKEY_sign_init(ctx->pctx) <= 0)
+        } else if (ctx->pctx->pmeth->digestsign != 0) {
+            ctx->pctx->operation = EVP_PKEY_OP_SIGN;
+            ctx->update = update;
+        } else if (EVP_PKEY_sign_init(ctx->pctx) <= 0) {
             return 0;
+        }
     }
     if (EVP_PKEY_CTX_set_signature_md(ctx->pctx, type) <= 0)
         return 0;
@@ -112,6 +77,13 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
         return 1;
     if (!EVP_DigestInit_ex(ctx, type, e))
         return 0;
+    /*
+     * This indicates the current algorithm requires
+     * special treatment before hashing the tbs-message.
+     */
+    if (ctx->pctx->pmeth->digest_custom != NULL)
+        return ctx->pctx->pmeth->digest_custom(ctx->pctx, ctx);
+
     return 1;
 }
 
@@ -130,17 +102,20 @@ int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
 int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
                         size_t *siglen)
 {
-    int sctx, r = 0;
+    int sctx = 0, r = 0;
     EVP_PKEY_CTX *pctx = ctx->pctx;
     if (pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM) {
-        EVP_PKEY_CTX *dctx;
         if (!sigret)
             return pctx->pmeth->signctx(pctx, sigret, siglen, ctx);
-        dctx = EVP_PKEY_CTX_dup(ctx->pctx);
-        if (!dctx)
-            return 0;
-        r = dctx->pmeth->signctx(dctx, sigret, siglen, ctx);
-        EVP_PKEY_CTX_free(dctx);
+        if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE)
+            r = pctx->pmeth->signctx(pctx, sigret, siglen, ctx);
+        else {
+            EVP_PKEY_CTX *dctx = EVP_PKEY_CTX_dup(ctx->pctx);
+            if (!dctx)
+                return 0;
+            r = dctx->pmeth->signctx(dctx, sigret, siglen, ctx);
+            EVP_PKEY_CTX_free(dctx);
+        }
         return r;
     }
     if (pctx->pmeth->signctx)
@@ -148,18 +123,28 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
     else
         sctx = 0;
     if (sigret) {
-        EVP_MD_CTX tmp_ctx;
         unsigned char md[EVP_MAX_MD_SIZE];
-        unsigned int mdlen;
-        EVP_MD_CTX_init(&tmp_ctx);
-        if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx))
-            return 0;
-        if (sctx)
-            r = tmp_ctx.pctx->pmeth->signctx(tmp_ctx.pctx,
-                                             sigret, siglen, &tmp_ctx);
-        else
-            r = EVP_DigestFinal_ex(&tmp_ctx, md, &mdlen);
-        EVP_MD_CTX_cleanup(&tmp_ctx);
+        unsigned int mdlen = 0;
+        if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) {
+            if (sctx)
+                r = ctx->pctx->pmeth->signctx(ctx->pctx, sigret, siglen, ctx);
+            else
+                r = EVP_DigestFinal_ex(ctx, md, &mdlen);
+        } else {
+            EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new();
+            if (tmp_ctx == NULL)
+                return 0;
+            if (!EVP_MD_CTX_copy_ex(tmp_ctx, ctx)) {
+                EVP_MD_CTX_free(tmp_ctx);
+                return 0;
+            }
+            if (sctx)
+                r = tmp_ctx->pctx->pmeth->signctx(tmp_ctx->pctx,
+                                                  sigret, siglen, tmp_ctx);
+            else
+                r = EVP_DigestFinal_ex(tmp_ctx, md, &mdlen);
+            EVP_MD_CTX_free(tmp_ctx);
+        }
         if (sctx || !r)
             return r;
         if (EVP_PKEY_sign(ctx->pctx, sigret, siglen, md, mdlen) <= 0)
@@ -177,29 +162,59 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
     return 1;
 }
 
+int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen,
+                   const unsigned char *tbs, size_t tbslen)
+{
+    if (ctx->pctx->pmeth->digestsign != NULL)
+        return ctx->pctx->pmeth->digestsign(ctx, sigret, siglen, tbs, tbslen);
+    if (sigret != NULL && EVP_DigestSignUpdate(ctx, tbs, tbslen) <= 0)
+        return 0;
+    return EVP_DigestSignFinal(ctx, sigret, siglen);
+}
+
 int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
                           size_t siglen)
 {
-    EVP_MD_CTX tmp_ctx;
     unsigned char md[EVP_MAX_MD_SIZE];
-    int r;
-    unsigned int mdlen;
-    int vctx;
+    int r = 0;
+    unsigned int mdlen = 0;
+    int vctx = 0;
 
     if (ctx->pctx->pmeth->verifyctx)
         vctx = 1;
     else
         vctx = 0;
-    EVP_MD_CTX_init(&tmp_ctx);
-    if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx))
-        return -1;
-    if (vctx) {
-        r = tmp_ctx.pctx->pmeth->verifyctx(tmp_ctx.pctx,
-                                           sig, siglen, &tmp_ctx);
-    } else
-        r = EVP_DigestFinal_ex(&tmp_ctx, md, &mdlen);
-    EVP_MD_CTX_cleanup(&tmp_ctx);
+    if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) {
+        if (vctx)
+            r = ctx->pctx->pmeth->verifyctx(ctx->pctx, sig, siglen, ctx);
+        else
+            r = EVP_DigestFinal_ex(ctx, md, &mdlen);
+    } else {
+        EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new();
+        if (tmp_ctx == NULL)
+            return -1;
+        if (!EVP_MD_CTX_copy_ex(tmp_ctx, ctx)) {
+            EVP_MD_CTX_free(tmp_ctx);
+            return -1;
+        }
+        if (vctx)
+            r = tmp_ctx->pctx->pmeth->verifyctx(tmp_ctx->pctx,
+                                                sig, siglen, tmp_ctx);
+        else
+            r = EVP_DigestFinal_ex(tmp_ctx, md, &mdlen);
+        EVP_MD_CTX_free(tmp_ctx);
+    }
     if (vctx || !r)
         return r;
     return EVP_PKEY_verify(ctx->pctx, sig, siglen, md, mdlen);
 }
+
+int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
+                     size_t siglen, const unsigned char *tbs, size_t tbslen)
+{
+    if (ctx->pctx->pmeth->digestverify != NULL)
+        return ctx->pctx->pmeth->digestverify(ctx, sigret, siglen, tbs, tbslen);
+    if (EVP_DigestVerifyUpdate(ctx, tbs, tbslen) <= 0)
+        return -1;
+    return EVP_DigestVerifyFinal(ctx, sigret, siglen);
+}
diff --git a/freebsd/crypto/openssl/crypto/evp/m_wp.c b/freebsd/crypto/openssl/crypto/evp/m_wp.c
index bbf44c7e..e7ac05a5 100644
--- a/freebsd/crypto/openssl/crypto/evp/m_wp.c
+++ b/freebsd/crypto/openssl/crypto/evp/m_wp.c
@@ -1,9 +1,16 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/evp/m_wp.c */
+/*
+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 
 #ifndef OPENSSL_NO_WHIRLPOOL
 
@@ -11,21 +18,21 @@
 # include <openssl/objects.h>
 # include <openssl/x509.h>
 # include <openssl/whrlpool.h>
-# include "evp_locl.h"
+# include "internal/evp_int.h"
 
 static int init(EVP_MD_CTX *ctx)
 {
-    return WHIRLPOOL_Init(ctx->md_data);
+    return WHIRLPOOL_Init(EVP_MD_CTX_md_data(ctx));
 }
 
 static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
 {
-    return WHIRLPOOL_Update(ctx->md_data, data, count);
+    return WHIRLPOOL_Update(EVP_MD_CTX_md_data(ctx), data, count);
 }
 
 static int final(EVP_MD_CTX *ctx, unsigned char *md)
 {
-    return WHIRLPOOL_Final(md, ctx->md_data);
+    return WHIRLPOOL_Final(md, EVP_MD_CTX_md_data(ctx));
 }
 
 static const EVP_MD whirlpool_md = {
@@ -38,13 +45,12 @@ static const EVP_MD whirlpool_md = {
     final,
     NULL,
     NULL,
-    EVP_PKEY_NULL_method,
     WHIRLPOOL_BBLOCK / 8,
     sizeof(EVP_MD *) + sizeof(WHIRLPOOL_CTX),
 };
 
 const EVP_MD *EVP_whirlpool(void)
 {
-    return (&whirlpool_md);
+    return &whirlpool_md;
 }
 #endif
diff --git a/freebsd/crypto/openssl/crypto/evp/names.c b/freebsd/crypto/openssl/crypto/evp/names.c
index ed4df40c..66c8005c 100644
--- a/freebsd/crypto/openssl/crypto/evp/names.c
+++ b/freebsd/crypto/openssl/crypto/evp/names.c
@@ -1,68 +1,20 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/evp/names.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/evp.h>
-#include <openssl/objects.h>
+#include "internal/objects.h"
 #include <openssl/x509.h>
+#include "internal/evp_int.h"
 
 int EVP_add_cipher(const EVP_CIPHER *c)
 {
@@ -71,63 +23,63 @@ int EVP_add_cipher(const EVP_CIPHER *c)
     if (c == NULL)
         return 0;
 
-    OPENSSL_init();
-
     r = OBJ_NAME_add(OBJ_nid2sn(c->nid), OBJ_NAME_TYPE_CIPHER_METH,
                      (const char *)c);
     if (r == 0)
-        return (0);
-    check_defer(c->nid);
+        return 0;
     r = OBJ_NAME_add(OBJ_nid2ln(c->nid), OBJ_NAME_TYPE_CIPHER_METH,
                      (const char *)c);
-    return (r);
+    return r;
 }
 
 int EVP_add_digest(const EVP_MD *md)
 {
     int r;
     const char *name;
-    OPENSSL_init();
 
     name = OBJ_nid2sn(md->type);
     r = OBJ_NAME_add(name, OBJ_NAME_TYPE_MD_METH, (const char *)md);
     if (r == 0)
-        return (0);
-    check_defer(md->type);
+        return 0;
     r = OBJ_NAME_add(OBJ_nid2ln(md->type), OBJ_NAME_TYPE_MD_METH,
                      (const char *)md);
     if (r == 0)
-        return (0);
+        return 0;
 
     if (md->pkey_type && md->type != md->pkey_type) {
         r = OBJ_NAME_add(OBJ_nid2sn(md->pkey_type),
                          OBJ_NAME_TYPE_MD_METH | OBJ_NAME_ALIAS, name);
         if (r == 0)
-            return (0);
-        check_defer(md->pkey_type);
+            return 0;
         r = OBJ_NAME_add(OBJ_nid2ln(md->pkey_type),
                          OBJ_NAME_TYPE_MD_METH | OBJ_NAME_ALIAS, name);
     }
-    return (r);
+    return r;
 }
 
 const EVP_CIPHER *EVP_get_cipherbyname(const char *name)
 {
     const EVP_CIPHER *cp;
 
+    if (!OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL))
+        return NULL;
+
     cp = (const EVP_CIPHER *)OBJ_NAME_get(name, OBJ_NAME_TYPE_CIPHER_METH);
-    return (cp);
+    return cp;
 }
 
 const EVP_MD *EVP_get_digestbyname(const char *name)
 {
     const EVP_MD *cp;
 
+    if (!OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL))
+        return NULL;
+
     cp = (const EVP_MD *)OBJ_NAME_get(name, OBJ_NAME_TYPE_MD_METH);
-    return (cp);
+    return cp;
 }
 
-void EVP_cleanup(void)
+void evp_cleanup_int(void)
 {
     OBJ_NAME_cleanup(OBJ_NAME_TYPE_CIPHER_METH);
     OBJ_NAME_cleanup(OBJ_NAME_TYPE_MD_METH);
@@ -139,11 +91,9 @@ void EVP_cleanup(void)
     OBJ_NAME_cleanup(-1);
 
     EVP_PBE_cleanup();
-    if (obj_cleanup_defer == 2) {
-        obj_cleanup_defer = 0;
-        OBJ_cleanup();
-    }
     OBJ_sigid_free();
+
+    evp_app_cleanup_int();
 }
 
 struct doall_cipher {
@@ -166,6 +116,10 @@ void EVP_CIPHER_do_all(void (*fn) (const EVP_CIPHER *ciph,
                        void *arg)
 {
     struct doall_cipher dc;
+
+    /* Ignore errors */
+    OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL);
+
     dc.fn = fn;
     dc.arg = arg;
     OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH, do_all_cipher_fn, &dc);
@@ -176,6 +130,10 @@ void EVP_CIPHER_do_all_sorted(void (*fn) (const EVP_CIPHER *ciph,
                                           void *x), void *arg)
 {
     struct doall_cipher dc;
+
+    /* Ignore errors */
+    OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL);
+
     dc.fn = fn;
     dc.arg = arg;
     OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, do_all_cipher_fn, &dc);
@@ -201,6 +159,10 @@ void EVP_MD_do_all(void (*fn) (const EVP_MD *md,
                    void *arg)
 {
     struct doall_md dc;
+
+    /* Ignore errors */
+    OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
+
     dc.fn = fn;
     dc.arg = arg;
     OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, do_all_md_fn, &dc);
@@ -211,6 +173,9 @@ void EVP_MD_do_all_sorted(void (*fn) (const EVP_MD *md,
                                       void *x), void *arg)
 {
     struct doall_md dc;
+
+    OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
+
     dc.fn = fn;
     dc.arg = arg;
     OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_MD_METH, do_all_md_fn, &dc);
diff --git a/freebsd/crypto/openssl/crypto/evp/openbsd_hw.c b/freebsd/crypto/openssl/crypto/evp/openbsd_hw.c
deleted file mode 100644
index 89a61b06..00000000
--- a/freebsd/crypto/openssl/crypto/evp/openbsd_hw.c
+++ /dev/null
@@ -1,455 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* Written by Ben Laurie, 2001 */
-/*
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/rsa.h>
-#include "evp_locl.h"
-
-/*
- * This stuff should now all be supported through
- * crypto/engine/hw_openbsd_dev_crypto.c unless I botched it up
- */
-static void *dummy = &dummy;
-
-#if 0
-
-/* check flag after OpenSSL headers to ensure make depend works */
-# ifdef OPENSSL_OPENBSD_DEV_CRYPTO
-
-#  include <fcntl.h>
-#  include <stdio.h>
-#  include <errno.h>
-#  include <sys/ioctl.h>
-#  include <crypto/cryptodev.h>
-#  include <unistd.h>
-#  include <assert.h>
-
-/* longest key supported in hardware */
-#  define MAX_HW_KEY      24
-#  define MAX_HW_IV       8
-
-#  define MD5_DIGEST_LENGTH       16
-#  define MD5_CBLOCK              64
-
-static int fd;
-static int dev_failed;
-
-typedef struct session_op session_op;
-
-#  define CDATA(ctx) EVP_C_DATA(session_op,ctx)
-
-static void err(const char *str)
-{
-    fprintf(stderr, "%s: errno %d\n", str, errno);
-}
-
-static int dev_crypto_init(session_op *ses)
-{
-    if (dev_failed)
-        return 0;
-    if (!fd) {
-        int cryptodev_fd;
-
-        if ((cryptodev_fd = open("/dev/crypto", O_RDWR, 0)) < 0) {
-            err("/dev/crypto");
-            dev_failed = 1;
-            return 0;
-        }
-        if (ioctl(cryptodev_fd, CRIOGET, &fd) == -1) {
-            err("CRIOGET failed");
-            close(cryptodev_fd);
-            dev_failed = 1;
-            return 0;
-        }
-        close(cryptodev_fd);
-    }
-    assert(ses);
-    memset(ses, '\0', sizeof(*ses));
-
-    return 1;
-}
-
-static int dev_crypto_cleanup(EVP_CIPHER_CTX *ctx)
-{
-    if (ioctl(fd, CIOCFSESSION, &CDATA(ctx)->ses) == -1)
-        err("CIOCFSESSION failed");
-
-    OPENSSL_free(CDATA(ctx)->key);
-
-    return 1;
-}
-
-static int dev_crypto_init_key(EVP_CIPHER_CTX *ctx, int cipher,
-                               const unsigned char *key, int klen)
-{
-    if (!dev_crypto_init(CDATA(ctx)))
-        return 0;
-
-    CDATA(ctx)->key = OPENSSL_malloc(MAX_HW_KEY);
-    if (CDATA(ctx)->key == NULL {
-        err("CDATA(ctx)->key memory allocation failed");
-        return 0;
-    }
-
-    assert(ctx->cipher->iv_len <= MAX_HW_IV);
-
-    memcpy(CDATA(ctx)->key, key, klen);
-
-    CDATA(ctx)->cipher = cipher;
-    CDATA(ctx)->keylen = klen;
-
-    if (ioctl(fd, CIOCGSESSION, CDATA(ctx)) == -1) {
-        err("CIOCGSESSION failed");
-        return 0;
-    }
-    return 1;
-}
-
-static int dev_crypto_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                             const unsigned char *in, unsigned int inl)
-{
-    struct crypt_op cryp;
-    unsigned char lb[MAX_HW_IV];
-
-    if (!inl)
-        return 1;
-
-    assert(CDATA(ctx));
-    assert(!dev_failed);
-
-    memset(&cryp, '\0', sizeof(cryp));
-    cryp.ses = CDATA(ctx)->ses;
-    cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
-    cryp.flags = 0;
-    cryp.len = inl;
-    assert((inl & (ctx->cipher->block_size - 1)) == 0);
-    cryp.src = (caddr_t) in;
-    cryp.dst = (caddr_t) out;
-    cryp.mac = 0;
-    if (ctx->cipher->iv_len)
-        cryp.iv = (caddr_t) ctx->iv;
-
-    if (!ctx->encrypt)
-        memcpy(lb, &in[cryp.len - ctx->cipher->iv_len], ctx->cipher->iv_len);
-
-    if (ioctl(fd, CIOCCRYPT, &cryp) == -1) {
-        if (errno == EINVAL) {  /* buffers are misaligned */
-            unsigned int cinl = 0;
-            char *cin = NULL;
-            char *cout = NULL;
-
-            /* NB: this can only make cinl != inl with stream ciphers */
-            cinl = (inl + 3) / 4 * 4;
-
-            if (((unsigned long)in & 3) || cinl != inl) {
-                cin = OPENSSL_malloc(cinl);
-                if (cin == NULL) {
-                    err("cin - memory allocation failed");
-                    abort();
-                    return 0;
-                }
-                memcpy(cin, in, inl);
-                cryp.src = cin;
-            }
-
-            if (((unsigned long)out & 3) || cinl != inl) {
-                cout = OPENSSL_malloc(cinl);
-                cryp.dst = cout;
-            }
-
-            cryp.len = cinl;
-
-            if (ioctl(fd, CIOCCRYPT, &cryp) == -1) {
-                err("CIOCCRYPT(2) failed");
-                printf("src=%p dst=%p\n", cryp.src, cryp.dst);
-                abort();
-                return 0;
-            }
-
-            if (cout) {
-                memcpy(out, cout, inl);
-                OPENSSL_free(cout);
-            }
-            if (cin)
-                OPENSSL_free(cin);
-        } else {
-            err("CIOCCRYPT failed");
-            abort();
-            return 0;
-        }
-    }
-
-    if (ctx->encrypt)
-        memcpy(ctx->iv, &out[cryp.len - ctx->cipher->iv_len],
-               ctx->cipher->iv_len);
-    else
-        memcpy(ctx->iv, lb, ctx->cipher->iv_len);
-
-    return 1;
-}
-
-static int dev_crypto_des_ede3_init_key(EVP_CIPHER_CTX *ctx,
-                                        const unsigned char *key,
-                                        const unsigned char *iv, int enc)
-{
-    return dev_crypto_init_key(ctx, CRYPTO_3DES_CBC, key, 24);
-}
-
-#  define dev_crypto_des_ede3_cbc_cipher dev_crypto_cipher
-
-BLOCK_CIPHER_def_cbc(dev_crypto_des_ede3, session_op, NID_des_ede3, 8, 24, 8,
-                     0, dev_crypto_des_ede3_init_key,
-                     dev_crypto_cleanup,
-                     EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
-
-static int dev_crypto_rc4_init_key(EVP_CIPHER_CTX *ctx,
-                                   const unsigned char *key,
-                                   const unsigned char *iv, int enc)
-{
-    return dev_crypto_init_key(ctx, CRYPTO_ARC4, key, 16);
-}
-
-static const EVP_CIPHER r4_cipher = {
-    NID_rc4,
-    1, 16, 0,                   /* FIXME: key should be up to 256 bytes */
-    EVP_CIPH_VARIABLE_LENGTH,
-    dev_crypto_rc4_init_key,
-    dev_crypto_cipher,
-    dev_crypto_cleanup,
-    sizeof(session_op),
-    NULL,
-    NULL,
-    NULL
-};
-
-const EVP_CIPHER *EVP_dev_crypto_rc4(void)
-{
-    return &r4_cipher;
-}
-
-typedef struct {
-    session_op sess;
-    char *data;
-    int len;
-    unsigned char md[EVP_MAX_MD_SIZE];
-} MD_DATA;
-
-static int dev_crypto_init_digest(MD_DATA *md_data, int mac)
-{
-    if (!dev_crypto_init(&md_data->sess))
-        return 0;
-
-    md_data->len = 0;
-    md_data->data = NULL;
-
-    md_data->sess.mac = mac;
-
-    if (ioctl(fd, CIOCGSESSION, &md_data->sess) == -1) {
-        err("CIOCGSESSION failed");
-        return 0;
-    }
-    return 1;
-}
-
-static int dev_crypto_cleanup_digest(MD_DATA *md_data)
-{
-    if (ioctl(fd, CIOCFSESSION, &md_data->sess.ses) == -1) {
-        err("CIOCFSESSION failed");
-        return 0;
-    }
-
-    return 1;
-}
-
-/* FIXME: if device can do chained MACs, then don't accumulate */
-/* FIXME: move accumulation to the framework */
-static int dev_crypto_md5_init(EVP_MD_CTX *ctx)
-{
-    return dev_crypto_init_digest(ctx->md_data, CRYPTO_MD5);
-}
-
-static int do_digest(int ses, unsigned char *md, const void *data, int len)
-{
-    struct crypt_op cryp;
-    static unsigned char md5zero[16] = {
-        0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04,
-        0xe9, 0x80, 0x09, 0x98, 0xec, 0xf8, 0x42, 0x7e
-    };
-
-    /* some cards can't do zero length */
-    if (!len) {
-        memcpy(md, md5zero, 16);
-        return 1;
-    }
-
-    memset(&cryp, '\0', sizeof(cryp));
-    cryp.ses = ses;
-    cryp.op = COP_ENCRYPT;      /* required to do the MAC rather than check
-                                 * it */
-    cryp.len = len;
-    cryp.src = (caddr_t) data;
-    cryp.dst = (caddr_t) data;  // FIXME!!!
-    cryp.mac = (caddr_t) md;
-
-    if (ioctl(fd, CIOCCRYPT, &cryp) == -1) {
-        if (errno == EINVAL) {  /* buffer is misaligned */
-            char *dcopy;
-
-            dcopy = OPENSSL_malloc(len);
-            if (dcopy == NULL) {
-                err("dcopy - memory allocation failed");
-                abort();
-                return 0;
-            }
-            memcpy(dcopy, data, len);
-            cryp.src = dcopy;
-            cryp.dst = cryp.src; // FIXME!!!
-
-            if (ioctl(fd, CIOCCRYPT, &cryp) == -1) {
-                err("CIOCCRYPT(MAC2) failed");
-                abort();
-                return 0;
-            }
-            OPENSSL_free(dcopy);
-        } else {
-            err("CIOCCRYPT(MAC) failed");
-            abort();
-            return 0;
-        }
-    }
-    // printf("done\n");
-
-    return 1;
-}
-
-static int dev_crypto_md5_update(EVP_MD_CTX *ctx, const void *data,
-                                 unsigned long len)
-{
-    MD_DATA *md_data = ctx->md_data;
-
-    if (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)
-        return do_digest(md_data->sess.ses, md_data->md, data, len);
-
-    md_data->data = OPENSSL_realloc(md_data->data, md_data->len + len);
-    if (md_data->data == NULL) {
-        err("DEV_CRYPTO_MD5_UPDATE: unable to allocate memory");
-        abort();
-    }
-    memcpy(md_data->data + md_data->len, data, len);
-    md_data->len += len;
-
-    return 1;
-}
-
-static int dev_crypto_md5_final(EVP_MD_CTX *ctx, unsigned char *md)
-{
-    int ret;
-    MD_DATA *md_data = ctx->md_data;
-
-    if (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) {
-        memcpy(md, md_data->md, MD5_DIGEST_LENGTH);
-        ret = 1;
-    } else {
-        ret = do_digest(md_data->sess.ses, md, md_data->data, md_data->len);
-        OPENSSL_free(md_data->data);
-        md_data->data = NULL;
-        md_data->len = 0;
-    }
-
-    return ret;
-}
-
-static int dev_crypto_md5_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
-{
-    const MD_DATA *from_md = from->md_data;
-    MD_DATA *to_md = to->md_data;
-
-    // How do we copy sessions?
-    assert(from->digest->flags & EVP_MD_FLAG_ONESHOT);
-
-    to_md->data = OPENSSL_malloc(from_md->len);
-    if (to_md->data == NULL) {
-        err("DEV_CRYPTO_MD5_COPY: unable to allocate memory");
-        abort();
-    }
-    memcpy(to_md->data, from_md->data, from_md->len);
-
-    return 1;
-}
-
-static int dev_crypto_md5_cleanup(EVP_MD_CTX *ctx)
-{
-    return dev_crypto_cleanup_digest(ctx->md_data);
-}
-
-static const EVP_MD md5_md = {
-    NID_md5,
-    NID_md5WithRSAEncryption,
-    MD5_DIGEST_LENGTH,
-    EVP_MD_FLAG_ONESHOT,        // XXX: set according to device info...
-    dev_crypto_md5_init,
-    dev_crypto_md5_update,
-    dev_crypto_md5_final,
-    dev_crypto_md5_copy,
-    dev_crypto_md5_cleanup,
-    EVP_PKEY_RSA_method,
-    MD5_CBLOCK,
-    sizeof(MD_DATA),
-};
-
-const EVP_MD *EVP_dev_crypto_md5(void)
-{
-    return &md5_md;
-}
-
-# endif
-#endif
diff --git a/freebsd/crypto/openssl/crypto/evp/p5_crpt.c b/freebsd/crypto/openssl/crypto/evp/p5_crpt.c
index 9a2b4de8..1fc03b03 100644
--- a/freebsd/crypto/openssl/crypto/evp/p5_crpt.c
+++ b/freebsd/crypto/openssl/crypto/evp/p5_crpt.c
@@ -1,67 +1,17 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* p5_crpt.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/x509.h>
 #include <openssl/evp.h>
 
@@ -77,17 +27,15 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
                        ASN1_TYPE *param, const EVP_CIPHER *cipher,
                        const EVP_MD *md, int en_de)
 {
-    EVP_MD_CTX ctx;
+    EVP_MD_CTX *ctx;
     unsigned char md_tmp[EVP_MAX_MD_SIZE];
     unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
     int i;
     PBEPARAM *pbe;
     int saltlen, iter;
     unsigned char *salt;
-    const unsigned char *pbuf;
     int mdsize;
     int rv = 0;
-    EVP_MD_CTX_init(&ctx);
 
     /* Extract useful info from parameter */
     if (param == NULL || param->type != V_ASN1_SEQUENCE ||
@@ -96,8 +44,8 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
         return 0;
     }
 
-    pbuf = param->value.sequence->data;
-    if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) {
+    pbe = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBEPARAM), param);
+    if (pbe == NULL) {
         EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_DECODE_ERROR);
         return 0;
     }
@@ -114,24 +62,30 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
     else if (passlen == -1)
         passlen = strlen(pass);
 
-    if (!EVP_DigestInit_ex(&ctx, md, NULL))
+    ctx = EVP_MD_CTX_new();
+    if (ctx == NULL) {
+        EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (!EVP_DigestInit_ex(ctx, md, NULL))
         goto err;
-    if (!EVP_DigestUpdate(&ctx, pass, passlen))
+    if (!EVP_DigestUpdate(ctx, pass, passlen))
         goto err;
-    if (!EVP_DigestUpdate(&ctx, salt, saltlen))
+    if (!EVP_DigestUpdate(ctx, salt, saltlen))
         goto err;
     PBEPARAM_free(pbe);
-    if (!EVP_DigestFinal_ex(&ctx, md_tmp, NULL))
+    if (!EVP_DigestFinal_ex(ctx, md_tmp, NULL))
         goto err;
     mdsize = EVP_MD_size(md);
     if (mdsize < 0)
         return 0;
     for (i = 1; i < iter; i++) {
-        if (!EVP_DigestInit_ex(&ctx, md, NULL))
+        if (!EVP_DigestInit_ex(ctx, md, NULL))
             goto err;
-        if (!EVP_DigestUpdate(&ctx, md_tmp, mdsize))
+        if (!EVP_DigestUpdate(ctx, md_tmp, mdsize))
             goto err;
-        if (!EVP_DigestFinal_ex(&ctx, md_tmp, NULL))
+        if (!EVP_DigestFinal_ex(ctx, md_tmp, NULL))
             goto err;
     }
     OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp));
@@ -146,6 +100,6 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
     OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
     rv = 1;
  err:
-    EVP_MD_CTX_cleanup(&ctx);
+    EVP_MD_CTX_free(ctx);
     return rv;
 }
diff --git a/freebsd/crypto/openssl/crypto/evp/p5_crpt2.c b/freebsd/crypto/openssl/crypto/evp/p5_crpt2.c
index 9c239d87..1830c463 100644
--- a/freebsd/crypto/openssl/crypto/evp/p5_crpt2.c
+++ b/freebsd/crypto/openssl/crypto/evp/p5_crpt2.c
@@ -1,108 +1,67 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* p5_crpt2.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
+
 #include <stdio.h>
 #include <stdlib.h>
-#include "cryptlib.h"
-#if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA)
+#include "internal/cryptlib.h"
 # include <openssl/x509.h>
 # include <openssl/evp.h>
 # include <openssl/hmac.h>
 # include "evp_locl.h"
 
 /* set this to print out info about the keygen algorithm */
-/* #define DEBUG_PKCS5V2 */
+/* #define OPENSSL_DEBUG_PKCS5V2 */
 
-# ifdef DEBUG_PKCS5V2
+# ifdef OPENSSL_DEBUG_PKCS5V2
 static void h__dump(const unsigned char *p, int len);
 # endif
 
 /*
  * This is an implementation of PKCS#5 v2.0 password based encryption key
  * derivation function PBKDF2. SHA1 version verified against test vectors
- * posted by Peter Gutmann <pgut001@cs.auckland.ac.nz> to the PKCS-TNG
- * <pkcs-tng@rsa.com> mailing list.
+ * posted by Peter Gutmann to the PKCS-TNG mailing list.
  */
 
 int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
                       const unsigned char *salt, int saltlen, int iter,
                       const EVP_MD *digest, int keylen, unsigned char *out)
 {
+    const char *empty = "";
     unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4];
     int cplen, j, k, tkeylen, mdlen;
     unsigned long i = 1;
-    HMAC_CTX hctx_tpl, hctx;
+    HMAC_CTX *hctx_tpl = NULL, *hctx = NULL;
 
     mdlen = EVP_MD_size(digest);
     if (mdlen < 0)
         return 0;
 
-    HMAC_CTX_init(&hctx_tpl);
+    hctx_tpl = HMAC_CTX_new();
+    if (hctx_tpl == NULL)
+        return 0;
     p = out;
     tkeylen = keylen;
-    if (!pass)
+    if (pass == NULL) {
+        pass = empty;
         passlen = 0;
-    else if (passlen == -1)
+    } else if (passlen == -1) {
         passlen = strlen(pass);
-    if (!HMAC_Init_ex(&hctx_tpl, pass, passlen, digest, NULL)) {
-        HMAC_CTX_cleanup(&hctx_tpl);
+    }
+    if (!HMAC_Init_ex(hctx_tpl, pass, passlen, digest, NULL)) {
+        HMAC_CTX_free(hctx_tpl);
+        return 0;
+    }
+    hctx = HMAC_CTX_new();
+    if (hctx == NULL) {
+        HMAC_CTX_free(hctx_tpl);
         return 0;
     }
     while (tkeylen) {
@@ -118,31 +77,31 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
         itmp[1] = (unsigned char)((i >> 16) & 0xff);
         itmp[2] = (unsigned char)((i >> 8) & 0xff);
         itmp[3] = (unsigned char)(i & 0xff);
-        if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) {
-            HMAC_CTX_cleanup(&hctx_tpl);
+        if (!HMAC_CTX_copy(hctx, hctx_tpl)) {
+            HMAC_CTX_free(hctx);
+            HMAC_CTX_free(hctx_tpl);
             return 0;
         }
-        if (!HMAC_Update(&hctx, salt, saltlen)
-            || !HMAC_Update(&hctx, itmp, 4)
-            || !HMAC_Final(&hctx, digtmp, NULL)) {
-            HMAC_CTX_cleanup(&hctx_tpl);
-            HMAC_CTX_cleanup(&hctx);
+        if (!HMAC_Update(hctx, salt, saltlen)
+            || !HMAC_Update(hctx, itmp, 4)
+            || !HMAC_Final(hctx, digtmp, NULL)) {
+            HMAC_CTX_free(hctx);
+            HMAC_CTX_free(hctx_tpl);
             return 0;
         }
-        HMAC_CTX_cleanup(&hctx);
         memcpy(p, digtmp, cplen);
         for (j = 1; j < iter; j++) {
-            if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) {
-                HMAC_CTX_cleanup(&hctx_tpl);
+            if (!HMAC_CTX_copy(hctx, hctx_tpl)) {
+                HMAC_CTX_free(hctx);
+                HMAC_CTX_free(hctx_tpl);
                 return 0;
             }
-            if (!HMAC_Update(&hctx, digtmp, mdlen)
-                || !HMAC_Final(&hctx, digtmp, NULL)) {
-                HMAC_CTX_cleanup(&hctx_tpl);
-                HMAC_CTX_cleanup(&hctx);
+            if (!HMAC_Update(hctx, digtmp, mdlen)
+                || !HMAC_Final(hctx, digtmp, NULL)) {
+                HMAC_CTX_free(hctx);
+                HMAC_CTX_free(hctx_tpl);
                 return 0;
             }
-            HMAC_CTX_cleanup(&hctx);
             for (k = 0; k < cplen; k++)
                 p[k] ^= digtmp[k];
         }
@@ -150,8 +109,9 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
         i++;
         p += cplen;
     }
-    HMAC_CTX_cleanup(&hctx_tpl);
-# ifdef DEBUG_PKCS5V2
+    HMAC_CTX_free(hctx);
+    HMAC_CTX_free(hctx_tpl);
+# ifdef OPENSSL_DEBUG_PKCS5V2
     fprintf(stderr, "Password:\n");
     h__dump(pass, passlen);
     fprintf(stderr, "Salt:\n");
@@ -171,18 +131,6 @@ int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
                              keylen, out);
 }
 
-# ifdef DO_TEST
-main()
-{
-    unsigned char out[4];
-    unsigned char salt[] = { 0x12, 0x34, 0x56, 0x78 };
-    PKCS5_PBKDF2_HMAC_SHA1("password", -1, salt, 4, 5, 4, out);
-    fprintf(stderr, "Out %02X %02X %02X %02X\n",
-            out[0], out[1], out[2], out[3]);
-}
-
-# endif
-
 /*
  * Now the key derivation function itself. This is a bit evil because it has
  * to check the ASN1 parameters are valid: and there are quite a few of
@@ -193,29 +141,21 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
                           ASN1_TYPE *param, const EVP_CIPHER *c,
                           const EVP_MD *md, int en_de)
 {
-    const unsigned char *pbuf;
-    int plen;
     PBE2PARAM *pbe2 = NULL;
     const EVP_CIPHER *cipher;
+    EVP_PBE_KEYGEN *kdf;
 
     int rv = 0;
 
-    if (param == NULL || param->type != V_ASN1_SEQUENCE ||
-        param->value.sequence == NULL) {
-        EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_DECODE_ERROR);
-        goto err;
-    }
-
-    pbuf = param->value.sequence->data;
-    plen = param->value.sequence->length;
-    if (!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) {
+    pbe2 = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBE2PARAM), param);
+    if (pbe2 == NULL) {
         EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_DECODE_ERROR);
         goto err;
     }
 
     /* See if we recognise the key derivation function */
-
-    if (OBJ_obj2nid(pbe2->keyfunc->algorithm) != NID_id_pbkdf2) {
+    if (!EVP_PBE_find(EVP_PBE_TYPE_KDF, OBJ_obj2nid(pbe2->keyfunc->algorithm),
+                        NULL, NULL, &kdf)) {
         EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
                EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION);
         goto err;
@@ -239,8 +179,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
         EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_CIPHER_PARAMETER_ERROR);
         goto err;
     }
-    rv = PKCS5_v2_PBKDF2_keyivgen(ctx, pass, passlen,
-                                  pbe2->keyfunc->parameter, c, md, en_de);
+    rv = kdf(ctx, pass, passlen, pbe2->keyfunc->parameter, NULL, NULL, en_de);
  err:
     PBE2PARAM_free(pbe2);
     return rv;
@@ -251,8 +190,7 @@ int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass,
                              const EVP_CIPHER *c, const EVP_MD *md, int en_de)
 {
     unsigned char *salt, key[EVP_MAX_KEY_LENGTH];
-    const unsigned char *pbuf;
-    int saltlen, iter, plen;
+    int saltlen, iter;
     int rv = 0;
     unsigned int keylen = 0;
     int prf_nid, hmac_md_nid;
@@ -268,15 +206,9 @@ int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass,
 
     /* Decode parameter */
 
-    if (!param || (param->type != V_ASN1_SEQUENCE)) {
-        EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_DECODE_ERROR);
-        goto err;
-    }
-
-    pbuf = param->value.sequence->data;
-    plen = param->value.sequence->length;
+    kdf = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBKDF2PARAM), param);
 
-    if (!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen))) {
+    if (kdf == NULL) {
         EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_DECODE_ERROR);
         goto err;
     }
@@ -325,7 +257,7 @@ int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass,
     return rv;
 }
 
-# ifdef DEBUG_PKCS5V2
+# ifdef OPENSSL_DEBUG_PKCS5V2
 static void h__dump(const unsigned char *p, int len)
 {
     for (; len--; p++)
@@ -333,4 +265,3 @@ static void h__dump(const unsigned char *p, int len)
     fprintf(stderr, "\n");
 }
 # endif
-#endif
diff --git a/freebsd/crypto/openssl/crypto/evp/p_dec.c b/freebsd/crypto/openssl/crypto/evp/p_dec.c
index 673bd08f..9f43c716 100644
--- a/freebsd/crypto/openssl/crypto/evp/p_dec.c
+++ b/freebsd/crypto/openssl/crypto/evp/p_dec.c
@@ -1,69 +1,17 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/evp/p_dec.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/rand.h>
-#ifndef OPENSSL_NO_RSA
-# include <openssl/rsa.h>
-#endif
+#include "internal/cryptlib.h"
+#include <openssl/rsa.h>
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
@@ -74,7 +22,7 @@ int EVP_PKEY_decrypt_old(unsigned char *key, const unsigned char *ek, int ekl,
     int ret = -1;
 
 #ifndef OPENSSL_NO_RSA
-    if (priv->type != EVP_PKEY_RSA) {
+    if (EVP_PKEY_id(priv) != EVP_PKEY_RSA) {
 #endif
         EVPerr(EVP_F_EVP_PKEY_DECRYPT_OLD, EVP_R_PUBLIC_KEY_NOT_RSA);
 #ifndef OPENSSL_NO_RSA
@@ -82,8 +30,9 @@ int EVP_PKEY_decrypt_old(unsigned char *key, const unsigned char *ek, int ekl,
     }
 
     ret =
-        RSA_private_decrypt(ekl, ek, key, priv->pkey.rsa, RSA_PKCS1_PADDING);
+        RSA_private_decrypt(ekl, ek, key, EVP_PKEY_get0_RSA(priv),
+                            RSA_PKCS1_PADDING);
  err:
 #endif
-    return (ret);
+    return ret;
 }
diff --git a/freebsd/crypto/openssl/crypto/evp/p_enc.c b/freebsd/crypto/openssl/crypto/evp/p_enc.c
index 62b9d0b8..8d24952b 100644
--- a/freebsd/crypto/openssl/crypto/evp/p_enc.c
+++ b/freebsd/crypto/openssl/crypto/evp/p_enc.c
@@ -1,69 +1,17 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/evp/p_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/rand.h>
-#ifndef OPENSSL_NO_RSA
-# include <openssl/rsa.h>
-#endif
+#include "internal/cryptlib.h"
+#include <openssl/rsa.h>
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
@@ -74,16 +22,16 @@ int EVP_PKEY_encrypt_old(unsigned char *ek, const unsigned char *key,
     int ret = 0;
 
 #ifndef OPENSSL_NO_RSA
-    if (pubk->type != EVP_PKEY_RSA) {
+    if (EVP_PKEY_id(pubk) != EVP_PKEY_RSA) {
 #endif
         EVPerr(EVP_F_EVP_PKEY_ENCRYPT_OLD, EVP_R_PUBLIC_KEY_NOT_RSA);
 #ifndef OPENSSL_NO_RSA
         goto err;
     }
     ret =
-        RSA_public_encrypt(key_len, key, ek, pubk->pkey.rsa,
+        RSA_public_encrypt(key_len, key, ek, EVP_PKEY_get0_RSA(pubk),
                            RSA_PKCS1_PADDING);
  err:
 #endif
-    return (ret);
+    return ret;
 }
diff --git a/freebsd/crypto/openssl/crypto/evp/p_lib.c b/freebsd/crypto/openssl/crypto/evp/p_lib.c
index 29a4cce2..59c37820 100644
--- a/freebsd/crypto/openssl/crypto/evp/p_lib.c
+++ b/freebsd/crypto/openssl/crypto/evp/p_lib.c
@@ -1,96 +1,49 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/evp/p_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
+#include "internal/refcount.h"
 #include <openssl/bn.h>
 #include <openssl/err.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
-#include <openssl/asn1_mac.h>
 #include <openssl/x509.h>
-#ifndef OPENSSL_NO_RSA
-# include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-# include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-# include <openssl/dh.h>
-#endif
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/dh.h>
+#include <openssl/cmac.h>
+#include <openssl/engine.h>
 
-#ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
-#endif
-
-#include "asn1_locl.h"
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
 
 static void EVP_PKEY_free_it(EVP_PKEY *x);
 
-int EVP_PKEY_bits(EVP_PKEY *pkey)
+int EVP_PKEY_bits(const EVP_PKEY *pkey)
 {
     if (pkey && pkey->ameth && pkey->ameth->pkey_bits)
         return pkey->ameth->pkey_bits(pkey);
     return 0;
 }
 
+int EVP_PKEY_security_bits(const EVP_PKEY *pkey)
+{
+    if (pkey == NULL)
+        return 0;
+    if (!pkey->ameth || !pkey->ameth->pkey_security_bits)
+        return -2;
+    return pkey->ameth->pkey_security_bits(pkey);
+}
+
 int EVP_PKEY_size(EVP_PKEY *pkey)
 {
     if (pkey && pkey->ameth && pkey->ameth->pkey_size)
@@ -106,7 +59,7 @@ int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode)
 
         if (mode >= 0)
             pkey->save_parameters = mode;
-        return (ret);
+        return ret;
     }
 #endif
 #ifndef OPENSSL_NO_EC
@@ -115,15 +68,18 @@ int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode)
 
         if (mode >= 0)
             pkey->save_parameters = mode;
-        return (ret);
+        return ret;
     }
 #endif
-    return (0);
+    return 0;
 }
 
 int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
 {
-    if (to->type != from->type) {
+    if (to->type == EVP_PKEY_NONE) {
+        if (EVP_PKEY_set_type(to, from->type) == 0)
+            return 0;
+    } else if (to->type != from->type) {
         EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_DIFFERENT_KEY_TYPES);
         goto err;
     }
@@ -185,22 +141,35 @@ int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
 
 EVP_PKEY *EVP_PKEY_new(void)
 {
-    EVP_PKEY *ret;
+    EVP_PKEY *ret = OPENSSL_zalloc(sizeof(*ret));
 
-    ret = (EVP_PKEY *)OPENSSL_malloc(sizeof(EVP_PKEY));
     if (ret == NULL) {
         EVPerr(EVP_F_EVP_PKEY_NEW, ERR_R_MALLOC_FAILURE);
-        return (NULL);
+        return NULL;
     }
     ret->type = EVP_PKEY_NONE;
     ret->save_type = EVP_PKEY_NONE;
     ret->references = 1;
-    ret->ameth = NULL;
-    ret->engine = NULL;
-    ret->pkey.ptr = NULL;
-    ret->attributes = NULL;
     ret->save_parameters = 1;
-    return (ret);
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_NEW, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+int EVP_PKEY_up_ref(EVP_PKEY *pkey)
+{
+    int i;
+
+    if (CRYPTO_UP_REF(&pkey->references, &i, pkey->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("EVP_PKEY", pkey);
+    REF_ASSERT_ISNT(i < 2);
+    return ((i > 1) ? 1 : 0);
 }
 
 /*
@@ -208,10 +177,12 @@ EVP_PKEY *EVP_PKEY_new(void)
  * is NULL just return 1 or 0 if the algorithm exists.
  */
 
-static int pkey_set_type(EVP_PKEY *pkey, int type, const char *str, int len)
+static int pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str,
+                         int len)
 {
     const EVP_PKEY_ASN1_METHOD *ameth;
-    ENGINE *e = NULL;
+    ENGINE **eptr = (e == NULL) ? &e :  NULL;
+
     if (pkey) {
         if (pkey->pkey.ptr)
             EVP_PKEY_free_it(pkey);
@@ -222,22 +193,22 @@ static int pkey_set_type(EVP_PKEY *pkey, int type, const char *str, int len)
         if ((type == pkey->save_type) && pkey->ameth)
             return 1;
 #ifndef OPENSSL_NO_ENGINE
-        /* If we have an ENGINE release it */
-        if (pkey->engine) {
-            ENGINE_finish(pkey->engine);
-            pkey->engine = NULL;
-        }
+        /* If we have ENGINEs release them */
+        ENGINE_finish(pkey->engine);
+        pkey->engine = NULL;
+        ENGINE_finish(pkey->pmeth_engine);
+        pkey->pmeth_engine = NULL;
 #endif
     }
     if (str)
-        ameth = EVP_PKEY_asn1_find_str(&e, str, len);
+        ameth = EVP_PKEY_asn1_find_str(eptr, str, len);
     else
-        ameth = EVP_PKEY_asn1_find(&e, type);
+        ameth = EVP_PKEY_asn1_find(eptr, type);
 #ifndef OPENSSL_NO_ENGINE
-    if (!pkey && e)
+    if (pkey == NULL && eptr != NULL)
         ENGINE_finish(e);
 #endif
-    if (!ameth) {
+    if (ameth == NULL) {
         EVPerr(EVP_F_PKEY_SET_TYPE, EVP_R_UNSUPPORTED_ALGORITHM);
         return 0;
     }
@@ -251,16 +222,181 @@ static int pkey_set_type(EVP_PKEY *pkey, int type, const char *str, int len)
     return 1;
 }
 
+EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e,
+                                       const unsigned char *priv,
+                                       size_t len)
+{
+    EVP_PKEY *ret = EVP_PKEY_new();
+
+    if (ret == NULL
+            || !pkey_set_type(ret, e, type, NULL, -1)) {
+        /* EVPerr already called */
+        goto err;
+    }
+
+    if (ret->ameth->set_priv_key == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        goto err;
+    }
+
+    if (!ret->ameth->set_priv_key(ret, priv, len)) {
+        EVPerr(EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY, EVP_R_KEY_SETUP_FAILED);
+        goto err;
+    }
+
+    return ret;
+
+ err:
+    EVP_PKEY_free(ret);
+    return NULL;
+}
+
+EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e,
+                                      const unsigned char *pub,
+                                      size_t len)
+{
+    EVP_PKEY *ret = EVP_PKEY_new();
+
+    if (ret == NULL
+            || !pkey_set_type(ret, e, type, NULL, -1)) {
+        /* EVPerr already called */
+        goto err;
+    }
+
+    if (ret->ameth->set_pub_key == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_NEW_RAW_PUBLIC_KEY,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        goto err;
+    }
+
+    if (!ret->ameth->set_pub_key(ret, pub, len)) {
+        EVPerr(EVP_F_EVP_PKEY_NEW_RAW_PUBLIC_KEY, EVP_R_KEY_SETUP_FAILED);
+        goto err;
+    }
+
+    return ret;
+
+ err:
+    EVP_PKEY_free(ret);
+    return NULL;
+}
+
+int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey, unsigned char *priv,
+                                 size_t *len)
+{
+     if (pkey->ameth->get_priv_key == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_GET_RAW_PRIVATE_KEY,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return 0;
+    }
+
+    if (!pkey->ameth->get_priv_key(pkey, priv, len)) {
+        EVPerr(EVP_F_EVP_PKEY_GET_RAW_PRIVATE_KEY, EVP_R_GET_RAW_KEY_FAILED);
+        return 0;
+    }
+
+    return 1;
+}
+
+int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, unsigned char *pub,
+                                size_t *len)
+{
+     if (pkey->ameth->get_pub_key == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_GET_RAW_PUBLIC_KEY,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return 0;
+    }
+
+    if (!pkey->ameth->get_pub_key(pkey, pub, len)) {
+        EVPerr(EVP_F_EVP_PKEY_GET_RAW_PUBLIC_KEY, EVP_R_GET_RAW_KEY_FAILED);
+        return 0;
+    }
+
+    return 1;
+}
+
+EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv,
+                                size_t len, const EVP_CIPHER *cipher)
+{
+#ifndef OPENSSL_NO_CMAC
+    EVP_PKEY *ret = EVP_PKEY_new();
+    CMAC_CTX *cmctx = CMAC_CTX_new();
+
+    if (ret == NULL
+            || cmctx == NULL
+            || !pkey_set_type(ret, e, EVP_PKEY_CMAC, NULL, -1)) {
+        /* EVPerr already called */
+        goto err;
+    }
+
+    if (!CMAC_Init(cmctx, priv, len, cipher, e)) {
+        EVPerr(EVP_F_EVP_PKEY_NEW_CMAC_KEY, EVP_R_KEY_SETUP_FAILED);
+        goto err;
+    }
+
+    ret->pkey.ptr = cmctx;
+    return ret;
+
+ err:
+    EVP_PKEY_free(ret);
+    CMAC_CTX_free(cmctx);
+    return NULL;
+#else
+    EVPerr(EVP_F_EVP_PKEY_NEW_CMAC_KEY,
+           EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+    return NULL;
+#endif
+}
+
 int EVP_PKEY_set_type(EVP_PKEY *pkey, int type)
 {
-    return pkey_set_type(pkey, type, NULL, -1);
+    return pkey_set_type(pkey, NULL, type, NULL, -1);
 }
 
 int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len)
 {
-    return pkey_set_type(pkey, EVP_PKEY_NONE, str, len);
+    return pkey_set_type(pkey, NULL, EVP_PKEY_NONE, str, len);
 }
 
+int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type)
+{
+    if (pkey->type == type) {
+        return 1; /* it already is that type */
+    }
+
+    /*
+     * The application is requesting to alias this to a different pkey type,
+     * but not one that resolves to the base type.
+     */
+    if (EVP_PKEY_type(type) != EVP_PKEY_base_id(pkey)) {
+        EVPerr(EVP_F_EVP_PKEY_SET_ALIAS_TYPE, EVP_R_UNSUPPORTED_ALGORITHM);
+        return 0;
+    }
+
+    pkey->type = type;
+    return 1;
+}
+
+#ifndef OPENSSL_NO_ENGINE
+int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *e)
+{
+    if (e != NULL) {
+        if (!ENGINE_init(e)) {
+            EVPerr(EVP_F_EVP_PKEY_SET1_ENGINE, ERR_R_ENGINE_LIB);
+            return 0;
+        }
+        if (ENGINE_get_pkey_meth(e, pkey->type) == NULL) {
+            ENGINE_finish(e);
+            EVPerr(EVP_F_EVP_PKEY_SET1_ENGINE, EVP_R_UNSUPPORTED_ALGORITHM);
+            return 0;
+        }
+    }
+    ENGINE_finish(pkey->pmeth_engine);
+    pkey->pmeth_engine = e;
+    return 1;
+}
+#endif
 int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key)
 {
     if (pkey == NULL || !EVP_PKEY_set_type(pkey, type))
@@ -269,11 +405,52 @@ int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key)
     return (key != NULL);
 }
 
-void *EVP_PKEY_get0(EVP_PKEY *pkey)
+void *EVP_PKEY_get0(const EVP_PKEY *pkey)
 {
     return pkey->pkey.ptr;
 }
 
+const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len)
+{
+    ASN1_OCTET_STRING *os = NULL;
+    if (pkey->type != EVP_PKEY_HMAC) {
+        EVPerr(EVP_F_EVP_PKEY_GET0_HMAC, EVP_R_EXPECTING_AN_HMAC_KEY);
+        return NULL;
+    }
+    os = EVP_PKEY_get0(pkey);
+    *len = os->length;
+    return os->data;
+}
+
+#ifndef OPENSSL_NO_POLY1305
+const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len)
+{
+    ASN1_OCTET_STRING *os = NULL;
+    if (pkey->type != EVP_PKEY_POLY1305) {
+        EVPerr(EVP_F_EVP_PKEY_GET0_POLY1305, EVP_R_EXPECTING_A_POLY1305_KEY);
+        return NULL;
+    }
+    os = EVP_PKEY_get0(pkey);
+    *len = os->length;
+    return os->data;
+}
+#endif
+
+#ifndef OPENSSL_NO_SIPHASH
+const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len)
+{
+    ASN1_OCTET_STRING *os = NULL;
+
+    if (pkey->type != EVP_PKEY_SIPHASH) {
+        EVPerr(EVP_F_EVP_PKEY_GET0_SIPHASH, EVP_R_EXPECTING_A_SIPHASH_KEY);
+        return NULL;
+    }
+    os = EVP_PKEY_get0(pkey);
+    *len = os->length;
+    return os->data;
+}
+#endif
+
 #ifndef OPENSSL_NO_RSA
 int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key)
 {
@@ -283,15 +460,22 @@ int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key)
     return ret;
 }
 
-RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey)
+RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
 {
     if (pkey->type != EVP_PKEY_RSA) {
-        EVPerr(EVP_F_EVP_PKEY_GET1_RSA, EVP_R_EXPECTING_AN_RSA_KEY);
+        EVPerr(EVP_F_EVP_PKEY_GET0_RSA, EVP_R_EXPECTING_AN_RSA_KEY);
         return NULL;
     }
-    RSA_up_ref(pkey->pkey.rsa);
     return pkey->pkey.rsa;
 }
+
+RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey)
+{
+    RSA *ret = EVP_PKEY_get0_RSA(pkey);
+    if (ret != NULL)
+        RSA_up_ref(ret);
+    return ret;
+}
 #endif
 
 #ifndef OPENSSL_NO_DSA
@@ -303,15 +487,22 @@ int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key)
     return ret;
 }
 
-DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey)
+DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey)
 {
     if (pkey->type != EVP_PKEY_DSA) {
-        EVPerr(EVP_F_EVP_PKEY_GET1_DSA, EVP_R_EXPECTING_A_DSA_KEY);
+        EVPerr(EVP_F_EVP_PKEY_GET0_DSA, EVP_R_EXPECTING_A_DSA_KEY);
         return NULL;
     }
-    DSA_up_ref(pkey->pkey.dsa);
     return pkey->pkey.dsa;
 }
+
+DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey)
+{
+    DSA *ret = EVP_PKEY_get0_DSA(pkey);
+    if (ret != NULL)
+        DSA_up_ref(ret);
+    return ret;
+}
 #endif
 
 #ifndef OPENSSL_NO_EC
@@ -324,15 +515,22 @@ int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key)
     return ret;
 }
 
-EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey)
+EC_KEY *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey)
 {
     if (pkey->type != EVP_PKEY_EC) {
-        EVPerr(EVP_F_EVP_PKEY_GET1_EC_KEY, EVP_R_EXPECTING_A_EC_KEY);
+        EVPerr(EVP_F_EVP_PKEY_GET0_EC_KEY, EVP_R_EXPECTING_A_EC_KEY);
         return NULL;
     }
-    EC_KEY_up_ref(pkey->pkey.ec);
     return pkey->pkey.ec;
 }
+
+EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey)
+{
+    EC_KEY *ret = EVP_PKEY_get0_EC_KEY(pkey);
+    if (ret != NULL)
+        EC_KEY_up_ref(ret);
+    return ret;
+}
 #endif
 
 #ifndef OPENSSL_NO_DH
@@ -345,15 +543,22 @@ int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
     return ret;
 }
 
-DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey)
+DH *EVP_PKEY_get0_DH(EVP_PKEY *pkey)
 {
     if (pkey->type != EVP_PKEY_DH && pkey->type != EVP_PKEY_DHX) {
-        EVPerr(EVP_F_EVP_PKEY_GET1_DH, EVP_R_EXPECTING_A_DH_KEY);
+        EVPerr(EVP_F_EVP_PKEY_GET0_DH, EVP_R_EXPECTING_A_DH_KEY);
         return NULL;
     }
-    DH_up_ref(pkey->pkey.dh);
     return pkey->pkey.dh;
 }
+
+DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey)
+{
+    DH *ret = EVP_PKEY_get0_DH(pkey);
+    if (ret != NULL)
+        DH_up_ref(ret);
+    return ret;
+}
 #endif
 
 int EVP_PKEY_type(int type)
@@ -367,8 +572,7 @@ int EVP_PKEY_type(int type)
     else
         ret = NID_undef;
 #ifndef OPENSSL_NO_ENGINE
-    if (e)
-        ENGINE_finish(e);
+    ENGINE_finish(e);
 #endif
     return ret;
 }
@@ -390,35 +594,29 @@ void EVP_PKEY_free(EVP_PKEY *x)
     if (x == NULL)
         return;
 
-    i = CRYPTO_add(&x->references, -1, CRYPTO_LOCK_EVP_PKEY);
-#ifdef REF_PRINT
-    REF_PRINT("EVP_PKEY", x);
-#endif
+    CRYPTO_DOWN_REF(&x->references, &i, x->lock);
+    REF_PRINT_COUNT("EVP_PKEY", x);
     if (i > 0)
         return;
-#ifdef REF_CHECK
-    if (i < 0) {
-        fprintf(stderr, "EVP_PKEY_free, bad reference count\n");
-        abort();
-    }
-#endif
+    REF_ASSERT_ISNT(i < 0);
     EVP_PKEY_free_it(x);
-    if (x->attributes)
-        sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free);
+    CRYPTO_THREAD_lock_free(x->lock);
+    sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free);
     OPENSSL_free(x);
 }
 
 static void EVP_PKEY_free_it(EVP_PKEY *x)
 {
+    /* internal function; x is never NULL */
     if (x->ameth && x->ameth->pkey_free) {
         x->ameth->pkey_free(x);
         x->pkey.ptr = NULL;
     }
 #ifndef OPENSSL_NO_ENGINE
-    if (x->engine) {
-        ENGINE_finish(x->engine);
-        x->engine = NULL;
-    }
+    ENGINE_finish(x->engine);
+    x->engine = NULL;
+    ENGINE_finish(x->pmeth_engine);
+    x->pmeth_engine = NULL;
 #endif
 }
 
@@ -457,10 +655,34 @@ int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey,
     return unsup_alg(out, pkey, indent, "Parameters");
 }
 
-int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid)
+static int evp_pkey_asn1_ctrl(EVP_PKEY *pkey, int op, int arg1, void *arg2)
 {
-    if (!pkey->ameth || !pkey->ameth->pkey_ctrl)
+    if (pkey->ameth == NULL || pkey->ameth->pkey_ctrl == NULL)
         return -2;
-    return pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_DEFAULT_MD_NID,
-                                  0, pnid);
+    return pkey->ameth->pkey_ctrl(pkey, op, arg1, arg2);
+}
+
+int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid)
+{
+    return evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_DEFAULT_MD_NID, 0, pnid);
+}
+
+int EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY *pkey,
+                               const unsigned char *pt, size_t ptlen)
+{
+    if (ptlen > INT_MAX)
+        return 0;
+    if (evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_SET1_TLS_ENCPT, ptlen,
+                           (void *)pt) <= 0)
+        return 0;
+    return 1;
+}
+
+size_t EVP_PKEY_get1_tls_encodedpoint(EVP_PKEY *pkey, unsigned char **ppt)
+{
+    int rv;
+    rv = evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_GET1_TLS_ENCPT, 0, ppt);
+    if (rv <= 0)
+        return 0;
+    return rv;
 }
diff --git a/freebsd/crypto/openssl/crypto/evp/p_open.c b/freebsd/crypto/openssl/crypto/evp/p_open.c
index 6fe5ed3f..8d558e9a 100644
--- a/freebsd/crypto/openssl/crypto/evp/p_open.c
+++ b/freebsd/crypto/openssl/crypto/evp/p_open.c
@@ -1,68 +1,20 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/evp/p_open.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
-#include "cryptlib.h"
-
-#ifndef OPENSSL_NO_RSA
+#include "internal/cryptlib.h"
+#ifdef OPENSSL_NO_RSA
+NON_EMPTY_TRANSLATION_UNIT
+#else
 
+# include <stdio.h>
 # include <openssl/evp.h>
 # include <openssl/objects.h>
 # include <openssl/x509.h>
@@ -76,7 +28,7 @@ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
     int i, size = 0, ret = 0;
 
     if (type) {
-        EVP_CIPHER_CTX_init(ctx);
+        EVP_CIPHER_CTX_reset(ctx);
         if (!EVP_DecryptInit_ex(ctx, type, NULL, NULL, NULL))
             return 0;
     }
@@ -84,13 +36,13 @@ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
     if (!priv)
         return 1;
 
-    if (priv->type != EVP_PKEY_RSA) {
+    if (EVP_PKEY_id(priv) != EVP_PKEY_RSA) {
         EVPerr(EVP_F_EVP_OPENINIT, EVP_R_PUBLIC_KEY_NOT_RSA);
         goto err;
     }
 
-    size = RSA_size(priv->pkey.rsa);
-    key = (unsigned char *)OPENSSL_malloc(size + 2);
+    size = EVP_PKEY_size(priv);
+    key = OPENSSL_malloc(size + 2);
     if (key == NULL) {
         /* ERROR */
         EVPerr(EVP_F_EVP_OPENINIT, ERR_R_MALLOC_FAILURE);
@@ -107,10 +59,8 @@ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
 
     ret = 1;
  err:
-    if (key != NULL)
-        OPENSSL_cleanse(key, size);
-    OPENSSL_free(key);
-    return (ret);
+    OPENSSL_clear_free(key, size);
+    return ret;
 }
 
 int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
@@ -120,12 +70,6 @@ int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
     i = EVP_DecryptFinal_ex(ctx, out, outl);
     if (i)
         i = EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, NULL);
-    return (i);
+    return i;
 }
-#else                           /* !OPENSSL_NO_RSA */
-
-# ifdef PEDANTIC
-static void *dummy = &dummy;
-# endif
-
 #endif
diff --git a/freebsd/crypto/openssl/crypto/evp/p_seal.c b/freebsd/crypto/openssl/crypto/evp/p_seal.c
index 74765433..35f8385c 100644
--- a/freebsd/crypto/openssl/crypto/evp/p_seal.c
+++ b/freebsd/crypto/openssl/crypto/evp/p_seal.c
@@ -1,69 +1,18 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/evp/p_seal.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/rand.h>
-#ifndef OPENSSL_NO_RSA
-# include <openssl/rsa.h>
-#endif
+#include <openssl/rsa.h>
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
@@ -74,9 +23,10 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
 {
     unsigned char key[EVP_MAX_KEY_LENGTH];
     int i;
+    int rv = 0;
 
     if (type) {
-        EVP_CIPHER_CTX_init(ctx);
+        EVP_CIPHER_CTX_reset(ctx);
         if (!EVP_EncryptInit_ex(ctx, type, NULL, NULL, NULL))
             return 0;
     }
@@ -84,35 +34,29 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
         return 1;
     if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
         return 0;
+
     if (EVP_CIPHER_CTX_iv_length(ctx)
-        && RAND_bytes(iv, EVP_CIPHER_CTX_iv_length(ctx)) <= 0)
-        return 0;
+            && RAND_bytes(iv, EVP_CIPHER_CTX_iv_length(ctx)) <= 0)
+        goto err;
 
     if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
-        return 0;
+        goto err;
 
     for (i = 0; i < npubk; i++) {
         ekl[i] =
             EVP_PKEY_encrypt_old(ek[i], key, EVP_CIPHER_CTX_key_length(ctx),
                                  pubk[i]);
-        if (ekl[i] <= 0)
-            return (-1);
+        if (ekl[i] <= 0) {
+            rv = -1;
+            goto err;
+        }
     }
-    return (npubk);
+    rv = npubk;
+err:
+    OPENSSL_cleanse(key, sizeof(key));
+    return rv;
 }
 
-/*- MACRO
-void EVP_SealUpdate(ctx,out,outl,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-int *outl;
-unsigned char *in;
-int inl;
-        {
-        EVP_EncryptUpdate(ctx,out,outl,in,inl);
-        }
-*/
-
 int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 {
     int i;
diff --git a/freebsd/crypto/openssl/crypto/evp/p_sign.c b/freebsd/crypto/openssl/crypto/evp/p_sign.c
index 7fa2a26c..113da6d5 100644
--- a/freebsd/crypto/openssl/crypto/evp/p_sign.c
+++ b/freebsd/crypto/openssl/crypto/evp/p_sign.c
@@ -1,135 +1,63 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/evp/p_sign.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
-
-#ifdef undef
-void EVP_SignInit(EVP_MD_CTX *ctx, EVP_MD *type)
-{
-    EVP_DigestInit_ex(ctx, type);
-}
-
-void EVP_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data, unsigned int count)
-{
-    EVP_DigestUpdate(ctx, data, count);
-}
-#endif
+#include "internal/evp_int.h"
 
 int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
                   unsigned int *siglen, EVP_PKEY *pkey)
 {
     unsigned char m[EVP_MAX_MD_SIZE];
-    unsigned int m_len;
-    int i = 0, ok = 0, v;
-    EVP_MD_CTX tmp_ctx;
+    unsigned int m_len = 0;
+    int i = 0;
+    size_t sltmp;
     EVP_PKEY_CTX *pkctx = NULL;
 
     *siglen = 0;
-    EVP_MD_CTX_init(&tmp_ctx);
-    if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx))
-        goto err;
-    if (!EVP_DigestFinal_ex(&tmp_ctx, &(m[0]), &m_len))
-        goto err;
-    EVP_MD_CTX_cleanup(&tmp_ctx);
-
-    if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) {
-        size_t sltmp = (size_t)EVP_PKEY_size(pkey);
-        i = 0;
-        pkctx = EVP_PKEY_CTX_new(pkey, NULL);
-        if (!pkctx)
+    if (EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_FINALISE)) {
+        if (!EVP_DigestFinal_ex(ctx, m, &m_len))
             goto err;
-        if (EVP_PKEY_sign_init(pkctx) <= 0)
-            goto err;
-        if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0)
-            goto err;
-        if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0)
-            goto err;
-        *siglen = sltmp;
-        i = 1;
- err:
-        EVP_PKEY_CTX_free(pkctx);
-        return i;
-    }
-
-    for (i = 0; i < 4; i++) {
-        v = ctx->digest->required_pkey_type[i];
-        if (v == 0)
-            break;
-        if (pkey->type == v) {
-            ok = 1;
-            break;
+    } else {
+        int rv = 0;
+        EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new();
+        if (tmp_ctx == NULL) {
+            EVPerr(EVP_F_EVP_SIGNFINAL, ERR_R_MALLOC_FAILURE);
+            return 0;
         }
-    }
-    if (!ok) {
-        EVPerr(EVP_F_EVP_SIGNFINAL, EVP_R_WRONG_PUBLIC_KEY_TYPE);
-        return (0);
+        rv = EVP_MD_CTX_copy_ex(tmp_ctx, ctx);
+        if (rv)
+            rv = EVP_DigestFinal_ex(tmp_ctx, m, &m_len);
+        EVP_MD_CTX_free(tmp_ctx);
+        if (!rv)
+            return 0;
     }
 
-    if (ctx->digest->sign == NULL) {
-        EVPerr(EVP_F_EVP_SIGNFINAL, EVP_R_NO_SIGN_FUNCTION_CONFIGURED);
-        return (0);
-    }
-    return (ctx->digest->sign(ctx->digest->type, m, m_len, sigret, siglen,
-                              pkey->pkey.ptr));
+    sltmp = (size_t)EVP_PKEY_size(pkey);
+    i = 0;
+    pkctx = EVP_PKEY_CTX_new(pkey, NULL);
+    if (pkctx == NULL)
+        goto err;
+    if (EVP_PKEY_sign_init(pkctx) <= 0)
+        goto err;
+    if (EVP_PKEY_CTX_set_signature_md(pkctx, EVP_MD_CTX_md(ctx)) <= 0)
+        goto err;
+    if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0)
+        goto err;
+    *siglen = sltmp;
+    i = 1;
+ err:
+    EVP_PKEY_CTX_free(pkctx);
+    return i;
 }
diff --git a/freebsd/crypto/openssl/crypto/evp/p_verify.c b/freebsd/crypto/openssl/crypto/evp/p_verify.c
index d51e6b63..a5f62586 100644
--- a/freebsd/crypto/openssl/crypto/evp/p_verify.c
+++ b/freebsd/crypto/openssl/crypto/evp/p_verify.c
@@ -1,118 +1,57 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/evp/p_verify.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
+#include "internal/evp_int.h"
 
 int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
                     unsigned int siglen, EVP_PKEY *pkey)
 {
     unsigned char m[EVP_MAX_MD_SIZE];
-    unsigned int m_len;
-    int i = 0, ok = 0, v;
-    EVP_MD_CTX tmp_ctx;
+    unsigned int m_len = 0;
+    int i = 0;
     EVP_PKEY_CTX *pkctx = NULL;
 
-    EVP_MD_CTX_init(&tmp_ctx);
-    if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx))
-        goto err;
-    if (!EVP_DigestFinal_ex(&tmp_ctx, &(m[0]), &m_len))
-        goto err;
-    EVP_MD_CTX_cleanup(&tmp_ctx);
-
-    if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) {
-        i = -1;
-        pkctx = EVP_PKEY_CTX_new(pkey, NULL);
-        if (!pkctx)
-            goto err;
-        if (EVP_PKEY_verify_init(pkctx) <= 0)
-            goto err;
-        if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0)
+    if (EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_FINALISE)) {
+        if (!EVP_DigestFinal_ex(ctx, m, &m_len))
             goto err;
-        i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len);
- err:
-        EVP_PKEY_CTX_free(pkctx);
-        return i;
-    }
-
-    for (i = 0; i < 4; i++) {
-        v = ctx->digest->required_pkey_type[i];
-        if (v == 0)
-            break;
-        if (pkey->type == v) {
-            ok = 1;
-            break;
+    } else {
+        int rv = 0;
+        EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new();
+        if (tmp_ctx == NULL) {
+            EVPerr(EVP_F_EVP_VERIFYFINAL, ERR_R_MALLOC_FAILURE);
+            return 0;
         }
-    }
-    if (!ok) {
-        EVPerr(EVP_F_EVP_VERIFYFINAL, EVP_R_WRONG_PUBLIC_KEY_TYPE);
-        return (-1);
-    }
-    if (ctx->digest->verify == NULL) {
-        EVPerr(EVP_F_EVP_VERIFYFINAL, EVP_R_NO_VERIFY_FUNCTION_CONFIGURED);
-        return (0);
+        rv = EVP_MD_CTX_copy_ex(tmp_ctx, ctx);
+        if (rv)
+            rv = EVP_DigestFinal_ex(tmp_ctx, m, &m_len);
+        EVP_MD_CTX_free(tmp_ctx);
+        if (!rv)
+            return 0;
     }
 
-    return (ctx->digest->verify(ctx->digest->type, m, m_len,
-                                sigbuf, siglen, pkey->pkey.ptr));
+    i = -1;
+    pkctx = EVP_PKEY_CTX_new(pkey, NULL);
+    if (pkctx == NULL)
+        goto err;
+    if (EVP_PKEY_verify_init(pkctx) <= 0)
+        goto err;
+    if (EVP_PKEY_CTX_set_signature_md(pkctx, EVP_MD_CTX_md(ctx)) <= 0)
+        goto err;
+    i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len);
+ err:
+    EVP_PKEY_CTX_free(pkctx);
+    return i;
 }
diff --git a/freebsd/crypto/openssl/crypto/evp/pbe_scrypt.c b/freebsd/crypto/openssl/crypto/evp/pbe_scrypt.c
new file mode 100644
index 00000000..a63b2876
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/evp/pbe_scrypt.c
@@ -0,0 +1,268 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stddef.h>
+#include <stdio.h>
+#include <string.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include "internal/numbers.h"
+
+#ifndef OPENSSL_NO_SCRYPT
+
+#define R(a,b) (((a) << (b)) | ((a) >> (32 - (b))))
+static void salsa208_word_specification(uint32_t inout[16])
+{
+    int i;
+    uint32_t x[16];
+    memcpy(x, inout, sizeof(x));
+    for (i = 8; i > 0; i -= 2) {
+        x[4] ^= R(x[0] + x[12], 7);
+        x[8] ^= R(x[4] + x[0], 9);
+        x[12] ^= R(x[8] + x[4], 13);
+        x[0] ^= R(x[12] + x[8], 18);
+        x[9] ^= R(x[5] + x[1], 7);
+        x[13] ^= R(x[9] + x[5], 9);
+        x[1] ^= R(x[13] + x[9], 13);
+        x[5] ^= R(x[1] + x[13], 18);
+        x[14] ^= R(x[10] + x[6], 7);
+        x[2] ^= R(x[14] + x[10], 9);
+        x[6] ^= R(x[2] + x[14], 13);
+        x[10] ^= R(x[6] + x[2], 18);
+        x[3] ^= R(x[15] + x[11], 7);
+        x[7] ^= R(x[3] + x[15], 9);
+        x[11] ^= R(x[7] + x[3], 13);
+        x[15] ^= R(x[11] + x[7], 18);
+        x[1] ^= R(x[0] + x[3], 7);
+        x[2] ^= R(x[1] + x[0], 9);
+        x[3] ^= R(x[2] + x[1], 13);
+        x[0] ^= R(x[3] + x[2], 18);
+        x[6] ^= R(x[5] + x[4], 7);
+        x[7] ^= R(x[6] + x[5], 9);
+        x[4] ^= R(x[7] + x[6], 13);
+        x[5] ^= R(x[4] + x[7], 18);
+        x[11] ^= R(x[10] + x[9], 7);
+        x[8] ^= R(x[11] + x[10], 9);
+        x[9] ^= R(x[8] + x[11], 13);
+        x[10] ^= R(x[9] + x[8], 18);
+        x[12] ^= R(x[15] + x[14], 7);
+        x[13] ^= R(x[12] + x[15], 9);
+        x[14] ^= R(x[13] + x[12], 13);
+        x[15] ^= R(x[14] + x[13], 18);
+    }
+    for (i = 0; i < 16; ++i)
+        inout[i] += x[i];
+    OPENSSL_cleanse(x, sizeof(x));
+}
+
+static void scryptBlockMix(uint32_t *B_, uint32_t *B, uint64_t r)
+{
+    uint64_t i, j;
+    uint32_t X[16], *pB;
+
+    memcpy(X, B + (r * 2 - 1) * 16, sizeof(X));
+    pB = B;
+    for (i = 0; i < r * 2; i++) {
+        for (j = 0; j < 16; j++)
+            X[j] ^= *pB++;
+        salsa208_word_specification(X);
+        memcpy(B_ + (i / 2 + (i & 1) * r) * 16, X, sizeof(X));
+    }
+    OPENSSL_cleanse(X, sizeof(X));
+}
+
+static void scryptROMix(unsigned char *B, uint64_t r, uint64_t N,
+                        uint32_t *X, uint32_t *T, uint32_t *V)
+{
+    unsigned char *pB;
+    uint32_t *pV;
+    uint64_t i, k;
+
+    /* Convert from little endian input */
+    for (pV = V, i = 0, pB = B; i < 32 * r; i++, pV++) {
+        *pV = *pB++;
+        *pV |= *pB++ << 8;
+        *pV |= *pB++ << 16;
+        *pV |= (uint32_t)*pB++ << 24;
+    }
+
+    for (i = 1; i < N; i++, pV += 32 * r)
+        scryptBlockMix(pV, pV - 32 * r, r);
+
+    scryptBlockMix(X, V + (N - 1) * 32 * r, r);
+
+    for (i = 0; i < N; i++) {
+        uint32_t j;
+        j = X[16 * (2 * r - 1)] % N;
+        pV = V + 32 * r * j;
+        for (k = 0; k < 32 * r; k++)
+            T[k] = X[k] ^ *pV++;
+        scryptBlockMix(X, T, r);
+    }
+    /* Convert output to little endian */
+    for (i = 0, pB = B; i < 32 * r; i++) {
+        uint32_t xtmp = X[i];
+        *pB++ = xtmp & 0xff;
+        *pB++ = (xtmp >> 8) & 0xff;
+        *pB++ = (xtmp >> 16) & 0xff;
+        *pB++ = (xtmp >> 24) & 0xff;
+    }
+}
+
+#ifndef SIZE_MAX
+# define SIZE_MAX    ((size_t)-1)
+#endif
+
+/*
+ * Maximum power of two that will fit in uint64_t: this should work on
+ * most (all?) platforms.
+ */
+
+#define LOG2_UINT64_MAX         (sizeof(uint64_t) * 8 - 1)
+
+/*
+ * Maximum value of p * r:
+ * p <= ((2^32-1) * hLen) / MFLen =>
+ * p <= ((2^32-1) * 32) / (128 * r) =>
+ * p * r <= (2^30-1)
+ *
+ */
+
+#define SCRYPT_PR_MAX   ((1 << 30) - 1)
+
+/*
+ * Maximum permitted memory allow this to be overridden with Configuration
+ * option: e.g. -DSCRYPT_MAX_MEM=0 for maximum possible.
+ */
+
+#ifdef SCRYPT_MAX_MEM
+# if SCRYPT_MAX_MEM == 0
+#  undef SCRYPT_MAX_MEM
+/*
+ * Although we could theoretically allocate SIZE_MAX memory that would leave
+ * no memory available for anything else so set limit as half that.
+ */
+#  define SCRYPT_MAX_MEM (SIZE_MAX/2)
+# endif
+#else
+/* Default memory limit: 32 MB */
+# define SCRYPT_MAX_MEM  (1024 * 1024 * 32)
+#endif
+
+int EVP_PBE_scrypt(const char *pass, size_t passlen,
+                   const unsigned char *salt, size_t saltlen,
+                   uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem,
+                   unsigned char *key, size_t keylen)
+{
+    int rv = 0;
+    unsigned char *B;
+    uint32_t *X, *V, *T;
+    uint64_t i, Blen, Vlen;
+
+    /* Sanity check parameters */
+    /* initial check, r,p must be non zero, N >= 2 and a power of 2 */
+    if (r == 0 || p == 0 || N < 2 || (N & (N - 1)))
+        return 0;
+    /* Check p * r < SCRYPT_PR_MAX avoiding overflow */
+    if (p > SCRYPT_PR_MAX / r) {
+        EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);
+        return 0;
+    }
+
+    /*
+     * Need to check N: if 2^(128 * r / 8) overflows limit this is
+     * automatically satisfied since N <= UINT64_MAX.
+     */
+
+    if (16 * r <= LOG2_UINT64_MAX) {
+        if (N >= (((uint64_t)1) << (16 * r))) {
+            EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);
+            return 0;
+        }
+    }
+
+    /* Memory checks: check total allocated buffer size fits in uint64_t */
+
+    /*
+     * B size in section 5 step 1.S
+     * Note: we know p * 128 * r < UINT64_MAX because we already checked
+     * p * r < SCRYPT_PR_MAX
+     */
+    Blen = p * 128 * r;
+    /*
+     * Yet we pass it as integer to PKCS5_PBKDF2_HMAC... [This would
+     * have to be revised when/if PKCS5_PBKDF2_HMAC accepts size_t.]
+     */
+    if (Blen > INT_MAX) {
+        EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);
+        return 0;
+    }
+
+    /*
+     * Check 32 * r * (N + 2) * sizeof(uint32_t) fits in uint64_t
+     * This is combined size V, X and T (section 4)
+     */
+    i = UINT64_MAX / (32 * sizeof(uint32_t));
+    if (N + 2 > i / r) {
+        EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);
+        return 0;
+    }
+    Vlen = 32 * r * (N + 2) * sizeof(uint32_t);
+
+    /* check total allocated size fits in uint64_t */
+    if (Blen > UINT64_MAX - Vlen) {
+        EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);
+        return 0;
+    }
+
+    if (maxmem == 0)
+        maxmem = SCRYPT_MAX_MEM;
+
+    /* Check that the maximum memory doesn't exceed a size_t limits */
+    if (maxmem > SIZE_MAX)
+        maxmem = SIZE_MAX;
+
+    if (Blen + Vlen > maxmem) {
+        EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);
+        return 0;
+    }
+
+    /* If no key return to indicate parameters are OK */
+    if (key == NULL)
+        return 1;
+
+    B = OPENSSL_malloc((size_t)(Blen + Vlen));
+    if (B == NULL) {
+        EVPerr(EVP_F_EVP_PBE_SCRYPT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    X = (uint32_t *)(B + Blen);
+    T = X + 32 * r;
+    V = T + 32 * r;
+    if (PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, 1, EVP_sha256(),
+                          (int)Blen, B) == 0)
+        goto err;
+
+    for (i = 0; i < p; i++)
+        scryptROMix(B + 128 * r * i, r, N, X, T, V);
+
+    if (PKCS5_PBKDF2_HMAC(pass, passlen, B, (int)Blen, 1, EVP_sha256(),
+                          keylen, key) == 0)
+        goto err;
+    rv = 1;
+ err:
+    if (rv == 0)
+        EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_PBKDF2_ERROR);
+
+    OPENSSL_clear_free(B, (size_t)(Blen + Vlen));
+    return rv;
+}
+#endif
diff --git a/freebsd/crypto/openssl/crypto/evp/pmeth_fn.c b/freebsd/crypto/openssl/crypto/evp/pmeth_fn.c
index a821c00a..41d06548 100644
--- a/freebsd/crypto/openssl/crypto/evp/pmeth_fn.c
+++ b/freebsd/crypto/openssl/crypto/evp/pmeth_fn.c
@@ -1,70 +1,20 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* pmeth_fn.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2006.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/objects.h>
 #include <openssl/evp.h>
-#include "evp_locl.h"
+#include "internal/evp_int.h"
 
 #define M_check_autoarg(ctx, arg, arglen, err) \
     if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) {           \
@@ -307,7 +257,7 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer)
     }
 
     /*
-     * ran@cryptocom.ru: For clarity.  The error is if parameters in peer are
+     * For clarity.  The error is if parameters in peer are
      * present (!missing) but don't match.  EVP_PKEY_cmp_parameters may return
      * 1 (match), 0 (don't match) and -2 (comparison is not defined).  -1
      * (different key types) is impossible here because it is checked earlier.
@@ -319,8 +269,7 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer)
         return -1;
     }
 
-    if (ctx->peerkey)
-        EVP_PKEY_free(ctx->peerkey);
+    EVP_PKEY_free(ctx->peerkey);
     ctx->peerkey = peer;
 
     ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 1, peer);
@@ -330,7 +279,7 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer)
         return ret;
     }
 
-    CRYPTO_add(&peer->references, 1, CRYPTO_LOCK_EVP_PKEY);
+    EVP_PKEY_up_ref(peer);
     return 1;
 }
 
diff --git a/freebsd/crypto/openssl/crypto/evp/pmeth_gn.c b/freebsd/crypto/openssl/crypto/evp/pmeth_gn.c
index fbd5b79c..0cf7e759 100644
--- a/freebsd/crypto/openssl/crypto/evp/pmeth_gn.c
+++ b/freebsd/crypto/openssl/crypto/evp/pmeth_gn.c
@@ -1,71 +1,22 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* pmeth_gn.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2006.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/objects.h>
 #include <openssl/evp.h>
-#include <openssl/bn.h>
-#include "evp_locl.h"
+#include "internal/bn_int.h"
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
 
 int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx)
 {
@@ -148,7 +99,7 @@ int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
         return -1;
     }
 
-    if (!ppkey)
+    if (ppkey == NULL)
         return -1;
 
     if (*ppkey == NULL)
@@ -181,7 +132,7 @@ EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx)
 
 static int trans_cb(int a, int b, BN_GENCB *gcb)
 {
-    EVP_PKEY_CTX *ctx = gcb->arg;
+    EVP_PKEY_CTX *ctx = BN_GENCB_get_arg(gcb);
     ctx->keygen_info[0] = a;
     ctx->keygen_info[1] = b;
     return ctx->pkey_gencb(ctx);
@@ -189,7 +140,7 @@ static int trans_cb(int a, int b, BN_GENCB *gcb)
 
 void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx)
 {
-    BN_GENCB_set(cb, trans_cb, ctx)
+    BN_GENCB_set(cb, trans_cb, ctx);
 }
 
 int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx)
@@ -211,14 +162,80 @@ EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e,
         return NULL;
     if (EVP_PKEY_keygen_init(mac_ctx) <= 0)
         goto merr;
-    if (EVP_PKEY_CTX_ctrl(mac_ctx, -1, EVP_PKEY_OP_KEYGEN,
-                          EVP_PKEY_CTRL_SET_MAC_KEY,
-                          keylen, (void *)key) <= 0)
+    if (EVP_PKEY_CTX_set_mac_key(mac_ctx, key, keylen) <= 0)
         goto merr;
     if (EVP_PKEY_keygen(mac_ctx, &mac_key) <= 0)
         goto merr;
  merr:
-    if (mac_ctx)
-        EVP_PKEY_CTX_free(mac_ctx);
+    EVP_PKEY_CTX_free(mac_ctx);
     return mac_key;
 }
+
+int EVP_PKEY_check(EVP_PKEY_CTX *ctx)
+{
+    EVP_PKEY *pkey = ctx->pkey;
+
+    if (pkey == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_CHECK, EVP_R_NO_KEY_SET);
+        return 0;
+    }
+
+    /* call customized check function first */
+    if (ctx->pmeth->check != NULL)
+        return ctx->pmeth->check(pkey);
+
+    /* use default check function in ameth */
+    if (pkey->ameth == NULL || pkey->ameth->pkey_check == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_CHECK,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+
+    return pkey->ameth->pkey_check(pkey);
+}
+
+int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx)
+{
+    EVP_PKEY *pkey = ctx->pkey;
+
+    if (pkey == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_PUBLIC_CHECK, EVP_R_NO_KEY_SET);
+        return 0;
+    }
+
+    /* call customized public key check function first */
+    if (ctx->pmeth->public_check != NULL)
+        return ctx->pmeth->public_check(pkey);
+
+    /* use default public key check function in ameth */
+    if (pkey->ameth == NULL || pkey->ameth->pkey_public_check == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_PUBLIC_CHECK,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+
+    return pkey->ameth->pkey_public_check(pkey);
+}
+
+int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx)
+{
+    EVP_PKEY *pkey = ctx->pkey;
+
+    if (pkey == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_PARAM_CHECK, EVP_R_NO_KEY_SET);
+        return 0;
+    }
+
+    /* call customized param check function first */
+    if (ctx->pmeth->param_check != NULL)
+        return ctx->pmeth->param_check(pkey);
+
+    /* use default param check function in ameth */
+    if (pkey->ameth == NULL || pkey->ameth->pkey_param_check == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_PARAM_CHECK,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+
+    return pkey->ameth->pkey_param_check(pkey);
+}
diff --git a/freebsd/crypto/openssl/crypto/evp/pmeth_lib.c b/freebsd/crypto/openssl/crypto/evp/pmeth_lib.c
index 78cbc4d3..50a2aff9 100644
--- a/freebsd/crypto/openssl/crypto/evp/pmeth_lib.c
+++ b/freebsd/crypto/openssl/crypto/evp/pmeth_lib.c
@@ -1,84 +1,29 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* pmeth_lib.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2006.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "cryptlib.h"
-#include <openssl/objects.h>
+#include "internal/cryptlib.h"
+#include <openssl/engine.h>
 #include <openssl/evp.h>
-#ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
-#endif
-#include "asn1_locl.h"
-#include "evp_locl.h"
+#include <openssl/x509v3.h>
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
+#include "internal/numbers.h"
 
 typedef int sk_cmp_fn_type(const char *const *a, const char *const *b);
 
-DECLARE_STACK_OF(EVP_PKEY_METHOD)
-STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL;
-
-extern const EVP_PKEY_METHOD rsa_pkey_meth, dh_pkey_meth, dsa_pkey_meth;
-extern const EVP_PKEY_METHOD ec_pkey_meth, hmac_pkey_meth, cmac_pkey_meth;
-extern const EVP_PKEY_METHOD dhx_pkey_meth;
+static STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL;
 
+/* This array needs to be in order of NIDs */
 static const EVP_PKEY_METHOD *standard_methods[] = {
 #ifndef OPENSSL_NO_RSA
     &rsa_pkey_meth,
@@ -96,8 +41,33 @@ static const EVP_PKEY_METHOD *standard_methods[] = {
 #ifndef OPENSSL_NO_CMAC
     &cmac_pkey_meth,
 #endif
+#ifndef OPENSSL_NO_RSA
+    &rsa_pss_pkey_meth,
+#endif
 #ifndef OPENSSL_NO_DH
-    &dhx_pkey_meth
+    &dhx_pkey_meth,
+#endif
+#ifndef OPENSSL_NO_SCRYPT
+    &scrypt_pkey_meth,
+#endif
+    &tls1_prf_pkey_meth,
+#ifndef OPENSSL_NO_EC
+    &ecx25519_pkey_meth,
+    &ecx448_pkey_meth,
+#endif
+    &hkdf_pkey_meth,
+#ifndef OPENSSL_NO_POLY1305
+    &poly1305_pkey_meth,
+#endif
+#ifndef OPENSSL_NO_SIPHASH
+    &siphash_pkey_meth,
+#endif
+#ifndef OPENSSL_NO_EC
+    &ed25519_pkey_meth,
+    &ed448_pkey_meth,
+#endif
+#ifndef OPENSSL_NO_SM2
+    &sm2_pkey_meth,
 #endif
 };
 
@@ -136,28 +106,29 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id)
 {
     EVP_PKEY_CTX *ret;
     const EVP_PKEY_METHOD *pmeth;
+
     if (id == -1) {
-        if (!pkey || !pkey->ameth)
-            return NULL;
-        id = pkey->ameth->pkey_id;
+        if (pkey == NULL)
+            return 0;
+        id = pkey->type;
     }
 #ifndef OPENSSL_NO_ENGINE
-    if (pkey && pkey->engine)
-        e = pkey->engine;
+    if (e == NULL && pkey != NULL)
+        e = pkey->pmeth_engine != NULL ? pkey->pmeth_engine : pkey->engine;
     /* Try to find an ENGINE which implements this method */
     if (e) {
         if (!ENGINE_init(e)) {
             EVPerr(EVP_F_INT_CTX_NEW, ERR_R_ENGINE_LIB);
             return NULL;
         }
-    } else
+    } else {
         e = ENGINE_get_pkey_meth_engine(id);
+    }
 
     /*
-     * If an ENGINE handled this method look it up. Othewise use internal
+     * If an ENGINE handled this method look it up. Otherwise use internal
      * tables.
      */
-
     if (e)
         pmeth = ENGINE_get_pkey_meth(e, id);
     else
@@ -165,15 +136,17 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id)
         pmeth = EVP_PKEY_meth_find(id);
 
     if (pmeth == NULL) {
+#ifndef OPENSSL_NO_ENGINE
+        ENGINE_finish(e);
+#endif
         EVPerr(EVP_F_INT_CTX_NEW, EVP_R_UNSUPPORTED_ALGORITHM);
         return NULL;
     }
 
-    ret = OPENSSL_malloc(sizeof(EVP_PKEY_CTX));
-    if (!ret) {
+    ret = OPENSSL_zalloc(sizeof(*ret));
+    if (ret == NULL) {
 #ifndef OPENSSL_NO_ENGINE
-        if (e)
-            ENGINE_finish(e);
+        ENGINE_finish(e);
 #endif
         EVPerr(EVP_F_INT_CTX_NEW, ERR_R_MALLOC_FAILURE);
         return NULL;
@@ -182,11 +155,8 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id)
     ret->pmeth = pmeth;
     ret->operation = EVP_PKEY_OP_UNDEFINED;
     ret->pkey = pkey;
-    ret->peerkey = NULL;
-    ret->pkey_gencb = 0;
-    if (pkey)
-        CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
-    ret->data = NULL;
+    if (pkey != NULL)
+        EVP_PKEY_up_ref(pkey);
 
     if (pmeth->init) {
         if (pmeth->init(ret) <= 0) {
@@ -203,11 +173,11 @@ EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags)
 {
     EVP_PKEY_METHOD *pmeth;
 
-    pmeth = OPENSSL_malloc(sizeof(EVP_PKEY_METHOD));
-    if (!pmeth)
+    pmeth = OPENSSL_zalloc(sizeof(*pmeth));
+    if (pmeth == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_METH_NEW, ERR_R_MALLOC_FAILURE);
         return NULL;
-
-    memset(pmeth, 0, sizeof(EVP_PKEY_METHOD));
+    }
 
     pmeth->pkey_id = id;
     pmeth->flags = flags | EVP_PKEY_FLAG_DYNAMIC;
@@ -262,6 +232,8 @@ void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src)
 
     dst->ctrl = src->ctrl;
     dst->ctrl_str = src->ctrl_str;
+
+    dst->check = src->check;
 }
 
 void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth)
@@ -292,9 +264,11 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx)
         return 0;
     }
 #endif
-    rctx = OPENSSL_malloc(sizeof(EVP_PKEY_CTX));
-    if (!rctx)
+    rctx = OPENSSL_malloc(sizeof(*rctx));
+    if (rctx == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_CTX_DUP, ERR_R_MALLOC_FAILURE);
         return NULL;
+    }
 
     rctx->pmeth = pctx->pmeth;
 #ifndef OPENSSL_NO_ENGINE
@@ -302,12 +276,12 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx)
 #endif
 
     if (pctx->pkey)
-        CRYPTO_add(&pctx->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
+        EVP_PKEY_up_ref(pctx->pkey);
 
     rctx->pkey = pctx->pkey;
 
     if (pctx->peerkey)
-        CRYPTO_add(&pctx->peerkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
+        EVP_PKEY_up_ref(pctx->peerkey);
 
     rctx->peerkey = pctx->peerkey;
 
@@ -328,32 +302,65 @@ int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth)
 {
     if (app_pkey_methods == NULL) {
         app_pkey_methods = sk_EVP_PKEY_METHOD_new(pmeth_cmp);
-        if (!app_pkey_methods)
+        if (app_pkey_methods == NULL){
+            EVPerr(EVP_F_EVP_PKEY_METH_ADD0, ERR_R_MALLOC_FAILURE);
             return 0;
+        }
     }
-    if (!sk_EVP_PKEY_METHOD_push(app_pkey_methods, pmeth))
+    if (!sk_EVP_PKEY_METHOD_push(app_pkey_methods, pmeth)) {
+        EVPerr(EVP_F_EVP_PKEY_METH_ADD0, ERR_R_MALLOC_FAILURE);
         return 0;
+    }
     sk_EVP_PKEY_METHOD_sort(app_pkey_methods);
     return 1;
 }
 
+void evp_app_cleanup_int(void)
+{
+    if (app_pkey_methods != NULL)
+        sk_EVP_PKEY_METHOD_pop_free(app_pkey_methods, EVP_PKEY_meth_free);
+}
+
+int EVP_PKEY_meth_remove(const EVP_PKEY_METHOD *pmeth)
+{
+    const EVP_PKEY_METHOD *ret;
+
+    ret = sk_EVP_PKEY_METHOD_delete_ptr(app_pkey_methods, pmeth);
+
+    return ret == NULL ? 0 : 1;
+}
+
+size_t EVP_PKEY_meth_get_count(void)
+{
+    size_t rv = OSSL_NELEM(standard_methods);
+
+    if (app_pkey_methods)
+        rv += sk_EVP_PKEY_METHOD_num(app_pkey_methods);
+    return rv;
+}
+
+const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx)
+{
+    if (idx < OSSL_NELEM(standard_methods))
+        return standard_methods[idx];
+    if (app_pkey_methods == NULL)
+        return NULL;
+    idx -= OSSL_NELEM(standard_methods);
+    if (idx >= (size_t)sk_EVP_PKEY_METHOD_num(app_pkey_methods))
+        return NULL;
+    return sk_EVP_PKEY_METHOD_value(app_pkey_methods, idx);
+}
+
 void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx)
 {
     if (ctx == NULL)
         return;
     if (ctx->pmeth && ctx->pmeth->cleanup)
         ctx->pmeth->cleanup(ctx);
-    if (ctx->pkey)
-        EVP_PKEY_free(ctx->pkey);
-    if (ctx->peerkey)
-        EVP_PKEY_free(ctx->peerkey);
+    EVP_PKEY_free(ctx->pkey);
+    EVP_PKEY_free(ctx->peerkey);
 #ifndef OPENSSL_NO_ENGINE
-    if (ctx->engine)
-        /*
-         * The EVP_PKEY_CTX we used belongs to an ENGINE, release the
-         * functional reference we held for this reason.
-         */
-        ENGINE_finish(ctx->engine);
+    ENGINE_finish(ctx->engine);
 #endif
     OPENSSL_free(ctx);
 }
@@ -362,6 +369,7 @@ int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
                       int cmd, int p1, void *p2)
 {
     int ret;
+
     if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl) {
         EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_COMMAND_NOT_SUPPORTED);
         return -2;
@@ -369,6 +377,10 @@ int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
     if ((keytype != -1) && (ctx->pmeth->pkey_id != keytype))
         return -1;
 
+    /* Skip the operation checks since this is called in a very early stage */
+    if (ctx->pmeth->digest_custom != NULL)
+        goto doit;
+
     if (ctx->operation == EVP_PKEY_OP_UNDEFINED) {
         EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_NO_OPERATION_SET);
         return -1;
@@ -379,13 +391,19 @@ int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
         return -1;
     }
 
+ doit:
     ret = ctx->pmeth->ctrl(ctx, cmd, p1, p2);
 
     if (ret == -2)
         EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_COMMAND_NOT_SUPPORTED);
 
     return ret;
+}
 
+int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype,
+                             int cmd, uint64_t value)
+{
+    return EVP_PKEY_CTX_ctrl(ctx, keytype, optype, cmd, 0, &value);
 }
 
 int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx,
@@ -395,17 +413,51 @@ int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx,
         EVPerr(EVP_F_EVP_PKEY_CTX_CTRL_STR, EVP_R_COMMAND_NOT_SUPPORTED);
         return -2;
     }
-    if (!strcmp(name, "digest")) {
-        const EVP_MD *md;
-        if (!value || !(md = EVP_get_digestbyname(value))) {
-            EVPerr(EVP_F_EVP_PKEY_CTX_CTRL_STR, EVP_R_INVALID_DIGEST);
-            return 0;
-        }
-        return EVP_PKEY_CTX_set_signature_md(ctx, md);
-    }
+    if (strcmp(name, "digest") == 0)
+        return EVP_PKEY_CTX_md(ctx, EVP_PKEY_OP_TYPE_SIG, EVP_PKEY_CTRL_MD,
+                               value);
     return ctx->pmeth->ctrl_str(ctx, name, value);
 }
 
+/* Utility functions to send a string of hex string to a ctrl */
+
+int EVP_PKEY_CTX_str2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *str)
+{
+    size_t len;
+
+    len = strlen(str);
+    if (len > INT_MAX)
+        return -1;
+    return ctx->pmeth->ctrl(ctx, cmd, len, (void *)str);
+}
+
+int EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *hex)
+{
+    unsigned char *bin;
+    long binlen;
+    int rv = -1;
+
+    bin = OPENSSL_hexstr2buf(hex, &binlen);
+    if (bin == NULL)
+        return 0;
+    if (binlen <= INT_MAX)
+        rv = ctx->pmeth->ctrl(ctx, cmd, binlen, bin);
+    OPENSSL_free(bin);
+    return rv;
+}
+
+/* Pass a message digest to a ctrl */
+int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md)
+{
+    const EVP_MD *m;
+
+    if (md == NULL || (m = EVP_get_digestbyname(md)) == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_CTX_MD, EVP_R_INVALID_DIGEST);
+        return 0;
+    }
+    return EVP_PKEY_CTX_ctrl(ctx, -1, optype, cmd, 0, (void *)m);
+}
+
 int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx)
 {
     return ctx->operation;
@@ -592,26 +644,51 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
     pmeth->ctrl_str = ctrl_str;
 }
 
-void EVP_PKEY_meth_get_init(EVP_PKEY_METHOD *pmeth,
+void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth,
+                             int (*check) (EVP_PKEY *pkey))
+{
+    pmeth->check = check;
+}
+
+void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth,
+                                    int (*check) (EVP_PKEY *pkey))
+{
+    pmeth->public_check = check;
+}
+
+void EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth,
+                                   int (*check) (EVP_PKEY *pkey))
+{
+    pmeth->param_check = check;
+}
+
+void EVP_PKEY_meth_set_digest_custom(EVP_PKEY_METHOD *pmeth,
+                                     int (*digest_custom) (EVP_PKEY_CTX *ctx,
+                                                           EVP_MD_CTX *mctx))
+{
+    pmeth->digest_custom = digest_custom;
+}
+
+void EVP_PKEY_meth_get_init(const EVP_PKEY_METHOD *pmeth,
                             int (**pinit) (EVP_PKEY_CTX *ctx))
 {
     *pinit = pmeth->init;
 }
 
-void EVP_PKEY_meth_get_copy(EVP_PKEY_METHOD *pmeth,
+void EVP_PKEY_meth_get_copy(const EVP_PKEY_METHOD *pmeth,
                             int (**pcopy) (EVP_PKEY_CTX *dst,
                                            EVP_PKEY_CTX *src))
 {
     *pcopy = pmeth->copy;
 }
 
-void EVP_PKEY_meth_get_cleanup(EVP_PKEY_METHOD *pmeth,
+void EVP_PKEY_meth_get_cleanup(const EVP_PKEY_METHOD *pmeth,
                                void (**pcleanup) (EVP_PKEY_CTX *ctx))
 {
     *pcleanup = pmeth->cleanup;
 }
 
-void EVP_PKEY_meth_get_paramgen(EVP_PKEY_METHOD *pmeth,
+void EVP_PKEY_meth_get_paramgen(const EVP_PKEY_METHOD *pmeth,
                                 int (**pparamgen_init) (EVP_PKEY_CTX *ctx),
                                 int (**pparamgen) (EVP_PKEY_CTX *ctx,
                                                    EVP_PKEY *pkey))
@@ -622,7 +699,7 @@ void EVP_PKEY_meth_get_paramgen(EVP_PKEY_METHOD *pmeth,
         *pparamgen = pmeth->paramgen;
 }
 
-void EVP_PKEY_meth_get_keygen(EVP_PKEY_METHOD *pmeth,
+void EVP_PKEY_meth_get_keygen(const EVP_PKEY_METHOD *pmeth,
                               int (**pkeygen_init) (EVP_PKEY_CTX *ctx),
                               int (**pkeygen) (EVP_PKEY_CTX *ctx,
                                                EVP_PKEY *pkey))
@@ -633,7 +710,7 @@ void EVP_PKEY_meth_get_keygen(EVP_PKEY_METHOD *pmeth,
         *pkeygen = pmeth->keygen;
 }
 
-void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth,
+void EVP_PKEY_meth_get_sign(const EVP_PKEY_METHOD *pmeth,
                             int (**psign_init) (EVP_PKEY_CTX *ctx),
                             int (**psign) (EVP_PKEY_CTX *ctx,
                                            unsigned char *sig, size_t *siglen,
@@ -646,7 +723,7 @@ void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth,
         *psign = pmeth->sign;
 }
 
-void EVP_PKEY_meth_get_verify(EVP_PKEY_METHOD *pmeth,
+void EVP_PKEY_meth_get_verify(const EVP_PKEY_METHOD *pmeth,
                               int (**pverify_init) (EVP_PKEY_CTX *ctx),
                               int (**pverify) (EVP_PKEY_CTX *ctx,
                                                const unsigned char *sig,
@@ -660,7 +737,7 @@ void EVP_PKEY_meth_get_verify(EVP_PKEY_METHOD *pmeth,
         *pverify = pmeth->verify;
 }
 
-void EVP_PKEY_meth_get_verify_recover(EVP_PKEY_METHOD *pmeth,
+void EVP_PKEY_meth_get_verify_recover(const EVP_PKEY_METHOD *pmeth,
                                       int (**pverify_recover_init) (EVP_PKEY_CTX
                                                                     *ctx),
                                       int (**pverify_recover) (EVP_PKEY_CTX
@@ -678,7 +755,7 @@ void EVP_PKEY_meth_get_verify_recover(EVP_PKEY_METHOD *pmeth,
         *pverify_recover = pmeth->verify_recover;
 }
 
-void EVP_PKEY_meth_get_signctx(EVP_PKEY_METHOD *pmeth,
+void EVP_PKEY_meth_get_signctx(const EVP_PKEY_METHOD *pmeth,
                                int (**psignctx_init) (EVP_PKEY_CTX *ctx,
                                                       EVP_MD_CTX *mctx),
                                int (**psignctx) (EVP_PKEY_CTX *ctx,
@@ -692,7 +769,7 @@ void EVP_PKEY_meth_get_signctx(EVP_PKEY_METHOD *pmeth,
         *psignctx = pmeth->signctx;
 }
 
-void EVP_PKEY_meth_get_verifyctx(EVP_PKEY_METHOD *pmeth,
+void EVP_PKEY_meth_get_verifyctx(const EVP_PKEY_METHOD *pmeth,
                                  int (**pverifyctx_init) (EVP_PKEY_CTX *ctx,
                                                           EVP_MD_CTX *mctx),
                                  int (**pverifyctx) (EVP_PKEY_CTX *ctx,
@@ -706,7 +783,7 @@ void EVP_PKEY_meth_get_verifyctx(EVP_PKEY_METHOD *pmeth,
         *pverifyctx = pmeth->verifyctx;
 }
 
-void EVP_PKEY_meth_get_encrypt(EVP_PKEY_METHOD *pmeth,
+void EVP_PKEY_meth_get_encrypt(const EVP_PKEY_METHOD *pmeth,
                                int (**pencrypt_init) (EVP_PKEY_CTX *ctx),
                                int (**pencryptfn) (EVP_PKEY_CTX *ctx,
                                                    unsigned char *out,
@@ -720,7 +797,7 @@ void EVP_PKEY_meth_get_encrypt(EVP_PKEY_METHOD *pmeth,
         *pencryptfn = pmeth->encrypt;
 }
 
-void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth,
+void EVP_PKEY_meth_get_decrypt(const EVP_PKEY_METHOD *pmeth,
                                int (**pdecrypt_init) (EVP_PKEY_CTX *ctx),
                                int (**pdecrypt) (EVP_PKEY_CTX *ctx,
                                                  unsigned char *out,
@@ -734,7 +811,7 @@ void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth,
         *pdecrypt = pmeth->decrypt;
 }
 
-void EVP_PKEY_meth_get_derive(EVP_PKEY_METHOD *pmeth,
+void EVP_PKEY_meth_get_derive(const EVP_PKEY_METHOD *pmeth,
                               int (**pderive_init) (EVP_PKEY_CTX *ctx),
                               int (**pderive) (EVP_PKEY_CTX *ctx,
                                                unsigned char *key,
@@ -746,7 +823,7 @@ void EVP_PKEY_meth_get_derive(EVP_PKEY_METHOD *pmeth,
         *pderive = pmeth->derive;
 }
 
-void EVP_PKEY_meth_get_ctrl(EVP_PKEY_METHOD *pmeth,
+void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth,
                             int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1,
                                            void *p2),
                             int (**pctrl_str) (EVP_PKEY_CTX *ctx,
@@ -758,3 +835,32 @@ void EVP_PKEY_meth_get_ctrl(EVP_PKEY_METHOD *pmeth,
     if (pctrl_str)
         *pctrl_str = pmeth->ctrl_str;
 }
+
+void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth,
+                             int (**pcheck) (EVP_PKEY *pkey))
+{
+    if (*pcheck)
+        *pcheck = pmeth->check;
+}
+
+void EVP_PKEY_meth_get_public_check(const EVP_PKEY_METHOD *pmeth,
+                                    int (**pcheck) (EVP_PKEY *pkey))
+{
+    if (*pcheck)
+        *pcheck = pmeth->public_check;
+}
+
+void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD *pmeth,
+                                   int (**pcheck) (EVP_PKEY *pkey))
+{
+    if (*pcheck)
+        *pcheck = pmeth->param_check;
+}
+
+void EVP_PKEY_meth_get_digest_custom(EVP_PKEY_METHOD *pmeth,
+                                     int (**pdigest_custom) (EVP_PKEY_CTX *ctx,
+                                                             EVP_MD_CTX *mctx))
+{
+    if (pdigest_custom != NULL)
+        *pdigest_custom = pmeth->digest_custom;
+}
diff --git a/freebsd/crypto/openssl/crypto/ex_data.c b/freebsd/crypto/openssl/crypto/ex_data.c
index 631a48b9..7cacec59 100644
--- a/freebsd/crypto/openssl/crypto/ex_data.c
+++ b/freebsd/crypto/openssl/crypto/ex_data.c
@@ -1,447 +1,239 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/ex_data.c */
-
 /*
- * Overhaul notes;
- *
- * This code is now *mostly* thread-safe. It is now easier to understand in what
- * ways it is safe and in what ways it is not, which is an improvement. Firstly,
- * all per-class stacks and index-counters for ex_data are stored in the same
- * global LHASH table (keyed by class). This hash table uses locking for all
- * access with the exception of CRYPTO_cleanup_all_ex_data(), which must only be
- * called when no other threads can possibly race against it (even if it was
- * locked, the race would mean it's possible the hash table might have been
- * recreated after the cleanup). As classes can only be added to the hash table,
- * and within each class, the stack of methods can only be incremented, the
- * locking mechanics are simpler than they would otherwise be. For example, the
- * new/dup/free ex_data functions will lock the hash table, copy the method
- * pointers it needs from the relevant class, then unlock the hash table before
- * actually applying those method pointers to the task of the new/dup/free
- * operations. As they can't be removed from the method-stack, only
- * supplemented, there's no race conditions associated with using them outside
- * the lock. The get/set_ex_data functions are not locked because they do not
- * involve this global state at all - they operate directly with a previously
- * obtained per-class method index and a particular "ex_data" variable. These
- * variables are usually instantiated per-context (eg. each RSA structure has
- * one) so locking on read/write access to that variable can be locked locally
- * if required (eg. using the "RSA" lock to synchronise access to a
- * per-RSA-structure ex_data variable if required).
- * [Geoff]
- */
-
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include "cryptlib.h"
-#include <openssl/lhash.h>
-
-/* What an "implementation of ex_data functionality" looks like */
-struct st_CRYPTO_EX_DATA_IMPL {
-        /*********************/
-    /* GLOBAL OPERATIONS */
-    /* Return a new class index */
-    int (*cb_new_class) (void);
-    /* Cleanup all state used by the implementation */
-    void (*cb_cleanup) (void);
-        /************************/
-    /* PER-CLASS OPERATIONS */
-    /* Get a new method index within a class */
-    int (*cb_get_new_index) (int class_index, long argl, void *argp,
-                             CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
-                             CRYPTO_EX_free *free_func);
-    /* Initialise a new CRYPTO_EX_DATA of a given class */
-    int (*cb_new_ex_data) (int class_index, void *obj, CRYPTO_EX_DATA *ad);
-    /* Duplicate a CRYPTO_EX_DATA of a given class onto a copy */
-    int (*cb_dup_ex_data) (int class_index, CRYPTO_EX_DATA *to,
-                           CRYPTO_EX_DATA *from);
-    /* Cleanup a CRYPTO_EX_DATA of a given class */
-    void (*cb_free_ex_data) (int class_index, void *obj, CRYPTO_EX_DATA *ad);
-};
-
-/* The implementation we use at run-time */
-static const CRYPTO_EX_DATA_IMPL *impl = NULL;
+#include "internal/cryptlib_int.h"
+#include "internal/thread_once.h"
 
 /*
- * To call "impl" functions, use this macro rather than referring to 'impl'
- * directly, eg. EX_IMPL(get_new_index)(...);
+ * Each structure type (sometimes called a class), that supports
+ * exdata has a stack of callbacks for each instance.
  */
-#define EX_IMPL(a) impl->cb_##a
-
-/* Predeclare the "default" ex_data implementation */
-static int int_new_class(void);
-static void int_cleanup(void);
-static int int_get_new_index(int class_index, long argl, void *argp,
-                             CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
-                             CRYPTO_EX_free *free_func);
-static int int_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad);
-static int int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
-                           CRYPTO_EX_DATA *from);
-static void int_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad);
-static CRYPTO_EX_DATA_IMPL impl_default = {
-    int_new_class,
-    int_cleanup,
-    int_get_new_index,
-    int_new_ex_data,
-    int_dup_ex_data,
-    int_free_ex_data
+struct ex_callback_st {
+    long argl;                  /* Arbitrary long */
+    void *argp;                 /* Arbitrary void * */
+    CRYPTO_EX_new *new_func;
+    CRYPTO_EX_free *free_func;
+    CRYPTO_EX_dup *dup_func;
 };
 
 /*
- * Internal function that checks whether "impl" is set and if not, sets it to
- * the default.
+ * The state for each class.  This could just be a typedef, but
+ * a structure allows future changes.
  */
-static void impl_check(void)
-{
-    CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
-    if (!impl)
-        impl = &impl_default;
-    CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
-}
+typedef struct ex_callbacks_st {
+    STACK_OF(EX_CALLBACK) *meth;
+} EX_CALLBACKS;
 
-/*
- * A macro wrapper for impl_check that first uses a non-locked test before
- * invoking the function (which checks again inside a lock).
- */
-#define IMPL_CHECK if(!impl) impl_check();
+static EX_CALLBACKS ex_data[CRYPTO_EX_INDEX__COUNT];
 
-/* API functions to get/set the "ex_data" implementation */
-const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation(void)
-{
-    IMPL_CHECK return impl;
-}
+static CRYPTO_RWLOCK *ex_data_lock = NULL;
+static CRYPTO_ONCE ex_data_init = CRYPTO_ONCE_STATIC_INIT;
 
-int CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i)
+DEFINE_RUN_ONCE_STATIC(do_ex_data_init)
 {
-    int toret = 0;
-    CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
-    if (!impl) {
-        impl = i;
-        toret = 1;
-    }
-    CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
-    return toret;
+    if (!OPENSSL_init_crypto(0, NULL))
+        return 0;
+    ex_data_lock = CRYPTO_THREAD_lock_new();
+    return ex_data_lock != NULL;
 }
 
-/****************************************************************************/
 /*
- * Interal (default) implementation of "ex_data" support. API functions are
- * further down.
+ * Return the EX_CALLBACKS from the |ex_data| array that corresponds to
+ * a given class.  On success, *holds the lock.*
  */
+static EX_CALLBACKS *get_and_lock(int class_index)
+{
+    EX_CALLBACKS *ip;
 
-/*
- * The type that represents what each "class" used to implement locally. A
- * STACK of CRYPTO_EX_DATA_FUNCS plus a index-counter. The 'class_index' is
- * the global value representing the class that is used to distinguish these
- * items.
- */
-typedef struct st_ex_class_item {
-    int class_index;
-    STACK_OF(CRYPTO_EX_DATA_FUNCS) *meth;
-    int meth_num;
-} EX_CLASS_ITEM;
+    if (class_index < 0 || class_index >= CRYPTO_EX_INDEX__COUNT) {
+        CRYPTOerr(CRYPTO_F_GET_AND_LOCK, ERR_R_PASSED_INVALID_ARGUMENT);
+        return NULL;
+    }
 
-/* When assigning new class indexes, this is our counter */
-static int ex_class = CRYPTO_EX_INDEX_USER;
+    if (!RUN_ONCE(&ex_data_init, do_ex_data_init)) {
+        CRYPTOerr(CRYPTO_F_GET_AND_LOCK, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
 
-/* The global hash table of EX_CLASS_ITEM items */
-DECLARE_LHASH_OF(EX_CLASS_ITEM);
-static LHASH_OF(EX_CLASS_ITEM) *ex_data = NULL;
+    if (ex_data_lock == NULL) {
+        /*
+         * This can happen in normal operation when using CRYPTO_mem_leaks().
+         * The CRYPTO_mem_leaks() function calls OPENSSL_cleanup() which cleans
+         * up the locks. Subsequently the BIO that CRYPTO_mem_leaks() uses gets
+         * freed, which also attempts to free the ex_data. However
+         * CRYPTO_mem_leaks() ensures that the ex_data is freed early (i.e.
+         * before OPENSSL_cleanup() is called), so if we get here we can safely
+         * ignore this operation. We just treat it as an error.
+         */
+         return NULL;
+    }
 
-/* The callbacks required in the "ex_data" hash table */
-static unsigned long ex_class_item_hash(const EX_CLASS_ITEM *a)
-{
-    return a->class_index;
+    ip = &ex_data[class_index];
+    CRYPTO_THREAD_write_lock(ex_data_lock);
+    return ip;
 }
 
-static IMPLEMENT_LHASH_HASH_FN(ex_class_item, EX_CLASS_ITEM)
-
-static int ex_class_item_cmp(const EX_CLASS_ITEM *a, const EX_CLASS_ITEM *b)
+static void cleanup_cb(EX_CALLBACK *funcs)
 {
-    return a->class_index - b->class_index;
+    OPENSSL_free(funcs);
 }
 
-static IMPLEMENT_LHASH_COMP_FN(ex_class_item, EX_CLASS_ITEM)
-
 /*
- * Internal functions used by the "impl_default" implementation to access the
- * state
+ * Release all "ex_data" state to prevent memory leaks. This can't be made
+ * thread-safe without overhauling a lot of stuff, and shouldn't really be
+ * called under potential race-conditions anyway (it's for program shutdown
+ * after all).
  */
-static int ex_data_check(void)
+void crypto_cleanup_all_ex_data_int(void)
 {
-    int toret = 1;
-    CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
-    if (!ex_data && (ex_data = lh_EX_CLASS_ITEM_new()) == NULL)
-        toret = 0;
-    CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
-    return toret;
+    int i;
+
+    for (i = 0; i < CRYPTO_EX_INDEX__COUNT; ++i) {
+        EX_CALLBACKS *ip = &ex_data[i];
+
+        sk_EX_CALLBACK_pop_free(ip->meth, cleanup_cb);
+        ip->meth = NULL;
+    }
+
+    CRYPTO_THREAD_lock_free(ex_data_lock);
+    ex_data_lock = NULL;
 }
 
+
 /*
- * This macros helps reduce the locking from repeated checks because the
- * ex_data_check() function checks ex_data again inside a lock.
+ * Unregister a new index by replacing the callbacks with no-ops.
+ * Any in-use instances are leaked.
  */
-#define EX_DATA_CHECK(iffail) if(!ex_data && !ex_data_check()) {iffail}
+static void dummy_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx,
+                     long argl, void *argp)
+{
+}
 
-/* This "inner" callback is used by the callback function that follows it */
-static void def_cleanup_util_cb(CRYPTO_EX_DATA_FUNCS *funcs)
+static void dummy_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx,
+                       long argl, void *argp)
 {
-    OPENSSL_free(funcs);
 }
 
-/*
- * This callback is used in lh_doall to destroy all EX_CLASS_ITEM values from
- * "ex_data" prior to the ex_data hash table being itself destroyed. Doesn't
- * do any locking.
- */
-static void def_cleanup_cb(void *a_void)
+static int dummy_dup(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
+                     void *from_d, int idx,
+                     long argl, void *argp)
 {
-    EX_CLASS_ITEM *item = (EX_CLASS_ITEM *)a_void;
-    sk_CRYPTO_EX_DATA_FUNCS_pop_free(item->meth, def_cleanup_util_cb);
-    OPENSSL_free(item);
+    return 1;
 }
 
-/*
- * Return the EX_CLASS_ITEM from the "ex_data" hash table that corresponds to
- * a given class. Handles locking.
- */
-static EX_CLASS_ITEM *def_get_class(int class_index)
+int CRYPTO_free_ex_index(int class_index, int idx)
 {
-    EX_CLASS_ITEM d, *p, *gen;
-    EX_DATA_CHECK(return NULL;)
-        d.class_index = class_index;
-    CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
-    p = lh_EX_CLASS_ITEM_retrieve(ex_data, &d);
-    if (!p) {
-        gen = OPENSSL_malloc(sizeof(EX_CLASS_ITEM));
-        if (gen) {
-            gen->class_index = class_index;
-            gen->meth_num = 0;
-            gen->meth = sk_CRYPTO_EX_DATA_FUNCS_new_null();
-            if (!gen->meth)
-                OPENSSL_free(gen);
-            else {
-                /*
-                 * Because we're inside the ex_data lock, the return value
-                 * from the insert will be NULL
-                 */
-                (void)lh_EX_CLASS_ITEM_insert(ex_data, gen);
-                p = lh_EX_CLASS_ITEM_retrieve(ex_data, &d);
-                if (p != gen) {
-                    sk_CRYPTO_EX_DATA_FUNCS_free(gen->meth);
-                    OPENSSL_free(gen);
-                }
-            }
-        }
-    }
-    CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
-    if (!p)
-        CRYPTOerr(CRYPTO_F_DEF_GET_CLASS, ERR_R_MALLOC_FAILURE);
-    return p;
+    EX_CALLBACKS *ip = get_and_lock(class_index);
+    EX_CALLBACK *a;
+    int toret = 0;
+
+    if (ip == NULL)
+        return 0;
+    if (idx < 0 || idx >= sk_EX_CALLBACK_num(ip->meth))
+        goto err;
+    a = sk_EX_CALLBACK_value(ip->meth, idx);
+    if (a == NULL)
+        goto err;
+    a->new_func = dummy_new;
+    a->dup_func = dummy_dup;
+    a->free_func = dummy_free;
+    toret = 1;
+err:
+    CRYPTO_THREAD_unlock(ex_data_lock);
+    return toret;
 }
 
 /*
- * Add a new method to the given EX_CLASS_ITEM and return the corresponding
- * index (or -1 for error). Handles locking.
+ * Register a new index.
  */
-static int def_add_index(EX_CLASS_ITEM *item, long argl, void *argp,
-                         CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
-                         CRYPTO_EX_free *free_func)
+int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,
+                            CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
+                            CRYPTO_EX_free *free_func)
 {
     int toret = -1;
-    CRYPTO_EX_DATA_FUNCS *a =
-        (CRYPTO_EX_DATA_FUNCS *)OPENSSL_malloc(sizeof(CRYPTO_EX_DATA_FUNCS));
-    if (!a) {
-        CRYPTOerr(CRYPTO_F_DEF_ADD_INDEX, ERR_R_MALLOC_FAILURE);
+    EX_CALLBACK *a;
+    EX_CALLBACKS *ip = get_and_lock(class_index);
+
+    if (ip == NULL)
         return -1;
+
+    if (ip->meth == NULL) {
+        ip->meth = sk_EX_CALLBACK_new_null();
+        /* We push an initial value on the stack because the SSL
+         * "app_data" routines use ex_data index zero.  See RT 3710. */
+        if (ip->meth == NULL
+            || !sk_EX_CALLBACK_push(ip->meth, NULL)) {
+            CRYPTOerr(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+
+    a = (EX_CALLBACK *)OPENSSL_malloc(sizeof(*a));
+    if (a == NULL) {
+        CRYPTOerr(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX, ERR_R_MALLOC_FAILURE);
+        goto err;
     }
     a->argl = argl;
     a->argp = argp;
     a->new_func = new_func;
     a->dup_func = dup_func;
     a->free_func = free_func;
-    CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
-    while (sk_CRYPTO_EX_DATA_FUNCS_num(item->meth) <= item->meth_num) {
-        if (!sk_CRYPTO_EX_DATA_FUNCS_push(item->meth, NULL)) {
-            CRYPTOerr(CRYPTO_F_DEF_ADD_INDEX, ERR_R_MALLOC_FAILURE);
-            OPENSSL_free(a);
-            goto err;
-        }
-    }
-    toret = item->meth_num++;
-    (void)sk_CRYPTO_EX_DATA_FUNCS_set(item->meth, toret, a);
- err:
-    CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
-    return toret;
-}
 
-/**************************************************************/
-/* The functions in the default CRYPTO_EX_DATA_IMPL structure */
+    if (!sk_EX_CALLBACK_push(ip->meth, NULL)) {
+        CRYPTOerr(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(a);
+        goto err;
+    }
+    toret = sk_EX_CALLBACK_num(ip->meth) - 1;
+    (void)sk_EX_CALLBACK_set(ip->meth, toret, a);
 
-static int int_new_class(void)
-{
-    int toret;
-    CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
-    toret = ex_class++;
-    CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
+ err:
+    CRYPTO_THREAD_unlock(ex_data_lock);
     return toret;
 }
 
-static void int_cleanup(void)
-{
-    EX_DATA_CHECK(return;)
-        lh_EX_CLASS_ITEM_doall(ex_data, def_cleanup_cb);
-    lh_EX_CLASS_ITEM_free(ex_data);
-    ex_data = NULL;
-    impl = NULL;
-}
-
-static int int_get_new_index(int class_index, long argl, void *argp,
-                             CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
-                             CRYPTO_EX_free *free_func)
-{
-    EX_CLASS_ITEM *item = def_get_class(class_index);
-    if (!item)
-        return -1;
-    return def_add_index(item, argl, argp, new_func, dup_func, free_func);
-}
-
 /*
- * Thread-safe by copying a class's array of "CRYPTO_EX_DATA_FUNCS" entries
- * in the lock, then using them outside the lock. NB: Thread-safety only
- * applies to the global "ex_data" state (ie. class definitions), not
- * thread-safe on 'ad' itself.
+ * Initialise a new CRYPTO_EX_DATA for use in a particular class - including
+ * calling new() callbacks for each index in the class used by this variable
+ * Thread-safe by copying a class's array of "EX_CALLBACK" entries
+ * in the lock, then using them outside the lock. Note this only applies
+ * to the global "ex_data" state (ie. class definitions), not 'ad' itself.
  */
-static int int_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
+int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
 {
     int mx, i;
     void *ptr;
-    CRYPTO_EX_DATA_FUNCS **storage = NULL;
-    EX_CLASS_ITEM *item = def_get_class(class_index);
-    if (!item)
-        /* error is already set */
+    EX_CALLBACK **storage = NULL;
+    EX_CALLBACK *stack[10];
+    EX_CALLBACKS *ip = get_and_lock(class_index);
+
+    if (ip == NULL)
         return 0;
+
     ad->sk = NULL;
-    CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA);
-    mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth);
+
+    mx = sk_EX_CALLBACK_num(ip->meth);
     if (mx > 0) {
-        storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS *));
-        if (!storage)
-            goto skip;
-        for (i = 0; i < mx; i++)
-            storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth, i);
+        if (mx < (int)OSSL_NELEM(stack))
+            storage = stack;
+        else
+            storage = OPENSSL_malloc(sizeof(*storage) * mx);
+        if (storage != NULL)
+            for (i = 0; i < mx; i++)
+                storage[i] = sk_EX_CALLBACK_value(ip->meth, i);
     }
- skip:
-    CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA);
-    if ((mx > 0) && !storage) {
-        CRYPTOerr(CRYPTO_F_INT_NEW_EX_DATA, ERR_R_MALLOC_FAILURE);
+    CRYPTO_THREAD_unlock(ex_data_lock);
+
+    if (mx > 0 && storage == NULL) {
+        CRYPTOerr(CRYPTO_F_CRYPTO_NEW_EX_DATA, ERR_R_MALLOC_FAILURE);
         return 0;
     }
     for (i = 0; i < mx; i++) {
@@ -451,173 +243,127 @@ static int int_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
                                  storage[i]->argl, storage[i]->argp);
         }
     }
-    if (storage)
+    if (storage != stack)
         OPENSSL_free(storage);
     return 1;
 }
 
-/* Same thread-safety notes as for "int_new_ex_data" */
-static int int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
-                           CRYPTO_EX_DATA *from)
+/*
+ * Duplicate a CRYPTO_EX_DATA variable - including calling dup() callbacks
+ * for each index in the class used by this variable
+ */
+int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
+                       const CRYPTO_EX_DATA *from)
 {
     int mx, j, i;
     void *ptr;
-    CRYPTO_EX_DATA_FUNCS **storage = NULL;
-    EX_CLASS_ITEM *item;
-    if (!from->sk)
-        /* 'to' should be "blank" which *is* just like 'from' */
+    EX_CALLBACK *stack[10];
+    EX_CALLBACK **storage = NULL;
+    EX_CALLBACKS *ip;
+    int toret = 0;
+
+    if (from->sk == NULL)
+        /* Nothing to copy over */
         return 1;
-    if ((item = def_get_class(class_index)) == NULL)
+    if ((ip = get_and_lock(class_index)) == NULL)
         return 0;
-    CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA);
-    mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth);
+
+    mx = sk_EX_CALLBACK_num(ip->meth);
     j = sk_void_num(from->sk);
     if (j < mx)
         mx = j;
     if (mx > 0) {
-        /*
-         * Make sure the ex_data stack is at least |mx| elements long to avoid
-         * issues in the for loop that follows; so go get the |mx|'th element
-         * (if it does not exist CRYPTO_get_ex_data() returns NULL), and assign
-         * to itself. This is normally a no-op; but ensures the stack is the
-         * proper size
-         */
-        if (!CRYPTO_set_ex_data(to, mx - 1, CRYPTO_get_ex_data(to, mx - 1)))
-            goto skip;
-        storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS *));
-        if (!storage)
-            goto skip;
-        for (i = 0; i < mx; i++)
-            storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth, i);
+        if (mx < (int)OSSL_NELEM(stack))
+            storage = stack;
+        else
+            storage = OPENSSL_malloc(sizeof(*storage) * mx);
+        if (storage != NULL)
+            for (i = 0; i < mx; i++)
+                storage[i] = sk_EX_CALLBACK_value(ip->meth, i);
     }
- skip:
-    CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA);
-    if ((mx > 0) && !storage) {
-        CRYPTOerr(CRYPTO_F_INT_DUP_EX_DATA, ERR_R_MALLOC_FAILURE);
+    CRYPTO_THREAD_unlock(ex_data_lock);
+
+    if (mx == 0)
+        return 1;
+    if (storage == NULL) {
+        CRYPTOerr(CRYPTO_F_CRYPTO_DUP_EX_DATA, ERR_R_MALLOC_FAILURE);
         return 0;
     }
+    /*
+     * Make sure the ex_data stack is at least |mx| elements long to avoid
+     * issues in the for loop that follows; so go get the |mx|'th element
+     * (if it does not exist CRYPTO_get_ex_data() returns NULL), and assign
+     * to itself. This is normally a no-op; but ensures the stack is the
+     * proper size
+     */
+    if (!CRYPTO_set_ex_data(to, mx - 1, CRYPTO_get_ex_data(to, mx - 1)))
+        goto err;
+
     for (i = 0; i < mx; i++) {
         ptr = CRYPTO_get_ex_data(from, i);
         if (storage[i] && storage[i]->dup_func)
-            storage[i]->dup_func(to, from, &ptr, i,
-                                 storage[i]->argl, storage[i]->argp);
+            if (!storage[i]->dup_func(to, from, &ptr, i,
+                                      storage[i]->argl, storage[i]->argp))
+                goto err;
         CRYPTO_set_ex_data(to, i, ptr);
     }
-    if (storage)
+    toret = 1;
+ err:
+    if (storage != stack)
         OPENSSL_free(storage);
-    return 1;
+    return toret;
 }
 
-/* Same thread-safety notes as for "int_new_ex_data" */
-static void int_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
+
+/*
+ * Cleanup a CRYPTO_EX_DATA variable - including calling free() callbacks for
+ * each index in the class used by this variable
+ */
+void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
 {
     int mx, i;
-    EX_CLASS_ITEM *item;
+    EX_CALLBACKS *ip;
     void *ptr;
-    CRYPTO_EX_DATA_FUNCS *f;
-    CRYPTO_EX_DATA_FUNCS **storage = NULL;
-    if (ex_data == NULL)
-        goto err;
-    if ((item = def_get_class(class_index)) == NULL)
+    EX_CALLBACK *f;
+    EX_CALLBACK *stack[10];
+    EX_CALLBACK **storage = NULL;
+
+    if ((ip = get_and_lock(class_index)) == NULL)
         goto err;
-    CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA);
-    mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth);
+
+    mx = sk_EX_CALLBACK_num(ip->meth);
     if (mx > 0) {
-        storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS *));
-        if (!storage)
-            goto skip;
-        for (i = 0; i < mx; i++)
-            storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth, i);
+        if (mx < (int)OSSL_NELEM(stack))
+            storage = stack;
+        else
+            storage = OPENSSL_malloc(sizeof(*storage) * mx);
+        if (storage != NULL)
+            for (i = 0; i < mx; i++)
+                storage[i] = sk_EX_CALLBACK_value(ip->meth, i);
     }
- skip:
-    CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA);
+    CRYPTO_THREAD_unlock(ex_data_lock);
+
     for (i = 0; i < mx; i++) {
         if (storage != NULL)
             f = storage[i];
         else {
-            CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA);
-            f = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth, i);
-            CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA);
+            CRYPTO_THREAD_write_lock(ex_data_lock);
+            f = sk_EX_CALLBACK_value(ip->meth, i);
+            CRYPTO_THREAD_unlock(ex_data_lock);
         }
         if (f != NULL && f->free_func != NULL) {
             ptr = CRYPTO_get_ex_data(ad, i);
             f->free_func(obj, ptr, ad, i, f->argl, f->argp);
         }
     }
-    OPENSSL_free(storage);
+
+    if (storage != stack)
+        OPENSSL_free(storage);
  err:
     sk_void_free(ad->sk);
     ad->sk = NULL;
 }
 
-/********************************************************************/
-/*
- * API functions that defer all "state" operations to the "ex_data"
- * implementation we have set.
- */
-
-/*
- * Obtain an index for a new class (not the same as getting a new index
- * within an existing class - this is actually getting a new *class*)
- */
-int CRYPTO_ex_data_new_class(void)
-{
-    IMPL_CHECK return EX_IMPL(new_class) ();
-}
-
-/*
- * Release all "ex_data" state to prevent memory leaks. This can't be made
- * thread-safe without overhauling a lot of stuff, and shouldn't really be
- * called under potential race-conditions anyway (it's for program shutdown
- * after all).
- */
-void CRYPTO_cleanup_all_ex_data(void)
-{
-    IMPL_CHECK EX_IMPL(cleanup) ();
-}
-
-/* Inside an existing class, get/register a new index. */
-int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,
-                            CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
-                            CRYPTO_EX_free *free_func)
-{
-    int ret = -1;
-
-    IMPL_CHECK
-        ret = EX_IMPL(get_new_index) (class_index,
-                                      argl, argp, new_func, dup_func,
-                                      free_func);
-    return ret;
-}
-
-/*
- * Initialise a new CRYPTO_EX_DATA for use in a particular class - including
- * calling new() callbacks for each index in the class used by this variable
- */
-int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
-{
-    IMPL_CHECK return EX_IMPL(new_ex_data) (class_index, obj, ad);
-}
-
-/*
- * Duplicate a CRYPTO_EX_DATA variable - including calling dup() callbacks
- * for each index in the class used by this variable
- */
-int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
-                       CRYPTO_EX_DATA *from)
-{
-    IMPL_CHECK return EX_IMPL(dup_ex_data) (class_index, to, from);
-}
-
-/*
- * Cleanup a CRYPTO_EX_DATA variable - including calling free() callbacks for
- * each index in the class used by this variable
- */
-void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
-{
-    IMPL_CHECK EX_IMPL(free_ex_data) (class_index, obj, ad);
-}
-
 /*
  * For a given CRYPTO_EX_DATA variable, set the value corresponding to a
  * particular index in the class used by this variable
@@ -629,20 +375,18 @@ int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val)
     if (ad->sk == NULL) {
         if ((ad->sk = sk_void_new_null()) == NULL) {
             CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA, ERR_R_MALLOC_FAILURE);
-            return (0);
+            return 0;
         }
     }
-    i = sk_void_num(ad->sk);
 
-    while (i <= idx) {
+    for (i = sk_void_num(ad->sk); i <= idx; ++i) {
         if (!sk_void_push(ad->sk, NULL)) {
             CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA, ERR_R_MALLOC_FAILURE);
-            return (0);
+            return 0;
         }
-        i++;
     }
     sk_void_set(ad->sk, idx, val);
-    return (1);
+    return 1;
 }
 
 /*
@@ -651,12 +395,7 @@ int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val)
  */
 void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx)
 {
-    if (ad->sk == NULL)
-        return (0);
-    else if (idx >= sk_void_num(ad->sk))
-        return (0);
-    else
-        return (sk_void_value(ad->sk, idx));
+    if (ad->sk == NULL || idx >= sk_void_num(ad->sk))
+        return NULL;
+    return sk_void_value(ad->sk, idx);
 }
-
-IMPLEMENT_STACK_OF(CRYPTO_EX_DATA_FUNCS)
diff --git a/freebsd/crypto/openssl/crypto/fips_err.h b/freebsd/crypto/openssl/crypto/fips_err.h
deleted file mode 100644
index 0308b63b..00000000
--- a/freebsd/crypto/openssl/crypto/fips_err.h
+++ /dev/null
@@ -1,223 +0,0 @@
-/* crypto/fips_err.h */
-/* ====================================================================
- * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/*
- * NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/fips.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_FIPS,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_FIPS,0,reason)
-
-static ERR_STRING_DATA FIPS_str_functs[] = {
-    {ERR_FUNC(FIPS_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"},
-    {ERR_FUNC(FIPS_F_DH_INIT), "DH_INIT"},
-    {ERR_FUNC(FIPS_F_DRBG_RESEED), "DRBG_RESEED"},
-    {ERR_FUNC(FIPS_F_DSA_BUILTIN_PARAMGEN), "DSA_BUILTIN_PARAMGEN"},
-    {ERR_FUNC(FIPS_F_DSA_BUILTIN_PARAMGEN2), "DSA_BUILTIN_PARAMGEN2"},
-    {ERR_FUNC(FIPS_F_DSA_DO_SIGN), "DSA_do_sign"},
-    {ERR_FUNC(FIPS_F_DSA_DO_VERIFY), "DSA_do_verify"},
-    {ERR_FUNC(FIPS_F_FIPS_CHECK_DSA), "FIPS_CHECK_DSA"},
-    {ERR_FUNC(FIPS_F_FIPS_CHECK_DSA_PRNG), "fips_check_dsa_prng"},
-    {ERR_FUNC(FIPS_F_FIPS_CHECK_EC), "FIPS_CHECK_EC"},
-    {ERR_FUNC(FIPS_F_FIPS_CHECK_EC_PRNG), "fips_check_ec_prng"},
-    {ERR_FUNC(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT),
-     "FIPS_check_incore_fingerprint"},
-    {ERR_FUNC(FIPS_F_FIPS_CHECK_RSA), "fips_check_rsa"},
-    {ERR_FUNC(FIPS_F_FIPS_CHECK_RSA_PRNG), "fips_check_rsa_prng"},
-    {ERR_FUNC(FIPS_F_FIPS_CIPHER), "FIPS_cipher"},
-    {ERR_FUNC(FIPS_F_FIPS_CIPHERINIT), "FIPS_cipherinit"},
-    {ERR_FUNC(FIPS_F_FIPS_CIPHER_CTX_CTRL), "FIPS_CIPHER_CTX_CTRL"},
-    {ERR_FUNC(FIPS_F_FIPS_DIGESTFINAL), "FIPS_digestfinal"},
-    {ERR_FUNC(FIPS_F_FIPS_DIGESTINIT), "FIPS_digestinit"},
-    {ERR_FUNC(FIPS_F_FIPS_DIGESTUPDATE), "FIPS_digestupdate"},
-    {ERR_FUNC(FIPS_F_FIPS_DRBG_BYTES), "FIPS_DRBG_BYTES"},
-    {ERR_FUNC(FIPS_F_FIPS_DRBG_CHECK), "FIPS_DRBG_CHECK"},
-    {ERR_FUNC(FIPS_F_FIPS_DRBG_CPRNG_TEST), "FIPS_DRBG_CPRNG_TEST"},
-    {ERR_FUNC(FIPS_F_FIPS_DRBG_ERROR_CHECK), "FIPS_DRBG_ERROR_CHECK"},
-    {ERR_FUNC(FIPS_F_FIPS_DRBG_GENERATE), "FIPS_drbg_generate"},
-    {ERR_FUNC(FIPS_F_FIPS_DRBG_INIT), "FIPS_drbg_init"},
-    {ERR_FUNC(FIPS_F_FIPS_DRBG_INSTANTIATE), "FIPS_drbg_instantiate"},
-    {ERR_FUNC(FIPS_F_FIPS_DRBG_NEW), "FIPS_drbg_new"},
-    {ERR_FUNC(FIPS_F_FIPS_DRBG_RESEED), "FIPS_drbg_reseed"},
-    {ERR_FUNC(FIPS_F_FIPS_DRBG_SINGLE_KAT), "FIPS_DRBG_SINGLE_KAT"},
-    {ERR_FUNC(FIPS_F_FIPS_DSA_SIGN_DIGEST), "FIPS_dsa_sign_digest"},
-    {ERR_FUNC(FIPS_F_FIPS_DSA_VERIFY_DIGEST), "FIPS_dsa_verify_digest"},
-    {ERR_FUNC(FIPS_F_FIPS_GET_ENTROPY), "FIPS_GET_ENTROPY"},
-    {ERR_FUNC(FIPS_F_FIPS_MODULE_MODE_SET), "FIPS_module_mode_set"},
-    {ERR_FUNC(FIPS_F_FIPS_PKEY_SIGNATURE_TEST), "fips_pkey_signature_test"},
-    {ERR_FUNC(FIPS_F_FIPS_RAND_ADD), "FIPS_rand_add"},
-    {ERR_FUNC(FIPS_F_FIPS_RAND_BYTES), "FIPS_rand_bytes"},
-    {ERR_FUNC(FIPS_F_FIPS_RAND_PSEUDO_BYTES), "FIPS_rand_pseudo_bytes"},
-    {ERR_FUNC(FIPS_F_FIPS_RAND_SEED), "FIPS_rand_seed"},
-    {ERR_FUNC(FIPS_F_FIPS_RAND_SET_METHOD), "FIPS_rand_set_method"},
-    {ERR_FUNC(FIPS_F_FIPS_RAND_STATUS), "FIPS_rand_status"},
-    {ERR_FUNC(FIPS_F_FIPS_RSA_SIGN_DIGEST), "FIPS_rsa_sign_digest"},
-    {ERR_FUNC(FIPS_F_FIPS_RSA_VERIFY_DIGEST), "FIPS_rsa_verify_digest"},
-    {ERR_FUNC(FIPS_F_FIPS_SELFTEST_AES), "FIPS_selftest_aes"},
-    {ERR_FUNC(FIPS_F_FIPS_SELFTEST_AES_CCM), "FIPS_selftest_aes_ccm"},
-    {ERR_FUNC(FIPS_F_FIPS_SELFTEST_AES_GCM), "FIPS_selftest_aes_gcm"},
-    {ERR_FUNC(FIPS_F_FIPS_SELFTEST_AES_XTS), "FIPS_selftest_aes_xts"},
-    {ERR_FUNC(FIPS_F_FIPS_SELFTEST_CMAC), "FIPS_selftest_cmac"},
-    {ERR_FUNC(FIPS_F_FIPS_SELFTEST_DES), "FIPS_selftest_des"},
-    {ERR_FUNC(FIPS_F_FIPS_SELFTEST_DSA), "FIPS_selftest_dsa"},
-    {ERR_FUNC(FIPS_F_FIPS_SELFTEST_ECDSA), "FIPS_selftest_ecdsa"},
-    {ERR_FUNC(FIPS_F_FIPS_SELFTEST_HMAC), "FIPS_selftest_hmac"},
-    {ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA1), "FIPS_selftest_sha1"},
-    {ERR_FUNC(FIPS_F_FIPS_SELFTEST_X931), "FIPS_selftest_x931"},
-    {ERR_FUNC(FIPS_F_FIPS_SET_PRNG_KEY), "FIPS_SET_PRNG_KEY"},
-    {ERR_FUNC(FIPS_F_HASH_FINAL), "HASH_FINAL"},
-    {ERR_FUNC(FIPS_F_RSA_BUILTIN_KEYGEN), "RSA_BUILTIN_KEYGEN"},
-    {ERR_FUNC(FIPS_F_RSA_EAY_INIT), "RSA_EAY_INIT"},
-    {ERR_FUNC(FIPS_F_RSA_EAY_PRIVATE_DECRYPT), "RSA_EAY_PRIVATE_DECRYPT"},
-    {ERR_FUNC(FIPS_F_RSA_EAY_PRIVATE_ENCRYPT), "RSA_EAY_PRIVATE_ENCRYPT"},
-    {ERR_FUNC(FIPS_F_RSA_EAY_PUBLIC_DECRYPT), "RSA_EAY_PUBLIC_DECRYPT"},
-    {ERR_FUNC(FIPS_F_RSA_EAY_PUBLIC_ENCRYPT), "RSA_EAY_PUBLIC_ENCRYPT"},
-    {ERR_FUNC(FIPS_F_RSA_X931_GENERATE_KEY_EX), "RSA_X931_generate_key_ex"},
-    {0, NULL}
-};
-
-static ERR_STRING_DATA FIPS_str_reasons[] = {
-    {ERR_REASON(FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED),
-     "additional input error undetected"},
-    {ERR_REASON(FIPS_R_ADDITIONAL_INPUT_TOO_LONG),
-     "additional input too long"},
-    {ERR_REASON(FIPS_R_ALREADY_INSTANTIATED), "already instantiated"},
-    {ERR_REASON(FIPS_R_AUTHENTICATION_FAILURE), "authentication failure"},
-    {ERR_REASON(FIPS_R_CONTRADICTING_EVIDENCE), "contradicting evidence"},
-    {ERR_REASON(FIPS_R_DRBG_NOT_INITIALISED), "drbg not initialised"},
-    {ERR_REASON(FIPS_R_DRBG_STUCK), "drbg stuck"},
-    {ERR_REASON(FIPS_R_ENTROPY_ERROR_UNDETECTED), "entropy error undetected"},
-    {ERR_REASON(FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED),
-     "entropy not requested for reseed"},
-    {ERR_REASON(FIPS_R_ENTROPY_SOURCE_STUCK), "entropy source stuck"},
-    {ERR_REASON(FIPS_R_ERROR_INITIALISING_DRBG), "error initialising drbg"},
-    {ERR_REASON(FIPS_R_ERROR_INSTANTIATING_DRBG), "error instantiating drbg"},
-    {ERR_REASON(FIPS_R_ERROR_RETRIEVING_ADDITIONAL_INPUT),
-     "error retrieving additional input"},
-    {ERR_REASON(FIPS_R_ERROR_RETRIEVING_ENTROPY), "error retrieving entropy"},
-    {ERR_REASON(FIPS_R_ERROR_RETRIEVING_NONCE), "error retrieving nonce"},
-    {ERR_REASON(FIPS_R_FINGERPRINT_DOES_NOT_MATCH),
-     "fingerprint does not match"},
-    {ERR_REASON(FIPS_R_FINGERPRINT_DOES_NOT_MATCH_NONPIC_RELOCATED),
-     "fingerprint does not match nonpic relocated"},
-    {ERR_REASON(FIPS_R_FINGERPRINT_DOES_NOT_MATCH_SEGMENT_ALIASING),
-     "fingerprint does not match segment aliasing"},
-    {ERR_REASON(FIPS_R_FIPS_MODE_ALREADY_SET), "fips mode already set"},
-    {ERR_REASON(FIPS_R_FIPS_SELFTEST_FAILED), "fips selftest failed"},
-    {ERR_REASON(FIPS_R_FUNCTION_ERROR), "function error"},
-    {ERR_REASON(FIPS_R_GENERATE_ERROR), "generate error"},
-    {ERR_REASON(FIPS_R_GENERATE_ERROR_UNDETECTED),
-     "generate error undetected"},
-    {ERR_REASON(FIPS_R_INSTANTIATE_ERROR), "instantiate error"},
-    {ERR_REASON(FIPS_R_INSUFFICIENT_SECURITY_STRENGTH),
-     "insufficient security strength"},
-    {ERR_REASON(FIPS_R_INTERNAL_ERROR), "internal error"},
-    {ERR_REASON(FIPS_R_INVALID_KEY_LENGTH), "invalid key length"},
-    {ERR_REASON(FIPS_R_INVALID_PARAMETERS), "invalid parameters"},
-    {ERR_REASON(FIPS_R_IN_ERROR_STATE), "in error state"},
-    {ERR_REASON(FIPS_R_KEY_TOO_SHORT), "key too short"},
-    {ERR_REASON(FIPS_R_NONCE_ERROR_UNDETECTED), "nonce error undetected"},
-    {ERR_REASON(FIPS_R_NON_FIPS_METHOD), "non fips method"},
-    {ERR_REASON(FIPS_R_NOPR_TEST1_FAILURE), "nopr test1 failure"},
-    {ERR_REASON(FIPS_R_NOPR_TEST2_FAILURE), "nopr test2 failure"},
-    {ERR_REASON(FIPS_R_NOT_INSTANTIATED), "not instantiated"},
-    {ERR_REASON(FIPS_R_PAIRWISE_TEST_FAILED), "pairwise test failed"},
-    {ERR_REASON(FIPS_R_PERSONALISATION_ERROR_UNDETECTED),
-     "personalisation error undetected"},
-    {ERR_REASON(FIPS_R_PERSONALISATION_STRING_TOO_LONG),
-     "personalisation string too long"},
-    {ERR_REASON(FIPS_R_PRNG_STRENGTH_TOO_LOW), "prng strength too low"},
-    {ERR_REASON(FIPS_R_PR_TEST1_FAILURE), "pr test1 failure"},
-    {ERR_REASON(FIPS_R_PR_TEST2_FAILURE), "pr test2 failure"},
-    {ERR_REASON(FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED),
-     "request length error undetected"},
-    {ERR_REASON(FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG),
-     "request too large for drbg"},
-    {ERR_REASON(FIPS_R_RESEED_COUNTER_ERROR), "reseed counter error"},
-    {ERR_REASON(FIPS_R_RESEED_ERROR), "reseed error"},
-    {ERR_REASON(FIPS_R_SELFTEST_FAILED), "selftest failed"},
-    {ERR_REASON(FIPS_R_SELFTEST_FAILURE), "selftest failure"},
-    {ERR_REASON(FIPS_R_STRENGTH_ERROR_UNDETECTED),
-     "strength error undetected"},
-    {ERR_REASON(FIPS_R_TEST_FAILURE), "test failure"},
-    {ERR_REASON(FIPS_R_UNINSTANTIATE_ERROR), "uninstantiate error"},
-    {ERR_REASON(FIPS_R_UNINSTANTIATE_ZEROISE_ERROR),
-     "uninstantiate zeroise error"},
-    {ERR_REASON(FIPS_R_UNSUPPORTED_DRBG_TYPE), "unsupported drbg type"},
-    {ERR_REASON(FIPS_R_UNSUPPORTED_PLATFORM), "unsupported platform"},
-    {0, NULL}
-};
-
-#endif
-
-void ERR_load_FIPS_strings(void)
-{
-#ifndef OPENSSL_NO_ERR
-
-    if (ERR_func_error_string(FIPS_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, FIPS_str_functs);
-        ERR_load_strings(0, FIPS_str_reasons);
-    }
-#endif
-}
diff --git a/freebsd/crypto/openssl/crypto/fips_ers.c b/freebsd/crypto/openssl/crypto/fips_ers.c
deleted file mode 100644
index d95894e9..00000000
--- a/freebsd/crypto/openssl/crypto/fips_ers.c
+++ /dev/null
@@ -1,9 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-#include <openssl/opensslconf.h>
-
-#ifdef OPENSSL_FIPS
-# include "fips_err.h"
-#else
-static void *dummy = &dummy;
-#endif
diff --git a/freebsd/crypto/openssl/crypto/hmac/hm_ameth.c b/freebsd/crypto/openssl/crypto/hmac/hm_ameth.c
index 5945106f..cde87f54 100644
--- a/freebsd/crypto/openssl/crypto/hmac/hm_ameth.c
+++ b/freebsd/crypto/openssl/crypto/hmac/hm_ameth.c
@@ -1,69 +1,19 @@
 #include <machine/rtems-bsd-user-space.h>
 
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2007.
- */
-/* ====================================================================
- * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/evp.h>
-#include "asn1_locl.h"
-
-#define HMAC_TEST_PRIVATE_KEY_FORMAT
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
 
 /*
  * HMAC "ASN1" method. This is just here to indicate the maximum HMAC output
@@ -77,7 +27,7 @@ static int hmac_size(const EVP_PKEY *pkey)
 
 static void hmac_key_free(EVP_PKEY *pkey)
 {
-    ASN1_OCTET_STRING *os = (ASN1_OCTET_STRING *)pkey->pkey.ptr;
+    ASN1_OCTET_STRING *os = EVP_PKEY_get0(pkey);
     if (os) {
         if (os->data)
             OPENSSL_cleanse(os->data, os->length);
@@ -97,50 +47,51 @@ static int hmac_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
     }
 }
 
-#ifdef HMAC_TEST_PRIVATE_KEY_FORMAT
-/*
- * A bogus private key format for test purposes. This is simply the HMAC key
- * with "HMAC PRIVATE KEY" in the headers. When enabled the genpkey utility
- * can be used to "generate" HMAC keys.
- */
+static int hmac_pkey_public_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+    return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b));
+}
 
-static int old_hmac_decode(EVP_PKEY *pkey,
-                           const unsigned char **pder, int derlen)
+static int hmac_set_priv_key(EVP_PKEY *pkey, const unsigned char *priv,
+                             size_t len)
 {
     ASN1_OCTET_STRING *os;
+
+    if (pkey->pkey.ptr != NULL)
+        return 0;
+
     os = ASN1_OCTET_STRING_new();
-    if (!os || !ASN1_OCTET_STRING_set(os, *pder, derlen))
-        goto err;
-    if (!EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, os))
-        goto err;
-    return 1;
+    if (os == NULL)
+        return 0;
+
 
- err:
-    ASN1_OCTET_STRING_free(os);
-    return 0;
+    if (!ASN1_OCTET_STRING_set(os, priv, len)) {
+        ASN1_OCTET_STRING_free(os);
+        return 0;
+    }
+
+    pkey->pkey.ptr = os;
+    return 1;
 }
 
-static int old_hmac_encode(const EVP_PKEY *pkey, unsigned char **pder)
+static int hmac_get_priv_key(const EVP_PKEY *pkey, unsigned char *priv,
+                             size_t *len)
 {
-    int inc;
     ASN1_OCTET_STRING *os = (ASN1_OCTET_STRING *)pkey->pkey.ptr;
-    if (pder) {
-        if (!*pder) {
-            *pder = OPENSSL_malloc(os->length);
-            inc = 0;
-        } else
-            inc = 1;
 
-        memcpy(*pder, os->data, os->length);
-
-        if (inc)
-            *pder += os->length;
+    if (priv == NULL) {
+        *len = ASN1_STRING_length(os);
+        return 1;
     }
 
-    return os->length;
-}
+    if (os == NULL || *len < (size_t)ASN1_STRING_length(os))
+        return 0;
+
+    *len = ASN1_STRING_length(os);
+    memcpy(priv, ASN1_STRING_get0_data(os), *len);
 
-#endif
+    return 1;
+}
 
 const EVP_PKEY_ASN1_METHOD hmac_asn1_meth = {
     EVP_PKEY_HMAC,
@@ -150,20 +101,29 @@ const EVP_PKEY_ASN1_METHOD hmac_asn1_meth = {
     "HMAC",
     "OpenSSL HMAC method",
 
-    0, 0, 0, 0,
+    0, 0, hmac_pkey_public_cmp, 0,
 
     0, 0, 0,
 
     hmac_size,
-    0,
+    0, 0,
     0, 0, 0, 0, 0, 0, 0,
 
     hmac_key_free,
     hmac_pkey_ctrl,
-#ifdef HMAC_TEST_PRIVATE_KEY_FORMAT
-    old_hmac_decode,
-    old_hmac_encode
-#else
-    0, 0
-#endif
+    NULL,
+    NULL,
+
+    NULL,
+    NULL,
+    NULL,
+
+    NULL,
+    NULL,
+    NULL,
+
+    hmac_set_priv_key,
+    NULL,
+    hmac_get_priv_key,
+    NULL,
 };
diff --git a/freebsd/crypto/openssl/crypto/hmac/hm_pmeth.c b/freebsd/crypto/openssl/crypto/hmac/hm_pmeth.c
index 123b76aa..ab850a5f 100644
--- a/freebsd/crypto/openssl/crypto/hmac/hm_pmeth.c
+++ b/freebsd/crypto/openssl/crypto/hmac/hm_pmeth.c
@@ -1,91 +1,45 @@
 #include <machine/rtems-bsd-user-space.h>
 
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2007.
- */
-/* ====================================================================
- * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
-#include "evp_locl.h"
+#include <openssl/err.h>
+#include "internal/evp_int.h"
 
 /* HMAC pkey context structure */
 
 typedef struct {
     const EVP_MD *md;           /* MD for HMAC use */
     ASN1_OCTET_STRING ktmp;     /* Temp storage for key */
-    HMAC_CTX ctx;
+    HMAC_CTX *ctx;
 } HMAC_PKEY_CTX;
 
 static int pkey_hmac_init(EVP_PKEY_CTX *ctx)
 {
     HMAC_PKEY_CTX *hctx;
-    hctx = OPENSSL_malloc(sizeof(HMAC_PKEY_CTX));
-    if (!hctx)
+
+    if ((hctx = OPENSSL_zalloc(sizeof(*hctx))) == NULL) {
+        CRYPTOerr(CRYPTO_F_PKEY_HMAC_INIT, ERR_R_MALLOC_FAILURE);
         return 0;
-    hctx->md = NULL;
-    hctx->ktmp.data = NULL;
-    hctx->ktmp.length = 0;
-    hctx->ktmp.flags = 0;
+    }
     hctx->ktmp.type = V_ASN1_OCTET_STRING;
-    HMAC_CTX_init(&hctx->ctx);
+    hctx->ctx = HMAC_CTX_new();
+    if (hctx->ctx == NULL) {
+        OPENSSL_free(hctx);
+        return 0;
+    }
 
     ctx->data = hctx;
     ctx->keygen_info_count = 0;
@@ -93,39 +47,42 @@ static int pkey_hmac_init(EVP_PKEY_CTX *ctx)
     return 1;
 }
 
+static void pkey_hmac_cleanup(EVP_PKEY_CTX *ctx);
+
 static int pkey_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
 {
     HMAC_PKEY_CTX *sctx, *dctx;
+
+    /* allocate memory for dst->data and a new HMAC_CTX in dst->data->ctx */
     if (!pkey_hmac_init(dst))
         return 0;
-    sctx = src->data;
-    dctx = dst->data;
+    sctx = EVP_PKEY_CTX_get_data(src);
+    dctx = EVP_PKEY_CTX_get_data(dst);
     dctx->md = sctx->md;
-    if (!HMAC_CTX_copy(&dctx->ctx, &sctx->ctx))
+    if (!HMAC_CTX_copy(dctx->ctx, sctx->ctx))
         goto err;
-    if (sctx->ktmp.data != NULL) {
+    if (sctx->ktmp.data) {
         if (!ASN1_OCTET_STRING_set(&dctx->ktmp,
                                    sctx->ktmp.data, sctx->ktmp.length))
             goto err;
     }
     return 1;
- err:
-    HMAC_CTX_cleanup(&dctx->ctx);
-    OPENSSL_free(dctx);
+err:
+    /* release HMAC_CTX in dst->data->ctx and memory allocated for dst->data */
+    pkey_hmac_cleanup (dst);
     return 0;
 }
 
 static void pkey_hmac_cleanup(EVP_PKEY_CTX *ctx)
 {
-    HMAC_PKEY_CTX *hctx = ctx->data;
-    HMAC_CTX_cleanup(&hctx->ctx);
-    if (hctx->ktmp.data) {
-        if (hctx->ktmp.length)
-            OPENSSL_cleanse(hctx->ktmp.data, hctx->ktmp.length);
-        OPENSSL_free(hctx->ktmp.data);
-        hctx->ktmp.data = NULL;
+    HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
+
+    if (hctx != NULL) {
+        HMAC_CTX_free(hctx->ctx);
+        OPENSSL_clear_free(hctx->ktmp.data, hctx->ktmp.length);
+        OPENSSL_free(hctx);
+        EVP_PKEY_CTX_set_data(ctx, NULL);
     }
-    OPENSSL_free(hctx);
 }
 
 static int pkey_hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
@@ -144,8 +101,8 @@ static int pkey_hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
 
 static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count)
 {
-    HMAC_PKEY_CTX *hctx = ctx->pctx->data;
-    if (!HMAC_Update(&hctx->ctx, data, count))
+    HMAC_PKEY_CTX *hctx = EVP_MD_CTX_pkey_ctx(ctx)->data;
+    if (!HMAC_Update(hctx->ctx, data, count))
         return 0;
     return 1;
 }
@@ -153,9 +110,10 @@ static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count)
 static int hmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
 {
     HMAC_PKEY_CTX *hctx = ctx->data;
-    HMAC_CTX_set_flags(&hctx->ctx, mctx->flags & ~EVP_MD_CTX_FLAG_NO_INIT);
+    HMAC_CTX_set_flags(hctx->ctx,
+                       EVP_MD_CTX_test_flags(mctx, ~EVP_MD_CTX_FLAG_NO_INIT));
     EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT);
-    mctx->update = int_update;
+    EVP_MD_CTX_set_update_fn(mctx, int_update);
     return 1;
 }
 
@@ -172,7 +130,7 @@ static int hmac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
     if (!sig)
         return 1;
 
-    if (!HMAC_Final(&hctx->ctx, sig, &hlen))
+    if (!HMAC_Final(hctx->ctx, sig, &hlen))
         return 0;
     *siglen = (size_t)hlen;
     return 1;
@@ -197,7 +155,7 @@ static int pkey_hmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
 
     case EVP_PKEY_CTRL_DIGESTINIT:
         key = (ASN1_OCTET_STRING *)ctx->pkey->pkey.ptr;
-        if (!HMAC_Init_ex(&hctx->ctx, key->data, key->length, hctx->md,
+        if (!HMAC_Init_ex(hctx->ctx, key->data, key->length, hctx->md,
                           ctx->engine))
             return 0;
         break;
@@ -215,21 +173,10 @@ static int pkey_hmac_ctrl_str(EVP_PKEY_CTX *ctx,
     if (!value) {
         return 0;
     }
-    if (!strcmp(type, "key")) {
-        void *p = (void *)value;
-        return pkey_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, -1, p);
-    }
-    if (!strcmp(type, "hexkey")) {
-        unsigned char *key;
-        int r;
-        long keylen;
-        key = string_to_hex(value, &keylen);
-        if (!key)
-            return 0;
-        r = pkey_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, keylen, key);
-        OPENSSL_free(key);
-        return r;
-    }
+    if (strcmp(type, "key") == 0)
+        return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value);
+    if (strcmp(type, "hexkey") == 0)
+        return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value);
     return -2;
 }
 
diff --git a/freebsd/crypto/openssl/crypto/hmac/hmac.c b/freebsd/crypto/openssl/crypto/hmac/hmac.c
index 21895bc0..8d1fd286 100644
--- a/freebsd/crypto/openssl/crypto/hmac/hmac.c
+++ b/freebsd/crypto/openssl/crypto/hmac/hmac.c
@@ -1,104 +1,29 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/hmac/hmac.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/hmac.h>
-
-#ifdef OPENSSL_FIPS
-# include <openssl/fips.h>
-#endif
+#include <openssl/opensslconf.h>
+#include "hmac_lcl.h"
 
 int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
                  const EVP_MD *md, ENGINE *impl)
 {
+    int rv = 0;
     int i, j, reset = 0;
-    unsigned char pad[HMAC_MAX_MD_CBLOCK];
+    unsigned char pad[HMAC_MAX_MD_CBLOCK_SIZE];
 
-#ifdef OPENSSL_FIPS
-    /* If FIPS mode switch to approved implementation if possible */
-    if (FIPS_mode()) {
-        const EVP_MD *fipsmd;
-        if (md) {
-            fipsmd = FIPS_get_digestbynid(EVP_MD_type(md));
-            if (fipsmd)
-                md = fipsmd;
-        }
-    }
-
-    if (FIPS_mode()) {
-        /* If we have an ENGINE need to allow non FIPS */
-        if ((impl || ctx->i_ctx.engine)
-            && !(ctx->i_ctx.flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)) {
-            EVPerr(EVP_F_HMAC_INIT_EX, EVP_R_DISABLED_FOR_FIPS);
-            return 0;
-        }
-        /*
-         * Other algorithm blocking will be done in FIPS_cmac_init, via
-         * FIPS_hmac_init_ex().
-         */
-        if (!impl && !ctx->i_ctx.engine)
-            return FIPS_hmac_init_ex(ctx, key, len, md, NULL);
-    }
-#endif
     /* If we are changing MD then we must have a key */
     if (md != NULL && md != ctx->md && (key == NULL || len < 0))
         return 0;
@@ -115,156 +40,210 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
     if (key != NULL) {
         reset = 1;
         j = EVP_MD_block_size(md);
-        OPENSSL_assert(j <= (int)sizeof(ctx->key));
+        if (!ossl_assert(j <= (int)sizeof(ctx->key)))
+            return 0;
         if (j < len) {
-            if (!EVP_DigestInit_ex(&ctx->md_ctx, md, impl))
-                goto err;
-            if (!EVP_DigestUpdate(&ctx->md_ctx, key, len))
-                goto err;
-            if (!EVP_DigestFinal_ex(&(ctx->md_ctx), ctx->key,
-                                    &ctx->key_length))
-                goto err;
+            if (!EVP_DigestInit_ex(ctx->md_ctx, md, impl)
+                    || !EVP_DigestUpdate(ctx->md_ctx, key, len)
+                    || !EVP_DigestFinal_ex(ctx->md_ctx, ctx->key,
+                                           &ctx->key_length))
+                return 0;
         } else {
             if (len < 0 || len > (int)sizeof(ctx->key))
                 return 0;
             memcpy(ctx->key, key, len);
             ctx->key_length = len;
         }
-        if (ctx->key_length != HMAC_MAX_MD_CBLOCK)
+        if (ctx->key_length != HMAC_MAX_MD_CBLOCK_SIZE)
             memset(&ctx->key[ctx->key_length], 0,
-                   HMAC_MAX_MD_CBLOCK - ctx->key_length);
+                   HMAC_MAX_MD_CBLOCK_SIZE - ctx->key_length);
     }
 
     if (reset) {
-        for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++)
+        for (i = 0; i < HMAC_MAX_MD_CBLOCK_SIZE; i++)
             pad[i] = 0x36 ^ ctx->key[i];
-        if (!EVP_DigestInit_ex(&ctx->i_ctx, md, impl))
-            goto err;
-        if (!EVP_DigestUpdate(&ctx->i_ctx, pad, EVP_MD_block_size(md)))
+        if (!EVP_DigestInit_ex(ctx->i_ctx, md, impl)
+                || !EVP_DigestUpdate(ctx->i_ctx, pad, EVP_MD_block_size(md)))
             goto err;
 
-        for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++)
+        for (i = 0; i < HMAC_MAX_MD_CBLOCK_SIZE; i++)
             pad[i] = 0x5c ^ ctx->key[i];
-        if (!EVP_DigestInit_ex(&ctx->o_ctx, md, impl))
-            goto err;
-        if (!EVP_DigestUpdate(&ctx->o_ctx, pad, EVP_MD_block_size(md)))
+        if (!EVP_DigestInit_ex(ctx->o_ctx, md, impl)
+                || !EVP_DigestUpdate(ctx->o_ctx, pad, EVP_MD_block_size(md)))
             goto err;
     }
-    if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->i_ctx))
+    if (!EVP_MD_CTX_copy_ex(ctx->md_ctx, ctx->i_ctx))
         goto err;
-    return 1;
+    rv = 1;
  err:
-    return 0;
+    if (reset)
+        OPENSSL_cleanse(pad, sizeof(pad));
+    return rv;
 }
 
+#if OPENSSL_API_COMPAT < 0x10100000L
 int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md)
 {
     if (key && md)
-        HMAC_CTX_init(ctx);
+        HMAC_CTX_reset(ctx);
     return HMAC_Init_ex(ctx, key, len, md, NULL);
 }
+#endif
 
 int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
 {
-#ifdef OPENSSL_FIPS
-    if (FIPS_mode() && !ctx->i_ctx.engine)
-        return FIPS_hmac_update(ctx, data, len);
-#endif
     if (!ctx->md)
         return 0;
-
-    return EVP_DigestUpdate(&ctx->md_ctx, data, len);
+    return EVP_DigestUpdate(ctx->md_ctx, data, len);
 }
 
 int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
 {
     unsigned int i;
     unsigned char buf[EVP_MAX_MD_SIZE];
-#ifdef OPENSSL_FIPS
-    if (FIPS_mode() && !ctx->i_ctx.engine)
-        return FIPS_hmac_final(ctx, md, len);
-#endif
 
     if (!ctx->md)
         goto err;
 
-    if (!EVP_DigestFinal_ex(&ctx->md_ctx, buf, &i))
+    if (!EVP_DigestFinal_ex(ctx->md_ctx, buf, &i))
         goto err;
-    if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->o_ctx))
+    if (!EVP_MD_CTX_copy_ex(ctx->md_ctx, ctx->o_ctx))
         goto err;
-    if (!EVP_DigestUpdate(&ctx->md_ctx, buf, i))
+    if (!EVP_DigestUpdate(ctx->md_ctx, buf, i))
         goto err;
-    if (!EVP_DigestFinal_ex(&ctx->md_ctx, md, len))
+    if (!EVP_DigestFinal_ex(ctx->md_ctx, md, len))
         goto err;
     return 1;
  err:
     return 0;
 }
 
-void HMAC_CTX_init(HMAC_CTX *ctx)
+size_t HMAC_size(const HMAC_CTX *ctx)
 {
-    EVP_MD_CTX_init(&ctx->i_ctx);
-    EVP_MD_CTX_init(&ctx->o_ctx);
-    EVP_MD_CTX_init(&ctx->md_ctx);
+    int size = EVP_MD_size((ctx)->md);
+
+    return (size < 0) ? 0 : size;
+}
+
+HMAC_CTX *HMAC_CTX_new(void)
+{
+    HMAC_CTX *ctx = OPENSSL_zalloc(sizeof(HMAC_CTX));
+
+    if (ctx != NULL) {
+        if (!HMAC_CTX_reset(ctx)) {
+            HMAC_CTX_free(ctx);
+            return NULL;
+        }
+    }
+    return ctx;
+}
+
+static void hmac_ctx_cleanup(HMAC_CTX *ctx)
+{
+    EVP_MD_CTX_reset(ctx->i_ctx);
+    EVP_MD_CTX_reset(ctx->o_ctx);
+    EVP_MD_CTX_reset(ctx->md_ctx);
     ctx->md = NULL;
+    ctx->key_length = 0;
+    OPENSSL_cleanse(ctx->key, sizeof(ctx->key));
+}
+
+void HMAC_CTX_free(HMAC_CTX *ctx)
+{
+    if (ctx != NULL) {
+        hmac_ctx_cleanup(ctx);
+        EVP_MD_CTX_free(ctx->i_ctx);
+        EVP_MD_CTX_free(ctx->o_ctx);
+        EVP_MD_CTX_free(ctx->md_ctx);
+        OPENSSL_free(ctx);
+    }
+}
+
+static int hmac_ctx_alloc_mds(HMAC_CTX *ctx)
+{
+    if (ctx->i_ctx == NULL)
+        ctx->i_ctx = EVP_MD_CTX_new();
+    if (ctx->i_ctx == NULL)
+        return 0;
+    if (ctx->o_ctx == NULL)
+        ctx->o_ctx = EVP_MD_CTX_new();
+    if (ctx->o_ctx == NULL)
+        return 0;
+    if (ctx->md_ctx == NULL)
+        ctx->md_ctx = EVP_MD_CTX_new();
+    if (ctx->md_ctx == NULL)
+        return 0;
+    return 1;
+}
+
+int HMAC_CTX_reset(HMAC_CTX *ctx)
+{
+    hmac_ctx_cleanup(ctx);
+    if (!hmac_ctx_alloc_mds(ctx)) {
+        hmac_ctx_cleanup(ctx);
+        return 0;
+    }
+    return 1;
 }
 
 int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx)
 {
-    if (!EVP_MD_CTX_copy(&dctx->i_ctx, &sctx->i_ctx))
+    if (!hmac_ctx_alloc_mds(dctx))
+        goto err;
+    if (!EVP_MD_CTX_copy_ex(dctx->i_ctx, sctx->i_ctx))
         goto err;
-    if (!EVP_MD_CTX_copy(&dctx->o_ctx, &sctx->o_ctx))
+    if (!EVP_MD_CTX_copy_ex(dctx->o_ctx, sctx->o_ctx))
         goto err;
-    if (!EVP_MD_CTX_copy(&dctx->md_ctx, &sctx->md_ctx))
+    if (!EVP_MD_CTX_copy_ex(dctx->md_ctx, sctx->md_ctx))
         goto err;
-    memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK);
+    memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK_SIZE);
     dctx->key_length = sctx->key_length;
     dctx->md = sctx->md;
     return 1;
  err:
+    hmac_ctx_cleanup(dctx);
     return 0;
 }
 
-void HMAC_CTX_cleanup(HMAC_CTX *ctx)
-{
-#ifdef OPENSSL_FIPS
-    if (FIPS_mode() && !ctx->i_ctx.engine) {
-        FIPS_hmac_ctx_cleanup(ctx);
-        return;
-    }
-#endif
-    EVP_MD_CTX_cleanup(&ctx->i_ctx);
-    EVP_MD_CTX_cleanup(&ctx->o_ctx);
-    EVP_MD_CTX_cleanup(&ctx->md_ctx);
-    OPENSSL_cleanse(ctx, sizeof(*ctx));
-}
-
 unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
                     const unsigned char *d, size_t n, unsigned char *md,
                     unsigned int *md_len)
 {
-    HMAC_CTX c;
+    HMAC_CTX *c = NULL;
     static unsigned char m[EVP_MAX_MD_SIZE];
+    static const unsigned char dummy_key[1] = {'\0'};
 
     if (md == NULL)
         md = m;
-    HMAC_CTX_init(&c);
-    if (!HMAC_Init(&c, key, key_len, evp_md))
+    if ((c = HMAC_CTX_new()) == NULL)
+        goto err;
+
+    /* For HMAC_Init_ex, NULL key signals reuse. */
+    if (key == NULL && key_len == 0) {
+        key = dummy_key;
+    }
+
+    if (!HMAC_Init_ex(c, key, key_len, evp_md, NULL))
         goto err;
-    if (!HMAC_Update(&c, d, n))
+    if (!HMAC_Update(c, d, n))
         goto err;
-    if (!HMAC_Final(&c, md, md_len))
+    if (!HMAC_Final(c, md, md_len))
         goto err;
-    HMAC_CTX_cleanup(&c);
+    HMAC_CTX_free(c);
     return md;
  err:
-    HMAC_CTX_cleanup(&c);
+    HMAC_CTX_free(c);
     return NULL;
 }
 
 void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)
 {
-    EVP_MD_CTX_set_flags(&ctx->i_ctx, flags);
-    EVP_MD_CTX_set_flags(&ctx->o_ctx, flags);
-    EVP_MD_CTX_set_flags(&ctx->md_ctx, flags);
+    EVP_MD_CTX_set_flags(ctx->i_ctx, flags);
+    EVP_MD_CTX_set_flags(ctx->o_ctx, flags);
+    EVP_MD_CTX_set_flags(ctx->md_ctx, flags);
+}
+
+const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx)
+{
+    return ctx->md;
 }
diff --git a/freebsd/crypto/openssl/crypto/hmac/hmac.h b/freebsd/crypto/openssl/crypto/hmac/hmac.h
deleted file mode 100644
index b8b55cda..00000000
--- a/freebsd/crypto/openssl/crypto/hmac/hmac.h
+++ /dev/null
@@ -1,109 +0,0 @@
-/* crypto/hmac/hmac.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-#ifndef HEADER_HMAC_H
-# define HEADER_HMAC_H
-
-# include <openssl/opensslconf.h>
-
-# ifdef OPENSSL_NO_HMAC
-#  error HMAC is disabled.
-# endif
-
-# include <openssl/evp.h>
-
-# define HMAC_MAX_MD_CBLOCK      128/* largest known is SHA512 */
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-typedef struct hmac_ctx_st {
-    const EVP_MD *md;
-    EVP_MD_CTX md_ctx;
-    EVP_MD_CTX i_ctx;
-    EVP_MD_CTX o_ctx;
-    unsigned int key_length;
-    unsigned char key[HMAC_MAX_MD_CBLOCK];
-} HMAC_CTX;
-
-# define HMAC_size(e)    (EVP_MD_size((e)->md))
-
-void HMAC_CTX_init(HMAC_CTX *ctx);
-void HMAC_CTX_cleanup(HMAC_CTX *ctx);
-
-/* deprecated */
-# define HMAC_cleanup(ctx) HMAC_CTX_cleanup(ctx)
-
-/* deprecated */
-int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md);
-int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
-                 const EVP_MD *md, ENGINE *impl);
-int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len);
-int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
-unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
-                    const unsigned char *d, size_t n, unsigned char *md,
-                    unsigned int *md_len);
-int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx);
-
-void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags);
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/freebsd/crypto/openssl/crypto/hmac/hmac_lcl.h b/freebsd/crypto/openssl/crypto/hmac/hmac_lcl.h
new file mode 100644
index 00000000..8fd83456
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/hmac/hmac_lcl.h
@@ -0,0 +1,25 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_HMAC_LCL_H
+# define HEADER_HMAC_LCL_H
+
+/* The current largest case is for SHA3-224 */
+#define HMAC_MAX_MD_CBLOCK_SIZE     144
+
+struct hmac_ctx_st {
+    const EVP_MD *md;
+    EVP_MD_CTX *md_ctx;
+    EVP_MD_CTX *i_ctx;
+    EVP_MD_CTX *o_ctx;
+    unsigned int key_length;
+    unsigned char key[HMAC_MAX_MD_CBLOCK_SIZE];
+};
+
+#endif
diff --git a/freebsd/crypto/openssl/crypto/hmac/hmactest.c b/freebsd/crypto/openssl/crypto/hmac/hmactest.c
deleted file mode 100644
index ed2be174..00000000
--- a/freebsd/crypto/openssl/crypto/hmac/hmactest.c
+++ /dev/null
@@ -1,337 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/hmac/hmactest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-#include "../e_os.h"
-
-#ifdef OPENSSL_NO_HMAC
-int main(int argc, char *argv[])
-{
-    printf("No HMAC support\n");
-    return (0);
-}
-#else
-# include <openssl/hmac.h>
-# ifndef OPENSSL_NO_MD5
-#  include <openssl/md5.h>
-# endif
-
-# ifdef CHARSET_EBCDIC
-#  include <openssl/ebcdic.h>
-# endif
-
-# ifndef OPENSSL_NO_MD5
-static struct test_st {
-    unsigned char key[16];
-    int key_len;
-    unsigned char data[64];
-    int data_len;
-    unsigned char *digest;
-} test[8] = {
-    {
-        "", 0, "More text test vectors to stuff up EBCDIC machines :-)", 54,
-        (unsigned char *)"e9139d1e6ee064ef8cf514fc7dc83e86",
-    },
-    {
-        {
-            0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
-            0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
-        }, 16, "Hi There", 8,
-        (unsigned char *)"9294727a3638bb1c13f48ef8158bfc9d",
-    },
-    {
-        "Jefe", 4, "what do ya want for nothing?", 28,
-        (unsigned char *)"750c783e6ab0b503eaa86e310a5db738",
-    },
-    {
-        {
-            0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
-            0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
-        }, 16, {
-            0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
-            0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
-            0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
-            0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
-            0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd
-        }, 50, (unsigned char *)"56be34521d144c88dbb8c733f0e8b3f6",
-    },
-    {
-        "", 0, "My test data", 12,
-        (unsigned char *)"61afdecb95429ef494d61fdee15990cabf0826fc"
-    },
-    {
-        "", 0, "My test data", 12,
-        (unsigned char *)"2274b195d90ce8e03406f4b526a47e0787a88a65479938f1a5baa3ce0f079776"
-    },
-    {
-        "123456", 6, "My test data", 12,
-        (unsigned char *)"bab53058ae861a7f191abe2d0145cbb123776a6369ee3f9d79ce455667e411dd"
-    },
-    {
-        "12345", 5, "My test data again", 12,
-        (unsigned char *)"7dbe8c764c068e3bcd6e6b0fbcd5e6fc197b15bb"
-    }
-};
-# endif
-
-static char *pt(unsigned char *md, unsigned int len);
-
-int main(int argc, char *argv[])
-{
-# ifndef OPENSSL_NO_MD5
-    int i;
-    char *p;
-# endif
-    int err = 0;
-    HMAC_CTX ctx, ctx2;
-    unsigned char buf[EVP_MAX_MD_SIZE];
-    unsigned int len;
-
-# ifdef OPENSSL_NO_MD5
-    printf("test skipped: MD5 disabled\n");
-# else
-
-#  ifdef CHARSET_EBCDIC
-    ebcdic2ascii(test[0].data, test[0].data, test[0].data_len);
-    ebcdic2ascii(test[1].data, test[1].data, test[1].data_len);
-    ebcdic2ascii(test[2].key, test[2].key, test[2].key_len);
-    ebcdic2ascii(test[2].data, test[2].data, test[2].data_len);
-#  endif
-
-    for (i = 0; i < 4; i++) {
-        p = pt(HMAC(EVP_md5(),
-                    test[i].key, test[i].key_len,
-                    test[i].data, test[i].data_len, NULL, NULL),
-                    MD5_DIGEST_LENGTH);
-
-        if (strcmp(p, (char *)test[i].digest) != 0) {
-            printf("Error calculating HMAC on %d entry'\n", i);
-            printf("got %s instead of %s\n", p, test[i].digest);
-            err++;
-        } else
-            printf("test %d ok\n", i);
-    }
-# endif                         /* OPENSSL_NO_MD5 */
-
-/* test4 */
-    HMAC_CTX_init(&ctx);
-    if (HMAC_Init_ex(&ctx, NULL, 0, NULL, NULL)) {
-        printf("Should fail to initialise HMAC with empty MD and key (test 4)\n");
-        err++;
-        goto test5;
-    }
-    if (HMAC_Update(&ctx, test[4].data, test[4].data_len)) {
-        printf("Should fail HMAC_Update with ctx not set up (test 4)\n");
-        err++;
-        goto test5;
-    }
-    if (HMAC_Init_ex(&ctx, NULL, 0, EVP_sha1(), NULL)) {
-        printf("Should fail to initialise HMAC with empty key (test 4)\n");
-        err++;
-        goto test5;
-    }
-    if (HMAC_Update(&ctx, test[4].data, test[4].data_len)) {
-        printf("Should fail HMAC_Update with ctx not set up (test 4)\n");
-        err++;
-        goto test5;
-    }
-    printf("test 4 ok\n");
-test5:
-    HMAC_CTX_cleanup(&ctx);
-    HMAC_CTX_init(&ctx);
-    if (HMAC_Init_ex(&ctx, test[4].key, test[4].key_len, NULL, NULL)) {
-        printf("Should fail to initialise HMAC with empty MD (test 5)\n");
-        err++;
-        goto test6;
-    }
-    if (HMAC_Update(&ctx, test[4].data, test[4].data_len)) {
-        printf("Should fail HMAC_Update with ctx not set up (test 5)\n");
-        err++;
-        goto test6;
-    }
-    if (HMAC_Init_ex(&ctx, test[4].key, -1, EVP_sha1(), NULL)) {
-        printf("Should fail to initialise HMAC with invalid key len(test 5)\n");
-        err++;
-        goto test6;
-    }
-    if (!HMAC_Init_ex(&ctx, test[4].key, test[4].key_len, EVP_sha1(), NULL)) {
-        printf("Failed to initialise HMAC (test 5)\n");
-        err++;
-        goto test6;
-    }
-    if (!HMAC_Update(&ctx, test[4].data, test[4].data_len)) {
-        printf("Error updating HMAC with data (test 5)\n");
-        err++;
-        goto test6;
-    }
-    if (!HMAC_Final(&ctx, buf, &len)) {
-        printf("Error finalising data (test 5)\n");
-        err++;
-        goto test6;
-    }
-    p = pt(buf, len);
-    if (strcmp(p, (char *)test[4].digest) != 0) {
-        printf("Error calculating interim HMAC on test 5\n");
-        printf("got %s instead of %s\n", p, test[4].digest);
-        err++;
-        goto test6;
-    }
-    if (HMAC_Init_ex(&ctx, NULL, 0, EVP_sha256(), NULL)) {
-        printf("Should disallow changing MD without a new key (test 5)\n");
-        err++;
-        goto test6;
-    }
-    if (!HMAC_Init_ex(&ctx, test[4].key, test[4].key_len, EVP_sha256(), NULL)) {
-        printf("Failed to reinitialise HMAC (test 5)\n");
-        err++;
-        goto test6;
-    }
-    if (!HMAC_Update(&ctx, test[5].data, test[5].data_len)) {
-        printf("Error updating HMAC with data (sha256) (test 5)\n");
-        err++;
-        goto test6;
-    }
-    if (!HMAC_Final(&ctx, buf, &len)) {
-        printf("Error finalising data (sha256) (test 5)\n");
-        err++;
-        goto test6;
-    }
-    p = pt(buf, len);
-    if (strcmp(p, (char *)test[5].digest) != 0) {
-        printf("Error calculating 2nd interim HMAC on test 5\n");
-        printf("got %s instead of %s\n", p, test[5].digest);
-        err++;
-        goto test6;
-    }
-    if (!HMAC_Init_ex(&ctx, test[6].key, test[6].key_len, NULL, NULL)) {
-        printf("Failed to reinitialise HMAC with key (test 5)\n");
-        err++;
-        goto test6;
-    }
-    if (!HMAC_Update(&ctx, test[6].data, test[6].data_len)) {
-        printf("Error updating HMAC with data (new key) (test 5)\n");
-        err++;
-        goto test6;
-    }
-    if (!HMAC_Final(&ctx, buf, &len)) {
-        printf("Error finalising data (new key) (test 5)\n");
-        err++;
-        goto test6;
-    }
-    p = pt(buf, len);
-    if (strcmp(p, (char *)test[6].digest) != 0) {
-        printf("error calculating HMAC on test 5\n");
-        printf("got %s instead of %s\n", p, test[6].digest);
-        err++;
-    } else {
-        printf("test 5 ok\n");
-    }
-test6:
-    HMAC_CTX_cleanup(&ctx);
-    HMAC_CTX_init(&ctx);
-    if (!HMAC_Init_ex(&ctx, test[7].key, test[7].key_len, EVP_sha1(), NULL)) {
-        printf("Failed to initialise HMAC (test 6)\n");
-        err++;
-        goto end;
-    }
-    if (!HMAC_Update(&ctx, test[7].data, test[7].data_len)) {
-        printf("Error updating HMAC with data (test 6)\n");
-        err++;
-        goto end;
-    }
-    if (!HMAC_CTX_copy(&ctx2, &ctx)) {
-        printf("Failed to copy HMAC_CTX (test 6)\n");
-        err++;
-        goto end;
-    }
-    if (!HMAC_Final(&ctx2, buf, &len)) {
-        printf("Error finalising data (test 6)\n");
-        err++;
-        goto end;
-    }
-    p = pt(buf, len);
-    if (strcmp(p, (char *)test[7].digest) != 0) {
-        printf("Error calculating HMAC on test 6\n");
-        printf("got %s instead of %s\n", p, test[7].digest);
-        err++;
-    } else {
-        printf("test 6 ok\n");
-    }
-end:
-    HMAC_CTX_cleanup(&ctx);
-    EXIT(err);
-    return (0);
-}
-
-# ifndef OPENSSL_NO_MD5
-static char *pt(unsigned char *md, unsigned int len)
-{
-    unsigned int i;
-    static char buf[80];
-
-    for (i = 0; i < len; i++)
-        sprintf(&(buf[i * 2]), "%02x", md[i]);
-    return (buf);
-}
-# endif
-#endif
diff --git a/freebsd/crypto/openssl/crypto/idea/i_cbc.c b/freebsd/crypto/openssl/crypto/idea/i_cbc.c
index 5f130405..d5f7f055 100644
--- a/freebsd/crypto/openssl/crypto/idea/i_cbc.c
+++ b/freebsd/crypto/openssl/crypto/idea/i_cbc.c
@@ -1,67 +1,18 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/idea/i_cbc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/idea.h>
 #include "idea_lcl.h"
 
-void idea_cbc_encrypt(const unsigned char *in, unsigned char *out,
+void IDEA_cbc_encrypt(const unsigned char *in, unsigned char *out,
                       long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,
                       int encrypt)
 {
@@ -81,7 +32,7 @@ void idea_cbc_encrypt(const unsigned char *in, unsigned char *out,
             tin1 ^= tout1;
             tin[0] = tin0;
             tin[1] = tin1;
-            idea_encrypt(tin, ks);
+            IDEA_encrypt(tin, ks);
             tout0 = tin[0];
             l2n(tout0, out);
             tout1 = tin[1];
@@ -93,7 +44,7 @@ void idea_cbc_encrypt(const unsigned char *in, unsigned char *out,
             tin1 ^= tout1;
             tin[0] = tin0;
             tin[1] = tin1;
-            idea_encrypt(tin, ks);
+            IDEA_encrypt(tin, ks);
             tout0 = tin[0];
             l2n(tout0, out);
             tout1 = tin[1];
@@ -110,7 +61,7 @@ void idea_cbc_encrypt(const unsigned char *in, unsigned char *out,
             tin[0] = tin0;
             n2l(in, tin1);
             tin[1] = tin1;
-            idea_encrypt(tin, ks);
+            IDEA_encrypt(tin, ks);
             tout0 = tin[0] ^ xor0;
             tout1 = tin[1] ^ xor1;
             l2n(tout0, out);
@@ -123,7 +74,7 @@ void idea_cbc_encrypt(const unsigned char *in, unsigned char *out,
             tin[0] = tin0;
             n2l(in, tin1);
             tin[1] = tin1;
-            idea_encrypt(tin, ks);
+            IDEA_encrypt(tin, ks);
             tout0 = tin[0] ^ xor0;
             tout1 = tin[1] ^ xor1;
             l2nn(tout0, tout1, out, l + 8);
@@ -137,7 +88,7 @@ void idea_cbc_encrypt(const unsigned char *in, unsigned char *out,
     tin[0] = tin[1] = 0;
 }
 
-void idea_encrypt(unsigned long *d, IDEA_KEY_SCHEDULE *key)
+void IDEA_encrypt(unsigned long *d, IDEA_KEY_SCHEDULE *key)
 {
     register IDEA_INT *p;
     register unsigned long x1, x2, x3, x4, t0, t1, ul;
diff --git a/freebsd/crypto/openssl/crypto/idea/i_cfb64.c b/freebsd/crypto/openssl/crypto/idea/i_cfb64.c
index 0091a9a1..e8d12aff 100644
--- a/freebsd/crypto/openssl/crypto/idea/i_cfb64.c
+++ b/freebsd/crypto/openssl/crypto/idea/i_cfb64.c
@@ -1,61 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/idea/i_cfb64.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/idea.h>
@@ -67,7 +18,7 @@
  * used is contained in *num;
  */
 
-void idea_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+void IDEA_cfb64_encrypt(const unsigned char *in, unsigned char *out,
                         long length, IDEA_KEY_SCHEDULE *schedule,
                         unsigned char *ivec, int *num, int encrypt)
 {
@@ -85,7 +36,7 @@ void idea_cfb64_encrypt(const unsigned char *in, unsigned char *out,
                 ti[0] = v0;
                 n2l(iv, v1);
                 ti[1] = v1;
-                idea_encrypt((unsigned long *)ti, schedule);
+                IDEA_encrypt((unsigned long *)ti, schedule);
                 iv = (unsigned char *)ivec;
                 t = ti[0];
                 l2n(t, iv);
@@ -105,7 +56,7 @@ void idea_cfb64_encrypt(const unsigned char *in, unsigned char *out,
                 ti[0] = v0;
                 n2l(iv, v1);
                 ti[1] = v1;
-                idea_encrypt((unsigned long *)ti, schedule);
+                IDEA_encrypt((unsigned long *)ti, schedule);
                 iv = (unsigned char *)ivec;
                 t = ti[0];
                 l2n(t, iv);
diff --git a/freebsd/crypto/openssl/crypto/idea/i_ecb.c b/freebsd/crypto/openssl/crypto/idea/i_ecb.c
index be51d6cd..5878fab6 100644
--- a/freebsd/crypto/openssl/crypto/idea/i_ecb.c
+++ b/freebsd/crypto/openssl/crypto/idea/i_ecb.c
@@ -1,78 +1,24 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/idea/i_ecb.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/idea.h>
 #include "idea_lcl.h"
 #include <openssl/opensslv.h>
 
-const char IDEA_version[] = "IDEA" OPENSSL_VERSION_PTEXT;
-
-const char *idea_options(void)
+const char *IDEA_options(void)
 {
-    if (sizeof(short) != sizeof(IDEA_INT))
-        return ("idea(int)");
-    else
-        return ("idea(short)");
+    return "idea(int)";
 }
 
-void idea_ecb_encrypt(const unsigned char *in, unsigned char *out,
+void IDEA_ecb_encrypt(const unsigned char *in, unsigned char *out,
                       IDEA_KEY_SCHEDULE *ks)
 {
     unsigned long l0, l1, d[2];
@@ -81,7 +27,7 @@ void idea_ecb_encrypt(const unsigned char *in, unsigned char *out,
     d[0] = l0;
     n2l(in, l1);
     d[1] = l1;
-    idea_encrypt(d, ks);
+    IDEA_encrypt(d, ks);
     l0 = d[0];
     l2n(l0, out);
     l1 = d[1];
diff --git a/freebsd/crypto/openssl/crypto/idea/i_ofb64.c b/freebsd/crypto/openssl/crypto/idea/i_ofb64.c
index bf45fe13..edd7d0f8 100644
--- a/freebsd/crypto/openssl/crypto/idea/i_ofb64.c
+++ b/freebsd/crypto/openssl/crypto/idea/i_ofb64.c
@@ -1,61 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/idea/i_ofb64.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/idea.h>
@@ -66,7 +17,7 @@
  * The extra state information to record how much of the 64bit block we have
  * used is contained in *num;
  */
-void idea_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+void IDEA_ofb64_encrypt(const unsigned char *in, unsigned char *out,
                         long length, IDEA_KEY_SCHEDULE *schedule,
                         unsigned char *ivec, int *num)
 {
@@ -89,7 +40,7 @@ void idea_ofb64_encrypt(const unsigned char *in, unsigned char *out,
     l2n(v1, dp);
     while (l--) {
         if (n == 0) {
-            idea_encrypt((unsigned long *)ti, schedule);
+            IDEA_encrypt((unsigned long *)ti, schedule);
             dp = (char *)d;
             t = ti[0];
             l2n(t, dp);
diff --git a/freebsd/crypto/openssl/crypto/idea/i_skey.c b/freebsd/crypto/openssl/crypto/idea/i_skey.c
index 6a1ff724..99efd560 100644
--- a/freebsd/crypto/openssl/crypto/idea/i_skey.c
+++ b/freebsd/crypto/openssl/crypto/idea/i_skey.c
@@ -1,78 +1,19 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/idea/i_skey.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include <openssl/crypto.h>
 #include <openssl/idea.h>
 #include "idea_lcl.h"
 
 static IDEA_INT inverse(unsigned int xin);
-void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks)
-#ifdef OPENSSL_FIPS
-{
-    fips_cipher_abort(IDEA);
-    private_idea_set_encrypt_key(key, ks);
-}
-
-void private_idea_set_encrypt_key(const unsigned char *key,
-                                  IDEA_KEY_SCHEDULE *ks)
-#endif
+void IDEA_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks)
 {
     int i;
     register IDEA_INT *kt, *kf, r0, r1, r2;
@@ -112,7 +53,7 @@ void private_idea_set_encrypt_key(const unsigned char *key,
     }
 }
 
-void idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk)
+void IDEA_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk)
 {
     int r;
     register IDEA_INT *fp, *tp, t;
@@ -169,5 +110,5 @@ static IDEA_INT inverse(unsigned int xin)
             }
         } while (r != 0);
     }
-    return ((IDEA_INT) b2);
+    return (IDEA_INT)b2;
 }
diff --git a/freebsd/crypto/openssl/crypto/idea/idea.h b/freebsd/crypto/openssl/crypto/idea/idea.h
deleted file mode 100644
index 60759840..00000000
--- a/freebsd/crypto/openssl/crypto/idea/idea.h
+++ /dev/null
@@ -1,105 +0,0 @@
-/* crypto/idea/idea.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_IDEA_H
-# define HEADER_IDEA_H
-
-# include <openssl/opensslconf.h>/* IDEA_INT, OPENSSL_NO_IDEA */
-
-# ifdef OPENSSL_NO_IDEA
-#  error IDEA is disabled.
-# endif
-
-# define IDEA_ENCRYPT    1
-# define IDEA_DECRYPT    0
-
-# define IDEA_BLOCK      8
-# define IDEA_KEY_LENGTH 16
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-typedef struct idea_key_st {
-    IDEA_INT data[9][6];
-} IDEA_KEY_SCHEDULE;
-
-const char *idea_options(void);
-void idea_ecb_encrypt(const unsigned char *in, unsigned char *out,
-                      IDEA_KEY_SCHEDULE *ks);
-# ifdef OPENSSL_FIPS
-void private_idea_set_encrypt_key(const unsigned char *key,
-                                  IDEA_KEY_SCHEDULE *ks);
-# endif
-void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks);
-void idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk);
-void idea_cbc_encrypt(const unsigned char *in, unsigned char *out,
-                      long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,
-                      int enc);
-void idea_cfb64_encrypt(const unsigned char *in, unsigned char *out,
-                        long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,
-                        int *num, int enc);
-void idea_ofb64_encrypt(const unsigned char *in, unsigned char *out,
-                        long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,
-                        int *num);
-void idea_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks);
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/freebsd/crypto/openssl/crypto/idea/idea_lcl.h b/freebsd/crypto/openssl/crypto/idea/idea_lcl.h
index e4069538..50f81dfd 100644
--- a/freebsd/crypto/openssl/crypto/idea/idea_lcl.h
+++ b/freebsd/crypto/openssl/crypto/idea/idea_lcl.h
@@ -1,66 +1,12 @@
-/* crypto/idea/idea_lcl.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-/*
- * The new form of this macro (check if the a*b == 0) was suggested by Colin
- * Plumb <colin@nyx10.cs.du.edu>
- */
-/* Removal of the inner if from from Wei Dai 24/4/96 */
 #define idea_mul(r,a,b,ul) \
 ul=(unsigned long)a*b; \
 if (ul != 0) \
@@ -71,40 +17,25 @@ if (ul != 0) \
 else \
         r=(-(int)a-b+1);        /* assuming a or b is 0 and in range */
 
-#ifdef undef
-# define idea_mul(r,a,b,ul,sl) \
-if (a == 0) r=(0x10001-b)&0xffff; \
-else if (b == 0) r=(0x10001-a)&0xffff; \
-else    { \
-        ul=(unsigned long)a*b; \
-        sl=(ul&0xffff)-(ul>>16); \
-        if (sl <= 0) sl+=0x10001; \
-        r=sl; \
-        }
-#endif
-
-/*
- * 7/12/95 - Many thanks to Rhys Weatherley <rweather@us.oracle.com> for
- * pointing out that I was assuming little endian byte order for all
- * quantities what idea actually used bigendian.  No where in the spec does
- * it mention this, it is all in terms of 16 bit numbers and even the example
- * does not use byte streams for the input example :-(. If you byte swap each
- * pair of input, keys and iv, the functions would produce the output as the
- * old version :-(.
- */
-
 /* NOTE - c is not incremented as per n2l */
 #define n2ln(c,l1,l2,n) { \
                         c+=n; \
                         l1=l2=0; \
                         switch (n) { \
                         case 8: l2 =((unsigned long)(*(--(c))))    ; \
+                        /* fall thru */                              \
                         case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
+                        /* fall thru */                              \
                         case 6: l2|=((unsigned long)(*(--(c))))<<16; \
+                        /* fall thru */                              \
                         case 5: l2|=((unsigned long)(*(--(c))))<<24; \
+                        /* fall thru */                              \
                         case 4: l1 =((unsigned long)(*(--(c))))    ; \
+                        /* fall thru */                              \
                         case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
+                        /* fall thru */                              \
                         case 2: l1|=((unsigned long)(*(--(c))))<<16; \
+                        /* fall thru */                              \
                         case 1: l1|=((unsigned long)(*(--(c))))<<24; \
                                 } \
                         }
@@ -114,12 +45,19 @@ else    { \
                         c+=n; \
                         switch (n) { \
                         case 8: *(--(c))=(unsigned char)(((l2)    )&0xff); \
+                        /* fall thru */                                    \
                         case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
+                        /* fall thru */                                    \
                         case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
+                        /* fall thru */                                    \
                         case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
+                        /* fall thru */                                    \
                         case 4: *(--(c))=(unsigned char)(((l1)    )&0xff); \
+                        /* fall thru */                                    \
                         case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
+                        /* fall thru */                                    \
                         case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
+                        /* fall thru */                                    \
                         case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
                                 } \
                         }
@@ -144,58 +82,6 @@ else    { \
 #define n2s(c,l)        (l =((IDEA_INT)(*((c)++)))<< 8L, \
                          l|=((IDEA_INT)(*((c)++)))      )
 
-#ifdef undef
-/* NOTE - c is not incremented as per c2l */
-# define c2ln(c,l1,l2,n) { \
-                        c+=n; \
-                        l1=l2=0; \
-                        switch (n) { \
-                        case 8: l2 =((unsigned long)(*(--(c))))<<24; \
-                        case 7: l2|=((unsigned long)(*(--(c))))<<16; \
-                        case 6: l2|=((unsigned long)(*(--(c))))<< 8; \
-                        case 5: l2|=((unsigned long)(*(--(c))));     \
-                        case 4: l1 =((unsigned long)(*(--(c))))<<24; \
-                        case 3: l1|=((unsigned long)(*(--(c))))<<16; \
-                        case 2: l1|=((unsigned long)(*(--(c))))<< 8; \
-                        case 1: l1|=((unsigned long)(*(--(c))));     \
-                                } \
-                        }
-
-/* NOTE - c is not incremented as per l2c */
-# define l2cn(l1,l2,c,n) { \
-                        c+=n; \
-                        switch (n) { \
-                        case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
-                        case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
-                        case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
-                        case 5: *(--(c))=(unsigned char)(((l2)    )&0xff); \
-                        case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
-                        case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
-                        case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
-                        case 1: *(--(c))=(unsigned char)(((l1)    )&0xff); \
-                                } \
-                        }
-
-# undef c2s
-# define c2s(c,l)        (l =((unsigned long)(*((c)++)))    , \
-                         l|=((unsigned long)(*((c)++)))<< 8L)
-
-# undef s2c
-# define s2c(l,c)        (*((c)++)=(unsigned char)(((l)     )&0xff), \
-                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff))
-
-# undef c2l
-# define c2l(c,l)        (l =((unsigned long)(*((c)++)))     , \
-                         l|=((unsigned long)(*((c)++)))<< 8L, \
-                         l|=((unsigned long)(*((c)++)))<<16L, \
-                         l|=((unsigned long)(*((c)++)))<<24L)
-
-# undef l2c
-# define l2c(l,c)        (*((c)++)=(unsigned char)(((l)     )&0xff), \
-                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>>24L)&0xff))
-#endif
 
 #define E_IDEA(num) \
         x1&=0xffff; \
diff --git a/freebsd/crypto/openssl/crypto/idea/idea_spd.c b/freebsd/crypto/openssl/crypto/idea/idea_spd.c
deleted file mode 100644
index e8e45cb6..00000000
--- a/freebsd/crypto/openssl/crypto/idea/idea_spd.c
+++ /dev/null
@@ -1,285 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/idea/idea_spd.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
-/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
-
-#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
-# define TIMES
-#endif
-
-#include <stdio.h>
-
-#include <openssl/e_os2.h>
-#include OPENSSL_UNISTD_IO
-OPENSSL_DECLARE_EXIT
-#ifndef OPENSSL_SYS_NETWARE
-# include <signal.h>
-#endif
-#ifndef _IRIX
-# include <time.h>
-#endif
-#ifdef TIMES
-# include <sys/types.h>
-# include <sys/times.h>
-#endif
-    /*
-     * Depending on the VMS version, the tms structure is perhaps defined.
-     * The __TMS macro will show if it was.  If it wasn't defined, we should
-     * undefine TIMES, since that tells the rest of the program how things
-     * should be handled.  -- Richard Levitte
-     */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
-# undef TIMES
-#endif
-#ifndef TIMES
-# include <sys/timeb.h>
-#endif
-#if defined(sun) || defined(__ultrix)
-# define _POSIX_SOURCE
-# include <limits.h>
-# include <sys/param.h>
-#endif
-#include <openssl/idea.h>
-/* The following if from times(3) man page.  It may need to be changed */
-#ifndef HZ
-# ifndef CLK_TCK
-#  define HZ      100.0
-# else                          /* CLK_TCK */
-#  define HZ ((double)CLK_TCK)
-# endif
-#endif
-#define BUFSIZE ((long)1024)
-long run = 0;
-
-double Time_F(int s);
-#ifdef SIGALRM
-# if defined(__STDC__) || defined(sgi) || defined(_AIX)
-#  define SIGRETTYPE void
-# else
-#  define SIGRETTYPE int
-# endif
-
-SIGRETTYPE sig_done(int sig);
-SIGRETTYPE sig_done(int sig)
-{
-    signal(SIGALRM, sig_done);
-    run = 0;
-# ifdef LINT
-    sig = sig;
-# endif
-}
-#endif
-
-#define START   0
-#define STOP    1
-
-double Time_F(int s)
-{
-    double ret;
-#ifdef TIMES
-    static struct tms tstart, tend;
-
-    if (s == START) {
-        times(&tstart);
-        return (0);
-    } else {
-        times(&tend);
-        ret = ((double)(tend.tms_utime - tstart.tms_utime)) / HZ;
-        return ((ret == 0.0) ? 1e-6 : ret);
-    }
-#else                           /* !times() */
-    static struct timeb tstart, tend;
-    long i;
-
-    if (s == START) {
-        ftime(&tstart);
-        return (0);
-    } else {
-        ftime(&tend);
-        i = (long)tend.millitm - (long)tstart.millitm;
-        ret = ((double)(tend.time - tstart.time)) + ((double)i) / 1e3;
-        return ((ret == 0.0) ? 1e-6 : ret);
-    }
-#endif
-}
-
-int main(int argc, char **argv)
-{
-    long count;
-    static unsigned char buf[BUFSIZE];
-    static unsigned char key[] = {
-        0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
-        0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
-    };
-    IDEA_KEY_SCHEDULE sch;
-    double a, aa, b, c, d;
-#ifndef SIGALRM
-    long ca, cca, cb, cc;
-#endif
-
-#ifndef TIMES
-    printf("To get the most accurate results, try to run this\n");
-    printf("program when this computer is idle.\n");
-#endif
-
-#ifndef SIGALRM
-    printf("First we calculate the approximate speed ...\n");
-    idea_set_encrypt_key(key, &sch);
-    count = 10;
-    do {
-        long i;
-        IDEA_INT data[2];
-
-        count *= 2;
-        Time_F(START);
-        for (i = count; i; i--)
-            idea_encrypt(data, &sch);
-        d = Time_F(STOP);
-    } while (d < 3.0);
-    ca = count / 4;
-    cca = count / 200;
-    cb = count;
-    cc = count * 8 / BUFSIZE + 1;
-    printf("idea_set_encrypt_key %ld times\n", ca);
-# define COND(d) (count <= (d))
-# define COUNT(d) (d)
-#else
-# define COND(c) (run)
-# define COUNT(d) (count)
-    signal(SIGALRM, sig_done);
-    printf("Doing idea_set_encrypt_key for 10 seconds\n");
-    alarm(10);
-#endif
-
-    Time_F(START);
-    for (count = 0, run = 1; COND(ca); count += 4) {
-        idea_set_encrypt_key(key, &sch);
-        idea_set_encrypt_key(key, &sch);
-        idea_set_encrypt_key(key, &sch);
-        idea_set_encrypt_key(key, &sch);
-    }
-    d = Time_F(STOP);
-    printf("%ld idea idea_set_encrypt_key's in %.2f seconds\n", count, d);
-    a = ((double)COUNT(ca)) / d;
-
-#ifdef SIGALRM
-    printf("Doing idea_set_decrypt_key for 10 seconds\n");
-    alarm(10);
-#else
-    printf("Doing idea_set_decrypt_key %ld times\n", cca);
-#endif
-
-    Time_F(START);
-    for (count = 0, run = 1; COND(cca); count += 4) {
-        idea_set_decrypt_key(&sch, &sch);
-        idea_set_decrypt_key(&sch, &sch);
-        idea_set_decrypt_key(&sch, &sch);
-        idea_set_decrypt_key(&sch, &sch);
-    }
-    d = Time_F(STOP);
-    printf("%ld idea idea_set_decrypt_key's in %.2f seconds\n", count, d);
-    aa = ((double)COUNT(cca)) / d;
-
-#ifdef SIGALRM
-    printf("Doing idea_encrypt's for 10 seconds\n");
-    alarm(10);
-#else
-    printf("Doing idea_encrypt %ld times\n", cb);
-#endif
-    Time_F(START);
-    for (count = 0, run = 1; COND(cb); count += 4) {
-        unsigned long data[2];
-
-        idea_encrypt(data, &sch);
-        idea_encrypt(data, &sch);
-        idea_encrypt(data, &sch);
-        idea_encrypt(data, &sch);
-    }
-    d = Time_F(STOP);
-    printf("%ld idea_encrypt's in %.2f second\n", count, d);
-    b = ((double)COUNT(cb) * 8) / d;
-
-#ifdef SIGALRM
-    printf("Doing idea_cbc_encrypt on %ld byte blocks for 10 seconds\n",
-           BUFSIZE);
-    alarm(10);
-#else
-    printf("Doing idea_cbc_encrypt %ld times on %ld byte blocks\n", cc,
-           BUFSIZE);
-#endif
-    Time_F(START);
-    for (count = 0, run = 1; COND(cc); count++)
-        idea_cbc_encrypt(buf, buf, BUFSIZE, &sch, &(key[0]), IDEA_ENCRYPT);
-    d = Time_F(STOP);
-    printf("%ld idea_cbc_encrypt's of %ld byte blocks in %.2f second\n",
-           count, BUFSIZE, d);
-    c = ((double)COUNT(cc) * BUFSIZE) / d;
-
-    printf("IDEA set_encrypt_key per sec = %12.2f (%9.3fuS)\n", a, 1.0e6 / a);
-    printf("IDEA set_decrypt_key per sec = %12.2f (%9.3fuS)\n", aa,
-           1.0e6 / aa);
-    printf("IDEA raw ecb bytes   per sec = %12.2f (%9.3fuS)\n", b, 8.0e6 / b);
-    printf("IDEA cbc     bytes   per sec = %12.2f (%9.3fuS)\n", c, 8.0e6 / c);
-    exit(0);
-#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
-    return (0);
-#endif
-}
diff --git a/freebsd/crypto/openssl/crypto/idea/ideatest.c b/freebsd/crypto/openssl/crypto/idea/ideatest.c
deleted file mode 100644
index 567d8459..00000000
--- a/freebsd/crypto/openssl/crypto/idea/ideatest.c
+++ /dev/null
@@ -1,234 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/idea/ideatest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-#include "../e_os.h"
-
-#ifdef OPENSSL_NO_IDEA
-int main(int argc, char *argv[])
-{
-    printf("No IDEA support\n");
-    return (0);
-}
-#else
-# include <openssl/idea.h>
-
-unsigned char k[16] = {
-    0x00, 0x01, 0x00, 0x02, 0x00, 0x03, 0x00, 0x04,
-    0x00, 0x05, 0x00, 0x06, 0x00, 0x07, 0x00, 0x08
-};
-
-unsigned char in[8] = { 0x00, 0x00, 0x00, 0x01, 0x00, 0x02, 0x00, 0x03 };
-unsigned char c[8] = { 0x11, 0xFB, 0xED, 0x2B, 0x01, 0x98, 0x6D, 0xE5 };
-
-unsigned char out[80];
-
-char *text = "Hello to all people out there";
-
-static unsigned char cfb_key[16] = {
-    0xe1, 0xf0, 0xc3, 0xd2, 0xa5, 0xb4, 0x87, 0x96,
-    0x69, 0x78, 0x4b, 0x5a, 0x2d, 0x3c, 0x0f, 0x1e,
-};
-static unsigned char cfb_iv[80] =
-    { 0x34, 0x12, 0x78, 0x56, 0xab, 0x90, 0xef, 0xcd };
-static unsigned char cfb_buf1[40], cfb_buf2[40], cfb_tmp[8];
-# define CFB_TEST_SIZE 24
-static unsigned char plain[CFB_TEST_SIZE] = {
-    0x4e, 0x6f, 0x77, 0x20, 0x69, 0x73,
-    0x20, 0x74, 0x68, 0x65, 0x20, 0x74,
-    0x69, 0x6d, 0x65, 0x20, 0x66, 0x6f,
-    0x72, 0x20, 0x61, 0x6c, 0x6c, 0x20
-};
-
-static unsigned char cfb_cipher64[CFB_TEST_SIZE] = {
-    0x59, 0xD8, 0xE2, 0x65, 0x00, 0x58, 0x6C, 0x3F,
-    0x2C, 0x17, 0x25, 0xD0, 0x1A, 0x38, 0xB7, 0x2A,
-    0x39, 0x61, 0x37, 0xDC, 0x79, 0xFB, 0x9F, 0x45
-/*- 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
-    0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,
-    0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/
-};
-
-static int cfb64_test(unsigned char *cfb_cipher);
-static char *pt(unsigned char *p);
-int main(int argc, char *argv[])
-{
-    int i, err = 0;
-    IDEA_KEY_SCHEDULE key, dkey;
-    unsigned char iv[8];
-
-    idea_set_encrypt_key(k, &key);
-    idea_ecb_encrypt(in, out, &key);
-    if (memcmp(out, c, 8) != 0) {
-        printf("ecb idea error encrypting\n");
-        printf("got     :");
-        for (i = 0; i < 8; i++)
-            printf("%02X ", out[i]);
-        printf("\n");
-        printf("expected:");
-        for (i = 0; i < 8; i++)
-            printf("%02X ", c[i]);
-        err = 20;
-        printf("\n");
-    }
-
-    idea_set_decrypt_key(&key, &dkey);
-    idea_ecb_encrypt(c, out, &dkey);
-    if (memcmp(out, in, 8) != 0) {
-        printf("ecb idea error decrypting\n");
-        printf("got     :");
-        for (i = 0; i < 8; i++)
-            printf("%02X ", out[i]);
-        printf("\n");
-        printf("expected:");
-        for (i = 0; i < 8; i++)
-            printf("%02X ", in[i]);
-        printf("\n");
-        err = 3;
-    }
-
-    if (err == 0)
-        printf("ecb idea ok\n");
-
-    memcpy(iv, k, 8);
-    idea_cbc_encrypt((unsigned char *)text, out, strlen(text) + 1, &key, iv,
-                     1);
-    memcpy(iv, k, 8);
-    idea_cbc_encrypt(out, out, 8, &dkey, iv, 0);
-    idea_cbc_encrypt(&(out[8]), &(out[8]), strlen(text) + 1 - 8, &dkey, iv,
-                     0);
-    if (memcmp(text, out, strlen(text) + 1) != 0) {
-        printf("cbc idea bad\n");
-        err = 4;
-    } else
-        printf("cbc idea ok\n");
-
-    printf("cfb64 idea ");
-    if (cfb64_test(cfb_cipher64)) {
-        printf("bad\n");
-        err = 5;
-    } else
-        printf("ok\n");
-
-# ifdef OPENSSL_SYS_NETWARE
-    if (err)
-        printf("ERROR: %d\n", err);
-# endif
-    EXIT(err);
-    return (err);
-}
-
-static int cfb64_test(unsigned char *cfb_cipher)
-{
-    IDEA_KEY_SCHEDULE eks, dks;
-    int err = 0, i, n;
-
-    idea_set_encrypt_key(cfb_key, &eks);
-    idea_set_decrypt_key(&eks, &dks);
-    memcpy(cfb_tmp, cfb_iv, 8);
-    n = 0;
-    idea_cfb64_encrypt(plain, cfb_buf1, (long)12, &eks,
-                       cfb_tmp, &n, IDEA_ENCRYPT);
-    idea_cfb64_encrypt(&(plain[12]), &(cfb_buf1[12]),
-                       (long)CFB_TEST_SIZE - 12, &eks,
-                       cfb_tmp, &n, IDEA_ENCRYPT);
-    if (memcmp(cfb_cipher, cfb_buf1, CFB_TEST_SIZE) != 0) {
-        err = 1;
-        printf("idea_cfb64_encrypt encrypt error\n");
-        for (i = 0; i < CFB_TEST_SIZE; i += 8)
-            printf("%s\n", pt(&(cfb_buf1[i])));
-    }
-    memcpy(cfb_tmp, cfb_iv, 8);
-    n = 0;
-    idea_cfb64_encrypt(cfb_buf1, cfb_buf2, (long)13, &eks,
-                       cfb_tmp, &n, IDEA_DECRYPT);
-    idea_cfb64_encrypt(&(cfb_buf1[13]), &(cfb_buf2[13]),
-                       (long)CFB_TEST_SIZE - 13, &eks,
-                       cfb_tmp, &n, IDEA_DECRYPT);
-    if (memcmp(plain, cfb_buf2, CFB_TEST_SIZE) != 0) {
-        err = 1;
-        printf("idea_cfb_encrypt decrypt error\n");
-        for (i = 0; i < 24; i += 8)
-            printf("%s\n", pt(&(cfb_buf2[i])));
-    }
-    return (err);
-}
-
-static char *pt(unsigned char *p)
-{
-    static char bufs[10][20];
-    static int bnum = 0;
-    char *ret;
-    int i;
-    static char *f = "0123456789ABCDEF";
-
-    ret = &(bufs[bnum++][0]);
-    bnum %= 10;
-    for (i = 0; i < 8; i++) {
-        ret[i * 2] = f[(p[i] >> 4) & 0xf];
-        ret[i * 2 + 1] = f[p[i] & 0xf];
-    }
-    ret[16] = '\0';
-    return (ret);
-}
-#endif
diff --git a/freebsd/crypto/openssl/crypto/include/internal/aria.h b/freebsd/crypto/openssl/crypto/include/internal/aria.h
new file mode 100644
index 00000000..355abe53
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/include/internal/aria.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2017, Oracle and/or its affiliates.  All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+ /* Copyright (c) 2017 National Security Research Institute.  All rights reserved. */
+
+#ifndef HEADER_ARIA_H
+# define HEADER_ARIA_H
+
+# include <openssl/opensslconf.h>
+
+# ifdef OPENSSL_NO_ARIA
+#  error ARIA is disabled.
+# endif
+
+# define ARIA_ENCRYPT     1
+# define ARIA_DECRYPT     0
+
+# define ARIA_BLOCK_SIZE    16  /* Size of each encryption/decryption block */
+# define ARIA_MAX_KEYS      17  /* Number of keys needed in the worst case  */
+
+typedef union {
+    unsigned char c[ARIA_BLOCK_SIZE];
+    unsigned int u[ARIA_BLOCK_SIZE / sizeof(unsigned int)];
+} ARIA_u128;
+
+typedef unsigned char ARIA_c128[ARIA_BLOCK_SIZE];
+
+struct aria_key_st {
+    ARIA_u128 rd_key[ARIA_MAX_KEYS];
+    unsigned int rounds;
+};
+typedef struct aria_key_st ARIA_KEY;
+
+
+int aria_set_encrypt_key(const unsigned char *userKey, const int bits,
+                         ARIA_KEY *key);
+int aria_set_decrypt_key(const unsigned char *userKey, const int bits,
+                         ARIA_KEY *key);
+
+void aria_encrypt(const unsigned char *in, unsigned char *out,
+                  const ARIA_KEY *key);
+
+#endif
diff --git a/freebsd/crypto/openssl/crypto/include/internal/asn1_int.h b/freebsd/crypto/openssl/crypto/include/internal/asn1_int.h
new file mode 100644
index 00000000..9c9b4d89
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/include/internal/asn1_int.h
@@ -0,0 +1,113 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Internal ASN1 structures and functions: not for application use */
+
+/* ASN1 public key method structure */
+
+struct evp_pkey_asn1_method_st {
+    int pkey_id;
+    int pkey_base_id;
+    unsigned long pkey_flags;
+    char *pem_str;
+    char *info;
+    int (*pub_decode) (EVP_PKEY *pk, X509_PUBKEY *pub);
+    int (*pub_encode) (X509_PUBKEY *pub, const EVP_PKEY *pk);
+    int (*pub_cmp) (const EVP_PKEY *a, const EVP_PKEY *b);
+    int (*pub_print) (BIO *out, const EVP_PKEY *pkey, int indent,
+                      ASN1_PCTX *pctx);
+    int (*priv_decode) (EVP_PKEY *pk, const PKCS8_PRIV_KEY_INFO *p8inf);
+    int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk);
+    int (*priv_print) (BIO *out, const EVP_PKEY *pkey, int indent,
+                       ASN1_PCTX *pctx);
+    int (*pkey_size) (const EVP_PKEY *pk);
+    int (*pkey_bits) (const EVP_PKEY *pk);
+    int (*pkey_security_bits) (const EVP_PKEY *pk);
+    int (*param_decode) (EVP_PKEY *pkey,
+                         const unsigned char **pder, int derlen);
+    int (*param_encode) (const EVP_PKEY *pkey, unsigned char **pder);
+    int (*param_missing) (const EVP_PKEY *pk);
+    int (*param_copy) (EVP_PKEY *to, const EVP_PKEY *from);
+    int (*param_cmp) (const EVP_PKEY *a, const EVP_PKEY *b);
+    int (*param_print) (BIO *out, const EVP_PKEY *pkey, int indent,
+                        ASN1_PCTX *pctx);
+    int (*sig_print) (BIO *out,
+                      const X509_ALGOR *sigalg, const ASN1_STRING *sig,
+                      int indent, ASN1_PCTX *pctx);
+    void (*pkey_free) (EVP_PKEY *pkey);
+    int (*pkey_ctrl) (EVP_PKEY *pkey, int op, long arg1, void *arg2);
+    /* Legacy functions for old PEM */
+    int (*old_priv_decode) (EVP_PKEY *pkey,
+                            const unsigned char **pder, int derlen);
+    int (*old_priv_encode) (const EVP_PKEY *pkey, unsigned char **pder);
+    /* Custom ASN1 signature verification */
+    int (*item_verify) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+                        X509_ALGOR *a, ASN1_BIT_STRING *sig, EVP_PKEY *pkey);
+    int (*item_sign) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+                      X509_ALGOR *alg1, X509_ALGOR *alg2,
+                      ASN1_BIT_STRING *sig);
+    int (*siginf_set) (X509_SIG_INFO *siginf, const X509_ALGOR *alg,
+                       const ASN1_STRING *sig);
+    /* Check */
+    int (*pkey_check) (const EVP_PKEY *pk);
+    int (*pkey_public_check) (const EVP_PKEY *pk);
+    int (*pkey_param_check) (const EVP_PKEY *pk);
+    /* Get/set raw private/public key data */
+    int (*set_priv_key) (EVP_PKEY *pk, const unsigned char *priv, size_t len);
+    int (*set_pub_key) (EVP_PKEY *pk, const unsigned char *pub, size_t len);
+    int (*get_priv_key) (const EVP_PKEY *pk, unsigned char *priv, size_t *len);
+    int (*get_pub_key) (const EVP_PKEY *pk, unsigned char *pub, size_t *len);
+} /* EVP_PKEY_ASN1_METHOD */ ;
+
+DEFINE_STACK_OF_CONST(EVP_PKEY_ASN1_METHOD)
+
+extern const EVP_PKEY_ASN1_METHOD cmac_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD dhx_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[5];
+extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD ecx25519_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD ecx448_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD ed448_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD sm2_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD poly1305_asn1_meth;
+
+extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[2];
+extern const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD siphash_asn1_meth;
+
+/*
+ * These are used internally in the ASN1_OBJECT to keep track of whether the
+ * names and data need to be free()ed
+ */
+# define ASN1_OBJECT_FLAG_DYNAMIC         0x01/* internal use */
+# define ASN1_OBJECT_FLAG_CRITICAL        0x02/* critical x509v3 object id */
+# define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04/* internal use */
+# define ASN1_OBJECT_FLAG_DYNAMIC_DATA    0x08/* internal use */
+struct asn1_object_st {
+    const char *sn, *ln;
+    int nid;
+    int length;
+    const unsigned char *data;  /* data remains const after init */
+    int flags;                  /* Should we free this one */
+};
+
+/* ASN1 print context structure */
+
+struct asn1_pctx_st {
+    unsigned long flags;
+    unsigned long nm_flags;
+    unsigned long cert_flags;
+    unsigned long oid_flags;
+    unsigned long str_flags;
+} /* ASN1_PCTX */ ;
+
+int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb);
diff --git a/freebsd/crypto/openssl/crypto/include/internal/async.h b/freebsd/crypto/openssl/crypto/include/internal/async.h
new file mode 100644
index 00000000..dc8e937b
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/include/internal/async.h
@@ -0,0 +1,15 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/async.h>
+
+int async_init(void);
+void async_deinit(void);
+void async_delete_thread_state(void);
+
diff --git a/freebsd/crypto/openssl/crypto/include/internal/bn_conf.h b/freebsd/crypto/openssl/crypto/include/internal/bn_conf.h
new file mode 100644
index 00000000..87d5cf3f
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/include/internal/bn_conf.h
@@ -0,0 +1,35 @@
+/* $FreeBSD$ */
+/* WARNING: do not edit! */
+/* Generated by Makefile from crypto/include/internal/bn_conf.h.in */
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_BN_CONF_H
+# define HEADER_BN_CONF_H
+
+/*
+ * The contents of this file are not used in the UEFI build, as
+ * both 32-bit and 64-bit builds are supported from a single run
+ * of the Configure script.
+ */
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+#ifdef __LP64__
+#define SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#undef THIRTY_TWO_BIT
+#else
+#undef SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#define THIRTY_TWO_BIT
+#endif
+
+#endif
diff --git a/freebsd/crypto/openssl/crypto/include/internal/bn_dh.h b/freebsd/crypto/openssl/crypto/include/internal/bn_dh.h
new file mode 100644
index 00000000..70ebca28
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/include/internal/bn_dh.h
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#define declare_dh_bn(x) \
+    extern const BIGNUM _bignum_dh##x##_p;              \
+    extern const BIGNUM _bignum_dh##x##_g;              \
+    extern const BIGNUM _bignum_dh##x##_q;
+
+declare_dh_bn(1024_160)
+declare_dh_bn(2048_224)
+declare_dh_bn(2048_256)
+
+extern const BIGNUM _bignum_ffdhe2048_p;
+extern const BIGNUM _bignum_ffdhe3072_p;
+extern const BIGNUM _bignum_ffdhe4096_p;
+extern const BIGNUM _bignum_ffdhe6144_p;
+extern const BIGNUM _bignum_ffdhe8192_p;
+extern const BIGNUM _bignum_const_2;
diff --git a/freebsd/crypto/openssl/crypto/include/internal/bn_int.h b/freebsd/crypto/openssl/crypto/include/internal/bn_int.h
new file mode 100644
index 00000000..cffe5cfc
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/include/internal/bn_int.h
@@ -0,0 +1,83 @@
+/*
+ * Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_BN_INT_H
+# define HEADER_BN_INT_H
+
+# include <openssl/bn.h>
+# include <limits.h>
+
+BIGNUM *bn_wexpand(BIGNUM *a, int words);
+BIGNUM *bn_expand2(BIGNUM *a, int words);
+
+void bn_correct_top(BIGNUM *a);
+
+/*
+ * Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'.
+ * This is an array r[] of values that are either zero or odd with an
+ * absolute value less than 2^w satisfying scalar = \sum_j r[j]*2^j where at
+ * most one of any w+1 consecutive digits is non-zero with the exception that
+ * the most significant digit may be only w-1 zeros away from that next
+ * non-zero digit.
+ */
+signed char *bn_compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len);
+
+int bn_get_top(const BIGNUM *a);
+
+int bn_get_dmax(const BIGNUM *a);
+
+/* Set all words to zero */
+void bn_set_all_zero(BIGNUM *a);
+
+/*
+ * Copy the internal BIGNUM words into out which holds size elements (and size
+ * must be bigger than top)
+ */
+int bn_copy_words(BN_ULONG *out, const BIGNUM *in, int size);
+
+BN_ULONG *bn_get_words(const BIGNUM *a);
+
+/*
+ * Set the internal data words in a to point to words which contains size
+ * elements. The BN_FLG_STATIC_DATA flag is set
+ */
+void bn_set_static_words(BIGNUM *a, const BN_ULONG *words, int size);
+
+/*
+ * Copy words into the BIGNUM |a|, reallocating space as necessary.
+ * The negative flag of |a| is not modified.
+ * Returns 1 on success and 0 on failure.
+ */
+/*
+ * |num_words| is int because bn_expand2 takes an int. This is an internal
+ * function so we simply trust callers not to pass negative values.
+ */
+int bn_set_words(BIGNUM *a, const BN_ULONG *words, int num_words);
+
+/*
+ * Some BIGNUM functions assume most significant limb to be non-zero, which
+ * is customarily arranged by bn_correct_top. Output from below functions
+ * is not processed with bn_correct_top, and for this reason it may not be
+ * returned out of public API. It may only be passed internally into other
+ * functions known to support non-minimal or zero-padded BIGNUMs.
+ */
+int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                          BN_MONT_CTX *mont, BN_CTX *ctx);
+int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
+                         BN_CTX *ctx);
+int bn_from_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
+                           BN_CTX *ctx);
+int bn_mod_add_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                         const BIGNUM *m);
+int bn_mod_sub_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                         const BIGNUM *m);
+int bn_mul_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+int bn_sqr_fixed_top(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx);
+
+#endif
diff --git a/freebsd/crypto/openssl/crypto/include/internal/bn_srp.h b/freebsd/crypto/openssl/crypto/include/internal/bn_srp.h
new file mode 100644
index 00000000..d4b282a6
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/include/internal/bn_srp.h
@@ -0,0 +1,32 @@
+/*
+ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_NO_SRP
+
+extern const BIGNUM bn_group_1024;
+
+extern const BIGNUM bn_group_1536;
+
+extern const BIGNUM bn_group_2048;
+
+extern const BIGNUM bn_group_3072;
+
+extern const BIGNUM bn_group_4096;
+
+extern const BIGNUM bn_group_6144;
+
+extern const BIGNUM bn_group_8192;
+
+extern const BIGNUM bn_generator_19;
+
+extern const BIGNUM bn_generator_5;
+
+extern const BIGNUM bn_generator_2;
+
+#endif
diff --git a/freebsd/crypto/openssl/crypto/include/internal/chacha.h b/freebsd/crypto/openssl/crypto/include/internal/chacha.h
new file mode 100644
index 00000000..67243f22
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/include/internal/chacha.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CHACHA_H
+#define HEADER_CHACHA_H
+
+#include <stddef.h>
+
+/*
+ * ChaCha20_ctr32 encrypts |len| bytes from |inp| with the given key and
+ * nonce and writes the result to |out|, which may be equal to |inp|.
+ * The |key| is not 32 bytes of verbatim key material though, but the
+ * said material collected into 8 32-bit elements array in host byte
+ * order. Same approach applies to nonce: the |counter| argument is
+ * pointer to concatenated nonce and counter values collected into 4
+ * 32-bit elements. This, passing crypto material collected into 32-bit
+ * elements as opposite to passing verbatim byte vectors, is chosen for
+ * efficiency in multi-call scenarios.
+ */
+void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp,
+                    size_t len, const unsigned int key[8],
+                    const unsigned int counter[4]);
+/*
+ * You can notice that there is no key setup procedure. Because it's
+ * as trivial as collecting bytes into 32-bit elements, it's reckoned
+ * that below macro is sufficient.
+ */
+#define CHACHA_U8TOU32(p)  ( \
+                ((unsigned int)(p)[0])     | ((unsigned int)(p)[1]<<8) | \
+                ((unsigned int)(p)[2]<<16) | ((unsigned int)(p)[3]<<24)  )
+
+#define CHACHA_KEY_SIZE		32
+#define CHACHA_CTR_SIZE		16
+#define CHACHA_BLK_SIZE		64
+
+#endif
diff --git a/freebsd/crypto/openssl/crypto/include/internal/cryptlib_int.h b/freebsd/crypto/openssl/crypto/include/internal/cryptlib_int.h
new file mode 100644
index 00000000..38b5dac9
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/include/internal/cryptlib_int.h
@@ -0,0 +1,35 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+
+/* This file is not scanned by mkdef.pl, whereas cryptlib.h is */
+
+struct thread_local_inits_st {
+    int async;
+    int err_state;
+    int rand;
+};
+
+int ossl_init_thread_start(uint64_t opts);
+
+/*
+ * OPENSSL_INIT flags. The primary list of these is in crypto.h. Flags below
+ * are those omitted from crypto.h because they are "reserved for internal
+ * use".
+ */
+# define OPENSSL_INIT_ZLIB                   0x00010000L
+# define OPENSSL_INIT_BASE_ONLY              0x00040000L
+
+/* OPENSSL_INIT_THREAD flags */
+# define OPENSSL_INIT_THREAD_ASYNC           0x01
+# define OPENSSL_INIT_THREAD_ERR_STATE       0x02
+# define OPENSSL_INIT_THREAD_RAND            0x04
+
+void ossl_malloc_setup_failures(void);
diff --git a/freebsd/crypto/openssl/crypto/include/internal/ctype.h b/freebsd/crypto/openssl/crypto/include/internal/ctype.h
new file mode 100644
index 00000000..a35b12bf
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/include/internal/ctype.h
@@ -0,0 +1,80 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This version of ctype.h provides a standardised and platform
+ * independent implementation that supports seven bit ASCII characters.
+ * The specific intent is to not pass extended ASCII characters (> 127)
+ * even if the host operating system would.
+ *
+ * There is EBCDIC support included for machines which use this.  However,
+ * there are a number of concerns about how well EBCDIC is supported
+ * throughout the rest of the source code.  Refer to issue #4154 for
+ * details.
+ */
+#ifndef INTERNAL_CTYPE_H
+# define INTERNAL_CTYPE_H
+
+# define CTYPE_MASK_lower       0x1
+# define CTYPE_MASK_upper       0x2
+# define CTYPE_MASK_digit       0x4
+# define CTYPE_MASK_space       0x8
+# define CTYPE_MASK_xdigit      0x10
+# define CTYPE_MASK_blank       0x20
+# define CTYPE_MASK_cntrl       0x40
+# define CTYPE_MASK_graph       0x80
+# define CTYPE_MASK_print       0x100
+# define CTYPE_MASK_punct       0x200
+# define CTYPE_MASK_base64      0x400
+# define CTYPE_MASK_asn1print   0x800
+
+# define CTYPE_MASK_alpha   (CTYPE_MASK_lower | CTYPE_MASK_upper)
+# define CTYPE_MASK_alnum   (CTYPE_MASK_alpha | CTYPE_MASK_digit)
+
+/*
+ * The ascii mask assumes that any other classification implies that
+ * the character is ASCII and that there are no ASCII characters
+ * that aren't in any of the classifications.
+ *
+ * This assumption holds at the moment, but it might not in the future.
+ */
+# define CTYPE_MASK_ascii   (~0)
+
+# ifdef CHARSET_EBCDIC
+int ossl_toascii(int c);
+int ossl_fromascii(int c);
+# else
+#  define ossl_toascii(c)       (c)
+#  define ossl_fromascii(c)     (c)
+# endif
+int ossl_ctype_check(int c, unsigned int mask);
+int ossl_tolower(int c);
+int ossl_toupper(int c);
+
+# define ossl_isalnum(c)        (ossl_ctype_check((c), CTYPE_MASK_alnum))
+# define ossl_isalpha(c)        (ossl_ctype_check((c), CTYPE_MASK_alpha))
+# ifdef CHARSET_EBCDIC
+# define ossl_isascii(c)        (ossl_ctype_check((c), CTYPE_MASK_ascii))
+# else
+# define ossl_isascii(c)        (((c) & ~127) == 0)
+# endif
+# define ossl_isblank(c)        (ossl_ctype_check((c), CTYPE_MASK_blank))
+# define ossl_iscntrl(c)        (ossl_ctype_check((c), CTYPE_MASK_cntrl))
+# define ossl_isdigit(c)        (ossl_ctype_check((c), CTYPE_MASK_digit))
+# define ossl_isgraph(c)        (ossl_ctype_check((c), CTYPE_MASK_graph))
+# define ossl_islower(c)        (ossl_ctype_check((c), CTYPE_MASK_lower))
+# define ossl_isprint(c)        (ossl_ctype_check((c), CTYPE_MASK_print))
+# define ossl_ispunct(c)        (ossl_ctype_check((c), CTYPE_MASK_punct))
+# define ossl_isspace(c)        (ossl_ctype_check((c), CTYPE_MASK_space))
+# define ossl_isupper(c)        (ossl_ctype_check((c), CTYPE_MASK_upper))
+# define ossl_isxdigit(c)       (ossl_ctype_check((c), CTYPE_MASK_xdigit))
+# define ossl_isbase64(c)       (ossl_ctype_check((c), CTYPE_MASK_base64))
+# define ossl_isasn1print(c)    (ossl_ctype_check((c), CTYPE_MASK_asn1print))
+
+#endif
diff --git a/freebsd/crypto/openssl/crypto/include/internal/dso_conf.h b/freebsd/crypto/openssl/crypto/include/internal/dso_conf.h
new file mode 100644
index 00000000..5bef4afd
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/include/internal/dso_conf.h
@@ -0,0 +1,20 @@
+/* $FreeBSD$ */
+/* WARNING: do not edit! */
+/* Generated by Makefile from crypto/include/internal/dso_conf.h.in */
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_DSO_CONF_H
+# define HEADER_DSO_CONF_H
+
+# define DSO_DLFCN
+# define HAVE_DLFCN_H
+# define DSO_EXTENSION ".so"
+
+#endif
diff --git a/freebsd/crypto/openssl/crypto/include/internal/ec_int.h b/freebsd/crypto/openssl/crypto/include/internal/ec_int.h
new file mode 100644
index 00000000..bb4b5129
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/include/internal/ec_int.h
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Internal EC functions for other submodules: not for application use */
+
+#ifndef HEADER_OSSL_EC_INTERNAL_H
+# define HEADER_OSSL_EC_INTERNAL_H
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_EC
+
+#  include <openssl/ec.h>
+
+/*-
+ * Computes the multiplicative inverse of x in the range
+ * [1,EC_GROUP::order), where EC_GROUP::order is the cardinality of the
+ * subgroup generated by the generator G:
+ *
+ *         res := x^(-1) (mod EC_GROUP::order).
+ *
+ * This function expects the following two conditions to hold:
+ *  - the EC_GROUP order is prime, and
+ *  - x is included in the range [1, EC_GROUP::order).
+ *
+ * This function returns 1 on success, 0 on error.
+ *
+ * If the EC_GROUP order is even, this function explicitly returns 0 as
+ * an error.
+ * In case any of the two conditions stated above is not satisfied,
+ * the correctness of its output is not guaranteed, even if the return
+ * value could still be 1 (as primality testing and a conditional modular
+ * reduction round on the input can be omitted by the underlying
+ * implementations for better SCA properties on regular input values).
+ */
+__owur int ec_group_do_inverse_ord(const EC_GROUP *group, BIGNUM *res,
+                                   const BIGNUM *x, BN_CTX *ctx);
+
+# endif /* OPENSSL_NO_EC */
+#endif
diff --git a/freebsd/crypto/openssl/crypto/include/internal/engine.h b/freebsd/crypto/openssl/crypto/include/internal/engine.h
new file mode 100644
index 00000000..f80ae3ec
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/include/internal/engine.h
@@ -0,0 +1,20 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/engine.h>
+
+void engine_load_openssl_int(void);
+void engine_load_devcrypto_int(void);
+void engine_load_rdrand_int(void);
+void engine_load_dynamic_int(void);
+void engine_load_padlock_int(void);
+void engine_load_capi_int(void);
+void engine_load_dasync_int(void);
+void engine_load_afalg_int(void);
+void engine_cleanup_int(void);
diff --git a/freebsd/crypto/openssl/crypto/include/internal/err_int.h b/freebsd/crypto/openssl/crypto/include/internal/err_int.h
new file mode 100644
index 00000000..44ac9446
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/include/internal/err_int.h
@@ -0,0 +1,19 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef INTERNAL_ERR_INT_H
+# define INTERNAL_ERR_INT_H
+
+int err_load_crypto_strings_int(void);
+void err_cleanup(void);
+void err_delete_thread_state(void);
+int err_shelve_state(void **);
+void err_unshelve_state(void *);
+
+#endif
diff --git a/freebsd/crypto/openssl/crypto/include/internal/evp_int.h b/freebsd/crypto/openssl/crypto/include/internal/evp_int.h
new file mode 100644
index 00000000..d86aed36
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/include/internal/evp_int.h
@@ -0,0 +1,442 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/evp.h>
+#include "internal/refcount.h"
+
+/*
+ * Don't free up md_ctx->pctx in EVP_MD_CTX_reset, use the reserved flag
+ * values in evp.h
+ */
+#define EVP_MD_CTX_FLAG_KEEP_PKEY_CTX   0x0400
+
+struct evp_pkey_ctx_st {
+    /* Method associated with this operation */
+    const EVP_PKEY_METHOD *pmeth;
+    /* Engine that implements this method or NULL if builtin */
+    ENGINE *engine;
+    /* Key: may be NULL */
+    EVP_PKEY *pkey;
+    /* Peer key for key agreement, may be NULL */
+    EVP_PKEY *peerkey;
+    /* Actual operation */
+    int operation;
+    /* Algorithm specific data */
+    void *data;
+    /* Application specific data */
+    void *app_data;
+    /* Keygen callback */
+    EVP_PKEY_gen_cb *pkey_gencb;
+    /* implementation specific keygen data */
+    int *keygen_info;
+    int keygen_info_count;
+} /* EVP_PKEY_CTX */ ;
+
+#define EVP_PKEY_FLAG_DYNAMIC   1
+
+struct evp_pkey_method_st {
+    int pkey_id;
+    int flags;
+    int (*init) (EVP_PKEY_CTX *ctx);
+    int (*copy) (EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src);
+    void (*cleanup) (EVP_PKEY_CTX *ctx);
+    int (*paramgen_init) (EVP_PKEY_CTX *ctx);
+    int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
+    int (*keygen_init) (EVP_PKEY_CTX *ctx);
+    int (*keygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
+    int (*sign_init) (EVP_PKEY_CTX *ctx);
+    int (*sign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                 const unsigned char *tbs, size_t tbslen);
+    int (*verify_init) (EVP_PKEY_CTX *ctx);
+    int (*verify) (EVP_PKEY_CTX *ctx,
+                   const unsigned char *sig, size_t siglen,
+                   const unsigned char *tbs, size_t tbslen);
+    int (*verify_recover_init) (EVP_PKEY_CTX *ctx);
+    int (*verify_recover) (EVP_PKEY_CTX *ctx,
+                           unsigned char *rout, size_t *routlen,
+                           const unsigned char *sig, size_t siglen);
+    int (*signctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
+    int (*signctx) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                    EVP_MD_CTX *mctx);
+    int (*verifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
+    int (*verifyctx) (EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen,
+                      EVP_MD_CTX *mctx);
+    int (*encrypt_init) (EVP_PKEY_CTX *ctx);
+    int (*encrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
+                    const unsigned char *in, size_t inlen);
+    int (*decrypt_init) (EVP_PKEY_CTX *ctx);
+    int (*decrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
+                    const unsigned char *in, size_t inlen);
+    int (*derive_init) (EVP_PKEY_CTX *ctx);
+    int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
+    int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
+    int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value);
+    int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
+                       const unsigned char *tbs, size_t tbslen);
+    int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig,
+                         size_t siglen, const unsigned char *tbs,
+                         size_t tbslen);
+    int (*check) (EVP_PKEY *pkey);
+    int (*public_check) (EVP_PKEY *pkey);
+    int (*param_check) (EVP_PKEY *pkey);
+
+    int (*digest_custom) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
+} /* EVP_PKEY_METHOD */ ;
+
+DEFINE_STACK_OF_CONST(EVP_PKEY_METHOD)
+
+void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx);
+
+extern const EVP_PKEY_METHOD cmac_pkey_meth;
+extern const EVP_PKEY_METHOD dh_pkey_meth;
+extern const EVP_PKEY_METHOD dhx_pkey_meth;
+extern const EVP_PKEY_METHOD dsa_pkey_meth;
+extern const EVP_PKEY_METHOD ec_pkey_meth;
+extern const EVP_PKEY_METHOD sm2_pkey_meth;
+extern const EVP_PKEY_METHOD ecx25519_pkey_meth;
+extern const EVP_PKEY_METHOD ecx448_pkey_meth;
+extern const EVP_PKEY_METHOD ed25519_pkey_meth;
+extern const EVP_PKEY_METHOD ed448_pkey_meth;
+extern const EVP_PKEY_METHOD hmac_pkey_meth;
+extern const EVP_PKEY_METHOD rsa_pkey_meth;
+extern const EVP_PKEY_METHOD rsa_pss_pkey_meth;
+extern const EVP_PKEY_METHOD scrypt_pkey_meth;
+extern const EVP_PKEY_METHOD tls1_prf_pkey_meth;
+extern const EVP_PKEY_METHOD hkdf_pkey_meth;
+extern const EVP_PKEY_METHOD poly1305_pkey_meth;
+extern const EVP_PKEY_METHOD siphash_pkey_meth;
+
+struct evp_md_st {
+    int type;
+    int pkey_type;
+    int md_size;
+    unsigned long flags;
+    int (*init) (EVP_MD_CTX *ctx);
+    int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count);
+    int (*final) (EVP_MD_CTX *ctx, unsigned char *md);
+    int (*copy) (EVP_MD_CTX *to, const EVP_MD_CTX *from);
+    int (*cleanup) (EVP_MD_CTX *ctx);
+    int block_size;
+    int ctx_size;               /* how big does the ctx->md_data need to be */
+    /* control function */
+    int (*md_ctrl) (EVP_MD_CTX *ctx, int cmd, int p1, void *p2);
+} /* EVP_MD */ ;
+
+struct evp_cipher_st {
+    int nid;
+    int block_size;
+    /* Default value for variable length ciphers */
+    int key_len;
+    int iv_len;
+    /* Various flags */
+    unsigned long flags;
+    /* init key */
+    int (*init) (EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                 const unsigned char *iv, int enc);
+    /* encrypt/decrypt data */
+    int (*do_cipher) (EVP_CIPHER_CTX *ctx, unsigned char *out,
+                      const unsigned char *in, size_t inl);
+    /* cleanup ctx */
+    int (*cleanup) (EVP_CIPHER_CTX *);
+    /* how big ctx->cipher_data needs to be */
+    int ctx_size;
+    /* Populate a ASN1_TYPE with parameters */
+    int (*set_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *);
+    /* Get parameters from a ASN1_TYPE */
+    int (*get_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *);
+    /* Miscellaneous operations */
+    int (*ctrl) (EVP_CIPHER_CTX *, int type, int arg, void *ptr);
+    /* Application data */
+    void *app_data;
+} /* EVP_CIPHER */ ;
+
+/* Macros to code block cipher wrappers */
+
+/* Wrapper functions for each cipher mode */
+
+#define EVP_C_DATA(kstruct, ctx) \
+        ((kstruct *)EVP_CIPHER_CTX_get_cipher_data(ctx))
+
+#define BLOCK_CIPHER_ecb_loop() \
+        size_t i, bl; \
+        bl = EVP_CIPHER_CTX_cipher(ctx)->block_size;    \
+        if (inl < bl) return 1;\
+        inl -= bl; \
+        for (i=0; i <= inl; i+=bl)
+
+#define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \
+static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
+{\
+        BLOCK_CIPHER_ecb_loop() \
+            cprefix##_ecb_encrypt(in + i, out + i, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_encrypting(ctx)); \
+        return 1;\
+}
+
+#define EVP_MAXCHUNK ((size_t)1<<(sizeof(long)*8-2))
+
+#define BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) \
+    static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
+{\
+        while(inl>=EVP_MAXCHUNK) {\
+            int num = EVP_CIPHER_CTX_num(ctx);\
+            cprefix##_ofb##cbits##_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), &num); \
+            EVP_CIPHER_CTX_set_num(ctx, num);\
+            inl-=EVP_MAXCHUNK;\
+            in +=EVP_MAXCHUNK;\
+            out+=EVP_MAXCHUNK;\
+        }\
+        if (inl) {\
+            int num = EVP_CIPHER_CTX_num(ctx);\
+            cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), &num); \
+            EVP_CIPHER_CTX_set_num(ctx, num);\
+        }\
+        return 1;\
+}
+
+#define BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \
+static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
+{\
+        while(inl>=EVP_MAXCHUNK) \
+            {\
+            cprefix##_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), EVP_CIPHER_CTX_encrypting(ctx));\
+            inl-=EVP_MAXCHUNK;\
+            in +=EVP_MAXCHUNK;\
+            out+=EVP_MAXCHUNK;\
+            }\
+        if (inl)\
+            cprefix##_cbc_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), EVP_CIPHER_CTX_encrypting(ctx));\
+        return 1;\
+}
+
+#define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched)  \
+static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
+{\
+    size_t chunk = EVP_MAXCHUNK;\
+    if (cbits == 1)  chunk >>= 3;\
+    if (inl < chunk) chunk = inl;\
+    while (inl && inl >= chunk)\
+    {\
+        int num = EVP_CIPHER_CTX_num(ctx);\
+        cprefix##_cfb##cbits##_encrypt(in, out, (long) \
+            ((cbits == 1) \
+                && !EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS) \
+                ? chunk*8 : chunk), \
+            &EVP_C_DATA(kstruct, ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx),\
+            &num, EVP_CIPHER_CTX_encrypting(ctx));\
+        EVP_CIPHER_CTX_set_num(ctx, num);\
+        inl -= chunk;\
+        in += chunk;\
+        out += chunk;\
+        if (inl < chunk) chunk = inl;\
+    }\
+    return 1;\
+}
+
+#define BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \
+        BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \
+        BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \
+        BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \
+        BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched)
+
+#define BLOCK_CIPHER_def1(cname, nmode, mode, MODE, kstruct, nid, block_size, \
+                          key_len, iv_len, flags, init_key, cleanup, \
+                          set_asn1, get_asn1, ctrl) \
+static const EVP_CIPHER cname##_##mode = { \
+        nid##_##nmode, block_size, key_len, iv_len, \
+        flags | EVP_CIPH_##MODE##_MODE, \
+        init_key, \
+        cname##_##mode##_cipher, \
+        cleanup, \
+        sizeof(kstruct), \
+        set_asn1, get_asn1,\
+        ctrl, \
+        NULL \
+}; \
+const EVP_CIPHER *EVP_##cname##_##mode(void) { return &cname##_##mode; }
+
+#define BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, \
+                             iv_len, flags, init_key, cleanup, set_asn1, \
+                             get_asn1, ctrl) \
+BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid, block_size, key_len, \
+                  iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
+
+#define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, \
+                             iv_len, cbits, flags, init_key, cleanup, \
+                             set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def1(cname, cfb##cbits, cfb##cbits, CFB, kstruct, nid, 1, \
+                  key_len, iv_len, flags, init_key, cleanup, set_asn1, \
+                  get_asn1, ctrl)
+
+#define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, \
+                             iv_len, cbits, flags, init_key, cleanup, \
+                             set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def1(cname, ofb##cbits, ofb, OFB, kstruct, nid, 1, \
+                  key_len, iv_len, flags, init_key, cleanup, set_asn1, \
+                  get_asn1, ctrl)
+
+#define BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, \
+                             flags, init_key, cleanup, set_asn1, \
+                             get_asn1, ctrl) \
+BLOCK_CIPHER_def1(cname, ecb, ecb, ECB, kstruct, nid, block_size, key_len, \
+                  0, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
+
+#define BLOCK_CIPHER_defs(cname, kstruct, \
+                          nid, block_size, key_len, iv_len, cbits, flags, \
+                          init_key, cleanup, set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags, \
+                     init_key, cleanup, set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, iv_len, cbits, \
+                     flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, iv_len, cbits, \
+                     flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, flags, \
+                     init_key, cleanup, set_asn1, get_asn1, ctrl)
+
+/*-
+#define BLOCK_CIPHER_defs(cname, kstruct, \
+                                nid, block_size, key_len, iv_len, flags,\
+                                 init_key, cleanup, set_asn1, get_asn1, ctrl)\
+static const EVP_CIPHER cname##_cbc = {\
+        nid##_cbc, block_size, key_len, iv_len, \
+        flags | EVP_CIPH_CBC_MODE,\
+        init_key,\
+        cname##_cbc_cipher,\
+        cleanup,\
+        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
+                sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
+        set_asn1, get_asn1,\
+        ctrl, \
+        NULL \
+};\
+const EVP_CIPHER *EVP_##cname##_cbc(void) { return &cname##_cbc; }\
+static const EVP_CIPHER cname##_cfb = {\
+        nid##_cfb64, 1, key_len, iv_len, \
+        flags | EVP_CIPH_CFB_MODE,\
+        init_key,\
+        cname##_cfb_cipher,\
+        cleanup,\
+        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
+                sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
+        set_asn1, get_asn1,\
+        ctrl,\
+        NULL \
+};\
+const EVP_CIPHER *EVP_##cname##_cfb(void) { return &cname##_cfb; }\
+static const EVP_CIPHER cname##_ofb = {\
+        nid##_ofb64, 1, key_len, iv_len, \
+        flags | EVP_CIPH_OFB_MODE,\
+        init_key,\
+        cname##_ofb_cipher,\
+        cleanup,\
+        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
+                sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
+        set_asn1, get_asn1,\
+        ctrl,\
+        NULL \
+};\
+const EVP_CIPHER *EVP_##cname##_ofb(void) { return &cname##_ofb; }\
+static const EVP_CIPHER cname##_ecb = {\
+        nid##_ecb, block_size, key_len, iv_len, \
+        flags | EVP_CIPH_ECB_MODE,\
+        init_key,\
+        cname##_ecb_cipher,\
+        cleanup,\
+        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
+                sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
+        set_asn1, get_asn1,\
+        ctrl,\
+        NULL \
+};\
+const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; }
+*/
+
+#define IMPLEMENT_BLOCK_CIPHER(cname, ksched, cprefix, kstruct, nid, \
+                               block_size, key_len, iv_len, cbits, \
+                               flags, init_key, \
+                               cleanup, set_asn1, get_asn1, ctrl) \
+        BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \
+        BLOCK_CIPHER_defs(cname, kstruct, nid, block_size, key_len, iv_len, \
+                          cbits, flags, init_key, cleanup, set_asn1, \
+                          get_asn1, ctrl)
+
+#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len,fl) \
+        BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \
+        BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \
+                             NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \
+                             (fl)|EVP_CIPH_FLAG_DEFAULT_ASN1, \
+                             cipher##_init_key, NULL, NULL, NULL, NULL)
+
+
+# ifndef OPENSSL_NO_EC
+
+#define X25519_KEYLEN        32
+#define X448_KEYLEN          56
+#define ED448_KEYLEN         57
+
+#define MAX_KEYLEN  ED448_KEYLEN
+
+typedef struct {
+    unsigned char pubkey[MAX_KEYLEN];
+    unsigned char *privkey;
+} ECX_KEY;
+
+#endif
+
+/*
+ * Type needs to be a bit field Sub-type needs to be for variations on the
+ * method, as in, can it do arbitrary encryption....
+ */
+struct evp_pkey_st {
+    int type;
+    int save_type;
+    CRYPTO_REF_COUNT references;
+    const EVP_PKEY_ASN1_METHOD *ameth;
+    ENGINE *engine;
+    ENGINE *pmeth_engine; /* If not NULL public key ENGINE to use */
+    union {
+        void *ptr;
+# ifndef OPENSSL_NO_RSA
+        struct rsa_st *rsa;     /* RSA */
+# endif
+# ifndef OPENSSL_NO_DSA
+        struct dsa_st *dsa;     /* DSA */
+# endif
+# ifndef OPENSSL_NO_DH
+        struct dh_st *dh;       /* DH */
+# endif
+# ifndef OPENSSL_NO_EC
+        struct ec_key_st *ec;   /* ECC */
+        ECX_KEY *ecx;           /* X25519, X448, Ed25519, Ed448 */
+# endif
+    } pkey;
+    int save_parameters;
+    STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
+    CRYPTO_RWLOCK *lock;
+} /* EVP_PKEY */ ;
+
+
+void openssl_add_all_ciphers_int(void);
+void openssl_add_all_digests_int(void);
+void evp_cleanup_int(void);
+void evp_app_cleanup_int(void);
+
+/* Pulling defines out of C source files */
+
+#define EVP_RC4_KEY_SIZE 16
+#ifndef TLS1_1_VERSION
+# define TLS1_1_VERSION   0x0302
+#endif
+
+void evp_encode_ctx_set_flags(EVP_ENCODE_CTX *ctx, unsigned int flags);
+
+/* EVP_ENCODE_CTX flags */
+/* Don't generate new lines when encoding */
+#define EVP_ENCODE_CTX_NO_NEWLINES          1
+/* Use the SRP base64 alphabet instead of the standard one */
+#define EVP_ENCODE_CTX_USE_SRP_ALPHABET     2
diff --git a/freebsd/crypto/openssl/crypto/include/internal/lhash.h b/freebsd/crypto/openssl/crypto/include/internal/lhash.h
new file mode 100644
index 00000000..200ba868
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/include/internal/lhash.h
@@ -0,0 +1,15 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef INTERNAL_LHASH_H
+# define INTERNAL_LHASH_H
+
+unsigned long openssl_lh_strcasehash(const char *);
+
+#endif
diff --git a/freebsd/crypto/openssl/crypto/include/internal/md32_common.h b/freebsd/crypto/openssl/crypto/include/internal/md32_common.h
new file mode 100644
index 00000000..1124e9c2
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/include/internal/md32_common.h
@@ -0,0 +1,256 @@
+/*
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*-
+ * This is a generic 32 bit "collector" for message digest algorithms.
+ * Whenever needed it collects input character stream into chunks of
+ * 32 bit values and invokes a block function that performs actual hash
+ * calculations.
+ *
+ * Porting guide.
+ *
+ * Obligatory macros:
+ *
+ * DATA_ORDER_IS_BIG_ENDIAN or DATA_ORDER_IS_LITTLE_ENDIAN
+ *      this macro defines byte order of input stream.
+ * HASH_CBLOCK
+ *      size of a unit chunk HASH_BLOCK operates on.
+ * HASH_LONG
+ *      has to be at least 32 bit wide.
+ * HASH_CTX
+ *      context structure that at least contains following
+ *      members:
+ *              typedef struct {
+ *                      ...
+ *                      HASH_LONG       Nl,Nh;
+ *                      either {
+ *                      HASH_LONG       data[HASH_LBLOCK];
+ *                      unsigned char   data[HASH_CBLOCK];
+ *                      };
+ *                      unsigned int    num;
+ *                      ...
+ *                      } HASH_CTX;
+ *      data[] vector is expected to be zeroed upon first call to
+ *      HASH_UPDATE.
+ * HASH_UPDATE
+ *      name of "Update" function, implemented here.
+ * HASH_TRANSFORM
+ *      name of "Transform" function, implemented here.
+ * HASH_FINAL
+ *      name of "Final" function, implemented here.
+ * HASH_BLOCK_DATA_ORDER
+ *      name of "block" function capable of treating *unaligned* input
+ *      message in original (data) byte order, implemented externally.
+ * HASH_MAKE_STRING
+ *      macro converting context variables to an ASCII hash string.
+ *
+ * MD5 example:
+ *
+ *      #define DATA_ORDER_IS_LITTLE_ENDIAN
+ *
+ *      #define HASH_LONG               MD5_LONG
+ *      #define HASH_CTX                MD5_CTX
+ *      #define HASH_CBLOCK             MD5_CBLOCK
+ *      #define HASH_UPDATE             MD5_Update
+ *      #define HASH_TRANSFORM          MD5_Transform
+ *      #define HASH_FINAL              MD5_Final
+ *      #define HASH_BLOCK_DATA_ORDER   md5_block_data_order
+ */
+
+#include <openssl/crypto.h>
+
+#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+# error "DATA_ORDER must be defined!"
+#endif
+
+#ifndef HASH_CBLOCK
+# error "HASH_CBLOCK must be defined!"
+#endif
+#ifndef HASH_LONG
+# error "HASH_LONG must be defined!"
+#endif
+#ifndef HASH_CTX
+# error "HASH_CTX must be defined!"
+#endif
+
+#ifndef HASH_UPDATE
+# error "HASH_UPDATE must be defined!"
+#endif
+#ifndef HASH_TRANSFORM
+# error "HASH_TRANSFORM must be defined!"
+#endif
+#ifndef HASH_FINAL
+# error "HASH_FINAL must be defined!"
+#endif
+
+#ifndef HASH_BLOCK_DATA_ORDER
+# error "HASH_BLOCK_DATA_ORDER must be defined!"
+#endif
+
+#define ROTATE(a,n)     (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
+
+#if defined(DATA_ORDER_IS_BIG_ENDIAN)
+
+# define HOST_c2l(c,l)  (l =(((unsigned long)(*((c)++)))<<24),          \
+                         l|=(((unsigned long)(*((c)++)))<<16),          \
+                         l|=(((unsigned long)(*((c)++)))<< 8),          \
+                         l|=(((unsigned long)(*((c)++)))    )           )
+# define HOST_l2c(l,c)  (*((c)++)=(unsigned char)(((l)>>24)&0xff),      \
+                         *((c)++)=(unsigned char)(((l)>>16)&0xff),      \
+                         *((c)++)=(unsigned char)(((l)>> 8)&0xff),      \
+                         *((c)++)=(unsigned char)(((l)    )&0xff),      \
+                         l)
+
+#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+
+# define HOST_c2l(c,l)  (l =(((unsigned long)(*((c)++)))    ),          \
+                         l|=(((unsigned long)(*((c)++)))<< 8),          \
+                         l|=(((unsigned long)(*((c)++)))<<16),          \
+                         l|=(((unsigned long)(*((c)++)))<<24)           )
+# define HOST_l2c(l,c)  (*((c)++)=(unsigned char)(((l)    )&0xff),      \
+                         *((c)++)=(unsigned char)(((l)>> 8)&0xff),      \
+                         *((c)++)=(unsigned char)(((l)>>16)&0xff),      \
+                         *((c)++)=(unsigned char)(((l)>>24)&0xff),      \
+                         l)
+
+#endif
+
+/*
+ * Time for some action :-)
+ */
+
+int HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len)
+{
+    const unsigned char *data = data_;
+    unsigned char *p;
+    HASH_LONG l;
+    size_t n;
+
+    if (len == 0)
+        return 1;
+
+    l = (c->Nl + (((HASH_LONG) len) << 3)) & 0xffffffffUL;
+    if (l < c->Nl)              /* overflow */
+        c->Nh++;
+    c->Nh += (HASH_LONG) (len >> 29); /* might cause compiler warning on
+                                       * 16-bit */
+    c->Nl = l;
+
+    n = c->num;
+    if (n != 0) {
+        p = (unsigned char *)c->data;
+
+        if (len >= HASH_CBLOCK || len + n >= HASH_CBLOCK) {
+            memcpy(p + n, data, HASH_CBLOCK - n);
+            HASH_BLOCK_DATA_ORDER(c, p, 1);
+            n = HASH_CBLOCK - n;
+            data += n;
+            len -= n;
+            c->num = 0;
+            /*
+             * We use memset rather than OPENSSL_cleanse() here deliberately.
+             * Using OPENSSL_cleanse() here could be a performance issue. It
+             * will get properly cleansed on finalisation so this isn't a
+             * security problem.
+             */
+            memset(p, 0, HASH_CBLOCK); /* keep it zeroed */
+        } else {
+            memcpy(p + n, data, len);
+            c->num += (unsigned int)len;
+            return 1;
+        }
+    }
+
+    n = len / HASH_CBLOCK;
+    if (n > 0) {
+        HASH_BLOCK_DATA_ORDER(c, data, n);
+        n *= HASH_CBLOCK;
+        data += n;
+        len -= n;
+    }
+
+    if (len != 0) {
+        p = (unsigned char *)c->data;
+        c->num = (unsigned int)len;
+        memcpy(p, data, len);
+    }
+    return 1;
+}
+
+void HASH_TRANSFORM(HASH_CTX *c, const unsigned char *data)
+{
+    HASH_BLOCK_DATA_ORDER(c, data, 1);
+}
+
+int HASH_FINAL(unsigned char *md, HASH_CTX *c)
+{
+    unsigned char *p = (unsigned char *)c->data;
+    size_t n = c->num;
+
+    p[n] = 0x80;                /* there is always room for one */
+    n++;
+
+    if (n > (HASH_CBLOCK - 8)) {
+        memset(p + n, 0, HASH_CBLOCK - n);
+        n = 0;
+        HASH_BLOCK_DATA_ORDER(c, p, 1);
+    }
+    memset(p + n, 0, HASH_CBLOCK - 8 - n);
+
+    p += HASH_CBLOCK - 8;
+#if   defined(DATA_ORDER_IS_BIG_ENDIAN)
+    (void)HOST_l2c(c->Nh, p);
+    (void)HOST_l2c(c->Nl, p);
+#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+    (void)HOST_l2c(c->Nl, p);
+    (void)HOST_l2c(c->Nh, p);
+#endif
+    p -= HASH_CBLOCK;
+    HASH_BLOCK_DATA_ORDER(c, p, 1);
+    c->num = 0;
+    OPENSSL_cleanse(p, HASH_CBLOCK);
+
+#ifndef HASH_MAKE_STRING
+# error "HASH_MAKE_STRING must be defined!"
+#else
+    HASH_MAKE_STRING(c, md);
+#endif
+
+    return 1;
+}
+
+#ifndef MD32_REG_T
+# if defined(__alpha) || defined(__sparcv9) || defined(__mips)
+#  define MD32_REG_T long
+/*
+ * This comment was originally written for MD5, which is why it
+ * discusses A-D. But it basically applies to all 32-bit digests,
+ * which is why it was moved to common header file.
+ *
+ * In case you wonder why A-D are declared as long and not
+ * as MD5_LONG. Doing so results in slight performance
+ * boost on LP64 architectures. The catch is we don't
+ * really care if 32 MSBs of a 64-bit register get polluted
+ * with eventual overflows as we *save* only 32 LSBs in
+ * *either* case. Now declaring 'em long excuses the compiler
+ * from keeping 32 MSBs zeroed resulting in 13% performance
+ * improvement under SPARC Solaris7/64 and 5% under AlphaLinux.
+ * Well, to be honest it should say that this *prevents*
+ * performance degradation.
+ */
+# else
+/*
+ * Above is not absolute and there are LP64 compilers that
+ * generate better code if MD32_REG_T is defined int. The above
+ * pre-processor condition reflects the circumstances under which
+ * the conclusion was made and is subject to further extension.
+ */
+#  define MD32_REG_T int
+# endif
+#endif
diff --git a/freebsd/crypto/openssl/crypto/include/internal/objects.h b/freebsd/crypto/openssl/crypto/include/internal/objects.h
new file mode 100644
index 00000000..76e1b4d9
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/include/internal/objects.h
@@ -0,0 +1,12 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/objects.h>
+
+void obj_cleanup_int(void);
diff --git a/freebsd/crypto/openssl/crypto/include/internal/poly1305.h b/freebsd/crypto/openssl/crypto/include/internal/poly1305.h
new file mode 100644
index 00000000..5fef239d
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/include/internal/poly1305.h
@@ -0,0 +1,21 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stddef.h>
+
+#define POLY1305_BLOCK_SIZE  16
+#define POLY1305_DIGEST_SIZE 16
+#define POLY1305_KEY_SIZE    32
+
+typedef struct poly1305_context POLY1305;
+
+size_t Poly1305_ctx_size(void);
+void Poly1305_Init(POLY1305 *ctx, const unsigned char key[32]);
+void Poly1305_Update(POLY1305 *ctx, const unsigned char *inp, size_t len);
+void Poly1305_Final(POLY1305 *ctx, unsigned char mac[16]);
diff --git a/freebsd/crypto/openssl/crypto/include/internal/rand_int.h b/freebsd/crypto/openssl/crypto/include/internal/rand_int.h
new file mode 100644
index 00000000..d91ee4c9
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/include/internal/rand_int.h
@@ -0,0 +1,131 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+#ifndef HEADER_RAND_INT_H
+# define HEADER_RAND_INT_H
+
+# include <openssl/rand.h>
+
+/* forward declaration */
+typedef struct rand_pool_st RAND_POOL;
+
+void rand_cleanup_int(void);
+void rand_drbg_cleanup_int(void);
+void drbg_delete_thread_state(void);
+void rand_fork(void);
+
+/* Hardware-based seeding functions. */
+size_t rand_acquire_entropy_from_tsc(RAND_POOL *pool);
+size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool);
+
+/* DRBG entropy callbacks. */
+size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
+                             unsigned char **pout,
+                             int entropy, size_t min_len, size_t max_len,
+                             int prediction_resistance);
+void rand_drbg_cleanup_entropy(RAND_DRBG *drbg,
+                               unsigned char *out, size_t outlen);
+size_t rand_drbg_get_nonce(RAND_DRBG *drbg,
+                           unsigned char **pout,
+                           int entropy, size_t min_len, size_t max_len);
+void rand_drbg_cleanup_nonce(RAND_DRBG *drbg,
+                             unsigned char *out, size_t outlen);
+
+size_t rand_drbg_get_additional_data(unsigned char **pout, size_t max_len);
+
+void rand_drbg_cleanup_additional_data(unsigned char *out, size_t outlen);
+
+/*
+ * RAND_POOL functions
+ */
+RAND_POOL *rand_pool_new(int entropy_requested, size_t min_len, size_t max_len);
+void rand_pool_free(RAND_POOL *pool);
+
+const unsigned char *rand_pool_buffer(RAND_POOL *pool);
+unsigned char *rand_pool_detach(RAND_POOL *pool);
+
+size_t rand_pool_entropy(RAND_POOL *pool);
+size_t rand_pool_length(RAND_POOL *pool);
+
+size_t rand_pool_entropy_available(RAND_POOL *pool);
+size_t rand_pool_entropy_needed(RAND_POOL *pool);
+/* |entropy_factor| expresses how many bits of data contain 1 bit of entropy */
+size_t rand_pool_bytes_needed(RAND_POOL *pool, unsigned int entropy_factor);
+size_t rand_pool_bytes_remaining(RAND_POOL *pool);
+
+int rand_pool_add(RAND_POOL *pool,
+                  const unsigned char *buffer, size_t len, size_t entropy);
+unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len);
+int rand_pool_add_end(RAND_POOL *pool, size_t len, size_t entropy);
+
+
+/*
+ * Add random bytes to the pool to acquire requested amount of entropy
+ *
+ * This function is platform specific and tries to acquire the requested
+ * amount of entropy by polling platform specific entropy sources.
+ *
+ * If the function succeeds in acquiring at least |entropy_requested| bits
+ * of entropy, the total entropy count is returned. If it fails, it returns
+ * an entropy count of 0.
+ */
+size_t rand_pool_acquire_entropy(RAND_POOL *pool);
+
+/*
+ * Add some application specific nonce data
+ *
+ * This function is platform specific and adds some application specific
+ * data to the nonce used for instantiating the drbg.
+ *
+ * This data currently consists of the process and thread id, and a high
+ * resolution timestamp. The data does not include an atomic counter,
+ * because that is added by the calling function rand_drbg_get_nonce().
+ *
+ * Returns 1 on success and 0 on failure.
+ */
+int rand_pool_add_nonce_data(RAND_POOL *pool);
+
+
+/*
+ * Add some platform specific additional data
+ *
+ * This function is platform specific and adds some random noise to the
+ * additional data used for generating random bytes and for reseeding
+ * the drbg.
+ *
+ * Returns 1 on success and 0 on failure.
+ */
+int rand_pool_add_additional_data(RAND_POOL *pool);
+
+/*
+ * Initialise the random pool reseeding sources.
+ *
+ * Returns 1 on success and 0 on failure.
+ */
+int rand_pool_init(void);
+
+/*
+ * Finalise the random pool reseeding sources.
+ */
+void rand_pool_cleanup(void);
+
+/*
+ * Control the random pool use of open file descriptors.
+ */
+void rand_pool_keep_random_devices_open(int keep);
+
+#endif
diff --git a/freebsd/crypto/openssl/crypto/include/internal/sha.h b/freebsd/crypto/openssl/crypto/include/internal/sha.h
new file mode 100644
index 00000000..458a75e8
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/include/internal/sha.h
@@ -0,0 +1,19 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2018, Oracle and/or its affiliates.  All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_INTERNAL_SHA_H
+# define HEADER_INTERNAL_SHA_H
+
+# include <openssl/opensslconf.h>
+
+int sha512_224_init(SHA512_CTX *);
+int sha512_256_init(SHA512_CTX *);
+
+#endif
diff --git a/freebsd/crypto/openssl/crypto/include/internal/siphash.h b/freebsd/crypto/openssl/crypto/include/internal/siphash.h
new file mode 100644
index 00000000..9573680f
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/include/internal/siphash.h
@@ -0,0 +1,25 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stddef.h>
+
+#define SIPHASH_BLOCK_SIZE        8
+#define SIPHASH_KEY_SIZE         16
+#define SIPHASH_MIN_DIGEST_SIZE   8
+#define SIPHASH_MAX_DIGEST_SIZE  16
+
+typedef struct siphash_st SIPHASH;
+
+size_t SipHash_ctx_size(void);
+size_t SipHash_hash_size(SIPHASH *ctx);
+int SipHash_set_hash_size(SIPHASH *ctx, size_t hash_size);
+int SipHash_Init(SIPHASH *ctx, const unsigned char *k,
+                 int crounds, int drounds);
+void SipHash_Update(SIPHASH *ctx, const unsigned char *in, size_t inlen);
+int SipHash_Final(SIPHASH *ctx, unsigned char *out, size_t outlen);
diff --git a/freebsd/crypto/openssl/crypto/include/internal/sm2.h b/freebsd/crypto/openssl/crypto/include/internal/sm2.h
new file mode 100644
index 00000000..5c5cd4b4
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/include/internal/sm2.h
@@ -0,0 +1,78 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ * Ported from Ribose contributions from Botan.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_SM2_H
+# define HEADER_SM2_H
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_SM2
+
+#  include <openssl/ec.h>
+
+/* The default user id as specified in GM/T 0009-2012 */
+#  define SM2_DEFAULT_USERID "1234567812345678"
+
+int sm2_compute_z_digest(uint8_t *out,
+                         const EVP_MD *digest,
+                         const uint8_t *id,
+                         const size_t id_len,
+                         const EC_KEY *key);
+
+/*
+ * SM2 signature operation. Computes Z and then signs H(Z || msg) using SM2
+ */
+ECDSA_SIG *sm2_do_sign(const EC_KEY *key,
+                       const EVP_MD *digest,
+                       const uint8_t *id,
+                       const size_t id_len,
+                       const uint8_t *msg, size_t msg_len);
+
+int sm2_do_verify(const EC_KEY *key,
+                  const EVP_MD *digest,
+                  const ECDSA_SIG *signature,
+                  const uint8_t *id,
+                  const size_t id_len,
+                  const uint8_t *msg, size_t msg_len);
+
+/*
+ * SM2 signature generation.
+ */
+int sm2_sign(const unsigned char *dgst, int dgstlen,
+             unsigned char *sig, unsigned int *siglen, EC_KEY *eckey);
+
+/*
+ * SM2 signature verification.
+ */
+int sm2_verify(const unsigned char *dgst, int dgstlen,
+               const unsigned char *sig, int siglen, EC_KEY *eckey);
+
+/*
+ * SM2 encryption
+ */
+int sm2_ciphertext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len,
+                        size_t *ct_size);
+
+int sm2_plaintext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len,
+                       size_t *pt_size);
+
+int sm2_encrypt(const EC_KEY *key,
+                const EVP_MD *digest,
+                const uint8_t *msg,
+                size_t msg_len,
+                uint8_t *ciphertext_buf, size_t *ciphertext_len);
+
+int sm2_decrypt(const EC_KEY *key,
+                const EVP_MD *digest,
+                const uint8_t *ciphertext,
+                size_t ciphertext_len, uint8_t *ptext_buf, size_t *ptext_len);
+
+# endif /* OPENSSL_NO_SM2 */
+#endif
diff --git a/freebsd/crypto/openssl/crypto/include/internal/sm2err.h b/freebsd/crypto/openssl/crypto/include/internal/sm2err.h
new file mode 100644
index 00000000..a4db1b73
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/include/internal/sm2err.h
@@ -0,0 +1,61 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_SM2ERR_H
+# define HEADER_SM2ERR_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_SM2
+
+#  ifdef  __cplusplus
+extern "C"
+#  endif
+int ERR_load_SM2_strings(void);
+
+/*
+ * SM2 function codes.
+ */
+#  define SM2_F_PKEY_SM2_COPY                              115
+#  define SM2_F_PKEY_SM2_CTRL                              109
+#  define SM2_F_PKEY_SM2_CTRL_STR                          110
+#  define SM2_F_PKEY_SM2_DIGEST_CUSTOM                     114
+#  define SM2_F_PKEY_SM2_INIT                              111
+#  define SM2_F_PKEY_SM2_SIGN                              112
+#  define SM2_F_SM2_COMPUTE_MSG_HASH                       100
+#  define SM2_F_SM2_COMPUTE_USERID_DIGEST                  101
+#  define SM2_F_SM2_COMPUTE_Z_DIGEST                       113
+#  define SM2_F_SM2_DECRYPT                                102
+#  define SM2_F_SM2_ENCRYPT                                103
+#  define SM2_F_SM2_PLAINTEXT_SIZE                         104
+#  define SM2_F_SM2_SIGN                                   105
+#  define SM2_F_SM2_SIG_GEN                                106
+#  define SM2_F_SM2_SIG_VERIFY                             107
+#  define SM2_F_SM2_VERIFY                                 108
+
+/*
+ * SM2 reason codes.
+ */
+#  define SM2_R_ASN1_ERROR                                 100
+#  define SM2_R_BAD_SIGNATURE                              101
+#  define SM2_R_BUFFER_TOO_SMALL                           107
+#  define SM2_R_DIST_ID_TOO_LARGE                          110
+#  define SM2_R_ID_NOT_SET                                 112
+#  define SM2_R_ID_TOO_LARGE                               111
+#  define SM2_R_INVALID_CURVE                              108
+#  define SM2_R_INVALID_DIGEST                             102
+#  define SM2_R_INVALID_DIGEST_TYPE                        103
+#  define SM2_R_INVALID_ENCODING                           104
+#  define SM2_R_INVALID_FIELD                              105
+#  define SM2_R_NO_PARAMETERS_SET                          109
+#  define SM2_R_USER_ID_TOO_LARGE                          106
+
+# endif
+#endif
diff --git a/freebsd/crypto/openssl/crypto/include/internal/sm3.h b/freebsd/crypto/openssl/crypto/include/internal/sm3.h
new file mode 100644
index 00000000..27eb471c
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/include/internal/sm3.h
@@ -0,0 +1,39 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_SM3_H
+# define HEADER_SM3_H
+
+# include <openssl/opensslconf.h>
+
+# ifdef OPENSSL_NO_SM3
+#  error SM3 is disabled.
+# endif
+
+# define SM3_DIGEST_LENGTH 32
+# define SM3_WORD unsigned int
+
+# define SM3_CBLOCK      64
+# define SM3_LBLOCK      (SM3_CBLOCK/4)
+
+typedef struct SM3state_st {
+   SM3_WORD A, B, C, D, E, F, G, H;
+   SM3_WORD Nl, Nh;
+   SM3_WORD data[SM3_LBLOCK];
+   unsigned int num;
+} SM3_CTX;
+
+int sm3_init(SM3_CTX *c);
+int sm3_update(SM3_CTX *c, const void *data, size_t len);
+int sm3_final(unsigned char *md, SM3_CTX *c);
+
+void sm3_block_data_order(SM3_CTX *c, const void *p, size_t num);
+
+#endif
diff --git a/freebsd/crypto/openssl/crypto/include/internal/sm4.h b/freebsd/crypto/openssl/crypto/include/internal/sm4.h
new file mode 100644
index 00000000..f1f157ef
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/include/internal/sm4.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_SM4_H
+# define HEADER_SM4_H
+
+# include <openssl/opensslconf.h>
+# include <openssl/e_os2.h>
+
+# ifdef OPENSSL_NO_SM4
+#  error SM4 is disabled.
+# endif
+
+# define SM4_ENCRYPT     1
+# define SM4_DECRYPT     0
+
+# define SM4_BLOCK_SIZE    16
+# define SM4_KEY_SCHEDULE  32
+
+typedef struct SM4_KEY_st {
+    uint32_t rk[SM4_KEY_SCHEDULE];
+} SM4_KEY;
+
+int SM4_set_key(const uint8_t *key, SM4_KEY *ks);
+
+void SM4_encrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks);
+
+void SM4_decrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks);
+
+#endif
diff --git a/freebsd/crypto/openssl/crypto/include/internal/store.h b/freebsd/crypto/openssl/crypto/include/internal/store.h
new file mode 100644
index 00000000..f5013dc3
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/include/internal/store.h
@@ -0,0 +1,10 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+void ossl_store_cleanup_int(void);
diff --git a/freebsd/crypto/openssl/crypto/include/internal/store_int.h b/freebsd/crypto/openssl/crypto/include/internal/store_int.h
new file mode 100644
index 00000000..6f31e019
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/include/internal/store_int.h
@@ -0,0 +1,26 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_STORE_INT_H
+# define HEADER_STORE_INT_H
+
+# include <openssl/bio.h>
+# include <openssl/store.h>
+# include <openssl/ui.h>
+
+/*
+ * Two functions to read PEM data off an already opened BIO.  To be used
+ * instead of OSSLSTORE_open() and OSSLSTORE_close().  Everything is done
+ * as usual with OSSLSTORE_load() and OSSLSTORE_eof().
+ */
+OSSL_STORE_CTX *ossl_store_attach_pem_bio(BIO *bp, const UI_METHOD *ui_method,
+                                          void *ui_data);
+int ossl_store_detach_pem_bio(OSSL_STORE_CTX *ctx);
+
+#endif
diff --git a/freebsd/crypto/openssl/crypto/include/internal/x509_int.h b/freebsd/crypto/openssl/crypto/include/internal/x509_int.h
new file mode 100644
index 00000000..b53c2b03
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/include/internal/x509_int.h
@@ -0,0 +1,286 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/refcount.h"
+
+/* Internal X509 structures and functions: not for application use */
+
+/* Note: unless otherwise stated a field pointer is mandatory and should
+ * never be set to NULL: the ASN.1 code and accessors rely on mandatory
+ * fields never being NULL.
+ */
+
+/*
+ * name entry structure, equivalent to AttributeTypeAndValue defined
+ * in RFC5280 et al.
+ */
+struct X509_name_entry_st {
+    ASN1_OBJECT *object;        /* AttributeType */
+    ASN1_STRING *value;         /* AttributeValue */
+    int set;                    /* index of RDNSequence for this entry */
+    int size;                   /* temp variable */
+};
+
+/* Name from RFC 5280. */
+struct X509_name_st {
+    STACK_OF(X509_NAME_ENTRY) *entries; /* DN components */
+    int modified;               /* true if 'bytes' needs to be built */
+    BUF_MEM *bytes;             /* cached encoding: cannot be NULL */
+    /* canonical encoding used for rapid Name comparison */
+    unsigned char *canon_enc;
+    int canon_enclen;
+} /* X509_NAME */ ;
+
+/* Signature info structure */
+
+struct x509_sig_info_st {
+    /* NID of message digest */
+    int mdnid;
+    /* NID of public key algorithm */
+    int pknid;
+    /* Security bits */
+    int secbits;
+    /* Various flags */
+    uint32_t flags;
+};
+
+/* PKCS#10 certificate request */
+
+struct X509_req_info_st {
+    ASN1_ENCODING enc;          /* cached encoding of signed part */
+    ASN1_INTEGER *version;      /* version, defaults to v1(0) so can be NULL */
+    X509_NAME *subject;         /* certificate request DN */
+    X509_PUBKEY *pubkey;        /* public key of request */
+    /*
+     * Zero or more attributes.
+     * NB: although attributes is a mandatory field some broken
+     * encodings omit it so this may be NULL in that case.
+     */
+    STACK_OF(X509_ATTRIBUTE) *attributes;
+};
+
+struct X509_req_st {
+    X509_REQ_INFO req_info;     /* signed certificate request data */
+    X509_ALGOR sig_alg;         /* signature algorithm */
+    ASN1_BIT_STRING *signature; /* signature */
+    CRYPTO_REF_COUNT references;
+    CRYPTO_RWLOCK *lock;
+};
+
+struct X509_crl_info_st {
+    ASN1_INTEGER *version;      /* version: defaults to v1(0) so may be NULL */
+    X509_ALGOR sig_alg;         /* signature algorithm */
+    X509_NAME *issuer;          /* CRL issuer name */
+    ASN1_TIME *lastUpdate;      /* lastUpdate field */
+    ASN1_TIME *nextUpdate;      /* nextUpdate field: optional */
+    STACK_OF(X509_REVOKED) *revoked;        /* revoked entries: optional */
+    STACK_OF(X509_EXTENSION) *extensions;   /* extensions: optional */
+    ASN1_ENCODING enc;                      /* encoding of signed portion of CRL */
+};
+
+struct X509_crl_st {
+    X509_CRL_INFO crl;          /* signed CRL data */
+    X509_ALGOR sig_alg;         /* CRL signature algorithm */
+    ASN1_BIT_STRING signature;  /* CRL signature */
+    CRYPTO_REF_COUNT references;
+    int flags;
+    /*
+     * Cached copies of decoded extension values, since extensions
+     * are optional any of these can be NULL.
+     */
+    AUTHORITY_KEYID *akid;
+    ISSUING_DIST_POINT *idp;
+    /* Convenient breakdown of IDP */
+    int idp_flags;
+    int idp_reasons;
+    /* CRL and base CRL numbers for delta processing */
+    ASN1_INTEGER *crl_number;
+    ASN1_INTEGER *base_crl_number;
+    STACK_OF(GENERAL_NAMES) *issuers;
+    /* hash of CRL */
+    unsigned char sha1_hash[SHA_DIGEST_LENGTH];
+    /* alternative method to handle this CRL */
+    const X509_CRL_METHOD *meth;
+    void *meth_data;
+    CRYPTO_RWLOCK *lock;
+};
+
+struct x509_revoked_st {
+    ASN1_INTEGER serialNumber; /* revoked entry serial number */
+    ASN1_TIME *revocationDate;  /* revocation date */
+    STACK_OF(X509_EXTENSION) *extensions;   /* CRL entry extensions: optional */
+    /* decoded value of CRLissuer extension: set if indirect CRL */
+    STACK_OF(GENERAL_NAME) *issuer;
+    /* revocation reason: set to CRL_REASON_NONE if reason extension absent */
+    int reason;
+    /*
+     * CRL entries are reordered for faster lookup of serial numbers. This
+     * field contains the original load sequence for this entry.
+     */
+    int sequence;
+};
+
+/*
+ * This stuff is certificate "auxiliary info": it contains details which are
+ * useful in certificate stores and databases. When used this is tagged onto
+ * the end of the certificate itself. OpenSSL specific structure not defined
+ * in any RFC.
+ */
+
+struct x509_cert_aux_st {
+    STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */
+    STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */
+    ASN1_UTF8STRING *alias;     /* "friendly name" */
+    ASN1_OCTET_STRING *keyid;   /* key id of private key */
+    STACK_OF(X509_ALGOR) *other; /* other unspecified info */
+};
+
+struct x509_cinf_st {
+    ASN1_INTEGER *version;      /* [ 0 ] default of v1 */
+    ASN1_INTEGER serialNumber;
+    X509_ALGOR signature;
+    X509_NAME *issuer;
+    X509_VAL validity;
+    X509_NAME *subject;
+    X509_PUBKEY *key;
+    ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */
+    ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */
+    STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */
+    ASN1_ENCODING enc;
+};
+
+struct x509_st {
+    X509_CINF cert_info;
+    X509_ALGOR sig_alg;
+    ASN1_BIT_STRING signature;
+    X509_SIG_INFO siginf;
+    CRYPTO_REF_COUNT references;
+    CRYPTO_EX_DATA ex_data;
+    /* These contain copies of various extension values */
+    long ex_pathlen;
+    long ex_pcpathlen;
+    uint32_t ex_flags;
+    uint32_t ex_kusage;
+    uint32_t ex_xkusage;
+    uint32_t ex_nscert;
+    ASN1_OCTET_STRING *skid;
+    AUTHORITY_KEYID *akid;
+    X509_POLICY_CACHE *policy_cache;
+    STACK_OF(DIST_POINT) *crldp;
+    STACK_OF(GENERAL_NAME) *altname;
+    NAME_CONSTRAINTS *nc;
+#ifndef OPENSSL_NO_RFC3779
+    STACK_OF(IPAddressFamily) *rfc3779_addr;
+    struct ASIdentifiers_st *rfc3779_asid;
+# endif
+    unsigned char sha1_hash[SHA_DIGEST_LENGTH];
+    X509_CERT_AUX *aux;
+    CRYPTO_RWLOCK *lock;
+    volatile int ex_cached;
+} /* X509 */ ;
+
+/*
+ * This is a used when verifying cert chains.  Since the gathering of the
+ * cert chain can take some time (and have to be 'retried', this needs to be
+ * kept and passed around.
+ */
+struct x509_store_ctx_st {      /* X509_STORE_CTX */
+    X509_STORE *ctx;
+    /* The following are set by the caller */
+    /* The cert to check */
+    X509 *cert;
+    /* chain of X509s - untrusted - passed in */
+    STACK_OF(X509) *untrusted;
+    /* set of CRLs passed in */
+    STACK_OF(X509_CRL) *crls;
+    X509_VERIFY_PARAM *param;
+    /* Other info for use with get_issuer() */
+    void *other_ctx;
+    /* Callbacks for various operations */
+    /* called to verify a certificate */
+    int (*verify) (X509_STORE_CTX *ctx);
+    /* error callback */
+    int (*verify_cb) (int ok, X509_STORE_CTX *ctx);
+    /* get issuers cert from ctx */
+    int (*get_issuer) (X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
+    /* check issued */
+    int (*check_issued) (X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
+    /* Check revocation status of chain */
+    int (*check_revocation) (X509_STORE_CTX *ctx);
+    /* retrieve CRL */
+    int (*get_crl) (X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x);
+    /* Check CRL validity */
+    int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl);
+    /* Check certificate against CRL */
+    int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x);
+    /* Check policy status of the chain */
+    int (*check_policy) (X509_STORE_CTX *ctx);
+    STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm);
+    STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm);
+    int (*cleanup) (X509_STORE_CTX *ctx);
+    /* The following is built up */
+    /* if 0, rebuild chain */
+    int valid;
+    /* number of untrusted certs */
+    int num_untrusted;
+    /* chain of X509s - built up and trusted */
+    STACK_OF(X509) *chain;
+    /* Valid policy tree */
+    X509_POLICY_TREE *tree;
+    /* Require explicit policy value */
+    int explicit_policy;
+    /* When something goes wrong, this is why */
+    int error_depth;
+    int error;
+    X509 *current_cert;
+    /* cert currently being tested as valid issuer */
+    X509 *current_issuer;
+    /* current CRL */
+    X509_CRL *current_crl;
+    /* score of current CRL */
+    int current_crl_score;
+    /* Reason mask */
+    unsigned int current_reasons;
+    /* For CRL path validation: parent context */
+    X509_STORE_CTX *parent;
+    CRYPTO_EX_DATA ex_data;
+    SSL_DANE *dane;
+    /* signed via bare TA public key, rather than CA certificate */
+    int bare_ta_signed;
+};
+
+/* PKCS#8 private key info structure */
+
+struct pkcs8_priv_key_info_st {
+    ASN1_INTEGER *version;
+    X509_ALGOR *pkeyalg;
+    ASN1_OCTET_STRING *pkey;
+    STACK_OF(X509_ATTRIBUTE) *attributes;
+};
+
+struct X509_sig_st {
+    X509_ALGOR *algor;
+    ASN1_OCTET_STRING *digest;
+};
+
+struct x509_object_st {
+    /* one of the above types */
+    X509_LOOKUP_TYPE type;
+    union {
+        char *ptr;
+        X509 *x509;
+        X509_CRL *crl;
+        EVP_PKEY *pkey;
+    } data;
+};
+
+int a2i_ipadd(unsigned char *ipout, const char *ipasc);
+int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm);
+
+void x509_init_sig_info(X509 *x);
diff --git a/freebsd/crypto/openssl/crypto/init.c b/freebsd/crypto/openssl/crypto/init.c
new file mode 100644
index 00000000..cb32ff72
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/init.c
@@ -0,0 +1,797 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include "internal/cryptlib_int.h"
+#include <openssl/err.h>
+#include "internal/rand_int.h"
+#include "internal/bio.h"
+#include <openssl/evp.h>
+#include "internal/evp_int.h"
+#include "internal/conf.h"
+#include "internal/async.h"
+#include "internal/engine.h"
+#include "internal/comp.h"
+#include "internal/err.h"
+#include "internal/err_int.h"
+#include "internal/objects.h"
+#include <stdlib.h>
+#include <assert.h>
+#include "internal/thread_once.h"
+#include "internal/dso_conf.h"
+#include "internal/dso.h"
+#include "internal/store.h"
+
+static int stopped = 0;
+
+/*
+ * Since per-thread-specific-data destructors are not universally
+ * available, i.e. not on Windows, only below CRYPTO_THREAD_LOCAL key
+ * is assumed to have destructor associated. And then an effort is made
+ * to call this single destructor on non-pthread platform[s].
+ *
+ * Initial value is "impossible". It is used as guard value to shortcut
+ * destructor for threads terminating before libcrypto is initialized or
+ * after it's de-initialized. Access to the key doesn't have to be
+ * serialized for the said threads, because they didn't use libcrypto
+ * and it doesn't matter if they pick "impossible" or derefernce real
+ * key value and pull NULL past initialization in the first thread that
+ * intends to use libcrypto.
+ */
+static union {
+    long sane;
+    CRYPTO_THREAD_LOCAL value;
+} destructor_key = { -1 };
+
+static void ossl_init_thread_stop(struct thread_local_inits_st *locals);
+
+static void ossl_init_thread_destructor(void *local)
+{
+    ossl_init_thread_stop((struct thread_local_inits_st *)local);
+}
+
+static struct thread_local_inits_st *ossl_init_get_thread_local(int alloc)
+{
+    struct thread_local_inits_st *local =
+        CRYPTO_THREAD_get_local(&destructor_key.value);
+
+    if (alloc) {
+        if (local == NULL
+            && (local = OPENSSL_zalloc(sizeof(*local))) != NULL
+            && !CRYPTO_THREAD_set_local(&destructor_key.value, local)) {
+            OPENSSL_free(local);
+            return NULL;
+        }
+    } else {
+        CRYPTO_THREAD_set_local(&destructor_key.value, NULL);
+    }
+
+    return local;
+}
+
+#ifndef __rtems__
+typedef struct ossl_init_stop_st OPENSSL_INIT_STOP;
+struct ossl_init_stop_st {
+    void (*handler)(void);
+    OPENSSL_INIT_STOP *next;
+};
+
+static OPENSSL_INIT_STOP *stop_handlers = NULL;
+#endif /* __rtems__ */
+static CRYPTO_RWLOCK *init_lock = NULL;
+
+static CRYPTO_ONCE base = CRYPTO_ONCE_STATIC_INIT;
+static int base_inited = 0;
+DEFINE_RUN_ONCE_STATIC(ossl_init_base)
+{
+    CRYPTO_THREAD_LOCAL key;
+
+#ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_base: Setting up stop handlers\n");
+#endif
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    ossl_malloc_setup_failures();
+#endif
+    if (!CRYPTO_THREAD_init_local(&key, ossl_init_thread_destructor))
+        return 0;
+    if ((init_lock = CRYPTO_THREAD_lock_new()) == NULL)
+        goto err;
+#ifndef OPENSSL_SYS_UEFI
+#ifndef __rtems__
+    if (atexit(OPENSSL_cleanup) != 0)
+        goto err;
+#endif /* __rtems__ */
+#endif
+    OPENSSL_cpuid_setup();
+
+    destructor_key.value = key;
+    base_inited = 1;
+    return 1;
+
+err:
+#ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_base not ok!\n");
+#endif
+    CRYPTO_THREAD_lock_free(init_lock);
+    init_lock = NULL;
+
+    CRYPTO_THREAD_cleanup_local(&key);
+    return 0;
+}
+
+static CRYPTO_ONCE load_crypto_nodelete = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_nodelete)
+{
+#ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_load_crypto_nodelete()\n");
+#endif
+#if !defined(OPENSSL_NO_DSO) && !defined(OPENSSL_USE_NODELETE)
+# ifdef DSO_WIN32
+    {
+        HMODULE handle = NULL;
+        BOOL ret;
+
+        /* We don't use the DSO route for WIN32 because there is a better way */
+        ret = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS
+                                | GET_MODULE_HANDLE_EX_FLAG_PIN,
+                                (void *)&base_inited, &handle);
+
+#  ifdef OPENSSL_INIT_DEBUG
+        fprintf(stderr, "OPENSSL_INIT: obtained DSO reference? %s\n",
+                (ret == TRUE ? "No!" : "Yes."));
+#  endif
+        return (ret == TRUE) ? 1 : 0;
+    }
+# else
+    /*
+     * Deliberately leak a reference to ourselves. This will force the library
+     * to remain loaded until the atexit() handler is run at process exit.
+     */
+    {
+        DSO *dso;
+        void *err;
+
+        if (!err_shelve_state(&err))
+            return 0;
+
+        dso = DSO_dsobyaddr(&base_inited, DSO_FLAG_NO_UNLOAD_ON_FREE);
+#  ifdef OPENSSL_INIT_DEBUG
+        fprintf(stderr, "OPENSSL_INIT: obtained DSO reference? %s\n",
+                (dso == NULL ? "No!" : "Yes."));
+        /*
+         * In case of No!, it is uncertain our exit()-handlers can still be
+         * called. After dlclose() the whole library might have been unloaded
+         * already.
+         */
+#  endif
+        DSO_free(dso);
+        err_unshelve_state(err);
+    }
+# endif
+#endif
+
+    return 1;
+}
+
+static CRYPTO_ONCE load_crypto_strings = CRYPTO_ONCE_STATIC_INIT;
+static int load_crypto_strings_inited = 0;
+DEFINE_RUN_ONCE_STATIC(ossl_init_no_load_crypto_strings)
+{
+    /* Do nothing in this case */
+    return 1;
+}
+
+DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_strings)
+{
+    int ret = 1;
+    /*
+     * OPENSSL_NO_AUTOERRINIT is provided here to prevent at compile time
+     * pulling in all the error strings during static linking
+     */
+#if !defined(OPENSSL_NO_ERR) && !defined(OPENSSL_NO_AUTOERRINIT)
+# ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_load_crypto_strings: "
+                    "err_load_crypto_strings_int()\n");
+# endif
+    ret = err_load_crypto_strings_int();
+    load_crypto_strings_inited = 1;
+#endif
+    return ret;
+}
+
+static CRYPTO_ONCE add_all_ciphers = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_ciphers)
+{
+    /*
+     * OPENSSL_NO_AUTOALGINIT is provided here to prevent at compile time
+     * pulling in all the ciphers during static linking
+     */
+#ifndef OPENSSL_NO_AUTOALGINIT
+# ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_add_all_ciphers: "
+                    "openssl_add_all_ciphers_int()\n");
+# endif
+    openssl_add_all_ciphers_int();
+#endif
+    return 1;
+}
+
+static CRYPTO_ONCE add_all_digests = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_digests)
+{
+    /*
+     * OPENSSL_NO_AUTOALGINIT is provided here to prevent at compile time
+     * pulling in all the ciphers during static linking
+     */
+#ifndef OPENSSL_NO_AUTOALGINIT
+# ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_add_all_digests: "
+                    "openssl_add_all_digests()\n");
+# endif
+    openssl_add_all_digests_int();
+#endif
+    return 1;
+}
+
+DEFINE_RUN_ONCE_STATIC(ossl_init_no_add_algs)
+{
+    /* Do nothing */
+    return 1;
+}
+
+static CRYPTO_ONCE config = CRYPTO_ONCE_STATIC_INIT;
+static int config_inited = 0;
+static const char *appname;
+DEFINE_RUN_ONCE_STATIC(ossl_init_config)
+{
+#ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr,
+            "OPENSSL_INIT: ossl_init_config: openssl_config(%s)\n",
+            appname == NULL ? "NULL" : appname);
+#endif
+    openssl_config_int(appname);
+    config_inited = 1;
+    return 1;
+}
+DEFINE_RUN_ONCE_STATIC(ossl_init_no_config)
+{
+#ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr,
+            "OPENSSL_INIT: ossl_init_config: openssl_no_config_int()\n");
+#endif
+    openssl_no_config_int();
+    config_inited = 1;
+    return 1;
+}
+
+static CRYPTO_ONCE async = CRYPTO_ONCE_STATIC_INIT;
+static int async_inited = 0;
+DEFINE_RUN_ONCE_STATIC(ossl_init_async)
+{
+#ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_async: async_init()\n");
+#endif
+    if (!async_init())
+        return 0;
+    async_inited = 1;
+    return 1;
+}
+
+#ifndef OPENSSL_NO_ENGINE
+static CRYPTO_ONCE engine_openssl = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(ossl_init_engine_openssl)
+{
+# ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_openssl: "
+                    "engine_load_openssl_int()\n");
+# endif
+    engine_load_openssl_int();
+    return 1;
+}
+# ifndef OPENSSL_NO_DEVCRYPTOENG
+static CRYPTO_ONCE engine_devcrypto = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(ossl_init_engine_devcrypto)
+{
+#  ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_devcrypto: "
+                    "engine_load_devcrypto_int()\n");
+#  endif
+    engine_load_devcrypto_int();
+    return 1;
+}
+# endif
+
+# ifndef OPENSSL_NO_RDRAND
+static CRYPTO_ONCE engine_rdrand = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(ossl_init_engine_rdrand)
+{
+#  ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_rdrand: "
+                    "engine_load_rdrand_int()\n");
+#  endif
+    engine_load_rdrand_int();
+    return 1;
+}
+# endif
+#ifndef __rtems__
+static CRYPTO_ONCE engine_dynamic = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(ossl_init_engine_dynamic)
+{
+# ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_dynamic: "
+                    "engine_load_dynamic_int()\n");
+# endif
+    engine_load_dynamic_int();
+    return 1;
+}
+#endif /* __rtems__ */
+# ifndef OPENSSL_NO_STATIC_ENGINE
+#  if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
+static CRYPTO_ONCE engine_padlock = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(ossl_init_engine_padlock)
+{
+#   ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_padlock: "
+                    "engine_load_padlock_int()\n");
+#   endif
+    engine_load_padlock_int();
+    return 1;
+}
+#  endif
+#  if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
+static CRYPTO_ONCE engine_capi = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(ossl_init_engine_capi)
+{
+#   ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_capi: "
+                    "engine_load_capi_int()\n");
+#   endif
+    engine_load_capi_int();
+    return 1;
+}
+#  endif
+#  if !defined(OPENSSL_NO_AFALGENG)
+static CRYPTO_ONCE engine_afalg = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(ossl_init_engine_afalg)
+{
+#   ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_afalg: "
+                    "engine_load_afalg_int()\n");
+#   endif
+    engine_load_afalg_int();
+    return 1;
+}
+#  endif
+# endif
+#endif
+
+#ifndef OPENSSL_NO_COMP
+static CRYPTO_ONCE zlib = CRYPTO_ONCE_STATIC_INIT;
+
+static int zlib_inited = 0;
+DEFINE_RUN_ONCE_STATIC(ossl_init_zlib)
+{
+    /* Do nothing - we need to know about this for the later cleanup */
+    zlib_inited = 1;
+    return 1;
+}
+#endif
+
+static void ossl_init_thread_stop(struct thread_local_inits_st *locals)
+{
+    /* Can't do much about this */
+    if (locals == NULL)
+        return;
+
+    if (locals->async) {
+#ifdef OPENSSL_INIT_DEBUG
+        fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: "
+                        "async_delete_thread_state()\n");
+#endif
+        async_delete_thread_state();
+    }
+
+    if (locals->err_state) {
+#ifdef OPENSSL_INIT_DEBUG
+        fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: "
+                        "err_delete_thread_state()\n");
+#endif
+        err_delete_thread_state();
+    }
+
+    if (locals->rand) {
+#ifdef OPENSSL_INIT_DEBUG
+        fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: "
+                        "drbg_delete_thread_state()\n");
+#endif
+        drbg_delete_thread_state();
+    }
+
+    OPENSSL_free(locals);
+}
+
+void OPENSSL_thread_stop(void)
+{
+    if (destructor_key.sane != -1)
+        ossl_init_thread_stop(ossl_init_get_thread_local(0));
+}
+
+int ossl_init_thread_start(uint64_t opts)
+{
+    struct thread_local_inits_st *locals;
+
+    if (!OPENSSL_init_crypto(0, NULL))
+        return 0;
+
+    locals = ossl_init_get_thread_local(1);
+
+    if (locals == NULL)
+        return 0;
+
+    if (opts & OPENSSL_INIT_THREAD_ASYNC) {
+#ifdef OPENSSL_INIT_DEBUG
+        fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_start: "
+                        "marking thread for async\n");
+#endif
+        locals->async = 1;
+    }
+
+    if (opts & OPENSSL_INIT_THREAD_ERR_STATE) {
+#ifdef OPENSSL_INIT_DEBUG
+        fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_start: "
+                        "marking thread for err_state\n");
+#endif
+        locals->err_state = 1;
+    }
+
+    if (opts & OPENSSL_INIT_THREAD_RAND) {
+#ifdef OPENSSL_INIT_DEBUG
+        fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_start: "
+                        "marking thread for rand\n");
+#endif
+        locals->rand = 1;
+    }
+
+    return 1;
+}
+
+#ifndef __rtems__
+void OPENSSL_cleanup(void)
+{
+    OPENSSL_INIT_STOP *currhandler, *lasthandler;
+    CRYPTO_THREAD_LOCAL key;
+
+    /* If we've not been inited then no need to deinit */
+    if (!base_inited)
+        return;
+
+    /* Might be explicitly called and also by atexit */
+    if (stopped)
+        return;
+    stopped = 1;
+
+    /*
+     * Thread stop may not get automatically called by the thread library for
+     * the very last thread in some situations, so call it directly.
+     */
+    ossl_init_thread_stop(ossl_init_get_thread_local(0));
+
+    currhandler = stop_handlers;
+    while (currhandler != NULL) {
+        currhandler->handler();
+        lasthandler = currhandler;
+        currhandler = currhandler->next;
+        OPENSSL_free(lasthandler);
+    }
+    stop_handlers = NULL;
+
+    CRYPTO_THREAD_lock_free(init_lock);
+    init_lock = NULL;
+
+    /*
+     * We assume we are single-threaded for this function, i.e. no race
+     * conditions for the various "*_inited" vars below.
+     */
+
+#ifndef OPENSSL_NO_COMP
+    if (zlib_inited) {
+#ifdef OPENSSL_INIT_DEBUG
+        fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
+                        "comp_zlib_cleanup_int()\n");
+#endif
+        comp_zlib_cleanup_int();
+    }
+#endif
+
+    if (async_inited) {
+# ifdef OPENSSL_INIT_DEBUG
+        fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
+                        "async_deinit()\n");
+# endif
+        async_deinit();
+    }
+
+    if (load_crypto_strings_inited) {
+#ifdef OPENSSL_INIT_DEBUG
+        fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
+                        "err_free_strings_int()\n");
+#endif
+        err_free_strings_int();
+    }
+
+    key = destructor_key.value;
+    destructor_key.sane = -1;
+    CRYPTO_THREAD_cleanup_local(&key);
+
+#ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
+                    "rand_cleanup_int()\n");
+    fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
+                    "conf_modules_free_int()\n");
+#ifndef OPENSSL_NO_ENGINE
+    fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
+                    "engine_cleanup_int()\n");
+#endif
+    fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
+                    "crypto_cleanup_all_ex_data_int()\n");
+    fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
+                    "bio_sock_cleanup_int()\n");
+    fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
+                    "bio_cleanup()\n");
+    fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
+                    "evp_cleanup_int()\n");
+    fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
+                    "obj_cleanup_int()\n");
+    fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
+                    "err_cleanup()\n");
+#endif
+    /*
+     * Note that cleanup order is important:
+     * - rand_cleanup_int could call an ENGINE's RAND cleanup function so
+     * must be called before engine_cleanup_int()
+     * - ENGINEs use CRYPTO_EX_DATA and therefore, must be cleaned up
+     * before the ex data handlers are wiped in CRYPTO_cleanup_all_ex_data().
+     * - conf_modules_free_int() can end up in ENGINE code so must be called
+     * before engine_cleanup_int()
+     * - ENGINEs and additional EVP algorithms might use added OIDs names so
+     * obj_cleanup_int() must be called last
+     */
+    rand_cleanup_int();
+    rand_drbg_cleanup_int();
+    conf_modules_free_int();
+#ifndef OPENSSL_NO_ENGINE
+    engine_cleanup_int();
+#endif
+    ossl_store_cleanup_int();
+    crypto_cleanup_all_ex_data_int();
+    bio_cleanup();
+    evp_cleanup_int();
+    obj_cleanup_int();
+    err_cleanup();
+
+    CRYPTO_secure_malloc_done();
+
+    base_inited = 0;
+}
+#endif /* __rtems__ */
+
+/*
+ * If this function is called with a non NULL settings value then it must be
+ * called prior to any threads making calls to any OpenSSL functions,
+ * i.e. passing a non-null settings value is assumed to be single-threaded.
+ */
+int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
+{
+    if (stopped) {
+        if (!(opts & OPENSSL_INIT_BASE_ONLY))
+            CRYPTOerr(CRYPTO_F_OPENSSL_INIT_CRYPTO, ERR_R_INIT_FAIL);
+        return 0;
+    }
+
+    if (!RUN_ONCE(&base, ossl_init_base))
+        return 0;
+
+    if (!(opts & OPENSSL_INIT_BASE_ONLY)
+            && !RUN_ONCE(&load_crypto_nodelete,
+                         ossl_init_load_crypto_nodelete))
+        return 0;
+
+    if ((opts & OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS)
+            && !RUN_ONCE(&load_crypto_strings,
+                         ossl_init_no_load_crypto_strings))
+        return 0;
+
+    if ((opts & OPENSSL_INIT_LOAD_CRYPTO_STRINGS)
+            && !RUN_ONCE(&load_crypto_strings, ossl_init_load_crypto_strings))
+        return 0;
+
+    if ((opts & OPENSSL_INIT_NO_ADD_ALL_CIPHERS)
+            && !RUN_ONCE(&add_all_ciphers, ossl_init_no_add_algs))
+        return 0;
+
+    if ((opts & OPENSSL_INIT_ADD_ALL_CIPHERS)
+            && !RUN_ONCE(&add_all_ciphers, ossl_init_add_all_ciphers))
+        return 0;
+
+    if ((opts & OPENSSL_INIT_NO_ADD_ALL_DIGESTS)
+            && !RUN_ONCE(&add_all_digests, ossl_init_no_add_algs))
+        return 0;
+
+    if ((opts & OPENSSL_INIT_ADD_ALL_DIGESTS)
+            && !RUN_ONCE(&add_all_digests, ossl_init_add_all_digests))
+        return 0;
+
+    if ((opts & OPENSSL_INIT_ATFORK)
+            && !openssl_init_fork_handlers())
+        return 0;
+
+    if ((opts & OPENSSL_INIT_NO_LOAD_CONFIG)
+            && !RUN_ONCE(&config, ossl_init_no_config))
+        return 0;
+
+    if (opts & OPENSSL_INIT_LOAD_CONFIG) {
+        int ret;
+        CRYPTO_THREAD_write_lock(init_lock);
+        appname = (settings == NULL) ? NULL : settings->appname;
+        ret = RUN_ONCE(&config, ossl_init_config);
+        CRYPTO_THREAD_unlock(init_lock);
+        if (!ret)
+            return 0;
+    }
+
+    if ((opts & OPENSSL_INIT_ASYNC)
+            && !RUN_ONCE(&async, ossl_init_async))
+        return 0;
+
+#ifndef OPENSSL_NO_ENGINE
+    if ((opts & OPENSSL_INIT_ENGINE_OPENSSL)
+            && !RUN_ONCE(&engine_openssl, ossl_init_engine_openssl))
+        return 0;
+# if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_DEVCRYPTOENG)
+    if ((opts & OPENSSL_INIT_ENGINE_CRYPTODEV)
+            && !RUN_ONCE(&engine_devcrypto, ossl_init_engine_devcrypto))
+        return 0;
+# endif
+# ifndef OPENSSL_NO_RDRAND
+    if ((opts & OPENSSL_INIT_ENGINE_RDRAND)
+            && !RUN_ONCE(&engine_rdrand, ossl_init_engine_rdrand))
+        return 0;
+# endif
+#ifndef __rtems__
+    if ((opts & OPENSSL_INIT_ENGINE_DYNAMIC)
+            && !RUN_ONCE(&engine_dynamic, ossl_init_engine_dynamic))
+        return 0;
+#endif /* __rtems__ */
+# ifndef OPENSSL_NO_STATIC_ENGINE
+#  if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
+    if ((opts & OPENSSL_INIT_ENGINE_PADLOCK)
+            && !RUN_ONCE(&engine_padlock, ossl_init_engine_padlock))
+        return 0;
+#  endif
+#  if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
+    if ((opts & OPENSSL_INIT_ENGINE_CAPI)
+            && !RUN_ONCE(&engine_capi, ossl_init_engine_capi))
+        return 0;
+#  endif
+#  if !defined(OPENSSL_NO_AFALGENG)
+    if ((opts & OPENSSL_INIT_ENGINE_AFALG)
+            && !RUN_ONCE(&engine_afalg, ossl_init_engine_afalg))
+        return 0;
+#  endif
+# endif
+    if (opts & (OPENSSL_INIT_ENGINE_ALL_BUILTIN
+                | OPENSSL_INIT_ENGINE_OPENSSL
+                | OPENSSL_INIT_ENGINE_AFALG)) {
+        ENGINE_register_all_complete();
+    }
+#endif
+
+#ifndef OPENSSL_NO_COMP
+    if ((opts & OPENSSL_INIT_ZLIB)
+            && !RUN_ONCE(&zlib, ossl_init_zlib))
+        return 0;
+#endif
+
+    return 1;
+}
+
+#ifndef __rtems__
+int OPENSSL_atexit(void (*handler)(void))
+{
+    OPENSSL_INIT_STOP *newhand;
+
+#if !defined(OPENSSL_NO_DSO) && !defined(OPENSSL_USE_NODELETE)
+    {
+        union {
+            void *sym;
+            void (*func)(void);
+        } handlersym;
+
+        handlersym.func = handler;
+# ifdef DSO_WIN32
+        {
+            HMODULE handle = NULL;
+            BOOL ret;
+
+            /*
+             * We don't use the DSO route for WIN32 because there is a better
+             * way
+             */
+            ret = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS
+                                    | GET_MODULE_HANDLE_EX_FLAG_PIN,
+                                    handlersym.sym, &handle);
+
+            if (!ret)
+                return 0;
+        }
+# else
+        /*
+         * Deliberately leak a reference to the handler. This will force the
+         * library/code containing the handler to remain loaded until we run the
+         * atexit handler. If -znodelete has been used then this is
+         * unnecessary.
+         */
+        {
+            DSO *dso = NULL;
+
+            ERR_set_mark();
+            dso = DSO_dsobyaddr(handlersym.sym, DSO_FLAG_NO_UNLOAD_ON_FREE);
+#  ifdef OPENSSL_INIT_DEBUG
+            fprintf(stderr,
+                    "OPENSSL_INIT: OPENSSL_atexit: obtained DSO reference? %s\n",
+                    (dso == NULL ? "No!" : "Yes."));
+            /* See same code above in ossl_init_base() for an explanation. */
+#  endif
+            DSO_free(dso);
+            ERR_pop_to_mark();
+        }
+# endif
+    }
+#endif
+
+    if ((newhand = OPENSSL_malloc(sizeof(*newhand))) == NULL) {
+        CRYPTOerr(CRYPTO_F_OPENSSL_ATEXIT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    newhand->handler = handler;
+    newhand->next = stop_handlers;
+    stop_handlers = newhand;
+
+    return 1;
+}
+#endif /* __rtems__ */
+
+#ifdef OPENSSL_SYS_UNIX
+/*
+ * The following three functions are for OpenSSL developers.  This is
+ * where we set/reset state across fork (called via pthread_atfork when
+ * it exists, or manually by the application when it doesn't).
+ *
+ * WARNING!  If you put code in either OPENSSL_fork_parent or
+ * OPENSSL_fork_child, you MUST MAKE SURE that they are async-signal-
+ * safe.  See this link, for example:
+ *      http://man7.org/linux/man-pages/man7/signal-safety.7.html
+ */
+
+void OPENSSL_fork_prepare(void)
+{
+}
+
+void OPENSSL_fork_parent(void)
+{
+}
+
+void OPENSSL_fork_child(void)
+{
+    rand_fork();
+}
+#endif
diff --git a/freebsd/crypto/openssl/crypto/kdf/hkdf.c b/freebsd/crypto/openssl/crypto/kdf/hkdf.c
new file mode 100644
index 00000000..4b452a8d
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/kdf/hkdf.c
@@ -0,0 +1,342 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/hmac.h>
+#include <openssl/kdf.h>
+#include <openssl/evp.h>
+#include "internal/cryptlib.h"
+#include "internal/evp_int.h"
+
+#define HKDF_MAXBUF 1024
+
+static unsigned char *HKDF(const EVP_MD *evp_md,
+                           const unsigned char *salt, size_t salt_len,
+                           const unsigned char *key, size_t key_len,
+                           const unsigned char *info, size_t info_len,
+                           unsigned char *okm, size_t okm_len);
+
+static unsigned char *HKDF_Extract(const EVP_MD *evp_md,
+                                   const unsigned char *salt, size_t salt_len,
+                                   const unsigned char *key, size_t key_len,
+                                   unsigned char *prk, size_t *prk_len);
+
+static unsigned char *HKDF_Expand(const EVP_MD *evp_md,
+                                  const unsigned char *prk, size_t prk_len,
+                                  const unsigned char *info, size_t info_len,
+                                  unsigned char *okm, size_t okm_len);
+
+typedef struct {
+    int mode;
+    const EVP_MD *md;
+    unsigned char *salt;
+    size_t salt_len;
+    unsigned char *key;
+    size_t key_len;
+    unsigned char info[HKDF_MAXBUF];
+    size_t info_len;
+} HKDF_PKEY_CTX;
+
+static int pkey_hkdf_init(EVP_PKEY_CTX *ctx)
+{
+    HKDF_PKEY_CTX *kctx;
+
+    if ((kctx = OPENSSL_zalloc(sizeof(*kctx))) == NULL) {
+        KDFerr(KDF_F_PKEY_HKDF_INIT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    ctx->data = kctx;
+
+    return 1;
+}
+
+static void pkey_hkdf_cleanup(EVP_PKEY_CTX *ctx)
+{
+    HKDF_PKEY_CTX *kctx = ctx->data;
+    OPENSSL_clear_free(kctx->salt, kctx->salt_len);
+    OPENSSL_clear_free(kctx->key, kctx->key_len);
+    OPENSSL_cleanse(kctx->info, kctx->info_len);
+    OPENSSL_free(kctx);
+}
+
+static int pkey_hkdf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    HKDF_PKEY_CTX *kctx = ctx->data;
+
+    switch (type) {
+    case EVP_PKEY_CTRL_HKDF_MD:
+        if (p2 == NULL)
+            return 0;
+
+        kctx->md = p2;
+        return 1;
+
+    case EVP_PKEY_CTRL_HKDF_MODE:
+        kctx->mode = p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_HKDF_SALT:
+        if (p1 == 0 || p2 == NULL)
+            return 1;
+
+        if (p1 < 0)
+            return 0;
+
+        if (kctx->salt != NULL)
+            OPENSSL_clear_free(kctx->salt, kctx->salt_len);
+
+        kctx->salt = OPENSSL_memdup(p2, p1);
+        if (kctx->salt == NULL)
+            return 0;
+
+        kctx->salt_len = p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_HKDF_KEY:
+        if (p1 < 0)
+            return 0;
+
+        if (kctx->key != NULL)
+            OPENSSL_clear_free(kctx->key, kctx->key_len);
+
+        kctx->key = OPENSSL_memdup(p2, p1);
+        if (kctx->key == NULL)
+            return 0;
+
+        kctx->key_len  = p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_HKDF_INFO:
+        if (p1 == 0 || p2 == NULL)
+            return 1;
+
+        if (p1 < 0 || p1 > (int)(HKDF_MAXBUF - kctx->info_len))
+            return 0;
+
+        memcpy(kctx->info + kctx->info_len, p2, p1);
+        kctx->info_len += p1;
+        return 1;
+
+    default:
+        return -2;
+
+    }
+}
+
+static int pkey_hkdf_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
+                              const char *value)
+{
+    if (strcmp(type, "mode") == 0) {
+        int mode;
+
+        if (strcmp(value, "EXTRACT_AND_EXPAND") == 0)
+            mode = EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND;
+        else if (strcmp(value, "EXTRACT_ONLY") == 0)
+            mode = EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY;
+        else if (strcmp(value, "EXPAND_ONLY") == 0)
+            mode = EVP_PKEY_HKDEF_MODE_EXPAND_ONLY;
+        else
+            return 0;
+
+        return EVP_PKEY_CTX_hkdf_mode(ctx, mode);
+    }
+
+    if (strcmp(type, "md") == 0)
+        return EVP_PKEY_CTX_md(ctx, EVP_PKEY_OP_DERIVE,
+                               EVP_PKEY_CTRL_HKDF_MD, value);
+
+    if (strcmp(type, "salt") == 0)
+        return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_HKDF_SALT, value);
+
+    if (strcmp(type, "hexsalt") == 0)
+        return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_HKDF_SALT, value);
+
+    if (strcmp(type, "key") == 0)
+        return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_HKDF_KEY, value);
+
+    if (strcmp(type, "hexkey") == 0)
+        return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_HKDF_KEY, value);
+
+    if (strcmp(type, "info") == 0)
+        return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_HKDF_INFO, value);
+
+    if (strcmp(type, "hexinfo") == 0)
+        return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_HKDF_INFO, value);
+
+    KDFerr(KDF_F_PKEY_HKDF_CTRL_STR, KDF_R_UNKNOWN_PARAMETER_TYPE);
+    return -2;
+}
+
+static int pkey_hkdf_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
+                            size_t *keylen)
+{
+    HKDF_PKEY_CTX *kctx = ctx->data;
+
+    if (kctx->md == NULL) {
+        KDFerr(KDF_F_PKEY_HKDF_DERIVE, KDF_R_MISSING_MESSAGE_DIGEST);
+        return 0;
+    }
+    if (kctx->key == NULL) {
+        KDFerr(KDF_F_PKEY_HKDF_DERIVE, KDF_R_MISSING_KEY);
+        return 0;
+    }
+
+    switch (kctx->mode) {
+    case EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND:
+        return HKDF(kctx->md, kctx->salt, kctx->salt_len, kctx->key,
+                    kctx->key_len, kctx->info, kctx->info_len, key,
+                    *keylen) != NULL;
+
+    case EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY:
+        if (key == NULL) {
+            *keylen = EVP_MD_size(kctx->md);
+            return 1;
+        }
+        return HKDF_Extract(kctx->md, kctx->salt, kctx->salt_len, kctx->key,
+                            kctx->key_len, key, keylen) != NULL;
+
+    case EVP_PKEY_HKDEF_MODE_EXPAND_ONLY:
+        return HKDF_Expand(kctx->md, kctx->key, kctx->key_len, kctx->info,
+                           kctx->info_len, key, *keylen) != NULL;
+
+    default:
+        return 0;
+    }
+}
+
+const EVP_PKEY_METHOD hkdf_pkey_meth = {
+    EVP_PKEY_HKDF,
+    0,
+    pkey_hkdf_init,
+    0,
+    pkey_hkdf_cleanup,
+
+    0, 0,
+    0, 0,
+
+    0,
+    0,
+
+    0,
+    0,
+
+    0, 0,
+
+    0, 0, 0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    0,
+    pkey_hkdf_derive,
+    pkey_hkdf_ctrl,
+    pkey_hkdf_ctrl_str
+};
+
+static unsigned char *HKDF(const EVP_MD *evp_md,
+                           const unsigned char *salt, size_t salt_len,
+                           const unsigned char *key, size_t key_len,
+                           const unsigned char *info, size_t info_len,
+                           unsigned char *okm, size_t okm_len)
+{
+    unsigned char prk[EVP_MAX_MD_SIZE];
+    unsigned char *ret;
+    size_t prk_len;
+
+    if (!HKDF_Extract(evp_md, salt, salt_len, key, key_len, prk, &prk_len))
+        return NULL;
+
+    ret = HKDF_Expand(evp_md, prk, prk_len, info, info_len, okm, okm_len);
+    OPENSSL_cleanse(prk, sizeof(prk));
+
+    return ret;
+}
+
+static unsigned char *HKDF_Extract(const EVP_MD *evp_md,
+                                   const unsigned char *salt, size_t salt_len,
+                                   const unsigned char *key, size_t key_len,
+                                   unsigned char *prk, size_t *prk_len)
+{
+    unsigned int tmp_len;
+
+    if (!HMAC(evp_md, salt, salt_len, key, key_len, prk, &tmp_len))
+        return NULL;
+
+    *prk_len = tmp_len;
+    return prk;
+}
+
+static unsigned char *HKDF_Expand(const EVP_MD *evp_md,
+                                  const unsigned char *prk, size_t prk_len,
+                                  const unsigned char *info, size_t info_len,
+                                  unsigned char *okm, size_t okm_len)
+{
+    HMAC_CTX *hmac;
+    unsigned char *ret = NULL;
+
+    unsigned int i;
+
+    unsigned char prev[EVP_MAX_MD_SIZE];
+
+    size_t done_len = 0, dig_len = EVP_MD_size(evp_md);
+
+    size_t n = okm_len / dig_len;
+    if (okm_len % dig_len)
+        n++;
+
+    if (n > 255 || okm == NULL)
+        return NULL;
+
+    if ((hmac = HMAC_CTX_new()) == NULL)
+        return NULL;
+
+    if (!HMAC_Init_ex(hmac, prk, prk_len, evp_md, NULL))
+        goto err;
+
+    for (i = 1; i <= n; i++) {
+        size_t copy_len;
+        const unsigned char ctr = i;
+
+        if (i > 1) {
+            if (!HMAC_Init_ex(hmac, NULL, 0, NULL, NULL))
+                goto err;
+
+            if (!HMAC_Update(hmac, prev, dig_len))
+                goto err;
+        }
+
+        if (!HMAC_Update(hmac, info, info_len))
+            goto err;
+
+        if (!HMAC_Update(hmac, &ctr, 1))
+            goto err;
+
+        if (!HMAC_Final(hmac, prev, NULL))
+            goto err;
+
+        copy_len = (done_len + dig_len > okm_len) ?
+                       okm_len - done_len :
+                       dig_len;
+
+        memcpy(okm + done_len, prev, copy_len);
+
+        done_len += copy_len;
+    }
+    ret = okm;
+
+ err:
+    OPENSSL_cleanse(prev, sizeof(prev));
+    HMAC_CTX_free(hmac);
+    return ret;
+}
diff --git a/freebsd/crypto/openssl/crypto/kdf/kdf_err.c b/freebsd/crypto/openssl/crypto/kdf/kdf_err.c
new file mode 100644
index 00000000..62b3352e
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/kdf/kdf_err.c
@@ -0,0 +1,69 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/kdferr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA KDF_str_functs[] = {
+    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_HKDF_CTRL_STR, 0), "pkey_hkdf_ctrl_str"},
+    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_HKDF_DERIVE, 0), "pkey_hkdf_derive"},
+    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_HKDF_INIT, 0), "pkey_hkdf_init"},
+    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_SCRYPT_CTRL_STR, 0),
+     "pkey_scrypt_ctrl_str"},
+    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_SCRYPT_CTRL_UINT64, 0),
+     "pkey_scrypt_ctrl_uint64"},
+    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_SCRYPT_DERIVE, 0), "pkey_scrypt_derive"},
+    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_SCRYPT_INIT, 0), "pkey_scrypt_init"},
+    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_SCRYPT_SET_MEMBUF, 0),
+     "pkey_scrypt_set_membuf"},
+    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_TLS1_PRF_CTRL_STR, 0),
+     "pkey_tls1_prf_ctrl_str"},
+    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_TLS1_PRF_DERIVE, 0),
+     "pkey_tls1_prf_derive"},
+    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_TLS1_PRF_INIT, 0), "pkey_tls1_prf_init"},
+    {ERR_PACK(ERR_LIB_KDF, KDF_F_TLS1_PRF_ALG, 0), "tls1_prf_alg"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA KDF_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_INVALID_DIGEST), "invalid digest"},
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_ITERATION_COUNT),
+    "missing iteration count"},
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_KEY), "missing key"},
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_MESSAGE_DIGEST),
+    "missing message digest"},
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_PARAMETER), "missing parameter"},
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_PASS), "missing pass"},
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_SALT), "missing salt"},
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_SECRET), "missing secret"},
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_SEED), "missing seed"},
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_UNKNOWN_PARAMETER_TYPE),
+    "unknown parameter type"},
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_VALUE_ERROR), "value error"},
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_VALUE_MISSING), "value missing"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_KDF_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(KDF_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(KDF_str_functs);
+        ERR_load_strings_const(KDF_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/freebsd/crypto/openssl/crypto/kdf/scrypt.c b/freebsd/crypto/openssl/crypto/kdf/scrypt.c
new file mode 100644
index 00000000..526c8328
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/kdf/scrypt.c
@@ -0,0 +1,268 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/hmac.h>
+#include <openssl/kdf.h>
+#include <openssl/evp.h>
+#include "internal/cryptlib.h"
+#include "internal/evp_int.h"
+
+#ifndef OPENSSL_NO_SCRYPT
+
+static int atou64(const char *nptr, uint64_t *result);
+
+typedef struct {
+    unsigned char *pass;
+    size_t pass_len;
+    unsigned char *salt;
+    size_t salt_len;
+    uint64_t N, r, p;
+    uint64_t maxmem_bytes;
+} SCRYPT_PKEY_CTX;
+
+/* Custom uint64_t parser since we do not have strtoull */
+static int atou64(const char *nptr, uint64_t *result)
+{
+    uint64_t value = 0;
+
+    while (*nptr) {
+        unsigned int digit;
+        uint64_t new_value;
+
+        if ((*nptr < '0') || (*nptr > '9')) {
+            return 0;
+        }
+        digit = (unsigned int)(*nptr - '0');
+        new_value = (value * 10) + digit;
+        if ((new_value < digit) || ((new_value - digit) / 10 != value)) {
+            /* Overflow */
+            return 0;
+        }
+        value = new_value;
+        nptr++;
+    }
+    *result = value;
+    return 1;
+}
+
+static int pkey_scrypt_init(EVP_PKEY_CTX *ctx)
+{
+    SCRYPT_PKEY_CTX *kctx;
+
+    kctx = OPENSSL_zalloc(sizeof(*kctx));
+    if (kctx == NULL) {
+        KDFerr(KDF_F_PKEY_SCRYPT_INIT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    /* Default values are the most conservative recommendation given in the
+     * original paper of C. Percival. Derivation uses roughly 1 GiB of memory
+     * for this parameter choice (approx. 128 * r * (N + p) bytes).
+     */
+    kctx->N = 1 << 20;
+    kctx->r = 8;
+    kctx->p = 1;
+    kctx->maxmem_bytes = 1025 * 1024 * 1024;
+
+    ctx->data = kctx;
+
+    return 1;
+}
+
+static void pkey_scrypt_cleanup(EVP_PKEY_CTX *ctx)
+{
+    SCRYPT_PKEY_CTX *kctx = ctx->data;
+
+    OPENSSL_clear_free(kctx->salt, kctx->salt_len);
+    OPENSSL_clear_free(kctx->pass, kctx->pass_len);
+    OPENSSL_free(kctx);
+}
+
+static int pkey_scrypt_set_membuf(unsigned char **buffer, size_t *buflen,
+                                  const unsigned char *new_buffer,
+                                  const int new_buflen)
+{
+    if (new_buffer == NULL)
+        return 1;
+
+    if (new_buflen < 0)
+        return 0;
+
+    if (*buffer != NULL)
+        OPENSSL_clear_free(*buffer, *buflen);
+
+    if (new_buflen > 0) {
+        *buffer = OPENSSL_memdup(new_buffer, new_buflen);
+    } else {
+        *buffer = OPENSSL_malloc(1);
+    }
+    if (*buffer == NULL) {
+        KDFerr(KDF_F_PKEY_SCRYPT_SET_MEMBUF, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    *buflen = new_buflen;
+    return 1;
+}
+
+static int is_power_of_two(uint64_t value)
+{
+    return (value != 0) && ((value & (value - 1)) == 0);
+}
+
+static int pkey_scrypt_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    SCRYPT_PKEY_CTX *kctx = ctx->data;
+    uint64_t u64_value;
+
+    switch (type) {
+    case EVP_PKEY_CTRL_PASS:
+        return pkey_scrypt_set_membuf(&kctx->pass, &kctx->pass_len, p2, p1);
+
+    case EVP_PKEY_CTRL_SCRYPT_SALT:
+        return pkey_scrypt_set_membuf(&kctx->salt, &kctx->salt_len, p2, p1);
+
+    case EVP_PKEY_CTRL_SCRYPT_N:
+        u64_value = *((uint64_t *)p2);
+        if ((u64_value <= 1) || !is_power_of_two(u64_value))
+            return 0;
+        kctx->N = u64_value;
+        return 1;
+
+    case EVP_PKEY_CTRL_SCRYPT_R:
+        u64_value = *((uint64_t *)p2);
+        if (u64_value < 1)
+            return 0;
+        kctx->r = u64_value;
+        return 1;
+
+    case EVP_PKEY_CTRL_SCRYPT_P:
+        u64_value = *((uint64_t *)p2);
+        if (u64_value < 1)
+            return 0;
+        kctx->p = u64_value;
+        return 1;
+
+    case EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES:
+        u64_value = *((uint64_t *)p2);
+        if (u64_value < 1)
+            return 0;
+        kctx->maxmem_bytes = u64_value;
+        return 1;
+
+    default:
+        return -2;
+
+    }
+}
+
+static int pkey_scrypt_ctrl_uint64(EVP_PKEY_CTX *ctx, int type,
+                                   const char *value)
+{
+    uint64_t int_value;
+
+    if (!atou64(value, &int_value)) {
+        KDFerr(KDF_F_PKEY_SCRYPT_CTRL_UINT64, KDF_R_VALUE_ERROR);
+        return 0;
+    }
+    return pkey_scrypt_ctrl(ctx, type, 0, &int_value);
+}
+
+static int pkey_scrypt_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
+                                const char *value)
+{
+    if (value == NULL) {
+        KDFerr(KDF_F_PKEY_SCRYPT_CTRL_STR, KDF_R_VALUE_MISSING);
+        return 0;
+    }
+
+    if (strcmp(type, "pass") == 0)
+        return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_PASS, value);
+
+    if (strcmp(type, "hexpass") == 0)
+        return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_PASS, value);
+
+    if (strcmp(type, "salt") == 0)
+        return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_SCRYPT_SALT, value);
+
+    if (strcmp(type, "hexsalt") == 0)
+        return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_SCRYPT_SALT, value);
+
+    if (strcmp(type, "N") == 0)
+        return pkey_scrypt_ctrl_uint64(ctx, EVP_PKEY_CTRL_SCRYPT_N, value);
+
+    if (strcmp(type, "r") == 0)
+        return pkey_scrypt_ctrl_uint64(ctx, EVP_PKEY_CTRL_SCRYPT_R, value);
+
+    if (strcmp(type, "p") == 0)
+        return pkey_scrypt_ctrl_uint64(ctx, EVP_PKEY_CTRL_SCRYPT_P, value);
+
+    if (strcmp(type, "maxmem_bytes") == 0)
+        return pkey_scrypt_ctrl_uint64(ctx, EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES,
+                                       value);
+
+    KDFerr(KDF_F_PKEY_SCRYPT_CTRL_STR, KDF_R_UNKNOWN_PARAMETER_TYPE);
+    return -2;
+}
+
+static int pkey_scrypt_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
+                              size_t *keylen)
+{
+    SCRYPT_PKEY_CTX *kctx = ctx->data;
+
+    if (kctx->pass == NULL) {
+        KDFerr(KDF_F_PKEY_SCRYPT_DERIVE, KDF_R_MISSING_PASS);
+        return 0;
+    }
+
+    if (kctx->salt == NULL) {
+        KDFerr(KDF_F_PKEY_SCRYPT_DERIVE, KDF_R_MISSING_SALT);
+        return 0;
+    }
+
+    return EVP_PBE_scrypt((char *)kctx->pass, kctx->pass_len, kctx->salt,
+                          kctx->salt_len, kctx->N, kctx->r, kctx->p,
+                          kctx->maxmem_bytes, key, *keylen);
+}
+
+const EVP_PKEY_METHOD scrypt_pkey_meth = {
+    EVP_PKEY_SCRYPT,
+    0,
+    pkey_scrypt_init,
+    0,
+    pkey_scrypt_cleanup,
+
+    0, 0,
+    0, 0,
+
+    0,
+    0,
+
+    0,
+    0,
+
+    0, 0,
+
+    0, 0, 0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    0,
+    pkey_scrypt_derive,
+    pkey_scrypt_ctrl,
+    pkey_scrypt_ctrl_str
+};
+
+#endif
diff --git a/freebsd/crypto/openssl/crypto/kdf/tls1_prf.c b/freebsd/crypto/openssl/crypto/kdf/tls1_prf.c
new file mode 100644
index 00000000..556acff7
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/kdf/tls1_prf.c
@@ -0,0 +1,280 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/kdf.h>
+#include <openssl/evp.h>
+#include "internal/evp_int.h"
+
+static int tls1_prf_alg(const EVP_MD *md,
+                        const unsigned char *sec, size_t slen,
+                        const unsigned char *seed, size_t seed_len,
+                        unsigned char *out, size_t olen);
+
+#define TLS1_PRF_MAXBUF 1024
+
+/* TLS KDF pkey context structure */
+
+typedef struct {
+    /* Digest to use for PRF */
+    const EVP_MD *md;
+    /* Secret value to use for PRF */
+    unsigned char *sec;
+    size_t seclen;
+    /* Buffer of concatenated seed data */
+    unsigned char seed[TLS1_PRF_MAXBUF];
+    size_t seedlen;
+} TLS1_PRF_PKEY_CTX;
+
+static int pkey_tls1_prf_init(EVP_PKEY_CTX *ctx)
+{
+    TLS1_PRF_PKEY_CTX *kctx;
+
+    if ((kctx = OPENSSL_zalloc(sizeof(*kctx))) == NULL) {
+        KDFerr(KDF_F_PKEY_TLS1_PRF_INIT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ctx->data = kctx;
+
+    return 1;
+}
+
+static void pkey_tls1_prf_cleanup(EVP_PKEY_CTX *ctx)
+{
+    TLS1_PRF_PKEY_CTX *kctx = ctx->data;
+    OPENSSL_clear_free(kctx->sec, kctx->seclen);
+    OPENSSL_cleanse(kctx->seed, kctx->seedlen);
+    OPENSSL_free(kctx);
+}
+
+static int pkey_tls1_prf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    TLS1_PRF_PKEY_CTX *kctx = ctx->data;
+    switch (type) {
+    case EVP_PKEY_CTRL_TLS_MD:
+        kctx->md = p2;
+        return 1;
+
+    case EVP_PKEY_CTRL_TLS_SECRET:
+        if (p1 < 0)
+            return 0;
+        if (kctx->sec != NULL)
+            OPENSSL_clear_free(kctx->sec, kctx->seclen);
+        OPENSSL_cleanse(kctx->seed, kctx->seedlen);
+        kctx->seedlen = 0;
+        kctx->sec = OPENSSL_memdup(p2, p1);
+        if (kctx->sec == NULL)
+            return 0;
+        kctx->seclen  = p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_TLS_SEED:
+        if (p1 == 0 || p2 == NULL)
+            return 1;
+        if (p1 < 0 || p1 > (int)(TLS1_PRF_MAXBUF - kctx->seedlen))
+            return 0;
+        memcpy(kctx->seed + kctx->seedlen, p2, p1);
+        kctx->seedlen += p1;
+        return 1;
+
+    default:
+        return -2;
+
+    }
+}
+
+static int pkey_tls1_prf_ctrl_str(EVP_PKEY_CTX *ctx,
+                                  const char *type, const char *value)
+{
+    if (value == NULL) {
+        KDFerr(KDF_F_PKEY_TLS1_PRF_CTRL_STR, KDF_R_VALUE_MISSING);
+        return 0;
+    }
+    if (strcmp(type, "md") == 0) {
+        TLS1_PRF_PKEY_CTX *kctx = ctx->data;
+
+        const EVP_MD *md = EVP_get_digestbyname(value);
+        if (md == NULL) {
+            KDFerr(KDF_F_PKEY_TLS1_PRF_CTRL_STR, KDF_R_INVALID_DIGEST);
+            return 0;
+        }
+        kctx->md = md;
+        return 1;
+    }
+    if (strcmp(type, "secret") == 0)
+        return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_TLS_SECRET, value);
+    if (strcmp(type, "hexsecret") == 0)
+        return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_TLS_SECRET, value);
+    if (strcmp(type, "seed") == 0)
+        return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_TLS_SEED, value);
+    if (strcmp(type, "hexseed") == 0)
+        return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_TLS_SEED, value);
+
+    KDFerr(KDF_F_PKEY_TLS1_PRF_CTRL_STR, KDF_R_UNKNOWN_PARAMETER_TYPE);
+    return -2;
+}
+
+static int pkey_tls1_prf_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
+                                size_t *keylen)
+{
+    TLS1_PRF_PKEY_CTX *kctx = ctx->data;
+    if (kctx->md == NULL) {
+        KDFerr(KDF_F_PKEY_TLS1_PRF_DERIVE, KDF_R_MISSING_MESSAGE_DIGEST);
+        return 0;
+    }
+    if (kctx->sec == NULL) {
+        KDFerr(KDF_F_PKEY_TLS1_PRF_DERIVE, KDF_R_MISSING_SECRET);
+        return 0;
+    }
+    if (kctx->seedlen == 0) {
+        KDFerr(KDF_F_PKEY_TLS1_PRF_DERIVE, KDF_R_MISSING_SEED);
+        return 0;
+    }
+    return tls1_prf_alg(kctx->md, kctx->sec, kctx->seclen,
+                        kctx->seed, kctx->seedlen,
+                        key, *keylen);
+}
+
+const EVP_PKEY_METHOD tls1_prf_pkey_meth = {
+    EVP_PKEY_TLS1_PRF,
+    0,
+    pkey_tls1_prf_init,
+    0,
+    pkey_tls1_prf_cleanup,
+
+    0, 0,
+    0, 0,
+
+    0,
+    0,
+
+    0,
+    0,
+
+    0, 0,
+
+    0, 0, 0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    0,
+    pkey_tls1_prf_derive,
+    pkey_tls1_prf_ctrl,
+    pkey_tls1_prf_ctrl_str
+};
+
+static int tls1_prf_P_hash(const EVP_MD *md,
+                           const unsigned char *sec, size_t sec_len,
+                           const unsigned char *seed, size_t seed_len,
+                           unsigned char *out, size_t olen)
+{
+    int chunk;
+    EVP_MD_CTX *ctx = NULL, *ctx_tmp = NULL, *ctx_init = NULL;
+    EVP_PKEY *mac_key = NULL;
+    unsigned char A1[EVP_MAX_MD_SIZE];
+    size_t A1_len;
+    int ret = 0;
+
+    chunk = EVP_MD_size(md);
+    if (!ossl_assert(chunk > 0))
+        goto err;
+
+    ctx = EVP_MD_CTX_new();
+    ctx_tmp = EVP_MD_CTX_new();
+    ctx_init = EVP_MD_CTX_new();
+    if (ctx == NULL || ctx_tmp == NULL || ctx_init == NULL)
+        goto err;
+    EVP_MD_CTX_set_flags(ctx_init, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+    mac_key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, sec, sec_len);
+    if (mac_key == NULL)
+        goto err;
+    if (!EVP_DigestSignInit(ctx_init, NULL, md, NULL, mac_key))
+        goto err;
+    if (!EVP_MD_CTX_copy_ex(ctx, ctx_init))
+        goto err;
+    if (seed != NULL && !EVP_DigestSignUpdate(ctx, seed, seed_len))
+        goto err;
+    if (!EVP_DigestSignFinal(ctx, A1, &A1_len))
+        goto err;
+
+    for (;;) {
+        /* Reinit mac contexts */
+        if (!EVP_MD_CTX_copy_ex(ctx, ctx_init))
+            goto err;
+        if (!EVP_DigestSignUpdate(ctx, A1, A1_len))
+            goto err;
+        if (olen > (size_t)chunk && !EVP_MD_CTX_copy_ex(ctx_tmp, ctx))
+            goto err;
+        if (seed && !EVP_DigestSignUpdate(ctx, seed, seed_len))
+            goto err;
+
+        if (olen > (size_t)chunk) {
+            size_t mac_len;
+            if (!EVP_DigestSignFinal(ctx, out, &mac_len))
+                goto err;
+            out += mac_len;
+            olen -= mac_len;
+            /* calc the next A1 value */
+            if (!EVP_DigestSignFinal(ctx_tmp, A1, &A1_len))
+                goto err;
+        } else {                /* last one */
+
+            if (!EVP_DigestSignFinal(ctx, A1, &A1_len))
+                goto err;
+            memcpy(out, A1, olen);
+            break;
+        }
+    }
+    ret = 1;
+ err:
+    EVP_PKEY_free(mac_key);
+    EVP_MD_CTX_free(ctx);
+    EVP_MD_CTX_free(ctx_tmp);
+    EVP_MD_CTX_free(ctx_init);
+    OPENSSL_cleanse(A1, sizeof(A1));
+    return ret;
+}
+
+static int tls1_prf_alg(const EVP_MD *md,
+                        const unsigned char *sec, size_t slen,
+                        const unsigned char *seed, size_t seed_len,
+                        unsigned char *out, size_t olen)
+{
+
+    if (EVP_MD_type(md) == NID_md5_sha1) {
+        size_t i;
+        unsigned char *tmp;
+        if (!tls1_prf_P_hash(EVP_md5(), sec, slen/2 + (slen & 1),
+                         seed, seed_len, out, olen))
+            return 0;
+
+        if ((tmp = OPENSSL_malloc(olen)) == NULL) {
+            KDFerr(KDF_F_TLS1_PRF_ALG, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        if (!tls1_prf_P_hash(EVP_sha1(), sec + slen/2, slen/2 + (slen & 1),
+                         seed, seed_len, tmp, olen)) {
+            OPENSSL_clear_free(tmp, olen);
+            return 0;
+        }
+        for (i = 0; i < olen; i++)
+            out[i] ^= tmp[i];
+        OPENSSL_clear_free(tmp, olen);
+        return 1;
+    }
+    if (!tls1_prf_P_hash(md, sec, slen, seed, seed_len, out, olen))
+        return 0;
+
+    return 1;
+}
diff --git a/freebsd/crypto/openssl/crypto/krb5/krb5_asn.c b/freebsd/crypto/openssl/crypto/krb5/krb5_asn.c
deleted file mode 100644
index d9af9b41..00000000
--- a/freebsd/crypto/openssl/crypto/krb5/krb5_asn.c
+++ /dev/null
@@ -1,164 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* krb5_asn.c */
-/*
- * Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project, **
- * using ocsp/{*.h,*asn*.c} as a starting point
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/krb5_asn.h>
-
-
-ASN1_SEQUENCE(KRB5_ENCDATA) = {
-        ASN1_EXP(KRB5_ENCDATA, etype,           ASN1_INTEGER,     0),
-        ASN1_EXP_OPT(KRB5_ENCDATA, kvno,        ASN1_INTEGER,     1),
-        ASN1_EXP(KRB5_ENCDATA, cipher,          ASN1_OCTET_STRING,2)
-} ASN1_SEQUENCE_END(KRB5_ENCDATA)
-
-IMPLEMENT_ASN1_FUNCTIONS(KRB5_ENCDATA)
-
-
-ASN1_SEQUENCE(KRB5_PRINCNAME) = {
-        ASN1_EXP(KRB5_PRINCNAME, nametype,      ASN1_INTEGER,     0),
-        ASN1_EXP_SEQUENCE_OF(KRB5_PRINCNAME, namestring, ASN1_GENERALSTRING, 1)
-} ASN1_SEQUENCE_END(KRB5_PRINCNAME)
-
-IMPLEMENT_ASN1_FUNCTIONS(KRB5_PRINCNAME)
-
-/* [APPLICATION 1] = 0x61 */
-ASN1_SEQUENCE(KRB5_TKTBODY) = {
-        ASN1_EXP(KRB5_TKTBODY, tktvno,          ASN1_INTEGER,     0),
-        ASN1_EXP(KRB5_TKTBODY, realm,           ASN1_GENERALSTRING, 1),
-        ASN1_EXP(KRB5_TKTBODY, sname,           KRB5_PRINCNAME,   2),
-        ASN1_EXP(KRB5_TKTBODY, encdata,         KRB5_ENCDATA,     3)
-} ASN1_SEQUENCE_END(KRB5_TKTBODY)
-
-IMPLEMENT_ASN1_FUNCTIONS(KRB5_TKTBODY)
-
-
-ASN1_ITEM_TEMPLATE(KRB5_TICKET) =
-        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 1,
-                        KRB5_TICKET, KRB5_TKTBODY)
-ASN1_ITEM_TEMPLATE_END(KRB5_TICKET)
-
-IMPLEMENT_ASN1_FUNCTIONS(KRB5_TICKET)
-
-/* [APPLICATION 14] = 0x6e */
-ASN1_SEQUENCE(KRB5_APREQBODY) = {
-        ASN1_EXP(KRB5_APREQBODY, pvno,          ASN1_INTEGER,     0),
-        ASN1_EXP(KRB5_APREQBODY, msgtype,       ASN1_INTEGER,     1),
-        ASN1_EXP(KRB5_APREQBODY, apoptions,     ASN1_BIT_STRING,  2),
-        ASN1_EXP(KRB5_APREQBODY, ticket,        KRB5_TICKET,      3),
-        ASN1_EXP(KRB5_APREQBODY, authenticator, KRB5_ENCDATA,     4),
-} ASN1_SEQUENCE_END(KRB5_APREQBODY)
-
-IMPLEMENT_ASN1_FUNCTIONS(KRB5_APREQBODY)
-
-ASN1_ITEM_TEMPLATE(KRB5_APREQ) =
-        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 14,
-                        KRB5_APREQ, KRB5_APREQBODY)
-ASN1_ITEM_TEMPLATE_END(KRB5_APREQ)
-
-IMPLEMENT_ASN1_FUNCTIONS(KRB5_APREQ)
-
-/*  Authenticator stuff         */
-
-ASN1_SEQUENCE(KRB5_CHECKSUM) = {
-        ASN1_EXP(KRB5_CHECKSUM, ctype,          ASN1_INTEGER,     0),
-        ASN1_EXP(KRB5_CHECKSUM, checksum,       ASN1_OCTET_STRING,1)
-} ASN1_SEQUENCE_END(KRB5_CHECKSUM)
-
-IMPLEMENT_ASN1_FUNCTIONS(KRB5_CHECKSUM)
-
-
-ASN1_SEQUENCE(KRB5_ENCKEY) = {
-        ASN1_EXP(KRB5_ENCKEY,   ktype,          ASN1_INTEGER,     0),
-        ASN1_EXP(KRB5_ENCKEY,   keyvalue,       ASN1_OCTET_STRING,1)
-} ASN1_SEQUENCE_END(KRB5_ENCKEY)
-
-IMPLEMENT_ASN1_FUNCTIONS(KRB5_ENCKEY)
-
-/* SEQ OF SEQ; see ASN1_EXP_SEQUENCE_OF_OPT() below */
-ASN1_SEQUENCE(KRB5_AUTHDATA) = {
-        ASN1_EXP(KRB5_AUTHDATA, adtype,         ASN1_INTEGER,     0),
-        ASN1_EXP(KRB5_AUTHDATA, addata,         ASN1_OCTET_STRING,1)
-} ASN1_SEQUENCE_END(KRB5_AUTHDATA)
-
-IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHDATA)
-
-/* [APPLICATION 2] = 0x62 */
-ASN1_SEQUENCE(KRB5_AUTHENTBODY) = {
-        ASN1_EXP(KRB5_AUTHENTBODY,      avno,   ASN1_INTEGER,     0),
-        ASN1_EXP(KRB5_AUTHENTBODY,      crealm, ASN1_GENERALSTRING, 1),
-        ASN1_EXP(KRB5_AUTHENTBODY,      cname,  KRB5_PRINCNAME,   2),
-        ASN1_EXP_OPT(KRB5_AUTHENTBODY,  cksum,  KRB5_CHECKSUM,    3),
-        ASN1_EXP(KRB5_AUTHENTBODY,      cusec,  ASN1_INTEGER,     4),
-        ASN1_EXP(KRB5_AUTHENTBODY,      ctime,  ASN1_GENERALIZEDTIME, 5),
-        ASN1_EXP_OPT(KRB5_AUTHENTBODY,  subkey, KRB5_ENCKEY,      6),
-        ASN1_EXP_OPT(KRB5_AUTHENTBODY,  seqnum, ASN1_INTEGER,     7),
-        ASN1_EXP_SEQUENCE_OF_OPT
-                    (KRB5_AUTHENTBODY,  authorization,  KRB5_AUTHDATA, 8),
-} ASN1_SEQUENCE_END(KRB5_AUTHENTBODY)
-
-IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHENTBODY)
-
-ASN1_ITEM_TEMPLATE(KRB5_AUTHENT) =
-        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 2,
-                        KRB5_AUTHENT, KRB5_AUTHENTBODY)
-ASN1_ITEM_TEMPLATE_END(KRB5_AUTHENT)
-
-IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHENT)
diff --git a/freebsd/crypto/openssl/crypto/krb5/krb5_asn.h b/freebsd/crypto/openssl/crypto/krb5/krb5_asn.h
deleted file mode 100644
index 9cf5a26d..00000000
--- a/freebsd/crypto/openssl/crypto/krb5/krb5_asn.h
+++ /dev/null
@@ -1,240 +0,0 @@
-/* krb5_asn.h */
-/*
- * Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project, **
- * using ocsp/{*.h,*asn*.c} as a starting point
- */
-
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_KRB5_ASN_H
-# define HEADER_KRB5_ASN_H
-
-/*
- * #include <krb5.h>
- */
-# include <openssl/safestack.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/*
- * ASN.1 from Kerberos RFC 1510
- */
-
-/*-     EncryptedData ::=   SEQUENCE {
- *              etype[0]                      INTEGER, -- EncryptionType
- *              kvno[1]                       INTEGER OPTIONAL,
- *              cipher[2]                     OCTET STRING -- ciphertext
- *      }
- */
-typedef struct krb5_encdata_st {
-    ASN1_INTEGER *etype;
-    ASN1_INTEGER *kvno;
-    ASN1_OCTET_STRING *cipher;
-} KRB5_ENCDATA;
-
-DECLARE_STACK_OF(KRB5_ENCDATA)
-
-/*-     PrincipalName ::=   SEQUENCE {
- *              name-type[0]                  INTEGER,
- *              name-string[1]                SEQUENCE OF GeneralString
- *      }
- */
-typedef struct krb5_princname_st {
-    ASN1_INTEGER *nametype;
-    STACK_OF(ASN1_GENERALSTRING) *namestring;
-} KRB5_PRINCNAME;
-
-DECLARE_STACK_OF(KRB5_PRINCNAME)
-
-/*-     Ticket ::=      [APPLICATION 1] SEQUENCE {
- *              tkt-vno[0]                    INTEGER,
- *              realm[1]                      Realm,
- *              sname[2]                      PrincipalName,
- *              enc-part[3]                   EncryptedData
- *      }
- */
-typedef struct krb5_tktbody_st {
-    ASN1_INTEGER *tktvno;
-    ASN1_GENERALSTRING *realm;
-    KRB5_PRINCNAME *sname;
-    KRB5_ENCDATA *encdata;
-} KRB5_TKTBODY;
-
-typedef STACK_OF(KRB5_TKTBODY) KRB5_TICKET;
-DECLARE_STACK_OF(KRB5_TKTBODY)
-
-/*-     AP-REQ ::=      [APPLICATION 14] SEQUENCE {
- *              pvno[0]                       INTEGER,
- *              msg-type[1]                   INTEGER,
- *              ap-options[2]                 APOptions,
- *              ticket[3]                     Ticket,
- *              authenticator[4]              EncryptedData
- *      }
- *
- *      APOptions ::=   BIT STRING {
- *              reserved(0), use-session-key(1), mutual-required(2) }
- */
-typedef struct krb5_ap_req_st {
-    ASN1_INTEGER *pvno;
-    ASN1_INTEGER *msgtype;
-    ASN1_BIT_STRING *apoptions;
-    KRB5_TICKET *ticket;
-    KRB5_ENCDATA *authenticator;
-} KRB5_APREQBODY;
-
-typedef STACK_OF(KRB5_APREQBODY) KRB5_APREQ;
-DECLARE_STACK_OF(KRB5_APREQBODY)
-
-/*      Authenticator Stuff     */
-
-/*-     Checksum ::=   SEQUENCE {
- *              cksumtype[0]                  INTEGER,
- *              checksum[1]                   OCTET STRING
- *      }
- */
-typedef struct krb5_checksum_st {
-    ASN1_INTEGER *ctype;
-    ASN1_OCTET_STRING *checksum;
-} KRB5_CHECKSUM;
-
-DECLARE_STACK_OF(KRB5_CHECKSUM)
-
-/*-     EncryptionKey ::=   SEQUENCE {
- *              keytype[0]                    INTEGER,
- *              keyvalue[1]                   OCTET STRING
- *      }
- */
-typedef struct krb5_encryptionkey_st {
-    ASN1_INTEGER *ktype;
-    ASN1_OCTET_STRING *keyvalue;
-} KRB5_ENCKEY;
-
-DECLARE_STACK_OF(KRB5_ENCKEY)
-
-/*-     AuthorizationData ::=   SEQUENCE OF SEQUENCE {
- *              ad-type[0]                    INTEGER,
- *              ad-data[1]                    OCTET STRING
- *      }
- */
-typedef struct krb5_authorization_st {
-    ASN1_INTEGER *adtype;
-    ASN1_OCTET_STRING *addata;
-} KRB5_AUTHDATA;
-
-DECLARE_STACK_OF(KRB5_AUTHDATA)
-
-/*-     -- Unencrypted authenticator
- *      Authenticator ::=    [APPLICATION 2] SEQUENCE    {
- *              authenticator-vno[0]          INTEGER,
- *              crealm[1]                     Realm,
- *              cname[2]                      PrincipalName,
- *              cksum[3]                      Checksum OPTIONAL,
- *              cusec[4]                      INTEGER,
- *              ctime[5]                      KerberosTime,
- *              subkey[6]                     EncryptionKey OPTIONAL,
- *              seq-number[7]                 INTEGER OPTIONAL,
- *              authorization-data[8]         AuthorizationData OPTIONAL
- *      }
- */
-typedef struct krb5_authenticator_st {
-    ASN1_INTEGER *avno;
-    ASN1_GENERALSTRING *crealm;
-    KRB5_PRINCNAME *cname;
-    KRB5_CHECKSUM *cksum;
-    ASN1_INTEGER *cusec;
-    ASN1_GENERALIZEDTIME *ctime;
-    KRB5_ENCKEY *subkey;
-    ASN1_INTEGER *seqnum;
-    KRB5_AUTHDATA *authorization;
-} KRB5_AUTHENTBODY;
-
-typedef STACK_OF(KRB5_AUTHENTBODY) KRB5_AUTHENT;
-DECLARE_STACK_OF(KRB5_AUTHENTBODY)
-
-/*-  DECLARE_ASN1_FUNCTIONS(type) = DECLARE_ASN1_FUNCTIONS_name(type, type) =
- *      type *name##_new(void);
- *      void name##_free(type *a);
- *      DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) =
- *       DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) =
- *        type *d2i_##name(type **a, const unsigned char **in, long len);
- *        int i2d_##name(type *a, unsigned char **out);
- *        DECLARE_ASN1_ITEM(itname) = OPENSSL_EXTERN const ASN1_ITEM itname##_it
- */
-
-DECLARE_ASN1_FUNCTIONS(KRB5_ENCDATA)
-DECLARE_ASN1_FUNCTIONS(KRB5_PRINCNAME)
-DECLARE_ASN1_FUNCTIONS(KRB5_TKTBODY)
-DECLARE_ASN1_FUNCTIONS(KRB5_APREQBODY)
-DECLARE_ASN1_FUNCTIONS(KRB5_TICKET)
-DECLARE_ASN1_FUNCTIONS(KRB5_APREQ)
-
-DECLARE_ASN1_FUNCTIONS(KRB5_CHECKSUM)
-DECLARE_ASN1_FUNCTIONS(KRB5_ENCKEY)
-DECLARE_ASN1_FUNCTIONS(KRB5_AUTHDATA)
-DECLARE_ASN1_FUNCTIONS(KRB5_AUTHENTBODY)
-DECLARE_ASN1_FUNCTIONS(KRB5_AUTHENT)
-
-/* BEGIN ERROR CODES */
-/*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/freebsd/crypto/openssl/crypto/lhash/lh_stats.c b/freebsd/crypto/openssl/crypto/lhash/lh_stats.c
new file mode 100644
index 00000000..5367e0b2
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/lhash/lh_stats.c
@@ -0,0 +1,119 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+/*
+ * If you wish to build this outside of OpenSSL, remove the following lines
+ * and things should work as expected
+ */
+#include "internal/cryptlib.h"
+
+#include <openssl/bio.h>
+#include <openssl/lhash.h>
+#include "lhash_lcl.h"
+
+# ifndef OPENSSL_NO_STDIO
+void OPENSSL_LH_stats(const OPENSSL_LHASH *lh, FILE *fp)
+{
+    BIO *bp;
+
+    bp = BIO_new(BIO_s_file());
+    if (bp == NULL)
+        return;
+    BIO_set_fp(bp, fp, BIO_NOCLOSE);
+    OPENSSL_LH_stats_bio(lh, bp);
+    BIO_free(bp);
+}
+
+void OPENSSL_LH_node_stats(const OPENSSL_LHASH *lh, FILE *fp)
+{
+    BIO *bp;
+
+    bp = BIO_new(BIO_s_file());
+    if (bp == NULL)
+        return;
+    BIO_set_fp(bp, fp, BIO_NOCLOSE);
+    OPENSSL_LH_node_stats_bio(lh, bp);
+    BIO_free(bp);
+}
+
+void OPENSSL_LH_node_usage_stats(const OPENSSL_LHASH *lh, FILE *fp)
+{
+    BIO *bp;
+
+    bp = BIO_new(BIO_s_file());
+    if (bp == NULL)
+        return;
+    BIO_set_fp(bp, fp, BIO_NOCLOSE);
+    OPENSSL_LH_node_usage_stats_bio(lh, bp);
+    BIO_free(bp);
+}
+
+# endif
+
+void OPENSSL_LH_stats_bio(const OPENSSL_LHASH *lh, BIO *out)
+{
+    BIO_printf(out, "num_items             = %lu\n", lh->num_items);
+    BIO_printf(out, "num_nodes             = %u\n",  lh->num_nodes);
+    BIO_printf(out, "num_alloc_nodes       = %u\n",  lh->num_alloc_nodes);
+    BIO_printf(out, "num_expands           = %lu\n", lh->num_expands);
+    BIO_printf(out, "num_expand_reallocs   = %lu\n", lh->num_expand_reallocs);
+    BIO_printf(out, "num_contracts         = %lu\n", lh->num_contracts);
+    BIO_printf(out, "num_contract_reallocs = %lu\n", lh->num_contract_reallocs);
+    BIO_printf(out, "num_hash_calls        = %lu\n", lh->num_hash_calls);
+    BIO_printf(out, "num_comp_calls        = %lu\n", lh->num_comp_calls);
+    BIO_printf(out, "num_insert            = %lu\n", lh->num_insert);
+    BIO_printf(out, "num_replace           = %lu\n", lh->num_replace);
+    BIO_printf(out, "num_delete            = %lu\n", lh->num_delete);
+    BIO_printf(out, "num_no_delete         = %lu\n", lh->num_no_delete);
+    BIO_printf(out, "num_retrieve          = %lu\n", lh->num_retrieve);
+    BIO_printf(out, "num_retrieve_miss     = %lu\n", lh->num_retrieve_miss);
+    BIO_printf(out, "num_hash_comps        = %lu\n", lh->num_hash_comps);
+}
+
+void OPENSSL_LH_node_stats_bio(const OPENSSL_LHASH *lh, BIO *out)
+{
+    OPENSSL_LH_NODE *n;
+    unsigned int i, num;
+
+    for (i = 0; i < lh->num_nodes; i++) {
+        for (n = lh->b[i], num = 0; n != NULL; n = n->next)
+            num++;
+        BIO_printf(out, "node %6u -> %3u\n", i, num);
+    }
+}
+
+void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out)
+{
+    OPENSSL_LH_NODE *n;
+    unsigned long num;
+    unsigned int i;
+    unsigned long total = 0, n_used = 0;
+
+    for (i = 0; i < lh->num_nodes; i++) {
+        for (n = lh->b[i], num = 0; n != NULL; n = n->next)
+            num++;
+        if (num != 0) {
+            n_used++;
+            total += num;
+        }
+    }
+    BIO_printf(out, "%lu nodes used out of %u\n", n_used, lh->num_nodes);
+    BIO_printf(out, "%lu items\n", total);
+    if (n_used == 0)
+        return;
+    BIO_printf(out, "load %d.%02d  actual load %d.%02d\n",
+               (int)(total / lh->num_nodes),
+               (int)((total % lh->num_nodes) * 100 / lh->num_nodes),
+               (int)(total / n_used), (int)((total % n_used) * 100 / n_used));
+}
diff --git a/freebsd/crypto/openssl/crypto/lhash/lhash.c b/freebsd/crypto/openssl/crypto/lhash/lhash.c
index babc7a0d..bb109a17 100644
--- a/freebsd/crypto/openssl/crypto/lhash/lhash.c
+++ b/freebsd/crypto/openssl/crypto/lhash/lhash.c
@@ -1,107 +1,23 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/lhash/lhash.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-/*-
- * Code for dynamic hash table routines
- * Author - Eric Young v 2.0
- *
- * 2.2 eay - added #include "crypto.h" so the memory leak checking code is
- *           present. eay 18-Jun-98
- *
- * 2.1 eay - Added an 'error in last operation' flag. eay 6-May-98
- *
- * 2.0 eay - Fixed a bug that occurred when using lh_delete
- *           from inside lh_doall().  As entries were deleted,
- *           the 'table' was 'contract()ed', making some entries
- *           jump from the end of the table to the start, there by
- *           skipping the lh_doall() processing. eay - 4/12/95
- *
- * 1.9 eay - Fixed a memory leak in lh_free, the LHASH_NODEs
- *           were not being free()ed. 21/11/95
- *
- * 1.8 eay - Put the stats routines into a separate file, lh_stats.c
- *           19/09/95
- *
- * 1.7 eay - Removed the fputs() for realloc failures - the code
- *           should silently tolerate them.  I have also fixed things
- *           lint complained about 04/05/95
- *
- * 1.6 eay - Fixed an invalid pointers in contract/expand 27/07/92
- *
- * 1.5 eay - Fixed a misuse of realloc in expand 02/03/1992
- *
- * 1.4 eay - Fixed lh_doall so the function can call lh_delete 28/05/91
- *
- * 1.3 eay - Fixed a few lint problems 19/3/1991
- *
- * 1.2 eay - Fixed lh_doall problem 13/3/1991
- *
- * 1.1 eay - Added lh_doall
- *
- * 1.0 eay - First version
- */
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
 #include <openssl/crypto.h>
 #include <openssl/lhash.h>
+#include <openssl/err.h>
+#include "internal/ctype.h"
+#include "internal/lhash.h"
+#include "lhash_lcl.h"
 
 /*
  * A hashing implementation that appears to be based on the linear hashing
@@ -121,64 +37,48 @@
  * https://pdfs.semanticscholar.org/ff4d/1c5deca6269cc316bfd952172284dbf610ee.pdf
  */
 
-const char lh_version[] = "lhash" OPENSSL_VERSION_PTEXT;
-
 #undef MIN_NODES
 #define MIN_NODES       16
 #define UP_LOAD         (2*LH_LOAD_MULT) /* load times 256 (default 2) */
 #define DOWN_LOAD       (LH_LOAD_MULT) /* load times 256 (default 1) */
 
-static int expand(_LHASH *lh);
-static void contract(_LHASH *lh);
-static LHASH_NODE **getrn(_LHASH *lh, const void *data, unsigned long *rhash);
+static int expand(OPENSSL_LHASH *lh);
+static void contract(OPENSSL_LHASH *lh);
+static OPENSSL_LH_NODE **getrn(OPENSSL_LHASH *lh, const void *data, unsigned long *rhash);
 
-_LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c)
+OPENSSL_LHASH *OPENSSL_LH_new(OPENSSL_LH_HASHFUNC h, OPENSSL_LH_COMPFUNC c)
 {
-    _LHASH *ret;
-    int i;
-
-    if ((ret = OPENSSL_malloc(sizeof(_LHASH))) == NULL)
-        goto err0;
-    if ((ret->b = OPENSSL_malloc(sizeof(LHASH_NODE *) * MIN_NODES)) == NULL)
-        goto err1;
-    for (i = 0; i < MIN_NODES; i++)
-        ret->b[i] = NULL;
-    ret->comp = ((c == NULL) ? (LHASH_COMP_FN_TYPE)strcmp : c);
-    ret->hash = ((h == NULL) ? (LHASH_HASH_FN_TYPE)lh_strhash : h);
+    OPENSSL_LHASH *ret;
+
+    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) {
+        /*
+         * Do not set the error code, because the ERR code uses LHASH
+         * and we want to avoid possible endless error loop.
+         * CRYPTOerr(CRYPTO_F_OPENSSL_LH_NEW, ERR_R_MALLOC_FAILURE);
+         */
+        return NULL;
+    }
+    if ((ret->b = OPENSSL_zalloc(sizeof(*ret->b) * MIN_NODES)) == NULL)
+        goto err;
+    ret->comp = ((c == NULL) ? (OPENSSL_LH_COMPFUNC)strcmp : c);
+    ret->hash = ((h == NULL) ? (OPENSSL_LH_HASHFUNC)OPENSSL_LH_strhash : h);
     ret->num_nodes = MIN_NODES / 2;
     ret->num_alloc_nodes = MIN_NODES;
-    ret->p = 0;
     ret->pmax = MIN_NODES / 2;
     ret->up_load = UP_LOAD;
     ret->down_load = DOWN_LOAD;
-    ret->num_items = 0;
-
-    ret->num_expands = 0;
-    ret->num_expand_reallocs = 0;
-    ret->num_contracts = 0;
-    ret->num_contract_reallocs = 0;
-    ret->num_hash_calls = 0;
-    ret->num_comp_calls = 0;
-    ret->num_insert = 0;
-    ret->num_replace = 0;
-    ret->num_delete = 0;
-    ret->num_no_delete = 0;
-    ret->num_retrieve = 0;
-    ret->num_retrieve_miss = 0;
-    ret->num_hash_comps = 0;
-
-    ret->error = 0;
-    return (ret);
- err1:
+    return ret;
+
+err:
+    OPENSSL_free(ret->b);
     OPENSSL_free(ret);
- err0:
-    return (NULL);
+    return NULL;
 }
 
-void lh_free(_LHASH *lh)
+void OPENSSL_LH_free(OPENSSL_LHASH *lh)
 {
     unsigned int i;
-    LHASH_NODE *n, *nn;
+    OPENSSL_LH_NODE *n, *nn;
 
     if (lh == NULL)
         return;
@@ -195,46 +95,42 @@ void lh_free(_LHASH *lh)
     OPENSSL_free(lh);
 }
 
-void *lh_insert(_LHASH *lh, void *data)
+void *OPENSSL_LH_insert(OPENSSL_LHASH *lh, void *data)
 {
     unsigned long hash;
-    LHASH_NODE *nn, **rn;
+    OPENSSL_LH_NODE *nn, **rn;
     void *ret;
 
     lh->error = 0;
-    if (lh->up_load <= (lh->num_items * LH_LOAD_MULT / lh->num_nodes)
-            && !expand(lh))
-        return NULL;
+    if ((lh->up_load <= (lh->num_items * LH_LOAD_MULT / lh->num_nodes)) && !expand(lh))
+        return NULL;        /* 'lh->error++' already done in 'expand' */
 
     rn = getrn(lh, data, &hash);
 
     if (*rn == NULL) {
-        if ((nn = (LHASH_NODE *)OPENSSL_malloc(sizeof(LHASH_NODE))) == NULL) {
+        if ((nn = OPENSSL_malloc(sizeof(*nn))) == NULL) {
             lh->error++;
-            return (NULL);
+            return NULL;
         }
         nn->data = data;
         nn->next = NULL;
-#ifndef OPENSSL_NO_HASH_COMP
         nn->hash = hash;
-#endif
         *rn = nn;
         ret = NULL;
         lh->num_insert++;
         lh->num_items++;
     } else {                    /* replace same key */
-
         ret = (*rn)->data;
         (*rn)->data = data;
         lh->num_replace++;
     }
-    return (ret);
+    return ret;
 }
 
-void *lh_delete(_LHASH *lh, const void *data)
+void *OPENSSL_LH_delete(OPENSSL_LHASH *lh, const void *data)
 {
     unsigned long hash;
-    LHASH_NODE *nn, **rn;
+    OPENSSL_LH_NODE *nn, **rn;
     void *ret;
 
     lh->error = 0;
@@ -242,7 +138,7 @@ void *lh_delete(_LHASH *lh, const void *data)
 
     if (*rn == NULL) {
         lh->num_no_delete++;
-        return (NULL);
+        return NULL;
     } else {
         nn = *rn;
         *rn = nn->next;
@@ -256,33 +152,36 @@ void *lh_delete(_LHASH *lh, const void *data)
         (lh->down_load >= (lh->num_items * LH_LOAD_MULT / lh->num_nodes)))
         contract(lh);
 
-    return (ret);
+    return ret;
 }
 
-void *lh_retrieve(_LHASH *lh, const void *data)
+void *OPENSSL_LH_retrieve(OPENSSL_LHASH *lh, const void *data)
 {
     unsigned long hash;
-    LHASH_NODE **rn;
+    OPENSSL_LH_NODE **rn;
     void *ret;
 
-    lh->error = 0;
+    tsan_store((TSAN_QUALIFIER int *)&lh->error, 0);
+
     rn = getrn(lh, data, &hash);
 
     if (*rn == NULL) {
-        lh->num_retrieve_miss++;
-        return (NULL);
+        tsan_counter(&lh->num_retrieve_miss);
+        return NULL;
     } else {
         ret = (*rn)->data;
-        lh->num_retrieve++;
+        tsan_counter(&lh->num_retrieve);
     }
-    return (ret);
+
+    return ret;
 }
 
-static void doall_util_fn(_LHASH *lh, int use_arg, LHASH_DOALL_FN_TYPE func,
-                          LHASH_DOALL_ARG_FN_TYPE func_arg, void *arg)
+static void doall_util_fn(OPENSSL_LHASH *lh, int use_arg,
+                          OPENSSL_LH_DOALL_FUNC func,
+                          OPENSSL_LH_DOALL_FUNCARG func_arg, void *arg)
 {
     int i;
-    LHASH_NODE *a, *n;
+    OPENSSL_LH_NODE *a, *n;
 
     if (lh == NULL)
         return;
@@ -294,13 +193,6 @@ static void doall_util_fn(_LHASH *lh, int use_arg, LHASH_DOALL_FN_TYPE func,
     for (i = lh->num_nodes - 1; i >= 0; i--) {
         a = lh->b[i];
         while (a != NULL) {
-            /*
-             * 28/05/91 - eay - n added so items can be deleted via lh_doall
-             */
-            /*
-             * 22/05/08 - ben - eh? since a is not passed, this should not be
-             * needed
-             */
             n = a->next;
             if (use_arg)
                 func_arg(a->data, arg);
@@ -311,19 +203,19 @@ static void doall_util_fn(_LHASH *lh, int use_arg, LHASH_DOALL_FN_TYPE func,
     }
 }
 
-void lh_doall(_LHASH *lh, LHASH_DOALL_FN_TYPE func)
+void OPENSSL_LH_doall(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNC func)
 {
-    doall_util_fn(lh, 0, func, (LHASH_DOALL_ARG_FN_TYPE)0, NULL);
+    doall_util_fn(lh, 0, func, (OPENSSL_LH_DOALL_FUNCARG)0, NULL);
 }
 
-void lh_doall_arg(_LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg)
+void OPENSSL_LH_doall_arg(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNCARG func, void *arg)
 {
-    doall_util_fn(lh, 1, (LHASH_DOALL_FN_TYPE)0, func, arg);
+    doall_util_fn(lh, 1, (OPENSSL_LH_DOALL_FUNC)0, func, arg);
 }
 
-static int expand(_LHASH *lh)
+static int expand(OPENSSL_LHASH *lh)
 {
-    LHASH_NODE **n, **n1, **n2, *np;
+    OPENSSL_LH_NODE **n, **n1, **n2, *np;
     unsigned int p, pmax, nni, j;
     unsigned long hash;
 
@@ -332,7 +224,7 @@ static int expand(_LHASH *lh)
     pmax = lh->pmax;
     if (p + 1 >= pmax) {
         j = nni * 2;
-        n = OPENSSL_realloc(lh->b, (int)(sizeof(LHASH_NODE *) * j));
+        n = OPENSSL_realloc(lh->b, sizeof(OPENSSL_LH_NODE *) * j);
         if (n == NULL) {
             lh->error++;
             return 0;
@@ -354,12 +246,7 @@ static int expand(_LHASH *lh)
     *n2 = NULL;
 
     for (np = *n1; np != NULL;) {
-#ifndef OPENSSL_NO_HASH_COMP
         hash = np->hash;
-#else
-        hash = lh->hash(np->data);
-        lh->num_hash_calls++;
-#endif
         if ((hash % nni) != p) { /* move it */
             *n1 = (*n1)->next;
             np->next = *n2;
@@ -372,18 +259,17 @@ static int expand(_LHASH *lh)
     return 1;
 }
 
-static void contract(_LHASH *lh)
+static void contract(OPENSSL_LHASH *lh)
 {
-    LHASH_NODE **n, *n1, *np;
+    OPENSSL_LH_NODE **n, *n1, *np;
 
     np = lh->b[lh->p + lh->pmax - 1];
     lh->b[lh->p + lh->pmax - 1] = NULL; /* 24/07-92 - eay - weird but :-( */
     if (lh->p == 0) {
-        n = (LHASH_NODE **)OPENSSL_realloc(lh->b,
-                                           (unsigned int)(sizeof(LHASH_NODE *)
-                                                          * lh->pmax));
+        n = OPENSSL_realloc(lh->b,
+                            (unsigned int)(sizeof(OPENSSL_LH_NODE *) * lh->pmax));
         if (n == NULL) {
-/*                      fputs("realloc error in lhash",stderr); */
+            /* fputs("realloc error in lhash",stderr); */
             lh->error++;
             return;
         }
@@ -408,14 +294,15 @@ static void contract(_LHASH *lh)
     }
 }
 
-static LHASH_NODE **getrn(_LHASH *lh, const void *data, unsigned long *rhash)
+static OPENSSL_LH_NODE **getrn(OPENSSL_LHASH *lh,
+                               const void *data, unsigned long *rhash)
 {
-    LHASH_NODE **ret, *n1;
+    OPENSSL_LH_NODE **ret, *n1;
     unsigned long hash, nn;
-    LHASH_COMP_FN_TYPE cf;
+    OPENSSL_LH_COMPFUNC cf;
 
     hash = (*(lh->hash)) (data);
-    lh->num_hash_calls++;
+    tsan_counter(&lh->num_hash_calls);
     *rhash = hash;
 
     nn = hash % lh->pmax;
@@ -425,19 +312,17 @@ static LHASH_NODE **getrn(_LHASH *lh, const void *data, unsigned long *rhash)
     cf = lh->comp;
     ret = &(lh->b[(int)nn]);
     for (n1 = *ret; n1 != NULL; n1 = n1->next) {
-#ifndef OPENSSL_NO_HASH_COMP
-        lh->num_hash_comps++;
+        tsan_counter(&lh->num_hash_comps);
         if (n1->hash != hash) {
             ret = &(n1->next);
             continue;
         }
-#endif
-        lh->num_comp_calls++;
+        tsan_counter(&lh->num_comp_calls);
         if (cf(n1->data, data) == 0)
             break;
         ret = &(n1->next);
     }
-    return (ret);
+    return ret;
 }
 
 /*
@@ -445,7 +330,7 @@ static LHASH_NODE **getrn(_LHASH *lh, const void *data, unsigned long *rhash)
  * collisions on /usr/dict/words and it distributes on %2^n quite well, not
  * as good as MD5, but still good.
  */
-unsigned long lh_strhash(const char *c)
+unsigned long OPENSSL_LH_strhash(const char *c)
 {
     unsigned long ret = 0;
     long n;
@@ -453,12 +338,7 @@ unsigned long lh_strhash(const char *c)
     int r;
 
     if ((c == NULL) || (*c == '\0'))
-        return (ret);
-/*-
-    unsigned char b[16];
-    MD5(c,strlen(c),b);
-    return(b[0]|(b[1]<<8)|(b[2]<<16)|(b[3]<<24));
-*/
+        return ret;
 
     n = 0x100;
     while (*c) {
@@ -470,10 +350,46 @@ unsigned long lh_strhash(const char *c)
         ret ^= v * v;
         c++;
     }
-    return ((ret >> 16) ^ ret);
+    return (ret >> 16) ^ ret;
+}
+
+unsigned long openssl_lh_strcasehash(const char *c)
+{
+    unsigned long ret = 0;
+    long n;
+    unsigned long v;
+    int r;
+
+    if (c == NULL || *c == '\0')
+        return ret;
+
+    for (n = 0x100; *c != '\0'; n += 0x100) {
+        v = n | ossl_tolower(*c);
+        r = (int)((v >> 2) ^ v) & 0x0f;
+        ret = (ret << r) | (ret >> (32 - r));
+        ret &= 0xFFFFFFFFL;
+        ret ^= v * v;
+        c++;
+    }
+    return (ret >> 16) ^ ret;
 }
 
-unsigned long lh_num_items(const _LHASH *lh)
+unsigned long OPENSSL_LH_num_items(const OPENSSL_LHASH *lh)
 {
     return lh ? lh->num_items : 0;
 }
+
+unsigned long OPENSSL_LH_get_down_load(const OPENSSL_LHASH *lh)
+{
+    return lh->down_load;
+}
+
+void OPENSSL_LH_set_down_load(OPENSSL_LHASH *lh, unsigned long down_load)
+{
+    lh->down_load = down_load;
+}
+
+int OPENSSL_LH_error(OPENSSL_LHASH *lh)
+{
+    return lh->error;
+}
diff --git a/freebsd/crypto/openssl/crypto/lhash/lhash.h b/freebsd/crypto/openssl/crypto/lhash/lhash.h
deleted file mode 100644
index b6c328bf..00000000
--- a/freebsd/crypto/openssl/crypto/lhash/lhash.h
+++ /dev/null
@@ -1,240 +0,0 @@
-/* crypto/lhash/lhash.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/*
- * Header for dynamic hash table routines Author - Eric Young
- */
-
-#ifndef HEADER_LHASH_H
-# define HEADER_LHASH_H
-
-# include <openssl/e_os2.h>
-# ifndef OPENSSL_NO_FP_API
-#  include <stdio.h>
-# endif
-
-# ifndef OPENSSL_NO_BIO
-#  include <openssl/bio.h>
-# endif
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-typedef struct lhash_node_st {
-    void *data;
-    struct lhash_node_st *next;
-# ifndef OPENSSL_NO_HASH_COMP
-    unsigned long hash;
-# endif
-} LHASH_NODE;
-
-typedef int (*LHASH_COMP_FN_TYPE) (const void *, const void *);
-typedef unsigned long (*LHASH_HASH_FN_TYPE) (const void *);
-typedef void (*LHASH_DOALL_FN_TYPE) (void *);
-typedef void (*LHASH_DOALL_ARG_FN_TYPE) (void *, void *);
-
-/*
- * Macros for declaring and implementing type-safe wrappers for LHASH
- * callbacks. This way, callbacks can be provided to LHASH structures without
- * function pointer casting and the macro-defined callbacks provide
- * per-variable casting before deferring to the underlying type-specific
- * callbacks. NB: It is possible to place a "static" in front of both the
- * DECLARE and IMPLEMENT macros if the functions are strictly internal.
- */
-
-/* First: "hash" functions */
-# define DECLARE_LHASH_HASH_FN(name, o_type) \
-        unsigned long name##_LHASH_HASH(const void *);
-# define IMPLEMENT_LHASH_HASH_FN(name, o_type) \
-        unsigned long name##_LHASH_HASH(const void *arg) { \
-                const o_type *a = arg; \
-                return name##_hash(a); }
-# define LHASH_HASH_FN(name) name##_LHASH_HASH
-
-/* Second: "compare" functions */
-# define DECLARE_LHASH_COMP_FN(name, o_type) \
-        int name##_LHASH_COMP(const void *, const void *);
-# define IMPLEMENT_LHASH_COMP_FN(name, o_type) \
-        int name##_LHASH_COMP(const void *arg1, const void *arg2) { \
-                const o_type *a = arg1;             \
-                const o_type *b = arg2; \
-                return name##_cmp(a,b); }
-# define LHASH_COMP_FN(name) name##_LHASH_COMP
-
-/* Third: "doall" functions */
-# define DECLARE_LHASH_DOALL_FN(name, o_type) \
-        void name##_LHASH_DOALL(void *);
-# define IMPLEMENT_LHASH_DOALL_FN(name, o_type) \
-        void name##_LHASH_DOALL(void *arg) { \
-                o_type *a = arg; \
-                name##_doall(a); }
-# define LHASH_DOALL_FN(name) name##_LHASH_DOALL
-
-/* Fourth: "doall_arg" functions */
-# define DECLARE_LHASH_DOALL_ARG_FN(name, o_type, a_type) \
-        void name##_LHASH_DOALL_ARG(void *, void *);
-# define IMPLEMENT_LHASH_DOALL_ARG_FN(name, o_type, a_type) \
-        void name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \
-                o_type *a = arg1; \
-                a_type *b = arg2; \
-                name##_doall_arg(a, b); }
-# define LHASH_DOALL_ARG_FN(name) name##_LHASH_DOALL_ARG
-
-typedef struct lhash_st {
-    LHASH_NODE **b;
-    LHASH_COMP_FN_TYPE comp;
-    LHASH_HASH_FN_TYPE hash;
-    unsigned int num_nodes;
-    unsigned int num_alloc_nodes;
-    unsigned int p;
-    unsigned int pmax;
-    unsigned long up_load;      /* load times 256 */
-    unsigned long down_load;    /* load times 256 */
-    unsigned long num_items;
-    unsigned long num_expands;
-    unsigned long num_expand_reallocs;
-    unsigned long num_contracts;
-    unsigned long num_contract_reallocs;
-    unsigned long num_hash_calls;
-    unsigned long num_comp_calls;
-    unsigned long num_insert;
-    unsigned long num_replace;
-    unsigned long num_delete;
-    unsigned long num_no_delete;
-    unsigned long num_retrieve;
-    unsigned long num_retrieve_miss;
-    unsigned long num_hash_comps;
-    int error;
-} _LHASH;                       /* Do not use _LHASH directly, use LHASH_OF
-                                 * and friends */
-
-# define LH_LOAD_MULT    256
-
-/*
- * Indicates a malloc() error in the last call, this is only bad in
- * lh_insert().
- */
-# define lh_error(lh)    ((lh)->error)
-
-_LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c);
-void lh_free(_LHASH *lh);
-void *lh_insert(_LHASH *lh, void *data);
-void *lh_delete(_LHASH *lh, const void *data);
-void *lh_retrieve(_LHASH *lh, const void *data);
-void lh_doall(_LHASH *lh, LHASH_DOALL_FN_TYPE func);
-void lh_doall_arg(_LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg);
-unsigned long lh_strhash(const char *c);
-unsigned long lh_num_items(const _LHASH *lh);
-
-# ifndef OPENSSL_NO_FP_API
-void lh_stats(const _LHASH *lh, FILE *out);
-void lh_node_stats(const _LHASH *lh, FILE *out);
-void lh_node_usage_stats(const _LHASH *lh, FILE *out);
-# endif
-
-# ifndef OPENSSL_NO_BIO
-void lh_stats_bio(const _LHASH *lh, BIO *out);
-void lh_node_stats_bio(const _LHASH *lh, BIO *out);
-void lh_node_usage_stats_bio(const _LHASH *lh, BIO *out);
-# endif
-
-/* Type checking... */
-
-# define LHASH_OF(type) struct lhash_st_##type
-
-# define DECLARE_LHASH_OF(type) LHASH_OF(type) { int dummy; }
-
-# define CHECKED_LHASH_OF(type,lh) \
-  ((_LHASH *)CHECKED_PTR_OF(LHASH_OF(type),lh))
-
-/* Define wrapper functions. */
-# define LHM_lh_new(type, name) \
-  ((LHASH_OF(type) *)lh_new(LHASH_HASH_FN(name), LHASH_COMP_FN(name)))
-# define LHM_lh_error(type, lh) \
-  lh_error(CHECKED_LHASH_OF(type,lh))
-# define LHM_lh_insert(type, lh, inst) \
-  ((type *)lh_insert(CHECKED_LHASH_OF(type, lh), \
-                     CHECKED_PTR_OF(type, inst)))
-# define LHM_lh_retrieve(type, lh, inst) \
-  ((type *)lh_retrieve(CHECKED_LHASH_OF(type, lh), \
-                       CHECKED_PTR_OF(type, inst)))
-# define LHM_lh_delete(type, lh, inst) \
-  ((type *)lh_delete(CHECKED_LHASH_OF(type, lh),                        \
-                     CHECKED_PTR_OF(type, inst)))
-# define LHM_lh_doall(type, lh,fn) lh_doall(CHECKED_LHASH_OF(type, lh), fn)
-# define LHM_lh_doall_arg(type, lh, fn, arg_type, arg) \
-  lh_doall_arg(CHECKED_LHASH_OF(type, lh), fn, CHECKED_PTR_OF(arg_type, arg))
-# define LHM_lh_num_items(type, lh) lh_num_items(CHECKED_LHASH_OF(type, lh))
-# define LHM_lh_down_load(type, lh) (CHECKED_LHASH_OF(type, lh)->down_load)
-# define LHM_lh_node_stats_bio(type, lh, out) \
-  lh_node_stats_bio(CHECKED_LHASH_OF(type, lh), out)
-# define LHM_lh_node_usage_stats_bio(type, lh, out) \
-  lh_node_usage_stats_bio(CHECKED_LHASH_OF(type, lh), out)
-# define LHM_lh_stats_bio(type, lh, out) \
-  lh_stats_bio(CHECKED_LHASH_OF(type, lh), out)
-# define LHM_lh_free(type, lh) lh_free(CHECKED_LHASH_OF(type, lh))
-
-DECLARE_LHASH_OF(OPENSSL_STRING);
-DECLARE_LHASH_OF(OPENSSL_CSTRING);
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/freebsd/crypto/openssl/crypto/lhash/lhash_lcl.h b/freebsd/crypto/openssl/crypto/lhash/lhash_lcl.h
new file mode 100644
index 00000000..678224ac
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/lhash/lhash_lcl.h
@@ -0,0 +1,44 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+#include <openssl/crypto.h>
+
+#include "internal/tsan_assist.h"
+
+struct lhash_node_st {
+    void *data;
+    struct lhash_node_st *next;
+    unsigned long hash;
+};
+
+struct lhash_st {
+    OPENSSL_LH_NODE **b;
+    OPENSSL_LH_COMPFUNC comp;
+    OPENSSL_LH_HASHFUNC hash;
+    unsigned int num_nodes;
+    unsigned int num_alloc_nodes;
+    unsigned int p;
+    unsigned int pmax;
+    unsigned long up_load;      /* load times 256 */
+    unsigned long down_load;    /* load times 256 */
+    unsigned long num_items;
+    unsigned long num_expands;
+    unsigned long num_expand_reallocs;
+    unsigned long num_contracts;
+    unsigned long num_contract_reallocs;
+    TSAN_QUALIFIER unsigned long num_hash_calls;
+    TSAN_QUALIFIER unsigned long num_comp_calls;
+    unsigned long num_insert;
+    unsigned long num_replace;
+    unsigned long num_delete;
+    unsigned long num_no_delete;
+    TSAN_QUALIFIER unsigned long num_retrieve;
+    TSAN_QUALIFIER unsigned long num_retrieve_miss;
+    TSAN_QUALIFIER unsigned long num_hash_comps;
+    int error;
+};
diff --git a/freebsd/crypto/openssl/crypto/md32_common.h b/freebsd/crypto/openssl/crypto/md32_common.h
deleted file mode 100644
index b5a04bf1..00000000
--- a/freebsd/crypto/openssl/crypto/md32_common.h
+++ /dev/null
@@ -1,436 +0,0 @@
-/* crypto/md32_common.h */
-/* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-/*-
- * This is a generic 32 bit "collector" for message digest algorithms.
- * Whenever needed it collects input character stream into chunks of
- * 32 bit values and invokes a block function that performs actual hash
- * calculations.
- *
- * Porting guide.
- *
- * Obligatory macros:
- *
- * DATA_ORDER_IS_BIG_ENDIAN or DATA_ORDER_IS_LITTLE_ENDIAN
- *      this macro defines byte order of input stream.
- * HASH_CBLOCK
- *      size of a unit chunk HASH_BLOCK operates on.
- * HASH_LONG
- *      has to be at lest 32 bit wide, if it's wider, then
- *      HASH_LONG_LOG2 *has to* be defined along
- * HASH_CTX
- *      context structure that at least contains following
- *      members:
- *              typedef struct {
- *                      ...
- *                      HASH_LONG       Nl,Nh;
- *                      either {
- *                      HASH_LONG       data[HASH_LBLOCK];
- *                      unsigned char   data[HASH_CBLOCK];
- *                      };
- *                      unsigned int    num;
- *                      ...
- *                      } HASH_CTX;
- *      data[] vector is expected to be zeroed upon first call to
- *      HASH_UPDATE.
- * HASH_UPDATE
- *      name of "Update" function, implemented here.
- * HASH_TRANSFORM
- *      name of "Transform" function, implemented here.
- * HASH_FINAL
- *      name of "Final" function, implemented here.
- * HASH_BLOCK_DATA_ORDER
- *      name of "block" function capable of treating *unaligned* input
- *      message in original (data) byte order, implemented externally.
- * HASH_MAKE_STRING
- *      macro convering context variables to an ASCII hash string.
- *
- * MD5 example:
- *
- *      #define DATA_ORDER_IS_LITTLE_ENDIAN
- *
- *      #define HASH_LONG               MD5_LONG
- *      #define HASH_LONG_LOG2          MD5_LONG_LOG2
- *      #define HASH_CTX                MD5_CTX
- *      #define HASH_CBLOCK             MD5_CBLOCK
- *      #define HASH_UPDATE             MD5_Update
- *      #define HASH_TRANSFORM          MD5_Transform
- *      #define HASH_FINAL              MD5_Final
- *      #define HASH_BLOCK_DATA_ORDER   md5_block_data_order
- *
- *                                      <appro@fy.chalmers.se>
- */
-
-#include <openssl/crypto.h>
-
-#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
-# error "DATA_ORDER must be defined!"
-#endif
-
-#ifndef HASH_CBLOCK
-# error "HASH_CBLOCK must be defined!"
-#endif
-#ifndef HASH_LONG
-# error "HASH_LONG must be defined!"
-#endif
-#ifndef HASH_CTX
-# error "HASH_CTX must be defined!"
-#endif
-
-#ifndef HASH_UPDATE
-# error "HASH_UPDATE must be defined!"
-#endif
-#ifndef HASH_TRANSFORM
-# error "HASH_TRANSFORM must be defined!"
-#endif
-#ifndef HASH_FINAL
-# error "HASH_FINAL must be defined!"
-#endif
-
-#ifndef HASH_BLOCK_DATA_ORDER
-# error "HASH_BLOCK_DATA_ORDER must be defined!"
-#endif
-
-/*
- * Engage compiler specific rotate intrinsic function if available.
- */
-#undef ROTATE
-#ifndef PEDANTIC
-# if defined(_MSC_VER)
-#  define ROTATE(a,n)   _lrotl(a,n)
-# elif defined(__ICC)
-#  define ROTATE(a,n)   _rotl(a,n)
-# elif defined(__MWERKS__)
-#  if defined(__POWERPC__)
-#   define ROTATE(a,n)  __rlwinm(a,n,0,31)
-#  elif defined(__MC68K__)
-    /* Motorola specific tweak. <appro@fy.chalmers.se> */
-#   define ROTATE(a,n)  ( n<24 ? __rol(a,n) : __ror(a,32-n) )
-#  else
-#   define ROTATE(a,n)  __rol(a,n)
-#  endif
-# elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
-  /*
-   * Some GNU C inline assembler templates. Note that these are
-   * rotates by *constant* number of bits! But that's exactly
-   * what we need here...
-   *                                    <appro@fy.chalmers.se>
-   */
-#  if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
-#   define ROTATE(a,n)  ({ register unsigned int ret;   \
-                                asm (                   \
-                                "roll %1,%0"            \
-                                : "=r"(ret)             \
-                                : "I"(n), "0"((unsigned int)(a))        \
-                                : "cc");                \
-                           ret;                         \
-                        })
-#  elif defined(_ARCH_PPC) || defined(_ARCH_PPC64) || \
-        defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__)
-#   define ROTATE(a,n)  ({ register unsigned int ret;   \
-                                asm (                   \
-                                "rlwinm %0,%1,%2,0,31"  \
-                                : "=r"(ret)             \
-                                : "r"(a), "I"(n));      \
-                           ret;                         \
-                        })
-#  elif defined(__s390x__)
-#   define ROTATE(a,n) ({ register unsigned int ret;    \
-                                asm ("rll %0,%1,%2"     \
-                                : "=r"(ret)             \
-                                : "r"(a), "I"(n));      \
-                          ret;                          \
-                        })
-#  endif
-# endif
-#endif                          /* PEDANTIC */
-
-#ifndef ROTATE
-# define ROTATE(a,n)     (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
-#endif
-
-#if defined(DATA_ORDER_IS_BIG_ENDIAN)
-
-# ifndef PEDANTIC
-#  if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
-#   if ((defined(__i386) || defined(__i386__)) && !defined(I386_ONLY)) || \
-      (defined(__x86_64) || defined(__x86_64__))
-#    if !defined(B_ENDIAN)
-    /*
-     * This gives ~30-40% performance improvement in SHA-256 compiled
-     * with gcc [on P4]. Well, first macro to be frank. We can pull
-     * this trick on x86* platforms only, because these CPUs can fetch
-     * unaligned data without raising an exception.
-     */
-#     define HOST_c2l(c,l)        ({ unsigned int r=*((const unsigned int *)(c)); \
-                                   asm ("bswapl %0":"=r"(r):"0"(r));    \
-                                   (c)+=4; (l)=r;                       })
-#     define HOST_l2c(l,c)        ({ unsigned int r=(l);                  \
-                                   asm ("bswapl %0":"=r"(r):"0"(r));    \
-                                   *((unsigned int *)(c))=r; (c)+=4; r; })
-#    endif
-#   elif defined(__aarch64__)
-#    if defined(__BYTE_ORDER__)
-#     if defined(__ORDER_LITTLE_ENDIAN__) && __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
-#      define HOST_c2l(c,l)      ({ unsigned int r;              \
-                                   asm ("rev    %w0,%w1"        \
-                                        :"=r"(r)                \
-                                        :"r"(*((const unsigned int *)(c))));\
-                                   (c)+=4; (l)=r;               })
-#      define HOST_l2c(l,c)      ({ unsigned int r;              \
-                                   asm ("rev    %w0,%w1"        \
-                                        :"=r"(r)                \
-                                        :"r"((unsigned int)(l)));\
-                                   *((unsigned int *)(c))=r; (c)+=4; r; })
-#     elif defined(__ORDER_BIG_ENDIAN__) && __BYTE_ORDER__==__ORDER_BIG_ENDIAN__
-#      define HOST_c2l(c,l)      ((l)=*((const unsigned int *)(c)), (c)+=4, (l))
-#      define HOST_l2c(l,c)      (*((unsigned int *)(c))=(l), (c)+=4, (l))
-#     endif
-#    endif
-#   endif
-#  endif
-#  if defined(__s390__) || defined(__s390x__)
-#   define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l))
-#   define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l))
-#  endif
-# endif
-
-# ifndef HOST_c2l
-#  define HOST_c2l(c,l)   (l =(((unsigned long)(*((c)++)))<<24),          \
-                         l|=(((unsigned long)(*((c)++)))<<16),          \
-                         l|=(((unsigned long)(*((c)++)))<< 8),          \
-                         l|=(((unsigned long)(*((c)++)))    )           )
-# endif
-# ifndef HOST_l2c
-#  define HOST_l2c(l,c)   (*((c)++)=(unsigned char)(((l)>>24)&0xff),      \
-                         *((c)++)=(unsigned char)(((l)>>16)&0xff),      \
-                         *((c)++)=(unsigned char)(((l)>> 8)&0xff),      \
-                         *((c)++)=(unsigned char)(((l)    )&0xff),      \
-                         l)
-# endif
-
-#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
-
-# ifndef PEDANTIC
-#  if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
-#   if defined(__s390x__)
-#    define HOST_c2l(c,l)        ({ asm ("lrv    %0,%1"                  \
-                                   :"=d"(l) :"m"(*(const unsigned int *)(c)));\
-                                   (c)+=4; (l);                         })
-#    define HOST_l2c(l,c)        ({ asm ("strv   %1,%0"                  \
-                                   :"=m"(*(unsigned int *)(c)) :"d"(l));\
-                                   (c)+=4; (l);                         })
-#   endif
-#  endif
-#  if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
-#   ifndef B_ENDIAN
-    /* See comment in DATA_ORDER_IS_BIG_ENDIAN section. */
-#    define HOST_c2l(c,l)        ((l)=*((const unsigned int *)(c)), (c)+=4, l)
-#    define HOST_l2c(l,c)        (*((unsigned int *)(c))=(l), (c)+=4, l)
-#   endif
-#  endif
-# endif
-
-# ifndef HOST_c2l
-#  define HOST_c2l(c,l)   (l =(((unsigned long)(*((c)++)))    ),          \
-                         l|=(((unsigned long)(*((c)++)))<< 8),          \
-                         l|=(((unsigned long)(*((c)++)))<<16),          \
-                         l|=(((unsigned long)(*((c)++)))<<24)           )
-# endif
-# ifndef HOST_l2c
-#  define HOST_l2c(l,c)   (*((c)++)=(unsigned char)(((l)    )&0xff),      \
-                         *((c)++)=(unsigned char)(((l)>> 8)&0xff),      \
-                         *((c)++)=(unsigned char)(((l)>>16)&0xff),      \
-                         *((c)++)=(unsigned char)(((l)>>24)&0xff),      \
-                         l)
-# endif
-
-#endif
-
-/*
- * Time for some action:-)
- */
-
-int HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len)
-{
-    const unsigned char *data = data_;
-    unsigned char *p;
-    HASH_LONG l;
-    size_t n;
-
-    if (len == 0)
-        return 1;
-
-    l = (c->Nl + (((HASH_LONG) len) << 3)) & 0xffffffffUL;
-    /*
-     * 95-05-24 eay Fixed a bug with the overflow handling, thanks to Wei Dai
-     * <weidai@eskimo.com> for pointing it out.
-     */
-    if (l < c->Nl)              /* overflow */
-        c->Nh++;
-    c->Nh += (HASH_LONG) (len >> 29); /* might cause compiler warning on
-                                       * 16-bit */
-    c->Nl = l;
-
-    n = c->num;
-    if (n != 0) {
-        p = (unsigned char *)c->data;
-
-        if (len >= HASH_CBLOCK || len + n >= HASH_CBLOCK) {
-            memcpy(p + n, data, HASH_CBLOCK - n);
-            HASH_BLOCK_DATA_ORDER(c, p, 1);
-            n = HASH_CBLOCK - n;
-            data += n;
-            len -= n;
-            c->num = 0;
-            /*
-             * We use memset rather than OPENSSL_cleanse() here deliberately.
-             * Using OPENSSL_cleanse() here could be a performance issue. It
-             * will get properly cleansed on finalisation so this isn't a
-             * security problem.
-             */
-            memset(p, 0, HASH_CBLOCK); /* keep it zeroed */
-        } else {
-            memcpy(p + n, data, len);
-            c->num += (unsigned int)len;
-            return 1;
-        }
-    }
-
-    n = len / HASH_CBLOCK;
-    if (n > 0) {
-        HASH_BLOCK_DATA_ORDER(c, data, n);
-        n *= HASH_CBLOCK;
-        data += n;
-        len -= n;
-    }
-
-    if (len != 0) {
-        p = (unsigned char *)c->data;
-        c->num = (unsigned int)len;
-        memcpy(p, data, len);
-    }
-    return 1;
-}
-
-void HASH_TRANSFORM(HASH_CTX *c, const unsigned char *data)
-{
-    HASH_BLOCK_DATA_ORDER(c, data, 1);
-}
-
-int HASH_FINAL(unsigned char *md, HASH_CTX *c)
-{
-    unsigned char *p = (unsigned char *)c->data;
-    size_t n = c->num;
-
-    p[n] = 0x80;                /* there is always room for one */
-    n++;
-
-    if (n > (HASH_CBLOCK - 8)) {
-        memset(p + n, 0, HASH_CBLOCK - n);
-        n = 0;
-        HASH_BLOCK_DATA_ORDER(c, p, 1);
-    }
-    memset(p + n, 0, HASH_CBLOCK - 8 - n);
-
-    p += HASH_CBLOCK - 8;
-#if   defined(DATA_ORDER_IS_BIG_ENDIAN)
-    (void)HOST_l2c(c->Nh, p);
-    (void)HOST_l2c(c->Nl, p);
-#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
-    (void)HOST_l2c(c->Nl, p);
-    (void)HOST_l2c(c->Nh, p);
-#endif
-    p -= HASH_CBLOCK;
-    HASH_BLOCK_DATA_ORDER(c, p, 1);
-    c->num = 0;
-    OPENSSL_cleanse(p, HASH_CBLOCK);
-
-#ifndef HASH_MAKE_STRING
-# error "HASH_MAKE_STRING must be defined!"
-#else
-    HASH_MAKE_STRING(c, md);
-#endif
-
-    return 1;
-}
-
-#ifndef MD32_REG_T
-# if defined(__alpha) || defined(__sparcv9) || defined(__mips)
-#  define MD32_REG_T long
-/*
- * This comment was originaly written for MD5, which is why it
- * discusses A-D. But it basically applies to all 32-bit digests,
- * which is why it was moved to common header file.
- *
- * In case you wonder why A-D are declared as long and not
- * as MD5_LONG. Doing so results in slight performance
- * boost on LP64 architectures. The catch is we don't
- * really care if 32 MSBs of a 64-bit register get polluted
- * with eventual overflows as we *save* only 32 LSBs in
- * *either* case. Now declaring 'em long excuses the compiler
- * from keeping 32 MSBs zeroed resulting in 13% performance
- * improvement under SPARC Solaris7/64 and 5% under AlphaLinux.
- * Well, to be honest it should say that this *prevents*
- * performance degradation.
- *                              <appro@fy.chalmers.se>
- */
-# else
-/*
- * Above is not absolute and there are LP64 compilers that
- * generate better code if MD32_REG_T is defined int. The above
- * pre-processor condition reflects the circumstances under which
- * the conclusion was made and is subject to further extension.
- *                              <appro@fy.chalmers.se>
- */
-#  define MD32_REG_T int
-# endif
-#endif
diff --git a/freebsd/crypto/openssl/crypto/md4/md4.c b/freebsd/crypto/openssl/crypto/md4/md4.c
deleted file mode 100644
index 20fe2ce3..00000000
--- a/freebsd/crypto/openssl/crypto/md4/md4.c
+++ /dev/null
@@ -1,123 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/md4/md4.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/md4.h>
-
-#define BUFSIZE 1024*16
-
-void do_fp(FILE *f);
-void pt(unsigned char *md);
-#if !defined(_OSD_POSIX) && !defined(__DJGPP__)
-int read(int, void *, unsigned int);
-#endif
-
-int main(int argc, char **argv)
-{
-    int i, err = 0;
-    FILE *IN;
-
-    if (argc == 1) {
-        do_fp(stdin);
-    } else {
-        for (i = 1; i < argc; i++) {
-            IN = fopen(argv[i], "r");
-            if (IN == NULL) {
-                perror(argv[i]);
-                err++;
-                continue;
-            }
-            printf("MD4(%s)= ", argv[i]);
-            do_fp(IN);
-            fclose(IN);
-        }
-    }
-    exit(err);
-}
-
-void do_fp(FILE *f)
-{
-    MD4_CTX c;
-    unsigned char md[MD4_DIGEST_LENGTH];
-    int fd;
-    int i;
-    static unsigned char buf[BUFSIZE];
-
-    fd = fileno(f);
-    MD4_Init(&c);
-    for (;;) {
-        i = read(fd, buf, sizeof(buf));
-        if (i <= 0)
-            break;
-        MD4_Update(&c, buf, (unsigned long)i);
-    }
-    MD4_Final(&(md[0]), &c);
-    pt(md);
-}
-
-void pt(unsigned char *md)
-{
-    int i;
-
-    for (i = 0; i < MD4_DIGEST_LENGTH; i++)
-        printf("%02x", md[i]);
-    printf("\n");
-}
diff --git a/freebsd/crypto/openssl/crypto/md4/md4.h b/freebsd/crypto/openssl/crypto/md4/md4.h
deleted file mode 100644
index 11fd7129..00000000
--- a/freebsd/crypto/openssl/crypto/md4/md4.h
+++ /dev/null
@@ -1,119 +0,0 @@
-/* crypto/md4/md4.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_MD4_H
-# define HEADER_MD4_H
-
-# include <openssl/e_os2.h>
-# include <stddef.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-# ifdef OPENSSL_NO_MD4
-#  error MD4 is disabled.
-# endif
-
-/*-
- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- * ! MD4_LONG has to be at least 32 bits wide. If it's wider, then !
- * ! MD4_LONG_LOG2 has to be defined along.                        !
- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- */
-
-# if defined(__LP32__)
-#  define MD4_LONG unsigned long
-# elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
-#  define MD4_LONG unsigned long
-#  define MD4_LONG_LOG2 3
-/*
- * _CRAY note. I could declare short, but I have no idea what impact
- * does it have on performance on none-T3E machines. I could declare
- * int, but at least on C90 sizeof(int) can be chosen at compile time.
- * So I've chosen long...
- *                                      <appro@fy.chalmers.se>
- */
-# else
-#  define MD4_LONG unsigned int
-# endif
-
-# define MD4_CBLOCK      64
-# define MD4_LBLOCK      (MD4_CBLOCK/4)
-# define MD4_DIGEST_LENGTH 16
-
-typedef struct MD4state_st {
-    MD4_LONG A, B, C, D;
-    MD4_LONG Nl, Nh;
-    MD4_LONG data[MD4_LBLOCK];
-    unsigned int num;
-} MD4_CTX;
-
-# ifdef OPENSSL_FIPS
-int private_MD4_Init(MD4_CTX *c);
-# endif
-int MD4_Init(MD4_CTX *c);
-int MD4_Update(MD4_CTX *c, const void *data, size_t len);
-int MD4_Final(unsigned char *md, MD4_CTX *c);
-unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md);
-void MD4_Transform(MD4_CTX *c, const unsigned char *b);
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/freebsd/crypto/openssl/crypto/md4/md4_dgst.c b/freebsd/crypto/openssl/crypto/md4/md4_dgst.c
index f7cf06d2..e80b5acf 100644
--- a/freebsd/crypto/openssl/crypto/md4/md4_dgst.c
+++ b/freebsd/crypto/openssl/crypto/md4/md4_dgst.c
@@ -1,70 +1,18 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/md4/md4_dgst.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <openssl/opensslv.h>
-#include <openssl/crypto.h>
 #include "md4_locl.h"
 
-const char MD4_version[] = "MD4" OPENSSL_VERSION_PTEXT;
-
 /*
  * Implemented from RFC1186 The MD4 Message-Digest Algorithm
  */
@@ -74,7 +22,7 @@ const char MD4_version[] = "MD4" OPENSSL_VERSION_PTEXT;
 #define INIT_DATA_C (unsigned long)0x98badcfeL
 #define INIT_DATA_D (unsigned long)0x10325476L
 
-fips_md_init(MD4)
+int MD4_Init(MD4_CTX *c)
 {
     memset(c, 0, sizeof(*c));
     c->A = INIT_DATA_A;
diff --git a/freebsd/crypto/openssl/crypto/md4/md4_locl.h b/freebsd/crypto/openssl/crypto/md4/md4_locl.h
index dc86a86c..a6c4003f 100644
--- a/freebsd/crypto/openssl/crypto/md4/md4_locl.h
+++ b/freebsd/crypto/openssl/crypto/md4/md4_locl.h
@@ -1,59 +1,10 @@
-/* crypto/md4/md4_locl.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdlib.h>
@@ -61,10 +12,6 @@
 #include <openssl/opensslconf.h>
 #include <openssl/md4.h>
 
-#ifndef MD4_LONG_LOG2
-# define MD4_LONG_LOG2 2        /* default to 32 bits */
-#endif
-
 void md4_block_data_order(MD4_CTX *c, const void *p, size_t num);
 
 #define DATA_ORDER_IS_LITTLE_ENDIAN
@@ -84,7 +31,7 @@ void md4_block_data_order(MD4_CTX *c, const void *p, size_t num);
         } while (0)
 #define HASH_BLOCK_DATA_ORDER   md4_block_data_order
 
-#include "md32_common.h"
+#include "internal/md32_common.h"
 
 /*-
 #define F(x,y,z)        (((x) & (y))  |  ((~(x)) & (z)))
@@ -92,9 +39,9 @@ void md4_block_data_order(MD4_CTX *c, const void *p, size_t num);
 */
 
 /*
- * As pointed out by Wei Dai <weidai@eskimo.com>, the above can be simplified
- * to the code below.  Wei attributes these optimizations to Peter Gutmann's
- * SHS code, and he attributes it to Rich Schroeppel.
+ * As pointed out by Wei Dai, the above can be simplified to the code
+ * below.  Wei attributes these optimizations to Peter Gutmann's SHS code,
+ * and he attributes it to Rich Schroeppel.
  */
 #define F(b,c,d)        ((((c) ^ (d)) & (b)) ^ (d))
 #define G(b,c,d)        (((b) & (c)) | ((b) & (d)) | ((c) & (d)))
diff --git a/freebsd/crypto/openssl/crypto/md4/md4_one.c b/freebsd/crypto/openssl/crypto/md4/md4_one.c
index 69e9ce86..0b8ac97f 100644
--- a/freebsd/crypto/openssl/crypto/md4/md4_one.c
+++ b/freebsd/crypto/openssl/crypto/md4/md4_one.c
@@ -1,61 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/md4/md4_one.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
@@ -94,5 +45,5 @@ unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md)
 #endif
     MD4_Final(md, &c);
     OPENSSL_cleanse(&c, sizeof(c)); /* security consideration */
-    return (md);
+    return md;
 }
diff --git a/freebsd/crypto/openssl/crypto/md4/md4test.c b/freebsd/crypto/openssl/crypto/md4/md4test.c
deleted file mode 100644
index b3483ae4..00000000
--- a/freebsd/crypto/openssl/crypto/md4/md4test.c
+++ /dev/null
@@ -1,135 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/md4/md4test.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-#include "../e_os.h"
-
-#ifdef OPENSSL_NO_MD4
-int main(int argc, char *argv[])
-{
-    printf("No MD4 support\n");
-    return (0);
-}
-#else
-# include <openssl/evp.h>
-# include <openssl/md4.h>
-
-static char *test[] = {
-    "",
-    "a",
-    "abc",
-    "message digest",
-    "abcdefghijklmnopqrstuvwxyz",
-    "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
-    "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
-    NULL,
-};
-
-static char *ret[] = {
-    "31d6cfe0d16ae931b73c59d7e0c089c0",
-    "bde52cb31de33e46245e05fbdbd6fb24",
-    "a448017aaf21d8525fc10ae87aa6729d",
-    "d9130a8164549fe818874806e1c7014b",
-    "d79e1c308aa5bbcdeea8ed63df412da9",
-    "043f8582f241db351ce627e153e7f0e4",
-    "e33b4ddc9c38f2199c3e7b164fcc0536",
-};
-
-static char *pt(unsigned char *md);
-int main(int argc, char *argv[])
-{
-    int i, err = 0;
-    char **P, **R;
-    char *p;
-    unsigned char md[MD4_DIGEST_LENGTH];
-
-    P = test;
-    R = ret;
-    i = 1;
-    while (*P != NULL) {
-        EVP_Digest(&(P[0][0]), strlen((char *)*P), md, NULL, EVP_md4(), NULL);
-        p = pt(md);
-        if (strcmp(p, (char *)*R) != 0) {
-            printf("error calculating MD4 on '%s'\n", *P);
-            printf("got %s instead of %s\n", p, *R);
-            err++;
-        } else
-            printf("test %d ok\n", i);
-        i++;
-        R++;
-        P++;
-    }
-    EXIT(err);
-    return (0);
-}
-
-static char *pt(unsigned char *md)
-{
-    int i;
-    static char buf[80];
-
-    for (i = 0; i < MD4_DIGEST_LENGTH; i++)
-        sprintf(&(buf[i * 2]), "%02x", md[i]);
-    return (buf);
-}
-#endif
diff --git a/freebsd/crypto/openssl/crypto/md5/md5.c b/freebsd/crypto/openssl/crypto/md5/md5.c
deleted file mode 100644
index b2bc0372..00000000
--- a/freebsd/crypto/openssl/crypto/md5/md5.c
+++ /dev/null
@@ -1,123 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/md5/md5.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/md5.h>
-
-#define BUFSIZE 1024*16
-
-void do_fp(FILE *f);
-void pt(unsigned char *md);
-#if !defined(_OSD_POSIX) && !defined(__DJGPP__)
-int read(int, void *, unsigned int);
-#endif
-
-int main(int argc, char **argv)
-{
-    int i, err = 0;
-    FILE *IN;
-
-    if (argc == 1) {
-        do_fp(stdin);
-    } else {
-        for (i = 1; i < argc; i++) {
-            IN = fopen(argv[i], "r");
-            if (IN == NULL) {
-                perror(argv[i]);
-                err++;
-                continue;
-            }
-            printf("MD5(%s)= ", argv[i]);
-            do_fp(IN);
-            fclose(IN);
-        }
-    }
-    exit(err);
-}
-
-void do_fp(FILE *f)
-{
-    MD5_CTX c;
-    unsigned char md[MD5_DIGEST_LENGTH];
-    int fd;
-    int i;
-    static unsigned char buf[BUFSIZE];
-
-    fd = fileno(f);
-    MD5_Init(&c);
-    for (;;) {
-        i = read(fd, buf, BUFSIZE);
-        if (i <= 0)
-            break;
-        MD5_Update(&c, buf, (unsigned long)i);
-    }
-    MD5_Final(&(md[0]), &c);
-    pt(md);
-}
-
-void pt(unsigned char *md)
-{
-    int i;
-
-    for (i = 0; i < MD5_DIGEST_LENGTH; i++)
-        printf("%02x", md[i]);
-    printf("\n");
-}
diff --git a/freebsd/crypto/openssl/crypto/md5/md5.h b/freebsd/crypto/openssl/crypto/md5/md5.h
deleted file mode 100644
index 2659038a..00000000
--- a/freebsd/crypto/openssl/crypto/md5/md5.h
+++ /dev/null
@@ -1,119 +0,0 @@
-/* crypto/md5/md5.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_MD5_H
-# define HEADER_MD5_H
-
-# include <openssl/e_os2.h>
-# include <stddef.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-# ifdef OPENSSL_NO_MD5
-#  error MD5 is disabled.
-# endif
-
-/*
- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- * ! MD5_LONG has to be at least 32 bits wide. If it's wider, then !
- * ! MD5_LONG_LOG2 has to be defined along.                        !
- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- */
-
-# if defined(__LP32__)
-#  define MD5_LONG unsigned long
-# elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
-#  define MD5_LONG unsigned long
-#  define MD5_LONG_LOG2 3
-/*
- * _CRAY note. I could declare short, but I have no idea what impact
- * does it have on performance on none-T3E machines. I could declare
- * int, but at least on C90 sizeof(int) can be chosen at compile time.
- * So I've chosen long...
- *                                      <appro@fy.chalmers.se>
- */
-# else
-#  define MD5_LONG unsigned int
-# endif
-
-# define MD5_CBLOCK      64
-# define MD5_LBLOCK      (MD5_CBLOCK/4)
-# define MD5_DIGEST_LENGTH 16
-
-typedef struct MD5state_st {
-    MD5_LONG A, B, C, D;
-    MD5_LONG Nl, Nh;
-    MD5_LONG data[MD5_LBLOCK];
-    unsigned int num;
-} MD5_CTX;
-
-# ifdef OPENSSL_FIPS
-int private_MD5_Init(MD5_CTX *c);
-# endif
-int MD5_Init(MD5_CTX *c);
-int MD5_Update(MD5_CTX *c, const void *data, size_t len);
-int MD5_Final(unsigned char *md, MD5_CTX *c);
-unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md);
-void MD5_Transform(MD5_CTX *c, const unsigned char *b);
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/freebsd/crypto/openssl/crypto/md5/md5_dgst.c b/freebsd/crypto/openssl/crypto/md5/md5_dgst.c
index 1c6fc6b9..08d9dce1 100644
--- a/freebsd/crypto/openssl/crypto/md5/md5_dgst.c
+++ b/freebsd/crypto/openssl/crypto/md5/md5_dgst.c
@@ -1,69 +1,17 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/md5/md5_dgst.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include "md5_locl.h"
 #include <openssl/opensslv.h>
-#include <openssl/crypto.h>
-
-const char MD5_version[] = "MD5" OPENSSL_VERSION_PTEXT;
 
 /*
  * Implemented from RFC1321 The MD5 Message-Digest Algorithm
@@ -74,7 +22,7 @@ const char MD5_version[] = "MD5" OPENSSL_VERSION_PTEXT;
 #define INIT_DATA_C (unsigned long)0x98badcfeL
 #define INIT_DATA_D (unsigned long)0x10325476L
 
-fips_md_init(MD5)
+int MD5_Init(MD5_CTX *c)
 {
     memset(c, 0, sizeof(*c));
     c->A = INIT_DATA_A;
@@ -108,52 +56,52 @@ void md5_block_data_order(MD5_CTX *c, const void *data_, size_t num)
     D = c->D;
 
     for (; num--;) {
-        HOST_c2l(data, l);
+        (void)HOST_c2l(data, l);
         X(0) = l;
-        HOST_c2l(data, l);
+        (void)HOST_c2l(data, l);
         X(1) = l;
         /* Round 0 */
         R0(A, B, C, D, X(0), 7, 0xd76aa478L);
-        HOST_c2l(data, l);
+        (void)HOST_c2l(data, l);
         X(2) = l;
         R0(D, A, B, C, X(1), 12, 0xe8c7b756L);
-        HOST_c2l(data, l);
+        (void)HOST_c2l(data, l);
         X(3) = l;
         R0(C, D, A, B, X(2), 17, 0x242070dbL);
-        HOST_c2l(data, l);
+        (void)HOST_c2l(data, l);
         X(4) = l;
         R0(B, C, D, A, X(3), 22, 0xc1bdceeeL);
-        HOST_c2l(data, l);
+        (void)HOST_c2l(data, l);
         X(5) = l;
         R0(A, B, C, D, X(4), 7, 0xf57c0fafL);
-        HOST_c2l(data, l);
+        (void)HOST_c2l(data, l);
         X(6) = l;
         R0(D, A, B, C, X(5), 12, 0x4787c62aL);
-        HOST_c2l(data, l);
+        (void)HOST_c2l(data, l);
         X(7) = l;
         R0(C, D, A, B, X(6), 17, 0xa8304613L);
-        HOST_c2l(data, l);
+        (void)HOST_c2l(data, l);
         X(8) = l;
         R0(B, C, D, A, X(7), 22, 0xfd469501L);
-        HOST_c2l(data, l);
+        (void)HOST_c2l(data, l);
         X(9) = l;
         R0(A, B, C, D, X(8), 7, 0x698098d8L);
-        HOST_c2l(data, l);
+        (void)HOST_c2l(data, l);
         X(10) = l;
         R0(D, A, B, C, X(9), 12, 0x8b44f7afL);
-        HOST_c2l(data, l);
+        (void)HOST_c2l(data, l);
         X(11) = l;
         R0(C, D, A, B, X(10), 17, 0xffff5bb1L);
-        HOST_c2l(data, l);
+        (void)HOST_c2l(data, l);
         X(12) = l;
         R0(B, C, D, A, X(11), 22, 0x895cd7beL);
-        HOST_c2l(data, l);
+        (void)HOST_c2l(data, l);
         X(13) = l;
         R0(A, B, C, D, X(12), 7, 0x6b901122L);
-        HOST_c2l(data, l);
+        (void)HOST_c2l(data, l);
         X(14) = l;
         R0(D, A, B, C, X(13), 12, 0xfd987193L);
-        HOST_c2l(data, l);
+        (void)HOST_c2l(data, l);
         X(15) = l;
         R0(C, D, A, B, X(14), 17, 0xa679438eL);
         R0(B, C, D, A, X(15), 22, 0x49b40821L);
diff --git a/freebsd/crypto/openssl/crypto/md5/md5_locl.h b/freebsd/crypto/openssl/crypto/md5/md5_locl.h
index 82e69218..4eb7e50e 100644
--- a/freebsd/crypto/openssl/crypto/md5/md5_locl.h
+++ b/freebsd/crypto/openssl/crypto/md5/md5_locl.h
@@ -1,59 +1,10 @@
-/* crypto/md5/md5_locl.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdlib.h>
@@ -61,12 +12,8 @@
 #include <openssl/e_os2.h>
 #include <openssl/md5.h>
 
-#ifndef MD5_LONG_LOG2
-# define MD5_LONG_LOG2 2        /* default to 32 bits */
-#endif
-
 #ifdef MD5_ASM
-# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) || \
+# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
      defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)
 #  define md5_block_data_order md5_block_asm_data_order
 # elif defined(__ia64) || defined(__ia64__) || defined(_M_IA64)
@@ -95,7 +42,7 @@ void md5_block_data_order(MD5_CTX *c, const void *p, size_t num);
         } while (0)
 #define HASH_BLOCK_DATA_ORDER   md5_block_data_order
 
-#include "md32_common.h"
+#include "internal/md32_common.h"
 
 /*-
 #define F(x,y,z)        (((x) & (y))  |  ((~(x)) & (z)))
@@ -103,8 +50,8 @@ void md5_block_data_order(MD5_CTX *c, const void *p, size_t num);
 */
 
 /*
- * As pointed out by Wei Dai <weidai@eskimo.com>, the above can be simplified
- * to the code below.  Wei attributes these optimizations to Peter Gutmann's
+ * As pointed out by Wei Dai, the above can be simplified to the code
+ * below.  Wei attributes these optimizations to Peter Gutmann's
  * SHS code, and he attributes it to Rich Schroeppel.
  */
 #define F(b,c,d)        ((((c) ^ (d)) & (b)) ^ (d))
diff --git a/freebsd/crypto/openssl/crypto/md5/md5_one.c b/freebsd/crypto/openssl/crypto/md5/md5_one.c
index 0a59353c..896e9734 100644
--- a/freebsd/crypto/openssl/crypto/md5/md5_one.c
+++ b/freebsd/crypto/openssl/crypto/md5/md5_one.c
@@ -1,61 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/md5/md5_one.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
@@ -94,5 +45,5 @@ unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md)
 #endif
     MD5_Final(md, &c);
     OPENSSL_cleanse(&c, sizeof(c)); /* security consideration */
-    return (md);
+    return md;
 }
diff --git a/freebsd/crypto/openssl/crypto/md5/md5test.c b/freebsd/crypto/openssl/crypto/md5/md5test.c
deleted file mode 100644
index e5a3014c..00000000
--- a/freebsd/crypto/openssl/crypto/md5/md5test.c
+++ /dev/null
@@ -1,140 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/md5/md5test.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-#include "../e_os.h"
-
-#ifdef OPENSSL_NO_MD5
-int main(int argc, char *argv[])
-{
-    printf("No MD5 support\n");
-    return (0);
-}
-#else
-# include <openssl/evp.h>
-# include <openssl/md5.h>
-
-static char *test[] = {
-    "",
-    "a",
-    "abc",
-    "message digest",
-    "abcdefghijklmnopqrstuvwxyz",
-    "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
-    "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
-    NULL,
-};
-
-static char *ret[] = {
-    "d41d8cd98f00b204e9800998ecf8427e",
-    "0cc175b9c0f1b6a831c399e269772661",
-    "900150983cd24fb0d6963f7d28e17f72",
-    "f96b697d7cb7938d525a2f31aaf161d0",
-    "c3fcd3d76192e4007dfb496cca67e13b",
-    "d174ab98d277d9f5a5611c2c9f419d9f",
-    "57edf4a22be3c955ac49da2e2107b67a",
-};
-
-static char *pt(unsigned char *md);
-int main(int argc, char *argv[])
-{
-    int i, err = 0;
-    char **P, **R;
-    char *p;
-    unsigned char md[MD5_DIGEST_LENGTH];
-
-    P = test;
-    R = ret;
-    i = 1;
-    while (*P != NULL) {
-        EVP_Digest(&(P[0][0]), strlen((char *)*P), md, NULL, EVP_md5(), NULL);
-        p = pt(md);
-        if (strcmp(p, (char *)*R) != 0) {
-            printf("error calculating MD5 on '%s'\n", *P);
-            printf("got %s instead of %s\n", p, *R);
-            err++;
-        } else
-            printf("test %d ok\n", i);
-        i++;
-        R++;
-        P++;
-    }
-
-# ifdef OPENSSL_SYS_NETWARE
-    if (err)
-        printf("ERROR: %d\n", err);
-# endif
-    EXIT(err);
-    return (0);
-}
-
-static char *pt(unsigned char *md)
-{
-    int i;
-    static char buf[80];
-
-    for (i = 0; i < MD5_DIGEST_LENGTH; i++)
-        sprintf(&(buf[i * 2]), "%02x", md[i]);
-    return (buf);
-}
-#endif
diff --git a/freebsd/crypto/openssl/crypto/mdc2/mdc2.h b/freebsd/crypto/openssl/crypto/mdc2/mdc2.h
deleted file mode 100644
index 7efe53bc..00000000
--- a/freebsd/crypto/openssl/crypto/mdc2/mdc2.h
+++ /dev/null
@@ -1,94 +0,0 @@
-/* crypto/mdc2/mdc2.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_MDC2_H
-# define HEADER_MDC2_H
-
-# include <openssl/des.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-# ifdef OPENSSL_NO_MDC2
-#  error MDC2 is disabled.
-# endif
-
-# define MDC2_BLOCK              8
-# define MDC2_DIGEST_LENGTH      16
-
-typedef struct mdc2_ctx_st {
-    unsigned int num;
-    unsigned char data[MDC2_BLOCK];
-    DES_cblock h, hh;
-    int pad_type;               /* either 1 or 2, default 1 */
-} MDC2_CTX;
-
-# ifdef OPENSSL_FIPS
-int private_MDC2_Init(MDC2_CTX *c);
-# endif
-int MDC2_Init(MDC2_CTX *c);
-int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len);
-int MDC2_Final(unsigned char *md, MDC2_CTX *c);
-unsigned char *MDC2(const unsigned char *d, size_t n, unsigned char *md);
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/freebsd/crypto/openssl/crypto/mdc2/mdc2_one.c b/freebsd/crypto/openssl/crypto/mdc2/mdc2_one.c
index ce77c700..9a0b2a13 100644
--- a/freebsd/crypto/openssl/crypto/mdc2/mdc2_one.c
+++ b/freebsd/crypto/openssl/crypto/mdc2/mdc2_one.c
@@ -1,65 +1,16 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/mdc2/mdc2_one.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/mdc2.h>
 
 unsigned char *MDC2(const unsigned char *d, size_t n, unsigned char *md)
@@ -74,5 +25,5 @@ unsigned char *MDC2(const unsigned char *d, size_t n, unsigned char *md)
     MDC2_Update(&c, d, n);
     MDC2_Final(md, &c);
     OPENSSL_cleanse(&c, sizeof(c)); /* security consideration */
-    return (md);
+    return md;
 }
diff --git a/freebsd/crypto/openssl/crypto/mdc2/mdc2dgst.c b/freebsd/crypto/openssl/crypto/mdc2/mdc2dgst.c
index c328dc3e..7be9c4c9 100644
--- a/freebsd/crypto/openssl/crypto/mdc2/mdc2dgst.c
+++ b/freebsd/crypto/openssl/crypto/mdc2/mdc2dgst.c
@@ -1,61 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/mdc2/mdc2dgst.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
@@ -78,7 +29,7 @@
                         *((c)++)=(unsigned char)(((l)>>24L)&0xff))
 
 static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len);
-fips_md_init(MDC2)
+int MDC2_Init(MDC2_CTX *c)
 {
     c->num = 0;
     c->pad_type = 1;
@@ -175,24 +126,3 @@ int MDC2_Final(unsigned char *md, MDC2_CTX *c)
     memcpy(&(md[MDC2_BLOCK]), (char *)c->hh, MDC2_BLOCK);
     return 1;
 }
-
-#undef TEST
-
-#ifdef TEST
-main()
-{
-    unsigned char md[MDC2_DIGEST_LENGTH];
-    int i;
-    MDC2_CTX c;
-    static char *text = "Now is the time for all ";
-
-    MDC2_Init(&c);
-    MDC2_Update(&c, text, strlen(text));
-    MDC2_Final(&(md[0]), &c);
-
-    for (i = 0; i < MDC2_DIGEST_LENGTH; i++)
-        printf("%02X", md[i]);
-    printf("\n");
-}
-
-#endif
diff --git a/freebsd/crypto/openssl/crypto/mdc2/mdc2test.c b/freebsd/crypto/openssl/crypto/mdc2/mdc2test.c
deleted file mode 100644
index 1df943cb..00000000
--- a/freebsd/crypto/openssl/crypto/mdc2/mdc2test.c
+++ /dev/null
@@ -1,148 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/mdc2/mdc2test.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "../e_os.h"
-
-#if defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_MDC2)
-# define OPENSSL_NO_MDC2
-#endif
-
-#ifdef OPENSSL_NO_MDC2
-int main(int argc, char *argv[])
-{
-    printf("No MDC2 support\n");
-    return (0);
-}
-#else
-# include <openssl/evp.h>
-# include <openssl/mdc2.h>
-
-# ifdef CHARSET_EBCDIC
-#  include <openssl/ebcdic.h>
-# endif
-
-static unsigned char pad1[16] = {
-    0x42, 0xE5, 0x0C, 0xD2, 0x24, 0xBA, 0xCE, 0xBA,
-    0x76, 0x0B, 0xDD, 0x2B, 0xD4, 0x09, 0x28, 0x1A
-};
-
-static unsigned char pad2[16] = {
-    0x2E, 0x46, 0x79, 0xB5, 0xAD, 0xD9, 0xCA, 0x75,
-    0x35, 0xD8, 0x7A, 0xFE, 0xAB, 0x33, 0xBE, 0xE2
-};
-
-int main(int argc, char *argv[])
-{
-    int ret = 0;
-    unsigned char md[MDC2_DIGEST_LENGTH];
-    int i;
-    EVP_MD_CTX c;
-    static char *text = "Now is the time for all ";
-
-# ifdef CHARSET_EBCDIC
-    ebcdic2ascii(text, text, strlen(text));
-# endif
-
-    EVP_MD_CTX_init(&c);
-    EVP_DigestInit_ex(&c, EVP_mdc2(), NULL);
-    EVP_DigestUpdate(&c, (unsigned char *)text, strlen(text));
-    EVP_DigestFinal_ex(&c, &(md[0]), NULL);
-
-    if (memcmp(md, pad1, MDC2_DIGEST_LENGTH) != 0) {
-        for (i = 0; i < MDC2_DIGEST_LENGTH; i++)
-            printf("%02X", md[i]);
-        printf(" <- generated\n");
-        for (i = 0; i < MDC2_DIGEST_LENGTH; i++)
-            printf("%02X", pad1[i]);
-        printf(" <- correct\n");
-        ret = 1;
-    } else
-        printf("pad1 - ok\n");
-
-    EVP_DigestInit_ex(&c, EVP_mdc2(), NULL);
-    /* FIXME: use a ctl function? */
-    ((MDC2_CTX *)c.md_data)->pad_type = 2;
-    EVP_DigestUpdate(&c, (unsigned char *)text, strlen(text));
-    EVP_DigestFinal_ex(&c, &(md[0]), NULL);
-
-    if (memcmp(md, pad2, MDC2_DIGEST_LENGTH) != 0) {
-        for (i = 0; i < MDC2_DIGEST_LENGTH; i++)
-            printf("%02X", md[i]);
-        printf(" <- generated\n");
-        for (i = 0; i < MDC2_DIGEST_LENGTH; i++)
-            printf("%02X", pad2[i]);
-        printf(" <- correct\n");
-        ret = 1;
-    } else
-        printf("pad2 - ok\n");
-
-    EVP_MD_CTX_cleanup(&c);
-# ifdef OPENSSL_SYS_NETWARE
-    if (ret)
-        printf("ERROR: %d\n", ret);
-# endif
-    EXIT(ret);
-    return (ret);
-}
-#endif
diff --git a/freebsd/crypto/openssl/crypto/mem.c b/freebsd/crypto/openssl/crypto/mem.c
index 1f0a6314..99143d05 100644
--- a/freebsd/crypto/openssl/crypto/mem.c
+++ b/freebsd/crypto/openssl/crypto/mem.c
@@ -1,460 +1,325 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/mem.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
+#include "e_os.h"
+#include "internal/cryptlib.h"
+#include "internal/cryptlib_int.h"
 #include <stdio.h>
 #include <stdlib.h>
+#include <limits.h>
 #include <openssl/crypto.h>
-#include "cryptlib.h"
-
-static int allow_customize = 1; /* we provide flexible functions for */
-static int allow_customize_debug = 1; /* exchanging memory-related functions
-                                       * at run-time, but this must be done
-                                       * before any blocks are actually
-                                       * allocated; or we'll run into huge
-                                       * problems when malloc/free pairs
-                                       * don't match etc. */
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+# include <execinfo.h>
+#endif
 
 /*
  * the following pointers may be changed as long as 'allow_customize' is set
  */
+static int allow_customize = 1;
 
-static void *(*malloc_func) (size_t) = malloc;
-static void *default_malloc_ex(size_t num, const char *file, int line)
-{
-    return malloc_func(num);
-}
-
-static void *(*malloc_ex_func) (size_t, const char *file, int line)
-    = default_malloc_ex;
+static void *(*malloc_impl)(size_t, const char *, int)
+    = CRYPTO_malloc;
+static void *(*realloc_impl)(void *, size_t, const char *, int)
+    = CRYPTO_realloc;
+static void (*free_impl)(void *, const char *, int)
+    = CRYPTO_free;
 
-#ifdef OPENSSL_SYS_VMS
-# if __INITIAL_POINTER_SIZE == 64
-#  define realloc _realloc64
-# elif __INITIAL_POINTER_SIZE == 32
-#  define realloc _realloc32
-# endif
-#endif
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+# include "internal/tsan_assist.h"
 
-static void *(*realloc_func) (void *, size_t) = realloc;
-static void *default_realloc_ex(void *str, size_t num,
-                                const char *file, int line)
-{
-    return realloc_func(str, num);
-}
+static TSAN_QUALIFIER int malloc_count;
+static TSAN_QUALIFIER int realloc_count;
+static TSAN_QUALIFIER int free_count;
 
-static void *(*realloc_ex_func) (void *, size_t, const char *file, int line)
-    = default_realloc_ex;
+# define INCREMENT(x) tsan_counter(&(x))
 
-#ifdef OPENSSL_SYS_VMS
-   static void (*free_func) (__void_ptr64) = free;
-#else
-   static void (*free_func) (void *) = free;
-#endif
+static char *md_failstring;
+static long md_count;
+static int md_fail_percent = 0;
+static int md_tracefd = -1;
+static int call_malloc_debug = 1;
 
-static void *(*malloc_locked_func) (size_t) = malloc;
-static void *default_malloc_locked_ex(size_t num, const char *file, int line)
-{
-    return malloc_locked_func(num);
-}
+static void parseit(void);
+static int shouldfail(void);
 
-static void *(*malloc_locked_ex_func) (size_t, const char *file, int line)
-    = default_malloc_locked_ex;
+# define FAILTEST() if (shouldfail()) return NULL
 
-#ifdef OPENSSL_SYS_VMS
-   static void (*free_locked_func) (__void_ptr64) = free;
 #else
-   static void (*free_locked_func) (void *) = free;
-#endif
+static int call_malloc_debug = 0;
 
-/* may be changed as long as 'allow_customize_debug' is set */
-/* XXX use correct function pointer types */
-#ifdef CRYPTO_MDEBUG
-/* use default functions from mem_dbg.c */
-static void (*malloc_debug_func) (void *, int, const char *, int, int)
-    = CRYPTO_dbg_malloc;
-static void (*realloc_debug_func) (void *, void *, int, const char *, int,
-                                   int)
-    = CRYPTO_dbg_realloc;
-static void (*free_debug_func) (void *, int) = CRYPTO_dbg_free;
-static void (*set_debug_options_func) (long) = CRYPTO_dbg_set_options;
-static long (*get_debug_options_func) (void) = CRYPTO_dbg_get_options;
-#else
-/*
- * applications can use CRYPTO_malloc_debug_init() to select above case at
- * run-time
- */
-static void (*malloc_debug_func) (void *, int, const char *, int, int) = NULL;
-static void (*realloc_debug_func) (void *, void *, int, const char *, int,
-                                   int)
-    = NULL;
-static void (*free_debug_func) (void *, int) = NULL;
-static void (*set_debug_options_func) (long) = NULL;
-static long (*get_debug_options_func) (void) = NULL;
+# define INCREMENT(x) /* empty */
+# define FAILTEST() /* empty */
 #endif
 
-int CRYPTO_set_mem_functions(void *(*m) (size_t), void *(*r) (void *, size_t),
-                             void (*f) (void *))
-{
-    if (!allow_customize)
-        return 0;
-    if ((m == 0) || (r == 0) || (f == 0))
-        return 0;
-    /* Dummy call just to ensure OPENSSL_init() gets linked in */
-    OPENSSL_init();
-    malloc_func = m;
-    malloc_ex_func = default_malloc_ex;
-    realloc_func = r;
-    realloc_ex_func = default_realloc_ex;
-    free_func = f;
-    malloc_locked_func = m;
-    malloc_locked_ex_func = default_malloc_locked_ex;
-    free_locked_func = f;
-    return 1;
-}
-
-int CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int),
-                                void *(*r) (void *, size_t, const char *,
-                                            int), void (*f) (void *))
+int CRYPTO_set_mem_functions(
+        void *(*m)(size_t, const char *, int),
+        void *(*r)(void *, size_t, const char *, int),
+        void (*f)(void *, const char *, int))
 {
     if (!allow_customize)
         return 0;
-    if ((m == 0) || (r == 0) || (f == 0))
-        return 0;
-    malloc_func = 0;
-    malloc_ex_func = m;
-    realloc_func = 0;
-    realloc_ex_func = r;
-    free_func = f;
-    malloc_locked_func = 0;
-    malloc_locked_ex_func = m;
-    free_locked_func = f;
+    if (m)
+        malloc_impl = m;
+    if (r)
+        realloc_impl = r;
+    if (f)
+        free_impl = f;
     return 1;
 }
 
-int CRYPTO_set_locked_mem_functions(void *(*m) (size_t), void (*f) (void *))
+int CRYPTO_set_mem_debug(int flag)
 {
     if (!allow_customize)
         return 0;
-    if ((m == NULL) || (f == NULL))
-        return 0;
-    malloc_locked_func = m;
-    malloc_locked_ex_func = default_malloc_locked_ex;
-    free_locked_func = f;
-    return 1;
-}
-
-int CRYPTO_set_locked_mem_ex_functions(void *(*m) (size_t, const char *, int),
-                                       void (*f) (void *))
-{
-    if (!allow_customize)
-        return 0;
-    if ((m == NULL) || (f == NULL))
-        return 0;
-    malloc_locked_func = 0;
-    malloc_locked_ex_func = m;
-    free_func = f;
+    call_malloc_debug = flag;
     return 1;
 }
 
-int CRYPTO_set_mem_debug_functions(void (*m)
-                                    (void *, int, const char *, int, int),
-                                   void (*r) (void *, void *, int,
-                                              const char *, int, int),
-                                   void (*f) (void *, int), void (*so) (long),
-                                   long (*go) (void))
-{
-    if (!allow_customize_debug)
-        return 0;
-    OPENSSL_init();
-    malloc_debug_func = m;
-    realloc_debug_func = r;
-    free_debug_func = f;
-    set_debug_options_func = so;
-    get_debug_options_func = go;
-    return 1;
-}
-
-void CRYPTO_get_mem_functions(void *(**m) (size_t),
-                              void *(**r) (void *, size_t),
-                              void (**f) (void *))
+void CRYPTO_get_mem_functions(
+        void *(**m)(size_t, const char *, int),
+        void *(**r)(void *, size_t, const char *, int),
+        void (**f)(void *, const char *, int))
 {
     if (m != NULL)
-        *m = (malloc_ex_func == default_malloc_ex) ? malloc_func : 0;
+        *m = malloc_impl;
     if (r != NULL)
-        *r = (realloc_ex_func == default_realloc_ex) ? realloc_func : 0;
+        *r = realloc_impl;
     if (f != NULL)
-        *f = free_func;
+        *f = free_impl;
 }
 
-void CRYPTO_get_mem_ex_functions(void *(**m) (size_t, const char *, int),
-                                 void *(**r) (void *, size_t, const char *,
-                                              int), void (**f) (void *))
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+void CRYPTO_get_alloc_counts(int *mcount, int *rcount, int *fcount)
 {
-    if (m != NULL)
-        *m = (malloc_ex_func != default_malloc_ex) ? malloc_ex_func : 0;
-    if (r != NULL)
-        *r = (realloc_ex_func != default_realloc_ex) ? realloc_ex_func : 0;
-    if (f != NULL)
-        *f = free_func;
+    if (mcount != NULL)
+        *mcount = tsan_load(&malloc_count);
+    if (rcount != NULL)
+        *rcount = tsan_load(&realloc_count);
+    if (fcount != NULL)
+        *fcount = tsan_load(&free_count);
 }
 
-void CRYPTO_get_locked_mem_functions(void *(**m) (size_t),
-                                     void (**f) (void *))
+/*
+ * Parse a "malloc failure spec" string.  This likes like a set of fields
+ * separated by semicolons.  Each field has a count and an optional failure
+ * percentage.  For example:
+ *          100@0;100@25;0@0
+ *    or    100;100@25;0
+ * This means 100 mallocs succeed, then next 100 fail 25% of the time, and
+ * all remaining (count is zero) succeed.
+ */
+static void parseit(void)
 {
-    if (m != NULL)
-        *m = (malloc_locked_ex_func == default_malloc_locked_ex) ?
-            malloc_locked_func : 0;
-    if (f != NULL)
-        *f = free_locked_func;
-}
+    char *semi = strchr(md_failstring, ';');
+    char *atsign;
 
-void CRYPTO_get_locked_mem_ex_functions(void
-                                        *(**m) (size_t, const char *, int),
-                                        void (**f) (void *))
-{
-    if (m != NULL)
-        *m = (malloc_locked_ex_func != default_malloc_locked_ex) ?
-            malloc_locked_ex_func : 0;
-    if (f != NULL)
-        *f = free_locked_func;
-}
+    if (semi != NULL)
+        *semi++ = '\0';
 
-void CRYPTO_get_mem_debug_functions(void (**m)
-                                     (void *, int, const char *, int, int),
-                                    void (**r) (void *, void *, int,
-                                                const char *, int, int),
-                                    void (**f) (void *, int),
-                                    void (**so) (long), long (**go) (void))
-{
-    if (m != NULL)
-        *m = malloc_debug_func;
-    if (r != NULL)
-        *r = realloc_debug_func;
-    if (f != NULL)
-        *f = free_debug_func;
-    if (so != NULL)
-        *so = set_debug_options_func;
-    if (go != NULL)
-        *go = get_debug_options_func;
+    /* Get the count (atol will stop at the @ if there), and percentage */
+    md_count = atol(md_failstring);
+    atsign = strchr(md_failstring, '@');
+    md_fail_percent = atsign == NULL ? 0 : atoi(atsign + 1);
+
+    if (semi != NULL)
+        md_failstring = semi;
 }
 
-void *CRYPTO_malloc_locked(int num, const char *file, int line)
+/*
+ * Windows doesn't have random(), but it has rand()
+ * Some rand() implementations aren't good, but we're not
+ * dealing with secure randomness here.
+ */
+# ifdef _WIN32
+#  define random() rand()
+# endif
+/*
+ * See if the current malloc should fail.
+ */
+static int shouldfail(void)
 {
-    void *ret = NULL;
-
-    if (num <= 0)
-        return NULL;
+    int roll = (int)(random() % 100);
+    int shoulditfail = roll < md_fail_percent;
+# ifndef _WIN32
+/* suppressed on Windows as POSIX-like file descriptors are non-inheritable */
+    int len;
+    char buff[80];
+
+    if (md_tracefd > 0) {
+        BIO_snprintf(buff, sizeof(buff),
+                     "%c C%ld %%%d R%d\n",
+                     shoulditfail ? '-' : '+', md_count, md_fail_percent, roll);
+        len = strlen(buff);
+        if (write(md_tracefd, buff, len) != len)
+            perror("shouldfail write failed");
+#  ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+        if (shoulditfail) {
+            void *addrs[30];
+            int num = backtrace(addrs, OSSL_NELEM(addrs));
+
+            backtrace_symbols_fd(addrs, num, md_tracefd);
+        }
+#  endif
+    }
+# endif
 
-    if (allow_customize)
-        allow_customize = 0;
-    if (malloc_debug_func != NULL) {
-        if (allow_customize_debug)
-            allow_customize_debug = 0;
-        malloc_debug_func(NULL, num, file, line, 0);
+    if (md_count) {
+        /* If we used up this one, go to the next. */
+        if (--md_count == 0)
+            parseit();
     }
-    ret = malloc_locked_ex_func(num, file, line);
-#ifdef LEVITTE_DEBUG_MEM
-    fprintf(stderr, "LEVITTE_DEBUG_MEM:         > 0x%p (%d)\n", ret, num);
-#endif
-    if (malloc_debug_func != NULL)
-        malloc_debug_func(ret, num, file, line, 1);
 
-    return ret;
+    return shoulditfail;
 }
 
-void CRYPTO_free_locked(void *str)
+void ossl_malloc_setup_failures(void)
 {
-    if (free_debug_func != NULL)
-        free_debug_func(str, 0);
-#ifdef LEVITTE_DEBUG_MEM
-    fprintf(stderr, "LEVITTE_DEBUG_MEM:         < 0x%p\n", str);
-#endif
-    free_locked_func(str);
-    if (free_debug_func != NULL)
-        free_debug_func(NULL, 1);
+    const char *cp = getenv("OPENSSL_MALLOC_FAILURES");
+
+    if (cp != NULL && (md_failstring = strdup(cp)) != NULL)
+        parseit();
+    if ((cp = getenv("OPENSSL_MALLOC_FD")) != NULL)
+        md_tracefd = atoi(cp);
 }
+#endif
 
-void *CRYPTO_malloc(int num, const char *file, int line)
+void *CRYPTO_malloc(size_t num, const char *file, int line)
 {
     void *ret = NULL;
 
-    if (num <= 0)
+    INCREMENT(malloc_count);
+    if (malloc_impl != NULL && malloc_impl != CRYPTO_malloc)
+        return malloc_impl(num, file, line);
+
+    if (num == 0)
         return NULL;
 
-    if (allow_customize)
+    FAILTEST();
+    if (allow_customize) {
+        /*
+         * Disallow customization after the first allocation. We only set this
+         * if necessary to avoid a store to the same cache line on every
+         * allocation.
+         */
         allow_customize = 0;
-    if (malloc_debug_func != NULL) {
-        if (allow_customize_debug)
-            allow_customize_debug = 0;
-        malloc_debug_func(NULL, num, file, line, 0);
     }
-    ret = malloc_ex_func(num, file, line);
-#ifdef LEVITTE_DEBUG_MEM
-    fprintf(stderr, "LEVITTE_DEBUG_MEM:         > 0x%p (%d)\n", ret, num);
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    if (call_malloc_debug) {
+        CRYPTO_mem_debug_malloc(NULL, num, 0, file, line);
+        ret = malloc(num);
+        CRYPTO_mem_debug_malloc(ret, num, 1, file, line);
+    } else {
+        ret = malloc(num);
+    }
+#else
+    (void)(file); (void)(line);
+    ret = malloc(num);
 #endif
-    if (malloc_debug_func != NULL)
-        malloc_debug_func(ret, num, file, line, 1);
 
     return ret;
 }
 
-char *CRYPTO_strdup(const char *str, const char *file, int line)
+void *CRYPTO_zalloc(size_t num, const char *file, int line)
 {
-    char *ret = CRYPTO_malloc(strlen(str) + 1, file, line);
-
-    if (ret == NULL)
-        return NULL;
+    void *ret = CRYPTO_malloc(num, file, line);
 
-    strcpy(ret, str);
+    FAILTEST();
+    if (ret != NULL)
+        memset(ret, 0, num);
     return ret;
 }
 
-void *CRYPTO_realloc(void *str, int num, const char *file, int line)
+void *CRYPTO_realloc(void *str, size_t num, const char *file, int line)
 {
-    void *ret = NULL;
+    INCREMENT(realloc_count);
+    if (realloc_impl != NULL && realloc_impl != &CRYPTO_realloc)
+        return realloc_impl(str, num, file, line);
 
+    FAILTEST();
     if (str == NULL)
         return CRYPTO_malloc(num, file, line);
 
-    if (num <= 0)
+    if (num == 0) {
+        CRYPTO_free(str, file, line);
         return NULL;
+    }
 
-    if (realloc_debug_func != NULL)
-        realloc_debug_func(str, NULL, num, file, line, 0);
-    ret = realloc_ex_func(str, num, file, line);
-#ifdef LEVITTE_DEBUG_MEM
-    fprintf(stderr, "LEVITTE_DEBUG_MEM:         | 0x%p -> 0x%p (%d)\n", str,
-            ret, num);
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    if (call_malloc_debug) {
+        void *ret;
+        CRYPTO_mem_debug_realloc(str, NULL, num, 0, file, line);
+        ret = realloc(str, num);
+        CRYPTO_mem_debug_realloc(str, ret, num, 1, file, line);
+        return ret;
+    }
+#else
+    (void)(file); (void)(line);
 #endif
-    if (realloc_debug_func != NULL)
-        realloc_debug_func(str, ret, num, file, line, 1);
+    return realloc(str, num);
 
-    return ret;
 }
 
-void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file,
-                           int line)
+void *CRYPTO_clear_realloc(void *str, size_t old_len, size_t num,
+                           const char *file, int line)
 {
     void *ret = NULL;
 
     if (str == NULL)
         return CRYPTO_malloc(num, file, line);
 
-    if (num <= 0)
+    if (num == 0) {
+        CRYPTO_clear_free(str, old_len, file, line);
         return NULL;
+    }
 
-    /*
-     * We don't support shrinking the buffer. Note the memcpy that copies
-     * |old_len| bytes to the new buffer, below.
-     */
-    if (num < old_len)
-        return NULL;
+    /* Can't shrink the buffer since memcpy below copies |old_len| bytes. */
+    if (num < old_len) {
+        OPENSSL_cleanse((char*)str + num, old_len - num);
+        return str;
+    }
 
-    if (realloc_debug_func != NULL)
-        realloc_debug_func(str, NULL, num, file, line, 0);
-    ret = malloc_ex_func(num, file, line);
-    if (ret) {
+    ret = CRYPTO_malloc(num, file, line);
+    if (ret != NULL) {
         memcpy(ret, str, old_len);
-        OPENSSL_cleanse(str, old_len);
-        free_func(str);
+        CRYPTO_clear_free(str, old_len, file, line);
     }
-#ifdef LEVITTE_DEBUG_MEM
-    fprintf(stderr,
-            "LEVITTE_DEBUG_MEM:         | 0x%p -> 0x%p (%d)\n",
-            str, ret, num);
-#endif
-    if (realloc_debug_func != NULL)
-        realloc_debug_func(str, ret, num, file, line, 1);
-
     return ret;
 }
 
-void CRYPTO_free(void *str)
-{
-    if (free_debug_func != NULL)
-        free_debug_func(str, 0);
-#ifdef LEVITTE_DEBUG_MEM
-    fprintf(stderr, "LEVITTE_DEBUG_MEM:         < 0x%p\n", str);
-#endif
-    free_func(str);
-    if (free_debug_func != NULL)
-        free_debug_func(NULL, 1);
-}
-
-void *CRYPTO_remalloc(void *a, int num, const char *file, int line)
+void CRYPTO_free(void *str, const char *file, int line)
 {
-    if (a != NULL)
-        OPENSSL_free(a);
-    a = (char *)OPENSSL_malloc(num);
-    return (a);
-}
+    INCREMENT(free_count);
+    if (free_impl != NULL && free_impl != &CRYPTO_free) {
+        free_impl(str, file, line);
+        return;
+    }
 
-void CRYPTO_set_mem_debug_options(long bits)
-{
-    if (set_debug_options_func != NULL)
-        set_debug_options_func(bits);
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    if (call_malloc_debug) {
+        CRYPTO_mem_debug_free(str, 0, file, line);
+        free(str);
+        CRYPTO_mem_debug_free(str, 1, file, line);
+    } else {
+        free(str);
+    }
+#else
+    free(str);
+#endif
 }
 
-long CRYPTO_get_mem_debug_options(void)
+void CRYPTO_clear_free(void *str, size_t num, const char *file, int line)
 {
-    if (get_debug_options_func != NULL)
-        return get_debug_options_func();
-    return 0;
+    if (str == NULL)
+        return;
+    if (num)
+        OPENSSL_cleanse(str, num);
+    CRYPTO_free(str, file, line);
 }
diff --git a/freebsd/crypto/openssl/crypto/mem_clr.c b/freebsd/crypto/openssl/crypto/mem_clr.c
index d024312b..a869295b 100644
--- a/freebsd/crypto/openssl/crypto/mem_clr.c
+++ b/freebsd/crypto/openssl/crypto/mem_clr.c
@@ -1,62 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/mem_clr.c */
 /*
- * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
- * 2002.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <string.h>
@@ -67,7 +17,7 @@
  * the pointer and can't assume that it points to any function in
  * particular (such as memset, which it then might further "optimize")
  */
-typedef void *(*memset_t)(void *,int,size_t);
+typedef void *(*memset_t)(void *, int, size_t);
 
 static volatile memset_t memset_func = memset;
 
diff --git a/freebsd/crypto/openssl/crypto/mem_dbg.c b/freebsd/crypto/openssl/crypto/mem_dbg.c
index ec67691e..499a5590 100644
--- a/freebsd/crypto/openssl/crypto/mem_dbg.c
+++ b/freebsd/crypto/openssl/crypto/mem_dbg.c
@@ -1,126 +1,28 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/mem_dbg.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2018 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <stdlib.h>
 #include <time.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
+#include "internal/thread_once.h"
 #include <openssl/crypto.h>
 #include <openssl/buffer.h>
-#include <openssl/bio.h>
+#include "internal/bio.h"
 #include <openssl/lhash.h>
 
-static int mh_mode = CRYPTO_MEM_CHECK_OFF;
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+# include <execinfo.h>
+#endif
+
 /*
  * The state changes to CRYPTO_MEM_CHECK_ON | CRYPTO_MEM_CHECK_ENABLE when
  * the application asks for it (usually after library initialisation for
@@ -132,176 +34,184 @@ static int mh_mode = CRYPTO_MEM_CHECK_OFF;
  * checking temporarily. State CRYPTO_MEM_CHECK_ENABLE without ..._ON makes
  * no sense whatsoever.
  */
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+static int mh_mode = CRYPTO_MEM_CHECK_OFF;
+#endif
 
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
 static unsigned long order = 0; /* number of memory requests */
 
-DECLARE_LHASH_OF(MEM);
-static LHASH_OF(MEM) *mh = NULL; /* hash-table of memory requests (address as
-                                  * key); access requires MALLOC2 lock */
-
-typedef struct app_mem_info_st
 /*-
  * For application-defined information (static C-string `info')
  * to be displayed in memory leak list.
  * Each thread has its own stack.  For applications, there is
- *   CRYPTO_push_info("...")     to push an entry,
- *   CRYPTO_pop_info()           to pop an entry,
- *   CRYPTO_remove_all_info()    to pop all entries.
+ *   OPENSSL_mem_debug_push("...")     to push an entry,
+ *   OPENSSL_mem_debug_pop()     to pop an entry,
  */
-{
-    CRYPTO_THREADID threadid;
+struct app_mem_info_st {
+    CRYPTO_THREAD_ID threadid;
     const char *file;
     int line;
     const char *info;
     struct app_mem_info_st *next; /* tail of thread's stack */
     int references;
-} APP_INFO;
-
-static void app_info_free(APP_INFO *);
+};
 
-DECLARE_LHASH_OF(APP_INFO);
-static LHASH_OF(APP_INFO) *amih = NULL; /* hash-table with those
-                                         * app_mem_info_st's that are at the
-                                         * top of their thread's stack (with
-                                         * `thread' as key); access requires
-                                         * MALLOC2 lock */
+static CRYPTO_ONCE memdbg_init = CRYPTO_ONCE_STATIC_INIT;
+CRYPTO_RWLOCK *memdbg_lock;
+static CRYPTO_RWLOCK *long_memdbg_lock;
+static CRYPTO_THREAD_LOCAL appinfokey;
 
-typedef struct mem_st
 /* memory-block description */
-{
+struct mem_st {
     void *addr;
     int num;
     const char *file;
     int line;
-    CRYPTO_THREADID threadid;
+    CRYPTO_THREAD_ID threadid;
     unsigned long order;
     time_t time;
     APP_INFO *app_info;
-} MEM;
-
-static long options =           /* extra information to be recorded */
-#if defined(CRYPTO_MDEBUG_TIME) || defined(CRYPTO_MDEBUG_ALL)
-    V_CRYPTO_MDEBUG_TIME |
-#endif
-#if defined(CRYPTO_MDEBUG_THREAD) || defined(CRYPTO_MDEBUG_ALL)
-    V_CRYPTO_MDEBUG_THREAD |
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+    void *array[30];
+    size_t array_siz;
 #endif
-    0;
+};
 
-static unsigned int num_disable = 0; /* num_disable > 0 iff mh_mode ==
-                                      * CRYPTO_MEM_CHECK_ON (w/o ..._ENABLE) */
+/*
+ * hash-table of memory requests (address as * key); access requires
+ * long_memdbg_lock lock
+ */
+static LHASH_OF(MEM) *mh = NULL;
+
+/* num_disable > 0 iff mh_mode == CRYPTO_MEM_CHECK_ON (w/o ..._ENABLE) */
+static unsigned int num_disable = 0;
 
 /*
- * Valid iff num_disable > 0.  CRYPTO_LOCK_MALLOC2 is locked exactly in this
+ * Valid iff num_disable > 0.  long_memdbg_lock is locked exactly in this
  * case (by the thread named in disabling_thread).
  */
-static CRYPTO_THREADID disabling_threadid;
+static CRYPTO_THREAD_ID disabling_threadid;
+
+DEFINE_RUN_ONCE_STATIC(do_memdbg_init)
+{
+    memdbg_lock = CRYPTO_THREAD_lock_new();
+    long_memdbg_lock = CRYPTO_THREAD_lock_new();
+    if (memdbg_lock == NULL || long_memdbg_lock == NULL
+        || !CRYPTO_THREAD_init_local(&appinfokey, NULL)) {
+        CRYPTO_THREAD_lock_free(memdbg_lock);
+        memdbg_lock = NULL;
+        CRYPTO_THREAD_lock_free(long_memdbg_lock);
+        long_memdbg_lock = NULL;
+        return 0;
+    }
+    return 1;
+}
 
 static void app_info_free(APP_INFO *inf)
 {
+    if (inf == NULL)
+        return;
     if (--(inf->references) <= 0) {
-        if (inf->next != NULL) {
-            app_info_free(inf->next);
-        }
+        app_info_free(inf->next);
         OPENSSL_free(inf);
     }
 }
+#endif
 
 int CRYPTO_mem_ctrl(int mode)
 {
+#ifdef OPENSSL_NO_CRYPTO_MDEBUG
+    return mode - mode;
+#else
     int ret = mh_mode;
 
-    CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
+    if (!RUN_ONCE(&memdbg_init, do_memdbg_init))
+        return -1;
+
+    CRYPTO_THREAD_write_lock(memdbg_lock);
     switch (mode) {
-        /*
-         * for applications (not to be called while multiple threads use the
-         * library):
-         */
-    case CRYPTO_MEM_CHECK_ON:  /* aka MemCheck_start() */
+    default:
+        break;
+
+    case CRYPTO_MEM_CHECK_ON:
         mh_mode = CRYPTO_MEM_CHECK_ON | CRYPTO_MEM_CHECK_ENABLE;
         num_disable = 0;
         break;
-    case CRYPTO_MEM_CHECK_OFF: /* aka MemCheck_stop() */
+
+    case CRYPTO_MEM_CHECK_OFF:
         mh_mode = 0;
-        num_disable = 0;        /* should be true *before* MemCheck_stop is
-                                 * used, or there'll be a lot of confusion */
+        num_disable = 0;
         break;
 
-        /* switch off temporarily (for library-internal use): */
-    case CRYPTO_MEM_CHECK_DISABLE: /* aka MemCheck_off() */
+    /* switch off temporarily (for library-internal use): */
+    case CRYPTO_MEM_CHECK_DISABLE:
         if (mh_mode & CRYPTO_MEM_CHECK_ON) {
-            CRYPTO_THREADID cur;
-            CRYPTO_THREADID_current(&cur);
-            /* see if we don't have the MALLOC2 lock already */
+            CRYPTO_THREAD_ID cur = CRYPTO_THREAD_get_current_id();
+            /* see if we don't have long_memdbg_lock already */
             if (!num_disable
-                || CRYPTO_THREADID_cmp(&disabling_threadid, &cur)) {
+                || !CRYPTO_THREAD_compare_id(disabling_threadid, cur)) {
                 /*
-                 * Long-time lock CRYPTO_LOCK_MALLOC2 must not be claimed
-                 * while we're holding CRYPTO_LOCK_MALLOC, or we'll deadlock
-                 * if somebody else holds CRYPTO_LOCK_MALLOC2 (and cannot
+                 * Long-time lock long_memdbg_lock must not be claimed
+                 * while we're holding memdbg_lock, or we'll deadlock
+                 * if somebody else holds long_memdbg_lock (and cannot
                  * release it because we block entry to this function). Give
                  * them a chance, first, and then claim the locks in
                  * appropriate order (long-time lock first).
                  */
-                CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
+                CRYPTO_THREAD_unlock(memdbg_lock);
                 /*
-                 * Note that after we have waited for CRYPTO_LOCK_MALLOC2 and
-                 * CRYPTO_LOCK_MALLOC, we'll still be in the right "case" and
+                 * Note that after we have waited for long_memdbg_lock and
+                 * memdbg_lock, we'll still be in the right "case" and
                  * "if" branch because MemCheck_start and MemCheck_stop may
                  * never be used while there are multiple OpenSSL threads.
                  */
-                CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2);
-                CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
+                CRYPTO_THREAD_write_lock(long_memdbg_lock);
+                CRYPTO_THREAD_write_lock(memdbg_lock);
                 mh_mode &= ~CRYPTO_MEM_CHECK_ENABLE;
-                CRYPTO_THREADID_cpy(&disabling_threadid, &cur);
+                disabling_threadid = cur;
             }
             num_disable++;
         }
         break;
-    case CRYPTO_MEM_CHECK_ENABLE: /* aka MemCheck_on() */
+
+    case CRYPTO_MEM_CHECK_ENABLE:
         if (mh_mode & CRYPTO_MEM_CHECK_ON) {
             if (num_disable) {  /* always true, or something is going wrong */
                 num_disable--;
                 if (num_disable == 0) {
                     mh_mode |= CRYPTO_MEM_CHECK_ENABLE;
-                    CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2);
+                    CRYPTO_THREAD_unlock(long_memdbg_lock);
                 }
             }
         }
         break;
-
-    default:
-        break;
     }
-    CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
-    return (ret);
+    CRYPTO_THREAD_unlock(memdbg_lock);
+    return ret;
+#endif
 }
 
-int CRYPTO_is_mem_check_on(void)
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+
+static int mem_check_on(void)
 {
     int ret = 0;
+    CRYPTO_THREAD_ID cur;
 
     if (mh_mode & CRYPTO_MEM_CHECK_ON) {
-        CRYPTO_THREADID cur;
-        CRYPTO_THREADID_current(&cur);
-        CRYPTO_r_lock(CRYPTO_LOCK_MALLOC);
+        if (!RUN_ONCE(&memdbg_init, do_memdbg_init))
+            return 0;
+
+        cur = CRYPTO_THREAD_get_current_id();
+        CRYPTO_THREAD_read_lock(memdbg_lock);
 
         ret = (mh_mode & CRYPTO_MEM_CHECK_ENABLE)
-            || CRYPTO_THREADID_cmp(&disabling_threadid, &cur);
+            || !CRYPTO_THREAD_compare_id(disabling_threadid, cur);
 
-        CRYPTO_r_unlock(CRYPTO_LOCK_MALLOC);
+        CRYPTO_THREAD_unlock(memdbg_lock);
     }
-    return (ret);
-}
-
-void CRYPTO_dbg_set_options(long bits)
-{
-    options = bits;
-}
-
-long CRYPTO_dbg_get_options(void)
-{
-    return options;
+    return ret;
 }
 
 static int mem_cmp(const MEM *a, const MEM *b)
@@ -319,157 +229,96 @@ static int mem_cmp(const MEM *a, const MEM *b)
 #endif
 }
 
-static IMPLEMENT_LHASH_COMP_FN(mem, MEM)
-
 static unsigned long mem_hash(const MEM *a)
 {
-    unsigned long ret;
+    size_t ret;
 
-    ret = (unsigned long)a->addr;
+    ret = (size_t)a->addr;
 
     ret = ret * 17851 + (ret >> 14) * 7 + (ret >> 4) * 251;
-    return (ret);
+    return ret;
 }
 
-static IMPLEMENT_LHASH_HASH_FN(mem, MEM)
-
-/* static int app_info_cmp(APP_INFO *a, APP_INFO *b) */
-static int app_info_cmp(const void *a_void, const void *b_void)
+/* returns 1 if there was an info to pop, 0 if the stack was empty. */
+static int pop_info(void)
 {
-    return CRYPTO_THREADID_cmp(&((const APP_INFO *)a_void)->threadid,
-                               &((const APP_INFO *)b_void)->threadid);
-}
+    APP_INFO *current = NULL;
 
-static IMPLEMENT_LHASH_COMP_FN(app_info, APP_INFO)
-
-static unsigned long app_info_hash(const APP_INFO *a)
-{
-    unsigned long ret;
-
-    ret = CRYPTO_THREADID_hash(&a->threadid);
-    /* This is left in as a "who am I to question legacy?" measure */
-    ret = ret * 17851 + (ret >> 14) * 7 + (ret >> 4) * 251;
-    return (ret);
-}
-
-static IMPLEMENT_LHASH_HASH_FN(app_info, APP_INFO)
-
-static APP_INFO *pop_info(void)
-{
-    APP_INFO tmp;
-    APP_INFO *ret = NULL;
+    if (!RUN_ONCE(&memdbg_init, do_memdbg_init))
+        return 0;
 
-    if (amih != NULL) {
-        CRYPTO_THREADID_current(&tmp.threadid);
-        if ((ret = lh_APP_INFO_delete(amih, &tmp)) != NULL) {
-            APP_INFO *next = ret->next;
+    current = (APP_INFO *)CRYPTO_THREAD_get_local(&appinfokey);
+    if (current != NULL) {
+        APP_INFO *next = current->next;
 
-            if (next != NULL) {
-                next->references++;
-                (void)lh_APP_INFO_insert(amih, next);
-            }
-#ifdef LEVITTE_DEBUG_MEM
-            if (CRYPTO_THREADID_cmp(&ret->threadid, &tmp.threadid)) {
-                fprintf(stderr,
-                        "pop_info(): deleted info has other thread ID (%lu) than the current thread (%lu)!!!!\n",
-                        CRYPTO_THREADID_hash(&ret->threadid),
-                        CRYPTO_THREADID_hash(&tmp.threadid));
-                abort();
-            }
-#endif
-            if (--(ret->references) <= 0) {
-                ret->next = NULL;
-                if (next != NULL)
-                    next->references--;
-                OPENSSL_free(ret);
-            }
+        if (next != NULL) {
+            next->references++;
+            CRYPTO_THREAD_set_local(&appinfokey, next);
+        } else {
+            CRYPTO_THREAD_set_local(&appinfokey, NULL);
         }
+        if (--(current->references) <= 0) {
+            current->next = NULL;
+            if (next != NULL)
+                next->references--;
+            OPENSSL_free(current);
+        }
+        return 1;
     }
-    return (ret);
+    return 0;
 }
 
-int CRYPTO_push_info_(const char *info, const char *file, int line)
+int CRYPTO_mem_debug_push(const char *info, const char *file, int line)
 {
     APP_INFO *ami, *amim;
     int ret = 0;
 
-    if (is_MemCheck_on()) {
-        MemCheck_off();         /* obtain MALLOC2 lock */
+    if (mem_check_on()) {
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
 
-        if ((ami = (APP_INFO *)OPENSSL_malloc(sizeof(APP_INFO))) == NULL) {
-            ret = 0;
+        if (!RUN_ONCE(&memdbg_init, do_memdbg_init)
+            || (ami = OPENSSL_malloc(sizeof(*ami))) == NULL)
             goto err;
-        }
-        if (amih == NULL) {
-            if ((amih = lh_APP_INFO_new()) == NULL) {
-                OPENSSL_free(ami);
-                ret = 0;
-                goto err;
-            }
-        }
 
-        CRYPTO_THREADID_current(&ami->threadid);
+        ami->threadid = CRYPTO_THREAD_get_current_id();
         ami->file = file;
         ami->line = line;
         ami->info = info;
         ami->references = 1;
         ami->next = NULL;
 
-        if ((amim = lh_APP_INFO_insert(amih, ami)) != NULL) {
-#ifdef LEVITTE_DEBUG_MEM
-            if (CRYPTO_THREADID_cmp(&ami->threadid, &amim->threadid)) {
-                fprintf(stderr,
-                        "CRYPTO_push_info(): previous info has other thread ID (%lu) than the current thread (%lu)!!!!\n",
-                        CRYPTO_THREADID_hash(&amim->threadid),
-                        CRYPTO_THREADID_hash(&ami->threadid));
-                abort();
-            }
-#endif
+        amim = (APP_INFO *)CRYPTO_THREAD_get_local(&appinfokey);
+        CRYPTO_THREAD_set_local(&appinfokey, ami);
+
+        if (amim != NULL)
             ami->next = amim;
-        }
+        ret = 1;
  err:
-        MemCheck_on();          /* release MALLOC2 lock */
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
     }
 
-    return (ret);
+    return ret;
 }
 
-int CRYPTO_pop_info(void)
+int CRYPTO_mem_debug_pop(void)
 {
     int ret = 0;
 
-    if (is_MemCheck_on()) {     /* _must_ be true, or something went severely
-                                 * wrong */
-        MemCheck_off();         /* obtain MALLOC2 lock */
-
-        ret = (pop_info() != NULL);
-
-        MemCheck_on();          /* release MALLOC2 lock */
-    }
-    return (ret);
-}
-
-int CRYPTO_remove_all_info(void)
-{
-    int ret = 0;
-
-    if (is_MemCheck_on()) {     /* _must_ be true */
-        MemCheck_off();         /* obtain MALLOC2 lock */
-
-        while (pop_info() != NULL)
-            ret++;
-
-        MemCheck_on();          /* release MALLOC2 lock */
+    if (mem_check_on()) {
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+        ret = pop_info();
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
     }
-    return (ret);
+    return ret;
 }
 
 static unsigned long break_order_num = 0;
-void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line,
-                       int before_p)
+
+void CRYPTO_mem_debug_malloc(void *addr, size_t num, int before_p,
+                             const char *file, int line)
 {
     MEM *m, *mm;
-    APP_INFO tmp, *amim;
+    APP_INFO *amim;
 
     switch (before_p & 127) {
     case 0:
@@ -478,16 +327,17 @@ void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line,
         if (addr == NULL)
             break;
 
-        if (is_MemCheck_on()) {
-            MemCheck_off();     /* make sure we hold MALLOC2 lock */
-            if ((m = (MEM *)OPENSSL_malloc(sizeof(MEM))) == NULL) {
+        if (mem_check_on()) {
+            CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+
+            if (!RUN_ONCE(&memdbg_init, do_memdbg_init)
+                || (m = OPENSSL_malloc(sizeof(*m))) == NULL) {
                 OPENSSL_free(addr);
-                MemCheck_on();  /* release MALLOC2 lock if num_disabled drops
-                                 * to 0 */
+                CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
                 return;
             }
             if (mh == NULL) {
-                if ((mh = lh_MEM_new()) == NULL) {
+                if ((mh = lh_MEM_new(mem_hash, mem_cmp)) == NULL) {
                     OPENSSL_free(addr);
                     OPENSSL_free(m);
                     addr = NULL;
@@ -499,32 +349,22 @@ void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line,
             m->file = file;
             m->line = line;
             m->num = num;
-            if (options & V_CRYPTO_MDEBUG_THREAD)
-                CRYPTO_THREADID_current(&m->threadid);
-            else
-                memset(&m->threadid, 0, sizeof(m->threadid));
+            m->threadid = CRYPTO_THREAD_get_current_id();
 
             if (order == break_order_num) {
                 /* BREAK HERE */
                 m->order = order;
             }
             m->order = order++;
-#ifdef LEVITTE_DEBUG_MEM
-            fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5ld] %c 0x%p (%d)\n",
-                    m->order, (before_p & 128) ? '*' : '+', m->addr, m->num);
-#endif
-            if (options & V_CRYPTO_MDEBUG_TIME)
-                m->time = time(NULL);
-            else
-                m->time = 0;
-
-            CRYPTO_THREADID_current(&tmp.threadid);
-            m->app_info = NULL;
-            if (amih != NULL
-                && (amim = lh_APP_INFO_retrieve(amih, &tmp)) != NULL) {
-                m->app_info = amim;
+# ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+            m->array_siz = backtrace(m->array, OSSL_NELEM(m->array));
+# endif
+            m->time = time(NULL);
+
+            amim = (APP_INFO *)CRYPTO_THREAD_get_local(&appinfokey);
+            m->app_info = amim;
+            if (amim != NULL)
                 amim->references++;
-            }
 
             if ((mm = lh_MEM_insert(mh, m)) != NULL) {
                 /* Not good, but don't sweat it */
@@ -534,15 +374,15 @@ void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line,
                 OPENSSL_free(mm);
             }
  err:
-            MemCheck_on();      /* release MALLOC2 lock if num_disabled drops
-                                 * to 0 */
+            CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
         }
         break;
     }
     return;
 }
 
-void CRYPTO_dbg_free(void *addr, int before_p)
+void CRYPTO_mem_debug_free(void *addr, int before_p,
+        const char *file, int line)
 {
     MEM m, *mp;
 
@@ -551,23 +391,17 @@ void CRYPTO_dbg_free(void *addr, int before_p)
         if (addr == NULL)
             break;
 
-        if (is_MemCheck_on() && (mh != NULL)) {
-            MemCheck_off();     /* make sure we hold MALLOC2 lock */
+        if (mem_check_on() && (mh != NULL)) {
+            CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
 
             m.addr = addr;
             mp = lh_MEM_delete(mh, &m);
             if (mp != NULL) {
-#ifdef LEVITTE_DEBUG_MEM
-                fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5ld] - 0x%p (%d)\n",
-                        mp->order, mp->addr, mp->num);
-#endif
-                if (mp->app_info != NULL)
-                    app_info_free(mp->app_info);
+                app_info_free(mp->app_info);
                 OPENSSL_free(mp);
             }
 
-            MemCheck_on();      /* release MALLOC2 lock if num_disabled drops
-                                 * to 0 */
+            CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
         }
         break;
     case 1:
@@ -575,17 +409,11 @@ void CRYPTO_dbg_free(void *addr, int before_p)
     }
 }
 
-void CRYPTO_dbg_realloc(void *addr1, void *addr2, int num,
-                        const char *file, int line, int before_p)
+void CRYPTO_mem_debug_realloc(void *addr1, void *addr2, size_t num,
+                              int before_p, const char *file, int line)
 {
     MEM m, *mp;
 
-#ifdef LEVITTE_DEBUG_MEM
-    fprintf(stderr,
-            "LEVITTE_DEBUG_MEM: --> CRYPTO_dbg_malloc(addr1 = %p, addr2 = %p, num = %d, file = \"%s\", line = %d, before_p = %d)\n",
-            addr1, addr2, num, file, line, before_p);
-#endif
-
     switch (before_p) {
     case 0:
         break;
@@ -594,28 +422,25 @@ void CRYPTO_dbg_realloc(void *addr1, void *addr2, int num,
             break;
 
         if (addr1 == NULL) {
-            CRYPTO_dbg_malloc(addr2, num, file, line, 128 | before_p);
+            CRYPTO_mem_debug_malloc(addr2, num, 128 | before_p, file, line);
             break;
         }
 
-        if (is_MemCheck_on()) {
-            MemCheck_off();     /* make sure we hold MALLOC2 lock */
+        if (mem_check_on()) {
+            CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
 
             m.addr = addr1;
             mp = lh_MEM_delete(mh, &m);
             if (mp != NULL) {
-#ifdef LEVITTE_DEBUG_MEM
-                fprintf(stderr,
-                        "LEVITTE_DEBUG_MEM: [%5ld] * 0x%p (%d) -> 0x%p (%d)\n",
-                        mp->order, mp->addr, mp->num, addr2, num);
-#endif
                 mp->addr = addr2;
                 mp->num = num;
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+                mp->array_siz = backtrace(mp->array, OSSL_NELEM(mp->array));
+#endif
                 (void)lh_MEM_insert(mh, mp);
             }
 
-            MemCheck_on();      /* release MALLOC2 lock if num_disabled drops
-                                 * to 0 */
+            CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
         }
         break;
     }
@@ -623,216 +448,225 @@ void CRYPTO_dbg_realloc(void *addr1, void *addr2, int num,
 }
 
 typedef struct mem_leak_st {
-    BIO *bio;
+    int (*print_cb) (const char *str, size_t len, void *u);
+    void *print_cb_arg;
     int chunks;
     long bytes;
 } MEM_LEAK;
 
-static void print_leak_doall_arg(const MEM *m, MEM_LEAK *l)
+static void print_leak(const MEM *m, MEM_LEAK *l)
 {
     char buf[1024];
     char *bufp = buf;
+    size_t len = sizeof(buf), ami_cnt;
     APP_INFO *amip;
-    int ami_cnt;
+    int n;
     struct tm *lcl = NULL;
-    struct tm result = {0};
-    CRYPTO_THREADID ti;
-
-#define BUF_REMAIN (sizeof(buf) - (size_t)(bufp - buf))
-
-    if (m->addr == (char *)l->bio)
-        return;
-
-    if (options & V_CRYPTO_MDEBUG_TIME) {
-# if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && \
-            !defined(OPENSSL_SYS_OS2) && !defined(OPENSSL_SYS_SUNOS) && \
-            (!defined(OPENSSL_SYS_VMS) || defined(localtime_r))
-        lcl = localtime_r(&m->time, &result);
-# else
-        lcl = localtime(&m->time);
-# endif
-        BIO_snprintf(bufp, BUF_REMAIN, "[%02d:%02d:%02d] ",
+    /*
+     * Convert between CRYPTO_THREAD_ID (which could be anything at all) and
+     * a long. This may not be meaningful depending on what CRYPTO_THREAD_ID is
+     * but hopefully should give something sensible on most platforms
+     */
+    union {
+        CRYPTO_THREAD_ID tid;
+        unsigned long ltid;
+    } tid;
+    CRYPTO_THREAD_ID ti;
+
+    lcl = localtime(&m->time);
+    n = BIO_snprintf(bufp, len, "[%02d:%02d:%02d] ",
                      lcl->tm_hour, lcl->tm_min, lcl->tm_sec);
-        bufp += strlen(bufp);
+    if (n <= 0) {
+        bufp[0] = '\0';
+        return;
     }
+    bufp += n;
+    len -= n;
 
-    BIO_snprintf(bufp, BUF_REMAIN, "%5lu file=%s, line=%d, ",
-                 m->order, m->file, m->line);
-    bufp += strlen(bufp);
+    n = BIO_snprintf(bufp, len, "%5lu file=%s, line=%d, ",
+                     m->order, m->file, m->line);
+    if (n <= 0)
+        return;
+    bufp += n;
+    len -= n;
 
-    if (options & V_CRYPTO_MDEBUG_THREAD) {
-        BIO_snprintf(bufp, BUF_REMAIN, "thread=%lu, ",
-                     CRYPTO_THREADID_hash(&m->threadid));
-        bufp += strlen(bufp);
-    }
+    tid.ltid = 0;
+    tid.tid = m->threadid;
+    n = BIO_snprintf(bufp, len, "thread=%lu, ", tid.ltid);
+    if (n <= 0)
+        return;
+    bufp += n;
+    len -= n;
 
-    BIO_snprintf(bufp, BUF_REMAIN, "number=%d, address=%08lX\n",
-                 m->num, (unsigned long)m->addr);
-    bufp += strlen(bufp);
+    n = BIO_snprintf(bufp, len, "number=%d, address=%p\n", m->num, m->addr);
+    if (n <= 0)
+        return;
+    bufp += n;
+    len -= n;
 
-    BIO_puts(l->bio, buf);
+    l->print_cb(buf, (size_t)(bufp - buf), l->print_cb_arg);
 
     l->chunks++;
     l->bytes += m->num;
 
     amip = m->app_info;
     ami_cnt = 0;
-    if (!amip)
-        return;
-    CRYPTO_THREADID_cpy(&ti, &amip->threadid);
-
-    do {
-        int buf_len;
-        int info_len;
-
-        ami_cnt++;
-        memset(buf, '>', ami_cnt);
-        BIO_snprintf(buf + ami_cnt, sizeof(buf) - ami_cnt,
-                     " thread=%lu, file=%s, line=%d, info=\"",
-                     CRYPTO_THREADID_hash(&amip->threadid), amip->file,
-                     amip->line);
-        buf_len = strlen(buf);
-        info_len = strlen(amip->info);
-        if (128 - buf_len - 3 < info_len) {
-            memcpy(buf + buf_len, amip->info, 128 - buf_len - 3);
-            buf_len = 128 - 3;
-        } else {
-            BUF_strlcpy(buf + buf_len, amip->info, sizeof(buf) - buf_len);
-            buf_len = strlen(buf);
-        }
-        BIO_snprintf(buf + buf_len, sizeof(buf) - buf_len, "\"\n");
 
-        BIO_puts(l->bio, buf);
+    if (amip) {
+        ti = amip->threadid;
+
+        do {
+            int buf_len;
+            int info_len;
+
+            ami_cnt++;
+            if (ami_cnt >= sizeof(buf) - 1)
+                break;
+            memset(buf, '>', ami_cnt);
+            buf[ami_cnt] = '\0';
+            tid.ltid = 0;
+            tid.tid = amip->threadid;
+            n = BIO_snprintf(buf + ami_cnt, sizeof(buf) - ami_cnt,
+                             " thread=%lu, file=%s, line=%d, info=\"",
+                             tid.ltid, amip->file, amip->line);
+            if (n <= 0)
+                break;
+            buf_len = ami_cnt + n;
+            info_len = strlen(amip->info);
+            if (128 - buf_len - 3 < info_len) {
+                memcpy(buf + buf_len, amip->info, 128 - buf_len - 3);
+                buf_len = 128 - 3;
+            } else {
+                n = BIO_snprintf(buf + buf_len, sizeof(buf) - buf_len, "%s",
+                                 amip->info);
+                if (n < 0)
+                    break;
+                buf_len += n;
+            }
+            n = BIO_snprintf(buf + buf_len, sizeof(buf) - buf_len, "\"\n");
+            if (n <= 0)
+                break;
+
+            l->print_cb(buf, buf_len + n, l->print_cb_arg);
 
-        amip = amip->next;
+            amip = amip->next;
+        }
+        while (amip && CRYPTO_THREAD_compare_id(amip->threadid, ti));
     }
-    while (amip && !CRYPTO_THREADID_cmp(&amip->threadid, &ti));
 
-#ifdef LEVITTE_DEBUG_MEM
-    if (amip) {
-        fprintf(stderr, "Thread switch detected in backtrace!!!!\n");
-        abort();
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+    {
+        size_t i;
+        char **strings = backtrace_symbols(m->array, m->array_siz);
+
+        for (i = 0; i < m->array_siz; i++)
+            fprintf(stderr, "##> %s\n", strings[i]);
+        free(strings);
     }
 #endif
 }
 
-static IMPLEMENT_LHASH_DOALL_ARG_FN(print_leak, const MEM, MEM_LEAK)
+IMPLEMENT_LHASH_DOALL_ARG_CONST(MEM, MEM_LEAK);
 
-void CRYPTO_mem_leaks(BIO *b)
+int CRYPTO_mem_leaks_cb(int (*cb) (const char *str, size_t len, void *u),
+                        void *u)
 {
     MEM_LEAK ml;
 
-    if (mh == NULL && amih == NULL)
-        return;
+    /* Ensure all resources are released */
+    OPENSSL_cleanup();
+
+    if (!RUN_ONCE(&memdbg_init, do_memdbg_init))
+        return -1;
 
-    MemCheck_off();             /* obtain MALLOC2 lock */
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
 
-    ml.bio = b;
+    ml.print_cb = cb;
+    ml.print_cb_arg = u;
     ml.bytes = 0;
     ml.chunks = 0;
     if (mh != NULL)
-        lh_MEM_doall_arg(mh, LHASH_DOALL_ARG_FN(print_leak), MEM_LEAK, &ml);
+        lh_MEM_doall_MEM_LEAK(mh, print_leak, &ml);
+
     if (ml.chunks != 0) {
-        BIO_printf(b, "%ld bytes leaked in %d chunks\n", ml.bytes, ml.chunks);
-#ifdef CRYPTO_MDEBUG_ABORT
-        abort();
-#endif
+        char buf[256];
+
+        BIO_snprintf(buf, sizeof(buf), "%ld bytes leaked in %d chunks\n",
+                     ml.bytes, ml.chunks);
+        cb(buf, strlen(buf), u);
     } else {
         /*
          * Make sure that, if we found no leaks, memory-leak debugging itself
          * does not introduce memory leaks (which might irritate external
          * debugging tools). (When someone enables leak checking, but does not
-         * call this function, we declare it to be their fault.) XXX This
-         * should be in CRYPTO_mem_leaks_cb, and CRYPTO_mem_leaks should be
-         * implemented by using CRYPTO_mem_leaks_cb. (Also there should be a
-         * variant of lh_doall_arg that takes a function pointer instead of a
-         * void *; this would obviate the ugly and illegal void_fn_to_char
-         * kludge in CRYPTO_mem_leaks_cb. Otherwise the code police will come
-         * and get us.)
+         * call this function, we declare it to be their fault.)
          */
         int old_mh_mode;
 
-        CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
+        CRYPTO_THREAD_write_lock(memdbg_lock);
 
         /*
-         * avoid deadlock when lh_free() uses CRYPTO_dbg_free(), which uses
-         * CRYPTO_is_mem_check_on
+         * avoid deadlock when lh_free() uses CRYPTO_mem_debug_free(), which uses
+         * mem_check_on
          */
         old_mh_mode = mh_mode;
         mh_mode = CRYPTO_MEM_CHECK_OFF;
 
-        if (mh != NULL) {
-            lh_MEM_free(mh);
-            mh = NULL;
-        }
-        if (amih != NULL) {
-            if (lh_APP_INFO_num_items(amih) == 0) {
-                lh_APP_INFO_free(amih);
-                amih = NULL;
-            }
-        }
+        lh_MEM_free(mh);
+        mh = NULL;
 
         mh_mode = old_mh_mode;
-        CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
+        CRYPTO_THREAD_unlock(memdbg_lock);
     }
-    MemCheck_on();              /* release MALLOC2 lock */
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF);
+
+    /* Clean up locks etc */
+    CRYPTO_THREAD_cleanup_local(&appinfokey);
+    CRYPTO_THREAD_lock_free(memdbg_lock);
+    CRYPTO_THREAD_lock_free(long_memdbg_lock);
+    memdbg_lock = NULL;
+    long_memdbg_lock = NULL;
+
+    return ml.chunks == 0 ? 1 : 0;
+}
+
+static int print_bio(const char *str, size_t len, void *b)
+{
+    return BIO_write((BIO *)b, str, len);
 }
 
-#ifndef OPENSSL_NO_FP_API
-void CRYPTO_mem_leaks_fp(FILE *fp)
+int CRYPTO_mem_leaks(BIO *b)
+{
+    /*
+     * OPENSSL_cleanup() will free the ex_data locks so we can't have any
+     * ex_data hanging around
+     */
+    bio_free_ex_data(b);
+
+    return CRYPTO_mem_leaks_cb(print_bio, b);
+}
+
+# ifndef OPENSSL_NO_STDIO
+int CRYPTO_mem_leaks_fp(FILE *fp)
 {
     BIO *b;
+    int ret;
 
-    if (mh == NULL)
-        return;
     /*
      * Need to turn off memory checking when allocated BIOs ... especially as
      * we're creating them at a time when we're trying to check we've not
      * left anything un-free()'d!!
      */
-    MemCheck_off();
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
     b = BIO_new(BIO_s_file());
-    MemCheck_on();
-    if (!b)
-        return;
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+    if (b == NULL)
+        return -1;
     BIO_set_fp(b, fp, BIO_NOCLOSE);
-    CRYPTO_mem_leaks(b);
+    ret = CRYPTO_mem_leaks_cb(print_bio, b);
     BIO_free(b);
+    return ret;
 }
-#endif
-
-/*
- * FIXME: We really don't allow much to the callback.  For example, it has no
- * chance of reaching the info stack for the item it processes.  Should it
- * really be this way? -- Richard Levitte
- */
-/*
- * NB: The prototypes have been typedef'd to CRYPTO_MEM_LEAK_CB inside
- * crypto.h If this code is restructured, remove the callback type if it is
- * no longer needed. -- Geoff Thorpe
- */
-
-/*
- * Can't pass CRYPTO_MEM_LEAK_CB directly to lh_MEM_doall_arg because it is a
- * function pointer and conversion to void * is prohibited. Instead pass its
- * address
- */
-
-typedef CRYPTO_MEM_LEAK_CB *PCRYPTO_MEM_LEAK_CB;
-
-static void cb_leak_doall_arg(const MEM *m, PCRYPTO_MEM_LEAK_CB *cb)
-{
-    (*cb) (m->order, m->file, m->line, m->num, m->addr);
-}
-
-static IMPLEMENT_LHASH_DOALL_ARG_FN(cb_leak, const MEM, PCRYPTO_MEM_LEAK_CB)
+# endif
 
-void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb)
-{
-    if (mh == NULL)
-        return;
-    CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2);
-    lh_MEM_doall_arg(mh, LHASH_DOALL_ARG_FN(cb_leak), PCRYPTO_MEM_LEAK_CB,
-                     &cb);
-    CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2);
-}
+#endif
diff --git a/freebsd/crypto/openssl/crypto/mem_sec.c b/freebsd/crypto/openssl/crypto/mem_sec.c
new file mode 100644
index 00000000..7b2fc311
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/mem_sec.c
@@ -0,0 +1,652 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2004-2014, Akamai Technologies. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This file is in two halves. The first half implements the public API
+ * to be used by external consumers, and to be used by OpenSSL to store
+ * data in a "secure arena." The second half implements the secure arena.
+ * For details on that implementation, see below (look for uppercase
+ * "SECURE HEAP IMPLEMENTATION").
+ */
+#include "e_os.h"
+#include <openssl/crypto.h>
+
+#include <string.h>
+
+/* e_os.h includes unistd.h, which defines _POSIX_VERSION */
+#if !defined(OPENSSL_NO_SECURE_MEMORY) && defined(OPENSSL_SYS_UNIX) \
+    && ( (defined(_POSIX_VERSION) && _POSIX_VERSION >= 200112L) \
+         || defined(__sun) || defined(__hpux) || defined(__sgi) \
+         || defined(__osf__) )
+# define IMPLEMENTED
+# include <stdlib.h>
+# include <assert.h>
+# include <unistd.h>
+# include <sys/types.h>
+# include <sys/mman.h>
+# if defined(OPENSSL_SYS_LINUX)
+#  include <sys/syscall.h>
+#  if defined(SYS_mlock2)
+#   include <linux/mman.h>
+#   include <errno.h>
+#  endif
+# endif
+# include <sys/param.h>
+# include <sys/stat.h>
+# include <fcntl.h>
+#endif
+
+#define CLEAR(p, s) OPENSSL_cleanse(p, s)
+#ifndef PAGE_SIZE
+# define PAGE_SIZE    4096
+#endif
+#if !defined(MAP_ANON) && defined(MAP_ANONYMOUS)
+# define MAP_ANON MAP_ANONYMOUS
+#endif
+
+#ifdef IMPLEMENTED
+static size_t secure_mem_used;
+
+static int secure_mem_initialized;
+
+static CRYPTO_RWLOCK *sec_malloc_lock = NULL;
+
+/*
+ * These are the functions that must be implemented by a secure heap (sh).
+ */
+static int sh_init(size_t size, int minsize);
+static void *sh_malloc(size_t size);
+static void sh_free(void *ptr);
+static void sh_done(void);
+static size_t sh_actual_size(char *ptr);
+static int sh_allocated(const char *ptr);
+#endif
+
+int CRYPTO_secure_malloc_init(size_t size, int minsize)
+{
+#ifdef IMPLEMENTED
+    int ret = 0;
+
+    if (!secure_mem_initialized) {
+        sec_malloc_lock = CRYPTO_THREAD_lock_new();
+        if (sec_malloc_lock == NULL)
+            return 0;
+        if ((ret = sh_init(size, minsize)) != 0) {
+            secure_mem_initialized = 1;
+        } else {
+            CRYPTO_THREAD_lock_free(sec_malloc_lock);
+            sec_malloc_lock = NULL;
+        }
+    }
+
+    return ret;
+#else
+    return 0;
+#endif /* IMPLEMENTED */
+}
+
+int CRYPTO_secure_malloc_done(void)
+{
+#ifdef IMPLEMENTED
+    if (secure_mem_used == 0) {
+        sh_done();
+        secure_mem_initialized = 0;
+        CRYPTO_THREAD_lock_free(sec_malloc_lock);
+        sec_malloc_lock = NULL;
+        return 1;
+    }
+#endif /* IMPLEMENTED */
+    return 0;
+}
+
+int CRYPTO_secure_malloc_initialized(void)
+{
+#ifdef IMPLEMENTED
+    return secure_mem_initialized;
+#else
+    return 0;
+#endif /* IMPLEMENTED */
+}
+
+void *CRYPTO_secure_malloc(size_t num, const char *file, int line)
+{
+#ifdef IMPLEMENTED
+    void *ret;
+    size_t actual_size;
+
+    if (!secure_mem_initialized) {
+        return CRYPTO_malloc(num, file, line);
+    }
+    CRYPTO_THREAD_write_lock(sec_malloc_lock);
+    ret = sh_malloc(num);
+    actual_size = ret ? sh_actual_size(ret) : 0;
+    secure_mem_used += actual_size;
+    CRYPTO_THREAD_unlock(sec_malloc_lock);
+    return ret;
+#else
+    return CRYPTO_malloc(num, file, line);
+#endif /* IMPLEMENTED */
+}
+
+void *CRYPTO_secure_zalloc(size_t num, const char *file, int line)
+{
+#ifdef IMPLEMENTED
+    if (secure_mem_initialized)
+        /* CRYPTO_secure_malloc() zeroes allocations when it is implemented */
+        return CRYPTO_secure_malloc(num, file, line);
+#endif
+    return CRYPTO_zalloc(num, file, line);
+}
+
+void CRYPTO_secure_free(void *ptr, const char *file, int line)
+{
+#ifdef IMPLEMENTED
+    size_t actual_size;
+
+    if (ptr == NULL)
+        return;
+    if (!CRYPTO_secure_allocated(ptr)) {
+        CRYPTO_free(ptr, file, line);
+        return;
+    }
+    CRYPTO_THREAD_write_lock(sec_malloc_lock);
+    actual_size = sh_actual_size(ptr);
+    CLEAR(ptr, actual_size);
+    secure_mem_used -= actual_size;
+    sh_free(ptr);
+    CRYPTO_THREAD_unlock(sec_malloc_lock);
+#else
+    CRYPTO_free(ptr, file, line);
+#endif /* IMPLEMENTED */
+}
+
+void CRYPTO_secure_clear_free(void *ptr, size_t num,
+                              const char *file, int line)
+{
+#ifdef IMPLEMENTED
+    size_t actual_size;
+
+    if (ptr == NULL)
+        return;
+    if (!CRYPTO_secure_allocated(ptr)) {
+        OPENSSL_cleanse(ptr, num);
+        CRYPTO_free(ptr, file, line);
+        return;
+    }
+    CRYPTO_THREAD_write_lock(sec_malloc_lock);
+    actual_size = sh_actual_size(ptr);
+    CLEAR(ptr, actual_size);
+    secure_mem_used -= actual_size;
+    sh_free(ptr);
+    CRYPTO_THREAD_unlock(sec_malloc_lock);
+#else
+    if (ptr == NULL)
+        return;
+    OPENSSL_cleanse(ptr, num);
+    CRYPTO_free(ptr, file, line);
+#endif /* IMPLEMENTED */
+}
+
+int CRYPTO_secure_allocated(const void *ptr)
+{
+#ifdef IMPLEMENTED
+    int ret;
+
+    if (!secure_mem_initialized)
+        return 0;
+    CRYPTO_THREAD_write_lock(sec_malloc_lock);
+    ret = sh_allocated(ptr);
+    CRYPTO_THREAD_unlock(sec_malloc_lock);
+    return ret;
+#else
+    return 0;
+#endif /* IMPLEMENTED */
+}
+
+size_t CRYPTO_secure_used(void)
+{
+#ifdef IMPLEMENTED
+    return secure_mem_used;
+#else
+    return 0;
+#endif /* IMPLEMENTED */
+}
+
+size_t CRYPTO_secure_actual_size(void *ptr)
+{
+#ifdef IMPLEMENTED
+    size_t actual_size;
+
+    CRYPTO_THREAD_write_lock(sec_malloc_lock);
+    actual_size = sh_actual_size(ptr);
+    CRYPTO_THREAD_unlock(sec_malloc_lock);
+    return actual_size;
+#else
+    return 0;
+#endif
+}
+/* END OF PAGE ...
+
+   ... START OF PAGE */
+
+/*
+ * SECURE HEAP IMPLEMENTATION
+ */
+#ifdef IMPLEMENTED
+
+
+/*
+ * The implementation provided here uses a fixed-sized mmap() heap,
+ * which is locked into memory, not written to core files, and protected
+ * on either side by an unmapped page, which will catch pointer overruns
+ * (or underruns) and an attempt to read data out of the secure heap.
+ * Free'd memory is zero'd or otherwise cleansed.
+ *
+ * This is a pretty standard buddy allocator.  We keep areas in a multiple
+ * of "sh.minsize" units.  The freelist and bitmaps are kept separately,
+ * so all (and only) data is kept in the mmap'd heap.
+ *
+ * This code assumes eight-bit bytes.  The numbers 3 and 7 are all over the
+ * place.
+ */
+
+#define ONE ((size_t)1)
+
+# define TESTBIT(t, b)  (t[(b) >> 3] &  (ONE << ((b) & 7)))
+# define SETBIT(t, b)   (t[(b) >> 3] |= (ONE << ((b) & 7)))
+# define CLEARBIT(t, b) (t[(b) >> 3] &= (0xFF & ~(ONE << ((b) & 7))))
+
+#define WITHIN_ARENA(p) \
+    ((char*)(p) >= sh.arena && (char*)(p) < &sh.arena[sh.arena_size])
+#define WITHIN_FREELIST(p) \
+    ((char*)(p) >= (char*)sh.freelist && (char*)(p) < (char*)&sh.freelist[sh.freelist_size])
+
+
+typedef struct sh_list_st
+{
+    struct sh_list_st *next;
+    struct sh_list_st **p_next;
+} SH_LIST;
+
+typedef struct sh_st
+{
+    char* map_result;
+    size_t map_size;
+    char *arena;
+    size_t arena_size;
+    char **freelist;
+    ossl_ssize_t freelist_size;
+    size_t minsize;
+    unsigned char *bittable;
+    unsigned char *bitmalloc;
+    size_t bittable_size; /* size in bits */
+} SH;
+
+static SH sh;
+
+static size_t sh_getlist(char *ptr)
+{
+    ossl_ssize_t list = sh.freelist_size - 1;
+    size_t bit = (sh.arena_size + ptr - sh.arena) / sh.minsize;
+
+    for (; bit; bit >>= 1, list--) {
+        if (TESTBIT(sh.bittable, bit))
+            break;
+        OPENSSL_assert((bit & 1) == 0);
+    }
+
+    return list;
+}
+
+
+static int sh_testbit(char *ptr, int list, unsigned char *table)
+{
+    size_t bit;
+
+    OPENSSL_assert(list >= 0 && list < sh.freelist_size);
+    OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
+    bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
+    OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
+    return TESTBIT(table, bit);
+}
+
+static void sh_clearbit(char *ptr, int list, unsigned char *table)
+{
+    size_t bit;
+
+    OPENSSL_assert(list >= 0 && list < sh.freelist_size);
+    OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
+    bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
+    OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
+    OPENSSL_assert(TESTBIT(table, bit));
+    CLEARBIT(table, bit);
+}
+
+static void sh_setbit(char *ptr, int list, unsigned char *table)
+{
+    size_t bit;
+
+    OPENSSL_assert(list >= 0 && list < sh.freelist_size);
+    OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
+    bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
+    OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
+    OPENSSL_assert(!TESTBIT(table, bit));
+    SETBIT(table, bit);
+}
+
+static void sh_add_to_list(char **list, char *ptr)
+{
+    SH_LIST *temp;
+
+    OPENSSL_assert(WITHIN_FREELIST(list));
+    OPENSSL_assert(WITHIN_ARENA(ptr));
+
+    temp = (SH_LIST *)ptr;
+    temp->next = *(SH_LIST **)list;
+    OPENSSL_assert(temp->next == NULL || WITHIN_ARENA(temp->next));
+    temp->p_next = (SH_LIST **)list;
+
+    if (temp->next != NULL) {
+        OPENSSL_assert((char **)temp->next->p_next == list);
+        temp->next->p_next = &(temp->next);
+    }
+
+    *list = ptr;
+}
+
+static void sh_remove_from_list(char *ptr)
+{
+    SH_LIST *temp, *temp2;
+
+    temp = (SH_LIST *)ptr;
+    if (temp->next != NULL)
+        temp->next->p_next = temp->p_next;
+    *temp->p_next = temp->next;
+    if (temp->next == NULL)
+        return;
+
+    temp2 = temp->next;
+    OPENSSL_assert(WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next));
+}
+
+
+static int sh_init(size_t size, int minsize)
+{
+    int ret;
+    size_t i;
+    size_t pgsize;
+    size_t aligned;
+
+    memset(&sh, 0, sizeof(sh));
+
+    /* make sure size and minsize are powers of 2 */
+    OPENSSL_assert(size > 0);
+    OPENSSL_assert((size & (size - 1)) == 0);
+    OPENSSL_assert(minsize > 0);
+    OPENSSL_assert((minsize & (minsize - 1)) == 0);
+    if (size <= 0 || (size & (size - 1)) != 0)
+        goto err;
+    if (minsize <= 0 || (minsize & (minsize - 1)) != 0)
+        goto err;
+
+    while (minsize < (int)sizeof(SH_LIST))
+        minsize *= 2;
+
+    sh.arena_size = size;
+    sh.minsize = minsize;
+    sh.bittable_size = (sh.arena_size / sh.minsize) * 2;
+
+    /* Prevent allocations of size 0 later on */
+    if (sh.bittable_size >> 3 == 0)
+        goto err;
+
+    sh.freelist_size = -1;
+    for (i = sh.bittable_size; i; i >>= 1)
+        sh.freelist_size++;
+
+    sh.freelist = OPENSSL_zalloc(sh.freelist_size * sizeof(char *));
+    OPENSSL_assert(sh.freelist != NULL);
+    if (sh.freelist == NULL)
+        goto err;
+
+    sh.bittable = OPENSSL_zalloc(sh.bittable_size >> 3);
+    OPENSSL_assert(sh.bittable != NULL);
+    if (sh.bittable == NULL)
+        goto err;
+
+    sh.bitmalloc = OPENSSL_zalloc(sh.bittable_size >> 3);
+    OPENSSL_assert(sh.bitmalloc != NULL);
+    if (sh.bitmalloc == NULL)
+        goto err;
+
+    /* Allocate space for heap, and two extra pages as guards */
+#if defined(_SC_PAGE_SIZE) || defined (_SC_PAGESIZE)
+    {
+# if defined(_SC_PAGE_SIZE)
+        long tmppgsize = sysconf(_SC_PAGE_SIZE);
+# else
+        long tmppgsize = sysconf(_SC_PAGESIZE);
+# endif
+        if (tmppgsize < 1)
+            pgsize = PAGE_SIZE;
+        else
+            pgsize = (size_t)tmppgsize;
+    }
+#else
+    pgsize = PAGE_SIZE;
+#endif
+    sh.map_size = pgsize + sh.arena_size + pgsize;
+    if (1) {
+#ifdef MAP_ANON
+        sh.map_result = mmap(NULL, sh.map_size,
+                             PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE, -1, 0);
+    } else {
+#endif
+        int fd;
+
+        sh.map_result = MAP_FAILED;
+        if ((fd = open("/dev/zero", O_RDWR)) >= 0) {
+            sh.map_result = mmap(NULL, sh.map_size,
+                                 PROT_READ|PROT_WRITE, MAP_PRIVATE, fd, 0);
+            close(fd);
+        }
+    }
+    if (sh.map_result == MAP_FAILED)
+        goto err;
+    sh.arena = (char *)(sh.map_result + pgsize);
+    sh_setbit(sh.arena, 0, sh.bittable);
+    sh_add_to_list(&sh.freelist[0], sh.arena);
+
+    /* Now try to add guard pages and lock into memory. */
+    ret = 1;
+
+    /* Starting guard is already aligned from mmap. */
+    if (mprotect(sh.map_result, pgsize, PROT_NONE) < 0)
+        ret = 2;
+
+    /* Ending guard page - need to round up to page boundary */
+    aligned = (pgsize + sh.arena_size + (pgsize - 1)) & ~(pgsize - 1);
+    if (mprotect(sh.map_result + aligned, pgsize, PROT_NONE) < 0)
+        ret = 2;
+
+#if defined(OPENSSL_SYS_LINUX) && defined(MLOCK_ONFAULT) && defined(SYS_mlock2)
+    if (syscall(SYS_mlock2, sh.arena, sh.arena_size, MLOCK_ONFAULT) < 0) {
+        if (errno == ENOSYS) {
+            if (mlock(sh.arena, sh.arena_size) < 0)
+                ret = 2;
+        } else {
+            ret = 2;
+        }
+    }
+#else
+    if (mlock(sh.arena, sh.arena_size) < 0)
+        ret = 2;
+#endif
+#ifdef MADV_DONTDUMP
+    if (madvise(sh.arena, sh.arena_size, MADV_DONTDUMP) < 0)
+        ret = 2;
+#endif
+
+    return ret;
+
+ err:
+    sh_done();
+    return 0;
+}
+
+static void sh_done(void)
+{
+    OPENSSL_free(sh.freelist);
+    OPENSSL_free(sh.bittable);
+    OPENSSL_free(sh.bitmalloc);
+    if (sh.map_result != NULL && sh.map_size)
+        munmap(sh.map_result, sh.map_size);
+    memset(&sh, 0, sizeof(sh));
+}
+
+static int sh_allocated(const char *ptr)
+{
+    return WITHIN_ARENA(ptr) ? 1 : 0;
+}
+
+static char *sh_find_my_buddy(char *ptr, int list)
+{
+    size_t bit;
+    char *chunk = NULL;
+
+    bit = (ONE << list) + (ptr - sh.arena) / (sh.arena_size >> list);
+    bit ^= 1;
+
+    if (TESTBIT(sh.bittable, bit) && !TESTBIT(sh.bitmalloc, bit))
+        chunk = sh.arena + ((bit & ((ONE << list) - 1)) * (sh.arena_size >> list));
+
+    return chunk;
+}
+
+static void *sh_malloc(size_t size)
+{
+    ossl_ssize_t list, slist;
+    size_t i;
+    char *chunk;
+
+    if (size > sh.arena_size)
+        return NULL;
+
+    list = sh.freelist_size - 1;
+    for (i = sh.minsize; i < size; i <<= 1)
+        list--;
+    if (list < 0)
+        return NULL;
+
+    /* try to find a larger entry to split */
+    for (slist = list; slist >= 0; slist--)
+        if (sh.freelist[slist] != NULL)
+            break;
+    if (slist < 0)
+        return NULL;
+
+    /* split larger entry */
+    while (slist != list) {
+        char *temp = sh.freelist[slist];
+
+        /* remove from bigger list */
+        OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
+        sh_clearbit(temp, slist, sh.bittable);
+        sh_remove_from_list(temp);
+        OPENSSL_assert(temp != sh.freelist[slist]);
+
+        /* done with bigger list */
+        slist++;
+
+        /* add to smaller list */
+        OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
+        sh_setbit(temp, slist, sh.bittable);
+        sh_add_to_list(&sh.freelist[slist], temp);
+        OPENSSL_assert(sh.freelist[slist] == temp);
+
+        /* split in 2 */
+        temp += sh.arena_size >> slist;
+        OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
+        sh_setbit(temp, slist, sh.bittable);
+        sh_add_to_list(&sh.freelist[slist], temp);
+        OPENSSL_assert(sh.freelist[slist] == temp);
+
+        OPENSSL_assert(temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist));
+    }
+
+    /* peel off memory to hand back */
+    chunk = sh.freelist[list];
+    OPENSSL_assert(sh_testbit(chunk, list, sh.bittable));
+    sh_setbit(chunk, list, sh.bitmalloc);
+    sh_remove_from_list(chunk);
+
+    OPENSSL_assert(WITHIN_ARENA(chunk));
+
+    /* zero the free list header as a precaution against information leakage */
+    memset(chunk, 0, sizeof(SH_LIST));
+
+    return chunk;
+}
+
+static void sh_free(void *ptr)
+{
+    size_t list;
+    void *buddy;
+
+    if (ptr == NULL)
+        return;
+    OPENSSL_assert(WITHIN_ARENA(ptr));
+    if (!WITHIN_ARENA(ptr))
+        return;
+
+    list = sh_getlist(ptr);
+    OPENSSL_assert(sh_testbit(ptr, list, sh.bittable));
+    sh_clearbit(ptr, list, sh.bitmalloc);
+    sh_add_to_list(&sh.freelist[list], ptr);
+
+    /* Try to coalesce two adjacent free areas. */
+    while ((buddy = sh_find_my_buddy(ptr, list)) != NULL) {
+        OPENSSL_assert(ptr == sh_find_my_buddy(buddy, list));
+        OPENSSL_assert(ptr != NULL);
+        OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
+        sh_clearbit(ptr, list, sh.bittable);
+        sh_remove_from_list(ptr);
+        OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
+        sh_clearbit(buddy, list, sh.bittable);
+        sh_remove_from_list(buddy);
+
+        list--;
+
+        /* Zero the higher addressed block's free list pointers */
+        memset(ptr > buddy ? ptr : buddy, 0, sizeof(SH_LIST));
+        if (ptr > buddy)
+            ptr = buddy;
+
+        OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
+        sh_setbit(ptr, list, sh.bittable);
+        sh_add_to_list(&sh.freelist[list], ptr);
+        OPENSSL_assert(sh.freelist[list] == ptr);
+    }
+}
+
+static size_t sh_actual_size(char *ptr)
+{
+    int list;
+
+    OPENSSL_assert(WITHIN_ARENA(ptr));
+    if (!WITHIN_ARENA(ptr))
+        return 0;
+    list = sh_getlist(ptr);
+    OPENSSL_assert(sh_testbit(ptr, list, sh.bittable));
+    return sh.arena_size / (ONE << list);
+}
+#endif /* IMPLEMENTED */
diff --git a/freebsd/crypto/openssl/crypto/mips_arch.h b/freebsd/crypto/openssl/crypto/mips_arch.h
new file mode 100644
index 00000000..75043e79
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/mips_arch.h
@@ -0,0 +1,40 @@
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef __MIPS_ARCH_H__
+# define __MIPS_ARCH_H__
+
+# if (defined(__mips_smartmips) || defined(_MIPS_ARCH_MIPS32R3) || \
+      defined(_MIPS_ARCH_MIPS32R5) || defined(_MIPS_ARCH_MIPS32R6))
+      && !defined(_MIPS_ARCH_MIPS32R2)
+#  define _MIPS_ARCH_MIPS32R2
+# endif
+
+# if (defined(_MIPS_ARCH_MIPS64R3) || defined(_MIPS_ARCH_MIPS64R5) || \
+      defined(_MIPS_ARCH_MIPS64R6)) \
+      && !defined(_MIPS_ARCH_MIPS64R2)
+#  define _MIPS_ARCH_MIPS64R2
+# endif
+
+# if defined(_MIPS_ARCH_MIPS64R6)
+#  define dmultu(rs,rt)
+#  define mflo(rd,rs,rt)	dmulu	rd,rs,rt
+#  define mfhi(rd,rs,rt)	dmuhu	rd,rs,rt
+# elif defined(_MIPS_ARCH_MIPS32R6)
+#  define multu(rs,rt)
+#  define mflo(rd,rs,rt)	mulu	rd,rs,rt
+#  define mfhi(rd,rs,rt)	muhu	rd,rs,rt
+# else
+#  define dmultu(rs,rt)		dmultu	rs,rt
+#  define multu(rs,rt)		multu	rs,rt
+#  define mflo(rd,rs,rt)	mflo	rd
+#  define mfhi(rd,rs,rt)	mfhi	rd
+# endif
+
+#endif
diff --git a/freebsd/crypto/openssl/crypto/modes/cbc128.c b/freebsd/crypto/openssl/crypto/modes/cbc128.c
index f33f29be..02f6e90d 100644
--- a/freebsd/crypto/openssl/crypto/modes/cbc128.c
+++ b/freebsd/crypto/openssl/crypto/modes/cbc128.c
@@ -1,66 +1,18 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/crypto.h>
 #include "modes_lcl.h"
 #include <string.h>
 
-#ifndef MODES_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-#include <assert.h>
-
 #if !defined(STRICT_ALIGNMENT) && !defined(PEDANTIC)
 # define STRICT_ALIGNMENT 0
 #endif
@@ -72,7 +24,8 @@ void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out,
     size_t n;
     const unsigned char *iv = ivec;
 
-    assert(in && out && key && ivec);
+    if (len == 0)
+        return;
 
 #if !defined(OPENSSL_SMALL_FOOTPRINT)
     if (STRICT_ALIGNMENT &&
@@ -125,7 +78,8 @@ void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out,
         unsigned char c[16];
     } tmp;
 
-    assert(in && out && key && ivec);
+    if (len == 0)
+        return;
 
 #if !defined(OPENSSL_SMALL_FOOTPRINT)
     if (in != out) {
diff --git a/freebsd/crypto/openssl/crypto/modes/ccm128.c b/freebsd/crypto/openssl/crypto/modes/ccm128.c
index a7788868..96a35313 100644
--- a/freebsd/crypto/openssl/crypto/modes/ccm128.c
+++ b/freebsd/crypto/openssl/crypto/modes/ccm128.c
@@ -1,65 +1,18 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/crypto.h>
 #include "modes_lcl.h"
 #include <string.h>
 
-#ifndef MODES_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-#include <assert.h>
-
 /*
  * First you setup M and L parameters and pass the key schedule. This is
  * called once per session setup...
diff --git a/freebsd/crypto/openssl/crypto/modes/cfb128.c b/freebsd/crypto/openssl/crypto/modes/cfb128.c
index 269f8a0b..2bdd1c64 100644
--- a/freebsd/crypto/openssl/crypto/modes/cfb128.c
+++ b/freebsd/crypto/openssl/crypto/modes/cfb128.c
@@ -1,66 +1,18 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/crypto.h>
 #include "modes_lcl.h"
 #include <string.h>
 
-#ifndef MODES_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-#include <assert.h>
-
 /*
  * The input and output encrypted as though 128bit cfb mode is being used.
  * The extra state information to record how much of the 128bit block we have
@@ -74,8 +26,6 @@ void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out,
     unsigned int n;
     size_t l = 0;
 
-    assert(in && out && key && ivec && num);
-
     n = *num;
 
     if (enc) {
@@ -192,7 +142,7 @@ static void cfbr_encrypt_block(const unsigned char *in, unsigned char *out,
                                block128_f block)
 {
     int n, rem, num;
-    unsigned char ovec[16 * 2 + 1]; /* +1 because we dererefence (but don't
+    unsigned char ovec[16 * 2 + 1]; /* +1 because we dereference (but don't
                                      * use) one byte off the end */
 
     if (nbits <= 0 || nbits > 128)
@@ -230,9 +180,6 @@ void CRYPTO_cfb128_1_encrypt(const unsigned char *in, unsigned char *out,
     size_t n;
     unsigned char c[1], d[1];
 
-    assert(in && out && key && ivec && num);
-    assert(*num == 0);
-
     for (n = 0; n < bits; ++n) {
         c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
         cfbr_encrypt_block(c, d, 1, key, ivec, enc, block);
@@ -248,9 +195,6 @@ void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out,
 {
     size_t n;
 
-    assert(in && out && key && ivec && num);
-    assert(*num == 0);
-
     for (n = 0; n < length; ++n)
         cfbr_encrypt_block(&in[n], &out[n], 8, key, ivec, enc, block);
 }
diff --git a/freebsd/crypto/openssl/crypto/modes/ctr128.c b/freebsd/crypto/openssl/crypto/modes/ctr128.c
index fef9022b..95160293 100644
--- a/freebsd/crypto/openssl/crypto/modes/ctr128.c
+++ b/freebsd/crypto/openssl/crypto/modes/ctr128.c
@@ -1,66 +1,18 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/crypto.h>
 #include "modes_lcl.h"
 #include <string.h>
 
-#ifndef MODES_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-#include <assert.h>
-
 /*
  * NOTE: the IV/counter CTR mode is big-endian.  The code itself is
  * endian-neutral.
@@ -115,7 +67,7 @@ static void ctr128_inc_aligned(unsigned char *counter)
  * before the first call to CRYPTO_ctr128_encrypt(). This algorithm assumes
  * that the counter is in the x lower bits of the IV (ivec), and that the
  * application has full control over overflow and the rest of the IV.  This
- * implementation takes NO responsability for checking that the counter
+ * implementation takes NO responsibility for checking that the counter
  * doesn't overflow into the rest of the IV when incremented.
  */
 void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out,
@@ -127,9 +79,6 @@ void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out,
     unsigned int n;
     size_t l = 0;
 
-    assert(in && out && key && ecount_buf && num);
-    assert(*num < 16);
-
     n = *num;
 
 #if !defined(OPENSSL_SMALL_FOOTPRINT)
@@ -205,9 +154,6 @@ void CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out,
 {
     unsigned int n, ctr32;
 
-    assert(in && out && key && ecount_buf && num);
-    assert(*num < 16);
-
     n = *num;
 
     while (n && len) {
@@ -240,7 +186,7 @@ void CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out,
         (*func) (in, out, blocks, key, ivec);
         /* (*ctr) does not update ivec, caller does: */
         PUTU32(ivec + 12, ctr32);
-        /* ... overflow was detected, propogate carry. */
+        /* ... overflow was detected, propagate carry. */
         if (ctr32 == 0)
             ctr96_inc(ivec);
         blocks *= 16;
diff --git a/freebsd/crypto/openssl/crypto/modes/cts128.c b/freebsd/crypto/openssl/crypto/modes/cts128.c
index 0a970ab5..f848c30f 100644
--- a/freebsd/crypto/openssl/crypto/modes/cts128.c
+++ b/freebsd/crypto/openssl/crypto/modes/cts128.c
@@ -1,23 +1,18 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * Rights for redistribution and usage in source and binary
- * forms are granted according to the OpenSSL license.
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/crypto.h>
 #include "modes_lcl.h"
 #include <string.h>
 
-#ifndef MODES_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-#include <assert.h>
-
 /*
  * Trouble with Ciphertext Stealing, CTS, mode is that there is no
  * common official specification, but couple of cipher/application
@@ -38,8 +33,6 @@ size_t CRYPTO_cts128_encrypt_block(const unsigned char *in,
 {
     size_t residue, n;
 
-    assert(in && out && key && ivec);
-
     if (len <= 16)
         return 0;
 
@@ -70,8 +63,6 @@ size_t CRYPTO_nistcts128_encrypt_block(const unsigned char *in,
 {
     size_t residue, n;
 
-    assert(in && out && key && ivec);
-
     if (len < 16)
         return 0;
 
@@ -105,8 +96,6 @@ size_t CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out,
         unsigned char c[16];
     } tmp;
 
-    assert(in && out && key && ivec);
-
     if (len <= 16)
         return 0;
 
@@ -143,8 +132,6 @@ size_t CRYPTO_nistcts128_encrypt(const unsigned char *in, unsigned char *out,
         unsigned char c[16];
     } tmp;
 
-    assert(in && out && key && ivec);
-
     if (len < 16)
         return 0;
 
@@ -181,8 +168,6 @@ size_t CRYPTO_cts128_decrypt_block(const unsigned char *in,
         unsigned char c[32];
     } tmp;
 
-    assert(in && out && key && ivec);
-
     if (len <= 16)
         return 0;
 
@@ -226,8 +211,6 @@ size_t CRYPTO_nistcts128_decrypt_block(const unsigned char *in,
         unsigned char c[32];
     } tmp;
 
-    assert(in && out && key && ivec);
-
     if (len < 16)
         return 0;
 
@@ -274,8 +257,6 @@ size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out,
         unsigned char c[32];
     } tmp;
 
-    assert(in && out && key && ivec);
-
     if (len <= 16)
         return 0;
 
@@ -316,8 +297,6 @@ size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out,
         unsigned char c[32];
     } tmp;
 
-    assert(in && out && key && ivec);
-
     if (len < 16)
         return 0;
 
@@ -351,196 +330,3 @@ size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out,
 #endif
     return 16 + len + residue;
 }
-
-#if defined(SELFTEST)
-# include <stdio.h>
-# include <openssl/aes.h>
-
-/* test vectors from RFC 3962 */
-static const unsigned char test_key[16] = "chicken teriyaki";
-static const unsigned char test_input[64] =
-    "I would like the" " General Gau's C"
-    "hicken, please, " "and wonton soup.";
-static const unsigned char test_iv[16] =
-    { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
-
-static const unsigned char vector_17[17] = {
-    0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4,
-    0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f,
-    0x97
-};
-
-static const unsigned char vector_31[31] = {
-    0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1,
-    0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22,
-    0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
-    0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5
-};
-
-static const unsigned char vector_32[32] = {
-    0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
-    0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
-    0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
-    0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84
-};
-
-static const unsigned char vector_47[47] = {
-    0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
-    0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
-    0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c,
-    0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e,
-    0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
-    0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5
-};
-
-static const unsigned char vector_48[48] = {
-    0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
-    0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
-    0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
-    0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8,
-    0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
-    0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8
-};
-
-static const unsigned char vector_64[64] = {
-    0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
-    0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
-    0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
-    0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
-    0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5,
-    0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40,
-    0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
-    0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8
-};
-
-static AES_KEY encks, decks;
-
-void test_vector(const unsigned char *vector, size_t len)
-{
-    unsigned char iv[sizeof(test_iv)];
-    unsigned char cleartext[64], ciphertext[64];
-    size_t tail;
-
-    printf("vector_%d\n", len);
-    fflush(stdout);
-
-    if ((tail = len % 16) == 0)
-        tail = 16;
-    tail += 16;
-
-    /* test block-based encryption */
-    memcpy(iv, test_iv, sizeof(test_iv));
-    CRYPTO_cts128_encrypt_block(test_input, ciphertext, len, &encks, iv,
-                                (block128_f) AES_encrypt);
-    if (memcmp(ciphertext, vector, len))
-        fprintf(stderr, "output_%d mismatch\n", len), exit(1);
-    if (memcmp(iv, vector + len - tail, sizeof(iv)))
-        fprintf(stderr, "iv_%d mismatch\n", len), exit(1);
-
-    /* test block-based decryption */
-    memcpy(iv, test_iv, sizeof(test_iv));
-    CRYPTO_cts128_decrypt_block(ciphertext, cleartext, len, &decks, iv,
-                                (block128_f) AES_decrypt);
-    if (memcmp(cleartext, test_input, len))
-        fprintf(stderr, "input_%d mismatch\n", len), exit(2);
-    if (memcmp(iv, vector + len - tail, sizeof(iv)))
-        fprintf(stderr, "iv_%d mismatch\n", len), exit(2);
-
-    /* test streamed encryption */
-    memcpy(iv, test_iv, sizeof(test_iv));
-    CRYPTO_cts128_encrypt(test_input, ciphertext, len, &encks, iv,
-                          (cbc128_f) AES_cbc_encrypt);
-    if (memcmp(ciphertext, vector, len))
-        fprintf(stderr, "output_%d mismatch\n", len), exit(3);
-    if (memcmp(iv, vector + len - tail, sizeof(iv)))
-        fprintf(stderr, "iv_%d mismatch\n", len), exit(3);
-
-    /* test streamed decryption */
-    memcpy(iv, test_iv, sizeof(test_iv));
-    CRYPTO_cts128_decrypt(ciphertext, cleartext, len, &decks, iv,
-                          (cbc128_f) AES_cbc_encrypt);
-    if (memcmp(cleartext, test_input, len))
-        fprintf(stderr, "input_%d mismatch\n", len), exit(4);
-    if (memcmp(iv, vector + len - tail, sizeof(iv)))
-        fprintf(stderr, "iv_%d mismatch\n", len), exit(4);
-}
-
-void test_nistvector(const unsigned char *vector, size_t len)
-{
-    unsigned char iv[sizeof(test_iv)];
-    unsigned char cleartext[64], ciphertext[64], nistvector[64];
-    size_t tail;
-
-    printf("nistvector_%d\n", len);
-    fflush(stdout);
-
-    if ((tail = len % 16) == 0)
-        tail = 16;
-
-    len -= 16 + tail;
-    memcpy(nistvector, vector, len);
-    /* flip two last blocks */
-    memcpy(nistvector + len, vector + len + 16, tail);
-    memcpy(nistvector + len + tail, vector + len, 16);
-    len += 16 + tail;
-    tail = 16;
-
-    /* test block-based encryption */
-    memcpy(iv, test_iv, sizeof(test_iv));
-    CRYPTO_nistcts128_encrypt_block(test_input, ciphertext, len, &encks, iv,
-                                    (block128_f) AES_encrypt);
-    if (memcmp(ciphertext, nistvector, len))
-        fprintf(stderr, "output_%d mismatch\n", len), exit(1);
-    if (memcmp(iv, nistvector + len - tail, sizeof(iv)))
-        fprintf(stderr, "iv_%d mismatch\n", len), exit(1);
-
-    /* test block-based decryption */
-    memcpy(iv, test_iv, sizeof(test_iv));
-    CRYPTO_nistcts128_decrypt_block(ciphertext, cleartext, len, &decks, iv,
-                                    (block128_f) AES_decrypt);
-    if (memcmp(cleartext, test_input, len))
-        fprintf(stderr, "input_%d mismatch\n", len), exit(2);
-    if (memcmp(iv, nistvector + len - tail, sizeof(iv)))
-        fprintf(stderr, "iv_%d mismatch\n", len), exit(2);
-
-    /* test streamed encryption */
-    memcpy(iv, test_iv, sizeof(test_iv));
-    CRYPTO_nistcts128_encrypt(test_input, ciphertext, len, &encks, iv,
-                              (cbc128_f) AES_cbc_encrypt);
-    if (memcmp(ciphertext, nistvector, len))
-        fprintf(stderr, "output_%d mismatch\n", len), exit(3);
-    if (memcmp(iv, nistvector + len - tail, sizeof(iv)))
-        fprintf(stderr, "iv_%d mismatch\n", len), exit(3);
-
-    /* test streamed decryption */
-    memcpy(iv, test_iv, sizeof(test_iv));
-    CRYPTO_nistcts128_decrypt(ciphertext, cleartext, len, &decks, iv,
-                              (cbc128_f) AES_cbc_encrypt);
-    if (memcmp(cleartext, test_input, len))
-        fprintf(stderr, "input_%d mismatch\n", len), exit(4);
-    if (memcmp(iv, nistvector + len - tail, sizeof(iv)))
-        fprintf(stderr, "iv_%d mismatch\n", len), exit(4);
-}
-
-int main()
-{
-    AES_set_encrypt_key(test_key, 128, &encks);
-    AES_set_decrypt_key(test_key, 128, &decks);
-
-    test_vector(vector_17, sizeof(vector_17));
-    test_vector(vector_31, sizeof(vector_31));
-    test_vector(vector_32, sizeof(vector_32));
-    test_vector(vector_47, sizeof(vector_47));
-    test_vector(vector_48, sizeof(vector_48));
-    test_vector(vector_64, sizeof(vector_64));
-
-    test_nistvector(vector_17, sizeof(vector_17));
-    test_nistvector(vector_31, sizeof(vector_31));
-    test_nistvector(vector_32, sizeof(vector_32));
-    test_nistvector(vector_47, sizeof(vector_47));
-    test_nistvector(vector_48, sizeof(vector_48));
-    test_nistvector(vector_64, sizeof(vector_64));
-
-    return 0;
-}
-#endif
diff --git a/freebsd/crypto/openssl/crypto/modes/gcm128.c b/freebsd/crypto/openssl/crypto/modes/gcm128.c
index 07f7289e..949e4751 100644
--- a/freebsd/crypto/openssl/crypto/modes/gcm128.c
+++ b/freebsd/crypto/openssl/crypto/modes/gcm128.c
@@ -1,67 +1,18 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* ====================================================================
- * Copyright (c) 2010 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+/*
+ * Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#define OPENSSL_FIPSAPI
-
 #include <openssl/crypto.h>
 #include "modes_lcl.h"
 #include <string.h>
 
-#ifndef MODES_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-#include <assert.h>
-
 #if defined(BSWAP4) && defined(STRICT_ALIGNMENT)
 /* redefine, because alignment is ensured */
 # undef  GETU32
@@ -152,9 +103,7 @@ static void gcm_gmult_8bit(u64 Xi[2], const u128 Htable[256])
     const union {
         long one;
         char little;
-    } is_endian = {
-        1
-    };
+    } is_endian = { 1 };
     static const size_t rem_8bit[256] = {
         PACK(0x0000), PACK(0x01C2), PACK(0x0384), PACK(0x0246),
         PACK(0x0708), PACK(0x06CA), PACK(0x048C), PACK(0x054E),
@@ -262,7 +211,7 @@ static void gcm_gmult_8bit(u64 Xi[2], const u128 Htable[256])
     }
 }
 
-# define GCM_MUL(ctx,Xi)   gcm_gmult_8bit(ctx->Xi.u,ctx->Htable)
+# define GCM_MUL(ctx)      gcm_gmult_8bit(ctx->Xi.u,ctx->Htable)
 
 #elif   TABLE_BITS==4
 
@@ -323,9 +272,7 @@ static void gcm_init_4bit(u128 Htable[16], u64 H[2])
         const union {
             long one;
             char little;
-        } is_endian = {
-            1
-        };
+        } is_endian = { 1 };
 
         if (is_endian.little)
             for (j = 0; j < 16; ++j) {
@@ -358,9 +305,7 @@ static void gcm_gmult_4bit(u64 Xi[2], const u128 Htable[16])
     const union {
         long one;
         char little;
-    } is_endian = {
-        1
-    };
+    } is_endian = { 1 };
 
     nlo = ((const u8 *)Xi)[15];
     nhi = nlo >> 4;
@@ -439,9 +384,7 @@ static void gcm_ghash_4bit(u64 Xi[2], const u128 Htable[16],
     const union {
         long one;
         char little;
-    } is_endian = {
-        1
-    };
+    } is_endian = { 1 };
 
 #   if 1
     do {
@@ -609,7 +552,7 @@ void gcm_ghash_4bit(u64 Xi[2], const u128 Htable[16], const u8 *inp,
                     size_t len);
 # endif
 
-# define GCM_MUL(ctx,Xi)   gcm_gmult_4bit(ctx->Xi.u,ctx->Htable)
+# define GCM_MUL(ctx)      gcm_gmult_4bit(ctx->Xi.u,ctx->Htable)
 # if defined(GHASH_ASM) || !defined(OPENSSL_SMALL_FOOTPRINT)
 #  define GHASH(ctx,in,len) gcm_ghash_4bit((ctx)->Xi.u,(ctx)->Htable,in,len)
 /*
@@ -631,9 +574,7 @@ static void gcm_gmult_1bit(u64 Xi[2], const u64 H[2])
     const union {
         long one;
         char little;
-    } is_endian = {
-        1
-    };
+    } is_endian = { 1 };
 
     V.hi = H[0];                /* H is in host byte order, no byte swapping */
     V.lo = H[1];
@@ -685,7 +626,7 @@ static void gcm_gmult_1bit(u64 Xi[2], const u64 H[2])
     }
 }
 
-# define GCM_MUL(ctx,Xi)   gcm_gmult_1bit(ctx->Xi.u,ctx->H.u)
+# define GCM_MUL(ctx)      gcm_gmult_1bit(ctx->Xi.u,ctx->H.u)
 
 #endif
 
@@ -764,7 +705,7 @@ void gcm_ghash_p8(u64 Xi[2], const u128 Htable[16], const u8 *inp,
 
 #ifdef GCM_FUNCREF_4BIT
 # undef  GCM_MUL
-# define GCM_MUL(ctx,Xi)        (*gcm_gmult_p)(ctx->Xi.u,ctx->Htable)
+# define GCM_MUL(ctx)           (*gcm_gmult_p)(ctx->Xi.u,ctx->Htable)
 # ifdef GHASH
 #  undef  GHASH
 #  define GHASH(ctx,in,len)     (*gcm_ghash_p)(ctx->Xi.u,ctx->Htable,in,len)
@@ -776,9 +717,7 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block)
     const union {
         long one;
         char little;
-    } is_endian = {
-        1
-    };
+    } is_endian = { 1 };
 
     memset(ctx, 0, sizeof(*ctx));
     ctx->block = block;
@@ -803,18 +742,22 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block)
 #if     TABLE_BITS==8
     gcm_init_8bit(ctx->Htable, ctx->H.u);
 #elif   TABLE_BITS==4
+# if    defined(GHASH)
+#  define CTX__GHASH(f) (ctx->ghash = (f))
+# else
+#  define CTX__GHASH(f) (ctx->ghash = NULL)
+# endif
 # if    defined(GHASH_ASM_X86_OR_64)
 #  if   !defined(GHASH_ASM_X86) || defined(OPENSSL_IA32_SSE2)
-    if (OPENSSL_ia32cap_P[0] & (1 << 24) && /* check FXSR bit */
-        OPENSSL_ia32cap_P[1] & (1 << 1)) { /* check PCLMULQDQ bit */
+    if (OPENSSL_ia32cap_P[1] & (1 << 1)) { /* check PCLMULQDQ bit */
         if (((OPENSSL_ia32cap_P[1] >> 22) & 0x41) == 0x41) { /* AVX+MOVBE */
             gcm_init_avx(ctx->Htable, ctx->H.u);
             ctx->gmult = gcm_gmult_avx;
-            ctx->ghash = gcm_ghash_avx;
+            CTX__GHASH(gcm_ghash_avx);
         } else {
             gcm_init_clmul(ctx->Htable, ctx->H.u);
             ctx->gmult = gcm_gmult_clmul;
-            ctx->ghash = gcm_ghash_clmul;
+            CTX__GHASH(gcm_ghash_clmul);
         }
         return;
     }
@@ -827,66 +770,59 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block)
     if (OPENSSL_ia32cap_P[0] & (1 << 23)) { /* check MMX bit */
 #   endif
         ctx->gmult = gcm_gmult_4bit_mmx;
-        ctx->ghash = gcm_ghash_4bit_mmx;
+        CTX__GHASH(gcm_ghash_4bit_mmx);
     } else {
         ctx->gmult = gcm_gmult_4bit_x86;
-        ctx->ghash = gcm_ghash_4bit_x86;
+        CTX__GHASH(gcm_ghash_4bit_x86);
     }
 #  else
     ctx->gmult = gcm_gmult_4bit;
-    ctx->ghash = gcm_ghash_4bit;
+    CTX__GHASH(gcm_ghash_4bit);
 #  endif
 # elif  defined(GHASH_ASM_ARM)
 #  ifdef PMULL_CAPABLE
     if (PMULL_CAPABLE) {
         gcm_init_v8(ctx->Htable, ctx->H.u);
         ctx->gmult = gcm_gmult_v8;
-        ctx->ghash = gcm_ghash_v8;
+        CTX__GHASH(gcm_ghash_v8);
     } else
 #  endif
 #  ifdef NEON_CAPABLE
     if (NEON_CAPABLE) {
         gcm_init_neon(ctx->Htable, ctx->H.u);
         ctx->gmult = gcm_gmult_neon;
-        ctx->ghash = gcm_ghash_neon;
+        CTX__GHASH(gcm_ghash_neon);
     } else
 #  endif
     {
         gcm_init_4bit(ctx->Htable, ctx->H.u);
         ctx->gmult = gcm_gmult_4bit;
-#  if defined(GHASH)
-        ctx->ghash = gcm_ghash_4bit;
-#  else
-        ctx->ghash = NULL;
-#  endif
+        CTX__GHASH(gcm_ghash_4bit);
     }
 # elif  defined(GHASH_ASM_SPARC)
     if (OPENSSL_sparcv9cap_P[0] & SPARCV9_VIS3) {
         gcm_init_vis3(ctx->Htable, ctx->H.u);
         ctx->gmult = gcm_gmult_vis3;
-        ctx->ghash = gcm_ghash_vis3;
+        CTX__GHASH(gcm_ghash_vis3);
     } else {
         gcm_init_4bit(ctx->Htable, ctx->H.u);
         ctx->gmult = gcm_gmult_4bit;
-        ctx->ghash = gcm_ghash_4bit;
+        CTX__GHASH(gcm_ghash_4bit);
     }
 # elif  defined(GHASH_ASM_PPC)
     if (OPENSSL_ppccap_P & PPC_CRYPTO207) {
         gcm_init_p8(ctx->Htable, ctx->H.u);
         ctx->gmult = gcm_gmult_p8;
-        ctx->ghash = gcm_ghash_p8;
+        CTX__GHASH(gcm_ghash_p8);
     } else {
         gcm_init_4bit(ctx->Htable, ctx->H.u);
         ctx->gmult = gcm_gmult_4bit;
-#  if defined(GHASH)
-        ctx->ghash = gcm_ghash_4bit;
-#  else
-        ctx->ghash = NULL;
-#  endif
+        CTX__GHASH(gcm_ghash_4bit);
     }
 # else
     gcm_init_4bit(ctx->Htable, ctx->H.u);
 # endif
+# undef CTX__GHASH
 #endif
 }
 
@@ -896,18 +832,12 @@ void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const unsigned char *iv,
     const union {
         long one;
         char little;
-    } is_endian = {
-        1
-    };
+    } is_endian = { 1 };
     unsigned int ctr;
 #ifdef GCM_FUNCREF_4BIT
     void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult;
 #endif
 
-    ctx->Yi.u[0] = 0;
-    ctx->Yi.u[1] = 0;
-    ctx->Xi.u[0] = 0;
-    ctx->Xi.u[1] = 0;
     ctx->len.u[0] = 0;          /* AAD length */
     ctx->len.u[1] = 0;          /* message length */
     ctx->ares = 0;
@@ -915,53 +845,68 @@ void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const unsigned char *iv,
 
     if (len == 12) {
         memcpy(ctx->Yi.c, iv, 12);
+        ctx->Yi.c[12] = 0;
+        ctx->Yi.c[13] = 0;
+        ctx->Yi.c[14] = 0;
         ctx->Yi.c[15] = 1;
         ctr = 1;
     } else {
         size_t i;
         u64 len0 = len;
 
+        /* Borrow ctx->Xi to calculate initial Yi */
+        ctx->Xi.u[0] = 0;
+        ctx->Xi.u[1] = 0;
+
         while (len >= 16) {
             for (i = 0; i < 16; ++i)
-                ctx->Yi.c[i] ^= iv[i];
-            GCM_MUL(ctx, Yi);
+                ctx->Xi.c[i] ^= iv[i];
+            GCM_MUL(ctx);
             iv += 16;
             len -= 16;
         }
         if (len) {
             for (i = 0; i < len; ++i)
-                ctx->Yi.c[i] ^= iv[i];
-            GCM_MUL(ctx, Yi);
+                ctx->Xi.c[i] ^= iv[i];
+            GCM_MUL(ctx);
         }
         len0 <<= 3;
         if (is_endian.little) {
 #ifdef BSWAP8
-            ctx->Yi.u[1] ^= BSWAP8(len0);
+            ctx->Xi.u[1] ^= BSWAP8(len0);
 #else
-            ctx->Yi.c[8] ^= (u8)(len0 >> 56);
-            ctx->Yi.c[9] ^= (u8)(len0 >> 48);
-            ctx->Yi.c[10] ^= (u8)(len0 >> 40);
-            ctx->Yi.c[11] ^= (u8)(len0 >> 32);
-            ctx->Yi.c[12] ^= (u8)(len0 >> 24);
-            ctx->Yi.c[13] ^= (u8)(len0 >> 16);
-            ctx->Yi.c[14] ^= (u8)(len0 >> 8);
-            ctx->Yi.c[15] ^= (u8)(len0);
+            ctx->Xi.c[8] ^= (u8)(len0 >> 56);
+            ctx->Xi.c[9] ^= (u8)(len0 >> 48);
+            ctx->Xi.c[10] ^= (u8)(len0 >> 40);
+            ctx->Xi.c[11] ^= (u8)(len0 >> 32);
+            ctx->Xi.c[12] ^= (u8)(len0 >> 24);
+            ctx->Xi.c[13] ^= (u8)(len0 >> 16);
+            ctx->Xi.c[14] ^= (u8)(len0 >> 8);
+            ctx->Xi.c[15] ^= (u8)(len0);
 #endif
-        } else
-            ctx->Yi.u[1] ^= len0;
+        } else {
+            ctx->Xi.u[1] ^= len0;
+        }
 
-        GCM_MUL(ctx, Yi);
+        GCM_MUL(ctx);
 
         if (is_endian.little)
 #ifdef BSWAP4
-            ctr = BSWAP4(ctx->Yi.d[3]);
+            ctr = BSWAP4(ctx->Xi.d[3]);
 #else
-            ctr = GETU32(ctx->Yi.c + 12);
+            ctr = GETU32(ctx->Xi.c + 12);
 #endif
         else
-            ctr = ctx->Yi.d[3];
+            ctr = ctx->Xi.d[3];
+
+        /* Copy borrowed Xi to Yi */
+        ctx->Yi.u[0] = ctx->Xi.u[0];
+        ctx->Yi.u[1] = ctx->Xi.u[1];
     }
 
+    ctx->Xi.u[0] = 0;
+    ctx->Xi.u[1] = 0;
+
     (*ctx->block) (ctx->Yi.c, ctx->EK0.c, ctx->key);
     ++ctr;
     if (is_endian.little)
@@ -1004,7 +949,7 @@ int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const unsigned char *aad,
             n = (n + 1) % 16;
         }
         if (n == 0)
-            GCM_MUL(ctx, Xi);
+            GCM_MUL(ctx);
         else {
             ctx->ares = n;
             return 0;
@@ -1020,7 +965,7 @@ int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const unsigned char *aad,
     while (len >= 16) {
         for (i = 0; i < 16; ++i)
             ctx->Xi.c[i] ^= aad[i];
-        GCM_MUL(ctx, Xi);
+        GCM_MUL(ctx);
         aad += 16;
         len -= 16;
     }
@@ -1042,33 +987,42 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
     const union {
         long one;
         char little;
-    } is_endian = {
-        1
-    };
-    unsigned int n, ctr;
+    } is_endian = { 1 };
+    unsigned int n, ctr, mres;
     size_t i;
     u64 mlen = ctx->len.u[1];
     block128_f block = ctx->block;
     void *key = ctx->key;
 #ifdef GCM_FUNCREF_4BIT
     void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult;
-# ifdef GHASH
+# if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
     void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16],
                          const u8 *inp, size_t len) = ctx->ghash;
 # endif
 #endif
 
-#if 0
-    n = (unsigned int)mlen % 16; /* alternative to ctx->mres */
-#endif
     mlen += len;
     if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len))
         return -1;
     ctx->len.u[1] = mlen;
 
+    mres = ctx->mres;
+
     if (ctx->ares) {
         /* First call to encrypt finalizes GHASH(AAD) */
-        GCM_MUL(ctx, Xi);
+#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
+        if (len == 0) {
+            GCM_MUL(ctx);
+            ctx->ares = 0;
+            return 0;
+        }
+        memcpy(ctx->Xn, ctx->Xi.c, sizeof(ctx->Xi));
+        ctx->Xi.u[0] = 0;
+        ctx->Xi.u[1] = 0;
+        mres = sizeof(ctx->Xi);
+#else
+        GCM_MUL(ctx);
+#endif
         ctx->ares = 0;
     }
 
@@ -1081,28 +1035,49 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
     else
         ctr = ctx->Yi.d[3];
 
-    n = ctx->mres;
+    n = mres % 16;
 #if !defined(OPENSSL_SMALL_FOOTPRINT)
     if (16 % sizeof(size_t) == 0) { /* always true actually */
         do {
             if (n) {
+# if defined(GHASH)
+                while (n && len) {
+                    ctx->Xn[mres++] = *(out++) = *(in++) ^ ctx->EKi.c[n];
+                    --len;
+                    n = (n + 1) % 16;
+                }
+                if (n == 0) {
+                    GHASH(ctx, ctx->Xn, mres);
+                    mres = 0;
+                } else {
+                    ctx->mres = mres;
+                    return 0;
+                }
+# else
                 while (n && len) {
                     ctx->Xi.c[n] ^= *(out++) = *(in++) ^ ctx->EKi.c[n];
                     --len;
                     n = (n + 1) % 16;
                 }
-                if (n == 0)
-                    GCM_MUL(ctx, Xi);
-                else {
+                if (n == 0) {
+                    GCM_MUL(ctx);
+                    mres = 0;
+                } else {
                     ctx->mres = n;
                     return 0;
                 }
+# endif
             }
 # if defined(STRICT_ALIGNMENT)
             if (((size_t)in | (size_t)out) % sizeof(size_t) != 0)
                 break;
 # endif
-# if defined(GHASH) && defined(GHASH_CHUNK)
+# if defined(GHASH)
+            if (len >= 16 && mres) {
+                GHASH(ctx, ctx->Xn, mres);
+                mres = 0;
+            }
+#  if defined(GHASH_CHUNK)
             while (len >= GHASH_CHUNK) {
                 size_t j = GHASH_CHUNK;
 
@@ -1113,11 +1088,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
                     (*block) (ctx->Yi.c, ctx->EKi.c, key);
                     ++ctr;
                     if (is_endian.little)
-#  ifdef BSWAP4
+#   ifdef BSWAP4
                         ctx->Yi.d[3] = BSWAP4(ctr);
-#  else
+#   else
                         PUTU32(ctx->Yi.c + 12, ctr);
-#  endif
+#   endif
                     else
                         ctx->Yi.d[3] = ctr;
                     for (i = 0; i < 16 / sizeof(size_t); ++i)
@@ -1129,6 +1104,7 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
                 GHASH(ctx, out - GHASH_CHUNK, GHASH_CHUNK);
                 len -= GHASH_CHUNK;
             }
+#  endif
             if ((i = (len & (size_t)-16))) {
                 size_t j = i;
 
@@ -1171,7 +1147,7 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
                     ctx->Yi.d[3] = ctr;
                 for (i = 0; i < 16 / sizeof(size_t); ++i)
                     ctx->Xi.t[i] ^= out_t[i] = in_t[i] ^ ctx->EKi.t[i];
-                GCM_MUL(ctx, Xi);
+                GCM_MUL(ctx);
                 out += 16;
                 in += 16;
                 len -= 16;
@@ -1188,13 +1164,21 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
 # endif
                 else
                     ctx->Yi.d[3] = ctr;
+# if defined(GHASH)
+                while (len--) {
+                    ctx->Xn[mres++] = out[n] = in[n] ^ ctx->EKi.c[n];
+                    ++n;
+                }
+# else
                 while (len--) {
                     ctx->Xi.c[n] ^= out[n] = in[n] ^ ctx->EKi.c[n];
                     ++n;
                 }
+                mres = n;
+# endif
             }
 
-            ctx->mres = n;
+            ctx->mres = mres;
             return 0;
         } while (0);
     }
@@ -1212,13 +1196,22 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
             else
                 ctx->Yi.d[3] = ctr;
         }
-        ctx->Xi.c[n] ^= out[i] = in[i] ^ ctx->EKi.c[n];
+#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
+        ctx->Xn[mres++] = out[i] = in[i] ^ ctx->EKi.c[n];
         n = (n + 1) % 16;
+        if (mres == sizeof(ctx->Xn)) {
+            GHASH(ctx,ctx->Xn,sizeof(ctx->Xn));
+            mres = 0;
+        }
+#else
+        ctx->Xi.c[n] ^= out[i] = in[i] ^ ctx->EKi.c[n];
+        mres = n = (n + 1) % 16;
         if (n == 0)
-            GCM_MUL(ctx, Xi);
+            GCM_MUL(ctx);
+#endif
     }
 
-    ctx->mres = n;
+    ctx->mres = mres;
     return 0;
 }
 
@@ -1229,17 +1222,15 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
     const union {
         long one;
         char little;
-    } is_endian = {
-        1
-    };
-    unsigned int n, ctr;
+    } is_endian = { 1 };
+    unsigned int n, ctr, mres;
     size_t i;
     u64 mlen = ctx->len.u[1];
     block128_f block = ctx->block;
     void *key = ctx->key;
 #ifdef GCM_FUNCREF_4BIT
     void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult;
-# ifdef GHASH
+# if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
     void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16],
                          const u8 *inp, size_t len) = ctx->ghash;
 # endif
@@ -1250,9 +1241,23 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
         return -1;
     ctx->len.u[1] = mlen;
 
+    mres = ctx->mres;
+
     if (ctx->ares) {
         /* First call to decrypt finalizes GHASH(AAD) */
-        GCM_MUL(ctx, Xi);
+#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
+        if (len == 0) {
+            GCM_MUL(ctx);
+            ctx->ares = 0;
+            return 0;
+        }
+        memcpy(ctx->Xn, ctx->Xi.c, sizeof(ctx->Xi));
+        ctx->Xi.u[0] = 0;
+        ctx->Xi.u[1] = 0;
+        mres = sizeof(ctx->Xi);
+#else
+        GCM_MUL(ctx);
+#endif
         ctx->ares = 0;
     }
 
@@ -1265,11 +1270,25 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
     else
         ctr = ctx->Yi.d[3];
 
-    n = ctx->mres;
+    n = mres % 16;
 #if !defined(OPENSSL_SMALL_FOOTPRINT)
     if (16 % sizeof(size_t) == 0) { /* always true actually */
         do {
             if (n) {
+# if defined(GHASH)
+                while (n && len) {
+                    *(out++) = (ctx->Xn[mres++] = *(in++)) ^ ctx->EKi.c[n];
+                    --len;
+                    n = (n + 1) % 16;
+                }
+                if (n == 0) {
+                    GHASH(ctx, ctx->Xn, mres);
+                    mres = 0;
+                } else {
+                    ctx->mres = mres;
+                    return 0;
+                }
+# else
                 while (n && len) {
                     u8 c = *(in++);
                     *(out++) = c ^ ctx->EKi.c[n];
@@ -1277,18 +1296,25 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
                     --len;
                     n = (n + 1) % 16;
                 }
-                if (n == 0)
-                    GCM_MUL(ctx, Xi);
-                else {
+                if (n == 0) {
+                    GCM_MUL(ctx);
+                    mres = 0;
+                } else {
                     ctx->mres = n;
                     return 0;
                 }
+# endif
             }
 # if defined(STRICT_ALIGNMENT)
             if (((size_t)in | (size_t)out) % sizeof(size_t) != 0)
                 break;
 # endif
-# if defined(GHASH) && defined(GHASH_CHUNK)
+# if defined(GHASH)
+            if (len >= 16 && mres) {
+                GHASH(ctx, ctx->Xn, mres);
+                mres = 0;
+            }
+#  if defined(GHASH_CHUNK)
             while (len >= GHASH_CHUNK) {
                 size_t j = GHASH_CHUNK;
 
@@ -1300,11 +1326,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
                     (*block) (ctx->Yi.c, ctx->EKi.c, key);
                     ++ctr;
                     if (is_endian.little)
-#  ifdef BSWAP4
+#   ifdef BSWAP4
                         ctx->Yi.d[3] = BSWAP4(ctr);
-#  else
+#   else
                         PUTU32(ctx->Yi.c + 12, ctr);
-#  endif
+#   endif
                     else
                         ctx->Yi.d[3] = ctr;
                     for (i = 0; i < 16 / sizeof(size_t); ++i)
@@ -1315,6 +1341,7 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
                 }
                 len -= GHASH_CHUNK;
             }
+#  endif
             if ((i = (len & (size_t)-16))) {
                 GHASH(ctx, in, i);
                 while (len >= 16) {
@@ -1358,7 +1385,7 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
                     out[i] = c ^ ctx->EKi.t[i];
                     ctx->Xi.t[i] ^= c;
                 }
-                GCM_MUL(ctx, Xi);
+                GCM_MUL(ctx);
                 out += 16;
                 in += 16;
                 len -= 16;
@@ -1375,15 +1402,23 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
 # endif
                 else
                     ctx->Yi.d[3] = ctr;
+# if defined(GHASH)
+                while (len--) {
+                    out[n] = (ctx->Xn[mres++] = in[n]) ^ ctx->EKi.c[n];
+                    ++n;
+                }
+# else
                 while (len--) {
                     u8 c = in[n];
                     ctx->Xi.c[n] ^= c;
                     out[n] = c ^ ctx->EKi.c[n];
                     ++n;
                 }
+                mres = n;
+# endif
             }
 
-            ctx->mres = n;
+            ctx->mres = mres;
             return 0;
         } while (0);
     }
@@ -1402,15 +1437,24 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
             else
                 ctx->Yi.d[3] = ctr;
         }
+#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
+        out[i] = (ctx->Xn[mres++] = c = in[i]) ^ ctx->EKi.c[n];
+        n = (n + 1) % 16;
+        if (mres == sizeof(ctx->Xn)) {
+            GHASH(ctx,ctx->Xn,sizeof(ctx->Xn));
+            mres = 0;
+        }
+#else
         c = in[i];
         out[i] = c ^ ctx->EKi.c[n];
         ctx->Xi.c[n] ^= c;
-        n = (n + 1) % 16;
+        mres = n = (n + 1) % 16;
         if (n == 0)
-            GCM_MUL(ctx, Xi);
+            GCM_MUL(ctx);
+#endif
     }
 
-    ctx->mres = n;
+    ctx->mres = mres;
     return 0;
 }
 
@@ -1418,68 +1462,104 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
                                 const unsigned char *in, unsigned char *out,
                                 size_t len, ctr128_f stream)
 {
+#if defined(OPENSSL_SMALL_FOOTPRINT)
+    return CRYPTO_gcm128_encrypt(ctx, in, out, len);
+#else
     const union {
         long one;
         char little;
-    } is_endian = {
-        1
-    };
-    unsigned int n, ctr;
+    } is_endian = { 1 };
+    unsigned int n, ctr, mres;
     size_t i;
     u64 mlen = ctx->len.u[1];
     void *key = ctx->key;
-#ifdef GCM_FUNCREF_4BIT
+# ifdef GCM_FUNCREF_4BIT
     void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult;
-# ifdef GHASH
+#  ifdef GHASH
     void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16],
                          const u8 *inp, size_t len) = ctx->ghash;
+#  endif
 # endif
-#endif
 
     mlen += len;
     if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len))
         return -1;
     ctx->len.u[1] = mlen;
 
+    mres = ctx->mres;
+
     if (ctx->ares) {
         /* First call to encrypt finalizes GHASH(AAD) */
-        GCM_MUL(ctx, Xi);
+#if defined(GHASH)
+        if (len == 0) {
+            GCM_MUL(ctx);
+            ctx->ares = 0;
+            return 0;
+        }
+        memcpy(ctx->Xn, ctx->Xi.c, sizeof(ctx->Xi));
+        ctx->Xi.u[0] = 0;
+        ctx->Xi.u[1] = 0;
+        mres = sizeof(ctx->Xi);
+#else
+        GCM_MUL(ctx);
+#endif
         ctx->ares = 0;
     }
 
     if (is_endian.little)
-#ifdef BSWAP4
+# ifdef BSWAP4
         ctr = BSWAP4(ctx->Yi.d[3]);
-#else
+# else
         ctr = GETU32(ctx->Yi.c + 12);
-#endif
+# endif
     else
         ctr = ctx->Yi.d[3];
 
-    n = ctx->mres;
+    n = mres % 16;
     if (n) {
+# if defined(GHASH)
+        while (n && len) {
+            ctx->Xn[mres++] = *(out++) = *(in++) ^ ctx->EKi.c[n];
+            --len;
+            n = (n + 1) % 16;
+        }
+        if (n == 0) {
+            GHASH(ctx, ctx->Xn, mres);
+            mres = 0;
+        } else {
+            ctx->mres = mres;
+            return 0;
+        }
+# else
         while (n && len) {
             ctx->Xi.c[n] ^= *(out++) = *(in++) ^ ctx->EKi.c[n];
             --len;
             n = (n + 1) % 16;
         }
-        if (n == 0)
-            GCM_MUL(ctx, Xi);
-        else {
+        if (n == 0) {
+            GCM_MUL(ctx);
+            mres = 0;
+        } else {
             ctx->mres = n;
             return 0;
         }
+# endif
     }
-#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
+# if defined(GHASH)
+        if (len >= 16 && mres) {
+            GHASH(ctx, ctx->Xn, mres);
+            mres = 0;
+        }
+#  if defined(GHASH_CHUNK)
     while (len >= GHASH_CHUNK) {
         (*stream) (in, out, GHASH_CHUNK / 16, key, ctx->Yi.c);
         ctr += GHASH_CHUNK / 16;
         if (is_endian.little)
-# ifdef BSWAP4
+#   ifdef BSWAP4
             ctx->Yi.d[3] = BSWAP4(ctr);
-# else
+#   else
             PUTU32(ctx->Yi.c + 12, ctr);
-# endif
+#   endif
         else
             ctx->Yi.d[3] = ctr;
         GHASH(ctx, out, GHASH_CHUNK);
@@ -1487,99 +1567,134 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
         in += GHASH_CHUNK;
         len -= GHASH_CHUNK;
     }
-#endif
+#  endif
+# endif
     if ((i = (len & (size_t)-16))) {
         size_t j = i / 16;
 
         (*stream) (in, out, j, key, ctx->Yi.c);
         ctr += (unsigned int)j;
         if (is_endian.little)
-#ifdef BSWAP4
+# ifdef BSWAP4
             ctx->Yi.d[3] = BSWAP4(ctr);
-#else
+# else
             PUTU32(ctx->Yi.c + 12, ctr);
-#endif
+# endif
         else
             ctx->Yi.d[3] = ctr;
         in += i;
         len -= i;
-#if defined(GHASH)
+# if defined(GHASH)
         GHASH(ctx, out, i);
         out += i;
-#else
+# else
         while (j--) {
             for (i = 0; i < 16; ++i)
                 ctx->Xi.c[i] ^= out[i];
-            GCM_MUL(ctx, Xi);
+            GCM_MUL(ctx);
             out += 16;
         }
-#endif
+# endif
     }
     if (len) {
         (*ctx->block) (ctx->Yi.c, ctx->EKi.c, key);
         ++ctr;
         if (is_endian.little)
-#ifdef BSWAP4
+# ifdef BSWAP4
             ctx->Yi.d[3] = BSWAP4(ctr);
-#else
+# else
             PUTU32(ctx->Yi.c + 12, ctr);
-#endif
+# endif
         else
             ctx->Yi.d[3] = ctr;
         while (len--) {
-            ctx->Xi.c[n] ^= out[n] = in[n] ^ ctx->EKi.c[n];
+# if defined(GHASH)
+            ctx->Xn[mres++] = out[n] = in[n] ^ ctx->EKi.c[n];
+# else
+            ctx->Xi.c[mres++] ^= out[n] = in[n] ^ ctx->EKi.c[n];
+# endif
             ++n;
         }
     }
 
-    ctx->mres = n;
+    ctx->mres = mres;
     return 0;
+#endif
 }
 
 int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
                                 const unsigned char *in, unsigned char *out,
                                 size_t len, ctr128_f stream)
 {
+#if defined(OPENSSL_SMALL_FOOTPRINT)
+    return CRYPTO_gcm128_decrypt(ctx, in, out, len);
+#else
     const union {
         long one;
         char little;
-    } is_endian = {
-        1
-    };
-    unsigned int n, ctr;
+    } is_endian = { 1 };
+    unsigned int n, ctr, mres;
     size_t i;
     u64 mlen = ctx->len.u[1];
     void *key = ctx->key;
-#ifdef GCM_FUNCREF_4BIT
+# ifdef GCM_FUNCREF_4BIT
     void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult;
-# ifdef GHASH
+#  ifdef GHASH
     void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16],
                          const u8 *inp, size_t len) = ctx->ghash;
+#  endif
 # endif
-#endif
 
     mlen += len;
     if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len))
         return -1;
     ctx->len.u[1] = mlen;
 
+    mres = ctx->mres;
+
     if (ctx->ares) {
         /* First call to decrypt finalizes GHASH(AAD) */
-        GCM_MUL(ctx, Xi);
+# if defined(GHASH)
+        if (len == 0) {
+            GCM_MUL(ctx);
+            ctx->ares = 0;
+            return 0;
+        }
+        memcpy(ctx->Xn, ctx->Xi.c, sizeof(ctx->Xi));
+        ctx->Xi.u[0] = 0;
+        ctx->Xi.u[1] = 0;
+        mres = sizeof(ctx->Xi);
+# else
+        GCM_MUL(ctx);
+# endif
         ctx->ares = 0;
     }
 
     if (is_endian.little)
-#ifdef BSWAP4
+# ifdef BSWAP4
         ctr = BSWAP4(ctx->Yi.d[3]);
-#else
+# else
         ctr = GETU32(ctx->Yi.c + 12);
-#endif
+# endif
     else
         ctr = ctx->Yi.d[3];
 
-    n = ctx->mres;
+    n = mres % 16;
     if (n) {
+# if defined(GHASH)
+        while (n && len) {
+            *(out++) = (ctx->Xn[mres++] = *(in++)) ^ ctx->EKi.c[n];
+            --len;
+            n = (n + 1) % 16;
+        }
+        if (n == 0) {
+            GHASH(ctx, ctx->Xn, mres);
+            mres = 0;
+        } else {
+            ctx->mres = mres;
+            return 0;
+        }
+# else
         while (n && len) {
             u8 c = *(in++);
             *(out++) = c ^ ctx->EKi.c[n];
@@ -1587,55 +1702,63 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
             --len;
             n = (n + 1) % 16;
         }
-        if (n == 0)
-            GCM_MUL(ctx, Xi);
-        else {
+        if (n == 0) {
+            GCM_MUL(ctx);
+            mres = 0;
+        } else {
             ctx->mres = n;
             return 0;
         }
+# endif
     }
-#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
+# if defined(GHASH)
+    if (len >= 16 && mres) {
+        GHASH(ctx, ctx->Xn, mres);
+        mres = 0;
+    }
+#  if defined(GHASH_CHUNK)
     while (len >= GHASH_CHUNK) {
         GHASH(ctx, in, GHASH_CHUNK);
         (*stream) (in, out, GHASH_CHUNK / 16, key, ctx->Yi.c);
         ctr += GHASH_CHUNK / 16;
         if (is_endian.little)
-# ifdef BSWAP4
+#   ifdef BSWAP4
             ctx->Yi.d[3] = BSWAP4(ctr);
-# else
+#   else
             PUTU32(ctx->Yi.c + 12, ctr);
-# endif
+#   endif
         else
             ctx->Yi.d[3] = ctr;
         out += GHASH_CHUNK;
         in += GHASH_CHUNK;
         len -= GHASH_CHUNK;
     }
-#endif
+#  endif
+# endif
     if ((i = (len & (size_t)-16))) {
         size_t j = i / 16;
 
-#if defined(GHASH)
+# if defined(GHASH)
         GHASH(ctx, in, i);
-#else
+# else
         while (j--) {
             size_t k;
             for (k = 0; k < 16; ++k)
                 ctx->Xi.c[k] ^= in[k];
-            GCM_MUL(ctx, Xi);
+            GCM_MUL(ctx);
             in += 16;
         }
         j = i / 16;
         in -= i;
-#endif
+# endif
         (*stream) (in, out, j, key, ctx->Yi.c);
         ctr += (unsigned int)j;
         if (is_endian.little)
-#ifdef BSWAP4
+# ifdef BSWAP4
             ctx->Yi.d[3] = BSWAP4(ctr);
-#else
+# else
             PUTU32(ctx->Yi.c + 12, ctr);
-#endif
+# endif
         else
             ctx->Yi.d[3] = ctr;
         out += i;
@@ -1646,23 +1769,28 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
         (*ctx->block) (ctx->Yi.c, ctx->EKi.c, key);
         ++ctr;
         if (is_endian.little)
-#ifdef BSWAP4
+# ifdef BSWAP4
             ctx->Yi.d[3] = BSWAP4(ctr);
-#else
+# else
             PUTU32(ctx->Yi.c + 12, ctr);
-#endif
+# endif
         else
             ctx->Yi.d[3] = ctr;
         while (len--) {
+# if defined(GHASH)
+            out[n] = (ctx->Xn[mres++] = in[n]) ^ ctx->EKi.c[n];
+# else
             u8 c = in[n];
-            ctx->Xi.c[n] ^= c;
+            ctx->Xi.c[mres++] ^= c;
             out[n] = c ^ ctx->EKi.c[n];
+# endif
             ++n;
         }
     }
 
-    ctx->mres = n;
+    ctx->mres = mres;
     return 0;
+#endif
 }
 
 int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag,
@@ -1671,17 +1799,37 @@ int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag,
     const union {
         long one;
         char little;
-    } is_endian = {
-        1
-    };
+    } is_endian = { 1 };
     u64 alen = ctx->len.u[0] << 3;
     u64 clen = ctx->len.u[1] << 3;
 #ifdef GCM_FUNCREF_4BIT
     void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult;
+# if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
+    void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16],
+                         const u8 *inp, size_t len) = ctx->ghash;
+# endif
 #endif
 
+#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
+    u128 bitlen;
+    unsigned int mres = ctx->mres;
+
+    if (mres) {
+        unsigned blocks = (mres + 15) & -16;
+
+        memset(ctx->Xn + mres, 0, blocks - mres);
+        mres = blocks;
+        if (mres == sizeof(ctx->Xn)) {
+            GHASH(ctx, ctx->Xn, mres);
+            mres = 0;
+        }
+    } else if (ctx->ares) {
+        GCM_MUL(ctx);
+    }
+#else
     if (ctx->mres || ctx->ares)
-        GCM_MUL(ctx, Xi);
+        GCM_MUL(ctx);
+#endif
 
     if (is_endian.little) {
 #ifdef BSWAP8
@@ -1698,9 +1846,17 @@ int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag,
 #endif
     }
 
+#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
+    bitlen.hi = alen;
+    bitlen.lo = clen;
+    memcpy(ctx->Xn + mres, &bitlen, sizeof(bitlen));
+    mres += sizeof(bitlen);
+    GHASH(ctx, ctx->Xn, mres);
+#else
     ctx->Xi.u[0] ^= alen;
     ctx->Xi.u[1] ^= clen;
-    GCM_MUL(ctx, Xi);
+    GCM_MUL(ctx);
+#endif
 
     ctx->Xi.u[0] ^= ctx->EK0.u[0];
     ctx->Xi.u[1] ^= ctx->EK0.u[1];
@@ -1722,7 +1878,7 @@ GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block)
 {
     GCM128_CONTEXT *ret;
 
-    if ((ret = (GCM128_CONTEXT *)OPENSSL_malloc(sizeof(GCM128_CONTEXT))))
+    if ((ret = OPENSSL_malloc(sizeof(*ret))) != NULL)
         CRYPTO_gcm128_init(ret, key, block);
 
     return ret;
@@ -1730,644 +1886,5 @@ GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block)
 
 void CRYPTO_gcm128_release(GCM128_CONTEXT *ctx)
 {
-    if (ctx) {
-        OPENSSL_cleanse(ctx, sizeof(*ctx));
-        OPENSSL_free(ctx);
-    }
+    OPENSSL_clear_free(ctx, sizeof(*ctx));
 }
-
-#if defined(SELFTEST)
-# include <stdio.h>
-# include <openssl/aes.h>
-
-/* Test Case 1 */
-static const u8 K1[16], *P1 = NULL, *A1 = NULL, IV1[12], *C1 = NULL;
-static const u8 T1[] = {
-    0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61,
-    0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a
-};
-
-/* Test Case 2 */
-# define K2 K1
-# define A2 A1
-# define IV2 IV1
-static const u8 P2[16];
-static const u8 C2[] = {
-    0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92,
-    0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78
-};
-
-static const u8 T2[] = {
-    0xab, 0x6e, 0x47, 0xd4, 0x2c, 0xec, 0x13, 0xbd,
-    0xf5, 0x3a, 0x67, 0xb2, 0x12, 0x57, 0xbd, 0xdf
-};
-
-/* Test Case 3 */
-# define A3 A2
-static const u8 K3[] = {
-    0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
-    0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
-};
-
-static const u8 P3[] = {
-    0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
-    0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
-    0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
-    0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
-    0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
-    0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
-    0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
-    0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55
-};
-
-static const u8 IV3[] = {
-    0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
-    0xde, 0xca, 0xf8, 0x88
-};
-
-static const u8 C3[] = {
-    0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
-    0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
-    0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
-    0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
-    0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
-    0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
-    0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
-    0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85
-};
-
-static const u8 T3[] = {
-    0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6,
-    0x2c, 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4
-};
-
-/* Test Case 4 */
-# define K4 K3
-# define IV4 IV3
-static const u8 P4[] = {
-    0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
-    0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
-    0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
-    0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
-    0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
-    0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
-    0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
-    0xba, 0x63, 0x7b, 0x39
-};
-
-static const u8 A4[] = {
-    0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
-    0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
-    0xab, 0xad, 0xda, 0xd2
-};
-
-static const u8 C4[] = {
-    0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
-    0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
-    0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
-    0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
-    0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
-    0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
-    0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
-    0x3d, 0x58, 0xe0, 0x91
-};
-
-static const u8 T4[] = {
-    0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb,
-    0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47
-};
-
-/* Test Case 5 */
-# define K5 K4
-# define P5 P4
-# define A5 A4
-static const u8 IV5[] = {
-    0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
-};
-
-static const u8 C5[] = {
-    0x61, 0x35, 0x3b, 0x4c, 0x28, 0x06, 0x93, 0x4a,
-    0x77, 0x7f, 0xf5, 0x1f, 0xa2, 0x2a, 0x47, 0x55,
-    0x69, 0x9b, 0x2a, 0x71, 0x4f, 0xcd, 0xc6, 0xf8,
-    0x37, 0x66, 0xe5, 0xf9, 0x7b, 0x6c, 0x74, 0x23,
-    0x73, 0x80, 0x69, 0x00, 0xe4, 0x9f, 0x24, 0xb2,
-    0x2b, 0x09, 0x75, 0x44, 0xd4, 0x89, 0x6b, 0x42,
-    0x49, 0x89, 0xb5, 0xe1, 0xeb, 0xac, 0x0f, 0x07,
-    0xc2, 0x3f, 0x45, 0x98
-};
-
-static const u8 T5[] = {
-    0x36, 0x12, 0xd2, 0xe7, 0x9e, 0x3b, 0x07, 0x85,
-    0x56, 0x1b, 0xe1, 0x4a, 0xac, 0xa2, 0xfc, 0xcb
-};
-
-/* Test Case 6 */
-# define K6 K5
-# define P6 P5
-# define A6 A5
-static const u8 IV6[] = {
-    0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
-    0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
-    0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
-    0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
-    0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
-    0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
-    0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
-    0xa6, 0x37, 0xb3, 0x9b
-};
-
-static const u8 C6[] = {
-    0x8c, 0xe2, 0x49, 0x98, 0x62, 0x56, 0x15, 0xb6,
-    0x03, 0xa0, 0x33, 0xac, 0xa1, 0x3f, 0xb8, 0x94,
-    0xbe, 0x91, 0x12, 0xa5, 0xc3, 0xa2, 0x11, 0xa8,
-    0xba, 0x26, 0x2a, 0x3c, 0xca, 0x7e, 0x2c, 0xa7,
-    0x01, 0xe4, 0xa9, 0xa4, 0xfb, 0xa4, 0x3c, 0x90,
-    0xcc, 0xdc, 0xb2, 0x81, 0xd4, 0x8c, 0x7c, 0x6f,
-    0xd6, 0x28, 0x75, 0xd2, 0xac, 0xa4, 0x17, 0x03,
-    0x4c, 0x34, 0xae, 0xe5
-};
-
-static const u8 T6[] = {
-    0x61, 0x9c, 0xc5, 0xae, 0xff, 0xfe, 0x0b, 0xfa,
-    0x46, 0x2a, 0xf4, 0x3c, 0x16, 0x99, 0xd0, 0x50
-};
-
-/* Test Case 7 */
-static const u8 K7[24], *P7 = NULL, *A7 = NULL, IV7[12], *C7 = NULL;
-static const u8 T7[] = {
-    0xcd, 0x33, 0xb2, 0x8a, 0xc7, 0x73, 0xf7, 0x4b,
-    0xa0, 0x0e, 0xd1, 0xf3, 0x12, 0x57, 0x24, 0x35
-};
-
-/* Test Case 8 */
-# define K8 K7
-# define IV8 IV7
-# define A8 A7
-static const u8 P8[16];
-static const u8 C8[] = {
-    0x98, 0xe7, 0x24, 0x7c, 0x07, 0xf0, 0xfe, 0x41,
-    0x1c, 0x26, 0x7e, 0x43, 0x84, 0xb0, 0xf6, 0x00
-};
-
-static const u8 T8[] = {
-    0x2f, 0xf5, 0x8d, 0x80, 0x03, 0x39, 0x27, 0xab,
-    0x8e, 0xf4, 0xd4, 0x58, 0x75, 0x14, 0xf0, 0xfb
-};
-
-/* Test Case 9 */
-# define A9 A8
-static const u8 K9[] = {
-    0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
-    0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
-    0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c
-};
-
-static const u8 P9[] = {
-    0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
-    0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
-    0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
-    0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
-    0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
-    0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
-    0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
-    0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55
-};
-
-static const u8 IV9[] = {
-    0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
-    0xde, 0xca, 0xf8, 0x88
-};
-
-static const u8 C9[] = {
-    0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
-    0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
-    0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
-    0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
-    0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
-    0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
-    0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
-    0xcc, 0xda, 0x27, 0x10, 0xac, 0xad, 0xe2, 0x56
-};
-
-static const u8 T9[] = {
-    0x99, 0x24, 0xa7, 0xc8, 0x58, 0x73, 0x36, 0xbf,
-    0xb1, 0x18, 0x02, 0x4d, 0xb8, 0x67, 0x4a, 0x14
-};
-
-/* Test Case 10 */
-# define K10 K9
-# define IV10 IV9
-static const u8 P10[] = {
-    0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
-    0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
-    0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
-    0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
-    0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
-    0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
-    0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
-    0xba, 0x63, 0x7b, 0x39
-};
-
-static const u8 A10[] = {
-    0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
-    0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
-    0xab, 0xad, 0xda, 0xd2
-};
-
-static const u8 C10[] = {
-    0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
-    0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
-    0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
-    0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
-    0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
-    0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
-    0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
-    0xcc, 0xda, 0x27, 0x10
-};
-
-static const u8 T10[] = {
-    0x25, 0x19, 0x49, 0x8e, 0x80, 0xf1, 0x47, 0x8f,
-    0x37, 0xba, 0x55, 0xbd, 0x6d, 0x27, 0x61, 0x8c
-};
-
-/* Test Case 11 */
-# define K11 K10
-# define P11 P10
-# define A11 A10
-static const u8 IV11[] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad };
-
-static const u8 C11[] = {
-    0x0f, 0x10, 0xf5, 0x99, 0xae, 0x14, 0xa1, 0x54,
-    0xed, 0x24, 0xb3, 0x6e, 0x25, 0x32, 0x4d, 0xb8,
-    0xc5, 0x66, 0x63, 0x2e, 0xf2, 0xbb, 0xb3, 0x4f,
-    0x83, 0x47, 0x28, 0x0f, 0xc4, 0x50, 0x70, 0x57,
-    0xfd, 0xdc, 0x29, 0xdf, 0x9a, 0x47, 0x1f, 0x75,
-    0xc6, 0x65, 0x41, 0xd4, 0xd4, 0xda, 0xd1, 0xc9,
-    0xe9, 0x3a, 0x19, 0xa5, 0x8e, 0x8b, 0x47, 0x3f,
-    0xa0, 0xf0, 0x62, 0xf7
-};
-
-static const u8 T11[] = {
-    0x65, 0xdc, 0xc5, 0x7f, 0xcf, 0x62, 0x3a, 0x24,
-    0x09, 0x4f, 0xcc, 0xa4, 0x0d, 0x35, 0x33, 0xf8
-};
-
-/* Test Case 12 */
-# define K12 K11
-# define P12 P11
-# define A12 A11
-static const u8 IV12[] = {
-    0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
-    0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
-    0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
-    0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
-    0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
-    0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
-    0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
-    0xa6, 0x37, 0xb3, 0x9b
-};
-
-static const u8 C12[] = {
-    0xd2, 0x7e, 0x88, 0x68, 0x1c, 0xe3, 0x24, 0x3c,
-    0x48, 0x30, 0x16, 0x5a, 0x8f, 0xdc, 0xf9, 0xff,
-    0x1d, 0xe9, 0xa1, 0xd8, 0xe6, 0xb4, 0x47, 0xef,
-    0x6e, 0xf7, 0xb7, 0x98, 0x28, 0x66, 0x6e, 0x45,
-    0x81, 0xe7, 0x90, 0x12, 0xaf, 0x34, 0xdd, 0xd9,
-    0xe2, 0xf0, 0x37, 0x58, 0x9b, 0x29, 0x2d, 0xb3,
-    0xe6, 0x7c, 0x03, 0x67, 0x45, 0xfa, 0x22, 0xe7,
-    0xe9, 0xb7, 0x37, 0x3b
-};
-
-static const u8 T12[] = {
-    0xdc, 0xf5, 0x66, 0xff, 0x29, 0x1c, 0x25, 0xbb,
-    0xb8, 0x56, 0x8f, 0xc3, 0xd3, 0x76, 0xa6, 0xd9
-};
-
-/* Test Case 13 */
-static const u8 K13[32], *P13 = NULL, *A13 = NULL, IV13[12], *C13 = NULL;
-static const u8 T13[] = {
-    0x53, 0x0f, 0x8a, 0xfb, 0xc7, 0x45, 0x36, 0xb9,
-    0xa9, 0x63, 0xb4, 0xf1, 0xc4, 0xcb, 0x73, 0x8b
-};
-
-/* Test Case 14 */
-# define K14 K13
-# define A14 A13
-static const u8 P14[16], IV14[12];
-static const u8 C14[] = {
-    0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e,
-    0x07, 0x4e, 0xc5, 0xd3, 0xba, 0xf3, 0x9d, 0x18
-};
-
-static const u8 T14[] = {
-    0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0,
-    0x26, 0x5b, 0x98, 0xb5, 0xd4, 0x8a, 0xb9, 0x19
-};
-
-/* Test Case 15 */
-# define A15 A14
-static const u8 K15[] = {
-    0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
-    0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
-    0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
-    0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
-};
-
-static const u8 P15[] = {
-    0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
-    0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
-    0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
-    0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
-    0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
-    0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
-    0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
-    0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55
-};
-
-static const u8 IV15[] = {
-    0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
-    0xde, 0xca, 0xf8, 0x88
-};
-
-static const u8 C15[] = {
-    0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
-    0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
-    0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
-    0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
-    0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
-    0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
-    0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
-    0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad
-};
-
-static const u8 T15[] = {
-    0xb0, 0x94, 0xda, 0xc5, 0xd9, 0x34, 0x71, 0xbd,
-    0xec, 0x1a, 0x50, 0x22, 0x70, 0xe3, 0xcc, 0x6c
-};
-
-/* Test Case 16 */
-# define K16 K15
-# define IV16 IV15
-static const u8 P16[] = {
-    0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
-    0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
-    0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
-    0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
-    0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
-    0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
-    0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
-    0xba, 0x63, 0x7b, 0x39
-};
-
-static const u8 A16[] = {
-    0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
-    0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
-    0xab, 0xad, 0xda, 0xd2
-};
-
-static const u8 C16[] = {
-    0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
-    0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
-    0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
-    0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
-    0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
-    0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
-    0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
-    0xbc, 0xc9, 0xf6, 0x62
-};
-
-static const u8 T16[] = {
-    0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
-    0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b
-};
-
-/* Test Case 17 */
-# define K17 K16
-# define P17 P16
-# define A17 A16
-static const u8 IV17[] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad };
-
-static const u8 C17[] = {
-    0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32,
-    0xae, 0x47, 0xc1, 0x3b, 0xf1, 0x98, 0x44, 0xcb,
-    0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
-    0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0,
-    0xfe, 0xb5, 0x82, 0xd3, 0x39, 0x34, 0xa4, 0xf0,
-    0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
-    0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99,
-    0xf4, 0x7c, 0x9b, 0x1f
-};
-
-static const u8 T17[] = {
-    0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4,
-    0x5e, 0x45, 0x49, 0x13, 0xfe, 0x2e, 0xa8, 0xf2
-};
-
-/* Test Case 18 */
-# define K18 K17
-# define P18 P17
-# define A18 A17
-static const u8 IV18[] = {
-    0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
-    0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
-    0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
-    0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
-    0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
-    0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
-    0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
-    0xa6, 0x37, 0xb3, 0x9b
-};
-
-static const u8 C18[] = {
-    0x5a, 0x8d, 0xef, 0x2f, 0x0c, 0x9e, 0x53, 0xf1,
-    0xf7, 0x5d, 0x78, 0x53, 0x65, 0x9e, 0x2a, 0x20,
-    0xee, 0xb2, 0xb2, 0x2a, 0xaf, 0xde, 0x64, 0x19,
-    0xa0, 0x58, 0xab, 0x4f, 0x6f, 0x74, 0x6b, 0xf4,
-    0x0f, 0xc0, 0xc3, 0xb7, 0x80, 0xf2, 0x44, 0x45,
-    0x2d, 0xa3, 0xeb, 0xf1, 0xc5, 0xd8, 0x2c, 0xde,
-    0xa2, 0x41, 0x89, 0x97, 0x20, 0x0e, 0xf8, 0x2e,
-    0x44, 0xae, 0x7e, 0x3f
-};
-
-static const u8 T18[] = {
-    0xa4, 0x4a, 0x82, 0x66, 0xee, 0x1c, 0x8e, 0xb0,
-    0xc8, 0xb5, 0xd4, 0xcf, 0x5a, 0xe9, 0xf1, 0x9a
-};
-
-/* Test Case 19 */
-# define K19 K1
-# define P19 P1
-# define IV19 IV1
-# define C19 C1
-static const u8 A19[] = {
-    0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
-    0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
-    0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
-    0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
-    0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
-    0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
-    0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
-    0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55,
-    0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
-    0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
-    0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
-    0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
-    0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
-    0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
-    0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
-    0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad
-};
-
-static const u8 T19[] = {
-    0x5f, 0xea, 0x79, 0x3a, 0x2d, 0x6f, 0x97, 0x4d,
-    0x37, 0xe6, 0x8e, 0x0c, 0xb8, 0xff, 0x94, 0x92
-};
-
-/* Test Case 20 */
-# define K20 K1
-# define A20 A1
-/* this results in 0xff in counter LSB */
-static const u8 IV20[64] = { 0xff, 0xff, 0xff, 0xff };
-
-static const u8 P20[288];
-static const u8 C20[] = {
-    0x56, 0xb3, 0x37, 0x3c, 0xa9, 0xef, 0x6e, 0x4a,
-    0x2b, 0x64, 0xfe, 0x1e, 0x9a, 0x17, 0xb6, 0x14,
-    0x25, 0xf1, 0x0d, 0x47, 0xa7, 0x5a, 0x5f, 0xce,
-    0x13, 0xef, 0xc6, 0xbc, 0x78, 0x4a, 0xf2, 0x4f,
-    0x41, 0x41, 0xbd, 0xd4, 0x8c, 0xf7, 0xc7, 0x70,
-    0x88, 0x7a, 0xfd, 0x57, 0x3c, 0xca, 0x54, 0x18,
-    0xa9, 0xae, 0xff, 0xcd, 0x7c, 0x5c, 0xed, 0xdf,
-    0xc6, 0xa7, 0x83, 0x97, 0xb9, 0xa8, 0x5b, 0x49,
-    0x9d, 0xa5, 0x58, 0x25, 0x72, 0x67, 0xca, 0xab,
-    0x2a, 0xd0, 0xb2, 0x3c, 0xa4, 0x76, 0xa5, 0x3c,
-    0xb1, 0x7f, 0xb4, 0x1c, 0x4b, 0x8b, 0x47, 0x5c,
-    0xb4, 0xf3, 0xf7, 0x16, 0x50, 0x94, 0xc2, 0x29,
-    0xc9, 0xe8, 0xc4, 0xdc, 0x0a, 0x2a, 0x5f, 0xf1,
-    0x90, 0x3e, 0x50, 0x15, 0x11, 0x22, 0x13, 0x76,
-    0xa1, 0xcd, 0xb8, 0x36, 0x4c, 0x50, 0x61, 0xa2,
-    0x0c, 0xae, 0x74, 0xbc, 0x4a, 0xcd, 0x76, 0xce,
-    0xb0, 0xab, 0xc9, 0xfd, 0x32, 0x17, 0xef, 0x9f,
-    0x8c, 0x90, 0xbe, 0x40, 0x2d, 0xdf, 0x6d, 0x86,
-    0x97, 0xf4, 0xf8, 0x80, 0xdf, 0xf1, 0x5b, 0xfb,
-    0x7a, 0x6b, 0x28, 0x24, 0x1e, 0xc8, 0xfe, 0x18,
-    0x3c, 0x2d, 0x59, 0xe3, 0xf9, 0xdf, 0xff, 0x65,
-    0x3c, 0x71, 0x26, 0xf0, 0xac, 0xb9, 0xe6, 0x42,
-    0x11, 0xf4, 0x2b, 0xae, 0x12, 0xaf, 0x46, 0x2b,
-    0x10, 0x70, 0xbe, 0xf1, 0xab, 0x5e, 0x36, 0x06,
-    0x87, 0x2c, 0xa1, 0x0d, 0xee, 0x15, 0xb3, 0x24,
-    0x9b, 0x1a, 0x1b, 0x95, 0x8f, 0x23, 0x13, 0x4c,
-    0x4b, 0xcc, 0xb7, 0xd0, 0x32, 0x00, 0xbc, 0xe4,
-    0x20, 0xa2, 0xf8, 0xeb, 0x66, 0xdc, 0xf3, 0x64,
-    0x4d, 0x14, 0x23, 0xc1, 0xb5, 0x69, 0x90, 0x03,
-    0xc1, 0x3e, 0xce, 0xf4, 0xbf, 0x38, 0xa3, 0xb6,
-    0x0e, 0xed, 0xc3, 0x40, 0x33, 0xba, 0xc1, 0x90,
-    0x27, 0x83, 0xdc, 0x6d, 0x89, 0xe2, 0xe7, 0x74,
-    0x18, 0x8a, 0x43, 0x9c, 0x7e, 0xbc, 0xc0, 0x67,
-    0x2d, 0xbd, 0xa4, 0xdd, 0xcf, 0xb2, 0x79, 0x46,
-    0x13, 0xb0, 0xbe, 0x41, 0x31, 0x5e, 0xf7, 0x78,
-    0x70, 0x8a, 0x70, 0xee, 0x7d, 0x75, 0x16, 0x5c
-};
-
-static const u8 T20[] = {
-    0x8b, 0x30, 0x7f, 0x6b, 0x33, 0x28, 0x6d, 0x0a,
-    0xb0, 0x26, 0xa9, 0xed, 0x3f, 0xe1, 0xe8, 0x5f
-};
-
-# define TEST_CASE(n)    do {                                    \
-        u8 out[sizeof(P##n)];                                   \
-        AES_set_encrypt_key(K##n,sizeof(K##n)*8,&key);          \
-        CRYPTO_gcm128_init(&ctx,&key,(block128_f)AES_encrypt);  \
-        CRYPTO_gcm128_setiv(&ctx,IV##n,sizeof(IV##n));          \
-        memset(out,0,sizeof(out));                              \
-        if (A##n) CRYPTO_gcm128_aad(&ctx,A##n,sizeof(A##n));    \
-        if (P##n) CRYPTO_gcm128_encrypt(&ctx,P##n,out,sizeof(out));     \
-        if (CRYPTO_gcm128_finish(&ctx,T##n,16) ||               \
-            (C##n && memcmp(out,C##n,sizeof(out))))             \
-                ret++, printf ("encrypt test#%d failed.\n",n);  \
-        CRYPTO_gcm128_setiv(&ctx,IV##n,sizeof(IV##n));          \
-        memset(out,0,sizeof(out));                              \
-        if (A##n) CRYPTO_gcm128_aad(&ctx,A##n,sizeof(A##n));    \
-        if (C##n) CRYPTO_gcm128_decrypt(&ctx,C##n,out,sizeof(out));     \
-        if (CRYPTO_gcm128_finish(&ctx,T##n,16) ||               \
-            (P##n && memcmp(out,P##n,sizeof(out))))             \
-                ret++, printf ("decrypt test#%d failed.\n",n);  \
-        } while(0)
-
-int main()
-{
-    GCM128_CONTEXT ctx;
-    AES_KEY key;
-    int ret = 0;
-
-    TEST_CASE(1);
-    TEST_CASE(2);
-    TEST_CASE(3);
-    TEST_CASE(4);
-    TEST_CASE(5);
-    TEST_CASE(6);
-    TEST_CASE(7);
-    TEST_CASE(8);
-    TEST_CASE(9);
-    TEST_CASE(10);
-    TEST_CASE(11);
-    TEST_CASE(12);
-    TEST_CASE(13);
-    TEST_CASE(14);
-    TEST_CASE(15);
-    TEST_CASE(16);
-    TEST_CASE(17);
-    TEST_CASE(18);
-    TEST_CASE(19);
-    TEST_CASE(20);
-
-# ifdef OPENSSL_CPUID_OBJ
-    {
-        size_t start, stop, gcm_t, ctr_t, OPENSSL_rdtsc();
-        union {
-            u64 u;
-            u8 c[1024];
-        } buf;
-        int i;
-
-        AES_set_encrypt_key(K1, sizeof(K1) * 8, &key);
-        CRYPTO_gcm128_init(&ctx, &key, (block128_f) AES_encrypt);
-        CRYPTO_gcm128_setiv(&ctx, IV1, sizeof(IV1));
-
-        CRYPTO_gcm128_encrypt(&ctx, buf.c, buf.c, sizeof(buf));
-        start = OPENSSL_rdtsc();
-        CRYPTO_gcm128_encrypt(&ctx, buf.c, buf.c, sizeof(buf));
-        gcm_t = OPENSSL_rdtsc() - start;
-
-        CRYPTO_ctr128_encrypt(buf.c, buf.c, sizeof(buf),
-                              &key, ctx.Yi.c, ctx.EKi.c, &ctx.mres,
-                              (block128_f) AES_encrypt);
-        start = OPENSSL_rdtsc();
-        CRYPTO_ctr128_encrypt(buf.c, buf.c, sizeof(buf),
-                              &key, ctx.Yi.c, ctx.EKi.c, &ctx.mres,
-                              (block128_f) AES_encrypt);
-        ctr_t = OPENSSL_rdtsc() - start;
-
-        printf("%.2f-%.2f=%.2f\n",
-               gcm_t / (double)sizeof(buf),
-               ctr_t / (double)sizeof(buf),
-               (gcm_t - ctr_t) / (double)sizeof(buf));
-#  ifdef GHASH
-        {
-            void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16],
-                                 const u8 *inp, size_t len) = ctx.ghash;
-
-            GHASH((&ctx), buf.c, sizeof(buf));
-            start = OPENSSL_rdtsc();
-            for (i = 0; i < 100; ++i)
-                GHASH((&ctx), buf.c, sizeof(buf));
-            gcm_t = OPENSSL_rdtsc() - start;
-            printf("%.2f\n", gcm_t / (double)sizeof(buf) / (double)i);
-        }
-#  endif
-    }
-# endif
-
-    return ret;
-}
-#endif
diff --git a/freebsd/crypto/openssl/crypto/modes/modes_lcl.h b/freebsd/crypto/openssl/crypto/modes/modes_lcl.h
index fe14ec70..f2ae01d1 100644
--- a/freebsd/crypto/openssl/crypto/modes/modes_lcl.h
+++ b/freebsd/crypto/openssl/crypto/modes/modes_lcl.h
@@ -1,8 +1,10 @@
-/* ====================================================================
- * Copyright (c) 2010 The OpenSSL Project.  All rights reserved.
+/*
+ * Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * Redistribution and use is governed by OpenSSL license.
- * ====================================================================
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/modes.h>
@@ -71,6 +73,7 @@ typedef unsigned char u8;
 #  endif
 # elif defined(_MSC_VER)
 #  if _MSC_VER>=1300
+#   include <stdlib.h>
 #   pragma intrinsic(_byteswap_uint64,_byteswap_ulong)
 #   define BSWAP8(x)    _byteswap_uint64((u64)(x))
 #   define BSWAP4(x)    _byteswap_ulong((u32)(x))
@@ -125,6 +128,9 @@ struct gcm128_context {
     unsigned int mres, ares;
     block128_f block;
     void *key;
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+    unsigned char Xn[48];
+#endif
 };
 
 struct xts128_context {
@@ -141,3 +147,44 @@ struct ccm128_context {
     block128_f block;
     void *key;
 };
+
+#ifndef OPENSSL_NO_OCB
+
+typedef union {
+    u64 a[2];
+    unsigned char c[16];
+} OCB_BLOCK;
+# define ocb_block16_xor(in1,in2,out) \
+    ( (out)->a[0]=(in1)->a[0]^(in2)->a[0], \
+      (out)->a[1]=(in1)->a[1]^(in2)->a[1] )
+# if STRICT_ALIGNMENT
+#  define ocb_block16_xor_misaligned(in1,in2,out) \
+    ocb_block_xor((in1)->c,(in2)->c,16,(out)->c)
+# else
+#  define ocb_block16_xor_misaligned ocb_block16_xor
+# endif
+
+struct ocb128_context {
+    /* Need both encrypt and decrypt key schedules for decryption */
+    block128_f encrypt;
+    block128_f decrypt;
+    void *keyenc;
+    void *keydec;
+    ocb128_f stream;    /* direction dependent */
+    /* Key dependent variables. Can be reused if key remains the same */
+    size_t l_index;
+    size_t max_l_index;
+    OCB_BLOCK l_star;
+    OCB_BLOCK l_dollar;
+    OCB_BLOCK *l;
+    /* Must be reset for each session */
+    struct {
+        u64 blocks_hashed;
+        u64 blocks_processed;
+        OCB_BLOCK offset_aad;
+        OCB_BLOCK sum;
+        OCB_BLOCK offset;
+        OCB_BLOCK checksum;
+    } sess;
+};
+#endif                          /* OPENSSL_NO_OCB */
diff --git a/freebsd/crypto/openssl/crypto/modes/ocb128.c b/freebsd/crypto/openssl/crypto/modes/ocb128.c
new file mode 100644
index 00000000..9a4137fb
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/modes/ocb128.c
@@ -0,0 +1,564 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include "modes_lcl.h"
+
+#ifndef OPENSSL_NO_OCB
+
+/*
+ * Calculate the number of binary trailing zero's in any given number
+ */
+static u32 ocb_ntz(u64 n)
+{
+    u32 cnt = 0;
+
+    /*
+     * We do a right-to-left simple sequential search. This is surprisingly
+     * efficient as the distribution of trailing zeros is not uniform,
+     * e.g. the number of possible inputs with no trailing zeros is equal to
+     * the number with 1 or more; the number with exactly 1 is equal to the
+     * number with 2 or more, etc. Checking the last two bits covers 75% of
+     * all numbers. Checking the last three covers 87.5%
+     */
+    while (!(n & 1)) {
+        n >>= 1;
+        cnt++;
+    }
+    return cnt;
+}
+
+/*
+ * Shift a block of 16 bytes left by shift bits
+ */
+static void ocb_block_lshift(const unsigned char *in, size_t shift,
+                             unsigned char *out)
+{
+    int i;
+    unsigned char carry = 0, carry_next;
+
+    for (i = 15; i >= 0; i--) {
+        carry_next = in[i] >> (8 - shift);
+        out[i] = (in[i] << shift) | carry;
+        carry = carry_next;
+    }
+}
+
+/*
+ * Perform a "double" operation as per OCB spec
+ */
+static void ocb_double(OCB_BLOCK *in, OCB_BLOCK *out)
+{
+    unsigned char mask;
+
+    /*
+     * Calculate the mask based on the most significant bit. There are more
+     * efficient ways to do this - but this way is constant time
+     */
+    mask = in->c[0] & 0x80;
+    mask >>= 7;
+    mask = (0 - mask) & 0x87;
+
+    ocb_block_lshift(in->c, 1, out->c);
+
+    out->c[15] ^= mask;
+}
+
+/*
+ * Perform an xor on in1 and in2 - each of len bytes. Store result in out
+ */
+static void ocb_block_xor(const unsigned char *in1,
+                          const unsigned char *in2, size_t len,
+                          unsigned char *out)
+{
+    size_t i;
+    for (i = 0; i < len; i++) {
+        out[i] = in1[i] ^ in2[i];
+    }
+}
+
+/*
+ * Lookup L_index in our lookup table. If we haven't already got it we need to
+ * calculate it
+ */
+static OCB_BLOCK *ocb_lookup_l(OCB128_CONTEXT *ctx, size_t idx)
+{
+    size_t l_index = ctx->l_index;
+
+    if (idx <= l_index) {
+        return ctx->l + idx;
+    }
+
+    /* We don't have it - so calculate it */
+    if (idx >= ctx->max_l_index) {
+        void *tmp_ptr;
+        /*
+         * Each additional entry allows to process almost double as
+         * much data, so that in linear world the table will need to
+         * be expanded with smaller and smaller increments. Originally
+         * it was doubling in size, which was a waste. Growing it
+         * linearly is not formally optimal, but is simpler to implement.
+         * We grow table by minimally required 4*n that would accommodate
+         * the index.
+         */
+        ctx->max_l_index += (idx - ctx->max_l_index + 4) & ~3;
+        tmp_ptr = OPENSSL_realloc(ctx->l, ctx->max_l_index * sizeof(OCB_BLOCK));
+        if (tmp_ptr == NULL) /* prevent ctx->l from being clobbered */
+            return NULL;
+        ctx->l = tmp_ptr;
+    }
+    while (l_index < idx) {
+        ocb_double(ctx->l + l_index, ctx->l + l_index + 1);
+        l_index++;
+    }
+    ctx->l_index = l_index;
+
+    return ctx->l + idx;
+}
+
+/*
+ * Create a new OCB128_CONTEXT
+ */
+OCB128_CONTEXT *CRYPTO_ocb128_new(void *keyenc, void *keydec,
+                                  block128_f encrypt, block128_f decrypt,
+                                  ocb128_f stream)
+{
+    OCB128_CONTEXT *octx;
+    int ret;
+
+    if ((octx = OPENSSL_malloc(sizeof(*octx))) != NULL) {
+        ret = CRYPTO_ocb128_init(octx, keyenc, keydec, encrypt, decrypt,
+                                 stream);
+        if (ret)
+            return octx;
+        OPENSSL_free(octx);
+    }
+
+    return NULL;
+}
+
+/*
+ * Initialise an existing OCB128_CONTEXT
+ */
+int CRYPTO_ocb128_init(OCB128_CONTEXT *ctx, void *keyenc, void *keydec,
+                       block128_f encrypt, block128_f decrypt,
+                       ocb128_f stream)
+{
+    memset(ctx, 0, sizeof(*ctx));
+    ctx->l_index = 0;
+    ctx->max_l_index = 5;
+    if ((ctx->l = OPENSSL_malloc(ctx->max_l_index * 16)) == NULL) {
+        CRYPTOerr(CRYPTO_F_CRYPTO_OCB128_INIT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    /*
+     * We set both the encryption and decryption key schedules - decryption
+     * needs both. Don't really need decryption schedule if only doing
+     * encryption - but it simplifies things to take it anyway
+     */
+    ctx->encrypt = encrypt;
+    ctx->decrypt = decrypt;
+    ctx->stream = stream;
+    ctx->keyenc = keyenc;
+    ctx->keydec = keydec;
+
+    /* L_* = ENCIPHER(K, zeros(128)) */
+    ctx->encrypt(ctx->l_star.c, ctx->l_star.c, ctx->keyenc);
+
+    /* L_$ = double(L_*) */
+    ocb_double(&ctx->l_star, &ctx->l_dollar);
+
+    /* L_0 = double(L_$) */
+    ocb_double(&ctx->l_dollar, ctx->l);
+
+    /* L_{i} = double(L_{i-1}) */
+    ocb_double(ctx->l, ctx->l+1);
+    ocb_double(ctx->l+1, ctx->l+2);
+    ocb_double(ctx->l+2, ctx->l+3);
+    ocb_double(ctx->l+3, ctx->l+4);
+    ctx->l_index = 4;   /* enough to process up to 496 bytes */
+
+    return 1;
+}
+
+/*
+ * Copy an OCB128_CONTEXT object
+ */
+int CRYPTO_ocb128_copy_ctx(OCB128_CONTEXT *dest, OCB128_CONTEXT *src,
+                           void *keyenc, void *keydec)
+{
+    memcpy(dest, src, sizeof(OCB128_CONTEXT));
+    if (keyenc)
+        dest->keyenc = keyenc;
+    if (keydec)
+        dest->keydec = keydec;
+    if (src->l) {
+        if ((dest->l = OPENSSL_malloc(src->max_l_index * 16)) == NULL) {
+            CRYPTOerr(CRYPTO_F_CRYPTO_OCB128_COPY_CTX, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        memcpy(dest->l, src->l, (src->l_index + 1) * 16);
+    }
+    return 1;
+}
+
+/*
+ * Set the IV to be used for this operation. Must be 1 - 15 bytes.
+ */
+int CRYPTO_ocb128_setiv(OCB128_CONTEXT *ctx, const unsigned char *iv,
+                        size_t len, size_t taglen)
+{
+    unsigned char ktop[16], tmp[16], mask;
+    unsigned char stretch[24], nonce[16];
+    size_t bottom, shift;
+
+    /*
+     * Spec says IV is 120 bits or fewer - it allows non byte aligned lengths.
+     * We don't support this at this stage
+     */
+    if ((len > 15) || (len < 1) || (taglen > 16) || (taglen < 1)) {
+        return -1;
+    }
+
+    /* Reset nonce-dependent variables */
+    memset(&ctx->sess, 0, sizeof(ctx->sess));
+
+    /* Nonce = num2str(TAGLEN mod 128,7) || zeros(120-bitlen(N)) || 1 || N */
+    nonce[0] = ((taglen * 8) % 128) << 1;
+    memset(nonce + 1, 0, 15);
+    memcpy(nonce + 16 - len, iv, len);
+    nonce[15 - len] |= 1;
+
+    /* Ktop = ENCIPHER(K, Nonce[1..122] || zeros(6)) */
+    memcpy(tmp, nonce, 16);
+    tmp[15] &= 0xc0;
+    ctx->encrypt(tmp, ktop, ctx->keyenc);
+
+    /* Stretch = Ktop || (Ktop[1..64] xor Ktop[9..72]) */
+    memcpy(stretch, ktop, 16);
+    ocb_block_xor(ktop, ktop + 1, 8, stretch + 16);
+
+    /* bottom = str2num(Nonce[123..128]) */
+    bottom = nonce[15] & 0x3f;
+
+    /* Offset_0 = Stretch[1+bottom..128+bottom] */
+    shift = bottom % 8;
+    ocb_block_lshift(stretch + (bottom / 8), shift, ctx->sess.offset.c);
+    mask = 0xff;
+    mask <<= 8 - shift;
+    ctx->sess.offset.c[15] |=
+        (*(stretch + (bottom / 8) + 16) & mask) >> (8 - shift);
+
+    return 1;
+}
+
+/*
+ * Provide any AAD. This can be called multiple times. Only the final time can
+ * have a partial block
+ */
+int CRYPTO_ocb128_aad(OCB128_CONTEXT *ctx, const unsigned char *aad,
+                      size_t len)
+{
+    u64 i, all_num_blocks;
+    size_t num_blocks, last_len;
+    OCB_BLOCK tmp;
+
+    /* Calculate the number of blocks of AAD provided now, and so far */
+    num_blocks = len / 16;
+    all_num_blocks = num_blocks + ctx->sess.blocks_hashed;
+
+    /* Loop through all full blocks of AAD */
+    for (i = ctx->sess.blocks_hashed + 1; i <= all_num_blocks; i++) {
+        OCB_BLOCK *lookup;
+
+        /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */
+        lookup = ocb_lookup_l(ctx, ocb_ntz(i));
+        if (lookup == NULL)
+            return 0;
+        ocb_block16_xor(&ctx->sess.offset_aad, lookup, &ctx->sess.offset_aad);
+
+        memcpy(tmp.c, aad, 16);
+        aad += 16;
+
+        /* Sum_i = Sum_{i-1} xor ENCIPHER(K, A_i xor Offset_i) */
+        ocb_block16_xor(&ctx->sess.offset_aad, &tmp, &tmp);
+        ctx->encrypt(tmp.c, tmp.c, ctx->keyenc);
+        ocb_block16_xor(&tmp, &ctx->sess.sum, &ctx->sess.sum);
+    }
+
+    /*
+     * Check if we have any partial blocks left over. This is only valid in the
+     * last call to this function
+     */
+    last_len = len % 16;
+
+    if (last_len > 0) {
+        /* Offset_* = Offset_m xor L_* */
+        ocb_block16_xor(&ctx->sess.offset_aad, &ctx->l_star,
+                        &ctx->sess.offset_aad);
+
+        /* CipherInput = (A_* || 1 || zeros(127-bitlen(A_*))) xor Offset_* */
+        memset(tmp.c, 0, 16);
+        memcpy(tmp.c, aad, last_len);
+        tmp.c[last_len] = 0x80;
+        ocb_block16_xor(&ctx->sess.offset_aad, &tmp, &tmp);
+
+        /* Sum = Sum_m xor ENCIPHER(K, CipherInput) */
+        ctx->encrypt(tmp.c, tmp.c, ctx->keyenc);
+        ocb_block16_xor(&tmp, &ctx->sess.sum, &ctx->sess.sum);
+    }
+
+    ctx->sess.blocks_hashed = all_num_blocks;
+
+    return 1;
+}
+
+/*
+ * Provide any data to be encrypted. This can be called multiple times. Only
+ * the final time can have a partial block
+ */
+int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx,
+                          const unsigned char *in, unsigned char *out,
+                          size_t len)
+{
+    u64 i, all_num_blocks;
+    size_t num_blocks, last_len;
+
+    /*
+     * Calculate the number of blocks of data to be encrypted provided now, and
+     * so far
+     */
+    num_blocks = len / 16;
+    all_num_blocks = num_blocks + ctx->sess.blocks_processed;
+
+    if (num_blocks && all_num_blocks == (size_t)all_num_blocks
+        && ctx->stream != NULL) {
+        size_t max_idx = 0, top = (size_t)all_num_blocks;
+
+        /*
+         * See how many L_{i} entries we need to process data at hand
+         * and pre-compute missing entries in the table [if any]...
+         */
+        while (top >>= 1)
+            max_idx++;
+        if (ocb_lookup_l(ctx, max_idx) == NULL)
+            return 0;
+
+        ctx->stream(in, out, num_blocks, ctx->keyenc,
+                    (size_t)ctx->sess.blocks_processed + 1, ctx->sess.offset.c,
+                    (const unsigned char (*)[16])ctx->l, ctx->sess.checksum.c);
+    } else {
+        /* Loop through all full blocks to be encrypted */
+        for (i = ctx->sess.blocks_processed + 1; i <= all_num_blocks; i++) {
+            OCB_BLOCK *lookup;
+            OCB_BLOCK tmp;
+
+            /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */
+            lookup = ocb_lookup_l(ctx, ocb_ntz(i));
+            if (lookup == NULL)
+                return 0;
+            ocb_block16_xor(&ctx->sess.offset, lookup, &ctx->sess.offset);
+
+            memcpy(tmp.c, in, 16);
+            in += 16;
+
+            /* Checksum_i = Checksum_{i-1} xor P_i */
+            ocb_block16_xor(&tmp, &ctx->sess.checksum, &ctx->sess.checksum);
+
+            /* C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i) */
+            ocb_block16_xor(&ctx->sess.offset, &tmp, &tmp);
+            ctx->encrypt(tmp.c, tmp.c, ctx->keyenc);
+            ocb_block16_xor(&ctx->sess.offset, &tmp, &tmp);
+
+            memcpy(out, tmp.c, 16);
+            out += 16;
+        }
+    }
+
+    /*
+     * Check if we have any partial blocks left over. This is only valid in the
+     * last call to this function
+     */
+    last_len = len % 16;
+
+    if (last_len > 0) {
+        OCB_BLOCK pad;
+
+        /* Offset_* = Offset_m xor L_* */
+        ocb_block16_xor(&ctx->sess.offset, &ctx->l_star, &ctx->sess.offset);
+
+        /* Pad = ENCIPHER(K, Offset_*) */
+        ctx->encrypt(ctx->sess.offset.c, pad.c, ctx->keyenc);
+
+        /* C_* = P_* xor Pad[1..bitlen(P_*)] */
+        ocb_block_xor(in, pad.c, last_len, out);
+
+        /* Checksum_* = Checksum_m xor (P_* || 1 || zeros(127-bitlen(P_*))) */
+        memset(pad.c, 0, 16);           /* borrow pad */
+        memcpy(pad.c, in, last_len);
+        pad.c[last_len] = 0x80;
+        ocb_block16_xor(&pad, &ctx->sess.checksum, &ctx->sess.checksum);
+    }
+
+    ctx->sess.blocks_processed = all_num_blocks;
+
+    return 1;
+}
+
+/*
+ * Provide any data to be decrypted. This can be called multiple times. Only
+ * the final time can have a partial block
+ */
+int CRYPTO_ocb128_decrypt(OCB128_CONTEXT *ctx,
+                          const unsigned char *in, unsigned char *out,
+                          size_t len)
+{
+    u64 i, all_num_blocks;
+    size_t num_blocks, last_len;
+
+    /*
+     * Calculate the number of blocks of data to be decrypted provided now, and
+     * so far
+     */
+    num_blocks = len / 16;
+    all_num_blocks = num_blocks + ctx->sess.blocks_processed;
+
+    if (num_blocks && all_num_blocks == (size_t)all_num_blocks
+        && ctx->stream != NULL) {
+        size_t max_idx = 0, top = (size_t)all_num_blocks;
+
+        /*
+         * See how many L_{i} entries we need to process data at hand
+         * and pre-compute missing entries in the table [if any]...
+         */
+        while (top >>= 1)
+            max_idx++;
+        if (ocb_lookup_l(ctx, max_idx) == NULL)
+            return 0;
+
+        ctx->stream(in, out, num_blocks, ctx->keydec,
+                    (size_t)ctx->sess.blocks_processed + 1, ctx->sess.offset.c,
+                    (const unsigned char (*)[16])ctx->l, ctx->sess.checksum.c);
+    } else {
+        OCB_BLOCK tmp;
+
+        /* Loop through all full blocks to be decrypted */
+        for (i = ctx->sess.blocks_processed + 1; i <= all_num_blocks; i++) {
+
+            /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */
+            OCB_BLOCK *lookup = ocb_lookup_l(ctx, ocb_ntz(i));
+            if (lookup == NULL)
+                return 0;
+            ocb_block16_xor(&ctx->sess.offset, lookup, &ctx->sess.offset);
+
+            memcpy(tmp.c, in, 16);
+            in += 16;
+
+            /* P_i = Offset_i xor DECIPHER(K, C_i xor Offset_i) */
+            ocb_block16_xor(&ctx->sess.offset, &tmp, &tmp);
+            ctx->decrypt(tmp.c, tmp.c, ctx->keydec);
+            ocb_block16_xor(&ctx->sess.offset, &tmp, &tmp);
+
+            /* Checksum_i = Checksum_{i-1} xor P_i */
+            ocb_block16_xor(&tmp, &ctx->sess.checksum, &ctx->sess.checksum);
+
+            memcpy(out, tmp.c, 16);
+            out += 16;
+        }
+    }
+
+    /*
+     * Check if we have any partial blocks left over. This is only valid in the
+     * last call to this function
+     */
+    last_len = len % 16;
+
+    if (last_len > 0) {
+        OCB_BLOCK pad;
+
+        /* Offset_* = Offset_m xor L_* */
+        ocb_block16_xor(&ctx->sess.offset, &ctx->l_star, &ctx->sess.offset);
+
+        /* Pad = ENCIPHER(K, Offset_*) */
+        ctx->encrypt(ctx->sess.offset.c, pad.c, ctx->keyenc);
+
+        /* P_* = C_* xor Pad[1..bitlen(C_*)] */
+        ocb_block_xor(in, pad.c, last_len, out);
+
+        /* Checksum_* = Checksum_m xor (P_* || 1 || zeros(127-bitlen(P_*))) */
+        memset(pad.c, 0, 16);           /* borrow pad */
+        memcpy(pad.c, out, last_len);
+        pad.c[last_len] = 0x80;
+        ocb_block16_xor(&pad, &ctx->sess.checksum, &ctx->sess.checksum);
+    }
+
+    ctx->sess.blocks_processed = all_num_blocks;
+
+    return 1;
+}
+
+static int ocb_finish(OCB128_CONTEXT *ctx, unsigned char *tag, size_t len,
+                      int write)
+{
+    OCB_BLOCK tmp;
+
+    if (len > 16 || len < 1) {
+        return -1;
+    }
+
+    /*
+     * Tag = ENCIPHER(K, Checksum_* xor Offset_* xor L_$) xor HASH(K,A)
+     */
+    ocb_block16_xor(&ctx->sess.checksum, &ctx->sess.offset, &tmp);
+    ocb_block16_xor(&ctx->l_dollar, &tmp, &tmp);
+    ctx->encrypt(tmp.c, tmp.c, ctx->keyenc);
+    ocb_block16_xor(&tmp, &ctx->sess.sum, &tmp);
+
+    if (write) {
+        memcpy(tag, &tmp, len);
+        return 1;
+    } else {
+        return CRYPTO_memcmp(&tmp, tag, len);
+    }
+}
+
+/*
+ * Calculate the tag and verify it against the supplied tag
+ */
+int CRYPTO_ocb128_finish(OCB128_CONTEXT *ctx, const unsigned char *tag,
+                         size_t len)
+{
+    return ocb_finish(ctx, (unsigned char*)tag, len, 0);
+}
+
+/*
+ * Retrieve the calculated tag
+ */
+int CRYPTO_ocb128_tag(OCB128_CONTEXT *ctx, unsigned char *tag, size_t len)
+{
+    return ocb_finish(ctx, tag, len, 1);
+}
+
+/*
+ * Release all resources
+ */
+void CRYPTO_ocb128_cleanup(OCB128_CONTEXT *ctx)
+{
+    if (ctx) {
+        OPENSSL_clear_free(ctx->l, ctx->max_l_index * 16);
+        OPENSSL_cleanse(ctx, sizeof(*ctx));
+    }
+}
+
+#endif                          /* OPENSSL_NO_OCB */
diff --git a/freebsd/crypto/openssl/crypto/modes/ofb128.c b/freebsd/crypto/openssl/crypto/modes/ofb128.c
index ba3faf69..7ae9f656 100644
--- a/freebsd/crypto/openssl/crypto/modes/ofb128.c
+++ b/freebsd/crypto/openssl/crypto/modes/ofb128.c
@@ -1,66 +1,18 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/crypto.h>
 #include "modes_lcl.h"
 #include <string.h>
 
-#ifndef MODES_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-#include <assert.h>
-
 /*
  * The input and output encrypted as though 128bit ofb mode is being used.
  * The extra state information to record how much of the 128bit block we have
@@ -73,8 +25,6 @@ void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out,
     unsigned int n;
     size_t l = 0;
 
-    assert(in && out && key && ivec && num);
-
     n = *num;
 
 #if !defined(OPENSSL_SMALL_FOOTPRINT)
diff --git a/freebsd/crypto/openssl/crypto/modes/wrap128.c b/freebsd/crypto/openssl/crypto/modes/wrap128.c
index 7e98383c..cb9c57df 100644
--- a/freebsd/crypto/openssl/crypto/modes/wrap128.c
+++ b/freebsd/crypto/openssl/crypto/modes/wrap128.c
@@ -1,72 +1,52 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/modes/wrap128.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2013 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ * Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/**  Beware!
  *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ *  Following wrapping modes were designed for AES but this implementation
+ *  allows you to use them for any 128 bit block cipher.
  */
 
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/modes.h>
 
+/** RFC 3394 section 2.2.3.1 Default Initial Value */
 static const unsigned char default_iv[] = {
     0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6,
 };
 
-/*
- * Input size limit: lower than maximum of standards but far larger than
- * anything that will be used in practice.
+/** RFC 5649 section 3 Alternative Initial Value 32-bit constant */
+static const unsigned char default_aiv[] = {
+    0xA6, 0x59, 0x59, 0xA6
+};
+
+/** Input size limit: lower than maximum of standards but far larger than
+ *  anything that will be used in practice.
  */
 #define CRYPTO128_WRAP_MAX (1UL << 31)
 
+/** Wrapping according to RFC 3394 section 2.2.1.
+ *
+ *  @param[in]  key    Key value.
+ *  @param[in]  iv     IV value. Length = 8 bytes. NULL = use default_iv.
+ *  @param[in]  in     Plaintext as n 64-bit blocks, n >= 2.
+ *  @param[in]  inlen  Length of in.
+ *  @param[out] out    Ciphertext. Minimal buffer length = (inlen + 8) bytes.
+ *                     Input and output buffers can overlap if block function
+ *                     supports that.
+ *  @param[in]  block  Block processing function.
+ *  @return            0 if inlen does not consist of n 64-bit blocks, n >= 2.
+ *                     or if inlen > CRYPTO128_WRAP_MAX.
+ *                     Output length if wrapping succeeded.
+ */
 size_t CRYPTO_128_wrap(void *key, const unsigned char *iv,
                        unsigned char *out,
                        const unsigned char *in, size_t inlen,
@@ -74,7 +54,7 @@ size_t CRYPTO_128_wrap(void *key, const unsigned char *iv,
 {
     unsigned char *A, B[16], *R;
     size_t i, j, t;
-    if ((inlen & 0x7) || (inlen < 8) || (inlen > CRYPTO128_WRAP_MAX))
+    if ((inlen & 0x7) || (inlen < 16) || (inlen > CRYPTO128_WRAP_MAX))
         return 0;
     A = B;
     t = 1;
@@ -102,10 +82,26 @@ size_t CRYPTO_128_wrap(void *key, const unsigned char *iv,
     return inlen + 8;
 }
 
-size_t CRYPTO_128_unwrap(void *key, const unsigned char *iv,
-                         unsigned char *out,
-                         const unsigned char *in, size_t inlen,
-                         block128_f block)
+/** Unwrapping according to RFC 3394 section 2.2.2 steps 1-2.
+ *  The IV check (step 3) is responsibility of the caller.
+ *
+ *  @param[in]  key    Key value.
+ *  @param[out] iv     Unchecked IV value. Minimal buffer length = 8 bytes.
+ *  @param[out] out    Plaintext without IV.
+ *                     Minimal buffer length = (inlen - 8) bytes.
+ *                     Input and output buffers can overlap if block function
+ *                     supports that.
+ *  @param[in]  in     Ciphertext as n 64-bit blocks.
+ *  @param[in]  inlen  Length of in.
+ *  @param[in]  block  Block processing function.
+ *  @return            0 if inlen is out of range [24, CRYPTO128_WRAP_MAX]
+ *                     or if inlen is not a multiple of 8.
+ *                     Output length otherwise.
+ */
+static size_t crypto_128_unwrap_raw(void *key, unsigned char *iv,
+                                    unsigned char *out,
+                                    const unsigned char *in, size_t inlen,
+                                    block128_f block)
 {
     unsigned char *A, B[16], *R;
     size_t i, j, t;
@@ -130,11 +126,208 @@ size_t CRYPTO_128_unwrap(void *key, const unsigned char *iv,
             memcpy(R, B + 8, 8);
         }
     }
+    memcpy(iv, A, 8);
+    return inlen;
+}
+
+/** Unwrapping according to RFC 3394 section 2.2.2, including the IV check.
+ *  The first block of plaintext has to match the supplied IV, otherwise an
+ *  error is returned.
+ *
+ *  @param[in]  key    Key value.
+ *  @param[out] iv     IV value to match against. Length = 8 bytes.
+ *                     NULL = use default_iv.
+ *  @param[out] out    Plaintext without IV.
+ *                     Minimal buffer length = (inlen - 8) bytes.
+ *                     Input and output buffers can overlap if block function
+ *                     supports that.
+ *  @param[in]  in     Ciphertext as n 64-bit blocks.
+ *  @param[in]  inlen  Length of in.
+ *  @param[in]  block  Block processing function.
+ *  @return            0 if inlen is out of range [24, CRYPTO128_WRAP_MAX]
+ *                     or if inlen is not a multiple of 8
+ *                     or if IV doesn't match expected value.
+ *                     Output length otherwise.
+ */
+size_t CRYPTO_128_unwrap(void *key, const unsigned char *iv,
+                         unsigned char *out, const unsigned char *in,
+                         size_t inlen, block128_f block)
+{
+    size_t ret;
+    unsigned char got_iv[8];
+
+    ret = crypto_128_unwrap_raw(key, got_iv, out, in, inlen, block);
+    if (ret == 0)
+        return 0;
+
     if (!iv)
         iv = default_iv;
-    if (memcmp(A, iv, 8)) {
+    if (CRYPTO_memcmp(got_iv, iv, 8)) {
+        OPENSSL_cleanse(out, ret);
+        return 0;
+    }
+    return ret;
+}
+
+/** Wrapping according to RFC 5649 section 4.1.
+ *
+ *  @param[in]  key    Key value.
+ *  @param[in]  icv    (Non-standard) IV, 4 bytes. NULL = use default_aiv.
+ *  @param[out] out    Ciphertext. Minimal buffer length = (inlen + 15) bytes.
+ *                     Input and output buffers can overlap if block function
+ *                     supports that.
+ *  @param[in]  in     Plaintext as n 64-bit blocks, n >= 2.
+ *  @param[in]  inlen  Length of in.
+ *  @param[in]  block  Block processing function.
+ *  @return            0 if inlen is out of range [1, CRYPTO128_WRAP_MAX].
+ *                     Output length if wrapping succeeded.
+ */
+size_t CRYPTO_128_wrap_pad(void *key, const unsigned char *icv,
+                           unsigned char *out,
+                           const unsigned char *in, size_t inlen,
+                           block128_f block)
+{
+    /* n: number of 64-bit blocks in the padded key data
+     *
+     * If length of plain text is not a multiple of 8, pad the plain text octet
+     * string on the right with octets of zeros, where final length is the
+     * smallest multiple of 8 that is greater than length of plain text.
+     * If length of plain text is a multiple of 8, then there is no padding. */
+    const size_t blocks_padded = (inlen + 7) / 8; /* CEILING(m/8) */
+    const size_t padded_len = blocks_padded * 8;
+    const size_t padding_len = padded_len - inlen;
+    /* RFC 5649 section 3: Alternative Initial Value */
+    unsigned char aiv[8];
+    int ret;
+
+    /* Section 1: use 32-bit fixed field for plaintext octet length */
+    if (inlen == 0 || inlen >= CRYPTO128_WRAP_MAX)
+        return 0;
+
+    /* Section 3: Alternative Initial Value */
+    if (!icv)
+        memcpy(aiv, default_aiv, 4);
+    else
+        memcpy(aiv, icv, 4);    /* Standard doesn't mention this. */
+
+    aiv[4] = (inlen >> 24) & 0xFF;
+    aiv[5] = (inlen >> 16) & 0xFF;
+    aiv[6] = (inlen >> 8) & 0xFF;
+    aiv[7] = inlen & 0xFF;
+
+    if (padded_len == 8) {
+        /*
+         * Section 4.1 - special case in step 2: If the padded plaintext
+         * contains exactly eight octets, then prepend the AIV and encrypt
+         * the resulting 128-bit block using AES in ECB mode.
+         */
+        memmove(out + 8, in, inlen);
+        memcpy(out, aiv, 8);
+        memset(out + 8 + inlen, 0, padding_len);
+        block(out, out, key);
+        ret = 16;               /* AIV + padded input */
+    } else {
+        memmove(out, in, inlen);
+        memset(out + inlen, 0, padding_len); /* Section 4.1 step 1 */
+        ret = CRYPTO_128_wrap(key, aiv, out, out, padded_len, block);
+    }
+
+    return ret;
+}
+
+/** Unwrapping according to RFC 5649 section 4.2.
+ *
+ *  @param[in]  key    Key value.
+ *  @param[in]  icv    (Non-standard) IV, 4 bytes. NULL = use default_aiv.
+ *  @param[out] out    Plaintext. Minimal buffer length = (inlen - 8) bytes.
+ *                     Input and output buffers can overlap if block function
+ *                     supports that.
+ *  @param[in]  in     Ciphertext as n 64-bit blocks.
+ *  @param[in]  inlen  Length of in.
+ *  @param[in]  block  Block processing function.
+ *  @return            0 if inlen is out of range [16, CRYPTO128_WRAP_MAX],
+ *                     or if inlen is not a multiple of 8
+ *                     or if IV and message length indicator doesn't match.
+ *                     Output length if unwrapping succeeded and IV matches.
+ */
+size_t CRYPTO_128_unwrap_pad(void *key, const unsigned char *icv,
+                             unsigned char *out,
+                             const unsigned char *in, size_t inlen,
+                             block128_f block)
+{
+    /* n: number of 64-bit blocks in the padded key data */
+    size_t n = inlen / 8 - 1;
+    size_t padded_len;
+    size_t padding_len;
+    size_t ptext_len;
+    /* RFC 5649 section 3: Alternative Initial Value */
+    unsigned char aiv[8];
+    static unsigned char zeros[8] = { 0x0 };
+    size_t ret;
+
+    /* Section 4.2: Ciphertext length has to be (n+1) 64-bit blocks. */
+    if ((inlen & 0x7) != 0 || inlen < 16 || inlen >= CRYPTO128_WRAP_MAX)
+        return 0;
+
+    if (inlen == 16) {
+        /*
+         * Section 4.2 - special case in step 1: When n=1, the ciphertext
+         * contains exactly two 64-bit blocks and they are decrypted as a
+         * single AES block using AES in ECB mode: AIV | P[1] = DEC(K, C[0] |
+         * C[1])
+         */
+        unsigned char buff[16];
+
+        block(in, buff, key);
+        memcpy(aiv, buff, 8);
+        /* Remove AIV */
+        memcpy(out, buff + 8, 8);
+        padded_len = 8;
+        OPENSSL_cleanse(buff, inlen);
+    } else {
+        padded_len = inlen - 8;
+        ret = crypto_128_unwrap_raw(key, aiv, out, in, inlen, block);
+        if (padded_len != ret) {
+            OPENSSL_cleanse(out, inlen);
+            return 0;
+        }
+    }
+
+    /*
+     * Section 3: AIV checks: Check that MSB(32,A) = A65959A6. Optionally a
+     * user-supplied value can be used (even if standard doesn't mention
+     * this).
+     */
+    if ((!icv && CRYPTO_memcmp(aiv, default_aiv, 4))
+        || (icv && CRYPTO_memcmp(aiv, icv, 4))) {
         OPENSSL_cleanse(out, inlen);
         return 0;
     }
-    return inlen;
+
+    /*
+     * Check that 8*(n-1) < LSB(32,AIV) <= 8*n. If so, let ptext_len =
+     * LSB(32,AIV).
+     */
+
+    ptext_len =   ((unsigned int)aiv[4] << 24)
+                | ((unsigned int)aiv[5] << 16)
+                | ((unsigned int)aiv[6] <<  8)
+                |  (unsigned int)aiv[7];
+    if (8 * (n - 1) >= ptext_len || ptext_len > 8 * n) {
+        OPENSSL_cleanse(out, inlen);
+        return 0;
+    }
+
+    /*
+     * Check that the rightmost padding_len octets of the output data are
+     * zero.
+     */
+    padding_len = padded_len - ptext_len;
+    if (CRYPTO_memcmp(out + ptext_len, zeros, padding_len) != 0) {
+        OPENSSL_cleanse(out, inlen);
+        return 0;
+    }
+
+    /* Section 4.2 step 3: Remove padding */
+    return ptext_len;
 }
diff --git a/freebsd/crypto/openssl/crypto/modes/xts128.c b/freebsd/crypto/openssl/crypto/modes/xts128.c
index b5fdb967..11d82760 100644
--- a/freebsd/crypto/openssl/crypto/modes/xts128.c
+++ b/freebsd/crypto/openssl/crypto/modes/xts128.c
@@ -1,65 +1,18 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/crypto.h>
 #include "modes_lcl.h"
 #include <string.h>
 
-#ifndef MODES_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-#include <assert.h>
-
 int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx,
                           const unsigned char iv[16],
                           const unsigned char *inp, unsigned char *out,
diff --git a/freebsd/crypto/openssl/crypto/o_dir.c b/freebsd/crypto/openssl/crypto/o_dir.c
index 67c6dfca..b0657b87 100644
--- a/freebsd/crypto/openssl/crypto/o_dir.c
+++ b/freebsd/crypto/openssl/crypto/o_dir.c
@@ -1,66 +1,16 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/o_dir.c */
 /*
- * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
- * 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
+#include "e_os.h"
 #include <errno.h>
-#include <e_os.h>
 
 /*
  * The routines really come from the Levitte Programming, so to make life
@@ -72,7 +22,7 @@
 #define LP_find_file OPENSSL_DIR_read
 #define LP_find_file_end OPENSSL_DIR_end
 
-#include "o_dir.h"
+#include "internal/o_dir.h"
 
 #define LPDIR_H
 #if defined OPENSSL_SYS_UNIX || defined DJGPP \
diff --git a/freebsd/crypto/openssl/crypto/o_dir_test.c b/freebsd/crypto/openssl/crypto/o_dir_test.c
deleted file mode 100644
index e2a33821..00000000
--- a/freebsd/crypto/openssl/crypto/o_dir_test.c
+++ /dev/null
@@ -1,70 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/o_dir.h */
-/*
- * Copied from Richard Levitte's (richard@levitte.org) LP library.  All
- * symbol names have been changed, with permission from the author.
- */
-
-/* $LP: LPlib/test/test_dir.c,v 1.1 2004/06/16 22:59:47 _cvs_levitte Exp $ */
-/*
- * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <stddef.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <errno.h>
-#include "e_os2.h"
-#include "o_dir.h"
-
-#if defined OPENSSL_SYS_UNIX || defined OPENSSL_SYS_WIN32 || defined OPENSSL_SYS_WINCE
-# define CURRDIR "."
-#elif defined OPENSSL_SYS_VMS
-# define CURRDIR "SYS$DISK:[]"
-#else
-# error "No supported platform defined!"
-#endif
-
-int main()
-{
-    OPENSSL_DIR_CTX *ctx = NULL;
-    const char *result;
-
-    while ((result = OPENSSL_DIR_read(&ctx, CURRDIR)) != NULL) {
-        printf("%s\n", result);
-    }
-
-    if (errno) {
-        perror("test_dir");
-        exit(1);
-    }
-
-    if (!OPENSSL_DIR_end(&ctx)) {
-        perror("test_dir");
-        exit(2);
-    }
-    exit(0);
-}
diff --git a/freebsd/crypto/openssl/crypto/o_fips.c b/freebsd/crypto/openssl/crypto/o_fips.c
index 6f196378..787fdd76 100644
--- a/freebsd/crypto/openssl/crypto/o_fips.c
+++ b/freebsd/crypto/openssl/crypto/o_fips.c
@@ -1,98 +1,26 @@
 #include <machine/rtems-bsd-user-space.h>
 
 /*
- * Written by Stephen henson (steve@openssl.org) for the OpenSSL project
- * 2011.
- */
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include "cryptlib.h"
-#ifdef OPENSSL_FIPS
-# include <openssl/fips.h>
-# include <openssl/fips_rand.h>
-# include <openssl/rand.h>
-#endif
+#include "internal/cryptlib.h"
 
 int FIPS_mode(void)
 {
-    OPENSSL_init();
-#ifdef OPENSSL_FIPS
-    return FIPS_module_mode();
-#else
+    /* This version of the library does not support FIPS mode. */
     return 0;
-#endif
 }
 
 int FIPS_mode_set(int r)
 {
-    OPENSSL_init();
-#ifdef OPENSSL_FIPS
-# ifndef FIPS_AUTH_USER_PASS
-#  define FIPS_AUTH_USER_PASS     "Default FIPS Crypto User Password"
-# endif
-    if (!FIPS_module_mode_set(r, FIPS_AUTH_USER_PASS))
-        return 0;
-    if (r)
-        RAND_set_rand_method(FIPS_rand_get_method());
-    else
-        RAND_set_rand_method(NULL);
-    return 1;
-#else
     if (r == 0)
         return 1;
     CRYPTOerr(CRYPTO_F_FIPS_MODE_SET, CRYPTO_R_FIPS_MODE_NOT_SUPPORTED);
     return 0;
-#endif
 }
diff --git a/freebsd/crypto/openssl/crypto/o_fopen.c b/freebsd/crypto/openssl/crypto/o_fopen.c
new file mode 100644
index 00000000..9d1e02a5
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/o_fopen.c
@@ -0,0 +1,130 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+# if defined(__linux) || defined(__sun) || defined(__hpux)
+/*
+ * Following definition aliases fopen to fopen64 on above mentioned
+ * platforms. This makes it possible to open and sequentially access files
+ * larger than 2GB from 32-bit application. It does not allow to traverse
+ * them beyond 2GB with fseek/ftell, but on the other hand *no* 32-bit
+ * platform permits that, not with fseek/ftell. Not to mention that breaking
+ * 2GB limit for seeking would require surgery to *our* API. But sequential
+ * access suffices for practical cases when you can run into large files,
+ * such as fingerprinting, so we can let API alone. For reference, the list
+ * of 32-bit platforms which allow for sequential access of large files
+ * without extra "magic" comprise *BSD, Darwin, IRIX...
+ */
+#  ifndef _FILE_OFFSET_BITS
+#   define _FILE_OFFSET_BITS 64
+#  endif
+# endif
+
+#include "internal/cryptlib.h"
+
+#if !defined(OPENSSL_NO_STDIO)
+
+# include <stdio.h>
+# ifdef _WIN32
+#  include <windows.h>
+# endif
+# ifdef __DJGPP__
+#  include <unistd.h>
+# endif
+
+FILE *openssl_fopen(const char *filename, const char *mode)
+{
+    FILE *file = NULL;
+# if defined(_WIN32) && defined(CP_UTF8)
+    int sz, len_0 = (int)strlen(filename) + 1;
+    DWORD flags;
+
+    /*
+     * Basically there are three cases to cover: a) filename is
+     * pure ASCII string; b) actual UTF-8 encoded string and
+     * c) locale-ized string, i.e. one containing 8-bit
+     * characters that are meaningful in current system locale.
+     * If filename is pure ASCII or real UTF-8 encoded string,
+     * MultiByteToWideChar succeeds and _wfopen works. If
+     * filename is locale-ized string, chances are that
+     * MultiByteToWideChar fails reporting
+     * ERROR_NO_UNICODE_TRANSLATION, in which case we fall
+     * back to fopen...
+     */
+    if ((sz = MultiByteToWideChar(CP_UTF8, (flags = MB_ERR_INVALID_CHARS),
+                                  filename, len_0, NULL, 0)) > 0 ||
+        (GetLastError() == ERROR_INVALID_FLAGS &&
+         (sz = MultiByteToWideChar(CP_UTF8, (flags = 0),
+                                   filename, len_0, NULL, 0)) > 0)
+        ) {
+        WCHAR wmode[8];
+        WCHAR *wfilename = _alloca(sz * sizeof(WCHAR));
+
+        if (MultiByteToWideChar(CP_UTF8, flags,
+                                filename, len_0, wfilename, sz) &&
+            MultiByteToWideChar(CP_UTF8, 0, mode, strlen(mode) + 1,
+                                wmode, OSSL_NELEM(wmode)) &&
+            (file = _wfopen(wfilename, wmode)) == NULL &&
+            (errno == ENOENT || errno == EBADF)
+            ) {
+            /*
+             * UTF-8 decode succeeded, but no file, filename
+             * could still have been locale-ized...
+             */
+            file = fopen(filename, mode);
+        }
+    } else if (GetLastError() == ERROR_NO_UNICODE_TRANSLATION) {
+        file = fopen(filename, mode);
+    }
+# elif defined(__DJGPP__)
+    {
+        char *newname = NULL;
+
+        if (pathconf(filename, _PC_NAME_MAX) <= 12) {  /* 8.3 file system? */
+            char *iterator;
+            char lastchar;
+
+            if ((newname = OPENSSL_malloc(strlen(filename) + 1)) == NULL) {
+                CRYPTOerr(CRYPTO_F_OPENSSL_FOPEN, ERR_R_MALLOC_FAILURE);
+                return NULL;
+            }
+
+            for (iterator = newname, lastchar = '\0';
+                *filename; filename++, iterator++) {
+                if (lastchar == '/' && filename[0] == '.'
+                    && filename[1] != '.' && filename[1] != '/') {
+                    /* Leading dots are not permitted in plain DOS. */
+                    *iterator = '_';
+                } else {
+                    *iterator = *filename;
+                }
+                lastchar = *filename;
+            }
+            *iterator = '\0';
+            filename = newname;
+        }
+        file = fopen(filename, mode);
+
+        OPENSSL_free(newname);
+    }
+# else
+    file = fopen(filename, mode);
+# endif
+    return file;
+}
+
+#else
+
+void *openssl_fopen(const char *filename, const char *mode)
+{
+    return NULL;
+}
+
+#endif
diff --git a/freebsd/crypto/openssl/crypto/o_init.c b/freebsd/crypto/openssl/crypto/o_init.c
index 81599802..363ddb22 100644
--- a/freebsd/crypto/openssl/crypto/o_init.c
+++ b/freebsd/crypto/openssl/crypto/o_init.c
@@ -1,93 +1,23 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* o_init.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include <e_os.h>
+#include "e_os.h"
 #include <openssl/err.h>
-#ifdef OPENSSL_FIPS
-# include <openssl/fips.h>
-# include <openssl/rand.h>
-
-# ifndef OPENSSL_NO_DEPRECATED
-/* the prototype is missing in <openssl/fips.h> */
-void FIPS_crypto_set_id_callback(unsigned long (*func)(void));
-# endif
-#endif
 
 /*
- * Perform any essential OpenSSL initialization operations. Currently only
- * sets FIPS callbacks
+ * Perform any essential OpenSSL initialization operations. Currently does
+ * nothing.
  */
 
 void OPENSSL_init(void)
 {
-    static int done = 0;
-    if (done)
-        return;
-    done = 1;
-#ifdef OPENSSL_FIPS
-    FIPS_set_locking_callbacks(CRYPTO_lock, CRYPTO_add_lock);
-# ifndef OPENSSL_NO_DEPRECATED
-    FIPS_crypto_set_id_callback(CRYPTO_thread_id);
-# endif
-    FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata);
-    FIPS_set_malloc_callbacks(CRYPTO_malloc, CRYPTO_free);
-    RAND_init_fips();
-#endif
-#if 0
-    fprintf(stderr, "Called OPENSSL_init\n");
-#endif
+    return;
 }
diff --git a/freebsd/crypto/openssl/crypto/o_str.c b/freebsd/crypto/openssl/crypto/o_str.c
index 4243c3dc..f02ef56c 100644
--- a/freebsd/crypto/openssl/crypto/o_str.c
+++ b/freebsd/crypto/openssl/crypto/o_str.c
@@ -1,118 +1,250 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/o_str.c */
 /*
- * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
- * 2003.
- */
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2003-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include <ctype.h>
-#include <e_os.h>
-#include "o_str.h"
+#include "e_os.h"
+#include <limits.h>
+#include <openssl/crypto.h>
+#include "internal/cryptlib.h"
+#include "internal/o_str.h"
 
-#if !defined(OPENSSL_IMPLEMENTS_strncasecmp) && \
-    !defined(OPENSSL_SYSNAME_WIN32) && !defined(OPENSSL_SYSNAME_WINCE) && \
-    !defined(NETWARE_CLIB)
-# include <strings.h>
-#endif
+int OPENSSL_memcmp(const void *v1, const void *v2, size_t n)
+{
+    const unsigned char *c1 = v1, *c2 = v2;
+    int ret = 0;
+
+    while (n && (ret = *c1 - *c2) == 0)
+        n--, c1++, c2++;
+
+    return ret;
+}
+
+char *CRYPTO_strdup(const char *str, const char* file, int line)
+{
+    char *ret;
+
+    if (str == NULL)
+        return NULL;
+    ret = CRYPTO_malloc(strlen(str) + 1, file, line);
+    if (ret != NULL)
+        strcpy(ret, str);
+    return ret;
+}
+
+char *CRYPTO_strndup(const char *str, size_t s, const char* file, int line)
+{
+    size_t maxlen;
+    char *ret;
+
+    if (str == NULL)
+        return NULL;
+
+    maxlen = OPENSSL_strnlen(str, s);
+
+    ret = CRYPTO_malloc(maxlen + 1, file, line);
+    if (ret) {
+        memcpy(ret, str, maxlen);
+        ret[maxlen] = '\0';
+    }
+    return ret;
+}
+
+void *CRYPTO_memdup(const void *data, size_t siz, const char* file, int line)
+{
+    void *ret;
+
+    if (data == NULL || siz >= INT_MAX)
+        return NULL;
+
+    ret = CRYPTO_malloc(siz, file, line);
+    if (ret == NULL) {
+        CRYPTOerr(CRYPTO_F_CRYPTO_MEMDUP, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    return memcpy(ret, data, siz);
+}
+
+size_t OPENSSL_strnlen(const char *str, size_t maxlen)
+{
+    const char *p;
+
+    for (p = str; maxlen-- != 0 && *p != '\0'; ++p) ;
+
+    return p - str;
+}
 
-int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n)
+size_t OPENSSL_strlcpy(char *dst, const char *src, size_t size)
 {
-#if defined(OPENSSL_IMPLEMENTS_strncasecmp)
-    while (*str1 && *str2 && n) {
-        int res = toupper(*str1) - toupper(*str2);
-        if (res)
-            return res < 0 ? -1 : 1;
-        str1++;
-        str2++;
-        n--;
+    size_t l = 0;
+    for (; size > 1 && *src; size--) {
+        *dst++ = *src++;
+        l++;
     }
-    if (n == 0)
+    if (size)
+        *dst = '\0';
+    return l + strlen(src);
+}
+
+size_t OPENSSL_strlcat(char *dst, const char *src, size_t size)
+{
+    size_t l = 0;
+    for (; size > 0 && *dst; size--, dst++)
+        l++;
+    return l + OPENSSL_strlcpy(dst, src, size);
+}
+
+int OPENSSL_hexchar2int(unsigned char c)
+{
+#ifdef CHARSET_EBCDIC
+    c = os_toebcdic[c];
+#endif
+
+    switch (c) {
+    case '0':
         return 0;
-    if (*str1)
+    case '1':
         return 1;
-    if (*str2)
-        return -1;
-    return 0;
-#else
-    /*
-     * Recursion hazard warning! Whenever strncasecmp is #defined as
-     * OPENSSL_strncasecmp, OPENSSL_IMPLEMENTS_strncasecmp must be defined as
-     * well.
-     */
-    return strncasecmp(str1, str2, n);
-#endif
+    case '2':
+        return 2;
+    case '3':
+        return 3;
+    case '4':
+          return 4;
+    case '5':
+          return 5;
+    case '6':
+          return 6;
+    case '7':
+          return 7;
+    case '8':
+          return 8;
+    case '9':
+          return 9;
+    case 'a': case 'A':
+          return 0x0A;
+    case 'b': case 'B':
+          return 0x0B;
+    case 'c': case 'C':
+          return 0x0C;
+    case 'd': case 'D':
+          return 0x0D;
+    case 'e': case 'E':
+          return 0x0E;
+    case 'f': case 'F':
+          return 0x0F;
+    }
+    return -1;
 }
 
-int OPENSSL_strcasecmp(const char *str1, const char *str2)
+/*
+ * Give a string of hex digits convert to a buffer
+ */
+unsigned char *OPENSSL_hexstr2buf(const char *str, long *len)
 {
-#if defined(OPENSSL_IMPLEMENTS_strncasecmp)
-    return OPENSSL_strncasecmp(str1, str2, (size_t)-1);
-#else
-    return strcasecmp(str1, str2);
-#endif
+    unsigned char *hexbuf, *q;
+    unsigned char ch, cl;
+    int chi, cli;
+    const unsigned char *p;
+    size_t s;
+
+    s = strlen(str);
+    if ((hexbuf = OPENSSL_malloc(s >> 1)) == NULL) {
+        CRYPTOerr(CRYPTO_F_OPENSSL_HEXSTR2BUF, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    for (p = (const unsigned char *)str, q = hexbuf; *p; ) {
+        ch = *p++;
+        if (ch == ':')
+            continue;
+        cl = *p++;
+        if (!cl) {
+            CRYPTOerr(CRYPTO_F_OPENSSL_HEXSTR2BUF,
+                      CRYPTO_R_ODD_NUMBER_OF_DIGITS);
+            OPENSSL_free(hexbuf);
+            return NULL;
+        }
+        cli = OPENSSL_hexchar2int(cl);
+        chi = OPENSSL_hexchar2int(ch);
+        if (cli < 0 || chi < 0) {
+            OPENSSL_free(hexbuf);
+            CRYPTOerr(CRYPTO_F_OPENSSL_HEXSTR2BUF, CRYPTO_R_ILLEGAL_HEX_DIGIT);
+            return NULL;
+        }
+        *q++ = (unsigned char)((chi << 4) | cli);
+    }
+
+    if (len)
+        *len = q - hexbuf;
+    return hexbuf;
 }
 
-int OPENSSL_memcmp(const void *v1, const void *v2, size_t n)
+/*
+ * Given a buffer of length 'len' return a OPENSSL_malloc'ed string with its
+ * hex representation @@@ (Contents of buffer are always kept in ASCII, also
+ * on EBCDIC machines)
+ */
+char *OPENSSL_buf2hexstr(const unsigned char *buffer, long len)
 {
-    const unsigned char *c1 = v1, *c2 = v2;
-    int ret = 0;
+    static const char hexdig[] = "0123456789ABCDEF";
+    char *tmp, *q;
+    const unsigned char *p;
+    int i;
 
-    while (n && (ret = *c1 - *c2) == 0)
-        n--, c1++, c2++;
+    if (len == 0)
+    {
+        return OPENSSL_zalloc(1);
+    }
 
-    return ret;
+    if ((tmp = OPENSSL_malloc(len * 3)) == NULL) {
+        CRYPTOerr(CRYPTO_F_OPENSSL_BUF2HEXSTR, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    q = tmp;
+    for (i = 0, p = buffer; i < len; i++, p++) {
+        *q++ = hexdig[(*p >> 4) & 0xf];
+        *q++ = hexdig[*p & 0xf];
+        *q++ = ':';
+    }
+    q[-1] = 0;
+#ifdef CHARSET_EBCDIC
+    ebcdic2ascii(tmp, tmp, q - tmp - 1);
+#endif
+
+    return tmp;
+}
+
+int openssl_strerror_r(int errnum, char *buf, size_t buflen)
+{
+#if defined(_MSC_VER) && _MSC_VER>=1400
+    return !strerror_s(buf, buflen, errnum);
+#elif defined(_GNU_SOURCE)
+    return strerror_r(errnum, buf, buflen) != NULL;
+#elif (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L) || \
+      (defined(_XOPEN_SOURCE) && _XOPEN_SOURCE >= 600)
+    /*
+     * We can use "real" strerror_r. The OpenSSL version differs in that it
+     * gives 1 on success and 0 on failure for consistency with other OpenSSL
+     * functions. Real strerror_r does it the other way around
+     */
+    return !strerror_r(errnum, buf, buflen);
+#else
+    char *err;
+    /* Fall back to non-thread safe strerror()...its all we can do */
+    if (buflen < 2)
+        return 0;
+    err = strerror(errnum);
+    /* Can this ever happen? */
+    if (err == NULL)
+        return 0;
+    strncpy(buf, err, buflen - 1);
+    buf[buflen - 1] = '\0';
+    return 1;
+#endif
 }
diff --git a/freebsd/crypto/openssl/crypto/o_str.h b/freebsd/crypto/openssl/crypto/o_str.h
deleted file mode 100644
index fa512eb3..00000000
--- a/freebsd/crypto/openssl/crypto/o_str.h
+++ /dev/null
@@ -1,69 +0,0 @@
-/* crypto/o_str.h */
-/*
- * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
- * 2003.
- */
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_O_STR_H
-# define HEADER_O_STR_H
-
-# include <stddef.h>            /* to get size_t */
-
-int OPENSSL_strcasecmp(const char *str1, const char *str2);
-int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n);
-int OPENSSL_memcmp(const void *p1, const void *p2, size_t n);
-
-#endif
diff --git a/freebsd/crypto/openssl/crypto/o_time.c b/freebsd/crypto/openssl/crypto/o_time.c
index 111719f6..f57eec2d 100644
--- a/freebsd/crypto/openssl/crypto/o_time.c
+++ b/freebsd/crypto/openssl/crypto/o_time.c
@@ -1,113 +1,45 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/o_time.c */
 /*
- * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
- * 2001.
- */
-/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2008.
- */
-/* ====================================================================
- * Copyright (c) 2001-2018 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/e_os2.h>
 #include <string.h>
-#include "o_time.h"
-
-#ifdef OPENSSL_SYS_VMS
-# if __CRTL_VER >= 70000000 && \
-     (defined _POSIX_C_SOURCE || !defined _ANSI_C_SOURCE)
-#  define VMS_GMTIME_OK
-# endif
-# ifndef VMS_GMTIME_OK
-#  include <libdtdef.h>
-#  include <lib$routines.h>
-#  include <lnmdef.h>
-#  include <starlet.h>
-#  include <descrip.h>
-#  include <stdlib.h>
-# endif                         /* ndef VMS_GMTIME_OK */
-
-
-/*
- * Needed to pick up the correct definitions and declarations in some of the
- * DEC C Header Files (*.H).
- */
-# define __NEW_STARLET 1
-
-# if (defined(__alpha) || defined(__ia64))
-#  include <iledef.h>
-# else
-
-/* VAX */
-typedef struct _ile3 {          /* Copied from ILEDEF.H for Alpha   */
-#  pragma __nomember_alignment
-    unsigned short int ile3$w_length;        /* Length of buffer in bytes */
-    unsigned short int ile3$w_code;          /* Item code value */
-    void *ile3$ps_bufaddr;                   /* Buffer address */
-    unsigned short int *ile3$ps_retlen_addr; /* Address of word for returned length */
-} ILE3;
-# endif   /* alpha || ia64    */
-#endif    /* OPENSSL_SYS_VMS  */
+#include <openssl/crypto.h>
 
 struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result)
 {
     struct tm *ts = NULL;
 
-#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_SUNOS)
+#if defined(OPENSSL_THREADS) && defined(OPENSSL_SYS_VMS)
+    {
+        /*
+         * On VMS, gmtime_r() takes a 32-bit pointer as second argument.
+         * Since we can't know that |result| is in a space that can easily
+         * translate to a 32-bit pointer, we must store temporarily on stack
+         * and copy the result.  The stack is always reachable with 32-bit
+         * pointers.
+         */
+#if defined(OPENSSL_SYS_VMS) && __INITIAL_POINTER_SIZE
+# pragma pointer_size save
+# pragma pointer_size 32
+#endif
+        struct tm data, *ts2 = &data;
+#if defined OPENSSL_SYS_VMS && __INITIAL_POINTER_SIZE
+# pragma pointer_size restore
+#endif
+        if (gmtime_r(timer, ts2) == NULL)
+            return NULL;
+        memcpy(result, ts2, sizeof(struct tm));
+        ts = result;
+    }
+#elif defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_MACOSX)
     if (gmtime_r(timer, result) == NULL)
         return NULL;
     ts = result;
@@ -115,7 +47,7 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result)
     if (gmtime_s(result, timer))
         return NULL;
     ts = result;
-#elif !defined(OPENSSL_SYS_VMS) || defined(VMS_GMTIME_OK)
+#else
     ts = gmtime(timer);
     if (ts == NULL)
         return NULL;
@@ -123,156 +55,6 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result)
     memcpy(result, ts, sizeof(struct tm));
     ts = result;
 #endif
-#if defined( OPENSSL_SYS_VMS) && !defined( VMS_GMTIME_OK)
-    if (ts == NULL) {
-        static $DESCRIPTOR(tabnam, "LNM$DCL_LOGICAL");
-        static $DESCRIPTOR(lognam, "SYS$TIMEZONE_DIFFERENTIAL");
-        char logvalue[256];
-        unsigned int reslen = 0;
-# if __INITIAL_POINTER_SIZE == 64
-        ILEB_64 itemlist[2], *pitem;
-# else
-        ILE3 itemlist[2], *pitem;
-# endif
-        int status;
-        time_t t;
-
-
-        /*
-         * Setup an itemlist for the call to $TRNLNM - Translate Logical Name.
-         */
-        pitem = itemlist;
-
-# if __INITIAL_POINTER_SIZE == 64
-        pitem->ileb_64$w_mbo = 1;
-        pitem->ileb_64$w_code = LNM$_STRING;
-        pitem->ileb_64$l_mbmo = -1;
-        pitem->ileb_64$q_length = sizeof(logvalue);
-        pitem->ileb_64$pq_bufaddr = logvalue;
-        pitem->ileb_64$pq_retlen_addr = (unsigned __int64 *) &reslen;
-        pitem++;
-        /* Last item of the item list is null terminated */
-        pitem->ileb_64$q_length = pitem->ileb_64$w_code = 0;
-# else
-        pitem->ile3$w_length = sizeof(logvalue);
-        pitem->ile3$w_code = LNM$_STRING;
-        pitem->ile3$ps_bufaddr = logvalue;
-        pitem->ile3$ps_retlen_addr = (unsigned short int *) &reslen;
-        pitem++;
-        /* Last item of the item list is null terminated */
-        pitem->ile3$w_length = pitem->ile3$w_code = 0;
-# endif
-
-
-        /* Get the value for SYS$TIMEZONE_DIFFERENTIAL */
-        status = sys$trnlnm(0, &tabnam, &lognam, 0, itemlist);
-        if (!(status & 1))
-            return NULL;
-        logvalue[reslen] = '\0';
-
-        t = *timer;
-
-        /* The following is extracted from the DEC C header time.h */
-        /*
-         **  Beginning in OpenVMS Version 7.0 mktime, time, ctime, strftime
-         **  have two implementations.  One implementation is provided
-         **  for compatibility and deals with time in terms of local time,
-         **  the other __utc_* deals with time in terms of UTC.
-         */
-        /*
-         * We use the same conditions as in said time.h to check if we should
-         * assume that t contains local time (and should therefore be
-         * adjusted) or UTC (and should therefore be left untouched).
-         */
-# if __CRTL_VER < 70000000 || defined _VMS_V6_SOURCE
-        /* Get the numerical value of the equivalence string */
-        status = atoi(logvalue);
-
-        /* and use it to move time to GMT */
-        t -= status;
-# endif
-
-        /* then convert the result to the time structure */
-
-        /*
-         * Since there was no gmtime_r() to do this stuff for us, we have to
-         * do it the hard way.
-         */
-        {
-            /*-
-             * The VMS epoch is the astronomical Smithsonian date,
-               if I remember correctly, which is November 17, 1858.
-               Furthermore, time is measure in thenths of microseconds
-               and stored in quadwords (64 bit integers).  unix_epoch
-               below is January 1st 1970 expressed as a VMS time.  The
-               following code was used to get this number:
-
-               #include <stdio.h>
-               #include <stdlib.h>
-               #include <lib$routines.h>
-               #include <starlet.h>
-
-               main()
-               {
-                 unsigned long systime[2];
-                 unsigned short epoch_values[7] =
-                   { 1970, 1, 1, 0, 0, 0, 0 };
-
-                 lib$cvt_vectim(epoch_values, systime);
-
-                 printf("%u %u", systime[0], systime[1]);
-               }
-            */
-            unsigned long unix_epoch[2] = { 1273708544, 8164711 };
-            unsigned long deltatime[2];
-            unsigned long systime[2];
-            struct vms_vectime {
-                short year, month, day, hour, minute, second, centi_second;
-            } time_values;
-            long operation;
-
-            /*
-             * Turn the number of seconds since January 1st 1970 to an
-             * internal delta time. Note that lib$cvt_to_internal_time() will
-             * assume that t is signed, and will therefore break on 32-bit
-             * systems some time in 2038.
-             */
-            operation = LIB$K_DELTA_SECONDS;
-            status = lib$cvt_to_internal_time(&operation, &t, deltatime);
-
-            /*
-             * Add the delta time with the Unix epoch and we have the current
-             * UTC time in internal format
-             */
-            status = lib$add_times(unix_epoch, deltatime, systime);
-
-            /* Turn the internal time into a time vector */
-            status = sys$numtim(&time_values, systime);
-
-            /* Fill in the struct tm with the result */
-            result->tm_sec = time_values.second;
-            result->tm_min = time_values.minute;
-            result->tm_hour = time_values.hour;
-            result->tm_mday = time_values.day;
-            result->tm_mon = time_values.month - 1;
-            result->tm_year = time_values.year - 1900;
-
-            operation = LIB$K_DAY_OF_WEEK;
-            status = lib$cvt_from_internal_time(&operation,
-                                                &result->tm_wday, systime);
-            result->tm_wday %= 7;
-
-            operation = LIB$K_DAY_OF_YEAR;
-            status = lib$cvt_from_internal_time(&operation,
-                                                &result->tm_yday, systime);
-            result->tm_yday--;
-
-            result->tm_isdst = 0; /* There's no way to know... */
-
-            ts = result;
-        }
-    }
-#endif
     return ts;
 }
 
@@ -294,7 +76,7 @@ int OPENSSL_gmtime_adj(struct tm *tm, int off_day, long offset_sec)
     int time_sec, time_year, time_month, time_day;
     long time_jd;
 
-    /* Convert time and offset into julian day and seconds */
+    /* Convert time and offset into Julian day and seconds */
     if (!julian_adj(tm, off_day, offset_sec, &time_jd, &time_sec))
         return 0;
 
@@ -418,63 +200,3 @@ static void julian_to_date(long jd, int *y, int *m, int *d)
     *m = j + 2 - (12 * L);
     *y = 100 * (n - 49) + i + L;
 }
-
-#ifdef OPENSSL_TIME_TEST
-
-# include <stdio.h>
-
-/*
- * Time checking test code. Check times are identical for a wide range of
- * offsets. This should be run on a machine with 64 bit time_t or it will
- * trigger the very errors the routines fix.
- */
-
-int main(int argc, char **argv)
-{
-    long offset;
-    for (offset = 0; offset < 1000000; offset++) {
-        check_time(offset);
-        check_time(-offset);
-        check_time(offset * 1000);
-        check_time(-offset * 1000);
-    }
-}
-
-int check_time(long offset)
-{
-    struct tm tm1, tm2, o1;
-    int off_day, off_sec;
-    long toffset;
-    time_t t1, t2;
-    time(&t1);
-    t2 = t1 + offset;
-    OPENSSL_gmtime(&t2, &tm2);
-    OPENSSL_gmtime(&t1, &tm1);
-    o1 = tm1;
-    OPENSSL_gmtime_adj(&tm1, 0, offset);
-    if ((tm1.tm_year != tm2.tm_year) ||
-        (tm1.tm_mon != tm2.tm_mon) ||
-        (tm1.tm_mday != tm2.tm_mday) ||
-        (tm1.tm_hour != tm2.tm_hour) ||
-        (tm1.tm_min != tm2.tm_min) || (tm1.tm_sec != tm2.tm_sec)) {
-        fprintf(stderr, "TIME ERROR!!\n");
-        fprintf(stderr, "Time1: %d/%d/%d, %d:%02d:%02d\n",
-                tm2.tm_mday, tm2.tm_mon + 1, tm2.tm_year + 1900,
-                tm2.tm_hour, tm2.tm_min, tm2.tm_sec);
-        fprintf(stderr, "Time2: %d/%d/%d, %d:%02d:%02d\n",
-                tm1.tm_mday, tm1.tm_mon + 1, tm1.tm_year + 1900,
-                tm1.tm_hour, tm1.tm_min, tm1.tm_sec);
-        return 0;
-    }
-    OPENSSL_gmtime_diff(&o1, &tm1, &off_day, &off_sec);
-    toffset = (long)off_day *SECS_PER_DAY + off_sec;
-    if (offset != toffset) {
-        fprintf(stderr, "TIME OFFSET ERROR!!\n");
-        fprintf(stderr, "Expected %ld, Got %ld (%d:%d)\n",
-                offset, toffset, off_day, off_sec);
-        return 0;
-    }
-    return 1;
-}
-
-#endif
diff --git a/freebsd/crypto/openssl/crypto/o_time.h b/freebsd/crypto/openssl/crypto/o_time.h
deleted file mode 100644
index f192c6dc..00000000
--- a/freebsd/crypto/openssl/crypto/o_time.h
+++ /dev/null
@@ -1,70 +0,0 @@
-/* crypto/o_time.h */
-/*
- * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
- * 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_O_TIME_H
-# define HEADER_O_TIME_H
-
-# include <time.h>
-
-struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result);
-int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec);
-int OPENSSL_gmtime_diff(int *pday, int *psec,
-                        const struct tm *from, const struct tm *to);
-
-#endif
diff --git a/freebsd/crypto/openssl/crypto/objects/o_names.c b/freebsd/crypto/openssl/crypto/objects/o_names.c
index e548711f..93932600 100644
--- a/freebsd/crypto/openssl/crypto/objects/o_names.c
+++ b/freebsd/crypto/openssl/crypto/objects/o_names.c
@@ -1,5 +1,14 @@
 #include <machine/rtems-bsd-user-space.h>
 
+/*
+ * Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -9,35 +18,41 @@
 #include <openssl/objects.h>
 #include <openssl/safestack.h>
 #include <openssl/e_os2.h>
+#include "internal/thread_once.h"
+#include "internal/lhash.h"
+#include "obj_lcl.h"
+#include "e_os.h"
 
 /*
- * Later versions of DEC C has started to add lnkage information to certain
- * functions, which makes it tricky to use them as values to regular function
- * pointers.  One way is to define a macro that takes care of casting them
- * correctly.
+ * We define this wrapper for two reasons. Firstly, later versions of
+ * DEC C add linkage information to certain functions, which makes it
+ * tricky to use them as values to regular function pointers.
+ * Secondly, in the EDK2 build environment, the strcasecmp function is
+ * actually an external function with the Microsoft ABI, so we can't
+ * transparently assign function pointers to it.
  */
-#ifdef OPENSSL_SYS_VMS_DECC
-# define OPENSSL_strcmp (int (*)(const char *,const char *))strcmp
+#if defined(OPENSSL_SYS_VMS_DECC) || defined(OPENSSL_SYS_UEFI)
+static int obj_strcasecmp(const char *a, const char *b)
+{
+    return strcasecmp(a, b);
+}
 #else
-# define OPENSSL_strcmp strcmp
+#define obj_strcasecmp strcasecmp
 #endif
 
 /*
  * I use the ex_data stuff to manage the identifiers for the obj_name_types
  * that applications may define.  I only really use the free function field.
  */
-DECLARE_LHASH_OF(OBJ_NAME);
 static LHASH_OF(OBJ_NAME) *names_lh = NULL;
 static int names_type_num = OBJ_NAME_TYPE_NUM;
+static CRYPTO_RWLOCK *obj_lock = NULL;
 
-typedef struct name_funcs_st {
+struct name_funcs_st {
     unsigned long (*hash_func) (const char *name);
     int (*cmp_func) (const char *a, const char *b);
     void (*free_func) (const char *, int, const char *);
-} NAME_FUNCS;
-
-DECLARE_STACK_OF(NAME_FUNCS)
-IMPLEMENT_STACK_OF(NAME_FUNCS)
+};
 
 static STACK_OF(NAME_FUNCS) *name_funcs_stack;
 
@@ -47,60 +62,69 @@ static STACK_OF(NAME_FUNCS) *name_funcs_stack;
  * casting without the need for macro-generated wrapper functions.
  */
 
-/* static unsigned long obj_name_hash(OBJ_NAME *a); */
-static unsigned long obj_name_hash(const void *a_void);
-/* static int obj_name_cmp(OBJ_NAME *a,OBJ_NAME *b); */
-static int obj_name_cmp(const void *a_void, const void *b_void);
+static unsigned long obj_name_hash(const OBJ_NAME *a);
+static int obj_name_cmp(const OBJ_NAME *a, const OBJ_NAME *b);
 
-static IMPLEMENT_LHASH_HASH_FN(obj_name, OBJ_NAME)
-static IMPLEMENT_LHASH_COMP_FN(obj_name, OBJ_NAME)
+static CRYPTO_ONCE init = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(o_names_init)
+{
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+    names_lh = lh_OBJ_NAME_new(obj_name_hash, obj_name_cmp);
+    obj_lock = CRYPTO_THREAD_lock_new();
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+    return names_lh != NULL && obj_lock != NULL;
+}
 
 int OBJ_NAME_init(void)
 {
-    if (names_lh != NULL)
-        return (1);
-    MemCheck_off();
-    names_lh = lh_OBJ_NAME_new();
-    MemCheck_on();
-    return (names_lh != NULL);
+    return RUN_ONCE(&init, o_names_init);
 }
 
 int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *),
                        int (*cmp_func) (const char *, const char *),
                        void (*free_func) (const char *, int, const char *))
 {
-    int ret;
-    int i;
+    int ret = 0, i, push;
     NAME_FUNCS *name_funcs;
 
+    if (!OBJ_NAME_init())
+        return 0;
+
+    CRYPTO_THREAD_write_lock(obj_lock);
+
     if (name_funcs_stack == NULL) {
-        MemCheck_off();
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
         name_funcs_stack = sk_NAME_FUNCS_new_null();
-        MemCheck_on();
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
     }
     if (name_funcs_stack == NULL) {
         /* ERROR */
-        return (0);
+        goto out;
     }
     ret = names_type_num;
     names_type_num++;
     for (i = sk_NAME_FUNCS_num(name_funcs_stack); i < names_type_num; i++) {
-        MemCheck_off();
-        name_funcs = OPENSSL_malloc(sizeof(NAME_FUNCS));
-        MemCheck_on();
-        if (!name_funcs) {
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+        name_funcs = OPENSSL_zalloc(sizeof(*name_funcs));
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+        if (name_funcs == NULL) {
+            OBJerr(OBJ_F_OBJ_NAME_NEW_INDEX, ERR_R_MALLOC_FAILURE);
+            ret = 0;
+            goto out;
+        }
+        name_funcs->hash_func = openssl_lh_strcasehash;
+        name_funcs->cmp_func = obj_strcasecmp;
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+
+        push = sk_NAME_FUNCS_push(name_funcs_stack, name_funcs);
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+
+        if (!push) {
             OBJerr(OBJ_F_OBJ_NAME_NEW_INDEX, ERR_R_MALLOC_FAILURE);
-            return (0);
+            OPENSSL_free(name_funcs);
+            ret = 0;
+            goto out;
         }
-        name_funcs->hash_func = lh_strhash;
-        name_funcs->cmp_func = OPENSSL_strcmp;
-        name_funcs->free_func = 0; /* NULL is often declared to * ((void
-                                    * *)0), which according * to Compaq C is
-                                    * not really * compatible with a function
-                                    * * pointer.  -- Richard Levitte */
-        MemCheck_off();
-        sk_NAME_FUNCS_push(name_funcs_stack, name_funcs);
-        MemCheck_on();
     }
     name_funcs = sk_NAME_FUNCS_value(name_funcs_stack, ret);
     if (hash_func != NULL)
@@ -109,15 +133,15 @@ int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *),
         name_funcs->cmp_func = cmp_func;
     if (free_func != NULL)
         name_funcs->free_func = free_func;
-    return (ret);
+
+out:
+    CRYPTO_THREAD_unlock(obj_lock);
+    return ret;
 }
 
-/* static int obj_name_cmp(OBJ_NAME *a, OBJ_NAME *b) */
-static int obj_name_cmp(const void *a_void, const void *b_void)
+static int obj_name_cmp(const OBJ_NAME *a, const OBJ_NAME *b)
 {
     int ret;
-    const OBJ_NAME *a = (const OBJ_NAME *)a_void;
-    const OBJ_NAME *b = (const OBJ_NAME *)b_void;
 
     ret = a->type - b->type;
     if (ret == 0) {
@@ -126,16 +150,14 @@ static int obj_name_cmp(const void *a_void, const void *b_void)
             ret = sk_NAME_FUNCS_value(name_funcs_stack,
                                       a->type)->cmp_func(a->name, b->name);
         } else
-            ret = strcmp(a->name, b->name);
+            ret = strcasecmp(a->name, b->name);
     }
-    return (ret);
+    return ret;
 }
 
-/* static unsigned long obj_name_hash(OBJ_NAME *a) */
-static unsigned long obj_name_hash(const void *a_void)
+static unsigned long obj_name_hash(const OBJ_NAME *a)
 {
     unsigned long ret;
-    const OBJ_NAME *a = (const OBJ_NAME *)a_void;
 
     if ((name_funcs_stack != NULL)
         && (sk_NAME_FUNCS_num(name_funcs_stack) > a->type)) {
@@ -143,21 +165,23 @@ static unsigned long obj_name_hash(const void *a_void)
             sk_NAME_FUNCS_value(name_funcs_stack,
                                 a->type)->hash_func(a->name);
     } else {
-        ret = lh_strhash(a->name);
+        ret = openssl_lh_strcasehash(a->name);
     }
     ret ^= a->type;
-    return (ret);
+    return ret;
 }
 
 const char *OBJ_NAME_get(const char *name, int type)
 {
     OBJ_NAME on, *ret;
     int num = 0, alias;
+    const char *value = NULL;
 
     if (name == NULL)
-        return (NULL);
-    if ((names_lh == NULL) && !OBJ_NAME_init())
-        return (NULL);
+        return NULL;
+    if (!OBJ_NAME_init())
+        return NULL;
+    CRYPTO_THREAD_read_lock(obj_lock);
 
     alias = type & OBJ_NAME_ALIAS;
     type &= ~OBJ_NAME_ALIAS;
@@ -168,32 +192,36 @@ const char *OBJ_NAME_get(const char *name, int type)
     for (;;) {
         ret = lh_OBJ_NAME_retrieve(names_lh, &on);
         if (ret == NULL)
-            return (NULL);
+            break;
         if ((ret->alias) && !alias) {
             if (++num > 10)
-                return (NULL);
+                break;
             on.name = ret->data;
         } else {
-            return (ret->data);
+            value = ret->data;
+            break;
         }
     }
+
+    CRYPTO_THREAD_unlock(obj_lock);
+    return value;
 }
 
 int OBJ_NAME_add(const char *name, int type, const char *data)
 {
     OBJ_NAME *onp, *ret;
-    int alias;
+    int alias, ok = 0;
 
-    if ((names_lh == NULL) && !OBJ_NAME_init())
-        return (0);
+    if (!OBJ_NAME_init())
+        return 0;
 
     alias = type & OBJ_NAME_ALIAS;
     type &= ~OBJ_NAME_ALIAS;
 
-    onp = (OBJ_NAME *)OPENSSL_malloc(sizeof(OBJ_NAME));
+    onp = OPENSSL_malloc(sizeof(*onp));
     if (onp == NULL) {
         /* ERROR */
-        return 0;
+        goto unlock;
     }
 
     onp->name = name;
@@ -201,6 +229,8 @@ int OBJ_NAME_add(const char *name, int type, const char *data)
     onp->type = type;
     onp->data = data;
 
+    CRYPTO_THREAD_write_lock(obj_lock);
+
     ret = lh_OBJ_NAME_insert(names_lh, onp);
     if (ret != NULL) {
         /* free things */
@@ -219,18 +249,26 @@ int OBJ_NAME_add(const char *name, int type, const char *data)
         if (lh_OBJ_NAME_error(names_lh)) {
             /* ERROR */
             OPENSSL_free(onp);
-            return 0;
+            goto unlock;
         }
     }
-    return 1;
+
+    ok = 1;
+
+unlock:
+    CRYPTO_THREAD_unlock(obj_lock);
+    return ok;
 }
 
 int OBJ_NAME_remove(const char *name, int type)
 {
     OBJ_NAME on, *ret;
+    int ok = 0;
 
-    if (names_lh == NULL)
-        return (0);
+    if (!OBJ_NAME_init())
+        return 0;
+
+    CRYPTO_THREAD_write_lock(obj_lock);
 
     type &= ~OBJ_NAME_ALIAS;
     on.name = name;
@@ -249,36 +287,37 @@ int OBJ_NAME_remove(const char *name, int type)
                                                       ret->data);
         }
         OPENSSL_free(ret);
-        return (1);
-    } else
-        return (0);
+        ok = 1;
+    }
+
+    CRYPTO_THREAD_unlock(obj_lock);
+    return ok;
 }
 
-struct doall {
+typedef struct {
     int type;
     void (*fn) (const OBJ_NAME *, void *arg);
     void *arg;
-};
+} OBJ_DOALL;
 
-static void do_all_fn_doall_arg(const OBJ_NAME *name, struct doall *d)
+static void do_all_fn(const OBJ_NAME *name, OBJ_DOALL *d)
 {
     if (name->type == d->type)
         d->fn(name, d->arg);
 }
 
-static IMPLEMENT_LHASH_DOALL_ARG_FN(do_all_fn, const OBJ_NAME, struct doall)
+IMPLEMENT_LHASH_DOALL_ARG_CONST(OBJ_NAME, OBJ_DOALL);
 
 void OBJ_NAME_do_all(int type, void (*fn) (const OBJ_NAME *, void *arg),
                      void *arg)
 {
-    struct doall d;
+    OBJ_DOALL d;
 
     d.type = type;
     d.fn = fn;
     d.arg = arg;
 
-    lh_OBJ_NAME_doall_arg(names_lh, LHASH_DOALL_ARG_FN(do_all_fn),
-                          struct doall, &d);
+    lh_OBJ_NAME_doall_OBJ_DOALL(names_lh, do_all_fn, &d);
 }
 
 struct doall_sorted {
@@ -314,9 +353,9 @@ void OBJ_NAME_do_all_sorted(int type,
 
     d.type = type;
     d.names =
-        OPENSSL_malloc(lh_OBJ_NAME_num_items(names_lh) * sizeof(*d.names));
+        OPENSSL_malloc(sizeof(*d.names) * lh_OBJ_NAME_num_items(names_lh));
     /* Really should return an error if !d.names...but its a void function! */
-    if (d.names) {
+    if (d.names != NULL) {
         d.n = 0;
         OBJ_NAME_do_all(type, do_all_sorted_fn, &d);
 
@@ -340,8 +379,6 @@ static void names_lh_free_doall(OBJ_NAME *onp)
         OBJ_NAME_remove(onp->name, onp->type);
 }
 
-static IMPLEMENT_LHASH_DOALL_FN(names_lh_free, OBJ_NAME)
-
 static void name_funcs_free(NAME_FUNCS *ptr)
 {
     OPENSSL_free(ptr);
@@ -355,15 +392,17 @@ void OBJ_NAME_cleanup(int type)
         return;
 
     free_type = type;
-    down_load = lh_OBJ_NAME_down_load(names_lh);
-    lh_OBJ_NAME_down_load(names_lh) = 0;
+    down_load = lh_OBJ_NAME_get_down_load(names_lh);
+    lh_OBJ_NAME_set_down_load(names_lh, 0);
 
-    lh_OBJ_NAME_doall(names_lh, LHASH_DOALL_FN(names_lh_free));
+    lh_OBJ_NAME_doall(names_lh, names_lh_free_doall);
     if (type < 0) {
         lh_OBJ_NAME_free(names_lh);
         sk_NAME_FUNCS_pop_free(name_funcs_stack, name_funcs_free);
+        CRYPTO_THREAD_lock_free(obj_lock);
         names_lh = NULL;
         name_funcs_stack = NULL;
+        obj_lock = NULL;
     } else
-        lh_OBJ_NAME_down_load(names_lh) = down_load;
+        lh_OBJ_NAME_set_down_load(names_lh, down_load);
 }
diff --git a/freebsd/crypto/openssl/crypto/objects/obj_dat.c b/freebsd/crypto/openssl/crypto/objects/obj_dat.c
index 861641bc..beff1cfb 100644
--- a/freebsd/crypto/openssl/crypto/objects/obj_dat.c
+++ b/freebsd/crypto/openssl/crypto/objects/obj_dat.c
@@ -1,87 +1,27 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/objects/obj_dat.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include <ctype.h>
+#include "internal/ctype.h"
 #include <limits.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/lhash.h>
 #include <openssl/asn1.h>
-#include <openssl/objects.h>
+#include "internal/objects.h"
 #include <openssl/bn.h>
+#include "internal/asn1_int.h"
+#include "obj_lcl.h"
 
 /* obj_dat.h is generated from objects.h by obj_dat.pl */
-#ifndef OPENSSL_NO_OBJECT
-# include "obj_dat.h"
-#else
-/* You will have to load all the objects needed manually in the application */
-# define NUM_NID 0
-# define NUM_SN 0
-# define NUM_LN 0
-# define NUM_OBJ 0
-static const unsigned char lvalues[1];
-static const ASN1_OBJECT nid_objs[1];
-static const unsigned int sn_objs[1];
-static const unsigned int ln_objs[1];
-static const unsigned int obj_objs[1];
-#endif
+#include "obj_dat.h"
 
 DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, sn);
 DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, ln);
@@ -92,25 +32,24 @@ DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, obj);
 #define ADDED_LNAME     2
 #define ADDED_NID       3
 
-typedef struct added_obj_st {
+struct added_obj_st {
     int type;
     ASN1_OBJECT *obj;
-} ADDED_OBJ;
-DECLARE_LHASH_OF(ADDED_OBJ);
+};
 
 static int new_nid = NUM_NID;
 static LHASH_OF(ADDED_OBJ) *added = NULL;
 
 static int sn_cmp(const ASN1_OBJECT *const *a, const unsigned int *b)
 {
-    return (strcmp((*a)->sn, nid_objs[*b].sn));
+    return strcmp((*a)->sn, nid_objs[*b].sn);
 }
 
 IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, sn);
 
 static int ln_cmp(const ASN1_OBJECT *const *a, const unsigned int *b)
 {
-    return (strcmp((*a)->ln, nid_objs[*b].ln));
+    return strcmp((*a)->ln, nid_objs[*b].ln);
 }
 
 IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, ln);
@@ -131,10 +70,10 @@ static unsigned long added_obj_hash(const ADDED_OBJ *ca)
             ret ^= p[i] << ((i * 3) % 24);
         break;
     case ADDED_SNAME:
-        ret = lh_strhash(a->sn);
+        ret = OPENSSL_LH_strhash(a->sn);
         break;
     case ADDED_LNAME:
-        ret = lh_strhash(a->ln);
+        ret = OPENSSL_LH_strhash(a->ln);
         break;
     case ADDED_NID:
         ret = a->nid;
@@ -145,11 +84,9 @@ static unsigned long added_obj_hash(const ADDED_OBJ *ca)
     }
     ret &= 0x3fffffffL;
     ret |= ((unsigned long)ca->type) << 30L;
-    return (ret);
+    return ret;
 }
 
-static IMPLEMENT_LHASH_HASH_FN(added_obj, ADDED_OBJ)
-
 static int added_obj_cmp(const ADDED_OBJ *ca, const ADDED_OBJ *cb)
 {
     ASN1_OBJECT *a, *b;
@@ -157,45 +94,43 @@ static int added_obj_cmp(const ADDED_OBJ *ca, const ADDED_OBJ *cb)
 
     i = ca->type - cb->type;
     if (i)
-        return (i);
+        return i;
     a = ca->obj;
     b = cb->obj;
     switch (ca->type) {
     case ADDED_DATA:
         i = (a->length - b->length);
         if (i)
-            return (i);
-        return (memcmp(a->data, b->data, (size_t)a->length));
+            return i;
+        return memcmp(a->data, b->data, (size_t)a->length);
     case ADDED_SNAME:
         if (a->sn == NULL)
-            return (-1);
+            return -1;
         else if (b->sn == NULL)
-            return (1);
+            return 1;
         else
-            return (strcmp(a->sn, b->sn));
+            return strcmp(a->sn, b->sn);
     case ADDED_LNAME:
         if (a->ln == NULL)
-            return (-1);
+            return -1;
         else if (b->ln == NULL)
-            return (1);
+            return 1;
         else
-            return (strcmp(a->ln, b->ln));
+            return strcmp(a->ln, b->ln);
     case ADDED_NID:
-        return (a->nid - b->nid);
+        return a->nid - b->nid;
     default:
         /* abort(); */
         return 0;
     }
 }
 
-static IMPLEMENT_LHASH_COMP_FN(added_obj, ADDED_OBJ)
-
 static int init_added(void)
 {
     if (added != NULL)
-        return (1);
-    added = lh_ADDED_OBJ_new();
-    return (added != NULL);
+        return 1;
+    added = lh_ADDED_OBJ_new(added_obj_hash, added_obj_cmp);
+    return added != NULL;
 }
 
 static void cleanup1_doall(ADDED_OBJ *a)
@@ -217,34 +152,14 @@ static void cleanup3_doall(ADDED_OBJ *a)
     OPENSSL_free(a);
 }
 
-static IMPLEMENT_LHASH_DOALL_FN(cleanup1, ADDED_OBJ)
-static IMPLEMENT_LHASH_DOALL_FN(cleanup2, ADDED_OBJ)
-static IMPLEMENT_LHASH_DOALL_FN(cleanup3, ADDED_OBJ)
-
-/*
- * The purpose of obj_cleanup_defer is to avoid EVP_cleanup() attempting to
- * use freed up OIDs. If neccessary the actual freeing up of OIDs is delayed.
- */
-int obj_cleanup_defer = 0;
-
-void check_defer(int nid)
-{
-    if (!obj_cleanup_defer && nid >= NUM_NID)
-        obj_cleanup_defer = 1;
-}
-
-void OBJ_cleanup(void)
+void obj_cleanup_int(void)
 {
-    if (obj_cleanup_defer) {
-        obj_cleanup_defer = 2;
-        return;
-    }
     if (added == NULL)
         return;
-    lh_ADDED_OBJ_down_load(added) = 0;
-    lh_ADDED_OBJ_doall(added, LHASH_DOALL_FN(cleanup1)); /* zero counters */
-    lh_ADDED_OBJ_doall(added, LHASH_DOALL_FN(cleanup2)); /* set counters */
-    lh_ADDED_OBJ_doall(added, LHASH_DOALL_FN(cleanup3)); /* free objects */
+    lh_ADDED_OBJ_set_down_load(added, 0);
+    lh_ADDED_OBJ_doall(added, cleanup1_doall); /* zero counters */
+    lh_ADDED_OBJ_doall(added, cleanup2_doall); /* set counters */
+    lh_ADDED_OBJ_doall(added, cleanup3_doall); /* free objects */
     lh_ADDED_OBJ_free(added);
     added = NULL;
 }
@@ -255,7 +170,7 @@ int OBJ_new_nid(int num)
 
     i = new_nid;
     new_nid += num;
-    return (i);
+    return i;
 }
 
 int OBJ_add_object(const ASN1_OBJECT *obj)
@@ -266,24 +181,19 @@ int OBJ_add_object(const ASN1_OBJECT *obj)
 
     if (added == NULL)
         if (!init_added())
-            return (0);
+            return 0;
     if ((o = OBJ_dup(obj)) == NULL)
         goto err;
-    if (!(ao[ADDED_NID] = (ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ))))
+    if ((ao[ADDED_NID] = OPENSSL_malloc(sizeof(*ao[0]))) == NULL)
         goto err2;
     if ((o->length != 0) && (obj->data != NULL))
-        if (!
-            (ao[ADDED_DATA] = (ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ))))
+        if ((ao[ADDED_DATA] = OPENSSL_malloc(sizeof(*ao[0]))) == NULL)
             goto err2;
     if (o->sn != NULL)
-        if (!
-            (ao[ADDED_SNAME] =
-             (ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ))))
+        if ((ao[ADDED_SNAME] = OPENSSL_malloc(sizeof(*ao[0]))) == NULL)
             goto err2;
     if (o->ln != NULL)
-        if (!
-            (ao[ADDED_LNAME] =
-             (ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ))))
+        if ((ao[ADDED_LNAME] = OPENSSL_malloc(sizeof(*ao[0]))) == NULL)
             goto err2;
 
     for (i = ADDED_DATA; i <= ADDED_NID; i++) {
@@ -291,22 +201,20 @@ int OBJ_add_object(const ASN1_OBJECT *obj)
             ao[i]->type = i;
             ao[i]->obj = o;
             aop = lh_ADDED_OBJ_insert(added, ao[i]);
-            /* memory leak, buit should not normally matter */
-            if (aop != NULL)
-                OPENSSL_free(aop);
+            /* memory leak, but should not normally matter */
+            OPENSSL_free(aop);
         }
     }
     o->flags &=
         ~(ASN1_OBJECT_FLAG_DYNAMIC | ASN1_OBJECT_FLAG_DYNAMIC_STRINGS |
           ASN1_OBJECT_FLAG_DYNAMIC_DATA);
 
-    return (o->nid);
+    return o->nid;
  err2:
     OBJerr(OBJ_F_OBJ_ADD_OBJECT, ERR_R_MALLOC_FAILURE);
  err:
     for (i = ADDED_DATA; i <= ADDED_NID; i++)
-        if (ao[i] != NULL)
-            OPENSSL_free(ao[i]);
+        OPENSSL_free(ao[i]);
     ASN1_OBJECT_free(o);
     return NID_undef;
 }
@@ -319,21 +227,21 @@ ASN1_OBJECT *OBJ_nid2obj(int n)
     if ((n >= 0) && (n < NUM_NID)) {
         if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) {
             OBJerr(OBJ_F_OBJ_NID2OBJ, OBJ_R_UNKNOWN_NID);
-            return (NULL);
+            return NULL;
         }
-        return ((ASN1_OBJECT *)&(nid_objs[n]));
+        return (ASN1_OBJECT *)&(nid_objs[n]);
     } else if (added == NULL)
-        return (NULL);
+        return NULL;
     else {
         ad.type = ADDED_NID;
         ad.obj = &ob;
         ob.nid = n;
         adp = lh_ADDED_OBJ_retrieve(added, &ad);
         if (adp != NULL)
-            return (adp->obj);
+            return adp->obj;
         else {
             OBJerr(OBJ_F_OBJ_NID2OBJ, OBJ_R_UNKNOWN_NID);
-            return (NULL);
+            return NULL;
         }
     }
 }
@@ -346,21 +254,21 @@ const char *OBJ_nid2sn(int n)
     if ((n >= 0) && (n < NUM_NID)) {
         if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) {
             OBJerr(OBJ_F_OBJ_NID2SN, OBJ_R_UNKNOWN_NID);
-            return (NULL);
+            return NULL;
         }
-        return (nid_objs[n].sn);
+        return nid_objs[n].sn;
     } else if (added == NULL)
-        return (NULL);
+        return NULL;
     else {
         ad.type = ADDED_NID;
         ad.obj = &ob;
         ob.nid = n;
         adp = lh_ADDED_OBJ_retrieve(added, &ad);
         if (adp != NULL)
-            return (adp->obj->sn);
+            return adp->obj->sn;
         else {
             OBJerr(OBJ_F_OBJ_NID2SN, OBJ_R_UNKNOWN_NID);
-            return (NULL);
+            return NULL;
         }
     }
 }
@@ -373,21 +281,21 @@ const char *OBJ_nid2ln(int n)
     if ((n >= 0) && (n < NUM_NID)) {
         if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) {
             OBJerr(OBJ_F_OBJ_NID2LN, OBJ_R_UNKNOWN_NID);
-            return (NULL);
+            return NULL;
         }
-        return (nid_objs[n].ln);
+        return nid_objs[n].ln;
     } else if (added == NULL)
-        return (NULL);
+        return NULL;
     else {
         ad.type = ADDED_NID;
         ad.obj = &ob;
         ob.nid = n;
         adp = lh_ADDED_OBJ_retrieve(added, &ad);
         if (adp != NULL)
-            return (adp->obj->ln);
+            return adp->obj->ln;
         else {
             OBJerr(OBJ_F_OBJ_NID2LN, OBJ_R_UNKNOWN_NID);
-            return (NULL);
+            return NULL;
         }
     }
 }
@@ -400,10 +308,10 @@ static int obj_cmp(const ASN1_OBJECT *const *ap, const unsigned int *bp)
 
     j = (a->length - b->length);
     if (j)
-        return (j);
+        return j;
     if (a->length == 0)
         return 0;
-    return (memcmp(a->data, b->data, a->length));
+    return memcmp(a->data, b->data, a->length);
 }
 
 IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, obj);
@@ -414,9 +322,9 @@ int OBJ_obj2nid(const ASN1_OBJECT *a)
     ADDED_OBJ ad, *adp;
 
     if (a == NULL)
-        return (NID_undef);
+        return NID_undef;
     if (a->nid != 0)
-        return (a->nid);
+        return a->nid;
 
     if (a->length == 0)
         return NID_undef;
@@ -426,12 +334,12 @@ int OBJ_obj2nid(const ASN1_OBJECT *a)
         ad.obj = (ASN1_OBJECT *)a; /* XXX: ugly but harmless */
         adp = lh_ADDED_OBJ_retrieve(added, &ad);
         if (adp != NULL)
-            return (adp->obj->nid);
+            return adp->obj->nid;
     }
     op = OBJ_bsearch_obj(&a, obj_objs, NUM_OBJ);
     if (op == NULL)
-        return (NID_undef);
-    return (nid_objs[*op].nid);
+        return NID_undef;
+    return nid_objs[*op].nid;
 }
 
 /*
@@ -444,7 +352,7 @@ int OBJ_obj2nid(const ASN1_OBJECT *a)
 ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name)
 {
     int nid = NID_undef;
-    ASN1_OBJECT *op = NULL;
+    ASN1_OBJECT *op;
     unsigned char *buf;
     unsigned char *p;
     const unsigned char *cp;
@@ -467,9 +375,13 @@ ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name)
     }
     /* Work out total size */
     j = ASN1_object_size(0, i, V_ASN1_OBJECT);
+    if (j < 0)
+        return NULL;
 
-    if ((buf = (unsigned char *)OPENSSL_malloc(j)) == NULL)
+    if ((buf = OPENSSL_malloc(j)) == NULL) {
+        OBJerr(OBJ_F_OBJ_TXT2OBJ, ERR_R_MALLOC_FAILURE);
         return NULL;
+    }
 
     p = buf;
     /* Write out tag+length */
@@ -496,7 +408,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
         buf[0] = '\0';
 
     if ((a == NULL) || (a->data == NULL))
-        return (0);
+        return 0;
 
     if (!no_name && (nid = OBJ_obj2nid(a)) != NID_undef) {
         const char *s;
@@ -505,7 +417,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
             s = OBJ_nid2sn(nid);
         if (s) {
             if (buf)
-                BUF_strlcpy(buf, s, buf_len);
+                OPENSSL_strlcpy(buf, s, buf_len);
             n = strlen(s);
             return n;
         }
@@ -533,7 +445,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
             if (!(c & 0x80))
                 break;
             if (!use_bn && (l > (ULONG_MAX >> 7L))) {
-                if (!bl && !(bl = BN_new()))
+                if (bl == NULL && (bl = BN_new()) == NULL)
                     goto err;
                 if (!BN_set_word(bl, l))
                     goto err;
@@ -579,7 +491,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
                     *buf = '\0';
                     buf_len--;
                 }
-                BUF_strlcpy(buf, bndec, buf_len);
+                OPENSSL_strlcpy(buf, bndec, buf_len);
                 if (i > buf_len) {
                     buf += buf_len;
                     buf_len = 0;
@@ -595,7 +507,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
             BIO_snprintf(tbuf, sizeof(tbuf), ".%lu", l);
             i = strlen(tbuf);
             if (buf && (buf_len > 0)) {
-                BUF_strlcpy(buf, tbuf, buf_len);
+                OPENSSL_strlcpy(buf, tbuf, buf_len);
                 if (i > buf_len) {
                     buf += buf_len;
                     buf_len = 0;
@@ -609,13 +521,11 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
         }
     }
 
-    if (bl)
-        BN_free(bl);
+    BN_free(bl);
     return n;
 
  err:
-    if (bl)
-        BN_free(bl);
+    BN_free(bl);
     return -1;
 }
 
@@ -642,12 +552,12 @@ int OBJ_ln2nid(const char *s)
         ad.obj = &o;
         adp = lh_ADDED_OBJ_retrieve(added, &ad);
         if (adp != NULL)
-            return (adp->obj->nid);
+            return adp->obj->nid;
     }
     op = OBJ_bsearch_ln(&oo, ln_objs, NUM_LN);
     if (op == NULL)
-        return (NID_undef);
-    return (nid_objs[*op].nid);
+        return NID_undef;
+    return nid_objs[*op].nid;
 }
 
 int OBJ_sn2nid(const char *s)
@@ -663,12 +573,12 @@ int OBJ_sn2nid(const char *s)
         ad.obj = &o;
         adp = lh_ADDED_OBJ_retrieve(added, &ad);
         if (adp != NULL)
-            return (adp->obj->nid);
+            return adp->obj->nid;
     }
     op = OBJ_bsearch_sn(&oo, sn_objs, NUM_SN);
     if (op == NULL)
-        return (NID_undef);
-    return (nid_objs[*op].nid);
+        return NID_undef;
+    return nid_objs[*op].nid;
 }
 
 const void *OBJ_bsearch_(const void *key, const void *base, int num, int size,
@@ -687,7 +597,7 @@ const void *OBJ_bsearch_ex_(const void *key, const void *base_, int num,
     const char *p = NULL;
 
     if (num == 0)
-        return (NULL);
+        return NULL;
     l = 0;
     h = num;
     while (l < h) {
@@ -723,7 +633,7 @@ const void *OBJ_bsearch_ex_(const void *key, const void *base_, int num,
             i--;
         p = &(base[i * size]);
     }
-    return (p);
+    return p;
 }
 
 /*
@@ -732,7 +642,7 @@ const void *OBJ_bsearch_ex_(const void *key, const void *base_, int num,
  */
 int OBJ_create_objects(BIO *in)
 {
-    MS_STATIC char buf[512];
+    char buf[512];
     int i, num = 0;
     char *o, *s, *l = NULL;
 
@@ -740,26 +650,26 @@ int OBJ_create_objects(BIO *in)
         s = o = NULL;
         i = BIO_gets(in, buf, 512);
         if (i <= 0)
-            return (num);
+            return num;
         buf[i - 1] = '\0';
-        if (!isalnum((unsigned char)buf[0]))
-            return (num);
+        if (!ossl_isalnum(buf[0]))
+            return num;
         o = s = buf;
-        while (isdigit((unsigned char)*s) || (*s == '.'))
+        while (ossl_isdigit(*s) || *s == '.')
             s++;
         if (*s != '\0') {
             *(s++) = '\0';
-            while (isspace((unsigned char)*s))
+            while (ossl_isspace(*s))
                 s++;
             if (*s == '\0') {
                 s = NULL;
             } else {
                 l = s;
-                while ((*l != '\0') && !isspace((unsigned char)*l))
+                while (*l != '\0' && !ossl_isspace(*l))
                     l++;
                 if (*l != '\0') {
                     *(l++) = '\0';
-                    while (isspace((unsigned char)*l))
+                    while (ossl_isspace(*l))
                         l++;
                     if (*l == '\0') {
                         l = NULL;
@@ -774,36 +684,58 @@ int OBJ_create_objects(BIO *in)
         if (*o == '\0')
             return num;
         if (!OBJ_create(o, s, l))
-            return (num);
+            return num;
         num++;
     }
-    /* return(num); */
 }
 
 int OBJ_create(const char *oid, const char *sn, const char *ln)
 {
+    ASN1_OBJECT *tmpoid = NULL;
     int ok = 0;
-    ASN1_OBJECT *op = NULL;
-    unsigned char *buf;
-    int i;
-
-    i = a2d_ASN1_OBJECT(NULL, 0, oid, -1);
-    if (i <= 0)
-        return (0);
 
-    if ((buf = (unsigned char *)OPENSSL_malloc(i)) == NULL) {
-        OBJerr(OBJ_F_OBJ_CREATE, ERR_R_MALLOC_FAILURE);
-        return (0);
+    /* Check to see if short or long name already present */
+    if ((sn != NULL && OBJ_sn2nid(sn) != NID_undef)
+            || (ln != NULL && OBJ_ln2nid(ln) != NID_undef)) {
+        OBJerr(OBJ_F_OBJ_CREATE, OBJ_R_OID_EXISTS);
+        return 0;
     }
-    i = a2d_ASN1_OBJECT(buf, i, oid, -1);
-    if (i == 0)
-        goto err;
-    op = (ASN1_OBJECT *)ASN1_OBJECT_create(OBJ_new_nid(1), buf, i, sn, ln);
-    if (op == NULL)
+
+    /* Convert numerical OID string to an ASN1_OBJECT structure */
+    tmpoid = OBJ_txt2obj(oid, 1);
+    if (tmpoid == NULL)
+        return 0;
+
+    /* If NID is not NID_undef then object already exists */
+    if (OBJ_obj2nid(tmpoid) != NID_undef) {
+        OBJerr(OBJ_F_OBJ_CREATE, OBJ_R_OID_EXISTS);
         goto err;
-    ok = OBJ_add_object(op);
+    }
+
+    tmpoid->nid = OBJ_new_nid(1);
+    tmpoid->sn = (char *)sn;
+    tmpoid->ln = (char *)ln;
+
+    ok = OBJ_add_object(tmpoid);
+
+    tmpoid->sn = NULL;
+    tmpoid->ln = NULL;
+
  err:
-    ASN1_OBJECT_free(op);
-    OPENSSL_free(buf);
-    return (ok);
+    ASN1_OBJECT_free(tmpoid);
+    return ok;
+}
+
+size_t OBJ_length(const ASN1_OBJECT *obj)
+{
+    if (obj == NULL)
+        return 0;
+    return obj->length;
+}
+
+const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj)
+{
+    if (obj == NULL)
+        return NULL;
+    return obj->data;
 }
diff --git a/freebsd/crypto/openssl/crypto/objects/obj_dat.h b/freebsd/crypto/openssl/crypto/objects/obj_dat.h
index b7e3cf28..e931f7f5 100644
--- a/freebsd/crypto/openssl/crypto/objects/obj_dat.h
+++ b/freebsd/crypto/openssl/crypto/objects/obj_dat.h
@@ -1,5319 +1,5733 @@
-/* crypto/objects/obj_dat.h */
-
-/* THIS FILE IS GENERATED FROM objects.h by obj_dat.pl via the
- * following command:
- * perl obj_dat.pl obj_mac.h obj_dat.h
- */
-
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * WARNING: do not edit!
+ * Generated by crypto/objects/obj_dat.pl
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#define NUM_NID 958
-#define NUM_SN 951
-#define NUM_LN 951
-#define NUM_OBJ 890
-
-static const unsigned char lvalues[6255]={
-0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  0] OBJ_rsadsi */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  6] OBJ_pkcs */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02,     /* [ 13] OBJ_md2 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x05,     /* [ 21] OBJ_md5 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x04,     /* [ 29] OBJ_rc4 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,/* [ 37] OBJ_rsaEncryption */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x02,/* [ 46] OBJ_md2WithRSAEncryption */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x04,/* [ 55] OBJ_md5WithRSAEncryption */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x01,/* [ 64] OBJ_pbeWithMD2AndDES_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x03,/* [ 73] OBJ_pbeWithMD5AndDES_CBC */
-0x55,                                        /* [ 82] OBJ_X500 */
-0x55,0x04,                                   /* [ 83] OBJ_X509 */
-0x55,0x04,0x03,                              /* [ 85] OBJ_commonName */
-0x55,0x04,0x06,                              /* [ 88] OBJ_countryName */
-0x55,0x04,0x07,                              /* [ 91] OBJ_localityName */
-0x55,0x04,0x08,                              /* [ 94] OBJ_stateOrProvinceName */
-0x55,0x04,0x0A,                              /* [ 97] OBJ_organizationName */
-0x55,0x04,0x0B,                              /* [100] OBJ_organizationalUnitName */
-0x55,0x08,0x01,0x01,                         /* [103] OBJ_rsa */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,     /* [107] OBJ_pkcs7 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x01,/* [115] OBJ_pkcs7_data */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x02,/* [124] OBJ_pkcs7_signed */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x03,/* [133] OBJ_pkcs7_enveloped */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x04,/* [142] OBJ_pkcs7_signedAndEnveloped */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x05,/* [151] OBJ_pkcs7_digest */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x06,/* [160] OBJ_pkcs7_encrypted */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x03,     /* [169] OBJ_pkcs3 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x03,0x01,/* [177] OBJ_dhKeyAgreement */
-0x2B,0x0E,0x03,0x02,0x06,                    /* [186] OBJ_des_ecb */
-0x2B,0x0E,0x03,0x02,0x09,                    /* [191] OBJ_des_cfb64 */
-0x2B,0x0E,0x03,0x02,0x07,                    /* [196] OBJ_des_cbc */
-0x2B,0x0E,0x03,0x02,0x11,                    /* [201] OBJ_des_ede_ecb */
-0x2B,0x06,0x01,0x04,0x01,0x81,0x3C,0x07,0x01,0x01,0x02,/* [206] OBJ_idea_cbc */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x02,     /* [217] OBJ_rc2_cbc */
-0x2B,0x0E,0x03,0x02,0x12,                    /* [225] OBJ_sha */
-0x2B,0x0E,0x03,0x02,0x0F,                    /* [230] OBJ_shaWithRSAEncryption */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x07,     /* [235] OBJ_des_ede3_cbc */
-0x2B,0x0E,0x03,0x02,0x08,                    /* [243] OBJ_des_ofb64 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,     /* [248] OBJ_pkcs9 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x01,/* [256] OBJ_pkcs9_emailAddress */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x02,/* [265] OBJ_pkcs9_unstructuredName */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x03,/* [274] OBJ_pkcs9_contentType */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x04,/* [283] OBJ_pkcs9_messageDigest */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x05,/* [292] OBJ_pkcs9_signingTime */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x06,/* [301] OBJ_pkcs9_countersignature */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x07,/* [310] OBJ_pkcs9_challengePassword */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x08,/* [319] OBJ_pkcs9_unstructuredAddress */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x09,/* [328] OBJ_pkcs9_extCertAttributes */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,          /* [337] OBJ_netscape */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,     /* [344] OBJ_netscape_cert_extension */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02,     /* [352] OBJ_netscape_data_type */
-0x2B,0x0E,0x03,0x02,0x1A,                    /* [360] OBJ_sha1 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,/* [365] OBJ_sha1WithRSAEncryption */
-0x2B,0x0E,0x03,0x02,0x0D,                    /* [374] OBJ_dsaWithSHA */
-0x2B,0x0E,0x03,0x02,0x0C,                    /* [379] OBJ_dsa_2 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0B,/* [384] OBJ_pbeWithSHA1AndRC2_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0C,/* [393] OBJ_id_pbkdf2 */
-0x2B,0x0E,0x03,0x02,0x1B,                    /* [402] OBJ_dsaWithSHA1_2 */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x01,/* [407] OBJ_netscape_cert_type */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x02,/* [416] OBJ_netscape_base_url */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x03,/* [425] OBJ_netscape_revocation_url */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x04,/* [434] OBJ_netscape_ca_revocation_url */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x07,/* [443] OBJ_netscape_renewal_url */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x08,/* [452] OBJ_netscape_ca_policy_url */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0C,/* [461] OBJ_netscape_ssl_server_name */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0D,/* [470] OBJ_netscape_comment */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02,0x05,/* [479] OBJ_netscape_cert_sequence */
-0x55,0x1D,                                   /* [488] OBJ_id_ce */
-0x55,0x1D,0x0E,                              /* [490] OBJ_subject_key_identifier */
-0x55,0x1D,0x0F,                              /* [493] OBJ_key_usage */
-0x55,0x1D,0x10,                              /* [496] OBJ_private_key_usage_period */
-0x55,0x1D,0x11,                              /* [499] OBJ_subject_alt_name */
-0x55,0x1D,0x12,                              /* [502] OBJ_issuer_alt_name */
-0x55,0x1D,0x13,                              /* [505] OBJ_basic_constraints */
-0x55,0x1D,0x14,                              /* [508] OBJ_crl_number */
-0x55,0x1D,0x20,                              /* [511] OBJ_certificate_policies */
-0x55,0x1D,0x23,                              /* [514] OBJ_authority_key_identifier */
-0x2B,0x06,0x01,0x04,0x01,0x97,0x55,0x01,0x02,/* [517] OBJ_bf_cbc */
-0x55,0x08,0x03,0x65,                         /* [526] OBJ_mdc2 */
-0x55,0x08,0x03,0x64,                         /* [530] OBJ_mdc2WithRSA */
-0x55,0x04,0x2A,                              /* [534] OBJ_givenName */
-0x55,0x04,0x04,                              /* [537] OBJ_surname */
-0x55,0x04,0x2B,                              /* [540] OBJ_initials */
-0x55,0x1D,0x1F,                              /* [543] OBJ_crl_distribution_points */
-0x2B,0x0E,0x03,0x02,0x03,                    /* [546] OBJ_md5WithRSA */
-0x55,0x04,0x05,                              /* [551] OBJ_serialNumber */
-0x55,0x04,0x0C,                              /* [554] OBJ_title */
-0x55,0x04,0x0D,                              /* [557] OBJ_description */
-0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0A,/* [560] OBJ_cast5_cbc */
-0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0C,/* [569] OBJ_pbeWithMD5AndCast5_CBC */
-0x2A,0x86,0x48,0xCE,0x38,0x04,0x03,          /* [578] OBJ_dsaWithSHA1 */
-0x2B,0x0E,0x03,0x02,0x1D,                    /* [585] OBJ_sha1WithRSA */
-0x2A,0x86,0x48,0xCE,0x38,0x04,0x01,          /* [590] OBJ_dsa */
-0x2B,0x24,0x03,0x02,0x01,                    /* [597] OBJ_ripemd160 */
-0x2B,0x24,0x03,0x03,0x01,0x02,               /* [602] OBJ_ripemd160WithRSA */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x08,     /* [608] OBJ_rc5_cbc */
-0x29,0x01,0x01,0x85,0x1A,0x01,               /* [616] OBJ_rle_compression */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x08,/* [622] OBJ_zlib_compression */
-0x55,0x1D,0x25,                              /* [633] OBJ_ext_key_usage */
-0x2B,0x06,0x01,0x05,0x05,0x07,               /* [636] OBJ_id_pkix */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,          /* [642] OBJ_id_kp */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,     /* [649] OBJ_server_auth */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,     /* [657] OBJ_client_auth */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03,     /* [665] OBJ_code_sign */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x04,     /* [673] OBJ_email_protect */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x08,     /* [681] OBJ_time_stamp */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x15,/* [689] OBJ_ms_code_ind */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x16,/* [699] OBJ_ms_code_com */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x01,/* [709] OBJ_ms_ctl_sign */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x03,/* [719] OBJ_ms_sgc */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x04,/* [729] OBJ_ms_efs */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01,/* [739] OBJ_ns_sgc */
-0x55,0x1D,0x1B,                              /* [748] OBJ_delta_crl */
-0x55,0x1D,0x15,                              /* [751] OBJ_crl_reason */
-0x55,0x1D,0x18,                              /* [754] OBJ_invalidity_date */
-0x2B,0x65,0x01,0x04,0x01,                    /* [757] OBJ_sxnet */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x01,/* [762] OBJ_pbe_WithSHA1And128BitRC4 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x02,/* [772] OBJ_pbe_WithSHA1And40BitRC4 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x03,/* [782] OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x04,/* [792] OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x05,/* [802] OBJ_pbe_WithSHA1And128BitRC2_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x06,/* [812] OBJ_pbe_WithSHA1And40BitRC2_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x01,/* [822] OBJ_keyBag */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x02,/* [833] OBJ_pkcs8ShroudedKeyBag */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x03,/* [844] OBJ_certBag */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x04,/* [855] OBJ_crlBag */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x05,/* [866] OBJ_secretBag */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x06,/* [877] OBJ_safeContentsBag */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x14,/* [888] OBJ_friendlyName */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x15,/* [897] OBJ_localKeyID */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x01,/* [906] OBJ_x509Certificate */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x02,/* [916] OBJ_sdsiCertificate */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x17,0x01,/* [926] OBJ_x509Crl */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0D,/* [936] OBJ_pbes2 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0E,/* [945] OBJ_pbmac1 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x07,     /* [954] OBJ_hmacWithSHA1 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,     /* [962] OBJ_id_qt_cps */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02,     /* [970] OBJ_id_qt_unotice */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0F,/* [978] OBJ_SMIMECapabilities */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x04,/* [987] OBJ_pbeWithMD2AndRC2_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x06,/* [996] OBJ_pbeWithMD5AndRC2_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0A,/* [1005] OBJ_pbeWithSHA1AndDES_CBC */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x0E,/* [1014] OBJ_ms_ext_req */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0E,/* [1024] OBJ_ext_req */
-0x55,0x04,0x29,                              /* [1033] OBJ_name */
-0x55,0x04,0x2E,                              /* [1036] OBJ_dnQualifier */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,          /* [1039] OBJ_id_pe */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,          /* [1046] OBJ_id_ad */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,     /* [1053] OBJ_info_access */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,     /* [1061] OBJ_ad_OCSP */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,     /* [1069] OBJ_ad_ca_issuers */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x09,     /* [1077] OBJ_OCSP_sign */
-0x2A,                                        /* [1085] OBJ_member_body */
-0x2A,0x86,0x48,                              /* [1086] OBJ_ISO_US */
-0x2A,0x86,0x48,0xCE,0x38,                    /* [1089] OBJ_X9_57 */
-0x2A,0x86,0x48,0xCE,0x38,0x04,               /* [1094] OBJ_X9cm */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,     /* [1100] OBJ_pkcs1 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,     /* [1108] OBJ_pkcs5 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,/* [1116] OBJ_SMIME */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,/* [1125] OBJ_id_smime_mod */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,/* [1135] OBJ_id_smime_ct */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,/* [1145] OBJ_id_smime_aa */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,/* [1155] OBJ_id_smime_alg */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,/* [1165] OBJ_id_smime_cd */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,/* [1175] OBJ_id_smime_spq */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,/* [1185] OBJ_id_smime_cti */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x01,/* [1195] OBJ_id_smime_mod_cms */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x02,/* [1206] OBJ_id_smime_mod_ess */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x03,/* [1217] OBJ_id_smime_mod_oid */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x04,/* [1228] OBJ_id_smime_mod_msg_v3 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x05,/* [1239] OBJ_id_smime_mod_ets_eSignature_88 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x06,/* [1250] OBJ_id_smime_mod_ets_eSignature_97 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x07,/* [1261] OBJ_id_smime_mod_ets_eSigPolicy_88 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x08,/* [1272] OBJ_id_smime_mod_ets_eSigPolicy_97 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x01,/* [1283] OBJ_id_smime_ct_receipt */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x02,/* [1294] OBJ_id_smime_ct_authData */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x03,/* [1305] OBJ_id_smime_ct_publishCert */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x04,/* [1316] OBJ_id_smime_ct_TSTInfo */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x05,/* [1327] OBJ_id_smime_ct_TDTInfo */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x06,/* [1338] OBJ_id_smime_ct_contentInfo */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x07,/* [1349] OBJ_id_smime_ct_DVCSRequestData */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x08,/* [1360] OBJ_id_smime_ct_DVCSResponseData */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x01,/* [1371] OBJ_id_smime_aa_receiptRequest */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x02,/* [1382] OBJ_id_smime_aa_securityLabel */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x03,/* [1393] OBJ_id_smime_aa_mlExpandHistory */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x04,/* [1404] OBJ_id_smime_aa_contentHint */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x05,/* [1415] OBJ_id_smime_aa_msgSigDigest */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x06,/* [1426] OBJ_id_smime_aa_encapContentType */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x07,/* [1437] OBJ_id_smime_aa_contentIdentifier */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x08,/* [1448] OBJ_id_smime_aa_macValue */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x09,/* [1459] OBJ_id_smime_aa_equivalentLabels */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0A,/* [1470] OBJ_id_smime_aa_contentReference */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0B,/* [1481] OBJ_id_smime_aa_encrypKeyPref */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0C,/* [1492] OBJ_id_smime_aa_signingCertificate */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0D,/* [1503] OBJ_id_smime_aa_smimeEncryptCerts */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0E,/* [1514] OBJ_id_smime_aa_timeStampToken */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0F,/* [1525] OBJ_id_smime_aa_ets_sigPolicyId */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x10,/* [1536] OBJ_id_smime_aa_ets_commitmentType */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x11,/* [1547] OBJ_id_smime_aa_ets_signerLocation */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x12,/* [1558] OBJ_id_smime_aa_ets_signerAttr */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x13,/* [1569] OBJ_id_smime_aa_ets_otherSigCert */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x14,/* [1580] OBJ_id_smime_aa_ets_contentTimestamp */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x15,/* [1591] OBJ_id_smime_aa_ets_CertificateRefs */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x16,/* [1602] OBJ_id_smime_aa_ets_RevocationRefs */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x17,/* [1613] OBJ_id_smime_aa_ets_certValues */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x18,/* [1624] OBJ_id_smime_aa_ets_revocationValues */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x19,/* [1635] OBJ_id_smime_aa_ets_escTimeStamp */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1A,/* [1646] OBJ_id_smime_aa_ets_certCRLTimestamp */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1B,/* [1657] OBJ_id_smime_aa_ets_archiveTimeStamp */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1C,/* [1668] OBJ_id_smime_aa_signatureType */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1D,/* [1679] OBJ_id_smime_aa_dvcs_dvc */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x01,/* [1690] OBJ_id_smime_alg_ESDHwith3DES */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x02,/* [1701] OBJ_id_smime_alg_ESDHwithRC2 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x03,/* [1712] OBJ_id_smime_alg_3DESwrap */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x04,/* [1723] OBJ_id_smime_alg_RC2wrap */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x05,/* [1734] OBJ_id_smime_alg_ESDH */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x06,/* [1745] OBJ_id_smime_alg_CMS3DESwrap */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x07,/* [1756] OBJ_id_smime_alg_CMSRC2wrap */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,0x01,/* [1767] OBJ_id_smime_cd_ldap */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x01,/* [1778] OBJ_id_smime_spq_ets_sqt_uri */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x02,/* [1789] OBJ_id_smime_spq_ets_sqt_unotice */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x01,/* [1800] OBJ_id_smime_cti_ets_proofOfOrigin */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x02,/* [1811] OBJ_id_smime_cti_ets_proofOfReceipt */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x03,/* [1822] OBJ_id_smime_cti_ets_proofOfDelivery */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x04,/* [1833] OBJ_id_smime_cti_ets_proofOfSender */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x05,/* [1844] OBJ_id_smime_cti_ets_proofOfApproval */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x06,/* [1855] OBJ_id_smime_cti_ets_proofOfCreation */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x04,     /* [1866] OBJ_md4 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,          /* [1874] OBJ_id_pkix_mod */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x02,          /* [1881] OBJ_id_qt */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,          /* [1888] OBJ_id_it */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,          /* [1895] OBJ_id_pkip */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x06,          /* [1902] OBJ_id_alg */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,          /* [1909] OBJ_id_cmc */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x08,          /* [1916] OBJ_id_on */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,          /* [1923] OBJ_id_pda */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,          /* [1930] OBJ_id_aca */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,          /* [1937] OBJ_id_qcs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,          /* [1944] OBJ_id_cct */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x01,     /* [1951] OBJ_id_pkix1_explicit_88 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x02,     /* [1959] OBJ_id_pkix1_implicit_88 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x03,     /* [1967] OBJ_id_pkix1_explicit_93 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x04,     /* [1975] OBJ_id_pkix1_implicit_93 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x05,     /* [1983] OBJ_id_mod_crmf */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x06,     /* [1991] OBJ_id_mod_cmc */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x07,     /* [1999] OBJ_id_mod_kea_profile_88 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x08,     /* [2007] OBJ_id_mod_kea_profile_93 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x09,     /* [2015] OBJ_id_mod_cmp */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0A,     /* [2023] OBJ_id_mod_qualified_cert_88 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0B,     /* [2031] OBJ_id_mod_qualified_cert_93 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0C,     /* [2039] OBJ_id_mod_attribute_cert */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0D,     /* [2047] OBJ_id_mod_timestamp_protocol */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0E,     /* [2055] OBJ_id_mod_ocsp */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0F,     /* [2063] OBJ_id_mod_dvcs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x10,     /* [2071] OBJ_id_mod_cmp2000 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x02,     /* [2079] OBJ_biometricInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x03,     /* [2087] OBJ_qcStatements */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x04,     /* [2095] OBJ_ac_auditEntity */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x05,     /* [2103] OBJ_ac_targeting */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x06,     /* [2111] OBJ_aaControls */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x07,     /* [2119] OBJ_sbgp_ipAddrBlock */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08,     /* [2127] OBJ_sbgp_autonomousSysNum */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09,     /* [2135] OBJ_sbgp_routerIdentifier */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x03,     /* [2143] OBJ_textNotice */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x05,     /* [2151] OBJ_ipsecEndSystem */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x06,     /* [2159] OBJ_ipsecTunnel */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x07,     /* [2167] OBJ_ipsecUser */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x0A,     /* [2175] OBJ_dvcs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x01,     /* [2183] OBJ_id_it_caProtEncCert */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x02,     /* [2191] OBJ_id_it_signKeyPairTypes */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x03,     /* [2199] OBJ_id_it_encKeyPairTypes */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x04,     /* [2207] OBJ_id_it_preferredSymmAlg */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x05,     /* [2215] OBJ_id_it_caKeyUpdateInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x06,     /* [2223] OBJ_id_it_currentCRL */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x07,     /* [2231] OBJ_id_it_unsupportedOIDs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x08,     /* [2239] OBJ_id_it_subscriptionRequest */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x09,     /* [2247] OBJ_id_it_subscriptionResponse */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0A,     /* [2255] OBJ_id_it_keyPairParamReq */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0B,     /* [2263] OBJ_id_it_keyPairParamRep */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0C,     /* [2271] OBJ_id_it_revPassphrase */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0D,     /* [2279] OBJ_id_it_implicitConfirm */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0E,     /* [2287] OBJ_id_it_confirmWaitTime */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0F,     /* [2295] OBJ_id_it_origPKIMessage */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,     /* [2303] OBJ_id_regCtrl */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,     /* [2311] OBJ_id_regInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x01,/* [2319] OBJ_id_regCtrl_regToken */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x02,/* [2328] OBJ_id_regCtrl_authenticator */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x03,/* [2337] OBJ_id_regCtrl_pkiPublicationInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x04,/* [2346] OBJ_id_regCtrl_pkiArchiveOptions */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x05,/* [2355] OBJ_id_regCtrl_oldCertID */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x06,/* [2364] OBJ_id_regCtrl_protocolEncrKey */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x01,/* [2373] OBJ_id_regInfo_utf8Pairs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x02,/* [2382] OBJ_id_regInfo_certReq */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x01,     /* [2391] OBJ_id_alg_des40 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x02,     /* [2399] OBJ_id_alg_noSignature */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x03,     /* [2407] OBJ_id_alg_dh_sig_hmac_sha1 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x04,     /* [2415] OBJ_id_alg_dh_pop */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x01,     /* [2423] OBJ_id_cmc_statusInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x02,     /* [2431] OBJ_id_cmc_identification */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x03,     /* [2439] OBJ_id_cmc_identityProof */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x04,     /* [2447] OBJ_id_cmc_dataReturn */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x05,     /* [2455] OBJ_id_cmc_transactionId */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x06,     /* [2463] OBJ_id_cmc_senderNonce */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x07,     /* [2471] OBJ_id_cmc_recipientNonce */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x08,     /* [2479] OBJ_id_cmc_addExtensions */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x09,     /* [2487] OBJ_id_cmc_encryptedPOP */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0A,     /* [2495] OBJ_id_cmc_decryptedPOP */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0B,     /* [2503] OBJ_id_cmc_lraPOPWitness */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0F,     /* [2511] OBJ_id_cmc_getCert */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x10,     /* [2519] OBJ_id_cmc_getCRL */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x11,     /* [2527] OBJ_id_cmc_revokeRequest */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x12,     /* [2535] OBJ_id_cmc_regInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x13,     /* [2543] OBJ_id_cmc_responseInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x15,     /* [2551] OBJ_id_cmc_queryPending */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x16,     /* [2559] OBJ_id_cmc_popLinkRandom */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x17,     /* [2567] OBJ_id_cmc_popLinkWitness */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x18,     /* [2575] OBJ_id_cmc_confirmCertAcceptance */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x01,     /* [2583] OBJ_id_on_personalData */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x01,     /* [2591] OBJ_id_pda_dateOfBirth */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x02,     /* [2599] OBJ_id_pda_placeOfBirth */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x03,     /* [2607] OBJ_id_pda_gender */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x04,     /* [2615] OBJ_id_pda_countryOfCitizenship */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x05,     /* [2623] OBJ_id_pda_countryOfResidence */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x01,     /* [2631] OBJ_id_aca_authenticationInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x02,     /* [2639] OBJ_id_aca_accessIdentity */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x03,     /* [2647] OBJ_id_aca_chargingIdentity */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x04,     /* [2655] OBJ_id_aca_group */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x05,     /* [2663] OBJ_id_aca_role */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,0x01,     /* [2671] OBJ_id_qcs_pkixQCSyntax_v1 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x01,     /* [2679] OBJ_id_cct_crs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x02,     /* [2687] OBJ_id_cct_PKIData */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x03,     /* [2695] OBJ_id_cct_PKIResponse */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x03,     /* [2703] OBJ_ad_timeStamping */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x04,     /* [2711] OBJ_ad_dvcs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x01,/* [2719] OBJ_id_pkix_OCSP_basic */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x02,/* [2728] OBJ_id_pkix_OCSP_Nonce */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x03,/* [2737] OBJ_id_pkix_OCSP_CrlID */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x04,/* [2746] OBJ_id_pkix_OCSP_acceptableResponses */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05,/* [2755] OBJ_id_pkix_OCSP_noCheck */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x06,/* [2764] OBJ_id_pkix_OCSP_archiveCutoff */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x07,/* [2773] OBJ_id_pkix_OCSP_serviceLocator */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x08,/* [2782] OBJ_id_pkix_OCSP_extendedStatus */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x09,/* [2791] OBJ_id_pkix_OCSP_valid */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0A,/* [2800] OBJ_id_pkix_OCSP_path */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0B,/* [2809] OBJ_id_pkix_OCSP_trustRoot */
-0x2B,0x0E,0x03,0x02,                         /* [2818] OBJ_algorithm */
-0x2B,0x0E,0x03,0x02,0x0B,                    /* [2822] OBJ_rsaSignature */
-0x55,0x08,                                   /* [2827] OBJ_X500algorithms */
-0x2B,                                        /* [2829] OBJ_org */
-0x2B,0x06,                                   /* [2830] OBJ_dod */
-0x2B,0x06,0x01,                              /* [2832] OBJ_iana */
-0x2B,0x06,0x01,0x01,                         /* [2835] OBJ_Directory */
-0x2B,0x06,0x01,0x02,                         /* [2839] OBJ_Management */
-0x2B,0x06,0x01,0x03,                         /* [2843] OBJ_Experimental */
-0x2B,0x06,0x01,0x04,                         /* [2847] OBJ_Private */
-0x2B,0x06,0x01,0x05,                         /* [2851] OBJ_Security */
-0x2B,0x06,0x01,0x06,                         /* [2855] OBJ_SNMPv2 */
-0x2B,0x06,0x01,0x07,                         /* [2859] OBJ_Mail */
-0x2B,0x06,0x01,0x04,0x01,                    /* [2863] OBJ_Enterprises */
-0x2B,0x06,0x01,0x04,0x01,0x8B,0x3A,0x82,0x58,/* [2868] OBJ_dcObject */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,/* [2877] OBJ_domainComponent */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D,/* [2887] OBJ_Domain */
-0x55,0x01,0x05,                              /* [2897] OBJ_selected_attribute_types */
-0x55,0x01,0x05,0x37,                         /* [2900] OBJ_clearance */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x03,/* [2904] OBJ_md4WithRSAEncryption */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0A,     /* [2913] OBJ_ac_proxying */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0B,     /* [2921] OBJ_sinfo_access */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x06,     /* [2929] OBJ_id_aca_encAttrs */
-0x55,0x04,0x48,                              /* [2937] OBJ_role */
-0x55,0x1D,0x24,                              /* [2940] OBJ_policy_constraints */
-0x55,0x1D,0x37,                              /* [2943] OBJ_target_information */
-0x55,0x1D,0x38,                              /* [2946] OBJ_no_rev_avail */
-0x2A,0x86,0x48,0xCE,0x3D,                    /* [2949] OBJ_ansi_X9_62 */
-0x2A,0x86,0x48,0xCE,0x3D,0x01,0x01,          /* [2954] OBJ_X9_62_prime_field */
-0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,          /* [2961] OBJ_X9_62_characteristic_two_field */
-0x2A,0x86,0x48,0xCE,0x3D,0x02,0x01,          /* [2968] OBJ_X9_62_id_ecPublicKey */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x01,     /* [2975] OBJ_X9_62_prime192v1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x02,     /* [2983] OBJ_X9_62_prime192v2 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x03,     /* [2991] OBJ_X9_62_prime192v3 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x04,     /* [2999] OBJ_X9_62_prime239v1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x05,     /* [3007] OBJ_X9_62_prime239v2 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x06,     /* [3015] OBJ_X9_62_prime239v3 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07,     /* [3023] OBJ_X9_62_prime256v1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x04,0x01,          /* [3031] OBJ_ecdsa_with_SHA1 */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x01,/* [3038] OBJ_ms_csp_name */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x01,/* [3047] OBJ_aes_128_ecb */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x02,/* [3056] OBJ_aes_128_cbc */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x03,/* [3065] OBJ_aes_128_ofb128 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x04,/* [3074] OBJ_aes_128_cfb128 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x15,/* [3083] OBJ_aes_192_ecb */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x16,/* [3092] OBJ_aes_192_cbc */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x17,/* [3101] OBJ_aes_192_ofb128 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x18,/* [3110] OBJ_aes_192_cfb128 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x29,/* [3119] OBJ_aes_256_ecb */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2A,/* [3128] OBJ_aes_256_cbc */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2B,/* [3137] OBJ_aes_256_ofb128 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2C,/* [3146] OBJ_aes_256_cfb128 */
-0x55,0x1D,0x17,                              /* [3155] OBJ_hold_instruction_code */
-0x2A,0x86,0x48,0xCE,0x38,0x02,0x01,          /* [3158] OBJ_hold_instruction_none */
-0x2A,0x86,0x48,0xCE,0x38,0x02,0x02,          /* [3165] OBJ_hold_instruction_call_issuer */
-0x2A,0x86,0x48,0xCE,0x38,0x02,0x03,          /* [3172] OBJ_hold_instruction_reject */
-0x09,                                        /* [3179] OBJ_data */
-0x09,0x92,0x26,                              /* [3180] OBJ_pss */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,          /* [3183] OBJ_ucl */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,     /* [3190] OBJ_pilot */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,/* [3198] OBJ_pilotAttributeType */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,/* [3207] OBJ_pilotAttributeSyntax */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,/* [3216] OBJ_pilotObjectClass */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x0A,/* [3225] OBJ_pilotGroups */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x04,/* [3234] OBJ_iA5StringSyntax */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x05,/* [3244] OBJ_caseIgnoreIA5StringSyntax */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x03,/* [3254] OBJ_pilotObject */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x04,/* [3264] OBJ_pilotPerson */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x05,/* [3274] OBJ_account */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x06,/* [3284] OBJ_document */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x07,/* [3294] OBJ_room */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x09,/* [3304] OBJ_documentSeries */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0E,/* [3314] OBJ_rFC822localPart */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0F,/* [3324] OBJ_dNSDomain */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x11,/* [3334] OBJ_domainRelatedObject */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x12,/* [3344] OBJ_friendlyCountry */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x13,/* [3354] OBJ_simpleSecurityObject */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x14,/* [3364] OBJ_pilotOrganization */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x15,/* [3374] OBJ_pilotDSA */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x16,/* [3384] OBJ_qualityLabelledData */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x01,/* [3394] OBJ_userId */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x02,/* [3404] OBJ_textEncodedORAddress */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x03,/* [3414] OBJ_rfc822Mailbox */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x04,/* [3424] OBJ_info */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x05,/* [3434] OBJ_favouriteDrink */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x06,/* [3444] OBJ_roomNumber */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x07,/* [3454] OBJ_photo */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x08,/* [3464] OBJ_userClass */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x09,/* [3474] OBJ_host */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0A,/* [3484] OBJ_manager */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0B,/* [3494] OBJ_documentIdentifier */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0C,/* [3504] OBJ_documentTitle */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0D,/* [3514] OBJ_documentVersion */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0E,/* [3524] OBJ_documentAuthor */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0F,/* [3534] OBJ_documentLocation */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x14,/* [3544] OBJ_homeTelephoneNumber */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x15,/* [3554] OBJ_secretary */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x16,/* [3564] OBJ_otherMailbox */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x17,/* [3574] OBJ_lastModifiedTime */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x18,/* [3584] OBJ_lastModifiedBy */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1A,/* [3594] OBJ_aRecord */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1B,/* [3604] OBJ_pilotAttributeType27 */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1C,/* [3614] OBJ_mXRecord */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1D,/* [3624] OBJ_nSRecord */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1E,/* [3634] OBJ_sOARecord */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1F,/* [3644] OBJ_cNAMERecord */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x25,/* [3654] OBJ_associatedDomain */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x26,/* [3664] OBJ_associatedName */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x27,/* [3674] OBJ_homePostalAddress */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x28,/* [3684] OBJ_personalTitle */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x29,/* [3694] OBJ_mobileTelephoneNumber */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2A,/* [3704] OBJ_pagerTelephoneNumber */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2B,/* [3714] OBJ_friendlyCountryName */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2D,/* [3724] OBJ_organizationalStatus */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2E,/* [3734] OBJ_janetMailbox */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2F,/* [3744] OBJ_mailPreferenceOption */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x30,/* [3754] OBJ_buildingName */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x31,/* [3764] OBJ_dSAQuality */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x32,/* [3774] OBJ_singleLevelQuality */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x33,/* [3784] OBJ_subtreeMinimumQuality */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x34,/* [3794] OBJ_subtreeMaximumQuality */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x35,/* [3804] OBJ_personalSignature */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x36,/* [3814] OBJ_dITRedirect */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x37,/* [3824] OBJ_audio */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x38,/* [3834] OBJ_documentPublisher */
-0x55,0x04,0x2D,                              /* [3844] OBJ_x500UniqueIdentifier */
-0x2B,0x06,0x01,0x07,0x01,                    /* [3847] OBJ_mime_mhs */
-0x2B,0x06,0x01,0x07,0x01,0x01,               /* [3852] OBJ_mime_mhs_headings */
-0x2B,0x06,0x01,0x07,0x01,0x02,               /* [3858] OBJ_mime_mhs_bodies */
-0x2B,0x06,0x01,0x07,0x01,0x01,0x01,          /* [3864] OBJ_id_hex_partial_message */
-0x2B,0x06,0x01,0x07,0x01,0x01,0x02,          /* [3871] OBJ_id_hex_multipart_message */
-0x55,0x04,0x2C,                              /* [3878] OBJ_generationQualifier */
-0x55,0x04,0x41,                              /* [3881] OBJ_pseudonym */
-0x67,0x2A,                                   /* [3884] OBJ_id_set */
-0x67,0x2A,0x00,                              /* [3886] OBJ_set_ctype */
-0x67,0x2A,0x01,                              /* [3889] OBJ_set_msgExt */
-0x67,0x2A,0x03,                              /* [3892] OBJ_set_attr */
-0x67,0x2A,0x05,                              /* [3895] OBJ_set_policy */
-0x67,0x2A,0x07,                              /* [3898] OBJ_set_certExt */
-0x67,0x2A,0x08,                              /* [3901] OBJ_set_brand */
-0x67,0x2A,0x00,0x00,                         /* [3904] OBJ_setct_PANData */
-0x67,0x2A,0x00,0x01,                         /* [3908] OBJ_setct_PANToken */
-0x67,0x2A,0x00,0x02,                         /* [3912] OBJ_setct_PANOnly */
-0x67,0x2A,0x00,0x03,                         /* [3916] OBJ_setct_OIData */
-0x67,0x2A,0x00,0x04,                         /* [3920] OBJ_setct_PI */
-0x67,0x2A,0x00,0x05,                         /* [3924] OBJ_setct_PIData */
-0x67,0x2A,0x00,0x06,                         /* [3928] OBJ_setct_PIDataUnsigned */
-0x67,0x2A,0x00,0x07,                         /* [3932] OBJ_setct_HODInput */
-0x67,0x2A,0x00,0x08,                         /* [3936] OBJ_setct_AuthResBaggage */
-0x67,0x2A,0x00,0x09,                         /* [3940] OBJ_setct_AuthRevReqBaggage */
-0x67,0x2A,0x00,0x0A,                         /* [3944] OBJ_setct_AuthRevResBaggage */
-0x67,0x2A,0x00,0x0B,                         /* [3948] OBJ_setct_CapTokenSeq */
-0x67,0x2A,0x00,0x0C,                         /* [3952] OBJ_setct_PInitResData */
-0x67,0x2A,0x00,0x0D,                         /* [3956] OBJ_setct_PI_TBS */
-0x67,0x2A,0x00,0x0E,                         /* [3960] OBJ_setct_PResData */
-0x67,0x2A,0x00,0x10,                         /* [3964] OBJ_setct_AuthReqTBS */
-0x67,0x2A,0x00,0x11,                         /* [3968] OBJ_setct_AuthResTBS */
-0x67,0x2A,0x00,0x12,                         /* [3972] OBJ_setct_AuthResTBSX */
-0x67,0x2A,0x00,0x13,                         /* [3976] OBJ_setct_AuthTokenTBS */
-0x67,0x2A,0x00,0x14,                         /* [3980] OBJ_setct_CapTokenData */
-0x67,0x2A,0x00,0x15,                         /* [3984] OBJ_setct_CapTokenTBS */
-0x67,0x2A,0x00,0x16,                         /* [3988] OBJ_setct_AcqCardCodeMsg */
-0x67,0x2A,0x00,0x17,                         /* [3992] OBJ_setct_AuthRevReqTBS */
-0x67,0x2A,0x00,0x18,                         /* [3996] OBJ_setct_AuthRevResData */
-0x67,0x2A,0x00,0x19,                         /* [4000] OBJ_setct_AuthRevResTBS */
-0x67,0x2A,0x00,0x1A,                         /* [4004] OBJ_setct_CapReqTBS */
-0x67,0x2A,0x00,0x1B,                         /* [4008] OBJ_setct_CapReqTBSX */
-0x67,0x2A,0x00,0x1C,                         /* [4012] OBJ_setct_CapResData */
-0x67,0x2A,0x00,0x1D,                         /* [4016] OBJ_setct_CapRevReqTBS */
-0x67,0x2A,0x00,0x1E,                         /* [4020] OBJ_setct_CapRevReqTBSX */
-0x67,0x2A,0x00,0x1F,                         /* [4024] OBJ_setct_CapRevResData */
-0x67,0x2A,0x00,0x20,                         /* [4028] OBJ_setct_CredReqTBS */
-0x67,0x2A,0x00,0x21,                         /* [4032] OBJ_setct_CredReqTBSX */
-0x67,0x2A,0x00,0x22,                         /* [4036] OBJ_setct_CredResData */
-0x67,0x2A,0x00,0x23,                         /* [4040] OBJ_setct_CredRevReqTBS */
-0x67,0x2A,0x00,0x24,                         /* [4044] OBJ_setct_CredRevReqTBSX */
-0x67,0x2A,0x00,0x25,                         /* [4048] OBJ_setct_CredRevResData */
-0x67,0x2A,0x00,0x26,                         /* [4052] OBJ_setct_PCertReqData */
-0x67,0x2A,0x00,0x27,                         /* [4056] OBJ_setct_PCertResTBS */
-0x67,0x2A,0x00,0x28,                         /* [4060] OBJ_setct_BatchAdminReqData */
-0x67,0x2A,0x00,0x29,                         /* [4064] OBJ_setct_BatchAdminResData */
-0x67,0x2A,0x00,0x2A,                         /* [4068] OBJ_setct_CardCInitResTBS */
-0x67,0x2A,0x00,0x2B,                         /* [4072] OBJ_setct_MeAqCInitResTBS */
-0x67,0x2A,0x00,0x2C,                         /* [4076] OBJ_setct_RegFormResTBS */
-0x67,0x2A,0x00,0x2D,                         /* [4080] OBJ_setct_CertReqData */
-0x67,0x2A,0x00,0x2E,                         /* [4084] OBJ_setct_CertReqTBS */
-0x67,0x2A,0x00,0x2F,                         /* [4088] OBJ_setct_CertResData */
-0x67,0x2A,0x00,0x30,                         /* [4092] OBJ_setct_CertInqReqTBS */
-0x67,0x2A,0x00,0x31,                         /* [4096] OBJ_setct_ErrorTBS */
-0x67,0x2A,0x00,0x32,                         /* [4100] OBJ_setct_PIDualSignedTBE */
-0x67,0x2A,0x00,0x33,                         /* [4104] OBJ_setct_PIUnsignedTBE */
-0x67,0x2A,0x00,0x34,                         /* [4108] OBJ_setct_AuthReqTBE */
-0x67,0x2A,0x00,0x35,                         /* [4112] OBJ_setct_AuthResTBE */
-0x67,0x2A,0x00,0x36,                         /* [4116] OBJ_setct_AuthResTBEX */
-0x67,0x2A,0x00,0x37,                         /* [4120] OBJ_setct_AuthTokenTBE */
-0x67,0x2A,0x00,0x38,                         /* [4124] OBJ_setct_CapTokenTBE */
-0x67,0x2A,0x00,0x39,                         /* [4128] OBJ_setct_CapTokenTBEX */
-0x67,0x2A,0x00,0x3A,                         /* [4132] OBJ_setct_AcqCardCodeMsgTBE */
-0x67,0x2A,0x00,0x3B,                         /* [4136] OBJ_setct_AuthRevReqTBE */
-0x67,0x2A,0x00,0x3C,                         /* [4140] OBJ_setct_AuthRevResTBE */
-0x67,0x2A,0x00,0x3D,                         /* [4144] OBJ_setct_AuthRevResTBEB */
-0x67,0x2A,0x00,0x3E,                         /* [4148] OBJ_setct_CapReqTBE */
-0x67,0x2A,0x00,0x3F,                         /* [4152] OBJ_setct_CapReqTBEX */
-0x67,0x2A,0x00,0x40,                         /* [4156] OBJ_setct_CapResTBE */
-0x67,0x2A,0x00,0x41,                         /* [4160] OBJ_setct_CapRevReqTBE */
-0x67,0x2A,0x00,0x42,                         /* [4164] OBJ_setct_CapRevReqTBEX */
-0x67,0x2A,0x00,0x43,                         /* [4168] OBJ_setct_CapRevResTBE */
-0x67,0x2A,0x00,0x44,                         /* [4172] OBJ_setct_CredReqTBE */
-0x67,0x2A,0x00,0x45,                         /* [4176] OBJ_setct_CredReqTBEX */
-0x67,0x2A,0x00,0x46,                         /* [4180] OBJ_setct_CredResTBE */
-0x67,0x2A,0x00,0x47,                         /* [4184] OBJ_setct_CredRevReqTBE */
-0x67,0x2A,0x00,0x48,                         /* [4188] OBJ_setct_CredRevReqTBEX */
-0x67,0x2A,0x00,0x49,                         /* [4192] OBJ_setct_CredRevResTBE */
-0x67,0x2A,0x00,0x4A,                         /* [4196] OBJ_setct_BatchAdminReqTBE */
-0x67,0x2A,0x00,0x4B,                         /* [4200] OBJ_setct_BatchAdminResTBE */
-0x67,0x2A,0x00,0x4C,                         /* [4204] OBJ_setct_RegFormReqTBE */
-0x67,0x2A,0x00,0x4D,                         /* [4208] OBJ_setct_CertReqTBE */
-0x67,0x2A,0x00,0x4E,                         /* [4212] OBJ_setct_CertReqTBEX */
-0x67,0x2A,0x00,0x4F,                         /* [4216] OBJ_setct_CertResTBE */
-0x67,0x2A,0x00,0x50,                         /* [4220] OBJ_setct_CRLNotificationTBS */
-0x67,0x2A,0x00,0x51,                         /* [4224] OBJ_setct_CRLNotificationResTBS */
-0x67,0x2A,0x00,0x52,                         /* [4228] OBJ_setct_BCIDistributionTBS */
-0x67,0x2A,0x01,0x01,                         /* [4232] OBJ_setext_genCrypt */
-0x67,0x2A,0x01,0x03,                         /* [4236] OBJ_setext_miAuth */
-0x67,0x2A,0x01,0x04,                         /* [4240] OBJ_setext_pinSecure */
-0x67,0x2A,0x01,0x05,                         /* [4244] OBJ_setext_pinAny */
-0x67,0x2A,0x01,0x07,                         /* [4248] OBJ_setext_track2 */
-0x67,0x2A,0x01,0x08,                         /* [4252] OBJ_setext_cv */
-0x67,0x2A,0x05,0x00,                         /* [4256] OBJ_set_policy_root */
-0x67,0x2A,0x07,0x00,                         /* [4260] OBJ_setCext_hashedRoot */
-0x67,0x2A,0x07,0x01,                         /* [4264] OBJ_setCext_certType */
-0x67,0x2A,0x07,0x02,                         /* [4268] OBJ_setCext_merchData */
-0x67,0x2A,0x07,0x03,                         /* [4272] OBJ_setCext_cCertRequired */
-0x67,0x2A,0x07,0x04,                         /* [4276] OBJ_setCext_tunneling */
-0x67,0x2A,0x07,0x05,                         /* [4280] OBJ_setCext_setExt */
-0x67,0x2A,0x07,0x06,                         /* [4284] OBJ_setCext_setQualf */
-0x67,0x2A,0x07,0x07,                         /* [4288] OBJ_setCext_PGWYcapabilities */
-0x67,0x2A,0x07,0x08,                         /* [4292] OBJ_setCext_TokenIdentifier */
-0x67,0x2A,0x07,0x09,                         /* [4296] OBJ_setCext_Track2Data */
-0x67,0x2A,0x07,0x0A,                         /* [4300] OBJ_setCext_TokenType */
-0x67,0x2A,0x07,0x0B,                         /* [4304] OBJ_setCext_IssuerCapabilities */
-0x67,0x2A,0x03,0x00,                         /* [4308] OBJ_setAttr_Cert */
-0x67,0x2A,0x03,0x01,                         /* [4312] OBJ_setAttr_PGWYcap */
-0x67,0x2A,0x03,0x02,                         /* [4316] OBJ_setAttr_TokenType */
-0x67,0x2A,0x03,0x03,                         /* [4320] OBJ_setAttr_IssCap */
-0x67,0x2A,0x03,0x00,0x00,                    /* [4324] OBJ_set_rootKeyThumb */
-0x67,0x2A,0x03,0x00,0x01,                    /* [4329] OBJ_set_addPolicy */
-0x67,0x2A,0x03,0x02,0x01,                    /* [4334] OBJ_setAttr_Token_EMV */
-0x67,0x2A,0x03,0x02,0x02,                    /* [4339] OBJ_setAttr_Token_B0Prime */
-0x67,0x2A,0x03,0x03,0x03,                    /* [4344] OBJ_setAttr_IssCap_CVM */
-0x67,0x2A,0x03,0x03,0x04,                    /* [4349] OBJ_setAttr_IssCap_T2 */
-0x67,0x2A,0x03,0x03,0x05,                    /* [4354] OBJ_setAttr_IssCap_Sig */
-0x67,0x2A,0x03,0x03,0x03,0x01,               /* [4359] OBJ_setAttr_GenCryptgrm */
-0x67,0x2A,0x03,0x03,0x04,0x01,               /* [4365] OBJ_setAttr_T2Enc */
-0x67,0x2A,0x03,0x03,0x04,0x02,               /* [4371] OBJ_setAttr_T2cleartxt */
-0x67,0x2A,0x03,0x03,0x05,0x01,               /* [4377] OBJ_setAttr_TokICCsig */
-0x67,0x2A,0x03,0x03,0x05,0x02,               /* [4383] OBJ_setAttr_SecDevSig */
-0x67,0x2A,0x08,0x01,                         /* [4389] OBJ_set_brand_IATA_ATA */
-0x67,0x2A,0x08,0x1E,                         /* [4393] OBJ_set_brand_Diners */
-0x67,0x2A,0x08,0x22,                         /* [4397] OBJ_set_brand_AmericanExpress */
-0x67,0x2A,0x08,0x23,                         /* [4401] OBJ_set_brand_JCB */
-0x67,0x2A,0x08,0x04,                         /* [4405] OBJ_set_brand_Visa */
-0x67,0x2A,0x08,0x05,                         /* [4409] OBJ_set_brand_MasterCard */
-0x67,0x2A,0x08,0xAE,0x7B,                    /* [4413] OBJ_set_brand_Novus */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x0A,     /* [4418] OBJ_des_cdmf */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x06,/* [4426] OBJ_rsaOAEPEncryptionSET */
-0x67,                                        /* [4435] OBJ_international_organizations */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02,/* [4436] OBJ_ms_smartcard_login */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03,/* [4446] OBJ_ms_upn */
-0x55,0x04,0x09,                              /* [4456] OBJ_streetAddress */
-0x55,0x04,0x11,                              /* [4459] OBJ_postalCode */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x15,          /* [4462] OBJ_id_ppl */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0E,     /* [4469] OBJ_proxyCertInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x00,     /* [4477] OBJ_id_ppl_anyLanguage */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x01,     /* [4485] OBJ_id_ppl_inheritAll */
-0x55,0x1D,0x1E,                              /* [4493] OBJ_name_constraints */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x02,     /* [4496] OBJ_Independent */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,/* [4504] OBJ_sha256WithRSAEncryption */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0C,/* [4513] OBJ_sha384WithRSAEncryption */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0D,/* [4522] OBJ_sha512WithRSAEncryption */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0E,/* [4531] OBJ_sha224WithRSAEncryption */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,/* [4540] OBJ_sha256 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,/* [4549] OBJ_sha384 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,/* [4558] OBJ_sha512 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x04,/* [4567] OBJ_sha224 */
-0x2B,                                        /* [4576] OBJ_identified_organization */
-0x2B,0x81,0x04,                              /* [4577] OBJ_certicom_arc */
-0x67,0x2B,                                   /* [4580] OBJ_wap */
-0x67,0x2B,0x01,                              /* [4582] OBJ_wap_wsg */
-0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,     /* [4585] OBJ_X9_62_id_characteristic_two_basis */
-0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x01,/* [4593] OBJ_X9_62_onBasis */
-0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x02,/* [4602] OBJ_X9_62_tpBasis */
-0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x03,/* [4611] OBJ_X9_62_ppBasis */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x01,     /* [4620] OBJ_X9_62_c2pnb163v1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x02,     /* [4628] OBJ_X9_62_c2pnb163v2 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x03,     /* [4636] OBJ_X9_62_c2pnb163v3 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x04,     /* [4644] OBJ_X9_62_c2pnb176v1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x05,     /* [4652] OBJ_X9_62_c2tnb191v1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x06,     /* [4660] OBJ_X9_62_c2tnb191v2 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x07,     /* [4668] OBJ_X9_62_c2tnb191v3 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x08,     /* [4676] OBJ_X9_62_c2onb191v4 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x09,     /* [4684] OBJ_X9_62_c2onb191v5 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0A,     /* [4692] OBJ_X9_62_c2pnb208w1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0B,     /* [4700] OBJ_X9_62_c2tnb239v1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0C,     /* [4708] OBJ_X9_62_c2tnb239v2 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0D,     /* [4716] OBJ_X9_62_c2tnb239v3 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0E,     /* [4724] OBJ_X9_62_c2onb239v4 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0F,     /* [4732] OBJ_X9_62_c2onb239v5 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x10,     /* [4740] OBJ_X9_62_c2pnb272w1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x11,     /* [4748] OBJ_X9_62_c2pnb304w1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x12,     /* [4756] OBJ_X9_62_c2tnb359v1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x13,     /* [4764] OBJ_X9_62_c2pnb368w1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x14,     /* [4772] OBJ_X9_62_c2tnb431r1 */
-0x2B,0x81,0x04,0x00,0x06,                    /* [4780] OBJ_secp112r1 */
-0x2B,0x81,0x04,0x00,0x07,                    /* [4785] OBJ_secp112r2 */
-0x2B,0x81,0x04,0x00,0x1C,                    /* [4790] OBJ_secp128r1 */
-0x2B,0x81,0x04,0x00,0x1D,                    /* [4795] OBJ_secp128r2 */
-0x2B,0x81,0x04,0x00,0x09,                    /* [4800] OBJ_secp160k1 */
-0x2B,0x81,0x04,0x00,0x08,                    /* [4805] OBJ_secp160r1 */
-0x2B,0x81,0x04,0x00,0x1E,                    /* [4810] OBJ_secp160r2 */
-0x2B,0x81,0x04,0x00,0x1F,                    /* [4815] OBJ_secp192k1 */
-0x2B,0x81,0x04,0x00,0x20,                    /* [4820] OBJ_secp224k1 */
-0x2B,0x81,0x04,0x00,0x21,                    /* [4825] OBJ_secp224r1 */
-0x2B,0x81,0x04,0x00,0x0A,                    /* [4830] OBJ_secp256k1 */
-0x2B,0x81,0x04,0x00,0x22,                    /* [4835] OBJ_secp384r1 */
-0x2B,0x81,0x04,0x00,0x23,                    /* [4840] OBJ_secp521r1 */
-0x2B,0x81,0x04,0x00,0x04,                    /* [4845] OBJ_sect113r1 */
-0x2B,0x81,0x04,0x00,0x05,                    /* [4850] OBJ_sect113r2 */
-0x2B,0x81,0x04,0x00,0x16,                    /* [4855] OBJ_sect131r1 */
-0x2B,0x81,0x04,0x00,0x17,                    /* [4860] OBJ_sect131r2 */
-0x2B,0x81,0x04,0x00,0x01,                    /* [4865] OBJ_sect163k1 */
-0x2B,0x81,0x04,0x00,0x02,                    /* [4870] OBJ_sect163r1 */
-0x2B,0x81,0x04,0x00,0x0F,                    /* [4875] OBJ_sect163r2 */
-0x2B,0x81,0x04,0x00,0x18,                    /* [4880] OBJ_sect193r1 */
-0x2B,0x81,0x04,0x00,0x19,                    /* [4885] OBJ_sect193r2 */
-0x2B,0x81,0x04,0x00,0x1A,                    /* [4890] OBJ_sect233k1 */
-0x2B,0x81,0x04,0x00,0x1B,                    /* [4895] OBJ_sect233r1 */
-0x2B,0x81,0x04,0x00,0x03,                    /* [4900] OBJ_sect239k1 */
-0x2B,0x81,0x04,0x00,0x10,                    /* [4905] OBJ_sect283k1 */
-0x2B,0x81,0x04,0x00,0x11,                    /* [4910] OBJ_sect283r1 */
-0x2B,0x81,0x04,0x00,0x24,                    /* [4915] OBJ_sect409k1 */
-0x2B,0x81,0x04,0x00,0x25,                    /* [4920] OBJ_sect409r1 */
-0x2B,0x81,0x04,0x00,0x26,                    /* [4925] OBJ_sect571k1 */
-0x2B,0x81,0x04,0x00,0x27,                    /* [4930] OBJ_sect571r1 */
-0x67,0x2B,0x01,0x04,0x01,                    /* [4935] OBJ_wap_wsg_idm_ecid_wtls1 */
-0x67,0x2B,0x01,0x04,0x03,                    /* [4940] OBJ_wap_wsg_idm_ecid_wtls3 */
-0x67,0x2B,0x01,0x04,0x04,                    /* [4945] OBJ_wap_wsg_idm_ecid_wtls4 */
-0x67,0x2B,0x01,0x04,0x05,                    /* [4950] OBJ_wap_wsg_idm_ecid_wtls5 */
-0x67,0x2B,0x01,0x04,0x06,                    /* [4955] OBJ_wap_wsg_idm_ecid_wtls6 */
-0x67,0x2B,0x01,0x04,0x07,                    /* [4960] OBJ_wap_wsg_idm_ecid_wtls7 */
-0x67,0x2B,0x01,0x04,0x08,                    /* [4965] OBJ_wap_wsg_idm_ecid_wtls8 */
-0x67,0x2B,0x01,0x04,0x09,                    /* [4970] OBJ_wap_wsg_idm_ecid_wtls9 */
-0x67,0x2B,0x01,0x04,0x0A,                    /* [4975] OBJ_wap_wsg_idm_ecid_wtls10 */
-0x67,0x2B,0x01,0x04,0x0B,                    /* [4980] OBJ_wap_wsg_idm_ecid_wtls11 */
-0x67,0x2B,0x01,0x04,0x0C,                    /* [4985] OBJ_wap_wsg_idm_ecid_wtls12 */
-0x55,0x1D,0x20,0x00,                         /* [4990] OBJ_any_policy */
-0x55,0x1D,0x21,                              /* [4994] OBJ_policy_mappings */
-0x55,0x1D,0x36,                              /* [4997] OBJ_inhibit_any_policy */
-0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x02,/* [5000] OBJ_camellia_128_cbc */
-0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x03,/* [5011] OBJ_camellia_192_cbc */
-0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x04,/* [5022] OBJ_camellia_256_cbc */
-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x01,     /* [5033] OBJ_camellia_128_ecb */
-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x15,     /* [5041] OBJ_camellia_192_ecb */
-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x29,     /* [5049] OBJ_camellia_256_ecb */
-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x04,     /* [5057] OBJ_camellia_128_cfb128 */
-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x18,     /* [5065] OBJ_camellia_192_cfb128 */
-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2C,     /* [5073] OBJ_camellia_256_cfb128 */
-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x03,     /* [5081] OBJ_camellia_128_ofb128 */
-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x17,     /* [5089] OBJ_camellia_192_ofb128 */
-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2B,     /* [5097] OBJ_camellia_256_ofb128 */
-0x55,0x1D,0x09,                              /* [5105] OBJ_subject_directory_attributes */
-0x55,0x1D,0x1C,                              /* [5108] OBJ_issuing_distribution_point */
-0x55,0x1D,0x1D,                              /* [5111] OBJ_certificate_issuer */
-0x2A,0x83,0x1A,0x8C,0x9A,0x44,               /* [5114] OBJ_kisa */
-0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x03,     /* [5120] OBJ_seed_ecb */
-0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x04,     /* [5128] OBJ_seed_cbc */
-0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x06,     /* [5136] OBJ_seed_ofb128 */
-0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x05,     /* [5144] OBJ_seed_cfb128 */
-0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x01,     /* [5152] OBJ_hmac_md5 */
-0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x02,     /* [5160] OBJ_hmac_sha1 */
-0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0D,/* [5168] OBJ_id_PasswordBasedMAC */
-0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x1E,/* [5177] OBJ_id_DHBasedMac */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x10,     /* [5186] OBJ_id_it_suppLangTags */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x05,     /* [5194] OBJ_caRepository */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x09,/* [5202] OBJ_id_smime_ct_compressedData */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x1B,/* [5213] OBJ_id_ct_asciiTextWithCRLF */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x05,/* [5224] OBJ_id_aes128_wrap */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x19,/* [5233] OBJ_id_aes192_wrap */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2D,/* [5242] OBJ_id_aes256_wrap */
-0x2A,0x86,0x48,0xCE,0x3D,0x04,0x02,          /* [5251] OBJ_ecdsa_with_Recommended */
-0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,          /* [5258] OBJ_ecdsa_with_Specified */
-0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x01,     /* [5265] OBJ_ecdsa_with_SHA224 */
-0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x02,     /* [5273] OBJ_ecdsa_with_SHA256 */
-0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x03,     /* [5281] OBJ_ecdsa_with_SHA384 */
-0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x04,     /* [5289] OBJ_ecdsa_with_SHA512 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x06,     /* [5297] OBJ_hmacWithMD5 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x08,     /* [5305] OBJ_hmacWithSHA224 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x09,     /* [5313] OBJ_hmacWithSHA256 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0A,     /* [5321] OBJ_hmacWithSHA384 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0B,     /* [5329] OBJ_hmacWithSHA512 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x01,/* [5337] OBJ_dsa_with_SHA224 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x02,/* [5346] OBJ_dsa_with_SHA256 */
-0x28,0xCF,0x06,0x03,0x00,0x37,               /* [5355] OBJ_whirlpool */
-0x2A,0x85,0x03,0x02,0x02,                    /* [5361] OBJ_cryptopro */
-0x2A,0x85,0x03,0x02,0x09,                    /* [5366] OBJ_cryptocom */
-0x2A,0x85,0x03,0x02,0x02,0x03,               /* [5371] OBJ_id_GostR3411_94_with_GostR3410_2001 */
-0x2A,0x85,0x03,0x02,0x02,0x04,               /* [5377] OBJ_id_GostR3411_94_with_GostR3410_94 */
-0x2A,0x85,0x03,0x02,0x02,0x09,               /* [5383] OBJ_id_GostR3411_94 */
-0x2A,0x85,0x03,0x02,0x02,0x0A,               /* [5389] OBJ_id_HMACGostR3411_94 */
-0x2A,0x85,0x03,0x02,0x02,0x13,               /* [5395] OBJ_id_GostR3410_2001 */
-0x2A,0x85,0x03,0x02,0x02,0x14,               /* [5401] OBJ_id_GostR3410_94 */
-0x2A,0x85,0x03,0x02,0x02,0x15,               /* [5407] OBJ_id_Gost28147_89 */
-0x2A,0x85,0x03,0x02,0x02,0x16,               /* [5413] OBJ_id_Gost28147_89_MAC */
-0x2A,0x85,0x03,0x02,0x02,0x17,               /* [5419] OBJ_id_GostR3411_94_prf */
-0x2A,0x85,0x03,0x02,0x02,0x62,               /* [5425] OBJ_id_GostR3410_2001DH */
-0x2A,0x85,0x03,0x02,0x02,0x63,               /* [5431] OBJ_id_GostR3410_94DH */
-0x2A,0x85,0x03,0x02,0x02,0x0E,0x01,          /* [5437] OBJ_id_Gost28147_89_CryptoPro_KeyMeshing */
-0x2A,0x85,0x03,0x02,0x02,0x0E,0x00,          /* [5444] OBJ_id_Gost28147_89_None_KeyMeshing */
-0x2A,0x85,0x03,0x02,0x02,0x1E,0x00,          /* [5451] OBJ_id_GostR3411_94_TestParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x1E,0x01,          /* [5458] OBJ_id_GostR3411_94_CryptoProParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x1F,0x00,          /* [5465] OBJ_id_Gost28147_89_TestParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x1F,0x01,          /* [5472] OBJ_id_Gost28147_89_CryptoPro_A_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x1F,0x02,          /* [5479] OBJ_id_Gost28147_89_CryptoPro_B_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x1F,0x03,          /* [5486] OBJ_id_Gost28147_89_CryptoPro_C_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x1F,0x04,          /* [5493] OBJ_id_Gost28147_89_CryptoPro_D_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x1F,0x05,          /* [5500] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x1F,0x06,          /* [5507] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x1F,0x07,          /* [5514] OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x20,0x00,          /* [5521] OBJ_id_GostR3410_94_TestParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x20,0x02,          /* [5528] OBJ_id_GostR3410_94_CryptoPro_A_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x20,0x03,          /* [5535] OBJ_id_GostR3410_94_CryptoPro_B_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x20,0x04,          /* [5542] OBJ_id_GostR3410_94_CryptoPro_C_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x20,0x05,          /* [5549] OBJ_id_GostR3410_94_CryptoPro_D_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x21,0x01,          /* [5556] OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x21,0x02,          /* [5563] OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x21,0x03,          /* [5570] OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x23,0x00,          /* [5577] OBJ_id_GostR3410_2001_TestParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x23,0x01,          /* [5584] OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x23,0x02,          /* [5591] OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x23,0x03,          /* [5598] OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x24,0x00,          /* [5605] OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x24,0x01,          /* [5612] OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x14,0x01,          /* [5619] OBJ_id_GostR3410_94_a */
-0x2A,0x85,0x03,0x02,0x02,0x14,0x02,          /* [5626] OBJ_id_GostR3410_94_aBis */
-0x2A,0x85,0x03,0x02,0x02,0x14,0x03,          /* [5633] OBJ_id_GostR3410_94_b */
-0x2A,0x85,0x03,0x02,0x02,0x14,0x04,          /* [5640] OBJ_id_GostR3410_94_bBis */
-0x2A,0x85,0x03,0x02,0x09,0x01,0x06,0x01,     /* [5647] OBJ_id_Gost28147_89_cc */
-0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x03,     /* [5655] OBJ_id_GostR3410_94_cc */
-0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x04,     /* [5663] OBJ_id_GostR3410_2001_cc */
-0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x03,     /* [5671] OBJ_id_GostR3411_94_with_GostR3410_94_cc */
-0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x04,     /* [5679] OBJ_id_GostR3411_94_with_GostR3410_2001_cc */
-0x2A,0x85,0x03,0x02,0x09,0x01,0x08,0x01,     /* [5687] OBJ_id_GostR3410_2001_ParamSet_cc */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x02,/* [5695] OBJ_LocalKeySet */
-0x55,0x1D,0x2E,                              /* [5704] OBJ_freshest_crl */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x03,     /* [5707] OBJ_id_on_permanentIdentifier */
-0x55,0x04,0x0E,                              /* [5715] OBJ_searchGuide */
-0x55,0x04,0x0F,                              /* [5718] OBJ_businessCategory */
-0x55,0x04,0x10,                              /* [5721] OBJ_postalAddress */
-0x55,0x04,0x12,                              /* [5724] OBJ_postOfficeBox */
-0x55,0x04,0x13,                              /* [5727] OBJ_physicalDeliveryOfficeName */
-0x55,0x04,0x14,                              /* [5730] OBJ_telephoneNumber */
-0x55,0x04,0x15,                              /* [5733] OBJ_telexNumber */
-0x55,0x04,0x16,                              /* [5736] OBJ_teletexTerminalIdentifier */
-0x55,0x04,0x17,                              /* [5739] OBJ_facsimileTelephoneNumber */
-0x55,0x04,0x18,                              /* [5742] OBJ_x121Address */
-0x55,0x04,0x19,                              /* [5745] OBJ_internationaliSDNNumber */
-0x55,0x04,0x1A,                              /* [5748] OBJ_registeredAddress */
-0x55,0x04,0x1B,                              /* [5751] OBJ_destinationIndicator */
-0x55,0x04,0x1C,                              /* [5754] OBJ_preferredDeliveryMethod */
-0x55,0x04,0x1D,                              /* [5757] OBJ_presentationAddress */
-0x55,0x04,0x1E,                              /* [5760] OBJ_supportedApplicationContext */
-0x55,0x04,0x1F,                              /* [5763] OBJ_member */
-0x55,0x04,0x20,                              /* [5766] OBJ_owner */
-0x55,0x04,0x21,                              /* [5769] OBJ_roleOccupant */
-0x55,0x04,0x22,                              /* [5772] OBJ_seeAlso */
-0x55,0x04,0x23,                              /* [5775] OBJ_userPassword */
-0x55,0x04,0x24,                              /* [5778] OBJ_userCertificate */
-0x55,0x04,0x25,                              /* [5781] OBJ_cACertificate */
-0x55,0x04,0x26,                              /* [5784] OBJ_authorityRevocationList */
-0x55,0x04,0x27,                              /* [5787] OBJ_certificateRevocationList */
-0x55,0x04,0x28,                              /* [5790] OBJ_crossCertificatePair */
-0x55,0x04,0x2F,                              /* [5793] OBJ_enhancedSearchGuide */
-0x55,0x04,0x30,                              /* [5796] OBJ_protocolInformation */
-0x55,0x04,0x31,                              /* [5799] OBJ_distinguishedName */
-0x55,0x04,0x32,                              /* [5802] OBJ_uniqueMember */
-0x55,0x04,0x33,                              /* [5805] OBJ_houseIdentifier */
-0x55,0x04,0x34,                              /* [5808] OBJ_supportedAlgorithms */
-0x55,0x04,0x35,                              /* [5811] OBJ_deltaRevocationList */
-0x55,0x04,0x36,                              /* [5814] OBJ_dmdName */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x09,/* [5817] OBJ_id_alg_PWRI_KEK */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x06,/* [5828] OBJ_aes_128_gcm */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x07,/* [5837] OBJ_aes_128_ccm */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x08,/* [5846] OBJ_id_aes128_wrap_pad */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1A,/* [5855] OBJ_aes_192_gcm */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1B,/* [5864] OBJ_aes_192_ccm */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1C,/* [5873] OBJ_id_aes192_wrap_pad */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2E,/* [5882] OBJ_aes_256_gcm */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2F,/* [5891] OBJ_aes_256_ccm */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x30,/* [5900] OBJ_id_aes256_wrap_pad */
-0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x02,/* [5909] OBJ_id_camellia128_wrap */
-0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x03,/* [5920] OBJ_id_camellia192_wrap */
-0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x04,/* [5931] OBJ_id_camellia256_wrap */
-0x55,0x1D,0x25,0x00,                         /* [5942] OBJ_anyExtendedKeyUsage */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x08,/* [5946] OBJ_mgf1 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0A,/* [5955] OBJ_rsassaPss */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x07,/* [5964] OBJ_rsaesOaep */
-0x2A,0x86,0x48,0xCE,0x3E,0x02,0x01,          /* [5973] OBJ_dhpublicnumber */
-0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x01,/* [5980] OBJ_brainpoolP160r1 */
-0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x02,/* [5989] OBJ_brainpoolP160t1 */
-0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x03,/* [5998] OBJ_brainpoolP192r1 */
-0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x04,/* [6007] OBJ_brainpoolP192t1 */
-0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x05,/* [6016] OBJ_brainpoolP224r1 */
-0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x06,/* [6025] OBJ_brainpoolP224t1 */
-0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07,/* [6034] OBJ_brainpoolP256r1 */
-0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x08,/* [6043] OBJ_brainpoolP256t1 */
-0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x09,/* [6052] OBJ_brainpoolP320r1 */
-0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0A,/* [6061] OBJ_brainpoolP320t1 */
-0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0B,/* [6070] OBJ_brainpoolP384r1 */
-0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0C,/* [6079] OBJ_brainpoolP384t1 */
-0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0D,/* [6088] OBJ_brainpoolP512r1 */
-0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0E,/* [6097] OBJ_brainpoolP512t1 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x09,/* [6106] OBJ_pSpecified */
-0x2B,0x81,0x05,0x10,0x86,0x48,0x3F,0x00,0x02,/* [6115] OBJ_dhSinglePass_stdDH_sha1kdf_scheme */
-0x2B,0x81,0x04,0x01,0x0B,0x00,               /* [6124] OBJ_dhSinglePass_stdDH_sha224kdf_scheme */
-0x2B,0x81,0x04,0x01,0x0B,0x01,               /* [6130] OBJ_dhSinglePass_stdDH_sha256kdf_scheme */
-0x2B,0x81,0x04,0x01,0x0B,0x02,               /* [6136] OBJ_dhSinglePass_stdDH_sha384kdf_scheme */
-0x2B,0x81,0x04,0x01,0x0B,0x03,               /* [6142] OBJ_dhSinglePass_stdDH_sha512kdf_scheme */
-0x2B,0x81,0x05,0x10,0x86,0x48,0x3F,0x00,0x03,/* [6148] OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme */
-0x2B,0x81,0x04,0x01,0x0E,0x00,               /* [6157] OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme */
-0x2B,0x81,0x04,0x01,0x0E,0x01,               /* [6163] OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme */
-0x2B,0x81,0x04,0x01,0x0E,0x02,               /* [6169] OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme */
-0x2B,0x81,0x04,0x01,0x0E,0x03,               /* [6175] OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme */
-0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x02,/* [6181] OBJ_ct_precert_scts */
-0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x03,/* [6191] OBJ_ct_precert_poison */
-0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x04,/* [6201] OBJ_ct_precert_signer */
-0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x05,/* [6211] OBJ_ct_cert_scts */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x01,/* [6221] OBJ_jurisdictionLocalityName */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x02,/* [6232] OBJ_jurisdictionStateOrProvinceName */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x03,/* [6243] OBJ_jurisdictionCountryName */
+/* Serialized OID's */
+static const unsigned char so[7762] = {
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,                 /* [    0] OBJ_rsadsi */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,            /* [    6] OBJ_pkcs */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02,       /* [   13] OBJ_md2 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x05,       /* [   21] OBJ_md5 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x04,       /* [   29] OBJ_rc4 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,  /* [   37] OBJ_rsaEncryption */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x02,  /* [   46] OBJ_md2WithRSAEncryption */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x04,  /* [   55] OBJ_md5WithRSAEncryption */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x01,  /* [   64] OBJ_pbeWithMD2AndDES_CBC */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x03,  /* [   73] OBJ_pbeWithMD5AndDES_CBC */
+    0x55,                                          /* [   82] OBJ_X500 */
+    0x55,0x04,                                     /* [   83] OBJ_X509 */
+    0x55,0x04,0x03,                                /* [   85] OBJ_commonName */
+    0x55,0x04,0x06,                                /* [   88] OBJ_countryName */
+    0x55,0x04,0x07,                                /* [   91] OBJ_localityName */
+    0x55,0x04,0x08,                                /* [   94] OBJ_stateOrProvinceName */
+    0x55,0x04,0x0A,                                /* [   97] OBJ_organizationName */
+    0x55,0x04,0x0B,                                /* [  100] OBJ_organizationalUnitName */
+    0x55,0x08,0x01,0x01,                           /* [  103] OBJ_rsa */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,       /* [  107] OBJ_pkcs7 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x01,  /* [  115] OBJ_pkcs7_data */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x02,  /* [  124] OBJ_pkcs7_signed */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x03,  /* [  133] OBJ_pkcs7_enveloped */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x04,  /* [  142] OBJ_pkcs7_signedAndEnveloped */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x05,  /* [  151] OBJ_pkcs7_digest */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x06,  /* [  160] OBJ_pkcs7_encrypted */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x03,       /* [  169] OBJ_pkcs3 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x03,0x01,  /* [  177] OBJ_dhKeyAgreement */
+    0x2B,0x0E,0x03,0x02,0x06,                      /* [  186] OBJ_des_ecb */
+    0x2B,0x0E,0x03,0x02,0x09,                      /* [  191] OBJ_des_cfb64 */
+    0x2B,0x0E,0x03,0x02,0x07,                      /* [  196] OBJ_des_cbc */
+    0x2B,0x0E,0x03,0x02,0x11,                      /* [  201] OBJ_des_ede_ecb */
+    0x2B,0x06,0x01,0x04,0x01,0x81,0x3C,0x07,0x01,0x01,0x02,  /* [  206] OBJ_idea_cbc */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x02,       /* [  217] OBJ_rc2_cbc */
+    0x2B,0x0E,0x03,0x02,0x12,                      /* [  225] OBJ_sha */
+    0x2B,0x0E,0x03,0x02,0x0F,                      /* [  230] OBJ_shaWithRSAEncryption */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x07,       /* [  235] OBJ_des_ede3_cbc */
+    0x2B,0x0E,0x03,0x02,0x08,                      /* [  243] OBJ_des_ofb64 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,       /* [  248] OBJ_pkcs9 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x01,  /* [  256] OBJ_pkcs9_emailAddress */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x02,  /* [  265] OBJ_pkcs9_unstructuredName */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x03,  /* [  274] OBJ_pkcs9_contentType */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x04,  /* [  283] OBJ_pkcs9_messageDigest */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x05,  /* [  292] OBJ_pkcs9_signingTime */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x06,  /* [  301] OBJ_pkcs9_countersignature */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x07,  /* [  310] OBJ_pkcs9_challengePassword */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x08,  /* [  319] OBJ_pkcs9_unstructuredAddress */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x09,  /* [  328] OBJ_pkcs9_extCertAttributes */
+    0x60,0x86,0x48,0x01,0x86,0xF8,0x42,            /* [  337] OBJ_netscape */
+    0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,       /* [  344] OBJ_netscape_cert_extension */
+    0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02,       /* [  352] OBJ_netscape_data_type */
+    0x2B,0x0E,0x03,0x02,0x1A,                      /* [  360] OBJ_sha1 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,  /* [  365] OBJ_sha1WithRSAEncryption */
+    0x2B,0x0E,0x03,0x02,0x0D,                      /* [  374] OBJ_dsaWithSHA */
+    0x2B,0x0E,0x03,0x02,0x0C,                      /* [  379] OBJ_dsa_2 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0B,  /* [  384] OBJ_pbeWithSHA1AndRC2_CBC */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0C,  /* [  393] OBJ_id_pbkdf2 */
+    0x2B,0x0E,0x03,0x02,0x1B,                      /* [  402] OBJ_dsaWithSHA1_2 */
+    0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x01,  /* [  407] OBJ_netscape_cert_type */
+    0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x02,  /* [  416] OBJ_netscape_base_url */
+    0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x03,  /* [  425] OBJ_netscape_revocation_url */
+    0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x04,  /* [  434] OBJ_netscape_ca_revocation_url */
+    0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x07,  /* [  443] OBJ_netscape_renewal_url */
+    0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x08,  /* [  452] OBJ_netscape_ca_policy_url */
+    0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0C,  /* [  461] OBJ_netscape_ssl_server_name */
+    0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0D,  /* [  470] OBJ_netscape_comment */
+    0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02,0x05,  /* [  479] OBJ_netscape_cert_sequence */
+    0x55,0x1D,                                     /* [  488] OBJ_id_ce */
+    0x55,0x1D,0x0E,                                /* [  490] OBJ_subject_key_identifier */
+    0x55,0x1D,0x0F,                                /* [  493] OBJ_key_usage */
+    0x55,0x1D,0x10,                                /* [  496] OBJ_private_key_usage_period */
+    0x55,0x1D,0x11,                                /* [  499] OBJ_subject_alt_name */
+    0x55,0x1D,0x12,                                /* [  502] OBJ_issuer_alt_name */
+    0x55,0x1D,0x13,                                /* [  505] OBJ_basic_constraints */
+    0x55,0x1D,0x14,                                /* [  508] OBJ_crl_number */
+    0x55,0x1D,0x20,                                /* [  511] OBJ_certificate_policies */
+    0x55,0x1D,0x23,                                /* [  514] OBJ_authority_key_identifier */
+    0x2B,0x06,0x01,0x04,0x01,0x97,0x55,0x01,0x02,  /* [  517] OBJ_bf_cbc */
+    0x55,0x08,0x03,0x65,                           /* [  526] OBJ_mdc2 */
+    0x55,0x08,0x03,0x64,                           /* [  530] OBJ_mdc2WithRSA */
+    0x55,0x04,0x2A,                                /* [  534] OBJ_givenName */
+    0x55,0x04,0x04,                                /* [  537] OBJ_surname */
+    0x55,0x04,0x2B,                                /* [  540] OBJ_initials */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2C,  /* [  543] OBJ_uniqueIdentifier */
+    0x55,0x1D,0x1F,                                /* [  553] OBJ_crl_distribution_points */
+    0x2B,0x0E,0x03,0x02,0x03,                      /* [  556] OBJ_md5WithRSA */
+    0x55,0x04,0x05,                                /* [  561] OBJ_serialNumber */
+    0x55,0x04,0x0C,                                /* [  564] OBJ_title */
+    0x55,0x04,0x0D,                                /* [  567] OBJ_description */
+    0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0A,  /* [  570] OBJ_cast5_cbc */
+    0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0C,  /* [  579] OBJ_pbeWithMD5AndCast5_CBC */
+    0x2A,0x86,0x48,0xCE,0x38,0x04,0x03,            /* [  588] OBJ_dsaWithSHA1 */
+    0x2B,0x0E,0x03,0x02,0x1D,                      /* [  595] OBJ_sha1WithRSA */
+    0x2A,0x86,0x48,0xCE,0x38,0x04,0x01,            /* [  600] OBJ_dsa */
+    0x2B,0x24,0x03,0x02,0x01,                      /* [  607] OBJ_ripemd160 */
+    0x2B,0x24,0x03,0x03,0x01,0x02,                 /* [  612] OBJ_ripemd160WithRSA */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x08,       /* [  618] OBJ_rc5_cbc */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x08,  /* [  626] OBJ_zlib_compression */
+    0x55,0x1D,0x25,                                /* [  637] OBJ_ext_key_usage */
+    0x2B,0x06,0x01,0x05,0x05,0x07,                 /* [  640] OBJ_id_pkix */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,            /* [  646] OBJ_id_kp */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,       /* [  653] OBJ_server_auth */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,       /* [  661] OBJ_client_auth */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03,       /* [  669] OBJ_code_sign */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x04,       /* [  677] OBJ_email_protect */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x08,       /* [  685] OBJ_time_stamp */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x15,  /* [  693] OBJ_ms_code_ind */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x16,  /* [  703] OBJ_ms_code_com */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x01,  /* [  713] OBJ_ms_ctl_sign */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x03,  /* [  723] OBJ_ms_sgc */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x04,  /* [  733] OBJ_ms_efs */
+    0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01,  /* [  743] OBJ_ns_sgc */
+    0x55,0x1D,0x1B,                                /* [  752] OBJ_delta_crl */
+    0x55,0x1D,0x15,                                /* [  755] OBJ_crl_reason */
+    0x55,0x1D,0x18,                                /* [  758] OBJ_invalidity_date */
+    0x2B,0x65,0x01,0x04,0x01,                      /* [  761] OBJ_sxnet */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x01,  /* [  766] OBJ_pbe_WithSHA1And128BitRC4 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x02,  /* [  776] OBJ_pbe_WithSHA1And40BitRC4 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x03,  /* [  786] OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x04,  /* [  796] OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x05,  /* [  806] OBJ_pbe_WithSHA1And128BitRC2_CBC */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x06,  /* [  816] OBJ_pbe_WithSHA1And40BitRC2_CBC */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x01,  /* [  826] OBJ_keyBag */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x02,  /* [  837] OBJ_pkcs8ShroudedKeyBag */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x03,  /* [  848] OBJ_certBag */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x04,  /* [  859] OBJ_crlBag */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x05,  /* [  870] OBJ_secretBag */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x06,  /* [  881] OBJ_safeContentsBag */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x14,  /* [  892] OBJ_friendlyName */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x15,  /* [  901] OBJ_localKeyID */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x01,  /* [  910] OBJ_x509Certificate */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x02,  /* [  920] OBJ_sdsiCertificate */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x17,0x01,  /* [  930] OBJ_x509Crl */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0D,  /* [  940] OBJ_pbes2 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0E,  /* [  949] OBJ_pbmac1 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x07,       /* [  958] OBJ_hmacWithSHA1 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,       /* [  966] OBJ_id_qt_cps */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02,       /* [  974] OBJ_id_qt_unotice */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0F,  /* [  982] OBJ_SMIMECapabilities */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x04,  /* [  991] OBJ_pbeWithMD2AndRC2_CBC */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x06,  /* [ 1000] OBJ_pbeWithMD5AndRC2_CBC */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0A,  /* [ 1009] OBJ_pbeWithSHA1AndDES_CBC */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x0E,  /* [ 1018] OBJ_ms_ext_req */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0E,  /* [ 1028] OBJ_ext_req */
+    0x55,0x04,0x29,                                /* [ 1037] OBJ_name */
+    0x55,0x04,0x2E,                                /* [ 1040] OBJ_dnQualifier */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,            /* [ 1043] OBJ_id_pe */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,            /* [ 1050] OBJ_id_ad */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,       /* [ 1057] OBJ_info_access */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,       /* [ 1065] OBJ_ad_OCSP */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,       /* [ 1073] OBJ_ad_ca_issuers */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x09,       /* [ 1081] OBJ_OCSP_sign */
+    0x2A,                                          /* [ 1089] OBJ_member_body */
+    0x2A,0x86,0x48,                                /* [ 1090] OBJ_ISO_US */
+    0x2A,0x86,0x48,0xCE,0x38,                      /* [ 1093] OBJ_X9_57 */
+    0x2A,0x86,0x48,0xCE,0x38,0x04,                 /* [ 1098] OBJ_X9cm */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,       /* [ 1104] OBJ_pkcs1 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,       /* [ 1112] OBJ_pkcs5 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,  /* [ 1120] OBJ_SMIME */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,  /* [ 1129] OBJ_id_smime_mod */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,  /* [ 1139] OBJ_id_smime_ct */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,  /* [ 1149] OBJ_id_smime_aa */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,  /* [ 1159] OBJ_id_smime_alg */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,  /* [ 1169] OBJ_id_smime_cd */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,  /* [ 1179] OBJ_id_smime_spq */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,  /* [ 1189] OBJ_id_smime_cti */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x01,  /* [ 1199] OBJ_id_smime_mod_cms */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x02,  /* [ 1210] OBJ_id_smime_mod_ess */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x03,  /* [ 1221] OBJ_id_smime_mod_oid */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x04,  /* [ 1232] OBJ_id_smime_mod_msg_v3 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x05,  /* [ 1243] OBJ_id_smime_mod_ets_eSignature_88 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x06,  /* [ 1254] OBJ_id_smime_mod_ets_eSignature_97 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x07,  /* [ 1265] OBJ_id_smime_mod_ets_eSigPolicy_88 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x08,  /* [ 1276] OBJ_id_smime_mod_ets_eSigPolicy_97 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x01,  /* [ 1287] OBJ_id_smime_ct_receipt */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x02,  /* [ 1298] OBJ_id_smime_ct_authData */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x03,  /* [ 1309] OBJ_id_smime_ct_publishCert */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x04,  /* [ 1320] OBJ_id_smime_ct_TSTInfo */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x05,  /* [ 1331] OBJ_id_smime_ct_TDTInfo */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x06,  /* [ 1342] OBJ_id_smime_ct_contentInfo */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x07,  /* [ 1353] OBJ_id_smime_ct_DVCSRequestData */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x08,  /* [ 1364] OBJ_id_smime_ct_DVCSResponseData */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x01,  /* [ 1375] OBJ_id_smime_aa_receiptRequest */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x02,  /* [ 1386] OBJ_id_smime_aa_securityLabel */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x03,  /* [ 1397] OBJ_id_smime_aa_mlExpandHistory */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x04,  /* [ 1408] OBJ_id_smime_aa_contentHint */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x05,  /* [ 1419] OBJ_id_smime_aa_msgSigDigest */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x06,  /* [ 1430] OBJ_id_smime_aa_encapContentType */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x07,  /* [ 1441] OBJ_id_smime_aa_contentIdentifier */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x08,  /* [ 1452] OBJ_id_smime_aa_macValue */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x09,  /* [ 1463] OBJ_id_smime_aa_equivalentLabels */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0A,  /* [ 1474] OBJ_id_smime_aa_contentReference */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0B,  /* [ 1485] OBJ_id_smime_aa_encrypKeyPref */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0C,  /* [ 1496] OBJ_id_smime_aa_signingCertificate */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0D,  /* [ 1507] OBJ_id_smime_aa_smimeEncryptCerts */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0E,  /* [ 1518] OBJ_id_smime_aa_timeStampToken */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0F,  /* [ 1529] OBJ_id_smime_aa_ets_sigPolicyId */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x10,  /* [ 1540] OBJ_id_smime_aa_ets_commitmentType */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x11,  /* [ 1551] OBJ_id_smime_aa_ets_signerLocation */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x12,  /* [ 1562] OBJ_id_smime_aa_ets_signerAttr */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x13,  /* [ 1573] OBJ_id_smime_aa_ets_otherSigCert */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x14,  /* [ 1584] OBJ_id_smime_aa_ets_contentTimestamp */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x15,  /* [ 1595] OBJ_id_smime_aa_ets_CertificateRefs */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x16,  /* [ 1606] OBJ_id_smime_aa_ets_RevocationRefs */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x17,  /* [ 1617] OBJ_id_smime_aa_ets_certValues */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x18,  /* [ 1628] OBJ_id_smime_aa_ets_revocationValues */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x19,  /* [ 1639] OBJ_id_smime_aa_ets_escTimeStamp */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1A,  /* [ 1650] OBJ_id_smime_aa_ets_certCRLTimestamp */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1B,  /* [ 1661] OBJ_id_smime_aa_ets_archiveTimeStamp */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1C,  /* [ 1672] OBJ_id_smime_aa_signatureType */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1D,  /* [ 1683] OBJ_id_smime_aa_dvcs_dvc */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x01,  /* [ 1694] OBJ_id_smime_alg_ESDHwith3DES */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x02,  /* [ 1705] OBJ_id_smime_alg_ESDHwithRC2 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x03,  /* [ 1716] OBJ_id_smime_alg_3DESwrap */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x04,  /* [ 1727] OBJ_id_smime_alg_RC2wrap */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x05,  /* [ 1738] OBJ_id_smime_alg_ESDH */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x06,  /* [ 1749] OBJ_id_smime_alg_CMS3DESwrap */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x07,  /* [ 1760] OBJ_id_smime_alg_CMSRC2wrap */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,0x01,  /* [ 1771] OBJ_id_smime_cd_ldap */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x01,  /* [ 1782] OBJ_id_smime_spq_ets_sqt_uri */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x02,  /* [ 1793] OBJ_id_smime_spq_ets_sqt_unotice */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x01,  /* [ 1804] OBJ_id_smime_cti_ets_proofOfOrigin */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x02,  /* [ 1815] OBJ_id_smime_cti_ets_proofOfReceipt */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x03,  /* [ 1826] OBJ_id_smime_cti_ets_proofOfDelivery */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x04,  /* [ 1837] OBJ_id_smime_cti_ets_proofOfSender */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x05,  /* [ 1848] OBJ_id_smime_cti_ets_proofOfApproval */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x06,  /* [ 1859] OBJ_id_smime_cti_ets_proofOfCreation */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x04,       /* [ 1870] OBJ_md4 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,            /* [ 1878] OBJ_id_pkix_mod */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x02,            /* [ 1885] OBJ_id_qt */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,            /* [ 1892] OBJ_id_it */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x05,            /* [ 1899] OBJ_id_pkip */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x06,            /* [ 1906] OBJ_id_alg */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,            /* [ 1913] OBJ_id_cmc */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x08,            /* [ 1920] OBJ_id_on */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x09,            /* [ 1927] OBJ_id_pda */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,            /* [ 1934] OBJ_id_aca */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,            /* [ 1941] OBJ_id_qcs */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,            /* [ 1948] OBJ_id_cct */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x01,       /* [ 1955] OBJ_id_pkix1_explicit_88 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x02,       /* [ 1963] OBJ_id_pkix1_implicit_88 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x03,       /* [ 1971] OBJ_id_pkix1_explicit_93 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x04,       /* [ 1979] OBJ_id_pkix1_implicit_93 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x05,       /* [ 1987] OBJ_id_mod_crmf */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x06,       /* [ 1995] OBJ_id_mod_cmc */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x07,       /* [ 2003] OBJ_id_mod_kea_profile_88 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x08,       /* [ 2011] OBJ_id_mod_kea_profile_93 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x09,       /* [ 2019] OBJ_id_mod_cmp */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0A,       /* [ 2027] OBJ_id_mod_qualified_cert_88 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0B,       /* [ 2035] OBJ_id_mod_qualified_cert_93 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0C,       /* [ 2043] OBJ_id_mod_attribute_cert */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0D,       /* [ 2051] OBJ_id_mod_timestamp_protocol */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0E,       /* [ 2059] OBJ_id_mod_ocsp */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0F,       /* [ 2067] OBJ_id_mod_dvcs */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x10,       /* [ 2075] OBJ_id_mod_cmp2000 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x02,       /* [ 2083] OBJ_biometricInfo */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x03,       /* [ 2091] OBJ_qcStatements */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x04,       /* [ 2099] OBJ_ac_auditEntity */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x05,       /* [ 2107] OBJ_ac_targeting */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x06,       /* [ 2115] OBJ_aaControls */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x07,       /* [ 2123] OBJ_sbgp_ipAddrBlock */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08,       /* [ 2131] OBJ_sbgp_autonomousSysNum */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09,       /* [ 2139] OBJ_sbgp_routerIdentifier */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x03,       /* [ 2147] OBJ_textNotice */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x05,       /* [ 2155] OBJ_ipsecEndSystem */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x06,       /* [ 2163] OBJ_ipsecTunnel */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x07,       /* [ 2171] OBJ_ipsecUser */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x0A,       /* [ 2179] OBJ_dvcs */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x01,       /* [ 2187] OBJ_id_it_caProtEncCert */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x02,       /* [ 2195] OBJ_id_it_signKeyPairTypes */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x03,       /* [ 2203] OBJ_id_it_encKeyPairTypes */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x04,       /* [ 2211] OBJ_id_it_preferredSymmAlg */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x05,       /* [ 2219] OBJ_id_it_caKeyUpdateInfo */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x06,       /* [ 2227] OBJ_id_it_currentCRL */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x07,       /* [ 2235] OBJ_id_it_unsupportedOIDs */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x08,       /* [ 2243] OBJ_id_it_subscriptionRequest */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x09,       /* [ 2251] OBJ_id_it_subscriptionResponse */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0A,       /* [ 2259] OBJ_id_it_keyPairParamReq */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0B,       /* [ 2267] OBJ_id_it_keyPairParamRep */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0C,       /* [ 2275] OBJ_id_it_revPassphrase */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0D,       /* [ 2283] OBJ_id_it_implicitConfirm */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0E,       /* [ 2291] OBJ_id_it_confirmWaitTime */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0F,       /* [ 2299] OBJ_id_it_origPKIMessage */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,       /* [ 2307] OBJ_id_regCtrl */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,       /* [ 2315] OBJ_id_regInfo */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x01,  /* [ 2323] OBJ_id_regCtrl_regToken */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x02,  /* [ 2332] OBJ_id_regCtrl_authenticator */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x03,  /* [ 2341] OBJ_id_regCtrl_pkiPublicationInfo */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x04,  /* [ 2350] OBJ_id_regCtrl_pkiArchiveOptions */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x05,  /* [ 2359] OBJ_id_regCtrl_oldCertID */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x06,  /* [ 2368] OBJ_id_regCtrl_protocolEncrKey */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x01,  /* [ 2377] OBJ_id_regInfo_utf8Pairs */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x02,  /* [ 2386] OBJ_id_regInfo_certReq */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x01,       /* [ 2395] OBJ_id_alg_des40 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x02,       /* [ 2403] OBJ_id_alg_noSignature */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x03,       /* [ 2411] OBJ_id_alg_dh_sig_hmac_sha1 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x04,       /* [ 2419] OBJ_id_alg_dh_pop */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x01,       /* [ 2427] OBJ_id_cmc_statusInfo */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x02,       /* [ 2435] OBJ_id_cmc_identification */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x03,       /* [ 2443] OBJ_id_cmc_identityProof */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x04,       /* [ 2451] OBJ_id_cmc_dataReturn */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x05,       /* [ 2459] OBJ_id_cmc_transactionId */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x06,       /* [ 2467] OBJ_id_cmc_senderNonce */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x07,       /* [ 2475] OBJ_id_cmc_recipientNonce */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x08,       /* [ 2483] OBJ_id_cmc_addExtensions */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x09,       /* [ 2491] OBJ_id_cmc_encryptedPOP */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0A,       /* [ 2499] OBJ_id_cmc_decryptedPOP */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0B,       /* [ 2507] OBJ_id_cmc_lraPOPWitness */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0F,       /* [ 2515] OBJ_id_cmc_getCert */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x10,       /* [ 2523] OBJ_id_cmc_getCRL */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x11,       /* [ 2531] OBJ_id_cmc_revokeRequest */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x12,       /* [ 2539] OBJ_id_cmc_regInfo */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x13,       /* [ 2547] OBJ_id_cmc_responseInfo */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x15,       /* [ 2555] OBJ_id_cmc_queryPending */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x16,       /* [ 2563] OBJ_id_cmc_popLinkRandom */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x17,       /* [ 2571] OBJ_id_cmc_popLinkWitness */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x18,       /* [ 2579] OBJ_id_cmc_confirmCertAcceptance */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x01,       /* [ 2587] OBJ_id_on_personalData */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x01,       /* [ 2595] OBJ_id_pda_dateOfBirth */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x02,       /* [ 2603] OBJ_id_pda_placeOfBirth */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x03,       /* [ 2611] OBJ_id_pda_gender */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x04,       /* [ 2619] OBJ_id_pda_countryOfCitizenship */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x05,       /* [ 2627] OBJ_id_pda_countryOfResidence */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x01,       /* [ 2635] OBJ_id_aca_authenticationInfo */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x02,       /* [ 2643] OBJ_id_aca_accessIdentity */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x03,       /* [ 2651] OBJ_id_aca_chargingIdentity */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x04,       /* [ 2659] OBJ_id_aca_group */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x05,       /* [ 2667] OBJ_id_aca_role */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,0x01,       /* [ 2675] OBJ_id_qcs_pkixQCSyntax_v1 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x01,       /* [ 2683] OBJ_id_cct_crs */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x02,       /* [ 2691] OBJ_id_cct_PKIData */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x03,       /* [ 2699] OBJ_id_cct_PKIResponse */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x03,       /* [ 2707] OBJ_ad_timeStamping */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x04,       /* [ 2715] OBJ_ad_dvcs */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x01,  /* [ 2723] OBJ_id_pkix_OCSP_basic */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x02,  /* [ 2732] OBJ_id_pkix_OCSP_Nonce */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x03,  /* [ 2741] OBJ_id_pkix_OCSP_CrlID */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x04,  /* [ 2750] OBJ_id_pkix_OCSP_acceptableResponses */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05,  /* [ 2759] OBJ_id_pkix_OCSP_noCheck */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x06,  /* [ 2768] OBJ_id_pkix_OCSP_archiveCutoff */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x07,  /* [ 2777] OBJ_id_pkix_OCSP_serviceLocator */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x08,  /* [ 2786] OBJ_id_pkix_OCSP_extendedStatus */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x09,  /* [ 2795] OBJ_id_pkix_OCSP_valid */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0A,  /* [ 2804] OBJ_id_pkix_OCSP_path */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0B,  /* [ 2813] OBJ_id_pkix_OCSP_trustRoot */
+    0x2B,0x0E,0x03,0x02,                           /* [ 2822] OBJ_algorithm */
+    0x2B,0x0E,0x03,0x02,0x0B,                      /* [ 2826] OBJ_rsaSignature */
+    0x55,0x08,                                     /* [ 2831] OBJ_X500algorithms */
+    0x2B,                                          /* [ 2833] OBJ_org */
+    0x2B,0x06,                                     /* [ 2834] OBJ_dod */
+    0x2B,0x06,0x01,                                /* [ 2836] OBJ_iana */
+    0x2B,0x06,0x01,0x01,                           /* [ 2839] OBJ_Directory */
+    0x2B,0x06,0x01,0x02,                           /* [ 2843] OBJ_Management */
+    0x2B,0x06,0x01,0x03,                           /* [ 2847] OBJ_Experimental */
+    0x2B,0x06,0x01,0x04,                           /* [ 2851] OBJ_Private */
+    0x2B,0x06,0x01,0x05,                           /* [ 2855] OBJ_Security */
+    0x2B,0x06,0x01,0x06,                           /* [ 2859] OBJ_SNMPv2 */
+    0x2B,0x06,0x01,0x07,                           /* [ 2863] OBJ_Mail */
+    0x2B,0x06,0x01,0x04,0x01,                      /* [ 2867] OBJ_Enterprises */
+    0x2B,0x06,0x01,0x04,0x01,0x8B,0x3A,0x82,0x58,  /* [ 2872] OBJ_dcObject */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,  /* [ 2881] OBJ_domainComponent */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D,  /* [ 2891] OBJ_Domain */
+    0x55,0x01,0x05,                                /* [ 2901] OBJ_selected_attribute_types */
+    0x55,0x01,0x05,0x37,                           /* [ 2904] OBJ_clearance */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x03,  /* [ 2908] OBJ_md4WithRSAEncryption */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0A,       /* [ 2917] OBJ_ac_proxying */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0B,       /* [ 2925] OBJ_sinfo_access */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x06,       /* [ 2933] OBJ_id_aca_encAttrs */
+    0x55,0x04,0x48,                                /* [ 2941] OBJ_role */
+    0x55,0x1D,0x24,                                /* [ 2944] OBJ_policy_constraints */
+    0x55,0x1D,0x37,                                /* [ 2947] OBJ_target_information */
+    0x55,0x1D,0x38,                                /* [ 2950] OBJ_no_rev_avail */
+    0x2A,0x86,0x48,0xCE,0x3D,                      /* [ 2953] OBJ_ansi_X9_62 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x01,0x01,            /* [ 2958] OBJ_X9_62_prime_field */
+    0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,            /* [ 2965] OBJ_X9_62_characteristic_two_field */
+    0x2A,0x86,0x48,0xCE,0x3D,0x02,0x01,            /* [ 2972] OBJ_X9_62_id_ecPublicKey */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x01,       /* [ 2979] OBJ_X9_62_prime192v1 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x02,       /* [ 2987] OBJ_X9_62_prime192v2 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x03,       /* [ 2995] OBJ_X9_62_prime192v3 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x04,       /* [ 3003] OBJ_X9_62_prime239v1 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x05,       /* [ 3011] OBJ_X9_62_prime239v2 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x06,       /* [ 3019] OBJ_X9_62_prime239v3 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07,       /* [ 3027] OBJ_X9_62_prime256v1 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x04,0x01,            /* [ 3035] OBJ_ecdsa_with_SHA1 */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x01,  /* [ 3042] OBJ_ms_csp_name */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x01,  /* [ 3051] OBJ_aes_128_ecb */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x02,  /* [ 3060] OBJ_aes_128_cbc */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x03,  /* [ 3069] OBJ_aes_128_ofb128 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x04,  /* [ 3078] OBJ_aes_128_cfb128 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x15,  /* [ 3087] OBJ_aes_192_ecb */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x16,  /* [ 3096] OBJ_aes_192_cbc */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x17,  /* [ 3105] OBJ_aes_192_ofb128 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x18,  /* [ 3114] OBJ_aes_192_cfb128 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x29,  /* [ 3123] OBJ_aes_256_ecb */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2A,  /* [ 3132] OBJ_aes_256_cbc */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2B,  /* [ 3141] OBJ_aes_256_ofb128 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2C,  /* [ 3150] OBJ_aes_256_cfb128 */
+    0x55,0x1D,0x17,                                /* [ 3159] OBJ_hold_instruction_code */
+    0x2A,0x86,0x48,0xCE,0x38,0x02,0x01,            /* [ 3162] OBJ_hold_instruction_none */
+    0x2A,0x86,0x48,0xCE,0x38,0x02,0x02,            /* [ 3169] OBJ_hold_instruction_call_issuer */
+    0x2A,0x86,0x48,0xCE,0x38,0x02,0x03,            /* [ 3176] OBJ_hold_instruction_reject */
+    0x09,                                          /* [ 3183] OBJ_data */
+    0x09,0x92,0x26,                                /* [ 3184] OBJ_pss */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,            /* [ 3187] OBJ_ucl */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,       /* [ 3194] OBJ_pilot */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,  /* [ 3202] OBJ_pilotAttributeType */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,  /* [ 3211] OBJ_pilotAttributeSyntax */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,  /* [ 3220] OBJ_pilotObjectClass */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x0A,  /* [ 3229] OBJ_pilotGroups */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x04,  /* [ 3238] OBJ_iA5StringSyntax */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x05,  /* [ 3248] OBJ_caseIgnoreIA5StringSyntax */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x03,  /* [ 3258] OBJ_pilotObject */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x04,  /* [ 3268] OBJ_pilotPerson */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x05,  /* [ 3278] OBJ_account */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x06,  /* [ 3288] OBJ_document */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x07,  /* [ 3298] OBJ_room */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x09,  /* [ 3308] OBJ_documentSeries */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0E,  /* [ 3318] OBJ_rFC822localPart */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0F,  /* [ 3328] OBJ_dNSDomain */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x11,  /* [ 3338] OBJ_domainRelatedObject */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x12,  /* [ 3348] OBJ_friendlyCountry */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x13,  /* [ 3358] OBJ_simpleSecurityObject */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x14,  /* [ 3368] OBJ_pilotOrganization */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x15,  /* [ 3378] OBJ_pilotDSA */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x16,  /* [ 3388] OBJ_qualityLabelledData */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x01,  /* [ 3398] OBJ_userId */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x02,  /* [ 3408] OBJ_textEncodedORAddress */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x03,  /* [ 3418] OBJ_rfc822Mailbox */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x04,  /* [ 3428] OBJ_info */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x05,  /* [ 3438] OBJ_favouriteDrink */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x06,  /* [ 3448] OBJ_roomNumber */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x07,  /* [ 3458] OBJ_photo */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x08,  /* [ 3468] OBJ_userClass */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x09,  /* [ 3478] OBJ_host */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0A,  /* [ 3488] OBJ_manager */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0B,  /* [ 3498] OBJ_documentIdentifier */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0C,  /* [ 3508] OBJ_documentTitle */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0D,  /* [ 3518] OBJ_documentVersion */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0E,  /* [ 3528] OBJ_documentAuthor */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0F,  /* [ 3538] OBJ_documentLocation */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x14,  /* [ 3548] OBJ_homeTelephoneNumber */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x15,  /* [ 3558] OBJ_secretary */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x16,  /* [ 3568] OBJ_otherMailbox */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x17,  /* [ 3578] OBJ_lastModifiedTime */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x18,  /* [ 3588] OBJ_lastModifiedBy */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1A,  /* [ 3598] OBJ_aRecord */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1B,  /* [ 3608] OBJ_pilotAttributeType27 */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1C,  /* [ 3618] OBJ_mXRecord */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1D,  /* [ 3628] OBJ_nSRecord */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1E,  /* [ 3638] OBJ_sOARecord */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1F,  /* [ 3648] OBJ_cNAMERecord */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x25,  /* [ 3658] OBJ_associatedDomain */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x26,  /* [ 3668] OBJ_associatedName */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x27,  /* [ 3678] OBJ_homePostalAddress */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x28,  /* [ 3688] OBJ_personalTitle */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x29,  /* [ 3698] OBJ_mobileTelephoneNumber */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2A,  /* [ 3708] OBJ_pagerTelephoneNumber */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2B,  /* [ 3718] OBJ_friendlyCountryName */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2D,  /* [ 3728] OBJ_organizationalStatus */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2E,  /* [ 3738] OBJ_janetMailbox */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2F,  /* [ 3748] OBJ_mailPreferenceOption */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x30,  /* [ 3758] OBJ_buildingName */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x31,  /* [ 3768] OBJ_dSAQuality */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x32,  /* [ 3778] OBJ_singleLevelQuality */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x33,  /* [ 3788] OBJ_subtreeMinimumQuality */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x34,  /* [ 3798] OBJ_subtreeMaximumQuality */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x35,  /* [ 3808] OBJ_personalSignature */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x36,  /* [ 3818] OBJ_dITRedirect */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x37,  /* [ 3828] OBJ_audio */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x38,  /* [ 3838] OBJ_documentPublisher */
+    0x55,0x04,0x2D,                                /* [ 3848] OBJ_x500UniqueIdentifier */
+    0x2B,0x06,0x01,0x07,0x01,                      /* [ 3851] OBJ_mime_mhs */
+    0x2B,0x06,0x01,0x07,0x01,0x01,                 /* [ 3856] OBJ_mime_mhs_headings */
+    0x2B,0x06,0x01,0x07,0x01,0x02,                 /* [ 3862] OBJ_mime_mhs_bodies */
+    0x2B,0x06,0x01,0x07,0x01,0x01,0x01,            /* [ 3868] OBJ_id_hex_partial_message */
+    0x2B,0x06,0x01,0x07,0x01,0x01,0x02,            /* [ 3875] OBJ_id_hex_multipart_message */
+    0x55,0x04,0x2C,                                /* [ 3882] OBJ_generationQualifier */
+    0x55,0x04,0x41,                                /* [ 3885] OBJ_pseudonym */
+    0x67,0x2A,                                     /* [ 3888] OBJ_id_set */
+    0x67,0x2A,0x00,                                /* [ 3890] OBJ_set_ctype */
+    0x67,0x2A,0x01,                                /* [ 3893] OBJ_set_msgExt */
+    0x67,0x2A,0x03,                                /* [ 3896] OBJ_set_attr */
+    0x67,0x2A,0x05,                                /* [ 3899] OBJ_set_policy */
+    0x67,0x2A,0x07,                                /* [ 3902] OBJ_set_certExt */
+    0x67,0x2A,0x08,                                /* [ 3905] OBJ_set_brand */
+    0x67,0x2A,0x00,0x00,                           /* [ 3908] OBJ_setct_PANData */
+    0x67,0x2A,0x00,0x01,                           /* [ 3912] OBJ_setct_PANToken */
+    0x67,0x2A,0x00,0x02,                           /* [ 3916] OBJ_setct_PANOnly */
+    0x67,0x2A,0x00,0x03,                           /* [ 3920] OBJ_setct_OIData */
+    0x67,0x2A,0x00,0x04,                           /* [ 3924] OBJ_setct_PI */
+    0x67,0x2A,0x00,0x05,                           /* [ 3928] OBJ_setct_PIData */
+    0x67,0x2A,0x00,0x06,                           /* [ 3932] OBJ_setct_PIDataUnsigned */
+    0x67,0x2A,0x00,0x07,                           /* [ 3936] OBJ_setct_HODInput */
+    0x67,0x2A,0x00,0x08,                           /* [ 3940] OBJ_setct_AuthResBaggage */
+    0x67,0x2A,0x00,0x09,                           /* [ 3944] OBJ_setct_AuthRevReqBaggage */
+    0x67,0x2A,0x00,0x0A,                           /* [ 3948] OBJ_setct_AuthRevResBaggage */
+    0x67,0x2A,0x00,0x0B,                           /* [ 3952] OBJ_setct_CapTokenSeq */
+    0x67,0x2A,0x00,0x0C,                           /* [ 3956] OBJ_setct_PInitResData */
+    0x67,0x2A,0x00,0x0D,                           /* [ 3960] OBJ_setct_PI_TBS */
+    0x67,0x2A,0x00,0x0E,                           /* [ 3964] OBJ_setct_PResData */
+    0x67,0x2A,0x00,0x10,                           /* [ 3968] OBJ_setct_AuthReqTBS */
+    0x67,0x2A,0x00,0x11,                           /* [ 3972] OBJ_setct_AuthResTBS */
+    0x67,0x2A,0x00,0x12,                           /* [ 3976] OBJ_setct_AuthResTBSX */
+    0x67,0x2A,0x00,0x13,                           /* [ 3980] OBJ_setct_AuthTokenTBS */
+    0x67,0x2A,0x00,0x14,                           /* [ 3984] OBJ_setct_CapTokenData */
+    0x67,0x2A,0x00,0x15,                           /* [ 3988] OBJ_setct_CapTokenTBS */
+    0x67,0x2A,0x00,0x16,                           /* [ 3992] OBJ_setct_AcqCardCodeMsg */
+    0x67,0x2A,0x00,0x17,                           /* [ 3996] OBJ_setct_AuthRevReqTBS */
+    0x67,0x2A,0x00,0x18,                           /* [ 4000] OBJ_setct_AuthRevResData */
+    0x67,0x2A,0x00,0x19,                           /* [ 4004] OBJ_setct_AuthRevResTBS */
+    0x67,0x2A,0x00,0x1A,                           /* [ 4008] OBJ_setct_CapReqTBS */
+    0x67,0x2A,0x00,0x1B,                           /* [ 4012] OBJ_setct_CapReqTBSX */
+    0x67,0x2A,0x00,0x1C,                           /* [ 4016] OBJ_setct_CapResData */
+    0x67,0x2A,0x00,0x1D,                           /* [ 4020] OBJ_setct_CapRevReqTBS */
+    0x67,0x2A,0x00,0x1E,                           /* [ 4024] OBJ_setct_CapRevReqTBSX */
+    0x67,0x2A,0x00,0x1F,                           /* [ 4028] OBJ_setct_CapRevResData */
+    0x67,0x2A,0x00,0x20,                           /* [ 4032] OBJ_setct_CredReqTBS */
+    0x67,0x2A,0x00,0x21,                           /* [ 4036] OBJ_setct_CredReqTBSX */
+    0x67,0x2A,0x00,0x22,                           /* [ 4040] OBJ_setct_CredResData */
+    0x67,0x2A,0x00,0x23,                           /* [ 4044] OBJ_setct_CredRevReqTBS */
+    0x67,0x2A,0x00,0x24,                           /* [ 4048] OBJ_setct_CredRevReqTBSX */
+    0x67,0x2A,0x00,0x25,                           /* [ 4052] OBJ_setct_CredRevResData */
+    0x67,0x2A,0x00,0x26,                           /* [ 4056] OBJ_setct_PCertReqData */
+    0x67,0x2A,0x00,0x27,                           /* [ 4060] OBJ_setct_PCertResTBS */
+    0x67,0x2A,0x00,0x28,                           /* [ 4064] OBJ_setct_BatchAdminReqData */
+    0x67,0x2A,0x00,0x29,                           /* [ 4068] OBJ_setct_BatchAdminResData */
+    0x67,0x2A,0x00,0x2A,                           /* [ 4072] OBJ_setct_CardCInitResTBS */
+    0x67,0x2A,0x00,0x2B,                           /* [ 4076] OBJ_setct_MeAqCInitResTBS */
+    0x67,0x2A,0x00,0x2C,                           /* [ 4080] OBJ_setct_RegFormResTBS */
+    0x67,0x2A,0x00,0x2D,                           /* [ 4084] OBJ_setct_CertReqData */
+    0x67,0x2A,0x00,0x2E,                           /* [ 4088] OBJ_setct_CertReqTBS */
+    0x67,0x2A,0x00,0x2F,                           /* [ 4092] OBJ_setct_CertResData */
+    0x67,0x2A,0x00,0x30,                           /* [ 4096] OBJ_setct_CertInqReqTBS */
+    0x67,0x2A,0x00,0x31,                           /* [ 4100] OBJ_setct_ErrorTBS */
+    0x67,0x2A,0x00,0x32,                           /* [ 4104] OBJ_setct_PIDualSignedTBE */
+    0x67,0x2A,0x00,0x33,                           /* [ 4108] OBJ_setct_PIUnsignedTBE */
+    0x67,0x2A,0x00,0x34,                           /* [ 4112] OBJ_setct_AuthReqTBE */
+    0x67,0x2A,0x00,0x35,                           /* [ 4116] OBJ_setct_AuthResTBE */
+    0x67,0x2A,0x00,0x36,                           /* [ 4120] OBJ_setct_AuthResTBEX */
+    0x67,0x2A,0x00,0x37,                           /* [ 4124] OBJ_setct_AuthTokenTBE */
+    0x67,0x2A,0x00,0x38,                           /* [ 4128] OBJ_setct_CapTokenTBE */
+    0x67,0x2A,0x00,0x39,                           /* [ 4132] OBJ_setct_CapTokenTBEX */
+    0x67,0x2A,0x00,0x3A,                           /* [ 4136] OBJ_setct_AcqCardCodeMsgTBE */
+    0x67,0x2A,0x00,0x3B,                           /* [ 4140] OBJ_setct_AuthRevReqTBE */
+    0x67,0x2A,0x00,0x3C,                           /* [ 4144] OBJ_setct_AuthRevResTBE */
+    0x67,0x2A,0x00,0x3D,                           /* [ 4148] OBJ_setct_AuthRevResTBEB */
+    0x67,0x2A,0x00,0x3E,                           /* [ 4152] OBJ_setct_CapReqTBE */
+    0x67,0x2A,0x00,0x3F,                           /* [ 4156] OBJ_setct_CapReqTBEX */
+    0x67,0x2A,0x00,0x40,                           /* [ 4160] OBJ_setct_CapResTBE */
+    0x67,0x2A,0x00,0x41,                           /* [ 4164] OBJ_setct_CapRevReqTBE */
+    0x67,0x2A,0x00,0x42,                           /* [ 4168] OBJ_setct_CapRevReqTBEX */
+    0x67,0x2A,0x00,0x43,                           /* [ 4172] OBJ_setct_CapRevResTBE */
+    0x67,0x2A,0x00,0x44,                           /* [ 4176] OBJ_setct_CredReqTBE */
+    0x67,0x2A,0x00,0x45,                           /* [ 4180] OBJ_setct_CredReqTBEX */
+    0x67,0x2A,0x00,0x46,                           /* [ 4184] OBJ_setct_CredResTBE */
+    0x67,0x2A,0x00,0x47,                           /* [ 4188] OBJ_setct_CredRevReqTBE */
+    0x67,0x2A,0x00,0x48,                           /* [ 4192] OBJ_setct_CredRevReqTBEX */
+    0x67,0x2A,0x00,0x49,                           /* [ 4196] OBJ_setct_CredRevResTBE */
+    0x67,0x2A,0x00,0x4A,                           /* [ 4200] OBJ_setct_BatchAdminReqTBE */
+    0x67,0x2A,0x00,0x4B,                           /* [ 4204] OBJ_setct_BatchAdminResTBE */
+    0x67,0x2A,0x00,0x4C,                           /* [ 4208] OBJ_setct_RegFormReqTBE */
+    0x67,0x2A,0x00,0x4D,                           /* [ 4212] OBJ_setct_CertReqTBE */
+    0x67,0x2A,0x00,0x4E,                           /* [ 4216] OBJ_setct_CertReqTBEX */
+    0x67,0x2A,0x00,0x4F,                           /* [ 4220] OBJ_setct_CertResTBE */
+    0x67,0x2A,0x00,0x50,                           /* [ 4224] OBJ_setct_CRLNotificationTBS */
+    0x67,0x2A,0x00,0x51,                           /* [ 4228] OBJ_setct_CRLNotificationResTBS */
+    0x67,0x2A,0x00,0x52,                           /* [ 4232] OBJ_setct_BCIDistributionTBS */
+    0x67,0x2A,0x01,0x01,                           /* [ 4236] OBJ_setext_genCrypt */
+    0x67,0x2A,0x01,0x03,                           /* [ 4240] OBJ_setext_miAuth */
+    0x67,0x2A,0x01,0x04,                           /* [ 4244] OBJ_setext_pinSecure */
+    0x67,0x2A,0x01,0x05,                           /* [ 4248] OBJ_setext_pinAny */
+    0x67,0x2A,0x01,0x07,                           /* [ 4252] OBJ_setext_track2 */
+    0x67,0x2A,0x01,0x08,                           /* [ 4256] OBJ_setext_cv */
+    0x67,0x2A,0x05,0x00,                           /* [ 4260] OBJ_set_policy_root */
+    0x67,0x2A,0x07,0x00,                           /* [ 4264] OBJ_setCext_hashedRoot */
+    0x67,0x2A,0x07,0x01,                           /* [ 4268] OBJ_setCext_certType */
+    0x67,0x2A,0x07,0x02,                           /* [ 4272] OBJ_setCext_merchData */
+    0x67,0x2A,0x07,0x03,                           /* [ 4276] OBJ_setCext_cCertRequired */
+    0x67,0x2A,0x07,0x04,                           /* [ 4280] OBJ_setCext_tunneling */
+    0x67,0x2A,0x07,0x05,                           /* [ 4284] OBJ_setCext_setExt */
+    0x67,0x2A,0x07,0x06,                           /* [ 4288] OBJ_setCext_setQualf */
+    0x67,0x2A,0x07,0x07,                           /* [ 4292] OBJ_setCext_PGWYcapabilities */
+    0x67,0x2A,0x07,0x08,                           /* [ 4296] OBJ_setCext_TokenIdentifier */
+    0x67,0x2A,0x07,0x09,                           /* [ 4300] OBJ_setCext_Track2Data */
+    0x67,0x2A,0x07,0x0A,                           /* [ 4304] OBJ_setCext_TokenType */
+    0x67,0x2A,0x07,0x0B,                           /* [ 4308] OBJ_setCext_IssuerCapabilities */
+    0x67,0x2A,0x03,0x00,                           /* [ 4312] OBJ_setAttr_Cert */
+    0x67,0x2A,0x03,0x01,                           /* [ 4316] OBJ_setAttr_PGWYcap */
+    0x67,0x2A,0x03,0x02,                           /* [ 4320] OBJ_setAttr_TokenType */
+    0x67,0x2A,0x03,0x03,                           /* [ 4324] OBJ_setAttr_IssCap */
+    0x67,0x2A,0x03,0x00,0x00,                      /* [ 4328] OBJ_set_rootKeyThumb */
+    0x67,0x2A,0x03,0x00,0x01,                      /* [ 4333] OBJ_set_addPolicy */
+    0x67,0x2A,0x03,0x02,0x01,                      /* [ 4338] OBJ_setAttr_Token_EMV */
+    0x67,0x2A,0x03,0x02,0x02,                      /* [ 4343] OBJ_setAttr_Token_B0Prime */
+    0x67,0x2A,0x03,0x03,0x03,                      /* [ 4348] OBJ_setAttr_IssCap_CVM */
+    0x67,0x2A,0x03,0x03,0x04,                      /* [ 4353] OBJ_setAttr_IssCap_T2 */
+    0x67,0x2A,0x03,0x03,0x05,                      /* [ 4358] OBJ_setAttr_IssCap_Sig */
+    0x67,0x2A,0x03,0x03,0x03,0x01,                 /* [ 4363] OBJ_setAttr_GenCryptgrm */
+    0x67,0x2A,0x03,0x03,0x04,0x01,                 /* [ 4369] OBJ_setAttr_T2Enc */
+    0x67,0x2A,0x03,0x03,0x04,0x02,                 /* [ 4375] OBJ_setAttr_T2cleartxt */
+    0x67,0x2A,0x03,0x03,0x05,0x01,                 /* [ 4381] OBJ_setAttr_TokICCsig */
+    0x67,0x2A,0x03,0x03,0x05,0x02,                 /* [ 4387] OBJ_setAttr_SecDevSig */
+    0x67,0x2A,0x08,0x01,                           /* [ 4393] OBJ_set_brand_IATA_ATA */
+    0x67,0x2A,0x08,0x1E,                           /* [ 4397] OBJ_set_brand_Diners */
+    0x67,0x2A,0x08,0x22,                           /* [ 4401] OBJ_set_brand_AmericanExpress */
+    0x67,0x2A,0x08,0x23,                           /* [ 4405] OBJ_set_brand_JCB */
+    0x67,0x2A,0x08,0x04,                           /* [ 4409] OBJ_set_brand_Visa */
+    0x67,0x2A,0x08,0x05,                           /* [ 4413] OBJ_set_brand_MasterCard */
+    0x67,0x2A,0x08,0xAE,0x7B,                      /* [ 4417] OBJ_set_brand_Novus */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x0A,       /* [ 4422] OBJ_des_cdmf */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x06,  /* [ 4430] OBJ_rsaOAEPEncryptionSET */
+    0x67,                                          /* [ 4439] OBJ_international_organizations */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02,  /* [ 4440] OBJ_ms_smartcard_login */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03,  /* [ 4450] OBJ_ms_upn */
+    0x55,0x04,0x09,                                /* [ 4460] OBJ_streetAddress */
+    0x55,0x04,0x11,                                /* [ 4463] OBJ_postalCode */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x15,            /* [ 4466] OBJ_id_ppl */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0E,       /* [ 4473] OBJ_proxyCertInfo */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x00,       /* [ 4481] OBJ_id_ppl_anyLanguage */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x01,       /* [ 4489] OBJ_id_ppl_inheritAll */
+    0x55,0x1D,0x1E,                                /* [ 4497] OBJ_name_constraints */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x02,       /* [ 4500] OBJ_Independent */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,  /* [ 4508] OBJ_sha256WithRSAEncryption */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0C,  /* [ 4517] OBJ_sha384WithRSAEncryption */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0D,  /* [ 4526] OBJ_sha512WithRSAEncryption */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0E,  /* [ 4535] OBJ_sha224WithRSAEncryption */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,  /* [ 4544] OBJ_sha256 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,  /* [ 4553] OBJ_sha384 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,  /* [ 4562] OBJ_sha512 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x04,  /* [ 4571] OBJ_sha224 */
+    0x2B,                                          /* [ 4580] OBJ_identified_organization */
+    0x2B,0x81,0x04,                                /* [ 4581] OBJ_certicom_arc */
+    0x67,0x2B,                                     /* [ 4584] OBJ_wap */
+    0x67,0x2B,0x01,                                /* [ 4586] OBJ_wap_wsg */
+    0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,       /* [ 4589] OBJ_X9_62_id_characteristic_two_basis */
+    0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x01,  /* [ 4597] OBJ_X9_62_onBasis */
+    0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x02,  /* [ 4606] OBJ_X9_62_tpBasis */
+    0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x03,  /* [ 4615] OBJ_X9_62_ppBasis */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x01,       /* [ 4624] OBJ_X9_62_c2pnb163v1 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x02,       /* [ 4632] OBJ_X9_62_c2pnb163v2 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x03,       /* [ 4640] OBJ_X9_62_c2pnb163v3 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x04,       /* [ 4648] OBJ_X9_62_c2pnb176v1 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x05,       /* [ 4656] OBJ_X9_62_c2tnb191v1 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x06,       /* [ 4664] OBJ_X9_62_c2tnb191v2 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x07,       /* [ 4672] OBJ_X9_62_c2tnb191v3 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x08,       /* [ 4680] OBJ_X9_62_c2onb191v4 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x09,       /* [ 4688] OBJ_X9_62_c2onb191v5 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0A,       /* [ 4696] OBJ_X9_62_c2pnb208w1 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0B,       /* [ 4704] OBJ_X9_62_c2tnb239v1 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0C,       /* [ 4712] OBJ_X9_62_c2tnb239v2 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0D,       /* [ 4720] OBJ_X9_62_c2tnb239v3 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0E,       /* [ 4728] OBJ_X9_62_c2onb239v4 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0F,       /* [ 4736] OBJ_X9_62_c2onb239v5 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x10,       /* [ 4744] OBJ_X9_62_c2pnb272w1 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x11,       /* [ 4752] OBJ_X9_62_c2pnb304w1 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x12,       /* [ 4760] OBJ_X9_62_c2tnb359v1 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x13,       /* [ 4768] OBJ_X9_62_c2pnb368w1 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x14,       /* [ 4776] OBJ_X9_62_c2tnb431r1 */
+    0x2B,0x81,0x04,0x00,0x06,                      /* [ 4784] OBJ_secp112r1 */
+    0x2B,0x81,0x04,0x00,0x07,                      /* [ 4789] OBJ_secp112r2 */
+    0x2B,0x81,0x04,0x00,0x1C,                      /* [ 4794] OBJ_secp128r1 */
+    0x2B,0x81,0x04,0x00,0x1D,                      /* [ 4799] OBJ_secp128r2 */
+    0x2B,0x81,0x04,0x00,0x09,                      /* [ 4804] OBJ_secp160k1 */
+    0x2B,0x81,0x04,0x00,0x08,                      /* [ 4809] OBJ_secp160r1 */
+    0x2B,0x81,0x04,0x00,0x1E,                      /* [ 4814] OBJ_secp160r2 */
+    0x2B,0x81,0x04,0x00,0x1F,                      /* [ 4819] OBJ_secp192k1 */
+    0x2B,0x81,0x04,0x00,0x20,                      /* [ 4824] OBJ_secp224k1 */
+    0x2B,0x81,0x04,0x00,0x21,                      /* [ 4829] OBJ_secp224r1 */
+    0x2B,0x81,0x04,0x00,0x0A,                      /* [ 4834] OBJ_secp256k1 */
+    0x2B,0x81,0x04,0x00,0x22,                      /* [ 4839] OBJ_secp384r1 */
+    0x2B,0x81,0x04,0x00,0x23,                      /* [ 4844] OBJ_secp521r1 */
+    0x2B,0x81,0x04,0x00,0x04,                      /* [ 4849] OBJ_sect113r1 */
+    0x2B,0x81,0x04,0x00,0x05,                      /* [ 4854] OBJ_sect113r2 */
+    0x2B,0x81,0x04,0x00,0x16,                      /* [ 4859] OBJ_sect131r1 */
+    0x2B,0x81,0x04,0x00,0x17,                      /* [ 4864] OBJ_sect131r2 */
+    0x2B,0x81,0x04,0x00,0x01,                      /* [ 4869] OBJ_sect163k1 */
+    0x2B,0x81,0x04,0x00,0x02,                      /* [ 4874] OBJ_sect163r1 */
+    0x2B,0x81,0x04,0x00,0x0F,                      /* [ 4879] OBJ_sect163r2 */
+    0x2B,0x81,0x04,0x00,0x18,                      /* [ 4884] OBJ_sect193r1 */
+    0x2B,0x81,0x04,0x00,0x19,                      /* [ 4889] OBJ_sect193r2 */
+    0x2B,0x81,0x04,0x00,0x1A,                      /* [ 4894] OBJ_sect233k1 */
+    0x2B,0x81,0x04,0x00,0x1B,                      /* [ 4899] OBJ_sect233r1 */
+    0x2B,0x81,0x04,0x00,0x03,                      /* [ 4904] OBJ_sect239k1 */
+    0x2B,0x81,0x04,0x00,0x10,                      /* [ 4909] OBJ_sect283k1 */
+    0x2B,0x81,0x04,0x00,0x11,                      /* [ 4914] OBJ_sect283r1 */
+    0x2B,0x81,0x04,0x00,0x24,                      /* [ 4919] OBJ_sect409k1 */
+    0x2B,0x81,0x04,0x00,0x25,                      /* [ 4924] OBJ_sect409r1 */
+    0x2B,0x81,0x04,0x00,0x26,                      /* [ 4929] OBJ_sect571k1 */
+    0x2B,0x81,0x04,0x00,0x27,                      /* [ 4934] OBJ_sect571r1 */
+    0x67,0x2B,0x01,0x04,0x01,                      /* [ 4939] OBJ_wap_wsg_idm_ecid_wtls1 */
+    0x67,0x2B,0x01,0x04,0x03,                      /* [ 4944] OBJ_wap_wsg_idm_ecid_wtls3 */
+    0x67,0x2B,0x01,0x04,0x04,                      /* [ 4949] OBJ_wap_wsg_idm_ecid_wtls4 */
+    0x67,0x2B,0x01,0x04,0x05,                      /* [ 4954] OBJ_wap_wsg_idm_ecid_wtls5 */
+    0x67,0x2B,0x01,0x04,0x06,                      /* [ 4959] OBJ_wap_wsg_idm_ecid_wtls6 */
+    0x67,0x2B,0x01,0x04,0x07,                      /* [ 4964] OBJ_wap_wsg_idm_ecid_wtls7 */
+    0x67,0x2B,0x01,0x04,0x08,                      /* [ 4969] OBJ_wap_wsg_idm_ecid_wtls8 */
+    0x67,0x2B,0x01,0x04,0x09,                      /* [ 4974] OBJ_wap_wsg_idm_ecid_wtls9 */
+    0x67,0x2B,0x01,0x04,0x0A,                      /* [ 4979] OBJ_wap_wsg_idm_ecid_wtls10 */
+    0x67,0x2B,0x01,0x04,0x0B,                      /* [ 4984] OBJ_wap_wsg_idm_ecid_wtls11 */
+    0x67,0x2B,0x01,0x04,0x0C,                      /* [ 4989] OBJ_wap_wsg_idm_ecid_wtls12 */
+    0x55,0x1D,0x20,0x00,                           /* [ 4994] OBJ_any_policy */
+    0x55,0x1D,0x21,                                /* [ 4998] OBJ_policy_mappings */
+    0x55,0x1D,0x36,                                /* [ 5001] OBJ_inhibit_any_policy */
+    0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x02,  /* [ 5004] OBJ_camellia_128_cbc */
+    0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x03,  /* [ 5015] OBJ_camellia_192_cbc */
+    0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x04,  /* [ 5026] OBJ_camellia_256_cbc */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x01,       /* [ 5037] OBJ_camellia_128_ecb */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x15,       /* [ 5045] OBJ_camellia_192_ecb */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x29,       /* [ 5053] OBJ_camellia_256_ecb */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x04,       /* [ 5061] OBJ_camellia_128_cfb128 */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x18,       /* [ 5069] OBJ_camellia_192_cfb128 */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2C,       /* [ 5077] OBJ_camellia_256_cfb128 */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x03,       /* [ 5085] OBJ_camellia_128_ofb128 */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x17,       /* [ 5093] OBJ_camellia_192_ofb128 */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2B,       /* [ 5101] OBJ_camellia_256_ofb128 */
+    0x55,0x1D,0x09,                                /* [ 5109] OBJ_subject_directory_attributes */
+    0x55,0x1D,0x1C,                                /* [ 5112] OBJ_issuing_distribution_point */
+    0x55,0x1D,0x1D,                                /* [ 5115] OBJ_certificate_issuer */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x44,                 /* [ 5118] OBJ_kisa */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x03,       /* [ 5124] OBJ_seed_ecb */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x04,       /* [ 5132] OBJ_seed_cbc */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x06,       /* [ 5140] OBJ_seed_ofb128 */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x05,       /* [ 5148] OBJ_seed_cfb128 */
+    0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x01,       /* [ 5156] OBJ_hmac_md5 */
+    0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x02,       /* [ 5164] OBJ_hmac_sha1 */
+    0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0D,  /* [ 5172] OBJ_id_PasswordBasedMAC */
+    0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x1E,  /* [ 5181] OBJ_id_DHBasedMac */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x10,       /* [ 5190] OBJ_id_it_suppLangTags */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x05,       /* [ 5198] OBJ_caRepository */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x09,  /* [ 5206] OBJ_id_smime_ct_compressedData */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x1B,  /* [ 5217] OBJ_id_ct_asciiTextWithCRLF */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x05,  /* [ 5228] OBJ_id_aes128_wrap */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x19,  /* [ 5237] OBJ_id_aes192_wrap */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2D,  /* [ 5246] OBJ_id_aes256_wrap */
+    0x2A,0x86,0x48,0xCE,0x3D,0x04,0x02,            /* [ 5255] OBJ_ecdsa_with_Recommended */
+    0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,            /* [ 5262] OBJ_ecdsa_with_Specified */
+    0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x01,       /* [ 5269] OBJ_ecdsa_with_SHA224 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x02,       /* [ 5277] OBJ_ecdsa_with_SHA256 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x03,       /* [ 5285] OBJ_ecdsa_with_SHA384 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x04,       /* [ 5293] OBJ_ecdsa_with_SHA512 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x06,       /* [ 5301] OBJ_hmacWithMD5 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x08,       /* [ 5309] OBJ_hmacWithSHA224 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x09,       /* [ 5317] OBJ_hmacWithSHA256 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0A,       /* [ 5325] OBJ_hmacWithSHA384 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0B,       /* [ 5333] OBJ_hmacWithSHA512 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x01,  /* [ 5341] OBJ_dsa_with_SHA224 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x02,  /* [ 5350] OBJ_dsa_with_SHA256 */
+    0x28,0xCF,0x06,0x03,0x00,0x37,                 /* [ 5359] OBJ_whirlpool */
+    0x2A,0x85,0x03,0x02,0x02,                      /* [ 5365] OBJ_cryptopro */
+    0x2A,0x85,0x03,0x02,0x09,                      /* [ 5370] OBJ_cryptocom */
+    0x2A,0x85,0x03,0x02,0x02,0x03,                 /* [ 5375] OBJ_id_GostR3411_94_with_GostR3410_2001 */
+    0x2A,0x85,0x03,0x02,0x02,0x04,                 /* [ 5381] OBJ_id_GostR3411_94_with_GostR3410_94 */
+    0x2A,0x85,0x03,0x02,0x02,0x09,                 /* [ 5387] OBJ_id_GostR3411_94 */
+    0x2A,0x85,0x03,0x02,0x02,0x0A,                 /* [ 5393] OBJ_id_HMACGostR3411_94 */
+    0x2A,0x85,0x03,0x02,0x02,0x13,                 /* [ 5399] OBJ_id_GostR3410_2001 */
+    0x2A,0x85,0x03,0x02,0x02,0x14,                 /* [ 5405] OBJ_id_GostR3410_94 */
+    0x2A,0x85,0x03,0x02,0x02,0x15,                 /* [ 5411] OBJ_id_Gost28147_89 */
+    0x2A,0x85,0x03,0x02,0x02,0x16,                 /* [ 5417] OBJ_id_Gost28147_89_MAC */
+    0x2A,0x85,0x03,0x02,0x02,0x17,                 /* [ 5423] OBJ_id_GostR3411_94_prf */
+    0x2A,0x85,0x03,0x02,0x02,0x62,                 /* [ 5429] OBJ_id_GostR3410_2001DH */
+    0x2A,0x85,0x03,0x02,0x02,0x63,                 /* [ 5435] OBJ_id_GostR3410_94DH */
+    0x2A,0x85,0x03,0x02,0x02,0x0E,0x01,            /* [ 5441] OBJ_id_Gost28147_89_CryptoPro_KeyMeshing */
+    0x2A,0x85,0x03,0x02,0x02,0x0E,0x00,            /* [ 5448] OBJ_id_Gost28147_89_None_KeyMeshing */
+    0x2A,0x85,0x03,0x02,0x02,0x1E,0x00,            /* [ 5455] OBJ_id_GostR3411_94_TestParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x1E,0x01,            /* [ 5462] OBJ_id_GostR3411_94_CryptoProParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x1F,0x00,            /* [ 5469] OBJ_id_Gost28147_89_TestParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x1F,0x01,            /* [ 5476] OBJ_id_Gost28147_89_CryptoPro_A_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x1F,0x02,            /* [ 5483] OBJ_id_Gost28147_89_CryptoPro_B_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x1F,0x03,            /* [ 5490] OBJ_id_Gost28147_89_CryptoPro_C_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x1F,0x04,            /* [ 5497] OBJ_id_Gost28147_89_CryptoPro_D_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x1F,0x05,            /* [ 5504] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x1F,0x06,            /* [ 5511] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x1F,0x07,            /* [ 5518] OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x20,0x00,            /* [ 5525] OBJ_id_GostR3410_94_TestParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x20,0x02,            /* [ 5532] OBJ_id_GostR3410_94_CryptoPro_A_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x20,0x03,            /* [ 5539] OBJ_id_GostR3410_94_CryptoPro_B_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x20,0x04,            /* [ 5546] OBJ_id_GostR3410_94_CryptoPro_C_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x20,0x05,            /* [ 5553] OBJ_id_GostR3410_94_CryptoPro_D_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x21,0x01,            /* [ 5560] OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x21,0x02,            /* [ 5567] OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x21,0x03,            /* [ 5574] OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x23,0x00,            /* [ 5581] OBJ_id_GostR3410_2001_TestParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x23,0x01,            /* [ 5588] OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x23,0x02,            /* [ 5595] OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x23,0x03,            /* [ 5602] OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x24,0x00,            /* [ 5609] OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x24,0x01,            /* [ 5616] OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x14,0x01,            /* [ 5623] OBJ_id_GostR3410_94_a */
+    0x2A,0x85,0x03,0x02,0x02,0x14,0x02,            /* [ 5630] OBJ_id_GostR3410_94_aBis */
+    0x2A,0x85,0x03,0x02,0x02,0x14,0x03,            /* [ 5637] OBJ_id_GostR3410_94_b */
+    0x2A,0x85,0x03,0x02,0x02,0x14,0x04,            /* [ 5644] OBJ_id_GostR3410_94_bBis */
+    0x2A,0x85,0x03,0x02,0x09,0x01,0x06,0x01,       /* [ 5651] OBJ_id_Gost28147_89_cc */
+    0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x03,       /* [ 5659] OBJ_id_GostR3410_94_cc */
+    0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x04,       /* [ 5667] OBJ_id_GostR3410_2001_cc */
+    0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x03,       /* [ 5675] OBJ_id_GostR3411_94_with_GostR3410_94_cc */
+    0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x04,       /* [ 5683] OBJ_id_GostR3411_94_with_GostR3410_2001_cc */
+    0x2A,0x85,0x03,0x02,0x09,0x01,0x08,0x01,       /* [ 5691] OBJ_id_GostR3410_2001_ParamSet_cc */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x02,  /* [ 5699] OBJ_LocalKeySet */
+    0x55,0x1D,0x2E,                                /* [ 5708] OBJ_freshest_crl */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x03,       /* [ 5711] OBJ_id_on_permanentIdentifier */
+    0x55,0x04,0x0E,                                /* [ 5719] OBJ_searchGuide */
+    0x55,0x04,0x0F,                                /* [ 5722] OBJ_businessCategory */
+    0x55,0x04,0x10,                                /* [ 5725] OBJ_postalAddress */
+    0x55,0x04,0x12,                                /* [ 5728] OBJ_postOfficeBox */
+    0x55,0x04,0x13,                                /* [ 5731] OBJ_physicalDeliveryOfficeName */
+    0x55,0x04,0x14,                                /* [ 5734] OBJ_telephoneNumber */
+    0x55,0x04,0x15,                                /* [ 5737] OBJ_telexNumber */
+    0x55,0x04,0x16,                                /* [ 5740] OBJ_teletexTerminalIdentifier */
+    0x55,0x04,0x17,                                /* [ 5743] OBJ_facsimileTelephoneNumber */
+    0x55,0x04,0x18,                                /* [ 5746] OBJ_x121Address */
+    0x55,0x04,0x19,                                /* [ 5749] OBJ_internationaliSDNNumber */
+    0x55,0x04,0x1A,                                /* [ 5752] OBJ_registeredAddress */
+    0x55,0x04,0x1B,                                /* [ 5755] OBJ_destinationIndicator */
+    0x55,0x04,0x1C,                                /* [ 5758] OBJ_preferredDeliveryMethod */
+    0x55,0x04,0x1D,                                /* [ 5761] OBJ_presentationAddress */
+    0x55,0x04,0x1E,                                /* [ 5764] OBJ_supportedApplicationContext */
+    0x55,0x04,0x1F,                                /* [ 5767] OBJ_member */
+    0x55,0x04,0x20,                                /* [ 5770] OBJ_owner */
+    0x55,0x04,0x21,                                /* [ 5773] OBJ_roleOccupant */
+    0x55,0x04,0x22,                                /* [ 5776] OBJ_seeAlso */
+    0x55,0x04,0x23,                                /* [ 5779] OBJ_userPassword */
+    0x55,0x04,0x24,                                /* [ 5782] OBJ_userCertificate */
+    0x55,0x04,0x25,                                /* [ 5785] OBJ_cACertificate */
+    0x55,0x04,0x26,                                /* [ 5788] OBJ_authorityRevocationList */
+    0x55,0x04,0x27,                                /* [ 5791] OBJ_certificateRevocationList */
+    0x55,0x04,0x28,                                /* [ 5794] OBJ_crossCertificatePair */
+    0x55,0x04,0x2F,                                /* [ 5797] OBJ_enhancedSearchGuide */
+    0x55,0x04,0x30,                                /* [ 5800] OBJ_protocolInformation */
+    0x55,0x04,0x31,                                /* [ 5803] OBJ_distinguishedName */
+    0x55,0x04,0x32,                                /* [ 5806] OBJ_uniqueMember */
+    0x55,0x04,0x33,                                /* [ 5809] OBJ_houseIdentifier */
+    0x55,0x04,0x34,                                /* [ 5812] OBJ_supportedAlgorithms */
+    0x55,0x04,0x35,                                /* [ 5815] OBJ_deltaRevocationList */
+    0x55,0x04,0x36,                                /* [ 5818] OBJ_dmdName */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x09,  /* [ 5821] OBJ_id_alg_PWRI_KEK */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x06,  /* [ 5832] OBJ_aes_128_gcm */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x07,  /* [ 5841] OBJ_aes_128_ccm */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x08,  /* [ 5850] OBJ_id_aes128_wrap_pad */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1A,  /* [ 5859] OBJ_aes_192_gcm */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1B,  /* [ 5868] OBJ_aes_192_ccm */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1C,  /* [ 5877] OBJ_id_aes192_wrap_pad */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2E,  /* [ 5886] OBJ_aes_256_gcm */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2F,  /* [ 5895] OBJ_aes_256_ccm */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x30,  /* [ 5904] OBJ_id_aes256_wrap_pad */
+    0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x02,  /* [ 5913] OBJ_id_camellia128_wrap */
+    0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x03,  /* [ 5924] OBJ_id_camellia192_wrap */
+    0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x04,  /* [ 5935] OBJ_id_camellia256_wrap */
+    0x55,0x1D,0x25,0x00,                           /* [ 5946] OBJ_anyExtendedKeyUsage */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x08,  /* [ 5950] OBJ_mgf1 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0A,  /* [ 5959] OBJ_rsassaPss */
+    0x2B,0x6F,0x02,0x8C,0x53,0x00,0x01,0x01,       /* [ 5968] OBJ_aes_128_xts */
+    0x2B,0x6F,0x02,0x8C,0x53,0x00,0x01,0x02,       /* [ 5976] OBJ_aes_256_xts */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x07,  /* [ 5984] OBJ_rsaesOaep */
+    0x2A,0x86,0x48,0xCE,0x3E,0x02,0x01,            /* [ 5993] OBJ_dhpublicnumber */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x01,  /* [ 6000] OBJ_brainpoolP160r1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x02,  /* [ 6009] OBJ_brainpoolP160t1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x03,  /* [ 6018] OBJ_brainpoolP192r1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x04,  /* [ 6027] OBJ_brainpoolP192t1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x05,  /* [ 6036] OBJ_brainpoolP224r1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x06,  /* [ 6045] OBJ_brainpoolP224t1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07,  /* [ 6054] OBJ_brainpoolP256r1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x08,  /* [ 6063] OBJ_brainpoolP256t1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x09,  /* [ 6072] OBJ_brainpoolP320r1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0A,  /* [ 6081] OBJ_brainpoolP320t1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0B,  /* [ 6090] OBJ_brainpoolP384r1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0C,  /* [ 6099] OBJ_brainpoolP384t1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0D,  /* [ 6108] OBJ_brainpoolP512r1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0E,  /* [ 6117] OBJ_brainpoolP512t1 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x09,  /* [ 6126] OBJ_pSpecified */
+    0x2B,0x81,0x05,0x10,0x86,0x48,0x3F,0x00,0x02,  /* [ 6135] OBJ_dhSinglePass_stdDH_sha1kdf_scheme */
+    0x2B,0x81,0x04,0x01,0x0B,0x00,                 /* [ 6144] OBJ_dhSinglePass_stdDH_sha224kdf_scheme */
+    0x2B,0x81,0x04,0x01,0x0B,0x01,                 /* [ 6150] OBJ_dhSinglePass_stdDH_sha256kdf_scheme */
+    0x2B,0x81,0x04,0x01,0x0B,0x02,                 /* [ 6156] OBJ_dhSinglePass_stdDH_sha384kdf_scheme */
+    0x2B,0x81,0x04,0x01,0x0B,0x03,                 /* [ 6162] OBJ_dhSinglePass_stdDH_sha512kdf_scheme */
+    0x2B,0x81,0x05,0x10,0x86,0x48,0x3F,0x00,0x03,  /* [ 6168] OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme */
+    0x2B,0x81,0x04,0x01,0x0E,0x00,                 /* [ 6177] OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme */
+    0x2B,0x81,0x04,0x01,0x0E,0x01,                 /* [ 6183] OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme */
+    0x2B,0x81,0x04,0x01,0x0E,0x02,                 /* [ 6189] OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme */
+    0x2B,0x81,0x04,0x01,0x0E,0x03,                 /* [ 6195] OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme */
+    0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x02,  /* [ 6201] OBJ_ct_precert_scts */
+    0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x03,  /* [ 6211] OBJ_ct_precert_poison */
+    0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x04,  /* [ 6221] OBJ_ct_precert_signer */
+    0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x05,  /* [ 6231] OBJ_ct_cert_scts */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x01,  /* [ 6241] OBJ_jurisdictionLocalityName */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x02,  /* [ 6252] OBJ_jurisdictionStateOrProvinceName */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x03,  /* [ 6263] OBJ_jurisdictionCountryName */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x06,       /* [ 6274] OBJ_camellia_128_gcm */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x07,       /* [ 6282] OBJ_camellia_128_ccm */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x09,       /* [ 6290] OBJ_camellia_128_ctr */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x0A,       /* [ 6298] OBJ_camellia_128_cmac */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1A,       /* [ 6306] OBJ_camellia_192_gcm */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1B,       /* [ 6314] OBJ_camellia_192_ccm */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1D,       /* [ 6322] OBJ_camellia_192_ctr */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1E,       /* [ 6330] OBJ_camellia_192_cmac */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2E,       /* [ 6338] OBJ_camellia_256_gcm */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2F,       /* [ 6346] OBJ_camellia_256_ccm */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x31,       /* [ 6354] OBJ_camellia_256_ctr */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x32,       /* [ 6362] OBJ_camellia_256_cmac */
+    0x2B,0x06,0x01,0x04,0x01,0xDA,0x47,0x04,0x0B,  /* [ 6370] OBJ_id_scrypt */
+    0x2A,0x85,0x03,0x07,0x01,                      /* [ 6379] OBJ_id_tc26 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,                 /* [ 6384] OBJ_id_tc26_algorithms */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x01,            /* [ 6390] OBJ_id_tc26_sign */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x01,0x01,       /* [ 6397] OBJ_id_GostR3410_2012_256 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x01,0x02,       /* [ 6405] OBJ_id_GostR3410_2012_512 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x02,            /* [ 6413] OBJ_id_tc26_digest */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x02,0x02,       /* [ 6420] OBJ_id_GostR3411_2012_256 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x02,0x03,       /* [ 6428] OBJ_id_GostR3411_2012_512 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x03,            /* [ 6436] OBJ_id_tc26_signwithdigest */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x03,0x02,       /* [ 6443] OBJ_id_tc26_signwithdigest_gost3410_2012_256 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x03,0x03,       /* [ 6451] OBJ_id_tc26_signwithdigest_gost3410_2012_512 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x04,            /* [ 6459] OBJ_id_tc26_mac */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x04,0x01,       /* [ 6466] OBJ_id_tc26_hmac_gost_3411_2012_256 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x04,0x02,       /* [ 6474] OBJ_id_tc26_hmac_gost_3411_2012_512 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x05,            /* [ 6482] OBJ_id_tc26_cipher */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x06,            /* [ 6489] OBJ_id_tc26_agreement */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x06,0x01,       /* [ 6496] OBJ_id_tc26_agreement_gost_3410_2012_256 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x06,0x02,       /* [ 6504] OBJ_id_tc26_agreement_gost_3410_2012_512 */
+    0x2A,0x85,0x03,0x07,0x01,0x02,                 /* [ 6512] OBJ_id_tc26_constants */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,            /* [ 6518] OBJ_id_tc26_sign_constants */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,       /* [ 6525] OBJ_id_tc26_gost_3410_2012_512_constants */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x00,  /* [ 6533] OBJ_id_tc26_gost_3410_2012_512_paramSetTest */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x01,  /* [ 6542] OBJ_id_tc26_gost_3410_2012_512_paramSetA */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x02,  /* [ 6551] OBJ_id_tc26_gost_3410_2012_512_paramSetB */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x02,            /* [ 6560] OBJ_id_tc26_digest_constants */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x05,            /* [ 6567] OBJ_id_tc26_cipher_constants */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x05,0x01,       /* [ 6574] OBJ_id_tc26_gost_28147_constants */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x05,0x01,0x01,  /* [ 6582] OBJ_id_tc26_gost_28147_param_Z */
+    0x2A,0x85,0x03,0x03,0x81,0x03,0x01,0x01,       /* [ 6591] OBJ_INN */
+    0x2A,0x85,0x03,0x64,0x01,                      /* [ 6599] OBJ_OGRN */
+    0x2A,0x85,0x03,0x64,0x03,                      /* [ 6604] OBJ_SNILS */
+    0x2A,0x85,0x03,0x64,0x6F,                      /* [ 6609] OBJ_subjectSignTool */
+    0x2A,0x85,0x03,0x64,0x70,                      /* [ 6614] OBJ_issuerSignTool */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x18,       /* [ 6619] OBJ_tlsfeature */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x11,       /* [ 6627] OBJ_ipsec_IKE */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x12,       /* [ 6635] OBJ_capwapAC */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x13,       /* [ 6643] OBJ_capwapWTP */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x15,       /* [ 6651] OBJ_sshClient */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x16,       /* [ 6659] OBJ_sshServer */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x17,       /* [ 6667] OBJ_sendRouter */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x18,       /* [ 6675] OBJ_sendProxiedRouter */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x19,       /* [ 6683] OBJ_sendOwner */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x1A,       /* [ 6691] OBJ_sendProxiedOwner */
+    0x2B,0x06,0x01,0x05,0x02,0x03,                 /* [ 6699] OBJ_id_pkinit */
+    0x2B,0x06,0x01,0x05,0x02,0x03,0x04,            /* [ 6705] OBJ_pkInitClientAuth */
+    0x2B,0x06,0x01,0x05,0x02,0x03,0x05,            /* [ 6712] OBJ_pkInitKDC */
+    0x2B,0x65,0x6E,                                /* [ 6719] OBJ_X25519 */
+    0x2B,0x65,0x6F,                                /* [ 6722] OBJ_X448 */
+    0x2B,0x06,0x01,0x04,0x01,0x8D,0x3A,0x0C,0x02,0x01,0x10,  /* [ 6725] OBJ_blake2b512 */
+    0x2B,0x06,0x01,0x04,0x01,0x8D,0x3A,0x0C,0x02,0x02,0x08,  /* [ 6736] OBJ_blake2s256 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x13,  /* [ 6747] OBJ_id_smime_ct_contentCollection */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x17,  /* [ 6758] OBJ_id_smime_ct_authEnvelopedData */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x1C,  /* [ 6769] OBJ_id_ct_xml */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x01,  /* [ 6780] OBJ_aria_128_ecb */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x02,  /* [ 6789] OBJ_aria_128_cbc */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x03,  /* [ 6798] OBJ_aria_128_cfb128 */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x04,  /* [ 6807] OBJ_aria_128_ofb128 */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x05,  /* [ 6816] OBJ_aria_128_ctr */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x06,  /* [ 6825] OBJ_aria_192_ecb */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x07,  /* [ 6834] OBJ_aria_192_cbc */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x08,  /* [ 6843] OBJ_aria_192_cfb128 */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x09,  /* [ 6852] OBJ_aria_192_ofb128 */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x0A,  /* [ 6861] OBJ_aria_192_ctr */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x0B,  /* [ 6870] OBJ_aria_256_ecb */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x0C,  /* [ 6879] OBJ_aria_256_cbc */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x0D,  /* [ 6888] OBJ_aria_256_cfb128 */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x0E,  /* [ 6897] OBJ_aria_256_ofb128 */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x0F,  /* [ 6906] OBJ_aria_256_ctr */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x2F,  /* [ 6915] OBJ_id_smime_aa_signingCertificateV2 */
+    0x2B,0x65,0x70,                                /* [ 6926] OBJ_ED25519 */
+    0x2B,0x65,0x71,                                /* [ 6929] OBJ_ED448 */
+    0x55,0x04,0x61,                                /* [ 6932] OBJ_organizationIdentifier */
+    0x55,0x04,0x62,                                /* [ 6935] OBJ_countryCode3c */
+    0x55,0x04,0x63,                                /* [ 6938] OBJ_countryCode3n */
+    0x55,0x04,0x64,                                /* [ 6941] OBJ_dnsName */
+    0x2B,0x24,0x08,0x03,0x03,                      /* [ 6944] OBJ_x509ExtAdmission */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x05,  /* [ 6949] OBJ_sha512_224 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x06,  /* [ 6958] OBJ_sha512_256 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x07,  /* [ 6967] OBJ_sha3_224 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x08,  /* [ 6976] OBJ_sha3_256 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x09,  /* [ 6985] OBJ_sha3_384 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x0A,  /* [ 6994] OBJ_sha3_512 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x0B,  /* [ 7003] OBJ_shake128 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x0C,  /* [ 7012] OBJ_shake256 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x0D,  /* [ 7021] OBJ_hmac_sha3_224 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x0E,  /* [ 7030] OBJ_hmac_sha3_256 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x0F,  /* [ 7039] OBJ_hmac_sha3_384 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x10,  /* [ 7048] OBJ_hmac_sha3_512 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x03,  /* [ 7057] OBJ_dsa_with_SHA384 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x04,  /* [ 7066] OBJ_dsa_with_SHA512 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x05,  /* [ 7075] OBJ_dsa_with_SHA3_224 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x06,  /* [ 7084] OBJ_dsa_with_SHA3_256 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x07,  /* [ 7093] OBJ_dsa_with_SHA3_384 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x08,  /* [ 7102] OBJ_dsa_with_SHA3_512 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x09,  /* [ 7111] OBJ_ecdsa_with_SHA3_224 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x0A,  /* [ 7120] OBJ_ecdsa_with_SHA3_256 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x0B,  /* [ 7129] OBJ_ecdsa_with_SHA3_384 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x0C,  /* [ 7138] OBJ_ecdsa_with_SHA3_512 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x0D,  /* [ 7147] OBJ_RSA_SHA3_224 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x0E,  /* [ 7156] OBJ_RSA_SHA3_256 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x0F,  /* [ 7165] OBJ_RSA_SHA3_384 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x10,  /* [ 7174] OBJ_RSA_SHA3_512 */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x25,  /* [ 7183] OBJ_aria_128_ccm */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x26,  /* [ 7192] OBJ_aria_192_ccm */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x27,  /* [ 7201] OBJ_aria_256_ccm */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x22,  /* [ 7210] OBJ_aria_128_gcm */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x23,  /* [ 7219] OBJ_aria_192_gcm */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x24,  /* [ 7228] OBJ_aria_256_gcm */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x1B,       /* [ 7237] OBJ_cmcCA */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x1C,       /* [ 7245] OBJ_cmcRA */
+    0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x01,       /* [ 7253] OBJ_sm4_ecb */
+    0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x02,       /* [ 7261] OBJ_sm4_cbc */
+    0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x03,       /* [ 7269] OBJ_sm4_ofb128 */
+    0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x05,       /* [ 7277] OBJ_sm4_cfb1 */
+    0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x04,       /* [ 7285] OBJ_sm4_cfb128 */
+    0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x06,       /* [ 7293] OBJ_sm4_cfb8 */
+    0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x07,       /* [ 7301] OBJ_sm4_ctr */
+    0x2A,0x81,0x1C,                                /* [ 7309] OBJ_ISO_CN */
+    0x2A,0x81,0x1C,0xCF,0x55,                      /* [ 7312] OBJ_oscca */
+    0x2A,0x81,0x1C,0xCF,0x55,0x01,                 /* [ 7317] OBJ_sm_scheme */
+    0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x11,       /* [ 7323] OBJ_sm3 */
+    0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x78,       /* [ 7331] OBJ_sm3WithRSAEncryption */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0F,  /* [ 7339] OBJ_sha512_224WithRSAEncryption */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x10,  /* [ 7348] OBJ_sha512_256WithRSAEncryption */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,       /* [ 7357] OBJ_id_tc26_gost_3410_2012_256_constants */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x01,  /* [ 7365] OBJ_id_tc26_gost_3410_2012_256_paramSetA */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x03,  /* [ 7374] OBJ_id_tc26_gost_3410_2012_512_paramSetC */
+    0x2A,0x86,0x24,                                /* [ 7383] OBJ_ISO_UA */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,            /* [ 7386] OBJ_ua_pki */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x01,0x01,  /* [ 7393] OBJ_dstu28147 */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x01,0x01,0x02,  /* [ 7403] OBJ_dstu28147_ofb */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x01,0x01,0x03,  /* [ 7414] OBJ_dstu28147_cfb */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x01,0x01,0x05,  /* [ 7425] OBJ_dstu28147_wrap */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x01,0x02,  /* [ 7436] OBJ_hmacWithDstu34311 */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x02,0x01,  /* [ 7446] OBJ_dstu34311 */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,  /* [ 7456] OBJ_dstu4145le */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x01,0x01,  /* [ 7467] OBJ_dstu4145be */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x00,  /* [ 7480] OBJ_uacurve0 */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x01,  /* [ 7493] OBJ_uacurve1 */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x02,  /* [ 7506] OBJ_uacurve2 */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x03,  /* [ 7519] OBJ_uacurve3 */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x04,  /* [ 7532] OBJ_uacurve4 */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x05,  /* [ 7545] OBJ_uacurve5 */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x06,  /* [ 7558] OBJ_uacurve6 */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x07,  /* [ 7571] OBJ_uacurve7 */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x08,  /* [ 7584] OBJ_uacurve8 */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x09,  /* [ 7597] OBJ_uacurve9 */
+    0x2B,0x6F,                                     /* [ 7610] OBJ_ieee */
+    0x2B,0x6F,0x02,0x8C,0x53,                      /* [ 7612] OBJ_ieee_siswg */
+    0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D,       /* [ 7617] OBJ_sm2 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x01,       /* [ 7625] OBJ_id_tc26_cipher_gostr3412_2015_magma */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x01,0x01,  /* [ 7633] OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x01,0x02,  /* [ 7642] OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x02,       /* [ 7651] OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x02,0x01,  /* [ 7659] OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x02,0x02,  /* [ 7668] OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x07,            /* [ 7677] OBJ_id_tc26_wrap */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x01,       /* [ 7684] OBJ_id_tc26_wrap_gostr3412_2015_magma */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x01,0x01,  /* [ 7692] OBJ_id_tc26_wrap_gostr3412_2015_magma_kexp15 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x02,       /* [ 7701] OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x01,0x01,  /* [ 7709] OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x02,  /* [ 7718] OBJ_id_tc26_gost_3410_2012_256_paramSetB */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x03,  /* [ 7727] OBJ_id_tc26_gost_3410_2012_256_paramSetC */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x04,  /* [ 7736] OBJ_id_tc26_gost_3410_2012_256_paramSetD */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0C,       /* [ 7745] OBJ_hmacWithSHA512_224 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0D,       /* [ 7753] OBJ_hmacWithSHA512_256 */
 };
 
-static const ASN1_OBJECT nid_objs[NUM_NID]={
-{"UNDEF","undefined",NID_undef,0,NULL,0},
-{"rsadsi","RSA Data Security, Inc.",NID_rsadsi,6,&(lvalues[0]),0},
-{"pkcs","RSA Data Security, Inc. PKCS",NID_pkcs,7,&(lvalues[6]),0},
-{"MD2","md2",NID_md2,8,&(lvalues[13]),0},
-{"MD5","md5",NID_md5,8,&(lvalues[21]),0},
-{"RC4","rc4",NID_rc4,8,&(lvalues[29]),0},
-{"rsaEncryption","rsaEncryption",NID_rsaEncryption,9,&(lvalues[37]),0},
-{"RSA-MD2","md2WithRSAEncryption",NID_md2WithRSAEncryption,9,
-	&(lvalues[46]),0},
-{"RSA-MD5","md5WithRSAEncryption",NID_md5WithRSAEncryption,9,
-	&(lvalues[55]),0},
-{"PBE-MD2-DES","pbeWithMD2AndDES-CBC",NID_pbeWithMD2AndDES_CBC,9,
-	&(lvalues[64]),0},
-{"PBE-MD5-DES","pbeWithMD5AndDES-CBC",NID_pbeWithMD5AndDES_CBC,9,
-	&(lvalues[73]),0},
-{"X500","directory services (X.500)",NID_X500,1,&(lvalues[82]),0},
-{"X509","X509",NID_X509,2,&(lvalues[83]),0},
-{"CN","commonName",NID_commonName,3,&(lvalues[85]),0},
-{"C","countryName",NID_countryName,3,&(lvalues[88]),0},
-{"L","localityName",NID_localityName,3,&(lvalues[91]),0},
-{"ST","stateOrProvinceName",NID_stateOrProvinceName,3,&(lvalues[94]),0},
-{"O","organizationName",NID_organizationName,3,&(lvalues[97]),0},
-{"OU","organizationalUnitName",NID_organizationalUnitName,3,
-	&(lvalues[100]),0},
-{"RSA","rsa",NID_rsa,4,&(lvalues[103]),0},
-{"pkcs7","pkcs7",NID_pkcs7,8,&(lvalues[107]),0},
-{"pkcs7-data","pkcs7-data",NID_pkcs7_data,9,&(lvalues[115]),0},
-{"pkcs7-signedData","pkcs7-signedData",NID_pkcs7_signed,9,
-	&(lvalues[124]),0},
-{"pkcs7-envelopedData","pkcs7-envelopedData",NID_pkcs7_enveloped,9,
-	&(lvalues[133]),0},
-{"pkcs7-signedAndEnvelopedData","pkcs7-signedAndEnvelopedData",
-	NID_pkcs7_signedAndEnveloped,9,&(lvalues[142]),0},
-{"pkcs7-digestData","pkcs7-digestData",NID_pkcs7_digest,9,
-	&(lvalues[151]),0},
-{"pkcs7-encryptedData","pkcs7-encryptedData",NID_pkcs7_encrypted,9,
-	&(lvalues[160]),0},
-{"pkcs3","pkcs3",NID_pkcs3,8,&(lvalues[169]),0},
-{"dhKeyAgreement","dhKeyAgreement",NID_dhKeyAgreement,9,
-	&(lvalues[177]),0},
-{"DES-ECB","des-ecb",NID_des_ecb,5,&(lvalues[186]),0},
-{"DES-CFB","des-cfb",NID_des_cfb64,5,&(lvalues[191]),0},
-{"DES-CBC","des-cbc",NID_des_cbc,5,&(lvalues[196]),0},
-{"DES-EDE","des-ede",NID_des_ede_ecb,5,&(lvalues[201]),0},
-{"DES-EDE3","des-ede3",NID_des_ede3_ecb,0,NULL,0},
-{"IDEA-CBC","idea-cbc",NID_idea_cbc,11,&(lvalues[206]),0},
-{"IDEA-CFB","idea-cfb",NID_idea_cfb64,0,NULL,0},
-{"IDEA-ECB","idea-ecb",NID_idea_ecb,0,NULL,0},
-{"RC2-CBC","rc2-cbc",NID_rc2_cbc,8,&(lvalues[217]),0},
-{"RC2-ECB","rc2-ecb",NID_rc2_ecb,0,NULL,0},
-{"RC2-CFB","rc2-cfb",NID_rc2_cfb64,0,NULL,0},
-{"RC2-OFB","rc2-ofb",NID_rc2_ofb64,0,NULL,0},
-{"SHA","sha",NID_sha,5,&(lvalues[225]),0},
-{"RSA-SHA","shaWithRSAEncryption",NID_shaWithRSAEncryption,5,
-	&(lvalues[230]),0},
-{"DES-EDE-CBC","des-ede-cbc",NID_des_ede_cbc,0,NULL,0},
-{"DES-EDE3-CBC","des-ede3-cbc",NID_des_ede3_cbc,8,&(lvalues[235]),0},
-{"DES-OFB","des-ofb",NID_des_ofb64,5,&(lvalues[243]),0},
-{"IDEA-OFB","idea-ofb",NID_idea_ofb64,0,NULL,0},
-{"pkcs9","pkcs9",NID_pkcs9,8,&(lvalues[248]),0},
-{"emailAddress","emailAddress",NID_pkcs9_emailAddress,9,
-	&(lvalues[256]),0},
-{"unstructuredName","unstructuredName",NID_pkcs9_unstructuredName,9,
-	&(lvalues[265]),0},
-{"contentType","contentType",NID_pkcs9_contentType,9,&(lvalues[274]),0},
-{"messageDigest","messageDigest",NID_pkcs9_messageDigest,9,
-	&(lvalues[283]),0},
-{"signingTime","signingTime",NID_pkcs9_signingTime,9,&(lvalues[292]),0},
-{"countersignature","countersignature",NID_pkcs9_countersignature,9,
-	&(lvalues[301]),0},
-{"challengePassword","challengePassword",NID_pkcs9_challengePassword,
-	9,&(lvalues[310]),0},
-{"unstructuredAddress","unstructuredAddress",
-	NID_pkcs9_unstructuredAddress,9,&(lvalues[319]),0},
-{"extendedCertificateAttributes","extendedCertificateAttributes",
-	NID_pkcs9_extCertAttributes,9,&(lvalues[328]),0},
-{"Netscape","Netscape Communications Corp.",NID_netscape,7,
-	&(lvalues[337]),0},
-{"nsCertExt","Netscape Certificate Extension",
-	NID_netscape_cert_extension,8,&(lvalues[344]),0},
-{"nsDataType","Netscape Data Type",NID_netscape_data_type,8,
-	&(lvalues[352]),0},
-{"DES-EDE-CFB","des-ede-cfb",NID_des_ede_cfb64,0,NULL,0},
-{"DES-EDE3-CFB","des-ede3-cfb",NID_des_ede3_cfb64,0,NULL,0},
-{"DES-EDE-OFB","des-ede-ofb",NID_des_ede_ofb64,0,NULL,0},
-{"DES-EDE3-OFB","des-ede3-ofb",NID_des_ede3_ofb64,0,NULL,0},
-{"SHA1","sha1",NID_sha1,5,&(lvalues[360]),0},
-{"RSA-SHA1","sha1WithRSAEncryption",NID_sha1WithRSAEncryption,9,
-	&(lvalues[365]),0},
-{"DSA-SHA","dsaWithSHA",NID_dsaWithSHA,5,&(lvalues[374]),0},
-{"DSA-old","dsaEncryption-old",NID_dsa_2,5,&(lvalues[379]),0},
-{"PBE-SHA1-RC2-64","pbeWithSHA1AndRC2-CBC",NID_pbeWithSHA1AndRC2_CBC,
-	9,&(lvalues[384]),0},
-{"PBKDF2","PBKDF2",NID_id_pbkdf2,9,&(lvalues[393]),0},
-{"DSA-SHA1-old","dsaWithSHA1-old",NID_dsaWithSHA1_2,5,&(lvalues[402]),0},
-{"nsCertType","Netscape Cert Type",NID_netscape_cert_type,9,
-	&(lvalues[407]),0},
-{"nsBaseUrl","Netscape Base Url",NID_netscape_base_url,9,
-	&(lvalues[416]),0},
-{"nsRevocationUrl","Netscape Revocation Url",
-	NID_netscape_revocation_url,9,&(lvalues[425]),0},
-{"nsCaRevocationUrl","Netscape CA Revocation Url",
-	NID_netscape_ca_revocation_url,9,&(lvalues[434]),0},
-{"nsRenewalUrl","Netscape Renewal Url",NID_netscape_renewal_url,9,
-	&(lvalues[443]),0},
-{"nsCaPolicyUrl","Netscape CA Policy Url",NID_netscape_ca_policy_url,
-	9,&(lvalues[452]),0},
-{"nsSslServerName","Netscape SSL Server Name",
-	NID_netscape_ssl_server_name,9,&(lvalues[461]),0},
-{"nsComment","Netscape Comment",NID_netscape_comment,9,&(lvalues[470]),0},
-{"nsCertSequence","Netscape Certificate Sequence",
-	NID_netscape_cert_sequence,9,&(lvalues[479]),0},
-{"DESX-CBC","desx-cbc",NID_desx_cbc,0,NULL,0},
-{"id-ce","id-ce",NID_id_ce,2,&(lvalues[488]),0},
-{"subjectKeyIdentifier","X509v3 Subject Key Identifier",
-	NID_subject_key_identifier,3,&(lvalues[490]),0},
-{"keyUsage","X509v3 Key Usage",NID_key_usage,3,&(lvalues[493]),0},
-{"privateKeyUsagePeriod","X509v3 Private Key Usage Period",
-	NID_private_key_usage_period,3,&(lvalues[496]),0},
-{"subjectAltName","X509v3 Subject Alternative Name",
-	NID_subject_alt_name,3,&(lvalues[499]),0},
-{"issuerAltName","X509v3 Issuer Alternative Name",NID_issuer_alt_name,
-	3,&(lvalues[502]),0},
-{"basicConstraints","X509v3 Basic Constraints",NID_basic_constraints,
-	3,&(lvalues[505]),0},
-{"crlNumber","X509v3 CRL Number",NID_crl_number,3,&(lvalues[508]),0},
-{"certificatePolicies","X509v3 Certificate Policies",
-	NID_certificate_policies,3,&(lvalues[511]),0},
-{"authorityKeyIdentifier","X509v3 Authority Key Identifier",
-	NID_authority_key_identifier,3,&(lvalues[514]),0},
-{"BF-CBC","bf-cbc",NID_bf_cbc,9,&(lvalues[517]),0},
-{"BF-ECB","bf-ecb",NID_bf_ecb,0,NULL,0},
-{"BF-CFB","bf-cfb",NID_bf_cfb64,0,NULL,0},
-{"BF-OFB","bf-ofb",NID_bf_ofb64,0,NULL,0},
-{"MDC2","mdc2",NID_mdc2,4,&(lvalues[526]),0},
-{"RSA-MDC2","mdc2WithRSA",NID_mdc2WithRSA,4,&(lvalues[530]),0},
-{"RC4-40","rc4-40",NID_rc4_40,0,NULL,0},
-{"RC2-40-CBC","rc2-40-cbc",NID_rc2_40_cbc,0,NULL,0},
-{"GN","givenName",NID_givenName,3,&(lvalues[534]),0},
-{"SN","surname",NID_surname,3,&(lvalues[537]),0},
-{"initials","initials",NID_initials,3,&(lvalues[540]),0},
-{NULL,NULL,NID_undef,0,NULL,0},
-{"crlDistributionPoints","X509v3 CRL Distribution Points",
-	NID_crl_distribution_points,3,&(lvalues[543]),0},
-{"RSA-NP-MD5","md5WithRSA",NID_md5WithRSA,5,&(lvalues[546]),0},
-{"serialNumber","serialNumber",NID_serialNumber,3,&(lvalues[551]),0},
-{"title","title",NID_title,3,&(lvalues[554]),0},
-{"description","description",NID_description,3,&(lvalues[557]),0},
-{"CAST5-CBC","cast5-cbc",NID_cast5_cbc,9,&(lvalues[560]),0},
-{"CAST5-ECB","cast5-ecb",NID_cast5_ecb,0,NULL,0},
-{"CAST5-CFB","cast5-cfb",NID_cast5_cfb64,0,NULL,0},
-{"CAST5-OFB","cast5-ofb",NID_cast5_ofb64,0,NULL,0},
-{"pbeWithMD5AndCast5CBC","pbeWithMD5AndCast5CBC",
-	NID_pbeWithMD5AndCast5_CBC,9,&(lvalues[569]),0},
-{"DSA-SHA1","dsaWithSHA1",NID_dsaWithSHA1,7,&(lvalues[578]),0},
-{"MD5-SHA1","md5-sha1",NID_md5_sha1,0,NULL,0},
-{"RSA-SHA1-2","sha1WithRSA",NID_sha1WithRSA,5,&(lvalues[585]),0},
-{"DSA","dsaEncryption",NID_dsa,7,&(lvalues[590]),0},
-{"RIPEMD160","ripemd160",NID_ripemd160,5,&(lvalues[597]),0},
-{NULL,NULL,NID_undef,0,NULL,0},
-{"RSA-RIPEMD160","ripemd160WithRSA",NID_ripemd160WithRSA,6,
-	&(lvalues[602]),0},
-{"RC5-CBC","rc5-cbc",NID_rc5_cbc,8,&(lvalues[608]),0},
-{"RC5-ECB","rc5-ecb",NID_rc5_ecb,0,NULL,0},
-{"RC5-CFB","rc5-cfb",NID_rc5_cfb64,0,NULL,0},
-{"RC5-OFB","rc5-ofb",NID_rc5_ofb64,0,NULL,0},
-{"RLE","run length compression",NID_rle_compression,6,&(lvalues[616]),0},
-{"ZLIB","zlib compression",NID_zlib_compression,11,&(lvalues[622]),0},
-{"extendedKeyUsage","X509v3 Extended Key Usage",NID_ext_key_usage,3,
-	&(lvalues[633]),0},
-{"PKIX","PKIX",NID_id_pkix,6,&(lvalues[636]),0},
-{"id-kp","id-kp",NID_id_kp,7,&(lvalues[642]),0},
-{"serverAuth","TLS Web Server Authentication",NID_server_auth,8,
-	&(lvalues[649]),0},
-{"clientAuth","TLS Web Client Authentication",NID_client_auth,8,
-	&(lvalues[657]),0},
-{"codeSigning","Code Signing",NID_code_sign,8,&(lvalues[665]),0},
-{"emailProtection","E-mail Protection",NID_email_protect,8,
-	&(lvalues[673]),0},
-{"timeStamping","Time Stamping",NID_time_stamp,8,&(lvalues[681]),0},
-{"msCodeInd","Microsoft Individual Code Signing",NID_ms_code_ind,10,
-	&(lvalues[689]),0},
-{"msCodeCom","Microsoft Commercial Code Signing",NID_ms_code_com,10,
-	&(lvalues[699]),0},
-{"msCTLSign","Microsoft Trust List Signing",NID_ms_ctl_sign,10,
-	&(lvalues[709]),0},
-{"msSGC","Microsoft Server Gated Crypto",NID_ms_sgc,10,&(lvalues[719]),0},
-{"msEFS","Microsoft Encrypted File System",NID_ms_efs,10,
-	&(lvalues[729]),0},
-{"nsSGC","Netscape Server Gated Crypto",NID_ns_sgc,9,&(lvalues[739]),0},
-{"deltaCRL","X509v3 Delta CRL Indicator",NID_delta_crl,3,
-	&(lvalues[748]),0},
-{"CRLReason","X509v3 CRL Reason Code",NID_crl_reason,3,&(lvalues[751]),0},
-{"invalidityDate","Invalidity Date",NID_invalidity_date,3,
-	&(lvalues[754]),0},
-{"SXNetID","Strong Extranet ID",NID_sxnet,5,&(lvalues[757]),0},
-{"PBE-SHA1-RC4-128","pbeWithSHA1And128BitRC4",
-	NID_pbe_WithSHA1And128BitRC4,10,&(lvalues[762]),0},
-{"PBE-SHA1-RC4-40","pbeWithSHA1And40BitRC4",
-	NID_pbe_WithSHA1And40BitRC4,10,&(lvalues[772]),0},
-{"PBE-SHA1-3DES","pbeWithSHA1And3-KeyTripleDES-CBC",
-	NID_pbe_WithSHA1And3_Key_TripleDES_CBC,10,&(lvalues[782]),0},
-{"PBE-SHA1-2DES","pbeWithSHA1And2-KeyTripleDES-CBC",
-	NID_pbe_WithSHA1And2_Key_TripleDES_CBC,10,&(lvalues[792]),0},
-{"PBE-SHA1-RC2-128","pbeWithSHA1And128BitRC2-CBC",
-	NID_pbe_WithSHA1And128BitRC2_CBC,10,&(lvalues[802]),0},
-{"PBE-SHA1-RC2-40","pbeWithSHA1And40BitRC2-CBC",
-	NID_pbe_WithSHA1And40BitRC2_CBC,10,&(lvalues[812]),0},
-{"keyBag","keyBag",NID_keyBag,11,&(lvalues[822]),0},
-{"pkcs8ShroudedKeyBag","pkcs8ShroudedKeyBag",NID_pkcs8ShroudedKeyBag,
-	11,&(lvalues[833]),0},
-{"certBag","certBag",NID_certBag,11,&(lvalues[844]),0},
-{"crlBag","crlBag",NID_crlBag,11,&(lvalues[855]),0},
-{"secretBag","secretBag",NID_secretBag,11,&(lvalues[866]),0},
-{"safeContentsBag","safeContentsBag",NID_safeContentsBag,11,
-	&(lvalues[877]),0},
-{"friendlyName","friendlyName",NID_friendlyName,9,&(lvalues[888]),0},
-{"localKeyID","localKeyID",NID_localKeyID,9,&(lvalues[897]),0},
-{"x509Certificate","x509Certificate",NID_x509Certificate,10,
-	&(lvalues[906]),0},
-{"sdsiCertificate","sdsiCertificate",NID_sdsiCertificate,10,
-	&(lvalues[916]),0},
-{"x509Crl","x509Crl",NID_x509Crl,10,&(lvalues[926]),0},
-{"PBES2","PBES2",NID_pbes2,9,&(lvalues[936]),0},
-{"PBMAC1","PBMAC1",NID_pbmac1,9,&(lvalues[945]),0},
-{"hmacWithSHA1","hmacWithSHA1",NID_hmacWithSHA1,8,&(lvalues[954]),0},
-{"id-qt-cps","Policy Qualifier CPS",NID_id_qt_cps,8,&(lvalues[962]),0},
-{"id-qt-unotice","Policy Qualifier User Notice",NID_id_qt_unotice,8,
-	&(lvalues[970]),0},
-{"RC2-64-CBC","rc2-64-cbc",NID_rc2_64_cbc,0,NULL,0},
-{"SMIME-CAPS","S/MIME Capabilities",NID_SMIMECapabilities,9,
-	&(lvalues[978]),0},
-{"PBE-MD2-RC2-64","pbeWithMD2AndRC2-CBC",NID_pbeWithMD2AndRC2_CBC,9,
-	&(lvalues[987]),0},
-{"PBE-MD5-RC2-64","pbeWithMD5AndRC2-CBC",NID_pbeWithMD5AndRC2_CBC,9,
-	&(lvalues[996]),0},
-{"PBE-SHA1-DES","pbeWithSHA1AndDES-CBC",NID_pbeWithSHA1AndDES_CBC,9,
-	&(lvalues[1005]),0},
-{"msExtReq","Microsoft Extension Request",NID_ms_ext_req,10,
-	&(lvalues[1014]),0},
-{"extReq","Extension Request",NID_ext_req,9,&(lvalues[1024]),0},
-{"name","name",NID_name,3,&(lvalues[1033]),0},
-{"dnQualifier","dnQualifier",NID_dnQualifier,3,&(lvalues[1036]),0},
-{"id-pe","id-pe",NID_id_pe,7,&(lvalues[1039]),0},
-{"id-ad","id-ad",NID_id_ad,7,&(lvalues[1046]),0},
-{"authorityInfoAccess","Authority Information Access",NID_info_access,
-	8,&(lvalues[1053]),0},
-{"OCSP","OCSP",NID_ad_OCSP,8,&(lvalues[1061]),0},
-{"caIssuers","CA Issuers",NID_ad_ca_issuers,8,&(lvalues[1069]),0},
-{"OCSPSigning","OCSP Signing",NID_OCSP_sign,8,&(lvalues[1077]),0},
-{"ISO","iso",NID_iso,0,NULL,0},
-{"member-body","ISO Member Body",NID_member_body,1,&(lvalues[1085]),0},
-{"ISO-US","ISO US Member Body",NID_ISO_US,3,&(lvalues[1086]),0},
-{"X9-57","X9.57",NID_X9_57,5,&(lvalues[1089]),0},
-{"X9cm","X9.57 CM ?",NID_X9cm,6,&(lvalues[1094]),0},
-{"pkcs1","pkcs1",NID_pkcs1,8,&(lvalues[1100]),0},
-{"pkcs5","pkcs5",NID_pkcs5,8,&(lvalues[1108]),0},
-{"SMIME","S/MIME",NID_SMIME,9,&(lvalues[1116]),0},
-{"id-smime-mod","id-smime-mod",NID_id_smime_mod,10,&(lvalues[1125]),0},
-{"id-smime-ct","id-smime-ct",NID_id_smime_ct,10,&(lvalues[1135]),0},
-{"id-smime-aa","id-smime-aa",NID_id_smime_aa,10,&(lvalues[1145]),0},
-{"id-smime-alg","id-smime-alg",NID_id_smime_alg,10,&(lvalues[1155]),0},
-{"id-smime-cd","id-smime-cd",NID_id_smime_cd,10,&(lvalues[1165]),0},
-{"id-smime-spq","id-smime-spq",NID_id_smime_spq,10,&(lvalues[1175]),0},
-{"id-smime-cti","id-smime-cti",NID_id_smime_cti,10,&(lvalues[1185]),0},
-{"id-smime-mod-cms","id-smime-mod-cms",NID_id_smime_mod_cms,11,
-	&(lvalues[1195]),0},
-{"id-smime-mod-ess","id-smime-mod-ess",NID_id_smime_mod_ess,11,
-	&(lvalues[1206]),0},
-{"id-smime-mod-oid","id-smime-mod-oid",NID_id_smime_mod_oid,11,
-	&(lvalues[1217]),0},
-{"id-smime-mod-msg-v3","id-smime-mod-msg-v3",NID_id_smime_mod_msg_v3,
-	11,&(lvalues[1228]),0},
-{"id-smime-mod-ets-eSignature-88","id-smime-mod-ets-eSignature-88",
-	NID_id_smime_mod_ets_eSignature_88,11,&(lvalues[1239]),0},
-{"id-smime-mod-ets-eSignature-97","id-smime-mod-ets-eSignature-97",
-	NID_id_smime_mod_ets_eSignature_97,11,&(lvalues[1250]),0},
-{"id-smime-mod-ets-eSigPolicy-88","id-smime-mod-ets-eSigPolicy-88",
-	NID_id_smime_mod_ets_eSigPolicy_88,11,&(lvalues[1261]),0},
-{"id-smime-mod-ets-eSigPolicy-97","id-smime-mod-ets-eSigPolicy-97",
-	NID_id_smime_mod_ets_eSigPolicy_97,11,&(lvalues[1272]),0},
-{"id-smime-ct-receipt","id-smime-ct-receipt",NID_id_smime_ct_receipt,
-	11,&(lvalues[1283]),0},
-{"id-smime-ct-authData","id-smime-ct-authData",
-	NID_id_smime_ct_authData,11,&(lvalues[1294]),0},
-{"id-smime-ct-publishCert","id-smime-ct-publishCert",
-	NID_id_smime_ct_publishCert,11,&(lvalues[1305]),0},
-{"id-smime-ct-TSTInfo","id-smime-ct-TSTInfo",NID_id_smime_ct_TSTInfo,
-	11,&(lvalues[1316]),0},
-{"id-smime-ct-TDTInfo","id-smime-ct-TDTInfo",NID_id_smime_ct_TDTInfo,
-	11,&(lvalues[1327]),0},
-{"id-smime-ct-contentInfo","id-smime-ct-contentInfo",
-	NID_id_smime_ct_contentInfo,11,&(lvalues[1338]),0},
-{"id-smime-ct-DVCSRequestData","id-smime-ct-DVCSRequestData",
-	NID_id_smime_ct_DVCSRequestData,11,&(lvalues[1349]),0},
-{"id-smime-ct-DVCSResponseData","id-smime-ct-DVCSResponseData",
-	NID_id_smime_ct_DVCSResponseData,11,&(lvalues[1360]),0},
-{"id-smime-aa-receiptRequest","id-smime-aa-receiptRequest",
-	NID_id_smime_aa_receiptRequest,11,&(lvalues[1371]),0},
-{"id-smime-aa-securityLabel","id-smime-aa-securityLabel",
-	NID_id_smime_aa_securityLabel,11,&(lvalues[1382]),0},
-{"id-smime-aa-mlExpandHistory","id-smime-aa-mlExpandHistory",
-	NID_id_smime_aa_mlExpandHistory,11,&(lvalues[1393]),0},
-{"id-smime-aa-contentHint","id-smime-aa-contentHint",
-	NID_id_smime_aa_contentHint,11,&(lvalues[1404]),0},
-{"id-smime-aa-msgSigDigest","id-smime-aa-msgSigDigest",
-	NID_id_smime_aa_msgSigDigest,11,&(lvalues[1415]),0},
-{"id-smime-aa-encapContentType","id-smime-aa-encapContentType",
-	NID_id_smime_aa_encapContentType,11,&(lvalues[1426]),0},
-{"id-smime-aa-contentIdentifier","id-smime-aa-contentIdentifier",
-	NID_id_smime_aa_contentIdentifier,11,&(lvalues[1437]),0},
-{"id-smime-aa-macValue","id-smime-aa-macValue",
-	NID_id_smime_aa_macValue,11,&(lvalues[1448]),0},
-{"id-smime-aa-equivalentLabels","id-smime-aa-equivalentLabels",
-	NID_id_smime_aa_equivalentLabels,11,&(lvalues[1459]),0},
-{"id-smime-aa-contentReference","id-smime-aa-contentReference",
-	NID_id_smime_aa_contentReference,11,&(lvalues[1470]),0},
-{"id-smime-aa-encrypKeyPref","id-smime-aa-encrypKeyPref",
-	NID_id_smime_aa_encrypKeyPref,11,&(lvalues[1481]),0},
-{"id-smime-aa-signingCertificate","id-smime-aa-signingCertificate",
-	NID_id_smime_aa_signingCertificate,11,&(lvalues[1492]),0},
-{"id-smime-aa-smimeEncryptCerts","id-smime-aa-smimeEncryptCerts",
-	NID_id_smime_aa_smimeEncryptCerts,11,&(lvalues[1503]),0},
-{"id-smime-aa-timeStampToken","id-smime-aa-timeStampToken",
-	NID_id_smime_aa_timeStampToken,11,&(lvalues[1514]),0},
-{"id-smime-aa-ets-sigPolicyId","id-smime-aa-ets-sigPolicyId",
-	NID_id_smime_aa_ets_sigPolicyId,11,&(lvalues[1525]),0},
-{"id-smime-aa-ets-commitmentType","id-smime-aa-ets-commitmentType",
-	NID_id_smime_aa_ets_commitmentType,11,&(lvalues[1536]),0},
-{"id-smime-aa-ets-signerLocation","id-smime-aa-ets-signerLocation",
-	NID_id_smime_aa_ets_signerLocation,11,&(lvalues[1547]),0},
-{"id-smime-aa-ets-signerAttr","id-smime-aa-ets-signerAttr",
-	NID_id_smime_aa_ets_signerAttr,11,&(lvalues[1558]),0},
-{"id-smime-aa-ets-otherSigCert","id-smime-aa-ets-otherSigCert",
-	NID_id_smime_aa_ets_otherSigCert,11,&(lvalues[1569]),0},
-{"id-smime-aa-ets-contentTimestamp",
-	"id-smime-aa-ets-contentTimestamp",
-	NID_id_smime_aa_ets_contentTimestamp,11,&(lvalues[1580]),0},
-{"id-smime-aa-ets-CertificateRefs","id-smime-aa-ets-CertificateRefs",
-	NID_id_smime_aa_ets_CertificateRefs,11,&(lvalues[1591]),0},
-{"id-smime-aa-ets-RevocationRefs","id-smime-aa-ets-RevocationRefs",
-	NID_id_smime_aa_ets_RevocationRefs,11,&(lvalues[1602]),0},
-{"id-smime-aa-ets-certValues","id-smime-aa-ets-certValues",
-	NID_id_smime_aa_ets_certValues,11,&(lvalues[1613]),0},
-{"id-smime-aa-ets-revocationValues",
-	"id-smime-aa-ets-revocationValues",
-	NID_id_smime_aa_ets_revocationValues,11,&(lvalues[1624]),0},
-{"id-smime-aa-ets-escTimeStamp","id-smime-aa-ets-escTimeStamp",
-	NID_id_smime_aa_ets_escTimeStamp,11,&(lvalues[1635]),0},
-{"id-smime-aa-ets-certCRLTimestamp",
-	"id-smime-aa-ets-certCRLTimestamp",
-	NID_id_smime_aa_ets_certCRLTimestamp,11,&(lvalues[1646]),0},
-{"id-smime-aa-ets-archiveTimeStamp",
-	"id-smime-aa-ets-archiveTimeStamp",
-	NID_id_smime_aa_ets_archiveTimeStamp,11,&(lvalues[1657]),0},
-{"id-smime-aa-signatureType","id-smime-aa-signatureType",
-	NID_id_smime_aa_signatureType,11,&(lvalues[1668]),0},
-{"id-smime-aa-dvcs-dvc","id-smime-aa-dvcs-dvc",
-	NID_id_smime_aa_dvcs_dvc,11,&(lvalues[1679]),0},
-{"id-smime-alg-ESDHwith3DES","id-smime-alg-ESDHwith3DES",
-	NID_id_smime_alg_ESDHwith3DES,11,&(lvalues[1690]),0},
-{"id-smime-alg-ESDHwithRC2","id-smime-alg-ESDHwithRC2",
-	NID_id_smime_alg_ESDHwithRC2,11,&(lvalues[1701]),0},
-{"id-smime-alg-3DESwrap","id-smime-alg-3DESwrap",
-	NID_id_smime_alg_3DESwrap,11,&(lvalues[1712]),0},
-{"id-smime-alg-RC2wrap","id-smime-alg-RC2wrap",
-	NID_id_smime_alg_RC2wrap,11,&(lvalues[1723]),0},
-{"id-smime-alg-ESDH","id-smime-alg-ESDH",NID_id_smime_alg_ESDH,11,
-	&(lvalues[1734]),0},
-{"id-smime-alg-CMS3DESwrap","id-smime-alg-CMS3DESwrap",
-	NID_id_smime_alg_CMS3DESwrap,11,&(lvalues[1745]),0},
-{"id-smime-alg-CMSRC2wrap","id-smime-alg-CMSRC2wrap",
-	NID_id_smime_alg_CMSRC2wrap,11,&(lvalues[1756]),0},
-{"id-smime-cd-ldap","id-smime-cd-ldap",NID_id_smime_cd_ldap,11,
-	&(lvalues[1767]),0},
-{"id-smime-spq-ets-sqt-uri","id-smime-spq-ets-sqt-uri",
-	NID_id_smime_spq_ets_sqt_uri,11,&(lvalues[1778]),0},
-{"id-smime-spq-ets-sqt-unotice","id-smime-spq-ets-sqt-unotice",
-	NID_id_smime_spq_ets_sqt_unotice,11,&(lvalues[1789]),0},
-{"id-smime-cti-ets-proofOfOrigin","id-smime-cti-ets-proofOfOrigin",
-	NID_id_smime_cti_ets_proofOfOrigin,11,&(lvalues[1800]),0},
-{"id-smime-cti-ets-proofOfReceipt","id-smime-cti-ets-proofOfReceipt",
-	NID_id_smime_cti_ets_proofOfReceipt,11,&(lvalues[1811]),0},
-{"id-smime-cti-ets-proofOfDelivery",
-	"id-smime-cti-ets-proofOfDelivery",
-	NID_id_smime_cti_ets_proofOfDelivery,11,&(lvalues[1822]),0},
-{"id-smime-cti-ets-proofOfSender","id-smime-cti-ets-proofOfSender",
-	NID_id_smime_cti_ets_proofOfSender,11,&(lvalues[1833]),0},
-{"id-smime-cti-ets-proofOfApproval",
-	"id-smime-cti-ets-proofOfApproval",
-	NID_id_smime_cti_ets_proofOfApproval,11,&(lvalues[1844]),0},
-{"id-smime-cti-ets-proofOfCreation",
-	"id-smime-cti-ets-proofOfCreation",
-	NID_id_smime_cti_ets_proofOfCreation,11,&(lvalues[1855]),0},
-{"MD4","md4",NID_md4,8,&(lvalues[1866]),0},
-{"id-pkix-mod","id-pkix-mod",NID_id_pkix_mod,7,&(lvalues[1874]),0},
-{"id-qt","id-qt",NID_id_qt,7,&(lvalues[1881]),0},
-{"id-it","id-it",NID_id_it,7,&(lvalues[1888]),0},
-{"id-pkip","id-pkip",NID_id_pkip,7,&(lvalues[1895]),0},
-{"id-alg","id-alg",NID_id_alg,7,&(lvalues[1902]),0},
-{"id-cmc","id-cmc",NID_id_cmc,7,&(lvalues[1909]),0},
-{"id-on","id-on",NID_id_on,7,&(lvalues[1916]),0},
-{"id-pda","id-pda",NID_id_pda,7,&(lvalues[1923]),0},
-{"id-aca","id-aca",NID_id_aca,7,&(lvalues[1930]),0},
-{"id-qcs","id-qcs",NID_id_qcs,7,&(lvalues[1937]),0},
-{"id-cct","id-cct",NID_id_cct,7,&(lvalues[1944]),0},
-{"id-pkix1-explicit-88","id-pkix1-explicit-88",
-	NID_id_pkix1_explicit_88,8,&(lvalues[1951]),0},
-{"id-pkix1-implicit-88","id-pkix1-implicit-88",
-	NID_id_pkix1_implicit_88,8,&(lvalues[1959]),0},
-{"id-pkix1-explicit-93","id-pkix1-explicit-93",
-	NID_id_pkix1_explicit_93,8,&(lvalues[1967]),0},
-{"id-pkix1-implicit-93","id-pkix1-implicit-93",
-	NID_id_pkix1_implicit_93,8,&(lvalues[1975]),0},
-{"id-mod-crmf","id-mod-crmf",NID_id_mod_crmf,8,&(lvalues[1983]),0},
-{"id-mod-cmc","id-mod-cmc",NID_id_mod_cmc,8,&(lvalues[1991]),0},
-{"id-mod-kea-profile-88","id-mod-kea-profile-88",
-	NID_id_mod_kea_profile_88,8,&(lvalues[1999]),0},
-{"id-mod-kea-profile-93","id-mod-kea-profile-93",
-	NID_id_mod_kea_profile_93,8,&(lvalues[2007]),0},
-{"id-mod-cmp","id-mod-cmp",NID_id_mod_cmp,8,&(lvalues[2015]),0},
-{"id-mod-qualified-cert-88","id-mod-qualified-cert-88",
-	NID_id_mod_qualified_cert_88,8,&(lvalues[2023]),0},
-{"id-mod-qualified-cert-93","id-mod-qualified-cert-93",
-	NID_id_mod_qualified_cert_93,8,&(lvalues[2031]),0},
-{"id-mod-attribute-cert","id-mod-attribute-cert",
-	NID_id_mod_attribute_cert,8,&(lvalues[2039]),0},
-{"id-mod-timestamp-protocol","id-mod-timestamp-protocol",
-	NID_id_mod_timestamp_protocol,8,&(lvalues[2047]),0},
-{"id-mod-ocsp","id-mod-ocsp",NID_id_mod_ocsp,8,&(lvalues[2055]),0},
-{"id-mod-dvcs","id-mod-dvcs",NID_id_mod_dvcs,8,&(lvalues[2063]),0},
-{"id-mod-cmp2000","id-mod-cmp2000",NID_id_mod_cmp2000,8,
-	&(lvalues[2071]),0},
-{"biometricInfo","Biometric Info",NID_biometricInfo,8,&(lvalues[2079]),0},
-{"qcStatements","qcStatements",NID_qcStatements,8,&(lvalues[2087]),0},
-{"ac-auditEntity","ac-auditEntity",NID_ac_auditEntity,8,
-	&(lvalues[2095]),0},
-{"ac-targeting","ac-targeting",NID_ac_targeting,8,&(lvalues[2103]),0},
-{"aaControls","aaControls",NID_aaControls,8,&(lvalues[2111]),0},
-{"sbgp-ipAddrBlock","sbgp-ipAddrBlock",NID_sbgp_ipAddrBlock,8,
-	&(lvalues[2119]),0},
-{"sbgp-autonomousSysNum","sbgp-autonomousSysNum",
-	NID_sbgp_autonomousSysNum,8,&(lvalues[2127]),0},
-{"sbgp-routerIdentifier","sbgp-routerIdentifier",
-	NID_sbgp_routerIdentifier,8,&(lvalues[2135]),0},
-{"textNotice","textNotice",NID_textNotice,8,&(lvalues[2143]),0},
-{"ipsecEndSystem","IPSec End System",NID_ipsecEndSystem,8,
-	&(lvalues[2151]),0},
-{"ipsecTunnel","IPSec Tunnel",NID_ipsecTunnel,8,&(lvalues[2159]),0},
-{"ipsecUser","IPSec User",NID_ipsecUser,8,&(lvalues[2167]),0},
-{"DVCS","dvcs",NID_dvcs,8,&(lvalues[2175]),0},
-{"id-it-caProtEncCert","id-it-caProtEncCert",NID_id_it_caProtEncCert,
-	8,&(lvalues[2183]),0},
-{"id-it-signKeyPairTypes","id-it-signKeyPairTypes",
-	NID_id_it_signKeyPairTypes,8,&(lvalues[2191]),0},
-{"id-it-encKeyPairTypes","id-it-encKeyPairTypes",
-	NID_id_it_encKeyPairTypes,8,&(lvalues[2199]),0},
-{"id-it-preferredSymmAlg","id-it-preferredSymmAlg",
-	NID_id_it_preferredSymmAlg,8,&(lvalues[2207]),0},
-{"id-it-caKeyUpdateInfo","id-it-caKeyUpdateInfo",
-	NID_id_it_caKeyUpdateInfo,8,&(lvalues[2215]),0},
-{"id-it-currentCRL","id-it-currentCRL",NID_id_it_currentCRL,8,
-	&(lvalues[2223]),0},
-{"id-it-unsupportedOIDs","id-it-unsupportedOIDs",
-	NID_id_it_unsupportedOIDs,8,&(lvalues[2231]),0},
-{"id-it-subscriptionRequest","id-it-subscriptionRequest",
-	NID_id_it_subscriptionRequest,8,&(lvalues[2239]),0},
-{"id-it-subscriptionResponse","id-it-subscriptionResponse",
-	NID_id_it_subscriptionResponse,8,&(lvalues[2247]),0},
-{"id-it-keyPairParamReq","id-it-keyPairParamReq",
-	NID_id_it_keyPairParamReq,8,&(lvalues[2255]),0},
-{"id-it-keyPairParamRep","id-it-keyPairParamRep",
-	NID_id_it_keyPairParamRep,8,&(lvalues[2263]),0},
-{"id-it-revPassphrase","id-it-revPassphrase",NID_id_it_revPassphrase,
-	8,&(lvalues[2271]),0},
-{"id-it-implicitConfirm","id-it-implicitConfirm",
-	NID_id_it_implicitConfirm,8,&(lvalues[2279]),0},
-{"id-it-confirmWaitTime","id-it-confirmWaitTime",
-	NID_id_it_confirmWaitTime,8,&(lvalues[2287]),0},
-{"id-it-origPKIMessage","id-it-origPKIMessage",
-	NID_id_it_origPKIMessage,8,&(lvalues[2295]),0},
-{"id-regCtrl","id-regCtrl",NID_id_regCtrl,8,&(lvalues[2303]),0},
-{"id-regInfo","id-regInfo",NID_id_regInfo,8,&(lvalues[2311]),0},
-{"id-regCtrl-regToken","id-regCtrl-regToken",NID_id_regCtrl_regToken,
-	9,&(lvalues[2319]),0},
-{"id-regCtrl-authenticator","id-regCtrl-authenticator",
-	NID_id_regCtrl_authenticator,9,&(lvalues[2328]),0},
-{"id-regCtrl-pkiPublicationInfo","id-regCtrl-pkiPublicationInfo",
-	NID_id_regCtrl_pkiPublicationInfo,9,&(lvalues[2337]),0},
-{"id-regCtrl-pkiArchiveOptions","id-regCtrl-pkiArchiveOptions",
-	NID_id_regCtrl_pkiArchiveOptions,9,&(lvalues[2346]),0},
-{"id-regCtrl-oldCertID","id-regCtrl-oldCertID",
-	NID_id_regCtrl_oldCertID,9,&(lvalues[2355]),0},
-{"id-regCtrl-protocolEncrKey","id-regCtrl-protocolEncrKey",
-	NID_id_regCtrl_protocolEncrKey,9,&(lvalues[2364]),0},
-{"id-regInfo-utf8Pairs","id-regInfo-utf8Pairs",
-	NID_id_regInfo_utf8Pairs,9,&(lvalues[2373]),0},
-{"id-regInfo-certReq","id-regInfo-certReq",NID_id_regInfo_certReq,9,
-	&(lvalues[2382]),0},
-{"id-alg-des40","id-alg-des40",NID_id_alg_des40,8,&(lvalues[2391]),0},
-{"id-alg-noSignature","id-alg-noSignature",NID_id_alg_noSignature,8,
-	&(lvalues[2399]),0},
-{"id-alg-dh-sig-hmac-sha1","id-alg-dh-sig-hmac-sha1",
-	NID_id_alg_dh_sig_hmac_sha1,8,&(lvalues[2407]),0},
-{"id-alg-dh-pop","id-alg-dh-pop",NID_id_alg_dh_pop,8,&(lvalues[2415]),0},
-{"id-cmc-statusInfo","id-cmc-statusInfo",NID_id_cmc_statusInfo,8,
-	&(lvalues[2423]),0},
-{"id-cmc-identification","id-cmc-identification",
-	NID_id_cmc_identification,8,&(lvalues[2431]),0},
-{"id-cmc-identityProof","id-cmc-identityProof",
-	NID_id_cmc_identityProof,8,&(lvalues[2439]),0},
-{"id-cmc-dataReturn","id-cmc-dataReturn",NID_id_cmc_dataReturn,8,
-	&(lvalues[2447]),0},
-{"id-cmc-transactionId","id-cmc-transactionId",
-	NID_id_cmc_transactionId,8,&(lvalues[2455]),0},
-{"id-cmc-senderNonce","id-cmc-senderNonce",NID_id_cmc_senderNonce,8,
-	&(lvalues[2463]),0},
-{"id-cmc-recipientNonce","id-cmc-recipientNonce",
-	NID_id_cmc_recipientNonce,8,&(lvalues[2471]),0},
-{"id-cmc-addExtensions","id-cmc-addExtensions",
-	NID_id_cmc_addExtensions,8,&(lvalues[2479]),0},
-{"id-cmc-encryptedPOP","id-cmc-encryptedPOP",NID_id_cmc_encryptedPOP,
-	8,&(lvalues[2487]),0},
-{"id-cmc-decryptedPOP","id-cmc-decryptedPOP",NID_id_cmc_decryptedPOP,
-	8,&(lvalues[2495]),0},
-{"id-cmc-lraPOPWitness","id-cmc-lraPOPWitness",
-	NID_id_cmc_lraPOPWitness,8,&(lvalues[2503]),0},
-{"id-cmc-getCert","id-cmc-getCert",NID_id_cmc_getCert,8,
-	&(lvalues[2511]),0},
-{"id-cmc-getCRL","id-cmc-getCRL",NID_id_cmc_getCRL,8,&(lvalues[2519]),0},
-{"id-cmc-revokeRequest","id-cmc-revokeRequest",
-	NID_id_cmc_revokeRequest,8,&(lvalues[2527]),0},
-{"id-cmc-regInfo","id-cmc-regInfo",NID_id_cmc_regInfo,8,
-	&(lvalues[2535]),0},
-{"id-cmc-responseInfo","id-cmc-responseInfo",NID_id_cmc_responseInfo,
-	8,&(lvalues[2543]),0},
-{"id-cmc-queryPending","id-cmc-queryPending",NID_id_cmc_queryPending,
-	8,&(lvalues[2551]),0},
-{"id-cmc-popLinkRandom","id-cmc-popLinkRandom",
-	NID_id_cmc_popLinkRandom,8,&(lvalues[2559]),0},
-{"id-cmc-popLinkWitness","id-cmc-popLinkWitness",
-	NID_id_cmc_popLinkWitness,8,&(lvalues[2567]),0},
-{"id-cmc-confirmCertAcceptance","id-cmc-confirmCertAcceptance",
-	NID_id_cmc_confirmCertAcceptance,8,&(lvalues[2575]),0},
-{"id-on-personalData","id-on-personalData",NID_id_on_personalData,8,
-	&(lvalues[2583]),0},
-{"id-pda-dateOfBirth","id-pda-dateOfBirth",NID_id_pda_dateOfBirth,8,
-	&(lvalues[2591]),0},
-{"id-pda-placeOfBirth","id-pda-placeOfBirth",NID_id_pda_placeOfBirth,
-	8,&(lvalues[2599]),0},
-{NULL,NULL,NID_undef,0,NULL,0},
-{"id-pda-gender","id-pda-gender",NID_id_pda_gender,8,&(lvalues[2607]),0},
-{"id-pda-countryOfCitizenship","id-pda-countryOfCitizenship",
-	NID_id_pda_countryOfCitizenship,8,&(lvalues[2615]),0},
-{"id-pda-countryOfResidence","id-pda-countryOfResidence",
-	NID_id_pda_countryOfResidence,8,&(lvalues[2623]),0},
-{"id-aca-authenticationInfo","id-aca-authenticationInfo",
-	NID_id_aca_authenticationInfo,8,&(lvalues[2631]),0},
-{"id-aca-accessIdentity","id-aca-accessIdentity",
-	NID_id_aca_accessIdentity,8,&(lvalues[2639]),0},
-{"id-aca-chargingIdentity","id-aca-chargingIdentity",
-	NID_id_aca_chargingIdentity,8,&(lvalues[2647]),0},
-{"id-aca-group","id-aca-group",NID_id_aca_group,8,&(lvalues[2655]),0},
-{"id-aca-role","id-aca-role",NID_id_aca_role,8,&(lvalues[2663]),0},
-{"id-qcs-pkixQCSyntax-v1","id-qcs-pkixQCSyntax-v1",
-	NID_id_qcs_pkixQCSyntax_v1,8,&(lvalues[2671]),0},
-{"id-cct-crs","id-cct-crs",NID_id_cct_crs,8,&(lvalues[2679]),0},
-{"id-cct-PKIData","id-cct-PKIData",NID_id_cct_PKIData,8,
-	&(lvalues[2687]),0},
-{"id-cct-PKIResponse","id-cct-PKIResponse",NID_id_cct_PKIResponse,8,
-	&(lvalues[2695]),0},
-{"ad_timestamping","AD Time Stamping",NID_ad_timeStamping,8,
-	&(lvalues[2703]),0},
-{"AD_DVCS","ad dvcs",NID_ad_dvcs,8,&(lvalues[2711]),0},
-{"basicOCSPResponse","Basic OCSP Response",NID_id_pkix_OCSP_basic,9,
-	&(lvalues[2719]),0},
-{"Nonce","OCSP Nonce",NID_id_pkix_OCSP_Nonce,9,&(lvalues[2728]),0},
-{"CrlID","OCSP CRL ID",NID_id_pkix_OCSP_CrlID,9,&(lvalues[2737]),0},
-{"acceptableResponses","Acceptable OCSP Responses",
-	NID_id_pkix_OCSP_acceptableResponses,9,&(lvalues[2746]),0},
-{"noCheck","OCSP No Check",NID_id_pkix_OCSP_noCheck,9,&(lvalues[2755]),0},
-{"archiveCutoff","OCSP Archive Cutoff",NID_id_pkix_OCSP_archiveCutoff,
-	9,&(lvalues[2764]),0},
-{"serviceLocator","OCSP Service Locator",
-	NID_id_pkix_OCSP_serviceLocator,9,&(lvalues[2773]),0},
-{"extendedStatus","Extended OCSP Status",
-	NID_id_pkix_OCSP_extendedStatus,9,&(lvalues[2782]),0},
-{"valid","valid",NID_id_pkix_OCSP_valid,9,&(lvalues[2791]),0},
-{"path","path",NID_id_pkix_OCSP_path,9,&(lvalues[2800]),0},
-{"trustRoot","Trust Root",NID_id_pkix_OCSP_trustRoot,9,
-	&(lvalues[2809]),0},
-{"algorithm","algorithm",NID_algorithm,4,&(lvalues[2818]),0},
-{"rsaSignature","rsaSignature",NID_rsaSignature,5,&(lvalues[2822]),0},
-{"X500algorithms","directory services - algorithms",
-	NID_X500algorithms,2,&(lvalues[2827]),0},
-{"ORG","org",NID_org,1,&(lvalues[2829]),0},
-{"DOD","dod",NID_dod,2,&(lvalues[2830]),0},
-{"IANA","iana",NID_iana,3,&(lvalues[2832]),0},
-{"directory","Directory",NID_Directory,4,&(lvalues[2835]),0},
-{"mgmt","Management",NID_Management,4,&(lvalues[2839]),0},
-{"experimental","Experimental",NID_Experimental,4,&(lvalues[2843]),0},
-{"private","Private",NID_Private,4,&(lvalues[2847]),0},
-{"security","Security",NID_Security,4,&(lvalues[2851]),0},
-{"snmpv2","SNMPv2",NID_SNMPv2,4,&(lvalues[2855]),0},
-{"Mail","Mail",NID_Mail,4,&(lvalues[2859]),0},
-{"enterprises","Enterprises",NID_Enterprises,5,&(lvalues[2863]),0},
-{"dcobject","dcObject",NID_dcObject,9,&(lvalues[2868]),0},
-{"DC","domainComponent",NID_domainComponent,10,&(lvalues[2877]),0},
-{"domain","Domain",NID_Domain,10,&(lvalues[2887]),0},
-{"NULL","NULL",NID_joint_iso_ccitt,0,NULL,0},
-{"selected-attribute-types","Selected Attribute Types",
-	NID_selected_attribute_types,3,&(lvalues[2897]),0},
-{"clearance","clearance",NID_clearance,4,&(lvalues[2900]),0},
-{"RSA-MD4","md4WithRSAEncryption",NID_md4WithRSAEncryption,9,
-	&(lvalues[2904]),0},
-{"ac-proxying","ac-proxying",NID_ac_proxying,8,&(lvalues[2913]),0},
-{"subjectInfoAccess","Subject Information Access",NID_sinfo_access,8,
-	&(lvalues[2921]),0},
-{"id-aca-encAttrs","id-aca-encAttrs",NID_id_aca_encAttrs,8,
-	&(lvalues[2929]),0},
-{"role","role",NID_role,3,&(lvalues[2937]),0},
-{"policyConstraints","X509v3 Policy Constraints",
-	NID_policy_constraints,3,&(lvalues[2940]),0},
-{"targetInformation","X509v3 AC Targeting",NID_target_information,3,
-	&(lvalues[2943]),0},
-{"noRevAvail","X509v3 No Revocation Available",NID_no_rev_avail,3,
-	&(lvalues[2946]),0},
-{"NULL","NULL",NID_ccitt,0,NULL,0},
-{"ansi-X9-62","ANSI X9.62",NID_ansi_X9_62,5,&(lvalues[2949]),0},
-{"prime-field","prime-field",NID_X9_62_prime_field,7,&(lvalues[2954]),0},
-{"characteristic-two-field","characteristic-two-field",
-	NID_X9_62_characteristic_two_field,7,&(lvalues[2961]),0},
-{"id-ecPublicKey","id-ecPublicKey",NID_X9_62_id_ecPublicKey,7,
-	&(lvalues[2968]),0},
-{"prime192v1","prime192v1",NID_X9_62_prime192v1,8,&(lvalues[2975]),0},
-{"prime192v2","prime192v2",NID_X9_62_prime192v2,8,&(lvalues[2983]),0},
-{"prime192v3","prime192v3",NID_X9_62_prime192v3,8,&(lvalues[2991]),0},
-{"prime239v1","prime239v1",NID_X9_62_prime239v1,8,&(lvalues[2999]),0},
-{"prime239v2","prime239v2",NID_X9_62_prime239v2,8,&(lvalues[3007]),0},
-{"prime239v3","prime239v3",NID_X9_62_prime239v3,8,&(lvalues[3015]),0},
-{"prime256v1","prime256v1",NID_X9_62_prime256v1,8,&(lvalues[3023]),0},
-{"ecdsa-with-SHA1","ecdsa-with-SHA1",NID_ecdsa_with_SHA1,7,
-	&(lvalues[3031]),0},
-{"CSPName","Microsoft CSP Name",NID_ms_csp_name,9,&(lvalues[3038]),0},
-{"AES-128-ECB","aes-128-ecb",NID_aes_128_ecb,9,&(lvalues[3047]),0},
-{"AES-128-CBC","aes-128-cbc",NID_aes_128_cbc,9,&(lvalues[3056]),0},
-{"AES-128-OFB","aes-128-ofb",NID_aes_128_ofb128,9,&(lvalues[3065]),0},
-{"AES-128-CFB","aes-128-cfb",NID_aes_128_cfb128,9,&(lvalues[3074]),0},
-{"AES-192-ECB","aes-192-ecb",NID_aes_192_ecb,9,&(lvalues[3083]),0},
-{"AES-192-CBC","aes-192-cbc",NID_aes_192_cbc,9,&(lvalues[3092]),0},
-{"AES-192-OFB","aes-192-ofb",NID_aes_192_ofb128,9,&(lvalues[3101]),0},
-{"AES-192-CFB","aes-192-cfb",NID_aes_192_cfb128,9,&(lvalues[3110]),0},
-{"AES-256-ECB","aes-256-ecb",NID_aes_256_ecb,9,&(lvalues[3119]),0},
-{"AES-256-CBC","aes-256-cbc",NID_aes_256_cbc,9,&(lvalues[3128]),0},
-{"AES-256-OFB","aes-256-ofb",NID_aes_256_ofb128,9,&(lvalues[3137]),0},
-{"AES-256-CFB","aes-256-cfb",NID_aes_256_cfb128,9,&(lvalues[3146]),0},
-{"holdInstructionCode","Hold Instruction Code",
-	NID_hold_instruction_code,3,&(lvalues[3155]),0},
-{"holdInstructionNone","Hold Instruction None",
-	NID_hold_instruction_none,7,&(lvalues[3158]),0},
-{"holdInstructionCallIssuer","Hold Instruction Call Issuer",
-	NID_hold_instruction_call_issuer,7,&(lvalues[3165]),0},
-{"holdInstructionReject","Hold Instruction Reject",
-	NID_hold_instruction_reject,7,&(lvalues[3172]),0},
-{"data","data",NID_data,1,&(lvalues[3179]),0},
-{"pss","pss",NID_pss,3,&(lvalues[3180]),0},
-{"ucl","ucl",NID_ucl,7,&(lvalues[3183]),0},
-{"pilot","pilot",NID_pilot,8,&(lvalues[3190]),0},
-{"pilotAttributeType","pilotAttributeType",NID_pilotAttributeType,9,
-	&(lvalues[3198]),0},
-{"pilotAttributeSyntax","pilotAttributeSyntax",
-	NID_pilotAttributeSyntax,9,&(lvalues[3207]),0},
-{"pilotObjectClass","pilotObjectClass",NID_pilotObjectClass,9,
-	&(lvalues[3216]),0},
-{"pilotGroups","pilotGroups",NID_pilotGroups,9,&(lvalues[3225]),0},
-{"iA5StringSyntax","iA5StringSyntax",NID_iA5StringSyntax,10,
-	&(lvalues[3234]),0},
-{"caseIgnoreIA5StringSyntax","caseIgnoreIA5StringSyntax",
-	NID_caseIgnoreIA5StringSyntax,10,&(lvalues[3244]),0},
-{"pilotObject","pilotObject",NID_pilotObject,10,&(lvalues[3254]),0},
-{"pilotPerson","pilotPerson",NID_pilotPerson,10,&(lvalues[3264]),0},
-{"account","account",NID_account,10,&(lvalues[3274]),0},
-{"document","document",NID_document,10,&(lvalues[3284]),0},
-{"room","room",NID_room,10,&(lvalues[3294]),0},
-{"documentSeries","documentSeries",NID_documentSeries,10,
-	&(lvalues[3304]),0},
-{"rFC822localPart","rFC822localPart",NID_rFC822localPart,10,
-	&(lvalues[3314]),0},
-{"dNSDomain","dNSDomain",NID_dNSDomain,10,&(lvalues[3324]),0},
-{"domainRelatedObject","domainRelatedObject",NID_domainRelatedObject,
-	10,&(lvalues[3334]),0},
-{"friendlyCountry","friendlyCountry",NID_friendlyCountry,10,
-	&(lvalues[3344]),0},
-{"simpleSecurityObject","simpleSecurityObject",
-	NID_simpleSecurityObject,10,&(lvalues[3354]),0},
-{"pilotOrganization","pilotOrganization",NID_pilotOrganization,10,
-	&(lvalues[3364]),0},
-{"pilotDSA","pilotDSA",NID_pilotDSA,10,&(lvalues[3374]),0},
-{"qualityLabelledData","qualityLabelledData",NID_qualityLabelledData,
-	10,&(lvalues[3384]),0},
-{"UID","userId",NID_userId,10,&(lvalues[3394]),0},
-{"textEncodedORAddress","textEncodedORAddress",
-	NID_textEncodedORAddress,10,&(lvalues[3404]),0},
-{"mail","rfc822Mailbox",NID_rfc822Mailbox,10,&(lvalues[3414]),0},
-{"info","info",NID_info,10,&(lvalues[3424]),0},
-{"favouriteDrink","favouriteDrink",NID_favouriteDrink,10,
-	&(lvalues[3434]),0},
-{"roomNumber","roomNumber",NID_roomNumber,10,&(lvalues[3444]),0},
-{"photo","photo",NID_photo,10,&(lvalues[3454]),0},
-{"userClass","userClass",NID_userClass,10,&(lvalues[3464]),0},
-{"host","host",NID_host,10,&(lvalues[3474]),0},
-{"manager","manager",NID_manager,10,&(lvalues[3484]),0},
-{"documentIdentifier","documentIdentifier",NID_documentIdentifier,10,
-	&(lvalues[3494]),0},
-{"documentTitle","documentTitle",NID_documentTitle,10,&(lvalues[3504]),0},
-{"documentVersion","documentVersion",NID_documentVersion,10,
-	&(lvalues[3514]),0},
-{"documentAuthor","documentAuthor",NID_documentAuthor,10,
-	&(lvalues[3524]),0},
-{"documentLocation","documentLocation",NID_documentLocation,10,
-	&(lvalues[3534]),0},
-{"homeTelephoneNumber","homeTelephoneNumber",NID_homeTelephoneNumber,
-	10,&(lvalues[3544]),0},
-{"secretary","secretary",NID_secretary,10,&(lvalues[3554]),0},
-{"otherMailbox","otherMailbox",NID_otherMailbox,10,&(lvalues[3564]),0},
-{"lastModifiedTime","lastModifiedTime",NID_lastModifiedTime,10,
-	&(lvalues[3574]),0},
-{"lastModifiedBy","lastModifiedBy",NID_lastModifiedBy,10,
-	&(lvalues[3584]),0},
-{"aRecord","aRecord",NID_aRecord,10,&(lvalues[3594]),0},
-{"pilotAttributeType27","pilotAttributeType27",
-	NID_pilotAttributeType27,10,&(lvalues[3604]),0},
-{"mXRecord","mXRecord",NID_mXRecord,10,&(lvalues[3614]),0},
-{"nSRecord","nSRecord",NID_nSRecord,10,&(lvalues[3624]),0},
-{"sOARecord","sOARecord",NID_sOARecord,10,&(lvalues[3634]),0},
-{"cNAMERecord","cNAMERecord",NID_cNAMERecord,10,&(lvalues[3644]),0},
-{"associatedDomain","associatedDomain",NID_associatedDomain,10,
-	&(lvalues[3654]),0},
-{"associatedName","associatedName",NID_associatedName,10,
-	&(lvalues[3664]),0},
-{"homePostalAddress","homePostalAddress",NID_homePostalAddress,10,
-	&(lvalues[3674]),0},
-{"personalTitle","personalTitle",NID_personalTitle,10,&(lvalues[3684]),0},
-{"mobileTelephoneNumber","mobileTelephoneNumber",
-	NID_mobileTelephoneNumber,10,&(lvalues[3694]),0},
-{"pagerTelephoneNumber","pagerTelephoneNumber",
-	NID_pagerTelephoneNumber,10,&(lvalues[3704]),0},
-{"friendlyCountryName","friendlyCountryName",NID_friendlyCountryName,
-	10,&(lvalues[3714]),0},
-{"organizationalStatus","organizationalStatus",
-	NID_organizationalStatus,10,&(lvalues[3724]),0},
-{"janetMailbox","janetMailbox",NID_janetMailbox,10,&(lvalues[3734]),0},
-{"mailPreferenceOption","mailPreferenceOption",
-	NID_mailPreferenceOption,10,&(lvalues[3744]),0},
-{"buildingName","buildingName",NID_buildingName,10,&(lvalues[3754]),0},
-{"dSAQuality","dSAQuality",NID_dSAQuality,10,&(lvalues[3764]),0},
-{"singleLevelQuality","singleLevelQuality",NID_singleLevelQuality,10,
-	&(lvalues[3774]),0},
-{"subtreeMinimumQuality","subtreeMinimumQuality",
-	NID_subtreeMinimumQuality,10,&(lvalues[3784]),0},
-{"subtreeMaximumQuality","subtreeMaximumQuality",
-	NID_subtreeMaximumQuality,10,&(lvalues[3794]),0},
-{"personalSignature","personalSignature",NID_personalSignature,10,
-	&(lvalues[3804]),0},
-{"dITRedirect","dITRedirect",NID_dITRedirect,10,&(lvalues[3814]),0},
-{"audio","audio",NID_audio,10,&(lvalues[3824]),0},
-{"documentPublisher","documentPublisher",NID_documentPublisher,10,
-	&(lvalues[3834]),0},
-{"x500UniqueIdentifier","x500UniqueIdentifier",
-	NID_x500UniqueIdentifier,3,&(lvalues[3844]),0},
-{"mime-mhs","MIME MHS",NID_mime_mhs,5,&(lvalues[3847]),0},
-{"mime-mhs-headings","mime-mhs-headings",NID_mime_mhs_headings,6,
-	&(lvalues[3852]),0},
-{"mime-mhs-bodies","mime-mhs-bodies",NID_mime_mhs_bodies,6,
-	&(lvalues[3858]),0},
-{"id-hex-partial-message","id-hex-partial-message",
-	NID_id_hex_partial_message,7,&(lvalues[3864]),0},
-{"id-hex-multipart-message","id-hex-multipart-message",
-	NID_id_hex_multipart_message,7,&(lvalues[3871]),0},
-{"generationQualifier","generationQualifier",NID_generationQualifier,
-	3,&(lvalues[3878]),0},
-{"pseudonym","pseudonym",NID_pseudonym,3,&(lvalues[3881]),0},
-{NULL,NULL,NID_undef,0,NULL,0},
-{"id-set","Secure Electronic Transactions",NID_id_set,2,
-	&(lvalues[3884]),0},
-{"set-ctype","content types",NID_set_ctype,3,&(lvalues[3886]),0},
-{"set-msgExt","message extensions",NID_set_msgExt,3,&(lvalues[3889]),0},
-{"set-attr","set-attr",NID_set_attr,3,&(lvalues[3892]),0},
-{"set-policy","set-policy",NID_set_policy,3,&(lvalues[3895]),0},
-{"set-certExt","certificate extensions",NID_set_certExt,3,
-	&(lvalues[3898]),0},
-{"set-brand","set-brand",NID_set_brand,3,&(lvalues[3901]),0},
-{"setct-PANData","setct-PANData",NID_setct_PANData,4,&(lvalues[3904]),0},
-{"setct-PANToken","setct-PANToken",NID_setct_PANToken,4,
-	&(lvalues[3908]),0},
-{"setct-PANOnly","setct-PANOnly",NID_setct_PANOnly,4,&(lvalues[3912]),0},
-{"setct-OIData","setct-OIData",NID_setct_OIData,4,&(lvalues[3916]),0},
-{"setct-PI","setct-PI",NID_setct_PI,4,&(lvalues[3920]),0},
-{"setct-PIData","setct-PIData",NID_setct_PIData,4,&(lvalues[3924]),0},
-{"setct-PIDataUnsigned","setct-PIDataUnsigned",
-	NID_setct_PIDataUnsigned,4,&(lvalues[3928]),0},
-{"setct-HODInput","setct-HODInput",NID_setct_HODInput,4,
-	&(lvalues[3932]),0},
-{"setct-AuthResBaggage","setct-AuthResBaggage",
-	NID_setct_AuthResBaggage,4,&(lvalues[3936]),0},
-{"setct-AuthRevReqBaggage","setct-AuthRevReqBaggage",
-	NID_setct_AuthRevReqBaggage,4,&(lvalues[3940]),0},
-{"setct-AuthRevResBaggage","setct-AuthRevResBaggage",
-	NID_setct_AuthRevResBaggage,4,&(lvalues[3944]),0},
-{"setct-CapTokenSeq","setct-CapTokenSeq",NID_setct_CapTokenSeq,4,
-	&(lvalues[3948]),0},
-{"setct-PInitResData","setct-PInitResData",NID_setct_PInitResData,4,
-	&(lvalues[3952]),0},
-{"setct-PI-TBS","setct-PI-TBS",NID_setct_PI_TBS,4,&(lvalues[3956]),0},
-{"setct-PResData","setct-PResData",NID_setct_PResData,4,
-	&(lvalues[3960]),0},
-{"setct-AuthReqTBS","setct-AuthReqTBS",NID_setct_AuthReqTBS,4,
-	&(lvalues[3964]),0},
-{"setct-AuthResTBS","setct-AuthResTBS",NID_setct_AuthResTBS,4,
-	&(lvalues[3968]),0},
-{"setct-AuthResTBSX","setct-AuthResTBSX",NID_setct_AuthResTBSX,4,
-	&(lvalues[3972]),0},
-{"setct-AuthTokenTBS","setct-AuthTokenTBS",NID_setct_AuthTokenTBS,4,
-	&(lvalues[3976]),0},
-{"setct-CapTokenData","setct-CapTokenData",NID_setct_CapTokenData,4,
-	&(lvalues[3980]),0},
-{"setct-CapTokenTBS","setct-CapTokenTBS",NID_setct_CapTokenTBS,4,
-	&(lvalues[3984]),0},
-{"setct-AcqCardCodeMsg","setct-AcqCardCodeMsg",
-	NID_setct_AcqCardCodeMsg,4,&(lvalues[3988]),0},
-{"setct-AuthRevReqTBS","setct-AuthRevReqTBS",NID_setct_AuthRevReqTBS,
-	4,&(lvalues[3992]),0},
-{"setct-AuthRevResData","setct-AuthRevResData",
-	NID_setct_AuthRevResData,4,&(lvalues[3996]),0},
-{"setct-AuthRevResTBS","setct-AuthRevResTBS",NID_setct_AuthRevResTBS,
-	4,&(lvalues[4000]),0},
-{"setct-CapReqTBS","setct-CapReqTBS",NID_setct_CapReqTBS,4,
-	&(lvalues[4004]),0},
-{"setct-CapReqTBSX","setct-CapReqTBSX",NID_setct_CapReqTBSX,4,
-	&(lvalues[4008]),0},
-{"setct-CapResData","setct-CapResData",NID_setct_CapResData,4,
-	&(lvalues[4012]),0},
-{"setct-CapRevReqTBS","setct-CapRevReqTBS",NID_setct_CapRevReqTBS,4,
-	&(lvalues[4016]),0},
-{"setct-CapRevReqTBSX","setct-CapRevReqTBSX",NID_setct_CapRevReqTBSX,
-	4,&(lvalues[4020]),0},
-{"setct-CapRevResData","setct-CapRevResData",NID_setct_CapRevResData,
-	4,&(lvalues[4024]),0},
-{"setct-CredReqTBS","setct-CredReqTBS",NID_setct_CredReqTBS,4,
-	&(lvalues[4028]),0},
-{"setct-CredReqTBSX","setct-CredReqTBSX",NID_setct_CredReqTBSX,4,
-	&(lvalues[4032]),0},
-{"setct-CredResData","setct-CredResData",NID_setct_CredResData,4,
-	&(lvalues[4036]),0},
-{"setct-CredRevReqTBS","setct-CredRevReqTBS",NID_setct_CredRevReqTBS,
-	4,&(lvalues[4040]),0},
-{"setct-CredRevReqTBSX","setct-CredRevReqTBSX",
-	NID_setct_CredRevReqTBSX,4,&(lvalues[4044]),0},
-{"setct-CredRevResData","setct-CredRevResData",
-	NID_setct_CredRevResData,4,&(lvalues[4048]),0},
-{"setct-PCertReqData","setct-PCertReqData",NID_setct_PCertReqData,4,
-	&(lvalues[4052]),0},
-{"setct-PCertResTBS","setct-PCertResTBS",NID_setct_PCertResTBS,4,
-	&(lvalues[4056]),0},
-{"setct-BatchAdminReqData","setct-BatchAdminReqData",
-	NID_setct_BatchAdminReqData,4,&(lvalues[4060]),0},
-{"setct-BatchAdminResData","setct-BatchAdminResData",
-	NID_setct_BatchAdminResData,4,&(lvalues[4064]),0},
-{"setct-CardCInitResTBS","setct-CardCInitResTBS",
-	NID_setct_CardCInitResTBS,4,&(lvalues[4068]),0},
-{"setct-MeAqCInitResTBS","setct-MeAqCInitResTBS",
-	NID_setct_MeAqCInitResTBS,4,&(lvalues[4072]),0},
-{"setct-RegFormResTBS","setct-RegFormResTBS",NID_setct_RegFormResTBS,
-	4,&(lvalues[4076]),0},
-{"setct-CertReqData","setct-CertReqData",NID_setct_CertReqData,4,
-	&(lvalues[4080]),0},
-{"setct-CertReqTBS","setct-CertReqTBS",NID_setct_CertReqTBS,4,
-	&(lvalues[4084]),0},
-{"setct-CertResData","setct-CertResData",NID_setct_CertResData,4,
-	&(lvalues[4088]),0},
-{"setct-CertInqReqTBS","setct-CertInqReqTBS",NID_setct_CertInqReqTBS,
-	4,&(lvalues[4092]),0},
-{"setct-ErrorTBS","setct-ErrorTBS",NID_setct_ErrorTBS,4,
-	&(lvalues[4096]),0},
-{"setct-PIDualSignedTBE","setct-PIDualSignedTBE",
-	NID_setct_PIDualSignedTBE,4,&(lvalues[4100]),0},
-{"setct-PIUnsignedTBE","setct-PIUnsignedTBE",NID_setct_PIUnsignedTBE,
-	4,&(lvalues[4104]),0},
-{"setct-AuthReqTBE","setct-AuthReqTBE",NID_setct_AuthReqTBE,4,
-	&(lvalues[4108]),0},
-{"setct-AuthResTBE","setct-AuthResTBE",NID_setct_AuthResTBE,4,
-	&(lvalues[4112]),0},
-{"setct-AuthResTBEX","setct-AuthResTBEX",NID_setct_AuthResTBEX,4,
-	&(lvalues[4116]),0},
-{"setct-AuthTokenTBE","setct-AuthTokenTBE",NID_setct_AuthTokenTBE,4,
-	&(lvalues[4120]),0},
-{"setct-CapTokenTBE","setct-CapTokenTBE",NID_setct_CapTokenTBE,4,
-	&(lvalues[4124]),0},
-{"setct-CapTokenTBEX","setct-CapTokenTBEX",NID_setct_CapTokenTBEX,4,
-	&(lvalues[4128]),0},
-{"setct-AcqCardCodeMsgTBE","setct-AcqCardCodeMsgTBE",
-	NID_setct_AcqCardCodeMsgTBE,4,&(lvalues[4132]),0},
-{"setct-AuthRevReqTBE","setct-AuthRevReqTBE",NID_setct_AuthRevReqTBE,
-	4,&(lvalues[4136]),0},
-{"setct-AuthRevResTBE","setct-AuthRevResTBE",NID_setct_AuthRevResTBE,
-	4,&(lvalues[4140]),0},
-{"setct-AuthRevResTBEB","setct-AuthRevResTBEB",
-	NID_setct_AuthRevResTBEB,4,&(lvalues[4144]),0},
-{"setct-CapReqTBE","setct-CapReqTBE",NID_setct_CapReqTBE,4,
-	&(lvalues[4148]),0},
-{"setct-CapReqTBEX","setct-CapReqTBEX",NID_setct_CapReqTBEX,4,
-	&(lvalues[4152]),0},
-{"setct-CapResTBE","setct-CapResTBE",NID_setct_CapResTBE,4,
-	&(lvalues[4156]),0},
-{"setct-CapRevReqTBE","setct-CapRevReqTBE",NID_setct_CapRevReqTBE,4,
-	&(lvalues[4160]),0},
-{"setct-CapRevReqTBEX","setct-CapRevReqTBEX",NID_setct_CapRevReqTBEX,
-	4,&(lvalues[4164]),0},
-{"setct-CapRevResTBE","setct-CapRevResTBE",NID_setct_CapRevResTBE,4,
-	&(lvalues[4168]),0},
-{"setct-CredReqTBE","setct-CredReqTBE",NID_setct_CredReqTBE,4,
-	&(lvalues[4172]),0},
-{"setct-CredReqTBEX","setct-CredReqTBEX",NID_setct_CredReqTBEX,4,
-	&(lvalues[4176]),0},
-{"setct-CredResTBE","setct-CredResTBE",NID_setct_CredResTBE,4,
-	&(lvalues[4180]),0},
-{"setct-CredRevReqTBE","setct-CredRevReqTBE",NID_setct_CredRevReqTBE,
-	4,&(lvalues[4184]),0},
-{"setct-CredRevReqTBEX","setct-CredRevReqTBEX",
-	NID_setct_CredRevReqTBEX,4,&(lvalues[4188]),0},
-{"setct-CredRevResTBE","setct-CredRevResTBE",NID_setct_CredRevResTBE,
-	4,&(lvalues[4192]),0},
-{"setct-BatchAdminReqTBE","setct-BatchAdminReqTBE",
-	NID_setct_BatchAdminReqTBE,4,&(lvalues[4196]),0},
-{"setct-BatchAdminResTBE","setct-BatchAdminResTBE",
-	NID_setct_BatchAdminResTBE,4,&(lvalues[4200]),0},
-{"setct-RegFormReqTBE","setct-RegFormReqTBE",NID_setct_RegFormReqTBE,
-	4,&(lvalues[4204]),0},
-{"setct-CertReqTBE","setct-CertReqTBE",NID_setct_CertReqTBE,4,
-	&(lvalues[4208]),0},
-{"setct-CertReqTBEX","setct-CertReqTBEX",NID_setct_CertReqTBEX,4,
-	&(lvalues[4212]),0},
-{"setct-CertResTBE","setct-CertResTBE",NID_setct_CertResTBE,4,
-	&(lvalues[4216]),0},
-{"setct-CRLNotificationTBS","setct-CRLNotificationTBS",
-	NID_setct_CRLNotificationTBS,4,&(lvalues[4220]),0},
-{"setct-CRLNotificationResTBS","setct-CRLNotificationResTBS",
-	NID_setct_CRLNotificationResTBS,4,&(lvalues[4224]),0},
-{"setct-BCIDistributionTBS","setct-BCIDistributionTBS",
-	NID_setct_BCIDistributionTBS,4,&(lvalues[4228]),0},
-{"setext-genCrypt","generic cryptogram",NID_setext_genCrypt,4,
-	&(lvalues[4232]),0},
-{"setext-miAuth","merchant initiated auth",NID_setext_miAuth,4,
-	&(lvalues[4236]),0},
-{"setext-pinSecure","setext-pinSecure",NID_setext_pinSecure,4,
-	&(lvalues[4240]),0},
-{"setext-pinAny","setext-pinAny",NID_setext_pinAny,4,&(lvalues[4244]),0},
-{"setext-track2","setext-track2",NID_setext_track2,4,&(lvalues[4248]),0},
-{"setext-cv","additional verification",NID_setext_cv,4,
-	&(lvalues[4252]),0},
-{"set-policy-root","set-policy-root",NID_set_policy_root,4,
-	&(lvalues[4256]),0},
-{"setCext-hashedRoot","setCext-hashedRoot",NID_setCext_hashedRoot,4,
-	&(lvalues[4260]),0},
-{"setCext-certType","setCext-certType",NID_setCext_certType,4,
-	&(lvalues[4264]),0},
-{"setCext-merchData","setCext-merchData",NID_setCext_merchData,4,
-	&(lvalues[4268]),0},
-{"setCext-cCertRequired","setCext-cCertRequired",
-	NID_setCext_cCertRequired,4,&(lvalues[4272]),0},
-{"setCext-tunneling","setCext-tunneling",NID_setCext_tunneling,4,
-	&(lvalues[4276]),0},
-{"setCext-setExt","setCext-setExt",NID_setCext_setExt,4,
-	&(lvalues[4280]),0},
-{"setCext-setQualf","setCext-setQualf",NID_setCext_setQualf,4,
-	&(lvalues[4284]),0},
-{"setCext-PGWYcapabilities","setCext-PGWYcapabilities",
-	NID_setCext_PGWYcapabilities,4,&(lvalues[4288]),0},
-{"setCext-TokenIdentifier","setCext-TokenIdentifier",
-	NID_setCext_TokenIdentifier,4,&(lvalues[4292]),0},
-{"setCext-Track2Data","setCext-Track2Data",NID_setCext_Track2Data,4,
-	&(lvalues[4296]),0},
-{"setCext-TokenType","setCext-TokenType",NID_setCext_TokenType,4,
-	&(lvalues[4300]),0},
-{"setCext-IssuerCapabilities","setCext-IssuerCapabilities",
-	NID_setCext_IssuerCapabilities,4,&(lvalues[4304]),0},
-{"setAttr-Cert","setAttr-Cert",NID_setAttr_Cert,4,&(lvalues[4308]),0},
-{"setAttr-PGWYcap","payment gateway capabilities",NID_setAttr_PGWYcap,
-	4,&(lvalues[4312]),0},
-{"setAttr-TokenType","setAttr-TokenType",NID_setAttr_TokenType,4,
-	&(lvalues[4316]),0},
-{"setAttr-IssCap","issuer capabilities",NID_setAttr_IssCap,4,
-	&(lvalues[4320]),0},
-{"set-rootKeyThumb","set-rootKeyThumb",NID_set_rootKeyThumb,5,
-	&(lvalues[4324]),0},
-{"set-addPolicy","set-addPolicy",NID_set_addPolicy,5,&(lvalues[4329]),0},
-{"setAttr-Token-EMV","setAttr-Token-EMV",NID_setAttr_Token_EMV,5,
-	&(lvalues[4334]),0},
-{"setAttr-Token-B0Prime","setAttr-Token-B0Prime",
-	NID_setAttr_Token_B0Prime,5,&(lvalues[4339]),0},
-{"setAttr-IssCap-CVM","setAttr-IssCap-CVM",NID_setAttr_IssCap_CVM,5,
-	&(lvalues[4344]),0},
-{"setAttr-IssCap-T2","setAttr-IssCap-T2",NID_setAttr_IssCap_T2,5,
-	&(lvalues[4349]),0},
-{"setAttr-IssCap-Sig","setAttr-IssCap-Sig",NID_setAttr_IssCap_Sig,5,
-	&(lvalues[4354]),0},
-{"setAttr-GenCryptgrm","generate cryptogram",NID_setAttr_GenCryptgrm,
-	6,&(lvalues[4359]),0},
-{"setAttr-T2Enc","encrypted track 2",NID_setAttr_T2Enc,6,
-	&(lvalues[4365]),0},
-{"setAttr-T2cleartxt","cleartext track 2",NID_setAttr_T2cleartxt,6,
-	&(lvalues[4371]),0},
-{"setAttr-TokICCsig","ICC or token signature",NID_setAttr_TokICCsig,6,
-	&(lvalues[4377]),0},
-{"setAttr-SecDevSig","secure device signature",NID_setAttr_SecDevSig,
-	6,&(lvalues[4383]),0},
-{"set-brand-IATA-ATA","set-brand-IATA-ATA",NID_set_brand_IATA_ATA,4,
-	&(lvalues[4389]),0},
-{"set-brand-Diners","set-brand-Diners",NID_set_brand_Diners,4,
-	&(lvalues[4393]),0},
-{"set-brand-AmericanExpress","set-brand-AmericanExpress",
-	NID_set_brand_AmericanExpress,4,&(lvalues[4397]),0},
-{"set-brand-JCB","set-brand-JCB",NID_set_brand_JCB,4,&(lvalues[4401]),0},
-{"set-brand-Visa","set-brand-Visa",NID_set_brand_Visa,4,
-	&(lvalues[4405]),0},
-{"set-brand-MasterCard","set-brand-MasterCard",
-	NID_set_brand_MasterCard,4,&(lvalues[4409]),0},
-{"set-brand-Novus","set-brand-Novus",NID_set_brand_Novus,5,
-	&(lvalues[4413]),0},
-{"DES-CDMF","des-cdmf",NID_des_cdmf,8,&(lvalues[4418]),0},
-{"rsaOAEPEncryptionSET","rsaOAEPEncryptionSET",
-	NID_rsaOAEPEncryptionSET,9,&(lvalues[4426]),0},
-{"ITU-T","itu-t",NID_itu_t,0,NULL,0},
-{"JOINT-ISO-ITU-T","joint-iso-itu-t",NID_joint_iso_itu_t,0,NULL,0},
-{"international-organizations","International Organizations",
-	NID_international_organizations,1,&(lvalues[4435]),0},
-{"msSmartcardLogin","Microsoft Smartcardlogin",NID_ms_smartcard_login,
-	10,&(lvalues[4436]),0},
-{"msUPN","Microsoft Universal Principal Name",NID_ms_upn,10,
-	&(lvalues[4446]),0},
-{"AES-128-CFB1","aes-128-cfb1",NID_aes_128_cfb1,0,NULL,0},
-{"AES-192-CFB1","aes-192-cfb1",NID_aes_192_cfb1,0,NULL,0},
-{"AES-256-CFB1","aes-256-cfb1",NID_aes_256_cfb1,0,NULL,0},
-{"AES-128-CFB8","aes-128-cfb8",NID_aes_128_cfb8,0,NULL,0},
-{"AES-192-CFB8","aes-192-cfb8",NID_aes_192_cfb8,0,NULL,0},
-{"AES-256-CFB8","aes-256-cfb8",NID_aes_256_cfb8,0,NULL,0},
-{"DES-CFB1","des-cfb1",NID_des_cfb1,0,NULL,0},
-{"DES-CFB8","des-cfb8",NID_des_cfb8,0,NULL,0},
-{"DES-EDE3-CFB1","des-ede3-cfb1",NID_des_ede3_cfb1,0,NULL,0},
-{"DES-EDE3-CFB8","des-ede3-cfb8",NID_des_ede3_cfb8,0,NULL,0},
-{"street","streetAddress",NID_streetAddress,3,&(lvalues[4456]),0},
-{"postalCode","postalCode",NID_postalCode,3,&(lvalues[4459]),0},
-{"id-ppl","id-ppl",NID_id_ppl,7,&(lvalues[4462]),0},
-{"proxyCertInfo","Proxy Certificate Information",NID_proxyCertInfo,8,
-	&(lvalues[4469]),0},
-{"id-ppl-anyLanguage","Any language",NID_id_ppl_anyLanguage,8,
-	&(lvalues[4477]),0},
-{"id-ppl-inheritAll","Inherit all",NID_id_ppl_inheritAll,8,
-	&(lvalues[4485]),0},
-{"nameConstraints","X509v3 Name Constraints",NID_name_constraints,3,
-	&(lvalues[4493]),0},
-{"id-ppl-independent","Independent",NID_Independent,8,&(lvalues[4496]),0},
-{"RSA-SHA256","sha256WithRSAEncryption",NID_sha256WithRSAEncryption,9,
-	&(lvalues[4504]),0},
-{"RSA-SHA384","sha384WithRSAEncryption",NID_sha384WithRSAEncryption,9,
-	&(lvalues[4513]),0},
-{"RSA-SHA512","sha512WithRSAEncryption",NID_sha512WithRSAEncryption,9,
-	&(lvalues[4522]),0},
-{"RSA-SHA224","sha224WithRSAEncryption",NID_sha224WithRSAEncryption,9,
-	&(lvalues[4531]),0},
-{"SHA256","sha256",NID_sha256,9,&(lvalues[4540]),0},
-{"SHA384","sha384",NID_sha384,9,&(lvalues[4549]),0},
-{"SHA512","sha512",NID_sha512,9,&(lvalues[4558]),0},
-{"SHA224","sha224",NID_sha224,9,&(lvalues[4567]),0},
-{"identified-organization","identified-organization",
-	NID_identified_organization,1,&(lvalues[4576]),0},
-{"certicom-arc","certicom-arc",NID_certicom_arc,3,&(lvalues[4577]),0},
-{"wap","wap",NID_wap,2,&(lvalues[4580]),0},
-{"wap-wsg","wap-wsg",NID_wap_wsg,3,&(lvalues[4582]),0},
-{"id-characteristic-two-basis","id-characteristic-two-basis",
-	NID_X9_62_id_characteristic_two_basis,8,&(lvalues[4585]),0},
-{"onBasis","onBasis",NID_X9_62_onBasis,9,&(lvalues[4593]),0},
-{"tpBasis","tpBasis",NID_X9_62_tpBasis,9,&(lvalues[4602]),0},
-{"ppBasis","ppBasis",NID_X9_62_ppBasis,9,&(lvalues[4611]),0},
-{"c2pnb163v1","c2pnb163v1",NID_X9_62_c2pnb163v1,8,&(lvalues[4620]),0},
-{"c2pnb163v2","c2pnb163v2",NID_X9_62_c2pnb163v2,8,&(lvalues[4628]),0},
-{"c2pnb163v3","c2pnb163v3",NID_X9_62_c2pnb163v3,8,&(lvalues[4636]),0},
-{"c2pnb176v1","c2pnb176v1",NID_X9_62_c2pnb176v1,8,&(lvalues[4644]),0},
-{"c2tnb191v1","c2tnb191v1",NID_X9_62_c2tnb191v1,8,&(lvalues[4652]),0},
-{"c2tnb191v2","c2tnb191v2",NID_X9_62_c2tnb191v2,8,&(lvalues[4660]),0},
-{"c2tnb191v3","c2tnb191v3",NID_X9_62_c2tnb191v3,8,&(lvalues[4668]),0},
-{"c2onb191v4","c2onb191v4",NID_X9_62_c2onb191v4,8,&(lvalues[4676]),0},
-{"c2onb191v5","c2onb191v5",NID_X9_62_c2onb191v5,8,&(lvalues[4684]),0},
-{"c2pnb208w1","c2pnb208w1",NID_X9_62_c2pnb208w1,8,&(lvalues[4692]),0},
-{"c2tnb239v1","c2tnb239v1",NID_X9_62_c2tnb239v1,8,&(lvalues[4700]),0},
-{"c2tnb239v2","c2tnb239v2",NID_X9_62_c2tnb239v2,8,&(lvalues[4708]),0},
-{"c2tnb239v3","c2tnb239v3",NID_X9_62_c2tnb239v3,8,&(lvalues[4716]),0},
-{"c2onb239v4","c2onb239v4",NID_X9_62_c2onb239v4,8,&(lvalues[4724]),0},
-{"c2onb239v5","c2onb239v5",NID_X9_62_c2onb239v5,8,&(lvalues[4732]),0},
-{"c2pnb272w1","c2pnb272w1",NID_X9_62_c2pnb272w1,8,&(lvalues[4740]),0},
-{"c2pnb304w1","c2pnb304w1",NID_X9_62_c2pnb304w1,8,&(lvalues[4748]),0},
-{"c2tnb359v1","c2tnb359v1",NID_X9_62_c2tnb359v1,8,&(lvalues[4756]),0},
-{"c2pnb368w1","c2pnb368w1",NID_X9_62_c2pnb368w1,8,&(lvalues[4764]),0},
-{"c2tnb431r1","c2tnb431r1",NID_X9_62_c2tnb431r1,8,&(lvalues[4772]),0},
-{"secp112r1","secp112r1",NID_secp112r1,5,&(lvalues[4780]),0},
-{"secp112r2","secp112r2",NID_secp112r2,5,&(lvalues[4785]),0},
-{"secp128r1","secp128r1",NID_secp128r1,5,&(lvalues[4790]),0},
-{"secp128r2","secp128r2",NID_secp128r2,5,&(lvalues[4795]),0},
-{"secp160k1","secp160k1",NID_secp160k1,5,&(lvalues[4800]),0},
-{"secp160r1","secp160r1",NID_secp160r1,5,&(lvalues[4805]),0},
-{"secp160r2","secp160r2",NID_secp160r2,5,&(lvalues[4810]),0},
-{"secp192k1","secp192k1",NID_secp192k1,5,&(lvalues[4815]),0},
-{"secp224k1","secp224k1",NID_secp224k1,5,&(lvalues[4820]),0},
-{"secp224r1","secp224r1",NID_secp224r1,5,&(lvalues[4825]),0},
-{"secp256k1","secp256k1",NID_secp256k1,5,&(lvalues[4830]),0},
-{"secp384r1","secp384r1",NID_secp384r1,5,&(lvalues[4835]),0},
-{"secp521r1","secp521r1",NID_secp521r1,5,&(lvalues[4840]),0},
-{"sect113r1","sect113r1",NID_sect113r1,5,&(lvalues[4845]),0},
-{"sect113r2","sect113r2",NID_sect113r2,5,&(lvalues[4850]),0},
-{"sect131r1","sect131r1",NID_sect131r1,5,&(lvalues[4855]),0},
-{"sect131r2","sect131r2",NID_sect131r2,5,&(lvalues[4860]),0},
-{"sect163k1","sect163k1",NID_sect163k1,5,&(lvalues[4865]),0},
-{"sect163r1","sect163r1",NID_sect163r1,5,&(lvalues[4870]),0},
-{"sect163r2","sect163r2",NID_sect163r2,5,&(lvalues[4875]),0},
-{"sect193r1","sect193r1",NID_sect193r1,5,&(lvalues[4880]),0},
-{"sect193r2","sect193r2",NID_sect193r2,5,&(lvalues[4885]),0},
-{"sect233k1","sect233k1",NID_sect233k1,5,&(lvalues[4890]),0},
-{"sect233r1","sect233r1",NID_sect233r1,5,&(lvalues[4895]),0},
-{"sect239k1","sect239k1",NID_sect239k1,5,&(lvalues[4900]),0},
-{"sect283k1","sect283k1",NID_sect283k1,5,&(lvalues[4905]),0},
-{"sect283r1","sect283r1",NID_sect283r1,5,&(lvalues[4910]),0},
-{"sect409k1","sect409k1",NID_sect409k1,5,&(lvalues[4915]),0},
-{"sect409r1","sect409r1",NID_sect409r1,5,&(lvalues[4920]),0},
-{"sect571k1","sect571k1",NID_sect571k1,5,&(lvalues[4925]),0},
-{"sect571r1","sect571r1",NID_sect571r1,5,&(lvalues[4930]),0},
-{"wap-wsg-idm-ecid-wtls1","wap-wsg-idm-ecid-wtls1",
-	NID_wap_wsg_idm_ecid_wtls1,5,&(lvalues[4935]),0},
-{"wap-wsg-idm-ecid-wtls3","wap-wsg-idm-ecid-wtls3",
-	NID_wap_wsg_idm_ecid_wtls3,5,&(lvalues[4940]),0},
-{"wap-wsg-idm-ecid-wtls4","wap-wsg-idm-ecid-wtls4",
-	NID_wap_wsg_idm_ecid_wtls4,5,&(lvalues[4945]),0},
-{"wap-wsg-idm-ecid-wtls5","wap-wsg-idm-ecid-wtls5",
-	NID_wap_wsg_idm_ecid_wtls5,5,&(lvalues[4950]),0},
-{"wap-wsg-idm-ecid-wtls6","wap-wsg-idm-ecid-wtls6",
-	NID_wap_wsg_idm_ecid_wtls6,5,&(lvalues[4955]),0},
-{"wap-wsg-idm-ecid-wtls7","wap-wsg-idm-ecid-wtls7",
-	NID_wap_wsg_idm_ecid_wtls7,5,&(lvalues[4960]),0},
-{"wap-wsg-idm-ecid-wtls8","wap-wsg-idm-ecid-wtls8",
-	NID_wap_wsg_idm_ecid_wtls8,5,&(lvalues[4965]),0},
-{"wap-wsg-idm-ecid-wtls9","wap-wsg-idm-ecid-wtls9",
-	NID_wap_wsg_idm_ecid_wtls9,5,&(lvalues[4970]),0},
-{"wap-wsg-idm-ecid-wtls10","wap-wsg-idm-ecid-wtls10",
-	NID_wap_wsg_idm_ecid_wtls10,5,&(lvalues[4975]),0},
-{"wap-wsg-idm-ecid-wtls11","wap-wsg-idm-ecid-wtls11",
-	NID_wap_wsg_idm_ecid_wtls11,5,&(lvalues[4980]),0},
-{"wap-wsg-idm-ecid-wtls12","wap-wsg-idm-ecid-wtls12",
-	NID_wap_wsg_idm_ecid_wtls12,5,&(lvalues[4985]),0},
-{"anyPolicy","X509v3 Any Policy",NID_any_policy,4,&(lvalues[4990]),0},
-{"policyMappings","X509v3 Policy Mappings",NID_policy_mappings,3,
-	&(lvalues[4994]),0},
-{"inhibitAnyPolicy","X509v3 Inhibit Any Policy",
-	NID_inhibit_any_policy,3,&(lvalues[4997]),0},
-{"Oakley-EC2N-3","ipsec3",NID_ipsec3,0,NULL,0},
-{"Oakley-EC2N-4","ipsec4",NID_ipsec4,0,NULL,0},
-{"CAMELLIA-128-CBC","camellia-128-cbc",NID_camellia_128_cbc,11,
-	&(lvalues[5000]),0},
-{"CAMELLIA-192-CBC","camellia-192-cbc",NID_camellia_192_cbc,11,
-	&(lvalues[5011]),0},
-{"CAMELLIA-256-CBC","camellia-256-cbc",NID_camellia_256_cbc,11,
-	&(lvalues[5022]),0},
-{"CAMELLIA-128-ECB","camellia-128-ecb",NID_camellia_128_ecb,8,
-	&(lvalues[5033]),0},
-{"CAMELLIA-192-ECB","camellia-192-ecb",NID_camellia_192_ecb,8,
-	&(lvalues[5041]),0},
-{"CAMELLIA-256-ECB","camellia-256-ecb",NID_camellia_256_ecb,8,
-	&(lvalues[5049]),0},
-{"CAMELLIA-128-CFB","camellia-128-cfb",NID_camellia_128_cfb128,8,
-	&(lvalues[5057]),0},
-{"CAMELLIA-192-CFB","camellia-192-cfb",NID_camellia_192_cfb128,8,
-	&(lvalues[5065]),0},
-{"CAMELLIA-256-CFB","camellia-256-cfb",NID_camellia_256_cfb128,8,
-	&(lvalues[5073]),0},
-{"CAMELLIA-128-CFB1","camellia-128-cfb1",NID_camellia_128_cfb1,0,NULL,0},
-{"CAMELLIA-192-CFB1","camellia-192-cfb1",NID_camellia_192_cfb1,0,NULL,0},
-{"CAMELLIA-256-CFB1","camellia-256-cfb1",NID_camellia_256_cfb1,0,NULL,0},
-{"CAMELLIA-128-CFB8","camellia-128-cfb8",NID_camellia_128_cfb8,0,NULL,0},
-{"CAMELLIA-192-CFB8","camellia-192-cfb8",NID_camellia_192_cfb8,0,NULL,0},
-{"CAMELLIA-256-CFB8","camellia-256-cfb8",NID_camellia_256_cfb8,0,NULL,0},
-{"CAMELLIA-128-OFB","camellia-128-ofb",NID_camellia_128_ofb128,8,
-	&(lvalues[5081]),0},
-{"CAMELLIA-192-OFB","camellia-192-ofb",NID_camellia_192_ofb128,8,
-	&(lvalues[5089]),0},
-{"CAMELLIA-256-OFB","camellia-256-ofb",NID_camellia_256_ofb128,8,
-	&(lvalues[5097]),0},
-{"subjectDirectoryAttributes","X509v3 Subject Directory Attributes",
-	NID_subject_directory_attributes,3,&(lvalues[5105]),0},
-{"issuingDistributionPoint","X509v3 Issuing Distrubution Point",
-	NID_issuing_distribution_point,3,&(lvalues[5108]),0},
-{"certificateIssuer","X509v3 Certificate Issuer",
-	NID_certificate_issuer,3,&(lvalues[5111]),0},
-{NULL,NULL,NID_undef,0,NULL,0},
-{"KISA","kisa",NID_kisa,6,&(lvalues[5114]),0},
-{NULL,NULL,NID_undef,0,NULL,0},
-{NULL,NULL,NID_undef,0,NULL,0},
-{"SEED-ECB","seed-ecb",NID_seed_ecb,8,&(lvalues[5120]),0},
-{"SEED-CBC","seed-cbc",NID_seed_cbc,8,&(lvalues[5128]),0},
-{"SEED-OFB","seed-ofb",NID_seed_ofb128,8,&(lvalues[5136]),0},
-{"SEED-CFB","seed-cfb",NID_seed_cfb128,8,&(lvalues[5144]),0},
-{"HMAC-MD5","hmac-md5",NID_hmac_md5,8,&(lvalues[5152]),0},
-{"HMAC-SHA1","hmac-sha1",NID_hmac_sha1,8,&(lvalues[5160]),0},
-{"id-PasswordBasedMAC","password based MAC",NID_id_PasswordBasedMAC,9,
-	&(lvalues[5168]),0},
-{"id-DHBasedMac","Diffie-Hellman based MAC",NID_id_DHBasedMac,9,
-	&(lvalues[5177]),0},
-{"id-it-suppLangTags","id-it-suppLangTags",NID_id_it_suppLangTags,8,
-	&(lvalues[5186]),0},
-{"caRepository","CA Repository",NID_caRepository,8,&(lvalues[5194]),0},
-{"id-smime-ct-compressedData","id-smime-ct-compressedData",
-	NID_id_smime_ct_compressedData,11,&(lvalues[5202]),0},
-{"id-ct-asciiTextWithCRLF","id-ct-asciiTextWithCRLF",
-	NID_id_ct_asciiTextWithCRLF,11,&(lvalues[5213]),0},
-{"id-aes128-wrap","id-aes128-wrap",NID_id_aes128_wrap,9,
-	&(lvalues[5224]),0},
-{"id-aes192-wrap","id-aes192-wrap",NID_id_aes192_wrap,9,
-	&(lvalues[5233]),0},
-{"id-aes256-wrap","id-aes256-wrap",NID_id_aes256_wrap,9,
-	&(lvalues[5242]),0},
-{"ecdsa-with-Recommended","ecdsa-with-Recommended",
-	NID_ecdsa_with_Recommended,7,&(lvalues[5251]),0},
-{"ecdsa-with-Specified","ecdsa-with-Specified",
-	NID_ecdsa_with_Specified,7,&(lvalues[5258]),0},
-{"ecdsa-with-SHA224","ecdsa-with-SHA224",NID_ecdsa_with_SHA224,8,
-	&(lvalues[5265]),0},
-{"ecdsa-with-SHA256","ecdsa-with-SHA256",NID_ecdsa_with_SHA256,8,
-	&(lvalues[5273]),0},
-{"ecdsa-with-SHA384","ecdsa-with-SHA384",NID_ecdsa_with_SHA384,8,
-	&(lvalues[5281]),0},
-{"ecdsa-with-SHA512","ecdsa-with-SHA512",NID_ecdsa_with_SHA512,8,
-	&(lvalues[5289]),0},
-{"hmacWithMD5","hmacWithMD5",NID_hmacWithMD5,8,&(lvalues[5297]),0},
-{"hmacWithSHA224","hmacWithSHA224",NID_hmacWithSHA224,8,
-	&(lvalues[5305]),0},
-{"hmacWithSHA256","hmacWithSHA256",NID_hmacWithSHA256,8,
-	&(lvalues[5313]),0},
-{"hmacWithSHA384","hmacWithSHA384",NID_hmacWithSHA384,8,
-	&(lvalues[5321]),0},
-{"hmacWithSHA512","hmacWithSHA512",NID_hmacWithSHA512,8,
-	&(lvalues[5329]),0},
-{"dsa_with_SHA224","dsa_with_SHA224",NID_dsa_with_SHA224,9,
-	&(lvalues[5337]),0},
-{"dsa_with_SHA256","dsa_with_SHA256",NID_dsa_with_SHA256,9,
-	&(lvalues[5346]),0},
-{"whirlpool","whirlpool",NID_whirlpool,6,&(lvalues[5355]),0},
-{"cryptopro","cryptopro",NID_cryptopro,5,&(lvalues[5361]),0},
-{"cryptocom","cryptocom",NID_cryptocom,5,&(lvalues[5366]),0},
-{"id-GostR3411-94-with-GostR3410-2001",
-	"GOST R 34.11-94 with GOST R 34.10-2001",
-	NID_id_GostR3411_94_with_GostR3410_2001,6,&(lvalues[5371]),0},
-{"id-GostR3411-94-with-GostR3410-94",
-	"GOST R 34.11-94 with GOST R 34.10-94",
-	NID_id_GostR3411_94_with_GostR3410_94,6,&(lvalues[5377]),0},
-{"md_gost94","GOST R 34.11-94",NID_id_GostR3411_94,6,&(lvalues[5383]),0},
-{"id-HMACGostR3411-94","HMAC GOST 34.11-94",NID_id_HMACGostR3411_94,6,
-	&(lvalues[5389]),0},
-{"gost2001","GOST R 34.10-2001",NID_id_GostR3410_2001,6,
-	&(lvalues[5395]),0},
-{"gost94","GOST R 34.10-94",NID_id_GostR3410_94,6,&(lvalues[5401]),0},
-{"gost89","GOST 28147-89",NID_id_Gost28147_89,6,&(lvalues[5407]),0},
-{"gost89-cnt","gost89-cnt",NID_gost89_cnt,0,NULL,0},
-{"gost-mac","GOST 28147-89 MAC",NID_id_Gost28147_89_MAC,6,
-	&(lvalues[5413]),0},
-{"prf-gostr3411-94","GOST R 34.11-94 PRF",NID_id_GostR3411_94_prf,6,
-	&(lvalues[5419]),0},
-{"id-GostR3410-2001DH","GOST R 34.10-2001 DH",NID_id_GostR3410_2001DH,
-	6,&(lvalues[5425]),0},
-{"id-GostR3410-94DH","GOST R 34.10-94 DH",NID_id_GostR3410_94DH,6,
-	&(lvalues[5431]),0},
-{"id-Gost28147-89-CryptoPro-KeyMeshing",
-	"id-Gost28147-89-CryptoPro-KeyMeshing",
-	NID_id_Gost28147_89_CryptoPro_KeyMeshing,7,&(lvalues[5437]),0},
-{"id-Gost28147-89-None-KeyMeshing","id-Gost28147-89-None-KeyMeshing",
-	NID_id_Gost28147_89_None_KeyMeshing,7,&(lvalues[5444]),0},
-{"id-GostR3411-94-TestParamSet","id-GostR3411-94-TestParamSet",
-	NID_id_GostR3411_94_TestParamSet,7,&(lvalues[5451]),0},
-{"id-GostR3411-94-CryptoProParamSet",
-	"id-GostR3411-94-CryptoProParamSet",
-	NID_id_GostR3411_94_CryptoProParamSet,7,&(lvalues[5458]),0},
-{"id-Gost28147-89-TestParamSet","id-Gost28147-89-TestParamSet",
-	NID_id_Gost28147_89_TestParamSet,7,&(lvalues[5465]),0},
-{"id-Gost28147-89-CryptoPro-A-ParamSet",
-	"id-Gost28147-89-CryptoPro-A-ParamSet",
-	NID_id_Gost28147_89_CryptoPro_A_ParamSet,7,&(lvalues[5472]),0},
-{"id-Gost28147-89-CryptoPro-B-ParamSet",
-	"id-Gost28147-89-CryptoPro-B-ParamSet",
-	NID_id_Gost28147_89_CryptoPro_B_ParamSet,7,&(lvalues[5479]),0},
-{"id-Gost28147-89-CryptoPro-C-ParamSet",
-	"id-Gost28147-89-CryptoPro-C-ParamSet",
-	NID_id_Gost28147_89_CryptoPro_C_ParamSet,7,&(lvalues[5486]),0},
-{"id-Gost28147-89-CryptoPro-D-ParamSet",
-	"id-Gost28147-89-CryptoPro-D-ParamSet",
-	NID_id_Gost28147_89_CryptoPro_D_ParamSet,7,&(lvalues[5493]),0},
-{"id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet",
-	"id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet",
-	NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet,7,&(lvalues[5500]),
-	0},
-{"id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet",
-	"id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet",
-	NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet,7,&(lvalues[5507]),
-	0},
-{"id-Gost28147-89-CryptoPro-RIC-1-ParamSet",
-	"id-Gost28147-89-CryptoPro-RIC-1-ParamSet",
-	NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet,7,&(lvalues[5514]),0},
-{"id-GostR3410-94-TestParamSet","id-GostR3410-94-TestParamSet",
-	NID_id_GostR3410_94_TestParamSet,7,&(lvalues[5521]),0},
-{"id-GostR3410-94-CryptoPro-A-ParamSet",
-	"id-GostR3410-94-CryptoPro-A-ParamSet",
-	NID_id_GostR3410_94_CryptoPro_A_ParamSet,7,&(lvalues[5528]),0},
-{"id-GostR3410-94-CryptoPro-B-ParamSet",
-	"id-GostR3410-94-CryptoPro-B-ParamSet",
-	NID_id_GostR3410_94_CryptoPro_B_ParamSet,7,&(lvalues[5535]),0},
-{"id-GostR3410-94-CryptoPro-C-ParamSet",
-	"id-GostR3410-94-CryptoPro-C-ParamSet",
-	NID_id_GostR3410_94_CryptoPro_C_ParamSet,7,&(lvalues[5542]),0},
-{"id-GostR3410-94-CryptoPro-D-ParamSet",
-	"id-GostR3410-94-CryptoPro-D-ParamSet",
-	NID_id_GostR3410_94_CryptoPro_D_ParamSet,7,&(lvalues[5549]),0},
-{"id-GostR3410-94-CryptoPro-XchA-ParamSet",
-	"id-GostR3410-94-CryptoPro-XchA-ParamSet",
-	NID_id_GostR3410_94_CryptoPro_XchA_ParamSet,7,&(lvalues[5556]),0},
-{"id-GostR3410-94-CryptoPro-XchB-ParamSet",
-	"id-GostR3410-94-CryptoPro-XchB-ParamSet",
-	NID_id_GostR3410_94_CryptoPro_XchB_ParamSet,7,&(lvalues[5563]),0},
-{"id-GostR3410-94-CryptoPro-XchC-ParamSet",
-	"id-GostR3410-94-CryptoPro-XchC-ParamSet",
-	NID_id_GostR3410_94_CryptoPro_XchC_ParamSet,7,&(lvalues[5570]),0},
-{"id-GostR3410-2001-TestParamSet","id-GostR3410-2001-TestParamSet",
-	NID_id_GostR3410_2001_TestParamSet,7,&(lvalues[5577]),0},
-{"id-GostR3410-2001-CryptoPro-A-ParamSet",
-	"id-GostR3410-2001-CryptoPro-A-ParamSet",
-	NID_id_GostR3410_2001_CryptoPro_A_ParamSet,7,&(lvalues[5584]),0},
-{"id-GostR3410-2001-CryptoPro-B-ParamSet",
-	"id-GostR3410-2001-CryptoPro-B-ParamSet",
-	NID_id_GostR3410_2001_CryptoPro_B_ParamSet,7,&(lvalues[5591]),0},
-{"id-GostR3410-2001-CryptoPro-C-ParamSet",
-	"id-GostR3410-2001-CryptoPro-C-ParamSet",
-	NID_id_GostR3410_2001_CryptoPro_C_ParamSet,7,&(lvalues[5598]),0},
-{"id-GostR3410-2001-CryptoPro-XchA-ParamSet",
-	"id-GostR3410-2001-CryptoPro-XchA-ParamSet",
-	NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet,7,&(lvalues[5605]),0},
-	
-{"id-GostR3410-2001-CryptoPro-XchB-ParamSet",
-	"id-GostR3410-2001-CryptoPro-XchB-ParamSet",
-	NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet,7,&(lvalues[5612]),0},
-	
-{"id-GostR3410-94-a","id-GostR3410-94-a",NID_id_GostR3410_94_a,7,
-	&(lvalues[5619]),0},
-{"id-GostR3410-94-aBis","id-GostR3410-94-aBis",
-	NID_id_GostR3410_94_aBis,7,&(lvalues[5626]),0},
-{"id-GostR3410-94-b","id-GostR3410-94-b",NID_id_GostR3410_94_b,7,
-	&(lvalues[5633]),0},
-{"id-GostR3410-94-bBis","id-GostR3410-94-bBis",
-	NID_id_GostR3410_94_bBis,7,&(lvalues[5640]),0},
-{"id-Gost28147-89-cc","GOST 28147-89 Cryptocom ParamSet",
-	NID_id_Gost28147_89_cc,8,&(lvalues[5647]),0},
-{"gost94cc","GOST 34.10-94 Cryptocom",NID_id_GostR3410_94_cc,8,
-	&(lvalues[5655]),0},
-{"gost2001cc","GOST 34.10-2001 Cryptocom",NID_id_GostR3410_2001_cc,8,
-	&(lvalues[5663]),0},
-{"id-GostR3411-94-with-GostR3410-94-cc",
-	"GOST R 34.11-94 with GOST R 34.10-94 Cryptocom",
-	NID_id_GostR3411_94_with_GostR3410_94_cc,8,&(lvalues[5671]),0},
-{"id-GostR3411-94-with-GostR3410-2001-cc",
-	"GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom",
-	NID_id_GostR3411_94_with_GostR3410_2001_cc,8,&(lvalues[5679]),0},
-{"id-GostR3410-2001-ParamSet-cc",
-	"GOST R 3410-2001 Parameter Set Cryptocom",
-	NID_id_GostR3410_2001_ParamSet_cc,8,&(lvalues[5687]),0},
-{"HMAC","hmac",NID_hmac,0,NULL,0},
-{"LocalKeySet","Microsoft Local Key set",NID_LocalKeySet,9,
-	&(lvalues[5695]),0},
-{"freshestCRL","X509v3 Freshest CRL",NID_freshest_crl,3,
-	&(lvalues[5704]),0},
-{"id-on-permanentIdentifier","Permanent Identifier",
-	NID_id_on_permanentIdentifier,8,&(lvalues[5707]),0},
-{"searchGuide","searchGuide",NID_searchGuide,3,&(lvalues[5715]),0},
-{"businessCategory","businessCategory",NID_businessCategory,3,
-	&(lvalues[5718]),0},
-{"postalAddress","postalAddress",NID_postalAddress,3,&(lvalues[5721]),0},
-{"postOfficeBox","postOfficeBox",NID_postOfficeBox,3,&(lvalues[5724]),0},
-{"physicalDeliveryOfficeName","physicalDeliveryOfficeName",
-	NID_physicalDeliveryOfficeName,3,&(lvalues[5727]),0},
-{"telephoneNumber","telephoneNumber",NID_telephoneNumber,3,
-	&(lvalues[5730]),0},
-{"telexNumber","telexNumber",NID_telexNumber,3,&(lvalues[5733]),0},
-{"teletexTerminalIdentifier","teletexTerminalIdentifier",
-	NID_teletexTerminalIdentifier,3,&(lvalues[5736]),0},
-{"facsimileTelephoneNumber","facsimileTelephoneNumber",
-	NID_facsimileTelephoneNumber,3,&(lvalues[5739]),0},
-{"x121Address","x121Address",NID_x121Address,3,&(lvalues[5742]),0},
-{"internationaliSDNNumber","internationaliSDNNumber",
-	NID_internationaliSDNNumber,3,&(lvalues[5745]),0},
-{"registeredAddress","registeredAddress",NID_registeredAddress,3,
-	&(lvalues[5748]),0},
-{"destinationIndicator","destinationIndicator",
-	NID_destinationIndicator,3,&(lvalues[5751]),0},
-{"preferredDeliveryMethod","preferredDeliveryMethod",
-	NID_preferredDeliveryMethod,3,&(lvalues[5754]),0},
-{"presentationAddress","presentationAddress",NID_presentationAddress,
-	3,&(lvalues[5757]),0},
-{"supportedApplicationContext","supportedApplicationContext",
-	NID_supportedApplicationContext,3,&(lvalues[5760]),0},
-{"member","member",NID_member,3,&(lvalues[5763]),0},
-{"owner","owner",NID_owner,3,&(lvalues[5766]),0},
-{"roleOccupant","roleOccupant",NID_roleOccupant,3,&(lvalues[5769]),0},
-{"seeAlso","seeAlso",NID_seeAlso,3,&(lvalues[5772]),0},
-{"userPassword","userPassword",NID_userPassword,3,&(lvalues[5775]),0},
-{"userCertificate","userCertificate",NID_userCertificate,3,
-	&(lvalues[5778]),0},
-{"cACertificate","cACertificate",NID_cACertificate,3,&(lvalues[5781]),0},
-{"authorityRevocationList","authorityRevocationList",
-	NID_authorityRevocationList,3,&(lvalues[5784]),0},
-{"certificateRevocationList","certificateRevocationList",
-	NID_certificateRevocationList,3,&(lvalues[5787]),0},
-{"crossCertificatePair","crossCertificatePair",
-	NID_crossCertificatePair,3,&(lvalues[5790]),0},
-{"enhancedSearchGuide","enhancedSearchGuide",NID_enhancedSearchGuide,
-	3,&(lvalues[5793]),0},
-{"protocolInformation","protocolInformation",NID_protocolInformation,
-	3,&(lvalues[5796]),0},
-{"distinguishedName","distinguishedName",NID_distinguishedName,3,
-	&(lvalues[5799]),0},
-{"uniqueMember","uniqueMember",NID_uniqueMember,3,&(lvalues[5802]),0},
-{"houseIdentifier","houseIdentifier",NID_houseIdentifier,3,
-	&(lvalues[5805]),0},
-{"supportedAlgorithms","supportedAlgorithms",NID_supportedAlgorithms,
-	3,&(lvalues[5808]),0},
-{"deltaRevocationList","deltaRevocationList",NID_deltaRevocationList,
-	3,&(lvalues[5811]),0},
-{"dmdName","dmdName",NID_dmdName,3,&(lvalues[5814]),0},
-{"id-alg-PWRI-KEK","id-alg-PWRI-KEK",NID_id_alg_PWRI_KEK,11,
-	&(lvalues[5817]),0},
-{"CMAC","cmac",NID_cmac,0,NULL,0},
-{"id-aes128-GCM","aes-128-gcm",NID_aes_128_gcm,9,&(lvalues[5828]),0},
-{"id-aes128-CCM","aes-128-ccm",NID_aes_128_ccm,9,&(lvalues[5837]),0},
-{"id-aes128-wrap-pad","id-aes128-wrap-pad",NID_id_aes128_wrap_pad,9,
-	&(lvalues[5846]),0},
-{"id-aes192-GCM","aes-192-gcm",NID_aes_192_gcm,9,&(lvalues[5855]),0},
-{"id-aes192-CCM","aes-192-ccm",NID_aes_192_ccm,9,&(lvalues[5864]),0},
-{"id-aes192-wrap-pad","id-aes192-wrap-pad",NID_id_aes192_wrap_pad,9,
-	&(lvalues[5873]),0},
-{"id-aes256-GCM","aes-256-gcm",NID_aes_256_gcm,9,&(lvalues[5882]),0},
-{"id-aes256-CCM","aes-256-ccm",NID_aes_256_ccm,9,&(lvalues[5891]),0},
-{"id-aes256-wrap-pad","id-aes256-wrap-pad",NID_id_aes256_wrap_pad,9,
-	&(lvalues[5900]),0},
-{"AES-128-CTR","aes-128-ctr",NID_aes_128_ctr,0,NULL,0},
-{"AES-192-CTR","aes-192-ctr",NID_aes_192_ctr,0,NULL,0},
-{"AES-256-CTR","aes-256-ctr",NID_aes_256_ctr,0,NULL,0},
-{"id-camellia128-wrap","id-camellia128-wrap",NID_id_camellia128_wrap,
-	11,&(lvalues[5909]),0},
-{"id-camellia192-wrap","id-camellia192-wrap",NID_id_camellia192_wrap,
-	11,&(lvalues[5920]),0},
-{"id-camellia256-wrap","id-camellia256-wrap",NID_id_camellia256_wrap,
-	11,&(lvalues[5931]),0},
-{"anyExtendedKeyUsage","Any Extended Key Usage",
-	NID_anyExtendedKeyUsage,4,&(lvalues[5942]),0},
-{"MGF1","mgf1",NID_mgf1,9,&(lvalues[5946]),0},
-{"RSASSA-PSS","rsassaPss",NID_rsassaPss,9,&(lvalues[5955]),0},
-{"AES-128-XTS","aes-128-xts",NID_aes_128_xts,0,NULL,0},
-{"AES-256-XTS","aes-256-xts",NID_aes_256_xts,0,NULL,0},
-{"RC4-HMAC-MD5","rc4-hmac-md5",NID_rc4_hmac_md5,0,NULL,0},
-{"AES-128-CBC-HMAC-SHA1","aes-128-cbc-hmac-sha1",
-	NID_aes_128_cbc_hmac_sha1,0,NULL,0},
-{"AES-192-CBC-HMAC-SHA1","aes-192-cbc-hmac-sha1",
-	NID_aes_192_cbc_hmac_sha1,0,NULL,0},
-{"AES-256-CBC-HMAC-SHA1","aes-256-cbc-hmac-sha1",
-	NID_aes_256_cbc_hmac_sha1,0,NULL,0},
-{"RSAES-OAEP","rsaesOaep",NID_rsaesOaep,9,&(lvalues[5964]),0},
-{"dhpublicnumber","X9.42 DH",NID_dhpublicnumber,7,&(lvalues[5973]),0},
-{"brainpoolP160r1","brainpoolP160r1",NID_brainpoolP160r1,9,
-	&(lvalues[5980]),0},
-{"brainpoolP160t1","brainpoolP160t1",NID_brainpoolP160t1,9,
-	&(lvalues[5989]),0},
-{"brainpoolP192r1","brainpoolP192r1",NID_brainpoolP192r1,9,
-	&(lvalues[5998]),0},
-{"brainpoolP192t1","brainpoolP192t1",NID_brainpoolP192t1,9,
-	&(lvalues[6007]),0},
-{"brainpoolP224r1","brainpoolP224r1",NID_brainpoolP224r1,9,
-	&(lvalues[6016]),0},
-{"brainpoolP224t1","brainpoolP224t1",NID_brainpoolP224t1,9,
-	&(lvalues[6025]),0},
-{"brainpoolP256r1","brainpoolP256r1",NID_brainpoolP256r1,9,
-	&(lvalues[6034]),0},
-{"brainpoolP256t1","brainpoolP256t1",NID_brainpoolP256t1,9,
-	&(lvalues[6043]),0},
-{"brainpoolP320r1","brainpoolP320r1",NID_brainpoolP320r1,9,
-	&(lvalues[6052]),0},
-{"brainpoolP320t1","brainpoolP320t1",NID_brainpoolP320t1,9,
-	&(lvalues[6061]),0},
-{"brainpoolP384r1","brainpoolP384r1",NID_brainpoolP384r1,9,
-	&(lvalues[6070]),0},
-{"brainpoolP384t1","brainpoolP384t1",NID_brainpoolP384t1,9,
-	&(lvalues[6079]),0},
-{"brainpoolP512r1","brainpoolP512r1",NID_brainpoolP512r1,9,
-	&(lvalues[6088]),0},
-{"brainpoolP512t1","brainpoolP512t1",NID_brainpoolP512t1,9,
-	&(lvalues[6097]),0},
-{"PSPECIFIED","pSpecified",NID_pSpecified,9,&(lvalues[6106]),0},
-{"dhSinglePass-stdDH-sha1kdf-scheme",
-	"dhSinglePass-stdDH-sha1kdf-scheme",
-	NID_dhSinglePass_stdDH_sha1kdf_scheme,9,&(lvalues[6115]),0},
-{"dhSinglePass-stdDH-sha224kdf-scheme",
-	"dhSinglePass-stdDH-sha224kdf-scheme",
-	NID_dhSinglePass_stdDH_sha224kdf_scheme,6,&(lvalues[6124]),0},
-{"dhSinglePass-stdDH-sha256kdf-scheme",
-	"dhSinglePass-stdDH-sha256kdf-scheme",
-	NID_dhSinglePass_stdDH_sha256kdf_scheme,6,&(lvalues[6130]),0},
-{"dhSinglePass-stdDH-sha384kdf-scheme",
-	"dhSinglePass-stdDH-sha384kdf-scheme",
-	NID_dhSinglePass_stdDH_sha384kdf_scheme,6,&(lvalues[6136]),0},
-{"dhSinglePass-stdDH-sha512kdf-scheme",
-	"dhSinglePass-stdDH-sha512kdf-scheme",
-	NID_dhSinglePass_stdDH_sha512kdf_scheme,6,&(lvalues[6142]),0},
-{"dhSinglePass-cofactorDH-sha1kdf-scheme",
-	"dhSinglePass-cofactorDH-sha1kdf-scheme",
-	NID_dhSinglePass_cofactorDH_sha1kdf_scheme,9,&(lvalues[6148]),0},
-{"dhSinglePass-cofactorDH-sha224kdf-scheme",
-	"dhSinglePass-cofactorDH-sha224kdf-scheme",
-	NID_dhSinglePass_cofactorDH_sha224kdf_scheme,6,&(lvalues[6157]),0},
-{"dhSinglePass-cofactorDH-sha256kdf-scheme",
-	"dhSinglePass-cofactorDH-sha256kdf-scheme",
-	NID_dhSinglePass_cofactorDH_sha256kdf_scheme,6,&(lvalues[6163]),0},
-{"dhSinglePass-cofactorDH-sha384kdf-scheme",
-	"dhSinglePass-cofactorDH-sha384kdf-scheme",
-	NID_dhSinglePass_cofactorDH_sha384kdf_scheme,6,&(lvalues[6169]),0},
-{"dhSinglePass-cofactorDH-sha512kdf-scheme",
-	"dhSinglePass-cofactorDH-sha512kdf-scheme",
-	NID_dhSinglePass_cofactorDH_sha512kdf_scheme,6,&(lvalues[6175]),0},
-{"dh-std-kdf","dh-std-kdf",NID_dh_std_kdf,0,NULL,0},
-{"dh-cofactor-kdf","dh-cofactor-kdf",NID_dh_cofactor_kdf,0,NULL,0},
-{"AES-128-CBC-HMAC-SHA256","aes-128-cbc-hmac-sha256",
-	NID_aes_128_cbc_hmac_sha256,0,NULL,0},
-{"AES-192-CBC-HMAC-SHA256","aes-192-cbc-hmac-sha256",
-	NID_aes_192_cbc_hmac_sha256,0,NULL,0},
-{"AES-256-CBC-HMAC-SHA256","aes-256-cbc-hmac-sha256",
-	NID_aes_256_cbc_hmac_sha256,0,NULL,0},
-{"ct_precert_scts","CT Precertificate SCTs",NID_ct_precert_scts,10,
-	&(lvalues[6181]),0},
-{"ct_precert_poison","CT Precertificate Poison",NID_ct_precert_poison,
-	10,&(lvalues[6191]),0},
-{"ct_precert_signer","CT Precertificate Signer",NID_ct_precert_signer,
-	10,&(lvalues[6201]),0},
-{"ct_cert_scts","CT Certificate SCTs",NID_ct_cert_scts,10,
-	&(lvalues[6211]),0},
-{"jurisdictionL","jurisdictionLocalityName",
-	NID_jurisdictionLocalityName,11,&(lvalues[6221]),0},
-{"jurisdictionST","jurisdictionStateOrProvinceName",
-	NID_jurisdictionStateOrProvinceName,11,&(lvalues[6232]),0},
-{"jurisdictionC","jurisdictionCountryName",
-	NID_jurisdictionCountryName,11,&(lvalues[6243]),0},
+#define NUM_NID 1195
+static const ASN1_OBJECT nid_objs[NUM_NID] = {
+    {"UNDEF", "undefined", NID_undef},
+    {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]},
+    {"pkcs", "RSA Data Security, Inc. PKCS", NID_pkcs, 7, &so[6]},
+    {"MD2", "md2", NID_md2, 8, &so[13]},
+    {"MD5", "md5", NID_md5, 8, &so[21]},
+    {"RC4", "rc4", NID_rc4, 8, &so[29]},
+    {"rsaEncryption", "rsaEncryption", NID_rsaEncryption, 9, &so[37]},
+    {"RSA-MD2", "md2WithRSAEncryption", NID_md2WithRSAEncryption, 9, &so[46]},
+    {"RSA-MD5", "md5WithRSAEncryption", NID_md5WithRSAEncryption, 9, &so[55]},
+    {"PBE-MD2-DES", "pbeWithMD2AndDES-CBC", NID_pbeWithMD2AndDES_CBC, 9, &so[64]},
+    {"PBE-MD5-DES", "pbeWithMD5AndDES-CBC", NID_pbeWithMD5AndDES_CBC, 9, &so[73]},
+    {"X500", "directory services (X.500)", NID_X500, 1, &so[82]},
+    {"X509", "X509", NID_X509, 2, &so[83]},
+    {"CN", "commonName", NID_commonName, 3, &so[85]},
+    {"C", "countryName", NID_countryName, 3, &so[88]},
+    {"L", "localityName", NID_localityName, 3, &so[91]},
+    {"ST", "stateOrProvinceName", NID_stateOrProvinceName, 3, &so[94]},
+    {"O", "organizationName", NID_organizationName, 3, &so[97]},
+    {"OU", "organizationalUnitName", NID_organizationalUnitName, 3, &so[100]},
+    {"RSA", "rsa", NID_rsa, 4, &so[103]},
+    {"pkcs7", "pkcs7", NID_pkcs7, 8, &so[107]},
+    {"pkcs7-data", "pkcs7-data", NID_pkcs7_data, 9, &so[115]},
+    {"pkcs7-signedData", "pkcs7-signedData", NID_pkcs7_signed, 9, &so[124]},
+    {"pkcs7-envelopedData", "pkcs7-envelopedData", NID_pkcs7_enveloped, 9, &so[133]},
+    {"pkcs7-signedAndEnvelopedData", "pkcs7-signedAndEnvelopedData", NID_pkcs7_signedAndEnveloped, 9, &so[142]},
+    {"pkcs7-digestData", "pkcs7-digestData", NID_pkcs7_digest, 9, &so[151]},
+    {"pkcs7-encryptedData", "pkcs7-encryptedData", NID_pkcs7_encrypted, 9, &so[160]},
+    {"pkcs3", "pkcs3", NID_pkcs3, 8, &so[169]},
+    {"dhKeyAgreement", "dhKeyAgreement", NID_dhKeyAgreement, 9, &so[177]},
+    {"DES-ECB", "des-ecb", NID_des_ecb, 5, &so[186]},
+    {"DES-CFB", "des-cfb", NID_des_cfb64, 5, &so[191]},
+    {"DES-CBC", "des-cbc", NID_des_cbc, 5, &so[196]},
+    {"DES-EDE", "des-ede", NID_des_ede_ecb, 5, &so[201]},
+    {"DES-EDE3", "des-ede3", NID_des_ede3_ecb},
+    {"IDEA-CBC", "idea-cbc", NID_idea_cbc, 11, &so[206]},
+    {"IDEA-CFB", "idea-cfb", NID_idea_cfb64},
+    {"IDEA-ECB", "idea-ecb", NID_idea_ecb},
+    {"RC2-CBC", "rc2-cbc", NID_rc2_cbc, 8, &so[217]},
+    {"RC2-ECB", "rc2-ecb", NID_rc2_ecb},
+    {"RC2-CFB", "rc2-cfb", NID_rc2_cfb64},
+    {"RC2-OFB", "rc2-ofb", NID_rc2_ofb64},
+    {"SHA", "sha", NID_sha, 5, &so[225]},
+    {"RSA-SHA", "shaWithRSAEncryption", NID_shaWithRSAEncryption, 5, &so[230]},
+    {"DES-EDE-CBC", "des-ede-cbc", NID_des_ede_cbc},
+    {"DES-EDE3-CBC", "des-ede3-cbc", NID_des_ede3_cbc, 8, &so[235]},
+    {"DES-OFB", "des-ofb", NID_des_ofb64, 5, &so[243]},
+    {"IDEA-OFB", "idea-ofb", NID_idea_ofb64},
+    {"pkcs9", "pkcs9", NID_pkcs9, 8, &so[248]},
+    {"emailAddress", "emailAddress", NID_pkcs9_emailAddress, 9, &so[256]},
+    {"unstructuredName", "unstructuredName", NID_pkcs9_unstructuredName, 9, &so[265]},
+    {"contentType", "contentType", NID_pkcs9_contentType, 9, &so[274]},
+    {"messageDigest", "messageDigest", NID_pkcs9_messageDigest, 9, &so[283]},
+    {"signingTime", "signingTime", NID_pkcs9_signingTime, 9, &so[292]},
+    {"countersignature", "countersignature", NID_pkcs9_countersignature, 9, &so[301]},
+    {"challengePassword", "challengePassword", NID_pkcs9_challengePassword, 9, &so[310]},
+    {"unstructuredAddress", "unstructuredAddress", NID_pkcs9_unstructuredAddress, 9, &so[319]},
+    {"extendedCertificateAttributes", "extendedCertificateAttributes", NID_pkcs9_extCertAttributes, 9, &so[328]},
+    {"Netscape", "Netscape Communications Corp.", NID_netscape, 7, &so[337]},
+    {"nsCertExt", "Netscape Certificate Extension", NID_netscape_cert_extension, 8, &so[344]},
+    {"nsDataType", "Netscape Data Type", NID_netscape_data_type, 8, &so[352]},
+    {"DES-EDE-CFB", "des-ede-cfb", NID_des_ede_cfb64},
+    {"DES-EDE3-CFB", "des-ede3-cfb", NID_des_ede3_cfb64},
+    {"DES-EDE-OFB", "des-ede-ofb", NID_des_ede_ofb64},
+    {"DES-EDE3-OFB", "des-ede3-ofb", NID_des_ede3_ofb64},
+    {"SHA1", "sha1", NID_sha1, 5, &so[360]},
+    {"RSA-SHA1", "sha1WithRSAEncryption", NID_sha1WithRSAEncryption, 9, &so[365]},
+    {"DSA-SHA", "dsaWithSHA", NID_dsaWithSHA, 5, &so[374]},
+    {"DSA-old", "dsaEncryption-old", NID_dsa_2, 5, &so[379]},
+    {"PBE-SHA1-RC2-64", "pbeWithSHA1AndRC2-CBC", NID_pbeWithSHA1AndRC2_CBC, 9, &so[384]},
+    {"PBKDF2", "PBKDF2", NID_id_pbkdf2, 9, &so[393]},
+    {"DSA-SHA1-old", "dsaWithSHA1-old", NID_dsaWithSHA1_2, 5, &so[402]},
+    {"nsCertType", "Netscape Cert Type", NID_netscape_cert_type, 9, &so[407]},
+    {"nsBaseUrl", "Netscape Base Url", NID_netscape_base_url, 9, &so[416]},
+    {"nsRevocationUrl", "Netscape Revocation Url", NID_netscape_revocation_url, 9, &so[425]},
+    {"nsCaRevocationUrl", "Netscape CA Revocation Url", NID_netscape_ca_revocation_url, 9, &so[434]},
+    {"nsRenewalUrl", "Netscape Renewal Url", NID_netscape_renewal_url, 9, &so[443]},
+    {"nsCaPolicyUrl", "Netscape CA Policy Url", NID_netscape_ca_policy_url, 9, &so[452]},
+    {"nsSslServerName", "Netscape SSL Server Name", NID_netscape_ssl_server_name, 9, &so[461]},
+    {"nsComment", "Netscape Comment", NID_netscape_comment, 9, &so[470]},
+    {"nsCertSequence", "Netscape Certificate Sequence", NID_netscape_cert_sequence, 9, &so[479]},
+    {"DESX-CBC", "desx-cbc", NID_desx_cbc},
+    {"id-ce", "id-ce", NID_id_ce, 2, &so[488]},
+    {"subjectKeyIdentifier", "X509v3 Subject Key Identifier", NID_subject_key_identifier, 3, &so[490]},
+    {"keyUsage", "X509v3 Key Usage", NID_key_usage, 3, &so[493]},
+    {"privateKeyUsagePeriod", "X509v3 Private Key Usage Period", NID_private_key_usage_period, 3, &so[496]},
+    {"subjectAltName", "X509v3 Subject Alternative Name", NID_subject_alt_name, 3, &so[499]},
+    {"issuerAltName", "X509v3 Issuer Alternative Name", NID_issuer_alt_name, 3, &so[502]},
+    {"basicConstraints", "X509v3 Basic Constraints", NID_basic_constraints, 3, &so[505]},
+    {"crlNumber", "X509v3 CRL Number", NID_crl_number, 3, &so[508]},
+    {"certificatePolicies", "X509v3 Certificate Policies", NID_certificate_policies, 3, &so[511]},
+    {"authorityKeyIdentifier", "X509v3 Authority Key Identifier", NID_authority_key_identifier, 3, &so[514]},
+    {"BF-CBC", "bf-cbc", NID_bf_cbc, 9, &so[517]},
+    {"BF-ECB", "bf-ecb", NID_bf_ecb},
+    {"BF-CFB", "bf-cfb", NID_bf_cfb64},
+    {"BF-OFB", "bf-ofb", NID_bf_ofb64},
+    {"MDC2", "mdc2", NID_mdc2, 4, &so[526]},
+    {"RSA-MDC2", "mdc2WithRSA", NID_mdc2WithRSA, 4, &so[530]},
+    {"RC4-40", "rc4-40", NID_rc4_40},
+    {"RC2-40-CBC", "rc2-40-cbc", NID_rc2_40_cbc},
+    {"GN", "givenName", NID_givenName, 3, &so[534]},
+    {"SN", "surname", NID_surname, 3, &so[537]},
+    {"initials", "initials", NID_initials, 3, &so[540]},
+    {"uid", "uniqueIdentifier", NID_uniqueIdentifier, 10, &so[543]},
+    {"crlDistributionPoints", "X509v3 CRL Distribution Points", NID_crl_distribution_points, 3, &so[553]},
+    {"RSA-NP-MD5", "md5WithRSA", NID_md5WithRSA, 5, &so[556]},
+    {"serialNumber", "serialNumber", NID_serialNumber, 3, &so[561]},
+    {"title", "title", NID_title, 3, &so[564]},
+    {"description", "description", NID_description, 3, &so[567]},
+    {"CAST5-CBC", "cast5-cbc", NID_cast5_cbc, 9, &so[570]},
+    {"CAST5-ECB", "cast5-ecb", NID_cast5_ecb},
+    {"CAST5-CFB", "cast5-cfb", NID_cast5_cfb64},
+    {"CAST5-OFB", "cast5-ofb", NID_cast5_ofb64},
+    {"pbeWithMD5AndCast5CBC", "pbeWithMD5AndCast5CBC", NID_pbeWithMD5AndCast5_CBC, 9, &so[579]},
+    {"DSA-SHA1", "dsaWithSHA1", NID_dsaWithSHA1, 7, &so[588]},
+    {"MD5-SHA1", "md5-sha1", NID_md5_sha1},
+    {"RSA-SHA1-2", "sha1WithRSA", NID_sha1WithRSA, 5, &so[595]},
+    {"DSA", "dsaEncryption", NID_dsa, 7, &so[600]},
+    {"RIPEMD160", "ripemd160", NID_ripemd160, 5, &so[607]},
+    { NULL, NULL, NID_undef },
+    {"RSA-RIPEMD160", "ripemd160WithRSA", NID_ripemd160WithRSA, 6, &so[612]},
+    {"RC5-CBC", "rc5-cbc", NID_rc5_cbc, 8, &so[618]},
+    {"RC5-ECB", "rc5-ecb", NID_rc5_ecb},
+    {"RC5-CFB", "rc5-cfb", NID_rc5_cfb64},
+    {"RC5-OFB", "rc5-ofb", NID_rc5_ofb64},
+    { NULL, NULL, NID_undef },
+    {"ZLIB", "zlib compression", NID_zlib_compression, 11, &so[626]},
+    {"extendedKeyUsage", "X509v3 Extended Key Usage", NID_ext_key_usage, 3, &so[637]},
+    {"PKIX", "PKIX", NID_id_pkix, 6, &so[640]},
+    {"id-kp", "id-kp", NID_id_kp, 7, &so[646]},
+    {"serverAuth", "TLS Web Server Authentication", NID_server_auth, 8, &so[653]},
+    {"clientAuth", "TLS Web Client Authentication", NID_client_auth, 8, &so[661]},
+    {"codeSigning", "Code Signing", NID_code_sign, 8, &so[669]},
+    {"emailProtection", "E-mail Protection", NID_email_protect, 8, &so[677]},
+    {"timeStamping", "Time Stamping", NID_time_stamp, 8, &so[685]},
+    {"msCodeInd", "Microsoft Individual Code Signing", NID_ms_code_ind, 10, &so[693]},
+    {"msCodeCom", "Microsoft Commercial Code Signing", NID_ms_code_com, 10, &so[703]},
+    {"msCTLSign", "Microsoft Trust List Signing", NID_ms_ctl_sign, 10, &so[713]},
+    {"msSGC", "Microsoft Server Gated Crypto", NID_ms_sgc, 10, &so[723]},
+    {"msEFS", "Microsoft Encrypted File System", NID_ms_efs, 10, &so[733]},
+    {"nsSGC", "Netscape Server Gated Crypto", NID_ns_sgc, 9, &so[743]},
+    {"deltaCRL", "X509v3 Delta CRL Indicator", NID_delta_crl, 3, &so[752]},
+    {"CRLReason", "X509v3 CRL Reason Code", NID_crl_reason, 3, &so[755]},
+    {"invalidityDate", "Invalidity Date", NID_invalidity_date, 3, &so[758]},
+    {"SXNetID", "Strong Extranet ID", NID_sxnet, 5, &so[761]},
+    {"PBE-SHA1-RC4-128", "pbeWithSHA1And128BitRC4", NID_pbe_WithSHA1And128BitRC4, 10, &so[766]},
+    {"PBE-SHA1-RC4-40", "pbeWithSHA1And40BitRC4", NID_pbe_WithSHA1And40BitRC4, 10, &so[776]},
+    {"PBE-SHA1-3DES", "pbeWithSHA1And3-KeyTripleDES-CBC", NID_pbe_WithSHA1And3_Key_TripleDES_CBC, 10, &so[786]},
+    {"PBE-SHA1-2DES", "pbeWithSHA1And2-KeyTripleDES-CBC", NID_pbe_WithSHA1And2_Key_TripleDES_CBC, 10, &so[796]},
+    {"PBE-SHA1-RC2-128", "pbeWithSHA1And128BitRC2-CBC", NID_pbe_WithSHA1And128BitRC2_CBC, 10, &so[806]},
+    {"PBE-SHA1-RC2-40", "pbeWithSHA1And40BitRC2-CBC", NID_pbe_WithSHA1And40BitRC2_CBC, 10, &so[816]},
+    {"keyBag", "keyBag", NID_keyBag, 11, &so[826]},
+    {"pkcs8ShroudedKeyBag", "pkcs8ShroudedKeyBag", NID_pkcs8ShroudedKeyBag, 11, &so[837]},
+    {"certBag", "certBag", NID_certBag, 11, &so[848]},
+    {"crlBag", "crlBag", NID_crlBag, 11, &so[859]},
+    {"secretBag", "secretBag", NID_secretBag, 11, &so[870]},
+    {"safeContentsBag", "safeContentsBag", NID_safeContentsBag, 11, &so[881]},
+    {"friendlyName", "friendlyName", NID_friendlyName, 9, &so[892]},
+    {"localKeyID", "localKeyID", NID_localKeyID, 9, &so[901]},
+    {"x509Certificate", "x509Certificate", NID_x509Certificate, 10, &so[910]},
+    {"sdsiCertificate", "sdsiCertificate", NID_sdsiCertificate, 10, &so[920]},
+    {"x509Crl", "x509Crl", NID_x509Crl, 10, &so[930]},
+    {"PBES2", "PBES2", NID_pbes2, 9, &so[940]},
+    {"PBMAC1", "PBMAC1", NID_pbmac1, 9, &so[949]},
+    {"hmacWithSHA1", "hmacWithSHA1", NID_hmacWithSHA1, 8, &so[958]},
+    {"id-qt-cps", "Policy Qualifier CPS", NID_id_qt_cps, 8, &so[966]},
+    {"id-qt-unotice", "Policy Qualifier User Notice", NID_id_qt_unotice, 8, &so[974]},
+    {"RC2-64-CBC", "rc2-64-cbc", NID_rc2_64_cbc},
+    {"SMIME-CAPS", "S/MIME Capabilities", NID_SMIMECapabilities, 9, &so[982]},
+    {"PBE-MD2-RC2-64", "pbeWithMD2AndRC2-CBC", NID_pbeWithMD2AndRC2_CBC, 9, &so[991]},
+    {"PBE-MD5-RC2-64", "pbeWithMD5AndRC2-CBC", NID_pbeWithMD5AndRC2_CBC, 9, &so[1000]},
+    {"PBE-SHA1-DES", "pbeWithSHA1AndDES-CBC", NID_pbeWithSHA1AndDES_CBC, 9, &so[1009]},
+    {"msExtReq", "Microsoft Extension Request", NID_ms_ext_req, 10, &so[1018]},
+    {"extReq", "Extension Request", NID_ext_req, 9, &so[1028]},
+    {"name", "name", NID_name, 3, &so[1037]},
+    {"dnQualifier", "dnQualifier", NID_dnQualifier, 3, &so[1040]},
+    {"id-pe", "id-pe", NID_id_pe, 7, &so[1043]},
+    {"id-ad", "id-ad", NID_id_ad, 7, &so[1050]},
+    {"authorityInfoAccess", "Authority Information Access", NID_info_access, 8, &so[1057]},
+    {"OCSP", "OCSP", NID_ad_OCSP, 8, &so[1065]},
+    {"caIssuers", "CA Issuers", NID_ad_ca_issuers, 8, &so[1073]},
+    {"OCSPSigning", "OCSP Signing", NID_OCSP_sign, 8, &so[1081]},
+    {"ISO", "iso", NID_iso},
+    {"member-body", "ISO Member Body", NID_member_body, 1, &so[1089]},
+    {"ISO-US", "ISO US Member Body", NID_ISO_US, 3, &so[1090]},
+    {"X9-57", "X9.57", NID_X9_57, 5, &so[1093]},
+    {"X9cm", "X9.57 CM ?", NID_X9cm, 6, &so[1098]},
+    {"pkcs1", "pkcs1", NID_pkcs1, 8, &so[1104]},
+    {"pkcs5", "pkcs5", NID_pkcs5, 8, &so[1112]},
+    {"SMIME", "S/MIME", NID_SMIME, 9, &so[1120]},
+    {"id-smime-mod", "id-smime-mod", NID_id_smime_mod, 10, &so[1129]},
+    {"id-smime-ct", "id-smime-ct", NID_id_smime_ct, 10, &so[1139]},
+    {"id-smime-aa", "id-smime-aa", NID_id_smime_aa, 10, &so[1149]},
+    {"id-smime-alg", "id-smime-alg", NID_id_smime_alg, 10, &so[1159]},
+    {"id-smime-cd", "id-smime-cd", NID_id_smime_cd, 10, &so[1169]},
+    {"id-smime-spq", "id-smime-spq", NID_id_smime_spq, 10, &so[1179]},
+    {"id-smime-cti", "id-smime-cti", NID_id_smime_cti, 10, &so[1189]},
+    {"id-smime-mod-cms", "id-smime-mod-cms", NID_id_smime_mod_cms, 11, &so[1199]},
+    {"id-smime-mod-ess", "id-smime-mod-ess", NID_id_smime_mod_ess, 11, &so[1210]},
+    {"id-smime-mod-oid", "id-smime-mod-oid", NID_id_smime_mod_oid, 11, &so[1221]},
+    {"id-smime-mod-msg-v3", "id-smime-mod-msg-v3", NID_id_smime_mod_msg_v3, 11, &so[1232]},
+    {"id-smime-mod-ets-eSignature-88", "id-smime-mod-ets-eSignature-88", NID_id_smime_mod_ets_eSignature_88, 11, &so[1243]},
+    {"id-smime-mod-ets-eSignature-97", "id-smime-mod-ets-eSignature-97", NID_id_smime_mod_ets_eSignature_97, 11, &so[1254]},
+    {"id-smime-mod-ets-eSigPolicy-88", "id-smime-mod-ets-eSigPolicy-88", NID_id_smime_mod_ets_eSigPolicy_88, 11, &so[1265]},
+    {"id-smime-mod-ets-eSigPolicy-97", "id-smime-mod-ets-eSigPolicy-97", NID_id_smime_mod_ets_eSigPolicy_97, 11, &so[1276]},
+    {"id-smime-ct-receipt", "id-smime-ct-receipt", NID_id_smime_ct_receipt, 11, &so[1287]},
+    {"id-smime-ct-authData", "id-smime-ct-authData", NID_id_smime_ct_authData, 11, &so[1298]},
+    {"id-smime-ct-publishCert", "id-smime-ct-publishCert", NID_id_smime_ct_publishCert, 11, &so[1309]},
+    {"id-smime-ct-TSTInfo", "id-smime-ct-TSTInfo", NID_id_smime_ct_TSTInfo, 11, &so[1320]},
+    {"id-smime-ct-TDTInfo", "id-smime-ct-TDTInfo", NID_id_smime_ct_TDTInfo, 11, &so[1331]},
+    {"id-smime-ct-contentInfo", "id-smime-ct-contentInfo", NID_id_smime_ct_contentInfo, 11, &so[1342]},
+    {"id-smime-ct-DVCSRequestData", "id-smime-ct-DVCSRequestData", NID_id_smime_ct_DVCSRequestData, 11, &so[1353]},
+    {"id-smime-ct-DVCSResponseData", "id-smime-ct-DVCSResponseData", NID_id_smime_ct_DVCSResponseData, 11, &so[1364]},
+    {"id-smime-aa-receiptRequest", "id-smime-aa-receiptRequest", NID_id_smime_aa_receiptRequest, 11, &so[1375]},
+    {"id-smime-aa-securityLabel", "id-smime-aa-securityLabel", NID_id_smime_aa_securityLabel, 11, &so[1386]},
+    {"id-smime-aa-mlExpandHistory", "id-smime-aa-mlExpandHistory", NID_id_smime_aa_mlExpandHistory, 11, &so[1397]},
+    {"id-smime-aa-contentHint", "id-smime-aa-contentHint", NID_id_smime_aa_contentHint, 11, &so[1408]},
+    {"id-smime-aa-msgSigDigest", "id-smime-aa-msgSigDigest", NID_id_smime_aa_msgSigDigest, 11, &so[1419]},
+    {"id-smime-aa-encapContentType", "id-smime-aa-encapContentType", NID_id_smime_aa_encapContentType, 11, &so[1430]},
+    {"id-smime-aa-contentIdentifier", "id-smime-aa-contentIdentifier", NID_id_smime_aa_contentIdentifier, 11, &so[1441]},
+    {"id-smime-aa-macValue", "id-smime-aa-macValue", NID_id_smime_aa_macValue, 11, &so[1452]},
+    {"id-smime-aa-equivalentLabels", "id-smime-aa-equivalentLabels", NID_id_smime_aa_equivalentLabels, 11, &so[1463]},
+    {"id-smime-aa-contentReference", "id-smime-aa-contentReference", NID_id_smime_aa_contentReference, 11, &so[1474]},
+    {"id-smime-aa-encrypKeyPref", "id-smime-aa-encrypKeyPref", NID_id_smime_aa_encrypKeyPref, 11, &so[1485]},
+    {"id-smime-aa-signingCertificate", "id-smime-aa-signingCertificate", NID_id_smime_aa_signingCertificate, 11, &so[1496]},
+    {"id-smime-aa-smimeEncryptCerts", "id-smime-aa-smimeEncryptCerts", NID_id_smime_aa_smimeEncryptCerts, 11, &so[1507]},
+    {"id-smime-aa-timeStampToken", "id-smime-aa-timeStampToken", NID_id_smime_aa_timeStampToken, 11, &so[1518]},
+    {"id-smime-aa-ets-sigPolicyId", "id-smime-aa-ets-sigPolicyId", NID_id_smime_aa_ets_sigPolicyId, 11, &so[1529]},
+    {"id-smime-aa-ets-commitmentType", "id-smime-aa-ets-commitmentType", NID_id_smime_aa_ets_commitmentType, 11, &so[1540]},
+    {"id-smime-aa-ets-signerLocation", "id-smime-aa-ets-signerLocation", NID_id_smime_aa_ets_signerLocation, 11, &so[1551]},
+    {"id-smime-aa-ets-signerAttr", "id-smime-aa-ets-signerAttr", NID_id_smime_aa_ets_signerAttr, 11, &so[1562]},
+    {"id-smime-aa-ets-otherSigCert", "id-smime-aa-ets-otherSigCert", NID_id_smime_aa_ets_otherSigCert, 11, &so[1573]},
+    {"id-smime-aa-ets-contentTimestamp", "id-smime-aa-ets-contentTimestamp", NID_id_smime_aa_ets_contentTimestamp, 11, &so[1584]},
+    {"id-smime-aa-ets-CertificateRefs", "id-smime-aa-ets-CertificateRefs", NID_id_smime_aa_ets_CertificateRefs, 11, &so[1595]},
+    {"id-smime-aa-ets-RevocationRefs", "id-smime-aa-ets-RevocationRefs", NID_id_smime_aa_ets_RevocationRefs, 11, &so[1606]},
+    {"id-smime-aa-ets-certValues", "id-smime-aa-ets-certValues", NID_id_smime_aa_ets_certValues, 11, &so[1617]},
+    {"id-smime-aa-ets-revocationValues", "id-smime-aa-ets-revocationValues", NID_id_smime_aa_ets_revocationValues, 11, &so[1628]},
+    {"id-smime-aa-ets-escTimeStamp", "id-smime-aa-ets-escTimeStamp", NID_id_smime_aa_ets_escTimeStamp, 11, &so[1639]},
+    {"id-smime-aa-ets-certCRLTimestamp", "id-smime-aa-ets-certCRLTimestamp", NID_id_smime_aa_ets_certCRLTimestamp, 11, &so[1650]},
+    {"id-smime-aa-ets-archiveTimeStamp", "id-smime-aa-ets-archiveTimeStamp", NID_id_smime_aa_ets_archiveTimeStamp, 11, &so[1661]},
+    {"id-smime-aa-signatureType", "id-smime-aa-signatureType", NID_id_smime_aa_signatureType, 11, &so[1672]},
+    {"id-smime-aa-dvcs-dvc", "id-smime-aa-dvcs-dvc", NID_id_smime_aa_dvcs_dvc, 11, &so[1683]},
+    {"id-smime-alg-ESDHwith3DES", "id-smime-alg-ESDHwith3DES", NID_id_smime_alg_ESDHwith3DES, 11, &so[1694]},
+    {"id-smime-alg-ESDHwithRC2", "id-smime-alg-ESDHwithRC2", NID_id_smime_alg_ESDHwithRC2, 11, &so[1705]},
+    {"id-smime-alg-3DESwrap", "id-smime-alg-3DESwrap", NID_id_smime_alg_3DESwrap, 11, &so[1716]},
+    {"id-smime-alg-RC2wrap", "id-smime-alg-RC2wrap", NID_id_smime_alg_RC2wrap, 11, &so[1727]},
+    {"id-smime-alg-ESDH", "id-smime-alg-ESDH", NID_id_smime_alg_ESDH, 11, &so[1738]},
+    {"id-smime-alg-CMS3DESwrap", "id-smime-alg-CMS3DESwrap", NID_id_smime_alg_CMS3DESwrap, 11, &so[1749]},
+    {"id-smime-alg-CMSRC2wrap", "id-smime-alg-CMSRC2wrap", NID_id_smime_alg_CMSRC2wrap, 11, &so[1760]},
+    {"id-smime-cd-ldap", "id-smime-cd-ldap", NID_id_smime_cd_ldap, 11, &so[1771]},
+    {"id-smime-spq-ets-sqt-uri", "id-smime-spq-ets-sqt-uri", NID_id_smime_spq_ets_sqt_uri, 11, &so[1782]},
+    {"id-smime-spq-ets-sqt-unotice", "id-smime-spq-ets-sqt-unotice", NID_id_smime_spq_ets_sqt_unotice, 11, &so[1793]},
+    {"id-smime-cti-ets-proofOfOrigin", "id-smime-cti-ets-proofOfOrigin", NID_id_smime_cti_ets_proofOfOrigin, 11, &so[1804]},
+    {"id-smime-cti-ets-proofOfReceipt", "id-smime-cti-ets-proofOfReceipt", NID_id_smime_cti_ets_proofOfReceipt, 11, &so[1815]},
+    {"id-smime-cti-ets-proofOfDelivery", "id-smime-cti-ets-proofOfDelivery", NID_id_smime_cti_ets_proofOfDelivery, 11, &so[1826]},
+    {"id-smime-cti-ets-proofOfSender", "id-smime-cti-ets-proofOfSender", NID_id_smime_cti_ets_proofOfSender, 11, &so[1837]},
+    {"id-smime-cti-ets-proofOfApproval", "id-smime-cti-ets-proofOfApproval", NID_id_smime_cti_ets_proofOfApproval, 11, &so[1848]},
+    {"id-smime-cti-ets-proofOfCreation", "id-smime-cti-ets-proofOfCreation", NID_id_smime_cti_ets_proofOfCreation, 11, &so[1859]},
+    {"MD4", "md4", NID_md4, 8, &so[1870]},
+    {"id-pkix-mod", "id-pkix-mod", NID_id_pkix_mod, 7, &so[1878]},
+    {"id-qt", "id-qt", NID_id_qt, 7, &so[1885]},
+    {"id-it", "id-it", NID_id_it, 7, &so[1892]},
+    {"id-pkip", "id-pkip", NID_id_pkip, 7, &so[1899]},
+    {"id-alg", "id-alg", NID_id_alg, 7, &so[1906]},
+    {"id-cmc", "id-cmc", NID_id_cmc, 7, &so[1913]},
+    {"id-on", "id-on", NID_id_on, 7, &so[1920]},
+    {"id-pda", "id-pda", NID_id_pda, 7, &so[1927]},
+    {"id-aca", "id-aca", NID_id_aca, 7, &so[1934]},
+    {"id-qcs", "id-qcs", NID_id_qcs, 7, &so[1941]},
+    {"id-cct", "id-cct", NID_id_cct, 7, &so[1948]},
+    {"id-pkix1-explicit-88", "id-pkix1-explicit-88", NID_id_pkix1_explicit_88, 8, &so[1955]},
+    {"id-pkix1-implicit-88", "id-pkix1-implicit-88", NID_id_pkix1_implicit_88, 8, &so[1963]},
+    {"id-pkix1-explicit-93", "id-pkix1-explicit-93", NID_id_pkix1_explicit_93, 8, &so[1971]},
+    {"id-pkix1-implicit-93", "id-pkix1-implicit-93", NID_id_pkix1_implicit_93, 8, &so[1979]},
+    {"id-mod-crmf", "id-mod-crmf", NID_id_mod_crmf, 8, &so[1987]},
+    {"id-mod-cmc", "id-mod-cmc", NID_id_mod_cmc, 8, &so[1995]},
+    {"id-mod-kea-profile-88", "id-mod-kea-profile-88", NID_id_mod_kea_profile_88, 8, &so[2003]},
+    {"id-mod-kea-profile-93", "id-mod-kea-profile-93", NID_id_mod_kea_profile_93, 8, &so[2011]},
+    {"id-mod-cmp", "id-mod-cmp", NID_id_mod_cmp, 8, &so[2019]},
+    {"id-mod-qualified-cert-88", "id-mod-qualified-cert-88", NID_id_mod_qualified_cert_88, 8, &so[2027]},
+    {"id-mod-qualified-cert-93", "id-mod-qualified-cert-93", NID_id_mod_qualified_cert_93, 8, &so[2035]},
+    {"id-mod-attribute-cert", "id-mod-attribute-cert", NID_id_mod_attribute_cert, 8, &so[2043]},
+    {"id-mod-timestamp-protocol", "id-mod-timestamp-protocol", NID_id_mod_timestamp_protocol, 8, &so[2051]},
+    {"id-mod-ocsp", "id-mod-ocsp", NID_id_mod_ocsp, 8, &so[2059]},
+    {"id-mod-dvcs", "id-mod-dvcs", NID_id_mod_dvcs, 8, &so[2067]},
+    {"id-mod-cmp2000", "id-mod-cmp2000", NID_id_mod_cmp2000, 8, &so[2075]},
+    {"biometricInfo", "Biometric Info", NID_biometricInfo, 8, &so[2083]},
+    {"qcStatements", "qcStatements", NID_qcStatements, 8, &so[2091]},
+    {"ac-auditEntity", "ac-auditEntity", NID_ac_auditEntity, 8, &so[2099]},
+    {"ac-targeting", "ac-targeting", NID_ac_targeting, 8, &so[2107]},
+    {"aaControls", "aaControls", NID_aaControls, 8, &so[2115]},
+    {"sbgp-ipAddrBlock", "sbgp-ipAddrBlock", NID_sbgp_ipAddrBlock, 8, &so[2123]},
+    {"sbgp-autonomousSysNum", "sbgp-autonomousSysNum", NID_sbgp_autonomousSysNum, 8, &so[2131]},
+    {"sbgp-routerIdentifier", "sbgp-routerIdentifier", NID_sbgp_routerIdentifier, 8, &so[2139]},
+    {"textNotice", "textNotice", NID_textNotice, 8, &so[2147]},
+    {"ipsecEndSystem", "IPSec End System", NID_ipsecEndSystem, 8, &so[2155]},
+    {"ipsecTunnel", "IPSec Tunnel", NID_ipsecTunnel, 8, &so[2163]},
+    {"ipsecUser", "IPSec User", NID_ipsecUser, 8, &so[2171]},
+    {"DVCS", "dvcs", NID_dvcs, 8, &so[2179]},
+    {"id-it-caProtEncCert", "id-it-caProtEncCert", NID_id_it_caProtEncCert, 8, &so[2187]},
+    {"id-it-signKeyPairTypes", "id-it-signKeyPairTypes", NID_id_it_signKeyPairTypes, 8, &so[2195]},
+    {"id-it-encKeyPairTypes", "id-it-encKeyPairTypes", NID_id_it_encKeyPairTypes, 8, &so[2203]},
+    {"id-it-preferredSymmAlg", "id-it-preferredSymmAlg", NID_id_it_preferredSymmAlg, 8, &so[2211]},
+    {"id-it-caKeyUpdateInfo", "id-it-caKeyUpdateInfo", NID_id_it_caKeyUpdateInfo, 8, &so[2219]},
+    {"id-it-currentCRL", "id-it-currentCRL", NID_id_it_currentCRL, 8, &so[2227]},
+    {"id-it-unsupportedOIDs", "id-it-unsupportedOIDs", NID_id_it_unsupportedOIDs, 8, &so[2235]},
+    {"id-it-subscriptionRequest", "id-it-subscriptionRequest", NID_id_it_subscriptionRequest, 8, &so[2243]},
+    {"id-it-subscriptionResponse", "id-it-subscriptionResponse", NID_id_it_subscriptionResponse, 8, &so[2251]},
+    {"id-it-keyPairParamReq", "id-it-keyPairParamReq", NID_id_it_keyPairParamReq, 8, &so[2259]},
+    {"id-it-keyPairParamRep", "id-it-keyPairParamRep", NID_id_it_keyPairParamRep, 8, &so[2267]},
+    {"id-it-revPassphrase", "id-it-revPassphrase", NID_id_it_revPassphrase, 8, &so[2275]},
+    {"id-it-implicitConfirm", "id-it-implicitConfirm", NID_id_it_implicitConfirm, 8, &so[2283]},
+    {"id-it-confirmWaitTime", "id-it-confirmWaitTime", NID_id_it_confirmWaitTime, 8, &so[2291]},
+    {"id-it-origPKIMessage", "id-it-origPKIMessage", NID_id_it_origPKIMessage, 8, &so[2299]},
+    {"id-regCtrl", "id-regCtrl", NID_id_regCtrl, 8, &so[2307]},
+    {"id-regInfo", "id-regInfo", NID_id_regInfo, 8, &so[2315]},
+    {"id-regCtrl-regToken", "id-regCtrl-regToken", NID_id_regCtrl_regToken, 9, &so[2323]},
+    {"id-regCtrl-authenticator", "id-regCtrl-authenticator", NID_id_regCtrl_authenticator, 9, &so[2332]},
+    {"id-regCtrl-pkiPublicationInfo", "id-regCtrl-pkiPublicationInfo", NID_id_regCtrl_pkiPublicationInfo, 9, &so[2341]},
+    {"id-regCtrl-pkiArchiveOptions", "id-regCtrl-pkiArchiveOptions", NID_id_regCtrl_pkiArchiveOptions, 9, &so[2350]},
+    {"id-regCtrl-oldCertID", "id-regCtrl-oldCertID", NID_id_regCtrl_oldCertID, 9, &so[2359]},
+    {"id-regCtrl-protocolEncrKey", "id-regCtrl-protocolEncrKey", NID_id_regCtrl_protocolEncrKey, 9, &so[2368]},
+    {"id-regInfo-utf8Pairs", "id-regInfo-utf8Pairs", NID_id_regInfo_utf8Pairs, 9, &so[2377]},
+    {"id-regInfo-certReq", "id-regInfo-certReq", NID_id_regInfo_certReq, 9, &so[2386]},
+    {"id-alg-des40", "id-alg-des40", NID_id_alg_des40, 8, &so[2395]},
+    {"id-alg-noSignature", "id-alg-noSignature", NID_id_alg_noSignature, 8, &so[2403]},
+    {"id-alg-dh-sig-hmac-sha1", "id-alg-dh-sig-hmac-sha1", NID_id_alg_dh_sig_hmac_sha1, 8, &so[2411]},
+    {"id-alg-dh-pop", "id-alg-dh-pop", NID_id_alg_dh_pop, 8, &so[2419]},
+    {"id-cmc-statusInfo", "id-cmc-statusInfo", NID_id_cmc_statusInfo, 8, &so[2427]},
+    {"id-cmc-identification", "id-cmc-identification", NID_id_cmc_identification, 8, &so[2435]},
+    {"id-cmc-identityProof", "id-cmc-identityProof", NID_id_cmc_identityProof, 8, &so[2443]},
+    {"id-cmc-dataReturn", "id-cmc-dataReturn", NID_id_cmc_dataReturn, 8, &so[2451]},
+    {"id-cmc-transactionId", "id-cmc-transactionId", NID_id_cmc_transactionId, 8, &so[2459]},
+    {"id-cmc-senderNonce", "id-cmc-senderNonce", NID_id_cmc_senderNonce, 8, &so[2467]},
+    {"id-cmc-recipientNonce", "id-cmc-recipientNonce", NID_id_cmc_recipientNonce, 8, &so[2475]},
+    {"id-cmc-addExtensions", "id-cmc-addExtensions", NID_id_cmc_addExtensions, 8, &so[2483]},
+    {"id-cmc-encryptedPOP", "id-cmc-encryptedPOP", NID_id_cmc_encryptedPOP, 8, &so[2491]},
+    {"id-cmc-decryptedPOP", "id-cmc-decryptedPOP", NID_id_cmc_decryptedPOP, 8, &so[2499]},
+    {"id-cmc-lraPOPWitness", "id-cmc-lraPOPWitness", NID_id_cmc_lraPOPWitness, 8, &so[2507]},
+    {"id-cmc-getCert", "id-cmc-getCert", NID_id_cmc_getCert, 8, &so[2515]},
+    {"id-cmc-getCRL", "id-cmc-getCRL", NID_id_cmc_getCRL, 8, &so[2523]},
+    {"id-cmc-revokeRequest", "id-cmc-revokeRequest", NID_id_cmc_revokeRequest, 8, &so[2531]},
+    {"id-cmc-regInfo", "id-cmc-regInfo", NID_id_cmc_regInfo, 8, &so[2539]},
+    {"id-cmc-responseInfo", "id-cmc-responseInfo", NID_id_cmc_responseInfo, 8, &so[2547]},
+    {"id-cmc-queryPending", "id-cmc-queryPending", NID_id_cmc_queryPending, 8, &so[2555]},
+    {"id-cmc-popLinkRandom", "id-cmc-popLinkRandom", NID_id_cmc_popLinkRandom, 8, &so[2563]},
+    {"id-cmc-popLinkWitness", "id-cmc-popLinkWitness", NID_id_cmc_popLinkWitness, 8, &so[2571]},
+    {"id-cmc-confirmCertAcceptance", "id-cmc-confirmCertAcceptance", NID_id_cmc_confirmCertAcceptance, 8, &so[2579]},
+    {"id-on-personalData", "id-on-personalData", NID_id_on_personalData, 8, &so[2587]},
+    {"id-pda-dateOfBirth", "id-pda-dateOfBirth", NID_id_pda_dateOfBirth, 8, &so[2595]},
+    {"id-pda-placeOfBirth", "id-pda-placeOfBirth", NID_id_pda_placeOfBirth, 8, &so[2603]},
+    { NULL, NULL, NID_undef },
+    {"id-pda-gender", "id-pda-gender", NID_id_pda_gender, 8, &so[2611]},
+    {"id-pda-countryOfCitizenship", "id-pda-countryOfCitizenship", NID_id_pda_countryOfCitizenship, 8, &so[2619]},
+    {"id-pda-countryOfResidence", "id-pda-countryOfResidence", NID_id_pda_countryOfResidence, 8, &so[2627]},
+    {"id-aca-authenticationInfo", "id-aca-authenticationInfo", NID_id_aca_authenticationInfo, 8, &so[2635]},
+    {"id-aca-accessIdentity", "id-aca-accessIdentity", NID_id_aca_accessIdentity, 8, &so[2643]},
+    {"id-aca-chargingIdentity", "id-aca-chargingIdentity", NID_id_aca_chargingIdentity, 8, &so[2651]},
+    {"id-aca-group", "id-aca-group", NID_id_aca_group, 8, &so[2659]},
+    {"id-aca-role", "id-aca-role", NID_id_aca_role, 8, &so[2667]},
+    {"id-qcs-pkixQCSyntax-v1", "id-qcs-pkixQCSyntax-v1", NID_id_qcs_pkixQCSyntax_v1, 8, &so[2675]},
+    {"id-cct-crs", "id-cct-crs", NID_id_cct_crs, 8, &so[2683]},
+    {"id-cct-PKIData", "id-cct-PKIData", NID_id_cct_PKIData, 8, &so[2691]},
+    {"id-cct-PKIResponse", "id-cct-PKIResponse", NID_id_cct_PKIResponse, 8, &so[2699]},
+    {"ad_timestamping", "AD Time Stamping", NID_ad_timeStamping, 8, &so[2707]},
+    {"AD_DVCS", "ad dvcs", NID_ad_dvcs, 8, &so[2715]},
+    {"basicOCSPResponse", "Basic OCSP Response", NID_id_pkix_OCSP_basic, 9, &so[2723]},
+    {"Nonce", "OCSP Nonce", NID_id_pkix_OCSP_Nonce, 9, &so[2732]},
+    {"CrlID", "OCSP CRL ID", NID_id_pkix_OCSP_CrlID, 9, &so[2741]},
+    {"acceptableResponses", "Acceptable OCSP Responses", NID_id_pkix_OCSP_acceptableResponses, 9, &so[2750]},
+    {"noCheck", "OCSP No Check", NID_id_pkix_OCSP_noCheck, 9, &so[2759]},
+    {"archiveCutoff", "OCSP Archive Cutoff", NID_id_pkix_OCSP_archiveCutoff, 9, &so[2768]},
+    {"serviceLocator", "OCSP Service Locator", NID_id_pkix_OCSP_serviceLocator, 9, &so[2777]},
+    {"extendedStatus", "Extended OCSP Status", NID_id_pkix_OCSP_extendedStatus, 9, &so[2786]},
+    {"valid", "valid", NID_id_pkix_OCSP_valid, 9, &so[2795]},
+    {"path", "path", NID_id_pkix_OCSP_path, 9, &so[2804]},
+    {"trustRoot", "Trust Root", NID_id_pkix_OCSP_trustRoot, 9, &so[2813]},
+    {"algorithm", "algorithm", NID_algorithm, 4, &so[2822]},
+    {"rsaSignature", "rsaSignature", NID_rsaSignature, 5, &so[2826]},
+    {"X500algorithms", "directory services - algorithms", NID_X500algorithms, 2, &so[2831]},
+    {"ORG", "org", NID_org, 1, &so[2833]},
+    {"DOD", "dod", NID_dod, 2, &so[2834]},
+    {"IANA", "iana", NID_iana, 3, &so[2836]},
+    {"directory", "Directory", NID_Directory, 4, &so[2839]},
+    {"mgmt", "Management", NID_Management, 4, &so[2843]},
+    {"experimental", "Experimental", NID_Experimental, 4, &so[2847]},
+    {"private", "Private", NID_Private, 4, &so[2851]},
+    {"security", "Security", NID_Security, 4, &so[2855]},
+    {"snmpv2", "SNMPv2", NID_SNMPv2, 4, &so[2859]},
+    {"Mail", "Mail", NID_Mail, 4, &so[2863]},
+    {"enterprises", "Enterprises", NID_Enterprises, 5, &so[2867]},
+    {"dcobject", "dcObject", NID_dcObject, 9, &so[2872]},
+    {"DC", "domainComponent", NID_domainComponent, 10, &so[2881]},
+    {"domain", "Domain", NID_Domain, 10, &so[2891]},
+    {"NULL", "NULL", NID_joint_iso_ccitt},
+    {"selected-attribute-types", "Selected Attribute Types", NID_selected_attribute_types, 3, &so[2901]},
+    {"clearance", "clearance", NID_clearance, 4, &so[2904]},
+    {"RSA-MD4", "md4WithRSAEncryption", NID_md4WithRSAEncryption, 9, &so[2908]},
+    {"ac-proxying", "ac-proxying", NID_ac_proxying, 8, &so[2917]},
+    {"subjectInfoAccess", "Subject Information Access", NID_sinfo_access, 8, &so[2925]},
+    {"id-aca-encAttrs", "id-aca-encAttrs", NID_id_aca_encAttrs, 8, &so[2933]},
+    {"role", "role", NID_role, 3, &so[2941]},
+    {"policyConstraints", "X509v3 Policy Constraints", NID_policy_constraints, 3, &so[2944]},
+    {"targetInformation", "X509v3 AC Targeting", NID_target_information, 3, &so[2947]},
+    {"noRevAvail", "X509v3 No Revocation Available", NID_no_rev_avail, 3, &so[2950]},
+    {"NULL", "NULL", NID_ccitt},
+    {"ansi-X9-62", "ANSI X9.62", NID_ansi_X9_62, 5, &so[2953]},
+    {"prime-field", "prime-field", NID_X9_62_prime_field, 7, &so[2958]},
+    {"characteristic-two-field", "characteristic-two-field", NID_X9_62_characteristic_two_field, 7, &so[2965]},
+    {"id-ecPublicKey", "id-ecPublicKey", NID_X9_62_id_ecPublicKey, 7, &so[2972]},
+    {"prime192v1", "prime192v1", NID_X9_62_prime192v1, 8, &so[2979]},
+    {"prime192v2", "prime192v2", NID_X9_62_prime192v2, 8, &so[2987]},
+    {"prime192v3", "prime192v3", NID_X9_62_prime192v3, 8, &so[2995]},
+    {"prime239v1", "prime239v1", NID_X9_62_prime239v1, 8, &so[3003]},
+    {"prime239v2", "prime239v2", NID_X9_62_prime239v2, 8, &so[3011]},
+    {"prime239v3", "prime239v3", NID_X9_62_prime239v3, 8, &so[3019]},
+    {"prime256v1", "prime256v1", NID_X9_62_prime256v1, 8, &so[3027]},
+    {"ecdsa-with-SHA1", "ecdsa-with-SHA1", NID_ecdsa_with_SHA1, 7, &so[3035]},
+    {"CSPName", "Microsoft CSP Name", NID_ms_csp_name, 9, &so[3042]},
+    {"AES-128-ECB", "aes-128-ecb", NID_aes_128_ecb, 9, &so[3051]},
+    {"AES-128-CBC", "aes-128-cbc", NID_aes_128_cbc, 9, &so[3060]},
+    {"AES-128-OFB", "aes-128-ofb", NID_aes_128_ofb128, 9, &so[3069]},
+    {"AES-128-CFB", "aes-128-cfb", NID_aes_128_cfb128, 9, &so[3078]},
+    {"AES-192-ECB", "aes-192-ecb", NID_aes_192_ecb, 9, &so[3087]},
+    {"AES-192-CBC", "aes-192-cbc", NID_aes_192_cbc, 9, &so[3096]},
+    {"AES-192-OFB", "aes-192-ofb", NID_aes_192_ofb128, 9, &so[3105]},
+    {"AES-192-CFB", "aes-192-cfb", NID_aes_192_cfb128, 9, &so[3114]},
+    {"AES-256-ECB", "aes-256-ecb", NID_aes_256_ecb, 9, &so[3123]},
+    {"AES-256-CBC", "aes-256-cbc", NID_aes_256_cbc, 9, &so[3132]},
+    {"AES-256-OFB", "aes-256-ofb", NID_aes_256_ofb128, 9, &so[3141]},
+    {"AES-256-CFB", "aes-256-cfb", NID_aes_256_cfb128, 9, &so[3150]},
+    {"holdInstructionCode", "Hold Instruction Code", NID_hold_instruction_code, 3, &so[3159]},
+    {"holdInstructionNone", "Hold Instruction None", NID_hold_instruction_none, 7, &so[3162]},
+    {"holdInstructionCallIssuer", "Hold Instruction Call Issuer", NID_hold_instruction_call_issuer, 7, &so[3169]},
+    {"holdInstructionReject", "Hold Instruction Reject", NID_hold_instruction_reject, 7, &so[3176]},
+    {"data", "data", NID_data, 1, &so[3183]},
+    {"pss", "pss", NID_pss, 3, &so[3184]},
+    {"ucl", "ucl", NID_ucl, 7, &so[3187]},
+    {"pilot", "pilot", NID_pilot, 8, &so[3194]},
+    {"pilotAttributeType", "pilotAttributeType", NID_pilotAttributeType, 9, &so[3202]},
+    {"pilotAttributeSyntax", "pilotAttributeSyntax", NID_pilotAttributeSyntax, 9, &so[3211]},
+    {"pilotObjectClass", "pilotObjectClass", NID_pilotObjectClass, 9, &so[3220]},
+    {"pilotGroups", "pilotGroups", NID_pilotGroups, 9, &so[3229]},
+    {"iA5StringSyntax", "iA5StringSyntax", NID_iA5StringSyntax, 10, &so[3238]},
+    {"caseIgnoreIA5StringSyntax", "caseIgnoreIA5StringSyntax", NID_caseIgnoreIA5StringSyntax, 10, &so[3248]},
+    {"pilotObject", "pilotObject", NID_pilotObject, 10, &so[3258]},
+    {"pilotPerson", "pilotPerson", NID_pilotPerson, 10, &so[3268]},
+    {"account", "account", NID_account, 10, &so[3278]},
+    {"document", "document", NID_document, 10, &so[3288]},
+    {"room", "room", NID_room, 10, &so[3298]},
+    {"documentSeries", "documentSeries", NID_documentSeries, 10, &so[3308]},
+    {"rFC822localPart", "rFC822localPart", NID_rFC822localPart, 10, &so[3318]},
+    {"dNSDomain", "dNSDomain", NID_dNSDomain, 10, &so[3328]},
+    {"domainRelatedObject", "domainRelatedObject", NID_domainRelatedObject, 10, &so[3338]},
+    {"friendlyCountry", "friendlyCountry", NID_friendlyCountry, 10, &so[3348]},
+    {"simpleSecurityObject", "simpleSecurityObject", NID_simpleSecurityObject, 10, &so[3358]},
+    {"pilotOrganization", "pilotOrganization", NID_pilotOrganization, 10, &so[3368]},
+    {"pilotDSA", "pilotDSA", NID_pilotDSA, 10, &so[3378]},
+    {"qualityLabelledData", "qualityLabelledData", NID_qualityLabelledData, 10, &so[3388]},
+    {"UID", "userId", NID_userId, 10, &so[3398]},
+    {"textEncodedORAddress", "textEncodedORAddress", NID_textEncodedORAddress, 10, &so[3408]},
+    {"mail", "rfc822Mailbox", NID_rfc822Mailbox, 10, &so[3418]},
+    {"info", "info", NID_info, 10, &so[3428]},
+    {"favouriteDrink", "favouriteDrink", NID_favouriteDrink, 10, &so[3438]},
+    {"roomNumber", "roomNumber", NID_roomNumber, 10, &so[3448]},
+    {"photo", "photo", NID_photo, 10, &so[3458]},
+    {"userClass", "userClass", NID_userClass, 10, &so[3468]},
+    {"host", "host", NID_host, 10, &so[3478]},
+    {"manager", "manager", NID_manager, 10, &so[3488]},
+    {"documentIdentifier", "documentIdentifier", NID_documentIdentifier, 10, &so[3498]},
+    {"documentTitle", "documentTitle", NID_documentTitle, 10, &so[3508]},
+    {"documentVersion", "documentVersion", NID_documentVersion, 10, &so[3518]},
+    {"documentAuthor", "documentAuthor", NID_documentAuthor, 10, &so[3528]},
+    {"documentLocation", "documentLocation", NID_documentLocation, 10, &so[3538]},
+    {"homeTelephoneNumber", "homeTelephoneNumber", NID_homeTelephoneNumber, 10, &so[3548]},
+    {"secretary", "secretary", NID_secretary, 10, &so[3558]},
+    {"otherMailbox", "otherMailbox", NID_otherMailbox, 10, &so[3568]},
+    {"lastModifiedTime", "lastModifiedTime", NID_lastModifiedTime, 10, &so[3578]},
+    {"lastModifiedBy", "lastModifiedBy", NID_lastModifiedBy, 10, &so[3588]},
+    {"aRecord", "aRecord", NID_aRecord, 10, &so[3598]},
+    {"pilotAttributeType27", "pilotAttributeType27", NID_pilotAttributeType27, 10, &so[3608]},
+    {"mXRecord", "mXRecord", NID_mXRecord, 10, &so[3618]},
+    {"nSRecord", "nSRecord", NID_nSRecord, 10, &so[3628]},
+    {"sOARecord", "sOARecord", NID_sOARecord, 10, &so[3638]},
+    {"cNAMERecord", "cNAMERecord", NID_cNAMERecord, 10, &so[3648]},
+    {"associatedDomain", "associatedDomain", NID_associatedDomain, 10, &so[3658]},
+    {"associatedName", "associatedName", NID_associatedName, 10, &so[3668]},
+    {"homePostalAddress", "homePostalAddress", NID_homePostalAddress, 10, &so[3678]},
+    {"personalTitle", "personalTitle", NID_personalTitle, 10, &so[3688]},
+    {"mobileTelephoneNumber", "mobileTelephoneNumber", NID_mobileTelephoneNumber, 10, &so[3698]},
+    {"pagerTelephoneNumber", "pagerTelephoneNumber", NID_pagerTelephoneNumber, 10, &so[3708]},
+    {"friendlyCountryName", "friendlyCountryName", NID_friendlyCountryName, 10, &so[3718]},
+    {"organizationalStatus", "organizationalStatus", NID_organizationalStatus, 10, &so[3728]},
+    {"janetMailbox", "janetMailbox", NID_janetMailbox, 10, &so[3738]},
+    {"mailPreferenceOption", "mailPreferenceOption", NID_mailPreferenceOption, 10, &so[3748]},
+    {"buildingName", "buildingName", NID_buildingName, 10, &so[3758]},
+    {"dSAQuality", "dSAQuality", NID_dSAQuality, 10, &so[3768]},
+    {"singleLevelQuality", "singleLevelQuality", NID_singleLevelQuality, 10, &so[3778]},
+    {"subtreeMinimumQuality", "subtreeMinimumQuality", NID_subtreeMinimumQuality, 10, &so[3788]},
+    {"subtreeMaximumQuality", "subtreeMaximumQuality", NID_subtreeMaximumQuality, 10, &so[3798]},
+    {"personalSignature", "personalSignature", NID_personalSignature, 10, &so[3808]},
+    {"dITRedirect", "dITRedirect", NID_dITRedirect, 10, &so[3818]},
+    {"audio", "audio", NID_audio, 10, &so[3828]},
+    {"documentPublisher", "documentPublisher", NID_documentPublisher, 10, &so[3838]},
+    {"x500UniqueIdentifier", "x500UniqueIdentifier", NID_x500UniqueIdentifier, 3, &so[3848]},
+    {"mime-mhs", "MIME MHS", NID_mime_mhs, 5, &so[3851]},
+    {"mime-mhs-headings", "mime-mhs-headings", NID_mime_mhs_headings, 6, &so[3856]},
+    {"mime-mhs-bodies", "mime-mhs-bodies", NID_mime_mhs_bodies, 6, &so[3862]},
+    {"id-hex-partial-message", "id-hex-partial-message", NID_id_hex_partial_message, 7, &so[3868]},
+    {"id-hex-multipart-message", "id-hex-multipart-message", NID_id_hex_multipart_message, 7, &so[3875]},
+    {"generationQualifier", "generationQualifier", NID_generationQualifier, 3, &so[3882]},
+    {"pseudonym", "pseudonym", NID_pseudonym, 3, &so[3885]},
+    { NULL, NULL, NID_undef },
+    {"id-set", "Secure Electronic Transactions", NID_id_set, 2, &so[3888]},
+    {"set-ctype", "content types", NID_set_ctype, 3, &so[3890]},
+    {"set-msgExt", "message extensions", NID_set_msgExt, 3, &so[3893]},
+    {"set-attr", "set-attr", NID_set_attr, 3, &so[3896]},
+    {"set-policy", "set-policy", NID_set_policy, 3, &so[3899]},
+    {"set-certExt", "certificate extensions", NID_set_certExt, 3, &so[3902]},
+    {"set-brand", "set-brand", NID_set_brand, 3, &so[3905]},
+    {"setct-PANData", "setct-PANData", NID_setct_PANData, 4, &so[3908]},
+    {"setct-PANToken", "setct-PANToken", NID_setct_PANToken, 4, &so[3912]},
+    {"setct-PANOnly", "setct-PANOnly", NID_setct_PANOnly, 4, &so[3916]},
+    {"setct-OIData", "setct-OIData", NID_setct_OIData, 4, &so[3920]},
+    {"setct-PI", "setct-PI", NID_setct_PI, 4, &so[3924]},
+    {"setct-PIData", "setct-PIData", NID_setct_PIData, 4, &so[3928]},
+    {"setct-PIDataUnsigned", "setct-PIDataUnsigned", NID_setct_PIDataUnsigned, 4, &so[3932]},
+    {"setct-HODInput", "setct-HODInput", NID_setct_HODInput, 4, &so[3936]},
+    {"setct-AuthResBaggage", "setct-AuthResBaggage", NID_setct_AuthResBaggage, 4, &so[3940]},
+    {"setct-AuthRevReqBaggage", "setct-AuthRevReqBaggage", NID_setct_AuthRevReqBaggage, 4, &so[3944]},
+    {"setct-AuthRevResBaggage", "setct-AuthRevResBaggage", NID_setct_AuthRevResBaggage, 4, &so[3948]},
+    {"setct-CapTokenSeq", "setct-CapTokenSeq", NID_setct_CapTokenSeq, 4, &so[3952]},
+    {"setct-PInitResData", "setct-PInitResData", NID_setct_PInitResData, 4, &so[3956]},
+    {"setct-PI-TBS", "setct-PI-TBS", NID_setct_PI_TBS, 4, &so[3960]},
+    {"setct-PResData", "setct-PResData", NID_setct_PResData, 4, &so[3964]},
+    {"setct-AuthReqTBS", "setct-AuthReqTBS", NID_setct_AuthReqTBS, 4, &so[3968]},
+    {"setct-AuthResTBS", "setct-AuthResTBS", NID_setct_AuthResTBS, 4, &so[3972]},
+    {"setct-AuthResTBSX", "setct-AuthResTBSX", NID_setct_AuthResTBSX, 4, &so[3976]},
+    {"setct-AuthTokenTBS", "setct-AuthTokenTBS", NID_setct_AuthTokenTBS, 4, &so[3980]},
+    {"setct-CapTokenData", "setct-CapTokenData", NID_setct_CapTokenData, 4, &so[3984]},
+    {"setct-CapTokenTBS", "setct-CapTokenTBS", NID_setct_CapTokenTBS, 4, &so[3988]},
+    {"setct-AcqCardCodeMsg", "setct-AcqCardCodeMsg", NID_setct_AcqCardCodeMsg, 4, &so[3992]},
+    {"setct-AuthRevReqTBS", "setct-AuthRevReqTBS", NID_setct_AuthRevReqTBS, 4, &so[3996]},
+    {"setct-AuthRevResData", "setct-AuthRevResData", NID_setct_AuthRevResData, 4, &so[4000]},
+    {"setct-AuthRevResTBS", "setct-AuthRevResTBS", NID_setct_AuthRevResTBS, 4, &so[4004]},
+    {"setct-CapReqTBS", "setct-CapReqTBS", NID_setct_CapReqTBS, 4, &so[4008]},
+    {"setct-CapReqTBSX", "setct-CapReqTBSX", NID_setct_CapReqTBSX, 4, &so[4012]},
+    {"setct-CapResData", "setct-CapResData", NID_setct_CapResData, 4, &so[4016]},
+    {"setct-CapRevReqTBS", "setct-CapRevReqTBS", NID_setct_CapRevReqTBS, 4, &so[4020]},
+    {"setct-CapRevReqTBSX", "setct-CapRevReqTBSX", NID_setct_CapRevReqTBSX, 4, &so[4024]},
+    {"setct-CapRevResData", "setct-CapRevResData", NID_setct_CapRevResData, 4, &so[4028]},
+    {"setct-CredReqTBS", "setct-CredReqTBS", NID_setct_CredReqTBS, 4, &so[4032]},
+    {"setct-CredReqTBSX", "setct-CredReqTBSX", NID_setct_CredReqTBSX, 4, &so[4036]},
+    {"setct-CredResData", "setct-CredResData", NID_setct_CredResData, 4, &so[4040]},
+    {"setct-CredRevReqTBS", "setct-CredRevReqTBS", NID_setct_CredRevReqTBS, 4, &so[4044]},
+    {"setct-CredRevReqTBSX", "setct-CredRevReqTBSX", NID_setct_CredRevReqTBSX, 4, &so[4048]},
+    {"setct-CredRevResData", "setct-CredRevResData", NID_setct_CredRevResData, 4, &so[4052]},
+    {"setct-PCertReqData", "setct-PCertReqData", NID_setct_PCertReqData, 4, &so[4056]},
+    {"setct-PCertResTBS", "setct-PCertResTBS", NID_setct_PCertResTBS, 4, &so[4060]},
+    {"setct-BatchAdminReqData", "setct-BatchAdminReqData", NID_setct_BatchAdminReqData, 4, &so[4064]},
+    {"setct-BatchAdminResData", "setct-BatchAdminResData", NID_setct_BatchAdminResData, 4, &so[4068]},
+    {"setct-CardCInitResTBS", "setct-CardCInitResTBS", NID_setct_CardCInitResTBS, 4, &so[4072]},
+    {"setct-MeAqCInitResTBS", "setct-MeAqCInitResTBS", NID_setct_MeAqCInitResTBS, 4, &so[4076]},
+    {"setct-RegFormResTBS", "setct-RegFormResTBS", NID_setct_RegFormResTBS, 4, &so[4080]},
+    {"setct-CertReqData", "setct-CertReqData", NID_setct_CertReqData, 4, &so[4084]},
+    {"setct-CertReqTBS", "setct-CertReqTBS", NID_setct_CertReqTBS, 4, &so[4088]},
+    {"setct-CertResData", "setct-CertResData", NID_setct_CertResData, 4, &so[4092]},
+    {"setct-CertInqReqTBS", "setct-CertInqReqTBS", NID_setct_CertInqReqTBS, 4, &so[4096]},
+    {"setct-ErrorTBS", "setct-ErrorTBS", NID_setct_ErrorTBS, 4, &so[4100]},
+    {"setct-PIDualSignedTBE", "setct-PIDualSignedTBE", NID_setct_PIDualSignedTBE, 4, &so[4104]},
+    {"setct-PIUnsignedTBE", "setct-PIUnsignedTBE", NID_setct_PIUnsignedTBE, 4, &so[4108]},
+    {"setct-AuthReqTBE", "setct-AuthReqTBE", NID_setct_AuthReqTBE, 4, &so[4112]},
+    {"setct-AuthResTBE", "setct-AuthResTBE", NID_setct_AuthResTBE, 4, &so[4116]},
+    {"setct-AuthResTBEX", "setct-AuthResTBEX", NID_setct_AuthResTBEX, 4, &so[4120]},
+    {"setct-AuthTokenTBE", "setct-AuthTokenTBE", NID_setct_AuthTokenTBE, 4, &so[4124]},
+    {"setct-CapTokenTBE", "setct-CapTokenTBE", NID_setct_CapTokenTBE, 4, &so[4128]},
+    {"setct-CapTokenTBEX", "setct-CapTokenTBEX", NID_setct_CapTokenTBEX, 4, &so[4132]},
+    {"setct-AcqCardCodeMsgTBE", "setct-AcqCardCodeMsgTBE", NID_setct_AcqCardCodeMsgTBE, 4, &so[4136]},
+    {"setct-AuthRevReqTBE", "setct-AuthRevReqTBE", NID_setct_AuthRevReqTBE, 4, &so[4140]},
+    {"setct-AuthRevResTBE", "setct-AuthRevResTBE", NID_setct_AuthRevResTBE, 4, &so[4144]},
+    {"setct-AuthRevResTBEB", "setct-AuthRevResTBEB", NID_setct_AuthRevResTBEB, 4, &so[4148]},
+    {"setct-CapReqTBE", "setct-CapReqTBE", NID_setct_CapReqTBE, 4, &so[4152]},
+    {"setct-CapReqTBEX", "setct-CapReqTBEX", NID_setct_CapReqTBEX, 4, &so[4156]},
+    {"setct-CapResTBE", "setct-CapResTBE", NID_setct_CapResTBE, 4, &so[4160]},
+    {"setct-CapRevReqTBE", "setct-CapRevReqTBE", NID_setct_CapRevReqTBE, 4, &so[4164]},
+    {"setct-CapRevReqTBEX", "setct-CapRevReqTBEX", NID_setct_CapRevReqTBEX, 4, &so[4168]},
+    {"setct-CapRevResTBE", "setct-CapRevResTBE", NID_setct_CapRevResTBE, 4, &so[4172]},
+    {"setct-CredReqTBE", "setct-CredReqTBE", NID_setct_CredReqTBE, 4, &so[4176]},
+    {"setct-CredReqTBEX", "setct-CredReqTBEX", NID_setct_CredReqTBEX, 4, &so[4180]},
+    {"setct-CredResTBE", "setct-CredResTBE", NID_setct_CredResTBE, 4, &so[4184]},
+    {"setct-CredRevReqTBE", "setct-CredRevReqTBE", NID_setct_CredRevReqTBE, 4, &so[4188]},
+    {"setct-CredRevReqTBEX", "setct-CredRevReqTBEX", NID_setct_CredRevReqTBEX, 4, &so[4192]},
+    {"setct-CredRevResTBE", "setct-CredRevResTBE", NID_setct_CredRevResTBE, 4, &so[4196]},
+    {"setct-BatchAdminReqTBE", "setct-BatchAdminReqTBE", NID_setct_BatchAdminReqTBE, 4, &so[4200]},
+    {"setct-BatchAdminResTBE", "setct-BatchAdminResTBE", NID_setct_BatchAdminResTBE, 4, &so[4204]},
+    {"setct-RegFormReqTBE", "setct-RegFormReqTBE", NID_setct_RegFormReqTBE, 4, &so[4208]},
+    {"setct-CertReqTBE", "setct-CertReqTBE", NID_setct_CertReqTBE, 4, &so[4212]},
+    {"setct-CertReqTBEX", "setct-CertReqTBEX", NID_setct_CertReqTBEX, 4, &so[4216]},
+    {"setct-CertResTBE", "setct-CertResTBE", NID_setct_CertResTBE, 4, &so[4220]},
+    {"setct-CRLNotificationTBS", "setct-CRLNotificationTBS", NID_setct_CRLNotificationTBS, 4, &so[4224]},
+    {"setct-CRLNotificationResTBS", "setct-CRLNotificationResTBS", NID_setct_CRLNotificationResTBS, 4, &so[4228]},
+    {"setct-BCIDistributionTBS", "setct-BCIDistributionTBS", NID_setct_BCIDistributionTBS, 4, &so[4232]},
+    {"setext-genCrypt", "generic cryptogram", NID_setext_genCrypt, 4, &so[4236]},
+    {"setext-miAuth", "merchant initiated auth", NID_setext_miAuth, 4, &so[4240]},
+    {"setext-pinSecure", "setext-pinSecure", NID_setext_pinSecure, 4, &so[4244]},
+    {"setext-pinAny", "setext-pinAny", NID_setext_pinAny, 4, &so[4248]},
+    {"setext-track2", "setext-track2", NID_setext_track2, 4, &so[4252]},
+    {"setext-cv", "additional verification", NID_setext_cv, 4, &so[4256]},
+    {"set-policy-root", "set-policy-root", NID_set_policy_root, 4, &so[4260]},
+    {"setCext-hashedRoot", "setCext-hashedRoot", NID_setCext_hashedRoot, 4, &so[4264]},
+    {"setCext-certType", "setCext-certType", NID_setCext_certType, 4, &so[4268]},
+    {"setCext-merchData", "setCext-merchData", NID_setCext_merchData, 4, &so[4272]},
+    {"setCext-cCertRequired", "setCext-cCertRequired", NID_setCext_cCertRequired, 4, &so[4276]},
+    {"setCext-tunneling", "setCext-tunneling", NID_setCext_tunneling, 4, &so[4280]},
+    {"setCext-setExt", "setCext-setExt", NID_setCext_setExt, 4, &so[4284]},
+    {"setCext-setQualf", "setCext-setQualf", NID_setCext_setQualf, 4, &so[4288]},
+    {"setCext-PGWYcapabilities", "setCext-PGWYcapabilities", NID_setCext_PGWYcapabilities, 4, &so[4292]},
+    {"setCext-TokenIdentifier", "setCext-TokenIdentifier", NID_setCext_TokenIdentifier, 4, &so[4296]},
+    {"setCext-Track2Data", "setCext-Track2Data", NID_setCext_Track2Data, 4, &so[4300]},
+    {"setCext-TokenType", "setCext-TokenType", NID_setCext_TokenType, 4, &so[4304]},
+    {"setCext-IssuerCapabilities", "setCext-IssuerCapabilities", NID_setCext_IssuerCapabilities, 4, &so[4308]},
+    {"setAttr-Cert", "setAttr-Cert", NID_setAttr_Cert, 4, &so[4312]},
+    {"setAttr-PGWYcap", "payment gateway capabilities", NID_setAttr_PGWYcap, 4, &so[4316]},
+    {"setAttr-TokenType", "setAttr-TokenType", NID_setAttr_TokenType, 4, &so[4320]},
+    {"setAttr-IssCap", "issuer capabilities", NID_setAttr_IssCap, 4, &so[4324]},
+    {"set-rootKeyThumb", "set-rootKeyThumb", NID_set_rootKeyThumb, 5, &so[4328]},
+    {"set-addPolicy", "set-addPolicy", NID_set_addPolicy, 5, &so[4333]},
+    {"setAttr-Token-EMV", "setAttr-Token-EMV", NID_setAttr_Token_EMV, 5, &so[4338]},
+    {"setAttr-Token-B0Prime", "setAttr-Token-B0Prime", NID_setAttr_Token_B0Prime, 5, &so[4343]},
+    {"setAttr-IssCap-CVM", "setAttr-IssCap-CVM", NID_setAttr_IssCap_CVM, 5, &so[4348]},
+    {"setAttr-IssCap-T2", "setAttr-IssCap-T2", NID_setAttr_IssCap_T2, 5, &so[4353]},
+    {"setAttr-IssCap-Sig", "setAttr-IssCap-Sig", NID_setAttr_IssCap_Sig, 5, &so[4358]},
+    {"setAttr-GenCryptgrm", "generate cryptogram", NID_setAttr_GenCryptgrm, 6, &so[4363]},
+    {"setAttr-T2Enc", "encrypted track 2", NID_setAttr_T2Enc, 6, &so[4369]},
+    {"setAttr-T2cleartxt", "cleartext track 2", NID_setAttr_T2cleartxt, 6, &so[4375]},
+    {"setAttr-TokICCsig", "ICC or token signature", NID_setAttr_TokICCsig, 6, &so[4381]},
+    {"setAttr-SecDevSig", "secure device signature", NID_setAttr_SecDevSig, 6, &so[4387]},
+    {"set-brand-IATA-ATA", "set-brand-IATA-ATA", NID_set_brand_IATA_ATA, 4, &so[4393]},
+    {"set-brand-Diners", "set-brand-Diners", NID_set_brand_Diners, 4, &so[4397]},
+    {"set-brand-AmericanExpress", "set-brand-AmericanExpress", NID_set_brand_AmericanExpress, 4, &so[4401]},
+    {"set-brand-JCB", "set-brand-JCB", NID_set_brand_JCB, 4, &so[4405]},
+    {"set-brand-Visa", "set-brand-Visa", NID_set_brand_Visa, 4, &so[4409]},
+    {"set-brand-MasterCard", "set-brand-MasterCard", NID_set_brand_MasterCard, 4, &so[4413]},
+    {"set-brand-Novus", "set-brand-Novus", NID_set_brand_Novus, 5, &so[4417]},
+    {"DES-CDMF", "des-cdmf", NID_des_cdmf, 8, &so[4422]},
+    {"rsaOAEPEncryptionSET", "rsaOAEPEncryptionSET", NID_rsaOAEPEncryptionSET, 9, &so[4430]},
+    {"ITU-T", "itu-t", NID_itu_t},
+    {"JOINT-ISO-ITU-T", "joint-iso-itu-t", NID_joint_iso_itu_t},
+    {"international-organizations", "International Organizations", NID_international_organizations, 1, &so[4439]},
+    {"msSmartcardLogin", "Microsoft Smartcardlogin", NID_ms_smartcard_login, 10, &so[4440]},
+    {"msUPN", "Microsoft Universal Principal Name", NID_ms_upn, 10, &so[4450]},
+    {"AES-128-CFB1", "aes-128-cfb1", NID_aes_128_cfb1},
+    {"AES-192-CFB1", "aes-192-cfb1", NID_aes_192_cfb1},
+    {"AES-256-CFB1", "aes-256-cfb1", NID_aes_256_cfb1},
+    {"AES-128-CFB8", "aes-128-cfb8", NID_aes_128_cfb8},
+    {"AES-192-CFB8", "aes-192-cfb8", NID_aes_192_cfb8},
+    {"AES-256-CFB8", "aes-256-cfb8", NID_aes_256_cfb8},
+    {"DES-CFB1", "des-cfb1", NID_des_cfb1},
+    {"DES-CFB8", "des-cfb8", NID_des_cfb8},
+    {"DES-EDE3-CFB1", "des-ede3-cfb1", NID_des_ede3_cfb1},
+    {"DES-EDE3-CFB8", "des-ede3-cfb8", NID_des_ede3_cfb8},
+    {"street", "streetAddress", NID_streetAddress, 3, &so[4460]},
+    {"postalCode", "postalCode", NID_postalCode, 3, &so[4463]},
+    {"id-ppl", "id-ppl", NID_id_ppl, 7, &so[4466]},
+    {"proxyCertInfo", "Proxy Certificate Information", NID_proxyCertInfo, 8, &so[4473]},
+    {"id-ppl-anyLanguage", "Any language", NID_id_ppl_anyLanguage, 8, &so[4481]},
+    {"id-ppl-inheritAll", "Inherit all", NID_id_ppl_inheritAll, 8, &so[4489]},
+    {"nameConstraints", "X509v3 Name Constraints", NID_name_constraints, 3, &so[4497]},
+    {"id-ppl-independent", "Independent", NID_Independent, 8, &so[4500]},
+    {"RSA-SHA256", "sha256WithRSAEncryption", NID_sha256WithRSAEncryption, 9, &so[4508]},
+    {"RSA-SHA384", "sha384WithRSAEncryption", NID_sha384WithRSAEncryption, 9, &so[4517]},
+    {"RSA-SHA512", "sha512WithRSAEncryption", NID_sha512WithRSAEncryption, 9, &so[4526]},
+    {"RSA-SHA224", "sha224WithRSAEncryption", NID_sha224WithRSAEncryption, 9, &so[4535]},
+    {"SHA256", "sha256", NID_sha256, 9, &so[4544]},
+    {"SHA384", "sha384", NID_sha384, 9, &so[4553]},
+    {"SHA512", "sha512", NID_sha512, 9, &so[4562]},
+    {"SHA224", "sha224", NID_sha224, 9, &so[4571]},
+    {"identified-organization", "identified-organization", NID_identified_organization, 1, &so[4580]},
+    {"certicom-arc", "certicom-arc", NID_certicom_arc, 3, &so[4581]},
+    {"wap", "wap", NID_wap, 2, &so[4584]},
+    {"wap-wsg", "wap-wsg", NID_wap_wsg, 3, &so[4586]},
+    {"id-characteristic-two-basis", "id-characteristic-two-basis", NID_X9_62_id_characteristic_two_basis, 8, &so[4589]},
+    {"onBasis", "onBasis", NID_X9_62_onBasis, 9, &so[4597]},
+    {"tpBasis", "tpBasis", NID_X9_62_tpBasis, 9, &so[4606]},
+    {"ppBasis", "ppBasis", NID_X9_62_ppBasis, 9, &so[4615]},
+    {"c2pnb163v1", "c2pnb163v1", NID_X9_62_c2pnb163v1, 8, &so[4624]},
+    {"c2pnb163v2", "c2pnb163v2", NID_X9_62_c2pnb163v2, 8, &so[4632]},
+    {"c2pnb163v3", "c2pnb163v3", NID_X9_62_c2pnb163v3, 8, &so[4640]},
+    {"c2pnb176v1", "c2pnb176v1", NID_X9_62_c2pnb176v1, 8, &so[4648]},
+    {"c2tnb191v1", "c2tnb191v1", NID_X9_62_c2tnb191v1, 8, &so[4656]},
+    {"c2tnb191v2", "c2tnb191v2", NID_X9_62_c2tnb191v2, 8, &so[4664]},
+    {"c2tnb191v3", "c2tnb191v3", NID_X9_62_c2tnb191v3, 8, &so[4672]},
+    {"c2onb191v4", "c2onb191v4", NID_X9_62_c2onb191v4, 8, &so[4680]},
+    {"c2onb191v5", "c2onb191v5", NID_X9_62_c2onb191v5, 8, &so[4688]},
+    {"c2pnb208w1", "c2pnb208w1", NID_X9_62_c2pnb208w1, 8, &so[4696]},
+    {"c2tnb239v1", "c2tnb239v1", NID_X9_62_c2tnb239v1, 8, &so[4704]},
+    {"c2tnb239v2", "c2tnb239v2", NID_X9_62_c2tnb239v2, 8, &so[4712]},
+    {"c2tnb239v3", "c2tnb239v3", NID_X9_62_c2tnb239v3, 8, &so[4720]},
+    {"c2onb239v4", "c2onb239v4", NID_X9_62_c2onb239v4, 8, &so[4728]},
+    {"c2onb239v5", "c2onb239v5", NID_X9_62_c2onb239v5, 8, &so[4736]},
+    {"c2pnb272w1", "c2pnb272w1", NID_X9_62_c2pnb272w1, 8, &so[4744]},
+    {"c2pnb304w1", "c2pnb304w1", NID_X9_62_c2pnb304w1, 8, &so[4752]},
+    {"c2tnb359v1", "c2tnb359v1", NID_X9_62_c2tnb359v1, 8, &so[4760]},
+    {"c2pnb368w1", "c2pnb368w1", NID_X9_62_c2pnb368w1, 8, &so[4768]},
+    {"c2tnb431r1", "c2tnb431r1", NID_X9_62_c2tnb431r1, 8, &so[4776]},
+    {"secp112r1", "secp112r1", NID_secp112r1, 5, &so[4784]},
+    {"secp112r2", "secp112r2", NID_secp112r2, 5, &so[4789]},
+    {"secp128r1", "secp128r1", NID_secp128r1, 5, &so[4794]},
+    {"secp128r2", "secp128r2", NID_secp128r2, 5, &so[4799]},
+    {"secp160k1", "secp160k1", NID_secp160k1, 5, &so[4804]},
+    {"secp160r1", "secp160r1", NID_secp160r1, 5, &so[4809]},
+    {"secp160r2", "secp160r2", NID_secp160r2, 5, &so[4814]},
+    {"secp192k1", "secp192k1", NID_secp192k1, 5, &so[4819]},
+    {"secp224k1", "secp224k1", NID_secp224k1, 5, &so[4824]},
+    {"secp224r1", "secp224r1", NID_secp224r1, 5, &so[4829]},
+    {"secp256k1", "secp256k1", NID_secp256k1, 5, &so[4834]},
+    {"secp384r1", "secp384r1", NID_secp384r1, 5, &so[4839]},
+    {"secp521r1", "secp521r1", NID_secp521r1, 5, &so[4844]},
+    {"sect113r1", "sect113r1", NID_sect113r1, 5, &so[4849]},
+    {"sect113r2", "sect113r2", NID_sect113r2, 5, &so[4854]},
+    {"sect131r1", "sect131r1", NID_sect131r1, 5, &so[4859]},
+    {"sect131r2", "sect131r2", NID_sect131r2, 5, &so[4864]},
+    {"sect163k1", "sect163k1", NID_sect163k1, 5, &so[4869]},
+    {"sect163r1", "sect163r1", NID_sect163r1, 5, &so[4874]},
+    {"sect163r2", "sect163r2", NID_sect163r2, 5, &so[4879]},
+    {"sect193r1", "sect193r1", NID_sect193r1, 5, &so[4884]},
+    {"sect193r2", "sect193r2", NID_sect193r2, 5, &so[4889]},
+    {"sect233k1", "sect233k1", NID_sect233k1, 5, &so[4894]},
+    {"sect233r1", "sect233r1", NID_sect233r1, 5, &so[4899]},
+    {"sect239k1", "sect239k1", NID_sect239k1, 5, &so[4904]},
+    {"sect283k1", "sect283k1", NID_sect283k1, 5, &so[4909]},
+    {"sect283r1", "sect283r1", NID_sect283r1, 5, &so[4914]},
+    {"sect409k1", "sect409k1", NID_sect409k1, 5, &so[4919]},
+    {"sect409r1", "sect409r1", NID_sect409r1, 5, &so[4924]},
+    {"sect571k1", "sect571k1", NID_sect571k1, 5, &so[4929]},
+    {"sect571r1", "sect571r1", NID_sect571r1, 5, &so[4934]},
+    {"wap-wsg-idm-ecid-wtls1", "wap-wsg-idm-ecid-wtls1", NID_wap_wsg_idm_ecid_wtls1, 5, &so[4939]},
+    {"wap-wsg-idm-ecid-wtls3", "wap-wsg-idm-ecid-wtls3", NID_wap_wsg_idm_ecid_wtls3, 5, &so[4944]},
+    {"wap-wsg-idm-ecid-wtls4", "wap-wsg-idm-ecid-wtls4", NID_wap_wsg_idm_ecid_wtls4, 5, &so[4949]},
+    {"wap-wsg-idm-ecid-wtls5", "wap-wsg-idm-ecid-wtls5", NID_wap_wsg_idm_ecid_wtls5, 5, &so[4954]},
+    {"wap-wsg-idm-ecid-wtls6", "wap-wsg-idm-ecid-wtls6", NID_wap_wsg_idm_ecid_wtls6, 5, &so[4959]},
+    {"wap-wsg-idm-ecid-wtls7", "wap-wsg-idm-ecid-wtls7", NID_wap_wsg_idm_ecid_wtls7, 5, &so[4964]},
+    {"wap-wsg-idm-ecid-wtls8", "wap-wsg-idm-ecid-wtls8", NID_wap_wsg_idm_ecid_wtls8, 5, &so[4969]},
+    {"wap-wsg-idm-ecid-wtls9", "wap-wsg-idm-ecid-wtls9", NID_wap_wsg_idm_ecid_wtls9, 5, &so[4974]},
+    {"wap-wsg-idm-ecid-wtls10", "wap-wsg-idm-ecid-wtls10", NID_wap_wsg_idm_ecid_wtls10, 5, &so[4979]},
+    {"wap-wsg-idm-ecid-wtls11", "wap-wsg-idm-ecid-wtls11", NID_wap_wsg_idm_ecid_wtls11, 5, &so[4984]},
+    {"wap-wsg-idm-ecid-wtls12", "wap-wsg-idm-ecid-wtls12", NID_wap_wsg_idm_ecid_wtls12, 5, &so[4989]},
+    {"anyPolicy", "X509v3 Any Policy", NID_any_policy, 4, &so[4994]},
+    {"policyMappings", "X509v3 Policy Mappings", NID_policy_mappings, 3, &so[4998]},
+    {"inhibitAnyPolicy", "X509v3 Inhibit Any Policy", NID_inhibit_any_policy, 3, &so[5001]},
+    {"Oakley-EC2N-3", "ipsec3", NID_ipsec3},
+    {"Oakley-EC2N-4", "ipsec4", NID_ipsec4},
+    {"CAMELLIA-128-CBC", "camellia-128-cbc", NID_camellia_128_cbc, 11, &so[5004]},
+    {"CAMELLIA-192-CBC", "camellia-192-cbc", NID_camellia_192_cbc, 11, &so[5015]},
+    {"CAMELLIA-256-CBC", "camellia-256-cbc", NID_camellia_256_cbc, 11, &so[5026]},
+    {"CAMELLIA-128-ECB", "camellia-128-ecb", NID_camellia_128_ecb, 8, &so[5037]},
+    {"CAMELLIA-192-ECB", "camellia-192-ecb", NID_camellia_192_ecb, 8, &so[5045]},
+    {"CAMELLIA-256-ECB", "camellia-256-ecb", NID_camellia_256_ecb, 8, &so[5053]},
+    {"CAMELLIA-128-CFB", "camellia-128-cfb", NID_camellia_128_cfb128, 8, &so[5061]},
+    {"CAMELLIA-192-CFB", "camellia-192-cfb", NID_camellia_192_cfb128, 8, &so[5069]},
+    {"CAMELLIA-256-CFB", "camellia-256-cfb", NID_camellia_256_cfb128, 8, &so[5077]},
+    {"CAMELLIA-128-CFB1", "camellia-128-cfb1", NID_camellia_128_cfb1},
+    {"CAMELLIA-192-CFB1", "camellia-192-cfb1", NID_camellia_192_cfb1},
+    {"CAMELLIA-256-CFB1", "camellia-256-cfb1", NID_camellia_256_cfb1},
+    {"CAMELLIA-128-CFB8", "camellia-128-cfb8", NID_camellia_128_cfb8},
+    {"CAMELLIA-192-CFB8", "camellia-192-cfb8", NID_camellia_192_cfb8},
+    {"CAMELLIA-256-CFB8", "camellia-256-cfb8", NID_camellia_256_cfb8},
+    {"CAMELLIA-128-OFB", "camellia-128-ofb", NID_camellia_128_ofb128, 8, &so[5085]},
+    {"CAMELLIA-192-OFB", "camellia-192-ofb", NID_camellia_192_ofb128, 8, &so[5093]},
+    {"CAMELLIA-256-OFB", "camellia-256-ofb", NID_camellia_256_ofb128, 8, &so[5101]},
+    {"subjectDirectoryAttributes", "X509v3 Subject Directory Attributes", NID_subject_directory_attributes, 3, &so[5109]},
+    {"issuingDistributionPoint", "X509v3 Issuing Distribution Point", NID_issuing_distribution_point, 3, &so[5112]},
+    {"certificateIssuer", "X509v3 Certificate Issuer", NID_certificate_issuer, 3, &so[5115]},
+    { NULL, NULL, NID_undef },
+    {"KISA", "kisa", NID_kisa, 6, &so[5118]},
+    { NULL, NULL, NID_undef },
+    { NULL, NULL, NID_undef },
+    {"SEED-ECB", "seed-ecb", NID_seed_ecb, 8, &so[5124]},
+    {"SEED-CBC", "seed-cbc", NID_seed_cbc, 8, &so[5132]},
+    {"SEED-OFB", "seed-ofb", NID_seed_ofb128, 8, &so[5140]},
+    {"SEED-CFB", "seed-cfb", NID_seed_cfb128, 8, &so[5148]},
+    {"HMAC-MD5", "hmac-md5", NID_hmac_md5, 8, &so[5156]},
+    {"HMAC-SHA1", "hmac-sha1", NID_hmac_sha1, 8, &so[5164]},
+    {"id-PasswordBasedMAC", "password based MAC", NID_id_PasswordBasedMAC, 9, &so[5172]},
+    {"id-DHBasedMac", "Diffie-Hellman based MAC", NID_id_DHBasedMac, 9, &so[5181]},
+    {"id-it-suppLangTags", "id-it-suppLangTags", NID_id_it_suppLangTags, 8, &so[5190]},
+    {"caRepository", "CA Repository", NID_caRepository, 8, &so[5198]},
+    {"id-smime-ct-compressedData", "id-smime-ct-compressedData", NID_id_smime_ct_compressedData, 11, &so[5206]},
+    {"id-ct-asciiTextWithCRLF", "id-ct-asciiTextWithCRLF", NID_id_ct_asciiTextWithCRLF, 11, &so[5217]},
+    {"id-aes128-wrap", "id-aes128-wrap", NID_id_aes128_wrap, 9, &so[5228]},
+    {"id-aes192-wrap", "id-aes192-wrap", NID_id_aes192_wrap, 9, &so[5237]},
+    {"id-aes256-wrap", "id-aes256-wrap", NID_id_aes256_wrap, 9, &so[5246]},
+    {"ecdsa-with-Recommended", "ecdsa-with-Recommended", NID_ecdsa_with_Recommended, 7, &so[5255]},
+    {"ecdsa-with-Specified", "ecdsa-with-Specified", NID_ecdsa_with_Specified, 7, &so[5262]},
+    {"ecdsa-with-SHA224", "ecdsa-with-SHA224", NID_ecdsa_with_SHA224, 8, &so[5269]},
+    {"ecdsa-with-SHA256", "ecdsa-with-SHA256", NID_ecdsa_with_SHA256, 8, &so[5277]},
+    {"ecdsa-with-SHA384", "ecdsa-with-SHA384", NID_ecdsa_with_SHA384, 8, &so[5285]},
+    {"ecdsa-with-SHA512", "ecdsa-with-SHA512", NID_ecdsa_with_SHA512, 8, &so[5293]},
+    {"hmacWithMD5", "hmacWithMD5", NID_hmacWithMD5, 8, &so[5301]},
+    {"hmacWithSHA224", "hmacWithSHA224", NID_hmacWithSHA224, 8, &so[5309]},
+    {"hmacWithSHA256", "hmacWithSHA256", NID_hmacWithSHA256, 8, &so[5317]},
+    {"hmacWithSHA384", "hmacWithSHA384", NID_hmacWithSHA384, 8, &so[5325]},
+    {"hmacWithSHA512", "hmacWithSHA512", NID_hmacWithSHA512, 8, &so[5333]},
+    {"dsa_with_SHA224", "dsa_with_SHA224", NID_dsa_with_SHA224, 9, &so[5341]},
+    {"dsa_with_SHA256", "dsa_with_SHA256", NID_dsa_with_SHA256, 9, &so[5350]},
+    {"whirlpool", "whirlpool", NID_whirlpool, 6, &so[5359]},
+    {"cryptopro", "cryptopro", NID_cryptopro, 5, &so[5365]},
+    {"cryptocom", "cryptocom", NID_cryptocom, 5, &so[5370]},
+    {"id-GostR3411-94-with-GostR3410-2001", "GOST R 34.11-94 with GOST R 34.10-2001", NID_id_GostR3411_94_with_GostR3410_2001, 6, &so[5375]},
+    {"id-GostR3411-94-with-GostR3410-94", "GOST R 34.11-94 with GOST R 34.10-94", NID_id_GostR3411_94_with_GostR3410_94, 6, &so[5381]},
+    {"md_gost94", "GOST R 34.11-94", NID_id_GostR3411_94, 6, &so[5387]},
+    {"id-HMACGostR3411-94", "HMAC GOST 34.11-94", NID_id_HMACGostR3411_94, 6, &so[5393]},
+    {"gost2001", "GOST R 34.10-2001", NID_id_GostR3410_2001, 6, &so[5399]},
+    {"gost94", "GOST R 34.10-94", NID_id_GostR3410_94, 6, &so[5405]},
+    {"gost89", "GOST 28147-89", NID_id_Gost28147_89, 6, &so[5411]},
+    {"gost89-cnt", "gost89-cnt", NID_gost89_cnt},
+    {"gost-mac", "GOST 28147-89 MAC", NID_id_Gost28147_89_MAC, 6, &so[5417]},
+    {"prf-gostr3411-94", "GOST R 34.11-94 PRF", NID_id_GostR3411_94_prf, 6, &so[5423]},
+    {"id-GostR3410-2001DH", "GOST R 34.10-2001 DH", NID_id_GostR3410_2001DH, 6, &so[5429]},
+    {"id-GostR3410-94DH", "GOST R 34.10-94 DH", NID_id_GostR3410_94DH, 6, &so[5435]},
+    {"id-Gost28147-89-CryptoPro-KeyMeshing", "id-Gost28147-89-CryptoPro-KeyMeshing", NID_id_Gost28147_89_CryptoPro_KeyMeshing, 7, &so[5441]},
+    {"id-Gost28147-89-None-KeyMeshing", "id-Gost28147-89-None-KeyMeshing", NID_id_Gost28147_89_None_KeyMeshing, 7, &so[5448]},
+    {"id-GostR3411-94-TestParamSet", "id-GostR3411-94-TestParamSet", NID_id_GostR3411_94_TestParamSet, 7, &so[5455]},
+    {"id-GostR3411-94-CryptoProParamSet", "id-GostR3411-94-CryptoProParamSet", NID_id_GostR3411_94_CryptoProParamSet, 7, &so[5462]},
+    {"id-Gost28147-89-TestParamSet", "id-Gost28147-89-TestParamSet", NID_id_Gost28147_89_TestParamSet, 7, &so[5469]},
+    {"id-Gost28147-89-CryptoPro-A-ParamSet", "id-Gost28147-89-CryptoPro-A-ParamSet", NID_id_Gost28147_89_CryptoPro_A_ParamSet, 7, &so[5476]},
+    {"id-Gost28147-89-CryptoPro-B-ParamSet", "id-Gost28147-89-CryptoPro-B-ParamSet", NID_id_Gost28147_89_CryptoPro_B_ParamSet, 7, &so[5483]},
+    {"id-Gost28147-89-CryptoPro-C-ParamSet", "id-Gost28147-89-CryptoPro-C-ParamSet", NID_id_Gost28147_89_CryptoPro_C_ParamSet, 7, &so[5490]},
+    {"id-Gost28147-89-CryptoPro-D-ParamSet", "id-Gost28147-89-CryptoPro-D-ParamSet", NID_id_Gost28147_89_CryptoPro_D_ParamSet, 7, &so[5497]},
+    {"id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet", "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet", NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet, 7, &so[5504]},
+    {"id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet", "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet", NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet, 7, &so[5511]},
+    {"id-Gost28147-89-CryptoPro-RIC-1-ParamSet", "id-Gost28147-89-CryptoPro-RIC-1-ParamSet", NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet, 7, &so[5518]},
+    {"id-GostR3410-94-TestParamSet", "id-GostR3410-94-TestParamSet", NID_id_GostR3410_94_TestParamSet, 7, &so[5525]},
+    {"id-GostR3410-94-CryptoPro-A-ParamSet", "id-GostR3410-94-CryptoPro-A-ParamSet", NID_id_GostR3410_94_CryptoPro_A_ParamSet, 7, &so[5532]},
+    {"id-GostR3410-94-CryptoPro-B-ParamSet", "id-GostR3410-94-CryptoPro-B-ParamSet", NID_id_GostR3410_94_CryptoPro_B_ParamSet, 7, &so[5539]},
+    {"id-GostR3410-94-CryptoPro-C-ParamSet", "id-GostR3410-94-CryptoPro-C-ParamSet", NID_id_GostR3410_94_CryptoPro_C_ParamSet, 7, &so[5546]},
+    {"id-GostR3410-94-CryptoPro-D-ParamSet", "id-GostR3410-94-CryptoPro-D-ParamSet", NID_id_GostR3410_94_CryptoPro_D_ParamSet, 7, &so[5553]},
+    {"id-GostR3410-94-CryptoPro-XchA-ParamSet", "id-GostR3410-94-CryptoPro-XchA-ParamSet", NID_id_GostR3410_94_CryptoPro_XchA_ParamSet, 7, &so[5560]},
+    {"id-GostR3410-94-CryptoPro-XchB-ParamSet", "id-GostR3410-94-CryptoPro-XchB-ParamSet", NID_id_GostR3410_94_CryptoPro_XchB_ParamSet, 7, &so[5567]},
+    {"id-GostR3410-94-CryptoPro-XchC-ParamSet", "id-GostR3410-94-CryptoPro-XchC-ParamSet", NID_id_GostR3410_94_CryptoPro_XchC_ParamSet, 7, &so[5574]},
+    {"id-GostR3410-2001-TestParamSet", "id-GostR3410-2001-TestParamSet", NID_id_GostR3410_2001_TestParamSet, 7, &so[5581]},
+    {"id-GostR3410-2001-CryptoPro-A-ParamSet", "id-GostR3410-2001-CryptoPro-A-ParamSet", NID_id_GostR3410_2001_CryptoPro_A_ParamSet, 7, &so[5588]},
+    {"id-GostR3410-2001-CryptoPro-B-ParamSet", "id-GostR3410-2001-CryptoPro-B-ParamSet", NID_id_GostR3410_2001_CryptoPro_B_ParamSet, 7, &so[5595]},
+    {"id-GostR3410-2001-CryptoPro-C-ParamSet", "id-GostR3410-2001-CryptoPro-C-ParamSet", NID_id_GostR3410_2001_CryptoPro_C_ParamSet, 7, &so[5602]},
+    {"id-GostR3410-2001-CryptoPro-XchA-ParamSet", "id-GostR3410-2001-CryptoPro-XchA-ParamSet", NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet, 7, &so[5609]},
+    {"id-GostR3410-2001-CryptoPro-XchB-ParamSet", "id-GostR3410-2001-CryptoPro-XchB-ParamSet", NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet, 7, &so[5616]},
+    {"id-GostR3410-94-a", "id-GostR3410-94-a", NID_id_GostR3410_94_a, 7, &so[5623]},
+    {"id-GostR3410-94-aBis", "id-GostR3410-94-aBis", NID_id_GostR3410_94_aBis, 7, &so[5630]},
+    {"id-GostR3410-94-b", "id-GostR3410-94-b", NID_id_GostR3410_94_b, 7, &so[5637]},
+    {"id-GostR3410-94-bBis", "id-GostR3410-94-bBis", NID_id_GostR3410_94_bBis, 7, &so[5644]},
+    {"id-Gost28147-89-cc", "GOST 28147-89 Cryptocom ParamSet", NID_id_Gost28147_89_cc, 8, &so[5651]},
+    {"gost94cc", "GOST 34.10-94 Cryptocom", NID_id_GostR3410_94_cc, 8, &so[5659]},
+    {"gost2001cc", "GOST 34.10-2001 Cryptocom", NID_id_GostR3410_2001_cc, 8, &so[5667]},
+    {"id-GostR3411-94-with-GostR3410-94-cc", "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom", NID_id_GostR3411_94_with_GostR3410_94_cc, 8, &so[5675]},
+    {"id-GostR3411-94-with-GostR3410-2001-cc", "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom", NID_id_GostR3411_94_with_GostR3410_2001_cc, 8, &so[5683]},
+    {"id-GostR3410-2001-ParamSet-cc", "GOST R 3410-2001 Parameter Set Cryptocom", NID_id_GostR3410_2001_ParamSet_cc, 8, &so[5691]},
+    {"HMAC", "hmac", NID_hmac},
+    {"LocalKeySet", "Microsoft Local Key set", NID_LocalKeySet, 9, &so[5699]},
+    {"freshestCRL", "X509v3 Freshest CRL", NID_freshest_crl, 3, &so[5708]},
+    {"id-on-permanentIdentifier", "Permanent Identifier", NID_id_on_permanentIdentifier, 8, &so[5711]},
+    {"searchGuide", "searchGuide", NID_searchGuide, 3, &so[5719]},
+    {"businessCategory", "businessCategory", NID_businessCategory, 3, &so[5722]},
+    {"postalAddress", "postalAddress", NID_postalAddress, 3, &so[5725]},
+    {"postOfficeBox", "postOfficeBox", NID_postOfficeBox, 3, &so[5728]},
+    {"physicalDeliveryOfficeName", "physicalDeliveryOfficeName", NID_physicalDeliveryOfficeName, 3, &so[5731]},
+    {"telephoneNumber", "telephoneNumber", NID_telephoneNumber, 3, &so[5734]},
+    {"telexNumber", "telexNumber", NID_telexNumber, 3, &so[5737]},
+    {"teletexTerminalIdentifier", "teletexTerminalIdentifier", NID_teletexTerminalIdentifier, 3, &so[5740]},
+    {"facsimileTelephoneNumber", "facsimileTelephoneNumber", NID_facsimileTelephoneNumber, 3, &so[5743]},
+    {"x121Address", "x121Address", NID_x121Address, 3, &so[5746]},
+    {"internationaliSDNNumber", "internationaliSDNNumber", NID_internationaliSDNNumber, 3, &so[5749]},
+    {"registeredAddress", "registeredAddress", NID_registeredAddress, 3, &so[5752]},
+    {"destinationIndicator", "destinationIndicator", NID_destinationIndicator, 3, &so[5755]},
+    {"preferredDeliveryMethod", "preferredDeliveryMethod", NID_preferredDeliveryMethod, 3, &so[5758]},
+    {"presentationAddress", "presentationAddress", NID_presentationAddress, 3, &so[5761]},
+    {"supportedApplicationContext", "supportedApplicationContext", NID_supportedApplicationContext, 3, &so[5764]},
+    {"member", "member", NID_member, 3, &so[5767]},
+    {"owner", "owner", NID_owner, 3, &so[5770]},
+    {"roleOccupant", "roleOccupant", NID_roleOccupant, 3, &so[5773]},
+    {"seeAlso", "seeAlso", NID_seeAlso, 3, &so[5776]},
+    {"userPassword", "userPassword", NID_userPassword, 3, &so[5779]},
+    {"userCertificate", "userCertificate", NID_userCertificate, 3, &so[5782]},
+    {"cACertificate", "cACertificate", NID_cACertificate, 3, &so[5785]},
+    {"authorityRevocationList", "authorityRevocationList", NID_authorityRevocationList, 3, &so[5788]},
+    {"certificateRevocationList", "certificateRevocationList", NID_certificateRevocationList, 3, &so[5791]},
+    {"crossCertificatePair", "crossCertificatePair", NID_crossCertificatePair, 3, &so[5794]},
+    {"enhancedSearchGuide", "enhancedSearchGuide", NID_enhancedSearchGuide, 3, &so[5797]},
+    {"protocolInformation", "protocolInformation", NID_protocolInformation, 3, &so[5800]},
+    {"distinguishedName", "distinguishedName", NID_distinguishedName, 3, &so[5803]},
+    {"uniqueMember", "uniqueMember", NID_uniqueMember, 3, &so[5806]},
+    {"houseIdentifier", "houseIdentifier", NID_houseIdentifier, 3, &so[5809]},
+    {"supportedAlgorithms", "supportedAlgorithms", NID_supportedAlgorithms, 3, &so[5812]},
+    {"deltaRevocationList", "deltaRevocationList", NID_deltaRevocationList, 3, &so[5815]},
+    {"dmdName", "dmdName", NID_dmdName, 3, &so[5818]},
+    {"id-alg-PWRI-KEK", "id-alg-PWRI-KEK", NID_id_alg_PWRI_KEK, 11, &so[5821]},
+    {"CMAC", "cmac", NID_cmac},
+    {"id-aes128-GCM", "aes-128-gcm", NID_aes_128_gcm, 9, &so[5832]},
+    {"id-aes128-CCM", "aes-128-ccm", NID_aes_128_ccm, 9, &so[5841]},
+    {"id-aes128-wrap-pad", "id-aes128-wrap-pad", NID_id_aes128_wrap_pad, 9, &so[5850]},
+    {"id-aes192-GCM", "aes-192-gcm", NID_aes_192_gcm, 9, &so[5859]},
+    {"id-aes192-CCM", "aes-192-ccm", NID_aes_192_ccm, 9, &so[5868]},
+    {"id-aes192-wrap-pad", "id-aes192-wrap-pad", NID_id_aes192_wrap_pad, 9, &so[5877]},
+    {"id-aes256-GCM", "aes-256-gcm", NID_aes_256_gcm, 9, &so[5886]},
+    {"id-aes256-CCM", "aes-256-ccm", NID_aes_256_ccm, 9, &so[5895]},
+    {"id-aes256-wrap-pad", "id-aes256-wrap-pad", NID_id_aes256_wrap_pad, 9, &so[5904]},
+    {"AES-128-CTR", "aes-128-ctr", NID_aes_128_ctr},
+    {"AES-192-CTR", "aes-192-ctr", NID_aes_192_ctr},
+    {"AES-256-CTR", "aes-256-ctr", NID_aes_256_ctr},
+    {"id-camellia128-wrap", "id-camellia128-wrap", NID_id_camellia128_wrap, 11, &so[5913]},
+    {"id-camellia192-wrap", "id-camellia192-wrap", NID_id_camellia192_wrap, 11, &so[5924]},
+    {"id-camellia256-wrap", "id-camellia256-wrap", NID_id_camellia256_wrap, 11, &so[5935]},
+    {"anyExtendedKeyUsage", "Any Extended Key Usage", NID_anyExtendedKeyUsage, 4, &so[5946]},
+    {"MGF1", "mgf1", NID_mgf1, 9, &so[5950]},
+    {"RSASSA-PSS", "rsassaPss", NID_rsassaPss, 9, &so[5959]},
+    {"AES-128-XTS", "aes-128-xts", NID_aes_128_xts, 8, &so[5968]},
+    {"AES-256-XTS", "aes-256-xts", NID_aes_256_xts, 8, &so[5976]},
+    {"RC4-HMAC-MD5", "rc4-hmac-md5", NID_rc4_hmac_md5},
+    {"AES-128-CBC-HMAC-SHA1", "aes-128-cbc-hmac-sha1", NID_aes_128_cbc_hmac_sha1},
+    {"AES-192-CBC-HMAC-SHA1", "aes-192-cbc-hmac-sha1", NID_aes_192_cbc_hmac_sha1},
+    {"AES-256-CBC-HMAC-SHA1", "aes-256-cbc-hmac-sha1", NID_aes_256_cbc_hmac_sha1},
+    {"RSAES-OAEP", "rsaesOaep", NID_rsaesOaep, 9, &so[5984]},
+    {"dhpublicnumber", "X9.42 DH", NID_dhpublicnumber, 7, &so[5993]},
+    {"brainpoolP160r1", "brainpoolP160r1", NID_brainpoolP160r1, 9, &so[6000]},
+    {"brainpoolP160t1", "brainpoolP160t1", NID_brainpoolP160t1, 9, &so[6009]},
+    {"brainpoolP192r1", "brainpoolP192r1", NID_brainpoolP192r1, 9, &so[6018]},
+    {"brainpoolP192t1", "brainpoolP192t1", NID_brainpoolP192t1, 9, &so[6027]},
+    {"brainpoolP224r1", "brainpoolP224r1", NID_brainpoolP224r1, 9, &so[6036]},
+    {"brainpoolP224t1", "brainpoolP224t1", NID_brainpoolP224t1, 9, &so[6045]},
+    {"brainpoolP256r1", "brainpoolP256r1", NID_brainpoolP256r1, 9, &so[6054]},
+    {"brainpoolP256t1", "brainpoolP256t1", NID_brainpoolP256t1, 9, &so[6063]},
+    {"brainpoolP320r1", "brainpoolP320r1", NID_brainpoolP320r1, 9, &so[6072]},
+    {"brainpoolP320t1", "brainpoolP320t1", NID_brainpoolP320t1, 9, &so[6081]},
+    {"brainpoolP384r1", "brainpoolP384r1", NID_brainpoolP384r1, 9, &so[6090]},
+    {"brainpoolP384t1", "brainpoolP384t1", NID_brainpoolP384t1, 9, &so[6099]},
+    {"brainpoolP512r1", "brainpoolP512r1", NID_brainpoolP512r1, 9, &so[6108]},
+    {"brainpoolP512t1", "brainpoolP512t1", NID_brainpoolP512t1, 9, &so[6117]},
+    {"PSPECIFIED", "pSpecified", NID_pSpecified, 9, &so[6126]},
+    {"dhSinglePass-stdDH-sha1kdf-scheme", "dhSinglePass-stdDH-sha1kdf-scheme", NID_dhSinglePass_stdDH_sha1kdf_scheme, 9, &so[6135]},
+    {"dhSinglePass-stdDH-sha224kdf-scheme", "dhSinglePass-stdDH-sha224kdf-scheme", NID_dhSinglePass_stdDH_sha224kdf_scheme, 6, &so[6144]},
+    {"dhSinglePass-stdDH-sha256kdf-scheme", "dhSinglePass-stdDH-sha256kdf-scheme", NID_dhSinglePass_stdDH_sha256kdf_scheme, 6, &so[6150]},
+    {"dhSinglePass-stdDH-sha384kdf-scheme", "dhSinglePass-stdDH-sha384kdf-scheme", NID_dhSinglePass_stdDH_sha384kdf_scheme, 6, &so[6156]},
+    {"dhSinglePass-stdDH-sha512kdf-scheme", "dhSinglePass-stdDH-sha512kdf-scheme", NID_dhSinglePass_stdDH_sha512kdf_scheme, 6, &so[6162]},
+    {"dhSinglePass-cofactorDH-sha1kdf-scheme", "dhSinglePass-cofactorDH-sha1kdf-scheme", NID_dhSinglePass_cofactorDH_sha1kdf_scheme, 9, &so[6168]},
+    {"dhSinglePass-cofactorDH-sha224kdf-scheme", "dhSinglePass-cofactorDH-sha224kdf-scheme", NID_dhSinglePass_cofactorDH_sha224kdf_scheme, 6, &so[6177]},
+    {"dhSinglePass-cofactorDH-sha256kdf-scheme", "dhSinglePass-cofactorDH-sha256kdf-scheme", NID_dhSinglePass_cofactorDH_sha256kdf_scheme, 6, &so[6183]},
+    {"dhSinglePass-cofactorDH-sha384kdf-scheme", "dhSinglePass-cofactorDH-sha384kdf-scheme", NID_dhSinglePass_cofactorDH_sha384kdf_scheme, 6, &so[6189]},
+    {"dhSinglePass-cofactorDH-sha512kdf-scheme", "dhSinglePass-cofactorDH-sha512kdf-scheme", NID_dhSinglePass_cofactorDH_sha512kdf_scheme, 6, &so[6195]},
+    {"dh-std-kdf", "dh-std-kdf", NID_dh_std_kdf},
+    {"dh-cofactor-kdf", "dh-cofactor-kdf", NID_dh_cofactor_kdf},
+    {"AES-128-CBC-HMAC-SHA256", "aes-128-cbc-hmac-sha256", NID_aes_128_cbc_hmac_sha256},
+    {"AES-192-CBC-HMAC-SHA256", "aes-192-cbc-hmac-sha256", NID_aes_192_cbc_hmac_sha256},
+    {"AES-256-CBC-HMAC-SHA256", "aes-256-cbc-hmac-sha256", NID_aes_256_cbc_hmac_sha256},
+    {"ct_precert_scts", "CT Precertificate SCTs", NID_ct_precert_scts, 10, &so[6201]},
+    {"ct_precert_poison", "CT Precertificate Poison", NID_ct_precert_poison, 10, &so[6211]},
+    {"ct_precert_signer", "CT Precertificate Signer", NID_ct_precert_signer, 10, &so[6221]},
+    {"ct_cert_scts", "CT Certificate SCTs", NID_ct_cert_scts, 10, &so[6231]},
+    {"jurisdictionL", "jurisdictionLocalityName", NID_jurisdictionLocalityName, 11, &so[6241]},
+    {"jurisdictionST", "jurisdictionStateOrProvinceName", NID_jurisdictionStateOrProvinceName, 11, &so[6252]},
+    {"jurisdictionC", "jurisdictionCountryName", NID_jurisdictionCountryName, 11, &so[6263]},
+    {"AES-128-OCB", "aes-128-ocb", NID_aes_128_ocb},
+    {"AES-192-OCB", "aes-192-ocb", NID_aes_192_ocb},
+    {"AES-256-OCB", "aes-256-ocb", NID_aes_256_ocb},
+    {"CAMELLIA-128-GCM", "camellia-128-gcm", NID_camellia_128_gcm, 8, &so[6274]},
+    {"CAMELLIA-128-CCM", "camellia-128-ccm", NID_camellia_128_ccm, 8, &so[6282]},
+    {"CAMELLIA-128-CTR", "camellia-128-ctr", NID_camellia_128_ctr, 8, &so[6290]},
+    {"CAMELLIA-128-CMAC", "camellia-128-cmac", NID_camellia_128_cmac, 8, &so[6298]},
+    {"CAMELLIA-192-GCM", "camellia-192-gcm", NID_camellia_192_gcm, 8, &so[6306]},
+    {"CAMELLIA-192-CCM", "camellia-192-ccm", NID_camellia_192_ccm, 8, &so[6314]},
+    {"CAMELLIA-192-CTR", "camellia-192-ctr", NID_camellia_192_ctr, 8, &so[6322]},
+    {"CAMELLIA-192-CMAC", "camellia-192-cmac", NID_camellia_192_cmac, 8, &so[6330]},
+    {"CAMELLIA-256-GCM", "camellia-256-gcm", NID_camellia_256_gcm, 8, &so[6338]},
+    {"CAMELLIA-256-CCM", "camellia-256-ccm", NID_camellia_256_ccm, 8, &so[6346]},
+    {"CAMELLIA-256-CTR", "camellia-256-ctr", NID_camellia_256_ctr, 8, &so[6354]},
+    {"CAMELLIA-256-CMAC", "camellia-256-cmac", NID_camellia_256_cmac, 8, &so[6362]},
+    {"id-scrypt", "scrypt", NID_id_scrypt, 9, &so[6370]},
+    {"id-tc26", "id-tc26", NID_id_tc26, 5, &so[6379]},
+    {"gost89-cnt-12", "gost89-cnt-12", NID_gost89_cnt_12},
+    {"gost-mac-12", "gost-mac-12", NID_gost_mac_12},
+    {"id-tc26-algorithms", "id-tc26-algorithms", NID_id_tc26_algorithms, 6, &so[6384]},
+    {"id-tc26-sign", "id-tc26-sign", NID_id_tc26_sign, 7, &so[6390]},
+    {"gost2012_256", "GOST R 34.10-2012 with 256 bit modulus", NID_id_GostR3410_2012_256, 8, &so[6397]},
+    {"gost2012_512", "GOST R 34.10-2012 with 512 bit modulus", NID_id_GostR3410_2012_512, 8, &so[6405]},
+    {"id-tc26-digest", "id-tc26-digest", NID_id_tc26_digest, 7, &so[6413]},
+    {"md_gost12_256", "GOST R 34.11-2012 with 256 bit hash", NID_id_GostR3411_2012_256, 8, &so[6420]},
+    {"md_gost12_512", "GOST R 34.11-2012 with 512 bit hash", NID_id_GostR3411_2012_512, 8, &so[6428]},
+    {"id-tc26-signwithdigest", "id-tc26-signwithdigest", NID_id_tc26_signwithdigest, 7, &so[6436]},
+    {"id-tc26-signwithdigest-gost3410-2012-256", "GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)", NID_id_tc26_signwithdigest_gost3410_2012_256, 8, &so[6443]},
+    {"id-tc26-signwithdigest-gost3410-2012-512", "GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)", NID_id_tc26_signwithdigest_gost3410_2012_512, 8, &so[6451]},
+    {"id-tc26-mac", "id-tc26-mac", NID_id_tc26_mac, 7, &so[6459]},
+    {"id-tc26-hmac-gost-3411-2012-256", "HMAC GOST 34.11-2012 256 bit", NID_id_tc26_hmac_gost_3411_2012_256, 8, &so[6466]},
+    {"id-tc26-hmac-gost-3411-2012-512", "HMAC GOST 34.11-2012 512 bit", NID_id_tc26_hmac_gost_3411_2012_512, 8, &so[6474]},
+    {"id-tc26-cipher", "id-tc26-cipher", NID_id_tc26_cipher, 7, &so[6482]},
+    {"id-tc26-agreement", "id-tc26-agreement", NID_id_tc26_agreement, 7, &so[6489]},
+    {"id-tc26-agreement-gost-3410-2012-256", "id-tc26-agreement-gost-3410-2012-256", NID_id_tc26_agreement_gost_3410_2012_256, 8, &so[6496]},
+    {"id-tc26-agreement-gost-3410-2012-512", "id-tc26-agreement-gost-3410-2012-512", NID_id_tc26_agreement_gost_3410_2012_512, 8, &so[6504]},
+    {"id-tc26-constants", "id-tc26-constants", NID_id_tc26_constants, 6, &so[6512]},
+    {"id-tc26-sign-constants", "id-tc26-sign-constants", NID_id_tc26_sign_constants, 7, &so[6518]},
+    {"id-tc26-gost-3410-2012-512-constants", "id-tc26-gost-3410-2012-512-constants", NID_id_tc26_gost_3410_2012_512_constants, 8, &so[6525]},
+    {"id-tc26-gost-3410-2012-512-paramSetTest", "GOST R 34.10-2012 (512 bit) testing parameter set", NID_id_tc26_gost_3410_2012_512_paramSetTest, 9, &so[6533]},
+    {"id-tc26-gost-3410-2012-512-paramSetA", "GOST R 34.10-2012 (512 bit) ParamSet A", NID_id_tc26_gost_3410_2012_512_paramSetA, 9, &so[6542]},
+    {"id-tc26-gost-3410-2012-512-paramSetB", "GOST R 34.10-2012 (512 bit) ParamSet B", NID_id_tc26_gost_3410_2012_512_paramSetB, 9, &so[6551]},
+    {"id-tc26-digest-constants", "id-tc26-digest-constants", NID_id_tc26_digest_constants, 7, &so[6560]},
+    {"id-tc26-cipher-constants", "id-tc26-cipher-constants", NID_id_tc26_cipher_constants, 7, &so[6567]},
+    {"id-tc26-gost-28147-constants", "id-tc26-gost-28147-constants", NID_id_tc26_gost_28147_constants, 8, &so[6574]},
+    {"id-tc26-gost-28147-param-Z", "GOST 28147-89 TC26 parameter set", NID_id_tc26_gost_28147_param_Z, 9, &so[6582]},
+    {"INN", "INN", NID_INN, 8, &so[6591]},
+    {"OGRN", "OGRN", NID_OGRN, 5, &so[6599]},
+    {"SNILS", "SNILS", NID_SNILS, 5, &so[6604]},
+    {"subjectSignTool", "Signing Tool of Subject", NID_subjectSignTool, 5, &so[6609]},
+    {"issuerSignTool", "Signing Tool of Issuer", NID_issuerSignTool, 5, &so[6614]},
+    {"gost89-cbc", "gost89-cbc", NID_gost89_cbc},
+    {"gost89-ecb", "gost89-ecb", NID_gost89_ecb},
+    {"gost89-ctr", "gost89-ctr", NID_gost89_ctr},
+    {"grasshopper-ecb", "grasshopper-ecb", NID_grasshopper_ecb},
+    {"grasshopper-ctr", "grasshopper-ctr", NID_grasshopper_ctr},
+    {"grasshopper-ofb", "grasshopper-ofb", NID_grasshopper_ofb},
+    {"grasshopper-cbc", "grasshopper-cbc", NID_grasshopper_cbc},
+    {"grasshopper-cfb", "grasshopper-cfb", NID_grasshopper_cfb},
+    {"grasshopper-mac", "grasshopper-mac", NID_grasshopper_mac},
+    {"ChaCha20-Poly1305", "chacha20-poly1305", NID_chacha20_poly1305},
+    {"ChaCha20", "chacha20", NID_chacha20},
+    {"tlsfeature", "TLS Feature", NID_tlsfeature, 8, &so[6619]},
+    {"TLS1-PRF", "tls1-prf", NID_tls1_prf},
+    {"ipsecIKE", "ipsec Internet Key Exchange", NID_ipsec_IKE, 8, &so[6627]},
+    {"capwapAC", "Ctrl/provision WAP Access", NID_capwapAC, 8, &so[6635]},
+    {"capwapWTP", "Ctrl/Provision WAP Termination", NID_capwapWTP, 8, &so[6643]},
+    {"secureShellClient", "SSH Client", NID_sshClient, 8, &so[6651]},
+    {"secureShellServer", "SSH Server", NID_sshServer, 8, &so[6659]},
+    {"sendRouter", "Send Router", NID_sendRouter, 8, &so[6667]},
+    {"sendProxiedRouter", "Send Proxied Router", NID_sendProxiedRouter, 8, &so[6675]},
+    {"sendOwner", "Send Owner", NID_sendOwner, 8, &so[6683]},
+    {"sendProxiedOwner", "Send Proxied Owner", NID_sendProxiedOwner, 8, &so[6691]},
+    {"id-pkinit", "id-pkinit", NID_id_pkinit, 6, &so[6699]},
+    {"pkInitClientAuth", "PKINIT Client Auth", NID_pkInitClientAuth, 7, &so[6705]},
+    {"pkInitKDC", "Signing KDC Response", NID_pkInitKDC, 7, &so[6712]},
+    {"X25519", "X25519", NID_X25519, 3, &so[6719]},
+    {"X448", "X448", NID_X448, 3, &so[6722]},
+    {"HKDF", "hkdf", NID_hkdf},
+    {"KxRSA", "kx-rsa", NID_kx_rsa},
+    {"KxECDHE", "kx-ecdhe", NID_kx_ecdhe},
+    {"KxDHE", "kx-dhe", NID_kx_dhe},
+    {"KxECDHE-PSK", "kx-ecdhe-psk", NID_kx_ecdhe_psk},
+    {"KxDHE-PSK", "kx-dhe-psk", NID_kx_dhe_psk},
+    {"KxRSA_PSK", "kx-rsa-psk", NID_kx_rsa_psk},
+    {"KxPSK", "kx-psk", NID_kx_psk},
+    {"KxSRP", "kx-srp", NID_kx_srp},
+    {"KxGOST", "kx-gost", NID_kx_gost},
+    {"AuthRSA", "auth-rsa", NID_auth_rsa},
+    {"AuthECDSA", "auth-ecdsa", NID_auth_ecdsa},
+    {"AuthPSK", "auth-psk", NID_auth_psk},
+    {"AuthDSS", "auth-dss", NID_auth_dss},
+    {"AuthGOST01", "auth-gost01", NID_auth_gost01},
+    {"AuthGOST12", "auth-gost12", NID_auth_gost12},
+    {"AuthSRP", "auth-srp", NID_auth_srp},
+    {"AuthNULL", "auth-null", NID_auth_null},
+    { NULL, NULL, NID_undef },
+    { NULL, NULL, NID_undef },
+    {"BLAKE2b512", "blake2b512", NID_blake2b512, 11, &so[6725]},
+    {"BLAKE2s256", "blake2s256", NID_blake2s256, 11, &so[6736]},
+    {"id-smime-ct-contentCollection", "id-smime-ct-contentCollection", NID_id_smime_ct_contentCollection, 11, &so[6747]},
+    {"id-smime-ct-authEnvelopedData", "id-smime-ct-authEnvelopedData", NID_id_smime_ct_authEnvelopedData, 11, &so[6758]},
+    {"id-ct-xml", "id-ct-xml", NID_id_ct_xml, 11, &so[6769]},
+    {"Poly1305", "poly1305", NID_poly1305},
+    {"SipHash", "siphash", NID_siphash},
+    {"KxANY", "kx-any", NID_kx_any},
+    {"AuthANY", "auth-any", NID_auth_any},
+    {"ARIA-128-ECB", "aria-128-ecb", NID_aria_128_ecb, 9, &so[6780]},
+    {"ARIA-128-CBC", "aria-128-cbc", NID_aria_128_cbc, 9, &so[6789]},
+    {"ARIA-128-CFB", "aria-128-cfb", NID_aria_128_cfb128, 9, &so[6798]},
+    {"ARIA-128-OFB", "aria-128-ofb", NID_aria_128_ofb128, 9, &so[6807]},
+    {"ARIA-128-CTR", "aria-128-ctr", NID_aria_128_ctr, 9, &so[6816]},
+    {"ARIA-192-ECB", "aria-192-ecb", NID_aria_192_ecb, 9, &so[6825]},
+    {"ARIA-192-CBC", "aria-192-cbc", NID_aria_192_cbc, 9, &so[6834]},
+    {"ARIA-192-CFB", "aria-192-cfb", NID_aria_192_cfb128, 9, &so[6843]},
+    {"ARIA-192-OFB", "aria-192-ofb", NID_aria_192_ofb128, 9, &so[6852]},
+    {"ARIA-192-CTR", "aria-192-ctr", NID_aria_192_ctr, 9, &so[6861]},
+    {"ARIA-256-ECB", "aria-256-ecb", NID_aria_256_ecb, 9, &so[6870]},
+    {"ARIA-256-CBC", "aria-256-cbc", NID_aria_256_cbc, 9, &so[6879]},
+    {"ARIA-256-CFB", "aria-256-cfb", NID_aria_256_cfb128, 9, &so[6888]},
+    {"ARIA-256-OFB", "aria-256-ofb", NID_aria_256_ofb128, 9, &so[6897]},
+    {"ARIA-256-CTR", "aria-256-ctr", NID_aria_256_ctr, 9, &so[6906]},
+    {"ARIA-128-CFB1", "aria-128-cfb1", NID_aria_128_cfb1},
+    {"ARIA-192-CFB1", "aria-192-cfb1", NID_aria_192_cfb1},
+    {"ARIA-256-CFB1", "aria-256-cfb1", NID_aria_256_cfb1},
+    {"ARIA-128-CFB8", "aria-128-cfb8", NID_aria_128_cfb8},
+    {"ARIA-192-CFB8", "aria-192-cfb8", NID_aria_192_cfb8},
+    {"ARIA-256-CFB8", "aria-256-cfb8", NID_aria_256_cfb8},
+    {"id-smime-aa-signingCertificateV2", "id-smime-aa-signingCertificateV2", NID_id_smime_aa_signingCertificateV2, 11, &so[6915]},
+    {"ED25519", "ED25519", NID_ED25519, 3, &so[6926]},
+    {"ED448", "ED448", NID_ED448, 3, &so[6929]},
+    {"organizationIdentifier", "organizationIdentifier", NID_organizationIdentifier, 3, &so[6932]},
+    {"c3", "countryCode3c", NID_countryCode3c, 3, &so[6935]},
+    {"n3", "countryCode3n", NID_countryCode3n, 3, &so[6938]},
+    {"dnsName", "dnsName", NID_dnsName, 3, &so[6941]},
+    {"x509ExtAdmission", "Professional Information or basis for Admission", NID_x509ExtAdmission, 5, &so[6944]},
+    {"SHA512-224", "sha512-224", NID_sha512_224, 9, &so[6949]},
+    {"SHA512-256", "sha512-256", NID_sha512_256, 9, &so[6958]},
+    {"SHA3-224", "sha3-224", NID_sha3_224, 9, &so[6967]},
+    {"SHA3-256", "sha3-256", NID_sha3_256, 9, &so[6976]},
+    {"SHA3-384", "sha3-384", NID_sha3_384, 9, &so[6985]},
+    {"SHA3-512", "sha3-512", NID_sha3_512, 9, &so[6994]},
+    {"SHAKE128", "shake128", NID_shake128, 9, &so[7003]},
+    {"SHAKE256", "shake256", NID_shake256, 9, &so[7012]},
+    {"id-hmacWithSHA3-224", "hmac-sha3-224", NID_hmac_sha3_224, 9, &so[7021]},
+    {"id-hmacWithSHA3-256", "hmac-sha3-256", NID_hmac_sha3_256, 9, &so[7030]},
+    {"id-hmacWithSHA3-384", "hmac-sha3-384", NID_hmac_sha3_384, 9, &so[7039]},
+    {"id-hmacWithSHA3-512", "hmac-sha3-512", NID_hmac_sha3_512, 9, &so[7048]},
+    {"id-dsa-with-sha384", "dsa_with_SHA384", NID_dsa_with_SHA384, 9, &so[7057]},
+    {"id-dsa-with-sha512", "dsa_with_SHA512", NID_dsa_with_SHA512, 9, &so[7066]},
+    {"id-dsa-with-sha3-224", "dsa_with_SHA3-224", NID_dsa_with_SHA3_224, 9, &so[7075]},
+    {"id-dsa-with-sha3-256", "dsa_with_SHA3-256", NID_dsa_with_SHA3_256, 9, &so[7084]},
+    {"id-dsa-with-sha3-384", "dsa_with_SHA3-384", NID_dsa_with_SHA3_384, 9, &so[7093]},
+    {"id-dsa-with-sha3-512", "dsa_with_SHA3-512", NID_dsa_with_SHA3_512, 9, &so[7102]},
+    {"id-ecdsa-with-sha3-224", "ecdsa_with_SHA3-224", NID_ecdsa_with_SHA3_224, 9, &so[7111]},
+    {"id-ecdsa-with-sha3-256", "ecdsa_with_SHA3-256", NID_ecdsa_with_SHA3_256, 9, &so[7120]},
+    {"id-ecdsa-with-sha3-384", "ecdsa_with_SHA3-384", NID_ecdsa_with_SHA3_384, 9, &so[7129]},
+    {"id-ecdsa-with-sha3-512", "ecdsa_with_SHA3-512", NID_ecdsa_with_SHA3_512, 9, &so[7138]},
+    {"id-rsassa-pkcs1-v1_5-with-sha3-224", "RSA-SHA3-224", NID_RSA_SHA3_224, 9, &so[7147]},
+    {"id-rsassa-pkcs1-v1_5-with-sha3-256", "RSA-SHA3-256", NID_RSA_SHA3_256, 9, &so[7156]},
+    {"id-rsassa-pkcs1-v1_5-with-sha3-384", "RSA-SHA3-384", NID_RSA_SHA3_384, 9, &so[7165]},
+    {"id-rsassa-pkcs1-v1_5-with-sha3-512", "RSA-SHA3-512", NID_RSA_SHA3_512, 9, &so[7174]},
+    {"ARIA-128-CCM", "aria-128-ccm", NID_aria_128_ccm, 9, &so[7183]},
+    {"ARIA-192-CCM", "aria-192-ccm", NID_aria_192_ccm, 9, &so[7192]},
+    {"ARIA-256-CCM", "aria-256-ccm", NID_aria_256_ccm, 9, &so[7201]},
+    {"ARIA-128-GCM", "aria-128-gcm", NID_aria_128_gcm, 9, &so[7210]},
+    {"ARIA-192-GCM", "aria-192-gcm", NID_aria_192_gcm, 9, &so[7219]},
+    {"ARIA-256-GCM", "aria-256-gcm", NID_aria_256_gcm, 9, &so[7228]},
+    {"ffdhe2048", "ffdhe2048", NID_ffdhe2048},
+    {"ffdhe3072", "ffdhe3072", NID_ffdhe3072},
+    {"ffdhe4096", "ffdhe4096", NID_ffdhe4096},
+    {"ffdhe6144", "ffdhe6144", NID_ffdhe6144},
+    {"ffdhe8192", "ffdhe8192", NID_ffdhe8192},
+    {"cmcCA", "CMC Certificate Authority", NID_cmcCA, 8, &so[7237]},
+    {"cmcRA", "CMC Registration Authority", NID_cmcRA, 8, &so[7245]},
+    {"SM4-ECB", "sm4-ecb", NID_sm4_ecb, 8, &so[7253]},
+    {"SM4-CBC", "sm4-cbc", NID_sm4_cbc, 8, &so[7261]},
+    {"SM4-OFB", "sm4-ofb", NID_sm4_ofb128, 8, &so[7269]},
+    {"SM4-CFB1", "sm4-cfb1", NID_sm4_cfb1, 8, &so[7277]},
+    {"SM4-CFB", "sm4-cfb", NID_sm4_cfb128, 8, &so[7285]},
+    {"SM4-CFB8", "sm4-cfb8", NID_sm4_cfb8, 8, &so[7293]},
+    {"SM4-CTR", "sm4-ctr", NID_sm4_ctr, 8, &so[7301]},
+    {"ISO-CN", "ISO CN Member Body", NID_ISO_CN, 3, &so[7309]},
+    {"oscca", "oscca", NID_oscca, 5, &so[7312]},
+    {"sm-scheme", "sm-scheme", NID_sm_scheme, 6, &so[7317]},
+    {"SM3", "sm3", NID_sm3, 8, &so[7323]},
+    {"RSA-SM3", "sm3WithRSAEncryption", NID_sm3WithRSAEncryption, 8, &so[7331]},
+    {"RSA-SHA512/224", "sha512-224WithRSAEncryption", NID_sha512_224WithRSAEncryption, 9, &so[7339]},
+    {"RSA-SHA512/256", "sha512-256WithRSAEncryption", NID_sha512_256WithRSAEncryption, 9, &so[7348]},
+    {"id-tc26-gost-3410-2012-256-constants", "id-tc26-gost-3410-2012-256-constants", NID_id_tc26_gost_3410_2012_256_constants, 8, &so[7357]},
+    {"id-tc26-gost-3410-2012-256-paramSetA", "GOST R 34.10-2012 (256 bit) ParamSet A", NID_id_tc26_gost_3410_2012_256_paramSetA, 9, &so[7365]},
+    {"id-tc26-gost-3410-2012-512-paramSetC", "GOST R 34.10-2012 (512 bit) ParamSet C", NID_id_tc26_gost_3410_2012_512_paramSetC, 9, &so[7374]},
+    {"ISO-UA", "ISO-UA", NID_ISO_UA, 3, &so[7383]},
+    {"ua-pki", "ua-pki", NID_ua_pki, 7, &so[7386]},
+    {"dstu28147", "DSTU Gost 28147-2009", NID_dstu28147, 10, &so[7393]},
+    {"dstu28147-ofb", "DSTU Gost 28147-2009 OFB mode", NID_dstu28147_ofb, 11, &so[7403]},
+    {"dstu28147-cfb", "DSTU Gost 28147-2009 CFB mode", NID_dstu28147_cfb, 11, &so[7414]},
+    {"dstu28147-wrap", "DSTU Gost 28147-2009 key wrap", NID_dstu28147_wrap, 11, &so[7425]},
+    {"hmacWithDstu34311", "HMAC DSTU Gost 34311-95", NID_hmacWithDstu34311, 10, &so[7436]},
+    {"dstu34311", "DSTU Gost 34311-95", NID_dstu34311, 10, &so[7446]},
+    {"dstu4145le", "DSTU 4145-2002 little endian", NID_dstu4145le, 11, &so[7456]},
+    {"dstu4145be", "DSTU 4145-2002 big endian", NID_dstu4145be, 13, &so[7467]},
+    {"uacurve0", "DSTU curve 0", NID_uacurve0, 13, &so[7480]},
+    {"uacurve1", "DSTU curve 1", NID_uacurve1, 13, &so[7493]},
+    {"uacurve2", "DSTU curve 2", NID_uacurve2, 13, &so[7506]},
+    {"uacurve3", "DSTU curve 3", NID_uacurve3, 13, &so[7519]},
+    {"uacurve4", "DSTU curve 4", NID_uacurve4, 13, &so[7532]},
+    {"uacurve5", "DSTU curve 5", NID_uacurve5, 13, &so[7545]},
+    {"uacurve6", "DSTU curve 6", NID_uacurve6, 13, &so[7558]},
+    {"uacurve7", "DSTU curve 7", NID_uacurve7, 13, &so[7571]},
+    {"uacurve8", "DSTU curve 8", NID_uacurve8, 13, &so[7584]},
+    {"uacurve9", "DSTU curve 9", NID_uacurve9, 13, &so[7597]},
+    {"ieee", "ieee", NID_ieee, 2, &so[7610]},
+    {"ieee-siswg", "IEEE Security in Storage Working Group", NID_ieee_siswg, 5, &so[7612]},
+    {"SM2", "sm2", NID_sm2, 8, &so[7617]},
+    {"id-tc26-cipher-gostr3412-2015-magma", "id-tc26-cipher-gostr3412-2015-magma", NID_id_tc26_cipher_gostr3412_2015_magma, 8, &so[7625]},
+    {"id-tc26-cipher-gostr3412-2015-magma-ctracpkm", "id-tc26-cipher-gostr3412-2015-magma-ctracpkm", NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm, 9, &so[7633]},
+    {"id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac", "id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac", NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac, 9, &so[7642]},
+    {"id-tc26-cipher-gostr3412-2015-kuznyechik", "id-tc26-cipher-gostr3412-2015-kuznyechik", NID_id_tc26_cipher_gostr3412_2015_kuznyechik, 8, &so[7651]},
+    {"id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm", "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm", NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm, 9, &so[7659]},
+    {"id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac", "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac", NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac, 9, &so[7668]},
+    {"id-tc26-wrap", "id-tc26-wrap", NID_id_tc26_wrap, 7, &so[7677]},
+    {"id-tc26-wrap-gostr3412-2015-magma", "id-tc26-wrap-gostr3412-2015-magma", NID_id_tc26_wrap_gostr3412_2015_magma, 8, &so[7684]},
+    {"id-tc26-wrap-gostr3412-2015-magma-kexp15", "id-tc26-wrap-gostr3412-2015-magma-kexp15", NID_id_tc26_wrap_gostr3412_2015_magma_kexp15, 9, &so[7692]},
+    {"id-tc26-wrap-gostr3412-2015-kuznyechik", "id-tc26-wrap-gostr3412-2015-kuznyechik", NID_id_tc26_wrap_gostr3412_2015_kuznyechik, 8, &so[7701]},
+    {"id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15", "id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15", NID_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15, 9, &so[7709]},
+    {"id-tc26-gost-3410-2012-256-paramSetB", "GOST R 34.10-2012 (256 bit) ParamSet B", NID_id_tc26_gost_3410_2012_256_paramSetB, 9, &so[7718]},
+    {"id-tc26-gost-3410-2012-256-paramSetC", "GOST R 34.10-2012 (256 bit) ParamSet C", NID_id_tc26_gost_3410_2012_256_paramSetC, 9, &so[7727]},
+    {"id-tc26-gost-3410-2012-256-paramSetD", "GOST R 34.10-2012 (256 bit) ParamSet D", NID_id_tc26_gost_3410_2012_256_paramSetD, 9, &so[7736]},
+    {"magma-ecb", "magma-ecb", NID_magma_ecb},
+    {"magma-ctr", "magma-ctr", NID_magma_ctr},
+    {"magma-ofb", "magma-ofb", NID_magma_ofb},
+    {"magma-cbc", "magma-cbc", NID_magma_cbc},
+    {"magma-cfb", "magma-cfb", NID_magma_cfb},
+    {"magma-mac", "magma-mac", NID_magma_mac},
+    {"hmacWithSHA512-224", "hmacWithSHA512-224", NID_hmacWithSHA512_224, 8, &so[7745]},
+    {"hmacWithSHA512-256", "hmacWithSHA512-256", NID_hmacWithSHA512_256, 8, &so[7753]},
 };
 
-static const unsigned int sn_objs[NUM_SN]={
-364,	/* "AD_DVCS" */
-419,	/* "AES-128-CBC" */
-916,	/* "AES-128-CBC-HMAC-SHA1" */
-948,	/* "AES-128-CBC-HMAC-SHA256" */
-421,	/* "AES-128-CFB" */
-650,	/* "AES-128-CFB1" */
-653,	/* "AES-128-CFB8" */
-904,	/* "AES-128-CTR" */
-418,	/* "AES-128-ECB" */
-420,	/* "AES-128-OFB" */
-913,	/* "AES-128-XTS" */
-423,	/* "AES-192-CBC" */
-917,	/* "AES-192-CBC-HMAC-SHA1" */
-949,	/* "AES-192-CBC-HMAC-SHA256" */
-425,	/* "AES-192-CFB" */
-651,	/* "AES-192-CFB1" */
-654,	/* "AES-192-CFB8" */
-905,	/* "AES-192-CTR" */
-422,	/* "AES-192-ECB" */
-424,	/* "AES-192-OFB" */
-427,	/* "AES-256-CBC" */
-918,	/* "AES-256-CBC-HMAC-SHA1" */
-950,	/* "AES-256-CBC-HMAC-SHA256" */
-429,	/* "AES-256-CFB" */
-652,	/* "AES-256-CFB1" */
-655,	/* "AES-256-CFB8" */
-906,	/* "AES-256-CTR" */
-426,	/* "AES-256-ECB" */
-428,	/* "AES-256-OFB" */
-914,	/* "AES-256-XTS" */
-91,	/* "BF-CBC" */
-93,	/* "BF-CFB" */
-92,	/* "BF-ECB" */
-94,	/* "BF-OFB" */
-14,	/* "C" */
-751,	/* "CAMELLIA-128-CBC" */
-757,	/* "CAMELLIA-128-CFB" */
-760,	/* "CAMELLIA-128-CFB1" */
-763,	/* "CAMELLIA-128-CFB8" */
-754,	/* "CAMELLIA-128-ECB" */
-766,	/* "CAMELLIA-128-OFB" */
-752,	/* "CAMELLIA-192-CBC" */
-758,	/* "CAMELLIA-192-CFB" */
-761,	/* "CAMELLIA-192-CFB1" */
-764,	/* "CAMELLIA-192-CFB8" */
-755,	/* "CAMELLIA-192-ECB" */
-767,	/* "CAMELLIA-192-OFB" */
-753,	/* "CAMELLIA-256-CBC" */
-759,	/* "CAMELLIA-256-CFB" */
-762,	/* "CAMELLIA-256-CFB1" */
-765,	/* "CAMELLIA-256-CFB8" */
-756,	/* "CAMELLIA-256-ECB" */
-768,	/* "CAMELLIA-256-OFB" */
-108,	/* "CAST5-CBC" */
-110,	/* "CAST5-CFB" */
-109,	/* "CAST5-ECB" */
-111,	/* "CAST5-OFB" */
-894,	/* "CMAC" */
-13,	/* "CN" */
-141,	/* "CRLReason" */
-417,	/* "CSPName" */
-367,	/* "CrlID" */
-391,	/* "DC" */
-31,	/* "DES-CBC" */
-643,	/* "DES-CDMF" */
-30,	/* "DES-CFB" */
-656,	/* "DES-CFB1" */
-657,	/* "DES-CFB8" */
-29,	/* "DES-ECB" */
-32,	/* "DES-EDE" */
-43,	/* "DES-EDE-CBC" */
-60,	/* "DES-EDE-CFB" */
-62,	/* "DES-EDE-OFB" */
-33,	/* "DES-EDE3" */
-44,	/* "DES-EDE3-CBC" */
-61,	/* "DES-EDE3-CFB" */
-658,	/* "DES-EDE3-CFB1" */
-659,	/* "DES-EDE3-CFB8" */
-63,	/* "DES-EDE3-OFB" */
-45,	/* "DES-OFB" */
-80,	/* "DESX-CBC" */
-380,	/* "DOD" */
-116,	/* "DSA" */
-66,	/* "DSA-SHA" */
-113,	/* "DSA-SHA1" */
-70,	/* "DSA-SHA1-old" */
-67,	/* "DSA-old" */
-297,	/* "DVCS" */
-99,	/* "GN" */
-855,	/* "HMAC" */
-780,	/* "HMAC-MD5" */
-781,	/* "HMAC-SHA1" */
-381,	/* "IANA" */
-34,	/* "IDEA-CBC" */
-35,	/* "IDEA-CFB" */
-36,	/* "IDEA-ECB" */
-46,	/* "IDEA-OFB" */
-181,	/* "ISO" */
-183,	/* "ISO-US" */
-645,	/* "ITU-T" */
-646,	/* "JOINT-ISO-ITU-T" */
-773,	/* "KISA" */
-15,	/* "L" */
-856,	/* "LocalKeySet" */
- 3,	/* "MD2" */
-257,	/* "MD4" */
- 4,	/* "MD5" */
-114,	/* "MD5-SHA1" */
-95,	/* "MDC2" */
-911,	/* "MGF1" */
-388,	/* "Mail" */
-393,	/* "NULL" */
-404,	/* "NULL" */
-57,	/* "Netscape" */
-366,	/* "Nonce" */
-17,	/* "O" */
-178,	/* "OCSP" */
-180,	/* "OCSPSigning" */
-379,	/* "ORG" */
-18,	/* "OU" */
-749,	/* "Oakley-EC2N-3" */
-750,	/* "Oakley-EC2N-4" */
- 9,	/* "PBE-MD2-DES" */
-168,	/* "PBE-MD2-RC2-64" */
-10,	/* "PBE-MD5-DES" */
-169,	/* "PBE-MD5-RC2-64" */
-147,	/* "PBE-SHA1-2DES" */
-146,	/* "PBE-SHA1-3DES" */
-170,	/* "PBE-SHA1-DES" */
-148,	/* "PBE-SHA1-RC2-128" */
-149,	/* "PBE-SHA1-RC2-40" */
-68,	/* "PBE-SHA1-RC2-64" */
-144,	/* "PBE-SHA1-RC4-128" */
-145,	/* "PBE-SHA1-RC4-40" */
-161,	/* "PBES2" */
-69,	/* "PBKDF2" */
-162,	/* "PBMAC1" */
-127,	/* "PKIX" */
-935,	/* "PSPECIFIED" */
-98,	/* "RC2-40-CBC" */
-166,	/* "RC2-64-CBC" */
-37,	/* "RC2-CBC" */
-39,	/* "RC2-CFB" */
-38,	/* "RC2-ECB" */
-40,	/* "RC2-OFB" */
- 5,	/* "RC4" */
-97,	/* "RC4-40" */
-915,	/* "RC4-HMAC-MD5" */
-120,	/* "RC5-CBC" */
-122,	/* "RC5-CFB" */
-121,	/* "RC5-ECB" */
-123,	/* "RC5-OFB" */
-117,	/* "RIPEMD160" */
-124,	/* "RLE" */
-19,	/* "RSA" */
- 7,	/* "RSA-MD2" */
-396,	/* "RSA-MD4" */
- 8,	/* "RSA-MD5" */
-96,	/* "RSA-MDC2" */
-104,	/* "RSA-NP-MD5" */
-119,	/* "RSA-RIPEMD160" */
-42,	/* "RSA-SHA" */
-65,	/* "RSA-SHA1" */
-115,	/* "RSA-SHA1-2" */
-671,	/* "RSA-SHA224" */
-668,	/* "RSA-SHA256" */
-669,	/* "RSA-SHA384" */
-670,	/* "RSA-SHA512" */
-919,	/* "RSAES-OAEP" */
-912,	/* "RSASSA-PSS" */
-777,	/* "SEED-CBC" */
-779,	/* "SEED-CFB" */
-776,	/* "SEED-ECB" */
-778,	/* "SEED-OFB" */
-41,	/* "SHA" */
-64,	/* "SHA1" */
-675,	/* "SHA224" */
-672,	/* "SHA256" */
-673,	/* "SHA384" */
-674,	/* "SHA512" */
-188,	/* "SMIME" */
-167,	/* "SMIME-CAPS" */
-100,	/* "SN" */
-16,	/* "ST" */
-143,	/* "SXNetID" */
-458,	/* "UID" */
- 0,	/* "UNDEF" */
-11,	/* "X500" */
-378,	/* "X500algorithms" */
-12,	/* "X509" */
-184,	/* "X9-57" */
-185,	/* "X9cm" */
-125,	/* "ZLIB" */
-478,	/* "aRecord" */
-289,	/* "aaControls" */
-287,	/* "ac-auditEntity" */
-397,	/* "ac-proxying" */
-288,	/* "ac-targeting" */
-368,	/* "acceptableResponses" */
-446,	/* "account" */
-363,	/* "ad_timestamping" */
-376,	/* "algorithm" */
-405,	/* "ansi-X9-62" */
-910,	/* "anyExtendedKeyUsage" */
-746,	/* "anyPolicy" */
-370,	/* "archiveCutoff" */
-484,	/* "associatedDomain" */
-485,	/* "associatedName" */
-501,	/* "audio" */
-177,	/* "authorityInfoAccess" */
-90,	/* "authorityKeyIdentifier" */
-882,	/* "authorityRevocationList" */
-87,	/* "basicConstraints" */
-365,	/* "basicOCSPResponse" */
-285,	/* "biometricInfo" */
-921,	/* "brainpoolP160r1" */
-922,	/* "brainpoolP160t1" */
-923,	/* "brainpoolP192r1" */
-924,	/* "brainpoolP192t1" */
-925,	/* "brainpoolP224r1" */
-926,	/* "brainpoolP224t1" */
-927,	/* "brainpoolP256r1" */
-928,	/* "brainpoolP256t1" */
-929,	/* "brainpoolP320r1" */
-930,	/* "brainpoolP320t1" */
-931,	/* "brainpoolP384r1" */
-932,	/* "brainpoolP384t1" */
-933,	/* "brainpoolP512r1" */
-934,	/* "brainpoolP512t1" */
-494,	/* "buildingName" */
-860,	/* "businessCategory" */
-691,	/* "c2onb191v4" */
-692,	/* "c2onb191v5" */
-697,	/* "c2onb239v4" */
-698,	/* "c2onb239v5" */
-684,	/* "c2pnb163v1" */
-685,	/* "c2pnb163v2" */
-686,	/* "c2pnb163v3" */
-687,	/* "c2pnb176v1" */
-693,	/* "c2pnb208w1" */
-699,	/* "c2pnb272w1" */
-700,	/* "c2pnb304w1" */
-702,	/* "c2pnb368w1" */
-688,	/* "c2tnb191v1" */
-689,	/* "c2tnb191v2" */
-690,	/* "c2tnb191v3" */
-694,	/* "c2tnb239v1" */
-695,	/* "c2tnb239v2" */
-696,	/* "c2tnb239v3" */
-701,	/* "c2tnb359v1" */
-703,	/* "c2tnb431r1" */
-881,	/* "cACertificate" */
-483,	/* "cNAMERecord" */
-179,	/* "caIssuers" */
-785,	/* "caRepository" */
-443,	/* "caseIgnoreIA5StringSyntax" */
-152,	/* "certBag" */
-677,	/* "certicom-arc" */
-771,	/* "certificateIssuer" */
-89,	/* "certificatePolicies" */
-883,	/* "certificateRevocationList" */
-54,	/* "challengePassword" */
-407,	/* "characteristic-two-field" */
-395,	/* "clearance" */
-130,	/* "clientAuth" */
-131,	/* "codeSigning" */
-50,	/* "contentType" */
-53,	/* "countersignature" */
-153,	/* "crlBag" */
-103,	/* "crlDistributionPoints" */
-88,	/* "crlNumber" */
-884,	/* "crossCertificatePair" */
-806,	/* "cryptocom" */
-805,	/* "cryptopro" */
-954,	/* "ct_cert_scts" */
-952,	/* "ct_precert_poison" */
-951,	/* "ct_precert_scts" */
-953,	/* "ct_precert_signer" */
-500,	/* "dITRedirect" */
-451,	/* "dNSDomain" */
-495,	/* "dSAQuality" */
-434,	/* "data" */
-390,	/* "dcobject" */
-140,	/* "deltaCRL" */
-891,	/* "deltaRevocationList" */
-107,	/* "description" */
-871,	/* "destinationIndicator" */
-947,	/* "dh-cofactor-kdf" */
-946,	/* "dh-std-kdf" */
-28,	/* "dhKeyAgreement" */
-941,	/* "dhSinglePass-cofactorDH-sha1kdf-scheme" */
-942,	/* "dhSinglePass-cofactorDH-sha224kdf-scheme" */
-943,	/* "dhSinglePass-cofactorDH-sha256kdf-scheme" */
-944,	/* "dhSinglePass-cofactorDH-sha384kdf-scheme" */
-945,	/* "dhSinglePass-cofactorDH-sha512kdf-scheme" */
-936,	/* "dhSinglePass-stdDH-sha1kdf-scheme" */
-937,	/* "dhSinglePass-stdDH-sha224kdf-scheme" */
-938,	/* "dhSinglePass-stdDH-sha256kdf-scheme" */
-939,	/* "dhSinglePass-stdDH-sha384kdf-scheme" */
-940,	/* "dhSinglePass-stdDH-sha512kdf-scheme" */
-920,	/* "dhpublicnumber" */
-382,	/* "directory" */
-887,	/* "distinguishedName" */
-892,	/* "dmdName" */
-174,	/* "dnQualifier" */
-447,	/* "document" */
-471,	/* "documentAuthor" */
-468,	/* "documentIdentifier" */
-472,	/* "documentLocation" */
-502,	/* "documentPublisher" */
-449,	/* "documentSeries" */
-469,	/* "documentTitle" */
-470,	/* "documentVersion" */
-392,	/* "domain" */
-452,	/* "domainRelatedObject" */
-802,	/* "dsa_with_SHA224" */
-803,	/* "dsa_with_SHA256" */
-791,	/* "ecdsa-with-Recommended" */
-416,	/* "ecdsa-with-SHA1" */
-793,	/* "ecdsa-with-SHA224" */
-794,	/* "ecdsa-with-SHA256" */
-795,	/* "ecdsa-with-SHA384" */
-796,	/* "ecdsa-with-SHA512" */
-792,	/* "ecdsa-with-Specified" */
-48,	/* "emailAddress" */
-132,	/* "emailProtection" */
-885,	/* "enhancedSearchGuide" */
-389,	/* "enterprises" */
-384,	/* "experimental" */
-172,	/* "extReq" */
-56,	/* "extendedCertificateAttributes" */
-126,	/* "extendedKeyUsage" */
-372,	/* "extendedStatus" */
-867,	/* "facsimileTelephoneNumber" */
-462,	/* "favouriteDrink" */
-857,	/* "freshestCRL" */
-453,	/* "friendlyCountry" */
-490,	/* "friendlyCountryName" */
-156,	/* "friendlyName" */
-509,	/* "generationQualifier" */
-815,	/* "gost-mac" */
-811,	/* "gost2001" */
-851,	/* "gost2001cc" */
-813,	/* "gost89" */
-814,	/* "gost89-cnt" */
-812,	/* "gost94" */
-850,	/* "gost94cc" */
-797,	/* "hmacWithMD5" */
-163,	/* "hmacWithSHA1" */
-798,	/* "hmacWithSHA224" */
-799,	/* "hmacWithSHA256" */
-800,	/* "hmacWithSHA384" */
-801,	/* "hmacWithSHA512" */
-432,	/* "holdInstructionCallIssuer" */
-430,	/* "holdInstructionCode" */
-431,	/* "holdInstructionNone" */
-433,	/* "holdInstructionReject" */
-486,	/* "homePostalAddress" */
-473,	/* "homeTelephoneNumber" */
-466,	/* "host" */
-889,	/* "houseIdentifier" */
-442,	/* "iA5StringSyntax" */
-783,	/* "id-DHBasedMac" */
-824,	/* "id-Gost28147-89-CryptoPro-A-ParamSet" */
-825,	/* "id-Gost28147-89-CryptoPro-B-ParamSet" */
-826,	/* "id-Gost28147-89-CryptoPro-C-ParamSet" */
-827,	/* "id-Gost28147-89-CryptoPro-D-ParamSet" */
-819,	/* "id-Gost28147-89-CryptoPro-KeyMeshing" */
-829,	/* "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" */
-828,	/* "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" */
-830,	/* "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" */
-820,	/* "id-Gost28147-89-None-KeyMeshing" */
-823,	/* "id-Gost28147-89-TestParamSet" */
-849,	/* "id-Gost28147-89-cc" */
-840,	/* "id-GostR3410-2001-CryptoPro-A-ParamSet" */
-841,	/* "id-GostR3410-2001-CryptoPro-B-ParamSet" */
-842,	/* "id-GostR3410-2001-CryptoPro-C-ParamSet" */
-843,	/* "id-GostR3410-2001-CryptoPro-XchA-ParamSet" */
-844,	/* "id-GostR3410-2001-CryptoPro-XchB-ParamSet" */
-854,	/* "id-GostR3410-2001-ParamSet-cc" */
-839,	/* "id-GostR3410-2001-TestParamSet" */
-817,	/* "id-GostR3410-2001DH" */
-832,	/* "id-GostR3410-94-CryptoPro-A-ParamSet" */
-833,	/* "id-GostR3410-94-CryptoPro-B-ParamSet" */
-834,	/* "id-GostR3410-94-CryptoPro-C-ParamSet" */
-835,	/* "id-GostR3410-94-CryptoPro-D-ParamSet" */
-836,	/* "id-GostR3410-94-CryptoPro-XchA-ParamSet" */
-837,	/* "id-GostR3410-94-CryptoPro-XchB-ParamSet" */
-838,	/* "id-GostR3410-94-CryptoPro-XchC-ParamSet" */
-831,	/* "id-GostR3410-94-TestParamSet" */
-845,	/* "id-GostR3410-94-a" */
-846,	/* "id-GostR3410-94-aBis" */
-847,	/* "id-GostR3410-94-b" */
-848,	/* "id-GostR3410-94-bBis" */
-818,	/* "id-GostR3410-94DH" */
-822,	/* "id-GostR3411-94-CryptoProParamSet" */
-821,	/* "id-GostR3411-94-TestParamSet" */
-807,	/* "id-GostR3411-94-with-GostR3410-2001" */
-853,	/* "id-GostR3411-94-with-GostR3410-2001-cc" */
-808,	/* "id-GostR3411-94-with-GostR3410-94" */
-852,	/* "id-GostR3411-94-with-GostR3410-94-cc" */
-810,	/* "id-HMACGostR3411-94" */
-782,	/* "id-PasswordBasedMAC" */
-266,	/* "id-aca" */
-355,	/* "id-aca-accessIdentity" */
-354,	/* "id-aca-authenticationInfo" */
-356,	/* "id-aca-chargingIdentity" */
-399,	/* "id-aca-encAttrs" */
-357,	/* "id-aca-group" */
-358,	/* "id-aca-role" */
-176,	/* "id-ad" */
-896,	/* "id-aes128-CCM" */
-895,	/* "id-aes128-GCM" */
-788,	/* "id-aes128-wrap" */
-897,	/* "id-aes128-wrap-pad" */
-899,	/* "id-aes192-CCM" */
-898,	/* "id-aes192-GCM" */
-789,	/* "id-aes192-wrap" */
-900,	/* "id-aes192-wrap-pad" */
-902,	/* "id-aes256-CCM" */
-901,	/* "id-aes256-GCM" */
-790,	/* "id-aes256-wrap" */
-903,	/* "id-aes256-wrap-pad" */
-262,	/* "id-alg" */
-893,	/* "id-alg-PWRI-KEK" */
-323,	/* "id-alg-des40" */
-326,	/* "id-alg-dh-pop" */
-325,	/* "id-alg-dh-sig-hmac-sha1" */
-324,	/* "id-alg-noSignature" */
-907,	/* "id-camellia128-wrap" */
-908,	/* "id-camellia192-wrap" */
-909,	/* "id-camellia256-wrap" */
-268,	/* "id-cct" */
-361,	/* "id-cct-PKIData" */
-362,	/* "id-cct-PKIResponse" */
-360,	/* "id-cct-crs" */
-81,	/* "id-ce" */
-680,	/* "id-characteristic-two-basis" */
-263,	/* "id-cmc" */
-334,	/* "id-cmc-addExtensions" */
-346,	/* "id-cmc-confirmCertAcceptance" */
-330,	/* "id-cmc-dataReturn" */
-336,	/* "id-cmc-decryptedPOP" */
-335,	/* "id-cmc-encryptedPOP" */
-339,	/* "id-cmc-getCRL" */
-338,	/* "id-cmc-getCert" */
-328,	/* "id-cmc-identification" */
-329,	/* "id-cmc-identityProof" */
-337,	/* "id-cmc-lraPOPWitness" */
-344,	/* "id-cmc-popLinkRandom" */
-345,	/* "id-cmc-popLinkWitness" */
-343,	/* "id-cmc-queryPending" */
-333,	/* "id-cmc-recipientNonce" */
-341,	/* "id-cmc-regInfo" */
-342,	/* "id-cmc-responseInfo" */
-340,	/* "id-cmc-revokeRequest" */
-332,	/* "id-cmc-senderNonce" */
-327,	/* "id-cmc-statusInfo" */
-331,	/* "id-cmc-transactionId" */
-787,	/* "id-ct-asciiTextWithCRLF" */
-408,	/* "id-ecPublicKey" */
-508,	/* "id-hex-multipart-message" */
-507,	/* "id-hex-partial-message" */
-260,	/* "id-it" */
-302,	/* "id-it-caKeyUpdateInfo" */
-298,	/* "id-it-caProtEncCert" */
-311,	/* "id-it-confirmWaitTime" */
-303,	/* "id-it-currentCRL" */
-300,	/* "id-it-encKeyPairTypes" */
-310,	/* "id-it-implicitConfirm" */
-308,	/* "id-it-keyPairParamRep" */
-307,	/* "id-it-keyPairParamReq" */
-312,	/* "id-it-origPKIMessage" */
-301,	/* "id-it-preferredSymmAlg" */
-309,	/* "id-it-revPassphrase" */
-299,	/* "id-it-signKeyPairTypes" */
-305,	/* "id-it-subscriptionRequest" */
-306,	/* "id-it-subscriptionResponse" */
-784,	/* "id-it-suppLangTags" */
-304,	/* "id-it-unsupportedOIDs" */
-128,	/* "id-kp" */
-280,	/* "id-mod-attribute-cert" */
-274,	/* "id-mod-cmc" */
-277,	/* "id-mod-cmp" */
-284,	/* "id-mod-cmp2000" */
-273,	/* "id-mod-crmf" */
-283,	/* "id-mod-dvcs" */
-275,	/* "id-mod-kea-profile-88" */
-276,	/* "id-mod-kea-profile-93" */
-282,	/* "id-mod-ocsp" */
-278,	/* "id-mod-qualified-cert-88" */
-279,	/* "id-mod-qualified-cert-93" */
-281,	/* "id-mod-timestamp-protocol" */
-264,	/* "id-on" */
-858,	/* "id-on-permanentIdentifier" */
-347,	/* "id-on-personalData" */
-265,	/* "id-pda" */
-352,	/* "id-pda-countryOfCitizenship" */
-353,	/* "id-pda-countryOfResidence" */
-348,	/* "id-pda-dateOfBirth" */
-351,	/* "id-pda-gender" */
-349,	/* "id-pda-placeOfBirth" */
-175,	/* "id-pe" */
-261,	/* "id-pkip" */
-258,	/* "id-pkix-mod" */
-269,	/* "id-pkix1-explicit-88" */
-271,	/* "id-pkix1-explicit-93" */
-270,	/* "id-pkix1-implicit-88" */
-272,	/* "id-pkix1-implicit-93" */
-662,	/* "id-ppl" */
-664,	/* "id-ppl-anyLanguage" */
-667,	/* "id-ppl-independent" */
-665,	/* "id-ppl-inheritAll" */
-267,	/* "id-qcs" */
-359,	/* "id-qcs-pkixQCSyntax-v1" */
-259,	/* "id-qt" */
-164,	/* "id-qt-cps" */
-165,	/* "id-qt-unotice" */
-313,	/* "id-regCtrl" */
-316,	/* "id-regCtrl-authenticator" */
-319,	/* "id-regCtrl-oldCertID" */
-318,	/* "id-regCtrl-pkiArchiveOptions" */
-317,	/* "id-regCtrl-pkiPublicationInfo" */
-320,	/* "id-regCtrl-protocolEncrKey" */
-315,	/* "id-regCtrl-regToken" */
-314,	/* "id-regInfo" */
-322,	/* "id-regInfo-certReq" */
-321,	/* "id-regInfo-utf8Pairs" */
-512,	/* "id-set" */
-191,	/* "id-smime-aa" */
-215,	/* "id-smime-aa-contentHint" */
-218,	/* "id-smime-aa-contentIdentifier" */
-221,	/* "id-smime-aa-contentReference" */
-240,	/* "id-smime-aa-dvcs-dvc" */
-217,	/* "id-smime-aa-encapContentType" */
-222,	/* "id-smime-aa-encrypKeyPref" */
-220,	/* "id-smime-aa-equivalentLabels" */
-232,	/* "id-smime-aa-ets-CertificateRefs" */
-233,	/* "id-smime-aa-ets-RevocationRefs" */
-238,	/* "id-smime-aa-ets-archiveTimeStamp" */
-237,	/* "id-smime-aa-ets-certCRLTimestamp" */
-234,	/* "id-smime-aa-ets-certValues" */
-227,	/* "id-smime-aa-ets-commitmentType" */
-231,	/* "id-smime-aa-ets-contentTimestamp" */
-236,	/* "id-smime-aa-ets-escTimeStamp" */
-230,	/* "id-smime-aa-ets-otherSigCert" */
-235,	/* "id-smime-aa-ets-revocationValues" */
-226,	/* "id-smime-aa-ets-sigPolicyId" */
-229,	/* "id-smime-aa-ets-signerAttr" */
-228,	/* "id-smime-aa-ets-signerLocation" */
-219,	/* "id-smime-aa-macValue" */
-214,	/* "id-smime-aa-mlExpandHistory" */
-216,	/* "id-smime-aa-msgSigDigest" */
-212,	/* "id-smime-aa-receiptRequest" */
-213,	/* "id-smime-aa-securityLabel" */
-239,	/* "id-smime-aa-signatureType" */
-223,	/* "id-smime-aa-signingCertificate" */
-224,	/* "id-smime-aa-smimeEncryptCerts" */
-225,	/* "id-smime-aa-timeStampToken" */
-192,	/* "id-smime-alg" */
-243,	/* "id-smime-alg-3DESwrap" */
-246,	/* "id-smime-alg-CMS3DESwrap" */
-247,	/* "id-smime-alg-CMSRC2wrap" */
-245,	/* "id-smime-alg-ESDH" */
-241,	/* "id-smime-alg-ESDHwith3DES" */
-242,	/* "id-smime-alg-ESDHwithRC2" */
-244,	/* "id-smime-alg-RC2wrap" */
-193,	/* "id-smime-cd" */
-248,	/* "id-smime-cd-ldap" */
-190,	/* "id-smime-ct" */
-210,	/* "id-smime-ct-DVCSRequestData" */
-211,	/* "id-smime-ct-DVCSResponseData" */
-208,	/* "id-smime-ct-TDTInfo" */
-207,	/* "id-smime-ct-TSTInfo" */
-205,	/* "id-smime-ct-authData" */
-786,	/* "id-smime-ct-compressedData" */
-209,	/* "id-smime-ct-contentInfo" */
-206,	/* "id-smime-ct-publishCert" */
-204,	/* "id-smime-ct-receipt" */
-195,	/* "id-smime-cti" */
-255,	/* "id-smime-cti-ets-proofOfApproval" */
-256,	/* "id-smime-cti-ets-proofOfCreation" */
-253,	/* "id-smime-cti-ets-proofOfDelivery" */
-251,	/* "id-smime-cti-ets-proofOfOrigin" */
-252,	/* "id-smime-cti-ets-proofOfReceipt" */
-254,	/* "id-smime-cti-ets-proofOfSender" */
-189,	/* "id-smime-mod" */
-196,	/* "id-smime-mod-cms" */
-197,	/* "id-smime-mod-ess" */
-202,	/* "id-smime-mod-ets-eSigPolicy-88" */
-203,	/* "id-smime-mod-ets-eSigPolicy-97" */
-200,	/* "id-smime-mod-ets-eSignature-88" */
-201,	/* "id-smime-mod-ets-eSignature-97" */
-199,	/* "id-smime-mod-msg-v3" */
-198,	/* "id-smime-mod-oid" */
-194,	/* "id-smime-spq" */
-250,	/* "id-smime-spq-ets-sqt-unotice" */
-249,	/* "id-smime-spq-ets-sqt-uri" */
-676,	/* "identified-organization" */
-461,	/* "info" */
-748,	/* "inhibitAnyPolicy" */
-101,	/* "initials" */
-647,	/* "international-organizations" */
-869,	/* "internationaliSDNNumber" */
-142,	/* "invalidityDate" */
-294,	/* "ipsecEndSystem" */
-295,	/* "ipsecTunnel" */
-296,	/* "ipsecUser" */
-86,	/* "issuerAltName" */
-770,	/* "issuingDistributionPoint" */
-492,	/* "janetMailbox" */
-957,	/* "jurisdictionC" */
-955,	/* "jurisdictionL" */
-956,	/* "jurisdictionST" */
-150,	/* "keyBag" */
-83,	/* "keyUsage" */
-477,	/* "lastModifiedBy" */
-476,	/* "lastModifiedTime" */
-157,	/* "localKeyID" */
-480,	/* "mXRecord" */
-460,	/* "mail" */
-493,	/* "mailPreferenceOption" */
-467,	/* "manager" */
-809,	/* "md_gost94" */
-875,	/* "member" */
-182,	/* "member-body" */
-51,	/* "messageDigest" */
-383,	/* "mgmt" */
-504,	/* "mime-mhs" */
-506,	/* "mime-mhs-bodies" */
-505,	/* "mime-mhs-headings" */
-488,	/* "mobileTelephoneNumber" */
-136,	/* "msCTLSign" */
-135,	/* "msCodeCom" */
-134,	/* "msCodeInd" */
-138,	/* "msEFS" */
-171,	/* "msExtReq" */
-137,	/* "msSGC" */
-648,	/* "msSmartcardLogin" */
-649,	/* "msUPN" */
-481,	/* "nSRecord" */
-173,	/* "name" */
-666,	/* "nameConstraints" */
-369,	/* "noCheck" */
-403,	/* "noRevAvail" */
-72,	/* "nsBaseUrl" */
-76,	/* "nsCaPolicyUrl" */
-74,	/* "nsCaRevocationUrl" */
-58,	/* "nsCertExt" */
-79,	/* "nsCertSequence" */
-71,	/* "nsCertType" */
-78,	/* "nsComment" */
-59,	/* "nsDataType" */
-75,	/* "nsRenewalUrl" */
-73,	/* "nsRevocationUrl" */
-139,	/* "nsSGC" */
-77,	/* "nsSslServerName" */
-681,	/* "onBasis" */
-491,	/* "organizationalStatus" */
-475,	/* "otherMailbox" */
-876,	/* "owner" */
-489,	/* "pagerTelephoneNumber" */
-374,	/* "path" */
-112,	/* "pbeWithMD5AndCast5CBC" */
-499,	/* "personalSignature" */
-487,	/* "personalTitle" */
-464,	/* "photo" */
-863,	/* "physicalDeliveryOfficeName" */
-437,	/* "pilot" */
-439,	/* "pilotAttributeSyntax" */
-438,	/* "pilotAttributeType" */
-479,	/* "pilotAttributeType27" */
-456,	/* "pilotDSA" */
-441,	/* "pilotGroups" */
-444,	/* "pilotObject" */
-440,	/* "pilotObjectClass" */
-455,	/* "pilotOrganization" */
-445,	/* "pilotPerson" */
- 2,	/* "pkcs" */
-186,	/* "pkcs1" */
-27,	/* "pkcs3" */
-187,	/* "pkcs5" */
-20,	/* "pkcs7" */
-21,	/* "pkcs7-data" */
-25,	/* "pkcs7-digestData" */
-26,	/* "pkcs7-encryptedData" */
-23,	/* "pkcs7-envelopedData" */
-24,	/* "pkcs7-signedAndEnvelopedData" */
-22,	/* "pkcs7-signedData" */
-151,	/* "pkcs8ShroudedKeyBag" */
-47,	/* "pkcs9" */
-401,	/* "policyConstraints" */
-747,	/* "policyMappings" */
-862,	/* "postOfficeBox" */
-861,	/* "postalAddress" */
-661,	/* "postalCode" */
-683,	/* "ppBasis" */
-872,	/* "preferredDeliveryMethod" */
-873,	/* "presentationAddress" */
-816,	/* "prf-gostr3411-94" */
-406,	/* "prime-field" */
-409,	/* "prime192v1" */
-410,	/* "prime192v2" */
-411,	/* "prime192v3" */
-412,	/* "prime239v1" */
-413,	/* "prime239v2" */
-414,	/* "prime239v3" */
-415,	/* "prime256v1" */
-385,	/* "private" */
-84,	/* "privateKeyUsagePeriod" */
-886,	/* "protocolInformation" */
-663,	/* "proxyCertInfo" */
-510,	/* "pseudonym" */
-435,	/* "pss" */
-286,	/* "qcStatements" */
-457,	/* "qualityLabelledData" */
-450,	/* "rFC822localPart" */
-870,	/* "registeredAddress" */
-400,	/* "role" */
-877,	/* "roleOccupant" */
-448,	/* "room" */
-463,	/* "roomNumber" */
- 6,	/* "rsaEncryption" */
-644,	/* "rsaOAEPEncryptionSET" */
-377,	/* "rsaSignature" */
- 1,	/* "rsadsi" */
-482,	/* "sOARecord" */
-155,	/* "safeContentsBag" */
-291,	/* "sbgp-autonomousSysNum" */
-290,	/* "sbgp-ipAddrBlock" */
-292,	/* "sbgp-routerIdentifier" */
-159,	/* "sdsiCertificate" */
-859,	/* "searchGuide" */
-704,	/* "secp112r1" */
-705,	/* "secp112r2" */
-706,	/* "secp128r1" */
-707,	/* "secp128r2" */
-708,	/* "secp160k1" */
-709,	/* "secp160r1" */
-710,	/* "secp160r2" */
-711,	/* "secp192k1" */
-712,	/* "secp224k1" */
-713,	/* "secp224r1" */
-714,	/* "secp256k1" */
-715,	/* "secp384r1" */
-716,	/* "secp521r1" */
-154,	/* "secretBag" */
-474,	/* "secretary" */
-717,	/* "sect113r1" */
-718,	/* "sect113r2" */
-719,	/* "sect131r1" */
-720,	/* "sect131r2" */
-721,	/* "sect163k1" */
-722,	/* "sect163r1" */
-723,	/* "sect163r2" */
-724,	/* "sect193r1" */
-725,	/* "sect193r2" */
-726,	/* "sect233k1" */
-727,	/* "sect233r1" */
-728,	/* "sect239k1" */
-729,	/* "sect283k1" */
-730,	/* "sect283r1" */
-731,	/* "sect409k1" */
-732,	/* "sect409r1" */
-733,	/* "sect571k1" */
-734,	/* "sect571r1" */
-386,	/* "security" */
-878,	/* "seeAlso" */
-394,	/* "selected-attribute-types" */
-105,	/* "serialNumber" */
-129,	/* "serverAuth" */
-371,	/* "serviceLocator" */
-625,	/* "set-addPolicy" */
-515,	/* "set-attr" */
-518,	/* "set-brand" */
-638,	/* "set-brand-AmericanExpress" */
-637,	/* "set-brand-Diners" */
-636,	/* "set-brand-IATA-ATA" */
-639,	/* "set-brand-JCB" */
-641,	/* "set-brand-MasterCard" */
-642,	/* "set-brand-Novus" */
-640,	/* "set-brand-Visa" */
-517,	/* "set-certExt" */
-513,	/* "set-ctype" */
-514,	/* "set-msgExt" */
-516,	/* "set-policy" */
-607,	/* "set-policy-root" */
-624,	/* "set-rootKeyThumb" */
-620,	/* "setAttr-Cert" */
-631,	/* "setAttr-GenCryptgrm" */
-623,	/* "setAttr-IssCap" */
-628,	/* "setAttr-IssCap-CVM" */
-630,	/* "setAttr-IssCap-Sig" */
-629,	/* "setAttr-IssCap-T2" */
-621,	/* "setAttr-PGWYcap" */
-635,	/* "setAttr-SecDevSig" */
-632,	/* "setAttr-T2Enc" */
-633,	/* "setAttr-T2cleartxt" */
-634,	/* "setAttr-TokICCsig" */
-627,	/* "setAttr-Token-B0Prime" */
-626,	/* "setAttr-Token-EMV" */
-622,	/* "setAttr-TokenType" */
-619,	/* "setCext-IssuerCapabilities" */
-615,	/* "setCext-PGWYcapabilities" */
-616,	/* "setCext-TokenIdentifier" */
-618,	/* "setCext-TokenType" */
-617,	/* "setCext-Track2Data" */
-611,	/* "setCext-cCertRequired" */
-609,	/* "setCext-certType" */
-608,	/* "setCext-hashedRoot" */
-610,	/* "setCext-merchData" */
-613,	/* "setCext-setExt" */
-614,	/* "setCext-setQualf" */
-612,	/* "setCext-tunneling" */
-540,	/* "setct-AcqCardCodeMsg" */
-576,	/* "setct-AcqCardCodeMsgTBE" */
-570,	/* "setct-AuthReqTBE" */
-534,	/* "setct-AuthReqTBS" */
-527,	/* "setct-AuthResBaggage" */
-571,	/* "setct-AuthResTBE" */
-572,	/* "setct-AuthResTBEX" */
-535,	/* "setct-AuthResTBS" */
-536,	/* "setct-AuthResTBSX" */
-528,	/* "setct-AuthRevReqBaggage" */
-577,	/* "setct-AuthRevReqTBE" */
-541,	/* "setct-AuthRevReqTBS" */
-529,	/* "setct-AuthRevResBaggage" */
-542,	/* "setct-AuthRevResData" */
-578,	/* "setct-AuthRevResTBE" */
-579,	/* "setct-AuthRevResTBEB" */
-543,	/* "setct-AuthRevResTBS" */
-573,	/* "setct-AuthTokenTBE" */
-537,	/* "setct-AuthTokenTBS" */
-600,	/* "setct-BCIDistributionTBS" */
-558,	/* "setct-BatchAdminReqData" */
-592,	/* "setct-BatchAdminReqTBE" */
-559,	/* "setct-BatchAdminResData" */
-593,	/* "setct-BatchAdminResTBE" */
-599,	/* "setct-CRLNotificationResTBS" */
-598,	/* "setct-CRLNotificationTBS" */
-580,	/* "setct-CapReqTBE" */
-581,	/* "setct-CapReqTBEX" */
-544,	/* "setct-CapReqTBS" */
-545,	/* "setct-CapReqTBSX" */
-546,	/* "setct-CapResData" */
-582,	/* "setct-CapResTBE" */
-583,	/* "setct-CapRevReqTBE" */
-584,	/* "setct-CapRevReqTBEX" */
-547,	/* "setct-CapRevReqTBS" */
-548,	/* "setct-CapRevReqTBSX" */
-549,	/* "setct-CapRevResData" */
-585,	/* "setct-CapRevResTBE" */
-538,	/* "setct-CapTokenData" */
-530,	/* "setct-CapTokenSeq" */
-574,	/* "setct-CapTokenTBE" */
-575,	/* "setct-CapTokenTBEX" */
-539,	/* "setct-CapTokenTBS" */
-560,	/* "setct-CardCInitResTBS" */
-566,	/* "setct-CertInqReqTBS" */
-563,	/* "setct-CertReqData" */
-595,	/* "setct-CertReqTBE" */
-596,	/* "setct-CertReqTBEX" */
-564,	/* "setct-CertReqTBS" */
-565,	/* "setct-CertResData" */
-597,	/* "setct-CertResTBE" */
-586,	/* "setct-CredReqTBE" */
-587,	/* "setct-CredReqTBEX" */
-550,	/* "setct-CredReqTBS" */
-551,	/* "setct-CredReqTBSX" */
-552,	/* "setct-CredResData" */
-588,	/* "setct-CredResTBE" */
-589,	/* "setct-CredRevReqTBE" */
-590,	/* "setct-CredRevReqTBEX" */
-553,	/* "setct-CredRevReqTBS" */
-554,	/* "setct-CredRevReqTBSX" */
-555,	/* "setct-CredRevResData" */
-591,	/* "setct-CredRevResTBE" */
-567,	/* "setct-ErrorTBS" */
-526,	/* "setct-HODInput" */
-561,	/* "setct-MeAqCInitResTBS" */
-522,	/* "setct-OIData" */
-519,	/* "setct-PANData" */
-521,	/* "setct-PANOnly" */
-520,	/* "setct-PANToken" */
-556,	/* "setct-PCertReqData" */
-557,	/* "setct-PCertResTBS" */
-523,	/* "setct-PI" */
-532,	/* "setct-PI-TBS" */
-524,	/* "setct-PIData" */
-525,	/* "setct-PIDataUnsigned" */
-568,	/* "setct-PIDualSignedTBE" */
-569,	/* "setct-PIUnsignedTBE" */
-531,	/* "setct-PInitResData" */
-533,	/* "setct-PResData" */
-594,	/* "setct-RegFormReqTBE" */
-562,	/* "setct-RegFormResTBS" */
-606,	/* "setext-cv" */
-601,	/* "setext-genCrypt" */
-602,	/* "setext-miAuth" */
-604,	/* "setext-pinAny" */
-603,	/* "setext-pinSecure" */
-605,	/* "setext-track2" */
-52,	/* "signingTime" */
-454,	/* "simpleSecurityObject" */
-496,	/* "singleLevelQuality" */
-387,	/* "snmpv2" */
-660,	/* "street" */
-85,	/* "subjectAltName" */
-769,	/* "subjectDirectoryAttributes" */
-398,	/* "subjectInfoAccess" */
-82,	/* "subjectKeyIdentifier" */
-498,	/* "subtreeMaximumQuality" */
-497,	/* "subtreeMinimumQuality" */
-890,	/* "supportedAlgorithms" */
-874,	/* "supportedApplicationContext" */
-402,	/* "targetInformation" */
-864,	/* "telephoneNumber" */
-866,	/* "teletexTerminalIdentifier" */
-865,	/* "telexNumber" */
-459,	/* "textEncodedORAddress" */
-293,	/* "textNotice" */
-133,	/* "timeStamping" */
-106,	/* "title" */
-682,	/* "tpBasis" */
-375,	/* "trustRoot" */
-436,	/* "ucl" */
-888,	/* "uniqueMember" */
-55,	/* "unstructuredAddress" */
-49,	/* "unstructuredName" */
-880,	/* "userCertificate" */
-465,	/* "userClass" */
-879,	/* "userPassword" */
-373,	/* "valid" */
-678,	/* "wap" */
-679,	/* "wap-wsg" */
-735,	/* "wap-wsg-idm-ecid-wtls1" */
-743,	/* "wap-wsg-idm-ecid-wtls10" */
-744,	/* "wap-wsg-idm-ecid-wtls11" */
-745,	/* "wap-wsg-idm-ecid-wtls12" */
-736,	/* "wap-wsg-idm-ecid-wtls3" */
-737,	/* "wap-wsg-idm-ecid-wtls4" */
-738,	/* "wap-wsg-idm-ecid-wtls5" */
-739,	/* "wap-wsg-idm-ecid-wtls6" */
-740,	/* "wap-wsg-idm-ecid-wtls7" */
-741,	/* "wap-wsg-idm-ecid-wtls8" */
-742,	/* "wap-wsg-idm-ecid-wtls9" */
-804,	/* "whirlpool" */
-868,	/* "x121Address" */
-503,	/* "x500UniqueIdentifier" */
-158,	/* "x509Certificate" */
-160,	/* "x509Crl" */
+#define NUM_SN 1186
+static const unsigned int sn_objs[NUM_SN] = {
+     364,    /* "AD_DVCS" */
+     419,    /* "AES-128-CBC" */
+     916,    /* "AES-128-CBC-HMAC-SHA1" */
+     948,    /* "AES-128-CBC-HMAC-SHA256" */
+     421,    /* "AES-128-CFB" */
+     650,    /* "AES-128-CFB1" */
+     653,    /* "AES-128-CFB8" */
+     904,    /* "AES-128-CTR" */
+     418,    /* "AES-128-ECB" */
+     958,    /* "AES-128-OCB" */
+     420,    /* "AES-128-OFB" */
+     913,    /* "AES-128-XTS" */
+     423,    /* "AES-192-CBC" */
+     917,    /* "AES-192-CBC-HMAC-SHA1" */
+     949,    /* "AES-192-CBC-HMAC-SHA256" */
+     425,    /* "AES-192-CFB" */
+     651,    /* "AES-192-CFB1" */
+     654,    /* "AES-192-CFB8" */
+     905,    /* "AES-192-CTR" */
+     422,    /* "AES-192-ECB" */
+     959,    /* "AES-192-OCB" */
+     424,    /* "AES-192-OFB" */
+     427,    /* "AES-256-CBC" */
+     918,    /* "AES-256-CBC-HMAC-SHA1" */
+     950,    /* "AES-256-CBC-HMAC-SHA256" */
+     429,    /* "AES-256-CFB" */
+     652,    /* "AES-256-CFB1" */
+     655,    /* "AES-256-CFB8" */
+     906,    /* "AES-256-CTR" */
+     426,    /* "AES-256-ECB" */
+     960,    /* "AES-256-OCB" */
+     428,    /* "AES-256-OFB" */
+     914,    /* "AES-256-XTS" */
+    1066,    /* "ARIA-128-CBC" */
+    1120,    /* "ARIA-128-CCM" */
+    1067,    /* "ARIA-128-CFB" */
+    1080,    /* "ARIA-128-CFB1" */
+    1083,    /* "ARIA-128-CFB8" */
+    1069,    /* "ARIA-128-CTR" */
+    1065,    /* "ARIA-128-ECB" */
+    1123,    /* "ARIA-128-GCM" */
+    1068,    /* "ARIA-128-OFB" */
+    1071,    /* "ARIA-192-CBC" */
+    1121,    /* "ARIA-192-CCM" */
+    1072,    /* "ARIA-192-CFB" */
+    1081,    /* "ARIA-192-CFB1" */
+    1084,    /* "ARIA-192-CFB8" */
+    1074,    /* "ARIA-192-CTR" */
+    1070,    /* "ARIA-192-ECB" */
+    1124,    /* "ARIA-192-GCM" */
+    1073,    /* "ARIA-192-OFB" */
+    1076,    /* "ARIA-256-CBC" */
+    1122,    /* "ARIA-256-CCM" */
+    1077,    /* "ARIA-256-CFB" */
+    1082,    /* "ARIA-256-CFB1" */
+    1085,    /* "ARIA-256-CFB8" */
+    1079,    /* "ARIA-256-CTR" */
+    1075,    /* "ARIA-256-ECB" */
+    1125,    /* "ARIA-256-GCM" */
+    1078,    /* "ARIA-256-OFB" */
+    1064,    /* "AuthANY" */
+    1049,    /* "AuthDSS" */
+    1047,    /* "AuthECDSA" */
+    1050,    /* "AuthGOST01" */
+    1051,    /* "AuthGOST12" */
+    1053,    /* "AuthNULL" */
+    1048,    /* "AuthPSK" */
+    1046,    /* "AuthRSA" */
+    1052,    /* "AuthSRP" */
+      91,    /* "BF-CBC" */
+      93,    /* "BF-CFB" */
+      92,    /* "BF-ECB" */
+      94,    /* "BF-OFB" */
+    1056,    /* "BLAKE2b512" */
+    1057,    /* "BLAKE2s256" */
+      14,    /* "C" */
+     751,    /* "CAMELLIA-128-CBC" */
+     962,    /* "CAMELLIA-128-CCM" */
+     757,    /* "CAMELLIA-128-CFB" */
+     760,    /* "CAMELLIA-128-CFB1" */
+     763,    /* "CAMELLIA-128-CFB8" */
+     964,    /* "CAMELLIA-128-CMAC" */
+     963,    /* "CAMELLIA-128-CTR" */
+     754,    /* "CAMELLIA-128-ECB" */
+     961,    /* "CAMELLIA-128-GCM" */
+     766,    /* "CAMELLIA-128-OFB" */
+     752,    /* "CAMELLIA-192-CBC" */
+     966,    /* "CAMELLIA-192-CCM" */
+     758,    /* "CAMELLIA-192-CFB" */
+     761,    /* "CAMELLIA-192-CFB1" */
+     764,    /* "CAMELLIA-192-CFB8" */
+     968,    /* "CAMELLIA-192-CMAC" */
+     967,    /* "CAMELLIA-192-CTR" */
+     755,    /* "CAMELLIA-192-ECB" */
+     965,    /* "CAMELLIA-192-GCM" */
+     767,    /* "CAMELLIA-192-OFB" */
+     753,    /* "CAMELLIA-256-CBC" */
+     970,    /* "CAMELLIA-256-CCM" */
+     759,    /* "CAMELLIA-256-CFB" */
+     762,    /* "CAMELLIA-256-CFB1" */
+     765,    /* "CAMELLIA-256-CFB8" */
+     972,    /* "CAMELLIA-256-CMAC" */
+     971,    /* "CAMELLIA-256-CTR" */
+     756,    /* "CAMELLIA-256-ECB" */
+     969,    /* "CAMELLIA-256-GCM" */
+     768,    /* "CAMELLIA-256-OFB" */
+     108,    /* "CAST5-CBC" */
+     110,    /* "CAST5-CFB" */
+     109,    /* "CAST5-ECB" */
+     111,    /* "CAST5-OFB" */
+     894,    /* "CMAC" */
+      13,    /* "CN" */
+     141,    /* "CRLReason" */
+     417,    /* "CSPName" */
+    1019,    /* "ChaCha20" */
+    1018,    /* "ChaCha20-Poly1305" */
+     367,    /* "CrlID" */
+     391,    /* "DC" */
+      31,    /* "DES-CBC" */
+     643,    /* "DES-CDMF" */
+      30,    /* "DES-CFB" */
+     656,    /* "DES-CFB1" */
+     657,    /* "DES-CFB8" */
+      29,    /* "DES-ECB" */
+      32,    /* "DES-EDE" */
+      43,    /* "DES-EDE-CBC" */
+      60,    /* "DES-EDE-CFB" */
+      62,    /* "DES-EDE-OFB" */
+      33,    /* "DES-EDE3" */
+      44,    /* "DES-EDE3-CBC" */
+      61,    /* "DES-EDE3-CFB" */
+     658,    /* "DES-EDE3-CFB1" */
+     659,    /* "DES-EDE3-CFB8" */
+      63,    /* "DES-EDE3-OFB" */
+      45,    /* "DES-OFB" */
+      80,    /* "DESX-CBC" */
+     380,    /* "DOD" */
+     116,    /* "DSA" */
+      66,    /* "DSA-SHA" */
+     113,    /* "DSA-SHA1" */
+      70,    /* "DSA-SHA1-old" */
+      67,    /* "DSA-old" */
+     297,    /* "DVCS" */
+    1087,    /* "ED25519" */
+    1088,    /* "ED448" */
+      99,    /* "GN" */
+    1036,    /* "HKDF" */
+     855,    /* "HMAC" */
+     780,    /* "HMAC-MD5" */
+     781,    /* "HMAC-SHA1" */
+     381,    /* "IANA" */
+      34,    /* "IDEA-CBC" */
+      35,    /* "IDEA-CFB" */
+      36,    /* "IDEA-ECB" */
+      46,    /* "IDEA-OFB" */
+    1004,    /* "INN" */
+     181,    /* "ISO" */
+    1140,    /* "ISO-CN" */
+    1150,    /* "ISO-UA" */
+     183,    /* "ISO-US" */
+     645,    /* "ITU-T" */
+     646,    /* "JOINT-ISO-ITU-T" */
+     773,    /* "KISA" */
+    1063,    /* "KxANY" */
+    1039,    /* "KxDHE" */
+    1041,    /* "KxDHE-PSK" */
+    1038,    /* "KxECDHE" */
+    1040,    /* "KxECDHE-PSK" */
+    1045,    /* "KxGOST" */
+    1043,    /* "KxPSK" */
+    1037,    /* "KxRSA" */
+    1042,    /* "KxRSA_PSK" */
+    1044,    /* "KxSRP" */
+      15,    /* "L" */
+     856,    /* "LocalKeySet" */
+       3,    /* "MD2" */
+     257,    /* "MD4" */
+       4,    /* "MD5" */
+     114,    /* "MD5-SHA1" */
+      95,    /* "MDC2" */
+     911,    /* "MGF1" */
+     388,    /* "Mail" */
+     393,    /* "NULL" */
+     404,    /* "NULL" */
+      57,    /* "Netscape" */
+     366,    /* "Nonce" */
+      17,    /* "O" */
+     178,    /* "OCSP" */
+     180,    /* "OCSPSigning" */
+    1005,    /* "OGRN" */
+     379,    /* "ORG" */
+      18,    /* "OU" */
+     749,    /* "Oakley-EC2N-3" */
+     750,    /* "Oakley-EC2N-4" */
+       9,    /* "PBE-MD2-DES" */
+     168,    /* "PBE-MD2-RC2-64" */
+      10,    /* "PBE-MD5-DES" */
+     169,    /* "PBE-MD5-RC2-64" */
+     147,    /* "PBE-SHA1-2DES" */
+     146,    /* "PBE-SHA1-3DES" */
+     170,    /* "PBE-SHA1-DES" */
+     148,    /* "PBE-SHA1-RC2-128" */
+     149,    /* "PBE-SHA1-RC2-40" */
+      68,    /* "PBE-SHA1-RC2-64" */
+     144,    /* "PBE-SHA1-RC4-128" */
+     145,    /* "PBE-SHA1-RC4-40" */
+     161,    /* "PBES2" */
+      69,    /* "PBKDF2" */
+     162,    /* "PBMAC1" */
+     127,    /* "PKIX" */
+     935,    /* "PSPECIFIED" */
+    1061,    /* "Poly1305" */
+      98,    /* "RC2-40-CBC" */
+     166,    /* "RC2-64-CBC" */
+      37,    /* "RC2-CBC" */
+      39,    /* "RC2-CFB" */
+      38,    /* "RC2-ECB" */
+      40,    /* "RC2-OFB" */
+       5,    /* "RC4" */
+      97,    /* "RC4-40" */
+     915,    /* "RC4-HMAC-MD5" */
+     120,    /* "RC5-CBC" */
+     122,    /* "RC5-CFB" */
+     121,    /* "RC5-ECB" */
+     123,    /* "RC5-OFB" */
+     117,    /* "RIPEMD160" */
+      19,    /* "RSA" */
+       7,    /* "RSA-MD2" */
+     396,    /* "RSA-MD4" */
+       8,    /* "RSA-MD5" */
+      96,    /* "RSA-MDC2" */
+     104,    /* "RSA-NP-MD5" */
+     119,    /* "RSA-RIPEMD160" */
+      42,    /* "RSA-SHA" */
+      65,    /* "RSA-SHA1" */
+     115,    /* "RSA-SHA1-2" */
+     671,    /* "RSA-SHA224" */
+     668,    /* "RSA-SHA256" */
+     669,    /* "RSA-SHA384" */
+     670,    /* "RSA-SHA512" */
+    1145,    /* "RSA-SHA512/224" */
+    1146,    /* "RSA-SHA512/256" */
+    1144,    /* "RSA-SM3" */
+     919,    /* "RSAES-OAEP" */
+     912,    /* "RSASSA-PSS" */
+     777,    /* "SEED-CBC" */
+     779,    /* "SEED-CFB" */
+     776,    /* "SEED-ECB" */
+     778,    /* "SEED-OFB" */
+      41,    /* "SHA" */
+      64,    /* "SHA1" */
+     675,    /* "SHA224" */
+     672,    /* "SHA256" */
+    1096,    /* "SHA3-224" */
+    1097,    /* "SHA3-256" */
+    1098,    /* "SHA3-384" */
+    1099,    /* "SHA3-512" */
+     673,    /* "SHA384" */
+     674,    /* "SHA512" */
+    1094,    /* "SHA512-224" */
+    1095,    /* "SHA512-256" */
+    1100,    /* "SHAKE128" */
+    1101,    /* "SHAKE256" */
+    1172,    /* "SM2" */
+    1143,    /* "SM3" */
+    1134,    /* "SM4-CBC" */
+    1137,    /* "SM4-CFB" */
+    1136,    /* "SM4-CFB1" */
+    1138,    /* "SM4-CFB8" */
+    1139,    /* "SM4-CTR" */
+    1133,    /* "SM4-ECB" */
+    1135,    /* "SM4-OFB" */
+     188,    /* "SMIME" */
+     167,    /* "SMIME-CAPS" */
+     100,    /* "SN" */
+    1006,    /* "SNILS" */
+      16,    /* "ST" */
+     143,    /* "SXNetID" */
+    1062,    /* "SipHash" */
+    1021,    /* "TLS1-PRF" */
+     458,    /* "UID" */
+       0,    /* "UNDEF" */
+    1034,    /* "X25519" */
+    1035,    /* "X448" */
+      11,    /* "X500" */
+     378,    /* "X500algorithms" */
+      12,    /* "X509" */
+     184,    /* "X9-57" */
+     185,    /* "X9cm" */
+     125,    /* "ZLIB" */
+     478,    /* "aRecord" */
+     289,    /* "aaControls" */
+     287,    /* "ac-auditEntity" */
+     397,    /* "ac-proxying" */
+     288,    /* "ac-targeting" */
+     368,    /* "acceptableResponses" */
+     446,    /* "account" */
+     363,    /* "ad_timestamping" */
+     376,    /* "algorithm" */
+     405,    /* "ansi-X9-62" */
+     910,    /* "anyExtendedKeyUsage" */
+     746,    /* "anyPolicy" */
+     370,    /* "archiveCutoff" */
+     484,    /* "associatedDomain" */
+     485,    /* "associatedName" */
+     501,    /* "audio" */
+     177,    /* "authorityInfoAccess" */
+      90,    /* "authorityKeyIdentifier" */
+     882,    /* "authorityRevocationList" */
+      87,    /* "basicConstraints" */
+     365,    /* "basicOCSPResponse" */
+     285,    /* "biometricInfo" */
+     921,    /* "brainpoolP160r1" */
+     922,    /* "brainpoolP160t1" */
+     923,    /* "brainpoolP192r1" */
+     924,    /* "brainpoolP192t1" */
+     925,    /* "brainpoolP224r1" */
+     926,    /* "brainpoolP224t1" */
+     927,    /* "brainpoolP256r1" */
+     928,    /* "brainpoolP256t1" */
+     929,    /* "brainpoolP320r1" */
+     930,    /* "brainpoolP320t1" */
+     931,    /* "brainpoolP384r1" */
+     932,    /* "brainpoolP384t1" */
+     933,    /* "brainpoolP512r1" */
+     934,    /* "brainpoolP512t1" */
+     494,    /* "buildingName" */
+     860,    /* "businessCategory" */
+     691,    /* "c2onb191v4" */
+     692,    /* "c2onb191v5" */
+     697,    /* "c2onb239v4" */
+     698,    /* "c2onb239v5" */
+     684,    /* "c2pnb163v1" */
+     685,    /* "c2pnb163v2" */
+     686,    /* "c2pnb163v3" */
+     687,    /* "c2pnb176v1" */
+     693,    /* "c2pnb208w1" */
+     699,    /* "c2pnb272w1" */
+     700,    /* "c2pnb304w1" */
+     702,    /* "c2pnb368w1" */
+     688,    /* "c2tnb191v1" */
+     689,    /* "c2tnb191v2" */
+     690,    /* "c2tnb191v3" */
+     694,    /* "c2tnb239v1" */
+     695,    /* "c2tnb239v2" */
+     696,    /* "c2tnb239v3" */
+     701,    /* "c2tnb359v1" */
+     703,    /* "c2tnb431r1" */
+    1090,    /* "c3" */
+     881,    /* "cACertificate" */
+     483,    /* "cNAMERecord" */
+     179,    /* "caIssuers" */
+     785,    /* "caRepository" */
+    1023,    /* "capwapAC" */
+    1024,    /* "capwapWTP" */
+     443,    /* "caseIgnoreIA5StringSyntax" */
+     152,    /* "certBag" */
+     677,    /* "certicom-arc" */
+     771,    /* "certificateIssuer" */
+      89,    /* "certificatePolicies" */
+     883,    /* "certificateRevocationList" */
+      54,    /* "challengePassword" */
+     407,    /* "characteristic-two-field" */
+     395,    /* "clearance" */
+     130,    /* "clientAuth" */
+    1131,    /* "cmcCA" */
+    1132,    /* "cmcRA" */
+     131,    /* "codeSigning" */
+      50,    /* "contentType" */
+      53,    /* "countersignature" */
+     153,    /* "crlBag" */
+     103,    /* "crlDistributionPoints" */
+      88,    /* "crlNumber" */
+     884,    /* "crossCertificatePair" */
+     806,    /* "cryptocom" */
+     805,    /* "cryptopro" */
+     954,    /* "ct_cert_scts" */
+     952,    /* "ct_precert_poison" */
+     951,    /* "ct_precert_scts" */
+     953,    /* "ct_precert_signer" */
+     500,    /* "dITRedirect" */
+     451,    /* "dNSDomain" */
+     495,    /* "dSAQuality" */
+     434,    /* "data" */
+     390,    /* "dcobject" */
+     140,    /* "deltaCRL" */
+     891,    /* "deltaRevocationList" */
+     107,    /* "description" */
+     871,    /* "destinationIndicator" */
+     947,    /* "dh-cofactor-kdf" */
+     946,    /* "dh-std-kdf" */
+      28,    /* "dhKeyAgreement" */
+     941,    /* "dhSinglePass-cofactorDH-sha1kdf-scheme" */
+     942,    /* "dhSinglePass-cofactorDH-sha224kdf-scheme" */
+     943,    /* "dhSinglePass-cofactorDH-sha256kdf-scheme" */
+     944,    /* "dhSinglePass-cofactorDH-sha384kdf-scheme" */
+     945,    /* "dhSinglePass-cofactorDH-sha512kdf-scheme" */
+     936,    /* "dhSinglePass-stdDH-sha1kdf-scheme" */
+     937,    /* "dhSinglePass-stdDH-sha224kdf-scheme" */
+     938,    /* "dhSinglePass-stdDH-sha256kdf-scheme" */
+     939,    /* "dhSinglePass-stdDH-sha384kdf-scheme" */
+     940,    /* "dhSinglePass-stdDH-sha512kdf-scheme" */
+     920,    /* "dhpublicnumber" */
+     382,    /* "directory" */
+     887,    /* "distinguishedName" */
+     892,    /* "dmdName" */
+     174,    /* "dnQualifier" */
+    1092,    /* "dnsName" */
+     447,    /* "document" */
+     471,    /* "documentAuthor" */
+     468,    /* "documentIdentifier" */
+     472,    /* "documentLocation" */
+     502,    /* "documentPublisher" */
+     449,    /* "documentSeries" */
+     469,    /* "documentTitle" */
+     470,    /* "documentVersion" */
+     392,    /* "domain" */
+     452,    /* "domainRelatedObject" */
+     802,    /* "dsa_with_SHA224" */
+     803,    /* "dsa_with_SHA256" */
+    1152,    /* "dstu28147" */
+    1154,    /* "dstu28147-cfb" */
+    1153,    /* "dstu28147-ofb" */
+    1155,    /* "dstu28147-wrap" */
+    1157,    /* "dstu34311" */
+    1159,    /* "dstu4145be" */
+    1158,    /* "dstu4145le" */
+     791,    /* "ecdsa-with-Recommended" */
+     416,    /* "ecdsa-with-SHA1" */
+     793,    /* "ecdsa-with-SHA224" */
+     794,    /* "ecdsa-with-SHA256" */
+     795,    /* "ecdsa-with-SHA384" */
+     796,    /* "ecdsa-with-SHA512" */
+     792,    /* "ecdsa-with-Specified" */
+      48,    /* "emailAddress" */
+     132,    /* "emailProtection" */
+     885,    /* "enhancedSearchGuide" */
+     389,    /* "enterprises" */
+     384,    /* "experimental" */
+     172,    /* "extReq" */
+      56,    /* "extendedCertificateAttributes" */
+     126,    /* "extendedKeyUsage" */
+     372,    /* "extendedStatus" */
+     867,    /* "facsimileTelephoneNumber" */
+     462,    /* "favouriteDrink" */
+    1126,    /* "ffdhe2048" */
+    1127,    /* "ffdhe3072" */
+    1128,    /* "ffdhe4096" */
+    1129,    /* "ffdhe6144" */
+    1130,    /* "ffdhe8192" */
+     857,    /* "freshestCRL" */
+     453,    /* "friendlyCountry" */
+     490,    /* "friendlyCountryName" */
+     156,    /* "friendlyName" */
+     509,    /* "generationQualifier" */
+     815,    /* "gost-mac" */
+     976,    /* "gost-mac-12" */
+     811,    /* "gost2001" */
+     851,    /* "gost2001cc" */
+     979,    /* "gost2012_256" */
+     980,    /* "gost2012_512" */
+     813,    /* "gost89" */
+    1009,    /* "gost89-cbc" */
+     814,    /* "gost89-cnt" */
+     975,    /* "gost89-cnt-12" */
+    1011,    /* "gost89-ctr" */
+    1010,    /* "gost89-ecb" */
+     812,    /* "gost94" */
+     850,    /* "gost94cc" */
+    1015,    /* "grasshopper-cbc" */
+    1016,    /* "grasshopper-cfb" */
+    1013,    /* "grasshopper-ctr" */
+    1012,    /* "grasshopper-ecb" */
+    1017,    /* "grasshopper-mac" */
+    1014,    /* "grasshopper-ofb" */
+    1156,    /* "hmacWithDstu34311" */
+     797,    /* "hmacWithMD5" */
+     163,    /* "hmacWithSHA1" */
+     798,    /* "hmacWithSHA224" */
+     799,    /* "hmacWithSHA256" */
+     800,    /* "hmacWithSHA384" */
+     801,    /* "hmacWithSHA512" */
+    1193,    /* "hmacWithSHA512-224" */
+    1194,    /* "hmacWithSHA512-256" */
+     432,    /* "holdInstructionCallIssuer" */
+     430,    /* "holdInstructionCode" */
+     431,    /* "holdInstructionNone" */
+     433,    /* "holdInstructionReject" */
+     486,    /* "homePostalAddress" */
+     473,    /* "homeTelephoneNumber" */
+     466,    /* "host" */
+     889,    /* "houseIdentifier" */
+     442,    /* "iA5StringSyntax" */
+     783,    /* "id-DHBasedMac" */
+     824,    /* "id-Gost28147-89-CryptoPro-A-ParamSet" */
+     825,    /* "id-Gost28147-89-CryptoPro-B-ParamSet" */
+     826,    /* "id-Gost28147-89-CryptoPro-C-ParamSet" */
+     827,    /* "id-Gost28147-89-CryptoPro-D-ParamSet" */
+     819,    /* "id-Gost28147-89-CryptoPro-KeyMeshing" */
+     829,    /* "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" */
+     828,    /* "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" */
+     830,    /* "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" */
+     820,    /* "id-Gost28147-89-None-KeyMeshing" */
+     823,    /* "id-Gost28147-89-TestParamSet" */
+     849,    /* "id-Gost28147-89-cc" */
+     840,    /* "id-GostR3410-2001-CryptoPro-A-ParamSet" */
+     841,    /* "id-GostR3410-2001-CryptoPro-B-ParamSet" */
+     842,    /* "id-GostR3410-2001-CryptoPro-C-ParamSet" */
+     843,    /* "id-GostR3410-2001-CryptoPro-XchA-ParamSet" */
+     844,    /* "id-GostR3410-2001-CryptoPro-XchB-ParamSet" */
+     854,    /* "id-GostR3410-2001-ParamSet-cc" */
+     839,    /* "id-GostR3410-2001-TestParamSet" */
+     817,    /* "id-GostR3410-2001DH" */
+     832,    /* "id-GostR3410-94-CryptoPro-A-ParamSet" */
+     833,    /* "id-GostR3410-94-CryptoPro-B-ParamSet" */
+     834,    /* "id-GostR3410-94-CryptoPro-C-ParamSet" */
+     835,    /* "id-GostR3410-94-CryptoPro-D-ParamSet" */
+     836,    /* "id-GostR3410-94-CryptoPro-XchA-ParamSet" */
+     837,    /* "id-GostR3410-94-CryptoPro-XchB-ParamSet" */
+     838,    /* "id-GostR3410-94-CryptoPro-XchC-ParamSet" */
+     831,    /* "id-GostR3410-94-TestParamSet" */
+     845,    /* "id-GostR3410-94-a" */
+     846,    /* "id-GostR3410-94-aBis" */
+     847,    /* "id-GostR3410-94-b" */
+     848,    /* "id-GostR3410-94-bBis" */
+     818,    /* "id-GostR3410-94DH" */
+     822,    /* "id-GostR3411-94-CryptoProParamSet" */
+     821,    /* "id-GostR3411-94-TestParamSet" */
+     807,    /* "id-GostR3411-94-with-GostR3410-2001" */
+     853,    /* "id-GostR3411-94-with-GostR3410-2001-cc" */
+     808,    /* "id-GostR3411-94-with-GostR3410-94" */
+     852,    /* "id-GostR3411-94-with-GostR3410-94-cc" */
+     810,    /* "id-HMACGostR3411-94" */
+     782,    /* "id-PasswordBasedMAC" */
+     266,    /* "id-aca" */
+     355,    /* "id-aca-accessIdentity" */
+     354,    /* "id-aca-authenticationInfo" */
+     356,    /* "id-aca-chargingIdentity" */
+     399,    /* "id-aca-encAttrs" */
+     357,    /* "id-aca-group" */
+     358,    /* "id-aca-role" */
+     176,    /* "id-ad" */
+     896,    /* "id-aes128-CCM" */
+     895,    /* "id-aes128-GCM" */
+     788,    /* "id-aes128-wrap" */
+     897,    /* "id-aes128-wrap-pad" */
+     899,    /* "id-aes192-CCM" */
+     898,    /* "id-aes192-GCM" */
+     789,    /* "id-aes192-wrap" */
+     900,    /* "id-aes192-wrap-pad" */
+     902,    /* "id-aes256-CCM" */
+     901,    /* "id-aes256-GCM" */
+     790,    /* "id-aes256-wrap" */
+     903,    /* "id-aes256-wrap-pad" */
+     262,    /* "id-alg" */
+     893,    /* "id-alg-PWRI-KEK" */
+     323,    /* "id-alg-des40" */
+     326,    /* "id-alg-dh-pop" */
+     325,    /* "id-alg-dh-sig-hmac-sha1" */
+     324,    /* "id-alg-noSignature" */
+     907,    /* "id-camellia128-wrap" */
+     908,    /* "id-camellia192-wrap" */
+     909,    /* "id-camellia256-wrap" */
+     268,    /* "id-cct" */
+     361,    /* "id-cct-PKIData" */
+     362,    /* "id-cct-PKIResponse" */
+     360,    /* "id-cct-crs" */
+      81,    /* "id-ce" */
+     680,    /* "id-characteristic-two-basis" */
+     263,    /* "id-cmc" */
+     334,    /* "id-cmc-addExtensions" */
+     346,    /* "id-cmc-confirmCertAcceptance" */
+     330,    /* "id-cmc-dataReturn" */
+     336,    /* "id-cmc-decryptedPOP" */
+     335,    /* "id-cmc-encryptedPOP" */
+     339,    /* "id-cmc-getCRL" */
+     338,    /* "id-cmc-getCert" */
+     328,    /* "id-cmc-identification" */
+     329,    /* "id-cmc-identityProof" */
+     337,    /* "id-cmc-lraPOPWitness" */
+     344,    /* "id-cmc-popLinkRandom" */
+     345,    /* "id-cmc-popLinkWitness" */
+     343,    /* "id-cmc-queryPending" */
+     333,    /* "id-cmc-recipientNonce" */
+     341,    /* "id-cmc-regInfo" */
+     342,    /* "id-cmc-responseInfo" */
+     340,    /* "id-cmc-revokeRequest" */
+     332,    /* "id-cmc-senderNonce" */
+     327,    /* "id-cmc-statusInfo" */
+     331,    /* "id-cmc-transactionId" */
+     787,    /* "id-ct-asciiTextWithCRLF" */
+    1060,    /* "id-ct-xml" */
+    1108,    /* "id-dsa-with-sha3-224" */
+    1109,    /* "id-dsa-with-sha3-256" */
+    1110,    /* "id-dsa-with-sha3-384" */
+    1111,    /* "id-dsa-with-sha3-512" */
+    1106,    /* "id-dsa-with-sha384" */
+    1107,    /* "id-dsa-with-sha512" */
+     408,    /* "id-ecPublicKey" */
+    1112,    /* "id-ecdsa-with-sha3-224" */
+    1113,    /* "id-ecdsa-with-sha3-256" */
+    1114,    /* "id-ecdsa-with-sha3-384" */
+    1115,    /* "id-ecdsa-with-sha3-512" */
+     508,    /* "id-hex-multipart-message" */
+     507,    /* "id-hex-partial-message" */
+    1102,    /* "id-hmacWithSHA3-224" */
+    1103,    /* "id-hmacWithSHA3-256" */
+    1104,    /* "id-hmacWithSHA3-384" */
+    1105,    /* "id-hmacWithSHA3-512" */
+     260,    /* "id-it" */
+     302,    /* "id-it-caKeyUpdateInfo" */
+     298,    /* "id-it-caProtEncCert" */
+     311,    /* "id-it-confirmWaitTime" */
+     303,    /* "id-it-currentCRL" */
+     300,    /* "id-it-encKeyPairTypes" */
+     310,    /* "id-it-implicitConfirm" */
+     308,    /* "id-it-keyPairParamRep" */
+     307,    /* "id-it-keyPairParamReq" */
+     312,    /* "id-it-origPKIMessage" */
+     301,    /* "id-it-preferredSymmAlg" */
+     309,    /* "id-it-revPassphrase" */
+     299,    /* "id-it-signKeyPairTypes" */
+     305,    /* "id-it-subscriptionRequest" */
+     306,    /* "id-it-subscriptionResponse" */
+     784,    /* "id-it-suppLangTags" */
+     304,    /* "id-it-unsupportedOIDs" */
+     128,    /* "id-kp" */
+     280,    /* "id-mod-attribute-cert" */
+     274,    /* "id-mod-cmc" */
+     277,    /* "id-mod-cmp" */
+     284,    /* "id-mod-cmp2000" */
+     273,    /* "id-mod-crmf" */
+     283,    /* "id-mod-dvcs" */
+     275,    /* "id-mod-kea-profile-88" */
+     276,    /* "id-mod-kea-profile-93" */
+     282,    /* "id-mod-ocsp" */
+     278,    /* "id-mod-qualified-cert-88" */
+     279,    /* "id-mod-qualified-cert-93" */
+     281,    /* "id-mod-timestamp-protocol" */
+     264,    /* "id-on" */
+     858,    /* "id-on-permanentIdentifier" */
+     347,    /* "id-on-personalData" */
+     265,    /* "id-pda" */
+     352,    /* "id-pda-countryOfCitizenship" */
+     353,    /* "id-pda-countryOfResidence" */
+     348,    /* "id-pda-dateOfBirth" */
+     351,    /* "id-pda-gender" */
+     349,    /* "id-pda-placeOfBirth" */
+     175,    /* "id-pe" */
+    1031,    /* "id-pkinit" */
+     261,    /* "id-pkip" */
+     258,    /* "id-pkix-mod" */
+     269,    /* "id-pkix1-explicit-88" */
+     271,    /* "id-pkix1-explicit-93" */
+     270,    /* "id-pkix1-implicit-88" */
+     272,    /* "id-pkix1-implicit-93" */
+     662,    /* "id-ppl" */
+     664,    /* "id-ppl-anyLanguage" */
+     667,    /* "id-ppl-independent" */
+     665,    /* "id-ppl-inheritAll" */
+     267,    /* "id-qcs" */
+     359,    /* "id-qcs-pkixQCSyntax-v1" */
+     259,    /* "id-qt" */
+     164,    /* "id-qt-cps" */
+     165,    /* "id-qt-unotice" */
+     313,    /* "id-regCtrl" */
+     316,    /* "id-regCtrl-authenticator" */
+     319,    /* "id-regCtrl-oldCertID" */
+     318,    /* "id-regCtrl-pkiArchiveOptions" */
+     317,    /* "id-regCtrl-pkiPublicationInfo" */
+     320,    /* "id-regCtrl-protocolEncrKey" */
+     315,    /* "id-regCtrl-regToken" */
+     314,    /* "id-regInfo" */
+     322,    /* "id-regInfo-certReq" */
+     321,    /* "id-regInfo-utf8Pairs" */
+    1116,    /* "id-rsassa-pkcs1-v1_5-with-sha3-224" */
+    1117,    /* "id-rsassa-pkcs1-v1_5-with-sha3-256" */
+    1118,    /* "id-rsassa-pkcs1-v1_5-with-sha3-384" */
+    1119,    /* "id-rsassa-pkcs1-v1_5-with-sha3-512" */
+     973,    /* "id-scrypt" */
+     512,    /* "id-set" */
+     191,    /* "id-smime-aa" */
+     215,    /* "id-smime-aa-contentHint" */
+     218,    /* "id-smime-aa-contentIdentifier" */
+     221,    /* "id-smime-aa-contentReference" */
+     240,    /* "id-smime-aa-dvcs-dvc" */
+     217,    /* "id-smime-aa-encapContentType" */
+     222,    /* "id-smime-aa-encrypKeyPref" */
+     220,    /* "id-smime-aa-equivalentLabels" */
+     232,    /* "id-smime-aa-ets-CertificateRefs" */
+     233,    /* "id-smime-aa-ets-RevocationRefs" */
+     238,    /* "id-smime-aa-ets-archiveTimeStamp" */
+     237,    /* "id-smime-aa-ets-certCRLTimestamp" */
+     234,    /* "id-smime-aa-ets-certValues" */
+     227,    /* "id-smime-aa-ets-commitmentType" */
+     231,    /* "id-smime-aa-ets-contentTimestamp" */
+     236,    /* "id-smime-aa-ets-escTimeStamp" */
+     230,    /* "id-smime-aa-ets-otherSigCert" */
+     235,    /* "id-smime-aa-ets-revocationValues" */
+     226,    /* "id-smime-aa-ets-sigPolicyId" */
+     229,    /* "id-smime-aa-ets-signerAttr" */
+     228,    /* "id-smime-aa-ets-signerLocation" */
+     219,    /* "id-smime-aa-macValue" */
+     214,    /* "id-smime-aa-mlExpandHistory" */
+     216,    /* "id-smime-aa-msgSigDigest" */
+     212,    /* "id-smime-aa-receiptRequest" */
+     213,    /* "id-smime-aa-securityLabel" */
+     239,    /* "id-smime-aa-signatureType" */
+     223,    /* "id-smime-aa-signingCertificate" */
+    1086,    /* "id-smime-aa-signingCertificateV2" */
+     224,    /* "id-smime-aa-smimeEncryptCerts" */
+     225,    /* "id-smime-aa-timeStampToken" */
+     192,    /* "id-smime-alg" */
+     243,    /* "id-smime-alg-3DESwrap" */
+     246,    /* "id-smime-alg-CMS3DESwrap" */
+     247,    /* "id-smime-alg-CMSRC2wrap" */
+     245,    /* "id-smime-alg-ESDH" */
+     241,    /* "id-smime-alg-ESDHwith3DES" */
+     242,    /* "id-smime-alg-ESDHwithRC2" */
+     244,    /* "id-smime-alg-RC2wrap" */
+     193,    /* "id-smime-cd" */
+     248,    /* "id-smime-cd-ldap" */
+     190,    /* "id-smime-ct" */
+     210,    /* "id-smime-ct-DVCSRequestData" */
+     211,    /* "id-smime-ct-DVCSResponseData" */
+     208,    /* "id-smime-ct-TDTInfo" */
+     207,    /* "id-smime-ct-TSTInfo" */
+     205,    /* "id-smime-ct-authData" */
+    1059,    /* "id-smime-ct-authEnvelopedData" */
+     786,    /* "id-smime-ct-compressedData" */
+    1058,    /* "id-smime-ct-contentCollection" */
+     209,    /* "id-smime-ct-contentInfo" */
+     206,    /* "id-smime-ct-publishCert" */
+     204,    /* "id-smime-ct-receipt" */
+     195,    /* "id-smime-cti" */
+     255,    /* "id-smime-cti-ets-proofOfApproval" */
+     256,    /* "id-smime-cti-ets-proofOfCreation" */
+     253,    /* "id-smime-cti-ets-proofOfDelivery" */
+     251,    /* "id-smime-cti-ets-proofOfOrigin" */
+     252,    /* "id-smime-cti-ets-proofOfReceipt" */
+     254,    /* "id-smime-cti-ets-proofOfSender" */
+     189,    /* "id-smime-mod" */
+     196,    /* "id-smime-mod-cms" */
+     197,    /* "id-smime-mod-ess" */
+     202,    /* "id-smime-mod-ets-eSigPolicy-88" */
+     203,    /* "id-smime-mod-ets-eSigPolicy-97" */
+     200,    /* "id-smime-mod-ets-eSignature-88" */
+     201,    /* "id-smime-mod-ets-eSignature-97" */
+     199,    /* "id-smime-mod-msg-v3" */
+     198,    /* "id-smime-mod-oid" */
+     194,    /* "id-smime-spq" */
+     250,    /* "id-smime-spq-ets-sqt-unotice" */
+     249,    /* "id-smime-spq-ets-sqt-uri" */
+     974,    /* "id-tc26" */
+     991,    /* "id-tc26-agreement" */
+     992,    /* "id-tc26-agreement-gost-3410-2012-256" */
+     993,    /* "id-tc26-agreement-gost-3410-2012-512" */
+     977,    /* "id-tc26-algorithms" */
+     990,    /* "id-tc26-cipher" */
+    1001,    /* "id-tc26-cipher-constants" */
+    1176,    /* "id-tc26-cipher-gostr3412-2015-kuznyechik" */
+    1177,    /* "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm" */
+    1178,    /* "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac" */
+    1173,    /* "id-tc26-cipher-gostr3412-2015-magma" */
+    1174,    /* "id-tc26-cipher-gostr3412-2015-magma-ctracpkm" */
+    1175,    /* "id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac" */
+     994,    /* "id-tc26-constants" */
+     981,    /* "id-tc26-digest" */
+    1000,    /* "id-tc26-digest-constants" */
+    1002,    /* "id-tc26-gost-28147-constants" */
+    1003,    /* "id-tc26-gost-28147-param-Z" */
+    1147,    /* "id-tc26-gost-3410-2012-256-constants" */
+    1148,    /* "id-tc26-gost-3410-2012-256-paramSetA" */
+    1184,    /* "id-tc26-gost-3410-2012-256-paramSetB" */
+    1185,    /* "id-tc26-gost-3410-2012-256-paramSetC" */
+    1186,    /* "id-tc26-gost-3410-2012-256-paramSetD" */
+     996,    /* "id-tc26-gost-3410-2012-512-constants" */
+     998,    /* "id-tc26-gost-3410-2012-512-paramSetA" */
+     999,    /* "id-tc26-gost-3410-2012-512-paramSetB" */
+    1149,    /* "id-tc26-gost-3410-2012-512-paramSetC" */
+     997,    /* "id-tc26-gost-3410-2012-512-paramSetTest" */
+     988,    /* "id-tc26-hmac-gost-3411-2012-256" */
+     989,    /* "id-tc26-hmac-gost-3411-2012-512" */
+     987,    /* "id-tc26-mac" */
+     978,    /* "id-tc26-sign" */
+     995,    /* "id-tc26-sign-constants" */
+     984,    /* "id-tc26-signwithdigest" */
+     985,    /* "id-tc26-signwithdigest-gost3410-2012-256" */
+     986,    /* "id-tc26-signwithdigest-gost3410-2012-512" */
+    1179,    /* "id-tc26-wrap" */
+    1182,    /* "id-tc26-wrap-gostr3412-2015-kuznyechik" */
+    1183,    /* "id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15" */
+    1180,    /* "id-tc26-wrap-gostr3412-2015-magma" */
+    1181,    /* "id-tc26-wrap-gostr3412-2015-magma-kexp15" */
+     676,    /* "identified-organization" */
+    1170,    /* "ieee" */
+    1171,    /* "ieee-siswg" */
+     461,    /* "info" */
+     748,    /* "inhibitAnyPolicy" */
+     101,    /* "initials" */
+     647,    /* "international-organizations" */
+     869,    /* "internationaliSDNNumber" */
+     142,    /* "invalidityDate" */
+     294,    /* "ipsecEndSystem" */
+    1022,    /* "ipsecIKE" */
+     295,    /* "ipsecTunnel" */
+     296,    /* "ipsecUser" */
+      86,    /* "issuerAltName" */
+    1008,    /* "issuerSignTool" */
+     770,    /* "issuingDistributionPoint" */
+     492,    /* "janetMailbox" */
+     957,    /* "jurisdictionC" */
+     955,    /* "jurisdictionL" */
+     956,    /* "jurisdictionST" */
+     150,    /* "keyBag" */
+      83,    /* "keyUsage" */
+     477,    /* "lastModifiedBy" */
+     476,    /* "lastModifiedTime" */
+     157,    /* "localKeyID" */
+     480,    /* "mXRecord" */
+    1190,    /* "magma-cbc" */
+    1191,    /* "magma-cfb" */
+    1188,    /* "magma-ctr" */
+    1187,    /* "magma-ecb" */
+    1192,    /* "magma-mac" */
+    1189,    /* "magma-ofb" */
+     460,    /* "mail" */
+     493,    /* "mailPreferenceOption" */
+     467,    /* "manager" */
+     982,    /* "md_gost12_256" */
+     983,    /* "md_gost12_512" */
+     809,    /* "md_gost94" */
+     875,    /* "member" */
+     182,    /* "member-body" */
+      51,    /* "messageDigest" */
+     383,    /* "mgmt" */
+     504,    /* "mime-mhs" */
+     506,    /* "mime-mhs-bodies" */
+     505,    /* "mime-mhs-headings" */
+     488,    /* "mobileTelephoneNumber" */
+     136,    /* "msCTLSign" */
+     135,    /* "msCodeCom" */
+     134,    /* "msCodeInd" */
+     138,    /* "msEFS" */
+     171,    /* "msExtReq" */
+     137,    /* "msSGC" */
+     648,    /* "msSmartcardLogin" */
+     649,    /* "msUPN" */
+    1091,    /* "n3" */
+     481,    /* "nSRecord" */
+     173,    /* "name" */
+     666,    /* "nameConstraints" */
+     369,    /* "noCheck" */
+     403,    /* "noRevAvail" */
+      72,    /* "nsBaseUrl" */
+      76,    /* "nsCaPolicyUrl" */
+      74,    /* "nsCaRevocationUrl" */
+      58,    /* "nsCertExt" */
+      79,    /* "nsCertSequence" */
+      71,    /* "nsCertType" */
+      78,    /* "nsComment" */
+      59,    /* "nsDataType" */
+      75,    /* "nsRenewalUrl" */
+      73,    /* "nsRevocationUrl" */
+     139,    /* "nsSGC" */
+      77,    /* "nsSslServerName" */
+     681,    /* "onBasis" */
+    1089,    /* "organizationIdentifier" */
+     491,    /* "organizationalStatus" */
+    1141,    /* "oscca" */
+     475,    /* "otherMailbox" */
+     876,    /* "owner" */
+     489,    /* "pagerTelephoneNumber" */
+     374,    /* "path" */
+     112,    /* "pbeWithMD5AndCast5CBC" */
+     499,    /* "personalSignature" */
+     487,    /* "personalTitle" */
+     464,    /* "photo" */
+     863,    /* "physicalDeliveryOfficeName" */
+     437,    /* "pilot" */
+     439,    /* "pilotAttributeSyntax" */
+     438,    /* "pilotAttributeType" */
+     479,    /* "pilotAttributeType27" */
+     456,    /* "pilotDSA" */
+     441,    /* "pilotGroups" */
+     444,    /* "pilotObject" */
+     440,    /* "pilotObjectClass" */
+     455,    /* "pilotOrganization" */
+     445,    /* "pilotPerson" */
+    1032,    /* "pkInitClientAuth" */
+    1033,    /* "pkInitKDC" */
+       2,    /* "pkcs" */
+     186,    /* "pkcs1" */
+      27,    /* "pkcs3" */
+     187,    /* "pkcs5" */
+      20,    /* "pkcs7" */
+      21,    /* "pkcs7-data" */
+      25,    /* "pkcs7-digestData" */
+      26,    /* "pkcs7-encryptedData" */
+      23,    /* "pkcs7-envelopedData" */
+      24,    /* "pkcs7-signedAndEnvelopedData" */
+      22,    /* "pkcs7-signedData" */
+     151,    /* "pkcs8ShroudedKeyBag" */
+      47,    /* "pkcs9" */
+     401,    /* "policyConstraints" */
+     747,    /* "policyMappings" */
+     862,    /* "postOfficeBox" */
+     861,    /* "postalAddress" */
+     661,    /* "postalCode" */
+     683,    /* "ppBasis" */
+     872,    /* "preferredDeliveryMethod" */
+     873,    /* "presentationAddress" */
+     816,    /* "prf-gostr3411-94" */
+     406,    /* "prime-field" */
+     409,    /* "prime192v1" */
+     410,    /* "prime192v2" */
+     411,    /* "prime192v3" */
+     412,    /* "prime239v1" */
+     413,    /* "prime239v2" */
+     414,    /* "prime239v3" */
+     415,    /* "prime256v1" */
+     385,    /* "private" */
+      84,    /* "privateKeyUsagePeriod" */
+     886,    /* "protocolInformation" */
+     663,    /* "proxyCertInfo" */
+     510,    /* "pseudonym" */
+     435,    /* "pss" */
+     286,    /* "qcStatements" */
+     457,    /* "qualityLabelledData" */
+     450,    /* "rFC822localPart" */
+     870,    /* "registeredAddress" */
+     400,    /* "role" */
+     877,    /* "roleOccupant" */
+     448,    /* "room" */
+     463,    /* "roomNumber" */
+       6,    /* "rsaEncryption" */
+     644,    /* "rsaOAEPEncryptionSET" */
+     377,    /* "rsaSignature" */
+       1,    /* "rsadsi" */
+     482,    /* "sOARecord" */
+     155,    /* "safeContentsBag" */
+     291,    /* "sbgp-autonomousSysNum" */
+     290,    /* "sbgp-ipAddrBlock" */
+     292,    /* "sbgp-routerIdentifier" */
+     159,    /* "sdsiCertificate" */
+     859,    /* "searchGuide" */
+     704,    /* "secp112r1" */
+     705,    /* "secp112r2" */
+     706,    /* "secp128r1" */
+     707,    /* "secp128r2" */
+     708,    /* "secp160k1" */
+     709,    /* "secp160r1" */
+     710,    /* "secp160r2" */
+     711,    /* "secp192k1" */
+     712,    /* "secp224k1" */
+     713,    /* "secp224r1" */
+     714,    /* "secp256k1" */
+     715,    /* "secp384r1" */
+     716,    /* "secp521r1" */
+     154,    /* "secretBag" */
+     474,    /* "secretary" */
+     717,    /* "sect113r1" */
+     718,    /* "sect113r2" */
+     719,    /* "sect131r1" */
+     720,    /* "sect131r2" */
+     721,    /* "sect163k1" */
+     722,    /* "sect163r1" */
+     723,    /* "sect163r2" */
+     724,    /* "sect193r1" */
+     725,    /* "sect193r2" */
+     726,    /* "sect233k1" */
+     727,    /* "sect233r1" */
+     728,    /* "sect239k1" */
+     729,    /* "sect283k1" */
+     730,    /* "sect283r1" */
+     731,    /* "sect409k1" */
+     732,    /* "sect409r1" */
+     733,    /* "sect571k1" */
+     734,    /* "sect571r1" */
+    1025,    /* "secureShellClient" */
+    1026,    /* "secureShellServer" */
+     386,    /* "security" */
+     878,    /* "seeAlso" */
+     394,    /* "selected-attribute-types" */
+    1029,    /* "sendOwner" */
+    1030,    /* "sendProxiedOwner" */
+    1028,    /* "sendProxiedRouter" */
+    1027,    /* "sendRouter" */
+     105,    /* "serialNumber" */
+     129,    /* "serverAuth" */
+     371,    /* "serviceLocator" */
+     625,    /* "set-addPolicy" */
+     515,    /* "set-attr" */
+     518,    /* "set-brand" */
+     638,    /* "set-brand-AmericanExpress" */
+     637,    /* "set-brand-Diners" */
+     636,    /* "set-brand-IATA-ATA" */
+     639,    /* "set-brand-JCB" */
+     641,    /* "set-brand-MasterCard" */
+     642,    /* "set-brand-Novus" */
+     640,    /* "set-brand-Visa" */
+     517,    /* "set-certExt" */
+     513,    /* "set-ctype" */
+     514,    /* "set-msgExt" */
+     516,    /* "set-policy" */
+     607,    /* "set-policy-root" */
+     624,    /* "set-rootKeyThumb" */
+     620,    /* "setAttr-Cert" */
+     631,    /* "setAttr-GenCryptgrm" */
+     623,    /* "setAttr-IssCap" */
+     628,    /* "setAttr-IssCap-CVM" */
+     630,    /* "setAttr-IssCap-Sig" */
+     629,    /* "setAttr-IssCap-T2" */
+     621,    /* "setAttr-PGWYcap" */
+     635,    /* "setAttr-SecDevSig" */
+     632,    /* "setAttr-T2Enc" */
+     633,    /* "setAttr-T2cleartxt" */
+     634,    /* "setAttr-TokICCsig" */
+     627,    /* "setAttr-Token-B0Prime" */
+     626,    /* "setAttr-Token-EMV" */
+     622,    /* "setAttr-TokenType" */
+     619,    /* "setCext-IssuerCapabilities" */
+     615,    /* "setCext-PGWYcapabilities" */
+     616,    /* "setCext-TokenIdentifier" */
+     618,    /* "setCext-TokenType" */
+     617,    /* "setCext-Track2Data" */
+     611,    /* "setCext-cCertRequired" */
+     609,    /* "setCext-certType" */
+     608,    /* "setCext-hashedRoot" */
+     610,    /* "setCext-merchData" */
+     613,    /* "setCext-setExt" */
+     614,    /* "setCext-setQualf" */
+     612,    /* "setCext-tunneling" */
+     540,    /* "setct-AcqCardCodeMsg" */
+     576,    /* "setct-AcqCardCodeMsgTBE" */
+     570,    /* "setct-AuthReqTBE" */
+     534,    /* "setct-AuthReqTBS" */
+     527,    /* "setct-AuthResBaggage" */
+     571,    /* "setct-AuthResTBE" */
+     572,    /* "setct-AuthResTBEX" */
+     535,    /* "setct-AuthResTBS" */
+     536,    /* "setct-AuthResTBSX" */
+     528,    /* "setct-AuthRevReqBaggage" */
+     577,    /* "setct-AuthRevReqTBE" */
+     541,    /* "setct-AuthRevReqTBS" */
+     529,    /* "setct-AuthRevResBaggage" */
+     542,    /* "setct-AuthRevResData" */
+     578,    /* "setct-AuthRevResTBE" */
+     579,    /* "setct-AuthRevResTBEB" */
+     543,    /* "setct-AuthRevResTBS" */
+     573,    /* "setct-AuthTokenTBE" */
+     537,    /* "setct-AuthTokenTBS" */
+     600,    /* "setct-BCIDistributionTBS" */
+     558,    /* "setct-BatchAdminReqData" */
+     592,    /* "setct-BatchAdminReqTBE" */
+     559,    /* "setct-BatchAdminResData" */
+     593,    /* "setct-BatchAdminResTBE" */
+     599,    /* "setct-CRLNotificationResTBS" */
+     598,    /* "setct-CRLNotificationTBS" */
+     580,    /* "setct-CapReqTBE" */
+     581,    /* "setct-CapReqTBEX" */
+     544,    /* "setct-CapReqTBS" */
+     545,    /* "setct-CapReqTBSX" */
+     546,    /* "setct-CapResData" */
+     582,    /* "setct-CapResTBE" */
+     583,    /* "setct-CapRevReqTBE" */
+     584,    /* "setct-CapRevReqTBEX" */
+     547,    /* "setct-CapRevReqTBS" */
+     548,    /* "setct-CapRevReqTBSX" */
+     549,    /* "setct-CapRevResData" */
+     585,    /* "setct-CapRevResTBE" */
+     538,    /* "setct-CapTokenData" */
+     530,    /* "setct-CapTokenSeq" */
+     574,    /* "setct-CapTokenTBE" */
+     575,    /* "setct-CapTokenTBEX" */
+     539,    /* "setct-CapTokenTBS" */
+     560,    /* "setct-CardCInitResTBS" */
+     566,    /* "setct-CertInqReqTBS" */
+     563,    /* "setct-CertReqData" */
+     595,    /* "setct-CertReqTBE" */
+     596,    /* "setct-CertReqTBEX" */
+     564,    /* "setct-CertReqTBS" */
+     565,    /* "setct-CertResData" */
+     597,    /* "setct-CertResTBE" */
+     586,    /* "setct-CredReqTBE" */
+     587,    /* "setct-CredReqTBEX" */
+     550,    /* "setct-CredReqTBS" */
+     551,    /* "setct-CredReqTBSX" */
+     552,    /* "setct-CredResData" */
+     588,    /* "setct-CredResTBE" */
+     589,    /* "setct-CredRevReqTBE" */
+     590,    /* "setct-CredRevReqTBEX" */
+     553,    /* "setct-CredRevReqTBS" */
+     554,    /* "setct-CredRevReqTBSX" */
+     555,    /* "setct-CredRevResData" */
+     591,    /* "setct-CredRevResTBE" */
+     567,    /* "setct-ErrorTBS" */
+     526,    /* "setct-HODInput" */
+     561,    /* "setct-MeAqCInitResTBS" */
+     522,    /* "setct-OIData" */
+     519,    /* "setct-PANData" */
+     521,    /* "setct-PANOnly" */
+     520,    /* "setct-PANToken" */
+     556,    /* "setct-PCertReqData" */
+     557,    /* "setct-PCertResTBS" */
+     523,    /* "setct-PI" */
+     532,    /* "setct-PI-TBS" */
+     524,    /* "setct-PIData" */
+     525,    /* "setct-PIDataUnsigned" */
+     568,    /* "setct-PIDualSignedTBE" */
+     569,    /* "setct-PIUnsignedTBE" */
+     531,    /* "setct-PInitResData" */
+     533,    /* "setct-PResData" */
+     594,    /* "setct-RegFormReqTBE" */
+     562,    /* "setct-RegFormResTBS" */
+     606,    /* "setext-cv" */
+     601,    /* "setext-genCrypt" */
+     602,    /* "setext-miAuth" */
+     604,    /* "setext-pinAny" */
+     603,    /* "setext-pinSecure" */
+     605,    /* "setext-track2" */
+      52,    /* "signingTime" */
+     454,    /* "simpleSecurityObject" */
+     496,    /* "singleLevelQuality" */
+    1142,    /* "sm-scheme" */
+     387,    /* "snmpv2" */
+     660,    /* "street" */
+      85,    /* "subjectAltName" */
+     769,    /* "subjectDirectoryAttributes" */
+     398,    /* "subjectInfoAccess" */
+      82,    /* "subjectKeyIdentifier" */
+    1007,    /* "subjectSignTool" */
+     498,    /* "subtreeMaximumQuality" */
+     497,    /* "subtreeMinimumQuality" */
+     890,    /* "supportedAlgorithms" */
+     874,    /* "supportedApplicationContext" */
+     402,    /* "targetInformation" */
+     864,    /* "telephoneNumber" */
+     866,    /* "teletexTerminalIdentifier" */
+     865,    /* "telexNumber" */
+     459,    /* "textEncodedORAddress" */
+     293,    /* "textNotice" */
+     133,    /* "timeStamping" */
+     106,    /* "title" */
+    1020,    /* "tlsfeature" */
+     682,    /* "tpBasis" */
+     375,    /* "trustRoot" */
+    1151,    /* "ua-pki" */
+    1160,    /* "uacurve0" */
+    1161,    /* "uacurve1" */
+    1162,    /* "uacurve2" */
+    1163,    /* "uacurve3" */
+    1164,    /* "uacurve4" */
+    1165,    /* "uacurve5" */
+    1166,    /* "uacurve6" */
+    1167,    /* "uacurve7" */
+    1168,    /* "uacurve8" */
+    1169,    /* "uacurve9" */
+     436,    /* "ucl" */
+     102,    /* "uid" */
+     888,    /* "uniqueMember" */
+      55,    /* "unstructuredAddress" */
+      49,    /* "unstructuredName" */
+     880,    /* "userCertificate" */
+     465,    /* "userClass" */
+     879,    /* "userPassword" */
+     373,    /* "valid" */
+     678,    /* "wap" */
+     679,    /* "wap-wsg" */
+     735,    /* "wap-wsg-idm-ecid-wtls1" */
+     743,    /* "wap-wsg-idm-ecid-wtls10" */
+     744,    /* "wap-wsg-idm-ecid-wtls11" */
+     745,    /* "wap-wsg-idm-ecid-wtls12" */
+     736,    /* "wap-wsg-idm-ecid-wtls3" */
+     737,    /* "wap-wsg-idm-ecid-wtls4" */
+     738,    /* "wap-wsg-idm-ecid-wtls5" */
+     739,    /* "wap-wsg-idm-ecid-wtls6" */
+     740,    /* "wap-wsg-idm-ecid-wtls7" */
+     741,    /* "wap-wsg-idm-ecid-wtls8" */
+     742,    /* "wap-wsg-idm-ecid-wtls9" */
+     804,    /* "whirlpool" */
+     868,    /* "x121Address" */
+     503,    /* "x500UniqueIdentifier" */
+     158,    /* "x509Certificate" */
+     160,    /* "x509Crl" */
+    1093,    /* "x509ExtAdmission" */
 };
 
-static const unsigned int ln_objs[NUM_LN]={
-363,	/* "AD Time Stamping" */
-405,	/* "ANSI X9.62" */
-368,	/* "Acceptable OCSP Responses" */
-910,	/* "Any Extended Key Usage" */
-664,	/* "Any language" */
-177,	/* "Authority Information Access" */
-365,	/* "Basic OCSP Response" */
-285,	/* "Biometric Info" */
-179,	/* "CA Issuers" */
-785,	/* "CA Repository" */
-954,	/* "CT Certificate SCTs" */
-952,	/* "CT Precertificate Poison" */
-951,	/* "CT Precertificate SCTs" */
-953,	/* "CT Precertificate Signer" */
-131,	/* "Code Signing" */
-783,	/* "Diffie-Hellman based MAC" */
-382,	/* "Directory" */
-392,	/* "Domain" */
-132,	/* "E-mail Protection" */
-389,	/* "Enterprises" */
-384,	/* "Experimental" */
-372,	/* "Extended OCSP Status" */
-172,	/* "Extension Request" */
-813,	/* "GOST 28147-89" */
-849,	/* "GOST 28147-89 Cryptocom ParamSet" */
-815,	/* "GOST 28147-89 MAC" */
-851,	/* "GOST 34.10-2001 Cryptocom" */
-850,	/* "GOST 34.10-94 Cryptocom" */
-811,	/* "GOST R 34.10-2001" */
-817,	/* "GOST R 34.10-2001 DH" */
-812,	/* "GOST R 34.10-94" */
-818,	/* "GOST R 34.10-94 DH" */
-809,	/* "GOST R 34.11-94" */
-816,	/* "GOST R 34.11-94 PRF" */
-807,	/* "GOST R 34.11-94 with GOST R 34.10-2001" */
-853,	/* "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom" */
-808,	/* "GOST R 34.11-94 with GOST R 34.10-94" */
-852,	/* "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom" */
-854,	/* "GOST R 3410-2001 Parameter Set Cryptocom" */
-810,	/* "HMAC GOST 34.11-94" */
-432,	/* "Hold Instruction Call Issuer" */
-430,	/* "Hold Instruction Code" */
-431,	/* "Hold Instruction None" */
-433,	/* "Hold Instruction Reject" */
-634,	/* "ICC or token signature" */
-294,	/* "IPSec End System" */
-295,	/* "IPSec Tunnel" */
-296,	/* "IPSec User" */
-182,	/* "ISO Member Body" */
-183,	/* "ISO US Member Body" */
-667,	/* "Independent" */
-665,	/* "Inherit all" */
-647,	/* "International Organizations" */
-142,	/* "Invalidity Date" */
-504,	/* "MIME MHS" */
-388,	/* "Mail" */
-383,	/* "Management" */
-417,	/* "Microsoft CSP Name" */
-135,	/* "Microsoft Commercial Code Signing" */
-138,	/* "Microsoft Encrypted File System" */
-171,	/* "Microsoft Extension Request" */
-134,	/* "Microsoft Individual Code Signing" */
-856,	/* "Microsoft Local Key set" */
-137,	/* "Microsoft Server Gated Crypto" */
-648,	/* "Microsoft Smartcardlogin" */
-136,	/* "Microsoft Trust List Signing" */
-649,	/* "Microsoft Universal Principal Name" */
-393,	/* "NULL" */
-404,	/* "NULL" */
-72,	/* "Netscape Base Url" */
-76,	/* "Netscape CA Policy Url" */
-74,	/* "Netscape CA Revocation Url" */
-71,	/* "Netscape Cert Type" */
-58,	/* "Netscape Certificate Extension" */
-79,	/* "Netscape Certificate Sequence" */
-78,	/* "Netscape Comment" */
-57,	/* "Netscape Communications Corp." */
-59,	/* "Netscape Data Type" */
-75,	/* "Netscape Renewal Url" */
-73,	/* "Netscape Revocation Url" */
-77,	/* "Netscape SSL Server Name" */
-139,	/* "Netscape Server Gated Crypto" */
-178,	/* "OCSP" */
-370,	/* "OCSP Archive Cutoff" */
-367,	/* "OCSP CRL ID" */
-369,	/* "OCSP No Check" */
-366,	/* "OCSP Nonce" */
-371,	/* "OCSP Service Locator" */
-180,	/* "OCSP Signing" */
-161,	/* "PBES2" */
-69,	/* "PBKDF2" */
-162,	/* "PBMAC1" */
-127,	/* "PKIX" */
-858,	/* "Permanent Identifier" */
-164,	/* "Policy Qualifier CPS" */
-165,	/* "Policy Qualifier User Notice" */
-385,	/* "Private" */
-663,	/* "Proxy Certificate Information" */
- 1,	/* "RSA Data Security, Inc." */
- 2,	/* "RSA Data Security, Inc. PKCS" */
-188,	/* "S/MIME" */
-167,	/* "S/MIME Capabilities" */
-387,	/* "SNMPv2" */
-512,	/* "Secure Electronic Transactions" */
-386,	/* "Security" */
-394,	/* "Selected Attribute Types" */
-143,	/* "Strong Extranet ID" */
-398,	/* "Subject Information Access" */
-130,	/* "TLS Web Client Authentication" */
-129,	/* "TLS Web Server Authentication" */
-133,	/* "Time Stamping" */
-375,	/* "Trust Root" */
-12,	/* "X509" */
-402,	/* "X509v3 AC Targeting" */
-746,	/* "X509v3 Any Policy" */
-90,	/* "X509v3 Authority Key Identifier" */
-87,	/* "X509v3 Basic Constraints" */
-103,	/* "X509v3 CRL Distribution Points" */
-88,	/* "X509v3 CRL Number" */
-141,	/* "X509v3 CRL Reason Code" */
-771,	/* "X509v3 Certificate Issuer" */
-89,	/* "X509v3 Certificate Policies" */
-140,	/* "X509v3 Delta CRL Indicator" */
-126,	/* "X509v3 Extended Key Usage" */
-857,	/* "X509v3 Freshest CRL" */
-748,	/* "X509v3 Inhibit Any Policy" */
-86,	/* "X509v3 Issuer Alternative Name" */
-770,	/* "X509v3 Issuing Distrubution Point" */
-83,	/* "X509v3 Key Usage" */
-666,	/* "X509v3 Name Constraints" */
-403,	/* "X509v3 No Revocation Available" */
-401,	/* "X509v3 Policy Constraints" */
-747,	/* "X509v3 Policy Mappings" */
-84,	/* "X509v3 Private Key Usage Period" */
-85,	/* "X509v3 Subject Alternative Name" */
-769,	/* "X509v3 Subject Directory Attributes" */
-82,	/* "X509v3 Subject Key Identifier" */
-920,	/* "X9.42 DH" */
-184,	/* "X9.57" */
-185,	/* "X9.57 CM ?" */
-478,	/* "aRecord" */
-289,	/* "aaControls" */
-287,	/* "ac-auditEntity" */
-397,	/* "ac-proxying" */
-288,	/* "ac-targeting" */
-446,	/* "account" */
-364,	/* "ad dvcs" */
-606,	/* "additional verification" */
-419,	/* "aes-128-cbc" */
-916,	/* "aes-128-cbc-hmac-sha1" */
-948,	/* "aes-128-cbc-hmac-sha256" */
-896,	/* "aes-128-ccm" */
-421,	/* "aes-128-cfb" */
-650,	/* "aes-128-cfb1" */
-653,	/* "aes-128-cfb8" */
-904,	/* "aes-128-ctr" */
-418,	/* "aes-128-ecb" */
-895,	/* "aes-128-gcm" */
-420,	/* "aes-128-ofb" */
-913,	/* "aes-128-xts" */
-423,	/* "aes-192-cbc" */
-917,	/* "aes-192-cbc-hmac-sha1" */
-949,	/* "aes-192-cbc-hmac-sha256" */
-899,	/* "aes-192-ccm" */
-425,	/* "aes-192-cfb" */
-651,	/* "aes-192-cfb1" */
-654,	/* "aes-192-cfb8" */
-905,	/* "aes-192-ctr" */
-422,	/* "aes-192-ecb" */
-898,	/* "aes-192-gcm" */
-424,	/* "aes-192-ofb" */
-427,	/* "aes-256-cbc" */
-918,	/* "aes-256-cbc-hmac-sha1" */
-950,	/* "aes-256-cbc-hmac-sha256" */
-902,	/* "aes-256-ccm" */
-429,	/* "aes-256-cfb" */
-652,	/* "aes-256-cfb1" */
-655,	/* "aes-256-cfb8" */
-906,	/* "aes-256-ctr" */
-426,	/* "aes-256-ecb" */
-901,	/* "aes-256-gcm" */
-428,	/* "aes-256-ofb" */
-914,	/* "aes-256-xts" */
-376,	/* "algorithm" */
-484,	/* "associatedDomain" */
-485,	/* "associatedName" */
-501,	/* "audio" */
-882,	/* "authorityRevocationList" */
-91,	/* "bf-cbc" */
-93,	/* "bf-cfb" */
-92,	/* "bf-ecb" */
-94,	/* "bf-ofb" */
-921,	/* "brainpoolP160r1" */
-922,	/* "brainpoolP160t1" */
-923,	/* "brainpoolP192r1" */
-924,	/* "brainpoolP192t1" */
-925,	/* "brainpoolP224r1" */
-926,	/* "brainpoolP224t1" */
-927,	/* "brainpoolP256r1" */
-928,	/* "brainpoolP256t1" */
-929,	/* "brainpoolP320r1" */
-930,	/* "brainpoolP320t1" */
-931,	/* "brainpoolP384r1" */
-932,	/* "brainpoolP384t1" */
-933,	/* "brainpoolP512r1" */
-934,	/* "brainpoolP512t1" */
-494,	/* "buildingName" */
-860,	/* "businessCategory" */
-691,	/* "c2onb191v4" */
-692,	/* "c2onb191v5" */
-697,	/* "c2onb239v4" */
-698,	/* "c2onb239v5" */
-684,	/* "c2pnb163v1" */
-685,	/* "c2pnb163v2" */
-686,	/* "c2pnb163v3" */
-687,	/* "c2pnb176v1" */
-693,	/* "c2pnb208w1" */
-699,	/* "c2pnb272w1" */
-700,	/* "c2pnb304w1" */
-702,	/* "c2pnb368w1" */
-688,	/* "c2tnb191v1" */
-689,	/* "c2tnb191v2" */
-690,	/* "c2tnb191v3" */
-694,	/* "c2tnb239v1" */
-695,	/* "c2tnb239v2" */
-696,	/* "c2tnb239v3" */
-701,	/* "c2tnb359v1" */
-703,	/* "c2tnb431r1" */
-881,	/* "cACertificate" */
-483,	/* "cNAMERecord" */
-751,	/* "camellia-128-cbc" */
-757,	/* "camellia-128-cfb" */
-760,	/* "camellia-128-cfb1" */
-763,	/* "camellia-128-cfb8" */
-754,	/* "camellia-128-ecb" */
-766,	/* "camellia-128-ofb" */
-752,	/* "camellia-192-cbc" */
-758,	/* "camellia-192-cfb" */
-761,	/* "camellia-192-cfb1" */
-764,	/* "camellia-192-cfb8" */
-755,	/* "camellia-192-ecb" */
-767,	/* "camellia-192-ofb" */
-753,	/* "camellia-256-cbc" */
-759,	/* "camellia-256-cfb" */
-762,	/* "camellia-256-cfb1" */
-765,	/* "camellia-256-cfb8" */
-756,	/* "camellia-256-ecb" */
-768,	/* "camellia-256-ofb" */
-443,	/* "caseIgnoreIA5StringSyntax" */
-108,	/* "cast5-cbc" */
-110,	/* "cast5-cfb" */
-109,	/* "cast5-ecb" */
-111,	/* "cast5-ofb" */
-152,	/* "certBag" */
-677,	/* "certicom-arc" */
-517,	/* "certificate extensions" */
-883,	/* "certificateRevocationList" */
-54,	/* "challengePassword" */
-407,	/* "characteristic-two-field" */
-395,	/* "clearance" */
-633,	/* "cleartext track 2" */
-894,	/* "cmac" */
-13,	/* "commonName" */
-513,	/* "content types" */
-50,	/* "contentType" */
-53,	/* "countersignature" */
-14,	/* "countryName" */
-153,	/* "crlBag" */
-884,	/* "crossCertificatePair" */
-806,	/* "cryptocom" */
-805,	/* "cryptopro" */
-500,	/* "dITRedirect" */
-451,	/* "dNSDomain" */
-495,	/* "dSAQuality" */
-434,	/* "data" */
-390,	/* "dcObject" */
-891,	/* "deltaRevocationList" */
-31,	/* "des-cbc" */
-643,	/* "des-cdmf" */
-30,	/* "des-cfb" */
-656,	/* "des-cfb1" */
-657,	/* "des-cfb8" */
-29,	/* "des-ecb" */
-32,	/* "des-ede" */
-43,	/* "des-ede-cbc" */
-60,	/* "des-ede-cfb" */
-62,	/* "des-ede-ofb" */
-33,	/* "des-ede3" */
-44,	/* "des-ede3-cbc" */
-61,	/* "des-ede3-cfb" */
-658,	/* "des-ede3-cfb1" */
-659,	/* "des-ede3-cfb8" */
-63,	/* "des-ede3-ofb" */
-45,	/* "des-ofb" */
-107,	/* "description" */
-871,	/* "destinationIndicator" */
-80,	/* "desx-cbc" */
-947,	/* "dh-cofactor-kdf" */
-946,	/* "dh-std-kdf" */
-28,	/* "dhKeyAgreement" */
-941,	/* "dhSinglePass-cofactorDH-sha1kdf-scheme" */
-942,	/* "dhSinglePass-cofactorDH-sha224kdf-scheme" */
-943,	/* "dhSinglePass-cofactorDH-sha256kdf-scheme" */
-944,	/* "dhSinglePass-cofactorDH-sha384kdf-scheme" */
-945,	/* "dhSinglePass-cofactorDH-sha512kdf-scheme" */
-936,	/* "dhSinglePass-stdDH-sha1kdf-scheme" */
-937,	/* "dhSinglePass-stdDH-sha224kdf-scheme" */
-938,	/* "dhSinglePass-stdDH-sha256kdf-scheme" */
-939,	/* "dhSinglePass-stdDH-sha384kdf-scheme" */
-940,	/* "dhSinglePass-stdDH-sha512kdf-scheme" */
-11,	/* "directory services (X.500)" */
-378,	/* "directory services - algorithms" */
-887,	/* "distinguishedName" */
-892,	/* "dmdName" */
-174,	/* "dnQualifier" */
-447,	/* "document" */
-471,	/* "documentAuthor" */
-468,	/* "documentIdentifier" */
-472,	/* "documentLocation" */
-502,	/* "documentPublisher" */
-449,	/* "documentSeries" */
-469,	/* "documentTitle" */
-470,	/* "documentVersion" */
-380,	/* "dod" */
-391,	/* "domainComponent" */
-452,	/* "domainRelatedObject" */
-116,	/* "dsaEncryption" */
-67,	/* "dsaEncryption-old" */
-66,	/* "dsaWithSHA" */
-113,	/* "dsaWithSHA1" */
-70,	/* "dsaWithSHA1-old" */
-802,	/* "dsa_with_SHA224" */
-803,	/* "dsa_with_SHA256" */
-297,	/* "dvcs" */
-791,	/* "ecdsa-with-Recommended" */
-416,	/* "ecdsa-with-SHA1" */
-793,	/* "ecdsa-with-SHA224" */
-794,	/* "ecdsa-with-SHA256" */
-795,	/* "ecdsa-with-SHA384" */
-796,	/* "ecdsa-with-SHA512" */
-792,	/* "ecdsa-with-Specified" */
-48,	/* "emailAddress" */
-632,	/* "encrypted track 2" */
-885,	/* "enhancedSearchGuide" */
-56,	/* "extendedCertificateAttributes" */
-867,	/* "facsimileTelephoneNumber" */
-462,	/* "favouriteDrink" */
-453,	/* "friendlyCountry" */
-490,	/* "friendlyCountryName" */
-156,	/* "friendlyName" */
-631,	/* "generate cryptogram" */
-509,	/* "generationQualifier" */
-601,	/* "generic cryptogram" */
-99,	/* "givenName" */
-814,	/* "gost89-cnt" */
-855,	/* "hmac" */
-780,	/* "hmac-md5" */
-781,	/* "hmac-sha1" */
-797,	/* "hmacWithMD5" */
-163,	/* "hmacWithSHA1" */
-798,	/* "hmacWithSHA224" */
-799,	/* "hmacWithSHA256" */
-800,	/* "hmacWithSHA384" */
-801,	/* "hmacWithSHA512" */
-486,	/* "homePostalAddress" */
-473,	/* "homeTelephoneNumber" */
-466,	/* "host" */
-889,	/* "houseIdentifier" */
-442,	/* "iA5StringSyntax" */
-381,	/* "iana" */
-824,	/* "id-Gost28147-89-CryptoPro-A-ParamSet" */
-825,	/* "id-Gost28147-89-CryptoPro-B-ParamSet" */
-826,	/* "id-Gost28147-89-CryptoPro-C-ParamSet" */
-827,	/* "id-Gost28147-89-CryptoPro-D-ParamSet" */
-819,	/* "id-Gost28147-89-CryptoPro-KeyMeshing" */
-829,	/* "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" */
-828,	/* "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" */
-830,	/* "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" */
-820,	/* "id-Gost28147-89-None-KeyMeshing" */
-823,	/* "id-Gost28147-89-TestParamSet" */
-840,	/* "id-GostR3410-2001-CryptoPro-A-ParamSet" */
-841,	/* "id-GostR3410-2001-CryptoPro-B-ParamSet" */
-842,	/* "id-GostR3410-2001-CryptoPro-C-ParamSet" */
-843,	/* "id-GostR3410-2001-CryptoPro-XchA-ParamSet" */
-844,	/* "id-GostR3410-2001-CryptoPro-XchB-ParamSet" */
-839,	/* "id-GostR3410-2001-TestParamSet" */
-832,	/* "id-GostR3410-94-CryptoPro-A-ParamSet" */
-833,	/* "id-GostR3410-94-CryptoPro-B-ParamSet" */
-834,	/* "id-GostR3410-94-CryptoPro-C-ParamSet" */
-835,	/* "id-GostR3410-94-CryptoPro-D-ParamSet" */
-836,	/* "id-GostR3410-94-CryptoPro-XchA-ParamSet" */
-837,	/* "id-GostR3410-94-CryptoPro-XchB-ParamSet" */
-838,	/* "id-GostR3410-94-CryptoPro-XchC-ParamSet" */
-831,	/* "id-GostR3410-94-TestParamSet" */
-845,	/* "id-GostR3410-94-a" */
-846,	/* "id-GostR3410-94-aBis" */
-847,	/* "id-GostR3410-94-b" */
-848,	/* "id-GostR3410-94-bBis" */
-822,	/* "id-GostR3411-94-CryptoProParamSet" */
-821,	/* "id-GostR3411-94-TestParamSet" */
-266,	/* "id-aca" */
-355,	/* "id-aca-accessIdentity" */
-354,	/* "id-aca-authenticationInfo" */
-356,	/* "id-aca-chargingIdentity" */
-399,	/* "id-aca-encAttrs" */
-357,	/* "id-aca-group" */
-358,	/* "id-aca-role" */
-176,	/* "id-ad" */
-788,	/* "id-aes128-wrap" */
-897,	/* "id-aes128-wrap-pad" */
-789,	/* "id-aes192-wrap" */
-900,	/* "id-aes192-wrap-pad" */
-790,	/* "id-aes256-wrap" */
-903,	/* "id-aes256-wrap-pad" */
-262,	/* "id-alg" */
-893,	/* "id-alg-PWRI-KEK" */
-323,	/* "id-alg-des40" */
-326,	/* "id-alg-dh-pop" */
-325,	/* "id-alg-dh-sig-hmac-sha1" */
-324,	/* "id-alg-noSignature" */
-907,	/* "id-camellia128-wrap" */
-908,	/* "id-camellia192-wrap" */
-909,	/* "id-camellia256-wrap" */
-268,	/* "id-cct" */
-361,	/* "id-cct-PKIData" */
-362,	/* "id-cct-PKIResponse" */
-360,	/* "id-cct-crs" */
-81,	/* "id-ce" */
-680,	/* "id-characteristic-two-basis" */
-263,	/* "id-cmc" */
-334,	/* "id-cmc-addExtensions" */
-346,	/* "id-cmc-confirmCertAcceptance" */
-330,	/* "id-cmc-dataReturn" */
-336,	/* "id-cmc-decryptedPOP" */
-335,	/* "id-cmc-encryptedPOP" */
-339,	/* "id-cmc-getCRL" */
-338,	/* "id-cmc-getCert" */
-328,	/* "id-cmc-identification" */
-329,	/* "id-cmc-identityProof" */
-337,	/* "id-cmc-lraPOPWitness" */
-344,	/* "id-cmc-popLinkRandom" */
-345,	/* "id-cmc-popLinkWitness" */
-343,	/* "id-cmc-queryPending" */
-333,	/* "id-cmc-recipientNonce" */
-341,	/* "id-cmc-regInfo" */
-342,	/* "id-cmc-responseInfo" */
-340,	/* "id-cmc-revokeRequest" */
-332,	/* "id-cmc-senderNonce" */
-327,	/* "id-cmc-statusInfo" */
-331,	/* "id-cmc-transactionId" */
-787,	/* "id-ct-asciiTextWithCRLF" */
-408,	/* "id-ecPublicKey" */
-508,	/* "id-hex-multipart-message" */
-507,	/* "id-hex-partial-message" */
-260,	/* "id-it" */
-302,	/* "id-it-caKeyUpdateInfo" */
-298,	/* "id-it-caProtEncCert" */
-311,	/* "id-it-confirmWaitTime" */
-303,	/* "id-it-currentCRL" */
-300,	/* "id-it-encKeyPairTypes" */
-310,	/* "id-it-implicitConfirm" */
-308,	/* "id-it-keyPairParamRep" */
-307,	/* "id-it-keyPairParamReq" */
-312,	/* "id-it-origPKIMessage" */
-301,	/* "id-it-preferredSymmAlg" */
-309,	/* "id-it-revPassphrase" */
-299,	/* "id-it-signKeyPairTypes" */
-305,	/* "id-it-subscriptionRequest" */
-306,	/* "id-it-subscriptionResponse" */
-784,	/* "id-it-suppLangTags" */
-304,	/* "id-it-unsupportedOIDs" */
-128,	/* "id-kp" */
-280,	/* "id-mod-attribute-cert" */
-274,	/* "id-mod-cmc" */
-277,	/* "id-mod-cmp" */
-284,	/* "id-mod-cmp2000" */
-273,	/* "id-mod-crmf" */
-283,	/* "id-mod-dvcs" */
-275,	/* "id-mod-kea-profile-88" */
-276,	/* "id-mod-kea-profile-93" */
-282,	/* "id-mod-ocsp" */
-278,	/* "id-mod-qualified-cert-88" */
-279,	/* "id-mod-qualified-cert-93" */
-281,	/* "id-mod-timestamp-protocol" */
-264,	/* "id-on" */
-347,	/* "id-on-personalData" */
-265,	/* "id-pda" */
-352,	/* "id-pda-countryOfCitizenship" */
-353,	/* "id-pda-countryOfResidence" */
-348,	/* "id-pda-dateOfBirth" */
-351,	/* "id-pda-gender" */
-349,	/* "id-pda-placeOfBirth" */
-175,	/* "id-pe" */
-261,	/* "id-pkip" */
-258,	/* "id-pkix-mod" */
-269,	/* "id-pkix1-explicit-88" */
-271,	/* "id-pkix1-explicit-93" */
-270,	/* "id-pkix1-implicit-88" */
-272,	/* "id-pkix1-implicit-93" */
-662,	/* "id-ppl" */
-267,	/* "id-qcs" */
-359,	/* "id-qcs-pkixQCSyntax-v1" */
-259,	/* "id-qt" */
-313,	/* "id-regCtrl" */
-316,	/* "id-regCtrl-authenticator" */
-319,	/* "id-regCtrl-oldCertID" */
-318,	/* "id-regCtrl-pkiArchiveOptions" */
-317,	/* "id-regCtrl-pkiPublicationInfo" */
-320,	/* "id-regCtrl-protocolEncrKey" */
-315,	/* "id-regCtrl-regToken" */
-314,	/* "id-regInfo" */
-322,	/* "id-regInfo-certReq" */
-321,	/* "id-regInfo-utf8Pairs" */
-191,	/* "id-smime-aa" */
-215,	/* "id-smime-aa-contentHint" */
-218,	/* "id-smime-aa-contentIdentifier" */
-221,	/* "id-smime-aa-contentReference" */
-240,	/* "id-smime-aa-dvcs-dvc" */
-217,	/* "id-smime-aa-encapContentType" */
-222,	/* "id-smime-aa-encrypKeyPref" */
-220,	/* "id-smime-aa-equivalentLabels" */
-232,	/* "id-smime-aa-ets-CertificateRefs" */
-233,	/* "id-smime-aa-ets-RevocationRefs" */
-238,	/* "id-smime-aa-ets-archiveTimeStamp" */
-237,	/* "id-smime-aa-ets-certCRLTimestamp" */
-234,	/* "id-smime-aa-ets-certValues" */
-227,	/* "id-smime-aa-ets-commitmentType" */
-231,	/* "id-smime-aa-ets-contentTimestamp" */
-236,	/* "id-smime-aa-ets-escTimeStamp" */
-230,	/* "id-smime-aa-ets-otherSigCert" */
-235,	/* "id-smime-aa-ets-revocationValues" */
-226,	/* "id-smime-aa-ets-sigPolicyId" */
-229,	/* "id-smime-aa-ets-signerAttr" */
-228,	/* "id-smime-aa-ets-signerLocation" */
-219,	/* "id-smime-aa-macValue" */
-214,	/* "id-smime-aa-mlExpandHistory" */
-216,	/* "id-smime-aa-msgSigDigest" */
-212,	/* "id-smime-aa-receiptRequest" */
-213,	/* "id-smime-aa-securityLabel" */
-239,	/* "id-smime-aa-signatureType" */
-223,	/* "id-smime-aa-signingCertificate" */
-224,	/* "id-smime-aa-smimeEncryptCerts" */
-225,	/* "id-smime-aa-timeStampToken" */
-192,	/* "id-smime-alg" */
-243,	/* "id-smime-alg-3DESwrap" */
-246,	/* "id-smime-alg-CMS3DESwrap" */
-247,	/* "id-smime-alg-CMSRC2wrap" */
-245,	/* "id-smime-alg-ESDH" */
-241,	/* "id-smime-alg-ESDHwith3DES" */
-242,	/* "id-smime-alg-ESDHwithRC2" */
-244,	/* "id-smime-alg-RC2wrap" */
-193,	/* "id-smime-cd" */
-248,	/* "id-smime-cd-ldap" */
-190,	/* "id-smime-ct" */
-210,	/* "id-smime-ct-DVCSRequestData" */
-211,	/* "id-smime-ct-DVCSResponseData" */
-208,	/* "id-smime-ct-TDTInfo" */
-207,	/* "id-smime-ct-TSTInfo" */
-205,	/* "id-smime-ct-authData" */
-786,	/* "id-smime-ct-compressedData" */
-209,	/* "id-smime-ct-contentInfo" */
-206,	/* "id-smime-ct-publishCert" */
-204,	/* "id-smime-ct-receipt" */
-195,	/* "id-smime-cti" */
-255,	/* "id-smime-cti-ets-proofOfApproval" */
-256,	/* "id-smime-cti-ets-proofOfCreation" */
-253,	/* "id-smime-cti-ets-proofOfDelivery" */
-251,	/* "id-smime-cti-ets-proofOfOrigin" */
-252,	/* "id-smime-cti-ets-proofOfReceipt" */
-254,	/* "id-smime-cti-ets-proofOfSender" */
-189,	/* "id-smime-mod" */
-196,	/* "id-smime-mod-cms" */
-197,	/* "id-smime-mod-ess" */
-202,	/* "id-smime-mod-ets-eSigPolicy-88" */
-203,	/* "id-smime-mod-ets-eSigPolicy-97" */
-200,	/* "id-smime-mod-ets-eSignature-88" */
-201,	/* "id-smime-mod-ets-eSignature-97" */
-199,	/* "id-smime-mod-msg-v3" */
-198,	/* "id-smime-mod-oid" */
-194,	/* "id-smime-spq" */
-250,	/* "id-smime-spq-ets-sqt-unotice" */
-249,	/* "id-smime-spq-ets-sqt-uri" */
-34,	/* "idea-cbc" */
-35,	/* "idea-cfb" */
-36,	/* "idea-ecb" */
-46,	/* "idea-ofb" */
-676,	/* "identified-organization" */
-461,	/* "info" */
-101,	/* "initials" */
-869,	/* "internationaliSDNNumber" */
-749,	/* "ipsec3" */
-750,	/* "ipsec4" */
-181,	/* "iso" */
-623,	/* "issuer capabilities" */
-645,	/* "itu-t" */
-492,	/* "janetMailbox" */
-646,	/* "joint-iso-itu-t" */
-957,	/* "jurisdictionCountryName" */
-955,	/* "jurisdictionLocalityName" */
-956,	/* "jurisdictionStateOrProvinceName" */
-150,	/* "keyBag" */
-773,	/* "kisa" */
-477,	/* "lastModifiedBy" */
-476,	/* "lastModifiedTime" */
-157,	/* "localKeyID" */
-15,	/* "localityName" */
-480,	/* "mXRecord" */
-493,	/* "mailPreferenceOption" */
-467,	/* "manager" */
- 3,	/* "md2" */
- 7,	/* "md2WithRSAEncryption" */
-257,	/* "md4" */
-396,	/* "md4WithRSAEncryption" */
- 4,	/* "md5" */
-114,	/* "md5-sha1" */
-104,	/* "md5WithRSA" */
- 8,	/* "md5WithRSAEncryption" */
-95,	/* "mdc2" */
-96,	/* "mdc2WithRSA" */
-875,	/* "member" */
-602,	/* "merchant initiated auth" */
-514,	/* "message extensions" */
-51,	/* "messageDigest" */
-911,	/* "mgf1" */
-506,	/* "mime-mhs-bodies" */
-505,	/* "mime-mhs-headings" */
-488,	/* "mobileTelephoneNumber" */
-481,	/* "nSRecord" */
-173,	/* "name" */
-681,	/* "onBasis" */
-379,	/* "org" */
-17,	/* "organizationName" */
-491,	/* "organizationalStatus" */
-18,	/* "organizationalUnitName" */
-475,	/* "otherMailbox" */
-876,	/* "owner" */
-935,	/* "pSpecified" */
-489,	/* "pagerTelephoneNumber" */
-782,	/* "password based MAC" */
-374,	/* "path" */
-621,	/* "payment gateway capabilities" */
- 9,	/* "pbeWithMD2AndDES-CBC" */
-168,	/* "pbeWithMD2AndRC2-CBC" */
-112,	/* "pbeWithMD5AndCast5CBC" */
-10,	/* "pbeWithMD5AndDES-CBC" */
-169,	/* "pbeWithMD5AndRC2-CBC" */
-148,	/* "pbeWithSHA1And128BitRC2-CBC" */
-144,	/* "pbeWithSHA1And128BitRC4" */
-147,	/* "pbeWithSHA1And2-KeyTripleDES-CBC" */
-146,	/* "pbeWithSHA1And3-KeyTripleDES-CBC" */
-149,	/* "pbeWithSHA1And40BitRC2-CBC" */
-145,	/* "pbeWithSHA1And40BitRC4" */
-170,	/* "pbeWithSHA1AndDES-CBC" */
-68,	/* "pbeWithSHA1AndRC2-CBC" */
-499,	/* "personalSignature" */
-487,	/* "personalTitle" */
-464,	/* "photo" */
-863,	/* "physicalDeliveryOfficeName" */
-437,	/* "pilot" */
-439,	/* "pilotAttributeSyntax" */
-438,	/* "pilotAttributeType" */
-479,	/* "pilotAttributeType27" */
-456,	/* "pilotDSA" */
-441,	/* "pilotGroups" */
-444,	/* "pilotObject" */
-440,	/* "pilotObjectClass" */
-455,	/* "pilotOrganization" */
-445,	/* "pilotPerson" */
-186,	/* "pkcs1" */
-27,	/* "pkcs3" */
-187,	/* "pkcs5" */
-20,	/* "pkcs7" */
-21,	/* "pkcs7-data" */
-25,	/* "pkcs7-digestData" */
-26,	/* "pkcs7-encryptedData" */
-23,	/* "pkcs7-envelopedData" */
-24,	/* "pkcs7-signedAndEnvelopedData" */
-22,	/* "pkcs7-signedData" */
-151,	/* "pkcs8ShroudedKeyBag" */
-47,	/* "pkcs9" */
-862,	/* "postOfficeBox" */
-861,	/* "postalAddress" */
-661,	/* "postalCode" */
-683,	/* "ppBasis" */
-872,	/* "preferredDeliveryMethod" */
-873,	/* "presentationAddress" */
-406,	/* "prime-field" */
-409,	/* "prime192v1" */
-410,	/* "prime192v2" */
-411,	/* "prime192v3" */
-412,	/* "prime239v1" */
-413,	/* "prime239v2" */
-414,	/* "prime239v3" */
-415,	/* "prime256v1" */
-886,	/* "protocolInformation" */
-510,	/* "pseudonym" */
-435,	/* "pss" */
-286,	/* "qcStatements" */
-457,	/* "qualityLabelledData" */
-450,	/* "rFC822localPart" */
-98,	/* "rc2-40-cbc" */
-166,	/* "rc2-64-cbc" */
-37,	/* "rc2-cbc" */
-39,	/* "rc2-cfb" */
-38,	/* "rc2-ecb" */
-40,	/* "rc2-ofb" */
- 5,	/* "rc4" */
-97,	/* "rc4-40" */
-915,	/* "rc4-hmac-md5" */
-120,	/* "rc5-cbc" */
-122,	/* "rc5-cfb" */
-121,	/* "rc5-ecb" */
-123,	/* "rc5-ofb" */
-870,	/* "registeredAddress" */
-460,	/* "rfc822Mailbox" */
-117,	/* "ripemd160" */
-119,	/* "ripemd160WithRSA" */
-400,	/* "role" */
-877,	/* "roleOccupant" */
-448,	/* "room" */
-463,	/* "roomNumber" */
-19,	/* "rsa" */
- 6,	/* "rsaEncryption" */
-644,	/* "rsaOAEPEncryptionSET" */
-377,	/* "rsaSignature" */
-919,	/* "rsaesOaep" */
-912,	/* "rsassaPss" */
-124,	/* "run length compression" */
-482,	/* "sOARecord" */
-155,	/* "safeContentsBag" */
-291,	/* "sbgp-autonomousSysNum" */
-290,	/* "sbgp-ipAddrBlock" */
-292,	/* "sbgp-routerIdentifier" */
-159,	/* "sdsiCertificate" */
-859,	/* "searchGuide" */
-704,	/* "secp112r1" */
-705,	/* "secp112r2" */
-706,	/* "secp128r1" */
-707,	/* "secp128r2" */
-708,	/* "secp160k1" */
-709,	/* "secp160r1" */
-710,	/* "secp160r2" */
-711,	/* "secp192k1" */
-712,	/* "secp224k1" */
-713,	/* "secp224r1" */
-714,	/* "secp256k1" */
-715,	/* "secp384r1" */
-716,	/* "secp521r1" */
-154,	/* "secretBag" */
-474,	/* "secretary" */
-717,	/* "sect113r1" */
-718,	/* "sect113r2" */
-719,	/* "sect131r1" */
-720,	/* "sect131r2" */
-721,	/* "sect163k1" */
-722,	/* "sect163r1" */
-723,	/* "sect163r2" */
-724,	/* "sect193r1" */
-725,	/* "sect193r2" */
-726,	/* "sect233k1" */
-727,	/* "sect233r1" */
-728,	/* "sect239k1" */
-729,	/* "sect283k1" */
-730,	/* "sect283r1" */
-731,	/* "sect409k1" */
-732,	/* "sect409r1" */
-733,	/* "sect571k1" */
-734,	/* "sect571r1" */
-635,	/* "secure device signature" */
-878,	/* "seeAlso" */
-777,	/* "seed-cbc" */
-779,	/* "seed-cfb" */
-776,	/* "seed-ecb" */
-778,	/* "seed-ofb" */
-105,	/* "serialNumber" */
-625,	/* "set-addPolicy" */
-515,	/* "set-attr" */
-518,	/* "set-brand" */
-638,	/* "set-brand-AmericanExpress" */
-637,	/* "set-brand-Diners" */
-636,	/* "set-brand-IATA-ATA" */
-639,	/* "set-brand-JCB" */
-641,	/* "set-brand-MasterCard" */
-642,	/* "set-brand-Novus" */
-640,	/* "set-brand-Visa" */
-516,	/* "set-policy" */
-607,	/* "set-policy-root" */
-624,	/* "set-rootKeyThumb" */
-620,	/* "setAttr-Cert" */
-628,	/* "setAttr-IssCap-CVM" */
-630,	/* "setAttr-IssCap-Sig" */
-629,	/* "setAttr-IssCap-T2" */
-627,	/* "setAttr-Token-B0Prime" */
-626,	/* "setAttr-Token-EMV" */
-622,	/* "setAttr-TokenType" */
-619,	/* "setCext-IssuerCapabilities" */
-615,	/* "setCext-PGWYcapabilities" */
-616,	/* "setCext-TokenIdentifier" */
-618,	/* "setCext-TokenType" */
-617,	/* "setCext-Track2Data" */
-611,	/* "setCext-cCertRequired" */
-609,	/* "setCext-certType" */
-608,	/* "setCext-hashedRoot" */
-610,	/* "setCext-merchData" */
-613,	/* "setCext-setExt" */
-614,	/* "setCext-setQualf" */
-612,	/* "setCext-tunneling" */
-540,	/* "setct-AcqCardCodeMsg" */
-576,	/* "setct-AcqCardCodeMsgTBE" */
-570,	/* "setct-AuthReqTBE" */
-534,	/* "setct-AuthReqTBS" */
-527,	/* "setct-AuthResBaggage" */
-571,	/* "setct-AuthResTBE" */
-572,	/* "setct-AuthResTBEX" */
-535,	/* "setct-AuthResTBS" */
-536,	/* "setct-AuthResTBSX" */
-528,	/* "setct-AuthRevReqBaggage" */
-577,	/* "setct-AuthRevReqTBE" */
-541,	/* "setct-AuthRevReqTBS" */
-529,	/* "setct-AuthRevResBaggage" */
-542,	/* "setct-AuthRevResData" */
-578,	/* "setct-AuthRevResTBE" */
-579,	/* "setct-AuthRevResTBEB" */
-543,	/* "setct-AuthRevResTBS" */
-573,	/* "setct-AuthTokenTBE" */
-537,	/* "setct-AuthTokenTBS" */
-600,	/* "setct-BCIDistributionTBS" */
-558,	/* "setct-BatchAdminReqData" */
-592,	/* "setct-BatchAdminReqTBE" */
-559,	/* "setct-BatchAdminResData" */
-593,	/* "setct-BatchAdminResTBE" */
-599,	/* "setct-CRLNotificationResTBS" */
-598,	/* "setct-CRLNotificationTBS" */
-580,	/* "setct-CapReqTBE" */
-581,	/* "setct-CapReqTBEX" */
-544,	/* "setct-CapReqTBS" */
-545,	/* "setct-CapReqTBSX" */
-546,	/* "setct-CapResData" */
-582,	/* "setct-CapResTBE" */
-583,	/* "setct-CapRevReqTBE" */
-584,	/* "setct-CapRevReqTBEX" */
-547,	/* "setct-CapRevReqTBS" */
-548,	/* "setct-CapRevReqTBSX" */
-549,	/* "setct-CapRevResData" */
-585,	/* "setct-CapRevResTBE" */
-538,	/* "setct-CapTokenData" */
-530,	/* "setct-CapTokenSeq" */
-574,	/* "setct-CapTokenTBE" */
-575,	/* "setct-CapTokenTBEX" */
-539,	/* "setct-CapTokenTBS" */
-560,	/* "setct-CardCInitResTBS" */
-566,	/* "setct-CertInqReqTBS" */
-563,	/* "setct-CertReqData" */
-595,	/* "setct-CertReqTBE" */
-596,	/* "setct-CertReqTBEX" */
-564,	/* "setct-CertReqTBS" */
-565,	/* "setct-CertResData" */
-597,	/* "setct-CertResTBE" */
-586,	/* "setct-CredReqTBE" */
-587,	/* "setct-CredReqTBEX" */
-550,	/* "setct-CredReqTBS" */
-551,	/* "setct-CredReqTBSX" */
-552,	/* "setct-CredResData" */
-588,	/* "setct-CredResTBE" */
-589,	/* "setct-CredRevReqTBE" */
-590,	/* "setct-CredRevReqTBEX" */
-553,	/* "setct-CredRevReqTBS" */
-554,	/* "setct-CredRevReqTBSX" */
-555,	/* "setct-CredRevResData" */
-591,	/* "setct-CredRevResTBE" */
-567,	/* "setct-ErrorTBS" */
-526,	/* "setct-HODInput" */
-561,	/* "setct-MeAqCInitResTBS" */
-522,	/* "setct-OIData" */
-519,	/* "setct-PANData" */
-521,	/* "setct-PANOnly" */
-520,	/* "setct-PANToken" */
-556,	/* "setct-PCertReqData" */
-557,	/* "setct-PCertResTBS" */
-523,	/* "setct-PI" */
-532,	/* "setct-PI-TBS" */
-524,	/* "setct-PIData" */
-525,	/* "setct-PIDataUnsigned" */
-568,	/* "setct-PIDualSignedTBE" */
-569,	/* "setct-PIUnsignedTBE" */
-531,	/* "setct-PInitResData" */
-533,	/* "setct-PResData" */
-594,	/* "setct-RegFormReqTBE" */
-562,	/* "setct-RegFormResTBS" */
-604,	/* "setext-pinAny" */
-603,	/* "setext-pinSecure" */
-605,	/* "setext-track2" */
-41,	/* "sha" */
-64,	/* "sha1" */
-115,	/* "sha1WithRSA" */
-65,	/* "sha1WithRSAEncryption" */
-675,	/* "sha224" */
-671,	/* "sha224WithRSAEncryption" */
-672,	/* "sha256" */
-668,	/* "sha256WithRSAEncryption" */
-673,	/* "sha384" */
-669,	/* "sha384WithRSAEncryption" */
-674,	/* "sha512" */
-670,	/* "sha512WithRSAEncryption" */
-42,	/* "shaWithRSAEncryption" */
-52,	/* "signingTime" */
-454,	/* "simpleSecurityObject" */
-496,	/* "singleLevelQuality" */
-16,	/* "stateOrProvinceName" */
-660,	/* "streetAddress" */
-498,	/* "subtreeMaximumQuality" */
-497,	/* "subtreeMinimumQuality" */
-890,	/* "supportedAlgorithms" */
-874,	/* "supportedApplicationContext" */
-100,	/* "surname" */
-864,	/* "telephoneNumber" */
-866,	/* "teletexTerminalIdentifier" */
-865,	/* "telexNumber" */
-459,	/* "textEncodedORAddress" */
-293,	/* "textNotice" */
-106,	/* "title" */
-682,	/* "tpBasis" */
-436,	/* "ucl" */
- 0,	/* "undefined" */
-888,	/* "uniqueMember" */
-55,	/* "unstructuredAddress" */
-49,	/* "unstructuredName" */
-880,	/* "userCertificate" */
-465,	/* "userClass" */
-458,	/* "userId" */
-879,	/* "userPassword" */
-373,	/* "valid" */
-678,	/* "wap" */
-679,	/* "wap-wsg" */
-735,	/* "wap-wsg-idm-ecid-wtls1" */
-743,	/* "wap-wsg-idm-ecid-wtls10" */
-744,	/* "wap-wsg-idm-ecid-wtls11" */
-745,	/* "wap-wsg-idm-ecid-wtls12" */
-736,	/* "wap-wsg-idm-ecid-wtls3" */
-737,	/* "wap-wsg-idm-ecid-wtls4" */
-738,	/* "wap-wsg-idm-ecid-wtls5" */
-739,	/* "wap-wsg-idm-ecid-wtls6" */
-740,	/* "wap-wsg-idm-ecid-wtls7" */
-741,	/* "wap-wsg-idm-ecid-wtls8" */
-742,	/* "wap-wsg-idm-ecid-wtls9" */
-804,	/* "whirlpool" */
-868,	/* "x121Address" */
-503,	/* "x500UniqueIdentifier" */
-158,	/* "x509Certificate" */
-160,	/* "x509Crl" */
-125,	/* "zlib compression" */
+#define NUM_LN 1186
+static const unsigned int ln_objs[NUM_LN] = {
+     363,    /* "AD Time Stamping" */
+     405,    /* "ANSI X9.62" */
+     368,    /* "Acceptable OCSP Responses" */
+     910,    /* "Any Extended Key Usage" */
+     664,    /* "Any language" */
+     177,    /* "Authority Information Access" */
+     365,    /* "Basic OCSP Response" */
+     285,    /* "Biometric Info" */
+     179,    /* "CA Issuers" */
+     785,    /* "CA Repository" */
+    1131,    /* "CMC Certificate Authority" */
+    1132,    /* "CMC Registration Authority" */
+     954,    /* "CT Certificate SCTs" */
+     952,    /* "CT Precertificate Poison" */
+     951,    /* "CT Precertificate SCTs" */
+     953,    /* "CT Precertificate Signer" */
+     131,    /* "Code Signing" */
+    1024,    /* "Ctrl/Provision WAP Termination" */
+    1023,    /* "Ctrl/provision WAP Access" */
+    1159,    /* "DSTU 4145-2002 big endian" */
+    1158,    /* "DSTU 4145-2002 little endian" */
+    1152,    /* "DSTU Gost 28147-2009" */
+    1154,    /* "DSTU Gost 28147-2009 CFB mode" */
+    1153,    /* "DSTU Gost 28147-2009 OFB mode" */
+    1155,    /* "DSTU Gost 28147-2009 key wrap" */
+    1157,    /* "DSTU Gost 34311-95" */
+    1160,    /* "DSTU curve 0" */
+    1161,    /* "DSTU curve 1" */
+    1162,    /* "DSTU curve 2" */
+    1163,    /* "DSTU curve 3" */
+    1164,    /* "DSTU curve 4" */
+    1165,    /* "DSTU curve 5" */
+    1166,    /* "DSTU curve 6" */
+    1167,    /* "DSTU curve 7" */
+    1168,    /* "DSTU curve 8" */
+    1169,    /* "DSTU curve 9" */
+     783,    /* "Diffie-Hellman based MAC" */
+     382,    /* "Directory" */
+     392,    /* "Domain" */
+     132,    /* "E-mail Protection" */
+    1087,    /* "ED25519" */
+    1088,    /* "ED448" */
+     389,    /* "Enterprises" */
+     384,    /* "Experimental" */
+     372,    /* "Extended OCSP Status" */
+     172,    /* "Extension Request" */
+     813,    /* "GOST 28147-89" */
+     849,    /* "GOST 28147-89 Cryptocom ParamSet" */
+     815,    /* "GOST 28147-89 MAC" */
+    1003,    /* "GOST 28147-89 TC26 parameter set" */
+     851,    /* "GOST 34.10-2001 Cryptocom" */
+     850,    /* "GOST 34.10-94 Cryptocom" */
+     811,    /* "GOST R 34.10-2001" */
+     817,    /* "GOST R 34.10-2001 DH" */
+    1148,    /* "GOST R 34.10-2012 (256 bit) ParamSet A" */
+    1184,    /* "GOST R 34.10-2012 (256 bit) ParamSet B" */
+    1185,    /* "GOST R 34.10-2012 (256 bit) ParamSet C" */
+    1186,    /* "GOST R 34.10-2012 (256 bit) ParamSet D" */
+     998,    /* "GOST R 34.10-2012 (512 bit) ParamSet A" */
+     999,    /* "GOST R 34.10-2012 (512 bit) ParamSet B" */
+    1149,    /* "GOST R 34.10-2012 (512 bit) ParamSet C" */
+     997,    /* "GOST R 34.10-2012 (512 bit) testing parameter set" */
+     979,    /* "GOST R 34.10-2012 with 256 bit modulus" */
+     980,    /* "GOST R 34.10-2012 with 512 bit modulus" */
+     985,    /* "GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)" */
+     986,    /* "GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)" */
+     812,    /* "GOST R 34.10-94" */
+     818,    /* "GOST R 34.10-94 DH" */
+     982,    /* "GOST R 34.11-2012 with 256 bit hash" */
+     983,    /* "GOST R 34.11-2012 with 512 bit hash" */
+     809,    /* "GOST R 34.11-94" */
+     816,    /* "GOST R 34.11-94 PRF" */
+     807,    /* "GOST R 34.11-94 with GOST R 34.10-2001" */
+     853,    /* "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom" */
+     808,    /* "GOST R 34.11-94 with GOST R 34.10-94" */
+     852,    /* "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom" */
+     854,    /* "GOST R 3410-2001 Parameter Set Cryptocom" */
+    1156,    /* "HMAC DSTU Gost 34311-95" */
+     988,    /* "HMAC GOST 34.11-2012 256 bit" */
+     989,    /* "HMAC GOST 34.11-2012 512 bit" */
+     810,    /* "HMAC GOST 34.11-94" */
+     432,    /* "Hold Instruction Call Issuer" */
+     430,    /* "Hold Instruction Code" */
+     431,    /* "Hold Instruction None" */
+     433,    /* "Hold Instruction Reject" */
+     634,    /* "ICC or token signature" */
+    1171,    /* "IEEE Security in Storage Working Group" */
+    1004,    /* "INN" */
+     294,    /* "IPSec End System" */
+     295,    /* "IPSec Tunnel" */
+     296,    /* "IPSec User" */
+    1140,    /* "ISO CN Member Body" */
+     182,    /* "ISO Member Body" */
+     183,    /* "ISO US Member Body" */
+    1150,    /* "ISO-UA" */
+     667,    /* "Independent" */
+     665,    /* "Inherit all" */
+     647,    /* "International Organizations" */
+     142,    /* "Invalidity Date" */
+     504,    /* "MIME MHS" */
+     388,    /* "Mail" */
+     383,    /* "Management" */
+     417,    /* "Microsoft CSP Name" */
+     135,    /* "Microsoft Commercial Code Signing" */
+     138,    /* "Microsoft Encrypted File System" */
+     171,    /* "Microsoft Extension Request" */
+     134,    /* "Microsoft Individual Code Signing" */
+     856,    /* "Microsoft Local Key set" */
+     137,    /* "Microsoft Server Gated Crypto" */
+     648,    /* "Microsoft Smartcardlogin" */
+     136,    /* "Microsoft Trust List Signing" */
+     649,    /* "Microsoft Universal Principal Name" */
+     393,    /* "NULL" */
+     404,    /* "NULL" */
+      72,    /* "Netscape Base Url" */
+      76,    /* "Netscape CA Policy Url" */
+      74,    /* "Netscape CA Revocation Url" */
+      71,    /* "Netscape Cert Type" */
+      58,    /* "Netscape Certificate Extension" */
+      79,    /* "Netscape Certificate Sequence" */
+      78,    /* "Netscape Comment" */
+      57,    /* "Netscape Communications Corp." */
+      59,    /* "Netscape Data Type" */
+      75,    /* "Netscape Renewal Url" */
+      73,    /* "Netscape Revocation Url" */
+      77,    /* "Netscape SSL Server Name" */
+     139,    /* "Netscape Server Gated Crypto" */
+     178,    /* "OCSP" */
+     370,    /* "OCSP Archive Cutoff" */
+     367,    /* "OCSP CRL ID" */
+     369,    /* "OCSP No Check" */
+     366,    /* "OCSP Nonce" */
+     371,    /* "OCSP Service Locator" */
+     180,    /* "OCSP Signing" */
+    1005,    /* "OGRN" */
+     161,    /* "PBES2" */
+      69,    /* "PBKDF2" */
+     162,    /* "PBMAC1" */
+    1032,    /* "PKINIT Client Auth" */
+     127,    /* "PKIX" */
+     858,    /* "Permanent Identifier" */
+     164,    /* "Policy Qualifier CPS" */
+     165,    /* "Policy Qualifier User Notice" */
+     385,    /* "Private" */
+    1093,    /* "Professional Information or basis for Admission" */
+     663,    /* "Proxy Certificate Information" */
+       1,    /* "RSA Data Security, Inc." */
+       2,    /* "RSA Data Security, Inc. PKCS" */
+    1116,    /* "RSA-SHA3-224" */
+    1117,    /* "RSA-SHA3-256" */
+    1118,    /* "RSA-SHA3-384" */
+    1119,    /* "RSA-SHA3-512" */
+     188,    /* "S/MIME" */
+     167,    /* "S/MIME Capabilities" */
+    1006,    /* "SNILS" */
+     387,    /* "SNMPv2" */
+    1025,    /* "SSH Client" */
+    1026,    /* "SSH Server" */
+     512,    /* "Secure Electronic Transactions" */
+     386,    /* "Security" */
+     394,    /* "Selected Attribute Types" */
+    1029,    /* "Send Owner" */
+    1030,    /* "Send Proxied Owner" */
+    1028,    /* "Send Proxied Router" */
+    1027,    /* "Send Router" */
+    1033,    /* "Signing KDC Response" */
+    1008,    /* "Signing Tool of Issuer" */
+    1007,    /* "Signing Tool of Subject" */
+     143,    /* "Strong Extranet ID" */
+     398,    /* "Subject Information Access" */
+    1020,    /* "TLS Feature" */
+     130,    /* "TLS Web Client Authentication" */
+     129,    /* "TLS Web Server Authentication" */
+     133,    /* "Time Stamping" */
+     375,    /* "Trust Root" */
+    1034,    /* "X25519" */
+    1035,    /* "X448" */
+      12,    /* "X509" */
+     402,    /* "X509v3 AC Targeting" */
+     746,    /* "X509v3 Any Policy" */
+      90,    /* "X509v3 Authority Key Identifier" */
+      87,    /* "X509v3 Basic Constraints" */
+     103,    /* "X509v3 CRL Distribution Points" */
+      88,    /* "X509v3 CRL Number" */
+     141,    /* "X509v3 CRL Reason Code" */
+     771,    /* "X509v3 Certificate Issuer" */
+      89,    /* "X509v3 Certificate Policies" */
+     140,    /* "X509v3 Delta CRL Indicator" */
+     126,    /* "X509v3 Extended Key Usage" */
+     857,    /* "X509v3 Freshest CRL" */
+     748,    /* "X509v3 Inhibit Any Policy" */
+      86,    /* "X509v3 Issuer Alternative Name" */
+     770,    /* "X509v3 Issuing Distribution Point" */
+      83,    /* "X509v3 Key Usage" */
+     666,    /* "X509v3 Name Constraints" */
+     403,    /* "X509v3 No Revocation Available" */
+     401,    /* "X509v3 Policy Constraints" */
+     747,    /* "X509v3 Policy Mappings" */
+      84,    /* "X509v3 Private Key Usage Period" */
+      85,    /* "X509v3 Subject Alternative Name" */
+     769,    /* "X509v3 Subject Directory Attributes" */
+      82,    /* "X509v3 Subject Key Identifier" */
+     920,    /* "X9.42 DH" */
+     184,    /* "X9.57" */
+     185,    /* "X9.57 CM ?" */
+     478,    /* "aRecord" */
+     289,    /* "aaControls" */
+     287,    /* "ac-auditEntity" */
+     397,    /* "ac-proxying" */
+     288,    /* "ac-targeting" */
+     446,    /* "account" */
+     364,    /* "ad dvcs" */
+     606,    /* "additional verification" */
+     419,    /* "aes-128-cbc" */
+     916,    /* "aes-128-cbc-hmac-sha1" */
+     948,    /* "aes-128-cbc-hmac-sha256" */
+     896,    /* "aes-128-ccm" */
+     421,    /* "aes-128-cfb" */
+     650,    /* "aes-128-cfb1" */
+     653,    /* "aes-128-cfb8" */
+     904,    /* "aes-128-ctr" */
+     418,    /* "aes-128-ecb" */
+     895,    /* "aes-128-gcm" */
+     958,    /* "aes-128-ocb" */
+     420,    /* "aes-128-ofb" */
+     913,    /* "aes-128-xts" */
+     423,    /* "aes-192-cbc" */
+     917,    /* "aes-192-cbc-hmac-sha1" */
+     949,    /* "aes-192-cbc-hmac-sha256" */
+     899,    /* "aes-192-ccm" */
+     425,    /* "aes-192-cfb" */
+     651,    /* "aes-192-cfb1" */
+     654,    /* "aes-192-cfb8" */
+     905,    /* "aes-192-ctr" */
+     422,    /* "aes-192-ecb" */
+     898,    /* "aes-192-gcm" */
+     959,    /* "aes-192-ocb" */
+     424,    /* "aes-192-ofb" */
+     427,    /* "aes-256-cbc" */
+     918,    /* "aes-256-cbc-hmac-sha1" */
+     950,    /* "aes-256-cbc-hmac-sha256" */
+     902,    /* "aes-256-ccm" */
+     429,    /* "aes-256-cfb" */
+     652,    /* "aes-256-cfb1" */
+     655,    /* "aes-256-cfb8" */
+     906,    /* "aes-256-ctr" */
+     426,    /* "aes-256-ecb" */
+     901,    /* "aes-256-gcm" */
+     960,    /* "aes-256-ocb" */
+     428,    /* "aes-256-ofb" */
+     914,    /* "aes-256-xts" */
+     376,    /* "algorithm" */
+    1066,    /* "aria-128-cbc" */
+    1120,    /* "aria-128-ccm" */
+    1067,    /* "aria-128-cfb" */
+    1080,    /* "aria-128-cfb1" */
+    1083,    /* "aria-128-cfb8" */
+    1069,    /* "aria-128-ctr" */
+    1065,    /* "aria-128-ecb" */
+    1123,    /* "aria-128-gcm" */
+    1068,    /* "aria-128-ofb" */
+    1071,    /* "aria-192-cbc" */
+    1121,    /* "aria-192-ccm" */
+    1072,    /* "aria-192-cfb" */
+    1081,    /* "aria-192-cfb1" */
+    1084,    /* "aria-192-cfb8" */
+    1074,    /* "aria-192-ctr" */
+    1070,    /* "aria-192-ecb" */
+    1124,    /* "aria-192-gcm" */
+    1073,    /* "aria-192-ofb" */
+    1076,    /* "aria-256-cbc" */
+    1122,    /* "aria-256-ccm" */
+    1077,    /* "aria-256-cfb" */
+    1082,    /* "aria-256-cfb1" */
+    1085,    /* "aria-256-cfb8" */
+    1079,    /* "aria-256-ctr" */
+    1075,    /* "aria-256-ecb" */
+    1125,    /* "aria-256-gcm" */
+    1078,    /* "aria-256-ofb" */
+     484,    /* "associatedDomain" */
+     485,    /* "associatedName" */
+     501,    /* "audio" */
+    1064,    /* "auth-any" */
+    1049,    /* "auth-dss" */
+    1047,    /* "auth-ecdsa" */
+    1050,    /* "auth-gost01" */
+    1051,    /* "auth-gost12" */
+    1053,    /* "auth-null" */
+    1048,    /* "auth-psk" */
+    1046,    /* "auth-rsa" */
+    1052,    /* "auth-srp" */
+     882,    /* "authorityRevocationList" */
+      91,    /* "bf-cbc" */
+      93,    /* "bf-cfb" */
+      92,    /* "bf-ecb" */
+      94,    /* "bf-ofb" */
+    1056,    /* "blake2b512" */
+    1057,    /* "blake2s256" */
+     921,    /* "brainpoolP160r1" */
+     922,    /* "brainpoolP160t1" */
+     923,    /* "brainpoolP192r1" */
+     924,    /* "brainpoolP192t1" */
+     925,    /* "brainpoolP224r1" */
+     926,    /* "brainpoolP224t1" */
+     927,    /* "brainpoolP256r1" */
+     928,    /* "brainpoolP256t1" */
+     929,    /* "brainpoolP320r1" */
+     930,    /* "brainpoolP320t1" */
+     931,    /* "brainpoolP384r1" */
+     932,    /* "brainpoolP384t1" */
+     933,    /* "brainpoolP512r1" */
+     934,    /* "brainpoolP512t1" */
+     494,    /* "buildingName" */
+     860,    /* "businessCategory" */
+     691,    /* "c2onb191v4" */
+     692,    /* "c2onb191v5" */
+     697,    /* "c2onb239v4" */
+     698,    /* "c2onb239v5" */
+     684,    /* "c2pnb163v1" */
+     685,    /* "c2pnb163v2" */
+     686,    /* "c2pnb163v3" */
+     687,    /* "c2pnb176v1" */
+     693,    /* "c2pnb208w1" */
+     699,    /* "c2pnb272w1" */
+     700,    /* "c2pnb304w1" */
+     702,    /* "c2pnb368w1" */
+     688,    /* "c2tnb191v1" */
+     689,    /* "c2tnb191v2" */
+     690,    /* "c2tnb191v3" */
+     694,    /* "c2tnb239v1" */
+     695,    /* "c2tnb239v2" */
+     696,    /* "c2tnb239v3" */
+     701,    /* "c2tnb359v1" */
+     703,    /* "c2tnb431r1" */
+     881,    /* "cACertificate" */
+     483,    /* "cNAMERecord" */
+     751,    /* "camellia-128-cbc" */
+     962,    /* "camellia-128-ccm" */
+     757,    /* "camellia-128-cfb" */
+     760,    /* "camellia-128-cfb1" */
+     763,    /* "camellia-128-cfb8" */
+     964,    /* "camellia-128-cmac" */
+     963,    /* "camellia-128-ctr" */
+     754,    /* "camellia-128-ecb" */
+     961,    /* "camellia-128-gcm" */
+     766,    /* "camellia-128-ofb" */
+     752,    /* "camellia-192-cbc" */
+     966,    /* "camellia-192-ccm" */
+     758,    /* "camellia-192-cfb" */
+     761,    /* "camellia-192-cfb1" */
+     764,    /* "camellia-192-cfb8" */
+     968,    /* "camellia-192-cmac" */
+     967,    /* "camellia-192-ctr" */
+     755,    /* "camellia-192-ecb" */
+     965,    /* "camellia-192-gcm" */
+     767,    /* "camellia-192-ofb" */
+     753,    /* "camellia-256-cbc" */
+     970,    /* "camellia-256-ccm" */
+     759,    /* "camellia-256-cfb" */
+     762,    /* "camellia-256-cfb1" */
+     765,    /* "camellia-256-cfb8" */
+     972,    /* "camellia-256-cmac" */
+     971,    /* "camellia-256-ctr" */
+     756,    /* "camellia-256-ecb" */
+     969,    /* "camellia-256-gcm" */
+     768,    /* "camellia-256-ofb" */
+     443,    /* "caseIgnoreIA5StringSyntax" */
+     108,    /* "cast5-cbc" */
+     110,    /* "cast5-cfb" */
+     109,    /* "cast5-ecb" */
+     111,    /* "cast5-ofb" */
+     152,    /* "certBag" */
+     677,    /* "certicom-arc" */
+     517,    /* "certificate extensions" */
+     883,    /* "certificateRevocationList" */
+    1019,    /* "chacha20" */
+    1018,    /* "chacha20-poly1305" */
+      54,    /* "challengePassword" */
+     407,    /* "characteristic-two-field" */
+     395,    /* "clearance" */
+     633,    /* "cleartext track 2" */
+     894,    /* "cmac" */
+      13,    /* "commonName" */
+     513,    /* "content types" */
+      50,    /* "contentType" */
+      53,    /* "countersignature" */
+    1090,    /* "countryCode3c" */
+    1091,    /* "countryCode3n" */
+      14,    /* "countryName" */
+     153,    /* "crlBag" */
+     884,    /* "crossCertificatePair" */
+     806,    /* "cryptocom" */
+     805,    /* "cryptopro" */
+     500,    /* "dITRedirect" */
+     451,    /* "dNSDomain" */
+     495,    /* "dSAQuality" */
+     434,    /* "data" */
+     390,    /* "dcObject" */
+     891,    /* "deltaRevocationList" */
+      31,    /* "des-cbc" */
+     643,    /* "des-cdmf" */
+      30,    /* "des-cfb" */
+     656,    /* "des-cfb1" */
+     657,    /* "des-cfb8" */
+      29,    /* "des-ecb" */
+      32,    /* "des-ede" */
+      43,    /* "des-ede-cbc" */
+      60,    /* "des-ede-cfb" */
+      62,    /* "des-ede-ofb" */
+      33,    /* "des-ede3" */
+      44,    /* "des-ede3-cbc" */
+      61,    /* "des-ede3-cfb" */
+     658,    /* "des-ede3-cfb1" */
+     659,    /* "des-ede3-cfb8" */
+      63,    /* "des-ede3-ofb" */
+      45,    /* "des-ofb" */
+     107,    /* "description" */
+     871,    /* "destinationIndicator" */
+      80,    /* "desx-cbc" */
+     947,    /* "dh-cofactor-kdf" */
+     946,    /* "dh-std-kdf" */
+      28,    /* "dhKeyAgreement" */
+     941,    /* "dhSinglePass-cofactorDH-sha1kdf-scheme" */
+     942,    /* "dhSinglePass-cofactorDH-sha224kdf-scheme" */
+     943,    /* "dhSinglePass-cofactorDH-sha256kdf-scheme" */
+     944,    /* "dhSinglePass-cofactorDH-sha384kdf-scheme" */
+     945,    /* "dhSinglePass-cofactorDH-sha512kdf-scheme" */
+     936,    /* "dhSinglePass-stdDH-sha1kdf-scheme" */
+     937,    /* "dhSinglePass-stdDH-sha224kdf-scheme" */
+     938,    /* "dhSinglePass-stdDH-sha256kdf-scheme" */
+     939,    /* "dhSinglePass-stdDH-sha384kdf-scheme" */
+     940,    /* "dhSinglePass-stdDH-sha512kdf-scheme" */
+      11,    /* "directory services (X.500)" */
+     378,    /* "directory services - algorithms" */
+     887,    /* "distinguishedName" */
+     892,    /* "dmdName" */
+     174,    /* "dnQualifier" */
+    1092,    /* "dnsName" */
+     447,    /* "document" */
+     471,    /* "documentAuthor" */
+     468,    /* "documentIdentifier" */
+     472,    /* "documentLocation" */
+     502,    /* "documentPublisher" */
+     449,    /* "documentSeries" */
+     469,    /* "documentTitle" */
+     470,    /* "documentVersion" */
+     380,    /* "dod" */
+     391,    /* "domainComponent" */
+     452,    /* "domainRelatedObject" */
+     116,    /* "dsaEncryption" */
+      67,    /* "dsaEncryption-old" */
+      66,    /* "dsaWithSHA" */
+     113,    /* "dsaWithSHA1" */
+      70,    /* "dsaWithSHA1-old" */
+     802,    /* "dsa_with_SHA224" */
+     803,    /* "dsa_with_SHA256" */
+    1108,    /* "dsa_with_SHA3-224" */
+    1109,    /* "dsa_with_SHA3-256" */
+    1110,    /* "dsa_with_SHA3-384" */
+    1111,    /* "dsa_with_SHA3-512" */
+    1106,    /* "dsa_with_SHA384" */
+    1107,    /* "dsa_with_SHA512" */
+     297,    /* "dvcs" */
+     791,    /* "ecdsa-with-Recommended" */
+     416,    /* "ecdsa-with-SHA1" */
+     793,    /* "ecdsa-with-SHA224" */
+     794,    /* "ecdsa-with-SHA256" */
+     795,    /* "ecdsa-with-SHA384" */
+     796,    /* "ecdsa-with-SHA512" */
+     792,    /* "ecdsa-with-Specified" */
+    1112,    /* "ecdsa_with_SHA3-224" */
+    1113,    /* "ecdsa_with_SHA3-256" */
+    1114,    /* "ecdsa_with_SHA3-384" */
+    1115,    /* "ecdsa_with_SHA3-512" */
+      48,    /* "emailAddress" */
+     632,    /* "encrypted track 2" */
+     885,    /* "enhancedSearchGuide" */
+      56,    /* "extendedCertificateAttributes" */
+     867,    /* "facsimileTelephoneNumber" */
+     462,    /* "favouriteDrink" */
+    1126,    /* "ffdhe2048" */
+    1127,    /* "ffdhe3072" */
+    1128,    /* "ffdhe4096" */
+    1129,    /* "ffdhe6144" */
+    1130,    /* "ffdhe8192" */
+     453,    /* "friendlyCountry" */
+     490,    /* "friendlyCountryName" */
+     156,    /* "friendlyName" */
+     631,    /* "generate cryptogram" */
+     509,    /* "generationQualifier" */
+     601,    /* "generic cryptogram" */
+      99,    /* "givenName" */
+     976,    /* "gost-mac-12" */
+    1009,    /* "gost89-cbc" */
+     814,    /* "gost89-cnt" */
+     975,    /* "gost89-cnt-12" */
+    1011,    /* "gost89-ctr" */
+    1010,    /* "gost89-ecb" */
+    1015,    /* "grasshopper-cbc" */
+    1016,    /* "grasshopper-cfb" */
+    1013,    /* "grasshopper-ctr" */
+    1012,    /* "grasshopper-ecb" */
+    1017,    /* "grasshopper-mac" */
+    1014,    /* "grasshopper-ofb" */
+    1036,    /* "hkdf" */
+     855,    /* "hmac" */
+     780,    /* "hmac-md5" */
+     781,    /* "hmac-sha1" */
+    1102,    /* "hmac-sha3-224" */
+    1103,    /* "hmac-sha3-256" */
+    1104,    /* "hmac-sha3-384" */
+    1105,    /* "hmac-sha3-512" */
+     797,    /* "hmacWithMD5" */
+     163,    /* "hmacWithSHA1" */
+     798,    /* "hmacWithSHA224" */
+     799,    /* "hmacWithSHA256" */
+     800,    /* "hmacWithSHA384" */
+     801,    /* "hmacWithSHA512" */
+    1193,    /* "hmacWithSHA512-224" */
+    1194,    /* "hmacWithSHA512-256" */
+     486,    /* "homePostalAddress" */
+     473,    /* "homeTelephoneNumber" */
+     466,    /* "host" */
+     889,    /* "houseIdentifier" */
+     442,    /* "iA5StringSyntax" */
+     381,    /* "iana" */
+     824,    /* "id-Gost28147-89-CryptoPro-A-ParamSet" */
+     825,    /* "id-Gost28147-89-CryptoPro-B-ParamSet" */
+     826,    /* "id-Gost28147-89-CryptoPro-C-ParamSet" */
+     827,    /* "id-Gost28147-89-CryptoPro-D-ParamSet" */
+     819,    /* "id-Gost28147-89-CryptoPro-KeyMeshing" */
+     829,    /* "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" */
+     828,    /* "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" */
+     830,    /* "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" */
+     820,    /* "id-Gost28147-89-None-KeyMeshing" */
+     823,    /* "id-Gost28147-89-TestParamSet" */
+     840,    /* "id-GostR3410-2001-CryptoPro-A-ParamSet" */
+     841,    /* "id-GostR3410-2001-CryptoPro-B-ParamSet" */
+     842,    /* "id-GostR3410-2001-CryptoPro-C-ParamSet" */
+     843,    /* "id-GostR3410-2001-CryptoPro-XchA-ParamSet" */
+     844,    /* "id-GostR3410-2001-CryptoPro-XchB-ParamSet" */
+     839,    /* "id-GostR3410-2001-TestParamSet" */
+     832,    /* "id-GostR3410-94-CryptoPro-A-ParamSet" */
+     833,    /* "id-GostR3410-94-CryptoPro-B-ParamSet" */
+     834,    /* "id-GostR3410-94-CryptoPro-C-ParamSet" */
+     835,    /* "id-GostR3410-94-CryptoPro-D-ParamSet" */
+     836,    /* "id-GostR3410-94-CryptoPro-XchA-ParamSet" */
+     837,    /* "id-GostR3410-94-CryptoPro-XchB-ParamSet" */
+     838,    /* "id-GostR3410-94-CryptoPro-XchC-ParamSet" */
+     831,    /* "id-GostR3410-94-TestParamSet" */
+     845,    /* "id-GostR3410-94-a" */
+     846,    /* "id-GostR3410-94-aBis" */
+     847,    /* "id-GostR3410-94-b" */
+     848,    /* "id-GostR3410-94-bBis" */
+     822,    /* "id-GostR3411-94-CryptoProParamSet" */
+     821,    /* "id-GostR3411-94-TestParamSet" */
+     266,    /* "id-aca" */
+     355,    /* "id-aca-accessIdentity" */
+     354,    /* "id-aca-authenticationInfo" */
+     356,    /* "id-aca-chargingIdentity" */
+     399,    /* "id-aca-encAttrs" */
+     357,    /* "id-aca-group" */
+     358,    /* "id-aca-role" */
+     176,    /* "id-ad" */
+     788,    /* "id-aes128-wrap" */
+     897,    /* "id-aes128-wrap-pad" */
+     789,    /* "id-aes192-wrap" */
+     900,    /* "id-aes192-wrap-pad" */
+     790,    /* "id-aes256-wrap" */
+     903,    /* "id-aes256-wrap-pad" */
+     262,    /* "id-alg" */
+     893,    /* "id-alg-PWRI-KEK" */
+     323,    /* "id-alg-des40" */
+     326,    /* "id-alg-dh-pop" */
+     325,    /* "id-alg-dh-sig-hmac-sha1" */
+     324,    /* "id-alg-noSignature" */
+     907,    /* "id-camellia128-wrap" */
+     908,    /* "id-camellia192-wrap" */
+     909,    /* "id-camellia256-wrap" */
+     268,    /* "id-cct" */
+     361,    /* "id-cct-PKIData" */
+     362,    /* "id-cct-PKIResponse" */
+     360,    /* "id-cct-crs" */
+      81,    /* "id-ce" */
+     680,    /* "id-characteristic-two-basis" */
+     263,    /* "id-cmc" */
+     334,    /* "id-cmc-addExtensions" */
+     346,    /* "id-cmc-confirmCertAcceptance" */
+     330,    /* "id-cmc-dataReturn" */
+     336,    /* "id-cmc-decryptedPOP" */
+     335,    /* "id-cmc-encryptedPOP" */
+     339,    /* "id-cmc-getCRL" */
+     338,    /* "id-cmc-getCert" */
+     328,    /* "id-cmc-identification" */
+     329,    /* "id-cmc-identityProof" */
+     337,    /* "id-cmc-lraPOPWitness" */
+     344,    /* "id-cmc-popLinkRandom" */
+     345,    /* "id-cmc-popLinkWitness" */
+     343,    /* "id-cmc-queryPending" */
+     333,    /* "id-cmc-recipientNonce" */
+     341,    /* "id-cmc-regInfo" */
+     342,    /* "id-cmc-responseInfo" */
+     340,    /* "id-cmc-revokeRequest" */
+     332,    /* "id-cmc-senderNonce" */
+     327,    /* "id-cmc-statusInfo" */
+     331,    /* "id-cmc-transactionId" */
+     787,    /* "id-ct-asciiTextWithCRLF" */
+    1060,    /* "id-ct-xml" */
+     408,    /* "id-ecPublicKey" */
+     508,    /* "id-hex-multipart-message" */
+     507,    /* "id-hex-partial-message" */
+     260,    /* "id-it" */
+     302,    /* "id-it-caKeyUpdateInfo" */
+     298,    /* "id-it-caProtEncCert" */
+     311,    /* "id-it-confirmWaitTime" */
+     303,    /* "id-it-currentCRL" */
+     300,    /* "id-it-encKeyPairTypes" */
+     310,    /* "id-it-implicitConfirm" */
+     308,    /* "id-it-keyPairParamRep" */
+     307,    /* "id-it-keyPairParamReq" */
+     312,    /* "id-it-origPKIMessage" */
+     301,    /* "id-it-preferredSymmAlg" */
+     309,    /* "id-it-revPassphrase" */
+     299,    /* "id-it-signKeyPairTypes" */
+     305,    /* "id-it-subscriptionRequest" */
+     306,    /* "id-it-subscriptionResponse" */
+     784,    /* "id-it-suppLangTags" */
+     304,    /* "id-it-unsupportedOIDs" */
+     128,    /* "id-kp" */
+     280,    /* "id-mod-attribute-cert" */
+     274,    /* "id-mod-cmc" */
+     277,    /* "id-mod-cmp" */
+     284,    /* "id-mod-cmp2000" */
+     273,    /* "id-mod-crmf" */
+     283,    /* "id-mod-dvcs" */
+     275,    /* "id-mod-kea-profile-88" */
+     276,    /* "id-mod-kea-profile-93" */
+     282,    /* "id-mod-ocsp" */
+     278,    /* "id-mod-qualified-cert-88" */
+     279,    /* "id-mod-qualified-cert-93" */
+     281,    /* "id-mod-timestamp-protocol" */
+     264,    /* "id-on" */
+     347,    /* "id-on-personalData" */
+     265,    /* "id-pda" */
+     352,    /* "id-pda-countryOfCitizenship" */
+     353,    /* "id-pda-countryOfResidence" */
+     348,    /* "id-pda-dateOfBirth" */
+     351,    /* "id-pda-gender" */
+     349,    /* "id-pda-placeOfBirth" */
+     175,    /* "id-pe" */
+    1031,    /* "id-pkinit" */
+     261,    /* "id-pkip" */
+     258,    /* "id-pkix-mod" */
+     269,    /* "id-pkix1-explicit-88" */
+     271,    /* "id-pkix1-explicit-93" */
+     270,    /* "id-pkix1-implicit-88" */
+     272,    /* "id-pkix1-implicit-93" */
+     662,    /* "id-ppl" */
+     267,    /* "id-qcs" */
+     359,    /* "id-qcs-pkixQCSyntax-v1" */
+     259,    /* "id-qt" */
+     313,    /* "id-regCtrl" */
+     316,    /* "id-regCtrl-authenticator" */
+     319,    /* "id-regCtrl-oldCertID" */
+     318,    /* "id-regCtrl-pkiArchiveOptions" */
+     317,    /* "id-regCtrl-pkiPublicationInfo" */
+     320,    /* "id-regCtrl-protocolEncrKey" */
+     315,    /* "id-regCtrl-regToken" */
+     314,    /* "id-regInfo" */
+     322,    /* "id-regInfo-certReq" */
+     321,    /* "id-regInfo-utf8Pairs" */
+     191,    /* "id-smime-aa" */
+     215,    /* "id-smime-aa-contentHint" */
+     218,    /* "id-smime-aa-contentIdentifier" */
+     221,    /* "id-smime-aa-contentReference" */
+     240,    /* "id-smime-aa-dvcs-dvc" */
+     217,    /* "id-smime-aa-encapContentType" */
+     222,    /* "id-smime-aa-encrypKeyPref" */
+     220,    /* "id-smime-aa-equivalentLabels" */
+     232,    /* "id-smime-aa-ets-CertificateRefs" */
+     233,    /* "id-smime-aa-ets-RevocationRefs" */
+     238,    /* "id-smime-aa-ets-archiveTimeStamp" */
+     237,    /* "id-smime-aa-ets-certCRLTimestamp" */
+     234,    /* "id-smime-aa-ets-certValues" */
+     227,    /* "id-smime-aa-ets-commitmentType" */
+     231,    /* "id-smime-aa-ets-contentTimestamp" */
+     236,    /* "id-smime-aa-ets-escTimeStamp" */
+     230,    /* "id-smime-aa-ets-otherSigCert" */
+     235,    /* "id-smime-aa-ets-revocationValues" */
+     226,    /* "id-smime-aa-ets-sigPolicyId" */
+     229,    /* "id-smime-aa-ets-signerAttr" */
+     228,    /* "id-smime-aa-ets-signerLocation" */
+     219,    /* "id-smime-aa-macValue" */
+     214,    /* "id-smime-aa-mlExpandHistory" */
+     216,    /* "id-smime-aa-msgSigDigest" */
+     212,    /* "id-smime-aa-receiptRequest" */
+     213,    /* "id-smime-aa-securityLabel" */
+     239,    /* "id-smime-aa-signatureType" */
+     223,    /* "id-smime-aa-signingCertificate" */
+    1086,    /* "id-smime-aa-signingCertificateV2" */
+     224,    /* "id-smime-aa-smimeEncryptCerts" */
+     225,    /* "id-smime-aa-timeStampToken" */
+     192,    /* "id-smime-alg" */
+     243,    /* "id-smime-alg-3DESwrap" */
+     246,    /* "id-smime-alg-CMS3DESwrap" */
+     247,    /* "id-smime-alg-CMSRC2wrap" */
+     245,    /* "id-smime-alg-ESDH" */
+     241,    /* "id-smime-alg-ESDHwith3DES" */
+     242,    /* "id-smime-alg-ESDHwithRC2" */
+     244,    /* "id-smime-alg-RC2wrap" */
+     193,    /* "id-smime-cd" */
+     248,    /* "id-smime-cd-ldap" */
+     190,    /* "id-smime-ct" */
+     210,    /* "id-smime-ct-DVCSRequestData" */
+     211,    /* "id-smime-ct-DVCSResponseData" */
+     208,    /* "id-smime-ct-TDTInfo" */
+     207,    /* "id-smime-ct-TSTInfo" */
+     205,    /* "id-smime-ct-authData" */
+    1059,    /* "id-smime-ct-authEnvelopedData" */
+     786,    /* "id-smime-ct-compressedData" */
+    1058,    /* "id-smime-ct-contentCollection" */
+     209,    /* "id-smime-ct-contentInfo" */
+     206,    /* "id-smime-ct-publishCert" */
+     204,    /* "id-smime-ct-receipt" */
+     195,    /* "id-smime-cti" */
+     255,    /* "id-smime-cti-ets-proofOfApproval" */
+     256,    /* "id-smime-cti-ets-proofOfCreation" */
+     253,    /* "id-smime-cti-ets-proofOfDelivery" */
+     251,    /* "id-smime-cti-ets-proofOfOrigin" */
+     252,    /* "id-smime-cti-ets-proofOfReceipt" */
+     254,    /* "id-smime-cti-ets-proofOfSender" */
+     189,    /* "id-smime-mod" */
+     196,    /* "id-smime-mod-cms" */
+     197,    /* "id-smime-mod-ess" */
+     202,    /* "id-smime-mod-ets-eSigPolicy-88" */
+     203,    /* "id-smime-mod-ets-eSigPolicy-97" */
+     200,    /* "id-smime-mod-ets-eSignature-88" */
+     201,    /* "id-smime-mod-ets-eSignature-97" */
+     199,    /* "id-smime-mod-msg-v3" */
+     198,    /* "id-smime-mod-oid" */
+     194,    /* "id-smime-spq" */
+     250,    /* "id-smime-spq-ets-sqt-unotice" */
+     249,    /* "id-smime-spq-ets-sqt-uri" */
+     974,    /* "id-tc26" */
+     991,    /* "id-tc26-agreement" */
+     992,    /* "id-tc26-agreement-gost-3410-2012-256" */
+     993,    /* "id-tc26-agreement-gost-3410-2012-512" */
+     977,    /* "id-tc26-algorithms" */
+     990,    /* "id-tc26-cipher" */
+    1001,    /* "id-tc26-cipher-constants" */
+    1176,    /* "id-tc26-cipher-gostr3412-2015-kuznyechik" */
+    1177,    /* "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm" */
+    1178,    /* "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac" */
+    1173,    /* "id-tc26-cipher-gostr3412-2015-magma" */
+    1174,    /* "id-tc26-cipher-gostr3412-2015-magma-ctracpkm" */
+    1175,    /* "id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac" */
+     994,    /* "id-tc26-constants" */
+     981,    /* "id-tc26-digest" */
+    1000,    /* "id-tc26-digest-constants" */
+    1002,    /* "id-tc26-gost-28147-constants" */
+    1147,    /* "id-tc26-gost-3410-2012-256-constants" */
+     996,    /* "id-tc26-gost-3410-2012-512-constants" */
+     987,    /* "id-tc26-mac" */
+     978,    /* "id-tc26-sign" */
+     995,    /* "id-tc26-sign-constants" */
+     984,    /* "id-tc26-signwithdigest" */
+    1179,    /* "id-tc26-wrap" */
+    1182,    /* "id-tc26-wrap-gostr3412-2015-kuznyechik" */
+    1183,    /* "id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15" */
+    1180,    /* "id-tc26-wrap-gostr3412-2015-magma" */
+    1181,    /* "id-tc26-wrap-gostr3412-2015-magma-kexp15" */
+      34,    /* "idea-cbc" */
+      35,    /* "idea-cfb" */
+      36,    /* "idea-ecb" */
+      46,    /* "idea-ofb" */
+     676,    /* "identified-organization" */
+    1170,    /* "ieee" */
+     461,    /* "info" */
+     101,    /* "initials" */
+     869,    /* "internationaliSDNNumber" */
+    1022,    /* "ipsec Internet Key Exchange" */
+     749,    /* "ipsec3" */
+     750,    /* "ipsec4" */
+     181,    /* "iso" */
+     623,    /* "issuer capabilities" */
+     645,    /* "itu-t" */
+     492,    /* "janetMailbox" */
+     646,    /* "joint-iso-itu-t" */
+     957,    /* "jurisdictionCountryName" */
+     955,    /* "jurisdictionLocalityName" */
+     956,    /* "jurisdictionStateOrProvinceName" */
+     150,    /* "keyBag" */
+     773,    /* "kisa" */
+    1063,    /* "kx-any" */
+    1039,    /* "kx-dhe" */
+    1041,    /* "kx-dhe-psk" */
+    1038,    /* "kx-ecdhe" */
+    1040,    /* "kx-ecdhe-psk" */
+    1045,    /* "kx-gost" */
+    1043,    /* "kx-psk" */
+    1037,    /* "kx-rsa" */
+    1042,    /* "kx-rsa-psk" */
+    1044,    /* "kx-srp" */
+     477,    /* "lastModifiedBy" */
+     476,    /* "lastModifiedTime" */
+     157,    /* "localKeyID" */
+      15,    /* "localityName" */
+     480,    /* "mXRecord" */
+    1190,    /* "magma-cbc" */
+    1191,    /* "magma-cfb" */
+    1188,    /* "magma-ctr" */
+    1187,    /* "magma-ecb" */
+    1192,    /* "magma-mac" */
+    1189,    /* "magma-ofb" */
+     493,    /* "mailPreferenceOption" */
+     467,    /* "manager" */
+       3,    /* "md2" */
+       7,    /* "md2WithRSAEncryption" */
+     257,    /* "md4" */
+     396,    /* "md4WithRSAEncryption" */
+       4,    /* "md5" */
+     114,    /* "md5-sha1" */
+     104,    /* "md5WithRSA" */
+       8,    /* "md5WithRSAEncryption" */
+      95,    /* "mdc2" */
+      96,    /* "mdc2WithRSA" */
+     875,    /* "member" */
+     602,    /* "merchant initiated auth" */
+     514,    /* "message extensions" */
+      51,    /* "messageDigest" */
+     911,    /* "mgf1" */
+     506,    /* "mime-mhs-bodies" */
+     505,    /* "mime-mhs-headings" */
+     488,    /* "mobileTelephoneNumber" */
+     481,    /* "nSRecord" */
+     173,    /* "name" */
+     681,    /* "onBasis" */
+     379,    /* "org" */
+    1089,    /* "organizationIdentifier" */
+      17,    /* "organizationName" */
+     491,    /* "organizationalStatus" */
+      18,    /* "organizationalUnitName" */
+    1141,    /* "oscca" */
+     475,    /* "otherMailbox" */
+     876,    /* "owner" */
+     935,    /* "pSpecified" */
+     489,    /* "pagerTelephoneNumber" */
+     782,    /* "password based MAC" */
+     374,    /* "path" */
+     621,    /* "payment gateway capabilities" */
+       9,    /* "pbeWithMD2AndDES-CBC" */
+     168,    /* "pbeWithMD2AndRC2-CBC" */
+     112,    /* "pbeWithMD5AndCast5CBC" */
+      10,    /* "pbeWithMD5AndDES-CBC" */
+     169,    /* "pbeWithMD5AndRC2-CBC" */
+     148,    /* "pbeWithSHA1And128BitRC2-CBC" */
+     144,    /* "pbeWithSHA1And128BitRC4" */
+     147,    /* "pbeWithSHA1And2-KeyTripleDES-CBC" */
+     146,    /* "pbeWithSHA1And3-KeyTripleDES-CBC" */
+     149,    /* "pbeWithSHA1And40BitRC2-CBC" */
+     145,    /* "pbeWithSHA1And40BitRC4" */
+     170,    /* "pbeWithSHA1AndDES-CBC" */
+      68,    /* "pbeWithSHA1AndRC2-CBC" */
+     499,    /* "personalSignature" */
+     487,    /* "personalTitle" */
+     464,    /* "photo" */
+     863,    /* "physicalDeliveryOfficeName" */
+     437,    /* "pilot" */
+     439,    /* "pilotAttributeSyntax" */
+     438,    /* "pilotAttributeType" */
+     479,    /* "pilotAttributeType27" */
+     456,    /* "pilotDSA" */
+     441,    /* "pilotGroups" */
+     444,    /* "pilotObject" */
+     440,    /* "pilotObjectClass" */
+     455,    /* "pilotOrganization" */
+     445,    /* "pilotPerson" */
+     186,    /* "pkcs1" */
+      27,    /* "pkcs3" */
+     187,    /* "pkcs5" */
+      20,    /* "pkcs7" */
+      21,    /* "pkcs7-data" */
+      25,    /* "pkcs7-digestData" */
+      26,    /* "pkcs7-encryptedData" */
+      23,    /* "pkcs7-envelopedData" */
+      24,    /* "pkcs7-signedAndEnvelopedData" */
+      22,    /* "pkcs7-signedData" */
+     151,    /* "pkcs8ShroudedKeyBag" */
+      47,    /* "pkcs9" */
+    1061,    /* "poly1305" */
+     862,    /* "postOfficeBox" */
+     861,    /* "postalAddress" */
+     661,    /* "postalCode" */
+     683,    /* "ppBasis" */
+     872,    /* "preferredDeliveryMethod" */
+     873,    /* "presentationAddress" */
+     406,    /* "prime-field" */
+     409,    /* "prime192v1" */
+     410,    /* "prime192v2" */
+     411,    /* "prime192v3" */
+     412,    /* "prime239v1" */
+     413,    /* "prime239v2" */
+     414,    /* "prime239v3" */
+     415,    /* "prime256v1" */
+     886,    /* "protocolInformation" */
+     510,    /* "pseudonym" */
+     435,    /* "pss" */
+     286,    /* "qcStatements" */
+     457,    /* "qualityLabelledData" */
+     450,    /* "rFC822localPart" */
+      98,    /* "rc2-40-cbc" */
+     166,    /* "rc2-64-cbc" */
+      37,    /* "rc2-cbc" */
+      39,    /* "rc2-cfb" */
+      38,    /* "rc2-ecb" */
+      40,    /* "rc2-ofb" */
+       5,    /* "rc4" */
+      97,    /* "rc4-40" */
+     915,    /* "rc4-hmac-md5" */
+     120,    /* "rc5-cbc" */
+     122,    /* "rc5-cfb" */
+     121,    /* "rc5-ecb" */
+     123,    /* "rc5-ofb" */
+     870,    /* "registeredAddress" */
+     460,    /* "rfc822Mailbox" */
+     117,    /* "ripemd160" */
+     119,    /* "ripemd160WithRSA" */
+     400,    /* "role" */
+     877,    /* "roleOccupant" */
+     448,    /* "room" */
+     463,    /* "roomNumber" */
+      19,    /* "rsa" */
+       6,    /* "rsaEncryption" */
+     644,    /* "rsaOAEPEncryptionSET" */
+     377,    /* "rsaSignature" */
+     919,    /* "rsaesOaep" */
+     912,    /* "rsassaPss" */
+     482,    /* "sOARecord" */
+     155,    /* "safeContentsBag" */
+     291,    /* "sbgp-autonomousSysNum" */
+     290,    /* "sbgp-ipAddrBlock" */
+     292,    /* "sbgp-routerIdentifier" */
+     973,    /* "scrypt" */
+     159,    /* "sdsiCertificate" */
+     859,    /* "searchGuide" */
+     704,    /* "secp112r1" */
+     705,    /* "secp112r2" */
+     706,    /* "secp128r1" */
+     707,    /* "secp128r2" */
+     708,    /* "secp160k1" */
+     709,    /* "secp160r1" */
+     710,    /* "secp160r2" */
+     711,    /* "secp192k1" */
+     712,    /* "secp224k1" */
+     713,    /* "secp224r1" */
+     714,    /* "secp256k1" */
+     715,    /* "secp384r1" */
+     716,    /* "secp521r1" */
+     154,    /* "secretBag" */
+     474,    /* "secretary" */
+     717,    /* "sect113r1" */
+     718,    /* "sect113r2" */
+     719,    /* "sect131r1" */
+     720,    /* "sect131r2" */
+     721,    /* "sect163k1" */
+     722,    /* "sect163r1" */
+     723,    /* "sect163r2" */
+     724,    /* "sect193r1" */
+     725,    /* "sect193r2" */
+     726,    /* "sect233k1" */
+     727,    /* "sect233r1" */
+     728,    /* "sect239k1" */
+     729,    /* "sect283k1" */
+     730,    /* "sect283r1" */
+     731,    /* "sect409k1" */
+     732,    /* "sect409r1" */
+     733,    /* "sect571k1" */
+     734,    /* "sect571r1" */
+     635,    /* "secure device signature" */
+     878,    /* "seeAlso" */
+     777,    /* "seed-cbc" */
+     779,    /* "seed-cfb" */
+     776,    /* "seed-ecb" */
+     778,    /* "seed-ofb" */
+     105,    /* "serialNumber" */
+     625,    /* "set-addPolicy" */
+     515,    /* "set-attr" */
+     518,    /* "set-brand" */
+     638,    /* "set-brand-AmericanExpress" */
+     637,    /* "set-brand-Diners" */
+     636,    /* "set-brand-IATA-ATA" */
+     639,    /* "set-brand-JCB" */
+     641,    /* "set-brand-MasterCard" */
+     642,    /* "set-brand-Novus" */
+     640,    /* "set-brand-Visa" */
+     516,    /* "set-policy" */
+     607,    /* "set-policy-root" */
+     624,    /* "set-rootKeyThumb" */
+     620,    /* "setAttr-Cert" */
+     628,    /* "setAttr-IssCap-CVM" */
+     630,    /* "setAttr-IssCap-Sig" */
+     629,    /* "setAttr-IssCap-T2" */
+     627,    /* "setAttr-Token-B0Prime" */
+     626,    /* "setAttr-Token-EMV" */
+     622,    /* "setAttr-TokenType" */
+     619,    /* "setCext-IssuerCapabilities" */
+     615,    /* "setCext-PGWYcapabilities" */
+     616,    /* "setCext-TokenIdentifier" */
+     618,    /* "setCext-TokenType" */
+     617,    /* "setCext-Track2Data" */
+     611,    /* "setCext-cCertRequired" */
+     609,    /* "setCext-certType" */
+     608,    /* "setCext-hashedRoot" */
+     610,    /* "setCext-merchData" */
+     613,    /* "setCext-setExt" */
+     614,    /* "setCext-setQualf" */
+     612,    /* "setCext-tunneling" */
+     540,    /* "setct-AcqCardCodeMsg" */
+     576,    /* "setct-AcqCardCodeMsgTBE" */
+     570,    /* "setct-AuthReqTBE" */
+     534,    /* "setct-AuthReqTBS" */
+     527,    /* "setct-AuthResBaggage" */
+     571,    /* "setct-AuthResTBE" */
+     572,    /* "setct-AuthResTBEX" */
+     535,    /* "setct-AuthResTBS" */
+     536,    /* "setct-AuthResTBSX" */
+     528,    /* "setct-AuthRevReqBaggage" */
+     577,    /* "setct-AuthRevReqTBE" */
+     541,    /* "setct-AuthRevReqTBS" */
+     529,    /* "setct-AuthRevResBaggage" */
+     542,    /* "setct-AuthRevResData" */
+     578,    /* "setct-AuthRevResTBE" */
+     579,    /* "setct-AuthRevResTBEB" */
+     543,    /* "setct-AuthRevResTBS" */
+     573,    /* "setct-AuthTokenTBE" */
+     537,    /* "setct-AuthTokenTBS" */
+     600,    /* "setct-BCIDistributionTBS" */
+     558,    /* "setct-BatchAdminReqData" */
+     592,    /* "setct-BatchAdminReqTBE" */
+     559,    /* "setct-BatchAdminResData" */
+     593,    /* "setct-BatchAdminResTBE" */
+     599,    /* "setct-CRLNotificationResTBS" */
+     598,    /* "setct-CRLNotificationTBS" */
+     580,    /* "setct-CapReqTBE" */
+     581,    /* "setct-CapReqTBEX" */
+     544,    /* "setct-CapReqTBS" */
+     545,    /* "setct-CapReqTBSX" */
+     546,    /* "setct-CapResData" */
+     582,    /* "setct-CapResTBE" */
+     583,    /* "setct-CapRevReqTBE" */
+     584,    /* "setct-CapRevReqTBEX" */
+     547,    /* "setct-CapRevReqTBS" */
+     548,    /* "setct-CapRevReqTBSX" */
+     549,    /* "setct-CapRevResData" */
+     585,    /* "setct-CapRevResTBE" */
+     538,    /* "setct-CapTokenData" */
+     530,    /* "setct-CapTokenSeq" */
+     574,    /* "setct-CapTokenTBE" */
+     575,    /* "setct-CapTokenTBEX" */
+     539,    /* "setct-CapTokenTBS" */
+     560,    /* "setct-CardCInitResTBS" */
+     566,    /* "setct-CertInqReqTBS" */
+     563,    /* "setct-CertReqData" */
+     595,    /* "setct-CertReqTBE" */
+     596,    /* "setct-CertReqTBEX" */
+     564,    /* "setct-CertReqTBS" */
+     565,    /* "setct-CertResData" */
+     597,    /* "setct-CertResTBE" */
+     586,    /* "setct-CredReqTBE" */
+     587,    /* "setct-CredReqTBEX" */
+     550,    /* "setct-CredReqTBS" */
+     551,    /* "setct-CredReqTBSX" */
+     552,    /* "setct-CredResData" */
+     588,    /* "setct-CredResTBE" */
+     589,    /* "setct-CredRevReqTBE" */
+     590,    /* "setct-CredRevReqTBEX" */
+     553,    /* "setct-CredRevReqTBS" */
+     554,    /* "setct-CredRevReqTBSX" */
+     555,    /* "setct-CredRevResData" */
+     591,    /* "setct-CredRevResTBE" */
+     567,    /* "setct-ErrorTBS" */
+     526,    /* "setct-HODInput" */
+     561,    /* "setct-MeAqCInitResTBS" */
+     522,    /* "setct-OIData" */
+     519,    /* "setct-PANData" */
+     521,    /* "setct-PANOnly" */
+     520,    /* "setct-PANToken" */
+     556,    /* "setct-PCertReqData" */
+     557,    /* "setct-PCertResTBS" */
+     523,    /* "setct-PI" */
+     532,    /* "setct-PI-TBS" */
+     524,    /* "setct-PIData" */
+     525,    /* "setct-PIDataUnsigned" */
+     568,    /* "setct-PIDualSignedTBE" */
+     569,    /* "setct-PIUnsignedTBE" */
+     531,    /* "setct-PInitResData" */
+     533,    /* "setct-PResData" */
+     594,    /* "setct-RegFormReqTBE" */
+     562,    /* "setct-RegFormResTBS" */
+     604,    /* "setext-pinAny" */
+     603,    /* "setext-pinSecure" */
+     605,    /* "setext-track2" */
+      41,    /* "sha" */
+      64,    /* "sha1" */
+     115,    /* "sha1WithRSA" */
+      65,    /* "sha1WithRSAEncryption" */
+     675,    /* "sha224" */
+     671,    /* "sha224WithRSAEncryption" */
+     672,    /* "sha256" */
+     668,    /* "sha256WithRSAEncryption" */
+    1096,    /* "sha3-224" */
+    1097,    /* "sha3-256" */
+    1098,    /* "sha3-384" */
+    1099,    /* "sha3-512" */
+     673,    /* "sha384" */
+     669,    /* "sha384WithRSAEncryption" */
+     674,    /* "sha512" */
+    1094,    /* "sha512-224" */
+    1145,    /* "sha512-224WithRSAEncryption" */
+    1095,    /* "sha512-256" */
+    1146,    /* "sha512-256WithRSAEncryption" */
+     670,    /* "sha512WithRSAEncryption" */
+      42,    /* "shaWithRSAEncryption" */
+    1100,    /* "shake128" */
+    1101,    /* "shake256" */
+      52,    /* "signingTime" */
+     454,    /* "simpleSecurityObject" */
+     496,    /* "singleLevelQuality" */
+    1062,    /* "siphash" */
+    1142,    /* "sm-scheme" */
+    1172,    /* "sm2" */
+    1143,    /* "sm3" */
+    1144,    /* "sm3WithRSAEncryption" */
+    1134,    /* "sm4-cbc" */
+    1137,    /* "sm4-cfb" */
+    1136,    /* "sm4-cfb1" */
+    1138,    /* "sm4-cfb8" */
+    1139,    /* "sm4-ctr" */
+    1133,    /* "sm4-ecb" */
+    1135,    /* "sm4-ofb" */
+      16,    /* "stateOrProvinceName" */
+     660,    /* "streetAddress" */
+     498,    /* "subtreeMaximumQuality" */
+     497,    /* "subtreeMinimumQuality" */
+     890,    /* "supportedAlgorithms" */
+     874,    /* "supportedApplicationContext" */
+     100,    /* "surname" */
+     864,    /* "telephoneNumber" */
+     866,    /* "teletexTerminalIdentifier" */
+     865,    /* "telexNumber" */
+     459,    /* "textEncodedORAddress" */
+     293,    /* "textNotice" */
+     106,    /* "title" */
+    1021,    /* "tls1-prf" */
+     682,    /* "tpBasis" */
+    1151,    /* "ua-pki" */
+     436,    /* "ucl" */
+       0,    /* "undefined" */
+     102,    /* "uniqueIdentifier" */
+     888,    /* "uniqueMember" */
+      55,    /* "unstructuredAddress" */
+      49,    /* "unstructuredName" */
+     880,    /* "userCertificate" */
+     465,    /* "userClass" */
+     458,    /* "userId" */
+     879,    /* "userPassword" */
+     373,    /* "valid" */
+     678,    /* "wap" */
+     679,    /* "wap-wsg" */
+     735,    /* "wap-wsg-idm-ecid-wtls1" */
+     743,    /* "wap-wsg-idm-ecid-wtls10" */
+     744,    /* "wap-wsg-idm-ecid-wtls11" */
+     745,    /* "wap-wsg-idm-ecid-wtls12" */
+     736,    /* "wap-wsg-idm-ecid-wtls3" */
+     737,    /* "wap-wsg-idm-ecid-wtls4" */
+     738,    /* "wap-wsg-idm-ecid-wtls5" */
+     739,    /* "wap-wsg-idm-ecid-wtls6" */
+     740,    /* "wap-wsg-idm-ecid-wtls7" */
+     741,    /* "wap-wsg-idm-ecid-wtls8" */
+     742,    /* "wap-wsg-idm-ecid-wtls9" */
+     804,    /* "whirlpool" */
+     868,    /* "x121Address" */
+     503,    /* "x500UniqueIdentifier" */
+     158,    /* "x509Certificate" */
+     160,    /* "x509Crl" */
+     125,    /* "zlib compression" */
 };
 
-static const unsigned int obj_objs[NUM_OBJ]={
- 0,	/* OBJ_undef                        0 */
-181,	/* OBJ_iso                          1 */
-393,	/* OBJ_joint_iso_ccitt              OBJ_joint_iso_itu_t */
-404,	/* OBJ_ccitt                        OBJ_itu_t */
-645,	/* OBJ_itu_t                        0 */
-646,	/* OBJ_joint_iso_itu_t              2 */
-434,	/* OBJ_data                         0 9 */
-182,	/* OBJ_member_body                  1 2 */
-379,	/* OBJ_org                          1 3 */
-676,	/* OBJ_identified_organization      1 3 */
-11,	/* OBJ_X500                         2 5 */
-647,	/* OBJ_international_organizations  2 23 */
-380,	/* OBJ_dod                          1 3 6 */
-12,	/* OBJ_X509                         2 5 4 */
-378,	/* OBJ_X500algorithms               2 5 8 */
-81,	/* OBJ_id_ce                        2 5 29 */
-512,	/* OBJ_id_set                       2 23 42 */
-678,	/* OBJ_wap                          2 23 43 */
-435,	/* OBJ_pss                          0 9 2342 */
-183,	/* OBJ_ISO_US                       1 2 840 */
-381,	/* OBJ_iana                         1 3 6 1 */
-677,	/* OBJ_certicom_arc                 1 3 132 */
-394,	/* OBJ_selected_attribute_types     2 5 1 5 */
-13,	/* OBJ_commonName                   2 5 4 3 */
-100,	/* OBJ_surname                      2 5 4 4 */
-105,	/* OBJ_serialNumber                 2 5 4 5 */
-14,	/* OBJ_countryName                  2 5 4 6 */
-15,	/* OBJ_localityName                 2 5 4 7 */
-16,	/* OBJ_stateOrProvinceName          2 5 4 8 */
-660,	/* OBJ_streetAddress                2 5 4 9 */
-17,	/* OBJ_organizationName             2 5 4 10 */
-18,	/* OBJ_organizationalUnitName       2 5 4 11 */
-106,	/* OBJ_title                        2 5 4 12 */
-107,	/* OBJ_description                  2 5 4 13 */
-859,	/* OBJ_searchGuide                  2 5 4 14 */
-860,	/* OBJ_businessCategory             2 5 4 15 */
-861,	/* OBJ_postalAddress                2 5 4 16 */
-661,	/* OBJ_postalCode                   2 5 4 17 */
-862,	/* OBJ_postOfficeBox                2 5 4 18 */
-863,	/* OBJ_physicalDeliveryOfficeName   2 5 4 19 */
-864,	/* OBJ_telephoneNumber              2 5 4 20 */
-865,	/* OBJ_telexNumber                  2 5 4 21 */
-866,	/* OBJ_teletexTerminalIdentifier    2 5 4 22 */
-867,	/* OBJ_facsimileTelephoneNumber     2 5 4 23 */
-868,	/* OBJ_x121Address                  2 5 4 24 */
-869,	/* OBJ_internationaliSDNNumber      2 5 4 25 */
-870,	/* OBJ_registeredAddress            2 5 4 26 */
-871,	/* OBJ_destinationIndicator         2 5 4 27 */
-872,	/* OBJ_preferredDeliveryMethod      2 5 4 28 */
-873,	/* OBJ_presentationAddress          2 5 4 29 */
-874,	/* OBJ_supportedApplicationContext  2 5 4 30 */
-875,	/* OBJ_member                       2 5 4 31 */
-876,	/* OBJ_owner                        2 5 4 32 */
-877,	/* OBJ_roleOccupant                 2 5 4 33 */
-878,	/* OBJ_seeAlso                      2 5 4 34 */
-879,	/* OBJ_userPassword                 2 5 4 35 */
-880,	/* OBJ_userCertificate              2 5 4 36 */
-881,	/* OBJ_cACertificate                2 5 4 37 */
-882,	/* OBJ_authorityRevocationList      2 5 4 38 */
-883,	/* OBJ_certificateRevocationList    2 5 4 39 */
-884,	/* OBJ_crossCertificatePair         2 5 4 40 */
-173,	/* OBJ_name                         2 5 4 41 */
-99,	/* OBJ_givenName                    2 5 4 42 */
-101,	/* OBJ_initials                     2 5 4 43 */
-509,	/* OBJ_generationQualifier          2 5 4 44 */
-503,	/* OBJ_x500UniqueIdentifier         2 5 4 45 */
-174,	/* OBJ_dnQualifier                  2 5 4 46 */
-885,	/* OBJ_enhancedSearchGuide          2 5 4 47 */
-886,	/* OBJ_protocolInformation          2 5 4 48 */
-887,	/* OBJ_distinguishedName            2 5 4 49 */
-888,	/* OBJ_uniqueMember                 2 5 4 50 */
-889,	/* OBJ_houseIdentifier              2 5 4 51 */
-890,	/* OBJ_supportedAlgorithms          2 5 4 52 */
-891,	/* OBJ_deltaRevocationList          2 5 4 53 */
-892,	/* OBJ_dmdName                      2 5 4 54 */
-510,	/* OBJ_pseudonym                    2 5 4 65 */
-400,	/* OBJ_role                         2 5 4 72 */
-769,	/* OBJ_subject_directory_attributes 2 5 29 9 */
-82,	/* OBJ_subject_key_identifier       2 5 29 14 */
-83,	/* OBJ_key_usage                    2 5 29 15 */
-84,	/* OBJ_private_key_usage_period     2 5 29 16 */
-85,	/* OBJ_subject_alt_name             2 5 29 17 */
-86,	/* OBJ_issuer_alt_name              2 5 29 18 */
-87,	/* OBJ_basic_constraints            2 5 29 19 */
-88,	/* OBJ_crl_number                   2 5 29 20 */
-141,	/* OBJ_crl_reason                   2 5 29 21 */
-430,	/* OBJ_hold_instruction_code        2 5 29 23 */
-142,	/* OBJ_invalidity_date              2 5 29 24 */
-140,	/* OBJ_delta_crl                    2 5 29 27 */
-770,	/* OBJ_issuing_distribution_point   2 5 29 28 */
-771,	/* OBJ_certificate_issuer           2 5 29 29 */
-666,	/* OBJ_name_constraints             2 5 29 30 */
-103,	/* OBJ_crl_distribution_points      2 5 29 31 */
-89,	/* OBJ_certificate_policies         2 5 29 32 */
-747,	/* OBJ_policy_mappings              2 5 29 33 */
-90,	/* OBJ_authority_key_identifier     2 5 29 35 */
-401,	/* OBJ_policy_constraints           2 5 29 36 */
-126,	/* OBJ_ext_key_usage                2 5 29 37 */
-857,	/* OBJ_freshest_crl                 2 5 29 46 */
-748,	/* OBJ_inhibit_any_policy           2 5 29 54 */
-402,	/* OBJ_target_information           2 5 29 55 */
-403,	/* OBJ_no_rev_avail                 2 5 29 56 */
-513,	/* OBJ_set_ctype                    2 23 42 0 */
-514,	/* OBJ_set_msgExt                   2 23 42 1 */
-515,	/* OBJ_set_attr                     2 23 42 3 */
-516,	/* OBJ_set_policy                   2 23 42 5 */
-517,	/* OBJ_set_certExt                  2 23 42 7 */
-518,	/* OBJ_set_brand                    2 23 42 8 */
-679,	/* OBJ_wap_wsg                      2 23 43 1 */
-382,	/* OBJ_Directory                    1 3 6 1 1 */
-383,	/* OBJ_Management                   1 3 6 1 2 */
-384,	/* OBJ_Experimental                 1 3 6 1 3 */
-385,	/* OBJ_Private                      1 3 6 1 4 */
-386,	/* OBJ_Security                     1 3 6 1 5 */
-387,	/* OBJ_SNMPv2                       1 3 6 1 6 */
-388,	/* OBJ_Mail                         1 3 6 1 7 */
-376,	/* OBJ_algorithm                    1 3 14 3 2 */
-395,	/* OBJ_clearance                    2 5 1 5 55 */
-19,	/* OBJ_rsa                          2 5 8 1 1 */
-96,	/* OBJ_mdc2WithRSA                  2 5 8 3 100 */
-95,	/* OBJ_mdc2                         2 5 8 3 101 */
-746,	/* OBJ_any_policy                   2 5 29 32 0 */
-910,	/* OBJ_anyExtendedKeyUsage          2 5 29 37 0 */
-519,	/* OBJ_setct_PANData                2 23 42 0 0 */
-520,	/* OBJ_setct_PANToken               2 23 42 0 1 */
-521,	/* OBJ_setct_PANOnly                2 23 42 0 2 */
-522,	/* OBJ_setct_OIData                 2 23 42 0 3 */
-523,	/* OBJ_setct_PI                     2 23 42 0 4 */
-524,	/* OBJ_setct_PIData                 2 23 42 0 5 */
-525,	/* OBJ_setct_PIDataUnsigned         2 23 42 0 6 */
-526,	/* OBJ_setct_HODInput               2 23 42 0 7 */
-527,	/* OBJ_setct_AuthResBaggage         2 23 42 0 8 */
-528,	/* OBJ_setct_AuthRevReqBaggage      2 23 42 0 9 */
-529,	/* OBJ_setct_AuthRevResBaggage      2 23 42 0 10 */
-530,	/* OBJ_setct_CapTokenSeq            2 23 42 0 11 */
-531,	/* OBJ_setct_PInitResData           2 23 42 0 12 */
-532,	/* OBJ_setct_PI_TBS                 2 23 42 0 13 */
-533,	/* OBJ_setct_PResData               2 23 42 0 14 */
-534,	/* OBJ_setct_AuthReqTBS             2 23 42 0 16 */
-535,	/* OBJ_setct_AuthResTBS             2 23 42 0 17 */
-536,	/* OBJ_setct_AuthResTBSX            2 23 42 0 18 */
-537,	/* OBJ_setct_AuthTokenTBS           2 23 42 0 19 */
-538,	/* OBJ_setct_CapTokenData           2 23 42 0 20 */
-539,	/* OBJ_setct_CapTokenTBS            2 23 42 0 21 */
-540,	/* OBJ_setct_AcqCardCodeMsg         2 23 42 0 22 */
-541,	/* OBJ_setct_AuthRevReqTBS          2 23 42 0 23 */
-542,	/* OBJ_setct_AuthRevResData         2 23 42 0 24 */
-543,	/* OBJ_setct_AuthRevResTBS          2 23 42 0 25 */
-544,	/* OBJ_setct_CapReqTBS              2 23 42 0 26 */
-545,	/* OBJ_setct_CapReqTBSX             2 23 42 0 27 */
-546,	/* OBJ_setct_CapResData             2 23 42 0 28 */
-547,	/* OBJ_setct_CapRevReqTBS           2 23 42 0 29 */
-548,	/* OBJ_setct_CapRevReqTBSX          2 23 42 0 30 */
-549,	/* OBJ_setct_CapRevResData          2 23 42 0 31 */
-550,	/* OBJ_setct_CredReqTBS             2 23 42 0 32 */
-551,	/* OBJ_setct_CredReqTBSX            2 23 42 0 33 */
-552,	/* OBJ_setct_CredResData            2 23 42 0 34 */
-553,	/* OBJ_setct_CredRevReqTBS          2 23 42 0 35 */
-554,	/* OBJ_setct_CredRevReqTBSX         2 23 42 0 36 */
-555,	/* OBJ_setct_CredRevResData         2 23 42 0 37 */
-556,	/* OBJ_setct_PCertReqData           2 23 42 0 38 */
-557,	/* OBJ_setct_PCertResTBS            2 23 42 0 39 */
-558,	/* OBJ_setct_BatchAdminReqData      2 23 42 0 40 */
-559,	/* OBJ_setct_BatchAdminResData      2 23 42 0 41 */
-560,	/* OBJ_setct_CardCInitResTBS        2 23 42 0 42 */
-561,	/* OBJ_setct_MeAqCInitResTBS        2 23 42 0 43 */
-562,	/* OBJ_setct_RegFormResTBS          2 23 42 0 44 */
-563,	/* OBJ_setct_CertReqData            2 23 42 0 45 */
-564,	/* OBJ_setct_CertReqTBS             2 23 42 0 46 */
-565,	/* OBJ_setct_CertResData            2 23 42 0 47 */
-566,	/* OBJ_setct_CertInqReqTBS          2 23 42 0 48 */
-567,	/* OBJ_setct_ErrorTBS               2 23 42 0 49 */
-568,	/* OBJ_setct_PIDualSignedTBE        2 23 42 0 50 */
-569,	/* OBJ_setct_PIUnsignedTBE          2 23 42 0 51 */
-570,	/* OBJ_setct_AuthReqTBE             2 23 42 0 52 */
-571,	/* OBJ_setct_AuthResTBE             2 23 42 0 53 */
-572,	/* OBJ_setct_AuthResTBEX            2 23 42 0 54 */
-573,	/* OBJ_setct_AuthTokenTBE           2 23 42 0 55 */
-574,	/* OBJ_setct_CapTokenTBE            2 23 42 0 56 */
-575,	/* OBJ_setct_CapTokenTBEX           2 23 42 0 57 */
-576,	/* OBJ_setct_AcqCardCodeMsgTBE      2 23 42 0 58 */
-577,	/* OBJ_setct_AuthRevReqTBE          2 23 42 0 59 */
-578,	/* OBJ_setct_AuthRevResTBE          2 23 42 0 60 */
-579,	/* OBJ_setct_AuthRevResTBEB         2 23 42 0 61 */
-580,	/* OBJ_setct_CapReqTBE              2 23 42 0 62 */
-581,	/* OBJ_setct_CapReqTBEX             2 23 42 0 63 */
-582,	/* OBJ_setct_CapResTBE              2 23 42 0 64 */
-583,	/* OBJ_setct_CapRevReqTBE           2 23 42 0 65 */
-584,	/* OBJ_setct_CapRevReqTBEX          2 23 42 0 66 */
-585,	/* OBJ_setct_CapRevResTBE           2 23 42 0 67 */
-586,	/* OBJ_setct_CredReqTBE             2 23 42 0 68 */
-587,	/* OBJ_setct_CredReqTBEX            2 23 42 0 69 */
-588,	/* OBJ_setct_CredResTBE             2 23 42 0 70 */
-589,	/* OBJ_setct_CredRevReqTBE          2 23 42 0 71 */
-590,	/* OBJ_setct_CredRevReqTBEX         2 23 42 0 72 */
-591,	/* OBJ_setct_CredRevResTBE          2 23 42 0 73 */
-592,	/* OBJ_setct_BatchAdminReqTBE       2 23 42 0 74 */
-593,	/* OBJ_setct_BatchAdminResTBE       2 23 42 0 75 */
-594,	/* OBJ_setct_RegFormReqTBE          2 23 42 0 76 */
-595,	/* OBJ_setct_CertReqTBE             2 23 42 0 77 */
-596,	/* OBJ_setct_CertReqTBEX            2 23 42 0 78 */
-597,	/* OBJ_setct_CertResTBE             2 23 42 0 79 */
-598,	/* OBJ_setct_CRLNotificationTBS     2 23 42 0 80 */
-599,	/* OBJ_setct_CRLNotificationResTBS  2 23 42 0 81 */
-600,	/* OBJ_setct_BCIDistributionTBS     2 23 42 0 82 */
-601,	/* OBJ_setext_genCrypt              2 23 42 1 1 */
-602,	/* OBJ_setext_miAuth                2 23 42 1 3 */
-603,	/* OBJ_setext_pinSecure             2 23 42 1 4 */
-604,	/* OBJ_setext_pinAny                2 23 42 1 5 */
-605,	/* OBJ_setext_track2                2 23 42 1 7 */
-606,	/* OBJ_setext_cv                    2 23 42 1 8 */
-620,	/* OBJ_setAttr_Cert                 2 23 42 3 0 */
-621,	/* OBJ_setAttr_PGWYcap              2 23 42 3 1 */
-622,	/* OBJ_setAttr_TokenType            2 23 42 3 2 */
-623,	/* OBJ_setAttr_IssCap               2 23 42 3 3 */
-607,	/* OBJ_set_policy_root              2 23 42 5 0 */
-608,	/* OBJ_setCext_hashedRoot           2 23 42 7 0 */
-609,	/* OBJ_setCext_certType             2 23 42 7 1 */
-610,	/* OBJ_setCext_merchData            2 23 42 7 2 */
-611,	/* OBJ_setCext_cCertRequired        2 23 42 7 3 */
-612,	/* OBJ_setCext_tunneling            2 23 42 7 4 */
-613,	/* OBJ_setCext_setExt               2 23 42 7 5 */
-614,	/* OBJ_setCext_setQualf             2 23 42 7 6 */
-615,	/* OBJ_setCext_PGWYcapabilities     2 23 42 7 7 */
-616,	/* OBJ_setCext_TokenIdentifier      2 23 42 7 8 */
-617,	/* OBJ_setCext_Track2Data           2 23 42 7 9 */
-618,	/* OBJ_setCext_TokenType            2 23 42 7 10 */
-619,	/* OBJ_setCext_IssuerCapabilities   2 23 42 7 11 */
-636,	/* OBJ_set_brand_IATA_ATA           2 23 42 8 1 */
-640,	/* OBJ_set_brand_Visa               2 23 42 8 4 */
-641,	/* OBJ_set_brand_MasterCard         2 23 42 8 5 */
-637,	/* OBJ_set_brand_Diners             2 23 42 8 30 */
-638,	/* OBJ_set_brand_AmericanExpress    2 23 42 8 34 */
-639,	/* OBJ_set_brand_JCB                2 23 42 8 35 */
-805,	/* OBJ_cryptopro                    1 2 643 2 2 */
-806,	/* OBJ_cryptocom                    1 2 643 2 9 */
-184,	/* OBJ_X9_57                        1 2 840 10040 */
-405,	/* OBJ_ansi_X9_62                   1 2 840 10045 */
-389,	/* OBJ_Enterprises                  1 3 6 1 4 1 */
-504,	/* OBJ_mime_mhs                     1 3 6 1 7 1 */
-104,	/* OBJ_md5WithRSA                   1 3 14 3 2 3 */
-29,	/* OBJ_des_ecb                      1 3 14 3 2 6 */
-31,	/* OBJ_des_cbc                      1 3 14 3 2 7 */
-45,	/* OBJ_des_ofb64                    1 3 14 3 2 8 */
-30,	/* OBJ_des_cfb64                    1 3 14 3 2 9 */
-377,	/* OBJ_rsaSignature                 1 3 14 3 2 11 */
-67,	/* OBJ_dsa_2                        1 3 14 3 2 12 */
-66,	/* OBJ_dsaWithSHA                   1 3 14 3 2 13 */
-42,	/* OBJ_shaWithRSAEncryption         1 3 14 3 2 15 */
-32,	/* OBJ_des_ede_ecb                  1 3 14 3 2 17 */
-41,	/* OBJ_sha                          1 3 14 3 2 18 */
-64,	/* OBJ_sha1                         1 3 14 3 2 26 */
-70,	/* OBJ_dsaWithSHA1_2                1 3 14 3 2 27 */
-115,	/* OBJ_sha1WithRSA                  1 3 14 3 2 29 */
-117,	/* OBJ_ripemd160                    1 3 36 3 2 1 */
-143,	/* OBJ_sxnet                        1 3 101 1 4 1 */
-721,	/* OBJ_sect163k1                    1 3 132 0 1 */
-722,	/* OBJ_sect163r1                    1 3 132 0 2 */
-728,	/* OBJ_sect239k1                    1 3 132 0 3 */
-717,	/* OBJ_sect113r1                    1 3 132 0 4 */
-718,	/* OBJ_sect113r2                    1 3 132 0 5 */
-704,	/* OBJ_secp112r1                    1 3 132 0 6 */
-705,	/* OBJ_secp112r2                    1 3 132 0 7 */
-709,	/* OBJ_secp160r1                    1 3 132 0 8 */
-708,	/* OBJ_secp160k1                    1 3 132 0 9 */
-714,	/* OBJ_secp256k1                    1 3 132 0 10 */
-723,	/* OBJ_sect163r2                    1 3 132 0 15 */
-729,	/* OBJ_sect283k1                    1 3 132 0 16 */
-730,	/* OBJ_sect283r1                    1 3 132 0 17 */
-719,	/* OBJ_sect131r1                    1 3 132 0 22 */
-720,	/* OBJ_sect131r2                    1 3 132 0 23 */
-724,	/* OBJ_sect193r1                    1 3 132 0 24 */
-725,	/* OBJ_sect193r2                    1 3 132 0 25 */
-726,	/* OBJ_sect233k1                    1 3 132 0 26 */
-727,	/* OBJ_sect233r1                    1 3 132 0 27 */
-706,	/* OBJ_secp128r1                    1 3 132 0 28 */
-707,	/* OBJ_secp128r2                    1 3 132 0 29 */
-710,	/* OBJ_secp160r2                    1 3 132 0 30 */
-711,	/* OBJ_secp192k1                    1 3 132 0 31 */
-712,	/* OBJ_secp224k1                    1 3 132 0 32 */
-713,	/* OBJ_secp224r1                    1 3 132 0 33 */
-715,	/* OBJ_secp384r1                    1 3 132 0 34 */
-716,	/* OBJ_secp521r1                    1 3 132 0 35 */
-731,	/* OBJ_sect409k1                    1 3 132 0 36 */
-732,	/* OBJ_sect409r1                    1 3 132 0 37 */
-733,	/* OBJ_sect571k1                    1 3 132 0 38 */
-734,	/* OBJ_sect571r1                    1 3 132 0 39 */
-624,	/* OBJ_set_rootKeyThumb             2 23 42 3 0 0 */
-625,	/* OBJ_set_addPolicy                2 23 42 3 0 1 */
-626,	/* OBJ_setAttr_Token_EMV            2 23 42 3 2 1 */
-627,	/* OBJ_setAttr_Token_B0Prime        2 23 42 3 2 2 */
-628,	/* OBJ_setAttr_IssCap_CVM           2 23 42 3 3 3 */
-629,	/* OBJ_setAttr_IssCap_T2            2 23 42 3 3 4 */
-630,	/* OBJ_setAttr_IssCap_Sig           2 23 42 3 3 5 */
-642,	/* OBJ_set_brand_Novus              2 23 42 8 6011 */
-735,	/* OBJ_wap_wsg_idm_ecid_wtls1       2 23 43 1 4 1 */
-736,	/* OBJ_wap_wsg_idm_ecid_wtls3       2 23 43 1 4 3 */
-737,	/* OBJ_wap_wsg_idm_ecid_wtls4       2 23 43 1 4 4 */
-738,	/* OBJ_wap_wsg_idm_ecid_wtls5       2 23 43 1 4 5 */
-739,	/* OBJ_wap_wsg_idm_ecid_wtls6       2 23 43 1 4 6 */
-740,	/* OBJ_wap_wsg_idm_ecid_wtls7       2 23 43 1 4 7 */
-741,	/* OBJ_wap_wsg_idm_ecid_wtls8       2 23 43 1 4 8 */
-742,	/* OBJ_wap_wsg_idm_ecid_wtls9       2 23 43 1 4 9 */
-743,	/* OBJ_wap_wsg_idm_ecid_wtls10      2 23 43 1 4 10 */
-744,	/* OBJ_wap_wsg_idm_ecid_wtls11      2 23 43 1 4 11 */
-745,	/* OBJ_wap_wsg_idm_ecid_wtls12      2 23 43 1 4 12 */
-804,	/* OBJ_whirlpool                    1 0 10118 3 0 55 */
-124,	/* OBJ_rle_compression              1 1 1 1 666 1 */
-773,	/* OBJ_kisa                         1 2 410 200004 */
-807,	/* OBJ_id_GostR3411_94_with_GostR3410_2001 1 2 643 2 2 3 */
-808,	/* OBJ_id_GostR3411_94_with_GostR3410_94 1 2 643 2 2 4 */
-809,	/* OBJ_id_GostR3411_94              1 2 643 2 2 9 */
-810,	/* OBJ_id_HMACGostR3411_94          1 2 643 2 2 10 */
-811,	/* OBJ_id_GostR3410_2001            1 2 643 2 2 19 */
-812,	/* OBJ_id_GostR3410_94              1 2 643 2 2 20 */
-813,	/* OBJ_id_Gost28147_89              1 2 643 2 2 21 */
-815,	/* OBJ_id_Gost28147_89_MAC          1 2 643 2 2 22 */
-816,	/* OBJ_id_GostR3411_94_prf          1 2 643 2 2 23 */
-817,	/* OBJ_id_GostR3410_2001DH          1 2 643 2 2 98 */
-818,	/* OBJ_id_GostR3410_94DH            1 2 643 2 2 99 */
- 1,	/* OBJ_rsadsi                       1 2 840 113549 */
-185,	/* OBJ_X9cm                         1 2 840 10040 4 */
-127,	/* OBJ_id_pkix                      1 3 6 1 5 5 7 */
-505,	/* OBJ_mime_mhs_headings            1 3 6 1 7 1 1 */
-506,	/* OBJ_mime_mhs_bodies              1 3 6 1 7 1 2 */
-119,	/* OBJ_ripemd160WithRSA             1 3 36 3 3 1 2 */
-937,	/* OBJ_dhSinglePass_stdDH_sha224kdf_scheme 1 3 132 1 11 0 */
-938,	/* OBJ_dhSinglePass_stdDH_sha256kdf_scheme 1 3 132 1 11 1 */
-939,	/* OBJ_dhSinglePass_stdDH_sha384kdf_scheme 1 3 132 1 11 2 */
-940,	/* OBJ_dhSinglePass_stdDH_sha512kdf_scheme 1 3 132 1 11 3 */
-942,	/* OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme 1 3 132 1 14 0 */
-943,	/* OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme 1 3 132 1 14 1 */
-944,	/* OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme 1 3 132 1 14 2 */
-945,	/* OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme 1 3 132 1 14 3 */
-631,	/* OBJ_setAttr_GenCryptgrm          2 23 42 3 3 3 1 */
-632,	/* OBJ_setAttr_T2Enc                2 23 42 3 3 4 1 */
-633,	/* OBJ_setAttr_T2cleartxt           2 23 42 3 3 4 2 */
-634,	/* OBJ_setAttr_TokICCsig            2 23 42 3 3 5 1 */
-635,	/* OBJ_setAttr_SecDevSig            2 23 42 3 3 5 2 */
-436,	/* OBJ_ucl                          0 9 2342 19200300 */
-820,	/* OBJ_id_Gost28147_89_None_KeyMeshing 1 2 643 2 2 14 0 */
-819,	/* OBJ_id_Gost28147_89_CryptoPro_KeyMeshing 1 2 643 2 2 14 1 */
-845,	/* OBJ_id_GostR3410_94_a            1 2 643 2 2 20 1 */
-846,	/* OBJ_id_GostR3410_94_aBis         1 2 643 2 2 20 2 */
-847,	/* OBJ_id_GostR3410_94_b            1 2 643 2 2 20 3 */
-848,	/* OBJ_id_GostR3410_94_bBis         1 2 643 2 2 20 4 */
-821,	/* OBJ_id_GostR3411_94_TestParamSet 1 2 643 2 2 30 0 */
-822,	/* OBJ_id_GostR3411_94_CryptoProParamSet 1 2 643 2 2 30 1 */
-823,	/* OBJ_id_Gost28147_89_TestParamSet 1 2 643 2 2 31 0 */
-824,	/* OBJ_id_Gost28147_89_CryptoPro_A_ParamSet 1 2 643 2 2 31 1 */
-825,	/* OBJ_id_Gost28147_89_CryptoPro_B_ParamSet 1 2 643 2 2 31 2 */
-826,	/* OBJ_id_Gost28147_89_CryptoPro_C_ParamSet 1 2 643 2 2 31 3 */
-827,	/* OBJ_id_Gost28147_89_CryptoPro_D_ParamSet 1 2 643 2 2 31 4 */
-828,	/* OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet 1 2 643 2 2 31 5 */
-829,	/* OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet 1 2 643 2 2 31 6 */
-830,	/* OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet 1 2 643 2 2 31 7 */
-831,	/* OBJ_id_GostR3410_94_TestParamSet 1 2 643 2 2 32 0 */
-832,	/* OBJ_id_GostR3410_94_CryptoPro_A_ParamSet 1 2 643 2 2 32 2 */
-833,	/* OBJ_id_GostR3410_94_CryptoPro_B_ParamSet 1 2 643 2 2 32 3 */
-834,	/* OBJ_id_GostR3410_94_CryptoPro_C_ParamSet 1 2 643 2 2 32 4 */
-835,	/* OBJ_id_GostR3410_94_CryptoPro_D_ParamSet 1 2 643 2 2 32 5 */
-836,	/* OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet 1 2 643 2 2 33 1 */
-837,	/* OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet 1 2 643 2 2 33 2 */
-838,	/* OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet 1 2 643 2 2 33 3 */
-839,	/* OBJ_id_GostR3410_2001_TestParamSet 1 2 643 2 2 35 0 */
-840,	/* OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet 1 2 643 2 2 35 1 */
-841,	/* OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet 1 2 643 2 2 35 2 */
-842,	/* OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet 1 2 643 2 2 35 3 */
-843,	/* OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet 1 2 643 2 2 36 0 */
-844,	/* OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet 1 2 643 2 2 36 1 */
- 2,	/* OBJ_pkcs                         1 2 840 113549 1 */
-431,	/* OBJ_hold_instruction_none        1 2 840 10040 2 1 */
-432,	/* OBJ_hold_instruction_call_issuer 1 2 840 10040 2 2 */
-433,	/* OBJ_hold_instruction_reject      1 2 840 10040 2 3 */
-116,	/* OBJ_dsa                          1 2 840 10040 4 1 */
-113,	/* OBJ_dsaWithSHA1                  1 2 840 10040 4 3 */
-406,	/* OBJ_X9_62_prime_field            1 2 840 10045 1 1 */
-407,	/* OBJ_X9_62_characteristic_two_field 1 2 840 10045 1 2 */
-408,	/* OBJ_X9_62_id_ecPublicKey         1 2 840 10045 2 1 */
-416,	/* OBJ_ecdsa_with_SHA1              1 2 840 10045 4 1 */
-791,	/* OBJ_ecdsa_with_Recommended       1 2 840 10045 4 2 */
-792,	/* OBJ_ecdsa_with_Specified         1 2 840 10045 4 3 */
-920,	/* OBJ_dhpublicnumber               1 2 840 10046 2 1 */
-258,	/* OBJ_id_pkix_mod                  1 3 6 1 5 5 7 0 */
-175,	/* OBJ_id_pe                        1 3 6 1 5 5 7 1 */
-259,	/* OBJ_id_qt                        1 3 6 1 5 5 7 2 */
-128,	/* OBJ_id_kp                        1 3 6 1 5 5 7 3 */
-260,	/* OBJ_id_it                        1 3 6 1 5 5 7 4 */
-261,	/* OBJ_id_pkip                      1 3 6 1 5 5 7 5 */
-262,	/* OBJ_id_alg                       1 3 6 1 5 5 7 6 */
-263,	/* OBJ_id_cmc                       1 3 6 1 5 5 7 7 */
-264,	/* OBJ_id_on                        1 3 6 1 5 5 7 8 */
-265,	/* OBJ_id_pda                       1 3 6 1 5 5 7 9 */
-266,	/* OBJ_id_aca                       1 3 6 1 5 5 7 10 */
-267,	/* OBJ_id_qcs                       1 3 6 1 5 5 7 11 */
-268,	/* OBJ_id_cct                       1 3 6 1 5 5 7 12 */
-662,	/* OBJ_id_ppl                       1 3 6 1 5 5 7 21 */
-176,	/* OBJ_id_ad                        1 3 6 1 5 5 7 48 */
-507,	/* OBJ_id_hex_partial_message       1 3 6 1 7 1 1 1 */
-508,	/* OBJ_id_hex_multipart_message     1 3 6 1 7 1 1 2 */
-57,	/* OBJ_netscape                     2 16 840 1 113730 */
-754,	/* OBJ_camellia_128_ecb             0 3 4401 5 3 1 9 1 */
-766,	/* OBJ_camellia_128_ofb128          0 3 4401 5 3 1 9 3 */
-757,	/* OBJ_camellia_128_cfb128          0 3 4401 5 3 1 9 4 */
-755,	/* OBJ_camellia_192_ecb             0 3 4401 5 3 1 9 21 */
-767,	/* OBJ_camellia_192_ofb128          0 3 4401 5 3 1 9 23 */
-758,	/* OBJ_camellia_192_cfb128          0 3 4401 5 3 1 9 24 */
-756,	/* OBJ_camellia_256_ecb             0 3 4401 5 3 1 9 41 */
-768,	/* OBJ_camellia_256_ofb128          0 3 4401 5 3 1 9 43 */
-759,	/* OBJ_camellia_256_cfb128          0 3 4401 5 3 1 9 44 */
-437,	/* OBJ_pilot                        0 9 2342 19200300 100 */
-776,	/* OBJ_seed_ecb                     1 2 410 200004 1 3 */
-777,	/* OBJ_seed_cbc                     1 2 410 200004 1 4 */
-779,	/* OBJ_seed_cfb128                  1 2 410 200004 1 5 */
-778,	/* OBJ_seed_ofb128                  1 2 410 200004 1 6 */
-852,	/* OBJ_id_GostR3411_94_with_GostR3410_94_cc 1 2 643 2 9 1 3 3 */
-853,	/* OBJ_id_GostR3411_94_with_GostR3410_2001_cc 1 2 643 2 9 1 3 4 */
-850,	/* OBJ_id_GostR3410_94_cc           1 2 643 2 9 1 5 3 */
-851,	/* OBJ_id_GostR3410_2001_cc         1 2 643 2 9 1 5 4 */
-849,	/* OBJ_id_Gost28147_89_cc           1 2 643 2 9 1 6 1 */
-854,	/* OBJ_id_GostR3410_2001_ParamSet_cc 1 2 643 2 9 1 8 1 */
-186,	/* OBJ_pkcs1                        1 2 840 113549 1 1 */
-27,	/* OBJ_pkcs3                        1 2 840 113549 1 3 */
-187,	/* OBJ_pkcs5                        1 2 840 113549 1 5 */
-20,	/* OBJ_pkcs7                        1 2 840 113549 1 7 */
-47,	/* OBJ_pkcs9                        1 2 840 113549 1 9 */
- 3,	/* OBJ_md2                          1 2 840 113549 2 2 */
-257,	/* OBJ_md4                          1 2 840 113549 2 4 */
- 4,	/* OBJ_md5                          1 2 840 113549 2 5 */
-797,	/* OBJ_hmacWithMD5                  1 2 840 113549 2 6 */
-163,	/* OBJ_hmacWithSHA1                 1 2 840 113549 2 7 */
-798,	/* OBJ_hmacWithSHA224               1 2 840 113549 2 8 */
-799,	/* OBJ_hmacWithSHA256               1 2 840 113549 2 9 */
-800,	/* OBJ_hmacWithSHA384               1 2 840 113549 2 10 */
-801,	/* OBJ_hmacWithSHA512               1 2 840 113549 2 11 */
-37,	/* OBJ_rc2_cbc                      1 2 840 113549 3 2 */
- 5,	/* OBJ_rc4                          1 2 840 113549 3 4 */
-44,	/* OBJ_des_ede3_cbc                 1 2 840 113549 3 7 */
-120,	/* OBJ_rc5_cbc                      1 2 840 113549 3 8 */
-643,	/* OBJ_des_cdmf                     1 2 840 113549 3 10 */
-680,	/* OBJ_X9_62_id_characteristic_two_basis 1 2 840 10045 1 2 3 */
-684,	/* OBJ_X9_62_c2pnb163v1             1 2 840 10045 3 0 1 */
-685,	/* OBJ_X9_62_c2pnb163v2             1 2 840 10045 3 0 2 */
-686,	/* OBJ_X9_62_c2pnb163v3             1 2 840 10045 3 0 3 */
-687,	/* OBJ_X9_62_c2pnb176v1             1 2 840 10045 3 0 4 */
-688,	/* OBJ_X9_62_c2tnb191v1             1 2 840 10045 3 0 5 */
-689,	/* OBJ_X9_62_c2tnb191v2             1 2 840 10045 3 0 6 */
-690,	/* OBJ_X9_62_c2tnb191v3             1 2 840 10045 3 0 7 */
-691,	/* OBJ_X9_62_c2onb191v4             1 2 840 10045 3 0 8 */
-692,	/* OBJ_X9_62_c2onb191v5             1 2 840 10045 3 0 9 */
-693,	/* OBJ_X9_62_c2pnb208w1             1 2 840 10045 3 0 10 */
-694,	/* OBJ_X9_62_c2tnb239v1             1 2 840 10045 3 0 11 */
-695,	/* OBJ_X9_62_c2tnb239v2             1 2 840 10045 3 0 12 */
-696,	/* OBJ_X9_62_c2tnb239v3             1 2 840 10045 3 0 13 */
-697,	/* OBJ_X9_62_c2onb239v4             1 2 840 10045 3 0 14 */
-698,	/* OBJ_X9_62_c2onb239v5             1 2 840 10045 3 0 15 */
-699,	/* OBJ_X9_62_c2pnb272w1             1 2 840 10045 3 0 16 */
-700,	/* OBJ_X9_62_c2pnb304w1             1 2 840 10045 3 0 17 */
-701,	/* OBJ_X9_62_c2tnb359v1             1 2 840 10045 3 0 18 */
-702,	/* OBJ_X9_62_c2pnb368w1             1 2 840 10045 3 0 19 */
-703,	/* OBJ_X9_62_c2tnb431r1             1 2 840 10045 3 0 20 */
-409,	/* OBJ_X9_62_prime192v1             1 2 840 10045 3 1 1 */
-410,	/* OBJ_X9_62_prime192v2             1 2 840 10045 3 1 2 */
-411,	/* OBJ_X9_62_prime192v3             1 2 840 10045 3 1 3 */
-412,	/* OBJ_X9_62_prime239v1             1 2 840 10045 3 1 4 */
-413,	/* OBJ_X9_62_prime239v2             1 2 840 10045 3 1 5 */
-414,	/* OBJ_X9_62_prime239v3             1 2 840 10045 3 1 6 */
-415,	/* OBJ_X9_62_prime256v1             1 2 840 10045 3 1 7 */
-793,	/* OBJ_ecdsa_with_SHA224            1 2 840 10045 4 3 1 */
-794,	/* OBJ_ecdsa_with_SHA256            1 2 840 10045 4 3 2 */
-795,	/* OBJ_ecdsa_with_SHA384            1 2 840 10045 4 3 3 */
-796,	/* OBJ_ecdsa_with_SHA512            1 2 840 10045 4 3 4 */
-269,	/* OBJ_id_pkix1_explicit_88         1 3 6 1 5 5 7 0 1 */
-270,	/* OBJ_id_pkix1_implicit_88         1 3 6 1 5 5 7 0 2 */
-271,	/* OBJ_id_pkix1_explicit_93         1 3 6 1 5 5 7 0 3 */
-272,	/* OBJ_id_pkix1_implicit_93         1 3 6 1 5 5 7 0 4 */
-273,	/* OBJ_id_mod_crmf                  1 3 6 1 5 5 7 0 5 */
-274,	/* OBJ_id_mod_cmc                   1 3 6 1 5 5 7 0 6 */
-275,	/* OBJ_id_mod_kea_profile_88        1 3 6 1 5 5 7 0 7 */
-276,	/* OBJ_id_mod_kea_profile_93        1 3 6 1 5 5 7 0 8 */
-277,	/* OBJ_id_mod_cmp                   1 3 6 1 5 5 7 0 9 */
-278,	/* OBJ_id_mod_qualified_cert_88     1 3 6 1 5 5 7 0 10 */
-279,	/* OBJ_id_mod_qualified_cert_93     1 3 6 1 5 5 7 0 11 */
-280,	/* OBJ_id_mod_attribute_cert        1 3 6 1 5 5 7 0 12 */
-281,	/* OBJ_id_mod_timestamp_protocol    1 3 6 1 5 5 7 0 13 */
-282,	/* OBJ_id_mod_ocsp                  1 3 6 1 5 5 7 0 14 */
-283,	/* OBJ_id_mod_dvcs                  1 3 6 1 5 5 7 0 15 */
-284,	/* OBJ_id_mod_cmp2000               1 3 6 1 5 5 7 0 16 */
-177,	/* OBJ_info_access                  1 3 6 1 5 5 7 1 1 */
-285,	/* OBJ_biometricInfo                1 3 6 1 5 5 7 1 2 */
-286,	/* OBJ_qcStatements                 1 3 6 1 5 5 7 1 3 */
-287,	/* OBJ_ac_auditEntity               1 3 6 1 5 5 7 1 4 */
-288,	/* OBJ_ac_targeting                 1 3 6 1 5 5 7 1 5 */
-289,	/* OBJ_aaControls                   1 3 6 1 5 5 7 1 6 */
-290,	/* OBJ_sbgp_ipAddrBlock             1 3 6 1 5 5 7 1 7 */
-291,	/* OBJ_sbgp_autonomousSysNum        1 3 6 1 5 5 7 1 8 */
-292,	/* OBJ_sbgp_routerIdentifier        1 3 6 1 5 5 7 1 9 */
-397,	/* OBJ_ac_proxying                  1 3 6 1 5 5 7 1 10 */
-398,	/* OBJ_sinfo_access                 1 3 6 1 5 5 7 1 11 */
-663,	/* OBJ_proxyCertInfo                1 3 6 1 5 5 7 1 14 */
-164,	/* OBJ_id_qt_cps                    1 3 6 1 5 5 7 2 1 */
-165,	/* OBJ_id_qt_unotice                1 3 6 1 5 5 7 2 2 */
-293,	/* OBJ_textNotice                   1 3 6 1 5 5 7 2 3 */
-129,	/* OBJ_server_auth                  1 3 6 1 5 5 7 3 1 */
-130,	/* OBJ_client_auth                  1 3 6 1 5 5 7 3 2 */
-131,	/* OBJ_code_sign                    1 3 6 1 5 5 7 3 3 */
-132,	/* OBJ_email_protect                1 3 6 1 5 5 7 3 4 */
-294,	/* OBJ_ipsecEndSystem               1 3 6 1 5 5 7 3 5 */
-295,	/* OBJ_ipsecTunnel                  1 3 6 1 5 5 7 3 6 */
-296,	/* OBJ_ipsecUser                    1 3 6 1 5 5 7 3 7 */
-133,	/* OBJ_time_stamp                   1 3 6 1 5 5 7 3 8 */
-180,	/* OBJ_OCSP_sign                    1 3 6 1 5 5 7 3 9 */
-297,	/* OBJ_dvcs                         1 3 6 1 5 5 7 3 10 */
-298,	/* OBJ_id_it_caProtEncCert          1 3 6 1 5 5 7 4 1 */
-299,	/* OBJ_id_it_signKeyPairTypes       1 3 6 1 5 5 7 4 2 */
-300,	/* OBJ_id_it_encKeyPairTypes        1 3 6 1 5 5 7 4 3 */
-301,	/* OBJ_id_it_preferredSymmAlg       1 3 6 1 5 5 7 4 4 */
-302,	/* OBJ_id_it_caKeyUpdateInfo        1 3 6 1 5 5 7 4 5 */
-303,	/* OBJ_id_it_currentCRL             1 3 6 1 5 5 7 4 6 */
-304,	/* OBJ_id_it_unsupportedOIDs        1 3 6 1 5 5 7 4 7 */
-305,	/* OBJ_id_it_subscriptionRequest    1 3 6 1 5 5 7 4 8 */
-306,	/* OBJ_id_it_subscriptionResponse   1 3 6 1 5 5 7 4 9 */
-307,	/* OBJ_id_it_keyPairParamReq        1 3 6 1 5 5 7 4 10 */
-308,	/* OBJ_id_it_keyPairParamRep        1 3 6 1 5 5 7 4 11 */
-309,	/* OBJ_id_it_revPassphrase          1 3 6 1 5 5 7 4 12 */
-310,	/* OBJ_id_it_implicitConfirm        1 3 6 1 5 5 7 4 13 */
-311,	/* OBJ_id_it_confirmWaitTime        1 3 6 1 5 5 7 4 14 */
-312,	/* OBJ_id_it_origPKIMessage         1 3 6 1 5 5 7 4 15 */
-784,	/* OBJ_id_it_suppLangTags           1 3 6 1 5 5 7 4 16 */
-313,	/* OBJ_id_regCtrl                   1 3 6 1 5 5 7 5 1 */
-314,	/* OBJ_id_regInfo                   1 3 6 1 5 5 7 5 2 */
-323,	/* OBJ_id_alg_des40                 1 3 6 1 5 5 7 6 1 */
-324,	/* OBJ_id_alg_noSignature           1 3 6 1 5 5 7 6 2 */
-325,	/* OBJ_id_alg_dh_sig_hmac_sha1      1 3 6 1 5 5 7 6 3 */
-326,	/* OBJ_id_alg_dh_pop                1 3 6 1 5 5 7 6 4 */
-327,	/* OBJ_id_cmc_statusInfo            1 3 6 1 5 5 7 7 1 */
-328,	/* OBJ_id_cmc_identification        1 3 6 1 5 5 7 7 2 */
-329,	/* OBJ_id_cmc_identityProof         1 3 6 1 5 5 7 7 3 */
-330,	/* OBJ_id_cmc_dataReturn            1 3 6 1 5 5 7 7 4 */
-331,	/* OBJ_id_cmc_transactionId         1 3 6 1 5 5 7 7 5 */
-332,	/* OBJ_id_cmc_senderNonce           1 3 6 1 5 5 7 7 6 */
-333,	/* OBJ_id_cmc_recipientNonce        1 3 6 1 5 5 7 7 7 */
-334,	/* OBJ_id_cmc_addExtensions         1 3 6 1 5 5 7 7 8 */
-335,	/* OBJ_id_cmc_encryptedPOP          1 3 6 1 5 5 7 7 9 */
-336,	/* OBJ_id_cmc_decryptedPOP          1 3 6 1 5 5 7 7 10 */
-337,	/* OBJ_id_cmc_lraPOPWitness         1 3 6 1 5 5 7 7 11 */
-338,	/* OBJ_id_cmc_getCert               1 3 6 1 5 5 7 7 15 */
-339,	/* OBJ_id_cmc_getCRL                1 3 6 1 5 5 7 7 16 */
-340,	/* OBJ_id_cmc_revokeRequest         1 3 6 1 5 5 7 7 17 */
-341,	/* OBJ_id_cmc_regInfo               1 3 6 1 5 5 7 7 18 */
-342,	/* OBJ_id_cmc_responseInfo          1 3 6 1 5 5 7 7 19 */
-343,	/* OBJ_id_cmc_queryPending          1 3 6 1 5 5 7 7 21 */
-344,	/* OBJ_id_cmc_popLinkRandom         1 3 6 1 5 5 7 7 22 */
-345,	/* OBJ_id_cmc_popLinkWitness        1 3 6 1 5 5 7 7 23 */
-346,	/* OBJ_id_cmc_confirmCertAcceptance 1 3 6 1 5 5 7 7 24 */
-347,	/* OBJ_id_on_personalData           1 3 6 1 5 5 7 8 1 */
-858,	/* OBJ_id_on_permanentIdentifier    1 3 6 1 5 5 7 8 3 */
-348,	/* OBJ_id_pda_dateOfBirth           1 3 6 1 5 5 7 9 1 */
-349,	/* OBJ_id_pda_placeOfBirth          1 3 6 1 5 5 7 9 2 */
-351,	/* OBJ_id_pda_gender                1 3 6 1 5 5 7 9 3 */
-352,	/* OBJ_id_pda_countryOfCitizenship  1 3 6 1 5 5 7 9 4 */
-353,	/* OBJ_id_pda_countryOfResidence    1 3 6 1 5 5 7 9 5 */
-354,	/* OBJ_id_aca_authenticationInfo    1 3 6 1 5 5 7 10 1 */
-355,	/* OBJ_id_aca_accessIdentity        1 3 6 1 5 5 7 10 2 */
-356,	/* OBJ_id_aca_chargingIdentity      1 3 6 1 5 5 7 10 3 */
-357,	/* OBJ_id_aca_group                 1 3 6 1 5 5 7 10 4 */
-358,	/* OBJ_id_aca_role                  1 3 6 1 5 5 7 10 5 */
-399,	/* OBJ_id_aca_encAttrs              1 3 6 1 5 5 7 10 6 */
-359,	/* OBJ_id_qcs_pkixQCSyntax_v1       1 3 6 1 5 5 7 11 1 */
-360,	/* OBJ_id_cct_crs                   1 3 6 1 5 5 7 12 1 */
-361,	/* OBJ_id_cct_PKIData               1 3 6 1 5 5 7 12 2 */
-362,	/* OBJ_id_cct_PKIResponse           1 3 6 1 5 5 7 12 3 */
-664,	/* OBJ_id_ppl_anyLanguage           1 3 6 1 5 5 7 21 0 */
-665,	/* OBJ_id_ppl_inheritAll            1 3 6 1 5 5 7 21 1 */
-667,	/* OBJ_Independent                  1 3 6 1 5 5 7 21 2 */
-178,	/* OBJ_ad_OCSP                      1 3 6 1 5 5 7 48 1 */
-179,	/* OBJ_ad_ca_issuers                1 3 6 1 5 5 7 48 2 */
-363,	/* OBJ_ad_timeStamping              1 3 6 1 5 5 7 48 3 */
-364,	/* OBJ_ad_dvcs                      1 3 6 1 5 5 7 48 4 */
-785,	/* OBJ_caRepository                 1 3 6 1 5 5 7 48 5 */
-780,	/* OBJ_hmac_md5                     1 3 6 1 5 5 8 1 1 */
-781,	/* OBJ_hmac_sha1                    1 3 6 1 5 5 8 1 2 */
-58,	/* OBJ_netscape_cert_extension      2 16 840 1 113730 1 */
-59,	/* OBJ_netscape_data_type           2 16 840 1 113730 2 */
-438,	/* OBJ_pilotAttributeType           0 9 2342 19200300 100 1 */
-439,	/* OBJ_pilotAttributeSyntax         0 9 2342 19200300 100 3 */
-440,	/* OBJ_pilotObjectClass             0 9 2342 19200300 100 4 */
-441,	/* OBJ_pilotGroups                  0 9 2342 19200300 100 10 */
-108,	/* OBJ_cast5_cbc                    1 2 840 113533 7 66 10 */
-112,	/* OBJ_pbeWithMD5AndCast5_CBC       1 2 840 113533 7 66 12 */
-782,	/* OBJ_id_PasswordBasedMAC          1 2 840 113533 7 66 13 */
-783,	/* OBJ_id_DHBasedMac                1 2 840 113533 7 66 30 */
- 6,	/* OBJ_rsaEncryption                1 2 840 113549 1 1 1 */
- 7,	/* OBJ_md2WithRSAEncryption         1 2 840 113549 1 1 2 */
-396,	/* OBJ_md4WithRSAEncryption         1 2 840 113549 1 1 3 */
- 8,	/* OBJ_md5WithRSAEncryption         1 2 840 113549 1 1 4 */
-65,	/* OBJ_sha1WithRSAEncryption        1 2 840 113549 1 1 5 */
-644,	/* OBJ_rsaOAEPEncryptionSET         1 2 840 113549 1 1 6 */
-919,	/* OBJ_rsaesOaep                    1 2 840 113549 1 1 7 */
-911,	/* OBJ_mgf1                         1 2 840 113549 1 1 8 */
-935,	/* OBJ_pSpecified                   1 2 840 113549 1 1 9 */
-912,	/* OBJ_rsassaPss                    1 2 840 113549 1 1 10 */
-668,	/* OBJ_sha256WithRSAEncryption      1 2 840 113549 1 1 11 */
-669,	/* OBJ_sha384WithRSAEncryption      1 2 840 113549 1 1 12 */
-670,	/* OBJ_sha512WithRSAEncryption      1 2 840 113549 1 1 13 */
-671,	/* OBJ_sha224WithRSAEncryption      1 2 840 113549 1 1 14 */
-28,	/* OBJ_dhKeyAgreement               1 2 840 113549 1 3 1 */
- 9,	/* OBJ_pbeWithMD2AndDES_CBC         1 2 840 113549 1 5 1 */
-10,	/* OBJ_pbeWithMD5AndDES_CBC         1 2 840 113549 1 5 3 */
-168,	/* OBJ_pbeWithMD2AndRC2_CBC         1 2 840 113549 1 5 4 */
-169,	/* OBJ_pbeWithMD5AndRC2_CBC         1 2 840 113549 1 5 6 */
-170,	/* OBJ_pbeWithSHA1AndDES_CBC        1 2 840 113549 1 5 10 */
-68,	/* OBJ_pbeWithSHA1AndRC2_CBC        1 2 840 113549 1 5 11 */
-69,	/* OBJ_id_pbkdf2                    1 2 840 113549 1 5 12 */
-161,	/* OBJ_pbes2                        1 2 840 113549 1 5 13 */
-162,	/* OBJ_pbmac1                       1 2 840 113549 1 5 14 */
-21,	/* OBJ_pkcs7_data                   1 2 840 113549 1 7 1 */
-22,	/* OBJ_pkcs7_signed                 1 2 840 113549 1 7 2 */
-23,	/* OBJ_pkcs7_enveloped              1 2 840 113549 1 7 3 */
-24,	/* OBJ_pkcs7_signedAndEnveloped     1 2 840 113549 1 7 4 */
-25,	/* OBJ_pkcs7_digest                 1 2 840 113549 1 7 5 */
-26,	/* OBJ_pkcs7_encrypted              1 2 840 113549 1 7 6 */
-48,	/* OBJ_pkcs9_emailAddress           1 2 840 113549 1 9 1 */
-49,	/* OBJ_pkcs9_unstructuredName       1 2 840 113549 1 9 2 */
-50,	/* OBJ_pkcs9_contentType            1 2 840 113549 1 9 3 */
-51,	/* OBJ_pkcs9_messageDigest          1 2 840 113549 1 9 4 */
-52,	/* OBJ_pkcs9_signingTime            1 2 840 113549 1 9 5 */
-53,	/* OBJ_pkcs9_countersignature       1 2 840 113549 1 9 6 */
-54,	/* OBJ_pkcs9_challengePassword      1 2 840 113549 1 9 7 */
-55,	/* OBJ_pkcs9_unstructuredAddress    1 2 840 113549 1 9 8 */
-56,	/* OBJ_pkcs9_extCertAttributes      1 2 840 113549 1 9 9 */
-172,	/* OBJ_ext_req                      1 2 840 113549 1 9 14 */
-167,	/* OBJ_SMIMECapabilities            1 2 840 113549 1 9 15 */
-188,	/* OBJ_SMIME                        1 2 840 113549 1 9 16 */
-156,	/* OBJ_friendlyName                 1 2 840 113549 1 9 20 */
-157,	/* OBJ_localKeyID                   1 2 840 113549 1 9 21 */
-681,	/* OBJ_X9_62_onBasis                1 2 840 10045 1 2 3 1 */
-682,	/* OBJ_X9_62_tpBasis                1 2 840 10045 1 2 3 2 */
-683,	/* OBJ_X9_62_ppBasis                1 2 840 10045 1 2 3 3 */
-417,	/* OBJ_ms_csp_name                  1 3 6 1 4 1 311 17 1 */
-856,	/* OBJ_LocalKeySet                  1 3 6 1 4 1 311 17 2 */
-390,	/* OBJ_dcObject                     1 3 6 1 4 1 1466 344 */
-91,	/* OBJ_bf_cbc                       1 3 6 1 4 1 3029 1 2 */
-315,	/* OBJ_id_regCtrl_regToken          1 3 6 1 5 5 7 5 1 1 */
-316,	/* OBJ_id_regCtrl_authenticator     1 3 6 1 5 5 7 5 1 2 */
-317,	/* OBJ_id_regCtrl_pkiPublicationInfo 1 3 6 1 5 5 7 5 1 3 */
-318,	/* OBJ_id_regCtrl_pkiArchiveOptions 1 3 6 1 5 5 7 5 1 4 */
-319,	/* OBJ_id_regCtrl_oldCertID         1 3 6 1 5 5 7 5 1 5 */
-320,	/* OBJ_id_regCtrl_protocolEncrKey   1 3 6 1 5 5 7 5 1 6 */
-321,	/* OBJ_id_regInfo_utf8Pairs         1 3 6 1 5 5 7 5 2 1 */
-322,	/* OBJ_id_regInfo_certReq           1 3 6 1 5 5 7 5 2 2 */
-365,	/* OBJ_id_pkix_OCSP_basic           1 3 6 1 5 5 7 48 1 1 */
-366,	/* OBJ_id_pkix_OCSP_Nonce           1 3 6 1 5 5 7 48 1 2 */
-367,	/* OBJ_id_pkix_OCSP_CrlID           1 3 6 1 5 5 7 48 1 3 */
-368,	/* OBJ_id_pkix_OCSP_acceptableResponses 1 3 6 1 5 5 7 48 1 4 */
-369,	/* OBJ_id_pkix_OCSP_noCheck         1 3 6 1 5 5 7 48 1 5 */
-370,	/* OBJ_id_pkix_OCSP_archiveCutoff   1 3 6 1 5 5 7 48 1 6 */
-371,	/* OBJ_id_pkix_OCSP_serviceLocator  1 3 6 1 5 5 7 48 1 7 */
-372,	/* OBJ_id_pkix_OCSP_extendedStatus  1 3 6 1 5 5 7 48 1 8 */
-373,	/* OBJ_id_pkix_OCSP_valid           1 3 6 1 5 5 7 48 1 9 */
-374,	/* OBJ_id_pkix_OCSP_path            1 3 6 1 5 5 7 48 1 10 */
-375,	/* OBJ_id_pkix_OCSP_trustRoot       1 3 6 1 5 5 7 48 1 11 */
-921,	/* OBJ_brainpoolP160r1              1 3 36 3 3 2 8 1 1 1 */
-922,	/* OBJ_brainpoolP160t1              1 3 36 3 3 2 8 1 1 2 */
-923,	/* OBJ_brainpoolP192r1              1 3 36 3 3 2 8 1 1 3 */
-924,	/* OBJ_brainpoolP192t1              1 3 36 3 3 2 8 1 1 4 */
-925,	/* OBJ_brainpoolP224r1              1 3 36 3 3 2 8 1 1 5 */
-926,	/* OBJ_brainpoolP224t1              1 3 36 3 3 2 8 1 1 6 */
-927,	/* OBJ_brainpoolP256r1              1 3 36 3 3 2 8 1 1 7 */
-928,	/* OBJ_brainpoolP256t1              1 3 36 3 3 2 8 1 1 8 */
-929,	/* OBJ_brainpoolP320r1              1 3 36 3 3 2 8 1 1 9 */
-930,	/* OBJ_brainpoolP320t1              1 3 36 3 3 2 8 1 1 10 */
-931,	/* OBJ_brainpoolP384r1              1 3 36 3 3 2 8 1 1 11 */
-932,	/* OBJ_brainpoolP384t1              1 3 36 3 3 2 8 1 1 12 */
-933,	/* OBJ_brainpoolP512r1              1 3 36 3 3 2 8 1 1 13 */
-934,	/* OBJ_brainpoolP512t1              1 3 36 3 3 2 8 1 1 14 */
-936,	/* OBJ_dhSinglePass_stdDH_sha1kdf_scheme 1 3 133 16 840 63 0 2 */
-941,	/* OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme 1 3 133 16 840 63 0 3 */
-418,	/* OBJ_aes_128_ecb                  2 16 840 1 101 3 4 1 1 */
-419,	/* OBJ_aes_128_cbc                  2 16 840 1 101 3 4 1 2 */
-420,	/* OBJ_aes_128_ofb128               2 16 840 1 101 3 4 1 3 */
-421,	/* OBJ_aes_128_cfb128               2 16 840 1 101 3 4 1 4 */
-788,	/* OBJ_id_aes128_wrap               2 16 840 1 101 3 4 1 5 */
-895,	/* OBJ_aes_128_gcm                  2 16 840 1 101 3 4 1 6 */
-896,	/* OBJ_aes_128_ccm                  2 16 840 1 101 3 4 1 7 */
-897,	/* OBJ_id_aes128_wrap_pad           2 16 840 1 101 3 4 1 8 */
-422,	/* OBJ_aes_192_ecb                  2 16 840 1 101 3 4 1 21 */
-423,	/* OBJ_aes_192_cbc                  2 16 840 1 101 3 4 1 22 */
-424,	/* OBJ_aes_192_ofb128               2 16 840 1 101 3 4 1 23 */
-425,	/* OBJ_aes_192_cfb128               2 16 840 1 101 3 4 1 24 */
-789,	/* OBJ_id_aes192_wrap               2 16 840 1 101 3 4 1 25 */
-898,	/* OBJ_aes_192_gcm                  2 16 840 1 101 3 4 1 26 */
-899,	/* OBJ_aes_192_ccm                  2 16 840 1 101 3 4 1 27 */
-900,	/* OBJ_id_aes192_wrap_pad           2 16 840 1 101 3 4 1 28 */
-426,	/* OBJ_aes_256_ecb                  2 16 840 1 101 3 4 1 41 */
-427,	/* OBJ_aes_256_cbc                  2 16 840 1 101 3 4 1 42 */
-428,	/* OBJ_aes_256_ofb128               2 16 840 1 101 3 4 1 43 */
-429,	/* OBJ_aes_256_cfb128               2 16 840 1 101 3 4 1 44 */
-790,	/* OBJ_id_aes256_wrap               2 16 840 1 101 3 4 1 45 */
-901,	/* OBJ_aes_256_gcm                  2 16 840 1 101 3 4 1 46 */
-902,	/* OBJ_aes_256_ccm                  2 16 840 1 101 3 4 1 47 */
-903,	/* OBJ_id_aes256_wrap_pad           2 16 840 1 101 3 4 1 48 */
-672,	/* OBJ_sha256                       2 16 840 1 101 3 4 2 1 */
-673,	/* OBJ_sha384                       2 16 840 1 101 3 4 2 2 */
-674,	/* OBJ_sha512                       2 16 840 1 101 3 4 2 3 */
-675,	/* OBJ_sha224                       2 16 840 1 101 3 4 2 4 */
-802,	/* OBJ_dsa_with_SHA224              2 16 840 1 101 3 4 3 1 */
-803,	/* OBJ_dsa_with_SHA256              2 16 840 1 101 3 4 3 2 */
-71,	/* OBJ_netscape_cert_type           2 16 840 1 113730 1 1 */
-72,	/* OBJ_netscape_base_url            2 16 840 1 113730 1 2 */
-73,	/* OBJ_netscape_revocation_url      2 16 840 1 113730 1 3 */
-74,	/* OBJ_netscape_ca_revocation_url   2 16 840 1 113730 1 4 */
-75,	/* OBJ_netscape_renewal_url         2 16 840 1 113730 1 7 */
-76,	/* OBJ_netscape_ca_policy_url       2 16 840 1 113730 1 8 */
-77,	/* OBJ_netscape_ssl_server_name     2 16 840 1 113730 1 12 */
-78,	/* OBJ_netscape_comment             2 16 840 1 113730 1 13 */
-79,	/* OBJ_netscape_cert_sequence       2 16 840 1 113730 2 5 */
-139,	/* OBJ_ns_sgc                       2 16 840 1 113730 4 1 */
-458,	/* OBJ_userId                       0 9 2342 19200300 100 1 1 */
-459,	/* OBJ_textEncodedORAddress         0 9 2342 19200300 100 1 2 */
-460,	/* OBJ_rfc822Mailbox                0 9 2342 19200300 100 1 3 */
-461,	/* OBJ_info                         0 9 2342 19200300 100 1 4 */
-462,	/* OBJ_favouriteDrink               0 9 2342 19200300 100 1 5 */
-463,	/* OBJ_roomNumber                   0 9 2342 19200300 100 1 6 */
-464,	/* OBJ_photo                        0 9 2342 19200300 100 1 7 */
-465,	/* OBJ_userClass                    0 9 2342 19200300 100 1 8 */
-466,	/* OBJ_host                         0 9 2342 19200300 100 1 9 */
-467,	/* OBJ_manager                      0 9 2342 19200300 100 1 10 */
-468,	/* OBJ_documentIdentifier           0 9 2342 19200300 100 1 11 */
-469,	/* OBJ_documentTitle                0 9 2342 19200300 100 1 12 */
-470,	/* OBJ_documentVersion              0 9 2342 19200300 100 1 13 */
-471,	/* OBJ_documentAuthor               0 9 2342 19200300 100 1 14 */
-472,	/* OBJ_documentLocation             0 9 2342 19200300 100 1 15 */
-473,	/* OBJ_homeTelephoneNumber          0 9 2342 19200300 100 1 20 */
-474,	/* OBJ_secretary                    0 9 2342 19200300 100 1 21 */
-475,	/* OBJ_otherMailbox                 0 9 2342 19200300 100 1 22 */
-476,	/* OBJ_lastModifiedTime             0 9 2342 19200300 100 1 23 */
-477,	/* OBJ_lastModifiedBy               0 9 2342 19200300 100 1 24 */
-391,	/* OBJ_domainComponent              0 9 2342 19200300 100 1 25 */
-478,	/* OBJ_aRecord                      0 9 2342 19200300 100 1 26 */
-479,	/* OBJ_pilotAttributeType27         0 9 2342 19200300 100 1 27 */
-480,	/* OBJ_mXRecord                     0 9 2342 19200300 100 1 28 */
-481,	/* OBJ_nSRecord                     0 9 2342 19200300 100 1 29 */
-482,	/* OBJ_sOARecord                    0 9 2342 19200300 100 1 30 */
-483,	/* OBJ_cNAMERecord                  0 9 2342 19200300 100 1 31 */
-484,	/* OBJ_associatedDomain             0 9 2342 19200300 100 1 37 */
-485,	/* OBJ_associatedName               0 9 2342 19200300 100 1 38 */
-486,	/* OBJ_homePostalAddress            0 9 2342 19200300 100 1 39 */
-487,	/* OBJ_personalTitle                0 9 2342 19200300 100 1 40 */
-488,	/* OBJ_mobileTelephoneNumber        0 9 2342 19200300 100 1 41 */
-489,	/* OBJ_pagerTelephoneNumber         0 9 2342 19200300 100 1 42 */
-490,	/* OBJ_friendlyCountryName          0 9 2342 19200300 100 1 43 */
-491,	/* OBJ_organizationalStatus         0 9 2342 19200300 100 1 45 */
-492,	/* OBJ_janetMailbox                 0 9 2342 19200300 100 1 46 */
-493,	/* OBJ_mailPreferenceOption         0 9 2342 19200300 100 1 47 */
-494,	/* OBJ_buildingName                 0 9 2342 19200300 100 1 48 */
-495,	/* OBJ_dSAQuality                   0 9 2342 19200300 100 1 49 */
-496,	/* OBJ_singleLevelQuality           0 9 2342 19200300 100 1 50 */
-497,	/* OBJ_subtreeMinimumQuality        0 9 2342 19200300 100 1 51 */
-498,	/* OBJ_subtreeMaximumQuality        0 9 2342 19200300 100 1 52 */
-499,	/* OBJ_personalSignature            0 9 2342 19200300 100 1 53 */
-500,	/* OBJ_dITRedirect                  0 9 2342 19200300 100 1 54 */
-501,	/* OBJ_audio                        0 9 2342 19200300 100 1 55 */
-502,	/* OBJ_documentPublisher            0 9 2342 19200300 100 1 56 */
-442,	/* OBJ_iA5StringSyntax              0 9 2342 19200300 100 3 4 */
-443,	/* OBJ_caseIgnoreIA5StringSyntax    0 9 2342 19200300 100 3 5 */
-444,	/* OBJ_pilotObject                  0 9 2342 19200300 100 4 3 */
-445,	/* OBJ_pilotPerson                  0 9 2342 19200300 100 4 4 */
-446,	/* OBJ_account                      0 9 2342 19200300 100 4 5 */
-447,	/* OBJ_document                     0 9 2342 19200300 100 4 6 */
-448,	/* OBJ_room                         0 9 2342 19200300 100 4 7 */
-449,	/* OBJ_documentSeries               0 9 2342 19200300 100 4 9 */
-392,	/* OBJ_Domain                       0 9 2342 19200300 100 4 13 */
-450,	/* OBJ_rFC822localPart              0 9 2342 19200300 100 4 14 */
-451,	/* OBJ_dNSDomain                    0 9 2342 19200300 100 4 15 */
-452,	/* OBJ_domainRelatedObject          0 9 2342 19200300 100 4 17 */
-453,	/* OBJ_friendlyCountry              0 9 2342 19200300 100 4 18 */
-454,	/* OBJ_simpleSecurityObject         0 9 2342 19200300 100 4 19 */
-455,	/* OBJ_pilotOrganization            0 9 2342 19200300 100 4 20 */
-456,	/* OBJ_pilotDSA                     0 9 2342 19200300 100 4 21 */
-457,	/* OBJ_qualityLabelledData          0 9 2342 19200300 100 4 22 */
-189,	/* OBJ_id_smime_mod                 1 2 840 113549 1 9 16 0 */
-190,	/* OBJ_id_smime_ct                  1 2 840 113549 1 9 16 1 */
-191,	/* OBJ_id_smime_aa                  1 2 840 113549 1 9 16 2 */
-192,	/* OBJ_id_smime_alg                 1 2 840 113549 1 9 16 3 */
-193,	/* OBJ_id_smime_cd                  1 2 840 113549 1 9 16 4 */
-194,	/* OBJ_id_smime_spq                 1 2 840 113549 1 9 16 5 */
-195,	/* OBJ_id_smime_cti                 1 2 840 113549 1 9 16 6 */
-158,	/* OBJ_x509Certificate              1 2 840 113549 1 9 22 1 */
-159,	/* OBJ_sdsiCertificate              1 2 840 113549 1 9 22 2 */
-160,	/* OBJ_x509Crl                      1 2 840 113549 1 9 23 1 */
-144,	/* OBJ_pbe_WithSHA1And128BitRC4     1 2 840 113549 1 12 1 1 */
-145,	/* OBJ_pbe_WithSHA1And40BitRC4      1 2 840 113549 1 12 1 2 */
-146,	/* OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC 1 2 840 113549 1 12 1 3 */
-147,	/* OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC 1 2 840 113549 1 12 1 4 */
-148,	/* OBJ_pbe_WithSHA1And128BitRC2_CBC 1 2 840 113549 1 12 1 5 */
-149,	/* OBJ_pbe_WithSHA1And40BitRC2_CBC  1 2 840 113549 1 12 1 6 */
-171,	/* OBJ_ms_ext_req                   1 3 6 1 4 1 311 2 1 14 */
-134,	/* OBJ_ms_code_ind                  1 3 6 1 4 1 311 2 1 21 */
-135,	/* OBJ_ms_code_com                  1 3 6 1 4 1 311 2 1 22 */
-136,	/* OBJ_ms_ctl_sign                  1 3 6 1 4 1 311 10 3 1 */
-137,	/* OBJ_ms_sgc                       1 3 6 1 4 1 311 10 3 3 */
-138,	/* OBJ_ms_efs                       1 3 6 1 4 1 311 10 3 4 */
-648,	/* OBJ_ms_smartcard_login           1 3 6 1 4 1 311 20 2 2 */
-649,	/* OBJ_ms_upn                       1 3 6 1 4 1 311 20 2 3 */
-951,	/* OBJ_ct_precert_scts              1 3 6 1 4 1 11129 2 4 2 */
-952,	/* OBJ_ct_precert_poison            1 3 6 1 4 1 11129 2 4 3 */
-953,	/* OBJ_ct_precert_signer            1 3 6 1 4 1 11129 2 4 4 */
-954,	/* OBJ_ct_cert_scts                 1 3 6 1 4 1 11129 2 4 5 */
-751,	/* OBJ_camellia_128_cbc             1 2 392 200011 61 1 1 1 2 */
-752,	/* OBJ_camellia_192_cbc             1 2 392 200011 61 1 1 1 3 */
-753,	/* OBJ_camellia_256_cbc             1 2 392 200011 61 1 1 1 4 */
-907,	/* OBJ_id_camellia128_wrap          1 2 392 200011 61 1 1 3 2 */
-908,	/* OBJ_id_camellia192_wrap          1 2 392 200011 61 1 1 3 3 */
-909,	/* OBJ_id_camellia256_wrap          1 2 392 200011 61 1 1 3 4 */
-196,	/* OBJ_id_smime_mod_cms             1 2 840 113549 1 9 16 0 1 */
-197,	/* OBJ_id_smime_mod_ess             1 2 840 113549 1 9 16 0 2 */
-198,	/* OBJ_id_smime_mod_oid             1 2 840 113549 1 9 16 0 3 */
-199,	/* OBJ_id_smime_mod_msg_v3          1 2 840 113549 1 9 16 0 4 */
-200,	/* OBJ_id_smime_mod_ets_eSignature_88 1 2 840 113549 1 9 16 0 5 */
-201,	/* OBJ_id_smime_mod_ets_eSignature_97 1 2 840 113549 1 9 16 0 6 */
-202,	/* OBJ_id_smime_mod_ets_eSigPolicy_88 1 2 840 113549 1 9 16 0 7 */
-203,	/* OBJ_id_smime_mod_ets_eSigPolicy_97 1 2 840 113549 1 9 16 0 8 */
-204,	/* OBJ_id_smime_ct_receipt          1 2 840 113549 1 9 16 1 1 */
-205,	/* OBJ_id_smime_ct_authData         1 2 840 113549 1 9 16 1 2 */
-206,	/* OBJ_id_smime_ct_publishCert      1 2 840 113549 1 9 16 1 3 */
-207,	/* OBJ_id_smime_ct_TSTInfo          1 2 840 113549 1 9 16 1 4 */
-208,	/* OBJ_id_smime_ct_TDTInfo          1 2 840 113549 1 9 16 1 5 */
-209,	/* OBJ_id_smime_ct_contentInfo      1 2 840 113549 1 9 16 1 6 */
-210,	/* OBJ_id_smime_ct_DVCSRequestData  1 2 840 113549 1 9 16 1 7 */
-211,	/* OBJ_id_smime_ct_DVCSResponseData 1 2 840 113549 1 9 16 1 8 */
-786,	/* OBJ_id_smime_ct_compressedData   1 2 840 113549 1 9 16 1 9 */
-787,	/* OBJ_id_ct_asciiTextWithCRLF      1 2 840 113549 1 9 16 1 27 */
-212,	/* OBJ_id_smime_aa_receiptRequest   1 2 840 113549 1 9 16 2 1 */
-213,	/* OBJ_id_smime_aa_securityLabel    1 2 840 113549 1 9 16 2 2 */
-214,	/* OBJ_id_smime_aa_mlExpandHistory  1 2 840 113549 1 9 16 2 3 */
-215,	/* OBJ_id_smime_aa_contentHint      1 2 840 113549 1 9 16 2 4 */
-216,	/* OBJ_id_smime_aa_msgSigDigest     1 2 840 113549 1 9 16 2 5 */
-217,	/* OBJ_id_smime_aa_encapContentType 1 2 840 113549 1 9 16 2 6 */
-218,	/* OBJ_id_smime_aa_contentIdentifier 1 2 840 113549 1 9 16 2 7 */
-219,	/* OBJ_id_smime_aa_macValue         1 2 840 113549 1 9 16 2 8 */
-220,	/* OBJ_id_smime_aa_equivalentLabels 1 2 840 113549 1 9 16 2 9 */
-221,	/* OBJ_id_smime_aa_contentReference 1 2 840 113549 1 9 16 2 10 */
-222,	/* OBJ_id_smime_aa_encrypKeyPref    1 2 840 113549 1 9 16 2 11 */
-223,	/* OBJ_id_smime_aa_signingCertificate 1 2 840 113549 1 9 16 2 12 */
-224,	/* OBJ_id_smime_aa_smimeEncryptCerts 1 2 840 113549 1 9 16 2 13 */
-225,	/* OBJ_id_smime_aa_timeStampToken   1 2 840 113549 1 9 16 2 14 */
-226,	/* OBJ_id_smime_aa_ets_sigPolicyId  1 2 840 113549 1 9 16 2 15 */
-227,	/* OBJ_id_smime_aa_ets_commitmentType 1 2 840 113549 1 9 16 2 16 */
-228,	/* OBJ_id_smime_aa_ets_signerLocation 1 2 840 113549 1 9 16 2 17 */
-229,	/* OBJ_id_smime_aa_ets_signerAttr   1 2 840 113549 1 9 16 2 18 */
-230,	/* OBJ_id_smime_aa_ets_otherSigCert 1 2 840 113549 1 9 16 2 19 */
-231,	/* OBJ_id_smime_aa_ets_contentTimestamp 1 2 840 113549 1 9 16 2 20 */
-232,	/* OBJ_id_smime_aa_ets_CertificateRefs 1 2 840 113549 1 9 16 2 21 */
-233,	/* OBJ_id_smime_aa_ets_RevocationRefs 1 2 840 113549 1 9 16 2 22 */
-234,	/* OBJ_id_smime_aa_ets_certValues   1 2 840 113549 1 9 16 2 23 */
-235,	/* OBJ_id_smime_aa_ets_revocationValues 1 2 840 113549 1 9 16 2 24 */
-236,	/* OBJ_id_smime_aa_ets_escTimeStamp 1 2 840 113549 1 9 16 2 25 */
-237,	/* OBJ_id_smime_aa_ets_certCRLTimestamp 1 2 840 113549 1 9 16 2 26 */
-238,	/* OBJ_id_smime_aa_ets_archiveTimeStamp 1 2 840 113549 1 9 16 2 27 */
-239,	/* OBJ_id_smime_aa_signatureType    1 2 840 113549 1 9 16 2 28 */
-240,	/* OBJ_id_smime_aa_dvcs_dvc         1 2 840 113549 1 9 16 2 29 */
-241,	/* OBJ_id_smime_alg_ESDHwith3DES    1 2 840 113549 1 9 16 3 1 */
-242,	/* OBJ_id_smime_alg_ESDHwithRC2     1 2 840 113549 1 9 16 3 2 */
-243,	/* OBJ_id_smime_alg_3DESwrap        1 2 840 113549 1 9 16 3 3 */
-244,	/* OBJ_id_smime_alg_RC2wrap         1 2 840 113549 1 9 16 3 4 */
-245,	/* OBJ_id_smime_alg_ESDH            1 2 840 113549 1 9 16 3 5 */
-246,	/* OBJ_id_smime_alg_CMS3DESwrap     1 2 840 113549 1 9 16 3 6 */
-247,	/* OBJ_id_smime_alg_CMSRC2wrap      1 2 840 113549 1 9 16 3 7 */
-125,	/* OBJ_zlib_compression             1 2 840 113549 1 9 16 3 8 */
-893,	/* OBJ_id_alg_PWRI_KEK              1 2 840 113549 1 9 16 3 9 */
-248,	/* OBJ_id_smime_cd_ldap             1 2 840 113549 1 9 16 4 1 */
-249,	/* OBJ_id_smime_spq_ets_sqt_uri     1 2 840 113549 1 9 16 5 1 */
-250,	/* OBJ_id_smime_spq_ets_sqt_unotice 1 2 840 113549 1 9 16 5 2 */
-251,	/* OBJ_id_smime_cti_ets_proofOfOrigin 1 2 840 113549 1 9 16 6 1 */
-252,	/* OBJ_id_smime_cti_ets_proofOfReceipt 1 2 840 113549 1 9 16 6 2 */
-253,	/* OBJ_id_smime_cti_ets_proofOfDelivery 1 2 840 113549 1 9 16 6 3 */
-254,	/* OBJ_id_smime_cti_ets_proofOfSender 1 2 840 113549 1 9 16 6 4 */
-255,	/* OBJ_id_smime_cti_ets_proofOfApproval 1 2 840 113549 1 9 16 6 5 */
-256,	/* OBJ_id_smime_cti_ets_proofOfCreation 1 2 840 113549 1 9 16 6 6 */
-150,	/* OBJ_keyBag                       1 2 840 113549 1 12 10 1 1 */
-151,	/* OBJ_pkcs8ShroudedKeyBag          1 2 840 113549 1 12 10 1 2 */
-152,	/* OBJ_certBag                      1 2 840 113549 1 12 10 1 3 */
-153,	/* OBJ_crlBag                       1 2 840 113549 1 12 10 1 4 */
-154,	/* OBJ_secretBag                    1 2 840 113549 1 12 10 1 5 */
-155,	/* OBJ_safeContentsBag              1 2 840 113549 1 12 10 1 6 */
-34,	/* OBJ_idea_cbc                     1 3 6 1 4 1 188 7 1 1 2 */
-955,	/* OBJ_jurisdictionLocalityName     1 3 6 1 4 1 311 60 2 1 1 */
-956,	/* OBJ_jurisdictionStateOrProvinceName 1 3 6 1 4 1 311 60 2 1 2 */
-957,	/* OBJ_jurisdictionCountryName      1 3 6 1 4 1 311 60 2 1 3 */
+#define NUM_OBJ 1071
+static const unsigned int obj_objs[NUM_OBJ] = {
+       0,    /* OBJ_undef                        0 */
+     181,    /* OBJ_iso                          1 */
+     393,    /* OBJ_joint_iso_ccitt              OBJ_joint_iso_itu_t */
+     404,    /* OBJ_ccitt                        OBJ_itu_t */
+     645,    /* OBJ_itu_t                        0 */
+     646,    /* OBJ_joint_iso_itu_t              2 */
+     434,    /* OBJ_data                         0 9 */
+     182,    /* OBJ_member_body                  1 2 */
+     379,    /* OBJ_org                          1 3 */
+     676,    /* OBJ_identified_organization      1 3 */
+      11,    /* OBJ_X500                         2 5 */
+     647,    /* OBJ_international_organizations  2 23 */
+     380,    /* OBJ_dod                          1 3 6 */
+    1170,    /* OBJ_ieee                         1 3 111 */
+      12,    /* OBJ_X509                         2 5 4 */
+     378,    /* OBJ_X500algorithms               2 5 8 */
+      81,    /* OBJ_id_ce                        2 5 29 */
+     512,    /* OBJ_id_set                       2 23 42 */
+     678,    /* OBJ_wap                          2 23 43 */
+     435,    /* OBJ_pss                          0 9 2342 */
+    1140,    /* OBJ_ISO_CN                       1 2 156 */
+    1150,    /* OBJ_ISO_UA                       1 2 804 */
+     183,    /* OBJ_ISO_US                       1 2 840 */
+     381,    /* OBJ_iana                         1 3 6 1 */
+    1034,    /* OBJ_X25519                       1 3 101 110 */
+    1035,    /* OBJ_X448                         1 3 101 111 */
+    1087,    /* OBJ_ED25519                      1 3 101 112 */
+    1088,    /* OBJ_ED448                        1 3 101 113 */
+     677,    /* OBJ_certicom_arc                 1 3 132 */
+     394,    /* OBJ_selected_attribute_types     2 5 1 5 */
+      13,    /* OBJ_commonName                   2 5 4 3 */
+     100,    /* OBJ_surname                      2 5 4 4 */
+     105,    /* OBJ_serialNumber                 2 5 4 5 */
+      14,    /* OBJ_countryName                  2 5 4 6 */
+      15,    /* OBJ_localityName                 2 5 4 7 */
+      16,    /* OBJ_stateOrProvinceName          2 5 4 8 */
+     660,    /* OBJ_streetAddress                2 5 4 9 */
+      17,    /* OBJ_organizationName             2 5 4 10 */
+      18,    /* OBJ_organizationalUnitName       2 5 4 11 */
+     106,    /* OBJ_title                        2 5 4 12 */
+     107,    /* OBJ_description                  2 5 4 13 */
+     859,    /* OBJ_searchGuide                  2 5 4 14 */
+     860,    /* OBJ_businessCategory             2 5 4 15 */
+     861,    /* OBJ_postalAddress                2 5 4 16 */
+     661,    /* OBJ_postalCode                   2 5 4 17 */
+     862,    /* OBJ_postOfficeBox                2 5 4 18 */
+     863,    /* OBJ_physicalDeliveryOfficeName   2 5 4 19 */
+     864,    /* OBJ_telephoneNumber              2 5 4 20 */
+     865,    /* OBJ_telexNumber                  2 5 4 21 */
+     866,    /* OBJ_teletexTerminalIdentifier    2 5 4 22 */
+     867,    /* OBJ_facsimileTelephoneNumber     2 5 4 23 */
+     868,    /* OBJ_x121Address                  2 5 4 24 */
+     869,    /* OBJ_internationaliSDNNumber      2 5 4 25 */
+     870,    /* OBJ_registeredAddress            2 5 4 26 */
+     871,    /* OBJ_destinationIndicator         2 5 4 27 */
+     872,    /* OBJ_preferredDeliveryMethod      2 5 4 28 */
+     873,    /* OBJ_presentationAddress          2 5 4 29 */
+     874,    /* OBJ_supportedApplicationContext  2 5 4 30 */
+     875,    /* OBJ_member                       2 5 4 31 */
+     876,    /* OBJ_owner                        2 5 4 32 */
+     877,    /* OBJ_roleOccupant                 2 5 4 33 */
+     878,    /* OBJ_seeAlso                      2 5 4 34 */
+     879,    /* OBJ_userPassword                 2 5 4 35 */
+     880,    /* OBJ_userCertificate              2 5 4 36 */
+     881,    /* OBJ_cACertificate                2 5 4 37 */
+     882,    /* OBJ_authorityRevocationList      2 5 4 38 */
+     883,    /* OBJ_certificateRevocationList    2 5 4 39 */
+     884,    /* OBJ_crossCertificatePair         2 5 4 40 */
+     173,    /* OBJ_name                         2 5 4 41 */
+      99,    /* OBJ_givenName                    2 5 4 42 */
+     101,    /* OBJ_initials                     2 5 4 43 */
+     509,    /* OBJ_generationQualifier          2 5 4 44 */
+     503,    /* OBJ_x500UniqueIdentifier         2 5 4 45 */
+     174,    /* OBJ_dnQualifier                  2 5 4 46 */
+     885,    /* OBJ_enhancedSearchGuide          2 5 4 47 */
+     886,    /* OBJ_protocolInformation          2 5 4 48 */
+     887,    /* OBJ_distinguishedName            2 5 4 49 */
+     888,    /* OBJ_uniqueMember                 2 5 4 50 */
+     889,    /* OBJ_houseIdentifier              2 5 4 51 */
+     890,    /* OBJ_supportedAlgorithms          2 5 4 52 */
+     891,    /* OBJ_deltaRevocationList          2 5 4 53 */
+     892,    /* OBJ_dmdName                      2 5 4 54 */
+     510,    /* OBJ_pseudonym                    2 5 4 65 */
+     400,    /* OBJ_role                         2 5 4 72 */
+    1089,    /* OBJ_organizationIdentifier       2 5 4 97 */
+    1090,    /* OBJ_countryCode3c                2 5 4 98 */
+    1091,    /* OBJ_countryCode3n                2 5 4 99 */
+    1092,    /* OBJ_dnsName                      2 5 4 100 */
+     769,    /* OBJ_subject_directory_attributes 2 5 29 9 */
+      82,    /* OBJ_subject_key_identifier       2 5 29 14 */
+      83,    /* OBJ_key_usage                    2 5 29 15 */
+      84,    /* OBJ_private_key_usage_period     2 5 29 16 */
+      85,    /* OBJ_subject_alt_name             2 5 29 17 */
+      86,    /* OBJ_issuer_alt_name              2 5 29 18 */
+      87,    /* OBJ_basic_constraints            2 5 29 19 */
+      88,    /* OBJ_crl_number                   2 5 29 20 */
+     141,    /* OBJ_crl_reason                   2 5 29 21 */
+     430,    /* OBJ_hold_instruction_code        2 5 29 23 */
+     142,    /* OBJ_invalidity_date              2 5 29 24 */
+     140,    /* OBJ_delta_crl                    2 5 29 27 */
+     770,    /* OBJ_issuing_distribution_point   2 5 29 28 */
+     771,    /* OBJ_certificate_issuer           2 5 29 29 */
+     666,    /* OBJ_name_constraints             2 5 29 30 */
+     103,    /* OBJ_crl_distribution_points      2 5 29 31 */
+      89,    /* OBJ_certificate_policies         2 5 29 32 */
+     747,    /* OBJ_policy_mappings              2 5 29 33 */
+      90,    /* OBJ_authority_key_identifier     2 5 29 35 */
+     401,    /* OBJ_policy_constraints           2 5 29 36 */
+     126,    /* OBJ_ext_key_usage                2 5 29 37 */
+     857,    /* OBJ_freshest_crl                 2 5 29 46 */
+     748,    /* OBJ_inhibit_any_policy           2 5 29 54 */
+     402,    /* OBJ_target_information           2 5 29 55 */
+     403,    /* OBJ_no_rev_avail                 2 5 29 56 */
+     513,    /* OBJ_set_ctype                    2 23 42 0 */
+     514,    /* OBJ_set_msgExt                   2 23 42 1 */
+     515,    /* OBJ_set_attr                     2 23 42 3 */
+     516,    /* OBJ_set_policy                   2 23 42 5 */
+     517,    /* OBJ_set_certExt                  2 23 42 7 */
+     518,    /* OBJ_set_brand                    2 23 42 8 */
+     679,    /* OBJ_wap_wsg                      2 23 43 1 */
+     382,    /* OBJ_Directory                    1 3 6 1 1 */
+     383,    /* OBJ_Management                   1 3 6 1 2 */
+     384,    /* OBJ_Experimental                 1 3 6 1 3 */
+     385,    /* OBJ_Private                      1 3 6 1 4 */
+     386,    /* OBJ_Security                     1 3 6 1 5 */
+     387,    /* OBJ_SNMPv2                       1 3 6 1 6 */
+     388,    /* OBJ_Mail                         1 3 6 1 7 */
+     376,    /* OBJ_algorithm                    1 3 14 3 2 */
+     395,    /* OBJ_clearance                    2 5 1 5 55 */
+      19,    /* OBJ_rsa                          2 5 8 1 1 */
+      96,    /* OBJ_mdc2WithRSA                  2 5 8 3 100 */
+      95,    /* OBJ_mdc2                         2 5 8 3 101 */
+     746,    /* OBJ_any_policy                   2 5 29 32 0 */
+     910,    /* OBJ_anyExtendedKeyUsage          2 5 29 37 0 */
+     519,    /* OBJ_setct_PANData                2 23 42 0 0 */
+     520,    /* OBJ_setct_PANToken               2 23 42 0 1 */
+     521,    /* OBJ_setct_PANOnly                2 23 42 0 2 */
+     522,    /* OBJ_setct_OIData                 2 23 42 0 3 */
+     523,    /* OBJ_setct_PI                     2 23 42 0 4 */
+     524,    /* OBJ_setct_PIData                 2 23 42 0 5 */
+     525,    /* OBJ_setct_PIDataUnsigned         2 23 42 0 6 */
+     526,    /* OBJ_setct_HODInput               2 23 42 0 7 */
+     527,    /* OBJ_setct_AuthResBaggage         2 23 42 0 8 */
+     528,    /* OBJ_setct_AuthRevReqBaggage      2 23 42 0 9 */
+     529,    /* OBJ_setct_AuthRevResBaggage      2 23 42 0 10 */
+     530,    /* OBJ_setct_CapTokenSeq            2 23 42 0 11 */
+     531,    /* OBJ_setct_PInitResData           2 23 42 0 12 */
+     532,    /* OBJ_setct_PI_TBS                 2 23 42 0 13 */
+     533,    /* OBJ_setct_PResData               2 23 42 0 14 */
+     534,    /* OBJ_setct_AuthReqTBS             2 23 42 0 16 */
+     535,    /* OBJ_setct_AuthResTBS             2 23 42 0 17 */
+     536,    /* OBJ_setct_AuthResTBSX            2 23 42 0 18 */
+     537,    /* OBJ_setct_AuthTokenTBS           2 23 42 0 19 */
+     538,    /* OBJ_setct_CapTokenData           2 23 42 0 20 */
+     539,    /* OBJ_setct_CapTokenTBS            2 23 42 0 21 */
+     540,    /* OBJ_setct_AcqCardCodeMsg         2 23 42 0 22 */
+     541,    /* OBJ_setct_AuthRevReqTBS          2 23 42 0 23 */
+     542,    /* OBJ_setct_AuthRevResData         2 23 42 0 24 */
+     543,    /* OBJ_setct_AuthRevResTBS          2 23 42 0 25 */
+     544,    /* OBJ_setct_CapReqTBS              2 23 42 0 26 */
+     545,    /* OBJ_setct_CapReqTBSX             2 23 42 0 27 */
+     546,    /* OBJ_setct_CapResData             2 23 42 0 28 */
+     547,    /* OBJ_setct_CapRevReqTBS           2 23 42 0 29 */
+     548,    /* OBJ_setct_CapRevReqTBSX          2 23 42 0 30 */
+     549,    /* OBJ_setct_CapRevResData          2 23 42 0 31 */
+     550,    /* OBJ_setct_CredReqTBS             2 23 42 0 32 */
+     551,    /* OBJ_setct_CredReqTBSX            2 23 42 0 33 */
+     552,    /* OBJ_setct_CredResData            2 23 42 0 34 */
+     553,    /* OBJ_setct_CredRevReqTBS          2 23 42 0 35 */
+     554,    /* OBJ_setct_CredRevReqTBSX         2 23 42 0 36 */
+     555,    /* OBJ_setct_CredRevResData         2 23 42 0 37 */
+     556,    /* OBJ_setct_PCertReqData           2 23 42 0 38 */
+     557,    /* OBJ_setct_PCertResTBS            2 23 42 0 39 */
+     558,    /* OBJ_setct_BatchAdminReqData      2 23 42 0 40 */
+     559,    /* OBJ_setct_BatchAdminResData      2 23 42 0 41 */
+     560,    /* OBJ_setct_CardCInitResTBS        2 23 42 0 42 */
+     561,    /* OBJ_setct_MeAqCInitResTBS        2 23 42 0 43 */
+     562,    /* OBJ_setct_RegFormResTBS          2 23 42 0 44 */
+     563,    /* OBJ_setct_CertReqData            2 23 42 0 45 */
+     564,    /* OBJ_setct_CertReqTBS             2 23 42 0 46 */
+     565,    /* OBJ_setct_CertResData            2 23 42 0 47 */
+     566,    /* OBJ_setct_CertInqReqTBS          2 23 42 0 48 */
+     567,    /* OBJ_setct_ErrorTBS               2 23 42 0 49 */
+     568,    /* OBJ_setct_PIDualSignedTBE        2 23 42 0 50 */
+     569,    /* OBJ_setct_PIUnsignedTBE          2 23 42 0 51 */
+     570,    /* OBJ_setct_AuthReqTBE             2 23 42 0 52 */
+     571,    /* OBJ_setct_AuthResTBE             2 23 42 0 53 */
+     572,    /* OBJ_setct_AuthResTBEX            2 23 42 0 54 */
+     573,    /* OBJ_setct_AuthTokenTBE           2 23 42 0 55 */
+     574,    /* OBJ_setct_CapTokenTBE            2 23 42 0 56 */
+     575,    /* OBJ_setct_CapTokenTBEX           2 23 42 0 57 */
+     576,    /* OBJ_setct_AcqCardCodeMsgTBE      2 23 42 0 58 */
+     577,    /* OBJ_setct_AuthRevReqTBE          2 23 42 0 59 */
+     578,    /* OBJ_setct_AuthRevResTBE          2 23 42 0 60 */
+     579,    /* OBJ_setct_AuthRevResTBEB         2 23 42 0 61 */
+     580,    /* OBJ_setct_CapReqTBE              2 23 42 0 62 */
+     581,    /* OBJ_setct_CapReqTBEX             2 23 42 0 63 */
+     582,    /* OBJ_setct_CapResTBE              2 23 42 0 64 */
+     583,    /* OBJ_setct_CapRevReqTBE           2 23 42 0 65 */
+     584,    /* OBJ_setct_CapRevReqTBEX          2 23 42 0 66 */
+     585,    /* OBJ_setct_CapRevResTBE           2 23 42 0 67 */
+     586,    /* OBJ_setct_CredReqTBE             2 23 42 0 68 */
+     587,    /* OBJ_setct_CredReqTBEX            2 23 42 0 69 */
+     588,    /* OBJ_setct_CredResTBE             2 23 42 0 70 */
+     589,    /* OBJ_setct_CredRevReqTBE          2 23 42 0 71 */
+     590,    /* OBJ_setct_CredRevReqTBEX         2 23 42 0 72 */
+     591,    /* OBJ_setct_CredRevResTBE          2 23 42 0 73 */
+     592,    /* OBJ_setct_BatchAdminReqTBE       2 23 42 0 74 */
+     593,    /* OBJ_setct_BatchAdminResTBE       2 23 42 0 75 */
+     594,    /* OBJ_setct_RegFormReqTBE          2 23 42 0 76 */
+     595,    /* OBJ_setct_CertReqTBE             2 23 42 0 77 */
+     596,    /* OBJ_setct_CertReqTBEX            2 23 42 0 78 */
+     597,    /* OBJ_setct_CertResTBE             2 23 42 0 79 */
+     598,    /* OBJ_setct_CRLNotificationTBS     2 23 42 0 80 */
+     599,    /* OBJ_setct_CRLNotificationResTBS  2 23 42 0 81 */
+     600,    /* OBJ_setct_BCIDistributionTBS     2 23 42 0 82 */
+     601,    /* OBJ_setext_genCrypt              2 23 42 1 1 */
+     602,    /* OBJ_setext_miAuth                2 23 42 1 3 */
+     603,    /* OBJ_setext_pinSecure             2 23 42 1 4 */
+     604,    /* OBJ_setext_pinAny                2 23 42 1 5 */
+     605,    /* OBJ_setext_track2                2 23 42 1 7 */
+     606,    /* OBJ_setext_cv                    2 23 42 1 8 */
+     620,    /* OBJ_setAttr_Cert                 2 23 42 3 0 */
+     621,    /* OBJ_setAttr_PGWYcap              2 23 42 3 1 */
+     622,    /* OBJ_setAttr_TokenType            2 23 42 3 2 */
+     623,    /* OBJ_setAttr_IssCap               2 23 42 3 3 */
+     607,    /* OBJ_set_policy_root              2 23 42 5 0 */
+     608,    /* OBJ_setCext_hashedRoot           2 23 42 7 0 */
+     609,    /* OBJ_setCext_certType             2 23 42 7 1 */
+     610,    /* OBJ_setCext_merchData            2 23 42 7 2 */
+     611,    /* OBJ_setCext_cCertRequired        2 23 42 7 3 */
+     612,    /* OBJ_setCext_tunneling            2 23 42 7 4 */
+     613,    /* OBJ_setCext_setExt               2 23 42 7 5 */
+     614,    /* OBJ_setCext_setQualf             2 23 42 7 6 */
+     615,    /* OBJ_setCext_PGWYcapabilities     2 23 42 7 7 */
+     616,    /* OBJ_setCext_TokenIdentifier      2 23 42 7 8 */
+     617,    /* OBJ_setCext_Track2Data           2 23 42 7 9 */
+     618,    /* OBJ_setCext_TokenType            2 23 42 7 10 */
+     619,    /* OBJ_setCext_IssuerCapabilities   2 23 42 7 11 */
+     636,    /* OBJ_set_brand_IATA_ATA           2 23 42 8 1 */
+     640,    /* OBJ_set_brand_Visa               2 23 42 8 4 */
+     641,    /* OBJ_set_brand_MasterCard         2 23 42 8 5 */
+     637,    /* OBJ_set_brand_Diners             2 23 42 8 30 */
+     638,    /* OBJ_set_brand_AmericanExpress    2 23 42 8 34 */
+     639,    /* OBJ_set_brand_JCB                2 23 42 8 35 */
+    1141,    /* OBJ_oscca                        1 2 156 10197 */
+     805,    /* OBJ_cryptopro                    1 2 643 2 2 */
+     806,    /* OBJ_cryptocom                    1 2 643 2 9 */
+     974,    /* OBJ_id_tc26                      1 2 643 7 1 */
+    1005,    /* OBJ_OGRN                         1 2 643 100 1 */
+    1006,    /* OBJ_SNILS                        1 2 643 100 3 */
+    1007,    /* OBJ_subjectSignTool              1 2 643 100 111 */
+    1008,    /* OBJ_issuerSignTool               1 2 643 100 112 */
+     184,    /* OBJ_X9_57                        1 2 840 10040 */
+     405,    /* OBJ_ansi_X9_62                   1 2 840 10045 */
+     389,    /* OBJ_Enterprises                  1 3 6 1 4 1 */
+     504,    /* OBJ_mime_mhs                     1 3 6 1 7 1 */
+     104,    /* OBJ_md5WithRSA                   1 3 14 3 2 3 */
+      29,    /* OBJ_des_ecb                      1 3 14 3 2 6 */
+      31,    /* OBJ_des_cbc                      1 3 14 3 2 7 */
+      45,    /* OBJ_des_ofb64                    1 3 14 3 2 8 */
+      30,    /* OBJ_des_cfb64                    1 3 14 3 2 9 */
+     377,    /* OBJ_rsaSignature                 1 3 14 3 2 11 */
+      67,    /* OBJ_dsa_2                        1 3 14 3 2 12 */
+      66,    /* OBJ_dsaWithSHA                   1 3 14 3 2 13 */
+      42,    /* OBJ_shaWithRSAEncryption         1 3 14 3 2 15 */
+      32,    /* OBJ_des_ede_ecb                  1 3 14 3 2 17 */
+      41,    /* OBJ_sha                          1 3 14 3 2 18 */
+      64,    /* OBJ_sha1                         1 3 14 3 2 26 */
+      70,    /* OBJ_dsaWithSHA1_2                1 3 14 3 2 27 */
+     115,    /* OBJ_sha1WithRSA                  1 3 14 3 2 29 */
+     117,    /* OBJ_ripemd160                    1 3 36 3 2 1 */
+    1093,    /* OBJ_x509ExtAdmission             1 3 36 8 3 3 */
+     143,    /* OBJ_sxnet                        1 3 101 1 4 1 */
+    1171,    /* OBJ_ieee_siswg                   1 3 111 2 1619 */
+     721,    /* OBJ_sect163k1                    1 3 132 0 1 */
+     722,    /* OBJ_sect163r1                    1 3 132 0 2 */
+     728,    /* OBJ_sect239k1                    1 3 132 0 3 */
+     717,    /* OBJ_sect113r1                    1 3 132 0 4 */
+     718,    /* OBJ_sect113r2                    1 3 132 0 5 */
+     704,    /* OBJ_secp112r1                    1 3 132 0 6 */
+     705,    /* OBJ_secp112r2                    1 3 132 0 7 */
+     709,    /* OBJ_secp160r1                    1 3 132 0 8 */
+     708,    /* OBJ_secp160k1                    1 3 132 0 9 */
+     714,    /* OBJ_secp256k1                    1 3 132 0 10 */
+     723,    /* OBJ_sect163r2                    1 3 132 0 15 */
+     729,    /* OBJ_sect283k1                    1 3 132 0 16 */
+     730,    /* OBJ_sect283r1                    1 3 132 0 17 */
+     719,    /* OBJ_sect131r1                    1 3 132 0 22 */
+     720,    /* OBJ_sect131r2                    1 3 132 0 23 */
+     724,    /* OBJ_sect193r1                    1 3 132 0 24 */
+     725,    /* OBJ_sect193r2                    1 3 132 0 25 */
+     726,    /* OBJ_sect233k1                    1 3 132 0 26 */
+     727,    /* OBJ_sect233r1                    1 3 132 0 27 */
+     706,    /* OBJ_secp128r1                    1 3 132 0 28 */
+     707,    /* OBJ_secp128r2                    1 3 132 0 29 */
+     710,    /* OBJ_secp160r2                    1 3 132 0 30 */
+     711,    /* OBJ_secp192k1                    1 3 132 0 31 */
+     712,    /* OBJ_secp224k1                    1 3 132 0 32 */
+     713,    /* OBJ_secp224r1                    1 3 132 0 33 */
+     715,    /* OBJ_secp384r1                    1 3 132 0 34 */
+     716,    /* OBJ_secp521r1                    1 3 132 0 35 */
+     731,    /* OBJ_sect409k1                    1 3 132 0 36 */
+     732,    /* OBJ_sect409r1                    1 3 132 0 37 */
+     733,    /* OBJ_sect571k1                    1 3 132 0 38 */
+     734,    /* OBJ_sect571r1                    1 3 132 0 39 */
+     624,    /* OBJ_set_rootKeyThumb             2 23 42 3 0 0 */
+     625,    /* OBJ_set_addPolicy                2 23 42 3 0 1 */
+     626,    /* OBJ_setAttr_Token_EMV            2 23 42 3 2 1 */
+     627,    /* OBJ_setAttr_Token_B0Prime        2 23 42 3 2 2 */
+     628,    /* OBJ_setAttr_IssCap_CVM           2 23 42 3 3 3 */
+     629,    /* OBJ_setAttr_IssCap_T2            2 23 42 3 3 4 */
+     630,    /* OBJ_setAttr_IssCap_Sig           2 23 42 3 3 5 */
+     642,    /* OBJ_set_brand_Novus              2 23 42 8 6011 */
+     735,    /* OBJ_wap_wsg_idm_ecid_wtls1       2 23 43 1 4 1 */
+     736,    /* OBJ_wap_wsg_idm_ecid_wtls3       2 23 43 1 4 3 */
+     737,    /* OBJ_wap_wsg_idm_ecid_wtls4       2 23 43 1 4 4 */
+     738,    /* OBJ_wap_wsg_idm_ecid_wtls5       2 23 43 1 4 5 */
+     739,    /* OBJ_wap_wsg_idm_ecid_wtls6       2 23 43 1 4 6 */
+     740,    /* OBJ_wap_wsg_idm_ecid_wtls7       2 23 43 1 4 7 */
+     741,    /* OBJ_wap_wsg_idm_ecid_wtls8       2 23 43 1 4 8 */
+     742,    /* OBJ_wap_wsg_idm_ecid_wtls9       2 23 43 1 4 9 */
+     743,    /* OBJ_wap_wsg_idm_ecid_wtls10      2 23 43 1 4 10 */
+     744,    /* OBJ_wap_wsg_idm_ecid_wtls11      2 23 43 1 4 11 */
+     745,    /* OBJ_wap_wsg_idm_ecid_wtls12      2 23 43 1 4 12 */
+     804,    /* OBJ_whirlpool                    1 0 10118 3 0 55 */
+    1142,    /* OBJ_sm_scheme                    1 2 156 10197 1 */
+     773,    /* OBJ_kisa                         1 2 410 200004 */
+     807,    /* OBJ_id_GostR3411_94_with_GostR3410_2001 1 2 643 2 2 3 */
+     808,    /* OBJ_id_GostR3411_94_with_GostR3410_94 1 2 643 2 2 4 */
+     809,    /* OBJ_id_GostR3411_94              1 2 643 2 2 9 */
+     810,    /* OBJ_id_HMACGostR3411_94          1 2 643 2 2 10 */
+     811,    /* OBJ_id_GostR3410_2001            1 2 643 2 2 19 */
+     812,    /* OBJ_id_GostR3410_94              1 2 643 2 2 20 */
+     813,    /* OBJ_id_Gost28147_89              1 2 643 2 2 21 */
+     815,    /* OBJ_id_Gost28147_89_MAC          1 2 643 2 2 22 */
+     816,    /* OBJ_id_GostR3411_94_prf          1 2 643 2 2 23 */
+     817,    /* OBJ_id_GostR3410_2001DH          1 2 643 2 2 98 */
+     818,    /* OBJ_id_GostR3410_94DH            1 2 643 2 2 99 */
+     977,    /* OBJ_id_tc26_algorithms           1 2 643 7 1 1 */
+     994,    /* OBJ_id_tc26_constants            1 2 643 7 1 2 */
+       1,    /* OBJ_rsadsi                       1 2 840 113549 */
+     185,    /* OBJ_X9cm                         1 2 840 10040 4 */
+    1031,    /* OBJ_id_pkinit                    1 3 6 1 5 2 3 */
+     127,    /* OBJ_id_pkix                      1 3 6 1 5 5 7 */
+     505,    /* OBJ_mime_mhs_headings            1 3 6 1 7 1 1 */
+     506,    /* OBJ_mime_mhs_bodies              1 3 6 1 7 1 2 */
+     119,    /* OBJ_ripemd160WithRSA             1 3 36 3 3 1 2 */
+     937,    /* OBJ_dhSinglePass_stdDH_sha224kdf_scheme 1 3 132 1 11 0 */
+     938,    /* OBJ_dhSinglePass_stdDH_sha256kdf_scheme 1 3 132 1 11 1 */
+     939,    /* OBJ_dhSinglePass_stdDH_sha384kdf_scheme 1 3 132 1 11 2 */
+     940,    /* OBJ_dhSinglePass_stdDH_sha512kdf_scheme 1 3 132 1 11 3 */
+     942,    /* OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme 1 3 132 1 14 0 */
+     943,    /* OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme 1 3 132 1 14 1 */
+     944,    /* OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme 1 3 132 1 14 2 */
+     945,    /* OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme 1 3 132 1 14 3 */
+     631,    /* OBJ_setAttr_GenCryptgrm          2 23 42 3 3 3 1 */
+     632,    /* OBJ_setAttr_T2Enc                2 23 42 3 3 4 1 */
+     633,    /* OBJ_setAttr_T2cleartxt           2 23 42 3 3 4 2 */
+     634,    /* OBJ_setAttr_TokICCsig            2 23 42 3 3 5 1 */
+     635,    /* OBJ_setAttr_SecDevSig            2 23 42 3 3 5 2 */
+     436,    /* OBJ_ucl                          0 9 2342 19200300 */
+     820,    /* OBJ_id_Gost28147_89_None_KeyMeshing 1 2 643 2 2 14 0 */
+     819,    /* OBJ_id_Gost28147_89_CryptoPro_KeyMeshing 1 2 643 2 2 14 1 */
+     845,    /* OBJ_id_GostR3410_94_a            1 2 643 2 2 20 1 */
+     846,    /* OBJ_id_GostR3410_94_aBis         1 2 643 2 2 20 2 */
+     847,    /* OBJ_id_GostR3410_94_b            1 2 643 2 2 20 3 */
+     848,    /* OBJ_id_GostR3410_94_bBis         1 2 643 2 2 20 4 */
+     821,    /* OBJ_id_GostR3411_94_TestParamSet 1 2 643 2 2 30 0 */
+     822,    /* OBJ_id_GostR3411_94_CryptoProParamSet 1 2 643 2 2 30 1 */
+     823,    /* OBJ_id_Gost28147_89_TestParamSet 1 2 643 2 2 31 0 */
+     824,    /* OBJ_id_Gost28147_89_CryptoPro_A_ParamSet 1 2 643 2 2 31 1 */
+     825,    /* OBJ_id_Gost28147_89_CryptoPro_B_ParamSet 1 2 643 2 2 31 2 */
+     826,    /* OBJ_id_Gost28147_89_CryptoPro_C_ParamSet 1 2 643 2 2 31 3 */
+     827,    /* OBJ_id_Gost28147_89_CryptoPro_D_ParamSet 1 2 643 2 2 31 4 */
+     828,    /* OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet 1 2 643 2 2 31 5 */
+     829,    /* OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet 1 2 643 2 2 31 6 */
+     830,    /* OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet 1 2 643 2 2 31 7 */
+     831,    /* OBJ_id_GostR3410_94_TestParamSet 1 2 643 2 2 32 0 */
+     832,    /* OBJ_id_GostR3410_94_CryptoPro_A_ParamSet 1 2 643 2 2 32 2 */
+     833,    /* OBJ_id_GostR3410_94_CryptoPro_B_ParamSet 1 2 643 2 2 32 3 */
+     834,    /* OBJ_id_GostR3410_94_CryptoPro_C_ParamSet 1 2 643 2 2 32 4 */
+     835,    /* OBJ_id_GostR3410_94_CryptoPro_D_ParamSet 1 2 643 2 2 32 5 */
+     836,    /* OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet 1 2 643 2 2 33 1 */
+     837,    /* OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet 1 2 643 2 2 33 2 */
+     838,    /* OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet 1 2 643 2 2 33 3 */
+     839,    /* OBJ_id_GostR3410_2001_TestParamSet 1 2 643 2 2 35 0 */
+     840,    /* OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet 1 2 643 2 2 35 1 */
+     841,    /* OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet 1 2 643 2 2 35 2 */
+     842,    /* OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet 1 2 643 2 2 35 3 */
+     843,    /* OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet 1 2 643 2 2 36 0 */
+     844,    /* OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet 1 2 643 2 2 36 1 */
+     978,    /* OBJ_id_tc26_sign                 1 2 643 7 1 1 1 */
+     981,    /* OBJ_id_tc26_digest               1 2 643 7 1 1 2 */
+     984,    /* OBJ_id_tc26_signwithdigest       1 2 643 7 1 1 3 */
+     987,    /* OBJ_id_tc26_mac                  1 2 643 7 1 1 4 */
+     990,    /* OBJ_id_tc26_cipher               1 2 643 7 1 1 5 */
+     991,    /* OBJ_id_tc26_agreement            1 2 643 7 1 1 6 */
+    1179,    /* OBJ_id_tc26_wrap                 1 2 643 7 1 1 7 */
+     995,    /* OBJ_id_tc26_sign_constants       1 2 643 7 1 2 1 */
+    1000,    /* OBJ_id_tc26_digest_constants     1 2 643 7 1 2 2 */
+    1001,    /* OBJ_id_tc26_cipher_constants     1 2 643 7 1 2 5 */
+    1151,    /* OBJ_ua_pki                       1 2 804 2 1 1 1 */
+       2,    /* OBJ_pkcs                         1 2 840 113549 1 */
+     431,    /* OBJ_hold_instruction_none        1 2 840 10040 2 1 */
+     432,    /* OBJ_hold_instruction_call_issuer 1 2 840 10040 2 2 */
+     433,    /* OBJ_hold_instruction_reject      1 2 840 10040 2 3 */
+     116,    /* OBJ_dsa                          1 2 840 10040 4 1 */
+     113,    /* OBJ_dsaWithSHA1                  1 2 840 10040 4 3 */
+     406,    /* OBJ_X9_62_prime_field            1 2 840 10045 1 1 */
+     407,    /* OBJ_X9_62_characteristic_two_field 1 2 840 10045 1 2 */
+     408,    /* OBJ_X9_62_id_ecPublicKey         1 2 840 10045 2 1 */
+     416,    /* OBJ_ecdsa_with_SHA1              1 2 840 10045 4 1 */
+     791,    /* OBJ_ecdsa_with_Recommended       1 2 840 10045 4 2 */
+     792,    /* OBJ_ecdsa_with_Specified         1 2 840 10045 4 3 */
+     920,    /* OBJ_dhpublicnumber               1 2 840 10046 2 1 */
+    1032,    /* OBJ_pkInitClientAuth             1 3 6 1 5 2 3 4 */
+    1033,    /* OBJ_pkInitKDC                    1 3 6 1 5 2 3 5 */
+     258,    /* OBJ_id_pkix_mod                  1 3 6 1 5 5 7 0 */
+     175,    /* OBJ_id_pe                        1 3 6 1 5 5 7 1 */
+     259,    /* OBJ_id_qt                        1 3 6 1 5 5 7 2 */
+     128,    /* OBJ_id_kp                        1 3 6 1 5 5 7 3 */
+     260,    /* OBJ_id_it                        1 3 6 1 5 5 7 4 */
+     261,    /* OBJ_id_pkip                      1 3 6 1 5 5 7 5 */
+     262,    /* OBJ_id_alg                       1 3 6 1 5 5 7 6 */
+     263,    /* OBJ_id_cmc                       1 3 6 1 5 5 7 7 */
+     264,    /* OBJ_id_on                        1 3 6 1 5 5 7 8 */
+     265,    /* OBJ_id_pda                       1 3 6 1 5 5 7 9 */
+     266,    /* OBJ_id_aca                       1 3 6 1 5 5 7 10 */
+     267,    /* OBJ_id_qcs                       1 3 6 1 5 5 7 11 */
+     268,    /* OBJ_id_cct                       1 3 6 1 5 5 7 12 */
+     662,    /* OBJ_id_ppl                       1 3 6 1 5 5 7 21 */
+     176,    /* OBJ_id_ad                        1 3 6 1 5 5 7 48 */
+     507,    /* OBJ_id_hex_partial_message       1 3 6 1 7 1 1 1 */
+     508,    /* OBJ_id_hex_multipart_message     1 3 6 1 7 1 1 2 */
+      57,    /* OBJ_netscape                     2 16 840 1 113730 */
+     754,    /* OBJ_camellia_128_ecb             0 3 4401 5 3 1 9 1 */
+     766,    /* OBJ_camellia_128_ofb128          0 3 4401 5 3 1 9 3 */
+     757,    /* OBJ_camellia_128_cfb128          0 3 4401 5 3 1 9 4 */
+     961,    /* OBJ_camellia_128_gcm             0 3 4401 5 3 1 9 6 */
+     962,    /* OBJ_camellia_128_ccm             0 3 4401 5 3 1 9 7 */
+     963,    /* OBJ_camellia_128_ctr             0 3 4401 5 3 1 9 9 */
+     964,    /* OBJ_camellia_128_cmac            0 3 4401 5 3 1 9 10 */
+     755,    /* OBJ_camellia_192_ecb             0 3 4401 5 3 1 9 21 */
+     767,    /* OBJ_camellia_192_ofb128          0 3 4401 5 3 1 9 23 */
+     758,    /* OBJ_camellia_192_cfb128          0 3 4401 5 3 1 9 24 */
+     965,    /* OBJ_camellia_192_gcm             0 3 4401 5 3 1 9 26 */
+     966,    /* OBJ_camellia_192_ccm             0 3 4401 5 3 1 9 27 */
+     967,    /* OBJ_camellia_192_ctr             0 3 4401 5 3 1 9 29 */
+     968,    /* OBJ_camellia_192_cmac            0 3 4401 5 3 1 9 30 */
+     756,    /* OBJ_camellia_256_ecb             0 3 4401 5 3 1 9 41 */
+     768,    /* OBJ_camellia_256_ofb128          0 3 4401 5 3 1 9 43 */
+     759,    /* OBJ_camellia_256_cfb128          0 3 4401 5 3 1 9 44 */
+     969,    /* OBJ_camellia_256_gcm             0 3 4401 5 3 1 9 46 */
+     970,    /* OBJ_camellia_256_ccm             0 3 4401 5 3 1 9 47 */
+     971,    /* OBJ_camellia_256_ctr             0 3 4401 5 3 1 9 49 */
+     972,    /* OBJ_camellia_256_cmac            0 3 4401 5 3 1 9 50 */
+     437,    /* OBJ_pilot                        0 9 2342 19200300 100 */
+    1133,    /* OBJ_sm4_ecb                      1 2 156 10197 1 104 1 */
+    1134,    /* OBJ_sm4_cbc                      1 2 156 10197 1 104 2 */
+    1135,    /* OBJ_sm4_ofb128                   1 2 156 10197 1 104 3 */
+    1137,    /* OBJ_sm4_cfb128                   1 2 156 10197 1 104 4 */
+    1136,    /* OBJ_sm4_cfb1                     1 2 156 10197 1 104 5 */
+    1138,    /* OBJ_sm4_cfb8                     1 2 156 10197 1 104 6 */
+    1139,    /* OBJ_sm4_ctr                      1 2 156 10197 1 104 7 */
+    1172,    /* OBJ_sm2                          1 2 156 10197 1 301 */
+    1143,    /* OBJ_sm3                          1 2 156 10197 1 401 */
+    1144,    /* OBJ_sm3WithRSAEncryption         1 2 156 10197 1 504 */
+     776,    /* OBJ_seed_ecb                     1 2 410 200004 1 3 */
+     777,    /* OBJ_seed_cbc                     1 2 410 200004 1 4 */
+     779,    /* OBJ_seed_cfb128                  1 2 410 200004 1 5 */
+     778,    /* OBJ_seed_ofb128                  1 2 410 200004 1 6 */
+     852,    /* OBJ_id_GostR3411_94_with_GostR3410_94_cc 1 2 643 2 9 1 3 3 */
+     853,    /* OBJ_id_GostR3411_94_with_GostR3410_2001_cc 1 2 643 2 9 1 3 4 */
+     850,    /* OBJ_id_GostR3410_94_cc           1 2 643 2 9 1 5 3 */
+     851,    /* OBJ_id_GostR3410_2001_cc         1 2 643 2 9 1 5 4 */
+     849,    /* OBJ_id_Gost28147_89_cc           1 2 643 2 9 1 6 1 */
+     854,    /* OBJ_id_GostR3410_2001_ParamSet_cc 1 2 643 2 9 1 8 1 */
+    1004,    /* OBJ_INN                          1 2 643 3 131 1 1 */
+     979,    /* OBJ_id_GostR3410_2012_256        1 2 643 7 1 1 1 1 */
+     980,    /* OBJ_id_GostR3410_2012_512        1 2 643 7 1 1 1 2 */
+     982,    /* OBJ_id_GostR3411_2012_256        1 2 643 7 1 1 2 2 */
+     983,    /* OBJ_id_GostR3411_2012_512        1 2 643 7 1 1 2 3 */
+     985,    /* OBJ_id_tc26_signwithdigest_gost3410_2012_256 1 2 643 7 1 1 3 2 */
+     986,    /* OBJ_id_tc26_signwithdigest_gost3410_2012_512 1 2 643 7 1 1 3 3 */
+     988,    /* OBJ_id_tc26_hmac_gost_3411_2012_256 1 2 643 7 1 1 4 1 */
+     989,    /* OBJ_id_tc26_hmac_gost_3411_2012_512 1 2 643 7 1 1 4 2 */
+    1173,    /* OBJ_id_tc26_cipher_gostr3412_2015_magma 1 2 643 7 1 1 5 1 */
+    1176,    /* OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik 1 2 643 7 1 1 5 2 */
+     992,    /* OBJ_id_tc26_agreement_gost_3410_2012_256 1 2 643 7 1 1 6 1 */
+     993,    /* OBJ_id_tc26_agreement_gost_3410_2012_512 1 2 643 7 1 1 6 2 */
+    1180,    /* OBJ_id_tc26_wrap_gostr3412_2015_magma 1 2 643 7 1 1 7 1 */
+    1182,    /* OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik 1 2 643 7 1 1 7 2 */
+    1147,    /* OBJ_id_tc26_gost_3410_2012_256_constants 1 2 643 7 1 2 1 1 */
+     996,    /* OBJ_id_tc26_gost_3410_2012_512_constants 1 2 643 7 1 2 1 2 */
+    1002,    /* OBJ_id_tc26_gost_28147_constants 1 2 643 7 1 2 5 1 */
+     186,    /* OBJ_pkcs1                        1 2 840 113549 1 1 */
+      27,    /* OBJ_pkcs3                        1 2 840 113549 1 3 */
+     187,    /* OBJ_pkcs5                        1 2 840 113549 1 5 */
+      20,    /* OBJ_pkcs7                        1 2 840 113549 1 7 */
+      47,    /* OBJ_pkcs9                        1 2 840 113549 1 9 */
+       3,    /* OBJ_md2                          1 2 840 113549 2 2 */
+     257,    /* OBJ_md4                          1 2 840 113549 2 4 */
+       4,    /* OBJ_md5                          1 2 840 113549 2 5 */
+     797,    /* OBJ_hmacWithMD5                  1 2 840 113549 2 6 */
+     163,    /* OBJ_hmacWithSHA1                 1 2 840 113549 2 7 */
+     798,    /* OBJ_hmacWithSHA224               1 2 840 113549 2 8 */
+     799,    /* OBJ_hmacWithSHA256               1 2 840 113549 2 9 */
+     800,    /* OBJ_hmacWithSHA384               1 2 840 113549 2 10 */
+     801,    /* OBJ_hmacWithSHA512               1 2 840 113549 2 11 */
+    1193,    /* OBJ_hmacWithSHA512_224           1 2 840 113549 2 12 */
+    1194,    /* OBJ_hmacWithSHA512_256           1 2 840 113549 2 13 */
+      37,    /* OBJ_rc2_cbc                      1 2 840 113549 3 2 */
+       5,    /* OBJ_rc4                          1 2 840 113549 3 4 */
+      44,    /* OBJ_des_ede3_cbc                 1 2 840 113549 3 7 */
+     120,    /* OBJ_rc5_cbc                      1 2 840 113549 3 8 */
+     643,    /* OBJ_des_cdmf                     1 2 840 113549 3 10 */
+     680,    /* OBJ_X9_62_id_characteristic_two_basis 1 2 840 10045 1 2 3 */
+     684,    /* OBJ_X9_62_c2pnb163v1             1 2 840 10045 3 0 1 */
+     685,    /* OBJ_X9_62_c2pnb163v2             1 2 840 10045 3 0 2 */
+     686,    /* OBJ_X9_62_c2pnb163v3             1 2 840 10045 3 0 3 */
+     687,    /* OBJ_X9_62_c2pnb176v1             1 2 840 10045 3 0 4 */
+     688,    /* OBJ_X9_62_c2tnb191v1             1 2 840 10045 3 0 5 */
+     689,    /* OBJ_X9_62_c2tnb191v2             1 2 840 10045 3 0 6 */
+     690,    /* OBJ_X9_62_c2tnb191v3             1 2 840 10045 3 0 7 */
+     691,    /* OBJ_X9_62_c2onb191v4             1 2 840 10045 3 0 8 */
+     692,    /* OBJ_X9_62_c2onb191v5             1 2 840 10045 3 0 9 */
+     693,    /* OBJ_X9_62_c2pnb208w1             1 2 840 10045 3 0 10 */
+     694,    /* OBJ_X9_62_c2tnb239v1             1 2 840 10045 3 0 11 */
+     695,    /* OBJ_X9_62_c2tnb239v2             1 2 840 10045 3 0 12 */
+     696,    /* OBJ_X9_62_c2tnb239v3             1 2 840 10045 3 0 13 */
+     697,    /* OBJ_X9_62_c2onb239v4             1 2 840 10045 3 0 14 */
+     698,    /* OBJ_X9_62_c2onb239v5             1 2 840 10045 3 0 15 */
+     699,    /* OBJ_X9_62_c2pnb272w1             1 2 840 10045 3 0 16 */
+     700,    /* OBJ_X9_62_c2pnb304w1             1 2 840 10045 3 0 17 */
+     701,    /* OBJ_X9_62_c2tnb359v1             1 2 840 10045 3 0 18 */
+     702,    /* OBJ_X9_62_c2pnb368w1             1 2 840 10045 3 0 19 */
+     703,    /* OBJ_X9_62_c2tnb431r1             1 2 840 10045 3 0 20 */
+     409,    /* OBJ_X9_62_prime192v1             1 2 840 10045 3 1 1 */
+     410,    /* OBJ_X9_62_prime192v2             1 2 840 10045 3 1 2 */
+     411,    /* OBJ_X9_62_prime192v3             1 2 840 10045 3 1 3 */
+     412,    /* OBJ_X9_62_prime239v1             1 2 840 10045 3 1 4 */
+     413,    /* OBJ_X9_62_prime239v2             1 2 840 10045 3 1 5 */
+     414,    /* OBJ_X9_62_prime239v3             1 2 840 10045 3 1 6 */
+     415,    /* OBJ_X9_62_prime256v1             1 2 840 10045 3 1 7 */
+     793,    /* OBJ_ecdsa_with_SHA224            1 2 840 10045 4 3 1 */
+     794,    /* OBJ_ecdsa_with_SHA256            1 2 840 10045 4 3 2 */
+     795,    /* OBJ_ecdsa_with_SHA384            1 2 840 10045 4 3 3 */
+     796,    /* OBJ_ecdsa_with_SHA512            1 2 840 10045 4 3 4 */
+     269,    /* OBJ_id_pkix1_explicit_88         1 3 6 1 5 5 7 0 1 */
+     270,    /* OBJ_id_pkix1_implicit_88         1 3 6 1 5 5 7 0 2 */
+     271,    /* OBJ_id_pkix1_explicit_93         1 3 6 1 5 5 7 0 3 */
+     272,    /* OBJ_id_pkix1_implicit_93         1 3 6 1 5 5 7 0 4 */
+     273,    /* OBJ_id_mod_crmf                  1 3 6 1 5 5 7 0 5 */
+     274,    /* OBJ_id_mod_cmc                   1 3 6 1 5 5 7 0 6 */
+     275,    /* OBJ_id_mod_kea_profile_88        1 3 6 1 5 5 7 0 7 */
+     276,    /* OBJ_id_mod_kea_profile_93        1 3 6 1 5 5 7 0 8 */
+     277,    /* OBJ_id_mod_cmp                   1 3 6 1 5 5 7 0 9 */
+     278,    /* OBJ_id_mod_qualified_cert_88     1 3 6 1 5 5 7 0 10 */
+     279,    /* OBJ_id_mod_qualified_cert_93     1 3 6 1 5 5 7 0 11 */
+     280,    /* OBJ_id_mod_attribute_cert        1 3 6 1 5 5 7 0 12 */
+     281,    /* OBJ_id_mod_timestamp_protocol    1 3 6 1 5 5 7 0 13 */
+     282,    /* OBJ_id_mod_ocsp                  1 3 6 1 5 5 7 0 14 */
+     283,    /* OBJ_id_mod_dvcs                  1 3 6 1 5 5 7 0 15 */
+     284,    /* OBJ_id_mod_cmp2000               1 3 6 1 5 5 7 0 16 */
+     177,    /* OBJ_info_access                  1 3 6 1 5 5 7 1 1 */
+     285,    /* OBJ_biometricInfo                1 3 6 1 5 5 7 1 2 */
+     286,    /* OBJ_qcStatements                 1 3 6 1 5 5 7 1 3 */
+     287,    /* OBJ_ac_auditEntity               1 3 6 1 5 5 7 1 4 */
+     288,    /* OBJ_ac_targeting                 1 3 6 1 5 5 7 1 5 */
+     289,    /* OBJ_aaControls                   1 3 6 1 5 5 7 1 6 */
+     290,    /* OBJ_sbgp_ipAddrBlock             1 3 6 1 5 5 7 1 7 */
+     291,    /* OBJ_sbgp_autonomousSysNum        1 3 6 1 5 5 7 1 8 */
+     292,    /* OBJ_sbgp_routerIdentifier        1 3 6 1 5 5 7 1 9 */
+     397,    /* OBJ_ac_proxying                  1 3 6 1 5 5 7 1 10 */
+     398,    /* OBJ_sinfo_access                 1 3 6 1 5 5 7 1 11 */
+     663,    /* OBJ_proxyCertInfo                1 3 6 1 5 5 7 1 14 */
+    1020,    /* OBJ_tlsfeature                   1 3 6 1 5 5 7 1 24 */
+     164,    /* OBJ_id_qt_cps                    1 3 6 1 5 5 7 2 1 */
+     165,    /* OBJ_id_qt_unotice                1 3 6 1 5 5 7 2 2 */
+     293,    /* OBJ_textNotice                   1 3 6 1 5 5 7 2 3 */
+     129,    /* OBJ_server_auth                  1 3 6 1 5 5 7 3 1 */
+     130,    /* OBJ_client_auth                  1 3 6 1 5 5 7 3 2 */
+     131,    /* OBJ_code_sign                    1 3 6 1 5 5 7 3 3 */
+     132,    /* OBJ_email_protect                1 3 6 1 5 5 7 3 4 */
+     294,    /* OBJ_ipsecEndSystem               1 3 6 1 5 5 7 3 5 */
+     295,    /* OBJ_ipsecTunnel                  1 3 6 1 5 5 7 3 6 */
+     296,    /* OBJ_ipsecUser                    1 3 6 1 5 5 7 3 7 */
+     133,    /* OBJ_time_stamp                   1 3 6 1 5 5 7 3 8 */
+     180,    /* OBJ_OCSP_sign                    1 3 6 1 5 5 7 3 9 */
+     297,    /* OBJ_dvcs                         1 3 6 1 5 5 7 3 10 */
+    1022,    /* OBJ_ipsec_IKE                    1 3 6 1 5 5 7 3 17 */
+    1023,    /* OBJ_capwapAC                     1 3 6 1 5 5 7 3 18 */
+    1024,    /* OBJ_capwapWTP                    1 3 6 1 5 5 7 3 19 */
+    1025,    /* OBJ_sshClient                    1 3 6 1 5 5 7 3 21 */
+    1026,    /* OBJ_sshServer                    1 3 6 1 5 5 7 3 22 */
+    1027,    /* OBJ_sendRouter                   1 3 6 1 5 5 7 3 23 */
+    1028,    /* OBJ_sendProxiedRouter            1 3 6 1 5 5 7 3 24 */
+    1029,    /* OBJ_sendOwner                    1 3 6 1 5 5 7 3 25 */
+    1030,    /* OBJ_sendProxiedOwner             1 3 6 1 5 5 7 3 26 */
+    1131,    /* OBJ_cmcCA                        1 3 6 1 5 5 7 3 27 */
+    1132,    /* OBJ_cmcRA                        1 3 6 1 5 5 7 3 28 */
+     298,    /* OBJ_id_it_caProtEncCert          1 3 6 1 5 5 7 4 1 */
+     299,    /* OBJ_id_it_signKeyPairTypes       1 3 6 1 5 5 7 4 2 */
+     300,    /* OBJ_id_it_encKeyPairTypes        1 3 6 1 5 5 7 4 3 */
+     301,    /* OBJ_id_it_preferredSymmAlg       1 3 6 1 5 5 7 4 4 */
+     302,    /* OBJ_id_it_caKeyUpdateInfo        1 3 6 1 5 5 7 4 5 */
+     303,    /* OBJ_id_it_currentCRL             1 3 6 1 5 5 7 4 6 */
+     304,    /* OBJ_id_it_unsupportedOIDs        1 3 6 1 5 5 7 4 7 */
+     305,    /* OBJ_id_it_subscriptionRequest    1 3 6 1 5 5 7 4 8 */
+     306,    /* OBJ_id_it_subscriptionResponse   1 3 6 1 5 5 7 4 9 */
+     307,    /* OBJ_id_it_keyPairParamReq        1 3 6 1 5 5 7 4 10 */
+     308,    /* OBJ_id_it_keyPairParamRep        1 3 6 1 5 5 7 4 11 */
+     309,    /* OBJ_id_it_revPassphrase          1 3 6 1 5 5 7 4 12 */
+     310,    /* OBJ_id_it_implicitConfirm        1 3 6 1 5 5 7 4 13 */
+     311,    /* OBJ_id_it_confirmWaitTime        1 3 6 1 5 5 7 4 14 */
+     312,    /* OBJ_id_it_origPKIMessage         1 3 6 1 5 5 7 4 15 */
+     784,    /* OBJ_id_it_suppLangTags           1 3 6 1 5 5 7 4 16 */
+     313,    /* OBJ_id_regCtrl                   1 3 6 1 5 5 7 5 1 */
+     314,    /* OBJ_id_regInfo                   1 3 6 1 5 5 7 5 2 */
+     323,    /* OBJ_id_alg_des40                 1 3 6 1 5 5 7 6 1 */
+     324,    /* OBJ_id_alg_noSignature           1 3 6 1 5 5 7 6 2 */
+     325,    /* OBJ_id_alg_dh_sig_hmac_sha1      1 3 6 1 5 5 7 6 3 */
+     326,    /* OBJ_id_alg_dh_pop                1 3 6 1 5 5 7 6 4 */
+     327,    /* OBJ_id_cmc_statusInfo            1 3 6 1 5 5 7 7 1 */
+     328,    /* OBJ_id_cmc_identification        1 3 6 1 5 5 7 7 2 */
+     329,    /* OBJ_id_cmc_identityProof         1 3 6 1 5 5 7 7 3 */
+     330,    /* OBJ_id_cmc_dataReturn            1 3 6 1 5 5 7 7 4 */
+     331,    /* OBJ_id_cmc_transactionId         1 3 6 1 5 5 7 7 5 */
+     332,    /* OBJ_id_cmc_senderNonce           1 3 6 1 5 5 7 7 6 */
+     333,    /* OBJ_id_cmc_recipientNonce        1 3 6 1 5 5 7 7 7 */
+     334,    /* OBJ_id_cmc_addExtensions         1 3 6 1 5 5 7 7 8 */
+     335,    /* OBJ_id_cmc_encryptedPOP          1 3 6 1 5 5 7 7 9 */
+     336,    /* OBJ_id_cmc_decryptedPOP          1 3 6 1 5 5 7 7 10 */
+     337,    /* OBJ_id_cmc_lraPOPWitness         1 3 6 1 5 5 7 7 11 */
+     338,    /* OBJ_id_cmc_getCert               1 3 6 1 5 5 7 7 15 */
+     339,    /* OBJ_id_cmc_getCRL                1 3 6 1 5 5 7 7 16 */
+     340,    /* OBJ_id_cmc_revokeRequest         1 3 6 1 5 5 7 7 17 */
+     341,    /* OBJ_id_cmc_regInfo               1 3 6 1 5 5 7 7 18 */
+     342,    /* OBJ_id_cmc_responseInfo          1 3 6 1 5 5 7 7 19 */
+     343,    /* OBJ_id_cmc_queryPending          1 3 6 1 5 5 7 7 21 */
+     344,    /* OBJ_id_cmc_popLinkRandom         1 3 6 1 5 5 7 7 22 */
+     345,    /* OBJ_id_cmc_popLinkWitness        1 3 6 1 5 5 7 7 23 */
+     346,    /* OBJ_id_cmc_confirmCertAcceptance 1 3 6 1 5 5 7 7 24 */
+     347,    /* OBJ_id_on_personalData           1 3 6 1 5 5 7 8 1 */
+     858,    /* OBJ_id_on_permanentIdentifier    1 3 6 1 5 5 7 8 3 */
+     348,    /* OBJ_id_pda_dateOfBirth           1 3 6 1 5 5 7 9 1 */
+     349,    /* OBJ_id_pda_placeOfBirth          1 3 6 1 5 5 7 9 2 */
+     351,    /* OBJ_id_pda_gender                1 3 6 1 5 5 7 9 3 */
+     352,    /* OBJ_id_pda_countryOfCitizenship  1 3 6 1 5 5 7 9 4 */
+     353,    /* OBJ_id_pda_countryOfResidence    1 3 6 1 5 5 7 9 5 */
+     354,    /* OBJ_id_aca_authenticationInfo    1 3 6 1 5 5 7 10 1 */
+     355,    /* OBJ_id_aca_accessIdentity        1 3 6 1 5 5 7 10 2 */
+     356,    /* OBJ_id_aca_chargingIdentity      1 3 6 1 5 5 7 10 3 */
+     357,    /* OBJ_id_aca_group                 1 3 6 1 5 5 7 10 4 */
+     358,    /* OBJ_id_aca_role                  1 3 6 1 5 5 7 10 5 */
+     399,    /* OBJ_id_aca_encAttrs              1 3 6 1 5 5 7 10 6 */
+     359,    /* OBJ_id_qcs_pkixQCSyntax_v1       1 3 6 1 5 5 7 11 1 */
+     360,    /* OBJ_id_cct_crs                   1 3 6 1 5 5 7 12 1 */
+     361,    /* OBJ_id_cct_PKIData               1 3 6 1 5 5 7 12 2 */
+     362,    /* OBJ_id_cct_PKIResponse           1 3 6 1 5 5 7 12 3 */
+     664,    /* OBJ_id_ppl_anyLanguage           1 3 6 1 5 5 7 21 0 */
+     665,    /* OBJ_id_ppl_inheritAll            1 3 6 1 5 5 7 21 1 */
+     667,    /* OBJ_Independent                  1 3 6 1 5 5 7 21 2 */
+     178,    /* OBJ_ad_OCSP                      1 3 6 1 5 5 7 48 1 */
+     179,    /* OBJ_ad_ca_issuers                1 3 6 1 5 5 7 48 2 */
+     363,    /* OBJ_ad_timeStamping              1 3 6 1 5 5 7 48 3 */
+     364,    /* OBJ_ad_dvcs                      1 3 6 1 5 5 7 48 4 */
+     785,    /* OBJ_caRepository                 1 3 6 1 5 5 7 48 5 */
+     780,    /* OBJ_hmac_md5                     1 3 6 1 5 5 8 1 1 */
+     781,    /* OBJ_hmac_sha1                    1 3 6 1 5 5 8 1 2 */
+     913,    /* OBJ_aes_128_xts                  1 3 111 2 1619 0 1 1 */
+     914,    /* OBJ_aes_256_xts                  1 3 111 2 1619 0 1 2 */
+      58,    /* OBJ_netscape_cert_extension      2 16 840 1 113730 1 */
+      59,    /* OBJ_netscape_data_type           2 16 840 1 113730 2 */
+     438,    /* OBJ_pilotAttributeType           0 9 2342 19200300 100 1 */
+     439,    /* OBJ_pilotAttributeSyntax         0 9 2342 19200300 100 3 */
+     440,    /* OBJ_pilotObjectClass             0 9 2342 19200300 100 4 */
+     441,    /* OBJ_pilotGroups                  0 9 2342 19200300 100 10 */
+    1065,    /* OBJ_aria_128_ecb                 1 2 410 200046 1 1 1 */
+    1066,    /* OBJ_aria_128_cbc                 1 2 410 200046 1 1 2 */
+    1067,    /* OBJ_aria_128_cfb128              1 2 410 200046 1 1 3 */
+    1068,    /* OBJ_aria_128_ofb128              1 2 410 200046 1 1 4 */
+    1069,    /* OBJ_aria_128_ctr                 1 2 410 200046 1 1 5 */
+    1070,    /* OBJ_aria_192_ecb                 1 2 410 200046 1 1 6 */
+    1071,    /* OBJ_aria_192_cbc                 1 2 410 200046 1 1 7 */
+    1072,    /* OBJ_aria_192_cfb128              1 2 410 200046 1 1 8 */
+    1073,    /* OBJ_aria_192_ofb128              1 2 410 200046 1 1 9 */
+    1074,    /* OBJ_aria_192_ctr                 1 2 410 200046 1 1 10 */
+    1075,    /* OBJ_aria_256_ecb                 1 2 410 200046 1 1 11 */
+    1076,    /* OBJ_aria_256_cbc                 1 2 410 200046 1 1 12 */
+    1077,    /* OBJ_aria_256_cfb128              1 2 410 200046 1 1 13 */
+    1078,    /* OBJ_aria_256_ofb128              1 2 410 200046 1 1 14 */
+    1079,    /* OBJ_aria_256_ctr                 1 2 410 200046 1 1 15 */
+    1123,    /* OBJ_aria_128_gcm                 1 2 410 200046 1 1 34 */
+    1124,    /* OBJ_aria_192_gcm                 1 2 410 200046 1 1 35 */
+    1125,    /* OBJ_aria_256_gcm                 1 2 410 200046 1 1 36 */
+    1120,    /* OBJ_aria_128_ccm                 1 2 410 200046 1 1 37 */
+    1121,    /* OBJ_aria_192_ccm                 1 2 410 200046 1 1 38 */
+    1122,    /* OBJ_aria_256_ccm                 1 2 410 200046 1 1 39 */
+    1174,    /* OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm 1 2 643 7 1 1 5 1 1 */
+    1175,    /* OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac 1 2 643 7 1 1 5 1 2 */
+    1177,    /* OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm 1 2 643 7 1 1 5 2 1 */
+    1178,    /* OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac 1 2 643 7 1 1 5 2 2 */
+    1181,    /* OBJ_id_tc26_wrap_gostr3412_2015_magma_kexp15 1 2 643 7 1 1 7 1 1 */
+    1183,    /* OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 1 2 643 7 1 1 7 1 1 */
+    1148,    /* OBJ_id_tc26_gost_3410_2012_256_paramSetA 1 2 643 7 1 2 1 1 1 */
+    1184,    /* OBJ_id_tc26_gost_3410_2012_256_paramSetB 1 2 643 7 1 2 1 1 2 */
+    1185,    /* OBJ_id_tc26_gost_3410_2012_256_paramSetC 1 2 643 7 1 2 1 1 3 */
+    1186,    /* OBJ_id_tc26_gost_3410_2012_256_paramSetD 1 2 643 7 1 2 1 1 4 */
+     997,    /* OBJ_id_tc26_gost_3410_2012_512_paramSetTest 1 2 643 7 1 2 1 2 0 */
+     998,    /* OBJ_id_tc26_gost_3410_2012_512_paramSetA 1 2 643 7 1 2 1 2 1 */
+     999,    /* OBJ_id_tc26_gost_3410_2012_512_paramSetB 1 2 643 7 1 2 1 2 2 */
+    1149,    /* OBJ_id_tc26_gost_3410_2012_512_paramSetC 1 2 643 7 1 2 1 2 3 */
+    1003,    /* OBJ_id_tc26_gost_28147_param_Z   1 2 643 7 1 2 5 1 1 */
+     108,    /* OBJ_cast5_cbc                    1 2 840 113533 7 66 10 */
+     112,    /* OBJ_pbeWithMD5AndCast5_CBC       1 2 840 113533 7 66 12 */
+     782,    /* OBJ_id_PasswordBasedMAC          1 2 840 113533 7 66 13 */
+     783,    /* OBJ_id_DHBasedMac                1 2 840 113533 7 66 30 */
+       6,    /* OBJ_rsaEncryption                1 2 840 113549 1 1 1 */
+       7,    /* OBJ_md2WithRSAEncryption         1 2 840 113549 1 1 2 */
+     396,    /* OBJ_md4WithRSAEncryption         1 2 840 113549 1 1 3 */
+       8,    /* OBJ_md5WithRSAEncryption         1 2 840 113549 1 1 4 */
+      65,    /* OBJ_sha1WithRSAEncryption        1 2 840 113549 1 1 5 */
+     644,    /* OBJ_rsaOAEPEncryptionSET         1 2 840 113549 1 1 6 */
+     919,    /* OBJ_rsaesOaep                    1 2 840 113549 1 1 7 */
+     911,    /* OBJ_mgf1                         1 2 840 113549 1 1 8 */
+     935,    /* OBJ_pSpecified                   1 2 840 113549 1 1 9 */
+     912,    /* OBJ_rsassaPss                    1 2 840 113549 1 1 10 */
+     668,    /* OBJ_sha256WithRSAEncryption      1 2 840 113549 1 1 11 */
+     669,    /* OBJ_sha384WithRSAEncryption      1 2 840 113549 1 1 12 */
+     670,    /* OBJ_sha512WithRSAEncryption      1 2 840 113549 1 1 13 */
+     671,    /* OBJ_sha224WithRSAEncryption      1 2 840 113549 1 1 14 */
+    1145,    /* OBJ_sha512_224WithRSAEncryption  1 2 840 113549 1 1 15 */
+    1146,    /* OBJ_sha512_256WithRSAEncryption  1 2 840 113549 1 1 16 */
+      28,    /* OBJ_dhKeyAgreement               1 2 840 113549 1 3 1 */
+       9,    /* OBJ_pbeWithMD2AndDES_CBC         1 2 840 113549 1 5 1 */
+      10,    /* OBJ_pbeWithMD5AndDES_CBC         1 2 840 113549 1 5 3 */
+     168,    /* OBJ_pbeWithMD2AndRC2_CBC         1 2 840 113549 1 5 4 */
+     169,    /* OBJ_pbeWithMD5AndRC2_CBC         1 2 840 113549 1 5 6 */
+     170,    /* OBJ_pbeWithSHA1AndDES_CBC        1 2 840 113549 1 5 10 */
+      68,    /* OBJ_pbeWithSHA1AndRC2_CBC        1 2 840 113549 1 5 11 */
+      69,    /* OBJ_id_pbkdf2                    1 2 840 113549 1 5 12 */
+     161,    /* OBJ_pbes2                        1 2 840 113549 1 5 13 */
+     162,    /* OBJ_pbmac1                       1 2 840 113549 1 5 14 */
+      21,    /* OBJ_pkcs7_data                   1 2 840 113549 1 7 1 */
+      22,    /* OBJ_pkcs7_signed                 1 2 840 113549 1 7 2 */
+      23,    /* OBJ_pkcs7_enveloped              1 2 840 113549 1 7 3 */
+      24,    /* OBJ_pkcs7_signedAndEnveloped     1 2 840 113549 1 7 4 */
+      25,    /* OBJ_pkcs7_digest                 1 2 840 113549 1 7 5 */
+      26,    /* OBJ_pkcs7_encrypted              1 2 840 113549 1 7 6 */
+      48,    /* OBJ_pkcs9_emailAddress           1 2 840 113549 1 9 1 */
+      49,    /* OBJ_pkcs9_unstructuredName       1 2 840 113549 1 9 2 */
+      50,    /* OBJ_pkcs9_contentType            1 2 840 113549 1 9 3 */
+      51,    /* OBJ_pkcs9_messageDigest          1 2 840 113549 1 9 4 */
+      52,    /* OBJ_pkcs9_signingTime            1 2 840 113549 1 9 5 */
+      53,    /* OBJ_pkcs9_countersignature       1 2 840 113549 1 9 6 */
+      54,    /* OBJ_pkcs9_challengePassword      1 2 840 113549 1 9 7 */
+      55,    /* OBJ_pkcs9_unstructuredAddress    1 2 840 113549 1 9 8 */
+      56,    /* OBJ_pkcs9_extCertAttributes      1 2 840 113549 1 9 9 */
+     172,    /* OBJ_ext_req                      1 2 840 113549 1 9 14 */
+     167,    /* OBJ_SMIMECapabilities            1 2 840 113549 1 9 15 */
+     188,    /* OBJ_SMIME                        1 2 840 113549 1 9 16 */
+     156,    /* OBJ_friendlyName                 1 2 840 113549 1 9 20 */
+     157,    /* OBJ_localKeyID                   1 2 840 113549 1 9 21 */
+     681,    /* OBJ_X9_62_onBasis                1 2 840 10045 1 2 3 1 */
+     682,    /* OBJ_X9_62_tpBasis                1 2 840 10045 1 2 3 2 */
+     683,    /* OBJ_X9_62_ppBasis                1 2 840 10045 1 2 3 3 */
+     417,    /* OBJ_ms_csp_name                  1 3 6 1 4 1 311 17 1 */
+     856,    /* OBJ_LocalKeySet                  1 3 6 1 4 1 311 17 2 */
+     390,    /* OBJ_dcObject                     1 3 6 1 4 1 1466 344 */
+      91,    /* OBJ_bf_cbc                       1 3 6 1 4 1 3029 1 2 */
+     973,    /* OBJ_id_scrypt                    1 3 6 1 4 1 11591 4 11 */
+     315,    /* OBJ_id_regCtrl_regToken          1 3 6 1 5 5 7 5 1 1 */
+     316,    /* OBJ_id_regCtrl_authenticator     1 3 6 1 5 5 7 5 1 2 */
+     317,    /* OBJ_id_regCtrl_pkiPublicationInfo 1 3 6 1 5 5 7 5 1 3 */
+     318,    /* OBJ_id_regCtrl_pkiArchiveOptions 1 3 6 1 5 5 7 5 1 4 */
+     319,    /* OBJ_id_regCtrl_oldCertID         1 3 6 1 5 5 7 5 1 5 */
+     320,    /* OBJ_id_regCtrl_protocolEncrKey   1 3 6 1 5 5 7 5 1 6 */
+     321,    /* OBJ_id_regInfo_utf8Pairs         1 3 6 1 5 5 7 5 2 1 */
+     322,    /* OBJ_id_regInfo_certReq           1 3 6 1 5 5 7 5 2 2 */
+     365,    /* OBJ_id_pkix_OCSP_basic           1 3 6 1 5 5 7 48 1 1 */
+     366,    /* OBJ_id_pkix_OCSP_Nonce           1 3 6 1 5 5 7 48 1 2 */
+     367,    /* OBJ_id_pkix_OCSP_CrlID           1 3 6 1 5 5 7 48 1 3 */
+     368,    /* OBJ_id_pkix_OCSP_acceptableResponses 1 3 6 1 5 5 7 48 1 4 */
+     369,    /* OBJ_id_pkix_OCSP_noCheck         1 3 6 1 5 5 7 48 1 5 */
+     370,    /* OBJ_id_pkix_OCSP_archiveCutoff   1 3 6 1 5 5 7 48 1 6 */
+     371,    /* OBJ_id_pkix_OCSP_serviceLocator  1 3 6 1 5 5 7 48 1 7 */
+     372,    /* OBJ_id_pkix_OCSP_extendedStatus  1 3 6 1 5 5 7 48 1 8 */
+     373,    /* OBJ_id_pkix_OCSP_valid           1 3 6 1 5 5 7 48 1 9 */
+     374,    /* OBJ_id_pkix_OCSP_path            1 3 6 1 5 5 7 48 1 10 */
+     375,    /* OBJ_id_pkix_OCSP_trustRoot       1 3 6 1 5 5 7 48 1 11 */
+     921,    /* OBJ_brainpoolP160r1              1 3 36 3 3 2 8 1 1 1 */
+     922,    /* OBJ_brainpoolP160t1              1 3 36 3 3 2 8 1 1 2 */
+     923,    /* OBJ_brainpoolP192r1              1 3 36 3 3 2 8 1 1 3 */
+     924,    /* OBJ_brainpoolP192t1              1 3 36 3 3 2 8 1 1 4 */
+     925,    /* OBJ_brainpoolP224r1              1 3 36 3 3 2 8 1 1 5 */
+     926,    /* OBJ_brainpoolP224t1              1 3 36 3 3 2 8 1 1 6 */
+     927,    /* OBJ_brainpoolP256r1              1 3 36 3 3 2 8 1 1 7 */
+     928,    /* OBJ_brainpoolP256t1              1 3 36 3 3 2 8 1 1 8 */
+     929,    /* OBJ_brainpoolP320r1              1 3 36 3 3 2 8 1 1 9 */
+     930,    /* OBJ_brainpoolP320t1              1 3 36 3 3 2 8 1 1 10 */
+     931,    /* OBJ_brainpoolP384r1              1 3 36 3 3 2 8 1 1 11 */
+     932,    /* OBJ_brainpoolP384t1              1 3 36 3 3 2 8 1 1 12 */
+     933,    /* OBJ_brainpoolP512r1              1 3 36 3 3 2 8 1 1 13 */
+     934,    /* OBJ_brainpoolP512t1              1 3 36 3 3 2 8 1 1 14 */
+     936,    /* OBJ_dhSinglePass_stdDH_sha1kdf_scheme 1 3 133 16 840 63 0 2 */
+     941,    /* OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme 1 3 133 16 840 63 0 3 */
+     418,    /* OBJ_aes_128_ecb                  2 16 840 1 101 3 4 1 1 */
+     419,    /* OBJ_aes_128_cbc                  2 16 840 1 101 3 4 1 2 */
+     420,    /* OBJ_aes_128_ofb128               2 16 840 1 101 3 4 1 3 */
+     421,    /* OBJ_aes_128_cfb128               2 16 840 1 101 3 4 1 4 */
+     788,    /* OBJ_id_aes128_wrap               2 16 840 1 101 3 4 1 5 */
+     895,    /* OBJ_aes_128_gcm                  2 16 840 1 101 3 4 1 6 */
+     896,    /* OBJ_aes_128_ccm                  2 16 840 1 101 3 4 1 7 */
+     897,    /* OBJ_id_aes128_wrap_pad           2 16 840 1 101 3 4 1 8 */
+     422,    /* OBJ_aes_192_ecb                  2 16 840 1 101 3 4 1 21 */
+     423,    /* OBJ_aes_192_cbc                  2 16 840 1 101 3 4 1 22 */
+     424,    /* OBJ_aes_192_ofb128               2 16 840 1 101 3 4 1 23 */
+     425,    /* OBJ_aes_192_cfb128               2 16 840 1 101 3 4 1 24 */
+     789,    /* OBJ_id_aes192_wrap               2 16 840 1 101 3 4 1 25 */
+     898,    /* OBJ_aes_192_gcm                  2 16 840 1 101 3 4 1 26 */
+     899,    /* OBJ_aes_192_ccm                  2 16 840 1 101 3 4 1 27 */
+     900,    /* OBJ_id_aes192_wrap_pad           2 16 840 1 101 3 4 1 28 */
+     426,    /* OBJ_aes_256_ecb                  2 16 840 1 101 3 4 1 41 */
+     427,    /* OBJ_aes_256_cbc                  2 16 840 1 101 3 4 1 42 */
+     428,    /* OBJ_aes_256_ofb128               2 16 840 1 101 3 4 1 43 */
+     429,    /* OBJ_aes_256_cfb128               2 16 840 1 101 3 4 1 44 */
+     790,    /* OBJ_id_aes256_wrap               2 16 840 1 101 3 4 1 45 */
+     901,    /* OBJ_aes_256_gcm                  2 16 840 1 101 3 4 1 46 */
+     902,    /* OBJ_aes_256_ccm                  2 16 840 1 101 3 4 1 47 */
+     903,    /* OBJ_id_aes256_wrap_pad           2 16 840 1 101 3 4 1 48 */
+     672,    /* OBJ_sha256                       2 16 840 1 101 3 4 2 1 */
+     673,    /* OBJ_sha384                       2 16 840 1 101 3 4 2 2 */
+     674,    /* OBJ_sha512                       2 16 840 1 101 3 4 2 3 */
+     675,    /* OBJ_sha224                       2 16 840 1 101 3 4 2 4 */
+    1094,    /* OBJ_sha512_224                   2 16 840 1 101 3 4 2 5 */
+    1095,    /* OBJ_sha512_256                   2 16 840 1 101 3 4 2 6 */
+    1096,    /* OBJ_sha3_224                     2 16 840 1 101 3 4 2 7 */
+    1097,    /* OBJ_sha3_256                     2 16 840 1 101 3 4 2 8 */
+    1098,    /* OBJ_sha3_384                     2 16 840 1 101 3 4 2 9 */
+    1099,    /* OBJ_sha3_512                     2 16 840 1 101 3 4 2 10 */
+    1100,    /* OBJ_shake128                     2 16 840 1 101 3 4 2 11 */
+    1101,    /* OBJ_shake256                     2 16 840 1 101 3 4 2 12 */
+    1102,    /* OBJ_hmac_sha3_224                2 16 840 1 101 3 4 2 13 */
+    1103,    /* OBJ_hmac_sha3_256                2 16 840 1 101 3 4 2 14 */
+    1104,    /* OBJ_hmac_sha3_384                2 16 840 1 101 3 4 2 15 */
+    1105,    /* OBJ_hmac_sha3_512                2 16 840 1 101 3 4 2 16 */
+     802,    /* OBJ_dsa_with_SHA224              2 16 840 1 101 3 4 3 1 */
+     803,    /* OBJ_dsa_with_SHA256              2 16 840 1 101 3 4 3 2 */
+    1106,    /* OBJ_dsa_with_SHA384              2 16 840 1 101 3 4 3 3 */
+    1107,    /* OBJ_dsa_with_SHA512              2 16 840 1 101 3 4 3 4 */
+    1108,    /* OBJ_dsa_with_SHA3_224            2 16 840 1 101 3 4 3 5 */
+    1109,    /* OBJ_dsa_with_SHA3_256            2 16 840 1 101 3 4 3 6 */
+    1110,    /* OBJ_dsa_with_SHA3_384            2 16 840 1 101 3 4 3 7 */
+    1111,    /* OBJ_dsa_with_SHA3_512            2 16 840 1 101 3 4 3 8 */
+    1112,    /* OBJ_ecdsa_with_SHA3_224          2 16 840 1 101 3 4 3 9 */
+    1113,    /* OBJ_ecdsa_with_SHA3_256          2 16 840 1 101 3 4 3 10 */
+    1114,    /* OBJ_ecdsa_with_SHA3_384          2 16 840 1 101 3 4 3 11 */
+    1115,    /* OBJ_ecdsa_with_SHA3_512          2 16 840 1 101 3 4 3 12 */
+    1116,    /* OBJ_RSA_SHA3_224                 2 16 840 1 101 3 4 3 13 */
+    1117,    /* OBJ_RSA_SHA3_256                 2 16 840 1 101 3 4 3 14 */
+    1118,    /* OBJ_RSA_SHA3_384                 2 16 840 1 101 3 4 3 15 */
+    1119,    /* OBJ_RSA_SHA3_512                 2 16 840 1 101 3 4 3 16 */
+      71,    /* OBJ_netscape_cert_type           2 16 840 1 113730 1 1 */
+      72,    /* OBJ_netscape_base_url            2 16 840 1 113730 1 2 */
+      73,    /* OBJ_netscape_revocation_url      2 16 840 1 113730 1 3 */
+      74,    /* OBJ_netscape_ca_revocation_url   2 16 840 1 113730 1 4 */
+      75,    /* OBJ_netscape_renewal_url         2 16 840 1 113730 1 7 */
+      76,    /* OBJ_netscape_ca_policy_url       2 16 840 1 113730 1 8 */
+      77,    /* OBJ_netscape_ssl_server_name     2 16 840 1 113730 1 12 */
+      78,    /* OBJ_netscape_comment             2 16 840 1 113730 1 13 */
+      79,    /* OBJ_netscape_cert_sequence       2 16 840 1 113730 2 5 */
+     139,    /* OBJ_ns_sgc                       2 16 840 1 113730 4 1 */
+     458,    /* OBJ_userId                       0 9 2342 19200300 100 1 1 */
+     459,    /* OBJ_textEncodedORAddress         0 9 2342 19200300 100 1 2 */
+     460,    /* OBJ_rfc822Mailbox                0 9 2342 19200300 100 1 3 */
+     461,    /* OBJ_info                         0 9 2342 19200300 100 1 4 */
+     462,    /* OBJ_favouriteDrink               0 9 2342 19200300 100 1 5 */
+     463,    /* OBJ_roomNumber                   0 9 2342 19200300 100 1 6 */
+     464,    /* OBJ_photo                        0 9 2342 19200300 100 1 7 */
+     465,    /* OBJ_userClass                    0 9 2342 19200300 100 1 8 */
+     466,    /* OBJ_host                         0 9 2342 19200300 100 1 9 */
+     467,    /* OBJ_manager                      0 9 2342 19200300 100 1 10 */
+     468,    /* OBJ_documentIdentifier           0 9 2342 19200300 100 1 11 */
+     469,    /* OBJ_documentTitle                0 9 2342 19200300 100 1 12 */
+     470,    /* OBJ_documentVersion              0 9 2342 19200300 100 1 13 */
+     471,    /* OBJ_documentAuthor               0 9 2342 19200300 100 1 14 */
+     472,    /* OBJ_documentLocation             0 9 2342 19200300 100 1 15 */
+     473,    /* OBJ_homeTelephoneNumber          0 9 2342 19200300 100 1 20 */
+     474,    /* OBJ_secretary                    0 9 2342 19200300 100 1 21 */
+     475,    /* OBJ_otherMailbox                 0 9 2342 19200300 100 1 22 */
+     476,    /* OBJ_lastModifiedTime             0 9 2342 19200300 100 1 23 */
+     477,    /* OBJ_lastModifiedBy               0 9 2342 19200300 100 1 24 */
+     391,    /* OBJ_domainComponent              0 9 2342 19200300 100 1 25 */
+     478,    /* OBJ_aRecord                      0 9 2342 19200300 100 1 26 */
+     479,    /* OBJ_pilotAttributeType27         0 9 2342 19200300 100 1 27 */
+     480,    /* OBJ_mXRecord                     0 9 2342 19200300 100 1 28 */
+     481,    /* OBJ_nSRecord                     0 9 2342 19200300 100 1 29 */
+     482,    /* OBJ_sOARecord                    0 9 2342 19200300 100 1 30 */
+     483,    /* OBJ_cNAMERecord                  0 9 2342 19200300 100 1 31 */
+     484,    /* OBJ_associatedDomain             0 9 2342 19200300 100 1 37 */
+     485,    /* OBJ_associatedName               0 9 2342 19200300 100 1 38 */
+     486,    /* OBJ_homePostalAddress            0 9 2342 19200300 100 1 39 */
+     487,    /* OBJ_personalTitle                0 9 2342 19200300 100 1 40 */
+     488,    /* OBJ_mobileTelephoneNumber        0 9 2342 19200300 100 1 41 */
+     489,    /* OBJ_pagerTelephoneNumber         0 9 2342 19200300 100 1 42 */
+     490,    /* OBJ_friendlyCountryName          0 9 2342 19200300 100 1 43 */
+     102,    /* OBJ_uniqueIdentifier             0 9 2342 19200300 100 1 44 */
+     491,    /* OBJ_organizationalStatus         0 9 2342 19200300 100 1 45 */
+     492,    /* OBJ_janetMailbox                 0 9 2342 19200300 100 1 46 */
+     493,    /* OBJ_mailPreferenceOption         0 9 2342 19200300 100 1 47 */
+     494,    /* OBJ_buildingName                 0 9 2342 19200300 100 1 48 */
+     495,    /* OBJ_dSAQuality                   0 9 2342 19200300 100 1 49 */
+     496,    /* OBJ_singleLevelQuality           0 9 2342 19200300 100 1 50 */
+     497,    /* OBJ_subtreeMinimumQuality        0 9 2342 19200300 100 1 51 */
+     498,    /* OBJ_subtreeMaximumQuality        0 9 2342 19200300 100 1 52 */
+     499,    /* OBJ_personalSignature            0 9 2342 19200300 100 1 53 */
+     500,    /* OBJ_dITRedirect                  0 9 2342 19200300 100 1 54 */
+     501,    /* OBJ_audio                        0 9 2342 19200300 100 1 55 */
+     502,    /* OBJ_documentPublisher            0 9 2342 19200300 100 1 56 */
+     442,    /* OBJ_iA5StringSyntax              0 9 2342 19200300 100 3 4 */
+     443,    /* OBJ_caseIgnoreIA5StringSyntax    0 9 2342 19200300 100 3 5 */
+     444,    /* OBJ_pilotObject                  0 9 2342 19200300 100 4 3 */
+     445,    /* OBJ_pilotPerson                  0 9 2342 19200300 100 4 4 */
+     446,    /* OBJ_account                      0 9 2342 19200300 100 4 5 */
+     447,    /* OBJ_document                     0 9 2342 19200300 100 4 6 */
+     448,    /* OBJ_room                         0 9 2342 19200300 100 4 7 */
+     449,    /* OBJ_documentSeries               0 9 2342 19200300 100 4 9 */
+     392,    /* OBJ_Domain                       0 9 2342 19200300 100 4 13 */
+     450,    /* OBJ_rFC822localPart              0 9 2342 19200300 100 4 14 */
+     451,    /* OBJ_dNSDomain                    0 9 2342 19200300 100 4 15 */
+     452,    /* OBJ_domainRelatedObject          0 9 2342 19200300 100 4 17 */
+     453,    /* OBJ_friendlyCountry              0 9 2342 19200300 100 4 18 */
+     454,    /* OBJ_simpleSecurityObject         0 9 2342 19200300 100 4 19 */
+     455,    /* OBJ_pilotOrganization            0 9 2342 19200300 100 4 20 */
+     456,    /* OBJ_pilotDSA                     0 9 2342 19200300 100 4 21 */
+     457,    /* OBJ_qualityLabelledData          0 9 2342 19200300 100 4 22 */
+    1152,    /* OBJ_dstu28147                    1 2 804 2 1 1 1 1 1 1 */
+    1156,    /* OBJ_hmacWithDstu34311            1 2 804 2 1 1 1 1 1 2 */
+    1157,    /* OBJ_dstu34311                    1 2 804 2 1 1 1 1 2 1 */
+     189,    /* OBJ_id_smime_mod                 1 2 840 113549 1 9 16 0 */
+     190,    /* OBJ_id_smime_ct                  1 2 840 113549 1 9 16 1 */
+     191,    /* OBJ_id_smime_aa                  1 2 840 113549 1 9 16 2 */
+     192,    /* OBJ_id_smime_alg                 1 2 840 113549 1 9 16 3 */
+     193,    /* OBJ_id_smime_cd                  1 2 840 113549 1 9 16 4 */
+     194,    /* OBJ_id_smime_spq                 1 2 840 113549 1 9 16 5 */
+     195,    /* OBJ_id_smime_cti                 1 2 840 113549 1 9 16 6 */
+     158,    /* OBJ_x509Certificate              1 2 840 113549 1 9 22 1 */
+     159,    /* OBJ_sdsiCertificate              1 2 840 113549 1 9 22 2 */
+     160,    /* OBJ_x509Crl                      1 2 840 113549 1 9 23 1 */
+     144,    /* OBJ_pbe_WithSHA1And128BitRC4     1 2 840 113549 1 12 1 1 */
+     145,    /* OBJ_pbe_WithSHA1And40BitRC4      1 2 840 113549 1 12 1 2 */
+     146,    /* OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC 1 2 840 113549 1 12 1 3 */
+     147,    /* OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC 1 2 840 113549 1 12 1 4 */
+     148,    /* OBJ_pbe_WithSHA1And128BitRC2_CBC 1 2 840 113549 1 12 1 5 */
+     149,    /* OBJ_pbe_WithSHA1And40BitRC2_CBC  1 2 840 113549 1 12 1 6 */
+     171,    /* OBJ_ms_ext_req                   1 3 6 1 4 1 311 2 1 14 */
+     134,    /* OBJ_ms_code_ind                  1 3 6 1 4 1 311 2 1 21 */
+     135,    /* OBJ_ms_code_com                  1 3 6 1 4 1 311 2 1 22 */
+     136,    /* OBJ_ms_ctl_sign                  1 3 6 1 4 1 311 10 3 1 */
+     137,    /* OBJ_ms_sgc                       1 3 6 1 4 1 311 10 3 3 */
+     138,    /* OBJ_ms_efs                       1 3 6 1 4 1 311 10 3 4 */
+     648,    /* OBJ_ms_smartcard_login           1 3 6 1 4 1 311 20 2 2 */
+     649,    /* OBJ_ms_upn                       1 3 6 1 4 1 311 20 2 3 */
+     951,    /* OBJ_ct_precert_scts              1 3 6 1 4 1 11129 2 4 2 */
+     952,    /* OBJ_ct_precert_poison            1 3 6 1 4 1 11129 2 4 3 */
+     953,    /* OBJ_ct_precert_signer            1 3 6 1 4 1 11129 2 4 4 */
+     954,    /* OBJ_ct_cert_scts                 1 3 6 1 4 1 11129 2 4 5 */
+     751,    /* OBJ_camellia_128_cbc             1 2 392 200011 61 1 1 1 2 */
+     752,    /* OBJ_camellia_192_cbc             1 2 392 200011 61 1 1 1 3 */
+     753,    /* OBJ_camellia_256_cbc             1 2 392 200011 61 1 1 1 4 */
+     907,    /* OBJ_id_camellia128_wrap          1 2 392 200011 61 1 1 3 2 */
+     908,    /* OBJ_id_camellia192_wrap          1 2 392 200011 61 1 1 3 3 */
+     909,    /* OBJ_id_camellia256_wrap          1 2 392 200011 61 1 1 3 4 */
+    1153,    /* OBJ_dstu28147_ofb                1 2 804 2 1 1 1 1 1 1 2 */
+    1154,    /* OBJ_dstu28147_cfb                1 2 804 2 1 1 1 1 1 1 3 */
+    1155,    /* OBJ_dstu28147_wrap               1 2 804 2 1 1 1 1 1 1 5 */
+    1158,    /* OBJ_dstu4145le                   1 2 804 2 1 1 1 1 3 1 1 */
+     196,    /* OBJ_id_smime_mod_cms             1 2 840 113549 1 9 16 0 1 */
+     197,    /* OBJ_id_smime_mod_ess             1 2 840 113549 1 9 16 0 2 */
+     198,    /* OBJ_id_smime_mod_oid             1 2 840 113549 1 9 16 0 3 */
+     199,    /* OBJ_id_smime_mod_msg_v3          1 2 840 113549 1 9 16 0 4 */
+     200,    /* OBJ_id_smime_mod_ets_eSignature_88 1 2 840 113549 1 9 16 0 5 */
+     201,    /* OBJ_id_smime_mod_ets_eSignature_97 1 2 840 113549 1 9 16 0 6 */
+     202,    /* OBJ_id_smime_mod_ets_eSigPolicy_88 1 2 840 113549 1 9 16 0 7 */
+     203,    /* OBJ_id_smime_mod_ets_eSigPolicy_97 1 2 840 113549 1 9 16 0 8 */
+     204,    /* OBJ_id_smime_ct_receipt          1 2 840 113549 1 9 16 1 1 */
+     205,    /* OBJ_id_smime_ct_authData         1 2 840 113549 1 9 16 1 2 */
+     206,    /* OBJ_id_smime_ct_publishCert      1 2 840 113549 1 9 16 1 3 */
+     207,    /* OBJ_id_smime_ct_TSTInfo          1 2 840 113549 1 9 16 1 4 */
+     208,    /* OBJ_id_smime_ct_TDTInfo          1 2 840 113549 1 9 16 1 5 */
+     209,    /* OBJ_id_smime_ct_contentInfo      1 2 840 113549 1 9 16 1 6 */
+     210,    /* OBJ_id_smime_ct_DVCSRequestData  1 2 840 113549 1 9 16 1 7 */
+     211,    /* OBJ_id_smime_ct_DVCSResponseData 1 2 840 113549 1 9 16 1 8 */
+     786,    /* OBJ_id_smime_ct_compressedData   1 2 840 113549 1 9 16 1 9 */
+    1058,    /* OBJ_id_smime_ct_contentCollection 1 2 840 113549 1 9 16 1 19 */
+    1059,    /* OBJ_id_smime_ct_authEnvelopedData 1 2 840 113549 1 9 16 1 23 */
+     787,    /* OBJ_id_ct_asciiTextWithCRLF      1 2 840 113549 1 9 16 1 27 */
+    1060,    /* OBJ_id_ct_xml                    1 2 840 113549 1 9 16 1 28 */
+     212,    /* OBJ_id_smime_aa_receiptRequest   1 2 840 113549 1 9 16 2 1 */
+     213,    /* OBJ_id_smime_aa_securityLabel    1 2 840 113549 1 9 16 2 2 */
+     214,    /* OBJ_id_smime_aa_mlExpandHistory  1 2 840 113549 1 9 16 2 3 */
+     215,    /* OBJ_id_smime_aa_contentHint      1 2 840 113549 1 9 16 2 4 */
+     216,    /* OBJ_id_smime_aa_msgSigDigest     1 2 840 113549 1 9 16 2 5 */
+     217,    /* OBJ_id_smime_aa_encapContentType 1 2 840 113549 1 9 16 2 6 */
+     218,    /* OBJ_id_smime_aa_contentIdentifier 1 2 840 113549 1 9 16 2 7 */
+     219,    /* OBJ_id_smime_aa_macValue         1 2 840 113549 1 9 16 2 8 */
+     220,    /* OBJ_id_smime_aa_equivalentLabels 1 2 840 113549 1 9 16 2 9 */
+     221,    /* OBJ_id_smime_aa_contentReference 1 2 840 113549 1 9 16 2 10 */
+     222,    /* OBJ_id_smime_aa_encrypKeyPref    1 2 840 113549 1 9 16 2 11 */
+     223,    /* OBJ_id_smime_aa_signingCertificate 1 2 840 113549 1 9 16 2 12 */
+     224,    /* OBJ_id_smime_aa_smimeEncryptCerts 1 2 840 113549 1 9 16 2 13 */
+     225,    /* OBJ_id_smime_aa_timeStampToken   1 2 840 113549 1 9 16 2 14 */
+     226,    /* OBJ_id_smime_aa_ets_sigPolicyId  1 2 840 113549 1 9 16 2 15 */
+     227,    /* OBJ_id_smime_aa_ets_commitmentType 1 2 840 113549 1 9 16 2 16 */
+     228,    /* OBJ_id_smime_aa_ets_signerLocation 1 2 840 113549 1 9 16 2 17 */
+     229,    /* OBJ_id_smime_aa_ets_signerAttr   1 2 840 113549 1 9 16 2 18 */
+     230,    /* OBJ_id_smime_aa_ets_otherSigCert 1 2 840 113549 1 9 16 2 19 */
+     231,    /* OBJ_id_smime_aa_ets_contentTimestamp 1 2 840 113549 1 9 16 2 20 */
+     232,    /* OBJ_id_smime_aa_ets_CertificateRefs 1 2 840 113549 1 9 16 2 21 */
+     233,    /* OBJ_id_smime_aa_ets_RevocationRefs 1 2 840 113549 1 9 16 2 22 */
+     234,    /* OBJ_id_smime_aa_ets_certValues   1 2 840 113549 1 9 16 2 23 */
+     235,    /* OBJ_id_smime_aa_ets_revocationValues 1 2 840 113549 1 9 16 2 24 */
+     236,    /* OBJ_id_smime_aa_ets_escTimeStamp 1 2 840 113549 1 9 16 2 25 */
+     237,    /* OBJ_id_smime_aa_ets_certCRLTimestamp 1 2 840 113549 1 9 16 2 26 */
+     238,    /* OBJ_id_smime_aa_ets_archiveTimeStamp 1 2 840 113549 1 9 16 2 27 */
+     239,    /* OBJ_id_smime_aa_signatureType    1 2 840 113549 1 9 16 2 28 */
+     240,    /* OBJ_id_smime_aa_dvcs_dvc         1 2 840 113549 1 9 16 2 29 */
+    1086,    /* OBJ_id_smime_aa_signingCertificateV2 1 2 840 113549 1 9 16 2 47 */
+     241,    /* OBJ_id_smime_alg_ESDHwith3DES    1 2 840 113549 1 9 16 3 1 */
+     242,    /* OBJ_id_smime_alg_ESDHwithRC2     1 2 840 113549 1 9 16 3 2 */
+     243,    /* OBJ_id_smime_alg_3DESwrap        1 2 840 113549 1 9 16 3 3 */
+     244,    /* OBJ_id_smime_alg_RC2wrap         1 2 840 113549 1 9 16 3 4 */
+     245,    /* OBJ_id_smime_alg_ESDH            1 2 840 113549 1 9 16 3 5 */
+     246,    /* OBJ_id_smime_alg_CMS3DESwrap     1 2 840 113549 1 9 16 3 6 */
+     247,    /* OBJ_id_smime_alg_CMSRC2wrap      1 2 840 113549 1 9 16 3 7 */
+     125,    /* OBJ_zlib_compression             1 2 840 113549 1 9 16 3 8 */
+     893,    /* OBJ_id_alg_PWRI_KEK              1 2 840 113549 1 9 16 3 9 */
+     248,    /* OBJ_id_smime_cd_ldap             1 2 840 113549 1 9 16 4 1 */
+     249,    /* OBJ_id_smime_spq_ets_sqt_uri     1 2 840 113549 1 9 16 5 1 */
+     250,    /* OBJ_id_smime_spq_ets_sqt_unotice 1 2 840 113549 1 9 16 5 2 */
+     251,    /* OBJ_id_smime_cti_ets_proofOfOrigin 1 2 840 113549 1 9 16 6 1 */
+     252,    /* OBJ_id_smime_cti_ets_proofOfReceipt 1 2 840 113549 1 9 16 6 2 */
+     253,    /* OBJ_id_smime_cti_ets_proofOfDelivery 1 2 840 113549 1 9 16 6 3 */
+     254,    /* OBJ_id_smime_cti_ets_proofOfSender 1 2 840 113549 1 9 16 6 4 */
+     255,    /* OBJ_id_smime_cti_ets_proofOfApproval 1 2 840 113549 1 9 16 6 5 */
+     256,    /* OBJ_id_smime_cti_ets_proofOfCreation 1 2 840 113549 1 9 16 6 6 */
+     150,    /* OBJ_keyBag                       1 2 840 113549 1 12 10 1 1 */
+     151,    /* OBJ_pkcs8ShroudedKeyBag          1 2 840 113549 1 12 10 1 2 */
+     152,    /* OBJ_certBag                      1 2 840 113549 1 12 10 1 3 */
+     153,    /* OBJ_crlBag                       1 2 840 113549 1 12 10 1 4 */
+     154,    /* OBJ_secretBag                    1 2 840 113549 1 12 10 1 5 */
+     155,    /* OBJ_safeContentsBag              1 2 840 113549 1 12 10 1 6 */
+      34,    /* OBJ_idea_cbc                     1 3 6 1 4 1 188 7 1 1 2 */
+     955,    /* OBJ_jurisdictionLocalityName     1 3 6 1 4 1 311 60 2 1 1 */
+     956,    /* OBJ_jurisdictionStateOrProvinceName 1 3 6 1 4 1 311 60 2 1 2 */
+     957,    /* OBJ_jurisdictionCountryName      1 3 6 1 4 1 311 60 2 1 3 */
+    1056,    /* OBJ_blake2b512                   1 3 6 1 4 1 1722 12 2 1 16 */
+    1057,    /* OBJ_blake2s256                   1 3 6 1 4 1 1722 12 2 2 8 */
+    1159,    /* OBJ_dstu4145be                   1 2 804 2 1 1 1 1 3 1 1 1 1 */
+    1160,    /* OBJ_uacurve0                     1 2 804 2 1 1 1 1 3 1 1 2 0 */
+    1161,    /* OBJ_uacurve1                     1 2 804 2 1 1 1 1 3 1 1 2 1 */
+    1162,    /* OBJ_uacurve2                     1 2 804 2 1 1 1 1 3 1 1 2 2 */
+    1163,    /* OBJ_uacurve3                     1 2 804 2 1 1 1 1 3 1 1 2 3 */
+    1164,    /* OBJ_uacurve4                     1 2 804 2 1 1 1 1 3 1 1 2 4 */
+    1165,    /* OBJ_uacurve5                     1 2 804 2 1 1 1 1 3 1 1 2 5 */
+    1166,    /* OBJ_uacurve6                     1 2 804 2 1 1 1 1 3 1 1 2 6 */
+    1167,    /* OBJ_uacurve7                     1 2 804 2 1 1 1 1 3 1 1 2 7 */
+    1168,    /* OBJ_uacurve8                     1 2 804 2 1 1 1 1 3 1 1 2 8 */
+    1169,    /* OBJ_uacurve9                     1 2 804 2 1 1 1 1 3 1 1 2 9 */
 };
-
diff --git a/freebsd/crypto/openssl/crypto/objects/obj_err.c b/freebsd/crypto/openssl/crypto/objects/obj_err.c
index 0ba26657..21ed7d1f 100644
--- a/freebsd/crypto/openssl/crypto/objects/obj_err.c
+++ b/freebsd/crypto/openssl/crypto/objects/obj_err.c
@@ -1,102 +1,48 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/objects/obj_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
 /*
- * NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
-#include <openssl/objects.h>
+#include <openssl/objectserr.h>
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_OBJ,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_OBJ,0,reason)
-
-static ERR_STRING_DATA OBJ_str_functs[] = {
-    {ERR_FUNC(OBJ_F_OBJ_ADD_OBJECT), "OBJ_add_object"},
-    {ERR_FUNC(OBJ_F_OBJ_CREATE), "OBJ_create"},
-    {ERR_FUNC(OBJ_F_OBJ_DUP), "OBJ_dup"},
-    {ERR_FUNC(OBJ_F_OBJ_NAME_NEW_INDEX), "OBJ_NAME_new_index"},
-    {ERR_FUNC(OBJ_F_OBJ_NID2LN), "OBJ_nid2ln"},
-    {ERR_FUNC(OBJ_F_OBJ_NID2OBJ), "OBJ_nid2obj"},
-    {ERR_FUNC(OBJ_F_OBJ_NID2SN), "OBJ_nid2sn"},
+static const ERR_STRING_DATA OBJ_str_functs[] = {
+    {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_ADD_OBJECT, 0), "OBJ_add_object"},
+    {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_ADD_SIGID, 0), "OBJ_add_sigid"},
+    {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_CREATE, 0), "OBJ_create"},
+    {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_DUP, 0), "OBJ_dup"},
+    {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_NAME_NEW_INDEX, 0), "OBJ_NAME_new_index"},
+    {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_NID2LN, 0), "OBJ_nid2ln"},
+    {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_NID2OBJ, 0), "OBJ_nid2obj"},
+    {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_NID2SN, 0), "OBJ_nid2sn"},
+    {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_TXT2OBJ, 0), "OBJ_txt2obj"},
     {0, NULL}
 };
 
-static ERR_STRING_DATA OBJ_str_reasons[] = {
-    {ERR_REASON(OBJ_R_MALLOC_FAILURE), "malloc failure"},
-    {ERR_REASON(OBJ_R_UNKNOWN_NID), "unknown nid"},
+static const ERR_STRING_DATA OBJ_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_OBJ, 0, OBJ_R_OID_EXISTS), "oid exists"},
+    {ERR_PACK(ERR_LIB_OBJ, 0, OBJ_R_UNKNOWN_NID), "unknown nid"},
     {0, NULL}
 };
 
 #endif
 
-void ERR_load_OBJ_strings(void)
+int ERR_load_OBJ_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
-
     if (ERR_func_error_string(OBJ_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, OBJ_str_functs);
-        ERR_load_strings(0, OBJ_str_reasons);
+        ERR_load_strings_const(OBJ_str_functs);
+        ERR_load_strings_const(OBJ_str_reasons);
     }
 #endif
+    return 1;
 }
diff --git a/freebsd/crypto/openssl/crypto/objects/obj_lcl.h b/freebsd/crypto/openssl/crypto/objects/obj_lcl.h
new file mode 100644
index 00000000..a417f7c4
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/objects/obj_lcl.h
@@ -0,0 +1,14 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+typedef struct name_funcs_st NAME_FUNCS;
+DEFINE_STACK_OF(NAME_FUNCS)
+DEFINE_LHASH_OF(OBJ_NAME);
+typedef struct added_obj_st ADDED_OBJ;
+DEFINE_LHASH_OF(ADDED_OBJ);
diff --git a/freebsd/crypto/openssl/crypto/objects/obj_lib.c b/freebsd/crypto/openssl/crypto/objects/obj_lib.c
index ab93e5ff..9de7df31 100644
--- a/freebsd/crypto/openssl/crypto/objects/obj_lib.c
+++ b/freebsd/crypto/openssl/crypto/objects/obj_lib.c
@@ -1,129 +1,59 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/objects/obj_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/lhash.h>
+#include "internal/cryptlib.h"
 #include <openssl/objects.h>
 #include <openssl/buffer.h>
+#include "internal/asn1_int.h"
 
 ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o)
 {
     ASN1_OBJECT *r;
-    int i;
-    char *ln = NULL, *sn = NULL;
-    unsigned char *data = NULL;
 
     if (o == NULL)
-        return (NULL);
+        return NULL;
+    /* If object isn't dynamic it's an internal OID which is never freed */
     if (!(o->flags & ASN1_OBJECT_FLAG_DYNAMIC))
-        return ((ASN1_OBJECT *)o); /* XXX: ugh! Why? What kind of duplication
-                                    * is this??? */
+        return (ASN1_OBJECT *)o;
 
     r = ASN1_OBJECT_new();
     if (r == NULL) {
         OBJerr(OBJ_F_OBJ_DUP, ERR_R_ASN1_LIB);
-        return (NULL);
-    }
-    data = OPENSSL_malloc(o->length);
-    if (data == NULL)
-        goto err;
-    if (o->data != NULL)
-        memcpy(data, o->data, o->length);
-    /* once data attached to object it remains const */
-    r->data = data;
-    r->length = o->length;
-    r->nid = o->nid;
-    r->ln = r->sn = NULL;
-    if (o->ln != NULL) {
-        i = strlen(o->ln) + 1;
-        ln = OPENSSL_malloc(i);
-        if (ln == NULL)
-            goto err;
-        memcpy(ln, o->ln, i);
-        r->ln = ln;
+        return NULL;
     }
 
-    if (o->sn != NULL) {
-        i = strlen(o->sn) + 1;
-        sn = OPENSSL_malloc(i);
-        if (sn == NULL)
-            goto err;
-        memcpy(sn, o->sn, i);
-        r->sn = sn;
-    }
+    /* Set dynamic flags so everything gets freed up on error */
+
     r->flags = o->flags | (ASN1_OBJECT_FLAG_DYNAMIC |
                            ASN1_OBJECT_FLAG_DYNAMIC_STRINGS |
                            ASN1_OBJECT_FLAG_DYNAMIC_DATA);
-    return (r);
+
+    if (o->length > 0 && (r->data = OPENSSL_memdup(o->data, o->length)) == NULL)
+        goto err;
+
+    r->length = o->length;
+    r->nid = o->nid;
+
+    if (o->ln != NULL && (r->ln = OPENSSL_strdup(o->ln)) == NULL)
+        goto err;
+
+    if (o->sn != NULL && (r->sn = OPENSSL_strdup(o->sn)) == NULL)
+        goto err;
+
+    return r;
  err:
+    ASN1_OBJECT_free(r);
     OBJerr(OBJ_F_OBJ_DUP, ERR_R_MALLOC_FAILURE);
-    if (ln != NULL)
-        OPENSSL_free(ln);
-    if (sn != NULL)
-        OPENSSL_free(sn);
-    if (data != NULL)
-        OPENSSL_free(data);
-    if (r != NULL)
-        OPENSSL_free(r);
-    return (NULL);
+    return NULL;
 }
 
 int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b)
@@ -132,6 +62,6 @@ int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b)
 
     ret = (a->length - b->length);
     if (ret)
-        return (ret);
-    return (memcmp(a->data, b->data, a->length));
+        return ret;
+    return memcmp(a->data, b->data, a->length);
 }
diff --git a/freebsd/crypto/openssl/crypto/objects/obj_xref.c b/freebsd/crypto/openssl/crypto/objects/obj_xref.c
index f416e6f2..5f387347 100644
--- a/freebsd/crypto/openssl/crypto/objects/obj_xref.c
+++ b/freebsd/crypto/openssl/crypto/objects/obj_xref.c
@@ -1,69 +1,20 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/objects/obj_xref.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2006.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/objects.h>
 #include "obj_xref.h"
+#include "internal/nelem.h"
+#include <openssl/err.h>
 
-DECLARE_STACK_OF(nid_triple)
-STACK_OF(nid_triple) *sig_app, *sigx_app;
+static STACK_OF(nid_triple) *sig_app, *sigx_app;
 
 static int sig_cmp(const nid_triple *a, const nid_triple *b)
 {
@@ -97,15 +48,13 @@ int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid)
     const nid_triple *rv = NULL;
     tmp.sign_id = signid;
 
-    if (sig_app) {
+    if (sig_app != NULL) {
         int idx = sk_nid_triple_find(sig_app, &tmp);
-        if (idx >= 0)
-            rv = sk_nid_triple_value(sig_app, idx);
+        rv = sk_nid_triple_value(sig_app, idx);
     }
 #ifndef OBJ_XREF_TEST2
     if (rv == NULL) {
-        rv = OBJ_bsearch_sig(&tmp, sigoid_srt,
-                             sizeof(sigoid_srt) / sizeof(nid_triple));
+        rv = OBJ_bsearch_sig(&tmp, sigoid_srt, OSSL_NELEM(sigoid_srt));
     }
 #endif
     if (rv == NULL)
@@ -135,9 +84,7 @@ int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid)
     }
 #ifndef OBJ_XREF_TEST2
     if (rv == NULL) {
-        rv = OBJ_bsearch_sigx(&t, sigoid_srt_xref,
-                              sizeof(sigoid_srt_xref) / sizeof(nid_triple *)
-            );
+        rv = OBJ_bsearch_sigx(&t, sigoid_srt_xref, OSSL_NELEM(sigoid_srt_xref));
     }
 #endif
     if (rv == NULL)
@@ -150,17 +97,18 @@ int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid)
 int OBJ_add_sigid(int signid, int dig_id, int pkey_id)
 {
     nid_triple *ntr;
-    if (!sig_app)
+    if (sig_app == NULL)
         sig_app = sk_nid_triple_new(sig_sk_cmp);
-    if (!sig_app)
+    if (sig_app == NULL)
         return 0;
-    if (!sigx_app)
+    if (sigx_app == NULL)
         sigx_app = sk_nid_triple_new(sigx_cmp);
-    if (!sigx_app)
+    if (sigx_app == NULL)
         return 0;
-    ntr = OPENSSL_malloc(sizeof(int) * 3);
-    if (!ntr)
+    if ((ntr = OPENSSL_malloc(sizeof(*ntr))) == NULL) {
+        OBJerr(OBJ_F_OBJ_ADD_SIGID, ERR_R_MALLOC_FAILURE);
         return 0;
+    }
     ntr->sign_id = signid;
     ntr->hash_id = dig_id;
     ntr->pkey_id = pkey_id;
@@ -186,39 +134,8 @@ static void sid_free(nid_triple *tt)
 
 void OBJ_sigid_free(void)
 {
-    if (sig_app) {
-        sk_nid_triple_pop_free(sig_app, sid_free);
-        sig_app = NULL;
-    }
-    if (sigx_app) {
-        sk_nid_triple_free(sigx_app);
-        sigx_app = NULL;
-    }
+    sk_nid_triple_pop_free(sig_app, sid_free);
+    sig_app = NULL;
+    sk_nid_triple_free(sigx_app);
+    sigx_app = NULL;
 }
-
-#ifdef OBJ_XREF_TEST
-
-main()
-{
-    int n1, n2, n3;
-
-    int i, rv;
-# ifdef OBJ_XREF_TEST2
-    for (i = 0; i < sizeof(sigoid_srt) / sizeof(nid_triple); i++) {
-        OBJ_add_sigid(sigoid_srt[i][0], sigoid_srt[i][1], sigoid_srt[i][2]);
-    }
-# endif
-
-    for (i = 0; i < sizeof(sigoid_srt) / sizeof(nid_triple); i++) {
-        n1 = sigoid_srt[i][0];
-        rv = OBJ_find_sigid_algs(n1, &n2, &n3);
-        printf("Forward: %d, %s %s %s\n", rv,
-               OBJ_nid2ln(n1), OBJ_nid2ln(n2), OBJ_nid2ln(n3));
-        n1 = 0;
-        rv = OBJ_find_sigid_by_algs(&n1, n2, n3);
-        printf("Reverse: %d, %s %s %s\n", rv,
-               OBJ_nid2ln(n1), OBJ_nid2ln(n2), OBJ_nid2ln(n3));
-    }
-}
-
-#endif
diff --git a/freebsd/crypto/openssl/crypto/objects/obj_xref.h b/freebsd/crypto/openssl/crypto/objects/obj_xref.h
index e453e99f..9606e57d 100644
--- a/freebsd/crypto/openssl/crypto/objects/obj_xref.h
+++ b/freebsd/crypto/openssl/crypto/objects/obj_xref.h
@@ -1,4 +1,15 @@
-/* AUTOGENERATED BY objxref.pl, DO NOT EDIT */
+/*
+ * WARNING: do not edit!
+ * Generated by objxref.pl
+ *
+ * Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
 
 typedef struct {
     int sign_id;
@@ -6,6 +17,8 @@ typedef struct {
     int pkey_id;
 } nid_triple;
 
+DEFINE_STACK_OF(nid_triple)
+
 static const nid_triple sigoid_srt[] = {
     {NID_md2WithRSAEncryption, NID_md2, NID_rsaEncryption},
     {NID_md5WithRSAEncryption, NID_md5, NID_rsaEncryption},
@@ -56,6 +69,16 @@ static const nid_triple sigoid_srt[] = {
      NID_dh_cofactor_kdf},
     {NID_dhSinglePass_cofactorDH_sha512kdf_scheme, NID_sha512,
      NID_dh_cofactor_kdf},
+    {NID_id_tc26_signwithdigest_gost3410_2012_256, NID_id_GostR3411_2012_256,
+     NID_id_GostR3410_2012_256},
+    {NID_id_tc26_signwithdigest_gost3410_2012_512, NID_id_GostR3411_2012_512,
+     NID_id_GostR3410_2012_512},
+    {NID_ED25519, NID_undef, NID_ED25519},
+    {NID_ED448, NID_undef, NID_ED448},
+    {NID_RSA_SHA3_224, NID_sha3_224, NID_rsaEncryption},
+    {NID_RSA_SHA3_256, NID_sha3_256, NID_rsaEncryption},
+    {NID_RSA_SHA3_384, NID_sha3_384, NID_rsaEncryption},
+    {NID_RSA_SHA3_512, NID_sha3_512, NID_rsaEncryption},
 };
 
 static const nid_triple *const sigoid_srt_xref[] = {
@@ -96,4 +119,10 @@ static const nid_triple *const sigoid_srt_xref[] = {
     &sigoid_srt[26],
     &sigoid_srt[27],
     &sigoid_srt[28],
+    &sigoid_srt[40],
+    &sigoid_srt[41],
+    &sigoid_srt[44],
+    &sigoid_srt[45],
+    &sigoid_srt[46],
+    &sigoid_srt[47],
 };
diff --git a/freebsd/crypto/openssl/crypto/objects/objects.h b/freebsd/crypto/openssl/crypto/objects/objects.h
deleted file mode 100644
index b8dafa89..00000000
--- a/freebsd/crypto/openssl/crypto/objects/objects.h
+++ /dev/null
@@ -1,1143 +0,0 @@
-/* crypto/objects/objects.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_OBJECTS_H
-# define HEADER_OBJECTS_H
-
-# define USE_OBJ_MAC
-
-# ifdef USE_OBJ_MAC
-#  include <openssl/obj_mac.h>
-# else
-#  define SN_undef                        "UNDEF"
-#  define LN_undef                        "undefined"
-#  define NID_undef                       0
-#  define OBJ_undef                       0L
-
-#  define SN_Algorithm                    "Algorithm"
-#  define LN_algorithm                    "algorithm"
-#  define NID_algorithm                   38
-#  define OBJ_algorithm                   1L,3L,14L,3L,2L
-
-#  define LN_rsadsi                       "rsadsi"
-#  define NID_rsadsi                      1
-#  define OBJ_rsadsi                      1L,2L,840L,113549L
-
-#  define LN_pkcs                         "pkcs"
-#  define NID_pkcs                        2
-#  define OBJ_pkcs                        OBJ_rsadsi,1L
-
-#  define SN_md2                          "MD2"
-#  define LN_md2                          "md2"
-#  define NID_md2                         3
-#  define OBJ_md2                         OBJ_rsadsi,2L,2L
-
-#  define SN_md5                          "MD5"
-#  define LN_md5                          "md5"
-#  define NID_md5                         4
-#  define OBJ_md5                         OBJ_rsadsi,2L,5L
-
-#  define SN_rc4                          "RC4"
-#  define LN_rc4                          "rc4"
-#  define NID_rc4                         5
-#  define OBJ_rc4                         OBJ_rsadsi,3L,4L
-
-#  define LN_rsaEncryption                "rsaEncryption"
-#  define NID_rsaEncryption               6
-#  define OBJ_rsaEncryption               OBJ_pkcs,1L,1L
-
-#  define SN_md2WithRSAEncryption         "RSA-MD2"
-#  define LN_md2WithRSAEncryption         "md2WithRSAEncryption"
-#  define NID_md2WithRSAEncryption        7
-#  define OBJ_md2WithRSAEncryption        OBJ_pkcs,1L,2L
-
-#  define SN_md5WithRSAEncryption         "RSA-MD5"
-#  define LN_md5WithRSAEncryption         "md5WithRSAEncryption"
-#  define NID_md5WithRSAEncryption        8
-#  define OBJ_md5WithRSAEncryption        OBJ_pkcs,1L,4L
-
-#  define SN_pbeWithMD2AndDES_CBC         "PBE-MD2-DES"
-#  define LN_pbeWithMD2AndDES_CBC         "pbeWithMD2AndDES-CBC"
-#  define NID_pbeWithMD2AndDES_CBC        9
-#  define OBJ_pbeWithMD2AndDES_CBC        OBJ_pkcs,5L,1L
-
-#  define SN_pbeWithMD5AndDES_CBC         "PBE-MD5-DES"
-#  define LN_pbeWithMD5AndDES_CBC         "pbeWithMD5AndDES-CBC"
-#  define NID_pbeWithMD5AndDES_CBC        10
-#  define OBJ_pbeWithMD5AndDES_CBC        OBJ_pkcs,5L,3L
-
-#  define LN_X500                         "X500"
-#  define NID_X500                        11
-#  define OBJ_X500                        2L,5L
-
-#  define LN_X509                         "X509"
-#  define NID_X509                        12
-#  define OBJ_X509                        OBJ_X500,4L
-
-#  define SN_commonName                   "CN"
-#  define LN_commonName                   "commonName"
-#  define NID_commonName                  13
-#  define OBJ_commonName                  OBJ_X509,3L
-
-#  define SN_countryName                  "C"
-#  define LN_countryName                  "countryName"
-#  define NID_countryName                 14
-#  define OBJ_countryName                 OBJ_X509,6L
-
-#  define SN_localityName                 "L"
-#  define LN_localityName                 "localityName"
-#  define NID_localityName                15
-#  define OBJ_localityName                OBJ_X509,7L
-
-/* Postal Address? PA */
-
-/* should be "ST" (rfc1327) but MS uses 'S' */
-#  define SN_stateOrProvinceName          "ST"
-#  define LN_stateOrProvinceName          "stateOrProvinceName"
-#  define NID_stateOrProvinceName         16
-#  define OBJ_stateOrProvinceName         OBJ_X509,8L
-
-#  define SN_organizationName             "O"
-#  define LN_organizationName             "organizationName"
-#  define NID_organizationName            17
-#  define OBJ_organizationName            OBJ_X509,10L
-
-#  define SN_organizationalUnitName       "OU"
-#  define LN_organizationalUnitName       "organizationalUnitName"
-#  define NID_organizationalUnitName      18
-#  define OBJ_organizationalUnitName      OBJ_X509,11L
-
-#  define SN_rsa                          "RSA"
-#  define LN_rsa                          "rsa"
-#  define NID_rsa                         19
-#  define OBJ_rsa                         OBJ_X500,8L,1L,1L
-
-#  define LN_pkcs7                        "pkcs7"
-#  define NID_pkcs7                       20
-#  define OBJ_pkcs7                       OBJ_pkcs,7L
-
-#  define LN_pkcs7_data                   "pkcs7-data"
-#  define NID_pkcs7_data                  21
-#  define OBJ_pkcs7_data                  OBJ_pkcs7,1L
-
-#  define LN_pkcs7_signed                 "pkcs7-signedData"
-#  define NID_pkcs7_signed                22
-#  define OBJ_pkcs7_signed                OBJ_pkcs7,2L
-
-#  define LN_pkcs7_enveloped              "pkcs7-envelopedData"
-#  define NID_pkcs7_enveloped             23
-#  define OBJ_pkcs7_enveloped             OBJ_pkcs7,3L
-
-#  define LN_pkcs7_signedAndEnveloped     "pkcs7-signedAndEnvelopedData"
-#  define NID_pkcs7_signedAndEnveloped    24
-#  define OBJ_pkcs7_signedAndEnveloped    OBJ_pkcs7,4L
-
-#  define LN_pkcs7_digest                 "pkcs7-digestData"
-#  define NID_pkcs7_digest                25
-#  define OBJ_pkcs7_digest                OBJ_pkcs7,5L
-
-#  define LN_pkcs7_encrypted              "pkcs7-encryptedData"
-#  define NID_pkcs7_encrypted             26
-#  define OBJ_pkcs7_encrypted             OBJ_pkcs7,6L
-
-#  define LN_pkcs3                        "pkcs3"
-#  define NID_pkcs3                       27
-#  define OBJ_pkcs3                       OBJ_pkcs,3L
-
-#  define LN_dhKeyAgreement               "dhKeyAgreement"
-#  define NID_dhKeyAgreement              28
-#  define OBJ_dhKeyAgreement              OBJ_pkcs3,1L
-
-#  define SN_des_ecb                      "DES-ECB"
-#  define LN_des_ecb                      "des-ecb"
-#  define NID_des_ecb                     29
-#  define OBJ_des_ecb                     OBJ_algorithm,6L
-
-#  define SN_des_cfb64                    "DES-CFB"
-#  define LN_des_cfb64                    "des-cfb"
-#  define NID_des_cfb64                   30
-/* IV + num */
-#  define OBJ_des_cfb64                   OBJ_algorithm,9L
-
-#  define SN_des_cbc                      "DES-CBC"
-#  define LN_des_cbc                      "des-cbc"
-#  define NID_des_cbc                     31
-/* IV */
-#  define OBJ_des_cbc                     OBJ_algorithm,7L
-
-#  define SN_des_ede                      "DES-EDE"
-#  define LN_des_ede                      "des-ede"
-#  define NID_des_ede                     32
-/* ?? */
-#  define OBJ_des_ede                     OBJ_algorithm,17L
-
-#  define SN_des_ede3                     "DES-EDE3"
-#  define LN_des_ede3                     "des-ede3"
-#  define NID_des_ede3                    33
-
-#  define SN_idea_cbc                     "IDEA-CBC"
-#  define LN_idea_cbc                     "idea-cbc"
-#  define NID_idea_cbc                    34
-#  define OBJ_idea_cbc                    1L,3L,6L,1L,4L,1L,188L,7L,1L,1L,2L
-
-#  define SN_idea_cfb64                   "IDEA-CFB"
-#  define LN_idea_cfb64                   "idea-cfb"
-#  define NID_idea_cfb64                  35
-
-#  define SN_idea_ecb                     "IDEA-ECB"
-#  define LN_idea_ecb                     "idea-ecb"
-#  define NID_idea_ecb                    36
-
-#  define SN_rc2_cbc                      "RC2-CBC"
-#  define LN_rc2_cbc                      "rc2-cbc"
-#  define NID_rc2_cbc                     37
-#  define OBJ_rc2_cbc                     OBJ_rsadsi,3L,2L
-
-#  define SN_rc2_ecb                      "RC2-ECB"
-#  define LN_rc2_ecb                      "rc2-ecb"
-#  define NID_rc2_ecb                     38
-
-#  define SN_rc2_cfb64                    "RC2-CFB"
-#  define LN_rc2_cfb64                    "rc2-cfb"
-#  define NID_rc2_cfb64                   39
-
-#  define SN_rc2_ofb64                    "RC2-OFB"
-#  define LN_rc2_ofb64                    "rc2-ofb"
-#  define NID_rc2_ofb64                   40
-
-#  define SN_sha                          "SHA"
-#  define LN_sha                          "sha"
-#  define NID_sha                         41
-#  define OBJ_sha                         OBJ_algorithm,18L
-
-#  define SN_shaWithRSAEncryption         "RSA-SHA"
-#  define LN_shaWithRSAEncryption         "shaWithRSAEncryption"
-#  define NID_shaWithRSAEncryption        42
-#  define OBJ_shaWithRSAEncryption        OBJ_algorithm,15L
-
-#  define SN_des_ede_cbc                  "DES-EDE-CBC"
-#  define LN_des_ede_cbc                  "des-ede-cbc"
-#  define NID_des_ede_cbc                 43
-
-#  define SN_des_ede3_cbc                 "DES-EDE3-CBC"
-#  define LN_des_ede3_cbc                 "des-ede3-cbc"
-#  define NID_des_ede3_cbc                44
-#  define OBJ_des_ede3_cbc                OBJ_rsadsi,3L,7L
-
-#  define SN_des_ofb64                    "DES-OFB"
-#  define LN_des_ofb64                    "des-ofb"
-#  define NID_des_ofb64                   45
-#  define OBJ_des_ofb64                   OBJ_algorithm,8L
-
-#  define SN_idea_ofb64                   "IDEA-OFB"
-#  define LN_idea_ofb64                   "idea-ofb"
-#  define NID_idea_ofb64                  46
-
-#  define LN_pkcs9                        "pkcs9"
-#  define NID_pkcs9                       47
-#  define OBJ_pkcs9                       OBJ_pkcs,9L
-
-#  define SN_pkcs9_emailAddress           "Email"
-#  define LN_pkcs9_emailAddress           "emailAddress"
-#  define NID_pkcs9_emailAddress          48
-#  define OBJ_pkcs9_emailAddress          OBJ_pkcs9,1L
-
-#  define LN_pkcs9_unstructuredName       "unstructuredName"
-#  define NID_pkcs9_unstructuredName      49
-#  define OBJ_pkcs9_unstructuredName      OBJ_pkcs9,2L
-
-#  define LN_pkcs9_contentType            "contentType"
-#  define NID_pkcs9_contentType           50
-#  define OBJ_pkcs9_contentType           OBJ_pkcs9,3L
-
-#  define LN_pkcs9_messageDigest          "messageDigest"
-#  define NID_pkcs9_messageDigest         51
-#  define OBJ_pkcs9_messageDigest         OBJ_pkcs9,4L
-
-#  define LN_pkcs9_signingTime            "signingTime"
-#  define NID_pkcs9_signingTime           52
-#  define OBJ_pkcs9_signingTime           OBJ_pkcs9,5L
-
-#  define LN_pkcs9_countersignature       "countersignature"
-#  define NID_pkcs9_countersignature      53
-#  define OBJ_pkcs9_countersignature      OBJ_pkcs9,6L
-
-#  define LN_pkcs9_challengePassword      "challengePassword"
-#  define NID_pkcs9_challengePassword     54
-#  define OBJ_pkcs9_challengePassword     OBJ_pkcs9,7L
-
-#  define LN_pkcs9_unstructuredAddress    "unstructuredAddress"
-#  define NID_pkcs9_unstructuredAddress   55
-#  define OBJ_pkcs9_unstructuredAddress   OBJ_pkcs9,8L
-
-#  define LN_pkcs9_extCertAttributes      "extendedCertificateAttributes"
-#  define NID_pkcs9_extCertAttributes     56
-#  define OBJ_pkcs9_extCertAttributes     OBJ_pkcs9,9L
-
-#  define SN_netscape                     "Netscape"
-#  define LN_netscape                     "Netscape Communications Corp."
-#  define NID_netscape                    57
-#  define OBJ_netscape                    2L,16L,840L,1L,113730L
-
-#  define SN_netscape_cert_extension      "nsCertExt"
-#  define LN_netscape_cert_extension      "Netscape Certificate Extension"
-#  define NID_netscape_cert_extension     58
-#  define OBJ_netscape_cert_extension     OBJ_netscape,1L
-
-#  define SN_netscape_data_type           "nsDataType"
-#  define LN_netscape_data_type           "Netscape Data Type"
-#  define NID_netscape_data_type          59
-#  define OBJ_netscape_data_type          OBJ_netscape,2L
-
-#  define SN_des_ede_cfb64                "DES-EDE-CFB"
-#  define LN_des_ede_cfb64                "des-ede-cfb"
-#  define NID_des_ede_cfb64               60
-
-#  define SN_des_ede3_cfb64               "DES-EDE3-CFB"
-#  define LN_des_ede3_cfb64               "des-ede3-cfb"
-#  define NID_des_ede3_cfb64              61
-
-#  define SN_des_ede_ofb64                "DES-EDE-OFB"
-#  define LN_des_ede_ofb64                "des-ede-ofb"
-#  define NID_des_ede_ofb64               62
-
-#  define SN_des_ede3_ofb64               "DES-EDE3-OFB"
-#  define LN_des_ede3_ofb64               "des-ede3-ofb"
-#  define NID_des_ede3_ofb64              63
-
-/* I'm not sure about the object ID */
-#  define SN_sha1                         "SHA1"
-#  define LN_sha1                         "sha1"
-#  define NID_sha1                        64
-#  define OBJ_sha1                        OBJ_algorithm,26L
-/* 28 Jun 1996 - eay */
-/* #define OBJ_sha1                     1L,3L,14L,2L,26L,05L <- wrong */
-
-#  define SN_sha1WithRSAEncryption        "RSA-SHA1"
-#  define LN_sha1WithRSAEncryption        "sha1WithRSAEncryption"
-#  define NID_sha1WithRSAEncryption       65
-#  define OBJ_sha1WithRSAEncryption       OBJ_pkcs,1L,5L
-
-#  define SN_dsaWithSHA                   "DSA-SHA"
-#  define LN_dsaWithSHA                   "dsaWithSHA"
-#  define NID_dsaWithSHA                  66
-#  define OBJ_dsaWithSHA                  OBJ_algorithm,13L
-
-#  define SN_dsa_2                        "DSA-old"
-#  define LN_dsa_2                        "dsaEncryption-old"
-#  define NID_dsa_2                       67
-#  define OBJ_dsa_2                       OBJ_algorithm,12L
-
-/* proposed by microsoft to RSA */
-#  define SN_pbeWithSHA1AndRC2_CBC        "PBE-SHA1-RC2-64"
-#  define LN_pbeWithSHA1AndRC2_CBC        "pbeWithSHA1AndRC2-CBC"
-#  define NID_pbeWithSHA1AndRC2_CBC       68
-#  define OBJ_pbeWithSHA1AndRC2_CBC       OBJ_pkcs,5L,11L
-
-/*
- * proposed by microsoft to RSA as pbeWithSHA1AndRC4: it is now defined
- * explicitly in PKCS#5 v2.0 as id-PBKDF2 which is something completely
- * different.
- */
-#  define LN_id_pbkdf2                    "PBKDF2"
-#  define NID_id_pbkdf2                   69
-#  define OBJ_id_pbkdf2                   OBJ_pkcs,5L,12L
-
-#  define SN_dsaWithSHA1_2                "DSA-SHA1-old"
-#  define LN_dsaWithSHA1_2                "dsaWithSHA1-old"
-#  define NID_dsaWithSHA1_2               70
-/* Got this one from 'sdn706r20.pdf' which is actually an NSA document :-) */
-#  define OBJ_dsaWithSHA1_2               OBJ_algorithm,27L
-
-#  define SN_netscape_cert_type           "nsCertType"
-#  define LN_netscape_cert_type           "Netscape Cert Type"
-#  define NID_netscape_cert_type          71
-#  define OBJ_netscape_cert_type          OBJ_netscape_cert_extension,1L
-
-#  define SN_netscape_base_url            "nsBaseUrl"
-#  define LN_netscape_base_url            "Netscape Base Url"
-#  define NID_netscape_base_url           72
-#  define OBJ_netscape_base_url           OBJ_netscape_cert_extension,2L
-
-#  define SN_netscape_revocation_url      "nsRevocationUrl"
-#  define LN_netscape_revocation_url      "Netscape Revocation Url"
-#  define NID_netscape_revocation_url     73
-#  define OBJ_netscape_revocation_url     OBJ_netscape_cert_extension,3L
-
-#  define SN_netscape_ca_revocation_url   "nsCaRevocationUrl"
-#  define LN_netscape_ca_revocation_url   "Netscape CA Revocation Url"
-#  define NID_netscape_ca_revocation_url  74
-#  define OBJ_netscape_ca_revocation_url  OBJ_netscape_cert_extension,4L
-
-#  define SN_netscape_renewal_url         "nsRenewalUrl"
-#  define LN_netscape_renewal_url         "Netscape Renewal Url"
-#  define NID_netscape_renewal_url        75
-#  define OBJ_netscape_renewal_url        OBJ_netscape_cert_extension,7L
-
-#  define SN_netscape_ca_policy_url       "nsCaPolicyUrl"
-#  define LN_netscape_ca_policy_url       "Netscape CA Policy Url"
-#  define NID_netscape_ca_policy_url      76
-#  define OBJ_netscape_ca_policy_url      OBJ_netscape_cert_extension,8L
-
-#  define SN_netscape_ssl_server_name     "nsSslServerName"
-#  define LN_netscape_ssl_server_name     "Netscape SSL Server Name"
-#  define NID_netscape_ssl_server_name    77
-#  define OBJ_netscape_ssl_server_name    OBJ_netscape_cert_extension,12L
-
-#  define SN_netscape_comment             "nsComment"
-#  define LN_netscape_comment             "Netscape Comment"
-#  define NID_netscape_comment            78
-#  define OBJ_netscape_comment            OBJ_netscape_cert_extension,13L
-
-#  define SN_netscape_cert_sequence       "nsCertSequence"
-#  define LN_netscape_cert_sequence       "Netscape Certificate Sequence"
-#  define NID_netscape_cert_sequence      79
-#  define OBJ_netscape_cert_sequence      OBJ_netscape_data_type,5L
-
-#  define SN_desx_cbc                     "DESX-CBC"
-#  define LN_desx_cbc                     "desx-cbc"
-#  define NID_desx_cbc                    80
-
-#  define SN_id_ce                        "id-ce"
-#  define NID_id_ce                       81
-#  define OBJ_id_ce                       2L,5L,29L
-
-#  define SN_subject_key_identifier       "subjectKeyIdentifier"
-#  define LN_subject_key_identifier       "X509v3 Subject Key Identifier"
-#  define NID_subject_key_identifier      82
-#  define OBJ_subject_key_identifier      OBJ_id_ce,14L
-
-#  define SN_key_usage                    "keyUsage"
-#  define LN_key_usage                    "X509v3 Key Usage"
-#  define NID_key_usage                   83
-#  define OBJ_key_usage                   OBJ_id_ce,15L
-
-#  define SN_private_key_usage_period     "privateKeyUsagePeriod"
-#  define LN_private_key_usage_period     "X509v3 Private Key Usage Period"
-#  define NID_private_key_usage_period    84
-#  define OBJ_private_key_usage_period    OBJ_id_ce,16L
-
-#  define SN_subject_alt_name             "subjectAltName"
-#  define LN_subject_alt_name             "X509v3 Subject Alternative Name"
-#  define NID_subject_alt_name            85
-#  define OBJ_subject_alt_name            OBJ_id_ce,17L
-
-#  define SN_issuer_alt_name              "issuerAltName"
-#  define LN_issuer_alt_name              "X509v3 Issuer Alternative Name"
-#  define NID_issuer_alt_name             86
-#  define OBJ_issuer_alt_name             OBJ_id_ce,18L
-
-#  define SN_basic_constraints            "basicConstraints"
-#  define LN_basic_constraints            "X509v3 Basic Constraints"
-#  define NID_basic_constraints           87
-#  define OBJ_basic_constraints           OBJ_id_ce,19L
-
-#  define SN_crl_number                   "crlNumber"
-#  define LN_crl_number                   "X509v3 CRL Number"
-#  define NID_crl_number                  88
-#  define OBJ_crl_number                  OBJ_id_ce,20L
-
-#  define SN_certificate_policies         "certificatePolicies"
-#  define LN_certificate_policies         "X509v3 Certificate Policies"
-#  define NID_certificate_policies        89
-#  define OBJ_certificate_policies        OBJ_id_ce,32L
-
-#  define SN_authority_key_identifier     "authorityKeyIdentifier"
-#  define LN_authority_key_identifier     "X509v3 Authority Key Identifier"
-#  define NID_authority_key_identifier    90
-#  define OBJ_authority_key_identifier    OBJ_id_ce,35L
-
-#  define SN_bf_cbc                       "BF-CBC"
-#  define LN_bf_cbc                       "bf-cbc"
-#  define NID_bf_cbc                      91
-#  define OBJ_bf_cbc                      1L,3L,6L,1L,4L,1L,3029L,1L,2L
-
-#  define SN_bf_ecb                       "BF-ECB"
-#  define LN_bf_ecb                       "bf-ecb"
-#  define NID_bf_ecb                      92
-
-#  define SN_bf_cfb64                     "BF-CFB"
-#  define LN_bf_cfb64                     "bf-cfb"
-#  define NID_bf_cfb64                    93
-
-#  define SN_bf_ofb64                     "BF-OFB"
-#  define LN_bf_ofb64                     "bf-ofb"
-#  define NID_bf_ofb64                    94
-
-#  define SN_mdc2                         "MDC2"
-#  define LN_mdc2                         "mdc2"
-#  define NID_mdc2                        95
-#  define OBJ_mdc2                        2L,5L,8L,3L,101L
-/* An alternative?                      1L,3L,14L,3L,2L,19L */
-
-#  define SN_mdc2WithRSA                  "RSA-MDC2"
-#  define LN_mdc2WithRSA                  "mdc2withRSA"
-#  define NID_mdc2WithRSA                 96
-#  define OBJ_mdc2WithRSA                 2L,5L,8L,3L,100L
-
-#  define SN_rc4_40                       "RC4-40"
-#  define LN_rc4_40                       "rc4-40"
-#  define NID_rc4_40                      97
-
-#  define SN_rc2_40_cbc                   "RC2-40-CBC"
-#  define LN_rc2_40_cbc                   "rc2-40-cbc"
-#  define NID_rc2_40_cbc                  98
-
-#  define SN_givenName                    "G"
-#  define LN_givenName                    "givenName"
-#  define NID_givenName                   99
-#  define OBJ_givenName                   OBJ_X509,42L
-
-#  define SN_surname                      "S"
-#  define LN_surname                      "surname"
-#  define NID_surname                     100
-#  define OBJ_surname                     OBJ_X509,4L
-
-#  define SN_initials                     "I"
-#  define LN_initials                     "initials"
-#  define NID_initials                    101
-#  define OBJ_initials                    OBJ_X509,43L
-
-#  define SN_uniqueIdentifier             "UID"
-#  define LN_uniqueIdentifier             "uniqueIdentifier"
-#  define NID_uniqueIdentifier            102
-#  define OBJ_uniqueIdentifier            OBJ_X509,45L
-
-#  define SN_crl_distribution_points      "crlDistributionPoints"
-#  define LN_crl_distribution_points      "X509v3 CRL Distribution Points"
-#  define NID_crl_distribution_points     103
-#  define OBJ_crl_distribution_points     OBJ_id_ce,31L
-
-#  define SN_md5WithRSA                   "RSA-NP-MD5"
-#  define LN_md5WithRSA                   "md5WithRSA"
-#  define NID_md5WithRSA                  104
-#  define OBJ_md5WithRSA                  OBJ_algorithm,3L
-
-#  define SN_serialNumber                 "SN"
-#  define LN_serialNumber                 "serialNumber"
-#  define NID_serialNumber                105
-#  define OBJ_serialNumber                OBJ_X509,5L
-
-#  define SN_title                        "T"
-#  define LN_title                        "title"
-#  define NID_title                       106
-#  define OBJ_title                       OBJ_X509,12L
-
-#  define SN_description                  "D"
-#  define LN_description                  "description"
-#  define NID_description                 107
-#  define OBJ_description                 OBJ_X509,13L
-
-/* CAST5 is CAST-128, I'm just sticking with the documentation */
-#  define SN_cast5_cbc                    "CAST5-CBC"
-#  define LN_cast5_cbc                    "cast5-cbc"
-#  define NID_cast5_cbc                   108
-#  define OBJ_cast5_cbc                   1L,2L,840L,113533L,7L,66L,10L
-
-#  define SN_cast5_ecb                    "CAST5-ECB"
-#  define LN_cast5_ecb                    "cast5-ecb"
-#  define NID_cast5_ecb                   109
-
-#  define SN_cast5_cfb64                  "CAST5-CFB"
-#  define LN_cast5_cfb64                  "cast5-cfb"
-#  define NID_cast5_cfb64                 110
-
-#  define SN_cast5_ofb64                  "CAST5-OFB"
-#  define LN_cast5_ofb64                  "cast5-ofb"
-#  define NID_cast5_ofb64                 111
-
-#  define LN_pbeWithMD5AndCast5_CBC       "pbeWithMD5AndCast5CBC"
-#  define NID_pbeWithMD5AndCast5_CBC      112
-#  define OBJ_pbeWithMD5AndCast5_CBC      1L,2L,840L,113533L,7L,66L,12L
-
-/*-
- * This is one sun will soon be using :-(
- * id-dsa-with-sha1 ID  ::= {
- *   iso(1) member-body(2) us(840) x9-57 (10040) x9cm(4) 3 }
- */
-#  define SN_dsaWithSHA1                  "DSA-SHA1"
-#  define LN_dsaWithSHA1                  "dsaWithSHA1"
-#  define NID_dsaWithSHA1                 113
-#  define OBJ_dsaWithSHA1                 1L,2L,840L,10040L,4L,3L
-
-#  define NID_md5_sha1                    114
-#  define SN_md5_sha1                     "MD5-SHA1"
-#  define LN_md5_sha1                     "md5-sha1"
-
-#  define SN_sha1WithRSA                  "RSA-SHA1-2"
-#  define LN_sha1WithRSA                  "sha1WithRSA"
-#  define NID_sha1WithRSA                 115
-#  define OBJ_sha1WithRSA                 OBJ_algorithm,29L
-
-#  define SN_dsa                          "DSA"
-#  define LN_dsa                          "dsaEncryption"
-#  define NID_dsa                         116
-#  define OBJ_dsa                         1L,2L,840L,10040L,4L,1L
-
-#  define SN_ripemd160                    "RIPEMD160"
-#  define LN_ripemd160                    "ripemd160"
-#  define NID_ripemd160                   117
-#  define OBJ_ripemd160                   1L,3L,36L,3L,2L,1L
-
-/*
- * The name should actually be rsaSignatureWithripemd160, but I'm going to
- * continue using the convention I'm using with the other ciphers
- */
-#  define SN_ripemd160WithRSA             "RSA-RIPEMD160"
-#  define LN_ripemd160WithRSA             "ripemd160WithRSA"
-#  define NID_ripemd160WithRSA            119
-#  define OBJ_ripemd160WithRSA            1L,3L,36L,3L,3L,1L,2L
-
-/*-
- * Taken from rfc2040
- *  RC5_CBC_Parameters ::= SEQUENCE {
- *      version           INTEGER (v1_0(16)),
- *      rounds            INTEGER (8..127),
- *      blockSizeInBits   INTEGER (64, 128),
- *      iv                OCTET STRING OPTIONAL
- *      }
- */
-#  define SN_rc5_cbc                      "RC5-CBC"
-#  define LN_rc5_cbc                      "rc5-cbc"
-#  define NID_rc5_cbc                     120
-#  define OBJ_rc5_cbc                     OBJ_rsadsi,3L,8L
-
-#  define SN_rc5_ecb                      "RC5-ECB"
-#  define LN_rc5_ecb                      "rc5-ecb"
-#  define NID_rc5_ecb                     121
-
-#  define SN_rc5_cfb64                    "RC5-CFB"
-#  define LN_rc5_cfb64                    "rc5-cfb"
-#  define NID_rc5_cfb64                   122
-
-#  define SN_rc5_ofb64                    "RC5-OFB"
-#  define LN_rc5_ofb64                    "rc5-ofb"
-#  define NID_rc5_ofb64                   123
-
-#  define SN_rle_compression              "RLE"
-#  define LN_rle_compression              "run length compression"
-#  define NID_rle_compression             124
-#  define OBJ_rle_compression             1L,1L,1L,1L,666L,1L
-
-#  define SN_zlib_compression             "ZLIB"
-#  define LN_zlib_compression             "zlib compression"
-#  define NID_zlib_compression            125
-#  define OBJ_zlib_compression            1L,1L,1L,1L,666L,2L
-
-#  define SN_ext_key_usage                "extendedKeyUsage"
-#  define LN_ext_key_usage                "X509v3 Extended Key Usage"
-#  define NID_ext_key_usage               126
-#  define OBJ_ext_key_usage               OBJ_id_ce,37
-
-#  define SN_id_pkix                      "PKIX"
-#  define NID_id_pkix                     127
-#  define OBJ_id_pkix                     1L,3L,6L,1L,5L,5L,7L
-
-#  define SN_id_kp                        "id-kp"
-#  define NID_id_kp                       128
-#  define OBJ_id_kp                       OBJ_id_pkix,3L
-
-/* PKIX extended key usage OIDs */
-
-#  define SN_server_auth                  "serverAuth"
-#  define LN_server_auth                  "TLS Web Server Authentication"
-#  define NID_server_auth                 129
-#  define OBJ_server_auth                 OBJ_id_kp,1L
-
-#  define SN_client_auth                  "clientAuth"
-#  define LN_client_auth                  "TLS Web Client Authentication"
-#  define NID_client_auth                 130
-#  define OBJ_client_auth                 OBJ_id_kp,2L
-
-#  define SN_code_sign                    "codeSigning"
-#  define LN_code_sign                    "Code Signing"
-#  define NID_code_sign                   131
-#  define OBJ_code_sign                   OBJ_id_kp,3L
-
-#  define SN_email_protect                "emailProtection"
-#  define LN_email_protect                "E-mail Protection"
-#  define NID_email_protect               132
-#  define OBJ_email_protect               OBJ_id_kp,4L
-
-#  define SN_time_stamp                   "timeStamping"
-#  define LN_time_stamp                   "Time Stamping"
-#  define NID_time_stamp                  133
-#  define OBJ_time_stamp                  OBJ_id_kp,8L
-
-/* Additional extended key usage OIDs: Microsoft */
-
-#  define SN_ms_code_ind                  "msCodeInd"
-#  define LN_ms_code_ind                  "Microsoft Individual Code Signing"
-#  define NID_ms_code_ind                 134
-#  define OBJ_ms_code_ind                 1L,3L,6L,1L,4L,1L,311L,2L,1L,21L
-
-#  define SN_ms_code_com                  "msCodeCom"
-#  define LN_ms_code_com                  "Microsoft Commercial Code Signing"
-#  define NID_ms_code_com                 135
-#  define OBJ_ms_code_com                 1L,3L,6L,1L,4L,1L,311L,2L,1L,22L
-
-#  define SN_ms_ctl_sign                  "msCTLSign"
-#  define LN_ms_ctl_sign                  "Microsoft Trust List Signing"
-#  define NID_ms_ctl_sign                 136
-#  define OBJ_ms_ctl_sign                 1L,3L,6L,1L,4L,1L,311L,10L,3L,1L
-
-#  define SN_ms_sgc                       "msSGC"
-#  define LN_ms_sgc                       "Microsoft Server Gated Crypto"
-#  define NID_ms_sgc                      137
-#  define OBJ_ms_sgc                      1L,3L,6L,1L,4L,1L,311L,10L,3L,3L
-
-#  define SN_ms_efs                       "msEFS"
-#  define LN_ms_efs                       "Microsoft Encrypted File System"
-#  define NID_ms_efs                      138
-#  define OBJ_ms_efs                      1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
-
-/* Additional usage: Netscape */
-
-#  define SN_ns_sgc                       "nsSGC"
-#  define LN_ns_sgc                       "Netscape Server Gated Crypto"
-#  define NID_ns_sgc                      139
-#  define OBJ_ns_sgc                      OBJ_netscape,4L,1L
-
-#  define SN_delta_crl                    "deltaCRL"
-#  define LN_delta_crl                    "X509v3 Delta CRL Indicator"
-#  define NID_delta_crl                   140
-#  define OBJ_delta_crl                   OBJ_id_ce,27L
-
-#  define SN_crl_reason                   "CRLReason"
-#  define LN_crl_reason                   "CRL Reason Code"
-#  define NID_crl_reason                  141
-#  define OBJ_crl_reason                  OBJ_id_ce,21L
-
-#  define SN_invalidity_date              "invalidityDate"
-#  define LN_invalidity_date              "Invalidity Date"
-#  define NID_invalidity_date             142
-#  define OBJ_invalidity_date             OBJ_id_ce,24L
-
-#  define SN_sxnet                        "SXNetID"
-#  define LN_sxnet                        "Strong Extranet ID"
-#  define NID_sxnet                       143
-#  define OBJ_sxnet                       1L,3L,101L,1L,4L,1L
-
-/* PKCS12 and related OBJECT IDENTIFIERS */
-
-#  define OBJ_pkcs12                      OBJ_pkcs,12L
-#  define OBJ_pkcs12_pbeids               OBJ_pkcs12, 1
-
-#  define SN_pbe_WithSHA1And128BitRC4     "PBE-SHA1-RC4-128"
-#  define LN_pbe_WithSHA1And128BitRC4     "pbeWithSHA1And128BitRC4"
-#  define NID_pbe_WithSHA1And128BitRC4    144
-#  define OBJ_pbe_WithSHA1And128BitRC4    OBJ_pkcs12_pbeids, 1L
-
-#  define SN_pbe_WithSHA1And40BitRC4      "PBE-SHA1-RC4-40"
-#  define LN_pbe_WithSHA1And40BitRC4      "pbeWithSHA1And40BitRC4"
-#  define NID_pbe_WithSHA1And40BitRC4     145
-#  define OBJ_pbe_WithSHA1And40BitRC4     OBJ_pkcs12_pbeids, 2L
-
-#  define SN_pbe_WithSHA1And3_Key_TripleDES_CBC   "PBE-SHA1-3DES"
-#  define LN_pbe_WithSHA1And3_Key_TripleDES_CBC   "pbeWithSHA1And3-KeyTripleDES-CBC"
-#  define NID_pbe_WithSHA1And3_Key_TripleDES_CBC  146
-#  define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC  OBJ_pkcs12_pbeids, 3L
-
-#  define SN_pbe_WithSHA1And2_Key_TripleDES_CBC   "PBE-SHA1-2DES"
-#  define LN_pbe_WithSHA1And2_Key_TripleDES_CBC   "pbeWithSHA1And2-KeyTripleDES-CBC"
-#  define NID_pbe_WithSHA1And2_Key_TripleDES_CBC  147
-#  define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC  OBJ_pkcs12_pbeids, 4L
-
-#  define SN_pbe_WithSHA1And128BitRC2_CBC         "PBE-SHA1-RC2-128"
-#  define LN_pbe_WithSHA1And128BitRC2_CBC         "pbeWithSHA1And128BitRC2-CBC"
-#  define NID_pbe_WithSHA1And128BitRC2_CBC        148
-#  define OBJ_pbe_WithSHA1And128BitRC2_CBC        OBJ_pkcs12_pbeids, 5L
-
-#  define SN_pbe_WithSHA1And40BitRC2_CBC  "PBE-SHA1-RC2-40"
-#  define LN_pbe_WithSHA1And40BitRC2_CBC  "pbeWithSHA1And40BitRC2-CBC"
-#  define NID_pbe_WithSHA1And40BitRC2_CBC 149
-#  define OBJ_pbe_WithSHA1And40BitRC2_CBC OBJ_pkcs12_pbeids, 6L
-
-#  define OBJ_pkcs12_Version1     OBJ_pkcs12, 10L
-
-#  define OBJ_pkcs12_BagIds       OBJ_pkcs12_Version1, 1L
-
-#  define LN_keyBag               "keyBag"
-#  define NID_keyBag              150
-#  define OBJ_keyBag              OBJ_pkcs12_BagIds, 1L
-
-#  define LN_pkcs8ShroudedKeyBag  "pkcs8ShroudedKeyBag"
-#  define NID_pkcs8ShroudedKeyBag 151
-#  define OBJ_pkcs8ShroudedKeyBag OBJ_pkcs12_BagIds, 2L
-
-#  define LN_certBag              "certBag"
-#  define NID_certBag             152
-#  define OBJ_certBag             OBJ_pkcs12_BagIds, 3L
-
-#  define LN_crlBag               "crlBag"
-#  define NID_crlBag              153
-#  define OBJ_crlBag              OBJ_pkcs12_BagIds, 4L
-
-#  define LN_secretBag            "secretBag"
-#  define NID_secretBag           154
-#  define OBJ_secretBag           OBJ_pkcs12_BagIds, 5L
-
-#  define LN_safeContentsBag      "safeContentsBag"
-#  define NID_safeContentsBag     155
-#  define OBJ_safeContentsBag     OBJ_pkcs12_BagIds, 6L
-
-#  define LN_friendlyName         "friendlyName"
-#  define NID_friendlyName        156
-#  define OBJ_friendlyName        OBJ_pkcs9, 20L
-
-#  define LN_localKeyID           "localKeyID"
-#  define NID_localKeyID          157
-#  define OBJ_localKeyID          OBJ_pkcs9, 21L
-
-#  define OBJ_certTypes           OBJ_pkcs9, 22L
-
-#  define LN_x509Certificate      "x509Certificate"
-#  define NID_x509Certificate     158
-#  define OBJ_x509Certificate     OBJ_certTypes, 1L
-
-#  define LN_sdsiCertificate      "sdsiCertificate"
-#  define NID_sdsiCertificate     159
-#  define OBJ_sdsiCertificate     OBJ_certTypes, 2L
-
-#  define OBJ_crlTypes            OBJ_pkcs9, 23L
-
-#  define LN_x509Crl              "x509Crl"
-#  define NID_x509Crl             160
-#  define OBJ_x509Crl             OBJ_crlTypes, 1L
-
-/* PKCS#5 v2 OIDs */
-
-#  define LN_pbes2                "PBES2"
-#  define NID_pbes2               161
-#  define OBJ_pbes2               OBJ_pkcs,5L,13L
-
-#  define LN_pbmac1               "PBMAC1"
-#  define NID_pbmac1              162
-#  define OBJ_pbmac1              OBJ_pkcs,5L,14L
-
-#  define LN_hmacWithSHA1         "hmacWithSHA1"
-#  define NID_hmacWithSHA1        163
-#  define OBJ_hmacWithSHA1        OBJ_rsadsi,2L,7L
-
-/* Policy Qualifier Ids */
-
-#  define LN_id_qt_cps            "Policy Qualifier CPS"
-#  define SN_id_qt_cps            "id-qt-cps"
-#  define NID_id_qt_cps           164
-#  define OBJ_id_qt_cps           OBJ_id_pkix,2L,1L
-
-#  define LN_id_qt_unotice        "Policy Qualifier User Notice"
-#  define SN_id_qt_unotice        "id-qt-unotice"
-#  define NID_id_qt_unotice       165
-#  define OBJ_id_qt_unotice       OBJ_id_pkix,2L,2L
-
-#  define SN_rc2_64_cbc                   "RC2-64-CBC"
-#  define LN_rc2_64_cbc                   "rc2-64-cbc"
-#  define NID_rc2_64_cbc                  166
-
-#  define SN_SMIMECapabilities            "SMIME-CAPS"
-#  define LN_SMIMECapabilities            "S/MIME Capabilities"
-#  define NID_SMIMECapabilities           167
-#  define OBJ_SMIMECapabilities           OBJ_pkcs9,15L
-
-#  define SN_pbeWithMD2AndRC2_CBC         "PBE-MD2-RC2-64"
-#  define LN_pbeWithMD2AndRC2_CBC         "pbeWithMD2AndRC2-CBC"
-#  define NID_pbeWithMD2AndRC2_CBC        168
-#  define OBJ_pbeWithMD2AndRC2_CBC        OBJ_pkcs,5L,4L
-
-#  define SN_pbeWithMD5AndRC2_CBC         "PBE-MD5-RC2-64"
-#  define LN_pbeWithMD5AndRC2_CBC         "pbeWithMD5AndRC2-CBC"
-#  define NID_pbeWithMD5AndRC2_CBC        169
-#  define OBJ_pbeWithMD5AndRC2_CBC        OBJ_pkcs,5L,6L
-
-#  define SN_pbeWithSHA1AndDES_CBC        "PBE-SHA1-DES"
-#  define LN_pbeWithSHA1AndDES_CBC        "pbeWithSHA1AndDES-CBC"
-#  define NID_pbeWithSHA1AndDES_CBC       170
-#  define OBJ_pbeWithSHA1AndDES_CBC       OBJ_pkcs,5L,10L
-
-/* Extension request OIDs */
-
-#  define LN_ms_ext_req                   "Microsoft Extension Request"
-#  define SN_ms_ext_req                   "msExtReq"
-#  define NID_ms_ext_req                  171
-#  define OBJ_ms_ext_req                  1L,3L,6L,1L,4L,1L,311L,2L,1L,14L
-
-#  define LN_ext_req                      "Extension Request"
-#  define SN_ext_req                      "extReq"
-#  define NID_ext_req                     172
-#  define OBJ_ext_req                     OBJ_pkcs9,14L
-
-#  define SN_name                         "name"
-#  define LN_name                         "name"
-#  define NID_name                        173
-#  define OBJ_name                        OBJ_X509,41L
-
-#  define SN_dnQualifier                  "dnQualifier"
-#  define LN_dnQualifier                  "dnQualifier"
-#  define NID_dnQualifier                 174
-#  define OBJ_dnQualifier                 OBJ_X509,46L
-
-#  define SN_id_pe                        "id-pe"
-#  define NID_id_pe                       175
-#  define OBJ_id_pe                       OBJ_id_pkix,1L
-
-#  define SN_id_ad                        "id-ad"
-#  define NID_id_ad                       176
-#  define OBJ_id_ad                       OBJ_id_pkix,48L
-
-#  define SN_info_access                  "authorityInfoAccess"
-#  define LN_info_access                  "Authority Information Access"
-#  define NID_info_access                 177
-#  define OBJ_info_access                 OBJ_id_pe,1L
-
-#  define SN_ad_OCSP                      "OCSP"
-#  define LN_ad_OCSP                      "OCSP"
-#  define NID_ad_OCSP                     178
-#  define OBJ_ad_OCSP                     OBJ_id_ad,1L
-
-#  define SN_ad_ca_issuers                "caIssuers"
-#  define LN_ad_ca_issuers                "CA Issuers"
-#  define NID_ad_ca_issuers               179
-#  define OBJ_ad_ca_issuers               OBJ_id_ad,2L
-
-#  define SN_OCSP_sign                    "OCSPSigning"
-#  define LN_OCSP_sign                    "OCSP Signing"
-#  define NID_OCSP_sign                   180
-#  define OBJ_OCSP_sign                   OBJ_id_kp,9L
-# endif                         /* USE_OBJ_MAC */
-
-# include <openssl/bio.h>
-# include <openssl/asn1.h>
-
-# define OBJ_NAME_TYPE_UNDEF             0x00
-# define OBJ_NAME_TYPE_MD_METH           0x01
-# define OBJ_NAME_TYPE_CIPHER_METH       0x02
-# define OBJ_NAME_TYPE_PKEY_METH         0x03
-# define OBJ_NAME_TYPE_COMP_METH         0x04
-# define OBJ_NAME_TYPE_NUM               0x05
-
-# define OBJ_NAME_ALIAS                  0x8000
-
-# define OBJ_BSEARCH_VALUE_ON_NOMATCH            0x01
-# define OBJ_BSEARCH_FIRST_VALUE_ON_MATCH        0x02
-
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-typedef struct obj_name_st {
-    int type;
-    int alias;
-    const char *name;
-    const char *data;
-} OBJ_NAME;
-
-# define         OBJ_create_and_add_object(a,b,c) OBJ_create(a,b,c)
-
-int OBJ_NAME_init(void);
-int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *),
-                       int (*cmp_func) (const char *, const char *),
-                       void (*free_func) (const char *, int, const char *));
-const char *OBJ_NAME_get(const char *name, int type);
-int OBJ_NAME_add(const char *name, int type, const char *data);
-int OBJ_NAME_remove(const char *name, int type);
-void OBJ_NAME_cleanup(int type); /* -1 for everything */
-void OBJ_NAME_do_all(int type, void (*fn) (const OBJ_NAME *, void *arg),
-                     void *arg);
-void OBJ_NAME_do_all_sorted(int type,
-                            void (*fn) (const OBJ_NAME *, void *arg),
-                            void *arg);
-
-ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o);
-ASN1_OBJECT *OBJ_nid2obj(int n);
-const char *OBJ_nid2ln(int n);
-const char *OBJ_nid2sn(int n);
-int OBJ_obj2nid(const ASN1_OBJECT *o);
-ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name);
-int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name);
-int OBJ_txt2nid(const char *s);
-int OBJ_ln2nid(const char *s);
-int OBJ_sn2nid(const char *s);
-int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b);
-const void *OBJ_bsearch_(const void *key, const void *base, int num, int size,
-                         int (*cmp) (const void *, const void *));
-const void *OBJ_bsearch_ex_(const void *key, const void *base, int num,
-                            int size,
-                            int (*cmp) (const void *, const void *),
-                            int flags);
-
-# define _DECLARE_OBJ_BSEARCH_CMP_FN(scope, type1, type2, nm)    \
-  static int nm##_cmp_BSEARCH_CMP_FN(const void *, const void *); \
-  static int nm##_cmp(type1 const *, type2 const *); \
-  scope type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num)
-
-# define DECLARE_OBJ_BSEARCH_CMP_FN(type1, type2, cmp)   \
-  _DECLARE_OBJ_BSEARCH_CMP_FN(static, type1, type2, cmp)
-# define DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm)     \
-  type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num)
-
-/*-
- * Unsolved problem: if a type is actually a pointer type, like
- * nid_triple is, then its impossible to get a const where you need
- * it. Consider:
- *
- * typedef int nid_triple[3];
- * const void *a_;
- * const nid_triple const *a = a_;
- *
- * The assignement discards a const because what you really want is:
- *
- * const int const * const *a = a_;
- *
- * But if you do that, you lose the fact that a is an array of 3 ints,
- * which breaks comparison functions.
- *
- * Thus we end up having to cast, sadly, or unpack the
- * declarations. Or, as I finally did in this case, delcare nid_triple
- * to be a struct, which it should have been in the first place.
- *
- * Ben, August 2008.
- *
- * Also, strictly speaking not all types need be const, but handling
- * the non-constness means a lot of complication, and in practice
- * comparison routines do always not touch their arguments.
- */
-
-# define IMPLEMENT_OBJ_BSEARCH_CMP_FN(type1, type2, nm)  \
-  static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_)    \
-      { \
-      type1 const *a = a_; \
-      type2 const *b = b_; \
-      return nm##_cmp(a,b); \
-      } \
-  static type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \
-      { \
-      return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \
-                                        nm##_cmp_BSEARCH_CMP_FN); \
-      } \
-      extern void dummy_prototype(void)
-
-# define IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm)   \
-  static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_)    \
-      { \
-      type1 const *a = a_; \
-      type2 const *b = b_; \
-      return nm##_cmp(a,b); \
-      } \
-  type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \
-      { \
-      return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \
-                                        nm##_cmp_BSEARCH_CMP_FN); \
-      } \
-      extern void dummy_prototype(void)
-
-# define OBJ_bsearch(type1,key,type2,base,num,cmp)                              \
-  ((type2 *)OBJ_bsearch_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \
-                         num,sizeof(type2),                             \
-                         ((void)CHECKED_PTR_OF(type1,cmp##_type_1),     \
-                          (void)CHECKED_PTR_OF(type2,cmp##_type_2),     \
-                          cmp##_BSEARCH_CMP_FN)))
-
-# define OBJ_bsearch_ex(type1,key,type2,base,num,cmp,flags)                      \
-  ((type2 *)OBJ_bsearch_ex_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \
-                         num,sizeof(type2),                             \
-                         ((void)CHECKED_PTR_OF(type1,cmp##_type_1),     \
-                          (void)type_2=CHECKED_PTR_OF(type2,cmp##_type_2), \
-                          cmp##_BSEARCH_CMP_FN)),flags)
-
-int OBJ_new_nid(int num);
-int OBJ_add_object(const ASN1_OBJECT *obj);
-int OBJ_create(const char *oid, const char *sn, const char *ln);
-void OBJ_cleanup(void);
-int OBJ_create_objects(BIO *in);
-
-int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid);
-int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid);
-int OBJ_add_sigid(int signid, int dig_id, int pkey_id);
-void OBJ_sigid_free(void);
-
-extern int obj_cleanup_defer;
-void check_defer(int nid);
-
-/* BEGIN ERROR CODES */
-/*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_OBJ_strings(void);
-
-/* Error codes for the OBJ functions. */
-
-/* Function codes. */
-# define OBJ_F_OBJ_ADD_OBJECT                             105
-# define OBJ_F_OBJ_CREATE                                 100
-# define OBJ_F_OBJ_DUP                                    101
-# define OBJ_F_OBJ_NAME_NEW_INDEX                         106
-# define OBJ_F_OBJ_NID2LN                                 102
-# define OBJ_F_OBJ_NID2OBJ                                103
-# define OBJ_F_OBJ_NID2SN                                 104
-
-/* Reason codes. */
-# define OBJ_R_MALLOC_FAILURE                             100
-# define OBJ_R_UNKNOWN_NID                                101
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/freebsd/crypto/openssl/crypto/ocsp/ocsp.h b/freebsd/crypto/openssl/crypto/ocsp/ocsp.h
deleted file mode 100644
index ca2ee76d..00000000
--- a/freebsd/crypto/openssl/crypto/ocsp/ocsp.h
+++ /dev/null
@@ -1,637 +0,0 @@
-/* ocsp.h */
-/*
- * Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
- * project.
- */
-
-/*
- * History: This file was transfered to Richard Levitte from CertCo by Kathy
- * Weinhold in mid-spring 2000 to be included in OpenSSL or released as a
- * patch kit.
- */
-
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_OCSP_H
-# define HEADER_OCSP_H
-
-# include <openssl/ossl_typ.h>
-# include <openssl/x509.h>
-# include <openssl/x509v3.h>
-# include <openssl/safestack.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* Various flags and values */
-
-# define OCSP_DEFAULT_NONCE_LENGTH       16
-
-# define OCSP_NOCERTS                    0x1
-# define OCSP_NOINTERN                   0x2
-# define OCSP_NOSIGS                     0x4
-# define OCSP_NOCHAIN                    0x8
-# define OCSP_NOVERIFY                   0x10
-# define OCSP_NOEXPLICIT                 0x20
-# define OCSP_NOCASIGN                   0x40
-# define OCSP_NODELEGATED                0x80
-# define OCSP_NOCHECKS                   0x100
-# define OCSP_TRUSTOTHER                 0x200
-# define OCSP_RESPID_KEY                 0x400
-# define OCSP_NOTIME                     0x800
-
-/*-  CertID ::= SEQUENCE {
- *       hashAlgorithm            AlgorithmIdentifier,
- *       issuerNameHash     OCTET STRING, -- Hash of Issuer's DN
- *       issuerKeyHash      OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields)
- *       serialNumber       CertificateSerialNumber }
- */
-typedef struct ocsp_cert_id_st {
-    X509_ALGOR *hashAlgorithm;
-    ASN1_OCTET_STRING *issuerNameHash;
-    ASN1_OCTET_STRING *issuerKeyHash;
-    ASN1_INTEGER *serialNumber;
-} OCSP_CERTID;
-
-DECLARE_STACK_OF(OCSP_CERTID)
-
-/*-  Request ::=     SEQUENCE {
- *       reqCert                    CertID,
- *       singleRequestExtensions    [0] EXPLICIT Extensions OPTIONAL }
- */
-typedef struct ocsp_one_request_st {
-    OCSP_CERTID *reqCert;
-    STACK_OF(X509_EXTENSION) *singleRequestExtensions;
-} OCSP_ONEREQ;
-
-DECLARE_STACK_OF(OCSP_ONEREQ)
-DECLARE_ASN1_SET_OF(OCSP_ONEREQ)
-
-/*-  TBSRequest      ::=     SEQUENCE {
- *       version             [0] EXPLICIT Version DEFAULT v1,
- *       requestorName       [1] EXPLICIT GeneralName OPTIONAL,
- *       requestList             SEQUENCE OF Request,
- *       requestExtensions   [2] EXPLICIT Extensions OPTIONAL }
- */
-typedef struct ocsp_req_info_st {
-    ASN1_INTEGER *version;
-    GENERAL_NAME *requestorName;
-    STACK_OF(OCSP_ONEREQ) *requestList;
-    STACK_OF(X509_EXTENSION) *requestExtensions;
-} OCSP_REQINFO;
-
-/*-  Signature       ::=     SEQUENCE {
- *       signatureAlgorithm   AlgorithmIdentifier,
- *       signature            BIT STRING,
- *       certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
- */
-typedef struct ocsp_signature_st {
-    X509_ALGOR *signatureAlgorithm;
-    ASN1_BIT_STRING *signature;
-    STACK_OF(X509) *certs;
-} OCSP_SIGNATURE;
-
-/*-  OCSPRequest     ::=     SEQUENCE {
- *       tbsRequest                  TBSRequest,
- *       optionalSignature   [0]     EXPLICIT Signature OPTIONAL }
- */
-typedef struct ocsp_request_st {
-    OCSP_REQINFO *tbsRequest;
-    OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */
-} OCSP_REQUEST;
-
-/*-  OCSPResponseStatus ::= ENUMERATED {
- *       successful            (0),      --Response has valid confirmations
- *       malformedRequest      (1),      --Illegal confirmation request
- *       internalError         (2),      --Internal error in issuer
- *       tryLater              (3),      --Try again later
- *                                       --(4) is not used
- *       sigRequired           (5),      --Must sign the request
- *       unauthorized          (6)       --Request unauthorized
- *   }
- */
-# define OCSP_RESPONSE_STATUS_SUCCESSFUL          0
-# define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST     1
-# define OCSP_RESPONSE_STATUS_INTERNALERROR        2
-# define OCSP_RESPONSE_STATUS_TRYLATER             3
-# define OCSP_RESPONSE_STATUS_SIGREQUIRED          5
-# define OCSP_RESPONSE_STATUS_UNAUTHORIZED         6
-
-/*-  ResponseBytes ::=       SEQUENCE {
- *       responseType   OBJECT IDENTIFIER,
- *       response       OCTET STRING }
- */
-typedef struct ocsp_resp_bytes_st {
-    ASN1_OBJECT *responseType;
-    ASN1_OCTET_STRING *response;
-} OCSP_RESPBYTES;
-
-/*-  OCSPResponse ::= SEQUENCE {
- *      responseStatus         OCSPResponseStatus,
- *      responseBytes          [0] EXPLICIT ResponseBytes OPTIONAL }
- */
-struct ocsp_response_st {
-    ASN1_ENUMERATED *responseStatus;
-    OCSP_RESPBYTES *responseBytes;
-};
-
-/*-  ResponderID ::= CHOICE {
- *      byName   [1] Name,
- *      byKey    [2] KeyHash }
- */
-# define V_OCSP_RESPID_NAME 0
-# define V_OCSP_RESPID_KEY  1
-struct ocsp_responder_id_st {
-    int type;
-    union {
-        X509_NAME *byName;
-        ASN1_OCTET_STRING *byKey;
-    } value;
-};
-
-DECLARE_STACK_OF(OCSP_RESPID)
-DECLARE_ASN1_FUNCTIONS(OCSP_RESPID)
-
-/*-  KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
- *                            --(excluding the tag and length fields)
- */
-
-/*-  RevokedInfo ::= SEQUENCE {
- *       revocationTime              GeneralizedTime,
- *       revocationReason    [0]     EXPLICIT CRLReason OPTIONAL }
- */
-typedef struct ocsp_revoked_info_st {
-    ASN1_GENERALIZEDTIME *revocationTime;
-    ASN1_ENUMERATED *revocationReason;
-} OCSP_REVOKEDINFO;
-
-/*-  CertStatus ::= CHOICE {
- *       good                [0]     IMPLICIT NULL,
- *       revoked             [1]     IMPLICIT RevokedInfo,
- *       unknown             [2]     IMPLICIT UnknownInfo }
- */
-# define V_OCSP_CERTSTATUS_GOOD    0
-# define V_OCSP_CERTSTATUS_REVOKED 1
-# define V_OCSP_CERTSTATUS_UNKNOWN 2
-typedef struct ocsp_cert_status_st {
-    int type;
-    union {
-        ASN1_NULL *good;
-        OCSP_REVOKEDINFO *revoked;
-        ASN1_NULL *unknown;
-    } value;
-} OCSP_CERTSTATUS;
-
-/*-  SingleResponse ::= SEQUENCE {
- *      certID                       CertID,
- *      certStatus                   CertStatus,
- *      thisUpdate                   GeneralizedTime,
- *      nextUpdate           [0]     EXPLICIT GeneralizedTime OPTIONAL,
- *      singleExtensions     [1]     EXPLICIT Extensions OPTIONAL }
- */
-typedef struct ocsp_single_response_st {
-    OCSP_CERTID *certId;
-    OCSP_CERTSTATUS *certStatus;
-    ASN1_GENERALIZEDTIME *thisUpdate;
-    ASN1_GENERALIZEDTIME *nextUpdate;
-    STACK_OF(X509_EXTENSION) *singleExtensions;
-} OCSP_SINGLERESP;
-
-DECLARE_STACK_OF(OCSP_SINGLERESP)
-DECLARE_ASN1_SET_OF(OCSP_SINGLERESP)
-
-/*-  ResponseData ::= SEQUENCE {
- *      version              [0] EXPLICIT Version DEFAULT v1,
- *      responderID              ResponderID,
- *      producedAt               GeneralizedTime,
- *      responses                SEQUENCE OF SingleResponse,
- *      responseExtensions   [1] EXPLICIT Extensions OPTIONAL }
- */
-typedef struct ocsp_response_data_st {
-    ASN1_INTEGER *version;
-    OCSP_RESPID *responderId;
-    ASN1_GENERALIZEDTIME *producedAt;
-    STACK_OF(OCSP_SINGLERESP) *responses;
-    STACK_OF(X509_EXTENSION) *responseExtensions;
-} OCSP_RESPDATA;
-
-/*-  BasicOCSPResponse       ::= SEQUENCE {
- *      tbsResponseData      ResponseData,
- *      signatureAlgorithm   AlgorithmIdentifier,
- *      signature            BIT STRING,
- *      certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
- */
-  /*
-   * Note 1: The value for "signature" is specified in the OCSP rfc2560 as
-   * follows: "The value for the signature SHALL be computed on the hash of
-   * the DER encoding ResponseData." This means that you must hash the
-   * DER-encoded tbsResponseData, and then run it through a crypto-signing
-   * function, which will (at least w/RSA) do a hash-'n'-private-encrypt
-   * operation.  This seems a bit odd, but that's the spec.  Also note that
-   * the data structures do not leave anywhere to independently specify the
-   * algorithm used for the initial hash. So, we look at the
-   * signature-specification algorithm, and try to do something intelligent.
-   * -- Kathy Weinhold, CertCo
-   */
-  /*
-   * Note 2: It seems that the mentioned passage from RFC 2560 (section
-   * 4.2.1) is open for interpretation.  I've done tests against another
-   * responder, and found that it doesn't do the double hashing that the RFC
-   * seems to say one should.  Therefore, all relevant functions take a flag
-   * saying which variant should be used.  -- Richard Levitte, OpenSSL team
-   * and CeloCom
-   */
-typedef struct ocsp_basic_response_st {
-    OCSP_RESPDATA *tbsResponseData;
-    X509_ALGOR *signatureAlgorithm;
-    ASN1_BIT_STRING *signature;
-    STACK_OF(X509) *certs;
-} OCSP_BASICRESP;
-
-/*-
- *   CRLReason ::= ENUMERATED {
- *        unspecified             (0),
- *        keyCompromise           (1),
- *        cACompromise            (2),
- *        affiliationChanged      (3),
- *        superseded              (4),
- *        cessationOfOperation    (5),
- *        certificateHold         (6),
- *        removeFromCRL           (8) }
- */
-# define OCSP_REVOKED_STATUS_NOSTATUS               -1
-# define OCSP_REVOKED_STATUS_UNSPECIFIED             0
-# define OCSP_REVOKED_STATUS_KEYCOMPROMISE           1
-# define OCSP_REVOKED_STATUS_CACOMPROMISE            2
-# define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED      3
-# define OCSP_REVOKED_STATUS_SUPERSEDED              4
-# define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION    5
-# define OCSP_REVOKED_STATUS_CERTIFICATEHOLD         6
-# define OCSP_REVOKED_STATUS_REMOVEFROMCRL           8
-
-/*-
- * CrlID ::= SEQUENCE {
- *     crlUrl               [0]     EXPLICIT IA5String OPTIONAL,
- *     crlNum               [1]     EXPLICIT INTEGER OPTIONAL,
- *     crlTime              [2]     EXPLICIT GeneralizedTime OPTIONAL }
- */
-typedef struct ocsp_crl_id_st {
-    ASN1_IA5STRING *crlUrl;
-    ASN1_INTEGER *crlNum;
-    ASN1_GENERALIZEDTIME *crlTime;
-} OCSP_CRLID;
-
-/*-
- * ServiceLocator ::= SEQUENCE {
- *      issuer    Name,
- *      locator   AuthorityInfoAccessSyntax OPTIONAL }
- */
-typedef struct ocsp_service_locator_st {
-    X509_NAME *issuer;
-    STACK_OF(ACCESS_DESCRIPTION) *locator;
-} OCSP_SERVICELOC;
-
-# define PEM_STRING_OCSP_REQUEST "OCSP REQUEST"
-# define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE"
-
-# define d2i_OCSP_REQUEST_bio(bp,p) ASN1_d2i_bio_of(OCSP_REQUEST,OCSP_REQUEST_new,d2i_OCSP_REQUEST,bp,p)
-
-# define d2i_OCSP_RESPONSE_bio(bp,p) ASN1_d2i_bio_of(OCSP_RESPONSE,OCSP_RESPONSE_new,d2i_OCSP_RESPONSE,bp,p)
-
-# define PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \
-     (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,bp,(char **)x,cb,NULL)
-
-# define PEM_read_bio_OCSP_RESPONSE(bp,x,cb)(OCSP_RESPONSE *)PEM_ASN1_read_bio(\
-     (char *(*)())d2i_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,bp,(char **)x,cb,NULL)
-
-# define PEM_write_bio_OCSP_REQUEST(bp,o) \
-    PEM_ASN1_write_bio((int (*)())i2d_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,\
-                        bp,(char *)o, NULL,NULL,0,NULL,NULL)
-
-# define PEM_write_bio_OCSP_RESPONSE(bp,o) \
-    PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\
-                        bp,(char *)o, NULL,NULL,0,NULL,NULL)
-
-# define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio_of(OCSP_RESPONSE,i2d_OCSP_RESPONSE,bp,o)
-
-# define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio_of(OCSP_REQUEST,i2d_OCSP_REQUEST,bp,o)
-
-# define OCSP_REQUEST_sign(o,pkey,md) \
-        ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\
-                o->optionalSignature->signatureAlgorithm,NULL,\
-                o->optionalSignature->signature,o->tbsRequest,pkey,md)
-
-# define OCSP_BASICRESP_sign(o,pkey,md,d) \
-        ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),o->signatureAlgorithm,NULL,\
-                o->signature,o->tbsResponseData,pkey,md)
-
-# define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\
-        a->optionalSignature->signatureAlgorithm,\
-        a->optionalSignature->signature,a->tbsRequest,r)
-
-# define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\
-        a->signatureAlgorithm,a->signature,a->tbsResponseData,r)
-
-# define ASN1_BIT_STRING_digest(data,type,md,len) \
-        ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len)
-
-# define OCSP_CERTSTATUS_dup(cs)\
-                (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\
-                (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs))
-
-OCSP_CERTID *OCSP_CERTID_dup(OCSP_CERTID *id);
-
-OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req);
-OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req,
-                               int maxline);
-int OCSP_REQ_CTX_nbio(OCSP_REQ_CTX *rctx);
-int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx);
-OCSP_REQ_CTX *OCSP_REQ_CTX_new(BIO *io, int maxline);
-void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx);
-void OCSP_set_max_response_length(OCSP_REQ_CTX *rctx, unsigned long len);
-int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const ASN1_ITEM *it,
-                     ASN1_VALUE *val);
-int OCSP_REQ_CTX_nbio_d2i(OCSP_REQ_CTX *rctx, ASN1_VALUE **pval,
-                          const ASN1_ITEM *it);
-BIO *OCSP_REQ_CTX_get0_mem_bio(OCSP_REQ_CTX *rctx);
-int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const ASN1_ITEM *it,
-                     ASN1_VALUE *val);
-int OCSP_REQ_CTX_http(OCSP_REQ_CTX *rctx, const char *op, const char *path);
-int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req);
-int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx,
-                             const char *name, const char *value);
-
-OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer);
-
-OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
-                              X509_NAME *issuerName,
-                              ASN1_BIT_STRING *issuerKey,
-                              ASN1_INTEGER *serialNumber);
-
-OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid);
-
-int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len);
-int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len);
-int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs);
-int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req);
-
-int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm);
-int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert);
-
-int OCSP_request_sign(OCSP_REQUEST *req,
-                      X509 *signer,
-                      EVP_PKEY *key,
-                      const EVP_MD *dgst,
-                      STACK_OF(X509) *certs, unsigned long flags);
-
-int OCSP_response_status(OCSP_RESPONSE *resp);
-OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp);
-
-int OCSP_resp_count(OCSP_BASICRESP *bs);
-OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx);
-int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last);
-int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,
-                            ASN1_GENERALIZEDTIME **revtime,
-                            ASN1_GENERALIZEDTIME **thisupd,
-                            ASN1_GENERALIZEDTIME **nextupd);
-int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status,
-                          int *reason,
-                          ASN1_GENERALIZEDTIME **revtime,
-                          ASN1_GENERALIZEDTIME **thisupd,
-                          ASN1_GENERALIZEDTIME **nextupd);
-int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
-                        ASN1_GENERALIZEDTIME *nextupd, long sec, long maxsec);
-
-int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs,
-                        X509_STORE *store, unsigned long flags);
-
-int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath,
-                   int *pssl);
-
-int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
-int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
-
-int OCSP_request_onereq_count(OCSP_REQUEST *req);
-OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i);
-OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one);
-int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,
-                      ASN1_OCTET_STRING **pikeyHash,
-                      ASN1_INTEGER **pserial, OCSP_CERTID *cid);
-int OCSP_request_is_signed(OCSP_REQUEST *req);
-OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs);
-OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp,
-                                        OCSP_CERTID *cid,
-                                        int status, int reason,
-                                        ASN1_TIME *revtime,
-                                        ASN1_TIME *thisupd,
-                                        ASN1_TIME *nextupd);
-int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert);
-int OCSP_basic_sign(OCSP_BASICRESP *brsp,
-                    X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
-                    STACK_OF(X509) *certs, unsigned long flags);
-
-X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim);
-
-X509_EXTENSION *OCSP_accept_responses_new(char **oids);
-
-X509_EXTENSION *OCSP_archive_cutoff_new(char *tim);
-
-X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, char **urls);
-
-int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x);
-int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos);
-int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj,
-                                int lastpos);
-int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos);
-X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc);
-X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc);
-void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit,
-                                int *idx);
-int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit,
-                              unsigned long flags);
-int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc);
-
-int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x);
-int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos);
-int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, ASN1_OBJECT *obj, int lastpos);
-int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos);
-X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc);
-X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc);
-void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx);
-int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit,
-                             unsigned long flags);
-int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc);
-
-int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x);
-int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos);
-int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj,
-                                  int lastpos);
-int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit,
-                                       int lastpos);
-X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc);
-X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc);
-void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit,
-                                  int *idx);
-int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value,
-                                int crit, unsigned long flags);
-int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc);
-
-int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x);
-int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos);
-int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj,
-                                   int lastpos);
-int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit,
-                                        int lastpos);
-X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc);
-X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc);
-void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit,
-                                   int *idx);
-int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value,
-                                 int crit, unsigned long flags);
-int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc);
-
-DECLARE_ASN1_FUNCTIONS(OCSP_SINGLERESP)
-DECLARE_ASN1_FUNCTIONS(OCSP_CERTSTATUS)
-DECLARE_ASN1_FUNCTIONS(OCSP_REVOKEDINFO)
-DECLARE_ASN1_FUNCTIONS(OCSP_BASICRESP)
-DECLARE_ASN1_FUNCTIONS(OCSP_RESPDATA)
-DECLARE_ASN1_FUNCTIONS(OCSP_RESPID)
-DECLARE_ASN1_FUNCTIONS(OCSP_RESPONSE)
-DECLARE_ASN1_FUNCTIONS(OCSP_RESPBYTES)
-DECLARE_ASN1_FUNCTIONS(OCSP_ONEREQ)
-DECLARE_ASN1_FUNCTIONS(OCSP_CERTID)
-DECLARE_ASN1_FUNCTIONS(OCSP_REQUEST)
-DECLARE_ASN1_FUNCTIONS(OCSP_SIGNATURE)
-DECLARE_ASN1_FUNCTIONS(OCSP_REQINFO)
-DECLARE_ASN1_FUNCTIONS(OCSP_CRLID)
-DECLARE_ASN1_FUNCTIONS(OCSP_SERVICELOC)
-
-const char *OCSP_response_status_str(long s);
-const char *OCSP_cert_status_str(long s);
-const char *OCSP_crl_reason_str(long s);
-
-int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *a, unsigned long flags);
-int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags);
-
-int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
-                      X509_STORE *st, unsigned long flags);
-
-/* BEGIN ERROR CODES */
-/*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_OCSP_strings(void);
-
-/* Error codes for the OCSP functions. */
-
-/* Function codes. */
-# define OCSP_F_ASN1_STRING_ENCODE                        100
-# define OCSP_F_D2I_OCSP_NONCE                            102
-# define OCSP_F_OCSP_BASIC_ADD1_STATUS                    103
-# define OCSP_F_OCSP_BASIC_SIGN                           104
-# define OCSP_F_OCSP_BASIC_VERIFY                         105
-# define OCSP_F_OCSP_CERT_ID_NEW                          101
-# define OCSP_F_OCSP_CHECK_DELEGATED                      106
-# define OCSP_F_OCSP_CHECK_IDS                            107
-# define OCSP_F_OCSP_CHECK_ISSUER                         108
-# define OCSP_F_OCSP_CHECK_VALIDITY                       115
-# define OCSP_F_OCSP_MATCH_ISSUERID                       109
-# define OCSP_F_OCSP_PARSE_URL                            114
-# define OCSP_F_OCSP_REQUEST_SIGN                         110
-# define OCSP_F_OCSP_REQUEST_VERIFY                       116
-# define OCSP_F_OCSP_RESPONSE_GET1_BASIC                  111
-# define OCSP_F_OCSP_SENDREQ_BIO                          112
-# define OCSP_F_OCSP_SENDREQ_NBIO                         117
-# define OCSP_F_PARSE_HTTP_LINE1                          118
-# define OCSP_F_REQUEST_VERIFY                            113
-
-/* Reason codes. */
-# define OCSP_R_BAD_DATA                                  100
-# define OCSP_R_CERTIFICATE_VERIFY_ERROR                  101
-# define OCSP_R_DIGEST_ERR                                102
-# define OCSP_R_ERROR_IN_NEXTUPDATE_FIELD                 122
-# define OCSP_R_ERROR_IN_THISUPDATE_FIELD                 123
-# define OCSP_R_ERROR_PARSING_URL                         121
-# define OCSP_R_MISSING_OCSPSIGNING_USAGE                 103
-# define OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE              124
-# define OCSP_R_NOT_BASIC_RESPONSE                        104
-# define OCSP_R_NO_CERTIFICATES_IN_CHAIN                  105
-# define OCSP_R_NO_CONTENT                                106
-# define OCSP_R_NO_PUBLIC_KEY                             107
-# define OCSP_R_NO_RESPONSE_DATA                          108
-# define OCSP_R_NO_REVOKED_TIME                           109
-# define OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE    110
-# define OCSP_R_REQUEST_NOT_SIGNED                        128
-# define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA      111
-# define OCSP_R_ROOT_CA_NOT_TRUSTED                       112
-# define OCSP_R_SERVER_READ_ERROR                         113
-# define OCSP_R_SERVER_RESPONSE_ERROR                     114
-# define OCSP_R_SERVER_RESPONSE_PARSE_ERROR               115
-# define OCSP_R_SERVER_WRITE_ERROR                        116
-# define OCSP_R_SIGNATURE_FAILURE                         117
-# define OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND              118
-# define OCSP_R_STATUS_EXPIRED                            125
-# define OCSP_R_STATUS_NOT_YET_VALID                      126
-# define OCSP_R_STATUS_TOO_OLD                            127
-# define OCSP_R_UNKNOWN_MESSAGE_DIGEST                    119
-# define OCSP_R_UNKNOWN_NID                               120
-# define OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE            129
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/freebsd/crypto/openssl/crypto/ocsp/ocsp_asn.c b/freebsd/crypto/openssl/crypto/ocsp/ocsp_asn.c
index 38616f06..9352ce6d 100644
--- a/freebsd/crypto/openssl/crypto/ocsp/ocsp_asn.c
+++ b/freebsd/crypto/openssl/crypto/ocsp/ocsp_asn.c
@@ -1,69 +1,21 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* ocsp_asn.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
+
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
 #include <openssl/ocsp.h>
+#include "ocsp_lcl.h"
 
 ASN1_SEQUENCE(OCSP_SIGNATURE) = {
-        ASN1_SIMPLE(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR),
+        ASN1_EMBED(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR),
         ASN1_SIMPLE(OCSP_SIGNATURE, signature, ASN1_BIT_STRING),
         ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SIGNATURE, certs, X509, 0)
 } ASN1_SEQUENCE_END(OCSP_SIGNATURE)
@@ -71,10 +23,10 @@ ASN1_SEQUENCE(OCSP_SIGNATURE) = {
 IMPLEMENT_ASN1_FUNCTIONS(OCSP_SIGNATURE)
 
 ASN1_SEQUENCE(OCSP_CERTID) = {
-        ASN1_SIMPLE(OCSP_CERTID, hashAlgorithm, X509_ALGOR),
-        ASN1_SIMPLE(OCSP_CERTID, issuerNameHash, ASN1_OCTET_STRING),
-        ASN1_SIMPLE(OCSP_CERTID, issuerKeyHash, ASN1_OCTET_STRING),
-        ASN1_SIMPLE(OCSP_CERTID, serialNumber, ASN1_INTEGER)
+        ASN1_EMBED(OCSP_CERTID, hashAlgorithm, X509_ALGOR),
+        ASN1_EMBED(OCSP_CERTID, issuerNameHash, ASN1_OCTET_STRING),
+        ASN1_EMBED(OCSP_CERTID, issuerKeyHash, ASN1_OCTET_STRING),
+        ASN1_EMBED(OCSP_CERTID, serialNumber, ASN1_INTEGER)
 } ASN1_SEQUENCE_END(OCSP_CERTID)
 
 IMPLEMENT_ASN1_FUNCTIONS(OCSP_CERTID)
@@ -96,7 +48,7 @@ ASN1_SEQUENCE(OCSP_REQINFO) = {
 IMPLEMENT_ASN1_FUNCTIONS(OCSP_REQINFO)
 
 ASN1_SEQUENCE(OCSP_REQUEST) = {
-        ASN1_SIMPLE(OCSP_REQUEST, tbsRequest, OCSP_REQINFO),
+        ASN1_EMBED(OCSP_REQUEST, tbsRequest, OCSP_REQINFO),
         ASN1_EXP_OPT(OCSP_REQUEST, optionalSignature, OCSP_SIGNATURE, 0)
 } ASN1_SEQUENCE_END(OCSP_REQUEST)
 
@@ -152,7 +104,7 @@ IMPLEMENT_ASN1_FUNCTIONS(OCSP_SINGLERESP)
 
 ASN1_SEQUENCE(OCSP_RESPDATA) = {
            ASN1_EXP_OPT(OCSP_RESPDATA, version, ASN1_INTEGER, 0),
-           ASN1_SIMPLE(OCSP_RESPDATA, responderId, OCSP_RESPID),
+           ASN1_EMBED(OCSP_RESPDATA, responderId, OCSP_RESPID),
            ASN1_SIMPLE(OCSP_RESPDATA, producedAt, ASN1_GENERALIZEDTIME),
            ASN1_SEQUENCE_OF(OCSP_RESPDATA, responses, OCSP_SINGLERESP),
            ASN1_EXP_SEQUENCE_OF_OPT(OCSP_RESPDATA, responseExtensions, X509_EXTENSION, 1)
@@ -161,8 +113,8 @@ ASN1_SEQUENCE(OCSP_RESPDATA) = {
 IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPDATA)
 
 ASN1_SEQUENCE(OCSP_BASICRESP) = {
-           ASN1_SIMPLE(OCSP_BASICRESP, tbsResponseData, OCSP_RESPDATA),
-           ASN1_SIMPLE(OCSP_BASICRESP, signatureAlgorithm, X509_ALGOR),
+           ASN1_EMBED(OCSP_BASICRESP, tbsResponseData, OCSP_RESPDATA),
+           ASN1_EMBED(OCSP_BASICRESP, signatureAlgorithm, X509_ALGOR),
            ASN1_SIMPLE(OCSP_BASICRESP, signature, ASN1_BIT_STRING),
            ASN1_EXP_SEQUENCE_OF_OPT(OCSP_BASICRESP, certs, X509, 0)
 } ASN1_SEQUENCE_END(OCSP_BASICRESP)
diff --git a/freebsd/crypto/openssl/crypto/ocsp/ocsp_cl.c b/freebsd/crypto/openssl/crypto/ocsp/ocsp_cl.c
index 54b88043..465a1d6b 100644
--- a/freebsd/crypto/openssl/crypto/ocsp/ocsp_cl.c
+++ b/freebsd/crypto/openssl/crypto/ocsp/ocsp_cl.c
@@ -1,80 +1,24 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* ocsp_cl.c */
 /*
- * Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
- * project.
- */
-
-/*
- * History: This file was transfered to Richard Levitte from CertCo by Kathy
- * Weinhold in mid-spring 2000 to be included in OpenSSL or released as a
- * patch kit.
- */
-
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <time.h>
-#include <cryptlib.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
 #include <openssl/objects.h>
-#include <openssl/rand.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/x509v3.h>
 #include <openssl/ocsp.h>
+#include "ocsp_lcl.h"
 
 /*
  * Utility functions related to sending OCSP requests and extracting relevant
@@ -90,12 +34,11 @@ OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid)
 {
     OCSP_ONEREQ *one = NULL;
 
-    if (!(one = OCSP_ONEREQ_new()))
-        goto err;
-    if (one->reqCert)
-        OCSP_CERTID_free(one->reqCert);
+    if ((one = OCSP_ONEREQ_new()) == NULL)
+        return NULL;
+    OCSP_CERTID_free(one->reqCert);
     one->reqCert = cid;
-    if (req && !sk_OCSP_ONEREQ_push(req->tbsRequest->requestList, one)) {
+    if (req && !sk_OCSP_ONEREQ_push(req->tbsRequest.requestList, one)) {
         one->reqCert = NULL; /* do not free on error */
         goto err;
     }
@@ -110,6 +53,7 @@ OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid)
 int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm)
 {
     GENERAL_NAME *gen;
+
     gen = GENERAL_NAME_new();
     if (gen == NULL)
         return 0;
@@ -118,9 +62,8 @@ int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm)
         return 0;
     }
     gen->type = GEN_DIRNAME;
-    if (req->tbsRequest->requestorName)
-        GENERAL_NAME_free(req->tbsRequest->requestorName);
-    req->tbsRequest->requestorName = gen;
+    GENERAL_NAME_free(req->tbsRequest.requestorName);
+    req->tbsRequest.requestorName = gen;
     return 1;
 }
 
@@ -129,24 +72,25 @@ int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm)
 int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert)
 {
     OCSP_SIGNATURE *sig;
-    if (!req->optionalSignature)
+    if (req->optionalSignature == NULL)
         req->optionalSignature = OCSP_SIGNATURE_new();
     sig = req->optionalSignature;
-    if (!sig)
+    if (sig == NULL)
         return 0;
-    if (!cert)
+    if (cert == NULL)
         return 1;
-    if (!sig->certs && !(sig->certs = sk_X509_new_null()))
+    if (sig->certs == NULL
+        && (sig->certs = sk_X509_new_null()) == NULL)
         return 0;
 
     if (!sk_X509_push(sig->certs, cert))
         return 0;
-    CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
+    X509_up_ref(cert);
     return 1;
 }
 
 /*
- * Sign an OCSP request set the requestorName to the subjec name of an
+ * Sign an OCSP request set the requestorName to the subject name of an
  * optional signers certificate and include one or more optional certificates
  * in the request. Behaves like PKCS7_sign().
  */
@@ -158,13 +102,12 @@ int OCSP_request_sign(OCSP_REQUEST *req,
                       STACK_OF(X509) *certs, unsigned long flags)
 {
     int i;
-    OCSP_SIGNATURE *sig;
     X509 *x;
 
     if (!OCSP_request_set1_name(req, X509_get_subject_name(signer)))
         goto err;
 
-    if (!(req->optionalSignature = sig = OCSP_SIGNATURE_new()))
+    if ((req->optionalSignature = OCSP_SIGNATURE_new()) == NULL)
         goto err;
     if (key) {
         if (!X509_check_private_key(signer, key)) {
@@ -221,15 +164,30 @@ OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp)
     return ASN1_item_unpack(rb->response, ASN1_ITEM_rptr(OCSP_BASICRESP));
 }
 
+const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs)
+{
+    return bs->signature;
+}
+
+const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs)
+{
+    return &bs->signatureAlgorithm;
+}
+
+const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs)
+{
+    return &bs->tbsResponseData;
+}
+
 /*
- * Return number of OCSP_SINGLERESP reponses present in a basic response.
+ * Return number of OCSP_SINGLERESP responses present in a basic response.
  */
 
 int OCSP_resp_count(OCSP_BASICRESP *bs)
 {
     if (!bs)
         return -1;
-    return sk_OCSP_SINGLERESP_num(bs->tbsResponseData->responses);
+    return sk_OCSP_SINGLERESP_num(bs->tbsResponseData.responses);
 }
 
 /* Extract an OCSP_SINGLERESP response with a given index */
@@ -238,7 +196,55 @@ OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx)
 {
     if (!bs)
         return NULL;
-    return sk_OCSP_SINGLERESP_value(bs->tbsResponseData->responses, idx);
+    return sk_OCSP_SINGLERESP_value(bs->tbsResponseData.responses, idx);
+}
+
+const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(const OCSP_BASICRESP* bs)
+{
+    return bs->tbsResponseData.producedAt;
+}
+
+const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs)
+{
+    return bs->certs;
+}
+
+int OCSP_resp_get0_id(const OCSP_BASICRESP *bs,
+                      const ASN1_OCTET_STRING **pid,
+                      const X509_NAME **pname)
+{
+    const OCSP_RESPID *rid = &bs->tbsResponseData.responderId;
+
+    if (rid->type == V_OCSP_RESPID_NAME) {
+        *pname = rid->value.byName;
+        *pid = NULL;
+    } else if (rid->type == V_OCSP_RESPID_KEY) {
+        *pid = rid->value.byKey;
+        *pname = NULL;
+    } else {
+        return 0;
+    }
+    return 1;
+}
+
+int OCSP_resp_get1_id(const OCSP_BASICRESP *bs,
+                      ASN1_OCTET_STRING **pid,
+                      X509_NAME **pname)
+{
+    const OCSP_RESPID *rid = &bs->tbsResponseData.responderId;
+
+    if (rid->type == V_OCSP_RESPID_NAME) {
+        *pname = X509_NAME_dup(rid->value.byName);
+        *pid = NULL;
+    } else if (rid->type == V_OCSP_RESPID_KEY) {
+        *pid = ASN1_OCTET_STRING_dup(rid->value.byKey);
+        *pname = NULL;
+    } else {
+        return 0;
+    }
+    if (*pname == NULL && *pid == NULL)
+        return 0;
+    return 1;
 }
 
 /* Look single response matching a given certificate ID */
@@ -254,7 +260,7 @@ int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last)
         last = 0;
     else
         last++;
-    sresp = bs->tbsResponseData->responses;
+    sresp = bs->tbsResponseData.responses;
     for (i = last; i < sk_OCSP_SINGLERESP_num(sresp); i++) {
         single = sk_OCSP_SINGLERESP_value(sresp, i);
         if (!OCSP_id_cmp(id, single->certId))
@@ -324,7 +330,7 @@ int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status,
 
 /*
  * Check validity of thisUpdate and nextUpdate fields. It is possible that
- * the request will take a few seconds to process and/or the time wont be
+ * the request will take a few seconds to process and/or the time won't be
  * totally accurate. Therefore to avoid rejecting otherwise valid time we
  * allow the times to be within 'nsec' of the current time. Also to avoid
  * accepting very old responses without a nextUpdate field an optional maxage
@@ -385,3 +391,8 @@ int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
 
     return ret;
 }
+
+const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *single)
+{
+    return single->certId;
+}
diff --git a/freebsd/crypto/openssl/crypto/ocsp/ocsp_err.c b/freebsd/crypto/openssl/crypto/ocsp/ocsp_err.c
index 767511b2..f1365772 100644
--- a/freebsd/crypto/openssl/crypto/ocsp/ocsp_err.c
+++ b/freebsd/crypto/openssl/crypto/ocsp/ocsp_err.c
@@ -1,151 +1,103 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/ocsp/ocsp_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
 /*
- * NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
-#include <openssl/ocsp.h>
+#include <openssl/ocsperr.h>
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_OCSP,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_OCSP,0,reason)
-
-static ERR_STRING_DATA OCSP_str_functs[] = {
-    {ERR_FUNC(OCSP_F_ASN1_STRING_ENCODE), "ASN1_STRING_encode"},
-    {ERR_FUNC(OCSP_F_D2I_OCSP_NONCE), "D2I_OCSP_NONCE"},
-    {ERR_FUNC(OCSP_F_OCSP_BASIC_ADD1_STATUS), "OCSP_basic_add1_status"},
-    {ERR_FUNC(OCSP_F_OCSP_BASIC_SIGN), "OCSP_basic_sign"},
-    {ERR_FUNC(OCSP_F_OCSP_BASIC_VERIFY), "OCSP_basic_verify"},
-    {ERR_FUNC(OCSP_F_OCSP_CERT_ID_NEW), "OCSP_cert_id_new"},
-    {ERR_FUNC(OCSP_F_OCSP_CHECK_DELEGATED), "OCSP_CHECK_DELEGATED"},
-    {ERR_FUNC(OCSP_F_OCSP_CHECK_IDS), "OCSP_CHECK_IDS"},
-    {ERR_FUNC(OCSP_F_OCSP_CHECK_ISSUER), "OCSP_CHECK_ISSUER"},
-    {ERR_FUNC(OCSP_F_OCSP_CHECK_VALIDITY), "OCSP_check_validity"},
-    {ERR_FUNC(OCSP_F_OCSP_MATCH_ISSUERID), "OCSP_MATCH_ISSUERID"},
-    {ERR_FUNC(OCSP_F_OCSP_PARSE_URL), "OCSP_parse_url"},
-    {ERR_FUNC(OCSP_F_OCSP_REQUEST_SIGN), "OCSP_request_sign"},
-    {ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY), "OCSP_request_verify"},
-    {ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC), "OCSP_response_get1_basic"},
-    {ERR_FUNC(OCSP_F_OCSP_SENDREQ_BIO), "OCSP_sendreq_bio"},
-    {ERR_FUNC(OCSP_F_OCSP_SENDREQ_NBIO), "OCSP_sendreq_nbio"},
-    {ERR_FUNC(OCSP_F_PARSE_HTTP_LINE1), "PARSE_HTTP_LINE1"},
-    {ERR_FUNC(OCSP_F_REQUEST_VERIFY), "REQUEST_VERIFY"},
+static const ERR_STRING_DATA OCSP_str_functs[] = {
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_D2I_OCSP_NONCE, 0), "d2i_ocsp_nonce"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_BASIC_ADD1_STATUS, 0),
+     "OCSP_basic_add1_status"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_BASIC_SIGN, 0), "OCSP_basic_sign"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_BASIC_SIGN_CTX, 0),
+     "OCSP_basic_sign_ctx"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_BASIC_VERIFY, 0), "OCSP_basic_verify"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_CERT_ID_NEW, 0), "OCSP_cert_id_new"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_CHECK_DELEGATED, 0),
+     "ocsp_check_delegated"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_CHECK_IDS, 0), "ocsp_check_ids"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_CHECK_ISSUER, 0), "ocsp_check_issuer"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_CHECK_VALIDITY, 0),
+     "OCSP_check_validity"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_MATCH_ISSUERID, 0),
+     "ocsp_match_issuerid"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_PARSE_URL, 0), "OCSP_parse_url"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_REQUEST_SIGN, 0), "OCSP_request_sign"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_REQUEST_VERIFY, 0),
+     "OCSP_request_verify"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_RESPONSE_GET1_BASIC, 0),
+     "OCSP_response_get1_basic"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_PARSE_HTTP_LINE1, 0), "parse_http_line1"},
     {0, NULL}
 };
 
-static ERR_STRING_DATA OCSP_str_reasons[] = {
-    {ERR_REASON(OCSP_R_BAD_DATA), "bad data"},
-    {ERR_REASON(OCSP_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"},
-    {ERR_REASON(OCSP_R_DIGEST_ERR), "digest err"},
-    {ERR_REASON(OCSP_R_ERROR_IN_NEXTUPDATE_FIELD),
-     "error in nextupdate field"},
-    {ERR_REASON(OCSP_R_ERROR_IN_THISUPDATE_FIELD),
-     "error in thisupdate field"},
-    {ERR_REASON(OCSP_R_ERROR_PARSING_URL), "error parsing url"},
-    {ERR_REASON(OCSP_R_MISSING_OCSPSIGNING_USAGE),
-     "missing ocspsigning usage"},
-    {ERR_REASON(OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE),
-     "nextupdate before thisupdate"},
-    {ERR_REASON(OCSP_R_NOT_BASIC_RESPONSE), "not basic response"},
-    {ERR_REASON(OCSP_R_NO_CERTIFICATES_IN_CHAIN), "no certificates in chain"},
-    {ERR_REASON(OCSP_R_NO_CONTENT), "no content"},
-    {ERR_REASON(OCSP_R_NO_PUBLIC_KEY), "no public key"},
-    {ERR_REASON(OCSP_R_NO_RESPONSE_DATA), "no response data"},
-    {ERR_REASON(OCSP_R_NO_REVOKED_TIME), "no revoked time"},
-    {ERR_REASON(OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),
-     "private key does not match certificate"},
-    {ERR_REASON(OCSP_R_REQUEST_NOT_SIGNED), "request not signed"},
-    {ERR_REASON(OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA),
-     "response contains no revocation data"},
-    {ERR_REASON(OCSP_R_ROOT_CA_NOT_TRUSTED), "root ca not trusted"},
-    {ERR_REASON(OCSP_R_SERVER_READ_ERROR), "server read error"},
-    {ERR_REASON(OCSP_R_SERVER_RESPONSE_ERROR), "server response error"},
-    {ERR_REASON(OCSP_R_SERVER_RESPONSE_PARSE_ERROR),
-     "server response parse error"},
-    {ERR_REASON(OCSP_R_SERVER_WRITE_ERROR), "server write error"},
-    {ERR_REASON(OCSP_R_SIGNATURE_FAILURE), "signature failure"},
-    {ERR_REASON(OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND),
-     "signer certificate not found"},
-    {ERR_REASON(OCSP_R_STATUS_EXPIRED), "status expired"},
-    {ERR_REASON(OCSP_R_STATUS_NOT_YET_VALID), "status not yet valid"},
-    {ERR_REASON(OCSP_R_STATUS_TOO_OLD), "status too old"},
-    {ERR_REASON(OCSP_R_UNKNOWN_MESSAGE_DIGEST), "unknown message digest"},
-    {ERR_REASON(OCSP_R_UNKNOWN_NID), "unknown nid"},
-    {ERR_REASON(OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE),
-     "unsupported requestorname type"},
+static const ERR_STRING_DATA OCSP_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_CERTIFICATE_VERIFY_ERROR),
+    "certificate verify error"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_DIGEST_ERR), "digest err"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_ERROR_IN_NEXTUPDATE_FIELD),
+    "error in nextupdate field"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_ERROR_IN_THISUPDATE_FIELD),
+    "error in thisupdate field"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_ERROR_PARSING_URL), "error parsing url"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_MISSING_OCSPSIGNING_USAGE),
+    "missing ocspsigning usage"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE),
+    "nextupdate before thisupdate"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_NOT_BASIC_RESPONSE),
+    "not basic response"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_NO_CERTIFICATES_IN_CHAIN),
+    "no certificates in chain"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_NO_RESPONSE_DATA), "no response data"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_NO_REVOKED_TIME), "no revoked time"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_NO_SIGNER_KEY), "no signer key"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),
+    "private key does not match certificate"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_REQUEST_NOT_SIGNED),
+    "request not signed"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA),
+    "response contains no revocation data"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_ROOT_CA_NOT_TRUSTED),
+    "root ca not trusted"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_SERVER_RESPONSE_ERROR),
+    "server response error"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_SERVER_RESPONSE_PARSE_ERROR),
+    "server response parse error"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_SIGNATURE_FAILURE), "signature failure"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND),
+    "signer certificate not found"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_STATUS_EXPIRED), "status expired"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_STATUS_NOT_YET_VALID),
+    "status not yet valid"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_STATUS_TOO_OLD), "status too old"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_UNKNOWN_MESSAGE_DIGEST),
+    "unknown message digest"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_UNKNOWN_NID), "unknown nid"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE),
+    "unsupported requestorname type"},
     {0, NULL}
 };
 
 #endif
 
-void ERR_load_OCSP_strings(void)
+int ERR_load_OCSP_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
-
     if (ERR_func_error_string(OCSP_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, OCSP_str_functs);
-        ERR_load_strings(0, OCSP_str_reasons);
+        ERR_load_strings_const(OCSP_str_functs);
+        ERR_load_strings_const(OCSP_str_reasons);
     }
 #endif
+    return 1;
 }
diff --git a/freebsd/crypto/openssl/crypto/ocsp/ocsp_ext.c b/freebsd/crypto/openssl/crypto/ocsp/ocsp_ext.c
index 20d386d0..d4efda7c 100644
--- a/freebsd/crypto/openssl/crypto/ocsp/ocsp_ext.c
+++ b/freebsd/crypto/openssl/crypto/ocsp/ocsp_ext.c
@@ -1,76 +1,20 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* ocsp_ext.c */
 /*
- * Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
- * project.
- */
-
-/*
- * History: This file was transfered to Richard Levitte from CertCo by Kathy
- * Weinhold in mid-spring 2000 to be included in OpenSSL or released as a
- * patch kit.
- */
-
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include <cryptlib.h>
+#include "internal/cryptlib.h"
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/ocsp.h>
+#include "ocsp_lcl.h"
 #include <openssl/rand.h>
 #include <openssl/x509v3.h>
 
@@ -80,53 +24,53 @@
 
 int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x)
 {
-    return (X509v3_get_ext_count(x->tbsRequest->requestExtensions));
+    return X509v3_get_ext_count(x->tbsRequest.requestExtensions);
 }
 
 int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos)
 {
     return (X509v3_get_ext_by_NID
-            (x->tbsRequest->requestExtensions, nid, lastpos));
+            (x->tbsRequest.requestExtensions, nid, lastpos));
 }
 
-int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj,
+int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, const ASN1_OBJECT *obj,
                                 int lastpos)
 {
     return (X509v3_get_ext_by_OBJ
-            (x->tbsRequest->requestExtensions, obj, lastpos));
+            (x->tbsRequest.requestExtensions, obj, lastpos));
 }
 
 int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos)
 {
     return (X509v3_get_ext_by_critical
-            (x->tbsRequest->requestExtensions, crit, lastpos));
+            (x->tbsRequest.requestExtensions, crit, lastpos));
 }
 
 X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc)
 {
-    return (X509v3_get_ext(x->tbsRequest->requestExtensions, loc));
+    return X509v3_get_ext(x->tbsRequest.requestExtensions, loc);
 }
 
 X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc)
 {
-    return (X509v3_delete_ext(x->tbsRequest->requestExtensions, loc));
+    return X509v3_delete_ext(x->tbsRequest.requestExtensions, loc);
 }
 
 void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx)
 {
-    return X509V3_get_d2i(x->tbsRequest->requestExtensions, nid, crit, idx);
+    return X509V3_get_d2i(x->tbsRequest.requestExtensions, nid, crit, idx);
 }
 
 int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit,
                               unsigned long flags)
 {
-    return X509V3_add1_i2d(&x->tbsRequest->requestExtensions, nid, value,
+    return X509V3_add1_i2d(&x->tbsRequest.requestExtensions, nid, value,
                            crit, flags);
 }
 
 int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc)
 {
-    return (X509v3_add_ext(&(x->tbsRequest->requestExtensions), ex, loc) !=
+    return (X509v3_add_ext(&(x->tbsRequest.requestExtensions), ex, loc) !=
             NULL);
 }
 
@@ -134,17 +78,18 @@ int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc)
 
 int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x)
 {
-    return (X509v3_get_ext_count(x->singleRequestExtensions));
+    return X509v3_get_ext_count(x->singleRequestExtensions);
 }
 
 int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos)
 {
-    return (X509v3_get_ext_by_NID(x->singleRequestExtensions, nid, lastpos));
+    return X509v3_get_ext_by_NID(x->singleRequestExtensions, nid, lastpos);
 }
 
-int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, ASN1_OBJECT *obj, int lastpos)
+int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, const ASN1_OBJECT *obj,
+                               int lastpos)
 {
-    return (X509v3_get_ext_by_OBJ(x->singleRequestExtensions, obj, lastpos));
+    return X509v3_get_ext_by_OBJ(x->singleRequestExtensions, obj, lastpos);
 }
 
 int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos)
@@ -155,12 +100,12 @@ int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos)
 
 X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc)
 {
-    return (X509v3_get_ext(x->singleRequestExtensions, loc));
+    return X509v3_get_ext(x->singleRequestExtensions, loc);
 }
 
 X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc)
 {
-    return (X509v3_delete_ext(x->singleRequestExtensions, loc));
+    return X509v3_delete_ext(x->singleRequestExtensions, loc);
 }
 
 void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx)
@@ -184,56 +129,56 @@ int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc)
 
 int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x)
 {
-    return (X509v3_get_ext_count(x->tbsResponseData->responseExtensions));
+    return X509v3_get_ext_count(x->tbsResponseData.responseExtensions);
 }
 
 int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos)
 {
     return (X509v3_get_ext_by_NID
-            (x->tbsResponseData->responseExtensions, nid, lastpos));
+            (x->tbsResponseData.responseExtensions, nid, lastpos));
 }
 
-int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj,
+int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, const ASN1_OBJECT *obj,
                                   int lastpos)
 {
     return (X509v3_get_ext_by_OBJ
-            (x->tbsResponseData->responseExtensions, obj, lastpos));
+            (x->tbsResponseData.responseExtensions, obj, lastpos));
 }
 
 int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit,
                                        int lastpos)
 {
     return (X509v3_get_ext_by_critical
-            (x->tbsResponseData->responseExtensions, crit, lastpos));
+            (x->tbsResponseData.responseExtensions, crit, lastpos));
 }
 
 X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc)
 {
-    return (X509v3_get_ext(x->tbsResponseData->responseExtensions, loc));
+    return X509v3_get_ext(x->tbsResponseData.responseExtensions, loc);
 }
 
 X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc)
 {
-    return (X509v3_delete_ext(x->tbsResponseData->responseExtensions, loc));
+    return X509v3_delete_ext(x->tbsResponseData.responseExtensions, loc);
 }
 
 void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit,
                                   int *idx)
 {
-    return X509V3_get_d2i(x->tbsResponseData->responseExtensions, nid, crit,
+    return X509V3_get_d2i(x->tbsResponseData.responseExtensions, nid, crit,
                           idx);
 }
 
 int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value,
                                 int crit, unsigned long flags)
 {
-    return X509V3_add1_i2d(&x->tbsResponseData->responseExtensions, nid,
+    return X509V3_add1_i2d(&x->tbsResponseData.responseExtensions, nid,
                            value, crit, flags);
 }
 
 int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc)
 {
-    return (X509v3_add_ext(&(x->tbsResponseData->responseExtensions), ex, loc)
+    return (X509v3_add_ext(&(x->tbsResponseData.responseExtensions), ex, loc)
             != NULL);
 }
 
@@ -241,34 +186,34 @@ int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc)
 
 int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x)
 {
-    return (X509v3_get_ext_count(x->singleExtensions));
+    return X509v3_get_ext_count(x->singleExtensions);
 }
 
 int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos)
 {
-    return (X509v3_get_ext_by_NID(x->singleExtensions, nid, lastpos));
+    return X509v3_get_ext_by_NID(x->singleExtensions, nid, lastpos);
 }
 
-int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj,
+int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, const ASN1_OBJECT *obj,
                                    int lastpos)
 {
-    return (X509v3_get_ext_by_OBJ(x->singleExtensions, obj, lastpos));
+    return X509v3_get_ext_by_OBJ(x->singleExtensions, obj, lastpos);
 }
 
 int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit,
                                         int lastpos)
 {
-    return (X509v3_get_ext_by_critical(x->singleExtensions, crit, lastpos));
+    return X509v3_get_ext_by_critical(x->singleExtensions, crit, lastpos);
 }
 
 X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc)
 {
-    return (X509v3_get_ext(x->singleExtensions, loc));
+    return X509v3_get_ext(x->singleExtensions, loc);
 }
 
 X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc)
 {
-    return (X509v3_delete_ext(x->singleExtensions, loc));
+    return X509v3_delete_ext(x->singleExtensions, loc);
 }
 
 void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit,
@@ -289,54 +234,11 @@ int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc)
 }
 
 /* also CRL Entry Extensions */
-#if 0
-ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d,
-                                void *data, STACK_OF(ASN1_OBJECT) *sk)
-{
-    int i;
-    unsigned char *p, *b = NULL;
-
-    if (data) {
-        if ((i = i2d(data, NULL)) <= 0)
-            goto err;
-        if (!(b = p = OPENSSL_malloc((unsigned int)i)))
-            goto err;
-        if (i2d(data, &p) <= 0)
-            goto err;
-    } else if (sk) {
-        if ((i = i2d_ASN1_SET_OF_ASN1_OBJECT(sk, NULL,
-                                             (I2D_OF(ASN1_OBJECT)) i2d,
-                                             V_ASN1_SEQUENCE,
-                                             V_ASN1_UNIVERSAL,
-                                             IS_SEQUENCE)) <= 0)
-             goto err;
-        if (!(b = p = OPENSSL_malloc((unsigned int)i)))
-            goto err;
-        if (i2d_ASN1_SET_OF_ASN1_OBJECT(sk, &p, (I2D_OF(ASN1_OBJECT)) i2d,
-                                        V_ASN1_SEQUENCE,
-                                        V_ASN1_UNIVERSAL, IS_SEQUENCE) <= 0)
-             goto err;
-    } else {
-        OCSPerr(OCSP_F_ASN1_STRING_ENCODE, OCSP_R_BAD_DATA);
-        goto err;
-    }
-    if (!s && !(s = ASN1_STRING_new()))
-        goto err;
-    if (!(ASN1_STRING_set(s, b, i)))
-        goto err;
-    OPENSSL_free(b);
-    return s;
- err:
-    if (b)
-        OPENSSL_free(b);
-    return NULL;
-}
-#endif
 
 /* Nonce handling functions */
 
 /*
- * Add a nonce to an extension stack. A nonce can be specificed or if NULL a
+ * Add a nonce to an extension stack. A nonce can be specified or if NULL a
  * random nonce will be generated. Note: OpenSSL 0.9.7d and later create an
  * OCTET STRING containing the nonce, previous versions used the raw nonce.
  */
@@ -356,6 +258,9 @@ static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts,
      * relies on library internals.
      */
     os.length = ASN1_object_size(0, len, V_ASN1_OCTET_STRING);
+    if (os.length < 0)
+        return 0;
+
     os.data = OPENSSL_malloc(os.length);
     if (os.data == NULL)
         goto err;
@@ -370,8 +275,7 @@ static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts,
         goto err;
     ret = 1;
  err:
-    if (os.data)
-        OPENSSL_free(os.data);
+    OPENSSL_free(os.data);
     return ret;
 }
 
@@ -379,14 +283,14 @@ static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts,
 
 int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len)
 {
-    return ocsp_add1_nonce(&req->tbsRequest->requestExtensions, val, len);
+    return ocsp_add1_nonce(&req->tbsRequest.requestExtensions, val, len);
 }
 
 /* Same as above but for a response */
 
 int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len)
 {
-    return ocsp_add1_nonce(&resp->tbsResponseData->responseExtensions, val,
+    return ocsp_add1_nonce(&resp->tbsResponseData.responseExtensions, val,
                            len);
 }
 
@@ -432,7 +336,8 @@ int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs)
      */
     req_ext = OCSP_REQUEST_get_ext(req, req_idx);
     resp_ext = OCSP_BASICRESP_get_ext(bs, resp_idx);
-    if (ASN1_OCTET_STRING_cmp(req_ext->value, resp_ext->value))
+    if (ASN1_OCTET_STRING_cmp(X509_EXTENSION_get_data(req_ext),
+                              X509_EXTENSION_get_data(resp_ext)))
         return 0;
     return 1;
 }
@@ -454,35 +359,34 @@ int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req)
     return OCSP_BASICRESP_add_ext(resp, req_ext, -1);
 }
 
-X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim)
+X509_EXTENSION *OCSP_crlID_new(const char *url, long *n, char *tim)
 {
     X509_EXTENSION *x = NULL;
     OCSP_CRLID *cid = NULL;
 
-    if (!(cid = OCSP_CRLID_new()))
+    if ((cid = OCSP_CRLID_new()) == NULL)
         goto err;
     if (url) {
-        if (!(cid->crlUrl = ASN1_IA5STRING_new()))
+        if ((cid->crlUrl = ASN1_IA5STRING_new()) == NULL)
             goto err;
         if (!(ASN1_STRING_set(cid->crlUrl, url, -1)))
             goto err;
     }
     if (n) {
-        if (!(cid->crlNum = ASN1_INTEGER_new()))
+        if ((cid->crlNum = ASN1_INTEGER_new()) == NULL)
             goto err;
         if (!(ASN1_INTEGER_set(cid->crlNum, *n)))
             goto err;
     }
     if (tim) {
-        if (!(cid->crlTime = ASN1_GENERALIZEDTIME_new()))
+        if ((cid->crlTime = ASN1_GENERALIZEDTIME_new()) == NULL)
             goto err;
         if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim)))
             goto err;
     }
     x = X509V3_EXT_i2d(NID_id_pkix_OCSP_CrlID, 0, cid);
  err:
-    if (cid)
-        OCSP_CRLID_free(cid);
+    OCSP_CRLID_free(cid);
     return x;
 }
 
@@ -494,7 +398,7 @@ X509_EXTENSION *OCSP_accept_responses_new(char **oids)
     ASN1_OBJECT *o = NULL;
     X509_EXTENSION *x = NULL;
 
-    if (!(sk = sk_ASN1_OBJECT_new_null()))
+    if ((sk = sk_ASN1_OBJECT_new_null()) == NULL)
         goto err;
     while (oids && *oids) {
         if ((nid = OBJ_txt2nid(*oids)) != NID_undef && (o = OBJ_nid2obj(nid)))
@@ -503,8 +407,7 @@ X509_EXTENSION *OCSP_accept_responses_new(char **oids)
     }
     x = X509V3_EXT_i2d(NID_id_pkix_OCSP_acceptableResponses, 0, sk);
  err:
-    if (sk)
-        sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
+    sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
     return x;
 }
 
@@ -514,14 +417,13 @@ X509_EXTENSION *OCSP_archive_cutoff_new(char *tim)
     X509_EXTENSION *x = NULL;
     ASN1_GENERALIZEDTIME *gt = NULL;
 
-    if (!(gt = ASN1_GENERALIZEDTIME_new()))
+    if ((gt = ASN1_GENERALIZEDTIME_new()) == NULL)
         goto err;
     if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim)))
         goto err;
     x = X509V3_EXT_i2d(NID_id_pkix_OCSP_archiveCutoff, 0, gt);
  err:
-    if (gt)
-        ASN1_GENERALIZEDTIME_free(gt);
+    ASN1_GENERALIZEDTIME_free(gt);
     return x;
 }
 
@@ -530,39 +432,43 @@ X509_EXTENSION *OCSP_archive_cutoff_new(char *tim)
  * two--NID_ad_ocsp, NID_id_ad_caIssuers--and GeneralName value.  This method
  * forces NID_ad_ocsp and uniformResourceLocator [6] IA5String.
  */
-X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, char **urls)
+X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, const char **urls)
 {
     X509_EXTENSION *x = NULL;
     ASN1_IA5STRING *ia5 = NULL;
     OCSP_SERVICELOC *sloc = NULL;
     ACCESS_DESCRIPTION *ad = NULL;
 
-    if (!(sloc = OCSP_SERVICELOC_new()))
+    if ((sloc = OCSP_SERVICELOC_new()) == NULL)
         goto err;
-    if (!(sloc->issuer = X509_NAME_dup(issuer)))
+    if ((sloc->issuer = X509_NAME_dup(issuer)) == NULL)
         goto err;
-    if (urls && *urls && !(sloc->locator = sk_ACCESS_DESCRIPTION_new_null()))
+    if (urls && *urls
+        && (sloc->locator = sk_ACCESS_DESCRIPTION_new_null()) == NULL)
         goto err;
     while (urls && *urls) {
-        if (!(ad = ACCESS_DESCRIPTION_new()))
+        if ((ad = ACCESS_DESCRIPTION_new()) == NULL)
             goto err;
-        if (!(ad->method = OBJ_nid2obj(NID_ad_OCSP)))
+        if ((ad->method = OBJ_nid2obj(NID_ad_OCSP)) == NULL)
             goto err;
-        if (!(ad->location = GENERAL_NAME_new()))
+        if ((ad->location = GENERAL_NAME_new()) == NULL)
             goto err;
-        if (!(ia5 = ASN1_IA5STRING_new()))
+        if ((ia5 = ASN1_IA5STRING_new()) == NULL)
             goto err;
         if (!ASN1_STRING_set((ASN1_STRING *)ia5, *urls, -1))
             goto err;
         ad->location->type = GEN_URI;
         ad->location->d.ia5 = ia5;
+        ia5 = NULL;
         if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad))
             goto err;
+        ad = NULL;
         urls++;
     }
     x = X509V3_EXT_i2d(NID_id_pkix_OCSP_serviceLocator, 0, sloc);
  err:
-    if (sloc)
-        OCSP_SERVICELOC_free(sloc);
+    ASN1_IA5STRING_free(ia5);
+    ACCESS_DESCRIPTION_free(ad);
+    OCSP_SERVICELOC_free(sloc);
     return x;
 }
diff --git a/freebsd/crypto/openssl/crypto/ocsp/ocsp_ht.c b/freebsd/crypto/openssl/crypto/ocsp/ocsp_ht.c
index ea779bca..35d880a2 100644
--- a/freebsd/crypto/openssl/crypto/ocsp/ocsp_ht.c
+++ b/freebsd/crypto/openssl/crypto/ocsp/ocsp_ht.c
@@ -1,76 +1,23 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* ocsp_ht.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2006.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
+#include "e_os.h"
 #include <stdio.h>
 #include <stdlib.h>
-#include <ctype.h>
+#include "internal/ctype.h"
 #include <string.h>
-#include "e_os.h"
 #include <openssl/asn1.h>
 #include <openssl/ocsp.h>
 #include <openssl/err.h>
 #include <openssl/buffer.h>
-#ifdef OPENSSL_SYS_SUNOS
-# define strtoul (unsigned long)strtol
-#endif                          /* OPENSSL_SYS_SUNOS */
 
 /* Stateful OCSP request code, supporting non-blocking I/O */
 
@@ -118,21 +65,20 @@ static int parse_http_line1(char *line);
 
 OCSP_REQ_CTX *OCSP_REQ_CTX_new(BIO *io, int maxline)
 {
-    OCSP_REQ_CTX *rctx;
-    rctx = OPENSSL_malloc(sizeof(OCSP_REQ_CTX));
-    if (!rctx)
+    OCSP_REQ_CTX *rctx = OPENSSL_zalloc(sizeof(*rctx));
+
+    if (rctx == NULL)
         return NULL;
     rctx->state = OHS_ERROR;
     rctx->max_resp_len = OCSP_MAX_RESP_LENGTH;
     rctx->mem = BIO_new(BIO_s_mem());
     rctx->io = io;
-    rctx->asn1_len = 0;
     if (maxline > 0)
         rctx->iobuflen = maxline;
     else
         rctx->iobuflen = OCSP_MAX_LINE_LEN;
     rctx->iobuf = OPENSSL_malloc(rctx->iobuflen);
-    if (!rctx->iobuf || !rctx->mem) {
+    if (rctx->iobuf == NULL || rctx->mem == NULL) {
         OCSP_REQ_CTX_free(rctx);
         return NULL;
     }
@@ -141,10 +87,10 @@ OCSP_REQ_CTX *OCSP_REQ_CTX_new(BIO *io, int maxline)
 
 void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx)
 {
-    if (rctx->mem)
-        BIO_free(rctx->mem);
-    if (rctx->iobuf)
-        OPENSSL_free(rctx->iobuf);
+    if (!rctx)
+        return;
+    BIO_free(rctx->mem);
+    OPENSSL_free(rctx->iobuf);
     OPENSSL_free(rctx);
 }
 
@@ -238,7 +184,7 @@ OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req,
 
     OCSP_REQ_CTX *rctx = NULL;
     rctx = OCSP_REQ_CTX_new(io, maxline);
-    if (!rctx)
+    if (rctx == NULL)
         return NULL;
 
     if (!OCSP_REQ_CTX_http(rctx, "POST", path))
@@ -265,7 +211,7 @@ static int parse_http_line1(char *line)
     char *p, *q, *r;
     /* Skip to first white space (passed protocol info) */
 
-    for (p = line; *p && !isspace((unsigned char)*p); p++)
+    for (p = line; *p && !ossl_isspace(*p); p++)
         continue;
     if (!*p) {
         OCSPerr(OCSP_F_PARSE_HTTP_LINE1, OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
@@ -273,7 +219,7 @@ static int parse_http_line1(char *line)
     }
 
     /* Skip past white space to start of response code */
-    while (*p && isspace((unsigned char)*p))
+    while (*p && ossl_isspace(*p))
         p++;
 
     if (!*p) {
@@ -282,7 +228,7 @@ static int parse_http_line1(char *line)
     }
 
     /* Find end of response code: first whitespace after start of code */
-    for (q = p; *q && !isspace((unsigned char)*q); q++)
+    for (q = p; *q && !ossl_isspace(*q); q++)
         continue;
 
     if (!*q) {
@@ -300,7 +246,7 @@ static int parse_http_line1(char *line)
         return 0;
 
     /* Skip over any leading white space in message */
-    while (*q && isspace((unsigned char)*q))
+    while (*q && ossl_isspace(*q))
         q++;
 
     if (*q) {
@@ -309,7 +255,7 @@ static int parse_http_line1(char *line)
          */
 
         /* We know q has a non white space character so this is OK */
-        for (r = q + strlen(q) - 1; isspace((unsigned char)*r); r--)
+        for (r = q + strlen(q) - 1; ossl_isspace(*r); r--)
             *r = 0;
     }
     if (retcode != 200) {
@@ -354,10 +300,12 @@ int OCSP_REQ_CTX_nbio(OCSP_REQ_CTX *rctx)
         }
         rctx->state = OHS_ASN1_WRITE_INIT;
 
+        /* fall thru */
     case OHS_ASN1_WRITE_INIT:
         rctx->asn1_len = BIO_get_mem_data(rctx->mem, NULL);
         rctx->state = OHS_ASN1_WRITE;
 
+        /* fall thru */
     case OHS_ASN1_WRITE:
         n = BIO_get_mem_data(rctx->mem, &p);
 
@@ -379,6 +327,7 @@ int OCSP_REQ_CTX_nbio(OCSP_REQ_CTX *rctx)
 
         (void)BIO_reset(rctx->mem);
 
+        /* fall thru */
     case OHS_ASN1_FLUSH:
 
         i = BIO_flush(rctx->io);
@@ -513,8 +462,6 @@ int OCSP_REQ_CTX_nbio(OCSP_REQ_CTX *rctx)
         rctx->state = OHS_DONE;
         return 1;
 
-        break;
-
     case OHS_DONE:
         return 1;
 
@@ -541,7 +488,7 @@ OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req)
 
     ctx = OCSP_sendreq_new(b, path, req, -1);
 
-    if (!ctx)
+    if (ctx == NULL)
         return NULL;
 
     do {
diff --git a/freebsd/crypto/openssl/crypto/ocsp/ocsp_lcl.h b/freebsd/crypto/openssl/crypto/ocsp/ocsp_lcl.h
new file mode 100644
index 00000000..36646fdf
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/ocsp/ocsp_lcl.h
@@ -0,0 +1,236 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*-  CertID ::= SEQUENCE {
+ *       hashAlgorithm            AlgorithmIdentifier,
+ *       issuerNameHash     OCTET STRING, -- Hash of Issuer's DN
+ *       issuerKeyHash      OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields)
+ *       serialNumber       CertificateSerialNumber }
+ */
+struct ocsp_cert_id_st {
+    X509_ALGOR hashAlgorithm;
+    ASN1_OCTET_STRING issuerNameHash;
+    ASN1_OCTET_STRING issuerKeyHash;
+    ASN1_INTEGER serialNumber;
+};
+
+/*-  Request ::=     SEQUENCE {
+ *       reqCert                    CertID,
+ *       singleRequestExtensions    [0] EXPLICIT Extensions OPTIONAL }
+ */
+struct ocsp_one_request_st {
+    OCSP_CERTID *reqCert;
+    STACK_OF(X509_EXTENSION) *singleRequestExtensions;
+};
+
+/*-  TBSRequest      ::=     SEQUENCE {
+ *       version             [0] EXPLICIT Version DEFAULT v1,
+ *       requestorName       [1] EXPLICIT GeneralName OPTIONAL,
+ *       requestList             SEQUENCE OF Request,
+ *       requestExtensions   [2] EXPLICIT Extensions OPTIONAL }
+ */
+struct ocsp_req_info_st {
+    ASN1_INTEGER *version;
+    GENERAL_NAME *requestorName;
+    STACK_OF(OCSP_ONEREQ) *requestList;
+    STACK_OF(X509_EXTENSION) *requestExtensions;
+};
+
+/*-  Signature       ::=     SEQUENCE {
+ *       signatureAlgorithm   AlgorithmIdentifier,
+ *       signature            BIT STRING,
+ *       certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
+ */
+struct ocsp_signature_st {
+    X509_ALGOR signatureAlgorithm;
+    ASN1_BIT_STRING *signature;
+    STACK_OF(X509) *certs;
+};
+
+/*-  OCSPRequest     ::=     SEQUENCE {
+ *       tbsRequest                  TBSRequest,
+ *       optionalSignature   [0]     EXPLICIT Signature OPTIONAL }
+ */
+struct ocsp_request_st {
+    OCSP_REQINFO tbsRequest;
+    OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */
+};
+
+/*-  OCSPResponseStatus ::= ENUMERATED {
+ *       successful            (0),      --Response has valid confirmations
+ *       malformedRequest      (1),      --Illegal confirmation request
+ *       internalError         (2),      --Internal error in issuer
+ *       tryLater              (3),      --Try again later
+ *                                       --(4) is not used
+ *       sigRequired           (5),      --Must sign the request
+ *       unauthorized          (6)       --Request unauthorized
+ *   }
+ */
+
+/*-  ResponseBytes ::=       SEQUENCE {
+ *       responseType   OBJECT IDENTIFIER,
+ *       response       OCTET STRING }
+ */
+struct ocsp_resp_bytes_st {
+    ASN1_OBJECT *responseType;
+    ASN1_OCTET_STRING *response;
+};
+
+/*-  OCSPResponse ::= SEQUENCE {
+ *      responseStatus         OCSPResponseStatus,
+ *      responseBytes          [0] EXPLICIT ResponseBytes OPTIONAL }
+ */
+struct ocsp_response_st {
+    ASN1_ENUMERATED *responseStatus;
+    OCSP_RESPBYTES *responseBytes;
+};
+
+/*-  ResponderID ::= CHOICE {
+ *      byName   [1] Name,
+ *      byKey    [2] KeyHash }
+ */
+struct ocsp_responder_id_st {
+    int type;
+    union {
+        X509_NAME *byName;
+        ASN1_OCTET_STRING *byKey;
+    } value;
+};
+
+/*-  KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
+ *                            --(excluding the tag and length fields)
+ */
+
+/*-  RevokedInfo ::= SEQUENCE {
+ *       revocationTime              GeneralizedTime,
+ *       revocationReason    [0]     EXPLICIT CRLReason OPTIONAL }
+ */
+struct ocsp_revoked_info_st {
+    ASN1_GENERALIZEDTIME *revocationTime;
+    ASN1_ENUMERATED *revocationReason;
+};
+
+/*-  CertStatus ::= CHOICE {
+ *       good                [0]     IMPLICIT NULL,
+ *       revoked             [1]     IMPLICIT RevokedInfo,
+ *       unknown             [2]     IMPLICIT UnknownInfo }
+ */
+struct ocsp_cert_status_st {
+    int type;
+    union {
+        ASN1_NULL *good;
+        OCSP_REVOKEDINFO *revoked;
+        ASN1_NULL *unknown;
+    } value;
+};
+
+/*-  SingleResponse ::= SEQUENCE {
+ *      certID                       CertID,
+ *      certStatus                   CertStatus,
+ *      thisUpdate                   GeneralizedTime,
+ *      nextUpdate           [0]     EXPLICIT GeneralizedTime OPTIONAL,
+ *      singleExtensions     [1]     EXPLICIT Extensions OPTIONAL }
+ */
+struct ocsp_single_response_st {
+    OCSP_CERTID *certId;
+    OCSP_CERTSTATUS *certStatus;
+    ASN1_GENERALIZEDTIME *thisUpdate;
+    ASN1_GENERALIZEDTIME *nextUpdate;
+    STACK_OF(X509_EXTENSION) *singleExtensions;
+};
+
+/*-  ResponseData ::= SEQUENCE {
+ *      version              [0] EXPLICIT Version DEFAULT v1,
+ *      responderID              ResponderID,
+ *      producedAt               GeneralizedTime,
+ *      responses                SEQUENCE OF SingleResponse,
+ *      responseExtensions   [1] EXPLICIT Extensions OPTIONAL }
+ */
+struct ocsp_response_data_st {
+    ASN1_INTEGER *version;
+    OCSP_RESPID responderId;
+    ASN1_GENERALIZEDTIME *producedAt;
+    STACK_OF(OCSP_SINGLERESP) *responses;
+    STACK_OF(X509_EXTENSION) *responseExtensions;
+};
+
+/*-  BasicOCSPResponse       ::= SEQUENCE {
+ *      tbsResponseData      ResponseData,
+ *      signatureAlgorithm   AlgorithmIdentifier,
+ *      signature            BIT STRING,
+ *      certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
+ */
+  /*
+   * Note 1: The value for "signature" is specified in the OCSP rfc2560 as
+   * follows: "The value for the signature SHALL be computed on the hash of
+   * the DER encoding ResponseData." This means that you must hash the
+   * DER-encoded tbsResponseData, and then run it through a crypto-signing
+   * function, which will (at least w/RSA) do a hash-'n'-private-encrypt
+   * operation.  This seems a bit odd, but that's the spec.  Also note that
+   * the data structures do not leave anywhere to independently specify the
+   * algorithm used for the initial hash. So, we look at the
+   * signature-specification algorithm, and try to do something intelligent.
+   * -- Kathy Weinhold, CertCo
+   */
+  /*
+   * Note 2: It seems that the mentioned passage from RFC 2560 (section
+   * 4.2.1) is open for interpretation.  I've done tests against another
+   * responder, and found that it doesn't do the double hashing that the RFC
+   * seems to say one should.  Therefore, all relevant functions take a flag
+   * saying which variant should be used.  -- Richard Levitte, OpenSSL team
+   * and CeloCom
+   */
+struct ocsp_basic_response_st {
+    OCSP_RESPDATA tbsResponseData;
+    X509_ALGOR signatureAlgorithm;
+    ASN1_BIT_STRING *signature;
+    STACK_OF(X509) *certs;
+};
+
+/*-
+ * CrlID ::= SEQUENCE {
+ *     crlUrl               [0]     EXPLICIT IA5String OPTIONAL,
+ *     crlNum               [1]     EXPLICIT INTEGER OPTIONAL,
+ *     crlTime              [2]     EXPLICIT GeneralizedTime OPTIONAL }
+ */
+struct ocsp_crl_id_st {
+    ASN1_IA5STRING *crlUrl;
+    ASN1_INTEGER *crlNum;
+    ASN1_GENERALIZEDTIME *crlTime;
+};
+
+/*-
+ * ServiceLocator ::= SEQUENCE {
+ *      issuer    Name,
+ *      locator   AuthorityInfoAccessSyntax OPTIONAL }
+ */
+struct ocsp_service_locator_st {
+    X509_NAME *issuer;
+    STACK_OF(ACCESS_DESCRIPTION) *locator;
+};
+
+#  define OCSP_REQUEST_sign(o,pkey,md) \
+        ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\
+                &(o)->optionalSignature->signatureAlgorithm,NULL,\
+                (o)->optionalSignature->signature,&(o)->tbsRequest,pkey,md)
+
+#  define OCSP_BASICRESP_sign(o,pkey,md,d) \
+        ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),&(o)->signatureAlgorithm,\
+                NULL,(o)->signature,&(o)->tbsResponseData,pkey,md)
+
+#  define OCSP_BASICRESP_sign_ctx(o,ctx,d) \
+        ASN1_item_sign_ctx(ASN1_ITEM_rptr(OCSP_RESPDATA),&(o)->signatureAlgorithm,\
+                NULL,(o)->signature,&(o)->tbsResponseData,ctx)
+
+#  define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\
+        &(a)->optionalSignature->signatureAlgorithm,\
+        (a)->optionalSignature->signature,&(a)->tbsRequest,r)
+
+#  define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\
+        &(a)->signatureAlgorithm,(a)->signature,&(a)->tbsResponseData,r)
diff --git a/freebsd/crypto/openssl/crypto/ocsp/ocsp_lib.c b/freebsd/crypto/openssl/crypto/ocsp/ocsp_lib.c
index 3f8c10fa..a9c05dd3 100644
--- a/freebsd/crypto/openssl/crypto/ocsp/ocsp_lib.c
+++ b/freebsd/crypto/openssl/crypto/ocsp/ocsp_lib.c
@@ -1,95 +1,37 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* ocsp_lib.c */
 /*
- * Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
- * project.
- */
-
-/*
- * History: This file was transfered to Richard Levitte from CertCo by Kathy
- * Weinhold in mid-spring 2000 to be included in OpenSSL or released as a
- * patch kit.
- */
-
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include <cryptlib.h>
+#include "internal/cryptlib.h"
 #include <openssl/objects.h>
-#include <openssl/rand.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/x509v3.h>
 #include <openssl/ocsp.h>
+#include "ocsp_lcl.h"
 #include <openssl/asn1t.h>
 
 /* Convert a certificate and its issuer to an OCSP_CERTID */
 
-OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer)
+OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject,
+                             const X509 *issuer)
 {
     X509_NAME *iname;
-    ASN1_INTEGER *serial;
+    const ASN1_INTEGER *serial;
     ASN1_BIT_STRING *ikey;
-#ifndef OPENSSL_NO_SHA1
     if (!dgst)
         dgst = EVP_sha1();
-#endif
     if (subject) {
         iname = X509_get_issuer_name(subject);
-        serial = X509_get_serialNumber(subject);
+        serial = X509_get0_serialNumber(subject);
     } else {
         iname = X509_get_subject_name(issuer);
         serial = NULL;
@@ -99,9 +41,9 @@ OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer)
 }
 
 OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
-                              X509_NAME *issuerName,
-                              ASN1_BIT_STRING *issuerKey,
-                              ASN1_INTEGER *serialNumber)
+                              const X509_NAME *issuerName,
+                              const ASN1_BIT_STRING *issuerKey,
+                              const ASN1_INTEGER *serialNumber)
 {
     int nid;
     unsigned int i;
@@ -109,17 +51,16 @@ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
     OCSP_CERTID *cid = NULL;
     unsigned char md[EVP_MAX_MD_SIZE];
 
-    if (!(cid = OCSP_CERTID_new()))
+    if ((cid = OCSP_CERTID_new()) == NULL)
         goto err;
 
-    alg = cid->hashAlgorithm;
-    if (alg->algorithm != NULL)
-        ASN1_OBJECT_free(alg->algorithm);
+    alg = &cid->hashAlgorithm;
+    ASN1_OBJECT_free(alg->algorithm);
     if ((nid = EVP_MD_type(dgst)) == NID_undef) {
         OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_UNKNOWN_NID);
         goto err;
     }
-    if (!(alg->algorithm = OBJ_nid2obj(nid)))
+    if ((alg->algorithm = OBJ_nid2obj(nid)) == NULL)
         goto err;
     if ((alg->parameter = ASN1_TYPE_new()) == NULL)
         goto err;
@@ -127,40 +68,38 @@ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
 
     if (!X509_NAME_digest(issuerName, dgst, md, &i))
         goto digerr;
-    if (!(ASN1_OCTET_STRING_set(cid->issuerNameHash, md, i)))
+    if (!(ASN1_OCTET_STRING_set(&cid->issuerNameHash, md, i)))
         goto err;
 
     /* Calculate the issuerKey hash, excluding tag and length */
     if (!EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL))
         goto err;
 
-    if (!(ASN1_OCTET_STRING_set(cid->issuerKeyHash, md, i)))
+    if (!(ASN1_OCTET_STRING_set(&cid->issuerKeyHash, md, i)))
         goto err;
 
     if (serialNumber) {
-        ASN1_INTEGER_free(cid->serialNumber);
-        if (!(cid->serialNumber = ASN1_INTEGER_dup(serialNumber)))
+        if (ASN1_STRING_copy(&cid->serialNumber, serialNumber) == 0)
             goto err;
     }
     return cid;
  digerr:
     OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_DIGEST_ERR);
  err:
-    if (cid)
-        OCSP_CERTID_free(cid);
+    OCSP_CERTID_free(cid);
     return NULL;
 }
 
 int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b)
 {
     int ret;
-    ret = OBJ_cmp(a->hashAlgorithm->algorithm, b->hashAlgorithm->algorithm);
+    ret = OBJ_cmp(a->hashAlgorithm.algorithm, b->hashAlgorithm.algorithm);
     if (ret)
         return ret;
-    ret = ASN1_OCTET_STRING_cmp(a->issuerNameHash, b->issuerNameHash);
+    ret = ASN1_OCTET_STRING_cmp(&a->issuerNameHash, &b->issuerNameHash);
     if (ret)
         return ret;
-    return ASN1_OCTET_STRING_cmp(a->issuerKeyHash, b->issuerKeyHash);
+    return ASN1_OCTET_STRING_cmp(&a->issuerKeyHash, &b->issuerKeyHash);
 }
 
 int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b)
@@ -169,7 +108,7 @@ int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b)
     ret = OCSP_id_issuer_cmp(a, b);
     if (ret)
         return ret;
-    return ASN1_INTEGER_cmp(a->serialNumber, b->serialNumber);
+    return ASN1_INTEGER_cmp(&a->serialNumber, &b->serialNumber);
 }
 
 /*
@@ -189,7 +128,7 @@ int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath,
     *ppath = NULL;
 
     /* dup the buffer since we are going to mess with it */
-    buf = BUF_strdup(url);
+    buf = OPENSSL_strdup(url);
     if (!buf)
         goto mem_err;
 
@@ -201,10 +140,10 @@ int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath,
 
     *(p++) = '\0';
 
-    if (!strcmp(buf, "http")) {
+    if (strcmp(buf, "http") == 0) {
         *pssl = 0;
         port = "80";
-    } else if (!strcmp(buf, "https")) {
+    } else if (strcmp(buf, "https") == 0) {
         *pssl = 1;
         port = "443";
     } else
@@ -223,9 +162,9 @@ int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath,
     p = strchr(p, '/');
 
     if (!p)
-        *ppath = BUF_strdup("/");
+        *ppath = OPENSSL_strdup("/");
     else {
-        *ppath = BUF_strdup(p);
+        *ppath = OPENSSL_strdup(p);
         /* Set start of path to 0 so hostname is valid */
         *p = '\0';
     }
@@ -250,11 +189,11 @@ int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath,
         port = p + 1;
     }
 
-    *pport = BUF_strdup(port);
+    *pport = OPENSSL_strdup(port);
     if (!*pport)
         goto mem_err;
 
-    *phost = BUF_strdup(host);
+    *phost = OPENSSL_strdup(host);
 
     if (!*phost)
         goto mem_err;
@@ -271,20 +210,13 @@ int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath,
     OCSPerr(OCSP_F_OCSP_PARSE_URL, OCSP_R_ERROR_PARSING_URL);
 
  err:
-    if (buf)
-        OPENSSL_free(buf);
-    if (*ppath) {
-        OPENSSL_free(*ppath);
-        *ppath = NULL;
-    }
-    if (*pport) {
-        OPENSSL_free(*pport);
-        *pport = NULL;
-    }
-    if (*phost) {
-        OPENSSL_free(*phost);
-        *phost = NULL;
-    }
+    OPENSSL_free(buf);
+    OPENSSL_free(*ppath);
+    *ppath = NULL;
+    OPENSSL_free(*pport);
+    *pport = NULL;
+    OPENSSL_free(*phost);
+    *phost = NULL;
     return 0;
 
 }
diff --git a/freebsd/crypto/openssl/crypto/ocsp/ocsp_prn.c b/freebsd/crypto/openssl/crypto/ocsp/ocsp_prn.c
index d630403c..87046569 100644
--- a/freebsd/crypto/openssl/crypto/ocsp/ocsp_prn.c
+++ b/freebsd/crypto/openssl/crypto/ocsp/ocsp_prn.c
@@ -1,74 +1,19 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* ocsp_prn.c */
 /*
- * Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
- * project.
- */
-
-/*
- * History: This file was originally part of ocsp.c and was transfered to
- * Richard Levitte from CertCo by Kathy Weinhold in mid-spring 2000 to be
- * included in OpenSSL or released as a patch kit.
- */
-
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/bio.h>
 #include <openssl/err.h>
 #include <openssl/ocsp.h>
+#include "ocsp_lcl.h"
+#include "internal/cryptlib.h"
 #include <openssl/pem.h>
 
 static int ocsp_certid_print(BIO *bp, OCSP_CERTID *a, int indent)
@@ -76,13 +21,13 @@ static int ocsp_certid_print(BIO *bp, OCSP_CERTID *a, int indent)
     BIO_printf(bp, "%*sCertificate ID:\n", indent, "");
     indent += 2;
     BIO_printf(bp, "%*sHash Algorithm: ", indent, "");
-    i2a_ASN1_OBJECT(bp, a->hashAlgorithm->algorithm);
+    i2a_ASN1_OBJECT(bp, a->hashAlgorithm.algorithm);
     BIO_printf(bp, "\n%*sIssuer Name Hash: ", indent, "");
-    i2a_ASN1_STRING(bp, a->issuerNameHash, V_ASN1_OCTET_STRING);
+    i2a_ASN1_STRING(bp, &a->issuerNameHash, 0);
     BIO_printf(bp, "\n%*sIssuer Key Hash: ", indent, "");
-    i2a_ASN1_STRING(bp, a->issuerKeyHash, V_ASN1_OCTET_STRING);
+    i2a_ASN1_STRING(bp, &a->issuerKeyHash, 0);
     BIO_printf(bp, "\n%*sSerial Number: ", indent, "");
-    i2a_ASN1_INTEGER(bp, a->serialNumber);
+    i2a_ASN1_INTEGER(bp, &a->serialNumber);
     BIO_printf(bp, "\n");
     return 1;
 }
@@ -92,15 +37,17 @@ typedef struct {
     const char *m;
 } OCSP_TBLSTR;
 
-static const char *table2string(long s, const OCSP_TBLSTR *ts, int len)
+static const char *do_table2string(long s, const OCSP_TBLSTR *ts, size_t len)
 {
-    const OCSP_TBLSTR *p;
-    for (p = ts; p < ts + len; p++)
-        if (p->t == s)
-            return p->m;
+    size_t i;
+    for (i = 0; i < len; i++, ts++)
+        if (ts->t == s)
+            return ts->m;
     return "(UNKNOWN)";
 }
 
+#define table2string(s, tbl) do_table2string(s, tbl, OSSL_NELEM(tbl))
+
 const char *OCSP_response_status_str(long s)
 {
     static const OCSP_TBLSTR rstat_tbl[] = {
@@ -111,7 +58,7 @@ const char *OCSP_response_status_str(long s)
         {OCSP_RESPONSE_STATUS_SIGREQUIRED, "sigrequired"},
         {OCSP_RESPONSE_STATUS_UNAUTHORIZED, "unauthorized"}
     };
-    return table2string(s, rstat_tbl, 6);
+    return table2string(s, rstat_tbl);
 }
 
 const char *OCSP_cert_status_str(long s)
@@ -121,7 +68,7 @@ const char *OCSP_cert_status_str(long s)
         {V_OCSP_CERTSTATUS_REVOKED, "revoked"},
         {V_OCSP_CERTSTATUS_UNKNOWN, "unknown"}
     };
-    return table2string(s, cstat_tbl, 3);
+    return table2string(s, cstat_tbl);
 }
 
 const char *OCSP_crl_reason_str(long s)
@@ -136,7 +83,7 @@ const char *OCSP_crl_reason_str(long s)
         {OCSP_REVOKED_STATUS_CERTIFICATEHOLD, "certificateHold"},
         {OCSP_REVOKED_STATUS_REMOVEFROMCRL, "removeFromCRL"}
     };
-    return table2string(s, reason_tbl, 8);
+    return table2string(s, reason_tbl);
 }
 
 int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *o, unsigned long flags)
@@ -145,7 +92,7 @@ int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *o, unsigned long flags)
     long l;
     OCSP_CERTID *cid = NULL;
     OCSP_ONEREQ *one = NULL;
-    OCSP_REQINFO *inf = o->tbsRequest;
+    OCSP_REQINFO *inf = &o->tbsRequest;
     OCSP_SIGNATURE *sig = o->optionalSignature;
 
     if (BIO_write(bp, "OCSP Request Data:\n", 19) <= 0)
@@ -173,7 +120,7 @@ int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *o, unsigned long flags)
                                  inf->requestExtensions, flags, 4))
         goto err;
     if (sig) {
-        X509_signature_print(bp, sig->signatureAlgorithm, sig->signature);
+        X509_signature_print(bp, &sig->signatureAlgorithm, sig->signature);
         for (i = 0; i < sk_X509_num(sig->certs); i++) {
             X509_print(bp, sk_X509_value(sig->certs, i));
             PEM_write_bio_X509(bp, sk_X509_value(sig->certs, i));
@@ -216,20 +163,20 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags)
 
     if ((br = OCSP_response_get1_basic(o)) == NULL)
         goto err;
-    rd = br->tbsResponseData;
+    rd = &br->tbsResponseData;
     l = ASN1_INTEGER_get(rd->version);
     if (BIO_printf(bp, "\n    Version: %lu (0x%lx)\n", l + 1, l) <= 0)
         goto err;
     if (BIO_puts(bp, "    Responder Id: ") <= 0)
         goto err;
 
-    rid = rd->responderId;
+    rid = &rd->responderId;
     switch (rid->type) {
     case V_OCSP_RESPID_NAME:
         X509_NAME_print_ex(bp, rid->value.byName, 0, XN_FLAG_ONELINE);
         break;
     case V_OCSP_RESPID_KEY:
-        i2a_ASN1_STRING(bp, rid->value.byKey, V_ASN1_OCTET_STRING);
+        i2a_ASN1_STRING(bp, rid->value.byKey, 0);
         break;
     }
 
@@ -286,7 +233,7 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags)
     if (!X509V3_extensions_print(bp, "Response Extensions",
                                  rd->responseExtensions, flags, 4))
         goto err;
-    if (X509_signature_print(bp, br->signatureAlgorithm, br->signature) <= 0)
+    if (X509_signature_print(bp, &br->signatureAlgorithm, br->signature) <= 0)
         goto err;
 
     for (i = 0; i < sk_X509_num(br->certs); i++) {
diff --git a/freebsd/crypto/openssl/crypto/ocsp/ocsp_srv.c b/freebsd/crypto/openssl/crypto/ocsp/ocsp_srv.c
index 29fabc35..da55b143 100644
--- a/freebsd/crypto/openssl/crypto/ocsp/ocsp_srv.c
+++ b/freebsd/crypto/openssl/crypto/ocsp/ocsp_srv.c
@@ -1,72 +1,22 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* ocsp_srv.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2001.
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include <cryptlib.h>
+#include "internal/cryptlib.h"
 #include <openssl/objects.h>
-#include <openssl/rand.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/x509v3.h>
 #include <openssl/ocsp.h>
+#include "ocsp_lcl.h"
 
 /*
  * Utility functions related to sending OCSP responses and extracting
@@ -75,12 +25,12 @@
 
 int OCSP_request_onereq_count(OCSP_REQUEST *req)
 {
-    return sk_OCSP_ONEREQ_num(req->tbsRequest->requestList);
+    return sk_OCSP_ONEREQ_num(req->tbsRequest.requestList);
 }
 
 OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i)
 {
-    return sk_OCSP_ONEREQ_value(req->tbsRequest->requestList, i);
+    return sk_OCSP_ONEREQ_value(req->tbsRequest.requestList, i);
 }
 
 OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one)
@@ -95,13 +45,13 @@ int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,
     if (!cid)
         return 0;
     if (pmd)
-        *pmd = cid->hashAlgorithm->algorithm;
+        *pmd = cid->hashAlgorithm.algorithm;
     if (piNameHash)
-        *piNameHash = cid->issuerNameHash;
+        *piNameHash = &cid->issuerNameHash;
     if (pikeyHash)
-        *pikeyHash = cid->issuerKeyHash;
+        *pikeyHash = &cid->issuerKeyHash;
     if (pserial)
-        *pserial = cid->serialNumber;
+        *pserial = &cid->serialNumber;
     return 1;
 }
 
@@ -117,13 +67,13 @@ OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs)
 {
     OCSP_RESPONSE *rsp = NULL;
 
-    if (!(rsp = OCSP_RESPONSE_new()))
+    if ((rsp = OCSP_RESPONSE_new()) == NULL)
         goto err;
     if (!(ASN1_ENUMERATED_set(rsp->responseStatus, status)))
         goto err;
     if (!bs)
         return rsp;
-    if (!(rsp->responseBytes = OCSP_RESPBYTES_new()))
+    if ((rsp->responseBytes = OCSP_RESPBYTES_new()) == NULL)
         goto err;
     rsp->responseBytes->responseType = OBJ_nid2obj(NID_id_pkix_OCSP_basic);
     if (!ASN1_item_pack
@@ -131,8 +81,7 @@ OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs)
          goto err;
     return rsp;
  err:
-    if (rsp)
-        OCSP_RESPONSE_free(rsp);
+    OCSP_RESPONSE_free(rsp);
     return NULL;
 }
 
@@ -147,11 +96,12 @@ OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp,
     OCSP_CERTSTATUS *cs;
     OCSP_REVOKEDINFO *ri;
 
-    if (!rsp->tbsResponseData->responses &&
-        !(rsp->tbsResponseData->responses = sk_OCSP_SINGLERESP_new_null()))
+    if (rsp->tbsResponseData.responses == NULL
+        && (rsp->tbsResponseData.responses
+                = sk_OCSP_SINGLERESP_new_null()) == NULL)
         goto err;
 
-    if (!(single = OCSP_SINGLERESP_new()))
+    if ((single = OCSP_SINGLERESP_new()) == NULL)
         goto err;
 
     if (!ASN1_TIME_to_generalizedtime(thisupd, &single->thisUpdate))
@@ -162,7 +112,7 @@ OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp,
 
     OCSP_CERTID_free(single->certId);
 
-    if (!(single->certId = OCSP_CERTID_dup(cid)))
+    if ((single->certId = OCSP_CERTID_dup(cid)) == NULL)
         goto err;
 
     cs = single->certStatus;
@@ -172,12 +122,12 @@ OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp,
             OCSPerr(OCSP_F_OCSP_BASIC_ADD1_STATUS, OCSP_R_NO_REVOKED_TIME);
             goto err;
         }
-        if (!(cs->value.revoked = ri = OCSP_REVOKEDINFO_new()))
+        if ((cs->value.revoked = ri = OCSP_REVOKEDINFO_new()) == NULL)
             goto err;
         if (!ASN1_TIME_to_generalizedtime(revtime, &ri->revocationTime))
             goto err;
         if (reason != OCSP_REVOKED_STATUS_NOSTATUS) {
-            if (!(ri->revocationReason = ASN1_ENUMERATED_new()))
+            if ((ri->revocationReason = ASN1_ENUMERATED_new()) == NULL)
                 goto err;
             if (!(ASN1_ENUMERATED_set(ri->revocationReason, reason)))
                 goto err;
@@ -185,18 +135,20 @@ OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp,
         break;
 
     case V_OCSP_CERTSTATUS_GOOD:
-        cs->value.good = ASN1_NULL_new();
+        if ((cs->value.good = ASN1_NULL_new()) == NULL)
+            goto err;
         break;
 
     case V_OCSP_CERTSTATUS_UNKNOWN:
-        cs->value.unknown = ASN1_NULL_new();
+        if ((cs->value.unknown = ASN1_NULL_new()) == NULL)
+            goto err;
         break;
 
     default:
         goto err;
 
     }
-    if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData->responses, single)))
+    if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData.responses, single)))
         goto err;
     return single;
  err:
@@ -208,24 +160,38 @@ OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp,
 
 int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert)
 {
-    if (!resp->certs && !(resp->certs = sk_X509_new_null()))
+    if (resp->certs == NULL
+        && (resp->certs = sk_X509_new_null()) == NULL)
         return 0;
 
     if (!sk_X509_push(resp->certs, cert))
         return 0;
-    CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
+    X509_up_ref(cert);
     return 1;
 }
 
-int OCSP_basic_sign(OCSP_BASICRESP *brsp,
-                    X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
+/*
+ * Sign an OCSP response using the parameters contained in the digest context,
+ * set the responderID to the subject name in the signer's certificate, and
+ * include one or more optional certificates in the response.
+ */
+
+int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp,
+                    X509 *signer, EVP_MD_CTX *ctx,
                     STACK_OF(X509) *certs, unsigned long flags)
 {
     int i;
     OCSP_RESPID *rid;
+    EVP_PKEY *pkey;
 
-    if (!X509_check_private_key(signer, key)) {
-        OCSPerr(OCSP_F_OCSP_BASIC_SIGN,
+    if (ctx == NULL || EVP_MD_CTX_pkey_ctx(ctx) == NULL) {
+        OCSPerr(OCSP_F_OCSP_BASIC_SIGN_CTX, OCSP_R_NO_SIGNER_KEY);
+        goto err;
+    }
+
+    pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx));
+    if (pkey == NULL || !X509_check_private_key(signer, pkey)) {
+        OCSPerr(OCSP_F_OCSP_BASIC_SIGN_CTX,
                 OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
         goto err;
     }
@@ -240,23 +206,16 @@ int OCSP_basic_sign(OCSP_BASICRESP *brsp,
         }
     }
 
-    rid = brsp->tbsResponseData->responderId;
+    rid = &brsp->tbsResponseData.responderId;
     if (flags & OCSP_RESPID_KEY) {
-        unsigned char md[SHA_DIGEST_LENGTH];
-        X509_pubkey_digest(signer, EVP_sha1(), md, NULL);
-        if (!(rid->value.byKey = ASN1_OCTET_STRING_new()))
-            goto err;
-        if (!(ASN1_OCTET_STRING_set(rid->value.byKey, md, SHA_DIGEST_LENGTH)))
+        if (!OCSP_RESPID_set_by_key(rid, signer))
             goto err;
-        rid->type = V_OCSP_RESPID_KEY;
-    } else {
-        if (!X509_NAME_set(&rid->value.byName, X509_get_subject_name(signer)))
-            goto err;
-        rid->type = V_OCSP_RESPID_NAME;
+    } else if (!OCSP_RESPID_set_by_name(rid, signer)) {
+        goto err;
     }
 
     if (!(flags & OCSP_NOTIME) &&
-        !X509_gmtime_adj(brsp->tbsResponseData->producedAt, 0))
+        !X509_gmtime_adj(brsp->tbsResponseData.producedAt, 0))
         goto err;
 
     /*
@@ -264,10 +223,90 @@ int OCSP_basic_sign(OCSP_BASICRESP *brsp,
      * -- Richard Levitte
      */
 
-    if (!OCSP_BASICRESP_sign(brsp, key, dgst, 0))
+    if (!OCSP_BASICRESP_sign_ctx(brsp, ctx, 0))
         goto err;
 
     return 1;
  err:
     return 0;
 }
+
+int OCSP_basic_sign(OCSP_BASICRESP *brsp,
+                    X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
+                    STACK_OF(X509) *certs, unsigned long flags)
+{
+    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+    EVP_PKEY_CTX *pkctx = NULL;
+    int i;
+
+    if (ctx == NULL)
+        return 0;
+
+    if (!EVP_DigestSignInit(ctx, &pkctx, dgst, NULL, key)) {
+        EVP_MD_CTX_free(ctx);
+        return 0;
+    }
+    i = OCSP_basic_sign_ctx(brsp, signer, ctx, certs, flags);
+    EVP_MD_CTX_free(ctx);
+    return i;
+}
+
+int OCSP_RESPID_set_by_name(OCSP_RESPID *respid, X509 *cert)
+{
+    if (!X509_NAME_set(&respid->value.byName, X509_get_subject_name(cert)))
+        return 0;
+
+    respid->type = V_OCSP_RESPID_NAME;
+
+    return 1;
+}
+
+int OCSP_RESPID_set_by_key(OCSP_RESPID *respid, X509 *cert)
+{
+    ASN1_OCTET_STRING *byKey = NULL;
+    unsigned char md[SHA_DIGEST_LENGTH];
+
+    /* RFC2560 requires SHA1 */
+    if (!X509_pubkey_digest(cert, EVP_sha1(), md, NULL))
+        return 0;
+
+    byKey = ASN1_OCTET_STRING_new();
+    if (byKey == NULL)
+        return 0;
+
+    if (!(ASN1_OCTET_STRING_set(byKey, md, SHA_DIGEST_LENGTH))) {
+        ASN1_OCTET_STRING_free(byKey);
+        return 0;
+    }
+
+    respid->type = V_OCSP_RESPID_KEY;
+    respid->value.byKey = byKey;
+
+    return 1;
+}
+
+int OCSP_RESPID_match(OCSP_RESPID *respid, X509 *cert)
+{
+    if (respid->type == V_OCSP_RESPID_KEY) {
+        unsigned char md[SHA_DIGEST_LENGTH];
+
+        if (respid->value.byKey == NULL)
+            return 0;
+
+        /* RFC2560 requires SHA1 */
+        if (!X509_pubkey_digest(cert, EVP_sha1(), md, NULL))
+            return 0;
+
+        return (ASN1_STRING_length(respid->value.byKey) == SHA_DIGEST_LENGTH)
+            && (memcmp(ASN1_STRING_get0_data(respid->value.byKey), md,
+                       SHA_DIGEST_LENGTH) == 0);
+    } else if (respid->type == V_OCSP_RESPID_NAME) {
+        if (respid->value.byName == NULL)
+            return 0;
+
+        return X509_NAME_cmp(respid->value.byName,
+                             X509_get_subject_name(cert)) == 0;
+    }
+
+    return 0;
+}
diff --git a/freebsd/crypto/openssl/crypto/ocsp/ocsp_vfy.c b/freebsd/crypto/openssl/crypto/ocsp/ocsp_vfy.c
index 23ffe63c..bc13c702 100644
--- a/freebsd/crypto/openssl/crypto/ocsp/ocsp_vfy.c
+++ b/freebsd/crypto/openssl/crypto/ocsp/ocsp_vfy.c
@@ -1,82 +1,31 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* ocsp_vfy.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000-2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/ocsp.h>
+#include "ocsp_lcl.h"
 #include <openssl/err.h>
 #include <string.h>
 
 static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs,
-                            STACK_OF(X509) *certs, X509_STORE *st,
-                            unsigned long flags);
+                            STACK_OF(X509) *certs, unsigned long flags);
 static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id);
-static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain,
-                             unsigned long flags);
+static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain);
 static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp,
                           OCSP_CERTID **ret);
 static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
                                STACK_OF(OCSP_SINGLERESP) *sresp);
-static int ocsp_check_delegated(X509 *x, int flags);
+static int ocsp_check_delegated(X509 *x);
 static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req,
                                 X509_NAME *nm, STACK_OF(X509) *certs,
-                                X509_STORE *st, unsigned long flags);
+                                unsigned long flags);
 
 /* Verify a basic response message */
 
@@ -86,24 +35,30 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
     X509 *signer, *x;
     STACK_OF(X509) *chain = NULL;
     STACK_OF(X509) *untrusted = NULL;
-    X509_STORE_CTX ctx;
-    int i, ret = 0;
-    ret = ocsp_find_signer(&signer, bs, certs, st, flags);
+    X509_STORE_CTX *ctx = NULL;
+    int i, ret = ocsp_find_signer(&signer, bs, certs, flags);
+
     if (!ret) {
         OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
                 OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
         goto end;
     }
+    ctx = X509_STORE_CTX_new();
+    if (ctx == NULL) {
+        OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto f_err;
+    }
     if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
         flags |= OCSP_NOVERIFY;
     if (!(flags & OCSP_NOSIGS)) {
         EVP_PKEY *skey;
-        skey = X509_get_pubkey(signer);
-        if (skey) {
-            ret = OCSP_BASICRESP_verify(bs, skey, 0);
-            EVP_PKEY_free(skey);
+        skey = X509_get0_pubkey(signer);
+        if (skey == NULL) {
+            OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_NO_SIGNER_KEY);
+            goto err;
         }
-        if (!skey || ret <= 0) {
+        ret = OCSP_BASICRESP_verify(bs, skey, 0);
+        if (ret <= 0) {
             OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE);
             goto end;
         }
@@ -117,7 +72,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
             for (i = 0; i < sk_X509_num(certs); i++) {
                 if (!sk_X509_push(untrusted, sk_X509_value(certs, i))) {
                     OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_MALLOC_FAILURE);
-                    goto end;
+                    goto f_err;
                 }
             }
         } else if (certs != NULL) {
@@ -125,19 +80,17 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
         } else {
             untrusted = bs->certs;
         }
-        init_res = X509_STORE_CTX_init(&ctx, st, signer, untrusted);
+        init_res = X509_STORE_CTX_init(ctx, st, signer, untrusted);
         if (!init_res) {
-            ret = -1;
             OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_X509_LIB);
-            goto end;
+            goto f_err;
         }
 
-        X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER);
-        ret = X509_verify_cert(&ctx);
-        chain = X509_STORE_CTX_get1_chain(&ctx);
-        X509_STORE_CTX_cleanup(&ctx);
+        X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_OCSP_HELPER);
+        ret = X509_verify_cert(ctx);
+        chain = X509_STORE_CTX_get1_chain(ctx);
         if (ret <= 0) {
-            i = X509_STORE_CTX_get_error(&ctx);
+            i = X509_STORE_CTX_get_error(ctx);
             OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
                     OCSP_R_CERTIFICATE_VERIFY_ERROR);
             ERR_add_error_data(2, "Verify error:",
@@ -152,7 +105,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
          * At this point we have a valid certificate chain need to verify it
          * against the OCSP issuer criteria.
          */
-        ret = ocsp_check_issuer(bs, chain, flags);
+        ret = ocsp_check_issuer(bs, chain);
 
         /* If fatal error or valid match then finish */
         if (ret != 0)
@@ -168,25 +121,39 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
         x = sk_X509_value(chain, sk_X509_num(chain) - 1);
         if (X509_check_trust(x, NID_OCSP_sign, 0) != X509_TRUST_TRUSTED) {
             OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_ROOT_CA_NOT_TRUSTED);
-            goto end;
+            goto err;
         }
         ret = 1;
     }
-
  end:
-    if (chain)
-        sk_X509_pop_free(chain, X509_free);
+    X509_STORE_CTX_free(ctx);
+    sk_X509_pop_free(chain, X509_free);
     if (bs->certs && certs)
         sk_X509_free(untrusted);
     return ret;
+
+ err:
+    ret = 0;
+    goto end;
+ f_err:
+    ret = -1;
+    goto end;
+}
+
+int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer,
+                          STACK_OF(X509) *extra_certs)
+{
+    int ret;
+
+    ret = ocsp_find_signer(signer, bs, extra_certs, 0);
+    return (ret > 0) ? 1 : 0;
 }
 
 static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs,
-                            STACK_OF(X509) *certs, X509_STORE *st,
-                            unsigned long flags)
+                            STACK_OF(X509) *certs, unsigned long flags)
 {
     X509 *signer;
-    OCSP_RESPID *rid = bs->tbsResponseData->responderId;
+    OCSP_RESPID *rid = &bs->tbsResponseData.responderId;
     if ((signer = ocsp_find_signer_sk(certs, rid))) {
         *psigner = signer;
         return 2;
@@ -228,14 +195,13 @@ static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id)
     return NULL;
 }
 
-static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain,
-                             unsigned long flags)
+static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain)
 {
     STACK_OF(OCSP_SINGLERESP) *sresp;
     X509 *signer, *sca;
     OCSP_CERTID *caid = NULL;
     int i;
-    sresp = bs->tbsResponseData->responses;
+    sresp = bs->tbsResponseData.responses;
 
     if (sk_X509_num(chain) <= 0) {
         OCSPerr(OCSP_F_OCSP_CHECK_ISSUER, OCSP_R_NO_CERTIFICATES_IN_CHAIN);
@@ -258,7 +224,7 @@ static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain,
             return i;
         if (i) {
             /* We have a match, if extensions OK then success */
-            if (ocsp_check_delegated(signer, flags))
+            if (ocsp_check_delegated(signer))
                 return 1;
             return 0;
         }
@@ -295,9 +261,9 @@ static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret)
         tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
         /* Check to see if IDs match */
         if (OCSP_id_issuer_cmp(cid, tmpid)) {
-            /* If algoritm mismatch let caller deal with it */
-            if (OBJ_cmp(tmpid->hashAlgorithm->algorithm,
-                        cid->hashAlgorithm->algorithm))
+            /* If algorithm mismatch let caller deal with it */
+            if (OBJ_cmp(tmpid->hashAlgorithm.algorithm,
+                        cid->hashAlgorithm.algorithm))
                 return 2;
             /* Else mismatch */
             return 0;
@@ -318,7 +284,8 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
         X509_NAME *iname;
         int mdlen;
         unsigned char md[EVP_MAX_MD_SIZE];
-        if (!(dgst = EVP_get_digestbyobj(cid->hashAlgorithm->algorithm))) {
+        if ((dgst = EVP_get_digestbyobj(cid->hashAlgorithm.algorithm))
+                == NULL) {
             OCSPerr(OCSP_F_OCSP_MATCH_ISSUERID,
                     OCSP_R_UNKNOWN_MESSAGE_DIGEST);
             return -1;
@@ -327,16 +294,16 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
         mdlen = EVP_MD_size(dgst);
         if (mdlen < 0)
             return -1;
-        if ((cid->issuerNameHash->length != mdlen) ||
-            (cid->issuerKeyHash->length != mdlen))
+        if ((cid->issuerNameHash.length != mdlen) ||
+            (cid->issuerKeyHash.length != mdlen))
             return 0;
         iname = X509_get_subject_name(cert);
         if (!X509_NAME_digest(iname, dgst, md, NULL))
             return -1;
-        if (memcmp(md, cid->issuerNameHash->data, mdlen))
+        if (memcmp(md, cid->issuerNameHash.data, mdlen))
             return 0;
         X509_pubkey_digest(cert, dgst, md, NULL);
-        if (memcmp(md, cid->issuerKeyHash->data, mdlen))
+        if (memcmp(md, cid->issuerKeyHash.data, mdlen))
             return 0;
 
         return 1;
@@ -356,10 +323,10 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
 
 }
 
-static int ocsp_check_delegated(X509 *x, int flags)
+static int ocsp_check_delegated(X509 *x)
 {
-    X509_check_purpose(x, -1, 0);
-    if ((x->ex_flags & EXFLAG_XKUSAGE) && (x->ex_xkusage & XKU_OCSP_SIGN))
+    if ((X509_get_extension_flags(x) & EXFLAG_XKUSAGE)
+        && (X509_get_extended_key_usage(x) & XKU_OCSP_SIGN))
         return 1;
     OCSPerr(OCSP_F_OCSP_CHECK_DELEGATED, OCSP_R_MISSING_OCSPSIGNING_USAGE);
     return 0;
@@ -377,68 +344,80 @@ int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs,
     X509 *signer;
     X509_NAME *nm;
     GENERAL_NAME *gen;
-    int ret;
-    X509_STORE_CTX ctx;
+    int ret = 0;
+    X509_STORE_CTX *ctx = X509_STORE_CTX_new();
+
+    if (ctx == NULL) {
+        OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
     if (!req->optionalSignature) {
         OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_REQUEST_NOT_SIGNED);
-        return 0;
+        goto err;
     }
-    gen = req->tbsRequest->requestorName;
+    gen = req->tbsRequest.requestorName;
     if (!gen || gen->type != GEN_DIRNAME) {
         OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
                 OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE);
-        return 0;
+        goto err;
     }
     nm = gen->d.directoryName;
-    ret = ocsp_req_find_signer(&signer, req, nm, certs, store, flags);
+    ret = ocsp_req_find_signer(&signer, req, nm, certs, flags);
     if (ret <= 0) {
         OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
                 OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
-        return 0;
+        goto err;
     }
     if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
         flags |= OCSP_NOVERIFY;
     if (!(flags & OCSP_NOSIGS)) {
         EVP_PKEY *skey;
-        skey = X509_get_pubkey(signer);
+        skey = X509_get0_pubkey(signer);
         ret = OCSP_REQUEST_verify(req, skey);
-        EVP_PKEY_free(skey);
         if (ret <= 0) {
             OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_SIGNATURE_FAILURE);
-            return 0;
+            goto err;
         }
     }
     if (!(flags & OCSP_NOVERIFY)) {
         int init_res;
         if (flags & OCSP_NOCHAIN)
-            init_res = X509_STORE_CTX_init(&ctx, store, signer, NULL);
+            init_res = X509_STORE_CTX_init(ctx, store, signer, NULL);
         else
-            init_res = X509_STORE_CTX_init(&ctx, store, signer,
+            init_res = X509_STORE_CTX_init(ctx, store, signer,
                                            req->optionalSignature->certs);
         if (!init_res) {
             OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, ERR_R_X509_LIB);
-            return 0;
+            goto err;
         }
 
-        X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER);
-        X509_STORE_CTX_set_trust(&ctx, X509_TRUST_OCSP_REQUEST);
-        ret = X509_verify_cert(&ctx);
-        X509_STORE_CTX_cleanup(&ctx);
+        X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_OCSP_HELPER);
+        X509_STORE_CTX_set_trust(ctx, X509_TRUST_OCSP_REQUEST);
+        ret = X509_verify_cert(ctx);
         if (ret <= 0) {
-            ret = X509_STORE_CTX_get_error(&ctx);
+            ret = X509_STORE_CTX_get_error(ctx);
             OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
                     OCSP_R_CERTIFICATE_VERIFY_ERROR);
             ERR_add_error_data(2, "Verify error:",
                                X509_verify_cert_error_string(ret));
-            return 0;
+            goto err;
         }
     }
-    return 1;
+    ret = 1;
+    goto end;
+
+err:
+    ret = 0;
+end:
+    X509_STORE_CTX_free(ctx);
+    return ret;
+
 }
 
 static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req,
                                 X509_NAME *nm, STACK_OF(X509) *certs,
-                                X509_STORE *st, unsigned long flags)
+                                unsigned long flags)
 {
     X509 *signer;
     if (!(flags & OCSP_NOINTERN)) {
diff --git a/freebsd/crypto/openssl/crypto/x509v3/v3_ocsp.c b/freebsd/crypto/openssl/crypto/ocsp/v3_ocsp.c
index 0b832b87..33624717 100644
--- a/freebsd/crypto/openssl/crypto/x509v3/v3_ocsp.c
+++ b/freebsd/crypto/openssl/crypto/ocsp/v3_ocsp.c
@@ -1,72 +1,22 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* v3_ocsp.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#ifndef OPENSSL_NO_OCSP
-
 # include <stdio.h>
-# include "cryptlib.h"
+# include "internal/cryptlib.h"
 # include <openssl/conf.h>
 # include <openssl/asn1.h>
 # include <openssl/ocsp.h>
+# include "ocsp_lcl.h"
 # include <openssl/x509v3.h>
+# include "../x509v3/ext_dat.h"
 
 /*
  * OCSP extensions and a couple of CRL entry extensions
@@ -236,10 +186,13 @@ static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length)
 {
     ASN1_OCTET_STRING *os, **pos;
     pos = a;
-    if (!pos || !*pos)
+    if (pos == NULL || *pos == NULL) {
         os = ASN1_OCTET_STRING_new();
-    else
+        if (os == NULL)
+            goto err;
+    } else {
         os = *pos;
+    }
     if (!ASN1_OCTET_STRING_set(os, *pp, length))
         goto err;
 
@@ -250,15 +203,15 @@ static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length)
     return os;
 
  err:
-    if (os && (!pos || (*pos != os)))
-        M_ASN1_OCTET_STRING_free(os);
+    if ((pos == NULL) || (*pos != os))
+        ASN1_OCTET_STRING_free(os);
     OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE);
     return NULL;
 }
 
 static void ocsp_nonce_free(void *a)
 {
-    M_ASN1_OCTET_STRING_free(a);
+    ASN1_OCTET_STRING_free(a);
 }
 
 static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce,
@@ -311,4 +264,3 @@ static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in,
  err:
     return 0;
 }
-#endif
diff --git a/freebsd/crypto/openssl/crypto/opensslconf.h b/freebsd/crypto/openssl/crypto/opensslconf.h
deleted file mode 100644
index f533508b..00000000
--- a/freebsd/crypto/openssl/crypto/opensslconf.h
+++ /dev/null
@@ -1,265 +0,0 @@
-/* opensslconf.h */
-/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-/* OpenSSL was configured with the following options: */
-#ifndef OPENSSL_DOING_MAKEDEPEND
-
-
-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
-# define OPENSSL_NO_EC_NISTP_64_GCC_128
-#endif
-#ifndef OPENSSL_NO_GMP
-# define OPENSSL_NO_GMP
-#endif
-#ifndef OPENSSL_NO_JPAKE
-# define OPENSSL_NO_JPAKE
-#endif
-#ifndef OPENSSL_NO_KRB5
-# define OPENSSL_NO_KRB5
-#endif
-#ifndef OPENSSL_NO_LIBUNBOUND
-# define OPENSSL_NO_LIBUNBOUND
-#endif
-#ifndef OPENSSL_NO_MD2
-# define OPENSSL_NO_MD2
-#endif
-#ifndef OPENSSL_NO_RC5
-# define OPENSSL_NO_RC5
-#endif
-#ifndef OPENSSL_NO_RFC3779
-# define OPENSSL_NO_RFC3779
-#endif
-#ifndef OPENSSL_NO_SCTP
-# define OPENSSL_NO_SCTP
-#endif
-#ifndef OPENSSL_NO_SSL_TRACE
-# define OPENSSL_NO_SSL_TRACE
-#endif
-#ifndef OPENSSL_NO_SSL2
-# define OPENSSL_NO_SSL2
-#endif
-#ifndef OPENSSL_NO_STORE
-# define OPENSSL_NO_STORE
-#endif
-#ifndef OPENSSL_NO_UNIT_TEST
-# define OPENSSL_NO_UNIT_TEST
-#endif
-#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
-# define OPENSSL_NO_WEAK_SSL_CIPHERS
-#endif
-
-#endif /* OPENSSL_DOING_MAKEDEPEND */
-
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
-# define OPENSSL_NO_DYNAMIC_ENGINE
-#endif
-
-/* The OPENSSL_NO_* macros are also defined as NO_* if the application
-   asks for it.  This is a transient feature that is provided for those
-   who haven't had the time to do the appropriate changes in their
-   applications.  */
-#ifdef OPENSSL_ALGORITHM_DEFINES
-# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)
-#  define NO_EC_NISTP_64_GCC_128
-# endif
-# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
-#  define NO_GMP
-# endif
-# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
-#  define NO_JPAKE
-# endif
-# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
-#  define NO_KRB5
-# endif
-# if defined(OPENSSL_NO_LIBUNBOUND) && !defined(NO_LIBUNBOUND)
-#  define NO_LIBUNBOUND
-# endif
-# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
-#  define NO_MD2
-# endif
-# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
-#  define NO_RC5
-# endif
-# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
-#  define NO_RFC3779
-# endif
-# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
-#  define NO_SCTP
-# endif
-# if defined(OPENSSL_NO_SSL_TRACE) && !defined(NO_SSL_TRACE)
-#  define NO_SSL_TRACE
-# endif
-# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
-#  define NO_SSL2
-# endif
-# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
-#  define NO_STORE
-# endif
-# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST)
-#  define NO_UNIT_TEST
-# endif
-# if defined(OPENSSL_NO_WEAK_SSL_CIPHERS) && !defined(NO_WEAK_SSL_CIPHERS)
-#  define NO_WEAK_SSL_CIPHERS
-# endif
-#endif
-
-/* crypto/opensslconf.h.in */
-
-/* Generate 80386 code? */
-#undef I386_ONLY
-
-#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
-#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define ENGINESDIR "/usr/local/ssl/lib/engines"
-#define OPENSSLDIR "/usr/local/ssl"
-#endif
-#endif
-
-#undef OPENSSL_UNISTD
-#define OPENSSL_UNISTD <unistd.h>
-
-#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
-#define IDEA_INT unsigned int
-#endif
-
-#if defined(HEADER_MD2_H) && !defined(MD2_INT)
-#define MD2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC2_H) && !defined(RC2_INT)
-/* I need to put in a mod for the alpha - eay */
-#define RC2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC4_H)
-#if !defined(RC4_INT)
-/* using int types make the structure larger but make the code faster
- * on most boxes I have tested - up to %20 faster. */
-/*
- * I don't know what does "most" mean, but declaring "int" is a must on:
- * - Intel P6 because partial register stalls are very expensive;
- * - elder Alpha because it lacks byte load/store instructions;
- */
-#define RC4_INT unsigned int
-#endif
-#if !defined(RC4_CHUNK)
-/*
- * This enables code handling data aligned at natural CPU word
- * boundary. See crypto/rc4/rc4_enc.c for further details.
- */
-#undef RC4_CHUNK
-#endif
-#endif
-
-#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
-/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
- * %20 speed up (longs are 8 bytes, int's are 4). */
-#ifndef DES_LONG
-#define DES_LONG unsigned long
-#endif
-#endif
-
-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
-#define CONFIG_HEADER_BN_H
-#undef BN_LLONG
-
-/* Should we define BN_DIV2W here? */
-
-/* Only one for the following should be defined */
-#undef SIXTY_FOUR_BIT_LONG
-#undef SIXTY_FOUR_BIT
-#define THIRTY_TWO_BIT
-#endif
-
-#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
-#define CONFIG_HEADER_RC4_LOCL_H
-/* if this is defined data[i] is used instead of *data, this is a %20
- * speedup on x86 */
-#undef RC4_INDEX
-#endif
-
-#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
-#define CONFIG_HEADER_BF_LOCL_H
-#undef BF_PTR
-#endif /* HEADER_BF_LOCL_H */
-
-#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
-#define CONFIG_HEADER_DES_LOCL_H
-#ifndef DES_DEFAULT_OPTIONS
-/* the following is tweaked from a config script, that is why it is a
- * protected undef/define */
-#ifndef DES_PTR
-#undef DES_PTR
-#endif
-
-/* This helps C compiler generate the correct code for multiple functional
- * units.  It reduces register dependancies at the expense of 2 more
- * registers */
-#ifndef DES_RISC1
-#undef DES_RISC1
-#endif
-
-#ifndef DES_RISC2
-#undef DES_RISC2
-#endif
-
-#if defined(DES_RISC1) && defined(DES_RISC2)
-#error YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
-#endif
-
-/* Unroll the inner loop, this sometimes helps, sometimes hinders.
- * Very mucy CPU dependant */
-#ifndef DES_UNROLL
-#undef DES_UNROLL
-#endif
-
-/* These default values were supplied by
- * Peter Gutman <pgut001@cs.auckland.ac.nz>
- * They are only used if nothing else has been defined */
-#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
-/* Special defines which change the way the code is built depending on the
-   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
-   even newer MIPS CPU's, but at the moment one size fits all for
-   optimization options.  Older Sparc's work better with only UNROLL, but
-   there's no way to tell at compile time what it is you're running on */
- 
-#if defined( __sun ) || defined ( sun )		/* Newer Sparc's */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#elif defined( __ultrix )	/* Older MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined( __osf1__ )	/* Alpha */
-#  define DES_PTR
-#  define DES_RISC2
-#elif defined ( _AIX )		/* RS6000 */
-  /* Unknown */
-#elif defined( __hpux )		/* HP-PA */
-  /* Unknown */
-#elif defined( __aux )		/* 68K */
-  /* Unknown */
-#elif defined( __dgux )		/* 88K (but P6 in latest boxes) */
-#  define DES_UNROLL
-#elif defined( __sgi )		/* Newer MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined(i386) || defined(__i386__)	/* x86 boxes, should be gcc */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#endif /* Systems-specific speed defines */
-#endif
-
-#endif /* DES_DEFAULT_OPTIONS */
-#endif /* HEADER_DES_LOCL_H */
-#ifdef  __cplusplus
-}
-#endif
diff --git a/freebsd/crypto/openssl/crypto/pem/pem2.h b/freebsd/crypto/openssl/crypto/pem/pem2.h
deleted file mode 100644
index 84897d5e..00000000
--- a/freebsd/crypto/openssl/crypto/pem/pem2.h
+++ /dev/null
@@ -1,70 +0,0 @@
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/*
- * This header only exists to break a circular dependency between pem and err
- * Ben 30 Jan 1999.
- */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifndef HEADER_PEM_H
-void ERR_load_PEM_strings(void);
-#endif
-
-#ifdef __cplusplus
-}
-#endif
diff --git a/freebsd/crypto/openssl/crypto/pem/pem_all.c b/freebsd/crypto/openssl/crypto/pem/pem_all.c
index e3d2afa8..218f0a60 100644
--- a/freebsd/crypto/openssl/crypto/pem/pem_all.c
+++ b/freebsd/crypto/openssl/crypto/pem/pem_all.c
@@ -1,132 +1,24 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/pem/pem_all.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/bio.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/pkcs7.h>
 #include <openssl/pem.h>
-#ifndef OPENSSL_NO_RSA
-# include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-# include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-# include <openssl/dh.h>
-#endif
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/dh.h>
 
 #ifndef OPENSSL_NO_RSA
 static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa);
@@ -178,7 +70,7 @@ RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **rsa, pem_password_cb *cb,
     return pkey_get_rsa(pktmp, rsa);
 }
 
-# ifndef OPENSSL_NO_FP_API
+# ifndef OPENSSL_NO_STDIO
 
 RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb, void *u)
 {
@@ -189,57 +81,10 @@ RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb, void *u)
 
 # endif
 
-# ifdef OPENSSL_FIPS
-
-int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc,
-                                unsigned char *kstr, int klen,
-                                pem_password_cb *cb, void *u)
-{
-    if (FIPS_mode()) {
-        EVP_PKEY *k;
-        int ret;
-        k = EVP_PKEY_new();
-        if (!k)
-            return 0;
-        EVP_PKEY_set1_RSA(k, x);
-
-        ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
-        EVP_PKEY_free(k);
-        return ret;
-    } else
-        return PEM_ASN1_write_bio((i2d_of_void *)i2d_RSAPrivateKey,
-                                  PEM_STRING_RSA, bp, x, enc, kstr, klen, cb,
-                                  u);
-}
-
-#  ifndef OPENSSL_NO_FP_API
-int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc,
-                            unsigned char *kstr, int klen,
-                            pem_password_cb *cb, void *u)
-{
-    if (FIPS_mode()) {
-        EVP_PKEY *k;
-        int ret;
-        k = EVP_PKEY_new();
-        if (!k)
-            return 0;
-
-        EVP_PKEY_set1_RSA(k, x);
-
-        ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
-        EVP_PKEY_free(k);
-        return ret;
-    } else
-        return PEM_ASN1_write((i2d_of_void *)i2d_RSAPrivateKey,
-                              PEM_STRING_RSA, fp, x, enc, kstr, klen, cb, u);
-}
-#  endif
-
-# else
-
 IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA,
                              RSAPrivateKey)
-# endif
+
+
 IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC,
                        RSAPublicKey) IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA,
                                                       PEM_STRING_PUBLIC,
@@ -270,57 +115,10 @@ DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb,
     return pkey_get_dsa(pktmp, dsa); /* will free pktmp */
 }
 
-# ifdef OPENSSL_FIPS
-
-int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc,
-                                unsigned char *kstr, int klen,
-                                pem_password_cb *cb, void *u)
-{
-    if (FIPS_mode()) {
-        EVP_PKEY *k;
-        int ret;
-        k = EVP_PKEY_new();
-        if (!k)
-            return 0;
-        EVP_PKEY_set1_DSA(k, x);
-
-        ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
-        EVP_PKEY_free(k);
-        return ret;
-    } else
-        return PEM_ASN1_write_bio((i2d_of_void *)i2d_DSAPrivateKey,
-                                  PEM_STRING_DSA, bp, x, enc, kstr, klen, cb,
-                                  u);
-}
-
-#  ifndef OPENSSL_NO_FP_API
-int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc,
-                            unsigned char *kstr, int klen,
-                            pem_password_cb *cb, void *u)
-{
-    if (FIPS_mode()) {
-        EVP_PKEY *k;
-        int ret;
-        k = EVP_PKEY_new();
-        if (!k)
-            return 0;
-        EVP_PKEY_set1_DSA(k, x);
-        ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
-        EVP_PKEY_free(k);
-        return ret;
-    } else
-        return PEM_ASN1_write((i2d_of_void *)i2d_DSAPrivateKey,
-                              PEM_STRING_DSA, fp, x, enc, kstr, klen, cb, u);
-}
-#  endif
-
-# else
-
 IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA,
                              DSAPrivateKey)
-# endif
     IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY)
-# ifndef OPENSSL_NO_FP_API
+# ifndef OPENSSL_NO_STDIO
 DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb, void *u)
 {
     EVP_PKEY *pktmp;
@@ -359,56 +157,12 @@ EC_KEY *PEM_read_bio_ECPrivateKey(BIO *bp, EC_KEY **key, pem_password_cb *cb,
 
 IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS,
                        ECPKParameters)
-# ifdef OPENSSL_FIPS
-int PEM_write_bio_ECPrivateKey(BIO *bp, EC_KEY *x, const EVP_CIPHER *enc,
-                               unsigned char *kstr, int klen,
-                               pem_password_cb *cb, void *u)
-{
-    if (FIPS_mode()) {
-        EVP_PKEY *k;
-        int ret;
-        k = EVP_PKEY_new();
-        if (!k)
-            return 0;
-        EVP_PKEY_set1_EC_KEY(k, x);
-
-        ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
-        EVP_PKEY_free(k);
-        return ret;
-    } else
-        return PEM_ASN1_write_bio((i2d_of_void *)i2d_ECPrivateKey,
-                                  PEM_STRING_ECPRIVATEKEY,
-                                  bp, x, enc, kstr, klen, cb, u);
-}
 
-#  ifndef OPENSSL_NO_FP_API
-int PEM_write_ECPrivateKey(FILE *fp, EC_KEY *x, const EVP_CIPHER *enc,
-                           unsigned char *kstr, int klen,
-                           pem_password_cb *cb, void *u)
-{
-    if (FIPS_mode()) {
-        EVP_PKEY *k;
-        int ret;
-        k = EVP_PKEY_new();
-        if (!k)
-            return 0;
-        EVP_PKEY_set1_EC_KEY(k, x);
-        ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
-        EVP_PKEY_free(k);
-        return ret;
-    } else
-        return PEM_ASN1_write((i2d_of_void *)i2d_ECPrivateKey,
-                              PEM_STRING_ECPRIVATEKEY,
-                              fp, x, enc, kstr, klen, cb, u);
-}
-#  endif
 
-# else
-    IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY,
+IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY,
                        ECPrivateKey)
-# endif
 IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY)
-# ifndef OPENSSL_NO_FP_API
+# ifndef OPENSSL_NO_STDIO
 EC_KEY *PEM_read_ECPrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb,
                               void *u)
 {
diff --git a/freebsd/crypto/openssl/crypto/pem/pem_err.c b/freebsd/crypto/openssl/crypto/pem/pem_err.c
index 2bba9f58..9152bf4e 100644
--- a/freebsd/crypto/openssl/crypto/pem/pem_err.c
+++ b/freebsd/crypto/openssl/crypto/pem/pem_err.c
@@ -1,171 +1,128 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/pem/pem_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2016 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
 /*
- * NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
-#include <openssl/pem.h>
+#include <openssl/pemerr.h>
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_PEM,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_PEM,0,reason)
-
-static ERR_STRING_DATA PEM_str_functs[] = {
-    {ERR_FUNC(PEM_F_B2I_DSS), "B2I_DSS"},
-    {ERR_FUNC(PEM_F_B2I_PVK_BIO), "b2i_PVK_bio"},
-    {ERR_FUNC(PEM_F_B2I_RSA), "B2I_RSA"},
-    {ERR_FUNC(PEM_F_CHECK_BITLEN_DSA), "CHECK_BITLEN_DSA"},
-    {ERR_FUNC(PEM_F_CHECK_BITLEN_RSA), "CHECK_BITLEN_RSA"},
-    {ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_BIO), "d2i_PKCS8PrivateKey_bio"},
-    {ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_FP), "d2i_PKCS8PrivateKey_fp"},
-    {ERR_FUNC(PEM_F_DO_B2I), "DO_B2I"},
-    {ERR_FUNC(PEM_F_DO_B2I_BIO), "DO_B2I_BIO"},
-    {ERR_FUNC(PEM_F_DO_BLOB_HEADER), "DO_BLOB_HEADER"},
-    {ERR_FUNC(PEM_F_DO_PK8PKEY), "DO_PK8PKEY"},
-    {ERR_FUNC(PEM_F_DO_PK8PKEY_FP), "DO_PK8PKEY_FP"},
-    {ERR_FUNC(PEM_F_DO_PVK_BODY), "DO_PVK_BODY"},
-    {ERR_FUNC(PEM_F_DO_PVK_HEADER), "DO_PVK_HEADER"},
-    {ERR_FUNC(PEM_F_I2B_PVK), "I2B_PVK"},
-    {ERR_FUNC(PEM_F_I2B_PVK_BIO), "i2b_PVK_bio"},
-    {ERR_FUNC(PEM_F_LOAD_IV), "LOAD_IV"},
-    {ERR_FUNC(PEM_F_PEM_ASN1_READ), "PEM_ASN1_read"},
-    {ERR_FUNC(PEM_F_PEM_ASN1_READ_BIO), "PEM_ASN1_read_bio"},
-    {ERR_FUNC(PEM_F_PEM_ASN1_WRITE), "PEM_ASN1_write"},
-    {ERR_FUNC(PEM_F_PEM_ASN1_WRITE_BIO), "PEM_ASN1_write_bio"},
-    {ERR_FUNC(PEM_F_PEM_DEF_CALLBACK), "PEM_def_callback"},
-    {ERR_FUNC(PEM_F_PEM_DO_HEADER), "PEM_do_header"},
-    {ERR_FUNC(PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY),
-     "PEM_F_PEM_WRITE_PKCS8PRIVATEKEY"},
-    {ERR_FUNC(PEM_F_PEM_GET_EVP_CIPHER_INFO), "PEM_get_EVP_CIPHER_INFO"},
-    {ERR_FUNC(PEM_F_PEM_PK8PKEY), "PEM_PK8PKEY"},
-    {ERR_FUNC(PEM_F_PEM_READ), "PEM_read"},
-    {ERR_FUNC(PEM_F_PEM_READ_BIO), "PEM_read_bio"},
-    {ERR_FUNC(PEM_F_PEM_READ_BIO_DHPARAMS), "PEM_READ_BIO_DHPARAMS"},
-    {ERR_FUNC(PEM_F_PEM_READ_BIO_PARAMETERS), "PEM_read_bio_Parameters"},
-    {ERR_FUNC(PEM_F_PEM_READ_BIO_PRIVATEKEY), "PEM_READ_BIO_PRIVATEKEY"},
-    {ERR_FUNC(PEM_F_PEM_READ_DHPARAMS), "PEM_READ_DHPARAMS"},
-    {ERR_FUNC(PEM_F_PEM_READ_PRIVATEKEY), "PEM_READ_PRIVATEKEY"},
-    {ERR_FUNC(PEM_F_PEM_SEALFINAL), "PEM_SealFinal"},
-    {ERR_FUNC(PEM_F_PEM_SEALINIT), "PEM_SealInit"},
-    {ERR_FUNC(PEM_F_PEM_SIGNFINAL), "PEM_SignFinal"},
-    {ERR_FUNC(PEM_F_PEM_WRITE), "PEM_write"},
-    {ERR_FUNC(PEM_F_PEM_WRITE_BIO), "PEM_write_bio"},
-    {ERR_FUNC(PEM_F_PEM_WRITE_PRIVATEKEY), "PEM_WRITE_PRIVATEKEY"},
-    {ERR_FUNC(PEM_F_PEM_X509_INFO_READ), "PEM_X509_INFO_read"},
-    {ERR_FUNC(PEM_F_PEM_X509_INFO_READ_BIO), "PEM_X509_INFO_read_bio"},
-    {ERR_FUNC(PEM_F_PEM_X509_INFO_WRITE_BIO), "PEM_X509_INFO_write_bio"},
+static const ERR_STRING_DATA PEM_str_functs[] = {
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_B2I_DSS, 0), "b2i_dss"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_B2I_PVK_BIO, 0), "b2i_PVK_bio"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_B2I_RSA, 0), "b2i_rsa"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_CHECK_BITLEN_DSA, 0), "check_bitlen_dsa"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_CHECK_BITLEN_RSA, 0), "check_bitlen_rsa"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_D2I_PKCS8PRIVATEKEY_BIO, 0),
+     "d2i_PKCS8PrivateKey_bio"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_D2I_PKCS8PRIVATEKEY_FP, 0),
+     "d2i_PKCS8PrivateKey_fp"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_B2I, 0), "do_b2i"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_B2I_BIO, 0), "do_b2i_bio"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_BLOB_HEADER, 0), "do_blob_header"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_I2B, 0), "do_i2b"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_PK8PKEY, 0), "do_pk8pkey"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_PK8PKEY_FP, 0), "do_pk8pkey_fp"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_PVK_BODY, 0), "do_PVK_body"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_PVK_HEADER, 0), "do_PVK_header"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_GET_HEADER_AND_DATA, 0),
+     "get_header_and_data"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_GET_NAME, 0), "get_name"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_I2B_PVK, 0), "i2b_PVK"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_I2B_PVK_BIO, 0), "i2b_PVK_bio"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_LOAD_IV, 0), "load_iv"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_ASN1_READ, 0), "PEM_ASN1_read"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_ASN1_READ_BIO, 0), "PEM_ASN1_read_bio"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_ASN1_WRITE, 0), "PEM_ASN1_write"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_ASN1_WRITE_BIO, 0), "PEM_ASN1_write_bio"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_DEF_CALLBACK, 0), "PEM_def_callback"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_DO_HEADER, 0), "PEM_do_header"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_GET_EVP_CIPHER_INFO, 0),
+     "PEM_get_EVP_CIPHER_INFO"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ, 0), "PEM_read"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_BIO, 0), "PEM_read_bio"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_BIO_DHPARAMS, 0),
+     "PEM_read_bio_DHparams"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_BIO_EX, 0), "PEM_read_bio_ex"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_BIO_PARAMETERS, 0),
+     "PEM_read_bio_Parameters"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_BIO_PRIVATEKEY, 0),
+     "PEM_read_bio_PrivateKey"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_DHPARAMS, 0), "PEM_read_DHparams"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_PRIVATEKEY, 0),
+     "PEM_read_PrivateKey"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_SIGNFINAL, 0), "PEM_SignFinal"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_WRITE, 0), "PEM_write"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_WRITE_BIO, 0), "PEM_write_bio"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_WRITE_PRIVATEKEY, 0),
+     "PEM_write_PrivateKey"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_X509_INFO_READ, 0), "PEM_X509_INFO_read"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_X509_INFO_READ_BIO, 0),
+     "PEM_X509_INFO_read_bio"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_X509_INFO_WRITE_BIO, 0),
+     "PEM_X509_INFO_write_bio"},
     {0, NULL}
 };
 
-static ERR_STRING_DATA PEM_str_reasons[] = {
-    {ERR_REASON(PEM_R_BAD_BASE64_DECODE), "bad base64 decode"},
-    {ERR_REASON(PEM_R_BAD_DECRYPT), "bad decrypt"},
-    {ERR_REASON(PEM_R_BAD_END_LINE), "bad end line"},
-    {ERR_REASON(PEM_R_BAD_IV_CHARS), "bad iv chars"},
-    {ERR_REASON(PEM_R_BAD_MAGIC_NUMBER), "bad magic number"},
-    {ERR_REASON(PEM_R_BAD_PASSWORD_READ), "bad password read"},
-    {ERR_REASON(PEM_R_BAD_VERSION_NUMBER), "bad version number"},
-    {ERR_REASON(PEM_R_BIO_WRITE_FAILURE), "bio write failure"},
-    {ERR_REASON(PEM_R_CIPHER_IS_NULL), "cipher is null"},
-    {ERR_REASON(PEM_R_ERROR_CONVERTING_PRIVATE_KEY),
-     "error converting private key"},
-    {ERR_REASON(PEM_R_EXPECTING_PRIVATE_KEY_BLOB),
-     "expecting private key blob"},
-    {ERR_REASON(PEM_R_EXPECTING_PUBLIC_KEY_BLOB),
-     "expecting public key blob"},
-    {ERR_REASON(PEM_R_HEADER_TOO_LONG), "header too long"},
-    {ERR_REASON(PEM_R_INCONSISTENT_HEADER), "inconsistent header"},
-    {ERR_REASON(PEM_R_KEYBLOB_HEADER_PARSE_ERROR),
-     "keyblob header parse error"},
-    {ERR_REASON(PEM_R_KEYBLOB_TOO_SHORT), "keyblob too short"},
-    {ERR_REASON(PEM_R_NOT_DEK_INFO), "not dek info"},
-    {ERR_REASON(PEM_R_NOT_ENCRYPTED), "not encrypted"},
-    {ERR_REASON(PEM_R_NOT_PROC_TYPE), "not proc type"},
-    {ERR_REASON(PEM_R_NO_START_LINE), "no start line"},
-    {ERR_REASON(PEM_R_PROBLEMS_GETTING_PASSWORD),
-     "problems getting password"},
-    {ERR_REASON(PEM_R_PUBLIC_KEY_NO_RSA), "public key no rsa"},
-    {ERR_REASON(PEM_R_PVK_DATA_TOO_SHORT), "pvk data too short"},
-    {ERR_REASON(PEM_R_PVK_TOO_SHORT), "pvk too short"},
-    {ERR_REASON(PEM_R_READ_KEY), "read key"},
-    {ERR_REASON(PEM_R_SHORT_HEADER), "short header"},
-    {ERR_REASON(PEM_R_UNSUPPORTED_CIPHER), "unsupported cipher"},
-    {ERR_REASON(PEM_R_UNSUPPORTED_ENCRYPTION), "unsupported encryption"},
-    {ERR_REASON(PEM_R_UNSUPPORTED_KEY_COMPONENTS),
-     "unsupported key components"},
+static const ERR_STRING_DATA PEM_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_BASE64_DECODE), "bad base64 decode"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_DECRYPT), "bad decrypt"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_END_LINE), "bad end line"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_IV_CHARS), "bad iv chars"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_MAGIC_NUMBER), "bad magic number"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_PASSWORD_READ), "bad password read"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_VERSION_NUMBER), "bad version number"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BIO_WRITE_FAILURE), "bio write failure"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_CIPHER_IS_NULL), "cipher is null"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_ERROR_CONVERTING_PRIVATE_KEY),
+    "error converting private key"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_EXPECTING_PRIVATE_KEY_BLOB),
+    "expecting private key blob"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_EXPECTING_PUBLIC_KEY_BLOB),
+    "expecting public key blob"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_HEADER_TOO_LONG), "header too long"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_INCONSISTENT_HEADER),
+    "inconsistent header"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_KEYBLOB_HEADER_PARSE_ERROR),
+    "keyblob header parse error"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_KEYBLOB_TOO_SHORT), "keyblob too short"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_MISSING_DEK_IV), "missing dek iv"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_NOT_DEK_INFO), "not dek info"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_NOT_ENCRYPTED), "not encrypted"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_NOT_PROC_TYPE), "not proc type"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_NO_START_LINE), "no start line"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_PROBLEMS_GETTING_PASSWORD),
+    "problems getting password"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_PVK_DATA_TOO_SHORT), "pvk data too short"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_PVK_TOO_SHORT), "pvk too short"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_READ_KEY), "read key"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_SHORT_HEADER), "short header"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_UNEXPECTED_DEK_IV), "unexpected dek iv"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_UNSUPPORTED_CIPHER), "unsupported cipher"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_UNSUPPORTED_ENCRYPTION),
+    "unsupported encryption"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_UNSUPPORTED_KEY_COMPONENTS),
+    "unsupported key components"},
     {0, NULL}
 };
 
 #endif
 
-void ERR_load_PEM_strings(void)
+int ERR_load_PEM_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
-
     if (ERR_func_error_string(PEM_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, PEM_str_functs);
-        ERR_load_strings(0, PEM_str_reasons);
+        ERR_load_strings_const(PEM_str_functs);
+        ERR_load_strings_const(PEM_str_reasons);
     }
 #endif
+    return 1;
 }
diff --git a/freebsd/crypto/openssl/crypto/pem/pem_info.c b/freebsd/crypto/openssl/crypto/pem/pem_info.c
index c0370daf..16e182ce 100644
--- a/freebsd/crypto/openssl/crypto/pem/pem_info.c
+++ b/freebsd/crypto/openssl/crypto/pem/pem_info.c
@@ -1,78 +1,25 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/pem/pem_info.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/buffer.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
-#ifndef OPENSSL_NO_RSA
-# include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-# include <openssl/dsa.h>
-#endif
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
 
-#ifndef OPENSSL_NO_FP_API
+#ifndef OPENSSL_NO_STDIO
 STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
                                         pem_password_cb *cb, void *u)
 {
@@ -81,12 +28,12 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
 
     if ((b = BIO_new(BIO_s_file())) == NULL) {
         PEMerr(PEM_F_PEM_X509_INFO_READ, ERR_R_BUF_LIB);
-        return (0);
+        return 0;
     }
     BIO_set_fp(b, fp, BIO_NOCLOSE);
     ret = PEM_X509_INFO_read_bio(b, sk, cb, u);
     BIO_free(b);
-    return (ret);
+    return ret;
 }
 #endif
 
@@ -261,14 +208,11 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk,
         } else {
             /* unknown */
         }
-        if (name != NULL)
-            OPENSSL_free(name);
-        if (header != NULL)
-            OPENSSL_free(header);
-        if (data != NULL)
-            OPENSSL_free(data);
+        OPENSSL_free(name);
         name = NULL;
+        OPENSSL_free(header);
         header = NULL;
+        OPENSSL_free(data);
         data = NULL;
     }
 
@@ -284,8 +228,7 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk,
     }
     ok = 1;
  err:
-    if (xi != NULL)
-        X509_INFO_free(xi);
+    X509_INFO_free(xi);
     if (!ok) {
         for (i = 0; ((int)i) < sk_X509_INFO_num(ret); i++) {
             xi = sk_X509_INFO_value(ret, i);
@@ -296,13 +239,10 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk,
         ret = NULL;
     }
 
-    if (name != NULL)
-        OPENSSL_free(name);
-    if (header != NULL)
-        OPENSSL_free(header);
-    if (data != NULL)
-        OPENSSL_free(data);
-    return (ret);
+    OPENSSL_free(name);
+    OPENSSL_free(header);
+    OPENSSL_free(data);
+    return ret;
 }
 
 /* A TJH addition */
@@ -310,7 +250,6 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
                             unsigned char *kstr, int klen,
                             pem_password_cb *cb, void *u)
 {
-    EVP_CIPHER_CTX ctx;
     int i, ret = 0;
     unsigned char *data = NULL;
     const char *objstr = NULL;
@@ -319,7 +258,13 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
 
     if (enc != NULL) {
         objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
-        if (objstr == NULL) {
+        if (objstr == NULL
+                   /*
+                    * Check "Proc-Type: 4,Encrypted\nDEK-Info: objstr,hex-iv\n"
+                    * fits into buf
+                    */
+                || (strlen(objstr) + 23 + 2 * EVP_CIPHER_iv_length(enc) + 13)
+                   > sizeof(buf)) {
             PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER);
             goto err;
         }
@@ -354,12 +299,11 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
                 goto err;
             }
 
-            /* create the right magic header stuff */
-            OPENSSL_assert(strlen(objstr) + 23 + 2 * enc->iv_len + 13 <=
-                           sizeof(buf));
+            /* Create the right magic header stuff */ 
             buf[0] = '\0';
             PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);
-            PEM_dek_info(buf, objstr, enc->iv_len, (char *)iv);
+            PEM_dek_info(buf, objstr, EVP_CIPHER_iv_length(enc),
+                         (char *)iv);
 
             /* use the normal code to write things out */
             i = PEM_write_bio(bp, PEM_STRING_RSA, buf, data, i);
@@ -370,7 +314,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
 #ifndef OPENSSL_NO_RSA
             /* normal optionally encrypted stuff */
             if (PEM_write_bio_RSAPrivateKey(bp,
-                                            xi->x_pkey->dec_pkey->pkey.rsa,
+                                            EVP_PKEY_get0_RSA(xi->x_pkey->dec_pkey),
                                             enc, kstr, klen, cb, u) <= 0)
                 goto err;
 #endif
@@ -390,7 +334,6 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
     ret = 1;
 
  err:
-    OPENSSL_cleanse((char *)&ctx, sizeof(ctx));
     OPENSSL_cleanse(buf, PEM_BUFSIZE);
-    return (ret);
+    return ret;
 }
diff --git a/freebsd/crypto/openssl/crypto/pem/pem_lib.c b/freebsd/crypto/openssl/crypto/pem/pem_lib.c
index 9af24f46..e9f2e177 100644
--- a/freebsd/crypto/openssl/crypto/pem/pem_lib.c
+++ b/freebsd/crypto/openssl/crypto/pem/pem_lib.c
@@ -1,66 +1,18 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/pem/pem_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include <ctype.h>
-#include "cryptlib.h"
+#include "internal/ctype.h"
+#include <string.h>
+#include "internal/cryptlib.h"
 #include <openssl/buffer.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
@@ -68,15 +20,9 @@
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/pkcs12.h>
-#include "asn1_locl.h"
-#ifndef OPENSSL_NO_DES
-# include <openssl/des.h>
-#endif
-#ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
-#endif
-
-const char PEM_version[] = "PEM" OPENSSL_VERSION_PTEXT;
+#include "internal/asn1_int.h"
+#include <openssl/des.h>
+#include <openssl/engine.h>
 
 #define MIN_LENGTH      4
 
@@ -122,6 +68,7 @@ int PEM_def_callback(char *buf, int num, int rwflag, void *userdata)
 void PEM_proc_type(char *buf, int type)
 {
     const char *str;
+    char *p = buf + strlen(buf);
 
     if (type == PEM_TYPE_ENCRYPTED)
         str = "ENCRYPTED";
@@ -132,32 +79,32 @@ void PEM_proc_type(char *buf, int type)
     else
         str = "BAD-TYPE";
 
-    BUF_strlcat(buf, "Proc-Type: 4,", PEM_BUFSIZE);
-    BUF_strlcat(buf, str, PEM_BUFSIZE);
-    BUF_strlcat(buf, "\n", PEM_BUFSIZE);
+    BIO_snprintf(p, PEM_BUFSIZE - (size_t)(p - buf), "Proc-Type: 4,%s\n", str);
 }
 
 void PEM_dek_info(char *buf, const char *type, int len, char *str)
 {
-    static const unsigned char map[17] = "0123456789ABCDEF";
     long i;
-    int j;
-
-    BUF_strlcat(buf, "DEK-Info: ", PEM_BUFSIZE);
-    BUF_strlcat(buf, type, PEM_BUFSIZE);
-    BUF_strlcat(buf, ",", PEM_BUFSIZE);
-    j = strlen(buf);
-    if (j + (len * 2) + 1 > PEM_BUFSIZE)
-        return;
-    for (i = 0; i < len; i++) {
-        buf[j + i * 2] = map[(str[i] >> 4) & 0x0f];
-        buf[j + i * 2 + 1] = map[(str[i]) & 0x0f];
-    }
-    buf[j + i * 2] = '\n';
-    buf[j + i * 2 + 1] = '\0';
+    char *p = buf + strlen(buf);
+    int j = PEM_BUFSIZE - (size_t)(p - buf), n;
+
+    n = BIO_snprintf(p, j, "DEK-Info: %s,", type);
+    if (n > 0) {
+        j -= n;
+        p += n;
+        for (i = 0; i < len; i++) {
+            n = BIO_snprintf(p, j, "%02X", 0xff & str[i]);
+            if (n <= 0)
+                return;
+            j -= n;
+            p += n;
+        }
+        if (j > 1)
+            strcpy(p, "\n");
+    }
 }
 
-#ifndef OPENSSL_NO_FP_API
+#ifndef OPENSSL_NO_STDIO
 void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,
                     pem_password_cb *cb, void *u)
 {
@@ -166,34 +113,34 @@ void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,
 
     if ((b = BIO_new(BIO_s_file())) == NULL) {
         PEMerr(PEM_F_PEM_ASN1_READ, ERR_R_BUF_LIB);
-        return (0);
+        return 0;
     }
     BIO_set_fp(b, fp, BIO_NOCLOSE);
     ret = PEM_ASN1_read_bio(d2i, name, b, x, cb, u);
     BIO_free(b);
-    return (ret);
+    return ret;
 }
 #endif
 
 static int check_pem(const char *nm, const char *name)
 {
     /* Normal matching nm and name */
-    if (!strcmp(nm, name))
+    if (strcmp(nm, name) == 0)
         return 1;
 
     /* Make PEM_STRING_EVP_PKEY match any private key */
 
-    if (!strcmp(name, PEM_STRING_EVP_PKEY)) {
+    if (strcmp(name, PEM_STRING_EVP_PKEY) == 0) {
         int slen;
         const EVP_PKEY_ASN1_METHOD *ameth;
-        if (!strcmp(nm, PEM_STRING_PKCS8))
+        if (strcmp(nm, PEM_STRING_PKCS8) == 0)
             return 1;
-        if (!strcmp(nm, PEM_STRING_PKCS8INF))
+        if (strcmp(nm, PEM_STRING_PKCS8INF) == 0)
             return 1;
         slen = pem_check_suffix(nm, "PRIVATE KEY");
         if (slen > 0) {
             /*
-             * NB: ENGINE implementations wont contain a deprecated old
+             * NB: ENGINE implementations won't contain a deprecated old
              * private key decode function so don't look for them.
              */
             ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen);
@@ -203,7 +150,7 @@ static int check_pem(const char *nm, const char *name)
         return 0;
     }
 
-    if (!strcmp(name, PEM_STRING_PARAMETERS)) {
+    if (strcmp(name, PEM_STRING_PARAMETERS) == 0) {
         int slen;
         const EVP_PKEY_ASN1_METHOD *ameth;
         slen = pem_check_suffix(nm, "PARAMETERS");
@@ -217,8 +164,7 @@ static int check_pem(const char *nm, const char *name)
                 else
                     r = 0;
 #ifndef OPENSSL_NO_ENGINE
-                if (e)
-                    ENGINE_finish(e);
+                ENGINE_finish(e);
 #endif
                 return r;
             }
@@ -226,69 +172,86 @@ static int check_pem(const char *nm, const char *name)
         return 0;
     }
     /* If reading DH parameters handle X9.42 DH format too */
-    if (!strcmp(nm, PEM_STRING_DHXPARAMS) &&
-        !strcmp(name, PEM_STRING_DHPARAMS))
+    if (strcmp(nm, PEM_STRING_DHXPARAMS) == 0
+        && strcmp(name, PEM_STRING_DHPARAMS) == 0)
         return 1;
 
     /* Permit older strings */
 
-    if (!strcmp(nm, PEM_STRING_X509_OLD) && !strcmp(name, PEM_STRING_X509))
+    if (strcmp(nm, PEM_STRING_X509_OLD) == 0
+        && strcmp(name, PEM_STRING_X509) == 0)
         return 1;
 
-    if (!strcmp(nm, PEM_STRING_X509_REQ_OLD) &&
-        !strcmp(name, PEM_STRING_X509_REQ))
+    if (strcmp(nm, PEM_STRING_X509_REQ_OLD) == 0
+        && strcmp(name, PEM_STRING_X509_REQ) == 0)
         return 1;
 
     /* Allow normal certs to be read as trusted certs */
-    if (!strcmp(nm, PEM_STRING_X509) &&
-        !strcmp(name, PEM_STRING_X509_TRUSTED))
+    if (strcmp(nm, PEM_STRING_X509) == 0
+        && strcmp(name, PEM_STRING_X509_TRUSTED) == 0)
         return 1;
 
-    if (!strcmp(nm, PEM_STRING_X509_OLD) &&
-        !strcmp(name, PEM_STRING_X509_TRUSTED))
+    if (strcmp(nm, PEM_STRING_X509_OLD) == 0
+        && strcmp(name, PEM_STRING_X509_TRUSTED) == 0)
         return 1;
 
     /* Some CAs use PKCS#7 with CERTIFICATE headers */
-    if (!strcmp(nm, PEM_STRING_X509) && !strcmp(name, PEM_STRING_PKCS7))
+    if (strcmp(nm, PEM_STRING_X509) == 0
+        && strcmp(name, PEM_STRING_PKCS7) == 0)
         return 1;
 
-    if (!strcmp(nm, PEM_STRING_PKCS7_SIGNED) &&
-        !strcmp(name, PEM_STRING_PKCS7))
+    if (strcmp(nm, PEM_STRING_PKCS7_SIGNED) == 0
+        && strcmp(name, PEM_STRING_PKCS7) == 0)
         return 1;
 
 #ifndef OPENSSL_NO_CMS
-    if (!strcmp(nm, PEM_STRING_X509) && !strcmp(name, PEM_STRING_CMS))
+    if (strcmp(nm, PEM_STRING_X509) == 0
+        && strcmp(name, PEM_STRING_CMS) == 0)
         return 1;
     /* Allow CMS to be read from PKCS#7 headers */
-    if (!strcmp(nm, PEM_STRING_PKCS7) && !strcmp(name, PEM_STRING_CMS))
+    if (strcmp(nm, PEM_STRING_PKCS7) == 0
+        && strcmp(name, PEM_STRING_CMS) == 0)
         return 1;
 #endif
 
     return 0;
 }
 
-int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm,
-                       const char *name, BIO *bp, pem_password_cb *cb,
-                       void *u)
+static void pem_free(void *p, unsigned int flags, size_t num)
+{
+    if (flags & PEM_FLAG_SECURE)
+        OPENSSL_secure_clear_free(p, num);
+    else
+        OPENSSL_free(p);
+}
+
+static void *pem_malloc(int num, unsigned int flags)
+{
+    return (flags & PEM_FLAG_SECURE) ? OPENSSL_secure_malloc(num)
+                                     : OPENSSL_malloc(num);
+}
+
+static int pem_bytes_read_bio_flags(unsigned char **pdata, long *plen,
+                                    char **pnm, const char *name, BIO *bp,
+                                    pem_password_cb *cb, void *u,
+                                    unsigned int flags)
 {
     EVP_CIPHER_INFO cipher;
     char *nm = NULL, *header = NULL;
     unsigned char *data = NULL;
-    long len;
+    long len = 0;
     int ret = 0;
 
-    for (;;) {
-        if (!PEM_read_bio(bp, &nm, &header, &data, &len)) {
+    do {
+        pem_free(nm, flags, 0);
+        pem_free(header, flags, 0);
+        pem_free(data, flags, len);
+        if (!PEM_read_bio_ex(bp, &nm, &header, &data, &len, flags)) {
             if (ERR_GET_REASON(ERR_peek_error()) == PEM_R_NO_START_LINE)
                 ERR_add_error_data(2, "Expecting: ", name);
             return 0;
         }
-        if (check_pem(nm, name))
-            break;
-        OPENSSL_free(nm);
-        OPENSSL_free(header);
-        OPENSSL_free(data);
-    }
+    } while (!check_pem(nm, name));
     if (!PEM_get_EVP_CIPHER_INFO(header, &cipher))
         goto err;
     if (!PEM_do_header(&cipher, data, &len, cb, u))
@@ -297,21 +260,35 @@ int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm,
     *pdata = data;
     *plen = len;
 
-    if (pnm)
+    if (pnm != NULL)
         *pnm = nm;
 
     ret = 1;
 
  err:
-    if (!ret || !pnm)
-        OPENSSL_free(nm);
-    OPENSSL_free(header);
+    if (!ret || pnm == NULL)
+        pem_free(nm, flags, 0);
+    pem_free(header, flags, 0);
     if (!ret)
-        OPENSSL_free(data);
+        pem_free(data, flags, len);
     return ret;
 }
 
-#ifndef OPENSSL_NO_FP_API
+int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm,
+                       const char *name, BIO *bp, pem_password_cb *cb,
+                       void *u) {
+    return pem_bytes_read_bio_flags(pdata, plen, pnm, name, bp, cb, u,
+                                    PEM_FLAG_EAY_COMPATIBLE);
+}
+
+int PEM_bytes_read_bio_secmem(unsigned char **pdata, long *plen, char **pnm,
+                              const char *name, BIO *bp, pem_password_cb *cb,
+                              void *u) {
+    return pem_bytes_read_bio_flags(pdata, plen, pnm, name, bp, cb, u,
+                                    PEM_FLAG_SECURE | PEM_FLAG_EAY_COMPATIBLE);
+}
+
+#ifndef OPENSSL_NO_STDIO
 int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
                    void *x, const EVP_CIPHER *enc, unsigned char *kstr,
                    int klen, pem_password_cb *callback, void *u)
@@ -321,12 +298,12 @@ int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
 
     if ((b = BIO_new(BIO_s_file())) == NULL) {
         PEMerr(PEM_F_PEM_ASN1_WRITE, ERR_R_BUF_LIB);
-        return (0);
+        return 0;
     }
     BIO_set_fp(b, fp, BIO_NOCLOSE);
     ret = PEM_ASN1_write_bio(i2d, name, b, x, enc, kstr, klen, callback, u);
     BIO_free(b);
-    return (ret);
+    return ret;
 }
 #endif
 
@@ -334,8 +311,8 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
                        void *x, const EVP_CIPHER *enc, unsigned char *kstr,
                        int klen, pem_password_cb *callback, void *u)
 {
-    EVP_CIPHER_CTX ctx;
-    int dsize = 0, i, j, ret = 0;
+    EVP_CIPHER_CTX *ctx = NULL;
+    int dsize = 0, i = 0, j = 0, ret = 0;
     unsigned char *p, *data = NULL;
     const char *objstr = NULL;
     char buf[PEM_BUFSIZE];
@@ -344,7 +321,14 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
 
     if (enc != NULL) {
         objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
-        if (objstr == NULL || EVP_CIPHER_iv_length(enc) == 0) {
+        if (objstr == NULL || EVP_CIPHER_iv_length(enc) == 0
+                || EVP_CIPHER_iv_length(enc) > (int)sizeof(iv)
+                   /*
+                    * Check "Proc-Type: 4,Encrypted\nDEK-Info: objstr,hex-iv\n"
+                    * fits into buf
+                    */
+                || (strlen(objstr) + 23 + 2 * EVP_CIPHER_iv_length(enc) + 13)
+                   > sizeof(buf)) {
             PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER);
             goto err;
         }
@@ -355,9 +339,9 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
         dsize = 0;
         goto err;
     }
-    /* dzise + 8 bytes are needed */
+    /* dsize + 8 bytes are needed */
     /* actually it needs the cipher block size extra... */
-    data = (unsigned char *)OPENSSL_malloc((unsigned int)dsize + 20);
+    data = OPENSSL_malloc((unsigned int)dsize + 20);
     if (data == NULL) {
         PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, ERR_R_MALLOC_FAILURE);
         goto err;
@@ -381,9 +365,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
 #endif
             kstr = (unsigned char *)buf;
         }
-        RAND_add(data, i, 0);   /* put in the RSA key. */
-        OPENSSL_assert(enc->iv_len <= (int)sizeof(iv));
-        if (RAND_bytes(iv, enc->iv_len) <= 0) /* Generate a salt */
+        if (RAND_bytes(iv, EVP_CIPHER_iv_length(enc)) <= 0) /* Generate a salt */
             goto err;
         /*
          * The 'iv' is used as the iv and as a salt.  It is NOT taken from
@@ -395,21 +377,17 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
         if (kstr == (unsigned char *)buf)
             OPENSSL_cleanse(buf, PEM_BUFSIZE);
 
-        OPENSSL_assert(strlen(objstr) + 23 + 2 * enc->iv_len + 13 <=
-                       sizeof(buf));
-
         buf[0] = '\0';
         PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);
-        PEM_dek_info(buf, objstr, enc->iv_len, (char *)iv);
+        PEM_dek_info(buf, objstr, EVP_CIPHER_iv_length(enc), (char *)iv);
         /* k=strlen(buf); */
 
-        EVP_CIPHER_CTX_init(&ctx);
         ret = 1;
-        if (!EVP_EncryptInit_ex(&ctx, enc, NULL, key, iv)
-            || !EVP_EncryptUpdate(&ctx, data, &j, data, i)
-            || !EVP_EncryptFinal_ex(&ctx, &(data[j]), &i))
+        if ((ctx = EVP_CIPHER_CTX_new()) == NULL
+            || !EVP_EncryptInit_ex(ctx, enc, NULL, key, iv)
+            || !EVP_EncryptUpdate(ctx, data, &j, data, i)
+            || !EVP_EncryptFinal_ex(ctx, &(data[j]), &i))
             ret = 0;
-        EVP_CIPHER_CTX_cleanup(&ctx);
         if (ret == 0)
             goto err;
         i += j;
@@ -423,129 +401,163 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
  err:
     OPENSSL_cleanse(key, sizeof(key));
     OPENSSL_cleanse(iv, sizeof(iv));
-    OPENSSL_cleanse((char *)&ctx, sizeof(ctx));
+    EVP_CIPHER_CTX_free(ctx);
     OPENSSL_cleanse(buf, PEM_BUFSIZE);
-    if (data != NULL) {
-        OPENSSL_cleanse(data, (unsigned int)dsize);
-        OPENSSL_free(data);
-    }
-    return (ret);
+    OPENSSL_clear_free(data, (unsigned int)dsize);
+    return ret;
 }
 
 int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
                   pem_password_cb *callback, void *u)
 {
-    int i = 0, j, o, klen;
-    long len;
-    EVP_CIPHER_CTX ctx;
+    int ok;
+    int keylen;
+    long len = *plen;
+    int ilen = (int) len;       /* EVP_DecryptUpdate etc. take int lengths */
+    EVP_CIPHER_CTX *ctx;
     unsigned char key[EVP_MAX_KEY_LENGTH];
     char buf[PEM_BUFSIZE];
 
-    len = *plen;
+#if LONG_MAX > INT_MAX
+    /* Check that we did not truncate the length */
+    if (len > INT_MAX) {
+        PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_HEADER_TOO_LONG);
+        return 0;
+    }
+#endif
 
     if (cipher->cipher == NULL)
-        return (1);
+        return 1;
     if (callback == NULL)
-        klen = PEM_def_callback(buf, PEM_BUFSIZE, 0, u);
+        keylen = PEM_def_callback(buf, PEM_BUFSIZE, 0, u);
     else
-        klen = callback(buf, PEM_BUFSIZE, 0, u);
-    if (klen < 0) {
+        keylen = callback(buf, PEM_BUFSIZE, 0, u);
+    if (keylen < 0) {
         PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_PASSWORD_READ);
-        return (0);
+        return 0;
     }
 #ifdef CHARSET_EBCDIC
     /* Convert the pass phrase from EBCDIC */
-    ebcdic2ascii(buf, buf, klen);
+    ebcdic2ascii(buf, buf, keylen);
 #endif
 
     if (!EVP_BytesToKey(cipher->cipher, EVP_md5(), &(cipher->iv[0]),
-                        (unsigned char *)buf, klen, 1, key, NULL))
+                        (unsigned char *)buf, keylen, 1, key, NULL))
+        return 0;
+
+    ctx = EVP_CIPHER_CTX_new();
+    if (ctx == NULL)
         return 0;
 
-    j = (int)len;
-    EVP_CIPHER_CTX_init(&ctx);
-    o = EVP_DecryptInit_ex(&ctx, cipher->cipher, NULL, key, &(cipher->iv[0]));
-    if (o)
-        o = EVP_DecryptUpdate(&ctx, data, &i, data, j);
-    if (o)
-        o = EVP_DecryptFinal_ex(&ctx, &(data[i]), &j);
-    EVP_CIPHER_CTX_cleanup(&ctx);
+    ok = EVP_DecryptInit_ex(ctx, cipher->cipher, NULL, key, &(cipher->iv[0]));
+    if (ok)
+        ok = EVP_DecryptUpdate(ctx, data, &ilen, data, ilen);
+    if (ok) {
+        /* Squirrel away the length of data decrypted so far. */
+        *plen = ilen;
+        ok = EVP_DecryptFinal_ex(ctx, &(data[ilen]), &ilen);
+    }
+    if (ok)
+        *plen += ilen;
+    else
+        PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_DECRYPT);
+
+    EVP_CIPHER_CTX_free(ctx);
     OPENSSL_cleanse((char *)buf, sizeof(buf));
     OPENSSL_cleanse((char *)key, sizeof(key));
-    if (o)
-        j += i;
-    else {
-        PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_DECRYPT);
-        return (0);
-    }
-    *plen = j;
-    return (1);
+    return ok;
 }
 
+/*
+ * This implements a very limited PEM header parser that does not support the
+ * full grammar of rfc1421.  In particular, folded headers are not supported,
+ * nor is additional whitespace.
+ *
+ * A robust implementation would make use of a library that turns the headers
+ * into a BIO from which one folded line is read at a time, and is then split
+ * into a header label and content.  We would then parse the content of the
+ * headers we care about.  This is overkill for just this limited use-case, but
+ * presumably we also parse rfc822-style headers for S/MIME, so a common
+ * abstraction might well be more generally useful.
+ */
 int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
 {
+    static const char ProcType[] = "Proc-Type:";
+    static const char ENCRYPTED[] = "ENCRYPTED";
+    static const char DEKInfo[] = "DEK-Info:";
     const EVP_CIPHER *enc = NULL;
-    char *p, c;
-    char **header_pp = &header;
+    int ivlen;
+    char *dekinfostart, c;
 
     cipher->cipher = NULL;
     memset(cipher->iv, 0, sizeof(cipher->iv));
     if ((header == NULL) || (*header == '\0') || (*header == '\n'))
-        return (1);
-    if (strncmp(header, "Proc-Type: ", 11) != 0) {
+        return 1;
+
+    if (strncmp(header, ProcType, sizeof(ProcType)-1) != 0) {
         PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_PROC_TYPE);
-        return (0);
-    }
-    header += 11;
-    if (*header != '4')
-        return (0);
-    header++;
-    if (*header != ',')
-        return (0);
-    header++;
-    if (strncmp(header, "ENCRYPTED", 9) != 0) {
+        return 0;
+    }
+    header += sizeof(ProcType)-1;
+    header += strspn(header, " \t");
+
+    if (*header++ != '4' || *header++ != ',')
+        return 0;
+    header += strspn(header, " \t");
+
+    /* We expect "ENCRYPTED" followed by optional white-space + line break */
+    if (strncmp(header, ENCRYPTED, sizeof(ENCRYPTED)-1) != 0 ||
+        strspn(header+sizeof(ENCRYPTED)-1, " \t\r\n") == 0) {
         PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_ENCRYPTED);
-        return (0);
+        return 0;
     }
-    for (; (*header != '\n') && (*header != '\0'); header++) ;
-    if (*header == '\0') {
+    header += sizeof(ENCRYPTED)-1;
+    header += strspn(header, " \t\r");
+    if (*header++ != '\n') {
         PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_SHORT_HEADER);
-        return (0);
+        return 0;
     }
-    header++;
-    if (strncmp(header, "DEK-Info: ", 10) != 0) {
+
+    /*-
+     * https://tools.ietf.org/html/rfc1421#section-4.6.1.3
+     * We expect "DEK-Info: algo[,hex-parameters]"
+     */
+    if (strncmp(header, DEKInfo, sizeof(DEKInfo)-1) != 0) {
         PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_DEK_INFO);
-        return (0);
+        return 0;
     }
-    header += 10;
+    header += sizeof(DEKInfo)-1;
+    header += strspn(header, " \t");
 
-    p = header;
-    for (;;) {
-        c = *header;
-#ifndef CHARSET_EBCDIC
-        if (!(((c >= 'A') && (c <= 'Z')) || (c == '-') ||
-              ((c >= '0') && (c <= '9'))))
-            break;
-#else
-        if (!(isupper((unsigned char)c) || (c == '-')
-            || isdigit((unsigned char)c)))
-            break;
-#endif
-        header++;
-    }
+    /*
+     * DEK-INFO is a comma-separated combination of algorithm name and optional
+     * parameters.
+     */
+    dekinfostart = header;
+    header += strcspn(header, " \t,");
+    c = *header;
     *header = '\0';
-    cipher->cipher = enc = EVP_get_cipherbyname(p);
+    cipher->cipher = enc = EVP_get_cipherbyname(dekinfostart);
     *header = c;
-    header++;
+    header += strspn(header, " \t");
 
     if (enc == NULL) {
         PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_UNSUPPORTED_ENCRYPTION);
-        return (0);
+        return 0;
+    }
+    ivlen = EVP_CIPHER_iv_length(enc);
+    if (ivlen > 0 && *header++ != ',') {
+        PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_MISSING_DEK_IV);
+        return 0;
+    } else if (ivlen == 0 && *header == ',') {
+        PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_UNEXPECTED_DEK_IV);
+        return 0;
     }
-    if (!load_iv(header_pp, &(cipher->iv[0]), enc->iv_len))
-        return (0);
 
-    return (1);
+    if (!load_iv(&header, cipher->iv, EVP_CIPHER_iv_length(enc)))
+        return 0;
+
+    return 1;
 }
 
 static int load_iv(char **fromp, unsigned char *to, int num)
@@ -558,25 +570,20 @@ static int load_iv(char **fromp, unsigned char *to, int num)
         to[i] = 0;
     num *= 2;
     for (i = 0; i < num; i++) {
-        if ((*from >= '0') && (*from <= '9'))
-            v = *from - '0';
-        else if ((*from >= 'A') && (*from <= 'F'))
-            v = *from - 'A' + 10;
-        else if ((*from >= 'a') && (*from <= 'f'))
-            v = *from - 'a' + 10;
-        else {
+        v = OPENSSL_hexchar2int(*from);
+        if (v < 0) {
             PEMerr(PEM_F_LOAD_IV, PEM_R_BAD_IV_CHARS);
-            return (0);
+            return 0;
         }
         from++;
         to[i / 2] |= v << (long)((!(i & 1)) * 4);
     }
 
     *fromp = from;
-    return (1);
+    return 1;
 }
 
-#ifndef OPENSSL_NO_FP_API
+#ifndef OPENSSL_NO_STDIO
 int PEM_write(FILE *fp, const char *name, const char *header,
               const unsigned char *data, long len)
 {
@@ -585,12 +592,12 @@ int PEM_write(FILE *fp, const char *name, const char *header,
 
     if ((b = BIO_new(BIO_s_file())) == NULL) {
         PEMerr(PEM_F_PEM_WRITE, ERR_R_BUF_LIB);
-        return (0);
+        return 0;
     }
     BIO_set_fp(b, fp, BIO_NOCLOSE);
     ret = PEM_write_bio(b, name, header, data, len);
     BIO_free(b);
-    return (ret);
+    return ret;
 }
 #endif
 
@@ -599,10 +606,16 @@ int PEM_write_bio(BIO *bp, const char *name, const char *header,
 {
     int nlen, n, i, j, outl;
     unsigned char *buf = NULL;
-    EVP_ENCODE_CTX ctx;
+    EVP_ENCODE_CTX *ctx = EVP_ENCODE_CTX_new();
     int reason = ERR_R_BUF_LIB;
+    int retval = 0;
+
+    if (ctx == NULL) {
+        reason = ERR_R_MALLOC_FAILURE;
+        goto err;
+    }
 
-    EVP_EncodeInit(&ctx);
+    EVP_EncodeInit(ctx);
     nlen = strlen(name);
 
     if ((BIO_write(bp, "-----BEGIN ", 11) != 11) ||
@@ -625,34 +638,32 @@ int PEM_write_bio(BIO *bp, const char *name, const char *header,
     i = j = 0;
     while (len > 0) {
         n = (int)((len > (PEM_BUFSIZE * 5)) ? (PEM_BUFSIZE * 5) : len);
-        EVP_EncodeUpdate(&ctx, buf, &outl, &(data[j]), n);
+        if (!EVP_EncodeUpdate(ctx, buf, &outl, &(data[j]), n))
+            goto err;
         if ((outl) && (BIO_write(bp, (char *)buf, outl) != outl))
             goto err;
         i += outl;
         len -= n;
         j += n;
     }
-    EVP_EncodeFinal(&ctx, buf, &outl);
+    EVP_EncodeFinal(ctx, buf, &outl);
     if ((outl > 0) && (BIO_write(bp, (char *)buf, outl) != outl))
         goto err;
-    OPENSSL_cleanse(buf, PEM_BUFSIZE * 8);
-    OPENSSL_free(buf);
-    buf = NULL;
     if ((BIO_write(bp, "-----END ", 9) != 9) ||
         (BIO_write(bp, name, nlen) != nlen) ||
         (BIO_write(bp, "-----\n", 6) != 6))
         goto err;
-    return (i + outl);
+    retval = i + outl;
+
  err:
-    if (buf) {
-        OPENSSL_cleanse(buf, PEM_BUFSIZE * 8);
-        OPENSSL_free(buf);
-    }
-    PEMerr(PEM_F_PEM_WRITE_BIO, reason);
-    return (0);
+    if (retval == 0)
+        PEMerr(PEM_F_PEM_WRITE_BIO, reason);
+    EVP_ENCODE_CTX_free(ctx);
+    OPENSSL_clear_free(buf, PEM_BUFSIZE * 8);
+    return retval;
 }
 
-#ifndef OPENSSL_NO_FP_API
+#ifndef OPENSSL_NO_STDIO
 int PEM_read(FILE *fp, char **name, char **header, unsigned char **data,
              long *len)
 {
@@ -661,183 +672,299 @@ int PEM_read(FILE *fp, char **name, char **header, unsigned char **data,
 
     if ((b = BIO_new(BIO_s_file())) == NULL) {
         PEMerr(PEM_F_PEM_READ, ERR_R_BUF_LIB);
-        return (0);
+        return 0;
     }
     BIO_set_fp(b, fp, BIO_NOCLOSE);
     ret = PEM_read_bio(b, name, header, data, len);
     BIO_free(b);
-    return (ret);
+    return ret;
 }
 #endif
 
-int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
-                 long *len)
+/* Some helpers for PEM_read_bio_ex(). */
+static int sanitize_line(char *linebuf, int len, unsigned int flags)
 {
-    EVP_ENCODE_CTX ctx;
-    int end = 0, i, k, bl = 0, hl = 0, nohead = 0;
-    char buf[256];
-    BUF_MEM *nameB;
-    BUF_MEM *headerB;
-    BUF_MEM *dataB, *tmpB;
-
-    nameB = BUF_MEM_new();
-    headerB = BUF_MEM_new();
-    dataB = BUF_MEM_new();
-    if ((nameB == NULL) || (headerB == NULL) || (dataB == NULL)) {
-        BUF_MEM_free(nameB);
-        BUF_MEM_free(headerB);
-        BUF_MEM_free(dataB);
-        PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
-        return (0);
-    }
-
-    buf[254] = '\0';
-    for (;;) {
-        i = BIO_gets(bp, buf, 254);
-
-        if (i <= 0) {
-            PEMerr(PEM_F_PEM_READ_BIO, PEM_R_NO_START_LINE);
-            goto err;
+    int i;
+
+    if (flags & PEM_FLAG_EAY_COMPATIBLE) {
+        /* Strip trailing whitespace */
+        while ((len >= 0) && (linebuf[len] <= ' '))
+            len--;
+        /* Go back to whitespace before applying uniform line ending. */
+        len++;
+    } else if (flags & PEM_FLAG_ONLY_B64) {
+        for (i = 0; i < len; ++i) {
+            if (!ossl_isbase64(linebuf[i]) || linebuf[i] == '\n'
+                || linebuf[i] == '\r')
+                break;
         }
-
-        while ((i >= 0) && (buf[i] <= ' '))
-            i--;
-        buf[++i] = '\n';
-        buf[++i] = '\0';
-
-        if (strncmp(buf, "-----BEGIN ", 11) == 0) {
-            i = strlen(&(buf[11]));
-
-            if (strncmp(&(buf[11 + i - 6]), "-----\n", 6) != 0)
-                continue;
-            if (!BUF_MEM_grow(nameB, i + 9)) {
-                PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
-                goto err;
-            }
-            memcpy(nameB->data, &(buf[11]), i - 6);
-            nameB->data[i - 6] = '\0';
-            break;
+        len = i;
+    } else {
+        /* EVP_DecodeBlock strips leading and trailing whitespace, so just strip
+         * control characters in-place and let everything through. */
+        for (i = 0; i < len; ++i) {
+            if (linebuf[i] == '\n' || linebuf[i] == '\r')
+                break;
+            if (ossl_iscntrl(linebuf[i]))
+                linebuf[i] = ' ';
         }
+        len = i;
     }
-    hl = 0;
-    if (!BUF_MEM_grow(headerB, 256)) {
-        PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
-        goto err;
+    /* The caller allocated LINESIZE+1, so this is safe. */
+    linebuf[len++] = '\n';
+    linebuf[len] = '\0';
+    return len;
+}
+
+#define LINESIZE 255
+/* Note trailing spaces for begin and end. */
+static const char beginstr[] = "-----BEGIN ";
+static const char endstr[] = "-----END ";
+static const char tailstr[] = "-----\n";
+#define BEGINLEN ((int)(sizeof(beginstr) - 1))
+#define ENDLEN ((int)(sizeof(endstr) - 1))
+#define TAILLEN ((int)(sizeof(tailstr) - 1))
+static int get_name(BIO *bp, char **name, unsigned int flags)
+{
+    char *linebuf;
+    int ret = 0;
+    int len;
+
+    /*
+     * Need to hold trailing NUL (accounted for by BIO_gets() and the newline
+     * that will be added by sanitize_line() (the extra '1').
+     */
+    linebuf = pem_malloc(LINESIZE + 1, flags);
+    if (linebuf == NULL) {
+        PEMerr(PEM_F_GET_NAME, ERR_R_MALLOC_FAILURE);
+        return 0;
     }
-    headerB->data[0] = '\0';
-    for (;;) {
-        i = BIO_gets(bp, buf, 254);
-        if (i <= 0)
-            break;
 
-        while ((i >= 0) && (buf[i] <= ' '))
-            i--;
-        buf[++i] = '\n';
-        buf[++i] = '\0';
+    do {
+        len = BIO_gets(bp, linebuf, LINESIZE);
 
-        if (buf[0] == '\n')
-            break;
-        if (!BUF_MEM_grow(headerB, hl + i + 9)) {
-            PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
+        if (len <= 0) {
+            PEMerr(PEM_F_GET_NAME, PEM_R_NO_START_LINE);
             goto err;
         }
-        if (strncmp(buf, "-----END ", 9) == 0) {
-            nohead = 1;
-            break;
-        }
-        memcpy(&(headerB->data[hl]), buf, i);
-        headerB->data[hl + i] = '\0';
-        hl += i;
-    }
 
-    bl = 0;
-    if (!BUF_MEM_grow(dataB, 1024)) {
-        PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
+        /* Strip trailing garbage and standardize ending. */
+        len = sanitize_line(linebuf, len, flags & ~PEM_FLAG_ONLY_B64);
+
+        /* Allow leading empty or non-matching lines. */
+    } while (strncmp(linebuf, beginstr, BEGINLEN) != 0
+             || len < TAILLEN
+             || strncmp(linebuf + len - TAILLEN, tailstr, TAILLEN) != 0);
+    linebuf[len - TAILLEN] = '\0';
+    len = len - BEGINLEN - TAILLEN + 1;
+    *name = pem_malloc(len, flags);
+    if (*name == NULL) {
+        PEMerr(PEM_F_GET_NAME, ERR_R_MALLOC_FAILURE);
         goto err;
     }
-    dataB->data[0] = '\0';
-    if (!nohead) {
-        for (;;) {
-            i = BIO_gets(bp, buf, 254);
-            if (i <= 0)
-                break;
+    memcpy(*name, linebuf + BEGINLEN, len);
+    ret = 1;
 
-            while ((i >= 0) && (buf[i] <= ' '))
-                i--;
-            buf[++i] = '\n';
-            buf[++i] = '\0';
+err:
+    pem_free(linebuf, flags, LINESIZE + 1);
+    return ret;
+}
 
-            if (i != 65)
-                end = 1;
-            if (strncmp(buf, "-----END ", 9) == 0)
-                break;
-            if (i > 65)
-                break;
-            if (!BUF_MEM_grow_clean(dataB, i + bl + 9)) {
-                PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
+/* Keep track of how much of a header we've seen. */
+enum header_status {
+    MAYBE_HEADER,
+    IN_HEADER,
+    POST_HEADER
+};
+
+/**
+ * Extract the optional PEM header, with details on the type of content and
+ * any encryption used on the contents, and the bulk of the data from the bio.
+ * The end of the header is marked by a blank line; if the end-of-input marker
+ * is reached prior to a blank line, there is no header.
+ *
+ * The header and data arguments are BIO** since we may have to swap them
+ * if there is no header, for efficiency.
+ *
+ * We need the name of the PEM-encoded type to verify the end string.
+ */
+static int get_header_and_data(BIO *bp, BIO **header, BIO **data, char *name,
+                               unsigned int flags)
+{
+    BIO *tmp = *header;
+    char *linebuf, *p;
+    int len, line, ret = 0, end = 0;
+    /* 0 if not seen (yet), 1 if reading header, 2 if finished header */
+    enum header_status got_header = MAYBE_HEADER;
+    unsigned int flags_mask;
+    size_t namelen;
+
+    /* Need to hold trailing NUL (accounted for by BIO_gets() and the newline
+     * that will be added by sanitize_line() (the extra '1'). */
+    linebuf = pem_malloc(LINESIZE + 1, flags);
+    if (linebuf == NULL) {
+        PEMerr(PEM_F_GET_HEADER_AND_DATA, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    for (line = 0; ; line++) {
+        flags_mask = ~0u;
+        len = BIO_gets(bp, linebuf, LINESIZE);
+        if (len <= 0) {
+            PEMerr(PEM_F_GET_HEADER_AND_DATA, PEM_R_SHORT_HEADER);
+            goto err;
+        }
+
+        if (got_header == MAYBE_HEADER) {
+            if (memchr(linebuf, ':', len) != NULL)
+                got_header = IN_HEADER;
+        }
+        if (!strncmp(linebuf, endstr, ENDLEN) || got_header == IN_HEADER)
+            flags_mask &= ~PEM_FLAG_ONLY_B64;
+        len = sanitize_line(linebuf, len, flags & flags_mask);
+
+        /* Check for end of header. */
+        if (linebuf[0] == '\n') {
+            if (got_header == POST_HEADER) {
+                /* Another blank line is an error. */
+                PEMerr(PEM_F_GET_HEADER_AND_DATA, PEM_R_BAD_END_LINE);
                 goto err;
             }
-            memcpy(&(dataB->data[bl]), buf, i);
-            dataB->data[bl + i] = '\0';
-            bl += i;
-            if (end) {
-                buf[0] = '\0';
-                i = BIO_gets(bp, buf, 254);
-                if (i <= 0)
-                    break;
-
-                while ((i >= 0) && (buf[i] <= ' '))
-                    i--;
-                buf[++i] = '\n';
-                buf[++i] = '\0';
+            got_header = POST_HEADER;
+            tmp = *data;
+            continue;
+        }
 
-                break;
+        /* Check for end of stream (which means there is no header). */
+        if (strncmp(linebuf, endstr, ENDLEN) == 0) {
+            p = linebuf + ENDLEN;
+            namelen = strlen(name);
+            if (strncmp(p, name, namelen) != 0 ||
+                strncmp(p + namelen, tailstr, TAILLEN) != 0) {
+                PEMerr(PEM_F_GET_HEADER_AND_DATA, PEM_R_BAD_END_LINE);
+                goto err;
+            }
+            if (got_header == MAYBE_HEADER) {
+                *header = *data;
+                *data = tmp;
             }
+            break;
+        } else if (end) {
+            /* Malformed input; short line not at end of data. */
+            PEMerr(PEM_F_GET_HEADER_AND_DATA, PEM_R_BAD_END_LINE);
+            goto err;
+        }
+        /*
+         * Else, a line of text -- could be header or data; we don't
+         * know yet.  Just pass it through.
+         */
+        if (BIO_puts(tmp, linebuf) < 0)
+            goto err;
+        /*
+         * Only encrypted files need the line length check applied.
+         */
+        if (got_header == POST_HEADER) {
+            /* 65 includes the trailing newline */
+            if (len > 65)
+                goto err;
+            if (len < 65)
+                end = 1;
         }
-    } else {
-        tmpB = headerB;
-        headerB = dataB;
-        dataB = tmpB;
-        bl = hl;
-    }
-    i = strlen(nameB->data);
-    if ((strncmp(buf, "-----END ", 9) != 0) ||
-        (strncmp(nameB->data, &(buf[9]), i) != 0) ||
-        (strncmp(&(buf[9 + i]), "-----\n", 6) != 0)) {
-        PEMerr(PEM_F_PEM_READ_BIO, PEM_R_BAD_END_LINE);
-        goto err;
     }
 
-    EVP_DecodeInit(&ctx);
-    i = EVP_DecodeUpdate(&ctx,
-                         (unsigned char *)dataB->data, &bl,
-                         (unsigned char *)dataB->data, bl);
-    if (i < 0) {
-        PEMerr(PEM_F_PEM_READ_BIO, PEM_R_BAD_BASE64_DECODE);
-        goto err;
-    }
-    i = EVP_DecodeFinal(&ctx, (unsigned char *)&(dataB->data[bl]), &k);
-    if (i < 0) {
-        PEMerr(PEM_F_PEM_READ_BIO, PEM_R_BAD_BASE64_DECODE);
-        goto err;
+    ret = 1;
+err:
+    pem_free(linebuf, flags, LINESIZE + 1);
+    return ret;
+}
+
+/**
+ * Read in PEM-formatted data from the given BIO.
+ *
+ * By nature of the PEM format, all content must be printable ASCII (except
+ * for line endings).  Other characters are malformed input and will be rejected.
+ */
+int PEM_read_bio_ex(BIO *bp, char **name_out, char **header,
+                    unsigned char **data, long *len_out, unsigned int flags)
+{
+    EVP_ENCODE_CTX *ctx = EVP_ENCODE_CTX_new();
+    const BIO_METHOD *bmeth;
+    BIO *headerB = NULL, *dataB = NULL;
+    char *name = NULL;
+    int len, taillen, headerlen, ret = 0;
+    BUF_MEM * buf_mem;
+
+    if (ctx == NULL) {
+        PEMerr(PEM_F_PEM_READ_BIO_EX, ERR_R_MALLOC_FAILURE);
+        return 0;
     }
-    bl += k;
 
-    if (bl == 0)
-        goto err;
-    *name = nameB->data;
-    *header = headerB->data;
-    *data = (unsigned char *)dataB->data;
-    *len = bl;
-    OPENSSL_free(nameB);
-    OPENSSL_free(headerB);
-    OPENSSL_free(dataB);
-    return (1);
- err:
-    BUF_MEM_free(nameB);
-    BUF_MEM_free(headerB);
-    BUF_MEM_free(dataB);
-    return (0);
+    *len_out = 0;
+    *name_out = *header = NULL;
+    *data = NULL;
+    if ((flags & PEM_FLAG_EAY_COMPATIBLE) && (flags & PEM_FLAG_ONLY_B64)) {
+        /* These two are mutually incompatible; bail out. */
+        PEMerr(PEM_F_PEM_READ_BIO_EX, ERR_R_PASSED_INVALID_ARGUMENT);
+        goto end;
+    }
+    bmeth = (flags & PEM_FLAG_SECURE) ? BIO_s_secmem() : BIO_s_mem();
+
+    headerB = BIO_new(bmeth);
+    dataB = BIO_new(bmeth);
+    if (headerB == NULL || dataB == NULL) {
+        PEMerr(PEM_F_PEM_READ_BIO_EX, ERR_R_MALLOC_FAILURE);
+        goto end;
+    }
+
+    if (!get_name(bp, &name, flags))
+        goto end;
+    if (!get_header_and_data(bp, &headerB, &dataB, name, flags))
+        goto end;
+
+    EVP_DecodeInit(ctx);
+    BIO_get_mem_ptr(dataB, &buf_mem);
+    len = buf_mem->length;
+    if (EVP_DecodeUpdate(ctx, (unsigned char*)buf_mem->data, &len,
+                         (unsigned char*)buf_mem->data, len) < 0
+            || EVP_DecodeFinal(ctx, (unsigned char*)&(buf_mem->data[len]),
+                               &taillen) < 0) {
+        PEMerr(PEM_F_PEM_READ_BIO_EX, PEM_R_BAD_BASE64_DECODE);
+        goto end;
+    }
+    len += taillen;
+    buf_mem->length = len;
+
+    /* There was no data in the PEM file; avoid malloc(0). */
+    if (len == 0)
+        goto end;
+    headerlen = BIO_get_mem_data(headerB, NULL);
+    *header = pem_malloc(headerlen + 1, flags);
+    *data = pem_malloc(len, flags);
+    if (*header == NULL || *data == NULL) {
+        pem_free(*header, flags, 0);
+        pem_free(*data, flags, 0);
+        goto end;
+    }
+    BIO_read(headerB, *header, headerlen);
+    (*header)[headerlen] = '\0';
+    BIO_read(dataB, *data, len);
+    *len_out = len;
+    *name_out = name;
+    name = NULL;
+    ret = 1;
+
+end:
+    EVP_ENCODE_CTX_free(ctx);
+    pem_free(name, flags, 0);
+    BIO_free(headerB);
+    BIO_free(dataB);
+    return ret;
+}
+
+int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
+                 long *len)
+{
+    return PEM_read_bio_ex(bp, name, header, data, len, PEM_FLAG_EAY_COMPATIBLE);
 }
 
 /*
diff --git a/freebsd/crypto/openssl/crypto/pem/pem_oth.c b/freebsd/crypto/openssl/crypto/pem/pem_oth.c
index 16cf47db..ee7e0430 100644
--- a/freebsd/crypto/openssl/crypto/pem/pem_oth.c
+++ b/freebsd/crypto/openssl/crypto/pem/pem_oth.c
@@ -1,69 +1,19 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/pem/pem_oth.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/buffer.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
-#include <openssl/rand.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 
@@ -84,5 +34,5 @@ void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x,
     if (ret == NULL)
         PEMerr(PEM_F_PEM_ASN1_READ_BIO, ERR_R_ASN1_LIB);
     OPENSSL_free(data);
-    return (ret);
+    return ret;
 }
diff --git a/freebsd/crypto/openssl/crypto/pem/pem_pk8.c b/freebsd/crypto/openssl/crypto/pem/pem_pk8.c
index 60eda58a..02e72ccd 100644
--- a/freebsd/crypto/openssl/crypto/pem/pem_pk8.c
+++ b/freebsd/crypto/openssl/crypto/pem/pem_pk8.c
@@ -1,69 +1,19 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/pem/pem_pkey.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/buffer.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
-#include <openssl/rand.h>
 #include <openssl/x509.h>
 #include <openssl/pkcs12.h>
 #include <openssl/pem.h>
@@ -71,10 +21,12 @@
 static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder,
                       int nid, const EVP_CIPHER *enc,
                       char *kstr, int klen, pem_password_cb *cb, void *u);
+
+#ifndef OPENSSL_NO_STDIO
 static int do_pk8pkey_fp(FILE *bp, EVP_PKEY *x, int isder,
                          int nid, const EVP_CIPHER *enc,
                          char *kstr, int klen, pem_password_cb *cb, void *u);
-
+#endif
 /*
  * These functions write a private key in PKCS#8 format: it is a "drop in"
  * replacement for PEM_write_bio_PrivateKey() and friends. As usual if 'enc'
@@ -118,7 +70,8 @@ static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid,
     PKCS8_PRIV_KEY_INFO *p8inf;
     char buf[PEM_BUFSIZE];
     int ret;
-    if (!(p8inf = EVP_PKEY2PKCS8(x))) {
+
+    if ((p8inf = EVP_PKEY2PKCS8(x)) == NULL) {
         PEMerr(PEM_F_DO_PK8PKEY, PEM_R_ERROR_CONVERTING_PRIVATE_KEY);
         return 0;
     }
@@ -188,14 +141,13 @@ EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
     if (!ret)
         return NULL;
     if (x) {
-        if (*x)
-            EVP_PKEY_free(*x);
+        EVP_PKEY_free(*x);
         *x = ret;
     }
     return ret;
 }
 
-#ifndef OPENSSL_NO_FP_API
+#ifndef OPENSSL_NO_STDIO
 
 int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
                            char *kstr, int klen, pem_password_cb *cb, void *u)
@@ -230,9 +182,10 @@ static int do_pk8pkey_fp(FILE *fp, EVP_PKEY *x, int isder, int nid,
 {
     BIO *bp;
     int ret;
-    if (!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {
+
+    if ((bp = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) {
         PEMerr(PEM_F_DO_PK8PKEY_FP, ERR_R_BUF_LIB);
-        return (0);
+        return 0;
     }
     ret = do_pk8pkey(bp, x, isder, nid, enc, kstr, klen, cb, u);
     BIO_free(bp);
@@ -244,7 +197,8 @@ EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb,
 {
     BIO *bp;
     EVP_PKEY *ret;
-    if (!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {
+
+    if ((bp = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) {
         PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_FP, ERR_R_BUF_LIB);
         return NULL;
     }
diff --git a/freebsd/crypto/openssl/crypto/pem/pem_pkey.c b/freebsd/crypto/openssl/crypto/pem/pem_pkey.c
index 7c136eec..f02f45de 100644
--- a/freebsd/crypto/openssl/crypto/pem/pem_pkey.c
+++ b/freebsd/crypto/openssl/crypto/pem/pem_pkey.c
@@ -1,79 +1,26 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/pem/pem_pkey.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/buffer.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
-#include <openssl/rand.h>
 #include <openssl/x509.h>
 #include <openssl/pkcs12.h>
 #include <openssl/pem.h>
-#ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
-#endif
-#ifndef OPENSSL_NO_DH
-# include <openssl/dh.h>
-#endif
-#include "asn1_locl.h"
+#include <openssl/engine.h>
+#include <openssl/dh.h>
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
 
 int pem_check_suffix(const char *pem_str, const char *suffix);
 
@@ -87,7 +34,8 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
     int slen;
     EVP_PKEY *ret = NULL;
 
-    if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp, cb, u))
+    if (!PEM_bytes_read_bio_secmem(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp,
+                                   cb, u))
         return NULL;
     p = data;
 
@@ -98,8 +46,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
             goto p8err;
         ret = EVP_PKCS82PKEY(p8inf);
         if (x) {
-            if (*x)
-                EVP_PKEY_free((EVP_PKEY *)*x);
+            EVP_PKEY_free((EVP_PKEY *)*x);
             *x = ret;
         }
         PKCS8_PRIV_KEY_INFO_free(p8inf);
@@ -127,8 +74,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
             goto p8err;
         ret = EVP_PKCS82PKEY(p8inf);
         if (x) {
-            if (*x)
-                EVP_PKEY_free((EVP_PKEY *)*x);
+            EVP_PKEY_free((EVP_PKEY *)*x);
             *x = ret;
         }
         PKCS8_PRIV_KEY_INFO_free(p8inf);
@@ -143,21 +89,27 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
     if (ret == NULL)
         PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, ERR_R_ASN1_LIB);
  err:
-    OPENSSL_free(nm);
-    OPENSSL_cleanse(data, len);
-    OPENSSL_free(data);
-    return (ret);
+    OPENSSL_secure_free(nm);
+    OPENSSL_secure_clear_free(data, len);
+    return ret;
 }
 
 int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
                              unsigned char *kstr, int klen,
                              pem_password_cb *cb, void *u)
 {
-    char pem_str[80];
-    if (!x->ameth || x->ameth->priv_encode)
+    if (x->ameth == NULL || x->ameth->priv_encode != NULL)
         return PEM_write_bio_PKCS8PrivateKey(bp, x, enc,
                                              (char *)kstr, klen, cb, u);
+    return PEM_write_bio_PrivateKey_traditional(bp, x, enc, kstr, klen, cb, u);
+}
 
+int PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x,
+                                         const EVP_CIPHER *enc,
+                                         unsigned char *kstr, int klen,
+                                         pem_password_cb *cb, void *u)
+{
+    char pem_str[80];
     BIO_snprintf(pem_str, 80, "%s PRIVATE KEY", x->ameth->pem_str);
     return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey,
                               pem_str, bp, x, enc, kstr, klen, cb, u);
@@ -179,7 +131,7 @@ EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x)
 
     if ((slen = pem_check_suffix(nm, "PARAMETERS")) > 0) {
         ret = EVP_PKEY_new();
-        if (!ret)
+        if (ret == NULL)
             goto err;
         if (!EVP_PKEY_set_type_str(ret, nm, slen)
             || !ret->ameth->param_decode
@@ -189,8 +141,7 @@ EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x)
             goto err;
         }
         if (x) {
-            if (*x)
-                EVP_PKEY_free((EVP_PKEY *)*x);
+            EVP_PKEY_free((EVP_PKEY *)*x);
             *x = ret;
         }
     }
@@ -199,7 +150,7 @@ EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x)
         PEMerr(PEM_F_PEM_READ_BIO_PARAMETERS, ERR_R_ASN1_LIB);
     OPENSSL_free(nm);
     OPENSSL_free(data);
-    return (ret);
+    return ret;
 }
 
 int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x)
@@ -213,7 +164,7 @@ int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x)
                               pem_str, bp, x, NULL, NULL, 0, 0, NULL);
 }
 
-#ifndef OPENSSL_NO_FP_API
+#ifndef OPENSSL_NO_STDIO
 EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb,
                               void *u)
 {
@@ -222,12 +173,12 @@ EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb,
 
     if ((b = BIO_new(BIO_s_file())) == NULL) {
         PEMerr(PEM_F_PEM_READ_PRIVATEKEY, ERR_R_BUF_LIB);
-        return (0);
+        return 0;
     }
     BIO_set_fp(b, fp, BIO_NOCLOSE);
     ret = PEM_read_bio_PrivateKey(b, x, cb, u);
     BIO_free(b);
-    return (ret);
+    return ret;
 }
 
 int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
@@ -264,7 +215,7 @@ DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u)
         return NULL;
     p = data;
 
-    if (!strcmp(nm, PEM_STRING_DHXPARAMS))
+    if (strcmp(nm, PEM_STRING_DHXPARAMS) == 0)
         ret = d2i_DHxparams(x, &p, len);
     else
         ret = d2i_DHparams(x, &p, len);
@@ -276,7 +227,7 @@ DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u)
     return ret;
 }
 
-# ifndef OPENSSL_NO_FP_API
+# ifndef OPENSSL_NO_STDIO
 DH *PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u)
 {
     BIO *b;
@@ -284,12 +235,12 @@ DH *PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u)
 
     if ((b = BIO_new(BIO_s_file())) == NULL) {
         PEMerr(PEM_F_PEM_READ_DHPARAMS, ERR_R_BUF_LIB);
-        return (0);
+        return 0;
     }
     BIO_set_fp(b, fp, BIO_NOCLOSE);
     ret = PEM_read_bio_DHparams(b, x, cb, u);
     BIO_free(b);
-    return (ret);
+    return ret;
 }
 # endif
 
diff --git a/freebsd/crypto/openssl/crypto/pem/pem_seal.c b/freebsd/crypto/openssl/crypto/pem/pem_seal.c
deleted file mode 100644
index 6bf24f9d..00000000
--- a/freebsd/crypto/openssl/crypto/pem/pem_seal.c
+++ /dev/null
@@ -1,193 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/pem/pem_seal.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/opensslconf.h> /* for OPENSSL_NO_RSA */
-#ifndef OPENSSL_NO_RSA
-# include <stdio.h>
-# include "cryptlib.h"
-# include <openssl/evp.h>
-# include <openssl/rand.h>
-# include <openssl/objects.h>
-# include <openssl/x509.h>
-# include <openssl/pem.h>
-# include <openssl/rsa.h>
-
-int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type,
-                 unsigned char **ek, int *ekl, unsigned char *iv,
-                 EVP_PKEY **pubk, int npubk)
-{
-    unsigned char key[EVP_MAX_KEY_LENGTH];
-    int ret = -1;
-    int i, j, max = 0;
-    char *s = NULL;
-
-    for (i = 0; i < npubk; i++) {
-        if (pubk[i]->type != EVP_PKEY_RSA) {
-            PEMerr(PEM_F_PEM_SEALINIT, PEM_R_PUBLIC_KEY_NO_RSA);
-            goto err;
-        }
-        j = RSA_size(pubk[i]->pkey.rsa);
-        if (j > max)
-            max = j;
-    }
-    s = (char *)OPENSSL_malloc(max * 2);
-    if (s == NULL) {
-        PEMerr(PEM_F_PEM_SEALINIT, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    EVP_EncodeInit(&ctx->encode);
-
-    EVP_MD_CTX_init(&ctx->md);
-    if (!EVP_SignInit(&ctx->md, md_type))
-        goto err;
-
-    EVP_CIPHER_CTX_init(&ctx->cipher);
-    ret = EVP_SealInit(&ctx->cipher, type, ek, ekl, iv, pubk, npubk);
-    if (ret <= 0)
-        goto err;
-
-    /* base64 encode the keys */
-    for (i = 0; i < npubk; i++) {
-        j = EVP_EncodeBlock((unsigned char *)s, ek[i],
-                            RSA_size(pubk[i]->pkey.rsa));
-        ekl[i] = j;
-        memcpy(ek[i], s, j + 1);
-    }
-
-    ret = npubk;
- err:
-    if (s != NULL)
-        OPENSSL_free(s);
-    OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
-    return (ret);
-}
-
-void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl,
-                    unsigned char *in, int inl)
-{
-    unsigned char buffer[1600];
-    int i, j;
-
-    *outl = 0;
-    EVP_SignUpdate(&ctx->md, in, inl);
-    for (;;) {
-        if (inl <= 0)
-            break;
-        if (inl > 1200)
-            i = 1200;
-        else
-            i = inl;
-        EVP_EncryptUpdate(&ctx->cipher, buffer, &j, in, i);
-        EVP_EncodeUpdate(&ctx->encode, out, &j, buffer, j);
-        *outl += j;
-        out += j;
-        in += i;
-        inl -= i;
-    }
-}
-
-int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl,
-                  unsigned char *out, int *outl, EVP_PKEY *priv)
-{
-    unsigned char *s = NULL;
-    int ret = 0, j;
-    unsigned int i;
-
-    if (priv->type != EVP_PKEY_RSA) {
-        PEMerr(PEM_F_PEM_SEALFINAL, PEM_R_PUBLIC_KEY_NO_RSA);
-        goto err;
-    }
-    i = RSA_size(priv->pkey.rsa);
-    if (i < 100)
-        i = 100;
-    s = (unsigned char *)OPENSSL_malloc(i * 2);
-    if (s == NULL) {
-        PEMerr(PEM_F_PEM_SEALFINAL, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    if (!EVP_EncryptFinal_ex(&ctx->cipher, s, (int *)&i))
-        goto err;
-    EVP_EncodeUpdate(&ctx->encode, out, &j, s, i);
-    *outl = j;
-    out += j;
-    EVP_EncodeFinal(&ctx->encode, out, &j);
-    *outl += j;
-
-    if (!EVP_SignFinal(&ctx->md, s, &i, priv))
-        goto err;
-    *sigl = EVP_EncodeBlock(sig, s, i);
-
-    ret = 1;
- err:
-    EVP_MD_CTX_cleanup(&ctx->md);
-    EVP_CIPHER_CTX_cleanup(&ctx->cipher);
-    if (s != NULL)
-        OPENSSL_free(s);
-    return (ret);
-}
-#else                           /* !OPENSSL_NO_RSA */
-
-# if PEDANTIC
-static void *dummy = &dummy;
-# endif
-
-#endif
diff --git a/freebsd/crypto/openssl/crypto/pem/pem_sign.c b/freebsd/crypto/openssl/crypto/pem/pem_sign.c
index 3e616373..5f35af05 100644
--- a/freebsd/crypto/openssl/crypto/pem/pem_sign.c
+++ b/freebsd/crypto/openssl/crypto/pem/pem_sign.c
@@ -1,79 +1,29 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/pem/pem_sign.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/rand.h>
+#include "internal/cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 
-void PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type)
+int PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type)
 {
-    EVP_DigestInit_ex(ctx, type, NULL);
+    return EVP_DigestInit_ex(ctx, type, NULL);
 }
 
-void PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data, unsigned int count)
+int PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data, unsigned int count)
 {
-    EVP_DigestUpdate(ctx, data, count);
+    return EVP_DigestUpdate(ctx, data, count);
 }
 
 int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
@@ -83,7 +33,7 @@ int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
     int i, ret = 0;
     unsigned int m_len;
 
-    m = (unsigned char *)OPENSSL_malloc(EVP_PKEY_size(pkey) + 2);
+    m = OPENSSL_malloc(EVP_PKEY_size(pkey) + 2);
     if (m == NULL) {
         PEMerr(PEM_F_PEM_SIGNFINAL, ERR_R_MALLOC_FAILURE);
         goto err;
@@ -97,7 +47,6 @@ int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
     ret = 1;
  err:
     /* ctx has been zeroed by EVP_SignFinal() */
-    if (m != NULL)
-        OPENSSL_free(m);
-    return (ret);
+    OPENSSL_free(m);
+    return ret;
 }
diff --git a/freebsd/crypto/openssl/crypto/pem/pem_x509.c b/freebsd/crypto/openssl/crypto/pem/pem_x509.c
index 2c41f9db..1ca1d6fd 100644
--- a/freebsd/crypto/openssl/crypto/pem/pem_x509.c
+++ b/freebsd/crypto/openssl/crypto/pem/pem_x509.c
@@ -1,66 +1,16 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* pem_x509.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/bio.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
diff --git a/freebsd/crypto/openssl/crypto/pem/pem_xaux.c b/freebsd/crypto/openssl/crypto/pem/pem_xaux.c
index ff706c90..6497d5b1 100644
--- a/freebsd/crypto/openssl/crypto/pem/pem_xaux.c
+++ b/freebsd/crypto/openssl/crypto/pem/pem_xaux.c
@@ -1,66 +1,16 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* pem_xaux.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/bio.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
@@ -68,5 +18,3 @@
 #include <openssl/pem.h>
 
 IMPLEMENT_PEM_rw(X509_AUX, X509, PEM_STRING_X509_TRUSTED, X509_AUX)
-IMPLEMENT_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR, PEM_STRING_X509_PAIR,
-                 X509_CERT_PAIR)
diff --git a/freebsd/crypto/openssl/crypto/pem/pvkfmt.c b/freebsd/crypto/openssl/crypto/pem/pvkfmt.c
index 3ae863e6..4533cd54 100644
--- a/freebsd/crypto/openssl/crypto/pem/pvkfmt.c
+++ b/freebsd/crypto/openssl/crypto/pem/pvkfmt.c
@@ -1,61 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2005.
- */
-/* ====================================================================
- * Copyright (c) 2005-2018 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 /*
@@ -63,7 +14,7 @@
  * and PRIVATEKEYBLOB).
  */
 
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/pem.h>
 #include <openssl/rand.h>
 #include <openssl/bn.h>
@@ -95,23 +46,11 @@ static unsigned int read_ledword(const unsigned char **in)
 
 static int read_lebn(const unsigned char **in, unsigned int nbyte, BIGNUM **r)
 {
-    const unsigned char *p;
-    unsigned char *tmpbuf, *q;
-    unsigned int i;
-    p = *in + nbyte - 1;
-    tmpbuf = OPENSSL_malloc(nbyte);
-    if (!tmpbuf)
-        return 0;
-    q = tmpbuf;
-    for (i = 0; i < nbyte; i++)
-        *q++ = *p--;
-    *r = BN_bin2bn(tmpbuf, nbyte, NULL);
-    OPENSSL_free(tmpbuf);
-    if (*r) {
-        *in += nbyte;
-        return 1;
-    } else
+    *r = BN_lebin2bn(*in, nbyte, NULL);
+    if (*r == NULL)
         return 0;
+    *in += nbyte;
+    return 1;
 }
 
 /* Convert private key blob to EVP_PKEY: RSA and DSA keys supported */
@@ -141,9 +80,9 @@ static int read_lebn(const unsigned char **in, unsigned int nbyte, BIGNUM **r)
 /* Maximum salt length */
 # define PVK_MAX_SALTLEN         10240
 
-static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length,
+static EVP_PKEY *b2i_rsa(const unsigned char **in,
                          unsigned int bitlen, int ispub);
-static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length,
+static EVP_PKEY *b2i_dss(const unsigned char **in,
                          unsigned int bitlen, int ispub);
 
 static int do_blob_header(const unsigned char **in, unsigned int length,
@@ -183,6 +122,7 @@ static int do_blob_header(const unsigned char **in, unsigned int length,
 
     case MS_DSS1MAGIC:
         *pisdss = 1;
+        /* fall thru */
     case MS_RSA1MAGIC:
         if (*pispub == 0) {
             PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_EXPECTING_PRIVATE_KEY_BLOB);
@@ -192,6 +132,7 @@ static int do_blob_header(const unsigned char **in, unsigned int length,
 
     case MS_DSS2MAGIC:
         *pisdss = 1;
+        /* fall thru */
     case MS_RSA2MAGIC:
         if (*pispub == 1) {
             PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_EXPECTING_PUBLIC_KEY_BLOB);
@@ -256,9 +197,9 @@ static EVP_PKEY *do_b2i(const unsigned char **in, unsigned int length,
         return NULL;
     }
     if (isdss)
-        return b2i_dss(&p, length, bitlen, ispub);
+        return b2i_dss(&p, bitlen, ispub);
     else
-        return b2i_rsa(&p, length, bitlen, ispub);
+        return b2i_rsa(&p, bitlen, ispub);
 }
 
 static EVP_PKEY *do_b2i_bio(BIO *in, int ispub)
@@ -282,7 +223,7 @@ static EVP_PKEY *do_b2i_bio(BIO *in, int ispub)
         return NULL;
     }
     buf = OPENSSL_malloc(length);
-    if (!buf) {
+    if (buf == NULL) {
         PEMerr(PEM_F_DO_B2I_BIO, ERR_R_MALLOC_FAILURE);
         goto err;
     }
@@ -293,17 +234,16 @@ static EVP_PKEY *do_b2i_bio(BIO *in, int ispub)
     }
 
     if (isdss)
-        ret = b2i_dss(&p, length, bitlen, ispub);
+        ret = b2i_dss(&p, bitlen, ispub);
     else
-        ret = b2i_rsa(&p, length, bitlen, ispub);
+        ret = b2i_rsa(&p, bitlen, ispub);
 
  err:
-    if (buf)
-        OPENSSL_free(buf);
+    OPENSSL_free(buf);
     return ret;
 }
 
-static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length,
+static EVP_PKEY *b2i_dss(const unsigned char **in,
                          unsigned int bitlen, int ispub)
 {
     const unsigned char *p = *in;
@@ -311,97 +251,133 @@ static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length,
     DSA *dsa = NULL;
     BN_CTX *ctx = NULL;
     unsigned int nbyte;
+    BIGNUM *pbn = NULL, *qbn = NULL, *gbn = NULL, *priv_key = NULL;
+    BIGNUM *pub_key = NULL;
+
     nbyte = (bitlen + 7) >> 3;
 
     dsa = DSA_new();
     ret = EVP_PKEY_new();
-    if (!dsa || !ret)
+    if (dsa == NULL || ret == NULL)
         goto memerr;
-    if (!read_lebn(&p, nbyte, &dsa->p))
+    if (!read_lebn(&p, nbyte, &pbn))
         goto memerr;
-    if (!read_lebn(&p, 20, &dsa->q))
+
+    if (!read_lebn(&p, 20, &qbn))
         goto memerr;
-    if (!read_lebn(&p, nbyte, &dsa->g))
+
+    if (!read_lebn(&p, nbyte, &gbn))
         goto memerr;
+
     if (ispub) {
-        if (!read_lebn(&p, nbyte, &dsa->pub_key))
+        if (!read_lebn(&p, nbyte, &pub_key))
             goto memerr;
     } else {
-        if (!read_lebn(&p, 20, &dsa->priv_key))
+        if (!read_lebn(&p, 20, &priv_key))
             goto memerr;
+
         /* Calculate public key */
-        if (!(dsa->pub_key = BN_new()))
+        pub_key = BN_new();
+        if (pub_key == NULL)
             goto memerr;
-        if (!(ctx = BN_CTX_new()))
+        if ((ctx = BN_CTX_new()) == NULL)
             goto memerr;
 
-        if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx))
-
+        if (!BN_mod_exp(pub_key, gbn, priv_key, pbn, ctx))
             goto memerr;
+
         BN_CTX_free(ctx);
+        ctx = NULL;
     }
+    if (!DSA_set0_pqg(dsa, pbn, qbn, gbn))
+        goto memerr;
+    pbn = qbn = gbn = NULL;
+    if (!DSA_set0_key(dsa, pub_key, priv_key))
+        goto memerr;
+    pub_key = priv_key = NULL;
 
-    EVP_PKEY_set1_DSA(ret, dsa);
+    if (!EVP_PKEY_set1_DSA(ret, dsa))
+        goto memerr;
     DSA_free(dsa);
     *in = p;
     return ret;
 
  memerr:
     PEMerr(PEM_F_B2I_DSS, ERR_R_MALLOC_FAILURE);
-    if (dsa)
-        DSA_free(dsa);
-    if (ret)
-        EVP_PKEY_free(ret);
-    if (ctx)
-        BN_CTX_free(ctx);
+    DSA_free(dsa);
+    BN_free(pbn);
+    BN_free(qbn);
+    BN_free(gbn);
+    BN_free(pub_key);
+    BN_free(priv_key);
+    EVP_PKEY_free(ret);
+    BN_CTX_free(ctx);
     return NULL;
 }
 
-static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length,
+static EVP_PKEY *b2i_rsa(const unsigned char **in,
                          unsigned int bitlen, int ispub)
 {
-    const unsigned char *p = *in;
+    const unsigned char *pin = *in;
     EVP_PKEY *ret = NULL;
+    BIGNUM *e = NULL, *n = NULL, *d = NULL;
+    BIGNUM *p = NULL, *q = NULL, *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL;
     RSA *rsa = NULL;
     unsigned int nbyte, hnbyte;
     nbyte = (bitlen + 7) >> 3;
     hnbyte = (bitlen + 15) >> 4;
     rsa = RSA_new();
     ret = EVP_PKEY_new();
-    if (!rsa || !ret)
+    if (rsa == NULL || ret == NULL)
         goto memerr;
-    rsa->e = BN_new();
-    if (!rsa->e)
+    e = BN_new();
+    if (e == NULL)
         goto memerr;
-    if (!BN_set_word(rsa->e, read_ledword(&p)))
+    if (!BN_set_word(e, read_ledword(&pin)))
         goto memerr;
-    if (!read_lebn(&p, nbyte, &rsa->n))
+    if (!read_lebn(&pin, nbyte, &n))
         goto memerr;
     if (!ispub) {
-        if (!read_lebn(&p, hnbyte, &rsa->p))
+        if (!read_lebn(&pin, hnbyte, &p))
+            goto memerr;
+        if (!read_lebn(&pin, hnbyte, &q))
+            goto memerr;
+        if (!read_lebn(&pin, hnbyte, &dmp1))
             goto memerr;
-        if (!read_lebn(&p, hnbyte, &rsa->q))
+        if (!read_lebn(&pin, hnbyte, &dmq1))
             goto memerr;
-        if (!read_lebn(&p, hnbyte, &rsa->dmp1))
+        if (!read_lebn(&pin, hnbyte, &iqmp))
             goto memerr;
-        if (!read_lebn(&p, hnbyte, &rsa->dmq1))
+        if (!read_lebn(&pin, nbyte, &d))
             goto memerr;
-        if (!read_lebn(&p, hnbyte, &rsa->iqmp))
+        if (!RSA_set0_factors(rsa, p, q))
             goto memerr;
-        if (!read_lebn(&p, nbyte, &rsa->d))
+        p = q = NULL;
+        if (!RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp))
             goto memerr;
+        dmp1 = dmq1 = iqmp = NULL;
     }
+    if (!RSA_set0_key(rsa, n, e, d))
+        goto memerr;
+    n = e = d = NULL;
 
-    EVP_PKEY_set1_RSA(ret, rsa);
+    if (!EVP_PKEY_set1_RSA(ret, rsa))
+        goto memerr;
     RSA_free(rsa);
-    *in = p;
+    *in = pin;
     return ret;
  memerr:
     PEMerr(PEM_F_B2I_RSA, ERR_R_MALLOC_FAILURE);
-    if (rsa)
-        RSA_free(rsa);
-    if (ret)
-        EVP_PKEY_free(ret);
+    BN_free(e);
+    BN_free(n);
+    BN_free(p);
+    BN_free(q);
+    BN_free(dmp1);
+    BN_free(dmq1);
+    BN_free(iqmp);
+    BN_free(d);
+    RSA_free(rsa);
+    EVP_PKEY_free(ret);
     return NULL;
 }
 
@@ -437,26 +413,8 @@ static void write_ledword(unsigned char **out, unsigned int dw)
 
 static void write_lebn(unsigned char **out, const BIGNUM *bn, int len)
 {
-    int nb, i;
-    unsigned char *p = *out, *q, c;
-    nb = BN_num_bytes(bn);
-    BN_bn2bin(bn, p);
-    q = p + nb - 1;
-    /* In place byte order reversal */
-    for (i = 0; i < nb / 2; i++) {
-        c = *p;
-        *p++ = *q;
-        *q-- = c;
-    }
-    *out += nb;
-    /* Pad with zeroes if we have to */
-    if (len > 0) {
-        len -= nb;
-        if (len > 0) {
-            memset(*out, 0, len);
-            *out += len;
-        }
-    }
+    BN_bn2lebinpad(bn, *out, len);
+    *out += len;
 }
 
 static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *magic);
@@ -470,11 +428,12 @@ static int do_i2b(unsigned char **out, EVP_PKEY *pk, int ispub)
     unsigned char *p;
     unsigned int bitlen, magic = 0, keyalg;
     int outlen, noinc = 0;
-    if (pk->type == EVP_PKEY_DSA) {
-        bitlen = check_bitlen_dsa(pk->pkey.dsa, ispub, &magic);
+    int pktype = EVP_PKEY_id(pk);
+    if (pktype == EVP_PKEY_DSA) {
+        bitlen = check_bitlen_dsa(EVP_PKEY_get0_DSA(pk), ispub, &magic);
         keyalg = MS_KEYALG_DSS_SIGN;
-    } else if (pk->type == EVP_PKEY_RSA) {
-        bitlen = check_bitlen_rsa(pk->pkey.rsa, ispub, &magic);
+    } else if (pktype == EVP_PKEY_RSA) {
+        bitlen = check_bitlen_rsa(EVP_PKEY_get0_RSA(pk), ispub, &magic);
         keyalg = MS_KEYALG_RSA_KEYX;
     } else
         return -1;
@@ -487,9 +446,10 @@ static int do_i2b(unsigned char **out, EVP_PKEY *pk, int ispub)
     if (*out)
         p = *out;
     else {
-        p = OPENSSL_malloc(outlen);
-        if (!p)
+        if ((p = OPENSSL_malloc(outlen)) == NULL) {
+            PEMerr(PEM_F_DO_I2B, ERR_R_MALLOC_FAILURE);
             return -1;
+        }
         *out = p;
         noinc = 1;
     }
@@ -504,9 +464,9 @@ static int do_i2b(unsigned char **out, EVP_PKEY *pk, int ispub)
     write_ledword(&p, magic);
     write_ledword(&p, bitlen);
     if (keyalg == MS_KEYALG_DSS_SIGN)
-        write_dsa(&p, pk->pkey.dsa, ispub);
+        write_dsa(&p, EVP_PKEY_get0_DSA(pk), ispub);
     else
-        write_rsa(&p, pk->pkey.rsa, ispub);
+        write_rsa(&p, EVP_PKEY_get0_RSA(pk), ispub);
     if (!noinc)
         *out += outlen;
     return outlen;
@@ -529,16 +489,21 @@ static int do_i2b_bio(BIO *out, EVP_PKEY *pk, int ispub)
 static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *pmagic)
 {
     int bitlen;
-    bitlen = BN_num_bits(dsa->p);
-    if ((bitlen & 7) || (BN_num_bits(dsa->q) != 160)
-        || (BN_num_bits(dsa->g) > bitlen))
+    const BIGNUM *p = NULL, *q = NULL, *g = NULL;
+    const BIGNUM *pub_key = NULL, *priv_key = NULL;
+
+    DSA_get0_pqg(dsa, &p, &q, &g);
+    DSA_get0_key(dsa, &pub_key, &priv_key);
+    bitlen = BN_num_bits(p);
+    if ((bitlen & 7) || (BN_num_bits(q) != 160)
+        || (BN_num_bits(g) > bitlen))
         goto badkey;
     if (ispub) {
-        if (BN_num_bits(dsa->pub_key) > bitlen)
+        if (BN_num_bits(pub_key) > bitlen)
             goto badkey;
         *pmagic = MS_DSS1MAGIC;
     } else {
-        if (BN_num_bits(dsa->priv_key) > 160)
+        if (BN_num_bits(priv_key) > 160)
             goto badkey;
         *pmagic = MS_DSS2MAGIC;
     }
@@ -552,26 +517,35 @@ static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *pmagic)
 static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *pmagic)
 {
     int nbyte, hnbyte, bitlen;
-    if (BN_num_bits(rsa->e) > 32)
+    const BIGNUM *e;
+
+    RSA_get0_key(rsa, NULL, &e, NULL);
+    if (BN_num_bits(e) > 32)
         goto badkey;
-    bitlen = BN_num_bits(rsa->n);
-    nbyte = BN_num_bytes(rsa->n);
-    hnbyte = (BN_num_bits(rsa->n) + 15) >> 4;
+    bitlen = RSA_bits(rsa);
+    nbyte = RSA_size(rsa);
+    hnbyte = (bitlen + 15) >> 4;
     if (ispub) {
         *pmagic = MS_RSA1MAGIC;
         return bitlen;
     } else {
+        const BIGNUM *d, *p, *q, *iqmp, *dmp1, *dmq1;
+
         *pmagic = MS_RSA2MAGIC;
+
         /*
          * For private key each component must fit within nbyte or hnbyte.
          */
-        if (BN_num_bytes(rsa->d) > nbyte)
+        RSA_get0_key(rsa, NULL, NULL, &d);
+        if (BN_num_bytes(d) > nbyte)
             goto badkey;
-        if ((BN_num_bytes(rsa->iqmp) > hnbyte)
-            || (BN_num_bytes(rsa->p) > hnbyte)
-            || (BN_num_bytes(rsa->q) > hnbyte)
-            || (BN_num_bytes(rsa->dmp1) > hnbyte)
-            || (BN_num_bytes(rsa->dmq1) > hnbyte))
+        RSA_get0_factors(rsa, &p, &q);
+        RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
+        if ((BN_num_bytes(iqmp) > hnbyte)
+            || (BN_num_bytes(p) > hnbyte)
+            || (BN_num_bytes(q) > hnbyte)
+            || (BN_num_bytes(dmp1) > hnbyte)
+            || (BN_num_bytes(dmq1) > hnbyte))
             goto badkey;
     }
     return bitlen;
@@ -583,31 +557,41 @@ static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *pmagic)
 static void write_rsa(unsigned char **out, RSA *rsa, int ispub)
 {
     int nbyte, hnbyte;
-    nbyte = BN_num_bytes(rsa->n);
-    hnbyte = (BN_num_bits(rsa->n) + 15) >> 4;
-    write_lebn(out, rsa->e, 4);
-    write_lebn(out, rsa->n, -1);
+    const BIGNUM *n, *d, *e, *p, *q, *iqmp, *dmp1, *dmq1;
+
+    nbyte = RSA_size(rsa);
+    hnbyte = (RSA_bits(rsa) + 15) >> 4;
+    RSA_get0_key(rsa, &n, &e, &d);
+    write_lebn(out, e, 4);
+    write_lebn(out, n, nbyte);
     if (ispub)
         return;
-    write_lebn(out, rsa->p, hnbyte);
-    write_lebn(out, rsa->q, hnbyte);
-    write_lebn(out, rsa->dmp1, hnbyte);
-    write_lebn(out, rsa->dmq1, hnbyte);
-    write_lebn(out, rsa->iqmp, hnbyte);
-    write_lebn(out, rsa->d, nbyte);
+    RSA_get0_factors(rsa, &p, &q);
+    RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
+    write_lebn(out, p, hnbyte);
+    write_lebn(out, q, hnbyte);
+    write_lebn(out, dmp1, hnbyte);
+    write_lebn(out, dmq1, hnbyte);
+    write_lebn(out, iqmp, hnbyte);
+    write_lebn(out, d, nbyte);
 }
 
 static void write_dsa(unsigned char **out, DSA *dsa, int ispub)
 {
     int nbyte;
-    nbyte = BN_num_bytes(dsa->p);
-    write_lebn(out, dsa->p, nbyte);
-    write_lebn(out, dsa->q, 20);
-    write_lebn(out, dsa->g, nbyte);
+    const BIGNUM *p = NULL, *q = NULL, *g = NULL;
+    const BIGNUM *pub_key = NULL, *priv_key = NULL;
+
+    DSA_get0_pqg(dsa, &p, &q, &g);
+    DSA_get0_key(dsa, &pub_key, &priv_key);
+    nbyte = BN_num_bytes(p);
+    write_lebn(out, p, nbyte);
+    write_lebn(out, q, 20);
+    write_lebn(out, g, nbyte);
     if (ispub)
-        write_lebn(out, dsa->pub_key, nbyte);
+        write_lebn(out, pub_key, nbyte);
     else
-        write_lebn(out, dsa->priv_key, 20);
+        write_lebn(out, priv_key, 20);
     /* Set "invalid" for seed structure values */
     memset(*out, 0xff, 24);
     *out += 24;
@@ -673,16 +657,16 @@ static int derive_pvk_key(unsigned char *key,
                           const unsigned char *salt, unsigned int saltlen,
                           const unsigned char *pass, int passlen)
 {
-    EVP_MD_CTX mctx;
+    EVP_MD_CTX *mctx = EVP_MD_CTX_new();
     int rv = 1;
-    EVP_MD_CTX_init(&mctx);
-    if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL)
-        || !EVP_DigestUpdate(&mctx, salt, saltlen)
-        || !EVP_DigestUpdate(&mctx, pass, passlen)
-        || !EVP_DigestFinal_ex(&mctx, key, NULL))
+    if (mctx == NULL
+        || !EVP_DigestInit_ex(mctx, EVP_sha1(), NULL)
+        || !EVP_DigestUpdate(mctx, salt, saltlen)
+        || !EVP_DigestUpdate(mctx, pass, passlen)
+        || !EVP_DigestFinal_ex(mctx, key, NULL))
         rv = 0;
 
-    EVP_MD_CTX_cleanup(&mctx);
+    EVP_MD_CTX_free(mctx);
     return rv;
 }
 
@@ -694,11 +678,11 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in,
     const unsigned char *p = *in;
     unsigned int magic;
     unsigned char *enctmp = NULL, *q;
-    EVP_CIPHER_CTX cctx;
-    EVP_CIPHER_CTX_init(&cctx);
+    unsigned char keybuf[20];
+
+    EVP_CIPHER_CTX *cctx = EVP_CIPHER_CTX_new();
     if (saltlen) {
         char psbuf[PEM_BUFSIZE];
-        unsigned char keybuf[20];
         int enctmplen, inlen;
         if (cb)
             inlen = cb(psbuf, PEM_BUFSIZE, 0, u);
@@ -709,7 +693,7 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in,
             goto err;
         }
         enctmp = OPENSSL_malloc(keylen + 8);
-        if (!enctmp) {
+        if (enctmp == NULL) {
             PEMerr(PEM_F_DO_PVK_BODY, ERR_R_MALLOC_FAILURE);
             goto err;
         }
@@ -726,38 +710,38 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in,
         }
         inlen = keylen - 8;
         q = enctmp + 8;
-        if (!EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL))
+        if (!EVP_DecryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL))
             goto err;
-        if (!EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen))
+        if (!EVP_DecryptUpdate(cctx, q, &enctmplen, p, inlen))
             goto err;
-        if (!EVP_DecryptFinal_ex(&cctx, q + enctmplen, &enctmplen))
+        if (!EVP_DecryptFinal_ex(cctx, q + enctmplen, &enctmplen))
             goto err;
         magic = read_ledword((const unsigned char **)&q);
         if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) {
             q = enctmp + 8;
             memset(keybuf + 5, 0, 11);
-            if (!EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL))
+            if (!EVP_DecryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL))
                 goto err;
-            OPENSSL_cleanse(keybuf, 20);
-            if (!EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen))
+            if (!EVP_DecryptUpdate(cctx, q, &enctmplen, p, inlen))
                 goto err;
-            if (!EVP_DecryptFinal_ex(&cctx, q + enctmplen, &enctmplen))
+            if (!EVP_DecryptFinal_ex(cctx, q + enctmplen, &enctmplen))
                 goto err;
             magic = read_ledword((const unsigned char **)&q);
             if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) {
                 PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_DECRYPT);
                 goto err;
             }
-        } else
-            OPENSSL_cleanse(keybuf, 20);
+        }
         p = enctmp;
     }
 
     ret = b2i_PrivateKey(&p, keylen);
  err:
-    EVP_CIPHER_CTX_cleanup(&cctx);
-    if (enctmp && saltlen)
+    EVP_CIPHER_CTX_free(cctx);
+    if (enctmp != NULL) {
+        OPENSSL_cleanse(keybuf, sizeof(keybuf));
         OPENSSL_free(enctmp);
+    }
     return ret;
 }
 
@@ -778,7 +762,7 @@ EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u)
         return 0;
     buflen = (int)keylen + saltlen;
     buf = OPENSSL_malloc(buflen);
-    if (!buf) {
+    if (buf == NULL) {
         PEMerr(PEM_F_B2I_PVK_BIO, ERR_R_MALLOC_FAILURE);
         return 0;
     }
@@ -790,10 +774,7 @@ EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u)
     ret = do_PVK_body(&p, saltlen, keylen, cb, u);
 
  err:
-    if (buf) {
-        OPENSSL_cleanse(buf, buflen);
-        OPENSSL_free(buf);
-    }
+    OPENSSL_clear_free(buf, buflen);
     return ret;
 }
 
@@ -801,31 +782,33 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY *pk, int enclevel,
                    pem_password_cb *cb, void *u)
 {
     int outlen = 24, pklen;
-    unsigned char *p, *salt = NULL;
-    EVP_CIPHER_CTX cctx;
-    EVP_CIPHER_CTX_init(&cctx);
+    unsigned char *p = NULL, *start = NULL, *salt = NULL;
+    EVP_CIPHER_CTX *cctx = NULL;
     if (enclevel)
         outlen += PVK_SALTLEN;
     pklen = do_i2b(NULL, pk, 0);
     if (pklen < 0)
         return -1;
     outlen += pklen;
-    if (!out)
+    if (out == NULL)
         return outlen;
-    if (*out)
+    if (*out != NULL) {
         p = *out;
-    else {
-        p = OPENSSL_malloc(outlen);
-        if (!p) {
+    } else {
+        start = p = OPENSSL_malloc(outlen);
+        if (p == NULL) {
             PEMerr(PEM_F_I2B_PVK, ERR_R_MALLOC_FAILURE);
             return -1;
         }
-        *out = p;
     }
 
+    cctx = EVP_CIPHER_CTX_new();
+    if (cctx == NULL)
+        goto error;
+
     write_ledword(&p, MS_PVKMAGIC);
     write_ledword(&p, 0);
-    if (pk->type == EVP_PKEY_DSA)
+    if (EVP_PKEY_id(pk) == EVP_PKEY_DSA)
         write_ledword(&p, MS_KEYTYPE_SIGN);
     else
         write_ledword(&p, MS_KEYTYPE_KEYX);
@@ -839,9 +822,7 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY *pk, int enclevel,
         p += PVK_SALTLEN;
     }
     do_i2b(&p, pk, 0);
-    if (enclevel == 0)
-        return outlen;
-    else {
+    if (enclevel != 0) {
         char psbuf[PEM_BUFSIZE];
         unsigned char keybuf[20];
         int enctmplen, inlen;
@@ -859,19 +840,26 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY *pk, int enclevel,
         if (enclevel == 1)
             memset(keybuf + 5, 0, 11);
         p = salt + PVK_SALTLEN + 8;
-        if (!EVP_EncryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL))
+        if (!EVP_EncryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL))
             goto error;
         OPENSSL_cleanse(keybuf, 20);
-        if (!EVP_DecryptUpdate(&cctx, p, &enctmplen, p, pklen - 8))
+        if (!EVP_DecryptUpdate(cctx, p, &enctmplen, p, pklen - 8))
             goto error;
-        if (!EVP_DecryptFinal_ex(&cctx, p + enctmplen, &enctmplen))
+        if (!EVP_DecryptFinal_ex(cctx, p + enctmplen, &enctmplen))
             goto error;
     }
-    EVP_CIPHER_CTX_cleanup(&cctx);
+
+    EVP_CIPHER_CTX_free(cctx);
+
+    if (*out == NULL)
+        *out = start;
+
     return outlen;
 
  error:
-    EVP_CIPHER_CTX_cleanup(&cctx);
+    EVP_CIPHER_CTX_free(cctx);
+    if (*out == NULL)
+        OPENSSL_free(start);
     return -1;
 }
 
diff --git a/freebsd/crypto/openssl/crypto/pkcs12/p12_add.c b/freebsd/crypto/openssl/crypto/pkcs12/p12_add.c
index 6c23f122..38db672d 100644
--- a/freebsd/crypto/openssl/crypto/pkcs12/p12_add.c
+++ b/freebsd/crypto/openssl/crypto/pkcs12/p12_add.c
@@ -1,67 +1,18 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* p12_add.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/pkcs12.h>
+#include "p12_lcl.h"
 
 /* Pack an object into an OCTET STRING and turn into a safebag */
 
@@ -70,7 +21,8 @@ PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it,
 {
     PKCS12_BAGS *bag;
     PKCS12_SAFEBAG *safebag;
-    if (!(bag = PKCS12_BAGS_new())) {
+
+    if ((bag = PKCS12_BAGS_new()) == NULL) {
         PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
@@ -79,7 +31,7 @@ PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it,
         PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
         goto err;
     }
-    if (!(safebag = PKCS12_SAFEBAG_new())) {
+    if ((safebag = PKCS12_SAFEBAG_new()) == NULL) {
         PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
         goto err;
     }
@@ -92,64 +44,17 @@ PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it,
     return NULL;
 }
 
-/* Turn PKCS8 object into a keybag */
-
-PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8)
-{
-    PKCS12_SAFEBAG *bag;
-    if (!(bag = PKCS12_SAFEBAG_new())) {
-        PKCS12err(PKCS12_F_PKCS12_MAKE_KEYBAG, ERR_R_MALLOC_FAILURE);
-        return NULL;
-    }
-    bag->type = OBJ_nid2obj(NID_keyBag);
-    bag->value.keybag = p8;
-    return bag;
-}
-
-/* Turn PKCS8 object into a shrouded keybag */
-
-PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
-                                     int passlen, unsigned char *salt,
-                                     int saltlen, int iter,
-                                     PKCS8_PRIV_KEY_INFO *p8)
-{
-    PKCS12_SAFEBAG *bag;
-    const EVP_CIPHER *pbe_ciph;
-
-    /* Set up the safe bag */
-    if (!(bag = PKCS12_SAFEBAG_new())) {
-        PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
-        return NULL;
-    }
-
-    bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
-
-    pbe_ciph = EVP_get_cipherbynid(pbe_nid);
-
-    if (pbe_ciph)
-        pbe_nid = -1;
-
-    if (!(bag->value.shkeybag =
-          PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter,
-                        p8))) {
-        PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
-        PKCS12_SAFEBAG_free(bag);
-        return NULL;
-    }
-
-    return bag;
-}
-
 /* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */
 PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)
 {
     PKCS7 *p7;
-    if (!(p7 = PKCS7_new())) {
+
+    if ((p7 = PKCS7_new()) == NULL) {
         PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
     p7->type = OBJ_nid2obj(NID_pkcs7_data);
-    if (!(p7->d.data = M_ASN1_OCTET_STRING_new())) {
+    if ((p7->d.data = ASN1_OCTET_STRING_new()) == NULL) {
         PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
         goto err;
     }
@@ -185,7 +90,8 @@ PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
     PKCS7 *p7;
     X509_ALGOR *pbe;
     const EVP_CIPHER *pbe_ciph;
-    if (!(p7 = PKCS7_new())) {
+
+    if ((p7 = PKCS7_new()) == NULL) {
         PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
@@ -208,7 +114,7 @@ PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
     }
     X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm);
     p7->d.encrypted->enc_data->algorithm = pbe;
-    M_ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data);
+    ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data);
     if (!(p7->d.encrypted->enc_data->enc_data =
           PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass,
                                   passlen, bags, 1))) {
@@ -234,7 +140,7 @@ STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass,
                                    p7->d.encrypted->enc_data->enc_data, 1);
 }
 
-PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag,
+PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag,
                                          const char *pass, int passlen)
 {
     return PKCS8_decrypt(bag->value.shkeybag, pass, passlen);
@@ -248,7 +154,7 @@ int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes)
     return 0;
 }
 
-STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12)
+STACK_OF(PKCS7) *PKCS12_unpack_authsafes(const PKCS12 *p12)
 {
     if (!PKCS7_type_is_data(p12->authsafes)) {
         PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES,
diff --git a/freebsd/crypto/openssl/crypto/pkcs12/p12_asn.c b/freebsd/crypto/openssl/crypto/pkcs12/p12_asn.c
index 7898350d..17d8dff5 100644
--- a/freebsd/crypto/openssl/crypto/pkcs12/p12_asn.c
+++ b/freebsd/crypto/openssl/crypto/pkcs12/p12_asn.c
@@ -1,68 +1,19 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* p12_asn.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999-2018 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/pkcs12.h>
+#include "p12_lcl.h"
 
 /* PKCS#12 ASN1 module */
 
diff --git a/freebsd/crypto/openssl/crypto/pkcs12/p12_attr.c b/freebsd/crypto/openssl/crypto/pkcs12/p12_attr.c
index 22096740..2afb11b0 100644
--- a/freebsd/crypto/openssl/crypto/pkcs12/p12_attr.c
+++ b/freebsd/crypto/openssl/crypto/pkcs12/p12_attr.c
@@ -1,67 +1,18 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* p12_attr.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/pkcs12.h>
+#include "p12_lcl.h"
 
 /* Add a local keyid to a safebag */
 
@@ -79,13 +30,9 @@ int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name,
 
 int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage)
 {
-    unsigned char us_val;
-    us_val = (unsigned char)usage;
-    if (X509at_add1_attr_by_NID(&p8->attributes, NID_key_usage,
-                                V_ASN1_BIT_STRING, &us_val, 1))
-        return 1;
-    else
-        return 0;
+    unsigned char us_val = (unsigned char)usage;
+    return PKCS8_pkey_add1_attr_by_NID(p8, NID_key_usage,
+                                       V_ASN1_BIT_STRING, &us_val, 1);
 }
 
 /* Add a friendlyname to a safebag */
@@ -100,6 +47,16 @@ int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,
         return 0;
 }
 
+int PKCS12_add_friendlyname_utf8(PKCS12_SAFEBAG *bag, const char *name,
+                                int namelen)
+{
+    if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName,
+                                MBSTRING_UTF8, (unsigned char *)name, namelen))
+        return 1;
+    else
+        return 0;
+}
+
 int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag,
                                 const unsigned char *name, int namelen)
 {
@@ -119,31 +76,30 @@ int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, int namelen)
         return 0;
 }
 
-ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid)
+ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs,
+                               int attr_nid)
 {
     X509_ATTRIBUTE *attrib;
     int i;
-    if (!attrs)
-        return NULL;
-    for (i = 0; i < sk_X509_ATTRIBUTE_num(attrs); i++) {
-        attrib = sk_X509_ATTRIBUTE_value(attrs, i);
-        if (OBJ_obj2nid(attrib->object) == attr_nid) {
-            if (sk_ASN1_TYPE_num(attrib->value.set))
-                return sk_ASN1_TYPE_value(attrib->value.set, 0);
-            else
-                return NULL;
-        }
-    }
-    return NULL;
+    i = X509at_get_attr_by_NID(attrs, attr_nid, -1);
+    attrib = X509at_get_attr(attrs, i);
+    return X509_ATTRIBUTE_get0_type(attrib, 0);
 }
 
 char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag)
 {
-    ASN1_TYPE *atype;
-    if (!(atype = PKCS12_get_attr(bag, NID_friendlyName)))
+    const ASN1_TYPE *atype;
+
+    if ((atype = PKCS12_SAFEBAG_get0_attr(bag, NID_friendlyName)) == NULL)
         return NULL;
     if (atype->type != V_ASN1_BMPSTRING)
         return NULL;
-    return OPENSSL_uni2asc(atype->value.bmpstring->data,
-                           atype->value.bmpstring->length);
+    return OPENSSL_uni2utf8(atype->value.bmpstring->data,
+                            atype->value.bmpstring->length);
+}
+
+const STACK_OF(X509_ATTRIBUTE) *
+PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag)
+{
+    return bag->attrib;
 }
diff --git a/freebsd/crypto/openssl/crypto/pkcs12/p12_crpt.c b/freebsd/crypto/openssl/crypto/pkcs12/p12_crpt.c
index ddd061c3..150f0991 100644
--- a/freebsd/crypto/openssl/crypto/pkcs12/p12_crpt.c
+++ b/freebsd/crypto/openssl/crypto/pkcs12/p12_crpt.c
@@ -1,66 +1,16 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* p12_crpt.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/pkcs12.h>
 
 /* PKCS#12 PBE algorithms now in static table */
@@ -76,21 +26,22 @@ int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
     PBEPARAM *pbe;
     int saltlen, iter, ret;
     unsigned char *salt;
-    const unsigned char *pbuf;
     unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
+    int (*pkcs12_key_gen)(const char *pass, int passlen,
+                          unsigned char *salt, int slen,
+                          int id, int iter, int n,
+                          unsigned char *out,
+                          const EVP_MD *md_type);
+
+    pkcs12_key_gen = PKCS12_key_gen_utf8;
 
     if (cipher == NULL)
         return 0;
 
     /* Extract useful info from parameter */
-    if (param == NULL || param->type != V_ASN1_SEQUENCE ||
-        param->value.sequence == NULL) {
-        PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_DECODE_ERROR);
-        return 0;
-    }
 
-    pbuf = param->value.sequence->data;
-    if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) {
+    pbe = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBEPARAM), param);
+    if (pbe == NULL) {
         PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_DECODE_ERROR);
         return 0;
     }
@@ -101,14 +52,14 @@ int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
         iter = ASN1_INTEGER_get(pbe->iter);
     salt = pbe->salt->data;
     saltlen = pbe->salt->length;
-    if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_KEY_ID,
-                        iter, EVP_CIPHER_key_length(cipher), key, md)) {
+    if (!(*pkcs12_key_gen)(pass, passlen, salt, saltlen, PKCS12_KEY_ID,
+                           iter, EVP_CIPHER_key_length(cipher), key, md)) {
         PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_KEY_GEN_ERROR);
         PBEPARAM_free(pbe);
         return 0;
     }
-    if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_IV_ID,
-                        iter, EVP_CIPHER_iv_length(cipher), iv, md)) {
+    if (!(*pkcs12_key_gen)(pass, passlen, salt, saltlen, PKCS12_IV_ID,
+                           iter, EVP_CIPHER_iv_length(cipher), iv, md)) {
         PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_IV_GEN_ERROR);
         PBEPARAM_free(pbe);
         return 0;
diff --git a/freebsd/crypto/openssl/crypto/pkcs12/p12_crt.c b/freebsd/crypto/openssl/crypto/pkcs12/p12_crt.c
index 718e28af..be443ba9 100644
--- a/freebsd/crypto/openssl/crypto/pkcs12/p12_crt.c
+++ b/freebsd/crypto/openssl/crypto/pkcs12/p12_crt.c
@@ -1,67 +1,18 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* p12_crt.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/pkcs12.h>
+#include "p12_lcl.h"
 
 static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags,
                           PKCS12_SAFEBAG *bag);
@@ -79,7 +30,7 @@ static int copy_bag_attr(PKCS12_SAFEBAG *bag, EVP_PKEY *pkey, int nid)
     return 1;
 }
 
-PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
+PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, X509 *cert,
                       STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter,
                       int mac_iter, int keytype)
 {
@@ -92,18 +43,12 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
     unsigned int keyidlen = 0;
 
     /* Set defaults */
-    if (!nid_cert) {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode())
-            nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
-        else
-#endif
+    if (!nid_cert)
 #ifdef OPENSSL_NO_RC2
-            nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+        nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
 #else
-            nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
+        nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
 #endif
-    }
     if (!nid_key)
         nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
     if (!iter)
@@ -181,13 +126,9 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
     return p12;
 
  err:
-
-    if (p12)
-        PKCS12_free(p12);
-    if (safes)
-        sk_PKCS7_pop_free(safes, PKCS7_free);
-    if (bags)
-        sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+    PKCS12_free(p12);
+    sk_PKCS7_pop_free(safes, PKCS7_free);
+    sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
     return NULL;
 
 }
@@ -201,7 +142,7 @@ PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert)
     int keyidlen = -1;
 
     /* Add user certificate */
-    if (!(bag = PKCS12_x5092certbag(cert)))
+    if ((bag = PKCS12_SAFEBAG_create_cert(cert)) == NULL)
         goto err;
 
     /*
@@ -224,32 +165,30 @@ PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert)
     return bag;
 
  err:
-
-    if (bag)
-        PKCS12_SAFEBAG_free(bag);
-
+    PKCS12_SAFEBAG_free(bag);
     return NULL;
 
 }
 
 PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
                                EVP_PKEY *key, int key_usage, int iter,
-                               int nid_key, char *pass)
+                               int nid_key, const char *pass)
 {
 
     PKCS12_SAFEBAG *bag = NULL;
     PKCS8_PRIV_KEY_INFO *p8 = NULL;
 
     /* Make a PKCS#8 structure */
-    if (!(p8 = EVP_PKEY2PKCS8(key)))
+    if ((p8 = EVP_PKEY2PKCS8(key)) == NULL)
         goto err;
     if (key_usage && !PKCS8_add_keyusage(p8, key_usage))
         goto err;
     if (nid_key != -1) {
-        bag = PKCS12_MAKE_SHKEYBAG(nid_key, pass, -1, NULL, 0, iter, p8);
+        bag = PKCS12_SAFEBAG_create_pkcs8_encrypt(nid_key, pass, -1, NULL, 0,
+                                                  iter, p8);
         PKCS8_PRIV_KEY_INFO_free(p8);
     } else
-        bag = PKCS12_MAKE_KEYBAG(p8);
+        bag = PKCS12_SAFEBAG_create0_p8inf(p8);
 
     if (!bag)
         goto err;
@@ -260,16 +199,13 @@ PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
     return bag;
 
  err:
-
-    if (bag)
-        PKCS12_SAFEBAG_free(bag);
-
+    PKCS12_SAFEBAG_free(bag);
     return NULL;
 
 }
 
 int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
-                    int nid_safe, int iter, char *pass)
+                    int nid_safe, int iter, const char *pass)
 {
     PKCS7 *p7 = NULL;
     int free_safes = 0;
@@ -306,10 +242,7 @@ int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
         sk_PKCS7_free(*psafes);
         *psafes = NULL;
     }
-
-    if (p7)
-        PKCS7_free(p7);
-
+    PKCS7_free(p7);
     return 0;
 
 }
diff --git a/freebsd/crypto/openssl/crypto/pkcs12/p12_decr.c b/freebsd/crypto/openssl/crypto/pkcs12/p12_decr.c
index 7dc7ef49..6ff16484 100644
--- a/freebsd/crypto/openssl/crypto/pkcs12/p12_decr.c
+++ b/freebsd/crypto/openssl/crypto/pkcs12/p12_decr.c
@@ -1,101 +1,56 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* p12_decr.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/pkcs12.h>
 
 /* Define this to dump decrypted output to files called DERnnn */
 /*
- * #define DEBUG_DECRYPT
+ * #define OPENSSL_DEBUG_DECRYPT
  */
 
 /*
  * Encrypt/Decrypt a buffer based on password and algor, result in a
  * OPENSSL_malloc'ed buffer
  */
-
-unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
-                                int passlen, unsigned char *in, int inlen,
+unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
+                                const char *pass, int passlen,
+                                const unsigned char *in, int inlen,
                                 unsigned char **data, int *datalen, int en_de)
 {
-    unsigned char *out;
+    unsigned char *out = NULL;
     int outlen, i;
-    EVP_CIPHER_CTX ctx;
+    EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
+
+    if (ctx == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
 
-    EVP_CIPHER_CTX_init(&ctx);
     /* Decrypt data */
     if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen,
-                            algor->parameter, &ctx, en_de)) {
+                            algor->parameter, ctx, en_de)) {
         PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,
                   PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR);
-        return NULL;
+        goto err;
     }
 
-    if (!(out = OPENSSL_malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))) {
+    if ((out = OPENSSL_malloc(inlen + EVP_CIPHER_CTX_block_size(ctx)))
+            == NULL) {
         PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_MALLOC_FAILURE);
         goto err;
     }
 
-    if (!EVP_CipherUpdate(&ctx, out, &i, in, inlen)) {
+    if (!EVP_CipherUpdate(ctx, out, &i, in, inlen)) {
         OPENSSL_free(out);
         out = NULL;
         PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_EVP_LIB);
@@ -103,7 +58,7 @@ unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
     }
 
     outlen = i;
-    if (!EVP_CipherFinal_ex(&ctx, out + i, &i)) {
+    if (!EVP_CipherFinal_ex(ctx, out + i, &i)) {
         OPENSSL_free(out);
         out = NULL;
         PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,
@@ -116,7 +71,7 @@ unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
     if (data)
         *data = out;
  err:
-    EVP_CIPHER_CTX_cleanup(&ctx);
+    EVP_CIPHER_CTX_free(ctx);
     return out;
 
 }
@@ -126,9 +81,9 @@ unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
  * after use.
  */
 
-void *PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
+void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it,
                               const char *pass, int passlen,
-                              ASN1_OCTET_STRING *oct, int zbuf)
+                              const ASN1_OCTET_STRING *oct, int zbuf)
 {
     unsigned char *out;
     const unsigned char *p;
@@ -142,7 +97,7 @@ void *PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
         return NULL;
     }
     p = out;
-#ifdef DEBUG_DECRYPT
+#ifdef OPENSSL_DEBUG_DECRYPT
     {
         FILE *op;
 
@@ -176,7 +131,8 @@ ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor,
     ASN1_OCTET_STRING *oct = NULL;
     unsigned char *in = NULL;
     int inlen;
-    if (!(oct = M_ASN1_OCTET_STRING_new())) {
+
+    if ((oct = ASN1_OCTET_STRING_new()) == NULL) {
         PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, ERR_R_MALLOC_FAILURE);
         goto err;
     }
@@ -196,9 +152,6 @@ ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor,
     OPENSSL_free(in);
     return oct;
  err:
-    if (oct)
-        ASN1_OCTET_STRING_free(oct);
+    ASN1_OCTET_STRING_free(oct);
     return NULL;
 }
-
-IMPLEMENT_PKCS12_STACK_OF(PKCS7)
diff --git a/freebsd/crypto/openssl/crypto/pkcs12/p12_init.c b/freebsd/crypto/openssl/crypto/pkcs12/p12_init.c
index 8722982b..1d25812d 100644
--- a/freebsd/crypto/openssl/crypto/pkcs12/p12_init.c
+++ b/freebsd/crypto/openssl/crypto/pkcs12/p12_init.c
@@ -1,82 +1,35 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* p12_init.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/pkcs12.h>
+#include "p12_lcl.h"
 
 /* Initialise a PKCS12 structure to take data */
 
 PKCS12 *PKCS12_init(int mode)
 {
     PKCS12 *pkcs12;
-    if (!(pkcs12 = PKCS12_new())) {
+
+    if ((pkcs12 = PKCS12_new()) == NULL) {
         PKCS12err(PKCS12_F_PKCS12_INIT, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
-    ASN1_INTEGER_set(pkcs12->version, 3);
+    if (!ASN1_INTEGER_set(pkcs12->version, 3))
+        goto err;
     pkcs12->authsafes->type = OBJ_nid2obj(mode);
     switch (mode) {
     case NID_pkcs7_data:
-        if (!(pkcs12->authsafes->d.data = M_ASN1_OCTET_STRING_new())) {
+        if ((pkcs12->authsafes->d.data = ASN1_OCTET_STRING_new()) == NULL) {
             PKCS12err(PKCS12_F_PKCS12_INIT, ERR_R_MALLOC_FAILURE);
             goto err;
         }
@@ -85,10 +38,9 @@ PKCS12 *PKCS12_init(int mode)
         PKCS12err(PKCS12_F_PKCS12_INIT, PKCS12_R_UNSUPPORTED_PKCS12_MODE);
         goto err;
     }
-
     return pkcs12;
+
  err:
-    if (pkcs12 != NULL)
-        PKCS12_free(pkcs12);
+    PKCS12_free(pkcs12);
     return NULL;
 }
diff --git a/freebsd/crypto/openssl/crypto/pkcs12/p12_key.c b/freebsd/crypto/openssl/crypto/pkcs12/p12_key.c
index e2de648b..596f4474 100644
--- a/freebsd/crypto/openssl/crypto/pkcs12/p12_key.c
+++ b/freebsd/crypto/openssl/crypto/pkcs12/p12_key.c
@@ -1,74 +1,24 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* p12_key.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/pkcs12.h>
 #include <openssl/bn.h>
 
 /* Uncomment out this line to get debugging info about key generation */
 /*
- * #define DEBUG_KEYGEN
+ * #define OPENSSL_DEBUG_KEYGEN
  */
-#ifdef DEBUG_KEYGEN
+#ifdef OPENSSL_DEBUG_KEYGEN
 # include <openssl/bio.h>
 extern BIO *bio_err;
 void h__dump(unsigned char *p, int len);
@@ -98,10 +48,30 @@ int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
                              id, iter, n, out, md_type);
     if (ret <= 0)
         return 0;
-    if (unipass) {
-        OPENSSL_cleanse(unipass, uniplen); /* Clear password from memory */
-        OPENSSL_free(unipass);
+    OPENSSL_clear_free(unipass, uniplen);
+    return ret;
+}
+
+int PKCS12_key_gen_utf8(const char *pass, int passlen, unsigned char *salt,
+                        int saltlen, int id, int iter, int n,
+                        unsigned char *out, const EVP_MD *md_type)
+{
+    int ret;
+    unsigned char *unipass;
+    int uniplen;
+
+    if (!pass) {
+        unipass = NULL;
+        uniplen = 0;
+    } else if (!OPENSSL_utf82uni(pass, passlen, &unipass, &uniplen)) {
+        PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UTF8, ERR_R_MALLOC_FAILURE);
+        return 0;
     }
+    ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
+                             id, iter, n, out, md_type);
+    if (ret <= 0)
+        return 0;
+    OPENSSL_clear_free(unipass, uniplen);
     return ret;
 }
 
@@ -109,26 +79,21 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
                        int saltlen, int id, int iter, int n,
                        unsigned char *out, const EVP_MD *md_type)
 {
-    unsigned char *B, *D, *I, *p, *Ai;
-    int Slen, Plen, Ilen, Ijlen;
+    unsigned char *B = NULL, *D = NULL, *I = NULL, *p = NULL, *Ai = NULL;
+    int Slen, Plen, Ilen;
     int i, j, u, v;
     int ret = 0;
-    BIGNUM *Ij, *Bpl1;          /* These hold Ij and B + 1 */
-    EVP_MD_CTX ctx;
-#ifdef  DEBUG_KEYGEN
+    EVP_MD_CTX *ctx = NULL;
+#ifdef  OPENSSL_DEBUG_KEYGEN
     unsigned char *tmpout = out;
     int tmpn = n;
 #endif
 
-#if 0
-    if (!pass) {
-        PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI, ERR_R_PASSED_NULL_PARAMETER);
-        return 0;
-    }
-#endif
+    ctx = EVP_MD_CTX_new();
+    if (ctx == NULL)
+        goto err;
 
-    EVP_MD_CTX_init(&ctx);
-#ifdef  DEBUG_KEYGEN
+#ifdef  OPENSSL_DEBUG_KEYGEN
     fprintf(stderr, "KEYGEN DEBUG\n");
     fprintf(stderr, "ID %d, ITER %d\n", id, iter);
     fprintf(stderr, "Password (length %d):\n", passlen);
@@ -138,8 +103,8 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
 #endif
     v = EVP_MD_block_size(md_type);
     u = EVP_MD_size(md_type);
-    if (u < 0)
-        return 0;
+    if (u < 0 || v <= 0)
+        goto err;
     D = OPENSSL_malloc(v);
     Ai = OPENSSL_malloc(u);
     B = OPENSSL_malloc(v + 1);
@@ -150,9 +115,7 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
         Plen = 0;
     Ilen = Slen + Plen;
     I = OPENSSL_malloc(Ilen);
-    Ij = BN_new();
-    Bpl1 = BN_new();
-    if (!D || !Ai || !B || !I || !Ij || !Bpl1)
+    if (D == NULL || Ai == NULL || B == NULL || I == NULL)
         goto err;
     for (i = 0; i < v; i++)
         D[i] = id;
@@ -162,20 +125,20 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
     for (i = 0; i < Plen; i++)
         *p++ = pass[i % passlen];
     for (;;) {
-        if (!EVP_DigestInit_ex(&ctx, md_type, NULL)
-            || !EVP_DigestUpdate(&ctx, D, v)
-            || !EVP_DigestUpdate(&ctx, I, Ilen)
-            || !EVP_DigestFinal_ex(&ctx, Ai, NULL))
+        if (!EVP_DigestInit_ex(ctx, md_type, NULL)
+            || !EVP_DigestUpdate(ctx, D, v)
+            || !EVP_DigestUpdate(ctx, I, Ilen)
+            || !EVP_DigestFinal_ex(ctx, Ai, NULL))
             goto err;
         for (j = 1; j < iter; j++) {
-            if (!EVP_DigestInit_ex(&ctx, md_type, NULL)
-                || !EVP_DigestUpdate(&ctx, Ai, u)
-                || !EVP_DigestFinal_ex(&ctx, Ai, NULL))
+            if (!EVP_DigestInit_ex(ctx, md_type, NULL)
+                || !EVP_DigestUpdate(ctx, Ai, u)
+                || !EVP_DigestFinal_ex(ctx, Ai, NULL))
                 goto err;
         }
         memcpy(out, Ai, min(n, u));
         if (u >= n) {
-#ifdef DEBUG_KEYGEN
+#ifdef OPENSSL_DEBUG_KEYGEN
             fprintf(stderr, "Output KEY (length %d)\n", tmpn);
             h__dump(tmpout, tmpn);
 #endif
@@ -186,33 +149,17 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
         out += u;
         for (j = 0; j < v; j++)
             B[j] = Ai[j % u];
-        /* Work out B + 1 first then can use B as tmp space */
-        if (!BN_bin2bn(B, v, Bpl1))
-            goto err;
-        if (!BN_add_word(Bpl1, 1))
-            goto err;
         for (j = 0; j < Ilen; j += v) {
-            if (!BN_bin2bn(I + j, v, Ij))
-                goto err;
-            if (!BN_add(Ij, Ij, Bpl1))
-                goto err;
-            if (!BN_bn2bin(Ij, B))
-                goto err;
-            Ijlen = BN_num_bytes(Ij);
-            /* If more than 2^(v*8) - 1 cut off MSB */
-            if (Ijlen > v) {
-                if (!BN_bn2bin(Ij, B))
-                    goto err;
-                memcpy(I + j, B + 1, v);
-#ifndef PKCS12_BROKEN_KEYGEN
-                /* If less than v bytes pad with zeroes */
-            } else if (Ijlen < v) {
-                memset(I + j, 0, v - Ijlen);
-                if (!BN_bn2bin(Ij, I + j + v - Ijlen))
-                    goto err;
-#endif
-            } else if (!BN_bn2bin(Ij, I + j))
-                goto err;
+            int k;
+            unsigned char *Ij = I + j;
+            uint16_t c = 1;
+
+            /* Work out Ij = Ij + B + 1 */
+            for (k = v - 1; k >= 0; k--) {
+                c += Ij[k] + B[k];
+                Ij[k] = (unsigned char)c;
+                c >>= 8;
+            }
         }
     }
 
@@ -224,13 +171,11 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
     OPENSSL_free(B);
     OPENSSL_free(D);
     OPENSSL_free(I);
-    BN_free(Ij);
-    BN_free(Bpl1);
-    EVP_MD_CTX_cleanup(&ctx);
+    EVP_MD_CTX_free(ctx);
     return ret;
 }
 
-#ifdef DEBUG_KEYGEN
+#ifdef OPENSSL_DEBUG_KEYGEN
 void h__dump(unsigned char *p, int len)
 {
     for (; len--; p++)
diff --git a/freebsd/crypto/openssl/crypto/pkcs12/p12_kiss.c b/freebsd/crypto/openssl/crypto/pkcs12/p12_kiss.c
index 27cd87e1..9523a71c 100644
--- a/freebsd/crypto/openssl/crypto/pkcs12/p12_kiss.c
+++ b/freebsd/crypto/openssl/crypto/pkcs12/p12_kiss.c
@@ -1,66 +1,16 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* p12_kiss.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/pkcs12.h>
 
 /* Simplified PKCS#12 routines */
@@ -68,7 +18,7 @@
 static int parse_pk12(PKCS12 *p12, const char *pass, int passlen,
                       EVP_PKEY **pkey, STACK_OF(X509) *ocerts);
 
-static int parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
+static int parse_bags(const STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
                       int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts);
 
 static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
@@ -78,7 +28,7 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
  * Parse and decrypt a PKCS#12 structure returning user key, user cert and
  * other (CA) certs. Note either ca should be NULL, *ca should be NULL, or it
  * should point to a valid STACK structure. pkey and cert can be passed
- * unitialised.
+ * uninitialised.
  */
 
 int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
@@ -155,12 +105,10 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
                 goto err;
             x = NULL;
         }
-        if (x)
-            X509_free(x);
+        X509_free(x);
     }
 
-    if (ocerts)
-        sk_X509_pop_free(ocerts, X509_free);
+    sk_X509_pop_free(ocerts, X509_free);
 
     return 1;
 
@@ -174,10 +122,8 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
         X509_free(*cert);
         *cert = NULL;
     }
-    if (x)
-        X509_free(x);
-    if (ocerts)
-        sk_X509_pop_free(ocerts, X509_free);
+    X509_free(x);
+    sk_X509_pop_free(ocerts, X509_free);
     return 0;
 
 }
@@ -192,7 +138,7 @@ static int parse_pk12(PKCS12 *p12, const char *pass, int passlen,
     int i, bagnid;
     PKCS7 *p7;
 
-    if (!(asafes = PKCS12_unpack_authsafes(p12)))
+    if ((asafes = PKCS12_unpack_authsafes(p12)) == NULL)
         return 0;
     for (i = 0; i < sk_PKCS7_num(asafes); i++) {
         p7 = sk_PKCS7_value(asafes, i);
@@ -218,7 +164,7 @@ static int parse_pk12(PKCS12 *p12, const char *pass, int passlen,
     return 1;
 }
 
-static int parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
+static int parse_bags(const STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
                       int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts)
 {
     int i;
@@ -235,28 +181,29 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
 {
     PKCS8_PRIV_KEY_INFO *p8;
     X509 *x509;
-    ASN1_TYPE *attrib;
+    const ASN1_TYPE *attrib;
     ASN1_BMPSTRING *fname = NULL;
     ASN1_OCTET_STRING *lkid = NULL;
 
-    if ((attrib = PKCS12_get_attr(bag, NID_friendlyName)))
+    if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_friendlyName)))
         fname = attrib->value.bmpstring;
 
-    if ((attrib = PKCS12_get_attr(bag, NID_localKeyID)))
+    if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_localKeyID)))
         lkid = attrib->value.octet_string;
 
-    switch (M_PKCS12_bag_type(bag)) {
+    switch (PKCS12_SAFEBAG_get_nid(bag)) {
     case NID_keyBag:
         if (!pkey || *pkey)
             return 1;
-        if (!(*pkey = EVP_PKCS82PKEY(bag->value.keybag)))
+        *pkey = EVP_PKCS82PKEY(PKCS12_SAFEBAG_get0_p8inf(bag));
+        if (*pkey == NULL)
             return 0;
         break;
 
     case NID_pkcs8ShroudedKeyBag:
         if (!pkey || *pkey)
             return 1;
-        if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen)))
+        if ((p8 = PKCS12_decrypt_skey(bag, pass, passlen)) == NULL)
             return 0;
         *pkey = EVP_PKCS82PKEY(p8);
         PKCS8_PRIV_KEY_INFO_free(p8);
@@ -265,9 +212,9 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
         break;
 
     case NID_certBag:
-        if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate)
+        if (PKCS12_SAFEBAG_get_bag_nid(bag) != NID_x509Certificate)
             return 1;
-        if (!(x509 = PKCS12_certbag2x509(bag)))
+        if ((x509 = PKCS12_SAFEBAG_get1_cert(bag)) == NULL)
             return 0;
         if (lkid && !X509_keyid_set1(x509, lkid->data, lkid->length)) {
             X509_free(x509);
@@ -295,12 +242,11 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
         break;
 
     case NID_safeContentsBag:
-        return parse_bags(bag->value.safes, pass, passlen, pkey, ocerts);
-        break;
+        return parse_bags(PKCS12_SAFEBAG_get0_safes(bag), pass, passlen, pkey,
+                          ocerts);
 
     default:
         return 1;
-        break;
     }
     return 1;
 }
diff --git a/freebsd/crypto/openssl/crypto/pkcs12/p12_lcl.h b/freebsd/crypto/openssl/crypto/pkcs12/p12_lcl.h
new file mode 100644
index 00000000..0b52f1e1
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/pkcs12/p12_lcl.h
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+struct PKCS12_MAC_DATA_st {
+    X509_SIG *dinfo;
+    ASN1_OCTET_STRING *salt;
+    ASN1_INTEGER *iter;         /* defaults to 1 */
+};
+
+struct PKCS12_st {
+    ASN1_INTEGER *version;
+    PKCS12_MAC_DATA *mac;
+    PKCS7 *authsafes;
+};
+
+struct PKCS12_SAFEBAG_st {
+    ASN1_OBJECT *type;
+    union {
+        struct pkcs12_bag_st *bag; /* secret, crl and certbag */
+        struct pkcs8_priv_key_info_st *keybag; /* keybag */
+        X509_SIG *shkeybag;     /* shrouded key bag */
+        STACK_OF(PKCS12_SAFEBAG) *safes;
+        ASN1_TYPE *other;
+    } value;
+    STACK_OF(X509_ATTRIBUTE) *attrib;
+};
+
+struct pkcs12_bag_st {
+    ASN1_OBJECT *type;
+    union {
+        ASN1_OCTET_STRING *x509cert;
+        ASN1_OCTET_STRING *x509crl;
+        ASN1_OCTET_STRING *octet;
+        ASN1_IA5STRING *sdsicert;
+        ASN1_TYPE *other;       /* Secret or other bag */
+    } value;
+};
diff --git a/freebsd/crypto/openssl/crypto/pkcs12/p12_mutl.c b/freebsd/crypto/openssl/crypto/pkcs12/p12_mutl.c
index f8e9e8ff..04084aa8 100644
--- a/freebsd/crypto/openssl/crypto/pkcs12/p12_mutl.c
+++ b/freebsd/crypto/openssl/crypto/pkcs12/p12_mutl.c
@@ -1,81 +1,94 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* p12_mutl.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#ifndef OPENSSL_NO_HMAC
 # include <stdio.h>
-# include "cryptlib.h"
+# include "internal/cryptlib.h"
 # include <openssl/crypto.h>
 # include <openssl/hmac.h>
 # include <openssl/rand.h>
 # include <openssl/pkcs12.h>
+# include "p12_lcl.h"
+
+int PKCS12_mac_present(const PKCS12 *p12)
+{
+    return p12->mac ? 1 : 0;
+}
+
+void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac,
+                     const X509_ALGOR **pmacalg,
+                     const ASN1_OCTET_STRING **psalt,
+                     const ASN1_INTEGER **piter,
+                     const PKCS12 *p12)
+{
+    if (p12->mac) {
+        X509_SIG_get0(p12->mac->dinfo, pmacalg, pmac);
+        if (psalt)
+            *psalt = p12->mac->salt;
+        if (piter)
+            *piter = p12->mac->iter;
+    } else {
+        if (pmac)
+            *pmac = NULL;
+        if (pmacalg)
+            *pmacalg = NULL;
+        if (psalt)
+            *psalt = NULL;
+        if (piter)
+            *piter = NULL;
+    }
+}
+
+# define TK26_MAC_KEY_LEN 32
+
+static int pkcs12_gen_gost_mac_key(const char *pass, int passlen,
+                                   const unsigned char *salt, int saltlen,
+                                   int iter, int keylen, unsigned char *key,
+                                   const EVP_MD *digest)
+{
+    unsigned char out[96];
+
+    if (keylen != TK26_MAC_KEY_LEN) {
+        return 0;
+    }
+
+    if (!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter,
+                           digest, sizeof(out), out)) {
+        return 0;
+    }
+    memcpy(key, out + sizeof(out) - TK26_MAC_KEY_LEN, TK26_MAC_KEY_LEN);
+    OPENSSL_cleanse(out, sizeof(out));
+    return 1;
+}
 
 /* Generate a MAC */
-int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
-                   unsigned char *mac, unsigned int *maclen)
+static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
+                          unsigned char *mac, unsigned int *maclen,
+                          int (*pkcs12_key_gen)(const char *pass, int passlen,
+                                                unsigned char *salt, int slen,
+                                                int id, int iter, int n,
+                                                unsigned char *out,
+                                                const EVP_MD *md_type))
 {
+    int ret = 0;
     const EVP_MD *md_type;
-    HMAC_CTX hmac;
+    HMAC_CTX *hmac = NULL;
     unsigned char key[EVP_MAX_MD_SIZE], *salt;
     int saltlen, iter;
-    int md_size;
+    int md_size = 0;
+    int md_type_nid;
+    const X509_ALGOR *macalg;
+    const ASN1_OBJECT *macoid;
+
+    if (pkcs12_key_gen == NULL)
+        pkcs12_key_gen = PKCS12_key_gen_utf8;
 
     if (!PKCS7_type_is_data(p12->authsafes)) {
         PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_CONTENT_TYPE_NOT_DATA);
@@ -88,28 +101,51 @@ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
         iter = 1;
     else
         iter = ASN1_INTEGER_get(p12->mac->iter);
-    if (!(md_type = EVP_get_digestbyobj(p12->mac->dinfo->algor->algorithm))) {
+    X509_SIG_get0(p12->mac->dinfo, &macalg, NULL);
+    X509_ALGOR_get0(&macoid, NULL, NULL, macalg);
+    if ((md_type = EVP_get_digestbyobj(macoid)) == NULL) {
         PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM);
         return 0;
     }
     md_size = EVP_MD_size(md_type);
+    md_type_nid = EVP_MD_type(md_type);
     if (md_size < 0)
         return 0;
-    if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter,
-                        md_size, key, md_type)) {
+    if ((md_type_nid == NID_id_GostR3411_94
+         || md_type_nid == NID_id_GostR3411_2012_256
+         || md_type_nid == NID_id_GostR3411_2012_512)
+        && !getenv("LEGACY_GOST_PKCS12")) {
+        md_size = TK26_MAC_KEY_LEN;
+        if (!pkcs12_gen_gost_mac_key(pass, passlen, salt, saltlen, iter,
+                                     md_size, key, md_type)) {
+            PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR);
+            goto err;
+        }
+    } else
+        if (!(*pkcs12_key_gen)(pass, passlen, salt, saltlen, PKCS12_MAC_ID,
+                               iter, md_size, key, md_type)) {
         PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR);
-        return 0;
+        goto err;
     }
-    HMAC_CTX_init(&hmac);
-    if (!HMAC_Init_ex(&hmac, key, md_size, md_type, NULL)
-        || !HMAC_Update(&hmac, p12->authsafes->d.data->data,
+    if ((hmac = HMAC_CTX_new()) == NULL
+        || !HMAC_Init_ex(hmac, key, md_size, md_type, NULL)
+        || !HMAC_Update(hmac, p12->authsafes->d.data->data,
                         p12->authsafes->d.data->length)
-        || !HMAC_Final(&hmac, mac, maclen)) {
-        HMAC_CTX_cleanup(&hmac);
-        return 0;
+        || !HMAC_Final(hmac, mac, maclen)) {
+        goto err;
     }
-    HMAC_CTX_cleanup(&hmac);
-    return 1;
+    ret = 1;
+
+err:
+    OPENSSL_cleanse(key, sizeof(key));
+    HMAC_CTX_free(hmac);
+    return ret;
+}
+
+int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
+                   unsigned char *mac, unsigned int *maclen)
+{
+    return pkcs12_gen_mac(p12, pass, passlen, mac, maclen, NULL);
 }
 
 /* Verify the mac */
@@ -117,17 +153,22 @@ int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen)
 {
     unsigned char mac[EVP_MAX_MD_SIZE];
     unsigned int maclen;
+    const ASN1_OCTET_STRING *macoct;
+
     if (p12->mac == NULL) {
         PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_ABSENT);
         return 0;
     }
-    if (!PKCS12_gen_mac(p12, pass, passlen, mac, &maclen)) {
+    if (!pkcs12_gen_mac(p12, pass, passlen, mac, &maclen,
+                        PKCS12_key_gen_utf8)) {
         PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_GENERATION_ERROR);
         return 0;
     }
-    if ((maclen != (unsigned int)p12->mac->dinfo->digest->length)
-        || CRYPTO_memcmp(mac, p12->mac->dinfo->digest->data, maclen))
+    X509_SIG_get0(p12->mac->dinfo, NULL, &macoct);
+    if ((maclen != (unsigned int)ASN1_STRING_length(macoct))
+        || CRYPTO_memcmp(mac, ASN1_STRING_get0_data(macoct), maclen) != 0)
         return 0;
+
     return 1;
 }
 
@@ -139,6 +180,7 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
 {
     unsigned char mac[EVP_MAX_MD_SIZE];
     unsigned int maclen;
+    ASN1_OCTET_STRING *macoct;
 
     if (!md_type)
         md_type = EVP_sha1();
@@ -146,11 +188,16 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
         PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_SETUP_ERROR);
         return 0;
     }
-    if (!PKCS12_gen_mac(p12, pass, passlen, mac, &maclen)) {
+    /*
+     * Note that output mac is forced to UTF-8...
+     */
+    if (!pkcs12_gen_mac(p12, pass, passlen, mac, &maclen,
+                        PKCS12_key_gen_utf8)) {
         PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_GENERATION_ERROR);
         return 0;
     }
-    if (!(M_ASN1_OCTET_STRING_set(p12->mac->dinfo->digest, mac, maclen))) {
+    X509_SIG_getm(p12->mac->dinfo, NULL, &macoct);
+    if (!ASN1_OCTET_STRING_set(macoct, mac, maclen)) {
         PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_STRING_SET_ERROR);
         return 0;
     }
@@ -161,13 +208,15 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
 int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
                      const EVP_MD *md_type)
 {
+    X509_ALGOR *macalg;
+
     PKCS12_MAC_DATA_free(p12->mac);
     p12->mac = NULL;
 
     if ((p12->mac = PKCS12_MAC_DATA_new()) == NULL)
         return PKCS12_ERROR;
     if (iter > 1) {
-        if (!(p12->mac->iter = M_ASN1_INTEGER_new())) {
+        if ((p12->mac->iter = ASN1_INTEGER_new()) == NULL) {
             PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
             return 0;
         }
@@ -188,13 +237,12 @@ int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
             return 0;
     } else
         memcpy(p12->mac->salt->data, salt, saltlen);
-    p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type));
-    if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) {
+    X509_SIG_getm(p12->mac->dinfo, &macalg, NULL);
+    if (!X509_ALGOR_set0(macalg, OBJ_nid2obj(EVP_MD_type(md_type)),
+                         V_ASN1_NULL, NULL)) {
         PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
         return 0;
     }
-    p12->mac->dinfo->algor->parameter->type = V_ASN1_NULL;
 
     return 1;
 }
-#endif
diff --git a/freebsd/crypto/openssl/crypto/pkcs12/p12_npas.c b/freebsd/crypto/openssl/crypto/pkcs12/p12_npas.c
index c589179f..86dd91a8 100644
--- a/freebsd/crypto/openssl/crypto/pkcs12/p12_npas.c
+++ b/freebsd/crypto/openssl/crypto/pkcs12/p12_npas.c
@@ -1,62 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* p12_npas.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
@@ -65,6 +15,7 @@
 #include <openssl/pem.h>
 #include <openssl/err.h>
 #include <openssl/pkcs12.h>
+#include "p12_lcl.h"
 
 /* PKCS#12 password change routine */
 
@@ -73,7 +24,8 @@ static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *oldpass,
                         const char *newpass);
 static int newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass,
                         const char *newpass);
-static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen);
+static int alg_get(const X509_ALGOR *alg, int *pnid, int *piter,
+                   int *psaltlen);
 
 /*
  * Change the password on a PKCS#12 structure.
@@ -112,7 +64,7 @@ static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass)
     STACK_OF(PKCS12_SAFEBAG) *bags = NULL;
     int i, bagnid, pbe_nid = 0, pbe_iter = 0, pbe_saltlen = 0;
     PKCS7 *p7, *p7new;
-    ASN1_OCTET_STRING *p12_data_tmp = NULL;
+    ASN1_OCTET_STRING *p12_data_tmp = NULL, *macoct = NULL;
     unsigned char mac[EVP_MAX_MD_SIZE];
     unsigned int maclen;
     int rv = 0;
@@ -157,9 +109,11 @@ static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass)
         goto err;
     if (!PKCS12_pack_authsafes(p12, newsafes))
         goto err;
+
     if (!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen))
         goto err;
-    if (!ASN1_OCTET_STRING_set(p12->mac->dinfo->digest, mac, maclen))
+    X509_SIG_getm(p12->mac->dinfo, NULL, &macoct);
+    if (!ASN1_OCTET_STRING_set(macoct, mac, maclen))
         goto err;
 
     rv = 1;
@@ -197,13 +151,15 @@ static int newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass,
     PKCS8_PRIV_KEY_INFO *p8;
     X509_SIG *p8new;
     int p8_nid, p8_saltlen, p8_iter;
+    const X509_ALGOR *shalg;
 
-    if (M_PKCS12_bag_type(bag) != NID_pkcs8ShroudedKeyBag)
+    if (PKCS12_SAFEBAG_get_nid(bag) != NID_pkcs8ShroudedKeyBag)
         return 1;
 
-    if (!(p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1)))
+    if ((p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1)) == NULL)
         return 0;
-    if (!alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter, &p8_saltlen))
+    X509_SIG_get0(bag->value.shkeybag, &shalg, NULL);
+    if (!alg_get(shalg, &p8_nid, &p8_iter, &p8_saltlen))
         return 0;
     p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen,
                           p8_iter, p8);
@@ -215,13 +171,11 @@ static int newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass,
     return 1;
 }
 
-static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen)
+static int alg_get(const X509_ALGOR *alg, int *pnid, int *piter,
+                   int *psaltlen)
 {
     PBEPARAM *pbe;
-    const unsigned char *p;
-
-    p = alg->parameter->value.sequence->data;
-    pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);
+    pbe = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBEPARAM), alg->parameter);
     if (!pbe)
         return 0;
     *pnid = OBJ_obj2nid(alg->algorithm);
diff --git a/freebsd/crypto/openssl/crypto/pkcs12/p12_p8d.c b/freebsd/crypto/openssl/crypto/pkcs12/p12_p8d.c
index 9cec2805..608e19e6 100644
--- a/freebsd/crypto/openssl/crypto/pkcs12/p12_p8d.c
+++ b/freebsd/crypto/openssl/crypto/pkcs12/p12_p8d.c
@@ -1,72 +1,25 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* p12_p8d.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/pkcs12.h>
 
-PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass,
+PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(const X509_SIG *p8, const char *pass,
                                    int passlen)
 {
-    return PKCS12_item_decrypt_d2i(p8->algor,
+    const X509_ALGOR *dalg;
+    const ASN1_OCTET_STRING *doct;
+    X509_SIG_get0(p8, &dalg, &doct);
+    return PKCS12_item_decrypt_d2i(dalg,
                                    ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), pass,
-                                   passlen, p8->digest, 1);
+                                   passlen, doct, 1);
 }
diff --git a/freebsd/crypto/openssl/crypto/pkcs12/p12_p8e.c b/freebsd/crypto/openssl/crypto/pkcs12/p12_p8e.c
index b954f30c..0039b3e3 100644
--- a/freebsd/crypto/openssl/crypto/pkcs12/p12_p8e.c
+++ b/freebsd/crypto/openssl/crypto/pkcs12/p12_p8e.c
@@ -1,67 +1,18 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* p12_p8e.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/pkcs12.h>
+#include "internal/x509_int.h"
 
 X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
                         const char *pass, int passlen,
@@ -71,11 +22,6 @@ X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
     X509_SIG *p8 = NULL;
     X509_ALGOR *pbe;
 
-    if (!(p8 = X509_SIG_new())) {
-        PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
     if (pbe_nid == -1)
         pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen);
     else if (EVP_PBE_find(EVP_PBE_TYPE_PRF, pbe_nid, NULL, NULL, 0))
@@ -86,22 +32,40 @@ X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
     }
     if (!pbe) {
         PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_ASN1_LIB);
-        goto err;
+        return NULL;
     }
-    X509_ALGOR_free(p8->algor);
-    p8->algor = pbe;
-    M_ASN1_OCTET_STRING_free(p8->digest);
-    p8->digest =
+    p8 = PKCS8_set0_pbe(pass, passlen, p8inf, pbe);
+    if (p8 == NULL) {
+        X509_ALGOR_free(pbe);
+        return NULL;
+    }
+
+    return p8;
+}
+
+X509_SIG *PKCS8_set0_pbe(const char *pass, int passlen,
+                         PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe)
+{
+    X509_SIG *p8;
+    ASN1_OCTET_STRING *enckey;
+
+    enckey =
         PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO),
                                 pass, passlen, p8inf, 1);
-    if (!p8->digest) {
-        PKCS12err(PKCS12_F_PKCS8_ENCRYPT, PKCS12_R_ENCRYPT_ERROR);
-        goto err;
+    if (!enckey) {
+        PKCS12err(PKCS12_F_PKCS8_SET0_PBE, PKCS12_R_ENCRYPT_ERROR);
+        return NULL;
     }
 
-    return p8;
+    p8 = OPENSSL_zalloc(sizeof(*p8));
+
+    if (p8 == NULL) {
+        PKCS12err(PKCS12_F_PKCS8_SET0_PBE, ERR_R_MALLOC_FAILURE);
+        ASN1_OCTET_STRING_free(enckey);
+        return NULL;
+    }
+    p8->algor = pbe;
+    p8->digest = enckey;
 
- err:
-    X509_SIG_free(p8);
-    return NULL;
+    return p8;
 }
diff --git a/freebsd/crypto/openssl/crypto/pkcs12/p12_sbag.c b/freebsd/crypto/openssl/crypto/pkcs12/p12_sbag.c
new file mode 100644
index 00000000..2a08c815
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/pkcs12/p12_sbag.c
@@ -0,0 +1,164 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/pkcs12.h>
+#include "p12_lcl.h"
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+ASN1_TYPE *PKCS12_get_attr(const PKCS12_SAFEBAG *bag, int attr_nid)
+{
+    return PKCS12_get_attr_gen(bag->attrib, attr_nid);
+}
+#endif
+
+const ASN1_TYPE *PKCS12_SAFEBAG_get0_attr(const PKCS12_SAFEBAG *bag,
+                                          int attr_nid)
+{
+    return PKCS12_get_attr_gen(bag->attrib, attr_nid);
+}
+
+ASN1_TYPE *PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid)
+{
+    return PKCS12_get_attr_gen(PKCS8_pkey_get0_attrs(p8), attr_nid);
+}
+
+const PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(const PKCS12_SAFEBAG *bag)
+{
+    if (PKCS12_SAFEBAG_get_nid(bag) != NID_keyBag)
+        return NULL;
+    return bag->value.keybag;
+}
+
+const X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(const PKCS12_SAFEBAG *bag)
+{
+    if (OBJ_obj2nid(bag->type) != NID_pkcs8ShroudedKeyBag)
+        return NULL;
+    return bag->value.shkeybag;
+}
+
+const STACK_OF(PKCS12_SAFEBAG) *
+PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag)
+{
+    if (OBJ_obj2nid(bag->type) != NID_safeContentsBag)
+        return NULL;
+    return bag->value.safes;
+}
+
+const ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG *bag)
+{
+    return bag->type;
+}
+
+int PKCS12_SAFEBAG_get_nid(const PKCS12_SAFEBAG *bag)
+{
+    return OBJ_obj2nid(bag->type);
+}
+
+int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag)
+{
+    int btype = PKCS12_SAFEBAG_get_nid(bag);
+
+    if (btype != NID_certBag && btype != NID_crlBag && btype != NID_secretBag)
+        return -1;
+    return OBJ_obj2nid(bag->value.bag->type);
+}
+
+X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag)
+{
+    if (PKCS12_SAFEBAG_get_nid(bag) != NID_certBag)
+        return NULL;
+    if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Certificate)
+        return NULL;
+    return ASN1_item_unpack(bag->value.bag->value.octet,
+                            ASN1_ITEM_rptr(X509));
+}
+
+X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag)
+{
+    if (PKCS12_SAFEBAG_get_nid(bag) != NID_crlBag)
+        return NULL;
+    if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Crl)
+        return NULL;
+    return ASN1_item_unpack(bag->value.bag->value.octet,
+                            ASN1_ITEM_rptr(X509_CRL));
+}
+
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_cert(X509 *x509)
+{
+    return PKCS12_item_pack_safebag(x509, ASN1_ITEM_rptr(X509),
+                                    NID_x509Certificate, NID_certBag);
+}
+
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl)
+{
+    return PKCS12_item_pack_safebag(crl, ASN1_ITEM_rptr(X509_CRL),
+                                    NID_x509Crl, NID_crlBag);
+}
+
+/* Turn PKCS8 object into a keybag */
+
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8)
+{
+    PKCS12_SAFEBAG *bag = PKCS12_SAFEBAG_new();
+
+    if (bag == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    bag->type = OBJ_nid2obj(NID_keyBag);
+    bag->value.keybag = p8;
+    return bag;
+}
+
+/* Turn PKCS8 object into a shrouded keybag */
+
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8)
+{
+    PKCS12_SAFEBAG *bag = PKCS12_SAFEBAG_new();
+
+    /* Set up the safe bag */
+    if (bag == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
+    bag->value.shkeybag = p8;
+    return bag;
+}
+
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid,
+                                                    const char *pass,
+                                                    int passlen,
+                                                    unsigned char *salt,
+                                                    int saltlen, int iter,
+                                                    PKCS8_PRIV_KEY_INFO *p8inf)
+{
+    PKCS12_SAFEBAG *bag;
+    const EVP_CIPHER *pbe_ciph;
+    X509_SIG *p8;
+
+    pbe_ciph = EVP_get_cipherbynid(pbe_nid);
+    if (pbe_ciph)
+        pbe_nid = -1;
+
+    p8 = PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter,
+                       p8inf);
+    if (p8 == NULL)
+        return NULL;
+
+    bag = PKCS12_SAFEBAG_create0_pkcs8(p8);
+    if (bag == NULL)
+        X509_SIG_free(p8);
+
+    return bag;
+}
diff --git a/freebsd/crypto/openssl/crypto/pkcs12/p12_utl.c b/freebsd/crypto/openssl/crypto/pkcs12/p12_utl.c
index 39a462fb..bb8ff2fb 100644
--- a/freebsd/crypto/openssl/crypto/pkcs12/p12_utl.c
+++ b/freebsd/crypto/openssl/crypto/pkcs12/p12_utl.c
@@ -1,66 +1,16 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* p12_utl.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/pkcs12.h>
 
 /* Cheap and nasty Unicode stuff */
@@ -70,11 +20,14 @@ unsigned char *OPENSSL_asc2uni(const char *asc, int asclen,
 {
     int ulen, i;
     unsigned char *unitmp;
+
     if (asclen == -1)
         asclen = strlen(asc);
     ulen = asclen * 2 + 2;
-    if (!(unitmp = OPENSSL_malloc(ulen)))
+    if ((unitmp = OPENSSL_malloc(ulen)) == NULL) {
+        PKCS12err(PKCS12_F_OPENSSL_ASC2UNI, ERR_R_MALLOC_FAILURE);
         return NULL;
+    }
     for (i = 0; i < ulen - 2; i += 2) {
         unitmp[i] = 0;
         unitmp[i + 1] = asc[i >> 1];
@@ -89,11 +42,10 @@ unsigned char *OPENSSL_asc2uni(const char *asc, int asclen,
     return unitmp;
 }
 
-char *OPENSSL_uni2asc(unsigned char *uni, int unilen)
+char *OPENSSL_uni2asc(const unsigned char *uni, int unilen)
 {
     int asclen, i;
     char *asctmp;
-
     /* string must contain an even number of bytes */
     if (unilen & 1)
         return NULL;
@@ -102,66 +54,193 @@ char *OPENSSL_uni2asc(unsigned char *uni, int unilen)
     if (!unilen || uni[unilen - 1])
         asclen++;
     uni++;
-    if (!(asctmp = OPENSSL_malloc(asclen)))
+    if ((asctmp = OPENSSL_malloc(asclen)) == NULL) {
+        PKCS12err(PKCS12_F_OPENSSL_UNI2ASC, ERR_R_MALLOC_FAILURE);
         return NULL;
+    }
     for (i = 0; i < unilen; i += 2)
         asctmp[i >> 1] = uni[i];
     asctmp[asclen - 1] = 0;
     return asctmp;
 }
 
-int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12)
+/*
+ * OPENSSL_{utf82uni|uni2utf8} perform conversion between UTF-8 and
+ * PKCS#12 BMPString format, which is specified as big-endian UTF-16.
+ * One should keep in mind that even though BMPString is passed as
+ * unsigned char *, it's not the kind of string you can exercise e.g.
+ * strlen on. Caller also has to keep in mind that its length is
+ * expressed not in number of UTF-16 characters, but in number of
+ * bytes the string occupies, and treat it, the length, accordingly.
+ */
+unsigned char *OPENSSL_utf82uni(const char *asc, int asclen,
+                                unsigned char **uni, int *unilen)
 {
-    return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS12), bp, p12);
-}
+    int ulen, i, j;
+    unsigned char *unitmp, *ret;
+    unsigned long utf32chr = 0;
 
-#ifndef OPENSSL_NO_FP_API
-int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12)
-{
-    return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS12), fp, p12);
+    if (asclen == -1)
+        asclen = strlen(asc);
+
+    for (ulen = 0, i = 0; i < asclen; i += j) {
+        j = UTF8_getc((const unsigned char *)asc+i, asclen-i, &utf32chr);
+
+        /*
+         * Following condition is somewhat opportunistic is sense that
+         * decoding failure is used as *indirect* indication that input
+         * string might in fact be extended ASCII/ANSI/ISO-8859-X. The
+         * fallback is taken in hope that it would allow to process
+         * files created with previous OpenSSL version, which used the
+         * naive OPENSSL_asc2uni all along. It might be worth noting
+         * that probability of false positive depends on language. In
+         * cases covered by ISO Latin 1 probability is very low, because
+         * any printable non-ASCII alphabet letter followed by another
+         * or any ASCII character will trigger failure and fallback.
+         * In other cases situation can be intensified by the fact that
+         * English letters are not part of alternative keyboard layout,
+         * but even then there should be plenty of pairs that trigger
+         * decoding failure...
+         */
+        if (j < 0)
+            return OPENSSL_asc2uni(asc, asclen, uni, unilen);
+
+        if (utf32chr > 0x10FFFF)        /* UTF-16 cap */
+            return NULL;
+
+        if (utf32chr >= 0x10000)        /* pair of UTF-16 characters */
+            ulen += 2*2;
+        else                            /* or just one */
+            ulen += 2;
+    }
+
+    ulen += 2;  /* for trailing UTF16 zero */
+
+    if ((ret = OPENSSL_malloc(ulen)) == NULL) {
+        PKCS12err(PKCS12_F_OPENSSL_UTF82UNI, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    /* re-run the loop writing down UTF-16 characters in big-endian order */
+    for (unitmp = ret, i = 0; i < asclen; i += j) {
+        j = UTF8_getc((const unsigned char *)asc+i, asclen-i, &utf32chr);
+        if (utf32chr >= 0x10000) {      /* pair if UTF-16 characters */
+            unsigned int hi, lo;
+
+            utf32chr -= 0x10000;
+            hi = 0xD800 + (utf32chr>>10);
+            lo = 0xDC00 + (utf32chr&0x3ff);
+            *unitmp++ = (unsigned char)(hi>>8);
+            *unitmp++ = (unsigned char)(hi);
+            *unitmp++ = (unsigned char)(lo>>8);
+            *unitmp++ = (unsigned char)(lo);
+        } else {                        /* or just one */
+            *unitmp++ = (unsigned char)(utf32chr>>8);
+            *unitmp++ = (unsigned char)(utf32chr);
+        }
+    }
+    /* Make result double null terminated */
+    *unitmp++ = 0;
+    *unitmp++ = 0;
+    if (unilen)
+        *unilen = ulen;
+    if (uni)
+        *uni = ret;
+    return ret;
 }
-#endif
 
-PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12)
+static int bmp_to_utf8(char *str, const unsigned char *utf16, int len)
 {
-    return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS12), bp, p12);
+    unsigned long utf32chr;
+
+    if (len == 0) return 0;
+
+    if (len < 2) return -1;
+
+    /* pull UTF-16 character in big-endian order */
+    utf32chr = (utf16[0]<<8) | utf16[1];
+
+    if (utf32chr >= 0xD800 && utf32chr < 0xE000) {   /* two chars */
+        unsigned int lo;
+
+        if (len < 4) return -1;
+
+        utf32chr -= 0xD800;
+        utf32chr <<= 10;
+        lo = (utf16[2]<<8) | utf16[3];
+        if (lo < 0xDC00 || lo >= 0xE000) return -1;
+        utf32chr |= lo-0xDC00;
+        utf32chr += 0x10000;
+    }
+
+    return UTF8_putc((unsigned char *)str, len > 4 ? 4 : len, utf32chr);
 }
 
-#ifndef OPENSSL_NO_FP_API
-PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12)
+char *OPENSSL_uni2utf8(const unsigned char *uni, int unilen)
 {
-    return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS12), fp, p12);
+    int asclen, i, j;
+    char *asctmp;
+
+    /* string must contain an even number of bytes */
+    if (unilen & 1)
+        return NULL;
+
+    for (asclen = 0, i = 0; i < unilen; ) {
+        j = bmp_to_utf8(NULL, uni+i, unilen-i);
+        /*
+         * falling back to OPENSSL_uni2asc makes lesser sense [than
+         * falling back to OPENSSL_asc2uni in OPENSSL_utf82uni above],
+         * it's done rather to maintain symmetry...
+         */
+        if (j < 0) return OPENSSL_uni2asc(uni, unilen);
+        if (j == 4) i += 4;
+        else        i += 2;
+        asclen += j;
+    }
+
+    /* If no terminating zero allow for one */
+    if (!unilen || (uni[unilen-2]||uni[unilen - 1]))
+        asclen++;
+
+    if ((asctmp = OPENSSL_malloc(asclen)) == NULL) {
+        PKCS12err(PKCS12_F_OPENSSL_UNI2UTF8, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    /* re-run the loop emitting UTF-8 string */
+    for (asclen = 0, i = 0; i < unilen; ) {
+        j = bmp_to_utf8(asctmp+asclen, uni+i, unilen-i);
+        if (j == 4) i += 4;
+        else        i += 2;
+        asclen += j;
+    }
+
+    /* If no terminating zero write one */
+    if (!unilen || (uni[unilen-2]||uni[unilen - 1]))
+        asctmp[asclen] = '\0';
+
+    return asctmp;
 }
-#endif
 
-PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509)
+int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12)
 {
-    return PKCS12_item_pack_safebag(x509, ASN1_ITEM_rptr(X509),
-                                    NID_x509Certificate, NID_certBag);
+    return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS12), bp, p12);
 }
 
-PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl)
+#ifndef OPENSSL_NO_STDIO
+int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12)
 {
-    return PKCS12_item_pack_safebag(crl, ASN1_ITEM_rptr(X509_CRL),
-                                    NID_x509Crl, NID_crlBag);
+    return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS12), fp, p12);
 }
+#endif
 
-X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag)
+PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12)
 {
-    if (M_PKCS12_bag_type(bag) != NID_certBag)
-        return NULL;
-    if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate)
-        return NULL;
-    return ASN1_item_unpack(bag->value.bag->value.octet,
-                            ASN1_ITEM_rptr(X509));
+    return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS12), bp, p12);
 }
 
-X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag)
+#ifndef OPENSSL_NO_STDIO
+PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12)
 {
-    if (M_PKCS12_bag_type(bag) != NID_crlBag)
-        return NULL;
-    if (M_PKCS12_cert_bag_type(bag) != NID_x509Crl)
-        return NULL;
-    return ASN1_item_unpack(bag->value.bag->value.octet,
-                            ASN1_ITEM_rptr(X509_CRL));
+    return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS12), fp, p12);
 }
+#endif
diff --git a/freebsd/crypto/openssl/crypto/pkcs12/pk12err.c b/freebsd/crypto/openssl/crypto/pkcs12/pk12err.c
index 171a4077..017db170 100644
--- a/freebsd/crypto/openssl/crypto/pkcs12/pk12err.c
+++ b/freebsd/crypto/openssl/crypto/pkcs12/pk12err.c
@@ -1,151 +1,119 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/pkcs12/pk12err.c */
-/* ====================================================================
- * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
 /*
- * NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
-#include <openssl/pkcs12.h>
+#include <openssl/pkcs12err.h>
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS12,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS12,0,reason)
-
-static ERR_STRING_DATA PKCS12_str_functs[] = {
-    {ERR_FUNC(PKCS12_F_PARSE_BAG), "PARSE_BAG"},
-    {ERR_FUNC(PKCS12_F_PARSE_BAGS), "PARSE_BAGS"},
-    {ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME), "PKCS12_ADD_FRIENDLYNAME"},
-    {ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC),
-     "PKCS12_add_friendlyname_asc"},
-    {ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI),
-     "PKCS12_add_friendlyname_uni"},
-    {ERR_FUNC(PKCS12_F_PKCS12_ADD_LOCALKEYID), "PKCS12_add_localkeyid"},
-    {ERR_FUNC(PKCS12_F_PKCS12_CREATE), "PKCS12_create"},
-    {ERR_FUNC(PKCS12_F_PKCS12_GEN_MAC), "PKCS12_gen_mac"},
-    {ERR_FUNC(PKCS12_F_PKCS12_INIT), "PKCS12_init"},
-    {ERR_FUNC(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I), "PKCS12_item_decrypt_d2i"},
-    {ERR_FUNC(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT), "PKCS12_item_i2d_encrypt"},
-    {ERR_FUNC(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG), "PKCS12_item_pack_safebag"},
-    {ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_ASC), "PKCS12_key_gen_asc"},
-    {ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_UNI), "PKCS12_key_gen_uni"},
-    {ERR_FUNC(PKCS12_F_PKCS12_MAKE_KEYBAG), "PKCS12_MAKE_KEYBAG"},
-    {ERR_FUNC(PKCS12_F_PKCS12_MAKE_SHKEYBAG), "PKCS12_MAKE_SHKEYBAG"},
-    {ERR_FUNC(PKCS12_F_PKCS12_NEWPASS), "PKCS12_newpass"},
-    {ERR_FUNC(PKCS12_F_PKCS12_PACK_P7DATA), "PKCS12_pack_p7data"},
-    {ERR_FUNC(PKCS12_F_PKCS12_PACK_P7ENCDATA), "PKCS12_pack_p7encdata"},
-    {ERR_FUNC(PKCS12_F_PKCS12_PARSE), "PKCS12_parse"},
-    {ERR_FUNC(PKCS12_F_PKCS12_PBE_CRYPT), "PKCS12_pbe_crypt"},
-    {ERR_FUNC(PKCS12_F_PKCS12_PBE_KEYIVGEN), "PKCS12_PBE_keyivgen"},
-    {ERR_FUNC(PKCS12_F_PKCS12_SETUP_MAC), "PKCS12_setup_mac"},
-    {ERR_FUNC(PKCS12_F_PKCS12_SET_MAC), "PKCS12_set_mac"},
-    {ERR_FUNC(PKCS12_F_PKCS12_UNPACK_AUTHSAFES), "PKCS12_unpack_authsafes"},
-    {ERR_FUNC(PKCS12_F_PKCS12_UNPACK_P7DATA), "PKCS12_unpack_p7data"},
-    {ERR_FUNC(PKCS12_F_PKCS12_VERIFY_MAC), "PKCS12_verify_mac"},
-    {ERR_FUNC(PKCS12_F_PKCS8_ADD_KEYUSAGE), "PKCS8_add_keyusage"},
-    {ERR_FUNC(PKCS12_F_PKCS8_ENCRYPT), "PKCS8_encrypt"},
+static const ERR_STRING_DATA PKCS12_str_functs[] = {
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_OPENSSL_ASC2UNI, 0), "OPENSSL_asc2uni"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_OPENSSL_UNI2ASC, 0), "OPENSSL_uni2asc"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_OPENSSL_UNI2UTF8, 0),
+     "OPENSSL_uni2utf8"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_OPENSSL_UTF82UNI, 0),
+     "OPENSSL_utf82uni"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_CREATE, 0), "PKCS12_create"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_GEN_MAC, 0), "PKCS12_gen_mac"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_INIT, 0), "PKCS12_init"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_ITEM_DECRYPT_D2I, 0),
+     "PKCS12_item_decrypt_d2i"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, 0),
+     "PKCS12_item_i2d_encrypt"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, 0),
+     "PKCS12_item_pack_safebag"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_KEY_GEN_ASC, 0),
+     "PKCS12_key_gen_asc"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_KEY_GEN_UNI, 0),
+     "PKCS12_key_gen_uni"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_KEY_GEN_UTF8, 0),
+     "PKCS12_key_gen_utf8"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_NEWPASS, 0), "PKCS12_newpass"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_PACK_P7DATA, 0),
+     "PKCS12_pack_p7data"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_PACK_P7ENCDATA, 0),
+     "PKCS12_pack_p7encdata"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_PARSE, 0), "PKCS12_parse"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_PBE_CRYPT, 0),
+     "PKCS12_pbe_crypt"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_PBE_KEYIVGEN, 0),
+     "PKCS12_PBE_keyivgen"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF, 0),
+     "PKCS12_SAFEBAG_create0_p8inf"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8, 0),
+     "PKCS12_SAFEBAG_create0_pkcs8"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT, 0),
+     "PKCS12_SAFEBAG_create_pkcs8_encrypt"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_SETUP_MAC, 0),
+     "PKCS12_setup_mac"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_SET_MAC, 0), "PKCS12_set_mac"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_UNPACK_AUTHSAFES, 0),
+     "PKCS12_unpack_authsafes"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_UNPACK_P7DATA, 0),
+     "PKCS12_unpack_p7data"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_VERIFY_MAC, 0),
+     "PKCS12_verify_mac"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS8_ENCRYPT, 0), "PKCS8_encrypt"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS8_SET0_PBE, 0), "PKCS8_set0_pbe"},
     {0, NULL}
 };
 
-static ERR_STRING_DATA PKCS12_str_reasons[] = {
-    {ERR_REASON(PKCS12_R_CANT_PACK_STRUCTURE), "cant pack structure"},
-    {ERR_REASON(PKCS12_R_CONTENT_TYPE_NOT_DATA), "content type not data"},
-    {ERR_REASON(PKCS12_R_DECODE_ERROR), "decode error"},
-    {ERR_REASON(PKCS12_R_ENCODE_ERROR), "encode error"},
-    {ERR_REASON(PKCS12_R_ENCRYPT_ERROR), "encrypt error"},
-    {ERR_REASON(PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE),
-     "error setting encrypted data type"},
-    {ERR_REASON(PKCS12_R_INVALID_NULL_ARGUMENT), "invalid null argument"},
-    {ERR_REASON(PKCS12_R_INVALID_NULL_PKCS12_POINTER),
-     "invalid null pkcs12 pointer"},
-    {ERR_REASON(PKCS12_R_IV_GEN_ERROR), "iv gen error"},
-    {ERR_REASON(PKCS12_R_KEY_GEN_ERROR), "key gen error"},
-    {ERR_REASON(PKCS12_R_MAC_ABSENT), "mac absent"},
-    {ERR_REASON(PKCS12_R_MAC_GENERATION_ERROR), "mac generation error"},
-    {ERR_REASON(PKCS12_R_MAC_SETUP_ERROR), "mac setup error"},
-    {ERR_REASON(PKCS12_R_MAC_STRING_SET_ERROR), "mac string set error"},
-    {ERR_REASON(PKCS12_R_MAC_VERIFY_ERROR), "mac verify error"},
-    {ERR_REASON(PKCS12_R_MAC_VERIFY_FAILURE), "mac verify failure"},
-    {ERR_REASON(PKCS12_R_PARSE_ERROR), "parse error"},
-    {ERR_REASON(PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR),
-     "pkcs12 algor cipherinit error"},
-    {ERR_REASON(PKCS12_R_PKCS12_CIPHERFINAL_ERROR),
-     "pkcs12 cipherfinal error"},
-    {ERR_REASON(PKCS12_R_PKCS12_PBE_CRYPT_ERROR), "pkcs12 pbe crypt error"},
-    {ERR_REASON(PKCS12_R_UNKNOWN_DIGEST_ALGORITHM),
-     "unknown digest algorithm"},
-    {ERR_REASON(PKCS12_R_UNSUPPORTED_PKCS12_MODE), "unsupported pkcs12 mode"},
+static const ERR_STRING_DATA PKCS12_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_CANT_PACK_STRUCTURE),
+    "cant pack structure"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_CONTENT_TYPE_NOT_DATA),
+    "content type not data"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_DECODE_ERROR), "decode error"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_ENCODE_ERROR), "encode error"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_ENCRYPT_ERROR), "encrypt error"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE),
+    "error setting encrypted data type"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_INVALID_NULL_ARGUMENT),
+    "invalid null argument"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_INVALID_NULL_PKCS12_POINTER),
+    "invalid null pkcs12 pointer"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_IV_GEN_ERROR), "iv gen error"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_KEY_GEN_ERROR), "key gen error"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_MAC_ABSENT), "mac absent"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_MAC_GENERATION_ERROR),
+    "mac generation error"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_MAC_SETUP_ERROR), "mac setup error"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_MAC_STRING_SET_ERROR),
+    "mac string set error"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_MAC_VERIFY_FAILURE),
+    "mac verify failure"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_PARSE_ERROR), "parse error"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR),
+    "pkcs12 algor cipherinit error"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_PKCS12_CIPHERFINAL_ERROR),
+    "pkcs12 cipherfinal error"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_PKCS12_PBE_CRYPT_ERROR),
+    "pkcs12 pbe crypt error"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM),
+    "unknown digest algorithm"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_UNSUPPORTED_PKCS12_MODE),
+    "unsupported pkcs12 mode"},
     {0, NULL}
 };
 
 #endif
 
-void ERR_load_PKCS12_strings(void)
+int ERR_load_PKCS12_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
-
     if (ERR_func_error_string(PKCS12_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, PKCS12_str_functs);
-        ERR_load_strings(0, PKCS12_str_reasons);
+        ERR_load_strings_const(PKCS12_str_functs);
+        ERR_load_strings_const(PKCS12_str_reasons);
     }
 #endif
+    return 1;
 }
diff --git a/freebsd/crypto/openssl/crypto/pkcs12/pkcs12.h b/freebsd/crypto/openssl/crypto/pkcs12/pkcs12.h
deleted file mode 100644
index 21f1f62b..00000000
--- a/freebsd/crypto/openssl/crypto/pkcs12/pkcs12.h
+++ /dev/null
@@ -1,342 +0,0 @@
-/* pkcs12.h */
-/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_PKCS12_H
-# define HEADER_PKCS12_H
-
-# include <openssl/bio.h>
-# include <openssl/x509.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-# define PKCS12_KEY_ID   1
-# define PKCS12_IV_ID    2
-# define PKCS12_MAC_ID   3
-
-/* Default iteration count */
-# ifndef PKCS12_DEFAULT_ITER
-#  define PKCS12_DEFAULT_ITER     PKCS5_DEFAULT_ITER
-# endif
-
-# define PKCS12_MAC_KEY_LENGTH 20
-
-# define PKCS12_SALT_LEN 8
-
-/* Uncomment out next line for unicode password and names, otherwise ASCII */
-
-/*
- * #define PBE_UNICODE
- */
-
-# ifdef PBE_UNICODE
-#  define PKCS12_key_gen PKCS12_key_gen_uni
-#  define PKCS12_add_friendlyname PKCS12_add_friendlyname_uni
-# else
-#  define PKCS12_key_gen PKCS12_key_gen_asc
-#  define PKCS12_add_friendlyname PKCS12_add_friendlyname_asc
-# endif
-
-/* MS key usage constants */
-
-# define KEY_EX  0x10
-# define KEY_SIG 0x80
-
-typedef struct {
-    X509_SIG *dinfo;
-    ASN1_OCTET_STRING *salt;
-    ASN1_INTEGER *iter;         /* defaults to 1 */
-} PKCS12_MAC_DATA;
-
-typedef struct {
-    ASN1_INTEGER *version;
-    PKCS12_MAC_DATA *mac;
-    PKCS7 *authsafes;
-} PKCS12;
-
-typedef struct {
-    ASN1_OBJECT *type;
-    union {
-        struct pkcs12_bag_st *bag; /* secret, crl and certbag */
-        struct pkcs8_priv_key_info_st *keybag; /* keybag */
-        X509_SIG *shkeybag;     /* shrouded key bag */
-        STACK_OF(PKCS12_SAFEBAG) *safes;
-        ASN1_TYPE *other;
-    } value;
-    STACK_OF(X509_ATTRIBUTE) *attrib;
-} PKCS12_SAFEBAG;
-
-DECLARE_STACK_OF(PKCS12_SAFEBAG)
-DECLARE_ASN1_SET_OF(PKCS12_SAFEBAG)
-DECLARE_PKCS12_STACK_OF(PKCS12_SAFEBAG)
-
-typedef struct pkcs12_bag_st {
-    ASN1_OBJECT *type;
-    union {
-        ASN1_OCTET_STRING *x509cert;
-        ASN1_OCTET_STRING *x509crl;
-        ASN1_OCTET_STRING *octet;
-        ASN1_IA5STRING *sdsicert;
-        ASN1_TYPE *other;       /* Secret or other bag */
-    } value;
-} PKCS12_BAGS;
-
-# define PKCS12_ERROR    0
-# define PKCS12_OK       1
-
-/* Compatibility macros */
-
-# define M_PKCS12_x5092certbag PKCS12_x5092certbag
-# define M_PKCS12_x509crl2certbag PKCS12_x509crl2certbag
-
-# define M_PKCS12_certbag2x509 PKCS12_certbag2x509
-# define M_PKCS12_certbag2x509crl PKCS12_certbag2x509crl
-
-# define M_PKCS12_unpack_p7data PKCS12_unpack_p7data
-# define M_PKCS12_pack_authsafes PKCS12_pack_authsafes
-# define M_PKCS12_unpack_authsafes PKCS12_unpack_authsafes
-# define M_PKCS12_unpack_p7encdata PKCS12_unpack_p7encdata
-
-# define M_PKCS12_decrypt_skey PKCS12_decrypt_skey
-# define M_PKCS8_decrypt PKCS8_decrypt
-
-# define M_PKCS12_bag_type(bg) OBJ_obj2nid((bg)->type)
-# define M_PKCS12_cert_bag_type(bg) OBJ_obj2nid((bg)->value.bag->type)
-# define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type
-
-# define PKCS12_get_attr(bag, attr_nid) \
-                         PKCS12_get_attr_gen(bag->attrib, attr_nid)
-
-# define PKCS8_get_attr(p8, attr_nid) \
-                PKCS12_get_attr_gen(p8->attributes, attr_nid)
-
-# define PKCS12_mac_present(p12) ((p12)->mac ? 1 : 0)
-
-PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509);
-PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl);
-X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag);
-X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag);
-
-PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it,
-                                         int nid1, int nid2);
-PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8);
-PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass,
-                                   int passlen);
-PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag,
-                                         const char *pass, int passlen);
-X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
-                        const char *pass, int passlen, unsigned char *salt,
-                        int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8);
-PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
-                                     int passlen, unsigned char *salt,
-                                     int saltlen, int iter,
-                                     PKCS8_PRIV_KEY_INFO *p8);
-PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk);
-STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7);
-PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
-                             unsigned char *salt, int saltlen, int iter,
-                             STACK_OF(PKCS12_SAFEBAG) *bags);
-STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass,
-                                                  int passlen);
-
-int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes);
-STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12);
-
-int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name,
-                          int namelen);
-int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,
-                                int namelen);
-int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name,
-                           int namelen);
-int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag,
-                                const unsigned char *name, int namelen);
-int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage);
-ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid);
-char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
-unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
-                                int passlen, unsigned char *in, int inlen,
-                                unsigned char **data, int *datalen,
-                                int en_de);
-void *PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
-                              const char *pass, int passlen,
-                              ASN1_OCTET_STRING *oct, int zbuf);
-ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor,
-                                           const ASN1_ITEM *it,
-                                           const char *pass, int passlen,
-                                           void *obj, int zbuf);
-PKCS12 *PKCS12_init(int mode);
-int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
-                       int saltlen, int id, int iter, int n,
-                       unsigned char *out, const EVP_MD *md_type);
-int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
-                       int saltlen, int id, int iter, int n,
-                       unsigned char *out, const EVP_MD *md_type);
-int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
-                        ASN1_TYPE *param, const EVP_CIPHER *cipher,
-                        const EVP_MD *md_type, int en_de);
-int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
-                   unsigned char *mac, unsigned int *maclen);
-int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen);
-int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
-                   unsigned char *salt, int saltlen, int iter,
-                   const EVP_MD *md_type);
-int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt,
-                     int saltlen, const EVP_MD *md_type);
-unsigned char *OPENSSL_asc2uni(const char *asc, int asclen,
-                               unsigned char **uni, int *unilen);
-char *OPENSSL_uni2asc(unsigned char *uni, int unilen);
-
-DECLARE_ASN1_FUNCTIONS(PKCS12)
-DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA)
-DECLARE_ASN1_FUNCTIONS(PKCS12_SAFEBAG)
-DECLARE_ASN1_FUNCTIONS(PKCS12_BAGS)
-
-DECLARE_ASN1_ITEM(PKCS12_SAFEBAGS)
-DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES)
-
-void PKCS12_PBE_add(void);
-int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
-                 STACK_OF(X509) **ca);
-PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
-                      STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter,
-                      int mac_iter, int keytype);
-
-PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
-PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
-                               EVP_PKEY *key, int key_usage, int iter,
-                               int key_nid, char *pass);
-int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
-                    int safe_nid, int iter, char *pass);
-PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid);
-
-int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12);
-int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12);
-PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12);
-PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12);
-int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass);
-
-/* BEGIN ERROR CODES */
-/*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_PKCS12_strings(void);
-
-/* Error codes for the PKCS12 functions. */
-
-/* Function codes. */
-# define PKCS12_F_PARSE_BAG                               129
-# define PKCS12_F_PARSE_BAGS                              103
-# define PKCS12_F_PKCS12_ADD_FRIENDLYNAME                 100
-# define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC             127
-# define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI             102
-# define PKCS12_F_PKCS12_ADD_LOCALKEYID                   104
-# define PKCS12_F_PKCS12_CREATE                           105
-# define PKCS12_F_PKCS12_GEN_MAC                          107
-# define PKCS12_F_PKCS12_INIT                             109
-# define PKCS12_F_PKCS12_ITEM_DECRYPT_D2I                 106
-# define PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT                 108
-# define PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG                117
-# define PKCS12_F_PKCS12_KEY_GEN_ASC                      110
-# define PKCS12_F_PKCS12_KEY_GEN_UNI                      111
-# define PKCS12_F_PKCS12_MAKE_KEYBAG                      112
-# define PKCS12_F_PKCS12_MAKE_SHKEYBAG                    113
-# define PKCS12_F_PKCS12_NEWPASS                          128
-# define PKCS12_F_PKCS12_PACK_P7DATA                      114
-# define PKCS12_F_PKCS12_PACK_P7ENCDATA                   115
-# define PKCS12_F_PKCS12_PARSE                            118
-# define PKCS12_F_PKCS12_PBE_CRYPT                        119
-# define PKCS12_F_PKCS12_PBE_KEYIVGEN                     120
-# define PKCS12_F_PKCS12_SETUP_MAC                        122
-# define PKCS12_F_PKCS12_SET_MAC                          123
-# define PKCS12_F_PKCS12_UNPACK_AUTHSAFES                 130
-# define PKCS12_F_PKCS12_UNPACK_P7DATA                    131
-# define PKCS12_F_PKCS12_VERIFY_MAC                       126
-# define PKCS12_F_PKCS8_ADD_KEYUSAGE                      124
-# define PKCS12_F_PKCS8_ENCRYPT                           125
-
-/* Reason codes. */
-# define PKCS12_R_CANT_PACK_STRUCTURE                     100
-# define PKCS12_R_CONTENT_TYPE_NOT_DATA                   121
-# define PKCS12_R_DECODE_ERROR                            101
-# define PKCS12_R_ENCODE_ERROR                            102
-# define PKCS12_R_ENCRYPT_ERROR                           103
-# define PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE       120
-# define PKCS12_R_INVALID_NULL_ARGUMENT                   104
-# define PKCS12_R_INVALID_NULL_PKCS12_POINTER             105
-# define PKCS12_R_IV_GEN_ERROR                            106
-# define PKCS12_R_KEY_GEN_ERROR                           107
-# define PKCS12_R_MAC_ABSENT                              108
-# define PKCS12_R_MAC_GENERATION_ERROR                    109
-# define PKCS12_R_MAC_SETUP_ERROR                         110
-# define PKCS12_R_MAC_STRING_SET_ERROR                    111
-# define PKCS12_R_MAC_VERIFY_ERROR                        112
-# define PKCS12_R_MAC_VERIFY_FAILURE                      113
-# define PKCS12_R_PARSE_ERROR                             114
-# define PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR           115
-# define PKCS12_R_PKCS12_CIPHERFINAL_ERROR                116
-# define PKCS12_R_PKCS12_PBE_CRYPT_ERROR                  117
-# define PKCS12_R_UNKNOWN_DIGEST_ALGORITHM                118
-# define PKCS12_R_UNSUPPORTED_PKCS12_MODE                 119
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/freebsd/crypto/openssl/crypto/pkcs7/bio_pk7.c b/freebsd/crypto/openssl/crypto/pkcs7/bio_pk7.c
index 260fee53..522764fc 100644
--- a/freebsd/crypto/openssl/crypto/pkcs7/bio_pk7.c
+++ b/freebsd/crypto/openssl/crypto/pkcs7/bio_pk7.c
@@ -1,65 +1,19 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* bio_pk7.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/asn1.h>
 #include <openssl/pkcs7.h>
 #include <openssl/bio.h>
 
-#if !defined(OPENSSL_SYSNAME_NETWARE) && !defined(OPENSSL_SYSNAME_VXWORKS)
+#if !defined(OPENSSL_SYS_VXWORKS)
 # include <memory.h>
 #endif
 #include <stdio.h>
diff --git a/freebsd/crypto/openssl/crypto/pkcs7/pk7_asn1.c b/freebsd/crypto/openssl/crypto/pkcs7/pk7_asn1.c
index 7ab744ab..7a3778da 100644
--- a/freebsd/crypto/openssl/crypto/pkcs7/pk7_asn1.c
+++ b/freebsd/crypto/openssl/crypto/pkcs7/pk7_asn1.c
@@ -1,66 +1,16 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* pk7_asn.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/pkcs7.h>
 #include <openssl/x509.h>
@@ -92,6 +42,7 @@ static int pk7_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
     case ASN1_OP_STREAM_PRE:
         if (PKCS7_stream(&sarg->boundary, *pp7) <= 0)
             return 0;
+        /* fall thru */
     case ASN1_OP_DETACHED_PRE:
         sarg->ndef_bio = PKCS7_dataInit(*pp7, sarg->out);
         if (!sarg->ndef_bio)
diff --git a/freebsd/crypto/openssl/crypto/pkcs7/pk7_attr.c b/freebsd/crypto/openssl/crypto/pkcs7/pk7_attr.c
index b2ed0b6a..6d6923b4 100644
--- a/freebsd/crypto/openssl/crypto/pkcs7/pk7_attr.c
+++ b/freebsd/crypto/openssl/crypto/pkcs7/pk7_attr.c
@@ -1,62 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* pk7_attr.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001-2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
@@ -73,7 +23,8 @@ int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si,
                               STACK_OF(X509_ALGOR) *cap)
 {
     ASN1_STRING *seq;
-    if (!(seq = ASN1_STRING_new())) {
+
+    if ((seq = ASN1_STRING_new()) == NULL) {
         PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP, ERR_R_MALLOC_FAILURE);
         return 0;
     }
@@ -89,7 +40,7 @@ STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si)
     const unsigned char *p;
 
     cap = PKCS7_get_signed_attribute(si, NID_SMIMECapabilities);
-    if (!cap || (cap->type != V_ASN1_SEQUENCE))
+    if (cap == NULL || (cap->type != V_ASN1_SEQUENCE))
         return NULL;
     p = cap->value.sequence->data;
     return (STACK_OF(X509_ALGOR) *)
@@ -100,33 +51,38 @@ STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si)
 /* Basic smime-capabilities OID and optional integer arg */
 int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
 {
+    ASN1_INTEGER *nbit = NULL;
     X509_ALGOR *alg;
 
-    if (!(alg = X509_ALGOR_new())) {
+    if ((alg = X509_ALGOR_new()) == NULL) {
         PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE);
         return 0;
     }
     ASN1_OBJECT_free(alg->algorithm);
     alg->algorithm = OBJ_nid2obj(nid);
     if (arg > 0) {
-        ASN1_INTEGER *nbit;
-        if (!(alg->parameter = ASN1_TYPE_new())) {
-            PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE);
-            return 0;
+        if ((alg->parameter = ASN1_TYPE_new()) == NULL) {
+            goto err;
         }
-        if (!(nbit = ASN1_INTEGER_new())) {
-            PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE);
-            return 0;
+        if ((nbit = ASN1_INTEGER_new()) == NULL) {
+            goto err;
         }
         if (!ASN1_INTEGER_set(nbit, arg)) {
-            PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE);
-            return 0;
+            goto err;
         }
         alg->parameter->value.integer = nbit;
         alg->parameter->type = V_ASN1_INTEGER;
+        nbit = NULL;
+    }
+    if (!sk_X509_ALGOR_push(sk, alg)) {
+        goto err;
     }
-    sk_X509_ALGOR_push(sk, alg);
     return 1;
+err:
+    PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE);
+    ASN1_INTEGER_free(nbit);
+    X509_ALGOR_free(alg);
+    return 0;
 }
 
 int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid)
@@ -141,7 +97,7 @@ int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid)
 
 int PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t)
 {
-    if (!t && !(t = X509_gmtime_adj(NULL, 0))) {
+    if (t == NULL && (t = X509_gmtime_adj(NULL, 0)) == NULL) {
         PKCS7err(PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME,
                  ERR_R_MALLOC_FAILURE);
         return 0;
@@ -155,7 +111,7 @@ int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si,
 {
     ASN1_OCTET_STRING *os;
     os = ASN1_OCTET_STRING_new();
-    if (!os)
+    if (os == NULL)
         return 0;
     if (!ASN1_STRING_set(os, md, mdlen)
         || !PKCS7_add_signed_attribute(si, NID_pkcs9_messageDigest,
diff --git a/freebsd/crypto/openssl/crypto/pkcs7/pk7_dgst.c b/freebsd/crypto/openssl/crypto/pkcs7/pk7_dgst.c
deleted file mode 100644
index a3d2140e..00000000
--- a/freebsd/crypto/openssl/crypto/pkcs7/pk7_dgst.c
+++ /dev/null
@@ -1,67 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/pkcs7/pk7_dgst.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/pkcs7.h>
diff --git a/freebsd/crypto/openssl/crypto/pkcs7/pk7_doit.c b/freebsd/crypto/openssl/crypto/pkcs7/pk7_doit.c
index b2bb6a29..357e5c12 100644
--- a/freebsd/crypto/openssl/crypto/pkcs7/pk7_doit.c
+++ b/freebsd/crypto/openssl/crypto/pkcs7/pk7_doit.c
@@ -1,65 +1,16 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/pkcs7/pk7_doit.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/rand.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
@@ -130,8 +81,7 @@ static int PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg)
     return 1;
 
  err:
-    if (btmp)
-        BIO_free(btmp);
+    BIO_free(btmp);
     return 0;
 
 }
@@ -145,7 +95,7 @@ static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri,
     int ret = 0;
     size_t eklen;
 
-    pkey = X509_get_pubkey(ri->cert);
+    pkey = X509_get0_pubkey(ri->cert);
 
     if (!pkey)
         return 0;
@@ -182,12 +132,8 @@ static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri,
     ret = 1;
 
  err:
-    if (pkey)
-        EVP_PKEY_free(pkey);
-    if (pctx)
-        EVP_PKEY_CTX_free(pctx);
-    if (ek)
-        OPENSSL_free(ek);
+    EVP_PKEY_CTX_free(pctx);
+    OPENSSL_free(ek);
     return ret;
 
 }
@@ -234,18 +180,13 @@ static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen,
 
     ret = 1;
 
-    if (*pek) {
-        OPENSSL_cleanse(*pek, *peklen);
-        OPENSSL_free(*pek);
-    }
-
+    OPENSSL_clear_free(*pek, *peklen);
     *pek = ek;
     *peklen = eklen;
 
  err:
-    if (pctx)
-        EVP_PKEY_CTX_free(pctx);
-    if (!ret && ek)
+    EVP_PKEY_CTX_free(pctx);
+    if (!ret)
         OPENSSL_free(ek);
 
     return ret;
@@ -394,27 +335,23 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
         BIO_push(out, bio);
     else
         out = bio;
-    bio = NULL;
-    if (0) {
+    return out;
+
  err:
-        if (out != NULL)
-            BIO_free_all(out);
-        if (btmp != NULL)
-            BIO_free_all(btmp);
-        out = NULL;
-    }
-    return (out);
+    BIO_free_all(out);
+    BIO_free_all(btmp);
+    return NULL;
 }
 
 static int pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert)
 {
     int ret;
     ret = X509_NAME_cmp(ri->issuer_and_serial->issuer,
-                        pcert->cert_info->issuer);
+                        X509_get_issuer_name(pcert));
     if (ret)
         return ret;
-    return M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber,
-                              ri->issuer_and_serial->serial);
+    return ASN1_INTEGER_cmp(X509_get_serialNumber(pcert),
+                            ri->issuer_and_serial->serial);
 }
 
 /* int */
@@ -526,15 +463,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
     }
 
     if (evp_cipher != NULL) {
-#if 0
-        unsigned char key[EVP_MAX_KEY_LENGTH];
-        unsigned char iv[EVP_MAX_IV_LENGTH];
-        unsigned char *p;
-        int keylen, ivlen;
-        int max;
-        X509_OBJECT ret;
-#endif
-
         if ((etmp = BIO_new(BIO_f_cipher())) == NULL) {
             PKCS7err(PKCS7_F_PKCS7_DATADECODE, ERR_R_BIO_LIB);
             goto err;
@@ -567,7 +495,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
         /* If we haven't got a certificate try each ri in turn */
         if (pcert == NULL) {
             /*
-             * Always attempt to decrypt all rinfo even after sucess as a
+             * Always attempt to decrypt all rinfo even after success as a
              * defence against MMA timing attacks.
              */
             for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
@@ -593,7 +521,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
         /* Generate random key as MMA defence */
         tkeylen = EVP_CIPHER_CTX_key_length(evp_ctx);
         tkey = OPENSSL_malloc(tkeylen);
-        if (!tkey)
+        if (tkey == NULL)
             goto err;
         if (EVP_CIPHER_CTX_rand_key(evp_ctx, tkey) <= 0)
             goto err;
@@ -611,8 +539,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
              */
             if (!EVP_CIPHER_CTX_set_key_length(evp_ctx, eklen)) {
                 /* Use random key as MMA defence */
-                OPENSSL_cleanse(ek, eklen);
-                OPENSSL_free(ek);
+                OPENSSL_clear_free(ek, eklen);
                 ek = tkey;
                 eklen = tkeylen;
                 tkey = NULL;
@@ -623,16 +550,10 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
         if (EVP_CipherInit_ex(evp_ctx, NULL, NULL, ek, NULL, 0) <= 0)
             goto err;
 
-        if (ek) {
-            OPENSSL_cleanse(ek, eklen);
-            OPENSSL_free(ek);
-            ek = NULL;
-        }
-        if (tkey) {
-            OPENSSL_cleanse(tkey, tkeylen);
-            OPENSSL_free(tkey);
-            tkey = NULL;
-        }
+        OPENSSL_clear_free(ek, eklen);
+        ek = NULL;
+        OPENSSL_clear_free(tkey, tkeylen);
+        tkey = NULL;
 
         if (out == NULL)
             out = etmp;
@@ -640,24 +561,9 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
             BIO_push(out, etmp);
         etmp = NULL;
     }
-#if 1
     if (in_bio != NULL) {
         bio = in_bio;
     } else {
-# if 0
-        bio = BIO_new(BIO_s_mem());
-        if (bio == NULL)
-            goto err;
-        /*
-         * We need to set this so that when we have read all the data, the
-         * encrypt BIO, if present, will read EOF and encode the last few
-         * bytes
-         */
-        BIO_set_mem_eof_return(bio, 0);
-
-        if (data_body->length > 0)
-            BIO_write(bio, (char *)data_body->data, data_body->length);
-# else
         if (data_body->length > 0)
             bio = BIO_new_mem_buf(data_body->data, data_body->length);
         else {
@@ -668,32 +574,19 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
         }
         if (bio == NULL)
             goto err;
-# endif
     }
     BIO_push(out, bio);
     bio = NULL;
-#endif
-    if (0) {
+    return out;
+
  err:
-        if (ek) {
-            OPENSSL_cleanse(ek, eklen);
-            OPENSSL_free(ek);
-        }
-        if (tkey) {
-            OPENSSL_cleanse(tkey, tkeylen);
-            OPENSSL_free(tkey);
-        }
-        if (out != NULL)
-            BIO_free_all(out);
-        if (btmp != NULL)
-            BIO_free_all(btmp);
-        if (etmp != NULL)
-            BIO_free_all(etmp);
-        if (bio != NULL)
-            BIO_free_all(bio);
-        out = NULL;
-    }
-    return (out);
+    OPENSSL_clear_free(ek, eklen);
+    OPENSSL_clear_free(tkey, tkeylen);
+    BIO_free_all(out);
+    BIO_free_all(btmp);
+    BIO_free_all(etmp);
+    BIO_free_all(bio);
+    return NULL;
 }
 
 static BIO *PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid)
@@ -753,7 +646,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
     int i, j;
     BIO *btmp;
     PKCS7_SIGNER_INFO *si;
-    EVP_MD_CTX *mdc, ctx_tmp;
+    EVP_MD_CTX *mdc, *ctx_tmp;
     STACK_OF(X509_ATTRIBUTE) *sk;
     STACK_OF(PKCS7_SIGNER_INFO) *si_sk = NULL;
     ASN1_OCTET_STRING *os = NULL;
@@ -768,7 +661,12 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
         return 0;
     }
 
-    EVP_MD_CTX_init(&ctx_tmp);
+    ctx_tmp = EVP_MD_CTX_new();
+    if (ctx_tmp == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
     i = OBJ_obj2nid(p7->type);
     p7->state = PKCS7_S_HEADER;
 
@@ -780,9 +678,9 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
         /* XXXXXXXXXXXXXXXX */
         si_sk = p7->d.signed_and_enveloped->signer_info;
         os = p7->d.signed_and_enveloped->enc_data->enc_data;
-        if (!os) {
-            os = M_ASN1_OCTET_STRING_new();
-            if (!os) {
+        if (os == NULL) {
+            os = ASN1_OCTET_STRING_new();
+            if (os == NULL) {
                 PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE);
                 goto err;
             }
@@ -792,9 +690,9 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
     case NID_pkcs7_enveloped:
         /* XXXXXXXXXXXXXXXX */
         os = p7->d.enveloped->enc_data->enc_data;
-        if (!os) {
-            os = M_ASN1_OCTET_STRING_new();
-            if (!os) {
+        if (os == NULL) {
+            os = ASN1_OCTET_STRING_new();
+            if (os == NULL) {
                 PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE);
                 goto err;
             }
@@ -806,7 +704,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
         os = PKCS7_get_octet_string(p7->d.sign->contents);
         /* If detached data then the content is excluded */
         if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
-            M_ASN1_OCTET_STRING_free(os);
+            ASN1_OCTET_STRING_free(os);
             os = NULL;
             p7->d.sign->contents->d.data = NULL;
         }
@@ -816,7 +714,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
         os = PKCS7_get_octet_string(p7->d.digest->contents);
         /* If detached data then the content is excluded */
         if (PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) {
-            M_ASN1_OCTET_STRING_free(os);
+            ASN1_OCTET_STRING_free(os);
             os = NULL;
             p7->d.digest->contents->d.data = NULL;
         }
@@ -845,7 +743,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
             /*
              * We now have the EVP_MD_CTX, lets do the signing.
              */
-            if (!EVP_MD_CTX_copy_ex(&ctx_tmp, mdc))
+            if (!EVP_MD_CTX_copy_ex(ctx_tmp, mdc))
                 goto err;
 
             sk = si->auth_attr;
@@ -855,17 +753,18 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
              * sign the attributes
              */
             if (sk_X509_ATTRIBUTE_num(sk) > 0) {
-                if (!do_pkcs7_signed_attrib(si, &ctx_tmp))
+                if (!do_pkcs7_signed_attrib(si, ctx_tmp))
                     goto err;
             } else {
                 unsigned char *abuf = NULL;
                 unsigned int abuflen;
                 abuflen = EVP_PKEY_size(si->pkey);
                 abuf = OPENSSL_malloc(abuflen);
-                if (!abuf)
+                if (abuf == NULL)
                     goto err;
 
-                if (!EVP_SignFinal(&ctx_tmp, abuf, &abuflen, si->pkey)) {
+                if (!EVP_SignFinal(ctx_tmp, abuf, &abuflen, si->pkey)) {
+                    OPENSSL_free(abuf);
                     PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_EVP_LIB);
                     goto err;
                 }
@@ -880,7 +779,8 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
             goto err;
         if (!EVP_DigestFinal_ex(mdc, md_data, &md_len))
             goto err;
-        M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len);
+        if (!ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len))
+            goto err;
     }
 
     if (!PKCS7_is_detached(p7)) {
@@ -910,14 +810,14 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
     }
     ret = 1;
  err:
-    EVP_MD_CTX_cleanup(&ctx_tmp);
-    return (ret);
+    EVP_MD_CTX_free(ctx_tmp);
+    return ret;
 }
 
 int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
 {
-    EVP_MD_CTX mctx;
-    EVP_PKEY_CTX *pctx;
+    EVP_MD_CTX *mctx;
+    EVP_PKEY_CTX *pctx = NULL;
     unsigned char *abuf = NULL;
     int alen;
     size_t siglen;
@@ -927,8 +827,13 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
     if (md == NULL)
         return 0;
 
-    EVP_MD_CTX_init(&mctx);
-    if (EVP_DigestSignInit(&mctx, &pctx, md, NULL, si->pkey) <= 0)
+    mctx = EVP_MD_CTX_new();
+    if (mctx == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (EVP_DigestSignInit(mctx, &pctx, md, NULL, si->pkey) <= 0)
         goto err;
 
     if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
@@ -941,16 +846,16 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
                          ASN1_ITEM_rptr(PKCS7_ATTR_SIGN));
     if (!abuf)
         goto err;
-    if (EVP_DigestSignUpdate(&mctx, abuf, alen) <= 0)
+    if (EVP_DigestSignUpdate(mctx, abuf, alen) <= 0)
         goto err;
     OPENSSL_free(abuf);
     abuf = NULL;
-    if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0)
+    if (EVP_DigestSignFinal(mctx, NULL, &siglen) <= 0)
         goto err;
     abuf = OPENSSL_malloc(siglen);
-    if (!abuf)
+    if (abuf == NULL)
         goto err;
-    if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0)
+    if (EVP_DigestSignFinal(mctx, abuf, &siglen) <= 0)
         goto err;
 
     if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
@@ -959,16 +864,15 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
         goto err;
     }
 
-    EVP_MD_CTX_cleanup(&mctx);
+    EVP_MD_CTX_free(mctx);
 
     ASN1_STRING_set0(si->enc_digest, abuf, siglen);
 
     return 1;
 
  err:
-    if (abuf)
-        OPENSSL_free(abuf);
-    EVP_MD_CTX_cleanup(&mctx);
+    OPENSSL_free(abuf);
+    EVP_MD_CTX_free(mctx);
     return 0;
 
 }
@@ -1034,14 +938,18 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
                           X509 *x509)
 {
     ASN1_OCTET_STRING *os;
-    EVP_MD_CTX mdc_tmp, *mdc;
+    EVP_MD_CTX *mdc_tmp, *mdc;
     int ret = 0, i;
     int md_type;
     STACK_OF(X509_ATTRIBUTE) *sk;
     BIO *btmp;
     EVP_PKEY *pkey;
 
-    EVP_MD_CTX_init(&mdc_tmp);
+    mdc_tmp = EVP_MD_CTX_new();
+    if (mdc_tmp == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
 
     if (!PKCS7_type_is_signed(p7) && !PKCS7_type_is_signedAndEnveloped(p7)) {
         PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_WRONG_PKCS7_TYPE);
@@ -1078,7 +986,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
      * mdc is the digest ctx that we want, unless there are attributes, in
      * which case the digest is the signed attributes
      */
-    if (!EVP_MD_CTX_copy_ex(&mdc_tmp, mdc))
+    if (!EVP_MD_CTX_copy_ex(mdc_tmp, mdc))
         goto err;
 
     sk = si->auth_attr;
@@ -1088,7 +996,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
         int alen;
         ASN1_OCTET_STRING *message_digest;
 
-        if (!EVP_DigestFinal_ex(&mdc_tmp, md_dat, &md_len))
+        if (!EVP_DigestFinal_ex(mdc_tmp, md_dat, &md_len))
             goto err;
         message_digest = PKCS7_digest_from_attributes(sk);
         if (!message_digest) {
@@ -1098,23 +1006,12 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
         }
         if ((message_digest->length != (int)md_len) ||
             (memcmp(message_digest->data, md_dat, md_len))) {
-#if 0
-            {
-                int ii;
-                for (ii = 0; ii < message_digest->length; ii++)
-                    printf("%02X", message_digest->data[ii]);
-                printf(" sent\n");
-                for (ii = 0; ii < md_len; ii++)
-                    printf("%02X", md_dat[ii]);
-                printf(" calc\n");
-            }
-#endif
             PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_DIGEST_FAILURE);
             ret = -1;
             goto err;
         }
 
-        if (!EVP_VerifyInit_ex(&mdc_tmp, EVP_get_digestbynid(md_type), NULL))
+        if (!EVP_VerifyInit_ex(mdc_tmp, EVP_get_digestbynid(md_type), NULL))
             goto err;
 
         alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf,
@@ -1124,30 +1021,29 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
             ret = -1;
             goto err;
         }
-        if (!EVP_VerifyUpdate(&mdc_tmp, abuf, alen))
+        if (!EVP_VerifyUpdate(mdc_tmp, abuf, alen))
             goto err;
 
         OPENSSL_free(abuf);
     }
 
     os = si->enc_digest;
-    pkey = X509_get_pubkey(x509);
+    pkey = X509_get0_pubkey(x509);
     if (!pkey) {
         ret = -1;
         goto err;
     }
 
-    i = EVP_VerifyFinal(&mdc_tmp, os->data, os->length, pkey);
-    EVP_PKEY_free(pkey);
+    i = EVP_VerifyFinal(mdc_tmp, os->data, os->length, pkey);
     if (i <= 0) {
         PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_SIGNATURE_FAILURE);
         ret = -1;
         goto err;
-    } else
-        ret = 1;
+    }
+    ret = 1;
  err:
-    EVP_MD_CTX_cleanup(&mdc_tmp);
-    return (ret);
+    EVP_MD_CTX_free(mdc_tmp);
+    return ret;
 }
 
 PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx)
@@ -1165,46 +1061,34 @@ PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx)
     if (rsk == NULL)
         return NULL;
     if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx)
-        return (NULL);
+        return NULL;
     ri = sk_PKCS7_RECIP_INFO_value(rsk, idx);
-    return (ri->issuer_and_serial);
+    return ri->issuer_and_serial;
 }
 
 ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid)
 {
-    return (get_attribute(si->auth_attr, nid));
+    return get_attribute(si->auth_attr, nid);
 }
 
 ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid)
 {
-    return (get_attribute(si->unauth_attr, nid));
+    return get_attribute(si->unauth_attr, nid);
 }
 
 static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid)
 {
-    int i;
+    int idx;
     X509_ATTRIBUTE *xa;
-    ASN1_OBJECT *o;
-
-    o = OBJ_nid2obj(nid);
-    if (!o || !sk)
-        return (NULL);
-    for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
-        xa = sk_X509_ATTRIBUTE_value(sk, i);
-        if (OBJ_cmp(xa->object, o) == 0) {
-            if (!xa->single && sk_ASN1_TYPE_num(xa->value.set))
-                return (sk_ASN1_TYPE_value(xa->value.set, 0));
-            else
-                return (NULL);
-        }
-    }
-    return (NULL);
+    idx = X509at_get_attr_by_NID(sk, nid, -1);
+    xa = X509at_get_attr(sk, idx);
+    return X509_ATTRIBUTE_get0_type(xa, 0);
 }
 
 ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk)
 {
     ASN1_TYPE *astype;
-    if (!(astype = get_attribute(sk, NID_pkcs9_messageDigest)))
+    if ((astype = get_attribute(sk, NID_pkcs9_messageDigest)) == NULL)
         return NULL;
     return astype->value.octet_string;
 }
@@ -1214,8 +1098,7 @@ int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
 {
     int i;
 
-    if (p7si->auth_attr != NULL)
-        sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr, X509_ATTRIBUTE_free);
+    sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr, X509_ATTRIBUTE_free);
     p7si->auth_attr = sk_X509_ATTRIBUTE_dup(sk);
     if (p7si->auth_attr == NULL)
         return 0;
@@ -1224,9 +1107,9 @@ int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
                                    X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value
                                                       (sk, i))))
             == NULL)
-            return (0);
+            return 0;
     }
-    return (1);
+    return 1;
 }
 
 int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,
@@ -1234,8 +1117,7 @@ int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,
 {
     int i;
 
-    if (p7si->unauth_attr != NULL)
-        sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr, X509_ATTRIBUTE_free);
+    sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr, X509_ATTRIBUTE_free);
     p7si->unauth_attr = sk_X509_ATTRIBUTE_dup(sk);
     if (p7si->unauth_attr == NULL)
         return 0;
@@ -1244,21 +1126,21 @@ int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,
                                    X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value
                                                       (sk, i))))
             == NULL)
-            return (0);
+            return 0;
     }
-    return (1);
+    return 1;
 }
 
 int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
                                void *value)
 {
-    return (add_attribute(&(p7si->auth_attr), nid, atrtype, value));
+    return add_attribute(&(p7si->auth_attr), nid, atrtype, value);
 }
 
 int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
                         void *value)
 {
-    return (add_attribute(&(p7si->unauth_attr), nid, atrtype, value));
+    return add_attribute(&(p7si->unauth_attr), nid, atrtype, value);
 }
 
 static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
@@ -1267,11 +1149,10 @@ static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
     X509_ATTRIBUTE *attr = NULL;
 
     if (*sk == NULL) {
-        *sk = sk_X509_ATTRIBUTE_new_null();
-        if (*sk == NULL)
+        if ((*sk = sk_X509_ATTRIBUTE_new_null()) == NULL)
             return 0;
  new_attrib:
-        if (!(attr = X509_ATTRIBUTE_create(nid, atrtype, value)))
+        if ((attr = X509_ATTRIBUTE_create(nid, atrtype, value)) == NULL)
             return 0;
         if (!sk_X509_ATTRIBUTE_push(*sk, attr)) {
             X509_ATTRIBUTE_free(attr);
@@ -1282,7 +1163,7 @@ static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
 
         for (i = 0; i < sk_X509_ATTRIBUTE_num(*sk); i++) {
             attr = sk_X509_ATTRIBUTE_value(*sk, i);
-            if (OBJ_obj2nid(attr->object) == nid) {
+            if (OBJ_obj2nid(X509_ATTRIBUTE_get0_object(attr)) == nid) {
                 X509_ATTRIBUTE_free(attr);
                 attr = X509_ATTRIBUTE_create(nid, atrtype, value);
                 if (attr == NULL)
@@ -1297,5 +1178,5 @@ static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
         goto new_attrib;
     }
  end:
-    return (1);
+    return 1;
 }
diff --git a/freebsd/crypto/openssl/crypto/pkcs7/pk7_lib.c b/freebsd/crypto/openssl/crypto/pkcs7/pk7_lib.c
index 03cab944..351e1eb1 100644
--- a/freebsd/crypto/openssl/crypto/pkcs7/pk7_lib.c
+++ b/freebsd/crypto/openssl/crypto/pkcs7/pk7_lib.c
@@ -1,68 +1,20 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/pkcs7/pk7_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/objects.h>
 #include <openssl/x509.h>
-#include "asn1_locl.h"
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
 
 long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
 {
@@ -107,7 +59,7 @@ long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
         PKCS7err(PKCS7_F_PKCS7_CTRL, PKCS7_R_UNKNOWN_OPERATION);
         ret = 0;
     }
-    return (ret);
+    return ret;
 }
 
 int PKCS7_content_new(PKCS7 *p7, int type)
@@ -121,11 +73,10 @@ int PKCS7_content_new(PKCS7 *p7, int type)
     if (!PKCS7_set_content(p7, ret))
         goto err;
 
-    return (1);
+    return 1;
  err:
-    if (ret != NULL)
-        PKCS7_free(ret);
-    return (0);
+    PKCS7_free(ret);
+    return 0;
 }
 
 int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data)
@@ -135,13 +86,11 @@ int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data)
     i = OBJ_obj2nid(p7->type);
     switch (i) {
     case NID_pkcs7_signed:
-        if (p7->d.sign->contents != NULL)
-            PKCS7_free(p7->d.sign->contents);
+        PKCS7_free(p7->d.sign->contents);
         p7->d.sign->contents = p7_data;
         break;
     case NID_pkcs7_digest:
-        if (p7->d.digest->contents != NULL)
-            PKCS7_free(p7->d.digest->contents);
+        PKCS7_free(p7->d.digest->contents);
         p7->d.digest->contents = p7_data;
         break;
     case NID_pkcs7_data:
@@ -152,9 +101,9 @@ int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data)
         PKCS7err(PKCS7_F_PKCS7_SET_CONTENT, PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
         goto err;
     }
-    return (1);
+    return 1;
  err:
-    return (0);
+    return 0;
 }
 
 int PKCS7_set_type(PKCS7 *p7, int type)
@@ -179,7 +128,7 @@ int PKCS7_set_type(PKCS7 *p7, int type)
         break;
     case NID_pkcs7_data:
         p7->type = obj;
-        if ((p7->d.data = M_ASN1_OCTET_STRING_new()) == NULL)
+        if ((p7->d.data = ASN1_OCTET_STRING_new()) == NULL)
             goto err;
         break;
     case NID_pkcs7_signedAndEnveloped:
@@ -187,7 +136,6 @@ int PKCS7_set_type(PKCS7 *p7, int type)
         if ((p7->d.signed_and_enveloped = PKCS7_SIGN_ENVELOPE_new())
             == NULL)
             goto err;
-        ASN1_INTEGER_set(p7->d.signed_and_enveloped->version, 1);
         if (!ASN1_INTEGER_set(p7->d.signed_and_enveloped->version, 1))
             goto err;
         p7->d.signed_and_enveloped->enc_data->content_type
@@ -224,9 +172,9 @@ int PKCS7_set_type(PKCS7 *p7, int type)
         PKCS7err(PKCS7_F_PKCS7_SET_TYPE, PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
         goto err;
     }
-    return (1);
+    return 1;
  err:
-    return (0);
+    return 0;
 }
 
 int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other)
@@ -255,7 +203,7 @@ int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi)
         break;
     default:
         PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER, PKCS7_R_WRONG_CONTENT_TYPE);
-        return (0);
+        return 0;
     }
 
     nid = OBJ_obj2nid(psi->digest_alg->algorithm);
@@ -270,11 +218,11 @@ int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi)
         }
     }
     if (!j) {                   /* we need to add another algorithm */
-        if (!(alg = X509_ALGOR_new())
-            || !(alg->parameter = ASN1_TYPE_new())) {
+        if ((alg = X509_ALGOR_new()) == NULL
+            || (alg->parameter = ASN1_TYPE_new()) == NULL) {
             X509_ALGOR_free(alg);
             PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER, ERR_R_MALLOC_FAILURE);
-            return (0);
+            return 0;
         }
         alg->algorithm = OBJ_nid2obj(nid);
         alg->parameter->type = V_ASN1_NULL;
@@ -286,7 +234,7 @@ int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi)
 
     if (!sk_PKCS7_SIGNER_INFO_push(signer_sk, psi))
         return 0;
-    return (1);
+    return 1;
 }
 
 int PKCS7_add_certificate(PKCS7 *p7, X509 *x509)
@@ -304,7 +252,7 @@ int PKCS7_add_certificate(PKCS7 *p7, X509 *x509)
         break;
     default:
         PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE, PKCS7_R_WRONG_CONTENT_TYPE);
-        return (0);
+        return 0;
     }
 
     if (*sk == NULL)
@@ -313,12 +261,12 @@ int PKCS7_add_certificate(PKCS7 *p7, X509 *x509)
         PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE, ERR_R_MALLOC_FAILURE);
         return 0;
     }
-    CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509);
+    X509_up_ref(x509);
     if (!sk_X509_push(*sk, x509)) {
         X509_free(x509);
         return 0;
     }
-    return (1);
+    return 1;
 }
 
 int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl)
@@ -336,7 +284,7 @@ int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl)
         break;
     default:
         PKCS7err(PKCS7_F_PKCS7_ADD_CRL, PKCS7_R_WRONG_CONTENT_TYPE);
-        return (0);
+        return 0;
     }
 
     if (*sk == NULL)
@@ -346,12 +294,12 @@ int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl)
         return 0;
     }
 
-    CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL);
+    X509_CRL_up_ref(crl);
     if (!sk_X509_CRL_push(*sk, crl)) {
         X509_CRL_free(crl);
         return 0;
     }
-    return (1);
+    return 1;
 }
 
 int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
@@ -370,13 +318,13 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
      * because ASN1_INTEGER_set is used to set a 'long' we will do things the
      * ugly way.
      */
-    M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
+    ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
     if (!(p7i->issuer_and_serial->serial =
-          M_ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
+          ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
         goto err;
 
     /* lets keep the pkey around for a while */
-    CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
+    EVP_PKEY_up_ref(pkey);
     p7i->pkey = pkey;
 
     /* Set the algorithms */
@@ -422,17 +370,16 @@ PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey,
         goto err;
     if (!PKCS7_add_signer(p7, si))
         goto err;
-    return (si);
+    return si;
  err:
-    if (si)
-        PKCS7_SIGNER_INFO_free(si);
-    return (NULL);
+    PKCS7_SIGNER_INFO_free(si);
+    return NULL;
 }
 
 int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md)
 {
     if (PKCS7_type_is_digest(p7)) {
-        if (!(p7->d.digest->md->parameter = ASN1_TYPE_new())) {
+        if ((p7->d.digest->md->parameter = ASN1_TYPE_new()) == NULL) {
             PKCS7err(PKCS7_F_PKCS7_SET_DIGEST, ERR_R_MALLOC_FAILURE);
             return 0;
         }
@@ -450,11 +397,11 @@ STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
     if (p7 == NULL || p7->d.ptr == NULL)
         return NULL;
     if (PKCS7_type_is_signed(p7)) {
-        return (p7->d.sign->signer_info);
+        return p7->d.sign->signer_info;
     } else if (PKCS7_type_is_signedAndEnveloped(p7)) {
-        return (p7->d.signed_and_enveloped->signer_info);
+        return p7->d.signed_and_enveloped->signer_info;
     } else
-        return (NULL);
+        return NULL;
 }
 
 void PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk,
@@ -486,8 +433,7 @@ PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509)
         goto err;
     return ri;
  err:
-    if (ri)
-        PKCS7_RECIP_INFO_free(ri);
+    PKCS7_RECIP_INFO_free(ri);
     return NULL;
 }
 
@@ -507,12 +453,12 @@ int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri)
     default:
         PKCS7err(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,
                  PKCS7_R_WRONG_CONTENT_TYPE);
-        return (0);
+        return 0;
     }
 
     if (!sk_PKCS7_RECIP_INFO_push(sk, ri))
         return 0;
-    return (1);
+    return 1;
 }
 
 int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
@@ -525,12 +471,12 @@ int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
                        X509_get_issuer_name(x509)))
         return 0;
 
-    M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
+    ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
     if (!(p7i->issuer_and_serial->serial =
-          M_ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
+          ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
         return 0;
 
-    pkey = X509_get_pubkey(x509);
+    pkey = X509_get0_pubkey(x509);
 
     if (!pkey || !pkey->ameth || !pkey->ameth->pkey_ctrl) {
         PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
@@ -550,16 +496,12 @@ int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
         goto err;
     }
 
-    EVP_PKEY_free(pkey);
-
-    CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509);
+    X509_up_ref(x509);
     p7i->cert = x509;
 
     return 1;
 
  err:
-    if (pkey)
-        EVP_PKEY_free(pkey);
     return 0;
 }
 
@@ -571,7 +513,7 @@ X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
                                                si->
                                                issuer_and_serial->serial));
     else
-        return (NULL);
+        return NULL;
 }
 
 int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher)
@@ -589,7 +531,7 @@ int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher)
         break;
     default:
         PKCS7err(PKCS7_F_PKCS7_SET_CIPHER, PKCS7_R_WRONG_CONTENT_TYPE);
-        return (0);
+        return 0;
     }
 
     /* Check cipher OID exists and has data in it */
@@ -597,7 +539,7 @@ int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher)
     if (i == NID_undef) {
         PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,
                  PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
-        return (0);
+        return 0;
     }
 
     ec->cipher = cipher;
@@ -616,7 +558,7 @@ int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7)
     case NID_pkcs7_signedAndEnveloped:
         os = p7->d.signed_and_enveloped->enc_data->enc_data;
         if (os == NULL) {
-            os = M_ASN1_OCTET_STRING_new();
+            os = ASN1_OCTET_STRING_new();
             p7->d.signed_and_enveloped->enc_data->enc_data = os;
         }
         break;
@@ -624,7 +566,7 @@ int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7)
     case NID_pkcs7_enveloped:
         os = p7->d.enveloped->enc_data->enc_data;
         if (os == NULL) {
-            os = M_ASN1_OCTET_STRING_new();
+            os = ASN1_OCTET_STRING_new();
             p7->d.enveloped->enc_data->enc_data = os;
         }
         break;
diff --git a/freebsd/crypto/openssl/crypto/pkcs7/pk7_mime.c b/freebsd/crypto/openssl/crypto/pkcs7/pk7_mime.c
index 30a11566..dccf1542 100644
--- a/freebsd/crypto/openssl/crypto/pkcs7/pk7_mime.c
+++ b/freebsd/crypto/openssl/crypto/pkcs7/pk7_mime.c
@@ -1,64 +1,16 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* pk7_mime.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include <ctype.h>
-#include "cryptlib.h"
-#include <openssl/rand.h>
+#include "internal/cryptlib.h"
 #include <openssl/x509.h>
 #include <openssl/asn1.h>
 
diff --git a/freebsd/crypto/openssl/crypto/pkcs7/pk7_smime.c b/freebsd/crypto/openssl/crypto/pkcs7/pk7_smime.c
index 4a66138a..96c71f8d 100644
--- a/freebsd/crypto/openssl/crypto/pkcs7/pk7_smime.c
+++ b/freebsd/crypto/openssl/crypto/pkcs7/pk7_smime.c
@@ -1,71 +1,24 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* pk7_smime.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 /* Simple PKCS#7 processing functions */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 
+
+#define BUFFERSIZE 4096
+
 static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si);
 
 PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
@@ -74,7 +27,7 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
     PKCS7 *p7;
     int i;
 
-    if (!(p7 = PKCS7_new())) {
+    if ((p7 = PKCS7_new()) == NULL) {
         PKCS7err(PKCS7_F_PKCS7_SIGN, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
@@ -115,7 +68,8 @@ int PKCS7_final(PKCS7 *p7, BIO *data, int flags)
 {
     BIO *p7bio;
     int ret = 0;
-    if (!(p7bio = PKCS7_dataInit(p7, NULL))) {
+
+    if ((p7bio = PKCS7_dataInit(p7, NULL)) == NULL) {
         PKCS7err(PKCS7_F_PKCS7_FINAL, ERR_R_MALLOC_FAILURE);
         return 0;
     }
@@ -166,7 +120,7 @@ PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert,
         return NULL;
     }
 
-    if (!(si = PKCS7_add_signature(p7, signcert, pkey, md))) {
+    if ((si = PKCS7_add_signature(p7, signcert, pkey, md)) == NULL) {
         PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER,
                  PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
         return NULL;
@@ -182,11 +136,13 @@ PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert,
             goto err;
         /* Add SMIMECapabilities */
         if (!(flags & PKCS7_NOSMIMECAP)) {
-            if (!(smcap = sk_X509_ALGOR_new_null())) {
+            if ((smcap = sk_X509_ALGOR_new_null()) == NULL) {
                 PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER, ERR_R_MALLOC_FAILURE);
                 goto err;
             }
             if (!add_cipher_smcap(smcap, NID_aes_256_cbc, -1)
+                || !add_digest_smcap(smcap, NID_id_GostR3411_2012_256, -1)
+                || !add_digest_smcap(smcap, NID_id_GostR3411_2012_512, -1)
                 || !add_digest_smcap(smcap, NID_id_GostR3411_94, -1)
                 || !add_cipher_smcap(smcap, NID_id_Gost28147_89, -1)
                 || !add_cipher_smcap(smcap, NID_aes_192_cbc, -1)
@@ -210,8 +166,7 @@ PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert,
     }
     return si;
  err:
-    if (smcap)
-        sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
+    sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
     return NULL;
 }
 
@@ -255,8 +210,8 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
     X509 *signer;
     STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
     PKCS7_SIGNER_INFO *si;
-    X509_STORE_CTX cert_ctx;
-    char buf[4096];
+    X509_STORE_CTX *cert_ctx = NULL;
+    char *buf = NULL;
     int i, j = 0, k, ret = 0;
     BIO *p7bio = NULL;
     BIO *tmpin = NULL, *tmpout = NULL;
@@ -276,29 +231,20 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
         PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_CONTENT);
         return 0;
     }
-#if 0
-    /*
-     * NB: this test commented out because some versions of Netscape
-     * illegally include zero length content when signing data. Also
-     * Microsoft Authenticode includes a SpcIndirectDataContent data
-     * structure which describes the content to be protected by the
-     * signature, rather than directly embedding that content. So
-     * Authenticode implementations are also expected to use
-     * PKCS7_verify() with explicit external data, on non-detached
-     * PKCS#7 signatures.
-     *
-     * In OpenSSL 1.1 a new flag PKCS7_NO_DUAL_CONTENT has been
-     * introduced to disable this sanity check. For the 1.0.2 branch
-     * this change is not acceptable, so the check remains completely
-     * commented out (as it has been for a long time).
-     */
 
-    /* Check for data and content: two sets of data */
-    if (!PKCS7_get_detached(p7) && indata) {
-        PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CONTENT_AND_DATA_PRESENT);
-        return 0;
+    if (flags & PKCS7_NO_DUAL_CONTENT) {
+        /*
+         * This was originally "#if 0" because we thought that only old broken
+         * Netscape did this.  It turns out that Authenticode uses this kind
+         * of "extended" PKCS7 format, and things like UEFI secure boot and
+         * tools like osslsigncode need it.  In Authenticode the verification
+         * process is different, but the existing PKCs7 verification works.
+         */
+        if (!PKCS7_get_detached(p7) && indata) {
+            PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CONTENT_AND_DATA_PRESENT);
+            return 0;
+        }
     }
-#endif
 
     sinfos = PKCS7_get_signer_info(p7);
 
@@ -313,26 +259,29 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
 
     /* Now verify the certificates */
 
+    cert_ctx = X509_STORE_CTX_new();
+    if (cert_ctx == NULL)
+        goto err;
     if (!(flags & PKCS7_NOVERIFY))
         for (k = 0; k < sk_X509_num(signers); k++) {
             signer = sk_X509_value(signers, k);
             if (!(flags & PKCS7_NOCHAIN)) {
-                if (!X509_STORE_CTX_init(&cert_ctx, store, signer,
+                if (!X509_STORE_CTX_init(cert_ctx, store, signer,
                                          p7->d.sign->cert)) {
                     PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_X509_LIB);
                     goto err;
                 }
-                X509_STORE_CTX_set_default(&cert_ctx, "smime_sign");
-            } else if (!X509_STORE_CTX_init(&cert_ctx, store, signer, NULL)) {
+                X509_STORE_CTX_set_default(cert_ctx, "smime_sign");
+            } else if (!X509_STORE_CTX_init(cert_ctx, store, signer, NULL)) {
                 PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_X509_LIB);
                 goto err;
             }
             if (!(flags & PKCS7_NOCRL))
-                X509_STORE_CTX_set0_crls(&cert_ctx, p7->d.sign->crl);
-            i = X509_verify_cert(&cert_ctx);
+                X509_STORE_CTX_set0_crls(cert_ctx, p7->d.sign->crl);
+            i = X509_verify_cert(cert_ctx);
             if (i <= 0)
-                j = X509_STORE_CTX_get_error(&cert_ctx);
-            X509_STORE_CTX_cleanup(&cert_ctx);
+                j = X509_STORE_CTX_get_error(cert_ctx);
+            X509_STORE_CTX_cleanup(cert_ctx);
             if (i <= 0) {
                 PKCS7err(PKCS7_F_PKCS7_VERIFY,
                          PKCS7_R_CERTIFICATE_VERIFY_ERROR);
@@ -362,11 +311,11 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
     } else
         tmpin = indata;
 
-    if (!(p7bio = PKCS7_dataInit(p7, tmpin)))
+    if ((p7bio = PKCS7_dataInit(p7, tmpin)) == NULL)
         goto err;
 
     if (flags & PKCS7_TEXT) {
-        if (!(tmpout = BIO_new(BIO_s_mem()))) {
+        if ((tmpout = BIO_new(BIO_s_mem())) == NULL) {
             PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE);
             goto err;
         }
@@ -375,8 +324,12 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
         tmpout = out;
 
     /* We now have to 'read' from p7bio to calculate digests etc. */
+    if ((buf = OPENSSL_malloc(BUFFERSIZE)) == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
     for (;;) {
-        i = BIO_read(p7bio, buf, sizeof(buf));
+        i = BIO_read(p7bio, buf, BUFFERSIZE);
         if (i <= 0)
             break;
         if (tmpout)
@@ -407,6 +360,8 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
     ret = 1;
 
  err:
+    X509_STORE_CTX_free(cert_ctx);
+    OPENSSL_free(buf);
     if (tmpin == indata) {
         if (indata)
             BIO_pop(p7bio);
@@ -445,7 +400,7 @@ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs,
         return 0;
     }
 
-    if (!(signers = sk_X509_new_null())) {
+    if ((signers = sk_X509_new_null()) == NULL) {
         PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
@@ -487,7 +442,7 @@ PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
     BIO *p7bio = NULL;
     int i;
     X509 *x509;
-    if (!(p7 = PKCS7_new())) {
+    if ((p7 = PKCS7_new()) == NULL) {
         PKCS7err(PKCS7_F_PKCS7_ENCRYPT, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
@@ -524,8 +479,8 @@ PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
 int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
 {
     BIO *tmpmem;
-    int ret, i;
-    char buf[4096];
+    int ret = 0, i;
+    char *buf = NULL;
 
     if (!p7) {
         PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_INVALID_NULL_POINTER);
@@ -543,7 +498,7 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
         return 0;
     }
 
-    if (!(tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert))) {
+    if ((tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert)) == NULL) {
         PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_DECRYPT_ERROR);
         return 0;
     }
@@ -551,12 +506,12 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
     if (flags & PKCS7_TEXT) {
         BIO *tmpbuf, *bread;
         /* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */
-        if (!(tmpbuf = BIO_new(BIO_f_buffer()))) {
+        if ((tmpbuf = BIO_new(BIO_f_buffer())) == NULL) {
             PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
             BIO_free_all(tmpmem);
             return 0;
         }
-        if (!(bread = BIO_push(tmpbuf, tmpmem))) {
+        if ((bread = BIO_push(tmpbuf, tmpmem)) == NULL) {
             PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
             BIO_free_all(tmpbuf);
             BIO_free_all(tmpmem);
@@ -569,24 +524,28 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
         }
         BIO_free_all(bread);
         return ret;
-    } else {
-        for (;;) {
-            i = BIO_read(tmpmem, buf, sizeof(buf));
-            if (i <= 0) {
-                ret = 1;
-                if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) {
-                    if (!BIO_get_cipher_status(tmpmem))
-                        ret = 0;
-                }
-
-                break;
-            }
-            if (BIO_write(data, buf, i) != i) {
-                ret = 0;
-                break;
+    }
+    if ((buf = OPENSSL_malloc(BUFFERSIZE)) == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    for (;;) {
+        i = BIO_read(tmpmem, buf, BUFFERSIZE);
+        if (i <= 0) {
+            ret = 1;
+            if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) {
+                if (!BIO_get_cipher_status(tmpmem))
+                    ret = 0;
             }
+
+            break;
+        }
+        if (BIO_write(data, buf, i) != i) {
+            break;
         }
-        BIO_free_all(tmpmem);
-        return ret;
     }
+err:
+    OPENSSL_free(buf);
+    BIO_free_all(tmpmem);
+    return ret;
 }
diff --git a/freebsd/crypto/openssl/crypto/pkcs7/pkcs7err.c b/freebsd/crypto/openssl/crypto/pkcs7/pkcs7err.c
index 2df52d7c..9a56c2d5 100644
--- a/freebsd/crypto/openssl/crypto/pkcs7/pkcs7err.c
+++ b/freebsd/crypto/openssl/crypto/pkcs7/pkcs7err.c
@@ -1,209 +1,158 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/pkcs7/pkcs7err.c */
-/* ====================================================================
- * Copyright (c) 1999-2014 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
 /*
- * NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
-#include <openssl/pkcs7.h>
+#include <openssl/pkcs7err.h>
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS7,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS7,0,reason)
-
-static ERR_STRING_DATA PKCS7_str_functs[] = {
-    {ERR_FUNC(PKCS7_F_B64_READ_PKCS7), "B64_READ_PKCS7"},
-    {ERR_FUNC(PKCS7_F_B64_WRITE_PKCS7), "B64_WRITE_PKCS7"},
-    {ERR_FUNC(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB), "DO_PKCS7_SIGNED_ATTRIB"},
-    {ERR_FUNC(PKCS7_F_I2D_PKCS7_BIO_STREAM), "i2d_PKCS7_bio_stream"},
-    {ERR_FUNC(PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME),
+static const ERR_STRING_DATA PKCS7_str_functs[] = {
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, 0),
+     "do_pkcs7_signed_attrib"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME, 0),
      "PKCS7_add0_attrib_signing_time"},
-    {ERR_FUNC(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP),
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP, 0),
      "PKCS7_add_attrib_smimecap"},
-    {ERR_FUNC(PKCS7_F_PKCS7_ADD_CERTIFICATE), "PKCS7_add_certificate"},
-    {ERR_FUNC(PKCS7_F_PKCS7_ADD_CRL), "PKCS7_add_crl"},
-    {ERR_FUNC(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO), "PKCS7_add_recipient_info"},
-    {ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNATURE), "PKCS7_add_signature"},
-    {ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNER), "PKCS7_add_signer"},
-    {ERR_FUNC(PKCS7_F_PKCS7_BIO_ADD_DIGEST), "PKCS7_BIO_ADD_DIGEST"},
-    {ERR_FUNC(PKCS7_F_PKCS7_COPY_EXISTING_DIGEST),
-     "PKCS7_COPY_EXISTING_DIGEST"},
-    {ERR_FUNC(PKCS7_F_PKCS7_CTRL), "PKCS7_ctrl"},
-    {ERR_FUNC(PKCS7_F_PKCS7_DATADECODE), "PKCS7_dataDecode"},
-    {ERR_FUNC(PKCS7_F_PKCS7_DATAFINAL), "PKCS7_dataFinal"},
-    {ERR_FUNC(PKCS7_F_PKCS7_DATAINIT), "PKCS7_dataInit"},
-    {ERR_FUNC(PKCS7_F_PKCS7_DATASIGN), "PKCS7_DATASIGN"},
-    {ERR_FUNC(PKCS7_F_PKCS7_DATAVERIFY), "PKCS7_dataVerify"},
-    {ERR_FUNC(PKCS7_F_PKCS7_DECRYPT), "PKCS7_decrypt"},
-    {ERR_FUNC(PKCS7_F_PKCS7_DECRYPT_RINFO), "PKCS7_DECRYPT_RINFO"},
-    {ERR_FUNC(PKCS7_F_PKCS7_ENCODE_RINFO), "PKCS7_ENCODE_RINFO"},
-    {ERR_FUNC(PKCS7_F_PKCS7_ENCRYPT), "PKCS7_encrypt"},
-    {ERR_FUNC(PKCS7_F_PKCS7_FINAL), "PKCS7_final"},
-    {ERR_FUNC(PKCS7_F_PKCS7_FIND_DIGEST), "PKCS7_FIND_DIGEST"},
-    {ERR_FUNC(PKCS7_F_PKCS7_GET0_SIGNERS), "PKCS7_get0_signers"},
-    {ERR_FUNC(PKCS7_F_PKCS7_RECIP_INFO_SET), "PKCS7_RECIP_INFO_set"},
-    {ERR_FUNC(PKCS7_F_PKCS7_SET_CIPHER), "PKCS7_set_cipher"},
-    {ERR_FUNC(PKCS7_F_PKCS7_SET_CONTENT), "PKCS7_set_content"},
-    {ERR_FUNC(PKCS7_F_PKCS7_SET_DIGEST), "PKCS7_set_digest"},
-    {ERR_FUNC(PKCS7_F_PKCS7_SET_TYPE), "PKCS7_set_type"},
-    {ERR_FUNC(PKCS7_F_PKCS7_SIGN), "PKCS7_sign"},
-    {ERR_FUNC(PKCS7_F_PKCS7_SIGNATUREVERIFY), "PKCS7_signatureVerify"},
-    {ERR_FUNC(PKCS7_F_PKCS7_SIGNER_INFO_SET), "PKCS7_SIGNER_INFO_set"},
-    {ERR_FUNC(PKCS7_F_PKCS7_SIGNER_INFO_SIGN), "PKCS7_SIGNER_INFO_sign"},
-    {ERR_FUNC(PKCS7_F_PKCS7_SIGN_ADD_SIGNER), "PKCS7_sign_add_signer"},
-    {ERR_FUNC(PKCS7_F_PKCS7_SIMPLE_SMIMECAP), "PKCS7_simple_smimecap"},
-    {ERR_FUNC(PKCS7_F_PKCS7_VERIFY), "PKCS7_verify"},
-    {ERR_FUNC(PKCS7_F_SMIME_READ_PKCS7), "SMIME_read_PKCS7"},
-    {ERR_FUNC(PKCS7_F_SMIME_TEXT), "SMIME_text"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ADD_CERTIFICATE, 0),
+     "PKCS7_add_certificate"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ADD_CRL, 0), "PKCS7_add_crl"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ADD_RECIPIENT_INFO, 0),
+     "PKCS7_add_recipient_info"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ADD_SIGNATURE, 0),
+     "PKCS7_add_signature"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ADD_SIGNER, 0), "PKCS7_add_signer"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_BIO_ADD_DIGEST, 0),
+     "PKCS7_bio_add_digest"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_COPY_EXISTING_DIGEST, 0),
+     "pkcs7_copy_existing_digest"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_CTRL, 0), "PKCS7_ctrl"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_DATADECODE, 0), "PKCS7_dataDecode"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_DATAFINAL, 0), "PKCS7_dataFinal"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_DATAINIT, 0), "PKCS7_dataInit"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_DATAVERIFY, 0), "PKCS7_dataVerify"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_DECRYPT, 0), "PKCS7_decrypt"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_DECRYPT_RINFO, 0),
+     "pkcs7_decrypt_rinfo"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ENCODE_RINFO, 0),
+     "pkcs7_encode_rinfo"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ENCRYPT, 0), "PKCS7_encrypt"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_FINAL, 0), "PKCS7_final"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_FIND_DIGEST, 0),
+     "PKCS7_find_digest"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_GET0_SIGNERS, 0),
+     "PKCS7_get0_signers"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_RECIP_INFO_SET, 0),
+     "PKCS7_RECIP_INFO_set"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SET_CIPHER, 0), "PKCS7_set_cipher"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SET_CONTENT, 0),
+     "PKCS7_set_content"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SET_DIGEST, 0), "PKCS7_set_digest"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SET_TYPE, 0), "PKCS7_set_type"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SIGN, 0), "PKCS7_sign"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SIGNATUREVERIFY, 0),
+     "PKCS7_signatureVerify"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SIGNER_INFO_SET, 0),
+     "PKCS7_SIGNER_INFO_set"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SIGNER_INFO_SIGN, 0),
+     "PKCS7_SIGNER_INFO_sign"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SIGN_ADD_SIGNER, 0),
+     "PKCS7_sign_add_signer"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SIMPLE_SMIMECAP, 0),
+     "PKCS7_simple_smimecap"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_VERIFY, 0), "PKCS7_verify"},
     {0, NULL}
 };
 
-static ERR_STRING_DATA PKCS7_str_reasons[] = {
-    {ERR_REASON(PKCS7_R_CERTIFICATE_VERIFY_ERROR),
-     "certificate verify error"},
-    {ERR_REASON(PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),
-     "cipher has no object identifier"},
-    {ERR_REASON(PKCS7_R_CIPHER_NOT_INITIALIZED), "cipher not initialized"},
-    {ERR_REASON(PKCS7_R_CONTENT_AND_DATA_PRESENT),
-     "content and data present"},
-    {ERR_REASON(PKCS7_R_CTRL_ERROR), "ctrl error"},
-    {ERR_REASON(PKCS7_R_DECODE_ERROR), "decode error"},
-    {ERR_REASON(PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH),
-     "decrypted key is wrong length"},
-    {ERR_REASON(PKCS7_R_DECRYPT_ERROR), "decrypt error"},
-    {ERR_REASON(PKCS7_R_DIGEST_FAILURE), "digest failure"},
-    {ERR_REASON(PKCS7_R_ENCRYPTION_CTRL_FAILURE), "encryption ctrl failure"},
-    {ERR_REASON(PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),
-     "encryption not supported for this key type"},
-    {ERR_REASON(PKCS7_R_ERROR_ADDING_RECIPIENT), "error adding recipient"},
-    {ERR_REASON(PKCS7_R_ERROR_SETTING_CIPHER), "error setting cipher"},
-    {ERR_REASON(PKCS7_R_INVALID_MIME_TYPE), "invalid mime type"},
-    {ERR_REASON(PKCS7_R_INVALID_NULL_POINTER), "invalid null pointer"},
-    {ERR_REASON(PKCS7_R_INVALID_SIGNED_DATA_TYPE),
-     "invalid signed data type"},
-    {ERR_REASON(PKCS7_R_MIME_NO_CONTENT_TYPE), "mime no content type"},
-    {ERR_REASON(PKCS7_R_MIME_PARSE_ERROR), "mime parse error"},
-    {ERR_REASON(PKCS7_R_MIME_SIG_PARSE_ERROR), "mime sig parse error"},
-    {ERR_REASON(PKCS7_R_MISSING_CERIPEND_INFO), "missing ceripend info"},
-    {ERR_REASON(PKCS7_R_NO_CONTENT), "no content"},
-    {ERR_REASON(PKCS7_R_NO_CONTENT_TYPE), "no content type"},
-    {ERR_REASON(PKCS7_R_NO_DEFAULT_DIGEST), "no default digest"},
-    {ERR_REASON(PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND),
-     "no matching digest type found"},
-    {ERR_REASON(PKCS7_R_NO_MULTIPART_BODY_FAILURE),
-     "no multipart body failure"},
-    {ERR_REASON(PKCS7_R_NO_MULTIPART_BOUNDARY), "no multipart boundary"},
-    {ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE),
-     "no recipient matches certificate"},
-    {ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_KEY),
-     "no recipient matches key"},
-    {ERR_REASON(PKCS7_R_NO_SIGNATURES_ON_DATA), "no signatures on data"},
-    {ERR_REASON(PKCS7_R_NO_SIGNERS), "no signers"},
-    {ERR_REASON(PKCS7_R_NO_SIG_CONTENT_TYPE), "no sig content type"},
-    {ERR_REASON(PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE),
-     "operation not supported on this type"},
-    {ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR),
-     "pkcs7 add signature error"},
-    {ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNER_ERROR), "pkcs7 add signer error"},
-    {ERR_REASON(PKCS7_R_PKCS7_DATAFINAL), "pkcs7 datafinal"},
-    {ERR_REASON(PKCS7_R_PKCS7_DATAFINAL_ERROR), "pkcs7 datafinal error"},
-    {ERR_REASON(PKCS7_R_PKCS7_DATASIGN), "pkcs7 datasign"},
-    {ERR_REASON(PKCS7_R_PKCS7_PARSE_ERROR), "pkcs7 parse error"},
-    {ERR_REASON(PKCS7_R_PKCS7_SIG_PARSE_ERROR), "pkcs7 sig parse error"},
-    {ERR_REASON(PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),
-     "private key does not match certificate"},
-    {ERR_REASON(PKCS7_R_SIGNATURE_FAILURE), "signature failure"},
-    {ERR_REASON(PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND),
-     "signer certificate not found"},
-    {ERR_REASON(PKCS7_R_SIGNING_CTRL_FAILURE), "signing ctrl failure"},
-    {ERR_REASON(PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),
-     "signing not supported for this key type"},
-    {ERR_REASON(PKCS7_R_SIG_INVALID_MIME_TYPE), "sig invalid mime type"},
-    {ERR_REASON(PKCS7_R_SMIME_TEXT_ERROR), "smime text error"},
-    {ERR_REASON(PKCS7_R_UNABLE_TO_FIND_CERTIFICATE),
-     "unable to find certificate"},
-    {ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MEM_BIO), "unable to find mem bio"},
-    {ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST),
-     "unable to find message digest"},
-    {ERR_REASON(PKCS7_R_UNKNOWN_DIGEST_TYPE), "unknown digest type"},
-    {ERR_REASON(PKCS7_R_UNKNOWN_OPERATION), "unknown operation"},
-    {ERR_REASON(PKCS7_R_UNSUPPORTED_CIPHER_TYPE), "unsupported cipher type"},
-    {ERR_REASON(PKCS7_R_UNSUPPORTED_CONTENT_TYPE),
-     "unsupported content type"},
-    {ERR_REASON(PKCS7_R_WRONG_CONTENT_TYPE), "wrong content type"},
-    {ERR_REASON(PKCS7_R_WRONG_PKCS7_TYPE), "wrong pkcs7 type"},
+static const ERR_STRING_DATA PKCS7_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_CERTIFICATE_VERIFY_ERROR),
+    "certificate verify error"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),
+    "cipher has no object identifier"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_CIPHER_NOT_INITIALIZED),
+    "cipher not initialized"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_CONTENT_AND_DATA_PRESENT),
+    "content and data present"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_CTRL_ERROR), "ctrl error"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_DECRYPT_ERROR), "decrypt error"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_DIGEST_FAILURE), "digest failure"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_ENCRYPTION_CTRL_FAILURE),
+    "encryption ctrl failure"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),
+    "encryption not supported for this key type"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_ERROR_ADDING_RECIPIENT),
+    "error adding recipient"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_ERROR_SETTING_CIPHER),
+    "error setting cipher"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_INVALID_NULL_POINTER),
+    "invalid null pointer"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_INVALID_SIGNED_DATA_TYPE),
+    "invalid signed data type"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_NO_CONTENT), "no content"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_NO_DEFAULT_DIGEST),
+    "no default digest"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND),
+    "no matching digest type found"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE),
+    "no recipient matches certificate"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_NO_SIGNATURES_ON_DATA),
+    "no signatures on data"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_NO_SIGNERS), "no signers"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE),
+    "operation not supported on this type"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR),
+    "pkcs7 add signature error"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_PKCS7_ADD_SIGNER_ERROR),
+    "pkcs7 add signer error"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_PKCS7_DATASIGN), "pkcs7 datasign"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),
+    "private key does not match certificate"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_SIGNATURE_FAILURE),
+    "signature failure"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND),
+    "signer certificate not found"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_SIGNING_CTRL_FAILURE),
+    "signing ctrl failure"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),
+    "signing not supported for this key type"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_SMIME_TEXT_ERROR), "smime text error"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNABLE_TO_FIND_CERTIFICATE),
+    "unable to find certificate"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNABLE_TO_FIND_MEM_BIO),
+    "unable to find mem bio"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST),
+    "unable to find message digest"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNKNOWN_DIGEST_TYPE),
+    "unknown digest type"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNKNOWN_OPERATION),
+    "unknown operation"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNSUPPORTED_CIPHER_TYPE),
+    "unsupported cipher type"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNSUPPORTED_CONTENT_TYPE),
+    "unsupported content type"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_WRONG_CONTENT_TYPE),
+    "wrong content type"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_WRONG_PKCS7_TYPE), "wrong pkcs7 type"},
     {0, NULL}
 };
 
 #endif
 
-void ERR_load_PKCS7_strings(void)
+int ERR_load_PKCS7_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
-
     if (ERR_func_error_string(PKCS7_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, PKCS7_str_functs);
-        ERR_load_strings(0, PKCS7_str_reasons);
+        ERR_load_strings_const(PKCS7_str_functs);
+        ERR_load_strings_const(PKCS7_str_reasons);
     }
 #endif
+    return 1;
 }
diff --git a/freebsd/crypto/openssl/crypto/poly1305/poly1305.c b/freebsd/crypto/openssl/crypto/poly1305/poly1305.c
new file mode 100644
index 00000000..ce7a09ca
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/poly1305/poly1305.c
@@ -0,0 +1,533 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/crypto.h>
+
+#include "internal/poly1305.h"
+#include "poly1305_local.h"
+
+size_t Poly1305_ctx_size(void)
+{
+    return sizeof(struct poly1305_context);
+}
+
+/* pick 32-bit unsigned integer in little endian order */
+static unsigned int U8TOU32(const unsigned char *p)
+{
+    return (((unsigned int)(p[0] & 0xff)) |
+            ((unsigned int)(p[1] & 0xff) << 8) |
+            ((unsigned int)(p[2] & 0xff) << 16) |
+            ((unsigned int)(p[3] & 0xff) << 24));
+}
+
+/*
+ * Implementations can be classified by amount of significant bits in
+ * words making up the multi-precision value, or in other words radix
+ * or base of numerical representation, e.g. base 2^64, base 2^32,
+ * base 2^26. Complementary characteristic is how wide is the result of
+ * multiplication of pair of digits, e.g. it would take 128 bits to
+ * accommodate multiplication result in base 2^64 case. These are used
+ * interchangeably. To describe implementation that is. But interface
+ * is designed to isolate this so that low-level primitives implemented
+ * in assembly can be self-contained/self-coherent.
+ */
+#ifndef POLY1305_ASM
+/*
+ * Even though there is __int128 reference implementation targeting
+ * 64-bit platforms provided below, it's not obvious that it's optimal
+ * choice for every one of them. Depending on instruction set overall
+ * amount of instructions can be comparable to one in __int64
+ * implementation. Amount of multiplication instructions would be lower,
+ * but not necessarily overall. And in out-of-order execution context,
+ * it is the latter that can be crucial...
+ *
+ * On related note. Poly1305 author, D. J. Bernstein, discusses and
+ * provides floating-point implementations of the algorithm in question.
+ * It made a lot of sense by the time of introduction, because most
+ * then-modern processors didn't have pipelined integer multiplier.
+ * [Not to mention that some had non-constant timing for integer
+ * multiplications.] Floating-point instructions on the other hand could
+ * be issued every cycle, which allowed to achieve better performance.
+ * Nowadays, with SIMD and/or out-or-order execution, shared or
+ * even emulated FPU, it's more complicated, and floating-point
+ * implementation is not necessarily optimal choice in every situation,
+ * rather contrary...
+ *
+ *                                              <appro@openssl.org>
+ */
+
+typedef unsigned int u32;
+
+/*
+ * poly1305_blocks processes a multiple of POLY1305_BLOCK_SIZE blocks
+ * of |inp| no longer than |len|. Behaviour for |len| not divisible by
+ * block size is unspecified in general case, even though in reference
+ * implementation the trailing chunk is simply ignored. Per algorithm
+ * specification, every input block, complete or last partial, is to be
+ * padded with a bit past most significant byte. The latter kind is then
+ * padded with zeros till block size. This last partial block padding
+ * is caller(*)'s responsibility, and because of this the last partial
+ * block is always processed with separate call with |len| set to
+ * POLY1305_BLOCK_SIZE and |padbit| to 0. In all other cases |padbit|
+ * should be set to 1 to perform implicit padding with 128th bit.
+ * poly1305_blocks does not actually check for this constraint though,
+ * it's caller(*)'s responsibility to comply.
+ *
+ * (*)  In the context "caller" is not application code, but higher
+ *      level Poly1305_* from this very module, so that quirks are
+ *      handled locally.
+ */
+static void
+poly1305_blocks(void *ctx, const unsigned char *inp, size_t len, u32 padbit);
+
+/*
+ * Type-agnostic "rip-off" from constant_time_locl.h
+ */
+# define CONSTANT_TIME_CARRY(a,b) ( \
+         (a ^ ((a ^ b) | ((a - b) ^ b))) >> (sizeof(a) * 8 - 1) \
+         )
+
+# if (defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16) && \
+     (defined(__SIZEOF_LONG__) && __SIZEOF_LONG__==8)
+
+typedef unsigned long u64;
+typedef __uint128_t u128;
+
+typedef struct {
+    u64 h[3];
+    u64 r[2];
+} poly1305_internal;
+
+/* pick 32-bit unsigned integer in little endian order */
+static u64 U8TOU64(const unsigned char *p)
+{
+    return (((u64)(p[0] & 0xff)) |
+            ((u64)(p[1] & 0xff) << 8) |
+            ((u64)(p[2] & 0xff) << 16) |
+            ((u64)(p[3] & 0xff) << 24) |
+            ((u64)(p[4] & 0xff) << 32) |
+            ((u64)(p[5] & 0xff) << 40) |
+            ((u64)(p[6] & 0xff) << 48) |
+            ((u64)(p[7] & 0xff) << 56));
+}
+
+/* store a 32-bit unsigned integer in little endian */
+static void U64TO8(unsigned char *p, u64 v)
+{
+    p[0] = (unsigned char)((v) & 0xff);
+    p[1] = (unsigned char)((v >> 8) & 0xff);
+    p[2] = (unsigned char)((v >> 16) & 0xff);
+    p[3] = (unsigned char)((v >> 24) & 0xff);
+    p[4] = (unsigned char)((v >> 32) & 0xff);
+    p[5] = (unsigned char)((v >> 40) & 0xff);
+    p[6] = (unsigned char)((v >> 48) & 0xff);
+    p[7] = (unsigned char)((v >> 56) & 0xff);
+}
+
+static void poly1305_init(void *ctx, const unsigned char key[16])
+{
+    poly1305_internal *st = (poly1305_internal *) ctx;
+
+    /* h = 0 */
+    st->h[0] = 0;
+    st->h[1] = 0;
+    st->h[2] = 0;
+
+    /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */
+    st->r[0] = U8TOU64(&key[0]) & 0x0ffffffc0fffffff;
+    st->r[1] = U8TOU64(&key[8]) & 0x0ffffffc0ffffffc;
+}
+
+static void
+poly1305_blocks(void *ctx, const unsigned char *inp, size_t len, u32 padbit)
+{
+    poly1305_internal *st = (poly1305_internal *)ctx;
+    u64 r0, r1;
+    u64 s1;
+    u64 h0, h1, h2, c;
+    u128 d0, d1;
+
+    r0 = st->r[0];
+    r1 = st->r[1];
+
+    s1 = r1 + (r1 >> 2);
+
+    h0 = st->h[0];
+    h1 = st->h[1];
+    h2 = st->h[2];
+
+    while (len >= POLY1305_BLOCK_SIZE) {
+        /* h += m[i] */
+        h0 = (u64)(d0 = (u128)h0 + U8TOU64(inp + 0));
+        h1 = (u64)(d1 = (u128)h1 + (d0 >> 64) + U8TOU64(inp + 8));
+        /*
+         * padbit can be zero only when original len was
+         * POLY1306_BLOCK_SIZE, but we don't check
+         */
+        h2 += (u64)(d1 >> 64) + padbit;
+
+        /* h *= r "%" p, where "%" stands for "partial remainder" */
+        d0 = ((u128)h0 * r0) +
+             ((u128)h1 * s1);
+        d1 = ((u128)h0 * r1) +
+             ((u128)h1 * r0) +
+             (h2 * s1);
+        h2 = (h2 * r0);
+
+        /* last reduction step: */
+        /* a) h2:h0 = h2<<128 + d1<<64 + d0 */
+        h0 = (u64)d0;
+        h1 = (u64)(d1 += d0 >> 64);
+        h2 += (u64)(d1 >> 64);
+        /* b) (h2:h0 += (h2:h0>>130) * 5) %= 2^130 */
+        c = (h2 >> 2) + (h2 & ~3UL);
+        h2 &= 3;
+        h0 += c;
+        h1 += (c = CONSTANT_TIME_CARRY(h0,c));
+        h2 += CONSTANT_TIME_CARRY(h1,c);
+        /*
+         * Occasional overflows to 3rd bit of h2 are taken care of
+         * "naturally". If after this point we end up at the top of
+         * this loop, then the overflow bit will be accounted for
+         * in next iteration. If we end up in poly1305_emit, then
+         * comparison to modulus below will still count as "carry
+         * into 131st bit", so that properly reduced value will be
+         * picked in conditional move.
+         */
+
+        inp += POLY1305_BLOCK_SIZE;
+        len -= POLY1305_BLOCK_SIZE;
+    }
+
+    st->h[0] = h0;
+    st->h[1] = h1;
+    st->h[2] = h2;
+}
+
+static void poly1305_emit(void *ctx, unsigned char mac[16],
+                          const u32 nonce[4])
+{
+    poly1305_internal *st = (poly1305_internal *) ctx;
+    u64 h0, h1, h2;
+    u64 g0, g1, g2;
+    u128 t;
+    u64 mask;
+
+    h0 = st->h[0];
+    h1 = st->h[1];
+    h2 = st->h[2];
+
+    /* compare to modulus by computing h + -p */
+    g0 = (u64)(t = (u128)h0 + 5);
+    g1 = (u64)(t = (u128)h1 + (t >> 64));
+    g2 = h2 + (u64)(t >> 64);
+
+    /* if there was carry into 131st bit, h1:h0 = g1:g0 */
+    mask = 0 - (g2 >> 2);
+    g0 &= mask;
+    g1 &= mask;
+    mask = ~mask;
+    h0 = (h0 & mask) | g0;
+    h1 = (h1 & mask) | g1;
+
+    /* mac = (h + nonce) % (2^128) */
+    h0 = (u64)(t = (u128)h0 + nonce[0] + ((u64)nonce[1]<<32));
+    h1 = (u64)(t = (u128)h1 + nonce[2] + ((u64)nonce[3]<<32) + (t >> 64));
+
+    U64TO8(mac + 0, h0);
+    U64TO8(mac + 8, h1);
+}
+
+# else
+
+#  if defined(_WIN32) && !defined(__MINGW32__)
+typedef unsigned __int64 u64;
+#  elif defined(__arch64__)
+typedef unsigned long u64;
+#  else
+typedef unsigned long long u64;
+#  endif
+
+typedef struct {
+    u32 h[5];
+    u32 r[4];
+} poly1305_internal;
+
+/* store a 32-bit unsigned integer in little endian */
+static void U32TO8(unsigned char *p, unsigned int v)
+{
+    p[0] = (unsigned char)((v) & 0xff);
+    p[1] = (unsigned char)((v >> 8) & 0xff);
+    p[2] = (unsigned char)((v >> 16) & 0xff);
+    p[3] = (unsigned char)((v >> 24) & 0xff);
+}
+
+static void poly1305_init(void *ctx, const unsigned char key[16])
+{
+    poly1305_internal *st = (poly1305_internal *) ctx;
+
+    /* h = 0 */
+    st->h[0] = 0;
+    st->h[1] = 0;
+    st->h[2] = 0;
+    st->h[3] = 0;
+    st->h[4] = 0;
+
+    /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */
+    st->r[0] = U8TOU32(&key[0]) & 0x0fffffff;
+    st->r[1] = U8TOU32(&key[4]) & 0x0ffffffc;
+    st->r[2] = U8TOU32(&key[8]) & 0x0ffffffc;
+    st->r[3] = U8TOU32(&key[12]) & 0x0ffffffc;
+}
+
+static void
+poly1305_blocks(void *ctx, const unsigned char *inp, size_t len, u32 padbit)
+{
+    poly1305_internal *st = (poly1305_internal *)ctx;
+    u32 r0, r1, r2, r3;
+    u32 s1, s2, s3;
+    u32 h0, h1, h2, h3, h4, c;
+    u64 d0, d1, d2, d3;
+
+    r0 = st->r[0];
+    r1 = st->r[1];
+    r2 = st->r[2];
+    r3 = st->r[3];
+
+    s1 = r1 + (r1 >> 2);
+    s2 = r2 + (r2 >> 2);
+    s3 = r3 + (r3 >> 2);
+
+    h0 = st->h[0];
+    h1 = st->h[1];
+    h2 = st->h[2];
+    h3 = st->h[3];
+    h4 = st->h[4];
+
+    while (len >= POLY1305_BLOCK_SIZE) {
+        /* h += m[i] */
+        h0 = (u32)(d0 = (u64)h0 + U8TOU32(inp + 0));
+        h1 = (u32)(d1 = (u64)h1 + (d0 >> 32) + U8TOU32(inp + 4));
+        h2 = (u32)(d2 = (u64)h2 + (d1 >> 32) + U8TOU32(inp + 8));
+        h3 = (u32)(d3 = (u64)h3 + (d2 >> 32) + U8TOU32(inp + 12));
+        h4 += (u32)(d3 >> 32) + padbit;
+
+        /* h *= r "%" p, where "%" stands for "partial remainder" */
+        d0 = ((u64)h0 * r0) +
+             ((u64)h1 * s3) +
+             ((u64)h2 * s2) +
+             ((u64)h3 * s1);
+        d1 = ((u64)h0 * r1) +
+             ((u64)h1 * r0) +
+             ((u64)h2 * s3) +
+             ((u64)h3 * s2) +
+             (h4 * s1);
+        d2 = ((u64)h0 * r2) +
+             ((u64)h1 * r1) +
+             ((u64)h2 * r0) +
+             ((u64)h3 * s3) +
+             (h4 * s2);
+        d3 = ((u64)h0 * r3) +
+             ((u64)h1 * r2) +
+             ((u64)h2 * r1) +
+             ((u64)h3 * r0) +
+             (h4 * s3);
+        h4 = (h4 * r0);
+
+        /* last reduction step: */
+        /* a) h4:h0 = h4<<128 + d3<<96 + d2<<64 + d1<<32 + d0 */
+        h0 = (u32)d0;
+        h1 = (u32)(d1 += d0 >> 32);
+        h2 = (u32)(d2 += d1 >> 32);
+        h3 = (u32)(d3 += d2 >> 32);
+        h4 += (u32)(d3 >> 32);
+        /* b) (h4:h0 += (h4:h0>>130) * 5) %= 2^130 */
+        c = (h4 >> 2) + (h4 & ~3U);
+        h4 &= 3;
+        h0 += c;
+        h1 += (c = CONSTANT_TIME_CARRY(h0,c));
+        h2 += (c = CONSTANT_TIME_CARRY(h1,c));
+        h3 += (c = CONSTANT_TIME_CARRY(h2,c));
+        h4 += CONSTANT_TIME_CARRY(h3,c);
+        /*
+         * Occasional overflows to 3rd bit of h4 are taken care of
+         * "naturally". If after this point we end up at the top of
+         * this loop, then the overflow bit will be accounted for
+         * in next iteration. If we end up in poly1305_emit, then
+         * comparison to modulus below will still count as "carry
+         * into 131st bit", so that properly reduced value will be
+         * picked in conditional move.
+         */
+
+        inp += POLY1305_BLOCK_SIZE;
+        len -= POLY1305_BLOCK_SIZE;
+    }
+
+    st->h[0] = h0;
+    st->h[1] = h1;
+    st->h[2] = h2;
+    st->h[3] = h3;
+    st->h[4] = h4;
+}
+
+static void poly1305_emit(void *ctx, unsigned char mac[16],
+                          const u32 nonce[4])
+{
+    poly1305_internal *st = (poly1305_internal *) ctx;
+    u32 h0, h1, h2, h3, h4;
+    u32 g0, g1, g2, g3, g4;
+    u64 t;
+    u32 mask;
+
+    h0 = st->h[0];
+    h1 = st->h[1];
+    h2 = st->h[2];
+    h3 = st->h[3];
+    h4 = st->h[4];
+
+    /* compare to modulus by computing h + -p */
+    g0 = (u32)(t = (u64)h0 + 5);
+    g1 = (u32)(t = (u64)h1 + (t >> 32));
+    g2 = (u32)(t = (u64)h2 + (t >> 32));
+    g3 = (u32)(t = (u64)h3 + (t >> 32));
+    g4 = h4 + (u32)(t >> 32);
+
+    /* if there was carry into 131st bit, h3:h0 = g3:g0 */
+    mask = 0 - (g4 >> 2);
+    g0 &= mask;
+    g1 &= mask;
+    g2 &= mask;
+    g3 &= mask;
+    mask = ~mask;
+    h0 = (h0 & mask) | g0;
+    h1 = (h1 & mask) | g1;
+    h2 = (h2 & mask) | g2;
+    h3 = (h3 & mask) | g3;
+
+    /* mac = (h + nonce) % (2^128) */
+    h0 = (u32)(t = (u64)h0 + nonce[0]);
+    h1 = (u32)(t = (u64)h1 + (t >> 32) + nonce[1]);
+    h2 = (u32)(t = (u64)h2 + (t >> 32) + nonce[2]);
+    h3 = (u32)(t = (u64)h3 + (t >> 32) + nonce[3]);
+
+    U32TO8(mac + 0, h0);
+    U32TO8(mac + 4, h1);
+    U32TO8(mac + 8, h2);
+    U32TO8(mac + 12, h3);
+}
+# endif
+#else
+int poly1305_init(void *ctx, const unsigned char key[16], void *func);
+void poly1305_blocks(void *ctx, const unsigned char *inp, size_t len,
+                     unsigned int padbit);
+void poly1305_emit(void *ctx, unsigned char mac[16],
+                   const unsigned int nonce[4]);
+#endif
+
+void Poly1305_Init(POLY1305 *ctx, const unsigned char key[32])
+{
+    ctx->nonce[0] = U8TOU32(&key[16]);
+    ctx->nonce[1] = U8TOU32(&key[20]);
+    ctx->nonce[2] = U8TOU32(&key[24]);
+    ctx->nonce[3] = U8TOU32(&key[28]);
+
+#ifndef POLY1305_ASM
+    poly1305_init(ctx->opaque, key);
+#else
+    /*
+     * Unlike reference poly1305_init assembly counterpart is expected
+     * to return a value: non-zero if it initializes ctx->func, and zero
+     * otherwise. Latter is to simplify assembly in cases when there no
+     * multiple code paths to switch between.
+     */
+    if (!poly1305_init(ctx->opaque, key, &ctx->func)) {
+        ctx->func.blocks = poly1305_blocks;
+        ctx->func.emit = poly1305_emit;
+    }
+#endif
+
+    ctx->num = 0;
+
+}
+
+#ifdef POLY1305_ASM
+/*
+ * This "eclipses" poly1305_blocks and poly1305_emit, but it's
+ * conscious choice imposed by -Wshadow compiler warnings.
+ */
+# define poly1305_blocks (*poly1305_blocks_p)
+# define poly1305_emit   (*poly1305_emit_p)
+#endif
+
+void Poly1305_Update(POLY1305 *ctx, const unsigned char *inp, size_t len)
+{
+#ifdef POLY1305_ASM
+    /*
+     * As documented, poly1305_blocks is never called with input
+     * longer than single block and padbit argument set to 0. This
+     * property is fluently used in assembly modules to optimize
+     * padbit handling on loop boundary.
+     */
+    poly1305_blocks_f poly1305_blocks_p = ctx->func.blocks;
+#endif
+    size_t rem, num;
+
+    if ((num = ctx->num)) {
+        rem = POLY1305_BLOCK_SIZE - num;
+        if (len >= rem) {
+            memcpy(ctx->data + num, inp, rem);
+            poly1305_blocks(ctx->opaque, ctx->data, POLY1305_BLOCK_SIZE, 1);
+            inp += rem;
+            len -= rem;
+        } else {
+            /* Still not enough data to process a block. */
+            memcpy(ctx->data + num, inp, len);
+            ctx->num = num + len;
+            return;
+        }
+    }
+
+    rem = len % POLY1305_BLOCK_SIZE;
+    len -= rem;
+
+    if (len >= POLY1305_BLOCK_SIZE) {
+        poly1305_blocks(ctx->opaque, inp, len, 1);
+        inp += len;
+    }
+
+    if (rem)
+        memcpy(ctx->data, inp, rem);
+
+    ctx->num = rem;
+}
+
+void Poly1305_Final(POLY1305 *ctx, unsigned char mac[16])
+{
+#ifdef POLY1305_ASM
+    poly1305_blocks_f poly1305_blocks_p = ctx->func.blocks;
+    poly1305_emit_f poly1305_emit_p = ctx->func.emit;
+#endif
+    size_t num;
+
+    if ((num = ctx->num)) {
+        ctx->data[num++] = 1;   /* pad bit */
+        while (num < POLY1305_BLOCK_SIZE)
+            ctx->data[num++] = 0;
+        poly1305_blocks(ctx->opaque, ctx->data, POLY1305_BLOCK_SIZE, 0);
+    }
+
+    poly1305_emit(ctx->opaque, mac, ctx->nonce);
+
+    /* zero out the state */
+    OPENSSL_cleanse(ctx, sizeof(*ctx));
+}
diff --git a/freebsd/crypto/openssl/crypto/poly1305/poly1305_ameth.c b/freebsd/crypto/openssl/crypto/poly1305/poly1305_ameth.c
new file mode 100644
index 00000000..71c791c2
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/poly1305/poly1305_ameth.c
@@ -0,0 +1,124 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include "internal/asn1_int.h"
+#include "internal/poly1305.h"
+#include "poly1305_local.h"
+#include "internal/evp_int.h"
+
+/*
+ * POLY1305 "ASN1" method. This is just here to indicate the maximum
+ * POLY1305 output length and to free up a POLY1305 key.
+ */
+
+static int poly1305_size(const EVP_PKEY *pkey)
+{
+    return POLY1305_DIGEST_SIZE;
+}
+
+static void poly1305_key_free(EVP_PKEY *pkey)
+{
+    ASN1_OCTET_STRING *os = EVP_PKEY_get0(pkey);
+    if (os != NULL) {
+        if (os->data != NULL)
+            OPENSSL_cleanse(os->data, os->length);
+        ASN1_OCTET_STRING_free(os);
+    }
+}
+
+static int poly1305_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+{
+    /* nothing, (including ASN1_PKEY_CTRL_DEFAULT_MD_NID), is supported */
+    return -2;
+}
+
+static int poly1305_pkey_public_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+    return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b));
+}
+
+static int poly1305_set_priv_key(EVP_PKEY *pkey, const unsigned char *priv,
+                                 size_t len)
+{
+    ASN1_OCTET_STRING *os;
+
+    if (pkey->pkey.ptr != NULL || len != POLY1305_KEY_SIZE)
+        return 0;
+
+    os = ASN1_OCTET_STRING_new();
+    if (os == NULL)
+        return 0;
+
+    if (!ASN1_OCTET_STRING_set(os, priv, len)) {
+        ASN1_OCTET_STRING_free(os);
+        return 0;
+    }
+
+    pkey->pkey.ptr = os;
+    return 1;
+}
+
+static int poly1305_get_priv_key(const EVP_PKEY *pkey, unsigned char *priv,
+                                 size_t *len)
+{
+    ASN1_OCTET_STRING *os = (ASN1_OCTET_STRING *)pkey->pkey.ptr;
+
+    if (priv == NULL) {
+        *len = POLY1305_KEY_SIZE;
+        return 1;
+    }
+
+    if (os == NULL || *len < POLY1305_KEY_SIZE)
+        return 0;
+
+    memcpy(priv, ASN1_STRING_get0_data(os), ASN1_STRING_length(os));
+    *len = POLY1305_KEY_SIZE;
+
+    return 1;
+}
+
+const EVP_PKEY_ASN1_METHOD poly1305_asn1_meth = {
+    EVP_PKEY_POLY1305,
+    EVP_PKEY_POLY1305,
+    0,
+
+    "POLY1305",
+    "OpenSSL POLY1305 method",
+
+    0, 0, poly1305_pkey_public_cmp, 0,
+
+    0, 0, 0,
+
+    poly1305_size,
+    0, 0,
+    0, 0, 0, 0, 0, 0, 0,
+
+    poly1305_key_free,
+    poly1305_pkey_ctrl,
+    NULL,
+    NULL,
+
+    NULL,
+    NULL,
+    NULL,
+
+    NULL,
+    NULL,
+    NULL,
+
+    poly1305_set_priv_key,
+    NULL,
+    poly1305_get_priv_key,
+    NULL,
+};
diff --git a/freebsd/crypto/openssl/crypto/poly1305/poly1305_local.h b/freebsd/crypto/openssl/crypto/poly1305/poly1305_local.h
new file mode 100644
index 00000000..6d4d9dc5
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/poly1305/poly1305_local.h
@@ -0,0 +1,27 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+typedef void (*poly1305_blocks_f) (void *ctx, const unsigned char *inp,
+                                   size_t len, unsigned int padbit);
+typedef void (*poly1305_emit_f) (void *ctx, unsigned char mac[16],
+                                 const unsigned int nonce[4]);
+
+struct poly1305_context {
+    double opaque[24];  /* large enough to hold internal state, declared
+                         * 'double' to ensure at least 64-bit invariant
+                         * alignment across all platforms and
+                         * configurations */
+    unsigned int nonce[4];
+    unsigned char data[POLY1305_BLOCK_SIZE];
+    size_t num;
+    struct {
+        poly1305_blocks_f blocks;
+        poly1305_emit_f emit;
+    } func;
+};
diff --git a/freebsd/crypto/openssl/crypto/poly1305/poly1305_pmeth.c b/freebsd/crypto/openssl/crypto/poly1305/poly1305_pmeth.c
new file mode 100644
index 00000000..54f7a8b0
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/poly1305/poly1305_pmeth.c
@@ -0,0 +1,196 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include "internal/poly1305.h"
+#include "poly1305_local.h"
+#include "internal/evp_int.h"
+
+/* POLY1305 pkey context structure */
+
+typedef struct {
+    ASN1_OCTET_STRING ktmp;     /* Temp storage for key */
+    POLY1305 ctx;
+} POLY1305_PKEY_CTX;
+
+static int pkey_poly1305_init(EVP_PKEY_CTX *ctx)
+{
+    POLY1305_PKEY_CTX *pctx;
+
+    if ((pctx = OPENSSL_zalloc(sizeof(*pctx))) == NULL) {
+        CRYPTOerr(CRYPTO_F_PKEY_POLY1305_INIT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    pctx->ktmp.type = V_ASN1_OCTET_STRING;
+
+    EVP_PKEY_CTX_set_data(ctx, pctx);
+    EVP_PKEY_CTX_set0_keygen_info(ctx, NULL, 0);
+    return 1;
+}
+
+static void pkey_poly1305_cleanup(EVP_PKEY_CTX *ctx)
+{
+    POLY1305_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(ctx);
+
+    if (pctx != NULL) {
+        OPENSSL_clear_free(pctx->ktmp.data, pctx->ktmp.length);
+        OPENSSL_clear_free(pctx, sizeof(*pctx));
+        EVP_PKEY_CTX_set_data(ctx, NULL);
+    }
+}
+
+static int pkey_poly1305_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
+{
+    POLY1305_PKEY_CTX *sctx, *dctx;
+
+    /* allocate memory for dst->data and a new POLY1305_CTX in dst->data->ctx */
+    if (!pkey_poly1305_init(dst))
+        return 0;
+    sctx = EVP_PKEY_CTX_get_data(src);
+    dctx = EVP_PKEY_CTX_get_data(dst);
+    if (ASN1_STRING_get0_data(&sctx->ktmp) != NULL &&
+        !ASN1_STRING_copy(&dctx->ktmp, &sctx->ktmp)) {
+        /* cleanup and free the POLY1305_PKEY_CTX in dst->data */
+        pkey_poly1305_cleanup(dst);
+        return 0;
+    }
+    memcpy(&dctx->ctx, &sctx->ctx, sizeof(POLY1305));
+    return 1;
+}
+
+static int pkey_poly1305_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+    ASN1_OCTET_STRING *key;
+    POLY1305_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(ctx);
+
+    if (ASN1_STRING_get0_data(&pctx->ktmp) == NULL)
+        return 0;
+    key = ASN1_OCTET_STRING_dup(&pctx->ktmp);
+    if (key == NULL)
+        return 0;
+    return EVP_PKEY_assign_POLY1305(pkey, key);
+}
+
+static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    POLY1305_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(EVP_MD_CTX_pkey_ctx(ctx));
+
+    Poly1305_Update(&pctx->ctx, data, count);
+    return 1;
+}
+
+static int poly1305_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
+{
+    POLY1305_PKEY_CTX *pctx = ctx->data;
+    ASN1_OCTET_STRING *key = (ASN1_OCTET_STRING *)ctx->pkey->pkey.ptr;
+
+    if (key->length != POLY1305_KEY_SIZE)
+        return 0;
+    EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT);
+    EVP_MD_CTX_set_update_fn(mctx, int_update);
+    Poly1305_Init(&pctx->ctx, key->data);
+    return 1;
+}
+static int poly1305_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                            EVP_MD_CTX *mctx)
+{
+    POLY1305_PKEY_CTX *pctx = ctx->data;
+
+    *siglen = POLY1305_DIGEST_SIZE;
+    if (sig != NULL)
+        Poly1305_Final(&pctx->ctx, sig);
+    return 1;
+}
+
+static int pkey_poly1305_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    POLY1305_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(ctx);
+    const unsigned char *key;
+    size_t len;
+
+    switch (type) {
+
+    case EVP_PKEY_CTRL_MD:
+        /* ignore */
+        break;
+
+    case EVP_PKEY_CTRL_SET_MAC_KEY:
+    case EVP_PKEY_CTRL_DIGESTINIT:
+        if (type == EVP_PKEY_CTRL_SET_MAC_KEY) {
+            /* user explicitly setting the key */
+            key = p2;
+            len = p1;
+        } else {
+            /* user indirectly setting the key via EVP_DigestSignInit */
+            key = EVP_PKEY_get0_poly1305(EVP_PKEY_CTX_get0_pkey(ctx), &len);
+        }
+        if (key == NULL || len != POLY1305_KEY_SIZE ||
+            !ASN1_OCTET_STRING_set(&pctx->ktmp, key, len))
+            return 0;
+        Poly1305_Init(&pctx->ctx, ASN1_STRING_get0_data(&pctx->ktmp));
+        break;
+
+    default:
+        return -2;
+
+    }
+    return 1;
+}
+
+static int pkey_poly1305_ctrl_str(EVP_PKEY_CTX *ctx,
+                                  const char *type, const char *value)
+{
+    if (value == NULL)
+        return 0;
+    if (strcmp(type, "key") == 0)
+        return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value);
+    if (strcmp(type, "hexkey") == 0)
+        return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value);
+    return -2;
+}
+
+const EVP_PKEY_METHOD poly1305_pkey_meth = {
+    EVP_PKEY_POLY1305,
+    EVP_PKEY_FLAG_SIGCTX_CUSTOM, /* we don't deal with a separate MD */
+    pkey_poly1305_init,
+    pkey_poly1305_copy,
+    pkey_poly1305_cleanup,
+
+    0, 0,
+
+    0,
+    pkey_poly1305_keygen,
+
+    0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    poly1305_signctx_init,
+    poly1305_signctx,
+
+    0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    pkey_poly1305_ctrl,
+    pkey_poly1305_ctrl_str
+};
diff --git a/freebsd/crypto/openssl/crypto/ppc_arch.h b/freebsd/crypto/openssl/crypto/ppc_arch.h
index b50ec996..65cf96fc 100644
--- a/freebsd/crypto/openssl/crypto/ppc_arch.h
+++ b/freebsd/crypto/openssl/crypto/ppc_arch.h
@@ -1,10 +1,26 @@
-#ifndef __PPC_ARCH_H__
-# define __PPC_ARCH_H__
+/*
+ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_PPC_ARCH_H
+# define HEADER_PPC_ARCH_H
 
 extern unsigned int OPENSSL_ppccap_P;
 
+/*
+ * Flags' usage can appear ambiguous, because they are set rather
+ * to reflect OpenSSL performance preferences than actual processor
+ * capabilities.
+ */
 # define PPC_FPU64       (1<<0)
 # define PPC_ALTIVEC     (1<<1)
 # define PPC_CRYPTO207   (1<<2)
+# define PPC_FPU         (1<<3)
+# define PPC_MADD300     (1<<4)
 
 #endif
diff --git a/freebsd/crypto/openssl/crypto/ppccap.c b/freebsd/crypto/openssl/crypto/ppccap.c
deleted file mode 100644
index 01046dd0..00000000
--- a/freebsd/crypto/openssl/crypto/ppccap.c
+++ /dev/null
@@ -1,185 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <setjmp.h>
-#include <signal.h>
-#include <unistd.h>
-#if defined(__linux) || defined(_AIX)
-# include <sys/utsname.h>
-#endif
-#if defined(__APPLE__) && defined(__MACH__)
-# include <sys/types.h>
-# include <sys/sysctl.h>
-#endif
-#include <openssl/crypto.h>
-#include <openssl/bn.h>
-
-#include "ppc_arch.h"
-
-unsigned int OPENSSL_ppccap_P = 0;
-
-static sigset_t all_masked;
-
-#ifdef OPENSSL_BN_ASM_MONT
-int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
-                const BN_ULONG *np, const BN_ULONG *n0, int num)
-{
-    int bn_mul_mont_fpu64(BN_ULONG *rp, const BN_ULONG *ap,
-                          const BN_ULONG *bp, const BN_ULONG *np,
-                          const BN_ULONG *n0, int num);
-    int bn_mul_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
-                        const BN_ULONG *np, const BN_ULONG *n0, int num);
-
-    if (sizeof(size_t) == 4) {
-# if 1 || (defined(__APPLE__) && defined(__MACH__))
-        if (num >= 8 && (num & 3) == 0 && (OPENSSL_ppccap_P & PPC_FPU64))
-            return bn_mul_mont_fpu64(rp, ap, bp, np, n0, num);
-# else
-        /*
-         * boundary of 32 was experimentally determined on Linux 2.6.22,
-         * might have to be adjusted on AIX...
-         */
-        if (num >= 32 && (num & 3) == 0 && (OPENSSL_ppccap_P & PPC_FPU64)) {
-            sigset_t oset;
-            int ret;
-
-            sigprocmask(SIG_SETMASK, &all_masked, &oset);
-            ret = bn_mul_mont_fpu64(rp, ap, bp, np, n0, num);
-            sigprocmask(SIG_SETMASK, &oset, NULL);
-
-            return ret;
-        }
-# endif
-    } else if ((OPENSSL_ppccap_P & PPC_FPU64))
-        /*
-         * this is a "must" on POWER6, but run-time detection is not
-         * implemented yet...
-         */
-        return bn_mul_mont_fpu64(rp, ap, bp, np, n0, num);
-
-    return bn_mul_mont_int(rp, ap, bp, np, n0, num);
-}
-#endif
-
-void sha256_block_p8(void *ctx, const void *inp, size_t len);
-void sha256_block_ppc(void *ctx, const void *inp, size_t len);
-void sha256_block_data_order(void *ctx, const void *inp, size_t len)
-{
-    OPENSSL_ppccap_P & PPC_CRYPTO207 ? sha256_block_p8(ctx, inp, len) :
-        sha256_block_ppc(ctx, inp, len);
-}
-
-void sha512_block_p8(void *ctx, const void *inp, size_t len);
-void sha512_block_ppc(void *ctx, const void *inp, size_t len);
-void sha512_block_data_order(void *ctx, const void *inp, size_t len)
-{
-    OPENSSL_ppccap_P & PPC_CRYPTO207 ? sha512_block_p8(ctx, inp, len) :
-        sha512_block_ppc(ctx, inp, len);
-}
-
-static sigjmp_buf ill_jmp;
-static void ill_handler(int sig)
-{
-    siglongjmp(ill_jmp, sig);
-}
-
-void OPENSSL_ppc64_probe(void);
-void OPENSSL_altivec_probe(void);
-void OPENSSL_crypto207_probe(void);
-
-void OPENSSL_cpuid_setup(void)
-{
-    char *e;
-    struct sigaction ill_oact, ill_act;
-    sigset_t oset;
-    static int trigger = 0;
-
-    if (trigger)
-        return;
-    trigger = 1;
-
-    sigfillset(&all_masked);
-    sigdelset(&all_masked, SIGILL);
-    sigdelset(&all_masked, SIGTRAP);
-#ifdef SIGEMT
-    sigdelset(&all_masked, SIGEMT);
-#endif
-    sigdelset(&all_masked, SIGFPE);
-    sigdelset(&all_masked, SIGBUS);
-    sigdelset(&all_masked, SIGSEGV);
-
-    if ((e = getenv("OPENSSL_ppccap"))) {
-        OPENSSL_ppccap_P = strtoul(e, NULL, 0);
-        return;
-    }
-
-    OPENSSL_ppccap_P = 0;
-
-#if defined(_AIX)
-    if (sizeof(size_t) == 4) {
-        struct utsname uts;
-# if defined(_SC_AIX_KERNEL_BITMODE)
-        if (sysconf(_SC_AIX_KERNEL_BITMODE) != 64)
-            return;
-# endif
-        if (uname(&uts) != 0 || atoi(uts.version) < 6)
-            return;
-    }
-#endif
-
-#if defined(__APPLE__) && defined(__MACH__)
-    {
-        int val;
-        size_t len = sizeof(val);
-
-        if (sysctlbyname("hw.optional.64bitops", &val, &len, NULL, 0) == 0) {
-            if (val)
-                OPENSSL_ppccap_P |= PPC_FPU64;
-        }
-
-        len = sizeof(val);
-        if (sysctlbyname("hw.optional.altivec", &val, &len, NULL, 0) == 0) {
-            if (val)
-                OPENSSL_ppccap_P |= PPC_ALTIVEC;
-        }
-
-        return;
-    }
-#endif
-
-    memset(&ill_act, 0, sizeof(ill_act));
-    ill_act.sa_handler = ill_handler;
-    ill_act.sa_mask = all_masked;
-
-    sigprocmask(SIG_SETMASK, &ill_act.sa_mask, &oset);
-    sigaction(SIGILL, &ill_act, &ill_oact);
-
-    if (sizeof(size_t) == 4) {
-#ifdef __linux
-        struct utsname uts;
-        if (uname(&uts) == 0 && strcmp(uts.machine, "ppc64") == 0)
-#endif
-            if (sigsetjmp(ill_jmp, 1) == 0) {
-                OPENSSL_ppc64_probe();
-                OPENSSL_ppccap_P |= PPC_FPU64;
-            }
-    } else {
-        /*
-         * Wanted code detecting POWER6 CPU and setting PPC_FPU64
-         */
-    }
-
-    if (sigsetjmp(ill_jmp, 1) == 0) {
-        OPENSSL_altivec_probe();
-        OPENSSL_ppccap_P |= PPC_ALTIVEC;
-        if (sigsetjmp(ill_jmp, 1) == 0) {
-            OPENSSL_crypto207_probe();
-            OPENSSL_ppccap_P |= PPC_CRYPTO207;
-        }
-    }
-
-    sigaction(SIGILL, &ill_oact, NULL);
-    sigprocmask(SIG_SETMASK, &oset, NULL);
-}
diff --git a/freebsd/crypto/openssl/crypto/pqueue/pq_test.c b/freebsd/crypto/openssl/crypto/pqueue/pq_test.c
deleted file mode 100644
index 5534f9f4..00000000
--- a/freebsd/crypto/openssl/crypto/pqueue/pq_test.c
+++ /dev/null
@@ -1,96 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/pqueue/pq_test.c */
-/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "pqueue.h"
-
-int main(void)
-{
-    pitem *item;
-    pqueue pq;
-
-    pq = pqueue_new();
-
-    item = pitem_new(3, NULL);
-    pqueue_insert(pq, item);
-
-    item = pitem_new(1, NULL);
-    pqueue_insert(pq, item);
-
-    item = pitem_new(2, NULL);
-    pqueue_insert(pq, item);
-
-    item = pqueue_find(pq, 1);
-    fprintf(stderr, "found %ld\n", item->priority);
-
-    item = pqueue_find(pq, 2);
-    fprintf(stderr, "found %ld\n", item->priority);
-
-    item = pqueue_find(pq, 3);
-    fprintf(stderr, "found %ld\n", item ? item->priority : 0);
-
-    pqueue_print(pq);
-
-    for (item = pqueue_pop(pq); item != NULL; item = pqueue_pop(pq))
-        pitem_free(item);
-
-    pqueue_free(pq);
-    return 0;
-}
diff --git a/freebsd/crypto/openssl/crypto/pqueue/pqueue.c b/freebsd/crypto/openssl/crypto/pqueue/pqueue.c
deleted file mode 100644
index 03edcdbb..00000000
--- a/freebsd/crypto/openssl/crypto/pqueue/pqueue.c
+++ /dev/null
@@ -1,237 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/pqueue/pqueue.c */
-/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include "pqueue.h"
-
-typedef struct _pqueue {
-    pitem *items;
-    int count;
-} pqueue_s;
-
-pitem *pitem_new(unsigned char *prio64be, void *data)
-{
-    pitem *item = (pitem *)OPENSSL_malloc(sizeof(pitem));
-    if (item == NULL)
-        return NULL;
-
-    memcpy(item->priority, prio64be, sizeof(item->priority));
-
-    item->data = data;
-    item->next = NULL;
-
-    return item;
-}
-
-void pitem_free(pitem *item)
-{
-    if (item == NULL)
-        return;
-
-    OPENSSL_free(item);
-}
-
-pqueue_s *pqueue_new()
-{
-    pqueue_s *pq = (pqueue_s *)OPENSSL_malloc(sizeof(pqueue_s));
-    if (pq == NULL)
-        return NULL;
-
-    memset(pq, 0x00, sizeof(pqueue_s));
-    return pq;
-}
-
-void pqueue_free(pqueue_s *pq)
-{
-    if (pq == NULL)
-        return;
-
-    OPENSSL_free(pq);
-}
-
-pitem *pqueue_insert(pqueue_s *pq, pitem *item)
-{
-    pitem *curr, *next;
-
-    if (pq->items == NULL) {
-        pq->items = item;
-        return item;
-    }
-
-    for (curr = NULL, next = pq->items;
-         next != NULL; curr = next, next = next->next) {
-        /*
-         * we can compare 64-bit value in big-endian encoding with memcmp:-)
-         */
-        int cmp = memcmp(next->priority, item->priority, 8);
-        if (cmp > 0) {          /* next > item */
-            item->next = next;
-
-            if (curr == NULL)
-                pq->items = item;
-            else
-                curr->next = item;
-
-            return item;
-        }
-
-        else if (cmp == 0)      /* duplicates not allowed */
-            return NULL;
-    }
-
-    item->next = NULL;
-    curr->next = item;
-
-    return item;
-}
-
-pitem *pqueue_peek(pqueue_s *pq)
-{
-    return pq->items;
-}
-
-pitem *pqueue_pop(pqueue_s *pq)
-{
-    pitem *item = pq->items;
-
-    if (pq->items != NULL)
-        pq->items = pq->items->next;
-
-    return item;
-}
-
-pitem *pqueue_find(pqueue_s *pq, unsigned char *prio64be)
-{
-    pitem *next;
-    pitem *found = NULL;
-
-    if (pq->items == NULL)
-        return NULL;
-
-    for (next = pq->items; next->next != NULL; next = next->next) {
-        if (memcmp(next->priority, prio64be, 8) == 0) {
-            found = next;
-            break;
-        }
-    }
-
-    /* check the one last node */
-    if (memcmp(next->priority, prio64be, 8) == 0)
-        found = next;
-
-    if (!found)
-        return NULL;
-
-#if 0                           /* find works in peek mode */
-    if (prev == NULL)
-        pq->items = next->next;
-    else
-        prev->next = next->next;
-#endif
-
-    return found;
-}
-
-void pqueue_print(pqueue_s *pq)
-{
-    pitem *item = pq->items;
-
-    while (item != NULL) {
-        printf("item\t%02x%02x%02x%02x%02x%02x%02x%02x\n",
-               item->priority[0], item->priority[1],
-               item->priority[2], item->priority[3],
-               item->priority[4], item->priority[5],
-               item->priority[6], item->priority[7]);
-        item = item->next;
-    }
-}
-
-pitem *pqueue_iterator(pqueue_s *pq)
-{
-    return pqueue_peek(pq);
-}
-
-pitem *pqueue_next(pitem **item)
-{
-    pitem *ret;
-
-    if (item == NULL || *item == NULL)
-        return NULL;
-
-    /* *item != NULL */
-    ret = *item;
-    *item = (*item)->next;
-
-    return ret;
-}
-
-int pqueue_size(pqueue_s *pq)
-{
-    pitem *item = pq->items;
-    int count = 0;
-
-    while (item != NULL) {
-        count++;
-        item = item->next;
-    }
-    return count;
-}
diff --git a/freebsd/crypto/openssl/crypto/pqueue/pqueue.h b/freebsd/crypto/openssl/crypto/pqueue/pqueue.h
deleted file mode 100644
index d40d9c7d..00000000
--- a/freebsd/crypto/openssl/crypto/pqueue/pqueue.h
+++ /dev/null
@@ -1,99 +0,0 @@
-/* crypto/pqueue/pqueue.h */
-/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_PQUEUE_H
-# define HEADER_PQUEUE_H
-
-# include <stdio.h>
-# include <stdlib.h>
-# include <string.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-typedef struct _pqueue *pqueue;
-
-typedef struct _pitem {
-    unsigned char priority[8];  /* 64-bit value in big-endian encoding */
-    void *data;
-    struct _pitem *next;
-} pitem;
-
-typedef struct _pitem *piterator;
-
-pitem *pitem_new(unsigned char *prio64be, void *data);
-void pitem_free(pitem *item);
-
-pqueue pqueue_new(void);
-void pqueue_free(pqueue pq);
-
-pitem *pqueue_insert(pqueue pq, pitem *item);
-pitem *pqueue_peek(pqueue pq);
-pitem *pqueue_pop(pqueue pq);
-pitem *pqueue_find(pqueue pq, unsigned char *prio64be);
-pitem *pqueue_iterator(pqueue pq);
-pitem *pqueue_next(piterator *iter);
-
-void pqueue_print(pqueue pq);
-int pqueue_size(pqueue pq);
-
-#ifdef  __cplusplus
-}
-#endif
-#endif                          /* ! HEADER_PQUEUE_H */
diff --git a/freebsd/crypto/openssl/crypto/rand/drbg_ctr.c b/freebsd/crypto/openssl/crypto/rand/drbg_ctr.c
new file mode 100644
index 00000000..eac95a4e
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/rand/drbg_ctr.c
@@ -0,0 +1,440 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#include "internal/thread_once.h"
+#include "internal/thread_once.h"
+#include "rand_lcl.h"
+/*
+ * Implementation of NIST SP 800-90A CTR DRBG.
+ */
+
+static void inc_128(RAND_DRBG_CTR *ctr)
+{
+    int i;
+    unsigned char c;
+    unsigned char *p = &ctr->V[15];
+
+    for (i = 0; i < 16; i++, p--) {
+        c = *p;
+        c++;
+        *p = c;
+        if (c != 0) {
+            /* If we didn't wrap around, we're done. */
+            break;
+        }
+    }
+}
+
+static void ctr_XOR(RAND_DRBG_CTR *ctr, const unsigned char *in, size_t inlen)
+{
+    size_t i, n;
+
+    if (in == NULL || inlen == 0)
+        return;
+
+    /*
+     * Any zero padding will have no effect on the result as we
+     * are XORing. So just process however much input we have.
+     */
+    n = inlen < ctr->keylen ? inlen : ctr->keylen;
+    for (i = 0; i < n; i++)
+        ctr->K[i] ^= in[i];
+    if (inlen <= ctr->keylen)
+        return;
+
+    n = inlen - ctr->keylen;
+    if (n > 16) {
+        /* Should never happen */
+        n = 16;
+    }
+    for (i = 0; i < n; i++)
+        ctr->V[i] ^= in[i + ctr->keylen];
+}
+
+/*
+ * Process a complete block using BCC algorithm of SP 800-90A 10.3.3
+ */
+__owur static int ctr_BCC_block(RAND_DRBG_CTR *ctr, unsigned char *out,
+                                const unsigned char *in)
+{
+    int i, outlen = AES_BLOCK_SIZE;
+
+    for (i = 0; i < 16; i++)
+        out[i] ^= in[i];
+
+    if (!EVP_CipherUpdate(ctr->ctx_df, out, &outlen, out, AES_BLOCK_SIZE)
+        || outlen != AES_BLOCK_SIZE)
+        return 0;
+    return 1;
+}
+
+
+/*
+ * Handle several BCC operations for as much data as we need for K and X
+ */
+__owur static int ctr_BCC_blocks(RAND_DRBG_CTR *ctr, const unsigned char *in)
+{
+    if (!ctr_BCC_block(ctr, ctr->KX, in)
+        || !ctr_BCC_block(ctr, ctr->KX + 16, in))
+        return 0;
+    if (ctr->keylen != 16 && !ctr_BCC_block(ctr, ctr->KX + 32, in))
+        return 0;
+    return 1;
+}
+
+/*
+ * Initialise BCC blocks: these have the value 0,1,2 in leftmost positions:
+ * see 10.3.1 stage 7.
+ */
+__owur static int ctr_BCC_init(RAND_DRBG_CTR *ctr)
+{
+    memset(ctr->KX, 0, 48);
+    memset(ctr->bltmp, 0, 16);
+    if (!ctr_BCC_block(ctr, ctr->KX, ctr->bltmp))
+        return 0;
+    ctr->bltmp[3] = 1;
+    if (!ctr_BCC_block(ctr, ctr->KX + 16, ctr->bltmp))
+        return 0;
+    if (ctr->keylen != 16) {
+        ctr->bltmp[3] = 2;
+        if (!ctr_BCC_block(ctr, ctr->KX + 32, ctr->bltmp))
+            return 0;
+    }
+    return 1;
+}
+
+/*
+ * Process several blocks into BCC algorithm, some possibly partial
+ */
+__owur static int ctr_BCC_update(RAND_DRBG_CTR *ctr,
+                                 const unsigned char *in, size_t inlen)
+{
+    if (in == NULL || inlen == 0)
+        return 1;
+
+    /* If we have partial block handle it first */
+    if (ctr->bltmp_pos) {
+        size_t left = 16 - ctr->bltmp_pos;
+
+        /* If we now have a complete block process it */
+        if (inlen >= left) {
+            memcpy(ctr->bltmp + ctr->bltmp_pos, in, left);
+            if (!ctr_BCC_blocks(ctr, ctr->bltmp))
+                return 0;
+            ctr->bltmp_pos = 0;
+            inlen -= left;
+            in += left;
+        }
+    }
+
+    /* Process zero or more complete blocks */
+    for (; inlen >= 16; in += 16, inlen -= 16) {
+        if (!ctr_BCC_blocks(ctr, in))
+            return 0;
+    }
+
+    /* Copy any remaining partial block to the temporary buffer */
+    if (inlen > 0) {
+        memcpy(ctr->bltmp + ctr->bltmp_pos, in, inlen);
+        ctr->bltmp_pos += inlen;
+    }
+    return 1;
+}
+
+__owur static int ctr_BCC_final(RAND_DRBG_CTR *ctr)
+{
+    if (ctr->bltmp_pos) {
+        memset(ctr->bltmp + ctr->bltmp_pos, 0, 16 - ctr->bltmp_pos);
+        if (!ctr_BCC_blocks(ctr, ctr->bltmp))
+            return 0;
+    }
+    return 1;
+}
+
+__owur static int ctr_df(RAND_DRBG_CTR *ctr,
+                         const unsigned char *in1, size_t in1len,
+                         const unsigned char *in2, size_t in2len,
+                         const unsigned char *in3, size_t in3len)
+{
+    static unsigned char c80 = 0x80;
+    size_t inlen;
+    unsigned char *p = ctr->bltmp;
+    int outlen = AES_BLOCK_SIZE;
+
+    if (!ctr_BCC_init(ctr))
+        return 0;
+    if (in1 == NULL)
+        in1len = 0;
+    if (in2 == NULL)
+        in2len = 0;
+    if (in3 == NULL)
+        in3len = 0;
+    inlen = in1len + in2len + in3len;
+    /* Initialise L||N in temporary block */
+    *p++ = (inlen >> 24) & 0xff;
+    *p++ = (inlen >> 16) & 0xff;
+    *p++ = (inlen >> 8) & 0xff;
+    *p++ = inlen & 0xff;
+
+    /* NB keylen is at most 32 bytes */
+    *p++ = 0;
+    *p++ = 0;
+    *p++ = 0;
+    *p = (unsigned char)((ctr->keylen + 16) & 0xff);
+    ctr->bltmp_pos = 8;
+    if (!ctr_BCC_update(ctr, in1, in1len)
+        || !ctr_BCC_update(ctr, in2, in2len)
+        || !ctr_BCC_update(ctr, in3, in3len)
+        || !ctr_BCC_update(ctr, &c80, 1)
+        || !ctr_BCC_final(ctr))
+        return 0;
+    /* Set up key K */
+    if (!EVP_CipherInit_ex(ctr->ctx, ctr->cipher, NULL, ctr->KX, NULL, 1))
+        return 0;
+    /* X follows key K */
+    if (!EVP_CipherUpdate(ctr->ctx, ctr->KX, &outlen, ctr->KX + ctr->keylen,
+                          AES_BLOCK_SIZE)
+        || outlen != AES_BLOCK_SIZE)
+        return 0;
+    if (!EVP_CipherUpdate(ctr->ctx, ctr->KX + 16, &outlen, ctr->KX,
+                          AES_BLOCK_SIZE)
+        || outlen != AES_BLOCK_SIZE)
+        return 0;
+    if (ctr->keylen != 16)
+        if (!EVP_CipherUpdate(ctr->ctx, ctr->KX + 32, &outlen, ctr->KX + 16,
+                              AES_BLOCK_SIZE)
+            || outlen != AES_BLOCK_SIZE)
+            return 0;
+    return 1;
+}
+
+/*
+ * NB the no-df Update in SP800-90A specifies a constant input length
+ * of seedlen, however other uses of this algorithm pad the input with
+ * zeroes if necessary and have up to two parameters XORed together,
+ * so we handle both cases in this function instead.
+ */
+__owur static int ctr_update(RAND_DRBG *drbg,
+                             const unsigned char *in1, size_t in1len,
+                             const unsigned char *in2, size_t in2len,
+                             const unsigned char *nonce, size_t noncelen)
+{
+    RAND_DRBG_CTR *ctr = &drbg->data.ctr;
+    int outlen = AES_BLOCK_SIZE;
+
+    /* correct key is already set up. */
+    inc_128(ctr);
+    if (!EVP_CipherUpdate(ctr->ctx, ctr->K, &outlen, ctr->V, AES_BLOCK_SIZE)
+        || outlen != AES_BLOCK_SIZE)
+        return 0;
+
+    /* If keylen longer than 128 bits need extra encrypt */
+    if (ctr->keylen != 16) {
+        inc_128(ctr);
+        if (!EVP_CipherUpdate(ctr->ctx, ctr->K+16, &outlen, ctr->V,
+                              AES_BLOCK_SIZE)
+            || outlen != AES_BLOCK_SIZE)
+            return 0;
+    }
+    inc_128(ctr);
+    if (!EVP_CipherUpdate(ctr->ctx, ctr->V, &outlen, ctr->V, AES_BLOCK_SIZE)
+        || outlen != AES_BLOCK_SIZE)
+        return 0;
+
+    /* If 192 bit key part of V is on end of K */
+    if (ctr->keylen == 24) {
+        memcpy(ctr->V + 8, ctr->V, 8);
+        memcpy(ctr->V, ctr->K + 24, 8);
+    }
+
+    if ((drbg->flags & RAND_DRBG_FLAG_CTR_NO_DF) == 0) {
+        /* If no input reuse existing derived value */
+        if (in1 != NULL || nonce != NULL || in2 != NULL)
+            if (!ctr_df(ctr, in1, in1len, nonce, noncelen, in2, in2len))
+                return 0;
+        /* If this a reuse input in1len != 0 */
+        if (in1len)
+            ctr_XOR(ctr, ctr->KX, drbg->seedlen);
+    } else {
+        ctr_XOR(ctr, in1, in1len);
+        ctr_XOR(ctr, in2, in2len);
+    }
+
+    if (!EVP_CipherInit_ex(ctr->ctx, ctr->cipher, NULL, ctr->K, NULL, 1))
+        return 0;
+    return 1;
+}
+
+__owur static int drbg_ctr_instantiate(RAND_DRBG *drbg,
+                                       const unsigned char *entropy, size_t entropylen,
+                                       const unsigned char *nonce, size_t noncelen,
+                                       const unsigned char *pers, size_t perslen)
+{
+    RAND_DRBG_CTR *ctr = &drbg->data.ctr;
+
+    if (entropy == NULL)
+        return 0;
+
+    memset(ctr->K, 0, sizeof(ctr->K));
+    memset(ctr->V, 0, sizeof(ctr->V));
+    if (!EVP_CipherInit_ex(ctr->ctx, ctr->cipher, NULL, ctr->K, NULL, 1))
+        return 0;
+    if (!ctr_update(drbg, entropy, entropylen, pers, perslen, nonce, noncelen))
+        return 0;
+    return 1;
+}
+
+__owur static int drbg_ctr_reseed(RAND_DRBG *drbg,
+                                  const unsigned char *entropy, size_t entropylen,
+                                  const unsigned char *adin, size_t adinlen)
+{
+    if (entropy == NULL)
+        return 0;
+    if (!ctr_update(drbg, entropy, entropylen, adin, adinlen, NULL, 0))
+        return 0;
+    return 1;
+}
+
+__owur static int drbg_ctr_generate(RAND_DRBG *drbg,
+                                    unsigned char *out, size_t outlen,
+                                    const unsigned char *adin, size_t adinlen)
+{
+    RAND_DRBG_CTR *ctr = &drbg->data.ctr;
+
+    if (adin != NULL && adinlen != 0) {
+        if (!ctr_update(drbg, adin, adinlen, NULL, 0, NULL, 0))
+            return 0;
+        /* This means we reuse derived value */
+        if ((drbg->flags & RAND_DRBG_FLAG_CTR_NO_DF) == 0) {
+            adin = NULL;
+            adinlen = 1;
+        }
+    } else {
+        adinlen = 0;
+    }
+
+    for ( ; ; ) {
+        int outl = AES_BLOCK_SIZE;
+
+        inc_128(ctr);
+        if (outlen < 16) {
+            /* Use K as temp space as it will be updated */
+            if (!EVP_CipherUpdate(ctr->ctx, ctr->K, &outl, ctr->V,
+                                  AES_BLOCK_SIZE)
+                || outl != AES_BLOCK_SIZE)
+                return 0;
+            memcpy(out, ctr->K, outlen);
+            break;
+        }
+        if (!EVP_CipherUpdate(ctr->ctx, out, &outl, ctr->V, AES_BLOCK_SIZE)
+            || outl != AES_BLOCK_SIZE)
+            return 0;
+        out += 16;
+        outlen -= 16;
+        if (outlen == 0)
+            break;
+    }
+
+    if (!ctr_update(drbg, adin, adinlen, NULL, 0, NULL, 0))
+        return 0;
+    return 1;
+}
+
+static int drbg_ctr_uninstantiate(RAND_DRBG *drbg)
+{
+    EVP_CIPHER_CTX_free(drbg->data.ctr.ctx);
+    EVP_CIPHER_CTX_free(drbg->data.ctr.ctx_df);
+    OPENSSL_cleanse(&drbg->data.ctr, sizeof(drbg->data.ctr));
+    return 1;
+}
+
+static RAND_DRBG_METHOD drbg_ctr_meth = {
+    drbg_ctr_instantiate,
+    drbg_ctr_reseed,
+    drbg_ctr_generate,
+    drbg_ctr_uninstantiate
+};
+
+int drbg_ctr_init(RAND_DRBG *drbg)
+{
+    RAND_DRBG_CTR *ctr = &drbg->data.ctr;
+    size_t keylen;
+
+    switch (drbg->type) {
+    default:
+        /* This can't happen, but silence the compiler warning. */
+        return 0;
+    case NID_aes_128_ctr:
+        keylen = 16;
+        ctr->cipher = EVP_aes_128_ecb();
+        break;
+    case NID_aes_192_ctr:
+        keylen = 24;
+        ctr->cipher = EVP_aes_192_ecb();
+        break;
+    case NID_aes_256_ctr:
+        keylen = 32;
+        ctr->cipher = EVP_aes_256_ecb();
+        break;
+    }
+
+    drbg->meth = &drbg_ctr_meth;
+
+    ctr->keylen = keylen;
+    if (ctr->ctx == NULL)
+        ctr->ctx = EVP_CIPHER_CTX_new();
+    if (ctr->ctx == NULL)
+        return 0;
+    drbg->strength = keylen * 8;
+    drbg->seedlen = keylen + 16;
+
+    if ((drbg->flags & RAND_DRBG_FLAG_CTR_NO_DF) == 0) {
+        /* df initialisation */
+        static const unsigned char df_key[32] = {
+            0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
+            0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,
+            0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,
+            0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f
+        };
+
+        if (ctr->ctx_df == NULL)
+            ctr->ctx_df = EVP_CIPHER_CTX_new();
+        if (ctr->ctx_df == NULL)
+            return 0;
+        /* Set key schedule for df_key */
+        if (!EVP_CipherInit_ex(ctr->ctx_df, ctr->cipher, NULL, df_key, NULL, 1))
+            return 0;
+
+        drbg->min_entropylen = ctr->keylen;
+        drbg->max_entropylen = DRBG_MINMAX_FACTOR * drbg->min_entropylen;
+        drbg->min_noncelen = drbg->min_entropylen / 2;
+        drbg->max_noncelen = DRBG_MINMAX_FACTOR * drbg->min_noncelen;
+        drbg->max_perslen = DRBG_MAX_LENGTH;
+        drbg->max_adinlen = DRBG_MAX_LENGTH;
+    } else {
+        drbg->min_entropylen = drbg->seedlen;
+        drbg->max_entropylen = drbg->seedlen;
+        /* Nonce not used */
+        drbg->min_noncelen = 0;
+        drbg->max_noncelen = 0;
+        drbg->max_perslen = drbg->seedlen;
+        drbg->max_adinlen = drbg->seedlen;
+    }
+
+    drbg->max_request = 1 << 16;
+
+    return 1;
+}
diff --git a/freebsd/crypto/openssl/crypto/rand/drbg_lib.c b/freebsd/crypto/openssl/crypto/rand/drbg_lib.c
new file mode 100644
index 00000000..619b4406
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/rand/drbg_lib.c
@@ -0,0 +1,1072 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#include "rand_lcl.h"
+#include "internal/thread_once.h"
+#include "internal/rand_int.h"
+#include "internal/cryptlib_int.h"
+
+/*
+ * Support framework for NIST SP 800-90A DRBG
+ *
+ * See manual page RAND_DRBG(7) for a general overview.
+ *
+ * The OpenSSL model is to have new and free functions, and that new
+ * does all initialization.  That is not the NIST model, which has
+ * instantiation and un-instantiate, and re-use within a new/free
+ * lifecycle.  (No doubt this comes from the desire to support hardware
+ * DRBG, where allocation of resources on something like an HSM is
+ * a much bigger deal than just re-setting an allocated resource.)
+ */
+
+/*
+ * The three shared DRBG instances
+ *
+ * There are three shared DRBG instances: <master>, <public>, and <private>.
+ */
+
+/*
+ * The <master> DRBG
+ *
+ * Not used directly by the application, only for reseeding the two other
+ * DRBGs. It reseeds itself by pulling either randomness from os entropy
+ * sources or by consuming randomness which was added by RAND_add().
+ *
+ * The <master> DRBG is a global instance which is accessed concurrently by
+ * all threads. The necessary locking is managed automatically by its child
+ * DRBG instances during reseeding.
+ */
+static RAND_DRBG *master_drbg;
+/*
+ * The <public> DRBG
+ *
+ * Used by default for generating random bytes using RAND_bytes().
+ *
+ * The <public> DRBG is thread-local, i.e., there is one instance per thread.
+ */
+static CRYPTO_THREAD_LOCAL public_drbg;
+/*
+ * The <private> DRBG
+ *
+ * Used by default for generating private keys using RAND_priv_bytes()
+ *
+ * The <private> DRBG is thread-local, i.e., there is one instance per thread.
+ */
+static CRYPTO_THREAD_LOCAL private_drbg;
+
+
+
+/* NIST SP 800-90A DRBG recommends the use of a personalization string. */
+static const char ossl_pers_string[] = "OpenSSL NIST SP 800-90A DRBG";
+
+static CRYPTO_ONCE rand_drbg_init = CRYPTO_ONCE_STATIC_INIT;
+
+
+
+static int rand_drbg_type = RAND_DRBG_TYPE;
+static unsigned int rand_drbg_flags = RAND_DRBG_FLAGS;
+
+static unsigned int master_reseed_interval = MASTER_RESEED_INTERVAL;
+static unsigned int slave_reseed_interval  = SLAVE_RESEED_INTERVAL;
+
+static time_t master_reseed_time_interval = MASTER_RESEED_TIME_INTERVAL;
+static time_t slave_reseed_time_interval  = SLAVE_RESEED_TIME_INTERVAL;
+
+static RAND_DRBG *drbg_setup(RAND_DRBG *parent);
+
+static RAND_DRBG *rand_drbg_new(int secure,
+                                int type,
+                                unsigned int flags,
+                                RAND_DRBG *parent);
+
+/*
+ * Set/initialize |drbg| to be of type |type|, with optional |flags|.
+ *
+ * If |type| and |flags| are zero, use the defaults
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int RAND_DRBG_set(RAND_DRBG *drbg, int type, unsigned int flags)
+{
+    int ret = 1;
+
+    if (type == 0 && flags == 0) {
+        type = rand_drbg_type;
+        flags = rand_drbg_flags;
+    }
+
+    drbg->state = DRBG_UNINITIALISED;
+    drbg->flags = flags;
+    drbg->type = type;
+
+    switch (type) {
+    default:
+        RANDerr(RAND_F_RAND_DRBG_SET, RAND_R_UNSUPPORTED_DRBG_TYPE);
+        return 0;
+    case 0:
+        /* Uninitialized; that's okay. */
+        return 1;
+    case NID_aes_128_ctr:
+    case NID_aes_192_ctr:
+    case NID_aes_256_ctr:
+        ret = drbg_ctr_init(drbg);
+        break;
+    }
+
+    if (ret == 0)
+        RANDerr(RAND_F_RAND_DRBG_SET, RAND_R_ERROR_INITIALISING_DRBG);
+    return ret;
+}
+
+/*
+ * Set/initialize default |type| and |flag| for new drbg instances.
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int RAND_DRBG_set_defaults(int type, unsigned int flags)
+{
+    int ret = 1;
+
+    switch (type) {
+    default:
+        RANDerr(RAND_F_RAND_DRBG_SET_DEFAULTS, RAND_R_UNSUPPORTED_DRBG_TYPE);
+        return 0;
+    case NID_aes_128_ctr:
+    case NID_aes_192_ctr:
+    case NID_aes_256_ctr:
+        break;
+    }
+
+    if ((flags & ~RAND_DRBG_USED_FLAGS) != 0) {
+        RANDerr(RAND_F_RAND_DRBG_SET_DEFAULTS, RAND_R_UNSUPPORTED_DRBG_FLAGS);
+        return 0;
+    }
+
+    rand_drbg_type  = type;
+    rand_drbg_flags = flags;
+
+    return ret;
+}
+
+
+/*
+ * Allocate memory and initialize a new DRBG. The DRBG is allocated on
+ * the secure heap if |secure| is nonzero and the secure heap is enabled.
+ * The |parent|, if not NULL, will be used as random source for reseeding.
+ *
+ * Returns a pointer to the new DRBG instance on success, NULL on failure.
+ */
+static RAND_DRBG *rand_drbg_new(int secure,
+                                int type,
+                                unsigned int flags,
+                                RAND_DRBG *parent)
+{
+    RAND_DRBG *drbg = secure ?
+        OPENSSL_secure_zalloc(sizeof(*drbg)) : OPENSSL_zalloc(sizeof(*drbg));
+
+    if (drbg == NULL) {
+        RANDerr(RAND_F_RAND_DRBG_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    drbg->secure = secure && CRYPTO_secure_allocated(drbg);
+    drbg->fork_count = rand_fork_count;
+    drbg->parent = parent;
+
+    if (parent == NULL) {
+        drbg->get_entropy = rand_drbg_get_entropy;
+        drbg->cleanup_entropy = rand_drbg_cleanup_entropy;
+#ifndef RAND_DRBG_GET_RANDOM_NONCE
+        drbg->get_nonce = rand_drbg_get_nonce;
+        drbg->cleanup_nonce = rand_drbg_cleanup_nonce;
+#endif
+
+        drbg->reseed_interval = master_reseed_interval;
+        drbg->reseed_time_interval = master_reseed_time_interval;
+    } else {
+        drbg->get_entropy = rand_drbg_get_entropy;
+        drbg->cleanup_entropy = rand_drbg_cleanup_entropy;
+        /*
+         * Do not provide nonce callbacks, the child DRBGs will
+         * obtain their nonce using random bits from the parent.
+         */
+
+        drbg->reseed_interval = slave_reseed_interval;
+        drbg->reseed_time_interval = slave_reseed_time_interval;
+    }
+
+    if (RAND_DRBG_set(drbg, type, flags) == 0)
+        goto err;
+
+    if (parent != NULL) {
+        rand_drbg_lock(parent);
+        if (drbg->strength > parent->strength) {
+            /*
+             * We currently don't support the algorithm from NIST SP 800-90C
+             * 10.1.2 to use a weaker DRBG as source
+             */
+            rand_drbg_unlock(parent);
+            RANDerr(RAND_F_RAND_DRBG_NEW, RAND_R_PARENT_STRENGTH_TOO_WEAK);
+            goto err;
+        }
+        rand_drbg_unlock(parent);
+    }
+
+    return drbg;
+
+err:
+    if (drbg->secure)
+        OPENSSL_secure_free(drbg);
+    else
+        OPENSSL_free(drbg);
+
+    return NULL;
+}
+
+RAND_DRBG *RAND_DRBG_new(int type, unsigned int flags, RAND_DRBG *parent)
+{
+    return rand_drbg_new(0, type, flags, parent);
+}
+
+RAND_DRBG *RAND_DRBG_secure_new(int type, unsigned int flags, RAND_DRBG *parent)
+{
+    return rand_drbg_new(1, type, flags, parent);
+}
+
+/*
+ * Uninstantiate |drbg| and free all memory.
+ */
+void RAND_DRBG_free(RAND_DRBG *drbg)
+{
+    if (drbg == NULL)
+        return;
+
+    if (drbg->meth != NULL)
+        drbg->meth->uninstantiate(drbg);
+    CRYPTO_THREAD_lock_free(drbg->lock);
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DRBG, drbg, &drbg->ex_data);
+
+    if (drbg->secure)
+        OPENSSL_secure_clear_free(drbg, sizeof(*drbg));
+    else
+        OPENSSL_clear_free(drbg, sizeof(*drbg));
+}
+
+/*
+ * Instantiate |drbg|, after it has been initialized.  Use |pers| and
+ * |perslen| as prediction-resistance input.
+ *
+ * Requires that drbg->lock is already locked for write, if non-null.
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int RAND_DRBG_instantiate(RAND_DRBG *drbg,
+                          const unsigned char *pers, size_t perslen)
+{
+    unsigned char *nonce = NULL, *entropy = NULL;
+    size_t noncelen = 0, entropylen = 0;
+    size_t min_entropy = drbg->strength;
+    size_t min_entropylen = drbg->min_entropylen;
+    size_t max_entropylen = drbg->max_entropylen;
+
+    if (perslen > drbg->max_perslen) {
+        RANDerr(RAND_F_RAND_DRBG_INSTANTIATE,
+                RAND_R_PERSONALISATION_STRING_TOO_LONG);
+        goto end;
+    }
+
+    if (drbg->meth == NULL) {
+        RANDerr(RAND_F_RAND_DRBG_INSTANTIATE,
+                RAND_R_NO_DRBG_IMPLEMENTATION_SELECTED);
+        goto end;
+    }
+
+    if (drbg->state != DRBG_UNINITIALISED) {
+        RANDerr(RAND_F_RAND_DRBG_INSTANTIATE,
+                drbg->state == DRBG_ERROR ? RAND_R_IN_ERROR_STATE
+                                          : RAND_R_ALREADY_INSTANTIATED);
+        goto end;
+    }
+
+    drbg->state = DRBG_ERROR;
+
+    /*
+     * NIST SP800-90Ar1 section 9.1 says you can combine getting the entropy
+     * and nonce in 1 call by increasing the entropy with 50% and increasing
+     * the minimum length to accomadate the length of the nonce.
+     * We do this in case a nonce is require and get_nonce is NULL.
+     */
+    if (drbg->min_noncelen > 0 && drbg->get_nonce == NULL) {
+        min_entropy += drbg->strength / 2;
+        min_entropylen += drbg->min_noncelen;
+        max_entropylen += drbg->max_noncelen;
+    }
+
+    if (drbg->get_entropy != NULL)
+        entropylen = drbg->get_entropy(drbg, &entropy, min_entropy,
+                                       min_entropylen, max_entropylen, 0);
+    if (entropylen < min_entropylen
+        || entropylen > max_entropylen) {
+        RANDerr(RAND_F_RAND_DRBG_INSTANTIATE, RAND_R_ERROR_RETRIEVING_ENTROPY);
+        goto end;
+    }
+
+    if (drbg->min_noncelen > 0 && drbg->get_nonce != NULL) {
+        noncelen = drbg->get_nonce(drbg, &nonce, drbg->strength / 2,
+                                   drbg->min_noncelen, drbg->max_noncelen);
+        if (noncelen < drbg->min_noncelen || noncelen > drbg->max_noncelen) {
+            RANDerr(RAND_F_RAND_DRBG_INSTANTIATE, RAND_R_ERROR_RETRIEVING_NONCE);
+            goto end;
+        }
+    }
+
+    if (!drbg->meth->instantiate(drbg, entropy, entropylen,
+                         nonce, noncelen, pers, perslen)) {
+        RANDerr(RAND_F_RAND_DRBG_INSTANTIATE, RAND_R_ERROR_INSTANTIATING_DRBG);
+        goto end;
+    }
+
+    drbg->state = DRBG_READY;
+    drbg->generate_counter = 0;
+    drbg->reseed_time = time(NULL);
+    if (drbg->reseed_counter > 0) {
+        if (drbg->parent == NULL)
+            drbg->reseed_counter++;
+        else
+            drbg->reseed_counter = drbg->parent->reseed_counter;
+    }
+
+end:
+    if (entropy != NULL && drbg->cleanup_entropy != NULL)
+        drbg->cleanup_entropy(drbg, entropy, entropylen);
+    if (nonce != NULL && drbg->cleanup_nonce!= NULL )
+        drbg->cleanup_nonce(drbg, nonce, noncelen);
+    if (drbg->pool != NULL) {
+        if (drbg->state == DRBG_READY) {
+            RANDerr(RAND_F_RAND_DRBG_INSTANTIATE,
+                    RAND_R_ERROR_ENTROPY_POOL_WAS_IGNORED);
+            drbg->state = DRBG_ERROR;
+        }
+        rand_pool_free(drbg->pool);
+        drbg->pool = NULL;
+    }
+    if (drbg->state == DRBG_READY)
+        return 1;
+    return 0;
+}
+
+/*
+ * Uninstantiate |drbg|. Must be instantiated before it can be used.
+ *
+ * Requires that drbg->lock is already locked for write, if non-null.
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int RAND_DRBG_uninstantiate(RAND_DRBG *drbg)
+{
+    if (drbg->meth == NULL) {
+        RANDerr(RAND_F_RAND_DRBG_UNINSTANTIATE,
+                RAND_R_NO_DRBG_IMPLEMENTATION_SELECTED);
+        return 0;
+    }
+
+    /* Clear the entire drbg->ctr struct, then reset some important
+     * members of the drbg->ctr struct (e.g. keysize, df_ks) to their
+     * initial values.
+     */
+    drbg->meth->uninstantiate(drbg);
+    return RAND_DRBG_set(drbg, drbg->type, drbg->flags);
+}
+
+/*
+ * Reseed |drbg|, mixing in the specified data
+ *
+ * Requires that drbg->lock is already locked for write, if non-null.
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int RAND_DRBG_reseed(RAND_DRBG *drbg,
+                     const unsigned char *adin, size_t adinlen,
+                     int prediction_resistance)
+{
+    unsigned char *entropy = NULL;
+    size_t entropylen = 0;
+
+    if (drbg->state == DRBG_ERROR) {
+        RANDerr(RAND_F_RAND_DRBG_RESEED, RAND_R_IN_ERROR_STATE);
+        return 0;
+    }
+    if (drbg->state == DRBG_UNINITIALISED) {
+        RANDerr(RAND_F_RAND_DRBG_RESEED, RAND_R_NOT_INSTANTIATED);
+        return 0;
+    }
+
+    if (adin == NULL) {
+        adinlen = 0;
+    } else if (adinlen > drbg->max_adinlen) {
+        RANDerr(RAND_F_RAND_DRBG_RESEED, RAND_R_ADDITIONAL_INPUT_TOO_LONG);
+        return 0;
+    }
+
+    drbg->state = DRBG_ERROR;
+    if (drbg->get_entropy != NULL)
+        entropylen = drbg->get_entropy(drbg, &entropy, drbg->strength,
+                                       drbg->min_entropylen,
+                                       drbg->max_entropylen,
+                                       prediction_resistance);
+    if (entropylen < drbg->min_entropylen
+        || entropylen > drbg->max_entropylen) {
+        RANDerr(RAND_F_RAND_DRBG_RESEED, RAND_R_ERROR_RETRIEVING_ENTROPY);
+        goto end;
+    }
+
+    if (!drbg->meth->reseed(drbg, entropy, entropylen, adin, adinlen))
+        goto end;
+
+    drbg->state = DRBG_READY;
+    drbg->generate_counter = 0;
+    drbg->reseed_time = time(NULL);
+    if (drbg->reseed_counter > 0) {
+        if (drbg->parent == NULL)
+            drbg->reseed_counter++;
+        else
+            drbg->reseed_counter = drbg->parent->reseed_counter;
+    }
+
+end:
+    if (entropy != NULL && drbg->cleanup_entropy != NULL)
+        drbg->cleanup_entropy(drbg, entropy, entropylen);
+    if (drbg->state == DRBG_READY)
+        return 1;
+    return 0;
+}
+
+/*
+ * Restart |drbg|, using the specified entropy or additional input
+ *
+ * Tries its best to get the drbg instantiated by all means,
+ * regardless of its current state.
+ *
+ * Optionally, a |buffer| of |len| random bytes can be passed,
+ * which is assumed to contain at least |entropy| bits of entropy.
+ *
+ * If |entropy| > 0, the buffer content is used as entropy input.
+ *
+ * If |entropy| == 0, the buffer content is used as additional input
+ *
+ * Returns 1 on success, 0 on failure.
+ *
+ * This function is used internally only.
+ */
+int rand_drbg_restart(RAND_DRBG *drbg,
+                      const unsigned char *buffer, size_t len, size_t entropy)
+{
+    int reseeded = 0;
+    const unsigned char *adin = NULL;
+    size_t adinlen = 0;
+
+    if (drbg->pool != NULL) {
+        RANDerr(RAND_F_RAND_DRBG_RESTART, ERR_R_INTERNAL_ERROR);
+        rand_pool_free(drbg->pool);
+        drbg->pool = NULL;
+    }
+
+    if (buffer != NULL) {
+        if (entropy > 0) {
+            if (drbg->max_entropylen < len) {
+                RANDerr(RAND_F_RAND_DRBG_RESTART,
+                    RAND_R_ENTROPY_INPUT_TOO_LONG);
+                return 0;
+            }
+
+            if (entropy > 8 * len) {
+                RANDerr(RAND_F_RAND_DRBG_RESTART, RAND_R_ENTROPY_OUT_OF_RANGE);
+                return 0;
+            }
+
+            /* will be picked up by the rand_drbg_get_entropy() callback */
+            drbg->pool = rand_pool_new(entropy, len, len);
+            if (drbg->pool == NULL)
+                return 0;
+
+            rand_pool_add(drbg->pool, buffer, len, entropy);
+        } else {
+            if (drbg->max_adinlen < len) {
+                RANDerr(RAND_F_RAND_DRBG_RESTART,
+                        RAND_R_ADDITIONAL_INPUT_TOO_LONG);
+                return 0;
+            }
+            adin = buffer;
+            adinlen = len;
+        }
+    }
+
+    /* repair error state */
+    if (drbg->state == DRBG_ERROR)
+        RAND_DRBG_uninstantiate(drbg);
+
+    /* repair uninitialized state */
+    if (drbg->state == DRBG_UNINITIALISED) {
+        /* reinstantiate drbg */
+        RAND_DRBG_instantiate(drbg,
+                              (const unsigned char *) ossl_pers_string,
+                              sizeof(ossl_pers_string) - 1);
+        /* already reseeded. prevent second reseeding below */
+        reseeded = (drbg->state == DRBG_READY);
+    }
+
+    /* refresh current state if entropy or additional input has been provided */
+    if (drbg->state == DRBG_READY) {
+        if (adin != NULL) {
+            /*
+             * mix in additional input without reseeding
+             *
+             * Similar to RAND_DRBG_reseed(), but the provided additional
+             * data |adin| is mixed into the current state without pulling
+             * entropy from the trusted entropy source using get_entropy().
+             * This is not a reseeding in the strict sense of NIST SP 800-90A.
+             */
+            drbg->meth->reseed(drbg, adin, adinlen, NULL, 0);
+        } else if (reseeded == 0) {
+            /* do a full reseeding if it has not been done yet above */
+            RAND_DRBG_reseed(drbg, NULL, 0, 0);
+        }
+    }
+
+    /* check whether a given entropy pool was cleared properly during reseed */
+    if (drbg->pool != NULL) {
+        drbg->state = DRBG_ERROR;
+        RANDerr(RAND_F_RAND_DRBG_RESTART, ERR_R_INTERNAL_ERROR);
+        rand_pool_free(drbg->pool);
+        drbg->pool = NULL;
+        return 0;
+    }
+
+    return drbg->state == DRBG_READY;
+}
+
+/*
+ * Generate |outlen| bytes into the buffer at |out|.  Reseed if we need
+ * to or if |prediction_resistance| is set.  Additional input can be
+ * sent in |adin| and |adinlen|.
+ *
+ * Requires that drbg->lock is already locked for write, if non-null.
+ *
+ * Returns 1 on success, 0 on failure.
+ *
+ */
+int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen,
+                       int prediction_resistance,
+                       const unsigned char *adin, size_t adinlen)
+{
+    int reseed_required = 0;
+
+    if (drbg->state != DRBG_READY) {
+        /* try to recover from previous errors */
+        rand_drbg_restart(drbg, NULL, 0, 0);
+
+        if (drbg->state == DRBG_ERROR) {
+            RANDerr(RAND_F_RAND_DRBG_GENERATE, RAND_R_IN_ERROR_STATE);
+            return 0;
+        }
+        if (drbg->state == DRBG_UNINITIALISED) {
+            RANDerr(RAND_F_RAND_DRBG_GENERATE, RAND_R_NOT_INSTANTIATED);
+            return 0;
+        }
+    }
+
+    if (outlen > drbg->max_request) {
+        RANDerr(RAND_F_RAND_DRBG_GENERATE, RAND_R_REQUEST_TOO_LARGE_FOR_DRBG);
+        return 0;
+    }
+    if (adinlen > drbg->max_adinlen) {
+        RANDerr(RAND_F_RAND_DRBG_GENERATE, RAND_R_ADDITIONAL_INPUT_TOO_LONG);
+        return 0;
+    }
+
+    if (drbg->fork_count != rand_fork_count) {
+        drbg->fork_count = rand_fork_count;
+        reseed_required = 1;
+    }
+
+    if (drbg->reseed_interval > 0) {
+        if (drbg->generate_counter >= drbg->reseed_interval)
+            reseed_required = 1;
+    }
+    if (drbg->reseed_time_interval > 0) {
+        time_t now = time(NULL);
+        if (now < drbg->reseed_time
+            || now - drbg->reseed_time >= drbg->reseed_time_interval)
+            reseed_required = 1;
+    }
+    if (drbg->reseed_counter > 0 && drbg->parent != NULL) {
+        if (drbg->reseed_counter != drbg->parent->reseed_counter)
+            reseed_required = 1;
+    }
+
+    if (reseed_required || prediction_resistance) {
+        if (!RAND_DRBG_reseed(drbg, adin, adinlen, prediction_resistance)) {
+            RANDerr(RAND_F_RAND_DRBG_GENERATE, RAND_R_RESEED_ERROR);
+            return 0;
+        }
+        adin = NULL;
+        adinlen = 0;
+    }
+
+    if (!drbg->meth->generate(drbg, out, outlen, adin, adinlen)) {
+        drbg->state = DRBG_ERROR;
+        RANDerr(RAND_F_RAND_DRBG_GENERATE, RAND_R_GENERATE_ERROR);
+        return 0;
+    }
+
+    drbg->generate_counter++;
+
+    return 1;
+}
+
+/*
+ * Generates |outlen| random bytes and stores them in |out|. It will
+ * using the given |drbg| to generate the bytes.
+ *
+ * Requires that drbg->lock is already locked for write, if non-null.
+ *
+ * Returns 1 on success 0 on failure.
+ */
+int RAND_DRBG_bytes(RAND_DRBG *drbg, unsigned char *out, size_t outlen)
+{
+    unsigned char *additional = NULL;
+    size_t additional_len;
+    size_t chunk;
+    size_t ret;
+
+    additional_len = rand_drbg_get_additional_data(&additional, drbg->max_adinlen);
+
+    for ( ; outlen > 0; outlen -= chunk, out += chunk) {
+        chunk = outlen;
+        if (chunk > drbg->max_request)
+            chunk = drbg->max_request;
+        ret = RAND_DRBG_generate(drbg, out, chunk, 0, additional, additional_len);
+        if (!ret)
+            goto err;
+    }
+    ret = 1;
+
+err:
+    if (additional_len != 0)
+        OPENSSL_secure_clear_free(additional, additional_len);
+
+    return ret;
+}
+
+/*
+ * Set the RAND_DRBG callbacks for obtaining entropy and nonce.
+ *
+ * Setting the callbacks is allowed only if the drbg has not been
+ * initialized yet. Otherwise, the operation will fail.
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int RAND_DRBG_set_callbacks(RAND_DRBG *drbg,
+                            RAND_DRBG_get_entropy_fn get_entropy,
+                            RAND_DRBG_cleanup_entropy_fn cleanup_entropy,
+                            RAND_DRBG_get_nonce_fn get_nonce,
+                            RAND_DRBG_cleanup_nonce_fn cleanup_nonce)
+{
+    if (drbg->state != DRBG_UNINITIALISED)
+        return 0;
+    drbg->get_entropy = get_entropy;
+    drbg->cleanup_entropy = cleanup_entropy;
+    drbg->get_nonce = get_nonce;
+    drbg->cleanup_nonce = cleanup_nonce;
+    return 1;
+}
+
+/*
+ * Set the reseed interval.
+ *
+ * The drbg will reseed automatically whenever the number of generate
+ * requests exceeds the given reseed interval. If the reseed interval
+ * is 0, then this feature is disabled.
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int RAND_DRBG_set_reseed_interval(RAND_DRBG *drbg, unsigned int interval)
+{
+    if (interval > MAX_RESEED_INTERVAL)
+        return 0;
+    drbg->reseed_interval = interval;
+    return 1;
+}
+
+/*
+ * Set the reseed time interval.
+ *
+ * The drbg will reseed automatically whenever the time elapsed since
+ * the last reseeding exceeds the given reseed time interval. For safety,
+ * a reseeding will also occur if the clock has been reset to a smaller
+ * value.
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int RAND_DRBG_set_reseed_time_interval(RAND_DRBG *drbg, time_t interval)
+{
+    if (interval > MAX_RESEED_TIME_INTERVAL)
+        return 0;
+    drbg->reseed_time_interval = interval;
+    return 1;
+}
+
+/*
+ * Set the default values for reseed (time) intervals of new DRBG instances
+ *
+ * The default values can be set independently for master DRBG instances
+ * (without a parent) and slave DRBG instances (with parent).
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+
+int RAND_DRBG_set_reseed_defaults(
+                                  unsigned int _master_reseed_interval,
+                                  unsigned int _slave_reseed_interval,
+                                  time_t _master_reseed_time_interval,
+                                  time_t _slave_reseed_time_interval
+                                  )
+{
+    if (_master_reseed_interval > MAX_RESEED_INTERVAL
+        || _slave_reseed_interval > MAX_RESEED_INTERVAL)
+        return 0;
+
+    if (_master_reseed_time_interval > MAX_RESEED_TIME_INTERVAL
+        || _slave_reseed_time_interval > MAX_RESEED_TIME_INTERVAL)
+        return 0;
+
+    master_reseed_interval = _master_reseed_interval;
+    slave_reseed_interval = _slave_reseed_interval;
+
+    master_reseed_time_interval = _master_reseed_time_interval;
+    slave_reseed_time_interval = _slave_reseed_time_interval;
+
+    return 1;
+}
+
+/*
+ * Locks the given drbg. Locking a drbg which does not have locking
+ * enabled is considered a successful no-op.
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int rand_drbg_lock(RAND_DRBG *drbg)
+{
+    if (drbg->lock != NULL)
+        return CRYPTO_THREAD_write_lock(drbg->lock);
+
+    return 1;
+}
+
+/*
+ * Unlocks the given drbg. Unlocking a drbg which does not have locking
+ * enabled is considered a successful no-op.
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int rand_drbg_unlock(RAND_DRBG *drbg)
+{
+    if (drbg->lock != NULL)
+        return CRYPTO_THREAD_unlock(drbg->lock);
+
+    return 1;
+}
+
+/*
+ * Enables locking for the given drbg
+ *
+ * Locking can only be enabled if the random generator
+ * is in the uninitialized state.
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int rand_drbg_enable_locking(RAND_DRBG *drbg)
+{
+    if (drbg->state != DRBG_UNINITIALISED) {
+        RANDerr(RAND_F_RAND_DRBG_ENABLE_LOCKING,
+                RAND_R_DRBG_ALREADY_INITIALIZED);
+        return 0;
+    }
+
+    if (drbg->lock == NULL) {
+        if (drbg->parent != NULL && drbg->parent->lock == NULL) {
+            RANDerr(RAND_F_RAND_DRBG_ENABLE_LOCKING,
+                    RAND_R_PARENT_LOCKING_NOT_ENABLED);
+            return 0;
+        }
+
+        drbg->lock = CRYPTO_THREAD_lock_new();
+        if (drbg->lock == NULL) {
+            RANDerr(RAND_F_RAND_DRBG_ENABLE_LOCKING,
+                    RAND_R_FAILED_TO_CREATE_LOCK);
+            return 0;
+        }
+    }
+
+    return 1;
+}
+
+/*
+ * Get and set the EXDATA
+ */
+int RAND_DRBG_set_ex_data(RAND_DRBG *drbg, int idx, void *arg)
+{
+    return CRYPTO_set_ex_data(&drbg->ex_data, idx, arg);
+}
+
+void *RAND_DRBG_get_ex_data(const RAND_DRBG *drbg, int idx)
+{
+    return CRYPTO_get_ex_data(&drbg->ex_data, idx);
+}
+
+
+/*
+ * The following functions provide a RAND_METHOD that works on the
+ * global DRBG.  They lock.
+ */
+
+/*
+ * Allocates a new global DRBG on the secure heap (if enabled) and
+ * initializes it with default settings.
+ *
+ * Returns a pointer to the new DRBG instance on success, NULL on failure.
+ */
+static RAND_DRBG *drbg_setup(RAND_DRBG *parent)
+{
+    RAND_DRBG *drbg;
+
+    drbg = RAND_DRBG_secure_new(rand_drbg_type, rand_drbg_flags, parent);
+    if (drbg == NULL)
+        return NULL;
+
+    /* Only the master DRBG needs to have a lock */
+    if (parent == NULL && rand_drbg_enable_locking(drbg) == 0)
+        goto err;
+
+    /* enable seed propagation */
+    drbg->reseed_counter = 1;
+
+    /*
+     * Ignore instantiation error to support just-in-time instantiation.
+     *
+     * The state of the drbg will be checked in RAND_DRBG_generate() and
+     * an automatic recovery is attempted.
+     */
+    (void)RAND_DRBG_instantiate(drbg,
+                                (const unsigned char *) ossl_pers_string,
+                                sizeof(ossl_pers_string) - 1);
+    return drbg;
+
+err:
+    RAND_DRBG_free(drbg);
+    return NULL;
+}
+
+/*
+ * Initialize the global DRBGs on first use.
+ * Returns 1 on success, 0 on failure.
+ */
+DEFINE_RUN_ONCE_STATIC(do_rand_drbg_init)
+{
+    /*
+     * ensure that libcrypto is initialized, otherwise the
+     * DRBG locks are not cleaned up properly
+     */
+    if (!OPENSSL_init_crypto(0, NULL))
+        return 0;
+
+    if (!CRYPTO_THREAD_init_local(&private_drbg, NULL))
+        return 0;
+
+    if (!CRYPTO_THREAD_init_local(&public_drbg, NULL))
+        goto err1;
+
+    master_drbg = drbg_setup(NULL);
+    if (master_drbg == NULL)
+        goto err2;
+
+    return 1;
+
+err2:
+    CRYPTO_THREAD_cleanup_local(&public_drbg);
+err1:
+    CRYPTO_THREAD_cleanup_local(&private_drbg);
+    return 0;
+}
+
+/* Clean up the global DRBGs before exit */
+void rand_drbg_cleanup_int(void)
+{
+    if (master_drbg != NULL) {
+        RAND_DRBG_free(master_drbg);
+        master_drbg = NULL;
+
+        CRYPTO_THREAD_cleanup_local(&private_drbg);
+        CRYPTO_THREAD_cleanup_local(&public_drbg);
+    }
+}
+
+void drbg_delete_thread_state(void)
+{
+    RAND_DRBG *drbg;
+
+    drbg = CRYPTO_THREAD_get_local(&public_drbg);
+    CRYPTO_THREAD_set_local(&public_drbg, NULL);
+    RAND_DRBG_free(drbg);
+
+    drbg = CRYPTO_THREAD_get_local(&private_drbg);
+    CRYPTO_THREAD_set_local(&private_drbg, NULL);
+    RAND_DRBG_free(drbg);
+}
+
+/* Implements the default OpenSSL RAND_bytes() method */
+static int drbg_bytes(unsigned char *out, int count)
+{
+    int ret;
+    RAND_DRBG *drbg = RAND_DRBG_get0_public();
+
+    if (drbg == NULL)
+        return 0;
+
+    ret = RAND_DRBG_bytes(drbg, out, count);
+
+    return ret;
+}
+
+/* Implements the default OpenSSL RAND_add() method */
+static int drbg_add(const void *buf, int num, double randomness)
+{
+    int ret = 0;
+    RAND_DRBG *drbg = RAND_DRBG_get0_master();
+
+    if (drbg == NULL)
+        return 0;
+
+    if (num < 0 || randomness < 0.0)
+        return 0;
+
+    if (randomness > (double)drbg->max_entropylen) {
+        /*
+         * The purpose of this check is to bound |randomness| by a
+         * relatively small value in order to prevent an integer
+         * overflow when multiplying by 8 in the rand_drbg_restart()
+         * call below.
+         */
+        return 0;
+    }
+
+    rand_drbg_lock(drbg);
+    ret = rand_drbg_restart(drbg, buf,
+                            (size_t)(unsigned int)num,
+                            (size_t)(8*randomness));
+    rand_drbg_unlock(drbg);
+
+    return ret;
+}
+
+/* Implements the default OpenSSL RAND_seed() method */
+static int drbg_seed(const void *buf, int num)
+{
+    return drbg_add(buf, num, num);
+}
+
+/* Implements the default OpenSSL RAND_status() method */
+static int drbg_status(void)
+{
+    int ret;
+    RAND_DRBG *drbg = RAND_DRBG_get0_master();
+
+    if (drbg == NULL)
+        return 0;
+
+    rand_drbg_lock(drbg);
+    ret = drbg->state == DRBG_READY ? 1 : 0;
+    rand_drbg_unlock(drbg);
+    return ret;
+}
+
+/*
+ * Get the master DRBG.
+ * Returns pointer to the DRBG on success, NULL on failure.
+ *
+ */
+RAND_DRBG *RAND_DRBG_get0_master(void)
+{
+    if (!RUN_ONCE(&rand_drbg_init, do_rand_drbg_init))
+        return NULL;
+
+    return master_drbg;
+}
+
+/*
+ * Get the public DRBG.
+ * Returns pointer to the DRBG on success, NULL on failure.
+ */
+RAND_DRBG *RAND_DRBG_get0_public(void)
+{
+    RAND_DRBG *drbg;
+
+    if (!RUN_ONCE(&rand_drbg_init, do_rand_drbg_init))
+        return NULL;
+
+    drbg = CRYPTO_THREAD_get_local(&public_drbg);
+    if (drbg == NULL) {
+        if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_RAND))
+            return NULL;
+        drbg = drbg_setup(master_drbg);
+        CRYPTO_THREAD_set_local(&public_drbg, drbg);
+    }
+    return drbg;
+}
+
+/*
+ * Get the private DRBG.
+ * Returns pointer to the DRBG on success, NULL on failure.
+ */
+RAND_DRBG *RAND_DRBG_get0_private(void)
+{
+    RAND_DRBG *drbg;
+
+    if (!RUN_ONCE(&rand_drbg_init, do_rand_drbg_init))
+        return NULL;
+
+    drbg = CRYPTO_THREAD_get_local(&private_drbg);
+    if (drbg == NULL) {
+        if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_RAND))
+            return NULL;
+        drbg = drbg_setup(master_drbg);
+        CRYPTO_THREAD_set_local(&private_drbg, drbg);
+    }
+    return drbg;
+}
+
+RAND_METHOD rand_meth = {
+    drbg_seed,
+    drbg_bytes,
+    NULL,
+    drbg_add,
+    drbg_bytes,
+    drbg_status
+};
+
+RAND_METHOD *RAND_OpenSSL(void)
+{
+    return &rand_meth;
+}
diff --git a/freebsd/crypto/openssl/crypto/rand/md_rand.c b/freebsd/crypto/openssl/crypto/rand/md_rand.c
deleted file mode 100644
index 7a18a784..00000000
--- a/freebsd/crypto/openssl/crypto/rand/md_rand.c
+++ /dev/null
@@ -1,618 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/rand/md_rand.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#define OPENSSL_FIPSEVP
-
-#ifdef MD_RAND_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-
-#include <assert.h>
-#include <stdio.h>
-#include <string.h>
-
-#include "e_os.h"
-
-#include <openssl/crypto.h>
-#include <openssl/rand.h>
-#include "rand_lcl.h"
-
-#include <openssl/err.h>
-
-#ifdef BN_DEBUG
-# define PREDICT
-#endif
-
-/* #define PREDICT      1 */
-
-#define STATE_SIZE      1023
-static size_t state_num = 0, state_index = 0;
-static unsigned char state[STATE_SIZE + MD_DIGEST_LENGTH];
-static unsigned char md[MD_DIGEST_LENGTH];
-static long md_count[2] = { 0, 0 };
-
-static double entropy = 0;
-static int initialized = 0;
-
-static unsigned int crypto_lock_rand = 0; /* may be set only when a thread
-                                           * holds CRYPTO_LOCK_RAND (to
-                                           * prevent double locking) */
-/* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */
-/* valid iff crypto_lock_rand is set */
-static CRYPTO_THREADID locking_threadid;
-
-#ifdef PREDICT
-int rand_predictable = 0;
-#endif
-
-const char RAND_version[] = "RAND" OPENSSL_VERSION_PTEXT;
-
-static void ssleay_rand_cleanup(void);
-static void ssleay_rand_seed(const void *buf, int num);
-static void ssleay_rand_add(const void *buf, int num, double add_entropy);
-static int ssleay_rand_nopseudo_bytes(unsigned char *buf, int num);
-static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num);
-static int ssleay_rand_status(void);
-
-RAND_METHOD rand_ssleay_meth = {
-    ssleay_rand_seed,
-    ssleay_rand_nopseudo_bytes,
-    ssleay_rand_cleanup,
-    ssleay_rand_add,
-    ssleay_rand_pseudo_bytes,
-    ssleay_rand_status
-};
-
-RAND_METHOD *RAND_SSLeay(void)
-{
-    return (&rand_ssleay_meth);
-}
-
-static void ssleay_rand_cleanup(void)
-{
-    OPENSSL_cleanse(state, sizeof(state));
-    state_num = 0;
-    state_index = 0;
-    OPENSSL_cleanse(md, MD_DIGEST_LENGTH);
-    md_count[0] = 0;
-    md_count[1] = 0;
-    entropy = 0;
-    initialized = 0;
-}
-
-static void ssleay_rand_add(const void *buf, int num, double add)
-{
-    int i, j, k, st_idx;
-    long md_c[2];
-    unsigned char local_md[MD_DIGEST_LENGTH];
-    EVP_MD_CTX m;
-    int do_not_lock;
-
-    if (!num)
-        return;
-
-    /*
-     * (Based on the rand(3) manpage)
-     *
-     * The input is chopped up into units of 20 bytes (or less for
-     * the last block).  Each of these blocks is run through the hash
-     * function as follows:  The data passed to the hash function
-     * is the current 'md', the same number of bytes from the 'state'
-     * (the location determined by in incremented looping index) as
-     * the current 'block', the new key data 'block', and 'count'
-     * (which is incremented after each use).
-     * The result of this is kept in 'md' and also xored into the
-     * 'state' at the same locations that were used as input into the
-     * hash function.
-     */
-
-    /* check if we already have the lock */
-    if (crypto_lock_rand) {
-        CRYPTO_THREADID cur;
-        CRYPTO_THREADID_current(&cur);
-        CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
-        do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur);
-        CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
-    } else
-        do_not_lock = 0;
-
-    if (!do_not_lock)
-        CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-    st_idx = state_index;
-
-    /*
-     * use our own copies of the counters so that even if a concurrent thread
-     * seeds with exactly the same data and uses the same subarray there's
-     * _some_ difference
-     */
-    md_c[0] = md_count[0];
-    md_c[1] = md_count[1];
-
-    memcpy(local_md, md, sizeof(md));
-
-    /* state_index <= state_num <= STATE_SIZE */
-    state_index += num;
-    if (state_index >= STATE_SIZE) {
-        state_index %= STATE_SIZE;
-        state_num = STATE_SIZE;
-    } else if (state_num < STATE_SIZE) {
-        if (state_index > state_num)
-            state_num = state_index;
-    }
-    /* state_index <= state_num <= STATE_SIZE */
-
-    /*
-     * state[st_idx], ..., state[(st_idx + num - 1) % STATE_SIZE] are what we
-     * will use now, but other threads may use them as well
-     */
-
-    md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0);
-
-    if (!do_not_lock)
-        CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-
-    EVP_MD_CTX_init(&m);
-    for (i = 0; i < num; i += MD_DIGEST_LENGTH) {
-        j = (num - i);
-        j = (j > MD_DIGEST_LENGTH) ? MD_DIGEST_LENGTH : j;
-
-        if (!MD_Init(&m) ||
-            !MD_Update(&m, local_md, MD_DIGEST_LENGTH))
-            goto err;
-        k = (st_idx + j) - STATE_SIZE;
-        if (k > 0) {
-            if (!MD_Update(&m, &(state[st_idx]), j - k) ||
-                !MD_Update(&m, &(state[0]), k))
-                goto err;
-        } else
-            if (!MD_Update(&m, &(state[st_idx]), j))
-                goto err;
-
-        /* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */
-        if (!MD_Update(&m, buf, j))
-            goto err;
-        /*
-         * We know that line may cause programs such as purify and valgrind
-         * to complain about use of uninitialized data.  The problem is not,
-         * it's with the caller.  Removing that line will make sure you get
-         * really bad randomness and thereby other problems such as very
-         * insecure keys.
-         */
-
-        if (!MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c)) ||
-            !MD_Final(&m, local_md))
-            goto err;
-        md_c[1]++;
-
-        buf = (const char *)buf + j;
-
-        for (k = 0; k < j; k++) {
-            /*
-             * Parallel threads may interfere with this, but always each byte
-             * of the new state is the XOR of some previous value of its and
-             * local_md (itermediate values may be lost). Alway using locking
-             * could hurt performance more than necessary given that
-             * conflicts occur only when the total seeding is longer than the
-             * random state.
-             */
-            state[st_idx++] ^= local_md[k];
-            if (st_idx >= STATE_SIZE)
-                st_idx = 0;
-        }
-    }
-
-    if (!do_not_lock)
-        CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-    /*
-     * Don't just copy back local_md into md -- this could mean that other
-     * thread's seeding remains without effect (except for the incremented
-     * counter).  By XORing it we keep at least as much entropy as fits into
-     * md.
-     */
-    for (k = 0; k < (int)sizeof(md); k++) {
-        md[k] ^= local_md[k];
-    }
-    if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */
-        entropy += add;
-    if (!do_not_lock)
-        CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-
-#if !defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32)
-    assert(md_c[1] == md_count[1]);
-#endif
-
- err:
-    EVP_MD_CTX_cleanup(&m);
-}
-
-static void ssleay_rand_seed(const void *buf, int num)
-{
-    ssleay_rand_add(buf, num, (double)num);
-}
-
-int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock)
-{
-    static volatile int stirred_pool = 0;
-    int i, j, k;
-    size_t num_ceil, st_idx, st_num;
-    int ok;
-    long md_c[2];
-    unsigned char local_md[MD_DIGEST_LENGTH];
-    EVP_MD_CTX m;
-#ifndef GETPID_IS_MEANINGLESS
-    pid_t curr_pid = getpid();
-#endif
-    int do_stir_pool = 0;
-
-#ifdef PREDICT
-    if (rand_predictable) {
-        static unsigned char val = 0;
-
-        for (i = 0; i < num; i++)
-            buf[i] = val++;
-        return (1);
-    }
-#endif
-
-    if (num <= 0)
-        return 1;
-
-    EVP_MD_CTX_init(&m);
-    /* round upwards to multiple of MD_DIGEST_LENGTH/2 */
-    num_ceil =
-        (1 + (num - 1) / (MD_DIGEST_LENGTH / 2)) * (MD_DIGEST_LENGTH / 2);
-
-    /*
-     * (Based on the rand(3) manpage:)
-     *
-     * For each group of 10 bytes (or less), we do the following:
-     *
-     * Input into the hash function the local 'md' (which is initialized from
-     * the global 'md' before any bytes are generated), the bytes that are to
-     * be overwritten by the random bytes, and bytes from the 'state'
-     * (incrementing looping index). From this digest output (which is kept
-     * in 'md'), the top (up to) 10 bytes are returned to the caller and the
-     * bottom 10 bytes are xored into the 'state'.
-     *
-     * Finally, after we have finished 'num' random bytes for the
-     * caller, 'count' (which is incremented) and the local and global 'md'
-     * are fed into the hash function and the results are kept in the
-     * global 'md'.
-     */
-    if (lock)
-        CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-
-    /* prevent ssleay_rand_bytes() from trying to obtain the lock again */
-    CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
-    CRYPTO_THREADID_current(&locking_threadid);
-    CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
-    crypto_lock_rand = 1;
-
-    if (!initialized) {
-        RAND_poll();
-        initialized = 1;
-    }
-
-    if (!stirred_pool)
-        do_stir_pool = 1;
-
-    ok = (entropy >= ENTROPY_NEEDED);
-    if (!ok) {
-        /*
-         * If the PRNG state is not yet unpredictable, then seeing the PRNG
-         * output may help attackers to determine the new state; thus we have
-         * to decrease the entropy estimate. Once we've had enough initial
-         * seeding we don't bother to adjust the entropy count, though,
-         * because we're not ambitious to provide *information-theoretic*
-         * randomness. NOTE: This approach fails if the program forks before
-         * we have enough entropy. Entropy should be collected in a separate
-         * input pool and be transferred to the output pool only when the
-         * entropy limit has been reached.
-         */
-        entropy -= num;
-        if (entropy < 0)
-            entropy = 0;
-    }
-
-    if (do_stir_pool) {
-        /*
-         * In the output function only half of 'md' remains secret, so we
-         * better make sure that the required entropy gets 'evenly
-         * distributed' through 'state', our randomness pool. The input
-         * function (ssleay_rand_add) chains all of 'md', which makes it more
-         * suitable for this purpose.
-         */
-
-        int n = STATE_SIZE;     /* so that the complete pool gets accessed */
-        while (n > 0) {
-#if MD_DIGEST_LENGTH > 20
-# error "Please adjust DUMMY_SEED."
-#endif
-#define DUMMY_SEED "...................." /* at least MD_DIGEST_LENGTH */
-            /*
-             * Note that the seed does not matter, it's just that
-             * ssleay_rand_add expects to have something to hash.
-             */
-            ssleay_rand_add(DUMMY_SEED, MD_DIGEST_LENGTH, 0.0);
-            n -= MD_DIGEST_LENGTH;
-        }
-        if (ok)
-            stirred_pool = 1;
-    }
-
-    st_idx = state_index;
-    st_num = state_num;
-    md_c[0] = md_count[0];
-    md_c[1] = md_count[1];
-    memcpy(local_md, md, sizeof(md));
-
-    state_index += num_ceil;
-    if (state_index > state_num)
-        state_index %= state_num;
-
-    /*
-     * state[st_idx], ..., state[(st_idx + num_ceil - 1) % st_num] are now
-     * ours (but other threads may use them too)
-     */
-
-    md_count[0] += 1;
-
-    /* before unlocking, we must clear 'crypto_lock_rand' */
-    crypto_lock_rand = 0;
-    if (lock)
-        CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-
-    while (num > 0) {
-        /* num_ceil -= MD_DIGEST_LENGTH/2 */
-        j = (num >= MD_DIGEST_LENGTH / 2) ? MD_DIGEST_LENGTH / 2 : num;
-        num -= j;
-        if (!MD_Init(&m))
-           goto err;
-#ifndef GETPID_IS_MEANINGLESS
-        if (curr_pid) {         /* just in the first iteration to save time */
-            if (!MD_Update(&m, (unsigned char *)&curr_pid, sizeof(curr_pid)))
-                goto err;
-            curr_pid = 0;
-        }
-#endif
-        if (!MD_Update(&m, local_md, MD_DIGEST_LENGTH) ||
-            !MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c)))
-            goto err;
-
-#ifndef PURIFY                  /* purify complains */
-        /*
-         * The following line uses the supplied buffer as a small source of
-         * entropy: since this buffer is often uninitialised it may cause
-         * programs such as purify or valgrind to complain. So for those
-         * builds it is not used: the removal of such a small source of
-         * entropy has negligible impact on security.
-         */
-        if (!MD_Update(&m, buf, j))
-            goto err;
-#endif
-
-        k = (st_idx + MD_DIGEST_LENGTH / 2) - st_num;
-        if (k > 0) {
-            if (!MD_Update(&m, &(state[st_idx]), MD_DIGEST_LENGTH / 2 - k) ||
-                !MD_Update(&m, &(state[0]), k))
-                goto err;
-        } else {
-            if (!MD_Update(&m, &(state[st_idx]), MD_DIGEST_LENGTH / 2))
-                goto err;
-        }
-        if (!MD_Final(&m, local_md))
-            goto err;
-
-        for (i = 0; i < MD_DIGEST_LENGTH / 2; i++) {
-            /* may compete with other threads */
-            state[st_idx++] ^= local_md[i];
-            if (st_idx >= st_num)
-                st_idx = 0;
-            if (i < j)
-                *(buf++) = local_md[i + MD_DIGEST_LENGTH / 2];
-        }
-    }
-
-    if (!MD_Init(&m) ||
-        !MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c)) ||
-        !MD_Update(&m, local_md, MD_DIGEST_LENGTH))
-        goto err;
-    if (lock)
-        CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-    if (!MD_Update(&m, md, MD_DIGEST_LENGTH) ||
-        !MD_Final(&m, md)) {
-        if (lock)
-            CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-        goto err;
-    }
-    if (lock)
-        CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-
-    EVP_MD_CTX_cleanup(&m);
-    if (ok)
-        return (1);
-    else if (pseudo)
-        return 0;
-    else {
-        RANDerr(RAND_F_SSLEAY_RAND_BYTES, RAND_R_PRNG_NOT_SEEDED);
-        ERR_add_error_data(1, "You need to read the OpenSSL FAQ, "
-                           "http://www.openssl.org/support/faq.html");
-        return (0);
-    }
-
- err:
-    EVP_MD_CTX_cleanup(&m);
-    return (0);
-}
-
-static int ssleay_rand_nopseudo_bytes(unsigned char *buf, int num)
-{
-    return ssleay_rand_bytes(buf, num, 0, 1);
-}
-
-/*
- * pseudo-random bytes that are guaranteed to be unique but not unpredictable
- */
-static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num)
-{
-    return ssleay_rand_bytes(buf, num, 1, 1);
-}
-
-static int ssleay_rand_status(void)
-{
-    CRYPTO_THREADID cur;
-    int ret;
-    int do_not_lock;
-
-    CRYPTO_THREADID_current(&cur);
-    /*
-     * check if we already have the lock (could happen if a RAND_poll()
-     * implementation calls RAND_status())
-     */
-    if (crypto_lock_rand) {
-        CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
-        do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur);
-        CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
-    } else
-        do_not_lock = 0;
-
-    if (!do_not_lock) {
-        CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-
-        /*
-         * prevent ssleay_rand_bytes() from trying to obtain the lock again
-         */
-        CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
-        CRYPTO_THREADID_cpy(&locking_threadid, &cur);
-        CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
-        crypto_lock_rand = 1;
-    }
-
-    if (!initialized) {
-        RAND_poll();
-        initialized = 1;
-    }
-
-    ret = entropy >= ENTROPY_NEEDED;
-
-    if (!do_not_lock) {
-        /* before unlocking, we must clear 'crypto_lock_rand' */
-        crypto_lock_rand = 0;
-
-        CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-    }
-
-    return ret;
-}
diff --git a/freebsd/crypto/openssl/crypto/rand/rand.h b/freebsd/crypto/openssl/crypto/rand/rand.h
deleted file mode 100644
index 2553afda..00000000
--- a/freebsd/crypto/openssl/crypto/rand/rand.h
+++ /dev/null
@@ -1,150 +0,0 @@
-/* crypto/rand/rand.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_RAND_H
-# define HEADER_RAND_H
-
-# include <stdlib.h>
-# include <openssl/ossl_typ.h>
-# include <openssl/e_os2.h>
-
-# if defined(OPENSSL_SYS_WINDOWS)
-#  include <windows.h>
-# endif
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-# if defined(OPENSSL_FIPS)
-#  define FIPS_RAND_SIZE_T size_t
-# endif
-
-/* Already defined in ossl_typ.h */
-/* typedef struct rand_meth_st RAND_METHOD; */
-
-struct rand_meth_st {
-    void (*seed) (const void *buf, int num);
-    int (*bytes) (unsigned char *buf, int num);
-    void (*cleanup) (void);
-    void (*add) (const void *buf, int num, double entropy);
-    int (*pseudorand) (unsigned char *buf, int num);
-    int (*status) (void);
-};
-
-# ifdef BN_DEBUG
-extern int rand_predictable;
-# endif
-
-int RAND_set_rand_method(const RAND_METHOD *meth);
-const RAND_METHOD *RAND_get_rand_method(void);
-# ifndef OPENSSL_NO_ENGINE
-int RAND_set_rand_engine(ENGINE *engine);
-# endif
-RAND_METHOD *RAND_SSLeay(void);
-void RAND_cleanup(void);
-int RAND_bytes(unsigned char *buf, int num);
-int RAND_pseudo_bytes(unsigned char *buf, int num);
-void RAND_seed(const void *buf, int num);
-void RAND_add(const void *buf, int num, double entropy);
-int RAND_load_file(const char *file, long max_bytes);
-int RAND_write_file(const char *file);
-const char *RAND_file_name(char *file, size_t num);
-int RAND_status(void);
-int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes);
-int RAND_egd(const char *path);
-int RAND_egd_bytes(const char *path, int bytes);
-int RAND_poll(void);
-
-# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
-
-void RAND_screen(void);
-int RAND_event(UINT, WPARAM, LPARAM);
-
-# endif
-
-# ifdef OPENSSL_FIPS
-void RAND_set_fips_drbg_type(int type, int flags);
-int RAND_init_fips(void);
-# endif
-
-/* BEGIN ERROR CODES */
-/*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_RAND_strings(void);
-
-/* Error codes for the RAND functions. */
-
-/* Function codes. */
-# define RAND_F_RAND_GET_RAND_METHOD                      101
-# define RAND_F_RAND_INIT_FIPS                            102
-# define RAND_F_SSLEAY_RAND_BYTES                         100
-
-/* Reason codes. */
-# define RAND_R_DUAL_EC_DRBG_DISABLED                     104
-# define RAND_R_ERROR_INITIALISING_DRBG                   102
-# define RAND_R_ERROR_INSTANTIATING_DRBG                  103
-# define RAND_R_NO_FIPS_RANDOM_METHOD_SET                 101
-# define RAND_R_PRNG_NOT_SEEDED                           100
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/freebsd/crypto/openssl/crypto/rand/rand_egd.c b/freebsd/crypto/openssl/crypto/rand/rand_egd.c
index 563689f6..6eb1302c 100644
--- a/freebsd/crypto/openssl/crypto/rand/rand_egd.c
+++ b/freebsd/crypto/openssl/crypto/rand/rand_egd.c
@@ -1,294 +1,160 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/rand/rand_egd.c */
-/* Written by Ulf Moeller and Lutz Jaenicke for the OpenSSL project. */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include <openssl/e_os2.h>
-#include <openssl/rand.h>
-#include <openssl/buffer.h>
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_EGD
+NON_EMPTY_TRANSLATION_UNIT
+#else
 
-/*-
- * Query the EGD <URL: http://www.lothar.com/tech/crypto/>.
- *
- * This module supplies three routines:
- *
- * RAND_query_egd_bytes(path, buf, bytes)
- *   will actually query "bytes" bytes of entropy form the egd-socket located
- *   at path and will write them to buf (if supplied) or will directly feed
- *   it to RAND_seed() if buf==NULL.
- *   The number of bytes is not limited by the maximum chunk size of EGD,
- *   which is 255 bytes. If more than 255 bytes are wanted, several chunks
- *   of entropy bytes are requested. The connection is left open until the
- *   query is competed.
- *   RAND_query_egd_bytes() returns with
- *     -1  if an error occured during connection or communication.
- *     num the number of bytes read from the EGD socket. This number is either
- *         the number of bytes requested or smaller, if the EGD pool is
- *         drained and the daemon signals that the pool is empty.
- *   This routine does not touch any RAND_status(). This is necessary, since
- *   PRNG functions may call it during initialization.
- *
- * RAND_egd_bytes(path, bytes) will query "bytes" bytes and have them
- *   used to seed the PRNG.
- *   RAND_egd_bytes() is a wrapper for RAND_query_egd_bytes() with buf=NULL.
- *   Unlike RAND_query_egd_bytes(), RAND_status() is used to test the
- *   seed status so that the return value can reflect the seed state:
- *     -1  if an error occured during connection or communication _or_
- *         if the PRNG has still not received the required seeding.
- *     num the number of bytes read from the EGD socket. This number is either
- *         the number of bytes requested or smaller, if the EGD pool is
- *         drained and the daemon signals that the pool is empty.
- *
- * RAND_egd(path) will query 255 bytes and use the bytes retreived to seed
- *   the PRNG.
- *   RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.
+# include <openssl/crypto.h>
+# include <openssl/e_os2.h>
+# include <openssl/rand.h>
+
+/*
+ * Query an EGD
  */
 
-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_BEOS)
+# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_UEFI)
 int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
 {
-    return (-1);
+    return -1;
 }
 
 int RAND_egd(const char *path)
 {
-    return (-1);
+    return -1;
 }
 
 int RAND_egd_bytes(const char *path, int bytes)
 {
-    return (-1);
+    return -1;
 }
-#else
-# include <openssl/opensslconf.h>
-# include OPENSSL_UNISTD
-# include <stddef.h>
-# include <sys/types.h>
-# include <sys/socket.h>
-# ifndef NO_SYS_UN_H
-#  ifdef OPENSSL_SYS_VXWORKS
-#   include <streams/un.h>
-#  else
-#   include <sys/un.h>
-#  endif
+
 # else
+
+#  include OPENSSL_UNISTD
+#  include <stddef.h>
+#  include <sys/types.h>
+#  include <sys/socket.h>
+#  ifndef NO_SYS_UN_H
+#   ifdef OPENSSL_SYS_VXWORKS
+#    include <streams/un.h>
+#   else
+#    include <sys/un.h>
+#   endif
+#  else
 struct sockaddr_un {
     short sun_family;           /* AF_UNIX */
     char sun_path[108];         /* path name (gag) */
 };
-# endif                         /* NO_SYS_UN_H */
-# include <string.h>
-# include <errno.h>
-
-# ifndef offsetof
-#  define offsetof(TYPE, MEMBER) ((size_t) &((TYPE *)0)->MEMBER)
-# endif
+#  endif                         /* NO_SYS_UN_H */
+#  include <string.h>
+#  include <errno.h>
 
 int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
 {
-    int ret = 0;
+    FILE *fp = NULL;
     struct sockaddr_un addr;
-    int len, num, numbytes;
-    int fd = -1;
-    int success;
-    unsigned char egdbuf[2], tempbuf[255], *retrievebuf;
+    int mybuffer, ret = -1, i, numbytes, fd;
+    unsigned char tempbuf[255];
 
+    if (bytes > (int)sizeof(tempbuf))
+        return -1;
+
+    /* Make socket. */
     memset(&addr, 0, sizeof(addr));
     addr.sun_family = AF_UNIX;
     if (strlen(path) >= sizeof(addr.sun_path))
-        return (-1);
-    BUF_strlcpy(addr.sun_path, path, sizeof(addr.sun_path));
-    len = offsetof(struct sockaddr_un, sun_path) + strlen(path);
+        return -1;
+    strcpy(addr.sun_path, path);
+    i = offsetof(struct sockaddr_un, sun_path) + strlen(path);
     fd = socket(AF_UNIX, SOCK_STREAM, 0);
-    if (fd == -1)
-        return (-1);
-    success = 0;
-    while (!success) {
-        if (connect(fd, (struct sockaddr *)&addr, len) == 0)
-            success = 1;
-        else {
-            switch (errno) {
-# ifdef EINTR
-            case EINTR:
-# endif
-# ifdef EAGAIN
-            case EAGAIN:
-# endif
-# ifdef EINPROGRESS
-            case EINPROGRESS:
-# endif
-# ifdef EALREADY
-            case EALREADY:
-# endif
-                /* No error, try again */
-                break;
-# ifdef EISCONN
-            case EISCONN:
-                success = 1;
-                break;
-# endif
-            default:
-                goto err;       /* failure */
-            }
-        }
-    }
+    if (fd == -1 || (fp = fdopen(fd, "r+")) == NULL)
+        return -1;
+    setbuf(fp, NULL);
 
-    while (bytes > 0) {
-        egdbuf[0] = 1;
-        egdbuf[1] = bytes < 255 ? bytes : 255;
-        numbytes = 0;
-        while (numbytes != 2) {
-            num = write(fd, egdbuf + numbytes, 2 - numbytes);
-            if (num >= 0)
-                numbytes += num;
-            else {
-                switch (errno) {
-# ifdef EINTR
-                case EINTR:
-# endif
-# ifdef EAGAIN
-                case EAGAIN:
-# endif
-                    /* No error, try again */
-                    break;
-                default:
-                    ret = -1;
-                    goto err;   /* failure */
-                }
-            }
-        }
-        numbytes = 0;
-        while (numbytes != 1) {
-            num = read(fd, egdbuf, 1);
-            if (num == 0)
-                goto err;       /* descriptor closed */
-            else if (num > 0)
-                numbytes += num;
-            else {
-                switch (errno) {
-# ifdef EINTR
-                case EINTR:
-# endif
-# ifdef EAGAIN
-                case EAGAIN:
-# endif
-                    /* No error, try again */
-                    break;
-                default:
-                    ret = -1;
-                    goto err;   /* failure */
-                }
-            }
-        }
-        if (egdbuf[0] == 0)
+    /* Try to connect */
+    for ( ; ; ) {
+        if (connect(fd, (struct sockaddr *)&addr, i) == 0)
+            break;
+#  ifdef EISCONN
+        if (errno == EISCONN)
+            break;
+#  endif
+        switch (errno) {
+#  ifdef EINTR
+        case EINTR:
+#  endif
+#  ifdef EAGAIN
+        case EAGAIN:
+#  endif
+#  ifdef EINPROGRESS
+        case EINPROGRESS:
+#  endif
+#  ifdef EALREADY
+        case EALREADY:
+#  endif
+            /* No error, try again */
+            break;
+        default:
+            ret = -1;
             goto err;
-        if (buf)
-            retrievebuf = buf + ret;
-        else
-            retrievebuf = tempbuf;
-        numbytes = 0;
-        while (numbytes != egdbuf[0]) {
-            num = read(fd, retrievebuf + numbytes, egdbuf[0] - numbytes);
-            if (num == 0)
-                goto err;       /* descriptor closed */
-            else if (num > 0)
-                numbytes += num;
-            else {
-                switch (errno) {
-# ifdef EINTR
-                case EINTR:
-# endif
-# ifdef EAGAIN
-                case EAGAIN:
-# endif
-                    /* No error, try again */
-                    break;
-                default:
-                    ret = -1;
-                    goto err;   /* failure */
-                }
-            }
         }
-        ret += egdbuf[0];
-        bytes -= egdbuf[0];
-        if (!buf)
-            RAND_seed(tempbuf, egdbuf[0]);
     }
+
+    /* Make request, see how many bytes we can get back. */
+    tempbuf[0] = 1;
+    tempbuf[1] = bytes;
+    if (fwrite(tempbuf, sizeof(char), 2, fp) != 2 || fflush(fp) == EOF)
+        goto err;
+    if (fread(tempbuf, sizeof(char), 1, fp) != 1 || tempbuf[0] == 0)
+        goto err;
+    numbytes = tempbuf[0];
+
+    /* Which buffer are we using? */
+    mybuffer = buf == NULL;
+    if (mybuffer)
+        buf = tempbuf;
+
+    /* Read bytes. */
+    i = fread(buf, sizeof(char), numbytes, fp);
+    if (i < numbytes)
+        goto err;
+    ret = numbytes;
+    if (mybuffer)
+        RAND_add(tempbuf, i, i);
+
  err:
-    if (fd != -1)
-        close(fd);
-    return (ret);
+    if (fp != NULL)
+        fclose(fp);
+    return ret;
 }
 
 int RAND_egd_bytes(const char *path, int bytes)
 {
-    int num, ret = 0;
+    int num;
 
     num = RAND_query_egd_bytes(path, NULL, bytes);
-    if (num < 1)
-        goto err;
-    if (RAND_status() == 1)
-        ret = num;
- err:
-    return (ret);
+    if (num < 0)
+        return -1;
+    if (RAND_status() != 1)
+        return -1;
+    return num;
 }
 
 int RAND_egd(const char *path)
 {
-    return (RAND_egd_bytes(path, 255));
+    return RAND_egd_bytes(path, 255);
 }
 
+# endif
+
 #endif
diff --git a/freebsd/crypto/openssl/crypto/rand/rand_err.c b/freebsd/crypto/openssl/crypto/rand/rand_err.c
index ca57c7c0..9fe58350 100644
--- a/freebsd/crypto/openssl/crypto/rand/rand_err.c
+++ b/freebsd/crypto/openssl/crypto/rand/rand_err.c
@@ -1,102 +1,136 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/rand/rand_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
 /*
- * NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
-#include <openssl/rand.h>
+#include <openssl/randerr.h>
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_RAND,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_RAND,0,reason)
-
-static ERR_STRING_DATA RAND_str_functs[] = {
-    {ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"},
-    {ERR_FUNC(RAND_F_RAND_INIT_FIPS), "RAND_init_fips"},
-    {ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"},
+static const ERR_STRING_DATA RAND_str_functs[] = {
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_DRBG_BYTES, 0), "drbg_bytes"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_DRBG_GET_ENTROPY, 0), "drbg_get_entropy"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_DRBG_SETUP, 0), "drbg_setup"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_GET_ENTROPY, 0), "get_entropy"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_BYTES, 0), "RAND_bytes"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_ENABLE_LOCKING, 0),
+     "rand_drbg_enable_locking"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_GENERATE, 0),
+     "RAND_DRBG_generate"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_GET_ENTROPY, 0),
+     "rand_drbg_get_entropy"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_GET_NONCE, 0),
+     "rand_drbg_get_nonce"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_INSTANTIATE, 0),
+     "RAND_DRBG_instantiate"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_NEW, 0), "RAND_DRBG_new"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_RESEED, 0), "RAND_DRBG_reseed"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_RESTART, 0), "rand_drbg_restart"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_SET, 0), "RAND_DRBG_set"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_SET_DEFAULTS, 0),
+     "RAND_DRBG_set_defaults"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_UNINSTANTIATE, 0),
+     "RAND_DRBG_uninstantiate"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_LOAD_FILE, 0), "RAND_load_file"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ACQUIRE_ENTROPY, 0),
+     "rand_pool_acquire_entropy"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD, 0), "rand_pool_add"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD_BEGIN, 0),
+     "rand_pool_add_begin"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD_END, 0), "rand_pool_add_end"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_BYTES_NEEDED, 0),
+     "rand_pool_bytes_needed"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_NEW, 0), "rand_pool_new"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_WRITE_FILE, 0), "RAND_write_file"},
     {0, NULL}
 };
 
-static ERR_STRING_DATA RAND_str_reasons[] = {
-    {ERR_REASON(RAND_R_DUAL_EC_DRBG_DISABLED), "dual ec drbg disabled"},
-    {ERR_REASON(RAND_R_ERROR_INITIALISING_DRBG), "error initialising drbg"},
-    {ERR_REASON(RAND_R_ERROR_INSTANTIATING_DRBG), "error instantiating drbg"},
-    {ERR_REASON(RAND_R_NO_FIPS_RANDOM_METHOD_SET),
-     "no fips random method set"},
-    {ERR_REASON(RAND_R_PRNG_NOT_SEEDED), "PRNG not seeded"},
+static const ERR_STRING_DATA RAND_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ADDITIONAL_INPUT_TOO_LONG),
+    "additional input too long"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ALREADY_INSTANTIATED),
+    "already instantiated"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ARGUMENT_OUT_OF_RANGE),
+    "argument out of range"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_CANNOT_OPEN_FILE), "Cannot open file"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_DRBG_ALREADY_INITIALIZED),
+    "drbg already initialized"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_DRBG_NOT_INITIALISED),
+    "drbg not initialised"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ENTROPY_INPUT_TOO_LONG),
+    "entropy input too long"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ENTROPY_OUT_OF_RANGE),
+    "entropy out of range"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_ENTROPY_POOL_WAS_IGNORED),
+    "error entropy pool was ignored"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_INITIALISING_DRBG),
+    "error initialising drbg"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_INSTANTIATING_DRBG),
+    "error instantiating drbg"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_RETRIEVING_ADDITIONAL_INPUT),
+    "error retrieving additional input"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_RETRIEVING_ENTROPY),
+    "error retrieving entropy"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_RETRIEVING_NONCE),
+    "error retrieving nonce"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_FAILED_TO_CREATE_LOCK),
+    "failed to create lock"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_FUNC_NOT_IMPLEMENTED),
+    "Function not implemented"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_FWRITE_ERROR), "Error writing file"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_GENERATE_ERROR), "generate error"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_INTERNAL_ERROR), "internal error"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_IN_ERROR_STATE), "in error state"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_NOT_A_REGULAR_FILE),
+    "Not a regular file"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_NOT_INSTANTIATED), "not instantiated"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_NO_DRBG_IMPLEMENTATION_SELECTED),
+    "no drbg implementation selected"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PARENT_LOCKING_NOT_ENABLED),
+    "parent locking not enabled"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PARENT_STRENGTH_TOO_WEAK),
+    "parent strength too weak"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PERSONALISATION_STRING_TOO_LONG),
+    "personalisation string too long"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PREDICTION_RESISTANCE_NOT_SUPPORTED),
+    "prediction resistance not supported"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PRNG_NOT_SEEDED), "PRNG not seeded"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_RANDOM_POOL_OVERFLOW),
+    "random pool overflow"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_RANDOM_POOL_UNDERFLOW),
+    "random pool underflow"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_REQUEST_TOO_LARGE_FOR_DRBG),
+    "request too large for drbg"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_RESEED_ERROR), "reseed error"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_SELFTEST_FAILURE), "selftest failure"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_TOO_LITTLE_NONCE_REQUESTED),
+    "too little nonce requested"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_TOO_MUCH_NONCE_REQUESTED),
+    "too much nonce requested"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_UNSUPPORTED_DRBG_FLAGS),
+    "unsupported drbg flags"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_UNSUPPORTED_DRBG_TYPE),
+    "unsupported drbg type"},
     {0, NULL}
 };
 
 #endif
 
-void ERR_load_RAND_strings(void)
+int ERR_load_RAND_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
-
     if (ERR_func_error_string(RAND_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, RAND_str_functs);
-        ERR_load_strings(0, RAND_str_reasons);
+        ERR_load_strings_const(RAND_str_functs);
+        ERR_load_strings_const(RAND_str_reasons);
     }
 #endif
+    return 1;
 }
diff --git a/freebsd/crypto/openssl/crypto/rand/rand_lcl.h b/freebsd/crypto/openssl/crypto/rand/rand_lcl.h
index f9fda3eb..94ffc96f 100644
--- a/freebsd/crypto/openssl/crypto/rand/rand_lcl.h
+++ b/freebsd/crypto/openssl/crypto/rand/rand_lcl.h
@@ -1,158 +1,258 @@
-/* crypto/rand/rand_lcl.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+
+#ifndef HEADER_RAND_LCL_H
+# define HEADER_RAND_LCL_H
+
+# include <openssl/aes.h>
+# include <openssl/evp.h>
+# include <openssl/sha.h>
+# include <openssl/hmac.h>
+# include <openssl/ec.h>
+# include <openssl/rand_drbg.h>
+
+/* How many times to read the TSC as a randomness source. */
+# define TSC_READ_COUNT                 4
+
+/* Maximum reseed intervals */
+# define MAX_RESEED_INTERVAL                     (1 << 24)
+# define MAX_RESEED_TIME_INTERVAL                (1 << 20) /* approx. 12 days */
+
+/* Default reseed intervals */
+# define MASTER_RESEED_INTERVAL                  (1 << 8)
+# define SLAVE_RESEED_INTERVAL                   (1 << 16)
+# define MASTER_RESEED_TIME_INTERVAL             (60*60)   /* 1 hour */
+# define SLAVE_RESEED_TIME_INTERVAL              (7*60)    /* 7 minutes */
+
+
+
+/* Max size of additional input and personalization string. */
+# define DRBG_MAX_LENGTH                4096
+
+/*
+ * The quotient between max_{entropy,nonce}len and min_{entropy,nonce}len
  *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * The current factor is large enough that the RAND_POOL can store a
+ * random input which has a lousy entropy rate of 0.0625 bits per byte.
+ * This input will be sent through the derivation function which 'compresses'
+ * the low quality input into a high quality output.
+ */
+# define DRBG_MINMAX_FACTOR              128
+
+
+/* DRBG status values */
+typedef enum drbg_status_e {
+    DRBG_UNINITIALISED,
+    DRBG_READY,
+    DRBG_ERROR
+} DRBG_STATUS;
+
+
+/* intantiate */
+typedef int (*RAND_DRBG_instantiate_fn)(RAND_DRBG *ctx,
+                                        const unsigned char *ent,
+                                        size_t entlen,
+                                        const unsigned char *nonce,
+                                        size_t noncelen,
+                                        const unsigned char *pers,
+                                        size_t perslen);
+/* reseed */
+typedef int (*RAND_DRBG_reseed_fn)(RAND_DRBG *ctx,
+                                   const unsigned char *ent,
+                                   size_t entlen,
+                                   const unsigned char *adin,
+                                   size_t adinlen);
+/* generat output */
+typedef int (*RAND_DRBG_generate_fn)(RAND_DRBG *ctx,
+                                     unsigned char *out,
+                                     size_t outlen,
+                                     const unsigned char *adin,
+                                     size_t adinlen);
+/* uninstantiate */
+typedef int (*RAND_DRBG_uninstantiate_fn)(RAND_DRBG *ctx);
+
+
+/*
+ * The DRBG methods
+ */
+
+typedef struct rand_drbg_method_st {
+    RAND_DRBG_instantiate_fn instantiate;
+    RAND_DRBG_reseed_fn reseed;
+    RAND_DRBG_generate_fn generate;
+    RAND_DRBG_uninstantiate_fn uninstantiate;
+} RAND_DRBG_METHOD;
+
+
+/*
+ * The state of a DRBG AES-CTR.
+ */
+typedef struct rand_drbg_ctr_st {
+    EVP_CIPHER_CTX *ctx;
+    EVP_CIPHER_CTX *ctx_df;
+    const EVP_CIPHER *cipher;
+    size_t keylen;
+    unsigned char K[32];
+    unsigned char V[16];
+    /* Temporary block storage used by ctr_df */
+    unsigned char bltmp[16];
+    size_t bltmp_pos;
+    unsigned char KX[48];
+} RAND_DRBG_CTR;
+
+
+/*
+ * The 'random pool' acts as a dumb container for collecting random
+ * input from various entropy sources. The pool has no knowledge about
+ * whether its randomness is fed into a legacy RAND_METHOD via RAND_add()
+ * or into a new style RAND_DRBG. It is the callers duty to 1) initialize the
+ * random pool, 2) pass it to the polling callbacks, 3) seed the RNG, and
+ * 4) cleanup the random pool again.
  *
+ * The random pool contains no locking mechanism because its scope and
+ * lifetime is intended to be restricted to a single stack frame.
  */
+struct rand_pool_st {
+    unsigned char *buffer;  /* points to the beginning of the random pool */
+    size_t len; /* current number of random bytes contained in the pool */
 
-#ifndef HEADER_RAND_LCL_H
-# define HEADER_RAND_LCL_H
+    size_t min_len; /* minimum number of random bytes requested */
+    size_t max_len; /* maximum number of random bytes (allocated buffer size) */
+    size_t entropy; /* current entropy count in bits */
+    size_t requested_entropy; /* requested entropy count in bits */
+};
 
-# define ENTROPY_NEEDED 32      /* require 256 bits = 32 bytes of randomness */
-
-# if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
-#  if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
-#   define USE_SHA1_RAND
-#  elif !defined(OPENSSL_NO_MD5)
-#   define USE_MD5_RAND
-#  elif !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES)
-#   define USE_MDC2_RAND
-#  elif !defined(OPENSSL_NO_MD2)
-#   define USE_MD2_RAND
-#  else
-#   error No message digest algorithm available
-#  endif
-# endif
+/*
+ * The state of all types of DRBGs, even though we only have CTR mode
+ * right now.
+ */
+struct rand_drbg_st {
+    CRYPTO_RWLOCK *lock;
+    RAND_DRBG *parent;
+    int secure; /* 1: allocated on the secure heap, 0: otherwise */
+    int type; /* the nid of the underlying algorithm */
+    /*
+     * Stores the value of the rand_fork_count global as of when we last
+     * reseeded.  The DRG reseeds automatically whenever drbg->fork_count !=
+     * rand_fork_count.  Used to provide fork-safety and reseed this DRBG in
+     * the child process.
+     */
+    int fork_count;
+    unsigned short flags; /* various external flags */
 
-# include <openssl/evp.h>
-# define MD_Update(a,b,c)        EVP_DigestUpdate(a,b,c)
-# define MD_Final(a,b)           EVP_DigestFinal_ex(a,b,NULL)
-# if defined(USE_MD5_RAND)
-#  include <openssl/md5.h>
-#  define MD_DIGEST_LENGTH        MD5_DIGEST_LENGTH
-#  define MD_Init(a)              EVP_DigestInit_ex(a,EVP_md5(), NULL)
-#  define MD(a,b,c)               EVP_Digest(a,b,c,NULL,EVP_md5(), NULL)
-# elif defined(USE_SHA1_RAND)
-#  include <openssl/sha.h>
-#  define MD_DIGEST_LENGTH        SHA_DIGEST_LENGTH
-#  define MD_Init(a)              EVP_DigestInit_ex(a,EVP_sha1(), NULL)
-#  define MD(a,b,c)               EVP_Digest(a,b,c,NULL,EVP_sha1(), NULL)
-# elif defined(USE_MDC2_RAND)
-#  include <openssl/mdc2.h>
-#  define MD_DIGEST_LENGTH        MDC2_DIGEST_LENGTH
-#  define MD_Init(a)              EVP_DigestInit_ex(a,EVP_mdc2(), NULL)
-#  define MD(a,b,c)               EVP_Digest(a,b,c,NULL,EVP_mdc2(), NULL)
-# elif defined(USE_MD2_RAND)
-#  include <openssl/md2.h>
-#  define MD_DIGEST_LENGTH        MD2_DIGEST_LENGTH
-#  define MD_Init(a)              EVP_DigestInit_ex(a,EVP_md2(), NULL)
-#  define MD(a,b,c)               EVP_Digest(a,b,c,NULL,EVP_md2(), NULL)
-# endif
-
-int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock);
+    /*
+     * The random pool is used by RAND_add()/drbg_add() to attach random
+     * data to the global drbg, such that the rand_drbg_get_entropy() callback
+     * can pull it during instantiation and reseeding. This is necessary to
+     * reconcile the different philosophies of the RAND and the RAND_DRBG
+     * with respect to how randomness is added to the RNG during reseeding
+     * (see PR #4328).
+     */
+    struct rand_pool_st *pool;
+
+    /*
+     * The following parameters are setup by the per-type "init" function.
+     *
+     * Currently the only type is CTR_DRBG, its init function is drbg_ctr_init().
+     *
+     * The parameters are closely related to the ones described in
+     * section '10.2.1 CTR_DRBG' of [NIST SP 800-90Ar1], with one
+     * crucial difference: In the NIST standard, all counts are given
+     * in bits, whereas in OpenSSL entropy counts are given in bits
+     * and buffer lengths are given in bytes.
+     *
+     * Since this difference has lead to some confusion in the past,
+     * (see [GitHub Issue #2443], formerly [rt.openssl.org #4055])
+     * the 'len' suffix has been added to all buffer sizes for
+     * clarification.
+     */
+
+    int strength;
+    size_t max_request;
+    size_t min_entropylen, max_entropylen;
+    size_t min_noncelen, max_noncelen;
+    size_t max_perslen, max_adinlen;
+
+    /* Counts the number of generate requests since the last reseed. */
+    unsigned int generate_counter;
+    /*
+     * Maximum number of generate requests until a reseed is required.
+     * This value is ignored if it is zero.
+     */
+    unsigned int reseed_interval;
+    /* Stores the time when the last reseeding occurred */
+    time_t reseed_time;
+    /*
+     * Specifies the maximum time interval (in seconds) between reseeds.
+     * This value is ignored if it is zero.
+     */
+    time_t reseed_time_interval;
+    /*
+     * Counts the number of reseeds since instantiation.
+     * This value is ignored if it is zero.
+     *
+     * This counter is used only for seed propagation from the <master> DRBG
+     * to its two children, the <public> and <private> DRBG. This feature is
+     * very special and its sole purpose is to ensure that any randomness which
+     * is added by RAND_add() or RAND_seed() will have an immediate effect on
+     * the output of RAND_bytes() resp. RAND_priv_bytes().
+     */
+    unsigned int reseed_counter;
+
+    size_t seedlen;
+    DRBG_STATUS state;
+
+    /* Application data, mainly used in the KATs. */
+    CRYPTO_EX_DATA ex_data;
+
+    /* Implementation specific data (currently only one implementation) */
+    union {
+        RAND_DRBG_CTR ctr;
+    } data;
+
+    /* Implementation specific methods */
+    RAND_DRBG_METHOD *meth;
+
+    /* Callback functions.  See comments in rand_lib.c */
+    RAND_DRBG_get_entropy_fn get_entropy;
+    RAND_DRBG_cleanup_entropy_fn cleanup_entropy;
+    RAND_DRBG_get_nonce_fn get_nonce;
+    RAND_DRBG_cleanup_nonce_fn cleanup_nonce;
+};
+
+/* The global RAND method, and the global buffer and DRBG instance. */
+extern RAND_METHOD rand_meth;
+
+/*
+ * A "generation count" of forks.  Incremented in the child process after a
+ * fork.  Since rand_fork_count is increment-only, and only ever written to in
+ * the child process of the fork, which is guaranteed to be single-threaded, no
+ * locking is needed for normal (read) accesses; the rest of pthread fork
+ * processing is assumed to introduce the necessary memory barriers.  Sibling
+ * children of a given parent will produce duplicate values, but this is not
+ * problematic because the reseeding process pulls input from the system CSPRNG
+ * and/or other global sources, so the siblings will end up generating
+ * different output streams.
+ */
+extern int rand_fork_count;
+
+/* DRBG helpers */
+int rand_drbg_restart(RAND_DRBG *drbg,
+                      const unsigned char *buffer, size_t len, size_t entropy);
+
+/* locking api */
+int rand_drbg_lock(RAND_DRBG *drbg);
+int rand_drbg_unlock(RAND_DRBG *drbg);
+int rand_drbg_enable_locking(RAND_DRBG *drbg);
+
+
+/* initializes the AES-CTR DRBG implementation */
+int drbg_ctr_init(RAND_DRBG *drbg);
 
 #endif
diff --git a/freebsd/crypto/openssl/crypto/rand/rand_lib.c b/freebsd/crypto/openssl/crypto/rand/rand_lib.c
index 3a6dc2f2..aeef669f 100644
--- a/freebsd/crypto/openssl/crypto/rand/rand_lib.c
+++ b/freebsd/crypto/openssl/crypto/rand/rand_lib.c
@@ -1,302 +1,801 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/rand/rand_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <time.h>
-#include "cryptlib.h"
-#include <openssl/rand.h>
+#include "internal/cryptlib.h"
+#include <openssl/opensslconf.h>
+#include "internal/rand_int.h"
+#include <openssl/engine.h>
+#include "internal/thread_once.h"
+#include "rand_lcl.h"
+#include "e_os.h"
 
 #ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
+/* non-NULL if default_RAND_meth is ENGINE-provided */
+static ENGINE *funct_ref;
+static CRYPTO_RWLOCK *rand_engine_lock;
 #endif
+static CRYPTO_RWLOCK *rand_meth_lock;
+static const RAND_METHOD *default_RAND_meth;
+static CRYPTO_ONCE rand_init = CRYPTO_ONCE_STATIC_INIT;
 
-#ifdef OPENSSL_FIPS
-# include <openssl/fips.h>
-# include <openssl/fips_rand.h>
-# include "rand_lcl.h"
-#endif
+int rand_fork_count;
 
-#ifndef OPENSSL_NO_ENGINE
-/* non-NULL if default_RAND_meth is ENGINE-provided */
-static ENGINE *funct_ref = NULL;
-#endif
-static const RAND_METHOD *default_RAND_meth = NULL;
+static CRYPTO_RWLOCK *rand_nonce_lock;
+static int rand_nonce_count;
 
-int RAND_set_rand_method(const RAND_METHOD *meth)
+static int rand_cleaning_up = 0;
+
+#ifdef OPENSSL_RAND_SEED_RDTSC
+/*
+ * IMPORTANT NOTE:  It is not currently possible to use this code
+ * because we are not sure about the amount of randomness it provides.
+ * Some SP900 tests have been run, but there is internal skepticism.
+ * So for now this code is not used.
+ */
+# error "RDTSC enabled?  Should not be possible!"
+
+/*
+ * Acquire entropy from high-speed clock
+ *
+ * Since we get some randomness from the low-order bits of the
+ * high-speed clock, it can help.
+ *
+ * Returns the total entropy count, if it exceeds the requested
+ * entropy count. Otherwise, returns an entropy count of 0.
+ */
+size_t rand_acquire_entropy_from_tsc(RAND_POOL *pool)
 {
-#ifndef OPENSSL_NO_ENGINE
-    if (funct_ref) {
-        ENGINE_finish(funct_ref);
-        funct_ref = NULL;
+    unsigned char c;
+    int i;
+
+    if ((OPENSSL_ia32cap_P[0] & (1 << 4)) != 0) {
+        for (i = 0; i < TSC_READ_COUNT; i++) {
+            c = (unsigned char)(OPENSSL_rdtsc() & 0xFF);
+            rand_pool_add(pool, &c, 1, 4);
+        }
     }
-#endif
-    default_RAND_meth = meth;
-    return 1;
+    return rand_pool_entropy_available(pool);
 }
+#endif
 
-const RAND_METHOD *RAND_get_rand_method(void)
+#ifdef OPENSSL_RAND_SEED_RDCPU
+size_t OPENSSL_ia32_rdseed_bytes(unsigned char *buf, size_t len);
+size_t OPENSSL_ia32_rdrand_bytes(unsigned char *buf, size_t len);
+
+extern unsigned int OPENSSL_ia32cap_P[];
+
+/*
+ * Acquire entropy using Intel-specific cpu instructions
+ *
+ * Uses the RDSEED instruction if available, otherwise uses
+ * RDRAND if available.
+ *
+ * For the differences between RDSEED and RDRAND, and why RDSEED
+ * is the preferred choice, see https://goo.gl/oK3KcN
+ *
+ * Returns the total entropy count, if it exceeds the requested
+ * entropy count. Otherwise, returns an entropy count of 0.
+ */
+size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool)
 {
-    if (!default_RAND_meth) {
-#ifndef OPENSSL_NO_ENGINE
-        ENGINE *e = ENGINE_get_default_RAND();
-        if (e) {
-            default_RAND_meth = ENGINE_get_RAND(e);
-            if (!default_RAND_meth) {
-                ENGINE_finish(e);
-                e = NULL;
+    size_t bytes_needed;
+    unsigned char *buffer;
+
+    bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
+    if (bytes_needed > 0) {
+        buffer = rand_pool_add_begin(pool, bytes_needed);
+
+        if (buffer != NULL) {
+            /* Whichever comes first, use RDSEED, RDRAND or nothing */
+            if ((OPENSSL_ia32cap_P[2] & (1 << 18)) != 0) {
+                if (OPENSSL_ia32_rdseed_bytes(buffer, bytes_needed)
+                    == bytes_needed) {
+                    rand_pool_add_end(pool, bytes_needed, 8 * bytes_needed);
+                }
+            } else if ((OPENSSL_ia32cap_P[1] & (1 << (62 - 32))) != 0) {
+                if (OPENSSL_ia32_rdrand_bytes(buffer, bytes_needed)
+                    == bytes_needed) {
+                    rand_pool_add_end(pool, bytes_needed, 8 * bytes_needed);
+                }
+            } else {
+                rand_pool_add_end(pool, 0, 0);
             }
         }
-        if (e)
-            funct_ref = e;
-        else
-#endif
-            default_RAND_meth = RAND_SSLeay();
     }
-    return default_RAND_meth;
+
+    return rand_pool_entropy_available(pool);
 }
+#endif
 
-#ifndef OPENSSL_NO_ENGINE
-int RAND_set_rand_engine(ENGINE *engine)
+
+/*
+ * Implements the get_entropy() callback (see RAND_DRBG_set_callbacks())
+ *
+ * If the DRBG has a parent, then the required amount of entropy input
+ * is fetched using the parent's RAND_DRBG_generate().
+ *
+ * Otherwise, the entropy is polled from the system entropy sources
+ * using rand_pool_acquire_entropy().
+ *
+ * If a random pool has been added to the DRBG using RAND_add(), then
+ * its entropy will be used up first.
+ */
+size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
+                             unsigned char **pout,
+                             int entropy, size_t min_len, size_t max_len,
+                             int prediction_resistance)
 {
-    const RAND_METHOD *tmp_meth = NULL;
-    if (engine) {
-        if (!ENGINE_init(engine))
-            return 0;
-        tmp_meth = ENGINE_get_RAND(engine);
-        if (!tmp_meth) {
-            ENGINE_finish(engine);
-            return 0;
+    size_t ret = 0;
+    size_t entropy_available = 0;
+    RAND_POOL *pool;
+
+    if (drbg->parent && drbg->strength > drbg->parent->strength) {
+        /*
+         * We currently don't support the algorithm from NIST SP 800-90C
+         * 10.1.2 to use a weaker DRBG as source
+         */
+        RANDerr(RAND_F_RAND_DRBG_GET_ENTROPY, RAND_R_PARENT_STRENGTH_TOO_WEAK);
+        return 0;
+    }
+
+    pool = rand_pool_new(entropy, min_len, max_len);
+    if (pool == NULL)
+        return 0;
+
+    if (drbg->pool) {
+        rand_pool_add(pool,
+                      rand_pool_buffer(drbg->pool),
+                      rand_pool_length(drbg->pool),
+                      rand_pool_entropy(drbg->pool));
+        rand_pool_free(drbg->pool);
+        drbg->pool = NULL;
+    }
+
+    if (drbg->parent) {
+        size_t bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
+        unsigned char *buffer = rand_pool_add_begin(pool, bytes_needed);
+
+        if (buffer != NULL) {
+            size_t bytes = 0;
+
+            /*
+             * Get random from parent, include our state as additional input.
+             * Our lock is already held, but we need to lock our parent before
+             * generating bits from it. (Note: taking the lock will be a no-op
+             * if locking if drbg->parent->lock == NULL.)
+             */
+            rand_drbg_lock(drbg->parent);
+            if (RAND_DRBG_generate(drbg->parent,
+                                   buffer, bytes_needed,
+                                   prediction_resistance,
+                                   NULL, 0) != 0)
+                bytes = bytes_needed;
+            rand_drbg_unlock(drbg->parent);
+
+            rand_pool_add_end(pool, bytes, 8 * bytes);
+            entropy_available = rand_pool_entropy_available(pool);
         }
+
+    } else {
+        if (prediction_resistance) {
+            /*
+             * We don't have any entropy sources that comply with the NIST
+             * standard to provide prediction resistance (see NIST SP 800-90C,
+             * Section 5.4).
+             */
+            RANDerr(RAND_F_RAND_DRBG_GET_ENTROPY,
+                    RAND_R_PREDICTION_RESISTANCE_NOT_SUPPORTED);
+            goto err;
+        }
+
+        /* Get entropy by polling system entropy sources. */
+        entropy_available = rand_pool_acquire_entropy(pool);
     }
-    /* This function releases any prior ENGINE so call it first */
-    RAND_set_rand_method(tmp_meth);
-    funct_ref = engine;
-    return 1;
+
+    if (entropy_available > 0) {
+        ret   = rand_pool_length(pool);
+        *pout = rand_pool_detach(pool);
+    }
+
+ err:
+    rand_pool_free(pool);
+    return ret;
+}
+
+/*
+ * Implements the cleanup_entropy() callback (see RAND_DRBG_set_callbacks())
+ *
+ */
+void rand_drbg_cleanup_entropy(RAND_DRBG *drbg,
+                               unsigned char *out, size_t outlen)
+{
+    OPENSSL_secure_clear_free(out, outlen);
+}
+
+
+/*
+ * Implements the get_nonce() callback (see RAND_DRBG_set_callbacks())
+ *
+ */
+size_t rand_drbg_get_nonce(RAND_DRBG *drbg,
+                           unsigned char **pout,
+                           int entropy, size_t min_len, size_t max_len)
+{
+    size_t ret = 0;
+    RAND_POOL *pool;
+
+    struct {
+        void * instance;
+        int count;
+    } data = { 0 };
+
+    pool = rand_pool_new(0, min_len, max_len);
+    if (pool == NULL)
+        return 0;
+
+    if (rand_pool_add_nonce_data(pool) == 0)
+        goto err;
+
+    data.instance = drbg;
+    CRYPTO_atomic_add(&rand_nonce_count, 1, &data.count, rand_nonce_lock);
+
+    if (rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0) == 0)
+        goto err;
+
+    ret   = rand_pool_length(pool);
+    *pout = rand_pool_detach(pool);
+
+ err:
+    rand_pool_free(pool);
+
+    return ret;
+}
+
+/*
+ * Implements the cleanup_nonce() callback (see RAND_DRBG_set_callbacks())
+ *
+ */
+void rand_drbg_cleanup_nonce(RAND_DRBG *drbg,
+                             unsigned char *out, size_t outlen)
+{
+    OPENSSL_secure_clear_free(out, outlen);
 }
+
+/*
+ * Generate additional data that can be used for the drbg. The data does
+ * not need to contain entropy, but it's useful if it contains at least
+ * some bits that are unpredictable.
+ *
+ * Returns 0 on failure.
+ *
+ * On success it allocates a buffer at |*pout| and returns the length of
+ * the data. The buffer should get freed using OPENSSL_secure_clear_free().
+ */
+size_t rand_drbg_get_additional_data(unsigned char **pout, size_t max_len)
+{
+    size_t ret = 0;
+    RAND_POOL *pool;
+
+    pool = rand_pool_new(0, 0, max_len);
+    if (pool == NULL)
+        return 0;
+
+    if (rand_pool_add_additional_data(pool) == 0)
+        goto err;
+
+    ret = rand_pool_length(pool);
+    *pout = rand_pool_detach(pool);
+
+ err:
+    rand_pool_free(pool);
+
+    return ret;
+}
+
+void rand_drbg_cleanup_additional_data(unsigned char *out, size_t outlen)
+{
+    OPENSSL_secure_clear_free(out, outlen);
+}
+
+void rand_fork(void)
+{
+    rand_fork_count++;
+}
+
+DEFINE_RUN_ONCE_STATIC(do_rand_init)
+{
+#ifndef OPENSSL_NO_ENGINE
+    rand_engine_lock = CRYPTO_THREAD_lock_new();
+    if (rand_engine_lock == NULL)
+        return 0;
 #endif
 
-void RAND_cleanup(void)
+    rand_meth_lock = CRYPTO_THREAD_lock_new();
+    if (rand_meth_lock == NULL)
+        goto err1;
+
+    rand_nonce_lock = CRYPTO_THREAD_lock_new();
+    if (rand_nonce_lock == NULL)
+        goto err2;
+
+    if (!rand_cleaning_up && !rand_pool_init())
+        goto err3;
+
+    return 1;
+
+err3:
+    rand_pool_cleanup();
+err2:
+    CRYPTO_THREAD_lock_free(rand_meth_lock);
+    rand_meth_lock = NULL;
+err1:
+#ifndef OPENSSL_NO_ENGINE
+    CRYPTO_THREAD_lock_free(rand_engine_lock);
+    rand_engine_lock = NULL;
+#endif
+    return 0;
+}
+
+void rand_cleanup_int(void)
 {
-    const RAND_METHOD *meth = RAND_get_rand_method();
-    if (meth && meth->cleanup)
+    const RAND_METHOD *meth = default_RAND_meth;
+
+    rand_cleaning_up = 1;
+
+    if (meth != NULL && meth->cleanup != NULL)
         meth->cleanup();
     RAND_set_rand_method(NULL);
+    rand_pool_cleanup();
+#ifndef OPENSSL_NO_ENGINE
+    CRYPTO_THREAD_lock_free(rand_engine_lock);
+    rand_engine_lock = NULL;
+#endif
+    CRYPTO_THREAD_lock_free(rand_meth_lock);
+    rand_meth_lock = NULL;
+    CRYPTO_THREAD_lock_free(rand_nonce_lock);
+    rand_nonce_lock = NULL;
 }
 
-void RAND_seed(const void *buf, int num)
+/*
+ * RAND_close_seed_files() ensures that any seed file decriptors are
+ * closed after use.
+ */
+void RAND_keep_random_devices_open(int keep)
 {
-    const RAND_METHOD *meth = RAND_get_rand_method();
-    if (meth && meth->seed)
-        meth->seed(buf, num);
+    rand_pool_keep_random_devices_open(keep);
 }
 
-void RAND_add(const void *buf, int num, double entropy)
+/*
+ * RAND_poll() reseeds the default RNG using random input
+ *
+ * The random input is obtained from polling various entropy
+ * sources which depend on the operating system and are
+ * configurable via the --with-rand-seed configure option.
+ */
+int RAND_poll(void)
 {
+    int ret = 0;
+
+    RAND_POOL *pool = NULL;
+
     const RAND_METHOD *meth = RAND_get_rand_method();
-    if (meth && meth->add)
-        meth->add(buf, num, entropy);
+
+    if (meth == RAND_OpenSSL()) {
+        /* fill random pool and seed the master DRBG */
+        RAND_DRBG *drbg = RAND_DRBG_get0_master();
+
+        if (drbg == NULL)
+            return 0;
+
+        rand_drbg_lock(drbg);
+        ret = rand_drbg_restart(drbg, NULL, 0, 0);
+        rand_drbg_unlock(drbg);
+
+        return ret;
+
+    } else {
+        /* fill random pool and seed the current legacy RNG */
+        pool = rand_pool_new(RAND_DRBG_STRENGTH,
+                             RAND_DRBG_STRENGTH / 8,
+                             DRBG_MINMAX_FACTOR * (RAND_DRBG_STRENGTH / 8));
+        if (pool == NULL)
+            return 0;
+
+        if (rand_pool_acquire_entropy(pool) == 0)
+            goto err;
+
+        if (meth->add == NULL
+            || meth->add(rand_pool_buffer(pool),
+                         rand_pool_length(pool),
+                         (rand_pool_entropy(pool) / 8.0)) == 0)
+            goto err;
+
+        ret = 1;
+    }
+
+err:
+    rand_pool_free(pool);
+    return ret;
 }
 
-int RAND_bytes(unsigned char *buf, int num)
+/*
+ * Allocate memory and initialize a new random pool
+ */
+
+RAND_POOL *rand_pool_new(int entropy, size_t min_len, size_t max_len)
 {
-    const RAND_METHOD *meth = RAND_get_rand_method();
-    if (meth && meth->bytes)
-        return meth->bytes(buf, num);
-    return (-1);
+    RAND_POOL *pool = OPENSSL_zalloc(sizeof(*pool));
+
+    if (pool == NULL) {
+        RANDerr(RAND_F_RAND_POOL_NEW, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    pool->min_len = min_len;
+    pool->max_len = max_len;
+
+    pool->buffer = OPENSSL_secure_zalloc(pool->max_len);
+    if (pool->buffer == NULL) {
+        RANDerr(RAND_F_RAND_POOL_NEW, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    pool->requested_entropy = entropy;
+
+    return pool;
+
+err:
+    OPENSSL_free(pool);
+    return NULL;
 }
 
-int RAND_pseudo_bytes(unsigned char *buf, int num)
+/*
+ * Free |pool|, securely erasing its buffer.
+ */
+void rand_pool_free(RAND_POOL *pool)
 {
-    const RAND_METHOD *meth = RAND_get_rand_method();
-    if (meth && meth->pseudorand)
-        return meth->pseudorand(buf, num);
-    return (-1);
+    if (pool == NULL)
+        return;
+
+    OPENSSL_secure_clear_free(pool->buffer, pool->max_len);
+    OPENSSL_free(pool);
 }
 
-int RAND_status(void)
+/*
+ * Return the |pool|'s buffer to the caller (readonly).
+ */
+const unsigned char *rand_pool_buffer(RAND_POOL *pool)
 {
-    const RAND_METHOD *meth = RAND_get_rand_method();
-    if (meth && meth->status)
-        return meth->status();
-    return 0;
+    return pool->buffer;
+}
+
+/*
+ * Return the |pool|'s entropy to the caller.
+ */
+size_t rand_pool_entropy(RAND_POOL *pool)
+{
+    return pool->entropy;
 }
 
-#ifdef OPENSSL_FIPS
+/*
+ * Return the |pool|'s buffer length to the caller.
+ */
+size_t rand_pool_length(RAND_POOL *pool)
+{
+    return pool->len;
+}
 
 /*
- * FIPS DRBG initialisation code. This sets up the DRBG for use by the rest
- * of OpenSSL.
+ * Detach the |pool| buffer and return it to the caller.
+ * It's the responsibility of the caller to free the buffer
+ * using OPENSSL_secure_clear_free().
  */
+unsigned char *rand_pool_detach(RAND_POOL *pool)
+{
+    unsigned char *ret = pool->buffer;
+    pool->buffer = NULL;
+    return ret;
+}
+
 
 /*
- * Entropy gatherer: use standard OpenSSL PRNG to seed (this will gather
- * entropy internally through RAND_poll().
+ * If |entropy_factor| bits contain 1 bit of entropy, how many bytes does one
+ * need to obtain at least |bits| bits of entropy?
  */
+#define ENTROPY_TO_BYTES(bits, entropy_factor) \
+    (((bits) * (entropy_factor) + 7) / 8)
+
 
-static size_t drbg_get_entropy(DRBG_CTX *ctx, unsigned char **pout,
-                               int entropy, size_t min_len, size_t max_len)
+/*
+ * Checks whether the |pool|'s entropy is available to the caller.
+ * This is the case when entropy count and buffer length are high enough.
+ * Returns
+ *
+ *  |entropy|  if the entropy count and buffer size is large enough
+ *      0      otherwise
+ */
+size_t rand_pool_entropy_available(RAND_POOL *pool)
 {
-    /* Round up request to multiple of block size */
-    min_len = ((min_len + 19) / 20) * 20;
-    *pout = OPENSSL_malloc(min_len);
-    if (!*pout)
+    if (pool->entropy < pool->requested_entropy)
         return 0;
-    if (ssleay_rand_bytes(*pout, min_len, 0, 0) <= 0) {
-        OPENSSL_free(*pout);
-        *pout = NULL;
+
+    if (pool->len < pool->min_len)
         return 0;
-    }
-    return min_len;
-}
 
-static void drbg_free_entropy(DRBG_CTX *ctx, unsigned char *out, size_t olen)
-{
-    if (out) {
-        OPENSSL_cleanse(out, olen);
-        OPENSSL_free(out);
-    }
+    return pool->entropy;
 }
 
 /*
- * Set "additional input" when generating random data. This uses the current
- * PID, a time value and a counter.
+ * Returns the (remaining) amount of entropy needed to fill
+ * the random pool.
  */
 
-static size_t drbg_get_adin(DRBG_CTX *ctx, unsigned char **pout)
+size_t rand_pool_entropy_needed(RAND_POOL *pool)
 {
-    /* Use of static variables is OK as this happens under a lock */
-    static unsigned char buf[16];
-    static unsigned long counter;
-    FIPS_get_timevec(buf, &counter);
-    *pout = buf;
-    return sizeof(buf);
+    if (pool->entropy < pool->requested_entropy)
+        return pool->requested_entropy - pool->entropy;
+
+    return 0;
 }
 
 /*
- * RAND_add() and RAND_seed() pass through to OpenSSL PRNG so it is
- * correctly seeded by RAND_poll().
+ * Returns the number of bytes needed to fill the pool, assuming
+ * the input has 1 / |entropy_factor| entropy bits per data bit.
+ * In case of an error, 0 is returned.
  */
 
-static int drbg_rand_add(DRBG_CTX *ctx, const void *in, int inlen,
-                         double entropy)
+size_t rand_pool_bytes_needed(RAND_POOL *pool, unsigned int entropy_factor)
 {
-    RAND_SSLeay()->add(in, inlen, entropy);
-    return 1;
+    size_t bytes_needed;
+    size_t entropy_needed = rand_pool_entropy_needed(pool);
+
+    if (entropy_factor < 1) {
+        RANDerr(RAND_F_RAND_POOL_BYTES_NEEDED, RAND_R_ARGUMENT_OUT_OF_RANGE);
+        return 0;
+    }
+
+    bytes_needed = ENTROPY_TO_BYTES(entropy_needed, entropy_factor);
+
+    if (bytes_needed > pool->max_len - pool->len) {
+        /* not enough space left */
+        RANDerr(RAND_F_RAND_POOL_BYTES_NEEDED, RAND_R_RANDOM_POOL_OVERFLOW);
+        return 0;
+    }
+
+    if (pool->len < pool->min_len &&
+        bytes_needed < pool->min_len - pool->len)
+        /* to meet the min_len requirement */
+        bytes_needed = pool->min_len - pool->len;
+
+    return bytes_needed;
 }
 
-static int drbg_rand_seed(DRBG_CTX *ctx, const void *in, int inlen)
+/* Returns the remaining number of bytes available */
+size_t rand_pool_bytes_remaining(RAND_POOL *pool)
 {
-    RAND_SSLeay()->seed(in, inlen);
-    return 1;
+    return pool->max_len - pool->len;
 }
 
-# ifndef OPENSSL_DRBG_DEFAULT_TYPE
-#  define OPENSSL_DRBG_DEFAULT_TYPE       NID_aes_256_ctr
-# endif
-# ifndef OPENSSL_DRBG_DEFAULT_FLAGS
-#  define OPENSSL_DRBG_DEFAULT_FLAGS      DRBG_FLAG_CTR_USE_DF
-# endif
+/*
+ * Add random bytes to the random pool.
+ *
+ * It is expected that the |buffer| contains |len| bytes of
+ * random input which contains at least |entropy| bits of
+ * randomness.
+ *
+ * Returns 1 if the added amount is adequate, otherwise 0
+ */
+int rand_pool_add(RAND_POOL *pool,
+                  const unsigned char *buffer, size_t len, size_t entropy)
+{
+    if (len > pool->max_len - pool->len) {
+        RANDerr(RAND_F_RAND_POOL_ADD, RAND_R_ENTROPY_INPUT_TOO_LONG);
+        return 0;
+    }
+
+    if (len > 0) {
+        memcpy(pool->buffer + pool->len, buffer, len);
+        pool->len += len;
+        pool->entropy += entropy;
+    }
 
-static int fips_drbg_type = OPENSSL_DRBG_DEFAULT_TYPE;
-static int fips_drbg_flags = OPENSSL_DRBG_DEFAULT_FLAGS;
+    return 1;
+}
 
-void RAND_set_fips_drbg_type(int type, int flags)
+/*
+ * Start to add random bytes to the random pool in-place.
+ *
+ * Reserves the next |len| bytes for adding random bytes in-place
+ * and returns a pointer to the buffer.
+ * The caller is allowed to copy up to |len| bytes into the buffer.
+ * If |len| == 0 this is considered a no-op and a NULL pointer
+ * is returned without producing an error message.
+ *
+ * After updating the buffer, rand_pool_add_end() needs to be called
+ * to finish the udpate operation (see next comment).
+ */
+unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len)
 {
-    fips_drbg_type = type;
-    fips_drbg_flags = flags;
+    if (len == 0)
+        return NULL;
+
+    if (len > pool->max_len - pool->len) {
+        RANDerr(RAND_F_RAND_POOL_ADD_BEGIN, RAND_R_RANDOM_POOL_OVERFLOW);
+        return NULL;
+    }
+
+    return pool->buffer + pool->len;
 }
 
-int RAND_init_fips(void)
+/*
+ * Finish to add random bytes to the random pool in-place.
+ *
+ * Finishes an in-place update of the random pool started by
+ * rand_pool_add_begin() (see previous comment).
+ * It is expected that |len| bytes of random input have been added
+ * to the buffer which contain at least |entropy| bits of randomness.
+ * It is allowed to add less bytes than originally reserved.
+ */
+int rand_pool_add_end(RAND_POOL *pool, size_t len, size_t entropy)
 {
-    DRBG_CTX *dctx;
-    size_t plen;
-    unsigned char pers[32], *p;
-# ifndef OPENSSL_ALLOW_DUAL_EC_DRBG
-    if (fips_drbg_type >> 16) {
-        RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_DUAL_EC_DRBG_DISABLED);
+    if (len > pool->max_len - pool->len) {
+        RANDerr(RAND_F_RAND_POOL_ADD_END, RAND_R_RANDOM_POOL_OVERFLOW);
         return 0;
     }
-# endif
 
-    dctx = FIPS_get_default_drbg();
-    if (FIPS_drbg_init(dctx, fips_drbg_type, fips_drbg_flags) <= 0) {
-        RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_ERROR_INITIALISING_DRBG);
+    if (len > 0) {
+        pool->len += len;
+        pool->entropy += entropy;
+    }
+
+    return 1;
+}
+
+int RAND_set_rand_method(const RAND_METHOD *meth)
+{
+    if (!RUN_ONCE(&rand_init, do_rand_init))
         return 0;
+
+    CRYPTO_THREAD_write_lock(rand_meth_lock);
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_finish(funct_ref);
+    funct_ref = NULL;
+#endif
+    default_RAND_meth = meth;
+    CRYPTO_THREAD_unlock(rand_meth_lock);
+    return 1;
+}
+
+const RAND_METHOD *RAND_get_rand_method(void)
+{
+    const RAND_METHOD *tmp_meth = NULL;
+
+    if (!RUN_ONCE(&rand_init, do_rand_init))
+        return NULL;
+
+    CRYPTO_THREAD_write_lock(rand_meth_lock);
+    if (default_RAND_meth == NULL) {
+#ifndef OPENSSL_NO_ENGINE
+        ENGINE *e;
+
+        /* If we have an engine that can do RAND, use it. */
+        if ((e = ENGINE_get_default_RAND()) != NULL
+                && (tmp_meth = ENGINE_get_RAND(e)) != NULL) {
+            funct_ref = e;
+            default_RAND_meth = tmp_meth;
+        } else {
+            ENGINE_finish(e);
+            default_RAND_meth = &rand_meth;
+        }
+#else
+        default_RAND_meth = &rand_meth;
+#endif
     }
+    tmp_meth = default_RAND_meth;
+    CRYPTO_THREAD_unlock(rand_meth_lock);
+    return tmp_meth;
+}
+
+#ifndef OPENSSL_NO_ENGINE
+int RAND_set_rand_engine(ENGINE *engine)
+{
+    const RAND_METHOD *tmp_meth = NULL;
 
-    FIPS_drbg_set_callbacks(dctx,
-                            drbg_get_entropy, drbg_free_entropy, 20,
-                            drbg_get_entropy, drbg_free_entropy);
-    FIPS_drbg_set_rand_callbacks(dctx, drbg_get_adin, 0,
-                                 drbg_rand_seed, drbg_rand_add);
-    /* Personalisation string: a string followed by date time vector */
-    strcpy((char *)pers, "OpenSSL DRBG2.0");
-    plen = drbg_get_adin(dctx, &p);
-    memcpy(pers + 16, p, plen);
-
-    if (FIPS_drbg_instantiate(dctx, pers, sizeof(pers)) <= 0) {
-        RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_ERROR_INSTANTIATING_DRBG);
+    if (!RUN_ONCE(&rand_init, do_rand_init))
         return 0;
+
+    if (engine != NULL) {
+        if (!ENGINE_init(engine))
+            return 0;
+        tmp_meth = ENGINE_get_RAND(engine);
+        if (tmp_meth == NULL) {
+            ENGINE_finish(engine);
+            return 0;
+        }
     }
-    FIPS_rand_set_method(FIPS_drbg_method());
+    CRYPTO_THREAD_write_lock(rand_engine_lock);
+    /* This function releases any prior ENGINE so call it first */
+    RAND_set_rand_method(tmp_meth);
+    funct_ref = engine;
+    CRYPTO_THREAD_unlock(rand_engine_lock);
     return 1;
 }
+#endif
 
+void RAND_seed(const void *buf, int num)
+{
+    const RAND_METHOD *meth = RAND_get_rand_method();
+
+    if (meth->seed != NULL)
+        meth->seed(buf, num);
+}
+
+void RAND_add(const void *buf, int num, double randomness)
+{
+    const RAND_METHOD *meth = RAND_get_rand_method();
+
+    if (meth->add != NULL)
+        meth->add(buf, num, randomness);
+}
+
+/*
+ * This function is not part of RAND_METHOD, so if we're not using
+ * the default method, then just call RAND_bytes().  Otherwise make
+ * sure we're instantiated and use the private DRBG.
+ */
+int RAND_priv_bytes(unsigned char *buf, int num)
+{
+    const RAND_METHOD *meth = RAND_get_rand_method();
+    RAND_DRBG *drbg;
+    int ret;
+
+    if (meth != RAND_OpenSSL())
+        return RAND_bytes(buf, num);
+
+    drbg = RAND_DRBG_get0_private();
+    if (drbg == NULL)
+        return 0;
+
+    ret = RAND_DRBG_bytes(drbg, buf, num);
+    return ret;
+}
+
+int RAND_bytes(unsigned char *buf, int num)
+{
+    const RAND_METHOD *meth = RAND_get_rand_method();
+
+    if (meth->bytes != NULL)
+        return meth->bytes(buf, num);
+    RANDerr(RAND_F_RAND_BYTES, RAND_R_FUNC_NOT_IMPLEMENTED);
+    return -1;
+}
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+int RAND_pseudo_bytes(unsigned char *buf, int num)
+{
+    const RAND_METHOD *meth = RAND_get_rand_method();
+
+    if (meth->pseudorand != NULL)
+        return meth->pseudorand(buf, num);
+    return -1;
+}
 #endif
+
+int RAND_status(void)
+{
+    const RAND_METHOD *meth = RAND_get_rand_method();
+
+    if (meth->status != NULL)
+        return meth->status();
+    return 0;
+}
diff --git a/freebsd/crypto/openssl/crypto/rand/rand_unix.c b/freebsd/crypto/openssl/crypto/rand/rand_unix.c
index f606c4ea..34d58ea3 100644
--- a/freebsd/crypto/openssl/crypto/rand/rand_unix.c
+++ b/freebsd/crypto/openssl/crypto/rand/rand_unix.c
@@ -1,200 +1,140 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/rand/rand_unix.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
-#include <stdio.h>
 
-#define USE_SOCKETS
+#ifndef _GNU_SOURCE
+# define _GNU_SOURCE
+#endif
 #include "e_os.h"
-#include "cryptlib.h"
+#include <stdio.h>
+#include "internal/cryptlib.h"
 #include <openssl/rand.h>
 #include "rand_lcl.h"
+#include "internal/rand_int.h"
+#include <stdio.h>
+#include "internal/dso.h"
+#if defined(__linux)
+# include <sys/syscall.h>
+#endif
+#if defined(__FreeBSD__)
+# include <sys/types.h>
+# include <sys/sysctl.h>
+# include <sys/param.h>
+#endif
+#if defined(__OpenBSD__) || defined(__NetBSD__)
+# include <sys/param.h>
+#endif
 
-#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))
-
+#if defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__)
 # include <sys/types.h>
-# include <sys/time.h>
-# include <sys/times.h>
 # include <sys/stat.h>
 # include <fcntl.h>
 # include <unistd.h>
-# include <time.h>
-# if defined(OPENSSL_SYS_LINUX) /* should actually be available virtually
-                                 * everywhere */
-#  include <poll.h>
-# endif
-# include <limits.h>
-# ifndef FD_SETSIZE
-#  define FD_SETSIZE (8*sizeof(fd_set))
+# include <sys/time.h>
+
+static uint64_t get_time_stamp(void);
+static uint64_t get_timer_bits(void);
+
+/* Macro to convert two thirty two bit values into a sixty four bit one */
+# define TWO32TO64(a, b) ((((uint64_t)(a)) << 32) + (b))
+
+/*
+ * Check for the existence and support of POSIX timers.  The standard
+ * says that the _POSIX_TIMERS macro will have a positive value if they
+ * are available.
+ *
+ * However, we want an additional constraint: that the timer support does
+ * not require an extra library dependency.  Early versions of glibc
+ * require -lrt to be specified on the link line to access the timers,
+ * so this needs to be checked for.
+ *
+ * It is worse because some libraries define __GLIBC__ but don't
+ * support the version testing macro (e.g. uClibc).  This means
+ * an extra check is needed.
+ *
+ * The final condition is:
+ *      "have posix timers and either not glibc or glibc without -lrt"
+ *
+ * The nested #if sequences are required to avoid using a parameterised
+ * macro that might be undefined.
+ */
+# undef OSSL_POSIX_TIMER_OKAY
+# if defined(_POSIX_TIMERS) && _POSIX_TIMERS > 0
+#  if defined(__GLIBC__)
+#   if defined(__GLIBC_PREREQ)
+#    if __GLIBC_PREREQ(2, 17)
+#     define OSSL_POSIX_TIMER_OKAY
+#    endif
+#   endif
+#  else
+#   define OSSL_POSIX_TIMER_OKAY
+#  endif
 # endif
+#endif /* defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) */
+
+#if (defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)) && \
+        !defined(OPENSSL_RAND_SEED_NONE)
+# error "UEFI and VXWorks only support seeding NONE"
+#endif
+
+#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) \
+    || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_VXWORKS) \
+    || defined(OPENSSL_SYS_UEFI))
+
+static ssize_t syscall_random(void *buf, size_t buflen);
 
 # if defined(OPENSSL_SYS_VOS)
 
+#  ifndef OPENSSL_RAND_SEED_OS
+#   error "Unsupported seeding method configured; must be os"
+#  endif
+
+#  if defined(OPENSSL_SYS_VOS_HPPA) && defined(OPENSSL_SYS_VOS_IA32)
+#   error "Unsupported HP-PA and IA32 at the same time."
+#  endif
+#  if !defined(OPENSSL_SYS_VOS_HPPA) && !defined(OPENSSL_SYS_VOS_IA32)
+#   error "Must have one of HP-PA or IA32"
+#  endif
+
 /*
  * The following algorithm repeatedly samples the real-time clock (RTC) to
  * generate a sequence of unpredictable data.  The algorithm relies upon the
  * uneven execution speed of the code (due to factors such as cache misses,
  * interrupts, bus activity, and scheduling) and upon the rather large
  * relative difference between the speed of the clock and the rate at which
- * it can be read.
- *
- * If this code is ported to an environment where execution speed is more
- * constant or where the RTC ticks at a much slower rate, or the clock can be
- * read with fewer instructions, it is likely that the results would be far
- * more predictable.
+ * it can be read.  If it is ported to an environment where execution speed
+ * is more constant or where the RTC ticks at a much slower rate, or the
+ * clock can be read with fewer instructions, it is likely that the results
+ * would be far more predictable.  This should only be used for legacy
+ * platforms.
  *
- * As a precaution, we generate 4 times the minimum required amount of seed
- * data.
+ * As a precaution, we assume only 2 bits of entropy per byte.
  */
-
-int RAND_poll(void)
+size_t rand_pool_acquire_entropy(RAND_POOL *pool)
 {
     short int code;
-    gid_t curr_gid;
-    pid_t curr_pid;
-    uid_t curr_uid;
     int i, k;
+    size_t bytes_needed;
     struct timespec ts;
     unsigned char v;
-
 #  ifdef OPENSSL_SYS_VOS_HPPA
     long duration;
     extern void s$sleep(long *_duration, short int *_code);
 #  else
-#   ifdef OPENSSL_SYS_VOS_IA32
     long long duration;
     extern void s$sleep2(long long *_duration, short int *_code);
-#   else
-#    error "Unsupported Platform."
-#   endif                       /* OPENSSL_SYS_VOS_IA32 */
-#  endif                        /* OPENSSL_SYS_VOS_HPPA */
-
-    /*
-     * Seed with the gid, pid, and uid, to ensure *some* variation between
-     * different processes.
-     */
-
-    curr_gid = getgid();
-    RAND_add(&curr_gid, sizeof(curr_gid), 1);
-    curr_gid = 0;
-
-    curr_pid = getpid();
-    RAND_add(&curr_pid, sizeof(curr_pid), 1);
-    curr_pid = 0;
+#  endif
 
-    curr_uid = getuid();
-    RAND_add(&curr_uid, sizeof(curr_uid), 1);
-    curr_uid = 0;
+    bytes_needed = rand_pool_bytes_needed(pool, 4 /*entropy_factor*/);
 
-    for (i = 0; i < (ENTROPY_NEEDED * 4); i++) {
+    for (i = 0; i < bytes_needed; i++) {
         /*
          * burn some cpu; hope for interrupts, cache collisions, bus
          * interference, etc.
@@ -207,245 +147,544 @@ int RAND_poll(void)
         duration = 1;
         s$sleep(&duration, &code);
 #  else
-#   ifdef OPENSSL_SYS_VOS_IA32
         /* sleep for 1/65536 of a second (15 us).  */
         duration = 1;
         s$sleep2(&duration, &code);
-#   endif                       /* OPENSSL_SYS_VOS_IA32 */
-#  endif                        /* OPENSSL_SYS_VOS_HPPA */
+#  endif
 
-        /* get wall clock time.  */
+        /* Get wall clock time, take 8 bits. */
         clock_gettime(CLOCK_REALTIME, &ts);
-
-        /* take 8 bits */
-        v = (unsigned char)(ts.tv_nsec % 256);
-        RAND_add(&v, sizeof(v), 1);
-        v = 0;
+        v = (unsigned char)(ts.tv_nsec & 0xFF);
+        rand_pool_add(pool, arg, &v, sizeof(v) , 2);
     }
-    return 1;
+    return rand_pool_entropy_available(pool);
 }
-# elif defined(__FreeBSD__) || defined(__OpenBSD__)
-int RAND_poll(void)
-{
-    u_int32_t rnd = 0, i;
-    unsigned char buf[ENTROPY_NEEDED];
-
-    for (i = 0; i < sizeof(buf); i++) {
-        if (i % 4 == 0)
-            rnd = arc4random();
-        buf[i] = rnd;
-        rnd >>= 8;
-    }
-    RAND_add(buf, sizeof(buf), ENTROPY_NEEDED);
-    OPENSSL_cleanse(buf, sizeof(buf));
 
-    return 1;
+void rand_pool_cleanup(void)
+{
 }
-# else                          /* !(defined(__FreeBSD__) ||
-                                 * defined(__OpenBSD__)) */
-int RAND_poll(void)
+
+void rand_pool_keep_random_devices_open(int keep)
 {
-    unsigned long l;
-    pid_t curr_pid = getpid();
-#  if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
-    unsigned char tmpbuf[ENTROPY_NEEDED];
-    int n = 0;
+}
+
+# else
+
+#  if defined(OPENSSL_RAND_SEED_EGD) && \
+        (defined(OPENSSL_NO_EGD) || !defined(DEVRANDOM_EGD))
+#   error "Seeding uses EGD but EGD is turned off or no device given"
 #  endif
-#  ifdef DEVRANDOM
-    static const char *randomfiles[] = { DEVRANDOM };
-    struct stat randomstats[sizeof(randomfiles) / sizeof(randomfiles[0])];
-    int fd;
-    unsigned int i;
+
+#  if defined(OPENSSL_RAND_SEED_DEVRANDOM) && !defined(DEVRANDOM)
+#   error "Seeding uses urandom but DEVRANDOM is not configured"
+#  endif
+
+#  if defined(OPENSSL_RAND_SEED_OS)
+#   if !defined(DEVRANDOM)
+#    error "OS seeding requires DEVRANDOM to be configured"
+#   endif
+#   define OPENSSL_RAND_SEED_GETRANDOM
+#   define OPENSSL_RAND_SEED_DEVRANDOM
 #  endif
-#  ifdef DEVRANDOM_EGD
-    static const char *egdsockets[] = { DEVRANDOM_EGD, NULL };
-    const char **egdsocket = NULL;
+
+#  if defined(OPENSSL_RAND_SEED_LIBRANDOM)
+#   error "librandom not (yet) supported"
 #  endif
 
-#  ifdef DEVRANDOM
-    memset(randomstats, 0, sizeof(randomstats));
+#  if (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
+/*
+ * sysctl_random(): Use sysctl() to read a random number from the kernel
+ * Returns the number of bytes returned in buf on success, -1 on failure.
+ */
+static ssize_t sysctl_random(char *buf, size_t buflen)
+{
+    int mib[2];
+    size_t done = 0;
+    size_t len;
+
     /*
-     * Use a random entropy pool device. Linux, FreeBSD and OpenBSD have
-     * this. Use /dev/urandom if you can as /dev/random may block if it runs
-     * out of random entries.
+     * Note: sign conversion between size_t and ssize_t is safe even
+     * without a range check, see comment in syscall_random()
      */
 
-    for (i = 0; (i < sizeof(randomfiles) / sizeof(randomfiles[0])) &&
-         (n < ENTROPY_NEEDED); i++) {
-        if ((fd = open(randomfiles[i], O_RDONLY
-#   ifdef O_NONBLOCK
-                       | O_NONBLOCK
-#   endif
-#   ifdef O_BINARY
-                       | O_BINARY
+    /*
+     * On FreeBSD old implementations returned longs, newer versions support
+     * variable sizes up to 256 byte. The code below would not work properly
+     * when the sysctl returns long and we want to request something not a
+     * multiple of longs, which should never be the case.
+     */
+    if (!ossl_assert(buflen % sizeof(long) == 0)) {
+        errno = EINVAL;
+        return -1;
+    }
+
+    /*
+     * On NetBSD before 4.0 KERN_ARND was an alias for KERN_URND, and only
+     * filled in an int, leaving the rest uninitialized. Since NetBSD 4.0
+     * it returns a variable number of bytes with the current version supporting
+     * up to 256 bytes.
+     * Just return an error on older NetBSD versions.
+     */
+#if   defined(__NetBSD__) && __NetBSD_Version__ < 400000000
+    errno = ENOSYS;
+    return -1;
+#endif
+
+    mib[0] = CTL_KERN;
+    mib[1] = KERN_ARND;
+
+    do {
+        len = buflen;
+        if (sysctl(mib, 2, buf, &len, NULL, 0) == -1)
+            return done > 0 ? done : -1;
+        done += len;
+        buf += len;
+        buflen -= len;
+    } while (buflen > 0);
+
+    return done;
+}
+#  endif
+
+/*
+ * syscall_random(): Try to get random data using a system call
+ * returns the number of bytes returned in buf, or < 0 on error.
+ */
+static ssize_t syscall_random(void *buf, size_t buflen)
+{
+    /*
+     * Note: 'buflen' equals the size of the buffer which is used by the
+     * get_entropy() callback of the RAND_DRBG. It is roughly bounded by
+     *
+     *   2 * DRBG_MINMAX_FACTOR * (RAND_DRBG_STRENGTH / 8) = 2^13
+     *
+     * which is way below the OSSL_SSIZE_MAX limit. Therefore sign conversion
+     * between size_t and ssize_t is safe even without a range check.
+     */
+
+    /*
+     * Do runtime detection to find getentropy().
+     *
+     * Known OSs that should support this:
+     * - Darwin since 16 (OSX 10.12, IOS 10.0).
+     * - Solaris since 11.3
+     * - OpenBSD since 5.6
+     * - Linux since 3.17 with glibc 2.25
+     * - FreeBSD since 12.0 (1200061)
+     */
+#  if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux)
+    extern int getentropy(void *buffer, size_t length) __attribute__((weak));
+
+    if (getentropy != NULL)
+        return getentropy(buf, buflen) == 0 ? (ssize_t)buflen : -1;
+#  else
+    union {
+        void *p;
+        int (*f)(void *buffer, size_t length);
+    } p_getentropy;
+
+    /*
+     * We could cache the result of the lookup, but we normally don't
+     * call this function often.
+     */
+    ERR_set_mark();
+    p_getentropy.p = DSO_global_lookup("getentropy");
+    ERR_pop_to_mark();
+    if (p_getentropy.p != NULL)
+        return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1;
+#  endif
+
+    /* Linux supports this since version 3.17 */
+#  if defined(__linux) && defined(SYS_getrandom)
+    return syscall(SYS_getrandom, buf, buflen, 0);
+#  elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
+    return sysctl_random(buf, buflen);
+#  else
+    errno = ENOSYS;
+    return -1;
+#  endif
+}
+
+#if  !defined(OPENSSL_RAND_SEED_NONE) && defined(OPENSSL_RAND_SEED_DEVRANDOM)
+static const char *random_device_paths[] = { DEVRANDOM };
+static struct random_device {
+    int fd;
+    dev_t dev;
+    ino_t ino;
+    mode_t mode;
+    dev_t rdev;
+} random_devices[OSSL_NELEM(random_device_paths)];
+static int keep_random_devices_open = 1;
+
+/*
+ * Verify that the file descriptor associated with the random source is
+ * still valid. The rationale for doing this is the fact that it is not
+ * uncommon for daemons to close all open file handles when daemonizing.
+ * So the handle might have been closed or even reused for opening
+ * another file.
+ */
+static int check_random_device(struct random_device * rd)
+{
+    struct stat st;
+
+    return rd->fd != -1
+           && fstat(rd->fd, &st) != -1
+           && rd->dev == st.st_dev
+           && rd->ino == st.st_ino
+           && ((rd->mode ^ st.st_mode) & ~(S_IRWXU | S_IRWXG | S_IRWXO)) == 0
+           && rd->rdev == st.st_rdev;
+}
+
+/*
+ * Open a random device if required and return its file descriptor or -1 on error
+ */
+static int get_random_device(size_t n)
+{
+    struct stat st;
+    struct random_device * rd = &random_devices[n];
+
+    /* reuse existing file descriptor if it is (still) valid */
+    if (check_random_device(rd))
+        return rd->fd;
+
+    /* open the random device ... */
+    if ((rd->fd = open(random_device_paths[n], O_RDONLY)) == -1)
+        return rd->fd;
+
+    /* ... and cache its relevant stat(2) data */
+    if (fstat(rd->fd, &st) != -1) {
+        rd->dev = st.st_dev;
+        rd->ino = st.st_ino;
+        rd->mode = st.st_mode;
+        rd->rdev = st.st_rdev;
+    } else {
+        close(rd->fd);
+        rd->fd = -1;
+    }
+
+    return rd->fd;
+}
+
+/*
+ * Close a random device making sure it is a random device
+ */
+static void close_random_device(size_t n)
+{
+    struct random_device * rd = &random_devices[n];
+
+    if (check_random_device(rd))
+        close(rd->fd);
+    rd->fd = -1;
+}
+
+static void open_random_devices(void)
+{
+    size_t i;
+
+    for (i = 0; i < OSSL_NELEM(random_devices); i++)
+        (void)get_random_device(i);
+}
+
+int rand_pool_init(void)
+{
+    size_t i;
+
+    for (i = 0; i < OSSL_NELEM(random_devices); i++)
+        random_devices[i].fd = -1;
+    open_random_devices();
+    return 1;
+}
+
+void rand_pool_cleanup(void)
+{
+    size_t i;
+
+    for (i = 0; i < OSSL_NELEM(random_devices); i++)
+        close_random_device(i);
+}
+
+void rand_pool_keep_random_devices_open(int keep)
+{
+    if (keep)
+        open_random_devices();
+    else
+        rand_pool_cleanup();
+    keep_random_devices_open = keep;
+}
+
+#  else     /* defined(OPENSSL_RAND_SEED_NONE)
+             * || !defined(OPENSSL_RAND_SEED_DEVRANDOM)
+             */
+
+int rand_pool_init(void)
+{
+    return 1;
+}
+
+void rand_pool_cleanup(void)
+{
+}
+
+void rand_pool_keep_random_devices_open(int keep)
+{
+}
+
+#  endif    /* !defined(OPENSSL_RAND_SEED_NONE)
+             * && defined(OPENSSL_RAND_SEED_DEVRANDOM)
+             */
+
+/*
+ * Try the various seeding methods in turn, exit when successful.
+ *
+ * TODO(DRBG): If more than one entropy source is available, is it
+ * preferable to stop as soon as enough entropy has been collected
+ * (as favored by @rsalz) or should one rather be defensive and add
+ * more entropy than requested and/or from different sources?
+ *
+ * Currently, the user can select multiple entropy sources in the
+ * configure step, yet in practice only the first available source
+ * will be used. A more flexible solution has been requested, but
+ * currently it is not clear how this can be achieved without
+ * overengineering the problem. There are many parameters which
+ * could be taken into account when selecting the order and amount
+ * of input from the different entropy sources (trust, quality,
+ * possibility of blocking).
+ */
+size_t rand_pool_acquire_entropy(RAND_POOL *pool)
+{
+#  ifdef OPENSSL_RAND_SEED_NONE
+    return rand_pool_entropy_available(pool);
+#  else
+    size_t bytes_needed;
+    size_t entropy_available = 0;
+    unsigned char *buffer;
+
+#   ifdef OPENSSL_RAND_SEED_GETRANDOM
+    {
+        ssize_t bytes;
+        /* Maximum allowed number of consecutive unsuccessful attempts */
+        int attempts = 3;
+
+        bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
+        while (bytes_needed != 0 && attempts-- > 0) {
+            buffer = rand_pool_add_begin(pool, bytes_needed);
+            bytes = syscall_random(buffer, bytes_needed);
+            if (bytes > 0) {
+                rand_pool_add_end(pool, bytes, 8 * bytes);
+                bytes_needed -= bytes;
+                attempts = 3; /* reset counter after successful attempt */
+            } else if (bytes < 0 && errno != EINTR) {
+                break;
+            }
+        }
+    }
+    entropy_available = rand_pool_entropy_available(pool);
+    if (entropy_available > 0)
+        return entropy_available;
 #   endif
-#   ifdef O_NOCTTY              /* If it happens to be a TTY (god forbid), do
-                                 * not make it our controlling tty */
-                       | O_NOCTTY
+
+#   if defined(OPENSSL_RAND_SEED_LIBRANDOM)
+    {
+        /* Not yet implemented. */
+    }
 #   endif
-             )) >= 0) {
-            int usec = 10 * 1000; /* spend 10ms on each file */
-            int r;
-            unsigned int j;
-            struct stat *st = &randomstats[i];
-
-            /*
-             * Avoid using same input... Used to be O_NOFOLLOW above, but
-             * it's not universally appropriate...
-             */
-            if (fstat(fd, st) != 0) {
-                close(fd);
+
+#   ifdef OPENSSL_RAND_SEED_DEVRANDOM
+    bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
+    {
+        size_t i;
+
+        for (i = 0; bytes_needed > 0 && i < OSSL_NELEM(random_device_paths); i++) {
+            ssize_t bytes = 0;
+            /* Maximum allowed number of consecutive unsuccessful attempts */
+            int attempts = 3;
+            const int fd = get_random_device(i);
+
+            if (fd == -1)
                 continue;
-            }
-            for (j = 0; j < i; j++) {
-                if (randomstats[j].st_ino == st->st_ino &&
-                    randomstats[j].st_dev == st->st_dev)
+
+            while (bytes_needed != 0 && attempts-- > 0) {
+                buffer = rand_pool_add_begin(pool, bytes_needed);
+                bytes = read(fd, buffer, bytes_needed);
+
+                if (bytes > 0) {
+                    rand_pool_add_end(pool, bytes, 8 * bytes);
+                    bytes_needed -= bytes;
+                    attempts = 3; /* reset counter after successful attempt */
+                } else if (bytes < 0 && errno != EINTR) {
                     break;
+                }
             }
-            if (j < i) {
-                close(fd);
-                continue;
-            }
+            if (bytes < 0 || !keep_random_devices_open)
+                close_random_device(i);
 
-            do {
-                int try_read = 0;
-
-#   if defined(OPENSSL_SYS_BEOS_R5)
-                /*
-                 * select() is broken in BeOS R5, so we simply try to read
-                 * something and snooze if we couldn't
-                 */
-                try_read = 1;
-
-#   elif defined(OPENSSL_SYS_LINUX)
-                /* use poll() */
-                struct pollfd pset;
-
-                pset.fd = fd;
-                pset.events = POLLIN;
-                pset.revents = 0;
-
-                if (poll(&pset, 1, usec / 1000) < 0)
-                    usec = 0;
-                else
-                    try_read = (pset.revents & POLLIN) != 0;
-
-#   else
-                /* use select() */
-                fd_set fset;
-                struct timeval t;
-
-                t.tv_sec = 0;
-                t.tv_usec = usec;
-
-                if (FD_SETSIZE > 0 && (unsigned)fd >= FD_SETSIZE) {
-                    /*
-                     * can't use select, so just try to read once anyway
-                     */
-                    try_read = 1;
-                } else {
-                    FD_ZERO(&fset);
-                    FD_SET(fd, &fset);
-
-                    if (select(fd + 1, &fset, NULL, NULL, &t) >= 0) {
-                        usec = t.tv_usec;
-                        if (FD_ISSET(fd, &fset))
-                            try_read = 1;
-                    } else
-                        usec = 0;
-                }
+            bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
+        }
+        entropy_available = rand_pool_entropy_available(pool);
+        if (entropy_available > 0)
+            return entropy_available;
+    }
 #   endif
 
-                if (try_read) {
-                    r = read(fd, (unsigned char *)tmpbuf + n,
-                             ENTROPY_NEEDED - n);
-                    if (r > 0)
-                        n += r;
-#   if defined(OPENSSL_SYS_BEOS_R5)
-                    if (r == 0)
-                        snooze(t.tv_usec);
+#   ifdef OPENSSL_RAND_SEED_RDTSC
+    entropy_available = rand_acquire_entropy_from_tsc(pool);
+    if (entropy_available > 0)
+        return entropy_available;
 #   endif
-                } else
-                    r = -1;
-
-                /*
-                 * Some Unixen will update t in select(), some won't.  For
-                 * those who won't, or if we didn't use select() in the first
-                 * place, give up here, otherwise, we will do this once again
-                 * for the remaining time.
-                 */
-                if (usec == 10 * 1000)
-                    usec = 0;
-            }
-            while ((r > 0 ||
-                    (errno == EINTR || errno == EAGAIN)) && usec != 0
-                   && n < ENTROPY_NEEDED);
 
-            close(fd);
+#   ifdef OPENSSL_RAND_SEED_RDCPU
+    entropy_available = rand_acquire_entropy_from_cpu(pool);
+    if (entropy_available > 0)
+        return entropy_available;
+#   endif
+
+#   ifdef OPENSSL_RAND_SEED_EGD
+    bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
+    if (bytes_needed > 0) {
+        static const char *paths[] = { DEVRANDOM_EGD, NULL };
+        int i;
+
+        for (i = 0; paths[i] != NULL; i++) {
+            buffer = rand_pool_add_begin(pool, bytes_needed);
+            if (buffer != NULL) {
+                size_t bytes = 0;
+                int num = RAND_query_egd_bytes(paths[i],
+                                               buffer, (int)bytes_needed);
+                if (num == (int)bytes_needed)
+                    bytes = bytes_needed;
+
+                rand_pool_add_end(pool, bytes, 8 * bytes);
+                entropy_available = rand_pool_entropy_available(pool);
+            }
+            if (entropy_available > 0)
+                return entropy_available;
         }
     }
-#  endif                        /* defined(DEVRANDOM) */
+#   endif
+
+    return rand_pool_entropy_available(pool);
+#  endif
+}
+# endif
+#endif
+
+#if defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__)
+int rand_pool_add_nonce_data(RAND_POOL *pool)
+{
+    struct {
+        pid_t pid;
+        CRYPTO_THREAD_ID tid;
+        uint64_t time;
+    } data = { 0 };
+
+    /*
+     * Add process id, thread id, and a high resolution timestamp to
+     * ensure that the nonce is unique whith high probability for
+     * different process instances.
+     */
+    data.pid = getpid();
+    data.tid = CRYPTO_THREAD_get_current_id();
+    data.time = get_time_stamp();
+
+    return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
+}
+
+int rand_pool_add_additional_data(RAND_POOL *pool)
+{
+    struct {
+        CRYPTO_THREAD_ID tid;
+        uint64_t time;
+    } data = { 0 };
 
-#  ifdef DEVRANDOM_EGD
     /*
-     * Use an EGD socket to read entropy from an EGD or PRNGD entropy
-     * collecting daemon.
+     * Add some noise from the thread id and a high resolution timer.
+     * The thread id adds a little randomness if the drbg is accessed
+     * concurrently (which is the case for the <master> drbg).
      */
+    data.tid = CRYPTO_THREAD_get_current_id();
+    data.time = get_timer_bits();
 
-    for (egdsocket = egdsockets; *egdsocket && n < ENTROPY_NEEDED;
-         egdsocket++) {
-        int r;
+    return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
+}
+
+
+/*
+ * Get the current time with the highest possible resolution
+ *
+ * The time stamp is added to the nonce, so it is optimized for not repeating.
+ * The current time is ideal for this purpose, provided the computer's clock
+ * is synchronized.
+ */
+static uint64_t get_time_stamp(void)
+{
+# if defined(OSSL_POSIX_TIMER_OKAY)
+    {
+        struct timespec ts;
 
-        r = RAND_query_egd_bytes(*egdsocket, (unsigned char *)tmpbuf + n,
-                                 ENTROPY_NEEDED - n);
-        if (r > 0)
-            n += r;
+        if (clock_gettime(CLOCK_REALTIME, &ts) == 0)
+            return TWO32TO64(ts.tv_sec, ts.tv_nsec);
     }
-#  endif                        /* defined(DEVRANDOM_EGD) */
+# endif
+# if defined(__unix__) \
+     || (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L)
+    {
+        struct timeval tv;
 
-#  if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
-    if (n > 0) {
-        RAND_add(tmpbuf, sizeof(tmpbuf), (double)n);
-        OPENSSL_cleanse(tmpbuf, n);
+        if (gettimeofday(&tv, NULL) == 0)
+            return TWO32TO64(tv.tv_sec, tv.tv_usec);
     }
-#  endif
+# endif
+    return time(NULL);
+}
 
-    /* put in some default random data, we need more than just this */
-    l = curr_pid;
-    RAND_add(&l, sizeof(l), 0.0);
-    l = getuid();
-    RAND_add(&l, sizeof(l), 0.0);
+/*
+ * Get an arbitrary timer value of the highest possible resolution
+ *
+ * The timer value is added as random noise to the additional data,
+ * which is not considered a trusted entropy sourec, so any result
+ * is acceptable.
+ */
+static uint64_t get_timer_bits(void)
+{
+    uint64_t res = OPENSSL_rdtsc();
 
-    l = time(NULL);
-    RAND_add(&l, sizeof(l), 0.0);
+    if (res != 0)
+        return res;
 
-#  if defined(OPENSSL_SYS_BEOS)
+# if defined(__sun) || defined(__hpux)
+    return gethrtime();
+# elif defined(_AIX)
     {
-        system_info sysInfo;
-        get_system_info(&sysInfo);
-        RAND_add(&sysInfo, sizeof(sysInfo), 0);
+        timebasestruct_t t;
+
+        read_wall_time(&t, TIMEBASE_SZ);
+        return TWO32TO64(t.tb_high, t.tb_low);
     }
-#  endif
+# elif defined(OSSL_POSIX_TIMER_OKAY)
+    {
+        struct timespec ts;
 
-#  if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
-    return 1;
+#  ifdef CLOCK_BOOTTIME
+#   define CLOCK_TYPE CLOCK_BOOTTIME
+#  elif defined(_POSIX_MONOTONIC_CLOCK)
+#   define CLOCK_TYPE CLOCK_MONOTONIC
 #  else
-    return 0;
+#   define CLOCK_TYPE CLOCK_REALTIME
 #  endif
-}
 
-# endif                         /* defined(__FreeBSD__) ||
-                                 * defined(__OpenBSD__) */
-#endif                          /* !(defined(OPENSSL_SYS_WINDOWS) ||
-                                 * defined(OPENSSL_SYS_WIN32) ||
-                                 * defined(OPENSSL_SYS_VMS) ||
-                                 * defined(OPENSSL_SYS_OS2) ||
-                                 * defined(OPENSSL_SYS_VXWORKS) ||
-                                 * defined(OPENSSL_SYS_NETWARE)) */
-
-#if defined(OPENSSL_SYS_VXWORKS)
-int RAND_poll(void)
-{
-    return 0;
+        if (clock_gettime(CLOCK_TYPE, &ts) == 0)
+            return TWO32TO64(ts.tv_sec, ts.tv_nsec);
+    }
+# endif
+# if defined(__unix__) \
+     || (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L)
+    {
+        struct timeval tv;
+
+        if (gettimeofday(&tv, NULL) == 0)
+            return TWO32TO64(tv.tv_sec, tv.tv_usec);
+    }
+# endif
+    return time(NULL);
 }
-#endif
+#endif /* defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) */
diff --git a/freebsd/crypto/openssl/crypto/rand/randfile.c b/freebsd/crypto/openssl/crypto/rand/randfile.c
index 3341f626..3f401f8f 100644
--- a/freebsd/crypto/openssl/crypto/rand/randfile.c
+++ b/freebsd/crypto/openssl/crypto/rand/randfile.c
@@ -1,69 +1,21 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/rand/randfile.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
+#include "internal/cryptlib.h"
+
 #include <errno.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 
-#include "e_os.h"
 #include <openssl/crypto.h>
 #include <openssl/rand.h>
 #include <openssl/buffer.h>
@@ -71,12 +23,22 @@
 #ifdef OPENSSL_SYS_VMS
 # include <unixio.h>
 #endif
-#ifndef NO_SYS_TYPES_H
-# include <sys/types.h>
-#endif
+#include <sys/types.h>
 #ifndef OPENSSL_NO_POSIX_IO
 # include <sys/stat.h>
 # include <fcntl.h>
+# ifdef _WIN32
+#  include <windows.h>
+#  include <io.h>
+#  define stat    _stat
+#  define chmod   _chmod
+#  define open    _open
+#  define fdopen  _fdopen
+#  define fstat   _fstat
+#  define fileno  _fileno
+# endif
+#endif
+
 /*
  * Following should not be needed, and we could have been stricter
  * and demand S_IS*. But some systems just don't comply... Formally
@@ -84,176 +46,134 @@
  * would look like ((m) & MASK == TYPE), but since MASK availability
  * is as questionable, we settle for this poor-man fallback...
  */
-# if !defined(S_ISBLK)
-#  if defined(_S_IFBLK)
-#   define S_ISBLK(m) ((m) & _S_IFBLK)
-#  elif defined(S_IFBLK)
-#   define S_ISBLK(m) ((m) & S_IFBLK)
-#  elif defined(_WIN32)
-#   define S_ISBLK(m) 0 /* no concept of block devices on Windows */
-#  endif
-# endif
-# if !defined(S_ISCHR)
-#  if defined(_S_IFCHR)
-#   define S_ISCHR(m) ((m) & _S_IFCHR)
-#  elif defined(S_IFCHR)
-#   define S_ISCHR(m) ((m) & S_IFCHR)
-#  endif
+# if !defined(S_ISREG)
+#   define S_ISREG(m) ((m) & S_IFREG)
 # endif
-#endif
-
-#ifdef _WIN32
-# define stat    _stat
-# define chmod   _chmod
-# define open    _open
-# define fdopen  _fdopen
-#endif
 
-#undef BUFSIZE
-#define BUFSIZE 1024
-#define RAND_DATA 1024
+#define RAND_FILE_SIZE 1024
+#define RFILE ".rnd"
 
-#if (defined(OPENSSL_SYS_VMS) && (defined(__alpha) || defined(__ia64)))
+#ifdef OPENSSL_SYS_VMS
 /*
+ * __FILE_ptr32 is a type provided by DEC C headers (types.h specifically)
+ * to make sure the FILE* is a 32-bit pointer no matter what.  We know that
+ * stdio functions return this type (a study of stdio.h proves it).
+ *
  * This declaration is a nasty hack to get around vms' extension to fopen for
- * passing in sharing options being disabled by our /STANDARD=ANSI89
+ * passing in sharing options being disabled by /STANDARD=ANSI89
  */
-static FILE *(*const vms_fopen)(const char *, const char *, ...) =
-    (FILE *(*)(const char *, const char *, ...))fopen;
-# define VMS_OPEN_ATTRS "shr=get,put,upd,del","ctx=bin,stm","rfm=stm","rat=none","mrs=0"
+static __FILE_ptr32 (*const vms_fopen)(const char *, const char *, ...) =
+        (__FILE_ptr32 (*)(const char *, const char *, ...))fopen;
+# define VMS_OPEN_ATTRS \
+        "shr=get,put,upd,del","ctx=bin,stm","rfm=stm","rat=none","mrs=0"
+# define openssl_fopen(fname, mode) vms_fopen((fname), (mode), VMS_OPEN_ATTRS)
 #endif
 
-/* #define RFILE ".rnd" - defined in ../../e_os.h */
-
 /*
  * Note that these functions are intended for seed files only. Entropy
- * devices and EGD sockets are handled in rand_unix.c
+ * devices and EGD sockets are handled in rand_unix.c  If |bytes| is
+ * -1 read the complete file; otherwise read the specified amount.
  */
-
 int RAND_load_file(const char *file, long bytes)
 {
-    /*-
-     * If bytes >= 0, read up to 'bytes' bytes.
-     * if bytes == -1, read complete file.
-     */
-
-    MS_STATIC unsigned char buf[BUFSIZE];
+    unsigned char buf[RAND_FILE_SIZE];
 #ifndef OPENSSL_NO_POSIX_IO
     struct stat sb;
 #endif
-    int i, ret = 0, n;
-/*
- * If setvbuf() is to be called, then the FILE pointer
- * to it must be 32 bit.
-*/
-
-#if !defined OPENSSL_NO_SETVBUF_IONBF && defined(OPENSSL_SYS_VMS) && defined(__VMS_VER) && (__VMS_VER >= 70000000)
-    /* For 64-bit-->32 bit API Support*/
-#if __INITIAL_POINTER_SIZE == 64
-#pragma __required_pointer_size __save
-#pragma __required_pointer_size 32
-#endif
-    FILE *in; /* setvbuf() requires 32-bit pointers */
-#if __INITIAL_POINTER_SIZE == 64
-#pragma __required_pointer_size __restore
-#endif
-#else
+    int i, n, ret = 0;
     FILE *in;
-#endif /* OPENSSL_SYS_VMS */
 
-    if (file == NULL)
-        return (0);
+    if (bytes == 0)
+        return 0;
+
+    if ((in = openssl_fopen(file, "rb")) == NULL) {
+        RANDerr(RAND_F_RAND_LOAD_FILE, RAND_R_CANNOT_OPEN_FILE);
+        ERR_add_error_data(2, "Filename=", file);
+        return -1;
+    }
 
 #ifndef OPENSSL_NO_POSIX_IO
-# ifdef PURIFY
+    if (fstat(fileno(in), &sb) < 0) {
+        RANDerr(RAND_F_RAND_LOAD_FILE, RAND_R_INTERNAL_ERROR);
+        ERR_add_error_data(2, "Filename=", file);
+        fclose(in);
+        return -1;
+    }
+
+    if (!S_ISREG(sb.st_mode) && bytes < 0)
+        bytes = 256;
+#endif
     /*
-     * struct stat can have padding and unused fields that may not be
-     * initialized in the call to stat(). We need to clear the entire
-     * structure before calling RAND_add() to avoid complaints from
-     * applications such as Valgrind.
+     * On VMS, setbuf() will only take 32-bit pointers, and a compilation
+     * with /POINTER_SIZE=64 will give off a MAYLOSEDATA2 warning here.
+     * However, we trust that the C RTL will never give us a FILE pointer
+     * above the first 4 GB of memory, so we simply turn off the warning
+     * temporarily.
      */
-    memset(&sb, 0, sizeof(sb));
-# endif
-    if (stat(file, &sb) < 0)
-        return (0);
-    RAND_add(&sb, sizeof(sb), 0.0);
+#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
+# pragma environment save
+# pragma message disable maylosedata2
 #endif
-    if (bytes == 0)
-        return (ret);
-
-#ifdef OPENSSL_SYS_VMS
-    in = vms_fopen(file, "rb", VMS_OPEN_ATTRS);
-#else
-    in = fopen(file, "rb");
-#endif
-    if (in == NULL)
-        goto err;
-#if defined(S_ISBLK) && defined(S_ISCHR) && !defined(OPENSSL_NO_POSIX_IO)
-    if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) {
-        /*
-         * this file is a device. we don't want read an infinite number of
-         * bytes from a random device, nor do we want to use buffered I/O
-         * because we will waste system entropy.
-         */
-        bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */
-# ifndef OPENSSL_NO_SETVBUF_IONBF
-        setvbuf(in, NULL, _IONBF, 0); /* don't do buffered reads */
-# endif                         /* ndef OPENSSL_NO_SETVBUF_IONBF */
-    }
+    /*
+     * Don't buffer, because even if |file| is regular file, we have
+     * no control over the buffer, so why would we want a copy of its
+     * contents lying around?
+     */
+    setbuf(in, NULL);
+#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
+# pragma environment restore
 #endif
-    for (;;) {
+
+    for ( ; ; ) {
         if (bytes > 0)
-            n = (bytes < BUFSIZE) ? (int)bytes : BUFSIZE;
+            n = (bytes < RAND_FILE_SIZE) ? (int)bytes : RAND_FILE_SIZE;
         else
-            n = BUFSIZE;
+            n = RAND_FILE_SIZE;
         i = fread(buf, 1, n, in);
-        if (i <= 0)
+#ifdef EINTR
+        if (ferror(in) && errno == EINTR){
+            clearerr(in);
+            if (i == 0)
+                continue;
+        }
+#endif
+        if (i == 0)
             break;
-#ifdef PURIFY
+
         RAND_add(buf, i, (double)i);
-#else
-        /* even if n != i, use the full array */
-        RAND_add(buf, n, (double)i);
-#endif
         ret += i;
-        if (bytes > 0) {
-            bytes -= n;
-            if (bytes <= 0)
-                break;
-        }
+
+        /* If given a bytecount, and we did it, break. */
+        if (bytes > 0 && (bytes -= i) <= 0)
+            break;
     }
+
+    OPENSSL_cleanse(buf, sizeof(buf));
     fclose(in);
-    OPENSSL_cleanse(buf, BUFSIZE);
- err:
-    return (ret);
+    return ret;
 }
 
 int RAND_write_file(const char *file)
 {
-    unsigned char buf[BUFSIZE];
-    int i, ret = 0, rand_err = 0;
+    unsigned char buf[RAND_FILE_SIZE];
+    int ret = -1;
     FILE *out = NULL;
-    int n;
 #ifndef OPENSSL_NO_POSIX_IO
     struct stat sb;
 
-    i = stat(file, &sb);
-    if (i != -1) {
-# if defined(S_ISBLK) && defined(S_ISCHR)
-        if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) {
-            /*
-             * this file is a device. we don't write back to it. we
-             * "succeed" on the assumption this is some sort of random
-             * device. Otherwise attempting to write to and chmod the device
-             * causes problems.
-             */
-            return (1);
-        }
-# endif
+    if (stat(file, &sb) >= 0 && !S_ISREG(sb.st_mode)) {
+        RANDerr(RAND_F_RAND_WRITE_FILE, RAND_R_NOT_A_REGULAR_FILE);
+        ERR_add_error_data(2, "Filename=", file);
+        return -1;
     }
 #endif
 
-#if defined(O_CREAT) && !defined(OPENSSL_NO_POSIX_IO) && !defined(OPENSSL_SYS_VMS)
+    /* Collect enough random data. */
+    if (RAND_priv_bytes(buf, (int)sizeof(buf)) != 1)
+        return  -1;
+
+#if defined(O_CREAT) && !defined(OPENSSL_NO_POSIX_IO) && \
+    !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WINDOWS)
     {
 # ifndef O_BINARY
 #  define O_BINARY 0
@@ -268,7 +188,7 @@ int RAND_write_file(const char *file)
     }
 #endif
 
-#if (defined(OPENSSL_SYS_VMS) && (defined(__alpha) || defined(__ia64)))
+#ifdef OPENSSL_SYS_VMS
     /*
      * VMS NOTE: Prior versions of this routine created a _new_ version of
      * the rand file for each call into this routine, then deleted all
@@ -286,89 +206,93 @@ int RAND_write_file(const char *file)
      * application level. Also consider whether or not you NEED a persistent
      * rand file in a concurrent use situation.
      */
-
-    out = vms_fopen(file, "rb+", VMS_OPEN_ATTRS);
-    if (out == NULL)
-        out = vms_fopen(file, "wb", VMS_OPEN_ATTRS);
-#else
-    if (out == NULL)
-        out = fopen(file, "wb");
+    out = openssl_fopen(file, "rb+");
 #endif
+
     if (out == NULL)
-        goto err;
+        out = openssl_fopen(file, "wb");
+    if (out == NULL) {
+        RANDerr(RAND_F_RAND_WRITE_FILE, RAND_R_CANNOT_OPEN_FILE);
+        ERR_add_error_data(2, "Filename=", file);
+        return -1;
+    }
 
-#ifndef NO_CHMOD
+#if !defined(NO_CHMOD) && !defined(OPENSSL_NO_POSIX_IO)
+    /*
+     * Yes it's late to do this (see above comment), but better than nothing.
+     */
     chmod(file, 0600);
 #endif
-    n = RAND_DATA;
-    for (;;) {
-        i = (n > BUFSIZE) ? BUFSIZE : n;
-        n -= BUFSIZE;
-        if (RAND_bytes(buf, i) <= 0)
-            rand_err = 1;
-        i = fwrite(buf, 1, i, out);
-        if (i <= 0) {
-            ret = 0;
-            break;
-        }
-        ret += i;
-        if (n <= 0)
-            break;
-    }
 
+    ret = fwrite(buf, 1, RAND_FILE_SIZE, out);
     fclose(out);
-    OPENSSL_cleanse(buf, BUFSIZE);
- err:
-    return (rand_err ? -1 : ret);
+    OPENSSL_cleanse(buf, RAND_FILE_SIZE);
+    return ret;
 }
 
 const char *RAND_file_name(char *buf, size_t size)
 {
     char *s = NULL;
-#ifdef __OpenBSD__
-    struct stat sb;
+    size_t len;
+    int use_randfile = 1;
+
+#if defined(_WIN32) && defined(CP_UTF8)
+    DWORD envlen;
+    WCHAR *var;
+
+    /* Look up various environment variables. */
+    if ((envlen = GetEnvironmentVariableW(var = L"RANDFILE", NULL, 0)) == 0) {
+        use_randfile = 0;
+        if ((envlen = GetEnvironmentVariableW(var = L"HOME", NULL, 0)) == 0
+                && (envlen = GetEnvironmentVariableW(var = L"USERPROFILE",
+                                                  NULL, 0)) == 0)
+            envlen = GetEnvironmentVariableW(var = L"SYSTEMROOT", NULL, 0);
+    }
+
+    /* If we got a value, allocate space to hold it and then get it. */
+    if (envlen != 0) {
+        int sz;
+        WCHAR *val = _alloca(envlen * sizeof(WCHAR));
+
+        if (GetEnvironmentVariableW(var, val, envlen) < envlen
+                && (sz = WideCharToMultiByte(CP_UTF8, 0, val, -1, NULL, 0,
+                                             NULL, NULL)) != 0) {
+            s = _alloca(sz);
+            if (WideCharToMultiByte(CP_UTF8, 0, val, -1, s, sz,
+                                    NULL, NULL) == 0)
+                s = NULL;
+        }
+    }
+#else
+    if (OPENSSL_issetugid() != 0) {
+        use_randfile = 0;
+    } else if ((s = getenv("RANDFILE")) == NULL || *s == '\0') {
+        use_randfile = 0;
+        s = getenv("HOME");
+    }
 #endif
 
-    if (OPENSSL_issetugid() == 0)
-        s = getenv("RANDFILE");
-    if (s != NULL && *s && strlen(s) + 1 < size) {
-        if (BUF_strlcpy(buf, s, size) >= size)
-            return NULL;
-    } else {
-        if (OPENSSL_issetugid() == 0)
-            s = getenv("HOME");
 #ifdef DEFAULT_HOME
-        if (s == NULL) {
-            s = DEFAULT_HOME;
-        }
+    if (!use_randfile && s == NULL)
+        s = DEFAULT_HOME;
 #endif
-        if (s && *s && strlen(s) + strlen(RFILE) + 2 < size) {
-            BUF_strlcpy(buf, s, size);
+    if (s == NULL || *s == '\0')
+        return NULL;
+
+    len = strlen(s);
+    if (use_randfile) {
+        if (len + 1 >= size)
+            return NULL;
+        strcpy(buf, s);
+    } else {
+        if (len + 1 + strlen(RFILE) + 1 >= size)
+            return NULL;
+        strcpy(buf, s);
 #ifndef OPENSSL_SYS_VMS
-            BUF_strlcat(buf, "/", size);
+        strcat(buf, "/");
 #endif
-            BUF_strlcat(buf, RFILE, size);
-        } else
-            buf[0] = '\0';      /* no file name */
+        strcat(buf, RFILE);
     }
 
-#ifdef __OpenBSD__
-    /*
-     * given that all random loads just fail if the file can't be seen on a
-     * stat, we stat the file we're returning, if it fails, use /dev/arandom
-     * instead. this allows the user to use their own source for good random
-     * data, but defaults to something hopefully decent if that isn't
-     * available.
-     */
-
-    if (!buf[0])
-        if (BUF_strlcpy(buf, "/dev/arandom", size) >= size) {
-            return (NULL);
-        }
-    if (stat(buf, &sb) == -1)
-        if (BUF_strlcpy(buf, "/dev/arandom", size) >= size) {
-            return (NULL);
-        }
-#endif
-    return (buf);
+    return buf;
 }
diff --git a/freebsd/crypto/openssl/crypto/rand/randtest.c b/freebsd/crypto/openssl/crypto/rand/randtest.c
deleted file mode 100644
index 1c995520..00000000
--- a/freebsd/crypto/openssl/crypto/rand/randtest.c
+++ /dev/null
@@ -1,211 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/rand/randtest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/rand.h>
-
-#include "../e_os.h"
-
-/* some FIPS 140-1 random number test */
-/* some simple tests */
-
-int main(int argc, char **argv)
-{
-    unsigned char buf[2500];
-    int i, j, k, s, sign, nsign, err = 0;
-    unsigned long n1;
-    unsigned long n2[16];
-    unsigned long runs[2][34];
-    /*
-     * double d;
-     */
-    long d;
-
-    i = RAND_pseudo_bytes(buf, 2500);
-    if (i < 0) {
-        printf("init failed, the rand method is not properly installed\n");
-        err++;
-        goto err;
-    }
-
-    n1 = 0;
-    for (i = 0; i < 16; i++)
-        n2[i] = 0;
-    for (i = 0; i < 34; i++)
-        runs[0][i] = runs[1][i] = 0;
-
-    /* test 1 and 2 */
-    sign = 0;
-    nsign = 0;
-    for (i = 0; i < 2500; i++) {
-        j = buf[i];
-
-        n2[j & 0x0f]++;
-        n2[(j >> 4) & 0x0f]++;
-
-        for (k = 0; k < 8; k++) {
-            s = (j & 0x01);
-            if (s == sign)
-                nsign++;
-            else {
-                if (nsign > 34)
-                    nsign = 34;
-                if (nsign != 0) {
-                    runs[sign][nsign - 1]++;
-                    if (nsign > 6)
-                        runs[sign][5]++;
-                }
-                sign = s;
-                nsign = 1;
-            }
-
-            if (s)
-                n1++;
-            j >>= 1;
-        }
-    }
-    if (nsign > 34)
-        nsign = 34;
-    if (nsign != 0)
-        runs[sign][nsign - 1]++;
-
-    /* test 1 */
-    if (!((9654 < n1) && (n1 < 10346))) {
-        printf("test 1 failed, X=%lu\n", n1);
-        err++;
-    }
-    printf("test 1 done\n");
-
-    /* test 2 */
-#ifdef undef
-    d = 0;
-    for (i = 0; i < 16; i++)
-        d += n2[i] * n2[i];
-    d = d * 16.0 / 5000.0 - 5000.0;
-    if (!((1.03 < d) && (d < 57.4))) {
-        printf("test 2 failed, X=%.2f\n", d);
-        err++;
-    }
-#endif
-    d = 0;
-    for (i = 0; i < 16; i++)
-        d += n2[i] * n2[i];
-    d = (d * 8) / 25 - 500000;
-    if (!((103 < d) && (d < 5740))) {
-        printf("test 2 failed, X=%ld.%02ld\n", d / 100L, d % 100L);
-        err++;
-    }
-    printf("test 2 done\n");
-
-    /* test 3 */
-    for (i = 0; i < 2; i++) {
-        if (!((2267 < runs[i][0]) && (runs[i][0] < 2733))) {
-            printf("test 3 failed, bit=%d run=%d num=%lu\n",
-                   i, 1, runs[i][0]);
-            err++;
-        }
-        if (!((1079 < runs[i][1]) && (runs[i][1] < 1421))) {
-            printf("test 3 failed, bit=%d run=%d num=%lu\n",
-                   i, 2, runs[i][1]);
-            err++;
-        }
-        if (!((502 < runs[i][2]) && (runs[i][2] < 748))) {
-            printf("test 3 failed, bit=%d run=%d num=%lu\n",
-                   i, 3, runs[i][2]);
-            err++;
-        }
-        if (!((223 < runs[i][3]) && (runs[i][3] < 402))) {
-            printf("test 3 failed, bit=%d run=%d num=%lu\n",
-                   i, 4, runs[i][3]);
-            err++;
-        }
-        if (!((90 < runs[i][4]) && (runs[i][4] < 223))) {
-            printf("test 3 failed, bit=%d run=%d num=%lu\n",
-                   i, 5, runs[i][4]);
-            err++;
-        }
-        if (!((90 < runs[i][5]) && (runs[i][5] < 223))) {
-            printf("test 3 failed, bit=%d run=%d num=%lu\n",
-                   i, 6, runs[i][5]);
-            err++;
-        }
-    }
-    printf("test 3 done\n");
-
-    /* test 4 */
-    if (runs[0][33] != 0) {
-        printf("test 4 failed, bit=%d run=%d num=%lu\n", 0, 34, runs[0][33]);
-        err++;
-    }
-    if (runs[1][33] != 0) {
-        printf("test 4 failed, bit=%d run=%d num=%lu\n", 1, 34, runs[1][33]);
-        err++;
-    }
-    printf("test 4 done\n");
- err:
-    err = ((err) ? 1 : 0);
-#ifdef OPENSSL_SYS_NETWARE
-    if (err)
-        printf("ERROR: %d\n", err);
-#endif
-    EXIT(err);
-    return (err);
-}
diff --git a/freebsd/crypto/openssl/crypto/rc2/rc2.h b/freebsd/crypto/openssl/crypto/rc2/rc2.h
deleted file mode 100644
index 29d02d73..00000000
--- a/freebsd/crypto/openssl/crypto/rc2/rc2.h
+++ /dev/null
@@ -1,103 +0,0 @@
-/* crypto/rc2/rc2.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_RC2_H
-# define HEADER_RC2_H
-
-# include <openssl/opensslconf.h>/* OPENSSL_NO_RC2, RC2_INT */
-# ifdef OPENSSL_NO_RC2
-#  error RC2 is disabled.
-# endif
-
-# define RC2_ENCRYPT     1
-# define RC2_DECRYPT     0
-
-# define RC2_BLOCK       8
-# define RC2_KEY_LENGTH  16
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-typedef struct rc2_key_st {
-    RC2_INT data[64];
-} RC2_KEY;
-
-# ifdef OPENSSL_FIPS
-void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,
-                         int bits);
-# endif
-void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits);
-void RC2_ecb_encrypt(const unsigned char *in, unsigned char *out,
-                     RC2_KEY *key, int enc);
-void RC2_encrypt(unsigned long *data, RC2_KEY *key);
-void RC2_decrypt(unsigned long *data, RC2_KEY *key);
-void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
-                     RC2_KEY *ks, unsigned char *iv, int enc);
-void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out,
-                       long length, RC2_KEY *schedule, unsigned char *ivec,
-                       int *num, int enc);
-void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out,
-                       long length, RC2_KEY *schedule, unsigned char *ivec,
-                       int *num);
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/freebsd/crypto/openssl/crypto/rc2/rc2_cbc.c b/freebsd/crypto/openssl/crypto/rc2/rc2_cbc.c
index ad5f3938..3ea01e3e 100644
--- a/freebsd/crypto/openssl/crypto/rc2/rc2_cbc.c
+++ b/freebsd/crypto/openssl/crypto/rc2/rc2_cbc.c
@@ -1,61 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/rc2/rc2_cbc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/rc2.h>
diff --git a/freebsd/crypto/openssl/crypto/rc2/rc2_ecb.c b/freebsd/crypto/openssl/crypto/rc2/rc2_ecb.c
index e5e8e910..baf9d49d 100644
--- a/freebsd/crypto/openssl/crypto/rc2/rc2_ecb.c
+++ b/freebsd/crypto/openssl/crypto/rc2/rc2_ecb.c
@@ -1,73 +1,21 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/rc2/rc2_ecb.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/rc2.h>
 #include "rc2_locl.h"
 #include <openssl/opensslv.h>
 
-const char RC2_version[] = "RC2" OPENSSL_VERSION_PTEXT;
-
 /*-
  * RC2 as implemented frm a posting from
  * Newsgroups: sci.crypt
- * Sender: pgut01@cs.auckland.ac.nz (Peter Gutmann)
  * Subject: Specification for Ron Rivests Cipher No.2
  * Message-ID: <4fk39f$f70@net.auckland.ac.nz>
  * Date: 11 Feb 1996 06:45:03 GMT
diff --git a/freebsd/crypto/openssl/crypto/rc2/rc2_locl.h b/freebsd/crypto/openssl/crypto/rc2/rc2_locl.h
index e72a20c0..e4dad947 100644
--- a/freebsd/crypto/openssl/crypto/rc2/rc2_locl.h
+++ b/freebsd/crypto/openssl/crypto/rc2/rc2_locl.h
@@ -1,59 +1,10 @@
-/* crypto/rc2/rc2_locl.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #undef c2l
@@ -69,13 +20,20 @@
                         l1=l2=0; \
                         switch (n) { \
                         case 8: l2 =((unsigned long)(*(--(c))))<<24L; \
+                        /* fall thru */                               \
                         case 7: l2|=((unsigned long)(*(--(c))))<<16L; \
+                        /* fall thru */                               \
                         case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \
-                        case 5: l2|=((unsigned long)(*(--(c))));     \
+                        /* fall thru */                               \
+                        case 5: l2|=((unsigned long)(*(--(c))));      \
+                        /* fall thru */                               \
                         case 4: l1 =((unsigned long)(*(--(c))))<<24L; \
+                        /* fall thru */                               \
                         case 3: l1|=((unsigned long)(*(--(c))))<<16L; \
+                        /* fall thru */                               \
                         case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \
-                        case 1: l1|=((unsigned long)(*(--(c))));     \
+                        /* fall thru */                               \
+                        case 1: l1|=((unsigned long)(*(--(c))));      \
                                 } \
                         }
 
@@ -91,12 +49,19 @@
                         c+=n; \
                         switch (n) { \
                         case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
+                        /* fall thru */                                     \
                         case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
+                        /* fall thru */                                     \
                         case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
+                        /* fall thru */                                     \
                         case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \
+                        /* fall thru */                                     \
                         case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
+                        /* fall thru */                                     \
                         case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
+                        /* fall thru */                                     \
                         case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
+                        /* fall thru */                                     \
                         case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \
                                 } \
                         }
@@ -107,12 +72,19 @@
                         l1=l2=0; \
                         switch (n) { \
                         case 8: l2 =((unsigned long)(*(--(c))))    ; \
+                        /* fall thru */                              \
                         case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
+                        /* fall thru */                              \
                         case 6: l2|=((unsigned long)(*(--(c))))<<16; \
+                        /* fall thru */                              \
                         case 5: l2|=((unsigned long)(*(--(c))))<<24; \
+                        /* fall thru */                              \
                         case 4: l1 =((unsigned long)(*(--(c))))    ; \
+                        /* fall thru */                              \
                         case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
+                        /* fall thru */                              \
                         case 2: l1|=((unsigned long)(*(--(c))))<<16; \
+                        /* fall thru */                              \
                         case 1: l1|=((unsigned long)(*(--(c))))<<24; \
                                 } \
                         }
@@ -122,12 +94,19 @@
                         c+=n; \
                         switch (n) { \
                         case 8: *(--(c))=(unsigned char)(((l2)    )&0xff); \
+                        /* fall thru */                                    \
                         case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
+                        /* fall thru */                                    \
                         case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
+                        /* fall thru */                                    \
                         case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
+                        /* fall thru */                                    \
                         case 4: *(--(c))=(unsigned char)(((l1)    )&0xff); \
+                        /* fall thru */                                    \
                         case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
+                        /* fall thru */                                    \
                         case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
+                        /* fall thru */                                    \
                         case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
                                 } \
                         }
diff --git a/freebsd/crypto/openssl/crypto/rc2/rc2_skey.c b/freebsd/crypto/openssl/crypto/rc2/rc2_skey.c
index 04f9e4a2..9f7fa75a 100644
--- a/freebsd/crypto/openssl/crypto/rc2/rc2_skey.c
+++ b/freebsd/crypto/openssl/crypto/rc2/rc2_skey.c
@@ -1,64 +1,14 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/rc2/rc2_skey.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include <openssl/crypto.h>
 #include <openssl/rc2.h>
 #include "rc2_locl.h"
 
@@ -99,15 +49,6 @@ static const unsigned char key_table[256] = {
  * uses a version where the bits parameter is the same as len*8
  */
 void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits)
-#ifdef OPENSSL_FIPS
-{
-    fips_cipher_abort(RC2);
-    private_RC2_set_key(key, len, data, bits);
-}
-
-void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,
-                         int bits)
-#endif
 {
     int i, j;
     unsigned char *k;
diff --git a/freebsd/crypto/openssl/crypto/rc2/rc2cfb64.c b/freebsd/crypto/openssl/crypto/rc2/rc2cfb64.c
index e0709b79..07eb4f65 100644
--- a/freebsd/crypto/openssl/crypto/rc2/rc2cfb64.c
+++ b/freebsd/crypto/openssl/crypto/rc2/rc2cfb64.c
@@ -1,61 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/rc2/rc2cfb64.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/rc2.h>
diff --git a/freebsd/crypto/openssl/crypto/rc2/rc2ofb64.c b/freebsd/crypto/openssl/crypto/rc2/rc2ofb64.c
index 0643e47d..d03a279d 100644
--- a/freebsd/crypto/openssl/crypto/rc2/rc2ofb64.c
+++ b/freebsd/crypto/openssl/crypto/rc2/rc2ofb64.c
@@ -1,61 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/rc2/rc2ofb64.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/rc2.h>
diff --git a/freebsd/crypto/openssl/crypto/rc2/rc2speed.c b/freebsd/crypto/openssl/crypto/rc2/rc2speed.c
deleted file mode 100644
index 4a70c6ac..00000000
--- a/freebsd/crypto/openssl/crypto/rc2/rc2speed.c
+++ /dev/null
@@ -1,264 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/rc2/rc2speed.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
-/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
-
-#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
-# define TIMES
-#endif
-
-#include <stdio.h>
-
-#include <openssl/e_os2.h>
-#include OPENSSL_UNISTD_IO
-OPENSSL_DECLARE_EXIT
-#ifndef OPENSSL_SYS_NETWARE
-# include <signal.h>
-#endif
-#ifndef _IRIX
-# include <time.h>
-#endif
-#ifdef TIMES
-# include <sys/types.h>
-# include <sys/times.h>
-#endif
-    /*
-     * Depending on the VMS version, the tms structure is perhaps defined.
-     * The __TMS macro will show if it was.  If it wasn't defined, we should
-     * undefine TIMES, since that tells the rest of the program how things
-     * should be handled.  -- Richard Levitte
-     */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
-# undef TIMES
-#endif
-#ifndef TIMES
-# include <sys/timeb.h>
-#endif
-#if defined(sun) || defined(__ultrix)
-# define _POSIX_SOURCE
-# include <limits.h>
-# include <sys/param.h>
-#endif
-#include <openssl/rc2.h>
-/* The following if from times(3) man page.  It may need to be changed */
-#ifndef HZ
-# ifndef CLK_TCK
-#  define HZ      100.0
-# else                          /* CLK_TCK */
-#  define HZ ((double)CLK_TCK)
-# endif                         /* CLK_TCK */
-#endif                          /* HZ */
-#define BUFSIZE ((long)1024)
-long run = 0;
-
-double Time_F(int s);
-#ifdef SIGALRM
-# if defined(__STDC__) || defined(sgi) || defined(_AIX)
-#  define SIGRETTYPE void
-# else
-#  define SIGRETTYPE int
-# endif
-
-SIGRETTYPE sig_done(int sig);
-SIGRETTYPE sig_done(int sig)
-{
-    signal(SIGALRM, sig_done);
-    run = 0;
-# ifdef LINT
-    sig = sig;
-# endif
-}
-#endif
-
-#define START   0
-#define STOP    1
-
-double Time_F(int s)
-{
-    double ret;
-#ifdef TIMES
-    static struct tms tstart, tend;
-
-    if (s == START) {
-        times(&tstart);
-        return (0);
-    } else {
-        times(&tend);
-        ret = ((double)(tend.tms_utime - tstart.tms_utime)) / HZ;
-        return ((ret == 0.0) ? 1e-6 : ret);
-    }
-#else                           /* !times() */
-    static struct timeb tstart, tend;
-    long i;
-
-    if (s == START) {
-        ftime(&tstart);
-        return (0);
-    } else {
-        ftime(&tend);
-        i = (long)tend.millitm - (long)tstart.millitm;
-        ret = ((double)(tend.time - tstart.time)) + ((double)i) / 1e3;
-        return ((ret == 0.0) ? 1e-6 : ret);
-    }
-#endif
-}
-
-int main(int argc, char **argv)
-{
-    long count;
-    static unsigned char buf[BUFSIZE];
-    static unsigned char key[] = {
-        0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
-        0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
-    };
-    RC2_KEY sch;
-    double a, b, c, d;
-#ifndef SIGALRM
-    long ca, cb, cc;
-#endif
-
-#ifndef TIMES
-    printf("To get the most accurate results, try to run this\n");
-    printf("program when this computer is idle.\n");
-#endif
-
-#ifndef SIGALRM
-    printf("First we calculate the approximate speed ...\n");
-    RC2_set_key(&sch, 16, key, 128);
-    count = 10;
-    do {
-        long i;
-        unsigned long data[2];
-
-        count *= 2;
-        Time_F(START);
-        for (i = count; i; i--)
-            RC2_encrypt(data, &sch);
-        d = Time_F(STOP);
-    } while (d < 3.0);
-    ca = count / 512;
-    cb = count;
-    cc = count * 8 / BUFSIZE + 1;
-    printf("Doing RC2_set_key %ld times\n", ca);
-# define COND(d) (count != (d))
-# define COUNT(d) (d)
-#else
-# define COND(c) (run)
-# define COUNT(d) (count)
-    signal(SIGALRM, sig_done);
-    printf("Doing RC2_set_key for 10 seconds\n");
-    alarm(10);
-#endif
-
-    Time_F(START);
-    for (count = 0, run = 1; COND(ca); count += 4) {
-        RC2_set_key(&sch, 16, key, 128);
-        RC2_set_key(&sch, 16, key, 128);
-        RC2_set_key(&sch, 16, key, 128);
-        RC2_set_key(&sch, 16, key, 128);
-    }
-    d = Time_F(STOP);
-    printf("%ld RC2_set_key's in %.2f seconds\n", count, d);
-    a = ((double)COUNT(ca)) / d;
-
-#ifdef SIGALRM
-    printf("Doing RC2_encrypt's for 10 seconds\n");
-    alarm(10);
-#else
-    printf("Doing RC2_encrypt %ld times\n", cb);
-#endif
-    Time_F(START);
-    for (count = 0, run = 1; COND(cb); count += 4) {
-        unsigned long data[2];
-
-        RC2_encrypt(data, &sch);
-        RC2_encrypt(data, &sch);
-        RC2_encrypt(data, &sch);
-        RC2_encrypt(data, &sch);
-    }
-    d = Time_F(STOP);
-    printf("%ld RC2_encrypt's in %.2f second\n", count, d);
-    b = ((double)COUNT(cb) * 8) / d;
-
-#ifdef SIGALRM
-    printf("Doing RC2_cbc_encrypt on %ld byte blocks for 10 seconds\n",
-           BUFSIZE);
-    alarm(10);
-#else
-    printf("Doing RC2_cbc_encrypt %ld times on %ld byte blocks\n", cc,
-           BUFSIZE);
-#endif
-    Time_F(START);
-    for (count = 0, run = 1; COND(cc); count++)
-        RC2_cbc_encrypt(buf, buf, BUFSIZE, &sch, &(key[0]), RC2_ENCRYPT);
-    d = Time_F(STOP);
-    printf("%ld RC2_cbc_encrypt's of %ld byte blocks in %.2f second\n",
-           count, BUFSIZE, d);
-    c = ((double)COUNT(cc) * BUFSIZE) / d;
-
-    printf("RC2 set_key       per sec = %12.2f (%9.3fuS)\n", a, 1.0e6 / a);
-    printf("RC2 raw ecb bytes per sec = %12.2f (%9.3fuS)\n", b, 8.0e6 / b);
-    printf("RC2 cbc     bytes per sec = %12.2f (%9.3fuS)\n", c, 8.0e6 / c);
-    exit(0);
-#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
-    return (0);
-#endif
-}
diff --git a/freebsd/crypto/openssl/crypto/rc2/rc2test.c b/freebsd/crypto/openssl/crypto/rc2/rc2test.c
deleted file mode 100644
index d3484932..00000000
--- a/freebsd/crypto/openssl/crypto/rc2/rc2test.c
+++ /dev/null
@@ -1,276 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/rc2/rc2test.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/*
- * This has been a quickly hacked 'ideatest.c'.  When I add tests for other
- * RC2 modes, more of the code will be uncommented.
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-#include "../e_os.h"
-
-#ifdef OPENSSL_NO_RC2
-int main(int argc, char *argv[])
-{
-    printf("No RC2 support\n");
-    return (0);
-}
-#else
-# include <openssl/rc2.h>
-
-static unsigned char RC2key[4][16] = {
-    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
-    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01},
-    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
-    {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-     0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F},
-};
-
-static unsigned char RC2plain[4][8] = {
-    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
-    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
-    {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
-    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
-};
-
-static unsigned char RC2cipher[4][8] = {
-    {0x1C, 0x19, 0x8A, 0x83, 0x8D, 0xF0, 0x28, 0xB7},
-    {0x21, 0x82, 0x9C, 0x78, 0xA9, 0xF9, 0xC0, 0x74},
-    {0x13, 0xDB, 0x35, 0x17, 0xD3, 0x21, 0x86, 0x9E},
-    {0x50, 0xDC, 0x01, 0x62, 0xBD, 0x75, 0x7F, 0x31},
-};
-
-/************/
-# ifdef undef
-unsigned char k[16] = {
-    0x00, 0x01, 0x00, 0x02, 0x00, 0x03, 0x00, 0x04,
-    0x00, 0x05, 0x00, 0x06, 0x00, 0x07, 0x00, 0x08
-};
-
-unsigned char in[8] = { 0x00, 0x00, 0x00, 0x01, 0x00, 0x02, 0x00, 0x03 };
-unsigned char c[8] = { 0x11, 0xFB, 0xED, 0x2B, 0x01, 0x98, 0x6D, 0xE5 };
-
-unsigned char out[80];
-
-char *text = "Hello to all people out there";
-
-static unsigned char cfb_key[16] = {
-    0xe1, 0xf0, 0xc3, 0xd2, 0xa5, 0xb4, 0x87, 0x96,
-    0x69, 0x78, 0x4b, 0x5a, 0x2d, 0x3c, 0x0f, 0x1e,
-};
-static unsigned char cfb_iv[80] =
-    { 0x34, 0x12, 0x78, 0x56, 0xab, 0x90, 0xef, 0xcd };
-static unsigned char cfb_buf1[40], cfb_buf2[40], cfb_tmp[8];
-#  define CFB_TEST_SIZE 24
-static unsigned char plain[CFB_TEST_SIZE] = {
-    0x4e, 0x6f, 0x77, 0x20, 0x69, 0x73,
-    0x20, 0x74, 0x68, 0x65, 0x20, 0x74,
-    0x69, 0x6d, 0x65, 0x20, 0x66, 0x6f,
-    0x72, 0x20, 0x61, 0x6c, 0x6c, 0x20
-};
-
-static unsigned char cfb_cipher64[CFB_TEST_SIZE] = {
-    0x59, 0xD8, 0xE2, 0x65, 0x00, 0x58, 0x6C, 0x3F,
-    0x2C, 0x17, 0x25, 0xD0, 0x1A, 0x38, 0xB7, 0x2A,
-    0x39, 0x61, 0x37, 0xDC, 0x79, 0xFB, 0x9F, 0x45
-/*- 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
-    0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,
-    0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/
-};
-
-/*
- * static int cfb64_test(unsigned char *cfb_cipher);
- */
-static char *pt(unsigned char *p);
-# endif
-
-int main(int argc, char *argv[])
-{
-    int i, n, err = 0;
-    RC2_KEY key;
-    unsigned char buf[8], buf2[8];
-
-    for (n = 0; n < 4; n++) {
-        RC2_set_key(&key, 16, &(RC2key[n][0]), 0 /* or 1024 */ );
-
-        RC2_ecb_encrypt(&(RC2plain[n][0]), buf, &key, RC2_ENCRYPT);
-        if (memcmp(&(RC2cipher[n][0]), buf, 8) != 0) {
-            printf("ecb rc2 error encrypting\n");
-            printf("got     :");
-            for (i = 0; i < 8; i++)
-                printf("%02X ", buf[i]);
-            printf("\n");
-            printf("expected:");
-            for (i = 0; i < 8; i++)
-                printf("%02X ", RC2cipher[n][i]);
-            err = 20;
-            printf("\n");
-        }
-
-        RC2_ecb_encrypt(buf, buf2, &key, RC2_DECRYPT);
-        if (memcmp(&(RC2plain[n][0]), buf2, 8) != 0) {
-            printf("ecb RC2 error decrypting\n");
-            printf("got     :");
-            for (i = 0; i < 8; i++)
-                printf("%02X ", buf[i]);
-            printf("\n");
-            printf("expected:");
-            for (i = 0; i < 8; i++)
-                printf("%02X ", RC2plain[n][i]);
-            printf("\n");
-            err = 3;
-        }
-    }
-
-    if (err == 0)
-        printf("ecb RC2 ok\n");
-# ifdef undef
-    memcpy(iv, k, 8);
-    idea_cbc_encrypt((unsigned char *)text, out, strlen(text) + 1, &key, iv,
-                     1);
-    memcpy(iv, k, 8);
-    idea_cbc_encrypt(out, out, 8, &dkey, iv, 0);
-    idea_cbc_encrypt(&(out[8]), &(out[8]), strlen(text) + 1 - 8, &dkey, iv,
-                     0);
-    if (memcmp(text, out, strlen(text) + 1) != 0) {
-        printf("cbc idea bad\n");
-        err = 4;
-    } else
-        printf("cbc idea ok\n");
-
-    printf("cfb64 idea ");
-    if (cfb64_test(cfb_cipher64)) {
-        printf("bad\n");
-        err = 5;
-    } else
-        printf("ok\n");
-# endif
-
-# ifdef OPENSSL_SYS_NETWARE
-    if (err)
-        printf("ERROR: %d\n", err);
-# endif
-    EXIT(err);
-    return (err);
-}
-
-# ifdef undef
-static int cfb64_test(unsigned char *cfb_cipher)
-{
-    IDEA_KEY_SCHEDULE eks, dks;
-    int err = 0, i, n;
-
-    idea_set_encrypt_key(cfb_key, &eks);
-    idea_set_decrypt_key(&eks, &dks);
-    memcpy(cfb_tmp, cfb_iv, 8);
-    n = 0;
-    idea_cfb64_encrypt(plain, cfb_buf1, (long)12, &eks,
-                       cfb_tmp, &n, IDEA_ENCRYPT);
-    idea_cfb64_encrypt(&(plain[12]), &(cfb_buf1[12]),
-                       (long)CFB_TEST_SIZE - 12, &eks,
-                       cfb_tmp, &n, IDEA_ENCRYPT);
-    if (memcmp(cfb_cipher, cfb_buf1, CFB_TEST_SIZE) != 0) {
-        err = 1;
-        printf("idea_cfb64_encrypt encrypt error\n");
-        for (i = 0; i < CFB_TEST_SIZE; i += 8)
-            printf("%s\n", pt(&(cfb_buf1[i])));
-    }
-    memcpy(cfb_tmp, cfb_iv, 8);
-    n = 0;
-    idea_cfb64_encrypt(cfb_buf1, cfb_buf2, (long)17, &eks,
-                       cfb_tmp, &n, IDEA_DECRYPT);
-    idea_cfb64_encrypt(&(cfb_buf1[17]), &(cfb_buf2[17]),
-                       (long)CFB_TEST_SIZE - 17, &dks,
-                       cfb_tmp, &n, IDEA_DECRYPT);
-    if (memcmp(plain, cfb_buf2, CFB_TEST_SIZE) != 0) {
-        err = 1;
-        printf("idea_cfb_encrypt decrypt error\n");
-        for (i = 0; i < 24; i += 8)
-            printf("%s\n", pt(&(cfb_buf2[i])));
-    }
-    return (err);
-}
-
-static char *pt(unsigned char *p)
-{
-    static char bufs[10][20];
-    static int bnum = 0;
-    char *ret;
-    int i;
-    static char *f = "0123456789ABCDEF";
-
-    ret = &(bufs[bnum++][0]);
-    bnum %= 10;
-    for (i = 0; i < 8; i++) {
-        ret[i * 2] = f[(p[i] >> 4) & 0xf];
-        ret[i * 2 + 1] = f[p[i] & 0xf];
-    }
-    ret[16] = '\0';
-    return (ret);
-}
-
-# endif
-#endif
diff --git a/freebsd/crypto/openssl/crypto/rc2/tab.c b/freebsd/crypto/openssl/crypto/rc2/tab.c
deleted file mode 100644
index 3abda02c..00000000
--- a/freebsd/crypto/openssl/crypto/rc2/tab.c
+++ /dev/null
@@ -1,86 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-#include <stdio.h>
-
-unsigned char ebits_to_num[256] = {
-    0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a,
-    0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0,
-    0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b,
-    0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a,
-    0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda,
-    0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36,
-    0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8,
-    0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c,
-    0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17,
-    0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60,
-    0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72,
-    0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa,
-    0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd,
-    0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e,
-    0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b,
-    0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf,
-    0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77,
-    0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6,
-    0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3,
-    0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3,
-    0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e,
-    0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c,
-    0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d,
-    0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2,
-    0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46,
-    0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5,
-    0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97,
-    0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5,
-    0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef,
-    0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f,
-    0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf,
-    0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab,
-};
-
-unsigned char num_to_ebits[256] = {
-    0x5d, 0xbe, 0x9b, 0x8b, 0x11, 0x99, 0x6e, 0x4d,
-    0x59, 0xf3, 0x85, 0xa6, 0x3f, 0xb7, 0x83, 0xc5,
-    0xe4, 0x73, 0x6b, 0x3a, 0x68, 0x5a, 0xc0, 0x47,
-    0xa0, 0x64, 0x34, 0x0c, 0xf1, 0xd0, 0x52, 0xa5,
-    0xb9, 0x1e, 0x96, 0x43, 0x41, 0xd8, 0xd4, 0x2c,
-    0xdb, 0xf8, 0x07, 0x77, 0x2a, 0xca, 0xeb, 0xef,
-    0x10, 0x1c, 0x16, 0x0d, 0x38, 0x72, 0x2f, 0x89,
-    0xc1, 0xf9, 0x80, 0xc4, 0x6d, 0xae, 0x30, 0x3d,
-    0xce, 0x20, 0x63, 0xfe, 0xe6, 0x1a, 0xc7, 0xb8,
-    0x50, 0xe8, 0x24, 0x17, 0xfc, 0x25, 0x6f, 0xbb,
-    0x6a, 0xa3, 0x44, 0x53, 0xd9, 0xa2, 0x01, 0xab,
-    0xbc, 0xb6, 0x1f, 0x98, 0xee, 0x9a, 0xa7, 0x2d,
-    0x4f, 0x9e, 0x8e, 0xac, 0xe0, 0xc6, 0x49, 0x46,
-    0x29, 0xf4, 0x94, 0x8a, 0xaf, 0xe1, 0x5b, 0xc3,
-    0xb3, 0x7b, 0x57, 0xd1, 0x7c, 0x9c, 0xed, 0x87,
-    0x40, 0x8c, 0xe2, 0xcb, 0x93, 0x14, 0xc9, 0x61,
-    0x2e, 0xe5, 0xcc, 0xf6, 0x5e, 0xa8, 0x5c, 0xd6,
-    0x75, 0x8d, 0x62, 0x95, 0x58, 0x69, 0x76, 0xa1,
-    0x4a, 0xb5, 0x55, 0x09, 0x78, 0x33, 0x82, 0xd7,
-    0xdd, 0x79, 0xf5, 0x1b, 0x0b, 0xde, 0x26, 0x21,
-    0x28, 0x74, 0x04, 0x97, 0x56, 0xdf, 0x3c, 0xf0,
-    0x37, 0x39, 0xdc, 0xff, 0x06, 0xa4, 0xea, 0x42,
-    0x08, 0xda, 0xb4, 0x71, 0xb0, 0xcf, 0x12, 0x7a,
-    0x4e, 0xfa, 0x6c, 0x1d, 0x84, 0x00, 0xc8, 0x7f,
-    0x91, 0x45, 0xaa, 0x2b, 0xc2, 0xb1, 0x8f, 0xd5,
-    0xba, 0xf2, 0xad, 0x19, 0xb2, 0x67, 0x36, 0xf7,
-    0x0f, 0x0a, 0x92, 0x7d, 0xe3, 0x9d, 0xe9, 0x90,
-    0x3e, 0x23, 0x27, 0x66, 0x13, 0xec, 0x81, 0x15,
-    0xbd, 0x22, 0xbf, 0x9f, 0x7e, 0xa9, 0x51, 0x4b,
-    0x4c, 0xfb, 0x02, 0xd3, 0x70, 0x86, 0x31, 0xe7,
-    0x3b, 0x05, 0x03, 0x54, 0x60, 0x48, 0x65, 0x18,
-    0xd2, 0xcd, 0x5f, 0x32, 0x88, 0x0e, 0x35, 0xfd,
-};
-
-main()
-{
-    int i, j;
-
-    for (i = 0; i < 256; i++) {
-        for (j = 0; j < 256; j++)
-            if (ebits_to_num[j] == i) {
-                printf("0x%02x,", j);
-                break;
-            }
-    }
-}
diff --git a/freebsd/crypto/openssl/crypto/rc4/rc4.h b/freebsd/crypto/openssl/crypto/rc4/rc4.h
deleted file mode 100644
index 39162b16..00000000
--- a/freebsd/crypto/openssl/crypto/rc4/rc4.h
+++ /dev/null
@@ -1,88 +0,0 @@
-/* crypto/rc4/rc4.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_RC4_H
-# define HEADER_RC4_H
-
-# include <openssl/opensslconf.h>/* OPENSSL_NO_RC4, RC4_INT */
-# ifdef OPENSSL_NO_RC4
-#  error RC4 is disabled.
-# endif
-
-# include <stddef.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-typedef struct rc4_key_st {
-    RC4_INT x, y;
-    RC4_INT data[256];
-} RC4_KEY;
-
-const char *RC4_options(void);
-void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
-void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
-void RC4(RC4_KEY *key, size_t len, const unsigned char *indata,
-         unsigned char *outdata);
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/freebsd/crypto/openssl/crypto/rc4/rc4_enc.c b/freebsd/crypto/openssl/crypto/rc4/rc4_enc.c
index f169d49a..90371c01 100644
--- a/freebsd/crypto/openssl/crypto/rc4/rc4_enc.c
+++ b/freebsd/crypto/openssl/crypto/rc4/rc4_enc.c
@@ -1,61 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/rc4/rc4_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/rc4.h>
@@ -64,7 +15,6 @@
 /*-
  * RC4 as implemented from a posting from
  * Newsgroups: sci.crypt
- * From: sterndark@netcom.com (David Sterndark)
  * Subject: RC4 Algorithm revealed.
  * Message-ID: <sternCvKL4B.Hyy@netcom.com>
  * Date: Wed, 14 Sep 1994 06:35:31 GMT
@@ -81,197 +31,6 @@ void RC4(RC4_KEY *key, size_t len, const unsigned char *indata,
     y = key->y;
     d = key->data;
 
-#if defined(RC4_CHUNK) && !defined(PEDANTIC)
-    /*-
-     * The original reason for implementing this(*) was the fact that
-     * pre-21164a Alpha CPUs don't have byte load/store instructions
-     * and e.g. a byte store has to be done with 64-bit load, shift,
-     * and, or and finally 64-bit store. Peaking data and operating
-     * at natural word size made it possible to reduce amount of
-     * instructions as well as to perform early read-ahead without
-     * suffering from RAW (read-after-write) hazard. This resulted
-     * in ~40%(**) performance improvement on 21064 box with gcc.
-     * But it's not only Alpha users who win here:-) Thanks to the
-     * early-n-wide read-ahead this implementation also exhibits
-     * >40% speed-up on SPARC and 20-30% on 64-bit MIPS (depending
-     * on sizeof(RC4_INT)).
-     *
-     * (*)  "this" means code which recognizes the case when input
-     *      and output pointers appear to be aligned at natural CPU
-     *      word boundary
-     * (**) i.e. according to 'apps/openssl speed rc4' benchmark,
-     *      crypto/rc4/rc4speed.c exhibits almost 70% speed-up...
-     *
-     * Cavets.
-     *
-     * - RC4_CHUNK="unsigned long long" should be a #1 choice for
-     *   UltraSPARC. Unfortunately gcc generates very slow code
-     *   (2.5-3 times slower than one generated by Sun's WorkShop
-     *   C) and therefore gcc (at least 2.95 and earlier) should
-     *   always be told that RC4_CHUNK="unsigned long".
-     *
-     *                                      <appro@fy.chalmers.se>
-     */
-
-# define RC4_STEP       ( \
-                        x=(x+1) &0xff,  \
-                        tx=d[x],        \
-                        y=(tx+y)&0xff,  \
-                        ty=d[y],        \
-                        d[y]=tx,        \
-                        d[x]=ty,        \
-                        (RC4_CHUNK)d[(tx+ty)&0xff]\
-                        )
-
-    if ((((size_t)indata & (sizeof(RC4_CHUNK) - 1)) |
-         ((size_t)outdata & (sizeof(RC4_CHUNK) - 1))) == 0) {
-        RC4_CHUNK ichunk, otp;
-        const union {
-            long one;
-            char little;
-        } is_endian = {
-            1
-        };
-
-        /*-
-         * I reckon we can afford to implement both endian
-         * cases and to decide which way to take at run-time
-         * because the machine code appears to be very compact
-         * and redundant 1-2KB is perfectly tolerable (i.e.
-         * in case the compiler fails to eliminate it:-). By
-         * suggestion from Terrel Larson <terr@terralogic.net>
-         * who also stands for the is_endian union:-)
-         *
-         * Special notes.
-         *
-         * - is_endian is declared automatic as doing otherwise
-         *   (declaring static) prevents gcc from eliminating
-         *   the redundant code;
-         * - compilers (those I've tried) don't seem to have
-         *   problems eliminating either the operators guarded
-         *   by "if (sizeof(RC4_CHUNK)==8)" or the condition
-         *   expressions themselves so I've got 'em to replace
-         *   corresponding #ifdefs from the previous version;
-         * - I chose to let the redundant switch cases when
-         *   sizeof(RC4_CHUNK)!=8 be (were also #ifdefed
-         *   before);
-         * - in case you wonder "&(sizeof(RC4_CHUNK)*8-1)" in
-         *   [LB]ESHFT guards against "shift is out of range"
-         *   warnings when sizeof(RC4_CHUNK)!=8
-         *
-         *                      <appro@fy.chalmers.se>
-         */
-        if (!is_endian.little) { /* BIG-ENDIAN CASE */
-# define BESHFT(c)      (((sizeof(RC4_CHUNK)-(c)-1)*8)&(sizeof(RC4_CHUNK)*8-1))
-            for (; len & (0 - sizeof(RC4_CHUNK)); len -= sizeof(RC4_CHUNK)) {
-                ichunk = *(RC4_CHUNK *) indata;
-                otp = RC4_STEP << BESHFT(0);
-                otp |= RC4_STEP << BESHFT(1);
-                otp |= RC4_STEP << BESHFT(2);
-                otp |= RC4_STEP << BESHFT(3);
-                if (sizeof(RC4_CHUNK) == 8) {
-                    otp |= RC4_STEP << BESHFT(4);
-                    otp |= RC4_STEP << BESHFT(5);
-                    otp |= RC4_STEP << BESHFT(6);
-                    otp |= RC4_STEP << BESHFT(7);
-                }
-                *(RC4_CHUNK *) outdata = otp ^ ichunk;
-                indata += sizeof(RC4_CHUNK);
-                outdata += sizeof(RC4_CHUNK);
-            }
-            if (len) {
-                RC4_CHUNK mask = (RC4_CHUNK) - 1, ochunk;
-
-                ichunk = *(RC4_CHUNK *) indata;
-                ochunk = *(RC4_CHUNK *) outdata;
-                otp = 0;
-                i = BESHFT(0);
-                mask <<= (sizeof(RC4_CHUNK) - len) << 3;
-                switch (len & (sizeof(RC4_CHUNK) - 1)) {
-                case 7:
-                    otp = RC4_STEP << i, i -= 8;
-                case 6:
-                    otp |= RC4_STEP << i, i -= 8;
-                case 5:
-                    otp |= RC4_STEP << i, i -= 8;
-                case 4:
-                    otp |= RC4_STEP << i, i -= 8;
-                case 3:
-                    otp |= RC4_STEP << i, i -= 8;
-                case 2:
-                    otp |= RC4_STEP << i, i -= 8;
-                case 1:
-                    otp |= RC4_STEP << i, i -= 8;
-                case 0:;       /*
-                                 * it's never the case,
-                                 * but it has to be here
-                                 * for ultrix?
-                                 */
-                }
-                ochunk &= ~mask;
-                ochunk |= (otp ^ ichunk) & mask;
-                *(RC4_CHUNK *) outdata = ochunk;
-            }
-            key->x = x;
-            key->y = y;
-            return;
-        } else {                /* LITTLE-ENDIAN CASE */
-# define LESHFT(c)      (((c)*8)&(sizeof(RC4_CHUNK)*8-1))
-            for (; len & (0 - sizeof(RC4_CHUNK)); len -= sizeof(RC4_CHUNK)) {
-                ichunk = *(RC4_CHUNK *) indata;
-                otp = RC4_STEP;
-                otp |= RC4_STEP << 8;
-                otp |= RC4_STEP << 16;
-                otp |= RC4_STEP << 24;
-                if (sizeof(RC4_CHUNK) == 8) {
-                    otp |= RC4_STEP << LESHFT(4);
-                    otp |= RC4_STEP << LESHFT(5);
-                    otp |= RC4_STEP << LESHFT(6);
-                    otp |= RC4_STEP << LESHFT(7);
-                }
-                *(RC4_CHUNK *) outdata = otp ^ ichunk;
-                indata += sizeof(RC4_CHUNK);
-                outdata += sizeof(RC4_CHUNK);
-            }
-            if (len) {
-                RC4_CHUNK mask = (RC4_CHUNK) - 1, ochunk;
-
-                ichunk = *(RC4_CHUNK *) indata;
-                ochunk = *(RC4_CHUNK *) outdata;
-                otp = 0;
-                i = 0;
-                mask >>= (sizeof(RC4_CHUNK) - len) << 3;
-                switch (len & (sizeof(RC4_CHUNK) - 1)) {
-                case 7:
-                    otp = RC4_STEP, i += 8;
-                case 6:
-                    otp |= RC4_STEP << i, i += 8;
-                case 5:
-                    otp |= RC4_STEP << i, i += 8;
-                case 4:
-                    otp |= RC4_STEP << i, i += 8;
-                case 3:
-                    otp |= RC4_STEP << i, i += 8;
-                case 2:
-                    otp |= RC4_STEP << i, i += 8;
-                case 1:
-                    otp |= RC4_STEP << i, i += 8;
-                case 0:;       /*
-                                 * it's never the case,
-                                 * but it has to be here
-                                 * for ultrix?
-                                 */
-                }
-                ochunk &= ~mask;
-                ochunk |= (otp ^ ichunk) & mask;
-                *(RC4_CHUNK *) outdata = ochunk;
-            }
-            key->x = x;
-            key->y = y;
-            return;
-        }
-    }
-#endif
 #define LOOP(in,out) \
                 x=((x+1)&0xff); \
                 tx=d[x]; \
@@ -280,27 +39,19 @@ void RC4(RC4_KEY *key, size_t len, const unsigned char *indata,
                 d[y]=tx; \
                 (out) = d[(tx+ty)&0xff]^ (in);
 
-#ifndef RC4_INDEX
-# define RC4_LOOP(a,b,i) LOOP(*((a)++),*((b)++))
-#else
-# define RC4_LOOP(a,b,i) LOOP(a[i],b[i])
-#endif
-
     i = len >> 3;
     if (i) {
         for (;;) {
-            RC4_LOOP(indata, outdata, 0);
-            RC4_LOOP(indata, outdata, 1);
-            RC4_LOOP(indata, outdata, 2);
-            RC4_LOOP(indata, outdata, 3);
-            RC4_LOOP(indata, outdata, 4);
-            RC4_LOOP(indata, outdata, 5);
-            RC4_LOOP(indata, outdata, 6);
-            RC4_LOOP(indata, outdata, 7);
-#ifdef RC4_INDEX
+            LOOP(indata[0], outdata[0]);
+            LOOP(indata[1], outdata[1]);
+            LOOP(indata[2], outdata[2]);
+            LOOP(indata[3], outdata[3]);
+            LOOP(indata[4], outdata[4]);
+            LOOP(indata[5], outdata[5]);
+            LOOP(indata[6], outdata[6]);
+            LOOP(indata[7], outdata[7]);
             indata += 8;
             outdata += 8;
-#endif
             if (--i == 0)
                 break;
         }
@@ -308,25 +59,25 @@ void RC4(RC4_KEY *key, size_t len, const unsigned char *indata,
     i = len & 0x07;
     if (i) {
         for (;;) {
-            RC4_LOOP(indata, outdata, 0);
+            LOOP(indata[0], outdata[0]);
             if (--i == 0)
                 break;
-            RC4_LOOP(indata, outdata, 1);
+            LOOP(indata[1], outdata[1]);
             if (--i == 0)
                 break;
-            RC4_LOOP(indata, outdata, 2);
+            LOOP(indata[2], outdata[2]);
             if (--i == 0)
                 break;
-            RC4_LOOP(indata, outdata, 3);
+            LOOP(indata[3], outdata[3]);
             if (--i == 0)
                 break;
-            RC4_LOOP(indata, outdata, 4);
+            LOOP(indata[4], outdata[4]);
             if (--i == 0)
                 break;
-            RC4_LOOP(indata, outdata, 5);
+            LOOP(indata[5], outdata[5]);
             if (--i == 0)
                 break;
-            RC4_LOOP(indata, outdata, 6);
+            LOOP(indata[6], outdata[6]);
             if (--i == 0)
                 break;
         }
diff --git a/freebsd/crypto/openssl/crypto/rc4/rc4_locl.h b/freebsd/crypto/openssl/crypto/rc4/rc4_locl.h
index faf8742f..4380addb 100644
--- a/freebsd/crypto/openssl/crypto/rc4/rc4_locl.h
+++ b/freebsd/crypto/openssl/crypto/rc4/rc4_locl.h
@@ -1,5 +1,16 @@
+/*
+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
 #ifndef HEADER_RC4_LOCL_H
 # define HEADER_RC4_LOCL_H
+
 # include <openssl/opensslconf.h>
-# include <cryptlib.h>
+# include "internal/cryptlib.h"
+
 #endif
diff --git a/freebsd/crypto/openssl/crypto/rc4/rc4_skey.c b/freebsd/crypto/openssl/crypto/rc4/rc4_skey.c
index b4eebcb9..2226bce6 100644
--- a/freebsd/crypto/openssl/crypto/rc4/rc4_skey.c
+++ b/freebsd/crypto/openssl/crypto/rc4/rc4_skey.c
@@ -1,94 +1,35 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/rc4/rc4_skey.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/rc4.h>
 #include "rc4_locl.h"
 #include <openssl/opensslv.h>
 
-const char RC4_version[] = "RC4" OPENSSL_VERSION_PTEXT;
-
 const char *RC4_options(void)
 {
-#ifdef RC4_INDEX
-    if (sizeof(RC4_INT) == 1)
-        return ("rc4(idx,char)");
-    else
-        return ("rc4(idx,int)");
-#else
     if (sizeof(RC4_INT) == 1)
-        return ("rc4(ptr,char)");
+        return "rc4(char)";
     else
-        return ("rc4(ptr,int)");
-#endif
+        return "rc4(int)";
 }
 
 /*-
  * RC4 as implemented from a posting from
  * Newsgroups: sci.crypt
- * From: sterndark@netcom.com (David Sterndark)
  * Subject: RC4 Algorithm revealed.
  * Message-ID: <sternCvKL4B.Hyy@netcom.com>
  * Date: Wed, 14 Sep 1994 06:35:31 GMT
  */
 
-void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data)
+void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data)
 {
     register RC4_INT tmp;
     register int id1, id2;
diff --git a/freebsd/crypto/openssl/crypto/rc4/rc4_utl.c b/freebsd/crypto/openssl/crypto/rc4/rc4_utl.c
deleted file mode 100644
index 408b5774..00000000
--- a/freebsd/crypto/openssl/crypto/rc4/rc4_utl.c
+++ /dev/null
@@ -1,64 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/rc4/rc4_utl.c */
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#include <openssl/opensslv.h>
-#include <openssl/crypto.h>
-#include <openssl/rc4.h>
-
-void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data)
-{
-#ifdef OPENSSL_FIPS
-    fips_cipher_abort(RC4);
-#endif
-    private_RC4_set_key(key, len, data);
-}
diff --git a/freebsd/crypto/openssl/crypto/rc4/rc4speed.c b/freebsd/crypto/openssl/crypto/rc4/rc4speed.c
deleted file mode 100644
index 5f2ee127..00000000
--- a/freebsd/crypto/openssl/crypto/rc4/rc4speed.c
+++ /dev/null
@@ -1,241 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/rc4/rc4speed.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
-/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
-
-#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
-# define TIMES
-#endif
-
-#include <stdio.h>
-
-#include <openssl/e_os2.h>
-#include OPENSSL_UNISTD_IO
-OPENSSL_DECLARE_EXIT
-#ifndef OPENSSL_SYS_NETWARE
-# include <signal.h>
-#endif
-#ifndef _IRIX
-# include <time.h>
-#endif
-#ifdef TIMES
-# include <sys/types.h>
-# include <sys/times.h>
-#endif
-    /*
-     * Depending on the VMS version, the tms structure is perhaps defined.
-     * The __TMS macro will show if it was.  If it wasn't defined, we should
-     * undefine TIMES, since that tells the rest of the program how things
-     * should be handled.  -- Richard Levitte
-     */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
-# undef TIMES
-#endif
-#ifndef TIMES
-# include <sys/timeb.h>
-#endif
-#if defined(sun) || defined(__ultrix)
-# define _POSIX_SOURCE
-# include <limits.h>
-# include <sys/param.h>
-#endif
-#include <openssl/rc4.h>
-/* The following if from times(3) man page.  It may need to be changed */
-#ifndef HZ
-# ifndef CLK_TCK
-#  define HZ      100.0
-# else                          /* CLK_TCK */
-#  define HZ ((double)CLK_TCK)
-# endif
-#endif
-#define BUFSIZE ((long)1024)
-long run = 0;
-
-double Time_F(int s);
-#ifdef SIGALRM
-# if defined(__STDC__) || defined(sgi) || defined(_AIX)
-#  define SIGRETTYPE void
-# else
-#  define SIGRETTYPE int
-# endif
-
-SIGRETTYPE sig_done(int sig);
-SIGRETTYPE sig_done(int sig)
-{
-    signal(SIGALRM, sig_done);
-    run = 0;
-# ifdef LINT
-    sig = sig;
-# endif
-}
-#endif
-
-#define START   0
-#define STOP    1
-
-double Time_F(int s)
-{
-    double ret;
-#ifdef TIMES
-    static struct tms tstart, tend;
-
-    if (s == START) {
-        times(&tstart);
-        return (0);
-    } else {
-        times(&tend);
-        ret = ((double)(tend.tms_utime - tstart.tms_utime)) / HZ;
-        return ((ret == 0.0) ? 1e-6 : ret);
-    }
-#else                           /* !times() */
-    static struct timeb tstart, tend;
-    long i;
-
-    if (s == START) {
-        ftime(&tstart);
-        return (0);
-    } else {
-        ftime(&tend);
-        i = (long)tend.millitm - (long)tstart.millitm;
-        ret = ((double)(tend.time - tstart.time)) + ((double)i) / 1e3;
-        return ((ret == 0.0) ? 1e-6 : ret);
-    }
-#endif
-}
-
-int main(int argc, char **argv)
-{
-    long count;
-    static unsigned char buf[BUFSIZE];
-    static unsigned char key[] = {
-        0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
-        0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
-    };
-    RC4_KEY sch;
-    double a, b, c, d;
-#ifndef SIGALRM
-    long ca, cb, cc;
-#endif
-
-#ifndef TIMES
-    printf("To get the most accurate results, try to run this\n");
-    printf("program when this computer is idle.\n");
-#endif
-
-#ifndef SIGALRM
-    printf("First we calculate the approximate speed ...\n");
-    RC4_set_key(&sch, 16, key);
-    count = 10;
-    do {
-        long i;
-        unsigned long data[2];
-
-        count *= 2;
-        Time_F(START);
-        for (i = count; i; i--)
-            RC4(&sch, 8, buf, buf);
-        d = Time_F(STOP);
-    } while (d < 3.0);
-    ca = count / 512;
-    cc = count * 8 / BUFSIZE + 1;
-    printf("Doing RC4_set_key %ld times\n", ca);
-# define COND(d) (count != (d))
-# define COUNT(d) (d)
-#else
-# define COND(c) (run)
-# define COUNT(d) (count)
-    signal(SIGALRM, sig_done);
-    printf("Doing RC4_set_key for 10 seconds\n");
-    alarm(10);
-#endif
-
-    Time_F(START);
-    for (count = 0, run = 1; COND(ca); count += 4) {
-        RC4_set_key(&sch, 16, key);
-        RC4_set_key(&sch, 16, key);
-        RC4_set_key(&sch, 16, key);
-        RC4_set_key(&sch, 16, key);
-    }
-    d = Time_F(STOP);
-    printf("%ld RC4_set_key's in %.2f seconds\n", count, d);
-    a = ((double)COUNT(ca)) / d;
-
-#ifdef SIGALRM
-    printf("Doing RC4 on %ld byte blocks for 10 seconds\n", BUFSIZE);
-    alarm(10);
-#else
-    printf("Doing RC4 %ld times on %ld byte blocks\n", cc, BUFSIZE);
-#endif
-    Time_F(START);
-    for (count = 0, run = 1; COND(cc); count++)
-        RC4(&sch, BUFSIZE, buf, buf);
-    d = Time_F(STOP);
-    printf("%ld RC4's of %ld byte blocks in %.2f second\n",
-           count, BUFSIZE, d);
-    c = ((double)COUNT(cc) * BUFSIZE) / d;
-
-    printf("RC4 set_key per sec = %12.2f (%9.3fuS)\n", a, 1.0e6 / a);
-    printf("RC4   bytes per sec = %12.2f (%9.3fuS)\n", c, 8.0e6 / c);
-    exit(0);
-#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
-    return (0);
-#endif
-}
diff --git a/freebsd/crypto/openssl/crypto/rc4/rc4test.c b/freebsd/crypto/openssl/crypto/rc4/rc4test.c
deleted file mode 100644
index 540e8482..00000000
--- a/freebsd/crypto/openssl/crypto/rc4/rc4test.c
+++ /dev/null
@@ -1,237 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/rc4/rc4test.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "../e_os.h"
-
-#ifdef OPENSSL_NO_RC4
-int main(int argc, char *argv[])
-{
-    printf("No RC4 support\n");
-    return (0);
-}
-#else
-# include <openssl/rc4.h>
-# include <openssl/sha.h>
-
-static unsigned char keys[7][30] = {
-    {8, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef},
-    {8, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef},
-    {8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
-    {4, 0xef, 0x01, 0x23, 0x45},
-    {8, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef},
-    {4, 0xef, 0x01, 0x23, 0x45},
-};
-
-static unsigned char data_len[7] = { 8, 8, 8, 20, 28, 10 };
-
-static unsigned char data[7][30] = {
-    {0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xff},
-    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff},
-    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff},
-    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-     0x00, 0x00, 0x00, 0x00, 0xff},
-    {0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0,
-     0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0,
-     0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0,
-     0x12, 0x34, 0x56, 0x78, 0xff},
-    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff},
-    {0},
-};
-
-static unsigned char output[7][30] = {
-    {0x75, 0xb7, 0x87, 0x80, 0x99, 0xe0, 0xc5, 0x96, 0x00},
-    {0x74, 0x94, 0xc2, 0xe7, 0x10, 0x4b, 0x08, 0x79, 0x00},
-    {0xde, 0x18, 0x89, 0x41, 0xa3, 0x37, 0x5d, 0x3a, 0x00},
-    {0xd6, 0xa1, 0x41, 0xa7, 0xec, 0x3c, 0x38, 0xdf,
-     0xbd, 0x61, 0x5a, 0x11, 0x62, 0xe1, 0xc7, 0xba,
-     0x36, 0xb6, 0x78, 0x58, 0x00},
-    {0x66, 0xa0, 0x94, 0x9f, 0x8a, 0xf7, 0xd6, 0x89,
-     0x1f, 0x7f, 0x83, 0x2b, 0xa8, 0x33, 0xc0, 0x0c,
-     0x89, 0x2e, 0xbe, 0x30, 0x14, 0x3c, 0xe2, 0x87,
-     0x40, 0x01, 0x1e, 0xcf, 0x00},
-    {0xd6, 0xa1, 0x41, 0xa7, 0xec, 0x3c, 0x38, 0xdf, 0xbd, 0x61, 0x00},
-    {0},
-};
-
-int main(int argc, char *argv[])
-{
-    int i, err = 0;
-    int j;
-    unsigned char *p;
-    RC4_KEY key;
-    unsigned char obuf[512];
-
-# if !defined(OPENSSL_PIC)
-    void OPENSSL_cpuid_setup(void);
-
-    OPENSSL_cpuid_setup();
-# endif
-
-    for (i = 0; i < 6; i++) {
-        RC4_set_key(&key, keys[i][0], &(keys[i][1]));
-        memset(obuf, 0x00, sizeof(obuf));
-        RC4(&key, data_len[i], &(data[i][0]), obuf);
-        if (memcmp(obuf, output[i], data_len[i] + 1) != 0) {
-            printf("error calculating RC4\n");
-            printf("output:");
-            for (j = 0; j < data_len[i] + 1; j++)
-                printf(" %02x", obuf[j]);
-            printf("\n");
-            printf("expect:");
-            p = &(output[i][0]);
-            for (j = 0; j < data_len[i] + 1; j++)
-                printf(" %02x", *(p++));
-            printf("\n");
-            err++;
-        } else
-            printf("test %d ok\n", i);
-    }
-    printf("test end processing ");
-    for (i = 0; i < data_len[3]; i++) {
-        RC4_set_key(&key, keys[3][0], &(keys[3][1]));
-        memset(obuf, 0x00, sizeof(obuf));
-        RC4(&key, i, &(data[3][0]), obuf);
-        if ((memcmp(obuf, output[3], i) != 0) || (obuf[i] != 0)) {
-            printf("error in RC4 length processing\n");
-            printf("output:");
-            for (j = 0; j < i + 1; j++)
-                printf(" %02x", obuf[j]);
-            printf("\n");
-            printf("expect:");
-            p = &(output[3][0]);
-            for (j = 0; j < i; j++)
-                printf(" %02x", *(p++));
-            printf(" 00\n");
-            err++;
-        } else {
-            printf(".");
-            fflush(stdout);
-        }
-    }
-    printf("done\n");
-    printf("test multi-call ");
-    for (i = 0; i < data_len[3]; i++) {
-        RC4_set_key(&key, keys[3][0], &(keys[3][1]));
-        memset(obuf, 0x00, sizeof(obuf));
-        RC4(&key, i, &(data[3][0]), obuf);
-        RC4(&key, data_len[3] - i, &(data[3][i]), &(obuf[i]));
-        if (memcmp(obuf, output[3], data_len[3] + 1) != 0) {
-            printf("error in RC4 multi-call processing\n");
-            printf("output:");
-            for (j = 0; j < data_len[3] + 1; j++)
-                printf(" %02x", obuf[j]);
-            printf("\n");
-            printf("expect:");
-            p = &(output[3][0]);
-            for (j = 0; j < data_len[3] + 1; j++)
-                printf(" %02x", *(p++));
-            err++;
-        } else {
-            printf(".");
-            fflush(stdout);
-        }
-    }
-    printf("done\n");
-    printf("bulk test ");
-    {
-        unsigned char buf[513];
-        SHA_CTX c;
-        unsigned char md[SHA_DIGEST_LENGTH];
-        static unsigned char expected[] = {
-            0xa4, 0x7b, 0xcc, 0x00, 0x3d, 0xd0, 0xbd, 0xe1, 0xac, 0x5f,
-            0x12, 0x1e, 0x45, 0xbc, 0xfb, 0x1a, 0xa1, 0xf2, 0x7f, 0xc5
-        };
-
-        RC4_set_key(&key, keys[0][0], &(keys[3][1]));
-        memset(buf, '\0', sizeof(buf));
-        SHA1_Init(&c);
-        for (i = 0; i < 2571; i++) {
-            RC4(&key, sizeof(buf), buf, buf);
-            SHA1_Update(&c, buf, sizeof(buf));
-        }
-        SHA1_Final(md, &c);
-
-        if (memcmp(md, expected, sizeof(md))) {
-            printf("error in RC4 bulk test\n");
-            printf("output:");
-            for (j = 0; j < (int)sizeof(md); j++)
-                printf(" %02x", md[j]);
-            printf("\n");
-            printf("expect:");
-            for (j = 0; j < (int)sizeof(md); j++)
-                printf(" %02x", expected[j]);
-            printf("\n");
-            err++;
-        } else
-            printf("ok\n");
-    }
-# ifdef OPENSSL_SYS_NETWARE
-    if (err)
-        printf("ERROR: %d\n", err);
-# endif
-    EXIT(err);
-    return (0);
-}
-#endif
diff --git a/freebsd/crypto/openssl/crypto/ripemd/ripemd.h b/freebsd/crypto/openssl/crypto/ripemd/ripemd.h
deleted file mode 100644
index b88ef25e..00000000
--- a/freebsd/crypto/openssl/crypto/ripemd/ripemd.h
+++ /dev/null
@@ -1,105 +0,0 @@
-/* crypto/ripemd/ripemd.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_RIPEMD_H
-# define HEADER_RIPEMD_H
-
-# include <openssl/e_os2.h>
-# include <stddef.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-# ifdef OPENSSL_NO_RIPEMD
-#  error RIPEMD is disabled.
-# endif
-
-# if defined(__LP32__)
-#  define RIPEMD160_LONG unsigned long
-# elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
-#  define RIPEMD160_LONG unsigned long
-#  define RIPEMD160_LONG_LOG2 3
-# else
-#  define RIPEMD160_LONG unsigned int
-# endif
-
-# define RIPEMD160_CBLOCK        64
-# define RIPEMD160_LBLOCK        (RIPEMD160_CBLOCK/4)
-# define RIPEMD160_DIGEST_LENGTH 20
-
-typedef struct RIPEMD160state_st {
-    RIPEMD160_LONG A, B, C, D, E;
-    RIPEMD160_LONG Nl, Nh;
-    RIPEMD160_LONG data[RIPEMD160_LBLOCK];
-    unsigned int num;
-} RIPEMD160_CTX;
-
-# ifdef OPENSSL_FIPS
-int private_RIPEMD160_Init(RIPEMD160_CTX *c);
-# endif
-int RIPEMD160_Init(RIPEMD160_CTX *c);
-int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len);
-int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);
-unsigned char *RIPEMD160(const unsigned char *d, size_t n, unsigned char *md);
-void RIPEMD160_Transform(RIPEMD160_CTX *c, const unsigned char *b);
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/freebsd/crypto/openssl/crypto/ripemd/rmd160.c b/freebsd/crypto/openssl/crypto/ripemd/rmd160.c
deleted file mode 100644
index b775d040..00000000
--- a/freebsd/crypto/openssl/crypto/ripemd/rmd160.c
+++ /dev/null
@@ -1,123 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/ripemd/rmd160.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/ripemd.h>
-
-#define BUFSIZE 1024*16
-
-void do_fp(FILE *f);
-void pt(unsigned char *md);
-#if !defined(_OSD_POSIX) && !defined(__DJGPP__)
-int read(int, void *, unsigned int);
-#endif
-
-int main(int argc, char **argv)
-{
-    int i, err = 0;
-    FILE *IN;
-
-    if (argc == 1) {
-        do_fp(stdin);
-    } else {
-        for (i = 1; i < argc; i++) {
-            IN = fopen(argv[i], "r");
-            if (IN == NULL) {
-                perror(argv[i]);
-                err++;
-                continue;
-            }
-            printf("RIPEMD160(%s)= ", argv[i]);
-            do_fp(IN);
-            fclose(IN);
-        }
-    }
-    exit(err);
-}
-
-void do_fp(FILE *f)
-{
-    RIPEMD160_CTX c;
-    unsigned char md[RIPEMD160_DIGEST_LENGTH];
-    int fd;
-    int i;
-    static unsigned char buf[BUFSIZE];
-
-    fd = fileno(f);
-    RIPEMD160_Init(&c);
-    for (;;) {
-        i = read(fd, buf, BUFSIZE);
-        if (i <= 0)
-            break;
-        RIPEMD160_Update(&c, buf, (unsigned long)i);
-    }
-    RIPEMD160_Final(&(md[0]), &c);
-    pt(md);
-}
-
-void pt(unsigned char *md)
-{
-    int i;
-
-    for (i = 0; i < RIPEMD160_DIGEST_LENGTH; i++)
-        printf("%02x", md[i]);
-    printf("\n");
-}
diff --git a/freebsd/crypto/openssl/crypto/ripemd/rmd_dgst.c b/freebsd/crypto/openssl/crypto/ripemd/rmd_dgst.c
index eddb6fbd..d7c101e7 100644
--- a/freebsd/crypto/openssl/crypto/ripemd/rmd_dgst.c
+++ b/freebsd/crypto/openssl/crypto/ripemd/rmd_dgst.c
@@ -1,69 +1,17 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/ripemd/rmd_dgst.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include "rmd_locl.h"
 #include <openssl/opensslv.h>
-#include <openssl/crypto.h>
-
-const char RMD160_version[] = "RIPE-MD160" OPENSSL_VERSION_PTEXT;
 
 #ifdef RMD160_ASM
 void ripemd160_block_x86(RIPEMD160_CTX *c, unsigned long *p, size_t num);
@@ -72,7 +20,7 @@ void ripemd160_block_x86(RIPEMD160_CTX *c, unsigned long *p, size_t num);
 void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p, size_t num);
 #endif
 
-fips_md_init(RIPEMD160)
+int RIPEMD160_Init(RIPEMD160_CTX *c)
 {
     memset(c, 0, sizeof(*c));
     c->A = RIPEMD160_A;
diff --git a/freebsd/crypto/openssl/crypto/ripemd/rmd_locl.h b/freebsd/crypto/openssl/crypto/ripemd/rmd_locl.h
index 26e02563..f1ae4323 100644
--- a/freebsd/crypto/openssl/crypto/ripemd/rmd_locl.h
+++ b/freebsd/crypto/openssl/crypto/ripemd/rmd_locl.h
@@ -1,59 +1,10 @@
-/* crypto/ripemd/rmd_locl.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdlib.h>
@@ -61,17 +12,12 @@
 #include <openssl/opensslconf.h>
 #include <openssl/ripemd.h>
 
-#ifndef RIPEMD160_LONG_LOG2
-# define RIPEMD160_LONG_LOG2 2  /* default to 32 bits */
-#endif
-
 /*
  * DO EXAMINE COMMENTS IN crypto/md5/md5_locl.h & crypto/md5/md5_dgst.c
  * FOR EXPLANATIONS ON FOLLOWING "CODE."
- *                                      <appro@fy.chalmers.se>
  */
 #ifdef RMD160_ASM
-# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
+# if defined(__i386) || defined(__i386__) || defined(_M_IX86)
 #  define ripemd160_block_data_order ripemd160_block_asm_data_order
 # endif
 #endif
@@ -96,24 +42,16 @@ void ripemd160_block_data_order(RIPEMD160_CTX *c, const void *p, size_t num);
         } while (0)
 #define HASH_BLOCK_DATA_ORDER   ripemd160_block_data_order
 
-#include "md32_common.h"
+#include "internal/md32_common.h"
 
-#if 0
-# define F1(x,y,z)        ((x)^(y)^(z))
-# define F2(x,y,z)       (((x)&(y))|((~x)&z))
-# define F3(x,y,z)       (((x)|(~y))^(z))
-# define F4(x,y,z)       (((x)&(z))|((y)&(~(z))))
-# define F5(x,y,z)        ((x)^((y)|(~(z))))
-#else
 /*
- * Transformed F2 and F4 are courtesy of Wei Dai <weidai@eskimo.com>
+ * Transformed F2 and F4 are courtesy of Wei Dai
  */
-# define F1(x,y,z)       ((x) ^ (y) ^ (z))
-# define F2(x,y,z)       ((((y) ^ (z)) & (x)) ^ (z))
-# define F3(x,y,z)       (((~(y)) | (x)) ^ (z))
-# define F4(x,y,z)       ((((x) ^ (y)) & (z)) ^ (y))
-# define F5(x,y,z)       (((~(z)) | (y)) ^ (x))
-#endif
+#define F1(x,y,z)       ((x) ^ (y) ^ (z))
+#define F2(x,y,z)       ((((y) ^ (z)) & (x)) ^ (z))
+#define F3(x,y,z)       (((~(y)) | (x)) ^ (z))
+#define F4(x,y,z)       ((((x) ^ (y)) & (z)) ^ (y))
+#define F5(x,y,z)       (((~(z)) | (y)) ^ (x))
 
 #define RIPEMD160_A     0x67452301L
 #define RIPEMD160_B     0xEFCDAB89L
diff --git a/freebsd/crypto/openssl/crypto/ripemd/rmd_one.c b/freebsd/crypto/openssl/crypto/ripemd/rmd_one.c
index b15eca3e..423420ea 100644
--- a/freebsd/crypto/openssl/crypto/ripemd/rmd_one.c
+++ b/freebsd/crypto/openssl/crypto/ripemd/rmd_one.c
@@ -1,61 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/ripemd/rmd_one.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
@@ -75,5 +26,5 @@ unsigned char *RIPEMD160(const unsigned char *d, size_t n, unsigned char *md)
     RIPEMD160_Update(&c, d, n);
     RIPEMD160_Final(md, &c);
     OPENSSL_cleanse(&c, sizeof(c)); /* security consideration */
-    return (md);
+    return md;
 }
diff --git a/freebsd/crypto/openssl/crypto/ripemd/rmdconst.h b/freebsd/crypto/openssl/crypto/ripemd/rmdconst.h
index 8fe33de1..b8101323 100644
--- a/freebsd/crypto/openssl/crypto/ripemd/rmdconst.h
+++ b/freebsd/crypto/openssl/crypto/ripemd/rmdconst.h
@@ -1,60 +1,12 @@
-/* crypto/ripemd/rmdconst.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
+
 #define KL0 0x00000000L
 #define KL1 0x5A827999L
 #define KL2 0x6ED9EBA1L
diff --git a/freebsd/crypto/openssl/crypto/ripemd/rmdtest.c b/freebsd/crypto/openssl/crypto/ripemd/rmdtest.c
deleted file mode 100644
index da59704e..00000000
--- a/freebsd/crypto/openssl/crypto/ripemd/rmdtest.c
+++ /dev/null
@@ -1,145 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/ripemd/rmdtest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-#include "../e_os.h"
-
-#ifdef OPENSSL_NO_RIPEMD
-int main(int argc, char *argv[])
-{
-    printf("No ripemd support\n");
-    return (0);
-}
-#else
-# include <openssl/ripemd.h>
-# include <openssl/evp.h>
-
-# ifdef CHARSET_EBCDIC
-#  include <openssl/ebcdic.h>
-# endif
-
-static char *test[] = {
-    "",
-    "a",
-    "abc",
-    "message digest",
-    "abcdefghijklmnopqrstuvwxyz",
-    "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
-    "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
-    "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
-    NULL,
-};
-
-static char *ret[] = {
-    "9c1185a5c5e9fc54612808977ee8f548b2258d31",
-    "0bdc9d2d256b3ee9daae347be6f4dc835a467ffe",
-    "8eb208f7e05d987a9b044a8e98c6b087f15a0bfc",
-    "5d0689ef49d2fae572b881b123a85ffa21595f36",
-    "f71c27109c692c1b56bbdceb5b9d2865b3708dbc",
-    "12a053384a9c0c88e405a06c27dcf49ada62eb2b",
-    "b0e20b6e3116640286ed3a87a5713079b21f5189",
-    "9b752e45573d4b39f4dbd3323cab82bf63326bfb",
-};
-
-static char *pt(unsigned char *md);
-int main(int argc, char *argv[])
-{
-    int i, err = 0;
-    char **P, **R;
-    char *p;
-    unsigned char md[RIPEMD160_DIGEST_LENGTH];
-
-    P = test;
-    R = ret;
-    i = 1;
-    while (*P != NULL) {
-# ifdef CHARSET_EBCDIC
-        ebcdic2ascii((char *)*P, (char *)*P, strlen((char *)*P));
-# endif
-        EVP_Digest(&(P[0][0]), strlen((char *)*P), md, NULL, EVP_ripemd160(),
-                   NULL);
-        p = pt(md);
-        if (strcmp(p, (char *)*R) != 0) {
-            printf("error calculating RIPEMD160 on '%s'\n", *P);
-            printf("got %s instead of %s\n", p, *R);
-            err++;
-        } else
-            printf("test %d ok\n", i);
-        i++;
-        R++;
-        P++;
-    }
-    EXIT(err);
-    return (0);
-}
-
-static char *pt(unsigned char *md)
-{
-    int i;
-    static char buf[80];
-
-    for (i = 0; i < RIPEMD160_DIGEST_LENGTH; i++)
-        sprintf(&(buf[i * 2]), "%02x", md[i]);
-    return (buf);
-}
-#endif
diff --git a/freebsd/crypto/openssl/crypto/rsa/rsa.h b/freebsd/crypto/openssl/crypto/rsa/rsa.h
deleted file mode 100644
index d2ee3740..00000000
--- a/freebsd/crypto/openssl/crypto/rsa/rsa.h
+++ /dev/null
@@ -1,664 +0,0 @@
-/* crypto/rsa/rsa.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_RSA_H
-# define HEADER_RSA_H
-
-# include <openssl/asn1.h>
-
-# ifndef OPENSSL_NO_BIO
-#  include <openssl/bio.h>
-# endif
-# include <openssl/crypto.h>
-# include <openssl/ossl_typ.h>
-# ifndef OPENSSL_NO_DEPRECATED
-#  include <openssl/bn.h>
-# endif
-
-# ifdef OPENSSL_NO_RSA
-#  error RSA is disabled.
-# endif
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* Declared already in ossl_typ.h */
-/* typedef struct rsa_st RSA; */
-/* typedef struct rsa_meth_st RSA_METHOD; */
-
-struct rsa_meth_st {
-    const char *name;
-    int (*rsa_pub_enc) (int flen, const unsigned char *from,
-                        unsigned char *to, RSA *rsa, int padding);
-    int (*rsa_pub_dec) (int flen, const unsigned char *from,
-                        unsigned char *to, RSA *rsa, int padding);
-    int (*rsa_priv_enc) (int flen, const unsigned char *from,
-                         unsigned char *to, RSA *rsa, int padding);
-    int (*rsa_priv_dec) (int flen, const unsigned char *from,
-                         unsigned char *to, RSA *rsa, int padding);
-    /* Can be null */
-    int (*rsa_mod_exp) (BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
-    /* Can be null */
-    int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                       const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-    /* called at new */
-    int (*init) (RSA *rsa);
-    /* called at free */
-    int (*finish) (RSA *rsa);
-    /* RSA_METHOD_FLAG_* things */
-    int flags;
-    /* may be needed! */
-    char *app_data;
-    /*
-     * New sign and verify functions: some libraries don't allow arbitrary
-     * data to be signed/verified: this allows them to be used. Note: for
-     * this to work the RSA_public_decrypt() and RSA_private_encrypt() should
-     * *NOT* be used RSA_sign(), RSA_verify() should be used instead. Note:
-     * for backwards compatibility this functionality is only enabled if the
-     * RSA_FLAG_SIGN_VER option is set in 'flags'.
-     */
-    int (*rsa_sign) (int type,
-                     const unsigned char *m, unsigned int m_length,
-                     unsigned char *sigret, unsigned int *siglen,
-                     const RSA *rsa);
-    int (*rsa_verify) (int dtype, const unsigned char *m,
-                       unsigned int m_length, const unsigned char *sigbuf,
-                       unsigned int siglen, const RSA *rsa);
-    /*
-     * If this callback is NULL, the builtin software RSA key-gen will be
-     * used. This is for behavioural compatibility whilst the code gets
-     * rewired, but one day it would be nice to assume there are no such
-     * things as "builtin software" implementations.
-     */
-    int (*rsa_keygen) (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
-};
-
-struct rsa_st {
-    /*
-     * The first parameter is used to pickup errors where this is passed
-     * instead of aEVP_PKEY, it is set to 0
-     */
-    int pad;
-    long version;
-    const RSA_METHOD *meth;
-    /* functional reference if 'meth' is ENGINE-provided */
-    ENGINE *engine;
-    BIGNUM *n;
-    BIGNUM *e;
-    BIGNUM *d;
-    BIGNUM *p;
-    BIGNUM *q;
-    BIGNUM *dmp1;
-    BIGNUM *dmq1;
-    BIGNUM *iqmp;
-    /* be careful using this if the RSA structure is shared */
-    CRYPTO_EX_DATA ex_data;
-    int references;
-    int flags;
-    /* Used to cache montgomery values */
-    BN_MONT_CTX *_method_mod_n;
-    BN_MONT_CTX *_method_mod_p;
-    BN_MONT_CTX *_method_mod_q;
-    /*
-     * all BIGNUM values are actually in the following data, if it is not
-     * NULL
-     */
-    char *bignum_data;
-    BN_BLINDING *blinding;
-    BN_BLINDING *mt_blinding;
-};
-
-# ifndef OPENSSL_RSA_MAX_MODULUS_BITS
-#  define OPENSSL_RSA_MAX_MODULUS_BITS   16384
-# endif
-
-# ifndef OPENSSL_RSA_SMALL_MODULUS_BITS
-#  define OPENSSL_RSA_SMALL_MODULUS_BITS 3072
-# endif
-# ifndef OPENSSL_RSA_MAX_PUBEXP_BITS
-
-/* exponent limit enforced for "large" modulus only */
-#  define OPENSSL_RSA_MAX_PUBEXP_BITS    64
-# endif
-
-# define RSA_3   0x3L
-# define RSA_F4  0x10001L
-
-# define RSA_METHOD_FLAG_NO_CHECK        0x0001/* don't check pub/private
-                                                * match */
-
-# define RSA_FLAG_CACHE_PUBLIC           0x0002
-# define RSA_FLAG_CACHE_PRIVATE          0x0004
-# define RSA_FLAG_BLINDING               0x0008
-# define RSA_FLAG_THREAD_SAFE            0x0010
-/*
- * This flag means the private key operations will be handled by rsa_mod_exp
- * and that they do not depend on the private key components being present:
- * for example a key stored in external hardware. Without this flag
- * bn_mod_exp gets called when private key components are absent.
- */
-# define RSA_FLAG_EXT_PKEY               0x0020
-
-/*
- * This flag in the RSA_METHOD enables the new rsa_sign, rsa_verify
- * functions.
- */
-# define RSA_FLAG_SIGN_VER               0x0040
-
-/*
- * new with 0.9.6j and 0.9.7b; the built-in
- * RSA implementation now uses blinding by
- * default (ignoring RSA_FLAG_BLINDING),
- * but other engines might not need it
- */
-# define RSA_FLAG_NO_BLINDING            0x0080
-/*
- * new with 0.9.8f; the built-in RSA
- * implementation now uses constant time
- * operations by default in private key operations,
- * e.g., constant time modular exponentiation,
- * modular inverse without leaking branches,
- * division without leaking branches. This
- * flag disables these constant time
- * operations and results in faster RSA
- * private key operations.
- */
-# define RSA_FLAG_NO_CONSTTIME           0x0100
-# ifdef OPENSSL_USE_DEPRECATED
-/* deprecated name for the flag*/
-/*
- * new with 0.9.7h; the built-in RSA
- * implementation now uses constant time
- * modular exponentiation for secret exponents
- * by default. This flag causes the
- * faster variable sliding window method to
- * be used for all exponents.
- */
-#  define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME
-# endif
-
-# define EVP_PKEY_CTX_set_rsa_padding(ctx, pad) \
-        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, EVP_PKEY_CTRL_RSA_PADDING, \
-                                pad, NULL)
-
-# define EVP_PKEY_CTX_get_rsa_padding(ctx, ppad) \
-        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, \
-                                EVP_PKEY_CTRL_GET_RSA_PADDING, 0, ppad)
-
-# define EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, len) \
-        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \
-                                (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \
-                                EVP_PKEY_CTRL_RSA_PSS_SALTLEN, \
-                                len, NULL)
-
-# define EVP_PKEY_CTX_get_rsa_pss_saltlen(ctx, plen) \
-        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \
-                                (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \
-                                EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN, \
-                                0, plen)
-
-# define EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits) \
-        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, \
-                                EVP_PKEY_CTRL_RSA_KEYGEN_BITS, bits, NULL)
-
-# define EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp) \
-        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, \
-                                EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp)
-
-# define  EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, md)  \
-                EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \
-                        EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, \
-                                EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)md)
-
-# define  EVP_PKEY_CTX_set_rsa_oaep_md(ctx, md)  \
-                EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT,  \
-                                EVP_PKEY_CTRL_RSA_OAEP_MD, 0, (void *)md)
-
-# define  EVP_PKEY_CTX_get_rsa_mgf1_md(ctx, pmd) \
-                EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \
-                        EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, \
-                                EVP_PKEY_CTRL_GET_RSA_MGF1_MD, 0, (void *)pmd)
-
-# define  EVP_PKEY_CTX_get_rsa_oaep_md(ctx, pmd) \
-                EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT,  \
-                                EVP_PKEY_CTRL_GET_RSA_OAEP_MD, 0, (void *)pmd)
-
-# define  EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, l, llen) \
-                EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT,  \
-                                EVP_PKEY_CTRL_RSA_OAEP_LABEL, llen, (void *)l)
-
-# define  EVP_PKEY_CTX_get0_rsa_oaep_label(ctx, l)       \
-                EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT,  \
-                                EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL, 0, (void *)l)
-
-# define EVP_PKEY_CTRL_RSA_PADDING       (EVP_PKEY_ALG_CTRL + 1)
-# define EVP_PKEY_CTRL_RSA_PSS_SALTLEN   (EVP_PKEY_ALG_CTRL + 2)
-
-# define EVP_PKEY_CTRL_RSA_KEYGEN_BITS   (EVP_PKEY_ALG_CTRL + 3)
-# define EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP (EVP_PKEY_ALG_CTRL + 4)
-# define EVP_PKEY_CTRL_RSA_MGF1_MD       (EVP_PKEY_ALG_CTRL + 5)
-
-# define EVP_PKEY_CTRL_GET_RSA_PADDING           (EVP_PKEY_ALG_CTRL + 6)
-# define EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN       (EVP_PKEY_ALG_CTRL + 7)
-# define EVP_PKEY_CTRL_GET_RSA_MGF1_MD           (EVP_PKEY_ALG_CTRL + 8)
-
-# define EVP_PKEY_CTRL_RSA_OAEP_MD       (EVP_PKEY_ALG_CTRL + 9)
-# define EVP_PKEY_CTRL_RSA_OAEP_LABEL    (EVP_PKEY_ALG_CTRL + 10)
-
-# define EVP_PKEY_CTRL_GET_RSA_OAEP_MD   (EVP_PKEY_ALG_CTRL + 11)
-# define EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 12)
-
-# define RSA_PKCS1_PADDING       1
-# define RSA_SSLV23_PADDING      2
-# define RSA_NO_PADDING          3
-# define RSA_PKCS1_OAEP_PADDING  4
-# define RSA_X931_PADDING        5
-/* EVP_PKEY_ only */
-# define RSA_PKCS1_PSS_PADDING   6
-
-# define RSA_PKCS1_PADDING_SIZE  11
-
-# define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,arg)
-# define RSA_get_app_data(s)             RSA_get_ex_data(s,0)
-
-RSA *RSA_new(void);
-RSA *RSA_new_method(ENGINE *engine);
-int RSA_size(const RSA *rsa);
-
-/* Deprecated version */
-# ifndef OPENSSL_NO_DEPRECATED
-RSA *RSA_generate_key(int bits, unsigned long e, void
-                       (*callback) (int, int, void *), void *cb_arg);
-# endif                         /* !defined(OPENSSL_NO_DEPRECATED) */
-
-/* New version */
-int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
-
-int RSA_check_key(const RSA *);
-        /* next 4 return -1 on error */
-int RSA_public_encrypt(int flen, const unsigned char *from,
-                       unsigned char *to, RSA *rsa, int padding);
-int RSA_private_encrypt(int flen, const unsigned char *from,
-                        unsigned char *to, RSA *rsa, int padding);
-int RSA_public_decrypt(int flen, const unsigned char *from,
-                       unsigned char *to, RSA *rsa, int padding);
-int RSA_private_decrypt(int flen, const unsigned char *from,
-                        unsigned char *to, RSA *rsa, int padding);
-void RSA_free(RSA *r);
-/* "up" the RSA object's reference count */
-int RSA_up_ref(RSA *r);
-
-int RSA_flags(const RSA *r);
-
-void RSA_set_default_method(const RSA_METHOD *meth);
-const RSA_METHOD *RSA_get_default_method(void);
-const RSA_METHOD *RSA_get_method(const RSA *rsa);
-int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
-
-/* This function needs the memory locking malloc callbacks to be installed */
-int RSA_memory_lock(RSA *r);
-
-/* these are the actual SSLeay RSA functions */
-const RSA_METHOD *RSA_PKCS1_SSLeay(void);
-
-const RSA_METHOD *RSA_null_method(void);
-
-DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPublicKey)
-DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPrivateKey)
-
-typedef struct rsa_pss_params_st {
-    X509_ALGOR *hashAlgorithm;
-    X509_ALGOR *maskGenAlgorithm;
-    ASN1_INTEGER *saltLength;
-    ASN1_INTEGER *trailerField;
-} RSA_PSS_PARAMS;
-
-DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS)
-
-typedef struct rsa_oaep_params_st {
-    X509_ALGOR *hashFunc;
-    X509_ALGOR *maskGenFunc;
-    X509_ALGOR *pSourceFunc;
-} RSA_OAEP_PARAMS;
-
-DECLARE_ASN1_FUNCTIONS(RSA_OAEP_PARAMS)
-
-# ifndef OPENSSL_NO_FP_API
-int RSA_print_fp(FILE *fp, const RSA *r, int offset);
-# endif
-
-# ifndef OPENSSL_NO_BIO
-int RSA_print(BIO *bp, const RSA *r, int offset);
-# endif
-
-# ifndef OPENSSL_NO_RC4
-int i2d_RSA_NET(const RSA *a, unsigned char **pp,
-                int (*cb) (char *buf, int len, const char *prompt,
-                           int verify), int sgckey);
-RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
-                 int (*cb) (char *buf, int len, const char *prompt,
-                            int verify), int sgckey);
-
-int i2d_Netscape_RSA(const RSA *a, unsigned char **pp,
-                     int (*cb) (char *buf, int len, const char *prompt,
-                                int verify));
-RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
-                      int (*cb) (char *buf, int len, const char *prompt,
-                                 int verify));
-# endif
-
-/*
- * The following 2 functions sign and verify a X509_SIG ASN1 object inside
- * PKCS#1 padded RSA encryption
- */
-int RSA_sign(int type, const unsigned char *m, unsigned int m_length,
-             unsigned char *sigret, unsigned int *siglen, RSA *rsa);
-int RSA_verify(int type, const unsigned char *m, unsigned int m_length,
-               const unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
-
-/*
- * The following 2 function sign and verify a ASN1_OCTET_STRING object inside
- * PKCS#1 padded RSA encryption
- */
-int RSA_sign_ASN1_OCTET_STRING(int type,
-                               const unsigned char *m, unsigned int m_length,
-                               unsigned char *sigret, unsigned int *siglen,
-                               RSA *rsa);
-int RSA_verify_ASN1_OCTET_STRING(int type, const unsigned char *m,
-                                 unsigned int m_length, unsigned char *sigbuf,
-                                 unsigned int siglen, RSA *rsa);
-
-int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
-void RSA_blinding_off(RSA *rsa);
-BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *ctx);
-
-int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
-                                 const unsigned char *f, int fl);
-int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
-                                   const unsigned char *f, int fl,
-                                   int rsa_len);
-int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
-                                 const unsigned char *f, int fl);
-int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
-                                   const unsigned char *f, int fl,
-                                   int rsa_len);
-int PKCS1_MGF1(unsigned char *mask, long len, const unsigned char *seed,
-               long seedlen, const EVP_MD *dgst);
-int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
-                               const unsigned char *f, int fl,
-                               const unsigned char *p, int pl);
-int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
-                                 const unsigned char *f, int fl, int rsa_len,
-                                 const unsigned char *p, int pl);
-int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
-                                    const unsigned char *from, int flen,
-                                    const unsigned char *param, int plen,
-                                    const EVP_MD *md, const EVP_MD *mgf1md);
-int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
-                                      const unsigned char *from, int flen,
-                                      int num, const unsigned char *param,
-                                      int plen, const EVP_MD *md,
-                                      const EVP_MD *mgf1md);
-int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
-                           const unsigned char *f, int fl);
-int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
-                             const unsigned char *f, int fl, int rsa_len);
-int RSA_padding_add_none(unsigned char *to, int tlen, const unsigned char *f,
-                         int fl);
-int RSA_padding_check_none(unsigned char *to, int tlen,
-                           const unsigned char *f, int fl, int rsa_len);
-int RSA_padding_add_X931(unsigned char *to, int tlen, const unsigned char *f,
-                         int fl);
-int RSA_padding_check_X931(unsigned char *to, int tlen,
-                           const unsigned char *f, int fl, int rsa_len);
-int RSA_X931_hash_id(int nid);
-
-int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
-                         const EVP_MD *Hash, const unsigned char *EM,
-                         int sLen);
-int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
-                              const unsigned char *mHash, const EVP_MD *Hash,
-                              int sLen);
-
-int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
-                              const EVP_MD *Hash, const EVP_MD *mgf1Hash,
-                              const unsigned char *EM, int sLen);
-
-int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
-                                   const unsigned char *mHash,
-                                   const EVP_MD *Hash, const EVP_MD *mgf1Hash,
-                                   int sLen);
-
-int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-                         CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-int RSA_set_ex_data(RSA *r, int idx, void *arg);
-void *RSA_get_ex_data(const RSA *r, int idx);
-
-RSA *RSAPublicKey_dup(RSA *rsa);
-RSA *RSAPrivateKey_dup(RSA *rsa);
-
-/*
- * If this flag is set the RSA method is FIPS compliant and can be used in
- * FIPS mode. This is set in the validated module method. If an application
- * sets this flag in its own methods it is its responsibility to ensure the
- * result is compliant.
- */
-
-# define RSA_FLAG_FIPS_METHOD                    0x0400
-
-/*
- * If this flag is set the operations normally disabled in FIPS mode are
- * permitted it is then the applications responsibility to ensure that the
- * usage is compliant.
- */
-
-# define RSA_FLAG_NON_FIPS_ALLOW                 0x0400
-/*
- * Application has decided PRNG is good enough to generate a key: don't
- * check.
- */
-# define RSA_FLAG_CHECKED                        0x0800
-
-/* BEGIN ERROR CODES */
-/*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_RSA_strings(void);
-
-/* Error codes for the RSA functions. */
-
-/* Function codes. */
-# define RSA_F_CHECK_PADDING_MD                           140
-# define RSA_F_DO_RSA_PRINT                               146
-# define RSA_F_INT_RSA_VERIFY                             145
-# define RSA_F_MEMORY_LOCK                                100
-# define RSA_F_OLD_RSA_PRIV_DECODE                        147
-# define RSA_F_PKEY_RSA_CTRL                              143
-# define RSA_F_PKEY_RSA_CTRL_STR                          144
-# define RSA_F_PKEY_RSA_SIGN                              142
-# define RSA_F_PKEY_RSA_VERIFY                            154
-# define RSA_F_PKEY_RSA_VERIFYRECOVER                     141
-# define RSA_F_RSA_ALGOR_TO_MD                            157
-# define RSA_F_RSA_BUILTIN_KEYGEN                         129
-# define RSA_F_RSA_CHECK_KEY                              123
-# define RSA_F_RSA_CMS_DECRYPT                            158
-# define RSA_F_RSA_EAY_PRIVATE_DECRYPT                    101
-# define RSA_F_RSA_EAY_PRIVATE_ENCRYPT                    102
-# define RSA_F_RSA_EAY_PUBLIC_DECRYPT                     103
-# define RSA_F_RSA_EAY_PUBLIC_ENCRYPT                     104
-# define RSA_F_RSA_GENERATE_KEY                           105
-# define RSA_F_RSA_GENERATE_KEY_EX                        155
-# define RSA_F_RSA_ITEM_VERIFY                            156
-# define RSA_F_RSA_MEMORY_LOCK                            130
-# define RSA_F_RSA_MGF1_TO_MD                             159
-# define RSA_F_RSA_NEW_METHOD                             106
-# define RSA_F_RSA_NULL                                   124
-# define RSA_F_RSA_NULL_MOD_EXP                           131
-# define RSA_F_RSA_NULL_PRIVATE_DECRYPT                   132
-# define RSA_F_RSA_NULL_PRIVATE_ENCRYPT                   133
-# define RSA_F_RSA_NULL_PUBLIC_DECRYPT                    134
-# define RSA_F_RSA_NULL_PUBLIC_ENCRYPT                    135
-# define RSA_F_RSA_PADDING_ADD_NONE                       107
-# define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP                 121
-# define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1            160
-# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS                  125
-# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1             148
-# define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1               108
-# define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2               109
-# define RSA_F_RSA_PADDING_ADD_SSLV23                     110
-# define RSA_F_RSA_PADDING_ADD_X931                       127
-# define RSA_F_RSA_PADDING_CHECK_NONE                     111
-# define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP               122
-# define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1          161
-# define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1             112
-# define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2             113
-# define RSA_F_RSA_PADDING_CHECK_SSLV23                   114
-# define RSA_F_RSA_PADDING_CHECK_X931                     128
-# define RSA_F_RSA_PRINT                                  115
-# define RSA_F_RSA_PRINT_FP                               116
-# define RSA_F_RSA_PRIVATE_DECRYPT                        150
-# define RSA_F_RSA_PRIVATE_ENCRYPT                        151
-# define RSA_F_RSA_PRIV_DECODE                            137
-# define RSA_F_RSA_PRIV_ENCODE                            138
-# define RSA_F_RSA_PSS_TO_CTX                             162
-# define RSA_F_RSA_PUBLIC_DECRYPT                         152
-# define RSA_F_RSA_PUBLIC_ENCRYPT                         153
-# define RSA_F_RSA_PUB_DECODE                             139
-# define RSA_F_RSA_SETUP_BLINDING                         136
-# define RSA_F_RSA_SIGN                                   117
-# define RSA_F_RSA_SIGN_ASN1_OCTET_STRING                 118
-# define RSA_F_RSA_VERIFY                                 119
-# define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING               120
-# define RSA_F_RSA_VERIFY_PKCS1_PSS                       126
-# define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1                  149
-
-/* Reason codes. */
-# define RSA_R_ALGORITHM_MISMATCH                         100
-# define RSA_R_BAD_E_VALUE                                101
-# define RSA_R_BAD_FIXED_HEADER_DECRYPT                   102
-# define RSA_R_BAD_PAD_BYTE_COUNT                         103
-# define RSA_R_BAD_SIGNATURE                              104
-# define RSA_R_BLOCK_TYPE_IS_NOT_01                       106
-# define RSA_R_BLOCK_TYPE_IS_NOT_02                       107
-# define RSA_R_DATA_GREATER_THAN_MOD_LEN                  108
-# define RSA_R_DATA_TOO_LARGE                             109
-# define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE                110
-# define RSA_R_DATA_TOO_LARGE_FOR_MODULUS                 132
-# define RSA_R_DATA_TOO_SMALL                             111
-# define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE                122
-# define RSA_R_DIGEST_DOES_NOT_MATCH                      166
-# define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY                 112
-# define RSA_R_DMP1_NOT_CONGRUENT_TO_D                    124
-# define RSA_R_DMQ1_NOT_CONGRUENT_TO_D                    125
-# define RSA_R_D_E_NOT_CONGRUENT_TO_1                     123
-# define RSA_R_FIRST_OCTET_INVALID                        133
-# define RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE        144
-# define RSA_R_INVALID_DIGEST                             160
-# define RSA_R_INVALID_DIGEST_LENGTH                      143
-# define RSA_R_INVALID_HEADER                             137
-# define RSA_R_INVALID_KEYBITS                            145
-# define RSA_R_INVALID_LABEL                              161
-# define RSA_R_INVALID_MESSAGE_LENGTH                     131
-# define RSA_R_INVALID_MGF1_MD                            156
-# define RSA_R_INVALID_OAEP_PARAMETERS                    162
-# define RSA_R_INVALID_PADDING                            138
-# define RSA_R_INVALID_PADDING_MODE                       141
-# define RSA_R_INVALID_PSS_PARAMETERS                     149
-# define RSA_R_INVALID_PSS_SALTLEN                        146
-# define RSA_R_INVALID_SALT_LENGTH                        150
-# define RSA_R_INVALID_TRAILER                            139
-# define RSA_R_INVALID_X931_DIGEST                        142
-# define RSA_R_IQMP_NOT_INVERSE_OF_Q                      126
-# define RSA_R_KEY_SIZE_TOO_SMALL                         120
-# define RSA_R_LAST_OCTET_INVALID                         134
-# define RSA_R_MODULUS_TOO_LARGE                          105
-# define RSA_R_NON_FIPS_RSA_METHOD                        157
-# define RSA_R_NO_PUBLIC_EXPONENT                         140
-# define RSA_R_NULL_BEFORE_BLOCK_MISSING                  113
-# define RSA_R_N_DOES_NOT_EQUAL_P_Q                       127
-# define RSA_R_OAEP_DECODING_ERROR                        121
-# define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE         158
-# define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE   148
-# define RSA_R_PADDING_CHECK_FAILED                       114
-# define RSA_R_PKCS_DECODING_ERROR                        159
-# define RSA_R_P_NOT_PRIME                                128
-# define RSA_R_Q_NOT_PRIME                                129
-# define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED               130
-# define RSA_R_SLEN_CHECK_FAILED                          136
-# define RSA_R_SLEN_RECOVERY_FAILED                       135
-# define RSA_R_SSLV3_ROLLBACK_ATTACK                      115
-# define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116
-# define RSA_R_UNKNOWN_ALGORITHM_TYPE                     117
-# define RSA_R_UNKNOWN_DIGEST                             163
-# define RSA_R_UNKNOWN_MASK_DIGEST                        151
-# define RSA_R_UNKNOWN_PADDING_TYPE                       118
-# define RSA_R_UNKNOWN_PSS_DIGEST                         152
-# define RSA_R_UNSUPPORTED_ENCRYPTION_TYPE                164
-# define RSA_R_UNSUPPORTED_LABEL_SOURCE                   165
-# define RSA_R_UNSUPPORTED_MASK_ALGORITHM                 153
-# define RSA_R_UNSUPPORTED_MASK_PARAMETER                 154
-# define RSA_R_UNSUPPORTED_SIGNATURE_TYPE                 155
-# define RSA_R_VALUE_MISSING                              147
-# define RSA_R_WRONG_SIGNATURE_LENGTH                     119
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/freebsd/crypto/openssl/crypto/rsa/rsa_ameth.c b/freebsd/crypto/openssl/crypto/rsa/rsa_ameth.c
index bf4713bf..59e841cd 100644
--- a/freebsd/crypto/openssl/crypto/rsa/rsa_ameth.c
+++ b/freebsd/crypto/openssl/crypto/rsa/rsa_ameth.c
@@ -1,74 +1,23 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/rsa/rsa_ameth.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2006.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
-#include <openssl/rsa.h>
 #include <openssl/bn.h>
-#ifndef OPENSSL_NO_CMS
-# include <openssl/cms.h>
-#endif
-#include "asn1_locl.h"
+#include <openssl/cms.h>
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
+#include "rsa_locl.h"
 
 #ifndef OPENSSL_NO_CMS
 static int rsa_cms_sign(CMS_SignerInfo *si);
@@ -77,15 +26,68 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri);
 static int rsa_cms_encrypt(CMS_RecipientInfo *ri);
 #endif
 
+static RSA_PSS_PARAMS *rsa_pss_decode(const X509_ALGOR *alg);
+
+/* Set any parameters associated with pkey */
+static int rsa_param_encode(const EVP_PKEY *pkey,
+                            ASN1_STRING **pstr, int *pstrtype)
+{
+    const RSA *rsa = pkey->pkey.rsa;
+
+    *pstr = NULL;
+    /* If RSA it's just NULL type */
+    if (pkey->ameth->pkey_id == EVP_PKEY_RSA) {
+        *pstrtype = V_ASN1_NULL;
+        return 1;
+    }
+    /* If no PSS parameters we omit parameters entirely */
+    if (rsa->pss == NULL) {
+        *pstrtype = V_ASN1_UNDEF;
+        return 1;
+    }
+    /* Encode PSS parameters */
+    if (ASN1_item_pack(rsa->pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS), pstr) == NULL)
+        return 0;
+
+    *pstrtype = V_ASN1_SEQUENCE;
+    return 1;
+}
+/* Decode any parameters and set them in RSA structure */
+static int rsa_param_decode(RSA *rsa, const X509_ALGOR *alg)
+{
+    const ASN1_OBJECT *algoid;
+    const void *algp;
+    int algptype;
+
+    X509_ALGOR_get0(&algoid, &algptype, &algp, alg);
+    if (OBJ_obj2nid(algoid) == EVP_PKEY_RSA)
+        return 1;
+    if (algptype == V_ASN1_UNDEF)
+        return 1;
+    if (algptype != V_ASN1_SEQUENCE) {
+        RSAerr(RSA_F_RSA_PARAM_DECODE, RSA_R_INVALID_PSS_PARAMETERS);
+        return 0;
+    }
+    rsa->pss = rsa_pss_decode(alg);
+    if (rsa->pss == NULL)
+        return 0;
+    return 1;
+}
+
 static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
 {
     unsigned char *penc = NULL;
     int penclen;
+    ASN1_STRING *str;
+    int strtype;
+
+    if (!rsa_param_encode(pkey, &str, &strtype))
+        return 0;
     penclen = i2d_RSAPublicKey(pkey->pkey.rsa, &penc);
     if (penclen <= 0)
         return 0;
-    if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_RSA),
-                               V_ASN1_NULL, NULL, penc, penclen))
+    if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(pkey->ameth->pkey_id),
+                               strtype, str, penc, penclen))
         return 1;
 
     OPENSSL_free(penc);
@@ -96,14 +98,20 @@ static int rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
 {
     const unsigned char *p;
     int pklen;
+    X509_ALGOR *alg;
     RSA *rsa = NULL;
-    if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, NULL, pubkey))
+
+    if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &alg, pubkey))
         return 0;
-    if (!(rsa = d2i_RSAPublicKey(NULL, &p, pklen))) {
+    if ((rsa = d2i_RSAPublicKey(NULL, &p, pklen)) == NULL) {
         RSAerr(RSA_F_RSA_PUB_DECODE, ERR_R_RSA_LIB);
         return 0;
     }
-    EVP_PKEY_assign_RSA(pkey, rsa);
+    if (!rsa_param_decode(rsa, alg)) {
+        RSA_free(rsa);
+        return 0;
+    }
+    EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, rsa);
     return 1;
 }
 
@@ -119,11 +127,12 @@ static int old_rsa_priv_decode(EVP_PKEY *pkey,
                                const unsigned char **pder, int derlen)
 {
     RSA *rsa;
-    if (!(rsa = d2i_RSAPrivateKey(NULL, pder, derlen))) {
+
+    if ((rsa = d2i_RSAPrivateKey(NULL, pder, derlen)) == NULL) {
         RSAerr(RSA_F_OLD_RSA_PRIV_DECODE, ERR_R_RSA_LIB);
         return 0;
     }
-    EVP_PKEY_assign_RSA(pkey, rsa);
+    EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, rsa);
     return 1;
 }
 
@@ -136,29 +145,49 @@ static int rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
 {
     unsigned char *rk = NULL;
     int rklen;
+    ASN1_STRING *str;
+    int strtype;
+
+    if (!rsa_param_encode(pkey, &str, &strtype))
+        return 0;
     rklen = i2d_RSAPrivateKey(pkey->pkey.rsa, &rk);
 
     if (rklen <= 0) {
         RSAerr(RSA_F_RSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
+        ASN1_STRING_free(str);
         return 0;
     }
 
-    if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_rsaEncryption), 0,
-                         V_ASN1_NULL, NULL, rk, rklen)) {
+    if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(pkey->ameth->pkey_id), 0,
+                         strtype, str, rk, rklen)) {
         RSAerr(RSA_F_RSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
+        ASN1_STRING_free(str);
         return 0;
     }
 
     return 1;
 }
 
-static int rsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
+static int rsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
 {
     const unsigned char *p;
+    RSA *rsa;
     int pklen;
-    if (!PKCS8_pkey_get0(NULL, &p, &pklen, NULL, p8))
+    const X509_ALGOR *alg;
+
+    if (!PKCS8_pkey_get0(NULL, &p, &pklen, &alg, p8))
+        return 0;
+    rsa = d2i_RSAPrivateKey(NULL, &p, pklen);
+    if (rsa == NULL) {
+        RSAerr(RSA_F_RSA_PRIV_DECODE, ERR_R_RSA_LIB);
+        return 0;
+    }
+    if (!rsa_param_decode(rsa, alg)) {
+        RSA_free(rsa);
         return 0;
-    return old_rsa_priv_decode(pkey, &p, pklen);
+    }
+    EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, rsa);
+    return 1;
 }
 
 static int int_rsa_size(const EVP_PKEY *pkey)
@@ -171,153 +200,50 @@ static int rsa_bits(const EVP_PKEY *pkey)
     return BN_num_bits(pkey->pkey.rsa->n);
 }
 
-static void int_rsa_free(EVP_PKEY *pkey)
-{
-    RSA_free(pkey->pkey.rsa);
-}
-
-static void update_buflen(const BIGNUM *b, size_t *pbuflen)
+static int rsa_security_bits(const EVP_PKEY *pkey)
 {
-    size_t i;
-    if (!b)
-        return;
-    if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
-        *pbuflen = i;
+    return RSA_security_bits(pkey->pkey.rsa);
 }
 
-static int do_rsa_print(BIO *bp, const RSA *x, int off, int priv)
-{
-    char *str;
-    const char *s;
-    unsigned char *m = NULL;
-    int ret = 0, mod_len = 0;
-    size_t buf_len = 0;
-
-    update_buflen(x->n, &buf_len);
-    update_buflen(x->e, &buf_len);
-
-    if (priv) {
-        update_buflen(x->d, &buf_len);
-        update_buflen(x->p, &buf_len);
-        update_buflen(x->q, &buf_len);
-        update_buflen(x->dmp1, &buf_len);
-        update_buflen(x->dmq1, &buf_len);
-        update_buflen(x->iqmp, &buf_len);
-    }
-
-    m = (unsigned char *)OPENSSL_malloc(buf_len + 10);
-    if (m == NULL) {
-        RSAerr(RSA_F_DO_RSA_PRINT, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    if (x->n != NULL)
-        mod_len = BN_num_bits(x->n);
-
-    if (!BIO_indent(bp, off, 128))
-        goto err;
-
-    if (priv && x->d) {
-        if (BIO_printf(bp, "Private-Key: (%d bit)\n", mod_len)
-            <= 0)
-            goto err;
-        str = "modulus:";
-        s = "publicExponent:";
-    } else {
-        if (BIO_printf(bp, "Public-Key: (%d bit)\n", mod_len)
-            <= 0)
-            goto err;
-        str = "Modulus:";
-        s = "Exponent:";
-    }
-    if (!ASN1_bn_print(bp, str, x->n, m, off))
-        goto err;
-    if (!ASN1_bn_print(bp, s, x->e, m, off))
-        goto err;
-    if (priv) {
-        if (!ASN1_bn_print(bp, "privateExponent:", x->d, m, off))
-            goto err;
-        if (!ASN1_bn_print(bp, "prime1:", x->p, m, off))
-            goto err;
-        if (!ASN1_bn_print(bp, "prime2:", x->q, m, off))
-            goto err;
-        if (!ASN1_bn_print(bp, "exponent1:", x->dmp1, m, off))
-            goto err;
-        if (!ASN1_bn_print(bp, "exponent2:", x->dmq1, m, off))
-            goto err;
-        if (!ASN1_bn_print(bp, "coefficient:", x->iqmp, m, off))
-            goto err;
-    }
-    ret = 1;
- err:
-    if (m != NULL)
-        OPENSSL_free(m);
-    return (ret);
-}
-
-static int rsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent,
-                         ASN1_PCTX *ctx)
-{
-    return do_rsa_print(bp, pkey->pkey.rsa, indent, 0);
-}
-
-static int rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent,
-                          ASN1_PCTX *ctx)
+static void int_rsa_free(EVP_PKEY *pkey)
 {
-    return do_rsa_print(bp, pkey->pkey.rsa, indent, 1);
+    RSA_free(pkey->pkey.rsa);
 }
 
-/* Given an MGF1 Algorithm ID decode to an Algorithm Identifier */
 static X509_ALGOR *rsa_mgf1_decode(X509_ALGOR *alg)
 {
-    const unsigned char *p;
-    int plen;
-    if (alg == NULL || alg->parameter == NULL)
-        return NULL;
     if (OBJ_obj2nid(alg->algorithm) != NID_mgf1)
         return NULL;
-    if (alg->parameter->type != V_ASN1_SEQUENCE)
-        return NULL;
-
-    p = alg->parameter->value.sequence->data;
-    plen = alg->parameter->value.sequence->length;
-    return d2i_X509_ALGOR(NULL, &p, plen);
+    return ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(X509_ALGOR),
+                                     alg->parameter);
 }
 
-static RSA_PSS_PARAMS *rsa_pss_decode(const X509_ALGOR *alg,
-                                      X509_ALGOR **pmaskHash)
-{
-    const unsigned char *p;
-    int plen;
-    RSA_PSS_PARAMS *pss;
-
-    *pmaskHash = NULL;
-
-    if (!alg->parameter || alg->parameter->type != V_ASN1_SEQUENCE)
-        return NULL;
-    p = alg->parameter->value.sequence->data;
-    plen = alg->parameter->value.sequence->length;
-    pss = d2i_RSA_PSS_PARAMS(NULL, &p, plen);
-
-    if (!pss)
-        return NULL;
-
-    *pmaskHash = rsa_mgf1_decode(pss->maskGenAlgorithm);
-
-    return pss;
-}
-
-static int rsa_pss_param_print(BIO *bp, RSA_PSS_PARAMS *pss,
-                               X509_ALGOR *maskHash, int indent)
+static int rsa_pss_param_print(BIO *bp, int pss_key, RSA_PSS_PARAMS *pss,
+                               int indent)
 {
     int rv = 0;
-    if (!pss) {
-        if (BIO_puts(bp, " (INVALID PSS PARAMETERS)\n") <= 0)
+    X509_ALGOR *maskHash = NULL;
+
+    if (!BIO_indent(bp, indent, 128))
+        goto err;
+    if (pss_key) {
+        if (pss == NULL) {
+            if (BIO_puts(bp, "No PSS parameter restrictions\n") <= 0)
+                return 0;
+            return 1;
+        } else {
+            if (BIO_puts(bp, "PSS parameter restrictions:") <= 0)
+                return 0;
+        }
+    } else if (pss == NULL) {
+        if (BIO_puts(bp,"(INVALID PSS PARAMETERS)\n") <= 0)
             return 0;
         return 1;
     }
     if (BIO_puts(bp, "\n") <= 0)
         goto err;
+    if (pss_key)
+        indent += 2;
     if (!BIO_indent(bp, indent, 128))
         goto err;
     if (BIO_puts(bp, "Hash Algorithm: ") <= 0)
@@ -326,8 +252,9 @@ static int rsa_pss_param_print(BIO *bp, RSA_PSS_PARAMS *pss,
     if (pss->hashAlgorithm) {
         if (i2a_ASN1_OBJECT(bp, pss->hashAlgorithm->algorithm) <= 0)
             goto err;
-    } else if (BIO_puts(bp, "sha1 (default)") <= 0)
+    } else if (BIO_puts(bp, "sha1 (default)") <= 0) {
         goto err;
+    }
 
     if (BIO_puts(bp, "\n") <= 0)
         goto err;
@@ -342,24 +269,28 @@ static int rsa_pss_param_print(BIO *bp, RSA_PSS_PARAMS *pss,
             goto err;
         if (BIO_puts(bp, " with ") <= 0)
             goto err;
-        if (maskHash) {
+        maskHash = rsa_mgf1_decode(pss->maskGenAlgorithm);
+        if (maskHash != NULL) {
             if (i2a_ASN1_OBJECT(bp, maskHash->algorithm) <= 0)
                 goto err;
-        } else if (BIO_puts(bp, "INVALID") <= 0)
+        } else if (BIO_puts(bp, "INVALID") <= 0) {
             goto err;
-    } else if (BIO_puts(bp, "mgf1 with sha1 (default)") <= 0)
+        }
+    } else if (BIO_puts(bp, "mgf1 with sha1 (default)") <= 0) {
         goto err;
+    }
     BIO_puts(bp, "\n");
 
     if (!BIO_indent(bp, indent, 128))
         goto err;
-    if (BIO_puts(bp, "Salt Length: 0x") <= 0)
+    if (BIO_printf(bp, "%s Salt Length: 0x", pss_key ? "Minimum" : "") <= 0)
         goto err;
     if (pss->saltLength) {
         if (i2a_ASN1_INTEGER(bp, pss->saltLength) <= 0)
             goto err;
-    } else if (BIO_puts(bp, "14 (default)") <= 0)
+    } else if (BIO_puts(bp, "14 (default)") <= 0) {
         goto err;
+    }
     BIO_puts(bp, "\n");
 
     if (!BIO_indent(bp, indent, 128))
@@ -369,34 +300,155 @@ static int rsa_pss_param_print(BIO *bp, RSA_PSS_PARAMS *pss,
     if (pss->trailerField) {
         if (i2a_ASN1_INTEGER(bp, pss->trailerField) <= 0)
             goto err;
-    } else if (BIO_puts(bp, "BC (default)") <= 0)
+    } else if (BIO_puts(bp, "BC (default)") <= 0) {
         goto err;
+    }
     BIO_puts(bp, "\n");
 
     rv = 1;
 
  err:
+    X509_ALGOR_free(maskHash);
     return rv;
 
 }
 
+static int pkey_rsa_print(BIO *bp, const EVP_PKEY *pkey, int off, int priv)
+{
+    const RSA *x = pkey->pkey.rsa;
+    char *str;
+    const char *s;
+    int ret = 0, mod_len = 0, ex_primes;
+
+    if (x->n != NULL)
+        mod_len = BN_num_bits(x->n);
+    ex_primes = sk_RSA_PRIME_INFO_num(x->prime_infos);
+
+    if (!BIO_indent(bp, off, 128))
+        goto err;
+
+    if (BIO_printf(bp, "%s ", pkey_is_pss(pkey) ?  "RSA-PSS" : "RSA") <= 0)
+        goto err;
+
+    if (priv && x->d) {
+        if (BIO_printf(bp, "Private-Key: (%d bit, %d primes)\n",
+                       mod_len, ex_primes <= 0 ? 2 : ex_primes + 2) <= 0)
+            goto err;
+        str = "modulus:";
+        s = "publicExponent:";
+    } else {
+        if (BIO_printf(bp, "Public-Key: (%d bit)\n", mod_len) <= 0)
+            goto err;
+        str = "Modulus:";
+        s = "Exponent:";
+    }
+    if (!ASN1_bn_print(bp, str, x->n, NULL, off))
+        goto err;
+    if (!ASN1_bn_print(bp, s, x->e, NULL, off))
+        goto err;
+    if (priv) {
+        int i;
+
+        if (!ASN1_bn_print(bp, "privateExponent:", x->d, NULL, off))
+            goto err;
+        if (!ASN1_bn_print(bp, "prime1:", x->p, NULL, off))
+            goto err;
+        if (!ASN1_bn_print(bp, "prime2:", x->q, NULL, off))
+            goto err;
+        if (!ASN1_bn_print(bp, "exponent1:", x->dmp1, NULL, off))
+            goto err;
+        if (!ASN1_bn_print(bp, "exponent2:", x->dmq1, NULL, off))
+            goto err;
+        if (!ASN1_bn_print(bp, "coefficient:", x->iqmp, NULL, off))
+            goto err;
+        for (i = 0; i < sk_RSA_PRIME_INFO_num(x->prime_infos); i++) {
+            /* print multi-prime info */
+            BIGNUM *bn = NULL;
+            RSA_PRIME_INFO *pinfo;
+            int j;
+
+            pinfo = sk_RSA_PRIME_INFO_value(x->prime_infos, i);
+            for (j = 0; j < 3; j++) {
+                if (!BIO_indent(bp, off, 128))
+                    goto err;
+                switch (j) {
+                case 0:
+                    if (BIO_printf(bp, "prime%d:", i + 3) <= 0)
+                        goto err;
+                    bn = pinfo->r;
+                    break;
+                case 1:
+                    if (BIO_printf(bp, "exponent%d:", i + 3) <= 0)
+                        goto err;
+                    bn = pinfo->d;
+                    break;
+                case 2:
+                    if (BIO_printf(bp, "coefficient%d:", i + 3) <= 0)
+                        goto err;
+                    bn = pinfo->t;
+                    break;
+                default:
+                    break;
+                }
+                if (!ASN1_bn_print(bp, "", bn, NULL, off))
+                    goto err;
+            }
+        }
+    }
+    if (pkey_is_pss(pkey) && !rsa_pss_param_print(bp, 1, x->pss, off))
+        goto err;
+    ret = 1;
+ err:
+    return ret;
+}
+
+static int rsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                         ASN1_PCTX *ctx)
+{
+    return pkey_rsa_print(bp, pkey, indent, 0);
+}
+
+static int rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                          ASN1_PCTX *ctx)
+{
+    return pkey_rsa_print(bp, pkey, indent, 1);
+}
+
+static RSA_PSS_PARAMS *rsa_pss_decode(const X509_ALGOR *alg)
+{
+    RSA_PSS_PARAMS *pss;
+
+    pss = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(RSA_PSS_PARAMS),
+                                    alg->parameter);
+
+    if (pss == NULL)
+        return NULL;
+
+    if (pss->maskGenAlgorithm != NULL) {
+        pss->maskHash = rsa_mgf1_decode(pss->maskGenAlgorithm);
+        if (pss->maskHash == NULL) {
+            RSA_PSS_PARAMS_free(pss);
+            return NULL;
+        }
+    }
+
+    return pss;
+}
+
 static int rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,
                          const ASN1_STRING *sig, int indent, ASN1_PCTX *pctx)
 {
-    if (OBJ_obj2nid(sigalg->algorithm) == NID_rsassaPss) {
+    if (OBJ_obj2nid(sigalg->algorithm) == EVP_PKEY_RSA_PSS) {
         int rv;
-        RSA_PSS_PARAMS *pss;
-        X509_ALGOR *maskHash;
-        pss = rsa_pss_decode(sigalg, &maskHash);
-        rv = rsa_pss_param_print(bp, pss, maskHash, indent);
-        if (pss)
-            RSA_PSS_PARAMS_free(pss);
-        if (maskHash)
-            X509_ALGOR_free(maskHash);
+        RSA_PSS_PARAMS *pss = rsa_pss_decode(sigalg);
+
+        rv = rsa_pss_param_print(bp, 0, pss, indent);
+        RSA_PSS_PARAMS_free(pss);
         if (!rv)
             return 0;
-    } else if (!sig && BIO_puts(bp, "\n") <= 0)
+    } else if (!sig && BIO_puts(bp, "\n") <= 0) {
         return 0;
+    }
     if (sig)
         return X509_signature_dump(bp, sig, indent);
     return 1;
@@ -405,6 +457,7 @@ static int rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,
 static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
 {
     X509_ALGOR *alg = NULL;
+
     switch (op) {
 
     case ASN1_PKEY_CTRL_PKCS7_SIGN:
@@ -413,6 +466,8 @@ static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
         break;
 
     case ASN1_PKEY_CTRL_PKCS7_ENCRYPT:
+        if (pkey_is_pss(pkey))
+            return -2;
         if (arg1 == 0)
             PKCS7_RECIP_INFO_get0_alg(arg2, &alg);
         break;
@@ -425,6 +480,8 @@ static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
         break;
 
     case ASN1_PKEY_CTRL_CMS_ENVELOPE:
+        if (pkey_is_pss(pkey))
+            return -2;
         if (arg1 == 0)
             return rsa_cms_encrypt(arg2);
         else if (arg1 == 1)
@@ -432,6 +489,8 @@ static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
         break;
 
     case ASN1_PKEY_CTRL_CMS_RI_TYPE:
+        if (pkey_is_pss(pkey))
+            return -2;
         *(int *)arg2 = CMS_RECIPINFO_TRANS;
         return 1;
 #endif
@@ -455,10 +514,10 @@ static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
 /* allocate and set algorithm ID from EVP_MD, default SHA1 */
 static int rsa_md_to_algor(X509_ALGOR **palg, const EVP_MD *md)
 {
-    if (EVP_MD_type(md) == NID_sha1)
+    if (md == NULL || EVP_MD_type(md) == NID_sha1)
         return 1;
     *palg = X509_ALGOR_new();
-    if (!*palg)
+    if (*palg == NULL)
         return 0;
     X509_ALGOR_set_md(*palg, md);
     return 1;
@@ -469,24 +528,23 @@ static int rsa_md_to_mgf1(X509_ALGOR **palg, const EVP_MD *mgf1md)
 {
     X509_ALGOR *algtmp = NULL;
     ASN1_STRING *stmp = NULL;
+
     *palg = NULL;
-    if (EVP_MD_type(mgf1md) == NID_sha1)
+    if (mgf1md == NULL || EVP_MD_type(mgf1md) == NID_sha1)
         return 1;
     /* need to embed algorithm ID inside another */
     if (!rsa_md_to_algor(&algtmp, mgf1md))
         goto err;
-    if (!ASN1_item_pack(algtmp, ASN1_ITEM_rptr(X509_ALGOR), &stmp))
+    if (ASN1_item_pack(algtmp, ASN1_ITEM_rptr(X509_ALGOR), &stmp) == NULL)
          goto err;
     *palg = X509_ALGOR_new();
-    if (!*palg)
+    if (*palg == NULL)
         goto err;
     X509_ALGOR_set0(*palg, OBJ_nid2obj(NID_mgf1), V_ASN1_SEQUENCE, stmp);
     stmp = NULL;
  err:
-    if (stmp)
-        ASN1_STRING_free(stmp);
-    if (algtmp)
-        X509_ALGOR_free(algtmp);
+    ASN1_STRING_free(stmp);
+    X509_ALGOR_free(algtmp);
     if (*palg)
         return 1;
     return 0;
@@ -496,6 +554,7 @@ static int rsa_md_to_mgf1(X509_ALGOR **palg, const EVP_MD *mgf1md)
 static const EVP_MD *rsa_algor_to_md(X509_ALGOR *alg)
 {
     const EVP_MD *md;
+
     if (!alg)
         return EVP_sha1();
     md = EVP_get_digestbyobj(alg->algorithm);
@@ -504,85 +563,78 @@ static const EVP_MD *rsa_algor_to_md(X509_ALGOR *alg)
     return md;
 }
 
-/* convert MGF1 algorithm ID to EVP_MD, default SHA1 */
-static const EVP_MD *rsa_mgf1_to_md(X509_ALGOR *alg, X509_ALGOR *maskHash)
-{
-    const EVP_MD *md;
-    if (!alg)
-        return EVP_sha1();
-    /* Check mask and lookup mask hash algorithm */
-    if (OBJ_obj2nid(alg->algorithm) != NID_mgf1) {
-        RSAerr(RSA_F_RSA_MGF1_TO_MD, RSA_R_UNSUPPORTED_MASK_ALGORITHM);
-        return NULL;
-    }
-    if (!maskHash) {
-        RSAerr(RSA_F_RSA_MGF1_TO_MD, RSA_R_UNSUPPORTED_MASK_PARAMETER);
-        return NULL;
-    }
-    md = EVP_get_digestbyobj(maskHash->algorithm);
-    if (md == NULL) {
-        RSAerr(RSA_F_RSA_MGF1_TO_MD, RSA_R_UNKNOWN_MASK_DIGEST);
-        return NULL;
-    }
-    return md;
-}
-
 /*
- * Convert EVP_PKEY_CTX is PSS mode into corresponding algorithm parameter,
+ * Convert EVP_PKEY_CTX in PSS mode into corresponding algorithm parameter,
  * suitable for setting an AlgorithmIdentifier.
  */
 
-static ASN1_STRING *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx)
+static RSA_PSS_PARAMS *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx)
 {
     const EVP_MD *sigmd, *mgf1md;
-    RSA_PSS_PARAMS *pss = NULL;
-    ASN1_STRING *os = NULL;
     EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(pkctx);
-    int saltlen, rv = 0;
+    int saltlen;
+
     if (EVP_PKEY_CTX_get_signature_md(pkctx, &sigmd) <= 0)
-        goto err;
+        return NULL;
     if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0)
-        goto err;
+        return NULL;
     if (!EVP_PKEY_CTX_get_rsa_pss_saltlen(pkctx, &saltlen))
-        goto err;
-    if (saltlen == -1)
+        return NULL;
+    if (saltlen == -1) {
         saltlen = EVP_MD_size(sigmd);
-    else if (saltlen == -2) {
+    } else if (saltlen == -2) {
         saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2;
-        if (((EVP_PKEY_bits(pk) - 1) & 0x7) == 0)
+        if ((EVP_PKEY_bits(pk) & 0x7) == 1)
             saltlen--;
     }
-    pss = RSA_PSS_PARAMS_new();
-    if (!pss)
+
+    return rsa_pss_params_create(sigmd, mgf1md, saltlen);
+}
+
+RSA_PSS_PARAMS *rsa_pss_params_create(const EVP_MD *sigmd,
+                                      const EVP_MD *mgf1md, int saltlen)
+{
+    RSA_PSS_PARAMS *pss = RSA_PSS_PARAMS_new();
+
+    if (pss == NULL)
         goto err;
     if (saltlen != 20) {
         pss->saltLength = ASN1_INTEGER_new();
-        if (!pss->saltLength)
+        if (pss->saltLength == NULL)
             goto err;
         if (!ASN1_INTEGER_set(pss->saltLength, saltlen))
             goto err;
     }
     if (!rsa_md_to_algor(&pss->hashAlgorithm, sigmd))
         goto err;
+    if (mgf1md == NULL)
+        mgf1md = sigmd;
     if (!rsa_md_to_mgf1(&pss->maskGenAlgorithm, mgf1md))
         goto err;
-    /* Finally create string with pss parameter encoding. */
-    if (!ASN1_item_pack(pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS), &os))
-         goto err;
-    rv = 1;
+    if (!rsa_md_to_algor(&pss->maskHash, mgf1md))
+        goto err;
+    return pss;
  err:
-    if (pss)
-        RSA_PSS_PARAMS_free(pss);
-    if (rv)
-        return os;
-    if (os)
-        ASN1_STRING_free(os);
+    RSA_PSS_PARAMS_free(pss);
     return NULL;
 }
 
+static ASN1_STRING *rsa_ctx_to_pss_string(EVP_PKEY_CTX *pkctx)
+{
+    RSA_PSS_PARAMS *pss = rsa_ctx_to_pss(pkctx);
+    ASN1_STRING *os;
+
+    if (pss == NULL)
+        return NULL;
+
+    os = ASN1_item_pack(pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS), NULL);
+    RSA_PSS_PARAMS_free(pss);
+    return os;
+}
+
 /*
  * From PSS AlgorithmIdentifier set public key parameters. If pkey isn't NULL
- * then the EVP_MD_CTX is setup and initalised. If it is NULL parameters are
+ * then the EVP_MD_CTX is setup and initialised. If it is NULL parameters are
  * passed to pkctx instead.
  */
 
@@ -593,51 +645,21 @@ static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx,
     int saltlen;
     const EVP_MD *mgf1md = NULL, *md = NULL;
     RSA_PSS_PARAMS *pss;
-    X509_ALGOR *maskHash;
+
     /* Sanity check: make sure it is PSS */
-    if (OBJ_obj2nid(sigalg->algorithm) != NID_rsassaPss) {
+    if (OBJ_obj2nid(sigalg->algorithm) != EVP_PKEY_RSA_PSS) {
         RSAerr(RSA_F_RSA_PSS_TO_CTX, RSA_R_UNSUPPORTED_SIGNATURE_TYPE);
         return -1;
     }
     /* Decode PSS parameters */
-    pss = rsa_pss_decode(sigalg, &maskHash);
+    pss = rsa_pss_decode(sigalg);
 
-    if (pss == NULL) {
+    if (!rsa_pss_get_param(pss, &md, &mgf1md, &saltlen)) {
         RSAerr(RSA_F_RSA_PSS_TO_CTX, RSA_R_INVALID_PSS_PARAMETERS);
         goto err;
     }
-    mgf1md = rsa_mgf1_to_md(pss->maskGenAlgorithm, maskHash);
-    if (!mgf1md)
-        goto err;
-    md = rsa_algor_to_md(pss->hashAlgorithm);
-    if (!md)
-        goto err;
-
-    if (pss->saltLength) {
-        saltlen = ASN1_INTEGER_get(pss->saltLength);
-
-        /*
-         * Could perform more salt length sanity checks but the main RSA
-         * routines will trap other invalid values anyway.
-         */
-        if (saltlen < 0) {
-            RSAerr(RSA_F_RSA_PSS_TO_CTX, RSA_R_INVALID_SALT_LENGTH);
-            goto err;
-        }
-    } else
-        saltlen = 20;
-
-    /*
-     * low-level routines support only trailer field 0xbc (value 1) and
-     * PKCS#1 says we should reject any other value anyway.
-     */
-    if (pss->trailerField && ASN1_INTEGER_get(pss->trailerField) != 1) {
-        RSAerr(RSA_F_RSA_PSS_TO_CTX, RSA_R_INVALID_TRAILER);
-        goto err;
-    }
 
     /* We have all parameters now set up context */
-
     if (pkey) {
         if (!EVP_DigestVerifyInit(ctx, &pkctx, md, NULL, pkey))
             goto err;
@@ -664,23 +686,60 @@ static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx,
 
  err:
     RSA_PSS_PARAMS_free(pss);
-    if (maskHash)
-        X509_ALGOR_free(maskHash);
     return rv;
 }
 
+int rsa_pss_get_param(const RSA_PSS_PARAMS *pss, const EVP_MD **pmd,
+                      const EVP_MD **pmgf1md, int *psaltlen)
+{
+    if (pss == NULL)
+        return 0;
+    *pmd = rsa_algor_to_md(pss->hashAlgorithm);
+    if (*pmd == NULL)
+        return 0;
+    *pmgf1md = rsa_algor_to_md(pss->maskHash);
+    if (*pmgf1md == NULL)
+        return 0;
+    if (pss->saltLength) {
+        *psaltlen = ASN1_INTEGER_get(pss->saltLength);
+        if (*psaltlen < 0) {
+            RSAerr(RSA_F_RSA_PSS_GET_PARAM, RSA_R_INVALID_SALT_LENGTH);
+            return 0;
+        }
+    } else {
+        *psaltlen = 20;
+    }
+
+    /*
+     * low-level routines support only trailer field 0xbc (value 1) and
+     * PKCS#1 says we should reject any other value anyway.
+     */
+    if (pss->trailerField && ASN1_INTEGER_get(pss->trailerField) != 1) {
+        RSAerr(RSA_F_RSA_PSS_GET_PARAM, RSA_R_INVALID_TRAILER);
+        return 0;
+    }
+
+    return 1;
+}
+
 #ifndef OPENSSL_NO_CMS
 static int rsa_cms_verify(CMS_SignerInfo *si)
 {
     int nid, nid2;
     X509_ALGOR *alg;
     EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si);
+
     CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg);
     nid = OBJ_obj2nid(alg->algorithm);
+    if (nid == EVP_PKEY_RSA_PSS)
+        return rsa_pss_to_ctx(NULL, pkctx, alg, NULL);
+    /* Only PSS allowed for PSS keys */
+    if (pkey_ctx_is_pss(pkctx)) {
+        RSAerr(RSA_F_RSA_CMS_VERIFY, RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
+        return 0;
+    }
     if (nid == NID_rsaEncryption)
         return 1;
-    if (nid == NID_rsassaPss)
-        return rsa_pss_to_ctx(NULL, pkctx, alg, NULL);
     /* Workaround for some implementation that use a signature OID */
     if (OBJ_find_sigid_algs(nid, NULL, &nid2)) {
         if (nid2 == NID_rsaEncryption)
@@ -700,7 +759,7 @@ static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
                            EVP_PKEY *pkey)
 {
     /* Sanity check: make sure it is PSS */
-    if (OBJ_obj2nid(sigalg->algorithm) != NID_rsassaPss) {
+    if (OBJ_obj2nid(sigalg->algorithm) != EVP_PKEY_RSA_PSS) {
         RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_SIGNATURE_TYPE);
         return -1;
     }
@@ -718,6 +777,7 @@ static int rsa_cms_sign(CMS_SignerInfo *si)
     X509_ALGOR *alg;
     EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si);
     ASN1_STRING *os = NULL;
+
     CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg);
     if (pkctx) {
         if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0)
@@ -730,10 +790,10 @@ static int rsa_cms_sign(CMS_SignerInfo *si)
     /* We don't support it */
     if (pad_mode != RSA_PKCS1_PSS_PADDING)
         return 0;
-    os = rsa_ctx_to_pss(pkctx);
+    os = rsa_ctx_to_pss_string(pkctx);
     if (!os)
         return 0;
-    X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsassaPss), V_ASN1_SEQUENCE, os);
+    X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_PKEY_RSA_PSS), V_ASN1_SEQUENCE, os);
     return 1;
 }
 #endif
@@ -743,14 +803,15 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
                          ASN1_BIT_STRING *sig)
 {
     int pad_mode;
-    EVP_PKEY_CTX *pkctx = ctx->pctx;
+    EVP_PKEY_CTX *pkctx = EVP_MD_CTX_pkey_ctx(ctx);
+
     if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0)
         return 0;
     if (pad_mode == RSA_PKCS1_PADDING)
         return 2;
     if (pad_mode == RSA_PKCS1_PSS_PADDING) {
         ASN1_STRING *os1 = NULL;
-        os1 = rsa_ctx_to_pss(pkctx);
+        os1 = rsa_ctx_to_pss_string(pkctx);
         if (!os1)
             return 0;
         /* Duplicate parameters if we have to */
@@ -760,38 +821,70 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
                 ASN1_STRING_free(os1);
                 return 0;
             }
-            X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_rsassaPss),
+            X509_ALGOR_set0(alg2, OBJ_nid2obj(EVP_PKEY_RSA_PSS),
                             V_ASN1_SEQUENCE, os2);
         }
-        X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_rsassaPss),
+        X509_ALGOR_set0(alg1, OBJ_nid2obj(EVP_PKEY_RSA_PSS),
                         V_ASN1_SEQUENCE, os1);
         return 3;
     }
     return 2;
 }
 
-#ifndef OPENSSL_NO_CMS
-static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg,
-                                        X509_ALGOR **pmaskHash)
+static int rsa_sig_info_set(X509_SIG_INFO *siginf, const X509_ALGOR *sigalg,
+                            const ASN1_STRING *sig)
 {
-    const unsigned char *p;
-    int plen;
-    RSA_OAEP_PARAMS *pss;
+    int rv = 0;
+    int mdnid, saltlen;
+    uint32_t flags;
+    const EVP_MD *mgf1md = NULL, *md = NULL;
+    RSA_PSS_PARAMS *pss;
 
-    *pmaskHash = NULL;
+    /* Sanity check: make sure it is PSS */
+    if (OBJ_obj2nid(sigalg->algorithm) != EVP_PKEY_RSA_PSS)
+        return 0;
+    /* Decode PSS parameters */
+    pss = rsa_pss_decode(sigalg);
+    if (!rsa_pss_get_param(pss, &md, &mgf1md, &saltlen))
+        goto err;
+    mdnid = EVP_MD_type(md);
+    /*
+     * For TLS need SHA256, SHA384 or SHA512, digest and MGF1 digest must
+     * match and salt length must equal digest size
+     */
+    if ((mdnid == NID_sha256 || mdnid == NID_sha384 || mdnid == NID_sha512)
+            && mdnid == EVP_MD_type(mgf1md) && saltlen == EVP_MD_size(md))
+        flags = X509_SIG_INFO_TLS;
+    else
+        flags = 0;
+    /* Note: security bits half number of digest bits */
+    X509_SIG_INFO_set(siginf, mdnid, EVP_PKEY_RSA_PSS, EVP_MD_size(md) * 4,
+                      flags);
+    rv = 1;
+    err:
+    RSA_PSS_PARAMS_free(pss);
+    return rv;
+}
 
-    if (!alg->parameter || alg->parameter->type != V_ASN1_SEQUENCE)
-        return NULL;
-    p = alg->parameter->value.sequence->data;
-    plen = alg->parameter->value.sequence->length;
-    pss = d2i_RSA_OAEP_PARAMS(NULL, &p, plen);
+#ifndef OPENSSL_NO_CMS
+static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg)
+{
+    RSA_OAEP_PARAMS *oaep;
 
-    if (!pss)
-        return NULL;
+    oaep = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(RSA_OAEP_PARAMS),
+                                     alg->parameter);
 
-    *pmaskHash = rsa_mgf1_decode(pss->maskGenFunc);
+    if (oaep == NULL)
+        return NULL;
 
-    return pss;
+    if (oaep->maskGenFunc != NULL) {
+        oaep->maskHash = rsa_mgf1_decode(oaep->maskGenFunc);
+        if (oaep->maskHash == NULL) {
+            RSA_OAEP_PARAMS_free(oaep);
+            return NULL;
+        }
+    }
+    return oaep;
 }
 
 static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
@@ -804,9 +897,9 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
     int labellen = 0;
     const EVP_MD *mgf1md = NULL, *md = NULL;
     RSA_OAEP_PARAMS *oaep;
-    X509_ALGOR *maskHash;
+
     pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
-    if (!pkctx)
+    if (pkctx == NULL)
         return 0;
     if (!CMS_RecipientInfo_ktri_get0_algs(ri, NULL, NULL, &cmsalg))
         return -1;
@@ -818,22 +911,23 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
         return -1;
     }
     /* Decode OAEP parameters */
-    oaep = rsa_oaep_decode(cmsalg, &maskHash);
+    oaep = rsa_oaep_decode(cmsalg);
 
     if (oaep == NULL) {
         RSAerr(RSA_F_RSA_CMS_DECRYPT, RSA_R_INVALID_OAEP_PARAMETERS);
         goto err;
     }
 
-    mgf1md = rsa_mgf1_to_md(oaep->maskGenFunc, maskHash);
-    if (!mgf1md)
+    mgf1md = rsa_algor_to_md(oaep->maskHash);
+    if (mgf1md == NULL)
         goto err;
     md = rsa_algor_to_md(oaep->hashFunc);
-    if (!md)
+    if (md == NULL)
         goto err;
 
-    if (oaep->pSourceFunc) {
+    if (oaep->pSourceFunc != NULL) {
         X509_ALGOR *plab = oaep->pSourceFunc;
+
         if (OBJ_obj2nid(plab->algorithm) != NID_pSpecified) {
             RSAerr(RSA_F_RSA_CMS_DECRYPT, RSA_R_UNSUPPORTED_LABEL_SOURCE);
             goto err;
@@ -862,8 +956,6 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
 
  err:
     RSA_OAEP_PARAMS_free(oaep);
-    if (maskHash)
-        X509_ALGOR_free(maskHash);
     return rv;
 }
 
@@ -876,7 +968,9 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri)
     EVP_PKEY_CTX *pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
     int pad_mode = RSA_PKCS1_PADDING, rv = 0, labellen;
     unsigned char *label;
-    CMS_RecipientInfo_ktri_get0_algs(ri, NULL, NULL, &alg);
+
+    if (CMS_RecipientInfo_ktri_get0_algs(ri, NULL, NULL, &alg) <= 0)
+        return 0;
     if (pkctx) {
         if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0)
             return 0;
@@ -896,18 +990,19 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri)
     if (labellen < 0)
         goto err;
     oaep = RSA_OAEP_PARAMS_new();
-    if (!oaep)
+    if (oaep == NULL)
         goto err;
     if (!rsa_md_to_algor(&oaep->hashFunc, md))
         goto err;
     if (!rsa_md_to_mgf1(&oaep->maskGenFunc, mgf1md))
         goto err;
     if (labellen > 0) {
-        ASN1_OCTET_STRING *los = ASN1_OCTET_STRING_new();
+        ASN1_OCTET_STRING *los;
         oaep->pSourceFunc = X509_ALGOR_new();
-        if (!oaep->pSourceFunc)
+        if (oaep->pSourceFunc == NULL)
             goto err;
-        if (!los)
+        los = ASN1_OCTET_STRING_new();
+        if (los == NULL)
             goto err;
         if (!ASN1_OCTET_STRING_set(los, label, labellen)) {
             ASN1_OCTET_STRING_free(los);
@@ -923,15 +1018,18 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri)
     os = NULL;
     rv = 1;
  err:
-    if (oaep)
-        RSA_OAEP_PARAMS_free(oaep);
-    if (os)
-        ASN1_STRING_free(os);
+    RSA_OAEP_PARAMS_free(oaep);
+    ASN1_STRING_free(os);
     return rv;
 }
 #endif
 
-const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = {
+static int rsa_pkey_check(const EVP_PKEY *pkey)
+{
+    return RSA_check_key_ex(pkey->pkey.rsa, NULL);
+}
+
+const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[2] = {
     {
      EVP_PKEY_RSA,
      EVP_PKEY_RSA,
@@ -951,6 +1049,7 @@ const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = {
 
      int_rsa_size,
      rsa_bits,
+     rsa_security_bits,
 
      0, 0, 0, 0, 0, 0,
 
@@ -960,10 +1059,46 @@ const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = {
      old_rsa_priv_decode,
      old_rsa_priv_encode,
      rsa_item_verify,
-     rsa_item_sign},
+     rsa_item_sign,
+     rsa_sig_info_set,
+     rsa_pkey_check
+    },
 
     {
      EVP_PKEY_RSA2,
      EVP_PKEY_RSA,
      ASN1_PKEY_ALIAS}
 };
+
+const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth = {
+     EVP_PKEY_RSA_PSS,
+     EVP_PKEY_RSA_PSS,
+     ASN1_PKEY_SIGPARAM_NULL,
+
+     "RSA-PSS",
+     "OpenSSL RSA-PSS method",
+
+     rsa_pub_decode,
+     rsa_pub_encode,
+     rsa_pub_cmp,
+     rsa_pub_print,
+
+     rsa_priv_decode,
+     rsa_priv_encode,
+     rsa_priv_print,
+
+     int_rsa_size,
+     rsa_bits,
+     rsa_security_bits,
+
+     0, 0, 0, 0, 0, 0,
+
+     rsa_sig_print,
+     int_rsa_free,
+     rsa_pkey_ctrl,
+     0, 0,
+     rsa_item_verify,
+     rsa_item_sign,
+     0,
+     rsa_pkey_check
+};
diff --git a/freebsd/crypto/openssl/crypto/rsa/rsa_asn1.c b/freebsd/crypto/openssl/crypto/rsa/rsa_asn1.c
index 9d083f46..d1b8f48a 100644
--- a/freebsd/crypto/openssl/crypto/rsa/rsa_asn1.c
+++ b/freebsd/crypto/openssl/crypto/rsa/rsa_asn1.c
@@ -1,98 +1,66 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* rsa_asn1.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/bn.h>
-#include <openssl/rsa.h>
 #include <openssl/x509.h>
 #include <openssl/asn1t.h>
+#include "rsa_locl.h"
 
-/* Override the default free and new methods */
+/*
+ * Override the default free and new methods,
+ * and calculate helper products for multi-prime
+ * RSA keys.
+ */
 static int rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
                   void *exarg)
 {
     if (operation == ASN1_OP_NEW_PRE) {
         *pval = (ASN1_VALUE *)RSA_new();
-        if (*pval)
+        if (*pval != NULL)
             return 2;
         return 0;
     } else if (operation == ASN1_OP_FREE_PRE) {
         RSA_free((RSA *)*pval);
         *pval = NULL;
         return 2;
+    } else if (operation == ASN1_OP_D2I_POST) {
+        if (((RSA *)*pval)->version != RSA_ASN1_VERSION_MULTI) {
+            /* not a multi-prime key, skip */
+            return 1;
+        }
+        return (rsa_multip_calc_product((RSA *)*pval) == 1) ? 2 : 0;
     }
     return 1;
 }
 
+/* Based on definitions in RFC 8017 appendix A.1.2 */
+ASN1_SEQUENCE(RSA_PRIME_INFO) = {
+        ASN1_SIMPLE(RSA_PRIME_INFO, r, CBIGNUM),
+        ASN1_SIMPLE(RSA_PRIME_INFO, d, CBIGNUM),
+        ASN1_SIMPLE(RSA_PRIME_INFO, t, CBIGNUM),
+} ASN1_SEQUENCE_END(RSA_PRIME_INFO)
+
 ASN1_SEQUENCE_cb(RSAPrivateKey, rsa_cb) = {
-        ASN1_SIMPLE(RSA, version, LONG),
+        ASN1_EMBED(RSA, version, INT32),
         ASN1_SIMPLE(RSA, n, BIGNUM),
         ASN1_SIMPLE(RSA, e, BIGNUM),
-        ASN1_SIMPLE(RSA, d, BIGNUM),
-        ASN1_SIMPLE(RSA, p, BIGNUM),
-        ASN1_SIMPLE(RSA, q, BIGNUM),
-        ASN1_SIMPLE(RSA, dmp1, BIGNUM),
-        ASN1_SIMPLE(RSA, dmq1, BIGNUM),
-        ASN1_SIMPLE(RSA, iqmp, BIGNUM)
+        ASN1_SIMPLE(RSA, d, CBIGNUM),
+        ASN1_SIMPLE(RSA, p, CBIGNUM),
+        ASN1_SIMPLE(RSA, q, CBIGNUM),
+        ASN1_SIMPLE(RSA, dmp1, CBIGNUM),
+        ASN1_SIMPLE(RSA, dmq1, CBIGNUM),
+        ASN1_SIMPLE(RSA, iqmp, CBIGNUM),
+        ASN1_SEQUENCE_OF_OPT(RSA, prime_infos, RSA_PRIME_INFO)
 } ASN1_SEQUENCE_END_cb(RSA, RSAPrivateKey)
 
 
@@ -101,20 +69,42 @@ ASN1_SEQUENCE_cb(RSAPublicKey, rsa_cb) = {
         ASN1_SIMPLE(RSA, e, BIGNUM),
 } ASN1_SEQUENCE_END_cb(RSA, RSAPublicKey)
 
-ASN1_SEQUENCE(RSA_PSS_PARAMS) = {
+/* Free up maskHash */
+static int rsa_pss_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                      void *exarg)
+{
+    if (operation == ASN1_OP_FREE_PRE) {
+        RSA_PSS_PARAMS *pss = (RSA_PSS_PARAMS *)*pval;
+        X509_ALGOR_free(pss->maskHash);
+    }
+    return 1;
+}
+
+ASN1_SEQUENCE_cb(RSA_PSS_PARAMS, rsa_pss_cb) = {
         ASN1_EXP_OPT(RSA_PSS_PARAMS, hashAlgorithm, X509_ALGOR,0),
         ASN1_EXP_OPT(RSA_PSS_PARAMS, maskGenAlgorithm, X509_ALGOR,1),
         ASN1_EXP_OPT(RSA_PSS_PARAMS, saltLength, ASN1_INTEGER,2),
         ASN1_EXP_OPT(RSA_PSS_PARAMS, trailerField, ASN1_INTEGER,3)
-} ASN1_SEQUENCE_END(RSA_PSS_PARAMS)
+} ASN1_SEQUENCE_END_cb(RSA_PSS_PARAMS, RSA_PSS_PARAMS)
 
 IMPLEMENT_ASN1_FUNCTIONS(RSA_PSS_PARAMS)
 
-ASN1_SEQUENCE(RSA_OAEP_PARAMS) = {
+/* Free up maskHash */
+static int rsa_oaep_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                       void *exarg)
+{
+    if (operation == ASN1_OP_FREE_PRE) {
+        RSA_OAEP_PARAMS *oaep = (RSA_OAEP_PARAMS *)*pval;
+        X509_ALGOR_free(oaep->maskHash);
+    }
+    return 1;
+}
+
+ASN1_SEQUENCE_cb(RSA_OAEP_PARAMS, rsa_oaep_cb) = {
         ASN1_EXP_OPT(RSA_OAEP_PARAMS, hashFunc, X509_ALGOR, 0),
         ASN1_EXP_OPT(RSA_OAEP_PARAMS, maskGenFunc, X509_ALGOR, 1),
         ASN1_EXP_OPT(RSA_OAEP_PARAMS, pSourceFunc, X509_ALGOR, 2),
-} ASN1_SEQUENCE_END(RSA_OAEP_PARAMS)
+} ASN1_SEQUENCE_END_cb(RSA_OAEP_PARAMS, RSA_OAEP_PARAMS)
 
 IMPLEMENT_ASN1_FUNCTIONS(RSA_OAEP_PARAMS)
 
diff --git a/freebsd/crypto/openssl/crypto/rsa/rsa_chk.c b/freebsd/crypto/openssl/crypto/rsa/rsa_chk.c
index b7b684bd..9f1b9b55 100644
--- a/freebsd/crypto/openssl/crypto/rsa/rsa_chk.c
+++ b/freebsd/crypto/openssl/crypto/rsa/rsa_chk.c
@@ -1,70 +1,46 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/rsa/rsa_chk.c  */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+/*
+ * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/bn.h>
 #include <openssl/err.h>
-#include <openssl/rsa.h>
+#include "rsa_locl.h"
 
 int RSA_check_key(const RSA *key)
 {
+    return RSA_check_key_ex(key, NULL);
+}
+
+int RSA_check_key_ex(const RSA *key, BN_GENCB *cb)
+{
     BIGNUM *i, *j, *k, *l, *m;
     BN_CTX *ctx;
-    int ret = 1;
+    int ret = 1, ex_primes = 0, idx;
+    RSA_PRIME_INFO *pinfo;
 
-    if (!key->p || !key->q || !key->n || !key->e || !key->d) {
-        RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_VALUE_MISSING);
+    if (key->p == NULL || key->q == NULL || key->n == NULL
+            || key->e == NULL || key->d == NULL) {
+        RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_VALUE_MISSING);
         return 0;
     }
 
+    /* multi-prime? */
+    if (key->version == RSA_ASN1_VERSION_MULTI) {
+        ex_primes = sk_RSA_PRIME_INFO_num(key->prime_infos);
+        if (ex_primes <= 0
+                || (ex_primes + 2) > rsa_multip_cap(BN_num_bits(key->n))) {
+            RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_INVALID_MULTI_PRIME_KEY);
+            return 0;
+        }
+    }
+
     i = BN_new();
     j = BN_new();
     k = BN_new();
@@ -74,42 +50,62 @@ int RSA_check_key(const RSA *key)
     if (i == NULL || j == NULL || k == NULL || l == NULL
             || m == NULL || ctx == NULL) {
         ret = -1;
-        RSAerr(RSA_F_RSA_CHECK_KEY, ERR_R_MALLOC_FAILURE);
+        RSAerr(RSA_F_RSA_CHECK_KEY_EX, ERR_R_MALLOC_FAILURE);
         goto err;
     }
 
     if (BN_is_one(key->e)) {
         ret = 0;
-        RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_BAD_E_VALUE);
+        RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_BAD_E_VALUE);
     }
     if (!BN_is_odd(key->e)) {
         ret = 0;
-        RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_BAD_E_VALUE);
+        RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_BAD_E_VALUE);
     }
 
     /* p prime? */
-    if (BN_is_prime_ex(key->p, BN_prime_checks, NULL, NULL) != 1) {
+    if (BN_is_prime_ex(key->p, BN_prime_checks, NULL, cb) != 1) {
         ret = 0;
-        RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_P_NOT_PRIME);
+        RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_P_NOT_PRIME);
     }
 
     /* q prime? */
-    if (BN_is_prime_ex(key->q, BN_prime_checks, NULL, NULL) != 1) {
+    if (BN_is_prime_ex(key->q, BN_prime_checks, NULL, cb) != 1) {
         ret = 0;
-        RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_Q_NOT_PRIME);
+        RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_Q_NOT_PRIME);
+    }
+
+    /* r_i prime? */
+    for (idx = 0; idx < ex_primes; idx++) {
+        pinfo = sk_RSA_PRIME_INFO_value(key->prime_infos, idx);
+        if (BN_is_prime_ex(pinfo->r, BN_prime_checks, NULL, cb) != 1) {
+            ret = 0;
+            RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_MP_R_NOT_PRIME);
+        }
     }
 
-    /* n = p*q? */
+    /* n = p*q * r_3...r_i? */
     if (!BN_mul(i, key->p, key->q, ctx)) {
         ret = -1;
         goto err;
     }
+    for (idx = 0; idx < ex_primes; idx++) {
+        pinfo = sk_RSA_PRIME_INFO_value(key->prime_infos, idx);
+        if (!BN_mul(i, i, pinfo->r, ctx)) {
+            ret = -1;
+            goto err;
+        }
+    }
     if (BN_cmp(i, key->n) != 0) {
         ret = 0;
-        RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_N_DOES_NOT_EQUAL_P_Q);
+        if (ex_primes)
+            RSAerr(RSA_F_RSA_CHECK_KEY_EX,
+                   RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES);
+        else
+            RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_N_DOES_NOT_EQUAL_P_Q);
     }
 
-    /* d*e = 1  mod lcm(p-1,q-1)? */
+    /* d*e = 1  mod \lambda(n)? */
     if (!BN_sub(i, key->p, BN_value_one())) {
         ret = -1;
         goto err;
@@ -119,7 +115,7 @@ int RSA_check_key(const RSA *key)
         goto err;
     }
 
-    /* now compute k = lcm(i,j) */
+    /* now compute k = \lambda(n) = LCM(i, j, r_3 - 1...) */
     if (!BN_mul(l, i, j, ctx)) {
         ret = -1;
         goto err;
@@ -128,6 +124,21 @@ int RSA_check_key(const RSA *key)
         ret = -1;
         goto err;
     }
+    for (idx = 0; idx < ex_primes; idx++) {
+        pinfo = sk_RSA_PRIME_INFO_value(key->prime_infos, idx);
+        if (!BN_sub(k, pinfo->r, BN_value_one())) {
+            ret = -1;
+            goto err;
+        }
+        if (!BN_mul(l, l, k, ctx)) {
+            ret = -1;
+            goto err;
+        }
+        if (!BN_gcd(m, m, k, ctx)) {
+            ret = -1;
+            goto err;
+        }
+    }
     if (!BN_div(k, NULL, l, m, ctx)) { /* remainder is 0 */
         ret = -1;
         goto err;
@@ -139,7 +150,7 @@ int RSA_check_key(const RSA *key)
 
     if (!BN_is_one(i)) {
         ret = 0;
-        RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_D_E_NOT_CONGRUENT_TO_1);
+        RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_D_E_NOT_CONGRUENT_TO_1);
     }
 
     if (key->dmp1 != NULL && key->dmq1 != NULL && key->iqmp != NULL) {
@@ -154,7 +165,7 @@ int RSA_check_key(const RSA *key)
         }
         if (BN_cmp(j, key->dmp1) != 0) {
             ret = 0;
-            RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_DMP1_NOT_CONGRUENT_TO_D);
+            RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_DMP1_NOT_CONGRUENT_TO_D);
         }
 
         /* dmq1 = d mod (q-1)? */
@@ -168,7 +179,7 @@ int RSA_check_key(const RSA *key)
         }
         if (BN_cmp(j, key->dmq1) != 0) {
             ret = 0;
-            RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_DMQ1_NOT_CONGRUENT_TO_D);
+            RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_DMQ1_NOT_CONGRUENT_TO_D);
         }
 
         /* iqmp = q^-1 mod p? */
@@ -178,7 +189,33 @@ int RSA_check_key(const RSA *key)
         }
         if (BN_cmp(i, key->iqmp) != 0) {
             ret = 0;
-            RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_IQMP_NOT_INVERSE_OF_Q);
+            RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_IQMP_NOT_INVERSE_OF_Q);
+        }
+    }
+
+    for (idx = 0; idx < ex_primes; idx++) {
+        pinfo = sk_RSA_PRIME_INFO_value(key->prime_infos, idx);
+        /* d_i = d mod (r_i - 1)? */
+        if (!BN_sub(i, pinfo->r, BN_value_one())) {
+            ret = -1;
+            goto err;
+        }
+        if (!BN_mod(j, key->d, i, ctx)) {
+            ret = -1;
+            goto err;
+        }
+        if (BN_cmp(j, pinfo->d) != 0) {
+            ret = 0;
+            RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D);
+        }
+        /* t_i = R_i ^ -1 mod r_i ? */
+        if (!BN_mod_inverse(i, pinfo->pp, pinfo->r, ctx)) {
+            ret = -1;
+            goto err;
+        }
+        if (BN_cmp(i, pinfo->t) != 0) {
+            ret = 0;
+            RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R);
         }
     }
 
diff --git a/freebsd/crypto/openssl/crypto/rsa/rsa_crpt.c b/freebsd/crypto/openssl/crypto/rsa/rsa_crpt.c
index 172d072b..22963b3f 100644
--- a/freebsd/crypto/openssl/crypto/rsa/rsa_crpt.c
+++ b/freebsd/crypto/openssl/crypto/rsa/rsa_crpt.c
@@ -1,142 +1,64 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/rsa/rsa_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <openssl/crypto.h>
-#include "cryptlib.h"
-#include <openssl/lhash.h>
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
+#include "internal/cryptlib.h"
+#include "internal/bn_int.h"
 #include <openssl/rand.h>
-#ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
-#endif
+#include "rsa_locl.h"
+
+int RSA_bits(const RSA *r)
+{
+    return BN_num_bits(r->n);
+}
 
 int RSA_size(const RSA *r)
 {
-    return (BN_num_bytes(r->n));
+    return BN_num_bytes(r->n);
 }
 
 int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
                        RSA *rsa, int padding)
 {
-#ifdef OPENSSL_FIPS
-    if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-        && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) {
-        RSAerr(RSA_F_RSA_PUBLIC_ENCRYPT, RSA_R_NON_FIPS_RSA_METHOD);
-        return -1;
-    }
-#endif
-    return (rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding));
+    return rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding);
 }
 
 int RSA_private_encrypt(int flen, const unsigned char *from,
                         unsigned char *to, RSA *rsa, int padding)
 {
-#ifdef OPENSSL_FIPS
-    if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-        && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) {
-        RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT, RSA_R_NON_FIPS_RSA_METHOD);
-        return -1;
-    }
-#endif
-    return (rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding));
+    return rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding);
 }
 
 int RSA_private_decrypt(int flen, const unsigned char *from,
                         unsigned char *to, RSA *rsa, int padding)
 {
-#ifdef OPENSSL_FIPS
-    if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-        && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) {
-        RSAerr(RSA_F_RSA_PRIVATE_DECRYPT, RSA_R_NON_FIPS_RSA_METHOD);
-        return -1;
-    }
-#endif
-    return (rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding));
+    return rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding);
 }
 
 int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
                        RSA *rsa, int padding)
 {
-#ifdef OPENSSL_FIPS
-    if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-        && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) {
-        RSAerr(RSA_F_RSA_PUBLIC_DECRYPT, RSA_R_NON_FIPS_RSA_METHOD);
-        return -1;
-    }
-#endif
-    return (rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));
+    return rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding);
 }
 
 int RSA_flags(const RSA *r)
 {
-    return ((r == NULL) ? 0 : r->meth->flags);
+    return r == NULL ? 0 : r->meth->flags;
 }
 
 void RSA_blinding_off(RSA *rsa)
 {
-    if (rsa->blinding != NULL) {
-        BN_BLINDING_free(rsa->blinding);
-        rsa->blinding = NULL;
-    }
+    BN_BLINDING_free(rsa->blinding);
+    rsa->blinding = NULL;
     rsa->flags &= ~RSA_FLAG_BLINDING;
     rsa->flags |= RSA_FLAG_NO_BLINDING;
 }
@@ -156,7 +78,7 @@ int RSA_blinding_on(RSA *rsa, BN_CTX *ctx)
     rsa->flags &= ~RSA_FLAG_NO_BLINDING;
     ret = 1;
  err:
-    return (ret);
+    return ret;
 }
 
 static BIGNUM *rsa_get_public_exp(const BIGNUM *d, const BIGNUM *p,
@@ -189,16 +111,16 @@ static BIGNUM *rsa_get_public_exp(const BIGNUM *d, const BIGNUM *p,
 
 BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
 {
-    BIGNUM local_n;
-    BIGNUM *e, *n;
+    BIGNUM *e;
     BN_CTX *ctx;
     BN_BLINDING *ret = NULL;
 
     if (in_ctx == NULL) {
         if ((ctx = BN_CTX_new()) == NULL)
             return 0;
-    } else
+    } else {
         ctx = in_ctx;
+    }
 
     BN_CTX_start(ctx);
     e = BN_CTX_get(ctx);
@@ -213,36 +135,36 @@ BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
             RSAerr(RSA_F_RSA_SETUP_BLINDING, RSA_R_NO_PUBLIC_EXPONENT);
             goto err;
         }
-    } else
+    } else {
         e = rsa->e;
-
-    if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL) {
-        /*
-         * if PRNG is not properly seeded, resort to secret exponent as
-         * unpredictable seed
-         */
-        RAND_add(rsa->d->d, rsa->d->dmax * sizeof(rsa->d->d[0]), 0.0);
     }
 
-    if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
-        /* Set BN_FLG_CONSTTIME flag */
-        n = &local_n;
+    {
+        BIGNUM *n = BN_new();
+
+        if (n == NULL) {
+            RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
         BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME);
-    } else
-        n = rsa->n;
 
-    ret = BN_BLINDING_create_param(NULL, e, n, ctx,
-                                   rsa->meth->bn_mod_exp, rsa->_method_mod_n);
+        ret = BN_BLINDING_create_param(NULL, e, n, ctx, rsa->meth->bn_mod_exp,
+                                       rsa->_method_mod_n);
+        /* We MUST free n before any further use of rsa->n */
+        BN_free(n);
+    }
     if (ret == NULL) {
         RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB);
         goto err;
     }
-    CRYPTO_THREADID_current(BN_BLINDING_thread_id(ret));
+
+    BN_BLINDING_set_current_thread(ret);
+
  err:
     BN_CTX_end(ctx);
-    if (in_ctx == NULL)
+    if (ctx != in_ctx)
         BN_CTX_free(ctx);
-    if (rsa->e == NULL)
+    if (e != rsa->e)
         BN_free(e);
 
     return ret;
diff --git a/freebsd/crypto/openssl/crypto/rsa/rsa_depr.c b/freebsd/crypto/openssl/crypto/rsa/rsa_depr.c
index 501a7e45..08b78970 100644
--- a/freebsd/crypto/openssl/crypto/rsa/rsa_depr.c
+++ b/freebsd/crypto/openssl/crypto/rsa/rsa_depr.c
@@ -1,58 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/rsa/rsa_depr.c */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 /*
@@ -60,27 +14,27 @@
  * "new" versions).
  */
 
-#include <stdio.h>
-#include <time.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-
-#ifdef OPENSSL_NO_DEPRECATED
-
-static void *dummy = &dummy;
+#include <openssl/opensslconf.h>
+#if OPENSSL_API_COMPAT >= 0x00908000L
+NON_EMPTY_TRANSLATION_UNIT
 
 #else
 
+# include <stdio.h>
+# include <time.h>
+# include "internal/cryptlib.h"
+# include <openssl/bn.h>
+# include <openssl/rsa.h>
+
 RSA *RSA_generate_key(int bits, unsigned long e_value,
                       void (*callback) (int, int, void *), void *cb_arg)
 {
-    BN_GENCB cb;
     int i;
+    BN_GENCB *cb = BN_GENCB_new();
     RSA *rsa = RSA_new();
     BIGNUM *e = BN_new();
 
-    if (!rsa || !e)
+    if (cb == NULL || rsa == NULL || e == NULL)
         goto err;
 
     /*
@@ -93,17 +47,17 @@ RSA *RSA_generate_key(int bits, unsigned long e_value,
                 goto err;
     }
 
-    BN_GENCB_set_old(&cb, callback, cb_arg);
+    BN_GENCB_set_old(cb, callback, cb_arg);
 
-    if (RSA_generate_key_ex(rsa, bits, e, &cb)) {
+    if (RSA_generate_key_ex(rsa, bits, e, cb)) {
         BN_free(e);
+        BN_GENCB_free(cb);
         return rsa;
     }
  err:
-    if (e)
-        BN_free(e);
-    if (rsa)
-        RSA_free(rsa);
+    BN_free(e);
+    RSA_free(rsa);
+    BN_GENCB_free(cb);
     return 0;
 }
 #endif
diff --git a/freebsd/crypto/openssl/crypto/rsa/rsa_eay.c b/freebsd/crypto/openssl/crypto/rsa/rsa_eay.c
deleted file mode 100644
index 30a9c82b..00000000
--- a/freebsd/crypto/openssl/crypto/rsa/rsa_eay.c
+++ /dev/null
@@ -1,893 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/rsa/rsa_eay.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2018 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/rand.h>
-#include "bn_int.h"
-
-#ifndef RSA_NULL
-
-static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
-                                  unsigned char *to, RSA *rsa, int padding);
-static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
-                                   unsigned char *to, RSA *rsa, int padding);
-static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
-                                  unsigned char *to, RSA *rsa, int padding);
-static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
-                                   unsigned char *to, RSA *rsa, int padding);
-static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa,
-                           BN_CTX *ctx);
-static int RSA_eay_init(RSA *rsa);
-static int RSA_eay_finish(RSA *rsa);
-static RSA_METHOD rsa_pkcs1_eay_meth = {
-    "Eric Young's PKCS#1 RSA",
-    RSA_eay_public_encrypt,
-    RSA_eay_public_decrypt,     /* signature verification */
-    RSA_eay_private_encrypt,    /* signing */
-    RSA_eay_private_decrypt,
-    RSA_eay_mod_exp,
-    BN_mod_exp_mont,            /* XXX probably we should not use Montgomery
-                                 * if e == 3 */
-    RSA_eay_init,
-    RSA_eay_finish,
-    0,                          /* flags */
-    NULL,
-    0,                          /* rsa_sign */
-    0,                          /* rsa_verify */
-    NULL                        /* rsa_keygen */
-};
-
-const RSA_METHOD *RSA_PKCS1_SSLeay(void)
-{
-    return (&rsa_pkcs1_eay_meth);
-}
-
-static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
-                                  unsigned char *to, RSA *rsa, int padding)
-{
-    BIGNUM *f, *ret;
-    int i, num = 0, r = -1;
-    unsigned char *buf = NULL;
-    BN_CTX *ctx = NULL;
-
-    if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) {
-        RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE);
-        return -1;
-    }
-
-    if (BN_ucmp(rsa->n, rsa->e) <= 0) {
-        RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
-        return -1;
-    }
-
-    /* for large moduli, enforce exponent limit */
-    if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) {
-        if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) {
-            RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
-            return -1;
-        }
-    }
-
-    if ((ctx = BN_CTX_new()) == NULL)
-        goto err;
-    BN_CTX_start(ctx);
-    f = BN_CTX_get(ctx);
-    ret = BN_CTX_get(ctx);
-    num = BN_num_bytes(rsa->n);
-    buf = OPENSSL_malloc(num);
-    if (!f || !ret || !buf) {
-        RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    switch (padding) {
-    case RSA_PKCS1_PADDING:
-        i = RSA_padding_add_PKCS1_type_2(buf, num, from, flen);
-        break;
-# ifndef OPENSSL_NO_SHA
-    case RSA_PKCS1_OAEP_PADDING:
-        i = RSA_padding_add_PKCS1_OAEP(buf, num, from, flen, NULL, 0);
-        break;
-# endif
-    case RSA_SSLV23_PADDING:
-        i = RSA_padding_add_SSLv23(buf, num, from, flen);
-        break;
-    case RSA_NO_PADDING:
-        i = RSA_padding_add_none(buf, num, from, flen);
-        break;
-    default:
-        RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
-        goto err;
-    }
-    if (i <= 0)
-        goto err;
-
-    if (BN_bin2bn(buf, num, f) == NULL)
-        goto err;
-
-    if (BN_ucmp(f, rsa->n) >= 0) {
-        /* usually the padding functions would catch this */
-        RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,
-               RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
-        goto err;
-    }
-
-    if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
-        if (!BN_MONT_CTX_set_locked
-            (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
-            goto err;
-
-    if (!rsa->meth->bn_mod_exp(ret, f, rsa->e, rsa->n, ctx,
-                               rsa->_method_mod_n))
-        goto err;
-
-    /*
-     * BN_bn2binpad puts in leading 0 bytes if the number is less than
-     * the length of the modulus.
-     */
-    r = bn_bn2binpad(ret, to, num);
- err:
-    if (ctx != NULL) {
-        BN_CTX_end(ctx);
-        BN_CTX_free(ctx);
-    }
-    if (buf != NULL) {
-        OPENSSL_cleanse(buf, num);
-        OPENSSL_free(buf);
-    }
-    return (r);
-}
-
-static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)
-{
-    BN_BLINDING *ret;
-    int got_write_lock = 0;
-    CRYPTO_THREADID cur;
-
-    CRYPTO_r_lock(CRYPTO_LOCK_RSA);
-
-    if (rsa->blinding == NULL) {
-        CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
-        CRYPTO_w_lock(CRYPTO_LOCK_RSA);
-        got_write_lock = 1;
-
-        if (rsa->blinding == NULL)
-            rsa->blinding = RSA_setup_blinding(rsa, ctx);
-    }
-
-    ret = rsa->blinding;
-    if (ret == NULL)
-        goto err;
-
-    CRYPTO_THREADID_current(&cur);
-    if (!CRYPTO_THREADID_cmp(&cur, BN_BLINDING_thread_id(ret))) {
-        /* rsa->blinding is ours! */
-
-        *local = 1;
-    } else {
-        /* resort to rsa->mt_blinding instead */
-
-        /*
-         * instructs rsa_blinding_convert(), rsa_blinding_invert() that the
-         * BN_BLINDING is shared, meaning that accesses require locks, and
-         * that the blinding factor must be stored outside the BN_BLINDING
-         */
-        *local = 0;
-
-        if (rsa->mt_blinding == NULL) {
-            if (!got_write_lock) {
-                CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
-                CRYPTO_w_lock(CRYPTO_LOCK_RSA);
-                got_write_lock = 1;
-            }
-
-            if (rsa->mt_blinding == NULL)
-                rsa->mt_blinding = RSA_setup_blinding(rsa, ctx);
-        }
-        ret = rsa->mt_blinding;
-    }
-
- err:
-    if (got_write_lock)
-        CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
-    else
-        CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
-    return ret;
-}
-
-static int rsa_blinding_convert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind,
-                                BN_CTX *ctx)
-{
-    if (unblind == NULL)
-        /*
-         * Local blinding: store the unblinding factor in BN_BLINDING.
-         */
-        return BN_BLINDING_convert_ex(f, NULL, b, ctx);
-    else {
-        /*
-         * Shared blinding: store the unblinding factor outside BN_BLINDING.
-         */
-        int ret;
-        CRYPTO_w_lock(CRYPTO_LOCK_RSA_BLINDING);
-        ret = BN_BLINDING_convert_ex(f, unblind, b, ctx);
-        CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING);
-        return ret;
-    }
-}
-
-static int rsa_blinding_invert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind,
-                               BN_CTX *ctx)
-{
-    /*
-     * For local blinding, unblind is set to NULL, and BN_BLINDING_invert_ex
-     * will use the unblinding factor stored in BN_BLINDING. If BN_BLINDING
-     * is shared between threads, unblind must be non-null:
-     * BN_BLINDING_invert_ex will then use the local unblinding factor, and
-     * will only read the modulus from BN_BLINDING. In both cases it's safe
-     * to access the blinding without a lock.
-     */
-    return BN_BLINDING_invert_ex(f, unblind, b, ctx);
-}
-
-/* signing */
-static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
-                                   unsigned char *to, RSA *rsa, int padding)
-{
-    BIGNUM *f, *ret, *res;
-    int i, num = 0, r = -1;
-    unsigned char *buf = NULL;
-    BN_CTX *ctx = NULL;
-    int local_blinding = 0;
-    /*
-     * Used only if the blinding structure is shared. A non-NULL unblind
-     * instructs rsa_blinding_convert() and rsa_blinding_invert() to store
-     * the unblinding factor outside the blinding structure.
-     */
-    BIGNUM *unblind = NULL;
-    BN_BLINDING *blinding = NULL;
-
-    if ((ctx = BN_CTX_new()) == NULL)
-        goto err;
-    BN_CTX_start(ctx);
-    f = BN_CTX_get(ctx);
-    ret = BN_CTX_get(ctx);
-    num = BN_num_bytes(rsa->n);
-    buf = OPENSSL_malloc(num);
-    if (!f || !ret || !buf) {
-        RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    switch (padding) {
-    case RSA_PKCS1_PADDING:
-        i = RSA_padding_add_PKCS1_type_1(buf, num, from, flen);
-        break;
-    case RSA_X931_PADDING:
-        i = RSA_padding_add_X931(buf, num, from, flen);
-        break;
-    case RSA_NO_PADDING:
-        i = RSA_padding_add_none(buf, num, from, flen);
-        break;
-    case RSA_SSLV23_PADDING:
-    default:
-        RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
-        goto err;
-    }
-    if (i <= 0)
-        goto err;
-
-    if (BN_bin2bn(buf, num, f) == NULL)
-        goto err;
-
-    if (BN_ucmp(f, rsa->n) >= 0) {
-        /* usually the padding functions would catch this */
-        RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
-               RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
-        goto err;
-    }
-
-    if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) {
-        blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
-        if (blinding == NULL) {
-            RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR);
-            goto err;
-        }
-    }
-
-    if (blinding != NULL) {
-        if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) {
-            RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-        if (!rsa_blinding_convert(blinding, f, unblind, ctx))
-            goto err;
-    }
-
-    if ((rsa->flags & RSA_FLAG_EXT_PKEY) ||
-        ((rsa->p != NULL) &&
-         (rsa->q != NULL) &&
-         (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL))) {
-        if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx))
-            goto err;
-    } else {
-        BIGNUM local_d;
-        BIGNUM *d = NULL;
-
-        if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
-            BN_init(&local_d);
-            d = &local_d;
-            BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
-        } else
-            d = rsa->d;
-
-        if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
-            if (!BN_MONT_CTX_set_locked
-                (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
-                goto err;
-
-        if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx,
-                                   rsa->_method_mod_n))
-            goto err;
-    }
-
-    if (blinding)
-        if (!rsa_blinding_invert(blinding, ret, unblind, ctx))
-            goto err;
-
-    if (padding == RSA_X931_PADDING) {
-        BN_sub(f, rsa->n, ret);
-        if (BN_cmp(ret, f) > 0)
-            res = f;
-        else
-            res = ret;
-    } else
-        res = ret;
-
-    /*
-     * BN_bn2binpad puts in leading 0 bytes if the number is less than
-     * the length of the modulus.
-     */
-    r = bn_bn2binpad(res, to, num);
- err:
-    if (ctx != NULL) {
-        BN_CTX_end(ctx);
-        BN_CTX_free(ctx);
-    }
-    if (buf != NULL) {
-        OPENSSL_cleanse(buf, num);
-        OPENSSL_free(buf);
-    }
-    return (r);
-}
-
-static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
-                                   unsigned char *to, RSA *rsa, int padding)
-{
-    BIGNUM *f, *ret;
-    int j, num = 0, r = -1;
-    unsigned char *buf = NULL;
-    BN_CTX *ctx = NULL;
-    int local_blinding = 0;
-    /*
-     * Used only if the blinding structure is shared. A non-NULL unblind
-     * instructs rsa_blinding_convert() and rsa_blinding_invert() to store
-     * the unblinding factor outside the blinding structure.
-     */
-    BIGNUM *unblind = NULL;
-    BN_BLINDING *blinding = NULL;
-
-    if ((ctx = BN_CTX_new()) == NULL)
-        goto err;
-    BN_CTX_start(ctx);
-    f = BN_CTX_get(ctx);
-    ret = BN_CTX_get(ctx);
-    num = BN_num_bytes(rsa->n);
-    buf = OPENSSL_malloc(num);
-    if (!f || !ret || !buf) {
-        RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    /*
-     * This check was for equality but PGP does evil things and chops off the
-     * top '0' bytes
-     */
-    if (flen > num) {
-        RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,
-               RSA_R_DATA_GREATER_THAN_MOD_LEN);
-        goto err;
-    }
-
-    /* make data into a big number */
-    if (BN_bin2bn(from, (int)flen, f) == NULL)
-        goto err;
-
-    if (BN_ucmp(f, rsa->n) >= 0) {
-        RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,
-               RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
-        goto err;
-    }
-
-    if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) {
-        blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
-        if (blinding == NULL) {
-            RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_INTERNAL_ERROR);
-            goto err;
-        }
-    }
-
-    if (blinding != NULL) {
-        if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) {
-            RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-        if (!rsa_blinding_convert(blinding, f, unblind, ctx))
-            goto err;
-    }
-
-    /* do the decrypt */
-    if ((rsa->flags & RSA_FLAG_EXT_PKEY) ||
-        ((rsa->p != NULL) &&
-         (rsa->q != NULL) &&
-         (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL))) {
-        if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx))
-            goto err;
-    } else {
-        BIGNUM local_d;
-        BIGNUM *d = NULL;
-
-        if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
-            d = &local_d;
-            BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
-        } else
-            d = rsa->d;
-
-        if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
-            if (!BN_MONT_CTX_set_locked
-                (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
-                goto err;
-        if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx,
-                                   rsa->_method_mod_n))
-            goto err;
-    }
-
-    if (blinding)
-        if (!rsa_blinding_invert(blinding, ret, unblind, ctx))
-            goto err;
-
-    j = bn_bn2binpad(ret, buf, num);
-
-    switch (padding) {
-    case RSA_PKCS1_PADDING:
-        r = RSA_padding_check_PKCS1_type_2(to, num, buf, j, num);
-        break;
-# ifndef OPENSSL_NO_SHA
-    case RSA_PKCS1_OAEP_PADDING:
-        r = RSA_padding_check_PKCS1_OAEP(to, num, buf, j, num, NULL, 0);
-        break;
-# endif
-    case RSA_SSLV23_PADDING:
-        r = RSA_padding_check_SSLv23(to, num, buf, j, num);
-        break;
-    case RSA_NO_PADDING:
-        memcpy(to, buf, (r = j));
-        break;
-    default:
-        RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
-        goto err;
-    }
-    if (r < 0)
-        RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_PADDING_CHECK_FAILED);
-
- err:
-    if (ctx != NULL) {
-        BN_CTX_end(ctx);
-        BN_CTX_free(ctx);
-    }
-    if (buf != NULL) {
-        OPENSSL_cleanse(buf, num);
-        OPENSSL_free(buf);
-    }
-    return (r);
-}
-
-/* signature verification */
-static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
-                                  unsigned char *to, RSA *rsa, int padding)
-{
-    BIGNUM *f, *ret;
-    int i, num = 0, r = -1;
-    unsigned char *buf = NULL;
-    BN_CTX *ctx = NULL;
-
-    if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) {
-        RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE);
-        return -1;
-    }
-
-    if (BN_ucmp(rsa->n, rsa->e) <= 0) {
-        RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);
-        return -1;
-    }
-
-    /* for large moduli, enforce exponent limit */
-    if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) {
-        if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) {
-            RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);
-            return -1;
-        }
-    }
-
-    if ((ctx = BN_CTX_new()) == NULL)
-        goto err;
-    BN_CTX_start(ctx);
-    f = BN_CTX_get(ctx);
-    ret = BN_CTX_get(ctx);
-    num = BN_num_bytes(rsa->n);
-    buf = OPENSSL_malloc(num);
-    if (!f || !ret || !buf) {
-        RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    /*
-     * This check was for equality but PGP does evil things and chops off the
-     * top '0' bytes
-     */
-    if (flen > num) {
-        RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_DATA_GREATER_THAN_MOD_LEN);
-        goto err;
-    }
-
-    if (BN_bin2bn(from, flen, f) == NULL)
-        goto err;
-
-    if (BN_ucmp(f, rsa->n) >= 0) {
-        RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,
-               RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
-        goto err;
-    }
-
-    if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
-        if (!BN_MONT_CTX_set_locked
-            (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
-            goto err;
-
-    if (!rsa->meth->bn_mod_exp(ret, f, rsa->e, rsa->n, ctx,
-                               rsa->_method_mod_n))
-        goto err;
-
-    if ((padding == RSA_X931_PADDING) && ((ret->d[0] & 0xf) != 12))
-        if (!BN_sub(ret, rsa->n, ret))
-            goto err;
-
-    i = bn_bn2binpad(ret, buf, num);
-
-    switch (padding) {
-    case RSA_PKCS1_PADDING:
-        r = RSA_padding_check_PKCS1_type_1(to, num, buf, i, num);
-        break;
-    case RSA_X931_PADDING:
-        r = RSA_padding_check_X931(to, num, buf, i, num);
-        break;
-    case RSA_NO_PADDING:
-        memcpy(to, buf, (r = i));
-        break;
-    default:
-        RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
-        goto err;
-    }
-    if (r < 0)
-        RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_PADDING_CHECK_FAILED);
-
- err:
-    if (ctx != NULL) {
-        BN_CTX_end(ctx);
-        BN_CTX_free(ctx);
-    }
-    if (buf != NULL) {
-        OPENSSL_cleanse(buf, num);
-        OPENSSL_free(buf);
-    }
-    return (r);
-}
-
-static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
-{
-    BIGNUM *r1, *m1, *vrfy;
-    BIGNUM local_dmp1, local_dmq1, local_c, local_r1;
-    BIGNUM *dmp1, *dmq1, *c, *pr1;
-    int ret = 0;
-
-    BN_CTX_start(ctx);
-    r1 = BN_CTX_get(ctx);
-    m1 = BN_CTX_get(ctx);
-    vrfy = BN_CTX_get(ctx);
-
-    {
-        BIGNUM local_p, local_q;
-        BIGNUM *p = NULL, *q = NULL;
-
-        /*
-         * Make sure BN_mod_inverse in Montgomery intialization uses the
-         * BN_FLG_CONSTTIME flag (unless RSA_FLAG_NO_CONSTTIME is set)
-         */
-        if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
-            BN_init(&local_p);
-            p = &local_p;
-            BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
-
-            BN_init(&local_q);
-            q = &local_q;
-            BN_with_flags(q, rsa->q, BN_FLG_CONSTTIME);
-        } else {
-            p = rsa->p;
-            q = rsa->q;
-        }
-
-        if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) {
-            if (!BN_MONT_CTX_set_locked
-                (&rsa->_method_mod_p, CRYPTO_LOCK_RSA, p, ctx))
-                goto err;
-            if (!BN_MONT_CTX_set_locked
-                (&rsa->_method_mod_q, CRYPTO_LOCK_RSA, q, ctx))
-                goto err;
-        }
-    }
-
-    if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
-        if (!BN_MONT_CTX_set_locked
-            (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
-            goto err;
-
-    /* compute I mod q */
-    if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
-        c = &local_c;
-        BN_with_flags(c, I, BN_FLG_CONSTTIME);
-        if (!BN_mod(r1, c, rsa->q, ctx))
-            goto err;
-    } else {
-        if (!BN_mod(r1, I, rsa->q, ctx))
-            goto err;
-    }
-
-    /* compute r1^dmq1 mod q */
-    if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
-        dmq1 = &local_dmq1;
-        BN_with_flags(dmq1, rsa->dmq1, BN_FLG_CONSTTIME);
-    } else
-        dmq1 = rsa->dmq1;
-    if (!rsa->meth->bn_mod_exp(m1, r1, dmq1, rsa->q, ctx, rsa->_method_mod_q))
-        goto err;
-
-    /* compute I mod p */
-    if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
-        c = &local_c;
-        BN_with_flags(c, I, BN_FLG_CONSTTIME);
-        if (!BN_mod(r1, c, rsa->p, ctx))
-            goto err;
-    } else {
-        if (!BN_mod(r1, I, rsa->p, ctx))
-            goto err;
-    }
-
-    /* compute r1^dmp1 mod p */
-    if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
-        dmp1 = &local_dmp1;
-        BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME);
-    } else
-        dmp1 = rsa->dmp1;
-    if (!rsa->meth->bn_mod_exp(r0, r1, dmp1, rsa->p, ctx, rsa->_method_mod_p))
-        goto err;
-
-    if (!BN_sub(r0, r0, m1))
-        goto err;
-    /*
-     * This will help stop the size of r0 increasing, which does affect the
-     * multiply if it optimised for a power of 2 size
-     */
-    if (BN_is_negative(r0))
-        if (!BN_add(r0, r0, rsa->p))
-            goto err;
-
-    if (!BN_mul(r1, r0, rsa->iqmp, ctx))
-        goto err;
-
-    /* Turn BN_FLG_CONSTTIME flag on before division operation */
-    if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
-        pr1 = &local_r1;
-        BN_with_flags(pr1, r1, BN_FLG_CONSTTIME);
-    } else
-        pr1 = r1;
-    if (!BN_mod(r0, pr1, rsa->p, ctx))
-        goto err;
-
-    /*
-     * If p < q it is occasionally possible for the correction of adding 'p'
-     * if r0 is negative above to leave the result still negative. This can
-     * break the private key operations: the following second correction
-     * should *always* correct this rare occurrence. This will *never* happen
-     * with OpenSSL generated keys because they ensure p > q [steve]
-     */
-    if (BN_is_negative(r0))
-        if (!BN_add(r0, r0, rsa->p))
-            goto err;
-    if (!BN_mul(r1, r0, rsa->q, ctx))
-        goto err;
-    if (!BN_add(r0, r1, m1))
-        goto err;
-
-    if (rsa->e && rsa->n) {
-        if (!rsa->meth->bn_mod_exp(vrfy, r0, rsa->e, rsa->n, ctx,
-                                   rsa->_method_mod_n))
-            goto err;
-        /*
-         * If 'I' was greater than (or equal to) rsa->n, the operation will
-         * be equivalent to using 'I mod n'. However, the result of the
-         * verify will *always* be less than 'n' so we don't check for
-         * absolute equality, just congruency.
-         */
-        if (!BN_sub(vrfy, vrfy, I))
-            goto err;
-        if (!BN_mod(vrfy, vrfy, rsa->n, ctx))
-            goto err;
-        if (BN_is_negative(vrfy))
-            if (!BN_add(vrfy, vrfy, rsa->n))
-                goto err;
-        if (!BN_is_zero(vrfy)) {
-            /*
-             * 'I' and 'vrfy' aren't congruent mod n. Don't leak
-             * miscalculated CRT output, just do a raw (slower) mod_exp and
-             * return that instead.
-             */
-
-            BIGNUM local_d;
-            BIGNUM *d = NULL;
-
-            if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
-                d = &local_d;
-                BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
-            } else
-                d = rsa->d;
-            if (!rsa->meth->bn_mod_exp(r0, I, d, rsa->n, ctx,
-                                       rsa->_method_mod_n))
-                goto err;
-        }
-    }
-    ret = 1;
- err:
-    BN_CTX_end(ctx);
-    return (ret);
-}
-
-static int RSA_eay_init(RSA *rsa)
-{
-    rsa->flags |= RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE;
-    return (1);
-}
-
-static int RSA_eay_finish(RSA *rsa)
-{
-    if (rsa->_method_mod_n != NULL)
-        BN_MONT_CTX_free(rsa->_method_mod_n);
-    if (rsa->_method_mod_p != NULL)
-        BN_MONT_CTX_free(rsa->_method_mod_p);
-    if (rsa->_method_mod_q != NULL)
-        BN_MONT_CTX_free(rsa->_method_mod_q);
-    return (1);
-}
-
-#endif
diff --git a/freebsd/crypto/openssl/crypto/rsa/rsa_err.c b/freebsd/crypto/openssl/crypto/rsa/rsa_err.c
index 4d2d09a9..3000019c 100644
--- a/freebsd/crypto/openssl/crypto/rsa/rsa_err.c
+++ b/freebsd/crypto/openssl/crypto/rsa/rsa_err.c
@@ -1,249 +1,248 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/rsa/rsa_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2014 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
 /*
- * NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
-#include <openssl/rsa.h>
+#include <openssl/rsaerr.h>
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_RSA,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_RSA,0,reason)
-
-static ERR_STRING_DATA RSA_str_functs[] = {
-    {ERR_FUNC(RSA_F_CHECK_PADDING_MD), "CHECK_PADDING_MD"},
-    {ERR_FUNC(RSA_F_DO_RSA_PRINT), "DO_RSA_PRINT"},
-    {ERR_FUNC(RSA_F_INT_RSA_VERIFY), "INT_RSA_VERIFY"},
-    {ERR_FUNC(RSA_F_MEMORY_LOCK), "MEMORY_LOCK"},
-    {ERR_FUNC(RSA_F_OLD_RSA_PRIV_DECODE), "OLD_RSA_PRIV_DECODE"},
-    {ERR_FUNC(RSA_F_PKEY_RSA_CTRL), "PKEY_RSA_CTRL"},
-    {ERR_FUNC(RSA_F_PKEY_RSA_CTRL_STR), "PKEY_RSA_CTRL_STR"},
-    {ERR_FUNC(RSA_F_PKEY_RSA_SIGN), "PKEY_RSA_SIGN"},
-    {ERR_FUNC(RSA_F_PKEY_RSA_VERIFY), "PKEY_RSA_VERIFY"},
-    {ERR_FUNC(RSA_F_PKEY_RSA_VERIFYRECOVER), "PKEY_RSA_VERIFYRECOVER"},
-    {ERR_FUNC(RSA_F_RSA_ALGOR_TO_MD), "RSA_ALGOR_TO_MD"},
-    {ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN), "RSA_BUILTIN_KEYGEN"},
-    {ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"},
-    {ERR_FUNC(RSA_F_RSA_CMS_DECRYPT), "RSA_CMS_DECRYPT"},
-    {ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_DECRYPT), "RSA_EAY_PRIVATE_DECRYPT"},
-    {ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_ENCRYPT), "RSA_EAY_PRIVATE_ENCRYPT"},
-    {ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_DECRYPT), "RSA_EAY_PUBLIC_DECRYPT"},
-    {ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_ENCRYPT), "RSA_EAY_PUBLIC_ENCRYPT"},
-    {ERR_FUNC(RSA_F_RSA_GENERATE_KEY), "RSA_generate_key"},
-    {ERR_FUNC(RSA_F_RSA_GENERATE_KEY_EX), "RSA_generate_key_ex"},
-    {ERR_FUNC(RSA_F_RSA_ITEM_VERIFY), "RSA_ITEM_VERIFY"},
-    {ERR_FUNC(RSA_F_RSA_MEMORY_LOCK), "RSA_memory_lock"},
-    {ERR_FUNC(RSA_F_RSA_MGF1_TO_MD), "RSA_MGF1_TO_MD"},
-    {ERR_FUNC(RSA_F_RSA_NEW_METHOD), "RSA_new_method"},
-    {ERR_FUNC(RSA_F_RSA_NULL), "RSA_NULL"},
-    {ERR_FUNC(RSA_F_RSA_NULL_MOD_EXP), "RSA_NULL_MOD_EXP"},
-    {ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_DECRYPT), "RSA_NULL_PRIVATE_DECRYPT"},
-    {ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_ENCRYPT), "RSA_NULL_PRIVATE_ENCRYPT"},
-    {ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_DECRYPT), "RSA_NULL_PUBLIC_DECRYPT"},
-    {ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_ENCRYPT), "RSA_NULL_PUBLIC_ENCRYPT"},
-    {ERR_FUNC(RSA_F_RSA_PADDING_ADD_NONE), "RSA_padding_add_none"},
-    {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP),
+static const ERR_STRING_DATA RSA_str_functs[] = {
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_CHECK_PADDING_MD, 0), "check_padding_md"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_ENCODE_PKCS1, 0), "encode_pkcs1"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_INT_RSA_VERIFY, 0), "int_rsa_verify"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_OLD_RSA_PRIV_DECODE, 0),
+     "old_rsa_priv_decode"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_PKEY_PSS_INIT, 0), "pkey_pss_init"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_PKEY_RSA_CTRL, 0), "pkey_rsa_ctrl"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_PKEY_RSA_CTRL_STR, 0), "pkey_rsa_ctrl_str"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_PKEY_RSA_SIGN, 0), "pkey_rsa_sign"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_PKEY_RSA_VERIFY, 0), "pkey_rsa_verify"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_PKEY_RSA_VERIFYRECOVER, 0),
+     "pkey_rsa_verifyrecover"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_ALGOR_TO_MD, 0), "rsa_algor_to_md"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_BUILTIN_KEYGEN, 0), "rsa_builtin_keygen"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_CHECK_KEY, 0), "RSA_check_key"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_CHECK_KEY_EX, 0), "RSA_check_key_ex"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_CMS_DECRYPT, 0), "rsa_cms_decrypt"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_CMS_VERIFY, 0), "rsa_cms_verify"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_ITEM_VERIFY, 0), "rsa_item_verify"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_METH_DUP, 0), "RSA_meth_dup"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_METH_NEW, 0), "RSA_meth_new"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_METH_SET1_NAME, 0), "RSA_meth_set1_name"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_MGF1_TO_MD, 0), ""},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_MULTIP_INFO_NEW, 0),
+     "rsa_multip_info_new"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_NEW_METHOD, 0), "RSA_new_method"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_NULL, 0), ""},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_NULL_PRIVATE_DECRYPT, 0), ""},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_NULL_PRIVATE_ENCRYPT, 0), ""},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_NULL_PUBLIC_DECRYPT, 0), ""},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_NULL_PUBLIC_ENCRYPT, 0), ""},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PRIVATE_DECRYPT, 0),
+     "rsa_ossl_private_decrypt"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, 0),
+     "rsa_ossl_private_encrypt"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PUBLIC_DECRYPT, 0),
+     "rsa_ossl_public_decrypt"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, 0),
+     "rsa_ossl_public_encrypt"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_NONE, 0),
+     "RSA_padding_add_none"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, 0),
      "RSA_padding_add_PKCS1_OAEP"},
-    {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1),
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1, 0),
      "RSA_padding_add_PKCS1_OAEP_mgf1"},
-    {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS), "RSA_padding_add_PKCS1_PSS"},
-    {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1),
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_PKCS1_PSS, 0),
+     "RSA_padding_add_PKCS1_PSS"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1, 0),
      "RSA_padding_add_PKCS1_PSS_mgf1"},
-    {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1),
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1, 0),
      "RSA_padding_add_PKCS1_type_1"},
-    {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2),
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2, 0),
      "RSA_padding_add_PKCS1_type_2"},
-    {ERR_FUNC(RSA_F_RSA_PADDING_ADD_SSLV23), "RSA_padding_add_SSLv23"},
-    {ERR_FUNC(RSA_F_RSA_PADDING_ADD_X931), "RSA_padding_add_X931"},
-    {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_NONE), "RSA_padding_check_none"},
-    {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP),
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_SSLV23, 0),
+     "RSA_padding_add_SSLv23"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_X931, 0),
+     "RSA_padding_add_X931"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_CHECK_NONE, 0),
+     "RSA_padding_check_none"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, 0),
      "RSA_padding_check_PKCS1_OAEP"},
-    {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1),
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1, 0),
      "RSA_padding_check_PKCS1_OAEP_mgf1"},
-    {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1),
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1, 0),
      "RSA_padding_check_PKCS1_type_1"},
-    {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2),
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, 0),
      "RSA_padding_check_PKCS1_type_2"},
-    {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_SSLV23), "RSA_padding_check_SSLv23"},
-    {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931), "RSA_padding_check_X931"},
-    {ERR_FUNC(RSA_F_RSA_PRINT), "RSA_print"},
-    {ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"},
-    {ERR_FUNC(RSA_F_RSA_PRIVATE_DECRYPT), "RSA_private_decrypt"},
-    {ERR_FUNC(RSA_F_RSA_PRIVATE_ENCRYPT), "RSA_private_encrypt"},
-    {ERR_FUNC(RSA_F_RSA_PRIV_DECODE), "RSA_PRIV_DECODE"},
-    {ERR_FUNC(RSA_F_RSA_PRIV_ENCODE), "RSA_PRIV_ENCODE"},
-    {ERR_FUNC(RSA_F_RSA_PSS_TO_CTX), "RSA_PSS_TO_CTX"},
-    {ERR_FUNC(RSA_F_RSA_PUBLIC_DECRYPT), "RSA_public_decrypt"},
-    {ERR_FUNC(RSA_F_RSA_PUBLIC_ENCRYPT), "RSA_public_encrypt"},
-    {ERR_FUNC(RSA_F_RSA_PUB_DECODE), "RSA_PUB_DECODE"},
-    {ERR_FUNC(RSA_F_RSA_SETUP_BLINDING), "RSA_setup_blinding"},
-    {ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"},
-    {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING),
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_CHECK_SSLV23, 0),
+     "RSA_padding_check_SSLv23"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_CHECK_X931, 0),
+     "RSA_padding_check_X931"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PARAM_DECODE, 0), "rsa_param_decode"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRINT, 0), "RSA_print"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRINT_FP, 0), "RSA_print_fp"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIV_DECODE, 0), "rsa_priv_decode"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIV_ENCODE, 0), "rsa_priv_encode"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PSS_GET_PARAM, 0), "rsa_pss_get_param"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PSS_TO_CTX, 0), "rsa_pss_to_ctx"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PUB_DECODE, 0), "rsa_pub_decode"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SETUP_BLINDING, 0), "RSA_setup_blinding"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SIGN, 0), "RSA_sign"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SIGN_ASN1_OCTET_STRING, 0),
      "RSA_sign_ASN1_OCTET_STRING"},
-    {ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"},
-    {ERR_FUNC(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING),
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_VERIFY, 0), "RSA_verify"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_VERIFY_ASN1_OCTET_STRING, 0),
      "RSA_verify_ASN1_OCTET_STRING"},
-    {ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS), "RSA_verify_PKCS1_PSS"},
-    {ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1), "RSA_verify_PKCS1_PSS_mgf1"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, 0),
+     "RSA_verify_PKCS1_PSS_mgf1"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_SETUP_TBUF, 0), "setup_tbuf"},
     {0, NULL}
 };
 
-static ERR_STRING_DATA RSA_str_reasons[] = {
-    {ERR_REASON(RSA_R_ALGORITHM_MISMATCH), "algorithm mismatch"},
-    {ERR_REASON(RSA_R_BAD_E_VALUE), "bad e value"},
-    {ERR_REASON(RSA_R_BAD_FIXED_HEADER_DECRYPT), "bad fixed header decrypt"},
-    {ERR_REASON(RSA_R_BAD_PAD_BYTE_COUNT), "bad pad byte count"},
-    {ERR_REASON(RSA_R_BAD_SIGNATURE), "bad signature"},
-    {ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_01), "block type is not 01"},
-    {ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_02), "block type is not 02"},
-    {ERR_REASON(RSA_R_DATA_GREATER_THAN_MOD_LEN),
-     "data greater than mod len"},
-    {ERR_REASON(RSA_R_DATA_TOO_LARGE), "data too large"},
-    {ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),
-     "data too large for key size"},
-    {ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_MODULUS),
-     "data too large for modulus"},
-    {ERR_REASON(RSA_R_DATA_TOO_SMALL), "data too small"},
-    {ERR_REASON(RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE),
-     "data too small for key size"},
-    {ERR_REASON(RSA_R_DIGEST_DOES_NOT_MATCH), "digest does not match"},
-    {ERR_REASON(RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY),
-     "digest too big for rsa key"},
-    {ERR_REASON(RSA_R_DMP1_NOT_CONGRUENT_TO_D), "dmp1 not congruent to d"},
-    {ERR_REASON(RSA_R_DMQ1_NOT_CONGRUENT_TO_D), "dmq1 not congruent to d"},
-    {ERR_REASON(RSA_R_D_E_NOT_CONGRUENT_TO_1), "d e not congruent to 1"},
-    {ERR_REASON(RSA_R_FIRST_OCTET_INVALID), "first octet invalid"},
-    {ERR_REASON(RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE),
-     "illegal or unsupported padding mode"},
-    {ERR_REASON(RSA_R_INVALID_DIGEST), "invalid digest"},
-    {ERR_REASON(RSA_R_INVALID_DIGEST_LENGTH), "invalid digest length"},
-    {ERR_REASON(RSA_R_INVALID_HEADER), "invalid header"},
-    {ERR_REASON(RSA_R_INVALID_KEYBITS), "invalid keybits"},
-    {ERR_REASON(RSA_R_INVALID_LABEL), "invalid label"},
-    {ERR_REASON(RSA_R_INVALID_MESSAGE_LENGTH), "invalid message length"},
-    {ERR_REASON(RSA_R_INVALID_MGF1_MD), "invalid mgf1 md"},
-    {ERR_REASON(RSA_R_INVALID_OAEP_PARAMETERS), "invalid oaep parameters"},
-    {ERR_REASON(RSA_R_INVALID_PADDING), "invalid padding"},
-    {ERR_REASON(RSA_R_INVALID_PADDING_MODE), "invalid padding mode"},
-    {ERR_REASON(RSA_R_INVALID_PSS_PARAMETERS), "invalid pss parameters"},
-    {ERR_REASON(RSA_R_INVALID_PSS_SALTLEN), "invalid pss saltlen"},
-    {ERR_REASON(RSA_R_INVALID_SALT_LENGTH), "invalid salt length"},
-    {ERR_REASON(RSA_R_INVALID_TRAILER), "invalid trailer"},
-    {ERR_REASON(RSA_R_INVALID_X931_DIGEST), "invalid x931 digest"},
-    {ERR_REASON(RSA_R_IQMP_NOT_INVERSE_OF_Q), "iqmp not inverse of q"},
-    {ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL), "key size too small"},
-    {ERR_REASON(RSA_R_LAST_OCTET_INVALID), "last octet invalid"},
-    {ERR_REASON(RSA_R_MODULUS_TOO_LARGE), "modulus too large"},
-    {ERR_REASON(RSA_R_NON_FIPS_RSA_METHOD), "non fips rsa method"},
-    {ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT), "no public exponent"},
-    {ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),
-     "null before block missing"},
-    {ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q), "n does not equal p q"},
-    {ERR_REASON(RSA_R_OAEP_DECODING_ERROR), "oaep decoding error"},
-    {ERR_REASON(RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),
-     "operation not allowed in fips mode"},
-    {ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),
-     "operation not supported for this keytype"},
-    {ERR_REASON(RSA_R_PADDING_CHECK_FAILED), "padding check failed"},
-    {ERR_REASON(RSA_R_PKCS_DECODING_ERROR), "pkcs decoding error"},
-    {ERR_REASON(RSA_R_P_NOT_PRIME), "p not prime"},
-    {ERR_REASON(RSA_R_Q_NOT_PRIME), "q not prime"},
-    {ERR_REASON(RSA_R_RSA_OPERATIONS_NOT_SUPPORTED),
-     "rsa operations not supported"},
-    {ERR_REASON(RSA_R_SLEN_CHECK_FAILED), "salt length check failed"},
-    {ERR_REASON(RSA_R_SLEN_RECOVERY_FAILED), "salt length recovery failed"},
-    {ERR_REASON(RSA_R_SSLV3_ROLLBACK_ATTACK), "sslv3 rollback attack"},
-    {ERR_REASON(RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),
-     "the asn1 object identifier is not known for this md"},
-    {ERR_REASON(RSA_R_UNKNOWN_ALGORITHM_TYPE), "unknown algorithm type"},
-    {ERR_REASON(RSA_R_UNKNOWN_DIGEST), "unknown digest"},
-    {ERR_REASON(RSA_R_UNKNOWN_MASK_DIGEST), "unknown mask digest"},
-    {ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE), "unknown padding type"},
-    {ERR_REASON(RSA_R_UNKNOWN_PSS_DIGEST), "unknown pss digest"},
-    {ERR_REASON(RSA_R_UNSUPPORTED_ENCRYPTION_TYPE),
-     "unsupported encryption type"},
-    {ERR_REASON(RSA_R_UNSUPPORTED_LABEL_SOURCE), "unsupported label source"},
-    {ERR_REASON(RSA_R_UNSUPPORTED_MASK_ALGORITHM),
-     "unsupported mask algorithm"},
-    {ERR_REASON(RSA_R_UNSUPPORTED_MASK_PARAMETER),
-     "unsupported mask parameter"},
-    {ERR_REASON(RSA_R_UNSUPPORTED_SIGNATURE_TYPE),
-     "unsupported signature type"},
-    {ERR_REASON(RSA_R_VALUE_MISSING), "value missing"},
-    {ERR_REASON(RSA_R_WRONG_SIGNATURE_LENGTH), "wrong signature length"},
+static const ERR_STRING_DATA RSA_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_ALGORITHM_MISMATCH), "algorithm mismatch"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BAD_E_VALUE), "bad e value"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BAD_FIXED_HEADER_DECRYPT),
+    "bad fixed header decrypt"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BAD_PAD_BYTE_COUNT), "bad pad byte count"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BAD_SIGNATURE), "bad signature"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BLOCK_TYPE_IS_NOT_01),
+    "block type is not 01"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BLOCK_TYPE_IS_NOT_02),
+    "block type is not 02"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_GREATER_THAN_MOD_LEN),
+    "data greater than mod len"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_TOO_LARGE), "data too large"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),
+    "data too large for key size"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_TOO_LARGE_FOR_MODULUS),
+    "data too large for modulus"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_TOO_SMALL), "data too small"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE),
+    "data too small for key size"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DIGEST_DOES_NOT_MATCH),
+    "digest does not match"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DIGEST_NOT_ALLOWED), "digest not allowed"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY),
+    "digest too big for rsa key"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DMP1_NOT_CONGRUENT_TO_D),
+    "dmp1 not congruent to d"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DMQ1_NOT_CONGRUENT_TO_D),
+    "dmq1 not congruent to d"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_D_E_NOT_CONGRUENT_TO_1),
+    "d e not congruent to 1"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_FIRST_OCTET_INVALID),
+    "first octet invalid"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE),
+    "illegal or unsupported padding mode"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_DIGEST), "invalid digest"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_DIGEST_LENGTH),
+    "invalid digest length"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_HEADER), "invalid header"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_LABEL), "invalid label"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_MESSAGE_LENGTH),
+    "invalid message length"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_MGF1_MD), "invalid mgf1 md"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_MULTI_PRIME_KEY),
+    "invalid multi prime key"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_OAEP_PARAMETERS),
+    "invalid oaep parameters"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_PADDING), "invalid padding"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_PADDING_MODE),
+    "invalid padding mode"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_PSS_PARAMETERS),
+    "invalid pss parameters"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_PSS_SALTLEN),
+    "invalid pss saltlen"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_SALT_LENGTH),
+    "invalid salt length"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_TRAILER), "invalid trailer"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_X931_DIGEST),
+    "invalid x931 digest"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_IQMP_NOT_INVERSE_OF_Q),
+    "iqmp not inverse of q"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_KEY_PRIME_NUM_INVALID),
+    "key prime num invalid"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_KEY_SIZE_TOO_SMALL), "key size too small"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_LAST_OCTET_INVALID), "last octet invalid"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MGF1_DIGEST_NOT_ALLOWED),
+    "mgf1 digest not allowed"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MODULUS_TOO_LARGE), "modulus too large"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R),
+    "mp coefficient not inverse of r"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D),
+    "mp exponent not congruent to d"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MP_R_NOT_PRIME), "mp r not prime"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NO_PUBLIC_EXPONENT), "no public exponent"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NULL_BEFORE_BLOCK_MISSING),
+    "null before block missing"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES),
+    "n does not equal product of primes"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_N_DOES_NOT_EQUAL_P_Q),
+    "n does not equal p q"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_OAEP_DECODING_ERROR),
+    "oaep decoding error"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),
+    "operation not supported for this keytype"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_PADDING_CHECK_FAILED),
+    "padding check failed"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_PKCS_DECODING_ERROR),
+    "pkcs decoding error"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_PSS_SALTLEN_TOO_SMALL),
+    "pss saltlen too small"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_P_NOT_PRIME), "p not prime"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_Q_NOT_PRIME), "q not prime"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED),
+    "rsa operations not supported"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_SLEN_CHECK_FAILED),
+    "salt length check failed"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_SLEN_RECOVERY_FAILED),
+    "salt length recovery failed"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_SSLV3_ROLLBACK_ATTACK),
+    "sslv3 rollback attack"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),
+    "the asn1 object identifier is not known for this md"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNKNOWN_ALGORITHM_TYPE),
+    "unknown algorithm type"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNKNOWN_DIGEST), "unknown digest"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNKNOWN_MASK_DIGEST),
+    "unknown mask digest"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNKNOWN_PADDING_TYPE),
+    "unknown padding type"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_ENCRYPTION_TYPE),
+    "unsupported encryption type"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_LABEL_SOURCE),
+    "unsupported label source"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_MASK_ALGORITHM),
+    "unsupported mask algorithm"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_MASK_PARAMETER),
+    "unsupported mask parameter"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_SIGNATURE_TYPE),
+    "unsupported signature type"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_VALUE_MISSING), "value missing"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_WRONG_SIGNATURE_LENGTH),
+    "wrong signature length"},
     {0, NULL}
 };
 
 #endif
 
-void ERR_load_RSA_strings(void)
+int ERR_load_RSA_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
-
     if (ERR_func_error_string(RSA_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, RSA_str_functs);
-        ERR_load_strings(0, RSA_str_reasons);
+        ERR_load_strings_const(RSA_str_functs);
+        ERR_load_strings_const(RSA_str_reasons);
     }
 #endif
+    return 1;
 }
diff --git a/freebsd/crypto/openssl/crypto/rsa/rsa_gen.c b/freebsd/crypto/openssl/crypto/rsa/rsa_gen.c
index 44238de9..8143555e 100644
--- a/freebsd/crypto/openssl/crypto/rsa/rsa_gen.c
+++ b/freebsd/crypto/openssl/crypto/rsa/rsa_gen.c
@@ -1,61 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/rsa/rsa_gen.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 /*
@@ -66,16 +17,11 @@
 
 #include <stdio.h>
 #include <time.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/bn.h>
-#include <openssl/rsa.h>
-#ifdef OPENSSL_FIPS
-# include <openssl/fips.h>
-extern int FIPS_rsa_x931_generate_key_ex(RSA *rsa, int bits, BIGNUM *e,
-                                         BN_GENCB *cb);
-#endif
-
-static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
+#include "rsa_locl.h"
+
+static int rsa_builtin_keygen(RSA *rsa, int bits, int primes, BIGNUM *e_value,
                               BN_GENCB *cb);
 
 /*
@@ -87,42 +33,60 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
  */
 int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
 {
-#ifdef OPENSSL_FIPS
-    if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-        && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) {
-        RSAerr(RSA_F_RSA_GENERATE_KEY_EX, RSA_R_NON_FIPS_RSA_METHOD);
-        return 0;
-    }
-#endif
-    if (rsa->meth->rsa_keygen)
+    if (rsa->meth->rsa_keygen != NULL)
         return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
-#ifdef OPENSSL_FIPS
-    if (FIPS_mode())
-        return FIPS_rsa_x931_generate_key_ex(rsa, bits, e_value, cb);
-#endif
-    return rsa_builtin_keygen(rsa, bits, e_value, cb);
+
+    return RSA_generate_multi_prime_key(rsa, bits, RSA_DEFAULT_PRIME_NUM,
+                                        e_value, cb);
+}
+
+int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes,
+                                 BIGNUM *e_value, BN_GENCB *cb)
+{
+    /* multi-prime is only supported with the builtin key generation */
+    if (rsa->meth->rsa_multi_prime_keygen != NULL) {
+        return rsa->meth->rsa_multi_prime_keygen(rsa, bits, primes,
+                                                 e_value, cb);
+    } else if (rsa->meth->rsa_keygen != NULL) {
+        /*
+         * However, if rsa->meth implements only rsa_keygen, then we
+         * have to honour it in 2-prime case and assume that it wouldn't
+         * know what to do with multi-prime key generated by builtin
+         * subroutine...
+         */
+        if (primes == 2)
+            return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
+        else
+            return 0;
+    }
+
+    return rsa_builtin_keygen(rsa, bits, primes, e_value, cb);
 }
 
-static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
+static int rsa_builtin_keygen(RSA *rsa, int bits, int primes, BIGNUM *e_value,
                               BN_GENCB *cb)
 {
-    BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL, *tmp;
-    BIGNUM local_r0, local_d, local_p;
-    BIGNUM *pr0, *d, *p;
-    int bitsp, bitsq, ok = -1, n = 0;
+    BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *tmp, *prime;
+    int ok = -1, n = 0, bitsr[RSA_MAX_PRIME_NUM], bitse = 0;
+    int i = 0, quo = 0, rmd = 0, adj = 0, retries = 0;
+    RSA_PRIME_INFO *pinfo = NULL;
+    STACK_OF(RSA_PRIME_INFO) *prime_infos = NULL;
     BN_CTX *ctx = NULL;
+    BN_ULONG bitst = 0;
     unsigned long error = 0;
 
-    /*
-     * When generating ridiculously small keys, we can get stuck
-     * continually regenerating the same prime values.
-     */
-    if (bits < 16) {
+    if (bits < RSA_MIN_MODULUS_BITS) {
         ok = 0;             /* we set our own err */
         RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, RSA_R_KEY_SIZE_TOO_SMALL);
         goto err;
     }
 
+    if (primes < RSA_DEFAULT_PRIME_NUM || primes > rsa_multip_cap(bits)) {
+        ok = 0;             /* we set our own err */
+        RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, RSA_R_KEY_PRIME_NUM_INVALID);
+        goto err;
+    }
+
     ctx = BN_CTX_new();
     if (ctx == NULL)
         goto err;
@@ -130,134 +94,294 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
     r0 = BN_CTX_get(ctx);
     r1 = BN_CTX_get(ctx);
     r2 = BN_CTX_get(ctx);
-    r3 = BN_CTX_get(ctx);
-    if (r3 == NULL)
+    if (r2 == NULL)
         goto err;
 
-    bitsp = (bits + 1) / 2;
-    bitsq = bits - bitsp;
+    /* divide bits into 'primes' pieces evenly */
+    quo = bits / primes;
+    rmd = bits % primes;
+
+    for (i = 0; i < primes; i++)
+        bitsr[i] = (i < rmd) ? quo + 1 : quo;
 
     /* We need the RSA components non-NULL */
     if (!rsa->n && ((rsa->n = BN_new()) == NULL))
         goto err;
-    if (!rsa->d && ((rsa->d = BN_new()) == NULL))
+    if (!rsa->d && ((rsa->d = BN_secure_new()) == NULL))
         goto err;
     if (!rsa->e && ((rsa->e = BN_new()) == NULL))
         goto err;
-    if (!rsa->p && ((rsa->p = BN_new()) == NULL))
-        goto err;
-    if (!rsa->q && ((rsa->q = BN_new()) == NULL))
+    if (!rsa->p && ((rsa->p = BN_secure_new()) == NULL))
         goto err;
-    if (!rsa->dmp1 && ((rsa->dmp1 = BN_new()) == NULL))
+    if (!rsa->q && ((rsa->q = BN_secure_new()) == NULL))
         goto err;
-    if (!rsa->dmq1 && ((rsa->dmq1 = BN_new()) == NULL))
+    if (!rsa->dmp1 && ((rsa->dmp1 = BN_secure_new()) == NULL))
         goto err;
-    if (!rsa->iqmp && ((rsa->iqmp = BN_new()) == NULL))
+    if (!rsa->dmq1 && ((rsa->dmq1 = BN_secure_new()) == NULL))
         goto err;
-
-    if (BN_copy(rsa->e, e_value) == NULL)
+    if (!rsa->iqmp && ((rsa->iqmp = BN_secure_new()) == NULL))
         goto err;
 
-    BN_set_flags(rsa->p, BN_FLG_CONSTTIME);
-    BN_set_flags(rsa->q, BN_FLG_CONSTTIME);
-    BN_set_flags(r2, BN_FLG_CONSTTIME);
-    /* generate p and q */
-    for (;;) {
-        if (!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb))
-            goto err;
-        if (!BN_sub(r2, rsa->p, BN_value_one()))
+    /* initialize multi-prime components */
+    if (primes > RSA_DEFAULT_PRIME_NUM) {
+        rsa->version = RSA_ASN1_VERSION_MULTI;
+        prime_infos = sk_RSA_PRIME_INFO_new_reserve(NULL, primes - 2);
+        if (prime_infos == NULL)
             goto err;
-        ERR_set_mark();
-        if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) {
-            /* GCD == 1 since inverse exists */
-            break;
+        if (rsa->prime_infos != NULL) {
+            /* could this happen? */
+            sk_RSA_PRIME_INFO_pop_free(rsa->prime_infos, rsa_multip_info_free);
         }
-        error = ERR_peek_last_error();
-        if (ERR_GET_LIB(error) == ERR_LIB_BN
-            && ERR_GET_REASON(error) == BN_R_NO_INVERSE) {
-            /* GCD != 1 */
-            ERR_pop_to_mark();
-        } else {
-            goto err;
+        rsa->prime_infos = prime_infos;
+
+        /* prime_info from 2 to |primes| -1 */
+        for (i = 2; i < primes; i++) {
+            pinfo = rsa_multip_info_new();
+            if (pinfo == NULL)
+                goto err;
+            (void)sk_RSA_PRIME_INFO_push(prime_infos, pinfo);
         }
-        if (!BN_GENCB_call(cb, 2, n++))
-            goto err;
     }
-    if (!BN_GENCB_call(cb, 3, 0))
+
+    if (BN_copy(rsa->e, e_value) == NULL)
         goto err;
-    for (;;) {
-        do {
-            if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb))
+
+    /* generate p, q and other primes (if any) */
+    for (i = 0; i < primes; i++) {
+        adj = 0;
+        retries = 0;
+
+        if (i == 0) {
+            prime = rsa->p;
+        } else if (i == 1) {
+            prime = rsa->q;
+        } else {
+            pinfo = sk_RSA_PRIME_INFO_value(prime_infos, i - 2);
+            prime = pinfo->r;
+        }
+        BN_set_flags(prime, BN_FLG_CONSTTIME);
+
+        for (;;) {
+ redo:
+            if (!BN_generate_prime_ex(prime, bitsr[i] + adj, 0, NULL, NULL, cb))
+                goto err;
+            /*
+             * prime should not be equal to p, q, r_3...
+             * (those primes prior to this one)
+             */
+            {
+                int j;
+
+                for (j = 0; j < i; j++) {
+                    BIGNUM *prev_prime;
+
+                    if (j == 0)
+                        prev_prime = rsa->p;
+                    else if (j == 1)
+                        prev_prime = rsa->q;
+                    else
+                        prev_prime = sk_RSA_PRIME_INFO_value(prime_infos,
+                                                             j - 2)->r;
+
+                    if (!BN_cmp(prime, prev_prime)) {
+                        goto redo;
+                    }
+                }
+            }
+            if (!BN_sub(r2, prime, BN_value_one()))
+                goto err;
+            ERR_set_mark();
+            BN_set_flags(r2, BN_FLG_CONSTTIME);
+            if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) {
+               /* GCD == 1 since inverse exists */
+                break;
+            }
+            error = ERR_peek_last_error();
+            if (ERR_GET_LIB(error) == ERR_LIB_BN
+                && ERR_GET_REASON(error) == BN_R_NO_INVERSE) {
+                /* GCD != 1 */
+                ERR_pop_to_mark();
+            } else {
+                goto err;
+            }
+            if (!BN_GENCB_call(cb, 2, n++))
                 goto err;
-        } while (BN_cmp(rsa->p, rsa->q) == 0);
-        if (!BN_sub(r2, rsa->q, BN_value_one()))
-            goto err;
-        ERR_set_mark();
-        if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) {
-            /* GCD == 1 since inverse exists */
-            break;
         }
-        error = ERR_peek_last_error();
-        if (ERR_GET_LIB(error) == ERR_LIB_BN
-            && ERR_GET_REASON(error) == BN_R_NO_INVERSE) {
-            /* GCD != 1 */
-            ERR_pop_to_mark();
+
+        bitse += bitsr[i];
+
+        /* calculate n immediately to see if it's sufficient */
+        if (i == 1) {
+            /* we get at least 2 primes */
+            if (!BN_mul(r1, rsa->p, rsa->q, ctx))
+                goto err;
+        } else if (i != 0) {
+            /* modulus n = p * q * r_3 * r_4 ... */
+            if (!BN_mul(r1, rsa->n, prime, ctx))
+                goto err;
         } else {
+            /* i == 0, do nothing */
+            if (!BN_GENCB_call(cb, 3, i))
+                goto err;
+            continue;
+        }
+        /*
+         * if |r1|, product of factors so far, is not as long as expected
+         * (by checking the first 4 bits are less than 0x9 or greater than
+         * 0xF). If so, re-generate the last prime.
+         *
+         * NOTE: This actually can't happen in two-prime case, because of
+         * the way factors are generated.
+         *
+         * Besides, another consideration is, for multi-prime case, even the
+         * length modulus is as long as expected, the modulus could start at
+         * 0x8, which could be utilized to distinguish a multi-prime private
+         * key by using the modulus in a certificate. This is also covered
+         * by checking the length should not be less than 0x9.
+         */
+        if (!BN_rshift(r2, r1, bitse - 4))
             goto err;
+        bitst = BN_get_word(r2);
+
+        if (bitst < 0x9 || bitst > 0xF) {
+            /*
+             * For keys with more than 4 primes, we attempt longer factor to
+             * meet length requirement.
+             *
+             * Otherwise, we just re-generate the prime with the same length.
+             *
+             * This strategy has the following goals:
+             *
+             * 1. 1024-bit factors are effcient when using 3072 and 4096-bit key
+             * 2. stay the same logic with normal 2-prime key
+             */
+            bitse -= bitsr[i];
+            if (!BN_GENCB_call(cb, 2, n++))
+                goto err;
+            if (primes > 4) {
+                if (bitst < 0x9)
+                    adj++;
+                else
+                    adj--;
+            } else if (retries == 4) {
+                /*
+                 * re-generate all primes from scratch, mainly used
+                 * in 4 prime case to avoid long loop. Max retry times
+                 * is set to 4.
+                 */
+                i = -1;
+                bitse = 0;
+                continue;
+            }
+            retries++;
+            goto redo;
         }
-        if (!BN_GENCB_call(cb, 2, n++))
+        /* save product of primes for further use, for multi-prime only */
+        if (i > 1 && BN_copy(pinfo->pp, rsa->n) == NULL)
+            goto err;
+        if (BN_copy(rsa->n, r1) == NULL)
+            goto err;
+        if (!BN_GENCB_call(cb, 3, i))
             goto err;
     }
-    if (!BN_GENCB_call(cb, 3, 1))
-        goto err;
+
     if (BN_cmp(rsa->p, rsa->q) < 0) {
         tmp = rsa->p;
         rsa->p = rsa->q;
         rsa->q = tmp;
     }
 
-    /* calculate n */
-    if (!BN_mul(rsa->n, rsa->p, rsa->q, ctx))
-        goto err;
-
     /* calculate d */
+
+    /* p - 1 */
     if (!BN_sub(r1, rsa->p, BN_value_one()))
-        goto err;               /* p-1 */
+        goto err;
+    /* q - 1 */
     if (!BN_sub(r2, rsa->q, BN_value_one()))
-        goto err;               /* q-1 */
+        goto err;
+    /* (p - 1)(q - 1) */
     if (!BN_mul(r0, r1, r2, ctx))
-        goto err;               /* (p-1)(q-1) */
-    if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
-        pr0 = &local_r0;
+        goto err;
+    /* multi-prime */
+    for (i = 2; i < primes; i++) {
+        pinfo = sk_RSA_PRIME_INFO_value(prime_infos, i - 2);
+        /* save r_i - 1 to pinfo->d temporarily */
+        if (!BN_sub(pinfo->d, pinfo->r, BN_value_one()))
+            goto err;
+        if (!BN_mul(r0, r0, pinfo->d, ctx))
+            goto err;
+    }
+
+    {
+        BIGNUM *pr0 = BN_new();
+
+        if (pr0 == NULL)
+            goto err;
+
         BN_with_flags(pr0, r0, BN_FLG_CONSTTIME);
-    } else
-        pr0 = r0;
-    if (!BN_mod_inverse(rsa->d, rsa->e, pr0, ctx))
-        goto err;               /* d */
-
-    /* set up d for correct BN_FLG_CONSTTIME flag */
-    if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
-        d = &local_d;
+        if (!BN_mod_inverse(rsa->d, rsa->e, pr0, ctx)) {
+            BN_free(pr0);
+            goto err;               /* d */
+        }
+        /* We MUST free pr0 before any further use of r0 */
+        BN_free(pr0);
+    }
+
+    {
+        BIGNUM *d = BN_new();
+
+        if (d == NULL)
+            goto err;
+
         BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
-    } else
-        d = rsa->d;
 
-    /* calculate d mod (p-1) */
-    if (!BN_mod(rsa->dmp1, d, r1, ctx))
-        goto err;
+        /* calculate d mod (p-1) and d mod (q - 1) */
+        if (!BN_mod(rsa->dmp1, d, r1, ctx)
+            || !BN_mod(rsa->dmq1, d, r2, ctx)) {
+            BN_free(d);
+            goto err;
+        }
 
-    /* calculate d mod (q-1) */
-    if (!BN_mod(rsa->dmq1, d, r2, ctx))
-        goto err;
+        /* calculate CRT exponents */
+        for (i = 2; i < primes; i++) {
+            pinfo = sk_RSA_PRIME_INFO_value(prime_infos, i - 2);
+            /* pinfo->d == r_i - 1 */
+            if (!BN_mod(pinfo->d, d, pinfo->d, ctx)) {
+                BN_free(d);
+                goto err;
+            }
+        }
+
+        /* We MUST free d before any further use of rsa->d */
+        BN_free(d);
+    }
+
+    {
+        BIGNUM *p = BN_new();
 
-    /* calculate inverse of q mod p */
-    if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
-        p = &local_p;
+        if (p == NULL)
+            goto err;
         BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
-    } else
-        p = rsa->p;
-    if (!BN_mod_inverse(rsa->iqmp, rsa->q, p, ctx))
-        goto err;
+
+        /* calculate inverse of q mod p */
+        if (!BN_mod_inverse(rsa->iqmp, rsa->q, p, ctx)) {
+            BN_free(p);
+            goto err;
+        }
+
+        /* calculate CRT coefficient for other primes */
+        for (i = 2; i < primes; i++) {
+            pinfo = sk_RSA_PRIME_INFO_value(prime_infos, i - 2);
+            BN_with_flags(p, pinfo->r, BN_FLG_CONSTTIME);
+            if (!BN_mod_inverse(pinfo->t, pinfo->pp, p, ctx)) {
+                BN_free(p);
+                goto err;
+            }
+        }
+
+        /* We MUST free p before any further use of rsa->p */
+        BN_free(p);
+    }
 
     ok = 1;
  err:
@@ -265,10 +389,8 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
         RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, ERR_LIB_BN);
         ok = 0;
     }
-    if (ctx != NULL) {
+    if (ctx != NULL)
         BN_CTX_end(ctx);
-        BN_CTX_free(ctx);
-    }
-
+    BN_CTX_free(ctx);
     return ok;
 }
diff --git a/freebsd/crypto/openssl/crypto/rsa/rsa_lib.c b/freebsd/crypto/openssl/crypto/rsa/rsa_lib.c
index c64f3597..e1c1ac47 100644
--- a/freebsd/crypto/openssl/crypto/rsa/rsa_lib.c
+++ b/freebsd/crypto/openssl/crypto/rsa/rsa_lib.c
@@ -1,112 +1,27 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/rsa/rsa_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <openssl/crypto.h>
-#include "cryptlib.h"
-#include <openssl/lhash.h>
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/rand.h>
-#ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
-#endif
-
-#ifdef OPENSSL_FIPS
-# include <openssl/fips.h>
-#endif
-
-const char RSA_version[] = "RSA" OPENSSL_VERSION_PTEXT;
-
-static const RSA_METHOD *default_RSA_meth = NULL;
+#include "internal/cryptlib.h"
+#include "internal/refcount.h"
+#include "internal/bn_int.h"
+#include <openssl/engine.h>
+#include <openssl/evp.h>
+#include "internal/evp_int.h"
+#include "rsa_locl.h"
 
 RSA *RSA_new(void)
 {
-    RSA *r = RSA_new_method(NULL);
-
-    return r;
-}
-
-void RSA_set_default_method(const RSA_METHOD *meth)
-{
-    default_RSA_meth = meth;
-}
-
-const RSA_METHOD *RSA_get_default_method(void)
-{
-    if (default_RSA_meth == NULL) {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode())
-            return FIPS_rsa_pkcs1_ssleay();
-        else
-            return RSA_PKCS1_SSLeay();
-#else
-# ifdef RSA_NULL
-        default_RSA_meth = RSA_null_method();
-# else
-        default_RSA_meth = RSA_PKCS1_SSLeay();
-# endif
-#endif
-    }
-
-    return default_RSA_meth;
+    return RSA_new_method(NULL);
 }
 
 const RSA_METHOD *RSA_get_method(const RSA *rsa)
@@ -125,10 +40,8 @@ int RSA_set_method(RSA *rsa, const RSA_METHOD *meth)
     if (mtmp->finish)
         mtmp->finish(rsa);
 #ifndef OPENSSL_NO_ENGINE
-    if (rsa->engine) {
-        ENGINE_finish(rsa->engine);
-        rsa->engine = NULL;
-    }
+    ENGINE_finish(rsa->engine);
+    rsa->engine = NULL;
 #endif
     rsa->meth = meth;
     if (meth->init)
@@ -138,74 +51,57 @@ int RSA_set_method(RSA *rsa, const RSA_METHOD *meth)
 
 RSA *RSA_new_method(ENGINE *engine)
 {
-    RSA *ret;
+    RSA *ret = OPENSSL_zalloc(sizeof(*ret));
 
-    ret = (RSA *)OPENSSL_malloc(sizeof(RSA));
     if (ret == NULL) {
         RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
-    memset(ret,0,sizeof(RSA));
+
+    ret->references = 1;
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
 
     ret->meth = RSA_get_default_method();
 #ifndef OPENSSL_NO_ENGINE
+    ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW;
     if (engine) {
         if (!ENGINE_init(engine)) {
             RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
-            OPENSSL_free(ret);
-            return NULL;
+            goto err;
         }
         ret->engine = engine;
-    } else
+    } else {
         ret->engine = ENGINE_get_default_RSA();
+    }
     if (ret->engine) {
         ret->meth = ENGINE_get_RSA(ret->engine);
-        if (!ret->meth) {
+        if (ret->meth == NULL) {
             RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
-            ENGINE_finish(ret->engine);
-            OPENSSL_free(ret);
-            return NULL;
+            goto err;
         }
     }
 #endif
 
-    ret->pad = 0;
-    ret->version = 0;
-    ret->n = NULL;
-    ret->e = NULL;
-    ret->d = NULL;
-    ret->p = NULL;
-    ret->q = NULL;
-    ret->dmp1 = NULL;
-    ret->dmq1 = NULL;
-    ret->iqmp = NULL;
-    ret->references = 1;
-    ret->_method_mod_n = NULL;
-    ret->_method_mod_p = NULL;
-    ret->_method_mod_q = NULL;
-    ret->blinding = NULL;
-    ret->mt_blinding = NULL;
-    ret->bignum_data = NULL;
     ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW;
     if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) {
-#ifndef OPENSSL_NO_ENGINE
-        if (ret->engine)
-            ENGINE_finish(ret->engine);
-#endif
-        OPENSSL_free(ret);
-        return (NULL);
+        goto err;
     }
 
     if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
-#ifndef OPENSSL_NO_ENGINE
-        if (ret->engine)
-            ENGINE_finish(ret->engine);
-#endif
-        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
-        OPENSSL_free(ret);
-        ret = NULL;
+        RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_INIT_FAIL);
+        goto err;
     }
-    return (ret);
+
+    return ret;
+
+ err:
+    RSA_free(ret);
+    return NULL;
 }
 
 void RSA_free(RSA *r)
@@ -215,125 +111,371 @@ void RSA_free(RSA *r)
     if (r == NULL)
         return;
 
-    i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_RSA);
-#ifdef REF_PRINT
-    REF_PRINT("RSA", r);
-#endif
+    CRYPTO_DOWN_REF(&r->references, &i, r->lock);
+    REF_PRINT_COUNT("RSA", r);
     if (i > 0)
         return;
-#ifdef REF_CHECK
-    if (i < 0) {
-        fprintf(stderr, "RSA_free, bad reference count\n");
-        abort();
-    }
-#endif
+    REF_ASSERT_ISNT(i < 0);
 
-    if (r->meth->finish)
+    if (r->meth != NULL && r->meth->finish != NULL)
         r->meth->finish(r);
 #ifndef OPENSSL_NO_ENGINE
-    if (r->engine)
-        ENGINE_finish(r->engine);
+    ENGINE_finish(r->engine);
 #endif
 
     CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);
 
-    if (r->n != NULL)
-        BN_clear_free(r->n);
-    if (r->e != NULL)
-        BN_clear_free(r->e);
-    if (r->d != NULL)
-        BN_clear_free(r->d);
-    if (r->p != NULL)
-        BN_clear_free(r->p);
-    if (r->q != NULL)
-        BN_clear_free(r->q);
-    if (r->dmp1 != NULL)
-        BN_clear_free(r->dmp1);
-    if (r->dmq1 != NULL)
-        BN_clear_free(r->dmq1);
-    if (r->iqmp != NULL)
-        BN_clear_free(r->iqmp);
-    if (r->blinding != NULL)
-        BN_BLINDING_free(r->blinding);
-    if (r->mt_blinding != NULL)
-        BN_BLINDING_free(r->mt_blinding);
-    if (r->bignum_data != NULL)
-        OPENSSL_free_locked(r->bignum_data);
+    CRYPTO_THREAD_lock_free(r->lock);
+
+    BN_clear_free(r->n);
+    BN_clear_free(r->e);
+    BN_clear_free(r->d);
+    BN_clear_free(r->p);
+    BN_clear_free(r->q);
+    BN_clear_free(r->dmp1);
+    BN_clear_free(r->dmq1);
+    BN_clear_free(r->iqmp);
+    RSA_PSS_PARAMS_free(r->pss);
+    sk_RSA_PRIME_INFO_pop_free(r->prime_infos, rsa_multip_info_free);
+    BN_BLINDING_free(r->blinding);
+    BN_BLINDING_free(r->mt_blinding);
+    OPENSSL_free(r->bignum_data);
     OPENSSL_free(r);
 }
 
 int RSA_up_ref(RSA *r)
 {
-    int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_RSA);
-#ifdef REF_PRINT
-    REF_PRINT("RSA", r);
-#endif
-#ifdef REF_CHECK
-    if (i < 2) {
-        fprintf(stderr, "RSA_up_ref, bad reference count\n");
-        abort();
+    int i;
+
+    if (CRYPTO_UP_REF(&r->references, &i, r->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("RSA", r);
+    REF_ASSERT_ISNT(i < 2);
+    return i > 1 ? 1 : 0;
+}
+
+int RSA_set_ex_data(RSA *r, int idx, void *arg)
+{
+    return CRYPTO_set_ex_data(&r->ex_data, idx, arg);
+}
+
+void *RSA_get_ex_data(const RSA *r, int idx)
+{
+    return CRYPTO_get_ex_data(&r->ex_data, idx);
+}
+
+int RSA_security_bits(const RSA *rsa)
+{
+    int bits = BN_num_bits(rsa->n);
+
+    if (rsa->version == RSA_ASN1_VERSION_MULTI) {
+        /* This ought to mean that we have private key at hand. */
+        int ex_primes = sk_RSA_PRIME_INFO_num(rsa->prime_infos);
+
+        if (ex_primes <= 0 || (ex_primes + 2) > rsa_multip_cap(bits))
+            return 0;
     }
-#endif
-    return ((i > 1) ? 1 : 0);
+    return BN_security_bits(bits, -1);
 }
 
-int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-                         CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
 {
-    return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, argl, argp,
-                                   new_func, dup_func, free_func);
+    /* If the fields n and e in r are NULL, the corresponding input
+     * parameters MUST be non-NULL for n and e.  d may be
+     * left NULL (in case only the public key is used).
+     */
+    if ((r->n == NULL && n == NULL)
+        || (r->e == NULL && e == NULL))
+        return 0;
+
+    if (n != NULL) {
+        BN_free(r->n);
+        r->n = n;
+    }
+    if (e != NULL) {
+        BN_free(r->e);
+        r->e = e;
+    }
+    if (d != NULL) {
+        BN_free(r->d);
+        r->d = d;
+    }
+
+    return 1;
 }
 
-int RSA_set_ex_data(RSA *r, int idx, void *arg)
+int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q)
 {
-    return (CRYPTO_set_ex_data(&r->ex_data, idx, arg));
+    /* If the fields p and q in r are NULL, the corresponding input
+     * parameters MUST be non-NULL.
+     */
+    if ((r->p == NULL && p == NULL)
+        || (r->q == NULL && q == NULL))
+        return 0;
+
+    if (p != NULL) {
+        BN_free(r->p);
+        r->p = p;
+    }
+    if (q != NULL) {
+        BN_free(r->q);
+        r->q = q;
+    }
+
+    return 1;
 }
 
-void *RSA_get_ex_data(const RSA *r, int idx)
+int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp)
 {
-    return (CRYPTO_get_ex_data(&r->ex_data, idx));
-}
-
-int RSA_memory_lock(RSA *r)
-{
-    int i, j, k, off;
-    char *p;
-    BIGNUM *bn, **t[6], *b;
-    BN_ULONG *ul;
-
-    if (r->d == NULL)
-        return (1);
-    t[0] = &r->d;
-    t[1] = &r->p;
-    t[2] = &r->q;
-    t[3] = &r->dmp1;
-    t[4] = &r->dmq1;
-    t[5] = &r->iqmp;
-    k = sizeof(BIGNUM) * 6;
-    off = k / sizeof(BN_ULONG) + 1;
-    j = 1;
-    for (i = 0; i < 6; i++)
-        j += (*t[i])->top;
-    if ((p = OPENSSL_malloc_locked((off + j) * sizeof(BN_ULONG))) == NULL) {
-        RSAerr(RSA_F_RSA_MEMORY_LOCK, ERR_R_MALLOC_FAILURE);
-        return (0);
+    /* If the fields dmp1, dmq1 and iqmp in r are NULL, the corresponding input
+     * parameters MUST be non-NULL.
+     */
+    if ((r->dmp1 == NULL && dmp1 == NULL)
+        || (r->dmq1 == NULL && dmq1 == NULL)
+        || (r->iqmp == NULL && iqmp == NULL))
+        return 0;
+
+    if (dmp1 != NULL) {
+        BN_free(r->dmp1);
+        r->dmp1 = dmp1;
+    }
+    if (dmq1 != NULL) {
+        BN_free(r->dmq1);
+        r->dmq1 = dmq1;
     }
-    bn = (BIGNUM *)p;
-    ul = (BN_ULONG *)&(p[off]);
-    for (i = 0; i < 6; i++) {
-        b = *(t[i]);
-        *(t[i]) = &(bn[i]);
-        memcpy((char *)&(bn[i]), (char *)b, sizeof(BIGNUM));
-        bn[i].flags = BN_FLG_STATIC_DATA;
-        bn[i].d = ul;
-        memcpy((char *)ul, b->d, sizeof(BN_ULONG) * b->top);
-        ul += b->top;
-        BN_clear_free(b);
+    if (iqmp != NULL) {
+        BN_free(r->iqmp);
+        r->iqmp = iqmp;
     }
 
-    /* I should fix this so it can still be done */
-    r->flags &= ~(RSA_FLAG_CACHE_PRIVATE | RSA_FLAG_CACHE_PUBLIC);
+    return 1;
+}
+
+/*
+ * Is it better to export RSA_PRIME_INFO structure
+ * and related functions to let user pass a triplet?
+ */
+int RSA_set0_multi_prime_params(RSA *r, BIGNUM *primes[], BIGNUM *exps[],
+                                BIGNUM *coeffs[], int pnum)
+{
+    STACK_OF(RSA_PRIME_INFO) *prime_infos, *old = NULL;
+    RSA_PRIME_INFO *pinfo;
+    int i;
+
+    if (primes == NULL || exps == NULL || coeffs == NULL || pnum == 0)
+        return 0;
+
+    prime_infos = sk_RSA_PRIME_INFO_new_reserve(NULL, pnum);
+    if (prime_infos == NULL)
+        return 0;
 
-    r->bignum_data = p;
-    return (1);
+    if (r->prime_infos != NULL)
+        old = r->prime_infos;
+
+    for (i = 0; i < pnum; i++) {
+        pinfo = rsa_multip_info_new();
+        if (pinfo == NULL)
+            goto err;
+        if (primes[i] != NULL && exps[i] != NULL && coeffs[i] != NULL) {
+            BN_free(pinfo->r);
+            BN_free(pinfo->d);
+            BN_free(pinfo->t);
+            pinfo->r = primes[i];
+            pinfo->d = exps[i];
+            pinfo->t = coeffs[i];
+        } else {
+            rsa_multip_info_free(pinfo);
+            goto err;
+        }
+        (void)sk_RSA_PRIME_INFO_push(prime_infos, pinfo);
+    }
+
+    r->prime_infos = prime_infos;
+
+    if (!rsa_multip_calc_product(r)) {
+        r->prime_infos = old;
+        goto err;
+    }
+
+    if (old != NULL) {
+        /*
+         * This is hard to deal with, since the old infos could
+         * also be set by this function and r, d, t should not
+         * be freed in that case. So currently, stay consistent
+         * with other *set0* functions: just free it...
+         */
+        sk_RSA_PRIME_INFO_pop_free(old, rsa_multip_info_free);
+    }
+
+    r->version = RSA_ASN1_VERSION_MULTI;
+
+    return 1;
+ err:
+    /* r, d, t should not be freed */
+    sk_RSA_PRIME_INFO_pop_free(prime_infos, rsa_multip_info_free_ex);
+    return 0;
+}
+
+void RSA_get0_key(const RSA *r,
+                  const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
+{
+    if (n != NULL)
+        *n = r->n;
+    if (e != NULL)
+        *e = r->e;
+    if (d != NULL)
+        *d = r->d;
+}
+
+void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q)
+{
+    if (p != NULL)
+        *p = r->p;
+    if (q != NULL)
+        *q = r->q;
+}
+
+int RSA_get_multi_prime_extra_count(const RSA *r)
+{
+    int pnum;
+
+    pnum = sk_RSA_PRIME_INFO_num(r->prime_infos);
+    if (pnum <= 0)
+        pnum = 0;
+    return pnum;
+}
+
+int RSA_get0_multi_prime_factors(const RSA *r, const BIGNUM *primes[])
+{
+    int pnum, i;
+    RSA_PRIME_INFO *pinfo;
+
+    if ((pnum = RSA_get_multi_prime_extra_count(r)) == 0)
+        return 0;
+
+    /*
+     * return other primes
+     * it's caller's responsibility to allocate oth_primes[pnum]
+     */
+    for (i = 0; i < pnum; i++) {
+        pinfo = sk_RSA_PRIME_INFO_value(r->prime_infos, i);
+        primes[i] = pinfo->r;
+    }
+
+    return 1;
+}
+
+void RSA_get0_crt_params(const RSA *r,
+                         const BIGNUM **dmp1, const BIGNUM **dmq1,
+                         const BIGNUM **iqmp)
+{
+    if (dmp1 != NULL)
+        *dmp1 = r->dmp1;
+    if (dmq1 != NULL)
+        *dmq1 = r->dmq1;
+    if (iqmp != NULL)
+        *iqmp = r->iqmp;
+}
+
+int RSA_get0_multi_prime_crt_params(const RSA *r, const BIGNUM *exps[],
+                                    const BIGNUM *coeffs[])
+{
+    int pnum;
+
+    if ((pnum = RSA_get_multi_prime_extra_count(r)) == 0)
+        return 0;
+
+    /* return other primes */
+    if (exps != NULL || coeffs != NULL) {
+        RSA_PRIME_INFO *pinfo;
+        int i;
+
+        /* it's the user's job to guarantee the buffer length */
+        for (i = 0; i < pnum; i++) {
+            pinfo = sk_RSA_PRIME_INFO_value(r->prime_infos, i);
+            if (exps != NULL)
+                exps[i] = pinfo->d;
+            if (coeffs != NULL)
+                coeffs[i] = pinfo->t;
+        }
+    }
+
+    return 1;
+}
+
+const BIGNUM *RSA_get0_n(const RSA *r)
+{
+    return r->n;
+}
+
+const BIGNUM *RSA_get0_e(const RSA *r)
+{
+    return r->e;
+}
+
+const BIGNUM *RSA_get0_d(const RSA *r)
+{
+    return r->d;
+}
+
+const BIGNUM *RSA_get0_p(const RSA *r)
+{
+    return r->p;
+}
+
+const BIGNUM *RSA_get0_q(const RSA *r)
+{
+    return r->q;
+}
+
+const BIGNUM *RSA_get0_dmp1(const RSA *r)
+{
+    return r->dmp1;
+}
+
+const BIGNUM *RSA_get0_dmq1(const RSA *r)
+{
+    return r->dmq1;
+}
+
+const BIGNUM *RSA_get0_iqmp(const RSA *r)
+{
+    return r->iqmp;
+}
+
+void RSA_clear_flags(RSA *r, int flags)
+{
+    r->flags &= ~flags;
+}
+
+int RSA_test_flags(const RSA *r, int flags)
+{
+    return r->flags & flags;
+}
+
+void RSA_set_flags(RSA *r, int flags)
+{
+    r->flags |= flags;
+}
+
+int RSA_get_version(RSA *r)
+{
+    /* { two-prime(0), multi(1) } */
+    return r->version;
+}
+
+ENGINE *RSA_get0_engine(const RSA *r)
+{
+    return r->engine;
+}
+
+int RSA_pkey_ctx_ctrl(EVP_PKEY_CTX *ctx, int optype, int cmd, int p1, void *p2)
+{
+    /* If key type not RSA or RSA-PSS return error */
+    if (ctx != NULL && ctx->pmeth != NULL
+        && ctx->pmeth->pkey_id != EVP_PKEY_RSA
+        && ctx->pmeth->pkey_id != EVP_PKEY_RSA_PSS)
+        return -1;
+     return EVP_PKEY_CTX_ctrl(ctx, -1, optype, cmd, p1, p2);
 }
diff --git a/freebsd/crypto/openssl/crypto/rsa/rsa_locl.h b/freebsd/crypto/openssl/crypto/rsa/rsa_locl.h
index 3e88187d..2b94462a 100644
--- a/freebsd/crypto/openssl/crypto/rsa/rsa_locl.h
+++ b/freebsd/crypto/openssl/crypto/rsa/rsa_locl.h
@@ -1,4 +1,132 @@
+/*
+ * Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/rsa.h>
+#include "internal/refcount.h"
+
+#define RSA_MAX_PRIME_NUM       5
+#define RSA_MIN_MODULUS_BITS    512
+
+typedef struct rsa_prime_info_st {
+    BIGNUM *r;
+    BIGNUM *d;
+    BIGNUM *t;
+    /* save product of primes prior to this one */
+    BIGNUM *pp;
+    BN_MONT_CTX *m;
+} RSA_PRIME_INFO;
+
+DECLARE_ASN1_ITEM(RSA_PRIME_INFO)
+DEFINE_STACK_OF(RSA_PRIME_INFO)
+
+struct rsa_st {
+    /*
+     * The first parameter is used to pickup errors where this is passed
+     * instead of an EVP_PKEY, it is set to 0
+     */
+    int pad;
+    int32_t version;
+    const RSA_METHOD *meth;
+    /* functional reference if 'meth' is ENGINE-provided */
+    ENGINE *engine;
+    BIGNUM *n;
+    BIGNUM *e;
+    BIGNUM *d;
+    BIGNUM *p;
+    BIGNUM *q;
+    BIGNUM *dmp1;
+    BIGNUM *dmq1;
+    BIGNUM *iqmp;
+    /* for multi-prime RSA, defined in RFC 8017 */
+    STACK_OF(RSA_PRIME_INFO) *prime_infos;
+    /* If a PSS only key this contains the parameter restrictions */
+    RSA_PSS_PARAMS *pss;
+    /* be careful using this if the RSA structure is shared */
+    CRYPTO_EX_DATA ex_data;
+    CRYPTO_REF_COUNT references;
+    int flags;
+    /* Used to cache montgomery values */
+    BN_MONT_CTX *_method_mod_n;
+    BN_MONT_CTX *_method_mod_p;
+    BN_MONT_CTX *_method_mod_q;
+    /*
+     * all BIGNUM values are actually in the following data, if it is not
+     * NULL
+     */
+    char *bignum_data;
+    BN_BLINDING *blinding;
+    BN_BLINDING *mt_blinding;
+    CRYPTO_RWLOCK *lock;
+};
+
+struct rsa_meth_st {
+    char *name;
+    int (*rsa_pub_enc) (int flen, const unsigned char *from,
+                        unsigned char *to, RSA *rsa, int padding);
+    int (*rsa_pub_dec) (int flen, const unsigned char *from,
+                        unsigned char *to, RSA *rsa, int padding);
+    int (*rsa_priv_enc) (int flen, const unsigned char *from,
+                         unsigned char *to, RSA *rsa, int padding);
+    int (*rsa_priv_dec) (int flen, const unsigned char *from,
+                         unsigned char *to, RSA *rsa, int padding);
+    /* Can be null */
+    int (*rsa_mod_exp) (BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
+    /* Can be null */
+    int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                       const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+    /* called at new */
+    int (*init) (RSA *rsa);
+    /* called at free */
+    int (*finish) (RSA *rsa);
+    /* RSA_METHOD_FLAG_* things */
+    int flags;
+    /* may be needed! */
+    char *app_data;
+    /*
+     * New sign and verify functions: some libraries don't allow arbitrary
+     * data to be signed/verified: this allows them to be used. Note: for
+     * this to work the RSA_public_decrypt() and RSA_private_encrypt() should
+     * *NOT* be used RSA_sign(), RSA_verify() should be used instead.
+     */
+    int (*rsa_sign) (int type,
+                     const unsigned char *m, unsigned int m_length,
+                     unsigned char *sigret, unsigned int *siglen,
+                     const RSA *rsa);
+    int (*rsa_verify) (int dtype, const unsigned char *m,
+                       unsigned int m_length, const unsigned char *sigbuf,
+                       unsigned int siglen, const RSA *rsa);
+    /*
+     * If this callback is NULL, the builtin software RSA key-gen will be
+     * used. This is for behavioural compatibility whilst the code gets
+     * rewired, but one day it would be nice to assume there are no such
+     * things as "builtin software" implementations.
+     */
+    int (*rsa_keygen) (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
+    int (*rsa_multi_prime_keygen) (RSA *rsa, int bits, int primes,
+                                   BIGNUM *e, BN_GENCB *cb);
+};
+
 extern int int_rsa_verify(int dtype, const unsigned char *m,
                           unsigned int m_len, unsigned char *rm,
                           size_t *prm_len, const unsigned char *sigbuf,
                           size_t siglen, RSA *rsa);
+/* Macros to test if a pkey or ctx is for a PSS key */
+#define pkey_is_pss(pkey) (pkey->ameth->pkey_id == EVP_PKEY_RSA_PSS)
+#define pkey_ctx_is_pss(ctx) (ctx->pmeth->pkey_id == EVP_PKEY_RSA_PSS)
+
+RSA_PSS_PARAMS *rsa_pss_params_create(const EVP_MD *sigmd,
+                                      const EVP_MD *mgf1md, int saltlen);
+int rsa_pss_get_param(const RSA_PSS_PARAMS *pss, const EVP_MD **pmd,
+                      const EVP_MD **pmgf1md, int *psaltlen);
+/* internal function to clear and free multi-prime parameters */
+void rsa_multip_info_free_ex(RSA_PRIME_INFO *pinfo);
+void rsa_multip_info_free(RSA_PRIME_INFO *pinfo);
+RSA_PRIME_INFO *rsa_multip_info_new(void);
+int rsa_multip_calc_product(RSA *rsa);
+int rsa_multip_cap(int bits);
diff --git a/freebsd/crypto/openssl/crypto/rsa/rsa_meth.c b/freebsd/crypto/openssl/crypto/rsa/rsa_meth.c
new file mode 100644
index 00000000..928d86c9
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/rsa/rsa_meth.c
@@ -0,0 +1,289 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include "rsa_locl.h"
+#include <openssl/err.h>
+
+RSA_METHOD *RSA_meth_new(const char *name, int flags)
+{
+    RSA_METHOD *meth = OPENSSL_zalloc(sizeof(*meth));
+
+    if (meth != NULL) {
+        meth->flags = flags;
+
+        meth->name = OPENSSL_strdup(name);
+        if (meth->name != NULL)
+            return meth;
+
+        OPENSSL_free(meth);
+    }
+
+    RSAerr(RSA_F_RSA_METH_NEW, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+void RSA_meth_free(RSA_METHOD *meth)
+{
+    if (meth != NULL) {
+        OPENSSL_free(meth->name);
+        OPENSSL_free(meth);
+    }
+}
+
+RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth)
+{
+    RSA_METHOD *ret = OPENSSL_malloc(sizeof(*ret));
+
+    if (ret != NULL) {
+        memcpy(ret, meth, sizeof(*meth));
+
+        ret->name = OPENSSL_strdup(meth->name);
+        if (ret->name != NULL)
+            return ret;
+
+        OPENSSL_free(ret);
+    }
+
+    RSAerr(RSA_F_RSA_METH_DUP, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+const char *RSA_meth_get0_name(const RSA_METHOD *meth)
+{
+    return meth->name;
+}
+
+int RSA_meth_set1_name(RSA_METHOD *meth, const char *name)
+{
+    char *tmpname = OPENSSL_strdup(name);
+
+    if (tmpname == NULL) {
+        RSAerr(RSA_F_RSA_METH_SET1_NAME, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    OPENSSL_free(meth->name);
+    meth->name = tmpname;
+
+    return 1;
+}
+
+int RSA_meth_get_flags(const RSA_METHOD *meth)
+{
+    return meth->flags;
+}
+
+int RSA_meth_set_flags(RSA_METHOD *meth, int flags)
+{
+    meth->flags = flags;
+    return 1;
+}
+
+void *RSA_meth_get0_app_data(const RSA_METHOD *meth)
+{
+    return meth->app_data;
+}
+
+int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data)
+{
+    meth->app_data = app_data;
+    return 1;
+}
+
+int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth))
+    (int flen, const unsigned char *from,
+     unsigned char *to, RSA *rsa, int padding)
+{
+    return meth->rsa_pub_enc;
+}
+
+int RSA_meth_set_pub_enc(RSA_METHOD *meth,
+                         int (*pub_enc) (int flen, const unsigned char *from,
+                                         unsigned char *to, RSA *rsa,
+                                         int padding))
+{
+    meth->rsa_pub_enc = pub_enc;
+    return 1;
+}
+
+int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth))
+    (int flen, const unsigned char *from,
+     unsigned char *to, RSA *rsa, int padding)
+{
+    return meth->rsa_pub_dec;
+}
+
+int RSA_meth_set_pub_dec(RSA_METHOD *meth,
+                         int (*pub_dec) (int flen, const unsigned char *from,
+                                         unsigned char *to, RSA *rsa,
+                                         int padding))
+{
+    meth->rsa_pub_dec = pub_dec;
+    return 1;
+}
+
+int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth))
+    (int flen, const unsigned char *from,
+     unsigned char *to, RSA *rsa, int padding)
+{
+    return meth->rsa_priv_enc;
+}
+
+int RSA_meth_set_priv_enc(RSA_METHOD *meth,
+                          int (*priv_enc) (int flen, const unsigned char *from,
+                                           unsigned char *to, RSA *rsa,
+                                           int padding))
+{
+    meth->rsa_priv_enc = priv_enc;
+    return 1;
+}
+
+int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth))
+    (int flen, const unsigned char *from,
+     unsigned char *to, RSA *rsa, int padding)
+{
+    return meth->rsa_priv_dec;
+}
+
+int RSA_meth_set_priv_dec(RSA_METHOD *meth,
+                          int (*priv_dec) (int flen, const unsigned char *from,
+                                           unsigned char *to, RSA *rsa,
+                                           int padding))
+{
+    meth->rsa_priv_dec = priv_dec;
+    return 1;
+}
+
+    /* Can be null */
+int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth))
+    (BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
+{
+    return meth->rsa_mod_exp;
+}
+
+int RSA_meth_set_mod_exp(RSA_METHOD *meth,
+                         int (*mod_exp) (BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+                                         BN_CTX *ctx))
+{
+    meth->rsa_mod_exp = mod_exp;
+    return 1;
+}
+
+    /* Can be null */
+int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth))
+    (BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+     const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+{
+    return meth->bn_mod_exp;
+}
+
+int RSA_meth_set_bn_mod_exp(RSA_METHOD *meth,
+                            int (*bn_mod_exp) (BIGNUM *r,
+                                               const BIGNUM *a,
+                                               const BIGNUM *p,
+                                               const BIGNUM *m,
+                                               BN_CTX *ctx,
+                                               BN_MONT_CTX *m_ctx))
+{
+    meth->bn_mod_exp = bn_mod_exp;
+    return 1;
+}
+
+    /* called at new */
+int (*RSA_meth_get_init(const RSA_METHOD *meth)) (RSA *rsa)
+{
+    return meth->init;
+}
+
+int RSA_meth_set_init(RSA_METHOD *meth, int (*init) (RSA *rsa))
+{
+    meth->init = init;
+    return 1;
+}
+
+    /* called at free */
+int (*RSA_meth_get_finish(const RSA_METHOD *meth)) (RSA *rsa)
+{
+    return meth->finish;
+}
+
+int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa))
+{
+    meth->finish = finish;
+    return 1;
+}
+
+int (*RSA_meth_get_sign(const RSA_METHOD *meth))
+    (int type,
+     const unsigned char *m, unsigned int m_length,
+     unsigned char *sigret, unsigned int *siglen,
+     const RSA *rsa)
+{
+    return meth->rsa_sign;
+}
+
+int RSA_meth_set_sign(RSA_METHOD *meth,
+                      int (*sign) (int type, const unsigned char *m,
+                                   unsigned int m_length,
+                                   unsigned char *sigret, unsigned int *siglen,
+                                   const RSA *rsa))
+{
+    meth->rsa_sign = sign;
+    return 1;
+}
+
+int (*RSA_meth_get_verify(const RSA_METHOD *meth))
+    (int dtype, const unsigned char *m,
+     unsigned int m_length, const unsigned char *sigbuf,
+     unsigned int siglen, const RSA *rsa)
+{
+    return meth->rsa_verify;
+}
+
+int RSA_meth_set_verify(RSA_METHOD *meth,
+                        int (*verify) (int dtype, const unsigned char *m,
+                                       unsigned int m_length,
+                                       const unsigned char *sigbuf,
+                                       unsigned int siglen, const RSA *rsa))
+{
+    meth->rsa_verify = verify;
+    return 1;
+}
+
+int (*RSA_meth_get_keygen(const RSA_METHOD *meth))
+    (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
+{
+    return meth->rsa_keygen;
+}
+
+int RSA_meth_set_keygen(RSA_METHOD *meth,
+                        int (*keygen) (RSA *rsa, int bits, BIGNUM *e,
+                                       BN_GENCB *cb))
+{
+    meth->rsa_keygen = keygen;
+    return 1;
+}
+
+int (*RSA_meth_get_multi_prime_keygen(const RSA_METHOD *meth))
+    (RSA *rsa, int bits, int primes, BIGNUM *e, BN_GENCB *cb)
+{
+    return meth->rsa_multi_prime_keygen;
+}
+
+int RSA_meth_set_multi_prime_keygen(RSA_METHOD *meth,
+                                    int (*keygen) (RSA *rsa, int bits,
+                                                   int primes, BIGNUM *e,
+                                                   BN_GENCB *cb))
+{
+    meth->rsa_multi_prime_keygen = keygen;
+    return 1;
+}
diff --git a/freebsd/crypto/openssl/crypto/rsa/rsa_mp.c b/freebsd/crypto/openssl/crypto/rsa/rsa_mp.c
new file mode 100644
index 00000000..7cbb421e
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/rsa/rsa_mp.c
@@ -0,0 +1,117 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 BaishanCloud. All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/bn.h>
+#include <openssl/err.h>
+#include "rsa_locl.h"
+
+void rsa_multip_info_free_ex(RSA_PRIME_INFO *pinfo)
+{
+    /* free pp and pinfo only */
+    BN_clear_free(pinfo->pp);
+    OPENSSL_free(pinfo);
+}
+
+void rsa_multip_info_free(RSA_PRIME_INFO *pinfo)
+{
+    /* free a RSA_PRIME_INFO structure */
+    BN_clear_free(pinfo->r);
+    BN_clear_free(pinfo->d);
+    BN_clear_free(pinfo->t);
+    rsa_multip_info_free_ex(pinfo);
+}
+
+RSA_PRIME_INFO *rsa_multip_info_new(void)
+{
+    RSA_PRIME_INFO *pinfo;
+
+    /* create a RSA_PRIME_INFO structure */
+    if ((pinfo = OPENSSL_zalloc(sizeof(RSA_PRIME_INFO))) == NULL) {
+        RSAerr(RSA_F_RSA_MULTIP_INFO_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    if ((pinfo->r = BN_secure_new()) == NULL)
+        goto err;
+    if ((pinfo->d = BN_secure_new()) == NULL)
+        goto err;
+    if ((pinfo->t = BN_secure_new()) == NULL)
+        goto err;
+    if ((pinfo->pp = BN_secure_new()) == NULL)
+        goto err;
+
+    return pinfo;
+
+ err:
+    BN_free(pinfo->r);
+    BN_free(pinfo->d);
+    BN_free(pinfo->t);
+    BN_free(pinfo->pp);
+    OPENSSL_free(pinfo);
+    return NULL;
+}
+
+/* Refill products of primes */
+int rsa_multip_calc_product(RSA *rsa)
+{
+    RSA_PRIME_INFO *pinfo;
+    BIGNUM *p1 = NULL, *p2 = NULL;
+    BN_CTX *ctx = NULL;
+    int i, rv = 0, ex_primes;
+
+    if ((ex_primes = sk_RSA_PRIME_INFO_num(rsa->prime_infos)) <= 0) {
+        /* invalid */
+        goto err;
+    }
+
+    if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+
+    /* calculate pinfo->pp = p * q for first 'extra' prime */
+    p1 = rsa->p;
+    p2 = rsa->q;
+
+    for (i = 0; i < ex_primes; i++) {
+        pinfo = sk_RSA_PRIME_INFO_value(rsa->prime_infos, i);
+        if (pinfo->pp == NULL) {
+            pinfo->pp = BN_secure_new();
+            if (pinfo->pp == NULL)
+                goto err;
+        }
+        if (!BN_mul(pinfo->pp, p1, p2, ctx))
+            goto err;
+        /* save previous one */
+        p1 = pinfo->pp;
+        p2 = pinfo->r;
+    }
+
+    rv = 1;
+ err:
+    BN_CTX_free(ctx);
+    return rv;
+}
+
+int rsa_multip_cap(int bits)
+{
+    int cap = 5;
+
+    if (bits < 1024)
+        cap = 2;
+    else if (bits < 4096)
+        cap = 3;
+    else if (bits < 8192)
+        cap = 4;
+
+    if (cap > RSA_MAX_PRIME_NUM)
+        cap = RSA_MAX_PRIME_NUM;
+
+    return cap;
+}
diff --git a/freebsd/crypto/openssl/crypto/rsa/rsa_none.c b/freebsd/crypto/openssl/crypto/rsa/rsa_none.c
index 255c171c..102238b8 100644
--- a/freebsd/crypto/openssl/crypto/rsa/rsa_none.c
+++ b/freebsd/crypto/openssl/crypto/rsa/rsa_none.c
@@ -1,84 +1,33 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/rsa/rsa_none.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
-#include <openssl/rand.h>
 
 int RSA_padding_add_none(unsigned char *to, int tlen,
                          const unsigned char *from, int flen)
 {
     if (flen > tlen) {
         RSAerr(RSA_F_RSA_PADDING_ADD_NONE, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-        return (0);
+        return 0;
     }
 
     if (flen < tlen) {
         RSAerr(RSA_F_RSA_PADDING_ADD_NONE, RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE);
-        return (0);
+        return 0;
     }
 
     memcpy(to, from, (unsigned int)flen);
-    return (1);
+    return 1;
 }
 
 int RSA_padding_check_none(unsigned char *to, int tlen,
@@ -87,10 +36,10 @@ int RSA_padding_check_none(unsigned char *to, int tlen,
 
     if (flen > tlen) {
         RSAerr(RSA_F_RSA_PADDING_CHECK_NONE, RSA_R_DATA_TOO_LARGE);
-        return (-1);
+        return -1;
     }
 
     memset(to, 0, tlen - flen);
     memcpy(to + tlen - flen, from, flen);
-    return (tlen);
+    return tlen;
 }
diff --git a/freebsd/crypto/openssl/crypto/rsa/rsa_null.c b/freebsd/crypto/openssl/crypto/rsa/rsa_null.c
deleted file mode 100644
index c0683893..00000000
--- a/freebsd/crypto/openssl/crypto/rsa/rsa_null.c
+++ /dev/null
@@ -1,157 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* rsa_null.c */
-/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/rand.h>
-
-/*
- * This is a dummy RSA implementation that just returns errors when called.
- * It is designed to allow some RSA functions to work while stopping those
- * covered by the RSA patent. That is RSA, encryption, decryption, signing
- * and verify is not allowed but RSA key generation, key checking and other
- * operations (like storing RSA keys) are permitted.
- */
-
-static int RSA_null_public_encrypt(int flen, const unsigned char *from,
-                                   unsigned char *to, RSA *rsa, int padding);
-static int RSA_null_private_encrypt(int flen, const unsigned char *from,
-                                    unsigned char *to, RSA *rsa, int padding);
-static int RSA_null_public_decrypt(int flen, const unsigned char *from,
-                                   unsigned char *to, RSA *rsa, int padding);
-static int RSA_null_private_decrypt(int flen, const unsigned char *from,
-                                    unsigned char *to, RSA *rsa, int padding);
-#if 0                           /* not currently used */
-static int RSA_null_mod_exp(const BIGNUM *r0, const BIGNUM *i, RSA *rsa);
-#endif
-static int RSA_null_init(RSA *rsa);
-static int RSA_null_finish(RSA *rsa);
-static RSA_METHOD rsa_null_meth = {
-    "Null RSA",
-    RSA_null_public_encrypt,
-    RSA_null_public_decrypt,
-    RSA_null_private_encrypt,
-    RSA_null_private_decrypt,
-    NULL,
-    NULL,
-    RSA_null_init,
-    RSA_null_finish,
-    0,
-    NULL,
-    NULL,
-    NULL,
-    NULL
-};
-
-const RSA_METHOD *RSA_null_method(void)
-{
-    return (&rsa_null_meth);
-}
-
-static int RSA_null_public_encrypt(int flen, const unsigned char *from,
-                                   unsigned char *to, RSA *rsa, int padding)
-{
-    RSAerr(RSA_F_RSA_NULL_PUBLIC_ENCRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
-    return -1;
-}
-
-static int RSA_null_private_encrypt(int flen, const unsigned char *from,
-                                    unsigned char *to, RSA *rsa, int padding)
-{
-    RSAerr(RSA_F_RSA_NULL_PRIVATE_ENCRYPT,
-           RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
-    return -1;
-}
-
-static int RSA_null_private_decrypt(int flen, const unsigned char *from,
-                                    unsigned char *to, RSA *rsa, int padding)
-{
-    RSAerr(RSA_F_RSA_NULL_PRIVATE_DECRYPT,
-           RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
-    return -1;
-}
-
-static int RSA_null_public_decrypt(int flen, const unsigned char *from,
-                                   unsigned char *to, RSA *rsa, int padding)
-{
-    RSAerr(RSA_F_RSA_NULL_PUBLIC_DECRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
-    return -1;
-}
-
-#if 0                           /* not currently used */
-static int RSA_null_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
-{
-    ... err(RSA_F_RSA_NULL_MOD_EXP, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
-    return -1;
-}
-#endif
-
-static int RSA_null_init(RSA *rsa)
-{
-    return (1);
-}
-
-static int RSA_null_finish(RSA *rsa)
-{
-    return (1);
-}
diff --git a/freebsd/crypto/openssl/crypto/rsa/rsa_oaep.c b/freebsd/crypto/openssl/crypto/rsa/rsa_oaep.c
index fbd6e996..7e00779b 100644
--- a/freebsd/crypto/openssl/crypto/rsa/rsa_oaep.c
+++ b/freebsd/crypto/openssl/crypto/rsa/rsa_oaep.c
@@ -1,9 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/rsa/rsa_oaep.c */
 /*
- * Written by Ulf Moeller. This software is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied.
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 /* EME-OAEP as defined in RFC 2437 (PKCS #1 v2.0) */
@@ -19,16 +22,15 @@
  * one-wayness.  For the RSA function, this is an equivalent notion.
  */
 
-#include "constant_time_locl.h"
+#include "internal/constant_time_locl.h"
 
-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
-# include <stdio.h>
-# include "cryptlib.h"
-# include <openssl/bn.h>
-# include <openssl/rsa.h>
-# include <openssl/evp.h>
-# include <openssl/rand.h>
-# include <openssl/sha.h>
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/sha.h>
+#include "rsa_locl.h"
 
 int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
                                const unsigned char *from, int flen,
@@ -43,10 +45,12 @@ int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
                                     const unsigned char *param, int plen,
                                     const EVP_MD *md, const EVP_MD *mgf1md)
 {
+    int rv = 0;
     int i, emlen = tlen - 1;
     unsigned char *db, *seed;
-    unsigned char *dbmask, seedmask[EVP_MAX_MD_SIZE];
-    int mdlen;
+    unsigned char *dbmask = NULL;
+    unsigned char seedmask[EVP_MAX_MD_SIZE];
+    int mdlen, dbmask_len = 0;
 
     if (md == NULL)
         md = EVP_sha1();
@@ -72,40 +76,35 @@ int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
     db = to + mdlen + 1;
 
     if (!EVP_Digest((void *)param, plen, db, NULL, md, NULL))
-        return 0;
+        goto err;
     memset(db + mdlen, 0, emlen - flen - 2 * mdlen - 1);
     db[emlen - flen - mdlen - 1] = 0x01;
     memcpy(db + emlen - flen - mdlen, from, (unsigned int)flen);
     if (RAND_bytes(seed, mdlen) <= 0)
-        return 0;
-# ifdef PKCS_TESTVECT
-    memcpy(seed,
-           "\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2\xf0\x6c\xb5\x8f",
-           20);
-# endif
+        goto err;
 
-    dbmask = OPENSSL_malloc(emlen - mdlen);
+    dbmask_len = emlen - mdlen;
+    dbmask = OPENSSL_malloc(dbmask_len);
     if (dbmask == NULL) {
         RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1, ERR_R_MALLOC_FAILURE);
-        return 0;
+        goto err;
     }
 
-    if (PKCS1_MGF1(dbmask, emlen - mdlen, seed, mdlen, mgf1md) < 0)
+    if (PKCS1_MGF1(dbmask, dbmask_len, seed, mdlen, mgf1md) < 0)
         goto err;
-    for (i = 0; i < emlen - mdlen; i++)
+    for (i = 0; i < dbmask_len; i++)
         db[i] ^= dbmask[i];
 
-    if (PKCS1_MGF1(seedmask, mdlen, db, emlen - mdlen, mgf1md) < 0)
+    if (PKCS1_MGF1(seedmask, mdlen, db, dbmask_len, mgf1md) < 0)
         goto err;
     for (i = 0; i < mdlen; i++)
         seed[i] ^= seedmask[i];
-
-    OPENSSL_free(dbmask);
-    return 1;
+    rv = 1;
 
  err:
-    OPENSSL_free(dbmask);
-    return 0;
+    OPENSSL_cleanse(seedmask, sizeof(seedmask));
+    OPENSSL_clear_free(dbmask, dbmask_len);
+    return rv;
 }
 
 int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
@@ -161,7 +160,7 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
     }
 
     if (flen != num) {
-        em = OPENSSL_malloc(num);
+        em = OPENSSL_zalloc(num);
         if (em == NULL) {
             RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1,
                    ERR_R_MALLOC_FAILURE);
@@ -176,7 +175,6 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
          * memory access pattern since we can't read out of the bounds of
          * |from|.
          */
-        memset(em, 0, num);
         memcpy(em + num - flen, from, flen);
         from = em;
     }
@@ -248,14 +246,9 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
     RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1,
            RSA_R_OAEP_DECODING_ERROR);
  cleanup:
-    if (db != NULL) {
-        OPENSSL_cleanse(db, dblen);
-        OPENSSL_free(db);
-    }
-    if (em != NULL) {
-        OPENSSL_cleanse(em, num);
-        OPENSSL_free(em);
-    }
+    OPENSSL_cleanse(seed, sizeof(seed));
+    OPENSSL_clear_free(db, dblen);
+    OPENSSL_clear_free(em, num);
     return mlen;
 }
 
@@ -264,12 +257,13 @@ int PKCS1_MGF1(unsigned char *mask, long len,
 {
     long i, outlen = 0;
     unsigned char cnt[4];
-    EVP_MD_CTX c;
+    EVP_MD_CTX *c = EVP_MD_CTX_new();
     unsigned char md[EVP_MAX_MD_SIZE];
     int mdlen;
     int rv = -1;
 
-    EVP_MD_CTX_init(&c);
+    if (c == NULL)
+        goto err;
     mdlen = EVP_MD_size(dgst);
     if (mdlen < 0)
         goto err;
@@ -278,16 +272,16 @@ int PKCS1_MGF1(unsigned char *mask, long len,
         cnt[1] = (unsigned char)((i >> 16) & 255);
         cnt[2] = (unsigned char)((i >> 8)) & 255;
         cnt[3] = (unsigned char)(i & 255);
-        if (!EVP_DigestInit_ex(&c, dgst, NULL)
-            || !EVP_DigestUpdate(&c, seed, seedlen)
-            || !EVP_DigestUpdate(&c, cnt, 4))
+        if (!EVP_DigestInit_ex(c, dgst, NULL)
+            || !EVP_DigestUpdate(c, seed, seedlen)
+            || !EVP_DigestUpdate(c, cnt, 4))
             goto err;
         if (outlen + mdlen <= len) {
-            if (!EVP_DigestFinal_ex(&c, mask + outlen, NULL))
+            if (!EVP_DigestFinal_ex(c, mask + outlen, NULL))
                 goto err;
             outlen += mdlen;
         } else {
-            if (!EVP_DigestFinal_ex(&c, md, NULL))
+            if (!EVP_DigestFinal_ex(c, md, NULL))
                 goto err;
             memcpy(mask + outlen, md, len - outlen);
             outlen = len;
@@ -295,8 +289,7 @@ int PKCS1_MGF1(unsigned char *mask, long len,
     }
     rv = 0;
  err:
-    EVP_MD_CTX_cleanup(&c);
+    OPENSSL_cleanse(md, sizeof(md));
+    EVP_MD_CTX_free(c);
     return rv;
 }
-
-#endif
diff --git a/freebsd/crypto/openssl/crypto/rsa/rsa_ossl.c b/freebsd/crypto/openssl/crypto/rsa/rsa_ossl.c
new file mode 100644
index 00000000..05ee159f
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/rsa/rsa_ossl.c
@@ -0,0 +1,972 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include "internal/bn_int.h"
+#include "rsa_locl.h"
+
+static int rsa_ossl_public_encrypt(int flen, const unsigned char *from,
+                                  unsigned char *to, RSA *rsa, int padding);
+static int rsa_ossl_private_encrypt(int flen, const unsigned char *from,
+                                   unsigned char *to, RSA *rsa, int padding);
+static int rsa_ossl_public_decrypt(int flen, const unsigned char *from,
+                                  unsigned char *to, RSA *rsa, int padding);
+static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
+                                   unsigned char *to, RSA *rsa, int padding);
+static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa,
+                           BN_CTX *ctx);
+static int rsa_ossl_init(RSA *rsa);
+static int rsa_ossl_finish(RSA *rsa);
+static RSA_METHOD rsa_pkcs1_ossl_meth = {
+    "OpenSSL PKCS#1 RSA",
+    rsa_ossl_public_encrypt,
+    rsa_ossl_public_decrypt,     /* signature verification */
+    rsa_ossl_private_encrypt,    /* signing */
+    rsa_ossl_private_decrypt,
+    rsa_ossl_mod_exp,
+    BN_mod_exp_mont,            /* XXX probably we should not use Montgomery
+                                 * if e == 3 */
+    rsa_ossl_init,
+    rsa_ossl_finish,
+    RSA_FLAG_FIPS_METHOD,       /* flags */
+    NULL,
+    0,                          /* rsa_sign */
+    0,                          /* rsa_verify */
+    NULL,                       /* rsa_keygen */
+    NULL                        /* rsa_multi_prime_keygen */
+};
+
+static const RSA_METHOD *default_RSA_meth = &rsa_pkcs1_ossl_meth;
+
+void RSA_set_default_method(const RSA_METHOD *meth)
+{
+    default_RSA_meth = meth;
+}
+
+const RSA_METHOD *RSA_get_default_method(void)
+{
+    return default_RSA_meth;
+}
+
+const RSA_METHOD *RSA_PKCS1_OpenSSL(void)
+{
+    return &rsa_pkcs1_ossl_meth;
+}
+
+const RSA_METHOD *RSA_null_method(void)
+{
+    return NULL;
+}
+
+static int rsa_ossl_public_encrypt(int flen, const unsigned char *from,
+                                  unsigned char *to, RSA *rsa, int padding)
+{
+    BIGNUM *f, *ret;
+    int i, num = 0, r = -1;
+    unsigned char *buf = NULL;
+    BN_CTX *ctx = NULL;
+
+    if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) {
+        RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE);
+        return -1;
+    }
+
+    if (BN_ucmp(rsa->n, rsa->e) <= 0) {
+        RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
+        return -1;
+    }
+
+    /* for large moduli, enforce exponent limit */
+    if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) {
+        if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) {
+            RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
+            return -1;
+        }
+    }
+
+    if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+    f = BN_CTX_get(ctx);
+    ret = BN_CTX_get(ctx);
+    num = BN_num_bytes(rsa->n);
+    buf = OPENSSL_malloc(num);
+    if (ret == NULL || buf == NULL) {
+        RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    switch (padding) {
+    case RSA_PKCS1_PADDING:
+        i = RSA_padding_add_PKCS1_type_2(buf, num, from, flen);
+        break;
+    case RSA_PKCS1_OAEP_PADDING:
+        i = RSA_padding_add_PKCS1_OAEP(buf, num, from, flen, NULL, 0);
+        break;
+    case RSA_SSLV23_PADDING:
+        i = RSA_padding_add_SSLv23(buf, num, from, flen);
+        break;
+    case RSA_NO_PADDING:
+        i = RSA_padding_add_none(buf, num, from, flen);
+        break;
+    default:
+        RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
+        goto err;
+    }
+    if (i <= 0)
+        goto err;
+
+    if (BN_bin2bn(buf, num, f) == NULL)
+        goto err;
+
+    if (BN_ucmp(f, rsa->n) >= 0) {
+        /* usually the padding functions would catch this */
+        RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT,
+               RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
+        goto err;
+    }
+
+    if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
+        if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, rsa->lock,
+                                    rsa->n, ctx))
+            goto err;
+
+    if (!rsa->meth->bn_mod_exp(ret, f, rsa->e, rsa->n, ctx,
+                               rsa->_method_mod_n))
+        goto err;
+
+    /*
+     * BN_bn2binpad puts in leading 0 bytes if the number is less than
+     * the length of the modulus.
+     */
+    r = BN_bn2binpad(ret, to, num);
+ err:
+    if (ctx != NULL)
+        BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    OPENSSL_clear_free(buf, num);
+    return r;
+}
+
+static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)
+{
+    BN_BLINDING *ret;
+
+    CRYPTO_THREAD_write_lock(rsa->lock);
+
+    if (rsa->blinding == NULL) {
+        rsa->blinding = RSA_setup_blinding(rsa, ctx);
+    }
+
+    ret = rsa->blinding;
+    if (ret == NULL)
+        goto err;
+
+    if (BN_BLINDING_is_current_thread(ret)) {
+        /* rsa->blinding is ours! */
+
+        *local = 1;
+    } else {
+        /* resort to rsa->mt_blinding instead */
+
+        /*
+         * instructs rsa_blinding_convert(), rsa_blinding_invert() that the
+         * BN_BLINDING is shared, meaning that accesses require locks, and
+         * that the blinding factor must be stored outside the BN_BLINDING
+         */
+        *local = 0;
+
+        if (rsa->mt_blinding == NULL) {
+            rsa->mt_blinding = RSA_setup_blinding(rsa, ctx);
+        }
+        ret = rsa->mt_blinding;
+    }
+
+ err:
+    CRYPTO_THREAD_unlock(rsa->lock);
+    return ret;
+}
+
+static int rsa_blinding_convert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind,
+                                BN_CTX *ctx)
+{
+    if (unblind == NULL) {
+        /*
+         * Local blinding: store the unblinding factor in BN_BLINDING.
+         */
+        return BN_BLINDING_convert_ex(f, NULL, b, ctx);
+    } else {
+        /*
+         * Shared blinding: store the unblinding factor outside BN_BLINDING.
+         */
+        int ret;
+
+        BN_BLINDING_lock(b);
+        ret = BN_BLINDING_convert_ex(f, unblind, b, ctx);
+        BN_BLINDING_unlock(b);
+
+        return ret;
+    }
+}
+
+static int rsa_blinding_invert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind,
+                               BN_CTX *ctx)
+{
+    /*
+     * For local blinding, unblind is set to NULL, and BN_BLINDING_invert_ex
+     * will use the unblinding factor stored in BN_BLINDING. If BN_BLINDING
+     * is shared between threads, unblind must be non-null:
+     * BN_BLINDING_invert_ex will then use the local unblinding factor, and
+     * will only read the modulus from BN_BLINDING. In both cases it's safe
+     * to access the blinding without a lock.
+     */
+    return BN_BLINDING_invert_ex(f, unblind, b, ctx);
+}
+
+/* signing */
+static int rsa_ossl_private_encrypt(int flen, const unsigned char *from,
+                                   unsigned char *to, RSA *rsa, int padding)
+{
+    BIGNUM *f, *ret, *res;
+    int i, num = 0, r = -1;
+    unsigned char *buf = NULL;
+    BN_CTX *ctx = NULL;
+    int local_blinding = 0;
+    /*
+     * Used only if the blinding structure is shared. A non-NULL unblind
+     * instructs rsa_blinding_convert() and rsa_blinding_invert() to store
+     * the unblinding factor outside the blinding structure.
+     */
+    BIGNUM *unblind = NULL;
+    BN_BLINDING *blinding = NULL;
+
+    if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+    f = BN_CTX_get(ctx);
+    ret = BN_CTX_get(ctx);
+    num = BN_num_bytes(rsa->n);
+    buf = OPENSSL_malloc(num);
+    if (ret == NULL || buf == NULL) {
+        RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    switch (padding) {
+    case RSA_PKCS1_PADDING:
+        i = RSA_padding_add_PKCS1_type_1(buf, num, from, flen);
+        break;
+    case RSA_X931_PADDING:
+        i = RSA_padding_add_X931(buf, num, from, flen);
+        break;
+    case RSA_NO_PADDING:
+        i = RSA_padding_add_none(buf, num, from, flen);
+        break;
+    case RSA_SSLV23_PADDING:
+    default:
+        RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
+        goto err;
+    }
+    if (i <= 0)
+        goto err;
+
+    if (BN_bin2bn(buf, num, f) == NULL)
+        goto err;
+
+    if (BN_ucmp(f, rsa->n) >= 0) {
+        /* usually the padding functions would catch this */
+        RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT,
+               RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
+        goto err;
+    }
+
+    if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) {
+        blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
+        if (blinding == NULL) {
+            RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+    }
+
+    if (blinding != NULL) {
+        if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) {
+            RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (!rsa_blinding_convert(blinding, f, unblind, ctx))
+            goto err;
+    }
+
+    if ((rsa->flags & RSA_FLAG_EXT_PKEY) ||
+        (rsa->version == RSA_ASN1_VERSION_MULTI) ||
+        ((rsa->p != NULL) &&
+         (rsa->q != NULL) &&
+         (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL))) {
+        if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx))
+            goto err;
+    } else {
+        BIGNUM *d = BN_new();
+        if (d == NULL) {
+            RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+
+        if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
+            if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, rsa->lock,
+                                        rsa->n, ctx)) {
+                BN_free(d);
+                goto err;
+            }
+
+        if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx,
+                                   rsa->_method_mod_n)) {
+            BN_free(d);
+            goto err;
+        }
+        /* We MUST free d before any further use of rsa->d */
+        BN_free(d);
+    }
+
+    if (blinding)
+        if (!rsa_blinding_invert(blinding, ret, unblind, ctx))
+            goto err;
+
+    if (padding == RSA_X931_PADDING) {
+        if (!BN_sub(f, rsa->n, ret))
+            goto err;
+        if (BN_cmp(ret, f) > 0)
+            res = f;
+        else
+            res = ret;
+    } else {
+        res = ret;
+    }
+
+    /*
+     * BN_bn2binpad puts in leading 0 bytes if the number is less than
+     * the length of the modulus.
+     */
+    r = BN_bn2binpad(res, to, num);
+ err:
+    if (ctx != NULL)
+        BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    OPENSSL_clear_free(buf, num);
+    return r;
+}
+
+static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
+                                   unsigned char *to, RSA *rsa, int padding)
+{
+    BIGNUM *f, *ret;
+    int j, num = 0, r = -1;
+    unsigned char *buf = NULL;
+    BN_CTX *ctx = NULL;
+    int local_blinding = 0;
+    /*
+     * Used only if the blinding structure is shared. A non-NULL unblind
+     * instructs rsa_blinding_convert() and rsa_blinding_invert() to store
+     * the unblinding factor outside the blinding structure.
+     */
+    BIGNUM *unblind = NULL;
+    BN_BLINDING *blinding = NULL;
+
+    if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+    f = BN_CTX_get(ctx);
+    ret = BN_CTX_get(ctx);
+    num = BN_num_bytes(rsa->n);
+    buf = OPENSSL_malloc(num);
+    if (ret == NULL || buf == NULL) {
+        RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /*
+     * This check was for equality but PGP does evil things and chops off the
+     * top '0' bytes
+     */
+    if (flen > num) {
+        RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT,
+               RSA_R_DATA_GREATER_THAN_MOD_LEN);
+        goto err;
+    }
+
+    /* make data into a big number */
+    if (BN_bin2bn(from, (int)flen, f) == NULL)
+        goto err;
+
+    if (BN_ucmp(f, rsa->n) >= 0) {
+        RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT,
+               RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
+        goto err;
+    }
+
+    if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) {
+        blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
+        if (blinding == NULL) {
+            RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+    }
+
+    if (blinding != NULL) {
+        if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) {
+            RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (!rsa_blinding_convert(blinding, f, unblind, ctx))
+            goto err;
+    }
+
+    /* do the decrypt */
+    if ((rsa->flags & RSA_FLAG_EXT_PKEY) ||
+        (rsa->version == RSA_ASN1_VERSION_MULTI) ||
+        ((rsa->p != NULL) &&
+         (rsa->q != NULL) &&
+         (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL))) {
+        if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx))
+            goto err;
+    } else {
+        BIGNUM *d = BN_new();
+        if (d == NULL) {
+            RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+
+        if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
+            if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, rsa->lock,
+                                        rsa->n, ctx)) {
+                BN_free(d);
+                goto err;
+            }
+        if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx,
+                                   rsa->_method_mod_n)) {
+            BN_free(d);
+            goto err;
+        }
+        /* We MUST free d before any further use of rsa->d */
+        BN_free(d);
+    }
+
+    if (blinding)
+        if (!rsa_blinding_invert(blinding, ret, unblind, ctx))
+            goto err;
+
+    j = BN_bn2binpad(ret, buf, num);
+
+    switch (padding) {
+    case RSA_PKCS1_PADDING:
+        r = RSA_padding_check_PKCS1_type_2(to, num, buf, j, num);
+        break;
+    case RSA_PKCS1_OAEP_PADDING:
+        r = RSA_padding_check_PKCS1_OAEP(to, num, buf, j, num, NULL, 0);
+        break;
+    case RSA_SSLV23_PADDING:
+        r = RSA_padding_check_SSLv23(to, num, buf, j, num);
+        break;
+    case RSA_NO_PADDING:
+        memcpy(to, buf, (r = j));
+        break;
+    default:
+        RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
+        goto err;
+    }
+    if (r < 0)
+        RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_PADDING_CHECK_FAILED);
+
+ err:
+    if (ctx != NULL)
+        BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    OPENSSL_clear_free(buf, num);
+    return r;
+}
+
+/* signature verification */
+static int rsa_ossl_public_decrypt(int flen, const unsigned char *from,
+                                  unsigned char *to, RSA *rsa, int padding)
+{
+    BIGNUM *f, *ret;
+    int i, num = 0, r = -1;
+    unsigned char *buf = NULL;
+    BN_CTX *ctx = NULL;
+
+    if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) {
+        RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE);
+        return -1;
+    }
+
+    if (BN_ucmp(rsa->n, rsa->e) <= 0) {
+        RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);
+        return -1;
+    }
+
+    /* for large moduli, enforce exponent limit */
+    if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) {
+        if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) {
+            RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);
+            return -1;
+        }
+    }
+
+    if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+    f = BN_CTX_get(ctx);
+    ret = BN_CTX_get(ctx);
+    num = BN_num_bytes(rsa->n);
+    buf = OPENSSL_malloc(num);
+    if (ret == NULL || buf == NULL) {
+        RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /*
+     * This check was for equality but PGP does evil things and chops off the
+     * top '0' bytes
+     */
+    if (flen > num) {
+        RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_DATA_GREATER_THAN_MOD_LEN);
+        goto err;
+    }
+
+    if (BN_bin2bn(from, flen, f) == NULL)
+        goto err;
+
+    if (BN_ucmp(f, rsa->n) >= 0) {
+        RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT,
+               RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
+        goto err;
+    }
+
+    if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
+        if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, rsa->lock,
+                                    rsa->n, ctx))
+            goto err;
+
+    if (!rsa->meth->bn_mod_exp(ret, f, rsa->e, rsa->n, ctx,
+                               rsa->_method_mod_n))
+        goto err;
+
+    if ((padding == RSA_X931_PADDING) && ((bn_get_words(ret)[0] & 0xf) != 12))
+        if (!BN_sub(ret, rsa->n, ret))
+            goto err;
+
+    i = BN_bn2binpad(ret, buf, num);
+
+    switch (padding) {
+    case RSA_PKCS1_PADDING:
+        r = RSA_padding_check_PKCS1_type_1(to, num, buf, i, num);
+        break;
+    case RSA_X931_PADDING:
+        r = RSA_padding_check_X931(to, num, buf, i, num);
+        break;
+    case RSA_NO_PADDING:
+        memcpy(to, buf, (r = i));
+        break;
+    default:
+        RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
+        goto err;
+    }
+    if (r < 0)
+        RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_PADDING_CHECK_FAILED);
+
+ err:
+    if (ctx != NULL)
+        BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    OPENSSL_clear_free(buf, num);
+    return r;
+}
+
+static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
+{
+    BIGNUM *r1, *m1, *vrfy, *r2, *m[RSA_MAX_PRIME_NUM - 2];
+    int ret = 0, i, ex_primes = 0, smooth = 0;
+    RSA_PRIME_INFO *pinfo;
+
+    BN_CTX_start(ctx);
+
+    r1 = BN_CTX_get(ctx);
+    r2 = BN_CTX_get(ctx);
+    m1 = BN_CTX_get(ctx);
+    vrfy = BN_CTX_get(ctx);
+    if (vrfy == NULL)
+        goto err;
+
+    if (rsa->version == RSA_ASN1_VERSION_MULTI
+        && ((ex_primes = sk_RSA_PRIME_INFO_num(rsa->prime_infos)) <= 0
+             || ex_primes > RSA_MAX_PRIME_NUM - 2))
+        goto err;
+
+    if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) {
+        BIGNUM *factor = BN_new();
+
+        if (factor == NULL)
+            goto err;
+
+        /*
+         * Make sure BN_mod_inverse in Montgomery initialization uses the
+         * BN_FLG_CONSTTIME flag
+         */
+        if (!(BN_with_flags(factor, rsa->p, BN_FLG_CONSTTIME),
+              BN_MONT_CTX_set_locked(&rsa->_method_mod_p, rsa->lock,
+                                     factor, ctx))
+            || !(BN_with_flags(factor, rsa->q, BN_FLG_CONSTTIME),
+                 BN_MONT_CTX_set_locked(&rsa->_method_mod_q, rsa->lock,
+                                        factor, ctx))) {
+            BN_free(factor);
+            goto err;
+        }
+        for (i = 0; i < ex_primes; i++) {
+            pinfo = sk_RSA_PRIME_INFO_value(rsa->prime_infos, i);
+            BN_with_flags(factor, pinfo->r, BN_FLG_CONSTTIME);
+            if (!BN_MONT_CTX_set_locked(&pinfo->m, rsa->lock, factor, ctx)) {
+                BN_free(factor);
+                goto err;
+            }
+        }
+        /*
+         * We MUST free |factor| before any further use of the prime factors
+         */
+        BN_free(factor);
+
+        smooth = (ex_primes == 0)
+                 && (rsa->meth->bn_mod_exp == BN_mod_exp_mont)
+                 && (BN_num_bits(rsa->q) == BN_num_bits(rsa->p));
+    }
+
+    if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
+        if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, rsa->lock,
+                                    rsa->n, ctx))
+            goto err;
+
+    if (smooth) {
+        /*
+         * Conversion from Montgomery domain, a.k.a. Montgomery reduction,
+         * accepts values in [0-m*2^w) range. w is m's bit width rounded up
+         * to limb width. So that at the very least if |I| is fully reduced,
+         * i.e. less than p*q, we can count on from-to round to perform
+         * below modulo operations on |I|. Unlike BN_mod it's constant time.
+         */
+        if (/* m1 = I moq q */
+            !bn_from_mont_fixed_top(m1, I, rsa->_method_mod_q, ctx)
+            || !bn_to_mont_fixed_top(m1, m1, rsa->_method_mod_q, ctx)
+            /* m1 = m1^dmq1 mod q */
+            || !BN_mod_exp_mont_consttime(m1, m1, rsa->dmq1, rsa->q, ctx,
+                                          rsa->_method_mod_q)
+            /* r1 = I mod p */
+            || !bn_from_mont_fixed_top(r1, I, rsa->_method_mod_p, ctx)
+            || !bn_to_mont_fixed_top(r1, r1, rsa->_method_mod_p, ctx)
+            /* r1 = r1^dmp1 mod p */
+            || !BN_mod_exp_mont_consttime(r1, r1, rsa->dmp1, rsa->p, ctx,
+                                          rsa->_method_mod_p)
+            /* r1 = (r1 - m1) mod p */
+            /*
+             * bn_mod_sub_fixed_top is not regular modular subtraction,
+             * it can tolerate subtrahend to be larger than modulus, but
+             * not bit-wise wider. This makes up for uncommon q>p case,
+             * when |m1| can be larger than |rsa->p|.
+             */
+            || !bn_mod_sub_fixed_top(r1, r1, m1, rsa->p)
+
+            /* r0 = r0 * iqmp mod p */
+            || !bn_to_mont_fixed_top(r1, r1, rsa->_method_mod_p, ctx)
+            || !bn_mul_mont_fixed_top(r1, r1, rsa->iqmp, rsa->_method_mod_p,
+                                      ctx)
+            || !bn_mul_fixed_top(r0, r1, rsa->q, ctx)
+            || !bn_mod_add_fixed_top(r0, r0, m1, rsa->n))
+            goto err;
+
+        goto tail;
+    }
+
+    /* compute I mod q */
+    {
+        BIGNUM *c = BN_new();
+        if (c == NULL)
+            goto err;
+        BN_with_flags(c, I, BN_FLG_CONSTTIME);
+
+        if (!BN_mod(r1, c, rsa->q, ctx)) {
+            BN_free(c);
+            goto err;
+        }
+
+        {
+            BIGNUM *dmq1 = BN_new();
+            if (dmq1 == NULL) {
+                BN_free(c);
+                goto err;
+            }
+            BN_with_flags(dmq1, rsa->dmq1, BN_FLG_CONSTTIME);
+
+            /* compute r1^dmq1 mod q */
+            if (!rsa->meth->bn_mod_exp(m1, r1, dmq1, rsa->q, ctx,
+                                       rsa->_method_mod_q)) {
+                BN_free(c);
+                BN_free(dmq1);
+                goto err;
+            }
+            /* We MUST free dmq1 before any further use of rsa->dmq1 */
+            BN_free(dmq1);
+        }
+
+        /* compute I mod p */
+        if (!BN_mod(r1, c, rsa->p, ctx)) {
+            BN_free(c);
+            goto err;
+        }
+        /* We MUST free c before any further use of I */
+        BN_free(c);
+    }
+
+    {
+        BIGNUM *dmp1 = BN_new();
+        if (dmp1 == NULL)
+            goto err;
+        BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME);
+
+        /* compute r1^dmp1 mod p */
+        if (!rsa->meth->bn_mod_exp(r0, r1, dmp1, rsa->p, ctx,
+                                   rsa->_method_mod_p)) {
+            BN_free(dmp1);
+            goto err;
+        }
+        /* We MUST free dmp1 before any further use of rsa->dmp1 */
+        BN_free(dmp1);
+    }
+
+    /*
+     * calculate m_i in multi-prime case
+     *
+     * TODO:
+     * 1. squash the following two loops and calculate |m_i| there.
+     * 2. remove cc and reuse |c|.
+     * 3. remove |dmq1| and |dmp1| in previous block and use |di|.
+     *
+     * If these things are done, the code will be more readable.
+     */
+    if (ex_primes > 0) {
+        BIGNUM *di = BN_new(), *cc = BN_new();
+
+        if (cc == NULL || di == NULL) {
+            BN_free(cc);
+            BN_free(di);
+            goto err;
+        }
+
+        for (i = 0; i < ex_primes; i++) {
+            /* prepare m_i */
+            if ((m[i] = BN_CTX_get(ctx)) == NULL) {
+                BN_free(cc);
+                BN_free(di);
+                goto err;
+            }
+
+            pinfo = sk_RSA_PRIME_INFO_value(rsa->prime_infos, i);
+
+            /* prepare c and d_i */
+            BN_with_flags(cc, I, BN_FLG_CONSTTIME);
+            BN_with_flags(di, pinfo->d, BN_FLG_CONSTTIME);
+
+            if (!BN_mod(r1, cc, pinfo->r, ctx)) {
+                BN_free(cc);
+                BN_free(di);
+                goto err;
+            }
+            /* compute r1 ^ d_i mod r_i */
+            if (!rsa->meth->bn_mod_exp(m[i], r1, di, pinfo->r, ctx, pinfo->m)) {
+                BN_free(cc);
+                BN_free(di);
+                goto err;
+            }
+        }
+
+        BN_free(cc);
+        BN_free(di);
+    }
+
+    if (!BN_sub(r0, r0, m1))
+        goto err;
+    /*
+     * This will help stop the size of r0 increasing, which does affect the
+     * multiply if it optimised for a power of 2 size
+     */
+    if (BN_is_negative(r0))
+        if (!BN_add(r0, r0, rsa->p))
+            goto err;
+
+    if (!BN_mul(r1, r0, rsa->iqmp, ctx))
+        goto err;
+
+    {
+        BIGNUM *pr1 = BN_new();
+        if (pr1 == NULL)
+            goto err;
+        BN_with_flags(pr1, r1, BN_FLG_CONSTTIME);
+
+        if (!BN_mod(r0, pr1, rsa->p, ctx)) {
+            BN_free(pr1);
+            goto err;
+        }
+        /* We MUST free pr1 before any further use of r1 */
+        BN_free(pr1);
+    }
+
+    /*
+     * If p < q it is occasionally possible for the correction of adding 'p'
+     * if r0 is negative above to leave the result still negative. This can
+     * break the private key operations: the following second correction
+     * should *always* correct this rare occurrence. This will *never* happen
+     * with OpenSSL generated keys because they ensure p > q [steve]
+     */
+    if (BN_is_negative(r0))
+        if (!BN_add(r0, r0, rsa->p))
+            goto err;
+    if (!BN_mul(r1, r0, rsa->q, ctx))
+        goto err;
+    if (!BN_add(r0, r1, m1))
+        goto err;
+
+    /* add m_i to m in multi-prime case */
+    if (ex_primes > 0) {
+        BIGNUM *pr2 = BN_new();
+
+        if (pr2 == NULL)
+            goto err;
+
+        for (i = 0; i < ex_primes; i++) {
+            pinfo = sk_RSA_PRIME_INFO_value(rsa->prime_infos, i);
+            if (!BN_sub(r1, m[i], r0)) {
+                BN_free(pr2);
+                goto err;
+            }
+
+            if (!BN_mul(r2, r1, pinfo->t, ctx)) {
+                BN_free(pr2);
+                goto err;
+            }
+
+            BN_with_flags(pr2, r2, BN_FLG_CONSTTIME);
+
+            if (!BN_mod(r1, pr2, pinfo->r, ctx)) {
+                BN_free(pr2);
+                goto err;
+            }
+
+            if (BN_is_negative(r1))
+                if (!BN_add(r1, r1, pinfo->r)) {
+                    BN_free(pr2);
+                    goto err;
+                }
+            if (!BN_mul(r1, r1, pinfo->pp, ctx)) {
+                BN_free(pr2);
+                goto err;
+            }
+            if (!BN_add(r0, r0, r1)) {
+                BN_free(pr2);
+                goto err;
+            }
+        }
+        BN_free(pr2);
+    }
+
+ tail:
+    if (rsa->e && rsa->n) {
+        if (rsa->meth->bn_mod_exp == BN_mod_exp_mont) {
+            if (!BN_mod_exp_mont(vrfy, r0, rsa->e, rsa->n, ctx,
+                                 rsa->_method_mod_n))
+                goto err;
+        } else {
+            bn_correct_top(r0);
+            if (!rsa->meth->bn_mod_exp(vrfy, r0, rsa->e, rsa->n, ctx,
+                                       rsa->_method_mod_n))
+                goto err;
+        }
+        /*
+         * If 'I' was greater than (or equal to) rsa->n, the operation will
+         * be equivalent to using 'I mod n'. However, the result of the
+         * verify will *always* be less than 'n' so we don't check for
+         * absolute equality, just congruency.
+         */
+        if (!BN_sub(vrfy, vrfy, I))
+            goto err;
+        if (BN_is_zero(vrfy)) {
+            bn_correct_top(r0);
+            ret = 1;
+            goto err;   /* not actually error */
+        }
+        if (!BN_mod(vrfy, vrfy, rsa->n, ctx))
+            goto err;
+        if (BN_is_negative(vrfy))
+            if (!BN_add(vrfy, vrfy, rsa->n))
+                goto err;
+        if (!BN_is_zero(vrfy)) {
+            /*
+             * 'I' and 'vrfy' aren't congruent mod n. Don't leak
+             * miscalculated CRT output, just do a raw (slower) mod_exp and
+             * return that instead.
+             */
+
+            BIGNUM *d = BN_new();
+            if (d == NULL)
+                goto err;
+            BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+
+            if (!rsa->meth->bn_mod_exp(r0, I, d, rsa->n, ctx,
+                                       rsa->_method_mod_n)) {
+                BN_free(d);
+                goto err;
+            }
+            /* We MUST free d before any further use of rsa->d */
+            BN_free(d);
+        }
+    }
+    /*
+     * It's unfortunate that we have to bn_correct_top(r0). What hopefully
+     * saves the day is that correction is highly unlike, and private key
+     * operations are customarily performed on blinded message. Which means
+     * that attacker won't observe correlation with chosen plaintext.
+     * Secondly, remaining code would still handle it in same computational
+     * time and even conceal memory access pattern around corrected top.
+     */
+    bn_correct_top(r0);
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+static int rsa_ossl_init(RSA *rsa)
+{
+    rsa->flags |= RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE;
+    return 1;
+}
+
+static int rsa_ossl_finish(RSA *rsa)
+{
+    int i;
+    RSA_PRIME_INFO *pinfo;
+
+    BN_MONT_CTX_free(rsa->_method_mod_n);
+    BN_MONT_CTX_free(rsa->_method_mod_p);
+    BN_MONT_CTX_free(rsa->_method_mod_q);
+    for (i = 0; i < sk_RSA_PRIME_INFO_num(rsa->prime_infos); i++) {
+        pinfo = sk_RSA_PRIME_INFO_value(rsa->prime_infos, i);
+        BN_MONT_CTX_free(pinfo->m);
+    }
+    return 1;
+}
diff --git a/freebsd/crypto/openssl/crypto/rsa/rsa_pk1.c b/freebsd/crypto/openssl/crypto/rsa/rsa_pk1.c
index 553c7b7f..1b285786 100644
--- a/freebsd/crypto/openssl/crypto/rsa/rsa_pk1.c
+++ b/freebsd/crypto/openssl/crypto/rsa/rsa_pk1.c
@@ -1,67 +1,18 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/rsa/rsa_pk1.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include "constant_time_locl.h"
+#include "internal/constant_time_locl.h"
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
 #include <openssl/rand.h>
@@ -75,7 +26,7 @@ int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
     if (flen > (tlen - RSA_PKCS1_PADDING_SIZE)) {
         RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,
                RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-        return (0);
+        return 0;
     }
 
     p = (unsigned char *)to;
@@ -89,7 +40,7 @@ int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
     p += j;
     *(p++) = '\0';
     memcpy(p, from, (unsigned int)flen);
-    return (1);
+    return 1;
 }
 
 int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
@@ -121,10 +72,10 @@ int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
         flen--;
     }
 
-    if ((num != (flen + 1)) || (*(p++) != 01)) {
+    if ((num != (flen + 1)) || (*(p++) != 0x01)) {
         RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
                RSA_R_BLOCK_TYPE_IS_NOT_01);
-        return (-1);
+        return -1;
     }
 
     /* scan over padding data */
@@ -137,7 +88,7 @@ int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
             } else {
                 RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
                        RSA_R_BAD_FIXED_HEADER_DECRYPT);
-                return (-1);
+                return -1;
             }
         }
         p++;
@@ -146,23 +97,23 @@ int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
     if (i == j) {
         RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
                RSA_R_NULL_BEFORE_BLOCK_MISSING);
-        return (-1);
+        return -1;
     }
 
     if (i < 8) {
         RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
                RSA_R_BAD_PAD_BYTE_COUNT);
-        return (-1);
+        return -1;
     }
     i++;                        /* Skip over the '\0' */
     j -= i;
     if (j > tlen) {
         RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1, RSA_R_DATA_TOO_LARGE);
-        return (-1);
+        return -1;
     }
     memcpy(to, p, (unsigned int)j);
 
-    return (j);
+    return j;
 }
 
 int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
@@ -174,7 +125,7 @@ int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
     if (flen > (tlen - 11)) {
         RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2,
                RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-        return (0);
+        return 0;
     }
 
     p = (unsigned char *)to;
@@ -186,12 +137,12 @@ int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
     j = tlen - 3 - flen;
 
     if (RAND_bytes(p, j) <= 0)
-        return (0);
+        return 0;
     for (i = 0; i < j; i++) {
         if (*p == '\0')
             do {
                 if (RAND_bytes(p, 1) <= 0)
-                    return (0);
+                    return 0;
             } while (*p == '\0');
         p++;
     }
@@ -199,7 +150,7 @@ int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
     *(p++) = '\0';
 
     memcpy(p, from, (unsigned int)flen);
-    return (1);
+    return 1;
 }
 
 int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
@@ -227,7 +178,7 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
         goto err;
 
     if (flen != num) {
-        em = OPENSSL_malloc(num);
+        em = OPENSSL_zalloc(num);
         if (em == NULL) {
             RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, ERR_R_MALLOC_FAILURE);
             return -1;
@@ -240,7 +191,6 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
          * memory access pattern since we can't read out of the bounds of
          * |from|.
          */
-        memset(em, 0, num);
         memcpy(em + num - flen, from, flen);
         from = em;
     }
@@ -290,10 +240,7 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
     memcpy(to, from + msg_index, mlen);
 
  err:
-    if (em != NULL) {
-        OPENSSL_cleanse(em, num);
-        OPENSSL_free(em);
-    }
+    OPENSSL_clear_free(em, num);
     if (mlen == -1)
         RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,
                RSA_R_PKCS_DECODING_ERROR);
diff --git a/freebsd/crypto/openssl/crypto/rsa/rsa_pmeth.c b/freebsd/crypto/openssl/crypto/rsa/rsa_pmeth.c
index 902b7008..d0992e90 100644
--- a/freebsd/crypto/openssl/crypto/rsa/rsa_pmeth.c
+++ b/freebsd/crypto/openssl/crypto/rsa/rsa_pmeth.c
@@ -1,79 +1,24 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/rsa/rsa_pmeth.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2006.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
 #include <openssl/rsa.h>
 #include <openssl/bn.h>
 #include <openssl/evp.h>
 #include <openssl/x509v3.h>
-#ifndef OPENSSL_NO_CMS
-# include <openssl/cms.h>
-#endif
-#ifdef OPENSSL_FIPS
-# include <openssl/fips.h>
-#endif
-#include "evp_locl.h"
+#include <openssl/cms.h>
+#include "internal/evp_int.h"
 #include "rsa_locl.h"
 
 /* RSA pkey context structure */
@@ -82,6 +27,7 @@ typedef struct {
     /* Key gen parameters */
     int nbits;
     BIGNUM *pub_exp;
+    int primes;
     /* Keygen callback info */
     int gentmp[2];
     /* RSA padding mode */
@@ -92,6 +38,8 @@ typedef struct {
     const EVP_MD *mgf1md;
     /* PSS salt length */
     int saltlen;
+    /* Minimum salt length or -1 if no PSS parameter restriction */
+    int min_saltlen;
     /* Temp buffer */
     unsigned char *tbuf;
     /* OAEP label */
@@ -99,24 +47,24 @@ typedef struct {
     size_t oaep_labellen;
 } RSA_PKEY_CTX;
 
+/* True if PSS parameters are restricted */
+#define rsa_pss_restricted(rctx) (rctx->min_saltlen != -1)
+
 static int pkey_rsa_init(EVP_PKEY_CTX *ctx)
 {
-    RSA_PKEY_CTX *rctx;
-    rctx = OPENSSL_malloc(sizeof(RSA_PKEY_CTX));
-    if (!rctx)
+    RSA_PKEY_CTX *rctx = OPENSSL_zalloc(sizeof(*rctx));
+
+    if (rctx == NULL)
         return 0;
     rctx->nbits = 1024;
-    rctx->pub_exp = NULL;
-    rctx->pad_mode = RSA_PKCS1_PADDING;
-    rctx->md = NULL;
-    rctx->mgf1md = NULL;
-    rctx->tbuf = NULL;
-
-    rctx->saltlen = -2;
-
-    rctx->oaep_label = NULL;
-    rctx->oaep_labellen = 0;
-
+    rctx->primes = RSA_DEFAULT_PRIME_NUM;
+    if (pkey_ctx_is_pss(ctx))
+        rctx->pad_mode = RSA_PKCS1_PSS_PADDING;
+    else
+        rctx->pad_mode = RSA_PKCS1_PADDING;
+    /* Maximum for sign, auto for verify */
+    rctx->saltlen = RSA_PSS_SALTLEN_AUTO;
+    rctx->min_saltlen = -1;
     ctx->data = rctx;
     ctx->keygen_info = rctx->gentmp;
     ctx->keygen_info_count = 2;
@@ -127,6 +75,7 @@ static int pkey_rsa_init(EVP_PKEY_CTX *ctx)
 static int pkey_rsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
 {
     RSA_PKEY_CTX *dctx, *sctx;
+
     if (!pkey_rsa_init(dst))
         return 0;
     sctx = src->data;
@@ -141,9 +90,8 @@ static int pkey_rsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
     dctx->md = sctx->md;
     dctx->mgf1md = sctx->mgf1md;
     if (sctx->oaep_label) {
-        if (dctx->oaep_label)
-            OPENSSL_free(dctx->oaep_label);
-        dctx->oaep_label = BUF_memdup(sctx->oaep_label, sctx->oaep_labellen);
+        OPENSSL_free(dctx->oaep_label);
+        dctx->oaep_label = OPENSSL_memdup(sctx->oaep_label, sctx->oaep_labellen);
         if (!dctx->oaep_label)
             return 0;
         dctx->oaep_labellen = sctx->oaep_labellen;
@@ -153,11 +101,12 @@ static int pkey_rsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
 
 static int setup_tbuf(RSA_PKEY_CTX *ctx, EVP_PKEY_CTX *pk)
 {
-    if (ctx->tbuf)
+    if (ctx->tbuf != NULL)
         return 1;
-    ctx->tbuf = OPENSSL_malloc(EVP_PKEY_size(pk->pkey));
-    if (!ctx->tbuf)
+    if ((ctx->tbuf = OPENSSL_malloc(EVP_PKEY_size(pk->pkey))) == NULL) {
+        RSAerr(RSA_F_SETUP_TBUF, ERR_R_MALLOC_FAILURE);
         return 0;
+    }
     return 1;
 }
 
@@ -165,48 +114,13 @@ static void pkey_rsa_cleanup(EVP_PKEY_CTX *ctx)
 {
     RSA_PKEY_CTX *rctx = ctx->data;
     if (rctx) {
-        if (rctx->pub_exp)
-            BN_free(rctx->pub_exp);
-        if (rctx->tbuf)
-            OPENSSL_free(rctx->tbuf);
-        if (rctx->oaep_label)
-            OPENSSL_free(rctx->oaep_label);
+        BN_free(rctx->pub_exp);
+        OPENSSL_free(rctx->tbuf);
+        OPENSSL_free(rctx->oaep_label);
         OPENSSL_free(rctx);
     }
 }
 
-#ifdef OPENSSL_FIPS
-/*
- * FIP checker. Return value indicates status of context parameters: 1 :
- * redirect to FIPS. 0 : don't redirect to FIPS. -1 : illegal operation in
- * FIPS mode.
- */
-
-static int pkey_fips_check_rsa(const RSA *rsa, const EVP_MD **pmd,
-                               const EVP_MD **pmgf1md)
-{
-    int rv = -1;
-
-    if (!FIPS_mode())
-        return 0;
-    if (rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
-        rv = 0;
-    if (!(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) && rv)
-        return -1;
-    if (*pmd != NULL) {
-        *pmd = FIPS_get_digestbynid(EVP_MD_type(*pmd));
-        if (*pmd == NULL || !((*pmd)->flags & EVP_MD_FLAG_FIPS))
-            return rv;
-    }
-    if (*pmgf1md != NULL) {
-        *pmgf1md = FIPS_get_digestbynid(EVP_MD_type(*pmgf1md));
-        if (*pmgf1md == NULL || !((*pmgf1md)->flags & EVP_MD_FLAG_FIPS))
-            return rv;
-    }
-    return 1;
-}
-#endif
-
 static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
                          size_t *siglen, const unsigned char *tbs,
                          size_t tbslen)
@@ -214,41 +128,19 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
     int ret;
     RSA_PKEY_CTX *rctx = ctx->data;
     RSA *rsa = ctx->pkey->pkey.rsa;
-    const EVP_MD *md = rctx->md;
-    const EVP_MD *mgf1md = rctx->mgf1md;
-
-#ifdef OPENSSL_FIPS
-    ret = pkey_fips_check_rsa(rsa, &md, &mgf1md);
-    if (ret < 0) {
-        RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
-        return -1;
-    }
-#endif
 
-    if (md != NULL) {
-        if (tbslen != (size_t)EVP_MD_size(md)) {
+    if (rctx->md) {
+        if (tbslen != (size_t)EVP_MD_size(rctx->md)) {
             RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_INVALID_DIGEST_LENGTH);
             return -1;
         }
-#ifdef OPENSSL_FIPS
-        if (ret > 0) {
-            unsigned int slen;
-            ret = FIPS_rsa_sign_digest(rsa, tbs, tbslen, md, rctx->pad_mode,
-                                       rctx->saltlen, mgf1md, sig, &slen);
-            if (ret > 0)
-                *siglen = slen;
-            else
-                *siglen = 0;
-            return ret;
-        }
-#endif
 
-        if (EVP_MD_type(md) == NID_mdc2) {
+        if (EVP_MD_type(rctx->md) == NID_mdc2) {
             unsigned int sltmp;
             if (rctx->pad_mode != RSA_PKCS1_PADDING)
                 return -1;
-            ret = RSA_sign_ASN1_OCTET_STRING(NID_mdc2, tbs, tbslen, sig, &sltmp,
-                                             rsa);
+            ret = RSA_sign_ASN1_OCTET_STRING(0,
+                                             tbs, tbslen, sig, &sltmp, rsa);
 
             if (ret <= 0)
                 return ret;
@@ -263,28 +155,33 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
                 return -1;
             }
             memcpy(rctx->tbuf, tbs, tbslen);
-            rctx->tbuf[tbslen] = RSA_X931_hash_id(EVP_MD_type(md));
+            rctx->tbuf[tbslen] = RSA_X931_hash_id(EVP_MD_type(rctx->md));
             ret = RSA_private_encrypt(tbslen + 1, rctx->tbuf,
                                       sig, rsa, RSA_X931_PADDING);
         } else if (rctx->pad_mode == RSA_PKCS1_PADDING) {
             unsigned int sltmp;
-            ret = RSA_sign(EVP_MD_type(md), tbs, tbslen, sig, &sltmp, rsa);
+            ret = RSA_sign(EVP_MD_type(rctx->md),
+                           tbs, tbslen, sig, &sltmp, rsa);
             if (ret <= 0)
                 return ret;
             ret = sltmp;
         } else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) {
             if (!setup_tbuf(rctx, ctx))
                 return -1;
-            if (!RSA_padding_add_PKCS1_PSS_mgf1(rsa, rctx->tbuf, tbs,
-                                                md, mgf1md, rctx->saltlen))
+            if (!RSA_padding_add_PKCS1_PSS_mgf1(rsa,
+                                                rctx->tbuf, tbs,
+                                                rctx->md, rctx->mgf1md,
+                                                rctx->saltlen))
                 return -1;
             ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf,
                                       sig, rsa, RSA_NO_PADDING);
-        } else
+        } else {
             return -1;
-    } else
+        }
+    } else {
         ret = RSA_private_encrypt(tbslen, tbs, sig, ctx->pkey->pkey.rsa,
                                   rctx->pad_mode);
+    }
     if (ret < 0)
         return ret;
     *siglen = ret;
@@ -328,11 +225,13 @@ static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx,
             if (ret <= 0)
                 return 0;
             ret = sltmp;
-        } else
+        } else {
             return -1;
-    } else
+        }
+    } else {
         ret = RSA_public_decrypt(siglen, sig, rout, ctx->pkey->pkey.rsa,
                                  rctx->pad_mode);
+    }
     if (ret < 0)
         return ret;
     *routlen = ret;
@@ -345,31 +244,13 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
 {
     RSA_PKEY_CTX *rctx = ctx->data;
     RSA *rsa = ctx->pkey->pkey.rsa;
-    const EVP_MD *md = rctx->md;
-    const EVP_MD *mgf1md = rctx->mgf1md;
     size_t rslen;
 
-#ifdef OPENSSL_FIPS
-    int rv = pkey_fips_check_rsa(rsa, &md, &mgf1md);
-
-    if (rv < 0) {
-        RSAerr(RSA_F_PKEY_RSA_VERIFY,
-               RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
-        return -1;
-    }
-#endif
-    if (md != NULL) {
-#ifdef OPENSSL_FIPS
-        if (rv > 0) {
-            return FIPS_rsa_verify_digest(rsa, tbs, tbslen, md, rctx->pad_mode,
-                                          rctx->saltlen, mgf1md, sig, siglen);
-
-        }
-#endif
+    if (rctx->md) {
         if (rctx->pad_mode == RSA_PKCS1_PADDING)
-            return RSA_verify(EVP_MD_type(md), tbs, tbslen,
+            return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
                               sig, siglen, rsa);
-        if (tbslen != (size_t)EVP_MD_size(md)) {
+        if (tbslen != (size_t)EVP_MD_size(rctx->md)) {
             RSAerr(RSA_F_PKEY_RSA_VERIFY, RSA_R_INVALID_DIGEST_LENGTH);
             return -1;
         }
@@ -384,13 +265,15 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
                                      rsa, RSA_NO_PADDING);
             if (ret <= 0)
                 return 0;
-            ret = RSA_verify_PKCS1_PSS_mgf1(rsa, tbs, md, mgf1md,
+            ret = RSA_verify_PKCS1_PSS_mgf1(rsa, tbs,
+                                            rctx->md, rctx->mgf1md,
                                             rctx->tbuf, rctx->saltlen);
             if (ret <= 0)
                 return 0;
             return 1;
-        } else
+        } else {
             return -1;
+        }
     } else {
         if (!setup_tbuf(rctx, ctx))
             return -1;
@@ -413,6 +296,7 @@ static int pkey_rsa_encrypt(EVP_PKEY_CTX *ctx,
 {
     int ret;
     RSA_PKEY_CTX *rctx = ctx->data;
+
     if (rctx->pad_mode == RSA_PKCS1_OAEP_PADDING) {
         int klen = RSA_size(ctx->pkey->pkey.rsa);
         if (!setup_tbuf(rctx, ctx))
@@ -425,9 +309,10 @@ static int pkey_rsa_encrypt(EVP_PKEY_CTX *ctx,
             return -1;
         ret = RSA_public_encrypt(klen, rctx->tbuf, out,
                                  ctx->pkey->pkey.rsa, RSA_NO_PADDING);
-    } else
+    } else {
         ret = RSA_public_encrypt(inlen, in, out, ctx->pkey->pkey.rsa,
                                  rctx->pad_mode);
+    }
     if (ret < 0)
         return ret;
     *outlen = ret;
@@ -440,6 +325,7 @@ static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx,
 {
     int ret;
     RSA_PKEY_CTX *rctx = ctx->data;
+
     if (rctx->pad_mode == RSA_PKCS1_OAEP_PADDING) {
         if (!setup_tbuf(rctx, ctx))
             return -1;
@@ -452,9 +338,10 @@ static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx,
                                                 rctx->oaep_label,
                                                 rctx->oaep_labellen,
                                                 rctx->md, rctx->mgf1md);
-    } else
+    } else {
         ret = RSA_private_decrypt(inlen, in, out, ctx->pkey->pkey.rsa,
                                   rctx->pad_mode);
+    }
     if (ret < 0)
         return ret;
     *outlen = ret;
@@ -463,20 +350,48 @@ static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx,
 
 static int check_padding_md(const EVP_MD *md, int padding)
 {
+    int mdnid;
+
     if (!md)
         return 1;
 
+    mdnid = EVP_MD_type(md);
+
     if (padding == RSA_NO_PADDING) {
         RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_PADDING_MODE);
         return 0;
     }
 
     if (padding == RSA_X931_PADDING) {
-        if (RSA_X931_hash_id(EVP_MD_type(md)) == -1) {
+        if (RSA_X931_hash_id(mdnid) == -1) {
             RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_X931_DIGEST);
             return 0;
         }
-        return 1;
+    } else {
+        switch(mdnid) {
+        /* List of all supported RSA digests */
+        case NID_sha1:
+        case NID_sha224:
+        case NID_sha256:
+        case NID_sha384:
+        case NID_sha512:
+        case NID_md5:
+        case NID_md5_sha1:
+        case NID_md2:
+        case NID_md4:
+        case NID_mdc2:
+        case NID_ripemd160:
+        case NID_sha3_224:
+        case NID_sha3_256:
+        case NID_sha3_384:
+        case NID_sha3_512:
+            return 1;
+
+        default:
+            RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_DIGEST);
+            return 0;
+
+        }
     }
 
     return 1;
@@ -485,6 +400,7 @@ static int check_padding_md(const EVP_MD *md, int padding)
 static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
 {
     RSA_PKEY_CTX *rctx = ctx->data;
+
     switch (type) {
     case EVP_PKEY_CTRL_RSA_PADDING:
         if ((p1 >= RSA_PKCS1_PADDING) && (p1 <= RSA_PKCS1_PSS_PADDING)) {
@@ -496,6 +412,8 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
                     goto bad_pad;
                 if (!rctx->md)
                     rctx->md = EVP_sha1();
+            } else if (pkey_ctx_is_pss(ctx)) {
+                goto bad_pad;
             }
             if (p1 == RSA_PKCS1_OAEP_PADDING) {
                 if (!(ctx->operation & EVP_PKEY_OP_TYPE_CRYPT))
@@ -521,18 +439,31 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
             RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PSS_SALTLEN);
             return -2;
         }
-        if (type == EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN)
+        if (type == EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN) {
             *(int *)p2 = rctx->saltlen;
-        else {
-            if (p1 < -2)
+        } else {
+            if (p1 < RSA_PSS_SALTLEN_MAX)
                 return -2;
+            if (rsa_pss_restricted(rctx)) {
+                if (p1 == RSA_PSS_SALTLEN_AUTO
+                    && ctx->operation == EVP_PKEY_OP_VERIFY) {
+                    RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PSS_SALTLEN);
+                    return -2;
+                }
+                if ((p1 == RSA_PSS_SALTLEN_DIGEST
+                     && rctx->min_saltlen > EVP_MD_size(rctx->md))
+                    || (p1 >= 0 && p1 < rctx->min_saltlen)) {
+                    RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_PSS_SALTLEN_TOO_SMALL);
+                    return 0;
+                }
+            }
             rctx->saltlen = p1;
         }
         return 1;
 
     case EVP_PKEY_CTRL_RSA_KEYGEN_BITS:
-        if (p1 < 256) {
-            RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_KEYBITS);
+        if (p1 < RSA_MIN_MODULUS_BITS) {
+            RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_KEY_SIZE_TOO_SMALL);
             return -2;
         }
         rctx->nbits = p1;
@@ -547,6 +478,14 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
         rctx->pub_exp = p2;
         return 1;
 
+    case EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES:
+        if (p1 < RSA_DEFAULT_PRIME_NUM || p1 > RSA_MAX_PRIME_NUM) {
+            RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_KEY_PRIME_NUM_INVALID);
+            return -2;
+        }
+        rctx->primes = p1;
+        return 1;
+
     case EVP_PKEY_CTRL_RSA_OAEP_MD:
     case EVP_PKEY_CTRL_GET_RSA_OAEP_MD:
         if (rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) {
@@ -562,6 +501,12 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
     case EVP_PKEY_CTRL_MD:
         if (!check_padding_md(p2, rctx->pad_mode))
             return 0;
+        if (rsa_pss_restricted(rctx)) {
+            if (EVP_MD_type(rctx->md) == EVP_MD_type(p2))
+                return 1;
+            RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_DIGEST_NOT_ALLOWED);
+            return 0;
+        }
         rctx->md = p2;
         return 1;
 
@@ -581,8 +526,15 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
                 *(const EVP_MD **)p2 = rctx->mgf1md;
             else
                 *(const EVP_MD **)p2 = rctx->md;
-        } else
+        } else {
+            if (rsa_pss_restricted(rctx)) {
+                if (EVP_MD_type(rctx->mgf1md) == EVP_MD_type(p2))
+                    return 1;
+                RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_MGF1_DIGEST_NOT_ALLOWED);
+                return 0;
+            }
             rctx->mgf1md = p2;
+        }
         return 1;
 
     case EVP_PKEY_CTRL_RSA_OAEP_LABEL:
@@ -590,8 +542,7 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
             RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PADDING_MODE);
             return -2;
         }
-        if (rctx->oaep_label)
-            OPENSSL_free(rctx->oaep_label);
+        OPENSSL_free(rctx->oaep_label);
         if (p2 && p1 > 0) {
             rctx->oaep_label = p2;
             rctx->oaep_labellen = p1;
@@ -610,16 +561,21 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
         return rctx->oaep_labellen;
 
     case EVP_PKEY_CTRL_DIGESTINIT:
+    case EVP_PKEY_CTRL_PKCS7_SIGN:
+#ifndef OPENSSL_NO_CMS
+    case EVP_PKEY_CTRL_CMS_SIGN:
+#endif
+    return 1;
+
     case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
     case EVP_PKEY_CTRL_PKCS7_DECRYPT:
-    case EVP_PKEY_CTRL_PKCS7_SIGN:
-        return 1;
 #ifndef OPENSSL_NO_CMS
     case EVP_PKEY_CTRL_CMS_DECRYPT:
     case EVP_PKEY_CTRL_CMS_ENCRYPT:
-    case EVP_PKEY_CTRL_CMS_SIGN:
-        return 1;
 #endif
+    if (!pkey_ctx_is_pss(ctx))
+        return 1;
+    /* fall through */
     case EVP_PKEY_CTRL_PEER_KEY:
         RSAerr(RSA_F_PKEY_RSA_CTRL,
                RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
@@ -634,47 +590,57 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
 static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx,
                              const char *type, const char *value)
 {
-    if (!value) {
+    if (value == NULL) {
         RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_VALUE_MISSING);
         return 0;
     }
-    if (!strcmp(type, "rsa_padding_mode")) {
+    if (strcmp(type, "rsa_padding_mode") == 0) {
         int pm;
-        if (!strcmp(value, "pkcs1"))
+
+        if (strcmp(value, "pkcs1") == 0) {
             pm = RSA_PKCS1_PADDING;
-        else if (!strcmp(value, "sslv23"))
+        } else if (strcmp(value, "sslv23") == 0) {
             pm = RSA_SSLV23_PADDING;
-        else if (!strcmp(value, "none"))
+        } else if (strcmp(value, "none") == 0) {
             pm = RSA_NO_PADDING;
-        else if (!strcmp(value, "oeap"))
+        } else if (strcmp(value, "oeap") == 0) {
             pm = RSA_PKCS1_OAEP_PADDING;
-        else if (!strcmp(value, "oaep"))
+        } else if (strcmp(value, "oaep") == 0) {
             pm = RSA_PKCS1_OAEP_PADDING;
-        else if (!strcmp(value, "x931"))
+        } else if (strcmp(value, "x931") == 0) {
             pm = RSA_X931_PADDING;
-        else if (!strcmp(value, "pss"))
+        } else if (strcmp(value, "pss") == 0) {
             pm = RSA_PKCS1_PSS_PADDING;
-        else {
+        } else {
             RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_UNKNOWN_PADDING_TYPE);
             return -2;
         }
         return EVP_PKEY_CTX_set_rsa_padding(ctx, pm);
     }
 
-    if (!strcmp(type, "rsa_pss_saltlen")) {
+    if (strcmp(type, "rsa_pss_saltlen") == 0) {
         int saltlen;
-        saltlen = atoi(value);
+
+        if (!strcmp(value, "digest"))
+            saltlen = RSA_PSS_SALTLEN_DIGEST;
+        else if (!strcmp(value, "max"))
+            saltlen = RSA_PSS_SALTLEN_MAX;
+        else if (!strcmp(value, "auto"))
+            saltlen = RSA_PSS_SALTLEN_AUTO;
+        else
+            saltlen = atoi(value);
         return EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, saltlen);
     }
 
-    if (!strcmp(type, "rsa_keygen_bits")) {
-        int nbits;
-        nbits = atoi(value);
+    if (strcmp(type, "rsa_keygen_bits") == 0) {
+        int nbits = atoi(value);
+
         return EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, nbits);
     }
 
-    if (!strcmp(type, "rsa_keygen_pubexp")) {
+    if (strcmp(type, "rsa_keygen_pubexp") == 0) {
         int ret;
+
         BIGNUM *pubexp = NULL;
         if (!BN_asc2bn(&pubexp, value))
             return 0;
@@ -684,28 +650,44 @@ static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx,
         return ret;
     }
 
-    if (!strcmp(type, "rsa_mgf1_md")) {
-        const EVP_MD *md;
-        if (!(md = EVP_get_digestbyname(value))) {
-            RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_INVALID_DIGEST);
-            return 0;
-        }
-        return EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, md);
+    if (strcmp(type, "rsa_keygen_primes") == 0) {
+        int nprimes = atoi(value);
+
+        return EVP_PKEY_CTX_set_rsa_keygen_primes(ctx, nprimes);
     }
 
-    if (!strcmp(type, "rsa_oaep_md")) {
-        const EVP_MD *md;
-        if (!(md = EVP_get_digestbyname(value))) {
-            RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_INVALID_DIGEST);
-            return 0;
+    if (strcmp(type, "rsa_mgf1_md") == 0)
+        return EVP_PKEY_CTX_md(ctx,
+                               EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT,
+                               EVP_PKEY_CTRL_RSA_MGF1_MD, value);
+
+    if (pkey_ctx_is_pss(ctx)) {
+
+        if (strcmp(type, "rsa_pss_keygen_mgf1_md") == 0)
+            return EVP_PKEY_CTX_md(ctx, EVP_PKEY_OP_KEYGEN,
+                                   EVP_PKEY_CTRL_RSA_MGF1_MD, value);
+
+        if (strcmp(type, "rsa_pss_keygen_md") == 0)
+            return EVP_PKEY_CTX_md(ctx, EVP_PKEY_OP_KEYGEN,
+                                   EVP_PKEY_CTRL_MD, value);
+
+        if (strcmp(type, "rsa_pss_keygen_saltlen") == 0) {
+            int saltlen = atoi(value);
+
+            return EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(ctx, saltlen);
         }
-        return EVP_PKEY_CTX_set_rsa_oaep_md(ctx, md);
     }
-    if (!strcmp(type, "rsa_oaep_label")) {
+
+    if (strcmp(type, "rsa_oaep_md") == 0)
+        return EVP_PKEY_CTX_md(ctx, EVP_PKEY_OP_TYPE_CRYPT,
+                               EVP_PKEY_CTRL_RSA_OAEP_MD, value);
+
+    if (strcmp(type, "rsa_oaep_label") == 0) {
         unsigned char *lab;
         long lablen;
         int ret;
-        lab = string_to_hex(value, &lablen);
+
+        lab = OPENSSL_hexstr2buf(value, &lablen);
         if (!lab)
             return 0;
         ret = EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, lab, lablen);
@@ -717,28 +699,57 @@ static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx,
     return -2;
 }
 
+/* Set PSS parameters when generating a key, if necessary */
+static int rsa_set_pss_param(RSA *rsa, EVP_PKEY_CTX *ctx)
+{
+    RSA_PKEY_CTX *rctx = ctx->data;
+
+    if (!pkey_ctx_is_pss(ctx))
+        return 1;
+    /* If all parameters are default values don't set pss */
+    if (rctx->md == NULL && rctx->mgf1md == NULL && rctx->saltlen == -2)
+        return 1;
+    rsa->pss = rsa_pss_params_create(rctx->md, rctx->mgf1md,
+                                     rctx->saltlen == -2 ? 0 : rctx->saltlen);
+    if (rsa->pss == NULL)
+        return 0;
+    return 1;
+}
+
 static int pkey_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
 {
     RSA *rsa = NULL;
     RSA_PKEY_CTX *rctx = ctx->data;
-    BN_GENCB *pcb, cb;
+    BN_GENCB *pcb;
     int ret;
-    if (!rctx->pub_exp) {
+
+    if (rctx->pub_exp == NULL) {
         rctx->pub_exp = BN_new();
-        if (!rctx->pub_exp || !BN_set_word(rctx->pub_exp, RSA_F4))
+        if (rctx->pub_exp == NULL || !BN_set_word(rctx->pub_exp, RSA_F4))
             return 0;
     }
     rsa = RSA_new();
-    if (!rsa)
+    if (rsa == NULL)
         return 0;
     if (ctx->pkey_gencb) {
-        pcb = &cb;
+        pcb = BN_GENCB_new();
+        if (pcb == NULL) {
+            RSA_free(rsa);
+            return 0;
+        }
         evp_pkey_set_cb_translate(pcb, ctx);
-    } else
+    } else {
         pcb = NULL;
-    ret = RSA_generate_key_ex(rsa, rctx->nbits, rctx->pub_exp, pcb);
+    }
+    ret = RSA_generate_multi_prime_key(rsa, rctx->nbits, rctx->primes,
+                                       rctx->pub_exp, pcb);
+    BN_GENCB_free(pcb);
+    if (ret > 0 && !rsa_set_pss_param(rsa, ctx)) {
+        RSA_free(rsa);
+        return 0;
+    }
     if (ret > 0)
-        EVP_PKEY_assign_RSA(pkey, rsa);
+        EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, rsa);
     else
         RSA_free(rsa);
     return ret;
@@ -778,3 +789,74 @@ const EVP_PKEY_METHOD rsa_pkey_meth = {
     pkey_rsa_ctrl,
     pkey_rsa_ctrl_str
 };
+
+/*
+ * Called for PSS sign or verify initialisation: checks PSS parameter
+ * sanity and sets any restrictions on key usage.
+ */
+
+static int pkey_pss_init(EVP_PKEY_CTX *ctx)
+{
+    RSA *rsa;
+    RSA_PKEY_CTX *rctx = ctx->data;
+    const EVP_MD *md;
+    const EVP_MD *mgf1md;
+    int min_saltlen, max_saltlen;
+
+    /* Should never happen */
+    if (!pkey_ctx_is_pss(ctx))
+        return 0;
+    rsa = ctx->pkey->pkey.rsa;
+    /* If no restrictions just return */
+    if (rsa->pss == NULL)
+        return 1;
+    /* Get and check parameters */
+    if (!rsa_pss_get_param(rsa->pss, &md, &mgf1md, &min_saltlen))
+        return 0;
+
+    /* See if minimum salt length exceeds maximum possible */
+    max_saltlen = RSA_size(rsa) - EVP_MD_size(md);
+    if ((RSA_bits(rsa) & 0x7) == 1)
+        max_saltlen--;
+    if (min_saltlen > max_saltlen) {
+        RSAerr(RSA_F_PKEY_PSS_INIT, RSA_R_INVALID_SALT_LENGTH);
+        return 0;
+    }
+
+    rctx->min_saltlen = min_saltlen;
+
+    /*
+     * Set PSS restrictions as defaults: we can then block any attempt to
+     * use invalid values in pkey_rsa_ctrl
+     */
+
+    rctx->md = md;
+    rctx->mgf1md = mgf1md;
+    rctx->saltlen = min_saltlen;
+
+    return 1;
+}
+
+const EVP_PKEY_METHOD rsa_pss_pkey_meth = {
+    EVP_PKEY_RSA_PSS,
+    EVP_PKEY_FLAG_AUTOARGLEN,
+    pkey_rsa_init,
+    pkey_rsa_copy,
+    pkey_rsa_cleanup,
+
+    0, 0,
+
+    0,
+    pkey_rsa_keygen,
+
+    pkey_pss_init,
+    pkey_rsa_sign,
+
+    pkey_pss_init,
+    pkey_rsa_verify,
+
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+
+    pkey_rsa_ctrl,
+    pkey_rsa_ctrl_str
+};
diff --git a/freebsd/crypto/openssl/crypto/rsa/rsa_prn.c b/freebsd/crypto/openssl/crypto/rsa/rsa_prn.c
index 0d9a742f..d1a84671 100644
--- a/freebsd/crypto/openssl/crypto/rsa/rsa_prn.c
+++ b/freebsd/crypto/openssl/crypto/rsa/rsa_prn.c
@@ -1,70 +1,20 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/rsa/rsa_prn.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2006.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/rsa.h>
 #include <openssl/evp.h>
 
-#ifndef OPENSSL_NO_FP_API
+#ifndef OPENSSL_NO_STDIO
 int RSA_print_fp(FILE *fp, const RSA *x, int off)
 {
     BIO *b;
@@ -72,12 +22,12 @@ int RSA_print_fp(FILE *fp, const RSA *x, int off)
 
     if ((b = BIO_new(BIO_s_file())) == NULL) {
         RSAerr(RSA_F_RSA_PRINT_FP, ERR_R_BUF_LIB);
-        return (0);
+        return 0;
     }
     BIO_set_fp(b, fp, BIO_NOCLOSE);
     ret = RSA_print(b, x, off);
     BIO_free(b);
-    return (ret);
+    return ret;
 }
 #endif
 
@@ -86,7 +36,7 @@ int RSA_print(BIO *bp, const RSA *x, int off)
     EVP_PKEY *pk;
     int ret;
     pk = EVP_PKEY_new();
-    if (!pk || !EVP_PKEY_set1_RSA(pk, (RSA *)x))
+    if (pk == NULL || !EVP_PKEY_set1_RSA(pk, (RSA *)x))
         return 0;
     ret = EVP_PKEY_print_private(bp, pk, off, NULL);
     EVP_PKEY_free(pk);
diff --git a/freebsd/crypto/openssl/crypto/rsa/rsa_pss.c b/freebsd/crypto/openssl/crypto/rsa/rsa_pss.c
index 37070cf7..189ac027 100644
--- a/freebsd/crypto/openssl/crypto/rsa/rsa_pss.c
+++ b/freebsd/crypto/openssl/crypto/rsa/rsa_pss.c
@@ -1,71 +1,22 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* rsa_pss.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2005.
- */
-/* ====================================================================
- * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
 #include <openssl/evp.h>
 #include <openssl/rand.h>
 #include <openssl/sha.h>
+#include "rsa_locl.h"
 
 static const unsigned char zeroes[] = { 0, 0, 0, 0, 0, 0, 0, 0 };
 
@@ -89,9 +40,11 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
     int hLen, maskedDBLen, MSBits, emLen;
     const unsigned char *H;
     unsigned char *DB = NULL;
-    EVP_MD_CTX ctx;
+    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
     unsigned char H_[EVP_MAX_MD_SIZE];
-    EVP_MD_CTX_init(&ctx);
+
+    if (ctx == NULL)
+        goto err;
 
     if (mgf1Hash == NULL)
         mgf1Hash = Hash;
@@ -103,13 +56,12 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
      * Negative sLen has special meanings:
      *      -1      sLen == hLen
      *      -2      salt length is autorecovered from signature
+     *      -3      salt length is maximized
      *      -N      reserved
      */
-    if (sLen == -1)
+    if (sLen == RSA_PSS_SALTLEN_DIGEST) {
         sLen = hLen;
-    else if (sLen == -2)
-        sLen = -2;
-    else if (sLen < -2) {
+    } else if (sLen < RSA_PSS_SALTLEN_MAX) {
         RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_SLEN_CHECK_FAILED);
         goto err;
     }
@@ -128,7 +80,9 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
         RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_DATA_TOO_LARGE);
         goto err;
     }
-    if (sLen > emLen - hLen - 2) { /* sLen can be small negative */
+    if (sLen == RSA_PSS_SALTLEN_MAX) {
+        sLen = emLen - hLen - 2;
+    } else if (sLen > emLen - hLen - 2) { /* sLen can be small negative */
         RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_DATA_TOO_LARGE);
         goto err;
     }
@@ -139,7 +93,7 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
     maskedDBLen = emLen - hLen - 1;
     H = EM + maskedDBLen;
     DB = OPENSSL_malloc(maskedDBLen);
-    if (!DB) {
+    if (DB == NULL) {
         RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, ERR_R_MALLOC_FAILURE);
         goto err;
     }
@@ -154,30 +108,30 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
         RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_SLEN_RECOVERY_FAILED);
         goto err;
     }
-    if (sLen >= 0 && (maskedDBLen - i) != sLen) {
+    if (sLen != RSA_PSS_SALTLEN_AUTO && (maskedDBLen - i) != sLen) {
         RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_SLEN_CHECK_FAILED);
         goto err;
     }
-    if (!EVP_DigestInit_ex(&ctx, Hash, NULL)
-        || !EVP_DigestUpdate(&ctx, zeroes, sizeof(zeroes))
-        || !EVP_DigestUpdate(&ctx, mHash, hLen))
+    if (!EVP_DigestInit_ex(ctx, Hash, NULL)
+        || !EVP_DigestUpdate(ctx, zeroes, sizeof(zeroes))
+        || !EVP_DigestUpdate(ctx, mHash, hLen))
         goto err;
     if (maskedDBLen - i) {
-        if (!EVP_DigestUpdate(&ctx, DB + i, maskedDBLen - i))
+        if (!EVP_DigestUpdate(ctx, DB + i, maskedDBLen - i))
             goto err;
     }
-    if (!EVP_DigestFinal_ex(&ctx, H_, NULL))
+    if (!EVP_DigestFinal_ex(ctx, H_, NULL))
         goto err;
     if (memcmp(H_, H, hLen)) {
         RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_BAD_SIGNATURE);
         ret = 0;
-    } else
+    } else {
         ret = 1;
+    }
 
  err:
-    if (DB)
-        OPENSSL_free(DB);
-    EVP_MD_CTX_cleanup(&ctx);
+    OPENSSL_free(DB);
+    EVP_MD_CTX_free(ctx);
 
     return ret;
 
@@ -199,7 +153,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
     int ret = 0;
     int hLen, maskedDBLen, MSBits, emLen;
     unsigned char *H, *salt = NULL, *p;
-    EVP_MD_CTX ctx;
+    EVP_MD_CTX *ctx = NULL;
 
     if (mgf1Hash == NULL)
         mgf1Hash = Hash;
@@ -211,13 +165,14 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
      * Negative sLen has special meanings:
      *      -1      sLen == hLen
      *      -2      salt length is maximized
+     *      -3      same as above (on signing)
      *      -N      reserved
      */
-    if (sLen == -1)
+    if (sLen == RSA_PSS_SALTLEN_DIGEST) {
         sLen = hLen;
-    else if (sLen == -2)
-        sLen = -2;
-    else if (sLen < -2) {
+    } else if (sLen == RSA_PSS_SALTLEN_MAX_SIGN) {
+        sLen = RSA_PSS_SALTLEN_MAX;
+    } else if (sLen < RSA_PSS_SALTLEN_MAX) {
         RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1, RSA_R_SLEN_CHECK_FAILED);
         goto err;
     }
@@ -233,7 +188,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
                RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
         goto err;
     }
-    if (sLen == -2) {
+    if (sLen == RSA_PSS_SALTLEN_MAX) {
         sLen = emLen - hLen - 2;
     } else if (sLen > emLen - hLen - 2) {
         RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1,
@@ -242,7 +197,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
     }
     if (sLen > 0) {
         salt = OPENSSL_malloc(sLen);
-        if (!salt) {
+        if (salt == NULL) {
             RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1,
                    ERR_R_MALLOC_FAILURE);
             goto err;
@@ -252,16 +207,17 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
     }
     maskedDBLen = emLen - hLen - 1;
     H = EM + maskedDBLen;
-    EVP_MD_CTX_init(&ctx);
-    if (!EVP_DigestInit_ex(&ctx, Hash, NULL)
-        || !EVP_DigestUpdate(&ctx, zeroes, sizeof(zeroes))
-        || !EVP_DigestUpdate(&ctx, mHash, hLen))
+    ctx = EVP_MD_CTX_new();
+    if (ctx == NULL)
+        goto err;
+    if (!EVP_DigestInit_ex(ctx, Hash, NULL)
+        || !EVP_DigestUpdate(ctx, zeroes, sizeof(zeroes))
+        || !EVP_DigestUpdate(ctx, mHash, hLen))
         goto err;
-    if (sLen && !EVP_DigestUpdate(&ctx, salt, sLen))
+    if (sLen && !EVP_DigestUpdate(ctx, salt, sLen))
         goto err;
-    if (!EVP_DigestFinal_ex(&ctx, H, NULL))
+    if (!EVP_DigestFinal_ex(ctx, H, NULL))
         goto err;
-    EVP_MD_CTX_cleanup(&ctx);
 
     /* Generate dbMask in place then perform XOR on it */
     if (PKCS1_MGF1(EM, maskedDBLen, H, hLen, mgf1Hash))
@@ -289,8 +245,8 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
     ret = 1;
 
  err:
-    if (salt)
-        OPENSSL_free(salt);
+    EVP_MD_CTX_free(ctx);
+    OPENSSL_clear_free(salt, (size_t)sLen); /* salt != NULL implies sLen > 0 */
 
     return ret;
 
diff --git a/freebsd/crypto/openssl/crypto/rsa/rsa_saos.c b/freebsd/crypto/openssl/crypto/rsa/rsa_saos.c
index 49686fd1..2fadf033 100644
--- a/freebsd/crypto/openssl/crypto/rsa/rsa_saos.c
+++ b/freebsd/crypto/openssl/crypto/rsa/rsa_saos.c
@@ -1,65 +1,16 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/rsa/rsa_saos.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
 #include <openssl/objects.h>
@@ -83,12 +34,12 @@ int RSA_sign_ASN1_OCTET_STRING(int type,
     if (i > (j - RSA_PKCS1_PADDING_SIZE)) {
         RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,
                RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
-        return (0);
+        return 0;
     }
-    s = (unsigned char *)OPENSSL_malloc((unsigned int)j + 1);
+    s = OPENSSL_malloc((unsigned int)j + 1);
     if (s == NULL) {
         RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING, ERR_R_MALLOC_FAILURE);
-        return (0);
+        return 0;
     }
     p = s;
     i2d_ASN1_OCTET_STRING(&sig, &p);
@@ -98,9 +49,8 @@ int RSA_sign_ASN1_OCTET_STRING(int type,
     else
         *siglen = i;
 
-    OPENSSL_cleanse(s, (unsigned int)j + 1);
-    OPENSSL_free(s);
-    return (ret);
+    OPENSSL_clear_free(s, (unsigned int)j + 1);
+    return ret;
 }
 
 int RSA_verify_ASN1_OCTET_STRING(int dtype,
@@ -116,10 +66,10 @@ int RSA_verify_ASN1_OCTET_STRING(int dtype,
     if (siglen != (unsigned int)RSA_size(rsa)) {
         RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,
                RSA_R_WRONG_SIGNATURE_LENGTH);
-        return (0);
+        return 0;
     }
 
-    s = (unsigned char *)OPENSSL_malloc((unsigned int)siglen);
+    s = OPENSSL_malloc((unsigned int)siglen);
     if (s == NULL) {
         RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING, ERR_R_MALLOC_FAILURE);
         goto err;
@@ -137,14 +87,11 @@ int RSA_verify_ASN1_OCTET_STRING(int dtype,
     if (((unsigned int)sig->length != m_len) ||
         (memcmp(m, sig->data, m_len) != 0)) {
         RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING, RSA_R_BAD_SIGNATURE);
-    } else
+    } else {
         ret = 1;
- err:
-    if (sig != NULL)
-        M_ASN1_OCTET_STRING_free(sig);
-    if (s != NULL) {
-        OPENSSL_cleanse(s, (unsigned int)siglen);
-        OPENSSL_free(s);
     }
-    return (ret);
+ err:
+    ASN1_OCTET_STRING_free(sig);
+    OPENSSL_clear_free(s, (unsigned int)siglen);
+    return ret;
 }
diff --git a/freebsd/crypto/openssl/crypto/rsa/rsa_sign.c b/freebsd/crypto/openssl/crypto/rsa/rsa_sign.c
index 4d03b3c5..eb40a0e1 100644
--- a/freebsd/crypto/openssl/crypto/rsa/rsa_sign.c
+++ b/freebsd/crypto/openssl/crypto/rsa/rsa_sign.c
@@ -1,303 +1,250 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/rsa/rsa_sign.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
+#include "internal/x509_int.h"
 #include "rsa_locl.h"
 
 /* Size of an SSL signature: MD5+SHA1 */
 #define SSL_SIG_LENGTH  36
 
-int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
-             unsigned char *sigret, unsigned int *siglen, RSA *rsa)
+/*
+ * encode_pkcs1 encodes a DigestInfo prefix of hash |type| and digest |m|, as
+ * described in EMSA-PKCS1-v1_5-ENCODE, RFC 3447 section 9.2 step 2. This
+ * encodes the DigestInfo (T and tLen) but does not add the padding.
+ *
+ * On success, it returns one and sets |*out| to a newly allocated buffer
+ * containing the result and |*out_len| to its length. The caller must free
+ * |*out| with |OPENSSL_free|. Otherwise, it returns zero.
+ */
+static int encode_pkcs1(unsigned char **out, int *out_len, int type,
+                        const unsigned char *m, unsigned int m_len)
 {
     X509_SIG sig;
-    ASN1_TYPE parameter;
-    int i, j, ret = 1;
-    unsigned char *p, *tmps = NULL;
-    const unsigned char *s = NULL;
     X509_ALGOR algor;
+    ASN1_TYPE parameter;
     ASN1_OCTET_STRING digest;
-#ifdef OPENSSL_FIPS
-    if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-        && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) {
-        RSAerr(RSA_F_RSA_SIGN, RSA_R_NON_FIPS_RSA_METHOD);
+    uint8_t *der = NULL;
+    int len;
+
+    sig.algor = &algor;
+    sig.algor->algorithm = OBJ_nid2obj(type);
+    if (sig.algor->algorithm == NULL) {
+        RSAerr(RSA_F_ENCODE_PKCS1, RSA_R_UNKNOWN_ALGORITHM_TYPE);
+        return 0;
+    }
+    if (OBJ_length(sig.algor->algorithm) == 0) {
+        RSAerr(RSA_F_ENCODE_PKCS1,
+               RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
         return 0;
     }
-#endif
-    if ((rsa->meth->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign) {
+    parameter.type = V_ASN1_NULL;
+    parameter.value.ptr = NULL;
+    sig.algor->parameter = &parameter;
+
+    sig.digest = &digest;
+    sig.digest->data = (unsigned char *)m;
+    sig.digest->length = m_len;
+
+    len = i2d_X509_SIG(&sig, &der);
+    if (len < 0)
+        return 0;
+
+    *out = der;
+    *out_len = len;
+    return 1;
+}
+
+int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
+             unsigned char *sigret, unsigned int *siglen, RSA *rsa)
+{
+    int encrypt_len, encoded_len = 0, ret = 0;
+    unsigned char *tmps = NULL;
+    const unsigned char *encoded = NULL;
+
+    if (rsa->meth->rsa_sign) {
         return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa);
     }
-    /* Special case: SSL signature, just check the length */
+
+    /* Compute the encoded digest. */
     if (type == NID_md5_sha1) {
+        /*
+         * NID_md5_sha1 corresponds to the MD5/SHA1 combination in TLS 1.1 and
+         * earlier. It has no DigestInfo wrapper but otherwise is
+         * RSASSA-PKCS1-v1_5.
+         */
         if (m_len != SSL_SIG_LENGTH) {
             RSAerr(RSA_F_RSA_SIGN, RSA_R_INVALID_MESSAGE_LENGTH);
-            return (0);
+            return 0;
         }
-        i = SSL_SIG_LENGTH;
-        s = m;
+        encoded_len = SSL_SIG_LENGTH;
+        encoded = m;
     } else {
-        sig.algor = &algor;
-        sig.algor->algorithm = OBJ_nid2obj(type);
-        if (sig.algor->algorithm == NULL) {
-            RSAerr(RSA_F_RSA_SIGN, RSA_R_UNKNOWN_ALGORITHM_TYPE);
-            return (0);
-        }
-        if (sig.algor->algorithm->length == 0) {
-            RSAerr(RSA_F_RSA_SIGN,
-                   RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
-            return (0);
-        }
-        parameter.type = V_ASN1_NULL;
-        parameter.value.ptr = NULL;
-        sig.algor->parameter = &parameter;
-
-        sig.digest = &digest;
-        sig.digest->data = (unsigned char *)m; /* TMP UGLY CAST */
-        sig.digest->length = m_len;
-
-        i = i2d_X509_SIG(&sig, NULL);
+        if (!encode_pkcs1(&tmps, &encoded_len, type, m, m_len))
+            goto err;
+        encoded = tmps;
     }
-    j = RSA_size(rsa);
-    if (i > (j - RSA_PKCS1_PADDING_SIZE)) {
+
+    if (encoded_len > RSA_size(rsa) - RSA_PKCS1_PADDING_SIZE) {
         RSAerr(RSA_F_RSA_SIGN, RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
-        return (0);
-    }
-    if (type != NID_md5_sha1) {
-        tmps = (unsigned char *)OPENSSL_malloc((unsigned int)j + 1);
-        if (tmps == NULL) {
-            RSAerr(RSA_F_RSA_SIGN, ERR_R_MALLOC_FAILURE);
-            return (0);
-        }
-        p = tmps;
-        i2d_X509_SIG(&sig, &p);
-        s = tmps;
+        goto err;
     }
-    i = RSA_private_encrypt(i, s, sigret, rsa, RSA_PKCS1_PADDING);
-    if (i <= 0)
-        ret = 0;
-    else
-        *siglen = i;
+    encrypt_len = RSA_private_encrypt(encoded_len, encoded, sigret, rsa,
+                                      RSA_PKCS1_PADDING);
+    if (encrypt_len <= 0)
+        goto err;
 
-    if (type != NID_md5_sha1) {
-        OPENSSL_cleanse(tmps, (unsigned int)j + 1);
-        OPENSSL_free(tmps);
-    }
-    return (ret);
-}
+    *siglen = encrypt_len;
+    ret = 1;
 
-/*
- * Check DigestInfo structure does not contain extraneous data by reencoding
- * using DER and checking encoding against original.
- */
-static int rsa_check_digestinfo(X509_SIG *sig, const unsigned char *dinfo,
-                                int dinfolen)
-{
-    unsigned char *der = NULL;
-    int derlen;
-    int ret = 0;
-    derlen = i2d_X509_SIG(sig, &der);
-    if (derlen <= 0)
-        return 0;
-    if (derlen == dinfolen && !memcmp(dinfo, der, derlen))
-        ret = 1;
-    OPENSSL_cleanse(der, derlen);
-    OPENSSL_free(der);
+err:
+    OPENSSL_clear_free(tmps, (size_t)encoded_len);
     return ret;
 }
 
-int int_rsa_verify(int dtype, const unsigned char *m,
-                   unsigned int m_len,
+/*
+ * int_rsa_verify verifies an RSA signature in |sigbuf| using |rsa|. It may be
+ * called in two modes. If |rm| is NULL, it verifies the signature for digest
+ * |m|. Otherwise, it recovers the digest from the signature, writing the digest
+ * to |rm| and the length to |*prm_len|. |type| is the NID of the digest
+ * algorithm to use. It returns one on successful verification and zero
+ * otherwise.
+ */
+int int_rsa_verify(int type, const unsigned char *m, unsigned int m_len,
                    unsigned char *rm, size_t *prm_len,
                    const unsigned char *sigbuf, size_t siglen, RSA *rsa)
 {
-    int i, ret = 0, sigtype;
-    unsigned char *s;
-    X509_SIG *sig = NULL;
+    int decrypt_len, ret = 0, encoded_len = 0;
+    unsigned char *decrypt_buf = NULL, *encoded = NULL;
 
-#ifdef OPENSSL_FIPS
-    if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-        && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) {
-        RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_NON_FIPS_RSA_METHOD);
-        return 0;
-    }
-#endif
-
-    if (siglen != (unsigned int)RSA_size(rsa)) {
+    if (siglen != (size_t)RSA_size(rsa)) {
         RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_WRONG_SIGNATURE_LENGTH);
-        return (0);
-    }
-
-    if ((dtype == NID_md5_sha1) && rm) {
-        i = RSA_public_decrypt((int)siglen,
-                               sigbuf, rm, rsa, RSA_PKCS1_PADDING);
-        if (i <= 0)
-            return 0;
-        *prm_len = i;
-        return 1;
+        return 0;
     }
 
-    s = (unsigned char *)OPENSSL_malloc((unsigned int)siglen);
-    if (s == NULL) {
+    /* Recover the encoded digest. */
+    decrypt_buf = OPENSSL_malloc(siglen);
+    if (decrypt_buf == NULL) {
         RSAerr(RSA_F_INT_RSA_VERIFY, ERR_R_MALLOC_FAILURE);
         goto err;
     }
-    if ((dtype == NID_md5_sha1) && (m_len != SSL_SIG_LENGTH)) {
-        RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_INVALID_MESSAGE_LENGTH);
-        goto err;
-    }
-    i = RSA_public_decrypt((int)siglen, sigbuf, s, rsa, RSA_PKCS1_PADDING);
 
-    if (i <= 0)
+    decrypt_len = RSA_public_decrypt((int)siglen, sigbuf, decrypt_buf, rsa,
+                                     RSA_PKCS1_PADDING);
+    if (decrypt_len <= 0)
         goto err;
-    /*
-     * Oddball MDC2 case: signature can be OCTET STRING. check for correct
-     * tag and length octets.
-     */
-    if (dtype == NID_mdc2 && i == 18 && s[0] == 0x04 && s[1] == 0x10) {
-        if (rm) {
-            memcpy(rm, s + 2, 16);
-            *prm_len = 16;
-            ret = 1;
-        } else if (memcmp(m, s + 2, 16)) {
+
+    if (type == NID_md5_sha1) {
+        /*
+         * NID_md5_sha1 corresponds to the MD5/SHA1 combination in TLS 1.1 and
+         * earlier. It has no DigestInfo wrapper but otherwise is
+         * RSASSA-PKCS1-v1_5.
+         */
+        if (decrypt_len != SSL_SIG_LENGTH) {
             RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
-        } else {
-            ret = 1;
+            goto err;
         }
-    } else if (dtype == NID_md5_sha1) {
-        /* Special case: SSL signature */
-        if ((i != SSL_SIG_LENGTH) || memcmp(s, m, SSL_SIG_LENGTH))
-            RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
-        else
-            ret = 1;
-    } else {
-        const unsigned char *p = s;
-        sig = d2i_X509_SIG(NULL, &p, (long)i);
 
-        if (sig == NULL)
-            goto err;
+        if (rm != NULL) {
+            memcpy(rm, decrypt_buf, SSL_SIG_LENGTH);
+            *prm_len = SSL_SIG_LENGTH;
+        } else {
+            if (m_len != SSL_SIG_LENGTH) {
+                RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_INVALID_MESSAGE_LENGTH);
+                goto err;
+            }
 
-        /* Excess data can be used to create forgeries */
-        if (p != s + i || !rsa_check_digestinfo(sig, s, i)) {
-            RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
-            goto err;
+            if (memcmp(decrypt_buf, m, SSL_SIG_LENGTH) != 0) {
+                RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
+                goto err;
+            }
         }
+    } else if (type == NID_mdc2 && decrypt_len == 2 + 16
+               && decrypt_buf[0] == 0x04 && decrypt_buf[1] == 0x10) {
+        /*
+         * Oddball MDC2 case: signature can be OCTET STRING. check for correct
+         * tag and length octets.
+         */
+        if (rm != NULL) {
+            memcpy(rm, decrypt_buf + 2, 16);
+            *prm_len = 16;
+        } else {
+            if (m_len != 16) {
+                RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_INVALID_MESSAGE_LENGTH);
+                goto err;
+            }
 
+            if (memcmp(m, decrypt_buf + 2, 16) != 0) {
+                RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
+                goto err;
+            }
+        }
+    } else {
         /*
-         * Parameters to the signature algorithm can also be used to create
-         * forgeries
+         * If recovering the digest, extract a digest-sized output from the end
+         * of |decrypt_buf| for |encode_pkcs1|, then compare the decryption
+         * output as in a standard verification.
          */
-        if (sig->algor->parameter
-            && ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL) {
-            RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
-            goto err;
+        if (rm != NULL) {
+            const EVP_MD *md = EVP_get_digestbynid(type);
+            if (md == NULL) {
+                RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_UNKNOWN_ALGORITHM_TYPE);
+                goto err;
+            }
+
+            m_len = EVP_MD_size(md);
+            if (m_len > (size_t)decrypt_len) {
+                RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_INVALID_DIGEST_LENGTH);
+                goto err;
+            }
+            m = decrypt_buf + decrypt_len - m_len;
         }
 
-        sigtype = OBJ_obj2nid(sig->algor->algorithm);
+        /* Construct the encoded digest and ensure it matches. */
+        if (!encode_pkcs1(&encoded, &encoded_len, type, m, m_len))
+            goto err;
 
-#ifdef RSA_DEBUG
-        /* put a backward compatibility flag in EAY */
-        fprintf(stderr, "in(%s) expect(%s)\n", OBJ_nid2ln(sigtype),
-                OBJ_nid2ln(dtype));
-#endif
-        if (sigtype != dtype) {
-            RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_ALGORITHM_MISMATCH);
+        if (encoded_len != decrypt_len
+            || memcmp(encoded, decrypt_buf, encoded_len) != 0) {
+            RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
             goto err;
         }
-        if (rm) {
-            const EVP_MD *md;
-            md = EVP_get_digestbynid(dtype);
-            if (md && (EVP_MD_size(md) != sig->digest->length))
-                RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_INVALID_DIGEST_LENGTH);
-            else {
-                memcpy(rm, sig->digest->data, sig->digest->length);
-                *prm_len = sig->digest->length;
-                ret = 1;
-            }
-        } else if (((unsigned int)sig->digest->length != m_len) ||
-                   (memcmp(m, sig->digest->data, m_len) != 0)) {
-            RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
-        } else
-            ret = 1;
-    }
- err:
-    if (sig != NULL)
-        X509_SIG_free(sig);
-    if (s != NULL) {
-        OPENSSL_cleanse(s, (unsigned int)siglen);
-        OPENSSL_free(s);
+
+        /* Output the recovered digest. */
+        if (rm != NULL) {
+            memcpy(rm, m, m_len);
+            *prm_len = m_len;
+        }
     }
-    return (ret);
+
+    ret = 1;
+
+err:
+    OPENSSL_clear_free(encoded, (size_t)encoded_len);
+    OPENSSL_clear_free(decrypt_buf, siglen);
+    return ret;
 }
 
-int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
+int RSA_verify(int type, const unsigned char *m, unsigned int m_len,
                const unsigned char *sigbuf, unsigned int siglen, RSA *rsa)
 {
 
-    if ((rsa->meth->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify) {
-        return rsa->meth->rsa_verify(dtype, m, m_len, sigbuf, siglen, rsa);
+    if (rsa->meth->rsa_verify) {
+        return rsa->meth->rsa_verify(type, m, m_len, sigbuf, siglen, rsa);
     }
 
-    return int_rsa_verify(dtype, m, m_len, NULL, NULL, sigbuf, siglen, rsa);
+    return int_rsa_verify(type, m, m_len, NULL, NULL, sigbuf, siglen, rsa);
 }
diff --git a/freebsd/crypto/openssl/crypto/rsa/rsa_ssl.c b/freebsd/crypto/openssl/crypto/rsa/rsa_ssl.c
index b49d9c69..d57a43ed 100644
--- a/freebsd/crypto/openssl/crypto/rsa/rsa_ssl.c
+++ b/freebsd/crypto/openssl/crypto/rsa/rsa_ssl.c
@@ -1,65 +1,16 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/rsa/rsa_ssl.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
 #include <openssl/rand.h>
@@ -73,7 +24,7 @@ int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
     if (flen > (tlen - 11)) {
         RSAerr(RSA_F_RSA_PADDING_ADD_SSLV23,
                RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-        return (0);
+        return 0;
     }
 
     p = (unsigned char *)to;
@@ -85,12 +36,12 @@ int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
     j = tlen - 3 - 8 - flen;
 
     if (RAND_bytes(p, j) <= 0)
-        return (0);
+        return 0;
     for (i = 0; i < j; i++) {
         if (*p == '\0')
             do {
                 if (RAND_bytes(p, 1) <= 0)
-                    return (0);
+                    return 0;
             } while (*p == '\0');
         p++;
     }
@@ -100,7 +51,7 @@ int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
     *(p++) = '\0';
 
     memcpy(p, from, (unsigned int)flen);
-    return (1);
+    return 1;
 }
 
 int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
@@ -112,7 +63,7 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
     p = from;
     if (flen < 10) {
         RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_DATA_TOO_SMALL);
-        return (-1);
+        return -1;
     }
     /* Accept even zero-padded input */
     if (flen == num) {
@@ -124,7 +75,7 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
     }
     if ((num != (flen + 1)) || (*(p++) != 02)) {
         RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_BLOCK_TYPE_IS_NOT_02);
-        return (-1);
+        return -1;
     }
 
     /* scan over padding data */
@@ -136,7 +87,7 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
     if ((i == j) || (i < 8)) {
         RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,
                RSA_R_NULL_BEFORE_BLOCK_MISSING);
-        return (-1);
+        return -1;
     }
     for (k = -9; k < -1; k++) {
         if (p[k] != 0x03)
@@ -144,16 +95,16 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
     }
     if (k == -1) {
         RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_SSLV3_ROLLBACK_ATTACK);
-        return (-1);
+        return -1;
     }
 
     i++;                        /* Skip over the '\0' */
     j -= i;
     if (j > tlen) {
         RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_DATA_TOO_LARGE);
-        return (-1);
+        return -1;
     }
     memcpy(to, p, (unsigned int)j);
 
-    return (j);
+    return j;
 }
diff --git a/freebsd/crypto/openssl/crypto/rsa/rsa_test.c b/freebsd/crypto/openssl/crypto/rsa/rsa_test.c
deleted file mode 100644
index 69aa10db..00000000
--- a/freebsd/crypto/openssl/crypto/rsa/rsa_test.c
+++ /dev/null
@@ -1,341 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* test vectors from p1ovect1.txt */
-
-#include <stdio.h>
-#include <string.h>
-
-#include "e_os.h"
-
-#include <openssl/crypto.h>
-#include <openssl/err.h>
-#include <openssl/rand.h>
-#include <openssl/bn.h>
-#ifdef OPENSSL_NO_RSA
-int main(int argc, char *argv[])
-{
-    printf("No RSA support\n");
-    return (0);
-}
-#else
-# include <openssl/rsa.h>
-
-# define SetKey \
-  key->n = BN_bin2bn(n, sizeof(n)-1, key->n); \
-  key->e = BN_bin2bn(e, sizeof(e)-1, key->e); \
-  key->d = BN_bin2bn(d, sizeof(d)-1, key->d); \
-  key->p = BN_bin2bn(p, sizeof(p)-1, key->p); \
-  key->q = BN_bin2bn(q, sizeof(q)-1, key->q); \
-  key->dmp1 = BN_bin2bn(dmp1, sizeof(dmp1)-1, key->dmp1); \
-  key->dmq1 = BN_bin2bn(dmq1, sizeof(dmq1)-1, key->dmq1); \
-  key->iqmp = BN_bin2bn(iqmp, sizeof(iqmp)-1, key->iqmp); \
-  memcpy(c, ctext_ex, sizeof(ctext_ex) - 1); \
-  return (sizeof(ctext_ex) - 1);
-
-static int key1(RSA *key, unsigned char *c)
-{
-    static unsigned char n[] =
-        "\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F"
-        "\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5"
-        "\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93"
-        "\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1"
-        "\xF5";
-
-    static unsigned char e[] = "\x11";
-
-    static unsigned char d[] =
-        "\x0A\x03\x37\x48\x62\x64\x87\x69\x5F\x5F\x30\xBC\x38\xB9\x8B\x44"
-        "\xC2\xCD\x2D\xFF\x43\x40\x98\xCD\x20\xD8\xA1\x38\xD0\x90\xBF\x64"
-        "\x79\x7C\x3F\xA7\xA2\xCD\xCB\x3C\xD1\xE0\xBD\xBA\x26\x54\xB4\xF9"
-        "\xDF\x8E\x8A\xE5\x9D\x73\x3D\x9F\x33\xB3\x01\x62\x4A\xFD\x1D\x51";
-
-    static unsigned char p[] =
-        "\x00\xD8\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
-        "\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x12"
-        "\x0D";
-
-    static unsigned char q[] =
-        "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
-        "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
-        "\x89";
-
-    static unsigned char dmp1[] =
-        "\x59\x0B\x95\x72\xA2\xC2\xA9\xC4\x06\x05\x9D\xC2\xAB\x2F\x1D\xAF"
-        "\xEB\x7E\x8B\x4F\x10\xA7\x54\x9E\x8E\xED\xF5\xB4\xFC\xE0\x9E\x05";
-
-    static unsigned char dmq1[] =
-        "\x00\x8E\x3C\x05\x21\xFE\x15\xE0\xEA\x06\xA3\x6F\xF0\xF1\x0C\x99"
-        "\x52\xC3\x5B\x7A\x75\x14\xFD\x32\x38\xB8\x0A\xAD\x52\x98\x62\x8D"
-        "\x51";
-
-    static unsigned char iqmp[] =
-        "\x36\x3F\xF7\x18\x9D\xA8\xE9\x0B\x1D\x34\x1F\x71\xD0\x9B\x76\xA8"
-        "\xA9\x43\xE1\x1D\x10\xB2\x4D\x24\x9F\x2D\xEA\xFE\xF8\x0C\x18\x26";
-
-    static unsigned char ctext_ex[] =
-        "\x1b\x8f\x05\xf9\xca\x1a\x79\x52\x6e\x53\xf3\xcc\x51\x4f\xdb\x89"
-        "\x2b\xfb\x91\x93\x23\x1e\x78\xb9\x92\xe6\x8d\x50\xa4\x80\xcb\x52"
-        "\x33\x89\x5c\x74\x95\x8d\x5d\x02\xab\x8c\x0f\xd0\x40\xeb\x58\x44"
-        "\xb0\x05\xc3\x9e\xd8\x27\x4a\x9d\xbf\xa8\x06\x71\x40\x94\x39\xd2";
-
-    SetKey;
-}
-
-static int key2(RSA *key, unsigned char *c)
-{
-    static unsigned char n[] =
-        "\x00\xA3\x07\x9A\x90\xDF\x0D\xFD\x72\xAC\x09\x0C\xCC\x2A\x78\xB8"
-        "\x74\x13\x13\x3E\x40\x75\x9C\x98\xFA\xF8\x20\x4F\x35\x8A\x0B\x26"
-        "\x3C\x67\x70\xE7\x83\xA9\x3B\x69\x71\xB7\x37\x79\xD2\x71\x7B\xE8"
-        "\x34\x77\xCF";
-
-    static unsigned char e[] = "\x3";
-
-    static unsigned char d[] =
-        "\x6C\xAF\xBC\x60\x94\xB3\xFE\x4C\x72\xB0\xB3\x32\xC6\xFB\x25\xA2"
-        "\xB7\x62\x29\x80\x4E\x68\x65\xFC\xA4\x5A\x74\xDF\x0F\x8F\xB8\x41"
-        "\x3B\x52\xC0\xD0\xE5\x3D\x9B\x59\x0F\xF1\x9B\xE7\x9F\x49\xDD\x21"
-        "\xE5\xEB";
-
-    static unsigned char p[] =
-        "\x00\xCF\x20\x35\x02\x8B\x9D\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92"
-        "\xEA\x0D\xA3\xB4\x32\x04\xB5\xCF\xCE\x91";
-
-    static unsigned char q[] =
-        "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
-        "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5F";
-
-    static unsigned char dmp1[] =
-        "\x00\x8A\x15\x78\xAC\x5D\x13\xAF\x10\x2B\x22\xB9\x99\xCD\x74\x61"
-        "\xF1\x5E\x6D\x22\xCC\x03\x23\xDF\xDF\x0B";
-
-    static unsigned char dmq1[] =
-        "\x00\x86\x55\x21\x4A\xC5\x4D\x8D\x4E\xCD\x61\x77\xF1\xC7\x36\x90"
-        "\xCE\x2A\x48\x2C\x8B\x05\x99\xCB\xE0\x3F";
-
-    static unsigned char iqmp[] =
-        "\x00\x83\xEF\xEF\xB8\xA9\xA4\x0D\x1D\xB6\xED\x98\xAD\x84\xED\x13"
-        "\x35\xDC\xC1\x08\xF3\x22\xD0\x57\xCF\x8D";
-
-    static unsigned char ctext_ex[] =
-        "\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a"
-        "\x8b\x40\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4"
-        "\x17\x53\x03\x29\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52"
-        "\x62\x51";
-
-    SetKey;
-}
-
-static int key3(RSA *key, unsigned char *c)
-{
-    static unsigned char n[] =
-        "\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71"
-        "\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5"
-        "\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD"
-        "\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80"
-        "\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25"
-        "\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39"
-        "\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68"
-        "\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD"
-        "\xCB";
-
-    static unsigned char e[] = "\x11";
-
-    static unsigned char d[] =
-        "\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD"
-        "\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41"
-        "\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69"
-        "\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA"
-        "\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94"
-        "\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A"
-        "\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94"
-        "\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3"
-        "\xC1";
-
-    static unsigned char p[] =
-        "\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60"
-        "\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6"
-        "\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A"
-        "\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65"
-        "\x99";
-
-    static unsigned char q[] =
-        "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
-        "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
-        "\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
-        "\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15"
-        "\x03";
-
-    static unsigned char dmp1[] =
-        "\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A"
-        "\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E"
-        "\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E"
-        "\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81";
-
-    static unsigned char dmq1[] =
-        "\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9"
-        "\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7"
-        "\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D"
-        "\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D";
-
-    static unsigned char iqmp[] =
-        "\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23"
-        "\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11"
-        "\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E"
-        "\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39"
-        "\xF7";
-
-    static unsigned char ctext_ex[] =
-        "\xb8\x24\x6b\x56\xa6\xed\x58\x81\xae\xb5\x85\xd9\xa2\x5b\x2a\xd7"
-        "\x90\xc4\x17\xe0\x80\x68\x1b\xf1\xac\x2b\xc3\xde\xb6\x9d\x8b\xce"
-        "\xf0\xc4\x36\x6f\xec\x40\x0a\xf0\x52\xa7\x2e\x9b\x0e\xff\xb5\xb3"
-        "\xf2\xf1\x92\xdb\xea\xca\x03\xc1\x27\x40\x05\x71\x13\xbf\x1f\x06"
-        "\x69\xac\x22\xe9\xf3\xa7\x85\x2e\x3c\x15\xd9\x13\xca\xb0\xb8\x86"
-        "\x3a\x95\xc9\x92\x94\xce\x86\x74\x21\x49\x54\x61\x03\x46\xf4\xd4"
-        "\x74\xb2\x6f\x7c\x48\xb4\x2e\xe6\x8e\x1f\x57\x2a\x1f\xc4\x02\x6a"
-        "\xc4\x56\xb4\xf5\x9f\x7b\x62\x1e\xa1\xb9\xd8\x8f\x64\x20\x2f\xb1";
-
-    SetKey;
-}
-
-static int pad_unknown(void)
-{
-    unsigned long l;
-    while ((l = ERR_get_error()) != 0)
-        if (ERR_GET_REASON(l) == RSA_R_UNKNOWN_PADDING_TYPE)
-            return (1);
-    return (0);
-}
-
-static const char rnd_seed[] =
-    "string to make the random number generator think it has entropy";
-
-int main(int argc, char *argv[])
-{
-    int err = 0;
-    int v;
-    RSA *key;
-    unsigned char ptext[256];
-    unsigned char ctext[256];
-    static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a";
-    unsigned char ctext_ex[256];
-    int plen;
-    int clen = 0;
-    int num;
-    int n;
-
-    CRYPTO_malloc_debug_init();
-    CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
-    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
-    RAND_seed(rnd_seed, sizeof(rnd_seed)); /* or OAEP may fail */
-
-    plen = sizeof(ptext_ex) - 1;
-
-    for (v = 0; v < 6; v++) {
-        key = RSA_new();
-        switch (v % 3) {
-        case 0:
-            clen = key1(key, ctext_ex);
-            break;
-        case 1:
-            clen = key2(key, ctext_ex);
-            break;
-        case 2:
-            clen = key3(key, ctext_ex);
-            break;
-        }
-        if (v / 3 >= 1)
-            key->flags |= RSA_FLAG_NO_CONSTTIME;
-
-        num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
-                                 RSA_PKCS1_PADDING);
-        if (num != clen) {
-            printf("PKCS#1 v1.5 encryption failed!\n");
-            err = 1;
-            goto oaep;
-        }
-
-        num = RSA_private_decrypt(num, ctext, ptext, key, RSA_PKCS1_PADDING);
-        if (num != plen || memcmp(ptext, ptext_ex, num) != 0) {
-            printf("PKCS#1 v1.5 decryption failed!\n");
-            err = 1;
-        } else
-            printf("PKCS #1 v1.5 encryption/decryption ok\n");
-
- oaep:
-        ERR_clear_error();
-        num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
-                                 RSA_PKCS1_OAEP_PADDING);
-        if (num == -1 && pad_unknown()) {
-            printf("No OAEP support\n");
-            goto next;
-        }
-        if (num != clen) {
-            printf("OAEP encryption failed!\n");
-            err = 1;
-            goto next;
-        }
-
-        num = RSA_private_decrypt(num, ctext, ptext, key,
-                                  RSA_PKCS1_OAEP_PADDING);
-        if (num != plen || memcmp(ptext, ptext_ex, num) != 0) {
-            printf("OAEP decryption (encrypted data) failed!\n");
-            err = 1;
-        } else if (memcmp(ctext, ctext_ex, num) == 0)
-            printf("OAEP test vector %d passed!\n", v);
-
-        /*
-         * Different ciphertexts (rsa_oaep.c without -DPKCS_TESTVECT). Try
-         * decrypting ctext_ex
-         */
-
-        num = RSA_private_decrypt(clen, ctext_ex, ptext, key,
-                                  RSA_PKCS1_OAEP_PADDING);
-
-        if (num != plen || memcmp(ptext, ptext_ex, num) != 0) {
-            printf("OAEP decryption (test vector data) failed!\n");
-            err = 1;
-        } else
-            printf("OAEP encryption/decryption ok\n");
-
-        /* Try decrypting corrupted ciphertexts. */
-        for (n = 0; n < clen; ++n) {
-            ctext[n] ^= 1;
-            num = RSA_private_decrypt(clen, ctext, ptext, key,
-                                          RSA_PKCS1_OAEP_PADDING);
-            if (num > 0) {
-                printf("Corrupt data decrypted!\n");
-                err = 1;
-                break;
-            }
-            ctext[n] ^= 1;
-        }
-
-        /* Test truncated ciphertexts, as well as negative length. */
-        for (n = -1; n < clen; ++n) {
-            num = RSA_private_decrypt(n, ctext, ptext, key,
-                                      RSA_PKCS1_OAEP_PADDING);
-            if (num > 0) {
-                printf("Truncated data decrypted!\n");
-                err = 1;
-                break;
-            }
-        }
-
- next:
-        RSA_free(key);
-    }
-
-    CRYPTO_cleanup_all_ex_data();
-    ERR_remove_thread_state(NULL);
-
-    CRYPTO_mem_leaks_fp(stderr);
-
-# ifdef OPENSSL_SYS_NETWARE
-    if (err)
-        printf("ERROR: %d\n", err);
-# endif
-    return err;
-}
-#endif
diff --git a/freebsd/crypto/openssl/crypto/rsa/rsa_x931.c b/freebsd/crypto/openssl/crypto/rsa/rsa_x931.c
index 33a4cf4e..8f580c7e 100644
--- a/freebsd/crypto/openssl/crypto/rsa/rsa_x931.c
+++ b/freebsd/crypto/openssl/crypto/rsa/rsa_x931.c
@@ -1,69 +1,18 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* rsa_x931.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2005.
- */
-/* ====================================================================
- * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2005-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
-#include <openssl/rand.h>
 #include <openssl/objects.h>
 
 int RSA_padding_add_X931(unsigned char *to, int tlen,
@@ -87,9 +36,9 @@ int RSA_padding_add_X931(unsigned char *to, int tlen,
     p = (unsigned char *)to;
 
     /* If no padding start and end nibbles are in one byte */
-    if (j == 0)
+    if (j == 0) {
         *p++ = 0x6A;
-    else {
+    } else {
         *p++ = 0x6B;
         if (j > 1) {
             memset(p, 0xBB, j - 1);
@@ -100,7 +49,7 @@ int RSA_padding_add_X931(unsigned char *to, int tlen,
     memcpy(p, from, (unsigned int)flen);
     p += flen;
     *p = 0xCC;
-    return (1);
+    return 1;
 }
 
 int RSA_padding_check_X931(unsigned char *to, int tlen,
@@ -134,8 +83,9 @@ int RSA_padding_check_X931(unsigned char *to, int tlen,
             return -1;
         }
 
-    } else
+    } else {
         j = flen - 2;
+    }
 
     if (p[j] != 0xCC) {
         RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_TRAILER);
@@ -144,7 +94,7 @@ int RSA_padding_check_X931(unsigned char *to, int tlen,
 
     memcpy(to, p, (unsigned int)j);
 
-    return (j);
+    return j;
 }
 
 /* Translate between X931 hash ids and NIDs */
diff --git a/freebsd/crypto/openssl/crypto/rsa/rsa_x931g.c b/freebsd/crypto/openssl/crypto/rsa/rsa_x931g.c
new file mode 100644
index 00000000..5858ecb5
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/rsa/rsa_x931g.c
@@ -0,0 +1,200 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <time.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include "rsa_locl.h"
+
+/* X9.31 RSA key derivation and generation */
+
+int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1,
+                       BIGNUM *q2, const BIGNUM *Xp1, const BIGNUM *Xp2,
+                       const BIGNUM *Xp, const BIGNUM *Xq1, const BIGNUM *Xq2,
+                       const BIGNUM *Xq, const BIGNUM *e, BN_GENCB *cb)
+{
+    BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL;
+    BN_CTX *ctx = NULL, *ctx2 = NULL;
+    int ret = 0;
+
+    if (!rsa)
+        goto err;
+
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+
+    r0 = BN_CTX_get(ctx);
+    r1 = BN_CTX_get(ctx);
+    r2 = BN_CTX_get(ctx);
+    r3 = BN_CTX_get(ctx);
+
+    if (r3 == NULL)
+        goto err;
+    if (!rsa->e) {
+        rsa->e = BN_dup(e);
+        if (!rsa->e)
+            goto err;
+    } else {
+        e = rsa->e;
+    }
+
+    /*
+     * If not all parameters present only calculate what we can. This allows
+     * test programs to output selective parameters.
+     */
+
+    if (Xp && rsa->p == NULL) {
+        rsa->p = BN_new();
+        if (rsa->p == NULL)
+            goto err;
+
+        if (!BN_X931_derive_prime_ex(rsa->p, p1, p2,
+                                     Xp, Xp1, Xp2, e, ctx, cb))
+            goto err;
+    }
+
+    if (Xq && rsa->q == NULL) {
+        rsa->q = BN_new();
+        if (rsa->q == NULL)
+            goto err;
+        if (!BN_X931_derive_prime_ex(rsa->q, q1, q2,
+                                     Xq, Xq1, Xq2, e, ctx, cb))
+            goto err;
+    }
+
+    if (rsa->p == NULL || rsa->q == NULL) {
+        BN_CTX_end(ctx);
+        BN_CTX_free(ctx);
+        return 2;
+    }
+
+    /*
+     * Since both primes are set we can now calculate all remaining
+     * components.
+     */
+
+    /* calculate n */
+    rsa->n = BN_new();
+    if (rsa->n == NULL)
+        goto err;
+    if (!BN_mul(rsa->n, rsa->p, rsa->q, ctx))
+        goto err;
+
+    /* calculate d */
+    if (!BN_sub(r1, rsa->p, BN_value_one()))
+        goto err;               /* p-1 */
+    if (!BN_sub(r2, rsa->q, BN_value_one()))
+        goto err;               /* q-1 */
+    if (!BN_mul(r0, r1, r2, ctx))
+        goto err;               /* (p-1)(q-1) */
+
+    if (!BN_gcd(r3, r1, r2, ctx))
+        goto err;
+
+    if (!BN_div(r0, NULL, r0, r3, ctx))
+        goto err;               /* LCM((p-1)(q-1)) */
+
+    ctx2 = BN_CTX_new();
+    if (ctx2 == NULL)
+        goto err;
+
+    rsa->d = BN_mod_inverse(NULL, rsa->e, r0, ctx2); /* d */
+    if (rsa->d == NULL)
+        goto err;
+
+    /* calculate d mod (p-1) */
+    rsa->dmp1 = BN_new();
+    if (rsa->dmp1 == NULL)
+        goto err;
+    if (!BN_mod(rsa->dmp1, rsa->d, r1, ctx))
+        goto err;
+
+    /* calculate d mod (q-1) */
+    rsa->dmq1 = BN_new();
+    if (rsa->dmq1 == NULL)
+        goto err;
+    if (!BN_mod(rsa->dmq1, rsa->d, r2, ctx))
+        goto err;
+
+    /* calculate inverse of q mod p */
+    rsa->iqmp = BN_mod_inverse(NULL, rsa->q, rsa->p, ctx2);
+
+    ret = 1;
+ err:
+    if (ctx)
+        BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    BN_CTX_free(ctx2);
+
+    return ret;
+
+}
+
+int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e,
+                             BN_GENCB *cb)
+{
+    int ok = 0;
+    BIGNUM *Xp = NULL, *Xq = NULL;
+    BN_CTX *ctx = NULL;
+
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        goto error;
+
+    BN_CTX_start(ctx);
+    Xp = BN_CTX_get(ctx);
+    Xq = BN_CTX_get(ctx);
+    if (Xq == NULL)
+        goto error;
+    if (!BN_X931_generate_Xpq(Xp, Xq, bits, ctx))
+        goto error;
+
+    rsa->p = BN_new();
+    rsa->q = BN_new();
+    if (rsa->p == NULL || rsa->q == NULL)
+        goto error;
+
+    /* Generate two primes from Xp, Xq */
+
+    if (!BN_X931_generate_prime_ex(rsa->p, NULL, NULL, NULL, NULL, Xp,
+                                   e, ctx, cb))
+        goto error;
+
+    if (!BN_X931_generate_prime_ex(rsa->q, NULL, NULL, NULL, NULL, Xq,
+                                   e, ctx, cb))
+        goto error;
+
+    /*
+     * Since rsa->p and rsa->q are valid this call will just derive remaining
+     * RSA components.
+     */
+
+    if (!RSA_X931_derive_ex(rsa, NULL, NULL, NULL, NULL,
+                            NULL, NULL, NULL, NULL, NULL, NULL, e, cb))
+        goto error;
+
+    ok = 1;
+
+ error:
+    if (ctx)
+        BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+
+    if (ok)
+        return 1;
+
+    return 0;
+
+}
diff --git a/freebsd/crypto/openssl/crypto/s390x_arch.h b/freebsd/crypto/openssl/crypto/s390x_arch.h
new file mode 100644
index 00000000..4a775a92
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/s390x_arch.h
@@ -0,0 +1,103 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef S390X_ARCH_H
+# define S390X_ARCH_H
+
+# ifndef __ASSEMBLER__
+
+void s390x_kimd(const unsigned char *in, size_t len, unsigned int fc,
+                void *param);
+void s390x_klmd(const unsigned char *in, size_t inlen, unsigned char *out,
+                size_t outlen, unsigned int fc, void *param);
+void s390x_km(const unsigned char *in, size_t len, unsigned char *out,
+              unsigned int fc, void *param);
+void s390x_kmac(const unsigned char *in, size_t len, unsigned int fc,
+                void *param);
+void s390x_kmo(const unsigned char *in, size_t len, unsigned char *out,
+               unsigned int fc, void *param);
+void s390x_kmf(const unsigned char *in, size_t len, unsigned char *out,
+               unsigned int fc, void *param);
+void s390x_kma(const unsigned char *aad, size_t alen, const unsigned char *in,
+               size_t len, unsigned char *out, unsigned int fc, void *param);
+
+/*
+ * The field elements of OPENSSL_s390xcap_P are the 64-bit words returned by
+ * the STFLE instruction followed by the 64-bit word pairs returned by
+ * instructions' QUERY functions. If STFLE returns fewer data or an instruction
+ * is not supported, the corresponding field elements are zero.
+ */
+struct OPENSSL_s390xcap_st {
+    unsigned long long stfle[4];
+    unsigned long long kimd[2];
+    unsigned long long klmd[2];
+    unsigned long long km[2];
+    unsigned long long kmc[2];
+    unsigned long long kmac[2];
+    unsigned long long kmctr[2];
+    unsigned long long kmo[2];
+    unsigned long long kmf[2];
+    unsigned long long prno[2];
+    unsigned long long kma[2];
+};
+
+extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P;
+
+/* convert facility bit number or function code to bit mask */
+#  define S390X_CAPBIT(i)	(1ULL << (63 - (i) % 64))
+
+# endif
+
+/* OPENSSL_s390xcap_P offsets [bytes] */
+# define S390X_STFLE		0x00
+# define S390X_KIMD		0x20
+# define S390X_KLMD		0x30
+# define S390X_KM		0x40
+# define S390X_KMC		0x50
+# define S390X_KMAC		0x60
+# define S390X_KMCTR		0x70
+# define S390X_KMO		0x80
+# define S390X_KMF		0x90
+# define S390X_PRNO		0xa0
+# define S390X_KMA		0xb0
+
+/* Facility Bit Numbers */
+# define S390X_VX		129
+# define S390X_VXD		134
+# define S390X_VXE		135
+
+/* Function Codes */
+
+/* all instructions */
+# define S390X_QUERY		0
+
+/* kimd/klmd */
+# define S390X_SHA3_224		32
+# define S390X_SHA3_256		33
+# define S390X_SHA3_384		34
+# define S390X_SHA3_512		35
+# define S390X_SHAKE_128	36
+# define S390X_SHAKE_256	37
+# define S390X_GHASH		65
+
+/* km/kmc/kmac/kmctr/kmo/kmf/kma */
+# define S390X_AES_128		18
+# define S390X_AES_192		19
+# define S390X_AES_256		20
+
+/* prno */
+# define S390X_TRNG		114
+
+/* Register 0 Flags */
+# define S390X_DECRYPT		0x80
+# define S390X_KMA_LPC		0x100
+# define S390X_KMA_LAAD		0x200
+# define S390X_KMA_HS		0x400
+
+#endif
diff --git a/freebsd/crypto/openssl/crypto/s390xcap.c b/freebsd/crypto/openssl/crypto/s390xcap.c
deleted file mode 100644
index 32ade899..00000000
--- a/freebsd/crypto/openssl/crypto/s390xcap.c
+++ /dev/null
@@ -1,44 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <setjmp.h>
-#include <signal.h>
-#include "cryptlib.h"
-
-extern unsigned long OPENSSL_s390xcap_P[];
-
-static sigjmp_buf ill_jmp;
-static void ill_handler(int sig)
-{
-    siglongjmp(ill_jmp, sig);
-}
-
-unsigned long OPENSSL_s390x_facilities(void);
-
-void OPENSSL_cpuid_setup(void)
-{
-    sigset_t oset;
-    struct sigaction ill_act, oact;
-
-    if (OPENSSL_s390xcap_P[0])
-        return;
-
-    OPENSSL_s390xcap_P[0] = 1UL << (8 * sizeof(unsigned long) - 1);
-
-    memset(&ill_act, 0, sizeof(ill_act));
-    ill_act.sa_handler = ill_handler;
-    sigfillset(&ill_act.sa_mask);
-    sigdelset(&ill_act.sa_mask, SIGILL);
-    sigdelset(&ill_act.sa_mask, SIGTRAP);
-    sigprocmask(SIG_SETMASK, &ill_act.sa_mask, &oset);
-    sigaction(SIGILL, &ill_act, &oact);
-
-    /* protection against missing store-facility-list-extended */
-    if (sigsetjmp(ill_jmp, 1) == 0)
-        OPENSSL_s390x_facilities();
-
-    sigaction(SIGILL, &oact, NULL);
-    sigprocmask(SIG_SETMASK, &oset, NULL);
-}
diff --git a/freebsd/crypto/openssl/crypto/seed/seed.c b/freebsd/crypto/openssl/crypto/seed/seed.c
index 79f834f0..9887e169 100644
--- a/freebsd/crypto/openssl/crypto/seed/seed.c
+++ b/freebsd/crypto/openssl/crypto/seed/seed.c
@@ -1,6 +1,15 @@
 #include <machine/rtems-bsd-user-space.h>
 
 /*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
  * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -30,11 +39,10 @@
 # include <stdio.h>
 # include <stdlib.h>
 # include <string.h>
-# ifdef WIN32
+# ifdef _WIN32
 #  include <memory.h>
 # endif
 
-# include <openssl/crypto.h>
 # include <openssl/seed.h>
 # include "seed_locl.h"
 
@@ -43,490 +51,369 @@
 #  undef SS
 # endif
 
-static const seed_word SS[4][256] = { {
-                                       0x2989a1a8, 0x05858184, 0x16c6d2d4,
-                                       0x13c3d3d0, 0x14445054, 0x1d0d111c,
-                                       0x2c8ca0ac, 0x25052124,
-                                       0x1d4d515c, 0x03434340, 0x18081018,
-                                       0x1e0e121c, 0x11415150, 0x3cccf0fc,
-                                       0x0acac2c8, 0x23436360,
-                                       0x28082028, 0x04444044, 0x20002020,
-                                       0x1d8d919c, 0x20c0e0e0, 0x22c2e2e0,
-                                       0x08c8c0c8, 0x17071314,
-                                       0x2585a1a4, 0x0f8f838c, 0x03030300,
-                                       0x3b4b7378, 0x3b8bb3b8, 0x13031310,
-                                       0x12c2d2d0, 0x2ecee2ec,
-                                       0x30407070, 0x0c8c808c, 0x3f0f333c,
-                                       0x2888a0a8, 0x32023230, 0x1dcdd1dc,
-                                       0x36c6f2f4, 0x34447074,
-                                       0x2ccce0ec, 0x15859194, 0x0b0b0308,
-                                       0x17475354, 0x1c4c505c, 0x1b4b5358,
-                                       0x3d8db1bc, 0x01010100,
-                                       0x24042024, 0x1c0c101c, 0x33437370,
-                                       0x18889098, 0x10001010, 0x0cccc0cc,
-                                       0x32c2f2f0, 0x19c9d1d8,
-                                       0x2c0c202c, 0x27c7e3e4, 0x32427270,
-                                       0x03838380, 0x1b8b9398, 0x11c1d1d0,
-                                       0x06868284, 0x09c9c1c8,
-                                       0x20406060, 0x10405050, 0x2383a3a0,
-                                       0x2bcbe3e8, 0x0d0d010c, 0x3686b2b4,
-                                       0x1e8e929c, 0x0f4f434c,
-                                       0x3787b3b4, 0x1a4a5258, 0x06c6c2c4,
-                                       0x38487078, 0x2686a2a4, 0x12021210,
-                                       0x2f8fa3ac, 0x15c5d1d4,
-                                       0x21416160, 0x03c3c3c0, 0x3484b0b4,
-                                       0x01414140, 0x12425250, 0x3d4d717c,
-                                       0x0d8d818c, 0x08080008,
-                                       0x1f0f131c, 0x19899198, 0x00000000,
-                                       0x19091118, 0x04040004, 0x13435350,
-                                       0x37c7f3f4, 0x21c1e1e0,
-                                       0x3dcdf1fc, 0x36467274, 0x2f0f232c,
-                                       0x27072324, 0x3080b0b0, 0x0b8b8388,
-                                       0x0e0e020c, 0x2b8ba3a8,
-                                       0x2282a2a0, 0x2e4e626c, 0x13839390,
-                                       0x0d4d414c, 0x29496168, 0x3c4c707c,
-                                       0x09090108, 0x0a0a0208,
-                                       0x3f8fb3bc, 0x2fcfe3ec, 0x33c3f3f0,
-                                       0x05c5c1c4, 0x07878384, 0x14041014,
-                                       0x3ecef2fc, 0x24446064,
-                                       0x1eced2dc, 0x2e0e222c, 0x0b4b4348,
-                                       0x1a0a1218, 0x06060204, 0x21012120,
-                                       0x2b4b6368, 0x26466264,
-                                       0x02020200, 0x35c5f1f4, 0x12829290,
-                                       0x0a8a8288, 0x0c0c000c, 0x3383b3b0,
-                                       0x3e4e727c, 0x10c0d0d0,
-                                       0x3a4a7278, 0x07474344, 0x16869294,
-                                       0x25c5e1e4, 0x26062224, 0x00808080,
-                                       0x2d8da1ac, 0x1fcfd3dc,
-                                       0x2181a1a0, 0x30003030, 0x37073334,
-                                       0x2e8ea2ac, 0x36063234, 0x15051114,
-                                       0x22022220, 0x38083038,
-                                       0x34c4f0f4, 0x2787a3a4, 0x05454144,
-                                       0x0c4c404c, 0x01818180, 0x29c9e1e8,
-                                       0x04848084, 0x17879394,
-                                       0x35053134, 0x0bcbc3c8, 0x0ecec2cc,
-                                       0x3c0c303c, 0x31417170, 0x11011110,
-                                       0x07c7c3c4, 0x09898188,
-                                       0x35457174, 0x3bcbf3f8, 0x1acad2d8,
-                                       0x38c8f0f8, 0x14849094, 0x19495158,
-                                       0x02828280, 0x04c4c0c4,
-                                       0x3fcff3fc, 0x09494148, 0x39093138,
-                                       0x27476364, 0x00c0c0c0, 0x0fcfc3cc,
-                                       0x17c7d3d4, 0x3888b0b8,
-                                       0x0f0f030c, 0x0e8e828c, 0x02424240,
-                                       0x23032320, 0x11819190, 0x2c4c606c,
-                                       0x1bcbd3d8, 0x2484a0a4,
-                                       0x34043034, 0x31c1f1f0, 0x08484048,
-                                       0x02c2c2c0, 0x2f4f636c, 0x3d0d313c,
-                                       0x2d0d212c, 0x00404040,
-                                       0x3e8eb2bc, 0x3e0e323c, 0x3c8cb0bc,
-                                       0x01c1c1c0, 0x2a8aa2a8, 0x3a8ab2b8,
-                                       0x0e4e424c, 0x15455154,
-                                       0x3b0b3338, 0x1cccd0dc, 0x28486068,
-                                       0x3f4f737c, 0x1c8c909c, 0x18c8d0d8,
-                                       0x0a4a4248, 0x16465254,
-                                       0x37477374, 0x2080a0a0, 0x2dcde1ec,
-                                       0x06464244, 0x3585b1b4, 0x2b0b2328,
-                                       0x25456164, 0x3acaf2f8,
-                                       0x23c3e3e0, 0x3989b1b8, 0x3181b1b0,
-                                       0x1f8f939c, 0x1e4e525c, 0x39c9f1f8,
-                                       0x26c6e2e4, 0x3282b2b0,
-                                       0x31013130, 0x2acae2e8, 0x2d4d616c,
-                                       0x1f4f535c, 0x24c4e0e4, 0x30c0f0f0,
-                                       0x0dcdc1cc, 0x08888088,
-                                       0x16061214, 0x3a0a3238, 0x18485058,
-                                       0x14c4d0d4, 0x22426260, 0x29092128,
-                                       0x07070304, 0x33033330,
-                                       0x28c8e0e8, 0x1b0b1318, 0x05050104,
-                                       0x39497178, 0x10809090, 0x2a4a6268,
-                                       0x2a0a2228, 0x1a8a9298}, {
-                                                                 0x38380830,
-                                                                 0xe828c8e0,
-                                                                 0x2c2d0d21,
-                                                                 0xa42686a2,
-                                                                 0xcc0fcfc3,
-                                                                 0xdc1eced2,
-                                                                 0xb03383b3,
-                                                                 0xb83888b0,
-                                                                 0xac2f8fa3,
-                                                                 0x60204060,
-                                                                 0x54154551,
-                                                                 0xc407c7c3,
-                                                                 0x44044440,
-                                                                 0x6c2f4f63,
-                                                                 0x682b4b63,
-                                                                 0x581b4b53,
-                                                                 0xc003c3c3,
-                                                                 0x60224262,
-                                                                 0x30330333,
-                                                                 0xb43585b1,
-                                                                 0x28290921,
-                                                                 0xa02080a0,
-                                                                 0xe022c2e2,
-                                                                 0xa42787a3,
-                                                                 0xd013c3d3,
-                                                                 0x90118191,
-                                                                 0x10110111,
-                                                                 0x04060602,
-                                                                 0x1c1c0c10,
-                                                                 0xbc3c8cb0,
-                                                                 0x34360632,
-                                                                 0x480b4b43,
-                                                                 0xec2fcfe3,
-                                                                 0x88088880,
-                                                                 0x6c2c4c60,
-                                                                 0xa82888a0,
-                                                                 0x14170713,
-                                                                 0xc404c4c0,
-                                                                 0x14160612,
-                                                                 0xf434c4f0,
-                                                                 0xc002c2c2,
-                                                                 0x44054541,
-                                                                 0xe021c1e1,
-                                                                 0xd416c6d2,
-                                                                 0x3c3f0f33,
-                                                                 0x3c3d0d31,
-                                                                 0x8c0e8e82,
-                                                                 0x98188890,
-                                                                 0x28280820,
-                                                                 0x4c0e4e42,
-                                                                 0xf436c6f2,
-                                                                 0x3c3e0e32,
-                                                                 0xa42585a1,
-                                                                 0xf839c9f1,
-                                                                 0x0c0d0d01,
-                                                                 0xdc1fcfd3,
-                                                                 0xd818c8d0,
-                                                                 0x282b0b23,
-                                                                 0x64264662,
-                                                                 0x783a4a72,
-                                                                 0x24270723,
-                                                                 0x2c2f0f23,
-                                                                 0xf031c1f1,
-                                                                 0x70324272,
-                                                                 0x40024242,
-                                                                 0xd414c4d0,
-                                                                 0x40014141,
-                                                                 0xc000c0c0,
-                                                                 0x70334373,
-                                                                 0x64274763,
-                                                                 0xac2c8ca0,
-                                                                 0x880b8b83,
-                                                                 0xf437c7f3,
-                                                                 0xac2d8da1,
-                                                                 0x80008080,
-                                                                 0x1c1f0f13,
-                                                                 0xc80acac2,
-                                                                 0x2c2c0c20,
-                                                                 0xa82a8aa2,
-                                                                 0x34340430,
-                                                                 0xd012c2d2,
-                                                                 0x080b0b03,
-                                                                 0xec2ecee2,
-                                                                 0xe829c9e1,
-                                                                 0x5c1d4d51,
-                                                                 0x94148490,
-                                                                 0x18180810,
-                                                                 0xf838c8f0,
-                                                                 0x54174753,
-                                                                 0xac2e8ea2,
-                                                                 0x08080800,
-                                                                 0xc405c5c1,
-                                                                 0x10130313,
-                                                                 0xcc0dcdc1,
-                                                                 0x84068682,
-                                                                 0xb83989b1,
-                                                                 0xfc3fcff3,
-                                                                 0x7c3d4d71,
-                                                                 0xc001c1c1,
-                                                                 0x30310131,
-                                                                 0xf435c5f1,
-                                                                 0x880a8a82,
-                                                                 0x682a4a62,
-                                                                 0xb03181b1,
-                                                                 0xd011c1d1,
-                                                                 0x20200020,
-                                                                 0xd417c7d3,
-                                                                 0x00020202,
-                                                                 0x20220222,
-                                                                 0x04040400,
-                                                                 0x68284860,
-                                                                 0x70314171,
-                                                                 0x04070703,
-                                                                 0xd81bcbd3,
-                                                                 0x9c1d8d91,
-                                                                 0x98198991,
-                                                                 0x60214161,
-                                                                 0xbc3e8eb2,
-                                                                 0xe426c6e2,
-                                                                 0x58194951,
-                                                                 0xdc1dcdd1,
-                                                                 0x50114151,
-                                                                 0x90108090,
-                                                                 0xdc1cccd0,
-                                                                 0x981a8a92,
-                                                                 0xa02383a3,
-                                                                 0xa82b8ba3,
-                                                                 0xd010c0d0,
-                                                                 0x80018181,
-                                                                 0x0c0f0f03,
-                                                                 0x44074743,
-                                                                 0x181a0a12,
-                                                                 0xe023c3e3,
-                                                                 0xec2ccce0,
-                                                                 0x8c0d8d81,
-                                                                 0xbc3f8fb3,
-                                                                 0x94168692,
-                                                                 0x783b4b73,
-                                                                 0x5c1c4c50,
-                                                                 0xa02282a2,
-                                                                 0xa02181a1,
-                                                                 0x60234363,
-                                                                 0x20230323,
-                                                                 0x4c0d4d41,
-                                                                 0xc808c8c0,
-                                                                 0x9c1e8e92,
-                                                                 0x9c1c8c90,
-                                                                 0x383a0a32,
-                                                                 0x0c0c0c00,
-                                                                 0x2c2e0e22,
-                                                                 0xb83a8ab2,
-                                                                 0x6c2e4e62,
-                                                                 0x9c1f8f93,
-                                                                 0x581a4a52,
-                                                                 0xf032c2f2,
-                                                                 0x90128292,
-                                                                 0xf033c3f3,
-                                                                 0x48094941,
-                                                                 0x78384870,
-                                                                 0xcc0cccc0,
-                                                                 0x14150511,
-                                                                 0xf83bcbf3,
-                                                                 0x70304070,
-                                                                 0x74354571,
-                                                                 0x7c3f4f73,
-                                                                 0x34350531,
-                                                                 0x10100010,
-                                                                 0x00030303,
-                                                                 0x64244460,
-                                                                 0x6c2d4d61,
-                                                                 0xc406c6c2,
-                                                                 0x74344470,
-                                                                 0xd415c5d1,
-                                                                 0xb43484b0,
-                                                                 0xe82acae2,
-                                                                 0x08090901,
-                                                                 0x74364672,
-                                                                 0x18190911,
-                                                                 0xfc3ecef2,
-                                                                 0x40004040,
-                                                                 0x10120212,
-                                                                 0xe020c0e0,
-                                                                 0xbc3d8db1,
-                                                                 0x04050501,
-                                                                 0xf83acaf2,
-                                                                 0x00010101,
-                                                                 0xf030c0f0,
-                                                                 0x282a0a22,
-                                                                 0x5c1e4e52,
-                                                                 0xa82989a1,
-                                                                 0x54164652,
-                                                                 0x40034343,
-                                                                 0x84058581,
-                                                                 0x14140410,
-                                                                 0x88098981,
-                                                                 0x981b8b93,
-                                                                 0xb03080b0,
-                                                                 0xe425c5e1,
-                                                                 0x48084840,
-                                                                 0x78394971,
-                                                                 0x94178793,
-                                                                 0xfc3cccf0,
-                                                                 0x1c1e0e12,
-                                                                 0x80028282,
-                                                                 0x20210121,
-                                                                 0x8c0c8c80,
-                                                                 0x181b0b13,
-                                                                 0x5c1f4f53,
-                                                                 0x74374773,
-                                                                 0x54144450,
-                                                                 0xb03282b2,
-                                                                 0x1c1d0d11,
-                                                                 0x24250521,
-                                                                 0x4c0f4f43,
-                                                                 0x00000000,
-                                                                 0x44064642,
-                                                                 0xec2dcde1,
-                                                                 0x58184850,
-                                                                 0x50124252,
-                                                                 0xe82bcbe3,
-                                                                 0x7c3e4e72,
-                                                                 0xd81acad2,
-                                                                 0xc809c9c1,
-                                                                 0xfc3dcdf1,
-                                                                 0x30300030,
-                                                                 0x94158591,
-                                                                 0x64254561,
-                                                                 0x3c3c0c30,
-                                                                 0xb43686b2,
-                                                                 0xe424c4e0,
-                                                                 0xb83b8bb3,
-                                                                 0x7c3c4c70,
-                                                                 0x0c0e0e02,
-                                                                 0x50104050,
-                                                                 0x38390931,
-                                                                 0x24260622,
-                                                                 0x30320232,
-                                                                 0x84048480,
-                                                                 0x68294961,
-                                                                 0x90138393,
-                                                                 0x34370733,
-                                                                 0xe427c7e3,
-                                                                 0x24240420,
-                                                                 0xa42484a0,
-                                                                 0xc80bcbc3,
-                                                                 0x50134353,
-                                                                 0x080a0a02,
-                                                                 0x84078783,
-                                                                 0xd819c9d1,
-                                                                 0x4c0c4c40,
-                                                                 0x80038383,
-                                                                 0x8c0f8f83,
-                                                                 0xcc0ecec2,
-                                                                 0x383b0b33,
-                                                                 0x480a4a42,
-                                                                 0xb43787b3},
+# if !defined(OPENSSL_SMALL_FOOTPRINT)
+
+#  define G_FUNC(v)       \
+        SS[0][(unsigned char)      (v) & 0xff] ^ \
+        SS[1][(unsigned char) ((v)>>8) & 0xff] ^ \
+        SS[2][(unsigned char)((v)>>16) & 0xff] ^ \
+        SS[3][(unsigned char)((v)>>24) & 0xff]
+
+static const seed_word SS[4][256] = {
+    { 0x2989a1a8, 0x05858184, 0x16c6d2d4, 0x13c3d3d0,
+      0x14445054, 0x1d0d111c, 0x2c8ca0ac, 0x25052124,
+      0x1d4d515c, 0x03434340, 0x18081018, 0x1e0e121c,
+      0x11415150, 0x3cccf0fc, 0x0acac2c8, 0x23436360,
+      0x28082028, 0x04444044, 0x20002020, 0x1d8d919c,
+      0x20c0e0e0, 0x22c2e2e0, 0x08c8c0c8, 0x17071314,
+      0x2585a1a4, 0x0f8f838c, 0x03030300, 0x3b4b7378,
+      0x3b8bb3b8, 0x13031310, 0x12c2d2d0, 0x2ecee2ec,
+      0x30407070, 0x0c8c808c, 0x3f0f333c, 0x2888a0a8,
+      0x32023230, 0x1dcdd1dc, 0x36c6f2f4, 0x34447074,
+      0x2ccce0ec, 0x15859194, 0x0b0b0308, 0x17475354,
+      0x1c4c505c, 0x1b4b5358, 0x3d8db1bc, 0x01010100,
+      0x24042024, 0x1c0c101c, 0x33437370, 0x18889098,
+      0x10001010, 0x0cccc0cc, 0x32c2f2f0, 0x19c9d1d8,
+      0x2c0c202c, 0x27c7e3e4, 0x32427270, 0x03838380,
+      0x1b8b9398, 0x11c1d1d0, 0x06868284, 0x09c9c1c8,
+      0x20406060, 0x10405050, 0x2383a3a0, 0x2bcbe3e8,
+      0x0d0d010c, 0x3686b2b4, 0x1e8e929c, 0x0f4f434c,
+      0x3787b3b4, 0x1a4a5258, 0x06c6c2c4, 0x38487078,
+      0x2686a2a4, 0x12021210, 0x2f8fa3ac, 0x15c5d1d4,
+      0x21416160, 0x03c3c3c0, 0x3484b0b4, 0x01414140,
+      0x12425250, 0x3d4d717c, 0x0d8d818c, 0x08080008,
+      0x1f0f131c, 0x19899198, 0x00000000, 0x19091118,
+      0x04040004, 0x13435350, 0x37c7f3f4, 0x21c1e1e0,
+      0x3dcdf1fc, 0x36467274, 0x2f0f232c, 0x27072324,
+      0x3080b0b0, 0x0b8b8388, 0x0e0e020c, 0x2b8ba3a8,
+      0x2282a2a0, 0x2e4e626c, 0x13839390, 0x0d4d414c,
+      0x29496168, 0x3c4c707c, 0x09090108, 0x0a0a0208,
+      0x3f8fb3bc, 0x2fcfe3ec, 0x33c3f3f0, 0x05c5c1c4,
+      0x07878384, 0x14041014, 0x3ecef2fc, 0x24446064,
+      0x1eced2dc, 0x2e0e222c, 0x0b4b4348, 0x1a0a1218,
+      0x06060204, 0x21012120, 0x2b4b6368, 0x26466264,
+      0x02020200, 0x35c5f1f4, 0x12829290, 0x0a8a8288,
+      0x0c0c000c, 0x3383b3b0, 0x3e4e727c, 0x10c0d0d0,
+      0x3a4a7278, 0x07474344, 0x16869294, 0x25c5e1e4,
+      0x26062224, 0x00808080, 0x2d8da1ac, 0x1fcfd3dc,
+      0x2181a1a0, 0x30003030, 0x37073334, 0x2e8ea2ac,
+      0x36063234, 0x15051114, 0x22022220, 0x38083038,
+      0x34c4f0f4, 0x2787a3a4, 0x05454144, 0x0c4c404c,
+      0x01818180, 0x29c9e1e8, 0x04848084, 0x17879394,
+      0x35053134, 0x0bcbc3c8, 0x0ecec2cc, 0x3c0c303c,
+      0x31417170, 0x11011110, 0x07c7c3c4, 0x09898188,
+      0x35457174, 0x3bcbf3f8, 0x1acad2d8, 0x38c8f0f8,
+      0x14849094, 0x19495158, 0x02828280, 0x04c4c0c4,
+      0x3fcff3fc, 0x09494148, 0x39093138, 0x27476364,
+      0x00c0c0c0, 0x0fcfc3cc, 0x17c7d3d4, 0x3888b0b8,
+      0x0f0f030c, 0x0e8e828c, 0x02424240, 0x23032320,
+      0x11819190, 0x2c4c606c, 0x1bcbd3d8, 0x2484a0a4,
+      0x34043034, 0x31c1f1f0, 0x08484048, 0x02c2c2c0,
+      0x2f4f636c, 0x3d0d313c, 0x2d0d212c, 0x00404040,
+      0x3e8eb2bc, 0x3e0e323c, 0x3c8cb0bc, 0x01c1c1c0,
+      0x2a8aa2a8, 0x3a8ab2b8, 0x0e4e424c, 0x15455154,
+      0x3b0b3338, 0x1cccd0dc, 0x28486068, 0x3f4f737c,
+      0x1c8c909c, 0x18c8d0d8, 0x0a4a4248, 0x16465254,
+      0x37477374, 0x2080a0a0, 0x2dcde1ec, 0x06464244,
+      0x3585b1b4, 0x2b0b2328, 0x25456164, 0x3acaf2f8,
+      0x23c3e3e0, 0x3989b1b8, 0x3181b1b0, 0x1f8f939c,
+      0x1e4e525c, 0x39c9f1f8, 0x26c6e2e4, 0x3282b2b0,
+      0x31013130, 0x2acae2e8, 0x2d4d616c, 0x1f4f535c,
+      0x24c4e0e4, 0x30c0f0f0, 0x0dcdc1cc, 0x08888088,
+      0x16061214, 0x3a0a3238, 0x18485058, 0x14c4d0d4,
+      0x22426260, 0x29092128, 0x07070304, 0x33033330,
+      0x28c8e0e8, 0x1b0b1318, 0x05050104, 0x39497178,
+      0x10809090, 0x2a4a6268, 0x2a0a2228, 0x1a8a9298
+    },
+    { 0x38380830, 0xe828c8e0, 0x2c2d0d21, 0xa42686a2,
+      0xcc0fcfc3, 0xdc1eced2, 0xb03383b3, 0xb83888b0,
+      0xac2f8fa3, 0x60204060, 0x54154551, 0xc407c7c3,
+      0x44044440, 0x6c2f4f63, 0x682b4b63, 0x581b4b53,
+      0xc003c3c3, 0x60224262, 0x30330333, 0xb43585b1,
+      0x28290921, 0xa02080a0, 0xe022c2e2, 0xa42787a3,
+      0xd013c3d3, 0x90118191, 0x10110111, 0x04060602,
+      0x1c1c0c10, 0xbc3c8cb0, 0x34360632, 0x480b4b43,
+      0xec2fcfe3, 0x88088880, 0x6c2c4c60, 0xa82888a0,
+      0x14170713, 0xc404c4c0, 0x14160612, 0xf434c4f0,
+      0xc002c2c2, 0x44054541, 0xe021c1e1, 0xd416c6d2,
+      0x3c3f0f33, 0x3c3d0d31, 0x8c0e8e82, 0x98188890,
+      0x28280820, 0x4c0e4e42, 0xf436c6f2, 0x3c3e0e32,
+      0xa42585a1, 0xf839c9f1, 0x0c0d0d01, 0xdc1fcfd3,
+      0xd818c8d0, 0x282b0b23, 0x64264662, 0x783a4a72,
+      0x24270723, 0x2c2f0f23, 0xf031c1f1, 0x70324272,
+      0x40024242, 0xd414c4d0, 0x40014141, 0xc000c0c0,
+      0x70334373, 0x64274763, 0xac2c8ca0, 0x880b8b83,
+      0xf437c7f3, 0xac2d8da1, 0x80008080, 0x1c1f0f13,
+      0xc80acac2, 0x2c2c0c20, 0xa82a8aa2, 0x34340430,
+      0xd012c2d2, 0x080b0b03, 0xec2ecee2, 0xe829c9e1,
+      0x5c1d4d51, 0x94148490, 0x18180810, 0xf838c8f0,
+      0x54174753, 0xac2e8ea2, 0x08080800, 0xc405c5c1,
+      0x10130313, 0xcc0dcdc1, 0x84068682, 0xb83989b1,
+      0xfc3fcff3, 0x7c3d4d71, 0xc001c1c1, 0x30310131,
+      0xf435c5f1, 0x880a8a82, 0x682a4a62, 0xb03181b1,
+      0xd011c1d1, 0x20200020, 0xd417c7d3, 0x00020202,
+      0x20220222, 0x04040400, 0x68284860, 0x70314171,
+      0x04070703, 0xd81bcbd3, 0x9c1d8d91, 0x98198991,
+      0x60214161, 0xbc3e8eb2, 0xe426c6e2, 0x58194951,
+      0xdc1dcdd1, 0x50114151, 0x90108090, 0xdc1cccd0,
+      0x981a8a92, 0xa02383a3, 0xa82b8ba3, 0xd010c0d0,
+      0x80018181, 0x0c0f0f03, 0x44074743, 0x181a0a12,
+      0xe023c3e3, 0xec2ccce0, 0x8c0d8d81, 0xbc3f8fb3,
+      0x94168692, 0x783b4b73, 0x5c1c4c50, 0xa02282a2,
+      0xa02181a1, 0x60234363, 0x20230323, 0x4c0d4d41,
+      0xc808c8c0, 0x9c1e8e92, 0x9c1c8c90, 0x383a0a32,
+      0x0c0c0c00, 0x2c2e0e22, 0xb83a8ab2, 0x6c2e4e62,
+      0x9c1f8f93, 0x581a4a52, 0xf032c2f2, 0x90128292,
+      0xf033c3f3, 0x48094941, 0x78384870, 0xcc0cccc0,
+      0x14150511, 0xf83bcbf3, 0x70304070, 0x74354571,
+      0x7c3f4f73, 0x34350531, 0x10100010, 0x00030303,
+      0x64244460, 0x6c2d4d61, 0xc406c6c2, 0x74344470,
+      0xd415c5d1, 0xb43484b0, 0xe82acae2, 0x08090901,
+      0x74364672, 0x18190911, 0xfc3ecef2, 0x40004040,
+      0x10120212, 0xe020c0e0, 0xbc3d8db1, 0x04050501,
+      0xf83acaf2, 0x00010101, 0xf030c0f0, 0x282a0a22,
+      0x5c1e4e52, 0xa82989a1, 0x54164652, 0x40034343,
+      0x84058581, 0x14140410, 0x88098981, 0x981b8b93,
+      0xb03080b0, 0xe425c5e1, 0x48084840, 0x78394971,
+      0x94178793, 0xfc3cccf0, 0x1c1e0e12, 0x80028282,
+      0x20210121, 0x8c0c8c80, 0x181b0b13, 0x5c1f4f53,
+      0x74374773, 0x54144450, 0xb03282b2, 0x1c1d0d11,
+      0x24250521, 0x4c0f4f43, 0x00000000, 0x44064642,
+      0xec2dcde1, 0x58184850, 0x50124252, 0xe82bcbe3,
+      0x7c3e4e72, 0xd81acad2, 0xc809c9c1, 0xfc3dcdf1,
+      0x30300030, 0x94158591, 0x64254561, 0x3c3c0c30,
+      0xb43686b2, 0xe424c4e0, 0xb83b8bb3, 0x7c3c4c70,
+      0x0c0e0e02, 0x50104050, 0x38390931, 0x24260622,
+      0x30320232, 0x84048480, 0x68294961, 0x90138393,
+      0x34370733, 0xe427c7e3, 0x24240420, 0xa42484a0,
+      0xc80bcbc3, 0x50134353, 0x080a0a02, 0x84078783,
+      0xd819c9d1, 0x4c0c4c40, 0x80038383, 0x8c0f8f83,
+      0xcc0ecec2, 0x383b0b33, 0x480a4a42, 0xb43787b3
+    },
+    { 0xa1a82989, 0x81840585, 0xd2d416c6, 0xd3d013c3,
+      0x50541444, 0x111c1d0d, 0xa0ac2c8c, 0x21242505,
+      0x515c1d4d, 0x43400343, 0x10181808, 0x121c1e0e,
+      0x51501141, 0xf0fc3ccc, 0xc2c80aca, 0x63602343,
+      0x20282808, 0x40440444, 0x20202000, 0x919c1d8d,
+      0xe0e020c0, 0xe2e022c2, 0xc0c808c8, 0x13141707,
+      0xa1a42585, 0x838c0f8f, 0x03000303, 0x73783b4b,
+      0xb3b83b8b, 0x13101303, 0xd2d012c2, 0xe2ec2ece,
+      0x70703040, 0x808c0c8c, 0x333c3f0f, 0xa0a82888,
+      0x32303202, 0xd1dc1dcd, 0xf2f436c6, 0x70743444,
+      0xe0ec2ccc, 0x91941585, 0x03080b0b, 0x53541747,
+      0x505c1c4c, 0x53581b4b, 0xb1bc3d8d, 0x01000101,
+      0x20242404, 0x101c1c0c, 0x73703343, 0x90981888,
+      0x10101000, 0xc0cc0ccc, 0xf2f032c2, 0xd1d819c9,
+      0x202c2c0c, 0xe3e427c7, 0x72703242, 0x83800383,
+      0x93981b8b, 0xd1d011c1, 0x82840686, 0xc1c809c9,
+      0x60602040, 0x50501040, 0xa3a02383, 0xe3e82bcb,
+      0x010c0d0d, 0xb2b43686, 0x929c1e8e, 0x434c0f4f,
+      0xb3b43787, 0x52581a4a, 0xc2c406c6, 0x70783848,
+      0xa2a42686, 0x12101202, 0xa3ac2f8f, 0xd1d415c5,
+      0x61602141, 0xc3c003c3, 0xb0b43484, 0x41400141,
+      0x52501242, 0x717c3d4d, 0x818c0d8d, 0x00080808,
+      0x131c1f0f, 0x91981989, 0x00000000, 0x11181909,
+      0x00040404, 0x53501343, 0xf3f437c7, 0xe1e021c1,
+      0xf1fc3dcd, 0x72743646, 0x232c2f0f, 0x23242707,
+      0xb0b03080, 0x83880b8b, 0x020c0e0e, 0xa3a82b8b,
+      0xa2a02282, 0x626c2e4e, 0x93901383, 0x414c0d4d,
+      0x61682949, 0x707c3c4c, 0x01080909, 0x02080a0a,
+      0xb3bc3f8f, 0xe3ec2fcf, 0xf3f033c3, 0xc1c405c5,
+      0x83840787, 0x10141404, 0xf2fc3ece, 0x60642444,
+      0xd2dc1ece, 0x222c2e0e, 0x43480b4b, 0x12181a0a,
+      0x02040606, 0x21202101, 0x63682b4b, 0x62642646,
+      0x02000202, 0xf1f435c5, 0x92901282, 0x82880a8a,
+      0x000c0c0c, 0xb3b03383, 0x727c3e4e, 0xd0d010c0,
+      0x72783a4a, 0x43440747, 0x92941686, 0xe1e425c5,
+      0x22242606, 0x80800080, 0xa1ac2d8d, 0xd3dc1fcf,
+      0xa1a02181, 0x30303000, 0x33343707, 0xa2ac2e8e,
+      0x32343606, 0x11141505, 0x22202202, 0x30383808,
+      0xf0f434c4, 0xa3a42787, 0x41440545, 0x404c0c4c,
+      0x81800181, 0xe1e829c9, 0x80840484, 0x93941787,
+      0x31343505, 0xc3c80bcb, 0xc2cc0ece, 0x303c3c0c,
+      0x71703141, 0x11101101, 0xc3c407c7, 0x81880989,
+      0x71743545, 0xf3f83bcb, 0xd2d81aca, 0xf0f838c8,
+      0x90941484, 0x51581949, 0x82800282, 0xc0c404c4,
+      0xf3fc3fcf, 0x41480949, 0x31383909, 0x63642747,
+      0xc0c000c0, 0xc3cc0fcf, 0xd3d417c7, 0xb0b83888,
+      0x030c0f0f, 0x828c0e8e, 0x42400242, 0x23202303,
+      0x91901181, 0x606c2c4c, 0xd3d81bcb, 0xa0a42484,
+      0x30343404, 0xf1f031c1, 0x40480848, 0xc2c002c2,
+      0x636c2f4f, 0x313c3d0d, 0x212c2d0d, 0x40400040,
+      0xb2bc3e8e, 0x323c3e0e, 0xb0bc3c8c, 0xc1c001c1,
+      0xa2a82a8a, 0xb2b83a8a, 0x424c0e4e, 0x51541545,
+      0x33383b0b, 0xd0dc1ccc, 0x60682848, 0x737c3f4f,
+      0x909c1c8c, 0xd0d818c8, 0x42480a4a, 0x52541646,
+      0x73743747, 0xa0a02080, 0xe1ec2dcd, 0x42440646,
+      0xb1b43585, 0x23282b0b, 0x61642545, 0xf2f83aca,
+      0xe3e023c3, 0xb1b83989, 0xb1b03181, 0x939c1f8f,
+      0x525c1e4e, 0xf1f839c9, 0xe2e426c6, 0xb2b03282,
+      0x31303101, 0xe2e82aca, 0x616c2d4d, 0x535c1f4f,
+      0xe0e424c4, 0xf0f030c0, 0xc1cc0dcd, 0x80880888,
+      0x12141606, 0x32383a0a, 0x50581848, 0xd0d414c4,
+      0x62602242, 0x21282909, 0x03040707, 0x33303303,
+      0xe0e828c8, 0x13181b0b, 0x01040505, 0x71783949,
+      0x90901080, 0x62682a4a, 0x22282a0a, 0x92981a8a
+    },
+    { 0x08303838, 0xc8e0e828, 0x0d212c2d, 0x86a2a426,
+      0xcfc3cc0f, 0xced2dc1e, 0x83b3b033, 0x88b0b838,
+      0x8fa3ac2f, 0x40606020, 0x45515415, 0xc7c3c407,
+      0x44404404, 0x4f636c2f, 0x4b63682b, 0x4b53581b,
+      0xc3c3c003, 0x42626022, 0x03333033, 0x85b1b435,
+      0x09212829, 0x80a0a020, 0xc2e2e022, 0x87a3a427,
+      0xc3d3d013, 0x81919011, 0x01111011, 0x06020406,
+      0x0c101c1c, 0x8cb0bc3c, 0x06323436, 0x4b43480b,
+      0xcfe3ec2f, 0x88808808, 0x4c606c2c, 0x88a0a828,
+      0x07131417, 0xc4c0c404, 0x06121416, 0xc4f0f434,
+      0xc2c2c002, 0x45414405, 0xc1e1e021, 0xc6d2d416,
+      0x0f333c3f, 0x0d313c3d, 0x8e828c0e, 0x88909818,
+      0x08202828, 0x4e424c0e, 0xc6f2f436, 0x0e323c3e,
+      0x85a1a425, 0xc9f1f839, 0x0d010c0d, 0xcfd3dc1f,
+      0xc8d0d818, 0x0b23282b, 0x46626426, 0x4a72783a,
+      0x07232427, 0x0f232c2f, 0xc1f1f031, 0x42727032,
+      0x42424002, 0xc4d0d414, 0x41414001, 0xc0c0c000,
+      0x43737033, 0x47636427, 0x8ca0ac2c, 0x8b83880b,
+      0xc7f3f437, 0x8da1ac2d, 0x80808000, 0x0f131c1f,
+      0xcac2c80a, 0x0c202c2c, 0x8aa2a82a, 0x04303434,
+      0xc2d2d012, 0x0b03080b, 0xcee2ec2e, 0xc9e1e829,
+      0x4d515c1d, 0x84909414, 0x08101818, 0xc8f0f838,
+      0x47535417, 0x8ea2ac2e, 0x08000808, 0xc5c1c405,
+      0x03131013, 0xcdc1cc0d, 0x86828406, 0x89b1b839,
+      0xcff3fc3f, 0x4d717c3d, 0xc1c1c001, 0x01313031,
+      0xc5f1f435, 0x8a82880a, 0x4a62682a, 0x81b1b031,
+      0xc1d1d011, 0x00202020, 0xc7d3d417, 0x02020002,
+      0x02222022, 0x04000404, 0x48606828, 0x41717031,
+      0x07030407, 0xcbd3d81b, 0x8d919c1d, 0x89919819,
+      0x41616021, 0x8eb2bc3e, 0xc6e2e426, 0x49515819,
+      0xcdd1dc1d, 0x41515011, 0x80909010, 0xccd0dc1c,
+      0x8a92981a, 0x83a3a023, 0x8ba3a82b, 0xc0d0d010,
+      0x81818001, 0x0f030c0f, 0x47434407, 0x0a12181a,
+      0xc3e3e023, 0xcce0ec2c, 0x8d818c0d, 0x8fb3bc3f,
+      0x86929416, 0x4b73783b, 0x4c505c1c, 0x82a2a022,
+      0x81a1a021, 0x43636023, 0x03232023, 0x4d414c0d,
+      0xc8c0c808, 0x8e929c1e, 0x8c909c1c, 0x0a32383a,
+      0x0c000c0c, 0x0e222c2e, 0x8ab2b83a, 0x4e626c2e,
+      0x8f939c1f, 0x4a52581a, 0xc2f2f032, 0x82929012,
+      0xc3f3f033, 0x49414809, 0x48707838, 0xccc0cc0c,
+      0x05111415, 0xcbf3f83b, 0x40707030, 0x45717435,
+      0x4f737c3f, 0x05313435, 0x00101010, 0x03030003,
+      0x44606424, 0x4d616c2d, 0xc6c2c406, 0x44707434,
+      0xc5d1d415, 0x84b0b434, 0xcae2e82a, 0x09010809,
+      0x46727436, 0x09111819, 0xcef2fc3e, 0x40404000,
+      0x02121012, 0xc0e0e020, 0x8db1bc3d, 0x05010405,
+      0xcaf2f83a, 0x01010001, 0xc0f0f030, 0x0a22282a,
+      0x4e525c1e, 0x89a1a829, 0x46525416, 0x43434003,
+      0x85818405, 0x04101414, 0x89818809, 0x8b93981b,
+      0x80b0b030, 0xc5e1e425, 0x48404808, 0x49717839,
+      0x87939417, 0xccf0fc3c, 0x0e121c1e, 0x82828002,
+      0x01212021, 0x8c808c0c, 0x0b13181b, 0x4f535c1f,
+      0x47737437, 0x44505414, 0x82b2b032, 0x0d111c1d,
+      0x05212425, 0x4f434c0f, 0x00000000, 0x46424406,
+      0xcde1ec2d, 0x48505818, 0x42525012, 0xcbe3e82b,
+      0x4e727c3e, 0xcad2d81a, 0xc9c1c809, 0xcdf1fc3d,
+      0x00303030, 0x85919415, 0x45616425, 0x0c303c3c,
+      0x86b2b436, 0xc4e0e424, 0x8bb3b83b, 0x4c707c3c,
+      0x0e020c0e, 0x40505010, 0x09313839, 0x06222426,
+      0x02323032, 0x84808404, 0x49616829, 0x83939013,
+      0x07333437, 0xc7e3e427, 0x04202424, 0x84a0a424,
+      0xcbc3c80b, 0x43535013, 0x0a02080a, 0x87838407,
+      0xc9d1d819, 0x4c404c0c, 0x83838003, 0x8f838c0f,
+      0xcec2cc0e, 0x0b33383b, 0x4a42480a, 0x87b3b437
+    }
+};
+
+#else
+
+/* on x86_64 >5x size reduction at 40% performance penalty */
+static const unsigned char SEED_Sbox[2][256] = {
 {
- 0xa1a82989, 0x81840585, 0xd2d416c6, 0xd3d013c3, 0x50541444, 0x111c1d0d,
- 0xa0ac2c8c, 0x21242505,
- 0x515c1d4d, 0x43400343, 0x10181808, 0x121c1e0e, 0x51501141, 0xf0fc3ccc,
- 0xc2c80aca, 0x63602343,
- 0x20282808, 0x40440444, 0x20202000, 0x919c1d8d, 0xe0e020c0, 0xe2e022c2,
- 0xc0c808c8, 0x13141707,
- 0xa1a42585, 0x838c0f8f, 0x03000303, 0x73783b4b, 0xb3b83b8b, 0x13101303,
- 0xd2d012c2, 0xe2ec2ece,
- 0x70703040, 0x808c0c8c, 0x333c3f0f, 0xa0a82888, 0x32303202, 0xd1dc1dcd,
- 0xf2f436c6, 0x70743444,
- 0xe0ec2ccc, 0x91941585, 0x03080b0b, 0x53541747, 0x505c1c4c, 0x53581b4b,
- 0xb1bc3d8d, 0x01000101,
- 0x20242404, 0x101c1c0c, 0x73703343, 0x90981888, 0x10101000, 0xc0cc0ccc,
- 0xf2f032c2, 0xd1d819c9,
- 0x202c2c0c, 0xe3e427c7, 0x72703242, 0x83800383, 0x93981b8b, 0xd1d011c1,
- 0x82840686, 0xc1c809c9,
- 0x60602040, 0x50501040, 0xa3a02383, 0xe3e82bcb, 0x010c0d0d, 0xb2b43686,
- 0x929c1e8e, 0x434c0f4f,
- 0xb3b43787, 0x52581a4a, 0xc2c406c6, 0x70783848, 0xa2a42686, 0x12101202,
- 0xa3ac2f8f, 0xd1d415c5,
- 0x61602141, 0xc3c003c3, 0xb0b43484, 0x41400141, 0x52501242, 0x717c3d4d,
- 0x818c0d8d, 0x00080808,
- 0x131c1f0f, 0x91981989, 0x00000000, 0x11181909, 0x00040404, 0x53501343,
- 0xf3f437c7, 0xe1e021c1,
- 0xf1fc3dcd, 0x72743646, 0x232c2f0f, 0x23242707, 0xb0b03080, 0x83880b8b,
- 0x020c0e0e, 0xa3a82b8b,
- 0xa2a02282, 0x626c2e4e, 0x93901383, 0x414c0d4d, 0x61682949, 0x707c3c4c,
- 0x01080909, 0x02080a0a,
- 0xb3bc3f8f, 0xe3ec2fcf, 0xf3f033c3, 0xc1c405c5, 0x83840787, 0x10141404,
- 0xf2fc3ece, 0x60642444,
- 0xd2dc1ece, 0x222c2e0e, 0x43480b4b, 0x12181a0a, 0x02040606, 0x21202101,
- 0x63682b4b, 0x62642646,
- 0x02000202, 0xf1f435c5, 0x92901282, 0x82880a8a, 0x000c0c0c, 0xb3b03383,
- 0x727c3e4e, 0xd0d010c0,
- 0x72783a4a, 0x43440747, 0x92941686, 0xe1e425c5, 0x22242606, 0x80800080,
- 0xa1ac2d8d, 0xd3dc1fcf,
- 0xa1a02181, 0x30303000, 0x33343707, 0xa2ac2e8e, 0x32343606, 0x11141505,
- 0x22202202, 0x30383808,
- 0xf0f434c4, 0xa3a42787, 0x41440545, 0x404c0c4c, 0x81800181, 0xe1e829c9,
- 0x80840484, 0x93941787,
- 0x31343505, 0xc3c80bcb, 0xc2cc0ece, 0x303c3c0c, 0x71703141, 0x11101101,
- 0xc3c407c7, 0x81880989,
- 0x71743545, 0xf3f83bcb, 0xd2d81aca, 0xf0f838c8, 0x90941484, 0x51581949,
- 0x82800282, 0xc0c404c4,
- 0xf3fc3fcf, 0x41480949, 0x31383909, 0x63642747, 0xc0c000c0, 0xc3cc0fcf,
- 0xd3d417c7, 0xb0b83888,
- 0x030c0f0f, 0x828c0e8e, 0x42400242, 0x23202303, 0x91901181, 0x606c2c4c,
- 0xd3d81bcb, 0xa0a42484,
- 0x30343404, 0xf1f031c1, 0x40480848, 0xc2c002c2, 0x636c2f4f, 0x313c3d0d,
- 0x212c2d0d, 0x40400040,
- 0xb2bc3e8e, 0x323c3e0e, 0xb0bc3c8c, 0xc1c001c1, 0xa2a82a8a, 0xb2b83a8a,
- 0x424c0e4e, 0x51541545,
- 0x33383b0b, 0xd0dc1ccc, 0x60682848, 0x737c3f4f, 0x909c1c8c, 0xd0d818c8,
- 0x42480a4a, 0x52541646,
- 0x73743747, 0xa0a02080, 0xe1ec2dcd, 0x42440646, 0xb1b43585, 0x23282b0b,
- 0x61642545, 0xf2f83aca,
- 0xe3e023c3, 0xb1b83989, 0xb1b03181, 0x939c1f8f, 0x525c1e4e, 0xf1f839c9,
- 0xe2e426c6, 0xb2b03282,
- 0x31303101, 0xe2e82aca, 0x616c2d4d, 0x535c1f4f, 0xe0e424c4, 0xf0f030c0,
- 0xc1cc0dcd, 0x80880888,
- 0x12141606, 0x32383a0a, 0x50581848, 0xd0d414c4, 0x62602242, 0x21282909,
- 0x03040707, 0x33303303,
- 0xe0e828c8, 0x13181b0b, 0x01040505, 0x71783949, 0x90901080, 0x62682a4a,
- 0x22282a0a, 0x92981a8a}, {
-                           0x08303838, 0xc8e0e828, 0x0d212c2d, 0x86a2a426,
-                           0xcfc3cc0f, 0xced2dc1e, 0x83b3b033, 0x88b0b838,
-                           0x8fa3ac2f, 0x40606020, 0x45515415, 0xc7c3c407,
-                           0x44404404, 0x4f636c2f, 0x4b63682b, 0x4b53581b,
-                           0xc3c3c003, 0x42626022, 0x03333033, 0x85b1b435,
-                           0x09212829, 0x80a0a020, 0xc2e2e022, 0x87a3a427,
-                           0xc3d3d013, 0x81919011, 0x01111011, 0x06020406,
-                           0x0c101c1c, 0x8cb0bc3c, 0x06323436, 0x4b43480b,
-                           0xcfe3ec2f, 0x88808808, 0x4c606c2c, 0x88a0a828,
-                           0x07131417, 0xc4c0c404, 0x06121416, 0xc4f0f434,
-                           0xc2c2c002, 0x45414405, 0xc1e1e021, 0xc6d2d416,
-                           0x0f333c3f, 0x0d313c3d, 0x8e828c0e, 0x88909818,
-                           0x08202828, 0x4e424c0e, 0xc6f2f436, 0x0e323c3e,
-                           0x85a1a425, 0xc9f1f839, 0x0d010c0d, 0xcfd3dc1f,
-                           0xc8d0d818, 0x0b23282b, 0x46626426, 0x4a72783a,
-                           0x07232427, 0x0f232c2f, 0xc1f1f031, 0x42727032,
-                           0x42424002, 0xc4d0d414, 0x41414001, 0xc0c0c000,
-                           0x43737033, 0x47636427, 0x8ca0ac2c, 0x8b83880b,
-                           0xc7f3f437, 0x8da1ac2d, 0x80808000, 0x0f131c1f,
-                           0xcac2c80a, 0x0c202c2c, 0x8aa2a82a, 0x04303434,
-                           0xc2d2d012, 0x0b03080b, 0xcee2ec2e, 0xc9e1e829,
-                           0x4d515c1d, 0x84909414, 0x08101818, 0xc8f0f838,
-                           0x47535417, 0x8ea2ac2e, 0x08000808, 0xc5c1c405,
-                           0x03131013, 0xcdc1cc0d, 0x86828406, 0x89b1b839,
-                           0xcff3fc3f, 0x4d717c3d, 0xc1c1c001, 0x01313031,
-                           0xc5f1f435, 0x8a82880a, 0x4a62682a, 0x81b1b031,
-                           0xc1d1d011, 0x00202020, 0xc7d3d417, 0x02020002,
-                           0x02222022, 0x04000404, 0x48606828, 0x41717031,
-                           0x07030407, 0xcbd3d81b, 0x8d919c1d, 0x89919819,
-                           0x41616021, 0x8eb2bc3e, 0xc6e2e426, 0x49515819,
-                           0xcdd1dc1d, 0x41515011, 0x80909010, 0xccd0dc1c,
-                           0x8a92981a, 0x83a3a023, 0x8ba3a82b, 0xc0d0d010,
-                           0x81818001, 0x0f030c0f, 0x47434407, 0x0a12181a,
-                           0xc3e3e023, 0xcce0ec2c, 0x8d818c0d, 0x8fb3bc3f,
-                           0x86929416, 0x4b73783b, 0x4c505c1c, 0x82a2a022,
-                           0x81a1a021, 0x43636023, 0x03232023, 0x4d414c0d,
-                           0xc8c0c808, 0x8e929c1e, 0x8c909c1c, 0x0a32383a,
-                           0x0c000c0c, 0x0e222c2e, 0x8ab2b83a, 0x4e626c2e,
-                           0x8f939c1f, 0x4a52581a, 0xc2f2f032, 0x82929012,
-                           0xc3f3f033, 0x49414809, 0x48707838, 0xccc0cc0c,
-                           0x05111415, 0xcbf3f83b, 0x40707030, 0x45717435,
-                           0x4f737c3f, 0x05313435, 0x00101010, 0x03030003,
-                           0x44606424, 0x4d616c2d, 0xc6c2c406, 0x44707434,
-                           0xc5d1d415, 0x84b0b434, 0xcae2e82a, 0x09010809,
-                           0x46727436, 0x09111819, 0xcef2fc3e, 0x40404000,
-                           0x02121012, 0xc0e0e020, 0x8db1bc3d, 0x05010405,
-                           0xcaf2f83a, 0x01010001, 0xc0f0f030, 0x0a22282a,
-                           0x4e525c1e, 0x89a1a829, 0x46525416, 0x43434003,
-                           0x85818405, 0x04101414, 0x89818809, 0x8b93981b,
-                           0x80b0b030, 0xc5e1e425, 0x48404808, 0x49717839,
-                           0x87939417, 0xccf0fc3c, 0x0e121c1e, 0x82828002,
-                           0x01212021, 0x8c808c0c, 0x0b13181b, 0x4f535c1f,
-                           0x47737437, 0x44505414, 0x82b2b032, 0x0d111c1d,
-                           0x05212425, 0x4f434c0f, 0x00000000, 0x46424406,
-                           0xcde1ec2d, 0x48505818, 0x42525012, 0xcbe3e82b,
-                           0x4e727c3e, 0xcad2d81a, 0xc9c1c809, 0xcdf1fc3d,
-                           0x00303030, 0x85919415, 0x45616425, 0x0c303c3c,
-                           0x86b2b436, 0xc4e0e424, 0x8bb3b83b, 0x4c707c3c,
-                           0x0e020c0e, 0x40505010, 0x09313839, 0x06222426,
-                           0x02323032, 0x84808404, 0x49616829, 0x83939013,
-                           0x07333437, 0xc7e3e427, 0x04202424, 0x84a0a424,
-                           0xcbc3c80b, 0x43535013, 0x0a02080a, 0x87838407,
-                           0xc9d1d819, 0x4c404c0c, 0x83838003, 0x8f838c0f,
-                           0xcec2cc0e, 0x0b33383b, 0x4a42480a, 0x87b3b437}
+      0xA9, 0x85, 0xD6, 0xD3, 0x54, 0x1D, 0xAC, 0x25,
+      0x5D, 0x43, 0x18, 0x1E, 0x51, 0xFC, 0xCA, 0x63,
+      0x28, 0x44, 0x20, 0x9D, 0xE0, 0xE2, 0xC8, 0x17,
+      0xA5, 0x8F, 0x03, 0x7B, 0xBB, 0x13, 0xD2, 0xEE,
+      0x70, 0x8C, 0x3F, 0xA8, 0x32, 0xDD, 0xF6, 0x74,
+      0xEC, 0x95, 0x0B, 0x57, 0x5C, 0x5B, 0xBD, 0x01,
+      0x24, 0x1C, 0x73, 0x98, 0x10, 0xCC, 0xF2, 0xD9,
+      0x2C, 0xE7, 0x72, 0x83, 0x9B, 0xD1, 0x86, 0xC9,
+      0x60, 0x50, 0xA3, 0xEB, 0x0D, 0xB6, 0x9E, 0x4F,
+      0xB7, 0x5A, 0xC6, 0x78, 0xA6, 0x12, 0xAF, 0xD5,
+      0x61, 0xC3, 0xB4, 0x41, 0x52, 0x7D, 0x8D, 0x08,
+      0x1F, 0x99, 0x00, 0x19, 0x04, 0x53, 0xF7, 0xE1,
+      0xFD, 0x76, 0x2F, 0x27, 0xB0, 0x8B, 0x0E, 0xAB,
+      0xA2, 0x6E, 0x93, 0x4D, 0x69, 0x7C, 0x09, 0x0A,
+      0xBF, 0xEF, 0xF3, 0xC5, 0x87, 0x14, 0xFE, 0x64,
+      0xDE, 0x2E, 0x4B, 0x1A, 0x06, 0x21, 0x6B, 0x66,
+      0x02, 0xF5, 0x92, 0x8A, 0x0C, 0xB3, 0x7E, 0xD0,
+      0x7A, 0x47, 0x96, 0xE5, 0x26, 0x80, 0xAD, 0xDF,
+      0xA1, 0x30, 0x37, 0xAE, 0x36, 0x15, 0x22, 0x38,
+      0xF4, 0xA7, 0x45, 0x4C, 0x81, 0xE9, 0x84, 0x97,
+      0x35, 0xCB, 0xCE, 0x3C, 0x71, 0x11, 0xC7, 0x89,
+      0x75, 0xFB, 0xDA, 0xF8, 0x94, 0x59, 0x82, 0xC4,
+      0xFF, 0x49, 0x39, 0x67, 0xC0, 0xCF, 0xD7, 0xB8,
+      0x0F, 0x8E, 0x42, 0x23, 0x91, 0x6C, 0xDB, 0xA4,
+      0x34, 0xF1, 0x48, 0xC2, 0x6F, 0x3D, 0x2D, 0x40,
+      0xBE, 0x3E, 0xBC, 0xC1, 0xAA, 0xBA, 0x4E, 0x55,
+      0x3B, 0xDC, 0x68, 0x7F, 0x9C, 0xD8, 0x4A, 0x56,
+      0x77, 0xA0, 0xED, 0x46, 0xB5, 0x2B, 0x65, 0xFA,
+      0xE3, 0xB9, 0xB1, 0x9F, 0x5E, 0xF9, 0xE6, 0xB2,
+      0x31, 0xEA, 0x6D, 0x5F, 0xE4, 0xF0, 0xCD, 0x88,
+      0x16, 0x3A, 0x58, 0xD4, 0x62, 0x29, 0x07, 0x33,
+      0xE8, 0x1B, 0x05, 0x79, 0x90, 0x6A, 0x2A, 0x9A
+    },
+    {
+      0x38, 0xE8, 0x2D, 0xA6, 0xCF, 0xDE, 0xB3, 0xB8,
+      0xAF, 0x60, 0x55, 0xC7, 0x44, 0x6F, 0x6B, 0x5B,
+      0xC3, 0x62, 0x33, 0xB5, 0x29, 0xA0, 0xE2, 0xA7,
+      0xD3, 0x91, 0x11, 0x06, 0x1C, 0xBC, 0x36, 0x4B,
+      0xEF, 0x88, 0x6C, 0xA8, 0x17, 0xC4, 0x16, 0xF4,
+      0xC2, 0x45, 0xE1, 0xD6, 0x3F, 0x3D, 0x8E, 0x98,
+      0x28, 0x4E, 0xF6, 0x3E, 0xA5, 0xF9, 0x0D, 0xDF,
+      0xD8, 0x2B, 0x66, 0x7A, 0x27, 0x2F, 0xF1, 0x72,
+      0x42, 0xD4, 0x41, 0xC0, 0x73, 0x67, 0xAC, 0x8B,
+      0xF7, 0xAD, 0x80, 0x1F, 0xCA, 0x2C, 0xAA, 0x34,
+      0xD2, 0x0B, 0xEE, 0xE9, 0x5D, 0x94, 0x18, 0xF8,
+      0x57, 0xAE, 0x08, 0xC5, 0x13, 0xCD, 0x86, 0xB9,
+      0xFF, 0x7D, 0xC1, 0x31, 0xF5, 0x8A, 0x6A, 0xB1,
+      0xD1, 0x20, 0xD7, 0x02, 0x22, 0x04, 0x68, 0x71,
+      0x07, 0xDB, 0x9D, 0x99, 0x61, 0xBE, 0xE6, 0x59,
+      0xDD, 0x51, 0x90, 0xDC, 0x9A, 0xA3, 0xAB, 0xD0,
+      0x81, 0x0F, 0x47, 0x1A, 0xE3, 0xEC, 0x8D, 0xBF,
+      0x96, 0x7B, 0x5C, 0xA2, 0xA1, 0x63, 0x23, 0x4D,
+      0xC8, 0x9E, 0x9C, 0x3A, 0x0C, 0x2E, 0xBA, 0x6E,
+      0x9F, 0x5A, 0xF2, 0x92, 0xF3, 0x49, 0x78, 0xCC,
+      0x15, 0xFB, 0x70, 0x75, 0x7F, 0x35, 0x10, 0x03,
+      0x64, 0x6D, 0xC6, 0x74, 0xD5, 0xB4, 0xEA, 0x09,
+      0x76, 0x19, 0xFE, 0x40, 0x12, 0xE0, 0xBD, 0x05,
+      0xFA, 0x01, 0xF0, 0x2A, 0x5E, 0xA9, 0x56, 0x43,
+      0x85, 0x14, 0x89, 0x9B, 0xB0, 0xE5, 0x48, 0x79,
+      0x97, 0xFC, 0x1E, 0x82, 0x21, 0x8C, 0x1B, 0x5F,
+      0x77, 0x54, 0xB2, 0x1D, 0x25, 0x4F, 0x00, 0x46,
+      0xED, 0x58, 0x52, 0xEB, 0x7E, 0xDA, 0xC9, 0xFD,
+      0x30, 0x95, 0x65, 0x3C, 0xB6, 0xE4, 0xBB, 0x7C,
+      0x0E, 0x50, 0x39, 0x26, 0x32, 0x84, 0x69, 0x93,
+      0x37, 0xE7, 0x24, 0xA4, 0xCB, 0x53, 0x0A, 0x87,
+      0xD9, 0x4C, 0x83, 0x8F, 0xCE, 0x3B, 0x4A, 0xB7
+    }
 };
 
+static unsigned int G_FUNC(unsigned int v)
+{
+    unsigned int s0, s1, s2, s3, ret;
+
+    s0 = SEED_Sbox[0][(unsigned char)      (v) & 0xff];
+    s1 = SEED_Sbox[1][(unsigned char)((v)>> 8) & 0xff];
+    s2 = SEED_Sbox[0][(unsigned char)((v)>>16) & 0xff];
+    s3 = SEED_Sbox[1][(unsigned char)((v)>>24) & 0xff];
+
+    ret  = ((s0 & 0xFC) ^ (s1 & 0xF3) ^ (s2 & 0xCF) ^ (s3 & 0x3F));
+    ret |= ((s0 & 0xF3) ^ (s1 & 0xCF) ^ (s2 & 0x3F) ^ (s3 & 0xFC)) << 8;
+    ret |= ((s0 & 0xCF) ^ (s1 & 0x3F) ^ (s2 & 0xFC) ^ (s3 & 0xF3)) << 16;
+    ret |= ((s0 & 0x3F) ^ (s1 & 0xFC) ^ (s2 & 0xF3) ^ (s3 & 0xCF)) << 24;
+
+    return ret;
+}
+# endif
+
 /* key schedule constants - golden ratio */
 # define KC0     0x9e3779b9
 # define KC1     0x3c6ef373
@@ -551,17 +438,9 @@ static const seed_word KC[] = {
     KC8, KC9, KC10, KC11, KC12, KC13, KC14, KC15
 };
 # endif
+
 void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH],
                   SEED_KEY_SCHEDULE *ks)
-# ifdef OPENSSL_FIPS
-{
-    fips_cipher_abort(SEED);
-    private_SEED_set_key(rawkey, ks);
-}
-
-void private_SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH],
-                          SEED_KEY_SCHEDULE *ks)
-# endif
 {
     seed_word x1, x2, x3, x4;
     seed_word t0, t1;
diff --git a/freebsd/crypto/openssl/crypto/seed/seed_cbc.c b/freebsd/crypto/openssl/crypto/seed/seed_cbc.c
index 686959c1..552e2737 100644
--- a/freebsd/crypto/openssl/crypto/seed/seed_cbc.c
+++ b/freebsd/crypto/openssl/crypto/seed/seed_cbc.c
@@ -1,54 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/seed/seed_cbc.c */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+/*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/seed.h>
diff --git a/freebsd/crypto/openssl/crypto/seed/seed_cfb.c b/freebsd/crypto/openssl/crypto/seed/seed_cfb.c
index 2c0d1d02..dd1eb484 100644
--- a/freebsd/crypto/openssl/crypto/seed/seed_cfb.c
+++ b/freebsd/crypto/openssl/crypto/seed/seed_cfb.c
@@ -1,110 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/seed/seed_cfb.c */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
+/*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/seed.h>
diff --git a/freebsd/crypto/openssl/crypto/seed/seed_ecb.c b/freebsd/crypto/openssl/crypto/seed/seed_ecb.c
index a2cd1682..a9620e0d 100644
--- a/freebsd/crypto/openssl/crypto/seed/seed_ecb.c
+++ b/freebsd/crypto/openssl/crypto/seed/seed_ecb.c
@@ -1,54 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/seed/seed_ecb.c */
-/* ====================================================================
- * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+/*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/seed.h>
diff --git a/freebsd/crypto/openssl/crypto/seed/seed_locl.h b/freebsd/crypto/openssl/crypto/seed/seed_locl.h
index 96ec4302..ac2950d9 100644
--- a/freebsd/crypto/openssl/crypto/seed/seed_locl.h
+++ b/freebsd/crypto/openssl/crypto/seed/seed_locl.h
@@ -1,4 +1,13 @@
 /*
+ * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
  * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -36,14 +45,6 @@ typedef unsigned int seed_word;
 # endif
 
 
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-# define G_FUNC(v)       \
-        SS[0][(unsigned char)      (v) & 0xff] ^ SS[1][(unsigned char) ((v)>>8) & 0xff] ^ \
-        SS[2][(unsigned char)((v)>>16) & 0xff] ^ SS[3][(unsigned char)((v)>>24) & 0xff]
-
 # define char2word(c, i)  \
         (i) = ((((seed_word)(c)[0]) << 24) | (((seed_word)(c)[1]) << 16) | (((seed_word)(c)[2]) << 8) | ((seed_word)(c)[3]))
 
@@ -108,8 +109,4 @@ extern "C" {
         (X1) ^= (T0);                            \
         (X2) ^= (T1)
 
-#ifdef  __cplusplus
-}
-#endif
-
 #endif                          /* HEADER_SEED_LOCL_H */
diff --git a/freebsd/crypto/openssl/crypto/seed/seed_ofb.c b/freebsd/crypto/openssl/crypto/seed/seed_ofb.c
index c626613b..f83015ed 100644
--- a/freebsd/crypto/openssl/crypto/seed/seed_ofb.c
+++ b/freebsd/crypto/openssl/crypto/seed/seed_ofb.c
@@ -1,110 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/seed/seed_ofb.c */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
+/*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/seed.h>
diff --git a/freebsd/crypto/openssl/crypto/sha/keccak1600.c b/freebsd/crypto/openssl/crypto/sha/keccak1600.c
new file mode 100644
index 00000000..082810d7
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/sha/keccak1600.c
@@ -0,0 +1,1248 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/e_os2.h>
+#include <string.h>
+#include <assert.h>
+
+size_t SHA3_absorb(uint64_t A[5][5], const unsigned char *inp, size_t len,
+                   size_t r);
+void SHA3_squeeze(uint64_t A[5][5], unsigned char *out, size_t len, size_t r);
+
+#if !defined(KECCAK1600_ASM) || !defined(SELFTEST)
+
+/*
+ * Choose some sensible defaults
+ */
+#if !defined(KECCAK_REF) && !defined(KECCAK_1X) && !defined(KECCAK_1X_ALT) && \
+    !defined(KECCAK_2X) && !defined(KECCAK_INPLACE)
+# define KECCAK_2X      /* default to KECCAK_2X variant */
+#endif
+
+#if defined(__i386) || defined(__i386__) || defined(_M_IX86)
+# define KECCAK_COMPLEMENTING_TRANSFORM
+#endif
+
+#if defined(__x86_64__) || defined(__aarch64__) || \
+    defined(__mips64) || defined(__ia64) || \
+    (defined(__VMS) && !defined(__vax))
+/*
+ * These are available even in ILP32 flavours, but even then they are
+ * capable of performing 64-bit operations as efficiently as in *P64.
+ * Since it's not given that we can use sizeof(void *), just shunt it.
+ */
+# define BIT_INTERLEAVE (0)
+#else
+# define BIT_INTERLEAVE (sizeof(void *) < 8)
+#endif
+
+#define ROL32(a, offset) (((a) << (offset)) | ((a) >> ((32 - (offset)) & 31)))
+
+static uint64_t ROL64(uint64_t val, int offset)
+{
+    if (offset == 0) {
+        return val;
+    } else if (!BIT_INTERLEAVE) {
+        return (val << offset) | (val >> (64-offset));
+    } else {
+        uint32_t hi = (uint32_t)(val >> 32), lo = (uint32_t)val;
+
+        if (offset & 1) {
+            uint32_t tmp = hi;
+
+            offset >>= 1;
+            hi = ROL32(lo, offset);
+            lo = ROL32(tmp, offset + 1);
+        } else {
+            offset >>= 1;
+            lo = ROL32(lo, offset);
+            hi = ROL32(hi, offset);
+        }
+
+        return ((uint64_t)hi << 32) | lo;
+    }
+}
+
+static const unsigned char rhotates[5][5] = {
+    {  0,  1, 62, 28, 27 },
+    { 36, 44,  6, 55, 20 },
+    {  3, 10, 43, 25, 39 },
+    { 41, 45, 15, 21,  8 },
+    { 18,  2, 61, 56, 14 }
+};
+
+static const uint64_t iotas[] = {
+    BIT_INTERLEAVE ? 0x0000000000000001U : 0x0000000000000001U,
+    BIT_INTERLEAVE ? 0x0000008900000000U : 0x0000000000008082U,
+    BIT_INTERLEAVE ? 0x8000008b00000000U : 0x800000000000808aU,
+    BIT_INTERLEAVE ? 0x8000808000000000U : 0x8000000080008000U,
+    BIT_INTERLEAVE ? 0x0000008b00000001U : 0x000000000000808bU,
+    BIT_INTERLEAVE ? 0x0000800000000001U : 0x0000000080000001U,
+    BIT_INTERLEAVE ? 0x8000808800000001U : 0x8000000080008081U,
+    BIT_INTERLEAVE ? 0x8000008200000001U : 0x8000000000008009U,
+    BIT_INTERLEAVE ? 0x0000000b00000000U : 0x000000000000008aU,
+    BIT_INTERLEAVE ? 0x0000000a00000000U : 0x0000000000000088U,
+    BIT_INTERLEAVE ? 0x0000808200000001U : 0x0000000080008009U,
+    BIT_INTERLEAVE ? 0x0000800300000000U : 0x000000008000000aU,
+    BIT_INTERLEAVE ? 0x0000808b00000001U : 0x000000008000808bU,
+    BIT_INTERLEAVE ? 0x8000000b00000001U : 0x800000000000008bU,
+    BIT_INTERLEAVE ? 0x8000008a00000001U : 0x8000000000008089U,
+    BIT_INTERLEAVE ? 0x8000008100000001U : 0x8000000000008003U,
+    BIT_INTERLEAVE ? 0x8000008100000000U : 0x8000000000008002U,
+    BIT_INTERLEAVE ? 0x8000000800000000U : 0x8000000000000080U,
+    BIT_INTERLEAVE ? 0x0000008300000000U : 0x000000000000800aU,
+    BIT_INTERLEAVE ? 0x8000800300000000U : 0x800000008000000aU,
+    BIT_INTERLEAVE ? 0x8000808800000001U : 0x8000000080008081U,
+    BIT_INTERLEAVE ? 0x8000008800000000U : 0x8000000000008080U,
+    BIT_INTERLEAVE ? 0x0000800000000001U : 0x0000000080000001U,
+    BIT_INTERLEAVE ? 0x8000808200000000U : 0x8000000080008008U
+};
+
+#if defined(KECCAK_REF)
+/*
+ * This is straightforward or "maximum clarity" implementation aiming
+ * to resemble section 3.2 of the FIPS PUB 202 "SHA-3 Standard:
+ * Permutation-Based Hash and Extendible-Output Functions" as much as
+ * possible. With one caveat. Because of the way C stores matrices,
+ * references to A[x,y] in the specification are presented as A[y][x].
+ * Implementation unrolls inner x-loops so that modulo 5 operations are
+ * explicitly pre-computed.
+ */
+static void Theta(uint64_t A[5][5])
+{
+    uint64_t C[5], D[5];
+    size_t y;
+
+    C[0] = A[0][0];
+    C[1] = A[0][1];
+    C[2] = A[0][2];
+    C[3] = A[0][3];
+    C[4] = A[0][4];
+
+    for (y = 1; y < 5; y++) {
+        C[0] ^= A[y][0];
+        C[1] ^= A[y][1];
+        C[2] ^= A[y][2];
+        C[3] ^= A[y][3];
+        C[4] ^= A[y][4];
+    }
+
+    D[0] = ROL64(C[1], 1) ^ C[4];
+    D[1] = ROL64(C[2], 1) ^ C[0];
+    D[2] = ROL64(C[3], 1) ^ C[1];
+    D[3] = ROL64(C[4], 1) ^ C[2];
+    D[4] = ROL64(C[0], 1) ^ C[3];
+
+    for (y = 0; y < 5; y++) {
+        A[y][0] ^= D[0];
+        A[y][1] ^= D[1];
+        A[y][2] ^= D[2];
+        A[y][3] ^= D[3];
+        A[y][4] ^= D[4];
+    }
+}
+
+static void Rho(uint64_t A[5][5])
+{
+    size_t y;
+
+    for (y = 0; y < 5; y++) {
+        A[y][0] = ROL64(A[y][0], rhotates[y][0]);
+        A[y][1] = ROL64(A[y][1], rhotates[y][1]);
+        A[y][2] = ROL64(A[y][2], rhotates[y][2]);
+        A[y][3] = ROL64(A[y][3], rhotates[y][3]);
+        A[y][4] = ROL64(A[y][4], rhotates[y][4]);
+    }
+}
+
+static void Pi(uint64_t A[5][5])
+{
+    uint64_t T[5][5];
+
+    /*
+     * T = A
+     * A[y][x] = T[x][(3*y+x)%5]
+     */
+    memcpy(T, A, sizeof(T));
+
+    A[0][0] = T[0][0];
+    A[0][1] = T[1][1];
+    A[0][2] = T[2][2];
+    A[0][3] = T[3][3];
+    A[0][4] = T[4][4];
+
+    A[1][0] = T[0][3];
+    A[1][1] = T[1][4];
+    A[1][2] = T[2][0];
+    A[1][3] = T[3][1];
+    A[1][4] = T[4][2];
+
+    A[2][0] = T[0][1];
+    A[2][1] = T[1][2];
+    A[2][2] = T[2][3];
+    A[2][3] = T[3][4];
+    A[2][4] = T[4][0];
+
+    A[3][0] = T[0][4];
+    A[3][1] = T[1][0];
+    A[3][2] = T[2][1];
+    A[3][3] = T[3][2];
+    A[3][4] = T[4][3];
+
+    A[4][0] = T[0][2];
+    A[4][1] = T[1][3];
+    A[4][2] = T[2][4];
+    A[4][3] = T[3][0];
+    A[4][4] = T[4][1];
+}
+
+static void Chi(uint64_t A[5][5])
+{
+    uint64_t C[5];
+    size_t y;
+
+    for (y = 0; y < 5; y++) {
+        C[0] = A[y][0] ^ (~A[y][1] & A[y][2]);
+        C[1] = A[y][1] ^ (~A[y][2] & A[y][3]);
+        C[2] = A[y][2] ^ (~A[y][3] & A[y][4]);
+        C[3] = A[y][3] ^ (~A[y][4] & A[y][0]);
+        C[4] = A[y][4] ^ (~A[y][0] & A[y][1]);
+
+        A[y][0] = C[0];
+        A[y][1] = C[1];
+        A[y][2] = C[2];
+        A[y][3] = C[3];
+        A[y][4] = C[4];
+    }
+}
+
+static void Iota(uint64_t A[5][5], size_t i)
+{
+    assert(i < (sizeof(iotas) / sizeof(iotas[0])));
+    A[0][0] ^= iotas[i];
+}
+
+static void KeccakF1600(uint64_t A[5][5])
+{
+    size_t i;
+
+    for (i = 0; i < 24; i++) {
+        Theta(A);
+        Rho(A);
+        Pi(A);
+        Chi(A);
+        Iota(A, i);
+    }
+}
+
+#elif defined(KECCAK_1X)
+/*
+ * This implementation is optimization of above code featuring unroll
+ * of even y-loops, their fusion and code motion. It also minimizes
+ * temporary storage. Compiler would normally do all these things for
+ * you, purpose of manual optimization is to provide "unobscured"
+ * reference for assembly implementation [in case this approach is
+ * chosen for implementation on some platform]. In the nutshell it's
+ * equivalent of "plane-per-plane processing" approach discussed in
+ * section 2.4 of "Keccak implementation overview".
+ */
+static void Round(uint64_t A[5][5], size_t i)
+{
+    uint64_t C[5], E[2];        /* registers */
+    uint64_t D[5], T[2][5];     /* memory    */
+
+    assert(i < (sizeof(iotas) / sizeof(iotas[0])));
+
+    C[0] = A[0][0] ^ A[1][0] ^ A[2][0] ^ A[3][0] ^ A[4][0];
+    C[1] = A[0][1] ^ A[1][1] ^ A[2][1] ^ A[3][1] ^ A[4][1];
+    C[2] = A[0][2] ^ A[1][2] ^ A[2][2] ^ A[3][2] ^ A[4][2];
+    C[3] = A[0][3] ^ A[1][3] ^ A[2][3] ^ A[3][3] ^ A[4][3];
+    C[4] = A[0][4] ^ A[1][4] ^ A[2][4] ^ A[3][4] ^ A[4][4];
+
+#if defined(__arm__)
+    D[1] = E[0] = ROL64(C[2], 1) ^ C[0];
+    D[4] = E[1] = ROL64(C[0], 1) ^ C[3];
+    D[0] = C[0] = ROL64(C[1], 1) ^ C[4];
+    D[2] = C[1] = ROL64(C[3], 1) ^ C[1];
+    D[3] = C[2] = ROL64(C[4], 1) ^ C[2];
+
+    T[0][0] = A[3][0] ^ C[0]; /* borrow T[0][0] */
+    T[0][1] = A[0][1] ^ E[0]; /* D[1] */
+    T[0][2] = A[0][2] ^ C[1]; /* D[2] */
+    T[0][3] = A[0][3] ^ C[2]; /* D[3] */
+    T[0][4] = A[0][4] ^ E[1]; /* D[4] */
+
+    C[3] = ROL64(A[3][3] ^ C[2], rhotates[3][3]);   /* D[3] */
+    C[4] = ROL64(A[4][4] ^ E[1], rhotates[4][4]);   /* D[4] */
+    C[0] =       A[0][0] ^ C[0]; /* rotate by 0 */  /* D[0] */
+    C[2] = ROL64(A[2][2] ^ C[1], rhotates[2][2]);   /* D[2] */
+    C[1] = ROL64(A[1][1] ^ E[0], rhotates[1][1]);   /* D[1] */
+#else
+    D[0] = ROL64(C[1], 1) ^ C[4];
+    D[1] = ROL64(C[2], 1) ^ C[0];
+    D[2] = ROL64(C[3], 1) ^ C[1];
+    D[3] = ROL64(C[4], 1) ^ C[2];
+    D[4] = ROL64(C[0], 1) ^ C[3];
+
+    T[0][0] = A[3][0] ^ D[0]; /* borrow T[0][0] */
+    T[0][1] = A[0][1] ^ D[1];
+    T[0][2] = A[0][2] ^ D[2];
+    T[0][3] = A[0][3] ^ D[3];
+    T[0][4] = A[0][4] ^ D[4];
+
+    C[0] =       A[0][0] ^ D[0]; /* rotate by 0 */
+    C[1] = ROL64(A[1][1] ^ D[1], rhotates[1][1]);
+    C[2] = ROL64(A[2][2] ^ D[2], rhotates[2][2]);
+    C[3] = ROL64(A[3][3] ^ D[3], rhotates[3][3]);
+    C[4] = ROL64(A[4][4] ^ D[4], rhotates[4][4]);
+#endif
+    A[0][0] = C[0] ^ (~C[1] & C[2]) ^ iotas[i];
+    A[0][1] = C[1] ^ (~C[2] & C[3]);
+    A[0][2] = C[2] ^ (~C[3] & C[4]);
+    A[0][3] = C[3] ^ (~C[4] & C[0]);
+    A[0][4] = C[4] ^ (~C[0] & C[1]);
+
+    T[1][0] = A[1][0] ^ (C[3] = D[0]);
+    T[1][1] = A[2][1] ^ (C[4] = D[1]); /* borrow T[1][1] */
+    T[1][2] = A[1][2] ^ (E[0] = D[2]);
+    T[1][3] = A[1][3] ^ (E[1] = D[3]);
+    T[1][4] = A[2][4] ^ (C[2] = D[4]); /* borrow T[1][4] */
+
+    C[0] = ROL64(T[0][3],        rhotates[0][3]);
+    C[1] = ROL64(A[1][4] ^ C[2], rhotates[1][4]);   /* D[4] */
+    C[2] = ROL64(A[2][0] ^ C[3], rhotates[2][0]);   /* D[0] */
+    C[3] = ROL64(A[3][1] ^ C[4], rhotates[3][1]);   /* D[1] */
+    C[4] = ROL64(A[4][2] ^ E[0], rhotates[4][2]);   /* D[2] */
+
+    A[1][0] = C[0] ^ (~C[1] & C[2]);
+    A[1][1] = C[1] ^ (~C[2] & C[3]);
+    A[1][2] = C[2] ^ (~C[3] & C[4]);
+    A[1][3] = C[3] ^ (~C[4] & C[0]);
+    A[1][4] = C[4] ^ (~C[0] & C[1]);
+
+    C[0] = ROL64(T[0][1],        rhotates[0][1]);
+    C[1] = ROL64(T[1][2],        rhotates[1][2]);
+    C[2] = ROL64(A[2][3] ^ D[3], rhotates[2][3]);
+    C[3] = ROL64(A[3][4] ^ D[4], rhotates[3][4]);
+    C[4] = ROL64(A[4][0] ^ D[0], rhotates[4][0]);
+
+    A[2][0] = C[0] ^ (~C[1] & C[2]);
+    A[2][1] = C[1] ^ (~C[2] & C[3]);
+    A[2][2] = C[2] ^ (~C[3] & C[4]);
+    A[2][3] = C[3] ^ (~C[4] & C[0]);
+    A[2][4] = C[4] ^ (~C[0] & C[1]);
+
+    C[0] = ROL64(T[0][4],        rhotates[0][4]);
+    C[1] = ROL64(T[1][0],        rhotates[1][0]);
+    C[2] = ROL64(T[1][1],        rhotates[2][1]); /* originally A[2][1] */
+    C[3] = ROL64(A[3][2] ^ D[2], rhotates[3][2]);
+    C[4] = ROL64(A[4][3] ^ D[3], rhotates[4][3]);
+
+    A[3][0] = C[0] ^ (~C[1] & C[2]);
+    A[3][1] = C[1] ^ (~C[2] & C[3]);
+    A[3][2] = C[2] ^ (~C[3] & C[4]);
+    A[3][3] = C[3] ^ (~C[4] & C[0]);
+    A[3][4] = C[4] ^ (~C[0] & C[1]);
+
+    C[0] = ROL64(T[0][2],        rhotates[0][2]);
+    C[1] = ROL64(T[1][3],        rhotates[1][3]);
+    C[2] = ROL64(T[1][4],        rhotates[2][4]); /* originally A[2][4] */
+    C[3] = ROL64(T[0][0],        rhotates[3][0]); /* originally A[3][0] */
+    C[4] = ROL64(A[4][1] ^ D[1], rhotates[4][1]);
+
+    A[4][0] = C[0] ^ (~C[1] & C[2]);
+    A[4][1] = C[1] ^ (~C[2] & C[3]);
+    A[4][2] = C[2] ^ (~C[3] & C[4]);
+    A[4][3] = C[3] ^ (~C[4] & C[0]);
+    A[4][4] = C[4] ^ (~C[0] & C[1]);
+}
+
+static void KeccakF1600(uint64_t A[5][5])
+{
+    size_t i;
+
+    for (i = 0; i < 24; i++) {
+        Round(A, i);
+    }
+}
+
+#elif defined(KECCAK_1X_ALT)
+/*
+ * This is variant of above KECCAK_1X that reduces requirement for
+ * temporary storage even further, but at cost of more updates to A[][].
+ * It's less suitable if A[][] is memory bound, but better if it's
+ * register bound.
+ */
+
+static void Round(uint64_t A[5][5], size_t i)
+{
+    uint64_t C[5], D[5];
+
+    assert(i < (sizeof(iotas) / sizeof(iotas[0])));
+
+    C[0] = A[0][0] ^ A[1][0] ^ A[2][0] ^ A[3][0] ^ A[4][0];
+    C[1] = A[0][1] ^ A[1][1] ^ A[2][1] ^ A[3][1] ^ A[4][1];
+    C[2] = A[0][2] ^ A[1][2] ^ A[2][2] ^ A[3][2] ^ A[4][2];
+    C[3] = A[0][3] ^ A[1][3] ^ A[2][3] ^ A[3][3] ^ A[4][3];
+    C[4] = A[0][4] ^ A[1][4] ^ A[2][4] ^ A[3][4] ^ A[4][4];
+
+    D[1] = C[0] ^  ROL64(C[2], 1);
+    D[2] = C[1] ^  ROL64(C[3], 1);
+    D[3] = C[2] ^= ROL64(C[4], 1);
+    D[4] = C[3] ^= ROL64(C[0], 1);
+    D[0] = C[4] ^= ROL64(C[1], 1);
+
+    A[0][1] ^= D[1];
+    A[1][1] ^= D[1];
+    A[2][1] ^= D[1];
+    A[3][1] ^= D[1];
+    A[4][1] ^= D[1];
+
+    A[0][2] ^= D[2];
+    A[1][2] ^= D[2];
+    A[2][2] ^= D[2];
+    A[3][2] ^= D[2];
+    A[4][2] ^= D[2];
+
+    A[0][3] ^= C[2];
+    A[1][3] ^= C[2];
+    A[2][3] ^= C[2];
+    A[3][3] ^= C[2];
+    A[4][3] ^= C[2];
+
+    A[0][4] ^= C[3];
+    A[1][4] ^= C[3];
+    A[2][4] ^= C[3];
+    A[3][4] ^= C[3];
+    A[4][4] ^= C[3];
+
+    A[0][0] ^= C[4];
+    A[1][0] ^= C[4];
+    A[2][0] ^= C[4];
+    A[3][0] ^= C[4];
+    A[4][0] ^= C[4];
+
+    C[1] = A[0][1];
+    C[2] = A[0][2];
+    C[3] = A[0][3];
+    C[4] = A[0][4];
+
+    A[0][1] = ROL64(A[1][1], rhotates[1][1]);
+    A[0][2] = ROL64(A[2][2], rhotates[2][2]);
+    A[0][3] = ROL64(A[3][3], rhotates[3][3]);
+    A[0][4] = ROL64(A[4][4], rhotates[4][4]);
+
+    A[1][1] = ROL64(A[1][4], rhotates[1][4]);
+    A[2][2] = ROL64(A[2][3], rhotates[2][3]);
+    A[3][3] = ROL64(A[3][2], rhotates[3][2]);
+    A[4][4] = ROL64(A[4][1], rhotates[4][1]);
+
+    A[1][4] = ROL64(A[4][2], rhotates[4][2]);
+    A[2][3] = ROL64(A[3][4], rhotates[3][4]);
+    A[3][2] = ROL64(A[2][1], rhotates[2][1]);
+    A[4][1] = ROL64(A[1][3], rhotates[1][3]);
+
+    A[4][2] = ROL64(A[2][4], rhotates[2][4]);
+    A[3][4] = ROL64(A[4][3], rhotates[4][3]);
+    A[2][1] = ROL64(A[1][2], rhotates[1][2]);
+    A[1][3] = ROL64(A[3][1], rhotates[3][1]);
+
+    A[2][4] = ROL64(A[4][0], rhotates[4][0]);
+    A[4][3] = ROL64(A[3][0], rhotates[3][0]);
+    A[1][2] = ROL64(A[2][0], rhotates[2][0]);
+    A[3][1] = ROL64(A[1][0], rhotates[1][0]);
+
+    A[1][0] = ROL64(C[3],    rhotates[0][3]);
+    A[2][0] = ROL64(C[1],    rhotates[0][1]);
+    A[3][0] = ROL64(C[4],    rhotates[0][4]);
+    A[4][0] = ROL64(C[2],    rhotates[0][2]);
+
+    C[0] = A[0][0];
+    C[1] = A[1][0];
+    D[0] = A[0][1];
+    D[1] = A[1][1];
+
+    A[0][0] ^= (~A[0][1] & A[0][2]);
+    A[1][0] ^= (~A[1][1] & A[1][2]);
+    A[0][1] ^= (~A[0][2] & A[0][3]);
+    A[1][1] ^= (~A[1][2] & A[1][3]);
+    A[0][2] ^= (~A[0][3] & A[0][4]);
+    A[1][2] ^= (~A[1][3] & A[1][4]);
+    A[0][3] ^= (~A[0][4] & C[0]);
+    A[1][3] ^= (~A[1][4] & C[1]);
+    A[0][4] ^= (~C[0]    & D[0]);
+    A[1][4] ^= (~C[1]    & D[1]);
+
+    C[2] = A[2][0];
+    C[3] = A[3][0];
+    D[2] = A[2][1];
+    D[3] = A[3][1];
+
+    A[2][0] ^= (~A[2][1] & A[2][2]);
+    A[3][0] ^= (~A[3][1] & A[3][2]);
+    A[2][1] ^= (~A[2][2] & A[2][3]);
+    A[3][1] ^= (~A[3][2] & A[3][3]);
+    A[2][2] ^= (~A[2][3] & A[2][4]);
+    A[3][2] ^= (~A[3][3] & A[3][4]);
+    A[2][3] ^= (~A[2][4] & C[2]);
+    A[3][3] ^= (~A[3][4] & C[3]);
+    A[2][4] ^= (~C[2]    & D[2]);
+    A[3][4] ^= (~C[3]    & D[3]);
+
+    C[4] = A[4][0];
+    D[4] = A[4][1];
+
+    A[4][0] ^= (~A[4][1] & A[4][2]);
+    A[4][1] ^= (~A[4][2] & A[4][3]);
+    A[4][2] ^= (~A[4][3] & A[4][4]);
+    A[4][3] ^= (~A[4][4] & C[4]);
+    A[4][4] ^= (~C[4]    & D[4]);
+    A[0][0] ^= iotas[i];
+}
+
+static void KeccakF1600(uint64_t A[5][5])
+{
+    size_t i;
+
+    for (i = 0; i < 24; i++) {
+        Round(A, i);
+    }
+}
+
+#elif defined(KECCAK_2X)
+/*
+ * This implementation is variant of KECCAK_1X above with outer-most
+ * round loop unrolled twice. This allows to take temporary storage
+ * out of round procedure and simplify references to it by alternating
+ * it with actual data (see round loop below). Originally it was meant
+ * rather as reference for an assembly implementation, but it seems to
+ * play best with compilers [as well as provide best instruction per
+ * processed byte ratio at minimal round unroll factor]...
+ */
+static void Round(uint64_t R[5][5], uint64_t A[5][5], size_t i)
+{
+    uint64_t C[5], D[5];
+
+    assert(i < (sizeof(iotas) / sizeof(iotas[0])));
+
+    C[0] = A[0][0] ^ A[1][0] ^ A[2][0] ^ A[3][0] ^ A[4][0];
+    C[1] = A[0][1] ^ A[1][1] ^ A[2][1] ^ A[3][1] ^ A[4][1];
+    C[2] = A[0][2] ^ A[1][2] ^ A[2][2] ^ A[3][2] ^ A[4][2];
+    C[3] = A[0][3] ^ A[1][3] ^ A[2][3] ^ A[3][3] ^ A[4][3];
+    C[4] = A[0][4] ^ A[1][4] ^ A[2][4] ^ A[3][4] ^ A[4][4];
+
+    D[0] = ROL64(C[1], 1) ^ C[4];
+    D[1] = ROL64(C[2], 1) ^ C[0];
+    D[2] = ROL64(C[3], 1) ^ C[1];
+    D[3] = ROL64(C[4], 1) ^ C[2];
+    D[4] = ROL64(C[0], 1) ^ C[3];
+
+    C[0] =       A[0][0] ^ D[0]; /* rotate by 0 */
+    C[1] = ROL64(A[1][1] ^ D[1], rhotates[1][1]);
+    C[2] = ROL64(A[2][2] ^ D[2], rhotates[2][2]);
+    C[3] = ROL64(A[3][3] ^ D[3], rhotates[3][3]);
+    C[4] = ROL64(A[4][4] ^ D[4], rhotates[4][4]);
+
+#ifdef KECCAK_COMPLEMENTING_TRANSFORM
+    R[0][0] = C[0] ^ ( C[1] | C[2]) ^ iotas[i];
+    R[0][1] = C[1] ^ (~C[2] | C[3]);
+    R[0][2] = C[2] ^ ( C[3] & C[4]);
+    R[0][3] = C[3] ^ ( C[4] | C[0]);
+    R[0][4] = C[4] ^ ( C[0] & C[1]);
+#else
+    R[0][0] = C[0] ^ (~C[1] & C[2]) ^ iotas[i];
+    R[0][1] = C[1] ^ (~C[2] & C[3]);
+    R[0][2] = C[2] ^ (~C[3] & C[4]);
+    R[0][3] = C[3] ^ (~C[4] & C[0]);
+    R[0][4] = C[4] ^ (~C[0] & C[1]);
+#endif
+
+    C[0] = ROL64(A[0][3] ^ D[3], rhotates[0][3]);
+    C[1] = ROL64(A[1][4] ^ D[4], rhotates[1][4]);
+    C[2] = ROL64(A[2][0] ^ D[0], rhotates[2][0]);
+    C[3] = ROL64(A[3][1] ^ D[1], rhotates[3][1]);
+    C[4] = ROL64(A[4][2] ^ D[2], rhotates[4][2]);
+
+#ifdef KECCAK_COMPLEMENTING_TRANSFORM
+    R[1][0] = C[0] ^ (C[1] |  C[2]);
+    R[1][1] = C[1] ^ (C[2] &  C[3]);
+    R[1][2] = C[2] ^ (C[3] | ~C[4]);
+    R[1][3] = C[3] ^ (C[4] |  C[0]);
+    R[1][4] = C[4] ^ (C[0] &  C[1]);
+#else
+    R[1][0] = C[0] ^ (~C[1] & C[2]);
+    R[1][1] = C[1] ^ (~C[2] & C[3]);
+    R[1][2] = C[2] ^ (~C[3] & C[4]);
+    R[1][3] = C[3] ^ (~C[4] & C[0]);
+    R[1][4] = C[4] ^ (~C[0] & C[1]);
+#endif
+
+    C[0] = ROL64(A[0][1] ^ D[1], rhotates[0][1]);
+    C[1] = ROL64(A[1][2] ^ D[2], rhotates[1][2]);
+    C[2] = ROL64(A[2][3] ^ D[3], rhotates[2][3]);
+    C[3] = ROL64(A[3][4] ^ D[4], rhotates[3][4]);
+    C[4] = ROL64(A[4][0] ^ D[0], rhotates[4][0]);
+
+#ifdef KECCAK_COMPLEMENTING_TRANSFORM
+    R[2][0] =  C[0] ^ ( C[1] | C[2]);
+    R[2][1] =  C[1] ^ ( C[2] & C[3]);
+    R[2][2] =  C[2] ^ (~C[3] & C[4]);
+    R[2][3] = ~C[3] ^ ( C[4] | C[0]);
+    R[2][4] =  C[4] ^ ( C[0] & C[1]);
+#else
+    R[2][0] = C[0] ^ (~C[1] & C[2]);
+    R[2][1] = C[1] ^ (~C[2] & C[3]);
+    R[2][2] = C[2] ^ (~C[3] & C[4]);
+    R[2][3] = C[3] ^ (~C[4] & C[0]);
+    R[2][4] = C[4] ^ (~C[0] & C[1]);
+#endif
+
+    C[0] = ROL64(A[0][4] ^ D[4], rhotates[0][4]);
+    C[1] = ROL64(A[1][0] ^ D[0], rhotates[1][0]);
+    C[2] = ROL64(A[2][1] ^ D[1], rhotates[2][1]);
+    C[3] = ROL64(A[3][2] ^ D[2], rhotates[3][2]);
+    C[4] = ROL64(A[4][3] ^ D[3], rhotates[4][3]);
+
+#ifdef KECCAK_COMPLEMENTING_TRANSFORM
+    R[3][0] =  C[0] ^ ( C[1] & C[2]);
+    R[3][1] =  C[1] ^ ( C[2] | C[3]);
+    R[3][2] =  C[2] ^ (~C[3] | C[4]);
+    R[3][3] = ~C[3] ^ ( C[4] & C[0]);
+    R[3][4] =  C[4] ^ ( C[0] | C[1]);
+#else
+    R[3][0] = C[0] ^ (~C[1] & C[2]);
+    R[3][1] = C[1] ^ (~C[2] & C[3]);
+    R[3][2] = C[2] ^ (~C[3] & C[4]);
+    R[3][3] = C[3] ^ (~C[4] & C[0]);
+    R[3][4] = C[4] ^ (~C[0] & C[1]);
+#endif
+
+    C[0] = ROL64(A[0][2] ^ D[2], rhotates[0][2]);
+    C[1] = ROL64(A[1][3] ^ D[3], rhotates[1][3]);
+    C[2] = ROL64(A[2][4] ^ D[4], rhotates[2][4]);
+    C[3] = ROL64(A[3][0] ^ D[0], rhotates[3][0]);
+    C[4] = ROL64(A[4][1] ^ D[1], rhotates[4][1]);
+
+#ifdef KECCAK_COMPLEMENTING_TRANSFORM
+    R[4][0] =  C[0] ^ (~C[1] & C[2]);
+    R[4][1] = ~C[1] ^ ( C[2] | C[3]);
+    R[4][2] =  C[2] ^ ( C[3] & C[4]);
+    R[4][3] =  C[3] ^ ( C[4] | C[0]);
+    R[4][4] =  C[4] ^ ( C[0] & C[1]);
+#else
+    R[4][0] = C[0] ^ (~C[1] & C[2]);
+    R[4][1] = C[1] ^ (~C[2] & C[3]);
+    R[4][2] = C[2] ^ (~C[3] & C[4]);
+    R[4][3] = C[3] ^ (~C[4] & C[0]);
+    R[4][4] = C[4] ^ (~C[0] & C[1]);
+#endif
+}
+
+static void KeccakF1600(uint64_t A[5][5])
+{
+    uint64_t T[5][5];
+    size_t i;
+
+#ifdef KECCAK_COMPLEMENTING_TRANSFORM
+    A[0][1] = ~A[0][1];
+    A[0][2] = ~A[0][2];
+    A[1][3] = ~A[1][3];
+    A[2][2] = ~A[2][2];
+    A[3][2] = ~A[3][2];
+    A[4][0] = ~A[4][0];
+#endif
+
+    for (i = 0; i < 24; i += 2) {
+        Round(T, A, i);
+        Round(A, T, i + 1);
+    }
+
+#ifdef KECCAK_COMPLEMENTING_TRANSFORM
+    A[0][1] = ~A[0][1];
+    A[0][2] = ~A[0][2];
+    A[1][3] = ~A[1][3];
+    A[2][2] = ~A[2][2];
+    A[3][2] = ~A[3][2];
+    A[4][0] = ~A[4][0];
+#endif
+}
+
+#else   /* define KECCAK_INPLACE to compile this code path */
+/*
+ * This implementation is KECCAK_1X from above combined 4 times with
+ * a twist that allows to omit temporary storage and perform in-place
+ * processing. It's discussed in section 2.5 of "Keccak implementation
+ * overview". It's likely to be best suited for processors with large
+ * register bank... On the other hand processor with large register
+ * bank can as well use KECCAK_1X_ALT, it would be as fast but much
+ * more compact...
+ */
+static void FourRounds(uint64_t A[5][5], size_t i)
+{
+    uint64_t B[5], C[5], D[5];
+
+    assert(i <= (sizeof(iotas) / sizeof(iotas[0]) - 4));
+
+    /* Round 4*n */
+    C[0] = A[0][0] ^ A[1][0] ^ A[2][0] ^ A[3][0] ^ A[4][0];
+    C[1] = A[0][1] ^ A[1][1] ^ A[2][1] ^ A[3][1] ^ A[4][1];
+    C[2] = A[0][2] ^ A[1][2] ^ A[2][2] ^ A[3][2] ^ A[4][2];
+    C[3] = A[0][3] ^ A[1][3] ^ A[2][3] ^ A[3][3] ^ A[4][3];
+    C[4] = A[0][4] ^ A[1][4] ^ A[2][4] ^ A[3][4] ^ A[4][4];
+
+    D[0] = ROL64(C[1], 1) ^ C[4];
+    D[1] = ROL64(C[2], 1) ^ C[0];
+    D[2] = ROL64(C[3], 1) ^ C[1];
+    D[3] = ROL64(C[4], 1) ^ C[2];
+    D[4] = ROL64(C[0], 1) ^ C[3];
+
+    B[0] =       A[0][0] ^ D[0]; /* rotate by 0 */
+    B[1] = ROL64(A[1][1] ^ D[1], rhotates[1][1]);
+    B[2] = ROL64(A[2][2] ^ D[2], rhotates[2][2]);
+    B[3] = ROL64(A[3][3] ^ D[3], rhotates[3][3]);
+    B[4] = ROL64(A[4][4] ^ D[4], rhotates[4][4]);
+
+    C[0] = A[0][0] = B[0] ^ (~B[1] & B[2]) ^ iotas[i];
+    C[1] = A[1][1] = B[1] ^ (~B[2] & B[3]);
+    C[2] = A[2][2] = B[2] ^ (~B[3] & B[4]);
+    C[3] = A[3][3] = B[3] ^ (~B[4] & B[0]);
+    C[4] = A[4][4] = B[4] ^ (~B[0] & B[1]);
+
+    B[0] = ROL64(A[0][3] ^ D[3], rhotates[0][3]);
+    B[1] = ROL64(A[1][4] ^ D[4], rhotates[1][4]);
+    B[2] = ROL64(A[2][0] ^ D[0], rhotates[2][0]);
+    B[3] = ROL64(A[3][1] ^ D[1], rhotates[3][1]);
+    B[4] = ROL64(A[4][2] ^ D[2], rhotates[4][2]);
+
+    C[0] ^= A[2][0] = B[0] ^ (~B[1] & B[2]);
+    C[1] ^= A[3][1] = B[1] ^ (~B[2] & B[3]);
+    C[2] ^= A[4][2] = B[2] ^ (~B[3] & B[4]);
+    C[3] ^= A[0][3] = B[3] ^ (~B[4] & B[0]);
+    C[4] ^= A[1][4] = B[4] ^ (~B[0] & B[1]);
+
+    B[0] = ROL64(A[0][1] ^ D[1], rhotates[0][1]);
+    B[1] = ROL64(A[1][2] ^ D[2], rhotates[1][2]);
+    B[2] = ROL64(A[2][3] ^ D[3], rhotates[2][3]);
+    B[3] = ROL64(A[3][4] ^ D[4], rhotates[3][4]);
+    B[4] = ROL64(A[4][0] ^ D[0], rhotates[4][0]);
+
+    C[0] ^= A[4][0] = B[0] ^ (~B[1] & B[2]);
+    C[1] ^= A[0][1] = B[1] ^ (~B[2] & B[3]);
+    C[2] ^= A[1][2] = B[2] ^ (~B[3] & B[4]);
+    C[3] ^= A[2][3] = B[3] ^ (~B[4] & B[0]);
+    C[4] ^= A[3][4] = B[4] ^ (~B[0] & B[1]);
+
+    B[0] = ROL64(A[0][4] ^ D[4], rhotates[0][4]);
+    B[1] = ROL64(A[1][0] ^ D[0], rhotates[1][0]);
+    B[2] = ROL64(A[2][1] ^ D[1], rhotates[2][1]);
+    B[3] = ROL64(A[3][2] ^ D[2], rhotates[3][2]);
+    B[4] = ROL64(A[4][3] ^ D[3], rhotates[4][3]);
+
+    C[0] ^= A[1][0] = B[0] ^ (~B[1] & B[2]);
+    C[1] ^= A[2][1] = B[1] ^ (~B[2] & B[3]);
+    C[2] ^= A[3][2] = B[2] ^ (~B[3] & B[4]);
+    C[3] ^= A[4][3] = B[3] ^ (~B[4] & B[0]);
+    C[4] ^= A[0][4] = B[4] ^ (~B[0] & B[1]);
+
+    B[0] = ROL64(A[0][2] ^ D[2], rhotates[0][2]);
+    B[1] = ROL64(A[1][3] ^ D[3], rhotates[1][3]);
+    B[2] = ROL64(A[2][4] ^ D[4], rhotates[2][4]);
+    B[3] = ROL64(A[3][0] ^ D[0], rhotates[3][0]);
+    B[4] = ROL64(A[4][1] ^ D[1], rhotates[4][1]);
+
+    C[0] ^= A[3][0] = B[0] ^ (~B[1] & B[2]);
+    C[1] ^= A[4][1] = B[1] ^ (~B[2] & B[3]);
+    C[2] ^= A[0][2] = B[2] ^ (~B[3] & B[4]);
+    C[3] ^= A[1][3] = B[3] ^ (~B[4] & B[0]);
+    C[4] ^= A[2][4] = B[4] ^ (~B[0] & B[1]);
+
+    /* Round 4*n+1 */
+    D[0] = ROL64(C[1], 1) ^ C[4];
+    D[1] = ROL64(C[2], 1) ^ C[0];
+    D[2] = ROL64(C[3], 1) ^ C[1];
+    D[3] = ROL64(C[4], 1) ^ C[2];
+    D[4] = ROL64(C[0], 1) ^ C[3];
+
+    B[0] =       A[0][0] ^ D[0]; /* rotate by 0 */
+    B[1] = ROL64(A[3][1] ^ D[1], rhotates[1][1]);
+    B[2] = ROL64(A[1][2] ^ D[2], rhotates[2][2]);
+    B[3] = ROL64(A[4][3] ^ D[3], rhotates[3][3]);
+    B[4] = ROL64(A[2][4] ^ D[4], rhotates[4][4]);
+
+    C[0] = A[0][0] = B[0] ^ (~B[1] & B[2]) ^ iotas[i + 1];
+    C[1] = A[3][1] = B[1] ^ (~B[2] & B[3]);
+    C[2] = A[1][2] = B[2] ^ (~B[3] & B[4]);
+    C[3] = A[4][3] = B[3] ^ (~B[4] & B[0]);
+    C[4] = A[2][4] = B[4] ^ (~B[0] & B[1]);
+
+    B[0] = ROL64(A[3][3] ^ D[3], rhotates[0][3]);
+    B[1] = ROL64(A[1][4] ^ D[4], rhotates[1][4]);
+    B[2] = ROL64(A[4][0] ^ D[0], rhotates[2][0]);
+    B[3] = ROL64(A[2][1] ^ D[1], rhotates[3][1]);
+    B[4] = ROL64(A[0][2] ^ D[2], rhotates[4][2]);
+
+    C[0] ^= A[4][0] = B[0] ^ (~B[1] & B[2]);
+    C[1] ^= A[2][1] = B[1] ^ (~B[2] & B[3]);
+    C[2] ^= A[0][2] = B[2] ^ (~B[3] & B[4]);
+    C[3] ^= A[3][3] = B[3] ^ (~B[4] & B[0]);
+    C[4] ^= A[1][4] = B[4] ^ (~B[0] & B[1]);
+
+    B[0] = ROL64(A[1][1] ^ D[1], rhotates[0][1]);
+    B[1] = ROL64(A[4][2] ^ D[2], rhotates[1][2]);
+    B[2] = ROL64(A[2][3] ^ D[3], rhotates[2][3]);
+    B[3] = ROL64(A[0][4] ^ D[4], rhotates[3][4]);
+    B[4] = ROL64(A[3][0] ^ D[0], rhotates[4][0]);
+
+    C[0] ^= A[3][0] = B[0] ^ (~B[1] & B[2]);
+    C[1] ^= A[1][1] = B[1] ^ (~B[2] & B[3]);
+    C[2] ^= A[4][2] = B[2] ^ (~B[3] & B[4]);
+    C[3] ^= A[2][3] = B[3] ^ (~B[4] & B[0]);
+    C[4] ^= A[0][4] = B[4] ^ (~B[0] & B[1]);
+
+    B[0] = ROL64(A[4][4] ^ D[4], rhotates[0][4]);
+    B[1] = ROL64(A[2][0] ^ D[0], rhotates[1][0]);
+    B[2] = ROL64(A[0][1] ^ D[1], rhotates[2][1]);
+    B[3] = ROL64(A[3][2] ^ D[2], rhotates[3][2]);
+    B[4] = ROL64(A[1][3] ^ D[3], rhotates[4][3]);
+
+    C[0] ^= A[2][0] = B[0] ^ (~B[1] & B[2]);
+    C[1] ^= A[0][1] = B[1] ^ (~B[2] & B[3]);
+    C[2] ^= A[3][2] = B[2] ^ (~B[3] & B[4]);
+    C[3] ^= A[1][3] = B[3] ^ (~B[4] & B[0]);
+    C[4] ^= A[4][4] = B[4] ^ (~B[0] & B[1]);
+
+    B[0] = ROL64(A[2][2] ^ D[2], rhotates[0][2]);
+    B[1] = ROL64(A[0][3] ^ D[3], rhotates[1][3]);
+    B[2] = ROL64(A[3][4] ^ D[4], rhotates[2][4]);
+    B[3] = ROL64(A[1][0] ^ D[0], rhotates[3][0]);
+    B[4] = ROL64(A[4][1] ^ D[1], rhotates[4][1]);
+
+    C[0] ^= A[1][0] = B[0] ^ (~B[1] & B[2]);
+    C[1] ^= A[4][1] = B[1] ^ (~B[2] & B[3]);
+    C[2] ^= A[2][2] = B[2] ^ (~B[3] & B[4]);
+    C[3] ^= A[0][3] = B[3] ^ (~B[4] & B[0]);
+    C[4] ^= A[3][4] = B[4] ^ (~B[0] & B[1]);
+
+    /* Round 4*n+2 */
+    D[0] = ROL64(C[1], 1) ^ C[4];
+    D[1] = ROL64(C[2], 1) ^ C[0];
+    D[2] = ROL64(C[3], 1) ^ C[1];
+    D[3] = ROL64(C[4], 1) ^ C[2];
+    D[4] = ROL64(C[0], 1) ^ C[3];
+
+    B[0] =       A[0][0] ^ D[0]; /* rotate by 0 */
+    B[1] = ROL64(A[2][1] ^ D[1], rhotates[1][1]);
+    B[2] = ROL64(A[4][2] ^ D[2], rhotates[2][2]);
+    B[3] = ROL64(A[1][3] ^ D[3], rhotates[3][3]);
+    B[4] = ROL64(A[3][4] ^ D[4], rhotates[4][4]);
+
+    C[0] = A[0][0] = B[0] ^ (~B[1] & B[2]) ^ iotas[i + 2];
+    C[1] = A[2][1] = B[1] ^ (~B[2] & B[3]);
+    C[2] = A[4][2] = B[2] ^ (~B[3] & B[4]);
+    C[3] = A[1][3] = B[3] ^ (~B[4] & B[0]);
+    C[4] = A[3][4] = B[4] ^ (~B[0] & B[1]);
+
+    B[0] = ROL64(A[4][3] ^ D[3], rhotates[0][3]);
+    B[1] = ROL64(A[1][4] ^ D[4], rhotates[1][4]);
+    B[2] = ROL64(A[3][0] ^ D[0], rhotates[2][0]);
+    B[3] = ROL64(A[0][1] ^ D[1], rhotates[3][1]);
+    B[4] = ROL64(A[2][2] ^ D[2], rhotates[4][2]);
+
+    C[0] ^= A[3][0] = B[0] ^ (~B[1] & B[2]);
+    C[1] ^= A[0][1] = B[1] ^ (~B[2] & B[3]);
+    C[2] ^= A[2][2] = B[2] ^ (~B[3] & B[4]);
+    C[3] ^= A[4][3] = B[3] ^ (~B[4] & B[0]);
+    C[4] ^= A[1][4] = B[4] ^ (~B[0] & B[1]);
+
+    B[0] = ROL64(A[3][1] ^ D[1], rhotates[0][1]);
+    B[1] = ROL64(A[0][2] ^ D[2], rhotates[1][2]);
+    B[2] = ROL64(A[2][3] ^ D[3], rhotates[2][3]);
+    B[3] = ROL64(A[4][4] ^ D[4], rhotates[3][4]);
+    B[4] = ROL64(A[1][0] ^ D[0], rhotates[4][0]);
+
+    C[0] ^= A[1][0] = B[0] ^ (~B[1] & B[2]);
+    C[1] ^= A[3][1] = B[1] ^ (~B[2] & B[3]);
+    C[2] ^= A[0][2] = B[2] ^ (~B[3] & B[4]);
+    C[3] ^= A[2][3] = B[3] ^ (~B[4] & B[0]);
+    C[4] ^= A[4][4] = B[4] ^ (~B[0] & B[1]);
+
+    B[0] = ROL64(A[2][4] ^ D[4], rhotates[0][4]);
+    B[1] = ROL64(A[4][0] ^ D[0], rhotates[1][0]);
+    B[2] = ROL64(A[1][1] ^ D[1], rhotates[2][1]);
+    B[3] = ROL64(A[3][2] ^ D[2], rhotates[3][2]);
+    B[4] = ROL64(A[0][3] ^ D[3], rhotates[4][3]);
+
+    C[0] ^= A[4][0] = B[0] ^ (~B[1] & B[2]);
+    C[1] ^= A[1][1] = B[1] ^ (~B[2] & B[3]);
+    C[2] ^= A[3][2] = B[2] ^ (~B[3] & B[4]);
+    C[3] ^= A[0][3] = B[3] ^ (~B[4] & B[0]);
+    C[4] ^= A[2][4] = B[4] ^ (~B[0] & B[1]);
+
+    B[0] = ROL64(A[1][2] ^ D[2], rhotates[0][2]);
+    B[1] = ROL64(A[3][3] ^ D[3], rhotates[1][3]);
+    B[2] = ROL64(A[0][4] ^ D[4], rhotates[2][4]);
+    B[3] = ROL64(A[2][0] ^ D[0], rhotates[3][0]);
+    B[4] = ROL64(A[4][1] ^ D[1], rhotates[4][1]);
+
+    C[0] ^= A[2][0] = B[0] ^ (~B[1] & B[2]);
+    C[1] ^= A[4][1] = B[1] ^ (~B[2] & B[3]);
+    C[2] ^= A[1][2] = B[2] ^ (~B[3] & B[4]);
+    C[3] ^= A[3][3] = B[3] ^ (~B[4] & B[0]);
+    C[4] ^= A[0][4] = B[4] ^ (~B[0] & B[1]);
+
+    /* Round 4*n+3 */
+    D[0] = ROL64(C[1], 1) ^ C[4];
+    D[1] = ROL64(C[2], 1) ^ C[0];
+    D[2] = ROL64(C[3], 1) ^ C[1];
+    D[3] = ROL64(C[4], 1) ^ C[2];
+    D[4] = ROL64(C[0], 1) ^ C[3];
+
+    B[0] =       A[0][0] ^ D[0]; /* rotate by 0 */
+    B[1] = ROL64(A[0][1] ^ D[1], rhotates[1][1]);
+    B[2] = ROL64(A[0][2] ^ D[2], rhotates[2][2]);
+    B[3] = ROL64(A[0][3] ^ D[3], rhotates[3][3]);
+    B[4] = ROL64(A[0][4] ^ D[4], rhotates[4][4]);
+
+    /* C[0] = */ A[0][0] = B[0] ^ (~B[1] & B[2]) ^ iotas[i + 3];
+    /* C[1] = */ A[0][1] = B[1] ^ (~B[2] & B[3]);
+    /* C[2] = */ A[0][2] = B[2] ^ (~B[3] & B[4]);
+    /* C[3] = */ A[0][3] = B[3] ^ (~B[4] & B[0]);
+    /* C[4] = */ A[0][4] = B[4] ^ (~B[0] & B[1]);
+
+    B[0] = ROL64(A[1][3] ^ D[3], rhotates[0][3]);
+    B[1] = ROL64(A[1][4] ^ D[4], rhotates[1][4]);
+    B[2] = ROL64(A[1][0] ^ D[0], rhotates[2][0]);
+    B[3] = ROL64(A[1][1] ^ D[1], rhotates[3][1]);
+    B[4] = ROL64(A[1][2] ^ D[2], rhotates[4][2]);
+
+    /* C[0] ^= */ A[1][0] = B[0] ^ (~B[1] & B[2]);
+    /* C[1] ^= */ A[1][1] = B[1] ^ (~B[2] & B[3]);
+    /* C[2] ^= */ A[1][2] = B[2] ^ (~B[3] & B[4]);
+    /* C[3] ^= */ A[1][3] = B[3] ^ (~B[4] & B[0]);
+    /* C[4] ^= */ A[1][4] = B[4] ^ (~B[0] & B[1]);
+
+    B[0] = ROL64(A[2][1] ^ D[1], rhotates[0][1]);
+    B[1] = ROL64(A[2][2] ^ D[2], rhotates[1][2]);
+    B[2] = ROL64(A[2][3] ^ D[3], rhotates[2][3]);
+    B[3] = ROL64(A[2][4] ^ D[4], rhotates[3][4]);
+    B[4] = ROL64(A[2][0] ^ D[0], rhotates[4][0]);
+
+    /* C[0] ^= */ A[2][0] = B[0] ^ (~B[1] & B[2]);
+    /* C[1] ^= */ A[2][1] = B[1] ^ (~B[2] & B[3]);
+    /* C[2] ^= */ A[2][2] = B[2] ^ (~B[3] & B[4]);
+    /* C[3] ^= */ A[2][3] = B[3] ^ (~B[4] & B[0]);
+    /* C[4] ^= */ A[2][4] = B[4] ^ (~B[0] & B[1]);
+
+    B[0] = ROL64(A[3][4] ^ D[4], rhotates[0][4]);
+    B[1] = ROL64(A[3][0] ^ D[0], rhotates[1][0]);
+    B[2] = ROL64(A[3][1] ^ D[1], rhotates[2][1]);
+    B[3] = ROL64(A[3][2] ^ D[2], rhotates[3][2]);
+    B[4] = ROL64(A[3][3] ^ D[3], rhotates[4][3]);
+
+    /* C[0] ^= */ A[3][0] = B[0] ^ (~B[1] & B[2]);
+    /* C[1] ^= */ A[3][1] = B[1] ^ (~B[2] & B[3]);
+    /* C[2] ^= */ A[3][2] = B[2] ^ (~B[3] & B[4]);
+    /* C[3] ^= */ A[3][3] = B[3] ^ (~B[4] & B[0]);
+    /* C[4] ^= */ A[3][4] = B[4] ^ (~B[0] & B[1]);
+
+    B[0] = ROL64(A[4][2] ^ D[2], rhotates[0][2]);
+    B[1] = ROL64(A[4][3] ^ D[3], rhotates[1][3]);
+    B[2] = ROL64(A[4][4] ^ D[4], rhotates[2][4]);
+    B[3] = ROL64(A[4][0] ^ D[0], rhotates[3][0]);
+    B[4] = ROL64(A[4][1] ^ D[1], rhotates[4][1]);
+
+    /* C[0] ^= */ A[4][0] = B[0] ^ (~B[1] & B[2]);
+    /* C[1] ^= */ A[4][1] = B[1] ^ (~B[2] & B[3]);
+    /* C[2] ^= */ A[4][2] = B[2] ^ (~B[3] & B[4]);
+    /* C[3] ^= */ A[4][3] = B[3] ^ (~B[4] & B[0]);
+    /* C[4] ^= */ A[4][4] = B[4] ^ (~B[0] & B[1]);
+}
+
+static void KeccakF1600(uint64_t A[5][5])
+{
+    size_t i;
+
+    for (i = 0; i < 24; i += 4) {
+        FourRounds(A, i);
+    }
+}
+
+#endif
+
+static uint64_t BitInterleave(uint64_t Ai)
+{
+    if (BIT_INTERLEAVE) {
+        uint32_t hi = (uint32_t)(Ai >> 32), lo = (uint32_t)Ai;
+        uint32_t t0, t1;
+
+        t0 = lo & 0x55555555;
+        t0 |= t0 >> 1;  t0 &= 0x33333333;
+        t0 |= t0 >> 2;  t0 &= 0x0f0f0f0f;
+        t0 |= t0 >> 4;  t0 &= 0x00ff00ff;
+        t0 |= t0 >> 8;  t0 &= 0x0000ffff;
+
+        t1 = hi & 0x55555555;
+        t1 |= t1 >> 1;  t1 &= 0x33333333;
+        t1 |= t1 >> 2;  t1 &= 0x0f0f0f0f;
+        t1 |= t1 >> 4;  t1 &= 0x00ff00ff;
+        t1 |= t1 >> 8;  t1 <<= 16;
+
+        lo &= 0xaaaaaaaa;
+        lo |= lo << 1;  lo &= 0xcccccccc;
+        lo |= lo << 2;  lo &= 0xf0f0f0f0;
+        lo |= lo << 4;  lo &= 0xff00ff00;
+        lo |= lo << 8;  lo >>= 16;
+
+        hi &= 0xaaaaaaaa;
+        hi |= hi << 1;  hi &= 0xcccccccc;
+        hi |= hi << 2;  hi &= 0xf0f0f0f0;
+        hi |= hi << 4;  hi &= 0xff00ff00;
+        hi |= hi << 8;  hi &= 0xffff0000;
+
+        Ai = ((uint64_t)(hi | lo) << 32) | (t1 | t0);
+    }
+
+    return Ai;
+}
+
+static uint64_t BitDeinterleave(uint64_t Ai)
+{
+    if (BIT_INTERLEAVE) {
+        uint32_t hi = (uint32_t)(Ai >> 32), lo = (uint32_t)Ai;
+        uint32_t t0, t1;
+
+        t0 = lo & 0x0000ffff;
+        t0 |= t0 << 8;  t0 &= 0x00ff00ff;
+        t0 |= t0 << 4;  t0 &= 0x0f0f0f0f;
+        t0 |= t0 << 2;  t0 &= 0x33333333;
+        t0 |= t0 << 1;  t0 &= 0x55555555;
+
+        t1 = hi << 16;
+        t1 |= t1 >> 8;  t1 &= 0xff00ff00;
+        t1 |= t1 >> 4;  t1 &= 0xf0f0f0f0;
+        t1 |= t1 >> 2;  t1 &= 0xcccccccc;
+        t1 |= t1 >> 1;  t1 &= 0xaaaaaaaa;
+
+        lo >>= 16;
+        lo |= lo << 8;  lo &= 0x00ff00ff;
+        lo |= lo << 4;  lo &= 0x0f0f0f0f;
+        lo |= lo << 2;  lo &= 0x33333333;
+        lo |= lo << 1;  lo &= 0x55555555;
+
+        hi &= 0xffff0000;
+        hi |= hi >> 8;  hi &= 0xff00ff00;
+        hi |= hi >> 4;  hi &= 0xf0f0f0f0;
+        hi |= hi >> 2;  hi &= 0xcccccccc;
+        hi |= hi >> 1;  hi &= 0xaaaaaaaa;
+
+        Ai = ((uint64_t)(hi | lo) << 32) | (t1 | t0);
+    }
+
+    return Ai;
+}
+
+/*
+ * SHA3_absorb can be called multiple times, but at each invocation
+ * largest multiple of |r| out of |len| bytes are processed. Then
+ * remaining amount of bytes is returned. This is done to spare caller
+ * trouble of calculating the largest multiple of |r|. |r| can be viewed
+ * as blocksize. It is commonly (1600 - 256*n)/8, e.g. 168, 136, 104,
+ * 72, but can also be (1600 - 448)/8 = 144. All this means that message
+ * padding and intermediate sub-block buffering, byte- or bitwise, is
+ * caller's responsibility.
+ */
+size_t SHA3_absorb(uint64_t A[5][5], const unsigned char *inp, size_t len,
+                   size_t r)
+{
+    uint64_t *A_flat = (uint64_t *)A;
+    size_t i, w = r / 8;
+
+    assert(r < (25 * sizeof(A[0][0])) && (r % 8) == 0);
+
+    while (len >= r) {
+        for (i = 0; i < w; i++) {
+            uint64_t Ai = (uint64_t)inp[0]       | (uint64_t)inp[1] << 8  |
+                          (uint64_t)inp[2] << 16 | (uint64_t)inp[3] << 24 |
+                          (uint64_t)inp[4] << 32 | (uint64_t)inp[5] << 40 |
+                          (uint64_t)inp[6] << 48 | (uint64_t)inp[7] << 56;
+            inp += 8;
+
+            A_flat[i] ^= BitInterleave(Ai);
+        }
+        KeccakF1600(A);
+        len -= r;
+    }
+
+    return len;
+}
+
+/*
+ * SHA3_squeeze is called once at the end to generate |out| hash value
+ * of |len| bytes.
+ */
+void SHA3_squeeze(uint64_t A[5][5], unsigned char *out, size_t len, size_t r)
+{
+    uint64_t *A_flat = (uint64_t *)A;
+    size_t i, w = r / 8;
+
+    assert(r < (25 * sizeof(A[0][0])) && (r % 8) == 0);
+
+    while (len != 0) {
+        for (i = 0; i < w && len != 0; i++) {
+            uint64_t Ai = BitDeinterleave(A_flat[i]);
+
+            if (len < 8) {
+                for (i = 0; i < len; i++) {
+                    *out++ = (unsigned char)Ai;
+                    Ai >>= 8;
+                }
+                return;
+            }
+
+            out[0] = (unsigned char)(Ai);
+            out[1] = (unsigned char)(Ai >> 8);
+            out[2] = (unsigned char)(Ai >> 16);
+            out[3] = (unsigned char)(Ai >> 24);
+            out[4] = (unsigned char)(Ai >> 32);
+            out[5] = (unsigned char)(Ai >> 40);
+            out[6] = (unsigned char)(Ai >> 48);
+            out[7] = (unsigned char)(Ai >> 56);
+            out += 8;
+            len -= 8;
+        }
+        if (len)
+            KeccakF1600(A);
+    }
+}
+#endif
+
+#ifdef SELFTEST
+/*
+ * Post-padding one-shot implementations would look as following:
+ *
+ * SHA3_224     SHA3_sponge(inp, len, out, 224/8, (1600-448)/8);
+ * SHA3_256     SHA3_sponge(inp, len, out, 256/8, (1600-512)/8);
+ * SHA3_384     SHA3_sponge(inp, len, out, 384/8, (1600-768)/8);
+ * SHA3_512     SHA3_sponge(inp, len, out, 512/8, (1600-1024)/8);
+ * SHAKE_128    SHA3_sponge(inp, len, out, d, (1600-256)/8);
+ * SHAKE_256    SHA3_sponge(inp, len, out, d, (1600-512)/8);
+ */
+
+void SHA3_sponge(const unsigned char *inp, size_t len,
+                 unsigned char *out, size_t d, size_t r)
+{
+    uint64_t A[5][5];
+
+    memset(A, 0, sizeof(A));
+    SHA3_absorb(A, inp, len, r);
+    SHA3_squeeze(A, out, d, r);
+}
+
+# include <stdio.h>
+
+int main()
+{
+    /*
+     * This is 5-bit SHAKE128 test from http://csrc.nist.gov/groups/ST/toolkit/examples.html#aHashing
+     */
+    unsigned char test[168] = { '\xf3', '\x3' };
+    unsigned char out[512];
+    size_t i;
+    static const unsigned char result[512] = {
+        0x2E, 0x0A, 0xBF, 0xBA, 0x83, 0xE6, 0x72, 0x0B,
+        0xFB, 0xC2, 0x25, 0xFF, 0x6B, 0x7A, 0xB9, 0xFF,
+        0xCE, 0x58, 0xBA, 0x02, 0x7E, 0xE3, 0xD8, 0x98,
+        0x76, 0x4F, 0xEF, 0x28, 0x7D, 0xDE, 0xCC, 0xCA,
+        0x3E, 0x6E, 0x59, 0x98, 0x41, 0x1E, 0x7D, 0xDB,
+        0x32, 0xF6, 0x75, 0x38, 0xF5, 0x00, 0xB1, 0x8C,
+        0x8C, 0x97, 0xC4, 0x52, 0xC3, 0x70, 0xEA, 0x2C,
+        0xF0, 0xAF, 0xCA, 0x3E, 0x05, 0xDE, 0x7E, 0x4D,
+        0xE2, 0x7F, 0xA4, 0x41, 0xA9, 0xCB, 0x34, 0xFD,
+        0x17, 0xC9, 0x78, 0xB4, 0x2D, 0x5B, 0x7E, 0x7F,
+        0x9A, 0xB1, 0x8F, 0xFE, 0xFF, 0xC3, 0xC5, 0xAC,
+        0x2F, 0x3A, 0x45, 0x5E, 0xEB, 0xFD, 0xC7, 0x6C,
+        0xEA, 0xEB, 0x0A, 0x2C, 0xCA, 0x22, 0xEE, 0xF6,
+        0xE6, 0x37, 0xF4, 0xCA, 0xBE, 0x5C, 0x51, 0xDE,
+        0xD2, 0xE3, 0xFA, 0xD8, 0xB9, 0x52, 0x70, 0xA3,
+        0x21, 0x84, 0x56, 0x64, 0xF1, 0x07, 0xD1, 0x64,
+        0x96, 0xBB, 0x7A, 0xBF, 0xBE, 0x75, 0x04, 0xB6,
+        0xED, 0xE2, 0xE8, 0x9E, 0x4B, 0x99, 0x6F, 0xB5,
+        0x8E, 0xFD, 0xC4, 0x18, 0x1F, 0x91, 0x63, 0x38,
+        0x1C, 0xBE, 0x7B, 0xC0, 0x06, 0xA7, 0xA2, 0x05,
+        0x98, 0x9C, 0x52, 0x6C, 0xD1, 0xBD, 0x68, 0x98,
+        0x36, 0x93, 0xB4, 0xBD, 0xC5, 0x37, 0x28, 0xB2,
+        0x41, 0xC1, 0xCF, 0xF4, 0x2B, 0xB6, 0x11, 0x50,
+        0x2C, 0x35, 0x20, 0x5C, 0xAB, 0xB2, 0x88, 0x75,
+        0x56, 0x55, 0xD6, 0x20, 0xC6, 0x79, 0x94, 0xF0,
+        0x64, 0x51, 0x18, 0x7F, 0x6F, 0xD1, 0x7E, 0x04,
+        0x66, 0x82, 0xBA, 0x12, 0x86, 0x06, 0x3F, 0xF8,
+        0x8F, 0xE2, 0x50, 0x8D, 0x1F, 0xCA, 0xF9, 0x03,
+        0x5A, 0x12, 0x31, 0xAD, 0x41, 0x50, 0xA9, 0xC9,
+        0xB2, 0x4C, 0x9B, 0x2D, 0x66, 0xB2, 0xAD, 0x1B,
+        0xDE, 0x0B, 0xD0, 0xBB, 0xCB, 0x8B, 0xE0, 0x5B,
+        0x83, 0x52, 0x29, 0xEF, 0x79, 0x19, 0x73, 0x73,
+        0x23, 0x42, 0x44, 0x01, 0xE1, 0xD8, 0x37, 0xB6,
+        0x6E, 0xB4, 0xE6, 0x30, 0xFF, 0x1D, 0xE7, 0x0C,
+        0xB3, 0x17, 0xC2, 0xBA, 0xCB, 0x08, 0x00, 0x1D,
+        0x34, 0x77, 0xB7, 0xA7, 0x0A, 0x57, 0x6D, 0x20,
+        0x86, 0x90, 0x33, 0x58, 0x9D, 0x85, 0xA0, 0x1D,
+        0xDB, 0x2B, 0x66, 0x46, 0xC0, 0x43, 0xB5, 0x9F,
+        0xC0, 0x11, 0x31, 0x1D, 0xA6, 0x66, 0xFA, 0x5A,
+        0xD1, 0xD6, 0x38, 0x7F, 0xA9, 0xBC, 0x40, 0x15,
+        0xA3, 0x8A, 0x51, 0xD1, 0xDA, 0x1E, 0xA6, 0x1D,
+        0x64, 0x8D, 0xC8, 0xE3, 0x9A, 0x88, 0xB9, 0xD6,
+        0x22, 0xBD, 0xE2, 0x07, 0xFD, 0xAB, 0xC6, 0xF2,
+        0x82, 0x7A, 0x88, 0x0C, 0x33, 0x0B, 0xBF, 0x6D,
+        0xF7, 0x33, 0x77, 0x4B, 0x65, 0x3E, 0x57, 0x30,
+        0x5D, 0x78, 0xDC, 0xE1, 0x12, 0xF1, 0x0A, 0x2C,
+        0x71, 0xF4, 0xCD, 0xAD, 0x92, 0xED, 0x11, 0x3E,
+        0x1C, 0xEA, 0x63, 0xB9, 0x19, 0x25, 0xED, 0x28,
+        0x19, 0x1E, 0x6D, 0xBB, 0xB5, 0xAA, 0x5A, 0x2A,
+        0xFD, 0xA5, 0x1F, 0xC0, 0x5A, 0x3A, 0xF5, 0x25,
+        0x8B, 0x87, 0x66, 0x52, 0x43, 0x55, 0x0F, 0x28,
+        0x94, 0x8A, 0xE2, 0xB8, 0xBE, 0xB6, 0xBC, 0x9C,
+        0x77, 0x0B, 0x35, 0xF0, 0x67, 0xEA, 0xA6, 0x41,
+        0xEF, 0xE6, 0x5B, 0x1A, 0x44, 0x90, 0x9D, 0x1B,
+        0x14, 0x9F, 0x97, 0xEE, 0xA6, 0x01, 0x39, 0x1C,
+        0x60, 0x9E, 0xC8, 0x1D, 0x19, 0x30, 0xF5, 0x7C,
+        0x18, 0xA4, 0xE0, 0xFA, 0xB4, 0x91, 0xD1, 0xCA,
+        0xDF, 0xD5, 0x04, 0x83, 0x44, 0x9E, 0xDC, 0x0F,
+        0x07, 0xFF, 0xB2, 0x4D, 0x2C, 0x6F, 0x9A, 0x9A,
+        0x3B, 0xFF, 0x39, 0xAE, 0x3D, 0x57, 0xF5, 0x60,
+        0x65, 0x4D, 0x7D, 0x75, 0xC9, 0x08, 0xAB, 0xE6,
+        0x25, 0x64, 0x75, 0x3E, 0xAC, 0x39, 0xD7, 0x50,
+        0x3D, 0xA6, 0xD3, 0x7C, 0x2E, 0x32, 0xE1, 0xAF,
+        0x3B, 0x8A, 0xEC, 0x8A, 0xE3, 0x06, 0x9C, 0xD9
+    };
+
+    test[167] = '\x80';
+    SHA3_sponge(test, sizeof(test), out, sizeof(out), sizeof(test));
+
+    /*
+     * Rationale behind keeping output [formatted as below] is that
+     * one should be able to redirect it to a file, then copy-n-paste
+     * final "output val" from official example to another file, and
+     * compare the two with diff(1).
+     */
+    for (i = 0; i < sizeof(out);) {
+        printf("%02X", out[i]);
+        printf(++i % 16 && i != sizeof(out) ? " " : "\n");
+    }
+
+    if (memcmp(out,result,sizeof(out))) {
+        fprintf(stderr,"failure\n");
+        return 1;
+    } else {
+        fprintf(stderr,"success\n");
+        return 0;
+    }
+}
+#endif
diff --git a/freebsd/crypto/openssl/crypto/sha/sha.c b/freebsd/crypto/openssl/crypto/sha/sha.c
deleted file mode 100644
index 981c9145..00000000
--- a/freebsd/crypto/openssl/crypto/sha/sha.c
+++ /dev/null
@@ -1,120 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/sha/sha.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/sha.h>
-
-#define BUFSIZE 1024*16
-
-void do_fp(FILE *f);
-void pt(unsigned char *md);
-int read(int, void *, unsigned int);
-int main(int argc, char **argv)
-{
-    int i, err = 0;
-    FILE *IN;
-
-    if (argc == 1) {
-        do_fp(stdin);
-    } else {
-        for (i = 1; i < argc; i++) {
-            IN = fopen(argv[i], "r");
-            if (IN == NULL) {
-                perror(argv[i]);
-                err++;
-                continue;
-            }
-            printf("SHA(%s)= ", argv[i]);
-            do_fp(IN);
-            fclose(IN);
-        }
-    }
-    exit(err);
-}
-
-void do_fp(FILE *f)
-{
-    SHA_CTX c;
-    unsigned char md[SHA_DIGEST_LENGTH];
-    int fd;
-    int i;
-    unsigned char buf[BUFSIZE];
-
-    fd = fileno(f);
-    SHA_Init(&c);
-    for (;;) {
-        i = read(fd, buf, BUFSIZE);
-        if (i <= 0)
-            break;
-        SHA_Update(&c, buf, (unsigned long)i);
-    }
-    SHA_Final(&(md[0]), &c);
-    pt(md);
-}
-
-void pt(unsigned char *md)
-{
-    int i;
-
-    for (i = 0; i < SHA_DIGEST_LENGTH; i++)
-        printf("%02x", md[i]);
-    printf("\n");
-}
diff --git a/freebsd/crypto/openssl/crypto/sha/sha.h b/freebsd/crypto/openssl/crypto/sha/sha.h
deleted file mode 100644
index e5169e4f..00000000
--- a/freebsd/crypto/openssl/crypto/sha/sha.h
+++ /dev/null
@@ -1,214 +0,0 @@
-/* crypto/sha/sha.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_SHA_H
-# define HEADER_SHA_H
-
-# include <openssl/e_os2.h>
-# include <stddef.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-# if defined(OPENSSL_NO_SHA) || (defined(OPENSSL_NO_SHA0) && defined(OPENSSL_NO_SHA1))
-#  error SHA is disabled.
-# endif
-
-# if defined(OPENSSL_FIPS)
-#  define FIPS_SHA_SIZE_T size_t
-# endif
-
-/*-
- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- * ! SHA_LONG has to be at least 32 bits wide. If it's wider, then !
- * ! SHA_LONG_LOG2 has to be defined along.                        !
- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- */
-
-# if defined(__LP32__)
-#  define SHA_LONG unsigned long
-# elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
-#  define SHA_LONG unsigned long
-#  define SHA_LONG_LOG2 3
-# else
-#  define SHA_LONG unsigned int
-# endif
-
-# define SHA_LBLOCK      16
-# define SHA_CBLOCK      (SHA_LBLOCK*4)/* SHA treats input data as a
-                                        * contiguous array of 32 bit wide
-                                        * big-endian values. */
-# define SHA_LAST_BLOCK  (SHA_CBLOCK-8)
-# define SHA_DIGEST_LENGTH 20
-
-typedef struct SHAstate_st {
-    SHA_LONG h0, h1, h2, h3, h4;
-    SHA_LONG Nl, Nh;
-    SHA_LONG data[SHA_LBLOCK];
-    unsigned int num;
-} SHA_CTX;
-
-# ifndef OPENSSL_NO_SHA0
-#  ifdef OPENSSL_FIPS
-int private_SHA_Init(SHA_CTX *c);
-#  endif
-int SHA_Init(SHA_CTX *c);
-int SHA_Update(SHA_CTX *c, const void *data, size_t len);
-int SHA_Final(unsigned char *md, SHA_CTX *c);
-unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md);
-void SHA_Transform(SHA_CTX *c, const unsigned char *data);
-# endif
-# ifndef OPENSSL_NO_SHA1
-#  ifdef OPENSSL_FIPS
-int private_SHA1_Init(SHA_CTX *c);
-#  endif
-int SHA1_Init(SHA_CTX *c);
-int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
-int SHA1_Final(unsigned char *md, SHA_CTX *c);
-unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md);
-void SHA1_Transform(SHA_CTX *c, const unsigned char *data);
-# endif
-
-# define SHA256_CBLOCK   (SHA_LBLOCK*4)/* SHA-256 treats input data as a
-                                        * contiguous array of 32 bit wide
-                                        * big-endian values. */
-# define SHA224_DIGEST_LENGTH    28
-# define SHA256_DIGEST_LENGTH    32
-
-typedef struct SHA256state_st {
-    SHA_LONG h[8];
-    SHA_LONG Nl, Nh;
-    SHA_LONG data[SHA_LBLOCK];
-    unsigned int num, md_len;
-} SHA256_CTX;
-
-# ifndef OPENSSL_NO_SHA256
-#  ifdef OPENSSL_FIPS
-int private_SHA224_Init(SHA256_CTX *c);
-int private_SHA256_Init(SHA256_CTX *c);
-#  endif
-int SHA224_Init(SHA256_CTX *c);
-int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);
-int SHA224_Final(unsigned char *md, SHA256_CTX *c);
-unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md);
-int SHA256_Init(SHA256_CTX *c);
-int SHA256_Update(SHA256_CTX *c, const void *data, size_t len);
-int SHA256_Final(unsigned char *md, SHA256_CTX *c);
-unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md);
-void SHA256_Transform(SHA256_CTX *c, const unsigned char *data);
-# endif
-
-# define SHA384_DIGEST_LENGTH    48
-# define SHA512_DIGEST_LENGTH    64
-
-# ifndef OPENSSL_NO_SHA512
-/*
- * Unlike 32-bit digest algorithms, SHA-512 *relies* on SHA_LONG64
- * being exactly 64-bit wide. See Implementation Notes in sha512.c
- * for further details.
- */
-/*
- * SHA-512 treats input data as a
- * contiguous array of 64 bit
- * wide big-endian values.
- */
-#  define SHA512_CBLOCK   (SHA_LBLOCK*8)
-#  if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
-#   define SHA_LONG64 unsigned __int64
-#   define U64(C)     C##UI64
-#  elif defined(__arch64__)
-#   define SHA_LONG64 unsigned long
-#   define U64(C)     C##UL
-#  else
-#   define SHA_LONG64 unsigned long long
-#   define U64(C)     C##ULL
-#  endif
-
-typedef struct SHA512state_st {
-    SHA_LONG64 h[8];
-    SHA_LONG64 Nl, Nh;
-    union {
-        SHA_LONG64 d[SHA_LBLOCK];
-        unsigned char p[SHA512_CBLOCK];
-    } u;
-    unsigned int num, md_len;
-} SHA512_CTX;
-# endif
-
-# ifndef OPENSSL_NO_SHA512
-#  ifdef OPENSSL_FIPS
-int private_SHA384_Init(SHA512_CTX *c);
-int private_SHA512_Init(SHA512_CTX *c);
-#  endif
-int SHA384_Init(SHA512_CTX *c);
-int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
-int SHA384_Final(unsigned char *md, SHA512_CTX *c);
-unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md);
-int SHA512_Init(SHA512_CTX *c);
-int SHA512_Update(SHA512_CTX *c, const void *data, size_t len);
-int SHA512_Final(unsigned char *md, SHA512_CTX *c);
-unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md);
-void SHA512_Transform(SHA512_CTX *c, const unsigned char *data);
-# endif
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/freebsd/crypto/openssl/crypto/sha/sha1.c b/freebsd/crypto/openssl/crypto/sha/sha1.c
deleted file mode 100644
index 4290b459..00000000
--- a/freebsd/crypto/openssl/crypto/sha/sha1.c
+++ /dev/null
@@ -1,123 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/sha/sha1.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/sha.h>
-
-#define BUFSIZE 1024*16
-
-void do_fp(FILE *f);
-void pt(unsigned char *md);
-#ifndef _OSD_POSIX
-int read(int, void *, unsigned int);
-#endif
-
-int main(int argc, char **argv)
-{
-    int i, err = 0;
-    FILE *IN;
-
-    if (argc == 1) {
-        do_fp(stdin);
-    } else {
-        for (i = 1; i < argc; i++) {
-            IN = fopen(argv[i], "r");
-            if (IN == NULL) {
-                perror(argv[i]);
-                err++;
-                continue;
-            }
-            printf("SHA1(%s)= ", argv[i]);
-            do_fp(IN);
-            fclose(IN);
-        }
-    }
-    exit(err);
-}
-
-void do_fp(FILE *f)
-{
-    SHA_CTX c;
-    unsigned char md[SHA_DIGEST_LENGTH];
-    int fd;
-    int i;
-    unsigned char buf[BUFSIZE];
-
-    fd = fileno(f);
-    SHA1_Init(&c);
-    for (;;) {
-        i = read(fd, buf, BUFSIZE);
-        if (i <= 0)
-            break;
-        SHA1_Update(&c, buf, (unsigned long)i);
-    }
-    SHA1_Final(&(md[0]), &c);
-    pt(md);
-}
-
-void pt(unsigned char *md)
-{
-    int i;
-
-    for (i = 0; i < SHA_DIGEST_LENGTH; i++)
-        printf("%02x", md[i]);
-    printf("\n");
-}
diff --git a/freebsd/crypto/openssl/crypto/sha/sha1_one.c b/freebsd/crypto/openssl/crypto/sha/sha1_one.c
index e6576d3e..3a8a5eef 100644
--- a/freebsd/crypto/openssl/crypto/sha/sha1_one.c
+++ b/freebsd/crypto/openssl/crypto/sha/sha1_one.c
@@ -1,61 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/sha/sha1_one.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
@@ -63,7 +14,6 @@
 #include <openssl/crypto.h>
 #include <openssl/sha.h>
 
-#ifndef OPENSSL_NO_SHA1
 unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md)
 {
     SHA_CTX c;
@@ -76,6 +26,5 @@ unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md)
     SHA1_Update(&c, d, n);
     SHA1_Final(md, &c);
     OPENSSL_cleanse(&c, sizeof(c));
-    return (md);
+    return md;
 }
-#endif
diff --git a/freebsd/crypto/openssl/crypto/sha/sha1dgst.c b/freebsd/crypto/openssl/crypto/sha/sha1dgst.c
index edd3bb9d..32eb0d89 100644
--- a/freebsd/crypto/openssl/crypto/sha/sha1dgst.c
+++ b/freebsd/crypto/openssl/crypto/sha/sha1dgst.c
@@ -1,76 +1,19 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/sha/sha1dgst.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/crypto.h>
 #include <openssl/opensslconf.h>
-#if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_SHA)
-
-# undef  SHA_0
-# define SHA_1
 
 # include <openssl/opensslv.h>
 
-const char SHA1_version[] = "SHA1" OPENSSL_VERSION_PTEXT;
-
 /* The implementation is in ../md32_common.h */
 
 # include "sha_locl.h"
-
-#endif
diff --git a/freebsd/crypto/openssl/crypto/sha/sha1test.c b/freebsd/crypto/openssl/crypto/sha/sha1test.c
deleted file mode 100644
index f5a0f1e4..00000000
--- a/freebsd/crypto/openssl/crypto/sha/sha1test.c
+++ /dev/null
@@ -1,176 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/sha/sha1test.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-#include "../e_os.h"
-
-#ifdef OPENSSL_NO_SHA
-int main(int argc, char *argv[])
-{
-    printf("No SHA support\n");
-    return (0);
-}
-#else
-# include <openssl/evp.h>
-# include <openssl/sha.h>
-
-# ifdef CHARSET_EBCDIC
-#  include <openssl/ebcdic.h>
-# endif
-
-# undef SHA_0                   /* FIPS 180 */
-# define  SHA_1                 /* FIPS 180-1 */
-
-static char *test[] = {
-    "abc",
-    "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
-    NULL,
-};
-
-# ifdef SHA_0
-static char *ret[] = {
-    "0164b8a914cd2a5e74c4f7ff082c4d97f1edf880",
-    "d2516ee1acfa5baf33dfc1c471e438449ef134c8",
-};
-
-static char *bigret = "3232affa48628a26653b5aaa44541fd90d690603";
-# endif
-# ifdef SHA_1
-static char *ret[] = {
-    "a9993e364706816aba3e25717850c26c9cd0d89d",
-    "84983e441c3bd26ebaae4aa1f95129e5e54670f1",
-};
-
-static char *bigret = "34aa973cd4c4daa4f61eeb2bdbad27316534016f";
-# endif
-
-static char *pt(unsigned char *md);
-int main(int argc, char *argv[])
-{
-    int i, err = 0;
-    char **P, **R;
-    static unsigned char buf[1000];
-    char *p, *r;
-    EVP_MD_CTX c;
-    unsigned char md[SHA_DIGEST_LENGTH];
-
-# ifdef CHARSET_EBCDIC
-    ebcdic2ascii(test[0], test[0], strlen(test[0]));
-    ebcdic2ascii(test[1], test[1], strlen(test[1]));
-# endif
-
-    EVP_MD_CTX_init(&c);
-    P = test;
-    R = ret;
-    i = 1;
-    while (*P != NULL) {
-        EVP_Digest(*P, strlen((char *)*P), md, NULL, EVP_sha1(), NULL);
-        p = pt(md);
-        if (strcmp(p, (char *)*R) != 0) {
-            printf("error calculating SHA1 on '%s'\n", *P);
-            printf("got %s instead of %s\n", p, *R);
-            err++;
-        } else
-            printf("test %d ok\n", i);
-        i++;
-        R++;
-        P++;
-    }
-
-    memset(buf, 'a', 1000);
-# ifdef CHARSET_EBCDIC
-    ebcdic2ascii(buf, buf, 1000);
-# endif                         /* CHARSET_EBCDIC */
-    EVP_DigestInit_ex(&c, EVP_sha1(), NULL);
-    for (i = 0; i < 1000; i++)
-        EVP_DigestUpdate(&c, buf, 1000);
-    EVP_DigestFinal_ex(&c, md, NULL);
-    p = pt(md);
-
-    r = bigret;
-    if (strcmp(p, r) != 0) {
-        printf("error calculating SHA1 on 'a' * 1000\n");
-        printf("got %s instead of %s\n", p, r);
-        err++;
-    } else
-        printf("test 3 ok\n");
-
-# ifdef OPENSSL_SYS_NETWARE
-    if (err)
-        printf("ERROR: %d\n", err);
-# endif
-    EVP_MD_CTX_cleanup(&c);
-    EXIT(err);
-    return (0);
-}
-
-static char *pt(unsigned char *md)
-{
-    int i;
-    static char buf[80];
-
-    for (i = 0; i < SHA_DIGEST_LENGTH; i++)
-        sprintf(&(buf[i * 2]), "%02x", md[i]);
-    return (buf);
-}
-#endif
diff --git a/freebsd/crypto/openssl/crypto/sha/sha256.c b/freebsd/crypto/openssl/crypto/sha/sha256.c
index a3f65818..a2f769fd 100644
--- a/freebsd/crypto/openssl/crypto/sha/sha256.c
+++ b/freebsd/crypto/openssl/crypto/sha/sha256.c
@@ -1,24 +1,24 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/sha/sha256.c */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved
- * according to the OpenSSL license [found in ../../LICENSE].
- * ====================================================================
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
-#include <openssl/opensslconf.h>
-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256)
 
-# include <stdlib.h>
-# include <string.h>
+#include <openssl/opensslconf.h>
 
-# include <openssl/crypto.h>
-# include <openssl/sha.h>
-# include <openssl/opensslv.h>
+#include <stdlib.h>
+#include <string.h>
 
-const char SHA256_version[] = "SHA-256" OPENSSL_VERSION_PTEXT;
+#include <openssl/crypto.h>
+#include <openssl/sha.h>
+#include <openssl/opensslv.h>
 
-fips_md_init_ctx(SHA224, SHA256)
+int SHA224_Init(SHA256_CTX *c)
 {
     memset(c, 0, sizeof(*c));
     c->h[0] = 0xc1059ed8UL;
@@ -33,7 +33,7 @@ fips_md_init_ctx(SHA224, SHA256)
     return 1;
 }
 
-fips_md_init(SHA256)
+int SHA256_Init(SHA256_CTX *c)
 {
     memset(c, 0, sizeof(*c));
     c->h[0] = 0x6a09e667UL;
@@ -59,7 +59,7 @@ unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md)
     SHA256_Update(&c, d, n);
     SHA256_Final(md, &c);
     OPENSSL_cleanse(&c, sizeof(c));
-    return (md);
+    return md;
 }
 
 unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md)
@@ -73,7 +73,7 @@ unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md)
     SHA256_Update(&c, d, n);
     SHA256_Final(md, &c);
     OPENSSL_cleanse(&c, sizeof(c));
-    return (md);
+    return md;
 }
 
 int SHA224_Update(SHA256_CTX *c, const void *data, size_t len)
@@ -86,20 +86,21 @@ int SHA224_Final(unsigned char *md, SHA256_CTX *c)
     return SHA256_Final(md, c);
 }
 
-# define DATA_ORDER_IS_BIG_ENDIAN
+#define DATA_ORDER_IS_BIG_ENDIAN
+
+#define HASH_LONG               SHA_LONG
+#define HASH_CTX                SHA256_CTX
+#define HASH_CBLOCK             SHA_CBLOCK
 
-# define HASH_LONG               SHA_LONG
-# define HASH_CTX                SHA256_CTX
-# define HASH_CBLOCK             SHA_CBLOCK
 /*
  * Note that FIPS180-2 discusses "Truncation of the Hash Function Output."
  * default: case below covers for it. It's not clear however if it's
  * permitted to truncate to amount of bytes not divisible by 4. I bet not,
  * but if it is, then default: case shall be extended. For reference.
- * Idea behind separate cases for pre-defined lenghts is to let the
+ * Idea behind separate cases for pre-defined lengths is to let the
  * compiler decide if it's appropriate to unroll small loops.
  */
-# define HASH_MAKE_STRING(c,s)   do {    \
+#define HASH_MAKE_STRING(c,s)   do {    \
         unsigned long ll;               \
         unsigned int  nn;               \
         switch ((c)->md_len)            \
@@ -120,18 +121,18 @@ int SHA224_Final(unsigned char *md, SHA256_CTX *c)
         }                               \
         } while (0)
 
-# define HASH_UPDATE             SHA256_Update
-# define HASH_TRANSFORM          SHA256_Transform
-# define HASH_FINAL              SHA256_Final
-# define HASH_BLOCK_DATA_ORDER   sha256_block_data_order
-# ifndef SHA256_ASM
+#define HASH_UPDATE             SHA256_Update
+#define HASH_TRANSFORM          SHA256_Transform
+#define HASH_FINAL              SHA256_Final
+#define HASH_BLOCK_DATA_ORDER   sha256_block_data_order
+#ifndef SHA256_ASM
 static
-# endif
+#endif
 void sha256_block_data_order(SHA256_CTX *ctx, const void *in, size_t num);
 
-# include "md32_common.h"
+#include "internal/md32_common.h"
 
-# ifndef SHA256_ASM
+#ifndef SHA256_ASM
 static const SHA_LONG K256[64] = {
     0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
     0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
@@ -156,15 +157,15 @@ static const SHA_LONG K256[64] = {
  * is left one. This is why you might notice that rotation coefficients
  * differ from those observed in FIPS document by 32-N...
  */
-#  define Sigma0(x)       (ROTATE((x),30) ^ ROTATE((x),19) ^ ROTATE((x),10))
-#  define Sigma1(x)       (ROTATE((x),26) ^ ROTATE((x),21) ^ ROTATE((x),7))
-#  define sigma0(x)       (ROTATE((x),25) ^ ROTATE((x),14) ^ ((x)>>3))
-#  define sigma1(x)       (ROTATE((x),15) ^ ROTATE((x),13) ^ ((x)>>10))
+# define Sigma0(x)       (ROTATE((x),30) ^ ROTATE((x),19) ^ ROTATE((x),10))
+# define Sigma1(x)       (ROTATE((x),26) ^ ROTATE((x),21) ^ ROTATE((x),7))
+# define sigma0(x)       (ROTATE((x),25) ^ ROTATE((x),14) ^ ((x)>>3))
+# define sigma1(x)       (ROTATE((x),15) ^ ROTATE((x),13) ^ ((x)>>10))
 
-#  define Ch(x,y,z)       (((x) & (y)) ^ ((~(x)) & (z)))
-#  define Maj(x,y,z)      (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+# define Ch(x,y,z)       (((x) & (y)) ^ ((~(x)) & (z)))
+# define Maj(x,y,z)      (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
 
-#  ifdef OPENSSL_SMALL_FOOTPRINT
+# ifdef OPENSSL_SMALL_FOOTPRINT
 
 static void sha256_block_data_order(SHA256_CTX *ctx, const void *in,
                                     size_t num)
@@ -186,7 +187,7 @@ static void sha256_block_data_order(SHA256_CTX *ctx, const void *in,
         h = ctx->h[7];
 
         for (i = 0; i < 16; i++) {
-            HOST_c2l(data, l);
+            (void)HOST_c2l(data, l);
             T1 = X[i] = l;
             T1 += h + Sigma1(e) + Ch(e, f, g) + K256[i];
             T2 = Sigma0(a) + Maj(a, b, c);
@@ -231,14 +232,14 @@ static void sha256_block_data_order(SHA256_CTX *ctx, const void *in,
     }
 }
 
-#  else
+# else
 
-#   define ROUND_00_15(i,a,b,c,d,e,f,g,h)          do {    \
+#  define ROUND_00_15(i,a,b,c,d,e,f,g,h)          do {    \
         T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i];      \
         h = Sigma0(a) + Maj(a,b,c);                     \
         d += T1;        h += T1;                } while (0)
 
-#   define ROUND_16_63(i,a,b,c,d,e,f,g,h,X)        do {    \
+#  define ROUND_16_63(i,a,b,c,d,e,f,g,h,X)        do {    \
         s0 = X[(i+1)&0x0f];     s0 = sigma0(s0);        \
         s1 = X[(i+14)&0x0f];    s1 = sigma1(s1);        \
         T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f];    \
@@ -310,52 +311,52 @@ static void sha256_block_data_order(SHA256_CTX *ctx, const void *in,
         } else {
             SHA_LONG l;
 
-            HOST_c2l(data, l);
+            (void)HOST_c2l(data, l);
             T1 = X[0] = l;
             ROUND_00_15(0, a, b, c, d, e, f, g, h);
-            HOST_c2l(data, l);
+            (void)HOST_c2l(data, l);
             T1 = X[1] = l;
             ROUND_00_15(1, h, a, b, c, d, e, f, g);
-            HOST_c2l(data, l);
+            (void)HOST_c2l(data, l);
             T1 = X[2] = l;
             ROUND_00_15(2, g, h, a, b, c, d, e, f);
-            HOST_c2l(data, l);
+            (void)HOST_c2l(data, l);
             T1 = X[3] = l;
             ROUND_00_15(3, f, g, h, a, b, c, d, e);
-            HOST_c2l(data, l);
+            (void)HOST_c2l(data, l);
             T1 = X[4] = l;
             ROUND_00_15(4, e, f, g, h, a, b, c, d);
-            HOST_c2l(data, l);
+            (void)HOST_c2l(data, l);
             T1 = X[5] = l;
             ROUND_00_15(5, d, e, f, g, h, a, b, c);
-            HOST_c2l(data, l);
+            (void)HOST_c2l(data, l);
             T1 = X[6] = l;
             ROUND_00_15(6, c, d, e, f, g, h, a, b);
-            HOST_c2l(data, l);
+            (void)HOST_c2l(data, l);
             T1 = X[7] = l;
             ROUND_00_15(7, b, c, d, e, f, g, h, a);
-            HOST_c2l(data, l);
+            (void)HOST_c2l(data, l);
             T1 = X[8] = l;
             ROUND_00_15(8, a, b, c, d, e, f, g, h);
-            HOST_c2l(data, l);
+            (void)HOST_c2l(data, l);
             T1 = X[9] = l;
             ROUND_00_15(9, h, a, b, c, d, e, f, g);
-            HOST_c2l(data, l);
+            (void)HOST_c2l(data, l);
             T1 = X[10] = l;
             ROUND_00_15(10, g, h, a, b, c, d, e, f);
-            HOST_c2l(data, l);
+            (void)HOST_c2l(data, l);
             T1 = X[11] = l;
             ROUND_00_15(11, f, g, h, a, b, c, d, e);
-            HOST_c2l(data, l);
+            (void)HOST_c2l(data, l);
             T1 = X[12] = l;
             ROUND_00_15(12, e, f, g, h, a, b, c, d);
-            HOST_c2l(data, l);
+            (void)HOST_c2l(data, l);
             T1 = X[13] = l;
             ROUND_00_15(13, d, e, f, g, h, a, b, c);
-            HOST_c2l(data, l);
+            (void)HOST_c2l(data, l);
             T1 = X[14] = l;
             ROUND_00_15(14, c, d, e, f, g, h, a, b);
-            HOST_c2l(data, l);
+            (void)HOST_c2l(data, l);
             T1 = X[15] = l;
             ROUND_00_15(15, b, c, d, e, f, g, h, a);
         }
@@ -383,7 +384,5 @@ static void sha256_block_data_order(SHA256_CTX *ctx, const void *in,
     }
 }
 
-#  endif
-# endif                         /* SHA256_ASM */
-
-#endif                          /* OPENSSL_NO_SHA256 */
+# endif
+#endif                         /* SHA256_ASM */
diff --git a/freebsd/crypto/openssl/crypto/sha/sha256t.c b/freebsd/crypto/openssl/crypto/sha/sha256t.c
deleted file mode 100644
index fdd9adc1..00000000
--- a/freebsd/crypto/openssl/crypto/sha/sha256t.c
+++ /dev/null
@@ -1,160 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/sha/sha256t.c */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
- * ====================================================================
- */
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-#include <openssl/sha.h>
-#include <openssl/evp.h>
-
-#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA256)
-int main(int argc, char *argv[])
-{
-    printf("No SHA256 support\n");
-    return (0);
-}
-#else
-
-unsigned char app_b1[SHA256_DIGEST_LENGTH] = {
-    0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea,
-    0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23,
-    0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c,
-    0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad
-};
-
-unsigned char app_b2[SHA256_DIGEST_LENGTH] = {
-    0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8,
-    0xe5, 0xc0, 0x26, 0x93, 0x0c, 0x3e, 0x60, 0x39,
-    0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67,
-    0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1
-};
-
-unsigned char app_b3[SHA256_DIGEST_LENGTH] = {
-    0xcd, 0xc7, 0x6e, 0x5c, 0x99, 0x14, 0xfb, 0x92,
-    0x81, 0xa1, 0xc7, 0xe2, 0x84, 0xd7, 0x3e, 0x67,
-    0xf1, 0x80, 0x9a, 0x48, 0xa4, 0x97, 0x20, 0x0e,
-    0x04, 0x6d, 0x39, 0xcc, 0xc7, 0x11, 0x2c, 0xd0
-};
-
-unsigned char addenum_1[SHA224_DIGEST_LENGTH] = {
-    0x23, 0x09, 0x7d, 0x22, 0x34, 0x05, 0xd8, 0x22,
-    0x86, 0x42, 0xa4, 0x77, 0xbd, 0xa2, 0x55, 0xb3,
-    0x2a, 0xad, 0xbc, 0xe4, 0xbd, 0xa0, 0xb3, 0xf7,
-    0xe3, 0x6c, 0x9d, 0xa7
-};
-
-unsigned char addenum_2[SHA224_DIGEST_LENGTH] = {
-    0x75, 0x38, 0x8b, 0x16, 0x51, 0x27, 0x76, 0xcc,
-    0x5d, 0xba, 0x5d, 0xa1, 0xfd, 0x89, 0x01, 0x50,
-    0xb0, 0xc6, 0x45, 0x5c, 0xb4, 0xf5, 0x8b, 0x19,
-    0x52, 0x52, 0x25, 0x25
-};
-
-unsigned char addenum_3[SHA224_DIGEST_LENGTH] = {
-    0x20, 0x79, 0x46, 0x55, 0x98, 0x0c, 0x91, 0xd8,
-    0xbb, 0xb4, 0xc1, 0xea, 0x97, 0x61, 0x8a, 0x4b,
-    0xf0, 0x3f, 0x42, 0x58, 0x19, 0x48, 0xb2, 0xee,
-    0x4e, 0xe7, 0xad, 0x67
-};
-
-int main(int argc, char **argv)
-{
-    unsigned char md[SHA256_DIGEST_LENGTH];
-    int i;
-    EVP_MD_CTX evp;
-
-    fprintf(stdout, "Testing SHA-256 ");
-
-    EVP_Digest("abc", 3, md, NULL, EVP_sha256(), NULL);
-    if (memcmp(md, app_b1, sizeof(app_b1))) {
-        fflush(stdout);
-        fprintf(stderr, "\nTEST 1 of 3 failed.\n");
-        return 1;
-    } else
-        fprintf(stdout, ".");
-    fflush(stdout);
-
-    EVP_Digest("abcdbcde" "cdefdefg" "efghfghi" "ghijhijk"
-               "ijkljklm" "klmnlmno" "mnopnopq", 56, md, NULL, EVP_sha256(),
-               NULL);
-    if (memcmp(md, app_b2, sizeof(app_b2))) {
-        fflush(stdout);
-        fprintf(stderr, "\nTEST 2 of 3 failed.\n");
-        return 1;
-    } else
-        fprintf(stdout, ".");
-    fflush(stdout);
-
-    EVP_MD_CTX_init(&evp);
-    EVP_DigestInit_ex(&evp, EVP_sha256(), NULL);
-    for (i = 0; i < 1000000; i += 160)
-        EVP_DigestUpdate(&evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-                         "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-                         "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-                         "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-                         "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa",
-                         (1000000 - i) < 160 ? 1000000 - i : 160);
-    EVP_DigestFinal_ex(&evp, md, NULL);
-    EVP_MD_CTX_cleanup(&evp);
-
-    if (memcmp(md, app_b3, sizeof(app_b3))) {
-        fflush(stdout);
-        fprintf(stderr, "\nTEST 3 of 3 failed.\n");
-        return 1;
-    } else
-        fprintf(stdout, ".");
-    fflush(stdout);
-
-    fprintf(stdout, " passed.\n");
-    fflush(stdout);
-
-    fprintf(stdout, "Testing SHA-224 ");
-
-    EVP_Digest("abc", 3, md, NULL, EVP_sha224(), NULL);
-    if (memcmp(md, addenum_1, sizeof(addenum_1))) {
-        fflush(stdout);
-        fprintf(stderr, "\nTEST 1 of 3 failed.\n");
-        return 1;
-    } else
-        fprintf(stdout, ".");
-    fflush(stdout);
-
-    EVP_Digest("abcdbcde" "cdefdefg" "efghfghi" "ghijhijk"
-               "ijkljklm" "klmnlmno" "mnopnopq", 56, md, NULL, EVP_sha224(),
-               NULL);
-    if (memcmp(md, addenum_2, sizeof(addenum_2))) {
-        fflush(stdout);
-        fprintf(stderr, "\nTEST 2 of 3 failed.\n");
-        return 1;
-    } else
-        fprintf(stdout, ".");
-    fflush(stdout);
-
-    EVP_MD_CTX_init(&evp);
-    EVP_DigestInit_ex(&evp, EVP_sha224(), NULL);
-    for (i = 0; i < 1000000; i += 64)
-        EVP_DigestUpdate(&evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-                         "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa",
-                         (1000000 - i) < 64 ? 1000000 - i : 64);
-    EVP_DigestFinal_ex(&evp, md, NULL);
-    EVP_MD_CTX_cleanup(&evp);
-
-    if (memcmp(md, addenum_3, sizeof(addenum_3))) {
-        fflush(stdout);
-        fprintf(stderr, "\nTEST 3 of 3 failed.\n");
-        return 1;
-    } else
-        fprintf(stdout, ".");
-    fflush(stdout);
-
-    fprintf(stdout, " passed.\n");
-    fflush(stdout);
-
-    return 0;
-}
-#endif
diff --git a/freebsd/crypto/openssl/crypto/sha/sha512.c b/freebsd/crypto/openssl/crypto/sha/sha512.c
index 131c22f5..d7aaef55 100644
--- a/freebsd/crypto/openssl/crypto/sha/sha512.c
+++ b/freebsd/crypto/openssl/crypto/sha/sha512.c
@@ -1,19 +1,21 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/sha/sha512.c */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved
- * according to the OpenSSL license [found in ../../LICENSE].
- * ====================================================================
+/*
+ * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
+
 #include <openssl/opensslconf.h>
-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512)
 /*-
  * IMPLEMENTATION NOTES.
  *
  * As you might have noticed 32-bit hash algorithms:
  *
- * - permit SHA_LONG to be wider than 32-bit (case on CRAY);
+ * - permit SHA_LONG to be wider than 32-bit
  * - optimized versions implement two transform functions: one operating
  *   on [aligned] data in host byte order and one - on data in input
  *   stream byte order;
@@ -41,28 +43,62 @@
  * As this implementation relies on 64-bit integer type, it's totally
  * inappropriate for platforms which don't support it, most notably
  * 16-bit platforms.
- *                                      <appro@fy.chalmers.se>
  */
-# include <stdlib.h>
-# include <string.h>
+#include <stdlib.h>
+#include <string.h>
 
-# include <openssl/crypto.h>
-# include <openssl/sha.h>
-# include <openssl/opensslv.h>
+#include <openssl/crypto.h>
+#include <openssl/sha.h>
+#include <openssl/opensslv.h>
 
-# include "cryptlib.h"
+#include "internal/cryptlib.h"
+#include "internal/sha.h"
 
-const char SHA512_version[] = "SHA-512" OPENSSL_VERSION_PTEXT;
-
-# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
+#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
     defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \
     defined(__s390__) || defined(__s390x__) || \
     defined(__aarch64__) || \
     defined(SHA512_ASM)
-#  define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
-# endif
+# define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
+#endif
 
-fips_md_init_ctx(SHA384, SHA512)
+int sha512_224_init(SHA512_CTX *c)
+{
+    c->h[0] = U64(0x8c3d37c819544da2);
+    c->h[1] = U64(0x73e1996689dcd4d6);
+    c->h[2] = U64(0x1dfab7ae32ff9c82);
+    c->h[3] = U64(0x679dd514582f9fcf);
+    c->h[4] = U64(0x0f6d2b697bd44da8);
+    c->h[5] = U64(0x77e36f7304c48942);
+    c->h[6] = U64(0x3f9d85a86a1d36c8);
+    c->h[7] = U64(0x1112e6ad91d692a1);
+
+    c->Nl = 0;
+    c->Nh = 0;
+    c->num = 0;
+    c->md_len = SHA224_DIGEST_LENGTH;
+    return 1;
+}
+
+int sha512_256_init(SHA512_CTX *c)
+{
+    c->h[0] = U64(0x22312194fc2bf72c);
+    c->h[1] = U64(0x9f555fa3c84c64c2);
+    c->h[2] = U64(0x2393b86b6f53b151);
+    c->h[3] = U64(0x963877195940eabd);
+    c->h[4] = U64(0x96283ee2a88effe3);
+    c->h[5] = U64(0xbe5e1e2553863992);
+    c->h[6] = U64(0x2b0199fc2c85b8aa);
+    c->h[7] = U64(0x0eb72ddc81c52ca2);
+
+    c->Nl = 0;
+    c->Nh = 0;
+    c->num = 0;
+    c->md_len = SHA256_DIGEST_LENGTH;
+    return 1;
+}
+
+int SHA384_Init(SHA512_CTX *c)
 {
     c->h[0] = U64(0xcbbb9d5dc1059ed8);
     c->h[1] = U64(0x629a292a367cd507);
@@ -80,7 +116,7 @@ fips_md_init_ctx(SHA384, SHA512)
     return 1;
 }
 
-fips_md_init(SHA512)
+int SHA512_Init(SHA512_CTX *c)
 {
     c->h[0] = U64(0x6a09e667f3bcc908);
     c->h[1] = U64(0xbb67ae8584caa73b);
@@ -98,9 +134,9 @@ fips_md_init(SHA512)
     return 1;
 }
 
-# ifndef SHA512_ASM
+#ifndef SHA512_ASM
 static
-# endif
+#endif
 void sha512_block_data_order(SHA512_CTX *ctx, const void *in, size_t num);
 
 int SHA512_Final(unsigned char *md, SHA512_CTX *c)
@@ -110,15 +146,17 @@ int SHA512_Final(unsigned char *md, SHA512_CTX *c)
 
     p[n] = 0x80;                /* There always is a room for one */
     n++;
-    if (n > (sizeof(c->u) - 16))
-        memset(p + n, 0, sizeof(c->u) - n), n = 0,
-            sha512_block_data_order(c, p, 1);
+    if (n > (sizeof(c->u) - 16)) {
+        memset(p + n, 0, sizeof(c->u) - n);
+        n = 0;
+        sha512_block_data_order(c, p, 1);
+    }
 
     memset(p + n, 0, sizeof(c->u) - 16 - n);
-# ifdef  B_ENDIAN
+#ifdef  B_ENDIAN
     c->u.d[SHA_LBLOCK - 2] = c->Nh;
     c->u.d[SHA_LBLOCK - 1] = c->Nl;
-# else
+#else
     p[sizeof(c->u) - 1] = (unsigned char)(c->Nl);
     p[sizeof(c->u) - 2] = (unsigned char)(c->Nl >> 8);
     p[sizeof(c->u) - 3] = (unsigned char)(c->Nl >> 16);
@@ -135,7 +173,7 @@ int SHA512_Final(unsigned char *md, SHA512_CTX *c)
     p[sizeof(c->u) - 14] = (unsigned char)(c->Nh >> 40);
     p[sizeof(c->u) - 15] = (unsigned char)(c->Nh >> 48);
     p[sizeof(c->u) - 16] = (unsigned char)(c->Nh >> 56);
-# endif
+#endif
 
     sha512_block_data_order(c, p, 1);
 
@@ -143,7 +181,47 @@ int SHA512_Final(unsigned char *md, SHA512_CTX *c)
         return 0;
 
     switch (c->md_len) {
-        /* Let compiler decide if it's appropriate to unroll... */
+    /* Let compiler decide if it's appropriate to unroll... */
+    case SHA224_DIGEST_LENGTH:
+        for (n = 0; n < SHA224_DIGEST_LENGTH / 8; n++) {
+            SHA_LONG64 t = c->h[n];
+
+            *(md++) = (unsigned char)(t >> 56);
+            *(md++) = (unsigned char)(t >> 48);
+            *(md++) = (unsigned char)(t >> 40);
+            *(md++) = (unsigned char)(t >> 32);
+            *(md++) = (unsigned char)(t >> 24);
+            *(md++) = (unsigned char)(t >> 16);
+            *(md++) = (unsigned char)(t >> 8);
+            *(md++) = (unsigned char)(t);
+        }
+        /*
+         * For 224 bits, there are four bytes left over that have to be
+         * processed separately.
+         */
+        {
+            SHA_LONG64 t = c->h[SHA224_DIGEST_LENGTH / 8];
+
+            *(md++) = (unsigned char)(t >> 56);
+            *(md++) = (unsigned char)(t >> 48);
+            *(md++) = (unsigned char)(t >> 40);
+            *(md++) = (unsigned char)(t >> 32);
+        }
+        break;
+    case SHA256_DIGEST_LENGTH:
+        for (n = 0; n < SHA256_DIGEST_LENGTH / 8; n++) {
+            SHA_LONG64 t = c->h[n];
+
+            *(md++) = (unsigned char)(t >> 56);
+            *(md++) = (unsigned char)(t >> 48);
+            *(md++) = (unsigned char)(t >> 40);
+            *(md++) = (unsigned char)(t >> 32);
+            *(md++) = (unsigned char)(t >> 24);
+            *(md++) = (unsigned char)(t >> 16);
+            *(md++) = (unsigned char)(t >> 8);
+            *(md++) = (unsigned char)(t);
+        }
+        break;
     case SHA384_DIGEST_LENGTH:
         for (n = 0; n < SHA384_DIGEST_LENGTH / 8; n++) {
             SHA_LONG64 t = c->h[n];
@@ -172,7 +250,7 @@ int SHA512_Final(unsigned char *md, SHA512_CTX *c)
             *(md++) = (unsigned char)(t);
         }
         break;
-        /* ... as well as make sure md_len is not abused. */
+    /* ... as well as make sure md_len is not abused. */
     default:
         return 0;
     }
@@ -215,16 +293,16 @@ int SHA512_Update(SHA512_CTX *c, const void *_data, size_t len)
     }
 
     if (len >= sizeof(c->u)) {
-# ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
+#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
         if ((size_t)data % sizeof(c->u.d[0]) != 0)
             while (len >= sizeof(c->u))
                 memcpy(p, data, sizeof(c->u)),
-                    sha512_block_data_order(c, p, 1),
-                    len -= sizeof(c->u), data += sizeof(c->u);
+                sha512_block_data_order(c, p, 1),
+                len -= sizeof(c->u), data += sizeof(c->u);
         else
-# endif
+#endif
             sha512_block_data_order(c, data, len / sizeof(c->u)),
-                data += len, len %= sizeof(c->u), data -= len;
+            data += len, len %= sizeof(c->u), data -= len;
     }
 
     if (len != 0)
@@ -240,10 +318,10 @@ int SHA384_Update(SHA512_CTX *c, const void *data, size_t len)
 
 void SHA512_Transform(SHA512_CTX *c, const unsigned char *data)
 {
-# ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
+#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
     if ((size_t)data % sizeof(c->u.d[0]) != 0)
         memcpy(c->u.p, data, sizeof(c->u.p)), data = c->u.p;
-# endif
+#endif
     sha512_block_data_order(c, data, 1);
 }
 
@@ -258,7 +336,7 @@ unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md)
     SHA512_Update(&c, d, n);
     SHA512_Final(md, &c);
     OPENSSL_cleanse(&c, sizeof(c));
-    return (md);
+    return md;
 }
 
 unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md)
@@ -272,10 +350,10 @@ unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md)
     SHA512_Update(&c, d, n);
     SHA512_Final(md, &c);
     OPENSSL_cleanse(&c, sizeof(c));
-    return (md);
+    return md;
 }
 
-# ifndef SHA512_ASM
+#ifndef SHA512_ASM
 static const SHA_LONG64 K512[80] = {
     U64(0x428a2f98d728ae22), U64(0x7137449123ef65cd),
     U64(0xb5c0fbcfec4d3b2f), U64(0xe9b5dba58189dbbc),
@@ -319,103 +397,111 @@ static const SHA_LONG64 K512[80] = {
     U64(0x5fcb6fab3ad6faec), U64(0x6c44198c4a475817)
 };
 
-#  ifndef PEDANTIC
-#   if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
-#    if defined(__x86_64) || defined(__x86_64__)
-#     define ROTR(a,n)    ({ SHA_LONG64 ret;              \
+# ifndef PEDANTIC
+#  if defined(__GNUC__) && __GNUC__>=2 && \
+      !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+#   if defined(__x86_64) || defined(__x86_64__)
+#    define ROTR(a,n)    ({ SHA_LONG64 ret;             \
                                 asm ("rorq %1,%0"       \
                                 : "=r"(ret)             \
                                 : "J"(n),"0"(a)         \
                                 : "cc"); ret;           })
-#     if !defined(B_ENDIAN)
-#      define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x)));  \
+#    if !defined(B_ENDIAN)
+#     define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x)));  \
                                 asm ("bswapq    %0"             \
                                 : "=r"(ret)                     \
                                 : "0"(ret)); ret;               })
-#     endif
-#    elif (defined(__i386) || defined(__i386__)) && !defined(B_ENDIAN)
-#     if defined(I386_ONLY)
-#      define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\
-                         unsigned int hi=p[0],lo=p[1];          \
+#    endif
+#   elif (defined(__i386) || defined(__i386__)) && !defined(B_ENDIAN)
+#    if defined(I386_ONLY)
+#     define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\
+                          unsigned int hi=p[0],lo=p[1];          \
                                 asm("xchgb %%ah,%%al;xchgb %%dh,%%dl;"\
                                     "roll $16,%%eax; roll $16,%%edx; "\
-                                    "xchgb %%ah,%%al;xchgb %%dh,%%dl;" \
+                                    "xchgb %%ah,%%al;xchgb %%dh,%%dl;"\
                                 : "=a"(lo),"=d"(hi)             \
                                 : "0"(lo),"1"(hi) : "cc");      \
                                 ((SHA_LONG64)hi)<<32|lo;        })
-#     else
-#      define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\
-                         unsigned int hi=p[0],lo=p[1];          \
+#    else
+#     define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\
+                          unsigned int hi=p[0],lo=p[1];         \
                                 asm ("bswapl %0; bswapl %1;"    \
                                 : "=r"(lo),"=r"(hi)             \
                                 : "0"(lo),"1"(hi));             \
                                 ((SHA_LONG64)hi)<<32|lo;        })
-#     endif
-#    elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64)
-#     define ROTR(a,n)    ({ SHA_LONG64 ret;              \
+#    endif
+#   elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64)
+#    define ROTR(a,n)    ({ SHA_LONG64 ret;             \
                                 asm ("rotrdi %0,%1,%2"  \
                                 : "=r"(ret)             \
                                 : "r"(a),"K"(n)); ret;  })
-#    elif defined(__aarch64__)
-#     define ROTR(a,n)    ({ SHA_LONG64 ret;              \
+#   elif defined(__aarch64__)
+#    define ROTR(a,n)    ({ SHA_LONG64 ret;             \
                                 asm ("ror %0,%1,%2"     \
                                 : "=r"(ret)             \
                                 : "r"(a),"I"(n)); ret;  })
-#     if  defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \
+#    if  defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \
         __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
-#      define PULL64(x)   ({ SHA_LONG64 ret;                      \
+#     define PULL64(x)   ({ SHA_LONG64 ret;                     \
                                 asm ("rev       %0,%1"          \
                                 : "=r"(ret)                     \
-                                : "r"(*((const SHA_LONG64 *)(&(x))))); ret;             })
-#     endif
-#    endif
-#   elif defined(_MSC_VER)
-#    if defined(_WIN64)         /* applies to both IA-64 and AMD64 */
-#     pragma intrinsic(_rotr64)
-#     define ROTR(a,n)    _rotr64((a),n)
+                                : "r"(*((const SHA_LONG64 *)(&(x))))); ret; })
 #    endif
-#    if defined(_M_IX86) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
-#     if defined(I386_ONLY)
+#   endif
+#  elif defined(_MSC_VER)
+#   if defined(_WIN64)         /* applies to both IA-64 and AMD64 */
+#    pragma intrinsic(_rotr64)
+#    define ROTR(a,n)    _rotr64((a),n)
+#   endif
+#   if defined(_M_IX86) && !defined(OPENSSL_NO_ASM) && \
+       !defined(OPENSSL_NO_INLINE_ASM)
+#    if defined(I386_ONLY)
 static SHA_LONG64 __fastcall __pull64be(const void *x)
 {
-    _asm mov edx,[ecx + 0]
-    _asm mov eax,[ecx + 4]
-_asm xchg dh, dl
-        _asm xchg ah, al
-        _asm rol edx, 16 _asm rol eax, 16 _asm xchg dh, dl _asm xchg ah, al}
-#     else
+    _asm mov  edx,[ecx + 0]
+    _asm mov  eax,[ecx + 4]
+    _asm xchg dh, dl
+    _asm xchg ah, al
+    _asm rol  edx, 16
+    _asm rol  eax, 16
+    _asm xchg dh, dl
+    _asm xchg ah, al
+}
+#    else
 static SHA_LONG64 __fastcall __pull64be(const void *x)
 {
-    _asm mov edx,[ecx + 0]
-    _asm mov eax,[ecx + 4]
-_asm bswap edx _asm bswap eax}
-#     endif
-#     define PULL64(x) __pull64be(&(x))
-#     if _MSC_VER<=1200
-#      pragma inline_depth(0)
-#     endif
+    _asm mov   edx,[ecx + 0]
+    _asm mov   eax,[ecx + 4]
+    _asm bswap edx
+    _asm bswap eax
+}
 #    endif
+#    define PULL64(x) __pull64be(&(x))
 #   endif
 #  endif
-#  ifndef PULL64
-#   define B(x,j)    (((SHA_LONG64)(*(((const unsigned char *)(&x))+j)))<<((7-j)*8))
-#   define PULL64(x) (B(x,0)|B(x,1)|B(x,2)|B(x,3)|B(x,4)|B(x,5)|B(x,6)|B(x,7))
-#  endif
-#  ifndef ROTR
-#   define ROTR(x,s)       (((x)>>s) | (x)<<(64-s))
-#  endif
-#  define Sigma0(x)       (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39))
-#  define Sigma1(x)       (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41))
-#  define sigma0(x)       (ROTR((x),1)  ^ ROTR((x),8)  ^ ((x)>>7))
-#  define sigma1(x)       (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6))
-#  define Ch(x,y,z)       (((x) & (y)) ^ ((~(x)) & (z)))
-#  define Maj(x,y,z)      (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
-#  if defined(__i386) || defined(__i386__) || defined(_M_IX86)
+# endif
+# ifndef PULL64
+#  define B(x,j)    (((SHA_LONG64)(*(((const unsigned char *)(&x))+j)))<<((7-j)*8))
+#  define PULL64(x) (B(x,0)|B(x,1)|B(x,2)|B(x,3)|B(x,4)|B(x,5)|B(x,6)|B(x,7))
+# endif
+# ifndef ROTR
+#  define ROTR(x,s)       (((x)>>s) | (x)<<(64-s))
+# endif
+# define Sigma0(x)       (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39))
+# define Sigma1(x)       (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41))
+# define sigma0(x)       (ROTR((x),1)  ^ ROTR((x),8)  ^ ((x)>>7))
+# define sigma1(x)       (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6))
+# define Ch(x,y,z)       (((x) & (y)) ^ ((~(x)) & (z)))
+# define Maj(x,y,z)      (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+
+# if defined(__i386) || defined(__i386__) || defined(_M_IX86)
 /*
  * This code should give better results on 32-bit CPU with less than
  * ~24 registers, both size and performance wise...
- */ static void sha512_block_data_order(SHA512_CTX *ctx, const void *in,
-                                        size_t num)
+ */
+
+static void sha512_block_data_order(SHA512_CTX *ctx, const void *in,
+                                    size_t num)
 {
     const SHA_LONG64 *W = in;
     SHA_LONG64 A, E, T;
@@ -435,11 +521,11 @@ _asm bswap edx _asm bswap eax}
         F[7] = ctx->h[7];
 
         for (i = 0; i < 16; i++, F--) {
-#   ifdef B_ENDIAN
+#  ifdef B_ENDIAN
             T = W[i];
-#   else
+#  else
             T = PULL64(W[i]);
-#   endif
+#  endif
             F[0] = A;
             F[4] = E;
             F[8] = T;
@@ -474,7 +560,8 @@ _asm bswap edx _asm bswap eax}
     }
 }
 
-#  elif defined(OPENSSL_SMALL_FOOTPRINT)
+# elif defined(OPENSSL_SMALL_FOOTPRINT)
+
 static void sha512_block_data_order(SHA512_CTX *ctx, const void *in,
                                     size_t num)
 {
@@ -495,11 +582,11 @@ static void sha512_block_data_order(SHA512_CTX *ctx, const void *in,
         h = ctx->h[7];
 
         for (i = 0; i < 16; i++) {
-#   ifdef B_ENDIAN
+#  ifdef B_ENDIAN
             T1 = X[i] = W[i];
-#   else
+#  else
             T1 = X[i] = PULL64(W[i]);
-#   endif
+#  endif
             T1 += h + Sigma1(e) + Ch(e, f, g) + K512[i];
             T2 = Sigma0(a) + Maj(a, b, c);
             h = g;
@@ -544,16 +631,18 @@ static void sha512_block_data_order(SHA512_CTX *ctx, const void *in,
     }
 }
 
-#  else
-#   define ROUND_00_15(i,a,b,c,d,e,f,g,h)          do {    \
+# else
+#  define ROUND_00_15(i,a,b,c,d,e,f,g,h)        do {    \
         T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i];      \
         h = Sigma0(a) + Maj(a,b,c);                     \
-        d += T1;        h += T1;                } while (0)
-#   define ROUND_16_80(i,j,a,b,c,d,e,f,g,h,X)      do {    \
+        d += T1;        h += T1;                        } while (0)
+
+#  define ROUND_16_80(i,j,a,b,c,d,e,f,g,h,X)    do {    \
         s0 = X[(j+1)&0x0f];     s0 = sigma0(s0);        \
         s1 = X[(j+14)&0x0f];    s1 = sigma1(s1);        \
         T1 = X[(j)&0x0f] += s0 + s1 + X[(j+9)&0x0f];    \
         ROUND_00_15(i+j,a,b,c,d,e,f,g,h);               } while (0)
+
 static void sha512_block_data_order(SHA512_CTX *ctx, const void *in,
                                     size_t num)
 {
@@ -573,7 +662,7 @@ static void sha512_block_data_order(SHA512_CTX *ctx, const void *in,
         g = ctx->h[6];
         h = ctx->h[7];
 
-#   ifdef B_ENDIAN
+#  ifdef B_ENDIAN
         T1 = X[0] = W[0];
         ROUND_00_15(0, a, b, c, d, e, f, g, h);
         T1 = X[1] = W[1];
@@ -606,7 +695,7 @@ static void sha512_block_data_order(SHA512_CTX *ctx, const void *in,
         ROUND_00_15(14, c, d, e, f, g, h, a, b);
         T1 = X[15] = W[15];
         ROUND_00_15(15, b, c, d, e, f, g, h, a);
-#   else
+#  else
         T1 = X[0] = PULL64(W[0]);
         ROUND_00_15(0, a, b, c, d, e, f, g, h);
         T1 = X[1] = PULL64(W[1]);
@@ -639,7 +728,7 @@ static void sha512_block_data_order(SHA512_CTX *ctx, const void *in,
         ROUND_00_15(14, c, d, e, f, g, h, a, b);
         T1 = X[15] = PULL64(W[15]);
         ROUND_00_15(15, b, c, d, e, f, g, h, a);
-#   endif
+#  endif
 
         for (i = 16; i < 80; i += 16) {
             ROUND_16_80(i, 0, a, b, c, d, e, f, g, h, X);
@@ -673,14 +762,6 @@ static void sha512_block_data_order(SHA512_CTX *ctx, const void *in,
     }
 }
 
-#  endif
-
-# endif                         /* SHA512_ASM */
-
-#else                           /* !OPENSSL_NO_SHA512 */
-
-# if defined(PEDANTIC) || defined(__DECC) || defined(OPENSSL_SYS_MACOSX)
-static void *dummy = &dummy;
 # endif
 
-#endif                          /* !OPENSSL_NO_SHA512 */
+#endif                         /* SHA512_ASM */
diff --git a/freebsd/crypto/openssl/crypto/sha/sha512t.c b/freebsd/crypto/openssl/crypto/sha/sha512t.c
deleted file mode 100644
index 634bdf26..00000000
--- a/freebsd/crypto/openssl/crypto/sha/sha512t.c
+++ /dev/null
@@ -1,198 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/sha/sha512t.c */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
- * ====================================================================
- */
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-#include <openssl/sha.h>
-#include <openssl/evp.h>
-#include <openssl/crypto.h>
-
-#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA512)
-int main(int argc, char *argv[])
-{
-    printf("No SHA512 support\n");
-    return (0);
-}
-#else
-
-unsigned char app_c1[SHA512_DIGEST_LENGTH] = {
-    0xdd, 0xaf, 0x35, 0xa1, 0x93, 0x61, 0x7a, 0xba,
-    0xcc, 0x41, 0x73, 0x49, 0xae, 0x20, 0x41, 0x31,
-    0x12, 0xe6, 0xfa, 0x4e, 0x89, 0xa9, 0x7e, 0xa2,
-    0x0a, 0x9e, 0xee, 0xe6, 0x4b, 0x55, 0xd3, 0x9a,
-    0x21, 0x92, 0x99, 0x2a, 0x27, 0x4f, 0xc1, 0xa8,
-    0x36, 0xba, 0x3c, 0x23, 0xa3, 0xfe, 0xeb, 0xbd,
-    0x45, 0x4d, 0x44, 0x23, 0x64, 0x3c, 0xe8, 0x0e,
-    0x2a, 0x9a, 0xc9, 0x4f, 0xa5, 0x4c, 0xa4, 0x9f
-};
-
-unsigned char app_c2[SHA512_DIGEST_LENGTH] = {
-    0x8e, 0x95, 0x9b, 0x75, 0xda, 0xe3, 0x13, 0xda,
-    0x8c, 0xf4, 0xf7, 0x28, 0x14, 0xfc, 0x14, 0x3f,
-    0x8f, 0x77, 0x79, 0xc6, 0xeb, 0x9f, 0x7f, 0xa1,
-    0x72, 0x99, 0xae, 0xad, 0xb6, 0x88, 0x90, 0x18,
-    0x50, 0x1d, 0x28, 0x9e, 0x49, 0x00, 0xf7, 0xe4,
-    0x33, 0x1b, 0x99, 0xde, 0xc4, 0xb5, 0x43, 0x3a,
-    0xc7, 0xd3, 0x29, 0xee, 0xb6, 0xdd, 0x26, 0x54,
-    0x5e, 0x96, 0xe5, 0x5b, 0x87, 0x4b, 0xe9, 0x09
-};
-
-unsigned char app_c3[SHA512_DIGEST_LENGTH] = {
-    0xe7, 0x18, 0x48, 0x3d, 0x0c, 0xe7, 0x69, 0x64,
-    0x4e, 0x2e, 0x42, 0xc7, 0xbc, 0x15, 0xb4, 0x63,
-    0x8e, 0x1f, 0x98, 0xb1, 0x3b, 0x20, 0x44, 0x28,
-    0x56, 0x32, 0xa8, 0x03, 0xaf, 0xa9, 0x73, 0xeb,
-    0xde, 0x0f, 0xf2, 0x44, 0x87, 0x7e, 0xa6, 0x0a,
-    0x4c, 0xb0, 0x43, 0x2c, 0xe5, 0x77, 0xc3, 0x1b,
-    0xeb, 0x00, 0x9c, 0x5c, 0x2c, 0x49, 0xaa, 0x2e,
-    0x4e, 0xad, 0xb2, 0x17, 0xad, 0x8c, 0xc0, 0x9b
-};
-
-unsigned char app_d1[SHA384_DIGEST_LENGTH] = {
-    0xcb, 0x00, 0x75, 0x3f, 0x45, 0xa3, 0x5e, 0x8b,
-    0xb5, 0xa0, 0x3d, 0x69, 0x9a, 0xc6, 0x50, 0x07,
-    0x27, 0x2c, 0x32, 0xab, 0x0e, 0xde, 0xd1, 0x63,
-    0x1a, 0x8b, 0x60, 0x5a, 0x43, 0xff, 0x5b, 0xed,
-    0x80, 0x86, 0x07, 0x2b, 0xa1, 0xe7, 0xcc, 0x23,
-    0x58, 0xba, 0xec, 0xa1, 0x34, 0xc8, 0x25, 0xa7
-};
-
-unsigned char app_d2[SHA384_DIGEST_LENGTH] = {
-    0x09, 0x33, 0x0c, 0x33, 0xf7, 0x11, 0x47, 0xe8,
-    0x3d, 0x19, 0x2f, 0xc7, 0x82, 0xcd, 0x1b, 0x47,
-    0x53, 0x11, 0x1b, 0x17, 0x3b, 0x3b, 0x05, 0xd2,
-    0x2f, 0xa0, 0x80, 0x86, 0xe3, 0xb0, 0xf7, 0x12,
-    0xfc, 0xc7, 0xc7, 0x1a, 0x55, 0x7e, 0x2d, 0xb9,
-    0x66, 0xc3, 0xe9, 0xfa, 0x91, 0x74, 0x60, 0x39
-};
-
-unsigned char app_d3[SHA384_DIGEST_LENGTH] = {
-    0x9d, 0x0e, 0x18, 0x09, 0x71, 0x64, 0x74, 0xcb,
-    0x08, 0x6e, 0x83, 0x4e, 0x31, 0x0a, 0x4a, 0x1c,
-    0xed, 0x14, 0x9e, 0x9c, 0x00, 0xf2, 0x48, 0x52,
-    0x79, 0x72, 0xce, 0xc5, 0x70, 0x4c, 0x2a, 0x5b,
-    0x07, 0xb8, 0xb3, 0xdc, 0x38, 0xec, 0xc4, 0xeb,
-    0xae, 0x97, 0xdd, 0xd8, 0x7f, 0x3d, 0x89, 0x85
-};
-
-int main(int argc, char **argv)
-{
-    unsigned char md[SHA512_DIGEST_LENGTH];
-    int i;
-    EVP_MD_CTX evp;
-
-# ifdef OPENSSL_IA32_SSE2
-    /*
-     * Alternative to this is to call OpenSSL_add_all_algorithms... The below
-     * code is retained exclusively for debugging purposes.
-     */
-    {
-        char *env;
-
-        if ((env = getenv("OPENSSL_ia32cap")))
-            OPENSSL_ia32cap = strtoul(env, NULL, 0);
-    }
-# endif
-
-    fprintf(stdout, "Testing SHA-512 ");
-
-    EVP_Digest("abc", 3, md, NULL, EVP_sha512(), NULL);
-    if (memcmp(md, app_c1, sizeof(app_c1))) {
-        fflush(stdout);
-        fprintf(stderr, "\nTEST 1 of 3 failed.\n");
-        return 1;
-    } else
-        fprintf(stdout, ".");
-    fflush(stdout);
-
-    EVP_Digest("abcdefgh" "bcdefghi" "cdefghij" "defghijk"
-               "efghijkl" "fghijklm" "ghijklmn" "hijklmno"
-               "ijklmnop" "jklmnopq" "klmnopqr" "lmnopqrs"
-               "mnopqrst" "nopqrstu", 112, md, NULL, EVP_sha512(), NULL);
-    if (memcmp(md, app_c2, sizeof(app_c2))) {
-        fflush(stdout);
-        fprintf(stderr, "\nTEST 2 of 3 failed.\n");
-        return 1;
-    } else
-        fprintf(stdout, ".");
-    fflush(stdout);
-
-    EVP_MD_CTX_init(&evp);
-    EVP_DigestInit_ex(&evp, EVP_sha512(), NULL);
-    for (i = 0; i < 1000000; i += 288)
-        EVP_DigestUpdate(&evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-                         "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-                         "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-                         "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-                         "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-                         "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-                         "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-                         "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-                         "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa",
-                         (1000000 - i) < 288 ? 1000000 - i : 288);
-    EVP_DigestFinal_ex(&evp, md, NULL);
-    EVP_MD_CTX_cleanup(&evp);
-
-    if (memcmp(md, app_c3, sizeof(app_c3))) {
-        fflush(stdout);
-        fprintf(stderr, "\nTEST 3 of 3 failed.\n");
-        return 1;
-    } else
-        fprintf(stdout, ".");
-    fflush(stdout);
-
-    fprintf(stdout, " passed.\n");
-    fflush(stdout);
-
-    fprintf(stdout, "Testing SHA-384 ");
-
-    EVP_Digest("abc", 3, md, NULL, EVP_sha384(), NULL);
-    if (memcmp(md, app_d1, sizeof(app_d1))) {
-        fflush(stdout);
-        fprintf(stderr, "\nTEST 1 of 3 failed.\n");
-        return 1;
-    } else
-        fprintf(stdout, ".");
-    fflush(stdout);
-
-    EVP_Digest("abcdefgh" "bcdefghi" "cdefghij" "defghijk"
-               "efghijkl" "fghijklm" "ghijklmn" "hijklmno"
-               "ijklmnop" "jklmnopq" "klmnopqr" "lmnopqrs"
-               "mnopqrst" "nopqrstu", 112, md, NULL, EVP_sha384(), NULL);
-    if (memcmp(md, app_d2, sizeof(app_d2))) {
-        fflush(stdout);
-        fprintf(stderr, "\nTEST 2 of 3 failed.\n");
-        return 1;
-    } else
-        fprintf(stdout, ".");
-    fflush(stdout);
-
-    EVP_MD_CTX_init(&evp);
-    EVP_DigestInit_ex(&evp, EVP_sha384(), NULL);
-    for (i = 0; i < 1000000; i += 64)
-        EVP_DigestUpdate(&evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-                         "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa",
-                         (1000000 - i) < 64 ? 1000000 - i : 64);
-    EVP_DigestFinal_ex(&evp, md, NULL);
-    EVP_MD_CTX_cleanup(&evp);
-
-    if (memcmp(md, app_d3, sizeof(app_d3))) {
-        fflush(stdout);
-        fprintf(stderr, "\nTEST 3 of 3 failed.\n");
-        return 1;
-    } else
-        fprintf(stdout, ".");
-    fflush(stdout);
-
-    fprintf(stdout, " passed.\n");
-    fflush(stdout);
-
-    return 0;
-}
-#endif
diff --git a/freebsd/crypto/openssl/crypto/sha/sha_dgst.c b/freebsd/crypto/openssl/crypto/sha/sha_dgst.c
deleted file mode 100644
index 57e788f7..00000000
--- a/freebsd/crypto/openssl/crypto/sha/sha_dgst.c
+++ /dev/null
@@ -1,76 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/sha/sha1dgst.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/crypto.h>
-#include <openssl/opensslconf.h>
-#if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA)
-
-# undef  SHA_1
-# define SHA_0
-
-# include <openssl/opensslv.h>
-
-const char SHA_version[] = "SHA" OPENSSL_VERSION_PTEXT;
-
-/* The implementation is in ../md32_common.h */
-
-# include "sha_locl.h"
-
-#endif
diff --git a/freebsd/crypto/openssl/crypto/sha/sha_locl.h b/freebsd/crypto/openssl/crypto/sha/sha_locl.h
index 03bd411e..4e5a0903 100644
--- a/freebsd/crypto/openssl/crypto/sha/sha_locl.h
+++ b/freebsd/crypto/openssl/crypto/sha/sha_locl.h
@@ -1,59 +1,10 @@
-/* crypto/sha/sha_locl.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdlib.h>
@@ -76,45 +27,22 @@
         ll=(c)->h4; (void)HOST_l2c(ll,(s));     \
         } while (0)
 
-#if defined(SHA_0)
-
-# define HASH_UPDATE                    SHA_Update
-# define HASH_TRANSFORM                 SHA_Transform
-# define HASH_FINAL                     SHA_Final
-# define HASH_INIT                      SHA_Init
-# define HASH_BLOCK_DATA_ORDER          sha_block_data_order
-# define Xupdate(a,ix,ia,ib,ic,id)      (ix=(a)=(ia^ib^ic^id))
-
-static void sha_block_data_order(SHA_CTX *c, const void *p, size_t num);
-
-#elif defined(SHA_1)
-
-# define HASH_UPDATE                    SHA1_Update
-# define HASH_TRANSFORM                 SHA1_Transform
-# define HASH_FINAL                     SHA1_Final
-# define HASH_INIT                      SHA1_Init
-# define HASH_BLOCK_DATA_ORDER          sha1_block_data_order
-# if defined(__MWERKS__) && defined(__MC68K__)
-   /* Metrowerks for Motorola fails otherwise:-( <appro@fy.chalmers.se> */
-#  define Xupdate(a,ix,ia,ib,ic,id)     do { (a)=(ia^ib^ic^id);         \
-                                             ix=(a)=ROTATE((a),1);      \
-                                        } while (0)
-# else
-#  define Xupdate(a,ix,ia,ib,ic,id)     ( (a)=(ia^ib^ic^id),    \
+#define HASH_UPDATE                     SHA1_Update
+#define HASH_TRANSFORM                  SHA1_Transform
+#define HASH_FINAL                      SHA1_Final
+#define HASH_INIT                       SHA1_Init
+#define HASH_BLOCK_DATA_ORDER           sha1_block_data_order
+#define Xupdate(a,ix,ia,ib,ic,id)       ( (a)=(ia^ib^ic^id),    \
                                           ix=(a)=ROTATE((a),1)  \
                                         )
-# endif
-
-# ifndef SHA1_ASM
-static
-# endif
-void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num);
 
+#ifndef SHA1_ASM
+static void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num);
 #else
-# error "Either SHA_0 or SHA_1 must be defined."
+void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num);
 #endif
 
-#include "md32_common.h"
+#include "internal/md32_common.h"
 
 #define INIT_DATA_h0 0x67452301UL
 #define INIT_DATA_h1 0xefcdab89UL
@@ -122,11 +50,7 @@ void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num);
 #define INIT_DATA_h3 0x10325476UL
 #define INIT_DATA_h4 0xc3d2e1f0UL
 
-#ifdef SHA_0
-fips_md_init(SHA)
-#else
-fips_md_init_ctx(SHA1, SHA)
-#endif
+int HASH_INIT(SHA_CTX *c)
 {
     memset(c, 0, sizeof(*c));
     c->h0 = INIT_DATA_h0;
@@ -143,11 +67,12 @@ fips_md_init_ctx(SHA1, SHA)
 #define K_60_79 0xca62c1d6UL
 
 /*
- * As pointed out by Wei Dai <weidai@eskimo.com>, F() below can be simplified
- * to the code in F_00_19.  Wei attributes these optimisations to Peter
- * Gutmann's SHS code, and he attributes it to Rich Schroeppel. #define
- * F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) I've just become aware of another
- * tweak to be made, again from Wei Dai, in F_40_59, (x&a)|(y&a) -> (x|y)&a
+ * As pointed out by Wei Dai, F() below can be simplified to the code in
+ * F_00_19.  Wei attributes these optimizations to Peter Gutmann's SHS code,
+ * and he attributes it to Rich Schroeppel.
+ *      #define F(x,y,z) (((x) & (y)) | ((~(x)) & (z)))
+ * I've just become aware of another tweak to be made, again from Wei Dai,
+ * in F_40_59, (x&a)|(y&a) -> (x|y)&a
  */
 #define F_00_19(b,c,d)  ((((c) ^ (d)) & (b)) ^ (d))
 #define F_20_39(b,c,d)  ((b) ^ (c) ^ (d))
@@ -191,12 +116,11 @@ fips_md_init_ctx(SHA1, SHA)
 # ifndef MD32_XARRAY
   /*
    * Originally X was an array. As it's automatic it's natural
-   * to expect RISC compiler to accomodate at least part of it in
+   * to expect RISC compiler to accommodate at least part of it in
    * the register bank, isn't it? Unfortunately not all compilers
    * "find" this expectation reasonable:-( On order to make such
    * compilers generate better code I replace X[] with a bunch of
    * X0, X1, etc. See the function body below...
-   *                                    <appro@fy.chalmers.se>
    */
 #  define X(i)   XX##i
 # else
@@ -208,7 +132,7 @@ fips_md_init_ctx(SHA1, SHA)
 #  define X(i)   XX[i]
 # endif
 
-# if !defined(SHA_1) || !defined(SHA1_ASM)
+# if !defined(SHA1_ASM)
 static void HASH_BLOCK_DATA_ORDER(SHA_CTX *c, const void *p, size_t num)
 {
     const unsigned char *data = p;
@@ -442,7 +366,7 @@ static void HASH_BLOCK_DATA_ORDER(SHA_CTX *c, const void *p, size_t num)
         E=D, D=C, C=ROTATE(B,30), B=A;  \
         A=ROTATE(A,5)+T+xa;         } while(0)
 
-# if !defined(SHA_1) || !defined(SHA1_ASM)
+# if !defined(SHA1_ASM)
 static void HASH_BLOCK_DATA_ORDER(SHA_CTX *c, const void *p, size_t num)
 {
     const unsigned char *data = p;
@@ -458,7 +382,7 @@ static void HASH_BLOCK_DATA_ORDER(SHA_CTX *c, const void *p, size_t num)
 
     for (;;) {
         for (i = 0; i < 16; i++) {
-            HOST_c2l(data, l);
+            (void)HOST_c2l(data, l);
             X[i] = l;
             BODY_00_15(X[i]);
         }
diff --git a/freebsd/crypto/openssl/crypto/sha/sha_one.c b/freebsd/crypto/openssl/crypto/sha/sha_one.c
deleted file mode 100644
index 7d2183b6..00000000
--- a/freebsd/crypto/openssl/crypto/sha/sha_one.c
+++ /dev/null
@@ -1,81 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/sha/sha_one.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/sha.h>
-#include <openssl/crypto.h>
-
-#ifndef OPENSSL_NO_SHA0
-unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md)
-{
-    SHA_CTX c;
-    static unsigned char m[SHA_DIGEST_LENGTH];
-
-    if (md == NULL)
-        md = m;
-    if (!SHA_Init(&c))
-        return NULL;
-    SHA_Update(&c, d, n);
-    SHA_Final(md, &c);
-    OPENSSL_cleanse(&c, sizeof(c));
-    return (md);
-}
-#endif
diff --git a/freebsd/crypto/openssl/crypto/sha/shatest.c b/freebsd/crypto/openssl/crypto/sha/shatest.c
deleted file mode 100644
index 351b569b..00000000
--- a/freebsd/crypto/openssl/crypto/sha/shatest.c
+++ /dev/null
@@ -1,176 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/sha/shatest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-#include "../e_os.h"
-
-#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA0)
-int main(int argc, char *argv[])
-{
-    printf("No SHA0 support\n");
-    return (0);
-}
-#else
-# include <openssl/evp.h>
-# include <openssl/sha.h>
-
-# ifdef CHARSET_EBCDIC
-#  include <openssl/ebcdic.h>
-# endif
-
-# define SHA_0                  /* FIPS 180 */
-# undef  SHA_1                  /* FIPS 180-1 */
-
-static char *test[] = {
-    "abc",
-    "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
-    NULL,
-};
-
-# ifdef SHA_0
-static char *ret[] = {
-    "0164b8a914cd2a5e74c4f7ff082c4d97f1edf880",
-    "d2516ee1acfa5baf33dfc1c471e438449ef134c8",
-};
-
-static char *bigret = "3232affa48628a26653b5aaa44541fd90d690603";
-# endif
-# ifdef SHA_1
-static char *ret[] = {
-    "a9993e364706816aba3e25717850c26c9cd0d89d",
-    "84983e441c3bd26ebaae4aa1f95129e5e54670f1",
-};
-
-static char *bigret = "34aa973cd4c4daa4f61eeb2bdbad27316534016f";
-# endif
-
-static char *pt(unsigned char *md);
-int main(int argc, char *argv[])
-{
-    int i, err = 0;
-    char **P, **R;
-    static unsigned char buf[1000];
-    char *p, *r;
-    EVP_MD_CTX c;
-    unsigned char md[SHA_DIGEST_LENGTH];
-
-# ifdef CHARSET_EBCDIC
-    ebcdic2ascii(test[0], test[0], strlen(test[0]));
-    ebcdic2ascii(test[1], test[1], strlen(test[1]));
-# endif
-
-    EVP_MD_CTX_init(&c);
-    P = test;
-    R = ret;
-    i = 1;
-    while (*P != NULL) {
-        EVP_Digest(*P, strlen(*P), md, NULL, EVP_sha(), NULL);
-        p = pt(md);
-        if (strcmp(p, *R) != 0) {
-            printf("error calculating SHA on '%s'\n", *P);
-            printf("got %s instead of %s\n", p, *R);
-            err++;
-        } else
-            printf("test %d ok\n", i);
-        i++;
-        R++;
-        P++;
-    }
-
-    memset(buf, 'a', 1000);
-# ifdef CHARSET_EBCDIC
-    ebcdic2ascii(buf, buf, 1000);
-# endif                         /* CHARSET_EBCDIC */
-    EVP_DigestInit_ex(&c, EVP_sha(), NULL);
-    for (i = 0; i < 1000; i++)
-        EVP_DigestUpdate(&c, buf, 1000);
-    EVP_DigestFinal_ex(&c, md, NULL);
-    p = pt(md);
-
-    r = bigret;
-    if (strcmp(p, r) != 0) {
-        printf("error calculating SHA on '%s'\n", p);
-        printf("got %s instead of %s\n", p, r);
-        err++;
-    } else
-        printf("test 3 ok\n");
-
-# ifdef OPENSSL_SYS_NETWARE
-    if (err)
-        printf("ERROR: %d\n", err);
-# endif
-    EVP_MD_CTX_cleanup(&c);
-    EXIT(err);
-    return (0);
-}
-
-static char *pt(unsigned char *md)
-{
-    int i;
-    static char buf[80];
-
-    for (i = 0; i < SHA_DIGEST_LENGTH; i++)
-        sprintf(&(buf[i * 2]), "%02x", md[i]);
-    return (buf);
-}
-#endif
diff --git a/freebsd/crypto/openssl/crypto/siphash/siphash.c b/freebsd/crypto/openssl/crypto/siphash/siphash.c
new file mode 100644
index 00000000..66665b1b
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/siphash/siphash.c
@@ -0,0 +1,250 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Based on https://131002.net/siphash C reference implementation */
+/*
+   SipHash reference C implementation
+
+   Copyright (c) 2012-2016 Jean-Philippe Aumasson
+   Copyright (c) 2012-2014 Daniel J. Bernstein
+
+   To the extent possible under law, the author(s) have dedicated all copyright
+   and related and neighboring rights to this software to the public domain
+   worldwide. This software is distributed without any warranty.
+
+   You should have received a copy of the CC0 Public Domain Dedication along
+   with this software. If not, see
+   <http://creativecommons.org/publicdomain/zero/1.0/>.
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/crypto.h>
+
+#include "internal/siphash.h"
+#include "siphash_local.h"
+
+/* default: SipHash-2-4 */
+#define SIPHASH_C_ROUNDS 2
+#define SIPHASH_D_ROUNDS 4
+
+#define ROTL(x, b) (uint64_t)(((x) << (b)) | ((x) >> (64 - (b))))
+
+#define U32TO8_LE(p, v)                                                        \
+    (p)[0] = (uint8_t)((v));                                                   \
+    (p)[1] = (uint8_t)((v) >> 8);                                              \
+    (p)[2] = (uint8_t)((v) >> 16);                                             \
+    (p)[3] = (uint8_t)((v) >> 24);
+
+#define U64TO8_LE(p, v)                                                        \
+    U32TO8_LE((p), (uint32_t)((v)));                                           \
+    U32TO8_LE((p) + 4, (uint32_t)((v) >> 32));
+
+#define U8TO64_LE(p)                                                           \
+    (((uint64_t)((p)[0])) | ((uint64_t)((p)[1]) << 8) |                        \
+     ((uint64_t)((p)[2]) << 16) | ((uint64_t)((p)[3]) << 24) |                 \
+     ((uint64_t)((p)[4]) << 32) | ((uint64_t)((p)[5]) << 40) |                 \
+     ((uint64_t)((p)[6]) << 48) | ((uint64_t)((p)[7]) << 56))
+
+#define SIPROUND                                                               \
+    do {                                                                       \
+        v0 += v1;                                                              \
+        v1 = ROTL(v1, 13);                                                     \
+        v1 ^= v0;                                                              \
+        v0 = ROTL(v0, 32);                                                     \
+        v2 += v3;                                                              \
+        v3 = ROTL(v3, 16);                                                     \
+        v3 ^= v2;                                                              \
+        v0 += v3;                                                              \
+        v3 = ROTL(v3, 21);                                                     \
+        v3 ^= v0;                                                              \
+        v2 += v1;                                                              \
+        v1 = ROTL(v1, 17);                                                     \
+        v1 ^= v2;                                                              \
+        v2 = ROTL(v2, 32);                                                     \
+    } while (0)
+
+size_t SipHash_ctx_size(void)
+{
+    return sizeof(SIPHASH);
+}
+
+size_t SipHash_hash_size(SIPHASH *ctx)
+{
+    return ctx->hash_size;
+}
+
+static size_t siphash_adjust_hash_size(size_t hash_size)
+{
+    if (hash_size == 0)
+        hash_size = SIPHASH_MAX_DIGEST_SIZE;
+    return hash_size;
+}
+
+int SipHash_set_hash_size(SIPHASH *ctx, size_t hash_size)
+{
+    hash_size = siphash_adjust_hash_size(hash_size);
+    if (hash_size != SIPHASH_MIN_DIGEST_SIZE
+        && hash_size != SIPHASH_MAX_DIGEST_SIZE)
+        return 0;
+
+    ctx->hash_size = hash_size;
+    return 1;
+}
+
+/* hash_size = crounds = drounds = 0 means SipHash24 with 16-byte output */
+int SipHash_Init(SIPHASH *ctx, const unsigned char *k, int crounds, int drounds)
+{
+    uint64_t k0 = U8TO64_LE(k);
+    uint64_t k1 = U8TO64_LE(k + 8);
+
+    /* If the hash size wasn't set, i.e. is zero */
+    ctx->hash_size = siphash_adjust_hash_size(ctx->hash_size);
+
+    if (drounds == 0)
+        drounds = SIPHASH_D_ROUNDS;
+    if (crounds == 0)
+        crounds = SIPHASH_C_ROUNDS;
+
+    ctx->crounds = crounds;
+    ctx->drounds = drounds;
+
+    ctx->len = 0;
+    ctx->total_inlen = 0;
+
+    ctx->v0 = 0x736f6d6570736575ULL ^ k0;
+    ctx->v1 = 0x646f72616e646f6dULL ^ k1;
+    ctx->v2 = 0x6c7967656e657261ULL ^ k0;
+    ctx->v3 = 0x7465646279746573ULL ^ k1;
+
+    if (ctx->hash_size == SIPHASH_MAX_DIGEST_SIZE)
+        ctx->v1 ^= 0xee;
+
+    return 1;
+}
+
+void SipHash_Update(SIPHASH *ctx, const unsigned char *in, size_t inlen)
+{
+    uint64_t m;
+    const uint8_t *end;
+    int left;
+    int i;
+    uint64_t v0 = ctx->v0;
+    uint64_t v1 = ctx->v1;
+    uint64_t v2 = ctx->v2;
+    uint64_t v3 = ctx->v3;
+
+    ctx->total_inlen += inlen;
+
+    if (ctx->len) {
+        /* deal with leavings */
+        size_t available = SIPHASH_BLOCK_SIZE - ctx->len;
+
+        /* not enough to fill leavings */
+        if (inlen < available) {
+            memcpy(&ctx->leavings[ctx->len], in, inlen);
+            ctx->len += inlen;
+            return;
+        }
+
+        /* copy data into leavings and reduce input */
+        memcpy(&ctx->leavings[ctx->len], in, available);
+        inlen -= available;
+        in += available;
+
+        /* process leavings */
+        m = U8TO64_LE(ctx->leavings);
+        v3 ^= m;
+        for (i = 0; i < ctx->crounds; ++i)
+            SIPROUND;
+        v0 ^= m;
+    }
+    left = inlen & (SIPHASH_BLOCK_SIZE-1); /* gets put into leavings */
+    end = in + inlen - left;
+
+    for (; in != end; in += 8) {
+        m = U8TO64_LE(in);
+        v3 ^= m;
+        for (i = 0; i < ctx->crounds; ++i)
+            SIPROUND;
+        v0 ^= m;
+    }
+
+    /* save leavings and other ctx */
+    if (left)
+        memcpy(ctx->leavings, end, left);
+    ctx->len = left;
+
+    ctx->v0 = v0;
+    ctx->v1 = v1;
+    ctx->v2 = v2;
+    ctx->v3 = v3;
+}
+
+int SipHash_Final(SIPHASH *ctx, unsigned char *out, size_t outlen)
+{
+    /* finalize hash */
+    int i;
+    uint64_t b = ctx->total_inlen << 56;
+    uint64_t v0 = ctx->v0;
+    uint64_t v1 = ctx->v1;
+    uint64_t v2 = ctx->v2;
+    uint64_t v3 = ctx->v3;
+
+    if (outlen != (size_t)ctx->hash_size)
+        return 0;
+
+    switch (ctx->len) {
+    case 7:
+        b |= ((uint64_t)ctx->leavings[6]) << 48;
+        /* fall thru */
+    case 6:
+        b |= ((uint64_t)ctx->leavings[5]) << 40;
+        /* fall thru */
+    case 5:
+        b |= ((uint64_t)ctx->leavings[4]) << 32;
+        /* fall thru */
+    case 4:
+        b |= ((uint64_t)ctx->leavings[3]) << 24;
+        /* fall thru */
+    case 3:
+        b |= ((uint64_t)ctx->leavings[2]) << 16;
+        /* fall thru */
+    case 2:
+        b |= ((uint64_t)ctx->leavings[1]) <<  8;
+        /* fall thru */
+    case 1:
+        b |= ((uint64_t)ctx->leavings[0]);
+    case 0:
+        break;
+    }
+
+    v3 ^= b;
+    for (i = 0; i < ctx->crounds; ++i)
+        SIPROUND;
+    v0 ^= b;
+    if (ctx->hash_size == SIPHASH_MAX_DIGEST_SIZE)
+        v2 ^= 0xee;
+    else
+        v2 ^= 0xff;
+    for (i = 0; i < ctx->drounds; ++i)
+        SIPROUND;
+    b = v0 ^ v1 ^ v2  ^ v3;
+    U64TO8_LE(out, b);
+    if (ctx->hash_size == SIPHASH_MIN_DIGEST_SIZE)
+        return 1;
+    v1 ^= 0xdd;
+    for (i = 0; i < ctx->drounds; ++i)
+        SIPROUND;
+    b = v0 ^ v1 ^ v2  ^ v3;
+    U64TO8_LE(out + 8, b);
+    return 1;
+}
diff --git a/freebsd/crypto/openssl/crypto/siphash/siphash_ameth.c b/freebsd/crypto/openssl/crypto/siphash/siphash_ameth.c
new file mode 100644
index 00000000..24caf0ce
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/siphash/siphash_ameth.c
@@ -0,0 +1,125 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include "internal/asn1_int.h"
+#include "internal/siphash.h"
+#include "siphash_local.h"
+#include "internal/evp_int.h"
+
+/*
+ * SIPHASH "ASN1" method. This is just here to indicate the maximum
+ * SIPHASH output length and to free up a SIPHASH key.
+ */
+
+static int siphash_size(const EVP_PKEY *pkey)
+{
+    return SIPHASH_MAX_DIGEST_SIZE;
+}
+
+static void siphash_key_free(EVP_PKEY *pkey)
+{
+    ASN1_OCTET_STRING *os = EVP_PKEY_get0(pkey);
+
+    if (os != NULL) {
+        if (os->data != NULL)
+            OPENSSL_cleanse(os->data, os->length);
+        ASN1_OCTET_STRING_free(os);
+    }
+}
+
+static int siphash_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+{
+    /* nothing (including ASN1_PKEY_CTRL_DEFAULT_MD_NID), is supported */
+    return -2;
+}
+
+static int siphash_pkey_public_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+    return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b));
+}
+
+static int siphash_set_priv_key(EVP_PKEY *pkey, const unsigned char *priv,
+                                size_t len)
+{
+    ASN1_OCTET_STRING *os;
+
+    if (pkey->pkey.ptr != NULL || len != SIPHASH_KEY_SIZE)
+        return 0;
+
+    os = ASN1_OCTET_STRING_new();
+    if (os == NULL)
+        return 0;
+
+    if (!ASN1_OCTET_STRING_set(os, priv, len)) {
+        ASN1_OCTET_STRING_free(os);
+        return 0;
+    }
+
+    pkey->pkey.ptr = os;
+    return 1;
+}
+
+static int siphash_get_priv_key(const EVP_PKEY *pkey, unsigned char *priv,
+                                size_t *len)
+{
+    ASN1_OCTET_STRING *os = (ASN1_OCTET_STRING *)pkey->pkey.ptr;
+
+    if (priv == NULL) {
+        *len = SIPHASH_KEY_SIZE;
+        return 1;
+    }
+
+    if (os == NULL || *len < SIPHASH_KEY_SIZE)
+        return 0;
+
+    memcpy(priv, ASN1_STRING_get0_data(os), ASN1_STRING_length(os));
+    *len = SIPHASH_KEY_SIZE;
+
+    return 1;
+}
+
+const EVP_PKEY_ASN1_METHOD siphash_asn1_meth = {
+    EVP_PKEY_SIPHASH,
+    EVP_PKEY_SIPHASH,
+    0,
+
+    "SIPHASH",
+    "OpenSSL SIPHASH method",
+
+    0, 0, siphash_pkey_public_cmp, 0,
+
+    0, 0, 0,
+
+    siphash_size,
+    0, 0,
+    0, 0, 0, 0, 0, 0, 0,
+
+    siphash_key_free,
+    siphash_pkey_ctrl,
+    NULL,
+    NULL,
+
+    NULL,
+    NULL,
+    NULL,
+
+    NULL,
+    NULL,
+    NULL,
+
+    siphash_set_priv_key,
+    NULL,
+    siphash_get_priv_key,
+    NULL,
+};
diff --git a/freebsd/crypto/openssl/crypto/siphash/siphash_local.h b/freebsd/crypto/openssl/crypto/siphash/siphash_local.h
new file mode 100644
index 00000000..5ad34764
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/siphash/siphash_local.h
@@ -0,0 +1,23 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Based on https://131002.net/siphash C reference implementation */
+
+struct siphash_st {
+    uint64_t total_inlen;
+    uint64_t v0;
+    uint64_t v1;
+    uint64_t v2;
+    uint64_t v3;
+    unsigned int len;
+    int hash_size;
+    int crounds;
+    int drounds;
+    unsigned char leavings[SIPHASH_BLOCK_SIZE];
+};
diff --git a/freebsd/crypto/openssl/crypto/siphash/siphash_pmeth.c b/freebsd/crypto/openssl/crypto/siphash/siphash_pmeth.c
new file mode 100644
index 00000000..78678d3d
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/siphash/siphash_pmeth.c
@@ -0,0 +1,207 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include "internal/siphash.h"
+#include "siphash_local.h"
+#include "internal/evp_int.h"
+
+/* SIPHASH pkey context structure */
+
+typedef struct siphash_pkey_ctx_st {
+    ASN1_OCTET_STRING ktmp;     /* Temp storage for key */
+    SIPHASH ctx;
+} SIPHASH_PKEY_CTX;
+
+static int pkey_siphash_init(EVP_PKEY_CTX *ctx)
+{
+    SIPHASH_PKEY_CTX *pctx;
+
+    if ((pctx = OPENSSL_zalloc(sizeof(*pctx))) == NULL) {
+        CRYPTOerr(CRYPTO_F_PKEY_SIPHASH_INIT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    pctx->ktmp.type = V_ASN1_OCTET_STRING;
+
+    EVP_PKEY_CTX_set_data(ctx, pctx);
+    EVP_PKEY_CTX_set0_keygen_info(ctx, NULL, 0);
+    return 1;
+}
+
+static void pkey_siphash_cleanup(EVP_PKEY_CTX *ctx)
+{
+    SIPHASH_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(ctx);
+
+    if (pctx != NULL) {
+        OPENSSL_clear_free(pctx->ktmp.data, pctx->ktmp.length);
+        OPENSSL_clear_free(pctx, sizeof(*pctx));
+        EVP_PKEY_CTX_set_data(ctx, NULL);
+    }
+}
+
+static int pkey_siphash_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
+{
+    SIPHASH_PKEY_CTX *sctx, *dctx;
+
+    /* allocate memory for dst->data and a new SIPHASH_CTX in dst->data->ctx */
+    if (!pkey_siphash_init(dst))
+        return 0;
+    sctx = EVP_PKEY_CTX_get_data(src);
+    dctx = EVP_PKEY_CTX_get_data(dst);
+    if (ASN1_STRING_get0_data(&sctx->ktmp) != NULL &&
+        !ASN1_STRING_copy(&dctx->ktmp, &sctx->ktmp)) {
+        /* cleanup and free the SIPHASH_PKEY_CTX in dst->data */
+        pkey_siphash_cleanup(dst);
+        return 0;
+    }
+    memcpy(&dctx->ctx, &sctx->ctx, sizeof(SIPHASH));
+    return 1;
+}
+
+static int pkey_siphash_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+    ASN1_OCTET_STRING *key;
+    SIPHASH_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(ctx);
+
+    if (ASN1_STRING_get0_data(&pctx->ktmp) == NULL)
+        return 0;
+    key = ASN1_OCTET_STRING_dup(&pctx->ktmp);
+    if (key == NULL)
+        return 0;
+    return EVP_PKEY_assign_SIPHASH(pkey, key);
+}
+
+static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    SIPHASH_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(EVP_MD_CTX_pkey_ctx(ctx));
+
+    SipHash_Update(&pctx->ctx, data, count);
+    return 1;
+}
+
+static int siphash_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
+{
+    SIPHASH_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(ctx);
+    const unsigned char* key;
+    size_t len;
+
+    key = EVP_PKEY_get0_siphash(EVP_PKEY_CTX_get0_pkey(ctx), &len);
+    if (key == NULL || len != SIPHASH_KEY_SIZE)
+        return 0;
+    EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT);
+    EVP_MD_CTX_set_update_fn(mctx, int_update);
+    return SipHash_Init(&pctx->ctx, key, 0, 0);
+}
+static int siphash_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                            EVP_MD_CTX *mctx)
+{
+    SIPHASH_PKEY_CTX *pctx = ctx->data;
+
+    *siglen = SipHash_hash_size(&pctx->ctx);
+    if (sig != NULL)
+        return SipHash_Final(&pctx->ctx, sig, *siglen);
+    return 1;
+}
+
+static int pkey_siphash_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    SIPHASH_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(ctx);
+    const unsigned char *key;
+    size_t len;
+
+    switch (type) {
+
+    case EVP_PKEY_CTRL_MD:
+        /* ignore */
+        break;
+
+    case EVP_PKEY_CTRL_SET_DIGEST_SIZE:
+        return SipHash_set_hash_size(&pctx->ctx, p1);
+
+    case EVP_PKEY_CTRL_SET_MAC_KEY:
+    case EVP_PKEY_CTRL_DIGESTINIT:
+        if (type == EVP_PKEY_CTRL_SET_MAC_KEY) {
+            /* user explicitly setting the key */
+            key = p2;
+            len = p1;
+        } else {
+            /* user indirectly setting the key via EVP_DigestSignInit */
+            key = EVP_PKEY_get0_siphash(EVP_PKEY_CTX_get0_pkey(ctx), &len);
+        }
+        if (key == NULL || len != SIPHASH_KEY_SIZE ||
+            !ASN1_OCTET_STRING_set(&pctx->ktmp, key, len))
+            return 0;
+        /* use default rounds (2,4) */
+        return SipHash_Init(&pctx->ctx, ASN1_STRING_get0_data(&pctx->ktmp),
+                            0, 0);
+
+    default:
+        return -2;
+
+    }
+    return 1;
+}
+
+static int pkey_siphash_ctrl_str(EVP_PKEY_CTX *ctx,
+                                  const char *type, const char *value)
+{
+    if (value == NULL)
+        return 0;
+    if (strcmp(type, "digestsize") == 0) {
+        size_t hash_size = atoi(value);
+
+        return pkey_siphash_ctrl(ctx, EVP_PKEY_CTRL_SET_DIGEST_SIZE, hash_size,
+                                 NULL);
+    }
+    if (strcmp(type, "key") == 0)
+        return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value);
+    if (strcmp(type, "hexkey") == 0)
+        return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value);
+    return -2;
+}
+
+const EVP_PKEY_METHOD siphash_pkey_meth = {
+    EVP_PKEY_SIPHASH,
+    EVP_PKEY_FLAG_SIGCTX_CUSTOM, /* we don't deal with a separate MD */
+    pkey_siphash_init,
+    pkey_siphash_copy,
+    pkey_siphash_cleanup,
+
+    0, 0,
+
+    0,
+    pkey_siphash_keygen,
+
+    0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    siphash_signctx_init,
+    siphash_signctx,
+
+    0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    pkey_siphash_ctrl,
+    pkey_siphash_ctrl_str
+};
diff --git a/freebsd/crypto/openssl/crypto/sm2/sm2_crypt.c b/freebsd/crypto/openssl/crypto/sm2/sm2_crypt.c
new file mode 100644
index 00000000..094e7dd2
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/sm2/sm2_crypt.c
@@ -0,0 +1,394 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ * Ported from Ribose contributions from Botan.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/sm2.h"
+#include "internal/sm2err.h"
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <string.h>
+
+typedef struct SM2_Ciphertext_st SM2_Ciphertext;
+DECLARE_ASN1_FUNCTIONS(SM2_Ciphertext)
+
+struct SM2_Ciphertext_st {
+    BIGNUM *C1x;
+    BIGNUM *C1y;
+    ASN1_OCTET_STRING *C3;
+    ASN1_OCTET_STRING *C2;
+};
+
+ASN1_SEQUENCE(SM2_Ciphertext) = {
+    ASN1_SIMPLE(SM2_Ciphertext, C1x, BIGNUM),
+    ASN1_SIMPLE(SM2_Ciphertext, C1y, BIGNUM),
+    ASN1_SIMPLE(SM2_Ciphertext, C3, ASN1_OCTET_STRING),
+    ASN1_SIMPLE(SM2_Ciphertext, C2, ASN1_OCTET_STRING),
+} ASN1_SEQUENCE_END(SM2_Ciphertext)
+
+IMPLEMENT_ASN1_FUNCTIONS(SM2_Ciphertext)
+
+static size_t ec_field_size(const EC_GROUP *group)
+{
+    /* Is there some simpler way to do this? */
+    BIGNUM *p = BN_new();
+    BIGNUM *a = BN_new();
+    BIGNUM *b = BN_new();
+    size_t field_size = 0;
+
+    if (p == NULL || a == NULL || b == NULL)
+       goto done;
+
+    if (!EC_GROUP_get_curve(group, p, a, b, NULL))
+        goto done;
+    field_size = (BN_num_bits(p) + 7) / 8;
+
+ done:
+    BN_free(p);
+    BN_free(a);
+    BN_free(b);
+
+    return field_size;
+}
+
+int sm2_plaintext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len,
+                       size_t *pt_size)
+{
+    const size_t field_size = ec_field_size(EC_KEY_get0_group(key));
+    const int md_size = EVP_MD_size(digest);
+    size_t overhead;
+
+    if (md_size < 0) {
+        SM2err(SM2_F_SM2_PLAINTEXT_SIZE, SM2_R_INVALID_DIGEST);
+        return 0;
+    }
+    if (field_size == 0) {
+        SM2err(SM2_F_SM2_PLAINTEXT_SIZE, SM2_R_INVALID_FIELD);
+        return 0;
+    }
+
+    overhead = 10 + 2 * field_size + (size_t)md_size;
+    if (msg_len <= overhead) {
+        SM2err(SM2_F_SM2_PLAINTEXT_SIZE, SM2_R_INVALID_ENCODING);
+        return 0;
+    }
+
+    *pt_size = msg_len - overhead;
+    return 1;
+}
+
+int sm2_ciphertext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len,
+                        size_t *ct_size)
+{
+    const size_t field_size = ec_field_size(EC_KEY_get0_group(key));
+    const int md_size = EVP_MD_size(digest);
+    size_t sz;
+
+    if (field_size == 0 || md_size < 0)
+        return 0;
+
+    /* Integer and string are simple type; set constructed = 0, means primitive and definite length encoding. */
+    sz = 2 * ASN1_object_size(0, field_size + 1, V_ASN1_INTEGER)
+         + ASN1_object_size(0, md_size, V_ASN1_OCTET_STRING)
+         + ASN1_object_size(0, msg_len, V_ASN1_OCTET_STRING);
+    /* Sequence is structured type; set constructed = 1, means constructed and definite length encoding. */
+    *ct_size = ASN1_object_size(1, sz, V_ASN1_SEQUENCE);
+
+    return 1;
+}
+
+int sm2_encrypt(const EC_KEY *key,
+                const EVP_MD *digest,
+                const uint8_t *msg,
+                size_t msg_len, uint8_t *ciphertext_buf, size_t *ciphertext_len)
+{
+    int rc = 0, ciphertext_leni;
+    size_t i;
+    BN_CTX *ctx = NULL;
+    BIGNUM *k = NULL;
+    BIGNUM *x1 = NULL;
+    BIGNUM *y1 = NULL;
+    BIGNUM *x2 = NULL;
+    BIGNUM *y2 = NULL;
+    EVP_MD_CTX *hash = EVP_MD_CTX_new();
+    struct SM2_Ciphertext_st ctext_struct;
+    const EC_GROUP *group = EC_KEY_get0_group(key);
+    const BIGNUM *order = EC_GROUP_get0_order(group);
+    const EC_POINT *P = EC_KEY_get0_public_key(key);
+    EC_POINT *kG = NULL;
+    EC_POINT *kP = NULL;
+    uint8_t *msg_mask = NULL;
+    uint8_t *x2y2 = NULL;
+    uint8_t *C3 = NULL;
+    size_t field_size;
+    const int C3_size = EVP_MD_size(digest);
+
+    /* NULL these before any "goto done" */
+    ctext_struct.C2 = NULL;
+    ctext_struct.C3 = NULL;
+
+    if (hash == NULL || C3_size <= 0) {
+        SM2err(SM2_F_SM2_ENCRYPT, ERR_R_INTERNAL_ERROR);
+        goto done;
+    }
+
+    field_size = ec_field_size(group);
+    if (field_size == 0) {
+        SM2err(SM2_F_SM2_ENCRYPT, ERR_R_INTERNAL_ERROR);
+        goto done;
+    }
+
+    kG = EC_POINT_new(group);
+    kP = EC_POINT_new(group);
+    ctx = BN_CTX_new();
+    if (kG == NULL || kP == NULL || ctx == NULL) {
+        SM2err(SM2_F_SM2_ENCRYPT, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    BN_CTX_start(ctx);
+    k = BN_CTX_get(ctx);
+    x1 = BN_CTX_get(ctx);
+    x2 = BN_CTX_get(ctx);
+    y1 = BN_CTX_get(ctx);
+    y2 = BN_CTX_get(ctx);
+
+    if (y2 == NULL) {
+        SM2err(SM2_F_SM2_ENCRYPT, ERR_R_BN_LIB);
+        goto done;
+    }
+
+    x2y2 = OPENSSL_zalloc(2 * field_size);
+    C3 = OPENSSL_zalloc(C3_size);
+
+    if (x2y2 == NULL || C3 == NULL) {
+        SM2err(SM2_F_SM2_ENCRYPT, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    memset(ciphertext_buf, 0, *ciphertext_len);
+
+    if (!BN_priv_rand_range(k, order)) {
+        SM2err(SM2_F_SM2_ENCRYPT, ERR_R_INTERNAL_ERROR);
+        goto done;
+    }
+
+    if (!EC_POINT_mul(group, kG, k, NULL, NULL, ctx)
+            || !EC_POINT_get_affine_coordinates(group, kG, x1, y1, ctx)
+            || !EC_POINT_mul(group, kP, NULL, P, k, ctx)
+            || !EC_POINT_get_affine_coordinates(group, kP, x2, y2, ctx)) {
+        SM2err(SM2_F_SM2_ENCRYPT, ERR_R_EC_LIB);
+        goto done;
+    }
+
+    if (BN_bn2binpad(x2, x2y2, field_size) < 0
+            || BN_bn2binpad(y2, x2y2 + field_size, field_size) < 0) {
+        SM2err(SM2_F_SM2_ENCRYPT, ERR_R_INTERNAL_ERROR);
+        goto done;
+    }
+
+    msg_mask = OPENSSL_zalloc(msg_len);
+    if (msg_mask == NULL) {
+       SM2err(SM2_F_SM2_ENCRYPT, ERR_R_MALLOC_FAILURE);
+       goto done;
+   }
+
+    /* X9.63 with no salt happens to match the KDF used in SM2 */
+    if (!ECDH_KDF_X9_62(msg_mask, msg_len, x2y2, 2 * field_size, NULL, 0,
+                        digest)) {
+        SM2err(SM2_F_SM2_ENCRYPT, ERR_R_EVP_LIB);
+        goto done;
+    }
+
+    for (i = 0; i != msg_len; ++i)
+        msg_mask[i] ^= msg[i];
+
+    if (EVP_DigestInit(hash, digest) == 0
+            || EVP_DigestUpdate(hash, x2y2, field_size) == 0
+            || EVP_DigestUpdate(hash, msg, msg_len) == 0
+            || EVP_DigestUpdate(hash, x2y2 + field_size, field_size) == 0
+            || EVP_DigestFinal(hash, C3, NULL) == 0) {
+        SM2err(SM2_F_SM2_ENCRYPT, ERR_R_EVP_LIB);
+        goto done;
+    }
+
+    ctext_struct.C1x = x1;
+    ctext_struct.C1y = y1;
+    ctext_struct.C3 = ASN1_OCTET_STRING_new();
+    ctext_struct.C2 = ASN1_OCTET_STRING_new();
+
+    if (ctext_struct.C3 == NULL || ctext_struct.C2 == NULL) {
+       SM2err(SM2_F_SM2_ENCRYPT, ERR_R_MALLOC_FAILURE);
+       goto done;
+    }
+    if (!ASN1_OCTET_STRING_set(ctext_struct.C3, C3, C3_size)
+            || !ASN1_OCTET_STRING_set(ctext_struct.C2, msg_mask, msg_len)) {
+        SM2err(SM2_F_SM2_ENCRYPT, ERR_R_INTERNAL_ERROR);
+        goto done;
+    }
+
+    ciphertext_leni = i2d_SM2_Ciphertext(&ctext_struct, &ciphertext_buf);
+    /* Ensure cast to size_t is safe */
+    if (ciphertext_leni < 0) {
+        SM2err(SM2_F_SM2_ENCRYPT, ERR_R_INTERNAL_ERROR);
+        goto done;
+    }
+    *ciphertext_len = (size_t)ciphertext_leni;
+
+    rc = 1;
+
+ done:
+    ASN1_OCTET_STRING_free(ctext_struct.C2);
+    ASN1_OCTET_STRING_free(ctext_struct.C3);
+    OPENSSL_free(msg_mask);
+    OPENSSL_free(x2y2);
+    OPENSSL_free(C3);
+    EVP_MD_CTX_free(hash);
+    BN_CTX_free(ctx);
+    EC_POINT_free(kG);
+    EC_POINT_free(kP);
+    return rc;
+}
+
+int sm2_decrypt(const EC_KEY *key,
+                const EVP_MD *digest,
+                const uint8_t *ciphertext,
+                size_t ciphertext_len, uint8_t *ptext_buf, size_t *ptext_len)
+{
+    int rc = 0;
+    int i;
+    BN_CTX *ctx = NULL;
+    const EC_GROUP *group = EC_KEY_get0_group(key);
+    EC_POINT *C1 = NULL;
+    struct SM2_Ciphertext_st *sm2_ctext = NULL;
+    BIGNUM *x2 = NULL;
+    BIGNUM *y2 = NULL;
+    uint8_t *x2y2 = NULL;
+    uint8_t *computed_C3 = NULL;
+    const size_t field_size = ec_field_size(group);
+    const int hash_size = EVP_MD_size(digest);
+    uint8_t *msg_mask = NULL;
+    const uint8_t *C2 = NULL;
+    const uint8_t *C3 = NULL;
+    int msg_len = 0;
+    EVP_MD_CTX *hash = NULL;
+
+    if (field_size == 0 || hash_size <= 0)
+       goto done;
+
+    memset(ptext_buf, 0xFF, *ptext_len);
+
+    sm2_ctext = d2i_SM2_Ciphertext(NULL, &ciphertext, ciphertext_len);
+
+    if (sm2_ctext == NULL) {
+        SM2err(SM2_F_SM2_DECRYPT, SM2_R_ASN1_ERROR);
+        goto done;
+    }
+
+    if (sm2_ctext->C3->length != hash_size) {
+        SM2err(SM2_F_SM2_DECRYPT, SM2_R_INVALID_ENCODING);
+        goto done;
+    }
+
+    C2 = sm2_ctext->C2->data;
+    C3 = sm2_ctext->C3->data;
+    msg_len = sm2_ctext->C2->length;
+
+    ctx = BN_CTX_new();
+    if (ctx == NULL) {
+        SM2err(SM2_F_SM2_DECRYPT, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    BN_CTX_start(ctx);
+    x2 = BN_CTX_get(ctx);
+    y2 = BN_CTX_get(ctx);
+
+    if (y2 == NULL) {
+        SM2err(SM2_F_SM2_DECRYPT, ERR_R_BN_LIB);
+        goto done;
+    }
+
+    msg_mask = OPENSSL_zalloc(msg_len);
+    x2y2 = OPENSSL_zalloc(2 * field_size);
+    computed_C3 = OPENSSL_zalloc(hash_size);
+
+    if (msg_mask == NULL || x2y2 == NULL || computed_C3 == NULL) {
+        SM2err(SM2_F_SM2_DECRYPT, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    C1 = EC_POINT_new(group);
+    if (C1 == NULL) {
+        SM2err(SM2_F_SM2_DECRYPT, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    if (!EC_POINT_set_affine_coordinates(group, C1, sm2_ctext->C1x,
+                                         sm2_ctext->C1y, ctx)
+            || !EC_POINT_mul(group, C1, NULL, C1, EC_KEY_get0_private_key(key),
+                             ctx)
+            || !EC_POINT_get_affine_coordinates(group, C1, x2, y2, ctx)) {
+        SM2err(SM2_F_SM2_DECRYPT, ERR_R_EC_LIB);
+        goto done;
+    }
+
+    if (BN_bn2binpad(x2, x2y2, field_size) < 0
+            || BN_bn2binpad(y2, x2y2 + field_size, field_size) < 0
+            || !ECDH_KDF_X9_62(msg_mask, msg_len, x2y2, 2 * field_size, NULL, 0,
+                               digest)) {
+        SM2err(SM2_F_SM2_DECRYPT, ERR_R_INTERNAL_ERROR);
+        goto done;
+    }
+
+    for (i = 0; i != msg_len; ++i)
+        ptext_buf[i] = C2[i] ^ msg_mask[i];
+
+    hash = EVP_MD_CTX_new();
+    if (hash == NULL) {
+        SM2err(SM2_F_SM2_DECRYPT, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    if (!EVP_DigestInit(hash, digest)
+            || !EVP_DigestUpdate(hash, x2y2, field_size)
+            || !EVP_DigestUpdate(hash, ptext_buf, msg_len)
+            || !EVP_DigestUpdate(hash, x2y2 + field_size, field_size)
+            || !EVP_DigestFinal(hash, computed_C3, NULL)) {
+        SM2err(SM2_F_SM2_DECRYPT, ERR_R_EVP_LIB);
+        goto done;
+    }
+
+    if (CRYPTO_memcmp(computed_C3, C3, hash_size) != 0) {
+        SM2err(SM2_F_SM2_DECRYPT, SM2_R_INVALID_DIGEST);
+        goto done;
+    }
+
+    rc = 1;
+    *ptext_len = msg_len;
+
+ done:
+    if (rc == 0)
+        memset(ptext_buf, 0, *ptext_len);
+
+    OPENSSL_free(msg_mask);
+    OPENSSL_free(x2y2);
+    OPENSSL_free(computed_C3);
+    EC_POINT_free(C1);
+    BN_CTX_free(ctx);
+    SM2_Ciphertext_free(sm2_ctext);
+    EVP_MD_CTX_free(hash);
+
+    return rc;
+}
diff --git a/freebsd/crypto/openssl/crypto/sm2/sm2_err.c b/freebsd/crypto/openssl/crypto/sm2/sm2_err.c
new file mode 100644
index 00000000..97055d78
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/sm2/sm2_err.c
@@ -0,0 +1,71 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include "internal/sm2err.h"
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA SM2_str_functs[] = {
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_COPY, 0), "pkey_sm2_copy"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_CTRL, 0), "pkey_sm2_ctrl"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_CTRL_STR, 0), "pkey_sm2_ctrl_str"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_DIGEST_CUSTOM, 0),
+     "pkey_sm2_digest_custom"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_INIT, 0), "pkey_sm2_init"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_SIGN, 0), "pkey_sm2_sign"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_COMPUTE_MSG_HASH, 0),
+     "sm2_compute_msg_hash"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_COMPUTE_USERID_DIGEST, 0),
+     "sm2_compute_userid_digest"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_COMPUTE_Z_DIGEST, 0),
+     "sm2_compute_z_digest"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_DECRYPT, 0), "sm2_decrypt"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_ENCRYPT, 0), "sm2_encrypt"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_PLAINTEXT_SIZE, 0), "sm2_plaintext_size"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_SIGN, 0), "sm2_sign"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_SIG_GEN, 0), "sm2_sig_gen"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_SIG_VERIFY, 0), "sm2_sig_verify"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_VERIFY, 0), "sm2_verify"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA SM2_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_ASN1_ERROR), "asn1 error"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_BAD_SIGNATURE), "bad signature"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_BUFFER_TOO_SMALL), "buffer too small"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_DIST_ID_TOO_LARGE), "dist id too large"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_ID_NOT_SET), "id not set"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_ID_TOO_LARGE), "id too large"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_CURVE), "invalid curve"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_DIGEST), "invalid digest"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_DIGEST_TYPE),
+    "invalid digest type"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_ENCODING), "invalid encoding"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_FIELD), "invalid field"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_NO_PARAMETERS_SET), "no parameters set"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_USER_ID_TOO_LARGE), "user id too large"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_SM2_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(SM2_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(SM2_str_functs);
+        ERR_load_strings_const(SM2_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/freebsd/crypto/openssl/crypto/sm2/sm2_pmeth.c b/freebsd/crypto/openssl/crypto/sm2/sm2_pmeth.c
new file mode 100644
index 00000000..63b83bd3
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/sm2/sm2_pmeth.c
@@ -0,0 +1,327 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/ec.h>
+#include <openssl/evp.h>
+#include "internal/evp_int.h"
+#include "internal/sm2.h"
+#include "internal/sm2err.h"
+
+/* EC pkey context structure */
+
+typedef struct {
+    /* Key and paramgen group */
+    EC_GROUP *gen_group;
+    /* message digest */
+    const EVP_MD *md;
+    /* Distinguishing Identifier, ISO/IEC 15946-3 */
+    uint8_t *id;
+    size_t id_len;
+    /* id_set indicates if the 'id' field is set (1) or not (0) */
+    int id_set;
+} SM2_PKEY_CTX;
+
+static int pkey_sm2_init(EVP_PKEY_CTX *ctx)
+{
+    SM2_PKEY_CTX *smctx;
+
+    if ((smctx = OPENSSL_zalloc(sizeof(*smctx))) == NULL) {
+        SM2err(SM2_F_PKEY_SM2_INIT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    ctx->data = smctx;
+    return 1;
+}
+
+static void pkey_sm2_cleanup(EVP_PKEY_CTX *ctx)
+{
+    SM2_PKEY_CTX *smctx = ctx->data;
+
+    if (smctx != NULL) {
+        EC_GROUP_free(smctx->gen_group);
+        OPENSSL_free(smctx->id);
+        OPENSSL_free(smctx);
+        ctx->data = NULL;
+    }
+}
+
+static int pkey_sm2_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
+{
+    SM2_PKEY_CTX *dctx, *sctx;
+
+    if (!pkey_sm2_init(dst))
+        return 0;
+    sctx = src->data;
+    dctx = dst->data;
+    if (sctx->gen_group != NULL) {
+        dctx->gen_group = EC_GROUP_dup(sctx->gen_group);
+        if (dctx->gen_group == NULL) {
+            pkey_sm2_cleanup(dst);
+            return 0;
+        }
+    }
+    if (sctx->id != NULL) {
+        dctx->id = OPENSSL_malloc(sctx->id_len);
+        if (dctx->id == NULL) {
+            SM2err(SM2_F_PKEY_SM2_COPY, ERR_R_MALLOC_FAILURE);
+            pkey_sm2_cleanup(dst);
+            return 0;
+        }
+        memcpy(dctx->id, sctx->id, sctx->id_len);
+    }
+    dctx->id_len = sctx->id_len;
+    dctx->id_set = sctx->id_set;
+    dctx->md = sctx->md;
+
+    return 1;
+}
+
+static int pkey_sm2_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                         const unsigned char *tbs, size_t tbslen)
+{
+    int ret;
+    unsigned int sltmp;
+    EC_KEY *ec = ctx->pkey->pkey.ec;
+    const int sig_sz = ECDSA_size(ctx->pkey->pkey.ec);
+
+    if (sig_sz <= 0) {
+        return 0;
+    }
+
+    if (sig == NULL) {
+        *siglen = (size_t)sig_sz;
+        return 1;
+    }
+
+    if (*siglen < (size_t)sig_sz) {
+        SM2err(SM2_F_PKEY_SM2_SIGN, SM2_R_BUFFER_TOO_SMALL);
+        return 0;
+    }
+
+    ret = sm2_sign(tbs, tbslen, sig, &sltmp, ec);
+
+    if (ret <= 0)
+        return ret;
+    *siglen = (size_t)sltmp;
+    return 1;
+}
+
+static int pkey_sm2_verify(EVP_PKEY_CTX *ctx,
+                           const unsigned char *sig, size_t siglen,
+                           const unsigned char *tbs, size_t tbslen)
+{
+    EC_KEY *ec = ctx->pkey->pkey.ec;
+
+    return sm2_verify(tbs, tbslen, sig, siglen, ec);
+}
+
+static int pkey_sm2_encrypt(EVP_PKEY_CTX *ctx,
+                            unsigned char *out, size_t *outlen,
+                            const unsigned char *in, size_t inlen)
+{
+    EC_KEY *ec = ctx->pkey->pkey.ec;
+    SM2_PKEY_CTX *dctx = ctx->data;
+    const EVP_MD *md = (dctx->md == NULL) ? EVP_sm3() : dctx->md;
+
+    if (out == NULL) {
+        if (!sm2_ciphertext_size(ec, md, inlen, outlen))
+            return -1;
+        else
+            return 1;
+    }
+
+    return sm2_encrypt(ec, md, in, inlen, out, outlen);
+}
+
+static int pkey_sm2_decrypt(EVP_PKEY_CTX *ctx,
+                            unsigned char *out, size_t *outlen,
+                            const unsigned char *in, size_t inlen)
+{
+    EC_KEY *ec = ctx->pkey->pkey.ec;
+    SM2_PKEY_CTX *dctx = ctx->data;
+    const EVP_MD *md = (dctx->md == NULL) ? EVP_sm3() : dctx->md;
+
+    if (out == NULL) {
+        if (!sm2_plaintext_size(ec, md, inlen, outlen))
+            return -1;
+        else
+            return 1;
+    }
+
+    return sm2_decrypt(ec, md, in, inlen, out, outlen);
+}
+
+static int pkey_sm2_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    SM2_PKEY_CTX *smctx = ctx->data;
+    EC_GROUP *group;
+    uint8_t *tmp_id;
+
+    switch (type) {
+    case EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID:
+        group = EC_GROUP_new_by_curve_name(p1);
+        if (group == NULL) {
+            SM2err(SM2_F_PKEY_SM2_CTRL, SM2_R_INVALID_CURVE);
+            return 0;
+        }
+        EC_GROUP_free(smctx->gen_group);
+        smctx->gen_group = group;
+        return 1;
+
+    case EVP_PKEY_CTRL_EC_PARAM_ENC:
+        if (smctx->gen_group == NULL) {
+            SM2err(SM2_F_PKEY_SM2_CTRL, SM2_R_NO_PARAMETERS_SET);
+            return 0;
+        }
+        EC_GROUP_set_asn1_flag(smctx->gen_group, p1);
+        return 1;
+
+    case EVP_PKEY_CTRL_MD:
+        smctx->md = p2;
+        return 1;
+
+    case EVP_PKEY_CTRL_GET_MD:
+        *(const EVP_MD **)p2 = smctx->md;
+        return 1;
+
+    case EVP_PKEY_CTRL_SET1_ID:
+        if (p1 > 0) {
+            tmp_id = OPENSSL_malloc(p1);
+            if (tmp_id == NULL) {
+                SM2err(SM2_F_PKEY_SM2_CTRL, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+            memcpy(tmp_id, p2, p1);
+            OPENSSL_free(smctx->id);
+            smctx->id = tmp_id;
+        } else {
+            /* set null-ID */
+            OPENSSL_free(smctx->id);
+            smctx->id = NULL;
+        }
+        smctx->id_len = (size_t)p1;
+        smctx->id_set = 1;
+        return 1;
+
+    case EVP_PKEY_CTRL_GET1_ID:
+        memcpy(p2, smctx->id, smctx->id_len);
+        return 1;
+
+    case EVP_PKEY_CTRL_GET1_ID_LEN:
+        *(size_t *)p2 = smctx->id_len;
+        return 1;
+
+    default:
+        return -2;
+    }
+}
+
+static int pkey_sm2_ctrl_str(EVP_PKEY_CTX *ctx,
+                             const char *type, const char *value)
+{
+    if (strcmp(type, "ec_paramgen_curve") == 0) {
+        int nid = NID_undef;
+
+        if (((nid = EC_curve_nist2nid(value)) == NID_undef)
+            && ((nid = OBJ_sn2nid(value)) == NID_undef)
+            && ((nid = OBJ_ln2nid(value)) == NID_undef)) {
+            SM2err(SM2_F_PKEY_SM2_CTRL_STR, SM2_R_INVALID_CURVE);
+            return 0;
+        }
+        return EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid);
+    } else if (strcmp(type, "ec_param_enc") == 0) {
+        int param_enc;
+
+        if (strcmp(value, "explicit") == 0)
+            param_enc = 0;
+        else if (strcmp(value, "named_curve") == 0)
+            param_enc = OPENSSL_EC_NAMED_CURVE;
+        else
+            return -2;
+        return EVP_PKEY_CTX_set_ec_param_enc(ctx, param_enc);
+    }
+
+    return -2;
+}
+
+static int pkey_sm2_digest_custom(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
+{
+    uint8_t z[EVP_MAX_MD_SIZE];
+    SM2_PKEY_CTX *smctx = ctx->data;
+    EC_KEY *ec = ctx->pkey->pkey.ec;
+    const EVP_MD *md = EVP_MD_CTX_md(mctx);
+    int mdlen = EVP_MD_size(md);
+
+    if (!smctx->id_set) {
+        /*
+         * An ID value must be set. The specifications are not clear whether a
+         * NULL is allowed. We only allow it if set explicitly for maximum
+         * flexibility.
+         */
+        SM2err(SM2_F_PKEY_SM2_DIGEST_CUSTOM, SM2_R_ID_NOT_SET);
+        return 0;
+    }
+
+    if (mdlen < 0) {
+        SM2err(SM2_F_PKEY_SM2_DIGEST_CUSTOM, SM2_R_INVALID_DIGEST);
+        return 0;
+    }
+
+    /* get hashed prefix 'z' of tbs message */
+    if (!sm2_compute_z_digest(z, md, smctx->id, smctx->id_len, ec))
+        return 0;
+
+    return EVP_DigestUpdate(mctx, z, (size_t)mdlen);
+}
+
+const EVP_PKEY_METHOD sm2_pkey_meth = {
+    EVP_PKEY_SM2,
+    0,
+    pkey_sm2_init,
+    pkey_sm2_copy,
+    pkey_sm2_cleanup,
+
+    0,
+    0,
+
+    0,
+    0,
+
+    0,
+    pkey_sm2_sign,
+
+    0,
+    pkey_sm2_verify,
+
+    0, 0,
+
+    0, 0, 0, 0,
+
+    0,
+    pkey_sm2_encrypt,
+
+    0,
+    pkey_sm2_decrypt,
+
+    0,
+    0,
+    pkey_sm2_ctrl,
+    pkey_sm2_ctrl_str,
+
+    0, 0,
+
+    0, 0, 0,
+
+    pkey_sm2_digest_custom
+};
diff --git a/freebsd/crypto/openssl/crypto/sm2/sm2_sign.c b/freebsd/crypto/openssl/crypto/sm2/sm2_sign.c
new file mode 100644
index 00000000..10db5bc1
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/sm2/sm2_sign.c
@@ -0,0 +1,480 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ * Ported from Ribose contributions from Botan.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/sm2.h"
+#include "internal/sm2err.h"
+#include "internal/ec_int.h" /* ec_group_do_inverse_ord() */
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <string.h>
+
+int sm2_compute_z_digest(uint8_t *out,
+                         const EVP_MD *digest,
+                         const uint8_t *id,
+                         const size_t id_len,
+                         const EC_KEY *key)
+{
+    int rc = 0;
+    const EC_GROUP *group = EC_KEY_get0_group(key);
+    BN_CTX *ctx = NULL;
+    EVP_MD_CTX *hash = NULL;
+    BIGNUM *p = NULL;
+    BIGNUM *a = NULL;
+    BIGNUM *b = NULL;
+    BIGNUM *xG = NULL;
+    BIGNUM *yG = NULL;
+    BIGNUM *xA = NULL;
+    BIGNUM *yA = NULL;
+    int p_bytes = 0;
+    uint8_t *buf = NULL;
+    uint16_t entl = 0;
+    uint8_t e_byte = 0;
+
+    hash = EVP_MD_CTX_new();
+    ctx = BN_CTX_new();
+    if (hash == NULL || ctx == NULL) {
+        SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    p = BN_CTX_get(ctx);
+    a = BN_CTX_get(ctx);
+    b = BN_CTX_get(ctx);
+    xG = BN_CTX_get(ctx);
+    yG = BN_CTX_get(ctx);
+    xA = BN_CTX_get(ctx);
+    yA = BN_CTX_get(ctx);
+
+    if (yA == NULL) {
+        SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    if (!EVP_DigestInit(hash, digest)) {
+        SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_EVP_LIB);
+        goto done;
+    }
+
+    /* Z = h(ENTL || ID || a || b || xG || yG || xA || yA) */
+
+    if (id_len >= (UINT16_MAX / 8)) {
+        /* too large */
+        SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, SM2_R_ID_TOO_LARGE);
+        goto done;
+    }
+
+    entl = (uint16_t)(8 * id_len);
+
+    e_byte = entl >> 8;
+    if (!EVP_DigestUpdate(hash, &e_byte, 1)) {
+        SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_EVP_LIB);
+        goto done;
+    }
+    e_byte = entl & 0xFF;
+    if (!EVP_DigestUpdate(hash, &e_byte, 1)) {
+        SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_EVP_LIB);
+        goto done;
+    }
+
+    if (id_len > 0 && !EVP_DigestUpdate(hash, id, id_len)) {
+        SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_EVP_LIB);
+        goto done;
+    }
+
+    if (!EC_GROUP_get_curve(group, p, a, b, ctx)) {
+        SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_EC_LIB);
+        goto done;
+    }
+
+    p_bytes = BN_num_bytes(p);
+    buf = OPENSSL_zalloc(p_bytes);
+    if (buf == NULL) {
+        SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    if (BN_bn2binpad(a, buf, p_bytes) < 0
+            || !EVP_DigestUpdate(hash, buf, p_bytes)
+            || BN_bn2binpad(b, buf, p_bytes) < 0
+            || !EVP_DigestUpdate(hash, buf, p_bytes)
+            || !EC_POINT_get_affine_coordinates(group,
+                                                EC_GROUP_get0_generator(group),
+                                                xG, yG, ctx)
+            || BN_bn2binpad(xG, buf, p_bytes) < 0
+            || !EVP_DigestUpdate(hash, buf, p_bytes)
+            || BN_bn2binpad(yG, buf, p_bytes) < 0
+            || !EVP_DigestUpdate(hash, buf, p_bytes)
+            || !EC_POINT_get_affine_coordinates(group,
+                                                EC_KEY_get0_public_key(key),
+                                                xA, yA, ctx)
+            || BN_bn2binpad(xA, buf, p_bytes) < 0
+            || !EVP_DigestUpdate(hash, buf, p_bytes)
+            || BN_bn2binpad(yA, buf, p_bytes) < 0
+            || !EVP_DigestUpdate(hash, buf, p_bytes)
+            || !EVP_DigestFinal(hash, out, NULL)) {
+        SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_INTERNAL_ERROR);
+        goto done;
+    }
+
+    rc = 1;
+
+ done:
+    OPENSSL_free(buf);
+    BN_CTX_free(ctx);
+    EVP_MD_CTX_free(hash);
+    return rc;
+}
+
+static BIGNUM *sm2_compute_msg_hash(const EVP_MD *digest,
+                                    const EC_KEY *key,
+                                    const uint8_t *id,
+                                    const size_t id_len,
+                                    const uint8_t *msg, size_t msg_len)
+{
+    EVP_MD_CTX *hash = EVP_MD_CTX_new();
+    const int md_size = EVP_MD_size(digest);
+    uint8_t *z = NULL;
+    BIGNUM *e = NULL;
+
+    if (md_size < 0) {
+        SM2err(SM2_F_SM2_COMPUTE_MSG_HASH, SM2_R_INVALID_DIGEST);
+        goto done;
+    }
+
+    z = OPENSSL_zalloc(md_size);
+    if (hash == NULL || z == NULL) {
+        SM2err(SM2_F_SM2_COMPUTE_MSG_HASH, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    if (!sm2_compute_z_digest(z, digest, id, id_len, key)) {
+        /* SM2err already called */
+        goto done;
+    }
+
+    if (!EVP_DigestInit(hash, digest)
+            || !EVP_DigestUpdate(hash, z, md_size)
+            || !EVP_DigestUpdate(hash, msg, msg_len)
+               /* reuse z buffer to hold H(Z || M) */
+            || !EVP_DigestFinal(hash, z, NULL)) {
+        SM2err(SM2_F_SM2_COMPUTE_MSG_HASH, ERR_R_EVP_LIB);
+        goto done;
+    }
+
+    e = BN_bin2bn(z, md_size, NULL);
+    if (e == NULL)
+        SM2err(SM2_F_SM2_COMPUTE_MSG_HASH, ERR_R_INTERNAL_ERROR);
+
+ done:
+    OPENSSL_free(z);
+    EVP_MD_CTX_free(hash);
+    return e;
+}
+
+static ECDSA_SIG *sm2_sig_gen(const EC_KEY *key, const BIGNUM *e)
+{
+    const BIGNUM *dA = EC_KEY_get0_private_key(key);
+    const EC_GROUP *group = EC_KEY_get0_group(key);
+    const BIGNUM *order = EC_GROUP_get0_order(group);
+    ECDSA_SIG *sig = NULL;
+    EC_POINT *kG = NULL;
+    BN_CTX *ctx = NULL;
+    BIGNUM *k = NULL;
+    BIGNUM *rk = NULL;
+    BIGNUM *r = NULL;
+    BIGNUM *s = NULL;
+    BIGNUM *x1 = NULL;
+    BIGNUM *tmp = NULL;
+
+    kG = EC_POINT_new(group);
+    ctx = BN_CTX_new();
+    if (kG == NULL || ctx == NULL) {
+        SM2err(SM2_F_SM2_SIG_GEN, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    BN_CTX_start(ctx);
+    k = BN_CTX_get(ctx);
+    rk = BN_CTX_get(ctx);
+    x1 = BN_CTX_get(ctx);
+    tmp = BN_CTX_get(ctx);
+    if (tmp == NULL) {
+        SM2err(SM2_F_SM2_SIG_GEN, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    /*
+     * These values are returned and so should not be allocated out of the
+     * context
+     */
+    r = BN_new();
+    s = BN_new();
+
+    if (r == NULL || s == NULL) {
+        SM2err(SM2_F_SM2_SIG_GEN, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    for (;;) {
+        if (!BN_priv_rand_range(k, order)) {
+            SM2err(SM2_F_SM2_SIG_GEN, ERR_R_INTERNAL_ERROR);
+            goto done;
+        }
+
+        if (!EC_POINT_mul(group, kG, k, NULL, NULL, ctx)
+                || !EC_POINT_get_affine_coordinates(group, kG, x1, NULL,
+                                                    ctx)
+                || !BN_mod_add(r, e, x1, order, ctx)) {
+            SM2err(SM2_F_SM2_SIG_GEN, ERR_R_INTERNAL_ERROR);
+            goto done;
+        }
+
+        /* try again if r == 0 or r+k == n */
+        if (BN_is_zero(r))
+            continue;
+
+        if (!BN_add(rk, r, k)) {
+            SM2err(SM2_F_SM2_SIG_GEN, ERR_R_INTERNAL_ERROR);
+            goto done;
+        }
+
+        if (BN_cmp(rk, order) == 0)
+            continue;
+
+        if (!BN_add(s, dA, BN_value_one())
+                || !ec_group_do_inverse_ord(group, s, s, ctx)
+                || !BN_mod_mul(tmp, dA, r, order, ctx)
+                || !BN_sub(tmp, k, tmp)
+                || !BN_mod_mul(s, s, tmp, order, ctx)) {
+            SM2err(SM2_F_SM2_SIG_GEN, ERR_R_BN_LIB);
+            goto done;
+        }
+
+        sig = ECDSA_SIG_new();
+        if (sig == NULL) {
+            SM2err(SM2_F_SM2_SIG_GEN, ERR_R_MALLOC_FAILURE);
+            goto done;
+        }
+
+         /* takes ownership of r and s */
+        ECDSA_SIG_set0(sig, r, s);
+        break;
+    }
+
+ done:
+    if (sig == NULL) {
+        BN_free(r);
+        BN_free(s);
+    }
+
+    BN_CTX_free(ctx);
+    EC_POINT_free(kG);
+    return sig;
+}
+
+static int sm2_sig_verify(const EC_KEY *key, const ECDSA_SIG *sig,
+                          const BIGNUM *e)
+{
+    int ret = 0;
+    const EC_GROUP *group = EC_KEY_get0_group(key);
+    const BIGNUM *order = EC_GROUP_get0_order(group);
+    BN_CTX *ctx = NULL;
+    EC_POINT *pt = NULL;
+    BIGNUM *t = NULL;
+    BIGNUM *x1 = NULL;
+    const BIGNUM *r = NULL;
+    const BIGNUM *s = NULL;
+
+    ctx = BN_CTX_new();
+    pt = EC_POINT_new(group);
+    if (ctx == NULL || pt == NULL) {
+        SM2err(SM2_F_SM2_SIG_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    BN_CTX_start(ctx);
+    t = BN_CTX_get(ctx);
+    x1 = BN_CTX_get(ctx);
+    if (x1 == NULL) {
+        SM2err(SM2_F_SM2_SIG_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    /*
+     * B1: verify whether r' in [1,n-1], verification failed if not
+     * B2: vefify whether s' in [1,n-1], verification failed if not
+     * B3: set M'~=ZA || M'
+     * B4: calculate e'=Hv(M'~)
+     * B5: calculate t = (r' + s') modn, verification failed if t=0
+     * B6: calculate the point (x1', y1')=[s']G + [t]PA
+     * B7: calculate R=(e'+x1') modn, verfication pass if yes, otherwise failed
+     */
+
+    ECDSA_SIG_get0(sig, &r, &s);
+
+    if (BN_cmp(r, BN_value_one()) < 0
+            || BN_cmp(s, BN_value_one()) < 0
+            || BN_cmp(order, r) <= 0
+            || BN_cmp(order, s) <= 0) {
+        SM2err(SM2_F_SM2_SIG_VERIFY, SM2_R_BAD_SIGNATURE);
+        goto done;
+    }
+
+    if (!BN_mod_add(t, r, s, order, ctx)) {
+        SM2err(SM2_F_SM2_SIG_VERIFY, ERR_R_BN_LIB);
+        goto done;
+    }
+
+    if (BN_is_zero(t)) {
+        SM2err(SM2_F_SM2_SIG_VERIFY, SM2_R_BAD_SIGNATURE);
+        goto done;
+    }
+
+    if (!EC_POINT_mul(group, pt, s, EC_KEY_get0_public_key(key), t, ctx)
+            || !EC_POINT_get_affine_coordinates(group, pt, x1, NULL, ctx)) {
+        SM2err(SM2_F_SM2_SIG_VERIFY, ERR_R_EC_LIB);
+        goto done;
+    }
+
+    if (!BN_mod_add(t, e, x1, order, ctx)) {
+        SM2err(SM2_F_SM2_SIG_VERIFY, ERR_R_BN_LIB);
+        goto done;
+    }
+
+    if (BN_cmp(r, t) == 0)
+        ret = 1;
+
+ done:
+    EC_POINT_free(pt);
+    BN_CTX_free(ctx);
+    return ret;
+}
+
+ECDSA_SIG *sm2_do_sign(const EC_KEY *key,
+                       const EVP_MD *digest,
+                       const uint8_t *id,
+                       const size_t id_len,
+                       const uint8_t *msg, size_t msg_len)
+{
+    BIGNUM *e = NULL;
+    ECDSA_SIG *sig = NULL;
+
+    e = sm2_compute_msg_hash(digest, key, id, id_len, msg, msg_len);
+    if (e == NULL) {
+        /* SM2err already called */
+        goto done;
+    }
+
+    sig = sm2_sig_gen(key, e);
+
+ done:
+    BN_free(e);
+    return sig;
+}
+
+int sm2_do_verify(const EC_KEY *key,
+                  const EVP_MD *digest,
+                  const ECDSA_SIG *sig,
+                  const uint8_t *id,
+                  const size_t id_len,
+                  const uint8_t *msg, size_t msg_len)
+{
+    BIGNUM *e = NULL;
+    int ret = 0;
+
+    e = sm2_compute_msg_hash(digest, key, id, id_len, msg, msg_len);
+    if (e == NULL) {
+        /* SM2err already called */
+        goto done;
+    }
+
+    ret = sm2_sig_verify(key, sig, e);
+
+ done:
+    BN_free(e);
+    return ret;
+}
+
+int sm2_sign(const unsigned char *dgst, int dgstlen,
+             unsigned char *sig, unsigned int *siglen, EC_KEY *eckey)
+{
+    BIGNUM *e = NULL;
+    ECDSA_SIG *s = NULL;
+    int sigleni;
+    int ret = -1;
+
+    e = BN_bin2bn(dgst, dgstlen, NULL);
+    if (e == NULL) {
+       SM2err(SM2_F_SM2_SIGN, ERR_R_BN_LIB);
+       goto done;
+    }
+
+    s = sm2_sig_gen(eckey, e);
+
+    sigleni = i2d_ECDSA_SIG(s, &sig);
+    if (sigleni < 0) {
+       SM2err(SM2_F_SM2_SIGN, ERR_R_INTERNAL_ERROR);
+       goto done;
+    }
+    *siglen = (unsigned int)sigleni;
+
+    ret = 1;
+
+ done:
+    ECDSA_SIG_free(s);
+    BN_free(e);
+    return ret;
+}
+
+int sm2_verify(const unsigned char *dgst, int dgstlen,
+               const unsigned char *sig, int sig_len, EC_KEY *eckey)
+{
+    ECDSA_SIG *s = NULL;
+    BIGNUM *e = NULL;
+    const unsigned char *p = sig;
+    unsigned char *der = NULL;
+    int derlen = -1;
+    int ret = -1;
+
+    s = ECDSA_SIG_new();
+    if (s == NULL) {
+        SM2err(SM2_F_SM2_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+    if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL) {
+        SM2err(SM2_F_SM2_VERIFY, SM2_R_INVALID_ENCODING);
+        goto done;
+    }
+    /* Ensure signature uses DER and doesn't have trailing garbage */
+    derlen = i2d_ECDSA_SIG(s, &der);
+    if (derlen != sig_len || memcmp(sig, der, derlen) != 0) {
+        SM2err(SM2_F_SM2_VERIFY, SM2_R_INVALID_ENCODING);
+        goto done;
+    }
+
+    e = BN_bin2bn(dgst, dgstlen, NULL);
+    if (e == NULL) {
+        SM2err(SM2_F_SM2_VERIFY, ERR_R_BN_LIB);
+        goto done;
+    }
+
+    ret = sm2_sig_verify(eckey, s, e);
+
+ done:
+    OPENSSL_free(der);
+    BN_free(e);
+    ECDSA_SIG_free(s);
+    return ret;
+}
diff --git a/freebsd/crypto/openssl/crypto/sm3/m_sm3.c b/freebsd/crypto/openssl/crypto/sm3/m_sm3.c
new file mode 100644
index 00000000..1a4a15d5
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/sm3/m_sm3.c
@@ -0,0 +1,54 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_SM3
+# include <openssl/evp.h>
+# include "internal/evp_int.h"
+# include "internal/sm3.h"
+
+static int init(EVP_MD_CTX *ctx)
+{
+    return sm3_init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return sm3_update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return sm3_final(md, EVP_MD_CTX_md_data(ctx));
+}
+
+static const EVP_MD sm3_md = {
+    NID_sm3,
+    NID_sm3WithRSAEncryption,
+    SM3_DIGEST_LENGTH,
+    0,
+    init,
+    update,
+    final,
+    NULL,
+    NULL,
+    SM3_CBLOCK,
+    sizeof(EVP_MD *) + sizeof(SM3_CTX),
+};
+
+const EVP_MD *EVP_sm3(void)
+{
+    return &sm3_md;
+}
+
+#endif
diff --git a/freebsd/crypto/openssl/crypto/sm3/sm3.c b/freebsd/crypto/openssl/crypto/sm3/sm3.c
new file mode 100644
index 00000000..3a8f7d0d
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/sm3/sm3.c
@@ -0,0 +1,198 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ * Ported from Ribose contributions from Botan.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/e_os2.h>
+#include "sm3_locl.h"
+
+int sm3_init(SM3_CTX *c)
+{
+    memset(c, 0, sizeof(*c));
+    c->A = SM3_A;
+    c->B = SM3_B;
+    c->C = SM3_C;
+    c->D = SM3_D;
+    c->E = SM3_E;
+    c->F = SM3_F;
+    c->G = SM3_G;
+    c->H = SM3_H;
+    return 1;
+}
+
+void sm3_block_data_order(SM3_CTX *ctx, const void *p, size_t num)
+{
+    const unsigned char *data = p;
+    register unsigned MD32_REG_T A, B, C, D, E, F, G, H;
+
+    unsigned MD32_REG_T W00, W01, W02, W03, W04, W05, W06, W07,
+        W08, W09, W10, W11, W12, W13, W14, W15;
+
+    for (; num--;) {
+
+        A = ctx->A;
+        B = ctx->B;
+        C = ctx->C;
+        D = ctx->D;
+        E = ctx->E;
+        F = ctx->F;
+        G = ctx->G;
+        H = ctx->H;
+
+        /*
+        * We have to load all message bytes immediately since SM3 reads
+        * them slightly out of order.
+        */
+        (void)HOST_c2l(data, W00);
+        (void)HOST_c2l(data, W01);
+        (void)HOST_c2l(data, W02);
+        (void)HOST_c2l(data, W03);
+        (void)HOST_c2l(data, W04);
+        (void)HOST_c2l(data, W05);
+        (void)HOST_c2l(data, W06);
+        (void)HOST_c2l(data, W07);
+        (void)HOST_c2l(data, W08);
+        (void)HOST_c2l(data, W09);
+        (void)HOST_c2l(data, W10);
+        (void)HOST_c2l(data, W11);
+        (void)HOST_c2l(data, W12);
+        (void)HOST_c2l(data, W13);
+        (void)HOST_c2l(data, W14);
+        (void)HOST_c2l(data, W15);
+
+        R1(A, B, C, D, E, F, G, H, 0x79CC4519, W00, W00 ^ W04);
+        W00 = EXPAND(W00, W07, W13, W03, W10);
+        R1(D, A, B, C, H, E, F, G, 0xF3988A32, W01, W01 ^ W05);
+        W01 = EXPAND(W01, W08, W14, W04, W11);
+        R1(C, D, A, B, G, H, E, F, 0xE7311465, W02, W02 ^ W06);
+        W02 = EXPAND(W02, W09, W15, W05, W12);
+        R1(B, C, D, A, F, G, H, E, 0xCE6228CB, W03, W03 ^ W07);
+        W03 = EXPAND(W03, W10, W00, W06, W13);
+        R1(A, B, C, D, E, F, G, H, 0x9CC45197, W04, W04 ^ W08);
+        W04 = EXPAND(W04, W11, W01, W07, W14);
+        R1(D, A, B, C, H, E, F, G, 0x3988A32F, W05, W05 ^ W09);
+        W05 = EXPAND(W05, W12, W02, W08, W15);
+        R1(C, D, A, B, G, H, E, F, 0x7311465E, W06, W06 ^ W10);
+        W06 = EXPAND(W06, W13, W03, W09, W00);
+        R1(B, C, D, A, F, G, H, E, 0xE6228CBC, W07, W07 ^ W11);
+        W07 = EXPAND(W07, W14, W04, W10, W01);
+        R1(A, B, C, D, E, F, G, H, 0xCC451979, W08, W08 ^ W12);
+        W08 = EXPAND(W08, W15, W05, W11, W02);
+        R1(D, A, B, C, H, E, F, G, 0x988A32F3, W09, W09 ^ W13);
+        W09 = EXPAND(W09, W00, W06, W12, W03);
+        R1(C, D, A, B, G, H, E, F, 0x311465E7, W10, W10 ^ W14);
+        W10 = EXPAND(W10, W01, W07, W13, W04);
+        R1(B, C, D, A, F, G, H, E, 0x6228CBCE, W11, W11 ^ W15);
+        W11 = EXPAND(W11, W02, W08, W14, W05);
+        R1(A, B, C, D, E, F, G, H, 0xC451979C, W12, W12 ^ W00);
+        W12 = EXPAND(W12, W03, W09, W15, W06);
+        R1(D, A, B, C, H, E, F, G, 0x88A32F39, W13, W13 ^ W01);
+        W13 = EXPAND(W13, W04, W10, W00, W07);
+        R1(C, D, A, B, G, H, E, F, 0x11465E73, W14, W14 ^ W02);
+        W14 = EXPAND(W14, W05, W11, W01, W08);
+        R1(B, C, D, A, F, G, H, E, 0x228CBCE6, W15, W15 ^ W03);
+        W15 = EXPAND(W15, W06, W12, W02, W09);
+        R2(A, B, C, D, E, F, G, H, 0x9D8A7A87, W00, W00 ^ W04);
+        W00 = EXPAND(W00, W07, W13, W03, W10);
+        R2(D, A, B, C, H, E, F, G, 0x3B14F50F, W01, W01 ^ W05);
+        W01 = EXPAND(W01, W08, W14, W04, W11);
+        R2(C, D, A, B, G, H, E, F, 0x7629EA1E, W02, W02 ^ W06);
+        W02 = EXPAND(W02, W09, W15, W05, W12);
+        R2(B, C, D, A, F, G, H, E, 0xEC53D43C, W03, W03 ^ W07);
+        W03 = EXPAND(W03, W10, W00, W06, W13);
+        R2(A, B, C, D, E, F, G, H, 0xD8A7A879, W04, W04 ^ W08);
+        W04 = EXPAND(W04, W11, W01, W07, W14);
+        R2(D, A, B, C, H, E, F, G, 0xB14F50F3, W05, W05 ^ W09);
+        W05 = EXPAND(W05, W12, W02, W08, W15);
+        R2(C, D, A, B, G, H, E, F, 0x629EA1E7, W06, W06 ^ W10);
+        W06 = EXPAND(W06, W13, W03, W09, W00);
+        R2(B, C, D, A, F, G, H, E, 0xC53D43CE, W07, W07 ^ W11);
+        W07 = EXPAND(W07, W14, W04, W10, W01);
+        R2(A, B, C, D, E, F, G, H, 0x8A7A879D, W08, W08 ^ W12);
+        W08 = EXPAND(W08, W15, W05, W11, W02);
+        R2(D, A, B, C, H, E, F, G, 0x14F50F3B, W09, W09 ^ W13);
+        W09 = EXPAND(W09, W00, W06, W12, W03);
+        R2(C, D, A, B, G, H, E, F, 0x29EA1E76, W10, W10 ^ W14);
+        W10 = EXPAND(W10, W01, W07, W13, W04);
+        R2(B, C, D, A, F, G, H, E, 0x53D43CEC, W11, W11 ^ W15);
+        W11 = EXPAND(W11, W02, W08, W14, W05);
+        R2(A, B, C, D, E, F, G, H, 0xA7A879D8, W12, W12 ^ W00);
+        W12 = EXPAND(W12, W03, W09, W15, W06);
+        R2(D, A, B, C, H, E, F, G, 0x4F50F3B1, W13, W13 ^ W01);
+        W13 = EXPAND(W13, W04, W10, W00, W07);
+        R2(C, D, A, B, G, H, E, F, 0x9EA1E762, W14, W14 ^ W02);
+        W14 = EXPAND(W14, W05, W11, W01, W08);
+        R2(B, C, D, A, F, G, H, E, 0x3D43CEC5, W15, W15 ^ W03);
+        W15 = EXPAND(W15, W06, W12, W02, W09);
+        R2(A, B, C, D, E, F, G, H, 0x7A879D8A, W00, W00 ^ W04);
+        W00 = EXPAND(W00, W07, W13, W03, W10);
+        R2(D, A, B, C, H, E, F, G, 0xF50F3B14, W01, W01 ^ W05);
+        W01 = EXPAND(W01, W08, W14, W04, W11);
+        R2(C, D, A, B, G, H, E, F, 0xEA1E7629, W02, W02 ^ W06);
+        W02 = EXPAND(W02, W09, W15, W05, W12);
+        R2(B, C, D, A, F, G, H, E, 0xD43CEC53, W03, W03 ^ W07);
+        W03 = EXPAND(W03, W10, W00, W06, W13);
+        R2(A, B, C, D, E, F, G, H, 0xA879D8A7, W04, W04 ^ W08);
+        W04 = EXPAND(W04, W11, W01, W07, W14);
+        R2(D, A, B, C, H, E, F, G, 0x50F3B14F, W05, W05 ^ W09);
+        W05 = EXPAND(W05, W12, W02, W08, W15);
+        R2(C, D, A, B, G, H, E, F, 0xA1E7629E, W06, W06 ^ W10);
+        W06 = EXPAND(W06, W13, W03, W09, W00);
+        R2(B, C, D, A, F, G, H, E, 0x43CEC53D, W07, W07 ^ W11);
+        W07 = EXPAND(W07, W14, W04, W10, W01);
+        R2(A, B, C, D, E, F, G, H, 0x879D8A7A, W08, W08 ^ W12);
+        W08 = EXPAND(W08, W15, W05, W11, W02);
+        R2(D, A, B, C, H, E, F, G, 0x0F3B14F5, W09, W09 ^ W13);
+        W09 = EXPAND(W09, W00, W06, W12, W03);
+        R2(C, D, A, B, G, H, E, F, 0x1E7629EA, W10, W10 ^ W14);
+        W10 = EXPAND(W10, W01, W07, W13, W04);
+        R2(B, C, D, A, F, G, H, E, 0x3CEC53D4, W11, W11 ^ W15);
+        W11 = EXPAND(W11, W02, W08, W14, W05);
+        R2(A, B, C, D, E, F, G, H, 0x79D8A7A8, W12, W12 ^ W00);
+        W12 = EXPAND(W12, W03, W09, W15, W06);
+        R2(D, A, B, C, H, E, F, G, 0xF3B14F50, W13, W13 ^ W01);
+        W13 = EXPAND(W13, W04, W10, W00, W07);
+        R2(C, D, A, B, G, H, E, F, 0xE7629EA1, W14, W14 ^ W02);
+        W14 = EXPAND(W14, W05, W11, W01, W08);
+        R2(B, C, D, A, F, G, H, E, 0xCEC53D43, W15, W15 ^ W03);
+        W15 = EXPAND(W15, W06, W12, W02, W09);
+        R2(A, B, C, D, E, F, G, H, 0x9D8A7A87, W00, W00 ^ W04);
+        W00 = EXPAND(W00, W07, W13, W03, W10);
+        R2(D, A, B, C, H, E, F, G, 0x3B14F50F, W01, W01 ^ W05);
+        W01 = EXPAND(W01, W08, W14, W04, W11);
+        R2(C, D, A, B, G, H, E, F, 0x7629EA1E, W02, W02 ^ W06);
+        W02 = EXPAND(W02, W09, W15, W05, W12);
+        R2(B, C, D, A, F, G, H, E, 0xEC53D43C, W03, W03 ^ W07);
+        W03 = EXPAND(W03, W10, W00, W06, W13);
+        R2(A, B, C, D, E, F, G, H, 0xD8A7A879, W04, W04 ^ W08);
+        R2(D, A, B, C, H, E, F, G, 0xB14F50F3, W05, W05 ^ W09);
+        R2(C, D, A, B, G, H, E, F, 0x629EA1E7, W06, W06 ^ W10);
+        R2(B, C, D, A, F, G, H, E, 0xC53D43CE, W07, W07 ^ W11);
+        R2(A, B, C, D, E, F, G, H, 0x8A7A879D, W08, W08 ^ W12);
+        R2(D, A, B, C, H, E, F, G, 0x14F50F3B, W09, W09 ^ W13);
+        R2(C, D, A, B, G, H, E, F, 0x29EA1E76, W10, W10 ^ W14);
+        R2(B, C, D, A, F, G, H, E, 0x53D43CEC, W11, W11 ^ W15);
+        R2(A, B, C, D, E, F, G, H, 0xA7A879D8, W12, W12 ^ W00);
+        R2(D, A, B, C, H, E, F, G, 0x4F50F3B1, W13, W13 ^ W01);
+        R2(C, D, A, B, G, H, E, F, 0x9EA1E762, W14, W14 ^ W02);
+        R2(B, C, D, A, F, G, H, E, 0x3D43CEC5, W15, W15 ^ W03);
+
+        ctx->A ^= A;
+        ctx->B ^= B;
+        ctx->C ^= C;
+        ctx->D ^= D;
+        ctx->E ^= E;
+        ctx->F ^= F;
+        ctx->G ^= G;
+        ctx->H ^= H;
+    }
+}
+
diff --git a/freebsd/crypto/openssl/crypto/sm3/sm3_locl.h b/freebsd/crypto/openssl/crypto/sm3/sm3_locl.h
new file mode 100644
index 00000000..efa6db57
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/sm3/sm3_locl.h
@@ -0,0 +1,79 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ * Ported from Ribose contributions from Botan.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include "internal/sm3.h"
+
+#define DATA_ORDER_IS_BIG_ENDIAN
+
+#define HASH_LONG               SM3_WORD
+#define HASH_CTX                SM3_CTX
+#define HASH_CBLOCK             SM3_CBLOCK
+#define HASH_UPDATE             sm3_update
+#define HASH_TRANSFORM          sm3_transform
+#define HASH_FINAL              sm3_final
+#define HASH_MAKE_STRING(c, s)              \
+      do {                                  \
+        unsigned long ll;                   \
+        ll=(c)->A; (void)HOST_l2c(ll, (s)); \
+        ll=(c)->B; (void)HOST_l2c(ll, (s)); \
+        ll=(c)->C; (void)HOST_l2c(ll, (s)); \
+        ll=(c)->D; (void)HOST_l2c(ll, (s)); \
+        ll=(c)->E; (void)HOST_l2c(ll, (s)); \
+        ll=(c)->F; (void)HOST_l2c(ll, (s)); \
+        ll=(c)->G; (void)HOST_l2c(ll, (s)); \
+        ll=(c)->H; (void)HOST_l2c(ll, (s)); \
+      } while (0)
+#define HASH_BLOCK_DATA_ORDER   sm3_block_data_order
+
+void sm3_transform(SM3_CTX *c, const unsigned char *data);
+
+#include "internal/md32_common.h"
+
+#define P0(X) (X ^ ROTATE(X, 9) ^ ROTATE(X, 17))
+#define P1(X) (X ^ ROTATE(X, 15) ^ ROTATE(X, 23))
+
+#define FF0(X,Y,Z) (X ^ Y ^ Z)
+#define GG0(X,Y,Z) (X ^ Y ^ Z)
+
+#define FF1(X,Y,Z) ((X & Y) | ((X | Y) & Z))
+#define GG1(X,Y,Z) ((Z ^ (X & (Y ^ Z))))
+
+#define EXPAND(W0,W7,W13,W3,W10) \
+   (P1(W0 ^ W7 ^ ROTATE(W13, 15)) ^ ROTATE(W3, 7) ^ W10)
+
+#define RND(A, B, C, D, E, F, G, H, TJ, Wi, Wj, FF, GG)           \
+     do {                                                         \
+       const SM3_WORD A12 = ROTATE(A, 12);                        \
+       const SM3_WORD A12_SM = A12 + E + TJ;                      \
+       const SM3_WORD SS1 = ROTATE(A12_SM, 7);                    \
+       const SM3_WORD TT1 = FF(A, B, C) + D + (SS1 ^ A12) + (Wj); \
+       const SM3_WORD TT2 = GG(E, F, G) + H + SS1 + Wi;           \
+       B = ROTATE(B, 9);                                          \
+       D = TT1;                                                   \
+       F = ROTATE(F, 19);                                         \
+       H = P0(TT2);                                               \
+     } while(0)
+
+#define R1(A,B,C,D,E,F,G,H,TJ,Wi,Wj) \
+   RND(A,B,C,D,E,F,G,H,TJ,Wi,Wj,FF0,GG0)
+
+#define R2(A,B,C,D,E,F,G,H,TJ,Wi,Wj) \
+   RND(A,B,C,D,E,F,G,H,TJ,Wi,Wj,FF1,GG1)
+
+#define SM3_A 0x7380166fUL
+#define SM3_B 0x4914b2b9UL
+#define SM3_C 0x172442d7UL
+#define SM3_D 0xda8a0600UL
+#define SM3_E 0xa96f30bcUL
+#define SM3_F 0x163138aaUL
+#define SM3_G 0xe38dee4dUL
+#define SM3_H 0xb0fb0e4eUL
diff --git a/freebsd/crypto/openssl/crypto/sm4/sm4.c b/freebsd/crypto/openssl/crypto/sm4/sm4.c
new file mode 100644
index 00000000..abdde40e
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/sm4/sm4.c
@@ -0,0 +1,235 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ * Ported from Ribose contributions from Botan.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/e_os2.h>
+#include "internal/sm4.h"
+
+static const uint8_t SM4_S[256] = {
+    0xD6, 0x90, 0xE9, 0xFE, 0xCC, 0xE1, 0x3D, 0xB7, 0x16, 0xB6, 0x14, 0xC2,
+    0x28, 0xFB, 0x2C, 0x05, 0x2B, 0x67, 0x9A, 0x76, 0x2A, 0xBE, 0x04, 0xC3,
+    0xAA, 0x44, 0x13, 0x26, 0x49, 0x86, 0x06, 0x99, 0x9C, 0x42, 0x50, 0xF4,
+    0x91, 0xEF, 0x98, 0x7A, 0x33, 0x54, 0x0B, 0x43, 0xED, 0xCF, 0xAC, 0x62,
+    0xE4, 0xB3, 0x1C, 0xA9, 0xC9, 0x08, 0xE8, 0x95, 0x80, 0xDF, 0x94, 0xFA,
+    0x75, 0x8F, 0x3F, 0xA6, 0x47, 0x07, 0xA7, 0xFC, 0xF3, 0x73, 0x17, 0xBA,
+    0x83, 0x59, 0x3C, 0x19, 0xE6, 0x85, 0x4F, 0xA8, 0x68, 0x6B, 0x81, 0xB2,
+    0x71, 0x64, 0xDA, 0x8B, 0xF8, 0xEB, 0x0F, 0x4B, 0x70, 0x56, 0x9D, 0x35,
+    0x1E, 0x24, 0x0E, 0x5E, 0x63, 0x58, 0xD1, 0xA2, 0x25, 0x22, 0x7C, 0x3B,
+    0x01, 0x21, 0x78, 0x87, 0xD4, 0x00, 0x46, 0x57, 0x9F, 0xD3, 0x27, 0x52,
+    0x4C, 0x36, 0x02, 0xE7, 0xA0, 0xC4, 0xC8, 0x9E, 0xEA, 0xBF, 0x8A, 0xD2,
+    0x40, 0xC7, 0x38, 0xB5, 0xA3, 0xF7, 0xF2, 0xCE, 0xF9, 0x61, 0x15, 0xA1,
+    0xE0, 0xAE, 0x5D, 0xA4, 0x9B, 0x34, 0x1A, 0x55, 0xAD, 0x93, 0x32, 0x30,
+    0xF5, 0x8C, 0xB1, 0xE3, 0x1D, 0xF6, 0xE2, 0x2E, 0x82, 0x66, 0xCA, 0x60,
+    0xC0, 0x29, 0x23, 0xAB, 0x0D, 0x53, 0x4E, 0x6F, 0xD5, 0xDB, 0x37, 0x45,
+    0xDE, 0xFD, 0x8E, 0x2F, 0x03, 0xFF, 0x6A, 0x72, 0x6D, 0x6C, 0x5B, 0x51,
+    0x8D, 0x1B, 0xAF, 0x92, 0xBB, 0xDD, 0xBC, 0x7F, 0x11, 0xD9, 0x5C, 0x41,
+    0x1F, 0x10, 0x5A, 0xD8, 0x0A, 0xC1, 0x31, 0x88, 0xA5, 0xCD, 0x7B, 0xBD,
+    0x2D, 0x74, 0xD0, 0x12, 0xB8, 0xE5, 0xB4, 0xB0, 0x89, 0x69, 0x97, 0x4A,
+    0x0C, 0x96, 0x77, 0x7E, 0x65, 0xB9, 0xF1, 0x09, 0xC5, 0x6E, 0xC6, 0x84,
+    0x18, 0xF0, 0x7D, 0xEC, 0x3A, 0xDC, 0x4D, 0x20, 0x79, 0xEE, 0x5F, 0x3E,
+    0xD7, 0xCB, 0x39, 0x48
+};
+
+/*
+ * SM4_SBOX_T[j] == L(SM4_SBOX[j]).
+ */
+static const uint32_t SM4_SBOX_T[256] = {
+    0x8ED55B5B, 0xD0924242, 0x4DEAA7A7, 0x06FDFBFB, 0xFCCF3333, 0x65E28787,
+    0xC93DF4F4, 0x6BB5DEDE, 0x4E165858, 0x6EB4DADA, 0x44145050, 0xCAC10B0B,
+    0x8828A0A0, 0x17F8EFEF, 0x9C2CB0B0, 0x11051414, 0x872BACAC, 0xFB669D9D,
+    0xF2986A6A, 0xAE77D9D9, 0x822AA8A8, 0x46BCFAFA, 0x14041010, 0xCFC00F0F,
+    0x02A8AAAA, 0x54451111, 0x5F134C4C, 0xBE269898, 0x6D482525, 0x9E841A1A,
+    0x1E061818, 0xFD9B6666, 0xEC9E7272, 0x4A430909, 0x10514141, 0x24F7D3D3,
+    0xD5934646, 0x53ECBFBF, 0xF89A6262, 0x927BE9E9, 0xFF33CCCC, 0x04555151,
+    0x270B2C2C, 0x4F420D0D, 0x59EEB7B7, 0xF3CC3F3F, 0x1CAEB2B2, 0xEA638989,
+    0x74E79393, 0x7FB1CECE, 0x6C1C7070, 0x0DABA6A6, 0xEDCA2727, 0x28082020,
+    0x48EBA3A3, 0xC1975656, 0x80820202, 0xA3DC7F7F, 0xC4965252, 0x12F9EBEB,
+    0xA174D5D5, 0xB38D3E3E, 0xC33FFCFC, 0x3EA49A9A, 0x5B461D1D, 0x1B071C1C,
+    0x3BA59E9E, 0x0CFFF3F3, 0x3FF0CFCF, 0xBF72CDCD, 0x4B175C5C, 0x52B8EAEA,
+    0x8F810E0E, 0x3D586565, 0xCC3CF0F0, 0x7D196464, 0x7EE59B9B, 0x91871616,
+    0x734E3D3D, 0x08AAA2A2, 0xC869A1A1, 0xC76AADAD, 0x85830606, 0x7AB0CACA,
+    0xB570C5C5, 0xF4659191, 0xB2D96B6B, 0xA7892E2E, 0x18FBE3E3, 0x47E8AFAF,
+    0x330F3C3C, 0x674A2D2D, 0xB071C1C1, 0x0E575959, 0xE99F7676, 0xE135D4D4,
+    0x661E7878, 0xB4249090, 0x360E3838, 0x265F7979, 0xEF628D8D, 0x38596161,
+    0x95D24747, 0x2AA08A8A, 0xB1259494, 0xAA228888, 0x8C7DF1F1, 0xD73BECEC,
+    0x05010404, 0xA5218484, 0x9879E1E1, 0x9B851E1E, 0x84D75353, 0x00000000,
+    0x5E471919, 0x0B565D5D, 0xE39D7E7E, 0x9FD04F4F, 0xBB279C9C, 0x1A534949,
+    0x7C4D3131, 0xEE36D8D8, 0x0A020808, 0x7BE49F9F, 0x20A28282, 0xD4C71313,
+    0xE8CB2323, 0xE69C7A7A, 0x42E9ABAB, 0x43BDFEFE, 0xA2882A2A, 0x9AD14B4B,
+    0x40410101, 0xDBC41F1F, 0xD838E0E0, 0x61B7D6D6, 0x2FA18E8E, 0x2BF4DFDF,
+    0x3AF1CBCB, 0xF6CD3B3B, 0x1DFAE7E7, 0xE5608585, 0x41155454, 0x25A38686,
+    0x60E38383, 0x16ACBABA, 0x295C7575, 0x34A69292, 0xF7996E6E, 0xE434D0D0,
+    0x721A6868, 0x01545555, 0x19AFB6B6, 0xDF914E4E, 0xFA32C8C8, 0xF030C0C0,
+    0x21F6D7D7, 0xBC8E3232, 0x75B3C6C6, 0x6FE08F8F, 0x691D7474, 0x2EF5DBDB,
+    0x6AE18B8B, 0x962EB8B8, 0x8A800A0A, 0xFE679999, 0xE2C92B2B, 0xE0618181,
+    0xC0C30303, 0x8D29A4A4, 0xAF238C8C, 0x07A9AEAE, 0x390D3434, 0x1F524D4D,
+    0x764F3939, 0xD36EBDBD, 0x81D65757, 0xB7D86F6F, 0xEB37DCDC, 0x51441515,
+    0xA6DD7B7B, 0x09FEF7F7, 0xB68C3A3A, 0x932FBCBC, 0x0F030C0C, 0x03FCFFFF,
+    0xC26BA9A9, 0xBA73C9C9, 0xD96CB5B5, 0xDC6DB1B1, 0x375A6D6D, 0x15504545,
+    0xB98F3636, 0x771B6C6C, 0x13ADBEBE, 0xDA904A4A, 0x57B9EEEE, 0xA9DE7777,
+    0x4CBEF2F2, 0x837EFDFD, 0x55114444, 0xBDDA6767, 0x2C5D7171, 0x45400505,
+    0x631F7C7C, 0x50104040, 0x325B6969, 0xB8DB6363, 0x220A2828, 0xC5C20707,
+    0xF531C4C4, 0xA88A2222, 0x31A79696, 0xF9CE3737, 0x977AEDED, 0x49BFF6F6,
+    0x992DB4B4, 0xA475D1D1, 0x90D34343, 0x5A124848, 0x58BAE2E2, 0x71E69797,
+    0x64B6D2D2, 0x70B2C2C2, 0xAD8B2626, 0xCD68A5A5, 0xCB955E5E, 0x624B2929,
+    0x3C0C3030, 0xCE945A5A, 0xAB76DDDD, 0x867FF9F9, 0xF1649595, 0x5DBBE6E6,
+    0x35F2C7C7, 0x2D092424, 0xD1C61717, 0xD66FB9B9, 0xDEC51B1B, 0x94861212,
+    0x78186060, 0x30F3C3C3, 0x897CF5F5, 0x5CEFB3B3, 0xD23AE8E8, 0xACDF7373,
+    0x794C3535, 0xA0208080, 0x9D78E5E5, 0x56EDBBBB, 0x235E7D7D, 0xC63EF8F8,
+    0x8BD45F5F, 0xE7C82F2F, 0xDD39E4E4, 0x68492121 };
+
+static ossl_inline uint32_t rotl(uint32_t a, uint8_t n)
+{
+    return (a << n) | (a >> (32 - n));
+}
+
+static ossl_inline uint32_t load_u32_be(const uint8_t *b, uint32_t n)
+{
+    return ((uint32_t)b[4 * n] << 24) |
+           ((uint32_t)b[4 * n + 1] << 16) |
+           ((uint32_t)b[4 * n + 2] << 8) |
+           ((uint32_t)b[4 * n + 3]);
+}
+
+static ossl_inline void store_u32_be(uint32_t v, uint8_t *b)
+{
+    b[0] = (uint8_t)(v >> 24);
+    b[1] = (uint8_t)(v >> 16);
+    b[2] = (uint8_t)(v >> 8);
+    b[3] = (uint8_t)(v);
+}
+
+static ossl_inline uint32_t SM4_T_slow(uint32_t X)
+{
+    uint32_t t = 0;
+
+    t |= ((uint32_t)SM4_S[(uint8_t)(X >> 24)]) << 24;
+    t |= ((uint32_t)SM4_S[(uint8_t)(X >> 16)]) << 16;
+    t |= ((uint32_t)SM4_S[(uint8_t)(X >> 8)]) << 8;
+    t |= SM4_S[(uint8_t)X];
+
+    /*
+     * L linear transform
+     */
+    return t ^ rotl(t, 2) ^ rotl(t, 10) ^ rotl(t, 18) ^ rotl(t, 24);
+}
+
+static ossl_inline uint32_t SM4_T(uint32_t X)
+{
+    return SM4_SBOX_T[(uint8_t)(X >> 24)] ^
+           rotl(SM4_SBOX_T[(uint8_t)(X >> 16)], 24) ^
+           rotl(SM4_SBOX_T[(uint8_t)(X >> 8)], 16) ^
+           rotl(SM4_SBOX_T[(uint8_t)X], 8);
+}
+
+int SM4_set_key(const uint8_t *key, SM4_KEY *ks)
+{
+    /*
+     * Family Key
+     */
+    static const uint32_t FK[4] =
+        { 0xa3b1bac6, 0x56aa3350, 0x677d9197, 0xb27022dc };
+
+    /*
+     * Constant Key
+     */
+    static const uint32_t CK[32] = {
+        0x00070E15, 0x1C232A31, 0x383F464D, 0x545B6269,
+        0x70777E85, 0x8C939AA1, 0xA8AFB6BD, 0xC4CBD2D9,
+        0xE0E7EEF5, 0xFC030A11, 0x181F262D, 0x343B4249,
+        0x50575E65, 0x6C737A81, 0x888F969D, 0xA4ABB2B9,
+        0xC0C7CED5, 0xDCE3EAF1, 0xF8FF060D, 0x141B2229,
+        0x30373E45, 0x4C535A61, 0x686F767D, 0x848B9299,
+        0xA0A7AEB5, 0xBCC3CAD1, 0xD8DFE6ED, 0xF4FB0209,
+        0x10171E25, 0x2C333A41, 0x484F565D, 0x646B7279
+    };
+
+    uint32_t K[4];
+    int i;
+
+    K[0] = load_u32_be(key, 0) ^ FK[0];
+    K[1] = load_u32_be(key, 1) ^ FK[1];
+    K[2] = load_u32_be(key, 2) ^ FK[2];
+    K[3] = load_u32_be(key, 3) ^ FK[3];
+
+    for (i = 0; i != SM4_KEY_SCHEDULE; ++i) {
+        uint32_t X = K[(i + 1) % 4] ^ K[(i + 2) % 4] ^ K[(i + 3) % 4] ^ CK[i];
+        uint32_t t = 0;
+
+        t |= ((uint32_t)SM4_S[(uint8_t)(X >> 24)]) << 24;
+        t |= ((uint32_t)SM4_S[(uint8_t)(X >> 16)]) << 16;
+        t |= ((uint32_t)SM4_S[(uint8_t)(X >> 8)]) << 8;
+        t |= SM4_S[(uint8_t)X];
+
+        t = t ^ rotl(t, 13) ^ rotl(t, 23);
+        K[i % 4] ^= t;
+        ks->rk[i] = K[i % 4];
+    }
+
+    return 1;
+}
+
+#define SM4_RNDS(k0, k1, k2, k3, F)          \
+      do {                                   \
+         B0 ^= F(B1 ^ B2 ^ B3 ^ ks->rk[k0]); \
+         B1 ^= F(B0 ^ B2 ^ B3 ^ ks->rk[k1]); \
+         B2 ^= F(B0 ^ B1 ^ B3 ^ ks->rk[k2]); \
+         B3 ^= F(B0 ^ B1 ^ B2 ^ ks->rk[k3]); \
+      } while(0)
+
+void SM4_encrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks)
+{
+    uint32_t B0 = load_u32_be(in, 0);
+    uint32_t B1 = load_u32_be(in, 1);
+    uint32_t B2 = load_u32_be(in, 2);
+    uint32_t B3 = load_u32_be(in, 3);
+
+    /*
+     * Uses byte-wise sbox in the first and last rounds to provide some
+     * protection from cache based side channels.
+     */
+    SM4_RNDS( 0,  1,  2,  3, SM4_T_slow);
+    SM4_RNDS( 4,  5,  6,  7, SM4_T);
+    SM4_RNDS( 8,  9, 10, 11, SM4_T);
+    SM4_RNDS(12, 13, 14, 15, SM4_T);
+    SM4_RNDS(16, 17, 18, 19, SM4_T);
+    SM4_RNDS(20, 21, 22, 23, SM4_T);
+    SM4_RNDS(24, 25, 26, 27, SM4_T);
+    SM4_RNDS(28, 29, 30, 31, SM4_T_slow);
+
+    store_u32_be(B3, out);
+    store_u32_be(B2, out + 4);
+    store_u32_be(B1, out + 8);
+    store_u32_be(B0, out + 12);
+}
+
+void SM4_decrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks)
+{
+    uint32_t B0 = load_u32_be(in, 0);
+    uint32_t B1 = load_u32_be(in, 1);
+    uint32_t B2 = load_u32_be(in, 2);
+    uint32_t B3 = load_u32_be(in, 3);
+
+    SM4_RNDS(31, 30, 29, 28, SM4_T_slow);
+    SM4_RNDS(27, 26, 25, 24, SM4_T);
+    SM4_RNDS(23, 22, 21, 20, SM4_T);
+    SM4_RNDS(19, 18, 17, 16, SM4_T);
+    SM4_RNDS(15, 14, 13, 12, SM4_T);
+    SM4_RNDS(11, 10,  9,  8, SM4_T);
+    SM4_RNDS( 7,  6,  5,  4, SM4_T);
+    SM4_RNDS( 3,  2,  1,  0, SM4_T_slow);
+
+    store_u32_be(B3, out);
+    store_u32_be(B2, out + 4);
+    store_u32_be(B1, out + 8);
+    store_u32_be(B0, out + 12);
+}
diff --git a/freebsd/crypto/openssl/crypto/sparc_arch.h b/freebsd/crypto/openssl/crypto/sparc_arch.h
index e30d322a..99eafb33 100644
--- a/freebsd/crypto/openssl/crypto/sparc_arch.h
+++ b/freebsd/crypto/openssl/crypto/sparc_arch.h
@@ -1,3 +1,12 @@
+/*
+ * Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
 #ifndef __SPARC_ARCH_H__
 # define __SPARC_ARCH_H__
 
@@ -5,11 +14,16 @@
 # define SPARCV9_PREFER_FPU      (1<<1)
 # define SPARCV9_VIS1            (1<<2)
 # define SPARCV9_VIS2            (1<<3)/* reserved */
-# define SPARCV9_FMADD           (1<<4)/* reserved for SPARC64 V */
+# define SPARCV9_FMADD           (1<<4)
 # define SPARCV9_BLK             (1<<5)/* VIS1 block copy */
 # define SPARCV9_VIS3            (1<<6)
 # define SPARCV9_RANDOM          (1<<7)
 # define SPARCV9_64BIT_STACK     (1<<8)
+# define SPARCV9_FJAESX          (1<<9)/* Fujitsu SPARC64 X AES */
+# define SPARCV9_FJDESX          (1<<10)/* Fujitsu SPARC64 X DES, reserved */
+# define SPARCV9_FJHPCACE        (1<<11)/* Fujitsu HPC-ACE, reserved */
+# define SPARCV9_IMA             (1<<13)/* reserved */
+# define SPARCV9_VIS4            (1<<14)/* reserved */
 
 /*
  * OPENSSL_sparcv9cap_P[1] is copy of Compatibility Feature Register,
@@ -28,6 +42,9 @@
 # define CFR_MONTMUL     0x00000200/* Supports MONTMUL opcodes */
 # define CFR_MONTSQR     0x00000400/* Supports MONTSQR opcodes */
 # define CFR_CRC32C      0x00000800/* Supports CRC32C opcodes */
+# define CFR_XMPMUL      0x00001000/* Supports XMPMUL opcodes */
+# define CFR_XMONTMUL    0x00002000/* Supports XMONTMUL opcodes */
+# define CFR_XMONTSQR    0x00004000/* Supports XMONTSQR opcodes */
 
 # if defined(OPENSSL_PIC) && !defined(__PIC__)
 #  define __PIC__
diff --git a/freebsd/crypto/openssl/crypto/sparcv9cap.c b/freebsd/crypto/openssl/crypto/sparcv9cap.c
deleted file mode 100644
index 8cb6f7d6..00000000
--- a/freebsd/crypto/openssl/crypto/sparcv9cap.c
+++ /dev/null
@@ -1,395 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <setjmp.h>
-#include <signal.h>
-#include <sys/time.h>
-#include <unistd.h>
-#include <openssl/bn.h>
-
-#include "sparc_arch.h"
-
-#if defined(__GNUC__) && defined(__linux)
-__attribute__ ((visibility("hidden")))
-#endif
-unsigned int OPENSSL_sparcv9cap_P[2] = { SPARCV9_TICK_PRIVILEGED, 0 };
-
-int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
-                const BN_ULONG *np, const BN_ULONG *n0, int num)
-{
-    int bn_mul_mont_vis3(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
-                         const BN_ULONG *np, const BN_ULONG *n0, int num);
-    int bn_mul_mont_fpu(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
-                        const BN_ULONG *np, const BN_ULONG *n0, int num);
-    int bn_mul_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
-                        const BN_ULONG *np, const BN_ULONG *n0, int num);
-
-    if (!(num & 1) && num >= 6) {
-        if ((num & 15) == 0 && num <= 64 &&
-            (OPENSSL_sparcv9cap_P[1] & (CFR_MONTMUL | CFR_MONTSQR)) ==
-            (CFR_MONTMUL | CFR_MONTSQR)) {
-            typedef int (*bn_mul_mont_f) (BN_ULONG *rp, const BN_ULONG *ap,
-                                          const BN_ULONG *bp,
-                                          const BN_ULONG *np,
-                                          const BN_ULONG *n0);
-            int bn_mul_mont_t4_8(BN_ULONG *rp, const BN_ULONG *ap,
-                                 const BN_ULONG *bp, const BN_ULONG *np,
-                                 const BN_ULONG *n0);
-            int bn_mul_mont_t4_16(BN_ULONG *rp, const BN_ULONG *ap,
-                                  const BN_ULONG *bp, const BN_ULONG *np,
-                                  const BN_ULONG *n0);
-            int bn_mul_mont_t4_24(BN_ULONG *rp, const BN_ULONG *ap,
-                                  const BN_ULONG *bp, const BN_ULONG *np,
-                                  const BN_ULONG *n0);
-            int bn_mul_mont_t4_32(BN_ULONG *rp, const BN_ULONG *ap,
-                                  const BN_ULONG *bp, const BN_ULONG *np,
-                                  const BN_ULONG *n0);
-            static const bn_mul_mont_f funcs[4] = {
-                bn_mul_mont_t4_8, bn_mul_mont_t4_16,
-                bn_mul_mont_t4_24, bn_mul_mont_t4_32
-            };
-            bn_mul_mont_f worker = funcs[num / 16 - 1];
-
-            if ((*worker) (rp, ap, bp, np, n0))
-                return 1;
-            /* retry once and fall back */
-            if ((*worker) (rp, ap, bp, np, n0))
-                return 1;
-            return bn_mul_mont_vis3(rp, ap, bp, np, n0, num);
-        }
-        if ((OPENSSL_sparcv9cap_P[0] & SPARCV9_VIS3))
-            return bn_mul_mont_vis3(rp, ap, bp, np, n0, num);
-        else if (num >= 8 &&
-                 (OPENSSL_sparcv9cap_P[0] &
-                  (SPARCV9_PREFER_FPU | SPARCV9_VIS1)) ==
-                 (SPARCV9_PREFER_FPU | SPARCV9_VIS1))
-            return bn_mul_mont_fpu(rp, ap, bp, np, n0, num);
-    }
-    return bn_mul_mont_int(rp, ap, bp, np, n0, num);
-}
-
-unsigned long _sparcv9_rdtick(void);
-void _sparcv9_vis1_probe(void);
-unsigned long _sparcv9_vis1_instrument(void);
-void _sparcv9_vis2_probe(void);
-void _sparcv9_fmadd_probe(void);
-unsigned long _sparcv9_rdcfr(void);
-void _sparcv9_vis3_probe(void);
-unsigned long _sparcv9_random(void);
-size_t _sparcv9_vis1_instrument_bus(unsigned int *, size_t);
-size_t _sparcv9_vis1_instrument_bus2(unsigned int *, size_t, size_t);
-
-unsigned long OPENSSL_rdtsc(void)
-{
-    if (OPENSSL_sparcv9cap_P[0] & SPARCV9_TICK_PRIVILEGED)
-#if defined(__sun) && defined(__SVR4)
-        return gethrtime();
-#else
-        return 0;
-#endif
-    else
-        return _sparcv9_rdtick();
-}
-
-size_t OPENSSL_instrument_bus(unsigned int *out, size_t cnt)
-{
-    if ((OPENSSL_sparcv9cap_P[0] & (SPARCV9_TICK_PRIVILEGED | SPARCV9_BLK)) ==
-        SPARCV9_BLK)
-        return _sparcv9_vis1_instrument_bus(out, cnt);
-    else
-        return 0;
-}
-
-size_t OPENSSL_instrument_bus2(unsigned int *out, size_t cnt, size_t max)
-{
-    if ((OPENSSL_sparcv9cap_P[0] & (SPARCV9_TICK_PRIVILEGED | SPARCV9_BLK)) ==
-        SPARCV9_BLK)
-        return _sparcv9_vis1_instrument_bus2(out, cnt, max);
-    else
-        return 0;
-}
-
-#if 0 && defined(__sun) && defined(__SVR4)
-/*
- * This code path is disabled, because of incompatibility of libdevinfo.so.1
- * and libmalloc.so.1 (see below for details)
- */
-# include <malloc.h>
-# include <dlfcn.h>
-# include <libdevinfo.h>
-# include <sys/systeminfo.h>
-
-typedef di_node_t(*di_init_t) (const char *, uint_t);
-typedef void (*di_fini_t) (di_node_t);
-typedef char *(*di_node_name_t) (di_node_t);
-typedef int (*di_walk_node_t) (di_node_t, uint_t, di_node_name_t,
-                               int (*)(di_node_t, di_node_name_t));
-
-# define DLLINK(h,name) (name=(name##_t)dlsym((h),#name))
-
-static int walk_nodename(di_node_t node, di_node_name_t di_node_name)
-{
-    char *name = (*di_node_name) (node);
-
-    /* This is expected to catch all UltraSPARC flavors prior T1 */
-    if (!strcmp(name, "SUNW,UltraSPARC") ||
-        /* covers II,III,IV */
-        !strncmp(name, "SUNW,UltraSPARC-I", 17)) {
-        OPENSSL_sparcv9cap_P[0] |= SPARCV9_PREFER_FPU | SPARCV9_VIS1;
-
-        /* %tick is privileged only on UltraSPARC-I/II, but not IIe */
-        if (name[14] != '\0' && name[17] != '\0' && name[18] != '\0')
-            OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED;
-
-        return DI_WALK_TERMINATE;
-    }
-    /* This is expected to catch remaining UltraSPARCs, such as T1 */
-    else if (!strncmp(name, "SUNW,UltraSPARC", 15)) {
-        OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED;
-
-        return DI_WALK_TERMINATE;
-    }
-
-    return DI_WALK_CONTINUE;
-}
-
-void OPENSSL_cpuid_setup(void)
-{
-    void *h;
-    char *e, si[256];
-    static int trigger = 0;
-
-    if (trigger)
-        return;
-    trigger = 1;
-
-    if ((e = getenv("OPENSSL_sparcv9cap"))) {
-        OPENSSL_sparcv9cap_P[0] = strtoul(e, NULL, 0);
-        return;
-    }
-
-    if (sysinfo(SI_MACHINE, si, sizeof(si)) > 0) {
-        if (strcmp(si, "sun4v"))
-            /* FPU is preferred for all CPUs, but US-T1/2 */
-            OPENSSL_sparcv9cap_P[0] |= SPARCV9_PREFER_FPU;
-    }
-
-    if (sysinfo(SI_ISALIST, si, sizeof(si)) > 0) {
-        if (strstr(si, "+vis"))
-            OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS1 | SPARCV9_BLK;
-        if (strstr(si, "+vis2")) {
-            OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS2;
-            OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED;
-            return;
-        }
-    }
-# ifdef M_KEEP
-    /*
-     * Solaris libdevinfo.so.1 is effectively incomatible with
-     * libmalloc.so.1. Specifically, if application is linked with
-     * -lmalloc, it crashes upon startup with SIGSEGV in
-     * free(3LIBMALLOC) called by di_fini. Prior call to
-     * mallopt(M_KEEP,0) somehow helps... But not always...
-     */
-    if ((h = dlopen(NULL, RTLD_LAZY))) {
-        union {
-            void *p;
-            int (*f) (int, int);
-        } sym;
-        if ((sym.p = dlsym(h, "mallopt")))
-            (*sym.f) (M_KEEP, 0);
-        dlclose(h);
-    }
-# endif
-    if ((h = dlopen("libdevinfo.so.1", RTLD_LAZY)))
-        do {
-            di_init_t di_init;
-            di_fini_t di_fini;
-            di_walk_node_t di_walk_node;
-            di_node_name_t di_node_name;
-            di_node_t root_node;
-
-            if (!DLLINK(h, di_init))
-                break;
-            if (!DLLINK(h, di_fini))
-                break;
-            if (!DLLINK(h, di_walk_node))
-                break;
-            if (!DLLINK(h, di_node_name))
-                break;
-
-            if ((root_node = (*di_init) ("/", DINFOSUBTREE)) != DI_NODE_NIL) {
-                (*di_walk_node) (root_node, DI_WALK_SIBFIRST,
-                                 di_node_name, walk_nodename);
-                (*di_fini) (root_node);
-            }
-        } while (0);
-
-    if (h)
-        dlclose(h);
-}
-
-#else
-
-static sigjmp_buf common_jmp;
-static void common_handler(int sig)
-{
-    siglongjmp(common_jmp, sig);
-}
-
-#if defined(__sun) && defined(__SVR4)
-# if defined(__GNUC__) && __GNUC__>=2
-extern unsigned int getisax(unsigned int vec[], unsigned int sz) __attribute__ ((weak));
-# elif defined(__SUNPRO_C)
-#pragma weak getisax
-extern unsigned int getisax(unsigned int vec[], unsigned int sz);
-# else
-static unsigned int (*getisax) (unsigned int vec[], unsigned int sz) = NULL;
-# endif
-#endif
-
-void OPENSSL_cpuid_setup(void)
-{
-    char *e;
-    struct sigaction common_act, ill_oact, bus_oact;
-    sigset_t all_masked, oset;
-    static int trigger = 0;
-
-    if (trigger)
-        return;
-    trigger = 1;
-
-    if ((e = getenv("OPENSSL_sparcv9cap"))) {
-        OPENSSL_sparcv9cap_P[0] = strtoul(e, NULL, 0);
-        if ((e = strchr(e, ':')))
-            OPENSSL_sparcv9cap_P[1] = strtoul(e + 1, NULL, 0);
-        return;
-    }
-
-#if defined(__sun) && defined(__SVR4)
-    if (getisax != NULL) {
-        unsigned int vec[1];
-
-        if (getisax (vec,1)) {
-            if (vec[0]&0x0020) OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS1;
-            if (vec[0]&0x0040) OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS2;
-            if (vec[0]&0x0080) OPENSSL_sparcv9cap_P[0] |= SPARCV9_BLK;
-            if (vec[0]&0x0100) OPENSSL_sparcv9cap_P[0] |= SPARCV9_FMADD;
-            if (vec[0]&0x0400) OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS3;
-
-            /* reconstruct %cfr copy */
-            OPENSSL_sparcv9cap_P[1] = (vec[0]>>17)&0x3ff;
-            OPENSSL_sparcv9cap_P[1] |= (OPENSSL_sparcv9cap_P[1]&CFR_MONTMUL)<<1;
-            if (vec[0]&0x20000000) OPENSSL_sparcv9cap_P[1] |= CFR_CRC32C;
-
-            /* Some heuristics */
-            /* all known VIS2-capable CPUs have unprivileged tick counter */
-            if (OPENSSL_sparcv9cap_P[0]&SPARCV9_VIS2)
-                OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED;
-
-            OPENSSL_sparcv9cap_P[0] |= SPARCV9_PREFER_FPU;
-
-            /* detect UltraSPARC-Tx, see sparccpud.S for details... */
-            if ((OPENSSL_sparcv9cap_P[0]&SPARCV9_VIS1) &&
-                _sparcv9_vis1_instrument() >= 12)
-                OPENSSL_sparcv9cap_P[0] &= ~(SPARCV9_VIS1 | SPARCV9_PREFER_FPU);
-        }
-
-        if (sizeof(size_t) == 8)
-            OPENSSL_sparcv9cap_P[0] |= SPARCV9_64BIT_STACK;
-
-        return;
-    }
-#endif
-
-    /* Initial value, fits UltraSPARC-I&II... */
-    OPENSSL_sparcv9cap_P[0] = SPARCV9_PREFER_FPU | SPARCV9_TICK_PRIVILEGED;
-
-    sigfillset(&all_masked);
-    sigdelset(&all_masked, SIGILL);
-    sigdelset(&all_masked, SIGTRAP);
-# ifdef SIGEMT
-    sigdelset(&all_masked, SIGEMT);
-# endif
-    sigdelset(&all_masked, SIGFPE);
-    sigdelset(&all_masked, SIGBUS);
-    sigdelset(&all_masked, SIGSEGV);
-    sigprocmask(SIG_SETMASK, &all_masked, &oset);
-
-    memset(&common_act, 0, sizeof(common_act));
-    common_act.sa_handler = common_handler;
-    common_act.sa_mask = all_masked;
-
-    sigaction(SIGILL, &common_act, &ill_oact);
-    sigaction(SIGBUS, &common_act, &bus_oact); /* T1 fails 16-bit ldda [on
-                                                * Linux] */
-
-    if (sigsetjmp(common_jmp, 1) == 0) {
-        _sparcv9_rdtick();
-        OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED;
-    }
-
-    if (sigsetjmp(common_jmp, 1) == 0) {
-        _sparcv9_vis1_probe();
-        OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS1 | SPARCV9_BLK;
-        /* detect UltraSPARC-Tx, see sparccpud.S for details... */
-        if (_sparcv9_vis1_instrument() >= 12)
-            OPENSSL_sparcv9cap_P[0] &= ~(SPARCV9_VIS1 | SPARCV9_PREFER_FPU);
-        else {
-            _sparcv9_vis2_probe();
-            OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS2;
-        }
-    }
-
-    if (sigsetjmp(common_jmp, 1) == 0) {
-        _sparcv9_fmadd_probe();
-        OPENSSL_sparcv9cap_P[0] |= SPARCV9_FMADD;
-    }
-
-    /*
-     * VIS3 flag is tested independently from VIS1, unlike VIS2 that is,
-     * because VIS3 defines even integer instructions.
-     */
-    if (sigsetjmp(common_jmp, 1) == 0) {
-        _sparcv9_vis3_probe();
-        OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS3;
-    }
-# if 0                          /* was planned at some point but never
-                                 * implemented in hardware */
-    if (sigsetjmp(common_jmp, 1) == 0) {
-        (void)_sparcv9_random();
-        OPENSSL_sparcv9cap_P[0] |= SPARCV9_RANDOM;
-    }
-# endif
-
-    /*
-     * In wait for better solution _sparcv9_rdcfr is masked by
-     * VIS3 flag, because it goes to uninterruptable endless
-     * loop on UltraSPARC II running Solaris. Things might be
-     * different on Linux...
-     */
-    if ((OPENSSL_sparcv9cap_P[0] & SPARCV9_VIS3) &&
-        sigsetjmp(common_jmp, 1) == 0) {
-        OPENSSL_sparcv9cap_P[1] = (unsigned int)_sparcv9_rdcfr();
-    }
-
-    sigaction(SIGBUS, &bus_oact, NULL);
-    sigaction(SIGILL, &ill_oact, NULL);
-
-    sigprocmask(SIG_SETMASK, &oset, NULL);
-
-    if (sizeof(size_t) == 8)
-        OPENSSL_sparcv9cap_P[0] |= SPARCV9_64BIT_STACK;
-# ifdef __linux
-    else {
-        int ret = syscall(340);
-
-        if (ret >= 0 && ret & 1)
-            OPENSSL_sparcv9cap_P[0] |= SPARCV9_64BIT_STACK;
-    }
-# endif
-}
-
-#endif
diff --git a/freebsd/crypto/openssl/crypto/srp/srp.h b/freebsd/crypto/openssl/crypto/srp/srp.h
deleted file mode 100644
index 028892a1..00000000
--- a/freebsd/crypto/openssl/crypto/srp/srp.h
+++ /dev/null
@@ -1,179 +0,0 @@
-/* crypto/srp/srp.h */
-/*
- * Written by Christophe Renou (christophe.renou@edelweb.fr) with the
- * precious help of Peter Sylvester (peter.sylvester@edelweb.fr) for the
- * EdelKey project and contributed to the OpenSSL project 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#ifndef __SRP_H__
-# define __SRP_H__
-
-# ifndef OPENSSL_NO_SRP
-
-#  include <stdio.h>
-#  include <string.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#  include <openssl/safestack.h>
-#  include <openssl/bn.h>
-#  include <openssl/crypto.h>
-
-typedef struct SRP_gN_cache_st {
-    char *b64_bn;
-    BIGNUM *bn;
-} SRP_gN_cache;
-
-
-DECLARE_STACK_OF(SRP_gN_cache)
-
-typedef struct SRP_user_pwd_st {
-    /* Owned by us. */
-    char *id;
-    BIGNUM *s;
-    BIGNUM *v;
-    /* Not owned by us. */
-    const BIGNUM *g;
-    const BIGNUM *N;
-    /* Owned by us. */
-    char *info;
-} SRP_user_pwd;
-
-DECLARE_STACK_OF(SRP_user_pwd)
-
-void SRP_user_pwd_free(SRP_user_pwd *user_pwd);
-
-typedef struct SRP_VBASE_st {
-    STACK_OF(SRP_user_pwd) *users_pwd;
-    STACK_OF(SRP_gN_cache) *gN_cache;
-/* to simulate a user */
-    char *seed_key;
-    BIGNUM *default_g;
-    BIGNUM *default_N;
-} SRP_VBASE;
-
-/*
- * Structure interne pour retenir les couples N et g
- */
-typedef struct SRP_gN_st {
-    char *id;
-    BIGNUM *g;
-    BIGNUM *N;
-} SRP_gN;
-
-DECLARE_STACK_OF(SRP_gN)
-
-SRP_VBASE *SRP_VBASE_new(char *seed_key);
-int SRP_VBASE_free(SRP_VBASE *vb);
-int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file);
-
-/* This method ignores the configured seed and fails for an unknown user. */
-SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username);
-/* NOTE: unlike in SRP_VBASE_get_by_user, caller owns the returned pointer.*/
-SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username);
-
-char *SRP_create_verifier(const char *user, const char *pass, char **salt,
-                          char **verifier, const char *N, const char *g);
-int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
-                           BIGNUM **verifier, BIGNUM *N, BIGNUM *g);
-
-#  define SRP_NO_ERROR 0
-#  define SRP_ERR_VBASE_INCOMPLETE_FILE 1
-#  define SRP_ERR_VBASE_BN_LIB 2
-#  define SRP_ERR_OPEN_FILE 3
-#  define SRP_ERR_MEMORY 4
-
-#  define DB_srptype      0
-#  define DB_srpverifier  1
-#  define DB_srpsalt      2
-#  define DB_srpid        3
-#  define DB_srpgN        4
-#  define DB_srpinfo      5
-#  undef  DB_NUMBER
-#  define DB_NUMBER       6
-
-#  define DB_SRP_INDEX    'I'
-#  define DB_SRP_VALID    'V'
-#  define DB_SRP_REVOKED  'R'
-#  define DB_SRP_MODIF    'v'
-
-/* see srp.c */
-char *SRP_check_known_gN_param(BIGNUM *g, BIGNUM *N);
-SRP_gN *SRP_get_default_gN(const char *id);
-
-/* server side .... */
-BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b,
-                            BIGNUM *N);
-BIGNUM *SRP_Calc_B(BIGNUM *b, BIGNUM *N, BIGNUM *g, BIGNUM *v);
-int SRP_Verify_A_mod_N(BIGNUM *A, BIGNUM *N);
-BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N);
-
-/* client side .... */
-BIGNUM *SRP_Calc_x(BIGNUM *s, const char *user, const char *pass);
-BIGNUM *SRP_Calc_A(BIGNUM *a, BIGNUM *N, BIGNUM *g);
-BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x,
-                            BIGNUM *a, BIGNUM *u);
-int SRP_Verify_B_mod_N(BIGNUM *B, BIGNUM *N);
-
-#  define SRP_MINIMAL_N 1024
-
-#ifdef  __cplusplus
-}
-#endif
-
-# endif
-#endif
diff --git a/freebsd/crypto/openssl/crypto/srp/srp_lcl.h b/freebsd/crypto/openssl/crypto/srp/srp_lcl.h
deleted file mode 100644
index 9a7fce1b..00000000
--- a/freebsd/crypto/openssl/crypto/srp/srp_lcl.h
+++ /dev/null
@@ -1,84 +0,0 @@
-/* crypto/srp/srp_lcl.h */
-/*
- * Written by Peter Sylvester (peter.sylvester@edelweb.fr) for the EdelKey
- * project and contributed to the OpenSSL project 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#ifndef HEADER_SRP_LCL_H
-# define HEADER_SRP_LCL_H
-
-# include <openssl/srp.h>
-# include <openssl/sha.h>
-
-# if 0
-#  define srp_bn_print(a) {fprintf(stderr, #a "="); BN_print_fp(stderr,a); \
-   fprintf(stderr,"\n");}
-# else
-#  define   srp_bn_print(a)
-# endif
-
-
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/freebsd/crypto/openssl/crypto/srp/srp_lib.c b/freebsd/crypto/openssl/crypto/srp/srp_lib.c
index 36ec8d96..534a2888 100644
--- a/freebsd/crypto/openssl/crypto/srp/srp_lib.c
+++ b/freebsd/crypto/openssl/crypto/srp/srp_lib.c
@@ -1,159 +1,63 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/srp/srp_lib.c */
 /*
- * Written by Christophe Renou (christophe.renou@edelweb.fr) with the
- * precious help of Peter Sylvester (peter.sylvester@edelweb.fr) for the
- * EdelKey project and contributed to the OpenSSL project 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
+ * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2004, EdelKey Project. All Rights Reserved.
  *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  *
+ * Originally written by Christophe Renou and Peter Sylvester,
+ * for the EdelKey project.
  */
+
 #ifndef OPENSSL_NO_SRP
-# include "cryptlib.h"
-# include "srp_lcl.h"
+# include "internal/cryptlib.h"
+# include <openssl/sha.h>
 # include <openssl/srp.h>
 # include <openssl/evp.h>
+# include "internal/bn_srp.h"
 
-# if (BN_BYTES == 8)
-#  if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
-#   define bn_pack4(a1,a2,a3,a4) ((a1##UI64<<48)|(a2##UI64<<32)|(a3##UI64<<16)|a4##UI64)
-#  elif defined(__arch64__)
-#   define bn_pack4(a1,a2,a3,a4) ((a1##UL<<48)|(a2##UL<<32)|(a3##UL<<16)|a4##UL)
-#  else
-#   define bn_pack4(a1,a2,a3,a4) ((a1##ULL<<48)|(a2##ULL<<32)|(a3##ULL<<16)|a4##ULL)
-#  endif
-# elif (BN_BYTES == 4)
-#  define bn_pack4(a1,a2,a3,a4)  ((a3##UL<<16)|a4##UL), ((a1##UL<<16)|a2##UL)
-# else
-#  error "unsupported BN_BYTES"
-# endif
-
-# include "srp_grps.h"
-
-static BIGNUM *srp_Calc_k(BIGNUM *N, BIGNUM *g)
-{
-    /* k = SHA1(N | PAD(g)) -- tls-srp draft 8 */
+/* calculate = SHA1(PAD(x) || PAD(y)) */
 
+static BIGNUM *srp_Calc_xy(const BIGNUM *x, const BIGNUM *y, const BIGNUM *N)
+{
     unsigned char digest[SHA_DIGEST_LENGTH];
-    unsigned char *tmp;
-    EVP_MD_CTX ctxt;
-    int longg;
-    int longN = BN_num_bytes(N);
-
-    if (BN_ucmp(g, N) >= 0)
+    unsigned char *tmp = NULL;
+    int numN = BN_num_bytes(N);
+    BIGNUM *res = NULL;
+    if (x != N && BN_ucmp(x, N) >= 0)
         return NULL;
-
-    if ((tmp = OPENSSL_malloc(longN)) == NULL)
+    if (y != N && BN_ucmp(y, N) >= 0)
         return NULL;
-    BN_bn2bin(N, tmp);
-
-    EVP_MD_CTX_init(&ctxt);
-    EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
-    EVP_DigestUpdate(&ctxt, tmp, longN);
-
-    memset(tmp, 0, longN);
-    longg = BN_bn2bin(g, tmp);
-    /* use the zeros behind to pad on left */
-    EVP_DigestUpdate(&ctxt, tmp + longg, longN - longg);
-    EVP_DigestUpdate(&ctxt, tmp, longg);
+    if ((tmp = OPENSSL_malloc(numN * 2)) == NULL)
+        goto err;
+    if (BN_bn2binpad(x, tmp, numN) < 0
+        || BN_bn2binpad(y, tmp + numN, numN) < 0
+        || !EVP_Digest(tmp, numN * 2, digest, NULL, EVP_sha1(), NULL))
+        goto err;
+    res = BN_bin2bn(digest, sizeof(digest), NULL);
+ err:
     OPENSSL_free(tmp);
+    return res;
+}
 
-    EVP_DigestFinal_ex(&ctxt, digest, NULL);
-    EVP_MD_CTX_cleanup(&ctxt);
-    return BN_bin2bn(digest, sizeof(digest), NULL);
+static BIGNUM *srp_Calc_k(const BIGNUM *N, const BIGNUM *g)
+{
+    /* k = SHA1(N | PAD(g)) -- tls-srp draft 8 */
+    return srp_Calc_xy(N, g, N);
 }
 
-BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N)
+BIGNUM *SRP_Calc_u(const BIGNUM *A, const BIGNUM *B, const BIGNUM *N)
 {
     /* k = SHA1(PAD(A) || PAD(B) ) -- tls-srp draft 8 */
-
-    BIGNUM *u;
-    unsigned char cu[SHA_DIGEST_LENGTH];
-    unsigned char *cAB;
-    EVP_MD_CTX ctxt;
-    int longN;
-    if ((A == NULL) || (B == NULL) || (N == NULL))
-        return NULL;
-
-    if (BN_ucmp(A, N) >= 0 || BN_ucmp(B, N) >= 0)
-        return NULL;
-
-    longN = BN_num_bytes(N);
-
-    if ((cAB = OPENSSL_malloc(2 * longN)) == NULL)
-        return NULL;
-
-    memset(cAB, 0, longN);
-
-    EVP_MD_CTX_init(&ctxt);
-    EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
-    EVP_DigestUpdate(&ctxt, cAB + BN_bn2bin(A, cAB + longN), longN);
-    EVP_DigestUpdate(&ctxt, cAB + BN_bn2bin(B, cAB + longN), longN);
-    OPENSSL_free(cAB);
-    EVP_DigestFinal_ex(&ctxt, cu, NULL);
-    EVP_MD_CTX_cleanup(&ctxt);
-
-    if (!(u = BN_bin2bn(cu, sizeof(cu), NULL)))
-        return NULL;
-    if (!BN_is_zero(u))
-        return u;
-    BN_free(u);
-    return NULL;
+    return srp_Calc_xy(A, B, N);
 }
 
-BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b,
-                            BIGNUM *N)
+BIGNUM *SRP_Calc_server_key(const BIGNUM *A, const BIGNUM *v, const BIGNUM *u,
+                            const BIGNUM *b, const BIGNUM *N)
 {
     BIGNUM *tmp = NULL, *S = NULL;
     BN_CTX *bn_ctx;
@@ -182,7 +86,8 @@ BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b,
     return S;
 }
 
-BIGNUM *SRP_Calc_B(BIGNUM *b, BIGNUM *N, BIGNUM *g, BIGNUM *v)
+BIGNUM *SRP_Calc_B(const BIGNUM *b, const BIGNUM *N, const BIGNUM *g,
+                   const BIGNUM *v)
 {
     BIGNUM *kv = NULL, *gb = NULL;
     BIGNUM *B = NULL, *k = NULL;
@@ -198,10 +103,10 @@ BIGNUM *SRP_Calc_B(BIGNUM *b, BIGNUM *N, BIGNUM *g, BIGNUM *v)
 
     /* B = g**b + k*v */
 
-    if (!BN_mod_exp(gb, g, b, N, bn_ctx) ||
-        !(k = srp_Calc_k(N, g)) ||
-        !BN_mod_mul(kv, v, k, N, bn_ctx) ||
-        !BN_mod_add(B, gb, kv, N, bn_ctx)) {
+    if (!BN_mod_exp(gb, g, b, N, bn_ctx)
+        || (k = srp_Calc_k(N, g)) == NULL
+        || !BN_mod_mul(kv, v, k, N, bn_ctx)
+        || !BN_mod_add(B, gb, kv, N, bn_ctx)) {
         BN_free(B);
         B = NULL;
     }
@@ -213,43 +118,51 @@ BIGNUM *SRP_Calc_B(BIGNUM *b, BIGNUM *N, BIGNUM *g, BIGNUM *v)
     return B;
 }
 
-BIGNUM *SRP_Calc_x(BIGNUM *s, const char *user, const char *pass)
+BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass)
 {
     unsigned char dig[SHA_DIGEST_LENGTH];
-    EVP_MD_CTX ctxt;
-    unsigned char *cs;
+    EVP_MD_CTX *ctxt;
+    unsigned char *cs = NULL;
+    BIGNUM *res = NULL;
 
     if ((s == NULL) || (user == NULL) || (pass == NULL))
         return NULL;
 
-    if ((cs = OPENSSL_malloc(BN_num_bytes(s))) == NULL)
+    ctxt = EVP_MD_CTX_new();
+    if (ctxt == NULL)
         return NULL;
+    if ((cs = OPENSSL_malloc(BN_num_bytes(s))) == NULL)
+        goto err;
 
-    EVP_MD_CTX_init(&ctxt);
-    EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
-    EVP_DigestUpdate(&ctxt, user, strlen(user));
-    EVP_DigestUpdate(&ctxt, ":", 1);
-    EVP_DigestUpdate(&ctxt, pass, strlen(pass));
-    EVP_DigestFinal_ex(&ctxt, dig, NULL);
-
-    EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
+    if (!EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL)
+        || !EVP_DigestUpdate(ctxt, user, strlen(user))
+        || !EVP_DigestUpdate(ctxt, ":", 1)
+        || !EVP_DigestUpdate(ctxt, pass, strlen(pass))
+        || !EVP_DigestFinal_ex(ctxt, dig, NULL)
+        || !EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL))
+        goto err;
     BN_bn2bin(s, cs);
-    EVP_DigestUpdate(&ctxt, cs, BN_num_bytes(s));
-    OPENSSL_free(cs);
-    EVP_DigestUpdate(&ctxt, dig, sizeof(dig));
-    EVP_DigestFinal_ex(&ctxt, dig, NULL);
-    EVP_MD_CTX_cleanup(&ctxt);
+    if (!EVP_DigestUpdate(ctxt, cs, BN_num_bytes(s)))
+        goto err;
 
-    return BN_bin2bn(dig, sizeof(dig), NULL);
+    if (!EVP_DigestUpdate(ctxt, dig, sizeof(dig))
+        || !EVP_DigestFinal_ex(ctxt, dig, NULL))
+        goto err;
+
+    res = BN_bin2bn(dig, sizeof(dig), NULL);
+
+ err:
+    OPENSSL_free(cs);
+    EVP_MD_CTX_free(ctxt);
+    return res;
 }
 
-BIGNUM *SRP_Calc_A(BIGNUM *a, BIGNUM *N, BIGNUM *g)
+BIGNUM *SRP_Calc_A(const BIGNUM *a, const BIGNUM *N, const BIGNUM *g)
 {
     BN_CTX *bn_ctx;
     BIGNUM *A = NULL;
 
-    if (a == NULL || N == NULL || g == NULL ||
-        (bn_ctx = BN_CTX_new()) == NULL)
+    if (a == NULL || N == NULL || g == NULL || (bn_ctx = BN_CTX_new()) == NULL)
         return NULL;
 
     if ((A = BN_new()) != NULL && !BN_mod_exp(A, g, a, N, bn_ctx)) {
@@ -260,8 +173,8 @@ BIGNUM *SRP_Calc_A(BIGNUM *a, BIGNUM *N, BIGNUM *g)
     return A;
 }
 
-BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x,
-                            BIGNUM *a, BIGNUM *u)
+BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g,
+                            const BIGNUM *x, const BIGNUM *a, const BIGNUM *u)
 {
     BIGNUM *tmp = NULL, *tmp2 = NULL, *tmp3 = NULL, *k = NULL, *K = NULL;
     BN_CTX *bn_ctx;
@@ -277,13 +190,12 @@ BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x,
 
     if (!BN_mod_exp(tmp, g, x, N, bn_ctx))
         goto err;
-    if (!(k = srp_Calc_k(N, g)))
+    if ((k = srp_Calc_k(N, g)) == NULL)
         goto err;
     if (!BN_mod_mul(tmp2, tmp, k, N, bn_ctx))
         goto err;
     if (!BN_mod_sub(tmp, B, tmp2, N, bn_ctx))
         goto err;
-
     if (!BN_mul(tmp3, u, x, bn_ctx))
         goto err;
     if (!BN_add(tmp2, a, tmp3))
@@ -303,7 +215,7 @@ BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x,
     return K;
 }
 
-int SRP_Verify_B_mod_N(BIGNUM *B, BIGNUM *N)
+int SRP_Verify_B_mod_N(const BIGNUM *B, const BIGNUM *N)
 {
     BIGNUM *r;
     BN_CTX *bn_ctx;
@@ -324,25 +236,34 @@ int SRP_Verify_B_mod_N(BIGNUM *B, BIGNUM *N)
     return ret;
 }
 
-int SRP_Verify_A_mod_N(BIGNUM *A, BIGNUM *N)
+int SRP_Verify_A_mod_N(const BIGNUM *A, const BIGNUM *N)
 {
     /* Checks if A % N == 0 */
     return SRP_Verify_B_mod_N(A, N);
 }
 
+static SRP_gN knowngN[] = {
+    {"8192", &bn_generator_19, &bn_group_8192},
+    {"6144", &bn_generator_5, &bn_group_6144},
+    {"4096", &bn_generator_5, &bn_group_4096},
+    {"3072", &bn_generator_5, &bn_group_3072},
+    {"2048", &bn_generator_2, &bn_group_2048},
+    {"1536", &bn_generator_2, &bn_group_1536},
+    {"1024", &bn_generator_2, &bn_group_1024},
+};
+
+# define KNOWN_GN_NUMBER sizeof(knowngN) / sizeof(SRP_gN)
+
 /*
- * Check if G and N are kwown parameters. The values have been generated
+ * Check if G and N are known parameters. The values have been generated
  * from the ietf-tls-srp draft version 8
  */
-char *SRP_check_known_gN_param(BIGNUM *g, BIGNUM *N)
+char *SRP_check_known_gN_param(const BIGNUM *g, const BIGNUM *N)
 {
     size_t i;
     if ((g == NULL) || (N == NULL))
         return 0;
 
-    srp_bn_print(g);
-    srp_bn_print(N);
-
     for (i = 0; i < KNOWN_GN_NUMBER; i++) {
         if (BN_cmp(knowngN[i].g, g) == 0 && BN_cmp(knowngN[i].N, N) == 0)
             return knowngN[i].id;
diff --git a/freebsd/crypto/openssl/crypto/srp/srp_vfy.c b/freebsd/crypto/openssl/crypto/srp/srp_vfy.c
index 77ad2b6d..d2f124a7 100644
--- a/freebsd/crypto/openssl/crypto/srp/srp_vfy.c
+++ b/freebsd/crypto/openssl/crypto/srp/srp_vfy.c
@@ -1,196 +1,178 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/srp/srp_vfy.c */
 /*
- * Written by Christophe Renou (christophe.renou@edelweb.fr) with the
- * precious help of Peter Sylvester (peter.sylvester@edelweb.fr) for the
- * EdelKey project and contributed to the OpenSSL project 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2004, EdelKey Project. All Rights Reserved.
  *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  *
+ * Originally written by Christophe Renou and Peter Sylvester,
+ * for the EdelKey project.
  */
+
 #ifndef OPENSSL_NO_SRP
-# include "cryptlib.h"
-# include "srp_lcl.h"
+# include "internal/cryptlib.h"
+# include "internal/evp_int.h"
+# include <openssl/sha.h>
 # include <openssl/srp.h>
 # include <openssl/evp.h>
 # include <openssl/buffer.h>
 # include <openssl/rand.h>
 # include <openssl/txt_db.h>
+# include <openssl/err.h>
 
 # define SRP_RANDOM_SALT_LEN 20
 # define MAX_LEN 2500
 
-static char b64table[] =
-    "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./";
-
 /*
- * the following two conversion routines have been inspired by code from
- * Stanford
+ * Note that SRP uses its own variant of base 64 encoding. A different base64
+ * alphabet is used and no padding '=' characters are added. Instead we pad to
+ * the front with 0 bytes and subsequently strip off leading encoded padding.
+ * This variant is used for compatibility with other SRP implementations -
+ * notably libsrp, but also others. It is also required for backwards
+ * compatibility in order to load verifier files from other OpenSSL versions.
  */
 
 /*
  * Convert a base64 string into raw byte array representation.
+ * Returns the length of the decoded data, or -1 on error.
  */
 static int t_fromb64(unsigned char *a, size_t alen, const char *src)
 {
-    char *loc;
-    int i, j;
-    int size;
+    EVP_ENCODE_CTX *ctx;
+    int outl = 0, outl2 = 0;
+    size_t size, padsize;
+    const unsigned char *pad = (const unsigned char *)"00";
 
-    if (alen == 0 || alen > INT_MAX)
-        return -1;
-
-    while (*src && (*src == ' ' || *src == '\t' || *src == '\n'))
+    while (*src == ' ' || *src == '\t' || *src == '\n')
         ++src;
     size = strlen(src);
-    if (size < 0 || size >= (int)alen)
+    padsize = 4 - (size & 3);
+    padsize &= 3;
+
+    /* Four bytes in src become three bytes output. */
+    if (size > INT_MAX || ((size + padsize) / 4) * 3 > alen)
+        return -1;
+
+    ctx = EVP_ENCODE_CTX_new();
+    if (ctx == NULL)
         return -1;
 
-    i = 0;
-    while (i < size) {
-        loc = strchr(b64table, src[i]);
-        if (loc == (char *)0)
-            break;
-        else
-            a[i] = loc - b64table;
-        ++i;
+    /*
+     * This should never occur because 1 byte of data always requires 2 bytes of
+     * encoding, i.e.
+     *  0 bytes unencoded = 0 bytes encoded
+     *  1 byte unencoded  = 2 bytes encoded
+     *  2 bytes unencoded = 3 bytes encoded
+     *  3 bytes unencoded = 4 bytes encoded
+     *  4 bytes unencoded = 6 bytes encoded
+     *  etc
+     */
+    if (padsize == 3) {
+        outl = -1;
+        goto err;
     }
-    /* if nothing valid to process we have a zero length response */
-    if (i == 0)
-        return 0;
-    size = i;
-    i = size - 1;
-    j = size;
-    while (1) {
-        a[j] = a[i];
-        if (--i < 0)
-            break;
-        a[j] |= (a[i] & 3) << 6;
-        --j;
-        a[j] = (unsigned char)((a[i] & 0x3c) >> 2);
-        if (--i < 0)
-            break;
-        a[j] |= (a[i] & 0xf) << 4;
-        --j;
-        a[j] = (unsigned char)((a[i] & 0x30) >> 4);
-        if (--i < 0)
-            break;
-        a[j] |= (a[i] << 2);
-
-        a[--j] = 0;
-        if (--i < 0)
-            break;
+
+    /* Valid padsize values are now 0, 1 or 2 */
+
+    EVP_DecodeInit(ctx);
+    evp_encode_ctx_set_flags(ctx, EVP_ENCODE_CTX_USE_SRP_ALPHABET);
+
+    /* Add any encoded padding that is required */
+    if (padsize != 0
+            && EVP_DecodeUpdate(ctx, a, &outl, pad, padsize) < 0) {
+        outl = -1;
+        goto err;
+    }
+    if (EVP_DecodeUpdate(ctx, a, &outl2, (const unsigned char *)src, size) < 0) {
+        outl = -1;
+        goto err;
+    }
+    outl += outl2;
+    EVP_DecodeFinal(ctx, a + outl, &outl2);
+    outl += outl2;
+
+    /* Strip off the leading padding */
+    if (padsize != 0) {
+        if ((int)padsize >= outl) {
+            outl = -1;
+            goto err;
+        }
+
+        /*
+         * If we added 1 byte of padding prior to encoding then we have 2 bytes
+         * of "real" data which gets spread across 4 encoded bytes like this:
+         *   (6 bits pad)(2 bits pad | 4 bits data)(6 bits data)(6 bits data)
+         * So 1 byte of pre-encoding padding results in 1 full byte of encoded
+         * padding.
+         * If we added 2 bytes of padding prior to encoding this gets encoded
+         * as:
+         *   (6 bits pad)(6 bits pad)(4 bits pad | 2 bits data)(6 bits data)
+         * So 2 bytes of pre-encoding padding results in 2 full bytes of encoded
+         * padding, i.e. we have to strip the same number of bytes of padding
+         * from the encoded data as we added to the pre-encoded data.
+         */
+        memmove(a, a + padsize, outl - padsize);
+        outl -= padsize;
     }
-    while (j <= size && a[j] == 0)
-        ++j;
-    i = 0;
-    while (j <= size)
-        a[i++] = a[j++];
-    return i;
+
+ err:
+    EVP_ENCODE_CTX_free(ctx);
+
+    return outl;
 }
 
 /*
  * Convert a raw byte string into a null-terminated base64 ASCII string.
+ * Returns 1 on success or 0 on error.
  */
-static char *t_tob64(char *dst, const unsigned char *src, int size)
+static int t_tob64(char *dst, const unsigned char *src, int size)
 {
-    int c, pos = size % 3;
-    unsigned char b0 = 0, b1 = 0, b2 = 0, notleading = 0;
-    char *olddst = dst;
-
-    switch (pos) {
-    case 1:
-        b2 = src[0];
-        break;
-    case 2:
-        b1 = src[0];
-        b2 = src[1];
-        break;
+    EVP_ENCODE_CTX *ctx = EVP_ENCODE_CTX_new();
+    int outl = 0, outl2 = 0;
+    unsigned char pad[2] = {0, 0};
+    size_t leadz = 0;
+
+    if (ctx == NULL)
+        return 0;
+
+    EVP_EncodeInit(ctx);
+    evp_encode_ctx_set_flags(ctx, EVP_ENCODE_CTX_NO_NEWLINES
+                                  | EVP_ENCODE_CTX_USE_SRP_ALPHABET);
+
+    /*
+     * We pad at the front with zero bytes until the length is a multiple of 3
+     * so that EVP_EncodeUpdate/EVP_EncodeFinal does not add any of its own "="
+     * padding
+     */
+    leadz = 3 - (size % 3);
+    if (leadz != 3
+            && !EVP_EncodeUpdate(ctx, (unsigned char *)dst, &outl, pad,
+                                 leadz)) {
+        EVP_ENCODE_CTX_free(ctx);
+        return 0;
     }
 
-    while (1) {
-        c = (b0 & 0xfc) >> 2;
-        if (notleading || c != 0) {
-            *dst++ = b64table[c];
-            notleading = 1;
-        }
-        c = ((b0 & 3) << 4) | ((b1 & 0xf0) >> 4);
-        if (notleading || c != 0) {
-            *dst++ = b64table[c];
-            notleading = 1;
-        }
-        c = ((b1 & 0xf) << 2) | ((b2 & 0xc0) >> 6);
-        if (notleading || c != 0) {
-            *dst++ = b64table[c];
-            notleading = 1;
-        }
-        c = b2 & 0x3f;
-        if (notleading || c != 0) {
-            *dst++ = b64table[c];
-            notleading = 1;
-        }
-        if (pos >= size)
-            break;
-        else {
-            b0 = src[pos++];
-            b1 = src[pos++];
-            b2 = src[pos++];
-        }
+    if (!EVP_EncodeUpdate(ctx, (unsigned char *)dst + outl, &outl2, src,
+                          size)) {
+        EVP_ENCODE_CTX_free(ctx);
+        return 0;
+    }
+    outl += outl2;
+    EVP_EncodeFinal(ctx, (unsigned char *)dst + outl, &outl2);
+    outl += outl2;
+
+    /* Strip the encoded padding at the front */
+    if (leadz != 3) {
+        memmove(dst, dst + leadz, outl - leadz);
+        dst[outl - leadz] = '\0';
     }
 
-    *dst++ = '\0';
-    return olddst;
+    EVP_ENCODE_CTX_free(ctx);
+    return 1;
 }
 
 void SRP_user_pwd_free(SRP_user_pwd *user_pwd)
@@ -204,11 +186,14 @@ void SRP_user_pwd_free(SRP_user_pwd *user_pwd)
     OPENSSL_free(user_pwd);
 }
 
-static SRP_user_pwd *SRP_user_pwd_new()
+static SRP_user_pwd *SRP_user_pwd_new(void)
 {
-    SRP_user_pwd *ret = OPENSSL_malloc(sizeof(SRP_user_pwd));
-    if (ret == NULL)
+    SRP_user_pwd *ret;
+    
+    if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) {
+        /* SRPerr(SRP_F_SRP_USER_PWD_NEW, ERR_R_MALLOC_FAILURE); */ /*ckerr_ignore*/
         return NULL;
+    }
     ret->N = NULL;
     ret->g = NULL;
     ret->s = NULL;
@@ -228,9 +213,9 @@ static void SRP_user_pwd_set_gN(SRP_user_pwd *vinfo, const BIGNUM *g,
 static int SRP_user_pwd_set_ids(SRP_user_pwd *vinfo, const char *id,
                                 const char *info)
 {
-    if (id != NULL && NULL == (vinfo->id = BUF_strdup(id)))
+    if (id != NULL && NULL == (vinfo->id = OPENSSL_strdup(id)))
         return 0;
-    return (info == NULL || NULL != (vinfo->info = BUF_strdup(info)));
+    return (info == NULL || NULL != (vinfo->info = OPENSSL_strdup(info)));
 }
 
 static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s,
@@ -287,19 +272,19 @@ static SRP_user_pwd *srp_user_pwd_dup(SRP_user_pwd *src)
 
 SRP_VBASE *SRP_VBASE_new(char *seed_key)
 {
-    SRP_VBASE *vb = (SRP_VBASE *)OPENSSL_malloc(sizeof(SRP_VBASE));
+    SRP_VBASE *vb = OPENSSL_malloc(sizeof(*vb));
 
     if (vb == NULL)
         return NULL;
-    if (!(vb->users_pwd = sk_SRP_user_pwd_new_null()) ||
-        !(vb->gN_cache = sk_SRP_gN_cache_new_null())) {
+    if ((vb->users_pwd = sk_SRP_user_pwd_new_null()) == NULL
+        || (vb->gN_cache = sk_SRP_gN_cache_new_null()) == NULL) {
         OPENSSL_free(vb);
         return NULL;
     }
     vb->default_g = NULL;
     vb->default_N = NULL;
     vb->seed_key = NULL;
-    if ((seed_key != NULL) && (vb->seed_key = BUF_strdup(seed_key)) == NULL) {
+    if ((seed_key != NULL) && (vb->seed_key = OPENSSL_strdup(seed_key)) == NULL) {
         sk_SRP_user_pwd_free(vb->users_pwd);
         sk_SRP_gN_cache_free(vb->gN_cache);
         OPENSSL_free(vb);
@@ -308,22 +293,22 @@ SRP_VBASE *SRP_VBASE_new(char *seed_key)
     return vb;
 }
 
-int SRP_VBASE_free(SRP_VBASE *vb)
+void SRP_VBASE_free(SRP_VBASE *vb)
 {
+    if (!vb)
+        return;
     sk_SRP_user_pwd_pop_free(vb->users_pwd, SRP_user_pwd_free);
     sk_SRP_gN_cache_free(vb->gN_cache);
     OPENSSL_free(vb->seed_key);
     OPENSSL_free(vb);
-    return 0;
 }
 
 static SRP_gN_cache *SRP_gN_new_init(const char *ch)
 {
     unsigned char tmp[MAX_LEN];
     int len;
+    SRP_gN_cache *newgN = OPENSSL_malloc(sizeof(*newgN));
 
-    SRP_gN_cache *newgN =
-        (SRP_gN_cache *)OPENSSL_malloc(sizeof(SRP_gN_cache));
     if (newgN == NULL)
         return NULL;
 
@@ -331,7 +316,7 @@ static SRP_gN_cache *SRP_gN_new_init(const char *ch)
     if (len < 0)
         goto err;
 
-    if ((newgN->b64_bn = BUF_strdup(ch)) == NULL)
+    if ((newgN->b64_bn = OPENSSL_strdup(ch)) == NULL)
         goto err;
 
     if ((newgN->bn = BN_bin2bn(tmp, len, NULL)))
@@ -432,13 +417,14 @@ int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file)
              * we add this couple in the internal Stack
              */
 
-            if ((gN = (SRP_gN *) OPENSSL_malloc(sizeof(SRP_gN))) == NULL)
+            if ((gN = OPENSSL_malloc(sizeof(*gN))) == NULL)
                 goto err;
 
-            if (!(gN->id = BUF_strdup(pp[DB_srpid]))
-                || !(gN->N =
-                     SRP_gN_place_bn(vb->gN_cache, pp[DB_srpverifier]))
-                || !(gN->g = SRP_gN_place_bn(vb->gN_cache, pp[DB_srpsalt]))
+            if ((gN->id = OPENSSL_strdup(pp[DB_srpid])) == NULL
+                || (gN->N = SRP_gN_place_bn(vb->gN_cache, pp[DB_srpverifier]))
+                        == NULL
+                || (gN->g = SRP_gN_place_bn(vb->gN_cache, pp[DB_srpsalt]))
+                        == NULL
                 || sk_SRP_gN_insert(SRP_gN_tab, gN, 0) == 0)
                 goto err;
 
@@ -449,7 +435,8 @@ int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file)
             }
         } else if (pp[DB_srptype][0] == DB_SRP_VALID) {
             /* it is a user .... */
-            SRP_gN *lgN;
+            const SRP_gN *lgN;
+
             if ((lgN = SRP_get_gN_by_id(pp[DB_srpgN], SRP_gN_tab)) != NULL) {
                 error_code = SRP_ERR_MEMORY;
                 if ((user_pwd = SRP_user_pwd_new()) == NULL)
@@ -467,7 +454,7 @@ int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file)
 
                 if (sk_SRP_user_pwd_insert(vb->users_pwd, user_pwd, 0) == 0)
                     goto err;
-                user_pwd = NULL; /* abandon responsability */
+                user_pwd = NULL; /* abandon responsibility */
             }
         }
     }
@@ -498,10 +485,8 @@ int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file)
 
     SRP_user_pwd_free(user_pwd);
 
-    if (tmpdb)
-        TXT_DB_free(tmpdb);
-    if (in)
-        BIO_free_all(in);
+    TXT_DB_free(tmpdb);
+    BIO_free_all(in);
 
     sk_SRP_gN_free(SRP_gN_tab);
 
@@ -526,7 +511,9 @@ static SRP_user_pwd *find_user(SRP_VBASE *vb, char *username)
     return NULL;
 }
 
+# if OPENSSL_API_COMPAT < 0x10100000L
 /*
+ * DEPRECATED: use SRP_VBASE_get1_by_user instead.
  * This method ignores the configured seed and fails for an unknown user.
  * Ownership of the returned pointer is not released to the caller.
  * In other words, caller must not free the result.
@@ -535,6 +522,7 @@ SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username)
 {
     return find_user(vb, username);
 }
+# endif
 
 /*
  * Ownership of the returned pointer is released to the caller.
@@ -545,7 +533,7 @@ SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username)
     SRP_user_pwd *user;
     unsigned char digv[SHA_DIGEST_LENGTH];
     unsigned char digs[SHA_DIGEST_LENGTH];
-    EVP_MD_CTX ctxt;
+    EVP_MD_CTX *ctxt = NULL;
 
     if (vb == NULL)
         return NULL;
@@ -567,20 +555,25 @@ SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username)
     if (!SRP_user_pwd_set_ids(user, username, NULL))
         goto err;
 
-    if (RAND_bytes(digv, SHA_DIGEST_LENGTH) <= 0)
+    if (RAND_priv_bytes(digv, SHA_DIGEST_LENGTH) <= 0)
+        goto err;
+    ctxt = EVP_MD_CTX_new();
+    if (ctxt == NULL
+        || !EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL)
+        || !EVP_DigestUpdate(ctxt, vb->seed_key, strlen(vb->seed_key))
+        || !EVP_DigestUpdate(ctxt, username, strlen(username))
+        || !EVP_DigestFinal_ex(ctxt, digs, NULL))
         goto err;
-    EVP_MD_CTX_init(&ctxt);
-    EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
-    EVP_DigestUpdate(&ctxt, vb->seed_key, strlen(vb->seed_key));
-    EVP_DigestUpdate(&ctxt, username, strlen(username));
-    EVP_DigestFinal_ex(&ctxt, digs, NULL);
-    EVP_MD_CTX_cleanup(&ctxt);
-    if (SRP_user_pwd_set_sv_BN
-        (user, BN_bin2bn(digs, SHA_DIGEST_LENGTH, NULL),
-         BN_bin2bn(digv, SHA_DIGEST_LENGTH, NULL)))
+    EVP_MD_CTX_free(ctxt);
+    ctxt = NULL;
+    if (SRP_user_pwd_set_sv_BN(user,
+                               BN_bin2bn(digs, SHA_DIGEST_LENGTH, NULL),
+                               BN_bin2bn(digv, SHA_DIGEST_LENGTH, NULL)))
         return user;
 
- err:SRP_user_pwd_free(user);
+ err:
+    EVP_MD_CTX_free(ctxt);
+    SRP_user_pwd_free(user);
     return NULL;
 }
 
@@ -592,7 +585,8 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
 {
     int len;
     char *result = NULL, *vf = NULL;
-    BIGNUM *N_bn = NULL, *g_bn = NULL, *s = NULL, *v = NULL;
+    const BIGNUM *N_bn = NULL, *g_bn = NULL;
+    BIGNUM *N_bn_alloc = NULL, *g_bn_alloc = NULL, *s = NULL, *v = NULL;
     unsigned char tmp[MAX_LEN];
     unsigned char tmp2[MAX_LEN];
     char *defgNid = NULL;
@@ -603,12 +597,14 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
         goto err;
 
     if (N) {
-        if (!(len = t_fromb64(tmp, sizeof(tmp), N)))
+        if ((len = t_fromb64(tmp, sizeof(tmp), N)) <= 0)
             goto err;
-        N_bn = BN_bin2bn(tmp, len, NULL);
-        if (!(len = t_fromb64(tmp, sizeof(tmp), g)))
+        N_bn_alloc = BN_bin2bn(tmp, len, NULL);
+        N_bn = N_bn_alloc;
+        if ((len = t_fromb64(tmp, sizeof(tmp) ,g)) <= 0)
             goto err;
-        g_bn = BN_bin2bn(tmp, len, NULL);
+        g_bn_alloc = BN_bin2bn(tmp, len, NULL);
+        g_bn = g_bn_alloc;
         defgNid = "*";
     } else {
         SRP_gN *gN = SRP_get_gN_by_id(g, NULL);
@@ -625,7 +621,7 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
 
         s = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL);
     } else {
-        if (!(len = t_fromb64(tmp2, sizeof(tmp2), *salt)))
+        if ((len = t_fromb64(tmp2, sizeof(tmp2), *salt)) <= 0)
             goto err;
         s = BN_bin2bn(tmp2, len, NULL);
     }
@@ -654,13 +650,9 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
     result = defgNid;
 
  err:
-    if (N) {
-        BN_free(N_bn);
-        BN_free(g_bn);
-    }
-    if (vf != NULL)
-        OPENSSL_cleanse(vf, vfsize);
-    OPENSSL_free(vf);
+    BN_free(N_bn_alloc);
+    BN_free(g_bn_alloc);
+    OPENSSL_clear_free(vf, vfsize);
     BN_clear_free(s);
     BN_clear_free(v);
     return result;
@@ -676,7 +668,8 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
  * BIGNUMS.
  */
 int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
-                           BIGNUM **verifier, BIGNUM *N, BIGNUM *g)
+                           BIGNUM **verifier, const BIGNUM *N,
+                           const BIGNUM *g)
 {
     int result = 0;
     BIGNUM *x = NULL;
@@ -690,9 +683,6 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
         (verifier == NULL) || (N == NULL) || (g == NULL) || (bn_ctx == NULL))
         goto err;
 
-    srp_bn_print(N);
-    srp_bn_print(g);
-
     if (*salt == NULL) {
         if (RAND_bytes(tmp2, SRP_RANDOM_SALT_LEN) <= 0)
             goto err;
@@ -713,13 +703,11 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
         goto err;
     }
 
-    srp_bn_print(*verifier);
-
     result = 1;
     *salt = salttmp;
 
  err:
-    if (*salt != salttmp)
+    if (salt != NULL && *salt != salttmp)
         BN_clear_free(salttmp);
     BN_clear_free(x);
     BN_CTX_free(bn_ctx);
diff --git a/freebsd/crypto/openssl/crypto/srp/srptest.c b/freebsd/crypto/openssl/crypto/srp/srptest.c
deleted file mode 100644
index 8ed9c5cd..00000000
--- a/freebsd/crypto/openssl/crypto/srp/srptest.c
+++ /dev/null
@@ -1,157 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-#include <openssl/opensslconf.h>
-#ifdef OPENSSL_NO_SRP
-
-# include <stdio.h>
-
-int main(int argc, char *argv[])
-{
-    printf("No SRP support\n");
-    return (0);
-}
-
-#else
-
-# include <openssl/srp.h>
-# include <openssl/rand.h>
-# include <openssl/err.h>
-
-static void showbn(const char *name, const BIGNUM *bn)
-{
-    fputs(name, stdout);
-    fputs(" = ", stdout);
-    BN_print_fp(stdout, bn);
-    putc('\n', stdout);
-}
-
-# define RANDOM_SIZE 32         /* use 256 bits on each side */
-
-static int run_srp(const char *username, const char *client_pass,
-                   const char *server_pass)
-{
-    int ret = -1;
-    BIGNUM *s = NULL;
-    BIGNUM *v = NULL;
-    BIGNUM *a = NULL;
-    BIGNUM *b = NULL;
-    BIGNUM *u = NULL;
-    BIGNUM *x = NULL;
-    BIGNUM *Apub = NULL;
-    BIGNUM *Bpub = NULL;
-    BIGNUM *Kclient = NULL;
-    BIGNUM *Kserver = NULL;
-    unsigned char rand_tmp[RANDOM_SIZE];
-    /* use builtin 1024-bit params */
-    SRP_gN *GN = SRP_get_default_gN("1024");
-
-    if (GN == NULL) {
-        fprintf(stderr, "Failed to get SRP parameters\n");
-        return -1;
-    }
-    /* Set up server's password entry */
-    if (!SRP_create_verifier_BN(username, server_pass, &s, &v, GN->N, GN->g)) {
-        fprintf(stderr, "Failed to create SRP verifier\n");
-        return -1;
-    }
-
-    showbn("N", GN->N);
-    showbn("g", GN->g);
-    showbn("Salt", s);
-    showbn("Verifier", v);
-
-    /* Server random */
-    RAND_pseudo_bytes(rand_tmp, sizeof(rand_tmp));
-    b = BN_bin2bn(rand_tmp, sizeof(rand_tmp), NULL);
-    /* TODO - check b != 0 */
-    showbn("b", b);
-
-    /* Server's first message */
-    Bpub = SRP_Calc_B(b, GN->N, GN->g, v);
-    showbn("B", Bpub);
-
-    if (!SRP_Verify_B_mod_N(Bpub, GN->N)) {
-        fprintf(stderr, "Invalid B\n");
-        return -1;
-    }
-
-    /* Client random */
-    RAND_pseudo_bytes(rand_tmp, sizeof(rand_tmp));
-    a = BN_bin2bn(rand_tmp, sizeof(rand_tmp), NULL);
-    /* TODO - check a != 0 */
-    showbn("a", a);
-
-    /* Client's response */
-    Apub = SRP_Calc_A(a, GN->N, GN->g);
-    showbn("A", Apub);
-
-    if (!SRP_Verify_A_mod_N(Apub, GN->N)) {
-        fprintf(stderr, "Invalid A\n");
-        return -1;
-    }
-
-    /* Both sides calculate u */
-    u = SRP_Calc_u(Apub, Bpub, GN->N);
-
-    /* Client's key */
-    x = SRP_Calc_x(s, username, client_pass);
-    Kclient = SRP_Calc_client_key(GN->N, Bpub, GN->g, x, a, u);
-    showbn("Client's key", Kclient);
-
-    /* Server's key */
-    Kserver = SRP_Calc_server_key(Apub, v, u, b, GN->N);
-    showbn("Server's key", Kserver);
-
-    if (BN_cmp(Kclient, Kserver) == 0) {
-        ret = 0;
-    } else {
-        fprintf(stderr, "Keys mismatch\n");
-        ret = 1;
-    }
-
-    BN_clear_free(Kclient);
-    BN_clear_free(Kserver);
-    BN_clear_free(x);
-    BN_free(u);
-    BN_free(Apub);
-    BN_clear_free(a);
-    BN_free(Bpub);
-    BN_clear_free(b);
-    BN_free(s);
-    BN_clear_free(v);
-
-    return ret;
-}
-
-int main(int argc, char **argv)
-{
-    BIO *bio_err;
-    bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
-
-    CRYPTO_malloc_debug_init();
-    CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
-    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
-    ERR_load_crypto_strings();
-
-    /* "Negative" test, expect a mismatch */
-    if (run_srp("alice", "password1", "password2") == 0) {
-        fprintf(stderr, "Mismatched SRP run failed\n");
-        return 1;
-    }
-
-    /* "Positive" test, should pass */
-    if (run_srp("alice", "password", "password") != 0) {
-        fprintf(stderr, "Plain SRP run failed\n");
-        return 1;
-    }
-
-    CRYPTO_cleanup_all_ex_data();
-    ERR_remove_thread_state(NULL);
-    ERR_free_strings();
-    CRYPTO_mem_leaks(bio_err);
-    BIO_free(bio_err);
-
-    return 0;
-}
-#endif
diff --git a/freebsd/crypto/openssl/crypto/stack/safestack.h b/freebsd/crypto/openssl/crypto/stack/safestack.h
deleted file mode 100644
index 1d4f87ea..00000000
--- a/freebsd/crypto/openssl/crypto/stack/safestack.h
+++ /dev/null
@@ -1,2672 +0,0 @@
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_SAFESTACK_H
-# define HEADER_SAFESTACK_H
-
-# include <openssl/stack.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-# ifndef CHECKED_PTR_OF
-#  define CHECKED_PTR_OF(type, p) \
-    ((void*) (1 ? p : (type*)0))
-# endif
-
-/*
- * In C++ we get problems because an explicit cast is needed from (void *) we
- * use CHECKED_STACK_OF to ensure the correct type is passed in the macros
- * below.
- */
-
-# define CHECKED_STACK_OF(type, p) \
-    ((_STACK*) (1 ? p : (STACK_OF(type)*)0))
-
-# define CHECKED_SK_COPY_FUNC(type, p) \
-    ((void *(*)(void *)) ((1 ? p : (type *(*)(const type *))0)))
-
-# define CHECKED_SK_FREE_FUNC(type, p) \
-    ((void (*)(void *)) ((1 ? p : (void (*)(type *))0)))
-
-# define CHECKED_SK_CMP_FUNC(type, p) \
-    ((int (*)(const void *, const void *)) \
-        ((1 ? p : (int (*)(const type * const *, const type * const *))0)))
-
-# define STACK_OF(type) struct stack_st_##type
-# define PREDECLARE_STACK_OF(type) STACK_OF(type);
-
-# define DECLARE_STACK_OF(type) \
-STACK_OF(type) \
-    { \
-    _STACK stack; \
-    };
-# define DECLARE_SPECIAL_STACK_OF(type, type2) \
-STACK_OF(type) \
-    { \
-    _STACK stack; \
-    };
-
-/* nada (obsolete in new safestack approach)*/
-# define IMPLEMENT_STACK_OF(type)
-
-/*-
- * Strings are special: normally an lhash entry will point to a single
- * (somewhat) mutable object. In the case of strings:
- *
- * a) Instead of a single char, there is an array of chars, NUL-terminated.
- * b) The string may have be immutable.
- *
- * So, they need their own declarations. Especially important for
- * type-checking tools, such as Deputy.
- *
- * In practice, however, it appears to be hard to have a const
- * string. For now, I'm settling for dealing with the fact it is a
- * string at all.
- */
-typedef char *OPENSSL_STRING;
-
-typedef const char *OPENSSL_CSTRING;
-
-/*
- * Confusingly, LHASH_OF(STRING) deals with char ** throughout, but
- * STACK_OF(STRING) is really more like STACK_OF(char), only, as mentioned
- * above, instead of a single char each entry is a NUL-terminated array of
- * chars. So, we have to implement STRING specially for STACK_OF. This is
- * dealt with in the autogenerated macros below.
- */
-
-DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char)
-
-/*
- * Similarly, we sometimes use a block of characters, NOT nul-terminated.
- * These should also be distinguished from "normal" stacks.
- */
-typedef void *OPENSSL_BLOCK;
-DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
-
-/*
- * SKM_sk_... stack macros are internal to safestack.h: never use them
- * directly, use sk_<type>_... instead
- */
-# define SKM_sk_new(type, cmp) \
-        ((STACK_OF(type) *)sk_new(CHECKED_SK_CMP_FUNC(type, cmp)))
-# define SKM_sk_new_null(type) \
-        ((STACK_OF(type) *)sk_new_null())
-# define SKM_sk_free(type, st) \
-        sk_free(CHECKED_STACK_OF(type, st))
-# define SKM_sk_num(type, st) \
-        sk_num(CHECKED_STACK_OF(type, st))
-# define SKM_sk_value(type, st,i) \
-        ((type *)sk_value(CHECKED_STACK_OF(type, st), i))
-# define SKM_sk_set(type, st,i,val) \
-        sk_set(CHECKED_STACK_OF(type, st), i, CHECKED_PTR_OF(type, val))
-# define SKM_sk_zero(type, st) \
-        sk_zero(CHECKED_STACK_OF(type, st))
-# define SKM_sk_push(type, st, val) \
-        sk_push(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val))
-# define SKM_sk_unshift(type, st, val) \
-        sk_unshift(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val))
-# define SKM_sk_find(type, st, val) \
-        sk_find(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val))
-# define SKM_sk_find_ex(type, st, val) \
-        sk_find_ex(CHECKED_STACK_OF(type, st), \
-                   CHECKED_PTR_OF(type, val))
-# define SKM_sk_delete(type, st, i) \
-        (type *)sk_delete(CHECKED_STACK_OF(type, st), i)
-# define SKM_sk_delete_ptr(type, st, ptr) \
-        (type *)sk_delete_ptr(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, ptr))
-# define SKM_sk_insert(type, st,val, i) \
-        sk_insert(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val), i)
-# define SKM_sk_set_cmp_func(type, st, cmp) \
-        ((int (*)(const type * const *,const type * const *)) \
-        sk_set_cmp_func(CHECKED_STACK_OF(type, st), CHECKED_SK_CMP_FUNC(type, cmp)))
-# define SKM_sk_dup(type, st) \
-        (STACK_OF(type) *)sk_dup(CHECKED_STACK_OF(type, st))
-# define SKM_sk_pop_free(type, st, free_func) \
-        sk_pop_free(CHECKED_STACK_OF(type, st), CHECKED_SK_FREE_FUNC(type, free_func))
-# define SKM_sk_deep_copy(type, st, copy_func, free_func) \
-        (STACK_OF(type) *)sk_deep_copy(CHECKED_STACK_OF(type, st), CHECKED_SK_COPY_FUNC(type, copy_func), CHECKED_SK_FREE_FUNC(type, free_func))
-# define SKM_sk_shift(type, st) \
-        (type *)sk_shift(CHECKED_STACK_OF(type, st))
-# define SKM_sk_pop(type, st) \
-        (type *)sk_pop(CHECKED_STACK_OF(type, st))
-# define SKM_sk_sort(type, st) \
-        sk_sort(CHECKED_STACK_OF(type, st))
-# define SKM_sk_is_sorted(type, st) \
-        sk_is_sorted(CHECKED_STACK_OF(type, st))
-# define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-  (STACK_OF(type) *)d2i_ASN1_SET( \
-                                (STACK_OF(OPENSSL_BLOCK) **)CHECKED_PTR_OF(STACK_OF(type)*, st), \
-                                pp, length, \
-                                CHECKED_D2I_OF(type, d2i_func), \
-                                CHECKED_SK_FREE_FUNC(type, free_func), \
-                                ex_tag, ex_class)
-# define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \
-  i2d_ASN1_SET((STACK_OF(OPENSSL_BLOCK) *)CHECKED_STACK_OF(type, st), pp, \
-                                CHECKED_I2D_OF(type, i2d_func), \
-                                ex_tag, ex_class, is_set)
-# define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \
-        ASN1_seq_pack(CHECKED_PTR_OF(STACK_OF(type), st), \
-                        CHECKED_I2D_OF(type, i2d_func), buf, len)
-# define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \
-        (STACK_OF(type) *)ASN1_seq_unpack(buf, len, CHECKED_D2I_OF(type, d2i_func), CHECKED_SK_FREE_FUNC(type, free_func))
-# define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \
-        (STACK_OF(type) *)PKCS12_decrypt_d2i(algor, \
-                                CHECKED_D2I_OF(type, d2i_func), \
-                                CHECKED_SK_FREE_FUNC(type, free_func), \
-                                pass, passlen, oct, seq)
-/*
- * This block of defines is updated by util/mkstack.pl, please do not touch!
- */
-# define sk_ACCESS_DESCRIPTION_new(cmp) SKM_sk_new(ACCESS_DESCRIPTION, (cmp))
-# define sk_ACCESS_DESCRIPTION_new_null() SKM_sk_new_null(ACCESS_DESCRIPTION)
-# define sk_ACCESS_DESCRIPTION_free(st) SKM_sk_free(ACCESS_DESCRIPTION, (st))
-# define sk_ACCESS_DESCRIPTION_num(st) SKM_sk_num(ACCESS_DESCRIPTION, (st))
-# define sk_ACCESS_DESCRIPTION_value(st, i) SKM_sk_value(ACCESS_DESCRIPTION, (st), (i))
-# define sk_ACCESS_DESCRIPTION_set(st, i, val) SKM_sk_set(ACCESS_DESCRIPTION, (st), (i), (val))
-# define sk_ACCESS_DESCRIPTION_zero(st) SKM_sk_zero(ACCESS_DESCRIPTION, (st))
-# define sk_ACCESS_DESCRIPTION_push(st, val) SKM_sk_push(ACCESS_DESCRIPTION, (st), (val))
-# define sk_ACCESS_DESCRIPTION_unshift(st, val) SKM_sk_unshift(ACCESS_DESCRIPTION, (st), (val))
-# define sk_ACCESS_DESCRIPTION_find(st, val) SKM_sk_find(ACCESS_DESCRIPTION, (st), (val))
-# define sk_ACCESS_DESCRIPTION_find_ex(st, val) SKM_sk_find_ex(ACCESS_DESCRIPTION, (st), (val))
-# define sk_ACCESS_DESCRIPTION_delete(st, i) SKM_sk_delete(ACCESS_DESCRIPTION, (st), (i))
-# define sk_ACCESS_DESCRIPTION_delete_ptr(st, ptr) SKM_sk_delete_ptr(ACCESS_DESCRIPTION, (st), (ptr))
-# define sk_ACCESS_DESCRIPTION_insert(st, val, i) SKM_sk_insert(ACCESS_DESCRIPTION, (st), (val), (i))
-# define sk_ACCESS_DESCRIPTION_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ACCESS_DESCRIPTION, (st), (cmp))
-# define sk_ACCESS_DESCRIPTION_dup(st) SKM_sk_dup(ACCESS_DESCRIPTION, st)
-# define sk_ACCESS_DESCRIPTION_pop_free(st, free_func) SKM_sk_pop_free(ACCESS_DESCRIPTION, (st), (free_func))
-# define sk_ACCESS_DESCRIPTION_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ACCESS_DESCRIPTION, (st), (copy_func), (free_func))
-# define sk_ACCESS_DESCRIPTION_shift(st) SKM_sk_shift(ACCESS_DESCRIPTION, (st))
-# define sk_ACCESS_DESCRIPTION_pop(st) SKM_sk_pop(ACCESS_DESCRIPTION, (st))
-# define sk_ACCESS_DESCRIPTION_sort(st) SKM_sk_sort(ACCESS_DESCRIPTION, (st))
-# define sk_ACCESS_DESCRIPTION_is_sorted(st) SKM_sk_is_sorted(ACCESS_DESCRIPTION, (st))
-# define sk_ASIdOrRange_new(cmp) SKM_sk_new(ASIdOrRange, (cmp))
-# define sk_ASIdOrRange_new_null() SKM_sk_new_null(ASIdOrRange)
-# define sk_ASIdOrRange_free(st) SKM_sk_free(ASIdOrRange, (st))
-# define sk_ASIdOrRange_num(st) SKM_sk_num(ASIdOrRange, (st))
-# define sk_ASIdOrRange_value(st, i) SKM_sk_value(ASIdOrRange, (st), (i))
-# define sk_ASIdOrRange_set(st, i, val) SKM_sk_set(ASIdOrRange, (st), (i), (val))
-# define sk_ASIdOrRange_zero(st) SKM_sk_zero(ASIdOrRange, (st))
-# define sk_ASIdOrRange_push(st, val) SKM_sk_push(ASIdOrRange, (st), (val))
-# define sk_ASIdOrRange_unshift(st, val) SKM_sk_unshift(ASIdOrRange, (st), (val))
-# define sk_ASIdOrRange_find(st, val) SKM_sk_find(ASIdOrRange, (st), (val))
-# define sk_ASIdOrRange_find_ex(st, val) SKM_sk_find_ex(ASIdOrRange, (st), (val))
-# define sk_ASIdOrRange_delete(st, i) SKM_sk_delete(ASIdOrRange, (st), (i))
-# define sk_ASIdOrRange_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASIdOrRange, (st), (ptr))
-# define sk_ASIdOrRange_insert(st, val, i) SKM_sk_insert(ASIdOrRange, (st), (val), (i))
-# define sk_ASIdOrRange_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASIdOrRange, (st), (cmp))
-# define sk_ASIdOrRange_dup(st) SKM_sk_dup(ASIdOrRange, st)
-# define sk_ASIdOrRange_pop_free(st, free_func) SKM_sk_pop_free(ASIdOrRange, (st), (free_func))
-# define sk_ASIdOrRange_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASIdOrRange, (st), (copy_func), (free_func))
-# define sk_ASIdOrRange_shift(st) SKM_sk_shift(ASIdOrRange, (st))
-# define sk_ASIdOrRange_pop(st) SKM_sk_pop(ASIdOrRange, (st))
-# define sk_ASIdOrRange_sort(st) SKM_sk_sort(ASIdOrRange, (st))
-# define sk_ASIdOrRange_is_sorted(st) SKM_sk_is_sorted(ASIdOrRange, (st))
-# define sk_ASN1_GENERALSTRING_new(cmp) SKM_sk_new(ASN1_GENERALSTRING, (cmp))
-# define sk_ASN1_GENERALSTRING_new_null() SKM_sk_new_null(ASN1_GENERALSTRING)
-# define sk_ASN1_GENERALSTRING_free(st) SKM_sk_free(ASN1_GENERALSTRING, (st))
-# define sk_ASN1_GENERALSTRING_num(st) SKM_sk_num(ASN1_GENERALSTRING, (st))
-# define sk_ASN1_GENERALSTRING_value(st, i) SKM_sk_value(ASN1_GENERALSTRING, (st), (i))
-# define sk_ASN1_GENERALSTRING_set(st, i, val) SKM_sk_set(ASN1_GENERALSTRING, (st), (i), (val))
-# define sk_ASN1_GENERALSTRING_zero(st) SKM_sk_zero(ASN1_GENERALSTRING, (st))
-# define sk_ASN1_GENERALSTRING_push(st, val) SKM_sk_push(ASN1_GENERALSTRING, (st), (val))
-# define sk_ASN1_GENERALSTRING_unshift(st, val) SKM_sk_unshift(ASN1_GENERALSTRING, (st), (val))
-# define sk_ASN1_GENERALSTRING_find(st, val) SKM_sk_find(ASN1_GENERALSTRING, (st), (val))
-# define sk_ASN1_GENERALSTRING_find_ex(st, val) SKM_sk_find_ex(ASN1_GENERALSTRING, (st), (val))
-# define sk_ASN1_GENERALSTRING_delete(st, i) SKM_sk_delete(ASN1_GENERALSTRING, (st), (i))
-# define sk_ASN1_GENERALSTRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_GENERALSTRING, (st), (ptr))
-# define sk_ASN1_GENERALSTRING_insert(st, val, i) SKM_sk_insert(ASN1_GENERALSTRING, (st), (val), (i))
-# define sk_ASN1_GENERALSTRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_GENERALSTRING, (st), (cmp))
-# define sk_ASN1_GENERALSTRING_dup(st) SKM_sk_dup(ASN1_GENERALSTRING, st)
-# define sk_ASN1_GENERALSTRING_pop_free(st, free_func) SKM_sk_pop_free(ASN1_GENERALSTRING, (st), (free_func))
-# define sk_ASN1_GENERALSTRING_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASN1_GENERALSTRING, (st), (copy_func), (free_func))
-# define sk_ASN1_GENERALSTRING_shift(st) SKM_sk_shift(ASN1_GENERALSTRING, (st))
-# define sk_ASN1_GENERALSTRING_pop(st) SKM_sk_pop(ASN1_GENERALSTRING, (st))
-# define sk_ASN1_GENERALSTRING_sort(st) SKM_sk_sort(ASN1_GENERALSTRING, (st))
-# define sk_ASN1_GENERALSTRING_is_sorted(st) SKM_sk_is_sorted(ASN1_GENERALSTRING, (st))
-# define sk_ASN1_INTEGER_new(cmp) SKM_sk_new(ASN1_INTEGER, (cmp))
-# define sk_ASN1_INTEGER_new_null() SKM_sk_new_null(ASN1_INTEGER)
-# define sk_ASN1_INTEGER_free(st) SKM_sk_free(ASN1_INTEGER, (st))
-# define sk_ASN1_INTEGER_num(st) SKM_sk_num(ASN1_INTEGER, (st))
-# define sk_ASN1_INTEGER_value(st, i) SKM_sk_value(ASN1_INTEGER, (st), (i))
-# define sk_ASN1_INTEGER_set(st, i, val) SKM_sk_set(ASN1_INTEGER, (st), (i), (val))
-# define sk_ASN1_INTEGER_zero(st) SKM_sk_zero(ASN1_INTEGER, (st))
-# define sk_ASN1_INTEGER_push(st, val) SKM_sk_push(ASN1_INTEGER, (st), (val))
-# define sk_ASN1_INTEGER_unshift(st, val) SKM_sk_unshift(ASN1_INTEGER, (st), (val))
-# define sk_ASN1_INTEGER_find(st, val) SKM_sk_find(ASN1_INTEGER, (st), (val))
-# define sk_ASN1_INTEGER_find_ex(st, val) SKM_sk_find_ex(ASN1_INTEGER, (st), (val))
-# define sk_ASN1_INTEGER_delete(st, i) SKM_sk_delete(ASN1_INTEGER, (st), (i))
-# define sk_ASN1_INTEGER_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_INTEGER, (st), (ptr))
-# define sk_ASN1_INTEGER_insert(st, val, i) SKM_sk_insert(ASN1_INTEGER, (st), (val), (i))
-# define sk_ASN1_INTEGER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_INTEGER, (st), (cmp))
-# define sk_ASN1_INTEGER_dup(st) SKM_sk_dup(ASN1_INTEGER, st)
-# define sk_ASN1_INTEGER_pop_free(st, free_func) SKM_sk_pop_free(ASN1_INTEGER, (st), (free_func))
-# define sk_ASN1_INTEGER_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASN1_INTEGER, (st), (copy_func), (free_func))
-# define sk_ASN1_INTEGER_shift(st) SKM_sk_shift(ASN1_INTEGER, (st))
-# define sk_ASN1_INTEGER_pop(st) SKM_sk_pop(ASN1_INTEGER, (st))
-# define sk_ASN1_INTEGER_sort(st) SKM_sk_sort(ASN1_INTEGER, (st))
-# define sk_ASN1_INTEGER_is_sorted(st) SKM_sk_is_sorted(ASN1_INTEGER, (st))
-# define sk_ASN1_OBJECT_new(cmp) SKM_sk_new(ASN1_OBJECT, (cmp))
-# define sk_ASN1_OBJECT_new_null() SKM_sk_new_null(ASN1_OBJECT)
-# define sk_ASN1_OBJECT_free(st) SKM_sk_free(ASN1_OBJECT, (st))
-# define sk_ASN1_OBJECT_num(st) SKM_sk_num(ASN1_OBJECT, (st))
-# define sk_ASN1_OBJECT_value(st, i) SKM_sk_value(ASN1_OBJECT, (st), (i))
-# define sk_ASN1_OBJECT_set(st, i, val) SKM_sk_set(ASN1_OBJECT, (st), (i), (val))
-# define sk_ASN1_OBJECT_zero(st) SKM_sk_zero(ASN1_OBJECT, (st))
-# define sk_ASN1_OBJECT_push(st, val) SKM_sk_push(ASN1_OBJECT, (st), (val))
-# define sk_ASN1_OBJECT_unshift(st, val) SKM_sk_unshift(ASN1_OBJECT, (st), (val))
-# define sk_ASN1_OBJECT_find(st, val) SKM_sk_find(ASN1_OBJECT, (st), (val))
-# define sk_ASN1_OBJECT_find_ex(st, val) SKM_sk_find_ex(ASN1_OBJECT, (st), (val))
-# define sk_ASN1_OBJECT_delete(st, i) SKM_sk_delete(ASN1_OBJECT, (st), (i))
-# define sk_ASN1_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_OBJECT, (st), (ptr))
-# define sk_ASN1_OBJECT_insert(st, val, i) SKM_sk_insert(ASN1_OBJECT, (st), (val), (i))
-# define sk_ASN1_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_OBJECT, (st), (cmp))
-# define sk_ASN1_OBJECT_dup(st) SKM_sk_dup(ASN1_OBJECT, st)
-# define sk_ASN1_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(ASN1_OBJECT, (st), (free_func))
-# define sk_ASN1_OBJECT_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASN1_OBJECT, (st), (copy_func), (free_func))
-# define sk_ASN1_OBJECT_shift(st) SKM_sk_shift(ASN1_OBJECT, (st))
-# define sk_ASN1_OBJECT_pop(st) SKM_sk_pop(ASN1_OBJECT, (st))
-# define sk_ASN1_OBJECT_sort(st) SKM_sk_sort(ASN1_OBJECT, (st))
-# define sk_ASN1_OBJECT_is_sorted(st) SKM_sk_is_sorted(ASN1_OBJECT, (st))
-# define sk_ASN1_STRING_TABLE_new(cmp) SKM_sk_new(ASN1_STRING_TABLE, (cmp))
-# define sk_ASN1_STRING_TABLE_new_null() SKM_sk_new_null(ASN1_STRING_TABLE)
-# define sk_ASN1_STRING_TABLE_free(st) SKM_sk_free(ASN1_STRING_TABLE, (st))
-# define sk_ASN1_STRING_TABLE_num(st) SKM_sk_num(ASN1_STRING_TABLE, (st))
-# define sk_ASN1_STRING_TABLE_value(st, i) SKM_sk_value(ASN1_STRING_TABLE, (st), (i))
-# define sk_ASN1_STRING_TABLE_set(st, i, val) SKM_sk_set(ASN1_STRING_TABLE, (st), (i), (val))
-# define sk_ASN1_STRING_TABLE_zero(st) SKM_sk_zero(ASN1_STRING_TABLE, (st))
-# define sk_ASN1_STRING_TABLE_push(st, val) SKM_sk_push(ASN1_STRING_TABLE, (st), (val))
-# define sk_ASN1_STRING_TABLE_unshift(st, val) SKM_sk_unshift(ASN1_STRING_TABLE, (st), (val))
-# define sk_ASN1_STRING_TABLE_find(st, val) SKM_sk_find(ASN1_STRING_TABLE, (st), (val))
-# define sk_ASN1_STRING_TABLE_find_ex(st, val) SKM_sk_find_ex(ASN1_STRING_TABLE, (st), (val))
-# define sk_ASN1_STRING_TABLE_delete(st, i) SKM_sk_delete(ASN1_STRING_TABLE, (st), (i))
-# define sk_ASN1_STRING_TABLE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_STRING_TABLE, (st), (ptr))
-# define sk_ASN1_STRING_TABLE_insert(st, val, i) SKM_sk_insert(ASN1_STRING_TABLE, (st), (val), (i))
-# define sk_ASN1_STRING_TABLE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_STRING_TABLE, (st), (cmp))
-# define sk_ASN1_STRING_TABLE_dup(st) SKM_sk_dup(ASN1_STRING_TABLE, st)
-# define sk_ASN1_STRING_TABLE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_STRING_TABLE, (st), (free_func))
-# define sk_ASN1_STRING_TABLE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASN1_STRING_TABLE, (st), (copy_func), (free_func))
-# define sk_ASN1_STRING_TABLE_shift(st) SKM_sk_shift(ASN1_STRING_TABLE, (st))
-# define sk_ASN1_STRING_TABLE_pop(st) SKM_sk_pop(ASN1_STRING_TABLE, (st))
-# define sk_ASN1_STRING_TABLE_sort(st) SKM_sk_sort(ASN1_STRING_TABLE, (st))
-# define sk_ASN1_STRING_TABLE_is_sorted(st) SKM_sk_is_sorted(ASN1_STRING_TABLE, (st))
-# define sk_ASN1_TYPE_new(cmp) SKM_sk_new(ASN1_TYPE, (cmp))
-# define sk_ASN1_TYPE_new_null() SKM_sk_new_null(ASN1_TYPE)
-# define sk_ASN1_TYPE_free(st) SKM_sk_free(ASN1_TYPE, (st))
-# define sk_ASN1_TYPE_num(st) SKM_sk_num(ASN1_TYPE, (st))
-# define sk_ASN1_TYPE_value(st, i) SKM_sk_value(ASN1_TYPE, (st), (i))
-# define sk_ASN1_TYPE_set(st, i, val) SKM_sk_set(ASN1_TYPE, (st), (i), (val))
-# define sk_ASN1_TYPE_zero(st) SKM_sk_zero(ASN1_TYPE, (st))
-# define sk_ASN1_TYPE_push(st, val) SKM_sk_push(ASN1_TYPE, (st), (val))
-# define sk_ASN1_TYPE_unshift(st, val) SKM_sk_unshift(ASN1_TYPE, (st), (val))
-# define sk_ASN1_TYPE_find(st, val) SKM_sk_find(ASN1_TYPE, (st), (val))
-# define sk_ASN1_TYPE_find_ex(st, val) SKM_sk_find_ex(ASN1_TYPE, (st), (val))
-# define sk_ASN1_TYPE_delete(st, i) SKM_sk_delete(ASN1_TYPE, (st), (i))
-# define sk_ASN1_TYPE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_TYPE, (st), (ptr))
-# define sk_ASN1_TYPE_insert(st, val, i) SKM_sk_insert(ASN1_TYPE, (st), (val), (i))
-# define sk_ASN1_TYPE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_TYPE, (st), (cmp))
-# define sk_ASN1_TYPE_dup(st) SKM_sk_dup(ASN1_TYPE, st)
-# define sk_ASN1_TYPE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_TYPE, (st), (free_func))
-# define sk_ASN1_TYPE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASN1_TYPE, (st), (copy_func), (free_func))
-# define sk_ASN1_TYPE_shift(st) SKM_sk_shift(ASN1_TYPE, (st))
-# define sk_ASN1_TYPE_pop(st) SKM_sk_pop(ASN1_TYPE, (st))
-# define sk_ASN1_TYPE_sort(st) SKM_sk_sort(ASN1_TYPE, (st))
-# define sk_ASN1_TYPE_is_sorted(st) SKM_sk_is_sorted(ASN1_TYPE, (st))
-# define sk_ASN1_UTF8STRING_new(cmp) SKM_sk_new(ASN1_UTF8STRING, (cmp))
-# define sk_ASN1_UTF8STRING_new_null() SKM_sk_new_null(ASN1_UTF8STRING)
-# define sk_ASN1_UTF8STRING_free(st) SKM_sk_free(ASN1_UTF8STRING, (st))
-# define sk_ASN1_UTF8STRING_num(st) SKM_sk_num(ASN1_UTF8STRING, (st))
-# define sk_ASN1_UTF8STRING_value(st, i) SKM_sk_value(ASN1_UTF8STRING, (st), (i))
-# define sk_ASN1_UTF8STRING_set(st, i, val) SKM_sk_set(ASN1_UTF8STRING, (st), (i), (val))
-# define sk_ASN1_UTF8STRING_zero(st) SKM_sk_zero(ASN1_UTF8STRING, (st))
-# define sk_ASN1_UTF8STRING_push(st, val) SKM_sk_push(ASN1_UTF8STRING, (st), (val))
-# define sk_ASN1_UTF8STRING_unshift(st, val) SKM_sk_unshift(ASN1_UTF8STRING, (st), (val))
-# define sk_ASN1_UTF8STRING_find(st, val) SKM_sk_find(ASN1_UTF8STRING, (st), (val))
-# define sk_ASN1_UTF8STRING_find_ex(st, val) SKM_sk_find_ex(ASN1_UTF8STRING, (st), (val))
-# define sk_ASN1_UTF8STRING_delete(st, i) SKM_sk_delete(ASN1_UTF8STRING, (st), (i))
-# define sk_ASN1_UTF8STRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_UTF8STRING, (st), (ptr))
-# define sk_ASN1_UTF8STRING_insert(st, val, i) SKM_sk_insert(ASN1_UTF8STRING, (st), (val), (i))
-# define sk_ASN1_UTF8STRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_UTF8STRING, (st), (cmp))
-# define sk_ASN1_UTF8STRING_dup(st) SKM_sk_dup(ASN1_UTF8STRING, st)
-# define sk_ASN1_UTF8STRING_pop_free(st, free_func) SKM_sk_pop_free(ASN1_UTF8STRING, (st), (free_func))
-# define sk_ASN1_UTF8STRING_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASN1_UTF8STRING, (st), (copy_func), (free_func))
-# define sk_ASN1_UTF8STRING_shift(st) SKM_sk_shift(ASN1_UTF8STRING, (st))
-# define sk_ASN1_UTF8STRING_pop(st) SKM_sk_pop(ASN1_UTF8STRING, (st))
-# define sk_ASN1_UTF8STRING_sort(st) SKM_sk_sort(ASN1_UTF8STRING, (st))
-# define sk_ASN1_UTF8STRING_is_sorted(st) SKM_sk_is_sorted(ASN1_UTF8STRING, (st))
-# define sk_ASN1_VALUE_new(cmp) SKM_sk_new(ASN1_VALUE, (cmp))
-# define sk_ASN1_VALUE_new_null() SKM_sk_new_null(ASN1_VALUE)
-# define sk_ASN1_VALUE_free(st) SKM_sk_free(ASN1_VALUE, (st))
-# define sk_ASN1_VALUE_num(st) SKM_sk_num(ASN1_VALUE, (st))
-# define sk_ASN1_VALUE_value(st, i) SKM_sk_value(ASN1_VALUE, (st), (i))
-# define sk_ASN1_VALUE_set(st, i, val) SKM_sk_set(ASN1_VALUE, (st), (i), (val))
-# define sk_ASN1_VALUE_zero(st) SKM_sk_zero(ASN1_VALUE, (st))
-# define sk_ASN1_VALUE_push(st, val) SKM_sk_push(ASN1_VALUE, (st), (val))
-# define sk_ASN1_VALUE_unshift(st, val) SKM_sk_unshift(ASN1_VALUE, (st), (val))
-# define sk_ASN1_VALUE_find(st, val) SKM_sk_find(ASN1_VALUE, (st), (val))
-# define sk_ASN1_VALUE_find_ex(st, val) SKM_sk_find_ex(ASN1_VALUE, (st), (val))
-# define sk_ASN1_VALUE_delete(st, i) SKM_sk_delete(ASN1_VALUE, (st), (i))
-# define sk_ASN1_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_VALUE, (st), (ptr))
-# define sk_ASN1_VALUE_insert(st, val, i) SKM_sk_insert(ASN1_VALUE, (st), (val), (i))
-# define sk_ASN1_VALUE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_VALUE, (st), (cmp))
-# define sk_ASN1_VALUE_dup(st) SKM_sk_dup(ASN1_VALUE, st)
-# define sk_ASN1_VALUE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_VALUE, (st), (free_func))
-# define sk_ASN1_VALUE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASN1_VALUE, (st), (copy_func), (free_func))
-# define sk_ASN1_VALUE_shift(st) SKM_sk_shift(ASN1_VALUE, (st))
-# define sk_ASN1_VALUE_pop(st) SKM_sk_pop(ASN1_VALUE, (st))
-# define sk_ASN1_VALUE_sort(st) SKM_sk_sort(ASN1_VALUE, (st))
-# define sk_ASN1_VALUE_is_sorted(st) SKM_sk_is_sorted(ASN1_VALUE, (st))
-# define sk_BIO_new(cmp) SKM_sk_new(BIO, (cmp))
-# define sk_BIO_new_null() SKM_sk_new_null(BIO)
-# define sk_BIO_free(st) SKM_sk_free(BIO, (st))
-# define sk_BIO_num(st) SKM_sk_num(BIO, (st))
-# define sk_BIO_value(st, i) SKM_sk_value(BIO, (st), (i))
-# define sk_BIO_set(st, i, val) SKM_sk_set(BIO, (st), (i), (val))
-# define sk_BIO_zero(st) SKM_sk_zero(BIO, (st))
-# define sk_BIO_push(st, val) SKM_sk_push(BIO, (st), (val))
-# define sk_BIO_unshift(st, val) SKM_sk_unshift(BIO, (st), (val))
-# define sk_BIO_find(st, val) SKM_sk_find(BIO, (st), (val))
-# define sk_BIO_find_ex(st, val) SKM_sk_find_ex(BIO, (st), (val))
-# define sk_BIO_delete(st, i) SKM_sk_delete(BIO, (st), (i))
-# define sk_BIO_delete_ptr(st, ptr) SKM_sk_delete_ptr(BIO, (st), (ptr))
-# define sk_BIO_insert(st, val, i) SKM_sk_insert(BIO, (st), (val), (i))
-# define sk_BIO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BIO, (st), (cmp))
-# define sk_BIO_dup(st) SKM_sk_dup(BIO, st)
-# define sk_BIO_pop_free(st, free_func) SKM_sk_pop_free(BIO, (st), (free_func))
-# define sk_BIO_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(BIO, (st), (copy_func), (free_func))
-# define sk_BIO_shift(st) SKM_sk_shift(BIO, (st))
-# define sk_BIO_pop(st) SKM_sk_pop(BIO, (st))
-# define sk_BIO_sort(st) SKM_sk_sort(BIO, (st))
-# define sk_BIO_is_sorted(st) SKM_sk_is_sorted(BIO, (st))
-# define sk_BY_DIR_ENTRY_new(cmp) SKM_sk_new(BY_DIR_ENTRY, (cmp))
-# define sk_BY_DIR_ENTRY_new_null() SKM_sk_new_null(BY_DIR_ENTRY)
-# define sk_BY_DIR_ENTRY_free(st) SKM_sk_free(BY_DIR_ENTRY, (st))
-# define sk_BY_DIR_ENTRY_num(st) SKM_sk_num(BY_DIR_ENTRY, (st))
-# define sk_BY_DIR_ENTRY_value(st, i) SKM_sk_value(BY_DIR_ENTRY, (st), (i))
-# define sk_BY_DIR_ENTRY_set(st, i, val) SKM_sk_set(BY_DIR_ENTRY, (st), (i), (val))
-# define sk_BY_DIR_ENTRY_zero(st) SKM_sk_zero(BY_DIR_ENTRY, (st))
-# define sk_BY_DIR_ENTRY_push(st, val) SKM_sk_push(BY_DIR_ENTRY, (st), (val))
-# define sk_BY_DIR_ENTRY_unshift(st, val) SKM_sk_unshift(BY_DIR_ENTRY, (st), (val))
-# define sk_BY_DIR_ENTRY_find(st, val) SKM_sk_find(BY_DIR_ENTRY, (st), (val))
-# define sk_BY_DIR_ENTRY_find_ex(st, val) SKM_sk_find_ex(BY_DIR_ENTRY, (st), (val))
-# define sk_BY_DIR_ENTRY_delete(st, i) SKM_sk_delete(BY_DIR_ENTRY, (st), (i))
-# define sk_BY_DIR_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(BY_DIR_ENTRY, (st), (ptr))
-# define sk_BY_DIR_ENTRY_insert(st, val, i) SKM_sk_insert(BY_DIR_ENTRY, (st), (val), (i))
-# define sk_BY_DIR_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BY_DIR_ENTRY, (st), (cmp))
-# define sk_BY_DIR_ENTRY_dup(st) SKM_sk_dup(BY_DIR_ENTRY, st)
-# define sk_BY_DIR_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(BY_DIR_ENTRY, (st), (free_func))
-# define sk_BY_DIR_ENTRY_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(BY_DIR_ENTRY, (st), (copy_func), (free_func))
-# define sk_BY_DIR_ENTRY_shift(st) SKM_sk_shift(BY_DIR_ENTRY, (st))
-# define sk_BY_DIR_ENTRY_pop(st) SKM_sk_pop(BY_DIR_ENTRY, (st))
-# define sk_BY_DIR_ENTRY_sort(st) SKM_sk_sort(BY_DIR_ENTRY, (st))
-# define sk_BY_DIR_ENTRY_is_sorted(st) SKM_sk_is_sorted(BY_DIR_ENTRY, (st))
-# define sk_BY_DIR_HASH_new(cmp) SKM_sk_new(BY_DIR_HASH, (cmp))
-# define sk_BY_DIR_HASH_new_null() SKM_sk_new_null(BY_DIR_HASH)
-# define sk_BY_DIR_HASH_free(st) SKM_sk_free(BY_DIR_HASH, (st))
-# define sk_BY_DIR_HASH_num(st) SKM_sk_num(BY_DIR_HASH, (st))
-# define sk_BY_DIR_HASH_value(st, i) SKM_sk_value(BY_DIR_HASH, (st), (i))
-# define sk_BY_DIR_HASH_set(st, i, val) SKM_sk_set(BY_DIR_HASH, (st), (i), (val))
-# define sk_BY_DIR_HASH_zero(st) SKM_sk_zero(BY_DIR_HASH, (st))
-# define sk_BY_DIR_HASH_push(st, val) SKM_sk_push(BY_DIR_HASH, (st), (val))
-# define sk_BY_DIR_HASH_unshift(st, val) SKM_sk_unshift(BY_DIR_HASH, (st), (val))
-# define sk_BY_DIR_HASH_find(st, val) SKM_sk_find(BY_DIR_HASH, (st), (val))
-# define sk_BY_DIR_HASH_find_ex(st, val) SKM_sk_find_ex(BY_DIR_HASH, (st), (val))
-# define sk_BY_DIR_HASH_delete(st, i) SKM_sk_delete(BY_DIR_HASH, (st), (i))
-# define sk_BY_DIR_HASH_delete_ptr(st, ptr) SKM_sk_delete_ptr(BY_DIR_HASH, (st), (ptr))
-# define sk_BY_DIR_HASH_insert(st, val, i) SKM_sk_insert(BY_DIR_HASH, (st), (val), (i))
-# define sk_BY_DIR_HASH_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BY_DIR_HASH, (st), (cmp))
-# define sk_BY_DIR_HASH_dup(st) SKM_sk_dup(BY_DIR_HASH, st)
-# define sk_BY_DIR_HASH_pop_free(st, free_func) SKM_sk_pop_free(BY_DIR_HASH, (st), (free_func))
-# define sk_BY_DIR_HASH_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(BY_DIR_HASH, (st), (copy_func), (free_func))
-# define sk_BY_DIR_HASH_shift(st) SKM_sk_shift(BY_DIR_HASH, (st))
-# define sk_BY_DIR_HASH_pop(st) SKM_sk_pop(BY_DIR_HASH, (st))
-# define sk_BY_DIR_HASH_sort(st) SKM_sk_sort(BY_DIR_HASH, (st))
-# define sk_BY_DIR_HASH_is_sorted(st) SKM_sk_is_sorted(BY_DIR_HASH, (st))
-# define sk_CMS_CertificateChoices_new(cmp) SKM_sk_new(CMS_CertificateChoices, (cmp))
-# define sk_CMS_CertificateChoices_new_null() SKM_sk_new_null(CMS_CertificateChoices)
-# define sk_CMS_CertificateChoices_free(st) SKM_sk_free(CMS_CertificateChoices, (st))
-# define sk_CMS_CertificateChoices_num(st) SKM_sk_num(CMS_CertificateChoices, (st))
-# define sk_CMS_CertificateChoices_value(st, i) SKM_sk_value(CMS_CertificateChoices, (st), (i))
-# define sk_CMS_CertificateChoices_set(st, i, val) SKM_sk_set(CMS_CertificateChoices, (st), (i), (val))
-# define sk_CMS_CertificateChoices_zero(st) SKM_sk_zero(CMS_CertificateChoices, (st))
-# define sk_CMS_CertificateChoices_push(st, val) SKM_sk_push(CMS_CertificateChoices, (st), (val))
-# define sk_CMS_CertificateChoices_unshift(st, val) SKM_sk_unshift(CMS_CertificateChoices, (st), (val))
-# define sk_CMS_CertificateChoices_find(st, val) SKM_sk_find(CMS_CertificateChoices, (st), (val))
-# define sk_CMS_CertificateChoices_find_ex(st, val) SKM_sk_find_ex(CMS_CertificateChoices, (st), (val))
-# define sk_CMS_CertificateChoices_delete(st, i) SKM_sk_delete(CMS_CertificateChoices, (st), (i))
-# define sk_CMS_CertificateChoices_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_CertificateChoices, (st), (ptr))
-# define sk_CMS_CertificateChoices_insert(st, val, i) SKM_sk_insert(CMS_CertificateChoices, (st), (val), (i))
-# define sk_CMS_CertificateChoices_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_CertificateChoices, (st), (cmp))
-# define sk_CMS_CertificateChoices_dup(st) SKM_sk_dup(CMS_CertificateChoices, st)
-# define sk_CMS_CertificateChoices_pop_free(st, free_func) SKM_sk_pop_free(CMS_CertificateChoices, (st), (free_func))
-# define sk_CMS_CertificateChoices_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CMS_CertificateChoices, (st), (copy_func), (free_func))
-# define sk_CMS_CertificateChoices_shift(st) SKM_sk_shift(CMS_CertificateChoices, (st))
-# define sk_CMS_CertificateChoices_pop(st) SKM_sk_pop(CMS_CertificateChoices, (st))
-# define sk_CMS_CertificateChoices_sort(st) SKM_sk_sort(CMS_CertificateChoices, (st))
-# define sk_CMS_CertificateChoices_is_sorted(st) SKM_sk_is_sorted(CMS_CertificateChoices, (st))
-# define sk_CMS_RecipientEncryptedKey_new(cmp) SKM_sk_new(CMS_RecipientEncryptedKey, (cmp))
-# define sk_CMS_RecipientEncryptedKey_new_null() SKM_sk_new_null(CMS_RecipientEncryptedKey)
-# define sk_CMS_RecipientEncryptedKey_free(st) SKM_sk_free(CMS_RecipientEncryptedKey, (st))
-# define sk_CMS_RecipientEncryptedKey_num(st) SKM_sk_num(CMS_RecipientEncryptedKey, (st))
-# define sk_CMS_RecipientEncryptedKey_value(st, i) SKM_sk_value(CMS_RecipientEncryptedKey, (st), (i))
-# define sk_CMS_RecipientEncryptedKey_set(st, i, val) SKM_sk_set(CMS_RecipientEncryptedKey, (st), (i), (val))
-# define sk_CMS_RecipientEncryptedKey_zero(st) SKM_sk_zero(CMS_RecipientEncryptedKey, (st))
-# define sk_CMS_RecipientEncryptedKey_push(st, val) SKM_sk_push(CMS_RecipientEncryptedKey, (st), (val))
-# define sk_CMS_RecipientEncryptedKey_unshift(st, val) SKM_sk_unshift(CMS_RecipientEncryptedKey, (st), (val))
-# define sk_CMS_RecipientEncryptedKey_find(st, val) SKM_sk_find(CMS_RecipientEncryptedKey, (st), (val))
-# define sk_CMS_RecipientEncryptedKey_find_ex(st, val) SKM_sk_find_ex(CMS_RecipientEncryptedKey, (st), (val))
-# define sk_CMS_RecipientEncryptedKey_delete(st, i) SKM_sk_delete(CMS_RecipientEncryptedKey, (st), (i))
-# define sk_CMS_RecipientEncryptedKey_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RecipientEncryptedKey, (st), (ptr))
-# define sk_CMS_RecipientEncryptedKey_insert(st, val, i) SKM_sk_insert(CMS_RecipientEncryptedKey, (st), (val), (i))
-# define sk_CMS_RecipientEncryptedKey_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RecipientEncryptedKey, (st), (cmp))
-# define sk_CMS_RecipientEncryptedKey_dup(st) SKM_sk_dup(CMS_RecipientEncryptedKey, st)
-# define sk_CMS_RecipientEncryptedKey_pop_free(st, free_func) SKM_sk_pop_free(CMS_RecipientEncryptedKey, (st), (free_func))
-# define sk_CMS_RecipientEncryptedKey_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CMS_RecipientEncryptedKey, (st), (copy_func), (free_func))
-# define sk_CMS_RecipientEncryptedKey_shift(st) SKM_sk_shift(CMS_RecipientEncryptedKey, (st))
-# define sk_CMS_RecipientEncryptedKey_pop(st) SKM_sk_pop(CMS_RecipientEncryptedKey, (st))
-# define sk_CMS_RecipientEncryptedKey_sort(st) SKM_sk_sort(CMS_RecipientEncryptedKey, (st))
-# define sk_CMS_RecipientEncryptedKey_is_sorted(st) SKM_sk_is_sorted(CMS_RecipientEncryptedKey, (st))
-# define sk_CMS_RecipientInfo_new(cmp) SKM_sk_new(CMS_RecipientInfo, (cmp))
-# define sk_CMS_RecipientInfo_new_null() SKM_sk_new_null(CMS_RecipientInfo)
-# define sk_CMS_RecipientInfo_free(st) SKM_sk_free(CMS_RecipientInfo, (st))
-# define sk_CMS_RecipientInfo_num(st) SKM_sk_num(CMS_RecipientInfo, (st))
-# define sk_CMS_RecipientInfo_value(st, i) SKM_sk_value(CMS_RecipientInfo, (st), (i))
-# define sk_CMS_RecipientInfo_set(st, i, val) SKM_sk_set(CMS_RecipientInfo, (st), (i), (val))
-# define sk_CMS_RecipientInfo_zero(st) SKM_sk_zero(CMS_RecipientInfo, (st))
-# define sk_CMS_RecipientInfo_push(st, val) SKM_sk_push(CMS_RecipientInfo, (st), (val))
-# define sk_CMS_RecipientInfo_unshift(st, val) SKM_sk_unshift(CMS_RecipientInfo, (st), (val))
-# define sk_CMS_RecipientInfo_find(st, val) SKM_sk_find(CMS_RecipientInfo, (st), (val))
-# define sk_CMS_RecipientInfo_find_ex(st, val) SKM_sk_find_ex(CMS_RecipientInfo, (st), (val))
-# define sk_CMS_RecipientInfo_delete(st, i) SKM_sk_delete(CMS_RecipientInfo, (st), (i))
-# define sk_CMS_RecipientInfo_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RecipientInfo, (st), (ptr))
-# define sk_CMS_RecipientInfo_insert(st, val, i) SKM_sk_insert(CMS_RecipientInfo, (st), (val), (i))
-# define sk_CMS_RecipientInfo_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RecipientInfo, (st), (cmp))
-# define sk_CMS_RecipientInfo_dup(st) SKM_sk_dup(CMS_RecipientInfo, st)
-# define sk_CMS_RecipientInfo_pop_free(st, free_func) SKM_sk_pop_free(CMS_RecipientInfo, (st), (free_func))
-# define sk_CMS_RecipientInfo_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CMS_RecipientInfo, (st), (copy_func), (free_func))
-# define sk_CMS_RecipientInfo_shift(st) SKM_sk_shift(CMS_RecipientInfo, (st))
-# define sk_CMS_RecipientInfo_pop(st) SKM_sk_pop(CMS_RecipientInfo, (st))
-# define sk_CMS_RecipientInfo_sort(st) SKM_sk_sort(CMS_RecipientInfo, (st))
-# define sk_CMS_RecipientInfo_is_sorted(st) SKM_sk_is_sorted(CMS_RecipientInfo, (st))
-# define sk_CMS_RevocationInfoChoice_new(cmp) SKM_sk_new(CMS_RevocationInfoChoice, (cmp))
-# define sk_CMS_RevocationInfoChoice_new_null() SKM_sk_new_null(CMS_RevocationInfoChoice)
-# define sk_CMS_RevocationInfoChoice_free(st) SKM_sk_free(CMS_RevocationInfoChoice, (st))
-# define sk_CMS_RevocationInfoChoice_num(st) SKM_sk_num(CMS_RevocationInfoChoice, (st))
-# define sk_CMS_RevocationInfoChoice_value(st, i) SKM_sk_value(CMS_RevocationInfoChoice, (st), (i))
-# define sk_CMS_RevocationInfoChoice_set(st, i, val) SKM_sk_set(CMS_RevocationInfoChoice, (st), (i), (val))
-# define sk_CMS_RevocationInfoChoice_zero(st) SKM_sk_zero(CMS_RevocationInfoChoice, (st))
-# define sk_CMS_RevocationInfoChoice_push(st, val) SKM_sk_push(CMS_RevocationInfoChoice, (st), (val))
-# define sk_CMS_RevocationInfoChoice_unshift(st, val) SKM_sk_unshift(CMS_RevocationInfoChoice, (st), (val))
-# define sk_CMS_RevocationInfoChoice_find(st, val) SKM_sk_find(CMS_RevocationInfoChoice, (st), (val))
-# define sk_CMS_RevocationInfoChoice_find_ex(st, val) SKM_sk_find_ex(CMS_RevocationInfoChoice, (st), (val))
-# define sk_CMS_RevocationInfoChoice_delete(st, i) SKM_sk_delete(CMS_RevocationInfoChoice, (st), (i))
-# define sk_CMS_RevocationInfoChoice_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RevocationInfoChoice, (st), (ptr))
-# define sk_CMS_RevocationInfoChoice_insert(st, val, i) SKM_sk_insert(CMS_RevocationInfoChoice, (st), (val), (i))
-# define sk_CMS_RevocationInfoChoice_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RevocationInfoChoice, (st), (cmp))
-# define sk_CMS_RevocationInfoChoice_dup(st) SKM_sk_dup(CMS_RevocationInfoChoice, st)
-# define sk_CMS_RevocationInfoChoice_pop_free(st, free_func) SKM_sk_pop_free(CMS_RevocationInfoChoice, (st), (free_func))
-# define sk_CMS_RevocationInfoChoice_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CMS_RevocationInfoChoice, (st), (copy_func), (free_func))
-# define sk_CMS_RevocationInfoChoice_shift(st) SKM_sk_shift(CMS_RevocationInfoChoice, (st))
-# define sk_CMS_RevocationInfoChoice_pop(st) SKM_sk_pop(CMS_RevocationInfoChoice, (st))
-# define sk_CMS_RevocationInfoChoice_sort(st) SKM_sk_sort(CMS_RevocationInfoChoice, (st))
-# define sk_CMS_RevocationInfoChoice_is_sorted(st) SKM_sk_is_sorted(CMS_RevocationInfoChoice, (st))
-# define sk_CMS_SignerInfo_new(cmp) SKM_sk_new(CMS_SignerInfo, (cmp))
-# define sk_CMS_SignerInfo_new_null() SKM_sk_new_null(CMS_SignerInfo)
-# define sk_CMS_SignerInfo_free(st) SKM_sk_free(CMS_SignerInfo, (st))
-# define sk_CMS_SignerInfo_num(st) SKM_sk_num(CMS_SignerInfo, (st))
-# define sk_CMS_SignerInfo_value(st, i) SKM_sk_value(CMS_SignerInfo, (st), (i))
-# define sk_CMS_SignerInfo_set(st, i, val) SKM_sk_set(CMS_SignerInfo, (st), (i), (val))
-# define sk_CMS_SignerInfo_zero(st) SKM_sk_zero(CMS_SignerInfo, (st))
-# define sk_CMS_SignerInfo_push(st, val) SKM_sk_push(CMS_SignerInfo, (st), (val))
-# define sk_CMS_SignerInfo_unshift(st, val) SKM_sk_unshift(CMS_SignerInfo, (st), (val))
-# define sk_CMS_SignerInfo_find(st, val) SKM_sk_find(CMS_SignerInfo, (st), (val))
-# define sk_CMS_SignerInfo_find_ex(st, val) SKM_sk_find_ex(CMS_SignerInfo, (st), (val))
-# define sk_CMS_SignerInfo_delete(st, i) SKM_sk_delete(CMS_SignerInfo, (st), (i))
-# define sk_CMS_SignerInfo_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_SignerInfo, (st), (ptr))
-# define sk_CMS_SignerInfo_insert(st, val, i) SKM_sk_insert(CMS_SignerInfo, (st), (val), (i))
-# define sk_CMS_SignerInfo_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_SignerInfo, (st), (cmp))
-# define sk_CMS_SignerInfo_dup(st) SKM_sk_dup(CMS_SignerInfo, st)
-# define sk_CMS_SignerInfo_pop_free(st, free_func) SKM_sk_pop_free(CMS_SignerInfo, (st), (free_func))
-# define sk_CMS_SignerInfo_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CMS_SignerInfo, (st), (copy_func), (free_func))
-# define sk_CMS_SignerInfo_shift(st) SKM_sk_shift(CMS_SignerInfo, (st))
-# define sk_CMS_SignerInfo_pop(st) SKM_sk_pop(CMS_SignerInfo, (st))
-# define sk_CMS_SignerInfo_sort(st) SKM_sk_sort(CMS_SignerInfo, (st))
-# define sk_CMS_SignerInfo_is_sorted(st) SKM_sk_is_sorted(CMS_SignerInfo, (st))
-# define sk_CONF_IMODULE_new(cmp) SKM_sk_new(CONF_IMODULE, (cmp))
-# define sk_CONF_IMODULE_new_null() SKM_sk_new_null(CONF_IMODULE)
-# define sk_CONF_IMODULE_free(st) SKM_sk_free(CONF_IMODULE, (st))
-# define sk_CONF_IMODULE_num(st) SKM_sk_num(CONF_IMODULE, (st))
-# define sk_CONF_IMODULE_value(st, i) SKM_sk_value(CONF_IMODULE, (st), (i))
-# define sk_CONF_IMODULE_set(st, i, val) SKM_sk_set(CONF_IMODULE, (st), (i), (val))
-# define sk_CONF_IMODULE_zero(st) SKM_sk_zero(CONF_IMODULE, (st))
-# define sk_CONF_IMODULE_push(st, val) SKM_sk_push(CONF_IMODULE, (st), (val))
-# define sk_CONF_IMODULE_unshift(st, val) SKM_sk_unshift(CONF_IMODULE, (st), (val))
-# define sk_CONF_IMODULE_find(st, val) SKM_sk_find(CONF_IMODULE, (st), (val))
-# define sk_CONF_IMODULE_find_ex(st, val) SKM_sk_find_ex(CONF_IMODULE, (st), (val))
-# define sk_CONF_IMODULE_delete(st, i) SKM_sk_delete(CONF_IMODULE, (st), (i))
-# define sk_CONF_IMODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_IMODULE, (st), (ptr))
-# define sk_CONF_IMODULE_insert(st, val, i) SKM_sk_insert(CONF_IMODULE, (st), (val), (i))
-# define sk_CONF_IMODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_IMODULE, (st), (cmp))
-# define sk_CONF_IMODULE_dup(st) SKM_sk_dup(CONF_IMODULE, st)
-# define sk_CONF_IMODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_IMODULE, (st), (free_func))
-# define sk_CONF_IMODULE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CONF_IMODULE, (st), (copy_func), (free_func))
-# define sk_CONF_IMODULE_shift(st) SKM_sk_shift(CONF_IMODULE, (st))
-# define sk_CONF_IMODULE_pop(st) SKM_sk_pop(CONF_IMODULE, (st))
-# define sk_CONF_IMODULE_sort(st) SKM_sk_sort(CONF_IMODULE, (st))
-# define sk_CONF_IMODULE_is_sorted(st) SKM_sk_is_sorted(CONF_IMODULE, (st))
-# define sk_CONF_MODULE_new(cmp) SKM_sk_new(CONF_MODULE, (cmp))
-# define sk_CONF_MODULE_new_null() SKM_sk_new_null(CONF_MODULE)
-# define sk_CONF_MODULE_free(st) SKM_sk_free(CONF_MODULE, (st))
-# define sk_CONF_MODULE_num(st) SKM_sk_num(CONF_MODULE, (st))
-# define sk_CONF_MODULE_value(st, i) SKM_sk_value(CONF_MODULE, (st), (i))
-# define sk_CONF_MODULE_set(st, i, val) SKM_sk_set(CONF_MODULE, (st), (i), (val))
-# define sk_CONF_MODULE_zero(st) SKM_sk_zero(CONF_MODULE, (st))
-# define sk_CONF_MODULE_push(st, val) SKM_sk_push(CONF_MODULE, (st), (val))
-# define sk_CONF_MODULE_unshift(st, val) SKM_sk_unshift(CONF_MODULE, (st), (val))
-# define sk_CONF_MODULE_find(st, val) SKM_sk_find(CONF_MODULE, (st), (val))
-# define sk_CONF_MODULE_find_ex(st, val) SKM_sk_find_ex(CONF_MODULE, (st), (val))
-# define sk_CONF_MODULE_delete(st, i) SKM_sk_delete(CONF_MODULE, (st), (i))
-# define sk_CONF_MODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_MODULE, (st), (ptr))
-# define sk_CONF_MODULE_insert(st, val, i) SKM_sk_insert(CONF_MODULE, (st), (val), (i))
-# define sk_CONF_MODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_MODULE, (st), (cmp))
-# define sk_CONF_MODULE_dup(st) SKM_sk_dup(CONF_MODULE, st)
-# define sk_CONF_MODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_MODULE, (st), (free_func))
-# define sk_CONF_MODULE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CONF_MODULE, (st), (copy_func), (free_func))
-# define sk_CONF_MODULE_shift(st) SKM_sk_shift(CONF_MODULE, (st))
-# define sk_CONF_MODULE_pop(st) SKM_sk_pop(CONF_MODULE, (st))
-# define sk_CONF_MODULE_sort(st) SKM_sk_sort(CONF_MODULE, (st))
-# define sk_CONF_MODULE_is_sorted(st) SKM_sk_is_sorted(CONF_MODULE, (st))
-# define sk_CONF_VALUE_new(cmp) SKM_sk_new(CONF_VALUE, (cmp))
-# define sk_CONF_VALUE_new_null() SKM_sk_new_null(CONF_VALUE)
-# define sk_CONF_VALUE_free(st) SKM_sk_free(CONF_VALUE, (st))
-# define sk_CONF_VALUE_num(st) SKM_sk_num(CONF_VALUE, (st))
-# define sk_CONF_VALUE_value(st, i) SKM_sk_value(CONF_VALUE, (st), (i))
-# define sk_CONF_VALUE_set(st, i, val) SKM_sk_set(CONF_VALUE, (st), (i), (val))
-# define sk_CONF_VALUE_zero(st) SKM_sk_zero(CONF_VALUE, (st))
-# define sk_CONF_VALUE_push(st, val) SKM_sk_push(CONF_VALUE, (st), (val))
-# define sk_CONF_VALUE_unshift(st, val) SKM_sk_unshift(CONF_VALUE, (st), (val))
-# define sk_CONF_VALUE_find(st, val) SKM_sk_find(CONF_VALUE, (st), (val))
-# define sk_CONF_VALUE_find_ex(st, val) SKM_sk_find_ex(CONF_VALUE, (st), (val))
-# define sk_CONF_VALUE_delete(st, i) SKM_sk_delete(CONF_VALUE, (st), (i))
-# define sk_CONF_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_VALUE, (st), (ptr))
-# define sk_CONF_VALUE_insert(st, val, i) SKM_sk_insert(CONF_VALUE, (st), (val), (i))
-# define sk_CONF_VALUE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_VALUE, (st), (cmp))
-# define sk_CONF_VALUE_dup(st) SKM_sk_dup(CONF_VALUE, st)
-# define sk_CONF_VALUE_pop_free(st, free_func) SKM_sk_pop_free(CONF_VALUE, (st), (free_func))
-# define sk_CONF_VALUE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CONF_VALUE, (st), (copy_func), (free_func))
-# define sk_CONF_VALUE_shift(st) SKM_sk_shift(CONF_VALUE, (st))
-# define sk_CONF_VALUE_pop(st) SKM_sk_pop(CONF_VALUE, (st))
-# define sk_CONF_VALUE_sort(st) SKM_sk_sort(CONF_VALUE, (st))
-# define sk_CONF_VALUE_is_sorted(st) SKM_sk_is_sorted(CONF_VALUE, (st))
-# define sk_CRYPTO_EX_DATA_FUNCS_new(cmp) SKM_sk_new(CRYPTO_EX_DATA_FUNCS, (cmp))
-# define sk_CRYPTO_EX_DATA_FUNCS_new_null() SKM_sk_new_null(CRYPTO_EX_DATA_FUNCS)
-# define sk_CRYPTO_EX_DATA_FUNCS_free(st) SKM_sk_free(CRYPTO_EX_DATA_FUNCS, (st))
-# define sk_CRYPTO_EX_DATA_FUNCS_num(st) SKM_sk_num(CRYPTO_EX_DATA_FUNCS, (st))
-# define sk_CRYPTO_EX_DATA_FUNCS_value(st, i) SKM_sk_value(CRYPTO_EX_DATA_FUNCS, (st), (i))
-# define sk_CRYPTO_EX_DATA_FUNCS_set(st, i, val) SKM_sk_set(CRYPTO_EX_DATA_FUNCS, (st), (i), (val))
-# define sk_CRYPTO_EX_DATA_FUNCS_zero(st) SKM_sk_zero(CRYPTO_EX_DATA_FUNCS, (st))
-# define sk_CRYPTO_EX_DATA_FUNCS_push(st, val) SKM_sk_push(CRYPTO_EX_DATA_FUNCS, (st), (val))
-# define sk_CRYPTO_EX_DATA_FUNCS_unshift(st, val) SKM_sk_unshift(CRYPTO_EX_DATA_FUNCS, (st), (val))
-# define sk_CRYPTO_EX_DATA_FUNCS_find(st, val) SKM_sk_find(CRYPTO_EX_DATA_FUNCS, (st), (val))
-# define sk_CRYPTO_EX_DATA_FUNCS_find_ex(st, val) SKM_sk_find_ex(CRYPTO_EX_DATA_FUNCS, (st), (val))
-# define sk_CRYPTO_EX_DATA_FUNCS_delete(st, i) SKM_sk_delete(CRYPTO_EX_DATA_FUNCS, (st), (i))
-# define sk_CRYPTO_EX_DATA_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_EX_DATA_FUNCS, (st), (ptr))
-# define sk_CRYPTO_EX_DATA_FUNCS_insert(st, val, i) SKM_sk_insert(CRYPTO_EX_DATA_FUNCS, (st), (val), (i))
-# define sk_CRYPTO_EX_DATA_FUNCS_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CRYPTO_EX_DATA_FUNCS, (st), (cmp))
-# define sk_CRYPTO_EX_DATA_FUNCS_dup(st) SKM_sk_dup(CRYPTO_EX_DATA_FUNCS, st)
-# define sk_CRYPTO_EX_DATA_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_EX_DATA_FUNCS, (st), (free_func))
-# define sk_CRYPTO_EX_DATA_FUNCS_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CRYPTO_EX_DATA_FUNCS, (st), (copy_func), (free_func))
-# define sk_CRYPTO_EX_DATA_FUNCS_shift(st) SKM_sk_shift(CRYPTO_EX_DATA_FUNCS, (st))
-# define sk_CRYPTO_EX_DATA_FUNCS_pop(st) SKM_sk_pop(CRYPTO_EX_DATA_FUNCS, (st))
-# define sk_CRYPTO_EX_DATA_FUNCS_sort(st) SKM_sk_sort(CRYPTO_EX_DATA_FUNCS, (st))
-# define sk_CRYPTO_EX_DATA_FUNCS_is_sorted(st) SKM_sk_is_sorted(CRYPTO_EX_DATA_FUNCS, (st))
-# define sk_CRYPTO_dynlock_new(cmp) SKM_sk_new(CRYPTO_dynlock, (cmp))
-# define sk_CRYPTO_dynlock_new_null() SKM_sk_new_null(CRYPTO_dynlock)
-# define sk_CRYPTO_dynlock_free(st) SKM_sk_free(CRYPTO_dynlock, (st))
-# define sk_CRYPTO_dynlock_num(st) SKM_sk_num(CRYPTO_dynlock, (st))
-# define sk_CRYPTO_dynlock_value(st, i) SKM_sk_value(CRYPTO_dynlock, (st), (i))
-# define sk_CRYPTO_dynlock_set(st, i, val) SKM_sk_set(CRYPTO_dynlock, (st), (i), (val))
-# define sk_CRYPTO_dynlock_zero(st) SKM_sk_zero(CRYPTO_dynlock, (st))
-# define sk_CRYPTO_dynlock_push(st, val) SKM_sk_push(CRYPTO_dynlock, (st), (val))
-# define sk_CRYPTO_dynlock_unshift(st, val) SKM_sk_unshift(CRYPTO_dynlock, (st), (val))
-# define sk_CRYPTO_dynlock_find(st, val) SKM_sk_find(CRYPTO_dynlock, (st), (val))
-# define sk_CRYPTO_dynlock_find_ex(st, val) SKM_sk_find_ex(CRYPTO_dynlock, (st), (val))
-# define sk_CRYPTO_dynlock_delete(st, i) SKM_sk_delete(CRYPTO_dynlock, (st), (i))
-# define sk_CRYPTO_dynlock_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_dynlock, (st), (ptr))
-# define sk_CRYPTO_dynlock_insert(st, val, i) SKM_sk_insert(CRYPTO_dynlock, (st), (val), (i))
-# define sk_CRYPTO_dynlock_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CRYPTO_dynlock, (st), (cmp))
-# define sk_CRYPTO_dynlock_dup(st) SKM_sk_dup(CRYPTO_dynlock, st)
-# define sk_CRYPTO_dynlock_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_dynlock, (st), (free_func))
-# define sk_CRYPTO_dynlock_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CRYPTO_dynlock, (st), (copy_func), (free_func))
-# define sk_CRYPTO_dynlock_shift(st) SKM_sk_shift(CRYPTO_dynlock, (st))
-# define sk_CRYPTO_dynlock_pop(st) SKM_sk_pop(CRYPTO_dynlock, (st))
-# define sk_CRYPTO_dynlock_sort(st) SKM_sk_sort(CRYPTO_dynlock, (st))
-# define sk_CRYPTO_dynlock_is_sorted(st) SKM_sk_is_sorted(CRYPTO_dynlock, (st))
-# define sk_DIST_POINT_new(cmp) SKM_sk_new(DIST_POINT, (cmp))
-# define sk_DIST_POINT_new_null() SKM_sk_new_null(DIST_POINT)
-# define sk_DIST_POINT_free(st) SKM_sk_free(DIST_POINT, (st))
-# define sk_DIST_POINT_num(st) SKM_sk_num(DIST_POINT, (st))
-# define sk_DIST_POINT_value(st, i) SKM_sk_value(DIST_POINT, (st), (i))
-# define sk_DIST_POINT_set(st, i, val) SKM_sk_set(DIST_POINT, (st), (i), (val))
-# define sk_DIST_POINT_zero(st) SKM_sk_zero(DIST_POINT, (st))
-# define sk_DIST_POINT_push(st, val) SKM_sk_push(DIST_POINT, (st), (val))
-# define sk_DIST_POINT_unshift(st, val) SKM_sk_unshift(DIST_POINT, (st), (val))
-# define sk_DIST_POINT_find(st, val) SKM_sk_find(DIST_POINT, (st), (val))
-# define sk_DIST_POINT_find_ex(st, val) SKM_sk_find_ex(DIST_POINT, (st), (val))
-# define sk_DIST_POINT_delete(st, i) SKM_sk_delete(DIST_POINT, (st), (i))
-# define sk_DIST_POINT_delete_ptr(st, ptr) SKM_sk_delete_ptr(DIST_POINT, (st), (ptr))
-# define sk_DIST_POINT_insert(st, val, i) SKM_sk_insert(DIST_POINT, (st), (val), (i))
-# define sk_DIST_POINT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(DIST_POINT, (st), (cmp))
-# define sk_DIST_POINT_dup(st) SKM_sk_dup(DIST_POINT, st)
-# define sk_DIST_POINT_pop_free(st, free_func) SKM_sk_pop_free(DIST_POINT, (st), (free_func))
-# define sk_DIST_POINT_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(DIST_POINT, (st), (copy_func), (free_func))
-# define sk_DIST_POINT_shift(st) SKM_sk_shift(DIST_POINT, (st))
-# define sk_DIST_POINT_pop(st) SKM_sk_pop(DIST_POINT, (st))
-# define sk_DIST_POINT_sort(st) SKM_sk_sort(DIST_POINT, (st))
-# define sk_DIST_POINT_is_sorted(st) SKM_sk_is_sorted(DIST_POINT, (st))
-# define sk_ENGINE_new(cmp) SKM_sk_new(ENGINE, (cmp))
-# define sk_ENGINE_new_null() SKM_sk_new_null(ENGINE)
-# define sk_ENGINE_free(st) SKM_sk_free(ENGINE, (st))
-# define sk_ENGINE_num(st) SKM_sk_num(ENGINE, (st))
-# define sk_ENGINE_value(st, i) SKM_sk_value(ENGINE, (st), (i))
-# define sk_ENGINE_set(st, i, val) SKM_sk_set(ENGINE, (st), (i), (val))
-# define sk_ENGINE_zero(st) SKM_sk_zero(ENGINE, (st))
-# define sk_ENGINE_push(st, val) SKM_sk_push(ENGINE, (st), (val))
-# define sk_ENGINE_unshift(st, val) SKM_sk_unshift(ENGINE, (st), (val))
-# define sk_ENGINE_find(st, val) SKM_sk_find(ENGINE, (st), (val))
-# define sk_ENGINE_find_ex(st, val) SKM_sk_find_ex(ENGINE, (st), (val))
-# define sk_ENGINE_delete(st, i) SKM_sk_delete(ENGINE, (st), (i))
-# define sk_ENGINE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE, (st), (ptr))
-# define sk_ENGINE_insert(st, val, i) SKM_sk_insert(ENGINE, (st), (val), (i))
-# define sk_ENGINE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ENGINE, (st), (cmp))
-# define sk_ENGINE_dup(st) SKM_sk_dup(ENGINE, st)
-# define sk_ENGINE_pop_free(st, free_func) SKM_sk_pop_free(ENGINE, (st), (free_func))
-# define sk_ENGINE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ENGINE, (st), (copy_func), (free_func))
-# define sk_ENGINE_shift(st) SKM_sk_shift(ENGINE, (st))
-# define sk_ENGINE_pop(st) SKM_sk_pop(ENGINE, (st))
-# define sk_ENGINE_sort(st) SKM_sk_sort(ENGINE, (st))
-# define sk_ENGINE_is_sorted(st) SKM_sk_is_sorted(ENGINE, (st))
-# define sk_ENGINE_CLEANUP_ITEM_new(cmp) SKM_sk_new(ENGINE_CLEANUP_ITEM, (cmp))
-# define sk_ENGINE_CLEANUP_ITEM_new_null() SKM_sk_new_null(ENGINE_CLEANUP_ITEM)
-# define sk_ENGINE_CLEANUP_ITEM_free(st) SKM_sk_free(ENGINE_CLEANUP_ITEM, (st))
-# define sk_ENGINE_CLEANUP_ITEM_num(st) SKM_sk_num(ENGINE_CLEANUP_ITEM, (st))
-# define sk_ENGINE_CLEANUP_ITEM_value(st, i) SKM_sk_value(ENGINE_CLEANUP_ITEM, (st), (i))
-# define sk_ENGINE_CLEANUP_ITEM_set(st, i, val) SKM_sk_set(ENGINE_CLEANUP_ITEM, (st), (i), (val))
-# define sk_ENGINE_CLEANUP_ITEM_zero(st) SKM_sk_zero(ENGINE_CLEANUP_ITEM, (st))
-# define sk_ENGINE_CLEANUP_ITEM_push(st, val) SKM_sk_push(ENGINE_CLEANUP_ITEM, (st), (val))
-# define sk_ENGINE_CLEANUP_ITEM_unshift(st, val) SKM_sk_unshift(ENGINE_CLEANUP_ITEM, (st), (val))
-# define sk_ENGINE_CLEANUP_ITEM_find(st, val) SKM_sk_find(ENGINE_CLEANUP_ITEM, (st), (val))
-# define sk_ENGINE_CLEANUP_ITEM_find_ex(st, val) SKM_sk_find_ex(ENGINE_CLEANUP_ITEM, (st), (val))
-# define sk_ENGINE_CLEANUP_ITEM_delete(st, i) SKM_sk_delete(ENGINE_CLEANUP_ITEM, (st), (i))
-# define sk_ENGINE_CLEANUP_ITEM_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE_CLEANUP_ITEM, (st), (ptr))
-# define sk_ENGINE_CLEANUP_ITEM_insert(st, val, i) SKM_sk_insert(ENGINE_CLEANUP_ITEM, (st), (val), (i))
-# define sk_ENGINE_CLEANUP_ITEM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ENGINE_CLEANUP_ITEM, (st), (cmp))
-# define sk_ENGINE_CLEANUP_ITEM_dup(st) SKM_sk_dup(ENGINE_CLEANUP_ITEM, st)
-# define sk_ENGINE_CLEANUP_ITEM_pop_free(st, free_func) SKM_sk_pop_free(ENGINE_CLEANUP_ITEM, (st), (free_func))
-# define sk_ENGINE_CLEANUP_ITEM_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ENGINE_CLEANUP_ITEM, (st), (copy_func), (free_func))
-# define sk_ENGINE_CLEANUP_ITEM_shift(st) SKM_sk_shift(ENGINE_CLEANUP_ITEM, (st))
-# define sk_ENGINE_CLEANUP_ITEM_pop(st) SKM_sk_pop(ENGINE_CLEANUP_ITEM, (st))
-# define sk_ENGINE_CLEANUP_ITEM_sort(st) SKM_sk_sort(ENGINE_CLEANUP_ITEM, (st))
-# define sk_ENGINE_CLEANUP_ITEM_is_sorted(st) SKM_sk_is_sorted(ENGINE_CLEANUP_ITEM, (st))
-# define sk_ESS_CERT_ID_new(cmp) SKM_sk_new(ESS_CERT_ID, (cmp))
-# define sk_ESS_CERT_ID_new_null() SKM_sk_new_null(ESS_CERT_ID)
-# define sk_ESS_CERT_ID_free(st) SKM_sk_free(ESS_CERT_ID, (st))
-# define sk_ESS_CERT_ID_num(st) SKM_sk_num(ESS_CERT_ID, (st))
-# define sk_ESS_CERT_ID_value(st, i) SKM_sk_value(ESS_CERT_ID, (st), (i))
-# define sk_ESS_CERT_ID_set(st, i, val) SKM_sk_set(ESS_CERT_ID, (st), (i), (val))
-# define sk_ESS_CERT_ID_zero(st) SKM_sk_zero(ESS_CERT_ID, (st))
-# define sk_ESS_CERT_ID_push(st, val) SKM_sk_push(ESS_CERT_ID, (st), (val))
-# define sk_ESS_CERT_ID_unshift(st, val) SKM_sk_unshift(ESS_CERT_ID, (st), (val))
-# define sk_ESS_CERT_ID_find(st, val) SKM_sk_find(ESS_CERT_ID, (st), (val))
-# define sk_ESS_CERT_ID_find_ex(st, val) SKM_sk_find_ex(ESS_CERT_ID, (st), (val))
-# define sk_ESS_CERT_ID_delete(st, i) SKM_sk_delete(ESS_CERT_ID, (st), (i))
-# define sk_ESS_CERT_ID_delete_ptr(st, ptr) SKM_sk_delete_ptr(ESS_CERT_ID, (st), (ptr))
-# define sk_ESS_CERT_ID_insert(st, val, i) SKM_sk_insert(ESS_CERT_ID, (st), (val), (i))
-# define sk_ESS_CERT_ID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ESS_CERT_ID, (st), (cmp))
-# define sk_ESS_CERT_ID_dup(st) SKM_sk_dup(ESS_CERT_ID, st)
-# define sk_ESS_CERT_ID_pop_free(st, free_func) SKM_sk_pop_free(ESS_CERT_ID, (st), (free_func))
-# define sk_ESS_CERT_ID_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ESS_CERT_ID, (st), (copy_func), (free_func))
-# define sk_ESS_CERT_ID_shift(st) SKM_sk_shift(ESS_CERT_ID, (st))
-# define sk_ESS_CERT_ID_pop(st) SKM_sk_pop(ESS_CERT_ID, (st))
-# define sk_ESS_CERT_ID_sort(st) SKM_sk_sort(ESS_CERT_ID, (st))
-# define sk_ESS_CERT_ID_is_sorted(st) SKM_sk_is_sorted(ESS_CERT_ID, (st))
-# define sk_EVP_MD_new(cmp) SKM_sk_new(EVP_MD, (cmp))
-# define sk_EVP_MD_new_null() SKM_sk_new_null(EVP_MD)
-# define sk_EVP_MD_free(st) SKM_sk_free(EVP_MD, (st))
-# define sk_EVP_MD_num(st) SKM_sk_num(EVP_MD, (st))
-# define sk_EVP_MD_value(st, i) SKM_sk_value(EVP_MD, (st), (i))
-# define sk_EVP_MD_set(st, i, val) SKM_sk_set(EVP_MD, (st), (i), (val))
-# define sk_EVP_MD_zero(st) SKM_sk_zero(EVP_MD, (st))
-# define sk_EVP_MD_push(st, val) SKM_sk_push(EVP_MD, (st), (val))
-# define sk_EVP_MD_unshift(st, val) SKM_sk_unshift(EVP_MD, (st), (val))
-# define sk_EVP_MD_find(st, val) SKM_sk_find(EVP_MD, (st), (val))
-# define sk_EVP_MD_find_ex(st, val) SKM_sk_find_ex(EVP_MD, (st), (val))
-# define sk_EVP_MD_delete(st, i) SKM_sk_delete(EVP_MD, (st), (i))
-# define sk_EVP_MD_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_MD, (st), (ptr))
-# define sk_EVP_MD_insert(st, val, i) SKM_sk_insert(EVP_MD, (st), (val), (i))
-# define sk_EVP_MD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_MD, (st), (cmp))
-# define sk_EVP_MD_dup(st) SKM_sk_dup(EVP_MD, st)
-# define sk_EVP_MD_pop_free(st, free_func) SKM_sk_pop_free(EVP_MD, (st), (free_func))
-# define sk_EVP_MD_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(EVP_MD, (st), (copy_func), (free_func))
-# define sk_EVP_MD_shift(st) SKM_sk_shift(EVP_MD, (st))
-# define sk_EVP_MD_pop(st) SKM_sk_pop(EVP_MD, (st))
-# define sk_EVP_MD_sort(st) SKM_sk_sort(EVP_MD, (st))
-# define sk_EVP_MD_is_sorted(st) SKM_sk_is_sorted(EVP_MD, (st))
-# define sk_EVP_PBE_CTL_new(cmp) SKM_sk_new(EVP_PBE_CTL, (cmp))
-# define sk_EVP_PBE_CTL_new_null() SKM_sk_new_null(EVP_PBE_CTL)
-# define sk_EVP_PBE_CTL_free(st) SKM_sk_free(EVP_PBE_CTL, (st))
-# define sk_EVP_PBE_CTL_num(st) SKM_sk_num(EVP_PBE_CTL, (st))
-# define sk_EVP_PBE_CTL_value(st, i) SKM_sk_value(EVP_PBE_CTL, (st), (i))
-# define sk_EVP_PBE_CTL_set(st, i, val) SKM_sk_set(EVP_PBE_CTL, (st), (i), (val))
-# define sk_EVP_PBE_CTL_zero(st) SKM_sk_zero(EVP_PBE_CTL, (st))
-# define sk_EVP_PBE_CTL_push(st, val) SKM_sk_push(EVP_PBE_CTL, (st), (val))
-# define sk_EVP_PBE_CTL_unshift(st, val) SKM_sk_unshift(EVP_PBE_CTL, (st), (val))
-# define sk_EVP_PBE_CTL_find(st, val) SKM_sk_find(EVP_PBE_CTL, (st), (val))
-# define sk_EVP_PBE_CTL_find_ex(st, val) SKM_sk_find_ex(EVP_PBE_CTL, (st), (val))
-# define sk_EVP_PBE_CTL_delete(st, i) SKM_sk_delete(EVP_PBE_CTL, (st), (i))
-# define sk_EVP_PBE_CTL_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_PBE_CTL, (st), (ptr))
-# define sk_EVP_PBE_CTL_insert(st, val, i) SKM_sk_insert(EVP_PBE_CTL, (st), (val), (i))
-# define sk_EVP_PBE_CTL_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_PBE_CTL, (st), (cmp))
-# define sk_EVP_PBE_CTL_dup(st) SKM_sk_dup(EVP_PBE_CTL, st)
-# define sk_EVP_PBE_CTL_pop_free(st, free_func) SKM_sk_pop_free(EVP_PBE_CTL, (st), (free_func))
-# define sk_EVP_PBE_CTL_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(EVP_PBE_CTL, (st), (copy_func), (free_func))
-# define sk_EVP_PBE_CTL_shift(st) SKM_sk_shift(EVP_PBE_CTL, (st))
-# define sk_EVP_PBE_CTL_pop(st) SKM_sk_pop(EVP_PBE_CTL, (st))
-# define sk_EVP_PBE_CTL_sort(st) SKM_sk_sort(EVP_PBE_CTL, (st))
-# define sk_EVP_PBE_CTL_is_sorted(st) SKM_sk_is_sorted(EVP_PBE_CTL, (st))
-# define sk_EVP_PKEY_ASN1_METHOD_new(cmp) SKM_sk_new(EVP_PKEY_ASN1_METHOD, (cmp))
-# define sk_EVP_PKEY_ASN1_METHOD_new_null() SKM_sk_new_null(EVP_PKEY_ASN1_METHOD)
-# define sk_EVP_PKEY_ASN1_METHOD_free(st) SKM_sk_free(EVP_PKEY_ASN1_METHOD, (st))
-# define sk_EVP_PKEY_ASN1_METHOD_num(st) SKM_sk_num(EVP_PKEY_ASN1_METHOD, (st))
-# define sk_EVP_PKEY_ASN1_METHOD_value(st, i) SKM_sk_value(EVP_PKEY_ASN1_METHOD, (st), (i))
-# define sk_EVP_PKEY_ASN1_METHOD_set(st, i, val) SKM_sk_set(EVP_PKEY_ASN1_METHOD, (st), (i), (val))
-# define sk_EVP_PKEY_ASN1_METHOD_zero(st) SKM_sk_zero(EVP_PKEY_ASN1_METHOD, (st))
-# define sk_EVP_PKEY_ASN1_METHOD_push(st, val) SKM_sk_push(EVP_PKEY_ASN1_METHOD, (st), (val))
-# define sk_EVP_PKEY_ASN1_METHOD_unshift(st, val) SKM_sk_unshift(EVP_PKEY_ASN1_METHOD, (st), (val))
-# define sk_EVP_PKEY_ASN1_METHOD_find(st, val) SKM_sk_find(EVP_PKEY_ASN1_METHOD, (st), (val))
-# define sk_EVP_PKEY_ASN1_METHOD_find_ex(st, val) SKM_sk_find_ex(EVP_PKEY_ASN1_METHOD, (st), (val))
-# define sk_EVP_PKEY_ASN1_METHOD_delete(st, i) SKM_sk_delete(EVP_PKEY_ASN1_METHOD, (st), (i))
-# define sk_EVP_PKEY_ASN1_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_PKEY_ASN1_METHOD, (st), (ptr))
-# define sk_EVP_PKEY_ASN1_METHOD_insert(st, val, i) SKM_sk_insert(EVP_PKEY_ASN1_METHOD, (st), (val), (i))
-# define sk_EVP_PKEY_ASN1_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_PKEY_ASN1_METHOD, (st), (cmp))
-# define sk_EVP_PKEY_ASN1_METHOD_dup(st) SKM_sk_dup(EVP_PKEY_ASN1_METHOD, st)
-# define sk_EVP_PKEY_ASN1_METHOD_pop_free(st, free_func) SKM_sk_pop_free(EVP_PKEY_ASN1_METHOD, (st), (free_func))
-# define sk_EVP_PKEY_ASN1_METHOD_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(EVP_PKEY_ASN1_METHOD, (st), (copy_func), (free_func))
-# define sk_EVP_PKEY_ASN1_METHOD_shift(st) SKM_sk_shift(EVP_PKEY_ASN1_METHOD, (st))
-# define sk_EVP_PKEY_ASN1_METHOD_pop(st) SKM_sk_pop(EVP_PKEY_ASN1_METHOD, (st))
-# define sk_EVP_PKEY_ASN1_METHOD_sort(st) SKM_sk_sort(EVP_PKEY_ASN1_METHOD, (st))
-# define sk_EVP_PKEY_ASN1_METHOD_is_sorted(st) SKM_sk_is_sorted(EVP_PKEY_ASN1_METHOD, (st))
-# define sk_EVP_PKEY_METHOD_new(cmp) SKM_sk_new(EVP_PKEY_METHOD, (cmp))
-# define sk_EVP_PKEY_METHOD_new_null() SKM_sk_new_null(EVP_PKEY_METHOD)
-# define sk_EVP_PKEY_METHOD_free(st) SKM_sk_free(EVP_PKEY_METHOD, (st))
-# define sk_EVP_PKEY_METHOD_num(st) SKM_sk_num(EVP_PKEY_METHOD, (st))
-# define sk_EVP_PKEY_METHOD_value(st, i) SKM_sk_value(EVP_PKEY_METHOD, (st), (i))
-# define sk_EVP_PKEY_METHOD_set(st, i, val) SKM_sk_set(EVP_PKEY_METHOD, (st), (i), (val))
-# define sk_EVP_PKEY_METHOD_zero(st) SKM_sk_zero(EVP_PKEY_METHOD, (st))
-# define sk_EVP_PKEY_METHOD_push(st, val) SKM_sk_push(EVP_PKEY_METHOD, (st), (val))
-# define sk_EVP_PKEY_METHOD_unshift(st, val) SKM_sk_unshift(EVP_PKEY_METHOD, (st), (val))
-# define sk_EVP_PKEY_METHOD_find(st, val) SKM_sk_find(EVP_PKEY_METHOD, (st), (val))
-# define sk_EVP_PKEY_METHOD_find_ex(st, val) SKM_sk_find_ex(EVP_PKEY_METHOD, (st), (val))
-# define sk_EVP_PKEY_METHOD_delete(st, i) SKM_sk_delete(EVP_PKEY_METHOD, (st), (i))
-# define sk_EVP_PKEY_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_PKEY_METHOD, (st), (ptr))
-# define sk_EVP_PKEY_METHOD_insert(st, val, i) SKM_sk_insert(EVP_PKEY_METHOD, (st), (val), (i))
-# define sk_EVP_PKEY_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_PKEY_METHOD, (st), (cmp))
-# define sk_EVP_PKEY_METHOD_dup(st) SKM_sk_dup(EVP_PKEY_METHOD, st)
-# define sk_EVP_PKEY_METHOD_pop_free(st, free_func) SKM_sk_pop_free(EVP_PKEY_METHOD, (st), (free_func))
-# define sk_EVP_PKEY_METHOD_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(EVP_PKEY_METHOD, (st), (copy_func), (free_func))
-# define sk_EVP_PKEY_METHOD_shift(st) SKM_sk_shift(EVP_PKEY_METHOD, (st))
-# define sk_EVP_PKEY_METHOD_pop(st) SKM_sk_pop(EVP_PKEY_METHOD, (st))
-# define sk_EVP_PKEY_METHOD_sort(st) SKM_sk_sort(EVP_PKEY_METHOD, (st))
-# define sk_EVP_PKEY_METHOD_is_sorted(st) SKM_sk_is_sorted(EVP_PKEY_METHOD, (st))
-# define sk_GENERAL_NAME_new(cmp) SKM_sk_new(GENERAL_NAME, (cmp))
-# define sk_GENERAL_NAME_new_null() SKM_sk_new_null(GENERAL_NAME)
-# define sk_GENERAL_NAME_free(st) SKM_sk_free(GENERAL_NAME, (st))
-# define sk_GENERAL_NAME_num(st) SKM_sk_num(GENERAL_NAME, (st))
-# define sk_GENERAL_NAME_value(st, i) SKM_sk_value(GENERAL_NAME, (st), (i))
-# define sk_GENERAL_NAME_set(st, i, val) SKM_sk_set(GENERAL_NAME, (st), (i), (val))
-# define sk_GENERAL_NAME_zero(st) SKM_sk_zero(GENERAL_NAME, (st))
-# define sk_GENERAL_NAME_push(st, val) SKM_sk_push(GENERAL_NAME, (st), (val))
-# define sk_GENERAL_NAME_unshift(st, val) SKM_sk_unshift(GENERAL_NAME, (st), (val))
-# define sk_GENERAL_NAME_find(st, val) SKM_sk_find(GENERAL_NAME, (st), (val))
-# define sk_GENERAL_NAME_find_ex(st, val) SKM_sk_find_ex(GENERAL_NAME, (st), (val))
-# define sk_GENERAL_NAME_delete(st, i) SKM_sk_delete(GENERAL_NAME, (st), (i))
-# define sk_GENERAL_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAME, (st), (ptr))
-# define sk_GENERAL_NAME_insert(st, val, i) SKM_sk_insert(GENERAL_NAME, (st), (val), (i))
-# define sk_GENERAL_NAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_NAME, (st), (cmp))
-# define sk_GENERAL_NAME_dup(st) SKM_sk_dup(GENERAL_NAME, st)
-# define sk_GENERAL_NAME_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_NAME, (st), (free_func))
-# define sk_GENERAL_NAME_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(GENERAL_NAME, (st), (copy_func), (free_func))
-# define sk_GENERAL_NAME_shift(st) SKM_sk_shift(GENERAL_NAME, (st))
-# define sk_GENERAL_NAME_pop(st) SKM_sk_pop(GENERAL_NAME, (st))
-# define sk_GENERAL_NAME_sort(st) SKM_sk_sort(GENERAL_NAME, (st))
-# define sk_GENERAL_NAME_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAME, (st))
-# define sk_GENERAL_NAMES_new(cmp) SKM_sk_new(GENERAL_NAMES, (cmp))
-# define sk_GENERAL_NAMES_new_null() SKM_sk_new_null(GENERAL_NAMES)
-# define sk_GENERAL_NAMES_free(st) SKM_sk_free(GENERAL_NAMES, (st))
-# define sk_GENERAL_NAMES_num(st) SKM_sk_num(GENERAL_NAMES, (st))
-# define sk_GENERAL_NAMES_value(st, i) SKM_sk_value(GENERAL_NAMES, (st), (i))
-# define sk_GENERAL_NAMES_set(st, i, val) SKM_sk_set(GENERAL_NAMES, (st), (i), (val))
-# define sk_GENERAL_NAMES_zero(st) SKM_sk_zero(GENERAL_NAMES, (st))
-# define sk_GENERAL_NAMES_push(st, val) SKM_sk_push(GENERAL_NAMES, (st), (val))
-# define sk_GENERAL_NAMES_unshift(st, val) SKM_sk_unshift(GENERAL_NAMES, (st), (val))
-# define sk_GENERAL_NAMES_find(st, val) SKM_sk_find(GENERAL_NAMES, (st), (val))
-# define sk_GENERAL_NAMES_find_ex(st, val) SKM_sk_find_ex(GENERAL_NAMES, (st), (val))
-# define sk_GENERAL_NAMES_delete(st, i) SKM_sk_delete(GENERAL_NAMES, (st), (i))
-# define sk_GENERAL_NAMES_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAMES, (st), (ptr))
-# define sk_GENERAL_NAMES_insert(st, val, i) SKM_sk_insert(GENERAL_NAMES, (st), (val), (i))
-# define sk_GENERAL_NAMES_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_NAMES, (st), (cmp))
-# define sk_GENERAL_NAMES_dup(st) SKM_sk_dup(GENERAL_NAMES, st)
-# define sk_GENERAL_NAMES_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_NAMES, (st), (free_func))
-# define sk_GENERAL_NAMES_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(GENERAL_NAMES, (st), (copy_func), (free_func))
-# define sk_GENERAL_NAMES_shift(st) SKM_sk_shift(GENERAL_NAMES, (st))
-# define sk_GENERAL_NAMES_pop(st) SKM_sk_pop(GENERAL_NAMES, (st))
-# define sk_GENERAL_NAMES_sort(st) SKM_sk_sort(GENERAL_NAMES, (st))
-# define sk_GENERAL_NAMES_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAMES, (st))
-# define sk_GENERAL_SUBTREE_new(cmp) SKM_sk_new(GENERAL_SUBTREE, (cmp))
-# define sk_GENERAL_SUBTREE_new_null() SKM_sk_new_null(GENERAL_SUBTREE)
-# define sk_GENERAL_SUBTREE_free(st) SKM_sk_free(GENERAL_SUBTREE, (st))
-# define sk_GENERAL_SUBTREE_num(st) SKM_sk_num(GENERAL_SUBTREE, (st))
-# define sk_GENERAL_SUBTREE_value(st, i) SKM_sk_value(GENERAL_SUBTREE, (st), (i))
-# define sk_GENERAL_SUBTREE_set(st, i, val) SKM_sk_set(GENERAL_SUBTREE, (st), (i), (val))
-# define sk_GENERAL_SUBTREE_zero(st) SKM_sk_zero(GENERAL_SUBTREE, (st))
-# define sk_GENERAL_SUBTREE_push(st, val) SKM_sk_push(GENERAL_SUBTREE, (st), (val))
-# define sk_GENERAL_SUBTREE_unshift(st, val) SKM_sk_unshift(GENERAL_SUBTREE, (st), (val))
-# define sk_GENERAL_SUBTREE_find(st, val) SKM_sk_find(GENERAL_SUBTREE, (st), (val))
-# define sk_GENERAL_SUBTREE_find_ex(st, val) SKM_sk_find_ex(GENERAL_SUBTREE, (st), (val))
-# define sk_GENERAL_SUBTREE_delete(st, i) SKM_sk_delete(GENERAL_SUBTREE, (st), (i))
-# define sk_GENERAL_SUBTREE_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_SUBTREE, (st), (ptr))
-# define sk_GENERAL_SUBTREE_insert(st, val, i) SKM_sk_insert(GENERAL_SUBTREE, (st), (val), (i))
-# define sk_GENERAL_SUBTREE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_SUBTREE, (st), (cmp))
-# define sk_GENERAL_SUBTREE_dup(st) SKM_sk_dup(GENERAL_SUBTREE, st)
-# define sk_GENERAL_SUBTREE_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_SUBTREE, (st), (free_func))
-# define sk_GENERAL_SUBTREE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(GENERAL_SUBTREE, (st), (copy_func), (free_func))
-# define sk_GENERAL_SUBTREE_shift(st) SKM_sk_shift(GENERAL_SUBTREE, (st))
-# define sk_GENERAL_SUBTREE_pop(st) SKM_sk_pop(GENERAL_SUBTREE, (st))
-# define sk_GENERAL_SUBTREE_sort(st) SKM_sk_sort(GENERAL_SUBTREE, (st))
-# define sk_GENERAL_SUBTREE_is_sorted(st) SKM_sk_is_sorted(GENERAL_SUBTREE, (st))
-# define sk_IPAddressFamily_new(cmp) SKM_sk_new(IPAddressFamily, (cmp))
-# define sk_IPAddressFamily_new_null() SKM_sk_new_null(IPAddressFamily)
-# define sk_IPAddressFamily_free(st) SKM_sk_free(IPAddressFamily, (st))
-# define sk_IPAddressFamily_num(st) SKM_sk_num(IPAddressFamily, (st))
-# define sk_IPAddressFamily_value(st, i) SKM_sk_value(IPAddressFamily, (st), (i))
-# define sk_IPAddressFamily_set(st, i, val) SKM_sk_set(IPAddressFamily, (st), (i), (val))
-# define sk_IPAddressFamily_zero(st) SKM_sk_zero(IPAddressFamily, (st))
-# define sk_IPAddressFamily_push(st, val) SKM_sk_push(IPAddressFamily, (st), (val))
-# define sk_IPAddressFamily_unshift(st, val) SKM_sk_unshift(IPAddressFamily, (st), (val))
-# define sk_IPAddressFamily_find(st, val) SKM_sk_find(IPAddressFamily, (st), (val))
-# define sk_IPAddressFamily_find_ex(st, val) SKM_sk_find_ex(IPAddressFamily, (st), (val))
-# define sk_IPAddressFamily_delete(st, i) SKM_sk_delete(IPAddressFamily, (st), (i))
-# define sk_IPAddressFamily_delete_ptr(st, ptr) SKM_sk_delete_ptr(IPAddressFamily, (st), (ptr))
-# define sk_IPAddressFamily_insert(st, val, i) SKM_sk_insert(IPAddressFamily, (st), (val), (i))
-# define sk_IPAddressFamily_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(IPAddressFamily, (st), (cmp))
-# define sk_IPAddressFamily_dup(st) SKM_sk_dup(IPAddressFamily, st)
-# define sk_IPAddressFamily_pop_free(st, free_func) SKM_sk_pop_free(IPAddressFamily, (st), (free_func))
-# define sk_IPAddressFamily_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(IPAddressFamily, (st), (copy_func), (free_func))
-# define sk_IPAddressFamily_shift(st) SKM_sk_shift(IPAddressFamily, (st))
-# define sk_IPAddressFamily_pop(st) SKM_sk_pop(IPAddressFamily, (st))
-# define sk_IPAddressFamily_sort(st) SKM_sk_sort(IPAddressFamily, (st))
-# define sk_IPAddressFamily_is_sorted(st) SKM_sk_is_sorted(IPAddressFamily, (st))
-# define sk_IPAddressOrRange_new(cmp) SKM_sk_new(IPAddressOrRange, (cmp))
-# define sk_IPAddressOrRange_new_null() SKM_sk_new_null(IPAddressOrRange)
-# define sk_IPAddressOrRange_free(st) SKM_sk_free(IPAddressOrRange, (st))
-# define sk_IPAddressOrRange_num(st) SKM_sk_num(IPAddressOrRange, (st))
-# define sk_IPAddressOrRange_value(st, i) SKM_sk_value(IPAddressOrRange, (st), (i))
-# define sk_IPAddressOrRange_set(st, i, val) SKM_sk_set(IPAddressOrRange, (st), (i), (val))
-# define sk_IPAddressOrRange_zero(st) SKM_sk_zero(IPAddressOrRange, (st))
-# define sk_IPAddressOrRange_push(st, val) SKM_sk_push(IPAddressOrRange, (st), (val))
-# define sk_IPAddressOrRange_unshift(st, val) SKM_sk_unshift(IPAddressOrRange, (st), (val))
-# define sk_IPAddressOrRange_find(st, val) SKM_sk_find(IPAddressOrRange, (st), (val))
-# define sk_IPAddressOrRange_find_ex(st, val) SKM_sk_find_ex(IPAddressOrRange, (st), (val))
-# define sk_IPAddressOrRange_delete(st, i) SKM_sk_delete(IPAddressOrRange, (st), (i))
-# define sk_IPAddressOrRange_delete_ptr(st, ptr) SKM_sk_delete_ptr(IPAddressOrRange, (st), (ptr))
-# define sk_IPAddressOrRange_insert(st, val, i) SKM_sk_insert(IPAddressOrRange, (st), (val), (i))
-# define sk_IPAddressOrRange_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(IPAddressOrRange, (st), (cmp))
-# define sk_IPAddressOrRange_dup(st) SKM_sk_dup(IPAddressOrRange, st)
-# define sk_IPAddressOrRange_pop_free(st, free_func) SKM_sk_pop_free(IPAddressOrRange, (st), (free_func))
-# define sk_IPAddressOrRange_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(IPAddressOrRange, (st), (copy_func), (free_func))
-# define sk_IPAddressOrRange_shift(st) SKM_sk_shift(IPAddressOrRange, (st))
-# define sk_IPAddressOrRange_pop(st) SKM_sk_pop(IPAddressOrRange, (st))
-# define sk_IPAddressOrRange_sort(st) SKM_sk_sort(IPAddressOrRange, (st))
-# define sk_IPAddressOrRange_is_sorted(st) SKM_sk_is_sorted(IPAddressOrRange, (st))
-# define sk_KRB5_APREQBODY_new(cmp) SKM_sk_new(KRB5_APREQBODY, (cmp))
-# define sk_KRB5_APREQBODY_new_null() SKM_sk_new_null(KRB5_APREQBODY)
-# define sk_KRB5_APREQBODY_free(st) SKM_sk_free(KRB5_APREQBODY, (st))
-# define sk_KRB5_APREQBODY_num(st) SKM_sk_num(KRB5_APREQBODY, (st))
-# define sk_KRB5_APREQBODY_value(st, i) SKM_sk_value(KRB5_APREQBODY, (st), (i))
-# define sk_KRB5_APREQBODY_set(st, i, val) SKM_sk_set(KRB5_APREQBODY, (st), (i), (val))
-# define sk_KRB5_APREQBODY_zero(st) SKM_sk_zero(KRB5_APREQBODY, (st))
-# define sk_KRB5_APREQBODY_push(st, val) SKM_sk_push(KRB5_APREQBODY, (st), (val))
-# define sk_KRB5_APREQBODY_unshift(st, val) SKM_sk_unshift(KRB5_APREQBODY, (st), (val))
-# define sk_KRB5_APREQBODY_find(st, val) SKM_sk_find(KRB5_APREQBODY, (st), (val))
-# define sk_KRB5_APREQBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_APREQBODY, (st), (val))
-# define sk_KRB5_APREQBODY_delete(st, i) SKM_sk_delete(KRB5_APREQBODY, (st), (i))
-# define sk_KRB5_APREQBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_APREQBODY, (st), (ptr))
-# define sk_KRB5_APREQBODY_insert(st, val, i) SKM_sk_insert(KRB5_APREQBODY, (st), (val), (i))
-# define sk_KRB5_APREQBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_APREQBODY, (st), (cmp))
-# define sk_KRB5_APREQBODY_dup(st) SKM_sk_dup(KRB5_APREQBODY, st)
-# define sk_KRB5_APREQBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_APREQBODY, (st), (free_func))
-# define sk_KRB5_APREQBODY_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_APREQBODY, (st), (copy_func), (free_func))
-# define sk_KRB5_APREQBODY_shift(st) SKM_sk_shift(KRB5_APREQBODY, (st))
-# define sk_KRB5_APREQBODY_pop(st) SKM_sk_pop(KRB5_APREQBODY, (st))
-# define sk_KRB5_APREQBODY_sort(st) SKM_sk_sort(KRB5_APREQBODY, (st))
-# define sk_KRB5_APREQBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_APREQBODY, (st))
-# define sk_KRB5_AUTHDATA_new(cmp) SKM_sk_new(KRB5_AUTHDATA, (cmp))
-# define sk_KRB5_AUTHDATA_new_null() SKM_sk_new_null(KRB5_AUTHDATA)
-# define sk_KRB5_AUTHDATA_free(st) SKM_sk_free(KRB5_AUTHDATA, (st))
-# define sk_KRB5_AUTHDATA_num(st) SKM_sk_num(KRB5_AUTHDATA, (st))
-# define sk_KRB5_AUTHDATA_value(st, i) SKM_sk_value(KRB5_AUTHDATA, (st), (i))
-# define sk_KRB5_AUTHDATA_set(st, i, val) SKM_sk_set(KRB5_AUTHDATA, (st), (i), (val))
-# define sk_KRB5_AUTHDATA_zero(st) SKM_sk_zero(KRB5_AUTHDATA, (st))
-# define sk_KRB5_AUTHDATA_push(st, val) SKM_sk_push(KRB5_AUTHDATA, (st), (val))
-# define sk_KRB5_AUTHDATA_unshift(st, val) SKM_sk_unshift(KRB5_AUTHDATA, (st), (val))
-# define sk_KRB5_AUTHDATA_find(st, val) SKM_sk_find(KRB5_AUTHDATA, (st), (val))
-# define sk_KRB5_AUTHDATA_find_ex(st, val) SKM_sk_find_ex(KRB5_AUTHDATA, (st), (val))
-# define sk_KRB5_AUTHDATA_delete(st, i) SKM_sk_delete(KRB5_AUTHDATA, (st), (i))
-# define sk_KRB5_AUTHDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHDATA, (st), (ptr))
-# define sk_KRB5_AUTHDATA_insert(st, val, i) SKM_sk_insert(KRB5_AUTHDATA, (st), (val), (i))
-# define sk_KRB5_AUTHDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHDATA, (st), (cmp))
-# define sk_KRB5_AUTHDATA_dup(st) SKM_sk_dup(KRB5_AUTHDATA, st)
-# define sk_KRB5_AUTHDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHDATA, (st), (free_func))
-# define sk_KRB5_AUTHDATA_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_AUTHDATA, (st), (copy_func), (free_func))
-# define sk_KRB5_AUTHDATA_shift(st) SKM_sk_shift(KRB5_AUTHDATA, (st))
-# define sk_KRB5_AUTHDATA_pop(st) SKM_sk_pop(KRB5_AUTHDATA, (st))
-# define sk_KRB5_AUTHDATA_sort(st) SKM_sk_sort(KRB5_AUTHDATA, (st))
-# define sk_KRB5_AUTHDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHDATA, (st))
-# define sk_KRB5_AUTHENTBODY_new(cmp) SKM_sk_new(KRB5_AUTHENTBODY, (cmp))
-# define sk_KRB5_AUTHENTBODY_new_null() SKM_sk_new_null(KRB5_AUTHENTBODY)
-# define sk_KRB5_AUTHENTBODY_free(st) SKM_sk_free(KRB5_AUTHENTBODY, (st))
-# define sk_KRB5_AUTHENTBODY_num(st) SKM_sk_num(KRB5_AUTHENTBODY, (st))
-# define sk_KRB5_AUTHENTBODY_value(st, i) SKM_sk_value(KRB5_AUTHENTBODY, (st), (i))
-# define sk_KRB5_AUTHENTBODY_set(st, i, val) SKM_sk_set(KRB5_AUTHENTBODY, (st), (i), (val))
-# define sk_KRB5_AUTHENTBODY_zero(st) SKM_sk_zero(KRB5_AUTHENTBODY, (st))
-# define sk_KRB5_AUTHENTBODY_push(st, val) SKM_sk_push(KRB5_AUTHENTBODY, (st), (val))
-# define sk_KRB5_AUTHENTBODY_unshift(st, val) SKM_sk_unshift(KRB5_AUTHENTBODY, (st), (val))
-# define sk_KRB5_AUTHENTBODY_find(st, val) SKM_sk_find(KRB5_AUTHENTBODY, (st), (val))
-# define sk_KRB5_AUTHENTBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_AUTHENTBODY, (st), (val))
-# define sk_KRB5_AUTHENTBODY_delete(st, i) SKM_sk_delete(KRB5_AUTHENTBODY, (st), (i))
-# define sk_KRB5_AUTHENTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHENTBODY, (st), (ptr))
-# define sk_KRB5_AUTHENTBODY_insert(st, val, i) SKM_sk_insert(KRB5_AUTHENTBODY, (st), (val), (i))
-# define sk_KRB5_AUTHENTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHENTBODY, (st), (cmp))
-# define sk_KRB5_AUTHENTBODY_dup(st) SKM_sk_dup(KRB5_AUTHENTBODY, st)
-# define sk_KRB5_AUTHENTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHENTBODY, (st), (free_func))
-# define sk_KRB5_AUTHENTBODY_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_AUTHENTBODY, (st), (copy_func), (free_func))
-# define sk_KRB5_AUTHENTBODY_shift(st) SKM_sk_shift(KRB5_AUTHENTBODY, (st))
-# define sk_KRB5_AUTHENTBODY_pop(st) SKM_sk_pop(KRB5_AUTHENTBODY, (st))
-# define sk_KRB5_AUTHENTBODY_sort(st) SKM_sk_sort(KRB5_AUTHENTBODY, (st))
-# define sk_KRB5_AUTHENTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHENTBODY, (st))
-# define sk_KRB5_CHECKSUM_new(cmp) SKM_sk_new(KRB5_CHECKSUM, (cmp))
-# define sk_KRB5_CHECKSUM_new_null() SKM_sk_new_null(KRB5_CHECKSUM)
-# define sk_KRB5_CHECKSUM_free(st) SKM_sk_free(KRB5_CHECKSUM, (st))
-# define sk_KRB5_CHECKSUM_num(st) SKM_sk_num(KRB5_CHECKSUM, (st))
-# define sk_KRB5_CHECKSUM_value(st, i) SKM_sk_value(KRB5_CHECKSUM, (st), (i))
-# define sk_KRB5_CHECKSUM_set(st, i, val) SKM_sk_set(KRB5_CHECKSUM, (st), (i), (val))
-# define sk_KRB5_CHECKSUM_zero(st) SKM_sk_zero(KRB5_CHECKSUM, (st))
-# define sk_KRB5_CHECKSUM_push(st, val) SKM_sk_push(KRB5_CHECKSUM, (st), (val))
-# define sk_KRB5_CHECKSUM_unshift(st, val) SKM_sk_unshift(KRB5_CHECKSUM, (st), (val))
-# define sk_KRB5_CHECKSUM_find(st, val) SKM_sk_find(KRB5_CHECKSUM, (st), (val))
-# define sk_KRB5_CHECKSUM_find_ex(st, val) SKM_sk_find_ex(KRB5_CHECKSUM, (st), (val))
-# define sk_KRB5_CHECKSUM_delete(st, i) SKM_sk_delete(KRB5_CHECKSUM, (st), (i))
-# define sk_KRB5_CHECKSUM_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_CHECKSUM, (st), (ptr))
-# define sk_KRB5_CHECKSUM_insert(st, val, i) SKM_sk_insert(KRB5_CHECKSUM, (st), (val), (i))
-# define sk_KRB5_CHECKSUM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_CHECKSUM, (st), (cmp))
-# define sk_KRB5_CHECKSUM_dup(st) SKM_sk_dup(KRB5_CHECKSUM, st)
-# define sk_KRB5_CHECKSUM_pop_free(st, free_func) SKM_sk_pop_free(KRB5_CHECKSUM, (st), (free_func))
-# define sk_KRB5_CHECKSUM_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_CHECKSUM, (st), (copy_func), (free_func))
-# define sk_KRB5_CHECKSUM_shift(st) SKM_sk_shift(KRB5_CHECKSUM, (st))
-# define sk_KRB5_CHECKSUM_pop(st) SKM_sk_pop(KRB5_CHECKSUM, (st))
-# define sk_KRB5_CHECKSUM_sort(st) SKM_sk_sort(KRB5_CHECKSUM, (st))
-# define sk_KRB5_CHECKSUM_is_sorted(st) SKM_sk_is_sorted(KRB5_CHECKSUM, (st))
-# define sk_KRB5_ENCDATA_new(cmp) SKM_sk_new(KRB5_ENCDATA, (cmp))
-# define sk_KRB5_ENCDATA_new_null() SKM_sk_new_null(KRB5_ENCDATA)
-# define sk_KRB5_ENCDATA_free(st) SKM_sk_free(KRB5_ENCDATA, (st))
-# define sk_KRB5_ENCDATA_num(st) SKM_sk_num(KRB5_ENCDATA, (st))
-# define sk_KRB5_ENCDATA_value(st, i) SKM_sk_value(KRB5_ENCDATA, (st), (i))
-# define sk_KRB5_ENCDATA_set(st, i, val) SKM_sk_set(KRB5_ENCDATA, (st), (i), (val))
-# define sk_KRB5_ENCDATA_zero(st) SKM_sk_zero(KRB5_ENCDATA, (st))
-# define sk_KRB5_ENCDATA_push(st, val) SKM_sk_push(KRB5_ENCDATA, (st), (val))
-# define sk_KRB5_ENCDATA_unshift(st, val) SKM_sk_unshift(KRB5_ENCDATA, (st), (val))
-# define sk_KRB5_ENCDATA_find(st, val) SKM_sk_find(KRB5_ENCDATA, (st), (val))
-# define sk_KRB5_ENCDATA_find_ex(st, val) SKM_sk_find_ex(KRB5_ENCDATA, (st), (val))
-# define sk_KRB5_ENCDATA_delete(st, i) SKM_sk_delete(KRB5_ENCDATA, (st), (i))
-# define sk_KRB5_ENCDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCDATA, (st), (ptr))
-# define sk_KRB5_ENCDATA_insert(st, val, i) SKM_sk_insert(KRB5_ENCDATA, (st), (val), (i))
-# define sk_KRB5_ENCDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCDATA, (st), (cmp))
-# define sk_KRB5_ENCDATA_dup(st) SKM_sk_dup(KRB5_ENCDATA, st)
-# define sk_KRB5_ENCDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCDATA, (st), (free_func))
-# define sk_KRB5_ENCDATA_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_ENCDATA, (st), (copy_func), (free_func))
-# define sk_KRB5_ENCDATA_shift(st) SKM_sk_shift(KRB5_ENCDATA, (st))
-# define sk_KRB5_ENCDATA_pop(st) SKM_sk_pop(KRB5_ENCDATA, (st))
-# define sk_KRB5_ENCDATA_sort(st) SKM_sk_sort(KRB5_ENCDATA, (st))
-# define sk_KRB5_ENCDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCDATA, (st))
-# define sk_KRB5_ENCKEY_new(cmp) SKM_sk_new(KRB5_ENCKEY, (cmp))
-# define sk_KRB5_ENCKEY_new_null() SKM_sk_new_null(KRB5_ENCKEY)
-# define sk_KRB5_ENCKEY_free(st) SKM_sk_free(KRB5_ENCKEY, (st))
-# define sk_KRB5_ENCKEY_num(st) SKM_sk_num(KRB5_ENCKEY, (st))
-# define sk_KRB5_ENCKEY_value(st, i) SKM_sk_value(KRB5_ENCKEY, (st), (i))
-# define sk_KRB5_ENCKEY_set(st, i, val) SKM_sk_set(KRB5_ENCKEY, (st), (i), (val))
-# define sk_KRB5_ENCKEY_zero(st) SKM_sk_zero(KRB5_ENCKEY, (st))
-# define sk_KRB5_ENCKEY_push(st, val) SKM_sk_push(KRB5_ENCKEY, (st), (val))
-# define sk_KRB5_ENCKEY_unshift(st, val) SKM_sk_unshift(KRB5_ENCKEY, (st), (val))
-# define sk_KRB5_ENCKEY_find(st, val) SKM_sk_find(KRB5_ENCKEY, (st), (val))
-# define sk_KRB5_ENCKEY_find_ex(st, val) SKM_sk_find_ex(KRB5_ENCKEY, (st), (val))
-# define sk_KRB5_ENCKEY_delete(st, i) SKM_sk_delete(KRB5_ENCKEY, (st), (i))
-# define sk_KRB5_ENCKEY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCKEY, (st), (ptr))
-# define sk_KRB5_ENCKEY_insert(st, val, i) SKM_sk_insert(KRB5_ENCKEY, (st), (val), (i))
-# define sk_KRB5_ENCKEY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCKEY, (st), (cmp))
-# define sk_KRB5_ENCKEY_dup(st) SKM_sk_dup(KRB5_ENCKEY, st)
-# define sk_KRB5_ENCKEY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCKEY, (st), (free_func))
-# define sk_KRB5_ENCKEY_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_ENCKEY, (st), (copy_func), (free_func))
-# define sk_KRB5_ENCKEY_shift(st) SKM_sk_shift(KRB5_ENCKEY, (st))
-# define sk_KRB5_ENCKEY_pop(st) SKM_sk_pop(KRB5_ENCKEY, (st))
-# define sk_KRB5_ENCKEY_sort(st) SKM_sk_sort(KRB5_ENCKEY, (st))
-# define sk_KRB5_ENCKEY_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCKEY, (st))
-# define sk_KRB5_PRINCNAME_new(cmp) SKM_sk_new(KRB5_PRINCNAME, (cmp))
-# define sk_KRB5_PRINCNAME_new_null() SKM_sk_new_null(KRB5_PRINCNAME)
-# define sk_KRB5_PRINCNAME_free(st) SKM_sk_free(KRB5_PRINCNAME, (st))
-# define sk_KRB5_PRINCNAME_num(st) SKM_sk_num(KRB5_PRINCNAME, (st))
-# define sk_KRB5_PRINCNAME_value(st, i) SKM_sk_value(KRB5_PRINCNAME, (st), (i))
-# define sk_KRB5_PRINCNAME_set(st, i, val) SKM_sk_set(KRB5_PRINCNAME, (st), (i), (val))
-# define sk_KRB5_PRINCNAME_zero(st) SKM_sk_zero(KRB5_PRINCNAME, (st))
-# define sk_KRB5_PRINCNAME_push(st, val) SKM_sk_push(KRB5_PRINCNAME, (st), (val))
-# define sk_KRB5_PRINCNAME_unshift(st, val) SKM_sk_unshift(KRB5_PRINCNAME, (st), (val))
-# define sk_KRB5_PRINCNAME_find(st, val) SKM_sk_find(KRB5_PRINCNAME, (st), (val))
-# define sk_KRB5_PRINCNAME_find_ex(st, val) SKM_sk_find_ex(KRB5_PRINCNAME, (st), (val))
-# define sk_KRB5_PRINCNAME_delete(st, i) SKM_sk_delete(KRB5_PRINCNAME, (st), (i))
-# define sk_KRB5_PRINCNAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_PRINCNAME, (st), (ptr))
-# define sk_KRB5_PRINCNAME_insert(st, val, i) SKM_sk_insert(KRB5_PRINCNAME, (st), (val), (i))
-# define sk_KRB5_PRINCNAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_PRINCNAME, (st), (cmp))
-# define sk_KRB5_PRINCNAME_dup(st) SKM_sk_dup(KRB5_PRINCNAME, st)
-# define sk_KRB5_PRINCNAME_pop_free(st, free_func) SKM_sk_pop_free(KRB5_PRINCNAME, (st), (free_func))
-# define sk_KRB5_PRINCNAME_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_PRINCNAME, (st), (copy_func), (free_func))
-# define sk_KRB5_PRINCNAME_shift(st) SKM_sk_shift(KRB5_PRINCNAME, (st))
-# define sk_KRB5_PRINCNAME_pop(st) SKM_sk_pop(KRB5_PRINCNAME, (st))
-# define sk_KRB5_PRINCNAME_sort(st) SKM_sk_sort(KRB5_PRINCNAME, (st))
-# define sk_KRB5_PRINCNAME_is_sorted(st) SKM_sk_is_sorted(KRB5_PRINCNAME, (st))
-# define sk_KRB5_TKTBODY_new(cmp) SKM_sk_new(KRB5_TKTBODY, (cmp))
-# define sk_KRB5_TKTBODY_new_null() SKM_sk_new_null(KRB5_TKTBODY)
-# define sk_KRB5_TKTBODY_free(st) SKM_sk_free(KRB5_TKTBODY, (st))
-# define sk_KRB5_TKTBODY_num(st) SKM_sk_num(KRB5_TKTBODY, (st))
-# define sk_KRB5_TKTBODY_value(st, i) SKM_sk_value(KRB5_TKTBODY, (st), (i))
-# define sk_KRB5_TKTBODY_set(st, i, val) SKM_sk_set(KRB5_TKTBODY, (st), (i), (val))
-# define sk_KRB5_TKTBODY_zero(st) SKM_sk_zero(KRB5_TKTBODY, (st))
-# define sk_KRB5_TKTBODY_push(st, val) SKM_sk_push(KRB5_TKTBODY, (st), (val))
-# define sk_KRB5_TKTBODY_unshift(st, val) SKM_sk_unshift(KRB5_TKTBODY, (st), (val))
-# define sk_KRB5_TKTBODY_find(st, val) SKM_sk_find(KRB5_TKTBODY, (st), (val))
-# define sk_KRB5_TKTBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_TKTBODY, (st), (val))
-# define sk_KRB5_TKTBODY_delete(st, i) SKM_sk_delete(KRB5_TKTBODY, (st), (i))
-# define sk_KRB5_TKTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_TKTBODY, (st), (ptr))
-# define sk_KRB5_TKTBODY_insert(st, val, i) SKM_sk_insert(KRB5_TKTBODY, (st), (val), (i))
-# define sk_KRB5_TKTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_TKTBODY, (st), (cmp))
-# define sk_KRB5_TKTBODY_dup(st) SKM_sk_dup(KRB5_TKTBODY, st)
-# define sk_KRB5_TKTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_TKTBODY, (st), (free_func))
-# define sk_KRB5_TKTBODY_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_TKTBODY, (st), (copy_func), (free_func))
-# define sk_KRB5_TKTBODY_shift(st) SKM_sk_shift(KRB5_TKTBODY, (st))
-# define sk_KRB5_TKTBODY_pop(st) SKM_sk_pop(KRB5_TKTBODY, (st))
-# define sk_KRB5_TKTBODY_sort(st) SKM_sk_sort(KRB5_TKTBODY, (st))
-# define sk_KRB5_TKTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_TKTBODY, (st))
-# define sk_MEM_OBJECT_DATA_new(cmp) SKM_sk_new(MEM_OBJECT_DATA, (cmp))
-# define sk_MEM_OBJECT_DATA_new_null() SKM_sk_new_null(MEM_OBJECT_DATA)
-# define sk_MEM_OBJECT_DATA_free(st) SKM_sk_free(MEM_OBJECT_DATA, (st))
-# define sk_MEM_OBJECT_DATA_num(st) SKM_sk_num(MEM_OBJECT_DATA, (st))
-# define sk_MEM_OBJECT_DATA_value(st, i) SKM_sk_value(MEM_OBJECT_DATA, (st), (i))
-# define sk_MEM_OBJECT_DATA_set(st, i, val) SKM_sk_set(MEM_OBJECT_DATA, (st), (i), (val))
-# define sk_MEM_OBJECT_DATA_zero(st) SKM_sk_zero(MEM_OBJECT_DATA, (st))
-# define sk_MEM_OBJECT_DATA_push(st, val) SKM_sk_push(MEM_OBJECT_DATA, (st), (val))
-# define sk_MEM_OBJECT_DATA_unshift(st, val) SKM_sk_unshift(MEM_OBJECT_DATA, (st), (val))
-# define sk_MEM_OBJECT_DATA_find(st, val) SKM_sk_find(MEM_OBJECT_DATA, (st), (val))
-# define sk_MEM_OBJECT_DATA_find_ex(st, val) SKM_sk_find_ex(MEM_OBJECT_DATA, (st), (val))
-# define sk_MEM_OBJECT_DATA_delete(st, i) SKM_sk_delete(MEM_OBJECT_DATA, (st), (i))
-# define sk_MEM_OBJECT_DATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(MEM_OBJECT_DATA, (st), (ptr))
-# define sk_MEM_OBJECT_DATA_insert(st, val, i) SKM_sk_insert(MEM_OBJECT_DATA, (st), (val), (i))
-# define sk_MEM_OBJECT_DATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MEM_OBJECT_DATA, (st), (cmp))
-# define sk_MEM_OBJECT_DATA_dup(st) SKM_sk_dup(MEM_OBJECT_DATA, st)
-# define sk_MEM_OBJECT_DATA_pop_free(st, free_func) SKM_sk_pop_free(MEM_OBJECT_DATA, (st), (free_func))
-# define sk_MEM_OBJECT_DATA_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(MEM_OBJECT_DATA, (st), (copy_func), (free_func))
-# define sk_MEM_OBJECT_DATA_shift(st) SKM_sk_shift(MEM_OBJECT_DATA, (st))
-# define sk_MEM_OBJECT_DATA_pop(st) SKM_sk_pop(MEM_OBJECT_DATA, (st))
-# define sk_MEM_OBJECT_DATA_sort(st) SKM_sk_sort(MEM_OBJECT_DATA, (st))
-# define sk_MEM_OBJECT_DATA_is_sorted(st) SKM_sk_is_sorted(MEM_OBJECT_DATA, (st))
-# define sk_MIME_HEADER_new(cmp) SKM_sk_new(MIME_HEADER, (cmp))
-# define sk_MIME_HEADER_new_null() SKM_sk_new_null(MIME_HEADER)
-# define sk_MIME_HEADER_free(st) SKM_sk_free(MIME_HEADER, (st))
-# define sk_MIME_HEADER_num(st) SKM_sk_num(MIME_HEADER, (st))
-# define sk_MIME_HEADER_value(st, i) SKM_sk_value(MIME_HEADER, (st), (i))
-# define sk_MIME_HEADER_set(st, i, val) SKM_sk_set(MIME_HEADER, (st), (i), (val))
-# define sk_MIME_HEADER_zero(st) SKM_sk_zero(MIME_HEADER, (st))
-# define sk_MIME_HEADER_push(st, val) SKM_sk_push(MIME_HEADER, (st), (val))
-# define sk_MIME_HEADER_unshift(st, val) SKM_sk_unshift(MIME_HEADER, (st), (val))
-# define sk_MIME_HEADER_find(st, val) SKM_sk_find(MIME_HEADER, (st), (val))
-# define sk_MIME_HEADER_find_ex(st, val) SKM_sk_find_ex(MIME_HEADER, (st), (val))
-# define sk_MIME_HEADER_delete(st, i) SKM_sk_delete(MIME_HEADER, (st), (i))
-# define sk_MIME_HEADER_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_HEADER, (st), (ptr))
-# define sk_MIME_HEADER_insert(st, val, i) SKM_sk_insert(MIME_HEADER, (st), (val), (i))
-# define sk_MIME_HEADER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_HEADER, (st), (cmp))
-# define sk_MIME_HEADER_dup(st) SKM_sk_dup(MIME_HEADER, st)
-# define sk_MIME_HEADER_pop_free(st, free_func) SKM_sk_pop_free(MIME_HEADER, (st), (free_func))
-# define sk_MIME_HEADER_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(MIME_HEADER, (st), (copy_func), (free_func))
-# define sk_MIME_HEADER_shift(st) SKM_sk_shift(MIME_HEADER, (st))
-# define sk_MIME_HEADER_pop(st) SKM_sk_pop(MIME_HEADER, (st))
-# define sk_MIME_HEADER_sort(st) SKM_sk_sort(MIME_HEADER, (st))
-# define sk_MIME_HEADER_is_sorted(st) SKM_sk_is_sorted(MIME_HEADER, (st))
-# define sk_MIME_PARAM_new(cmp) SKM_sk_new(MIME_PARAM, (cmp))
-# define sk_MIME_PARAM_new_null() SKM_sk_new_null(MIME_PARAM)
-# define sk_MIME_PARAM_free(st) SKM_sk_free(MIME_PARAM, (st))
-# define sk_MIME_PARAM_num(st) SKM_sk_num(MIME_PARAM, (st))
-# define sk_MIME_PARAM_value(st, i) SKM_sk_value(MIME_PARAM, (st), (i))
-# define sk_MIME_PARAM_set(st, i, val) SKM_sk_set(MIME_PARAM, (st), (i), (val))
-# define sk_MIME_PARAM_zero(st) SKM_sk_zero(MIME_PARAM, (st))
-# define sk_MIME_PARAM_push(st, val) SKM_sk_push(MIME_PARAM, (st), (val))
-# define sk_MIME_PARAM_unshift(st, val) SKM_sk_unshift(MIME_PARAM, (st), (val))
-# define sk_MIME_PARAM_find(st, val) SKM_sk_find(MIME_PARAM, (st), (val))
-# define sk_MIME_PARAM_find_ex(st, val) SKM_sk_find_ex(MIME_PARAM, (st), (val))
-# define sk_MIME_PARAM_delete(st, i) SKM_sk_delete(MIME_PARAM, (st), (i))
-# define sk_MIME_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_PARAM, (st), (ptr))
-# define sk_MIME_PARAM_insert(st, val, i) SKM_sk_insert(MIME_PARAM, (st), (val), (i))
-# define sk_MIME_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_PARAM, (st), (cmp))
-# define sk_MIME_PARAM_dup(st) SKM_sk_dup(MIME_PARAM, st)
-# define sk_MIME_PARAM_pop_free(st, free_func) SKM_sk_pop_free(MIME_PARAM, (st), (free_func))
-# define sk_MIME_PARAM_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(MIME_PARAM, (st), (copy_func), (free_func))
-# define sk_MIME_PARAM_shift(st) SKM_sk_shift(MIME_PARAM, (st))
-# define sk_MIME_PARAM_pop(st) SKM_sk_pop(MIME_PARAM, (st))
-# define sk_MIME_PARAM_sort(st) SKM_sk_sort(MIME_PARAM, (st))
-# define sk_MIME_PARAM_is_sorted(st) SKM_sk_is_sorted(MIME_PARAM, (st))
-# define sk_NAME_FUNCS_new(cmp) SKM_sk_new(NAME_FUNCS, (cmp))
-# define sk_NAME_FUNCS_new_null() SKM_sk_new_null(NAME_FUNCS)
-# define sk_NAME_FUNCS_free(st) SKM_sk_free(NAME_FUNCS, (st))
-# define sk_NAME_FUNCS_num(st) SKM_sk_num(NAME_FUNCS, (st))
-# define sk_NAME_FUNCS_value(st, i) SKM_sk_value(NAME_FUNCS, (st), (i))
-# define sk_NAME_FUNCS_set(st, i, val) SKM_sk_set(NAME_FUNCS, (st), (i), (val))
-# define sk_NAME_FUNCS_zero(st) SKM_sk_zero(NAME_FUNCS, (st))
-# define sk_NAME_FUNCS_push(st, val) SKM_sk_push(NAME_FUNCS, (st), (val))
-# define sk_NAME_FUNCS_unshift(st, val) SKM_sk_unshift(NAME_FUNCS, (st), (val))
-# define sk_NAME_FUNCS_find(st, val) SKM_sk_find(NAME_FUNCS, (st), (val))
-# define sk_NAME_FUNCS_find_ex(st, val) SKM_sk_find_ex(NAME_FUNCS, (st), (val))
-# define sk_NAME_FUNCS_delete(st, i) SKM_sk_delete(NAME_FUNCS, (st), (i))
-# define sk_NAME_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(NAME_FUNCS, (st), (ptr))
-# define sk_NAME_FUNCS_insert(st, val, i) SKM_sk_insert(NAME_FUNCS, (st), (val), (i))
-# define sk_NAME_FUNCS_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(NAME_FUNCS, (st), (cmp))
-# define sk_NAME_FUNCS_dup(st) SKM_sk_dup(NAME_FUNCS, st)
-# define sk_NAME_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(NAME_FUNCS, (st), (free_func))
-# define sk_NAME_FUNCS_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(NAME_FUNCS, (st), (copy_func), (free_func))
-# define sk_NAME_FUNCS_shift(st) SKM_sk_shift(NAME_FUNCS, (st))
-# define sk_NAME_FUNCS_pop(st) SKM_sk_pop(NAME_FUNCS, (st))
-# define sk_NAME_FUNCS_sort(st) SKM_sk_sort(NAME_FUNCS, (st))
-# define sk_NAME_FUNCS_is_sorted(st) SKM_sk_is_sorted(NAME_FUNCS, (st))
-# define sk_OCSP_CERTID_new(cmp) SKM_sk_new(OCSP_CERTID, (cmp))
-# define sk_OCSP_CERTID_new_null() SKM_sk_new_null(OCSP_CERTID)
-# define sk_OCSP_CERTID_free(st) SKM_sk_free(OCSP_CERTID, (st))
-# define sk_OCSP_CERTID_num(st) SKM_sk_num(OCSP_CERTID, (st))
-# define sk_OCSP_CERTID_value(st, i) SKM_sk_value(OCSP_CERTID, (st), (i))
-# define sk_OCSP_CERTID_set(st, i, val) SKM_sk_set(OCSP_CERTID, (st), (i), (val))
-# define sk_OCSP_CERTID_zero(st) SKM_sk_zero(OCSP_CERTID, (st))
-# define sk_OCSP_CERTID_push(st, val) SKM_sk_push(OCSP_CERTID, (st), (val))
-# define sk_OCSP_CERTID_unshift(st, val) SKM_sk_unshift(OCSP_CERTID, (st), (val))
-# define sk_OCSP_CERTID_find(st, val) SKM_sk_find(OCSP_CERTID, (st), (val))
-# define sk_OCSP_CERTID_find_ex(st, val) SKM_sk_find_ex(OCSP_CERTID, (st), (val))
-# define sk_OCSP_CERTID_delete(st, i) SKM_sk_delete(OCSP_CERTID, (st), (i))
-# define sk_OCSP_CERTID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_CERTID, (st), (ptr))
-# define sk_OCSP_CERTID_insert(st, val, i) SKM_sk_insert(OCSP_CERTID, (st), (val), (i))
-# define sk_OCSP_CERTID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_CERTID, (st), (cmp))
-# define sk_OCSP_CERTID_dup(st) SKM_sk_dup(OCSP_CERTID, st)
-# define sk_OCSP_CERTID_pop_free(st, free_func) SKM_sk_pop_free(OCSP_CERTID, (st), (free_func))
-# define sk_OCSP_CERTID_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(OCSP_CERTID, (st), (copy_func), (free_func))
-# define sk_OCSP_CERTID_shift(st) SKM_sk_shift(OCSP_CERTID, (st))
-# define sk_OCSP_CERTID_pop(st) SKM_sk_pop(OCSP_CERTID, (st))
-# define sk_OCSP_CERTID_sort(st) SKM_sk_sort(OCSP_CERTID, (st))
-# define sk_OCSP_CERTID_is_sorted(st) SKM_sk_is_sorted(OCSP_CERTID, (st))
-# define sk_OCSP_ONEREQ_new(cmp) SKM_sk_new(OCSP_ONEREQ, (cmp))
-# define sk_OCSP_ONEREQ_new_null() SKM_sk_new_null(OCSP_ONEREQ)
-# define sk_OCSP_ONEREQ_free(st) SKM_sk_free(OCSP_ONEREQ, (st))
-# define sk_OCSP_ONEREQ_num(st) SKM_sk_num(OCSP_ONEREQ, (st))
-# define sk_OCSP_ONEREQ_value(st, i) SKM_sk_value(OCSP_ONEREQ, (st), (i))
-# define sk_OCSP_ONEREQ_set(st, i, val) SKM_sk_set(OCSP_ONEREQ, (st), (i), (val))
-# define sk_OCSP_ONEREQ_zero(st) SKM_sk_zero(OCSP_ONEREQ, (st))
-# define sk_OCSP_ONEREQ_push(st, val) SKM_sk_push(OCSP_ONEREQ, (st), (val))
-# define sk_OCSP_ONEREQ_unshift(st, val) SKM_sk_unshift(OCSP_ONEREQ, (st), (val))
-# define sk_OCSP_ONEREQ_find(st, val) SKM_sk_find(OCSP_ONEREQ, (st), (val))
-# define sk_OCSP_ONEREQ_find_ex(st, val) SKM_sk_find_ex(OCSP_ONEREQ, (st), (val))
-# define sk_OCSP_ONEREQ_delete(st, i) SKM_sk_delete(OCSP_ONEREQ, (st), (i))
-# define sk_OCSP_ONEREQ_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_ONEREQ, (st), (ptr))
-# define sk_OCSP_ONEREQ_insert(st, val, i) SKM_sk_insert(OCSP_ONEREQ, (st), (val), (i))
-# define sk_OCSP_ONEREQ_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_ONEREQ, (st), (cmp))
-# define sk_OCSP_ONEREQ_dup(st) SKM_sk_dup(OCSP_ONEREQ, st)
-# define sk_OCSP_ONEREQ_pop_free(st, free_func) SKM_sk_pop_free(OCSP_ONEREQ, (st), (free_func))
-# define sk_OCSP_ONEREQ_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(OCSP_ONEREQ, (st), (copy_func), (free_func))
-# define sk_OCSP_ONEREQ_shift(st) SKM_sk_shift(OCSP_ONEREQ, (st))
-# define sk_OCSP_ONEREQ_pop(st) SKM_sk_pop(OCSP_ONEREQ, (st))
-# define sk_OCSP_ONEREQ_sort(st) SKM_sk_sort(OCSP_ONEREQ, (st))
-# define sk_OCSP_ONEREQ_is_sorted(st) SKM_sk_is_sorted(OCSP_ONEREQ, (st))
-# define sk_OCSP_RESPID_new(cmp) SKM_sk_new(OCSP_RESPID, (cmp))
-# define sk_OCSP_RESPID_new_null() SKM_sk_new_null(OCSP_RESPID)
-# define sk_OCSP_RESPID_free(st) SKM_sk_free(OCSP_RESPID, (st))
-# define sk_OCSP_RESPID_num(st) SKM_sk_num(OCSP_RESPID, (st))
-# define sk_OCSP_RESPID_value(st, i) SKM_sk_value(OCSP_RESPID, (st), (i))
-# define sk_OCSP_RESPID_set(st, i, val) SKM_sk_set(OCSP_RESPID, (st), (i), (val))
-# define sk_OCSP_RESPID_zero(st) SKM_sk_zero(OCSP_RESPID, (st))
-# define sk_OCSP_RESPID_push(st, val) SKM_sk_push(OCSP_RESPID, (st), (val))
-# define sk_OCSP_RESPID_unshift(st, val) SKM_sk_unshift(OCSP_RESPID, (st), (val))
-# define sk_OCSP_RESPID_find(st, val) SKM_sk_find(OCSP_RESPID, (st), (val))
-# define sk_OCSP_RESPID_find_ex(st, val) SKM_sk_find_ex(OCSP_RESPID, (st), (val))
-# define sk_OCSP_RESPID_delete(st, i) SKM_sk_delete(OCSP_RESPID, (st), (i))
-# define sk_OCSP_RESPID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_RESPID, (st), (ptr))
-# define sk_OCSP_RESPID_insert(st, val, i) SKM_sk_insert(OCSP_RESPID, (st), (val), (i))
-# define sk_OCSP_RESPID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_RESPID, (st), (cmp))
-# define sk_OCSP_RESPID_dup(st) SKM_sk_dup(OCSP_RESPID, st)
-# define sk_OCSP_RESPID_pop_free(st, free_func) SKM_sk_pop_free(OCSP_RESPID, (st), (free_func))
-# define sk_OCSP_RESPID_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(OCSP_RESPID, (st), (copy_func), (free_func))
-# define sk_OCSP_RESPID_shift(st) SKM_sk_shift(OCSP_RESPID, (st))
-# define sk_OCSP_RESPID_pop(st) SKM_sk_pop(OCSP_RESPID, (st))
-# define sk_OCSP_RESPID_sort(st) SKM_sk_sort(OCSP_RESPID, (st))
-# define sk_OCSP_RESPID_is_sorted(st) SKM_sk_is_sorted(OCSP_RESPID, (st))
-# define sk_OCSP_SINGLERESP_new(cmp) SKM_sk_new(OCSP_SINGLERESP, (cmp))
-# define sk_OCSP_SINGLERESP_new_null() SKM_sk_new_null(OCSP_SINGLERESP)
-# define sk_OCSP_SINGLERESP_free(st) SKM_sk_free(OCSP_SINGLERESP, (st))
-# define sk_OCSP_SINGLERESP_num(st) SKM_sk_num(OCSP_SINGLERESP, (st))
-# define sk_OCSP_SINGLERESP_value(st, i) SKM_sk_value(OCSP_SINGLERESP, (st), (i))
-# define sk_OCSP_SINGLERESP_set(st, i, val) SKM_sk_set(OCSP_SINGLERESP, (st), (i), (val))
-# define sk_OCSP_SINGLERESP_zero(st) SKM_sk_zero(OCSP_SINGLERESP, (st))
-# define sk_OCSP_SINGLERESP_push(st, val) SKM_sk_push(OCSP_SINGLERESP, (st), (val))
-# define sk_OCSP_SINGLERESP_unshift(st, val) SKM_sk_unshift(OCSP_SINGLERESP, (st), (val))
-# define sk_OCSP_SINGLERESP_find(st, val) SKM_sk_find(OCSP_SINGLERESP, (st), (val))
-# define sk_OCSP_SINGLERESP_find_ex(st, val) SKM_sk_find_ex(OCSP_SINGLERESP, (st), (val))
-# define sk_OCSP_SINGLERESP_delete(st, i) SKM_sk_delete(OCSP_SINGLERESP, (st), (i))
-# define sk_OCSP_SINGLERESP_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_SINGLERESP, (st), (ptr))
-# define sk_OCSP_SINGLERESP_insert(st, val, i) SKM_sk_insert(OCSP_SINGLERESP, (st), (val), (i))
-# define sk_OCSP_SINGLERESP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_SINGLERESP, (st), (cmp))
-# define sk_OCSP_SINGLERESP_dup(st) SKM_sk_dup(OCSP_SINGLERESP, st)
-# define sk_OCSP_SINGLERESP_pop_free(st, free_func) SKM_sk_pop_free(OCSP_SINGLERESP, (st), (free_func))
-# define sk_OCSP_SINGLERESP_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(OCSP_SINGLERESP, (st), (copy_func), (free_func))
-# define sk_OCSP_SINGLERESP_shift(st) SKM_sk_shift(OCSP_SINGLERESP, (st))
-# define sk_OCSP_SINGLERESP_pop(st) SKM_sk_pop(OCSP_SINGLERESP, (st))
-# define sk_OCSP_SINGLERESP_sort(st) SKM_sk_sort(OCSP_SINGLERESP, (st))
-# define sk_OCSP_SINGLERESP_is_sorted(st) SKM_sk_is_sorted(OCSP_SINGLERESP, (st))
-# define sk_PKCS12_SAFEBAG_new(cmp) SKM_sk_new(PKCS12_SAFEBAG, (cmp))
-# define sk_PKCS12_SAFEBAG_new_null() SKM_sk_new_null(PKCS12_SAFEBAG)
-# define sk_PKCS12_SAFEBAG_free(st) SKM_sk_free(PKCS12_SAFEBAG, (st))
-# define sk_PKCS12_SAFEBAG_num(st) SKM_sk_num(PKCS12_SAFEBAG, (st))
-# define sk_PKCS12_SAFEBAG_value(st, i) SKM_sk_value(PKCS12_SAFEBAG, (st), (i))
-# define sk_PKCS12_SAFEBAG_set(st, i, val) SKM_sk_set(PKCS12_SAFEBAG, (st), (i), (val))
-# define sk_PKCS12_SAFEBAG_zero(st) SKM_sk_zero(PKCS12_SAFEBAG, (st))
-# define sk_PKCS12_SAFEBAG_push(st, val) SKM_sk_push(PKCS12_SAFEBAG, (st), (val))
-# define sk_PKCS12_SAFEBAG_unshift(st, val) SKM_sk_unshift(PKCS12_SAFEBAG, (st), (val))
-# define sk_PKCS12_SAFEBAG_find(st, val) SKM_sk_find(PKCS12_SAFEBAG, (st), (val))
-# define sk_PKCS12_SAFEBAG_find_ex(st, val) SKM_sk_find_ex(PKCS12_SAFEBAG, (st), (val))
-# define sk_PKCS12_SAFEBAG_delete(st, i) SKM_sk_delete(PKCS12_SAFEBAG, (st), (i))
-# define sk_PKCS12_SAFEBAG_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS12_SAFEBAG, (st), (ptr))
-# define sk_PKCS12_SAFEBAG_insert(st, val, i) SKM_sk_insert(PKCS12_SAFEBAG, (st), (val), (i))
-# define sk_PKCS12_SAFEBAG_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS12_SAFEBAG, (st), (cmp))
-# define sk_PKCS12_SAFEBAG_dup(st) SKM_sk_dup(PKCS12_SAFEBAG, st)
-# define sk_PKCS12_SAFEBAG_pop_free(st, free_func) SKM_sk_pop_free(PKCS12_SAFEBAG, (st), (free_func))
-# define sk_PKCS12_SAFEBAG_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(PKCS12_SAFEBAG, (st), (copy_func), (free_func))
-# define sk_PKCS12_SAFEBAG_shift(st) SKM_sk_shift(PKCS12_SAFEBAG, (st))
-# define sk_PKCS12_SAFEBAG_pop(st) SKM_sk_pop(PKCS12_SAFEBAG, (st))
-# define sk_PKCS12_SAFEBAG_sort(st) SKM_sk_sort(PKCS12_SAFEBAG, (st))
-# define sk_PKCS12_SAFEBAG_is_sorted(st) SKM_sk_is_sorted(PKCS12_SAFEBAG, (st))
-# define sk_PKCS7_new(cmp) SKM_sk_new(PKCS7, (cmp))
-# define sk_PKCS7_new_null() SKM_sk_new_null(PKCS7)
-# define sk_PKCS7_free(st) SKM_sk_free(PKCS7, (st))
-# define sk_PKCS7_num(st) SKM_sk_num(PKCS7, (st))
-# define sk_PKCS7_value(st, i) SKM_sk_value(PKCS7, (st), (i))
-# define sk_PKCS7_set(st, i, val) SKM_sk_set(PKCS7, (st), (i), (val))
-# define sk_PKCS7_zero(st) SKM_sk_zero(PKCS7, (st))
-# define sk_PKCS7_push(st, val) SKM_sk_push(PKCS7, (st), (val))
-# define sk_PKCS7_unshift(st, val) SKM_sk_unshift(PKCS7, (st), (val))
-# define sk_PKCS7_find(st, val) SKM_sk_find(PKCS7, (st), (val))
-# define sk_PKCS7_find_ex(st, val) SKM_sk_find_ex(PKCS7, (st), (val))
-# define sk_PKCS7_delete(st, i) SKM_sk_delete(PKCS7, (st), (i))
-# define sk_PKCS7_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7, (st), (ptr))
-# define sk_PKCS7_insert(st, val, i) SKM_sk_insert(PKCS7, (st), (val), (i))
-# define sk_PKCS7_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7, (st), (cmp))
-# define sk_PKCS7_dup(st) SKM_sk_dup(PKCS7, st)
-# define sk_PKCS7_pop_free(st, free_func) SKM_sk_pop_free(PKCS7, (st), (free_func))
-# define sk_PKCS7_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(PKCS7, (st), (copy_func), (free_func))
-# define sk_PKCS7_shift(st) SKM_sk_shift(PKCS7, (st))
-# define sk_PKCS7_pop(st) SKM_sk_pop(PKCS7, (st))
-# define sk_PKCS7_sort(st) SKM_sk_sort(PKCS7, (st))
-# define sk_PKCS7_is_sorted(st) SKM_sk_is_sorted(PKCS7, (st))
-# define sk_PKCS7_RECIP_INFO_new(cmp) SKM_sk_new(PKCS7_RECIP_INFO, (cmp))
-# define sk_PKCS7_RECIP_INFO_new_null() SKM_sk_new_null(PKCS7_RECIP_INFO)
-# define sk_PKCS7_RECIP_INFO_free(st) SKM_sk_free(PKCS7_RECIP_INFO, (st))
-# define sk_PKCS7_RECIP_INFO_num(st) SKM_sk_num(PKCS7_RECIP_INFO, (st))
-# define sk_PKCS7_RECIP_INFO_value(st, i) SKM_sk_value(PKCS7_RECIP_INFO, (st), (i))
-# define sk_PKCS7_RECIP_INFO_set(st, i, val) SKM_sk_set(PKCS7_RECIP_INFO, (st), (i), (val))
-# define sk_PKCS7_RECIP_INFO_zero(st) SKM_sk_zero(PKCS7_RECIP_INFO, (st))
-# define sk_PKCS7_RECIP_INFO_push(st, val) SKM_sk_push(PKCS7_RECIP_INFO, (st), (val))
-# define sk_PKCS7_RECIP_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_RECIP_INFO, (st), (val))
-# define sk_PKCS7_RECIP_INFO_find(st, val) SKM_sk_find(PKCS7_RECIP_INFO, (st), (val))
-# define sk_PKCS7_RECIP_INFO_find_ex(st, val) SKM_sk_find_ex(PKCS7_RECIP_INFO, (st), (val))
-# define sk_PKCS7_RECIP_INFO_delete(st, i) SKM_sk_delete(PKCS7_RECIP_INFO, (st), (i))
-# define sk_PKCS7_RECIP_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_RECIP_INFO, (st), (ptr))
-# define sk_PKCS7_RECIP_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_RECIP_INFO, (st), (val), (i))
-# define sk_PKCS7_RECIP_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7_RECIP_INFO, (st), (cmp))
-# define sk_PKCS7_RECIP_INFO_dup(st) SKM_sk_dup(PKCS7_RECIP_INFO, st)
-# define sk_PKCS7_RECIP_INFO_pop_free(st, free_func) SKM_sk_pop_free(PKCS7_RECIP_INFO, (st), (free_func))
-# define sk_PKCS7_RECIP_INFO_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(PKCS7_RECIP_INFO, (st), (copy_func), (free_func))
-# define sk_PKCS7_RECIP_INFO_shift(st) SKM_sk_shift(PKCS7_RECIP_INFO, (st))
-# define sk_PKCS7_RECIP_INFO_pop(st) SKM_sk_pop(PKCS7_RECIP_INFO, (st))
-# define sk_PKCS7_RECIP_INFO_sort(st) SKM_sk_sort(PKCS7_RECIP_INFO, (st))
-# define sk_PKCS7_RECIP_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_RECIP_INFO, (st))
-# define sk_PKCS7_SIGNER_INFO_new(cmp) SKM_sk_new(PKCS7_SIGNER_INFO, (cmp))
-# define sk_PKCS7_SIGNER_INFO_new_null() SKM_sk_new_null(PKCS7_SIGNER_INFO)
-# define sk_PKCS7_SIGNER_INFO_free(st) SKM_sk_free(PKCS7_SIGNER_INFO, (st))
-# define sk_PKCS7_SIGNER_INFO_num(st) SKM_sk_num(PKCS7_SIGNER_INFO, (st))
-# define sk_PKCS7_SIGNER_INFO_value(st, i) SKM_sk_value(PKCS7_SIGNER_INFO, (st), (i))
-# define sk_PKCS7_SIGNER_INFO_set(st, i, val) SKM_sk_set(PKCS7_SIGNER_INFO, (st), (i), (val))
-# define sk_PKCS7_SIGNER_INFO_zero(st) SKM_sk_zero(PKCS7_SIGNER_INFO, (st))
-# define sk_PKCS7_SIGNER_INFO_push(st, val) SKM_sk_push(PKCS7_SIGNER_INFO, (st), (val))
-# define sk_PKCS7_SIGNER_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_SIGNER_INFO, (st), (val))
-# define sk_PKCS7_SIGNER_INFO_find(st, val) SKM_sk_find(PKCS7_SIGNER_INFO, (st), (val))
-# define sk_PKCS7_SIGNER_INFO_find_ex(st, val) SKM_sk_find_ex(PKCS7_SIGNER_INFO, (st), (val))
-# define sk_PKCS7_SIGNER_INFO_delete(st, i) SKM_sk_delete(PKCS7_SIGNER_INFO, (st), (i))
-# define sk_PKCS7_SIGNER_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_SIGNER_INFO, (st), (ptr))
-# define sk_PKCS7_SIGNER_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_SIGNER_INFO, (st), (val), (i))
-# define sk_PKCS7_SIGNER_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7_SIGNER_INFO, (st), (cmp))
-# define sk_PKCS7_SIGNER_INFO_dup(st) SKM_sk_dup(PKCS7_SIGNER_INFO, st)
-# define sk_PKCS7_SIGNER_INFO_pop_free(st, free_func) SKM_sk_pop_free(PKCS7_SIGNER_INFO, (st), (free_func))
-# define sk_PKCS7_SIGNER_INFO_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(PKCS7_SIGNER_INFO, (st), (copy_func), (free_func))
-# define sk_PKCS7_SIGNER_INFO_shift(st) SKM_sk_shift(PKCS7_SIGNER_INFO, (st))
-# define sk_PKCS7_SIGNER_INFO_pop(st) SKM_sk_pop(PKCS7_SIGNER_INFO, (st))
-# define sk_PKCS7_SIGNER_INFO_sort(st) SKM_sk_sort(PKCS7_SIGNER_INFO, (st))
-# define sk_PKCS7_SIGNER_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_SIGNER_INFO, (st))
-# define sk_POLICYINFO_new(cmp) SKM_sk_new(POLICYINFO, (cmp))
-# define sk_POLICYINFO_new_null() SKM_sk_new_null(POLICYINFO)
-# define sk_POLICYINFO_free(st) SKM_sk_free(POLICYINFO, (st))
-# define sk_POLICYINFO_num(st) SKM_sk_num(POLICYINFO, (st))
-# define sk_POLICYINFO_value(st, i) SKM_sk_value(POLICYINFO, (st), (i))
-# define sk_POLICYINFO_set(st, i, val) SKM_sk_set(POLICYINFO, (st), (i), (val))
-# define sk_POLICYINFO_zero(st) SKM_sk_zero(POLICYINFO, (st))
-# define sk_POLICYINFO_push(st, val) SKM_sk_push(POLICYINFO, (st), (val))
-# define sk_POLICYINFO_unshift(st, val) SKM_sk_unshift(POLICYINFO, (st), (val))
-# define sk_POLICYINFO_find(st, val) SKM_sk_find(POLICYINFO, (st), (val))
-# define sk_POLICYINFO_find_ex(st, val) SKM_sk_find_ex(POLICYINFO, (st), (val))
-# define sk_POLICYINFO_delete(st, i) SKM_sk_delete(POLICYINFO, (st), (i))
-# define sk_POLICYINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYINFO, (st), (ptr))
-# define sk_POLICYINFO_insert(st, val, i) SKM_sk_insert(POLICYINFO, (st), (val), (i))
-# define sk_POLICYINFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICYINFO, (st), (cmp))
-# define sk_POLICYINFO_dup(st) SKM_sk_dup(POLICYINFO, st)
-# define sk_POLICYINFO_pop_free(st, free_func) SKM_sk_pop_free(POLICYINFO, (st), (free_func))
-# define sk_POLICYINFO_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(POLICYINFO, (st), (copy_func), (free_func))
-# define sk_POLICYINFO_shift(st) SKM_sk_shift(POLICYINFO, (st))
-# define sk_POLICYINFO_pop(st) SKM_sk_pop(POLICYINFO, (st))
-# define sk_POLICYINFO_sort(st) SKM_sk_sort(POLICYINFO, (st))
-# define sk_POLICYINFO_is_sorted(st) SKM_sk_is_sorted(POLICYINFO, (st))
-# define sk_POLICYQUALINFO_new(cmp) SKM_sk_new(POLICYQUALINFO, (cmp))
-# define sk_POLICYQUALINFO_new_null() SKM_sk_new_null(POLICYQUALINFO)
-# define sk_POLICYQUALINFO_free(st) SKM_sk_free(POLICYQUALINFO, (st))
-# define sk_POLICYQUALINFO_num(st) SKM_sk_num(POLICYQUALINFO, (st))
-# define sk_POLICYQUALINFO_value(st, i) SKM_sk_value(POLICYQUALINFO, (st), (i))
-# define sk_POLICYQUALINFO_set(st, i, val) SKM_sk_set(POLICYQUALINFO, (st), (i), (val))
-# define sk_POLICYQUALINFO_zero(st) SKM_sk_zero(POLICYQUALINFO, (st))
-# define sk_POLICYQUALINFO_push(st, val) SKM_sk_push(POLICYQUALINFO, (st), (val))
-# define sk_POLICYQUALINFO_unshift(st, val) SKM_sk_unshift(POLICYQUALINFO, (st), (val))
-# define sk_POLICYQUALINFO_find(st, val) SKM_sk_find(POLICYQUALINFO, (st), (val))
-# define sk_POLICYQUALINFO_find_ex(st, val) SKM_sk_find_ex(POLICYQUALINFO, (st), (val))
-# define sk_POLICYQUALINFO_delete(st, i) SKM_sk_delete(POLICYQUALINFO, (st), (i))
-# define sk_POLICYQUALINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYQUALINFO, (st), (ptr))
-# define sk_POLICYQUALINFO_insert(st, val, i) SKM_sk_insert(POLICYQUALINFO, (st), (val), (i))
-# define sk_POLICYQUALINFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICYQUALINFO, (st), (cmp))
-# define sk_POLICYQUALINFO_dup(st) SKM_sk_dup(POLICYQUALINFO, st)
-# define sk_POLICYQUALINFO_pop_free(st, free_func) SKM_sk_pop_free(POLICYQUALINFO, (st), (free_func))
-# define sk_POLICYQUALINFO_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(POLICYQUALINFO, (st), (copy_func), (free_func))
-# define sk_POLICYQUALINFO_shift(st) SKM_sk_shift(POLICYQUALINFO, (st))
-# define sk_POLICYQUALINFO_pop(st) SKM_sk_pop(POLICYQUALINFO, (st))
-# define sk_POLICYQUALINFO_sort(st) SKM_sk_sort(POLICYQUALINFO, (st))
-# define sk_POLICYQUALINFO_is_sorted(st) SKM_sk_is_sorted(POLICYQUALINFO, (st))
-# define sk_POLICY_MAPPING_new(cmp) SKM_sk_new(POLICY_MAPPING, (cmp))
-# define sk_POLICY_MAPPING_new_null() SKM_sk_new_null(POLICY_MAPPING)
-# define sk_POLICY_MAPPING_free(st) SKM_sk_free(POLICY_MAPPING, (st))
-# define sk_POLICY_MAPPING_num(st) SKM_sk_num(POLICY_MAPPING, (st))
-# define sk_POLICY_MAPPING_value(st, i) SKM_sk_value(POLICY_MAPPING, (st), (i))
-# define sk_POLICY_MAPPING_set(st, i, val) SKM_sk_set(POLICY_MAPPING, (st), (i), (val))
-# define sk_POLICY_MAPPING_zero(st) SKM_sk_zero(POLICY_MAPPING, (st))
-# define sk_POLICY_MAPPING_push(st, val) SKM_sk_push(POLICY_MAPPING, (st), (val))
-# define sk_POLICY_MAPPING_unshift(st, val) SKM_sk_unshift(POLICY_MAPPING, (st), (val))
-# define sk_POLICY_MAPPING_find(st, val) SKM_sk_find(POLICY_MAPPING, (st), (val))
-# define sk_POLICY_MAPPING_find_ex(st, val) SKM_sk_find_ex(POLICY_MAPPING, (st), (val))
-# define sk_POLICY_MAPPING_delete(st, i) SKM_sk_delete(POLICY_MAPPING, (st), (i))
-# define sk_POLICY_MAPPING_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICY_MAPPING, (st), (ptr))
-# define sk_POLICY_MAPPING_insert(st, val, i) SKM_sk_insert(POLICY_MAPPING, (st), (val), (i))
-# define sk_POLICY_MAPPING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICY_MAPPING, (st), (cmp))
-# define sk_POLICY_MAPPING_dup(st) SKM_sk_dup(POLICY_MAPPING, st)
-# define sk_POLICY_MAPPING_pop_free(st, free_func) SKM_sk_pop_free(POLICY_MAPPING, (st), (free_func))
-# define sk_POLICY_MAPPING_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(POLICY_MAPPING, (st), (copy_func), (free_func))
-# define sk_POLICY_MAPPING_shift(st) SKM_sk_shift(POLICY_MAPPING, (st))
-# define sk_POLICY_MAPPING_pop(st) SKM_sk_pop(POLICY_MAPPING, (st))
-# define sk_POLICY_MAPPING_sort(st) SKM_sk_sort(POLICY_MAPPING, (st))
-# define sk_POLICY_MAPPING_is_sorted(st) SKM_sk_is_sorted(POLICY_MAPPING, (st))
-# define sk_SCT_new(cmp) SKM_sk_new(SCT, (cmp))
-# define sk_SCT_new_null() SKM_sk_new_null(SCT)
-# define sk_SCT_free(st) SKM_sk_free(SCT, (st))
-# define sk_SCT_num(st) SKM_sk_num(SCT, (st))
-# define sk_SCT_value(st, i) SKM_sk_value(SCT, (st), (i))
-# define sk_SCT_set(st, i, val) SKM_sk_set(SCT, (st), (i), (val))
-# define sk_SCT_zero(st) SKM_sk_zero(SCT, (st))
-# define sk_SCT_push(st, val) SKM_sk_push(SCT, (st), (val))
-# define sk_SCT_unshift(st, val) SKM_sk_unshift(SCT, (st), (val))
-# define sk_SCT_find(st, val) SKM_sk_find(SCT, (st), (val))
-# define sk_SCT_find_ex(st, val) SKM_sk_find_ex(SCT, (st), (val))
-# define sk_SCT_delete(st, i) SKM_sk_delete(SCT, (st), (i))
-# define sk_SCT_delete_ptr(st, ptr) SKM_sk_delete_ptr(SCT, (st), (ptr))
-# define sk_SCT_insert(st, val, i) SKM_sk_insert(SCT, (st), (val), (i))
-# define sk_SCT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SCT, (st), (cmp))
-# define sk_SCT_dup(st) SKM_sk_dup(SCT, st)
-# define sk_SCT_pop_free(st, free_func) SKM_sk_pop_free(SCT, (st), (free_func))
-# define sk_SCT_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SCT, (st), (copy_func), (free_func))
-# define sk_SCT_shift(st) SKM_sk_shift(SCT, (st))
-# define sk_SCT_pop(st) SKM_sk_pop(SCT, (st))
-# define sk_SCT_sort(st) SKM_sk_sort(SCT, (st))
-# define sk_SCT_is_sorted(st) SKM_sk_is_sorted(SCT, (st))
-# define sk_SRP_gN_new(cmp) SKM_sk_new(SRP_gN, (cmp))
-# define sk_SRP_gN_new_null() SKM_sk_new_null(SRP_gN)
-# define sk_SRP_gN_free(st) SKM_sk_free(SRP_gN, (st))
-# define sk_SRP_gN_num(st) SKM_sk_num(SRP_gN, (st))
-# define sk_SRP_gN_value(st, i) SKM_sk_value(SRP_gN, (st), (i))
-# define sk_SRP_gN_set(st, i, val) SKM_sk_set(SRP_gN, (st), (i), (val))
-# define sk_SRP_gN_zero(st) SKM_sk_zero(SRP_gN, (st))
-# define sk_SRP_gN_push(st, val) SKM_sk_push(SRP_gN, (st), (val))
-# define sk_SRP_gN_unshift(st, val) SKM_sk_unshift(SRP_gN, (st), (val))
-# define sk_SRP_gN_find(st, val) SKM_sk_find(SRP_gN, (st), (val))
-# define sk_SRP_gN_find_ex(st, val) SKM_sk_find_ex(SRP_gN, (st), (val))
-# define sk_SRP_gN_delete(st, i) SKM_sk_delete(SRP_gN, (st), (i))
-# define sk_SRP_gN_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRP_gN, (st), (ptr))
-# define sk_SRP_gN_insert(st, val, i) SKM_sk_insert(SRP_gN, (st), (val), (i))
-# define sk_SRP_gN_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRP_gN, (st), (cmp))
-# define sk_SRP_gN_dup(st) SKM_sk_dup(SRP_gN, st)
-# define sk_SRP_gN_pop_free(st, free_func) SKM_sk_pop_free(SRP_gN, (st), (free_func))
-# define sk_SRP_gN_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SRP_gN, (st), (copy_func), (free_func))
-# define sk_SRP_gN_shift(st) SKM_sk_shift(SRP_gN, (st))
-# define sk_SRP_gN_pop(st) SKM_sk_pop(SRP_gN, (st))
-# define sk_SRP_gN_sort(st) SKM_sk_sort(SRP_gN, (st))
-# define sk_SRP_gN_is_sorted(st) SKM_sk_is_sorted(SRP_gN, (st))
-# define sk_SRP_gN_cache_new(cmp) SKM_sk_new(SRP_gN_cache, (cmp))
-# define sk_SRP_gN_cache_new_null() SKM_sk_new_null(SRP_gN_cache)
-# define sk_SRP_gN_cache_free(st) SKM_sk_free(SRP_gN_cache, (st))
-# define sk_SRP_gN_cache_num(st) SKM_sk_num(SRP_gN_cache, (st))
-# define sk_SRP_gN_cache_value(st, i) SKM_sk_value(SRP_gN_cache, (st), (i))
-# define sk_SRP_gN_cache_set(st, i, val) SKM_sk_set(SRP_gN_cache, (st), (i), (val))
-# define sk_SRP_gN_cache_zero(st) SKM_sk_zero(SRP_gN_cache, (st))
-# define sk_SRP_gN_cache_push(st, val) SKM_sk_push(SRP_gN_cache, (st), (val))
-# define sk_SRP_gN_cache_unshift(st, val) SKM_sk_unshift(SRP_gN_cache, (st), (val))
-# define sk_SRP_gN_cache_find(st, val) SKM_sk_find(SRP_gN_cache, (st), (val))
-# define sk_SRP_gN_cache_find_ex(st, val) SKM_sk_find_ex(SRP_gN_cache, (st), (val))
-# define sk_SRP_gN_cache_delete(st, i) SKM_sk_delete(SRP_gN_cache, (st), (i))
-# define sk_SRP_gN_cache_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRP_gN_cache, (st), (ptr))
-# define sk_SRP_gN_cache_insert(st, val, i) SKM_sk_insert(SRP_gN_cache, (st), (val), (i))
-# define sk_SRP_gN_cache_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRP_gN_cache, (st), (cmp))
-# define sk_SRP_gN_cache_dup(st) SKM_sk_dup(SRP_gN_cache, st)
-# define sk_SRP_gN_cache_pop_free(st, free_func) SKM_sk_pop_free(SRP_gN_cache, (st), (free_func))
-# define sk_SRP_gN_cache_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SRP_gN_cache, (st), (copy_func), (free_func))
-# define sk_SRP_gN_cache_shift(st) SKM_sk_shift(SRP_gN_cache, (st))
-# define sk_SRP_gN_cache_pop(st) SKM_sk_pop(SRP_gN_cache, (st))
-# define sk_SRP_gN_cache_sort(st) SKM_sk_sort(SRP_gN_cache, (st))
-# define sk_SRP_gN_cache_is_sorted(st) SKM_sk_is_sorted(SRP_gN_cache, (st))
-# define sk_SRP_user_pwd_new(cmp) SKM_sk_new(SRP_user_pwd, (cmp))
-# define sk_SRP_user_pwd_new_null() SKM_sk_new_null(SRP_user_pwd)
-# define sk_SRP_user_pwd_free(st) SKM_sk_free(SRP_user_pwd, (st))
-# define sk_SRP_user_pwd_num(st) SKM_sk_num(SRP_user_pwd, (st))
-# define sk_SRP_user_pwd_value(st, i) SKM_sk_value(SRP_user_pwd, (st), (i))
-# define sk_SRP_user_pwd_set(st, i, val) SKM_sk_set(SRP_user_pwd, (st), (i), (val))
-# define sk_SRP_user_pwd_zero(st) SKM_sk_zero(SRP_user_pwd, (st))
-# define sk_SRP_user_pwd_push(st, val) SKM_sk_push(SRP_user_pwd, (st), (val))
-# define sk_SRP_user_pwd_unshift(st, val) SKM_sk_unshift(SRP_user_pwd, (st), (val))
-# define sk_SRP_user_pwd_find(st, val) SKM_sk_find(SRP_user_pwd, (st), (val))
-# define sk_SRP_user_pwd_find_ex(st, val) SKM_sk_find_ex(SRP_user_pwd, (st), (val))
-# define sk_SRP_user_pwd_delete(st, i) SKM_sk_delete(SRP_user_pwd, (st), (i))
-# define sk_SRP_user_pwd_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRP_user_pwd, (st), (ptr))
-# define sk_SRP_user_pwd_insert(st, val, i) SKM_sk_insert(SRP_user_pwd, (st), (val), (i))
-# define sk_SRP_user_pwd_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRP_user_pwd, (st), (cmp))
-# define sk_SRP_user_pwd_dup(st) SKM_sk_dup(SRP_user_pwd, st)
-# define sk_SRP_user_pwd_pop_free(st, free_func) SKM_sk_pop_free(SRP_user_pwd, (st), (free_func))
-# define sk_SRP_user_pwd_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SRP_user_pwd, (st), (copy_func), (free_func))
-# define sk_SRP_user_pwd_shift(st) SKM_sk_shift(SRP_user_pwd, (st))
-# define sk_SRP_user_pwd_pop(st) SKM_sk_pop(SRP_user_pwd, (st))
-# define sk_SRP_user_pwd_sort(st) SKM_sk_sort(SRP_user_pwd, (st))
-# define sk_SRP_user_pwd_is_sorted(st) SKM_sk_is_sorted(SRP_user_pwd, (st))
-# define sk_SRTP_PROTECTION_PROFILE_new(cmp) SKM_sk_new(SRTP_PROTECTION_PROFILE, (cmp))
-# define sk_SRTP_PROTECTION_PROFILE_new_null() SKM_sk_new_null(SRTP_PROTECTION_PROFILE)
-# define sk_SRTP_PROTECTION_PROFILE_free(st) SKM_sk_free(SRTP_PROTECTION_PROFILE, (st))
-# define sk_SRTP_PROTECTION_PROFILE_num(st) SKM_sk_num(SRTP_PROTECTION_PROFILE, (st))
-# define sk_SRTP_PROTECTION_PROFILE_value(st, i) SKM_sk_value(SRTP_PROTECTION_PROFILE, (st), (i))
-# define sk_SRTP_PROTECTION_PROFILE_set(st, i, val) SKM_sk_set(SRTP_PROTECTION_PROFILE, (st), (i), (val))
-# define sk_SRTP_PROTECTION_PROFILE_zero(st) SKM_sk_zero(SRTP_PROTECTION_PROFILE, (st))
-# define sk_SRTP_PROTECTION_PROFILE_push(st, val) SKM_sk_push(SRTP_PROTECTION_PROFILE, (st), (val))
-# define sk_SRTP_PROTECTION_PROFILE_unshift(st, val) SKM_sk_unshift(SRTP_PROTECTION_PROFILE, (st), (val))
-# define sk_SRTP_PROTECTION_PROFILE_find(st, val) SKM_sk_find(SRTP_PROTECTION_PROFILE, (st), (val))
-# define sk_SRTP_PROTECTION_PROFILE_find_ex(st, val) SKM_sk_find_ex(SRTP_PROTECTION_PROFILE, (st), (val))
-# define sk_SRTP_PROTECTION_PROFILE_delete(st, i) SKM_sk_delete(SRTP_PROTECTION_PROFILE, (st), (i))
-# define sk_SRTP_PROTECTION_PROFILE_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRTP_PROTECTION_PROFILE, (st), (ptr))
-# define sk_SRTP_PROTECTION_PROFILE_insert(st, val, i) SKM_sk_insert(SRTP_PROTECTION_PROFILE, (st), (val), (i))
-# define sk_SRTP_PROTECTION_PROFILE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRTP_PROTECTION_PROFILE, (st), (cmp))
-# define sk_SRTP_PROTECTION_PROFILE_dup(st) SKM_sk_dup(SRTP_PROTECTION_PROFILE, st)
-# define sk_SRTP_PROTECTION_PROFILE_pop_free(st, free_func) SKM_sk_pop_free(SRTP_PROTECTION_PROFILE, (st), (free_func))
-# define sk_SRTP_PROTECTION_PROFILE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SRTP_PROTECTION_PROFILE, (st), (copy_func), (free_func))
-# define sk_SRTP_PROTECTION_PROFILE_shift(st) SKM_sk_shift(SRTP_PROTECTION_PROFILE, (st))
-# define sk_SRTP_PROTECTION_PROFILE_pop(st) SKM_sk_pop(SRTP_PROTECTION_PROFILE, (st))
-# define sk_SRTP_PROTECTION_PROFILE_sort(st) SKM_sk_sort(SRTP_PROTECTION_PROFILE, (st))
-# define sk_SRTP_PROTECTION_PROFILE_is_sorted(st) SKM_sk_is_sorted(SRTP_PROTECTION_PROFILE, (st))
-# define sk_SSL_CIPHER_new(cmp) SKM_sk_new(SSL_CIPHER, (cmp))
-# define sk_SSL_CIPHER_new_null() SKM_sk_new_null(SSL_CIPHER)
-# define sk_SSL_CIPHER_free(st) SKM_sk_free(SSL_CIPHER, (st))
-# define sk_SSL_CIPHER_num(st) SKM_sk_num(SSL_CIPHER, (st))
-# define sk_SSL_CIPHER_value(st, i) SKM_sk_value(SSL_CIPHER, (st), (i))
-# define sk_SSL_CIPHER_set(st, i, val) SKM_sk_set(SSL_CIPHER, (st), (i), (val))
-# define sk_SSL_CIPHER_zero(st) SKM_sk_zero(SSL_CIPHER, (st))
-# define sk_SSL_CIPHER_push(st, val) SKM_sk_push(SSL_CIPHER, (st), (val))
-# define sk_SSL_CIPHER_unshift(st, val) SKM_sk_unshift(SSL_CIPHER, (st), (val))
-# define sk_SSL_CIPHER_find(st, val) SKM_sk_find(SSL_CIPHER, (st), (val))
-# define sk_SSL_CIPHER_find_ex(st, val) SKM_sk_find_ex(SSL_CIPHER, (st), (val))
-# define sk_SSL_CIPHER_delete(st, i) SKM_sk_delete(SSL_CIPHER, (st), (i))
-# define sk_SSL_CIPHER_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_CIPHER, (st), (ptr))
-# define sk_SSL_CIPHER_insert(st, val, i) SKM_sk_insert(SSL_CIPHER, (st), (val), (i))
-# define sk_SSL_CIPHER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SSL_CIPHER, (st), (cmp))
-# define sk_SSL_CIPHER_dup(st) SKM_sk_dup(SSL_CIPHER, st)
-# define sk_SSL_CIPHER_pop_free(st, free_func) SKM_sk_pop_free(SSL_CIPHER, (st), (free_func))
-# define sk_SSL_CIPHER_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SSL_CIPHER, (st), (copy_func), (free_func))
-# define sk_SSL_CIPHER_shift(st) SKM_sk_shift(SSL_CIPHER, (st))
-# define sk_SSL_CIPHER_pop(st) SKM_sk_pop(SSL_CIPHER, (st))
-# define sk_SSL_CIPHER_sort(st) SKM_sk_sort(SSL_CIPHER, (st))
-# define sk_SSL_CIPHER_is_sorted(st) SKM_sk_is_sorted(SSL_CIPHER, (st))
-# define sk_SSL_COMP_new(cmp) SKM_sk_new(SSL_COMP, (cmp))
-# define sk_SSL_COMP_new_null() SKM_sk_new_null(SSL_COMP)
-# define sk_SSL_COMP_free(st) SKM_sk_free(SSL_COMP, (st))
-# define sk_SSL_COMP_num(st) SKM_sk_num(SSL_COMP, (st))
-# define sk_SSL_COMP_value(st, i) SKM_sk_value(SSL_COMP, (st), (i))
-# define sk_SSL_COMP_set(st, i, val) SKM_sk_set(SSL_COMP, (st), (i), (val))
-# define sk_SSL_COMP_zero(st) SKM_sk_zero(SSL_COMP, (st))
-# define sk_SSL_COMP_push(st, val) SKM_sk_push(SSL_COMP, (st), (val))
-# define sk_SSL_COMP_unshift(st, val) SKM_sk_unshift(SSL_COMP, (st), (val))
-# define sk_SSL_COMP_find(st, val) SKM_sk_find(SSL_COMP, (st), (val))
-# define sk_SSL_COMP_find_ex(st, val) SKM_sk_find_ex(SSL_COMP, (st), (val))
-# define sk_SSL_COMP_delete(st, i) SKM_sk_delete(SSL_COMP, (st), (i))
-# define sk_SSL_COMP_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_COMP, (st), (ptr))
-# define sk_SSL_COMP_insert(st, val, i) SKM_sk_insert(SSL_COMP, (st), (val), (i))
-# define sk_SSL_COMP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SSL_COMP, (st), (cmp))
-# define sk_SSL_COMP_dup(st) SKM_sk_dup(SSL_COMP, st)
-# define sk_SSL_COMP_pop_free(st, free_func) SKM_sk_pop_free(SSL_COMP, (st), (free_func))
-# define sk_SSL_COMP_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SSL_COMP, (st), (copy_func), (free_func))
-# define sk_SSL_COMP_shift(st) SKM_sk_shift(SSL_COMP, (st))
-# define sk_SSL_COMP_pop(st) SKM_sk_pop(SSL_COMP, (st))
-# define sk_SSL_COMP_sort(st) SKM_sk_sort(SSL_COMP, (st))
-# define sk_SSL_COMP_is_sorted(st) SKM_sk_is_sorted(SSL_COMP, (st))
-# define sk_STACK_OF_X509_NAME_ENTRY_new(cmp) SKM_sk_new(STACK_OF_X509_NAME_ENTRY, (cmp))
-# define sk_STACK_OF_X509_NAME_ENTRY_new_null() SKM_sk_new_null(STACK_OF_X509_NAME_ENTRY)
-# define sk_STACK_OF_X509_NAME_ENTRY_free(st) SKM_sk_free(STACK_OF_X509_NAME_ENTRY, (st))
-# define sk_STACK_OF_X509_NAME_ENTRY_num(st) SKM_sk_num(STACK_OF_X509_NAME_ENTRY, (st))
-# define sk_STACK_OF_X509_NAME_ENTRY_value(st, i) SKM_sk_value(STACK_OF_X509_NAME_ENTRY, (st), (i))
-# define sk_STACK_OF_X509_NAME_ENTRY_set(st, i, val) SKM_sk_set(STACK_OF_X509_NAME_ENTRY, (st), (i), (val))
-# define sk_STACK_OF_X509_NAME_ENTRY_zero(st) SKM_sk_zero(STACK_OF_X509_NAME_ENTRY, (st))
-# define sk_STACK_OF_X509_NAME_ENTRY_push(st, val) SKM_sk_push(STACK_OF_X509_NAME_ENTRY, (st), (val))
-# define sk_STACK_OF_X509_NAME_ENTRY_unshift(st, val) SKM_sk_unshift(STACK_OF_X509_NAME_ENTRY, (st), (val))
-# define sk_STACK_OF_X509_NAME_ENTRY_find(st, val) SKM_sk_find(STACK_OF_X509_NAME_ENTRY, (st), (val))
-# define sk_STACK_OF_X509_NAME_ENTRY_find_ex(st, val) SKM_sk_find_ex(STACK_OF_X509_NAME_ENTRY, (st), (val))
-# define sk_STACK_OF_X509_NAME_ENTRY_delete(st, i) SKM_sk_delete(STACK_OF_X509_NAME_ENTRY, (st), (i))
-# define sk_STACK_OF_X509_NAME_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(STACK_OF_X509_NAME_ENTRY, (st), (ptr))
-# define sk_STACK_OF_X509_NAME_ENTRY_insert(st, val, i) SKM_sk_insert(STACK_OF_X509_NAME_ENTRY, (st), (val), (i))
-# define sk_STACK_OF_X509_NAME_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STACK_OF_X509_NAME_ENTRY, (st), (cmp))
-# define sk_STACK_OF_X509_NAME_ENTRY_dup(st) SKM_sk_dup(STACK_OF_X509_NAME_ENTRY, st)
-# define sk_STACK_OF_X509_NAME_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(STACK_OF_X509_NAME_ENTRY, (st), (free_func))
-# define sk_STACK_OF_X509_NAME_ENTRY_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(STACK_OF_X509_NAME_ENTRY, (st), (copy_func), (free_func))
-# define sk_STACK_OF_X509_NAME_ENTRY_shift(st) SKM_sk_shift(STACK_OF_X509_NAME_ENTRY, (st))
-# define sk_STACK_OF_X509_NAME_ENTRY_pop(st) SKM_sk_pop(STACK_OF_X509_NAME_ENTRY, (st))
-# define sk_STACK_OF_X509_NAME_ENTRY_sort(st) SKM_sk_sort(STACK_OF_X509_NAME_ENTRY, (st))
-# define sk_STACK_OF_X509_NAME_ENTRY_is_sorted(st) SKM_sk_is_sorted(STACK_OF_X509_NAME_ENTRY, (st))
-# define sk_STORE_ATTR_INFO_new(cmp) SKM_sk_new(STORE_ATTR_INFO, (cmp))
-# define sk_STORE_ATTR_INFO_new_null() SKM_sk_new_null(STORE_ATTR_INFO)
-# define sk_STORE_ATTR_INFO_free(st) SKM_sk_free(STORE_ATTR_INFO, (st))
-# define sk_STORE_ATTR_INFO_num(st) SKM_sk_num(STORE_ATTR_INFO, (st))
-# define sk_STORE_ATTR_INFO_value(st, i) SKM_sk_value(STORE_ATTR_INFO, (st), (i))
-# define sk_STORE_ATTR_INFO_set(st, i, val) SKM_sk_set(STORE_ATTR_INFO, (st), (i), (val))
-# define sk_STORE_ATTR_INFO_zero(st) SKM_sk_zero(STORE_ATTR_INFO, (st))
-# define sk_STORE_ATTR_INFO_push(st, val) SKM_sk_push(STORE_ATTR_INFO, (st), (val))
-# define sk_STORE_ATTR_INFO_unshift(st, val) SKM_sk_unshift(STORE_ATTR_INFO, (st), (val))
-# define sk_STORE_ATTR_INFO_find(st, val) SKM_sk_find(STORE_ATTR_INFO, (st), (val))
-# define sk_STORE_ATTR_INFO_find_ex(st, val) SKM_sk_find_ex(STORE_ATTR_INFO, (st), (val))
-# define sk_STORE_ATTR_INFO_delete(st, i) SKM_sk_delete(STORE_ATTR_INFO, (st), (i))
-# define sk_STORE_ATTR_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(STORE_ATTR_INFO, (st), (ptr))
-# define sk_STORE_ATTR_INFO_insert(st, val, i) SKM_sk_insert(STORE_ATTR_INFO, (st), (val), (i))
-# define sk_STORE_ATTR_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STORE_ATTR_INFO, (st), (cmp))
-# define sk_STORE_ATTR_INFO_dup(st) SKM_sk_dup(STORE_ATTR_INFO, st)
-# define sk_STORE_ATTR_INFO_pop_free(st, free_func) SKM_sk_pop_free(STORE_ATTR_INFO, (st), (free_func))
-# define sk_STORE_ATTR_INFO_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(STORE_ATTR_INFO, (st), (copy_func), (free_func))
-# define sk_STORE_ATTR_INFO_shift(st) SKM_sk_shift(STORE_ATTR_INFO, (st))
-# define sk_STORE_ATTR_INFO_pop(st) SKM_sk_pop(STORE_ATTR_INFO, (st))
-# define sk_STORE_ATTR_INFO_sort(st) SKM_sk_sort(STORE_ATTR_INFO, (st))
-# define sk_STORE_ATTR_INFO_is_sorted(st) SKM_sk_is_sorted(STORE_ATTR_INFO, (st))
-# define sk_STORE_OBJECT_new(cmp) SKM_sk_new(STORE_OBJECT, (cmp))
-# define sk_STORE_OBJECT_new_null() SKM_sk_new_null(STORE_OBJECT)
-# define sk_STORE_OBJECT_free(st) SKM_sk_free(STORE_OBJECT, (st))
-# define sk_STORE_OBJECT_num(st) SKM_sk_num(STORE_OBJECT, (st))
-# define sk_STORE_OBJECT_value(st, i) SKM_sk_value(STORE_OBJECT, (st), (i))
-# define sk_STORE_OBJECT_set(st, i, val) SKM_sk_set(STORE_OBJECT, (st), (i), (val))
-# define sk_STORE_OBJECT_zero(st) SKM_sk_zero(STORE_OBJECT, (st))
-# define sk_STORE_OBJECT_push(st, val) SKM_sk_push(STORE_OBJECT, (st), (val))
-# define sk_STORE_OBJECT_unshift(st, val) SKM_sk_unshift(STORE_OBJECT, (st), (val))
-# define sk_STORE_OBJECT_find(st, val) SKM_sk_find(STORE_OBJECT, (st), (val))
-# define sk_STORE_OBJECT_find_ex(st, val) SKM_sk_find_ex(STORE_OBJECT, (st), (val))
-# define sk_STORE_OBJECT_delete(st, i) SKM_sk_delete(STORE_OBJECT, (st), (i))
-# define sk_STORE_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(STORE_OBJECT, (st), (ptr))
-# define sk_STORE_OBJECT_insert(st, val, i) SKM_sk_insert(STORE_OBJECT, (st), (val), (i))
-# define sk_STORE_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STORE_OBJECT, (st), (cmp))
-# define sk_STORE_OBJECT_dup(st) SKM_sk_dup(STORE_OBJECT, st)
-# define sk_STORE_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(STORE_OBJECT, (st), (free_func))
-# define sk_STORE_OBJECT_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(STORE_OBJECT, (st), (copy_func), (free_func))
-# define sk_STORE_OBJECT_shift(st) SKM_sk_shift(STORE_OBJECT, (st))
-# define sk_STORE_OBJECT_pop(st) SKM_sk_pop(STORE_OBJECT, (st))
-# define sk_STORE_OBJECT_sort(st) SKM_sk_sort(STORE_OBJECT, (st))
-# define sk_STORE_OBJECT_is_sorted(st) SKM_sk_is_sorted(STORE_OBJECT, (st))
-# define sk_SXNETID_new(cmp) SKM_sk_new(SXNETID, (cmp))
-# define sk_SXNETID_new_null() SKM_sk_new_null(SXNETID)
-# define sk_SXNETID_free(st) SKM_sk_free(SXNETID, (st))
-# define sk_SXNETID_num(st) SKM_sk_num(SXNETID, (st))
-# define sk_SXNETID_value(st, i) SKM_sk_value(SXNETID, (st), (i))
-# define sk_SXNETID_set(st, i, val) SKM_sk_set(SXNETID, (st), (i), (val))
-# define sk_SXNETID_zero(st) SKM_sk_zero(SXNETID, (st))
-# define sk_SXNETID_push(st, val) SKM_sk_push(SXNETID, (st), (val))
-# define sk_SXNETID_unshift(st, val) SKM_sk_unshift(SXNETID, (st), (val))
-# define sk_SXNETID_find(st, val) SKM_sk_find(SXNETID, (st), (val))
-# define sk_SXNETID_find_ex(st, val) SKM_sk_find_ex(SXNETID, (st), (val))
-# define sk_SXNETID_delete(st, i) SKM_sk_delete(SXNETID, (st), (i))
-# define sk_SXNETID_delete_ptr(st, ptr) SKM_sk_delete_ptr(SXNETID, (st), (ptr))
-# define sk_SXNETID_insert(st, val, i) SKM_sk_insert(SXNETID, (st), (val), (i))
-# define sk_SXNETID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SXNETID, (st), (cmp))
-# define sk_SXNETID_dup(st) SKM_sk_dup(SXNETID, st)
-# define sk_SXNETID_pop_free(st, free_func) SKM_sk_pop_free(SXNETID, (st), (free_func))
-# define sk_SXNETID_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SXNETID, (st), (copy_func), (free_func))
-# define sk_SXNETID_shift(st) SKM_sk_shift(SXNETID, (st))
-# define sk_SXNETID_pop(st) SKM_sk_pop(SXNETID, (st))
-# define sk_SXNETID_sort(st) SKM_sk_sort(SXNETID, (st))
-# define sk_SXNETID_is_sorted(st) SKM_sk_is_sorted(SXNETID, (st))
-# define sk_UI_STRING_new(cmp) SKM_sk_new(UI_STRING, (cmp))
-# define sk_UI_STRING_new_null() SKM_sk_new_null(UI_STRING)
-# define sk_UI_STRING_free(st) SKM_sk_free(UI_STRING, (st))
-# define sk_UI_STRING_num(st) SKM_sk_num(UI_STRING, (st))
-# define sk_UI_STRING_value(st, i) SKM_sk_value(UI_STRING, (st), (i))
-# define sk_UI_STRING_set(st, i, val) SKM_sk_set(UI_STRING, (st), (i), (val))
-# define sk_UI_STRING_zero(st) SKM_sk_zero(UI_STRING, (st))
-# define sk_UI_STRING_push(st, val) SKM_sk_push(UI_STRING, (st), (val))
-# define sk_UI_STRING_unshift(st, val) SKM_sk_unshift(UI_STRING, (st), (val))
-# define sk_UI_STRING_find(st, val) SKM_sk_find(UI_STRING, (st), (val))
-# define sk_UI_STRING_find_ex(st, val) SKM_sk_find_ex(UI_STRING, (st), (val))
-# define sk_UI_STRING_delete(st, i) SKM_sk_delete(UI_STRING, (st), (i))
-# define sk_UI_STRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(UI_STRING, (st), (ptr))
-# define sk_UI_STRING_insert(st, val, i) SKM_sk_insert(UI_STRING, (st), (val), (i))
-# define sk_UI_STRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(UI_STRING, (st), (cmp))
-# define sk_UI_STRING_dup(st) SKM_sk_dup(UI_STRING, st)
-# define sk_UI_STRING_pop_free(st, free_func) SKM_sk_pop_free(UI_STRING, (st), (free_func))
-# define sk_UI_STRING_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(UI_STRING, (st), (copy_func), (free_func))
-# define sk_UI_STRING_shift(st) SKM_sk_shift(UI_STRING, (st))
-# define sk_UI_STRING_pop(st) SKM_sk_pop(UI_STRING, (st))
-# define sk_UI_STRING_sort(st) SKM_sk_sort(UI_STRING, (st))
-# define sk_UI_STRING_is_sorted(st) SKM_sk_is_sorted(UI_STRING, (st))
-# define sk_X509_new(cmp) SKM_sk_new(X509, (cmp))
-# define sk_X509_new_null() SKM_sk_new_null(X509)
-# define sk_X509_free(st) SKM_sk_free(X509, (st))
-# define sk_X509_num(st) SKM_sk_num(X509, (st))
-# define sk_X509_value(st, i) SKM_sk_value(X509, (st), (i))
-# define sk_X509_set(st, i, val) SKM_sk_set(X509, (st), (i), (val))
-# define sk_X509_zero(st) SKM_sk_zero(X509, (st))
-# define sk_X509_push(st, val) SKM_sk_push(X509, (st), (val))
-# define sk_X509_unshift(st, val) SKM_sk_unshift(X509, (st), (val))
-# define sk_X509_find(st, val) SKM_sk_find(X509, (st), (val))
-# define sk_X509_find_ex(st, val) SKM_sk_find_ex(X509, (st), (val))
-# define sk_X509_delete(st, i) SKM_sk_delete(X509, (st), (i))
-# define sk_X509_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509, (st), (ptr))
-# define sk_X509_insert(st, val, i) SKM_sk_insert(X509, (st), (val), (i))
-# define sk_X509_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509, (st), (cmp))
-# define sk_X509_dup(st) SKM_sk_dup(X509, st)
-# define sk_X509_pop_free(st, free_func) SKM_sk_pop_free(X509, (st), (free_func))
-# define sk_X509_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509, (st), (copy_func), (free_func))
-# define sk_X509_shift(st) SKM_sk_shift(X509, (st))
-# define sk_X509_pop(st) SKM_sk_pop(X509, (st))
-# define sk_X509_sort(st) SKM_sk_sort(X509, (st))
-# define sk_X509_is_sorted(st) SKM_sk_is_sorted(X509, (st))
-# define sk_X509V3_EXT_METHOD_new(cmp) SKM_sk_new(X509V3_EXT_METHOD, (cmp))
-# define sk_X509V3_EXT_METHOD_new_null() SKM_sk_new_null(X509V3_EXT_METHOD)
-# define sk_X509V3_EXT_METHOD_free(st) SKM_sk_free(X509V3_EXT_METHOD, (st))
-# define sk_X509V3_EXT_METHOD_num(st) SKM_sk_num(X509V3_EXT_METHOD, (st))
-# define sk_X509V3_EXT_METHOD_value(st, i) SKM_sk_value(X509V3_EXT_METHOD, (st), (i))
-# define sk_X509V3_EXT_METHOD_set(st, i, val) SKM_sk_set(X509V3_EXT_METHOD, (st), (i), (val))
-# define sk_X509V3_EXT_METHOD_zero(st) SKM_sk_zero(X509V3_EXT_METHOD, (st))
-# define sk_X509V3_EXT_METHOD_push(st, val) SKM_sk_push(X509V3_EXT_METHOD, (st), (val))
-# define sk_X509V3_EXT_METHOD_unshift(st, val) SKM_sk_unshift(X509V3_EXT_METHOD, (st), (val))
-# define sk_X509V3_EXT_METHOD_find(st, val) SKM_sk_find(X509V3_EXT_METHOD, (st), (val))
-# define sk_X509V3_EXT_METHOD_find_ex(st, val) SKM_sk_find_ex(X509V3_EXT_METHOD, (st), (val))
-# define sk_X509V3_EXT_METHOD_delete(st, i) SKM_sk_delete(X509V3_EXT_METHOD, (st), (i))
-# define sk_X509V3_EXT_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509V3_EXT_METHOD, (st), (ptr))
-# define sk_X509V3_EXT_METHOD_insert(st, val, i) SKM_sk_insert(X509V3_EXT_METHOD, (st), (val), (i))
-# define sk_X509V3_EXT_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509V3_EXT_METHOD, (st), (cmp))
-# define sk_X509V3_EXT_METHOD_dup(st) SKM_sk_dup(X509V3_EXT_METHOD, st)
-# define sk_X509V3_EXT_METHOD_pop_free(st, free_func) SKM_sk_pop_free(X509V3_EXT_METHOD, (st), (free_func))
-# define sk_X509V3_EXT_METHOD_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509V3_EXT_METHOD, (st), (copy_func), (free_func))
-# define sk_X509V3_EXT_METHOD_shift(st) SKM_sk_shift(X509V3_EXT_METHOD, (st))
-# define sk_X509V3_EXT_METHOD_pop(st) SKM_sk_pop(X509V3_EXT_METHOD, (st))
-# define sk_X509V3_EXT_METHOD_sort(st) SKM_sk_sort(X509V3_EXT_METHOD, (st))
-# define sk_X509V3_EXT_METHOD_is_sorted(st) SKM_sk_is_sorted(X509V3_EXT_METHOD, (st))
-# define sk_X509_ALGOR_new(cmp) SKM_sk_new(X509_ALGOR, (cmp))
-# define sk_X509_ALGOR_new_null() SKM_sk_new_null(X509_ALGOR)
-# define sk_X509_ALGOR_free(st) SKM_sk_free(X509_ALGOR, (st))
-# define sk_X509_ALGOR_num(st) SKM_sk_num(X509_ALGOR, (st))
-# define sk_X509_ALGOR_value(st, i) SKM_sk_value(X509_ALGOR, (st), (i))
-# define sk_X509_ALGOR_set(st, i, val) SKM_sk_set(X509_ALGOR, (st), (i), (val))
-# define sk_X509_ALGOR_zero(st) SKM_sk_zero(X509_ALGOR, (st))
-# define sk_X509_ALGOR_push(st, val) SKM_sk_push(X509_ALGOR, (st), (val))
-# define sk_X509_ALGOR_unshift(st, val) SKM_sk_unshift(X509_ALGOR, (st), (val))
-# define sk_X509_ALGOR_find(st, val) SKM_sk_find(X509_ALGOR, (st), (val))
-# define sk_X509_ALGOR_find_ex(st, val) SKM_sk_find_ex(X509_ALGOR, (st), (val))
-# define sk_X509_ALGOR_delete(st, i) SKM_sk_delete(X509_ALGOR, (st), (i))
-# define sk_X509_ALGOR_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ALGOR, (st), (ptr))
-# define sk_X509_ALGOR_insert(st, val, i) SKM_sk_insert(X509_ALGOR, (st), (val), (i))
-# define sk_X509_ALGOR_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_ALGOR, (st), (cmp))
-# define sk_X509_ALGOR_dup(st) SKM_sk_dup(X509_ALGOR, st)
-# define sk_X509_ALGOR_pop_free(st, free_func) SKM_sk_pop_free(X509_ALGOR, (st), (free_func))
-# define sk_X509_ALGOR_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_ALGOR, (st), (copy_func), (free_func))
-# define sk_X509_ALGOR_shift(st) SKM_sk_shift(X509_ALGOR, (st))
-# define sk_X509_ALGOR_pop(st) SKM_sk_pop(X509_ALGOR, (st))
-# define sk_X509_ALGOR_sort(st) SKM_sk_sort(X509_ALGOR, (st))
-# define sk_X509_ALGOR_is_sorted(st) SKM_sk_is_sorted(X509_ALGOR, (st))
-# define sk_X509_ATTRIBUTE_new(cmp) SKM_sk_new(X509_ATTRIBUTE, (cmp))
-# define sk_X509_ATTRIBUTE_new_null() SKM_sk_new_null(X509_ATTRIBUTE)
-# define sk_X509_ATTRIBUTE_free(st) SKM_sk_free(X509_ATTRIBUTE, (st))
-# define sk_X509_ATTRIBUTE_num(st) SKM_sk_num(X509_ATTRIBUTE, (st))
-# define sk_X509_ATTRIBUTE_value(st, i) SKM_sk_value(X509_ATTRIBUTE, (st), (i))
-# define sk_X509_ATTRIBUTE_set(st, i, val) SKM_sk_set(X509_ATTRIBUTE, (st), (i), (val))
-# define sk_X509_ATTRIBUTE_zero(st) SKM_sk_zero(X509_ATTRIBUTE, (st))
-# define sk_X509_ATTRIBUTE_push(st, val) SKM_sk_push(X509_ATTRIBUTE, (st), (val))
-# define sk_X509_ATTRIBUTE_unshift(st, val) SKM_sk_unshift(X509_ATTRIBUTE, (st), (val))
-# define sk_X509_ATTRIBUTE_find(st, val) SKM_sk_find(X509_ATTRIBUTE, (st), (val))
-# define sk_X509_ATTRIBUTE_find_ex(st, val) SKM_sk_find_ex(X509_ATTRIBUTE, (st), (val))
-# define sk_X509_ATTRIBUTE_delete(st, i) SKM_sk_delete(X509_ATTRIBUTE, (st), (i))
-# define sk_X509_ATTRIBUTE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ATTRIBUTE, (st), (ptr))
-# define sk_X509_ATTRIBUTE_insert(st, val, i) SKM_sk_insert(X509_ATTRIBUTE, (st), (val), (i))
-# define sk_X509_ATTRIBUTE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_ATTRIBUTE, (st), (cmp))
-# define sk_X509_ATTRIBUTE_dup(st) SKM_sk_dup(X509_ATTRIBUTE, st)
-# define sk_X509_ATTRIBUTE_pop_free(st, free_func) SKM_sk_pop_free(X509_ATTRIBUTE, (st), (free_func))
-# define sk_X509_ATTRIBUTE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_ATTRIBUTE, (st), (copy_func), (free_func))
-# define sk_X509_ATTRIBUTE_shift(st) SKM_sk_shift(X509_ATTRIBUTE, (st))
-# define sk_X509_ATTRIBUTE_pop(st) SKM_sk_pop(X509_ATTRIBUTE, (st))
-# define sk_X509_ATTRIBUTE_sort(st) SKM_sk_sort(X509_ATTRIBUTE, (st))
-# define sk_X509_ATTRIBUTE_is_sorted(st) SKM_sk_is_sorted(X509_ATTRIBUTE, (st))
-# define sk_X509_CRL_new(cmp) SKM_sk_new(X509_CRL, (cmp))
-# define sk_X509_CRL_new_null() SKM_sk_new_null(X509_CRL)
-# define sk_X509_CRL_free(st) SKM_sk_free(X509_CRL, (st))
-# define sk_X509_CRL_num(st) SKM_sk_num(X509_CRL, (st))
-# define sk_X509_CRL_value(st, i) SKM_sk_value(X509_CRL, (st), (i))
-# define sk_X509_CRL_set(st, i, val) SKM_sk_set(X509_CRL, (st), (i), (val))
-# define sk_X509_CRL_zero(st) SKM_sk_zero(X509_CRL, (st))
-# define sk_X509_CRL_push(st, val) SKM_sk_push(X509_CRL, (st), (val))
-# define sk_X509_CRL_unshift(st, val) SKM_sk_unshift(X509_CRL, (st), (val))
-# define sk_X509_CRL_find(st, val) SKM_sk_find(X509_CRL, (st), (val))
-# define sk_X509_CRL_find_ex(st, val) SKM_sk_find_ex(X509_CRL, (st), (val))
-# define sk_X509_CRL_delete(st, i) SKM_sk_delete(X509_CRL, (st), (i))
-# define sk_X509_CRL_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_CRL, (st), (ptr))
-# define sk_X509_CRL_insert(st, val, i) SKM_sk_insert(X509_CRL, (st), (val), (i))
-# define sk_X509_CRL_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_CRL, (st), (cmp))
-# define sk_X509_CRL_dup(st) SKM_sk_dup(X509_CRL, st)
-# define sk_X509_CRL_pop_free(st, free_func) SKM_sk_pop_free(X509_CRL, (st), (free_func))
-# define sk_X509_CRL_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_CRL, (st), (copy_func), (free_func))
-# define sk_X509_CRL_shift(st) SKM_sk_shift(X509_CRL, (st))
-# define sk_X509_CRL_pop(st) SKM_sk_pop(X509_CRL, (st))
-# define sk_X509_CRL_sort(st) SKM_sk_sort(X509_CRL, (st))
-# define sk_X509_CRL_is_sorted(st) SKM_sk_is_sorted(X509_CRL, (st))
-# define sk_X509_EXTENSION_new(cmp) SKM_sk_new(X509_EXTENSION, (cmp))
-# define sk_X509_EXTENSION_new_null() SKM_sk_new_null(X509_EXTENSION)
-# define sk_X509_EXTENSION_free(st) SKM_sk_free(X509_EXTENSION, (st))
-# define sk_X509_EXTENSION_num(st) SKM_sk_num(X509_EXTENSION, (st))
-# define sk_X509_EXTENSION_value(st, i) SKM_sk_value(X509_EXTENSION, (st), (i))
-# define sk_X509_EXTENSION_set(st, i, val) SKM_sk_set(X509_EXTENSION, (st), (i), (val))
-# define sk_X509_EXTENSION_zero(st) SKM_sk_zero(X509_EXTENSION, (st))
-# define sk_X509_EXTENSION_push(st, val) SKM_sk_push(X509_EXTENSION, (st), (val))
-# define sk_X509_EXTENSION_unshift(st, val) SKM_sk_unshift(X509_EXTENSION, (st), (val))
-# define sk_X509_EXTENSION_find(st, val) SKM_sk_find(X509_EXTENSION, (st), (val))
-# define sk_X509_EXTENSION_find_ex(st, val) SKM_sk_find_ex(X509_EXTENSION, (st), (val))
-# define sk_X509_EXTENSION_delete(st, i) SKM_sk_delete(X509_EXTENSION, (st), (i))
-# define sk_X509_EXTENSION_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_EXTENSION, (st), (ptr))
-# define sk_X509_EXTENSION_insert(st, val, i) SKM_sk_insert(X509_EXTENSION, (st), (val), (i))
-# define sk_X509_EXTENSION_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_EXTENSION, (st), (cmp))
-# define sk_X509_EXTENSION_dup(st) SKM_sk_dup(X509_EXTENSION, st)
-# define sk_X509_EXTENSION_pop_free(st, free_func) SKM_sk_pop_free(X509_EXTENSION, (st), (free_func))
-# define sk_X509_EXTENSION_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_EXTENSION, (st), (copy_func), (free_func))
-# define sk_X509_EXTENSION_shift(st) SKM_sk_shift(X509_EXTENSION, (st))
-# define sk_X509_EXTENSION_pop(st) SKM_sk_pop(X509_EXTENSION, (st))
-# define sk_X509_EXTENSION_sort(st) SKM_sk_sort(X509_EXTENSION, (st))
-# define sk_X509_EXTENSION_is_sorted(st) SKM_sk_is_sorted(X509_EXTENSION, (st))
-# define sk_X509_INFO_new(cmp) SKM_sk_new(X509_INFO, (cmp))
-# define sk_X509_INFO_new_null() SKM_sk_new_null(X509_INFO)
-# define sk_X509_INFO_free(st) SKM_sk_free(X509_INFO, (st))
-# define sk_X509_INFO_num(st) SKM_sk_num(X509_INFO, (st))
-# define sk_X509_INFO_value(st, i) SKM_sk_value(X509_INFO, (st), (i))
-# define sk_X509_INFO_set(st, i, val) SKM_sk_set(X509_INFO, (st), (i), (val))
-# define sk_X509_INFO_zero(st) SKM_sk_zero(X509_INFO, (st))
-# define sk_X509_INFO_push(st, val) SKM_sk_push(X509_INFO, (st), (val))
-# define sk_X509_INFO_unshift(st, val) SKM_sk_unshift(X509_INFO, (st), (val))
-# define sk_X509_INFO_find(st, val) SKM_sk_find(X509_INFO, (st), (val))
-# define sk_X509_INFO_find_ex(st, val) SKM_sk_find_ex(X509_INFO, (st), (val))
-# define sk_X509_INFO_delete(st, i) SKM_sk_delete(X509_INFO, (st), (i))
-# define sk_X509_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_INFO, (st), (ptr))
-# define sk_X509_INFO_insert(st, val, i) SKM_sk_insert(X509_INFO, (st), (val), (i))
-# define sk_X509_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_INFO, (st), (cmp))
-# define sk_X509_INFO_dup(st) SKM_sk_dup(X509_INFO, st)
-# define sk_X509_INFO_pop_free(st, free_func) SKM_sk_pop_free(X509_INFO, (st), (free_func))
-# define sk_X509_INFO_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_INFO, (st), (copy_func), (free_func))
-# define sk_X509_INFO_shift(st) SKM_sk_shift(X509_INFO, (st))
-# define sk_X509_INFO_pop(st) SKM_sk_pop(X509_INFO, (st))
-# define sk_X509_INFO_sort(st) SKM_sk_sort(X509_INFO, (st))
-# define sk_X509_INFO_is_sorted(st) SKM_sk_is_sorted(X509_INFO, (st))
-# define sk_X509_LOOKUP_new(cmp) SKM_sk_new(X509_LOOKUP, (cmp))
-# define sk_X509_LOOKUP_new_null() SKM_sk_new_null(X509_LOOKUP)
-# define sk_X509_LOOKUP_free(st) SKM_sk_free(X509_LOOKUP, (st))
-# define sk_X509_LOOKUP_num(st) SKM_sk_num(X509_LOOKUP, (st))
-# define sk_X509_LOOKUP_value(st, i) SKM_sk_value(X509_LOOKUP, (st), (i))
-# define sk_X509_LOOKUP_set(st, i, val) SKM_sk_set(X509_LOOKUP, (st), (i), (val))
-# define sk_X509_LOOKUP_zero(st) SKM_sk_zero(X509_LOOKUP, (st))
-# define sk_X509_LOOKUP_push(st, val) SKM_sk_push(X509_LOOKUP, (st), (val))
-# define sk_X509_LOOKUP_unshift(st, val) SKM_sk_unshift(X509_LOOKUP, (st), (val))
-# define sk_X509_LOOKUP_find(st, val) SKM_sk_find(X509_LOOKUP, (st), (val))
-# define sk_X509_LOOKUP_find_ex(st, val) SKM_sk_find_ex(X509_LOOKUP, (st), (val))
-# define sk_X509_LOOKUP_delete(st, i) SKM_sk_delete(X509_LOOKUP, (st), (i))
-# define sk_X509_LOOKUP_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_LOOKUP, (st), (ptr))
-# define sk_X509_LOOKUP_insert(st, val, i) SKM_sk_insert(X509_LOOKUP, (st), (val), (i))
-# define sk_X509_LOOKUP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_LOOKUP, (st), (cmp))
-# define sk_X509_LOOKUP_dup(st) SKM_sk_dup(X509_LOOKUP, st)
-# define sk_X509_LOOKUP_pop_free(st, free_func) SKM_sk_pop_free(X509_LOOKUP, (st), (free_func))
-# define sk_X509_LOOKUP_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_LOOKUP, (st), (copy_func), (free_func))
-# define sk_X509_LOOKUP_shift(st) SKM_sk_shift(X509_LOOKUP, (st))
-# define sk_X509_LOOKUP_pop(st) SKM_sk_pop(X509_LOOKUP, (st))
-# define sk_X509_LOOKUP_sort(st) SKM_sk_sort(X509_LOOKUP, (st))
-# define sk_X509_LOOKUP_is_sorted(st) SKM_sk_is_sorted(X509_LOOKUP, (st))
-# define sk_X509_NAME_new(cmp) SKM_sk_new(X509_NAME, (cmp))
-# define sk_X509_NAME_new_null() SKM_sk_new_null(X509_NAME)
-# define sk_X509_NAME_free(st) SKM_sk_free(X509_NAME, (st))
-# define sk_X509_NAME_num(st) SKM_sk_num(X509_NAME, (st))
-# define sk_X509_NAME_value(st, i) SKM_sk_value(X509_NAME, (st), (i))
-# define sk_X509_NAME_set(st, i, val) SKM_sk_set(X509_NAME, (st), (i), (val))
-# define sk_X509_NAME_zero(st) SKM_sk_zero(X509_NAME, (st))
-# define sk_X509_NAME_push(st, val) SKM_sk_push(X509_NAME, (st), (val))
-# define sk_X509_NAME_unshift(st, val) SKM_sk_unshift(X509_NAME, (st), (val))
-# define sk_X509_NAME_find(st, val) SKM_sk_find(X509_NAME, (st), (val))
-# define sk_X509_NAME_find_ex(st, val) SKM_sk_find_ex(X509_NAME, (st), (val))
-# define sk_X509_NAME_delete(st, i) SKM_sk_delete(X509_NAME, (st), (i))
-# define sk_X509_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME, (st), (ptr))
-# define sk_X509_NAME_insert(st, val, i) SKM_sk_insert(X509_NAME, (st), (val), (i))
-# define sk_X509_NAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_NAME, (st), (cmp))
-# define sk_X509_NAME_dup(st) SKM_sk_dup(X509_NAME, st)
-# define sk_X509_NAME_pop_free(st, free_func) SKM_sk_pop_free(X509_NAME, (st), (free_func))
-# define sk_X509_NAME_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_NAME, (st), (copy_func), (free_func))
-# define sk_X509_NAME_shift(st) SKM_sk_shift(X509_NAME, (st))
-# define sk_X509_NAME_pop(st) SKM_sk_pop(X509_NAME, (st))
-# define sk_X509_NAME_sort(st) SKM_sk_sort(X509_NAME, (st))
-# define sk_X509_NAME_is_sorted(st) SKM_sk_is_sorted(X509_NAME, (st))
-# define sk_X509_NAME_ENTRY_new(cmp) SKM_sk_new(X509_NAME_ENTRY, (cmp))
-# define sk_X509_NAME_ENTRY_new_null() SKM_sk_new_null(X509_NAME_ENTRY)
-# define sk_X509_NAME_ENTRY_free(st) SKM_sk_free(X509_NAME_ENTRY, (st))
-# define sk_X509_NAME_ENTRY_num(st) SKM_sk_num(X509_NAME_ENTRY, (st))
-# define sk_X509_NAME_ENTRY_value(st, i) SKM_sk_value(X509_NAME_ENTRY, (st), (i))
-# define sk_X509_NAME_ENTRY_set(st, i, val) SKM_sk_set(X509_NAME_ENTRY, (st), (i), (val))
-# define sk_X509_NAME_ENTRY_zero(st) SKM_sk_zero(X509_NAME_ENTRY, (st))
-# define sk_X509_NAME_ENTRY_push(st, val) SKM_sk_push(X509_NAME_ENTRY, (st), (val))
-# define sk_X509_NAME_ENTRY_unshift(st, val) SKM_sk_unshift(X509_NAME_ENTRY, (st), (val))
-# define sk_X509_NAME_ENTRY_find(st, val) SKM_sk_find(X509_NAME_ENTRY, (st), (val))
-# define sk_X509_NAME_ENTRY_find_ex(st, val) SKM_sk_find_ex(X509_NAME_ENTRY, (st), (val))
-# define sk_X509_NAME_ENTRY_delete(st, i) SKM_sk_delete(X509_NAME_ENTRY, (st), (i))
-# define sk_X509_NAME_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME_ENTRY, (st), (ptr))
-# define sk_X509_NAME_ENTRY_insert(st, val, i) SKM_sk_insert(X509_NAME_ENTRY, (st), (val), (i))
-# define sk_X509_NAME_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_NAME_ENTRY, (st), (cmp))
-# define sk_X509_NAME_ENTRY_dup(st) SKM_sk_dup(X509_NAME_ENTRY, st)
-# define sk_X509_NAME_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(X509_NAME_ENTRY, (st), (free_func))
-# define sk_X509_NAME_ENTRY_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_NAME_ENTRY, (st), (copy_func), (free_func))
-# define sk_X509_NAME_ENTRY_shift(st) SKM_sk_shift(X509_NAME_ENTRY, (st))
-# define sk_X509_NAME_ENTRY_pop(st) SKM_sk_pop(X509_NAME_ENTRY, (st))
-# define sk_X509_NAME_ENTRY_sort(st) SKM_sk_sort(X509_NAME_ENTRY, (st))
-# define sk_X509_NAME_ENTRY_is_sorted(st) SKM_sk_is_sorted(X509_NAME_ENTRY, (st))
-# define sk_X509_OBJECT_new(cmp) SKM_sk_new(X509_OBJECT, (cmp))
-# define sk_X509_OBJECT_new_null() SKM_sk_new_null(X509_OBJECT)
-# define sk_X509_OBJECT_free(st) SKM_sk_free(X509_OBJECT, (st))
-# define sk_X509_OBJECT_num(st) SKM_sk_num(X509_OBJECT, (st))
-# define sk_X509_OBJECT_value(st, i) SKM_sk_value(X509_OBJECT, (st), (i))
-# define sk_X509_OBJECT_set(st, i, val) SKM_sk_set(X509_OBJECT, (st), (i), (val))
-# define sk_X509_OBJECT_zero(st) SKM_sk_zero(X509_OBJECT, (st))
-# define sk_X509_OBJECT_push(st, val) SKM_sk_push(X509_OBJECT, (st), (val))
-# define sk_X509_OBJECT_unshift(st, val) SKM_sk_unshift(X509_OBJECT, (st), (val))
-# define sk_X509_OBJECT_find(st, val) SKM_sk_find(X509_OBJECT, (st), (val))
-# define sk_X509_OBJECT_find_ex(st, val) SKM_sk_find_ex(X509_OBJECT, (st), (val))
-# define sk_X509_OBJECT_delete(st, i) SKM_sk_delete(X509_OBJECT, (st), (i))
-# define sk_X509_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_OBJECT, (st), (ptr))
-# define sk_X509_OBJECT_insert(st, val, i) SKM_sk_insert(X509_OBJECT, (st), (val), (i))
-# define sk_X509_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_OBJECT, (st), (cmp))
-# define sk_X509_OBJECT_dup(st) SKM_sk_dup(X509_OBJECT, st)
-# define sk_X509_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(X509_OBJECT, (st), (free_func))
-# define sk_X509_OBJECT_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_OBJECT, (st), (copy_func), (free_func))
-# define sk_X509_OBJECT_shift(st) SKM_sk_shift(X509_OBJECT, (st))
-# define sk_X509_OBJECT_pop(st) SKM_sk_pop(X509_OBJECT, (st))
-# define sk_X509_OBJECT_sort(st) SKM_sk_sort(X509_OBJECT, (st))
-# define sk_X509_OBJECT_is_sorted(st) SKM_sk_is_sorted(X509_OBJECT, (st))
-# define sk_X509_POLICY_DATA_new(cmp) SKM_sk_new(X509_POLICY_DATA, (cmp))
-# define sk_X509_POLICY_DATA_new_null() SKM_sk_new_null(X509_POLICY_DATA)
-# define sk_X509_POLICY_DATA_free(st) SKM_sk_free(X509_POLICY_DATA, (st))
-# define sk_X509_POLICY_DATA_num(st) SKM_sk_num(X509_POLICY_DATA, (st))
-# define sk_X509_POLICY_DATA_value(st, i) SKM_sk_value(X509_POLICY_DATA, (st), (i))
-# define sk_X509_POLICY_DATA_set(st, i, val) SKM_sk_set(X509_POLICY_DATA, (st), (i), (val))
-# define sk_X509_POLICY_DATA_zero(st) SKM_sk_zero(X509_POLICY_DATA, (st))
-# define sk_X509_POLICY_DATA_push(st, val) SKM_sk_push(X509_POLICY_DATA, (st), (val))
-# define sk_X509_POLICY_DATA_unshift(st, val) SKM_sk_unshift(X509_POLICY_DATA, (st), (val))
-# define sk_X509_POLICY_DATA_find(st, val) SKM_sk_find(X509_POLICY_DATA, (st), (val))
-# define sk_X509_POLICY_DATA_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_DATA, (st), (val))
-# define sk_X509_POLICY_DATA_delete(st, i) SKM_sk_delete(X509_POLICY_DATA, (st), (i))
-# define sk_X509_POLICY_DATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_DATA, (st), (ptr))
-# define sk_X509_POLICY_DATA_insert(st, val, i) SKM_sk_insert(X509_POLICY_DATA, (st), (val), (i))
-# define sk_X509_POLICY_DATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_DATA, (st), (cmp))
-# define sk_X509_POLICY_DATA_dup(st) SKM_sk_dup(X509_POLICY_DATA, st)
-# define sk_X509_POLICY_DATA_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_DATA, (st), (free_func))
-# define sk_X509_POLICY_DATA_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_POLICY_DATA, (st), (copy_func), (free_func))
-# define sk_X509_POLICY_DATA_shift(st) SKM_sk_shift(X509_POLICY_DATA, (st))
-# define sk_X509_POLICY_DATA_pop(st) SKM_sk_pop(X509_POLICY_DATA, (st))
-# define sk_X509_POLICY_DATA_sort(st) SKM_sk_sort(X509_POLICY_DATA, (st))
-# define sk_X509_POLICY_DATA_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_DATA, (st))
-# define sk_X509_POLICY_NODE_new(cmp) SKM_sk_new(X509_POLICY_NODE, (cmp))
-# define sk_X509_POLICY_NODE_new_null() SKM_sk_new_null(X509_POLICY_NODE)
-# define sk_X509_POLICY_NODE_free(st) SKM_sk_free(X509_POLICY_NODE, (st))
-# define sk_X509_POLICY_NODE_num(st) SKM_sk_num(X509_POLICY_NODE, (st))
-# define sk_X509_POLICY_NODE_value(st, i) SKM_sk_value(X509_POLICY_NODE, (st), (i))
-# define sk_X509_POLICY_NODE_set(st, i, val) SKM_sk_set(X509_POLICY_NODE, (st), (i), (val))
-# define sk_X509_POLICY_NODE_zero(st) SKM_sk_zero(X509_POLICY_NODE, (st))
-# define sk_X509_POLICY_NODE_push(st, val) SKM_sk_push(X509_POLICY_NODE, (st), (val))
-# define sk_X509_POLICY_NODE_unshift(st, val) SKM_sk_unshift(X509_POLICY_NODE, (st), (val))
-# define sk_X509_POLICY_NODE_find(st, val) SKM_sk_find(X509_POLICY_NODE, (st), (val))
-# define sk_X509_POLICY_NODE_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_NODE, (st), (val))
-# define sk_X509_POLICY_NODE_delete(st, i) SKM_sk_delete(X509_POLICY_NODE, (st), (i))
-# define sk_X509_POLICY_NODE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_NODE, (st), (ptr))
-# define sk_X509_POLICY_NODE_insert(st, val, i) SKM_sk_insert(X509_POLICY_NODE, (st), (val), (i))
-# define sk_X509_POLICY_NODE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_NODE, (st), (cmp))
-# define sk_X509_POLICY_NODE_dup(st) SKM_sk_dup(X509_POLICY_NODE, st)
-# define sk_X509_POLICY_NODE_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_NODE, (st), (free_func))
-# define sk_X509_POLICY_NODE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_POLICY_NODE, (st), (copy_func), (free_func))
-# define sk_X509_POLICY_NODE_shift(st) SKM_sk_shift(X509_POLICY_NODE, (st))
-# define sk_X509_POLICY_NODE_pop(st) SKM_sk_pop(X509_POLICY_NODE, (st))
-# define sk_X509_POLICY_NODE_sort(st) SKM_sk_sort(X509_POLICY_NODE, (st))
-# define sk_X509_POLICY_NODE_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_NODE, (st))
-# define sk_X509_PURPOSE_new(cmp) SKM_sk_new(X509_PURPOSE, (cmp))
-# define sk_X509_PURPOSE_new_null() SKM_sk_new_null(X509_PURPOSE)
-# define sk_X509_PURPOSE_free(st) SKM_sk_free(X509_PURPOSE, (st))
-# define sk_X509_PURPOSE_num(st) SKM_sk_num(X509_PURPOSE, (st))
-# define sk_X509_PURPOSE_value(st, i) SKM_sk_value(X509_PURPOSE, (st), (i))
-# define sk_X509_PURPOSE_set(st, i, val) SKM_sk_set(X509_PURPOSE, (st), (i), (val))
-# define sk_X509_PURPOSE_zero(st) SKM_sk_zero(X509_PURPOSE, (st))
-# define sk_X509_PURPOSE_push(st, val) SKM_sk_push(X509_PURPOSE, (st), (val))
-# define sk_X509_PURPOSE_unshift(st, val) SKM_sk_unshift(X509_PURPOSE, (st), (val))
-# define sk_X509_PURPOSE_find(st, val) SKM_sk_find(X509_PURPOSE, (st), (val))
-# define sk_X509_PURPOSE_find_ex(st, val) SKM_sk_find_ex(X509_PURPOSE, (st), (val))
-# define sk_X509_PURPOSE_delete(st, i) SKM_sk_delete(X509_PURPOSE, (st), (i))
-# define sk_X509_PURPOSE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_PURPOSE, (st), (ptr))
-# define sk_X509_PURPOSE_insert(st, val, i) SKM_sk_insert(X509_PURPOSE, (st), (val), (i))
-# define sk_X509_PURPOSE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_PURPOSE, (st), (cmp))
-# define sk_X509_PURPOSE_dup(st) SKM_sk_dup(X509_PURPOSE, st)
-# define sk_X509_PURPOSE_pop_free(st, free_func) SKM_sk_pop_free(X509_PURPOSE, (st), (free_func))
-# define sk_X509_PURPOSE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_PURPOSE, (st), (copy_func), (free_func))
-# define sk_X509_PURPOSE_shift(st) SKM_sk_shift(X509_PURPOSE, (st))
-# define sk_X509_PURPOSE_pop(st) SKM_sk_pop(X509_PURPOSE, (st))
-# define sk_X509_PURPOSE_sort(st) SKM_sk_sort(X509_PURPOSE, (st))
-# define sk_X509_PURPOSE_is_sorted(st) SKM_sk_is_sorted(X509_PURPOSE, (st))
-# define sk_X509_REVOKED_new(cmp) SKM_sk_new(X509_REVOKED, (cmp))
-# define sk_X509_REVOKED_new_null() SKM_sk_new_null(X509_REVOKED)
-# define sk_X509_REVOKED_free(st) SKM_sk_free(X509_REVOKED, (st))
-# define sk_X509_REVOKED_num(st) SKM_sk_num(X509_REVOKED, (st))
-# define sk_X509_REVOKED_value(st, i) SKM_sk_value(X509_REVOKED, (st), (i))
-# define sk_X509_REVOKED_set(st, i, val) SKM_sk_set(X509_REVOKED, (st), (i), (val))
-# define sk_X509_REVOKED_zero(st) SKM_sk_zero(X509_REVOKED, (st))
-# define sk_X509_REVOKED_push(st, val) SKM_sk_push(X509_REVOKED, (st), (val))
-# define sk_X509_REVOKED_unshift(st, val) SKM_sk_unshift(X509_REVOKED, (st), (val))
-# define sk_X509_REVOKED_find(st, val) SKM_sk_find(X509_REVOKED, (st), (val))
-# define sk_X509_REVOKED_find_ex(st, val) SKM_sk_find_ex(X509_REVOKED, (st), (val))
-# define sk_X509_REVOKED_delete(st, i) SKM_sk_delete(X509_REVOKED, (st), (i))
-# define sk_X509_REVOKED_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_REVOKED, (st), (ptr))
-# define sk_X509_REVOKED_insert(st, val, i) SKM_sk_insert(X509_REVOKED, (st), (val), (i))
-# define sk_X509_REVOKED_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_REVOKED, (st), (cmp))
-# define sk_X509_REVOKED_dup(st) SKM_sk_dup(X509_REVOKED, st)
-# define sk_X509_REVOKED_pop_free(st, free_func) SKM_sk_pop_free(X509_REVOKED, (st), (free_func))
-# define sk_X509_REVOKED_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_REVOKED, (st), (copy_func), (free_func))
-# define sk_X509_REVOKED_shift(st) SKM_sk_shift(X509_REVOKED, (st))
-# define sk_X509_REVOKED_pop(st) SKM_sk_pop(X509_REVOKED, (st))
-# define sk_X509_REVOKED_sort(st) SKM_sk_sort(X509_REVOKED, (st))
-# define sk_X509_REVOKED_is_sorted(st) SKM_sk_is_sorted(X509_REVOKED, (st))
-# define sk_X509_TRUST_new(cmp) SKM_sk_new(X509_TRUST, (cmp))
-# define sk_X509_TRUST_new_null() SKM_sk_new_null(X509_TRUST)
-# define sk_X509_TRUST_free(st) SKM_sk_free(X509_TRUST, (st))
-# define sk_X509_TRUST_num(st) SKM_sk_num(X509_TRUST, (st))
-# define sk_X509_TRUST_value(st, i) SKM_sk_value(X509_TRUST, (st), (i))
-# define sk_X509_TRUST_set(st, i, val) SKM_sk_set(X509_TRUST, (st), (i), (val))
-# define sk_X509_TRUST_zero(st) SKM_sk_zero(X509_TRUST, (st))
-# define sk_X509_TRUST_push(st, val) SKM_sk_push(X509_TRUST, (st), (val))
-# define sk_X509_TRUST_unshift(st, val) SKM_sk_unshift(X509_TRUST, (st), (val))
-# define sk_X509_TRUST_find(st, val) SKM_sk_find(X509_TRUST, (st), (val))
-# define sk_X509_TRUST_find_ex(st, val) SKM_sk_find_ex(X509_TRUST, (st), (val))
-# define sk_X509_TRUST_delete(st, i) SKM_sk_delete(X509_TRUST, (st), (i))
-# define sk_X509_TRUST_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_TRUST, (st), (ptr))
-# define sk_X509_TRUST_insert(st, val, i) SKM_sk_insert(X509_TRUST, (st), (val), (i))
-# define sk_X509_TRUST_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_TRUST, (st), (cmp))
-# define sk_X509_TRUST_dup(st) SKM_sk_dup(X509_TRUST, st)
-# define sk_X509_TRUST_pop_free(st, free_func) SKM_sk_pop_free(X509_TRUST, (st), (free_func))
-# define sk_X509_TRUST_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_TRUST, (st), (copy_func), (free_func))
-# define sk_X509_TRUST_shift(st) SKM_sk_shift(X509_TRUST, (st))
-# define sk_X509_TRUST_pop(st) SKM_sk_pop(X509_TRUST, (st))
-# define sk_X509_TRUST_sort(st) SKM_sk_sort(X509_TRUST, (st))
-# define sk_X509_TRUST_is_sorted(st) SKM_sk_is_sorted(X509_TRUST, (st))
-# define sk_X509_VERIFY_PARAM_new(cmp) SKM_sk_new(X509_VERIFY_PARAM, (cmp))
-# define sk_X509_VERIFY_PARAM_new_null() SKM_sk_new_null(X509_VERIFY_PARAM)
-# define sk_X509_VERIFY_PARAM_free(st) SKM_sk_free(X509_VERIFY_PARAM, (st))
-# define sk_X509_VERIFY_PARAM_num(st) SKM_sk_num(X509_VERIFY_PARAM, (st))
-# define sk_X509_VERIFY_PARAM_value(st, i) SKM_sk_value(X509_VERIFY_PARAM, (st), (i))
-# define sk_X509_VERIFY_PARAM_set(st, i, val) SKM_sk_set(X509_VERIFY_PARAM, (st), (i), (val))
-# define sk_X509_VERIFY_PARAM_zero(st) SKM_sk_zero(X509_VERIFY_PARAM, (st))
-# define sk_X509_VERIFY_PARAM_push(st, val) SKM_sk_push(X509_VERIFY_PARAM, (st), (val))
-# define sk_X509_VERIFY_PARAM_unshift(st, val) SKM_sk_unshift(X509_VERIFY_PARAM, (st), (val))
-# define sk_X509_VERIFY_PARAM_find(st, val) SKM_sk_find(X509_VERIFY_PARAM, (st), (val))
-# define sk_X509_VERIFY_PARAM_find_ex(st, val) SKM_sk_find_ex(X509_VERIFY_PARAM, (st), (val))
-# define sk_X509_VERIFY_PARAM_delete(st, i) SKM_sk_delete(X509_VERIFY_PARAM, (st), (i))
-# define sk_X509_VERIFY_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_VERIFY_PARAM, (st), (ptr))
-# define sk_X509_VERIFY_PARAM_insert(st, val, i) SKM_sk_insert(X509_VERIFY_PARAM, (st), (val), (i))
-# define sk_X509_VERIFY_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_VERIFY_PARAM, (st), (cmp))
-# define sk_X509_VERIFY_PARAM_dup(st) SKM_sk_dup(X509_VERIFY_PARAM, st)
-# define sk_X509_VERIFY_PARAM_pop_free(st, free_func) SKM_sk_pop_free(X509_VERIFY_PARAM, (st), (free_func))
-# define sk_X509_VERIFY_PARAM_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_VERIFY_PARAM, (st), (copy_func), (free_func))
-# define sk_X509_VERIFY_PARAM_shift(st) SKM_sk_shift(X509_VERIFY_PARAM, (st))
-# define sk_X509_VERIFY_PARAM_pop(st) SKM_sk_pop(X509_VERIFY_PARAM, (st))
-# define sk_X509_VERIFY_PARAM_sort(st) SKM_sk_sort(X509_VERIFY_PARAM, (st))
-# define sk_X509_VERIFY_PARAM_is_sorted(st) SKM_sk_is_sorted(X509_VERIFY_PARAM, (st))
-# define sk_nid_triple_new(cmp) SKM_sk_new(nid_triple, (cmp))
-# define sk_nid_triple_new_null() SKM_sk_new_null(nid_triple)
-# define sk_nid_triple_free(st) SKM_sk_free(nid_triple, (st))
-# define sk_nid_triple_num(st) SKM_sk_num(nid_triple, (st))
-# define sk_nid_triple_value(st, i) SKM_sk_value(nid_triple, (st), (i))
-# define sk_nid_triple_set(st, i, val) SKM_sk_set(nid_triple, (st), (i), (val))
-# define sk_nid_triple_zero(st) SKM_sk_zero(nid_triple, (st))
-# define sk_nid_triple_push(st, val) SKM_sk_push(nid_triple, (st), (val))
-# define sk_nid_triple_unshift(st, val) SKM_sk_unshift(nid_triple, (st), (val))
-# define sk_nid_triple_find(st, val) SKM_sk_find(nid_triple, (st), (val))
-# define sk_nid_triple_find_ex(st, val) SKM_sk_find_ex(nid_triple, (st), (val))
-# define sk_nid_triple_delete(st, i) SKM_sk_delete(nid_triple, (st), (i))
-# define sk_nid_triple_delete_ptr(st, ptr) SKM_sk_delete_ptr(nid_triple, (st), (ptr))
-# define sk_nid_triple_insert(st, val, i) SKM_sk_insert(nid_triple, (st), (val), (i))
-# define sk_nid_triple_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(nid_triple, (st), (cmp))
-# define sk_nid_triple_dup(st) SKM_sk_dup(nid_triple, st)
-# define sk_nid_triple_pop_free(st, free_func) SKM_sk_pop_free(nid_triple, (st), (free_func))
-# define sk_nid_triple_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(nid_triple, (st), (copy_func), (free_func))
-# define sk_nid_triple_shift(st) SKM_sk_shift(nid_triple, (st))
-# define sk_nid_triple_pop(st) SKM_sk_pop(nid_triple, (st))
-# define sk_nid_triple_sort(st) SKM_sk_sort(nid_triple, (st))
-# define sk_nid_triple_is_sorted(st) SKM_sk_is_sorted(nid_triple, (st))
-# define sk_void_new(cmp) SKM_sk_new(void, (cmp))
-# define sk_void_new_null() SKM_sk_new_null(void)
-# define sk_void_free(st) SKM_sk_free(void, (st))
-# define sk_void_num(st) SKM_sk_num(void, (st))
-# define sk_void_value(st, i) SKM_sk_value(void, (st), (i))
-# define sk_void_set(st, i, val) SKM_sk_set(void, (st), (i), (val))
-# define sk_void_zero(st) SKM_sk_zero(void, (st))
-# define sk_void_push(st, val) SKM_sk_push(void, (st), (val))
-# define sk_void_unshift(st, val) SKM_sk_unshift(void, (st), (val))
-# define sk_void_find(st, val) SKM_sk_find(void, (st), (val))
-# define sk_void_find_ex(st, val) SKM_sk_find_ex(void, (st), (val))
-# define sk_void_delete(st, i) SKM_sk_delete(void, (st), (i))
-# define sk_void_delete_ptr(st, ptr) SKM_sk_delete_ptr(void, (st), (ptr))
-# define sk_void_insert(st, val, i) SKM_sk_insert(void, (st), (val), (i))
-# define sk_void_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(void, (st), (cmp))
-# define sk_void_dup(st) SKM_sk_dup(void, st)
-# define sk_void_pop_free(st, free_func) SKM_sk_pop_free(void, (st), (free_func))
-# define sk_void_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(void, (st), (copy_func), (free_func))
-# define sk_void_shift(st) SKM_sk_shift(void, (st))
-# define sk_void_pop(st) SKM_sk_pop(void, (st))
-# define sk_void_sort(st) SKM_sk_sort(void, (st))
-# define sk_void_is_sorted(st) SKM_sk_is_sorted(void, (st))
-# define sk_OPENSSL_STRING_new(cmp) ((STACK_OF(OPENSSL_STRING) *)sk_new(CHECKED_SK_CMP_FUNC(char, cmp)))
-# define sk_OPENSSL_STRING_new_null() ((STACK_OF(OPENSSL_STRING) *)sk_new_null())
-# define sk_OPENSSL_STRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val))
-# define sk_OPENSSL_STRING_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val))
-# define sk_OPENSSL_STRING_value(st, i) ((OPENSSL_STRING)sk_value(CHECKED_STACK_OF(OPENSSL_STRING, st), i))
-# define sk_OPENSSL_STRING_num(st) SKM_sk_num(OPENSSL_STRING, st)
-# define sk_OPENSSL_STRING_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_SK_FREE_FUNC(char, free_func))
-# define sk_OPENSSL_STRING_deep_copy(st, copy_func, free_func) ((STACK_OF(OPENSSL_STRING) *)sk_deep_copy(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_SK_COPY_FUNC(char, copy_func), CHECKED_SK_FREE_FUNC(char, free_func)))
-# define sk_OPENSSL_STRING_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val), i)
-# define sk_OPENSSL_STRING_free(st) SKM_sk_free(OPENSSL_STRING, st)
-# define sk_OPENSSL_STRING_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_STRING, st), i, CHECKED_PTR_OF(char, val))
-# define sk_OPENSSL_STRING_zero(st) SKM_sk_zero(OPENSSL_STRING, (st))
-# define sk_OPENSSL_STRING_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val))
-# define sk_OPENSSL_STRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_CONST_PTR_OF(char, val))
-# define sk_OPENSSL_STRING_delete(st, i) SKM_sk_delete(OPENSSL_STRING, (st), (i))
-# define sk_OPENSSL_STRING_delete_ptr(st, ptr) (OPENSSL_STRING *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, ptr))
-# define sk_OPENSSL_STRING_set_cmp_func(st, cmp)  \
-        ((int (*)(const char * const *,const char * const *)) \
-        sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_SK_CMP_FUNC(char, cmp)))
-# define sk_OPENSSL_STRING_dup(st) SKM_sk_dup(OPENSSL_STRING, st)
-# define sk_OPENSSL_STRING_shift(st) SKM_sk_shift(OPENSSL_STRING, (st))
-# define sk_OPENSSL_STRING_pop(st) (char *)sk_pop(CHECKED_STACK_OF(OPENSSL_STRING, st))
-# define sk_OPENSSL_STRING_sort(st) SKM_sk_sort(OPENSSL_STRING, (st))
-# define sk_OPENSSL_STRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_STRING, (st))
-# define sk_OPENSSL_BLOCK_new(cmp) ((STACK_OF(OPENSSL_BLOCK) *)sk_new(CHECKED_SK_CMP_FUNC(void, cmp)))
-# define sk_OPENSSL_BLOCK_new_null() ((STACK_OF(OPENSSL_BLOCK) *)sk_new_null())
-# define sk_OPENSSL_BLOCK_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val))
-# define sk_OPENSSL_BLOCK_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val))
-# define sk_OPENSSL_BLOCK_value(st, i) ((OPENSSL_BLOCK)sk_value(CHECKED_STACK_OF(OPENSSL_BLOCK, st), i))
-# define sk_OPENSSL_BLOCK_num(st) SKM_sk_num(OPENSSL_BLOCK, st)
-# define sk_OPENSSL_BLOCK_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_FREE_FUNC(void, free_func))
-# define sk_OPENSSL_BLOCK_deep_copy(st, copy_func, free_func) ((STACK_OF(OPENSSL_BLOCK) *)sk_deep_copy(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_COPY_FUNC(void, copy_func), CHECKED_SK_FREE_FUNC(void, free_func)))
-# define sk_OPENSSL_BLOCK_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val), i)
-# define sk_OPENSSL_BLOCK_free(st) SKM_sk_free(OPENSSL_BLOCK, st)
-# define sk_OPENSSL_BLOCK_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_BLOCK, st), i, CHECKED_PTR_OF(void, val))
-# define sk_OPENSSL_BLOCK_zero(st) SKM_sk_zero(OPENSSL_BLOCK, (st))
-# define sk_OPENSSL_BLOCK_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val))
-# define sk_OPENSSL_BLOCK_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_CONST_PTR_OF(void, val))
-# define sk_OPENSSL_BLOCK_delete(st, i) SKM_sk_delete(OPENSSL_BLOCK, (st), (i))
-# define sk_OPENSSL_BLOCK_delete_ptr(st, ptr) (OPENSSL_BLOCK *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, ptr))
-# define sk_OPENSSL_BLOCK_set_cmp_func(st, cmp)  \
-        ((int (*)(const void * const *,const void * const *)) \
-        sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_CMP_FUNC(void, cmp)))
-# define sk_OPENSSL_BLOCK_dup(st) SKM_sk_dup(OPENSSL_BLOCK, st)
-# define sk_OPENSSL_BLOCK_shift(st) SKM_sk_shift(OPENSSL_BLOCK, (st))
-# define sk_OPENSSL_BLOCK_pop(st) (void *)sk_pop(CHECKED_STACK_OF(OPENSSL_BLOCK, st))
-# define sk_OPENSSL_BLOCK_sort(st) SKM_sk_sort(OPENSSL_BLOCK, (st))
-# define sk_OPENSSL_BLOCK_is_sorted(st) SKM_sk_is_sorted(OPENSSL_BLOCK, (st))
-# define sk_OPENSSL_PSTRING_new(cmp) ((STACK_OF(OPENSSL_PSTRING) *)sk_new(CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp)))
-# define sk_OPENSSL_PSTRING_new_null() ((STACK_OF(OPENSSL_PSTRING) *)sk_new_null())
-# define sk_OPENSSL_PSTRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val))
-# define sk_OPENSSL_PSTRING_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val))
-# define sk_OPENSSL_PSTRING_value(st, i) ((OPENSSL_PSTRING)sk_value(CHECKED_STACK_OF(OPENSSL_PSTRING, st), i))
-# define sk_OPENSSL_PSTRING_num(st) SKM_sk_num(OPENSSL_PSTRING, st)
-# define sk_OPENSSL_PSTRING_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_FREE_FUNC(OPENSSL_STRING, free_func))
-# define sk_OPENSSL_PSTRING_deep_copy(st, copy_func, free_func) ((STACK_OF(OPENSSL_PSTRING) *)sk_deep_copy(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_COPY_FUNC(OPENSSL_STRING, copy_func), CHECKED_SK_FREE_FUNC(OPENSSL_STRING, free_func)))
-# define sk_OPENSSL_PSTRING_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val), i)
-# define sk_OPENSSL_PSTRING_free(st) SKM_sk_free(OPENSSL_PSTRING, st)
-# define sk_OPENSSL_PSTRING_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_PSTRING, st), i, CHECKED_PTR_OF(OPENSSL_STRING, val))
-# define sk_OPENSSL_PSTRING_zero(st) SKM_sk_zero(OPENSSL_PSTRING, (st))
-# define sk_OPENSSL_PSTRING_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val))
-# define sk_OPENSSL_PSTRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_CONST_PTR_OF(OPENSSL_STRING, val))
-# define sk_OPENSSL_PSTRING_delete(st, i) SKM_sk_delete(OPENSSL_PSTRING, (st), (i))
-# define sk_OPENSSL_PSTRING_delete_ptr(st, ptr) (OPENSSL_PSTRING *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, ptr))
-# define sk_OPENSSL_PSTRING_set_cmp_func(st, cmp)  \
-        ((int (*)(const OPENSSL_STRING * const *,const OPENSSL_STRING * const *)) \
-        sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp)))
-# define sk_OPENSSL_PSTRING_dup(st) SKM_sk_dup(OPENSSL_PSTRING, st)
-# define sk_OPENSSL_PSTRING_shift(st) SKM_sk_shift(OPENSSL_PSTRING, (st))
-# define sk_OPENSSL_PSTRING_pop(st) (OPENSSL_STRING *)sk_pop(CHECKED_STACK_OF(OPENSSL_PSTRING, st))
-# define sk_OPENSSL_PSTRING_sort(st) SKM_sk_sort(OPENSSL_PSTRING, (st))
-# define sk_OPENSSL_PSTRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_PSTRING, (st))
-# define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        SKM_ASN1_SET_OF_d2i(ACCESS_DESCRIPTION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-# define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        SKM_ASN1_SET_OF_i2d(ACCESS_DESCRIPTION, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-# define ASN1_seq_pack_ACCESS_DESCRIPTION(st, i2d_func, buf, len) \
-        SKM_ASN1_seq_pack(ACCESS_DESCRIPTION, (st), (i2d_func), (buf), (len))
-# define ASN1_seq_unpack_ACCESS_DESCRIPTION(buf, len, d2i_func, free_func) \
-        SKM_ASN1_seq_unpack(ACCESS_DESCRIPTION, (buf), (len), (d2i_func), (free_func))
-# define d2i_ASN1_SET_OF_ASN1_INTEGER(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        SKM_ASN1_SET_OF_d2i(ASN1_INTEGER, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-# define i2d_ASN1_SET_OF_ASN1_INTEGER(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        SKM_ASN1_SET_OF_i2d(ASN1_INTEGER, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-# define ASN1_seq_pack_ASN1_INTEGER(st, i2d_func, buf, len) \
-        SKM_ASN1_seq_pack(ASN1_INTEGER, (st), (i2d_func), (buf), (len))
-# define ASN1_seq_unpack_ASN1_INTEGER(buf, len, d2i_func, free_func) \
-        SKM_ASN1_seq_unpack(ASN1_INTEGER, (buf), (len), (d2i_func), (free_func))
-# define d2i_ASN1_SET_OF_ASN1_OBJECT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        SKM_ASN1_SET_OF_d2i(ASN1_OBJECT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-# define i2d_ASN1_SET_OF_ASN1_OBJECT(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        SKM_ASN1_SET_OF_i2d(ASN1_OBJECT, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-# define ASN1_seq_pack_ASN1_OBJECT(st, i2d_func, buf, len) \
-        SKM_ASN1_seq_pack(ASN1_OBJECT, (st), (i2d_func), (buf), (len))
-# define ASN1_seq_unpack_ASN1_OBJECT(buf, len, d2i_func, free_func) \
-        SKM_ASN1_seq_unpack(ASN1_OBJECT, (buf), (len), (d2i_func), (free_func))
-# define d2i_ASN1_SET_OF_ASN1_TYPE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        SKM_ASN1_SET_OF_d2i(ASN1_TYPE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-# define i2d_ASN1_SET_OF_ASN1_TYPE(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        SKM_ASN1_SET_OF_i2d(ASN1_TYPE, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-# define ASN1_seq_pack_ASN1_TYPE(st, i2d_func, buf, len) \
-        SKM_ASN1_seq_pack(ASN1_TYPE, (st), (i2d_func), (buf), (len))
-# define ASN1_seq_unpack_ASN1_TYPE(buf, len, d2i_func, free_func) \
-        SKM_ASN1_seq_unpack(ASN1_TYPE, (buf), (len), (d2i_func), (free_func))
-# define d2i_ASN1_SET_OF_ASN1_UTF8STRING(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        SKM_ASN1_SET_OF_d2i(ASN1_UTF8STRING, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-# define i2d_ASN1_SET_OF_ASN1_UTF8STRING(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        SKM_ASN1_SET_OF_i2d(ASN1_UTF8STRING, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-# define ASN1_seq_pack_ASN1_UTF8STRING(st, i2d_func, buf, len) \
-        SKM_ASN1_seq_pack(ASN1_UTF8STRING, (st), (i2d_func), (buf), (len))
-# define ASN1_seq_unpack_ASN1_UTF8STRING(buf, len, d2i_func, free_func) \
-        SKM_ASN1_seq_unpack(ASN1_UTF8STRING, (buf), (len), (d2i_func), (free_func))
-# define d2i_ASN1_SET_OF_DIST_POINT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        SKM_ASN1_SET_OF_d2i(DIST_POINT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-# define i2d_ASN1_SET_OF_DIST_POINT(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        SKM_ASN1_SET_OF_i2d(DIST_POINT, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-# define ASN1_seq_pack_DIST_POINT(st, i2d_func, buf, len) \
-        SKM_ASN1_seq_pack(DIST_POINT, (st), (i2d_func), (buf), (len))
-# define ASN1_seq_unpack_DIST_POINT(buf, len, d2i_func, free_func) \
-        SKM_ASN1_seq_unpack(DIST_POINT, (buf), (len), (d2i_func), (free_func))
-# define d2i_ASN1_SET_OF_ESS_CERT_ID(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        SKM_ASN1_SET_OF_d2i(ESS_CERT_ID, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-# define i2d_ASN1_SET_OF_ESS_CERT_ID(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        SKM_ASN1_SET_OF_i2d(ESS_CERT_ID, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-# define ASN1_seq_pack_ESS_CERT_ID(st, i2d_func, buf, len) \
-        SKM_ASN1_seq_pack(ESS_CERT_ID, (st), (i2d_func), (buf), (len))
-# define ASN1_seq_unpack_ESS_CERT_ID(buf, len, d2i_func, free_func) \
-        SKM_ASN1_seq_unpack(ESS_CERT_ID, (buf), (len), (d2i_func), (free_func))
-# define d2i_ASN1_SET_OF_EVP_MD(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        SKM_ASN1_SET_OF_d2i(EVP_MD, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-# define i2d_ASN1_SET_OF_EVP_MD(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        SKM_ASN1_SET_OF_i2d(EVP_MD, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-# define ASN1_seq_pack_EVP_MD(st, i2d_func, buf, len) \
-        SKM_ASN1_seq_pack(EVP_MD, (st), (i2d_func), (buf), (len))
-# define ASN1_seq_unpack_EVP_MD(buf, len, d2i_func, free_func) \
-        SKM_ASN1_seq_unpack(EVP_MD, (buf), (len), (d2i_func), (free_func))
-# define d2i_ASN1_SET_OF_GENERAL_NAME(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        SKM_ASN1_SET_OF_d2i(GENERAL_NAME, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-# define i2d_ASN1_SET_OF_GENERAL_NAME(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        SKM_ASN1_SET_OF_i2d(GENERAL_NAME, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-# define ASN1_seq_pack_GENERAL_NAME(st, i2d_func, buf, len) \
-        SKM_ASN1_seq_pack(GENERAL_NAME, (st), (i2d_func), (buf), (len))
-# define ASN1_seq_unpack_GENERAL_NAME(buf, len, d2i_func, free_func) \
-        SKM_ASN1_seq_unpack(GENERAL_NAME, (buf), (len), (d2i_func), (free_func))
-# define d2i_ASN1_SET_OF_OCSP_ONEREQ(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        SKM_ASN1_SET_OF_d2i(OCSP_ONEREQ, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-# define i2d_ASN1_SET_OF_OCSP_ONEREQ(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        SKM_ASN1_SET_OF_i2d(OCSP_ONEREQ, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-# define ASN1_seq_pack_OCSP_ONEREQ(st, i2d_func, buf, len) \
-        SKM_ASN1_seq_pack(OCSP_ONEREQ, (st), (i2d_func), (buf), (len))
-# define ASN1_seq_unpack_OCSP_ONEREQ(buf, len, d2i_func, free_func) \
-        SKM_ASN1_seq_unpack(OCSP_ONEREQ, (buf), (len), (d2i_func), (free_func))
-# define d2i_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        SKM_ASN1_SET_OF_d2i(OCSP_SINGLERESP, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-# define i2d_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        SKM_ASN1_SET_OF_i2d(OCSP_SINGLERESP, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-# define ASN1_seq_pack_OCSP_SINGLERESP(st, i2d_func, buf, len) \
-        SKM_ASN1_seq_pack(OCSP_SINGLERESP, (st), (i2d_func), (buf), (len))
-# define ASN1_seq_unpack_OCSP_SINGLERESP(buf, len, d2i_func, free_func) \
-        SKM_ASN1_seq_unpack(OCSP_SINGLERESP, (buf), (len), (d2i_func), (free_func))
-# define d2i_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        SKM_ASN1_SET_OF_d2i(PKCS12_SAFEBAG, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-# define i2d_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        SKM_ASN1_SET_OF_i2d(PKCS12_SAFEBAG, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-# define ASN1_seq_pack_PKCS12_SAFEBAG(st, i2d_func, buf, len) \
-        SKM_ASN1_seq_pack(PKCS12_SAFEBAG, (st), (i2d_func), (buf), (len))
-# define ASN1_seq_unpack_PKCS12_SAFEBAG(buf, len, d2i_func, free_func) \
-        SKM_ASN1_seq_unpack(PKCS12_SAFEBAG, (buf), (len), (d2i_func), (free_func))
-# define d2i_ASN1_SET_OF_PKCS7(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        SKM_ASN1_SET_OF_d2i(PKCS7, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-# define i2d_ASN1_SET_OF_PKCS7(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        SKM_ASN1_SET_OF_i2d(PKCS7, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-# define ASN1_seq_pack_PKCS7(st, i2d_func, buf, len) \
-        SKM_ASN1_seq_pack(PKCS7, (st), (i2d_func), (buf), (len))
-# define ASN1_seq_unpack_PKCS7(buf, len, d2i_func, free_func) \
-        SKM_ASN1_seq_unpack(PKCS7, (buf), (len), (d2i_func), (free_func))
-# define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        SKM_ASN1_SET_OF_d2i(PKCS7_RECIP_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-# define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        SKM_ASN1_SET_OF_i2d(PKCS7_RECIP_INFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-# define ASN1_seq_pack_PKCS7_RECIP_INFO(st, i2d_func, buf, len) \
-        SKM_ASN1_seq_pack(PKCS7_RECIP_INFO, (st), (i2d_func), (buf), (len))
-# define ASN1_seq_unpack_PKCS7_RECIP_INFO(buf, len, d2i_func, free_func) \
-        SKM_ASN1_seq_unpack(PKCS7_RECIP_INFO, (buf), (len), (d2i_func), (free_func))
-# define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        SKM_ASN1_SET_OF_d2i(PKCS7_SIGNER_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-# define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        SKM_ASN1_SET_OF_i2d(PKCS7_SIGNER_INFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-# define ASN1_seq_pack_PKCS7_SIGNER_INFO(st, i2d_func, buf, len) \
-        SKM_ASN1_seq_pack(PKCS7_SIGNER_INFO, (st), (i2d_func), (buf), (len))
-# define ASN1_seq_unpack_PKCS7_SIGNER_INFO(buf, len, d2i_func, free_func) \
-        SKM_ASN1_seq_unpack(PKCS7_SIGNER_INFO, (buf), (len), (d2i_func), (free_func))
-# define d2i_ASN1_SET_OF_POLICYINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        SKM_ASN1_SET_OF_d2i(POLICYINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-# define i2d_ASN1_SET_OF_POLICYINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        SKM_ASN1_SET_OF_i2d(POLICYINFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-# define ASN1_seq_pack_POLICYINFO(st, i2d_func, buf, len) \
-        SKM_ASN1_seq_pack(POLICYINFO, (st), (i2d_func), (buf), (len))
-# define ASN1_seq_unpack_POLICYINFO(buf, len, d2i_func, free_func) \
-        SKM_ASN1_seq_unpack(POLICYINFO, (buf), (len), (d2i_func), (free_func))
-# define d2i_ASN1_SET_OF_POLICYQUALINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        SKM_ASN1_SET_OF_d2i(POLICYQUALINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-# define i2d_ASN1_SET_OF_POLICYQUALINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        SKM_ASN1_SET_OF_i2d(POLICYQUALINFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-# define ASN1_seq_pack_POLICYQUALINFO(st, i2d_func, buf, len) \
-        SKM_ASN1_seq_pack(POLICYQUALINFO, (st), (i2d_func), (buf), (len))
-# define ASN1_seq_unpack_POLICYQUALINFO(buf, len, d2i_func, free_func) \
-        SKM_ASN1_seq_unpack(POLICYQUALINFO, (buf), (len), (d2i_func), (free_func))
-# define d2i_ASN1_SET_OF_SXNETID(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        SKM_ASN1_SET_OF_d2i(SXNETID, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-# define i2d_ASN1_SET_OF_SXNETID(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        SKM_ASN1_SET_OF_i2d(SXNETID, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-# define ASN1_seq_pack_SXNETID(st, i2d_func, buf, len) \
-        SKM_ASN1_seq_pack(SXNETID, (st), (i2d_func), (buf), (len))
-# define ASN1_seq_unpack_SXNETID(buf, len, d2i_func, free_func) \
-        SKM_ASN1_seq_unpack(SXNETID, (buf), (len), (d2i_func), (free_func))
-# define d2i_ASN1_SET_OF_X509(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        SKM_ASN1_SET_OF_d2i(X509, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-# define i2d_ASN1_SET_OF_X509(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        SKM_ASN1_SET_OF_i2d(X509, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-# define ASN1_seq_pack_X509(st, i2d_func, buf, len) \
-        SKM_ASN1_seq_pack(X509, (st), (i2d_func), (buf), (len))
-# define ASN1_seq_unpack_X509(buf, len, d2i_func, free_func) \
-        SKM_ASN1_seq_unpack(X509, (buf), (len), (d2i_func), (free_func))
-# define d2i_ASN1_SET_OF_X509_ALGOR(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        SKM_ASN1_SET_OF_d2i(X509_ALGOR, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-# define i2d_ASN1_SET_OF_X509_ALGOR(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        SKM_ASN1_SET_OF_i2d(X509_ALGOR, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-# define ASN1_seq_pack_X509_ALGOR(st, i2d_func, buf, len) \
-        SKM_ASN1_seq_pack(X509_ALGOR, (st), (i2d_func), (buf), (len))
-# define ASN1_seq_unpack_X509_ALGOR(buf, len, d2i_func, free_func) \
-        SKM_ASN1_seq_unpack(X509_ALGOR, (buf), (len), (d2i_func), (free_func))
-# define d2i_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        SKM_ASN1_SET_OF_d2i(X509_ATTRIBUTE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-# define i2d_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        SKM_ASN1_SET_OF_i2d(X509_ATTRIBUTE, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-# define ASN1_seq_pack_X509_ATTRIBUTE(st, i2d_func, buf, len) \
-        SKM_ASN1_seq_pack(X509_ATTRIBUTE, (st), (i2d_func), (buf), (len))
-# define ASN1_seq_unpack_X509_ATTRIBUTE(buf, len, d2i_func, free_func) \
-        SKM_ASN1_seq_unpack(X509_ATTRIBUTE, (buf), (len), (d2i_func), (free_func))
-# define d2i_ASN1_SET_OF_X509_CRL(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        SKM_ASN1_SET_OF_d2i(X509_CRL, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-# define i2d_ASN1_SET_OF_X509_CRL(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        SKM_ASN1_SET_OF_i2d(X509_CRL, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-# define ASN1_seq_pack_X509_CRL(st, i2d_func, buf, len) \
-        SKM_ASN1_seq_pack(X509_CRL, (st), (i2d_func), (buf), (len))
-# define ASN1_seq_unpack_X509_CRL(buf, len, d2i_func, free_func) \
-        SKM_ASN1_seq_unpack(X509_CRL, (buf), (len), (d2i_func), (free_func))
-# define d2i_ASN1_SET_OF_X509_EXTENSION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        SKM_ASN1_SET_OF_d2i(X509_EXTENSION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-# define i2d_ASN1_SET_OF_X509_EXTENSION(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        SKM_ASN1_SET_OF_i2d(X509_EXTENSION, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-# define ASN1_seq_pack_X509_EXTENSION(st, i2d_func, buf, len) \
-        SKM_ASN1_seq_pack(X509_EXTENSION, (st), (i2d_func), (buf), (len))
-# define ASN1_seq_unpack_X509_EXTENSION(buf, len, d2i_func, free_func) \
-        SKM_ASN1_seq_unpack(X509_EXTENSION, (buf), (len), (d2i_func), (free_func))
-# define d2i_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        SKM_ASN1_SET_OF_d2i(X509_NAME_ENTRY, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-# define i2d_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        SKM_ASN1_SET_OF_i2d(X509_NAME_ENTRY, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-# define ASN1_seq_pack_X509_NAME_ENTRY(st, i2d_func, buf, len) \
-        SKM_ASN1_seq_pack(X509_NAME_ENTRY, (st), (i2d_func), (buf), (len))
-# define ASN1_seq_unpack_X509_NAME_ENTRY(buf, len, d2i_func, free_func) \
-        SKM_ASN1_seq_unpack(X509_NAME_ENTRY, (buf), (len), (d2i_func), (free_func))
-# define d2i_ASN1_SET_OF_X509_REVOKED(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        SKM_ASN1_SET_OF_d2i(X509_REVOKED, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-# define i2d_ASN1_SET_OF_X509_REVOKED(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        SKM_ASN1_SET_OF_i2d(X509_REVOKED, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-# define ASN1_seq_pack_X509_REVOKED(st, i2d_func, buf, len) \
-        SKM_ASN1_seq_pack(X509_REVOKED, (st), (i2d_func), (buf), (len))
-# define ASN1_seq_unpack_X509_REVOKED(buf, len, d2i_func, free_func) \
-        SKM_ASN1_seq_unpack(X509_REVOKED, (buf), (len), (d2i_func), (free_func))
-# define PKCS12_decrypt_d2i_PKCS12_SAFEBAG(algor, d2i_func, free_func, pass, passlen, oct, seq) \
-        SKM_PKCS12_decrypt_d2i(PKCS12_SAFEBAG, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq))
-# define PKCS12_decrypt_d2i_PKCS7(algor, d2i_func, free_func, pass, passlen, oct, seq) \
-        SKM_PKCS12_decrypt_d2i(PKCS7, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq))
-# define lh_ADDED_OBJ_new() LHM_lh_new(ADDED_OBJ,added_obj)
-# define lh_ADDED_OBJ_insert(lh,inst) LHM_lh_insert(ADDED_OBJ,lh,inst)
-# define lh_ADDED_OBJ_retrieve(lh,inst) LHM_lh_retrieve(ADDED_OBJ,lh,inst)
-# define lh_ADDED_OBJ_delete(lh,inst) LHM_lh_delete(ADDED_OBJ,lh,inst)
-# define lh_ADDED_OBJ_doall(lh,fn) LHM_lh_doall(ADDED_OBJ,lh,fn)
-# define lh_ADDED_OBJ_doall_arg(lh,fn,arg_type,arg) \
-  LHM_lh_doall_arg(ADDED_OBJ,lh,fn,arg_type,arg)
-# define lh_ADDED_OBJ_error(lh) LHM_lh_error(ADDED_OBJ,lh)
-# define lh_ADDED_OBJ_num_items(lh) LHM_lh_num_items(ADDED_OBJ,lh)
-# define lh_ADDED_OBJ_down_load(lh) LHM_lh_down_load(ADDED_OBJ,lh)
-# define lh_ADDED_OBJ_node_stats_bio(lh,out) \
-  LHM_lh_node_stats_bio(ADDED_OBJ,lh,out)
-# define lh_ADDED_OBJ_node_usage_stats_bio(lh,out) \
-  LHM_lh_node_usage_stats_bio(ADDED_OBJ,lh,out)
-# define lh_ADDED_OBJ_stats_bio(lh,out) \
-  LHM_lh_stats_bio(ADDED_OBJ,lh,out)
-# define lh_ADDED_OBJ_free(lh) LHM_lh_free(ADDED_OBJ,lh)
-# define lh_APP_INFO_new() LHM_lh_new(APP_INFO,app_info)
-# define lh_APP_INFO_insert(lh,inst) LHM_lh_insert(APP_INFO,lh,inst)
-# define lh_APP_INFO_retrieve(lh,inst) LHM_lh_retrieve(APP_INFO,lh,inst)
-# define lh_APP_INFO_delete(lh,inst) LHM_lh_delete(APP_INFO,lh,inst)
-# define lh_APP_INFO_doall(lh,fn) LHM_lh_doall(APP_INFO,lh,fn)
-# define lh_APP_INFO_doall_arg(lh,fn,arg_type,arg) \
-  LHM_lh_doall_arg(APP_INFO,lh,fn,arg_type,arg)
-# define lh_APP_INFO_error(lh) LHM_lh_error(APP_INFO,lh)
-# define lh_APP_INFO_num_items(lh) LHM_lh_num_items(APP_INFO,lh)
-# define lh_APP_INFO_down_load(lh) LHM_lh_down_load(APP_INFO,lh)
-# define lh_APP_INFO_node_stats_bio(lh,out) \
-  LHM_lh_node_stats_bio(APP_INFO,lh,out)
-# define lh_APP_INFO_node_usage_stats_bio(lh,out) \
-  LHM_lh_node_usage_stats_bio(APP_INFO,lh,out)
-# define lh_APP_INFO_stats_bio(lh,out) \
-  LHM_lh_stats_bio(APP_INFO,lh,out)
-# define lh_APP_INFO_free(lh) LHM_lh_free(APP_INFO,lh)
-# define lh_CONF_VALUE_new() LHM_lh_new(CONF_VALUE,conf_value)
-# define lh_CONF_VALUE_insert(lh,inst) LHM_lh_insert(CONF_VALUE,lh,inst)
-# define lh_CONF_VALUE_retrieve(lh,inst) LHM_lh_retrieve(CONF_VALUE,lh,inst)
-# define lh_CONF_VALUE_delete(lh,inst) LHM_lh_delete(CONF_VALUE,lh,inst)
-# define lh_CONF_VALUE_doall(lh,fn) LHM_lh_doall(CONF_VALUE,lh,fn)
-# define lh_CONF_VALUE_doall_arg(lh,fn,arg_type,arg) \
-  LHM_lh_doall_arg(CONF_VALUE,lh,fn,arg_type,arg)
-# define lh_CONF_VALUE_error(lh) LHM_lh_error(CONF_VALUE,lh)
-# define lh_CONF_VALUE_num_items(lh) LHM_lh_num_items(CONF_VALUE,lh)
-# define lh_CONF_VALUE_down_load(lh) LHM_lh_down_load(CONF_VALUE,lh)
-# define lh_CONF_VALUE_node_stats_bio(lh,out) \
-  LHM_lh_node_stats_bio(CONF_VALUE,lh,out)
-# define lh_CONF_VALUE_node_usage_stats_bio(lh,out) \
-  LHM_lh_node_usage_stats_bio(CONF_VALUE,lh,out)
-# define lh_CONF_VALUE_stats_bio(lh,out) \
-  LHM_lh_stats_bio(CONF_VALUE,lh,out)
-# define lh_CONF_VALUE_free(lh) LHM_lh_free(CONF_VALUE,lh)
-# define lh_ENGINE_PILE_new() LHM_lh_new(ENGINE_PILE,engine_pile)
-# define lh_ENGINE_PILE_insert(lh,inst) LHM_lh_insert(ENGINE_PILE,lh,inst)
-# define lh_ENGINE_PILE_retrieve(lh,inst) LHM_lh_retrieve(ENGINE_PILE,lh,inst)
-# define lh_ENGINE_PILE_delete(lh,inst) LHM_lh_delete(ENGINE_PILE,lh,inst)
-# define lh_ENGINE_PILE_doall(lh,fn) LHM_lh_doall(ENGINE_PILE,lh,fn)
-# define lh_ENGINE_PILE_doall_arg(lh,fn,arg_type,arg) \
-  LHM_lh_doall_arg(ENGINE_PILE,lh,fn,arg_type,arg)
-# define lh_ENGINE_PILE_error(lh) LHM_lh_error(ENGINE_PILE,lh)
-# define lh_ENGINE_PILE_num_items(lh) LHM_lh_num_items(ENGINE_PILE,lh)
-# define lh_ENGINE_PILE_down_load(lh) LHM_lh_down_load(ENGINE_PILE,lh)
-# define lh_ENGINE_PILE_node_stats_bio(lh,out) \
-  LHM_lh_node_stats_bio(ENGINE_PILE,lh,out)
-# define lh_ENGINE_PILE_node_usage_stats_bio(lh,out) \
-  LHM_lh_node_usage_stats_bio(ENGINE_PILE,lh,out)
-# define lh_ENGINE_PILE_stats_bio(lh,out) \
-  LHM_lh_stats_bio(ENGINE_PILE,lh,out)
-# define lh_ENGINE_PILE_free(lh) LHM_lh_free(ENGINE_PILE,lh)
-# define lh_ERR_STATE_new() LHM_lh_new(ERR_STATE,err_state)
-# define lh_ERR_STATE_insert(lh,inst) LHM_lh_insert(ERR_STATE,lh,inst)
-# define lh_ERR_STATE_retrieve(lh,inst) LHM_lh_retrieve(ERR_STATE,lh,inst)
-# define lh_ERR_STATE_delete(lh,inst) LHM_lh_delete(ERR_STATE,lh,inst)
-# define lh_ERR_STATE_doall(lh,fn) LHM_lh_doall(ERR_STATE,lh,fn)
-# define lh_ERR_STATE_doall_arg(lh,fn,arg_type,arg) \
-  LHM_lh_doall_arg(ERR_STATE,lh,fn,arg_type,arg)
-# define lh_ERR_STATE_error(lh) LHM_lh_error(ERR_STATE,lh)
-# define lh_ERR_STATE_num_items(lh) LHM_lh_num_items(ERR_STATE,lh)
-# define lh_ERR_STATE_down_load(lh) LHM_lh_down_load(ERR_STATE,lh)
-# define lh_ERR_STATE_node_stats_bio(lh,out) \
-  LHM_lh_node_stats_bio(ERR_STATE,lh,out)
-# define lh_ERR_STATE_node_usage_stats_bio(lh,out) \
-  LHM_lh_node_usage_stats_bio(ERR_STATE,lh,out)
-# define lh_ERR_STATE_stats_bio(lh,out) \
-  LHM_lh_stats_bio(ERR_STATE,lh,out)
-# define lh_ERR_STATE_free(lh) LHM_lh_free(ERR_STATE,lh)
-# define lh_ERR_STRING_DATA_new() LHM_lh_new(ERR_STRING_DATA,err_string_data)
-# define lh_ERR_STRING_DATA_insert(lh,inst) LHM_lh_insert(ERR_STRING_DATA,lh,inst)
-# define lh_ERR_STRING_DATA_retrieve(lh,inst) LHM_lh_retrieve(ERR_STRING_DATA,lh,inst)
-# define lh_ERR_STRING_DATA_delete(lh,inst) LHM_lh_delete(ERR_STRING_DATA,lh,inst)
-# define lh_ERR_STRING_DATA_doall(lh,fn) LHM_lh_doall(ERR_STRING_DATA,lh,fn)
-# define lh_ERR_STRING_DATA_doall_arg(lh,fn,arg_type,arg) \
-  LHM_lh_doall_arg(ERR_STRING_DATA,lh,fn,arg_type,arg)
-# define lh_ERR_STRING_DATA_error(lh) LHM_lh_error(ERR_STRING_DATA,lh)
-# define lh_ERR_STRING_DATA_num_items(lh) LHM_lh_num_items(ERR_STRING_DATA,lh)
-# define lh_ERR_STRING_DATA_down_load(lh) LHM_lh_down_load(ERR_STRING_DATA,lh)
-# define lh_ERR_STRING_DATA_node_stats_bio(lh,out) \
-  LHM_lh_node_stats_bio(ERR_STRING_DATA,lh,out)
-# define lh_ERR_STRING_DATA_node_usage_stats_bio(lh,out) \
-  LHM_lh_node_usage_stats_bio(ERR_STRING_DATA,lh,out)
-# define lh_ERR_STRING_DATA_stats_bio(lh,out) \
-  LHM_lh_stats_bio(ERR_STRING_DATA,lh,out)
-# define lh_ERR_STRING_DATA_free(lh) LHM_lh_free(ERR_STRING_DATA,lh)
-# define lh_EX_CLASS_ITEM_new() LHM_lh_new(EX_CLASS_ITEM,ex_class_item)
-# define lh_EX_CLASS_ITEM_insert(lh,inst) LHM_lh_insert(EX_CLASS_ITEM,lh,inst)
-# define lh_EX_CLASS_ITEM_retrieve(lh,inst) LHM_lh_retrieve(EX_CLASS_ITEM,lh,inst)
-# define lh_EX_CLASS_ITEM_delete(lh,inst) LHM_lh_delete(EX_CLASS_ITEM,lh,inst)
-# define lh_EX_CLASS_ITEM_doall(lh,fn) LHM_lh_doall(EX_CLASS_ITEM,lh,fn)
-# define lh_EX_CLASS_ITEM_doall_arg(lh,fn,arg_type,arg) \
-  LHM_lh_doall_arg(EX_CLASS_ITEM,lh,fn,arg_type,arg)
-# define lh_EX_CLASS_ITEM_error(lh) LHM_lh_error(EX_CLASS_ITEM,lh)
-# define lh_EX_CLASS_ITEM_num_items(lh) LHM_lh_num_items(EX_CLASS_ITEM,lh)
-# define lh_EX_CLASS_ITEM_down_load(lh) LHM_lh_down_load(EX_CLASS_ITEM,lh)
-# define lh_EX_CLASS_ITEM_node_stats_bio(lh,out) \
-  LHM_lh_node_stats_bio(EX_CLASS_ITEM,lh,out)
-# define lh_EX_CLASS_ITEM_node_usage_stats_bio(lh,out) \
-  LHM_lh_node_usage_stats_bio(EX_CLASS_ITEM,lh,out)
-# define lh_EX_CLASS_ITEM_stats_bio(lh,out) \
-  LHM_lh_stats_bio(EX_CLASS_ITEM,lh,out)
-# define lh_EX_CLASS_ITEM_free(lh) LHM_lh_free(EX_CLASS_ITEM,lh)
-# define lh_FUNCTION_new() LHM_lh_new(FUNCTION,function)
-# define lh_FUNCTION_insert(lh,inst) LHM_lh_insert(FUNCTION,lh,inst)
-# define lh_FUNCTION_retrieve(lh,inst) LHM_lh_retrieve(FUNCTION,lh,inst)
-# define lh_FUNCTION_delete(lh,inst) LHM_lh_delete(FUNCTION,lh,inst)
-# define lh_FUNCTION_doall(lh,fn) LHM_lh_doall(FUNCTION,lh,fn)
-# define lh_FUNCTION_doall_arg(lh,fn,arg_type,arg) \
-  LHM_lh_doall_arg(FUNCTION,lh,fn,arg_type,arg)
-# define lh_FUNCTION_error(lh) LHM_lh_error(FUNCTION,lh)
-# define lh_FUNCTION_num_items(lh) LHM_lh_num_items(FUNCTION,lh)
-# define lh_FUNCTION_down_load(lh) LHM_lh_down_load(FUNCTION,lh)
-# define lh_FUNCTION_node_stats_bio(lh,out) \
-  LHM_lh_node_stats_bio(FUNCTION,lh,out)
-# define lh_FUNCTION_node_usage_stats_bio(lh,out) \
-  LHM_lh_node_usage_stats_bio(FUNCTION,lh,out)
-# define lh_FUNCTION_stats_bio(lh,out) \
-  LHM_lh_stats_bio(FUNCTION,lh,out)
-# define lh_FUNCTION_free(lh) LHM_lh_free(FUNCTION,lh)
-# define lh_MEM_new() LHM_lh_new(MEM,mem)
-# define lh_MEM_insert(lh,inst) LHM_lh_insert(MEM,lh,inst)
-# define lh_MEM_retrieve(lh,inst) LHM_lh_retrieve(MEM,lh,inst)
-# define lh_MEM_delete(lh,inst) LHM_lh_delete(MEM,lh,inst)
-# define lh_MEM_doall(lh,fn) LHM_lh_doall(MEM,lh,fn)
-# define lh_MEM_doall_arg(lh,fn,arg_type,arg) \
-  LHM_lh_doall_arg(MEM,lh,fn,arg_type,arg)
-# define lh_MEM_error(lh) LHM_lh_error(MEM,lh)
-# define lh_MEM_num_items(lh) LHM_lh_num_items(MEM,lh)
-# define lh_MEM_down_load(lh) LHM_lh_down_load(MEM,lh)
-# define lh_MEM_node_stats_bio(lh,out) \
-  LHM_lh_node_stats_bio(MEM,lh,out)
-# define lh_MEM_node_usage_stats_bio(lh,out) \
-  LHM_lh_node_usage_stats_bio(MEM,lh,out)
-# define lh_MEM_stats_bio(lh,out) \
-  LHM_lh_stats_bio(MEM,lh,out)
-# define lh_MEM_free(lh) LHM_lh_free(MEM,lh)
-# define lh_OBJ_NAME_new() LHM_lh_new(OBJ_NAME,obj_name)
-# define lh_OBJ_NAME_insert(lh,inst) LHM_lh_insert(OBJ_NAME,lh,inst)
-# define lh_OBJ_NAME_retrieve(lh,inst) LHM_lh_retrieve(OBJ_NAME,lh,inst)
-# define lh_OBJ_NAME_delete(lh,inst) LHM_lh_delete(OBJ_NAME,lh,inst)
-# define lh_OBJ_NAME_doall(lh,fn) LHM_lh_doall(OBJ_NAME,lh,fn)
-# define lh_OBJ_NAME_doall_arg(lh,fn,arg_type,arg) \
-  LHM_lh_doall_arg(OBJ_NAME,lh,fn,arg_type,arg)
-# define lh_OBJ_NAME_error(lh) LHM_lh_error(OBJ_NAME,lh)
-# define lh_OBJ_NAME_num_items(lh) LHM_lh_num_items(OBJ_NAME,lh)
-# define lh_OBJ_NAME_down_load(lh) LHM_lh_down_load(OBJ_NAME,lh)
-# define lh_OBJ_NAME_node_stats_bio(lh,out) \
-  LHM_lh_node_stats_bio(OBJ_NAME,lh,out)
-# define lh_OBJ_NAME_node_usage_stats_bio(lh,out) \
-  LHM_lh_node_usage_stats_bio(OBJ_NAME,lh,out)
-# define lh_OBJ_NAME_stats_bio(lh,out) \
-  LHM_lh_stats_bio(OBJ_NAME,lh,out)
-# define lh_OBJ_NAME_free(lh) LHM_lh_free(OBJ_NAME,lh)
-# define lh_OPENSSL_CSTRING_new() LHM_lh_new(OPENSSL_CSTRING,openssl_cstring)
-# define lh_OPENSSL_CSTRING_insert(lh,inst) LHM_lh_insert(OPENSSL_CSTRING,lh,inst)
-# define lh_OPENSSL_CSTRING_retrieve(lh,inst) LHM_lh_retrieve(OPENSSL_CSTRING,lh,inst)
-# define lh_OPENSSL_CSTRING_delete(lh,inst) LHM_lh_delete(OPENSSL_CSTRING,lh,inst)
-# define lh_OPENSSL_CSTRING_doall(lh,fn) LHM_lh_doall(OPENSSL_CSTRING,lh,fn)
-# define lh_OPENSSL_CSTRING_doall_arg(lh,fn,arg_type,arg) \
-  LHM_lh_doall_arg(OPENSSL_CSTRING,lh,fn,arg_type,arg)
-# define lh_OPENSSL_CSTRING_error(lh) LHM_lh_error(OPENSSL_CSTRING,lh)
-# define lh_OPENSSL_CSTRING_num_items(lh) LHM_lh_num_items(OPENSSL_CSTRING,lh)
-# define lh_OPENSSL_CSTRING_down_load(lh) LHM_lh_down_load(OPENSSL_CSTRING,lh)
-# define lh_OPENSSL_CSTRING_node_stats_bio(lh,out) \
-  LHM_lh_node_stats_bio(OPENSSL_CSTRING,lh,out)
-# define lh_OPENSSL_CSTRING_node_usage_stats_bio(lh,out) \
-  LHM_lh_node_usage_stats_bio(OPENSSL_CSTRING,lh,out)
-# define lh_OPENSSL_CSTRING_stats_bio(lh,out) \
-  LHM_lh_stats_bio(OPENSSL_CSTRING,lh,out)
-# define lh_OPENSSL_CSTRING_free(lh) LHM_lh_free(OPENSSL_CSTRING,lh)
-# define lh_OPENSSL_STRING_new() LHM_lh_new(OPENSSL_STRING,openssl_string)
-# define lh_OPENSSL_STRING_insert(lh,inst) LHM_lh_insert(OPENSSL_STRING,lh,inst)
-# define lh_OPENSSL_STRING_retrieve(lh,inst) LHM_lh_retrieve(OPENSSL_STRING,lh,inst)
-# define lh_OPENSSL_STRING_delete(lh,inst) LHM_lh_delete(OPENSSL_STRING,lh,inst)
-# define lh_OPENSSL_STRING_doall(lh,fn) LHM_lh_doall(OPENSSL_STRING,lh,fn)
-# define lh_OPENSSL_STRING_doall_arg(lh,fn,arg_type,arg) \
-  LHM_lh_doall_arg(OPENSSL_STRING,lh,fn,arg_type,arg)
-# define lh_OPENSSL_STRING_error(lh) LHM_lh_error(OPENSSL_STRING,lh)
-# define lh_OPENSSL_STRING_num_items(lh) LHM_lh_num_items(OPENSSL_STRING,lh)
-# define lh_OPENSSL_STRING_down_load(lh) LHM_lh_down_load(OPENSSL_STRING,lh)
-# define lh_OPENSSL_STRING_node_stats_bio(lh,out) \
-  LHM_lh_node_stats_bio(OPENSSL_STRING,lh,out)
-# define lh_OPENSSL_STRING_node_usage_stats_bio(lh,out) \
-  LHM_lh_node_usage_stats_bio(OPENSSL_STRING,lh,out)
-# define lh_OPENSSL_STRING_stats_bio(lh,out) \
-  LHM_lh_stats_bio(OPENSSL_STRING,lh,out)
-# define lh_OPENSSL_STRING_free(lh) LHM_lh_free(OPENSSL_STRING,lh)
-# define lh_SSL_SESSION_new() LHM_lh_new(SSL_SESSION,ssl_session)
-# define lh_SSL_SESSION_insert(lh,inst) LHM_lh_insert(SSL_SESSION,lh,inst)
-# define lh_SSL_SESSION_retrieve(lh,inst) LHM_lh_retrieve(SSL_SESSION,lh,inst)
-# define lh_SSL_SESSION_delete(lh,inst) LHM_lh_delete(SSL_SESSION,lh,inst)
-# define lh_SSL_SESSION_doall(lh,fn) LHM_lh_doall(SSL_SESSION,lh,fn)
-# define lh_SSL_SESSION_doall_arg(lh,fn,arg_type,arg) \
-  LHM_lh_doall_arg(SSL_SESSION,lh,fn,arg_type,arg)
-# define lh_SSL_SESSION_error(lh) LHM_lh_error(SSL_SESSION,lh)
-# define lh_SSL_SESSION_num_items(lh) LHM_lh_num_items(SSL_SESSION,lh)
-# define lh_SSL_SESSION_down_load(lh) LHM_lh_down_load(SSL_SESSION,lh)
-# define lh_SSL_SESSION_node_stats_bio(lh,out) \
-  LHM_lh_node_stats_bio(SSL_SESSION,lh,out)
-# define lh_SSL_SESSION_node_usage_stats_bio(lh,out) \
-  LHM_lh_node_usage_stats_bio(SSL_SESSION,lh,out)
-# define lh_SSL_SESSION_stats_bio(lh,out) \
-  LHM_lh_stats_bio(SSL_SESSION,lh,out)
-# define lh_SSL_SESSION_free(lh) LHM_lh_free(SSL_SESSION,lh)
-#ifdef  __cplusplus
-}
-#endif
-#endif                          /* !defined HEADER_SAFESTACK_H */
diff --git a/freebsd/crypto/openssl/crypto/stack/stack.c b/freebsd/crypto/openssl/crypto/stack/stack.c
index 97d9e0b9..dc8ca81a 100644
--- a/freebsd/crypto/openssl/crypto/stack/stack.c
+++ b/freebsd/crypto/openssl/crypto/stack/stack.c
@@ -1,88 +1,41 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/stack/stack.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-/*-
- * Code for stacks
- * Author - Eric Young v 1.0
- * 1.2 eay 12-Mar-97 -  Modified sk_find so that it _DOES_ return the
- *                      lowest index for the searched item.
- *
- * 1.1 eay - Take from netdb and added to SSLeay
- *
- * 1.0 eay - First version 29/07/92
- */
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
+#include "internal/numbers.h"
 #include <openssl/stack.h>
 #include <openssl/objects.h>
-
-#undef MIN_NODES
-#define MIN_NODES       4
-
-const char STACK_version[] = "Stack" OPENSSL_VERSION_PTEXT;
-
 #include <errno.h>
+#include <openssl/e_os2.h>      /* For ossl_inline */
 
-int (*sk_set_cmp_func(_STACK *sk, int (*c) (const void *, const void *)))
- (const void *, const void *) {
-    int (*old) (const void *, const void *) = sk->comp;
+/*
+ * The initial number of nodes in the array.
+ */
+static const int min_nodes = 4;
+static const int max_nodes = SIZE_MAX / sizeof(void *) < INT_MAX
+                             ? (int)(SIZE_MAX / sizeof(void *))
+                             : INT_MAX;
+
+struct stack_st {
+    int num;
+    const void **data;
+    int sorted;
+    int num_alloc;
+    OPENSSL_sk_compfunc comp;
+};
+
+OPENSSL_sk_compfunc OPENSSL_sk_set_cmp_func(OPENSSL_STACK *sk, OPENSSL_sk_compfunc c)
+{
+    OPENSSL_sk_compfunc old = sk->comp;
 
     if (sk->comp != c)
         sk->sorted = 0;
@@ -91,51 +44,62 @@ int (*sk_set_cmp_func(_STACK *sk, int (*c) (const void *, const void *)))
     return old;
 }
 
-_STACK *sk_dup(_STACK *sk)
+OPENSSL_STACK *OPENSSL_sk_dup(const OPENSSL_STACK *sk)
 {
-    _STACK *ret;
-    char **s;
+    OPENSSL_STACK *ret;
 
-    if ((ret = sk_new(sk->comp)) == NULL)
-        goto err;
-    s = (char **)OPENSSL_realloc((char *)ret->data,
-                                 (unsigned int)sizeof(char *) *
-                                 sk->num_alloc);
-    if (s == NULL)
+    if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) {
+        CRYPTOerr(CRYPTO_F_OPENSSL_SK_DUP, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    /* direct structure assignment */
+    *ret = *sk;
+
+    if (sk->num == 0) {
+        /* postpone |ret->data| allocation */
+        ret->data = NULL;
+        ret->num_alloc = 0;
+        return ret;
+    }
+    /* duplicate |sk->data| content */
+    if ((ret->data = OPENSSL_malloc(sizeof(*ret->data) * sk->num_alloc)) == NULL)
         goto err;
-    ret->data = s;
-
-    ret->num = sk->num;
-    memcpy(ret->data, sk->data, sizeof(char *) * sk->num);
-    ret->sorted = sk->sorted;
-    ret->num_alloc = sk->num_alloc;
-    ret->comp = sk->comp;
-    return (ret);
+    memcpy(ret->data, sk->data, sizeof(void *) * sk->num);
+    return ret;
  err:
-    if (ret)
-        sk_free(ret);
-    return (NULL);
+    OPENSSL_sk_free(ret);
+    return NULL;
 }
 
-_STACK *sk_deep_copy(_STACK *sk, void *(*copy_func) (void *),
-                     void (*free_func) (void *))
+OPENSSL_STACK *OPENSSL_sk_deep_copy(const OPENSSL_STACK *sk,
+                             OPENSSL_sk_copyfunc copy_func,
+                             OPENSSL_sk_freefunc free_func)
 {
-    _STACK *ret;
+    OPENSSL_STACK *ret;
     int i;
 
-    if ((ret = OPENSSL_malloc(sizeof(_STACK))) == NULL)
+    if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) {
+        CRYPTOerr(CRYPTO_F_OPENSSL_SK_DEEP_COPY, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    /* direct structure assignment */
+    *ret = *sk;
+
+    if (sk->num == 0) {
+        /* postpone |ret| data allocation */
+        ret->data = NULL;
+        ret->num_alloc = 0;
         return ret;
-    ret->comp = sk->comp;
-    ret->sorted = sk->sorted;
-    ret->num = sk->num;
-    ret->num_alloc = sk->num > MIN_NODES ? sk->num : MIN_NODES;
-    ret->data = OPENSSL_malloc(sizeof(char *) * ret->num_alloc);
+    }
+
+    ret->num_alloc = sk->num > min_nodes ? sk->num : min_nodes;
+    ret->data = OPENSSL_zalloc(sizeof(*ret->data) * ret->num_alloc);
     if (ret->data == NULL) {
         OPENSSL_free(ret);
         return NULL;
     }
-    for (i = 0; i < ret->num_alloc; i++)
-        ret->data[i] = NULL;
 
     for (i = 0; i < ret->num; ++i) {
         if (sk->data[i] == NULL)
@@ -143,182 +107,259 @@ _STACK *sk_deep_copy(_STACK *sk, void *(*copy_func) (void *),
         if ((ret->data[i] = copy_func(sk->data[i])) == NULL) {
             while (--i >= 0)
                 if (ret->data[i] != NULL)
-                    free_func(ret->data[i]);
-            sk_free(ret);
+                    free_func((void *)ret->data[i]);
+            OPENSSL_sk_free(ret);
             return NULL;
         }
     }
     return ret;
 }
 
-_STACK *sk_new_null(void)
+OPENSSL_STACK *OPENSSL_sk_new_null(void)
 {
-    return sk_new((int (*)(const void *, const void *))0);
+    return OPENSSL_sk_new_reserve(NULL, 0);
 }
 
-_STACK *sk_new(int (*c) (const void *, const void *))
+OPENSSL_STACK *OPENSSL_sk_new(OPENSSL_sk_compfunc c)
 {
-    _STACK *ret;
-    int i;
+    return OPENSSL_sk_new_reserve(c, 0);
+}
 
-    if ((ret = OPENSSL_malloc(sizeof(_STACK))) == NULL)
-        goto err;
-    if ((ret->data = OPENSSL_malloc(sizeof(char *) * MIN_NODES)) == NULL)
-        goto err;
-    for (i = 0; i < MIN_NODES; i++)
-        ret->data[i] = NULL;
-    ret->comp = c;
-    ret->num_alloc = MIN_NODES;
-    ret->num = 0;
-    ret->sorted = 0;
-    return (ret);
- err:
-    if (ret)
-        OPENSSL_free(ret);
-    return (NULL);
+/*
+ * Calculate the array growth based on the target size.
+ *
+ * The growth fraction is a rational number and is defined by a numerator
+ * and a denominator.  According to Andrew Koenig in his paper "Why Are
+ * Vectors Efficient?" from JOOP 11(5) 1998, this factor should be less
+ * than the golden ratio (1.618...).
+ *
+ * We use 3/2 = 1.5 for simplicity of calculation and overflow checking.
+ * Another option 8/5 = 1.6 allows for slightly faster growth, although safe
+ * computation is more difficult.
+ *
+ * The limit to avoid overflow is spot on.  The modulo three correction term
+ * ensures that the limit is the largest number than can be expanded by the
+ * growth factor without exceeding the hard limit.
+ *
+ * Do not call it with |current| lower than 2, or it will infinitely loop.
+ */
+static ossl_inline int compute_growth(int target, int current)
+{
+    const int limit = (max_nodes / 3) * 2 + (max_nodes % 3 ? 1 : 0);
+
+    while (current < target) {
+        /* Check to see if we're at the hard limit */
+        if (current >= max_nodes)
+            return 0;
+
+        /* Expand the size by a factor of 3/2 if it is within range */
+        current = current < limit ? current + current / 2 : max_nodes;
+    }
+    return current;
 }
 
-int sk_insert(_STACK *st, void *data, int loc)
+/* internal STACK storage allocation */
+static int sk_reserve(OPENSSL_STACK *st, int n, int exact)
 {
-    char **s;
+    const void **tmpdata;
+    int num_alloc;
 
-    if (st == NULL)
+    /* Check to see the reservation isn't exceeding the hard limit */
+    if (n > max_nodes - st->num)
         return 0;
-    if (st->num_alloc <= st->num + 1) {
-        s = OPENSSL_realloc((char *)st->data,
-                            (unsigned int)sizeof(char *) * st->num_alloc * 2);
-        if (s == NULL)
-            return (0);
-        st->data = s;
-        st->num_alloc *= 2;
+
+    /* Figure out the new size */
+    num_alloc = st->num + n;
+    if (num_alloc < min_nodes)
+        num_alloc = min_nodes;
+
+    /* If |st->data| allocation was postponed */
+    if (st->data == NULL) {
+        /*
+         * At this point, |st->num_alloc| and |st->num| are 0;
+         * so |num_alloc| value is |n| or |min_nodes| if greater than |n|.
+         */
+        if ((st->data = OPENSSL_zalloc(sizeof(void *) * num_alloc)) == NULL) {
+            CRYPTOerr(CRYPTO_F_SK_RESERVE, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        st->num_alloc = num_alloc;
+        return 1;
+    }
+
+    if (!exact) {
+        if (num_alloc <= st->num_alloc)
+            return 1;
+        num_alloc = compute_growth(num_alloc, st->num_alloc);
+        if (num_alloc == 0)
+            return 0;
+    } else if (num_alloc == st->num_alloc) {
+        return 1;
     }
-    if ((loc >= (int)st->num) || (loc < 0))
+
+    tmpdata = OPENSSL_realloc((void *)st->data, sizeof(void *) * num_alloc);
+    if (tmpdata == NULL)
+        return 0;
+
+    st->data = tmpdata;
+    st->num_alloc = num_alloc;
+    return 1;
+}
+
+OPENSSL_STACK *OPENSSL_sk_new_reserve(OPENSSL_sk_compfunc c, int n)
+{
+    OPENSSL_STACK *st = OPENSSL_zalloc(sizeof(OPENSSL_STACK));
+
+    if (st == NULL)
+        return NULL;
+
+    st->comp = c;
+
+    if (n <= 0)
+        return st;
+
+    if (!sk_reserve(st, n, 1)) {
+        OPENSSL_sk_free(st);
+        return NULL;
+    }
+
+    return st;
+}
+
+int OPENSSL_sk_reserve(OPENSSL_STACK *st, int n)
+{
+    if (st == NULL)
+        return 0;
+
+    if (n < 0)
+        return 1;
+    return sk_reserve(st, n, 1);
+}
+
+int OPENSSL_sk_insert(OPENSSL_STACK *st, const void *data, int loc)
+{
+    if (st == NULL || st->num == max_nodes)
+        return 0;
+
+    if (!sk_reserve(st, 1, 0))
+        return 0;
+
+    if ((loc >= st->num) || (loc < 0)) {
         st->data[st->num] = data;
-    else {
-        int i;
-        char **f, **t;
-
-        f = st->data;
-        t = &(st->data[1]);
-        for (i = st->num; i >= loc; i--)
-            t[i] = f[i];
-
-#ifdef undef                    /* no memmove on sunos :-( */
-        memmove(&(st->data[loc + 1]),
-                &(st->data[loc]), sizeof(char *) * (st->num - loc));
-#endif
+    } else {
+        memmove(&st->data[loc + 1], &st->data[loc],
+                sizeof(st->data[0]) * (st->num - loc));
         st->data[loc] = data;
     }
     st->num++;
     st->sorted = 0;
-    return (st->num);
+    return st->num;
 }
 
-void *sk_delete_ptr(_STACK *st, void *p)
+static ossl_inline void *internal_delete(OPENSSL_STACK *st, int loc)
+{
+    const void *ret = st->data[loc];
+
+    if (loc != st->num - 1)
+         memmove(&st->data[loc], &st->data[loc + 1],
+                 sizeof(st->data[0]) * (st->num - loc - 1));
+    st->num--;
+
+    return (void *)ret;
+}
+
+void *OPENSSL_sk_delete_ptr(OPENSSL_STACK *st, const void *p)
 {
     int i;
 
     for (i = 0; i < st->num; i++)
         if (st->data[i] == p)
-            return (sk_delete(st, i));
-    return (NULL);
+            return internal_delete(st, i);
+    return NULL;
 }
 
-void *sk_delete(_STACK *st, int loc)
+void *OPENSSL_sk_delete(OPENSSL_STACK *st, int loc)
 {
-    char *ret;
-    int i, j;
-
-    if (!st || (loc < 0) || (loc >= st->num))
+    if (st == NULL || loc < 0 || loc >= st->num)
         return NULL;
 
-    ret = st->data[loc];
-    if (loc != st->num - 1) {
-        j = st->num - 1;
-        for (i = loc; i < j; i++)
-            st->data[i] = st->data[i + 1];
-        /*
-         * In theory memcpy is not safe for this memcpy( &(st->data[loc]),
-         * &(st->data[loc+1]), sizeof(char *)*(st->num-loc-1));
-         */
-    }
-    st->num--;
-    return (ret);
+    return internal_delete(st, loc);
 }
 
-static int internal_find(_STACK *st, void *data, int ret_val_options)
+static int internal_find(OPENSSL_STACK *st, const void *data,
+                         int ret_val_options)
 {
-    const void *const *r;
+    const void *r;
     int i;
 
-    if (st == NULL)
+    if (st == NULL || st->num == 0)
         return -1;
 
     if (st->comp == NULL) {
         for (i = 0; i < st->num; i++)
             if (st->data[i] == data)
-                return (i);
-        return (-1);
+                return i;
+        return -1;
+    }
+
+    if (!st->sorted) {
+        if (st->num > 1)
+            qsort(st->data, st->num, sizeof(void *), st->comp);
+        st->sorted = 1; /* empty or single-element stack is considered sorted */
     }
-    sk_sort(st);
     if (data == NULL)
-        return (-1);
+        return -1;
     r = OBJ_bsearch_ex_(&data, st->data, st->num, sizeof(void *), st->comp,
                         ret_val_options);
-    if (r == NULL)
-        return (-1);
-    return (int)((char **)r - st->data);
+
+    return r == NULL ? -1 : (int)((const void **)r - st->data);
 }
 
-int sk_find(_STACK *st, void *data)
+int OPENSSL_sk_find(OPENSSL_STACK *st, const void *data)
 {
     return internal_find(st, data, OBJ_BSEARCH_FIRST_VALUE_ON_MATCH);
 }
 
-int sk_find_ex(_STACK *st, void *data)
+int OPENSSL_sk_find_ex(OPENSSL_STACK *st, const void *data)
 {
     return internal_find(st, data, OBJ_BSEARCH_VALUE_ON_NOMATCH);
 }
 
-int sk_push(_STACK *st, void *data)
+int OPENSSL_sk_push(OPENSSL_STACK *st, const void *data)
 {
-    return (sk_insert(st, data, st->num));
+    if (st == NULL)
+        return -1;
+    return OPENSSL_sk_insert(st, data, st->num);
 }
 
-int sk_unshift(_STACK *st, void *data)
+int OPENSSL_sk_unshift(OPENSSL_STACK *st, const void *data)
 {
-    return (sk_insert(st, data, 0));
+    return OPENSSL_sk_insert(st, data, 0);
 }
 
-void *sk_shift(_STACK *st)
+void *OPENSSL_sk_shift(OPENSSL_STACK *st)
 {
-    if (st == NULL)
-        return (NULL);
-    if (st->num <= 0)
-        return (NULL);
-    return (sk_delete(st, 0));
+    if (st == NULL || st->num == 0)
+        return NULL;
+    return internal_delete(st, 0);
 }
 
-void *sk_pop(_STACK *st)
+void *OPENSSL_sk_pop(OPENSSL_STACK *st)
 {
-    if (st == NULL)
-        return (NULL);
-    if (st->num <= 0)
-        return (NULL);
-    return (sk_delete(st, st->num - 1));
+    if (st == NULL || st->num == 0)
+        return NULL;
+    return internal_delete(st, st->num - 1);
 }
 
-void sk_zero(_STACK *st)
+void OPENSSL_sk_zero(OPENSSL_STACK *st)
 {
-    if (st == NULL)
-        return;
-    if (st->num <= 0)
+    if (st == NULL || st->num == 0)
         return;
-    memset((char *)st->data, 0, sizeof(*st->data) * st->num);
+    memset(st->data, 0, sizeof(*st->data) * st->num);
     st->num = 0;
 }
 
-void sk_pop_free(_STACK *st, void (*func) (void *))
+void OPENSSL_sk_pop_free(OPENSSL_STACK *st, OPENSSL_sk_freefunc func)
 {
     int i;
 
@@ -326,61 +367,49 @@ void sk_pop_free(_STACK *st, void (*func) (void *))
         return;
     for (i = 0; i < st->num; i++)
         if (st->data[i] != NULL)
-            func(st->data[i]);
-    sk_free(st);
+            func((char *)st->data[i]);
+    OPENSSL_sk_free(st);
 }
 
-void sk_free(_STACK *st)
+void OPENSSL_sk_free(OPENSSL_STACK *st)
 {
     if (st == NULL)
         return;
-    if (st->data != NULL)
-        OPENSSL_free(st->data);
+    OPENSSL_free(st->data);
     OPENSSL_free(st);
 }
 
-int sk_num(const _STACK *st)
+int OPENSSL_sk_num(const OPENSSL_STACK *st)
 {
-    if (st == NULL)
-        return -1;
-    return st->num;
+    return st == NULL ? -1 : st->num;
 }
 
-void *sk_value(const _STACK *st, int i)
+void *OPENSSL_sk_value(const OPENSSL_STACK *st, int i)
 {
-    if (!st || (i < 0) || (i >= st->num))
+    if (st == NULL || i < 0 || i >= st->num)
         return NULL;
-    return st->data[i];
+    return (void *)st->data[i];
 }
 
-void *sk_set(_STACK *st, int i, void *value)
+void *OPENSSL_sk_set(OPENSSL_STACK *st, int i, const void *data)
 {
-    if (!st || (i < 0) || (i >= st->num))
+    if (st == NULL || i < 0 || i >= st->num)
         return NULL;
-    return (st->data[i] = value);
+    st->data[i] = data;
+    st->sorted = 0;
+    return (void *)st->data[i];
 }
 
-void sk_sort(_STACK *st)
+void OPENSSL_sk_sort(OPENSSL_STACK *st)
 {
-    if (st && !st->sorted && st->comp != NULL) {
-        int (*comp_func) (const void *, const void *);
-
-        /*
-         * same comment as in sk_find ... previously st->comp was declared as
-         * a (void*,void*) callback type, but this made the population of the
-         * callback pointer illogical - our callbacks compare type** with
-         * type**, so we leave the casting until absolutely necessary (ie.
-         * "now").
-         */
-        comp_func = (int (*)(const void *, const void *))(st->comp);
-        qsort(st->data, st->num, sizeof(char *), comp_func);
-        st->sorted = 1;
+    if (st != NULL && !st->sorted && st->comp != NULL) {
+        if (st->num > 1)
+            qsort(st->data, st->num, sizeof(void *), st->comp);
+        st->sorted = 1; /* empty or single-element stack is considered sorted */
     }
 }
 
-int sk_is_sorted(const _STACK *st)
+int OPENSSL_sk_is_sorted(const OPENSSL_STACK *st)
 {
-    if (!st)
-        return 1;
-    return st->sorted;
+    return st == NULL ? 1 : st->sorted;
 }
diff --git a/freebsd/crypto/openssl/crypto/stack/stack.h b/freebsd/crypto/openssl/crypto/stack/stack.h
deleted file mode 100644
index eb072166..00000000
--- a/freebsd/crypto/openssl/crypto/stack/stack.h
+++ /dev/null
@@ -1,107 +0,0 @@
-/* crypto/stack/stack.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_STACK_H
-# define HEADER_STACK_H
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-typedef struct stack_st {
-    int num;
-    char **data;
-    int sorted;
-    int num_alloc;
-    int (*comp) (const void *, const void *);
-} _STACK;                       /* Use STACK_OF(...) instead */
-
-# define M_sk_num(sk)            ((sk) ? (sk)->num:-1)
-# define M_sk_value(sk,n)        ((sk) ? (sk)->data[n] : NULL)
-
-int sk_num(const _STACK *);
-void *sk_value(const _STACK *, int);
-
-void *sk_set(_STACK *, int, void *);
-
-_STACK *sk_new(int (*cmp) (const void *, const void *));
-_STACK *sk_new_null(void);
-void sk_free(_STACK *);
-void sk_pop_free(_STACK *st, void (*func) (void *));
-_STACK *sk_deep_copy(_STACK *, void *(*)(void *), void (*)(void *));
-int sk_insert(_STACK *sk, void *data, int where);
-void *sk_delete(_STACK *st, int loc);
-void *sk_delete_ptr(_STACK *st, void *p);
-int sk_find(_STACK *st, void *data);
-int sk_find_ex(_STACK *st, void *data);
-int sk_push(_STACK *st, void *data);
-int sk_unshift(_STACK *st, void *data);
-void *sk_shift(_STACK *st);
-void *sk_pop(_STACK *st);
-void sk_zero(_STACK *st);
-int (*sk_set_cmp_func(_STACK *sk, int (*c) (const void *, const void *)))
- (const void *, const void *);
-_STACK *sk_dup(_STACK *st);
-void sk_sort(_STACK *st);
-int sk_is_sorted(const _STACK *st);
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/freebsd/crypto/openssl/crypto/store/loader_file.c b/freebsd/crypto/openssl/crypto/store/loader_file.c
new file mode 100644
index 00000000..f2887bbe
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/store/loader_file.c
@@ -0,0 +1,1442 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include <string.h>
+#include <sys/stat.h>
+#include <ctype.h>
+#include <assert.h>
+
+#include <openssl/bio.h>
+#include <openssl/dsa.h>         /* For d2i_DSAPrivateKey */
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/pem.h>
+#include <openssl/pkcs12.h>      /* For the PKCS8 stuff o.O */
+#include <openssl/rsa.h>         /* For d2i_RSAPrivateKey */
+#include <openssl/safestack.h>
+#include <openssl/store.h>
+#include <openssl/ui.h>
+#include <openssl/x509.h>        /* For the PKCS8 stuff o.O */
+#include "internal/asn1_int.h"
+#include "internal/ctype.h"
+#include "internal/o_dir.h"
+#include "internal/cryptlib.h"
+#include "internal/store_int.h"
+#include "store_locl.h"
+
+#ifdef _WIN32
+# define stat    _stat
+#endif
+
+#ifndef S_ISDIR
+# define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
+#endif
+
+/*-
+ *  Password prompting
+ *  ------------------
+ */
+
+static char *file_get_pass(const UI_METHOD *ui_method, char *pass,
+                           size_t maxsize, const char *prompt_info, void *data)
+{
+    UI *ui = UI_new();
+    char *prompt = NULL;
+
+    if (ui == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if (ui_method != NULL)
+        UI_set_method(ui, ui_method);
+    UI_add_user_data(ui, data);
+
+    if ((prompt = UI_construct_prompt(ui, "pass phrase",
+                                      prompt_info)) == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_MALLOC_FAILURE);
+        pass = NULL;
+    } else if (!UI_add_input_string(ui, prompt, UI_INPUT_FLAG_DEFAULT_PWD,
+                                    pass, 0, maxsize - 1)) {
+        OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_UI_LIB);
+        pass = NULL;
+    } else {
+        switch (UI_process(ui)) {
+        case -2:
+            OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS,
+                          OSSL_STORE_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED);
+            pass = NULL;
+            break;
+        case -1:
+            OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_UI_LIB);
+            pass = NULL;
+            break;
+        default:
+            break;
+        }
+    }
+
+    OPENSSL_free(prompt);
+    UI_free(ui);
+    return pass;
+}
+
+struct pem_pass_data {
+    const UI_METHOD *ui_method;
+    void *data;
+    const char *prompt_info;
+};
+
+static int file_fill_pem_pass_data(struct pem_pass_data *pass_data,
+                                   const char *prompt_info,
+                                   const UI_METHOD *ui_method, void *ui_data)
+{
+    if (pass_data == NULL)
+        return 0;
+    pass_data->ui_method = ui_method;
+    pass_data->data = ui_data;
+    pass_data->prompt_info = prompt_info;
+    return 1;
+}
+
+/* This is used anywhere a pem_password_cb is needed */
+static int file_get_pem_pass(char *buf, int num, int w, void *data)
+{
+    struct pem_pass_data *pass_data = data;
+    char *pass = file_get_pass(pass_data->ui_method, buf, num,
+                               pass_data->prompt_info, pass_data->data);
+
+    return pass == NULL ? 0 : strlen(pass);
+}
+
+/*-
+ *  The file scheme decoders
+ *  ------------------------
+ *
+ *  Each possible data type has its own decoder, which either operates
+ *  through a given PEM name, or attempts to decode to see if the blob
+ *  it's given is decodable for its data type.  The assumption is that
+ *  only the correct data type will match the content.
+ */
+
+/*-
+ * The try_decode function is called to check if the blob of data can
+ * be used by this handler, and if it can, decodes it into a supported
+ * OpenSSL type and returns a OSSL_STORE_INFO with the decoded data.
+ * Input:
+ *    pem_name:     If this blob comes from a PEM file, this holds
+ *                  the PEM name.  If it comes from another type of
+ *                  file, this is NULL.
+ *    pem_header:   If this blob comes from a PEM file, this holds
+ *                  the PEM headers.  If it comes from another type of
+ *                  file, this is NULL.
+ *    blob:         The blob of data to match with what this handler
+ *                  can use.
+ *    len:          The length of the blob.
+ *    handler_ctx:  For a handler marked repeatable, this pointer can
+ *                  be used to create a context for the handler.  IT IS
+ *                  THE HANDLER'S RESPONSIBILITY TO CREATE AND DESTROY
+ *                  THIS CONTEXT APPROPRIATELY, i.e. create on first call
+ *                  and destroy when about to return NULL.
+ *    matchcount:   A pointer to an int to count matches for this data.
+ *                  Usually becomes 0 (no match) or 1 (match!), but may
+ *                  be higher in the (unlikely) event that the data matches
+ *                  more than one possibility.  The int will always be
+ *                  zero when the function is called.
+ *    ui_method:    Application UI method for getting a password, pin
+ *                  or any other interactive data.
+ *    ui_data:      Application data to be passed to ui_method when
+ *                  it's called.
+ * Output:
+ *    a OSSL_STORE_INFO
+ */
+typedef OSSL_STORE_INFO *(*file_try_decode_fn)(const char *pem_name,
+                                               const char *pem_header,
+                                               const unsigned char *blob,
+                                               size_t len, void **handler_ctx,
+                                               int *matchcount,
+                                               const UI_METHOD *ui_method,
+                                               void *ui_data);
+/*
+ * The eof function should return 1 if there's no more data to be found
+ * with the handler_ctx, otherwise 0.  This is only used when the handler is
+ * marked repeatable.
+ */
+typedef int (*file_eof_fn)(void *handler_ctx);
+/*
+ * The destroy_ctx function is used to destroy the handler_ctx that was
+ * intiated by a repeatable try_decode fuction.  This is only used when
+ * the handler is marked repeatable.
+ */
+typedef void (*file_destroy_ctx_fn)(void **handler_ctx);
+
+typedef struct file_handler_st {
+    const char *name;
+    file_try_decode_fn try_decode;
+    file_eof_fn eof;
+    file_destroy_ctx_fn destroy_ctx;
+
+    /* flags */
+    int repeatable;
+} FILE_HANDLER;
+
+/*
+ * PKCS#12 decoder.  It operates by decoding all of the blob content,
+ * extracting all the interesting data from it and storing them internally,
+ * then serving them one piece at a time.
+ */
+static OSSL_STORE_INFO *try_decode_PKCS12(const char *pem_name,
+                                          const char *pem_header,
+                                          const unsigned char *blob,
+                                          size_t len, void **pctx,
+                                          int *matchcount,
+                                          const UI_METHOD *ui_method,
+                                          void *ui_data)
+{
+    OSSL_STORE_INFO *store_info = NULL;
+    STACK_OF(OSSL_STORE_INFO) *ctx = *pctx;
+
+    if (ctx == NULL) {
+        /* Initial parsing */
+        PKCS12 *p12;
+        int ok = 0;
+
+        if (pem_name != NULL)
+            /* No match, there is no PEM PKCS12 tag */
+            return NULL;
+
+        if ((p12 = d2i_PKCS12(NULL, &blob, len)) != NULL) {
+            char *pass = NULL;
+            char tpass[PEM_BUFSIZE];
+            EVP_PKEY *pkey = NULL;
+            X509 *cert = NULL;
+            STACK_OF(X509) *chain = NULL;
+
+            *matchcount = 1;
+
+            if (PKCS12_verify_mac(p12, "", 0)
+                || PKCS12_verify_mac(p12, NULL, 0)) {
+                pass = "";
+            } else {
+                if ((pass = file_get_pass(ui_method, tpass, PEM_BUFSIZE,
+                                          "PKCS12 import password",
+                                          ui_data)) == NULL) {
+                    OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS12,
+                                  OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR);
+                    goto p12_end;
+                }
+                if (!PKCS12_verify_mac(p12, pass, strlen(pass))) {
+                    OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS12,
+                                  OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC);
+                    goto p12_end;
+                }
+            }
+
+            if (PKCS12_parse(p12, pass, &pkey, &cert, &chain)) {
+                OSSL_STORE_INFO *osi_pkey = NULL;
+                OSSL_STORE_INFO *osi_cert = NULL;
+                OSSL_STORE_INFO *osi_ca = NULL;
+
+                if ((ctx = sk_OSSL_STORE_INFO_new_null()) != NULL
+                    && (osi_pkey = OSSL_STORE_INFO_new_PKEY(pkey)) != NULL
+                    && sk_OSSL_STORE_INFO_push(ctx, osi_pkey) != 0
+                    && (osi_cert = OSSL_STORE_INFO_new_CERT(cert)) != NULL
+                    && sk_OSSL_STORE_INFO_push(ctx, osi_cert) != 0) {
+                    ok = 1;
+                    osi_pkey = NULL;
+                    osi_cert = NULL;
+
+                    while(sk_X509_num(chain) > 0) {
+                        X509 *ca = sk_X509_value(chain, 0);
+
+                        if ((osi_ca = OSSL_STORE_INFO_new_CERT(ca)) == NULL
+                            || sk_OSSL_STORE_INFO_push(ctx, osi_ca) == 0) {
+                            ok = 0;
+                            break;
+                        }
+                        osi_ca = NULL;
+                        (void)sk_X509_shift(chain);
+                    }
+                }
+                if (!ok) {
+                    OSSL_STORE_INFO_free(osi_ca);
+                    OSSL_STORE_INFO_free(osi_cert);
+                    OSSL_STORE_INFO_free(osi_pkey);
+                    sk_OSSL_STORE_INFO_pop_free(ctx, OSSL_STORE_INFO_free);
+                    EVP_PKEY_free(pkey);
+                    X509_free(cert);
+                    sk_X509_pop_free(chain, X509_free);
+                    ctx = NULL;
+                }
+                *pctx = ctx;
+            }
+        }
+     p12_end:
+        PKCS12_free(p12);
+        if (!ok)
+            return NULL;
+    }
+
+    if (ctx != NULL) {
+        *matchcount = 1;
+        store_info = sk_OSSL_STORE_INFO_shift(ctx);
+    }
+
+    return store_info;
+}
+
+static int eof_PKCS12(void *ctx_)
+{
+    STACK_OF(OSSL_STORE_INFO) *ctx = ctx_;
+
+    return ctx == NULL || sk_OSSL_STORE_INFO_num(ctx) == 0;
+}
+
+static void destroy_ctx_PKCS12(void **pctx)
+{
+    STACK_OF(OSSL_STORE_INFO) *ctx = *pctx;
+
+    sk_OSSL_STORE_INFO_pop_free(ctx, OSSL_STORE_INFO_free);
+    *pctx = NULL;
+}
+
+static FILE_HANDLER PKCS12_handler = {
+    "PKCS12",
+    try_decode_PKCS12,
+    eof_PKCS12,
+    destroy_ctx_PKCS12,
+    1                            /* repeatable */
+};
+
+/*
+ * Encrypted PKCS#8 decoder.  It operates by just decrypting the given blob
+ * into a new blob, which is returned as an EMBEDDED STORE_INFO.  The whole
+ * decoding process will then start over with the new blob.
+ */
+static OSSL_STORE_INFO *try_decode_PKCS8Encrypted(const char *pem_name,
+                                                  const char *pem_header,
+                                                  const unsigned char *blob,
+                                                  size_t len, void **pctx,
+                                                  int *matchcount,
+                                                  const UI_METHOD *ui_method,
+                                                  void *ui_data)
+{
+    X509_SIG *p8 = NULL;
+    char kbuf[PEM_BUFSIZE];
+    char *pass = NULL;
+    const X509_ALGOR *dalg = NULL;
+    const ASN1_OCTET_STRING *doct = NULL;
+    OSSL_STORE_INFO *store_info = NULL;
+    BUF_MEM *mem = NULL;
+    unsigned char *new_data = NULL;
+    int new_data_len;
+
+    if (pem_name != NULL) {
+        if (strcmp(pem_name, PEM_STRING_PKCS8) != 0)
+            return NULL;
+        *matchcount = 1;
+    }
+
+    if ((p8 = d2i_X509_SIG(NULL, &blob, len)) == NULL)
+        return NULL;
+
+    *matchcount = 1;
+
+    if ((mem = BUF_MEM_new()) == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED,
+                      ERR_R_MALLOC_FAILURE);
+        goto nop8;
+    }
+
+    if ((pass = file_get_pass(ui_method, kbuf, PEM_BUFSIZE,
+                              "PKCS8 decrypt password", ui_data)) == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED,
+                      OSSL_STORE_R_BAD_PASSWORD_READ);
+        goto nop8;
+    }
+
+    X509_SIG_get0(p8, &dalg, &doct);
+    if (!PKCS12_pbe_crypt(dalg, pass, strlen(pass), doct->data, doct->length,
+                          &new_data, &new_data_len, 0))
+        goto nop8;
+
+    mem->data = (char *)new_data;
+    mem->max = mem->length = (size_t)new_data_len;
+    X509_SIG_free(p8);
+
+    store_info = ossl_store_info_new_EMBEDDED(PEM_STRING_PKCS8INF, mem);
+    if (store_info == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED,
+                      ERR_R_MALLOC_FAILURE);
+        goto nop8;
+    }
+
+    return store_info;
+ nop8:
+    X509_SIG_free(p8);
+    BUF_MEM_free(mem);
+    return NULL;
+}
+
+static FILE_HANDLER PKCS8Encrypted_handler = {
+    "PKCS8Encrypted",
+    try_decode_PKCS8Encrypted
+};
+
+/*
+ * Private key decoder.  Decodes all sorts of private keys, both PKCS#8
+ * encoded ones and old style PEM ones (with the key type is encoded into
+ * the PEM name).
+ */
+int pem_check_suffix(const char *pem_str, const char *suffix);
+static OSSL_STORE_INFO *try_decode_PrivateKey(const char *pem_name,
+                                              const char *pem_header,
+                                              const unsigned char *blob,
+                                              size_t len, void **pctx,
+                                              int *matchcount,
+                                              const UI_METHOD *ui_method,
+                                              void *ui_data)
+{
+    OSSL_STORE_INFO *store_info = NULL;
+    EVP_PKEY *pkey = NULL;
+    const EVP_PKEY_ASN1_METHOD *ameth = NULL;
+
+    if (pem_name != NULL) {
+        if (strcmp(pem_name, PEM_STRING_PKCS8INF) == 0) {
+            PKCS8_PRIV_KEY_INFO *p8inf =
+                d2i_PKCS8_PRIV_KEY_INFO(NULL, &blob, len);
+
+            *matchcount = 1;
+            if (p8inf != NULL)
+                pkey = EVP_PKCS82PKEY(p8inf);
+            PKCS8_PRIV_KEY_INFO_free(p8inf);
+        } else {
+            int slen;
+
+            if ((slen = pem_check_suffix(pem_name, "PRIVATE KEY")) > 0
+                && (ameth = EVP_PKEY_asn1_find_str(NULL, pem_name,
+                                                   slen)) != NULL) {
+                *matchcount = 1;
+                pkey = d2i_PrivateKey(ameth->pkey_id, NULL, &blob, len);
+            }
+        }
+    } else {
+        int i;
+
+        for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) {
+            EVP_PKEY *tmp_pkey = NULL;
+            const unsigned char *tmp_blob = blob;
+
+            ameth = EVP_PKEY_asn1_get0(i);
+            if (ameth->pkey_flags & ASN1_PKEY_ALIAS)
+                continue;
+
+            tmp_pkey = d2i_PrivateKey(ameth->pkey_id, NULL, &tmp_blob, len);
+            if (tmp_pkey != NULL) {
+                if (pkey != NULL)
+                    EVP_PKEY_free(tmp_pkey);
+                else
+                    pkey = tmp_pkey;
+                (*matchcount)++;
+            }
+        }
+
+        if (*matchcount > 1) {
+            EVP_PKEY_free(pkey);
+            pkey = NULL;
+        }
+    }
+    if (pkey == NULL)
+        /* No match */
+        return NULL;
+
+    store_info = OSSL_STORE_INFO_new_PKEY(pkey);
+    if (store_info == NULL)
+        EVP_PKEY_free(pkey);
+
+    return store_info;
+}
+
+static FILE_HANDLER PrivateKey_handler = {
+    "PrivateKey",
+    try_decode_PrivateKey
+};
+
+/*
+ * Public key decoder.  Only supports SubjectPublicKeyInfo formated keys.
+ */
+static OSSL_STORE_INFO *try_decode_PUBKEY(const char *pem_name,
+                                          const char *pem_header,
+                                          const unsigned char *blob,
+                                          size_t len, void **pctx,
+                                          int *matchcount,
+                                          const UI_METHOD *ui_method,
+                                          void *ui_data)
+{
+    OSSL_STORE_INFO *store_info = NULL;
+    EVP_PKEY *pkey = NULL;
+
+    if (pem_name != NULL) {
+        if (strcmp(pem_name, PEM_STRING_PUBLIC) != 0)
+            /* No match */
+            return NULL;
+        *matchcount = 1;
+    }
+
+    if ((pkey = d2i_PUBKEY(NULL, &blob, len)) != NULL) {
+        *matchcount = 1;
+        store_info = OSSL_STORE_INFO_new_PKEY(pkey);
+    }
+
+    return store_info;
+}
+
+static FILE_HANDLER PUBKEY_handler = {
+    "PUBKEY",
+    try_decode_PUBKEY
+};
+
+/*
+ * Key parameter decoder.
+ */
+static OSSL_STORE_INFO *try_decode_params(const char *pem_name,
+                                          const char *pem_header,
+                                          const unsigned char *blob,
+                                          size_t len, void **pctx,
+                                          int *matchcount,
+                                          const UI_METHOD *ui_method,
+                                          void *ui_data)
+{
+    OSSL_STORE_INFO *store_info = NULL;
+    int slen = 0;
+    EVP_PKEY *pkey = NULL;
+    const EVP_PKEY_ASN1_METHOD *ameth = NULL;
+    int ok = 0;
+
+    if (pem_name != NULL) {
+        if ((slen = pem_check_suffix(pem_name, "PARAMETERS")) == 0)
+            return NULL;
+        *matchcount = 1;
+    }
+
+    if (slen > 0) {
+        if ((pkey = EVP_PKEY_new()) == NULL) {
+            OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PARAMS, ERR_R_EVP_LIB);
+            return NULL;
+        }
+
+
+        if (EVP_PKEY_set_type_str(pkey, pem_name, slen)
+            && (ameth = EVP_PKEY_get0_asn1(pkey)) != NULL
+            && ameth->param_decode != NULL
+            && ameth->param_decode(pkey, &blob, len))
+            ok = 1;
+    } else {
+        int i;
+        EVP_PKEY *tmp_pkey = NULL;
+
+        for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) {
+            const unsigned char *tmp_blob = blob;
+
+            if (tmp_pkey == NULL && (tmp_pkey = EVP_PKEY_new()) == NULL) {
+                OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PARAMS, ERR_R_EVP_LIB);
+                break;
+            }
+
+            ameth = EVP_PKEY_asn1_get0(i);
+            if (ameth->pkey_flags & ASN1_PKEY_ALIAS)
+                continue;
+
+            if (EVP_PKEY_set_type(tmp_pkey, ameth->pkey_id)
+                && (ameth = EVP_PKEY_get0_asn1(tmp_pkey)) != NULL
+                && ameth->param_decode != NULL
+                && ameth->param_decode(tmp_pkey, &tmp_blob, len)) {
+                if (pkey != NULL)
+                    EVP_PKEY_free(tmp_pkey);
+                else
+                    pkey = tmp_pkey;
+                tmp_pkey = NULL;
+                (*matchcount)++;
+            }
+        }
+
+        EVP_PKEY_free(tmp_pkey);
+        if (*matchcount == 1) {
+            ok = 1;
+        }
+    }
+
+    if (ok)
+        store_info = OSSL_STORE_INFO_new_PARAMS(pkey);
+    if (store_info == NULL)
+        EVP_PKEY_free(pkey);
+
+    return store_info;
+}
+
+static FILE_HANDLER params_handler = {
+    "params",
+    try_decode_params
+};
+
+/*
+ * X.509 certificate decoder.
+ */
+static OSSL_STORE_INFO *try_decode_X509Certificate(const char *pem_name,
+                                                   const char *pem_header,
+                                                   const unsigned char *blob,
+                                                   size_t len, void **pctx,
+                                                   int *matchcount,
+                                                   const UI_METHOD *ui_method,
+                                                   void *ui_data)
+{
+    OSSL_STORE_INFO *store_info = NULL;
+    X509 *cert = NULL;
+
+    /*
+     * In most cases, we can try to interpret the serialized data as a trusted
+     * cert (X509 + X509_AUX) and fall back to reading it as a normal cert
+     * (just X509), but if the PEM name specifically declares it as a trusted
+     * cert, then no fallback should be engaged.  |ignore_trusted| tells if
+     * the fallback can be used (1) or not (0).
+     */
+    int ignore_trusted = 1;
+
+    if (pem_name != NULL) {
+        if (strcmp(pem_name, PEM_STRING_X509_TRUSTED) == 0)
+            ignore_trusted = 0;
+        else if (strcmp(pem_name, PEM_STRING_X509_OLD) != 0
+                 && strcmp(pem_name, PEM_STRING_X509) != 0)
+            /* No match */
+            return NULL;
+        *matchcount = 1;
+    }
+
+    if ((cert = d2i_X509_AUX(NULL, &blob, len)) != NULL
+        || (ignore_trusted && (cert = d2i_X509(NULL, &blob, len)) != NULL)) {
+        *matchcount = 1;
+        store_info = OSSL_STORE_INFO_new_CERT(cert);
+    }
+
+    if (store_info == NULL)
+        X509_free(cert);
+
+    return store_info;
+}
+
+static FILE_HANDLER X509Certificate_handler = {
+    "X509Certificate",
+    try_decode_X509Certificate
+};
+
+/*
+ * X.509 CRL decoder.
+ */
+static OSSL_STORE_INFO *try_decode_X509CRL(const char *pem_name,
+                                           const char *pem_header,
+                                           const unsigned char *blob,
+                                           size_t len, void **pctx,
+                                           int *matchcount,
+                                           const UI_METHOD *ui_method,
+                                           void *ui_data)
+{
+    OSSL_STORE_INFO *store_info = NULL;
+    X509_CRL *crl = NULL;
+
+    if (pem_name != NULL) {
+        if (strcmp(pem_name, PEM_STRING_X509_CRL) != 0)
+            /* No match */
+            return NULL;
+        *matchcount = 1;
+    }
+
+    if ((crl = d2i_X509_CRL(NULL, &blob, len)) != NULL) {
+        *matchcount = 1;
+        store_info = OSSL_STORE_INFO_new_CRL(crl);
+    }
+
+    if (store_info == NULL)
+        X509_CRL_free(crl);
+
+    return store_info;
+}
+
+static FILE_HANDLER X509CRL_handler = {
+    "X509CRL",
+    try_decode_X509CRL
+};
+
+/*
+ * To finish it all off, we collect all the handlers.
+ */
+static const FILE_HANDLER *file_handlers[] = {
+    &PKCS12_handler,
+    &PKCS8Encrypted_handler,
+    &X509Certificate_handler,
+    &X509CRL_handler,
+    &params_handler,
+    &PUBKEY_handler,
+    &PrivateKey_handler,
+};
+
+
+/*-
+ *  The loader itself
+ *  -----------------
+ */
+
+struct ossl_store_loader_ctx_st {
+    enum {
+        is_raw = 0,
+        is_pem,
+        is_dir
+    } type;
+    int errcnt;
+#define FILE_FLAG_SECMEM         (1<<0)
+    unsigned int flags;
+    union {
+        struct {                 /* Used with is_raw and is_pem */
+            BIO *file;
+
+            /*
+             * The following are used when the handler is marked as
+             * repeatable
+             */
+            const FILE_HANDLER *last_handler;
+            void *last_handler_ctx;
+        } file;
+        struct {                 /* Used with is_dir */
+            OPENSSL_DIR_CTX *ctx;
+            int end_reached;
+            char *uri;
+
+            /*
+             * When a search expression is given, these are filled in.
+             * |search_name| contains the file basename to look for.
+             * The string is exactly 8 characters long.
+             */
+            char search_name[9];
+
+            /*
+             * The directory reading utility we have combines opening with
+             * reading the first name.  To make sure we can detect the end
+             * at the right time, we read early and cache the name.
+             */
+            const char *last_entry;
+            int last_errno;
+        } dir;
+    } _;
+
+    /* Expected object type.  May be unspecified */
+    int expected_type;
+};
+
+static void OSSL_STORE_LOADER_CTX_free(OSSL_STORE_LOADER_CTX *ctx)
+{
+    if (ctx->type == is_dir) {
+        OPENSSL_free(ctx->_.dir.uri);
+    } else {
+        if (ctx->_.file.last_handler != NULL) {
+            ctx->_.file.last_handler->destroy_ctx(&ctx->_.file.last_handler_ctx);
+            ctx->_.file.last_handler_ctx = NULL;
+            ctx->_.file.last_handler = NULL;
+        }
+    }
+    OPENSSL_free(ctx);
+}
+
+static OSSL_STORE_LOADER_CTX *file_open(const OSSL_STORE_LOADER *loader,
+                                        const char *uri,
+                                        const UI_METHOD *ui_method,
+                                        void *ui_data)
+{
+    OSSL_STORE_LOADER_CTX *ctx = NULL;
+    struct stat st;
+    struct {
+        const char *path;
+        unsigned int check_absolute:1;
+    } path_data[2];
+    size_t path_data_n = 0, i;
+    const char *path;
+
+    /*
+     * First step, just take the URI as is.
+     */
+    path_data[path_data_n].check_absolute = 0;
+    path_data[path_data_n++].path = uri;
+
+    /*
+     * Second step, if the URI appears to start with the 'file' scheme,
+     * extract the path and make that the second path to check.
+     * There's a special case if the URI also contains an authority, then
+     * the full URI shouldn't be used as a path anywhere.
+     */
+    if (strncasecmp(uri, "file:", 5) == 0) {
+        const char *p = &uri[5];
+
+        if (strncmp(&uri[5], "//", 2) == 0) {
+            path_data_n--;           /* Invalidate using the full URI */
+            if (strncasecmp(&uri[7], "localhost/", 10) == 0) {
+                p = &uri[16];
+            } else if (uri[7] == '/') {
+                p = &uri[7];
+            } else {
+                OSSL_STOREerr(OSSL_STORE_F_FILE_OPEN,
+                              OSSL_STORE_R_URI_AUTHORITY_UNSUPPORTED);
+                return NULL;
+            }
+        }
+
+        path_data[path_data_n].check_absolute = 1;
+#ifdef _WIN32
+        /* Windows file: URIs with a drive letter start with a / */
+        if (p[0] == '/' && p[2] == ':' && p[3] == '/') {
+            char c = ossl_tolower(p[1]);
+
+            if (c >= 'a' && c <= 'z') {
+                p++;
+                /* We know it's absolute, so no need to check */
+                path_data[path_data_n].check_absolute = 0;
+            }
+        }
+#endif
+        path_data[path_data_n++].path = p;
+    }
+
+
+    for (i = 0, path = NULL; path == NULL && i < path_data_n; i++) {
+        /*
+         * If the scheme "file" was an explicit part of the URI, the path must
+         * be absolute.  So says RFC 8089
+         */
+        if (path_data[i].check_absolute && path_data[i].path[0] != '/') {
+            OSSL_STOREerr(OSSL_STORE_F_FILE_OPEN,
+                          OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE);
+            ERR_add_error_data(1, path_data[i].path);
+            return NULL;
+        }
+
+        if (stat(path_data[i].path, &st) < 0) {
+            SYSerr(SYS_F_STAT, errno);
+            ERR_add_error_data(1, path_data[i].path);
+        } else {
+            path = path_data[i].path;
+        }
+    }
+    if (path == NULL) {
+        return NULL;
+    }
+
+    /* Successfully found a working path, clear possible collected errors */
+    ERR_clear_error();
+
+    ctx = OPENSSL_zalloc(sizeof(*ctx));
+    if (ctx == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_FILE_OPEN, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if (S_ISDIR(st.st_mode)) {
+        /*
+         * Try to copy everything, even if we know that some of them must be
+         * NULL for the moment.  This prevents errors in the future, when more
+         * components may be used.
+         */
+        ctx->_.dir.uri = OPENSSL_strdup(uri);
+        ctx->type = is_dir;
+
+        if (ctx->_.dir.uri == NULL)
+            goto err;
+
+        ctx->_.dir.last_entry = OPENSSL_DIR_read(&ctx->_.dir.ctx, path);
+        ctx->_.dir.last_errno = errno;
+        if (ctx->_.dir.last_entry == NULL) {
+            if (ctx->_.dir.last_errno != 0) {
+                char errbuf[256];
+                errno = ctx->_.dir.last_errno;
+                openssl_strerror_r(errno, errbuf, sizeof(errbuf));
+                OSSL_STOREerr(OSSL_STORE_F_FILE_OPEN, ERR_R_SYS_LIB);
+                ERR_add_error_data(1, errbuf);
+                goto err;
+            }
+            ctx->_.dir.end_reached = 1;
+        }
+    } else {
+        BIO *buff = NULL;
+        char peekbuf[4096] = { 0, };
+
+        if ((buff = BIO_new(BIO_f_buffer())) == NULL
+            || (ctx->_.file.file = BIO_new_file(path, "rb")) == NULL) {
+            BIO_free_all(buff);
+            goto err;
+        }
+
+        ctx->_.file.file = BIO_push(buff, ctx->_.file.file);
+        if (BIO_buffer_peek(ctx->_.file.file, peekbuf, sizeof(peekbuf) - 1) > 0) {
+            peekbuf[sizeof(peekbuf) - 1] = '\0';
+            if (strstr(peekbuf, "-----BEGIN ") != NULL)
+                ctx->type = is_pem;
+        }
+    }
+
+    return ctx;
+ err:
+    OSSL_STORE_LOADER_CTX_free(ctx);
+    return NULL;
+}
+
+static int file_ctrl(OSSL_STORE_LOADER_CTX *ctx, int cmd, va_list args)
+{
+    int ret = 1;
+
+    switch (cmd) {
+    case OSSL_STORE_C_USE_SECMEM:
+        {
+            int on = *(va_arg(args, int *));
+
+            switch (on) {
+            case 0:
+                ctx->flags &= ~FILE_FLAG_SECMEM;
+                break;
+            case 1:
+                ctx->flags |= FILE_FLAG_SECMEM;
+                break;
+            default:
+                OSSL_STOREerr(OSSL_STORE_F_FILE_CTRL,
+                              ERR_R_PASSED_INVALID_ARGUMENT);
+                ret = 0;
+                break;
+            }
+        }
+        break;
+    default:
+        break;
+    }
+
+    return ret;
+}
+
+static int file_expect(OSSL_STORE_LOADER_CTX *ctx, int expected)
+{
+    ctx->expected_type = expected;
+    return 1;
+}
+
+static int file_find(OSSL_STORE_LOADER_CTX *ctx, OSSL_STORE_SEARCH *search)
+{
+    /*
+     * If ctx == NULL, the library is looking to know if this loader supports
+     * the given search type.
+     */
+
+    if (OSSL_STORE_SEARCH_get_type(search) == OSSL_STORE_SEARCH_BY_NAME) {
+        unsigned long hash = 0;
+
+        if (ctx == NULL)
+            return 1;
+
+        if (ctx->type != is_dir) {
+            OSSL_STOREerr(OSSL_STORE_F_FILE_FIND,
+                          OSSL_STORE_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES);
+            return 0;
+        }
+
+        hash = X509_NAME_hash(OSSL_STORE_SEARCH_get0_name(search));
+        BIO_snprintf(ctx->_.dir.search_name, sizeof(ctx->_.dir.search_name),
+                     "%08lx", hash);
+        return 1;
+    }
+
+    if (ctx != NULL)
+        OSSL_STOREerr(OSSL_STORE_F_FILE_FIND,
+                      OSSL_STORE_R_UNSUPPORTED_SEARCH_TYPE);
+    return 0;
+}
+
+/* Internal function to decode an already opened PEM file */
+OSSL_STORE_LOADER_CTX *ossl_store_file_attach_pem_bio_int(BIO *bp)
+{
+    OSSL_STORE_LOADER_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
+
+    if (ctx == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_FILE_ATTACH_PEM_BIO_INT,
+                      ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ctx->_.file.file = bp;
+    ctx->type = is_pem;
+
+    return ctx;
+}
+
+static OSSL_STORE_INFO *file_load_try_decode(OSSL_STORE_LOADER_CTX *ctx,
+                                             const char *pem_name,
+                                             const char *pem_header,
+                                             unsigned char *data, size_t len,
+                                             const UI_METHOD *ui_method,
+                                             void *ui_data, int *matchcount)
+{
+    OSSL_STORE_INFO *result = NULL;
+    BUF_MEM *new_mem = NULL;
+    char *new_pem_name = NULL;
+    int t = 0;
+
+ again:
+    {
+        size_t i = 0;
+        void *handler_ctx = NULL;
+        const FILE_HANDLER **matching_handlers =
+            OPENSSL_zalloc(sizeof(*matching_handlers)
+                           * OSSL_NELEM(file_handlers));
+
+        if (matching_handlers == NULL) {
+            OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD_TRY_DECODE,
+                          ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        *matchcount = 0;
+        for (i = 0; i < OSSL_NELEM(file_handlers); i++) {
+            const FILE_HANDLER *handler = file_handlers[i];
+            int try_matchcount = 0;
+            void *tmp_handler_ctx = NULL;
+            OSSL_STORE_INFO *tmp_result =
+                handler->try_decode(pem_name, pem_header, data, len,
+                                    &tmp_handler_ctx, &try_matchcount,
+                                    ui_method, ui_data);
+
+            if (try_matchcount > 0) {
+
+                matching_handlers[*matchcount] = handler;
+
+                if (handler_ctx)
+                    handler->destroy_ctx(&handler_ctx);
+                handler_ctx = tmp_handler_ctx;
+
+                if ((*matchcount += try_matchcount) > 1) {
+                    /* more than one match => ambiguous, kill any result */
+                    OSSL_STORE_INFO_free(result);
+                    OSSL_STORE_INFO_free(tmp_result);
+                    if (handler->destroy_ctx != NULL)
+                        handler->destroy_ctx(&handler_ctx);
+                    handler_ctx = NULL;
+                    tmp_result = NULL;
+                    result = NULL;
+                }
+                if (result == NULL)
+                    result = tmp_result;
+            }
+        }
+
+        if (*matchcount == 1 && matching_handlers[0]->repeatable) {
+            ctx->_.file.last_handler = matching_handlers[0];
+            ctx->_.file.last_handler_ctx = handler_ctx;
+        }
+
+        OPENSSL_free(matching_handlers);
+    }
+
+ err:
+    OPENSSL_free(new_pem_name);
+    BUF_MEM_free(new_mem);
+
+    if (result != NULL
+        && (t = OSSL_STORE_INFO_get_type(result)) == OSSL_STORE_INFO_EMBEDDED) {
+        pem_name = new_pem_name =
+            ossl_store_info_get0_EMBEDDED_pem_name(result);
+        new_mem = ossl_store_info_get0_EMBEDDED_buffer(result);
+        data = (unsigned char *)new_mem->data;
+        len = new_mem->length;
+        OPENSSL_free(result);
+        result = NULL;
+        goto again;
+    }
+
+    if (result != NULL)
+        ERR_clear_error();
+
+    return result;
+}
+
+static OSSL_STORE_INFO *file_load_try_repeat(OSSL_STORE_LOADER_CTX *ctx,
+                                             const UI_METHOD *ui_method,
+                                             void *ui_data)
+{
+    OSSL_STORE_INFO *result = NULL;
+    int try_matchcount = 0;
+
+    if (ctx->_.file.last_handler != NULL) {
+        result =
+            ctx->_.file.last_handler->try_decode(NULL, NULL, NULL, 0,
+                                                 &ctx->_.file.last_handler_ctx,
+                                                 &try_matchcount,
+                                                 ui_method, ui_data);
+
+        if (result == NULL) {
+            ctx->_.file.last_handler->destroy_ctx(&ctx->_.file.last_handler_ctx);
+            ctx->_.file.last_handler_ctx = NULL;
+            ctx->_.file.last_handler = NULL;
+        }
+    }
+    return result;
+}
+
+static void pem_free_flag(void *pem_data, int secure, size_t num)
+{
+    if (secure)
+        OPENSSL_secure_clear_free(pem_data, num);
+    else
+        OPENSSL_free(pem_data);
+}
+static int file_read_pem(BIO *bp, char **pem_name, char **pem_header,
+                         unsigned char **data, long *len,
+                         const UI_METHOD *ui_method,
+                         void *ui_data, int secure)
+{
+    int i = secure
+        ? PEM_read_bio_ex(bp, pem_name, pem_header, data, len,
+                          PEM_FLAG_SECURE | PEM_FLAG_EAY_COMPATIBLE)
+        : PEM_read_bio(bp, pem_name, pem_header, data, len);
+
+    if (i <= 0)
+        return 0;
+
+    /*
+     * 10 is the number of characters in "Proc-Type:", which
+     * PEM_get_EVP_CIPHER_INFO() requires to be present.
+     * If the PEM header has less characters than that, it's
+     * not worth spending cycles on it.
+     */
+    if (strlen(*pem_header) > 10) {
+        EVP_CIPHER_INFO cipher;
+        struct pem_pass_data pass_data;
+
+        if (!PEM_get_EVP_CIPHER_INFO(*pem_header, &cipher)
+            || !file_fill_pem_pass_data(&pass_data, "PEM", ui_method, ui_data)
+            || !PEM_do_header(&cipher, *data, len, file_get_pem_pass,
+                              &pass_data)) {
+            return 0;
+        }
+    }
+    return 1;
+}
+
+static int file_read_asn1(BIO *bp, unsigned char **data, long *len)
+{
+    BUF_MEM *mem = NULL;
+
+    if (asn1_d2i_read_bio(bp, &mem) < 0)
+        return 0;
+
+    *data = (unsigned char *)mem->data;
+    *len = (long)mem->length;
+    OPENSSL_free(mem);
+
+    return 1;
+}
+
+static int ends_with_dirsep(const char *uri)
+{
+    if (*uri != '\0')
+        uri += strlen(uri) - 1;
+#if defined __VMS
+    if (*uri == ']' || *uri == '>' || *uri == ':')
+        return 1;
+#elif defined _WIN32
+    if (*uri == '\\')
+        return 1;
+#endif
+    return *uri == '/';
+}
+
+static int file_name_to_uri(OSSL_STORE_LOADER_CTX *ctx, const char *name,
+                            char **data)
+{
+    assert(name != NULL);
+    assert(data != NULL);
+    {
+        const char *pathsep = ends_with_dirsep(ctx->_.dir.uri) ? "" : "/";
+        long calculated_length = strlen(ctx->_.dir.uri) + strlen(pathsep)
+            + strlen(name) + 1 /* \0 */;
+
+        *data = OPENSSL_zalloc(calculated_length);
+        if (*data == NULL) {
+            OSSL_STOREerr(OSSL_STORE_F_FILE_NAME_TO_URI, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+
+        OPENSSL_strlcat(*data, ctx->_.dir.uri, calculated_length);
+        OPENSSL_strlcat(*data, pathsep, calculated_length);
+        OPENSSL_strlcat(*data, name, calculated_length);
+    }
+    return 1;
+}
+
+static int file_name_check(OSSL_STORE_LOADER_CTX *ctx, const char *name)
+{
+    const char *p = NULL;
+
+    /* If there are no search criteria, all names are accepted */
+    if (ctx->_.dir.search_name[0] == '\0')
+        return 1;
+
+    /* If the expected type isn't supported, no name is accepted */
+    if (ctx->expected_type != 0
+        && ctx->expected_type != OSSL_STORE_INFO_CERT
+        && ctx->expected_type != OSSL_STORE_INFO_CRL)
+        return 0;
+
+    /*
+     * First, check the basename
+     */
+    if (strncasecmp(name, ctx->_.dir.search_name,
+                    sizeof(ctx->_.dir.search_name) - 1) != 0
+        || name[sizeof(ctx->_.dir.search_name) - 1] != '.')
+        return 0;
+    p = &name[sizeof(ctx->_.dir.search_name)];
+
+    /*
+     * Then, if the expected type is a CRL, check that the extension starts
+     * with 'r'
+     */
+    if (*p == 'r') {
+        p++;
+        if (ctx->expected_type != 0
+            && ctx->expected_type != OSSL_STORE_INFO_CRL)
+            return 0;
+    } else if (ctx->expected_type == OSSL_STORE_INFO_CRL) {
+        return 0;
+    }
+
+    /*
+     * Last, check that the rest of the extension is a decimal number, at
+     * least one digit long.
+     */
+    if (!ossl_isdigit(*p))
+        return 0;
+    while (ossl_isdigit(*p))
+        p++;
+
+# ifdef __VMS
+    /*
+     * One extra step here, check for a possible generation number.
+     */
+    if (*p == ';')
+        for (p++; *p != '\0'; p++)
+            if (!ossl_isdigit(*p))
+                break;
+# endif
+
+    /*
+     * If we've reached the end of the string at this point, we've successfully
+     * found a fitting file name.
+     */
+    return *p == '\0';
+}
+
+static int file_eof(OSSL_STORE_LOADER_CTX *ctx);
+static int file_error(OSSL_STORE_LOADER_CTX *ctx);
+static OSSL_STORE_INFO *file_load(OSSL_STORE_LOADER_CTX *ctx,
+                                  const UI_METHOD *ui_method, void *ui_data)
+{
+    OSSL_STORE_INFO *result = NULL;
+
+    ctx->errcnt = 0;
+    ERR_clear_error();
+
+    if (ctx->type == is_dir) {
+        do {
+            char *newname = NULL;
+
+            if (ctx->_.dir.last_entry == NULL) {
+                if (!ctx->_.dir.end_reached) {
+                    char errbuf[256];
+                    assert(ctx->_.dir.last_errno != 0);
+                    errno = ctx->_.dir.last_errno;
+                    ctx->errcnt++;
+                    openssl_strerror_r(errno, errbuf, sizeof(errbuf));
+                    OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD, ERR_R_SYS_LIB);
+                    ERR_add_error_data(1, errbuf);
+                }
+                return NULL;
+            }
+
+            if (ctx->_.dir.last_entry[0] != '.'
+                && file_name_check(ctx, ctx->_.dir.last_entry)
+                && !file_name_to_uri(ctx, ctx->_.dir.last_entry, &newname))
+                return NULL;
+
+            /*
+             * On the first call (with a NULL context), OPENSSL_DIR_read()
+             * cares about the second argument.  On the following calls, it
+             * only cares that it isn't NULL.  Therefore, we can safely give
+             * it our URI here.
+             */
+            ctx->_.dir.last_entry = OPENSSL_DIR_read(&ctx->_.dir.ctx,
+                                                     ctx->_.dir.uri);
+            ctx->_.dir.last_errno = errno;
+            if (ctx->_.dir.last_entry == NULL && ctx->_.dir.last_errno == 0)
+                ctx->_.dir.end_reached = 1;
+
+            if (newname != NULL
+                && (result = OSSL_STORE_INFO_new_NAME(newname)) == NULL) {
+                OPENSSL_free(newname);
+                OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD, ERR_R_OSSL_STORE_LIB);
+                return NULL;
+            }
+        } while (result == NULL && !file_eof(ctx));
+    } else {
+        int matchcount = -1;
+
+     again:
+        result = file_load_try_repeat(ctx, ui_method, ui_data);
+        if (result != NULL)
+            return result;
+
+        if (file_eof(ctx))
+            return NULL;
+
+        do {
+            char *pem_name = NULL;      /* PEM record name */
+            char *pem_header = NULL;    /* PEM record header */
+            unsigned char *data = NULL; /* DER encoded data */
+            long len = 0;               /* DER encoded data length */
+
+            matchcount = -1;
+            if (ctx->type == is_pem) {
+                if (!file_read_pem(ctx->_.file.file, &pem_name, &pem_header,
+                                   &data, &len, ui_method, ui_data,
+                                   (ctx->flags & FILE_FLAG_SECMEM) != 0)) {
+                    ctx->errcnt++;
+                    goto endloop;
+                }
+            } else {
+                if (!file_read_asn1(ctx->_.file.file, &data, &len)) {
+                    ctx->errcnt++;
+                    goto endloop;
+                }
+            }
+
+            result = file_load_try_decode(ctx, pem_name, pem_header, data, len,
+                                          ui_method, ui_data, &matchcount);
+
+            if (result != NULL)
+                goto endloop;
+
+            /*
+             * If a PEM name matches more than one handler, the handlers are
+             * badly coded.
+             */
+            if (!ossl_assert(pem_name == NULL || matchcount <= 1)) {
+                ctx->errcnt++;
+                goto endloop;
+            }
+
+            if (matchcount > 1) {
+                OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD,
+                              OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE);
+            } else if (matchcount == 1) {
+                /*
+                 * If there are other errors on the stack, they already show
+                 * what the problem is.
+                 */
+                if (ERR_peek_error() == 0) {
+                    OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD,
+                                  OSSL_STORE_R_UNSUPPORTED_CONTENT_TYPE);
+                    if (pem_name != NULL)
+                        ERR_add_error_data(3, "PEM type is '", pem_name, "'");
+                }
+            }
+            if (matchcount > 0)
+                ctx->errcnt++;
+
+         endloop:
+            pem_free_flag(pem_name, (ctx->flags & FILE_FLAG_SECMEM) != 0, 0);
+            pem_free_flag(pem_header, (ctx->flags & FILE_FLAG_SECMEM) != 0, 0);
+            pem_free_flag(data, (ctx->flags & FILE_FLAG_SECMEM) != 0, len);
+        } while (matchcount == 0 && !file_eof(ctx) && !file_error(ctx));
+
+        /* We bail out on ambiguity */
+        if (matchcount > 1)
+            return NULL;
+
+        if (result != NULL
+            && ctx->expected_type != 0
+            && ctx->expected_type != OSSL_STORE_INFO_get_type(result)) {
+            OSSL_STORE_INFO_free(result);
+            goto again;
+        }
+    }
+
+    return result;
+}
+
+static int file_error(OSSL_STORE_LOADER_CTX *ctx)
+{
+    return ctx->errcnt > 0;
+}
+
+static int file_eof(OSSL_STORE_LOADER_CTX *ctx)
+{
+    if (ctx->type == is_dir)
+        return ctx->_.dir.end_reached;
+
+    if (ctx->_.file.last_handler != NULL
+        && !ctx->_.file.last_handler->eof(ctx->_.file.last_handler_ctx))
+        return 0;
+    return BIO_eof(ctx->_.file.file);
+}
+
+static int file_close(OSSL_STORE_LOADER_CTX *ctx)
+{
+    if (ctx->type == is_dir) {
+        OPENSSL_DIR_end(&ctx->_.dir.ctx);
+    } else {
+        BIO_free_all(ctx->_.file.file);
+    }
+    OSSL_STORE_LOADER_CTX_free(ctx);
+    return 1;
+}
+
+int ossl_store_file_detach_pem_bio_int(OSSL_STORE_LOADER_CTX *ctx)
+{
+    OSSL_STORE_LOADER_CTX_free(ctx);
+    return 1;
+}
+
+static OSSL_STORE_LOADER file_loader =
+    {
+        "file",
+        NULL,
+        file_open,
+        file_ctrl,
+        file_expect,
+        file_find,
+        file_load,
+        file_eof,
+        file_error,
+        file_close
+    };
+
+static void store_file_loader_deinit(void)
+{
+    ossl_store_unregister_loader_int(file_loader.scheme);
+}
+
+int ossl_store_file_loader_init(void)
+{
+    int ret = ossl_store_register_loader_int(&file_loader);
+
+    OPENSSL_atexit(store_file_loader_deinit);
+    return ret;
+}
diff --git a/freebsd/crypto/openssl/crypto/store/store_err.c b/freebsd/crypto/openssl/crypto/store/store_err.c
new file mode 100644
index 00000000..0e4687c1
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/store/store_err.c
@@ -0,0 +1,148 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/storeerr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA OSSL_STORE_str_functs[] = {
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_FILE_CTRL, 0), "file_ctrl"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_FILE_FIND, 0), "file_find"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_FILE_GET_PASS, 0),
+     "file_get_pass"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_FILE_LOAD, 0), "file_load"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_FILE_LOAD_TRY_DECODE, 0),
+     "file_load_try_decode"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_FILE_NAME_TO_URI, 0),
+     "file_name_to_uri"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_FILE_OPEN, 0), "file_open"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_ATTACH_PEM_BIO, 0),
+     "ossl_store_attach_pem_bio"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_EXPECT, 0),
+     "OSSL_STORE_expect"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_FILE_ATTACH_PEM_BIO_INT, 0),
+     "ossl_store_file_attach_pem_bio_int"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_FIND, 0),
+     "OSSL_STORE_find"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_GET0_LOADER_INT, 0),
+     "ossl_store_get0_loader_int"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_GET1_CERT, 0),
+     "OSSL_STORE_INFO_get1_CERT"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_GET1_CRL, 0),
+     "OSSL_STORE_INFO_get1_CRL"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME, 0),
+     "OSSL_STORE_INFO_get1_NAME"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION, 0),
+     "OSSL_STORE_INFO_get1_NAME_description"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_GET1_PARAMS, 0),
+     "OSSL_STORE_INFO_get1_PARAMS"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_GET1_PKEY, 0),
+     "OSSL_STORE_INFO_get1_PKEY"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_NEW_CERT, 0),
+     "OSSL_STORE_INFO_new_CERT"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_NEW_CRL, 0),
+     "OSSL_STORE_INFO_new_CRL"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED, 0),
+     "ossl_store_info_new_EMBEDDED"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_NEW_NAME, 0),
+     "OSSL_STORE_INFO_new_NAME"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_NEW_PARAMS, 0),
+     "OSSL_STORE_INFO_new_PARAMS"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_NEW_PKEY, 0),
+     "OSSL_STORE_INFO_new_PKEY"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_SET0_NAME_DESCRIPTION, 0),
+     "OSSL_STORE_INFO_set0_NAME_description"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INIT_ONCE, 0),
+     "ossl_store_init_once"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_LOADER_NEW, 0),
+     "OSSL_STORE_LOADER_new"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_OPEN, 0),
+     "OSSL_STORE_open"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_OPEN_INT, 0), ""},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_REGISTER_LOADER_INT, 0),
+     "ossl_store_register_loader_int"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ALIAS, 0),
+     "OSSL_STORE_SEARCH_by_alias"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ISSUER_SERIAL, 0),
+     "OSSL_STORE_SEARCH_by_issuer_serial"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT, 0),
+     "OSSL_STORE_SEARCH_by_key_fingerprint"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_SEARCH_BY_NAME, 0),
+     "OSSL_STORE_SEARCH_by_name"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_UNREGISTER_LOADER_INT, 0),
+     "ossl_store_unregister_loader_int"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_TRY_DECODE_PARAMS, 0),
+     "try_decode_params"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_TRY_DECODE_PKCS12, 0),
+     "try_decode_PKCS12"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED, 0),
+     "try_decode_PKCS8Encrypted"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA OSSL_STORE_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE),
+    "ambiguous content type"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_BAD_PASSWORD_READ),
+    "bad password read"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC),
+    "error verifying pkcs12 mac"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST),
+    "fingerprint size does not match digest"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_INVALID_SCHEME),
+    "invalid scheme"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_IS_NOT_A), "is not a"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_LOADER_INCOMPLETE),
+    "loader incomplete"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_LOADING_STARTED),
+    "loading started"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_A_CERTIFICATE),
+    "not a certificate"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_A_CRL), "not a crl"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_A_KEY), "not a key"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_A_NAME), "not a name"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_PARAMETERS),
+    "not parameters"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR),
+    "passphrase callback error"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE),
+    "path must be absolute"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES),
+    "search only supported for directories"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED),
+    "ui process interrupted or cancelled"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_UNREGISTERED_SCHEME),
+    "unregistered scheme"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_UNSUPPORTED_CONTENT_TYPE),
+    "unsupported content type"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_UNSUPPORTED_OPERATION),
+    "unsupported operation"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_UNSUPPORTED_SEARCH_TYPE),
+    "unsupported search type"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_URI_AUTHORITY_UNSUPPORTED),
+    "uri authority unsupported"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_OSSL_STORE_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(OSSL_STORE_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(OSSL_STORE_str_functs);
+        ERR_load_strings_const(OSSL_STORE_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/freebsd/crypto/openssl/crypto/store/store_init.c b/freebsd/crypto/openssl/crypto/store/store_init.c
new file mode 100644
index 00000000..51505f20
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/store/store_init.c
@@ -0,0 +1,35 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include "internal/store.h"
+#include "store_locl.h"
+
+static CRYPTO_ONCE store_init = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(do_store_init)
+{
+    return OPENSSL_init_crypto(0, NULL)
+        && ossl_store_file_loader_init();
+}
+
+int ossl_store_init_once(void)
+{
+    if (!RUN_ONCE(&store_init, do_store_init)) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INIT_ONCE, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    return 1;
+}
+
+void ossl_store_cleanup_int(void)
+{
+    ossl_store_destroy_loaders_int();
+}
diff --git a/freebsd/crypto/openssl/crypto/store/store_lib.c b/freebsd/crypto/openssl/crypto/store/store_lib.c
new file mode 100644
index 00000000..7c6b55ea
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/store/store_lib.c
@@ -0,0 +1,683 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+
+#include "e_os.h"
+
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/store.h>
+#include "internal/thread_once.h"
+#include "internal/store_int.h"
+#include "store_locl.h"
+
+struct ossl_store_ctx_st {
+    const OSSL_STORE_LOADER *loader;
+    OSSL_STORE_LOADER_CTX *loader_ctx;
+    const UI_METHOD *ui_method;
+    void *ui_data;
+    OSSL_STORE_post_process_info_fn post_process;
+    void *post_process_data;
+    int expected_type;
+
+    /* 0 before the first STORE_load(), 1 otherwise */
+    int loading;
+};
+
+OSSL_STORE_CTX *OSSL_STORE_open(const char *uri, const UI_METHOD *ui_method,
+                                void *ui_data,
+                                OSSL_STORE_post_process_info_fn post_process,
+                                void *post_process_data)
+{
+    const OSSL_STORE_LOADER *loader = NULL;
+    OSSL_STORE_LOADER_CTX *loader_ctx = NULL;
+    OSSL_STORE_CTX *ctx = NULL;
+    char scheme_copy[256], *p, *schemes[2];
+    size_t schemes_n = 0;
+    size_t i;
+
+    /*
+     * Put the file scheme first.  If the uri does represent an existing file,
+     * possible device name and all, then it should be loaded.  Only a failed
+     * attempt at loading a local file should have us try something else.
+     */
+    schemes[schemes_n++] = "file";
+
+    /*
+     * Now, check if we have something that looks like a scheme, and add it
+     * as a second scheme.  However, also check if there's an authority start
+     * (://), because that will invalidate the previous file scheme.  Also,
+     * check that this isn't actually the file scheme, as there's no point
+     * going through that one twice!
+     */
+    OPENSSL_strlcpy(scheme_copy, uri, sizeof(scheme_copy));
+    if ((p = strchr(scheme_copy, ':')) != NULL) {
+        *p++ = '\0';
+        if (strcasecmp(scheme_copy, "file") != 0) {
+            if (strncmp(p, "//", 2) == 0)
+                schemes_n--;         /* Invalidate the file scheme */
+            schemes[schemes_n++] = scheme_copy;
+        }
+    }
+
+    ERR_set_mark();
+
+    /* Try each scheme until we find one that could open the URI */
+    for (i = 0; loader_ctx == NULL && i < schemes_n; i++) {
+        if ((loader = ossl_store_get0_loader_int(schemes[i])) != NULL)
+            loader_ctx = loader->open(loader, uri, ui_method, ui_data);
+    }
+    if (loader_ctx == NULL)
+        goto err;
+
+    if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_OPEN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    ctx->loader = loader;
+    ctx->loader_ctx = loader_ctx;
+    ctx->ui_method = ui_method;
+    ctx->ui_data = ui_data;
+    ctx->post_process = post_process;
+    ctx->post_process_data = post_process_data;
+
+    /*
+     * If the attempt to open with the 'file' scheme loader failed and the
+     * other scheme loader succeeded, the failure to open with the 'file'
+     * scheme loader leaves an error on the error stack.  Let's remove it.
+     */
+    ERR_pop_to_mark();
+
+    return ctx;
+
+ err:
+    ERR_clear_last_mark();
+    if (loader_ctx != NULL) {
+        /*
+         * We ignore a returned error because we will return NULL anyway in
+         * this case, so if something goes wrong when closing, that'll simply
+         * just add another entry on the error stack.
+         */
+        (void)loader->close(loader_ctx);
+    }
+    return NULL;
+}
+
+int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ...)
+{
+    va_list args;
+    int ret;
+
+    va_start(args, cmd);
+    ret = OSSL_STORE_vctrl(ctx, cmd, args);
+    va_end(args);
+
+    return ret;
+}
+
+int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd, va_list args)
+{
+    if (ctx->loader->ctrl != NULL)
+        return ctx->loader->ctrl(ctx->loader_ctx, cmd, args);
+    return 0;
+}
+
+int OSSL_STORE_expect(OSSL_STORE_CTX *ctx, int expected_type)
+{
+    if (ctx->loading) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_EXPECT,
+                      OSSL_STORE_R_LOADING_STARTED);
+        return 0;
+    }
+
+    ctx->expected_type = expected_type;
+    if (ctx->loader->expect != NULL)
+        return ctx->loader->expect(ctx->loader_ctx, expected_type);
+    return 1;
+}
+
+int OSSL_STORE_find(OSSL_STORE_CTX *ctx, OSSL_STORE_SEARCH *search)
+{
+    if (ctx->loading) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_FIND,
+                      OSSL_STORE_R_LOADING_STARTED);
+        return 0;
+    }
+    if (ctx->loader->find == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_FIND,
+                      OSSL_STORE_R_UNSUPPORTED_OPERATION);
+        return 0;
+    }
+
+    return ctx->loader->find(ctx->loader_ctx, search);
+}
+
+OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx)
+{
+    OSSL_STORE_INFO *v = NULL;
+
+    ctx->loading = 1;
+ again:
+    if (OSSL_STORE_eof(ctx))
+        return NULL;
+
+    v = ctx->loader->load(ctx->loader_ctx, ctx->ui_method, ctx->ui_data);
+
+    if (ctx->post_process != NULL && v != NULL) {
+        v = ctx->post_process(v, ctx->post_process_data);
+
+        /*
+         * By returning NULL, the callback decides that this object should
+         * be ignored.
+         */
+        if (v == NULL)
+            goto again;
+    }
+
+    if (v != NULL && ctx->expected_type != 0) {
+        int returned_type = OSSL_STORE_INFO_get_type(v);
+
+        if (returned_type != OSSL_STORE_INFO_NAME && returned_type != 0) {
+            /*
+             * Soft assert here so those who want to harsly weed out faulty
+             * loaders can do so using a debugging version of libcrypto.
+             */
+            if (ctx->loader->expect != NULL)
+                assert(ctx->expected_type == returned_type);
+
+            if (ctx->expected_type != returned_type) {
+                OSSL_STORE_INFO_free(v);
+                goto again;
+            }
+        }
+    }
+
+    return v;
+}
+
+int OSSL_STORE_error(OSSL_STORE_CTX *ctx)
+{
+    return ctx->loader->error(ctx->loader_ctx);
+}
+
+int OSSL_STORE_eof(OSSL_STORE_CTX *ctx)
+{
+    return ctx->loader->eof(ctx->loader_ctx);
+}
+
+int OSSL_STORE_close(OSSL_STORE_CTX *ctx)
+{
+    int loader_ret = ctx->loader->close(ctx->loader_ctx);
+
+    OPENSSL_free(ctx);
+    return loader_ret;
+}
+
+/*
+ * Functions to generate OSSL_STORE_INFOs, one function for each type we
+ * support having in them as well as a generic constructor.
+ *
+ * In all cases, ownership of the object is transfered to the OSSL_STORE_INFO
+ * and will therefore be freed when the OSSL_STORE_INFO is freed.
+ */
+static OSSL_STORE_INFO *store_info_new(int type, void *data)
+{
+    OSSL_STORE_INFO *info = OPENSSL_zalloc(sizeof(*info));
+
+    if (info == NULL)
+        return NULL;
+
+    info->type = type;
+    info->_.data = data;
+    return info;
+}
+
+OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name)
+{
+    OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_NAME, NULL);
+
+    if (info == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_NAME,
+                      ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    info->_.name.name = name;
+    info->_.name.desc = NULL;
+
+    return info;
+}
+
+int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc)
+{
+    if (info->type != OSSL_STORE_INFO_NAME) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_SET0_NAME_DESCRIPTION,
+                      ERR_R_PASSED_INVALID_ARGUMENT);
+        return 0;
+    }
+
+    info->_.name.desc = desc;
+
+    return 1;
+}
+OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(EVP_PKEY *params)
+{
+    OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_PARAMS, params);
+
+    if (info == NULL)
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_PARAMS,
+                      ERR_R_MALLOC_FAILURE);
+    return info;
+}
+
+OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey)
+{
+    OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_PKEY, pkey);
+
+    if (info == NULL)
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_PKEY,
+                      ERR_R_MALLOC_FAILURE);
+    return info;
+}
+
+OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509)
+{
+    OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_CERT, x509);
+
+    if (info == NULL)
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_CERT,
+                      ERR_R_MALLOC_FAILURE);
+    return info;
+}
+
+OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl)
+{
+    OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_CRL, crl);
+
+    if (info == NULL)
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_CRL,
+                      ERR_R_MALLOC_FAILURE);
+    return info;
+}
+
+/*
+ * Functions to try to extract data from a OSSL_STORE_INFO.
+ */
+int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *info)
+{
+    return info->type;
+}
+
+const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_NAME)
+        return info->_.name.name;
+    return NULL;
+}
+
+char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_NAME) {
+        char *ret = OPENSSL_strdup(info->_.name.name);
+
+        if (ret == NULL)
+            OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME,
+                          ERR_R_MALLOC_FAILURE);
+        return ret;
+    }
+    OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME,
+                  OSSL_STORE_R_NOT_A_NAME);
+    return NULL;
+}
+
+const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_NAME)
+        return info->_.name.desc;
+    return NULL;
+}
+
+char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_NAME) {
+        char *ret = OPENSSL_strdup(info->_.name.desc
+                                   ? info->_.name.desc : "");
+
+        if (ret == NULL)
+            OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION,
+                     ERR_R_MALLOC_FAILURE);
+        return ret;
+    }
+    OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION,
+                  OSSL_STORE_R_NOT_A_NAME);
+    return NULL;
+}
+
+EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_PARAMS)
+        return info->_.params;
+    return NULL;
+}
+
+EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_PARAMS) {
+        EVP_PKEY_up_ref(info->_.params);
+        return info->_.params;
+    }
+    OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_PARAMS,
+                  OSSL_STORE_R_NOT_PARAMETERS);
+    return NULL;
+}
+
+EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_PKEY)
+        return info->_.pkey;
+    return NULL;
+}
+
+EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_PKEY) {
+        EVP_PKEY_up_ref(info->_.pkey);
+        return info->_.pkey;
+    }
+    OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_PKEY,
+                  OSSL_STORE_R_NOT_A_KEY);
+    return NULL;
+}
+
+X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_CERT)
+        return info->_.x509;
+    return NULL;
+}
+
+X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_CERT) {
+        X509_up_ref(info->_.x509);
+        return info->_.x509;
+    }
+    OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_CERT,
+                  OSSL_STORE_R_NOT_A_CERTIFICATE);
+    return NULL;
+}
+
+X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_CRL)
+        return info->_.crl;
+    return NULL;
+}
+
+X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_CRL) {
+        X509_CRL_up_ref(info->_.crl);
+        return info->_.crl;
+    }
+    OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_CRL,
+                  OSSL_STORE_R_NOT_A_CRL);
+    return NULL;
+}
+
+/*
+ * Free the OSSL_STORE_INFO
+ */
+void OSSL_STORE_INFO_free(OSSL_STORE_INFO *info)
+{
+    if (info != NULL) {
+        switch (info->type) {
+        case OSSL_STORE_INFO_EMBEDDED:
+            BUF_MEM_free(info->_.embedded.blob);
+            OPENSSL_free(info->_.embedded.pem_name);
+            break;
+        case OSSL_STORE_INFO_NAME:
+            OPENSSL_free(info->_.name.name);
+            OPENSSL_free(info->_.name.desc);
+            break;
+        case OSSL_STORE_INFO_PARAMS:
+            EVP_PKEY_free(info->_.params);
+            break;
+        case OSSL_STORE_INFO_PKEY:
+            EVP_PKEY_free(info->_.pkey);
+            break;
+        case OSSL_STORE_INFO_CERT:
+            X509_free(info->_.x509);
+            break;
+        case OSSL_STORE_INFO_CRL:
+            X509_CRL_free(info->_.crl);
+            break;
+        }
+        OPENSSL_free(info);
+    }
+}
+
+int OSSL_STORE_supports_search(OSSL_STORE_CTX *ctx, int search_type)
+{
+    OSSL_STORE_SEARCH tmp_search;
+
+    if (ctx->loader->find == NULL)
+        return 0;
+    tmp_search.search_type = search_type;
+    return ctx->loader->find(NULL, &tmp_search);
+}
+
+/* Search term constructors */
+OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(X509_NAME *name)
+{
+    OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
+
+    if (search == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_SEARCH_BY_NAME,
+                      ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    search->search_type = OSSL_STORE_SEARCH_BY_NAME;
+    search->name = name;
+    return search;
+}
+
+OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME *name,
+                                                    const ASN1_INTEGER *serial)
+{
+    OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
+
+    if (search == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ISSUER_SERIAL,
+                      ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    search->search_type = OSSL_STORE_SEARCH_BY_ISSUER_SERIAL;
+    search->name = name;
+    search->serial = serial;
+    return search;
+}
+
+OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD *digest,
+                                                        const unsigned char
+                                                        *bytes, size_t len)
+{
+    OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
+
+    if (search == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT,
+                      ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if (digest != NULL && len != (size_t)EVP_MD_size(digest)) {
+        char buf1[20], buf2[20];
+
+        BIO_snprintf(buf1, sizeof(buf1), "%d", EVP_MD_size(digest));
+        BIO_snprintf(buf2, sizeof(buf2), "%zu", len);
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT,
+                      OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST);
+        ERR_add_error_data(5, EVP_MD_name(digest), " size is ", buf1,
+                           ", fingerprint size is ", buf2);
+    }
+
+    search->search_type = OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT;
+    search->digest = digest;
+    search->string = bytes;
+    search->stringlength = len;
+    return search;
+}
+
+OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_alias(const char *alias)
+{
+    OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
+
+    if (search == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ALIAS,
+                      ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    search->search_type = OSSL_STORE_SEARCH_BY_ALIAS;
+    search->string = (const unsigned char *)alias;
+    search->stringlength = strlen(alias);
+    return search;
+}
+
+/* Search term destructor */
+void OSSL_STORE_SEARCH_free(OSSL_STORE_SEARCH *search)
+{
+    OPENSSL_free(search);
+}
+
+/* Search term accessors */
+int OSSL_STORE_SEARCH_get_type(const OSSL_STORE_SEARCH *criterion)
+{
+    return criterion->search_type;
+}
+
+X509_NAME *OSSL_STORE_SEARCH_get0_name(OSSL_STORE_SEARCH *criterion)
+{
+    return criterion->name;
+}
+
+const ASN1_INTEGER *OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH
+                                                 *criterion)
+{
+    return criterion->serial;
+}
+
+const unsigned char *OSSL_STORE_SEARCH_get0_bytes(const OSSL_STORE_SEARCH
+                                                  *criterion, size_t *length)
+{
+    *length = criterion->stringlength;
+    return criterion->string;
+}
+
+const char *OSSL_STORE_SEARCH_get0_string(const OSSL_STORE_SEARCH *criterion)
+{
+    return (const char *)criterion->string;
+}
+
+const EVP_MD *OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH *criterion)
+{
+    return criterion->digest;
+}
+
+/* Internal functions */
+OSSL_STORE_INFO *ossl_store_info_new_EMBEDDED(const char *new_pem_name,
+                                              BUF_MEM *embedded)
+{
+    OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_EMBEDDED, NULL);
+
+    if (info == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED,
+                      ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    info->_.embedded.blob = embedded;
+    info->_.embedded.pem_name =
+        new_pem_name == NULL ? NULL : OPENSSL_strdup(new_pem_name);
+
+    if (new_pem_name != NULL && info->_.embedded.pem_name == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED,
+                      ERR_R_MALLOC_FAILURE);
+        OSSL_STORE_INFO_free(info);
+        info = NULL;
+    }
+
+    return info;
+}
+
+BUF_MEM *ossl_store_info_get0_EMBEDDED_buffer(OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_EMBEDDED)
+        return info->_.embedded.blob;
+    return NULL;
+}
+
+char *ossl_store_info_get0_EMBEDDED_pem_name(OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_EMBEDDED)
+        return info->_.embedded.pem_name;
+    return NULL;
+}
+
+OSSL_STORE_CTX *ossl_store_attach_pem_bio(BIO *bp, const UI_METHOD *ui_method,
+                                          void *ui_data)
+{
+    OSSL_STORE_CTX *ctx = NULL;
+    const OSSL_STORE_LOADER *loader = NULL;
+    OSSL_STORE_LOADER_CTX *loader_ctx = NULL;
+
+    if ((loader = ossl_store_get0_loader_int("file")) == NULL
+        || ((loader_ctx = ossl_store_file_attach_pem_bio_int(bp)) == NULL))
+        goto done;
+    if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_ATTACH_PEM_BIO,
+                     ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    ctx->loader = loader;
+    ctx->loader_ctx = loader_ctx;
+    loader_ctx = NULL;
+    ctx->ui_method = ui_method;
+    ctx->ui_data = ui_data;
+    ctx->post_process = NULL;
+    ctx->post_process_data = NULL;
+
+ done:
+    if (loader_ctx != NULL)
+        /*
+         * We ignore a returned error because we will return NULL anyway in
+         * this case, so if something goes wrong when closing, that'll simply
+         * just add another entry on the error stack.
+         */
+        (void)loader->close(loader_ctx);
+    return ctx;
+}
+
+int ossl_store_detach_pem_bio(OSSL_STORE_CTX *ctx)
+{
+    int loader_ret = ossl_store_file_detach_pem_bio_int(ctx->loader_ctx);
+
+    OPENSSL_free(ctx);
+    return loader_ret;
+}
diff --git a/freebsd/crypto/openssl/crypto/store/store_locl.h b/freebsd/crypto/openssl/crypto/store/store_locl.h
new file mode 100644
index 00000000..369dcb33
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/store/store_locl.h
@@ -0,0 +1,132 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/thread_once.h"
+#include <openssl/dsa.h>
+#include <openssl/engine.h>
+#include <openssl/evp.h>
+#include <openssl/lhash.h>
+#include <openssl/x509.h>
+#include <openssl/store.h>
+
+/*-
+ *  OSSL_STORE_INFO stuff
+ *  ---------------------
+ */
+
+struct ossl_store_info_st {
+    int type;
+    union {
+        void *data;              /* used internally as generic pointer */
+
+        struct {
+            BUF_MEM *blob;
+            char *pem_name;
+        } embedded;              /* when type == OSSL_STORE_INFO_EMBEDDED */
+
+        struct {
+            char *name;
+            char *desc;
+        } name;                  /* when type == OSSL_STORE_INFO_NAME */
+
+        EVP_PKEY *params;        /* when type == OSSL_STORE_INFO_PARAMS */
+        EVP_PKEY *pkey;          /* when type == OSSL_STORE_INFO_PKEY */
+        X509 *x509;              /* when type == OSSL_STORE_INFO_CERT */
+        X509_CRL *crl;           /* when type == OSSL_STORE_INFO_CRL */
+    } _;
+};
+
+DEFINE_STACK_OF(OSSL_STORE_INFO)
+
+/*
+ * EMBEDDED is a special type of OSSL_STORE_INFO, specially for the file
+ * handlers.  It should never reach a calling application or any engine.
+ * However, it can be used by a FILE_HANDLER's try_decode function to signal
+ * that it has decoded the incoming blob into a new blob, and that the
+ * attempted decoding should be immediately restarted with the new blob, using
+ * the new PEM name.
+ */
+/*
+ * Because this is an internal type, we don't make it public.
+ */
+#define OSSL_STORE_INFO_EMBEDDED       -1
+OSSL_STORE_INFO *ossl_store_info_new_EMBEDDED(const char *new_pem_name,
+                                              BUF_MEM *embedded);
+BUF_MEM *ossl_store_info_get0_EMBEDDED_buffer(OSSL_STORE_INFO *info);
+char *ossl_store_info_get0_EMBEDDED_pem_name(OSSL_STORE_INFO *info);
+
+/*-
+ *  OSSL_STORE_SEARCH stuff
+ *  -----------------------
+ */
+
+struct ossl_store_search_st {
+    int search_type;
+
+    /*
+     * Used by OSSL_STORE_SEARCH_BY_NAME and
+     * OSSL_STORE_SEARCH_BY_ISSUER_SERIAL
+     */
+    X509_NAME *name;
+
+    /* Used by OSSL_STORE_SEARCH_BY_ISSUER_SERIAL */
+    const ASN1_INTEGER *serial;
+
+    /* Used by OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT */
+    const EVP_MD *digest;
+
+    /*
+     * Used by OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT and
+     * OSSL_STORE_SEARCH_BY_ALIAS
+     */
+    const unsigned char *string;
+    size_t stringlength;
+};
+
+/*-
+ *  OSSL_STORE_LOADER stuff
+ *  -----------------------
+ */
+
+int ossl_store_register_loader_int(OSSL_STORE_LOADER *loader);
+OSSL_STORE_LOADER *ossl_store_unregister_loader_int(const char *scheme);
+
+/* loader stuff */
+struct ossl_store_loader_st {
+    const char *scheme;
+    ENGINE *engine;
+    OSSL_STORE_open_fn open;
+    OSSL_STORE_ctrl_fn ctrl;
+    OSSL_STORE_expect_fn expect;
+    OSSL_STORE_find_fn find;
+    OSSL_STORE_load_fn load;
+    OSSL_STORE_eof_fn eof;
+    OSSL_STORE_error_fn error;
+    OSSL_STORE_close_fn close;
+};
+DEFINE_LHASH_OF(OSSL_STORE_LOADER);
+
+const OSSL_STORE_LOADER *ossl_store_get0_loader_int(const char *scheme);
+void ossl_store_destroy_loaders_int(void);
+
+/*-
+ *  OSSL_STORE init stuff
+ *  ---------------------
+ */
+
+int ossl_store_init_once(void);
+int ossl_store_file_loader_init(void);
+
+/*-
+ *  'file' scheme stuff
+ *  -------------------
+ */
+
+OSSL_STORE_LOADER_CTX *ossl_store_file_attach_pem_bio_int(BIO *bp);
+int ossl_store_file_detach_pem_bio_int(OSSL_STORE_LOADER_CTX *ctx);
diff --git a/freebsd/crypto/openssl/crypto/store/store_register.c b/freebsd/crypto/openssl/crypto/store/store_register.c
new file mode 100644
index 00000000..01025a46
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/store/store_register.c
@@ -0,0 +1,299 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include "internal/ctype.h"
+#include <assert.h>
+
+#include <openssl/err.h>
+#include <openssl/lhash.h>
+#include "store_locl.h"
+
+static CRYPTO_RWLOCK *registry_lock;
+static CRYPTO_ONCE registry_init = CRYPTO_ONCE_STATIC_INIT;
+
+DEFINE_RUN_ONCE_STATIC(do_registry_init)
+{
+    registry_lock = CRYPTO_THREAD_lock_new();
+    return registry_lock != NULL;
+}
+
+/*
+ *  Functions for manipulating OSSL_STORE_LOADERs
+ */
+
+OSSL_STORE_LOADER *OSSL_STORE_LOADER_new(ENGINE *e, const char *scheme)
+{
+    OSSL_STORE_LOADER *res = NULL;
+
+    /*
+     * We usually don't check NULL arguments.  For loaders, though, the
+     * scheme is crucial and must never be NULL, or the user will get
+     * mysterious errors when trying to register the created loader
+     * later on.
+     */
+    if (scheme == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_LOADER_NEW,
+                      OSSL_STORE_R_INVALID_SCHEME);
+        return NULL;
+    }
+
+    if ((res = OPENSSL_zalloc(sizeof(*res))) == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_LOADER_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    res->engine = e;
+    res->scheme = scheme;
+    return res;
+}
+
+const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader)
+{
+    return loader->engine;
+}
+
+const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader)
+{
+    return loader->scheme;
+}
+
+int OSSL_STORE_LOADER_set_open(OSSL_STORE_LOADER *loader,
+                               OSSL_STORE_open_fn open_function)
+{
+    loader->open = open_function;
+    return 1;
+}
+
+int OSSL_STORE_LOADER_set_ctrl(OSSL_STORE_LOADER *loader,
+                               OSSL_STORE_ctrl_fn ctrl_function)
+{
+    loader->ctrl = ctrl_function;
+    return 1;
+}
+
+int OSSL_STORE_LOADER_set_expect(OSSL_STORE_LOADER *loader,
+                                 OSSL_STORE_expect_fn expect_function)
+{
+    loader->expect = expect_function;
+    return 1;
+}
+
+int OSSL_STORE_LOADER_set_find(OSSL_STORE_LOADER *loader,
+                               OSSL_STORE_find_fn find_function)
+{
+    loader->find = find_function;
+    return 1;
+}
+
+int OSSL_STORE_LOADER_set_load(OSSL_STORE_LOADER *loader,
+                               OSSL_STORE_load_fn load_function)
+{
+    loader->load = load_function;
+    return 1;
+}
+
+int OSSL_STORE_LOADER_set_eof(OSSL_STORE_LOADER *loader,
+                              OSSL_STORE_eof_fn eof_function)
+{
+    loader->eof = eof_function;
+    return 1;
+}
+
+int OSSL_STORE_LOADER_set_error(OSSL_STORE_LOADER *loader,
+                                OSSL_STORE_error_fn error_function)
+{
+    loader->error = error_function;
+    return 1;
+}
+
+int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader,
+                                OSSL_STORE_close_fn close_function)
+{
+    loader->close = close_function;
+    return 1;
+}
+
+void OSSL_STORE_LOADER_free(OSSL_STORE_LOADER *loader)
+{
+    OPENSSL_free(loader);
+}
+
+/*
+ *  Functions for registering OSSL_STORE_LOADERs
+ */
+
+static unsigned long store_loader_hash(const OSSL_STORE_LOADER *v)
+{
+    return OPENSSL_LH_strhash(v->scheme);
+}
+
+static int store_loader_cmp(const OSSL_STORE_LOADER *a,
+                            const OSSL_STORE_LOADER *b)
+{
+    assert(a->scheme != NULL && b->scheme != NULL);
+    return strcmp(a->scheme, b->scheme);
+}
+
+static LHASH_OF(OSSL_STORE_LOADER) *loader_register = NULL;
+
+int ossl_store_register_loader_int(OSSL_STORE_LOADER *loader)
+{
+    const char *scheme = loader->scheme;
+    int ok = 0;
+
+    /*
+     * Check that the given scheme conforms to correct scheme syntax as per
+     * RFC 3986:
+     *
+     * scheme        = ALPHA *( ALPHA / DIGIT / "+" / "-" / "." )
+     */
+    if (ossl_isalpha(*scheme))
+        while (*scheme != '\0'
+               && (ossl_isalpha(*scheme)
+                   || ossl_isdigit(*scheme)
+                   || strchr("+-.", *scheme) != NULL))
+            scheme++;
+    if (*scheme != '\0') {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_REGISTER_LOADER_INT,
+                      OSSL_STORE_R_INVALID_SCHEME);
+        ERR_add_error_data(2, "scheme=", loader->scheme);
+        return 0;
+    }
+
+    /* Check that functions we absolutely require are present */
+    if (loader->open == NULL || loader->load == NULL || loader->eof == NULL
+        || loader->error == NULL || loader->close == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_REGISTER_LOADER_INT,
+                      OSSL_STORE_R_LOADER_INCOMPLETE);
+        return 0;
+    }
+
+    if (!RUN_ONCE(&registry_init, do_registry_init)) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_REGISTER_LOADER_INT,
+                      ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    CRYPTO_THREAD_write_lock(registry_lock);
+
+    if (loader_register == NULL) {
+        loader_register = lh_OSSL_STORE_LOADER_new(store_loader_hash,
+                                                   store_loader_cmp);
+    }
+
+    if (loader_register != NULL
+        && (lh_OSSL_STORE_LOADER_insert(loader_register, loader) != NULL
+            || lh_OSSL_STORE_LOADER_error(loader_register) == 0))
+        ok = 1;
+
+    CRYPTO_THREAD_unlock(registry_lock);
+
+    return ok;
+}
+int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader)
+{
+    if (!ossl_store_init_once())
+        return 0;
+    return ossl_store_register_loader_int(loader);
+}
+
+const OSSL_STORE_LOADER *ossl_store_get0_loader_int(const char *scheme)
+{
+    OSSL_STORE_LOADER template;
+    OSSL_STORE_LOADER *loader = NULL;
+
+    template.scheme = scheme;
+    template.open = NULL;
+    template.load = NULL;
+    template.eof = NULL;
+    template.close = NULL;
+
+    if (!ossl_store_init_once())
+        return NULL;
+
+    if (!RUN_ONCE(&registry_init, do_registry_init)) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_GET0_LOADER_INT,
+                      ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    CRYPTO_THREAD_write_lock(registry_lock);
+
+    loader = lh_OSSL_STORE_LOADER_retrieve(loader_register, &template);
+
+    if (loader == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_GET0_LOADER_INT,
+                      OSSL_STORE_R_UNREGISTERED_SCHEME);
+        ERR_add_error_data(2, "scheme=", scheme);
+    }
+
+    CRYPTO_THREAD_unlock(registry_lock);
+
+    return loader;
+}
+
+OSSL_STORE_LOADER *ossl_store_unregister_loader_int(const char *scheme)
+{
+    OSSL_STORE_LOADER template;
+    OSSL_STORE_LOADER *loader = NULL;
+
+    template.scheme = scheme;
+    template.open = NULL;
+    template.load = NULL;
+    template.eof = NULL;
+    template.close = NULL;
+
+    if (!RUN_ONCE(&registry_init, do_registry_init)) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_UNREGISTER_LOADER_INT,
+                      ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    CRYPTO_THREAD_write_lock(registry_lock);
+
+    loader = lh_OSSL_STORE_LOADER_delete(loader_register, &template);
+
+    if (loader == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_UNREGISTER_LOADER_INT,
+                      OSSL_STORE_R_UNREGISTERED_SCHEME);
+        ERR_add_error_data(2, "scheme=", scheme);
+    }
+
+    CRYPTO_THREAD_unlock(registry_lock);
+
+    return loader;
+}
+OSSL_STORE_LOADER *OSSL_STORE_unregister_loader(const char *scheme)
+{
+    if (!ossl_store_init_once())
+        return 0;
+    return ossl_store_unregister_loader_int(scheme);
+}
+
+void ossl_store_destroy_loaders_int(void)
+{
+    assert(lh_OSSL_STORE_LOADER_num_items(loader_register) == 0);
+    lh_OSSL_STORE_LOADER_free(loader_register);
+    loader_register = NULL;
+    CRYPTO_THREAD_lock_free(registry_lock);
+    registry_lock = NULL;
+}
+
+/*
+ *  Functions to list OSSL_STORE loaders
+ */
+
+IMPLEMENT_LHASH_DOALL_ARG_CONST(OSSL_STORE_LOADER, void);
+int OSSL_STORE_do_all_loaders(void (*do_function) (const OSSL_STORE_LOADER
+                                                   *loader, void *do_arg),
+                              void *do_arg)
+{
+    lh_OSSL_STORE_LOADER_doall_void(loader_register, do_function, do_arg);
+    return 1;
+}
diff --git a/freebsd/crypto/openssl/crypto/store/store_strings.c b/freebsd/crypto/openssl/crypto/store/store_strings.c
new file mode 100644
index 00000000..85845dd4
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/store/store_strings.c
@@ -0,0 +1,30 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/store.h>
+
+static char *type_strings[] = {
+    "Name",                      /* OSSL_STORE_INFO_NAME */
+    "Parameters",                /* OSSL_STORE_INFO_PARAMS */
+    "Pkey",                      /* OSSL_STORE_INFO_PKEY */
+    "Certificate",               /* OSSL_STORE_INFO_CERT */
+    "CRL"                        /* OSSL_STORE_INFO_CRL */
+};
+
+const char *OSSL_STORE_INFO_type_string(int type)
+{
+    int types = sizeof(type_strings) / sizeof(type_strings[0]);
+
+    if (type < 1 || type > types)
+        return NULL;
+
+    return type_strings[type - 1];
+}
diff --git a/freebsd/crypto/openssl/crypto/symhacks.h b/freebsd/crypto/openssl/crypto/symhacks.h
deleted file mode 100644
index 30019579..00000000
--- a/freebsd/crypto/openssl/crypto/symhacks.h
+++ /dev/null
@@ -1,518 +0,0 @@
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_SYMHACKS_H
-# define HEADER_SYMHACKS_H
-
-# include <openssl/e_os2.h>
-
-/*
- * Hacks to solve the problem with linkers incapable of handling very long
- * symbol names.  In the case of VMS, the limit is 31 characters on VMS for
- * VAX.
- */
-/*
- * Note that this affects util/libeay.num and util/ssleay.num...  you may
- * change those manually, but that's not recommended, as those files are
- * controlled centrally and updated on Unix, and the central definition may
- * disagree with yours, which in turn may come with shareable library
- * incompatibilities.
- */
-# ifdef OPENSSL_SYS_VMS
-
-/* Hack a long name in crypto/ex_data.c */
-#  undef CRYPTO_get_ex_data_implementation
-#  define CRYPTO_get_ex_data_implementation       CRYPTO_get_ex_data_impl
-#  undef CRYPTO_set_ex_data_implementation
-#  define CRYPTO_set_ex_data_implementation       CRYPTO_set_ex_data_impl
-
-/* Hack a long name in crypto/asn1/a_mbstr.c */
-#  undef ASN1_STRING_set_default_mask_asc
-#  define ASN1_STRING_set_default_mask_asc        ASN1_STRING_set_def_mask_asc
-
-#  if 0                         /* No longer needed, since safestack macro
-                                 * magic does the job */
-/* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO) */
-#   undef i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO
-#   define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO       i2d_ASN1_SET_OF_PKCS7_SIGINF
-#   undef d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO
-#   define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO       d2i_ASN1_SET_OF_PKCS7_SIGINF
-#  endif
-
-#  if 0                         /* No longer needed, since safestack macro
-                                 * magic does the job */
-/* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO) */
-#   undef i2d_ASN1_SET_OF_PKCS7_RECIP_INFO
-#   define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO        i2d_ASN1_SET_OF_PKCS7_RECINF
-#   undef d2i_ASN1_SET_OF_PKCS7_RECIP_INFO
-#   define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO        d2i_ASN1_SET_OF_PKCS7_RECINF
-#  endif
-
-#  if 0                         /* No longer needed, since safestack macro
-                                 * magic does the job */
-/* Hack the names created with DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION) */
-#   undef i2d_ASN1_SET_OF_ACCESS_DESCRIPTION
-#   define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION      i2d_ASN1_SET_OF_ACC_DESC
-#   undef d2i_ASN1_SET_OF_ACCESS_DESCRIPTION
-#   define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION      d2i_ASN1_SET_OF_ACC_DESC
-#  endif
-
-/* Hack the names created with DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE) */
-#  undef PEM_read_NETSCAPE_CERT_SEQUENCE
-#  define PEM_read_NETSCAPE_CERT_SEQUENCE         PEM_read_NS_CERT_SEQ
-#  undef PEM_write_NETSCAPE_CERT_SEQUENCE
-#  define PEM_write_NETSCAPE_CERT_SEQUENCE        PEM_write_NS_CERT_SEQ
-#  undef PEM_read_bio_NETSCAPE_CERT_SEQUENCE
-#  define PEM_read_bio_NETSCAPE_CERT_SEQUENCE     PEM_read_bio_NS_CERT_SEQ
-#  undef PEM_write_bio_NETSCAPE_CERT_SEQUENCE
-#  define PEM_write_bio_NETSCAPE_CERT_SEQUENCE    PEM_write_bio_NS_CERT_SEQ
-#  undef PEM_write_cb_bio_NETSCAPE_CERT_SEQUENCE
-#  define PEM_write_cb_bio_NETSCAPE_CERT_SEQUENCE PEM_write_cb_bio_NS_CERT_SEQ
-
-/* Hack the names created with DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO) */
-#  undef PEM_read_PKCS8_PRIV_KEY_INFO
-#  define PEM_read_PKCS8_PRIV_KEY_INFO            PEM_read_P8_PRIV_KEY_INFO
-#  undef PEM_write_PKCS8_PRIV_KEY_INFO
-#  define PEM_write_PKCS8_PRIV_KEY_INFO           PEM_write_P8_PRIV_KEY_INFO
-#  undef PEM_read_bio_PKCS8_PRIV_KEY_INFO
-#  define PEM_read_bio_PKCS8_PRIV_KEY_INFO        PEM_read_bio_P8_PRIV_KEY_INFO
-#  undef PEM_write_bio_PKCS8_PRIV_KEY_INFO
-#  define PEM_write_bio_PKCS8_PRIV_KEY_INFO       PEM_write_bio_P8_PRIV_KEY_INFO
-#  undef PEM_write_cb_bio_PKCS8_PRIV_KEY_INFO
-#  define PEM_write_cb_bio_PKCS8_PRIV_KEY_INFO    PEM_wrt_cb_bio_P8_PRIV_KEY_INFO
-
-/* Hack other PEM names */
-#  undef PEM_write_bio_PKCS8PrivateKey_nid
-#  define PEM_write_bio_PKCS8PrivateKey_nid       PEM_write_bio_PKCS8PrivKey_nid
-
-/* Hack some long X509 names */
-#  undef X509_REVOKED_get_ext_by_critical
-#  define X509_REVOKED_get_ext_by_critical        X509_REVOKED_get_ext_by_critic
-#  undef X509_policy_tree_get0_user_policies
-#  define X509_policy_tree_get0_user_policies     X509_pcy_tree_get0_usr_policies
-#  undef X509_policy_node_get0_qualifiers
-#  define X509_policy_node_get0_qualifiers        X509_pcy_node_get0_qualifiers
-#  undef X509_STORE_CTX_get_explicit_policy
-#  define X509_STORE_CTX_get_explicit_policy      X509_STORE_CTX_get_expl_policy
-#  undef X509_STORE_CTX_get0_current_issuer
-#  define X509_STORE_CTX_get0_current_issuer      X509_STORE_CTX_get0_cur_issuer
-
-/* Hack some long CRYPTO names */
-#  undef CRYPTO_set_dynlock_destroy_callback
-#  define CRYPTO_set_dynlock_destroy_callback     CRYPTO_set_dynlock_destroy_cb
-#  undef CRYPTO_set_dynlock_create_callback
-#  define CRYPTO_set_dynlock_create_callback      CRYPTO_set_dynlock_create_cb
-#  undef CRYPTO_set_dynlock_lock_callback
-#  define CRYPTO_set_dynlock_lock_callback        CRYPTO_set_dynlock_lock_cb
-#  undef CRYPTO_get_dynlock_lock_callback
-#  define CRYPTO_get_dynlock_lock_callback        CRYPTO_get_dynlock_lock_cb
-#  undef CRYPTO_get_dynlock_destroy_callback
-#  define CRYPTO_get_dynlock_destroy_callback     CRYPTO_get_dynlock_destroy_cb
-#  undef CRYPTO_get_dynlock_create_callback
-#  define CRYPTO_get_dynlock_create_callback      CRYPTO_get_dynlock_create_cb
-#  undef CRYPTO_set_locked_mem_ex_functions
-#  define CRYPTO_set_locked_mem_ex_functions      CRYPTO_set_locked_mem_ex_funcs
-#  undef CRYPTO_get_locked_mem_ex_functions
-#  define CRYPTO_get_locked_mem_ex_functions      CRYPTO_get_locked_mem_ex_funcs
-
-/* Hack some long SSL/TLS names */
-#  undef SSL_CTX_set_default_verify_paths
-#  define SSL_CTX_set_default_verify_paths        SSL_CTX_set_def_verify_paths
-#  undef SSL_get_ex_data_X509_STORE_CTX_idx
-#  define SSL_get_ex_data_X509_STORE_CTX_idx      SSL_get_ex_d_X509_STORE_CTX_idx
-#  undef SSL_add_file_cert_subjects_to_stack
-#  define SSL_add_file_cert_subjects_to_stack     SSL_add_file_cert_subjs_to_stk
-#  undef SSL_add_dir_cert_subjects_to_stack
-#  define SSL_add_dir_cert_subjects_to_stack      SSL_add_dir_cert_subjs_to_stk
-#  undef SSL_CTX_use_certificate_chain_file
-#  define SSL_CTX_use_certificate_chain_file      SSL_CTX_use_cert_chain_file
-#  undef SSL_CTX_set_cert_verify_callback
-#  define SSL_CTX_set_cert_verify_callback        SSL_CTX_set_cert_verify_cb
-#  undef SSL_CTX_set_default_passwd_cb_userdata
-#  define SSL_CTX_set_default_passwd_cb_userdata  SSL_CTX_set_def_passwd_cb_ud
-#  undef SSL_COMP_get_compression_methods
-#  define SSL_COMP_get_compression_methods        SSL_COMP_get_compress_methods
-#  undef SSL_COMP_set0_compression_methods
-#  define SSL_COMP_set0_compression_methods       SSL_COMP_set0_compress_methods
-#  undef SSL_COMP_free_compression_methods
-#  define SSL_COMP_free_compression_methods       SSL_COMP_free_compress_methods
-#  undef ssl_add_clienthello_renegotiate_ext
-#  define ssl_add_clienthello_renegotiate_ext     ssl_add_clienthello_reneg_ext
-#  undef ssl_add_serverhello_renegotiate_ext
-#  define ssl_add_serverhello_renegotiate_ext     ssl_add_serverhello_reneg_ext
-#  undef ssl_parse_clienthello_renegotiate_ext
-#  define ssl_parse_clienthello_renegotiate_ext   ssl_parse_clienthello_reneg_ext
-#  undef ssl_parse_serverhello_renegotiate_ext
-#  define ssl_parse_serverhello_renegotiate_ext   ssl_parse_serverhello_reneg_ext
-#  undef SSL_srp_server_param_with_username
-#  define SSL_srp_server_param_with_username      SSL_srp_server_param_with_un
-#  undef SSL_CTX_set_srp_client_pwd_callback
-#  define SSL_CTX_set_srp_client_pwd_callback     SSL_CTX_set_srp_client_pwd_cb
-#  undef SSL_CTX_set_srp_verify_param_callback
-#  define SSL_CTX_set_srp_verify_param_callback   SSL_CTX_set_srp_vfy_param_cb
-#  undef SSL_CTX_set_srp_username_callback
-#  define SSL_CTX_set_srp_username_callback       SSL_CTX_set_srp_un_cb
-#  undef ssl_add_clienthello_use_srtp_ext
-#  define ssl_add_clienthello_use_srtp_ext        ssl_add_clihello_use_srtp_ext
-#  undef ssl_add_serverhello_use_srtp_ext
-#  define ssl_add_serverhello_use_srtp_ext        ssl_add_serhello_use_srtp_ext
-#  undef ssl_parse_clienthello_use_srtp_ext
-#  define ssl_parse_clienthello_use_srtp_ext      ssl_parse_clihello_use_srtp_ext
-#  undef ssl_parse_serverhello_use_srtp_ext
-#  define ssl_parse_serverhello_use_srtp_ext      ssl_parse_serhello_use_srtp_ext
-#  undef SSL_CTX_set_next_protos_advertised_cb
-#  define SSL_CTX_set_next_protos_advertised_cb   SSL_CTX_set_next_protos_adv_cb
-#  undef SSL_CTX_set_next_proto_select_cb
-#  define SSL_CTX_set_next_proto_select_cb        SSL_CTX_set_next_proto_sel_cb
-
-#  undef tls1_send_server_supplemental_data
-#  define tls1_send_server_supplemental_data      tls1_send_server_suppl_data
-#  undef tls1_send_client_supplemental_data
-#  define tls1_send_client_supplemental_data      tls1_send_client_suppl_data
-#  undef tls1_get_server_supplemental_data
-#  define tls1_get_server_supplemental_data       tls1_get_server_suppl_data
-#  undef tls1_get_client_supplemental_data
-#  define tls1_get_client_supplemental_data       tls1_get_client_suppl_data
-
-#  undef ssl3_cbc_record_digest_supported
-#  define ssl3_cbc_record_digest_supported        ssl3_cbc_record_digest_support
-#  undef ssl_check_clienthello_tlsext_late
-#  define ssl_check_clienthello_tlsext_late       ssl_check_clihello_tlsext_late
-#  undef ssl_check_clienthello_tlsext_early
-#  define ssl_check_clienthello_tlsext_early      ssl_check_clihello_tlsext_early
-
-/* Hack some RSA long names */
-#  undef RSA_padding_check_PKCS1_OAEP_mgf1
-#  define RSA_padding_check_PKCS1_OAEP_mgf1       RSA_pad_check_PKCS1_OAEP_mgf1
-
-/* Hack some ENGINE long names */
-#  undef ENGINE_get_default_BN_mod_exp_crt
-#  define ENGINE_get_default_BN_mod_exp_crt       ENGINE_get_def_BN_mod_exp_crt
-#  undef ENGINE_set_default_BN_mod_exp_crt
-#  define ENGINE_set_default_BN_mod_exp_crt       ENGINE_set_def_BN_mod_exp_crt
-#  undef ENGINE_set_load_privkey_function
-#  define ENGINE_set_load_privkey_function        ENGINE_set_load_privkey_fn
-#  undef ENGINE_get_load_privkey_function
-#  define ENGINE_get_load_privkey_function        ENGINE_get_load_privkey_fn
-#  undef ENGINE_unregister_pkey_asn1_meths
-#  define ENGINE_unregister_pkey_asn1_meths       ENGINE_unreg_pkey_asn1_meths
-#  undef ENGINE_register_all_pkey_asn1_meths
-#  define ENGINE_register_all_pkey_asn1_meths     ENGINE_reg_all_pkey_asn1_meths
-#  undef ENGINE_set_default_pkey_asn1_meths
-#  define ENGINE_set_default_pkey_asn1_meths      ENGINE_set_def_pkey_asn1_meths
-#  undef ENGINE_get_pkey_asn1_meth_engine
-#  define ENGINE_get_pkey_asn1_meth_engine        ENGINE_get_pkey_asn1_meth_eng
-#  undef ENGINE_set_load_ssl_client_cert_function
-#  define ENGINE_set_load_ssl_client_cert_function \
-                                                ENGINE_set_ld_ssl_clnt_cert_fn
-#  undef ENGINE_get_ssl_client_cert_function
-#  define ENGINE_get_ssl_client_cert_function     ENGINE_get_ssl_client_cert_fn
-
-/* Hack some long OCSP names */
-#  undef OCSP_REQUEST_get_ext_by_critical
-#  define OCSP_REQUEST_get_ext_by_critical        OCSP_REQUEST_get_ext_by_crit
-#  undef OCSP_BASICRESP_get_ext_by_critical
-#  define OCSP_BASICRESP_get_ext_by_critical      OCSP_BASICRESP_get_ext_by_crit
-#  undef OCSP_SINGLERESP_get_ext_by_critical
-#  define OCSP_SINGLERESP_get_ext_by_critical     OCSP_SINGLERESP_get_ext_by_crit
-
-/* Hack some long DES names */
-#  undef _ossl_old_des_ede3_cfb64_encrypt
-#  define _ossl_old_des_ede3_cfb64_encrypt        _ossl_odes_ede3_cfb64_encrypt
-#  undef _ossl_old_des_ede3_ofb64_encrypt
-#  define _ossl_old_des_ede3_ofb64_encrypt        _ossl_odes_ede3_ofb64_encrypt
-
-/* Hack some long EVP names */
-#  undef OPENSSL_add_all_algorithms_noconf
-#  define OPENSSL_add_all_algorithms_noconf       OPENSSL_add_all_algo_noconf
-#  undef OPENSSL_add_all_algorithms_conf
-#  define OPENSSL_add_all_algorithms_conf         OPENSSL_add_all_algo_conf
-#  undef EVP_PKEY_meth_set_verify_recover
-#  define EVP_PKEY_meth_set_verify_recover        EVP_PKEY_meth_set_vrfy_recover
-#  undef EVP_PKEY_meth_get_verify_recover
-#  define EVP_PKEY_meth_get_verify_recover        EVP_PKEY_meth_get_vrfy_recover
-
-/* Hack some long EC names */
-#  undef EC_GROUP_set_point_conversion_form
-#  define EC_GROUP_set_point_conversion_form      EC_GROUP_set_point_conv_form
-#  undef EC_GROUP_get_point_conversion_form
-#  define EC_GROUP_get_point_conversion_form      EC_GROUP_get_point_conv_form
-#  undef EC_GROUP_clear_free_all_extra_data
-#  define EC_GROUP_clear_free_all_extra_data      EC_GROUP_clr_free_all_xtra_data
-#  undef EC_KEY_set_public_key_affine_coordinates
-#  define EC_KEY_set_public_key_affine_coordinates \
-                                                EC_KEY_set_pub_key_aff_coords
-#  undef EC_POINT_set_Jprojective_coordinates_GFp
-#  define EC_POINT_set_Jprojective_coordinates_GFp \
-                                                EC_POINT_set_Jproj_coords_GFp
-#  undef EC_POINT_get_Jprojective_coordinates_GFp
-#  define EC_POINT_get_Jprojective_coordinates_GFp \
-                                                EC_POINT_get_Jproj_coords_GFp
-#  undef EC_POINT_set_affine_coordinates_GFp
-#  define EC_POINT_set_affine_coordinates_GFp     EC_POINT_set_affine_coords_GFp
-#  undef EC_POINT_get_affine_coordinates_GFp
-#  define EC_POINT_get_affine_coordinates_GFp     EC_POINT_get_affine_coords_GFp
-#  undef EC_POINT_set_compressed_coordinates_GFp
-#  define EC_POINT_set_compressed_coordinates_GFp EC_POINT_set_compr_coords_GFp
-#  undef EC_POINT_set_affine_coordinates_GF2m
-#  define EC_POINT_set_affine_coordinates_GF2m    EC_POINT_set_affine_coords_GF2m
-#  undef EC_POINT_get_affine_coordinates_GF2m
-#  define EC_POINT_get_affine_coordinates_GF2m    EC_POINT_get_affine_coords_GF2m
-#  undef EC_POINT_set_compressed_coordinates_GF2m
-#  define EC_POINT_set_compressed_coordinates_GF2m \
-                                                EC_POINT_set_compr_coords_GF2m
-#  undef ec_GF2m_simple_group_clear_finish
-#  define ec_GF2m_simple_group_clear_finish       ec_GF2m_simple_grp_clr_finish
-#  undef ec_GF2m_simple_group_check_discriminant
-#  define ec_GF2m_simple_group_check_discriminant ec_GF2m_simple_grp_chk_discrim
-#  undef ec_GF2m_simple_point_clear_finish
-#  define ec_GF2m_simple_point_clear_finish       ec_GF2m_simple_pt_clr_finish
-#  undef ec_GF2m_simple_point_set_to_infinity
-#  define ec_GF2m_simple_point_set_to_infinity    ec_GF2m_simple_pt_set_to_inf
-#  undef ec_GF2m_simple_points_make_affine
-#  define ec_GF2m_simple_points_make_affine       ec_GF2m_simple_pts_make_affine
-#  undef ec_GF2m_simple_point_set_affine_coordinates
-#  define ec_GF2m_simple_point_set_affine_coordinates \
-                                                ec_GF2m_smp_pt_set_af_coords
-#  undef ec_GF2m_simple_point_get_affine_coordinates
-#  define ec_GF2m_simple_point_get_affine_coordinates \
-                                                ec_GF2m_smp_pt_get_af_coords
-#  undef ec_GF2m_simple_set_compressed_coordinates
-#  define ec_GF2m_simple_set_compressed_coordinates \
-                                                ec_GF2m_smp_set_compr_coords
-#  undef ec_GFp_simple_group_set_curve_GFp
-#  define ec_GFp_simple_group_set_curve_GFp       ec_GFp_simple_grp_set_curve_GFp
-#  undef ec_GFp_simple_group_get_curve_GFp
-#  define ec_GFp_simple_group_get_curve_GFp       ec_GFp_simple_grp_get_curve_GFp
-#  undef ec_GFp_simple_group_clear_finish
-#  define ec_GFp_simple_group_clear_finish        ec_GFp_simple_grp_clear_finish
-#  undef ec_GFp_simple_group_set_generator
-#  define ec_GFp_simple_group_set_generator       ec_GFp_simple_grp_set_generator
-#  undef ec_GFp_simple_group_get0_generator
-#  define ec_GFp_simple_group_get0_generator      ec_GFp_simple_grp_gt0_generator
-#  undef ec_GFp_simple_group_get_cofactor
-#  define ec_GFp_simple_group_get_cofactor        ec_GFp_simple_grp_get_cofactor
-#  undef ec_GFp_simple_point_clear_finish
-#  define ec_GFp_simple_point_clear_finish        ec_GFp_simple_pt_clear_finish
-#  undef ec_GFp_simple_point_set_to_infinity
-#  define ec_GFp_simple_point_set_to_infinity     ec_GFp_simple_pt_set_to_inf
-#  undef ec_GFp_simple_points_make_affine
-#  define ec_GFp_simple_points_make_affine        ec_GFp_simple_pts_make_affine
-#  undef ec_GFp_simple_set_Jprojective_coordinates_GFp
-#  define ec_GFp_simple_set_Jprojective_coordinates_GFp \
-                                                ec_GFp_smp_set_Jproj_coords_GFp
-#  undef ec_GFp_simple_get_Jprojective_coordinates_GFp
-#  define ec_GFp_simple_get_Jprojective_coordinates_GFp \
-                                                ec_GFp_smp_get_Jproj_coords_GFp
-#  undef ec_GFp_simple_point_set_affine_coordinates_GFp
-#  define ec_GFp_simple_point_set_affine_coordinates_GFp \
-                                                ec_GFp_smp_pt_set_af_coords_GFp
-#  undef ec_GFp_simple_point_get_affine_coordinates_GFp
-#  define ec_GFp_simple_point_get_affine_coordinates_GFp \
-                                                ec_GFp_smp_pt_get_af_coords_GFp
-#  undef ec_GFp_simple_set_compressed_coordinates_GFp
-#  define ec_GFp_simple_set_compressed_coordinates_GFp \
-                                                ec_GFp_smp_set_compr_coords_GFp
-#  undef ec_GFp_simple_point_set_affine_coordinates
-#  define ec_GFp_simple_point_set_affine_coordinates \
-                                                ec_GFp_smp_pt_set_af_coords
-#  undef ec_GFp_simple_point_get_affine_coordinates
-#  define ec_GFp_simple_point_get_affine_coordinates \
-                                                ec_GFp_smp_pt_get_af_coords
-#  undef ec_GFp_simple_set_compressed_coordinates
-#  define ec_GFp_simple_set_compressed_coordinates \
-                                                ec_GFp_smp_set_compr_coords
-#  undef ec_GFp_simple_group_check_discriminant
-#  define ec_GFp_simple_group_check_discriminant  ec_GFp_simple_grp_chk_discrim
-
-/* Hack som long STORE names */
-#  undef STORE_method_set_initialise_function
-#  define STORE_method_set_initialise_function    STORE_meth_set_initialise_fn
-#  undef STORE_method_set_cleanup_function
-#  define STORE_method_set_cleanup_function       STORE_meth_set_cleanup_fn
-#  undef STORE_method_set_generate_function
-#  define STORE_method_set_generate_function      STORE_meth_set_generate_fn
-#  undef STORE_method_set_modify_function
-#  define STORE_method_set_modify_function        STORE_meth_set_modify_fn
-#  undef STORE_method_set_revoke_function
-#  define STORE_method_set_revoke_function        STORE_meth_set_revoke_fn
-#  undef STORE_method_set_delete_function
-#  define STORE_method_set_delete_function        STORE_meth_set_delete_fn
-#  undef STORE_method_set_list_start_function
-#  define STORE_method_set_list_start_function    STORE_meth_set_list_start_fn
-#  undef STORE_method_set_list_next_function
-#  define STORE_method_set_list_next_function     STORE_meth_set_list_next_fn
-#  undef STORE_method_set_list_end_function
-#  define STORE_method_set_list_end_function      STORE_meth_set_list_end_fn
-#  undef STORE_method_set_update_store_function
-#  define STORE_method_set_update_store_function  STORE_meth_set_update_store_fn
-#  undef STORE_method_set_lock_store_function
-#  define STORE_method_set_lock_store_function    STORE_meth_set_lock_store_fn
-#  undef STORE_method_set_unlock_store_function
-#  define STORE_method_set_unlock_store_function  STORE_meth_set_unlock_store_fn
-#  undef STORE_method_get_initialise_function
-#  define STORE_method_get_initialise_function    STORE_meth_get_initialise_fn
-#  undef STORE_method_get_cleanup_function
-#  define STORE_method_get_cleanup_function       STORE_meth_get_cleanup_fn
-#  undef STORE_method_get_generate_function
-#  define STORE_method_get_generate_function      STORE_meth_get_generate_fn
-#  undef STORE_method_get_modify_function
-#  define STORE_method_get_modify_function        STORE_meth_get_modify_fn
-#  undef STORE_method_get_revoke_function
-#  define STORE_method_get_revoke_function        STORE_meth_get_revoke_fn
-#  undef STORE_method_get_delete_function
-#  define STORE_method_get_delete_function        STORE_meth_get_delete_fn
-#  undef STORE_method_get_list_start_function
-#  define STORE_method_get_list_start_function    STORE_meth_get_list_start_fn
-#  undef STORE_method_get_list_next_function
-#  define STORE_method_get_list_next_function     STORE_meth_get_list_next_fn
-#  undef STORE_method_get_list_end_function
-#  define STORE_method_get_list_end_function      STORE_meth_get_list_end_fn
-#  undef STORE_method_get_update_store_function
-#  define STORE_method_get_update_store_function  STORE_meth_get_update_store_fn
-#  undef STORE_method_get_lock_store_function
-#  define STORE_method_get_lock_store_function    STORE_meth_get_lock_store_fn
-#  undef STORE_method_get_unlock_store_function
-#  define STORE_method_get_unlock_store_function  STORE_meth_get_unlock_store_fn
-
-/* Hack some long TS names */
-#  undef TS_RESP_CTX_set_status_info_cond
-#  define TS_RESP_CTX_set_status_info_cond        TS_RESP_CTX_set_stat_info_cond
-#  undef TS_RESP_CTX_set_clock_precision_digits
-#  define TS_RESP_CTX_set_clock_precision_digits  TS_RESP_CTX_set_clk_prec_digits
-#  undef TS_CONF_set_clock_precision_digits
-#  define TS_CONF_set_clock_precision_digits      TS_CONF_set_clk_prec_digits
-
-/* Hack some long CMS names */
-#  undef CMS_RecipientInfo_ktri_get0_algs
-#  define CMS_RecipientInfo_ktri_get0_algs        CMS_RecipInfo_ktri_get0_algs
-#  undef CMS_RecipientInfo_ktri_get0_signer_id
-#  define CMS_RecipientInfo_ktri_get0_signer_id   CMS_RecipInfo_ktri_get0_sigr_id
-#  undef CMS_OtherRevocationInfoFormat_it
-#  define CMS_OtherRevocationInfoFormat_it        CMS_OtherRevocInfoFormat_it
-#  undef CMS_KeyAgreeRecipientIdentifier_it
-#  define CMS_KeyAgreeRecipientIdentifier_it      CMS_KeyAgreeRecipIdentifier_it
-#  undef CMS_OriginatorIdentifierOrKey_it
-#  define CMS_OriginatorIdentifierOrKey_it        CMS_OriginatorIdOrKey_it
-#  undef cms_SignerIdentifier_get0_signer_id
-#  define cms_SignerIdentifier_get0_signer_id     cms_SignerId_get0_signer_id
-#  undef CMS_RecipientInfo_kari_get0_orig_id
-#  define CMS_RecipientInfo_kari_get0_orig_id     CMS_RecipInfo_kari_get0_orig_id
-#  undef CMS_RecipientInfo_kari_get0_reks
-#  define CMS_RecipientInfo_kari_get0_reks        CMS_RecipInfo_kari_get0_reks
-#  undef CMS_RecipientEncryptedKey_cert_cmp
-#  define CMS_RecipientEncryptedKey_cert_cmp      CMS_RecipEncryptedKey_cert_cmp
-#  undef CMS_RecipientInfo_kari_set0_pkey
-#  define CMS_RecipientInfo_kari_set0_pkey        CMS_RecipInfo_kari_set0_pkey
-#  undef CMS_RecipientEncryptedKey_get0_id
-#  define CMS_RecipientEncryptedKey_get0_id       CMS_RecipEncryptedKey_get0_id
-#  undef CMS_RecipientInfo_kari_orig_id_cmp
-#  define CMS_RecipientInfo_kari_orig_id_cmp      CMS_RecipInfo_kari_orig_id_cmp
-
-/* Hack some long DTLS1 names */
-#  undef dtls1_retransmit_buffered_messages
-#  define dtls1_retransmit_buffered_messages      dtls1_retransmit_buffered_msgs
-
-/* Hack some long SRP names */
-#  undef SRP_generate_server_master_secret
-#  define SRP_generate_server_master_secret       SRP_gen_server_master_secret
-#  undef SRP_generate_client_master_secret
-#  define SRP_generate_client_master_secret       SRP_gen_client_master_secret
-
-/* Hack some long UI names */
-#  undef UI_method_get_prompt_constructor
-#  define UI_method_get_prompt_constructor        UI_method_get_prompt_constructr
-#  undef UI_method_set_prompt_constructor
-#  define UI_method_set_prompt_constructor        UI_method_set_prompt_constructr
-
-# endif                         /* defined OPENSSL_SYS_VMS */
-
-/* Case insensitive linking causes problems.... */
-# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2)
-#  undef ERR_load_CRYPTO_strings
-#  define ERR_load_CRYPTO_strings                 ERR_load_CRYPTOlib_strings
-#  undef OCSP_crlID_new
-#  define OCSP_crlID_new                          OCSP_crlID2_new
-
-#  undef d2i_ECPARAMETERS
-#  define d2i_ECPARAMETERS                        d2i_UC_ECPARAMETERS
-#  undef i2d_ECPARAMETERS
-#  define i2d_ECPARAMETERS                        i2d_UC_ECPARAMETERS
-#  undef d2i_ECPKPARAMETERS
-#  define d2i_ECPKPARAMETERS                      d2i_UC_ECPKPARAMETERS
-#  undef i2d_ECPKPARAMETERS
-#  define i2d_ECPKPARAMETERS                      i2d_UC_ECPKPARAMETERS
-
-/*
- * These functions do not seem to exist! However, I'm paranoid... Original
- * command in x509v3.h: These functions are being redefined in another
- * directory, and clash when the linker is case-insensitive, so let's hide
- * them a little, by giving them an extra 'o' at the beginning of the name...
- */
-#  undef X509v3_cleanup_extensions
-#  define X509v3_cleanup_extensions               oX509v3_cleanup_extensions
-#  undef X509v3_add_extension
-#  define X509v3_add_extension                    oX509v3_add_extension
-#  undef X509v3_add_netscape_extensions
-#  define X509v3_add_netscape_extensions          oX509v3_add_netscape_extensions
-#  undef X509v3_add_standard_extensions
-#  define X509v3_add_standard_extensions          oX509v3_add_standard_extensions
-
-/* This one clashes with CMS_data_create */
-#  undef cms_Data_create
-#  define cms_Data_create                         priv_cms_Data_create
-
-# endif
-
-#endif                          /* ! defined HEADER_VMS_IDHACKS_H */
diff --git a/freebsd/crypto/openssl/crypto/threads/mttest.c b/freebsd/crypto/openssl/crypto/threads/mttest.c
deleted file mode 100644
index 3502785a..00000000
--- a/freebsd/crypto/openssl/crypto/threads/mttest.c
+++ /dev/null
@@ -1,1213 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/threads/mttest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#ifdef LINUX
-# include <typedefs.h>
-#endif
-#ifdef OPENSSL_SYS_WIN32
-# include <windows.h>
-#endif
-#ifdef SOLARIS
-# include <synch.h>
-# include <thread.h>
-#endif
-#ifdef IRIX
-# include <ulocks.h>
-# include <sys/prctl.h>
-#endif
-#ifdef PTHREADS
-# include <pthread.h>
-#endif
-#ifdef OPENSSL_SYS_NETWARE
-# if !defined __int64
-#  define __int64 long long
-# endif
-# include <nwmpk.h>
-#endif
-#include <openssl/lhash.h>
-#include <openssl/crypto.h>
-#include <openssl/buffer.h>
-#include <openssl/x509.h>
-#include <openssl/ssl.h>
-#include <openssl/err.h>
-#include <openssl/rand.h>
-
-#ifdef OPENSSL_SYS_NETWARE
-# define TEST_SERVER_CERT "/openssl/apps/server.pem"
-# define TEST_CLIENT_CERT "/openssl/apps/client.pem"
-#else
-# define TEST_SERVER_CERT "../../apps/server.pem"
-# define TEST_CLIENT_CERT "../../apps/client.pem"
-#endif
-
-#define MAX_THREAD_NUMBER       100
-
-int verify_callback(int ok, X509_STORE_CTX *xs);
-void thread_setup(void);
-void thread_cleanup(void);
-void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx);
-
-void irix_locking_callback(int mode, int type, const char *file, int line);
-void solaris_locking_callback(int mode, int type, const char *file, int line);
-void win32_locking_callback(int mode, int type, const char *file, int line);
-void pthreads_locking_callback(int mode, int type, const char *file, int line);
-void netware_locking_callback(int mode, int type, const char *file, int line);
-void beos_locking_callback(int mode, int type, const char *file, int line);
-
-void irix_thread_id(CRYPTO_THREADID *tid);
-void solaris_thread_id(CRYPTO_THREADID *tid);
-void pthreads_thread_id(CRYPTO_THREADID *tid);
-void netware_thread_id(CRYPTO_THREADID *tid);
-void beos_thread_id(CRYPTO_THREADID *tid);
-
-#if defined(OPENSSL_SYS_NETWARE)
-static MPKMutex *lock_cs;
-static MPKSema ThreadSem;
-static long *lock_count;
-#endif
-
-BIO *bio_err = NULL;
-BIO *bio_stdout = NULL;
-
-static char *cipher = NULL;
-int verbose = 0;
-#ifdef FIONBIO
-static int s_nbio = 0;
-#endif
-
-int thread_number = 10;
-int number_of_loops = 10;
-int reconnect = 0;
-int cache_stats = 0;
-
-static const char rnd_seed[] =
-    "string to make the random number generator think it has entropy";
-
-int doit(char *ctx[4]);
-static void print_stats(BIO *bio, SSL_CTX *ctx)
-{
-    BIO_printf(bio, "%4ld items in the session cache\n",
-	       SSL_CTX_sess_number(ctx));
-    BIO_printf(bio, "%4d client connects (SSL_connect())\n",
-	       SSL_CTX_sess_connect(ctx));
-    BIO_printf(bio, "%4d client connects that finished\n",
-	       SSL_CTX_sess_connect_good(ctx));
-    BIO_printf(bio, "%4d server connects (SSL_accept())\n",
-	       SSL_CTX_sess_accept(ctx));
-    BIO_printf(bio, "%4d server connects that finished\n",
-	       SSL_CTX_sess_accept_good(ctx));
-    BIO_printf(bio, "%4d session cache hits\n", SSL_CTX_sess_hits(ctx));
-    BIO_printf(bio, "%4d session cache misses\n", SSL_CTX_sess_misses(ctx));
-    BIO_printf(bio, "%4d session cache timeouts\n", SSL_CTX_sess_timeouts(ctx));
-}
-
-static void sv_usage(void)
-{
-    BIO_printf(bio_err, "usage: ssltest [args ...]\n");
-    BIO_printf(bio_err, "\n");
-    BIO_printf(bio_err, " -server_auth  - check server certificate\n");
-    BIO_printf(bio_err, " -client_auth  - do client authentication\n");
-    BIO_printf(bio_err, " -v            - more output\n");
-    BIO_printf(bio_err, " -CApath arg   - PEM format directory of CA's\n");
-    BIO_printf(bio_err, " -CAfile arg   - PEM format file of CA's\n");
-    BIO_printf(bio_err, " -threads arg  - number of threads\n");
-    BIO_printf(bio_err, " -loops arg    - number of 'connections', per thread\n");
-    BIO_printf(bio_err, " -reconnect    - reuse session-id's\n");
-    BIO_printf(bio_err, " -stats        - server session-id cache stats\n");
-    BIO_printf(bio_err, " -cert arg     - server certificate/key\n");
-    BIO_printf(bio_err, " -ccert arg    - client certificate/key\n");
-    BIO_printf(bio_err, " -ssl3         - just SSLv3n\n");
-}
-
-int main(int argc, char *argv[])
-{
-    char *CApath = NULL, *CAfile = NULL;
-    int badop = 0;
-    int ret = 1;
-    int client_auth = 0;
-    int server_auth = 0;
-    SSL_CTX *s_ctx = NULL;
-    SSL_CTX *c_ctx = NULL;
-    char *scert = TEST_SERVER_CERT;
-    char *ccert = TEST_CLIENT_CERT;
-    const SSL_METHOD *ssl_method = SSLv23_method();
-
-    RAND_seed(rnd_seed, sizeof(rnd_seed));
-
-    if (bio_err == NULL)
-        bio_err = BIO_new_fd(2, BIO_NOCLOSE);
-    if (bio_stdout == NULL)
-        bio_stdout = BIO_new_fd(1, BIO_NOCLOSE);
-    argc--;
-    argv++;
-
-    while (argc >= 1) {
-        if (strcmp(*argv, "-server_auth") == 0)
-            server_auth = 1;
-        else if (strcmp(*argv, "-client_auth") == 0)
-            client_auth = 1;
-        else if (strcmp(*argv, "-reconnect") == 0)
-            reconnect = 1;
-        else if (strcmp(*argv, "-stats") == 0)
-            cache_stats = 1;
-        else if (strcmp(*argv, "-ssl3") == 0)
-            ssl_method = SSLv3_method();
-        else if (strcmp(*argv, "-ssl2") == 0)
-            ssl_method = SSLv2_method();
-        else if (strcmp(*argv, "-CApath") == 0) {
-            if (--argc < 1)
-                goto bad;
-            CApath = *(++argv);
-        } else if (strcmp(*argv, "-CAfile") == 0) {
-            if (--argc < 1)
-                goto bad;
-            CAfile = *(++argv);
-        } else if (strcmp(*argv, "-cert") == 0) {
-            if (--argc < 1)
-                goto bad;
-            scert = *(++argv);
-        } else if (strcmp(*argv, "-ccert") == 0) {
-            if (--argc < 1)
-                goto bad;
-            ccert = *(++argv);
-        } else if (strcmp(*argv, "-threads") == 0) {
-            if (--argc < 1)
-                goto bad;
-            thread_number = atoi(*(++argv));
-            if (thread_number == 0)
-                thread_number = 1;
-            if (thread_number > MAX_THREAD_NUMBER)
-                thread_number = MAX_THREAD_NUMBER;
-        } else if (strcmp(*argv, "-loops") == 0) {
-            if (--argc < 1)
-                goto bad;
-            number_of_loops = atoi(*(++argv));
-            if (number_of_loops == 0)
-                number_of_loops = 1;
-        } else {
-            BIO_printf(bio_err, "unknown option %s\n", *argv);
-            badop = 1;
-            break;
-        }
-        argc--;
-        argv++;
-    }
-    if (badop) {
- bad:
-        sv_usage();
-        goto end;
-    }
-
-    if (cipher == NULL && OPENSSL_issetugid() == 0)
-        cipher = getenv("SSL_CIPHER");
-
-    SSL_load_error_strings();
-    OpenSSL_add_ssl_algorithms();
-
-    c_ctx = SSL_CTX_new(ssl_method);
-    s_ctx = SSL_CTX_new(ssl_method);
-    if ((c_ctx == NULL) || (s_ctx == NULL)) {
-        ERR_print_errors(bio_err);
-        goto end;
-    }
-
-    SSL_CTX_set_session_cache_mode(s_ctx,
-                                   SSL_SESS_CACHE_NO_AUTO_CLEAR |
-                                   SSL_SESS_CACHE_SERVER);
-    SSL_CTX_set_session_cache_mode(c_ctx,
-                                   SSL_SESS_CACHE_NO_AUTO_CLEAR |
-                                   SSL_SESS_CACHE_SERVER);
-
-    if (!SSL_CTX_use_certificate_file(s_ctx, scert, SSL_FILETYPE_PEM)) {
-        BIO_printf(bio_err, "SSL_CTX_use_certificate_file (%s)\n", scert);
-        ERR_print_errors(bio_err);
-        goto end;
-    } else
-        if (!SSL_CTX_use_RSAPrivateKey_file(s_ctx, scert, SSL_FILETYPE_PEM)) {
-        BIO_printf(bio_err, "SSL_CTX_use_RSAPrivateKey_file (%s)\n", scert);
-        ERR_print_errors(bio_err);
-        goto end;
-    }
-
-    if (client_auth) {
-        SSL_CTX_use_certificate_file(c_ctx, ccert, SSL_FILETYPE_PEM);
-        SSL_CTX_use_RSAPrivateKey_file(c_ctx, ccert, SSL_FILETYPE_PEM);
-    }
-
-    if ((!SSL_CTX_load_verify_locations(s_ctx, CAfile, CApath)) ||
-        (!SSL_CTX_set_default_verify_paths(s_ctx)) ||
-        (!SSL_CTX_load_verify_locations(c_ctx, CAfile, CApath)) ||
-        (!SSL_CTX_set_default_verify_paths(c_ctx))) {
-        BIO_printf(bio_err, "SSL_load_verify_locations\n");
-        ERR_print_errors(bio_err);
-        goto end;
-    }
-
-    if (client_auth) {
-        BIO_printf(bio_err, "client authentication\n");
-        SSL_CTX_set_verify(s_ctx,
-                           SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
-                           verify_callback);
-    }
-    if (server_auth) {
-        BIO_printf(bio_err, "server authentication\n");
-        SSL_CTX_set_verify(c_ctx, SSL_VERIFY_PEER, verify_callback);
-    }
-
-    thread_setup();
-    do_threads(s_ctx, c_ctx);
-    thread_cleanup();
- end:
-
-    if (c_ctx != NULL) {
-        BIO_printf(bio_err, "Client SSL_CTX stats then free it\n");
-        print_stats(bio_err, c_ctx);
-        SSL_CTX_free(c_ctx);
-    }
-    if (s_ctx != NULL) {
-        BIO_printf(bio_err, "Server SSL_CTX stats then free it\n");
-        print_stats(bio_err, s_ctx);
-        if (cache_stats) {
-            BIO_printf(bio_err, "-----\n");
-            lh_SSL_SESSION_stats_bio(SSL_CTX_sessions(s_ctx), bio_err);
-            BIO_printf(bio_err, "-----\n");
-    /*-     lh_SSL_SESSION_node_stats_bio(SSL_CTX_sessions(s_ctx),bio_err);
-            BIO_printf(bio_err,"-----\n"); */
-            lh_SSL_SESSION_node_usage_stats_bio(SSL_CTX_sessions(s_ctx), bio_err);
-            BIO_printf(bio_err, "-----\n");
-        }
-        SSL_CTX_free(s_ctx);
-        BIO_printf(bio_err, "done free\n");
-    }
-    exit(ret);
-    return (0);
-}
-
-#define W_READ  1
-#define W_WRITE 2
-#define C_DONE  1
-#define S_DONE  2
-
-int ndoit(SSL_CTX *ssl_ctx[2])
-{
-    int i;
-    int ret;
-    char *ctx[4];
-    CRYPTO_THREADID thread_id;
-
-    ctx[0] = (char *)ssl_ctx[0];
-    ctx[1] = (char *)ssl_ctx[1];
-
-    if (reconnect) {
-        ctx[2] = (char *)SSL_new(ssl_ctx[0]);
-        ctx[3] = (char *)SSL_new(ssl_ctx[1]);
-    } else {
-        ctx[2] = NULL;
-        ctx[3] = NULL;
-    }
-
-    CRYPTO_THREADID_current(&thread_id);
-    BIO_printf(bio_stdout, "started thread %lu\n",
-	       CRYPTO_THREADID_hash(&thread_id));
-    for (i = 0; i < number_of_loops; i++) {
-/*-     BIO_printf(bio_err,"%4d %2d ctx->ref (%3d,%3d)\n",
-                   CRYPTO_THREADID_hash(&thread_id),i,
-                   ssl_ctx[0]->references,
-                   ssl_ctx[1]->references); */
-/*      pthread_delay_np(&tm); */
-
-        ret = doit(ctx);
-        if (ret != 0) {
-            BIO_printf(bio_stdout, "error[%d] %lu - %d\n",
-                       i, CRYPTO_THREADID_hash(&thread_id), ret);
-            return (ret);
-        }
-    }
-    BIO_printf(bio_stdout, "DONE %lu\n", CRYPTO_THREADID_hash(&thread_id));
-    if (reconnect) {
-        SSL_free((SSL *)ctx[2]);
-        SSL_free((SSL *)ctx[3]);
-    }
-#ifdef OPENSSL_SYS_NETWARE
-    MPKSemaphoreSignal(ThreadSem);
-#endif
-    return (0);
-}
-
-int doit(char *ctx[4])
-{
-    SSL_CTX *s_ctx, *c_ctx;
-    static char cbuf[200], sbuf[200];
-    SSL *c_ssl = NULL;
-    SSL *s_ssl = NULL;
-    BIO *c_to_s = NULL;
-    BIO *s_to_c = NULL;
-    BIO *c_bio = NULL;
-    BIO *s_bio = NULL;
-    int c_r, c_w, s_r, s_w;
-    int c_want, s_want;
-    int i;
-    int done = 0;
-    int c_write, s_write;
-    int do_server = 0, do_client = 0;
-
-    s_ctx = (SSL_CTX *)ctx[0];
-    c_ctx = (SSL_CTX *)ctx[1];
-
-    if (ctx[2] != NULL)
-        s_ssl = (SSL *)ctx[2];
-    else
-        s_ssl = SSL_new(s_ctx);
-
-    if (ctx[3] != NULL)
-        c_ssl = (SSL *)ctx[3];
-    else
-        c_ssl = SSL_new(c_ctx);
-
-    if ((s_ssl == NULL) || (c_ssl == NULL))
-        goto err;
-
-    c_to_s = BIO_new(BIO_s_mem());
-    s_to_c = BIO_new(BIO_s_mem());
-    if ((s_to_c == NULL) || (c_to_s == NULL))
-        goto err;
-
-    c_bio = BIO_new(BIO_f_ssl());
-    s_bio = BIO_new(BIO_f_ssl());
-    if ((c_bio == NULL) || (s_bio == NULL))
-        goto err;
-
-    SSL_set_connect_state(c_ssl);
-    SSL_set_bio(c_ssl, s_to_c, c_to_s);
-    BIO_set_ssl(c_bio, c_ssl, (ctx[2] == NULL) ? BIO_CLOSE : BIO_NOCLOSE);
-
-    SSL_set_accept_state(s_ssl);
-    SSL_set_bio(s_ssl, c_to_s, s_to_c);
-    BIO_set_ssl(s_bio, s_ssl, (ctx[3] == NULL) ? BIO_CLOSE : BIO_NOCLOSE);
-
-    c_r = 0;
-    s_r = 1;
-    c_w = 1;
-    s_w = 0;
-    c_want = W_WRITE;
-    s_want = 0;
-    c_write = 1, s_write = 0;
-
-    /* We can always do writes */
-    for (;;) {
-        do_server = 0;
-        do_client = 0;
-
-        i = (int)BIO_pending(s_bio);
-        if ((i && s_r) || s_w)
-            do_server = 1;
-
-        i = (int)BIO_pending(c_bio);
-        if ((i && c_r) || c_w)
-            do_client = 1;
-
-        if (do_server && verbose) {
-            if (SSL_in_init(s_ssl))
-                BIO_printf(bio_stdout, "server waiting in SSL_accept - %s\n",
-                           SSL_state_string_long(s_ssl));
-            else if (s_write)
-                BIO_printf(bio_stdout, "server:SSL_write()\n");
-            else
-                BIO_printf(bio_stdout, "server:SSL_read()\n");
-        }
-
-        if (do_client && verbose) {
-            if (SSL_in_init(c_ssl))
-                BIO_printf(bio_stdout, "client waiting in SSL_connect - %s\n",
-                           SSL_state_string_long(c_ssl));
-            else if (c_write)
-                BIO_printf(bio_stdout, "client:SSL_write()\n");
-            else
-                BIO_printf(bio_stdout, "client:SSL_read()\n");
-        }
-
-        if (!do_client && !do_server) {
-            BIO_printf(bio_stdout, "ERROR IN STARTUP\n");
-            break;
-        }
-        if (do_client && !(done & C_DONE)) {
-            if (c_write) {
-                i = BIO_write(c_bio, "hello from client\n", 18);
-                if (i < 0) {
-                    c_r = 0;
-                    c_w = 0;
-                    if (BIO_should_retry(c_bio)) {
-                        if (BIO_should_read(c_bio))
-                            c_r = 1;
-                        if (BIO_should_write(c_bio))
-                            c_w = 1;
-                    } else {
-                        BIO_printf(bio_err, "ERROR in CLIENT\n");
-                        ERR_print_errors_fp(stderr);
-                        return (1);
-                    }
-                } else if (i == 0) {
-                    BIO_printf(bio_err, "SSL CLIENT STARTUP FAILED\n");
-                    return (1);
-                } else {
-                    /* ok */
-                    c_write = 0;
-                }
-            } else {
-                i = BIO_read(c_bio, cbuf, 100);
-                if (i < 0) {
-                    c_r = 0;
-                    c_w = 0;
-                    if (BIO_should_retry(c_bio)) {
-                        if (BIO_should_read(c_bio))
-                            c_r = 1;
-                        if (BIO_should_write(c_bio))
-                            c_w = 1;
-                    } else {
-                        BIO_printf(bio_err, "ERROR in CLIENT\n");
-                        ERR_print_errors_fp(stderr);
-                        return (1);
-                    }
-                } else if (i == 0) {
-                    BIO_printf(bio_err, "SSL CLIENT STARTUP FAILED\n");
-                    return (1);
-                } else {
-                    done |= C_DONE;
-#ifdef undef
-                    BIO_printf(bio_stdout, "CLIENT:from server:");
-                    BIO_write(bio_stdout, cbuf, i);
-                    BIO_flush(bio_stdout);
-#endif
-                }
-            }
-        }
-
-        if (do_server && !(done & S_DONE)) {
-            if (!s_write) {
-                i = BIO_read(s_bio, sbuf, 100);
-                if (i < 0) {
-                    s_r = 0;
-                    s_w = 0;
-                    if (BIO_should_retry(s_bio)) {
-                        if (BIO_should_read(s_bio))
-                            s_r = 1;
-                        if (BIO_should_write(s_bio))
-                            s_w = 1;
-                    } else {
-                        BIO_printf(bio_err, "ERROR in SERVER\n");
-                        ERR_print_errors_fp(stderr);
-                        return (1);
-                    }
-                } else if (i == 0) {
-                    BIO_printf(bio_err, "SSL SERVER STARTUP FAILED\n");
-                    return (1);
-                } else {
-                    s_write = 1;
-                    s_w = 1;
-#ifdef undef
-                    BIO_printf(bio_stdout, "SERVER:from client:");
-                    BIO_write(bio_stdout, sbuf, i);
-                    BIO_flush(bio_stdout);
-#endif
-                }
-            } else {
-                i = BIO_write(s_bio, "hello from server\n", 18);
-                if (i < 0) {
-                    s_r = 0;
-                    s_w = 0;
-                    if (BIO_should_retry(s_bio)) {
-                        if (BIO_should_read(s_bio))
-                            s_r = 1;
-                        if (BIO_should_write(s_bio))
-                            s_w = 1;
-                    } else {
-                        BIO_printf(bio_err, "ERROR in SERVER\n");
-                        ERR_print_errors_fp(stderr);
-                        return (1);
-                    }
-                } else if (i == 0) {
-                    BIO_printf(bio_err, "SSL SERVER STARTUP FAILED\n");
-                    return (1);
-                } else {
-                    s_write = 0;
-                    s_r = 1;
-                    done |= S_DONE;
-                }
-            }
-        }
-
-        if ((done & S_DONE) && (done & C_DONE))
-            break;
-#if defined(OPENSSL_SYS_NETWARE)
-        ThreadSwitchWithDelay();
-#endif
-    }
-
-    SSL_set_shutdown(c_ssl, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
-    SSL_set_shutdown(s_ssl, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
-
-#ifdef undef
-    BIO_printf(bio_stdout, "DONE\n");
-#endif
- err:
-    /*
-     * We have to set the BIO's to NULL otherwise they will be free()ed
-     * twice.  Once when th s_ssl is SSL_free()ed and again when c_ssl is
-     * SSL_free()ed. This is a hack required because s_ssl and c_ssl are
-     * sharing the same BIO structure and SSL_set_bio() and SSL_free()
-     * automatically BIO_free non NULL entries. You should not normally do
-     * this or be required to do this
-     */
-
-    if (s_ssl != NULL) {
-        s_ssl->rbio = NULL;
-        s_ssl->wbio = NULL;
-    }
-    if (c_ssl != NULL) {
-        c_ssl->rbio = NULL;
-        c_ssl->wbio = NULL;
-    }
-
-    /* The SSL's are optionally freed in the following calls */
-    if (c_to_s != NULL)
-        BIO_free(c_to_s);
-    if (s_to_c != NULL)
-        BIO_free(s_to_c);
-
-    if (c_bio != NULL)
-        BIO_free(c_bio);
-    if (s_bio != NULL)
-        BIO_free(s_bio);
-    return (0);
-}
-
-int verify_callback(int ok, X509_STORE_CTX *ctx)
-{
-    char *s, buf[256];
-
-    if (verbose) {
-        s = X509_NAME_oneline(X509_get_subject_name(ctx->current_cert),
-                              buf, 256);
-        if (s != NULL) {
-            if (ok)
-                BIO_printf(bio_err, "depth=%d %s\n", ctx->error_depth, buf);
-            else
-                BIO_printf(bio_err, "depth=%d error=%d %s\n",
-                        ctx->error_depth, ctx->error, buf);
-        }
-    }
-    return (ok);
-}
-
-#define THREAD_STACK_SIZE (16*1024)
-
-#ifdef OPENSSL_SYS_WIN32
-
-static HANDLE *lock_cs;
-
-void thread_setup(void)
-{
-    int i;
-
-    lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(HANDLE));
-    for (i = 0; i < CRYPTO_num_locks(); i++) {
-        lock_cs[i] = CreateMutex(NULL, FALSE, NULL);
-    }
-
-    CRYPTO_set_locking_callback((void (*)(int, int, char *, int))
-                                win32_locking_callback);
-    /* id callback defined */
-}
-
-void thread_cleanup(void)
-{
-    int i;
-
-    CRYPTO_set_locking_callback(NULL);
-    for (i = 0; i < CRYPTO_num_locks(); i++)
-        CloseHandle(lock_cs[i]);
-    OPENSSL_free(lock_cs);
-}
-
-void win32_locking_callback(int mode, int type, const char *file, int line)
-{
-    if (mode & CRYPTO_LOCK) {
-        WaitForSingleObject(lock_cs[type], INFINITE);
-    } else {
-        ReleaseMutex(lock_cs[type]);
-    }
-}
-
-void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
-{
-    double ret;
-    SSL_CTX *ssl_ctx[2];
-    DWORD thread_id[MAX_THREAD_NUMBER];
-    HANDLE thread_handle[MAX_THREAD_NUMBER];
-    int i;
-    SYSTEMTIME start, end;
-
-    ssl_ctx[0] = s_ctx;
-    ssl_ctx[1] = c_ctx;
-
-    GetSystemTime(&start);
-    for (i = 0; i < thread_number; i++) {
-        thread_handle[i] = CreateThread(NULL,
-                                        THREAD_STACK_SIZE,
-                                        (LPTHREAD_START_ROUTINE) ndoit,
-                                        (void *)ssl_ctx, 0L, &(thread_id[i]));
-    }
-
-    BIO_printf(bio_stdout, "reaping\n");
-    for (i = 0; i < thread_number; i += 50) {
-        int j;
-
-        j = (thread_number < (i + 50)) ? (thread_number - i) : 50;
-
-        if (WaitForMultipleObjects(j,
-                                   (CONST HANDLE *) & (thread_handle[i]),
-                                   TRUE, INFINITE)
-            == WAIT_FAILED) {
-            BIO_printf(bio_err, "WaitForMultipleObjects failed:%d\n",
-                    GetLastError());
-            exit(1);
-        }
-    }
-    GetSystemTime(&end);
-
-    if (start.wDayOfWeek > end.wDayOfWeek)
-        end.wDayOfWeek += 7;
-    ret = (end.wDayOfWeek - start.wDayOfWeek) * 24;
-
-    ret = (ret + end.wHour - start.wHour) * 60;
-    ret = (ret + end.wMinute - start.wMinute) * 60;
-    ret = (ret + end.wSecond - start.wSecond);
-    ret += (end.wMilliseconds - start.wMilliseconds) / 1000.0;
-
-    BIO_printf(bio_stdout, "win32 threads done - %.3f seconds\n", ret);
-}
-
-#endif                          /* OPENSSL_SYS_WIN32 */
-
-#ifdef SOLARIS
-
-static mutex_t *lock_cs;
-/*
- * static rwlock_t *lock_cs;
- */
-static long *lock_count;
-
-void thread_setup(void)
-{
-    int i;
-
-    lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(mutex_t));
-    lock_count = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
-    for (i = 0; i < CRYPTO_num_locks(); i++) {
-        lock_count[i] = 0;
-        /* rwlock_init(&(lock_cs[i]),USYNC_THREAD,NULL); */
-        mutex_init(&(lock_cs[i]), USYNC_THREAD, NULL);
-    }
-
-    CRYPTO_set_id_callback(solaris_thread_id);
-    CRYPTO_set_locking_callback(solaris_locking_callback);
-}
-
-void thread_cleanup(void)
-{
-    int i;
-
-    CRYPTO_set_locking_callback(NULL);
-
-    BIO_printf(bio_err, "cleanup\n");
-
-    for (i = 0; i < CRYPTO_num_locks(); i++) {
-        /* rwlock_destroy(&(lock_cs[i])); */
-        mutex_destroy(&(lock_cs[i]));
-        BIO_printf(bio_err, "%8ld:%s\n", lock_count[i], CRYPTO_get_lock_name(i));
-    }
-    OPENSSL_free(lock_cs);
-    OPENSSL_free(lock_count);
-
-    BIO_printf(bio_err, "done cleanup\n");
-
-}
-
-void solaris_locking_callback(int mode, int type, const char *file, int line)
-{
-# ifdef undef
-    BIO_printf(bio_err, "thread=%4d mode=%s lock=%s %s:%d\n",
-               CRYPTO_thread_id(),
-               (mode & CRYPTO_LOCK) ? "l" : "u",
-               (type & CRYPTO_READ) ? "r" : "w", file, line);
-# endif
-
-    /*-
-    if (CRYPTO_LOCK_SSL_CERT == type)
-    BIO_printf(bio_err,"(t,m,f,l) %ld %d %s %d\n",
-               CRYPTO_thread_id(),
-               mode,file,line);
-    */
-    if (mode & CRYPTO_LOCK) {
-        /*-
-        if (mode & CRYPTO_READ)
-                rw_rdlock(&(lock_cs[type]));
-        else
-                rw_wrlock(&(lock_cs[type])); */
-
-        mutex_lock(&(lock_cs[type]));
-        lock_count[type]++;
-    } else {
-/*      rw_unlock(&(lock_cs[type]));  */
-        mutex_unlock(&(lock_cs[type]));
-    }
-}
-
-void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
-{
-    SSL_CTX *ssl_ctx[2];
-    thread_t thread_ctx[MAX_THREAD_NUMBER];
-    int i;
-
-    ssl_ctx[0] = s_ctx;
-    ssl_ctx[1] = c_ctx;
-
-    thr_setconcurrency(thread_number);
-    for (i = 0; i < thread_number; i++) {
-        thr_create(NULL, THREAD_STACK_SIZE,
-                   (void *(*)())ndoit, (void *)ssl_ctx, 0L, &(thread_ctx[i]));
-    }
-
-    BIO_printf(bio_stdout, "reaping\n");
-    for (i = 0; i < thread_number; i++) {
-        thr_join(thread_ctx[i], NULL, NULL);
-    }
-
-#if 0 /* We can't currently find out the reference amount */
-    BIO_printf(bio_stdout, "solaris threads done (%d,%d)\n",
-               s_ctx->references, c_ctx->references);
-#else
-    BIO_printf(bio_stdout, "solaris threads done\n");
-#endif
-}
-
-void solaris_thread_id(CRYPTO_THREADID *tid)
-{
-    CRYPTO_THREADID_set_numeric((unsigned long)thr_self());
-}
-#endif                          /* SOLARIS */
-
-#ifdef IRIX
-
-static usptr_t *arena;
-static usema_t **lock_cs;
-
-void thread_setup(void)
-{
-    int i;
-    char filename[20];
-
-    strcpy(filename, "/tmp/mttest.XXXXXX");
-    mktemp(filename);
-
-    usconfig(CONF_STHREADIOOFF);
-    usconfig(CONF_STHREADMALLOCOFF);
-    usconfig(CONF_INITUSERS, 100);
-    usconfig(CONF_LOCKTYPE, US_DEBUGPLUS);
-    arena = usinit(filename);
-    unlink(filename);
-
-    lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(usema_t *));
-    for (i = 0; i < CRYPTO_num_locks(); i++) {
-        lock_cs[i] = usnewsema(arena, 1);
-    }
-
-    CRYPTO_set_id_callback(irix_thread_id);
-    CRYPTO_set_locking_callback(irix_locking_callback);
-}
-
-void thread_cleanup(void)
-{
-    int i;
-
-    CRYPTO_set_locking_callback(NULL);
-    for (i = 0; i < CRYPTO_num_locks(); i++) {
-        char buf[10];
-
-        sprintf(buf, "%2d:", i);
-        usdumpsema(lock_cs[i], stdout, buf);
-        usfreesema(lock_cs[i], arena);
-    }
-    OPENSSL_free(lock_cs);
-}
-
-void irix_locking_callback(int mode, int type, const char *file, int line)
-{
-    if (mode & CRYPTO_LOCK) {
-        BIO_printf(bio_stdout, "lock %d\n", type);
-        uspsema(lock_cs[type]);
-    } else {
-        BIO_printf(bio_stdout, "unlock %d\n", type);
-        usvsema(lock_cs[type]);
-    }
-}
-
-void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
-{
-    SSL_CTX *ssl_ctx[2];
-    int thread_ctx[MAX_THREAD_NUMBER];
-    int i;
-
-    ssl_ctx[0] = s_ctx;
-    ssl_ctx[1] = c_ctx;
-
-    for (i = 0; i < thread_number; i++) {
-        thread_ctx[i] = sproc((void (*)())ndoit,
-                              PR_SADDR | PR_SFDS, (void *)ssl_ctx);
-    }
-
-    BIO_printf(bio_stdout, "reaping\n");
-    for (i = 0; i < thread_number; i++) {
-        wait(NULL);
-    }
-
-#if 0 /* We can't currently find out the reference amount */
-    BIO_printf(bio_stdout, "irix threads done (%d,%d)\n",
-               s_ctx->references, c_ctx->references);
-#else
-    BIO_printf(bio_stdout, "irix threads done\n");
-#endif
-}
-
-unsigned long irix_thread_id(void)
-{
-    CRYPTO_THREADID_set_numeric((unsigned long)getpid());
-}
-#endif                          /* IRIX */
-
-#ifdef PTHREADS
-
-static pthread_mutex_t *lock_cs;
-static long *lock_count;
-
-void thread_setup(void)
-{
-    int i;
-
-    lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t));
-    lock_count = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
-    for (i = 0; i < CRYPTO_num_locks(); i++) {
-        lock_count[i] = 0;
-        pthread_mutex_init(&(lock_cs[i]), NULL);
-    }
-
-    CRYPTO_THREADID_set_callback(pthreads_thread_id);
-    CRYPTO_set_locking_callback(pthreads_locking_callback);
-}
-
-void thread_cleanup(void)
-{
-    int i;
-
-    CRYPTO_set_locking_callback(NULL);
-    BIO_printf(bio_err, "cleanup\n");
-    for (i = 0; i < CRYPTO_num_locks(); i++) {
-        pthread_mutex_destroy(&(lock_cs[i]));
-        BIO_printf(bio_err, "%8ld:%s\n", lock_count[i], CRYPTO_get_lock_name(i));
-    }
-    OPENSSL_free(lock_cs);
-    OPENSSL_free(lock_count);
-
-    BIO_printf(bio_err, "done cleanup\n");
-}
-
-void pthreads_locking_callback(int mode, int type, const char *file, int line)
-{
-# ifdef undef
-    BIO_printf(bio_err, "thread=%4d mode=%s lock=%s %s:%d\n",
-               CRYPTO_thread_id(),
-               (mode & CRYPTO_LOCK) ? "l" : "u",
-               (type & CRYPTO_READ) ? "r" : "w", file, line);
-# endif
-/*-
-    if (CRYPTO_LOCK_SSL_CERT == type)
-            BIO_printf(bio_err,"(t,m,f,l) %ld %d %s %d\n",
-                       CRYPTO_thread_id(),
-                       mode,file,line);
-*/
-    if (mode & CRYPTO_LOCK) {
-        pthread_mutex_lock(&(lock_cs[type]));
-        lock_count[type]++;
-    } else {
-        pthread_mutex_unlock(&(lock_cs[type]));
-    }
-}
-
-void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
-{
-    SSL_CTX *ssl_ctx[2];
-    pthread_t thread_ctx[MAX_THREAD_NUMBER];
-    int i;
-
-    ssl_ctx[0] = s_ctx;
-    ssl_ctx[1] = c_ctx;
-
-    /*
-     * thr_setconcurrency(thread_number);
-     */
-    for (i = 0; i < thread_number; i++) {
-        pthread_create(&(thread_ctx[i]), NULL,
-                       (void *(*)())ndoit, (void *)ssl_ctx);
-    }
-
-    BIO_printf(bio_stdout, "reaping\n");
-    for (i = 0; i < thread_number; i++) {
-        pthread_join(thread_ctx[i], NULL);
-    }
-
-#if 0 /* We can't currently find out the reference amount */
-    BIO_printf(bio_stdout, "pthreads threads done (%d,%d)\n",
-               s_ctx->references, c_ctx->references);
-#else
-    BIO_printf(bio_stdout, "pthreads threads done\n");
-#endif
-}
-
-void pthreads_thread_id(CRYPTO_THREADID *tid)
-{
-    CRYPTO_THREADID_set_numeric(tid, (unsigned long)pthread_self());
-}
-
-#endif                          /* PTHREADS */
-
-#ifdef OPENSSL_SYS_NETWARE
-
-void thread_setup(void)
-{
-    int i;
-
-    lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(MPKMutex));
-    lock_count = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
-    for (i = 0; i < CRYPTO_num_locks(); i++) {
-        lock_count[i] = 0;
-        lock_cs[i] = MPKMutexAlloc("OpenSSL mutex");
-    }
-
-    ThreadSem = MPKSemaphoreAlloc("OpenSSL mttest semaphore", 0);
-
-    CRYPTO_set_id_callback(netware_thread_id);
-    CRYPTO_set_locking_callback(netware_locking_callback);
-}
-
-void thread_cleanup(void)
-{
-    int i;
-
-    CRYPTO_set_locking_callback(NULL);
-
-    BIO_printf(bio_stdout, "thread_cleanup\n");
-
-    for (i = 0; i < CRYPTO_num_locks(); i++) {
-        MPKMutexFree(lock_cs[i]);
-        BIO_printf(bio_stdout, "%8ld:%s\n", lock_count[i], CRYPTO_get_lock_name(i));
-    }
-    OPENSSL_free(lock_cs);
-    OPENSSL_free(lock_count);
-
-    MPKSemaphoreFree(ThreadSem);
-
-    BIO_printf(bio_stdout, "done cleanup\n");
-}
-
-void netware_locking_callback(int mode, int type, const char *file, int line)
-{
-    if (mode & CRYPTO_LOCK) {
-        MPKMutexLock(lock_cs[type]);
-        lock_count[type]++;
-    } else
-        MPKMutexUnlock(lock_cs[type]);
-}
-
-void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
-{
-    SSL_CTX *ssl_ctx[2];
-    int i;
-    ssl_ctx[0] = s_ctx;
-    ssl_ctx[1] = c_ctx;
-
-    for (i = 0; i < thread_number; i++) {
-        BeginThread((void (*)(void *))ndoit, NULL, THREAD_STACK_SIZE,
-                    (void *)ssl_ctx);
-        ThreadSwitchWithDelay();
-    }
-
-    BIO_printf(bio_stdout, "reaping\n");
-
-    /* loop until all threads have signaled the semaphore */
-    for (i = 0; i < thread_number; i++) {
-        MPKSemaphoreWait(ThreadSem);
-    }
-#if 0 /* We can't currently find out the reference amount */
-    BIO_printf(bio_stdout, "netware threads done (%d,%d)\n",
-               s_ctx->references, c_ctx->references);
-#else
-    BIO_printf(bio_stdout, "netware threads done\n");
-#endif
-}
-
-unsigned long netware_thread_id(void)
-{
-    CRYPTO_THREADID_set_numeric((unsigned long)GetThreadID());
-}
-#endif                          /* NETWARE */
-
-#ifdef BEOS_THREADS
-
-# include <Locker.h>
-
-static BLocker **lock_cs;
-static long *lock_count;
-
-void thread_setup(void)
-{
-    int i;
-
-    lock_cs =
-        (BLocker **) OPENSSL_malloc(CRYPTO_num_locks() * sizeof(BLocker *));
-    lock_count = (long *)OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
-    for (i = 0; i < CRYPTO_num_locks(); i++) {
-        lock_count[i] = 0;
-        lock_cs[i] = new BLocker(CRYPTO_get_lock_name(i));
-    }
-
-    CRYPTO_set_id_callback((unsigned long (*)())beos_thread_id);
-    CRYPTO_set_locking_callback(beos_locking_callback);
-}
-
-void thread_cleanup(void)
-{
-    int i;
-
-    CRYPTO_set_locking_callback(NULL);
-    BIO_printf(bio_err, "cleanup\n");
-    for (i = 0; i < CRYPTO_num_locks(); i++) {
-        delete lock_cs[i];
-        BIO_printf(bio_err, "%8ld:%s\n", lock_count[i], CRYPTO_get_lock_name(i));
-    }
-    OPENSSL_free(lock_cs);
-    OPENSSL_free(lock_count);
-
-    BIO_printf(bio_err, "done cleanup\n");
-}
-
-void beos_locking_callback(int mode, int type, const char *file, int line)
-{
-# if 0
-    BIO_printf(bio_err, "thread=%4d mode=%s lock=%s %s:%d\n",
-               CRYPTO_thread_id(),
-               (mode & CRYPTO_LOCK) ? "l" : "u",
-               (type & CRYPTO_READ) ? "r" : "w", file, line);
-# endif
-    if (mode & CRYPTO_LOCK) {
-        lock_cs[type]->Lock();
-        lock_count[type]++;
-    } else {
-        lock_cs[type]->Unlock();
-    }
-}
-
-void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
-{
-    SSL_CTX *ssl_ctx[2];
-    thread_id thread_ctx[MAX_THREAD_NUMBER];
-    int i;
-
-    ssl_ctx[0] = s_ctx;
-    ssl_ctx[1] = c_ctx;
-
-    for (i = 0; i < thread_number; i++) {
-        thread_ctx[i] = spawn_thread((thread_func) ndoit,
-                                     NULL, B_NORMAL_PRIORITY,
-                                     (void *)ssl_ctx);
-        resume_thread(thread_ctx[i]);
-    }
-
-    BIO_printf(bio_stdout, "waiting...\n");
-    for (i = 0; i < thread_number; i++) {
-        status_t result;
-        wait_for_thread(thread_ctx[i], &result);
-    }
-
-    BIO_printf(bio_stdout, "beos threads done (%d,%d)\n",
-               s_ctx->references, c_ctx->references);
-}
-
-unsigned long beos_thread_id(void)
-{
-    unsigned long ret;
-
-    ret = (unsigned long)find_thread(NULL);
-    return (ret);
-}
-
-#endif                          /* BEOS_THREADS */
diff --git a/freebsd/crypto/openssl/crypto/threads/th-lock.c b/freebsd/crypto/openssl/crypto/threads/th-lock.c
deleted file mode 100644
index 3a9352d5..00000000
--- a/freebsd/crypto/openssl/crypto/threads/th-lock.c
+++ /dev/null
@@ -1,391 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/threads/th-lock.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#ifdef LINUX
-# include <typedefs.h>
-#endif
-#ifdef OPENSSL_SYS_WIN32
-# include <windows.h>
-#endif
-#ifdef SOLARIS
-# include <synch.h>
-# include <thread.h>
-#endif
-#ifdef IRIX
-# include <ulocks.h>
-# include <sys/prctl.h>
-#endif
-#ifdef PTHREADS
-# include <pthread.h>
-#endif
-#include <openssl/lhash.h>
-#include <openssl/crypto.h>
-#include <openssl/buffer.h>
-#include "../../e_os.h"
-#include <openssl/x509.h>
-#include <openssl/ssl.h>
-#include <openssl/err.h>
-
-void CRYPTO_thread_setup(void);
-void CRYPTO_thread_cleanup(void);
-
-static void irix_locking_callback(int mode, int type, char *file, int line);
-static void solaris_locking_callback(int mode, int type, char *file,
-                                     int line);
-static void win32_locking_callback(int mode, int type, char *file, int line);
-static void pthreads_locking_callback(int mode, int type, char *file,
-                                      int line);
-
-static unsigned long irix_thread_id(void);
-static unsigned long solaris_thread_id(void);
-static unsigned long pthreads_thread_id(void);
-
-/*-
- * usage:
- * CRYPTO_thread_setup();
- * application code
- * CRYPTO_thread_cleanup();
- */
-
-#define THREAD_STACK_SIZE (16*1024)
-
-#ifdef OPENSSL_SYS_WIN32
-
-static HANDLE *lock_cs;
-
-void CRYPTO_thread_setup(void)
-{
-    int i;
-
-    lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(HANDLE));
-    if (!lock_cs) {
-        /* Nothing we can do about this...void function! */
-        return;
-    }
-    for (i = 0; i < CRYPTO_num_locks(); i++) {
-        lock_cs[i] = CreateMutex(NULL, FALSE, NULL);
-    }
-
-    CRYPTO_set_locking_callback((void (*)(int, int, char *, int))
-                                win32_locking_callback);
-    /* id callback defined */
-    return (1);
-}
-
-static void CRYPTO_thread_cleanup(void)
-{
-    int i;
-
-    CRYPTO_set_locking_callback(NULL);
-    for (i = 0; i < CRYPTO_num_locks(); i++)
-        CloseHandle(lock_cs[i]);
-    OPENSSL_free(lock_cs);
-}
-
-void win32_locking_callback(int mode, int type, char *file, int line)
-{
-    if (mode & CRYPTO_LOCK) {
-        WaitForSingleObject(lock_cs[type], INFINITE);
-    } else {
-        ReleaseMutex(lock_cs[type]);
-    }
-}
-
-#endif                          /* OPENSSL_SYS_WIN32 */
-
-#ifdef SOLARIS
-
-# define USE_MUTEX
-
-# ifdef USE_MUTEX
-static mutex_t *lock_cs;
-# else
-static rwlock_t *lock_cs;
-# endif
-static long *lock_count;
-
-void CRYPTO_thread_setup(void)
-{
-    int i;
-
-# ifdef USE_MUTEX
-    lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(mutex_t));
-# else
-    lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(rwlock_t));
-# endif
-    if (!lock_cs) {
-        /* Nothing we can do about this...void function! */
-        return;
-    }
-    lock_count = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
-    for (i = 0; i < CRYPTO_num_locks(); i++) {
-        lock_count[i] = 0;
-# ifdef USE_MUTEX
-        mutex_init(&(lock_cs[i]), USYNC_THREAD, NULL);
-# else
-        rwlock_init(&(lock_cs[i]), USYNC_THREAD, NULL);
-# endif
-    }
-
-    CRYPTO_set_id_callback((unsigned long (*)())solaris_thread_id);
-    CRYPTO_set_locking_callback((void (*)())solaris_locking_callback);
-}
-
-void CRYPTO_thread_cleanup(void)
-{
-    int i;
-
-    CRYPTO_set_locking_callback(NULL);
-    for (i = 0; i < CRYPTO_num_locks(); i++) {
-# ifdef USE_MUTEX
-        mutex_destroy(&(lock_cs[i]));
-# else
-        rwlock_destroy(&(lock_cs[i]));
-# endif
-    }
-    OPENSSL_free(lock_cs);
-    OPENSSL_free(lock_count);
-}
-
-void solaris_locking_callback(int mode, int type, char *file, int line)
-{
-# if 0
-    fprintf(stderr, "thread=%4d mode=%s lock=%s %s:%d\n",
-            CRYPTO_thread_id(),
-            (mode & CRYPTO_LOCK) ? "l" : "u",
-            (type & CRYPTO_READ) ? "r" : "w", file, line);
-# endif
-
-# if 0
-    if (CRYPTO_LOCK_SSL_CERT == type)
-        fprintf(stderr, "(t,m,f,l) %ld %d %s %d\n",
-                CRYPTO_thread_id(), mode, file, line);
-# endif
-    if (mode & CRYPTO_LOCK) {
-# ifdef USE_MUTEX
-        mutex_lock(&(lock_cs[type]));
-# else
-        if (mode & CRYPTO_READ)
-            rw_rdlock(&(lock_cs[type]));
-        else
-            rw_wrlock(&(lock_cs[type]));
-# endif
-        lock_count[type]++;
-    } else {
-# ifdef USE_MUTEX
-        mutex_unlock(&(lock_cs[type]));
-# else
-        rw_unlock(&(lock_cs[type]));
-# endif
-    }
-}
-
-unsigned long solaris_thread_id(void)
-{
-    unsigned long ret;
-
-    ret = (unsigned long)thr_self();
-    return (ret);
-}
-#endif                          /* SOLARIS */
-
-#ifdef IRIX
-/* I don't think this works..... */
-
-static usptr_t *arena;
-static usema_t **lock_cs;
-
-void CRYPTO_thread_setup(void)
-{
-    int i;
-    char filename[20];
-
-    lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(usema_t *));
-    if (!lock_cs) {
-        /* Nothing we can do about this...void function! */
-        return;
-    }
-
-    strcpy(filename, "/tmp/mttest.XXXXXX");
-    mktemp(filename);
-
-    usconfig(CONF_STHREADIOOFF);
-    usconfig(CONF_STHREADMALLOCOFF);
-    usconfig(CONF_INITUSERS, 100);
-    usconfig(CONF_LOCKTYPE, US_DEBUGPLUS);
-    arena = usinit(filename);
-    unlink(filename);
-
-    for (i = 0; i < CRYPTO_num_locks(); i++) {
-        lock_cs[i] = usnewsema(arena, 1);
-    }
-
-    CRYPTO_set_id_callback((unsigned long (*)())irix_thread_id);
-    CRYPTO_set_locking_callback((void (*)())irix_locking_callback);
-}
-
-void CRYPTO_thread_cleanup(void)
-{
-    int i;
-
-    CRYPTO_set_locking_callback(NULL);
-    for (i = 0; i < CRYPTO_num_locks(); i++) {
-        char buf[10];
-
-        sprintf(buf, "%2d:", i);
-        usdumpsema(lock_cs[i], stdout, buf);
-        usfreesema(lock_cs[i], arena);
-    }
-    OPENSSL_free(lock_cs);
-}
-
-void irix_locking_callback(int mode, int type, char *file, int line)
-{
-    if (mode & CRYPTO_LOCK) {
-        uspsema(lock_cs[type]);
-    } else {
-        usvsema(lock_cs[type]);
-    }
-}
-
-unsigned long irix_thread_id(void)
-{
-    unsigned long ret;
-
-    ret = (unsigned long)getpid();
-    return (ret);
-}
-#endif                          /* IRIX */
-
-/* Linux and a few others */
-#ifdef PTHREADS
-
-static pthread_mutex_t *lock_cs;
-static long *lock_count;
-
-void CRYPTO_thread_setup(void)
-{
-    int i;
-
-    lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t));
-    lock_count = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
-    if (!lock_cs || !lock_count) {
-        /* Nothing we can do about this...void function! */
-        if (lock_cs)
-            OPENSSL_free(lock_cs);
-        if (lock_count)
-            OPENSSL_free(lock_count);
-        return;
-    }
-    for (i = 0; i < CRYPTO_num_locks(); i++) {
-        lock_count[i] = 0;
-        pthread_mutex_init(&(lock_cs[i]), NULL);
-    }
-
-    CRYPTO_set_id_callback((unsigned long (*)())pthreads_thread_id);
-    CRYPTO_set_locking_callback((void (*)())pthreads_locking_callback);
-}
-
-void thread_cleanup(void)
-{
-    int i;
-
-    CRYPTO_set_locking_callback(NULL);
-    for (i = 0; i < CRYPTO_num_locks(); i++) {
-        pthread_mutex_destroy(&(lock_cs[i]));
-    }
-    OPENSSL_free(lock_cs);
-    OPENSSL_free(lock_count);
-}
-
-void pthreads_locking_callback(int mode, int type, char *file, int line)
-{
-# if 0
-    fprintf(stderr, "thread=%4d mode=%s lock=%s %s:%d\n",
-            CRYPTO_thread_id(),
-            (mode & CRYPTO_LOCK) ? "l" : "u",
-            (type & CRYPTO_READ) ? "r" : "w", file, line);
-# endif
-# if 0
-    if (CRYPTO_LOCK_SSL_CERT == type)
-        fprintf(stderr, "(t,m,f,l) %ld %d %s %d\n",
-                CRYPTO_thread_id(), mode, file, line);
-# endif
-    if (mode & CRYPTO_LOCK) {
-        pthread_mutex_lock(&(lock_cs[type]));
-        lock_count[type]++;
-    } else {
-        pthread_mutex_unlock(&(lock_cs[type]));
-    }
-}
-
-unsigned long pthreads_thread_id(void)
-{
-    unsigned long ret;
-
-    ret = (unsigned long)pthread_self();
-    return (ret);
-}
-
-#endif                          /* PTHREADS */
diff --git a/freebsd/crypto/openssl/crypto/threads_none.c b/freebsd/crypto/openssl/crypto/threads_none.c
new file mode 100644
index 00000000..988210f7
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/threads_none.c
@@ -0,0 +1,138 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include "internal/cryptlib.h"
+
+#if !defined(OPENSSL_THREADS) || defined(CRYPTO_TDEBUG)
+
+CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void)
+{
+    CRYPTO_RWLOCK *lock;
+
+    if ((lock = OPENSSL_zalloc(sizeof(unsigned int))) == NULL) {
+        /* Don't set error, to avoid recursion blowup. */
+        return NULL;
+    }
+
+    *(unsigned int *)lock = 1;
+
+    return lock;
+}
+
+int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock)
+{
+    if (!ossl_assert(*(unsigned int *)lock == 1))
+        return 0;
+    return 1;
+}
+
+int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock)
+{
+    if (!ossl_assert(*(unsigned int *)lock == 1))
+        return 0;
+    return 1;
+}
+
+int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock)
+{
+    if (!ossl_assert(*(unsigned int *)lock == 1))
+        return 0;
+    return 1;
+}
+
+void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock) {
+    if (lock == NULL)
+        return;
+
+    *(unsigned int *)lock = 0;
+    OPENSSL_free(lock);
+
+    return;
+}
+
+int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void))
+{
+    if (*once != 0)
+        return 1;
+
+    init();
+    *once = 1;
+
+    return 1;
+}
+
+#define OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX 256
+
+static void *thread_local_storage[OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX];
+
+int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *))
+{
+    static unsigned int thread_local_key = 0;
+
+    if (thread_local_key >= OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX)
+        return 0;
+
+    *key = thread_local_key++;
+
+    thread_local_storage[*key] = NULL;
+
+    return 1;
+}
+
+void *CRYPTO_THREAD_get_local(CRYPTO_THREAD_LOCAL *key)
+{
+    if (*key >= OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX)
+        return NULL;
+
+    return thread_local_storage[*key];
+}
+
+int CRYPTO_THREAD_set_local(CRYPTO_THREAD_LOCAL *key, void *val)
+{
+    if (*key >= OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX)
+        return 0;
+
+    thread_local_storage[*key] = val;
+
+    return 1;
+}
+
+int CRYPTO_THREAD_cleanup_local(CRYPTO_THREAD_LOCAL *key)
+{
+    *key = OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX + 1;
+    return 1;
+}
+
+CRYPTO_THREAD_ID CRYPTO_THREAD_get_current_id(void)
+{
+    return 0;
+}
+
+int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b)
+{
+    return (a == b);
+}
+
+int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock)
+{
+    *val += amount;
+    *ret  = *val;
+
+    return 1;
+}
+
+int openssl_init_fork_handlers(void)
+{
+    return 0;
+}
+
+#endif
diff --git a/freebsd/crypto/openssl/crypto/threads_pthread.c b/freebsd/crypto/openssl/crypto/threads_pthread.c
new file mode 100644
index 00000000..9a4514f3
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/threads_pthread.c
@@ -0,0 +1,199 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include "internal/cryptlib.h"
+
+#if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) && !defined(OPENSSL_SYS_WINDOWS)
+
+# ifdef PTHREAD_RWLOCK_INITIALIZER
+#  define USE_RWLOCK
+# endif
+
+CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void)
+{
+# ifdef USE_RWLOCK
+    CRYPTO_RWLOCK *lock;
+
+    if ((lock = OPENSSL_zalloc(sizeof(pthread_rwlock_t))) == NULL) {
+        /* Don't set error, to avoid recursion blowup. */
+        return NULL;
+    }
+
+    if (pthread_rwlock_init(lock, NULL) != 0) {
+        OPENSSL_free(lock);
+        return NULL;
+    }
+# else
+    pthread_mutexattr_t attr;
+    CRYPTO_RWLOCK *lock;
+
+    if ((lock = OPENSSL_zalloc(sizeof(pthread_mutex_t))) == NULL) {
+        /* Don't set error, to avoid recursion blowup. */
+        return NULL;
+    }
+
+    pthread_mutexattr_init(&attr);
+    pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_RECURSIVE);
+
+    if (pthread_mutex_init(lock, &attr) != 0) {
+        pthread_mutexattr_destroy(&attr);
+        OPENSSL_free(lock);
+        return NULL;
+    }
+
+    pthread_mutexattr_destroy(&attr);
+# endif
+
+    return lock;
+}
+
+int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock)
+{
+# ifdef USE_RWLOCK
+    if (pthread_rwlock_rdlock(lock) != 0)
+        return 0;
+# else
+    if (pthread_mutex_lock(lock) != 0)
+        return 0;
+# endif
+
+    return 1;
+}
+
+int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock)
+{
+# ifdef USE_RWLOCK
+    if (pthread_rwlock_wrlock(lock) != 0)
+        return 0;
+# else
+    if (pthread_mutex_lock(lock) != 0)
+        return 0;
+# endif
+
+    return 1;
+}
+
+int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock)
+{
+# ifdef USE_RWLOCK
+    if (pthread_rwlock_unlock(lock) != 0)
+        return 0;
+# else
+    if (pthread_mutex_unlock(lock) != 0)
+        return 0;
+# endif
+
+    return 1;
+}
+
+void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock)
+{
+    if (lock == NULL)
+        return;
+
+# ifdef USE_RWLOCK
+    pthread_rwlock_destroy(lock);
+# else
+    pthread_mutex_destroy(lock);
+# endif
+    OPENSSL_free(lock);
+
+    return;
+}
+
+int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void))
+{
+    if (pthread_once(once, init) != 0)
+        return 0;
+
+    return 1;
+}
+
+int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *))
+{
+    if (pthread_key_create(key, cleanup) != 0)
+        return 0;
+
+    return 1;
+}
+
+void *CRYPTO_THREAD_get_local(CRYPTO_THREAD_LOCAL *key)
+{
+    return pthread_getspecific(*key);
+}
+
+int CRYPTO_THREAD_set_local(CRYPTO_THREAD_LOCAL *key, void *val)
+{
+    if (pthread_setspecific(*key, val) != 0)
+        return 0;
+
+    return 1;
+}
+
+int CRYPTO_THREAD_cleanup_local(CRYPTO_THREAD_LOCAL *key)
+{
+    if (pthread_key_delete(*key) != 0)
+        return 0;
+
+    return 1;
+}
+
+CRYPTO_THREAD_ID CRYPTO_THREAD_get_current_id(void)
+{
+    return pthread_self();
+}
+
+int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b)
+{
+    return pthread_equal(a, b);
+}
+
+int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock)
+{
+# if defined(__GNUC__) && defined(__ATOMIC_ACQ_REL) && \
+     !(defined(__arm__) && __ARM_ARCH < 6)
+    if (__atomic_is_lock_free(sizeof(*val), val)) {
+        *ret = __atomic_add_fetch(val, amount, __ATOMIC_ACQ_REL);
+        return 1;
+    }
+# endif
+    if (!CRYPTO_THREAD_write_lock(lock))
+        return 0;
+
+    *val += amount;
+    *ret  = *val;
+
+    if (!CRYPTO_THREAD_unlock(lock))
+        return 0;
+
+    return 1;
+}
+
+# ifdef OPENSSL_SYS_UNIX
+static pthread_once_t fork_once_control = PTHREAD_ONCE_INIT;
+
+static void fork_once_func(void)
+{
+    pthread_atfork(OPENSSL_fork_prepare,
+                   OPENSSL_fork_parent, OPENSSL_fork_child);
+}
+# endif
+
+int openssl_init_fork_handlers(void)
+{
+# ifdef OPENSSL_SYS_UNIX
+    if (pthread_once(&fork_once_control, fork_once_func) == 0)
+        return 1;
+# endif
+    return 0;
+}
+#endif
diff --git a/freebsd/crypto/openssl/crypto/ts/ts_asn1.c b/freebsd/crypto/openssl/crypto/ts/ts_asn1.c
index 049b0b9e..a6ee11a6 100644
--- a/freebsd/crypto/openssl/crypto/ts/ts_asn1.c
+++ b/freebsd/crypto/openssl/crypto/ts/ts_asn1.c
@@ -1,75 +1,26 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/ts/ts_asn1.c */
 /*
- * Written by Nils Larsch for the OpenSSL project 2004.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/ts.h>
 #include <openssl/err.h>
 #include <openssl/asn1t.h>
+#include "ts_lcl.h"
 
 ASN1_SEQUENCE(TS_MSG_IMPRINT) = {
         ASN1_SIMPLE(TS_MSG_IMPRINT, hash_algo, X509_ALGOR),
         ASN1_SIMPLE(TS_MSG_IMPRINT, hashed_msg, ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END(TS_MSG_IMPRINT)
+} static_ASN1_SEQUENCE_END(TS_MSG_IMPRINT)
 
 IMPLEMENT_ASN1_FUNCTIONS_const(TS_MSG_IMPRINT)
 IMPLEMENT_ASN1_DUP_FUNCTION(TS_MSG_IMPRINT)
-#ifndef OPENSSL_NO_BIO
 TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *bp, TS_MSG_IMPRINT **a)
 {
     return ASN1_d2i_bio_of(TS_MSG_IMPRINT, TS_MSG_IMPRINT_new,
@@ -80,8 +31,7 @@ int i2d_TS_MSG_IMPRINT_bio(BIO *bp, TS_MSG_IMPRINT *a)
 {
     return ASN1_i2d_bio_of_const(TS_MSG_IMPRINT, i2d_TS_MSG_IMPRINT, bp, a);
 }
-#endif
-#ifndef OPENSSL_NO_FP_API
+#ifndef OPENSSL_NO_STDIO
 TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a)
 {
     return ASN1_d2i_fp_of(TS_MSG_IMPRINT, TS_MSG_IMPRINT_new,
@@ -101,11 +51,10 @@ ASN1_SEQUENCE(TS_REQ) = {
         ASN1_OPT(TS_REQ, nonce, ASN1_INTEGER),
         ASN1_OPT(TS_REQ, cert_req, ASN1_FBOOLEAN),
         ASN1_IMP_SEQUENCE_OF_OPT(TS_REQ, extensions, X509_EXTENSION, 0)
-} ASN1_SEQUENCE_END(TS_REQ)
+} static_ASN1_SEQUENCE_END(TS_REQ)
 
 IMPLEMENT_ASN1_FUNCTIONS_const(TS_REQ)
 IMPLEMENT_ASN1_DUP_FUNCTION(TS_REQ)
-#ifndef OPENSSL_NO_BIO
 TS_REQ *d2i_TS_REQ_bio(BIO *bp, TS_REQ **a)
 {
     return ASN1_d2i_bio_of(TS_REQ, TS_REQ_new, d2i_TS_REQ, bp, a);
@@ -115,8 +64,7 @@ int i2d_TS_REQ_bio(BIO *bp, TS_REQ *a)
 {
     return ASN1_i2d_bio_of_const(TS_REQ, i2d_TS_REQ, bp, a);
 }
-#endif
-#ifndef OPENSSL_NO_FP_API
+#ifndef OPENSSL_NO_STDIO
 TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a)
 {
     return ASN1_d2i_fp_of(TS_REQ, TS_REQ_new, d2i_TS_REQ, fp, a);
@@ -132,7 +80,7 @@ ASN1_SEQUENCE(TS_ACCURACY) = {
         ASN1_OPT(TS_ACCURACY, seconds, ASN1_INTEGER),
         ASN1_IMP_OPT(TS_ACCURACY, millis, ASN1_INTEGER, 0),
         ASN1_IMP_OPT(TS_ACCURACY, micros, ASN1_INTEGER, 1)
-} ASN1_SEQUENCE_END(TS_ACCURACY)
+} static_ASN1_SEQUENCE_END(TS_ACCURACY)
 
 IMPLEMENT_ASN1_FUNCTIONS_const(TS_ACCURACY)
 IMPLEMENT_ASN1_DUP_FUNCTION(TS_ACCURACY)
@@ -148,11 +96,10 @@ ASN1_SEQUENCE(TS_TST_INFO) = {
         ASN1_OPT(TS_TST_INFO, nonce, ASN1_INTEGER),
         ASN1_EXP_OPT(TS_TST_INFO, tsa, GENERAL_NAME, 0),
         ASN1_IMP_SEQUENCE_OF_OPT(TS_TST_INFO, extensions, X509_EXTENSION, 1)
-} ASN1_SEQUENCE_END(TS_TST_INFO)
+} static_ASN1_SEQUENCE_END(TS_TST_INFO)
 
 IMPLEMENT_ASN1_FUNCTIONS_const(TS_TST_INFO)
 IMPLEMENT_ASN1_DUP_FUNCTION(TS_TST_INFO)
-#ifndef OPENSSL_NO_BIO
 TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *bp, TS_TST_INFO **a)
 {
     return ASN1_d2i_bio_of(TS_TST_INFO, TS_TST_INFO_new, d2i_TS_TST_INFO, bp,
@@ -163,8 +110,7 @@ int i2d_TS_TST_INFO_bio(BIO *bp, TS_TST_INFO *a)
 {
     return ASN1_i2d_bio_of_const(TS_TST_INFO, i2d_TS_TST_INFO, bp, a);
 }
-#endif
-#ifndef OPENSSL_NO_FP_API
+#ifndef OPENSSL_NO_STDIO
 TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a)
 {
     return ASN1_d2i_fp_of(TS_TST_INFO, TS_TST_INFO_new, d2i_TS_TST_INFO, fp,
@@ -181,7 +127,7 @@ ASN1_SEQUENCE(TS_STATUS_INFO) = {
         ASN1_SIMPLE(TS_STATUS_INFO, status, ASN1_INTEGER),
         ASN1_SEQUENCE_OF_OPT(TS_STATUS_INFO, text, ASN1_UTF8STRING),
         ASN1_OPT(TS_STATUS_INFO, failure_info, ASN1_BIT_STRING)
-} ASN1_SEQUENCE_END(TS_STATUS_INFO)
+} static_ASN1_SEQUENCE_END(TS_STATUS_INFO)
 
 IMPLEMENT_ASN1_FUNCTIONS_const(TS_STATUS_INFO)
 IMPLEMENT_ASN1_DUP_FUNCTION(TS_STATUS_INFO)
@@ -197,8 +143,7 @@ static int ts_resp_set_tst_info(TS_RESP *a)
             TSerr(TS_F_TS_RESP_SET_TST_INFO, TS_R_TOKEN_PRESENT);
             return 0;
         }
-        if (a->tst_info != NULL)
-            TS_TST_INFO_free(a->tst_info);
+        TS_TST_INFO_free(a->tst_info);
         a->tst_info = PKCS7_to_TS_TST_INFO(a->token);
         if (!a->tst_info) {
             TSerr(TS_F_TS_RESP_SET_TST_INFO,
@@ -220,8 +165,7 @@ static int ts_resp_cb(int op, ASN1_VALUE **pval, const ASN1_ITEM *it,
     if (op == ASN1_OP_NEW_POST) {
         ts_resp->tst_info = NULL;
     } else if (op == ASN1_OP_FREE_POST) {
-        if (ts_resp->tst_info != NULL)
-            TS_TST_INFO_free(ts_resp->tst_info);
+        TS_TST_INFO_free(ts_resp->tst_info);
     } else if (op == ASN1_OP_D2I_POST) {
         if (ts_resp_set_tst_info(ts_resp) == 0)
             return 0;
@@ -232,13 +176,12 @@ static int ts_resp_cb(int op, ASN1_VALUE **pval, const ASN1_ITEM *it,
 ASN1_SEQUENCE_cb(TS_RESP, ts_resp_cb) = {
         ASN1_SIMPLE(TS_RESP, status_info, TS_STATUS_INFO),
         ASN1_OPT(TS_RESP, token, PKCS7),
-} ASN1_SEQUENCE_END_cb(TS_RESP, TS_RESP)
+} static_ASN1_SEQUENCE_END_cb(TS_RESP, TS_RESP)
 
 IMPLEMENT_ASN1_FUNCTIONS_const(TS_RESP)
 
 IMPLEMENT_ASN1_DUP_FUNCTION(TS_RESP)
 
-#ifndef OPENSSL_NO_BIO
 TS_RESP *d2i_TS_RESP_bio(BIO *bp, TS_RESP **a)
 {
     return ASN1_d2i_bio_of(TS_RESP, TS_RESP_new, d2i_TS_RESP, bp, a);
@@ -248,8 +191,7 @@ int i2d_TS_RESP_bio(BIO *bp, TS_RESP *a)
 {
     return ASN1_i2d_bio_of_const(TS_RESP, i2d_TS_RESP, bp, a);
 }
-#endif
-#ifndef OPENSSL_NO_FP_API
+#ifndef OPENSSL_NO_STDIO
 TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a)
 {
     return ASN1_d2i_fp_of(TS_RESP, TS_RESP_new, d2i_TS_RESP, fp, a);
@@ -264,7 +206,7 @@ int i2d_TS_RESP_fp(FILE *fp, TS_RESP *a)
 ASN1_SEQUENCE(ESS_ISSUER_SERIAL) = {
         ASN1_SEQUENCE_OF(ESS_ISSUER_SERIAL, issuer, GENERAL_NAME),
         ASN1_SIMPLE(ESS_ISSUER_SERIAL, serial, ASN1_INTEGER)
-} ASN1_SEQUENCE_END(ESS_ISSUER_SERIAL)
+} static_ASN1_SEQUENCE_END(ESS_ISSUER_SERIAL)
 
 IMPLEMENT_ASN1_FUNCTIONS_const(ESS_ISSUER_SERIAL)
 IMPLEMENT_ASN1_DUP_FUNCTION(ESS_ISSUER_SERIAL)
@@ -272,7 +214,7 @@ IMPLEMENT_ASN1_DUP_FUNCTION(ESS_ISSUER_SERIAL)
 ASN1_SEQUENCE(ESS_CERT_ID) = {
         ASN1_SIMPLE(ESS_CERT_ID, hash, ASN1_OCTET_STRING),
         ASN1_OPT(ESS_CERT_ID, issuer_serial, ESS_ISSUER_SERIAL)
-} ASN1_SEQUENCE_END(ESS_CERT_ID)
+} static_ASN1_SEQUENCE_END(ESS_CERT_ID)
 
 IMPLEMENT_ASN1_FUNCTIONS_const(ESS_CERT_ID)
 IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID)
@@ -280,11 +222,28 @@ IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID)
 ASN1_SEQUENCE(ESS_SIGNING_CERT) = {
         ASN1_SEQUENCE_OF(ESS_SIGNING_CERT, cert_ids, ESS_CERT_ID),
         ASN1_SEQUENCE_OF_OPT(ESS_SIGNING_CERT, policy_info, POLICYINFO)
-} ASN1_SEQUENCE_END(ESS_SIGNING_CERT)
+} static_ASN1_SEQUENCE_END(ESS_SIGNING_CERT)
 
 IMPLEMENT_ASN1_FUNCTIONS_const(ESS_SIGNING_CERT)
 IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT)
 
+ASN1_SEQUENCE(ESS_CERT_ID_V2) = {
+        ASN1_OPT(ESS_CERT_ID_V2, hash_alg, X509_ALGOR),
+        ASN1_SIMPLE(ESS_CERT_ID_V2, hash, ASN1_OCTET_STRING),
+        ASN1_OPT(ESS_CERT_ID_V2, issuer_serial, ESS_ISSUER_SERIAL)
+} static_ASN1_SEQUENCE_END(ESS_CERT_ID_V2)
+
+IMPLEMENT_ASN1_FUNCTIONS_const(ESS_CERT_ID_V2)
+IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID_V2)
+
+ASN1_SEQUENCE(ESS_SIGNING_CERT_V2) = {
+        ASN1_SEQUENCE_OF(ESS_SIGNING_CERT_V2, cert_ids, ESS_CERT_ID_V2),
+        ASN1_SEQUENCE_OF_OPT(ESS_SIGNING_CERT_V2, policy_info, POLICYINFO)
+} static_ASN1_SEQUENCE_END(ESS_SIGNING_CERT_V2)
+
+IMPLEMENT_ASN1_FUNCTIONS_const(ESS_SIGNING_CERT_V2)
+IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT_V2)
+
 /* Getting encapsulated TS_TST_INFO object from PKCS7. */
 TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token)
 {
@@ -298,31 +257,22 @@ TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token)
         TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_BAD_PKCS7_TYPE);
         return NULL;
     }
-
-    /* Content must be present. */
     if (PKCS7_get_detached(token)) {
         TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_DETACHED_CONTENT);
         return NULL;
     }
-
-    /* We have a signed data with content. */
     pkcs7_signed = token->d.sign;
     enveloped = pkcs7_signed->contents;
     if (OBJ_obj2nid(enveloped->type) != NID_id_smime_ct_TSTInfo) {
         TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_BAD_PKCS7_TYPE);
         return NULL;
     }
-
-    /* We have a DER encoded TST_INFO as the signed data. */
     tst_info_wrapper = enveloped->d.other;
     if (tst_info_wrapper->type != V_ASN1_OCTET_STRING) {
         TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_BAD_TYPE);
         return NULL;
     }
-
-    /* We have the correct ASN1_OCTET_STRING type. */
     tst_info_der = tst_info_wrapper->value.octet_string;
-    /* At last, decode the TST_INFO. */
     p = tst_info_der->data;
     return d2i_TS_TST_INFO(NULL, &p, tst_info_der->length);
 }
diff --git a/freebsd/crypto/openssl/crypto/ts/ts_conf.c b/freebsd/crypto/openssl/crypto/ts/ts_conf.c
index 007179b8..5f597d2c 100644
--- a/freebsd/crypto/openssl/crypto/ts/ts_conf.c
+++ b/freebsd/crypto/openssl/crypto/ts/ts_conf.c
@@ -1,76 +1,23 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/ts/ts_conf.c */
 /*
- * Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL project
- * 2002.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <string.h>
 
 #include <openssl/crypto.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/pem.h>
-#ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
-#endif
+#include <openssl/engine.h>
 #include <openssl/ts.h>
 
 /* Macro definitions for the configuration file. */
-
 #define BASE_SECTION                    "tsa"
 #define ENV_DEFAULT_TSA                 "default_tsa"
 #define ENV_SERIAL                      "serial"
@@ -78,6 +25,7 @@
 #define ENV_SIGNER_CERT                 "signer_cert"
 #define ENV_CERTS                       "certs"
 #define ENV_SIGNER_KEY                  "signer_key"
+#define ENV_SIGNER_DIGEST               "signer_digest"
 #define ENV_DEFAULT_POLICY              "default_policy"
 #define ENV_OTHER_POLICIES              "other_policies"
 #define ENV_DIGESTS                     "digests"
@@ -91,6 +39,7 @@
 #define ENV_CLOCK_PRECISION_DIGITS      "clock_precision_digits"
 #define ENV_VALUE_YES                   "yes"
 #define ENV_VALUE_NO                    "no"
+#define ENV_ESS_CERT_ID_ALG             "ess_cert_id_alg"
 
 /* Function definitions for certificate and key loading. */
 
@@ -104,7 +53,7 @@ X509 *TS_CONF_load_cert(const char *file)
     x = PEM_read_bio_X509_AUX(cert, NULL, NULL, NULL);
  end:
     if (x == NULL)
-        fprintf(stderr, "unable to load certificate: %s\n", file);
+        TSerr(TS_F_TS_CONF_LOAD_CERT, TS_R_CANNOT_LOAD_CERT);
     BIO_free(cert);
     return x;
 }
@@ -116,11 +65,11 @@ STACK_OF(X509) *TS_CONF_load_certs(const char *file)
     STACK_OF(X509_INFO) *allcerts = NULL;
     int i;
 
-    if (!(certs = BIO_new_file(file, "r")))
+    if ((certs = BIO_new_file(file, "r")) == NULL)
         goto end;
-
-    if (!(othercerts = sk_X509_new_null()))
+    if ((othercerts = sk_X509_new_null()) == NULL)
         goto end;
+
     allcerts = PEM_X509_INFO_read_bio(certs, NULL, NULL, NULL);
     for (i = 0; i < sk_X509_INFO_num(allcerts); i++) {
         X509_INFO *xi = sk_X509_INFO_value(allcerts, i);
@@ -131,7 +80,7 @@ STACK_OF(X509) *TS_CONF_load_certs(const char *file)
     }
  end:
     if (othercerts == NULL)
-        fprintf(stderr, "unable to load certificates: %s\n", file);
+        TSerr(TS_F_TS_CONF_LOAD_CERTS, TS_R_CANNOT_LOAD_CERT);
     sk_X509_INFO_pop_free(allcerts, X509_INFO_free);
     BIO_free(certs);
     return othercerts;
@@ -142,26 +91,28 @@ EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass)
     BIO *key = NULL;
     EVP_PKEY *pkey = NULL;
 
-    if (!(key = BIO_new_file(file, "r")))
+    if ((key = BIO_new_file(file, "r")) == NULL)
         goto end;
     pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, (char *)pass);
  end:
     if (pkey == NULL)
-        fprintf(stderr, "unable to load private key: %s\n", file);
+        TSerr(TS_F_TS_CONF_LOAD_KEY, TS_R_CANNOT_LOAD_KEY);
     BIO_free(key);
     return pkey;
 }
 
 /* Function definitions for handling configuration options. */
 
-static void TS_CONF_lookup_fail(const char *name, const char *tag)
+static void ts_CONF_lookup_fail(const char *name, const char *tag)
 {
-    fprintf(stderr, "variable lookup failed for %s::%s\n", name, tag);
+    TSerr(TS_F_TS_CONF_LOOKUP_FAIL, TS_R_VAR_LOOKUP_FAILURE);
+    ERR_add_error_data(3, name, "::", tag);
 }
 
-static void TS_CONF_invalid(const char *name, const char *tag)
+static void ts_CONF_invalid(const char *name, const char *tag)
 {
-    fprintf(stderr, "invalid variable value for %s::%s\n", name, tag);
+    TSerr(TS_F_TS_CONF_INVALID, TS_R_VAR_BAD_VALUE);
+    ERR_add_error_data(3, name, "::", tag);
 }
 
 const char *TS_CONF_get_tsa_section(CONF *conf, const char *section)
@@ -169,7 +120,7 @@ const char *TS_CONF_get_tsa_section(CONF *conf, const char *section)
     if (!section) {
         section = NCONF_get_string(conf, BASE_SECTION, ENV_DEFAULT_TSA);
         if (!section)
-            TS_CONF_lookup_fail(BASE_SECTION, ENV_DEFAULT_TSA);
+            ts_CONF_lookup_fail(BASE_SECTION, ENV_DEFAULT_TSA);
     }
     return section;
 }
@@ -180,7 +131,7 @@ int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb,
     int ret = 0;
     char *serial = NCONF_get_string(conf, section, ENV_SERIAL);
     if (!serial) {
-        TS_CONF_lookup_fail(section, ENV_SERIAL);
+        ts_CONF_lookup_fail(section, ENV_SERIAL);
         goto err;
     }
     TS_RESP_CTX_set_serial_cb(ctx, cb, serial);
@@ -197,11 +148,11 @@ int TS_CONF_set_crypto_device(CONF *conf, const char *section,
 {
     int ret = 0;
 
-    if (!device)
+    if (device == NULL)
         device = NCONF_get_string(conf, section, ENV_CRYPTO_DEVICE);
 
     if (device && !TS_CONF_set_default_engine(device)) {
-        TS_CONF_invalid(section, ENV_CRYPTO_DEVICE);
+        ts_CONF_invalid(section, ENV_CRYPTO_DEVICE);
         goto err;
     }
     ret = 1;
@@ -214,26 +165,23 @@ int TS_CONF_set_default_engine(const char *name)
     ENGINE *e = NULL;
     int ret = 0;
 
-    /* Leave the default if builtin specified. */
     if (strcmp(name, "builtin") == 0)
         return 1;
 
-    if (!(e = ENGINE_by_id(name)))
+    if ((e = ENGINE_by_id(name)) == NULL)
         goto err;
-    /* Enable the use of the NCipher HSM for forked children. */
     if (strcmp(name, "chil") == 0)
         ENGINE_ctrl(e, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0);
-    /* All the operations are going to be carried out by the engine. */
     if (!ENGINE_set_default(e, ENGINE_METHOD_ALL))
         goto err;
     ret = 1;
+
  err:
     if (!ret) {
         TSerr(TS_F_TS_CONF_SET_DEFAULT_ENGINE, TS_R_COULD_NOT_SET_ENGINE);
         ERR_add_error_data(2, "engine:", name);
     }
-    if (e)
-        ENGINE_free(e);
+    ENGINE_free(e);
     return ret;
 }
 
@@ -244,13 +192,15 @@ int TS_CONF_set_signer_cert(CONF *conf, const char *section,
 {
     int ret = 0;
     X509 *cert_obj = NULL;
-    if (!cert)
+
+    if (cert == NULL) {
         cert = NCONF_get_string(conf, section, ENV_SIGNER_CERT);
-    if (!cert) {
-        TS_CONF_lookup_fail(section, ENV_SIGNER_CERT);
-        goto err;
+        if (cert == NULL) {
+            ts_CONF_lookup_fail(section, ENV_SIGNER_CERT);
+            goto err;
+        }
     }
-    if (!(cert_obj = TS_CONF_load_cert(cert)))
+    if ((cert_obj = TS_CONF_load_cert(cert)) == NULL)
         goto err;
     if (!TS_RESP_CTX_set_signer_cert(ctx, cert_obj))
         goto err;
@@ -266,12 +216,13 @@ int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs,
 {
     int ret = 0;
     STACK_OF(X509) *certs_obj = NULL;
-    if (!certs)
-        certs = NCONF_get_string(conf, section, ENV_CERTS);
-    /* Certificate chain is optional. */
-    if (!certs)
-        goto end;
-    if (!(certs_obj = TS_CONF_load_certs(certs)))
+
+    if (certs == NULL) {
+        /* Certificate chain is optional. */
+        if ((certs = NCONF_get_string(conf, section, ENV_CERTS)) == NULL)
+            goto end;
+    }
+    if ((certs_obj = TS_CONF_load_certs(certs)) == NULL)
         goto err;
     if (!TS_RESP_CTX_set_certs(ctx, certs_obj))
         goto err;
@@ -291,10 +242,10 @@ int TS_CONF_set_signer_key(CONF *conf, const char *section,
     if (!key)
         key = NCONF_get_string(conf, section, ENV_SIGNER_KEY);
     if (!key) {
-        TS_CONF_lookup_fail(section, ENV_SIGNER_KEY);
+        ts_CONF_lookup_fail(section, ENV_SIGNER_KEY);
         goto err;
     }
-    if (!(key_obj = TS_CONF_load_key(key, pass)))
+    if ((key_obj = TS_CONF_load_key(key, pass)) == NULL)
         goto err;
     if (!TS_RESP_CTX_set_signer_key(ctx, key_obj))
         goto err;
@@ -305,6 +256,30 @@ int TS_CONF_set_signer_key(CONF *conf, const char *section,
     return ret;
 }
 
+int TS_CONF_set_signer_digest(CONF *conf, const char *section,
+                              const char *md, TS_RESP_CTX *ctx)
+{
+    int ret = 0;
+    const EVP_MD *sign_md = NULL;
+    if (md == NULL)
+        md = NCONF_get_string(conf, section, ENV_SIGNER_DIGEST);
+    if (md == NULL) {
+        ts_CONF_lookup_fail(section, ENV_SIGNER_DIGEST);
+        goto err;
+    }
+    sign_md = EVP_get_digestbyname(md);
+    if (sign_md == NULL) {
+        ts_CONF_invalid(section, ENV_SIGNER_DIGEST);
+        goto err;
+    }
+    if (!TS_RESP_CTX_set_signer_digest(ctx, sign_md))
+        goto err;
+
+    ret = 1;
+ err:
+    return ret;
+}
+
 int TS_CONF_set_def_policy(CONF *conf, const char *section,
                            const char *policy, TS_RESP_CTX *ctx)
 {
@@ -313,11 +288,11 @@ int TS_CONF_set_def_policy(CONF *conf, const char *section,
     if (!policy)
         policy = NCONF_get_string(conf, section, ENV_DEFAULT_POLICY);
     if (!policy) {
-        TS_CONF_lookup_fail(section, ENV_DEFAULT_POLICY);
+        ts_CONF_lookup_fail(section, ENV_DEFAULT_POLICY);
         goto err;
     }
-    if (!(policy_obj = OBJ_txt2obj(policy, 0))) {
-        TS_CONF_invalid(section, ENV_DEFAULT_POLICY);
+    if ((policy_obj = OBJ_txt2obj(policy, 0)) == NULL) {
+        ts_CONF_invalid(section, ENV_DEFAULT_POLICY);
         goto err;
     }
     if (!TS_RESP_CTX_set_def_policy(ctx, policy_obj))
@@ -334,19 +309,20 @@ int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx)
     int ret = 0;
     int i;
     STACK_OF(CONF_VALUE) *list = NULL;
-    char *policies = NCONF_get_string(conf, section,
-                                      ENV_OTHER_POLICIES);
+    char *policies = NCONF_get_string(conf, section, ENV_OTHER_POLICIES);
+
     /* If no other policy is specified, that's fine. */
-    if (policies && !(list = X509V3_parse_list(policies))) {
-        TS_CONF_invalid(section, ENV_OTHER_POLICIES);
+    if (policies && (list = X509V3_parse_list(policies)) == NULL) {
+        ts_CONF_invalid(section, ENV_OTHER_POLICIES);
         goto err;
     }
     for (i = 0; i < sk_CONF_VALUE_num(list); ++i) {
         CONF_VALUE *val = sk_CONF_VALUE_value(list, i);
         const char *extval = val->value ? val->value : val->name;
         ASN1_OBJECT *objtmp;
-        if (!(objtmp = OBJ_txt2obj(extval, 0))) {
-            TS_CONF_invalid(section, ENV_OTHER_POLICIES);
+
+        if ((objtmp = OBJ_txt2obj(extval, 0)) == NULL) {
+            ts_CONF_invalid(section, ENV_OTHER_POLICIES);
             goto err;
         }
         if (!TS_RESP_CTX_add_policy(ctx, objtmp))
@@ -366,24 +342,26 @@ int TS_CONF_set_digests(CONF *conf, const char *section, TS_RESP_CTX *ctx)
     int i;
     STACK_OF(CONF_VALUE) *list = NULL;
     char *digests = NCONF_get_string(conf, section, ENV_DIGESTS);
-    if (!digests) {
-        TS_CONF_lookup_fail(section, ENV_DIGESTS);
+
+    if (digests == NULL) {
+        ts_CONF_lookup_fail(section, ENV_DIGESTS);
         goto err;
     }
-    if (!(list = X509V3_parse_list(digests))) {
-        TS_CONF_invalid(section, ENV_DIGESTS);
+    if ((list = X509V3_parse_list(digests)) == NULL) {
+        ts_CONF_invalid(section, ENV_DIGESTS);
         goto err;
     }
     if (sk_CONF_VALUE_num(list) == 0) {
-        TS_CONF_invalid(section, ENV_DIGESTS);
+        ts_CONF_invalid(section, ENV_DIGESTS);
         goto err;
     }
     for (i = 0; i < sk_CONF_VALUE_num(list); ++i) {
         CONF_VALUE *val = sk_CONF_VALUE_value(list, i);
         const char *extval = val->value ? val->value : val->name;
         const EVP_MD *md;
-        if (!(md = EVP_get_digestbyname(extval))) {
-            TS_CONF_invalid(section, ENV_DIGESTS);
+
+        if ((md = EVP_get_digestbyname(extval)) == NULL) {
+            ts_CONF_invalid(section, ENV_DIGESTS);
             goto err;
         }
         if (!TS_RESP_CTX_add_md(ctx, md))
@@ -404,8 +382,8 @@ int TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx)
     STACK_OF(CONF_VALUE) *list = NULL;
     char *accuracy = NCONF_get_string(conf, section, ENV_ACCURACY);
 
-    if (accuracy && !(list = X509V3_parse_list(accuracy))) {
-        TS_CONF_invalid(section, ENV_ACCURACY);
+    if (accuracy && (list = X509V3_parse_list(accuracy)) == NULL) {
+        ts_CONF_invalid(section, ENV_ACCURACY);
         goto err;
     }
     for (i = 0; i < sk_CONF_VALUE_num(list); ++i) {
@@ -420,7 +398,7 @@ int TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx)
             if (val->value)
                 micros = atoi(val->value);
         } else {
-            TS_CONF_invalid(section, ENV_ACCURACY);
+            ts_CONF_invalid(section, ENV_ACCURACY);
             goto err;
         }
     }
@@ -446,7 +424,7 @@ int TS_CONF_set_clock_precision_digits(CONF *conf, const char *section,
                             &digits))
         digits = 0;
     if (digits < 0 || digits > TS_MAX_CLOCK_PRECISION_DIGITS) {
-        TS_CONF_invalid(section, ENV_CLOCK_PRECISION_DIGITS);
+        ts_CONF_invalid(section, ENV_CLOCK_PRECISION_DIGITS);
         goto err;
     }
 
@@ -458,16 +436,16 @@ int TS_CONF_set_clock_precision_digits(CONF *conf, const char *section,
     return ret;
 }
 
-static int TS_CONF_add_flag(CONF *conf, const char *section,
+static int ts_CONF_add_flag(CONF *conf, const char *section,
                             const char *field, int flag, TS_RESP_CTX *ctx)
 {
-    /* Default is false. */
     const char *value = NCONF_get_string(conf, section, field);
+
     if (value) {
         if (strcmp(value, ENV_VALUE_YES) == 0)
             TS_RESP_CTX_add_flags(ctx, flag);
         else if (strcmp(value, ENV_VALUE_NO) != 0) {
-            TS_CONF_invalid(section, field);
+            ts_CONF_invalid(section, field);
             return 0;
         }
     }
@@ -477,17 +455,41 @@ static int TS_CONF_add_flag(CONF *conf, const char *section,
 
 int TS_CONF_set_ordering(CONF *conf, const char *section, TS_RESP_CTX *ctx)
 {
-    return TS_CONF_add_flag(conf, section, ENV_ORDERING, TS_ORDERING, ctx);
+    return ts_CONF_add_flag(conf, section, ENV_ORDERING, TS_ORDERING, ctx);
 }
 
 int TS_CONF_set_tsa_name(CONF *conf, const char *section, TS_RESP_CTX *ctx)
 {
-    return TS_CONF_add_flag(conf, section, ENV_TSA_NAME, TS_TSA_NAME, ctx);
+    return ts_CONF_add_flag(conf, section, ENV_TSA_NAME, TS_TSA_NAME, ctx);
 }
 
 int TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section,
                                   TS_RESP_CTX *ctx)
 {
-    return TS_CONF_add_flag(conf, section, ENV_ESS_CERT_ID_CHAIN,
+    return ts_CONF_add_flag(conf, section, ENV_ESS_CERT_ID_CHAIN,
                             TS_ESS_CERT_ID_CHAIN, ctx);
 }
+
+int TS_CONF_set_ess_cert_id_digest(CONF *conf, const char *section,
+                                   TS_RESP_CTX *ctx)
+{
+    int ret = 0;
+    const EVP_MD *cert_md = NULL;
+    const char *md = NCONF_get_string(conf, section, ENV_ESS_CERT_ID_ALG);
+
+    if (md == NULL)
+        md = "sha1";
+
+    cert_md = EVP_get_digestbyname(md);
+    if (cert_md == NULL) {
+        ts_CONF_invalid(section, ENV_ESS_CERT_ID_ALG);
+        goto err;
+    }
+
+    if (!TS_RESP_CTX_set_ess_cert_id_digest(ctx, cert_md))
+        goto err;
+
+    ret = 1;
+err:
+    return ret;
+}
diff --git a/freebsd/crypto/openssl/crypto/ts/ts_err.c b/freebsd/crypto/openssl/crypto/ts/ts_err.c
index 3f449188..902695af 100644
--- a/freebsd/crypto/openssl/crypto/ts/ts_err.c
+++ b/freebsd/crypto/openssl/crypto/ts/ts_err.c
@@ -1,190 +1,186 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/ts/ts_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
 /*
- * NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
-#include <openssl/ts.h>
+#include <openssl/tserr.h>
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_TS,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_TS,0,reason)
-
-static ERR_STRING_DATA TS_str_functs[] = {
-    {ERR_FUNC(TS_F_D2I_TS_RESP), "d2i_TS_RESP"},
-    {ERR_FUNC(TS_F_DEF_SERIAL_CB), "DEF_SERIAL_CB"},
-    {ERR_FUNC(TS_F_DEF_TIME_CB), "DEF_TIME_CB"},
-    {ERR_FUNC(TS_F_ESS_ADD_SIGNING_CERT), "ESS_ADD_SIGNING_CERT"},
-    {ERR_FUNC(TS_F_ESS_CERT_ID_NEW_INIT), "ESS_CERT_ID_NEW_INIT"},
-    {ERR_FUNC(TS_F_ESS_SIGNING_CERT_NEW_INIT), "ESS_SIGNING_CERT_NEW_INIT"},
-    {ERR_FUNC(TS_F_INT_TS_RESP_VERIFY_TOKEN), "INT_TS_RESP_VERIFY_TOKEN"},
-    {ERR_FUNC(TS_F_PKCS7_TO_TS_TST_INFO), "PKCS7_to_TS_TST_INFO"},
-    {ERR_FUNC(TS_F_TS_ACCURACY_SET_MICROS), "TS_ACCURACY_set_micros"},
-    {ERR_FUNC(TS_F_TS_ACCURACY_SET_MILLIS), "TS_ACCURACY_set_millis"},
-    {ERR_FUNC(TS_F_TS_ACCURACY_SET_SECONDS), "TS_ACCURACY_set_seconds"},
-    {ERR_FUNC(TS_F_TS_CHECK_IMPRINTS), "TS_CHECK_IMPRINTS"},
-    {ERR_FUNC(TS_F_TS_CHECK_NONCES), "TS_CHECK_NONCES"},
-    {ERR_FUNC(TS_F_TS_CHECK_POLICY), "TS_CHECK_POLICY"},
-    {ERR_FUNC(TS_F_TS_CHECK_SIGNING_CERTS), "TS_CHECK_SIGNING_CERTS"},
-    {ERR_FUNC(TS_F_TS_CHECK_STATUS_INFO), "TS_CHECK_STATUS_INFO"},
-    {ERR_FUNC(TS_F_TS_COMPUTE_IMPRINT), "TS_COMPUTE_IMPRINT"},
-    {ERR_FUNC(TS_F_TS_CONF_SET_DEFAULT_ENGINE), "TS_CONF_set_default_engine"},
-    {ERR_FUNC(TS_F_TS_GET_STATUS_TEXT), "TS_GET_STATUS_TEXT"},
-    {ERR_FUNC(TS_F_TS_MSG_IMPRINT_SET_ALGO), "TS_MSG_IMPRINT_set_algo"},
-    {ERR_FUNC(TS_F_TS_REQ_SET_MSG_IMPRINT), "TS_REQ_set_msg_imprint"},
-    {ERR_FUNC(TS_F_TS_REQ_SET_NONCE), "TS_REQ_set_nonce"},
-    {ERR_FUNC(TS_F_TS_REQ_SET_POLICY_ID), "TS_REQ_set_policy_id"},
-    {ERR_FUNC(TS_F_TS_RESP_CREATE_RESPONSE), "TS_RESP_create_response"},
-    {ERR_FUNC(TS_F_TS_RESP_CREATE_TST_INFO), "TS_RESP_CREATE_TST_INFO"},
-    {ERR_FUNC(TS_F_TS_RESP_CTX_ADD_FAILURE_INFO),
+static const ERR_STRING_DATA TS_str_functs[] = {
+    {ERR_PACK(ERR_LIB_TS, TS_F_DEF_SERIAL_CB, 0), "def_serial_cb"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_DEF_TIME_CB, 0), "def_time_cb"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_ESS_ADD_SIGNING_CERT, 0),
+     "ess_add_signing_cert"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_ESS_ADD_SIGNING_CERT_V2, 0),
+     "ess_add_signing_cert_v2"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_ESS_CERT_ID_NEW_INIT, 0),
+     "ess_CERT_ID_new_init"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_ESS_CERT_ID_V2_NEW_INIT, 0),
+     "ess_cert_id_v2_new_init"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_ESS_SIGNING_CERT_NEW_INIT, 0),
+     "ess_SIGNING_CERT_new_init"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_ESS_SIGNING_CERT_V2_NEW_INIT, 0),
+     "ess_signing_cert_v2_new_init"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_INT_TS_RESP_VERIFY_TOKEN, 0),
+     "int_ts_RESP_verify_token"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_PKCS7_TO_TS_TST_INFO, 0),
+     "PKCS7_to_TS_TST_INFO"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_ACCURACY_SET_MICROS, 0),
+     "TS_ACCURACY_set_micros"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_ACCURACY_SET_MILLIS, 0),
+     "TS_ACCURACY_set_millis"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_ACCURACY_SET_SECONDS, 0),
+     "TS_ACCURACY_set_seconds"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_CHECK_IMPRINTS, 0), "ts_check_imprints"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_CHECK_NONCES, 0), "ts_check_nonces"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_CHECK_POLICY, 0), "ts_check_policy"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_CHECK_SIGNING_CERTS, 0),
+     "ts_check_signing_certs"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_CHECK_STATUS_INFO, 0),
+     "ts_check_status_info"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_COMPUTE_IMPRINT, 0), "ts_compute_imprint"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_CONF_INVALID, 0), "ts_CONF_invalid"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_CONF_LOAD_CERT, 0), "TS_CONF_load_cert"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_CONF_LOAD_CERTS, 0), "TS_CONF_load_certs"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_CONF_LOAD_KEY, 0), "TS_CONF_load_key"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_CONF_LOOKUP_FAIL, 0), "ts_CONF_lookup_fail"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_CONF_SET_DEFAULT_ENGINE, 0),
+     "TS_CONF_set_default_engine"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_GET_STATUS_TEXT, 0), "ts_get_status_text"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_MSG_IMPRINT_SET_ALGO, 0),
+     "TS_MSG_IMPRINT_set_algo"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_REQ_SET_MSG_IMPRINT, 0),
+     "TS_REQ_set_msg_imprint"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_REQ_SET_NONCE, 0), "TS_REQ_set_nonce"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_REQ_SET_POLICY_ID, 0),
+     "TS_REQ_set_policy_id"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CREATE_RESPONSE, 0),
+     "TS_RESP_create_response"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CREATE_TST_INFO, 0),
+     "ts_RESP_create_tst_info"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_ADD_FAILURE_INFO, 0),
      "TS_RESP_CTX_add_failure_info"},
-    {ERR_FUNC(TS_F_TS_RESP_CTX_ADD_MD), "TS_RESP_CTX_add_md"},
-    {ERR_FUNC(TS_F_TS_RESP_CTX_ADD_POLICY), "TS_RESP_CTX_add_policy"},
-    {ERR_FUNC(TS_F_TS_RESP_CTX_NEW), "TS_RESP_CTX_new"},
-    {ERR_FUNC(TS_F_TS_RESP_CTX_SET_ACCURACY), "TS_RESP_CTX_set_accuracy"},
-    {ERR_FUNC(TS_F_TS_RESP_CTX_SET_CERTS), "TS_RESP_CTX_set_certs"},
-    {ERR_FUNC(TS_F_TS_RESP_CTX_SET_DEF_POLICY), "TS_RESP_CTX_set_def_policy"},
-    {ERR_FUNC(TS_F_TS_RESP_CTX_SET_SIGNER_CERT),
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_ADD_MD, 0), "TS_RESP_CTX_add_md"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_ADD_POLICY, 0),
+     "TS_RESP_CTX_add_policy"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_NEW, 0), "TS_RESP_CTX_new"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_SET_ACCURACY, 0),
+     "TS_RESP_CTX_set_accuracy"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_SET_CERTS, 0),
+     "TS_RESP_CTX_set_certs"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_SET_DEF_POLICY, 0),
+     "TS_RESP_CTX_set_def_policy"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_SET_SIGNER_CERT, 0),
      "TS_RESP_CTX_set_signer_cert"},
-    {ERR_FUNC(TS_F_TS_RESP_CTX_SET_STATUS_INFO),
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_SET_STATUS_INFO, 0),
      "TS_RESP_CTX_set_status_info"},
-    {ERR_FUNC(TS_F_TS_RESP_GET_POLICY), "TS_RESP_GET_POLICY"},
-    {ERR_FUNC(TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION),
-     "TS_RESP_SET_GENTIME_WITH_PRECISION"},
-    {ERR_FUNC(TS_F_TS_RESP_SET_STATUS_INFO), "TS_RESP_set_status_info"},
-    {ERR_FUNC(TS_F_TS_RESP_SET_TST_INFO), "TS_RESP_set_tst_info"},
-    {ERR_FUNC(TS_F_TS_RESP_SIGN), "TS_RESP_SIGN"},
-    {ERR_FUNC(TS_F_TS_RESP_VERIFY_SIGNATURE), "TS_RESP_verify_signature"},
-    {ERR_FUNC(TS_F_TS_RESP_VERIFY_TOKEN), "TS_RESP_verify_token"},
-    {ERR_FUNC(TS_F_TS_TST_INFO_SET_ACCURACY), "TS_TST_INFO_set_accuracy"},
-    {ERR_FUNC(TS_F_TS_TST_INFO_SET_MSG_IMPRINT),
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_GET_POLICY, 0), "ts_RESP_get_policy"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION, 0),
+     "TS_RESP_set_genTime_with_precision"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_SET_STATUS_INFO, 0),
+     "TS_RESP_set_status_info"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_SET_TST_INFO, 0),
+     "TS_RESP_set_tst_info"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_SIGN, 0), "ts_RESP_sign"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_VERIFY_SIGNATURE, 0),
+     "TS_RESP_verify_signature"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_TST_INFO_SET_ACCURACY, 0),
+     "TS_TST_INFO_set_accuracy"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_TST_INFO_SET_MSG_IMPRINT, 0),
      "TS_TST_INFO_set_msg_imprint"},
-    {ERR_FUNC(TS_F_TS_TST_INFO_SET_NONCE), "TS_TST_INFO_set_nonce"},
-    {ERR_FUNC(TS_F_TS_TST_INFO_SET_POLICY_ID), "TS_TST_INFO_set_policy_id"},
-    {ERR_FUNC(TS_F_TS_TST_INFO_SET_SERIAL), "TS_TST_INFO_set_serial"},
-    {ERR_FUNC(TS_F_TS_TST_INFO_SET_TIME), "TS_TST_INFO_set_time"},
-    {ERR_FUNC(TS_F_TS_TST_INFO_SET_TSA), "TS_TST_INFO_set_tsa"},
-    {ERR_FUNC(TS_F_TS_VERIFY), "TS_VERIFY"},
-    {ERR_FUNC(TS_F_TS_VERIFY_CERT), "TS_VERIFY_CERT"},
-    {ERR_FUNC(TS_F_TS_VERIFY_CTX_NEW), "TS_VERIFY_CTX_new"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_TST_INFO_SET_NONCE, 0),
+     "TS_TST_INFO_set_nonce"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_TST_INFO_SET_POLICY_ID, 0),
+     "TS_TST_INFO_set_policy_id"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_TST_INFO_SET_SERIAL, 0),
+     "TS_TST_INFO_set_serial"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_TST_INFO_SET_TIME, 0),
+     "TS_TST_INFO_set_time"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_TST_INFO_SET_TSA, 0), "TS_TST_INFO_set_tsa"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_VERIFY, 0), ""},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_VERIFY_CERT, 0), "ts_verify_cert"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_VERIFY_CTX_NEW, 0), "TS_VERIFY_CTX_new"},
     {0, NULL}
 };
 
-static ERR_STRING_DATA TS_str_reasons[] = {
-    {ERR_REASON(TS_R_BAD_PKCS7_TYPE), "bad pkcs7 type"},
-    {ERR_REASON(TS_R_BAD_TYPE), "bad type"},
-    {ERR_REASON(TS_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"},
-    {ERR_REASON(TS_R_COULD_NOT_SET_ENGINE), "could not set engine"},
-    {ERR_REASON(TS_R_COULD_NOT_SET_TIME), "could not set time"},
-    {ERR_REASON(TS_R_D2I_TS_RESP_INT_FAILED), "d2i ts resp int failed"},
-    {ERR_REASON(TS_R_DETACHED_CONTENT), "detached content"},
-    {ERR_REASON(TS_R_ESS_ADD_SIGNING_CERT_ERROR),
-     "ess add signing cert error"},
-    {ERR_REASON(TS_R_ESS_SIGNING_CERTIFICATE_ERROR),
-     "ess signing certificate error"},
-    {ERR_REASON(TS_R_INVALID_NULL_POINTER), "invalid null pointer"},
-    {ERR_REASON(TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE),
-     "invalid signer certificate purpose"},
-    {ERR_REASON(TS_R_MESSAGE_IMPRINT_MISMATCH), "message imprint mismatch"},
-    {ERR_REASON(TS_R_NONCE_MISMATCH), "nonce mismatch"},
-    {ERR_REASON(TS_R_NONCE_NOT_RETURNED), "nonce not returned"},
-    {ERR_REASON(TS_R_NO_CONTENT), "no content"},
-    {ERR_REASON(TS_R_NO_TIME_STAMP_TOKEN), "no time stamp token"},
-    {ERR_REASON(TS_R_PKCS7_ADD_SIGNATURE_ERROR), "pkcs7 add signature error"},
-    {ERR_REASON(TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR),
-     "pkcs7 add signed attr error"},
-    {ERR_REASON(TS_R_PKCS7_TO_TS_TST_INFO_FAILED),
-     "pkcs7 to ts tst info failed"},
-    {ERR_REASON(TS_R_POLICY_MISMATCH), "policy mismatch"},
-    {ERR_REASON(TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),
-     "private key does not match certificate"},
-    {ERR_REASON(TS_R_RESPONSE_SETUP_ERROR), "response setup error"},
-    {ERR_REASON(TS_R_SIGNATURE_FAILURE), "signature failure"},
-    {ERR_REASON(TS_R_THERE_MUST_BE_ONE_SIGNER), "there must be one signer"},
-    {ERR_REASON(TS_R_TIME_SYSCALL_ERROR), "time syscall error"},
-    {ERR_REASON(TS_R_TOKEN_NOT_PRESENT), "token not present"},
-    {ERR_REASON(TS_R_TOKEN_PRESENT), "token present"},
-    {ERR_REASON(TS_R_TSA_NAME_MISMATCH), "tsa name mismatch"},
-    {ERR_REASON(TS_R_TSA_UNTRUSTED), "tsa untrusted"},
-    {ERR_REASON(TS_R_TST_INFO_SETUP_ERROR), "tst info setup error"},
-    {ERR_REASON(TS_R_TS_DATASIGN), "ts datasign"},
-    {ERR_REASON(TS_R_UNACCEPTABLE_POLICY), "unacceptable policy"},
-    {ERR_REASON(TS_R_UNSUPPORTED_MD_ALGORITHM), "unsupported md algorithm"},
-    {ERR_REASON(TS_R_UNSUPPORTED_VERSION), "unsupported version"},
-    {ERR_REASON(TS_R_WRONG_CONTENT_TYPE), "wrong content type"},
+static const ERR_STRING_DATA TS_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_BAD_PKCS7_TYPE), "bad pkcs7 type"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_BAD_TYPE), "bad type"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_CANNOT_LOAD_CERT), "cannot load certificate"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_CANNOT_LOAD_KEY), "cannot load private key"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_CERTIFICATE_VERIFY_ERROR),
+    "certificate verify error"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_COULD_NOT_SET_ENGINE),
+    "could not set engine"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_COULD_NOT_SET_TIME), "could not set time"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_DETACHED_CONTENT), "detached content"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_ESS_ADD_SIGNING_CERT_ERROR),
+    "ess add signing cert error"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_ESS_ADD_SIGNING_CERT_V2_ERROR),
+    "ess add signing cert v2 error"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_ESS_SIGNING_CERTIFICATE_ERROR),
+    "ess signing certificate error"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_INVALID_NULL_POINTER),
+    "invalid null pointer"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE),
+    "invalid signer certificate purpose"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_MESSAGE_IMPRINT_MISMATCH),
+    "message imprint mismatch"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_NONCE_MISMATCH), "nonce mismatch"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_NONCE_NOT_RETURNED), "nonce not returned"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_NO_CONTENT), "no content"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_NO_TIME_STAMP_TOKEN), "no time stamp token"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_PKCS7_ADD_SIGNATURE_ERROR),
+    "pkcs7 add signature error"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR),
+    "pkcs7 add signed attr error"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_PKCS7_TO_TS_TST_INFO_FAILED),
+    "pkcs7 to ts tst info failed"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_POLICY_MISMATCH), "policy mismatch"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),
+    "private key does not match certificate"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_RESPONSE_SETUP_ERROR),
+    "response setup error"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_SIGNATURE_FAILURE), "signature failure"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_THERE_MUST_BE_ONE_SIGNER),
+    "there must be one signer"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_TIME_SYSCALL_ERROR), "time syscall error"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_TOKEN_NOT_PRESENT), "token not present"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_TOKEN_PRESENT), "token present"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_TSA_NAME_MISMATCH), "tsa name mismatch"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_TSA_UNTRUSTED), "tsa untrusted"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_TST_INFO_SETUP_ERROR),
+    "tst info setup error"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_TS_DATASIGN), "ts datasign"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_UNACCEPTABLE_POLICY), "unacceptable policy"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_UNSUPPORTED_MD_ALGORITHM),
+    "unsupported md algorithm"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_UNSUPPORTED_VERSION), "unsupported version"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_VAR_BAD_VALUE), "var bad value"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_VAR_LOOKUP_FAILURE),
+    "cannot find config variable"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_WRONG_CONTENT_TYPE), "wrong content type"},
     {0, NULL}
 };
 
 #endif
 
-void ERR_load_TS_strings(void)
+int ERR_load_TS_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
-
     if (ERR_func_error_string(TS_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, TS_str_functs);
-        ERR_load_strings(0, TS_str_reasons);
+        ERR_load_strings_const(TS_str_functs);
+        ERR_load_strings_const(TS_str_reasons);
     }
 #endif
+    return 1;
 }
diff --git a/freebsd/crypto/openssl/crypto/ts/ts_lcl.h b/freebsd/crypto/openssl/crypto/ts/ts_lcl.h
new file mode 100644
index 00000000..771784fe
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/ts/ts_lcl.h
@@ -0,0 +1,211 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*-
+ * MessageImprint ::= SEQUENCE  {
+ *      hashAlgorithm                AlgorithmIdentifier,
+ *      hashedMessage                OCTET STRING  }
+ */
+struct TS_msg_imprint_st {
+    X509_ALGOR *hash_algo;
+    ASN1_OCTET_STRING *hashed_msg;
+};
+
+/*-
+ * TimeStampResp ::= SEQUENCE  {
+ *     status                  PKIStatusInfo,
+ *     timeStampToken          TimeStampToken     OPTIONAL }
+ */
+struct TS_resp_st {
+    TS_STATUS_INFO *status_info;
+    PKCS7 *token;
+    TS_TST_INFO *tst_info;
+};
+
+/*-
+ * TimeStampReq ::= SEQUENCE  {
+ *    version                  INTEGER  { v1(1) },
+ *    messageImprint           MessageImprint,
+ *      --a hash algorithm OID and the hash value of the data to be
+ *      --time-stamped
+ *    reqPolicy                TSAPolicyId                OPTIONAL,
+ *    nonce                    INTEGER                    OPTIONAL,
+ *    certReq                  BOOLEAN                    DEFAULT FALSE,
+ *    extensions               [0] IMPLICIT Extensions    OPTIONAL  }
+ */
+struct TS_req_st {
+    ASN1_INTEGER *version;
+    TS_MSG_IMPRINT *msg_imprint;
+    ASN1_OBJECT *policy_id;
+    ASN1_INTEGER *nonce;
+    ASN1_BOOLEAN cert_req;
+    STACK_OF(X509_EXTENSION) *extensions;
+};
+
+/*-
+ * Accuracy ::= SEQUENCE {
+ *                 seconds        INTEGER           OPTIONAL,
+ *                 millis     [0] INTEGER  (1..999) OPTIONAL,
+ *                 micros     [1] INTEGER  (1..999) OPTIONAL  }
+ */
+struct TS_accuracy_st {
+    ASN1_INTEGER *seconds;
+    ASN1_INTEGER *millis;
+    ASN1_INTEGER *micros;
+};
+
+/*-
+ * TSTInfo ::= SEQUENCE  {
+ *     version                      INTEGER  { v1(1) },
+ *     policy                       TSAPolicyId,
+ *     messageImprint               MessageImprint,
+ *       -- MUST have the same value as the similar field in
+ *       -- TimeStampReq
+ *     serialNumber                 INTEGER,
+ *      -- Time-Stamping users MUST be ready to accommodate integers
+ *      -- up to 160 bits.
+ *     genTime                      GeneralizedTime,
+ *     accuracy                     Accuracy                 OPTIONAL,
+ *     ordering                     BOOLEAN             DEFAULT FALSE,
+ *     nonce                        INTEGER                  OPTIONAL,
+ *       -- MUST be present if the similar field was present
+ *       -- in TimeStampReq.  In that case it MUST have the same value.
+ *     tsa                          [0] GeneralName          OPTIONAL,
+ *     extensions                   [1] IMPLICIT Extensions  OPTIONAL   }
+ */
+struct TS_tst_info_st {
+    ASN1_INTEGER *version;
+    ASN1_OBJECT *policy_id;
+    TS_MSG_IMPRINT *msg_imprint;
+    ASN1_INTEGER *serial;
+    ASN1_GENERALIZEDTIME *time;
+    TS_ACCURACY *accuracy;
+    ASN1_BOOLEAN ordering;
+    ASN1_INTEGER *nonce;
+    GENERAL_NAME *tsa;
+    STACK_OF(X509_EXTENSION) *extensions;
+};
+
+struct TS_status_info_st {
+    ASN1_INTEGER *status;
+    STACK_OF(ASN1_UTF8STRING) *text;
+    ASN1_BIT_STRING *failure_info;
+};
+
+/*-
+ * IssuerSerial ::= SEQUENCE {
+ *         issuer                   GeneralNames,
+ *         serialNumber             CertificateSerialNumber
+ *         }
+ */
+struct ESS_issuer_serial {
+    STACK_OF(GENERAL_NAME) *issuer;
+    ASN1_INTEGER *serial;
+};
+
+/*-
+ * ESSCertID ::=  SEQUENCE {
+ *         certHash                 Hash,
+ *         issuerSerial             IssuerSerial OPTIONAL
+ * }
+ */
+struct ESS_cert_id {
+    ASN1_OCTET_STRING *hash;    /* Always SHA-1 digest. */
+    ESS_ISSUER_SERIAL *issuer_serial;
+};
+
+/*-
+ * SigningCertificate ::=  SEQUENCE {
+ *        certs        SEQUENCE OF ESSCertID,
+ *        policies     SEQUENCE OF PolicyInformation OPTIONAL
+ * }
+ */
+struct ESS_signing_cert {
+    STACK_OF(ESS_CERT_ID) *cert_ids;
+    STACK_OF(POLICYINFO) *policy_info;
+};
+
+/*-
+ * ESSCertIDv2 ::=  SEQUENCE {
+ *        hashAlgorithm           AlgorithmIdentifier
+ *                DEFAULT {algorithm id-sha256},
+ *        certHash                Hash,
+ *        issuerSerial            IssuerSerial OPTIONAL
+ * }
+ */
+
+struct ESS_cert_id_v2_st {
+    X509_ALGOR *hash_alg;       /* Default: SHA-256 */
+    ASN1_OCTET_STRING *hash;
+    ESS_ISSUER_SERIAL *issuer_serial;
+};
+
+/*-
+ * SigningCertificateV2 ::= SEQUENCE {
+ *        certs                   SEQUENCE OF ESSCertIDv2,
+ *        policies                SEQUENCE OF PolicyInformation OPTIONAL
+ * }
+ */
+
+struct ESS_signing_cert_v2_st {
+    STACK_OF(ESS_CERT_ID_V2) *cert_ids;
+    STACK_OF(POLICYINFO) *policy_info;
+};
+
+
+struct TS_resp_ctx {
+    X509 *signer_cert;
+    EVP_PKEY *signer_key;
+    const EVP_MD *signer_md;
+    const EVP_MD *ess_cert_id_digest;
+    STACK_OF(X509) *certs;      /* Certs to include in signed data. */
+    STACK_OF(ASN1_OBJECT) *policies; /* Acceptable policies. */
+    ASN1_OBJECT *default_policy; /* It may appear in policies, too. */
+    STACK_OF(EVP_MD) *mds;      /* Acceptable message digests. */
+    ASN1_INTEGER *seconds;      /* accuracy, 0 means not specified. */
+    ASN1_INTEGER *millis;       /* accuracy, 0 means not specified. */
+    ASN1_INTEGER *micros;       /* accuracy, 0 means not specified. */
+    unsigned clock_precision_digits; /* fraction of seconds in time stamp
+                                      * token. */
+    unsigned flags;             /* Optional info, see values above. */
+    /* Callback functions. */
+    TS_serial_cb serial_cb;
+    void *serial_cb_data;       /* User data for serial_cb. */
+    TS_time_cb time_cb;
+    void *time_cb_data;         /* User data for time_cb. */
+    TS_extension_cb extension_cb;
+    void *extension_cb_data;    /* User data for extension_cb. */
+    /* These members are used only while creating the response. */
+    TS_REQ *request;
+    TS_RESP *response;
+    TS_TST_INFO *tst_info;
+};
+
+struct TS_verify_ctx {
+    /* Set this to the union of TS_VFY_... flags you want to carry out. */
+    unsigned flags;
+    /* Must be set only with TS_VFY_SIGNATURE. certs is optional. */
+    X509_STORE *store;
+    STACK_OF(X509) *certs;
+    /* Must be set only with TS_VFY_POLICY. */
+    ASN1_OBJECT *policy;
+    /*
+     * Must be set only with TS_VFY_IMPRINT. If md_alg is NULL, the
+     * algorithm from the response is used.
+     */
+    X509_ALGOR *md_alg;
+    unsigned char *imprint;
+    unsigned imprint_len;
+    /* Must be set only with TS_VFY_DATA. */
+    BIO *data;
+    /* Must be set only with TS_VFY_TSA_NAME. */
+    ASN1_INTEGER *nonce;
+    /* Must be set only with TS_VFY_TSA_NAME. */
+    GENERAL_NAME *tsa_name;
+};
diff --git a/freebsd/crypto/openssl/crypto/ts/ts_lib.c b/freebsd/crypto/openssl/crypto/ts/ts_lib.c
index 46ac2d77..1fe851a8 100644
--- a/freebsd/crypto/openssl/crypto/ts/ts_lib.c
+++ b/freebsd/crypto/openssl/crypto/ts/ts_lib.c
@@ -1,89 +1,38 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/ts/ts_lib.c */
 /*
- * Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL project
- * 2002.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/objects.h>
 #include <openssl/bn.h>
+#include <openssl/x509.h>
 #include <openssl/x509v3.h>
-#include "ts.h"
-
-/* Local function declarations. */
-
-/* Function definitions. */
+#include <openssl/ts.h>
+#include "ts_lcl.h"
 
 int TS_ASN1_INTEGER_print_bio(BIO *bio, const ASN1_INTEGER *num)
 {
-    BIGNUM num_bn;
+    BIGNUM *num_bn;
     int result = 0;
     char *hex;
 
-    BN_init(&num_bn);
-    ASN1_INTEGER_to_BN(num, &num_bn);
-    if ((hex = BN_bn2hex(&num_bn))) {
+    num_bn = ASN1_INTEGER_to_BN(num, NULL);
+    if (num_bn == NULL)
+        return -1;
+    if ((hex = BN_bn2hex(num_bn))) {
         result = BIO_write(bio, "0x", 2) > 0;
         result = result && BIO_write(bio, hex, strlen(hex)) > 0;
         OPENSSL_free(hex);
     }
-    BN_free(&num_bn);
+    BN_free(num_bn);
 
     return result;
 }
@@ -109,12 +58,13 @@ int TS_ext_print_bio(BIO *bio, const STACK_OF(X509_EXTENSION) *extensions)
     for (i = 0; i < n; i++) {
         ex = X509v3_get_ext(extensions, i);
         obj = X509_EXTENSION_get_object(ex);
-        i2a_ASN1_OBJECT(bio, obj);
+        if (i2a_ASN1_OBJECT(bio, obj) < 0)
+            return 0;
         critical = X509_EXTENSION_get_critical(ex);
-        BIO_printf(bio, ": %s\n", critical ? "critical" : "");
+        BIO_printf(bio, ":%s\n", critical ? " critical" : "");
         if (!X509V3_EXT_print(bio, ex, 0, 4)) {
             BIO_printf(bio, "%4s", "");
-            M_ASN1_OCTET_STRING_print(bio, ex->value);
+            ASN1_STRING_print(bio, X509_EXTENSION_get_data(ex));
         }
         BIO_write(bio, "\n", 1);
     }
@@ -131,14 +81,14 @@ int TS_X509_ALGOR_print_bio(BIO *bio, const X509_ALGOR *alg)
 
 int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *a)
 {
-    const ASN1_OCTET_STRING *msg;
+    ASN1_OCTET_STRING *msg;
 
-    TS_X509_ALGOR_print_bio(bio, TS_MSG_IMPRINT_get_algo(a));
+    TS_X509_ALGOR_print_bio(bio, a->hash_algo);
 
     BIO_printf(bio, "Message data:\n");
-    msg = TS_MSG_IMPRINT_get_msg(a);
-    BIO_dump_indent(bio, (const char *)M_ASN1_STRING_data(msg),
-                    M_ASN1_STRING_length(msg), 4);
+    msg = a->hashed_msg;
+    BIO_dump_indent(bio, (const char *)ASN1_STRING_get0_data(msg),
+                    ASN1_STRING_length(msg), 4);
 
     return 1;
 }
diff --git a/freebsd/crypto/openssl/crypto/ts/ts_req_print.c b/freebsd/crypto/openssl/crypto/ts/ts_req_print.c
index 4a06462b..5a4b2604 100644
--- a/freebsd/crypto/openssl/crypto/ts/ts_req_print.c
+++ b/freebsd/crypto/openssl/crypto/ts/ts_req_print.c
@@ -1,78 +1,26 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/ts/ts_req_print.c */
 /*
- * Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL project
- * 2002.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/objects.h>
 #include <openssl/bn.h>
 #include <openssl/x509v3.h>
 #include <openssl/ts.h>
-
-/* Function definitions. */
+#include "ts_lcl.h"
 
 int TS_REQ_print_bio(BIO *bio, TS_REQ *a)
 {
     int v;
     ASN1_OBJECT *policy_id;
-    const ASN1_INTEGER *nonce;
 
     if (a == NULL)
         return 0;
@@ -80,7 +28,7 @@ int TS_REQ_print_bio(BIO *bio, TS_REQ *a)
     v = TS_REQ_get_version(a);
     BIO_printf(bio, "Version: %d\n", v);
 
-    TS_MSG_IMPRINT_print_bio(bio, TS_REQ_get_msg_imprint(a));
+    TS_MSG_IMPRINT_print_bio(bio, a->msg_imprint);
 
     BIO_printf(bio, "Policy OID: ");
     policy_id = TS_REQ_get_policy_id(a);
@@ -90,17 +38,16 @@ int TS_REQ_print_bio(BIO *bio, TS_REQ *a)
         TS_OBJ_print_bio(bio, policy_id);
 
     BIO_printf(bio, "Nonce: ");
-    nonce = TS_REQ_get_nonce(a);
-    if (nonce == NULL)
+    if (a->nonce == NULL)
         BIO_printf(bio, "unspecified");
     else
-        TS_ASN1_INTEGER_print_bio(bio, nonce);
+        TS_ASN1_INTEGER_print_bio(bio, a->nonce);
     BIO_write(bio, "\n", 1);
 
     BIO_printf(bio, "Certificate required: %s\n",
-               TS_REQ_get_cert_req(a) ? "yes" : "no");
+               a->cert_req ? "yes" : "no");
 
-    TS_ext_print_bio(bio, TS_REQ_get_exts(a));
+    TS_ext_print_bio(bio, a->extensions);
 
     return 1;
 }
diff --git a/freebsd/crypto/openssl/crypto/ts/ts_req_utils.c b/freebsd/crypto/openssl/crypto/ts/ts_req_utils.c
index d24cfa18..e7e2eef0 100644
--- a/freebsd/crypto/openssl/crypto/ts/ts_req_utils.c
+++ b/freebsd/crypto/openssl/crypto/ts/ts_req_utils.c
@@ -1,69 +1,20 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/ts/ts_req_utils.c */
 /*
- * Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL project
- * 2002.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/objects.h>
 #include <openssl/x509v3.h>
 #include <openssl/ts.h>
+#include "ts_lcl.h"
 
 int TS_REQ_set_version(TS_REQ *a, long version)
 {
@@ -127,7 +78,7 @@ ASN1_OCTET_STRING *TS_MSG_IMPRINT_get_msg(TS_MSG_IMPRINT *a)
     return a->hashed_msg;
 }
 
-int TS_REQ_set_policy_id(TS_REQ *a, ASN1_OBJECT *policy)
+int TS_REQ_set_policy_id(TS_REQ *a, const ASN1_OBJECT *policy)
 {
     ASN1_OBJECT *new_policy;
 
@@ -203,7 +154,7 @@ int TS_REQ_get_ext_by_NID(TS_REQ *a, int nid, int lastpos)
     return X509v3_get_ext_by_NID(a->extensions, nid, lastpos);
 }
 
-int TS_REQ_get_ext_by_OBJ(TS_REQ *a, ASN1_OBJECT *obj, int lastpos)
+int TS_REQ_get_ext_by_OBJ(TS_REQ *a, const ASN1_OBJECT *obj, int lastpos)
 {
     return X509v3_get_ext_by_OBJ(a->extensions, obj, lastpos);
 }
diff --git a/freebsd/crypto/openssl/crypto/ts/ts_rsp_print.c b/freebsd/crypto/openssl/crypto/ts/ts_rsp_print.c
index 8627e101..87ee7b97 100644
--- a/freebsd/crypto/openssl/crypto/ts/ts_rsp_print.c
+++ b/freebsd/crypto/openssl/crypto/ts/ts_rsp_print.c
@@ -1,95 +1,40 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/ts/ts_resp_print.c */
 /*
- * Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL project
- * 2002.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/objects.h>
 #include <openssl/bn.h>
 #include <openssl/x509v3.h>
-#include "ts.h"
+#include <openssl/ts.h>
+#include "ts_lcl.h"
 
 struct status_map_st {
     int bit;
     const char *text;
 };
 
-/* Local function declarations. */
+static int ts_status_map_print(BIO *bio, const struct status_map_st *a,
+                               const ASN1_BIT_STRING *v);
+static int ts_ACCURACY_print_bio(BIO *bio, const TS_ACCURACY *accuracy);
 
-static int TS_status_map_print(BIO *bio, struct status_map_st *a,
-                               ASN1_BIT_STRING *v);
-static int TS_ACCURACY_print_bio(BIO *bio, const TS_ACCURACY *accuracy);
-
-/* Function definitions. */
 
 int TS_RESP_print_bio(BIO *bio, TS_RESP *a)
 {
-    TS_TST_INFO *tst_info;
-
     BIO_printf(bio, "Status info:\n");
-    TS_STATUS_INFO_print_bio(bio, TS_RESP_get_status_info(a));
+    TS_STATUS_INFO_print_bio(bio, a->status_info);
 
     BIO_printf(bio, "\nTST info:\n");
-    tst_info = TS_RESP_get_tst_info(a);
-    if (tst_info != NULL)
-        TS_TST_INFO_print_bio(bio, TS_RESP_get_tst_info(a));
+    if (a->tst_info != NULL)
+        TS_TST_INFO_print_bio(bio, a->tst_info);
     else
         BIO_printf(bio, "Not included.\n");
 
@@ -106,7 +51,7 @@ int TS_STATUS_INFO_print_bio(BIO *bio, TS_STATUS_INFO *a)
         "Revocation warning.",
         "Revoked."
     };
-    static struct status_map_st failure_map[] = {
+    static const struct status_map_st failure_map[] = {
         {TS_INFO_BAD_ALG,
          "unrecognized or unsupported algorithm identifier"},
         {TS_INFO_BAD_REQUEST,
@@ -129,16 +74,13 @@ int TS_STATUS_INFO_print_bio(BIO *bio, TS_STATUS_INFO *a)
     long status;
     int i, lines = 0;
 
-    /* Printing status code. */
     BIO_printf(bio, "Status: ");
     status = ASN1_INTEGER_get(a->status);
-    if (0 <= status
-        && status < (long)(sizeof(status_map) / sizeof(status_map[0])))
+    if (0 <= status && status < (long)OSSL_NELEM(status_map))
         BIO_printf(bio, "%s\n", status_map[status]);
     else
         BIO_printf(bio, "out of bounds\n");
 
-    /* Printing status description. */
     BIO_printf(bio, "Status description: ");
     for (i = 0; i < sk_ASN1_UTF8STRING_num(a->text); ++i) {
         if (i > 0)
@@ -149,10 +91,9 @@ int TS_STATUS_INFO_print_bio(BIO *bio, TS_STATUS_INFO *a)
     if (i == 0)
         BIO_printf(bio, "unspecified\n");
 
-    /* Printing failure information. */
     BIO_printf(bio, "Failure info: ");
     if (a->failure_info != NULL)
-        lines = TS_status_map_print(bio, failure_map, a->failure_info);
+        lines = ts_status_map_print(bio, failure_map, a->failure_info);
     if (lines == 0)
         BIO_printf(bio, "unspecified");
     BIO_printf(bio, "\n");
@@ -160,8 +101,8 @@ int TS_STATUS_INFO_print_bio(BIO *bio, TS_STATUS_INFO *a)
     return 1;
 }
 
-static int TS_status_map_print(BIO *bio, struct status_map_st *a,
-                               ASN1_BIT_STRING *v)
+static int ts_status_map_print(BIO *bio, const struct status_map_st *a,
+                               const ASN1_BIT_STRING *v)
 {
     int lines = 0;
 
@@ -179,102 +120,75 @@ static int TS_status_map_print(BIO *bio, struct status_map_st *a,
 int TS_TST_INFO_print_bio(BIO *bio, TS_TST_INFO *a)
 {
     int v;
-    ASN1_OBJECT *policy_id;
-    const ASN1_INTEGER *serial;
-    const ASN1_GENERALIZEDTIME *gtime;
-    TS_ACCURACY *accuracy;
-    const ASN1_INTEGER *nonce;
-    GENERAL_NAME *tsa_name;
 
     if (a == NULL)
         return 0;
 
-    /* Print version. */
-    v = TS_TST_INFO_get_version(a);
+    v = ASN1_INTEGER_get(a->version);
     BIO_printf(bio, "Version: %d\n", v);
 
-    /* Print policy id. */
     BIO_printf(bio, "Policy OID: ");
-    policy_id = TS_TST_INFO_get_policy_id(a);
-    TS_OBJ_print_bio(bio, policy_id);
+    TS_OBJ_print_bio(bio, a->policy_id);
 
-    /* Print message imprint. */
-    TS_MSG_IMPRINT_print_bio(bio, TS_TST_INFO_get_msg_imprint(a));
+    TS_MSG_IMPRINT_print_bio(bio, a->msg_imprint);
 
-    /* Print serial number. */
     BIO_printf(bio, "Serial number: ");
-    serial = TS_TST_INFO_get_serial(a);
-    if (serial == NULL)
+    if (a->serial == NULL)
         BIO_printf(bio, "unspecified");
     else
-        TS_ASN1_INTEGER_print_bio(bio, serial);
+        TS_ASN1_INTEGER_print_bio(bio, a->serial);
     BIO_write(bio, "\n", 1);
 
-    /* Print time stamp. */
     BIO_printf(bio, "Time stamp: ");
-    gtime = TS_TST_INFO_get_time(a);
-    ASN1_GENERALIZEDTIME_print(bio, gtime);
+    ASN1_GENERALIZEDTIME_print(bio, a->time);
     BIO_write(bio, "\n", 1);
 
-    /* Print accuracy. */
     BIO_printf(bio, "Accuracy: ");
-    accuracy = TS_TST_INFO_get_accuracy(a);
-    if (accuracy == NULL)
+    if (a->accuracy == NULL)
         BIO_printf(bio, "unspecified");
     else
-        TS_ACCURACY_print_bio(bio, accuracy);
+        ts_ACCURACY_print_bio(bio, a->accuracy);
     BIO_write(bio, "\n", 1);
 
-    /* Print ordering. */
-    BIO_printf(bio, "Ordering: %s\n",
-               TS_TST_INFO_get_ordering(a) ? "yes" : "no");
+    BIO_printf(bio, "Ordering: %s\n", a->ordering ? "yes" : "no");
 
-    /* Print nonce. */
     BIO_printf(bio, "Nonce: ");
-    nonce = TS_TST_INFO_get_nonce(a);
-    if (nonce == NULL)
+    if (a->nonce == NULL)
         BIO_printf(bio, "unspecified");
     else
-        TS_ASN1_INTEGER_print_bio(bio, nonce);
+        TS_ASN1_INTEGER_print_bio(bio, a->nonce);
     BIO_write(bio, "\n", 1);
 
-    /* Print TSA name. */
     BIO_printf(bio, "TSA: ");
-    tsa_name = TS_TST_INFO_get_tsa(a);
-    if (tsa_name == NULL)
+    if (a->tsa == NULL)
         BIO_printf(bio, "unspecified");
     else {
         STACK_OF(CONF_VALUE) *nval;
-        if ((nval = i2v_GENERAL_NAME(NULL, tsa_name, NULL)))
+        if ((nval = i2v_GENERAL_NAME(NULL, a->tsa, NULL)))
             X509V3_EXT_val_prn(bio, nval, 0, 0);
         sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
     }
     BIO_write(bio, "\n", 1);
 
-    /* Print extensions. */
-    TS_ext_print_bio(bio, TS_TST_INFO_get_exts(a));
+    TS_ext_print_bio(bio, a->extensions);
 
     return 1;
 }
 
-static int TS_ACCURACY_print_bio(BIO *bio, const TS_ACCURACY *accuracy)
+static int ts_ACCURACY_print_bio(BIO *bio, const TS_ACCURACY *a)
 {
-    const ASN1_INTEGER *seconds = TS_ACCURACY_get_seconds(accuracy);
-    const ASN1_INTEGER *millis = TS_ACCURACY_get_millis(accuracy);
-    const ASN1_INTEGER *micros = TS_ACCURACY_get_micros(accuracy);
-
-    if (seconds != NULL)
-        TS_ASN1_INTEGER_print_bio(bio, seconds);
+    if (a->seconds != NULL)
+        TS_ASN1_INTEGER_print_bio(bio, a->seconds);
     else
         BIO_printf(bio, "unspecified");
     BIO_printf(bio, " seconds, ");
-    if (millis != NULL)
-        TS_ASN1_INTEGER_print_bio(bio, millis);
+    if (a->millis != NULL)
+        TS_ASN1_INTEGER_print_bio(bio, a->millis);
     else
         BIO_printf(bio, "unspecified");
     BIO_printf(bio, " millis, ");
-    if (micros != NULL)
-        TS_ASN1_INTEGER_print_bio(bio, micros);
+    if (a->micros != NULL)
+        TS_ASN1_INTEGER_print_bio(bio, a->micros);
     else
         BIO_printf(bio, "unspecified");
     BIO_printf(bio, " micros");
diff --git a/freebsd/crypto/openssl/crypto/ts/ts_rsp_sign.c b/freebsd/crypto/openssl/crypto/ts/ts_rsp_sign.c
index 0f2643aa..e836cd91 100644
--- a/freebsd/crypto/openssl/crypto/ts/ts_rsp_sign.c
+++ b/freebsd/crypto/openssl/crypto/ts/ts_rsp_sign.c
@@ -1,110 +1,66 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/ts/ts_resp_sign.c */
 /*
- * Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL project
- * 2002.
- */
-/* ====================================================================
- * Copyright (c) 2006-2018 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include "cryptlib.h"
-#include "o_time.h"
-
-#if defined(OPENSSL_SYS_UNIX)
-# include <sys/time.h>
-#endif
+#include "e_os.h"
+#include "internal/cryptlib.h"
 
 #include <openssl/objects.h>
 #include <openssl/ts.h>
 #include <openssl/pkcs7.h>
-
-/* Private function declarations. */
+#include <openssl/crypto.h>
+#include "ts_lcl.h"
 
 static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *, void *);
 static int def_time_cb(struct TS_resp_ctx *, void *, long *sec, long *usec);
 static int def_extension_cb(struct TS_resp_ctx *, X509_EXTENSION *, void *);
 
-static void TS_RESP_CTX_init(TS_RESP_CTX *ctx);
-static void TS_RESP_CTX_cleanup(TS_RESP_CTX *ctx);
-static int TS_RESP_check_request(TS_RESP_CTX *ctx);
-static ASN1_OBJECT *TS_RESP_get_policy(TS_RESP_CTX *ctx);
-static TS_TST_INFO *TS_RESP_create_tst_info(TS_RESP_CTX *ctx,
+static void ts_RESP_CTX_init(TS_RESP_CTX *ctx);
+static void ts_RESP_CTX_cleanup(TS_RESP_CTX *ctx);
+static int ts_RESP_check_request(TS_RESP_CTX *ctx);
+static ASN1_OBJECT *ts_RESP_get_policy(TS_RESP_CTX *ctx);
+static TS_TST_INFO *ts_RESP_create_tst_info(TS_RESP_CTX *ctx,
                                             ASN1_OBJECT *policy);
-static int TS_RESP_process_extensions(TS_RESP_CTX *ctx);
-static int TS_RESP_sign(TS_RESP_CTX *ctx);
+static int ts_RESP_process_extensions(TS_RESP_CTX *ctx);
+static int ts_RESP_sign(TS_RESP_CTX *ctx);
 
-static ESS_SIGNING_CERT *ESS_SIGNING_CERT_new_init(X509 *signcert,
+static ESS_SIGNING_CERT *ess_SIGNING_CERT_new_init(X509 *signcert,
                                                    STACK_OF(X509) *certs);
-static ESS_CERT_ID *ESS_CERT_ID_new_init(X509 *cert, int issuer_needed);
-static int TS_TST_INFO_content_new(PKCS7 *p7);
-static int ESS_add_signing_cert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc);
+static ESS_CERT_ID *ess_CERT_ID_new_init(X509 *cert, int issuer_needed);
+static int ts_TST_INFO_content_new(PKCS7 *p7);
+static int ess_add_signing_cert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc);
+
+static ESS_SIGNING_CERT_V2 *ess_signing_cert_v2_new_init(const EVP_MD *hash_alg,
+                                                         X509 *signcert,
+                                                         STACK_OF(X509)
+                                                         *certs);
+static ESS_CERT_ID_V2 *ess_cert_id_v2_new_init(const EVP_MD *hash_alg,
+                                               X509 *cert, int issuer_needed);
+static int ess_add_signing_cert_v2(PKCS7_SIGNER_INFO *si,
+                                   ESS_SIGNING_CERT_V2 *sc);
 
 static ASN1_GENERALIZEDTIME
 *TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *, long, long,
                                     unsigned);
 
-/* Default callbacks for response generation. */
-
+/* Default callback for response generation. */
 static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *ctx, void *data)
 {
     ASN1_INTEGER *serial = ASN1_INTEGER_new();
-    if (!serial)
+
+    if (serial == NULL)
         goto err;
     if (!ASN1_INTEGER_set(serial, 1))
         goto err;
     return serial;
+
  err:
     TSerr(TS_F_DEF_SERIAL_CB, ERR_R_MALLOC_FAILURE);
     TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
@@ -114,7 +70,6 @@ static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *ctx, void *data)
 
 #if defined(OPENSSL_SYS_UNIX)
 
-/* Use the gettimeofday function call. */
 static int def_time_cb(struct TS_resp_ctx *ctx, void *data,
                        long *sec, long *usec)
 {
@@ -126,7 +81,6 @@ static int def_time_cb(struct TS_resp_ctx *ctx, void *data,
         TS_RESP_CTX_add_failure_info(ctx, TS_INFO_TIME_NOT_AVAILABLE);
         return 0;
     }
-    /* Return time to caller. */
     *sec = tv.tv_sec;
     *usec = tv.tv_usec;
 
@@ -135,7 +89,6 @@ static int def_time_cb(struct TS_resp_ctx *ctx, void *data,
 
 #else
 
-/* Use the time function call that provides only seconds precision. */
 static int def_time_cb(struct TS_resp_ctx *ctx, void *data,
                        long *sec, long *usec)
 {
@@ -147,7 +100,6 @@ static int def_time_cb(struct TS_resp_ctx *ctx, void *data,
         TS_RESP_CTX_add_failure_info(ctx, TS_INFO_TIME_NOT_AVAILABLE);
         return 0;
     }
-    /* Return time to caller, only second precision. */
     *sec = (long)t;
     *usec = 0;
 
@@ -159,7 +111,6 @@ static int def_time_cb(struct TS_resp_ctx *ctx, void *data,
 static int def_extension_cb(struct TS_resp_ctx *ctx, X509_EXTENSION *ext,
                             void *data)
 {
-    /* No extensions are processed here. */
     TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
                                 "Unsupported extension.");
     TS_RESP_CTX_add_failure_info(ctx, TS_INFO_UNACCEPTED_EXTENSION);
@@ -168,17 +119,17 @@ static int def_extension_cb(struct TS_resp_ctx *ctx, X509_EXTENSION *ext,
 
 /* TS_RESP_CTX management functions. */
 
-TS_RESP_CTX *TS_RESP_CTX_new()
+TS_RESP_CTX *TS_RESP_CTX_new(void)
 {
     TS_RESP_CTX *ctx;
 
-    if (!(ctx = (TS_RESP_CTX *)OPENSSL_malloc(sizeof(TS_RESP_CTX)))) {
+    if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
         TSerr(TS_F_TS_RESP_CTX_NEW, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
-    memset(ctx, 0, sizeof(TS_RESP_CTX));
 
-    /* Setting default callbacks. */
+    ctx->signer_md = EVP_sha256();
+
     ctx->serial_cb = def_serial_cb;
     ctx->time_cb = def_time_cb;
     ctx->extension_cb = def_extension_cb;
@@ -210,28 +161,31 @@ int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer)
               TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE);
         return 0;
     }
-    if (ctx->signer_cert)
-        X509_free(ctx->signer_cert);
+    X509_free(ctx->signer_cert);
     ctx->signer_cert = signer;
-    CRYPTO_add(&ctx->signer_cert->references, +1, CRYPTO_LOCK_X509);
+    X509_up_ref(ctx->signer_cert);
     return 1;
 }
 
 int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key)
 {
-    if (ctx->signer_key)
-        EVP_PKEY_free(ctx->signer_key);
+    EVP_PKEY_free(ctx->signer_key);
     ctx->signer_key = key;
-    CRYPTO_add(&ctx->signer_key->references, +1, CRYPTO_LOCK_EVP_PKEY);
+    EVP_PKEY_up_ref(ctx->signer_key);
 
     return 1;
 }
 
-int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *def_policy)
+int TS_RESP_CTX_set_signer_digest(TS_RESP_CTX *ctx, const EVP_MD *md)
 {
-    if (ctx->default_policy)
-        ASN1_OBJECT_free(ctx->default_policy);
-    if (!(ctx->default_policy = OBJ_dup(def_policy)))
+    ctx->signer_md = md;
+    return 1;
+}
+
+int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *def_policy)
+{
+    ASN1_OBJECT_free(ctx->default_policy);
+    if ((ctx->default_policy = OBJ_dup(def_policy)) == NULL)
         goto err;
     return 1;
  err:
@@ -242,13 +196,11 @@ int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *def_policy)
 int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs)
 {
 
-    if (ctx->certs) {
-        sk_X509_pop_free(ctx->certs, X509_free);
-        ctx->certs = NULL;
-    }
+    sk_X509_pop_free(ctx->certs, X509_free);
+    ctx->certs = NULL;
     if (!certs)
         return 1;
-    if (!(ctx->certs = X509_chain_up_ref(certs))) {
+    if ((ctx->certs = X509_chain_up_ref(certs)) == NULL) {
         TSerr(TS_F_TS_RESP_CTX_SET_CERTS, ERR_R_MALLOC_FAILURE);
         return 0;
     }
@@ -256,14 +208,14 @@ int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs)
     return 1;
 }
 
-int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *policy)
+int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *policy)
 {
     ASN1_OBJECT *copy = NULL;
 
-    /* Create new policy stack if necessary. */
-    if (!ctx->policies && !(ctx->policies = sk_ASN1_OBJECT_new_null()))
+    if (ctx->policies == NULL
+        && (ctx->policies = sk_ASN1_OBJECT_new_null()) == NULL)
         goto err;
-    if (!(copy = OBJ_dup(policy)))
+    if ((copy = OBJ_dup(policy)) == NULL)
         goto err;
     if (!sk_ASN1_OBJECT_push(ctx->policies, copy))
         goto err;
@@ -277,11 +229,10 @@ int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *policy)
 
 int TS_RESP_CTX_add_md(TS_RESP_CTX *ctx, const EVP_MD *md)
 {
-    /* Create new md stack if necessary. */
-    if (!ctx->mds && !(ctx->mds = sk_EVP_MD_new_null()))
+    if (ctx->mds == NULL
+        && (ctx->mds = sk_EVP_MD_new_null()) == NULL)
         goto err;
-    /* Add the shared md, no copy needed. */
-    if (!sk_EVP_MD_push(ctx->mds, (EVP_MD *)md))
+    if (!sk_EVP_MD_push(ctx->mds, md))
         goto err;
 
     return 1;
@@ -303,14 +254,17 @@ int TS_RESP_CTX_set_accuracy(TS_RESP_CTX *ctx,
 {
 
     TS_RESP_CTX_accuracy_free(ctx);
-    if (secs && (!(ctx->seconds = ASN1_INTEGER_new())
-                 || !ASN1_INTEGER_set(ctx->seconds, secs)))
+    if (secs
+        && ((ctx->seconds = ASN1_INTEGER_new()) == NULL
+            || !ASN1_INTEGER_set(ctx->seconds, secs)))
         goto err;
-    if (millis && (!(ctx->millis = ASN1_INTEGER_new())
-                   || !ASN1_INTEGER_set(ctx->millis, millis)))
+    if (millis
+        && ((ctx->millis = ASN1_INTEGER_new()) == NULL
+            || !ASN1_INTEGER_set(ctx->millis, millis)))
         goto err;
-    if (micros && (!(ctx->micros = ASN1_INTEGER_new())
-                   || !ASN1_INTEGER_set(ctx->micros, micros)))
+    if (micros
+        && ((ctx->micros = ASN1_INTEGER_new()) == NULL
+            || !ASN1_INTEGER_set(ctx->micros, micros)))
         goto err;
 
     return 1;
@@ -351,15 +305,16 @@ int TS_RESP_CTX_set_status_info(TS_RESP_CTX *ctx,
     ASN1_UTF8STRING *utf8_text = NULL;
     int ret = 0;
 
-    if (!(si = TS_STATUS_INFO_new()))
+    if ((si = TS_STATUS_INFO_new()) == NULL)
         goto err;
     if (!ASN1_INTEGER_set(si->status, status))
         goto err;
     if (text) {
-        if (!(utf8_text = ASN1_UTF8STRING_new())
+        if ((utf8_text = ASN1_UTF8STRING_new()) == NULL
             || !ASN1_STRING_set(utf8_text, text, strlen(text)))
             goto err;
-        if (!si->text && !(si->text = sk_ASN1_UTF8STRING_new_null()))
+        if (si->text == NULL
+            && (si->text = sk_ASN1_UTF8STRING_new_null()) == NULL)
             goto err;
         if (!sk_ASN1_UTF8STRING_push(si->text, utf8_text))
             goto err;
@@ -380,10 +335,9 @@ int TS_RESP_CTX_set_status_info_cond(TS_RESP_CTX *ctx,
                                      int status, const char *text)
 {
     int ret = 1;
-    TS_STATUS_INFO *si = TS_RESP_get_status_info(ctx->response);
+    TS_STATUS_INFO *si = ctx->response->status_info;
 
     if (ASN1_INTEGER_get(si->status) == TS_STATUS_GRANTED) {
-        /* Status has not been set, set it now. */
         ret = TS_RESP_CTX_set_status_info(ctx, status, text);
     }
     return ret;
@@ -391,8 +345,9 @@ int TS_RESP_CTX_set_status_info_cond(TS_RESP_CTX *ctx,
 
 int TS_RESP_CTX_add_failure_info(TS_RESP_CTX *ctx, int failure)
 {
-    TS_STATUS_INFO *si = TS_RESP_get_status_info(ctx->response);
-    if (!si->failure_info && !(si->failure_info = ASN1_BIT_STRING_new()))
+    TS_STATUS_INFO *si = ctx->response->status_info;
+    if (si->failure_info == NULL
+        && (si->failure_info = ASN1_BIT_STRING_new()) == NULL)
         goto err;
     if (!ASN1_BIT_STRING_set_bit(si->failure_info, failure, 1))
         goto err;
@@ -428,48 +383,32 @@ TS_RESP *TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio)
     TS_RESP *response;
     int result = 0;
 
-    TS_RESP_CTX_init(ctx);
+    ts_RESP_CTX_init(ctx);
 
-    /* Creating the response object. */
-    if (!(ctx->response = TS_RESP_new())) {
+    if ((ctx->response = TS_RESP_new()) == NULL) {
         TSerr(TS_F_TS_RESP_CREATE_RESPONSE, ERR_R_MALLOC_FAILURE);
         goto end;
     }
-
-    /* Parsing DER request. */
-    if (!(ctx->request = d2i_TS_REQ_bio(req_bio, NULL))) {
+    if ((ctx->request = d2i_TS_REQ_bio(req_bio, NULL)) == NULL) {
         TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
-                                    "Bad request format or " "system error.");
+                                    "Bad request format or system error.");
         TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_DATA_FORMAT);
         goto end;
     }
-
-    /* Setting default status info. */
     if (!TS_RESP_CTX_set_status_info(ctx, TS_STATUS_GRANTED, NULL))
         goto end;
-
-    /* Checking the request format. */
-    if (!TS_RESP_check_request(ctx))
+    if (!ts_RESP_check_request(ctx))
         goto end;
-
-    /* Checking acceptable policies. */
-    if (!(policy = TS_RESP_get_policy(ctx)))
+    if ((policy = ts_RESP_get_policy(ctx)) == NULL)
         goto end;
-
-    /* Creating the TS_TST_INFO object. */
-    if (!(ctx->tst_info = TS_RESP_create_tst_info(ctx, policy)))
+    if ((ctx->tst_info = ts_RESP_create_tst_info(ctx, policy)) == NULL)
         goto end;
-
-    /* Processing extensions. */
-    if (!TS_RESP_process_extensions(ctx))
+    if (!ts_RESP_process_extensions(ctx))
         goto end;
-
-    /* Generating the signature. */
-    if (!TS_RESP_sign(ctx))
+    if (!ts_RESP_sign(ctx))
         goto end;
-
-    /* Everything was successful. */
     result = 1;
+
  end:
     if (!result) {
         TSerr(TS_F_TS_RESP_CREATE_RESPONSE, TS_R_RESPONSE_SETUP_ERROR);
@@ -485,12 +424,12 @@ TS_RESP *TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio)
     }
     response = ctx->response;
     ctx->response = NULL;       /* Ownership will be returned to caller. */
-    TS_RESP_CTX_cleanup(ctx);
+    ts_RESP_CTX_cleanup(ctx);
     return response;
 }
 
 /* Initializes the variable part of the context. */
-static void TS_RESP_CTX_init(TS_RESP_CTX *ctx)
+static void ts_RESP_CTX_init(TS_RESP_CTX *ctx)
 {
     ctx->request = NULL;
     ctx->response = NULL;
@@ -498,7 +437,7 @@ static void TS_RESP_CTX_init(TS_RESP_CTX *ctx)
 }
 
 /* Cleans up the variable part of the context. */
-static void TS_RESP_CTX_cleanup(TS_RESP_CTX *ctx)
+static void ts_RESP_CTX_cleanup(TS_RESP_CTX *ctx)
 {
     TS_REQ_free(ctx->request);
     ctx->request = NULL;
@@ -509,17 +448,16 @@ static void TS_RESP_CTX_cleanup(TS_RESP_CTX *ctx)
 }
 
 /* Checks the format and content of the request. */
-static int TS_RESP_check_request(TS_RESP_CTX *ctx)
+static int ts_RESP_check_request(TS_RESP_CTX *ctx)
 {
     TS_REQ *request = ctx->request;
     TS_MSG_IMPRINT *msg_imprint;
     X509_ALGOR *md_alg;
     int md_alg_id;
     const ASN1_OCTET_STRING *digest;
-    EVP_MD *md = NULL;
+    const EVP_MD *md = NULL;
     int i;
 
-    /* Checking request version. */
     if (TS_REQ_get_version(request) != 1) {
         TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
                                     "Bad request version.");
@@ -527,12 +465,11 @@ static int TS_RESP_check_request(TS_RESP_CTX *ctx)
         return 0;
     }
 
-    /* Checking message digest algorithm. */
-    msg_imprint = TS_REQ_get_msg_imprint(request);
-    md_alg = TS_MSG_IMPRINT_get_algo(msg_imprint);
+    msg_imprint = request->msg_imprint;
+    md_alg = msg_imprint->hash_algo;
     md_alg_id = OBJ_obj2nid(md_alg->algorithm);
     for (i = 0; !md && i < sk_EVP_MD_num(ctx->mds); ++i) {
-        EVP_MD *current_md = sk_EVP_MD_value(ctx->mds, i);
+        const EVP_MD *current_md = sk_EVP_MD_value(ctx->mds, i);
         if (md_alg_id == EVP_MD_type(current_md))
             md = current_md;
     }
@@ -544,7 +481,6 @@ static int TS_RESP_check_request(TS_RESP_CTX *ctx)
         return 0;
     }
 
-    /* No message digest takes parameter. */
     if (md_alg->parameter && ASN1_TYPE_get(md_alg->parameter) != V_ASN1_NULL) {
         TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
                                     "Superfluous message digest "
@@ -552,8 +488,7 @@ static int TS_RESP_check_request(TS_RESP_CTX *ctx)
         TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_ALG);
         return 0;
     }
-    /* Checking message digest size. */
-    digest = TS_MSG_IMPRINT_get_msg(msg_imprint);
+    digest = msg_imprint->hashed_msg;
     if (digest->length != EVP_MD_size(md)) {
         TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
                                     "Bad message digest.");
@@ -565,9 +500,9 @@ static int TS_RESP_check_request(TS_RESP_CTX *ctx)
 }
 
 /* Returns the TSA policy based on the requested and acceptable policies. */
-static ASN1_OBJECT *TS_RESP_get_policy(TS_RESP_CTX *ctx)
+static ASN1_OBJECT *ts_RESP_get_policy(TS_RESP_CTX *ctx)
 {
-    ASN1_OBJECT *requested = TS_REQ_get_policy_id(ctx->request);
+    ASN1_OBJECT *requested = ctx->request->policy_id;
     ASN1_OBJECT *policy = NULL;
     int i;
 
@@ -575,10 +510,6 @@ static ASN1_OBJECT *TS_RESP_get_policy(TS_RESP_CTX *ctx)
         TSerr(TS_F_TS_RESP_GET_POLICY, TS_R_INVALID_NULL_POINTER);
         return NULL;
     }
-    /*
-     * Return the default policy if none is requested or the default is
-     * requested.
-     */
     if (!requested || !OBJ_cmp(requested, ctx->default_policy))
         policy = ctx->default_policy;
 
@@ -598,7 +529,7 @@ static ASN1_OBJECT *TS_RESP_get_policy(TS_RESP_CTX *ctx)
 }
 
 /* Creates the TS_TST_INFO object based on the settings of the context. */
-static TS_TST_INFO *TS_RESP_create_tst_info(TS_RESP_CTX *ctx,
+static TS_TST_INFO *ts_RESP_create_tst_info(TS_RESP_CTX *ctx,
                                             ASN1_OBJECT *policy)
 {
     int result = 0;
@@ -610,7 +541,7 @@ static TS_TST_INFO *TS_RESP_create_tst_info(TS_RESP_CTX *ctx,
     const ASN1_INTEGER *nonce;
     GENERAL_NAME *tsa_name = NULL;
 
-    if (!(tst_info = TS_TST_INFO_new()))
+    if ((tst_info = TS_TST_INFO_new()) == NULL)
         goto end;
     if (!TS_TST_INFO_set_version(tst_info, 1))
         goto end;
@@ -618,21 +549,19 @@ static TS_TST_INFO *TS_RESP_create_tst_info(TS_RESP_CTX *ctx,
         goto end;
     if (!TS_TST_INFO_set_msg_imprint(tst_info, ctx->request->msg_imprint))
         goto end;
-    if (!(serial = (*ctx->serial_cb) (ctx, ctx->serial_cb_data))
+    if ((serial = ctx->serial_cb(ctx, ctx->serial_cb_data)) == NULL
         || !TS_TST_INFO_set_serial(tst_info, serial))
         goto end;
-    if (!(*ctx->time_cb) (ctx, ctx->time_cb_data, &sec, &usec)
-        || !(asn1_time = TS_RESP_set_genTime_with_precision(NULL,
-                                                            sec, usec,
-                                                            ctx->clock_precision_digits))
+    if (!ctx->time_cb(ctx, ctx->time_cb_data, &sec, &usec)
+        || (asn1_time =
+            TS_RESP_set_genTime_with_precision(NULL, sec, usec,
+                                        ctx->clock_precision_digits)) == NULL
         || !TS_TST_INFO_set_time(tst_info, asn1_time))
         goto end;
 
-    /* Setting accuracy if needed. */
     if ((ctx->seconds || ctx->millis || ctx->micros)
-        && !(accuracy = TS_ACCURACY_new()))
+        && (accuracy = TS_ACCURACY_new()) == NULL)
         goto end;
-
     if (ctx->seconds && !TS_ACCURACY_set_seconds(accuracy, ctx->seconds))
         goto end;
     if (ctx->millis && !TS_ACCURACY_set_millis(accuracy, ctx->millis))
@@ -642,23 +571,20 @@ static TS_TST_INFO *TS_RESP_create_tst_info(TS_RESP_CTX *ctx,
     if (accuracy && !TS_TST_INFO_set_accuracy(tst_info, accuracy))
         goto end;
 
-    /* Setting ordering. */
     if ((ctx->flags & TS_ORDERING)
         && !TS_TST_INFO_set_ordering(tst_info, 1))
         goto end;
 
-    /* Setting nonce if needed. */
-    if ((nonce = TS_REQ_get_nonce(ctx->request)) != NULL
+    if ((nonce = ctx->request->nonce) != NULL
         && !TS_TST_INFO_set_nonce(tst_info, nonce))
         goto end;
 
-    /* Setting TSA name to subject of signer certificate. */
     if (ctx->flags & TS_TSA_NAME) {
-        if (!(tsa_name = GENERAL_NAME_new()))
+        if ((tsa_name = GENERAL_NAME_new()) == NULL)
             goto end;
         tsa_name->type = GEN_DIRNAME;
         tsa_name->d.dirn =
-            X509_NAME_dup(ctx->signer_cert->cert_info->subject);
+            X509_NAME_dup(X509_get_subject_name(ctx->signer_cert));
         if (!tsa_name->d.dirn)
             goto end;
         if (!TS_TST_INFO_set_tsa(tst_info, tsa_name))
@@ -684,16 +610,16 @@ static TS_TST_INFO *TS_RESP_create_tst_info(TS_RESP_CTX *ctx,
 }
 
 /* Processing the extensions of the request. */
-static int TS_RESP_process_extensions(TS_RESP_CTX *ctx)
+static int ts_RESP_process_extensions(TS_RESP_CTX *ctx)
 {
-    STACK_OF(X509_EXTENSION) *exts = TS_REQ_get_exts(ctx->request);
+    STACK_OF(X509_EXTENSION) *exts = ctx->request->extensions;
     int i;
     int ok = 1;
 
     for (i = 0; ok && i < sk_X509_EXTENSION_num(exts); ++i) {
         X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i);
         /*
-         * XXXXX The last argument was previously (void *)ctx->extension_cb,
+         * The last argument was previously (void *)ctx->extension_cb,
          * but ISO C doesn't permit converting a function pointer to void *.
          * For lack of better information, I'm placing a NULL there instead.
          * The callback can pick its own address out from the ctx anyway...
@@ -705,37 +631,33 @@ static int TS_RESP_process_extensions(TS_RESP_CTX *ctx)
 }
 
 /* Functions for signing the TS_TST_INFO structure of the context. */
-static int TS_RESP_sign(TS_RESP_CTX *ctx)
+static int ts_RESP_sign(TS_RESP_CTX *ctx)
 {
     int ret = 0;
     PKCS7 *p7 = NULL;
     PKCS7_SIGNER_INFO *si;
     STACK_OF(X509) *certs;      /* Certificates to include in sc. */
+    ESS_SIGNING_CERT_V2 *sc2 = NULL;
     ESS_SIGNING_CERT *sc = NULL;
     ASN1_OBJECT *oid;
     BIO *p7bio = NULL;
     int i;
 
-    /* Check if signcert and pkey match. */
     if (!X509_check_private_key(ctx->signer_cert, ctx->signer_key)) {
         TSerr(TS_F_TS_RESP_SIGN, TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
         goto err;
     }
 
-    /* Create a new PKCS7 signed object. */
-    if (!(p7 = PKCS7_new())) {
+    if ((p7 = PKCS7_new()) == NULL) {
         TSerr(TS_F_TS_RESP_SIGN, ERR_R_MALLOC_FAILURE);
         goto err;
     }
     if (!PKCS7_set_type(p7, NID_pkcs7_signed))
         goto err;
-
-    /* Force SignedData version to be 3 instead of the default 1. */
     if (!ASN1_INTEGER_set(p7->d.sign->version, 3))
         goto err;
 
-    /* Add signer certificate and optional certificate chain. */
-    if (TS_REQ_get_cert_req(ctx->request)) {
+    if (ctx->request->cert_req) {
         PKCS7_add_certificate(p7, ctx->signer_cert);
         if (ctx->certs) {
             for (i = 0; i < sk_X509_num(ctx->certs); ++i) {
@@ -745,14 +667,12 @@ static int TS_RESP_sign(TS_RESP_CTX *ctx)
         }
     }
 
-    /* Add a new signer info. */
-    if (!(si = PKCS7_add_signature(p7, ctx->signer_cert,
-                                   ctx->signer_key, EVP_sha1()))) {
+    if ((si = PKCS7_add_signature(p7, ctx->signer_cert,
+                                  ctx->signer_key, ctx->signer_md)) == NULL) {
         TSerr(TS_F_TS_RESP_SIGN, TS_R_PKCS7_ADD_SIGNATURE_ERROR);
         goto err;
     }
 
-    /* Add content type signed attribute to the signer info. */
     oid = OBJ_nid2obj(NID_id_smime_ct_TSTInfo);
     if (!PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,
                                     V_ASN1_OBJECT, oid)) {
@@ -760,43 +680,42 @@ static int TS_RESP_sign(TS_RESP_CTX *ctx)
         goto err;
     }
 
-    /*
-     * Create the ESS SigningCertificate attribute which contains the signer
-     * certificate id and optionally the certificate chain.
-     */
     certs = ctx->flags & TS_ESS_CERT_ID_CHAIN ? ctx->certs : NULL;
-    if (!(sc = ESS_SIGNING_CERT_new_init(ctx->signer_cert, certs)))
-        goto err;
+    if (ctx->ess_cert_id_digest == NULL
+        || ctx->ess_cert_id_digest == EVP_sha1()) {
+        if ((sc = ess_SIGNING_CERT_new_init(ctx->signer_cert, certs)) == NULL)
+            goto err;
 
-    /* Add SigningCertificate signed attribute to the signer info. */
-    if (!ESS_add_signing_cert(si, sc)) {
-        TSerr(TS_F_TS_RESP_SIGN, TS_R_ESS_ADD_SIGNING_CERT_ERROR);
-        goto err;
+        if (!ess_add_signing_cert(si, sc)) {
+            TSerr(TS_F_TS_RESP_SIGN, TS_R_ESS_ADD_SIGNING_CERT_ERROR);
+            goto err;
+        }
+    } else {
+        sc2 = ess_signing_cert_v2_new_init(ctx->ess_cert_id_digest,
+                                           ctx->signer_cert, certs);
+        if (sc2 == NULL)
+            goto err;
+
+        if (!ess_add_signing_cert_v2(si, sc2)) {
+            TSerr(TS_F_TS_RESP_SIGN, TS_R_ESS_ADD_SIGNING_CERT_V2_ERROR);
+            goto err;
+        }
     }
 
-    /* Add a new empty NID_id_smime_ct_TSTInfo encapsulated content. */
-    if (!TS_TST_INFO_content_new(p7))
+    if (!ts_TST_INFO_content_new(p7))
         goto err;
-
-    /* Add the DER encoded tst_info to the PKCS7 structure. */
-    if (!(p7bio = PKCS7_dataInit(p7, NULL))) {
+    if ((p7bio = PKCS7_dataInit(p7, NULL)) == NULL) {
         TSerr(TS_F_TS_RESP_SIGN, ERR_R_MALLOC_FAILURE);
         goto err;
     }
-
-    /* Convert tst_info to DER. */
     if (!i2d_TS_TST_INFO_bio(p7bio, ctx->tst_info)) {
         TSerr(TS_F_TS_RESP_SIGN, TS_R_TS_DATASIGN);
         goto err;
     }
-
-    /* Create the signature and add it to the signer info. */
     if (!PKCS7_dataFinal(p7, p7bio)) {
         TSerr(TS_F_TS_RESP_SIGN, TS_R_TS_DATASIGN);
         goto err;
     }
-
-    /* Set new PKCS7 and TST_INFO objects. */
     TS_RESP_set_tst_info(ctx->response, p7, ctx->tst_info);
     p7 = NULL;                  /* Ownership is lost. */
     ctx->tst_info = NULL;       /* Ownership is lost. */
@@ -808,32 +727,31 @@ static int TS_RESP_sign(TS_RESP_CTX *ctx)
                                          "Error during signature "
                                          "generation.");
     BIO_free_all(p7bio);
+    ESS_SIGNING_CERT_V2_free(sc2);
     ESS_SIGNING_CERT_free(sc);
     PKCS7_free(p7);
     return ret;
 }
 
-static ESS_SIGNING_CERT *ESS_SIGNING_CERT_new_init(X509 *signcert,
+static ESS_SIGNING_CERT *ess_SIGNING_CERT_new_init(X509 *signcert,
                                                    STACK_OF(X509) *certs)
 {
     ESS_CERT_ID *cid;
     ESS_SIGNING_CERT *sc = NULL;
     int i;
 
-    /* Creating the ESS_CERT_ID stack. */
-    if (!(sc = ESS_SIGNING_CERT_new()))
+    if ((sc = ESS_SIGNING_CERT_new()) == NULL)
         goto err;
-    if (!sc->cert_ids && !(sc->cert_ids = sk_ESS_CERT_ID_new_null()))
+    if (sc->cert_ids == NULL
+        && (sc->cert_ids = sk_ESS_CERT_ID_new_null()) == NULL)
         goto err;
 
-    /* Adding the signing certificate id. */
-    if (!(cid = ESS_CERT_ID_new_init(signcert, 0))
+    if ((cid = ess_CERT_ID_new_init(signcert, 0)) == NULL
         || !sk_ESS_CERT_ID_push(sc->cert_ids, cid))
         goto err;
-    /* Adding the certificate chain ids. */
     for (i = 0; i < sk_X509_num(certs); ++i) {
         X509 *cert = sk_X509_value(certs, i);
-        if (!(cid = ESS_CERT_ID_new_init(cert, 1))
+        if ((cid = ess_CERT_ID_new_init(cert, 1)) == NULL
             || !sk_ESS_CERT_ID_push(sc->cert_ids, cid))
             goto err;
     }
@@ -845,39 +763,36 @@ static ESS_SIGNING_CERT *ESS_SIGNING_CERT_new_init(X509 *signcert,
     return NULL;
 }
 
-static ESS_CERT_ID *ESS_CERT_ID_new_init(X509 *cert, int issuer_needed)
+static ESS_CERT_ID *ess_CERT_ID_new_init(X509 *cert, int issuer_needed)
 {
     ESS_CERT_ID *cid = NULL;
     GENERAL_NAME *name = NULL;
+    unsigned char cert_sha1[SHA_DIGEST_LENGTH];
 
-    /* Recompute SHA1 hash of certificate if necessary (side effect). */
+    /* Call for side-effect of computing hash and caching extensions */
     X509_check_purpose(cert, -1, 0);
-
-    if (!(cid = ESS_CERT_ID_new()))
+    if ((cid = ESS_CERT_ID_new()) == NULL)
         goto err;
-    if (!ASN1_OCTET_STRING_set(cid->hash, cert->sha1_hash,
-                               sizeof(cert->sha1_hash)))
+    X509_digest(cert, EVP_sha1(), cert_sha1, NULL);
+    if (!ASN1_OCTET_STRING_set(cid->hash, cert_sha1, SHA_DIGEST_LENGTH))
         goto err;
 
     /* Setting the issuer/serial if requested. */
     if (issuer_needed) {
-        /* Creating issuer/serial structure. */
-        if (!cid->issuer_serial
-            && !(cid->issuer_serial = ESS_ISSUER_SERIAL_new()))
+        if (cid->issuer_serial == NULL
+            && (cid->issuer_serial = ESS_ISSUER_SERIAL_new()) == NULL)
             goto err;
-        /* Creating general name from the certificate issuer. */
-        if (!(name = GENERAL_NAME_new()))
+        if ((name = GENERAL_NAME_new()) == NULL)
             goto err;
         name->type = GEN_DIRNAME;
-        if (!(name->d.dirn = X509_NAME_dup(cert->cert_info->issuer)))
+        if ((name->d.dirn = X509_NAME_dup(X509_get_issuer_name(cert))) == NULL)
             goto err;
         if (!sk_GENERAL_NAME_push(cid->issuer_serial->issuer, name))
             goto err;
         name = NULL;            /* Ownership is lost. */
-        /* Setting the serial number. */
         ASN1_INTEGER_free(cid->issuer_serial->serial);
         if (!(cid->issuer_serial->serial =
-              ASN1_INTEGER_dup(cert->cert_info->serialNumber)))
+              ASN1_INTEGER_dup(X509_get_serialNumber(cert))))
             goto err;
     }
 
@@ -889,18 +804,18 @@ static ESS_CERT_ID *ESS_CERT_ID_new_init(X509 *cert, int issuer_needed)
     return NULL;
 }
 
-static int TS_TST_INFO_content_new(PKCS7 *p7)
+static int ts_TST_INFO_content_new(PKCS7 *p7)
 {
     PKCS7 *ret = NULL;
     ASN1_OCTET_STRING *octet_string = NULL;
 
     /* Create new encapsulated NID_id_smime_ct_TSTInfo content. */
-    if (!(ret = PKCS7_new()))
+    if ((ret = PKCS7_new()) == NULL)
         goto err;
-    if (!(ret->d.other = ASN1_TYPE_new()))
+    if ((ret->d.other = ASN1_TYPE_new()) == NULL)
         goto err;
     ret->type = OBJ_nid2obj(NID_id_smime_ct_TSTInfo);
-    if (!(octet_string = ASN1_OCTET_STRING_new()))
+    if ((octet_string = ASN1_OCTET_STRING_new()) == NULL)
         goto err;
     ASN1_TYPE_set(ret->d.other, V_ASN1_OCTET_STRING, octet_string);
     octet_string = NULL;
@@ -916,20 +831,20 @@ static int TS_TST_INFO_content_new(PKCS7 *p7)
     return 0;
 }
 
-static int ESS_add_signing_cert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc)
+static int ess_add_signing_cert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc)
 {
     ASN1_STRING *seq = NULL;
     unsigned char *p, *pp = NULL;
     int len;
 
     len = i2d_ESS_SIGNING_CERT(sc, NULL);
-    if (!(pp = (unsigned char *)OPENSSL_malloc(len))) {
+    if ((pp = OPENSSL_malloc(len)) == NULL) {
         TSerr(TS_F_ESS_ADD_SIGNING_CERT, ERR_R_MALLOC_FAILURE);
         goto err;
     }
     p = pp;
     i2d_ESS_SIGNING_CERT(sc, &p);
-    if (!(seq = ASN1_STRING_new()) || !ASN1_STRING_set(seq, pp, len)) {
+    if ((seq = ASN1_STRING_new()) == NULL || !ASN1_STRING_set(seq, pp, len)) {
         TSerr(TS_F_ESS_ADD_SIGNING_CERT, ERR_R_MALLOC_FAILURE);
         goto err;
     }
@@ -945,13 +860,136 @@ static int ESS_add_signing_cert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc)
     return 0;
 }
 
-static ASN1_GENERALIZEDTIME
-*TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time,
-                                    long sec, long usec, unsigned precision)
+static ESS_SIGNING_CERT_V2 *ess_signing_cert_v2_new_init(const EVP_MD *hash_alg,
+                                                         X509 *signcert,
+                                                         STACK_OF(X509) *certs)
+{
+    ESS_CERT_ID_V2 *cid = NULL;
+    ESS_SIGNING_CERT_V2 *sc = NULL;
+    int i;
+
+    if ((sc = ESS_SIGNING_CERT_V2_new()) == NULL)
+        goto err;
+    if ((cid = ess_cert_id_v2_new_init(hash_alg, signcert, 0)) == NULL)
+        goto err;
+    if (!sk_ESS_CERT_ID_V2_push(sc->cert_ids, cid))
+        goto err;
+    cid = NULL;
+
+    for (i = 0; i < sk_X509_num(certs); ++i) {
+        X509 *cert = sk_X509_value(certs, i);
+
+        if ((cid = ess_cert_id_v2_new_init(hash_alg, cert, 1)) == NULL)
+            goto err;
+        if (!sk_ESS_CERT_ID_V2_push(sc->cert_ids, cid))
+            goto err;
+        cid = NULL;
+    }
+
+    return sc;
+ err:
+    ESS_SIGNING_CERT_V2_free(sc);
+    ESS_CERT_ID_V2_free(cid);
+    TSerr(TS_F_ESS_SIGNING_CERT_V2_NEW_INIT, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+static ESS_CERT_ID_V2 *ess_cert_id_v2_new_init(const EVP_MD *hash_alg,
+                                               X509 *cert, int issuer_needed)
+{
+    ESS_CERT_ID_V2 *cid = NULL;
+    GENERAL_NAME *name = NULL;
+    unsigned char hash[EVP_MAX_MD_SIZE];
+    unsigned int hash_len = sizeof(hash);
+    X509_ALGOR *alg = NULL;
+
+    memset(hash, 0, sizeof(hash));
+
+    if ((cid = ESS_CERT_ID_V2_new()) == NULL)
+        goto err;
+
+    if (hash_alg != EVP_sha256()) {
+        alg = X509_ALGOR_new();
+        if (alg == NULL)
+            goto err;
+        X509_ALGOR_set_md(alg, hash_alg);
+        if (alg->algorithm == NULL)
+            goto err;
+        cid->hash_alg = alg;
+        alg = NULL;
+    } else {
+        cid->hash_alg = NULL;
+    }
+
+    if (!X509_digest(cert, hash_alg, hash, &hash_len))
+        goto err;
+
+    if (!ASN1_OCTET_STRING_set(cid->hash, hash, hash_len))
+        goto err;
+
+    if (issuer_needed) {
+        if ((cid->issuer_serial = ESS_ISSUER_SERIAL_new()) == NULL)
+            goto err;
+        if ((name = GENERAL_NAME_new()) == NULL)
+            goto err;
+        name->type = GEN_DIRNAME;
+        if ((name->d.dirn = X509_NAME_dup(X509_get_issuer_name(cert))) == NULL)
+            goto err;
+        if (!sk_GENERAL_NAME_push(cid->issuer_serial->issuer, name))
+            goto err;
+        name = NULL;            /* Ownership is lost. */
+        ASN1_INTEGER_free(cid->issuer_serial->serial);
+        cid->issuer_serial->serial =
+                ASN1_INTEGER_dup(X509_get_serialNumber(cert));
+        if (cid->issuer_serial->serial == NULL)
+            goto err;
+    }
+
+    return cid;
+ err:
+    X509_ALGOR_free(alg);
+    GENERAL_NAME_free(name);
+    ESS_CERT_ID_V2_free(cid);
+    TSerr(TS_F_ESS_CERT_ID_V2_NEW_INIT, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+static int ess_add_signing_cert_v2(PKCS7_SIGNER_INFO *si,
+                                   ESS_SIGNING_CERT_V2 *sc)
+{
+    ASN1_STRING *seq = NULL;
+    unsigned char *p, *pp = NULL;
+    int len = i2d_ESS_SIGNING_CERT_V2(sc, NULL);
+
+    if ((pp = OPENSSL_malloc(len)) == NULL) {
+        TSerr(TS_F_ESS_ADD_SIGNING_CERT_V2, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    p = pp;
+    i2d_ESS_SIGNING_CERT_V2(sc, &p);
+    if ((seq = ASN1_STRING_new()) == NULL || !ASN1_STRING_set(seq, pp, len)) {
+        TSerr(TS_F_ESS_ADD_SIGNING_CERT_V2, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    OPENSSL_free(pp);
+    pp = NULL;
+    return PKCS7_add_signed_attribute(si,
+                                      NID_id_smime_aa_signingCertificateV2,
+                                      V_ASN1_SEQUENCE, seq);
+ err:
+    ASN1_STRING_free(seq);
+    OPENSSL_free(pp);
+    return 0;
+}
+
+static ASN1_GENERALIZEDTIME *TS_RESP_set_genTime_with_precision(
+        ASN1_GENERALIZEDTIME *asn1_time, long sec, long usec,
+        unsigned precision)
 {
     time_t time_sec = (time_t)sec;
-    struct tm *tm = NULL;
-    struct tm result = {0};
+    struct tm *tm = NULL, tm_result;
     char genTime_str[17 + TS_MAX_CLOCK_PRECISION_DIGITS];
     char *p = genTime_str;
     char *p_end = genTime_str + sizeof(genTime_str);
@@ -959,7 +997,7 @@ static ASN1_GENERALIZEDTIME
     if (precision > TS_MAX_CLOCK_PRECISION_DIGITS)
         goto err;
 
-    if (!(tm = OPENSSL_gmtime(&time_sec, &result)))
+    if ((tm = OPENSSL_gmtime(&time_sec, &tm_result)) == NULL)
         goto err;
 
     /*
@@ -974,12 +1012,7 @@ static ASN1_GENERALIZEDTIME
                       tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday,
                       tm->tm_hour, tm->tm_min, tm->tm_sec);
     if (precision > 0) {
-        /* Add fraction of seconds (leave space for dot and null). */
         BIO_snprintf(p, 2 + precision, ".%06ld", usec);
-        /*
-         * We cannot use the snprintf return value, because it might have
-         * been truncated.
-         */
         p += strlen(p);
 
         /*
@@ -998,27 +1031,29 @@ static ASN1_GENERALIZEDTIME
          * this loop even if all the digits are zero.
          */
         while (*--p == '0')
-            /*
-             * empty
-             */ ;
-        /* p points to either the dot or the last non-zero digit. */
+             continue;
         if (*p != '.')
             ++p;
     }
-    /* Add the trailing Z and the terminating null. */
     *p++ = 'Z';
     *p++ = '\0';
 
-    /* Now call OpenSSL to check and set our genTime value */
-    if (!asn1_time && !(asn1_time = M_ASN1_GENERALIZEDTIME_new()))
+    if (asn1_time == NULL
+        && (asn1_time = ASN1_GENERALIZEDTIME_new()) == NULL)
         goto err;
     if (!ASN1_GENERALIZEDTIME_set_string(asn1_time, genTime_str)) {
         ASN1_GENERALIZEDTIME_free(asn1_time);
         goto err;
     }
-
     return asn1_time;
+
  err:
     TSerr(TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION, TS_R_COULD_NOT_SET_TIME);
     return NULL;
 }
+
+int TS_RESP_CTX_set_ess_cert_id_digest(TS_RESP_CTX *ctx, const EVP_MD *md)
+{
+    ctx->ess_cert_id_digest = md;
+    return 1;
+}
diff --git a/freebsd/crypto/openssl/crypto/ts/ts_rsp_utils.c b/freebsd/crypto/openssl/crypto/ts/ts_rsp_utils.c
index 23804cb3..b2fb92b8 100644
--- a/freebsd/crypto/openssl/crypto/ts/ts_rsp_utils.c
+++ b/freebsd/crypto/openssl/crypto/ts/ts_rsp_utils.c
@@ -1,71 +1,20 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/ts/ts_resp_utils.c */
 /*
- * Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL project
- * 2002.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/objects.h>
 #include <openssl/ts.h>
 #include <openssl/pkcs7.h>
-
-/* Function definitions. */
+#include "ts_lcl.h"
 
 int TS_RESP_set_status_info(TS_RESP *a, TS_STATUS_INFO *status_info)
 {
@@ -92,7 +41,6 @@ TS_STATUS_INFO *TS_RESP_get_status_info(TS_RESP *a)
 /* Caller loses ownership of PKCS7 and TS_TST_INFO objects. */
 void TS_RESP_set_tst_info(TS_RESP *a, PKCS7 *p7, TS_TST_INFO *tst_info)
 {
-    /* Set new PKCS7 and TST_INFO objects. */
     PKCS7_free(a->token);
     a->token = p7;
     TS_TST_INFO_free(a->tst_info);
@@ -188,7 +136,7 @@ int TS_TST_INFO_set_time(TS_TST_INFO *a, const ASN1_GENERALIZEDTIME *gtime)
 
     if (a->time == gtime)
         return 1;
-    new_time = M_ASN1_GENERALIZEDTIME_dup(gtime);
+    new_time = ASN1_STRING_dup(gtime);
     if (new_time == NULL) {
         TSerr(TS_F_TS_TST_INFO_SET_TIME, ERR_R_MALLOC_FAILURE);
         return 0;
@@ -367,7 +315,7 @@ int TS_TST_INFO_get_ext_by_NID(TS_TST_INFO *a, int nid, int lastpos)
     return X509v3_get_ext_by_NID(a->extensions, nid, lastpos);
 }
 
-int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, ASN1_OBJECT *obj, int lastpos)
+int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, const ASN1_OBJECT *obj, int lastpos)
 {
     return X509v3_get_ext_by_OBJ(a->extensions, obj, lastpos);
 }
@@ -396,3 +344,24 @@ void *TS_TST_INFO_get_ext_d2i(TS_TST_INFO *a, int nid, int *crit, int *idx)
 {
     return X509V3_get_d2i(a->extensions, nid, crit, idx);
 }
+
+int TS_STATUS_INFO_set_status(TS_STATUS_INFO *a, int i)
+{
+    return ASN1_INTEGER_set(a->status, i);
+}
+
+const ASN1_INTEGER *TS_STATUS_INFO_get0_status(const TS_STATUS_INFO *a)
+{
+    return a->status;
+}
+
+const STACK_OF(ASN1_UTF8STRING) *
+TS_STATUS_INFO_get0_text(const TS_STATUS_INFO *a)
+{
+    return a->text;
+}
+
+const ASN1_BIT_STRING *TS_STATUS_INFO_get0_failure_info(const TS_STATUS_INFO *a)
+{
+    return a->failure_info;
+}
diff --git a/freebsd/crypto/openssl/crypto/ts/ts_rsp_verify.c b/freebsd/crypto/openssl/crypto/ts/ts_rsp_verify.c
index 045d0eda..94371985 100644
--- a/freebsd/crypto/openssl/crypto/ts/ts_rsp_verify.c
+++ b/freebsd/crypto/openssl/crypto/ts/ts_rsp_verify.c
@@ -1,101 +1,58 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/ts/ts_resp_verify.c */
 /*
- * Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL project
- * 2002.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/objects.h>
 #include <openssl/ts.h>
 #include <openssl/pkcs7.h>
+#include "ts_lcl.h"
 
-/* Private function declarations. */
-
-static int TS_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted,
+static int ts_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted,
                           X509 *signer, STACK_OF(X509) **chain);
-static int TS_check_signing_certs(PKCS7_SIGNER_INFO *si,
+static int ts_check_signing_certs(PKCS7_SIGNER_INFO *si,
                                   STACK_OF(X509) *chain);
-static ESS_SIGNING_CERT *ESS_get_signing_cert(PKCS7_SIGNER_INFO *si);
-static int TS_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert);
-static int TS_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509_CINF *cinfo);
-static int int_TS_RESP_verify_token(TS_VERIFY_CTX *ctx,
+static ESS_SIGNING_CERT *ess_get_signing_cert(PKCS7_SIGNER_INFO *si);
+static int ts_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert);
+static int ts_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509 *cert);
+static int int_ts_RESP_verify_token(TS_VERIFY_CTX *ctx,
                                     PKCS7 *token, TS_TST_INFO *tst_info);
-static int TS_check_status_info(TS_RESP *response);
-static char *TS_get_status_text(STACK_OF(ASN1_UTF8STRING) *text);
-static int TS_check_policy(ASN1_OBJECT *req_oid, TS_TST_INFO *tst_info);
-static int TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info,
+static int ts_check_status_info(TS_RESP *response);
+static char *ts_get_status_text(STACK_OF(ASN1_UTF8STRING) *text);
+static int ts_check_policy(const ASN1_OBJECT *req_oid,
+                           const TS_TST_INFO *tst_info);
+static int ts_compute_imprint(BIO *data, TS_TST_INFO *tst_info,
                               X509_ALGOR **md_alg,
                               unsigned char **imprint, unsigned *imprint_len);
-static int TS_check_imprints(X509_ALGOR *algor_a,
-                             unsigned char *imprint_a, unsigned len_a,
+static int ts_check_imprints(X509_ALGOR *algor_a,
+                             const unsigned char *imprint_a, unsigned len_a,
                              TS_TST_INFO *tst_info);
-static int TS_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info);
-static int TS_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer);
-static int TS_find_name(STACK_OF(GENERAL_NAME) *gen_names,
+static int ts_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info);
+static int ts_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer);
+static int ts_find_name(STACK_OF(GENERAL_NAME) *gen_names,
                         GENERAL_NAME *name);
+static int ts_find_cert_v2(STACK_OF(ESS_CERT_ID_V2) *cert_ids, X509 *cert);
+static ESS_SIGNING_CERT_V2 *ess_get_signing_cert_v2(PKCS7_SIGNER_INFO *si);
+
+/*
+ * This must be large enough to hold all values in ts_status_text (with
+ * comma separator) or all text fields in ts_failure_info (also with comma).
+ */
+#define TS_STATUS_BUF_SIZE      256
 
 /*
  * Local mapping between response codes and descriptions.
- * Don't forget to change TS_STATUS_BUF_SIZE when modifying
- * the elements of this array.
  */
-static const char *TS_status_text[] = { "granted",
+static const char *ts_status_text[] = {
+    "granted",
     "grantedWithMods",
     "rejection",
     "waiting",
@@ -103,48 +60,22 @@ static const char *TS_status_text[] = { "granted",
     "revocationNotification"
 };
 
-#define TS_STATUS_TEXT_SIZE     (sizeof(TS_status_text)/sizeof(*TS_status_text))
-
-/*
- * This must be greater or equal to the sum of the strings in TS_status_text
- * plus the number of its elements.
- */
-#define TS_STATUS_BUF_SIZE      256
+#define TS_STATUS_TEXT_SIZE     OSSL_NELEM(ts_status_text)
 
 static struct {
     int code;
     const char *text;
-} TS_failure_info[] = {
-    {
-        TS_INFO_BAD_ALG, "badAlg"
-    },
-    {
-        TS_INFO_BAD_REQUEST, "badRequest"
-    },
-    {
-        TS_INFO_BAD_DATA_FORMAT, "badDataFormat"
-    },
-    {
-        TS_INFO_TIME_NOT_AVAILABLE, "timeNotAvailable"
-    },
-    {
-        TS_INFO_UNACCEPTED_POLICY, "unacceptedPolicy"
-    },
-    {
-        TS_INFO_UNACCEPTED_EXTENSION, "unacceptedExtension"
-    },
-    {
-        TS_INFO_ADD_INFO_NOT_AVAILABLE, "addInfoNotAvailable"
-    },
-    {
-        TS_INFO_SYSTEM_FAILURE, "systemFailure"
-    }
+} ts_failure_info[] = {
+    {TS_INFO_BAD_ALG, "badAlg"},
+    {TS_INFO_BAD_REQUEST, "badRequest"},
+    {TS_INFO_BAD_DATA_FORMAT, "badDataFormat"},
+    {TS_INFO_TIME_NOT_AVAILABLE, "timeNotAvailable"},
+    {TS_INFO_UNACCEPTED_POLICY, "unacceptedPolicy"},
+    {TS_INFO_UNACCEPTED_EXTENSION, "unacceptedExtension"},
+    {TS_INFO_ADD_INFO_NOT_AVAILABLE, "addInfoNotAvailable"},
+    {TS_INFO_SYSTEM_FAILURE, "systemFailure"}
 };
 
-#define TS_FAILURE_INFO_SIZE    (sizeof(TS_failure_info) / \
-                                sizeof(*TS_failure_info))
-
-/* Functions for verifying a signed TS_TST_INFO structure. */
 
 /*-
  * This function carries out the following tasks:
@@ -175,22 +106,16 @@ int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs,
         TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_INVALID_NULL_POINTER);
         goto err;
     }
-
-    /* Check for the correct content type */
     if (!PKCS7_type_is_signed(token)) {
         TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_WRONG_CONTENT_TYPE);
         goto err;
     }
-
-    /* Check if there is one and only one signer. */
     sinfos = PKCS7_get_signer_info(token);
     if (!sinfos || sk_PKCS7_SIGNER_INFO_num(sinfos) != 1) {
         TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_THERE_MUST_BE_ONE_SIGNER);
         goto err;
     }
     si = sk_PKCS7_SIGNER_INFO_value(sinfos, 0);
-
-    /* Check for no content: no data to verify signature. */
     if (PKCS7_get_detached(token)) {
         TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_NO_CONTENT);
         goto err;
@@ -205,35 +130,26 @@ int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs,
         goto err;
     signer = sk_X509_value(signers, 0);
 
-    /* Now verify the certificate. */
-    if (!TS_verify_cert(store, certs, signer, &chain))
+    if (!ts_verify_cert(store, certs, signer, &chain))
         goto err;
-
-    /*
-     * Check if the signer certificate is consistent with the ESS extension.
-     */
-    if (!TS_check_signing_certs(si, chain))
+    if (!ts_check_signing_certs(si, chain))
         goto err;
-
-    /* Creating the message digest. */
     p7bio = PKCS7_dataInit(token, NULL);
 
     /* We now have to 'read' from p7bio to calculate digests etc. */
-    while ((i = BIO_read(p7bio, buf, sizeof(buf))) > 0) ;
+    while ((i = BIO_read(p7bio, buf, sizeof(buf))) > 0)
+        continue;
 
-    /* Verifying the signature. */
     j = PKCS7_signatureVerify(p7bio, token, si, signer);
     if (j <= 0) {
         TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_SIGNATURE_FAILURE);
         goto err;
     }
 
-    /* Return the signer certificate if needed. */
     if (signer_out) {
         *signer_out = signer;
-        CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509);
+        X509_up_ref(signer);
     }
-
     ret = 1;
 
  err:
@@ -248,74 +164,102 @@ int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs,
  * The certificate chain is returned in chain. Caller is responsible for
  * freeing the vector.
  */
-static int TS_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted,
+static int ts_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted,
                           X509 *signer, STACK_OF(X509) **chain)
 {
-    X509_STORE_CTX cert_ctx;
+    X509_STORE_CTX *cert_ctx = NULL;
     int i;
-    int ret = 1;
+    int ret = 0;
 
-    /* chain is an out argument. */
     *chain = NULL;
-    if (!X509_STORE_CTX_init(&cert_ctx, store, signer, untrusted))
-        return 0;
-    X509_STORE_CTX_set_purpose(&cert_ctx, X509_PURPOSE_TIMESTAMP_SIGN);
-    i = X509_verify_cert(&cert_ctx);
+    cert_ctx = X509_STORE_CTX_new();
+    if (cert_ctx == NULL) {
+        TSerr(TS_F_TS_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (!X509_STORE_CTX_init(cert_ctx, store, signer, untrusted))
+        goto end;
+    X509_STORE_CTX_set_purpose(cert_ctx, X509_PURPOSE_TIMESTAMP_SIGN);
+    i = X509_verify_cert(cert_ctx);
     if (i <= 0) {
-        int j = X509_STORE_CTX_get_error(&cert_ctx);
+        int j = X509_STORE_CTX_get_error(cert_ctx);
         TSerr(TS_F_TS_VERIFY_CERT, TS_R_CERTIFICATE_VERIFY_ERROR);
         ERR_add_error_data(2, "Verify error:",
                            X509_verify_cert_error_string(j));
-        ret = 0;
-    } else {
-        /* Get a copy of the certificate chain. */
-        *chain = X509_STORE_CTX_get1_chain(&cert_ctx);
+        goto err;
     }
+    *chain = X509_STORE_CTX_get1_chain(cert_ctx);
+    ret = 1;
+    goto end;
 
-    X509_STORE_CTX_cleanup(&cert_ctx);
+err:
+    ret = 0;
 
+end:
+    X509_STORE_CTX_free(cert_ctx);
     return ret;
 }
 
-static int TS_check_signing_certs(PKCS7_SIGNER_INFO *si,
+static int ts_check_signing_certs(PKCS7_SIGNER_INFO *si,
                                   STACK_OF(X509) *chain)
 {
-    ESS_SIGNING_CERT *ss = ESS_get_signing_cert(si);
+    ESS_SIGNING_CERT *ss = ess_get_signing_cert(si);
     STACK_OF(ESS_CERT_ID) *cert_ids = NULL;
+    ESS_SIGNING_CERT_V2 *ssv2 = ess_get_signing_cert_v2(si);
+    STACK_OF(ESS_CERT_ID_V2) *cert_ids_v2 = NULL;
     X509 *cert;
     int i = 0;
     int ret = 0;
 
-    if (!ss)
-        goto err;
-    cert_ids = ss->cert_ids;
-    /* The signer certificate must be the first in cert_ids. */
-    cert = sk_X509_value(chain, 0);
-    if (TS_find_cert(cert_ids, cert) != 0)
-        goto err;
+    if (ss != NULL) {
+        cert_ids = ss->cert_ids;
+        cert = sk_X509_value(chain, 0);
+        if (ts_find_cert(cert_ids, cert) != 0)
+            goto err;
 
-    /*
-     * Check the other certificates of the chain if there are more than one
-     * certificate ids in cert_ids.
-     */
-    if (sk_ESS_CERT_ID_num(cert_ids) > 1) {
-        /* All the certificates of the chain must be in cert_ids. */
-        for (i = 1; i < sk_X509_num(chain); ++i) {
-            cert = sk_X509_value(chain, i);
-            if (TS_find_cert(cert_ids, cert) < 0)
-                goto err;
+        /*
+         * Check the other certificates of the chain if there are more than one
+         * certificate ids in cert_ids.
+         */
+        if (sk_ESS_CERT_ID_num(cert_ids) > 1) {
+            for (i = 1; i < sk_X509_num(chain); ++i) {
+                cert = sk_X509_value(chain, i);
+                if (ts_find_cert(cert_ids, cert) < 0)
+                    goto err;
+            }
+        }
+    } else if (ssv2 != NULL) {
+        cert_ids_v2 = ssv2->cert_ids;
+        cert = sk_X509_value(chain, 0);
+        if (ts_find_cert_v2(cert_ids_v2, cert) != 0)
+            goto err;
+
+        /*
+         * Check the other certificates of the chain if there are more than one
+         * certificate ids in cert_ids.
+         */
+        if (sk_ESS_CERT_ID_V2_num(cert_ids_v2) > 1) {
+            for (i = 1; i < sk_X509_num(chain); ++i) {
+                cert = sk_X509_value(chain, i);
+                if (ts_find_cert_v2(cert_ids_v2, cert) < 0)
+                    goto err;
+            }
         }
+    } else {
+        goto err;
     }
+
     ret = 1;
  err:
     if (!ret)
         TSerr(TS_F_TS_CHECK_SIGNING_CERTS,
               TS_R_ESS_SIGNING_CERTIFICATE_ERROR);
     ESS_SIGNING_CERT_free(ss);
+    ESS_SIGNING_CERT_V2_free(ssv2);
     return ret;
 }
 
-static ESS_SIGNING_CERT *ESS_get_signing_cert(PKCS7_SIGNER_INFO *si)
+static ESS_SIGNING_CERT *ess_get_signing_cert(PKCS7_SIGNER_INFO *si)
 {
     ASN1_TYPE *attr;
     const unsigned char *p;
@@ -326,14 +270,29 @@ static ESS_SIGNING_CERT *ESS_get_signing_cert(PKCS7_SIGNER_INFO *si)
     return d2i_ESS_SIGNING_CERT(NULL, &p, attr->value.sequence->length);
 }
 
+static ESS_SIGNING_CERT_V2 *ess_get_signing_cert_v2(PKCS7_SIGNER_INFO *si)
+{
+    ASN1_TYPE *attr;
+    const unsigned char *p;
+
+    attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificateV2);
+    if (attr == NULL)
+        return NULL;
+    p = attr->value.sequence->data;
+    return d2i_ESS_SIGNING_CERT_V2(NULL, &p, attr->value.sequence->length);
+}
+
 /* Returns < 0 if certificate is not found, certificate index otherwise. */
-static int TS_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert)
+static int ts_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert)
 {
     int i;
+    unsigned char cert_sha1[SHA_DIGEST_LENGTH];
 
     if (!cert_ids || !cert)
         return -1;
 
+    X509_digest(cert, EVP_sha1(), cert_sha1, NULL);
+
     /* Recompute SHA1 hash of certificate if necessary (side effect). */
     X509_check_purpose(cert, -1, 0);
 
@@ -341,13 +300,10 @@ static int TS_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert)
     for (i = 0; i < sk_ESS_CERT_ID_num(cert_ids); ++i) {
         ESS_CERT_ID *cid = sk_ESS_CERT_ID_value(cert_ids, i);
 
-        /* Check the SHA-1 hash first. */
-        if (cid->hash->length == sizeof(cert->sha1_hash)
-            && !memcmp(cid->hash->data, cert->sha1_hash,
-                       sizeof(cert->sha1_hash))) {
-            /* Check the issuer/serial as well if specified. */
+        if (cid->hash->length == SHA_DIGEST_LENGTH
+            && memcmp(cid->hash->data, cert_sha1, SHA_DIGEST_LENGTH) == 0) {
             ESS_ISSUER_SERIAL *is = cid->issuer_serial;
-            if (!is || !TS_issuer_serial_cmp(is, cert->cert_info))
+            if (!is || !ts_issuer_serial_cmp(is, cert))
                 return i;
         }
     }
@@ -355,21 +311,51 @@ static int TS_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert)
     return -1;
 }
 
-static int TS_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509_CINF *cinfo)
+/* Returns < 0 if certificate is not found, certificate index otherwise. */
+static int ts_find_cert_v2(STACK_OF(ESS_CERT_ID_V2) *cert_ids, X509 *cert)
+{
+    int i;
+    unsigned char cert_digest[EVP_MAX_MD_SIZE];
+    unsigned int len;
+
+    /* Look for cert in the cert_ids vector. */
+    for (i = 0; i < sk_ESS_CERT_ID_V2_num(cert_ids); ++i) {
+        ESS_CERT_ID_V2 *cid = sk_ESS_CERT_ID_V2_value(cert_ids, i);
+        const EVP_MD *md;
+
+        if (cid->hash_alg != NULL)
+            md = EVP_get_digestbyobj(cid->hash_alg->algorithm);
+        else
+            md = EVP_sha256();
+
+        X509_digest(cert, md, cert_digest, &len);
+        if (cid->hash->length != (int)len)
+            return -1;
+
+        if (memcmp(cid->hash->data, cert_digest, cid->hash->length) == 0) {
+            ESS_ISSUER_SERIAL *is = cid->issuer_serial;
+
+            if (is == NULL || !ts_issuer_serial_cmp(is, cert))
+                return i;
+        }
+    }
+
+    return -1;
+}
+
+static int ts_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509 *cert)
 {
     GENERAL_NAME *issuer;
 
-    if (!is || !cinfo || sk_GENERAL_NAME_num(is->issuer) != 1)
+    if (!is || !cert || sk_GENERAL_NAME_num(is->issuer) != 1)
         return -1;
 
-    /* Check the issuer first. It must be a directory name. */
     issuer = sk_GENERAL_NAME_value(is->issuer, 0);
     if (issuer->type != GEN_DIRNAME
-        || X509_NAME_cmp(issuer->d.dirn, cinfo->issuer))
+        || X509_NAME_cmp(issuer->d.dirn, X509_get_issuer_name(cert)))
         return -1;
 
-    /* Check the serial number, too. */
-    if (ASN1_INTEGER_cmp(is->serial, cinfo->serialNumber))
+    if (ASN1_INTEGER_cmp(is->serial, X509_get_serialNumber(cert)))
         return -1;
 
     return 0;
@@ -383,19 +369,16 @@ static int TS_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509_CINF *cinfo)
  */
 int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response)
 {
-    PKCS7 *token = TS_RESP_get_token(response);
-    TS_TST_INFO *tst_info = TS_RESP_get_tst_info(response);
+    PKCS7 *token = response->token;
+    TS_TST_INFO *tst_info = response->tst_info;
     int ret = 0;
 
-    /* Check if we have a successful TS_TST_INFO object in place. */
-    if (!TS_check_status_info(response))
+    if (!ts_check_status_info(response))
         goto err;
-
-    /* Check the contents of the time stamp token. */
-    if (!int_TS_RESP_verify_token(ctx, token, tst_info))
+    if (!int_ts_RESP_verify_token(ctx, token, tst_info))
         goto err;
-
     ret = 1;
+
  err:
     return ret;
 }
@@ -409,7 +392,7 @@ int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token)
     TS_TST_INFO *tst_info = PKCS7_to_TS_TST_INFO(token);
     int ret = 0;
     if (tst_info) {
-        ret = int_TS_RESP_verify_token(ctx, token, tst_info);
+        ret = int_ts_RESP_verify_token(ctx, token, tst_info);
         TS_TST_INFO_free(tst_info);
     }
     return ret;
@@ -427,11 +410,11 @@ int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token)
  *      - Check if the TSA name matches the signer.
  *      - Check if the TSA name is the expected TSA.
  */
-static int int_TS_RESP_verify_token(TS_VERIFY_CTX *ctx,
+static int int_ts_RESP_verify_token(TS_VERIFY_CTX *ctx,
                                     PKCS7 *token, TS_TST_INFO *tst_info)
 {
     X509 *signer = NULL;
-    GENERAL_NAME *tsa_name = TS_TST_INFO_get_tsa(tst_info);
+    GENERAL_NAME *tsa_name = tst_info->tsa;
     X509_ALGOR *md_alg = NULL;
     unsigned char *imprint = NULL;
     unsigned imprint_len = 0;
@@ -444,56 +427,41 @@ static int int_TS_RESP_verify_token(TS_VERIFY_CTX *ctx,
         flags |= TS_VFY_SIGNATURE;
     }
 
-    /* Verify the signature. */
     if ((flags & TS_VFY_SIGNATURE)
         && !TS_RESP_verify_signature(token, ctx->certs, ctx->store, &signer))
         goto err;
-
-    /* Check version number of response. */
     if ((flags & TS_VFY_VERSION)
         && TS_TST_INFO_get_version(tst_info) != 1) {
         TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_UNSUPPORTED_VERSION);
         goto err;
     }
-
-    /* Check policies. */
     if ((flags & TS_VFY_POLICY)
-        && !TS_check_policy(ctx->policy, tst_info))
+        && !ts_check_policy(ctx->policy, tst_info))
         goto err;
-
-    /* Check message imprints. */
     if ((flags & TS_VFY_IMPRINT)
-        && !TS_check_imprints(ctx->md_alg, ctx->imprint, ctx->imprint_len,
+        && !ts_check_imprints(ctx->md_alg, ctx->imprint, ctx->imprint_len,
                               tst_info))
         goto err;
-
-    /* Compute and check message imprints. */
     if ((flags & TS_VFY_DATA)
-        && (!TS_compute_imprint(ctx->data, tst_info,
+        && (!ts_compute_imprint(ctx->data, tst_info,
                                 &md_alg, &imprint, &imprint_len)
-            || !TS_check_imprints(md_alg, imprint, imprint_len, tst_info)))
+            || !ts_check_imprints(md_alg, imprint, imprint_len, tst_info)))
         goto err;
-
-    /* Check nonces. */
     if ((flags & TS_VFY_NONCE)
-        && !TS_check_nonces(ctx->nonce, tst_info))
+        && !ts_check_nonces(ctx->nonce, tst_info))
         goto err;
-
-    /* Check whether TSA name and signer certificate match. */
     if ((flags & TS_VFY_SIGNER)
-        && tsa_name && !TS_check_signer_name(tsa_name, signer)) {
+        && tsa_name && !ts_check_signer_name(tsa_name, signer)) {
         TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_TSA_NAME_MISMATCH);
         goto err;
     }
-
-    /* Check whether the TSA is the expected one. */
     if ((flags & TS_VFY_TSA_NAME)
-        && !TS_check_signer_name(ctx->tsa_name, signer)) {
+        && !ts_check_signer_name(ctx->tsa_name, signer)) {
         TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_TSA_UNTRUSTED);
         goto err;
     }
-
     ret = 1;
+
  err:
     X509_free(signer);
     X509_ALGOR_free(md_alg);
@@ -501,48 +469,45 @@ static int int_TS_RESP_verify_token(TS_VERIFY_CTX *ctx,
     return ret;
 }
 
-static int TS_check_status_info(TS_RESP *response)
+static int ts_check_status_info(TS_RESP *response)
 {
-    TS_STATUS_INFO *info = TS_RESP_get_status_info(response);
+    TS_STATUS_INFO *info = response->status_info;
     long status = ASN1_INTEGER_get(info->status);
     const char *status_text = NULL;
     char *embedded_status_text = NULL;
     char failure_text[TS_STATUS_BUF_SIZE] = "";
 
-    /* Check if everything went fine. */
     if (status == 0 || status == 1)
         return 1;
 
     /* There was an error, get the description in status_text. */
-    if (0 <= status && status < (long)TS_STATUS_TEXT_SIZE)
-        status_text = TS_status_text[status];
+    if (0 <= status && status < (long) OSSL_NELEM(ts_status_text))
+        status_text = ts_status_text[status];
     else
         status_text = "unknown code";
 
-    /* Set the embedded_status_text to the returned description. */
     if (sk_ASN1_UTF8STRING_num(info->text) > 0
-        && !(embedded_status_text = TS_get_status_text(info->text)))
+        && (embedded_status_text = ts_get_status_text(info->text)) == NULL)
         return 0;
 
-    /* Filling in failure_text with the failure information. */
+    /* Fill in failure_text with the failure information. */
     if (info->failure_info) {
         int i;
         int first = 1;
-        for (i = 0; i < (int)TS_FAILURE_INFO_SIZE; ++i) {
+        for (i = 0; i < (int)OSSL_NELEM(ts_failure_info); ++i) {
             if (ASN1_BIT_STRING_get_bit(info->failure_info,
-                                        TS_failure_info[i].code)) {
+                                        ts_failure_info[i].code)) {
                 if (!first)
                     strcat(failure_text, ",");
                 else
                     first = 0;
-                strcat(failure_text, TS_failure_info[i].text);
+                strcat(failure_text, ts_failure_info[i].text);
             }
         }
     }
     if (failure_text[0] == '\0')
         strcpy(failure_text, "unspecified");
 
-    /* Making up the error string. */
     TSerr(TS_F_TS_CHECK_STATUS_INFO, TS_R_NO_TIME_STAMP_TOKEN);
     ERR_add_error_data(6,
                        "status code: ", status_text,
@@ -554,14 +519,13 @@ static int TS_check_status_info(TS_RESP *response)
     return 0;
 }
 
-static char *TS_get_status_text(STACK_OF(ASN1_UTF8STRING) *text)
+static char *ts_get_status_text(STACK_OF(ASN1_UTF8STRING) *text)
 {
     int i;
     int length = 0;
     char *result = NULL;
     char *p;
 
-    /* Determine length first. */
     for (i = 0; i < sk_ASN1_UTF8STRING_num(text); ++i) {
         ASN1_UTF8STRING *current = sk_ASN1_UTF8STRING_value(text, i);
         if (ASN1_STRING_length(current) > TS_MAX_STATUS_LENGTH - length - 1)
@@ -569,29 +533,28 @@ static char *TS_get_status_text(STACK_OF(ASN1_UTF8STRING) *text)
         length += ASN1_STRING_length(current);
         length += 1;            /* separator character */
     }
-    /* Allocate memory (closing '\0' included). */
-    if (!(result = OPENSSL_malloc(length))) {
+    if ((result = OPENSSL_malloc(length)) == NULL) {
         TSerr(TS_F_TS_GET_STATUS_TEXT, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
-    /* Concatenate the descriptions. */
+
     for (i = 0, p = result; i < sk_ASN1_UTF8STRING_num(text); ++i) {
         ASN1_UTF8STRING *current = sk_ASN1_UTF8STRING_value(text, i);
         length = ASN1_STRING_length(current);
         if (i > 0)
             *p++ = '/';
-        strncpy(p, (const char *)ASN1_STRING_data(current), length);
+        strncpy(p, (const char *)ASN1_STRING_get0_data(current), length);
         p += length;
     }
-    /* We do have space for this, too. */
     *p = '\0';
 
     return result;
 }
 
-static int TS_check_policy(ASN1_OBJECT *req_oid, TS_TST_INFO *tst_info)
+static int ts_check_policy(const ASN1_OBJECT *req_oid,
+                           const TS_TST_INFO *tst_info)
 {
-    ASN1_OBJECT *resp_oid = TS_TST_INFO_get_policy_id(tst_info);
+    const ASN1_OBJECT *resp_oid = tst_info->policy_id;
 
     if (OBJ_cmp(req_oid, resp_oid) != 0) {
         TSerr(TS_F_TS_CHECK_POLICY, TS_R_POLICY_MISMATCH);
@@ -601,51 +564,53 @@ static int TS_check_policy(ASN1_OBJECT *req_oid, TS_TST_INFO *tst_info)
     return 1;
 }
 
-static int TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info,
+static int ts_compute_imprint(BIO *data, TS_TST_INFO *tst_info,
                               X509_ALGOR **md_alg,
                               unsigned char **imprint, unsigned *imprint_len)
 {
-    TS_MSG_IMPRINT *msg_imprint = TS_TST_INFO_get_msg_imprint(tst_info);
-    X509_ALGOR *md_alg_resp = TS_MSG_IMPRINT_get_algo(msg_imprint);
+    TS_MSG_IMPRINT *msg_imprint = tst_info->msg_imprint;
+    X509_ALGOR *md_alg_resp = msg_imprint->hash_algo;
     const EVP_MD *md;
-    EVP_MD_CTX md_ctx;
+    EVP_MD_CTX *md_ctx = NULL;
     unsigned char buffer[4096];
     int length;
 
     *md_alg = NULL;
     *imprint = NULL;
 
-    /* Return the MD algorithm of the response. */
-    if (!(*md_alg = X509_ALGOR_dup(md_alg_resp)))
+    if ((*md_alg = X509_ALGOR_dup(md_alg_resp)) == NULL)
         goto err;
-
-    /* Getting the MD object. */
-    if (!(md = EVP_get_digestbyobj((*md_alg)->algorithm))) {
+    if ((md = EVP_get_digestbyobj((*md_alg)->algorithm)) == NULL) {
         TSerr(TS_F_TS_COMPUTE_IMPRINT, TS_R_UNSUPPORTED_MD_ALGORITHM);
         goto err;
     }
-
-    /* Compute message digest. */
     length = EVP_MD_size(md);
     if (length < 0)
         goto err;
     *imprint_len = length;
-    if (!(*imprint = OPENSSL_malloc(*imprint_len))) {
+    if ((*imprint = OPENSSL_malloc(*imprint_len)) == NULL) {
         TSerr(TS_F_TS_COMPUTE_IMPRINT, ERR_R_MALLOC_FAILURE);
         goto err;
     }
 
-    if (!EVP_DigestInit(&md_ctx, md))
+    md_ctx = EVP_MD_CTX_new();
+    if (md_ctx == NULL) {
+        TSerr(TS_F_TS_COMPUTE_IMPRINT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (!EVP_DigestInit(md_ctx, md))
         goto err;
     while ((length = BIO_read(data, buffer, sizeof(buffer))) > 0) {
-        if (!EVP_DigestUpdate(&md_ctx, buffer, length))
+        if (!EVP_DigestUpdate(md_ctx, buffer, length))
             goto err;
     }
-    if (!EVP_DigestFinal(&md_ctx, *imprint, NULL))
+    if (!EVP_DigestFinal(md_ctx, *imprint, NULL))
         goto err;
+    EVP_MD_CTX_free(md_ctx);
 
     return 1;
  err:
+    EVP_MD_CTX_free(md_ctx);
     X509_ALGOR_free(*md_alg);
     OPENSSL_free(*imprint);
     *imprint_len = 0;
@@ -653,17 +618,15 @@ static int TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info,
     return 0;
 }
 
-static int TS_check_imprints(X509_ALGOR *algor_a,
-                             unsigned char *imprint_a, unsigned len_a,
+static int ts_check_imprints(X509_ALGOR *algor_a,
+                             const unsigned char *imprint_a, unsigned len_a,
                              TS_TST_INFO *tst_info)
 {
-    TS_MSG_IMPRINT *b = TS_TST_INFO_get_msg_imprint(tst_info);
-    X509_ALGOR *algor_b = TS_MSG_IMPRINT_get_algo(b);
+    TS_MSG_IMPRINT *b = tst_info->msg_imprint;
+    X509_ALGOR *algor_b = b->hash_algo;
     int ret = 0;
 
-    /* algor_a is optional. */
     if (algor_a) {
-        /* Compare algorithm OIDs. */
         if (OBJ_cmp(algor_a->algorithm, algor_b->algorithm))
             goto err;
 
@@ -675,20 +638,18 @@ static int TS_check_imprints(X509_ALGOR *algor_a,
             goto err;
     }
 
-    /* Compare octet strings. */
     ret = len_a == (unsigned)ASN1_STRING_length(b->hashed_msg) &&
-        memcmp(imprint_a, ASN1_STRING_data(b->hashed_msg), len_a) == 0;
+        memcmp(imprint_a, ASN1_STRING_get0_data(b->hashed_msg), len_a) == 0;
  err:
     if (!ret)
         TSerr(TS_F_TS_CHECK_IMPRINTS, TS_R_MESSAGE_IMPRINT_MISMATCH);
     return ret;
 }
 
-static int TS_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info)
+static int ts_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info)
 {
-    const ASN1_INTEGER *b = TS_TST_INFO_get_nonce(tst_info);
+    const ASN1_INTEGER *b = tst_info->nonce;
 
-    /* Error if nonce is missing. */
     if (!b) {
         TSerr(TS_F_TS_CHECK_NONCES, TS_R_NONCE_NOT_RETURNED);
         return 0;
@@ -707,37 +668,34 @@ static int TS_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info)
  * Check if the specified TSA name matches either the subject or one of the
  * subject alternative names of the TSA certificate.
  */
-static int TS_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer)
+static int ts_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer)
 {
     STACK_OF(GENERAL_NAME) *gen_names = NULL;
     int idx = -1;
     int found = 0;
 
-    /* Check the subject name first. */
     if (tsa_name->type == GEN_DIRNAME
-        && X509_name_cmp(tsa_name->d.dirn, signer->cert_info->subject) == 0)
+        && X509_name_cmp(tsa_name->d.dirn, X509_get_subject_name(signer)) == 0)
         return 1;
-
-    /* Check all the alternative names. */
     gen_names = X509_get_ext_d2i(signer, NID_subject_alt_name, NULL, &idx);
-    while (gen_names != NULL
-           && !(found = TS_find_name(gen_names, tsa_name) >= 0)) {
+    while (gen_names != NULL) {
+        found = ts_find_name(gen_names, tsa_name) >= 0;
+        if (found)
+            break;
         /*
          * Get the next subject alternative name, although there should be no
          * more than one.
          */
         GENERAL_NAMES_free(gen_names);
-        gen_names = X509_get_ext_d2i(signer, NID_subject_alt_name,
-                                     NULL, &idx);
+        gen_names = X509_get_ext_d2i(signer, NID_subject_alt_name, NULL, &idx);
     }
-    if (gen_names)
-        GENERAL_NAMES_free(gen_names);
+    GENERAL_NAMES_free(gen_names);
 
     return found;
 }
 
 /* Returns 1 if name is in gen_names, 0 otherwise. */
-static int TS_find_name(STACK_OF(GENERAL_NAME) *gen_names, GENERAL_NAME *name)
+static int ts_find_name(STACK_OF(GENERAL_NAME) *gen_names, GENERAL_NAME *name)
 {
     int i, found;
     for (i = 0, found = 0; !found && i < sk_GENERAL_NAME_num(gen_names); ++i) {
diff --git a/freebsd/crypto/openssl/crypto/ts/ts_verify_ctx.c b/freebsd/crypto/openssl/crypto/ts/ts_verify_ctx.c
index 071c959f..29da370a 100644
--- a/freebsd/crypto/openssl/crypto/ts/ts_verify_ctx.c
+++ b/freebsd/crypto/openssl/crypto/ts/ts_verify_ctx.c
@@ -1,75 +1,24 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/ts/ts_verify_ctx.c */
 /*
- * Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL project
- * 2003.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/objects.h>
 #include <openssl/ts.h>
+#include "ts_lcl.h"
 
 TS_VERIFY_CTX *TS_VERIFY_CTX_new(void)
 {
-    TS_VERIFY_CTX *ctx =
-        (TS_VERIFY_CTX *)OPENSSL_malloc(sizeof(TS_VERIFY_CTX));
-    if (ctx)
-        memset(ctx, 0, sizeof(TS_VERIFY_CTX));
-    else
+    TS_VERIFY_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
+
+    if (ctx == NULL)
         TSerr(TS_F_TS_VERIFY_CTX_NEW, ERR_R_MALLOC_FAILURE);
     return ctx;
 }
@@ -77,7 +26,7 @@ TS_VERIFY_CTX *TS_VERIFY_CTX_new(void)
 void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx)
 {
     OPENSSL_assert(ctx != NULL);
-    memset(ctx, 0, sizeof(TS_VERIFY_CTX));
+    memset(ctx, 0, sizeof(*ctx));
 }
 
 void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx)
@@ -89,6 +38,45 @@ void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx)
     OPENSSL_free(ctx);
 }
 
+int TS_VERIFY_CTX_add_flags(TS_VERIFY_CTX *ctx, int f)
+{
+    ctx->flags |= f;
+    return ctx->flags;
+}
+
+int TS_VERIFY_CTX_set_flags(TS_VERIFY_CTX *ctx, int f)
+{
+    ctx->flags = f;
+    return ctx->flags;
+}
+
+BIO *TS_VERIFY_CTX_set_data(TS_VERIFY_CTX *ctx, BIO *b)
+{
+    ctx->data = b;
+    return ctx->data;
+}
+
+X509_STORE *TS_VERIFY_CTX_set_store(TS_VERIFY_CTX *ctx, X509_STORE *s)
+{
+    ctx->store = s;
+    return ctx->store;
+}
+
+STACK_OF(X509) *TS_VERIFY_CTS_set_certs(TS_VERIFY_CTX *ctx,
+                                        STACK_OF(X509) *certs)
+{
+    ctx->certs = certs;
+    return ctx->certs;
+}
+
+unsigned char *TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx,
+                                         unsigned char *hexstr, long len)
+{
+    ctx->imprint = hexstr;
+    ctx->imprint_len = len;
+    return ctx->imprint;
+}
+
 void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx)
 {
     if (!ctx)
@@ -123,33 +111,29 @@ TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx)
     OPENSSL_assert(req != NULL);
     if (ret)
         TS_VERIFY_CTX_cleanup(ret);
-    else if (!(ret = TS_VERIFY_CTX_new()))
+    else if ((ret = TS_VERIFY_CTX_new()) == NULL)
         return NULL;
 
-    /* Setting flags. */
     ret->flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE);
 
-    /* Setting policy. */
-    if ((policy = TS_REQ_get_policy_id(req)) != NULL) {
-        if (!(ret->policy = OBJ_dup(policy)))
+    if ((policy = req->policy_id) != NULL) {
+        if ((ret->policy = OBJ_dup(policy)) == NULL)
             goto err;
     } else
         ret->flags &= ~TS_VFY_POLICY;
 
-    /* Setting md_alg, imprint and imprint_len. */
-    imprint = TS_REQ_get_msg_imprint(req);
-    md_alg = TS_MSG_IMPRINT_get_algo(imprint);
-    if (!(ret->md_alg = X509_ALGOR_dup(md_alg)))
+    imprint = req->msg_imprint;
+    md_alg = imprint->hash_algo;
+    if ((ret->md_alg = X509_ALGOR_dup(md_alg)) == NULL)
         goto err;
-    msg = TS_MSG_IMPRINT_get_msg(imprint);
+    msg = imprint->hashed_msg;
     ret->imprint_len = ASN1_STRING_length(msg);
-    if (!(ret->imprint = OPENSSL_malloc(ret->imprint_len)))
+    if ((ret->imprint = OPENSSL_malloc(ret->imprint_len)) == NULL)
         goto err;
-    memcpy(ret->imprint, ASN1_STRING_data(msg), ret->imprint_len);
+    memcpy(ret->imprint, ASN1_STRING_get0_data(msg), ret->imprint_len);
 
-    /* Setting nonce. */
-    if ((nonce = TS_REQ_get_nonce(req)) != NULL) {
-        if (!(ret->nonce = ASN1_INTEGER_dup(nonce)))
+    if ((nonce = req->nonce) != NULL) {
+        if ((ret->nonce = ASN1_INTEGER_dup(nonce)) == NULL)
             goto err;
     } else
         ret->flags &= ~TS_VFY_NONCE;
diff --git a/freebsd/crypto/openssl/crypto/txt_db/txt_db.c b/freebsd/crypto/openssl/crypto/txt_db/txt_db.c
index 089697d8..56af441c 100644
--- a/freebsd/crypto/openssl/crypto/txt_db/txt_db.c
+++ b/freebsd/crypto/openssl/crypto/txt_db/txt_db.c
@@ -1,79 +1,27 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/txt_db/txt_db.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/buffer.h>
 #include <openssl/txt_db.h>
 
 #undef BUFSIZE
 #define BUFSIZE 512
 
-const char TXT_DB_version[] = "TXT_DB" OPENSSL_VERSION_PTEXT;
-
 TXT_DB *TXT_DB_read(BIO *in, int num)
 {
     TXT_DB *ret = NULL;
-    int er = 1;
     int esc = 0;
     long ln = 0;
     int i, add, n;
@@ -88,7 +36,7 @@ TXT_DB *TXT_DB_read(BIO *in, int num)
     if (!BUF_MEM_grow(buf, size))
         goto err;
 
-    if ((ret = OPENSSL_malloc(sizeof(TXT_DB))) == NULL)
+    if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL)
         goto err;
     ret->num_fields = num;
     ret->index = NULL;
@@ -126,7 +74,7 @@ TXT_DB *TXT_DB_read(BIO *in, int num)
             continue;
         else {
             buf->data[offset - 1] = '\0'; /* blat the '\n' */
-            if (!(p = OPENSSL_malloc(add + offset)))
+            if ((p = OPENSSL_malloc(add + offset)) == NULL)
                 goto err;
             offset = 0;
         }
@@ -158,48 +106,27 @@ TXT_DB *TXT_DB_read(BIO *in, int num)
         }
         *(p++) = '\0';
         if ((n != num) || (*f != '\0')) {
-#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) /* temporary
-                                                               * fix :-( */
-            fprintf(stderr,
-                    "wrong number of fields on line %ld (looking for field %d, got %d, '%s' left)\n",
-                    ln, num, n, f);
-#endif
             OPENSSL_free(pp);
-            er = 2;
+            ret->error = DB_ERROR_WRONG_NUM_FIELDS;
             goto err;
         }
         pp[n] = p;
         if (!sk_OPENSSL_PSTRING_push(ret->data, pp)) {
-#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) /* temporary
-                                                               * fix :-( */
-            fprintf(stderr, "failure in sk_push\n");
-#endif
             OPENSSL_free(pp);
-            er = 2;
             goto err;
         }
     }
-    er = 0;
+    BUF_MEM_free(buf);
+    return ret;
  err:
     BUF_MEM_free(buf);
-    if (er) {
-#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)
-        if (er == 1)
-            fprintf(stderr, "OPENSSL_malloc failure\n");
-#endif
-        if (ret != NULL) {
-            if (ret->data != NULL)
-                sk_OPENSSL_PSTRING_free(ret->data);
-            if (ret->index != NULL)
-                OPENSSL_free(ret->index);
-            if (ret->qual != NULL)
-                OPENSSL_free(ret->qual);
-            if (ret != NULL)
-                OPENSSL_free(ret);
-        }
-        return (NULL);
-    } else
-        return (ret);
+    if (ret != NULL) {
+        sk_OPENSSL_PSTRING_free(ret->data);
+        OPENSSL_free(ret->index);
+        OPENSSL_free(ret->qual);
+        OPENSSL_free(ret);
+    }
+    return NULL;
 }
 
 OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx,
@@ -210,20 +137,20 @@ OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx,
 
     if (idx >= db->num_fields) {
         db->error = DB_ERROR_INDEX_OUT_OF_RANGE;
-        return (NULL);
+        return NULL;
     }
     lh = db->index[idx];
     if (lh == NULL) {
         db->error = DB_ERROR_NO_INDEX;
-        return (NULL);
+        return NULL;
     }
     ret = lh_OPENSSL_STRING_retrieve(lh, value);
     db->error = DB_ERROR_OK;
-    return (ret);
+    return ret;
 }
 
 int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *),
-                        LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp)
+                        OPENSSL_LH_HASHFUNC hash, OPENSSL_LH_COMPFUNC cmp)
 {
     LHASH_OF(OPENSSL_STRING) *idx;
     OPENSSL_STRING *r, *k;
@@ -231,12 +158,12 @@ int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *),
 
     if (field >= db->num_fields) {
         db->error = DB_ERROR_INDEX_OUT_OF_RANGE;
-        return (0);
+        return 0;
     }
     /* FIXME: we lose type checking at this point */
-    if ((idx = (LHASH_OF(OPENSSL_STRING) *)lh_new(hash, cmp)) == NULL) {
+    if ((idx = (LHASH_OF(OPENSSL_STRING) *)OPENSSL_LH_new(hash, cmp)) == NULL) {
         db->error = DB_ERROR_MALLOC;
-        return (0);
+        return 0;
     }
     n = sk_OPENSSL_PSTRING_num(db->data);
     for (i = 0; i < n; i++) {
@@ -248,19 +175,18 @@ int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *),
             db->arg1 = sk_OPENSSL_PSTRING_find(db->data, k);
             db->arg2 = i;
             lh_OPENSSL_STRING_free(idx);
-            return (0);
+            return 0;
         }
         if (lh_OPENSSL_STRING_retrieve(idx, r) == NULL) {
             db->error = DB_ERROR_MALLOC;
             lh_OPENSSL_STRING_free(idx);
-            return (0);
+            return 0;
         }
     }
-    if (db->index[field] != NULL)
-        lh_OPENSSL_STRING_free(db->index[field]);
+    lh_OPENSSL_STRING_free(db->index[field]);
     db->index[field] = idx;
     db->qual[field] = qual;
-    return (1);
+    return 1;
 }
 
 long TXT_DB_write(BIO *out, TXT_DB *db)
@@ -306,9 +232,8 @@ long TXT_DB_write(BIO *out, TXT_DB *db)
     }
     ret = tot;
  err:
-    if (buf != NULL)
-        BUF_MEM_free(buf);
-    return (ret);
+    BUF_MEM_free(buf);
+    return ret;
 }
 
 int TXT_DB_insert(TXT_DB *db, OPENSSL_STRING *row)
@@ -341,7 +266,7 @@ int TXT_DB_insert(TXT_DB *db, OPENSSL_STRING *row)
     }
     if (!sk_OPENSSL_PSTRING_push(db->data, row))
         goto err1;
-    return (1);
+    return 1;
 
  err1:
     db->error = DB_ERROR_MALLOC;
@@ -353,7 +278,7 @@ int TXT_DB_insert(TXT_DB *db, OPENSSL_STRING *row)
         }
     }
  err:
-    return (0);
+    return 0;
 }
 
 void TXT_DB_free(TXT_DB *db)
@@ -363,15 +288,12 @@ void TXT_DB_free(TXT_DB *db)
 
     if (db == NULL)
         return;
-
     if (db->index != NULL) {
         for (i = db->num_fields - 1; i >= 0; i--)
-            if (db->index[i] != NULL)
-                lh_OPENSSL_STRING_free(db->index[i]);
+            lh_OPENSSL_STRING_free(db->index[i]);
         OPENSSL_free(db->index);
     }
-    if (db->qual != NULL)
-        OPENSSL_free(db->qual);
+    OPENSSL_free(db->qual);
     if (db->data != NULL) {
         for (i = sk_OPENSSL_PSTRING_num(db->data) - 1; i >= 0; i--) {
             /*
@@ -382,12 +304,10 @@ void TXT_DB_free(TXT_DB *db)
             max = p[db->num_fields]; /* last address */
             if (max == NULL) {  /* new row */
                 for (n = 0; n < db->num_fields; n++)
-                    if (p[n] != NULL)
-                        OPENSSL_free(p[n]);
+                    OPENSSL_free(p[n]);
             } else {
                 for (n = 0; n < db->num_fields; n++) {
-                    if (((p[n] < (char *)p) || (p[n] > max))
-                        && (p[n] != NULL))
+                    if (((p[n] < (char *)p) || (p[n] > max)))
                         OPENSSL_free(p[n]);
                 }
             }
diff --git a/freebsd/crypto/openssl/crypto/txt_db/txt_db.h b/freebsd/crypto/openssl/crypto/txt_db/txt_db.h
deleted file mode 100644
index 98e23a20..00000000
--- a/freebsd/crypto/openssl/crypto/txt_db/txt_db.h
+++ /dev/null
@@ -1,112 +0,0 @@
-/* crypto/txt_db/txt_db.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_TXT_DB_H
-# define HEADER_TXT_DB_H
-
-# include <openssl/opensslconf.h>
-# ifndef OPENSSL_NO_BIO
-#  include <openssl/bio.h>
-# endif
-# include <openssl/stack.h>
-# include <openssl/lhash.h>
-
-# define DB_ERROR_OK                     0
-# define DB_ERROR_MALLOC                 1
-# define DB_ERROR_INDEX_CLASH            2
-# define DB_ERROR_INDEX_OUT_OF_RANGE     3
-# define DB_ERROR_NO_INDEX               4
-# define DB_ERROR_INSERT_INDEX_CLASH     5
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-typedef OPENSSL_STRING *OPENSSL_PSTRING;
-DECLARE_SPECIAL_STACK_OF(OPENSSL_PSTRING, OPENSSL_STRING)
-
-typedef struct txt_db_st {
-    int num_fields;
-    STACK_OF(OPENSSL_PSTRING) *data;
-    LHASH_OF(OPENSSL_STRING) **index;
-    int (**qual) (OPENSSL_STRING *);
-    long error;
-    long arg1;
-    long arg2;
-    OPENSSL_STRING *arg_row;
-} TXT_DB;
-
-# ifndef OPENSSL_NO_BIO
-TXT_DB *TXT_DB_read(BIO *in, int num);
-long TXT_DB_write(BIO *out, TXT_DB *db);
-# else
-TXT_DB *TXT_DB_read(char *in, int num);
-long TXT_DB_write(char *out, TXT_DB *db);
-# endif
-int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *),
-                        LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp);
-void TXT_DB_free(TXT_DB *db);
-OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx,
-                                    OPENSSL_STRING *value);
-int TXT_DB_insert(TXT_DB *db, OPENSSL_STRING *value);
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/freebsd/crypto/openssl/crypto/ui/ui_compat.c b/freebsd/crypto/openssl/crypto/ui/ui_compat.c
deleted file mode 100644
index 014572a2..00000000
--- a/freebsd/crypto/openssl/crypto/ui/ui_compat.c
+++ /dev/null
@@ -1,71 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/ui/ui_compat.c */
-/* ====================================================================
- * Copyright (c) 2001-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <string.h>
-#include <openssl/ui_compat.h>
-
-int _ossl_old_des_read_pw_string(char *buf, int length, const char *prompt,
-                                 int verify)
-{
-    return UI_UTIL_read_pw_string(buf, length, prompt, verify);
-}
-
-int _ossl_old_des_read_pw(char *buf, char *buff, int size, const char *prompt,
-                          int verify)
-{
-    return UI_UTIL_read_pw(buf, buff, size, prompt, verify);
-}
diff --git a/freebsd/crypto/openssl/crypto/ui/ui_compat.h b/freebsd/crypto/openssl/crypto/ui/ui_compat.h
deleted file mode 100644
index bf541542..00000000
--- a/freebsd/crypto/openssl/crypto/ui/ui_compat.h
+++ /dev/null
@@ -1,88 +0,0 @@
-/* crypto/ui/ui.h */
-/*
- * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
- * 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_UI_COMPAT_H
-# define HEADER_UI_COMPAT_H
-
-# include <openssl/opensslconf.h>
-# include <openssl/ui.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/*
- * The following functions were previously part of the DES section, and are
- * provided here for backward compatibility reasons.
- */
-
-# define des_read_pw_string(b,l,p,v) \
-        _ossl_old_des_read_pw_string((b),(l),(p),(v))
-# define des_read_pw(b,bf,s,p,v) \
-        _ossl_old_des_read_pw((b),(bf),(s),(p),(v))
-
-int _ossl_old_des_read_pw_string(char *buf, int length, const char *prompt,
-                                 int verify);
-int _ossl_old_des_read_pw(char *buf, char *buff, int size, const char *prompt,
-                          int verify);
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/freebsd/crypto/openssl/crypto/ui/ui_err.c b/freebsd/crypto/openssl/crypto/ui/ui_err.c
index 64e54201..0f2c24fe 100644
--- a/freebsd/crypto/openssl/crypto/ui/ui_err.c
+++ b/freebsd/crypto/openssl/crypto/ui/ui_err.c
@@ -1,113 +1,80 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/ui/ui_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
 /*
- * NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
-#include <openssl/ui.h>
+#include <openssl/uierr.h>
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_UI,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_UI,0,reason)
-
-static ERR_STRING_DATA UI_str_functs[] = {
-    {ERR_FUNC(UI_F_GENERAL_ALLOCATE_BOOLEAN), "GENERAL_ALLOCATE_BOOLEAN"},
-    {ERR_FUNC(UI_F_GENERAL_ALLOCATE_PROMPT), "GENERAL_ALLOCATE_PROMPT"},
-    {ERR_FUNC(UI_F_GENERAL_ALLOCATE_STRING), "GENERAL_ALLOCATE_STRING"},
-    {ERR_FUNC(UI_F_UI_CTRL), "UI_ctrl"},
-    {ERR_FUNC(UI_F_UI_DUP_ERROR_STRING), "UI_dup_error_string"},
-    {ERR_FUNC(UI_F_UI_DUP_INFO_STRING), "UI_dup_info_string"},
-    {ERR_FUNC(UI_F_UI_DUP_INPUT_BOOLEAN), "UI_dup_input_boolean"},
-    {ERR_FUNC(UI_F_UI_DUP_INPUT_STRING), "UI_dup_input_string"},
-    {ERR_FUNC(UI_F_UI_DUP_VERIFY_STRING), "UI_dup_verify_string"},
-    {ERR_FUNC(UI_F_UI_GET0_RESULT), "UI_get0_result"},
-    {ERR_FUNC(UI_F_UI_NEW_METHOD), "UI_new_method"},
-    {ERR_FUNC(UI_F_UI_SET_RESULT), "UI_set_result"},
+static const ERR_STRING_DATA UI_str_functs[] = {
+    {ERR_PACK(ERR_LIB_UI, UI_F_CLOSE_CONSOLE, 0), "close_console"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_ECHO_CONSOLE, 0), "echo_console"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_GENERAL_ALLOCATE_BOOLEAN, 0),
+     "general_allocate_boolean"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_GENERAL_ALLOCATE_PROMPT, 0),
+     "general_allocate_prompt"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_NOECHO_CONSOLE, 0), "noecho_console"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_OPEN_CONSOLE, 0), "open_console"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_CONSTRUCT_PROMPT, 0), "UI_construct_prompt"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_CREATE_METHOD, 0), "UI_create_method"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_CTRL, 0), "UI_ctrl"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_DUP_ERROR_STRING, 0), "UI_dup_error_string"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_DUP_INFO_STRING, 0), "UI_dup_info_string"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_DUP_INPUT_BOOLEAN, 0),
+     "UI_dup_input_boolean"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_DUP_INPUT_STRING, 0), "UI_dup_input_string"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_DUP_USER_DATA, 0), "UI_dup_user_data"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_DUP_VERIFY_STRING, 0),
+     "UI_dup_verify_string"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_GET0_RESULT, 0), "UI_get0_result"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_GET_RESULT_LENGTH, 0),
+     "UI_get_result_length"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_NEW_METHOD, 0), "UI_new_method"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_PROCESS, 0), "UI_process"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_SET_RESULT, 0), "UI_set_result"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_SET_RESULT_EX, 0), "UI_set_result_ex"},
     {0, NULL}
 };
 
-static ERR_STRING_DATA UI_str_reasons[] = {
-    {ERR_REASON(UI_R_COMMON_OK_AND_CANCEL_CHARACTERS),
-     "common ok and cancel characters"},
-    {ERR_REASON(UI_R_INDEX_TOO_LARGE), "index too large"},
-    {ERR_REASON(UI_R_INDEX_TOO_SMALL), "index too small"},
-    {ERR_REASON(UI_R_NO_RESULT_BUFFER), "no result buffer"},
-    {ERR_REASON(UI_R_RESULT_TOO_LARGE), "result too large"},
-    {ERR_REASON(UI_R_RESULT_TOO_SMALL), "result too small"},
-    {ERR_REASON(UI_R_UNKNOWN_CONTROL_COMMAND), "unknown control command"},
+static const ERR_STRING_DATA UI_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_UI, 0, UI_R_COMMON_OK_AND_CANCEL_CHARACTERS),
+    "common ok and cancel characters"},
+    {ERR_PACK(ERR_LIB_UI, 0, UI_R_INDEX_TOO_LARGE), "index too large"},
+    {ERR_PACK(ERR_LIB_UI, 0, UI_R_INDEX_TOO_SMALL), "index too small"},
+    {ERR_PACK(ERR_LIB_UI, 0, UI_R_NO_RESULT_BUFFER), "no result buffer"},
+    {ERR_PACK(ERR_LIB_UI, 0, UI_R_PROCESSING_ERROR), "processing error"},
+    {ERR_PACK(ERR_LIB_UI, 0, UI_R_RESULT_TOO_LARGE), "result too large"},
+    {ERR_PACK(ERR_LIB_UI, 0, UI_R_RESULT_TOO_SMALL), "result too small"},
+    {ERR_PACK(ERR_LIB_UI, 0, UI_R_SYSASSIGN_ERROR), "sys$assign error"},
+    {ERR_PACK(ERR_LIB_UI, 0, UI_R_SYSDASSGN_ERROR), "sys$dassgn error"},
+    {ERR_PACK(ERR_LIB_UI, 0, UI_R_SYSQIOW_ERROR), "sys$qiow error"},
+    {ERR_PACK(ERR_LIB_UI, 0, UI_R_UNKNOWN_CONTROL_COMMAND),
+    "unknown control command"},
+    {ERR_PACK(ERR_LIB_UI, 0, UI_R_UNKNOWN_TTYGET_ERRNO_VALUE),
+    "unknown ttyget errno value"},
+    {ERR_PACK(ERR_LIB_UI, 0, UI_R_USER_DATA_DUPLICATION_UNSUPPORTED),
+    "user data duplication unsupported"},
     {0, NULL}
 };
 
 #endif
 
-void ERR_load_UI_strings(void)
+int ERR_load_UI_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
-
     if (ERR_func_error_string(UI_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, UI_str_functs);
-        ERR_load_strings(0, UI_str_reasons);
+        ERR_load_strings_const(UI_str_functs);
+        ERR_load_strings_const(UI_str_reasons);
     }
 #endif
+    return 1;
 }
diff --git a/freebsd/crypto/openssl/crypto/ui/ui_lib.c b/freebsd/crypto/openssl/crypto/ui/ui_lib.c
index a967246c..3f01a4e3 100644
--- a/freebsd/crypto/openssl/crypto/ui/ui_lib.c
+++ b/freebsd/crypto/openssl/crypto/ui/ui_lib.c
@@ -1,99 +1,53 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/ui/ui_lib.c */
 /*
- * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
- * 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <string.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/e_os2.h>
 #include <openssl/buffer.h>
 #include <openssl/ui.h>
 #include <openssl/err.h>
 #include "ui_locl.h"
 
-IMPLEMENT_STACK_OF(UI_STRING_ST)
-
-static const UI_METHOD *default_UI_meth = NULL;
-
 UI *UI_new(void)
 {
-    return (UI_new_method(NULL));
+    return UI_new_method(NULL);
 }
 
 UI *UI_new_method(const UI_METHOD *method)
 {
-    UI *ret;
+    UI *ret = OPENSSL_zalloc(sizeof(*ret));
 
-    ret = (UI *)OPENSSL_malloc(sizeof(UI));
     if (ret == NULL) {
         UIerr(UI_F_UI_NEW_METHOD, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
+
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        UIerr(UI_F_UI_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+
+    if (method == NULL)
+        method = UI_get_default_method();
     if (method == NULL)
-        ret->meth = UI_get_default_method();
-    else
-        ret->meth = method;
-
-    ret->strings = NULL;
-    ret->user_data = NULL;
-    ret->flags = 0;
-    CRYPTO_new_ex_data(CRYPTO_EX_INDEX_UI, ret, &ret->ex_data);
+        method = UI_null();
+    ret->meth = method;
+
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_UI, ret, &ret->ex_data)) {
+        OPENSSL_free(ret);
+        return NULL;
+    }
     return ret;
 }
 
@@ -107,7 +61,11 @@ static void free_string(UI_STRING *uis)
             OPENSSL_free((char *)uis->_.boolean_data.ok_chars);
             OPENSSL_free((char *)uis->_.boolean_data.cancel_chars);
             break;
-        default:
+        case UIT_NONE:
+        case UIT_PROMPT:
+        case UIT_VERIFY:
+        case UIT_ERROR:
+        case UIT_INFO:
             break;
         }
     }
@@ -118,8 +76,12 @@ void UI_free(UI *ui)
 {
     if (ui == NULL)
         return;
+    if ((ui->flags & UI_FLAG_DUPL_DATA) != 0) {
+        ui->meth->ui_destroy_data(ui, ui->user_data);
+    }
     sk_UI_STRING_pop_free(ui->strings, free_string);
     CRYPTO_free_ex_data(CRYPTO_EX_INDEX_UI, ui, &ui->ex_data);
+    CRYPTO_THREAD_lock_free(ui->lock);
     OPENSSL_free(ui);
 }
 
@@ -146,7 +108,7 @@ static UI_STRING *general_allocate_prompt(UI *ui, const char *prompt,
     } else if ((type == UIT_PROMPT || type == UIT_VERIFY
                 || type == UIT_BOOLEAN) && result_buf == NULL) {
         UIerr(UI_F_GENERAL_ALLOCATE_PROMPT, UI_R_NO_RESULT_BUFFER);
-    } else if ((ret = (UI_STRING *)OPENSSL_malloc(sizeof(UI_STRING)))) {
+    } else if ((ret = OPENSSL_malloc(sizeof(*ret))) != NULL) {
         ret->out_string = prompt;
         ret->flags = prompt_freeable ? OUT_STRING_FREEABLE : 0;
         ret->input_flags = input_flags;
@@ -172,9 +134,11 @@ static int general_allocate_string(UI *ui, const char *prompt,
             s->_.string_data.result_maxsize = maxsize;
             s->_.string_data.test_buf = test_buf;
             ret = sk_UI_STRING_push(ui->strings, s);
-            /* sk_push() returns 0 on error.  Let's addapt that */
-            if (ret <= 0)
+            /* sk_push() returns 0 on error.  Let's adapt that */
+            if (ret <= 0) {
                 ret--;
+                free_string(s);
+            }
         } else
             free_string(s);
     }
@@ -216,10 +180,12 @@ static int general_allocate_boolean(UI *ui,
                 s->_.boolean_data.cancel_chars = cancel_chars;
                 ret = sk_UI_STRING_push(ui->strings, s);
                 /*
-                 * sk_push() returns 0 on error. Let's addapt that
+                 * sk_push() returns 0 on error. Let's adapt that
                  */
-                if (ret <= 0)
+                if (ret <= 0) {
                     ret--;
+                    free_string(s);
+                }
             } else
                 free_string(s);
         }
@@ -246,7 +212,7 @@ int UI_dup_input_string(UI *ui, const char *prompt, int flags,
     char *prompt_copy = NULL;
 
     if (prompt != NULL) {
-        prompt_copy = BUF_strdup(prompt);
+        prompt_copy = OPENSSL_strdup(prompt);
         if (prompt_copy == NULL) {
             UIerr(UI_F_UI_DUP_INPUT_STRING, ERR_R_MALLOC_FAILURE);
             return 0;
@@ -274,7 +240,7 @@ int UI_dup_verify_string(UI *ui, const char *prompt, int flags,
     char *prompt_copy = NULL;
 
     if (prompt != NULL) {
-        prompt_copy = BUF_strdup(prompt);
+        prompt_copy = OPENSSL_strdup(prompt);
         if (prompt_copy == NULL) {
             UIerr(UI_F_UI_DUP_VERIFY_STRING, ERR_R_MALLOC_FAILURE);
             return -1;
@@ -305,7 +271,7 @@ int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
     char *cancel_chars_copy = NULL;
 
     if (prompt != NULL) {
-        prompt_copy = BUF_strdup(prompt);
+        prompt_copy = OPENSSL_strdup(prompt);
         if (prompt_copy == NULL) {
             UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);
             goto err;
@@ -313,7 +279,7 @@ int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
     }
 
     if (action_desc != NULL) {
-        action_desc_copy = BUF_strdup(action_desc);
+        action_desc_copy = OPENSSL_strdup(action_desc);
         if (action_desc_copy == NULL) {
             UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);
             goto err;
@@ -321,7 +287,7 @@ int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
     }
 
     if (ok_chars != NULL) {
-        ok_chars_copy = BUF_strdup(ok_chars);
+        ok_chars_copy = OPENSSL_strdup(ok_chars);
         if (ok_chars_copy == NULL) {
             UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);
             goto err;
@@ -329,7 +295,7 @@ int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
     }
 
     if (cancel_chars != NULL) {
-        cancel_chars_copy = BUF_strdup(cancel_chars);
+        cancel_chars_copy = OPENSSL_strdup(cancel_chars);
         if (cancel_chars_copy == NULL) {
             UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);
             goto err;
@@ -340,14 +306,10 @@ int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
                                     ok_chars_copy, cancel_chars_copy, 1,
                                     UIT_BOOLEAN, flags, result_buf);
  err:
-    if (prompt_copy)
-        OPENSSL_free(prompt_copy);
-    if (action_desc_copy)
-        OPENSSL_free(action_desc_copy);
-    if (ok_chars_copy)
-        OPENSSL_free(ok_chars_copy);
-    if (cancel_chars_copy)
-        OPENSSL_free(cancel_chars_copy);
+    OPENSSL_free(prompt_copy);
+    OPENSSL_free(action_desc_copy);
+    OPENSSL_free(ok_chars_copy);
+    OPENSSL_free(cancel_chars_copy);
     return -1;
 }
 
@@ -362,7 +324,7 @@ int UI_dup_info_string(UI *ui, const char *text)
     char *text_copy = NULL;
 
     if (text != NULL) {
-        text_copy = BUF_strdup(text);
+        text_copy = OPENSSL_strdup(text);
         if (text_copy == NULL) {
             UIerr(UI_F_UI_DUP_INFO_STRING, ERR_R_MALLOC_FAILURE);
             return -1;
@@ -384,7 +346,7 @@ int UI_dup_error_string(UI *ui, const char *text)
     char *text_copy = NULL;
 
     if (text != NULL) {
-        text_copy = BUF_strdup(text);
+        text_copy = OPENSSL_strdup(text);
         if (text_copy == NULL) {
             UIerr(UI_F_UI_DUP_ERROR_STRING, ERR_R_MALLOC_FAILURE);
             return -1;
@@ -414,16 +376,17 @@ char *UI_construct_prompt(UI *ui, const char *object_desc,
             len += sizeof(prompt2) - 1 + strlen(object_name);
         len += sizeof(prompt3) - 1;
 
-        prompt = (char *)OPENSSL_malloc(len + 1);
-        if (prompt == NULL)
+        if ((prompt = OPENSSL_malloc(len + 1)) == NULL) {
+            UIerr(UI_F_UI_CONSTRUCT_PROMPT, ERR_R_MALLOC_FAILURE);
             return NULL;
-        BUF_strlcpy(prompt, prompt1, len + 1);
-        BUF_strlcat(prompt, object_desc, len + 1);
+        }
+        OPENSSL_strlcpy(prompt, prompt1, len + 1);
+        OPENSSL_strlcat(prompt, object_desc, len + 1);
         if (object_name != NULL) {
-            BUF_strlcat(prompt, prompt2, len + 1);
-            BUF_strlcat(prompt, object_name, len + 1);
+            OPENSSL_strlcat(prompt, prompt2, len + 1);
+            OPENSSL_strlcat(prompt, object_name, len + 1);
         }
-        BUF_strlcat(prompt, prompt3, len + 1);
+        OPENSSL_strlcat(prompt, prompt3, len + 1);
     }
     return prompt;
 }
@@ -431,10 +394,38 @@ char *UI_construct_prompt(UI *ui, const char *object_desc,
 void *UI_add_user_data(UI *ui, void *user_data)
 {
     void *old_data = ui->user_data;
+
+    if ((ui->flags & UI_FLAG_DUPL_DATA) != 0) {
+        ui->meth->ui_destroy_data(ui, old_data);
+        old_data = NULL;
+    }
     ui->user_data = user_data;
+    ui->flags &= ~UI_FLAG_DUPL_DATA;
     return old_data;
 }
 
+int UI_dup_user_data(UI *ui, void *user_data)
+{
+    void *duplicate = NULL;
+
+    if (ui->meth->ui_duplicate_data == NULL
+        || ui->meth->ui_destroy_data == NULL) {
+        UIerr(UI_F_UI_DUP_USER_DATA, UI_R_USER_DATA_DUPLICATION_UNSUPPORTED);
+        return -1;
+    }
+
+    duplicate = ui->meth->ui_duplicate_data(ui, user_data);
+    if (duplicate == NULL) {
+        UIerr(UI_F_UI_DUP_USER_DATA, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+
+    (void)UI_add_user_data(ui, duplicate);
+    ui->flags |= UI_FLAG_DUPL_DATA;
+
+    return 0;
+}
+
 void *UI_get0_user_data(UI *ui)
 {
     return ui->user_data;
@@ -453,6 +444,19 @@ const char *UI_get0_result(UI *ui, int i)
     return UI_get0_result_string(sk_UI_STRING_value(ui->strings, i));
 }
 
+int UI_get_result_length(UI *ui, int i)
+{
+    if (i < 0) {
+        UIerr(UI_F_UI_GET_RESULT_LENGTH, UI_R_INDEX_TOO_SMALL);
+        return -1;
+    }
+    if (i >= sk_UI_STRING_num(ui->strings)) {
+        UIerr(UI_F_UI_GET_RESULT_LENGTH, UI_R_INDEX_TOO_LARGE);
+        return -1;
+    }
+    return UI_get_result_string_length(sk_UI_STRING_value(ui->strings, i));
+}
+
 static int print_error(const char *str, size_t len, UI *ui)
 {
     UI_STRING uis;
@@ -470,9 +474,11 @@ static int print_error(const char *str, size_t len, UI *ui)
 int UI_process(UI *ui)
 {
     int i, ok = 0;
+    const char *state = "processing";
 
     if (ui->meth->ui_open_session != NULL
         && ui->meth->ui_open_session(ui) <= 0) {
+        state = "opening session";
         ok = -1;
         goto err;
     }
@@ -487,6 +493,7 @@ int UI_process(UI *ui)
                                           sk_UI_STRING_value(ui->strings, i))
                 <= 0))
         {
+            state = "writing strings";
             ok = -1;
             goto err;
         }
@@ -498,6 +505,7 @@ int UI_process(UI *ui)
             ok = -2;
             goto err;
         case 0:                /* Errors */
+            state = "flushing";
             ok = -1;
             goto err;
         default:               /* Success */
@@ -514,6 +522,7 @@ int UI_process(UI *ui)
                 ok = -2;
                 goto err;
             case 0:            /* Errors */
+                state = "reading strings";
                 ok = -1;
                 goto err;
             default:           /* Success */
@@ -523,10 +532,19 @@ int UI_process(UI *ui)
         }
     }
 
+    state = NULL;
  err:
     if (ui->meth->ui_close_session != NULL
-        && ui->meth->ui_close_session(ui) <= 0)
-        return -1;
+        && ui->meth->ui_close_session(ui) <= 0) {
+        if (state == NULL)
+            state = "closing session";
+        ok = -1;
+    }
+
+    if (ok == -1) {
+        UIerr(UI_F_UI_PROCESS, UI_R_PROCESSING_ERROR);
+        ERR_add_error_data(2, "while ", state);
+    }
     return ok;
 }
 
@@ -555,34 +573,14 @@ int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void))
     return -1;
 }
 
-int UI_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-                        CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
-{
-    return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI, argl, argp,
-                                   new_func, dup_func, free_func);
-}
-
 int UI_set_ex_data(UI *r, int idx, void *arg)
 {
-    return (CRYPTO_set_ex_data(&r->ex_data, idx, arg));
+    return CRYPTO_set_ex_data(&r->ex_data, idx, arg);
 }
 
 void *UI_get_ex_data(UI *r, int idx)
 {
-    return (CRYPTO_get_ex_data(&r->ex_data, idx));
-}
-
-void UI_set_default_method(const UI_METHOD *meth)
-{
-    default_UI_meth = meth;
-}
-
-const UI_METHOD *UI_get_default_method(void)
-{
-    if (default_UI_meth == NULL) {
-        default_UI_meth = UI_OpenSSL();
-    }
-    return default_UI_meth;
+    return CRYPTO_get_ex_data(&r->ex_data, idx);
 }
 
 const UI_METHOD *UI_get_method(UI *ui)
@@ -596,13 +594,19 @@ const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth)
     return ui->meth;
 }
 
-UI_METHOD *UI_create_method(char *name)
+UI_METHOD *UI_create_method(const char *name)
 {
-    UI_METHOD *ui_method = (UI_METHOD *)OPENSSL_malloc(sizeof(UI_METHOD));
+    UI_METHOD *ui_method = NULL;
 
-    if (ui_method) {
-        memset(ui_method, 0, sizeof(*ui_method));
-        ui_method->name = BUF_strdup(name);
+    if ((ui_method = OPENSSL_zalloc(sizeof(*ui_method))) == NULL
+        || (ui_method->name = OPENSSL_strdup(name)) == NULL
+        || !CRYPTO_new_ex_data(CRYPTO_EX_INDEX_UI_METHOD, ui_method,
+                               &ui_method->ex_data)) {
+        if (ui_method)
+            OPENSSL_free(ui_method->name);
+        OPENSSL_free(ui_method);
+        UIerr(UI_F_UI_CREATE_METHOD, ERR_R_MALLOC_FAILURE);
+        return NULL;
     }
     return ui_method;
 }
@@ -614,6 +618,10 @@ UI_METHOD *UI_create_method(char *name)
  */
 void UI_destroy_method(UI_METHOD *ui_method)
 {
+    if (ui_method == NULL)
+        return;
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_UI_METHOD, ui_method,
+                        &ui_method->ex_data);
     OPENSSL_free(ui_method->name);
     ui_method->name = NULL;
     OPENSSL_free(ui_method);
@@ -666,6 +674,18 @@ int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui))
     return -1;
 }
 
+int UI_method_set_data_duplicator(UI_METHOD *method,
+                                  void *(*duplicator) (UI *ui, void *ui_data),
+                                  void (*destructor)(UI *ui, void *ui_data))
+{
+    if (method != NULL) {
+        method->ui_duplicate_data = duplicator;
+        method->ui_destroy_data = destructor;
+        return 0;
+    }
+    return -1;
+}
+
 int UI_method_set_prompt_constructor(UI_METHOD *method,
                                      char *(*prompt_constructor) (UI *ui,
                                                                   const char
@@ -680,142 +700,194 @@ int UI_method_set_prompt_constructor(UI_METHOD *method,
     return -1;
 }
 
-int (*UI_method_get_opener(UI_METHOD *method)) (UI *)
+int UI_method_set_ex_data(UI_METHOD *method, int idx, void *data)
+{
+    return CRYPTO_set_ex_data(&method->ex_data, idx, data);
+}
+
+int (*UI_method_get_opener(const UI_METHOD *method)) (UI *)
 {
     if (method != NULL)
         return method->ui_open_session;
     return NULL;
 }
 
-int (*UI_method_get_writer(UI_METHOD *method)) (UI *, UI_STRING *)
+int (*UI_method_get_writer(const UI_METHOD *method)) (UI *, UI_STRING *)
 {
     if (method != NULL)
         return method->ui_write_string;
     return NULL;
 }
 
-int (*UI_method_get_flusher(UI_METHOD *method)) (UI *)
+int (*UI_method_get_flusher(const UI_METHOD *method)) (UI *)
 {
     if (method != NULL)
         return method->ui_flush;
     return NULL;
 }
 
-int (*UI_method_get_reader(UI_METHOD *method)) (UI *, UI_STRING *)
+int (*UI_method_get_reader(const UI_METHOD *method)) (UI *, UI_STRING *)
 {
     if (method != NULL)
         return method->ui_read_string;
     return NULL;
 }
 
-int (*UI_method_get_closer(UI_METHOD *method)) (UI *)
+int (*UI_method_get_closer(const UI_METHOD *method)) (UI *)
 {
     if (method != NULL)
         return method->ui_close_session;
     return NULL;
 }
 
-char *(*UI_method_get_prompt_constructor(UI_METHOD *method)) (UI *,
-                                                              const char *,
-                                                              const char *)
+char *(*UI_method_get_prompt_constructor(const UI_METHOD *method))
+    (UI *, const char *, const char *)
 {
     if (method != NULL)
         return method->ui_construct_prompt;
     return NULL;
 }
 
+void *(*UI_method_get_data_duplicator(const UI_METHOD *method)) (UI *, void *)
+{
+    if (method != NULL)
+        return method->ui_duplicate_data;
+    return NULL;
+}
+
+void (*UI_method_get_data_destructor(const UI_METHOD *method)) (UI *, void *)
+{
+    if (method != NULL)
+        return method->ui_destroy_data;
+    return NULL;
+}
+
+const void *UI_method_get_ex_data(const UI_METHOD *method, int idx)
+{
+    return CRYPTO_get_ex_data(&method->ex_data, idx);
+}
+
 enum UI_string_types UI_get_string_type(UI_STRING *uis)
 {
-    if (!uis)
-        return UIT_NONE;
     return uis->type;
 }
 
 int UI_get_input_flags(UI_STRING *uis)
 {
-    if (!uis)
-        return 0;
     return uis->input_flags;
 }
 
 const char *UI_get0_output_string(UI_STRING *uis)
 {
-    if (!uis)
-        return NULL;
     return uis->out_string;
 }
 
 const char *UI_get0_action_string(UI_STRING *uis)
 {
-    if (!uis)
-        return NULL;
     switch (uis->type) {
     case UIT_BOOLEAN:
         return uis->_.boolean_data.action_desc;
-    default:
-        return NULL;
+    case UIT_PROMPT:
+    case UIT_NONE:
+    case UIT_VERIFY:
+    case UIT_INFO:
+    case UIT_ERROR:
+        break;
     }
+    return NULL;
 }
 
 const char *UI_get0_result_string(UI_STRING *uis)
 {
-    if (!uis)
-        return NULL;
     switch (uis->type) {
     case UIT_PROMPT:
     case UIT_VERIFY:
         return uis->result_buf;
-    default:
-        return NULL;
+    case UIT_NONE:
+    case UIT_BOOLEAN:
+    case UIT_INFO:
+    case UIT_ERROR:
+        break;
     }
+    return NULL;
+}
+
+int UI_get_result_string_length(UI_STRING *uis)
+{
+    switch (uis->type) {
+    case UIT_PROMPT:
+    case UIT_VERIFY:
+        return uis->result_len;
+    case UIT_NONE:
+    case UIT_BOOLEAN:
+    case UIT_INFO:
+    case UIT_ERROR:
+        break;
+    }
+    return -1;
 }
 
 const char *UI_get0_test_string(UI_STRING *uis)
 {
-    if (!uis)
-        return NULL;
     switch (uis->type) {
     case UIT_VERIFY:
         return uis->_.string_data.test_buf;
-    default:
-        return NULL;
+    case UIT_NONE:
+    case UIT_BOOLEAN:
+    case UIT_INFO:
+    case UIT_ERROR:
+    case UIT_PROMPT:
+        break;
     }
+    return NULL;
 }
 
 int UI_get_result_minsize(UI_STRING *uis)
 {
-    if (!uis)
-        return -1;
     switch (uis->type) {
     case UIT_PROMPT:
     case UIT_VERIFY:
         return uis->_.string_data.result_minsize;
-    default:
-        return -1;
+    case UIT_NONE:
+    case UIT_INFO:
+    case UIT_ERROR:
+    case UIT_BOOLEAN:
+        break;
     }
+    return -1;
 }
 
 int UI_get_result_maxsize(UI_STRING *uis)
 {
-    if (!uis)
-        return -1;
     switch (uis->type) {
     case UIT_PROMPT:
     case UIT_VERIFY:
         return uis->_.string_data.result_maxsize;
-    default:
-        return -1;
+    case UIT_NONE:
+    case UIT_INFO:
+    case UIT_ERROR:
+    case UIT_BOOLEAN:
+        break;
     }
+    return -1;
 }
 
 int UI_set_result(UI *ui, UI_STRING *uis, const char *result)
 {
-    int l = strlen(result);
+#if 0
+    /*
+     * This is placed here solely to preserve UI_F_UI_SET_RESULT
+     * To be removed for OpenSSL 1.2.0
+     */
+    UIerr(UI_F_UI_SET_RESULT, ERR_R_DISABLED);
+#endif
+    return UI_set_result_ex(ui, uis, result, strlen(result));
+}
 
+int UI_set_result_ex(UI *ui, UI_STRING *uis, const char *result, int len)
+{
     ui->flags &= ~UI_FLAG_REDOABLE;
 
-    if (!uis)
-        return -1;
     switch (uis->type) {
     case UIT_PROMPT:
     case UIT_VERIFY:
@@ -828,36 +900,38 @@ int UI_set_result(UI *ui, UI_STRING *uis, const char *result)
             BIO_snprintf(number2, sizeof(number2), "%d",
                          uis->_.string_data.result_maxsize);
 
-            if (l < uis->_.string_data.result_minsize) {
+            if (len < uis->_.string_data.result_minsize) {
                 ui->flags |= UI_FLAG_REDOABLE;
-                UIerr(UI_F_UI_SET_RESULT, UI_R_RESULT_TOO_SMALL);
+                UIerr(UI_F_UI_SET_RESULT_EX, UI_R_RESULT_TOO_SMALL);
                 ERR_add_error_data(5, "You must type in ",
                                    number1, " to ", number2, " characters");
                 return -1;
             }
-            if (l > uis->_.string_data.result_maxsize) {
+            if (len > uis->_.string_data.result_maxsize) {
                 ui->flags |= UI_FLAG_REDOABLE;
-                UIerr(UI_F_UI_SET_RESULT, UI_R_RESULT_TOO_LARGE);
+                UIerr(UI_F_UI_SET_RESULT_EX, UI_R_RESULT_TOO_LARGE);
                 ERR_add_error_data(5, "You must type in ",
                                    number1, " to ", number2, " characters");
                 return -1;
             }
         }
 
-        if (!uis->result_buf) {
-            UIerr(UI_F_UI_SET_RESULT, UI_R_NO_RESULT_BUFFER);
+        if (uis->result_buf == NULL) {
+            UIerr(UI_F_UI_SET_RESULT_EX, UI_R_NO_RESULT_BUFFER);
             return -1;
         }
 
-        BUF_strlcpy(uis->result_buf, result,
-                    uis->_.string_data.result_maxsize + 1);
+        memcpy(uis->result_buf, result, len);
+        if (len <= uis->_.string_data.result_maxsize)
+            uis->result_buf[len] = '\0';
+        uis->result_len = len;
         break;
     case UIT_BOOLEAN:
         {
             const char *p;
 
-            if (!uis->result_buf) {
-                UIerr(UI_F_UI_SET_RESULT, UI_R_NO_RESULT_BUFFER);
+            if (uis->result_buf == NULL) {
+                UIerr(UI_F_UI_SET_RESULT_EX, UI_R_NO_RESULT_BUFFER);
                 return -1;
             }
 
@@ -873,7 +947,9 @@ int UI_set_result(UI *ui, UI_STRING *uis, const char *result)
                 }
             }
         }
-    default:
+    case UIT_NONE:
+    case UIT_INFO:
+    case UIT_ERROR:
         break;
     }
     return 0;
diff --git a/freebsd/crypto/openssl/crypto/ui/ui_locl.h b/freebsd/crypto/openssl/crypto/ui/ui_locl.h
index bebc13ab..19b33b8f 100644
--- a/freebsd/crypto/openssl/crypto/ui/ui_locl.h
+++ b/freebsd/crypto/openssl/crypto/ui/ui_locl.h
@@ -1,60 +1,10 @@
-/* crypto/ui/ui.h */
 /*
- * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
- * 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #ifndef HEADER_UI_LOCL_H
@@ -88,6 +38,12 @@ struct ui_method_st {
     int (*ui_read_string) (UI *ui, UI_STRING *uis);
     int (*ui_close_session) (UI *ui);
     /*
+     * Duplicate the ui_data that often comes alongside a ui_method.  This
+     * allows some backends to save away UI information for later use.
+     */
+    void *(*ui_duplicate_data) (UI *ui, void *ui_data);
+    void (*ui_destroy_data) (UI *ui, void *ui_data);
+    /*
      * Construct a prompt in a user-defined manner.  object_desc is a textual
      * short description of the object, for example "pass phrase", and
      * object_name is the name of the object (might be a card name or a file
@@ -96,6 +52,10 @@ struct ui_method_st {
      */
     char *(*ui_construct_prompt) (UI *ui, const char *object_desc,
                                   const char *object_name);
+    /*
+     * UI_METHOD specific application data.
+     */
+    CRYPTO_EX_DATA ex_data;
 };
 
 struct ui_string_st {
@@ -111,6 +71,7 @@ struct ui_string_st {
                                  * Otherwise, it may be allocated by the UI
                                  * routine, meaning result_minsize is going
                                  * to be overwritten. */
+    size_t result_len;
     union {
         struct {
             int result_minsize; /* Input: minimum required size of the
@@ -138,8 +99,11 @@ struct ui_st {
     void *user_data;
     CRYPTO_EX_DATA ex_data;
 # define UI_FLAG_REDOABLE        0x0001
+# define UI_FLAG_DUPL_DATA       0x0002 /* user_data was duplicated */
 # define UI_FLAG_PRINT_ERRORS    0x0100
     int flags;
+
+    CRYPTO_RWLOCK *lock;
 };
 
 #endif
diff --git a/freebsd/crypto/openssl/crypto/ui/ui_null.c b/freebsd/crypto/openssl/crypto/ui/ui_null.c
new file mode 100644
index 00000000..e6ce9129
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/ui/ui_null.c
@@ -0,0 +1,28 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "ui_locl.h"
+
+static const UI_METHOD ui_null = {
+    "OpenSSL NULL UI",
+    NULL,                        /* opener */
+    NULL,                        /* writer */
+    NULL,                        /* flusher */
+    NULL,                        /* reader */
+    NULL,                        /* closer */
+    NULL
+};
+
+/* The method with all the built-in thingies */
+const UI_METHOD *UI_null(void)
+{
+    return &ui_null;
+}
diff --git a/freebsd/crypto/openssl/crypto/ui/ui_openssl.c b/freebsd/crypto/openssl/crypto/ui/ui_openssl.c
index 47b9c21f..9c3875a0 100644
--- a/freebsd/crypto/openssl/crypto/ui/ui_openssl.c
+++ b/freebsd/crypto/openssl/crypto/ui/ui_openssl.c
@@ -1,193 +1,80 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/ui/ui_openssl.c */
 /*
- * Written by Richard Levitte (richard@levitte.org) and others for the
- * OpenSSL project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001-2018 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/*-
- * The lowest level part of this file was previously in crypto/des/read_pwd.c,
- * Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
+#include "e_os.h"
 #include <openssl/e_os2.h>
+#include <openssl/err.h>
+#include <openssl/ui.h>
 
+#ifndef OPENSSL_NO_UI_CONSOLE
 /*
  * need for #define _POSIX_C_SOURCE arises whenever you pass -ansi to gcc
  * [maybe others?], because it masks interfaces not discussed in standard,
  * sigaction and fileno included. -pedantic would be more appropriate for the
  * intended purposes, but we can't prevent users from adding -ansi.
  */
-#if defined(OPENSSL_SYSNAME_VXWORKS)
-# include <sys/types.h>
-#endif
-
-#if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
-# ifndef _POSIX_C_SOURCE
-#  define _POSIX_C_SOURCE 2
+# if defined(OPENSSL_SYS_VXWORKS)
+#  include <sys/types.h>
 # endif
-#endif
-#include <signal.h>
-#include <stdio.h>
-#include <string.h>
-#include <errno.h>
-
-#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS)
-# ifdef OPENSSL_UNISTD
-#  include OPENSSL_UNISTD
-# else
-#  include <unistd.h>
+
+# if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
+#  ifndef _POSIX_C_SOURCE
+#   define _POSIX_C_SOURCE 2
+#  endif
 # endif
+# include <signal.h>
+# include <stdio.h>
+# include <string.h>
+# include <errno.h>
+
+# if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS)
+#  ifdef OPENSSL_UNISTD
+#   include OPENSSL_UNISTD
+#  else
+#   include <unistd.h>
+#  endif
 /*
  * If unistd.h defines _POSIX_VERSION, we conclude that we are on a POSIX
  * system and have sigaction and termios.
  */
-# if defined(_POSIX_VERSION)
+#  if defined(_POSIX_VERSION) && _POSIX_VERSION>=199309L
 
-#  define SIGACTION
-#  if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY)
-#   define TERMIOS
-#  endif
+#   define SIGACTION
+#   if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY)
+#    define TERMIOS
+#   endif
 
+#  endif
 # endif
-#endif
-
-#ifdef WIN16TTY
-# undef OPENSSL_SYS_WIN16
-# undef WIN16
-# undef _WINDOWS
-# include <graph.h>
-#endif
 
-/* 06-Apr-92 Luke Brennan    Support for VMS */
-#include "ui_locl.h"
-#include "cryptlib.h"
+# include "ui_locl.h"
+# include "internal/cryptlib.h"
 
-#ifdef OPENSSL_SYS_VMS          /* prototypes for sys$whatever */
-# include <starlet.h>
-# ifdef __DECC
-#  pragma message disable DOLLARID
+# ifdef OPENSSL_SYS_VMS          /* prototypes for sys$whatever */
+#  include <starlet.h>
+#  ifdef __DECC
+#   pragma message disable DOLLARID
+#  endif
 # endif
-#endif
 
-#ifdef WIN_CONSOLE_BUG
-# include <windows.h>
-# ifndef OPENSSL_SYS_WINCE
-#  include <wincon.h>
+# ifdef WIN_CONSOLE_BUG
+#  include <windows.h>
+#  ifndef OPENSSL_SYS_WINCE
+#   include <wincon.h>
+#  endif
 # endif
-#endif
 
 /*
- * There are 5 types of terminal interface supported, TERMIO, TERMIOS, VMS,
- * MSDOS and SGTTY.
+ * There are 6 types of terminal interface supported, TERMIO, TERMIOS, VMS,
+ * MSDOS, WIN32 Console and SGTTY.
  *
  * If someone defines one of the macros TERMIO, TERMIOS or SGTTY, it will
  * remain respected.  Otherwise, we default to TERMIOS except for a few
@@ -197,98 +84,81 @@
  * may eventually opt to remove it's use entirely.
  */
 
-#if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY)
+# if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY)
 
-# if defined(_LIBC)
-#  undef  TERMIOS
-#  define TERMIO
-#  undef  SGTTY
+#  if defined(_LIBC)
+#   undef  TERMIOS
+#   define TERMIO
+#   undef  SGTTY
 /*
- * We know that VMS, MSDOS, VXWORKS, NETWARE use entirely other mechanisms.
- * MAC_OS_GUSI_SOURCE should probably go away, but that needs to be confirmed.
+ * We know that VMS, MSDOS, VXWORKS, use entirely other mechanisms.
  */
-# elif !defined(OPENSSL_SYS_VMS) \
+#  elif !defined(OPENSSL_SYS_VMS) \
 	&& !defined(OPENSSL_SYS_MSDOS) \
-	&& !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) \
-	&& !defined(MAC_OS_GUSI_SOURCE)	\
-	&& !defined(OPENSSL_SYS_VXWORKS) \
-	&& !defined(OPENSSL_SYS_NETWARE)
-#  define TERMIOS
-#  undef  TERMIO
-#  undef  SGTTY
-# endif
+	&& !defined(OPENSSL_SYS_VXWORKS)
+#   define TERMIOS
+#   undef  TERMIO
+#   undef  SGTTY
+#  endif
 
-#endif
+# endif
 
-#ifdef TERMIOS
-# include <termios.h>
-# define TTY_STRUCT             struct termios
-# define TTY_FLAGS              c_lflag
-# define TTY_get(tty,data)      tcgetattr(tty,data)
-# define TTY_set(tty,data)      tcsetattr(tty,TCSANOW,data)
-#endif
+# ifdef TERMIOS
+#  include <termios.h>
+#  define TTY_STRUCT             struct termios
+#  define TTY_FLAGS              c_lflag
+#  define TTY_get(tty,data)      tcgetattr(tty,data)
+#  define TTY_set(tty,data)      tcsetattr(tty,TCSANOW,data)
+# endif
 
-#ifdef TERMIO
-# include <termio.h>
-# define TTY_STRUCT             struct termio
-# define TTY_FLAGS              c_lflag
-# define TTY_get(tty,data)      ioctl(tty,TCGETA,data)
-# define TTY_set(tty,data)      ioctl(tty,TCSETA,data)
-#endif
+# ifdef TERMIO
+#  include <termio.h>
+#  define TTY_STRUCT             struct termio
+#  define TTY_FLAGS              c_lflag
+#  define TTY_get(tty,data)      ioctl(tty,TCGETA,data)
+#  define TTY_set(tty,data)      ioctl(tty,TCSETA,data)
+# endif
 
-#ifdef SGTTY
-# include <sgtty.h>
-# define TTY_STRUCT             struct sgttyb
-# define TTY_FLAGS              sg_flags
-# define TTY_get(tty,data)      ioctl(tty,TIOCGETP,data)
-# define TTY_set(tty,data)      ioctl(tty,TIOCSETP,data)
-#endif
+# ifdef SGTTY
+#  include <sgtty.h>
+#  define TTY_STRUCT             struct sgttyb
+#  define TTY_FLAGS              sg_flags
+#  define TTY_get(tty,data)      ioctl(tty,TIOCGETP,data)
+#  define TTY_set(tty,data)      ioctl(tty,TIOCSETP,data)
+# endif
 
-#if !defined(_LIBC) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(OPENSSL_SYS_SUNOS)
-# include <sys/ioctl.h>
-#endif
+# if !defined(_LIBC) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS)
+#  include <sys/ioctl.h>
+# endif
 
-#ifdef OPENSSL_SYS_MSDOS
-# include <conio.h>
-#endif
+# ifdef OPENSSL_SYS_MSDOS
+#  include <conio.h>
+# endif
 
-#ifdef OPENSSL_SYS_VMS
-# include <ssdef.h>
-# include <iodef.h>
-# include <ttdef.h>
-# include <descrip.h>
+# ifdef OPENSSL_SYS_VMS
+#  include <ssdef.h>
+#  include <iodef.h>
+#  include <ttdef.h>
+#  include <descrip.h>
 struct IOSB {
     short iosb$w_value;
     short iosb$w_count;
     long iosb$l_info;
 };
-#endif
-
-#ifdef OPENSSL_SYS_SUNOS
-typedef int sig_atomic_t;
-#endif
-
-#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(MAC_OS_GUSI_SOURCE) || defined(OPENSSL_SYS_NETWARE)
-/*
- * This one needs work. As a matter of fact the code is unoperational
- * and this is only a trick to get it compiled.
- *                                      <appro@fy.chalmers.se>
- */
-# define TTY_STRUCT int
-#endif
+# endif
 
-#ifndef NX509_SIG
-# define NX509_SIG 32
-#endif
+# ifndef NX509_SIG
+#  define NX509_SIG 32
+# endif
 
 /* Define globals.  They are protected by a lock */
-#ifdef SIGACTION
+# ifdef SIGACTION
 static struct sigaction savsig[NX509_SIG];
-#else
+# else
 static void (*savsig[NX509_SIG]) (int);
-#endif
+# endif
 
-#ifdef OPENSSL_SYS_VMS
+# ifdef OPENSSL_SYS_VMS
 static struct IOSB iosb;
 static $DESCRIPTOR(terminal, "TT");
 static long tty_orig[3], tty_new[3]; /* XXX Is there any guarantee that this
@@ -296,24 +166,26 @@ static long tty_orig[3], tty_new[3]; /* XXX Is there any guarantee that this
                                       * structures? */
 static long status;
 static unsigned short channel = 0;
-#else
-# if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__)
+# elif defined(_WIN32) && !defined(_WIN32_WCE)
+static DWORD tty_orig, tty_new;
+# else
+#  if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__)
 static TTY_STRUCT tty_orig, tty_new;
+#  endif
 # endif
-#endif
 static FILE *tty_in, *tty_out;
 static int is_a_tty;
 
 /* Declare static functions */
-#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
+# if !defined(OPENSSL_SYS_WINCE)
 static int read_till_nl(FILE *);
 static void recsig(int);
 static void pushsig(void);
 static void popsig(void);
-#endif
-#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN16)
+# endif
+# if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32)
 static int noecho_fgets(char *buf, int size, FILE *tty);
-#endif
+# endif
 static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl);
 
 static int read_string(UI *ui, UI_STRING *uis);
@@ -324,22 +196,6 @@ static int echo_console(UI *ui);
 static int noecho_console(UI *ui);
 static int close_console(UI *ui);
 
-static UI_METHOD ui_openssl = {
-    "OpenSSL default user interface",
-    open_console,
-    write_string,
-    NULL,                       /* No flusher is needed for command lines */
-    read_string,
-    close_console,
-    NULL
-};
-
-/* The method with all the built-in thingies */
-UI_METHOD *UI_OpenSSL(void)
-{
-    return &ui_openssl;
-}
-
 /*
  * The following function makes sure that info and error strings are printed
  * before any prompt.
@@ -352,7 +208,10 @@ static int write_string(UI *ui, UI_STRING *uis)
         fputs(UI_get0_output_string(uis), tty_out);
         fflush(tty_out);
         break;
-    default:
+    case UIT_NONE:
+    case UIT_PROMPT:
+    case UIT_VERIFY:
+    case UIT_BOOLEAN:
         break;
     }
     return 1;
@@ -389,17 +248,19 @@ static int read_string(UI *ui, UI_STRING *uis)
             return 0;
         }
         break;
-    default:
+    case UIT_NONE:
+    case UIT_INFO:
+    case UIT_ERROR:
         break;
     }
     return 1;
 }
 
-#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
+# if !defined(OPENSSL_SYS_WINCE)
 /* Internal functions to read a string without echoing */
 static int read_till_nl(FILE *in)
 {
-# define SIZE 4
+#  define SIZE 4
     char buf[SIZE + 1];
 
     do {
@@ -410,7 +271,7 @@ static int read_till_nl(FILE *in)
 }
 
 static volatile sig_atomic_t intr_signal;
-#endif
+# endif
 
 static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl)
 {
@@ -418,8 +279,9 @@ static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl)
     int ok;
     char result[BUFSIZ];
     int maxsize = BUFSIZ - 1;
-#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
-    char *p;
+# if !defined(OPENSSL_SYS_WINCE)
+    char *p = NULL;
+    int echo_eol = !echo;
 
     intr_signal = 0;
     ok = 0;
@@ -433,15 +295,48 @@ static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl)
     ps = 2;
 
     result[0] = '\0';
-# ifdef OPENSSL_SYS_MSDOS
+#  if defined(_WIN32)
+    if (is_a_tty) {
+        DWORD numread;
+#   if defined(CP_UTF8)
+        if (GetEnvironmentVariableW(L"OPENSSL_WIN32_UTF8", NULL, 0) != 0) {
+            WCHAR wresult[BUFSIZ];
+
+            if (ReadConsoleW(GetStdHandle(STD_INPUT_HANDLE),
+                         wresult, maxsize, &numread, NULL)) {
+                if (numread >= 2 &&
+                    wresult[numread-2] == L'\r' &&
+                    wresult[numread-1] == L'\n') {
+                    wresult[numread-2] = L'\n';
+                    numread--;
+                }
+                wresult[numread] = '\0';
+                if (WideCharToMultiByte(CP_UTF8, 0, wresult, -1,
+                                        result, sizeof(result), NULL, 0) > 0)
+                    p = result;
+
+                OPENSSL_cleanse(wresult, sizeof(wresult));
+            }
+        } else
+#   endif
+        if (ReadConsoleA(GetStdHandle(STD_INPUT_HANDLE),
+                         result, maxsize, &numread, NULL)) {
+            if (numread >= 2 &&
+                result[numread-2] == '\r' && result[numread-1] == '\n') {
+                result[numread-2] = '\n';
+                numread--;
+            }
+            result[numread] = '\0';
+            p = result;
+        }
+    } else
+#  elif defined(OPENSSL_SYS_MSDOS)
     if (!echo) {
         noecho_fgets(result, maxsize, tty_in);
         p = result;             /* FIXME: noecho_fgets doesn't return errors */
     } else
-        p = fgets(result, maxsize, tty_in);
-# else
+#  endif
     p = fgets(result, maxsize, tty_in);
-# endif
     if (p == NULL)
         goto error;
     if (feof(tty_in))
@@ -459,16 +354,16 @@ static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl)
  error:
     if (intr_signal == SIGINT)
         ok = -1;
-    if (!echo)
+    if (echo_eol)
         fprintf(tty_out, "\n");
     if (ps >= 2 && !echo && !echo_console(ui))
         ok = 0;
 
     if (ps >= 1)
         popsig();
-#else
+# else
     ok = 1;
-#endif
+# endif
 
     OPENSSL_cleanse(result, BUFSIZ);
     return ok;
@@ -477,41 +372,52 @@ static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl)
 /* Internal functions to open, handle and close a channel to the console.  */
 static int open_console(UI *ui)
 {
-    CRYPTO_w_lock(CRYPTO_LOCK_UI);
+    CRYPTO_THREAD_write_lock(ui->lock);
     is_a_tty = 1;
 
-#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS)
+# if defined(OPENSSL_SYS_VXWORKS)
     tty_in = stdin;
     tty_out = stderr;
-#else
-# ifdef OPENSSL_SYS_MSDOS
-#  define DEV_TTY "con"
+# elif defined(_WIN32) && !defined(_WIN32_WCE)
+    if ((tty_out = fopen("conout$", "w")) == NULL)
+        tty_out = stderr;
+
+    if (GetConsoleMode(GetStdHandle(STD_INPUT_HANDLE), &tty_orig)) {
+        tty_in = stdin;
+    } else {
+        is_a_tty = 0;
+        if ((tty_in = fopen("conin$", "r")) == NULL)
+            tty_in = stdin;
+    }
 # else
-#  define DEV_TTY "/dev/tty"
-# endif
+#  ifdef OPENSSL_SYS_MSDOS
+#   define DEV_TTY "con"
+#  else
+#   define DEV_TTY "/dev/tty"
+#  endif
     if ((tty_in = fopen(DEV_TTY, "r")) == NULL)
         tty_in = stdin;
     if ((tty_out = fopen(DEV_TTY, "w")) == NULL)
         tty_out = stderr;
-#endif
+# endif
 
-#if defined(TTY_get) && !defined(OPENSSL_SYS_VMS)
+# if defined(TTY_get) && !defined(OPENSSL_SYS_VMS)
     if (TTY_get(fileno(tty_in), &tty_orig) == -1) {
-# ifdef ENOTTY
+#  ifdef ENOTTY
         if (errno == ENOTTY)
             is_a_tty = 0;
         else
-# endif
-# ifdef EINVAL
+#  endif
+#  ifdef EINVAL
             /*
-             * Ariel Glenn ariel@columbia.edu reports that solaris can return
-             * EINVAL instead.  This should be ok
+             * Ariel Glenn reports that solaris can return EINVAL instead.
+             * This should be ok
              */
         if (errno == EINVAL)
             is_a_tty = 0;
         else
-# endif
-# ifdef ENODEV
+#  endif
+#  ifdef ENODEV
             /*
              * MacOS X returns ENODEV (Operation not supported by device),
              * which seems appropriate.
@@ -519,16 +425,29 @@ static int open_console(UI *ui)
         if (errno == ENODEV)
             is_a_tty = 0;
         else
-# endif
-            return 0;
+#  endif
+            {
+                char tmp_num[10];
+                BIO_snprintf(tmp_num, sizeof(tmp_num) - 1, "%d", errno);
+                UIerr(UI_F_OPEN_CONSOLE, UI_R_UNKNOWN_TTYGET_ERRNO_VALUE);
+                ERR_add_error_data(2, "errno=", tmp_num);
+
+                return 0;
+            }
     }
-#endif
-#ifdef OPENSSL_SYS_VMS
+# endif
+# ifdef OPENSSL_SYS_VMS
     status = sys$assign(&terminal, &channel, 0, 0);
 
     /* if there isn't a TT device, something is very wrong */
-    if (status != SS$_NORMAL)
+    if (status != SS$_NORMAL) {
+        char tmp_num[12];
+
+        BIO_snprintf(tmp_num, sizeof(tmp_num) - 1, "%%X%08X", status);
+        UIerr(UI_F_OPEN_CONSOLE, UI_R_SYSASSIGN_ERROR);
+        ERR_add_error_data(2, "status=", tmp_num);
         return 0;
+    }
 
     status = sys$qiow(0, channel, IO$_SENSEMODE, &iosb, 0, 0, tty_orig, 12,
                       0, 0, 0, 0);
@@ -536,53 +455,86 @@ static int open_console(UI *ui)
     /* If IO$_SENSEMODE doesn't work, this is not a terminal device */
     if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
         is_a_tty = 0;
-#endif
+# endif
     return 1;
 }
 
 static int noecho_console(UI *ui)
 {
-#ifdef TTY_FLAGS
+# ifdef TTY_FLAGS
     memcpy(&(tty_new), &(tty_orig), sizeof(tty_orig));
     tty_new.TTY_FLAGS &= ~ECHO;
-#endif
+# endif
 
-#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
+# if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
     if (is_a_tty && (TTY_set(fileno(tty_in), &tty_new) == -1))
         return 0;
-#endif
-#ifdef OPENSSL_SYS_VMS
+# endif
+# ifdef OPENSSL_SYS_VMS
     if (is_a_tty) {
         tty_new[0] = tty_orig[0];
         tty_new[1] = tty_orig[1] | TT$M_NOECHO;
         tty_new[2] = tty_orig[2];
         status = sys$qiow(0, channel, IO$_SETMODE, &iosb, 0, 0, tty_new, 12,
                           0, 0, 0, 0);
-        if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
+        if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL)) {
+            char tmp_num[2][12];
+
+            BIO_snprintf(tmp_num[0], sizeof(tmp_num[0]) - 1, "%%X%08X",
+                         status);
+            BIO_snprintf(tmp_num[1], sizeof(tmp_num[1]) - 1, "%%X%08X",
+                         iosb.iosb$w_value);
+            UIerr(UI_F_NOECHO_CONSOLE, UI_R_SYSQIOW_ERROR);
+            ERR_add_error_data(5, "status=", tmp_num[0],
+                               ",", "iosb.iosb$w_value=", tmp_num[1]);
             return 0;
+        }
     }
-#endif
+# endif
+# if defined(_WIN32) && !defined(_WIN32_WCE)
+    if (is_a_tty) {
+        tty_new = tty_orig;
+        tty_new &= ~ENABLE_ECHO_INPUT;
+        SetConsoleMode(GetStdHandle(STD_INPUT_HANDLE), tty_new);
+    }
+# endif
     return 1;
 }
 
 static int echo_console(UI *ui)
 {
-#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
+# if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
     memcpy(&(tty_new), &(tty_orig), sizeof(tty_orig));
     if (is_a_tty && (TTY_set(fileno(tty_in), &tty_new) == -1))
         return 0;
-#endif
-#ifdef OPENSSL_SYS_VMS
+# endif
+# ifdef OPENSSL_SYS_VMS
     if (is_a_tty) {
         tty_new[0] = tty_orig[0];
         tty_new[1] = tty_orig[1];
         tty_new[2] = tty_orig[2];
         status = sys$qiow(0, channel, IO$_SETMODE, &iosb, 0, 0, tty_new, 12,
                           0, 0, 0, 0);
-        if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
+        if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL)) {
+            char tmp_num[2][12];
+
+            BIO_snprintf(tmp_num[0], sizeof(tmp_num[0]) - 1, "%%X%08X",
+                         status);
+            BIO_snprintf(tmp_num[1], sizeof(tmp_num[1]) - 1, "%%X%08X",
+                         iosb.iosb$w_value);
+            UIerr(UI_F_ECHO_CONSOLE, UI_R_SYSQIOW_ERROR);
+            ERR_add_error_data(5, "status=", tmp_num[0],
+                               ",", "iosb.iosb$w_value=", tmp_num[1]);
             return 0;
+        }
     }
-#endif
+# endif
+# if defined(_WIN32) && !defined(_WIN32_WCE)
+    if (is_a_tty) {
+        tty_new = tty_orig;
+        SetConsoleMode(GetStdHandle(STD_INPUT_HANDLE), tty_new);
+    }
+# endif
     return 1;
 }
 
@@ -592,101 +544,107 @@ static int close_console(UI *ui)
         fclose(tty_in);
     if (tty_out != stderr)
         fclose(tty_out);
-#ifdef OPENSSL_SYS_VMS
+# ifdef OPENSSL_SYS_VMS
     status = sys$dassgn(channel);
-    if (status != SS$_NORMAL)
+    if (status != SS$_NORMAL) {
+        char tmp_num[12];
+
+        BIO_snprintf(tmp_num, sizeof(tmp_num) - 1, "%%X%08X", status);
+        UIerr(UI_F_CLOSE_CONSOLE, UI_R_SYSDASSGN_ERROR);
+        ERR_add_error_data(2, "status=", tmp_num);
         return 0;
-#endif
-    CRYPTO_w_unlock(CRYPTO_LOCK_UI);
+    }
+# endif
+    CRYPTO_THREAD_unlock(ui->lock);
 
     return 1;
 }
 
-#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
+# if !defined(OPENSSL_SYS_WINCE)
 /* Internal functions to handle signals and act on them */
 static void pushsig(void)
 {
-# ifndef OPENSSL_SYS_WIN32
+#  ifndef OPENSSL_SYS_WIN32
     int i;
-# endif
-# ifdef SIGACTION
+#  endif
+#  ifdef SIGACTION
     struct sigaction sa;
 
     memset(&sa, 0, sizeof(sa));
     sa.sa_handler = recsig;
-# endif
+#  endif
 
-# ifdef OPENSSL_SYS_WIN32
+#  ifdef OPENSSL_SYS_WIN32
     savsig[SIGABRT] = signal(SIGABRT, recsig);
     savsig[SIGFPE] = signal(SIGFPE, recsig);
     savsig[SIGILL] = signal(SIGILL, recsig);
     savsig[SIGINT] = signal(SIGINT, recsig);
     savsig[SIGSEGV] = signal(SIGSEGV, recsig);
     savsig[SIGTERM] = signal(SIGTERM, recsig);
-# else
+#  else
     for (i = 1; i < NX509_SIG; i++) {
-#  ifdef SIGUSR1
+#   ifdef SIGUSR1
         if (i == SIGUSR1)
             continue;
-#  endif
-#  ifdef SIGUSR2
+#   endif
+#   ifdef SIGUSR2
         if (i == SIGUSR2)
             continue;
-#  endif
-#  ifdef SIGKILL
+#   endif
+#   ifdef SIGKILL
         if (i == SIGKILL)       /* We can't make any action on that. */
             continue;
-#  endif
-#  ifdef SIGACTION
+#   endif
+#   ifdef SIGACTION
         sigaction(i, &sa, &savsig[i]);
-#  else
+#   else
         savsig[i] = signal(i, recsig);
-#  endif
+#   endif
     }
-# endif
+#  endif
 
-# ifdef SIGWINCH
+#  ifdef SIGWINCH
     signal(SIGWINCH, SIG_DFL);
-# endif
+#  endif
 }
 
 static void popsig(void)
 {
-# ifdef OPENSSL_SYS_WIN32
+#  ifdef OPENSSL_SYS_WIN32
     signal(SIGABRT, savsig[SIGABRT]);
     signal(SIGFPE, savsig[SIGFPE]);
     signal(SIGILL, savsig[SIGILL]);
     signal(SIGINT, savsig[SIGINT]);
     signal(SIGSEGV, savsig[SIGSEGV]);
     signal(SIGTERM, savsig[SIGTERM]);
-# else
+#  else
     int i;
     for (i = 1; i < NX509_SIG; i++) {
-#  ifdef SIGUSR1
+#   ifdef SIGUSR1
         if (i == SIGUSR1)
             continue;
-#  endif
-#  ifdef SIGUSR2
+#   endif
+#   ifdef SIGUSR2
         if (i == SIGUSR2)
             continue;
-#  endif
-#  ifdef SIGACTION
+#   endif
+#   ifdef SIGACTION
         sigaction(i, &savsig[i], NULL);
-#  else
+#   else
         signal(i, savsig[i]);
-#  endif
+#   endif
     }
-# endif
+#  endif
 }
 
 static void recsig(int i)
 {
     intr_signal = i;
 }
-#endif
+# endif
 
 /* Internal functions specific for Windows */
-#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
+# if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32)
 static int noecho_fgets(char *buf, int size, FILE *tty)
 {
     int i;
@@ -699,13 +657,11 @@ static int noecho_fgets(char *buf, int size, FILE *tty)
             break;
         }
         size--;
-# ifdef WIN16TTY
-        i = _inchar();
-# elif defined(_WIN32)
+#  if defined(_WIN32)
         i = _getch();
-# else
+#  else
         i = getch();
-# endif
+#  endif
         if (i == '\r')
             i = '\n';
         *(p++) = i;
@@ -714,7 +670,7 @@ static int noecho_fgets(char *buf, int size, FILE *tty)
             break;
         }
     }
-# ifdef WIN_CONSOLE_BUG
+#  ifdef WIN_CONSOLE_BUG
     /*
      * Win95 has several evil console bugs: one of these is that the last
      * character read using getch() is passed to the next read: this is
@@ -726,7 +682,41 @@ static int noecho_fgets(char *buf, int size, FILE *tty)
         inh = GetStdHandle(STD_INPUT_HANDLE);
         FlushConsoleInputBuffer(inh);
     }
+#  endif
+    return strlen(buf);
+}
 # endif
-    return (strlen(buf));
+
+static UI_METHOD ui_openssl = {
+    "OpenSSL default user interface",
+    open_console,
+    write_string,
+    NULL,                       /* No flusher is needed for command lines */
+    read_string,
+    close_console,
+    NULL
+};
+
+/* The method with all the built-in console thingies */
+UI_METHOD *UI_OpenSSL(void)
+{
+    return &ui_openssl;
 }
+
+static const UI_METHOD *default_UI_meth = &ui_openssl;
+
+#else
+
+static const UI_METHOD *default_UI_meth = NULL;
+
 #endif
+
+void UI_set_default_method(const UI_METHOD *meth)
+{
+    default_UI_meth = meth;
+}
+
+const UI_METHOD *UI_get_default_method(void)
+{
+    return default_UI_meth;
+}
diff --git a/freebsd/crypto/openssl/crypto/ui/ui_util.c b/freebsd/crypto/openssl/crypto/ui/ui_util.c
index 9aa7915f..c75ecbf5 100644
--- a/freebsd/crypto/openssl/crypto/ui/ui_util.c
+++ b/freebsd/crypto/openssl/crypto/ui/ui_util.c
@@ -1,63 +1,22 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/ui/ui_util.c */
-/* ====================================================================
- * Copyright (c) 2001-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <string.h>
+#include "internal/thread_once.h"
 #include "ui_locl.h"
 
+#ifndef BUFSIZ
+#define BUFSIZ 256
+#endif
+
 int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt,
                            int verify)
 {
@@ -68,7 +27,7 @@ int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt,
         UI_UTIL_read_pw(buf, buff, (length > BUFSIZ) ? BUFSIZ : length,
                         prompt, verify);
     OPENSSL_cleanse(buff, BUFSIZ);
-    return (ret);
+    return ret;
 }
 
 int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt,
@@ -81,7 +40,7 @@ int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt,
         return -1;
 
     ui = UI_new();
-    if (ui) {
+    if (ui != NULL) {
         ok = UI_add_input_string(ui, prompt, 0, buf, 0, size - 1);
         if (ok >= 0 && verify)
             ok = UI_add_verify_string(ui, prompt, 0, buff, 0, size - 1, buf);
@@ -91,5 +50,115 @@ int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt,
     }
     if (ok > 0)
         ok = 0;
-    return (ok);
+    return ok;
+}
+
+/*
+ * Wrapper around pem_password_cb, a method to help older APIs use newer
+ * ones.
+ */
+struct pem_password_cb_data {
+    pem_password_cb *cb;
+    int rwflag;
+};
+
+static void ui_new_method_data(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+                               int idx, long argl, void *argp)
+{
+    /*
+     * Do nothing, the data is allocated externally and assigned later with
+     * CRYPTO_set_ex_data()
+     */
+}
+
+static int ui_dup_method_data(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
+                              void *from_d, int idx, long argl, void *argp)
+{
+    void **pptr = (void **)from_d;
+    if (*pptr != NULL)
+        *pptr = OPENSSL_memdup(*pptr, sizeof(struct pem_password_cb_data));
+    return 1;
+}
+
+static void ui_free_method_data(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+                                int idx, long argl, void *argp)
+{
+    OPENSSL_free(ptr);
+}
+
+static CRYPTO_ONCE get_index_once = CRYPTO_ONCE_STATIC_INIT;
+static int ui_method_data_index = -1;
+DEFINE_RUN_ONCE_STATIC(ui_method_data_index_init)
+{
+    ui_method_data_index = CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI_METHOD,
+                                                   0, NULL, ui_new_method_data,
+                                                   ui_dup_method_data,
+                                                   ui_free_method_data);
+    return 1;
+}
+
+static int ui_open(UI *ui)
+{
+    return 1;
+}
+static int ui_read(UI *ui, UI_STRING *uis)
+{
+    switch (UI_get_string_type(uis)) {
+    case UIT_PROMPT:
+        {
+            char result[PEM_BUFSIZE + 1];
+            const struct pem_password_cb_data *data =
+                UI_method_get_ex_data(UI_get_method(ui), ui_method_data_index);
+            int maxsize = UI_get_result_maxsize(uis);
+            int len = data->cb(result,
+                               maxsize > PEM_BUFSIZE ? PEM_BUFSIZE : maxsize,
+                               data->rwflag, UI_get0_user_data(ui));
+
+            if (len >= 0)
+                result[len] = '\0';
+            if (len <= 0)
+                return len;
+            if (UI_set_result_ex(ui, uis, result, len) >= 0)
+                return 1;
+            return 0;
+        }
+    case UIT_VERIFY:
+    case UIT_NONE:
+    case UIT_BOOLEAN:
+    case UIT_INFO:
+    case UIT_ERROR:
+        break;
+    }
+    return 1;
+}
+static int ui_write(UI *ui, UI_STRING *uis)
+{
+    return 1;
+}
+static int ui_close(UI *ui)
+{
+    return 1;
+}
+
+UI_METHOD *UI_UTIL_wrap_read_pem_callback(pem_password_cb *cb, int rwflag)
+{
+    struct pem_password_cb_data *data = NULL;
+    UI_METHOD *ui_method = NULL;
+
+    if ((data = OPENSSL_zalloc(sizeof(*data))) == NULL
+        || (ui_method = UI_create_method("PEM password callback wrapper")) == NULL
+        || UI_method_set_opener(ui_method, ui_open) < 0
+        || UI_method_set_reader(ui_method, ui_read) < 0
+        || UI_method_set_writer(ui_method, ui_write) < 0
+        || UI_method_set_closer(ui_method, ui_close) < 0
+        || !RUN_ONCE(&get_index_once, ui_method_data_index_init)
+        || UI_method_set_ex_data(ui_method, ui_method_data_index, data) < 0) {
+        UI_destroy_method(ui_method);
+        OPENSSL_free(data);
+        return NULL;
+    }
+    data->rwflag = rwflag;
+    data->cb = cb;
+
+    return ui_method;
 }
diff --git a/freebsd/crypto/openssl/crypto/uid.c b/freebsd/crypto/openssl/crypto/uid.c
index aa8791f9..aed5a5e1 100644
--- a/freebsd/crypto/openssl/crypto/uid.c
+++ b/freebsd/crypto/openssl/crypto/uid.c
@@ -1,64 +1,18 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/uid.c */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/crypto.h>
 #include <openssl/opensslconf.h>
 
-#if defined(__OpenBSD__) || (defined(__FreeBSD__) && __FreeBSD__ > 2)
+#if defined(__OpenBSD__) || (defined(__FreeBSD__) && __FreeBSD__ > 2) || defined(__DragonFly__)
 
 # include OPENSSL_UNISTD
 
@@ -67,7 +21,7 @@ int OPENSSL_issetugid(void)
     return issetugid();
 }
 
-#elif defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)
+#elif defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)
 
 int OPENSSL_issetugid(void)
 {
@@ -79,12 +33,18 @@ int OPENSSL_issetugid(void)
 # include OPENSSL_UNISTD
 # include <sys/types.h>
 
+# if defined(__GLIBC__) && defined(__GLIBC_PREREQ)
+#  if __GLIBC_PREREQ(2, 16)
+#   include <sys/auxv.h>
+#  endif
+# endif
+
 int OPENSSL_issetugid(void)
 {
-    if (getuid() != geteuid())
-        return 1;
-    if (getgid() != getegid())
-        return 1;
-    return 0;
+# ifdef AT_SECURE
+    return getauxval(AT_SECURE) != 0;
+# else
+    return getuid() != geteuid() || getgid() != getegid();
+# endif
 }
 #endif
diff --git a/freebsd/crypto/openssl/crypto/vms_rms.h b/freebsd/crypto/openssl/crypto/vms_rms.h
index 09c280e8..3b994a0a 100644
--- a/freebsd/crypto/openssl/crypto/vms_rms.h
+++ b/freebsd/crypto/openssl/crypto/vms_rms.h
@@ -1,3 +1,11 @@
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
 
 #ifdef NAML$C_MAXRSS
 
diff --git a/freebsd/crypto/openssl/crypto/whrlpool/wp_block.c b/freebsd/crypto/openssl/crypto/whrlpool/wp_block.c
index 1f0652eb..69e8486c 100644
--- a/freebsd/crypto/openssl/crypto/whrlpool/wp_block.c
+++ b/freebsd/crypto/openssl/crypto/whrlpool/wp_block.c
@@ -1,16 +1,17 @@
 #include <machine/rtems-bsd-user-space.h>
 
+/*
+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
 /**
  * The Whirlpool hashing function.
  *
- * <P>
- * <b>References</b>
- *
- * <P>
- * The Whirlpool algorithm was developed by
- * <a href="mailto:pbarreto@scopus.com.br">Paulo S. L. M. Barreto</a> and
- * <a href="mailto:vincent.rijmen@cryptomathic.com">Vincent Rijmen</a>.
- *
  * See
  *      P.S.L.M. Barreto, V. Rijmen,
  *      ``The Whirlpool hashing function,''
@@ -52,9 +53,10 @@ typedef unsigned long long u64;
 #define ROUNDS  10
 
 #define STRICT_ALIGNMENT
-#if defined(__i386) || defined(__i386__) || \
-    defined(__x86_64) || defined(__x86_64__) || \
-    defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64)
+#if !defined(PEDANTIC) && (defined(__i386) || defined(__i386__) || \
+                           defined(__x86_64) || defined(__x86_64__) || \
+                           defined(_M_IX86) || defined(_M_AMD64) || \
+                           defined(_M_X64))
 /*
  * Well, formally there're couple of other architectures, which permit
  * unaligned loads, specifically those not crossing cache lines, IA-64 and
@@ -75,7 +77,7 @@ typedef unsigned long long u64;
 #   define OPENSSL_SMALL_FOOTPRINT
 #  endif
 #  define GO_FOR_MMX(ctx,inp,num)     do {                    \
-        extern unsigned int OPENSSL_ia32cap_P[];                \
+        extern unsigned long OPENSSL_ia32cap_P[];               \
         void whirlpool_block_mmx(void *,const void *,size_t);   \
         if (!(OPENSSL_ia32cap_P[0] & (1<<23)))  break;          \
         whirlpool_block_mmx(ctx->H.c,inp,num);  return;         \
@@ -84,17 +86,18 @@ typedef unsigned long long u64;
 #endif
 
 #undef ROTATE
-#if defined(_MSC_VER)
-# if defined(_WIN64)            /* applies to both IA-64 and AMD64 */
-#  pragma intrinsic(_rotl64)
-#  define ROTATE(a,n) _rotl64((a),n)
-# endif
-#elif defined(__GNUC__) && __GNUC__>=2
-# if defined(__x86_64) || defined(__x86_64__)
-#  if defined(L_ENDIAN)
-#   define ROTATE(a,n)       ({ u64 ret; asm ("rolq %1,%0"   \
+#ifndef PEDANTIC
+# if defined(_MSC_VER)
+#  if defined(_WIN64)            /* applies to both IA-64 and AMD64 */
+#   pragma intrinsic(_rotl64)
+#   define ROTATE(a,n) _rotl64((a),n)
+#  endif
+# elif defined(__GNUC__) && __GNUC__>=2
+#  if defined(__x86_64) || defined(__x86_64__)
+#   if defined(L_ENDIAN)
+#    define ROTATE(a,n)       ({ u64 ret; asm ("rolq %1,%0"   \
                                    : "=r"(ret) : "J"(n),"0"(a) : "cc"); ret; })
-#  elif defined(B_ENDIAN)
+#   elif defined(B_ENDIAN)
        /*
         * Most will argue that x86_64 is always little-endian. Well, yes, but
         * then we have stratus.com who has modified gcc to "emulate"
@@ -102,16 +105,17 @@ typedef unsigned long long u64;
         * won't do same for x86_64? Naturally no. And this line is waiting
         * ready for that brave soul:-)
         */
-#   define ROTATE(a,n)       ({ u64 ret; asm ("rorq %1,%0"   \
+#    define ROTATE(a,n)       ({ u64 ret; asm ("rorq %1,%0"   \
                                    : "=r"(ret) : "J"(n),"0"(a) : "cc"); ret; })
-#  endif
-# elif defined(__ia64) || defined(__ia64__)
-#  if defined(L_ENDIAN)
-#   define ROTATE(a,n)       ({ u64 ret; asm ("shrp %0=%1,%1,%2"     \
+#   endif
+#  elif defined(__ia64) || defined(__ia64__)
+#   if defined(L_ENDIAN)
+#    define ROTATE(a,n)       ({ u64 ret; asm ("shrp %0=%1,%1,%2"     \
                                    : "=r"(ret) : "r"(a),"M"(64-(n))); ret; })
-#  elif defined(B_ENDIAN)
-#   define ROTATE(a,n)       ({ u64 ret; asm ("shrp %0=%1,%1,%2"     \
+#   elif defined(B_ENDIAN)
+#    define ROTATE(a,n)       ({ u64 ret; asm ("shrp %0=%1,%1,%2"     \
                                    : "=r"(ret) : "r"(a),"M"(n)); ret; })
+#   endif
 #  endif
 # endif
 #endif
@@ -145,7 +149,7 @@ typedef unsigned long long u64;
  * one quadword load. One can argue that that many single-byte loads
  * is too excessive, as one could load a quadword and "milk" it for
  * eight 8-bit values instead. Well, yes, but in order to do so *and*
- * avoid excessive loads you have to accomodate a handful of 64-bit
+ * avoid excessive loads you have to accommodate a handful of 64-bit
  * values in the register bank and issue a bunch of shifts and mask.
  * It's a tradeoff: loads vs. shift and mask in big register bank[!].
  * On most CPUs eight single-byte loads are faster and I let other
diff --git a/freebsd/crypto/openssl/crypto/whrlpool/wp_dgst.c b/freebsd/crypto/openssl/crypto/whrlpool/wp_dgst.c
index 0da00640..295280c7 100644
--- a/freebsd/crypto/openssl/crypto/whrlpool/wp_dgst.c
+++ b/freebsd/crypto/openssl/crypto/whrlpool/wp_dgst.c
@@ -1,16 +1,17 @@
 #include <machine/rtems-bsd-user-space.h>
 
+/*
+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
 /**
  * The Whirlpool hashing function.
  *
- * <P>
- * <b>References</b>
- *
- * <P>
- * The Whirlpool algorithm was developed by
- * <a href="mailto:pbarreto@scopus.com.br">Paulo S. L. M. Barreto</a> and
- * <a href="mailto:vincent.rijmen@cryptomathic.com">Vincent Rijmen</a>.
- *
  * See
  *      P.S.L.M. Barreto, V. Rijmen,
  *      ``The Whirlpool hashing function,''
@@ -50,18 +51,17 @@
  *
  * Unlike authors' reference implementation, block processing
  * routine whirlpool_block is designed to operate on multi-block
- * input. This is done for perfomance.
+ * input. This is done for performance.
  */
 
 #include <openssl/crypto.h>
 #include "wp_locl.h"
-#include <openssl/crypto.h>
 #include <string.h>
 
-fips_md_init(WHIRLPOOL)
+int WHIRLPOOL_Init(WHIRLPOOL_CTX *c)
 {
     memset(c, 0, sizeof(*c));
-    return (1);
+    return 1;
 }
 
 int WHIRLPOOL_Update(WHIRLPOOL_CTX *c, const void *_inp, size_t bytes)
@@ -82,7 +82,7 @@ int WHIRLPOOL_Update(WHIRLPOOL_CTX *c, const void *_inp, size_t bytes)
     if (bytes)
         WHIRLPOOL_BitUpdate(c, inp, bytes * 8);
 
-    return (1);
+    return 1;
 }
 
 void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *_inp, size_t bits)
@@ -241,9 +241,9 @@ int WHIRLPOOL_Final(unsigned char *md, WHIRLPOOL_CTX *c)
     if (md) {
         memcpy(md, c->H.c, WHIRLPOOL_DIGEST_LENGTH);
         OPENSSL_cleanse(c, sizeof(*c));
-        return (1);
+        return 1;
     }
-    return (0);
+    return 0;
 }
 
 unsigned char *WHIRLPOOL(const void *inp, size_t bytes, unsigned char *md)
@@ -256,5 +256,5 @@ unsigned char *WHIRLPOOL(const void *inp, size_t bytes, unsigned char *md)
     WHIRLPOOL_Init(&ctx);
     WHIRLPOOL_Update(&ctx, inp, bytes);
     WHIRLPOOL_Final(md, &ctx);
-    return (md);
+    return md;
 }
diff --git a/freebsd/crypto/openssl/crypto/whrlpool/wp_locl.h b/freebsd/crypto/openssl/crypto/whrlpool/wp_locl.h
index 6e7b549e..3a81cfd5 100644
--- a/freebsd/crypto/openssl/crypto/whrlpool/wp_locl.h
+++ b/freebsd/crypto/openssl/crypto/whrlpool/wp_locl.h
@@ -1,3 +1,12 @@
+/*
+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
 #include <openssl/whrlpool.h>
 
 void whirlpool_block(WHIRLPOOL_CTX *, const void *, size_t);
diff --git a/freebsd/crypto/openssl/crypto/whrlpool/wp_test.c b/freebsd/crypto/openssl/crypto/whrlpool/wp_test.c
deleted file mode 100644
index 6ba7948f..00000000
--- a/freebsd/crypto/openssl/crypto/whrlpool/wp_test.c
+++ /dev/null
@@ -1,243 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* ====================================================================
- * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
- * ====================================================================
- */
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-#include <openssl/whrlpool.h>
-#include <openssl/crypto.h>
-
-#if defined(OPENSSL_NO_WHIRLPOOL)
-int main(int argc, char *argv[])
-{
-    printf("No Whirlpool support\n");
-    return (0);
-}
-#else
-
-/* ISO/IEC 10118-3 test vector set */
-unsigned char iso_test_1[WHIRLPOOL_DIGEST_LENGTH] = {
-    0x19, 0xFA, 0x61, 0xD7, 0x55, 0x22, 0xA4, 0x66,
-    0x9B, 0x44, 0xE3, 0x9C, 0x1D, 0x2E, 0x17, 0x26,
-    0xC5, 0x30, 0x23, 0x21, 0x30, 0xD4, 0x07, 0xF8,
-    0x9A, 0xFE, 0xE0, 0x96, 0x49, 0x97, 0xF7, 0xA7,
-    0x3E, 0x83, 0xBE, 0x69, 0x8B, 0x28, 0x8F, 0xEB,
-    0xCF, 0x88, 0xE3, 0xE0, 0x3C, 0x4F, 0x07, 0x57,
-    0xEA, 0x89, 0x64, 0xE5, 0x9B, 0x63, 0xD9, 0x37,
-    0x08, 0xB1, 0x38, 0xCC, 0x42, 0xA6, 0x6E, 0xB3
-};
-
-unsigned char iso_test_2[WHIRLPOOL_DIGEST_LENGTH] = {
-    0x8A, 0xCA, 0x26, 0x02, 0x79, 0x2A, 0xEC, 0x6F,
-    0x11, 0xA6, 0x72, 0x06, 0x53, 0x1F, 0xB7, 0xD7,
-    0xF0, 0xDF, 0xF5, 0x94, 0x13, 0x14, 0x5E, 0x69,
-    0x73, 0xC4, 0x50, 0x01, 0xD0, 0x08, 0x7B, 0x42,
-    0xD1, 0x1B, 0xC6, 0x45, 0x41, 0x3A, 0xEF, 0xF6,
-    0x3A, 0x42, 0x39, 0x1A, 0x39, 0x14, 0x5A, 0x59,
-    0x1A, 0x92, 0x20, 0x0D, 0x56, 0x01, 0x95, 0xE5,
-    0x3B, 0x47, 0x85, 0x84, 0xFD, 0xAE, 0x23, 0x1A
-};
-
-unsigned char iso_test_3[WHIRLPOOL_DIGEST_LENGTH] = {
-    0x4E, 0x24, 0x48, 0xA4, 0xC6, 0xF4, 0x86, 0xBB,
-    0x16, 0xB6, 0x56, 0x2C, 0x73, 0xB4, 0x02, 0x0B,
-    0xF3, 0x04, 0x3E, 0x3A, 0x73, 0x1B, 0xCE, 0x72,
-    0x1A, 0xE1, 0xB3, 0x03, 0xD9, 0x7E, 0x6D, 0x4C,
-    0x71, 0x81, 0xEE, 0xBD, 0xB6, 0xC5, 0x7E, 0x27,
-    0x7D, 0x0E, 0x34, 0x95, 0x71, 0x14, 0xCB, 0xD6,
-    0xC7, 0x97, 0xFC, 0x9D, 0x95, 0xD8, 0xB5, 0x82,
-    0xD2, 0x25, 0x29, 0x20, 0x76, 0xD4, 0xEE, 0xF5
-};
-
-unsigned char iso_test_4[WHIRLPOOL_DIGEST_LENGTH] = {
-    0x37, 0x8C, 0x84, 0xA4, 0x12, 0x6E, 0x2D, 0xC6,
-    0xE5, 0x6D, 0xCC, 0x74, 0x58, 0x37, 0x7A, 0xAC,
-    0x83, 0x8D, 0x00, 0x03, 0x22, 0x30, 0xF5, 0x3C,
-    0xE1, 0xF5, 0x70, 0x0C, 0x0F, 0xFB, 0x4D, 0x3B,
-    0x84, 0x21, 0x55, 0x76, 0x59, 0xEF, 0x55, 0xC1,
-    0x06, 0xB4, 0xB5, 0x2A, 0xC5, 0xA4, 0xAA, 0xA6,
-    0x92, 0xED, 0x92, 0x00, 0x52, 0x83, 0x8F, 0x33,
-    0x62, 0xE8, 0x6D, 0xBD, 0x37, 0xA8, 0x90, 0x3E
-};
-
-unsigned char iso_test_5[WHIRLPOOL_DIGEST_LENGTH] = {
-    0xF1, 0xD7, 0x54, 0x66, 0x26, 0x36, 0xFF, 0xE9,
-    0x2C, 0x82, 0xEB, 0xB9, 0x21, 0x2A, 0x48, 0x4A,
-    0x8D, 0x38, 0x63, 0x1E, 0xAD, 0x42, 0x38, 0xF5,
-    0x44, 0x2E, 0xE1, 0x3B, 0x80, 0x54, 0xE4, 0x1B,
-    0x08, 0xBF, 0x2A, 0x92, 0x51, 0xC3, 0x0B, 0x6A,
-    0x0B, 0x8A, 0xAE, 0x86, 0x17, 0x7A, 0xB4, 0xA6,
-    0xF6, 0x8F, 0x67, 0x3E, 0x72, 0x07, 0x86, 0x5D,
-    0x5D, 0x98, 0x19, 0xA3, 0xDB, 0xA4, 0xEB, 0x3B
-};
-
-unsigned char iso_test_6[WHIRLPOOL_DIGEST_LENGTH] = {
-    0xDC, 0x37, 0xE0, 0x08, 0xCF, 0x9E, 0xE6, 0x9B,
-    0xF1, 0x1F, 0x00, 0xED, 0x9A, 0xBA, 0x26, 0x90,
-    0x1D, 0xD7, 0xC2, 0x8C, 0xDE, 0xC0, 0x66, 0xCC,
-    0x6A, 0xF4, 0x2E, 0x40, 0xF8, 0x2F, 0x3A, 0x1E,
-    0x08, 0xEB, 0xA2, 0x66, 0x29, 0x12, 0x9D, 0x8F,
-    0xB7, 0xCB, 0x57, 0x21, 0x1B, 0x92, 0x81, 0xA6,
-    0x55, 0x17, 0xCC, 0x87, 0x9D, 0x7B, 0x96, 0x21,
-    0x42, 0xC6, 0x5F, 0x5A, 0x7A, 0xF0, 0x14, 0x67
-};
-
-unsigned char iso_test_7[WHIRLPOOL_DIGEST_LENGTH] = {
-    0x46, 0x6E, 0xF1, 0x8B, 0xAB, 0xB0, 0x15, 0x4D,
-    0x25, 0xB9, 0xD3, 0x8A, 0x64, 0x14, 0xF5, 0xC0,
-    0x87, 0x84, 0x37, 0x2B, 0xCC, 0xB2, 0x04, 0xD6,
-    0x54, 0x9C, 0x4A, 0xFA, 0xDB, 0x60, 0x14, 0x29,
-    0x4D, 0x5B, 0xD8, 0xDF, 0x2A, 0x6C, 0x44, 0xE5,
-    0x38, 0xCD, 0x04, 0x7B, 0x26, 0x81, 0xA5, 0x1A,
-    0x2C, 0x60, 0x48, 0x1E, 0x88, 0xC5, 0xA2, 0x0B,
-    0x2C, 0x2A, 0x80, 0xCF, 0x3A, 0x9A, 0x08, 0x3B
-};
-
-unsigned char iso_test_8[WHIRLPOOL_DIGEST_LENGTH] = {
-    0x2A, 0x98, 0x7E, 0xA4, 0x0F, 0x91, 0x70, 0x61,
-    0xF5, 0xD6, 0xF0, 0xA0, 0xE4, 0x64, 0x4F, 0x48,
-    0x8A, 0x7A, 0x5A, 0x52, 0xDE, 0xEE, 0x65, 0x62,
-    0x07, 0xC5, 0x62, 0xF9, 0x88, 0xE9, 0x5C, 0x69,
-    0x16, 0xBD, 0xC8, 0x03, 0x1B, 0xC5, 0xBE, 0x1B,
-    0x7B, 0x94, 0x76, 0x39, 0xFE, 0x05, 0x0B, 0x56,
-    0x93, 0x9B, 0xAA, 0xA0, 0xAD, 0xFF, 0x9A, 0xE6,
-    0x74, 0x5B, 0x7B, 0x18, 0x1C, 0x3B, 0xE3, 0xFD
-};
-
-unsigned char iso_test_9[WHIRLPOOL_DIGEST_LENGTH] = {
-    0x0C, 0x99, 0x00, 0x5B, 0xEB, 0x57, 0xEF, 0xF5,
-    0x0A, 0x7C, 0xF0, 0x05, 0x56, 0x0D, 0xDF, 0x5D,
-    0x29, 0x05, 0x7F, 0xD8, 0x6B, 0x20, 0xBF, 0xD6,
-    0x2D, 0xEC, 0xA0, 0xF1, 0xCC, 0xEA, 0x4A, 0xF5,
-    0x1F, 0xC1, 0x54, 0x90, 0xED, 0xDC, 0x47, 0xAF,
-    0x32, 0xBB, 0x2B, 0x66, 0xC3, 0x4F, 0xF9, 0xAD,
-    0x8C, 0x60, 0x08, 0xAD, 0x67, 0x7F, 0x77, 0x12,
-    0x69, 0x53, 0xB2, 0x26, 0xE4, 0xED, 0x8B, 0x01
-};
-
-int main(int argc, char *argv[])
-{
-    unsigned char md[WHIRLPOOL_DIGEST_LENGTH];
-    int i;
-    WHIRLPOOL_CTX ctx;
-
-# ifdef OPENSSL_IA32_SSE2
-    /*
-     * Alternative to this is to call OpenSSL_add_all_algorithms... The below
-     * code is retained exclusively for debugging purposes.
-     */
-    {
-        char *env;
-
-        if ((env = getenv("OPENSSL_ia32cap")))
-            OPENSSL_ia32cap = strtoul(env, NULL, 0);
-    }
-# endif
-
-    fprintf(stdout, "Testing Whirlpool ");
-
-    WHIRLPOOL("", 0, md);
-    if (memcmp(md, iso_test_1, sizeof(iso_test_1))) {
-        fflush(stdout);
-        fprintf(stderr, "\nTEST 1 of 9 failed.\n");
-        return 1;
-    } else
-        fprintf(stdout, ".");
-    fflush(stdout);
-
-    WHIRLPOOL("a", 1, md);
-    if (memcmp(md, iso_test_2, sizeof(iso_test_2))) {
-        fflush(stdout);
-        fprintf(stderr, "\nTEST 2 of 9 failed.\n");
-        return 1;
-    } else
-        fprintf(stdout, ".");
-    fflush(stdout);
-
-    WHIRLPOOL("abc", 3, md);
-    if (memcmp(md, iso_test_3, sizeof(iso_test_3))) {
-        fflush(stdout);
-        fprintf(stderr, "\nTEST 3 of 9 failed.\n");
-        return 1;
-    } else
-        fprintf(stdout, ".");
-    fflush(stdout);
-
-    WHIRLPOOL("message digest", 14, md);
-    if (memcmp(md, iso_test_4, sizeof(iso_test_4))) {
-        fflush(stdout);
-        fprintf(stderr, "\nTEST 4 of 9 failed.\n");
-        return 1;
-    } else
-        fprintf(stdout, ".");
-    fflush(stdout);
-
-    WHIRLPOOL("abcdefghijklmnopqrstuvwxyz", 26, md);
-    if (memcmp(md, iso_test_5, sizeof(iso_test_5))) {
-        fflush(stdout);
-        fprintf(stderr, "\nTEST 5 of 9 failed.\n");
-        return 1;
-    } else
-        fprintf(stdout, ".");
-    fflush(stdout);
-
-    WHIRLPOOL("ABCDEFGHIJKLMNOPQRSTUVWXYZ"
-              "abcdefghijklmnopqrstuvwxyz" "0123456789", 62, md);
-    if (memcmp(md, iso_test_6, sizeof(iso_test_6))) {
-        fflush(stdout);
-        fprintf(stderr, "\nTEST 6 of 9 failed.\n");
-        return 1;
-    } else
-        fprintf(stdout, ".");
-    fflush(stdout);
-
-    WHIRLPOOL("1234567890" "1234567890" "1234567890" "1234567890"
-              "1234567890" "1234567890" "1234567890" "1234567890", 80, md);
-    if (memcmp(md, iso_test_7, sizeof(iso_test_7))) {
-        fflush(stdout);
-        fprintf(stderr, "\nTEST 7 of 9 failed.\n");
-        return 1;
-    } else
-        fprintf(stdout, ".");
-    fflush(stdout);
-
-    WHIRLPOOL("abcdbcdecdefdefgefghfghighijhijk", 32, md);
-    if (memcmp(md, iso_test_8, sizeof(iso_test_8))) {
-        fflush(stdout);
-        fprintf(stderr, "\nTEST 8 of 9 failed.\n");
-        return 1;
-    } else
-        fprintf(stdout, ".");
-    fflush(stdout);
-
-    WHIRLPOOL_Init(&ctx);
-    for (i = 0; i < 1000000; i += 288)
-        WHIRLPOOL_Update(&ctx, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-                         "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-                         "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-                         "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-                         "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-                         "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-                         "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-                         "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-                         "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa",
-                         (1000000 - i) < 288 ? 1000000 - i : 288);
-    WHIRLPOOL_Final(md, &ctx);
-    if (memcmp(md, iso_test_9, sizeof(iso_test_9))) {
-        fflush(stdout);
-        fprintf(stderr, "\nTEST 9 of 9 failed.\n");
-        return 1;
-    } else
-        fprintf(stdout, ".");
-    fflush(stdout);
-
-    fprintf(stdout, " passed.\n");
-    fflush(stdout);
-
-    return 0;
-}
-#endif
diff --git a/freebsd/crypto/openssl/crypto/x509/by_dir.c b/freebsd/crypto/openssl/crypto/x509/by_dir.c
index d6fb51e0..4ca30064 100644
--- a/freebsd/crypto/openssl/crypto/x509/by_dir.c
+++ b/freebsd/crypto/openssl/crypto/x509/by_dir.c
@@ -1,108 +1,56 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/x509/by_dir.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
+#include "e_os.h"
+#include "internal/cryptlib.h"
 #include <stdio.h>
 #include <time.h>
 #include <errno.h>
+#include <sys/types.h>
 
-#include "cryptlib.h"
-
-#ifndef NO_SYS_TYPES_H
-# include <sys/types.h>
-#endif
 #ifndef OPENSSL_NO_POSIX_IO
 # include <sys/stat.h>
 #endif
 
-#include <openssl/lhash.h>
 #include <openssl/x509.h>
+#include "internal/x509_int.h"
+#include "x509_lcl.h"
 
-typedef struct lookup_dir_hashes_st {
+struct lookup_dir_hashes_st {
     unsigned long hash;
     int suffix;
-} BY_DIR_HASH;
+};
 
-typedef struct lookup_dir_entry_st {
+struct lookup_dir_entry_st {
     char *dir;
     int dir_type;
     STACK_OF(BY_DIR_HASH) *hashes;
-} BY_DIR_ENTRY;
+};
 
 typedef struct lookup_dir_st {
     BUF_MEM *buffer;
     STACK_OF(BY_DIR_ENTRY) *dirs;
+    CRYPTO_RWLOCK *lock;
 } BY_DIR;
 
-DECLARE_STACK_OF(BY_DIR_HASH)
-DECLARE_STACK_OF(BY_DIR_ENTRY)
-
 static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
                     char **ret);
 static int new_dir(X509_LOOKUP *lu);
 static void free_dir(X509_LOOKUP *lu);
 static int add_cert_dir(BY_DIR *ctx, const char *dir, int type);
-static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
-                               X509_OBJECT *ret);
-X509_LOOKUP_METHOD x509_dir_lookup = {
+static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type,
+                               X509_NAME *name, X509_OBJECT *ret);
+static X509_LOOKUP_METHOD x509_dir_lookup = {
     "Load certs from files in a directory",
-    new_dir,                    /* new */
+    new_dir,                    /* new_item */
     free_dir,                   /* free */
     NULL,                       /* init */
     NULL,                       /* shutdown */
@@ -115,22 +63,20 @@ X509_LOOKUP_METHOD x509_dir_lookup = {
 
 X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void)
 {
-    return (&x509_dir_lookup);
+    return &x509_dir_lookup;
 }
 
 static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
                     char **retp)
 {
     int ret = 0;
-    BY_DIR *ld;
-    char *dir = NULL;
-
-    ld = (BY_DIR *)ctx->method_data;
+    BY_DIR *ld = (BY_DIR *)ctx->method_data;
 
     switch (cmd) {
     case X509_L_ADD_DIR:
         if (argl == X509_FILETYPE_DEFAULT) {
-            dir = (char *)getenv(X509_get_default_cert_dir_env());
+            const char *dir = getenv(X509_get_default_cert_dir_env());
+
             if (dir)
                 ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM);
             else
@@ -143,22 +89,35 @@ static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
             ret = add_cert_dir(ld, argp, (int)argl);
         break;
     }
-    return (ret);
+    return ret;
 }
 
 static int new_dir(X509_LOOKUP *lu)
 {
-    BY_DIR *a;
+    BY_DIR *a = OPENSSL_malloc(sizeof(*a));
+
+    if (a == NULL) {
+        X509err(X509_F_NEW_DIR, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
 
-    if ((a = (BY_DIR *)OPENSSL_malloc(sizeof(BY_DIR))) == NULL)
-        return (0);
     if ((a->buffer = BUF_MEM_new()) == NULL) {
-        OPENSSL_free(a);
-        return (0);
+        X509err(X509_F_NEW_DIR, ERR_R_MALLOC_FAILURE);
+        goto err;
     }
     a->dirs = NULL;
-    lu->method_data = (char *)a;
-    return (1);
+    a->lock = CRYPTO_THREAD_lock_new();
+    if (a->lock == NULL) {
+        BUF_MEM_free(a->buffer);
+        X509err(X509_F_NEW_DIR, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    lu->method_data = a;
+    return 1;
+
+ err:
+    OPENSSL_free(a);
+    return 0;
 }
 
 static void by_dir_hash_free(BY_DIR_HASH *hash)
@@ -178,28 +137,25 @@ static int by_dir_hash_cmp(const BY_DIR_HASH *const *a,
 
 static void by_dir_entry_free(BY_DIR_ENTRY *ent)
 {
-    if (ent->dir)
-        OPENSSL_free(ent->dir);
-    if (ent->hashes)
-        sk_BY_DIR_HASH_pop_free(ent->hashes, by_dir_hash_free);
+    OPENSSL_free(ent->dir);
+    sk_BY_DIR_HASH_pop_free(ent->hashes, by_dir_hash_free);
     OPENSSL_free(ent);
 }
 
 static void free_dir(X509_LOOKUP *lu)
 {
-    BY_DIR *a;
+    BY_DIR *a = (BY_DIR *)lu->method_data;
 
-    a = (BY_DIR *)lu->method_data;
-    if (a->dirs != NULL)
-        sk_BY_DIR_ENTRY_pop_free(a->dirs, by_dir_entry_free);
-    if (a->buffer != NULL)
-        BUF_MEM_free(a->buffer);
+    sk_BY_DIR_ENTRY_pop_free(a->dirs, by_dir_entry_free);
+    BUF_MEM_free(a->buffer);
+    CRYPTO_THREAD_lock_free(a->lock);
     OPENSSL_free(a);
 }
 
 static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
 {
-    int j, len;
+    int j;
+    size_t len;
     const char *s, *ss, *p;
 
     if (dir == NULL || !*dir) {
@@ -212,15 +168,15 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
     do {
         if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0')) {
             BY_DIR_ENTRY *ent;
+
             ss = s;
             s = p + 1;
-            len = (int)(p - ss);
+            len = p - ss;
             if (len == 0)
                 continue;
             for (j = 0; j < sk_BY_DIR_ENTRY_num(ctx->dirs); j++) {
                 ent = sk_BY_DIR_ENTRY_value(ctx->dirs, j);
-                if (strlen(ent->dir) == (size_t)len &&
-                    strncmp(ent->dir, ss, (unsigned int)len) == 0)
+                if (strlen(ent->dir) == len && strncmp(ent->dir, ss, len) == 0)
                     break;
             }
             if (j < sk_BY_DIR_ENTRY_num(ctx->dirs))
@@ -232,20 +188,21 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
                     return 0;
                 }
             }
-            ent = OPENSSL_malloc(sizeof(BY_DIR_ENTRY));
-            if (!ent)
+            ent = OPENSSL_malloc(sizeof(*ent));
+            if (ent == NULL) {
+                X509err(X509_F_ADD_CERT_DIR, ERR_R_MALLOC_FAILURE);
                 return 0;
+            }
             ent->dir_type = type;
             ent->hashes = sk_BY_DIR_HASH_new(by_dir_hash_cmp);
-            ent->dir = OPENSSL_malloc((unsigned int)len + 1);
-            if (!ent->dir || !ent->hashes) {
+            ent->dir = OPENSSL_strndup(ss, len);
+            if (ent->dir == NULL || ent->hashes == NULL) {
                 by_dir_entry_free(ent);
                 return 0;
             }
-            strncpy(ent->dir, ss, (unsigned int)len);
-            ent->dir[len] = '\0';
             if (!sk_BY_DIR_ENTRY_push(ctx->dirs, ent)) {
                 by_dir_entry_free(ent);
+                X509err(X509_F_ADD_CERT_DIR, ERR_R_MALLOC_FAILURE);
                 return 0;
             }
         }
@@ -253,19 +210,13 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
     return 1;
 }
 
-static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
-                               X509_OBJECT *ret)
+static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type,
+                               X509_NAME *name, X509_OBJECT *ret)
 {
     BY_DIR *ctx;
     union {
-        struct {
-            X509 st_x509;
-            X509_CINF st_x509_cinf;
-        } x509;
-        struct {
-            X509_CRL st_crl;
-            X509_CRL_INFO st_crl_info;
-        } crl;
+        X509 st_x509;
+        X509_CRL crl;
     } data;
     int ok = 0;
     int i, j, k;
@@ -275,18 +226,16 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
     const char *postfix = "";
 
     if (name == NULL)
-        return (0);
+        return 0;
 
     stmp.type = type;
     if (type == X509_LU_X509) {
-        data.x509.st_x509.cert_info = &data.x509.st_x509_cinf;
-        data.x509.st_x509_cinf.subject = name;
-        stmp.data.x509 = &data.x509.st_x509;
+        data.st_x509.cert_info.subject = name;
+        stmp.data.x509 = &data.st_x509;
         postfix = "";
     } else if (type == X509_LU_CRL) {
-        data.crl.st_crl.crl = &data.crl.st_crl_info;
-        data.crl.st_crl_info.issuer = name;
-        stmp.data.crl = &data.crl.st_crl;
+        data.crl.crl.issuer = name;
+        stmp.data.crl = &data.crl;
         postfix = "r";
     } else {
         X509err(X509_F_GET_CERT_BY_SUBJECT, X509_R_WRONG_LOOKUP_TYPE);
@@ -305,6 +254,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
         BY_DIR_ENTRY *ent;
         int idx;
         BY_DIR_HASH htmp, *hent;
+
         ent = sk_BY_DIR_ENTRY_value(ctx->dirs, i);
         j = strlen(ent->dir) + 1 + 8 + 6 + 1 + 1;
         if (!BUF_MEM_grow(b, j)) {
@@ -313,7 +263,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
         }
         if (type == X509_LU_CRL && ent->hashes) {
             htmp.hash = h;
-            CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE);
+            CRYPTO_THREAD_read_lock(ctx->lock);
             idx = sk_BY_DIR_HASH_find(ent->hashes, &htmp);
             if (idx >= 0) {
                 hent = sk_BY_DIR_HASH_value(ent->hashes, idx);
@@ -322,7 +272,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
                 hent = NULL;
                 k = 0;
             }
-            CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE);
+            CRYPTO_THREAD_unlock(ctx->lock);
         } else {
             k = 0;
             hent = NULL;
@@ -379,47 +329,46 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
         /*
          * we have added it to the cache so now pull it out again
          */
-        CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+        CRYPTO_THREAD_write_lock(ctx->lock);
         j = sk_X509_OBJECT_find(xl->store_ctx->objs, &stmp);
-        if (j != -1)
-            tmp = sk_X509_OBJECT_value(xl->store_ctx->objs, j);
-        else
-            tmp = NULL;
-        CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+        tmp = sk_X509_OBJECT_value(xl->store_ctx->objs, j);
+        CRYPTO_THREAD_unlock(ctx->lock);
 
         /* If a CRL, update the last file suffix added for this */
 
         if (type == X509_LU_CRL) {
-            CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+            CRYPTO_THREAD_write_lock(ctx->lock);
             /*
              * Look for entry again in case another thread added an entry
              * first.
              */
-            if (!hent) {
+            if (hent == NULL) {
                 htmp.hash = h;
                 idx = sk_BY_DIR_HASH_find(ent->hashes, &htmp);
-                if (idx >= 0)
-                    hent = sk_BY_DIR_HASH_value(ent->hashes, idx);
+                hent = sk_BY_DIR_HASH_value(ent->hashes, idx);
             }
-            if (!hent) {
-                hent = OPENSSL_malloc(sizeof(BY_DIR_HASH));
+            if (hent == NULL) {
+                hent = OPENSSL_malloc(sizeof(*hent));
                 if (hent == NULL) {
-                    CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+                    CRYPTO_THREAD_unlock(ctx->lock);
                     X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_MALLOC_FAILURE);
+                    ok = 0;
                     goto finish;
                 }
                 hent->hash = h;
                 hent->suffix = k;
                 if (!sk_BY_DIR_HASH_push(ent->hashes, hent)) {
-                    CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+                    CRYPTO_THREAD_unlock(ctx->lock);
                     OPENSSL_free(hent);
+                    X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_MALLOC_FAILURE);
                     ok = 0;
                     goto finish;
                 }
-            } else if (hent->suffix < k)
+            } else if (hent->suffix < k) {
                 hent->suffix = k;
+            }
 
-            CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+            CRYPTO_THREAD_unlock(ctx->lock);
 
         }
 
@@ -427,17 +376,17 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
             ok = 1;
             ret->type = tmp->type;
             memcpy(&ret->data, &tmp->data, sizeof(ret->data));
+
             /*
-             * If we were going to up the reference count, we would need to
-             * do it on a perl 'type' basis
+             * Clear any errors that might have been raised processing empty
+             * or malformed files.
              */
-        /*- CRYPTO_add(&tmp->data.x509->references,1,
-                    CRYPTO_LOCK_X509);*/
+            ERR_clear_error();
+
             goto finish;
         }
     }
  finish:
-    if (b != NULL)
-        BUF_MEM_free(b);
-    return (ok);
+    BUF_MEM_free(b);
+    return ok;
 }
diff --git a/freebsd/crypto/openssl/crypto/x509/by_file.c b/freebsd/crypto/openssl/crypto/x509/by_file.c
index f795f1cb..8ebdeecd 100644
--- a/freebsd/crypto/openssl/crypto/x509/by_file.c
+++ b/freebsd/crypto/openssl/crypto/x509/by_file.c
@@ -1,80 +1,29 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/x509/by_file.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <time.h>
 #include <errno.h>
 
-#include "cryptlib.h"
-#include <openssl/lhash.h>
+#include "internal/cryptlib.h"
 #include <openssl/buffer.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
-
-#ifndef OPENSSL_NO_STDIO
+#include "x509_lcl.h"
 
 static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
                         long argl, char **ret);
-X509_LOOKUP_METHOD x509_file_lookup = {
+static X509_LOOKUP_METHOD x509_file_lookup = {
     "Load file into cache",
-    NULL,                       /* new */
+    NULL,                       /* new_item */
     NULL,                       /* free */
     NULL,                       /* init */
     NULL,                       /* shutdown */
@@ -87,7 +36,7 @@ X509_LOOKUP_METHOD x509_file_lookup = {
 
 X509_LOOKUP_METHOD *X509_LOOKUP_file(void)
 {
-    return (&x509_file_lookup);
+    return &x509_file_lookup;
 }
 
 static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp,
@@ -121,7 +70,7 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp,
         }
         break;
     }
-    return (ok);
+    return ok;
 }
 
 int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)
@@ -131,9 +80,7 @@ int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)
     int i, count = 0;
     X509 *x = NULL;
 
-    if (file == NULL)
-        return (1);
-    in = BIO_new(BIO_s_file_internal());
+    in = BIO_new(BIO_s_file());
 
     if ((in == NULL) || (BIO_read_filename(in, file) <= 0)) {
         X509err(X509_F_X509_LOAD_CERT_FILE, ERR_R_SYS_LIB);
@@ -175,12 +122,12 @@ int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)
         X509err(X509_F_X509_LOAD_CERT_FILE, X509_R_BAD_X509_FILETYPE);
         goto err;
     }
+    if (ret == 0)
+        X509err(X509_F_X509_LOAD_CERT_FILE, X509_R_NO_CERTIFICATE_FOUND);
  err:
-    if (x != NULL)
-        X509_free(x);
-    if (in != NULL)
-        BIO_free(in);
-    return (ret);
+    X509_free(x);
+    BIO_free(in);
+    return ret;
 }
 
 int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type)
@@ -190,9 +137,7 @@ int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type)
     int i, count = 0;
     X509_CRL *x = NULL;
 
-    if (file == NULL)
-        return (1);
-    in = BIO_new(BIO_s_file_internal());
+    in = BIO_new(BIO_s_file());
 
     if ((in == NULL) || (BIO_read_filename(in, file) <= 0)) {
         X509err(X509_F_X509_LOAD_CRL_FILE, ERR_R_SYS_LIB);
@@ -234,12 +179,12 @@ int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type)
         X509err(X509_F_X509_LOAD_CRL_FILE, X509_R_BAD_X509_FILETYPE);
         goto err;
     }
+    if (ret == 0)
+        X509err(X509_F_X509_LOAD_CRL_FILE, X509_R_NO_CRL_FOUND);
  err:
-    if (x != NULL)
-        X509_CRL_free(x);
-    if (in != NULL)
-        BIO_free(in);
-    return (ret);
+    X509_CRL_free(x);
+    BIO_free(in);
+    return ret;
 }
 
 int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type)
@@ -248,6 +193,7 @@ int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type)
     X509_INFO *itmp;
     BIO *in;
     int i, count = 0;
+
     if (type != X509_FILETYPE_PEM)
         return X509_load_cert_file(ctx, file, type);
     in = BIO_new_file(file, "r");
@@ -264,16 +210,20 @@ int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type)
     for (i = 0; i < sk_X509_INFO_num(inf); i++) {
         itmp = sk_X509_INFO_value(inf, i);
         if (itmp->x509) {
-            X509_STORE_add_cert(ctx->store_ctx, itmp->x509);
+            if (!X509_STORE_add_cert(ctx->store_ctx, itmp->x509))
+                goto err;
             count++;
         }
         if (itmp->crl) {
-            X509_STORE_add_crl(ctx->store_ctx, itmp->crl);
+            if (!X509_STORE_add_crl(ctx->store_ctx, itmp->crl))
+                goto err;
             count++;
         }
     }
+    if (count == 0)
+        X509err(X509_F_X509_LOAD_CERT_CRL_FILE,
+                X509_R_NO_CERTIFICATE_OR_CRL_FOUND);
+ err:
     sk_X509_INFO_pop_free(inf, X509_INFO_free);
     return count;
 }
-
-#endif                          /* OPENSSL_NO_STDIO */
diff --git a/freebsd/crypto/openssl/crypto/x509/t_crl.c b/freebsd/crypto/openssl/crypto/x509/t_crl.c
new file mode 100644
index 00000000..c137c3be
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/x509/t_crl.c
@@ -0,0 +1,96 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/bn.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+#ifndef OPENSSL_NO_STDIO
+int X509_CRL_print_fp(FILE *fp, X509_CRL *x)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        X509err(X509_F_X509_CRL_PRINT_FP, ERR_R_BUF_LIB);
+        return 0;
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = X509_CRL_print(b, x);
+    BIO_free(b);
+    return ret;
+}
+#endif
+
+int X509_CRL_print(BIO *out, X509_CRL *x)
+{
+  return X509_CRL_print_ex(out, x, XN_FLAG_COMPAT);
+}
+
+int X509_CRL_print_ex(BIO *out, X509_CRL *x, unsigned long nmflag)
+{
+    STACK_OF(X509_REVOKED) *rev;
+    X509_REVOKED *r;
+    const X509_ALGOR *sig_alg;
+    const ASN1_BIT_STRING *sig;
+    long l;
+    int i;
+
+    BIO_printf(out, "Certificate Revocation List (CRL):\n");
+    l = X509_CRL_get_version(x);
+    if (l >= 0 && l <= 1)
+        BIO_printf(out, "%8sVersion %ld (0x%lx)\n", "", l + 1, (unsigned long)l);
+    else
+        BIO_printf(out, "%8sVersion unknown (%ld)\n", "", l);
+    X509_CRL_get0_signature(x, &sig, &sig_alg);
+    BIO_puts(out, "    ");
+    X509_signature_print(out, sig_alg, NULL);
+    BIO_printf(out, "%8sIssuer: ", "");
+    X509_NAME_print_ex(out, X509_CRL_get_issuer(x), 0, nmflag);
+    BIO_puts(out, "\n");
+    BIO_printf(out, "%8sLast Update: ", "");
+    ASN1_TIME_print(out, X509_CRL_get0_lastUpdate(x));
+    BIO_printf(out, "\n%8sNext Update: ", "");
+    if (X509_CRL_get0_nextUpdate(x))
+        ASN1_TIME_print(out, X509_CRL_get0_nextUpdate(x));
+    else
+        BIO_printf(out, "NONE");
+    BIO_printf(out, "\n");
+
+    X509V3_extensions_print(out, "CRL extensions",
+                            X509_CRL_get0_extensions(x), 0, 8);
+
+    rev = X509_CRL_get_REVOKED(x);
+
+    if (sk_X509_REVOKED_num(rev) > 0)
+        BIO_printf(out, "Revoked Certificates:\n");
+    else
+        BIO_printf(out, "No Revoked Certificates.\n");
+
+    for (i = 0; i < sk_X509_REVOKED_num(rev); i++) {
+        r = sk_X509_REVOKED_value(rev, i);
+        BIO_printf(out, "    Serial Number: ");
+        i2a_ASN1_INTEGER(out, X509_REVOKED_get0_serialNumber(r));
+        BIO_printf(out, "\n        Revocation Date: ");
+        ASN1_TIME_print(out, X509_REVOKED_get0_revocationDate(r));
+        BIO_printf(out, "\n");
+        X509V3_extensions_print(out, "CRL entry extensions",
+                                X509_REVOKED_get0_extensions(r), 0, 8);
+    }
+    X509_signature_print(out, sig_alg, sig);
+
+    return 1;
+
+}
diff --git a/freebsd/crypto/openssl/crypto/x509/t_req.c b/freebsd/crypto/openssl/crypto/x509/t_req.c
new file mode 100644
index 00000000..b0d261fb
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/x509/t_req.c
@@ -0,0 +1,212 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/bn.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+
+#ifndef OPENSSL_NO_STDIO
+int X509_REQ_print_fp(FILE *fp, X509_REQ *x)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        X509err(X509_F_X509_REQ_PRINT_FP, ERR_R_BUF_LIB);
+        return 0;
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = X509_REQ_print(b, x);
+    BIO_free(b);
+    return ret;
+}
+#endif
+
+int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags,
+                      unsigned long cflag)
+{
+    long l;
+    int i;
+    EVP_PKEY *pkey;
+    STACK_OF(X509_EXTENSION) *exts;
+    char mlch = ' ';
+    int nmindent = 0;
+
+    if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
+        mlch = '\n';
+        nmindent = 12;
+    }
+
+    if (nmflags == X509_FLAG_COMPAT)
+        nmindent = 16;
+
+    if (!(cflag & X509_FLAG_NO_HEADER)) {
+        if (BIO_write(bp, "Certificate Request:\n", 21) <= 0)
+            goto err;
+        if (BIO_write(bp, "    Data:\n", 10) <= 0)
+            goto err;
+    }
+    if (!(cflag & X509_FLAG_NO_VERSION)) {
+        l = X509_REQ_get_version(x);
+        if (l >= 0 && l <= 2) {
+            if (BIO_printf(bp, "%8sVersion: %ld (0x%lx)\n", "", l + 1, (unsigned long)l) <= 0)
+                goto err;
+        } else {
+            if (BIO_printf(bp, "%8sVersion: Unknown (%ld)\n", "", l) <= 0)
+                goto err;
+        }
+    }
+    if (!(cflag & X509_FLAG_NO_SUBJECT)) {
+        if (BIO_printf(bp, "        Subject:%c", mlch) <= 0)
+            goto err;
+        if (X509_NAME_print_ex(bp, X509_REQ_get_subject_name(x),
+            nmindent, nmflags) < 0)
+            goto err;
+        if (BIO_write(bp, "\n", 1) <= 0)
+            goto err;
+    }
+    if (!(cflag & X509_FLAG_NO_PUBKEY)) {
+        X509_PUBKEY *xpkey;
+        ASN1_OBJECT *koid;
+        if (BIO_write(bp, "        Subject Public Key Info:\n", 33) <= 0)
+            goto err;
+        if (BIO_printf(bp, "%12sPublic Key Algorithm: ", "") <= 0)
+            goto err;
+        xpkey = X509_REQ_get_X509_PUBKEY(x);
+        X509_PUBKEY_get0_param(&koid, NULL, NULL, NULL, xpkey);
+        if (i2a_ASN1_OBJECT(bp, koid) <= 0)
+            goto err;
+        if (BIO_puts(bp, "\n") <= 0)
+            goto err;
+
+        pkey = X509_REQ_get0_pubkey(x);
+        if (pkey == NULL) {
+            if (BIO_printf(bp, "%12sUnable to load Public Key\n", "") <= 0)
+                goto err;
+            ERR_print_errors(bp);
+        } else {
+            if (EVP_PKEY_print_public(bp, pkey, 16, NULL) <= 0)
+                goto err;
+        }
+    }
+
+    if (!(cflag & X509_FLAG_NO_ATTRIBUTES)) {
+        /* may not be */
+        if (BIO_printf(bp, "%8sAttributes:\n", "") <= 0)
+            goto err;
+
+        if (X509_REQ_get_attr_count(x) == 0) {
+            if (BIO_printf(bp, "%12sa0:00\n", "") <= 0)
+                goto err;
+        } else {
+            for (i = 0; i < X509_REQ_get_attr_count(x); i++) {
+                ASN1_TYPE *at;
+                X509_ATTRIBUTE *a;
+                ASN1_BIT_STRING *bs = NULL;
+                ASN1_OBJECT *aobj;
+                int j, type = 0, count = 1, ii = 0;
+
+                a = X509_REQ_get_attr(x, i);
+                aobj = X509_ATTRIBUTE_get0_object(a);
+                if (X509_REQ_extension_nid(OBJ_obj2nid(aobj)))
+                    continue;
+                if (BIO_printf(bp, "%12s", "") <= 0)
+                    goto err;
+                if ((j = i2a_ASN1_OBJECT(bp, aobj)) > 0) {
+                    ii = 0;
+                    count = X509_ATTRIBUTE_count(a);
+ get_next:
+                    at = X509_ATTRIBUTE_get0_type(a, ii);
+                    type = at->type;
+                    bs = at->value.asn1_string;
+                }
+                for (j = 25 - j; j > 0; j--)
+                    if (BIO_write(bp, " ", 1) != 1)
+                        goto err;
+                if (BIO_puts(bp, ":") <= 0)
+                    goto err;
+                switch (type) {
+                case V_ASN1_PRINTABLESTRING:
+                case V_ASN1_T61STRING:
+                case V_ASN1_NUMERICSTRING:
+                case V_ASN1_UTF8STRING:
+                case V_ASN1_IA5STRING:
+                    if (BIO_write(bp, (char *)bs->data, bs->length)
+                            != bs->length)
+                        goto err;
+                    if (BIO_puts(bp, "\n") <= 0)
+                        goto err;
+                    break;
+                default:
+                    if (BIO_puts(bp, "unable to print attribute\n") <= 0)
+                        goto err;
+                    break;
+                }
+                if (++ii < count)
+                    goto get_next;
+            }
+        }
+    }
+    if (!(cflag & X509_FLAG_NO_EXTENSIONS)) {
+        exts = X509_REQ_get_extensions(x);
+        if (exts) {
+            if (BIO_printf(bp, "%8sRequested Extensions:\n", "") <= 0)
+                goto err;
+            for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
+                ASN1_OBJECT *obj;
+                X509_EXTENSION *ex;
+                int critical;
+                ex = sk_X509_EXTENSION_value(exts, i);
+                if (BIO_printf(bp, "%12s", "") <= 0)
+                    goto err;
+                obj = X509_EXTENSION_get_object(ex);
+                if (i2a_ASN1_OBJECT(bp, obj) <= 0)
+                    goto err;
+                critical = X509_EXTENSION_get_critical(ex);
+                if (BIO_printf(bp, ": %s\n", critical ? "critical" : "") <= 0)
+                    goto err;
+                if (!X509V3_EXT_print(bp, ex, cflag, 16)) {
+                    if (BIO_printf(bp, "%16s", "") <= 0
+                        || ASN1_STRING_print(bp,
+                                             X509_EXTENSION_get_data(ex)) <= 0)
+                        goto err;
+                }
+                if (BIO_write(bp, "\n", 1) <= 0)
+                    goto err;
+            }
+            sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
+        }
+    }
+
+    if (!(cflag & X509_FLAG_NO_SIGDUMP)) {
+        const X509_ALGOR *sig_alg;
+        const ASN1_BIT_STRING *sig;
+        X509_REQ_get0_signature(x, &sig, &sig_alg);
+        if (!X509_signature_print(bp, sig_alg, sig))
+            goto err;
+    }
+
+    return 1;
+ err:
+    X509err(X509_F_X509_REQ_PRINT_EX, ERR_R_BUF_LIB);
+    return 0;
+}
+
+int X509_REQ_print(BIO *bp, X509_REQ *x)
+{
+    return X509_REQ_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
+}
diff --git a/freebsd/crypto/openssl/crypto/x509/t_x509.c b/freebsd/crypto/openssl/crypto/x509/t_x509.c
new file mode 100644
index 00000000..ae9129bc
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/x509/t_x509.c
@@ -0,0 +1,381 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/bn.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include "internal/asn1_int.h"
+
+#ifndef OPENSSL_NO_STDIO
+int X509_print_fp(FILE *fp, X509 *x)
+{
+    return X509_print_ex_fp(fp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
+}
+
+int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag,
+                     unsigned long cflag)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        X509err(X509_F_X509_PRINT_EX_FP, ERR_R_BUF_LIB);
+        return 0;
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = X509_print_ex(b, x, nmflag, cflag);
+    BIO_free(b);
+    return ret;
+}
+#endif
+
+int X509_print(BIO *bp, X509 *x)
+{
+    return X509_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
+}
+
+int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,
+                  unsigned long cflag)
+{
+    long l;
+    int ret = 0, i;
+    char *m = NULL, mlch = ' ';
+    int nmindent = 0;
+    ASN1_INTEGER *bs;
+    EVP_PKEY *pkey = NULL;
+    const char *neg;
+
+    if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
+        mlch = '\n';
+        nmindent = 12;
+    }
+
+    if (nmflags == X509_FLAG_COMPAT)
+        nmindent = 16;
+
+    if (!(cflag & X509_FLAG_NO_HEADER)) {
+        if (BIO_write(bp, "Certificate:\n", 13) <= 0)
+            goto err;
+        if (BIO_write(bp, "    Data:\n", 10) <= 0)
+            goto err;
+    }
+    if (!(cflag & X509_FLAG_NO_VERSION)) {
+        l = X509_get_version(x);
+        if (l >= 0 && l <= 2) {
+            if (BIO_printf(bp, "%8sVersion: %ld (0x%lx)\n", "", l + 1, (unsigned long)l) <= 0)
+                goto err;
+        } else {
+            if (BIO_printf(bp, "%8sVersion: Unknown (%ld)\n", "", l) <= 0)
+                goto err;
+        }
+    }
+    if (!(cflag & X509_FLAG_NO_SERIAL)) {
+
+        if (BIO_write(bp, "        Serial Number:", 22) <= 0)
+            goto err;
+
+        bs = X509_get_serialNumber(x);
+        if (bs->length <= (int)sizeof(long)) {
+                ERR_set_mark();
+                l = ASN1_INTEGER_get(bs);
+                ERR_pop_to_mark();
+        } else {
+            l = -1;
+        }
+        if (l != -1) {
+            unsigned long ul;
+            if (bs->type == V_ASN1_NEG_INTEGER) {
+                ul = 0 - (unsigned long)l;
+                neg = "-";
+            } else {
+                ul = l;
+                neg = "";
+            }
+            if (BIO_printf(bp, " %s%lu (%s0x%lx)\n", neg, ul, neg, ul) <= 0)
+                goto err;
+        } else {
+            neg = (bs->type == V_ASN1_NEG_INTEGER) ? " (Negative)" : "";
+            if (BIO_printf(bp, "\n%12s%s", "", neg) <= 0)
+                goto err;
+
+            for (i = 0; i < bs->length; i++) {
+                if (BIO_printf(bp, "%02x%c", bs->data[i],
+                               ((i + 1 == bs->length) ? '\n' : ':')) <= 0)
+                    goto err;
+            }
+        }
+
+    }
+
+    if (!(cflag & X509_FLAG_NO_SIGNAME)) {
+        const X509_ALGOR *tsig_alg = X509_get0_tbs_sigalg(x);
+
+        if (BIO_puts(bp, "    ") <= 0)
+            goto err;
+        if (X509_signature_print(bp, tsig_alg, NULL) <= 0)
+            goto err;
+    }
+
+    if (!(cflag & X509_FLAG_NO_ISSUER)) {
+        if (BIO_printf(bp, "        Issuer:%c", mlch) <= 0)
+            goto err;
+        if (X509_NAME_print_ex(bp, X509_get_issuer_name(x), nmindent, nmflags)
+            < 0)
+            goto err;
+        if (BIO_write(bp, "\n", 1) <= 0)
+            goto err;
+    }
+    if (!(cflag & X509_FLAG_NO_VALIDITY)) {
+        if (BIO_write(bp, "        Validity\n", 17) <= 0)
+            goto err;
+        if (BIO_write(bp, "            Not Before: ", 24) <= 0)
+            goto err;
+        if (!ASN1_TIME_print(bp, X509_get0_notBefore(x)))
+            goto err;
+        if (BIO_write(bp, "\n            Not After : ", 25) <= 0)
+            goto err;
+        if (!ASN1_TIME_print(bp, X509_get0_notAfter(x)))
+            goto err;
+        if (BIO_write(bp, "\n", 1) <= 0)
+            goto err;
+    }
+    if (!(cflag & X509_FLAG_NO_SUBJECT)) {
+        if (BIO_printf(bp, "        Subject:%c", mlch) <= 0)
+            goto err;
+        if (X509_NAME_print_ex
+            (bp, X509_get_subject_name(x), nmindent, nmflags) < 0)
+            goto err;
+        if (BIO_write(bp, "\n", 1) <= 0)
+            goto err;
+    }
+    if (!(cflag & X509_FLAG_NO_PUBKEY)) {
+        X509_PUBKEY *xpkey = X509_get_X509_PUBKEY(x);
+        ASN1_OBJECT *xpoid;
+        X509_PUBKEY_get0_param(&xpoid, NULL, NULL, NULL, xpkey);
+        if (BIO_write(bp, "        Subject Public Key Info:\n", 33) <= 0)
+            goto err;
+        if (BIO_printf(bp, "%12sPublic Key Algorithm: ", "") <= 0)
+            goto err;
+        if (i2a_ASN1_OBJECT(bp, xpoid) <= 0)
+            goto err;
+        if (BIO_puts(bp, "\n") <= 0)
+            goto err;
+
+        pkey = X509_get0_pubkey(x);
+        if (pkey == NULL) {
+            BIO_printf(bp, "%12sUnable to load Public Key\n", "");
+            ERR_print_errors(bp);
+        } else {
+            EVP_PKEY_print_public(bp, pkey, 16, NULL);
+        }
+    }
+
+    if (!(cflag & X509_FLAG_NO_IDS)) {
+        const ASN1_BIT_STRING *iuid, *suid;
+        X509_get0_uids(x, &iuid, &suid);
+        if (iuid != NULL) {
+            if (BIO_printf(bp, "%8sIssuer Unique ID: ", "") <= 0)
+                goto err;
+            if (!X509_signature_dump(bp, iuid, 12))
+                goto err;
+        }
+        if (suid != NULL) {
+            if (BIO_printf(bp, "%8sSubject Unique ID: ", "") <= 0)
+                goto err;
+            if (!X509_signature_dump(bp, suid, 12))
+                goto err;
+        }
+    }
+
+    if (!(cflag & X509_FLAG_NO_EXTENSIONS))
+        X509V3_extensions_print(bp, "X509v3 extensions",
+                                X509_get0_extensions(x), cflag, 8);
+
+    if (!(cflag & X509_FLAG_NO_SIGDUMP)) {
+        const X509_ALGOR *sig_alg;
+        const ASN1_BIT_STRING *sig;
+        X509_get0_signature(&sig, &sig_alg, x);
+        if (X509_signature_print(bp, sig_alg, sig) <= 0)
+            goto err;
+    }
+    if (!(cflag & X509_FLAG_NO_AUX)) {
+        if (!X509_aux_print(bp, x, 0))
+            goto err;
+    }
+    ret = 1;
+ err:
+    OPENSSL_free(m);
+    return ret;
+}
+
+int X509_ocspid_print(BIO *bp, X509 *x)
+{
+    unsigned char *der = NULL;
+    unsigned char *dertmp;
+    int derlen;
+    int i;
+    unsigned char SHA1md[SHA_DIGEST_LENGTH];
+    ASN1_BIT_STRING *keybstr;
+    X509_NAME *subj;
+
+    /*
+     * display the hash of the subject as it would appear in OCSP requests
+     */
+    if (BIO_printf(bp, "        Subject OCSP hash: ") <= 0)
+        goto err;
+    subj = X509_get_subject_name(x);
+    derlen = i2d_X509_NAME(subj, NULL);
+    if ((der = dertmp = OPENSSL_malloc(derlen)) == NULL)
+        goto err;
+    i2d_X509_NAME(subj, &dertmp);
+
+    if (!EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL))
+        goto err;
+    for (i = 0; i < SHA_DIGEST_LENGTH; i++) {
+        if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0)
+            goto err;
+    }
+    OPENSSL_free(der);
+    der = NULL;
+
+    /*
+     * display the hash of the public key as it would appear in OCSP requests
+     */
+    if (BIO_printf(bp, "\n        Public key OCSP hash: ") <= 0)
+        goto err;
+
+    keybstr = X509_get0_pubkey_bitstr(x);
+
+    if (keybstr == NULL)
+        goto err;
+
+    if (!EVP_Digest(ASN1_STRING_get0_data(keybstr),
+                    ASN1_STRING_length(keybstr), SHA1md, NULL, EVP_sha1(),
+                    NULL))
+        goto err;
+    for (i = 0; i < SHA_DIGEST_LENGTH; i++) {
+        if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0)
+            goto err;
+    }
+    BIO_printf(bp, "\n");
+
+    return 1;
+ err:
+    OPENSSL_free(der);
+    return 0;
+}
+
+int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent)
+{
+    const unsigned char *s;
+    int i, n;
+
+    n = sig->length;
+    s = sig->data;
+    for (i = 0; i < n; i++) {
+        if ((i % 18) == 0) {
+            if (BIO_write(bp, "\n", 1) <= 0)
+                return 0;
+            if (BIO_indent(bp, indent, indent) <= 0)
+                return 0;
+        }
+        if (BIO_printf(bp, "%02x%s", s[i], ((i + 1) == n) ? "" : ":") <= 0)
+            return 0;
+    }
+    if (BIO_write(bp, "\n", 1) != 1)
+        return 0;
+
+    return 1;
+}
+
+int X509_signature_print(BIO *bp, const X509_ALGOR *sigalg,
+                         const ASN1_STRING *sig)
+{
+    int sig_nid;
+    if (BIO_puts(bp, "    Signature Algorithm: ") <= 0)
+        return 0;
+    if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0)
+        return 0;
+
+    sig_nid = OBJ_obj2nid(sigalg->algorithm);
+    if (sig_nid != NID_undef) {
+        int pkey_nid, dig_nid;
+        const EVP_PKEY_ASN1_METHOD *ameth;
+        if (OBJ_find_sigid_algs(sig_nid, &dig_nid, &pkey_nid)) {
+            ameth = EVP_PKEY_asn1_find(NULL, pkey_nid);
+            if (ameth && ameth->sig_print)
+                return ameth->sig_print(bp, sigalg, sig, 9, 0);
+        }
+    }
+    if (sig)
+        return X509_signature_dump(bp, sig, 9);
+    else if (BIO_puts(bp, "\n") <= 0)
+        return 0;
+    return 1;
+}
+
+int X509_aux_print(BIO *out, X509 *x, int indent)
+{
+    char oidstr[80], first;
+    STACK_OF(ASN1_OBJECT) *trust, *reject;
+    const unsigned char *alias, *keyid;
+    int keyidlen;
+    int i;
+    if (X509_trusted(x) == 0)
+        return 1;
+    trust = X509_get0_trust_objects(x);
+    reject = X509_get0_reject_objects(x);
+    if (trust) {
+        first = 1;
+        BIO_printf(out, "%*sTrusted Uses:\n%*s", indent, "", indent + 2, "");
+        for (i = 0; i < sk_ASN1_OBJECT_num(trust); i++) {
+            if (!first)
+                BIO_puts(out, ", ");
+            else
+                first = 0;
+            OBJ_obj2txt(oidstr, sizeof(oidstr),
+                        sk_ASN1_OBJECT_value(trust, i), 0);
+            BIO_puts(out, oidstr);
+        }
+        BIO_puts(out, "\n");
+    } else
+        BIO_printf(out, "%*sNo Trusted Uses.\n", indent, "");
+    if (reject) {
+        first = 1;
+        BIO_printf(out, "%*sRejected Uses:\n%*s", indent, "", indent + 2, "");
+        for (i = 0; i < sk_ASN1_OBJECT_num(reject); i++) {
+            if (!first)
+                BIO_puts(out, ", ");
+            else
+                first = 0;
+            OBJ_obj2txt(oidstr, sizeof(oidstr),
+                        sk_ASN1_OBJECT_value(reject, i), 0);
+            BIO_puts(out, oidstr);
+        }
+        BIO_puts(out, "\n");
+    } else
+        BIO_printf(out, "%*sNo Rejected Uses.\n", indent, "");
+    alias = X509_alias_get0(x, NULL);
+    if (alias)
+        BIO_printf(out, "%*sAlias: %s\n", indent, "", alias);
+    keyid = X509_keyid_get0(x, &keyidlen);
+    if (keyid) {
+        BIO_printf(out, "%*sKey Id: ", indent, "");
+        for (i = 0; i < keyidlen; i++)
+            BIO_printf(out, "%s%02X", i ? ":" : "", keyid[i]);
+        BIO_write(out, "\n", 1);
+    }
+    return 1;
+}
diff --git a/freebsd/crypto/openssl/crypto/x509/verify_extra_test.c b/freebsd/crypto/openssl/crypto/x509/verify_extra_test.c
deleted file mode 100644
index b560a478..00000000
--- a/freebsd/crypto/openssl/crypto/x509/verify_extra_test.c
+++ /dev/null
@@ -1,210 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/*
- * Written by Matt Caswell for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2015 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <openssl/crypto.h>
-#include <openssl/bio.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/err.h>
-
-static STACK_OF(X509) *load_certs_from_file(const char *filename)
-{
-    STACK_OF(X509) *certs;
-    BIO *bio;
-    X509 *x;
-
-    bio = BIO_new_file(filename, "r");
-
-    if (bio == NULL) {
-        return NULL;
-    }
-
-    certs = sk_X509_new_null();
-    if (certs == NULL) {
-        BIO_free(bio);
-        return NULL;
-    }
-
-    ERR_set_mark();
-    do {
-        x = PEM_read_bio_X509(bio, NULL, 0, NULL);
-        if (x != NULL && !sk_X509_push(certs, x)) {
-            sk_X509_pop_free(certs, X509_free);
-            BIO_free(bio);
-            return NULL;
-        } else if (x == NULL) {
-            /*
-             * We probably just ran out of certs, so ignore any errors
-             * generated
-             */
-            ERR_pop_to_mark();
-        }
-    } while (x != NULL);
-
-    BIO_free(bio);
-
-    return certs;
-}
-
-/*
- * Test for CVE-2015-1793 (Alternate Chains Certificate Forgery)
- *
- * Chain is as follows:
- *
- * rootCA (self-signed)
- *   |
- * interCA
- *   |
- * subinterCA       subinterCA (self-signed)
- *   |                   |
- * leaf ------------------
- *   |
- * bad
- *
- * rootCA, interCA, subinterCA, subinterCA (ss) all have CA=TRUE
- * leaf and bad have CA=FALSE
- *
- * subinterCA and subinterCA (ss) have the same subject name and keys
- *
- * interCA (but not rootCA) and subinterCA (ss) are in the trusted store
- * (roots.pem)
- * leaf and subinterCA are in the untrusted list (untrusted.pem)
- * bad is the certificate being verified (bad.pem)
- *
- * Versions vulnerable to CVE-2015-1793 will fail to detect that leaf has
- * CA=FALSE, and will therefore incorrectly verify bad
- *
- */
-static int test_alt_chains_cert_forgery(void)
-{
-    int ret = 0;
-    int i;
-    X509 *x = NULL;
-    STACK_OF(X509) *untrusted = NULL;
-    BIO *bio = NULL;
-    X509_STORE_CTX *sctx = NULL;
-    X509_STORE *store = NULL;
-    X509_LOOKUP *lookup = NULL;
-
-    store = X509_STORE_new();
-    if (store == NULL)
-        goto err;
-
-    lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
-    if (lookup == NULL)
-        goto err;
-    if(!X509_LOOKUP_load_file(lookup, "certs/roots.pem", X509_FILETYPE_PEM))
-        goto err;
-
-    untrusted = load_certs_from_file("certs/untrusted.pem");
-
-    if ((bio = BIO_new_file("certs/bad.pem", "r")) == NULL)
-        goto err;
-
-    if((x = PEM_read_bio_X509(bio, NULL, 0, NULL)) == NULL)
-        goto err;
-
-    sctx = X509_STORE_CTX_new();
-    if (sctx == NULL)
-        goto err;
-
-    if (!X509_STORE_CTX_init(sctx, store, x, untrusted))
-        goto err;
-
-    i = X509_verify_cert(sctx);
-
-    if(i == 0 && X509_STORE_CTX_get_error(sctx) == X509_V_ERR_INVALID_CA) {
-        /* This is the result we were expecting: Test passed */
-        ret = 1;
-    }
- err:
-    X509_STORE_CTX_free(sctx);
-    X509_free(x);
-    BIO_free(bio);
-    sk_X509_pop_free(untrusted, X509_free);
-    X509_STORE_free(store);
-    if (ret != 1)
-        ERR_print_errors_fp(stderr);
-    return ret;
-}
-
-int main(void)
-{
-    CRYPTO_malloc_debug_init();
-    CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
-    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
-    ERR_load_crypto_strings();
-    OpenSSL_add_all_digests();
-
-    if (!test_alt_chains_cert_forgery()) {
-        fprintf(stderr, "Test alt chains cert forgery failed\n");
-        return 1;
-    }
-
-    EVP_cleanup();
-    CRYPTO_cleanup_all_ex_data();
-    ERR_remove_thread_state(NULL);
-    ERR_free_strings();
-    CRYPTO_mem_leaks_fp(stderr);
-
-    printf("PASS\n");
-    return 0;
-}
diff --git a/freebsd/crypto/openssl/crypto/x509/vpm_int.h b/freebsd/crypto/openssl/crypto/x509/vpm_int.h
deleted file mode 100644
index 9c55defc..00000000
--- a/freebsd/crypto/openssl/crypto/x509/vpm_int.h
+++ /dev/null
@@ -1,70 +0,0 @@
-/* vpm_int.h */
-/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2013.
- */
-/* ====================================================================
- * Copyright (c) 2013 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* internal only structure to hold additional X509_VERIFY_PARAM data */
-
-struct X509_VERIFY_PARAM_ID_st {
-    STACK_OF(OPENSSL_STRING) *hosts; /* Set of acceptable names */
-    unsigned int hostflags;     /* Flags to control matching features */
-    char *peername;             /* Matching hostname in peer certificate */
-    char *email;                /* If not NULL email address to match */
-    size_t emaillen;
-    unsigned char *ip;          /* If not NULL IP address to match */
-    size_t iplen;               /* Length of IP address */
-};
diff --git a/freebsd/crypto/openssl/crypto/x509/x509_att.c b/freebsd/crypto/openssl/crypto/x509/x509_att.c
index 0004c08f..921ff6ff 100644
--- a/freebsd/crypto/openssl/crypto/x509/x509_att.c
+++ b/freebsd/crypto/openssl/crypto/x509/x509_att.c
@@ -1,71 +1,23 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/x509/x509_att.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include <openssl/stack.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
+#include <openssl/safestack.h>
 #include <openssl/asn1.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
+#include "x509_lcl.h"
 
 int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x)
 {
@@ -75,22 +27,21 @@ int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x)
 int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
                            int lastpos)
 {
-    ASN1_OBJECT *obj;
+    const ASN1_OBJECT *obj = OBJ_nid2obj(nid);
 
-    obj = OBJ_nid2obj(nid);
     if (obj == NULL)
-        return (-2);
-    return (X509at_get_attr_by_OBJ(x, obj, lastpos));
+        return -2;
+    return X509at_get_attr_by_OBJ(x, obj, lastpos);
 }
 
 int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk,
-                           ASN1_OBJECT *obj, int lastpos)
+                           const ASN1_OBJECT *obj, int lastpos)
 {
     int n;
     X509_ATTRIBUTE *ex;
 
     if (sk == NULL)
-        return (-1);
+        return -1;
     lastpos++;
     if (lastpos < 0)
         lastpos = 0;
@@ -98,17 +49,17 @@ int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk,
     for (; lastpos < n; lastpos++) {
         ex = sk_X509_ATTRIBUTE_value(sk, lastpos);
         if (OBJ_cmp(ex->object, obj) == 0)
-            return (lastpos);
+            return lastpos;
     }
-    return (-1);
+    return -1;
 }
 
 X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc)
 {
     if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
         return NULL;
-    else
-        return sk_X509_ATTRIBUTE_value(x, loc);
+
+    return sk_X509_ATTRIBUTE_value(x, loc);
 }
 
 X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc)
@@ -116,9 +67,9 @@ X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc)
     X509_ATTRIBUTE *ret;
 
     if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
-        return (NULL);
+        return NULL;
     ret = sk_X509_ATTRIBUTE_delete(x, loc);
-    return (ret);
+    return ret;
 }
 
 STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
@@ -144,15 +95,13 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
         goto err;
     if (*x == NULL)
         *x = sk;
-    return (sk);
+    return sk;
  err:
     X509err(X509_F_X509AT_ADD1_ATTR, ERR_R_MALLOC_FAILURE);
  err2:
-    if (new_attr != NULL)
-        X509_ATTRIBUTE_free(new_attr);
-    if (sk != NULL)
-        sk_X509_ATTRIBUTE_free(sk);
-    return (NULL);
+    X509_ATTRIBUTE_free(new_attr);
+    sk_X509_ATTRIBUTE_free(sk);
+    return NULL;
 }
 
 STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE)
@@ -203,7 +152,7 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE)
 }
 
 void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x,
-                              ASN1_OBJECT *obj, int lastpos, int type)
+                              const ASN1_OBJECT *obj, int lastpos, int type)
 {
     int i;
     X509_ATTRIBUTE *at;
@@ -228,12 +177,12 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
     obj = OBJ_nid2obj(nid);
     if (obj == NULL) {
         X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_NID, X509_R_UNKNOWN_NID);
-        return (NULL);
+        return NULL;
     }
     ret = X509_ATTRIBUTE_create_by_OBJ(attr, obj, atrtype, data, len);
     if (ret == NULL)
         ASN1_OBJECT_free(obj);
-    return (ret);
+    return ret;
 }
 
 X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
@@ -247,7 +196,7 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
         if ((ret = X509_ATTRIBUTE_new()) == NULL) {
             X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ,
                     ERR_R_MALLOC_FAILURE);
-            return (NULL);
+            return NULL;
         }
     } else
         ret = *attr;
@@ -259,11 +208,11 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
 
     if ((attr != NULL) && (*attr == NULL))
         *attr = ret;
-    return (ret);
+    return ret;
  err:
     if ((attr == NULL) || (ret != *attr))
         X509_ATTRIBUTE_free(ret);
-    return (NULL);
+    return NULL;
 }
 
 X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
@@ -279,7 +228,7 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
         X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT,
                 X509_R_INVALID_FIELD_NAME);
         ERR_add_error_data(2, "name=", atrname);
-        return (NULL);
+        return NULL;
     }
     nattr = X509_ATTRIBUTE_create_by_OBJ(attr, obj, type, bytes, len);
     ASN1_OBJECT_free(obj);
@@ -289,10 +238,10 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
 int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj)
 {
     if ((attr == NULL) || (obj == NULL))
-        return (0);
+        return 0;
     ASN1_OBJECT_free(attr->object);
     attr->object = OBJ_dup(obj);
-    return (1);
+    return attr->object != NULL;
 }
 
 int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
@@ -312,15 +261,12 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
         }
         atype = stmp->type;
     } else if (len != -1) {
-        if (!(stmp = ASN1_STRING_type_new(attrtype)))
+        if ((stmp = ASN1_STRING_type_new(attrtype)) == NULL)
             goto err;
         if (!ASN1_STRING_set(stmp, data, len))
             goto err;
         atype = attrtype;
     }
-    if (!(attr->value.set = sk_ASN1_TYPE_new_null()))
-        goto err;
-    attr->single = 0;
     /*
      * This is a bit naughty because the attribute should really have at
      * least one value but some types use and zero length SET and require
@@ -330,7 +276,7 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
         ASN1_STRING_free(stmp);
         return 1;
     }
-    if (!(ttmp = ASN1_TYPE_new()))
+    if ((ttmp = ASN1_TYPE_new()) == NULL)
         goto err;
     if ((len == -1) && !(attrtype & MBSTRING_FLAG)) {
         if (!ASN1_TYPE_set1(ttmp, attrtype, data))
@@ -339,7 +285,7 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
         ASN1_TYPE_set(ttmp, atype, stmp);
         stmp = NULL;
     }
-    if (!sk_ASN1_TYPE_push(attr->value.set, ttmp))
+    if (!sk_ASN1_TYPE_push(attr->set, ttmp))
         goto err;
     return 1;
  err:
@@ -349,20 +295,18 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
     return 0;
 }
 
-int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr)
+int X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr)
 {
-    if (!attr->single)
-        return sk_ASN1_TYPE_num(attr->value.set);
-    if (attr->value.single)
-        return 1;
-    return 0;
+    if (attr == NULL)
+        return 0;
+    return sk_ASN1_TYPE_num(attr->set);
 }
 
 ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr)
 {
     if (attr == NULL)
-        return (NULL);
-    return (attr->object);
+        return NULL;
+    return attr->object;
 }
 
 void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
@@ -382,11 +326,6 @@ void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
 ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx)
 {
     if (attr == NULL)
-        return (NULL);
-    if (idx >= X509_ATTRIBUTE_count(attr))
         return NULL;
-    if (!attr->single)
-        return sk_ASN1_TYPE_value(attr->value.set, idx);
-    else
-        return attr->value.single;
+    return sk_ASN1_TYPE_value(attr->set, idx);
 }
diff --git a/freebsd/crypto/openssl/crypto/x509/x509_cmp.c b/freebsd/crypto/openssl/crypto/x509/x509_cmp.c
index 600573ac..74838f53 100644
--- a/freebsd/crypto/openssl/crypto/x509/x509_cmp.c
+++ b/freebsd/crypto/openssl/crypto/x509/x509_cmp.c
@@ -1,176 +1,130 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/x509/x509_cmp.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include <ctype.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
+#include "internal/x509_int.h"
 
 int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)
 {
     int i;
-    X509_CINF *ai, *bi;
+    const X509_CINF *ai, *bi;
 
-    ai = a->cert_info;
-    bi = b->cert_info;
-    i = M_ASN1_INTEGER_cmp(ai->serialNumber, bi->serialNumber);
+    ai = &a->cert_info;
+    bi = &b->cert_info;
+    i = ASN1_INTEGER_cmp(&ai->serialNumber, &bi->serialNumber);
     if (i)
-        return (i);
-    return (X509_NAME_cmp(ai->issuer, bi->issuer));
+        return i;
+    return X509_NAME_cmp(ai->issuer, bi->issuer);
 }
 
 #ifndef OPENSSL_NO_MD5
 unsigned long X509_issuer_and_serial_hash(X509 *a)
 {
     unsigned long ret = 0;
-    EVP_MD_CTX ctx;
+    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
     unsigned char md[16];
     char *f;
 
-    EVP_MD_CTX_init(&ctx);
-    f = X509_NAME_oneline(a->cert_info->issuer, NULL, 0);
-    if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL))
+    if (ctx == NULL)
+        goto err;
+    f = X509_NAME_oneline(a->cert_info.issuer, NULL, 0);
+    if (!EVP_DigestInit_ex(ctx, EVP_md5(), NULL))
         goto err;
-    if (!EVP_DigestUpdate(&ctx, (unsigned char *)f, strlen(f)))
+    if (!EVP_DigestUpdate(ctx, (unsigned char *)f, strlen(f)))
         goto err;
     OPENSSL_free(f);
     if (!EVP_DigestUpdate
-        (&ctx, (unsigned char *)a->cert_info->serialNumber->data,
-         (unsigned long)a->cert_info->serialNumber->length))
+        (ctx, (unsigned char *)a->cert_info.serialNumber.data,
+         (unsigned long)a->cert_info.serialNumber.length))
         goto err;
-    if (!EVP_DigestFinal_ex(&ctx, &(md[0]), NULL))
+    if (!EVP_DigestFinal_ex(ctx, &(md[0]), NULL))
         goto err;
     ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) |
            ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L)
         ) & 0xffffffffL;
  err:
-    EVP_MD_CTX_cleanup(&ctx);
-    return (ret);
+    EVP_MD_CTX_free(ctx);
+    return ret;
 }
 #endif
 
 int X509_issuer_name_cmp(const X509 *a, const X509 *b)
 {
-    return (X509_NAME_cmp(a->cert_info->issuer, b->cert_info->issuer));
+    return X509_NAME_cmp(a->cert_info.issuer, b->cert_info.issuer);
 }
 
 int X509_subject_name_cmp(const X509 *a, const X509 *b)
 {
-    return (X509_NAME_cmp(a->cert_info->subject, b->cert_info->subject));
+    return X509_NAME_cmp(a->cert_info.subject, b->cert_info.subject);
 }
 
 int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b)
 {
-    return (X509_NAME_cmp(a->crl->issuer, b->crl->issuer));
+    return X509_NAME_cmp(a->crl.issuer, b->crl.issuer);
 }
 
-#ifndef OPENSSL_NO_SHA
 int X509_CRL_match(const X509_CRL *a, const X509_CRL *b)
 {
     return memcmp(a->sha1_hash, b->sha1_hash, 20);
 }
-#endif
 
-X509_NAME *X509_get_issuer_name(X509 *a)
+X509_NAME *X509_get_issuer_name(const X509 *a)
 {
-    return (a->cert_info->issuer);
+    return a->cert_info.issuer;
 }
 
 unsigned long X509_issuer_name_hash(X509 *x)
 {
-    return (X509_NAME_hash(x->cert_info->issuer));
+    return X509_NAME_hash(x->cert_info.issuer);
 }
 
 #ifndef OPENSSL_NO_MD5
 unsigned long X509_issuer_name_hash_old(X509 *x)
 {
-    return (X509_NAME_hash_old(x->cert_info->issuer));
+    return X509_NAME_hash_old(x->cert_info.issuer);
 }
 #endif
 
-X509_NAME *X509_get_subject_name(X509 *a)
+X509_NAME *X509_get_subject_name(const X509 *a)
 {
-    return (a->cert_info->subject);
+    return a->cert_info.subject;
 }
 
 ASN1_INTEGER *X509_get_serialNumber(X509 *a)
 {
-    return (a->cert_info->serialNumber);
+    return &a->cert_info.serialNumber;
+}
+
+const ASN1_INTEGER *X509_get0_serialNumber(const X509 *a)
+{
+    return &a->cert_info.serialNumber;
 }
 
 unsigned long X509_subject_name_hash(X509 *x)
 {
-    return (X509_NAME_hash(x->cert_info->subject));
+    return X509_NAME_hash(x->cert_info.subject);
 }
 
 #ifndef OPENSSL_NO_MD5
 unsigned long X509_subject_name_hash_old(X509 *x)
 {
-    return (X509_NAME_hash_old(x->cert_info->subject));
+    return X509_NAME_hash_old(x->cert_info.subject);
 }
 #endif
 
-#ifndef OPENSSL_NO_SHA
 /*
  * Compare two certificates: they must be identical for this to work. NB:
  * Although "cmp" operations are generally prototyped to take "const"
@@ -190,16 +144,16 @@ int X509_cmp(const X509 *a, const X509 *b)
     if (rv)
         return rv;
     /* Check for match against stored encoding too */
-    if (!a->cert_info->enc.modified && !b->cert_info->enc.modified) {
-        rv = (int)(a->cert_info->enc.len - b->cert_info->enc.len);
-        if (rv)
-            return rv;
-        return memcmp(a->cert_info->enc.enc, b->cert_info->enc.enc,
-                      a->cert_info->enc.len);
+    if (!a->cert_info.enc.modified && !b->cert_info.enc.modified) {
+        if (a->cert_info.enc.len < b->cert_info.enc.len)
+            return -1;
+        if (a->cert_info.enc.len > b->cert_info.enc.len)
+            return 1;
+        return memcmp(a->cert_info.enc.enc, b->cert_info.enc.enc,
+                      a->cert_info.enc.len);
     }
     return rv;
 }
-#endif
 
 int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
 {
@@ -242,7 +196,7 @@ unsigned long X509_NAME_hash(X509_NAME *x)
     ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) |
            ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L)
         ) & 0xffffffffL;
-    return (ret);
+    return ret;
 }
 
 #ifndef OPENSSL_NO_MD5
@@ -253,23 +207,25 @@ unsigned long X509_NAME_hash(X509_NAME *x)
 
 unsigned long X509_NAME_hash_old(X509_NAME *x)
 {
-    EVP_MD_CTX md_ctx;
+    EVP_MD_CTX *md_ctx = EVP_MD_CTX_new();
     unsigned long ret = 0;
     unsigned char md[16];
 
+    if (md_ctx == NULL)
+        return ret;
+
     /* Make sure X509_NAME structure contains valid cached encoding */
     i2d_X509_NAME(x, NULL);
-    EVP_MD_CTX_init(&md_ctx);
-    EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-    if (EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL)
-        && EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length)
-        && EVP_DigestFinal_ex(&md_ctx, md, NULL))
+    EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+    if (EVP_DigestInit_ex(md_ctx, EVP_md5(), NULL)
+        && EVP_DigestUpdate(md_ctx, x->bytes->data, x->bytes->length)
+        && EVP_DigestFinal_ex(md_ctx, md, NULL))
         ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) |
                ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L)
             ) & 0xffffffffL;
-    EVP_MD_CTX_cleanup(&md_ctx);
+    EVP_MD_CTX_free(md_ctx);
 
-    return (ret);
+    return ret;
 }
 #endif
 
@@ -278,22 +234,20 @@ X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name,
                                      ASN1_INTEGER *serial)
 {
     int i;
-    X509_CINF cinf;
     X509 x, *x509 = NULL;
 
     if (!sk)
         return NULL;
 
-    x.cert_info = &cinf;
-    cinf.serialNumber = serial;
-    cinf.issuer = name;
+    x.cert_info.serialNumber = *serial;
+    x.cert_info.issuer = name;
 
     for (i = 0; i < sk_X509_num(sk); i++) {
         x509 = sk_X509_value(sk, i);
         if (X509_issuer_and_serial_cmp(x509, &x) == 0)
-            return (x509);
+            return x509;
     }
-    return (NULL);
+    return NULL;
 }
 
 X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name)
@@ -304,31 +258,31 @@ X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name)
     for (i = 0; i < sk_X509_num(sk); i++) {
         x509 = sk_X509_value(sk, i);
         if (X509_NAME_cmp(X509_get_subject_name(x509), name) == 0)
-            return (x509);
+            return x509;
     }
-    return (NULL);
+    return NULL;
 }
 
-EVP_PKEY *X509_get_pubkey(X509 *x)
+EVP_PKEY *X509_get0_pubkey(const X509 *x)
 {
-    if ((x == NULL) || (x->cert_info == NULL))
-        return (NULL);
-    return (X509_PUBKEY_get(x->cert_info->key));
+    if (x == NULL)
+        return NULL;
+    return X509_PUBKEY_get0(x->cert_info.key);
 }
 
-ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x)
+EVP_PKEY *X509_get_pubkey(X509 *x)
 {
-    if (!x)
+    if (x == NULL)
         return NULL;
-    return x->cert_info->key->public_key;
+    return X509_PUBKEY_get(x->cert_info.key);
 }
 
-int X509_check_private_key(X509 *x, EVP_PKEY *k)
+int X509_check_private_key(const X509 *x, const EVP_PKEY *k)
 {
-    EVP_PKEY *xk;
+    const EVP_PKEY *xk;
     int ret;
 
-    xk = X509_get_pubkey(x);
+    xk = X509_get0_pubkey(x);
 
     if (xk)
         ret = EVP_PKEY_cmp(xk, k);
@@ -347,8 +301,6 @@ int X509_check_private_key(X509 *x, EVP_PKEY *k)
     case -2:
         X509err(X509_F_X509_CHECK_PRIVATE_KEY, X509_R_UNKNOWN_KEY_TYPE);
     }
-    if (xk)
-        EVP_PKEY_free(xk);
     if (ret > 0)
         return 1;
     return 0;
@@ -366,8 +318,8 @@ static int check_suite_b(EVP_PKEY *pkey, int sign_nid, unsigned long *pflags)
 {
     const EC_GROUP *grp = NULL;
     int curve_nid;
-    if (pkey && pkey->type == EVP_PKEY_EC)
-        grp = EC_KEY_get0_group(pkey->pkey.ec);
+    if (pkey && EVP_PKEY_id(pkey) == EVP_PKEY_EC)
+        grp = EC_KEY_get0_group(EVP_PKEY_get0_EC_KEY(pkey));
     if (!grp)
         return X509_V_ERR_SUITE_B_INVALID_ALGORITHM;
     curve_nid = EC_GROUP_get_curve_name(grp);
@@ -397,11 +349,12 @@ int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain,
                             unsigned long flags)
 {
     int rv, i, sign_nid;
-    EVP_PKEY *pk = NULL;
-    unsigned long tflags;
+    EVP_PKEY *pk;
+    unsigned long tflags = flags;
+
     if (!(flags & X509_V_FLAG_SUITEB_128_LOS))
         return X509_V_OK;
-    tflags = flags;
+
     /* If no EE certificate passed in must be first in chain */
     if (x == NULL) {
         x = sk_X509_value(chain, 0);
@@ -409,6 +362,17 @@ int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain,
     } else
         i = 0;
 
+    pk = X509_get0_pubkey(x);
+
+    /*
+     * With DANE-EE(3) success, or DANE-EE(3)/PKIX-EE(1) failure we don't build
+     * a chain all, just report trust success or failure, but must also report
+     * Suite-B errors if applicable.  This is indicated via a NULL chain
+     * pointer.  All we need to do is check the leaf key algorithm.
+     */
+    if (chain == NULL)
+        return check_suite_b(pk, -1, &tflags);
+
     if (X509_get_version(x) != 2) {
         rv = X509_V_ERR_SUITE_B_INVALID_VERSION;
         /* Correct error depth */
@@ -416,7 +380,6 @@ int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain,
         goto end;
     }
 
-    pk = X509_get_pubkey(x);
     /* Check EE key only */
     rv = check_suite_b(pk, -1, &tflags);
     if (rv != X509_V_OK) {
@@ -431,8 +394,7 @@ int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain,
             rv = X509_V_ERR_SUITE_B_INVALID_VERSION;
             goto end;
         }
-        EVP_PKEY_free(pk);
-        pk = X509_get_pubkey(x);
+        pk = X509_get0_pubkey(x);
         rv = check_suite_b(pk, sign_nid, &tflags);
         if (rv != X509_V_OK)
             goto end;
@@ -441,8 +403,6 @@ int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain,
     /* Final check: root CA signature */
     rv = check_suite_b(pk, X509_get_signature_nid(x), &tflags);
  end:
-    if (pk)
-        EVP_PKEY_free(pk);
     if (rv != X509_V_OK) {
         /* Invalid signature or LOS errors are for previous cert */
         if ((rv == X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM
@@ -450,7 +410,7 @@ int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain,
             i--;
         /*
          * If we have LOS error and flags changed then we are signing P-384
-         * with P-256. Use more meaninggul error.
+         * with P-256. Use more meaningful error.
          */
         if (rv == X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED && flags != tflags)
             rv = X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256;
@@ -465,7 +425,7 @@ int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags)
     int sign_nid;
     if (!(flags & X509_V_FLAG_SUITEB_128_LOS))
         return X509_V_OK;
-    sign_nid = OBJ_obj2nid(crl->crl->sig_alg->algorithm);
+    sign_nid = OBJ_obj2nid(crl->crl.sig_alg.algorithm);
     return check_suite_b(pk, sign_nid, &flags);
 }
 
@@ -494,7 +454,7 @@ STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain)
     ret = sk_X509_dup(chain);
     for (i = 0; i < sk_X509_num(ret); i++) {
         X509 *x = sk_X509_value(ret, i);
-        CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
+        X509_up_ref(x);
     }
     return ret;
 }
diff --git a/freebsd/crypto/openssl/crypto/x509/x509_d2.c b/freebsd/crypto/openssl/crypto/x509/x509_d2.c
index 029993ef..00f834ab 100644
--- a/freebsd/crypto/openssl/crypto/x509/x509_d2.c
+++ b/freebsd/crypto/openssl/crypto/x509/x509_d2.c
@@ -1,87 +1,37 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/x509/x509_d2.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/crypto.h>
 #include <openssl/x509.h>
 
-#ifndef OPENSSL_NO_STDIO
 int X509_STORE_set_default_paths(X509_STORE *ctx)
 {
     X509_LOOKUP *lookup;
 
     lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_file());
     if (lookup == NULL)
-        return (0);
+        return 0;
     X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
 
     lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_hash_dir());
     if (lookup == NULL)
-        return (0);
+        return 0;
     X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
 
     /* clear any errors */
     ERR_clear_error();
 
-    return (1);
+    return 1;
 }
 
 int X509_STORE_load_locations(X509_STORE *ctx, const char *file,
@@ -92,20 +42,18 @@ int X509_STORE_load_locations(X509_STORE *ctx, const char *file,
     if (file != NULL) {
         lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_file());
         if (lookup == NULL)
-            return (0);
+            return 0;
         if (X509_LOOKUP_load_file(lookup, file, X509_FILETYPE_PEM) != 1)
-            return (0);
+            return 0;
     }
     if (path != NULL) {
         lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_hash_dir());
         if (lookup == NULL)
-            return (0);
+            return 0;
         if (X509_LOOKUP_add_dir(lookup, path, X509_FILETYPE_PEM) != 1)
-            return (0);
+            return 0;
     }
     if ((path == NULL) && (file == NULL))
-        return (0);
-    return (1);
+        return 0;
+    return 1;
 }
-
-#endif
diff --git a/freebsd/crypto/openssl/crypto/x509/x509_def.c b/freebsd/crypto/openssl/crypto/x509/x509_def.c
index 38551345..0321842d 100644
--- a/freebsd/crypto/openssl/crypto/x509/x509_def.c
+++ b/freebsd/crypto/openssl/crypto/x509/x509_def.c
@@ -1,94 +1,45 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/x509/x509_def.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/crypto.h>
 #include <openssl/x509.h>
 
 const char *X509_get_default_private_dir(void)
 {
-    return (X509_PRIVATE_DIR);
+    return X509_PRIVATE_DIR;
 }
 
 const char *X509_get_default_cert_area(void)
 {
-    return (X509_CERT_AREA);
+    return X509_CERT_AREA;
 }
 
 const char *X509_get_default_cert_dir(void)
 {
-    return (X509_CERT_DIR);
+    return X509_CERT_DIR;
 }
 
 const char *X509_get_default_cert_file(void)
 {
-    return (X509_CERT_FILE);
+    return X509_CERT_FILE;
 }
 
 const char *X509_get_default_cert_dir_env(void)
 {
-    return (X509_CERT_DIR_EVP);
+    return X509_CERT_DIR_EVP;
 }
 
 const char *X509_get_default_cert_file_env(void)
 {
-    return (X509_CERT_FILE_EVP);
+    return X509_CERT_FILE_EVP;
 }
diff --git a/freebsd/crypto/openssl/crypto/x509/x509_err.c b/freebsd/crypto/openssl/crypto/x509/x509_err.c
index c32f958f..9509fc14 100644
--- a/freebsd/crypto/openssl/crypto/x509/x509_err.c
+++ b/freebsd/crypto/openssl/crypto/x509/x509_err.c
@@ -1,190 +1,183 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/x509/x509_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2016 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
 /*
- * NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
-#include <openssl/x509.h>
+#include <openssl/x509err.h>
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509,0,reason)
-
-static ERR_STRING_DATA X509_str_functs[] = {
-    {ERR_FUNC(X509_F_ADD_CERT_DIR), "ADD_CERT_DIR"},
-    {ERR_FUNC(X509_F_BY_FILE_CTRL), "BY_FILE_CTRL"},
-    {ERR_FUNC(X509_F_CHECK_NAME_CONSTRAINTS), "CHECK_NAME_CONSTRAINTS"},
-    {ERR_FUNC(X509_F_CHECK_POLICY), "CHECK_POLICY"},
-    {ERR_FUNC(X509_F_DIR_CTRL), "DIR_CTRL"},
-    {ERR_FUNC(X509_F_GET_CERT_BY_SUBJECT), "GET_CERT_BY_SUBJECT"},
-    {ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_DECODE), "NETSCAPE_SPKI_b64_decode"},
-    {ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_ENCODE), "NETSCAPE_SPKI_b64_encode"},
-    {ERR_FUNC(X509_F_X509AT_ADD1_ATTR), "X509at_add1_attr"},
-    {ERR_FUNC(X509_F_X509V3_ADD_EXT), "X509v3_add_ext"},
-    {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_NID),
+static const ERR_STRING_DATA X509_str_functs[] = {
+    {ERR_PACK(ERR_LIB_X509, X509_F_ADD_CERT_DIR, 0), "add_cert_dir"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_BUILD_CHAIN, 0), "build_chain"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_BY_FILE_CTRL, 0), "by_file_ctrl"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_CHECK_NAME_CONSTRAINTS, 0),
+     "check_name_constraints"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_CHECK_POLICY, 0), "check_policy"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_DANE_I2D, 0), "dane_i2d"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_DIR_CTRL, 0), "dir_ctrl"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_GET_CERT_BY_SUBJECT, 0),
+     "get_cert_by_subject"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_I2D_X509_AUX, 0), "i2d_X509_AUX"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_LOOKUP_CERTS_SK, 0), "lookup_certs_sk"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_NETSCAPE_SPKI_B64_DECODE, 0),
+     "NETSCAPE_SPKI_b64_decode"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_NETSCAPE_SPKI_B64_ENCODE, 0),
+     "NETSCAPE_SPKI_b64_encode"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_NEW_DIR, 0), "new_dir"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509AT_ADD1_ATTR, 0), "X509at_add1_attr"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509V3_ADD_EXT, 0), "X509v3_add_ext"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_ATTRIBUTE_CREATE_BY_NID, 0),
      "X509_ATTRIBUTE_create_by_NID"},
-    {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ),
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ, 0),
      "X509_ATTRIBUTE_create_by_OBJ"},
-    {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT),
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_ATTRIBUTE_CREATE_BY_TXT, 0),
      "X509_ATTRIBUTE_create_by_txt"},
-    {ERR_FUNC(X509_F_X509_ATTRIBUTE_GET0_DATA), "X509_ATTRIBUTE_get0_data"},
-    {ERR_FUNC(X509_F_X509_ATTRIBUTE_SET1_DATA), "X509_ATTRIBUTE_set1_data"},
-    {ERR_FUNC(X509_F_X509_CHECK_PRIVATE_KEY), "X509_check_private_key"},
-    {ERR_FUNC(X509_F_X509_CRL_DIFF), "X509_CRL_diff"},
-    {ERR_FUNC(X509_F_X509_CRL_PRINT_FP), "X509_CRL_print_fp"},
-    {ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_NID),
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_ATTRIBUTE_GET0_DATA, 0),
+     "X509_ATTRIBUTE_get0_data"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_ATTRIBUTE_SET1_DATA, 0),
+     "X509_ATTRIBUTE_set1_data"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_CHECK_PRIVATE_KEY, 0),
+     "X509_check_private_key"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_CRL_DIFF, 0), "X509_CRL_diff"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_CRL_METHOD_NEW, 0),
+     "X509_CRL_METHOD_new"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_CRL_PRINT_FP, 0), "X509_CRL_print_fp"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_EXTENSION_CREATE_BY_NID, 0),
      "X509_EXTENSION_create_by_NID"},
-    {ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_OBJ),
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_EXTENSION_CREATE_BY_OBJ, 0),
      "X509_EXTENSION_create_by_OBJ"},
-    {ERR_FUNC(X509_F_X509_GET_PUBKEY_PARAMETERS),
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_GET_PUBKEY_PARAMETERS, 0),
      "X509_get_pubkey_parameters"},
-    {ERR_FUNC(X509_F_X509_LOAD_CERT_CRL_FILE), "X509_load_cert_crl_file"},
-    {ERR_FUNC(X509_F_X509_LOAD_CERT_FILE), "X509_load_cert_file"},
-    {ERR_FUNC(X509_F_X509_LOAD_CRL_FILE), "X509_load_crl_file"},
-    {ERR_FUNC(X509_F_X509_NAME_ADD_ENTRY), "X509_NAME_add_entry"},
-    {ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_NID),
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_LOAD_CERT_CRL_FILE, 0),
+     "X509_load_cert_crl_file"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_LOAD_CERT_FILE, 0),
+     "X509_load_cert_file"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_LOAD_CRL_FILE, 0),
+     "X509_load_crl_file"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_LOOKUP_METH_NEW, 0),
+     "X509_LOOKUP_meth_new"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_LOOKUP_NEW, 0), "X509_LOOKUP_new"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_ADD_ENTRY, 0),
+     "X509_NAME_add_entry"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_CANON, 0), "x509_name_canon"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_ENTRY_CREATE_BY_NID, 0),
      "X509_NAME_ENTRY_create_by_NID"},
-    {ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT),
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_ENTRY_CREATE_BY_TXT, 0),
      "X509_NAME_ENTRY_create_by_txt"},
-    {ERR_FUNC(X509_F_X509_NAME_ENTRY_SET_OBJECT),
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_ENTRY_SET_OBJECT, 0),
      "X509_NAME_ENTRY_set_object"},
-    {ERR_FUNC(X509_F_X509_NAME_ONELINE), "X509_NAME_oneline"},
-    {ERR_FUNC(X509_F_X509_NAME_PRINT), "X509_NAME_print"},
-    {ERR_FUNC(X509_F_X509_PRINT_EX_FP), "X509_print_ex_fp"},
-    {ERR_FUNC(X509_F_X509_PUBKEY_GET), "X509_PUBKEY_get"},
-    {ERR_FUNC(X509_F_X509_PUBKEY_SET), "X509_PUBKEY_set"},
-    {ERR_FUNC(X509_F_X509_REQ_CHECK_PRIVATE_KEY),
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_ONELINE, 0), "X509_NAME_oneline"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_PRINT, 0), "X509_NAME_print"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_OBJECT_NEW, 0), "X509_OBJECT_new"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_PRINT_EX_FP, 0), "X509_print_ex_fp"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_PUBKEY_DECODE, 0),
+     "x509_pubkey_decode"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_PUBKEY_GET0, 0), "X509_PUBKEY_get0"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_PUBKEY_SET, 0), "X509_PUBKEY_set"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_REQ_CHECK_PRIVATE_KEY, 0),
      "X509_REQ_check_private_key"},
-    {ERR_FUNC(X509_F_X509_REQ_PRINT_EX), "X509_REQ_print_ex"},
-    {ERR_FUNC(X509_F_X509_REQ_PRINT_FP), "X509_REQ_print_fp"},
-    {ERR_FUNC(X509_F_X509_REQ_TO_X509), "X509_REQ_to_X509"},
-    {ERR_FUNC(X509_F_X509_STORE_ADD_CERT), "X509_STORE_add_cert"},
-    {ERR_FUNC(X509_F_X509_STORE_ADD_CRL), "X509_STORE_add_crl"},
-    {ERR_FUNC(X509_F_X509_STORE_CTX_GET1_ISSUER),
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_REQ_PRINT_EX, 0), "X509_REQ_print_ex"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_REQ_PRINT_FP, 0), "X509_REQ_print_fp"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_REQ_TO_X509, 0), "X509_REQ_to_X509"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_ADD_CERT, 0),
+     "X509_STORE_add_cert"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_ADD_CRL, 0),
+     "X509_STORE_add_crl"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_ADD_LOOKUP, 0),
+     "X509_STORE_add_lookup"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_CTX_GET1_ISSUER, 0),
      "X509_STORE_CTX_get1_issuer"},
-    {ERR_FUNC(X509_F_X509_STORE_CTX_INIT), "X509_STORE_CTX_init"},
-    {ERR_FUNC(X509_F_X509_STORE_CTX_NEW), "X509_STORE_CTX_new"},
-    {ERR_FUNC(X509_F_X509_STORE_CTX_PURPOSE_INHERIT),
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_CTX_INIT, 0),
+     "X509_STORE_CTX_init"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_CTX_NEW, 0),
+     "X509_STORE_CTX_new"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_CTX_PURPOSE_INHERIT, 0),
      "X509_STORE_CTX_purpose_inherit"},
-    {ERR_FUNC(X509_F_X509_TO_X509_REQ), "X509_to_X509_REQ"},
-    {ERR_FUNC(X509_F_X509_TRUST_ADD), "X509_TRUST_add"},
-    {ERR_FUNC(X509_F_X509_TRUST_SET), "X509_TRUST_set"},
-    {ERR_FUNC(X509_F_X509_VERIFY_CERT), "X509_verify_cert"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_NEW, 0), "X509_STORE_new"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_TO_X509_REQ, 0), "X509_to_X509_REQ"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_TRUST_ADD, 0), "X509_TRUST_add"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_TRUST_SET, 0), "X509_TRUST_set"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_VERIFY_CERT, 0), "X509_verify_cert"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_VERIFY_PARAM_NEW, 0),
+     "X509_VERIFY_PARAM_new"},
     {0, NULL}
 };
 
-static ERR_STRING_DATA X509_str_reasons[] = {
-    {ERR_REASON(X509_R_AKID_MISMATCH), "akid mismatch"},
-    {ERR_REASON(X509_R_BAD_X509_FILETYPE), "bad x509 filetype"},
-    {ERR_REASON(X509_R_BASE64_DECODE_ERROR), "base64 decode error"},
-    {ERR_REASON(X509_R_CANT_CHECK_DH_KEY), "cant check dh key"},
-    {ERR_REASON(X509_R_CERT_ALREADY_IN_HASH_TABLE),
-     "cert already in hash table"},
-    {ERR_REASON(X509_R_CRL_ALREADY_DELTA), "crl already delta"},
-    {ERR_REASON(X509_R_CRL_VERIFY_FAILURE), "crl verify failure"},
-    {ERR_REASON(X509_R_ERR_ASN1_LIB), "err asn1 lib"},
-    {ERR_REASON(X509_R_IDP_MISMATCH), "idp mismatch"},
-    {ERR_REASON(X509_R_INVALID_DIRECTORY), "invalid directory"},
-    {ERR_REASON(X509_R_INVALID_FIELD_NAME), "invalid field name"},
-    {ERR_REASON(X509_R_INVALID_TRUST), "invalid trust"},
-    {ERR_REASON(X509_R_ISSUER_MISMATCH), "issuer mismatch"},
-    {ERR_REASON(X509_R_KEY_TYPE_MISMATCH), "key type mismatch"},
-    {ERR_REASON(X509_R_KEY_VALUES_MISMATCH), "key values mismatch"},
-    {ERR_REASON(X509_R_LOADING_CERT_DIR), "loading cert dir"},
-    {ERR_REASON(X509_R_LOADING_DEFAULTS), "loading defaults"},
-    {ERR_REASON(X509_R_METHOD_NOT_SUPPORTED), "method not supported"},
-    {ERR_REASON(X509_R_NAME_TOO_LONG), "name too long"},
-    {ERR_REASON(X509_R_NEWER_CRL_NOT_NEWER), "newer crl not newer"},
-    {ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY),
-     "no cert set for us to verify"},
-    {ERR_REASON(X509_R_NO_CRL_NUMBER), "no crl number"},
-    {ERR_REASON(X509_R_PUBLIC_KEY_DECODE_ERROR), "public key decode error"},
-    {ERR_REASON(X509_R_PUBLIC_KEY_ENCODE_ERROR), "public key encode error"},
-    {ERR_REASON(X509_R_SHOULD_RETRY), "should retry"},
-    {ERR_REASON(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN),
-     "unable to find parameters in chain"},
-    {ERR_REASON(X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY),
-     "unable to get certs public key"},
-    {ERR_REASON(X509_R_UNKNOWN_KEY_TYPE), "unknown key type"},
-    {ERR_REASON(X509_R_UNKNOWN_NID), "unknown nid"},
-    {ERR_REASON(X509_R_UNKNOWN_PURPOSE_ID), "unknown purpose id"},
-    {ERR_REASON(X509_R_UNKNOWN_TRUST_ID), "unknown trust id"},
-    {ERR_REASON(X509_R_UNSUPPORTED_ALGORITHM), "unsupported algorithm"},
-    {ERR_REASON(X509_R_WRONG_LOOKUP_TYPE), "wrong lookup type"},
-    {ERR_REASON(X509_R_WRONG_TYPE), "wrong type"},
+static const ERR_STRING_DATA X509_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_AKID_MISMATCH), "akid mismatch"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_BAD_SELECTOR), "bad selector"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_BAD_X509_FILETYPE), "bad x509 filetype"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_BASE64_DECODE_ERROR),
+    "base64 decode error"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_CANT_CHECK_DH_KEY), "cant check dh key"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_CERT_ALREADY_IN_HASH_TABLE),
+    "cert already in hash table"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_CRL_ALREADY_DELTA), "crl already delta"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_CRL_VERIFY_FAILURE),
+    "crl verify failure"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_IDP_MISMATCH), "idp mismatch"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_INVALID_DIRECTORY), "invalid directory"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_INVALID_FIELD_NAME),
+    "invalid field name"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_INVALID_TRUST), "invalid trust"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_ISSUER_MISMATCH), "issuer mismatch"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_KEY_TYPE_MISMATCH), "key type mismatch"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_KEY_VALUES_MISMATCH),
+    "key values mismatch"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_LOADING_CERT_DIR), "loading cert dir"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_LOADING_DEFAULTS), "loading defaults"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_METHOD_NOT_SUPPORTED),
+    "method not supported"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_NAME_TOO_LONG), "name too long"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_NEWER_CRL_NOT_NEWER),
+    "newer crl not newer"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_NO_CERTIFICATE_FOUND),
+    "no certificate found"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_NO_CERTIFICATE_OR_CRL_FOUND),
+    "no certificate or crl found"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY),
+    "no cert set for us to verify"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_NO_CRL_FOUND), "no crl found"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_NO_CRL_NUMBER), "no crl number"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_PUBLIC_KEY_DECODE_ERROR),
+    "public key decode error"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_PUBLIC_KEY_ENCODE_ERROR),
+    "public key encode error"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_SHOULD_RETRY), "should retry"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN),
+    "unable to find parameters in chain"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY),
+    "unable to get certs public key"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNKNOWN_KEY_TYPE), "unknown key type"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNKNOWN_NID), "unknown nid"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNKNOWN_PURPOSE_ID),
+    "unknown purpose id"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNKNOWN_TRUST_ID), "unknown trust id"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNSUPPORTED_ALGORITHM),
+    "unsupported algorithm"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_WRONG_LOOKUP_TYPE), "wrong lookup type"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_WRONG_TYPE), "wrong type"},
     {0, NULL}
 };
 
 #endif
 
-void ERR_load_X509_strings(void)
+int ERR_load_X509_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
-
     if (ERR_func_error_string(X509_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, X509_str_functs);
-        ERR_load_strings(0, X509_str_reasons);
+        ERR_load_strings_const(X509_str_functs);
+        ERR_load_strings_const(X509_str_reasons);
     }
 #endif
+    return 1;
 }
diff --git a/freebsd/crypto/openssl/crypto/x509/x509_ext.c b/freebsd/crypto/openssl/crypto/x509/x509_ext.c
index 339bfddc..07c59258 100644
--- a/freebsd/crypto/openssl/crypto/x509/x509_ext.c
+++ b/freebsd/crypto/openssl/crypto/x509/x509_ext.c
@@ -1,195 +1,147 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/x509/x509_ext.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include <openssl/stack.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
+#include "internal/x509_int.h"
 #include <openssl/x509v3.h>
 
-int X509_CRL_get_ext_count(X509_CRL *x)
+int X509_CRL_get_ext_count(const X509_CRL *x)
 {
-    return (X509v3_get_ext_count(x->crl->extensions));
+    return X509v3_get_ext_count(x->crl.extensions);
 }
 
-int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos)
+int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos)
 {
-    return (X509v3_get_ext_by_NID(x->crl->extensions, nid, lastpos));
+    return X509v3_get_ext_by_NID(x->crl.extensions, nid, lastpos);
 }
 
-int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos)
+int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj,
+                            int lastpos)
 {
-    return (X509v3_get_ext_by_OBJ(x->crl->extensions, obj, lastpos));
+    return X509v3_get_ext_by_OBJ(x->crl.extensions, obj, lastpos);
 }
 
-int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos)
+int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos)
 {
-    return (X509v3_get_ext_by_critical(x->crl->extensions, crit, lastpos));
+    return X509v3_get_ext_by_critical(x->crl.extensions, crit, lastpos);
 }
 
-X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc)
+X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc)
 {
-    return (X509v3_get_ext(x->crl->extensions, loc));
+    return X509v3_get_ext(x->crl.extensions, loc);
 }
 
 X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc)
 {
-    return (X509v3_delete_ext(x->crl->extensions, loc));
+    return X509v3_delete_ext(x->crl.extensions, loc);
 }
 
-void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx)
+void *X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit, int *idx)
 {
-    return X509V3_get_d2i(x->crl->extensions, nid, crit, idx);
+    return X509V3_get_d2i(x->crl.extensions, nid, crit, idx);
 }
 
 int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,
                           unsigned long flags)
 {
-    return X509V3_add1_i2d(&x->crl->extensions, nid, value, crit, flags);
+    return X509V3_add1_i2d(&x->crl.extensions, nid, value, crit, flags);
 }
 
 int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc)
 {
-    return (X509v3_add_ext(&(x->crl->extensions), ex, loc) != NULL);
+    return (X509v3_add_ext(&(x->crl.extensions), ex, loc) != NULL);
 }
 
-int X509_get_ext_count(X509 *x)
+int X509_get_ext_count(const X509 *x)
 {
-    return (X509v3_get_ext_count(x->cert_info->extensions));
+    return X509v3_get_ext_count(x->cert_info.extensions);
 }
 
-int X509_get_ext_by_NID(X509 *x, int nid, int lastpos)
+int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos)
 {
-    return (X509v3_get_ext_by_NID(x->cert_info->extensions, nid, lastpos));
+    return X509v3_get_ext_by_NID(x->cert_info.extensions, nid, lastpos);
 }
 
-int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos)
+int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, int lastpos)
 {
-    return (X509v3_get_ext_by_OBJ(x->cert_info->extensions, obj, lastpos));
+    return X509v3_get_ext_by_OBJ(x->cert_info.extensions, obj, lastpos);
 }
 
-int X509_get_ext_by_critical(X509 *x, int crit, int lastpos)
+int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos)
 {
     return (X509v3_get_ext_by_critical
-            (x->cert_info->extensions, crit, lastpos));
+            (x->cert_info.extensions, crit, lastpos));
 }
 
-X509_EXTENSION *X509_get_ext(X509 *x, int loc)
+X509_EXTENSION *X509_get_ext(const X509 *x, int loc)
 {
-    return (X509v3_get_ext(x->cert_info->extensions, loc));
+    return X509v3_get_ext(x->cert_info.extensions, loc);
 }
 
 X509_EXTENSION *X509_delete_ext(X509 *x, int loc)
 {
-    return (X509v3_delete_ext(x->cert_info->extensions, loc));
+    return X509v3_delete_ext(x->cert_info.extensions, loc);
 }
 
 int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc)
 {
-    return (X509v3_add_ext(&(x->cert_info->extensions), ex, loc) != NULL);
+    return (X509v3_add_ext(&(x->cert_info.extensions), ex, loc) != NULL);
 }
 
-void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx)
+void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx)
 {
-    return X509V3_get_d2i(x->cert_info->extensions, nid, crit, idx);
+    return X509V3_get_d2i(x->cert_info.extensions, nid, crit, idx);
 }
 
 int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
                       unsigned long flags)
 {
-    return X509V3_add1_i2d(&x->cert_info->extensions, nid, value, crit,
+    return X509V3_add1_i2d(&x->cert_info.extensions, nid, value, crit,
                            flags);
 }
 
-int X509_REVOKED_get_ext_count(X509_REVOKED *x)
+int X509_REVOKED_get_ext_count(const X509_REVOKED *x)
 {
-    return (X509v3_get_ext_count(x->extensions));
+    return X509v3_get_ext_count(x->extensions);
 }
 
-int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos)
+int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos)
 {
-    return (X509v3_get_ext_by_NID(x->extensions, nid, lastpos));
+    return X509v3_get_ext_by_NID(x->extensions, nid, lastpos);
 }
 
-int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj,
+int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, const ASN1_OBJECT *obj,
                                 int lastpos)
 {
-    return (X509v3_get_ext_by_OBJ(x->extensions, obj, lastpos));
+    return X509v3_get_ext_by_OBJ(x->extensions, obj, lastpos);
 }
 
-int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos)
+int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit, int lastpos)
 {
-    return (X509v3_get_ext_by_critical(x->extensions, crit, lastpos));
+    return X509v3_get_ext_by_critical(x->extensions, crit, lastpos);
 }
 
-X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc)
+X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc)
 {
-    return (X509v3_get_ext(x->extensions, loc));
+    return X509v3_get_ext(x->extensions, loc);
 }
 
 X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc)
 {
-    return (X509v3_delete_ext(x->extensions, loc));
+    return X509v3_delete_ext(x->extensions, loc);
 }
 
 int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc)
@@ -197,7 +149,7 @@ int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc)
     return (X509v3_add_ext(&(x->extensions), ex, loc) != NULL);
 }
 
-void *X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx)
+void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *x, int nid, int *crit, int *idx)
 {
     return X509V3_get_d2i(x->extensions, nid, crit, idx);
 }
@@ -207,7 +159,3 @@ int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit,
 {
     return X509V3_add1_i2d(&x->extensions, nid, value, crit, flags);
 }
-
-IMPLEMENT_STACK_OF(X509_EXTENSION)
-
-IMPLEMENT_ASN1_SET_OF(X509_EXTENSION)
diff --git a/freebsd/crypto/openssl/crypto/x509/x509_lcl.h b/freebsd/crypto/openssl/crypto/x509/x509_lcl.h
new file mode 100644
index 00000000..c517a774
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/x509/x509_lcl.h
@@ -0,0 +1,147 @@
+/*
+ * Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/refcount.h"
+
+/*
+ * This structure holds all parameters associated with a verify operation by
+ * including an X509_VERIFY_PARAM structure in related structures the
+ * parameters used can be customized
+ */
+
+struct X509_VERIFY_PARAM_st {
+    char *name;
+    time_t check_time;          /* Time to use */
+    uint32_t inh_flags;         /* Inheritance flags */
+    unsigned long flags;        /* Various verify flags */
+    int purpose;                /* purpose to check untrusted certificates */
+    int trust;                  /* trust setting to check */
+    int depth;                  /* Verify depth */
+    int auth_level;             /* Security level for chain verification */
+    STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */
+    /* Peer identity details */
+    STACK_OF(OPENSSL_STRING) *hosts; /* Set of acceptable names */
+    unsigned int hostflags;     /* Flags to control matching features */
+    char *peername;             /* Matching hostname in peer certificate */
+    char *email;                /* If not NULL email address to match */
+    size_t emaillen;
+    unsigned char *ip;          /* If not NULL IP address to match */
+    size_t iplen;               /* Length of IP address */
+};
+
+/* No error callback if depth < 0 */
+int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth);
+
+/* a sequence of these are used */
+struct x509_attributes_st {
+    ASN1_OBJECT *object;
+    STACK_OF(ASN1_TYPE) *set;
+};
+
+struct X509_extension_st {
+    ASN1_OBJECT *object;
+    ASN1_BOOLEAN critical;
+    ASN1_OCTET_STRING value;
+};
+
+/*
+ * Method to handle CRL access. In general a CRL could be very large (several
+ * Mb) and can consume large amounts of resources if stored in memory by
+ * multiple processes. This method allows general CRL operations to be
+ * redirected to more efficient callbacks: for example a CRL entry database.
+ */
+
+#define X509_CRL_METHOD_DYNAMIC         1
+
+struct x509_crl_method_st {
+    int flags;
+    int (*crl_init) (X509_CRL *crl);
+    int (*crl_free) (X509_CRL *crl);
+    int (*crl_lookup) (X509_CRL *crl, X509_REVOKED **ret,
+                       ASN1_INTEGER *ser, X509_NAME *issuer);
+    int (*crl_verify) (X509_CRL *crl, EVP_PKEY *pk);
+};
+
+struct x509_lookup_method_st {
+    char *name;
+    int (*new_item) (X509_LOOKUP *ctx);
+    void (*free) (X509_LOOKUP *ctx);
+    int (*init) (X509_LOOKUP *ctx);
+    int (*shutdown) (X509_LOOKUP *ctx);
+    int (*ctrl) (X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
+                 char **ret);
+    int (*get_by_subject) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                           X509_NAME *name, X509_OBJECT *ret);
+    int (*get_by_issuer_serial) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                                 X509_NAME *name, ASN1_INTEGER *serial,
+                                 X509_OBJECT *ret);
+    int (*get_by_fingerprint) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                               const unsigned char *bytes, int len,
+                               X509_OBJECT *ret);
+    int (*get_by_alias) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                         const char *str, int len, X509_OBJECT *ret);
+};
+
+/* This is the functions plus an instance of the local variables. */
+struct x509_lookup_st {
+    int init;                   /* have we been started */
+    int skip;                   /* don't use us. */
+    X509_LOOKUP_METHOD *method; /* the functions */
+    void *method_data;          /* method data */
+    X509_STORE *store_ctx;      /* who owns us */
+};
+
+/*
+ * This is used to hold everything.  It is used for all certificate
+ * validation.  Once we have a certificate chain, the 'verify' function is
+ * then called to actually check the cert chain.
+ */
+struct x509_store_st {
+    /* The following is a cache of trusted certs */
+    int cache;                  /* if true, stash any hits */
+    STACK_OF(X509_OBJECT) *objs; /* Cache of all objects */
+    /* These are external lookup methods */
+    STACK_OF(X509_LOOKUP) *get_cert_methods;
+    X509_VERIFY_PARAM *param;
+    /* Callbacks for various operations */
+    /* called to verify a certificate */
+    int (*verify) (X509_STORE_CTX *ctx);
+    /* error callback */
+    int (*verify_cb) (int ok, X509_STORE_CTX *ctx);
+    /* get issuers cert from ctx */
+    int (*get_issuer) (X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
+    /* check issued */
+    int (*check_issued) (X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
+    /* Check revocation status of chain */
+    int (*check_revocation) (X509_STORE_CTX *ctx);
+    /* retrieve CRL */
+    int (*get_crl) (X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x);
+    /* Check CRL validity */
+    int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl);
+    /* Check certificate against CRL */
+    int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x);
+    /* Check policy status of the chain */
+    int (*check_policy) (X509_STORE_CTX *ctx);
+    STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm);
+    STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm);
+    int (*cleanup) (X509_STORE_CTX *ctx);
+    CRYPTO_EX_DATA ex_data;
+    CRYPTO_REF_COUNT references;
+    CRYPTO_RWLOCK *lock;
+};
+
+typedef struct lookup_dir_hashes_st BY_DIR_HASH;
+typedef struct lookup_dir_entry_st BY_DIR_ENTRY;
+DEFINE_STACK_OF(BY_DIR_HASH)
+DEFINE_STACK_OF(BY_DIR_ENTRY)
+typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY;
+DEFINE_STACK_OF(STACK_OF_X509_NAME_ENTRY)
+
+void x509_set_signature_info(X509_SIG_INFO *siginf, const X509_ALGOR *alg,
+                             const ASN1_STRING *sig);
diff --git a/freebsd/crypto/openssl/crypto/x509/x509_lu.c b/freebsd/crypto/openssl/crypto/x509/x509_lu.c
index 942b11da..5343ccfb 100644
--- a/freebsd/crypto/openssl/crypto/x509/x509_lu.c
+++ b/freebsd/crypto/openssl/crypto/x509/x509_lu.c
@@ -1,83 +1,33 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/x509/x509_lu.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/lhash.h>
+#include "internal/cryptlib.h"
+#include "internal/refcount.h"
 #include <openssl/x509.h>
+#include "internal/x509_int.h"
 #include <openssl/x509v3.h>
+#include "x509_lcl.h"
 
 X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
 {
-    X509_LOOKUP *ret;
+    X509_LOOKUP *ret = OPENSSL_zalloc(sizeof(*ret));
 
-    ret = (X509_LOOKUP *)OPENSSL_malloc(sizeof(X509_LOOKUP));
-    if (ret == NULL)
+    if (ret == NULL) {
+        X509err(X509_F_X509_LOOKUP_NEW, ERR_R_MALLOC_FAILURE);
         return NULL;
+    }
 
-    ret->init = 0;
-    ret->skip = 0;
     ret->method = method;
-    ret->method_data = NULL;
-    ret->store_ctx = NULL;
-    if ((method->new_item != NULL) && !method->new_item(ret)) {
+    if (method->new_item != NULL && method->new_item(ret) == 0) {
         OPENSSL_free(ret);
         return NULL;
     }
@@ -93,6 +43,16 @@ void X509_LOOKUP_free(X509_LOOKUP *ctx)
     OPENSSL_free(ctx);
 }
 
+int X509_STORE_lock(X509_STORE *s)
+{
+    return CRYPTO_THREAD_write_lock(s->lock);
+}
+
+int X509_STORE_unlock(X509_STORE *s)
+{
+    return CRYPTO_THREAD_unlock(s->lock);
+}
+
 int X509_LOOKUP_init(X509_LOOKUP *ctx)
 {
     if (ctx->method == NULL)
@@ -124,41 +84,59 @@ int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
         return 1;
 }
 
-int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
-                           X509_OBJECT *ret)
+int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                           X509_NAME *name, X509_OBJECT *ret)
 {
     if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL))
-        return X509_LU_FAIL;
+        return 0;
     if (ctx->skip)
         return 0;
     return ctx->method->get_by_subject(ctx, type, name, ret);
 }
 
-int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
-                                 ASN1_INTEGER *serial, X509_OBJECT *ret)
+int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                                 X509_NAME *name, ASN1_INTEGER *serial,
+                                 X509_OBJECT *ret)
 {
     if ((ctx->method == NULL) || (ctx->method->get_by_issuer_serial == NULL))
-        return X509_LU_FAIL;
+        return 0;
     return ctx->method->get_by_issuer_serial(ctx, type, name, serial, ret);
 }
 
-int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
-                               unsigned char *bytes, int len,
+int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                               const unsigned char *bytes, int len,
                                X509_OBJECT *ret)
 {
     if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL))
-        return X509_LU_FAIL;
+        return 0;
     return ctx->method->get_by_fingerprint(ctx, type, bytes, len, ret);
 }
 
-int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len,
-                         X509_OBJECT *ret)
+int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                         const char *str, int len, X509_OBJECT *ret)
 {
     if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL))
-        return X509_LU_FAIL;
+        return 0;
     return ctx->method->get_by_alias(ctx, type, str, len, ret);
 }
 
+int X509_LOOKUP_set_method_data(X509_LOOKUP *ctx, void *data)
+{
+    ctx->method_data = data;
+    return 1;
+}
+
+void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx)
+{
+    return ctx->method_data;
+}
+
+X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx)
+{
+    return ctx->store_ctx;
+}
+
+
 static int x509_object_cmp(const X509_OBJECT *const *a,
                            const X509_OBJECT *const *b)
 {
@@ -174,7 +152,7 @@ static int x509_object_cmp(const X509_OBJECT *const *a,
     case X509_LU_CRL:
         ret = X509_CRL_cmp((*a)->data.crl, (*b)->data.crl);
         break;
-    default:
+    case X509_LU_NONE:
         /* abort(); */
         return 0;
     }
@@ -183,63 +161,48 @@ static int x509_object_cmp(const X509_OBJECT *const *a,
 
 X509_STORE *X509_STORE_new(void)
 {
-    X509_STORE *ret;
+    X509_STORE *ret = OPENSSL_zalloc(sizeof(*ret));
 
-    if ((ret = (X509_STORE *)OPENSSL_malloc(sizeof(X509_STORE))) == NULL)
+    if (ret == NULL) {
+        X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE);
         return NULL;
-    if ((ret->objs = sk_X509_OBJECT_new(x509_object_cmp)) == NULL)
-        goto err0;
+    }
+    if ((ret->objs = sk_X509_OBJECT_new(x509_object_cmp)) == NULL) {
+        X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
     ret->cache = 1;
-    if ((ret->get_cert_methods = sk_X509_LOOKUP_new_null()) == NULL)
-        goto err1;
-    ret->verify = 0;
-    ret->verify_cb = 0;
-
-    if ((ret->param = X509_VERIFY_PARAM_new()) == NULL)
-        goto err2;
-
-    ret->get_issuer = 0;
-    ret->check_issued = 0;
-    ret->check_revocation = 0;
-    ret->get_crl = 0;
-    ret->check_crl = 0;
-    ret->cert_crl = 0;
-    ret->lookup_certs = 0;
-    ret->lookup_crls = 0;
-    ret->cleanup = 0;
-
-    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data))
-       goto err3;
+    if ((ret->get_cert_methods = sk_X509_LOOKUP_new_null()) == NULL) {
+        X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if ((ret->param = X509_VERIFY_PARAM_new()) == NULL) {
+        X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data)) {
+        X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
 
     ret->references = 1;
     return ret;
 
- err3:
+err:
     X509_VERIFY_PARAM_free(ret->param);
- err2:
-    sk_X509_LOOKUP_free(ret->get_cert_methods);
- err1:
     sk_X509_OBJECT_free(ret->objs);
- err0:
+    sk_X509_LOOKUP_free(ret->get_cert_methods);
     OPENSSL_free(ret);
     return NULL;
 }
 
-static void cleanup(X509_OBJECT *a)
-{
-    if (!a)
-        return;
-    if (a->type == X509_LU_X509) {
-        X509_free(a->data.x509);
-    } else if (a->type == X509_LU_CRL) {
-        X509_CRL_free(a->data.crl);
-    } else {
-        /* abort(); */
-    }
-
-    OPENSSL_free(a);
-}
-
 void X509_STORE_free(X509_STORE *vfy)
 {
     int i;
@@ -248,19 +211,11 @@ void X509_STORE_free(X509_STORE *vfy)
 
     if (vfy == NULL)
         return;
-
-    i = CRYPTO_add(&vfy->references, -1, CRYPTO_LOCK_X509_STORE);
-#ifdef REF_PRINT
-    REF_PRINT("X509_STORE", vfy);
-#endif
+    CRYPTO_DOWN_REF(&vfy->references, &i, vfy->lock);
+    REF_PRINT_COUNT("X509_STORE", vfy);
     if (i > 0)
         return;
-#ifdef REF_CHECK
-    if (i < 0) {
-        fprintf(stderr, "X509_STORE_free, bad reference count\n");
-        abort();                /* ok */
-    }
-#endif
+    REF_ASSERT_ISNT(i < 0);
 
     sk = vfy->get_cert_methods;
     for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) {
@@ -269,14 +224,26 @@ void X509_STORE_free(X509_STORE *vfy)
         X509_LOOKUP_free(lu);
     }
     sk_X509_LOOKUP_free(sk);
-    sk_X509_OBJECT_pop_free(vfy->objs, cleanup);
+    sk_X509_OBJECT_pop_free(vfy->objs, X509_OBJECT_free);
 
     CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data);
-    if (vfy->param)
-        X509_VERIFY_PARAM_free(vfy->param);
+    X509_VERIFY_PARAM_free(vfy->param);
+    CRYPTO_THREAD_lock_free(vfy->lock);
     OPENSSL_free(vfy);
 }
 
+int X509_STORE_up_ref(X509_STORE *vfy)
+{
+    int i;
+
+    if (CRYPTO_UP_REF(&vfy->references, &i, vfy->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("X509_STORE", a);
+    REF_ASSERT_ISNT(i < 2);
+    return ((i > 1) ? 1 : 0);
+}
+
 X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m)
 {
     int i;
@@ -292,21 +259,37 @@ X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m)
     }
     /* a new one */
     lu = X509_LOOKUP_new(m);
-    if (lu == NULL)
+    if (lu == NULL) {
+        X509err(X509_F_X509_STORE_ADD_LOOKUP, ERR_R_MALLOC_FAILURE);
         return NULL;
-    else {
-        lu->store_ctx = v;
-        if (sk_X509_LOOKUP_push(v->get_cert_methods, lu))
-            return lu;
-        else {
-            X509_LOOKUP_free(lu);
-            return NULL;
-        }
     }
+
+    lu->store_ctx = v;
+    if (sk_X509_LOOKUP_push(v->get_cert_methods, lu))
+        return lu;
+    /* malloc failed */
+    X509err(X509_F_X509_STORE_ADD_LOOKUP, ERR_R_MALLOC_FAILURE);
+    X509_LOOKUP_free(lu);
+    return NULL;
+}
+
+X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs,
+                                               X509_LOOKUP_TYPE type,
+                                               X509_NAME *name)
+{
+    X509_OBJECT *ret = X509_OBJECT_new();
+
+    if (ret == NULL)
+        return NULL;
+    if (!X509_STORE_CTX_get_by_subject(vs, type, name, ret)) {
+        X509_OBJECT_free(ret);
+        return NULL;
+    }
+    return ret;
 }
 
-int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
-                              X509_OBJECT *ret)
+int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type,
+                                  X509_NAME *name, X509_OBJECT *ret)
 {
     X509_STORE *ctx = vs->ctx;
     X509_LOOKUP *lu;
@@ -316,32 +299,23 @@ int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
     if (ctx == NULL)
         return 0;
 
-    CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
-
+    CRYPTO_THREAD_write_lock(ctx->lock);
     tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name);
-    CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+    CRYPTO_THREAD_unlock(ctx->lock);
 
     if (tmp == NULL || type == X509_LU_CRL) {
-        for (i = vs->current_method;
-             i < sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) {
+        for (i = 0; i < sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) {
             lu = sk_X509_LOOKUP_value(ctx->get_cert_methods, i);
             j = X509_LOOKUP_by_subject(lu, type, name, &stmp);
-            if (j < 0) {
-                vs->current_method = j;
-                return j;
-            } else if (j) {
+            if (j) {
                 tmp = &stmp;
                 break;
             }
         }
-        vs->current_method = 0;
         if (tmp == NULL)
             return 0;
     }
 
-/*- if (ret->data.ptr != NULL)
-            X509_OBJECT_free_contents(ret); */
-
     ret->type = tmp->type;
     ret->data.ptr = tmp->data.ptr;
 
@@ -350,94 +324,111 @@ int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
     return 1;
 }
 
-int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
-{
+static int x509_store_add(X509_STORE *ctx, void *x, int crl) {
     X509_OBJECT *obj;
-    int ret = 1;
+    int ret = 0, added = 0;
 
     if (x == NULL)
         return 0;
-    obj = (X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT));
-    if (obj == NULL) {
-        X509err(X509_F_X509_STORE_ADD_CERT, ERR_R_MALLOC_FAILURE);
+    obj = X509_OBJECT_new();
+    if (obj == NULL)
         return 0;
-    }
-    obj->type = X509_LU_X509;
-    obj->data.x509 = x;
-
-    CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
 
+    if (crl) {
+        obj->type = X509_LU_CRL;
+        obj->data.crl = (X509_CRL *)x;
+    } else {
+        obj->type = X509_LU_X509;
+        obj->data.x509 = (X509 *)x;
+    }
     X509_OBJECT_up_ref_count(obj);
 
+    CRYPTO_THREAD_write_lock(ctx->lock);
+
     if (X509_OBJECT_retrieve_match(ctx->objs, obj)) {
-        X509_OBJECT_free_contents(obj);
-        OPENSSL_free(obj);
-        X509err(X509_F_X509_STORE_ADD_CERT,
-                X509_R_CERT_ALREADY_IN_HASH_TABLE);
-        ret = 0;
-    } else if (!sk_X509_OBJECT_push(ctx->objs, obj)) {
-        X509_OBJECT_free_contents(obj);
-        OPENSSL_free(obj);
-        X509err(X509_F_X509_STORE_ADD_CERT, ERR_R_MALLOC_FAILURE);
-        ret = 0;
+        ret = 1;
+    } else {
+        added = sk_X509_OBJECT_push(ctx->objs, obj);
+        ret = added != 0;
     }
 
-    CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+    CRYPTO_THREAD_unlock(ctx->lock);
+
+    if (added == 0)             /* obj not pushed */
+        X509_OBJECT_free(obj);
 
     return ret;
 }
 
-int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
+int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
 {
-    X509_OBJECT *obj;
-    int ret = 1;
-
-    if (x == NULL)
-        return 0;
-    obj = (X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT));
-    if (obj == NULL) {
-        X509err(X509_F_X509_STORE_ADD_CRL, ERR_R_MALLOC_FAILURE);
+    if (!x509_store_add(ctx, x, 0)) {
+        X509err(X509_F_X509_STORE_ADD_CERT, ERR_R_MALLOC_FAILURE);
         return 0;
     }
-    obj->type = X509_LU_CRL;
-    obj->data.crl = x;
-
-    CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
-
-    X509_OBJECT_up_ref_count(obj);
+    return 1;
+}
 
-    if (X509_OBJECT_retrieve_match(ctx->objs, obj)) {
-        X509_OBJECT_free_contents(obj);
-        OPENSSL_free(obj);
-        X509err(X509_F_X509_STORE_ADD_CRL, X509_R_CERT_ALREADY_IN_HASH_TABLE);
-        ret = 0;
-    } else if (!sk_X509_OBJECT_push(ctx->objs, obj)) {
-        X509_OBJECT_free_contents(obj);
-        OPENSSL_free(obj);
+int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
+{
+    if (!x509_store_add(ctx, x, 1)) {
         X509err(X509_F_X509_STORE_ADD_CRL, ERR_R_MALLOC_FAILURE);
-        ret = 0;
+        return 0;
     }
-
-    CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
-
-    return ret;
+    return 1;
 }
 
-void X509_OBJECT_up_ref_count(X509_OBJECT *a)
+int X509_OBJECT_up_ref_count(X509_OBJECT *a)
 {
     switch (a->type) {
-    case X509_LU_X509:
-        CRYPTO_add(&a->data.x509->references, 1, CRYPTO_LOCK_X509);
+    case X509_LU_NONE:
         break;
+    case X509_LU_X509:
+        return X509_up_ref(a->data.x509);
     case X509_LU_CRL:
-        CRYPTO_add(&a->data.crl->references, 1, CRYPTO_LOCK_X509_CRL);
-        break;
+        return X509_CRL_up_ref(a->data.crl);
+    }
+    return 1;
+}
+
+X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a)
+{
+    if (a == NULL || a->type != X509_LU_X509)
+        return NULL;
+    return a->data.x509;
+}
+
+X509_CRL *X509_OBJECT_get0_X509_CRL(X509_OBJECT *a)
+{
+    if (a == NULL || a->type != X509_LU_CRL)
+        return NULL;
+    return a->data.crl;
+}
+
+X509_LOOKUP_TYPE X509_OBJECT_get_type(const X509_OBJECT *a)
+{
+    return a->type;
+}
+
+X509_OBJECT *X509_OBJECT_new(void)
+{
+    X509_OBJECT *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        X509err(X509_F_X509_OBJECT_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
     }
+    ret->type = X509_LU_NONE;
+    return ret;
 }
 
-void X509_OBJECT_free_contents(X509_OBJECT *a)
+static void x509_object_free_internal(X509_OBJECT *a)
 {
+    if (a == NULL)
+        return;
     switch (a->type) {
+    case X509_LU_NONE:
+        break;
     case X509_LU_X509:
         X509_free(a->data.x509);
         break;
@@ -447,29 +438,53 @@ void X509_OBJECT_free_contents(X509_OBJECT *a)
     }
 }
 
-static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type,
+int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj)
+{
+    if (a == NULL || !X509_up_ref(obj))
+        return 0;
+
+    x509_object_free_internal(a);
+    a->type = X509_LU_X509;
+    a->data.x509 = obj;
+    return 1;
+}
+
+int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj)
+{
+    if (a == NULL || !X509_CRL_up_ref(obj))
+        return 0;
+
+    x509_object_free_internal(a);
+    a->type = X509_LU_CRL;
+    a->data.crl = obj;
+    return 1;
+}
+
+void X509_OBJECT_free(X509_OBJECT *a)
+{
+    x509_object_free_internal(a);
+    OPENSSL_free(a);
+}
+
+static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type,
                                X509_NAME *name, int *pnmatch)
 {
     X509_OBJECT stmp;
     X509 x509_s;
-    X509_CINF cinf_s;
     X509_CRL crl_s;
-    X509_CRL_INFO crl_info_s;
     int idx;
 
     stmp.type = type;
     switch (type) {
     case X509_LU_X509:
         stmp.data.x509 = &x509_s;
-        x509_s.cert_info = &cinf_s;
-        cinf_s.subject = name;
+        x509_s.cert_info.subject = name;
         break;
     case X509_LU_CRL:
         stmp.data.crl = &crl_s;
-        crl_s.crl = &crl_info_s;
-        crl_info_s.issuer = name;
+        crl_s.crl.issuer = name;
         break;
-    default:
+    case X509_LU_NONE:
         /* abort(); */
         return -1;
     }
@@ -490,14 +505,15 @@ static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type,
     return idx;
 }
 
-int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
+int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type,
                                X509_NAME *name)
 {
     return x509_object_idx_cnt(h, type, name, NULL);
 }
 
 X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,
-                                             int type, X509_NAME *name)
+                                             X509_LOOKUP_TYPE type,
+                                             X509_NAME *name)
 {
     int idx;
     idx = X509_OBJECT_idx_by_subject(h, type, name);
@@ -506,82 +522,83 @@ X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,
     return sk_X509_OBJECT_value(h, idx);
 }
 
-STACK_OF(X509) *X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
+STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *v)
+{
+    return v->objs;
+}
+
+STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
 {
     int i, idx, cnt;
-    STACK_OF(X509) *sk;
+    STACK_OF(X509) *sk = NULL;
     X509 *x;
     X509_OBJECT *obj;
 
     if (ctx->ctx == NULL)
         return NULL;
 
-    sk = sk_X509_new_null();
-    CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+    CRYPTO_THREAD_write_lock(ctx->ctx->lock);
     idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt);
     if (idx < 0) {
         /*
          * Nothing found in cache: do lookup to possibly add new objects to
          * cache
          */
-        X509_OBJECT xobj;
-        CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
-        if (!X509_STORE_get_by_subject(ctx, X509_LU_X509, nm, &xobj)) {
-            sk_X509_free(sk);
+        X509_OBJECT *xobj = X509_OBJECT_new();
+
+        CRYPTO_THREAD_unlock(ctx->ctx->lock);
+        if (xobj == NULL)
+            return NULL;
+        if (!X509_STORE_CTX_get_by_subject(ctx, X509_LU_X509, nm, xobj)) {
+            X509_OBJECT_free(xobj);
             return NULL;
         }
-        X509_OBJECT_free_contents(&xobj);
-        CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+        X509_OBJECT_free(xobj);
+        CRYPTO_THREAD_write_lock(ctx->ctx->lock);
         idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt);
         if (idx < 0) {
-            CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
-            sk_X509_free(sk);
+            CRYPTO_THREAD_unlock(ctx->ctx->lock);
             return NULL;
         }
     }
+
+    sk = sk_X509_new_null();
     for (i = 0; i < cnt; i++, idx++) {
         obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx);
         x = obj->data.x509;
-        CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
+        X509_up_ref(x);
         if (!sk_X509_push(sk, x)) {
-            CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+            CRYPTO_THREAD_unlock(ctx->ctx->lock);
             X509_free(x);
             sk_X509_pop_free(sk, X509_free);
             return NULL;
         }
     }
-    CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+    CRYPTO_THREAD_unlock(ctx->ctx->lock);
     return sk;
-
 }
 
-STACK_OF(X509_CRL) *X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm)
+STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm)
 {
     int i, idx, cnt;
-    STACK_OF(X509_CRL) *sk;
+    STACK_OF(X509_CRL) *sk = sk_X509_CRL_new_null();
     X509_CRL *x;
-    X509_OBJECT *obj, xobj;
-
-
-    if (ctx->ctx == NULL)
-        return NULL;
-
-    sk = sk_X509_CRL_new_null();
-    CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
-
-    /*
-     * Always do lookup to possibly add new CRLs to cache
-     */
-    CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
-    if (!X509_STORE_get_by_subject(ctx, X509_LU_CRL, nm, &xobj)) {
+    X509_OBJECT *obj, *xobj = X509_OBJECT_new();
+
+    /* Always do lookup to possibly add new CRLs to cache */
+    if (sk == NULL
+            || xobj == NULL
+            || ctx->ctx == NULL
+            || !X509_STORE_CTX_get_by_subject(ctx, X509_LU_CRL, nm, xobj)) {
+        X509_OBJECT_free(xobj);
         sk_X509_CRL_free(sk);
         return NULL;
     }
-    X509_OBJECT_free_contents(&xobj);
-    CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+    X509_OBJECT_free(xobj);
+    CRYPTO_THREAD_write_lock(ctx->ctx->lock);
     idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt);
     if (idx < 0) {
-        CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+        CRYPTO_THREAD_unlock(ctx->ctx->lock);
         sk_X509_CRL_free(sk);
         return NULL;
     }
@@ -589,32 +606,33 @@ STACK_OF(X509_CRL) *X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm)
     for (i = 0; i < cnt; i++, idx++) {
         obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx);
         x = obj->data.crl;
-        CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL);
+        X509_CRL_up_ref(x);
         if (!sk_X509_CRL_push(sk, x)) {
-            CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+            CRYPTO_THREAD_unlock(ctx->ctx->lock);
             X509_CRL_free(x);
             sk_X509_CRL_pop_free(sk, X509_CRL_free);
             return NULL;
         }
     }
-    CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+    CRYPTO_THREAD_unlock(ctx->ctx->lock);
     return sk;
 }
 
 X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h,
                                         X509_OBJECT *x)
 {
-    int idx, i;
+    int idx, i, num;
     X509_OBJECT *obj;
+
     idx = sk_X509_OBJECT_find(h, x);
-    if (idx == -1)
+    if (idx < 0)
         return NULL;
     if ((x->type != X509_LU_X509) && (x->type != X509_LU_CRL))
         return sk_X509_OBJECT_value(h, idx);
-    for (i = idx; i < sk_X509_OBJECT_num(h); i++) {
+    for (i = idx, num = sk_X509_OBJECT_num(h); i < num; i++) {
         obj = sk_X509_OBJECT_value(h, i);
-        if (x509_object_cmp
-            ((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x))
+        if (x509_object_cmp((const X509_OBJECT **)&obj,
+                            (const X509_OBJECT **)&x))
             return NULL;
         if (x->type == X509_LU_X509) {
             if (!X509_cmp(obj->data.x509, x->data.x509))
@@ -643,35 +661,35 @@ X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h,
 int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
 {
     X509_NAME *xn;
-    X509_OBJECT obj, *pobj;
+    X509_OBJECT *obj = X509_OBJECT_new(), *pobj = NULL;
     int i, ok, idx, ret;
+
+    if (obj == NULL)
+        return -1;
+    *issuer = NULL;
     xn = X509_get_issuer_name(x);
-    ok = X509_STORE_get_by_subject(ctx, X509_LU_X509, xn, &obj);
-    if (ok != X509_LU_X509) {
-        if (ok == X509_LU_RETRY) {
-            X509_OBJECT_free_contents(&obj);
-            X509err(X509_F_X509_STORE_CTX_GET1_ISSUER, X509_R_SHOULD_RETRY);
-            return -1;
-        } else if (ok != X509_LU_FAIL) {
-            X509_OBJECT_free_contents(&obj);
-            /* not good :-(, break anyway */
-            return -1;
-        }
+    ok = X509_STORE_CTX_get_by_subject(ctx, X509_LU_X509, xn, obj);
+    if (ok != 1) {
+        X509_OBJECT_free(obj);
         return 0;
     }
     /* If certificate matches all OK */
-    if (ctx->check_issued(ctx, x, obj.data.x509)) {
-        *issuer = obj.data.x509;
-        return 1;
+    if (ctx->check_issued(ctx, x, obj->data.x509)) {
+        if (x509_check_cert_time(ctx, obj->data.x509, -1)) {
+            *issuer = obj->data.x509;
+            X509_up_ref(*issuer);
+            X509_OBJECT_free(obj);
+            return 1;
+        }
     }
-    X509_OBJECT_free_contents(&obj);
+    X509_OBJECT_free(obj);
 
     if (ctx->ctx == NULL)
         return 0;
 
     /* Else find index of first cert accepted by 'check_issued' */
     ret = 0;
-    CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+    CRYPTO_THREAD_write_lock(ctx->ctx->lock);
     idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn);
     if (idx != -1) {            /* should be true as we've had at least one
                                  * match */
@@ -685,13 +703,22 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
                 break;
             if (ctx->check_issued(ctx, x, pobj->data.x509)) {
                 *issuer = pobj->data.x509;
-                X509_OBJECT_up_ref_count(pobj);
                 ret = 1;
-                break;
+                /*
+                 * If times check, exit with match,
+                 * otherwise keep looking. Leave last
+                 * match in issuer so we return nearest
+                 * match if no certificate time is OK.
+                 */
+
+                if (x509_check_cert_time(ctx, *issuer, -1))
+                    break;
             }
         }
     }
-    CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+    CRYPTO_THREAD_unlock(ctx->ctx->lock);
+    if (*issuer)
+        X509_up_ref(*issuer);
     return ret;
 }
 
@@ -721,25 +748,153 @@ int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *param)
     return X509_VERIFY_PARAM_set1(ctx->param, param);
 }
 
+X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx)
+{
+    return ctx->param;
+}
+
+void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify)
+{
+    ctx->verify = verify;
+}
+
+X509_STORE_CTX_verify_fn X509_STORE_get_verify(X509_STORE *ctx)
+{
+    return ctx->verify;
+}
+
 void X509_STORE_set_verify_cb(X509_STORE *ctx,
-                              int (*verify_cb) (int, X509_STORE_CTX *))
+                              X509_STORE_CTX_verify_cb verify_cb)
 {
     ctx->verify_cb = verify_cb;
 }
 
-void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx,
-                                   STACK_OF(X509_CRL) *(*cb) (X509_STORE_CTX
-                                                              *ctx,
-                                                              X509_NAME *nm))
+X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE *ctx)
 {
-    ctx->lookup_crls = cb;
+    return ctx->verify_cb;
 }
 
-X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx)
+void X509_STORE_set_get_issuer(X509_STORE *ctx,
+                               X509_STORE_CTX_get_issuer_fn get_issuer)
 {
-    return ctx->ctx;
+    ctx->get_issuer = get_issuer;
 }
 
-IMPLEMENT_STACK_OF(X509_LOOKUP)
+X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE *ctx)
+{
+    return ctx->get_issuer;
+}
+
+void X509_STORE_set_check_issued(X509_STORE *ctx,
+                                 X509_STORE_CTX_check_issued_fn check_issued)
+{
+    ctx->check_issued = check_issued;
+}
 
-IMPLEMENT_STACK_OF(X509_OBJECT)
+X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE *ctx)
+{
+    return ctx->check_issued;
+}
+
+void X509_STORE_set_check_revocation(X509_STORE *ctx,
+                                     X509_STORE_CTX_check_revocation_fn check_revocation)
+{
+    ctx->check_revocation = check_revocation;
+}
+
+X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(X509_STORE *ctx)
+{
+    return ctx->check_revocation;
+}
+
+void X509_STORE_set_get_crl(X509_STORE *ctx,
+                            X509_STORE_CTX_get_crl_fn get_crl)
+{
+    ctx->get_crl = get_crl;
+}
+
+X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(X509_STORE *ctx)
+{
+    return ctx->get_crl;
+}
+
+void X509_STORE_set_check_crl(X509_STORE *ctx,
+                              X509_STORE_CTX_check_crl_fn check_crl)
+{
+    ctx->check_crl = check_crl;
+}
+
+X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(X509_STORE *ctx)
+{
+    return ctx->check_crl;
+}
+
+void X509_STORE_set_cert_crl(X509_STORE *ctx,
+                             X509_STORE_CTX_cert_crl_fn cert_crl)
+{
+    ctx->cert_crl = cert_crl;
+}
+
+X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(X509_STORE *ctx)
+{
+    return ctx->cert_crl;
+}
+
+void X509_STORE_set_check_policy(X509_STORE *ctx,
+                                 X509_STORE_CTX_check_policy_fn check_policy)
+{
+    ctx->check_policy = check_policy;
+}
+
+X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(X509_STORE *ctx)
+{
+    return ctx->check_policy;
+}
+
+void X509_STORE_set_lookup_certs(X509_STORE *ctx,
+                                 X509_STORE_CTX_lookup_certs_fn lookup_certs)
+{
+    ctx->lookup_certs = lookup_certs;
+}
+
+X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(X509_STORE *ctx)
+{
+    return ctx->lookup_certs;
+}
+
+void X509_STORE_set_lookup_crls(X509_STORE *ctx,
+                                X509_STORE_CTX_lookup_crls_fn lookup_crls)
+{
+    ctx->lookup_crls = lookup_crls;
+}
+
+X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(X509_STORE *ctx)
+{
+    return ctx->lookup_crls;
+}
+
+void X509_STORE_set_cleanup(X509_STORE *ctx,
+                            X509_STORE_CTX_cleanup_fn ctx_cleanup)
+{
+    ctx->cleanup = ctx_cleanup;
+}
+
+X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(X509_STORE *ctx)
+{
+    return ctx->cleanup;
+}
+
+int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data)
+{
+    return CRYPTO_set_ex_data(&ctx->ex_data, idx, data);
+}
+
+void *X509_STORE_get_ex_data(X509_STORE *ctx, int idx)
+{
+    return CRYPTO_get_ex_data(&ctx->ex_data, idx);
+}
+
+X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx)
+{
+    return ctx->ctx;
+}
diff --git a/freebsd/crypto/openssl/crypto/x509/x509_meth.c b/freebsd/crypto/openssl/crypto/x509/x509_meth.c
new file mode 100644
index 00000000..67c64f58
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/x509/x509_meth.c
@@ -0,0 +1,168 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include <errno.h>
+
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+#include <openssl/ossl_typ.h>
+#include "x509_lcl.h"
+
+X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name)
+{
+    X509_LOOKUP_METHOD *method = OPENSSL_zalloc(sizeof(X509_LOOKUP_METHOD));
+
+    if (method != NULL) {
+        method->name = OPENSSL_strdup(name);
+        if (method->name == NULL) {
+            X509err(X509_F_X509_LOOKUP_METH_NEW, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+
+    return method;
+
+err:
+    OPENSSL_free(method);
+    return NULL;
+}
+
+void X509_LOOKUP_meth_free(X509_LOOKUP_METHOD *method)
+{
+    if (method != NULL)
+        OPENSSL_free(method->name);
+    OPENSSL_free(method);
+}
+
+int X509_LOOKUP_meth_set_new_item(X509_LOOKUP_METHOD *method,
+                                  int (*new_item) (X509_LOOKUP *ctx))
+{
+    method->new_item = new_item;
+    return 1;
+}
+
+int (*X509_LOOKUP_meth_get_new_item(const X509_LOOKUP_METHOD* method))
+    (X509_LOOKUP *ctx)
+{
+    return method->new_item;
+}
+
+int X509_LOOKUP_meth_set_free(
+    X509_LOOKUP_METHOD *method,
+    void (*free_fn) (X509_LOOKUP *ctx))
+{
+    method->free = free_fn;
+    return 1;
+}
+
+void (*X509_LOOKUP_meth_get_free(const X509_LOOKUP_METHOD* method))
+    (X509_LOOKUP *ctx)
+{
+    return method->free;
+}
+
+int X509_LOOKUP_meth_set_init(X509_LOOKUP_METHOD *method,
+                              int (*init) (X509_LOOKUP *ctx))
+{
+    method->init = init;
+    return 1;
+}
+
+int (*X509_LOOKUP_meth_get_init(const X509_LOOKUP_METHOD* method))
+    (X509_LOOKUP *ctx)
+{
+    return method->init;
+}
+
+int X509_LOOKUP_meth_set_shutdown(
+    X509_LOOKUP_METHOD *method,
+    int (*shutdown) (X509_LOOKUP *ctx))
+{
+    method->shutdown = shutdown;
+    return 1;
+}
+
+int (*X509_LOOKUP_meth_get_shutdown(const X509_LOOKUP_METHOD* method))
+    (X509_LOOKUP *ctx)
+{
+    return method->shutdown;
+}
+
+int X509_LOOKUP_meth_set_ctrl(
+    X509_LOOKUP_METHOD *method,
+    X509_LOOKUP_ctrl_fn ctrl)
+{
+    method->ctrl = ctrl;
+    return 1;
+}
+
+X509_LOOKUP_ctrl_fn X509_LOOKUP_meth_get_ctrl(const X509_LOOKUP_METHOD *method)
+{
+    return method->ctrl;
+}
+
+int X509_LOOKUP_meth_set_get_by_subject(X509_LOOKUP_METHOD *method,
+    X509_LOOKUP_get_by_subject_fn get_by_subject)
+{
+    method->get_by_subject = get_by_subject;
+    return 1;
+}
+
+X509_LOOKUP_get_by_subject_fn X509_LOOKUP_meth_get_get_by_subject(
+    const X509_LOOKUP_METHOD *method)
+{
+    return method->get_by_subject;
+}
+
+
+int X509_LOOKUP_meth_set_get_by_issuer_serial(X509_LOOKUP_METHOD *method,
+    X509_LOOKUP_get_by_issuer_serial_fn get_by_issuer_serial)
+{
+    method->get_by_issuer_serial = get_by_issuer_serial;
+    return 1;
+}
+
+X509_LOOKUP_get_by_issuer_serial_fn
+    X509_LOOKUP_meth_get_get_by_issuer_serial(const X509_LOOKUP_METHOD *method)
+{
+    return method->get_by_issuer_serial;
+}
+
+
+int X509_LOOKUP_meth_set_get_by_fingerprint(X509_LOOKUP_METHOD *method,
+    X509_LOOKUP_get_by_fingerprint_fn get_by_fingerprint)
+{
+    method->get_by_fingerprint = get_by_fingerprint;
+    return 1;
+}
+
+X509_LOOKUP_get_by_fingerprint_fn X509_LOOKUP_meth_get_get_by_fingerprint(
+    const X509_LOOKUP_METHOD *method)
+{
+    return method->get_by_fingerprint;
+}
+
+int X509_LOOKUP_meth_set_get_by_alias(X509_LOOKUP_METHOD *method,
+                                      X509_LOOKUP_get_by_alias_fn get_by_alias)
+{
+    method->get_by_alias = get_by_alias;
+    return 1;
+}
+
+X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias(
+    const X509_LOOKUP_METHOD *method)
+{
+    return method->get_by_alias;
+}
+
diff --git a/freebsd/crypto/openssl/crypto/x509/x509_obj.c b/freebsd/crypto/openssl/crypto/x509/x509_obj.c
index 9170efc0..ae6024ce 100644
--- a/freebsd/crypto/openssl/crypto/x509/x509_obj.c
+++ b/freebsd/crypto/openssl/crypto/x509/x509_obj.c
@@ -1,80 +1,31 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/x509/x509_obj.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/lhash.h>
+#include "internal/cryptlib.h"
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/buffer.h>
+#include "internal/x509_int.h"
 
 /*
  * Limit to ensure we don't overflow: much greater than
- * anything enountered in practice.
+ * anything encountered in practice.
  */
 
 #define NAME_ONELINE_MAX    (1024 * 1024)
 
-char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
+char *X509_NAME_oneline(const X509_NAME *a, char *buf, int len)
 {
-    X509_NAME_ENTRY *ne;
+    const X509_NAME_ENTRY *ne;
     int i;
     int n, lold, l, l1, l2, num, j, type;
     const char *s;
@@ -85,7 +36,7 @@ char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
     int gs_doit[4];
     char tmp_buf[80];
 #ifdef CHARSET_EBCDIC
-    char ebcdic_buf[1024];
+    unsigned char ebcdic_buf[1024];
 #endif
 
     if (buf == NULL) {
@@ -223,10 +174,10 @@ char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
         p = buf;
     if (i == 0)
         *p = '\0';
-    return (p);
+    return p;
  err:
     X509err(X509_F_X509_NAME_ONELINE, ERR_R_MALLOC_FAILURE);
  end:
     BUF_MEM_free(b);
-    return (NULL);
+    return NULL;
 }
diff --git a/freebsd/crypto/openssl/crypto/x509/x509_r2x.c b/freebsd/crypto/openssl/crypto/x509/x509_r2x.c
index 672c224d..b21fb8d7 100644
--- a/freebsd/crypto/openssl/crypto/x509/x509_r2x.c
+++ b/freebsd/crypto/openssl/crypto/x509/x509_r2x.c
@@ -1,69 +1,21 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/x509/x509_r2x.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/bn.h>
 #include <openssl/evp.h>
 #include <openssl/asn1.h>
 #include <openssl/x509.h>
+#include "internal/x509_int.h"
 #include <openssl/objects.h>
 #include <openssl/buffer.h>
 
@@ -73,7 +25,6 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
     X509_CINF *xi = NULL;
     X509_NAME *xn;
     EVP_PKEY *pubkey = NULL;
-    int res;
 
     if ((ret = X509_new()) == NULL) {
         X509err(X509_F_X509_REQ_TO_X509, ERR_R_MALLOC_FAILURE);
@@ -81,10 +32,10 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
     }
 
     /* duplicate the request */
-    xi = ret->cert_info;
+    xi = &ret->cert_info;
 
-    if (sk_X509_ATTRIBUTE_num(r->req_info->attributes) != 0) {
-        if ((xi->version = M_ASN1_INTEGER_new()) == NULL)
+    if (sk_X509_ATTRIBUTE_num(r->req_info.attributes) != 0) {
+        if ((xi->version = ASN1_INTEGER_new()) == NULL)
             goto err;
         if (!ASN1_INTEGER_set(xi->version, 2))
             goto err;
@@ -98,22 +49,21 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
     if (X509_set_issuer_name(ret, xn) == 0)
         goto err;
 
-    if (X509_gmtime_adj(xi->validity->notBefore, 0) == NULL)
+    if (X509_gmtime_adj(xi->validity.notBefore, 0) == NULL)
         goto err;
-    if (X509_gmtime_adj(xi->validity->notAfter, (long)60 * 60 * 24 * days) ==
+    if (X509_gmtime_adj(xi->validity.notAfter, (long)60 * 60 * 24 * days) ==
         NULL)
         goto err;
 
-    pubkey = X509_REQ_get_pubkey(r);
-    res = X509_set_pubkey(ret, pubkey);
-    EVP_PKEY_free(pubkey);
+    pubkey = X509_REQ_get0_pubkey(r);
+    if (pubkey == NULL || !X509_set_pubkey(ret, pubkey))
+        goto err;
 
-    if (!res || !X509_sign(ret, pkey, EVP_md5()))
+    if (!X509_sign(ret, pkey, EVP_md5()))
         goto err;
-    if (0) {
+    return ret;
+
  err:
-        X509_free(ret);
-        ret = NULL;
-    }
-    return (ret);
+    X509_free(ret);
+    return NULL;
 }
diff --git a/freebsd/crypto/openssl/crypto/x509/x509_req.c b/freebsd/crypto/openssl/crypto/x509/x509_req.c
index cf382cf4..d21e5601 100644
--- a/freebsd/crypto/openssl/crypto/x509/x509_req.c
+++ b/freebsd/crypto/openssl/crypto/x509/x509_req.c
@@ -1,70 +1,22 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/x509/x509_req.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/bn.h>
 #include <openssl/evp.h>
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
+#include "internal/x509_int.h"
 #include <openssl/objects.h>
 #include <openssl/buffer.h>
 #include <openssl/pem.h>
@@ -82,10 +34,10 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
         goto err;
     }
 
-    ri = ret->req_info;
+    ri = &ret->req_info;
 
     ri->version->length = 1;
-    ri->version->data = (unsigned char *)OPENSSL_malloc(1);
+    ri->version->data = OPENSSL_malloc(1);
     if (ri->version->data == NULL)
         goto err;
     ri->version->data[0] = 0;   /* version == 0 */
@@ -93,11 +45,10 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
     if (!X509_REQ_set_subject_name(ret, X509_get_subject_name(x)))
         goto err;
 
-    pktmp = X509_get_pubkey(x);
+    pktmp = X509_get0_pubkey(x);
     if (pktmp == NULL)
         goto err;
     i = X509_REQ_set_pubkey(ret, pktmp);
-    EVP_PKEY_free(pktmp);
     if (!i)
         goto err;
 
@@ -105,17 +56,29 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
         if (!X509_REQ_sign(ret, pkey, md))
             goto err;
     }
-    return (ret);
+    return ret;
  err:
     X509_REQ_free(ret);
-    return (NULL);
+    return NULL;
 }
 
 EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req)
 {
-    if ((req == NULL) || (req->req_info == NULL))
-        return (NULL);
-    return (X509_PUBKEY_get(req->req_info->pubkey));
+    if (req == NULL)
+        return NULL;
+    return X509_PUBKEY_get(req->req_info.pubkey);
+}
+
+EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req)
+{
+    if (req == NULL)
+        return NULL;
+    return X509_PUBKEY_get0(req->req_info.pubkey);
+}
+
+X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req)
+{
+    return req->req_info.pubkey;
 }
 
 int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k)
@@ -137,13 +100,13 @@ int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k)
         break;
     case -2:
 #ifndef OPENSSL_NO_EC
-        if (k->type == EVP_PKEY_EC) {
+        if (EVP_PKEY_id(k) == EVP_PKEY_EC) {
             X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, ERR_R_EC_LIB);
             break;
         }
 #endif
 #ifndef OPENSSL_NO_DH
-        if (k->type == EVP_PKEY_DH) {
+        if (EVP_PKEY_id(k) == EVP_PKEY_DH) {
             /* No idea */
             X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,
                     X509_R_CANT_CHECK_DH_KEY);
@@ -154,7 +117,7 @@ int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k)
     }
 
     EVP_PKEY_free(xk);
-    return (ok);
+    return ok;
 }
 
 /*
@@ -196,17 +159,14 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
     int idx, *pnid;
     const unsigned char *p;
 
-    if ((req == NULL) || (req->req_info == NULL) || !ext_nids)
-        return (NULL);
+    if ((req == NULL) || !ext_nids)
+        return NULL;
     for (pnid = ext_nids; *pnid != NID_undef; pnid++) {
         idx = X509_REQ_get_attr_by_NID(req, *pnid, -1);
         if (idx == -1)
             continue;
         attr = X509_REQ_get_attr(req, idx);
-        if (attr->single)
-            ext = attr->value.single;
-        else if (sk_ASN1_TYPE_num(attr->value.set))
-            ext = sk_ASN1_TYPE_value(attr->value.set, 0);
+        ext = X509_ATTRIBUTE_get0_type(attr, 0);
         break;
     }
     if (!ext || (ext->type != V_ASN1_SEQUENCE))
@@ -225,37 +185,17 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
 int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
                                 int nid)
 {
-    ASN1_TYPE *at = NULL;
-    X509_ATTRIBUTE *attr = NULL;
-    if (!(at = ASN1_TYPE_new()) || !(at->value.sequence = ASN1_STRING_new()))
-        goto err;
-
-    at->type = V_ASN1_SEQUENCE;
+    int extlen;
+    int rv = 0;
+    unsigned char *ext = NULL;
     /* Generate encoding of extensions */
-    at->value.sequence->length =
-        ASN1_item_i2d((ASN1_VALUE *)exts,
-                      &at->value.sequence->data,
-                      ASN1_ITEM_rptr(X509_EXTENSIONS));
-    if (!(attr = X509_ATTRIBUTE_new()))
-        goto err;
-    if (!(attr->value.set = sk_ASN1_TYPE_new_null()))
-        goto err;
-    if (!sk_ASN1_TYPE_push(attr->value.set, at))
-        goto err;
-    at = NULL;
-    attr->single = 0;
-    attr->object = OBJ_nid2obj(nid);
-    if (!req->req_info->attributes) {
-        if (!(req->req_info->attributes = sk_X509_ATTRIBUTE_new_null()))
-            goto err;
-    }
-    if (!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr))
-        goto err;
-    return 1;
- err:
-    X509_ATTRIBUTE_free(attr);
-    ASN1_TYPE_free(at);
-    return 0;
+    extlen = ASN1_item_i2d((ASN1_VALUE *)exts, &ext,
+                           ASN1_ITEM_rptr(X509_EXTENSIONS));
+    if (extlen <= 0)
+        return 0;
+    rv = X509_REQ_add1_attr_by_NID(req, nid, V_ASN1_SEQUENCE, ext, extlen);
+    OPENSSL_free(ext);
+    return rv;
 }
 
 /* This is the normal usage: use the "official" OID */
@@ -268,33 +208,33 @@ int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts)
 
 int X509_REQ_get_attr_count(const X509_REQ *req)
 {
-    return X509at_get_attr_count(req->req_info->attributes);
+    return X509at_get_attr_count(req->req_info.attributes);
 }
 
 int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos)
 {
-    return X509at_get_attr_by_NID(req->req_info->attributes, nid, lastpos);
+    return X509at_get_attr_by_NID(req->req_info.attributes, nid, lastpos);
 }
 
-int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj,
+int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, const ASN1_OBJECT *obj,
                              int lastpos)
 {
-    return X509at_get_attr_by_OBJ(req->req_info->attributes, obj, lastpos);
+    return X509at_get_attr_by_OBJ(req->req_info.attributes, obj, lastpos);
 }
 
 X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc)
 {
-    return X509at_get_attr(req->req_info->attributes, loc);
+    return X509at_get_attr(req->req_info.attributes, loc);
 }
 
 X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc)
 {
-    return X509at_delete_attr(req->req_info->attributes, loc);
+    return X509at_delete_attr(req->req_info.attributes, loc);
 }
 
 int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr)
 {
-    if (X509at_add1_attr(&req->req_info->attributes, attr))
+    if (X509at_add1_attr(&req->req_info.attributes, attr))
         return 1;
     return 0;
 }
@@ -303,7 +243,7 @@ int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
                               const ASN1_OBJECT *obj, int type,
                               const unsigned char *bytes, int len)
 {
-    if (X509at_add1_attr_by_OBJ(&req->req_info->attributes, obj,
+    if (X509at_add1_attr_by_OBJ(&req->req_info.attributes, obj,
                                 type, bytes, len))
         return 1;
     return 0;
@@ -313,7 +253,7 @@ int X509_REQ_add1_attr_by_NID(X509_REQ *req,
                               int nid, int type,
                               const unsigned char *bytes, int len)
 {
-    if (X509at_add1_attr_by_NID(&req->req_info->attributes, nid,
+    if (X509at_add1_attr_by_NID(&req->req_info.attributes, nid,
                                 type, bytes, len))
         return 1;
     return 0;
@@ -323,8 +263,38 @@ int X509_REQ_add1_attr_by_txt(X509_REQ *req,
                               const char *attrname, int type,
                               const unsigned char *bytes, int len)
 {
-    if (X509at_add1_attr_by_txt(&req->req_info->attributes, attrname,
+    if (X509at_add1_attr_by_txt(&req->req_info.attributes, attrname,
                                 type, bytes, len))
         return 1;
     return 0;
 }
+
+long X509_REQ_get_version(const X509_REQ *req)
+{
+    return ASN1_INTEGER_get(req->req_info.version);
+}
+
+X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req)
+{
+    return req->req_info.subject;
+}
+
+void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig,
+                             const X509_ALGOR **palg)
+{
+    if (psig != NULL)
+        *psig = req->signature;
+    if (palg != NULL)
+        *palg = &req->sig_alg;
+}
+
+int X509_REQ_get_signature_nid(const X509_REQ *req)
+{
+    return OBJ_obj2nid(req->sig_alg.algorithm);
+}
+
+int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp)
+{
+    req->req_info.enc.modified = 1;
+    return i2d_X509_REQ_INFO(&req->req_info, pp);
+}
diff --git a/freebsd/crypto/openssl/crypto/x509/x509_set.c b/freebsd/crypto/openssl/crypto/x509/x509_set.c
index 511f87d9..1174406b 100644
--- a/freebsd/crypto/openssl/crypto/x509/x509_set.c
+++ b/freebsd/crypto/openssl/crypto/x509/x509_set.c
@@ -1,84 +1,40 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/x509/x509_set.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
+#include "internal/refcount.h"
 #include <openssl/asn1.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include "internal/asn1_int.h"
+#include "internal/x509_int.h"
+#include "x509_lcl.h"
 
 int X509_set_version(X509 *x, long version)
 {
     if (x == NULL)
-        return (0);
+        return 0;
     if (version == 0) {
-        M_ASN1_INTEGER_free(x->cert_info->version);
-        x->cert_info->version = NULL;
-        return (1);
+        ASN1_INTEGER_free(x->cert_info.version);
+        x->cert_info.version = NULL;
+        return 1;
     }
-    if (x->cert_info->version == NULL) {
-        if ((x->cert_info->version = M_ASN1_INTEGER_new()) == NULL)
-            return (0);
+    if (x->cert_info.version == NULL) {
+        if ((x->cert_info.version = ASN1_INTEGER_new()) == NULL)
+            return 0;
     }
-    return (ASN1_INTEGER_set(x->cert_info->version, version));
+    return ASN1_INTEGER_set(x->cert_info.version, version);
 }
 
 int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial)
@@ -86,69 +42,198 @@ int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial)
     ASN1_INTEGER *in;
 
     if (x == NULL)
-        return (0);
-    in = x->cert_info->serialNumber;
-    if (in != serial) {
-        in = M_ASN1_INTEGER_dup(serial);
-        if (in != NULL) {
-            M_ASN1_INTEGER_free(x->cert_info->serialNumber);
-            x->cert_info->serialNumber = in;
-        }
-    }
-    return (in != NULL);
+        return 0;
+    in = &x->cert_info.serialNumber;
+    if (in != serial)
+        return ASN1_STRING_copy(in, serial);
+    return 1;
 }
 
 int X509_set_issuer_name(X509 *x, X509_NAME *name)
 {
-    if ((x == NULL) || (x->cert_info == NULL))
-        return (0);
-    return (X509_NAME_set(&x->cert_info->issuer, name));
+    if (x == NULL)
+        return 0;
+    return X509_NAME_set(&x->cert_info.issuer, name);
 }
 
 int X509_set_subject_name(X509 *x, X509_NAME *name)
 {
-    if ((x == NULL) || (x->cert_info == NULL))
-        return (0);
-    return (X509_NAME_set(&x->cert_info->subject, name));
+    if (x == NULL)
+        return 0;
+    return X509_NAME_set(&x->cert_info.subject, name);
 }
 
-int X509_set_notBefore(X509 *x, const ASN1_TIME *tm)
+int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm)
 {
     ASN1_TIME *in;
-
-    if ((x == NULL) || (x->cert_info->validity == NULL))
-        return (0);
-    in = x->cert_info->validity->notBefore;
+    in = *ptm;
     if (in != tm) {
-        in = M_ASN1_TIME_dup(tm);
+        in = ASN1_STRING_dup(tm);
         if (in != NULL) {
-            M_ASN1_TIME_free(x->cert_info->validity->notBefore);
-            x->cert_info->validity->notBefore = in;
+            ASN1_TIME_free(*ptm);
+            *ptm = in;
         }
     }
     return (in != NULL);
 }
 
-int X509_set_notAfter(X509 *x, const ASN1_TIME *tm)
+int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm)
 {
-    ASN1_TIME *in;
+    if (x == NULL)
+        return 0;
+    return x509_set1_time(&x->cert_info.validity.notBefore, tm);
+}
 
-    if ((x == NULL) || (x->cert_info->validity == NULL))
-        return (0);
-    in = x->cert_info->validity->notAfter;
-    if (in != tm) {
-        in = M_ASN1_TIME_dup(tm);
-        if (in != NULL) {
-            M_ASN1_TIME_free(x->cert_info->validity->notAfter);
-            x->cert_info->validity->notAfter = in;
-        }
-    }
-    return (in != NULL);
+int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm)
+{
+    if (x == NULL)
+        return 0;
+    return x509_set1_time(&x->cert_info.validity.notAfter, tm);
 }
 
 int X509_set_pubkey(X509 *x, EVP_PKEY *pkey)
 {
-    if ((x == NULL) || (x->cert_info == NULL))
-        return (0);
-    return (X509_PUBKEY_set(&(x->cert_info->key), pkey));
+    if (x == NULL)
+        return 0;
+    return X509_PUBKEY_set(&(x->cert_info.key), pkey);
+}
+
+int X509_up_ref(X509 *x)
+{
+    int i;
+
+    if (CRYPTO_UP_REF(&x->references, &i, x->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("X509", x);
+    REF_ASSERT_ISNT(i < 2);
+    return ((i > 1) ? 1 : 0);
+}
+
+long X509_get_version(const X509 *x)
+{
+    return ASN1_INTEGER_get(x->cert_info.version);
+}
+
+const ASN1_TIME *X509_get0_notBefore(const X509 *x)
+{
+    return x->cert_info.validity.notBefore;
+}
+
+const ASN1_TIME *X509_get0_notAfter(const X509 *x)
+{
+    return x->cert_info.validity.notAfter;
+}
+
+ASN1_TIME *X509_getm_notBefore(const X509 *x)
+{
+    return x->cert_info.validity.notBefore;
+}
+
+ASN1_TIME *X509_getm_notAfter(const X509 *x)
+{
+    return x->cert_info.validity.notAfter;
+}
+
+int X509_get_signature_type(const X509 *x)
+{
+    return EVP_PKEY_type(OBJ_obj2nid(x->sig_alg.algorithm));
+}
+
+X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x)
+{
+    return x->cert_info.key;
+}
+
+const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x)
+{
+    return x->cert_info.extensions;
+}
+
+void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid,
+                    const ASN1_BIT_STRING **psuid)
+{
+    if (piuid != NULL)
+        *piuid = x->cert_info.issuerUID;
+    if (psuid != NULL)
+        *psuid = x->cert_info.subjectUID;
+}
+
+const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x)
+{
+    return &x->cert_info.signature;
+}
+
+int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid,
+                      int *secbits, uint32_t *flags)
+{
+    if (mdnid != NULL)
+        *mdnid = siginf->mdnid;
+    if (pknid != NULL)
+        *pknid = siginf->pknid;
+    if (secbits != NULL)
+        *secbits = siginf->secbits;
+    if (flags != NULL)
+        *flags = siginf->flags;
+    return (siginf->flags & X509_SIG_INFO_VALID) != 0;
+}
+
+void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid,
+                       int secbits, uint32_t flags)
+{
+    siginf->mdnid = mdnid;
+    siginf->pknid = pknid;
+    siginf->secbits = secbits;
+    siginf->flags = flags;
+}
+
+int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits,
+                            uint32_t *flags)
+{
+    X509_check_purpose(x, -1, -1);
+    return X509_SIG_INFO_get(&x->siginf, mdnid, pknid, secbits, flags);
+}
+
+static void x509_sig_info_init(X509_SIG_INFO *siginf, const X509_ALGOR *alg,
+                               const ASN1_STRING *sig)
+{
+    int pknid, mdnid;
+    const EVP_MD *md;
+
+    siginf->mdnid = NID_undef;
+    siginf->pknid = NID_undef;
+    siginf->secbits = -1;
+    siginf->flags = 0;
+    if (!OBJ_find_sigid_algs(OBJ_obj2nid(alg->algorithm), &mdnid, &pknid)
+            || pknid == NID_undef)
+        return;
+    siginf->pknid = pknid;
+    if (mdnid == NID_undef) {
+        /* If we have one, use a custom handler for this algorithm */
+        const EVP_PKEY_ASN1_METHOD *ameth = EVP_PKEY_asn1_find(NULL, pknid);
+        if (ameth == NULL || ameth->siginf_set == NULL
+                || ameth->siginf_set(siginf, alg, sig) == 0)
+            return;
+        siginf->flags |= X509_SIG_INFO_VALID;
+        return;
+    }
+    siginf->flags |= X509_SIG_INFO_VALID;
+    siginf->mdnid = mdnid;
+    md = EVP_get_digestbynid(mdnid);
+    if (md == NULL)
+        return;
+    /* Security bits: half number of bits in digest */
+    siginf->secbits = EVP_MD_size(md) * 4;
+    switch (mdnid) {
+        case NID_sha1:
+        case NID_sha256:
+        case NID_sha384:
+        case NID_sha512:
+        siginf->flags |= X509_SIG_INFO_TLS;
+    }
+}
+
+void x509_init_sig_info(X509 *x)
+{
+    x509_sig_info_init(&x->siginf, &x->sig_alg, &x->signature);
 }
diff --git a/freebsd/crypto/openssl/crypto/x509/x509_trs.c b/freebsd/crypto/openssl/crypto/x509/x509_trs.c
index e7dfc16b..62243de5 100644
--- a/freebsd/crypto/openssl/crypto/x509/x509_trs.c
+++ b/freebsd/crypto/openssl/crypto/x509/x509_trs.c
@@ -1,67 +1,18 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* x509_trs.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/x509v3.h>
+#include "internal/x509_int.h"
 
 static int tr_cmp(const X509_TRUST *const *a, const X509_TRUST *const *b);
 static void trtable_free(X509_TRUST *p);
@@ -96,9 +47,7 @@ static X509_TRUST trstandard[] = {
     {X509_TRUST_TSA, 0, trust_1oidany, "TSA server", NID_time_stamp, NULL}
 };
 
-#define X509_TRUST_COUNT        (sizeof(trstandard)/sizeof(X509_TRUST))
-
-IMPLEMENT_STACK_OF(X509_TRUST)
+#define X509_TRUST_COUNT        OSSL_NELEM(trstandard)
 
 static STACK_OF(X509_TRUST) *trtable = NULL;
 
@@ -119,16 +68,11 @@ int X509_check_trust(X509 *x, int id, int flags)
 {
     X509_TRUST *pt;
     int idx;
-    if (id == -1)
-        return 1;
+
     /* We get this as a default value */
-    if (id == 0) {
-        int rv;
-        rv = obj_trust(NID_anyExtendedKeyUsage, x, 0);
-        if (rv != X509_TRUST_UNTRUSTED)
-            return rv;
-        return trust_compat(NULL, x, 0);
-    }
+    if (id == X509_TRUST_DEFAULT)
+        return obj_trust(NID_anyExtendedKeyUsage, x,
+                         flags | X509_TRUST_DO_SS_COMPAT);
     idx = X509_TRUST_get_by_id(id);
     if (idx == -1)
         return default_trust(id, x, flags);
@@ -156,13 +100,14 @@ int X509_TRUST_get_by_id(int id)
 {
     X509_TRUST tmp;
     int idx;
+
     if ((id >= X509_TRUST_MIN) && (id <= X509_TRUST_MAX))
         return id - X509_TRUST_MIN;
-    tmp.trust = id;
-    if (!trtable)
+    if (trtable == NULL)
         return -1;
+    tmp.trust = id;
     idx = sk_X509_TRUST_find(trtable, &tmp);
-    if (idx == -1)
+    if (idx < 0)
         return -1;
     return idx + X509_TRUST_COUNT;
 }
@@ -178,7 +123,7 @@ int X509_TRUST_set(int *t, int trust)
 }
 
 int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int),
-                   char *name, int arg1, void *arg2)
+                   const char *name, int arg1, void *arg2)
 {
     int idx;
     X509_TRUST *trtmp;
@@ -192,7 +137,7 @@ int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int),
     idx = X509_TRUST_get_by_id(id);
     /* Need a new entry */
     if (idx == -1) {
-        if (!(trtmp = OPENSSL_malloc(sizeof(X509_TRUST)))) {
+        if ((trtmp = OPENSSL_malloc(sizeof(*trtmp))) == NULL) {
             X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
             return 0;
         }
@@ -204,9 +149,9 @@ int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int),
     if (trtmp->flags & X509_TRUST_DYNAMIC_NAME)
         OPENSSL_free(trtmp->name);
     /* dup supplied name */
-    if (!(trtmp->name = BUF_strdup(name))) {
+    if ((trtmp->name = OPENSSL_strdup(name)) == NULL) {
         X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
-        return 0;
+        goto err;
     }
     /* Keep the dynamic flag of existing entry */
     trtmp->flags &= X509_TRUST_DYNAMIC;
@@ -220,16 +165,23 @@ int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int),
 
     /* If its a new entry manage the dynamic table */
     if (idx == -1) {
-        if (!trtable && !(trtable = sk_X509_TRUST_new(tr_cmp))) {
+        if (trtable == NULL
+            && (trtable = sk_X509_TRUST_new(tr_cmp)) == NULL) {
             X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
-            return 0;
+            goto err;;
         }
         if (!sk_X509_TRUST_push(trtable, trtmp)) {
             X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
-            return 0;
+            goto err;
         }
     }
     return 1;
+ err:
+    if (idx == -1) {
+        OPENSSL_free(trtmp->name);
+        OPENSSL_free(trtmp);
+    }
+    return 0;
 }
 
 static void trtable_free(X509_TRUST *p)
@@ -245,50 +197,53 @@ static void trtable_free(X509_TRUST *p)
 
 void X509_TRUST_cleanup(void)
 {
-    unsigned int i;
-    for (i = 0; i < X509_TRUST_COUNT; i++)
-        trtable_free(trstandard + i);
     sk_X509_TRUST_pop_free(trtable, trtable_free);
     trtable = NULL;
 }
 
-int X509_TRUST_get_flags(X509_TRUST *xp)
+int X509_TRUST_get_flags(const X509_TRUST *xp)
 {
     return xp->flags;
 }
 
-char *X509_TRUST_get0_name(X509_TRUST *xp)
+char *X509_TRUST_get0_name(const X509_TRUST *xp)
 {
     return xp->name;
 }
 
-int X509_TRUST_get_trust(X509_TRUST *xp)
+int X509_TRUST_get_trust(const X509_TRUST *xp)
 {
     return xp->trust;
 }
 
 static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags)
 {
-    if (x->aux && (x->aux->trust || x->aux->reject))
-        return obj_trust(trust->arg1, x, flags);
     /*
-     * we don't have any trust settings: for compatibility we return trusted
-     * if it is self signed
+     * Declare the chain verified if the desired trust OID is not rejected in
+     * any auxiliary trust info for this certificate, and the OID is either
+     * expressly trusted, or else either "anyEKU" is trusted, or the
+     * certificate is self-signed.
      */
-    return trust_compat(trust, x, flags);
+    flags |= X509_TRUST_DO_SS_COMPAT | X509_TRUST_OK_ANY_EKU;
+    return obj_trust(trust->arg1, x, flags);
 }
 
 static int trust_1oid(X509_TRUST *trust, X509 *x, int flags)
 {
-    if (x->aux)
-        return obj_trust(trust->arg1, x, flags);
-    return X509_TRUST_UNTRUSTED;
+    /*
+     * Declare the chain verified only if the desired trust OID is not
+     * rejected and is expressly trusted.  Neither "anyEKU" nor "compat"
+     * trust in self-signed certificates apply.
+     */
+    flags &= ~(X509_TRUST_DO_SS_COMPAT | X509_TRUST_OK_ANY_EKU);
+    return obj_trust(trust->arg1, x, flags);
 }
 
 static int trust_compat(X509_TRUST *trust, X509 *x, int flags)
 {
+    /* Call for side-effect of computing hash and caching extensions */
     X509_check_purpose(x, -1, 0);
-    if (x->ex_flags & EXFLAG_SS)
+    if ((flags & X509_TRUST_NO_SS_COMPAT) == 0 && x->ex_flags & EXFLAG_SS)
         return X509_TRUST_TRUSTED;
     else
         return X509_TRUST_UNTRUSTED;
@@ -296,25 +251,51 @@ static int trust_compat(X509_TRUST *trust, X509 *x, int flags)
 
 static int obj_trust(int id, X509 *x, int flags)
 {
-    ASN1_OBJECT *obj;
+    X509_CERT_AUX *ax = x->aux;
     int i;
-    X509_CERT_AUX *ax;
-    ax = x->aux;
-    if (!ax)
-        return X509_TRUST_UNTRUSTED;
-    if (ax->reject) {
+
+    if (ax && ax->reject) {
         for (i = 0; i < sk_ASN1_OBJECT_num(ax->reject); i++) {
-            obj = sk_ASN1_OBJECT_value(ax->reject, i);
-            if (OBJ_obj2nid(obj) == id)
+            ASN1_OBJECT *obj = sk_ASN1_OBJECT_value(ax->reject, i);
+            int nid = OBJ_obj2nid(obj);
+
+            if (nid == id || (nid == NID_anyExtendedKeyUsage &&
+                (flags & X509_TRUST_OK_ANY_EKU)))
                 return X509_TRUST_REJECTED;
         }
     }
-    if (ax->trust) {
+
+    if (ax && ax->trust) {
         for (i = 0; i < sk_ASN1_OBJECT_num(ax->trust); i++) {
-            obj = sk_ASN1_OBJECT_value(ax->trust, i);
-            if (OBJ_obj2nid(obj) == id)
+            ASN1_OBJECT *obj = sk_ASN1_OBJECT_value(ax->trust, i);
+            int nid = OBJ_obj2nid(obj);
+
+            if (nid == id || (nid == NID_anyExtendedKeyUsage &&
+                (flags & X509_TRUST_OK_ANY_EKU)))
                 return X509_TRUST_TRUSTED;
         }
+        /*
+         * Reject when explicit trust EKU are set and none match.
+         *
+         * Returning untrusted is enough for for full chains that end in
+         * self-signed roots, because when explicit trust is specified it
+         * suppresses the default blanket trust of self-signed objects.
+         *
+         * But for partial chains, this is not enough, because absent a similar
+         * trust-self-signed policy, non matching EKUs are indistinguishable
+         * from lack of EKU constraints.
+         *
+         * Therefore, failure to match any trusted purpose must trigger an
+         * explicit reject.
+         */
+        return X509_TRUST_REJECTED;
     }
-    return X509_TRUST_UNTRUSTED;
+
+    if ((flags & X509_TRUST_DO_SS_COMPAT) == 0)
+        return X509_TRUST_UNTRUSTED;
+
+    /*
+     * Not rejected, and there is no list of accepted uses, try compat.
+     */
+    return trust_compat(NULL, x, flags);
 }
diff --git a/freebsd/crypto/openssl/crypto/x509/x509_txt.c b/freebsd/crypto/openssl/crypto/x509/x509_txt.c
index 4f624f7e..6da1fa1c 100644
--- a/freebsd/crypto/openssl/crypto/x509/x509_txt.c
+++ b/freebsd/crypto/openssl/crypto/x509/x509_txt.c
@@ -1,69 +1,19 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/x509/x509_txt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <time.h>
 #include <errno.h>
 
-#include "cryptlib.h"
-#include <openssl/lhash.h>
+#include "internal/cryptlib.h"
 #include <openssl/buffer.h>
 #include <openssl/evp.h>
 #include <openssl/asn1.h>
@@ -72,149 +22,163 @@
 
 const char *X509_verify_cert_error_string(long n)
 {
-    static char buf[100];
-
     switch ((int)n) {
     case X509_V_OK:
-        return ("ok");
+        return "ok";
+    case X509_V_ERR_UNSPECIFIED:
+        return "unspecified certificate verification error";
     case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
-        return ("unable to get issuer certificate");
+        return "unable to get issuer certificate";
     case X509_V_ERR_UNABLE_TO_GET_CRL:
-        return ("unable to get certificate CRL");
+        return "unable to get certificate CRL";
     case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
-        return ("unable to decrypt certificate's signature");
+        return "unable to decrypt certificate's signature";
     case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
-        return ("unable to decrypt CRL's signature");
+        return "unable to decrypt CRL's signature";
     case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
-        return ("unable to decode issuer public key");
+        return "unable to decode issuer public key";
     case X509_V_ERR_CERT_SIGNATURE_FAILURE:
-        return ("certificate signature failure");
+        return "certificate signature failure";
     case X509_V_ERR_CRL_SIGNATURE_FAILURE:
-        return ("CRL signature failure");
+        return "CRL signature failure";
     case X509_V_ERR_CERT_NOT_YET_VALID:
-        return ("certificate is not yet valid");
-    case X509_V_ERR_CRL_NOT_YET_VALID:
-        return ("CRL is not yet valid");
+        return "certificate is not yet valid";
     case X509_V_ERR_CERT_HAS_EXPIRED:
-        return ("certificate has expired");
+        return "certificate has expired";
+    case X509_V_ERR_CRL_NOT_YET_VALID:
+        return "CRL is not yet valid";
     case X509_V_ERR_CRL_HAS_EXPIRED:
-        return ("CRL has expired");
+        return "CRL has expired";
     case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
-        return ("format error in certificate's notBefore field");
+        return "format error in certificate's notBefore field";
     case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
-        return ("format error in certificate's notAfter field");
+        return "format error in certificate's notAfter field";
     case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
-        return ("format error in CRL's lastUpdate field");
+        return "format error in CRL's lastUpdate field";
     case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
-        return ("format error in CRL's nextUpdate field");
+        return "format error in CRL's nextUpdate field";
     case X509_V_ERR_OUT_OF_MEM:
-        return ("out of memory");
+        return "out of memory";
     case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
-        return ("self signed certificate");
+        return "self signed certificate";
     case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
-        return ("self signed certificate in certificate chain");
+        return "self signed certificate in certificate chain";
     case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
-        return ("unable to get local issuer certificate");
+        return "unable to get local issuer certificate";
     case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
-        return ("unable to verify the first certificate");
+        return "unable to verify the first certificate";
     case X509_V_ERR_CERT_CHAIN_TOO_LONG:
-        return ("certificate chain too long");
+        return "certificate chain too long";
     case X509_V_ERR_CERT_REVOKED:
-        return ("certificate revoked");
+        return "certificate revoked";
     case X509_V_ERR_INVALID_CA:
-        return ("invalid CA certificate");
-    case X509_V_ERR_INVALID_NON_CA:
-        return ("invalid non-CA certificate (has CA markings)");
+        return "invalid CA certificate";
     case X509_V_ERR_PATH_LENGTH_EXCEEDED:
-        return ("path length constraint exceeded");
-    case X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED:
-        return ("proxy path length constraint exceeded");
-    case X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED:
-        return
-            ("proxy certificates not allowed, please set the appropriate flag");
+        return "path length constraint exceeded";
     case X509_V_ERR_INVALID_PURPOSE:
-        return ("unsupported certificate purpose");
+        return "unsupported certificate purpose";
     case X509_V_ERR_CERT_UNTRUSTED:
-        return ("certificate not trusted");
+        return "certificate not trusted";
     case X509_V_ERR_CERT_REJECTED:
-        return ("certificate rejected");
-    case X509_V_ERR_APPLICATION_VERIFICATION:
-        return ("application verification failure");
+        return "certificate rejected";
     case X509_V_ERR_SUBJECT_ISSUER_MISMATCH:
-        return ("subject issuer mismatch");
+        return "subject issuer mismatch";
     case X509_V_ERR_AKID_SKID_MISMATCH:
-        return ("authority and subject key identifier mismatch");
+        return "authority and subject key identifier mismatch";
     case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH:
-        return ("authority and issuer serial number mismatch");
+        return "authority and issuer serial number mismatch";
     case X509_V_ERR_KEYUSAGE_NO_CERTSIGN:
-        return ("key usage does not include certificate signing");
+        return "key usage does not include certificate signing";
     case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
-        return ("unable to get CRL issuer certificate");
+        return "unable to get CRL issuer certificate";
     case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
-        return ("unhandled critical extension");
+        return "unhandled critical extension";
     case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN:
-        return ("key usage does not include CRL signing");
-    case X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE:
-        return ("key usage does not include digital signature");
+        return "key usage does not include CRL signing";
     case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION:
-        return ("unhandled critical CRL extension");
+        return "unhandled critical CRL extension";
+    case X509_V_ERR_INVALID_NON_CA:
+        return "invalid non-CA certificate (has CA markings)";
+    case X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED:
+        return "proxy path length constraint exceeded";
+    case X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE:
+        return "key usage does not include digital signature";
+    case X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED:
+        return
+            "proxy certificates not allowed, please set the appropriate flag";
     case X509_V_ERR_INVALID_EXTENSION:
-        return ("invalid or inconsistent certificate extension");
+        return "invalid or inconsistent certificate extension";
     case X509_V_ERR_INVALID_POLICY_EXTENSION:
-        return ("invalid or inconsistent certificate policy extension");
+        return "invalid or inconsistent certificate policy extension";
     case X509_V_ERR_NO_EXPLICIT_POLICY:
-        return ("no explicit policy");
+        return "no explicit policy";
     case X509_V_ERR_DIFFERENT_CRL_SCOPE:
-        return ("Different CRL scope");
+        return "Different CRL scope";
     case X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE:
-        return ("Unsupported extension feature");
+        return "Unsupported extension feature";
     case X509_V_ERR_UNNESTED_RESOURCE:
-        return ("RFC 3779 resource not subset of parent's resources");
-
+        return "RFC 3779 resource not subset of parent's resources";
     case X509_V_ERR_PERMITTED_VIOLATION:
-        return ("permitted subtree violation");
+        return "permitted subtree violation";
     case X509_V_ERR_EXCLUDED_VIOLATION:
-        return ("excluded subtree violation");
+        return "excluded subtree violation";
     case X509_V_ERR_SUBTREE_MINMAX:
-        return ("name constraints minimum and maximum not supported");
+        return "name constraints minimum and maximum not supported";
+    case X509_V_ERR_APPLICATION_VERIFICATION:
+        return "application verification failure";
     case X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE:
-        return ("unsupported name constraint type");
+        return "unsupported name constraint type";
     case X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX:
-        return ("unsupported or invalid name constraint syntax");
+        return "unsupported or invalid name constraint syntax";
     case X509_V_ERR_UNSUPPORTED_NAME_SYNTAX:
-        return ("unsupported or invalid name syntax");
+        return "unsupported or invalid name syntax";
     case X509_V_ERR_CRL_PATH_VALIDATION_ERROR:
-        return ("CRL path validation error");
-
+        return "CRL path validation error";
+    case X509_V_ERR_PATH_LOOP:
+        return "Path Loop";
     case X509_V_ERR_SUITE_B_INVALID_VERSION:
-        return ("Suite B: certificate version invalid");
+        return "Suite B: certificate version invalid";
     case X509_V_ERR_SUITE_B_INVALID_ALGORITHM:
-        return ("Suite B: invalid public key algorithm");
+        return "Suite B: invalid public key algorithm";
     case X509_V_ERR_SUITE_B_INVALID_CURVE:
-        return ("Suite B: invalid ECC curve");
+        return "Suite B: invalid ECC curve";
     case X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM:
-        return ("Suite B: invalid signature algorithm");
+        return "Suite B: invalid signature algorithm";
     case X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED:
-        return ("Suite B: curve not allowed for this LOS");
+        return "Suite B: curve not allowed for this LOS";
     case X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256:
-        return ("Suite B: cannot sign P-384 with P-256");
-
+        return "Suite B: cannot sign P-384 with P-256";
     case X509_V_ERR_HOSTNAME_MISMATCH:
-        return ("Hostname mismatch");
+        return "Hostname mismatch";
     case X509_V_ERR_EMAIL_MISMATCH:
-        return ("Email address mismatch");
+        return "Email address mismatch";
     case X509_V_ERR_IP_ADDRESS_MISMATCH:
-        return ("IP address mismatch");
-
+        return "IP address mismatch";
+    case X509_V_ERR_DANE_NO_MATCH:
+        return "No matching DANE TLSA records";
+    case X509_V_ERR_EE_KEY_TOO_SMALL:
+        return "EE certificate key too weak";
+    case X509_V_ERR_CA_KEY_TOO_SMALL:
+        return "CA certificate key too weak";
+    case X509_V_ERR_CA_MD_TOO_WEAK:
+        return "CA signature digest algorithm too weak";
     case X509_V_ERR_INVALID_CALL:
-        return ("Invalid certificate verification context");
+        return "Invalid certificate verification context";
     case X509_V_ERR_STORE_LOOKUP:
-        return ("Issuer certificate lookup error");
+        return "Issuer certificate lookup error";
+    case X509_V_ERR_NO_VALID_SCTS:
+        return "Certificate Transparency required, but no valid SCTs found";
     case X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION:
-        return ("proxy subject name violation");
+        return "proxy subject name violation";
+    case X509_V_ERR_OCSP_VERIFY_NEEDED:
+        return "OCSP verification needed";
+    case X509_V_ERR_OCSP_VERIFY_FAILED:
+        return "OCSP verification failed";
+    case X509_V_ERR_OCSP_CERT_UNKNOWN:
+        return "OCSP unknown cert";
 
     default:
-        BIO_snprintf(buf, sizeof(buf), "error number %ld", n);
-        return (buf);
+        /* Printing an error number into a static buffer is not thread-safe */
+        return "unknown certificate verification error";
     }
 }
diff --git a/freebsd/crypto/openssl/crypto/x509/x509_v3.c b/freebsd/crypto/openssl/crypto/x509/x509_v3.c
index 57a8f7e8..b123cd56 100644
--- a/freebsd/crypto/openssl/crypto/x509/x509_v3.c
+++ b/freebsd/crypto/openssl/crypto/x509/x509_v3.c
@@ -1,77 +1,29 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/x509/x509_v3.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include <openssl/stack.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
+#include <openssl/safestack.h>
 #include <openssl/asn1.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
+#include "x509_lcl.h"
 
 int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x)
 {
     if (x == NULL)
-        return (0);
-    return (sk_X509_EXTENSION_num(x));
+        return 0;
+    return sk_X509_EXTENSION_num(x);
 }
 
 int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, int nid,
@@ -81,18 +33,18 @@ int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, int nid,
 
     obj = OBJ_nid2obj(nid);
     if (obj == NULL)
-        return (-2);
-    return (X509v3_get_ext_by_OBJ(x, obj, lastpos));
+        return -2;
+    return X509v3_get_ext_by_OBJ(x, obj, lastpos);
 }
 
 int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *sk,
-                          ASN1_OBJECT *obj, int lastpos)
+                          const ASN1_OBJECT *obj, int lastpos)
 {
     int n;
     X509_EXTENSION *ex;
 
     if (sk == NULL)
-        return (-1);
+        return -1;
     lastpos++;
     if (lastpos < 0)
         lastpos = 0;
@@ -100,9 +52,9 @@ int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *sk,
     for (; lastpos < n; lastpos++) {
         ex = sk_X509_EXTENSION_value(sk, lastpos);
         if (OBJ_cmp(ex->object, obj) == 0)
-            return (lastpos);
+            return lastpos;
     }
-    return (-1);
+    return -1;
 }
 
 int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit,
@@ -112,7 +64,7 @@ int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit,
     X509_EXTENSION *ex;
 
     if (sk == NULL)
-        return (-1);
+        return -1;
     lastpos++;
     if (lastpos < 0)
         lastpos = 0;
@@ -120,9 +72,9 @@ int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit,
     for (; lastpos < n; lastpos++) {
         ex = sk_X509_EXTENSION_value(sk, lastpos);
         if (((ex->critical > 0) && crit) || ((ex->critical <= 0) && !crit))
-            return (lastpos);
+            return lastpos;
     }
-    return (-1);
+    return -1;
 }
 
 X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc)
@@ -138,9 +90,9 @@ X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc)
     X509_EXTENSION *ret;
 
     if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0)
-        return (NULL);
+        return NULL;
     ret = sk_X509_EXTENSION_delete(x, loc);
-    return (ret);
+    return ret;
 }
 
 STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
@@ -173,15 +125,14 @@ STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
         goto err;
     if (*x == NULL)
         *x = sk;
-    return (sk);
+    return sk;
  err:
     X509err(X509_F_X509V3_ADD_EXT, ERR_R_MALLOC_FAILURE);
  err2:
-    if (new_ex != NULL)
-        X509_EXTENSION_free(new_ex);
-    if (x != NULL && *x == NULL && sk != NULL)
+    X509_EXTENSION_free(new_ex);
+    if (x != NULL && *x == NULL)
         sk_X509_EXTENSION_free(sk);
-    return (NULL);
+    return NULL;
 }
 
 X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid,
@@ -194,16 +145,16 @@ X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid,
     obj = OBJ_nid2obj(nid);
     if (obj == NULL) {
         X509err(X509_F_X509_EXTENSION_CREATE_BY_NID, X509_R_UNKNOWN_NID);
-        return (NULL);
+        return NULL;
     }
     ret = X509_EXTENSION_create_by_OBJ(ex, obj, crit, data);
     if (ret == NULL)
         ASN1_OBJECT_free(obj);
-    return (ret);
+    return ret;
 }
 
 X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
-                                             ASN1_OBJECT *obj, int crit,
+                                             const ASN1_OBJECT *obj, int crit,
                                              ASN1_OCTET_STRING *data)
 {
     X509_EXTENSION *ret;
@@ -212,7 +163,7 @@ X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
         if ((ret = X509_EXTENSION_new()) == NULL) {
             X509err(X509_F_X509_EXTENSION_CREATE_BY_OBJ,
                     ERR_R_MALLOC_FAILURE);
-            return (NULL);
+            return NULL;
         }
     } else
         ret = *ex;
@@ -226,28 +177,28 @@ X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
 
     if ((ex != NULL) && (*ex == NULL))
         *ex = ret;
-    return (ret);
+    return ret;
  err:
     if ((ex == NULL) || (ret != *ex))
         X509_EXTENSION_free(ret);
-    return (NULL);
+    return NULL;
 }
 
-int X509_EXTENSION_set_object(X509_EXTENSION *ex, ASN1_OBJECT *obj)
+int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj)
 {
     if ((ex == NULL) || (obj == NULL))
-        return (0);
+        return 0;
     ASN1_OBJECT_free(ex->object);
     ex->object = OBJ_dup(obj);
-    return (1);
+    return ex->object != NULL;
 }
 
 int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit)
 {
     if (ex == NULL)
-        return (0);
+        return 0;
     ex->critical = (crit) ? 0xFF : -1;
-    return (1);
+    return 1;
 }
 
 int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data)
@@ -255,31 +206,31 @@ int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data)
     int i;
 
     if (ex == NULL)
-        return (0);
-    i = M_ASN1_OCTET_STRING_set(ex->value, data->data, data->length);
+        return 0;
+    i = ASN1_OCTET_STRING_set(&ex->value, data->data, data->length);
     if (!i)
-        return (0);
-    return (1);
+        return 0;
+    return 1;
 }
 
 ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex)
 {
     if (ex == NULL)
-        return (NULL);
-    return (ex->object);
+        return NULL;
+    return ex->object;
 }
 
 ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ex)
 {
     if (ex == NULL)
-        return (NULL);
-    return (ex->value);
+        return NULL;
+    return &ex->value;
 }
 
-int X509_EXTENSION_get_critical(X509_EXTENSION *ex)
+int X509_EXTENSION_get_critical(const X509_EXTENSION *ex)
 {
     if (ex == NULL)
-        return (0);
+        return 0;
     if (ex->critical > 0)
         return 1;
     return 0;
diff --git a/freebsd/crypto/openssl/crypto/x509/x509_vfy.c b/freebsd/crypto/openssl/crypto/x509/x509_vfy.c
index 5765100e..ca6022f8 100644
--- a/freebsd/crypto/openssl/crypto/x509/x509_vfy.c
+++ b/freebsd/crypto/openssl/crypto/x509/x509_vfy.c
@@ -1,78 +1,31 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/x509/x509_vfy.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include <ctype.h>
 #include <stdio.h>
 #include <time.h>
 #include <errno.h>
+#include <limits.h>
 
-#include "cryptlib.h"
+#include "internal/ctype.h"
+#include "internal/cryptlib.h"
 #include <openssl/crypto.h>
-#include <openssl/lhash.h>
 #include <openssl/buffer.h>
 #include <openssl/evp.h>
 #include <openssl/asn1.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 #include <openssl/objects.h>
-#include "vpm_int.h"
+#include "internal/dane.h"
+#include "internal/x509_int.h"
+#include "x509_lcl.h"
 
 /* CRL score values */
 
@@ -112,16 +65,23 @@
 
 #define CRL_SCORE_TIME_DELTA    0x002
 
+static int build_chain(X509_STORE_CTX *ctx);
+static int verify_chain(X509_STORE_CTX *ctx);
+static int dane_verify(X509_STORE_CTX *ctx);
 static int null_callback(int ok, X509_STORE_CTX *e);
 static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
 static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x);
 static int check_chain_extensions(X509_STORE_CTX *ctx);
 static int check_name_constraints(X509_STORE_CTX *ctx);
 static int check_id(X509_STORE_CTX *ctx);
-static int check_trust(X509_STORE_CTX *ctx);
+static int check_trust(X509_STORE_CTX *ctx, int num_untrusted);
 static int check_revocation(X509_STORE_CTX *ctx);
 static int check_cert(X509_STORE_CTX *ctx);
 static int check_policy(X509_STORE_CTX *ctx);
+static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
+static int check_dane_issuer(X509_STORE_CTX *ctx, int depth);
+static int check_key_level(X509_STORE_CTX *ctx, X509 *cert);
+static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert);
 
 static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
                          unsigned int *preasons, X509_CRL *crl, X509 *x);
@@ -140,22 +100,20 @@ static int check_crl_chain(X509_STORE_CTX *ctx,
                            STACK_OF(X509) *crl_path);
 
 static int internal_verify(X509_STORE_CTX *ctx);
-const char X509_version[] = "X.509" OPENSSL_VERSION_PTEXT;
 
 static int null_callback(int ok, X509_STORE_CTX *e)
 {
     return ok;
 }
 
-#if 0
-static int x509_subject_cmp(X509 **a, X509 **b)
-{
-    return X509_subject_name_cmp(*a, *b);
-}
-#endif
 /* Return 1 is a certificate is self signed */
 static int cert_self_signed(X509 *x)
 {
+    /*
+     * FIXME: x509v3_cache_extensions() needs to detect more failures and not
+     * set EXFLAG_SET when that happens.  Especially, if the failures are
+     * parse errors, rather than memory pressure!
+     */
     X509_check_purpose(x, -1, 0);
     if (x->ex_flags & EXFLAG_SS)
         return 1;
@@ -181,30 +139,130 @@ static X509 *lookup_cert_match(X509_STORE_CTX *ctx, X509 *x)
             break;
     }
     if (i < sk_X509_num(certs))
-        CRYPTO_add(&xtmp->references, 1, CRYPTO_LOCK_X509);
+        X509_up_ref(xtmp);
     else
         xtmp = NULL;
     sk_X509_pop_free(certs, X509_free);
     return xtmp;
 }
 
-int X509_verify_cert(X509_STORE_CTX *ctx)
+/*-
+ * Inform the verify callback of an error.
+ * If B<x> is not NULL it is the error cert, otherwise use the chain cert at
+ * B<depth>.
+ * If B<err> is not X509_V_OK, that's the error value, otherwise leave
+ * unchanged (presumably set by the caller).
+ *
+ * Returns 0 to abort verification with an error, non-zero to continue.
+ */
+static int verify_cb_cert(X509_STORE_CTX *ctx, X509 *x, int depth, int err)
+{
+    ctx->error_depth = depth;
+    ctx->current_cert = (x != NULL) ? x : sk_X509_value(ctx->chain, depth);
+    if (err != X509_V_OK)
+        ctx->error = err;
+    return ctx->verify_cb(0, ctx);
+}
+
+/*-
+ * Inform the verify callback of an error, CRL-specific variant.  Here, the
+ * error depth and certificate are already set, we just specify the error
+ * number.
+ *
+ * Returns 0 to abort verification with an error, non-zero to continue.
+ */
+static int verify_cb_crl(X509_STORE_CTX *ctx, int err)
+{
+    ctx->error = err;
+    return ctx->verify_cb(0, ctx);
+}
+
+static int check_auth_level(X509_STORE_CTX *ctx)
+{
+    int i;
+    int num = sk_X509_num(ctx->chain);
+
+    if (ctx->param->auth_level <= 0)
+        return 1;
+
+    for (i = 0; i < num; ++i) {
+        X509 *cert = sk_X509_value(ctx->chain, i);
+
+        /*
+         * We've already checked the security of the leaf key, so here we only
+         * check the security of issuer keys.
+         */
+        if (i > 0 && !check_key_level(ctx, cert) &&
+            verify_cb_cert(ctx, cert, i, X509_V_ERR_CA_KEY_TOO_SMALL) == 0)
+            return 0;
+        /*
+         * We also check the signature algorithm security of all certificates
+         * except those of the trust anchor at index num-1.
+         */
+        if (i < num - 1 && !check_sig_level(ctx, cert) &&
+            verify_cb_cert(ctx, cert, i, X509_V_ERR_CA_MD_TOO_WEAK) == 0)
+            return 0;
+    }
+    return 1;
+}
+
+static int verify_chain(X509_STORE_CTX *ctx)
 {
-    X509 *x, *xtmp, *xtmp2, *chain_ss = NULL;
-    int bad_chain = 0;
-    X509_VERIFY_PARAM *param = ctx->param;
-    int depth, i, ok = 0;
-    int num, j, retry;
-    int (*cb) (int xok, X509_STORE_CTX *xctx);
-    STACK_OF(X509) *sktmp = NULL;
-    int trust = X509_TRUST_UNTRUSTED;
     int err;
+    int ok;
+
+    /*
+     * Before either returning with an error, or continuing with CRL checks,
+     * instantiate chain public key parameters.
+     */
+    if ((ok = build_chain(ctx)) == 0 ||
+        (ok = check_chain_extensions(ctx)) == 0 ||
+        (ok = check_auth_level(ctx)) == 0 ||
+        (ok = check_id(ctx)) == 0 || 1)
+        X509_get_pubkey_parameters(NULL, ctx->chain);
+    if (ok == 0 || (ok = ctx->check_revocation(ctx)) == 0)
+        return ok;
+
+    err = X509_chain_check_suiteb(&ctx->error_depth, NULL, ctx->chain,
+                                  ctx->param->flags);
+    if (err != X509_V_OK) {
+        if ((ok = verify_cb_cert(ctx, NULL, ctx->error_depth, err)) == 0)
+            return ok;
+    }
+
+    /* Verify chain signatures and expiration times */
+    ok = (ctx->verify != NULL) ? ctx->verify(ctx) : internal_verify(ctx);
+    if (!ok)
+        return ok;
+
+    if ((ok = check_name_constraints(ctx)) == 0)
+        return ok;
+
+#ifndef OPENSSL_NO_RFC3779
+    /* RFC 3779 path validation, now that CRL check has been done */
+    if ((ok = X509v3_asid_validate_path(ctx)) == 0)
+        return ok;
+    if ((ok = X509v3_addr_validate_path(ctx)) == 0)
+        return ok;
+#endif
+
+    /* If we get this far evaluate policies */
+    if (ctx->param->flags & X509_V_FLAG_POLICY_CHECK)
+        ok = ctx->check_policy(ctx);
+    return ok;
+}
+
+int X509_verify_cert(X509_STORE_CTX *ctx)
+{
+    SSL_DANE *dane = ctx->dane;
+    int ret;
 
     if (ctx->cert == NULL) {
         X509err(X509_F_X509_VERIFY_CERT, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
         ctx->error = X509_V_ERR_INVALID_CALL;
         return -1;
     }
+
     if (ctx->chain != NULL) {
         /*
          * This X509_STORE_CTX has already been used to verify a cert. We
@@ -215,8 +273,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
         return -1;
     }
 
-    cb = ctx->verify_cb;
-
     /*
      * first we make sure the chain we are going to build is present and that
      * the first entry is in place
@@ -225,332 +281,48 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
         (!sk_X509_push(ctx->chain, ctx->cert))) {
         X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
         ctx->error = X509_V_ERR_OUT_OF_MEM;
-        ok = -1;
-        goto err;
-    }
-    CRYPTO_add(&ctx->cert->references, 1, CRYPTO_LOCK_X509);
-    ctx->last_untrusted = 1;
-
-    /* We use a temporary STACK so we can chop and hack at it */
-    if (ctx->untrusted != NULL
-        && (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) {
-        X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
-        ctx->error = X509_V_ERR_OUT_OF_MEM;
-        ok = -1;
-        goto err;
-    }
-
-    num = sk_X509_num(ctx->chain);
-    x = sk_X509_value(ctx->chain, num - 1);
-    depth = param->depth;
-
-    for (;;) {
-        /* If we have enough, we break */
-        if (depth < num)
-            break;              /* FIXME: If this happens, we should take
-                                 * note of it and, if appropriate, use the
-                                 * X509_V_ERR_CERT_CHAIN_TOO_LONG error code
-                                 * later. */
-
-        /* If we are self signed, we break */
-        if (cert_self_signed(x))
-            break;
-        /*
-         * If asked see if we can find issuer in trusted store first
-         */
-        if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) {
-            ok = ctx->get_issuer(&xtmp, ctx, x);
-            if (ok < 0) {
-                ctx->error = X509_V_ERR_STORE_LOOKUP;
-                goto err;
-            }
-            /*
-             * If successful for now free up cert so it will be picked up
-             * again later.
-             */
-            if (ok > 0) {
-                X509_free(xtmp);
-                break;
-            }
-        }
-
-        /* If we were passed a cert chain, use it first */
-        if (ctx->untrusted != NULL) {
-            xtmp = find_issuer(ctx, sktmp, x);
-            if (xtmp != NULL) {
-                if (!sk_X509_push(ctx->chain, xtmp)) {
-                    X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
-                    ctx->error = X509_V_ERR_OUT_OF_MEM;
-                    ok = -1;
-                    goto err;
-                }
-                CRYPTO_add(&xtmp->references, 1, CRYPTO_LOCK_X509);
-                (void)sk_X509_delete_ptr(sktmp, xtmp);
-                ctx->last_untrusted++;
-                x = xtmp;
-                num++;
-                /*
-                 * reparse the full chain for the next one
-                 */
-                continue;
-            }
-        }
-        break;
-    }
-
-    /* Remember how many untrusted certs we have */
-    j = num;
-    /*
-     * at this point, chain should contain a list of untrusted certificates.
-     * We now need to add at least one trusted one, if possible, otherwise we
-     * complain.
-     */
-
-    do {
-        /*
-         * Examine last certificate in chain and see if it is self signed.
-         */
-        i = sk_X509_num(ctx->chain);
-        x = sk_X509_value(ctx->chain, i - 1);
-        if (cert_self_signed(x)) {
-            /* we have a self signed certificate */
-            if (sk_X509_num(ctx->chain) == 1) {
-                /*
-                 * We have a single self signed certificate: see if we can
-                 * find it in the store. We must have an exact match to avoid
-                 * possible impersonation.
-                 */
-                ok = ctx->get_issuer(&xtmp, ctx, x);
-                if ((ok <= 0) || X509_cmp(x, xtmp)) {
-                    ctx->error = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
-                    ctx->current_cert = x;
-                    ctx->error_depth = i - 1;
-                    if (ok == 1)
-                        X509_free(xtmp);
-                    bad_chain = 1;
-                    ok = cb(0, ctx);
-                    if (!ok)
-                        goto err;
-                } else {
-                    /*
-                     * We have a match: replace certificate with store
-                     * version so we get any trust settings.
-                     */
-                    X509_free(x);
-                    x = xtmp;
-                    (void)sk_X509_set(ctx->chain, i - 1, x);
-                    ctx->last_untrusted = 0;
-                }
-            } else {
-                /*
-                 * extract and save self signed certificate for later use
-                 */
-                chain_ss = sk_X509_pop(ctx->chain);
-                ctx->last_untrusted--;
-                num--;
-                j--;
-                x = sk_X509_value(ctx->chain, num - 1);
-            }
-        }
-        /* We now lookup certs from the certificate store */
-        for (;;) {
-            /* If we have enough, we break */
-            if (depth < num)
-                break;
-            /* If we are self signed, we break */
-            if (cert_self_signed(x))
-                break;
-            ok = ctx->get_issuer(&xtmp, ctx, x);
-
-            if (ok < 0) {
-                ctx->error = X509_V_ERR_STORE_LOOKUP;
-                goto err;
-            }
-            if (ok == 0)
-                break;
-            x = xtmp;
-            if (!sk_X509_push(ctx->chain, x)) {
-                X509_free(xtmp);
-                X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
-                ctx->error = X509_V_ERR_OUT_OF_MEM;
-                ok = -1;
-                goto err;
-            }
-            num++;
-        }
-
-        /* we now have our chain, lets check it... */
-        if ((trust = check_trust(ctx)) == X509_TRUST_REJECTED) {
-            /* Callback already issued */
-            ok = 0;
-            goto err;
-        }
-
-        /*
-         * If it's not explicitly trusted then check if there is an alternative
-         * chain that could be used. We only do this if we haven't already
-         * checked via TRUSTED_FIRST and the user hasn't switched off alternate
-         * chain checking
-         */
-        retry = 0;
-        if (trust != X509_TRUST_TRUSTED
-            && !(ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST)
-            && !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) {
-            while (j-- > 1) {
-                xtmp2 = sk_X509_value(ctx->chain, j - 1);
-                ok = ctx->get_issuer(&xtmp, ctx, xtmp2);
-                if (ok < 0) {
-                    ctx->error = X509_V_ERR_STORE_LOOKUP;
-                    goto err;
-                }
-                /* Check if we found an alternate chain */
-                if (ok > 0) {
-                    /*
-                     * Free up the found cert we'll add it again later
-                     */
-                    X509_free(xtmp);
-
-                    /*
-                     * Dump all the certs above this point - we've found an
-                     * alternate chain
-                     */
-                    while (num > j) {
-                        xtmp = sk_X509_pop(ctx->chain);
-                        X509_free(xtmp);
-                        num--;
-                    }
-                    ctx->last_untrusted = sk_X509_num(ctx->chain);
-                    retry = 1;
-                    break;
-                }
-            }
-        }
-    } while (retry);
-
-    /*
-     * If not explicitly trusted then indicate error unless it's a single
-     * self signed certificate in which case we've indicated an error already
-     * and set bad_chain == 1
-     */
-    if (trust != X509_TRUST_TRUSTED && !bad_chain) {
-        if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) {
-            if (ctx->last_untrusted >= num)
-                ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
-            else
-                ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT;
-            ctx->current_cert = x;
-        } else {
-
-            sk_X509_push(ctx->chain, chain_ss);
-            num++;
-            ctx->last_untrusted = num;
-            ctx->current_cert = chain_ss;
-            ctx->error = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN;
-            chain_ss = NULL;
-        }
-
-        ctx->error_depth = num - 1;
-        bad_chain = 1;
-        ok = cb(0, ctx);
-        if (!ok)
-            goto err;
+        return -1;
     }
+    X509_up_ref(ctx->cert);
+    ctx->num_untrusted = 1;
 
-    /* We have the chain complete: now we need to check its purpose */
-    ok = check_chain_extensions(ctx);
-
-    if (!ok)
-        goto err;
-
-    /* Check name constraints */
-
-    ok = check_name_constraints(ctx);
-
-    if (!ok)
-        goto err;
-
-    ok = check_id(ctx);
-
-    if (!ok)
-        goto err;
+    /* If the peer's public key is too weak, we can stop early. */
+    if (!check_key_level(ctx, ctx->cert) &&
+        !verify_cb_cert(ctx, ctx->cert, 0, X509_V_ERR_EE_KEY_TOO_SMALL))
+        return 0;
 
-    /* We may as well copy down any DSA parameters that are required */
-    X509_get_pubkey_parameters(NULL, ctx->chain);
+    if (DANETLS_ENABLED(dane))
+        ret = dane_verify(ctx);
+    else
+        ret = verify_chain(ctx);
 
     /*
-     * Check revocation status: we do this after copying parameters because
-     * they may be needed for CRL signature verification.
+     * Safety-net.  If we are returning an error, we must also set ctx->error,
+     * so that the chain is not considered verified should the error be ignored
+     * (e.g. TLS with SSL_VERIFY_NONE).
      */
-
-    ok = ctx->check_revocation(ctx);
-    if (!ok)
-        goto err;
-
-    err = X509_chain_check_suiteb(&ctx->error_depth, NULL, ctx->chain,
-                                  ctx->param->flags);
-    if (err != X509_V_OK) {
-        ctx->error = err;
-        ctx->current_cert = sk_X509_value(ctx->chain, ctx->error_depth);
-        ok = cb(0, ctx);
-        if (!ok)
-            goto err;
-    }
-
-    /* At this point, we have a chain and need to verify it */
-    if (ctx->verify != NULL)
-        ok = ctx->verify(ctx);
-    else
-        ok = internal_verify(ctx);
-    if (!ok)
-        goto err;
-
-#ifndef OPENSSL_NO_RFC3779
-    /* RFC 3779 path validation, now that CRL check has been done */
-    ok = v3_asid_validate_path(ctx);
-    if (!ok)
-        goto err;
-    ok = v3_addr_validate_path(ctx);
-    if (!ok)
-        goto err;
-#endif
-
-    /* If we get this far evaluate policies */
-    if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK))
-        ok = ctx->check_policy(ctx);
-    if (!ok)
-        goto err;
-    if (0) {
- err:
-        /* Ensure we return an error */
-        if (ok > 0)
-            ok = 0;
-        X509_get_pubkey_parameters(NULL, ctx->chain);
-    }
-    if (sktmp != NULL)
-        sk_X509_free(sktmp);
-    if (chain_ss != NULL)
-        X509_free(chain_ss);
-
-    /* Safety net, error returns must set ctx->error */
-    if (ok <= 0 && ctx->error == X509_V_OK)
+    if (ret <= 0 && ctx->error == X509_V_OK)
         ctx->error = X509_V_ERR_UNSPECIFIED;
-    return ok;
+    return ret;
 }
 
 /*
  * Given a STACK_OF(X509) find the issuer of cert (if any)
  */
-
 static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
 {
     int i;
-    X509 *issuer;
+    X509 *issuer, *rv = NULL;
+
     for (i = 0; i < sk_X509_num(sk); i++) {
         issuer = sk_X509_value(sk, i);
-        if (ctx->check_issued(ctx, x, issuer))
-            return issuer;
+        if (ctx->check_issued(ctx, x, issuer)) {
+            rv = issuer;
+            if (x509_check_cert_time(ctx, rv, -1))
+                break;
+        }
     }
-    return NULL;
+    return rv;
 }
 
 /* Given a possible certificate and issuer check them */
@@ -558,17 +330,25 @@ static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
 static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
 {
     int ret;
+    if (x == issuer)
+        return cert_self_signed(x);
     ret = X509_check_issued(issuer, x);
-    if (ret == X509_V_OK)
-        return 1;
-    /* If we haven't asked for issuer errors don't set ctx */
-    if (!(ctx->param->flags & X509_V_FLAG_CB_ISSUER_CHECK))
-        return 0;
+    if (ret == X509_V_OK) {
+        int i;
+        X509 *ch;
+        /* Special case: single self signed certificate */
+        if (cert_self_signed(x) && sk_X509_num(ctx->chain) == 1)
+            return 1;
+        for (i = 0; i < sk_X509_num(ctx->chain); i++) {
+            ch = sk_X509_value(ctx->chain, i);
+            if (ch == issuer || !X509_cmp(ch, issuer)) {
+                ret = X509_V_ERR_PATH_LOOP;
+                break;
+            }
+        }
+    }
 
-    ctx->error = ret;
-    ctx->current_cert = x;
-    ctx->current_issuer = issuer;
-    return ctx->verify_cb(0, ctx);
+    return (ret == X509_V_OK);
 }
 
 /* Alternative lookup method: look from a STACK stored in other_ctx */
@@ -577,12 +357,86 @@ static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
 {
     *issuer = find_issuer(ctx, ctx->other_ctx, x);
     if (*issuer) {
-        CRYPTO_add(&(*issuer)->references, 1, CRYPTO_LOCK_X509);
+        X509_up_ref(*issuer);
         return 1;
     } else
         return 0;
 }
 
+static STACK_OF(X509) *lookup_certs_sk(X509_STORE_CTX *ctx, X509_NAME *nm)
+{
+    STACK_OF(X509) *sk = NULL;
+    X509 *x;
+    int i;
+
+    for (i = 0; i < sk_X509_num(ctx->other_ctx); i++) {
+        x = sk_X509_value(ctx->other_ctx, i);
+        if (X509_NAME_cmp(nm, X509_get_subject_name(x)) == 0) {
+            if (sk == NULL)
+                sk = sk_X509_new_null();
+            if (sk == NULL || sk_X509_push(sk, x) == 0) {
+                sk_X509_pop_free(sk, X509_free);
+                X509err(X509_F_LOOKUP_CERTS_SK, ERR_R_MALLOC_FAILURE);
+                ctx->error = X509_V_ERR_OUT_OF_MEM;
+                return NULL;
+            }
+            X509_up_ref(x);
+        }
+    }
+    return sk;
+}
+
+/*
+ * Check EE or CA certificate purpose.  For trusted certificates explicit local
+ * auxiliary trust can be used to override EKU-restrictions.
+ */
+static int check_purpose(X509_STORE_CTX *ctx, X509 *x, int purpose, int depth,
+                         int must_be_ca)
+{
+    int tr_ok = X509_TRUST_UNTRUSTED;
+
+    /*
+     * For trusted certificates we want to see whether any auxiliary trust
+     * settings trump the purpose constraints.
+     *
+     * This is complicated by the fact that the trust ordinals in
+     * ctx->param->trust are entirely independent of the purpose ordinals in
+     * ctx->param->purpose!
+     *
+     * What connects them is their mutual initialization via calls from
+     * X509_STORE_CTX_set_default() into X509_VERIFY_PARAM_lookup() which sets
+     * related values of both param->trust and param->purpose.  It is however
+     * typically possible to infer associated trust values from a purpose value
+     * via the X509_PURPOSE API.
+     *
+     * Therefore, we can only check for trust overrides when the purpose we're
+     * checking is the same as ctx->param->purpose and ctx->param->trust is
+     * also set.
+     */
+    if (depth >= ctx->num_untrusted && purpose == ctx->param->purpose)
+        tr_ok = X509_check_trust(x, ctx->param->trust, X509_TRUST_NO_SS_COMPAT);
+
+    switch (tr_ok) {
+    case X509_TRUST_TRUSTED:
+        return 1;
+    case X509_TRUST_REJECTED:
+        break;
+    default:
+        switch (X509_check_purpose(x, purpose, must_be_ca > 0)) {
+        case 1:
+            return 1;
+        case 0:
+            break;
+        default:
+            if ((ctx->param->flags & X509_V_FLAG_X509_STRICT) == 0)
+                return 1;
+        }
+        break;
+    }
+
+    return verify_cb_cert(ctx, x, depth, X509_V_ERR_INVALID_PURPOSE);
+}
+
 /*
  * Check a certificate chains extensions for consistency with the supplied
  * purpose
@@ -590,16 +444,12 @@ static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
 
 static int check_chain_extensions(X509_STORE_CTX *ctx)
 {
-#ifdef OPENSSL_NO_CHAIN_VERIFY
-    return 1;
-#else
-    int i, ok = 0, must_be_ca, plen = 0;
+    int i, must_be_ca, plen = 0;
     X509 *x;
-    int (*cb) (int xok, X509_STORE_CTX *xctx);
     int proxy_path_length = 0;
     int purpose;
     int allow_proxy_certs;
-    cb = ctx->verify_cb;
+    int num = sk_X509_num(ctx->chain);
 
     /*-
      *  must_be_ca can have 1 of 3 values:
@@ -619,35 +469,22 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
     } else {
         allow_proxy_certs =
             ! !(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
-        /*
-         * A hack to keep people who don't want to modify their software
-         * happy
-         */
-        if (getenv("OPENSSL_ALLOW_PROXY_CERTS"))
-            allow_proxy_certs = 1;
         purpose = ctx->param->purpose;
     }
 
-    /* Check all untrusted certificates */
-    for (i = 0; i < ctx->last_untrusted; i++) {
+    for (i = 0; i < num; i++) {
         int ret;
         x = sk_X509_value(ctx->chain, i);
         if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
             && (x->ex_flags & EXFLAG_CRITICAL)) {
-            ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION;
-            ctx->error_depth = i;
-            ctx->current_cert = x;
-            ok = cb(0, ctx);
-            if (!ok)
-                goto end;
+            if (!verify_cb_cert(ctx, x, i,
+                                X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION))
+                return 0;
         }
         if (!allow_proxy_certs && (x->ex_flags & EXFLAG_PROXY)) {
-            ctx->error = X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED;
-            ctx->error_depth = i;
-            ctx->current_cert = x;
-            ok = cb(0, ctx);
-            if (!ok)
-                goto end;
+            if (!verify_cb_cert(ctx, x, i,
+                                X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED))
+                return 0;
         }
         ret = X509_check_ca(x);
         switch (must_be_ca) {
@@ -667,8 +504,9 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
                 ret = 1;
             break;
         default:
+            /* X509_V_FLAG_X509_STRICT is implicit for intermediate CAs */
             if ((ret == 0)
-                || ((ctx->param->flags & X509_V_FLAG_X509_STRICT)
+                || ((i + 1 < num || ctx->param->flags & X509_V_FLAG_X509_STRICT)
                     && (ret != 1))) {
                 ret = 0;
                 ctx->error = X509_V_ERR_INVALID_CA;
@@ -676,36 +514,17 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
                 ret = 1;
             break;
         }
-        if (ret == 0) {
-            ctx->error_depth = i;
-            ctx->current_cert = x;
-            ok = cb(0, ctx);
-            if (!ok)
-                goto end;
-        }
-        if (ctx->param->purpose > 0) {
-            ret = X509_check_purpose(x, purpose, must_be_ca > 0);
-            if ((ret == 0)
-                || ((ctx->param->flags & X509_V_FLAG_X509_STRICT)
-                    && (ret != 1))) {
-                ctx->error = X509_V_ERR_INVALID_PURPOSE;
-                ctx->error_depth = i;
-                ctx->current_cert = x;
-                ok = cb(0, ctx);
-                if (!ok)
-                    goto end;
-            }
-        }
+        if (ret == 0 && !verify_cb_cert(ctx, x, i, X509_V_OK))
+            return 0;
+        /* check_purpose() makes the callback as needed */
+        if (purpose > 0 && !check_purpose(ctx, x, purpose, i, must_be_ca))
+            return 0;
         /* Check pathlen if not self issued */
         if ((i > 1) && !(x->ex_flags & EXFLAG_SI)
             && (x->ex_pathlen != -1)
             && (plen > (x->ex_pathlen + proxy_path_length + 1))) {
-            ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED;
-            ctx->error_depth = i;
-            ctx->current_cert = x;
-            ok = cb(0, ctx);
-            if (!ok)
-                goto end;
+            if (!verify_cb_cert(ctx, x, i, X509_V_ERR_PATH_LENGTH_EXCEEDED))
+                return 0;
         }
         /* Increment path length if not self issued */
         if (!(x->ex_flags & EXFLAG_SI))
@@ -729,12 +548,9 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
              */
             if (x->ex_pcpathlen != -1) {
                 if (proxy_path_length > x->ex_pcpathlen) {
-                    ctx->error = X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED;
-                    ctx->error_depth = i;
-                    ctx->current_cert = x;
-                    ok = cb(0, ctx);
-                    if (!ok)
-                        goto end;
+                    if (!verify_cb_cert(ctx, x, i,
+                                        X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED))
+                        return 0;
                 }
                 proxy_path_length = x->ex_pcpathlen;
             }
@@ -743,19 +559,39 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
         } else
             must_be_ca = 1;
     }
-    ok = 1;
- end:
-    return ok;
-#endif
+    return 1;
+}
+
+static int has_san_id(X509 *x, int gtype)
+{
+    int i;
+    int ret = 0;
+    GENERAL_NAMES *gs = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
+
+    if (gs == NULL)
+        return 0;
+
+    for (i = 0; i < sk_GENERAL_NAME_num(gs); i++) {
+        GENERAL_NAME *g = sk_GENERAL_NAME_value(gs, i);
+
+        if (g->type == gtype) {
+            ret = 1;
+            break;
+        }
+    }
+    GENERAL_NAMES_free(gs);
+    return ret;
 }
 
 static int check_name_constraints(X509_STORE_CTX *ctx)
 {
-    X509 *x;
-    int i, j, rv;
+    int i;
+
     /* Check name constraints for all certificates */
     for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) {
-        x = sk_X509_value(ctx->chain, i);
+        X509 *x = sk_X509_value(ctx->chain, i);
+        int j;
+
         /* Ignore self issued certs unless last in chain */
         if (i && (x->ex_flags & EXFLAG_SI))
             continue;
@@ -794,8 +630,10 @@ static int check_name_constraints(X509_STORE_CTX *ctx)
              * Check that the last subject component isn't part of a
              * multivalued RDN
              */
-            if (X509_NAME_get_entry(tmpsubject, last_object_loc)->set
-                == X509_NAME_get_entry(tmpsubject, last_object_loc - 1)->set) {
+            if (X509_NAME_ENTRY_set(X509_NAME_get_entry(tmpsubject,
+                                                        last_object_loc))
+                == X509_NAME_ENTRY_set(X509_NAME_get_entry(tmpsubject,
+                                                           last_object_loc - 1))) {
                 err = X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION;
                 goto proxy_name_done;
             }
@@ -825,13 +663,9 @@ static int check_name_constraints(X509_STORE_CTX *ctx)
             X509_NAME_free(tmpsubject);
 
          proxy_name_done:
-            if (err != X509_V_OK) {
-                ctx->error = err;
-                ctx->error_depth = i;
-                ctx->current_cert = x;
-                if (!ctx->verify_cb(0, ctx))
-                    return 0;
-            }
+            if (err != X509_V_OK
+                && !verify_cb_cert(ctx, x, i, err))
+                return 0;
         }
 
         /*
@@ -842,19 +676,26 @@ static int check_name_constraints(X509_STORE_CTX *ctx)
          */
         for (j = sk_X509_num(ctx->chain) - 1; j > i; j--) {
             NAME_CONSTRAINTS *nc = sk_X509_value(ctx->chain, j)->nc;
+
             if (nc) {
-                rv = NAME_CONSTRAINTS_check(x, nc);
+                int rv = NAME_CONSTRAINTS_check(x, nc);
+
+                /* If EE certificate check commonName too */
+                if (rv == X509_V_OK && i == 0
+                    && (ctx->param->hostflags
+                        & X509_CHECK_FLAG_NEVER_CHECK_SUBJECT) == 0
+                    && ((ctx->param->hostflags
+                         & X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT) != 0
+                        || !has_san_id(x, GEN_DNS)))
+                    rv = NAME_CONSTRAINTS_check_CN(x, nc);
+
                 switch (rv) {
                 case X509_V_OK:
-                    continue;
+                    break;
                 case X509_V_ERR_OUT_OF_MEM:
-                    ctx->error = rv;
                     return 0;
                 default:
-                    ctx->error = rv;
-                    ctx->error_depth = i;
-                    ctx->current_cert = x;
-                    if (!ctx->verify_cb(0, ctx))
+                    if (!verify_cb_cert(ctx, x, i, rv))
                         return 0;
                     break;
                 }
@@ -866,25 +707,22 @@ static int check_name_constraints(X509_STORE_CTX *ctx)
 
 static int check_id_error(X509_STORE_CTX *ctx, int errcode)
 {
-    ctx->error = errcode;
-    ctx->current_cert = ctx->cert;
-    ctx->error_depth = 0;
-    return ctx->verify_cb(0, ctx);
+    return verify_cb_cert(ctx, ctx->cert, 0, errcode);
 }
 
-static int check_hosts(X509 *x, X509_VERIFY_PARAM_ID *id)
+static int check_hosts(X509 *x, X509_VERIFY_PARAM *vpm)
 {
     int i;
-    int n = sk_OPENSSL_STRING_num(id->hosts);
+    int n = sk_OPENSSL_STRING_num(vpm->hosts);
     char *name;
 
-    if (id->peername != NULL) {
-        OPENSSL_free(id->peername);
-        id->peername = NULL;
+    if (vpm->peername != NULL) {
+        OPENSSL_free(vpm->peername);
+        vpm->peername = NULL;
     }
     for (i = 0; i < n; ++i) {
-        name = sk_OPENSSL_STRING_value(id->hosts, i);
-        if (X509_check_host(x, name, 0, id->hostflags, &id->peername) > 0)
+        name = sk_OPENSSL_STRING_value(vpm->hosts, i);
+        if (X509_check_host(x, name, 0, vpm->hostflags, &vpm->peername) > 0)
             return 1;
     }
     return n == 0;
@@ -893,65 +731,95 @@ static int check_hosts(X509 *x, X509_VERIFY_PARAM_ID *id)
 static int check_id(X509_STORE_CTX *ctx)
 {
     X509_VERIFY_PARAM *vpm = ctx->param;
-    X509_VERIFY_PARAM_ID *id = vpm->id;
     X509 *x = ctx->cert;
-    if (id->hosts && check_hosts(x, id) <= 0) {
+    if (vpm->hosts && check_hosts(x, vpm) <= 0) {
         if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH))
             return 0;
     }
-    if (id->email && X509_check_email(x, id->email, id->emaillen, 0) <= 0) {
+    if (vpm->email && X509_check_email(x, vpm->email, vpm->emaillen, 0) <= 0) {
         if (!check_id_error(ctx, X509_V_ERR_EMAIL_MISMATCH))
             return 0;
     }
-    if (id->ip && X509_check_ip(x, id->ip, id->iplen, 0) <= 0) {
+    if (vpm->ip && X509_check_ip(x, vpm->ip, vpm->iplen, 0) <= 0) {
         if (!check_id_error(ctx, X509_V_ERR_IP_ADDRESS_MISMATCH))
             return 0;
     }
     return 1;
 }
 
-static int check_trust(X509_STORE_CTX *ctx)
+static int check_trust(X509_STORE_CTX *ctx, int num_untrusted)
 {
-    int i, ok;
+    int i;
     X509 *x = NULL;
-    int (*cb) (int xok, X509_STORE_CTX *xctx);
-    cb = ctx->verify_cb;
-    /* Check all trusted certificates in chain */
-    for (i = ctx->last_untrusted; i < sk_X509_num(ctx->chain); i++) {
+    X509 *mx;
+    SSL_DANE *dane = ctx->dane;
+    int num = sk_X509_num(ctx->chain);
+    int trust;
+
+    /*
+     * Check for a DANE issuer at depth 1 or greater, if it is a DANE-TA(2)
+     * match, we're done, otherwise we'll merely record the match depth.
+     */
+    if (DANETLS_HAS_TA(dane) && num_untrusted > 0 && num_untrusted < num) {
+        switch (trust = check_dane_issuer(ctx, num_untrusted)) {
+        case X509_TRUST_TRUSTED:
+        case X509_TRUST_REJECTED:
+            return trust;
+        }
+    }
+
+    /*
+     * Check trusted certificates in chain at depth num_untrusted and up.
+     * Note, that depths 0..num_untrusted-1 may also contain trusted
+     * certificates, but the caller is expected to have already checked those,
+     * and wants to incrementally check just any added since.
+     */
+    for (i = num_untrusted; i < num; i++) {
         x = sk_X509_value(ctx->chain, i);
-        ok = X509_check_trust(x, ctx->param->trust, 0);
+        trust = X509_check_trust(x, ctx->param->trust, 0);
         /* If explicitly trusted return trusted */
-        if (ok == X509_TRUST_TRUSTED)
-            return X509_TRUST_TRUSTED;
-        /*
-         * If explicitly rejected notify callback and reject if not
-         * overridden.
-         */
-        if (ok == X509_TRUST_REJECTED) {
-            ctx->error_depth = i;
-            ctx->current_cert = x;
-            ctx->error = X509_V_ERR_CERT_REJECTED;
-            ok = cb(0, ctx);
-            if (!ok)
-                return X509_TRUST_REJECTED;
-        }
+        if (trust == X509_TRUST_TRUSTED)
+            goto trusted;
+        if (trust == X509_TRUST_REJECTED)
+            goto rejected;
     }
+
     /*
-     * If we accept partial chains and have at least one trusted certificate
-     * return success.
+     * If we are looking at a trusted certificate, and accept partial chains,
+     * the chain is PKIX trusted.
      */
-    if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) {
-        X509 *mx;
-        if (ctx->last_untrusted < sk_X509_num(ctx->chain))
-            return X509_TRUST_TRUSTED;
-        x = sk_X509_value(ctx->chain, 0);
+    if (num_untrusted < num) {
+        if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN)
+            goto trusted;
+        return X509_TRUST_UNTRUSTED;
+    }
+
+    if (num_untrusted == num && ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) {
+        /*
+         * Last-resort call with no new trusted certificates, check the leaf
+         * for a direct trust store match.
+         */
+        i = 0;
+        x = sk_X509_value(ctx->chain, i);
         mx = lookup_cert_match(ctx, x);
-        if (mx) {
-            (void)sk_X509_set(ctx->chain, 0, mx);
-            X509_free(x);
-            ctx->last_untrusted = 0;
-            return X509_TRUST_TRUSTED;
+        if (!mx)
+            return X509_TRUST_UNTRUSTED;
+
+        /*
+         * Check explicit auxiliary trust/reject settings.  If none are set,
+         * we'll accept X509_TRUST_UNTRUSTED when not self-signed.
+         */
+        trust = X509_check_trust(mx, ctx->param->trust, 0);
+        if (trust == X509_TRUST_REJECTED) {
+            X509_free(mx);
+            goto rejected;
         }
+
+        /* Replace leaf with trusted match */
+        (void) sk_X509_set(ctx->chain, 0, mx);
+        X509_free(x);
+        ctx->num_untrusted = 0;
+        goto trusted;
     }
 
     /*
@@ -959,11 +827,26 @@ static int check_trust(X509_STORE_CTX *ctx)
      * standard (no issuer cert) etc errors to be indicated.
      */
     return X509_TRUST_UNTRUSTED;
+
+ rejected:
+    if (!verify_cb_cert(ctx, x, i, X509_V_ERR_CERT_REJECTED))
+        return X509_TRUST_REJECTED;
+    return X509_TRUST_UNTRUSTED;
+
+ trusted:
+    if (!DANETLS_ENABLED(dane))
+        return X509_TRUST_TRUSTED;
+    if (dane->pdpth < 0)
+        dane->pdpth = num_untrusted;
+    /* With DANE, PKIX alone is not trusted until we have both */
+    if (dane->mdpth >= 0)
+        return X509_TRUST_TRUSTED;
+    return X509_TRUST_UNTRUSTED;
 }
 
 static int check_revocation(X509_STORE_CTX *ctx)
 {
-    int i, last, ok;
+    int i = 0, last = 0, ok = 0;
     if (!(ctx->param->flags & X509_V_FLAG_CRL_CHECK))
         return 1;
     if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL)
@@ -986,19 +869,21 @@ static int check_revocation(X509_STORE_CTX *ctx)
 static int check_cert(X509_STORE_CTX *ctx)
 {
     X509_CRL *crl = NULL, *dcrl = NULL;
-    X509 *x;
-    int ok, cnum;
-    unsigned int last_reasons;
-    cnum = ctx->error_depth;
-    x = sk_X509_value(ctx->chain, cnum);
+    int ok = 0;
+    int cnum = ctx->error_depth;
+    X509 *x = sk_X509_value(ctx->chain, cnum);
+
     ctx->current_cert = x;
     ctx->current_issuer = NULL;
     ctx->current_crl_score = 0;
     ctx->current_reasons = 0;
+
     if (x->ex_flags & EXFLAG_PROXY)
         return 1;
+
     while (ctx->current_reasons != CRLDP_ALL_REASONS) {
-        last_reasons = ctx->current_reasons;
+        unsigned int last_reasons = ctx->current_reasons;
+
         /* Try to retrieve relevant CRL */
         if (ctx->get_crl)
             ok = ctx->get_crl(ctx, &crl, x);
@@ -1008,22 +893,21 @@ static int check_cert(X509_STORE_CTX *ctx)
          * If error looking up CRL, nothing we can do except notify callback
          */
         if (!ok) {
-            ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
-            ok = ctx->verify_cb(0, ctx);
-            goto err;
+            ok = verify_cb_crl(ctx, X509_V_ERR_UNABLE_TO_GET_CRL);
+            goto done;
         }
         ctx->current_crl = crl;
         ok = ctx->check_crl(ctx, crl);
         if (!ok)
-            goto err;
+            goto done;
 
         if (dcrl) {
             ok = ctx->check_crl(ctx, dcrl);
             if (!ok)
-                goto err;
+                goto done;
             ok = ctx->cert_crl(ctx, dcrl, x);
             if (!ok)
-                goto err;
+                goto done;
         } else
             ok = 1;
 
@@ -1031,7 +915,7 @@ static int check_cert(X509_STORE_CTX *ctx)
         if (ok != 2) {
             ok = ctx->cert_crl(ctx, crl, x);
             if (!ok)
-                goto err;
+                goto done;
         }
 
         X509_CRL_free(crl);
@@ -1039,22 +923,20 @@ static int check_cert(X509_STORE_CTX *ctx)
         crl = NULL;
         dcrl = NULL;
         /*
-         * If reasons not updated we wont get anywhere by another iteration,
+         * If reasons not updated we won't get anywhere by another iteration,
          * so exit loop.
          */
         if (last_reasons == ctx->current_reasons) {
-            ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
-            ok = ctx->verify_cb(0, ctx);
-            goto err;
+            ok = verify_cb_crl(ctx, X509_V_ERR_UNABLE_TO_GET_CRL);
+            goto done;
         }
     }
- err:
+ done:
     X509_CRL_free(crl);
     X509_CRL_free(dcrl);
 
     ctx->current_crl = NULL;
     return ok;
-
 }
 
 /* Check CRL times against values in X509_STORE_CTX */
@@ -1063,46 +945,45 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
 {
     time_t *ptime;
     int i;
+
     if (notify)
         ctx->current_crl = crl;
     if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
         ptime = &ctx->param->check_time;
+    else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME)
+        return 1;
     else
         ptime = NULL;
 
-    i = X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime);
+    i = X509_cmp_time(X509_CRL_get0_lastUpdate(crl), ptime);
     if (i == 0) {
         if (!notify)
             return 0;
-        ctx->error = X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD;
-        if (!ctx->verify_cb(0, ctx))
+        if (!verify_cb_crl(ctx, X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD))
             return 0;
     }
 
     if (i > 0) {
         if (!notify)
             return 0;
-        ctx->error = X509_V_ERR_CRL_NOT_YET_VALID;
-        if (!ctx->verify_cb(0, ctx))
+        if (!verify_cb_crl(ctx, X509_V_ERR_CRL_NOT_YET_VALID))
             return 0;
     }
 
-    if (X509_CRL_get_nextUpdate(crl)) {
-        i = X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime);
+    if (X509_CRL_get0_nextUpdate(crl)) {
+        i = X509_cmp_time(X509_CRL_get0_nextUpdate(crl), ptime);
 
         if (i == 0) {
             if (!notify)
                 return 0;
-            ctx->error = X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD;
-            if (!ctx->verify_cb(0, ctx))
+            if (!verify_cb_crl(ctx, X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD))
                 return 0;
         }
         /* Ignore expiry of base CRL is delta is valid */
         if ((i < 0) && !(ctx->current_crl_score & CRL_SCORE_TIME_DELTA)) {
             if (!notify)
                 return 0;
-            ctx->error = X509_V_ERR_CRL_HAS_EXPIRED;
-            if (!ctx->verify_cb(0, ctx))
+            if (!verify_cb_crl(ctx, X509_V_ERR_CRL_HAS_EXPIRED))
                 return 0;
         }
     }
@@ -1132,8 +1013,8 @@ static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
         /* If current CRL is equivalent use it if it is newer */
         if (crl_score == best_score && best_crl != NULL) {
             int day, sec;
-            if (ASN1_TIME_diff(&day, &sec, X509_CRL_get_lastUpdate(best_crl),
-                               X509_CRL_get_lastUpdate(crl)) == 0)
+            if (ASN1_TIME_diff(&day, &sec, X509_CRL_get0_lastUpdate(best_crl),
+                               X509_CRL_get0_lastUpdate(crl)) == 0)
                 continue;
             /*
              * ASN1_TIME_diff never returns inconsistent signs for |day|
@@ -1149,17 +1030,14 @@ static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
     }
 
     if (best_crl) {
-        if (*pcrl)
-            X509_CRL_free(*pcrl);
+        X509_CRL_free(*pcrl);
         *pcrl = best_crl;
         *pissuer = best_crl_issuer;
         *pscore = best_score;
         *preasons = best_reasons;
-        CRYPTO_add(&best_crl->references, 1, CRYPTO_LOCK_X509_CRL);
-        if (*pdcrl) {
-            X509_CRL_free(*pdcrl);
-            *pdcrl = NULL;
-        }
+        X509_CRL_up_ref(best_crl);
+        X509_CRL_free(*pdcrl);
+        *pdcrl = NULL;
         get_delta_sk(ctx, pdcrl, pscore, best_crl, crls);
     }
 
@@ -1255,7 +1133,7 @@ static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pscore,
         if (check_delta_base(delta, base)) {
             if (check_crl_time(ctx, delta, 0))
                 *pscore |= CRL_SCORE_TIME_DELTA;
-            CRYPTO_add(&delta->references, 1, CRYPTO_LOCK_X509_CRL);
+            X509_CRL_up_ref(delta);
             *dcrl = delta;
             return;
         }
@@ -1397,6 +1275,7 @@ static int check_crl_path(X509_STORE_CTX *ctx, X509 *x)
 {
     X509_STORE_CTX crl_ctx;
     int ret;
+
     /* Don't allow recursive CRL path validation */
     if (ctx->parent)
         return 0;
@@ -1412,12 +1291,10 @@ static int check_crl_path(X509_STORE_CTX *ctx, X509 *x)
 
     /* Verify CRL issuer */
     ret = X509_verify_cert(&crl_ctx);
-
     if (ret <= 0)
         goto err;
 
     /* Check chain is acceptable */
-
     ret = check_crl_chain(ctx, ctx->chain, crl_ctx.chain);
  err:
     X509_STORE_CTX_cleanup(&crl_ctx);
@@ -1574,10 +1451,10 @@ static int get_crl_delta(X509_STORE_CTX *ctx,
     X509_CRL *crl = NULL, *dcrl = NULL;
     STACK_OF(X509_CRL) *skcrl;
     X509_NAME *nm = X509_get_issuer_name(x);
+
     reasons = ctx->current_reasons;
     ok = get_crl_sk(ctx, &crl, &dcrl,
                     &issuer, &crl_score, &reasons, ctx->crls);
-
     if (ok)
         goto done;
 
@@ -1594,7 +1471,6 @@ static int get_crl_delta(X509_STORE_CTX *ctx,
     sk_X509_CRL_pop_free(skcrl, X509_CRL_free);
 
  done:
-
     /* If we got any kind of CRL use it and return success */
     if (crl) {
         ctx->current_issuer = issuer;
@@ -1604,7 +1480,6 @@ static int get_crl_delta(X509_STORE_CTX *ctx,
         *pdcrl = dcrl;
         return 1;
     }
-
     return 0;
 }
 
@@ -1613,13 +1488,12 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)
 {
     X509 *issuer = NULL;
     EVP_PKEY *ikey = NULL;
-    int ok = 0, chnum, cnum;
-    cnum = ctx->error_depth;
-    chnum = sk_X509_num(ctx->chain) - 1;
+    int cnum = ctx->error_depth;
+    int chnum = sk_X509_num(ctx->chain) - 1;
+
     /* if we have an alternative CRL issuer cert use that */
     if (ctx->current_issuer)
         issuer = ctx->current_issuer;
-
     /*
      * Else find CRL issuer: if not last certificate then issuer is next
      * certificate in chain.
@@ -1629,121 +1503,85 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)
     else {
         issuer = sk_X509_value(ctx->chain, chnum);
         /* If not self signed, can't check signature */
-        if (!ctx->check_issued(ctx, issuer, issuer)) {
-            ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER;
-            ok = ctx->verify_cb(0, ctx);
-            if (!ok)
-                goto err;
-        }
+        if (!ctx->check_issued(ctx, issuer, issuer) &&
+            !verify_cb_crl(ctx, X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER))
+            return 0;
     }
 
-    if (issuer) {
-        /*
-         * Skip most tests for deltas because they have already been done
-         */
-        if (!crl->base_crl_number) {
-            /* Check for cRLSign bit if keyUsage present */
-            if ((issuer->ex_flags & EXFLAG_KUSAGE) &&
-                !(issuer->ex_kusage & KU_CRL_SIGN)) {
-                ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN;
-                ok = ctx->verify_cb(0, ctx);
-                if (!ok)
-                    goto err;
-            }
+    if (issuer == NULL)
+        return 1;
 
-            if (!(ctx->current_crl_score & CRL_SCORE_SCOPE)) {
-                ctx->error = X509_V_ERR_DIFFERENT_CRL_SCOPE;
-                ok = ctx->verify_cb(0, ctx);
-                if (!ok)
-                    goto err;
-            }
+    /*
+     * Skip most tests for deltas because they have already been done
+     */
+    if (!crl->base_crl_number) {
+        /* Check for cRLSign bit if keyUsage present */
+        if ((issuer->ex_flags & EXFLAG_KUSAGE) &&
+            !(issuer->ex_kusage & KU_CRL_SIGN) &&
+            !verify_cb_crl(ctx, X509_V_ERR_KEYUSAGE_NO_CRL_SIGN))
+            return 0;
 
-            if (!(ctx->current_crl_score & CRL_SCORE_SAME_PATH)) {
-                if (check_crl_path(ctx, ctx->current_issuer) <= 0) {
-                    ctx->error = X509_V_ERR_CRL_PATH_VALIDATION_ERROR;
-                    ok = ctx->verify_cb(0, ctx);
-                    if (!ok)
-                        goto err;
-                }
-            }
+        if (!(ctx->current_crl_score & CRL_SCORE_SCOPE) &&
+            !verify_cb_crl(ctx, X509_V_ERR_DIFFERENT_CRL_SCOPE))
+            return 0;
 
-            if (crl->idp_flags & IDP_INVALID) {
-                ctx->error = X509_V_ERR_INVALID_EXTENSION;
-                ok = ctx->verify_cb(0, ctx);
-                if (!ok)
-                    goto err;
-            }
+        if (!(ctx->current_crl_score & CRL_SCORE_SAME_PATH) &&
+            check_crl_path(ctx, ctx->current_issuer) <= 0 &&
+            !verify_cb_crl(ctx, X509_V_ERR_CRL_PATH_VALIDATION_ERROR))
+            return 0;
 
-        }
+        if ((crl->idp_flags & IDP_INVALID) &&
+            !verify_cb_crl(ctx, X509_V_ERR_INVALID_EXTENSION))
+            return 0;
+    }
 
-        if (!(ctx->current_crl_score & CRL_SCORE_TIME)) {
-            ok = check_crl_time(ctx, crl, 1);
-            if (!ok)
-                goto err;
-        }
+    if (!(ctx->current_crl_score & CRL_SCORE_TIME) &&
+        !check_crl_time(ctx, crl, 1))
+        return 0;
 
-        /* Attempt to get issuer certificate public key */
-        ikey = X509_get_pubkey(issuer);
+    /* Attempt to get issuer certificate public key */
+    ikey = X509_get0_pubkey(issuer);
 
-        if (!ikey) {
-            ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
-            ok = ctx->verify_cb(0, ctx);
-            if (!ok)
-                goto err;
-        } else {
-            int rv;
-            rv = X509_CRL_check_suiteb(crl, ikey, ctx->param->flags);
-            if (rv != X509_V_OK) {
-                ctx->error = rv;
-                ok = ctx->verify_cb(0, ctx);
-                if (!ok)
-                    goto err;
-            }
-            /* Verify CRL signature */
-            if (X509_CRL_verify(crl, ikey) <= 0) {
-                ctx->error = X509_V_ERR_CRL_SIGNATURE_FAILURE;
-                ok = ctx->verify_cb(0, ctx);
-                if (!ok)
-                    goto err;
-            }
-        }
-    }
+    if (!ikey &&
+        !verify_cb_crl(ctx, X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY))
+        return 0;
 
-    ok = 1;
+    if (ikey) {
+        int rv = X509_CRL_check_suiteb(crl, ikey, ctx->param->flags);
 
- err:
-    EVP_PKEY_free(ikey);
-    return ok;
+        if (rv != X509_V_OK && !verify_cb_crl(ctx, rv))
+            return 0;
+        /* Verify CRL signature */
+        if (X509_CRL_verify(crl, ikey) <= 0 &&
+            !verify_cb_crl(ctx, X509_V_ERR_CRL_SIGNATURE_FAILURE))
+            return 0;
+    }
+    return 1;
 }
 
 /* Check certificate against CRL */
 static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
 {
-    int ok;
     X509_REVOKED *rev;
+
     /*
      * The rules changed for this... previously if a CRL contained unhandled
      * critical extensions it could still be used to indicate a certificate
-     * was revoked. This has since been changed since critical extension can
+     * was revoked. This has since been changed since critical extensions can
      * change the meaning of CRL entries.
      */
     if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
-        && (crl->flags & EXFLAG_CRITICAL)) {
-        ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
-        ok = ctx->verify_cb(0, ctx);
-        if (!ok)
-            return 0;
-    }
+        && (crl->flags & EXFLAG_CRITICAL) &&
+        !verify_cb_crl(ctx, X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION))
+        return 0;
     /*
-     * Look for serial number of certificate in CRL If found make sure reason
-     * is not removeFromCRL.
+     * Look for serial number of certificate in CRL.  If found, make sure
+     * reason is not removeFromCRL.
      */
     if (X509_CRL_get0_by_cert(crl, &rev, x)) {
         if (rev->reason == CRL_REASON_REMOVE_FROM_CRL)
             return 2;
-        ctx->error = X509_V_ERR_CERT_REVOKED;
-        ok = ctx->verify_cb(0, ctx);
-        if (!ok)
+        if (!verify_cb_crl(ctx, X509_V_ERR_CERT_REVOKED))
             return 0;
     }
 
@@ -1753,38 +1591,60 @@ static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
 static int check_policy(X509_STORE_CTX *ctx)
 {
     int ret;
+
     if (ctx->parent)
         return 1;
+    /*
+     * With DANE, the trust anchor might be a bare public key, not a
+     * certificate!  In that case our chain does not have the trust anchor
+     * certificate as a top-most element.  This comports well with RFC5280
+     * chain verification, since there too, the trust anchor is not part of the
+     * chain to be verified.  In particular, X509_policy_check() does not look
+     * at the TA cert, but assumes that it is present as the top-most chain
+     * element.  We therefore temporarily push a NULL cert onto the chain if it
+     * was verified via a bare public key, and pop it off right after the
+     * X509_policy_check() call.
+     */
+    if (ctx->bare_ta_signed && !sk_X509_push(ctx->chain, NULL)) {
+        X509err(X509_F_CHECK_POLICY, ERR_R_MALLOC_FAILURE);
+        ctx->error = X509_V_ERR_OUT_OF_MEM;
+        return 0;
+    }
     ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain,
                             ctx->param->policies, ctx->param->flags);
-    if (ret == 0) {
+    if (ctx->bare_ta_signed)
+        sk_X509_pop(ctx->chain);
+
+    if (ret == X509_PCY_TREE_INTERNAL) {
         X509err(X509_F_CHECK_POLICY, ERR_R_MALLOC_FAILURE);
         ctx->error = X509_V_ERR_OUT_OF_MEM;
         return 0;
     }
     /* Invalid or inconsistent extensions */
-    if (ret == -1) {
-        /*
-         * Locate certificates with bad extensions and notify callback.
-         */
-        X509 *x;
+    if (ret == X509_PCY_TREE_INVALID) {
         int i;
+
+        /* Locate certificates with bad extensions and notify callback. */
         for (i = 1; i < sk_X509_num(ctx->chain); i++) {
-            x = sk_X509_value(ctx->chain, i);
+            X509 *x = sk_X509_value(ctx->chain, i);
+
             if (!(x->ex_flags & EXFLAG_INVALID_POLICY))
                 continue;
-            ctx->current_cert = x;
-            ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION;
-            if (!ctx->verify_cb(0, ctx))
+            if (!verify_cb_cert(ctx, x, i,
+                                X509_V_ERR_INVALID_POLICY_EXTENSION))
                 return 0;
         }
         return 1;
     }
-    if (ret == -2) {
+    if (ret == X509_PCY_TREE_FAILURE) {
         ctx->current_cert = NULL;
         ctx->error = X509_V_ERR_NO_EXPLICIT_POLICY;
         return ctx->verify_cb(0, ctx);
     }
+    if (ret != X509_PCY_TREE_VALID) {
+        X509err(X509_F_CHECK_POLICY, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
 
     if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY) {
         ctx->current_cert = NULL;
@@ -1801,62 +1661,61 @@ static int check_policy(X509_STORE_CTX *ctx)
     return 1;
 }
 
-static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
+/*-
+ * Check certificate validity times.
+ * If depth >= 0, invoke verification callbacks on error, otherwise just return
+ * the validation status.
+ *
+ * Return 1 on success, 0 otherwise.
+ */
+int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth)
 {
     time_t *ptime;
     int i;
 
     if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
         ptime = &ctx->param->check_time;
+    else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME)
+        return 1;
     else
         ptime = NULL;
 
-    i = X509_cmp_time(X509_get_notBefore(x), ptime);
-    if (i == 0) {
-        ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD;
-        ctx->current_cert = x;
-        if (!ctx->verify_cb(0, ctx))
-            return 0;
-    }
-
-    if (i > 0) {
-        ctx->error = X509_V_ERR_CERT_NOT_YET_VALID;
-        ctx->current_cert = x;
-        if (!ctx->verify_cb(0, ctx))
-            return 0;
-    }
-
-    i = X509_cmp_time(X509_get_notAfter(x), ptime);
-    if (i == 0) {
-        ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD;
-        ctx->current_cert = x;
-        if (!ctx->verify_cb(0, ctx))
-            return 0;
-    }
-
-    if (i < 0) {
-        ctx->error = X509_V_ERR_CERT_HAS_EXPIRED;
-        ctx->current_cert = x;
-        if (!ctx->verify_cb(0, ctx))
-            return 0;
-    }
+    i = X509_cmp_time(X509_get0_notBefore(x), ptime);
+    if (i >= 0 && depth < 0)
+        return 0;
+    if (i == 0 && !verify_cb_cert(ctx, x, depth,
+                                  X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD))
+        return 0;
+    if (i > 0 && !verify_cb_cert(ctx, x, depth, X509_V_ERR_CERT_NOT_YET_VALID))
+        return 0;
 
+    i = X509_cmp_time(X509_get0_notAfter(x), ptime);
+    if (i <= 0 && depth < 0)
+        return 0;
+    if (i == 0 && !verify_cb_cert(ctx, x, depth,
+                                  X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD))
+        return 0;
+    if (i < 0 && !verify_cb_cert(ctx, x, depth, X509_V_ERR_CERT_HAS_EXPIRED))
+        return 0;
     return 1;
 }
 
 static int internal_verify(X509_STORE_CTX *ctx)
 {
-    int ok = 0, n;
-    X509 *xs, *xi;
-    EVP_PKEY *pkey = NULL;
-    int (*cb) (int xok, X509_STORE_CTX *xctx);
-
-    cb = ctx->verify_cb;
+    int n = sk_X509_num(ctx->chain) - 1;
+    X509 *xi = sk_X509_value(ctx->chain, n);
+    X509 *xs;
 
-    n = sk_X509_num(ctx->chain);
-    ctx->error_depth = n - 1;
-    n--;
-    xi = sk_X509_value(ctx->chain, n);
+    /*
+     * With DANE-verified bare public key TA signatures, it remains only to
+     * check the timestamps of the top certificate.  We report the issuer as
+     * NULL, since all we have is a bare key.
+     */
+    if (ctx->bare_ta_signed) {
+        xs = xi;
+        xi = NULL;
+        goto check_cert;
+    }
 
     if (ctx->check_issued(ctx, xi, xi))
         xs = xi;
@@ -1865,72 +1724,60 @@ static int internal_verify(X509_STORE_CTX *ctx)
             xs = xi;
             goto check_cert;
         }
-        if (n <= 0) {
-            ctx->error = X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
-            ctx->current_cert = xi;
-            ok = cb(0, ctx);
-            goto end;
-        } else {
-            n--;
-            ctx->error_depth = n;
-            xs = sk_X509_value(ctx->chain, n);
-        }
+        if (n <= 0)
+            return verify_cb_cert(ctx, xi, 0,
+                                  X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE);
+        n--;
+        ctx->error_depth = n;
+        xs = sk_X509_value(ctx->chain, n);
     }
 
-/*      ctx->error=0;  not needed */
+    /*
+     * Do not clear ctx->error=0, it must be "sticky", only the user's callback
+     * is allowed to reset errors (at its own peril).
+     */
     while (n >= 0) {
-        ctx->error_depth = n;
+        EVP_PKEY *pkey;
 
         /*
-         * Skip signature check for self signed certificates unless
-         * explicitly asked for. It doesn't add any security and just wastes
-         * time.
+         * Skip signature check for self signed certificates unless explicitly
+         * asked for.  It doesn't add any security and just wastes time.  If
+         * the issuer's public key is unusable, report the issuer certificate
+         * and its depth (rather than the depth of the subject).
          */
-        if (!xs->valid
-            && (xs != xi
-                || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE))) {
-            if ((pkey = X509_get_pubkey(xi)) == NULL) {
-                ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
-                ctx->current_cert = xi;
-                ok = (*cb) (0, ctx);
-                if (!ok)
-                    goto end;
+        if (xs != xi || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE)) {
+            if ((pkey = X509_get0_pubkey(xi)) == NULL) {
+                if (!verify_cb_cert(ctx, xi, xi != xs ? n+1 : n,
+                        X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY))
+                    return 0;
             } else if (X509_verify(xs, pkey) <= 0) {
-                ctx->error = X509_V_ERR_CERT_SIGNATURE_FAILURE;
-                ctx->current_cert = xs;
-                ok = (*cb) (0, ctx);
-                if (!ok) {
-                    EVP_PKEY_free(pkey);
-                    goto end;
-                }
+                if (!verify_cb_cert(ctx, xs, n,
+                                    X509_V_ERR_CERT_SIGNATURE_FAILURE))
+                    return 0;
             }
-            EVP_PKEY_free(pkey);
-            pkey = NULL;
         }
 
-        xs->valid = 1;
-
  check_cert:
-        ok = check_cert_time(ctx, xs);
-        if (!ok)
-            goto end;
+        /* Calls verify callback as needed */
+        if (!x509_check_cert_time(ctx, xs, n))
+            return 0;
 
-        /* The last error (if any) is still in the error value */
+        /*
+         * Signal success at this depth.  However, the previous error (if any)
+         * is retained.
+         */
         ctx->current_issuer = xi;
         ctx->current_cert = xs;
-        ok = (*cb) (1, ctx);
-        if (!ok)
-            goto end;
+        ctx->error_depth = n;
+        if (!ctx->verify_cb(1, ctx))
+            return 0;
 
-        n--;
-        if (n >= 0) {
+        if (--n >= 0) {
             xi = xs;
             xs = sk_X509_value(ctx->chain, n);
         }
     }
-    ok = 1;
- end:
-    return ok;
+    return 1;
 }
 
 int X509_cmp_current_time(const ASN1_TIME *ctm)
@@ -1975,7 +1822,7 @@ int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time)
      * Digit and date ranges will be verified in the conversion methods.
      */
     for (i = 0; i < ctm->length - 1; i++) {
-        if (!isdigit(ctm->data[i]))
+        if (!ossl_isdigit(ctm->data[i]))
             return 0;
     }
     if (ctm->data[ctm->length - 1] != 'Z')
@@ -2041,7 +1888,7 @@ int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
         return 1;
 
     for (i = 0; i < sk_X509_num(chain); i++) {
-        ktmp = X509_get_pubkey(sk_X509_value(chain, i));
+        ktmp = X509_get0_pubkey(sk_X509_value(chain, i));
         if (ktmp == NULL) {
             X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,
                     X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY);
@@ -2049,10 +1896,6 @@ int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
         }
         if (!EVP_PKEY_missing_parameters(ktmp))
             break;
-        else {
-            EVP_PKEY_free(ktmp);
-            ktmp = NULL;
-        }
     }
     if (ktmp == NULL) {
         X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,
@@ -2062,14 +1905,12 @@ int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
 
     /* first, populate the other certs */
     for (j = i - 1; j >= 0; j--) {
-        ktmp2 = X509_get_pubkey(sk_X509_value(chain, j));
+        ktmp2 = X509_get0_pubkey(sk_X509_value(chain, j));
         EVP_PKEY_copy_parameters(ktmp2, ktmp);
-        EVP_PKEY_free(ktmp2);
     }
 
     if (pkey != NULL)
         EVP_PKEY_copy_parameters(pkey, ktmp);
-    EVP_PKEY_free(ktmp);
     return 1;
 }
 
@@ -2118,15 +1959,15 @@ X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
     }
     /* Create new CRL */
     crl = X509_CRL_new();
-    if (!crl || !X509_CRL_set_version(crl, 1))
+    if (crl == NULL || !X509_CRL_set_version(crl, 1))
         goto memerr;
     /* Set issuer name */
     if (!X509_CRL_set_issuer_name(crl, X509_CRL_get_issuer(newer)))
         goto memerr;
 
-    if (!X509_CRL_set_lastUpdate(crl, X509_CRL_get_lastUpdate(newer)))
+    if (!X509_CRL_set1_lastUpdate(crl, X509_CRL_get0_lastUpdate(newer)))
         goto memerr;
-    if (!X509_CRL_set_nextUpdate(crl, X509_CRL_get_nextUpdate(newer)))
+    if (!X509_CRL_set1_nextUpdate(crl, X509_CRL_get0_nextUpdate(newer)))
         goto memerr;
 
     /* Set base CRL number: must be critical */
@@ -2157,7 +1998,7 @@ X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
          * Add only if not also in base. TODO: need something cleverer here
          * for some more complex CRLs covering multiple CAs.
          */
-        if (!X509_CRL_get0_by_serial(base, &rvtmp, rvn->serialNumber)) {
+        if (!X509_CRL_get0_by_serial(base, &rvtmp, &rvn->serialNumber)) {
             rvtmp = X509_REVOKED_dup(rvn);
             if (!rvtmp)
                 goto memerr;
@@ -2176,24 +2017,10 @@ X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
 
  memerr:
     X509err(X509_F_X509_CRL_DIFF, ERR_R_MALLOC_FAILURE);
-    if (crl)
-        X509_CRL_free(crl);
+    X509_CRL_free(crl);
     return NULL;
 }
 
-int X509_STORE_CTX_get_ex_new_index(long argl, void *argp,
-                                    CRYPTO_EX_new *new_func,
-                                    CRYPTO_EX_dup *dup_func,
-                                    CRYPTO_EX_free *free_func)
-{
-    /*
-     * This function is (usually) called only once, by
-     * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c).
-     */
-    return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, argl, argp,
-                                   new_func, dup_func, free_func);
-}
-
 int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data)
 {
     return CRYPTO_set_ex_data(&ctx->ex_data, idx, data);
@@ -2219,12 +2046,22 @@ int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx)
     return ctx->error_depth;
 }
 
+void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth)
+{
+    ctx->error_depth = depth;
+}
+
 X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx)
 {
     return ctx->current_cert;
 }
 
-STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx)
+void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x)
+{
+    ctx->current_cert = x;
+}
+
+STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx)
 {
     return ctx->chain;
 }
@@ -2256,11 +2093,6 @@ void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x)
     ctx->cert = x;
 }
 
-void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
-{
-    ctx->untrusted = sk;
-}
-
 void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk)
 {
     ctx->crls = sk;
@@ -2268,11 +2100,20 @@ void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk)
 
 int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose)
 {
+    /*
+     * XXX: Why isn't this function always used to set the associated trust?
+     * Should there even be a VPM->trust field at all?  Or should the trust
+     * always be inferred from the purpose by X509_STORE_CTX_init().
+     */
     return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0);
 }
 
 int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust)
 {
+    /*
+     * XXX: See above, this function would only be needed when the default
+     * trust for the purpose needs an override in a corner case.
+     */
     return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust);
 }
 
@@ -2306,6 +2147,11 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
         ptmp = X509_PURPOSE_get0(idx);
         if (ptmp->trust == X509_TRUST_DEFAULT) {
             idx = X509_PURPOSE_get_by_id(def_purpose);
+            /*
+             * XXX: In the two callers above def_purpose is always 0, which is
+             * not a known value, so idx will always be -1.  How is the
+             * X509_TRUST_DEFAULT case actually supposed to be handled?
+             */
             if (idx == -1) {
                 X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
                         X509_R_UNKNOWN_PURPOSE_ID);
@@ -2335,20 +2181,20 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
 
 X509_STORE_CTX *X509_STORE_CTX_new(void)
 {
-    X509_STORE_CTX *ctx;
-    ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX));
-    if (!ctx) {
+    X509_STORE_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
+
+    if (ctx == NULL) {
         X509err(X509_F_X509_STORE_CTX_NEW, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
-    memset(ctx, 0, sizeof(X509_STORE_CTX));
     return ctx;
 }
 
 void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
 {
-    if (!ctx)
+    if (ctx == NULL)
         return;
+
     X509_STORE_CTX_cleanup(ctx);
     OPENSSL_free(ctx);
 }
@@ -2357,12 +2203,12 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
                         STACK_OF(X509) *chain)
 {
     int ret = 1;
+
     ctx->ctx = store;
-    ctx->current_method = 0;
     ctx->cert = x509;
     ctx->untrusted = chain;
     ctx->crls = NULL;
-    ctx->last_untrusted = 0;
+    ctx->num_untrusted = 0;
     ctx->other_ctx = NULL;
     ctx->valid = 0;
     ctx->chain = NULL;
@@ -2376,39 +2222,17 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
     ctx->current_reasons = 0;
     ctx->tree = NULL;
     ctx->parent = NULL;
+    ctx->dane = NULL;
+    ctx->bare_ta_signed = 0;
     /* Zero ex_data to make sure we're cleanup-safe */
     memset(&ctx->ex_data, 0, sizeof(ctx->ex_data));
 
-    ctx->param = X509_VERIFY_PARAM_new();
-    if (!ctx->param) {
-        X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE);
-        return 0;
-    }
-
-    /*
-     * Inherit callbacks and flags from X509_STORE if not set use defaults.
-     */
+    /* store->cleanup is always 0 in OpenSSL, if set must be idempotent */
     if (store)
-        ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param);
-    else
-        ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT | X509_VP_FLAG_ONCE;
-
-    if (store) {
-        ctx->verify_cb = store->verify_cb;
-        /* Seems to always be 0 in OpenSSL, else must be idempotent */
         ctx->cleanup = store->cleanup;
-    } else
+    else
         ctx->cleanup = 0;
 
-    if (ret)
-        ret = X509_VERIFY_PARAM_inherit(ctx->param,
-                                        X509_VERIFY_PARAM_lookup("default"));
-
-    if (ret == 0) {
-        X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
     if (store && store->check_issued)
         ctx->check_issued = store->check_issued;
     else
@@ -2449,17 +2273,55 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
     else
         ctx->cert_crl = cert_crl;
 
+    if (store && store->check_policy)
+        ctx->check_policy = store->check_policy;
+    else
+        ctx->check_policy = check_policy;
+
     if (store && store->lookup_certs)
         ctx->lookup_certs = store->lookup_certs;
     else
-        ctx->lookup_certs = X509_STORE_get1_certs;
+        ctx->lookup_certs = X509_STORE_CTX_get1_certs;
 
     if (store && store->lookup_crls)
         ctx->lookup_crls = store->lookup_crls;
     else
-        ctx->lookup_crls = X509_STORE_get1_crls;
+        ctx->lookup_crls = X509_STORE_CTX_get1_crls;
+
+    ctx->param = X509_VERIFY_PARAM_new();
+    if (ctx->param == NULL) {
+        X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /*
+     * Inherit callbacks and flags from X509_STORE if not set use defaults.
+     */
+    if (store)
+        ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param);
+    else
+        ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT | X509_VP_FLAG_ONCE;
+
+    if (ret)
+        ret = X509_VERIFY_PARAM_inherit(ctx->param,
+                                        X509_VERIFY_PARAM_lookup("default"));
+
+    if (ret == 0) {
+        X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /*
+     * XXX: For now, continue to inherit trust from VPM, but infer from the
+     * purpose if this still yields the default value.
+     */
+    if (ctx->param->trust == X509_TRUST_DEFAULT) {
+        int idx = X509_PURPOSE_get_by_id(ctx->param->purpose);
+        X509_PURPOSE *xp = X509_PURPOSE_get0(idx);
 
-    ctx->check_policy = check_policy;
+        if (xp != NULL)
+            ctx->param->trust = X509_PURPOSE_get_trust(xp);
+    }
 
     if (CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx,
                            &ctx->ex_data))
@@ -2479,11 +2341,11 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
  * Set alternative lookup method: just a STACK of trusted certificates. This
  * avoids X509_STORE nastiness where it isn't needed.
  */
-
-void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
+void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
 {
     ctx->other_ctx = sk;
     ctx->get_issuer = get_issuer_sk;
+    ctx->lookup_certs = lookup_certs_sk;
 }
 
 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
@@ -2504,16 +2366,12 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
             X509_VERIFY_PARAM_free(ctx->param);
         ctx->param = NULL;
     }
-    if (ctx->tree != NULL) {
-        X509_policy_tree_free(ctx->tree);
-        ctx->tree = NULL;
-    }
-    if (ctx->chain != NULL) {
-        sk_X509_pop_free(ctx->chain, X509_free);
-        ctx->chain = NULL;
-    }
+    X509_policy_tree_free(ctx->tree);
+    ctx->tree = NULL;
+    sk_X509_pop_free(ctx->chain, X509_free);
+    ctx->chain = NULL;
     CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data));
-    memset(&ctx->ex_data, 0, sizeof(CRYPTO_EX_DATA));
+    memset(&ctx->ex_data, 0, sizeof(ctx->ex_data));
 }
 
 void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth)
@@ -2532,12 +2390,99 @@ void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
     X509_VERIFY_PARAM_set_time(ctx->param, t);
 }
 
+X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx)
+{
+    return ctx->cert;
+}
+
+STACK_OF(X509) *X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx)
+{
+    return ctx->untrusted;
+}
+
+void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
+{
+    ctx->untrusted = sk;
+}
+
+void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
+{
+    sk_X509_pop_free(ctx->chain, X509_free);
+    ctx->chain = sk;
+}
+
 void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
-                                  int (*verify_cb) (int, X509_STORE_CTX *))
+                                  X509_STORE_CTX_verify_cb verify_cb)
 {
     ctx->verify_cb = verify_cb;
 }
 
+X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx)
+{
+    return ctx->verify_cb;
+}
+
+void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
+                               X509_STORE_CTX_verify_fn verify)
+{
+    ctx->verify = verify;
+}
+
+X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx)
+{
+    return ctx->verify;
+}
+
+X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(X509_STORE_CTX *ctx)
+{
+    return ctx->get_issuer;
+}
+
+X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx)
+{
+    return ctx->check_issued;
+}
+
+X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(X509_STORE_CTX *ctx)
+{
+    return ctx->check_revocation;
+}
+
+X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(X509_STORE_CTX *ctx)
+{
+    return ctx->get_crl;
+}
+
+X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(X509_STORE_CTX *ctx)
+{
+    return ctx->check_crl;
+}
+
+X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(X509_STORE_CTX *ctx)
+{
+    return ctx->cert_crl;
+}
+
+X509_STORE_CTX_check_policy_fn X509_STORE_CTX_get_check_policy(X509_STORE_CTX *ctx)
+{
+    return ctx->check_policy;
+}
+
+X509_STORE_CTX_lookup_certs_fn X509_STORE_CTX_get_lookup_certs(X509_STORE_CTX *ctx)
+{
+    return ctx->lookup_certs;
+}
+
+X509_STORE_CTX_lookup_crls_fn X509_STORE_CTX_get_lookup_crls(X509_STORE_CTX *ctx)
+{
+    return ctx->lookup_crls;
+}
+
+X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(X509_STORE_CTX *ctx)
+{
+    return ctx->cleanup;
+}
+
 X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx)
 {
     return ctx->tree;
@@ -2548,6 +2493,11 @@ int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx)
     return ctx->explicit_policy;
 }
 
+int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx)
+{
+    return ctx->num_untrusted;
+}
+
 int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name)
 {
     const X509_VERIFY_PARAM *param;
@@ -2564,17 +2514,758 @@ X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx)
 
 void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param)
 {
-    if (ctx->param)
-        X509_VERIFY_PARAM_free(ctx->param);
+    X509_VERIFY_PARAM_free(ctx->param);
     ctx->param = param;
 }
 
-IMPLEMENT_STACK_OF(X509)
+void X509_STORE_CTX_set0_dane(X509_STORE_CTX *ctx, SSL_DANE *dane)
+{
+    ctx->dane = dane;
+}
+
+static unsigned char *dane_i2d(
+    X509 *cert,
+    uint8_t selector,
+    unsigned int *i2dlen)
+{
+    unsigned char *buf = NULL;
+    int len;
+
+    /*
+     * Extract ASN.1 DER form of certificate or public key.
+     */
+    switch (selector) {
+    case DANETLS_SELECTOR_CERT:
+        len = i2d_X509(cert, &buf);
+        break;
+    case DANETLS_SELECTOR_SPKI:
+        len = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), &buf);
+        break;
+    default:
+        X509err(X509_F_DANE_I2D, X509_R_BAD_SELECTOR);
+        return NULL;
+    }
+
+    if (len < 0 || buf == NULL) {
+        X509err(X509_F_DANE_I2D, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    *i2dlen = (unsigned int)len;
+    return buf;
+}
+
+#define DANETLS_NONE 256        /* impossible uint8_t */
+
+static int dane_match(X509_STORE_CTX *ctx, X509 *cert, int depth)
+{
+    SSL_DANE *dane = ctx->dane;
+    unsigned usage = DANETLS_NONE;
+    unsigned selector = DANETLS_NONE;
+    unsigned ordinal = DANETLS_NONE;
+    unsigned mtype = DANETLS_NONE;
+    unsigned char *i2dbuf = NULL;
+    unsigned int i2dlen = 0;
+    unsigned char mdbuf[EVP_MAX_MD_SIZE];
+    unsigned char *cmpbuf = NULL;
+    unsigned int cmplen = 0;
+    int i;
+    int recnum;
+    int matched = 0;
+    danetls_record *t = NULL;
+    uint32_t mask;
+
+    mask = (depth == 0) ? DANETLS_EE_MASK : DANETLS_TA_MASK;
+
+    /*
+     * The trust store is not applicable with DANE-TA(2)
+     */
+    if (depth >= ctx->num_untrusted)
+        mask &= DANETLS_PKIX_MASK;
+
+    /*
+     * If we've previously matched a PKIX-?? record, no need to test any
+     * further PKIX-?? records, it remains to just build the PKIX chain.
+     * Had the match been a DANE-?? record, we'd be done already.
+     */
+    if (dane->mdpth >= 0)
+        mask &= ~DANETLS_PKIX_MASK;
+
+    /*-
+     * https://tools.ietf.org/html/rfc7671#section-5.1
+     * https://tools.ietf.org/html/rfc7671#section-5.2
+     * https://tools.ietf.org/html/rfc7671#section-5.3
+     * https://tools.ietf.org/html/rfc7671#section-5.4
+     *
+     * We handle DANE-EE(3) records first as they require no chain building
+     * and no expiration or hostname checks.  We also process digests with
+     * higher ordinals first and ignore lower priorities except Full(0) which
+     * is always processed (last).  If none match, we then process PKIX-EE(1).
+     *
+     * NOTE: This relies on DANE usages sorting before the corresponding PKIX
+     * usages in SSL_dane_tlsa_add(), and also on descending sorting of digest
+     * priorities.  See twin comment in ssl/ssl_lib.c.
+     *
+     * We expect that most TLSA RRsets will have just a single usage, so we
+     * don't go out of our way to cache multiple selector-specific i2d buffers
+     * across usages, but if the selector happens to remain the same as switch
+     * usages, that's OK.  Thus, a set of "3 1 1", "3 0 1", "1 1 1", "1 0 1",
+     * records would result in us generating each of the certificate and public
+     * key DER forms twice, but more typically we'd just see multiple "3 1 1"
+     * or multiple "3 0 1" records.
+     *
+     * As soon as we find a match at any given depth, we stop, because either
+     * we've matched a DANE-?? record and the peer is authenticated, or, after
+     * exhausting all DANE-?? records, we've matched a PKIX-?? record, which is
+     * sufficient for DANE, and what remains to do is ordinary PKIX validation.
+     */
+    recnum = (dane->umask & mask) ? sk_danetls_record_num(dane->trecs) : 0;
+    for (i = 0; matched == 0 && i < recnum; ++i) {
+        t = sk_danetls_record_value(dane->trecs, i);
+        if ((DANETLS_USAGE_BIT(t->usage) & mask) == 0)
+            continue;
+        if (t->usage != usage) {
+            usage = t->usage;
+
+            /* Reset digest agility for each usage/selector pair */
+            mtype = DANETLS_NONE;
+            ordinal = dane->dctx->mdord[t->mtype];
+        }
+        if (t->selector != selector) {
+            selector = t->selector;
+
+            /* Update per-selector state */
+            OPENSSL_free(i2dbuf);
+            i2dbuf = dane_i2d(cert, selector, &i2dlen);
+            if (i2dbuf == NULL)
+                return -1;
+
+            /* Reset digest agility for each usage/selector pair */
+            mtype = DANETLS_NONE;
+            ordinal = dane->dctx->mdord[t->mtype];
+        } else if (t->mtype != DANETLS_MATCHING_FULL) {
+            /*-
+             * Digest agility:
+             *
+             *     <https://tools.ietf.org/html/rfc7671#section-9>
+             *
+             * For a fixed selector, after processing all records with the
+             * highest mtype ordinal, ignore all mtypes with lower ordinals
+             * other than "Full".
+             */
+            if (dane->dctx->mdord[t->mtype] < ordinal)
+                continue;
+        }
+
+        /*
+         * Each time we hit a (new selector or) mtype, re-compute the relevant
+         * digest, more complex caching is not worth the code space.
+         */
+        if (t->mtype != mtype) {
+            const EVP_MD *md = dane->dctx->mdevp[mtype = t->mtype];
+            cmpbuf = i2dbuf;
+            cmplen = i2dlen;
+
+            if (md != NULL) {
+                cmpbuf = mdbuf;
+                if (!EVP_Digest(i2dbuf, i2dlen, cmpbuf, &cmplen, md, 0)) {
+                    matched = -1;
+                    break;
+                }
+            }
+        }
+
+        /*
+         * Squirrel away the certificate and depth if we have a match.  Any
+         * DANE match is dispositive, but with PKIX we still need to build a
+         * full chain.
+         */
+        if (cmplen == t->dlen &&
+            memcmp(cmpbuf, t->data, cmplen) == 0) {
+            if (DANETLS_USAGE_BIT(usage) & DANETLS_DANE_MASK)
+                matched = 1;
+            if (matched || dane->mdpth < 0) {
+                dane->mdpth = depth;
+                dane->mtlsa = t;
+                OPENSSL_free(dane->mcert);
+                dane->mcert = cert;
+                X509_up_ref(cert);
+            }
+            break;
+        }
+    }
+
+    /* Clear the one-element DER cache */
+    OPENSSL_free(i2dbuf);
+    return matched;
+}
+
+static int check_dane_issuer(X509_STORE_CTX *ctx, int depth)
+{
+    SSL_DANE *dane = ctx->dane;
+    int matched = 0;
+    X509 *cert;
+
+    if (!DANETLS_HAS_TA(dane) || depth == 0)
+        return  X509_TRUST_UNTRUSTED;
+
+    /*
+     * Record any DANE trust-anchor matches, for the first depth to test, if
+     * there's one at that depth. (This'll be false for length 1 chains looking
+     * for an exact match for the leaf certificate).
+     */
+    cert = sk_X509_value(ctx->chain, depth);
+    if (cert != NULL && (matched = dane_match(ctx, cert, depth)) < 0)
+        return  X509_TRUST_REJECTED;
+    if (matched > 0) {
+        ctx->num_untrusted = depth - 1;
+        return  X509_TRUST_TRUSTED;
+    }
+
+    return  X509_TRUST_UNTRUSTED;
+}
+
+static int check_dane_pkeys(X509_STORE_CTX *ctx)
+{
+    SSL_DANE *dane = ctx->dane;
+    danetls_record *t;
+    int num = ctx->num_untrusted;
+    X509 *cert = sk_X509_value(ctx->chain, num - 1);
+    int recnum = sk_danetls_record_num(dane->trecs);
+    int i;
+
+    for (i = 0; i < recnum; ++i) {
+        t = sk_danetls_record_value(dane->trecs, i);
+        if (t->usage != DANETLS_USAGE_DANE_TA ||
+            t->selector != DANETLS_SELECTOR_SPKI ||
+            t->mtype != DANETLS_MATCHING_FULL ||
+            X509_verify(cert, t->spki) <= 0)
+            continue;
+
+        /* Clear any PKIX-?? matches that failed to extend to a full chain */
+        X509_free(dane->mcert);
+        dane->mcert = NULL;
+
+        /* Record match via a bare TA public key */
+        ctx->bare_ta_signed = 1;
+        dane->mdpth = num - 1;
+        dane->mtlsa = t;
+
+        /* Prune any excess chain certificates */
+        num = sk_X509_num(ctx->chain);
+        for (; num > ctx->num_untrusted; --num)
+            X509_free(sk_X509_pop(ctx->chain));
+
+        return X509_TRUST_TRUSTED;
+    }
+
+    return X509_TRUST_UNTRUSTED;
+}
+
+static void dane_reset(SSL_DANE *dane)
+{
+    /*
+     * Reset state to verify another chain, or clear after failure.
+     */
+    X509_free(dane->mcert);
+    dane->mcert = NULL;
+    dane->mtlsa = NULL;
+    dane->mdpth = -1;
+    dane->pdpth = -1;
+}
+
+static int check_leaf_suiteb(X509_STORE_CTX *ctx, X509 *cert)
+{
+    int err = X509_chain_check_suiteb(NULL, cert, NULL, ctx->param->flags);
+
+    if (err == X509_V_OK)
+        return 1;
+    return verify_cb_cert(ctx, cert, 0, err);
+}
+
+static int dane_verify(X509_STORE_CTX *ctx)
+{
+    X509 *cert = ctx->cert;
+    SSL_DANE *dane = ctx->dane;
+    int matched;
+    int done;
+
+    dane_reset(dane);
+
+    /*-
+     * When testing the leaf certificate, if we match a DANE-EE(3) record,
+     * dane_match() returns 1 and we're done.  If however we match a PKIX-EE(1)
+     * record, the match depth and matching TLSA record are recorded, but the
+     * return value is 0, because we still need to find a PKIX trust-anchor.
+     * Therefore, when DANE authentication is enabled (required), we're done
+     * if:
+     *   + matched < 0, internal error.
+     *   + matched == 1, we matched a DANE-EE(3) record
+     *   + matched == 0, mdepth < 0 (no PKIX-EE match) and there are no
+     *     DANE-TA(2) or PKIX-TA(0) to test.
+     */
+    matched = dane_match(ctx, ctx->cert, 0);
+    done = matched != 0 || (!DANETLS_HAS_TA(dane) && dane->mdpth < 0);
+
+    if (done)
+        X509_get_pubkey_parameters(NULL, ctx->chain);
+
+    if (matched > 0) {
+        /* Callback invoked as needed */
+        if (!check_leaf_suiteb(ctx, cert))
+            return 0;
+        /* Callback invoked as needed */
+        if ((dane->flags & DANE_FLAG_NO_DANE_EE_NAMECHECKS) == 0 &&
+            !check_id(ctx))
+            return 0;
+        /* Bypass internal_verify(), issue depth 0 success callback */
+        ctx->error_depth = 0;
+        ctx->current_cert = cert;
+        return ctx->verify_cb(1, ctx);
+    }
+
+    if (matched < 0) {
+        ctx->error_depth = 0;
+        ctx->current_cert = cert;
+        ctx->error = X509_V_ERR_OUT_OF_MEM;
+        return -1;
+    }
+
+    if (done) {
+        /* Fail early, TA-based success is not possible */
+        if (!check_leaf_suiteb(ctx, cert))
+            return 0;
+        return verify_cb_cert(ctx, cert, 0, X509_V_ERR_DANE_NO_MATCH);
+    }
+
+    /*
+     * Chain verification for usages 0/1/2.  TLSA record matching of depth > 0
+     * certificates happens in-line with building the rest of the chain.
+     */
+    return verify_chain(ctx);
+}
+
+/* Get issuer, without duplicate suppression */
+static int get_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *cert)
+{
+    STACK_OF(X509) *saved_chain = ctx->chain;
+    int ok;
+
+    ctx->chain = NULL;
+    ok = ctx->get_issuer(issuer, ctx, cert);
+    ctx->chain = saved_chain;
+
+    return ok;
+}
+
+static int build_chain(X509_STORE_CTX *ctx)
+{
+    SSL_DANE *dane = ctx->dane;
+    int num = sk_X509_num(ctx->chain);
+    X509 *cert = sk_X509_value(ctx->chain, num - 1);
+    int ss = cert_self_signed(cert);
+    STACK_OF(X509) *sktmp = NULL;
+    unsigned int search;
+    int may_trusted = 0;
+    int may_alternate = 0;
+    int trust = X509_TRUST_UNTRUSTED;
+    int alt_untrusted = 0;
+    int depth;
+    int ok = 0;
+    int i;
+
+    /* Our chain starts with a single untrusted element. */
+    if (!ossl_assert(num == 1 && ctx->num_untrusted == num))  {
+        X509err(X509_F_BUILD_CHAIN, ERR_R_INTERNAL_ERROR);
+        ctx->error = X509_V_ERR_UNSPECIFIED;
+        return 0;
+    }
+
+#define S_DOUNTRUSTED      (1 << 0)     /* Search untrusted chain */
+#define S_DOTRUSTED        (1 << 1)     /* Search trusted store */
+#define S_DOALTERNATE      (1 << 2)     /* Retry with pruned alternate chain */
+    /*
+     * Set up search policy, untrusted if possible, trusted-first if enabled.
+     * If we're doing DANE and not doing PKIX-TA/PKIX-EE, we never look in the
+     * trust_store, otherwise we might look there first.  If not trusted-first,
+     * and alternate chains are not disabled, try building an alternate chain
+     * if no luck with untrusted first.
+     */
+    search = (ctx->untrusted != NULL) ? S_DOUNTRUSTED : 0;
+    if (DANETLS_HAS_PKIX(dane) || !DANETLS_HAS_DANE(dane)) {
+        if (search == 0 || ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST)
+            search |= S_DOTRUSTED;
+        else if (!(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS))
+            may_alternate = 1;
+        may_trusted = 1;
+    }
+
+    /*
+     * Shallow-copy the stack of untrusted certificates (with TLS, this is
+     * typically the content of the peer's certificate message) so can make
+     * multiple passes over it, while free to remove elements as we go.
+     */
+    if (ctx->untrusted && (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) {
+        X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE);
+        ctx->error = X509_V_ERR_OUT_OF_MEM;
+        return 0;
+    }
+
+    /*
+     * If we got any "DANE-TA(2) Cert(0) Full(0)" trust-anchors from DNS, add
+     * them to our working copy of the untrusted certificate stack.  Since the
+     * caller of X509_STORE_CTX_init() may have provided only a leaf cert with
+     * no corresponding stack of untrusted certificates, we may need to create
+     * an empty stack first.  [ At present only the ssl library provides DANE
+     * support, and ssl_verify_cert_chain() always provides a non-null stack
+     * containing at least the leaf certificate, but we must be prepared for
+     * this to change. ]
+     */
+    if (DANETLS_ENABLED(dane) && dane->certs != NULL) {
+        if (sktmp == NULL && (sktmp = sk_X509_new_null()) == NULL) {
+            X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE);
+            ctx->error = X509_V_ERR_OUT_OF_MEM;
+            return 0;
+        }
+        for (i = 0; i < sk_X509_num(dane->certs); ++i) {
+            if (!sk_X509_push(sktmp, sk_X509_value(dane->certs, i))) {
+                sk_X509_free(sktmp);
+                X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE);
+                ctx->error = X509_V_ERR_OUT_OF_MEM;
+                return 0;
+            }
+        }
+    }
+
+    /*
+     * Still absurdly large, but arithmetically safe, a lower hard upper bound
+     * might be reasonable.
+     */
+    if (ctx->param->depth > INT_MAX/2)
+        ctx->param->depth = INT_MAX/2;
+
+    /*
+     * Try to Extend the chain until we reach an ultimately trusted issuer.
+     * Build chains up to one longer the limit, later fail if we hit the limit,
+     * with an X509_V_ERR_CERT_CHAIN_TOO_LONG error code.
+     */
+    depth = ctx->param->depth + 1;
+
+    while (search != 0) {
+        X509 *x;
+        X509 *xtmp = NULL;
+
+        /*
+         * Look in the trust store if enabled for first lookup, or we've run
+         * out of untrusted issuers and search here is not disabled.  When we
+         * reach the depth limit, we stop extending the chain, if by that point
+         * we've not found a trust-anchor, any trusted chain would be too long.
+         *
+         * The error reported to the application verify callback is at the
+         * maximal valid depth with the current certificate equal to the last
+         * not ultimately-trusted issuer.  For example, with verify_depth = 0,
+         * the callback will report errors at depth=1 when the immediate issuer
+         * of the leaf certificate is not a trust anchor.  No attempt will be
+         * made to locate an issuer for that certificate, since such a chain
+         * would be a-priori too long.
+         */
+        if ((search & S_DOTRUSTED) != 0) {
+            i = num = sk_X509_num(ctx->chain);
+            if ((search & S_DOALTERNATE) != 0) {
+                /*
+                 * As high up the chain as we can, look for an alternative
+                 * trusted issuer of an untrusted certificate that currently
+                 * has an untrusted issuer.  We use the alt_untrusted variable
+                 * to track how far up the chain we find the first match.  It
+                 * is only if and when we find a match, that we prune the chain
+                 * and reset ctx->num_untrusted to the reduced count of
+                 * untrusted certificates.  While we're searching for such a
+                 * match (which may never be found), it is neither safe nor
+                 * wise to preemptively modify either the chain or
+                 * ctx->num_untrusted.
+                 *
+                 * Note, like ctx->num_untrusted, alt_untrusted is a count of
+                 * untrusted certificates, not a "depth".
+                 */
+                i = alt_untrusted;
+            }
+            x = sk_X509_value(ctx->chain, i-1);
+
+            ok = (depth < num) ? 0 : get_issuer(&xtmp, ctx, x);
+
+            if (ok < 0) {
+                trust = X509_TRUST_REJECTED;
+                ctx->error = X509_V_ERR_STORE_LOOKUP;
+                search = 0;
+                continue;
+            }
+
+            if (ok > 0) {
+                /*
+                 * Alternative trusted issuer for a mid-chain untrusted cert?
+                 * Pop the untrusted cert's successors and retry.  We might now
+                 * be able to complete a valid chain via the trust store.  Note
+                 * that despite the current trust-store match we might still
+                 * fail complete the chain to a suitable trust-anchor, in which
+                 * case we may prune some more untrusted certificates and try
+                 * again.  Thus the S_DOALTERNATE bit may yet be turned on
+                 * again with an even shorter untrusted chain!
+                 *
+                 * If in the process we threw away our matching PKIX-TA trust
+                 * anchor, reset DANE trust.  We might find a suitable trusted
+                 * certificate among the ones from the trust store.
+                 */
+                if ((search & S_DOALTERNATE) != 0) {
+                    if (!ossl_assert(num > i && i > 0 && ss == 0)) {
+                        X509err(X509_F_BUILD_CHAIN, ERR_R_INTERNAL_ERROR);
+                        X509_free(xtmp);
+                        trust = X509_TRUST_REJECTED;
+                        ctx->error = X509_V_ERR_UNSPECIFIED;
+                        search = 0;
+                        continue;
+                    }
+                    search &= ~S_DOALTERNATE;
+                    for (; num > i; --num)
+                        X509_free(sk_X509_pop(ctx->chain));
+                    ctx->num_untrusted = num;
+
+                    if (DANETLS_ENABLED(dane) &&
+                        dane->mdpth >= ctx->num_untrusted) {
+                        dane->mdpth = -1;
+                        X509_free(dane->mcert);
+                        dane->mcert = NULL;
+                    }
+                    if (DANETLS_ENABLED(dane) &&
+                        dane->pdpth >= ctx->num_untrusted)
+                        dane->pdpth = -1;
+                }
+
+                /*
+                 * Self-signed untrusted certificates get replaced by their
+                 * trusted matching issuer.  Otherwise, grow the chain.
+                 */
+                if (ss == 0) {
+                    if (!sk_X509_push(ctx->chain, x = xtmp)) {
+                        X509_free(xtmp);
+                        X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE);
+                        trust = X509_TRUST_REJECTED;
+                        ctx->error = X509_V_ERR_OUT_OF_MEM;
+                        search = 0;
+                        continue;
+                    }
+                    ss = cert_self_signed(x);
+                } else if (num == ctx->num_untrusted) {
+                    /*
+                     * We have a self-signed certificate that has the same
+                     * subject name (and perhaps keyid and/or serial number) as
+                     * a trust-anchor.  We must have an exact match to avoid
+                     * possible impersonation via key substitution etc.
+                     */
+                    if (X509_cmp(x, xtmp) != 0) {
+                        /* Self-signed untrusted mimic. */
+                        X509_free(xtmp);
+                        ok = 0;
+                    } else {
+                        X509_free(x);
+                        ctx->num_untrusted = --num;
+                        (void) sk_X509_set(ctx->chain, num, x = xtmp);
+                    }
+                }
+
+                /*
+                 * We've added a new trusted certificate to the chain, recheck
+                 * trust.  If not done, and not self-signed look deeper.
+                 * Whether or not we're doing "trusted first", we no longer
+                 * look for untrusted certificates from the peer's chain.
+                 *
+                 * At this point ctx->num_trusted and num must reflect the
+                 * correct number of untrusted certificates, since the DANE
+                 * logic in check_trust() depends on distinguishing CAs from
+                 * "the wire" from CAs from the trust store.  In particular, the
+                 * certificate at depth "num" should be the new trusted
+                 * certificate with ctx->num_untrusted <= num.
+                 */
+                if (ok) {
+                    if (!ossl_assert(ctx->num_untrusted <= num)) {
+                        X509err(X509_F_BUILD_CHAIN, ERR_R_INTERNAL_ERROR);
+                        trust = X509_TRUST_REJECTED;
+                        ctx->error = X509_V_ERR_UNSPECIFIED;
+                        search = 0;
+                        continue;
+                    }
+                    search &= ~S_DOUNTRUSTED;
+                    switch (trust = check_trust(ctx, num)) {
+                    case X509_TRUST_TRUSTED:
+                    case X509_TRUST_REJECTED:
+                        search = 0;
+                        continue;
+                    }
+                    if (ss == 0)
+                        continue;
+                }
+            }
+
+            /*
+             * No dispositive decision, and either self-signed or no match, if
+             * we were doing untrusted-first, and alt-chains are not disabled,
+             * do that, by repeatedly losing one untrusted element at a time,
+             * and trying to extend the shorted chain.
+             */
+            if ((search & S_DOUNTRUSTED) == 0) {
+                /* Continue search for a trusted issuer of a shorter chain? */
+                if ((search & S_DOALTERNATE) != 0 && --alt_untrusted > 0)
+                    continue;
+                /* Still no luck and no fallbacks left? */
+                if (!may_alternate || (search & S_DOALTERNATE) != 0 ||
+                    ctx->num_untrusted < 2)
+                    break;
+                /* Search for a trusted issuer of a shorter chain */
+                search |= S_DOALTERNATE;
+                alt_untrusted = ctx->num_untrusted - 1;
+                ss = 0;
+            }
+        }
+
+        /*
+         * Extend chain with peer-provided certificates
+         */
+        if ((search & S_DOUNTRUSTED) != 0) {
+            num = sk_X509_num(ctx->chain);
+            if (!ossl_assert(num == ctx->num_untrusted)) {
+                X509err(X509_F_BUILD_CHAIN, ERR_R_INTERNAL_ERROR);
+                trust = X509_TRUST_REJECTED;
+                ctx->error = X509_V_ERR_UNSPECIFIED;
+                search = 0;
+                continue;
+            }
+            x = sk_X509_value(ctx->chain, num-1);
 
-IMPLEMENT_ASN1_SET_OF(X509)
+            /*
+             * Once we run out of untrusted issuers, we stop looking for more
+             * and start looking only in the trust store if enabled.
+             */
+            xtmp = (ss || depth < num) ? NULL : find_issuer(ctx, sktmp, x);
+            if (xtmp == NULL) {
+                search &= ~S_DOUNTRUSTED;
+                if (may_trusted)
+                    search |= S_DOTRUSTED;
+                continue;
+            }
 
-IMPLEMENT_STACK_OF(X509_NAME)
+            /* Drop this issuer from future consideration */
+            (void) sk_X509_delete_ptr(sktmp, xtmp);
 
-IMPLEMENT_STACK_OF(X509_ATTRIBUTE)
+            if (!sk_X509_push(ctx->chain, xtmp)) {
+                X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE);
+                trust = X509_TRUST_REJECTED;
+                ctx->error = X509_V_ERR_OUT_OF_MEM;
+                search = 0;
+                continue;
+            }
+
+            X509_up_ref(x = xtmp);
+            ++ctx->num_untrusted;
+            ss = cert_self_signed(xtmp);
 
-IMPLEMENT_ASN1_SET_OF(X509_ATTRIBUTE)
+            /*
+             * Check for DANE-TA trust of the topmost untrusted certificate.
+             */
+            switch (trust = check_dane_issuer(ctx, ctx->num_untrusted - 1)) {
+            case X509_TRUST_TRUSTED:
+            case X509_TRUST_REJECTED:
+                search = 0;
+                continue;
+            }
+        }
+    }
+    sk_X509_free(sktmp);
+
+    /*
+     * Last chance to make a trusted chain, either bare DANE-TA public-key
+     * signers, or else direct leaf PKIX trust.
+     */
+    num = sk_X509_num(ctx->chain);
+    if (num <= depth) {
+        if (trust == X509_TRUST_UNTRUSTED && DANETLS_HAS_DANE_TA(dane))
+            trust = check_dane_pkeys(ctx);
+        if (trust == X509_TRUST_UNTRUSTED && num == ctx->num_untrusted)
+            trust = check_trust(ctx, num);
+    }
+
+    switch (trust) {
+    case X509_TRUST_TRUSTED:
+        return 1;
+    case X509_TRUST_REJECTED:
+        /* Callback already issued */
+        return 0;
+    case X509_TRUST_UNTRUSTED:
+    default:
+        num = sk_X509_num(ctx->chain);
+        if (num > depth)
+            return verify_cb_cert(ctx, NULL, num-1,
+                                  X509_V_ERR_CERT_CHAIN_TOO_LONG);
+        if (DANETLS_ENABLED(dane) &&
+            (!DANETLS_HAS_PKIX(dane) || dane->pdpth >= 0))
+            return verify_cb_cert(ctx, NULL, num-1, X509_V_ERR_DANE_NO_MATCH);
+        if (ss && sk_X509_num(ctx->chain) == 1)
+            return verify_cb_cert(ctx, NULL, num-1,
+                                  X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT);
+        if (ss)
+            return verify_cb_cert(ctx, NULL, num-1,
+                                  X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN);
+        if (ctx->num_untrusted < num)
+            return verify_cb_cert(ctx, NULL, num-1,
+                                  X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT);
+        return verify_cb_cert(ctx, NULL, num-1,
+                              X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY);
+    }
+}
+
+static const int minbits_table[] = { 80, 112, 128, 192, 256 };
+static const int NUM_AUTH_LEVELS = OSSL_NELEM(minbits_table);
+
+/*
+ * Check whether the public key of ``cert`` meets the security level of
+ * ``ctx``.
+ *
+ * Returns 1 on success, 0 otherwise.
+ */
+static int check_key_level(X509_STORE_CTX *ctx, X509 *cert)
+{
+    EVP_PKEY *pkey = X509_get0_pubkey(cert);
+    int level = ctx->param->auth_level;
+
+    /* Unsupported or malformed keys are not secure */
+    if (pkey == NULL)
+        return 0;
+
+    if (level <= 0)
+        return 1;
+    if (level > NUM_AUTH_LEVELS)
+        level = NUM_AUTH_LEVELS;
+
+    return EVP_PKEY_security_bits(pkey) >= minbits_table[level - 1];
+}
+
+/*
+ * Check whether the signature digest algorithm of ``cert`` meets the security
+ * level of ``ctx``.  Should not be checked for trust anchors (whether
+ * self-signed or otherwise).
+ *
+ * Returns 1 on success, 0 otherwise.
+ */
+static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert)
+{
+    int secbits = -1;
+    int level = ctx->param->auth_level;
+
+    if (level <= 0)
+        return 1;
+    if (level > NUM_AUTH_LEVELS)
+        level = NUM_AUTH_LEVELS;
+
+    if (!X509_get_signature_info(cert, NULL, NULL, &secbits, NULL))
+        return 0;
+
+    return secbits >= minbits_table[level - 1];
+}
diff --git a/freebsd/crypto/openssl/crypto/x509/x509_vpm.c b/freebsd/crypto/openssl/crypto/x509/x509_vpm.c
index ef78469e..d067ab51 100644
--- a/freebsd/crypto/openssl/crypto/x509/x509_vpm.c
+++ b/freebsd/crypto/openssl/crypto/x509/x509_vpm.c
@@ -1,74 +1,24 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* x509_vpm.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/crypto.h>
-#include <openssl/lhash.h>
 #include <openssl/buffer.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
+#include "internal/x509_int.h"
 
-#include "vpm_int.h"
+#include "x509_lcl.h"
 
 /* X509_VERIFY_PARAM functions */
 
@@ -85,9 +35,7 @@ static void str_free(char *s)
     OPENSSL_free(s);
 }
 
-#define string_stack_free(sk) sk_OPENSSL_STRING_pop_free(sk, str_free)
-
-static int int_x509_param_set_hosts(X509_VERIFY_PARAM_ID *id, int mode,
+static int int_x509_param_set_hosts(X509_VERIFY_PARAM *vpm, int mode,
                                     const char *name, size_t namelen)
 {
     char *copy;
@@ -103,28 +51,28 @@ static int int_x509_param_set_hosts(X509_VERIFY_PARAM_ID *id, int mode,
     if (namelen > 0 && name[namelen - 1] == '\0')
         --namelen;
 
-    if (mode == SET_HOST && id->hosts) {
-        string_stack_free(id->hosts);
-        id->hosts = NULL;
+    if (mode == SET_HOST) {
+        sk_OPENSSL_STRING_pop_free(vpm->hosts, str_free);
+        vpm->hosts = NULL;
     }
     if (name == NULL || namelen == 0)
         return 1;
 
-    copy = BUF_strndup(name, namelen);
+    copy = OPENSSL_strndup(name, namelen);
     if (copy == NULL)
         return 0;
 
-    if (id->hosts == NULL &&
-        (id->hosts = sk_OPENSSL_STRING_new_null()) == NULL) {
+    if (vpm->hosts == NULL &&
+        (vpm->hosts = sk_OPENSSL_STRING_new_null()) == NULL) {
         OPENSSL_free(copy);
         return 0;
     }
 
-    if (!sk_OPENSSL_STRING_push(id->hosts, copy)) {
+    if (!sk_OPENSSL_STRING_push(vpm->hosts, copy)) {
         OPENSSL_free(copy);
-        if (sk_OPENSSL_STRING_num(id->hosts) == 0) {
-            sk_OPENSSL_STRING_free(id->hosts);
-            id->hosts = NULL;
+        if (sk_OPENSSL_STRING_num(vpm->hosts) == 0) {
+            sk_OPENSSL_STRING_free(vpm->hosts);
+            vpm->hosts = NULL;
         }
         return 0;
     }
@@ -132,68 +80,20 @@ static int int_x509_param_set_hosts(X509_VERIFY_PARAM_ID *id, int mode,
     return 1;
 }
 
-static void x509_verify_param_zero(X509_VERIFY_PARAM *param)
-{
-    X509_VERIFY_PARAM_ID *paramid;
-    if (!param)
-        return;
-    param->name = NULL;
-    param->purpose = 0;
-    param->trust = 0;
-    /*
-     * param->inh_flags = X509_VP_FLAG_DEFAULT;
-     */
-    param->inh_flags = 0;
-    param->flags = 0;
-    param->depth = -1;
-    if (param->policies) {
-        sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
-        param->policies = NULL;
-    }
-    paramid = param->id;
-    if (paramid->hosts) {
-        string_stack_free(paramid->hosts);
-        paramid->hosts = NULL;
-    }
-    if (paramid->peername)
-        OPENSSL_free(paramid->peername);
-    paramid->peername = NULL;
-    if (paramid->email) {
-        OPENSSL_free(paramid->email);
-        paramid->email = NULL;
-        paramid->emaillen = 0;
-    }
-    if (paramid->ip) {
-        OPENSSL_free(paramid->ip);
-        paramid->ip = NULL;
-        paramid->iplen = 0;
-    }
-}
 
 X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void)
 {
     X509_VERIFY_PARAM *param;
-    X509_VERIFY_PARAM_ID *paramid;
 
-    param = OPENSSL_malloc(sizeof(*param));
-    if (!param)
-        return NULL;
-    memset(param, 0, sizeof(*param));
-
-    paramid = OPENSSL_malloc(sizeof(*paramid));
-    if (!paramid) {
-        OPENSSL_free(param);
+    param = OPENSSL_zalloc(sizeof(*param));
+    if (param == NULL) {
+        X509err(X509_F_X509_VERIFY_PARAM_NEW, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
-    memset(paramid, 0, sizeof(*paramid));
-    /* Exotic platforms may have non-zero bit representation of NULL */
-    paramid->hosts = NULL;
-    paramid->peername = NULL;
-    paramid->email = NULL;
-    paramid->ip = NULL;
-
-    param->id = paramid;
-    x509_verify_param_zero(param);
+    param->trust = X509_TRUST_DEFAULT;
+    /* param->inh_flags = X509_VP_FLAG_DEFAULT; */
+    param->depth = -1;
+    param->auth_level = -1; /* -1 means unset, 0 is explicit */
     return param;
 }
 
@@ -201,8 +101,11 @@ void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param)
 {
     if (param == NULL)
         return;
-    x509_verify_param_zero(param);
-    OPENSSL_free(param->id);
+    sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
+    sk_OPENSSL_STRING_pop_free(param->hosts, str_free);
+    OPENSSL_free(param->peername);
+    OPENSSL_free(param->email);
+    OPENSSL_free(param->ip);
     OPENSSL_free(param);
 }
 
@@ -244,11 +147,6 @@ void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param)
         (to_overwrite || \
                 ((src->field != def) && (to_default || (dest->field == def))))
 
-/* As above but for ID fields */
-
-#define test_x509_verify_param_copy_id(idf, def) \
-        test_x509_verify_param_copy(id->idf, def)
-
 /* Macro to test and copy a field if necessary */
 
 #define x509_verify_param_copy(field, def) \
@@ -260,10 +158,8 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
 {
     unsigned long inh_flags;
     int to_default, to_overwrite;
-    X509_VERIFY_PARAM_ID *id;
     if (!src)
         return 1;
-    id = src->id;
     inh_flags = dest->inh_flags | src->inh_flags;
 
     if (inh_flags & X509_VP_FLAG_ONCE)
@@ -283,8 +179,9 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
         to_overwrite = 0;
 
     x509_verify_param_copy(purpose, 0);
-    x509_verify_param_copy(trust, 0);
+    x509_verify_param_copy(trust, X509_TRUST_DEFAULT);
     x509_verify_param_copy(depth, -1);
+    x509_verify_param_copy(auth_level, -1);
 
     /* If overwrite or check time not set, copy across */
 
@@ -305,27 +202,25 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
     }
 
     /* Copy the host flags if and only if we're copying the host list */
-    if (test_x509_verify_param_copy_id(hosts, NULL)) {
-        if (dest->id->hosts) {
-            string_stack_free(dest->id->hosts);
-            dest->id->hosts = NULL;
-        }
-        if (id->hosts) {
-            dest->id->hosts =
-                sk_OPENSSL_STRING_deep_copy(id->hosts, str_copy, str_free);
-            if (dest->id->hosts == NULL)
+    if (test_x509_verify_param_copy(hosts, NULL)) {
+        sk_OPENSSL_STRING_pop_free(dest->hosts, str_free);
+        dest->hosts = NULL;
+        if (src->hosts) {
+            dest->hosts =
+                sk_OPENSSL_STRING_deep_copy(src->hosts, str_copy, str_free);
+            if (dest->hosts == NULL)
                 return 0;
-            dest->id->hostflags = id->hostflags;
+            dest->hostflags = src->hostflags;
         }
     }
 
-    if (test_x509_verify_param_copy_id(email, NULL)) {
-        if (!X509_VERIFY_PARAM_set1_email(dest, id->email, id->emaillen))
+    if (test_x509_verify_param_copy(email, NULL)) {
+        if (!X509_VERIFY_PARAM_set1_email(dest, src->email, src->emaillen))
             return 0;
     }
 
-    if (test_x509_verify_param_copy_id(ip, NULL)) {
-        if (!X509_VERIFY_PARAM_set1_ip(dest, id->ip, id->iplen))
+    if (test_x509_verify_param_copy(ip, NULL)) {
+        if (!X509_VERIFY_PARAM_set1_ip(dest, src->ip, src->iplen))
             return 0;
     }
 
@@ -348,30 +243,27 @@ static int int_x509_param_set1(char **pdest, size_t *pdestlen,
 {
     void *tmp;
     if (src) {
-        if (srclen == 0) {
-            tmp = BUF_strdup(src);
+        if (srclen == 0)
             srclen = strlen(src);
-        } else
-            tmp = BUF_memdup(src, srclen);
-        if (!tmp)
+
+        tmp = OPENSSL_memdup(src, srclen);
+        if (tmp == NULL)
             return 0;
     } else {
         tmp = NULL;
         srclen = 0;
     }
-    if (*pdest)
-        OPENSSL_free(*pdest);
+    OPENSSL_free(*pdest);
     *pdest = tmp;
-    if (pdestlen)
+    if (pdestlen != NULL)
         *pdestlen = srclen;
     return 1;
 }
 
 int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name)
 {
-    if (param->name)
-        OPENSSL_free(param->name);
-    param->name = BUF_strdup(name);
+    OPENSSL_free(param->name);
+    param->name = OPENSSL_strdup(name);
     if (param->name)
         return 1;
     return 0;
@@ -397,6 +289,17 @@ unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param)
     return param->flags;
 }
 
+uint32_t X509_VERIFY_PARAM_get_inh_flags(const X509_VERIFY_PARAM *param)
+{
+    return param->inh_flags;
+}
+
+int X509_VERIFY_PARAM_set_inh_flags(X509_VERIFY_PARAM *param, uint32_t flags)
+{
+    param->inh_flags = flags;
+    return 1;
+}
+
 int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose)
 {
     return X509_PURPOSE_set(&param->purpose, purpose);
@@ -412,6 +315,16 @@ void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth)
     param->depth = depth;
 }
 
+void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param, int auth_level)
+{
+    param->auth_level = auth_level;
+}
+
+time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param)
+{
+    return param->check_time;
+}
+
 void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t)
 {
     param->check_time = t;
@@ -436,10 +349,10 @@ int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
 {
     int i;
     ASN1_OBJECT *oid, *doid;
+
     if (!param)
         return 0;
-    if (param->policies)
-        sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
+    sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
 
     if (!policies) {
         param->policies = NULL;
@@ -467,30 +380,53 @@ int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
 int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
                                 const char *name, size_t namelen)
 {
-    return int_x509_param_set_hosts(param->id, SET_HOST, name, namelen);
+    return int_x509_param_set_hosts(param, SET_HOST, name, namelen);
 }
 
 int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
                                 const char *name, size_t namelen)
 {
-    return int_x509_param_set_hosts(param->id, ADD_HOST, name, namelen);
+    return int_x509_param_set_hosts(param, ADD_HOST, name, namelen);
 }
 
 void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
                                      unsigned int flags)
 {
-    param->id->hostflags = flags;
+    param->hostflags = flags;
+}
+
+unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param)
+{
+    return param->hostflags;
 }
 
 char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param)
 {
-    return param->id->peername;
+    return param->peername;
+}
+
+/*
+ * Move peername from one param structure to another, freeing any name present
+ * at the target.  If the source is a NULL parameter structure, free and zero
+ * the target peername.
+ */
+void X509_VERIFY_PARAM_move_peername(X509_VERIFY_PARAM *to,
+                                     X509_VERIFY_PARAM *from)
+{
+    char *peername = (from != NULL) ? from->peername : NULL;
+
+    if (to->peername != peername) {
+        OPENSSL_free(to->peername);
+        to->peername = peername;
+    }
+    if (from)
+        from->peername = NULL;
 }
 
 int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
                                  const char *email, size_t emaillen)
 {
-    return int_x509_param_set1(&param->id->email, &param->id->emaillen,
+    return int_x509_param_set1(&param->email, &param->emaillen,
                                email, emaillen);
 }
 
@@ -499,7 +435,7 @@ int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
 {
     if (iplen != 0 && iplen != 4 && iplen != 16)
         return 0;
-    return int_x509_param_set1((char **)&param->id->ip, &param->id->iplen,
+    return int_x509_param_set1((char **)&param->ip, &param->iplen,
                                (char *)ip, iplen);
 }
 
@@ -519,14 +455,17 @@ int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param)
     return param->depth;
 }
 
+int X509_VERIFY_PARAM_get_auth_level(const X509_VERIFY_PARAM *param)
+{
+    return param->auth_level;
+}
+
 const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param)
 {
     return param->name;
 }
 
-static X509_VERIFY_PARAM_ID _empty_id = { NULL, 0U, NULL, NULL, 0, NULL, 0 };
-
-#define vpm_empty_id (X509_VERIFY_PARAM_ID *)&_empty_id
+#define vpm_empty_id NULL, 0U, NULL, NULL, 0, NULL, 0
 
 /*
  * Default verify parameters: these are used for various applications and can
@@ -539,10 +478,11 @@ static const X509_VERIFY_PARAM default_table[] = {
      "default",                 /* X509 default parameters */
      0,                         /* Check time */
      0,                         /* internal flags */
-     0,                         /* flags */
+     X509_V_FLAG_TRUSTED_FIRST, /* flags */
      0,                         /* purpose */
      0,                         /* trust */
      100,                       /* depth */
+     -1,                        /* auth_level */
      NULL,                      /* policies */
      vpm_empty_id},
     {
@@ -553,6 +493,7 @@ static const X509_VERIFY_PARAM default_table[] = {
      X509_PURPOSE_SMIME_SIGN,   /* purpose */
      X509_TRUST_EMAIL,          /* trust */
      -1,                        /* depth */
+     -1,                        /* auth_level */
      NULL,                      /* policies */
      vpm_empty_id},
     {
@@ -563,6 +504,7 @@ static const X509_VERIFY_PARAM default_table[] = {
      X509_PURPOSE_SMIME_SIGN,   /* purpose */
      X509_TRUST_EMAIL,          /* trust */
      -1,                        /* depth */
+     -1,                        /* auth_level */
      NULL,                      /* policies */
      vpm_empty_id},
     {
@@ -573,6 +515,7 @@ static const X509_VERIFY_PARAM default_table[] = {
      X509_PURPOSE_SSL_CLIENT,   /* purpose */
      X509_TRUST_SSL_CLIENT,     /* trust */
      -1,                        /* depth */
+     -1,                        /* auth_level */
      NULL,                      /* policies */
      vpm_empty_id},
     {
@@ -583,6 +526,7 @@ static const X509_VERIFY_PARAM default_table[] = {
      X509_PURPOSE_SSL_SERVER,   /* purpose */
      X509_TRUST_SSL_SERVER,     /* trust */
      -1,                        /* depth */
+     -1,                        /* auth_level */
      NULL,                      /* policies */
      vpm_empty_id}
 };
@@ -607,16 +551,15 @@ int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param)
 {
     int idx;
     X509_VERIFY_PARAM *ptmp;
-    if (!param_table) {
+    if (param_table == NULL) {
         param_table = sk_X509_VERIFY_PARAM_new(param_cmp);
-        if (!param_table)
+        if (param_table == NULL)
             return 0;
     } else {
         idx = sk_X509_VERIFY_PARAM_find(param_table, param);
-        if (idx != -1) {
-            ptmp = sk_X509_VERIFY_PARAM_value(param_table, idx);
+        if (idx >= 0) {
+            ptmp = sk_X509_VERIFY_PARAM_delete(param_table, idx);
             X509_VERIFY_PARAM_free(ptmp);
-            (void)sk_X509_VERIFY_PARAM_delete(param_table, idx);
         }
     }
     if (!sk_X509_VERIFY_PARAM_push(param_table, param))
@@ -626,7 +569,7 @@ int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param)
 
 int X509_VERIFY_PARAM_get_count(void)
 {
-    int num = sizeof(default_table) / sizeof(X509_VERIFY_PARAM);
+    int num = OSSL_NELEM(default_table);
     if (param_table)
         num += sk_X509_VERIFY_PARAM_num(param_table);
     return num;
@@ -634,7 +577,7 @@ int X509_VERIFY_PARAM_get_count(void)
 
 const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id)
 {
-    int num = sizeof(default_table) / sizeof(X509_VERIFY_PARAM);
+    int num = OSSL_NELEM(default_table);
     if (id < num)
         return default_table + id;
     return sk_X509_VERIFY_PARAM_value(param_table, id - num);
@@ -646,19 +589,16 @@ const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name)
     X509_VERIFY_PARAM pm;
 
     pm.name = (char *)name;
-    if (param_table) {
+    if (param_table != NULL) {
         idx = sk_X509_VERIFY_PARAM_find(param_table, &pm);
-        if (idx != -1)
+        if (idx >= 0)
             return sk_X509_VERIFY_PARAM_value(param_table, idx);
     }
-    return OBJ_bsearch_table(&pm, default_table,
-                             sizeof(default_table) /
-                             sizeof(X509_VERIFY_PARAM));
+    return OBJ_bsearch_table(&pm, default_table, OSSL_NELEM(default_table));
 }
 
 void X509_VERIFY_PARAM_table_cleanup(void)
 {
-    if (param_table)
-        sk_X509_VERIFY_PARAM_pop_free(param_table, X509_VERIFY_PARAM_free);
+    sk_X509_VERIFY_PARAM_pop_free(param_table, X509_VERIFY_PARAM_free);
     param_table = NULL;
 }
diff --git a/freebsd/crypto/openssl/crypto/x509/x509cset.c b/freebsd/crypto/openssl/crypto/x509/x509cset.c
index 23884bbc..dd2d0ffb 100644
--- a/freebsd/crypto/openssl/crypto/x509/x509cset.c
+++ b/freebsd/crypto/openssl/crypto/x509/x509cset.c
@@ -1,121 +1,53 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/x509/x509cset.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
+#include "internal/refcount.h"
 #include <openssl/asn1.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
+#include "internal/x509_int.h"
 
 int X509_CRL_set_version(X509_CRL *x, long version)
 {
     if (x == NULL)
-        return (0);
-    if (x->crl->version == NULL) {
-        if ((x->crl->version = M_ASN1_INTEGER_new()) == NULL)
-            return (0);
+        return 0;
+    if (x->crl.version == NULL) {
+        if ((x->crl.version = ASN1_INTEGER_new()) == NULL)
+            return 0;
     }
-    return (ASN1_INTEGER_set(x->crl->version, version));
+    return ASN1_INTEGER_set(x->crl.version, version);
 }
 
 int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name)
 {
-    if ((x == NULL) || (x->crl == NULL))
-        return (0);
-    return (X509_NAME_set(&x->crl->issuer, name));
+    if (x == NULL)
+        return 0;
+    return X509_NAME_set(&x->crl.issuer, name);
 }
 
-int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm)
+int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm)
 {
-    ASN1_TIME *in;
-
     if (x == NULL)
-        return (0);
-    in = x->crl->lastUpdate;
-    if (in != tm) {
-        in = M_ASN1_TIME_dup(tm);
-        if (in != NULL) {
-            M_ASN1_TIME_free(x->crl->lastUpdate);
-            x->crl->lastUpdate = in;
-        }
-    }
-    return (in != NULL);
+        return 0;
+    return x509_set1_time(&x->crl.lastUpdate, tm);
 }
 
-int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm)
+int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm)
 {
-    ASN1_TIME *in;
-
     if (x == NULL)
-        return (0);
-    in = x->crl->nextUpdate;
-    if (in != tm) {
-        in = M_ASN1_TIME_dup(tm);
-        if (in != NULL) {
-            M_ASN1_TIME_free(x->crl->nextUpdate);
-            x->crl->nextUpdate = in;
-        }
-    }
-    return (in != NULL);
+        return 0;
+    return x509_set1_time(&x->crl.nextUpdate, tm);
 }
 
 int X509_CRL_sort(X509_CRL *c)
@@ -125,45 +57,129 @@ int X509_CRL_sort(X509_CRL *c)
     /*
      * sort the data so it will be written in serial number order
      */
-    sk_X509_REVOKED_sort(c->crl->revoked);
-    for (i = 0; i < sk_X509_REVOKED_num(c->crl->revoked); i++) {
-        r = sk_X509_REVOKED_value(c->crl->revoked, i);
+    sk_X509_REVOKED_sort(c->crl.revoked);
+    for (i = 0; i < sk_X509_REVOKED_num(c->crl.revoked); i++) {
+        r = sk_X509_REVOKED_value(c->crl.revoked, i);
         r->sequence = i;
     }
-    c->crl->enc.modified = 1;
+    c->crl.enc.modified = 1;
     return 1;
 }
 
+int X509_CRL_up_ref(X509_CRL *crl)
+{
+    int i;
+
+    if (CRYPTO_UP_REF(&crl->references, &i, crl->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("X509_CRL", crl);
+    REF_ASSERT_ISNT(i < 2);
+    return ((i > 1) ? 1 : 0);
+}
+
+long X509_CRL_get_version(const X509_CRL *crl)
+{
+    return ASN1_INTEGER_get(crl->crl.version);
+}
+
+const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl)
+{
+    return crl->crl.lastUpdate;
+}
+
+const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl)
+{
+    return crl->crl.nextUpdate;
+}
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl)
+{
+    return crl->crl.lastUpdate;
+}
+
+ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl)
+{
+    return crl->crl.nextUpdate;
+}
+#endif
+
+X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl)
+{
+    return crl->crl.issuer;
+}
+
+const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl)
+{
+    return crl->crl.extensions;
+}
+
+STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl)
+{
+    return crl->crl.revoked;
+}
+
+void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig,
+                             const X509_ALGOR **palg)
+{
+    if (psig != NULL)
+        *psig = &crl->signature;
+    if (palg != NULL)
+        *palg = &crl->sig_alg;
+}
+
+int X509_CRL_get_signature_nid(const X509_CRL *crl)
+{
+    return OBJ_obj2nid(crl->sig_alg.algorithm);
+}
+
+const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *x)
+{
+    return x->revocationDate;
+}
+
 int X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm)
 {
     ASN1_TIME *in;
 
     if (x == NULL)
-        return (0);
+        return 0;
     in = x->revocationDate;
     if (in != tm) {
-        in = M_ASN1_TIME_dup(tm);
+        in = ASN1_STRING_dup(tm);
         if (in != NULL) {
-            M_ASN1_TIME_free(x->revocationDate);
+            ASN1_TIME_free(x->revocationDate);
             x->revocationDate = in;
         }
     }
     return (in != NULL);
 }
 
+const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *x)
+{
+    return &x->serialNumber;
+}
+
 int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial)
 {
     ASN1_INTEGER *in;
 
     if (x == NULL)
-        return (0);
-    in = x->serialNumber;
-    if (in != serial) {
-        in = M_ASN1_INTEGER_dup(serial);
-        if (in != NULL) {
-            M_ASN1_INTEGER_free(x->serialNumber);
-            x->serialNumber = in;
-        }
-    }
-    return (in != NULL);
+        return 0;
+    in = &x->serialNumber;
+    if (in != serial)
+        return ASN1_STRING_copy(in, serial);
+    return 1;
+}
+
+const STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(const X509_REVOKED *r)
+{
+    return r->extensions;
+}
+
+int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp)
+{
+    crl->crl.enc.modified = 1;
+    return i2d_X509_CRL_INFO(&crl->crl, pp);
 }
diff --git a/freebsd/crypto/openssl/crypto/x509/x509name.c b/freebsd/crypto/openssl/crypto/x509/x509name.c
index d0347f02..f5a018f3 100644
--- a/freebsd/crypto/openssl/crypto/x509/x509name.c
+++ b/freebsd/crypto/openssl/crypto/x509/x509name.c
@@ -1,70 +1,22 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/x509/x509name.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include <openssl/stack.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
+#include <openssl/safestack.h>
 #include <openssl/asn1.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
+#include "internal/x509_int.h"
 
 int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len)
 {
@@ -72,33 +24,35 @@ int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len)
 
     obj = OBJ_nid2obj(nid);
     if (obj == NULL)
-        return (-1);
-    return (X509_NAME_get_text_by_OBJ(name, obj, buf, len));
+        return -1;
+    return X509_NAME_get_text_by_OBJ(name, obj, buf, len);
 }
 
-int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,
-                              int len)
+int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj,
+                              char *buf, int len)
 {
     int i;
-    ASN1_STRING *data;
+    const ASN1_STRING *data;
 
     i = X509_NAME_get_index_by_OBJ(name, obj, -1);
     if (i < 0)
-        return (-1);
+        return -1;
     data = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, i));
-    i = (data->length > (len - 1)) ? (len - 1) : data->length;
     if (buf == NULL)
-        return (data->length);
+        return data->length;
+    if (len <= 0)
+        return 0;
+    i = (data->length > (len - 1)) ? (len - 1) : data->length;
     memcpy(buf, data->data, i);
     buf[i] = '\0';
-    return (i);
+    return i;
 }
 
-int X509_NAME_entry_count(X509_NAME *name)
+int X509_NAME_entry_count(const X509_NAME *name)
 {
     if (name == NULL)
-        return (0);
-    return (sk_X509_NAME_ENTRY_num(name->entries));
+        return 0;
+    return sk_X509_NAME_ENTRY_num(name->entries);
 }
 
 int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos)
@@ -107,19 +61,19 @@ int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos)
 
     obj = OBJ_nid2obj(nid);
     if (obj == NULL)
-        return (-2);
-    return (X509_NAME_get_index_by_OBJ(name, obj, lastpos));
+        return -2;
+    return X509_NAME_get_index_by_OBJ(name, obj, lastpos);
 }
 
-/* NOTE: you should be passsing -1, not 0 as lastpos */
-int X509_NAME_get_index_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int lastpos)
+/* NOTE: you should be passing -1, not 0 as lastpos */
+int X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int lastpos)
 {
     int n;
     X509_NAME_ENTRY *ne;
     STACK_OF(X509_NAME_ENTRY) *sk;
 
     if (name == NULL)
-        return (-1);
+        return -1;
     if (lastpos < 0)
         lastpos = -1;
     sk = name->entries;
@@ -127,18 +81,18 @@ int X509_NAME_get_index_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int lastpos)
     for (lastpos++; lastpos < n; lastpos++) {
         ne = sk_X509_NAME_ENTRY_value(sk, lastpos);
         if (OBJ_cmp(ne->object, obj) == 0)
-            return (lastpos);
+            return lastpos;
     }
-    return (-1);
+    return -1;
 }
 
-X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc)
+X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc)
 {
     if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc
         || loc < 0)
-        return (NULL);
-    else
-        return (sk_X509_NAME_ENTRY_value(name->entries, loc));
+        return NULL;
+
+    return sk_X509_NAME_ENTRY_value(name->entries, loc);
 }
 
 X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc)
@@ -149,13 +103,14 @@ X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc)
 
     if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc
         || loc < 0)
-        return (NULL);
+        return NULL;
+
     sk = name->entries;
     ret = sk_X509_NAME_ENTRY_delete(sk, loc);
     n = sk_X509_NAME_ENTRY_num(sk);
     name->modified = 1;
     if (loc == n)
-        return (ret);
+        return ret;
 
     /* else we need to fixup the set field */
     if (loc != 0)
@@ -177,15 +132,16 @@ X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc)
     if (set_prev + 1 < set_next)
         for (i = loc; i < n; i++)
             sk_X509_NAME_ENTRY_value(sk, i)->set--;
-    return (ret);
+    return ret;
 }
 
-int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type,
-                               unsigned char *bytes, int len, int loc,
+int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type,
+                               const unsigned char *bytes, int len, int loc,
                                int set)
 {
     X509_NAME_ENTRY *ne;
     int ret;
+
     ne = X509_NAME_ENTRY_create_by_OBJ(NULL, obj, type, bytes, len);
     if (!ne)
         return 0;
@@ -195,7 +151,7 @@ int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type,
 }
 
 int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
-                               unsigned char *bytes, int len, int loc,
+                               const unsigned char *bytes, int len, int loc,
                                int set)
 {
     X509_NAME_ENTRY *ne;
@@ -226,7 +182,7 @@ int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type,
  * if set is -1, append to previous set, 0 'a new one', and 1, prepend to the
  * guy we are about to stomp on.
  */
-int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc,
+int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, int loc,
                         int set)
 {
     X509_NAME_ENTRY *new_name = NULL;
@@ -234,14 +190,14 @@ int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc,
     STACK_OF(X509_NAME_ENTRY) *sk;
 
     if (name == NULL)
-        return (0);
+        return 0;
     sk = name->entries;
     n = sk_X509_NAME_ENTRY_num(sk);
     if (loc > n)
         loc = n;
     else if (loc < 0)
         loc = n;
-
+    inc = (set == 0);
     name->modified = 1;
 
     if (set == -1) {
@@ -250,7 +206,6 @@ int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc,
             inc = 1;
         } else {
             set = sk_X509_NAME_ENTRY_value(sk, loc - 1)->set;
-            inc = 0;
         }
     } else {                    /* if (set >= 0) */
 
@@ -261,10 +216,13 @@ int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc,
                 set = 0;
         } else
             set = sk_X509_NAME_ENTRY_value(sk, loc)->set;
-        inc = (set == 0) ? 1 : 0;
     }
 
-    if ((new_name = X509_NAME_ENTRY_dup(ne)) == NULL)
+    /*
+     * X509_NAME_ENTRY_dup is ASN1 generated code, that can't be easily
+     * const'ified; harmless cast since dup() don't modify its input.
+     */
+    if ((new_name = X509_NAME_ENTRY_dup((X509_NAME_ENTRY *)ne)) == NULL)
         goto err;
     new_name->set = set;
     if (!sk_X509_NAME_ENTRY_insert(sk, new_name, loc)) {
@@ -274,13 +232,12 @@ int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc,
     if (inc) {
         n = sk_X509_NAME_ENTRY_num(sk);
         for (i = loc + 1; i < n; i++)
-            sk_X509_NAME_ENTRY_value(sk, i - 1)->set += 1;
+            sk_X509_NAME_ENTRY_value(sk, i)->set += 1;
     }
-    return (1);
+    return 1;
  err:
-    if (new_name != NULL)
-        X509_NAME_ENTRY_free(new_name);
-    return (0);
+    X509_NAME_ENTRY_free(new_name);
+    return 0;
 }
 
 X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
@@ -296,7 +253,7 @@ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
         X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT,
                 X509_R_INVALID_FIELD_NAME);
         ERR_add_error_data(2, "name=", field);
-        return (NULL);
+        return NULL;
     }
     nentry = X509_NAME_ENTRY_create_by_OBJ(ne, obj, type, bytes, len);
     ASN1_OBJECT_free(obj);
@@ -304,7 +261,8 @@ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
 }
 
 X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
-                                               int type, unsigned char *bytes,
+                                               int type,
+                                               const unsigned char *bytes,
                                                int len)
 {
     ASN1_OBJECT *obj;
@@ -313,7 +271,7 @@ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
     obj = OBJ_nid2obj(nid);
     if (obj == NULL) {
         X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_NID, X509_R_UNKNOWN_NID);
-        return (NULL);
+        return NULL;
     }
     nentry = X509_NAME_ENTRY_create_by_OBJ(ne, obj, type, bytes, len);
     ASN1_OBJECT_free(obj);
@@ -321,7 +279,7 @@ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
 }
 
 X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
-                                               ASN1_OBJECT *obj, int type,
+                                               const ASN1_OBJECT *obj, int type,
                                                const unsigned char *bytes,
                                                int len)
 {
@@ -329,7 +287,7 @@ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
 
     if ((ne == NULL) || (*ne == NULL)) {
         if ((ret = X509_NAME_ENTRY_new()) == NULL)
-            return (NULL);
+            return NULL;
     } else
         ret = *ne;
 
@@ -340,19 +298,19 @@ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
 
     if ((ne != NULL) && (*ne == NULL))
         *ne = ret;
-    return (ret);
+    return ret;
  err:
     if ((ne == NULL) || (ret != *ne))
         X509_NAME_ENTRY_free(ret);
-    return (NULL);
+    return NULL;
 }
 
-int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj)
+int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj)
 {
     if ((ne == NULL) || (obj == NULL)) {
         X509err(X509_F_X509_NAME_ENTRY_SET_OBJECT,
                 ERR_R_PASSED_NULL_PARAMETER);
-        return (0);
+        return 0;
     }
     ASN1_OBJECT_free(ne->object);
     ne->object = OBJ_dup(obj);
@@ -365,7 +323,7 @@ int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
     int i;
 
     if ((ne == NULL) || ((bytes == NULL) && (len != 0)))
-        return (0);
+        return 0;
     if ((type > 0) && (type & MBSTRING_FLAG))
         return ASN1_STRING_set_by_NID(&ne->value, bytes,
                                       len, type,
@@ -374,26 +332,31 @@ int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
         len = strlen((const char *)bytes);
     i = ASN1_STRING_set(ne->value, bytes, len);
     if (!i)
-        return (0);
+        return 0;
     if (type != V_ASN1_UNDEF) {
         if (type == V_ASN1_APP_CHOOSE)
             ne->value->type = ASN1_PRINTABLE_type(bytes, len);
         else
             ne->value->type = type;
     }
-    return (1);
+    return 1;
 }
 
-ASN1_OBJECT *X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne)
+ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne)
 {
     if (ne == NULL)
-        return (NULL);
-    return (ne->object);
+        return NULL;
+    return ne->object;
 }
 
-ASN1_STRING *X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne)
+ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne)
 {
     if (ne == NULL)
-        return (NULL);
-    return (ne->value);
+        return NULL;
+    return ne->value;
+}
+
+int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne)
+{
+    return ne->set;
 }
diff --git a/freebsd/crypto/openssl/crypto/x509/x509rset.c b/freebsd/crypto/openssl/crypto/x509/x509rset.c
index 307eb456..4bfb8964 100644
--- a/freebsd/crypto/openssl/crypto/x509/x509rset.c
+++ b/freebsd/crypto/openssl/crypto/x509/x509rset.c
@@ -1,87 +1,42 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/x509/x509rset.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
+#include "internal/x509_int.h"
 
 int X509_REQ_set_version(X509_REQ *x, long version)
 {
     if (x == NULL)
-        return (0);
-    return (ASN1_INTEGER_set(x->req_info->version, version));
+        return 0;
+    x->req_info.enc.modified = 1;
+    return ASN1_INTEGER_set(x->req_info.version, version);
 }
 
 int X509_REQ_set_subject_name(X509_REQ *x, X509_NAME *name)
 {
-    if ((x == NULL) || (x->req_info == NULL))
-        return (0);
-    return (X509_NAME_set(&x->req_info->subject, name));
+    if (x == NULL)
+        return 0;
+    x->req_info.enc.modified = 1;
+    return X509_NAME_set(&x->req_info.subject, name);
 }
 
 int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey)
 {
-    if ((x == NULL) || (x->req_info == NULL))
-        return (0);
-    return (X509_PUBKEY_set(&x->req_info->pubkey, pkey));
+    if (x == NULL)
+        return 0;
+    x->req_info.enc.modified = 1;
+    return X509_PUBKEY_set(&x->req_info.pubkey, pkey);
 }
diff --git a/freebsd/crypto/openssl/crypto/x509/x509spki.c b/freebsd/crypto/openssl/crypto/x509/x509spki.c
index c79fc4b7..2030a909 100644
--- a/freebsd/crypto/openssl/crypto/x509/x509spki.c
+++ b/freebsd/crypto/openssl/crypto/x509/x509spki.c
@@ -1,80 +1,30 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* x509spki.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/x509.h>
 
 int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey)
 {
     if ((x == NULL) || (x->spkac == NULL))
-        return (0);
-    return (X509_PUBKEY_set(&(x->spkac->pubkey), pkey));
+        return 0;
+    return X509_PUBKEY_set(&(x->spkac->pubkey), pkey);
 }
 
 EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x)
 {
     if ((x == NULL) || (x->spkac == NULL))
-        return (NULL);
-    return (X509_PUBKEY_get(x->spkac->pubkey));
+        return NULL;
+    return X509_PUBKEY_get(x->spkac->pubkey);
 }
 
 /* Load a Netscape SPKI from a base64 encoded string */
@@ -87,7 +37,7 @@ NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *str, int len)
     NETSCAPE_SPKI *spki;
     if (len <= 0)
         len = strlen(str);
-    if (!(spki_der = OPENSSL_malloc(len + 1))) {
+    if ((spki_der = OPENSSL_malloc(len + 1)) == NULL) {
         X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
@@ -113,10 +63,10 @@ char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki)
     der_len = i2d_NETSCAPE_SPKI(spki, NULL);
     der_spki = OPENSSL_malloc(der_len);
     b64_str = OPENSSL_malloc(der_len * 2);
-    if (!der_spki || !b64_str) {
+    if (der_spki == NULL || b64_str == NULL) {
+        X509err(X509_F_NETSCAPE_SPKI_B64_ENCODE, ERR_R_MALLOC_FAILURE);
         OPENSSL_free(der_spki);
         OPENSSL_free(b64_str);
-        X509err(X509_F_NETSCAPE_SPKI_B64_ENCODE, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
     p = der_spki;
diff --git a/freebsd/crypto/openssl/crypto/x509/x509type.c b/freebsd/crypto/openssl/crypto/x509/x509type.c
index dc474f9a..4cf53f83 100644
--- a/freebsd/crypto/openssl/crypto/x509/x509type.c
+++ b/freebsd/crypto/openssl/crypto/x509/x509type.c
@@ -1,109 +1,68 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/x509/x509type.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 
-int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
+int X509_certificate_type(const X509 *x, const EVP_PKEY *pkey)
 {
-    EVP_PKEY *pk;
+    const EVP_PKEY *pk;
     int ret = 0, i;
 
     if (x == NULL)
-        return (0);
+        return 0;
 
     if (pkey == NULL)
-        pk = X509_get_pubkey(x);
+        pk = X509_get0_pubkey(x);
     else
         pk = pkey;
 
     if (pk == NULL)
-        return (0);
+        return 0;
 
-    switch (pk->type) {
+    switch (EVP_PKEY_id(pk)) {
     case EVP_PKEY_RSA:
         ret = EVP_PK_RSA | EVP_PKT_SIGN;
 /*              if (!sign only extension) */
         ret |= EVP_PKT_ENC;
         break;
+    case EVP_PKEY_RSA_PSS:
+        ret = EVP_PK_RSA | EVP_PKT_SIGN;
+        break;
     case EVP_PKEY_DSA:
         ret = EVP_PK_DSA | EVP_PKT_SIGN;
         break;
     case EVP_PKEY_EC:
         ret = EVP_PK_EC | EVP_PKT_SIGN | EVP_PKT_EXCH;
         break;
+    case EVP_PKEY_ED448:
+    case EVP_PKEY_ED25519:
+        ret = EVP_PKT_SIGN;
+        break;
     case EVP_PKEY_DH:
         ret = EVP_PK_DH | EVP_PKT_EXCH;
         break;
-    case NID_id_GostR3410_94:
     case NID_id_GostR3410_2001:
+    case NID_id_GostR3410_2012_256:
+    case NID_id_GostR3410_2012_512:
         ret = EVP_PKT_EXCH | EVP_PKT_SIGN;
         break;
     default:
         break;
     }
 
-    i = OBJ_obj2nid(x->sig_alg->algorithm);
+    i = X509_get_signature_nid(x);
     if (i && OBJ_find_sigid_algs(i, NULL, &i)) {
 
         switch (i) {
@@ -123,7 +82,5 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
         }
     }
 
-    if (pkey == NULL)
-        EVP_PKEY_free(pk);
-    return (ret);
+    return ret;
 }
diff --git a/freebsd/crypto/openssl/crypto/x509/x_all.c b/freebsd/crypto/openssl/crypto/x509/x_all.c
index a5c28944..a95ae369 100644
--- a/freebsd/crypto/openssl/crypto/x509/x_all.c
+++ b/freebsd/crypto/openssl/crypto/x509/x_all.c
@@ -1,161 +1,114 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/x509/x_all.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include <openssl/stack.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/buffer.h>
 #include <openssl/asn1.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
+#include "internal/x509_int.h"
 #include <openssl/ocsp.h>
-#ifndef OPENSSL_NO_RSA
-# include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-# include <openssl/dsa.h>
-#endif
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/x509v3.h>
 
 int X509_verify(X509 *a, EVP_PKEY *r)
 {
-    if (X509_ALGOR_cmp(a->sig_alg, a->cert_info->signature))
+    if (X509_ALGOR_cmp(&a->sig_alg, &a->cert_info.signature))
         return 0;
-    return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF), a->sig_alg,
-                             a->signature, a->cert_info, r));
+    return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF), &a->sig_alg,
+                             &a->signature, &a->cert_info, r));
 }
 
 int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r)
 {
     return (ASN1_item_verify(ASN1_ITEM_rptr(X509_REQ_INFO),
-                             a->sig_alg, a->signature, a->req_info, r));
+                             &a->sig_alg, a->signature, &a->req_info, r));
 }
 
 int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r)
 {
     return (ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC),
-                             a->sig_algor, a->signature, a->spkac, r));
+                             &a->sig_algor, a->signature, a->spkac, r));
 }
 
 int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
 {
-    x->cert_info->enc.modified = 1;
-    return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), x->cert_info->signature,
-                           x->sig_alg, x->signature, x->cert_info, pkey, md));
+    x->cert_info.enc.modified = 1;
+    return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), &x->cert_info.signature,
+                           &x->sig_alg, &x->signature, &x->cert_info, pkey,
+                           md));
 }
 
 int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx)
 {
-    x->cert_info->enc.modified = 1;
+    x->cert_info.enc.modified = 1;
     return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF),
-                              x->cert_info->signature,
-                              x->sig_alg, x->signature, x->cert_info, ctx);
+                              &x->cert_info.signature,
+                              &x->sig_alg, &x->signature, &x->cert_info, ctx);
 }
 
+#ifndef OPENSSL_NO_OCSP
 int X509_http_nbio(OCSP_REQ_CTX *rctx, X509 **pcert)
 {
     return OCSP_REQ_CTX_nbio_d2i(rctx,
                                  (ASN1_VALUE **)pcert, ASN1_ITEM_rptr(X509));
 }
+#endif
 
 int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md)
 {
-    return (ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO), x->sig_alg, NULL,
-                           x->signature, x->req_info, pkey, md));
+    return (ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO), &x->sig_alg, NULL,
+                           x->signature, &x->req_info, pkey, md));
 }
 
 int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx)
 {
     return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_REQ_INFO),
-                              x->sig_alg, NULL, x->signature, x->req_info,
+                              &x->sig_alg, NULL, x->signature, &x->req_info,
                               ctx);
 }
 
 int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)
 {
-    x->crl->enc.modified = 1;
-    return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO), x->crl->sig_alg,
-                           x->sig_alg, x->signature, x->crl, pkey, md));
+    x->crl.enc.modified = 1;
+    return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO), &x->crl.sig_alg,
+                           &x->sig_alg, &x->signature, &x->crl, pkey, md));
 }
 
 int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx)
 {
-    x->crl->enc.modified = 1;
+    x->crl.enc.modified = 1;
     return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO),
-                              x->crl->sig_alg, x->sig_alg, x->signature,
-                              x->crl, ctx);
+                              &x->crl.sig_alg, &x->sig_alg, &x->signature,
+                              &x->crl, ctx);
 }
 
+#ifndef OPENSSL_NO_OCSP
 int X509_CRL_http_nbio(OCSP_REQ_CTX *rctx, X509_CRL **pcrl)
 {
     return OCSP_REQ_CTX_nbio_d2i(rctx,
                                  (ASN1_VALUE **)pcrl,
                                  ASN1_ITEM_rptr(X509_CRL));
 }
+#endif
 
 int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md)
 {
-    return (ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), x->sig_algor, NULL,
+    return (ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), &x->sig_algor, NULL,
                            x->signature, x->spkac, pkey, md));
 }
 
-#ifndef OPENSSL_NO_FP_API
+#ifndef OPENSSL_NO_STDIO
 X509 *d2i_X509_fp(FILE *fp, X509 **x509)
 {
     return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509), fp, x509);
@@ -177,7 +130,7 @@ int i2d_X509_bio(BIO *bp, X509 *x509)
     return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509), bp, x509);
 }
 
-#ifndef OPENSSL_NO_FP_API
+#ifndef OPENSSL_NO_STDIO
 X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl)
 {
     return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
@@ -199,7 +152,7 @@ int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl)
     return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
 }
 
-#ifndef OPENSSL_NO_FP_API
+#ifndef OPENSSL_NO_STDIO
 PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7)
 {
     return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
@@ -221,7 +174,7 @@ int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7)
     return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
 }
 
-#ifndef OPENSSL_NO_FP_API
+#ifndef OPENSSL_NO_STDIO
 X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req)
 {
     return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
@@ -245,7 +198,7 @@ int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req)
 
 #ifndef OPENSSL_NO_RSA
 
-# ifndef OPENSSL_NO_FP_API
+# ifndef OPENSSL_NO_STDIO
 RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa)
 {
     return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
@@ -311,7 +264,7 @@ int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa)
 #endif
 
 #ifndef OPENSSL_NO_DSA
-# ifndef OPENSSL_NO_FP_API
+# ifndef OPENSSL_NO_STDIO
 DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa)
 {
     return ASN1_d2i_fp_of(DSA, DSA_new, d2i_DSAPrivateKey, fp, dsa);
@@ -356,7 +309,7 @@ int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa)
 #endif
 
 #ifndef OPENSSL_NO_EC
-# ifndef OPENSSL_NO_FP_API
+# ifndef OPENSSL_NO_STDIO
 EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey)
 {
     return ASN1_d2i_fp_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, fp, eckey);
@@ -411,6 +364,13 @@ int X509_pubkey_digest(const X509 *data, const EVP_MD *type,
 int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
                 unsigned int *len)
 {
+    if (type == EVP_sha1() && (data->ex_flags & EXFLAG_SET) != 0) {
+        /* Asking for SHA1 and we already computed it. */
+        if (len != NULL)
+            *len = sizeof(data->sha1_hash);
+        memcpy(md, data->sha1_hash, sizeof(data->sha1_hash));
+        return 1;
+    }
     return (ASN1_item_digest
             (ASN1_ITEM_rptr(X509), type, (char *)data, md, len));
 }
@@ -418,6 +378,13 @@ int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
 int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type,
                     unsigned char *md, unsigned int *len)
 {
+    if (type == EVP_sha1() && (data->flags & EXFLAG_SET) != 0) {
+        /* Asking for SHA1; always computed in CRL d2i. */
+        if (len != NULL)
+            *len = sizeof(data->sha1_hash);
+        memcpy(md, data->sha1_hash, sizeof(data->sha1_hash));
+        return 1;
+    }
     return (ASN1_item_digest
             (ASN1_ITEM_rptr(X509_CRL), type, (char *)data, md, len));
 }
@@ -444,7 +411,7 @@ int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,
                              (char *)data, md, len));
 }
 
-#ifndef OPENSSL_NO_FP_API
+#ifndef OPENSSL_NO_STDIO
 X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8)
 {
     return ASN1_d2i_fp_of(X509_SIG, X509_SIG_new, d2i_X509_SIG, fp, p8);
@@ -466,7 +433,7 @@ int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8)
     return ASN1_i2d_bio_of(X509_SIG, i2d_X509_SIG, bp, p8);
 }
 
-#ifndef OPENSSL_NO_FP_API
+#ifndef OPENSSL_NO_STDIO
 PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
                                                 PKCS8_PRIV_KEY_INFO **p8inf)
 {
diff --git a/freebsd/crypto/openssl/crypto/x509/x_attrib.c b/freebsd/crypto/openssl/crypto/x509/x_attrib.c
new file mode 100644
index 00000000..8622f7a5
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/x509/x_attrib.c
@@ -0,0 +1,57 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include "x509_lcl.h"
+
+/*-
+ * X509_ATTRIBUTE: this has the following form:
+ *
+ * typedef struct x509_attributes_st
+ *      {
+ *      ASN1_OBJECT *object;
+ *      STACK_OF(ASN1_TYPE) *set;
+ *      } X509_ATTRIBUTE;
+ *
+ */
+
+ASN1_SEQUENCE(X509_ATTRIBUTE) = {
+        ASN1_SIMPLE(X509_ATTRIBUTE, object, ASN1_OBJECT),
+        ASN1_SET_OF(X509_ATTRIBUTE, set, ASN1_ANY)
+} ASN1_SEQUENCE_END(X509_ATTRIBUTE)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_ATTRIBUTE)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_ATTRIBUTE)
+
+X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
+{
+    X509_ATTRIBUTE *ret = NULL;
+    ASN1_TYPE *val = NULL;
+
+    if ((ret = X509_ATTRIBUTE_new()) == NULL)
+        return NULL;
+    ret->object = OBJ_nid2obj(nid);
+    if ((val = ASN1_TYPE_new()) == NULL)
+        goto err;
+    if (!sk_ASN1_TYPE_push(ret->set, val))
+        goto err;
+
+    ASN1_TYPE_set(val, atrtype, value);
+    return ret;
+ err:
+    X509_ATTRIBUTE_free(ret);
+    ASN1_TYPE_free(val);
+    return NULL;
+}
diff --git a/freebsd/crypto/openssl/crypto/asn1/x_crl.c b/freebsd/crypto/openssl/crypto/x509/x_crl.c
index 98027819..0f08e663 100644
--- a/freebsd/crypto/openssl/crypto/asn1/x_crl.c
+++ b/freebsd/crypto/openssl/crypto/x509/x_crl.c
@@ -1,76 +1,28 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/asn1/x_crl.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
-#include "asn1_locl.h"
 #include <openssl/x509.h>
+#include "internal/x509_int.h"
 #include <openssl/x509v3.h>
+#include "x509_lcl.h"
 
 static int X509_REVOKED_cmp(const X509_REVOKED *const *a,
                             const X509_REVOKED *const *b);
 static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp);
 
 ASN1_SEQUENCE(X509_REVOKED) = {
-        ASN1_SIMPLE(X509_REVOKED,serialNumber, ASN1_INTEGER),
+        ASN1_EMBED(X509_REVOKED,serialNumber, ASN1_INTEGER),
         ASN1_SIMPLE(X509_REVOKED,revocationDate, ASN1_TIME),
         ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION)
 } ASN1_SEQUENCE_END(X509_REVOKED)
@@ -91,7 +43,7 @@ static const X509_CRL_METHOD *default_crl_method = &int_crl_meth;
 
 /*
  * The X509_CRL_INFO structure needs a bit of customisation. Since we cache
- * the original encoding the signature wont be affected by reordering of the
+ * the original encoding the signature won't be affected by reordering of the
  * revoked field.
  */
 static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
@@ -116,7 +68,7 @@ static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
 
 ASN1_SEQUENCE_enc(X509_CRL_INFO, enc, crl_inf_cb) = {
         ASN1_OPT(X509_CRL_INFO, version, ASN1_INTEGER),
-        ASN1_SIMPLE(X509_CRL_INFO, sig_alg, X509_ALGOR),
+        ASN1_EMBED(X509_CRL_INFO, sig_alg, X509_ALGOR),
         ASN1_SIMPLE(X509_CRL_INFO, issuer, X509_NAME),
         ASN1_SIMPLE(X509_CRL_INFO, lastUpdate, ASN1_TIME),
         ASN1_OPT(X509_CRL_INFO, nextUpdate, ASN1_TIME),
@@ -181,8 +133,8 @@ static int crl_set_issuers(X509_CRL *crl)
 
         for (j = 0; j < sk_X509_EXTENSION_num(exts); j++) {
             ext = sk_X509_EXTENSION_value(exts, j);
-            if (ext->critical > 0) {
-                if (OBJ_obj2nid(ext->object) == NID_certificate_issuer)
+            if (X509_EXTENSION_get_critical(ext)) {
+                if (OBJ_obj2nid(X509_EXTENSION_get_object(ext)) == NID_certificate_issuer)
                     continue;
                 crl->flags |= EXFLAG_CRITICAL;
                 break;
@@ -222,9 +174,7 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
         break;
 
     case ASN1_OP_D2I_POST:
-#ifndef OPENSSL_NO_SHA
         X509_CRL_digest(crl, EVP_sha1(), crl->sha1_hash, NULL);
-#endif
         crl->idp = X509_CRL_get_ext_d2i(crl,
                                         NID_issuing_distribution_point, NULL,
                                         NULL);
@@ -252,16 +202,15 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
          * directly: applications shouldn't do this.
          */
 
-        exts = crl->crl->extensions;
+        exts = crl->crl.extensions;
 
         for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++) {
             int nid;
-
             ext = sk_X509_EXTENSION_value(exts, idx);
-            nid = OBJ_obj2nid(ext->object);
+            nid = OBJ_obj2nid(X509_EXTENSION_get_object(ext));
             if (nid == NID_freshest_crl)
                 crl->flags |= EXFLAG_FRESHEST;
-            if (ext->critical > 0) {
+            if (X509_EXTENSION_get_critical(ext)) {
                 /* We handle IDP and deltas */
                 if ((nid == NID_issuing_distribution_point)
                     || (nid == NID_authority_key_identifier)
@@ -279,6 +228,8 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
             if (crl->meth->crl_init(crl) == 0)
                 return 0;
         }
+
+        crl->flags |= EXFLAG_SET;
         break;
 
     case ASN1_OP_FREE_POST:
@@ -286,10 +237,8 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
             if (!crl->meth->crl_free(crl))
                 return 0;
         }
-        if (crl->akid)
-            AUTHORITY_KEYID_free(crl->akid);
-        if (crl->idp)
-            ISSUING_DIST_POINT_free(crl->idp);
+        AUTHORITY_KEYID_free(crl->akid);
+        ISSUING_DIST_POINT_free(crl->idp);
         ASN1_INTEGER_free(crl->crl_number);
         ASN1_INTEGER_free(crl->base_crl_number);
         sk_GENERAL_NAMES_pop_free(crl->issuers, GENERAL_NAMES_free);
@@ -336,10 +285,10 @@ static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp)
     DIST_POINT_set_dpname(idp->distpoint, X509_CRL_get_issuer(crl));
 }
 
-ASN1_SEQUENCE_ref(X509_CRL, crl_cb, CRYPTO_LOCK_X509_CRL) = {
-        ASN1_SIMPLE(X509_CRL, crl, X509_CRL_INFO),
-        ASN1_SIMPLE(X509_CRL, sig_alg, X509_ALGOR),
-        ASN1_SIMPLE(X509_CRL, signature, ASN1_BIT_STRING)
+ASN1_SEQUENCE_ref(X509_CRL, crl_cb) = {
+        ASN1_EMBED(X509_CRL, crl, X509_CRL_INFO),
+        ASN1_EMBED(X509_CRL, sig_alg, X509_ALGOR),
+        ASN1_EMBED(X509_CRL, signature, ASN1_BIT_STRING)
 } ASN1_SEQUENCE_END_ref(X509_CRL, X509_CRL)
 
 IMPLEMENT_ASN1_FUNCTIONS(X509_REVOKED)
@@ -355,17 +304,18 @@ IMPLEMENT_ASN1_DUP_FUNCTION(X509_CRL)
 static int X509_REVOKED_cmp(const X509_REVOKED *const *a,
                             const X509_REVOKED *const *b)
 {
-    return (ASN1_STRING_cmp((ASN1_STRING *)(*a)->serialNumber,
-                            (ASN1_STRING *)(*b)->serialNumber));
+    return (ASN1_STRING_cmp((ASN1_STRING *)&(*a)->serialNumber,
+                            (ASN1_STRING *)&(*b)->serialNumber));
 }
 
 int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
 {
     X509_CRL_INFO *inf;
-    inf = crl->crl;
-    if (!inf->revoked)
+
+    inf = &crl->crl;
+    if (inf->revoked == NULL)
         inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp);
-    if (!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev)) {
+    if (inf->revoked == NULL || !sk_X509_REVOKED_push(inf->revoked, rev)) {
         ASN1err(ASN1_F_X509_CRL_ADD0_REVOKED, ERR_R_MALLOC_FAILURE);
         return 0;
     }
@@ -400,7 +350,7 @@ int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x)
 static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r)
 {
     return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO),
-                             crl->sig_alg, crl->signature, crl->crl, r));
+                             &crl->sig_alg, &crl->signature, &crl->crl, r));
 }
 
 static int crl_revoked_issuer_match(X509_CRL *crl, X509_NAME *nm,
@@ -435,24 +385,28 @@ static int def_crl_lookup(X509_CRL *crl,
                           X509_NAME *issuer)
 {
     X509_REVOKED rtmp, *rev;
-    int idx;
-    rtmp.serialNumber = serial;
+    int idx, num;
+
+    if (crl->crl.revoked == NULL)
+        return 0;
+
     /*
      * Sort revoked into serial number order if not already sorted. Do this
      * under a lock to avoid race condition.
      */
-    if (!sk_X509_REVOKED_is_sorted(crl->crl->revoked)) {
-        CRYPTO_w_lock(CRYPTO_LOCK_X509_CRL);
-        sk_X509_REVOKED_sort(crl->crl->revoked);
-        CRYPTO_w_unlock(CRYPTO_LOCK_X509_CRL);
+    if (!sk_X509_REVOKED_is_sorted(crl->crl.revoked)) {
+        CRYPTO_THREAD_write_lock(crl->lock);
+        sk_X509_REVOKED_sort(crl->crl.revoked);
+        CRYPTO_THREAD_unlock(crl->lock);
     }
-    idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp);
+    rtmp.serialNumber = *serial;
+    idx = sk_X509_REVOKED_find(crl->crl.revoked, &rtmp);
     if (idx < 0)
         return 0;
     /* Need to look for matching name */
-    for (; idx < sk_X509_REVOKED_num(crl->crl->revoked); idx++) {
-        rev = sk_X509_REVOKED_value(crl->crl->revoked, idx);
-        if (ASN1_INTEGER_cmp(rev->serialNumber, serial))
+    for (num = sk_X509_REVOKED_num(crl->crl.revoked); idx < num; idx++) {
+        rev = sk_X509_REVOKED_value(crl->crl.revoked, idx);
+        if (ASN1_INTEGER_cmp(&rev->serialNumber, serial))
             return 0;
         if (crl_revoked_issuer_match(crl, issuer, rev)) {
             if (ret)
@@ -482,10 +436,12 @@ X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl),
                                      int (*crl_verify) (X509_CRL *crl,
                                                         EVP_PKEY *pk))
 {
-    X509_CRL_METHOD *m;
-    m = OPENSSL_malloc(sizeof(X509_CRL_METHOD));
-    if (!m)
+    X509_CRL_METHOD *m = OPENSSL_malloc(sizeof(*m));
+
+    if (m == NULL) {
+        X509err(X509_F_X509_CRL_METHOD_NEW, ERR_R_MALLOC_FAILURE);
         return NULL;
+    }
     m->crl_init = crl_init;
     m->crl_free = crl_free;
     m->crl_lookup = crl_lookup;
@@ -496,7 +452,7 @@ X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl),
 
 void X509_CRL_METHOD_free(X509_CRL_METHOD *m)
 {
-    if (!(m->flags & X509_CRL_METHOD_DYNAMIC))
+    if (m == NULL || !(m->flags & X509_CRL_METHOD_DYNAMIC))
         return;
     OPENSSL_free(m);
 }
@@ -510,11 +466,3 @@ void *X509_CRL_get_meth_data(X509_CRL *crl)
 {
     return crl->meth_data;
 }
-
-IMPLEMENT_STACK_OF(X509_REVOKED)
-
-IMPLEMENT_ASN1_SET_OF(X509_REVOKED)
-
-IMPLEMENT_STACK_OF(X509_CRL)
-
-IMPLEMENT_ASN1_SET_OF(X509_CRL)
diff --git a/freebsd/crypto/openssl/crypto/x509/x_exten.c b/freebsd/crypto/openssl/crypto/x509/x_exten.c
new file mode 100644
index 00000000..6229e7e1
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/x509/x_exten.c
@@ -0,0 +1,30 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stddef.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include "x509_lcl.h"
+
+ASN1_SEQUENCE(X509_EXTENSION) = {
+        ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT),
+        ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN),
+        ASN1_EMBED(X509_EXTENSION, value, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(X509_EXTENSION)
+
+ASN1_ITEM_TEMPLATE(X509_EXTENSIONS) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Extension, X509_EXTENSION)
+ASN1_ITEM_TEMPLATE_END(X509_EXTENSIONS)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_EXTENSION)
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_EXTENSION)
diff --git a/freebsd/crypto/openssl/crypto/asn1/x_name.c b/freebsd/crypto/openssl/crypto/x509/x_name.c
index 258a05ad..84ed9ed0 100644
--- a/freebsd/crypto/openssl/crypto/asn1/x_name.c
+++ b/freebsd/crypto/openssl/crypto/x509/x_name.c
@@ -1,72 +1,22 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/asn1/x_name.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include <ctype.h>
-#include "cryptlib.h"
+#include "internal/ctype.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
-#include "asn1_locl.h"
-
-typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY;
-DECLARE_STACK_OF(STACK_OF_X509_NAME_ENTRY)
+#include "internal/x509_int.h"
+#include "internal/asn1_int.h"
+#include "x509_lcl.h"
 
 /*
  * Maximum length of X509_NAME: much larger than anything we should
@@ -87,7 +37,7 @@ static void x509_name_ex_free(ASN1_VALUE **val, const ASN1_ITEM *it);
 
 static int x509_name_encode(X509_NAME *a);
 static int x509_name_canon(X509_NAME *a);
-static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in);
+static int asn1_string_canon(ASN1_STRING *out, const ASN1_STRING *in);
 static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) * intname,
                           unsigned char **in);
 
@@ -110,11 +60,11 @@ IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME_ENTRY)
 
 ASN1_ITEM_TEMPLATE(X509_NAME_ENTRIES) =
         ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, RDNS, X509_NAME_ENTRY)
-ASN1_ITEM_TEMPLATE_END(X509_NAME_ENTRIES)
+static_ASN1_ITEM_TEMPLATE_END(X509_NAME_ENTRIES)
 
 ASN1_ITEM_TEMPLATE(X509_NAME_INTERNAL) =
         ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Name, X509_NAME_ENTRIES)
-ASN1_ITEM_TEMPLATE_END(X509_NAME_INTERNAL)
+static_ASN1_ITEM_TEMPLATE_END(X509_NAME_INTERNAL)
 
 /*
  * Normally that's where it would end: we'd have two nested STACK structures
@@ -123,7 +73,7 @@ ASN1_ITEM_TEMPLATE_END(X509_NAME_INTERNAL)
  * convert to the external form.
  */
 
-const ASN1_EXTERN_FUNCS x509_name_ff = {
+static const ASN1_EXTERN_FUNCS x509_name_ff = {
     NULL,
     x509_name_ex_new,
     x509_name_ex_free,
@@ -141,16 +91,14 @@ IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME)
 
 static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it)
 {
-    X509_NAME *ret = NULL;
-    ret = OPENSSL_malloc(sizeof(X509_NAME));
-    if (!ret)
+    X509_NAME *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL)
         goto memerr;
     if ((ret->entries = sk_X509_NAME_ENTRY_new_null()) == NULL)
         goto memerr;
     if ((ret->bytes = BUF_MEM_new()) == NULL)
         goto memerr;
-    ret->canon_enc = NULL;
-    ret->canon_enclen = 0;
     ret->modified = 1;
     *val = (ASN1_VALUE *)ret;
     return 1;
@@ -158,8 +106,7 @@ static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it)
  memerr:
     ASN1err(ASN1_F_X509_NAME_EX_NEW, ERR_R_MALLOC_FAILURE);
     if (ret) {
-        if (ret->entries)
-            sk_X509_NAME_ENTRY_free(ret->entries);
+        sk_X509_NAME_ENTRY_free(ret->entries);
         OPENSSL_free(ret);
     }
     return 0;
@@ -168,14 +115,14 @@ static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it)
 static void x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
     X509_NAME *a;
+
     if (!pval || !*pval)
         return;
     a = (X509_NAME *)*pval;
 
     BUF_MEM_free(a->bytes);
     sk_X509_NAME_ENTRY_pop_free(a->entries, X509_NAME_ENTRY_free);
-    if (a->canon_enc)
-        OPENSSL_free(a->canon_enc);
+    OPENSSL_free(a->canon_enc);
     OPENSSL_free(a);
     *pval = NULL;
 }
@@ -252,6 +199,7 @@ static int x509_name_ex_d2i(ASN1_VALUE **val,
     *val = nm.a;
     *in = p;
     return ret;
+
  err:
     if (nm.x != NULL)
         X509_NAME_free(nm.x);
@@ -335,7 +283,7 @@ static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval,
                               int indent,
                               const char *fname, const ASN1_PCTX *pctx)
 {
-    if (X509_NAME_print_ex(out, (X509_NAME *)*pval,
+    if (X509_NAME_print_ex(out, (const X509_NAME *)*pval,
                            indent, pctx->nm_flags) <= 0)
         return 0;
     return 2;
@@ -346,7 +294,7 @@ static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval,
  * it all strings are converted to UTF8, leading, trailing and multiple
  * spaces collapsed, converted to lower case and the leading SEQUENCE header
  * removed. In future we could also normalize the UTF8 too. By doing this
- * comparison of Name structures can be rapidly perfomed by just using
+ * comparison of Name structures can be rapidly performed by just using
  * memcmp() of the canonical encoding. By omitting the leading SEQUENCE name
  * constraints of type dirName can also be checked with a simple memcmp().
  */
@@ -354,54 +302,66 @@ static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval,
 static int x509_name_canon(X509_NAME *a)
 {
     unsigned char *p;
-    STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname = NULL;
+    STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname;
     STACK_OF(X509_NAME_ENTRY) *entries = NULL;
     X509_NAME_ENTRY *entry, *tmpentry = NULL;
-    int i, set = -1, ret = 0;
+    int i, set = -1, ret = 0, len;
 
-    if (a->canon_enc) {
-        OPENSSL_free(a->canon_enc);
-        a->canon_enc = NULL;
-    }
+    OPENSSL_free(a->canon_enc);
+    a->canon_enc = NULL;
     /* Special case: empty X509_NAME => null encoding */
     if (sk_X509_NAME_ENTRY_num(a->entries) == 0) {
         a->canon_enclen = 0;
         return 1;
     }
     intname = sk_STACK_OF_X509_NAME_ENTRY_new_null();
-    if (!intname)
+    if (intname == NULL) {
+        X509err(X509_F_X509_NAME_CANON, ERR_R_MALLOC_FAILURE);
         goto err;
+    }
     for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
         entry = sk_X509_NAME_ENTRY_value(a->entries, i);
         if (entry->set != set) {
             entries = sk_X509_NAME_ENTRY_new_null();
-            if (!entries)
+            if (entries == NULL)
                 goto err;
             if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries)) {
                 sk_X509_NAME_ENTRY_free(entries);
+                X509err(X509_F_X509_NAME_CANON, ERR_R_MALLOC_FAILURE);
                 goto err;
             }
             set = entry->set;
         }
         tmpentry = X509_NAME_ENTRY_new();
-        if (!tmpentry)
+        if (tmpentry == NULL) {
+            X509err(X509_F_X509_NAME_CANON, ERR_R_MALLOC_FAILURE);
             goto err;
+        }
         tmpentry->object = OBJ_dup(entry->object);
+        if (tmpentry->object == NULL) {
+            X509err(X509_F_X509_NAME_CANON, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
         if (!asn1_string_canon(tmpentry->value, entry->value))
             goto err;
-        if (!sk_X509_NAME_ENTRY_push(entries, tmpentry))
+        if (!sk_X509_NAME_ENTRY_push(entries, tmpentry)) {
+            X509err(X509_F_X509_NAME_CANON, ERR_R_MALLOC_FAILURE);
             goto err;
+        }
         tmpentry = NULL;
     }
 
     /* Finally generate encoding */
-
-    a->canon_enclen = i2d_name_canon(intname, NULL);
+    len = i2d_name_canon(intname, NULL);
+    if (len < 0)
+        goto err;
+    a->canon_enclen = len;
 
     p = OPENSSL_malloc(a->canon_enclen);
-
-    if (!p)
+    if (p == NULL) {
+        X509err(X509_F_X509_NAME_CANON, ERR_R_MALLOC_FAILURE);
         goto err;
+    }
 
     a->canon_enc = p;
 
@@ -410,12 +370,9 @@ static int x509_name_canon(X509_NAME *a)
     ret = 1;
 
  err:
-
-    if (tmpentry)
-        X509_NAME_ENTRY_free(tmpentry);
-    if (intname)
-        sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname,
-                                             local_sk_X509_NAME_ENTRY_pop_free);
+    X509_NAME_ENTRY_free(tmpentry);
+    sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname,
+                                         local_sk_X509_NAME_ENTRY_pop_free);
     return ret;
 }
 
@@ -426,7 +383,7 @@ static int x509_name_canon(X509_NAME *a)
         | B_ASN1_PRINTABLESTRING | B_ASN1_T61STRING | B_ASN1_IA5STRING \
         | B_ASN1_VISIBLESTRING)
 
-static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in)
+static int asn1_string_canon(ASN1_STRING *out, const ASN1_STRING *in)
 {
     unsigned char *to, *from;
     int len, i;
@@ -451,19 +408,20 @@ static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in)
     /*
      * Convert string in place to canonical form. Ultimately we may need to
      * handle a wider range of characters but for now ignore anything with
-     * MSB set and rely on the isspace() and tolower() functions.
+     * MSB set and rely on the ossl_isspace() to fail on bad characters without
+     * needing isascii or range checks as well.
      */
 
     /* Ignore leading spaces */
-    while ((len > 0) && !(*from & 0x80) && isspace(*from)) {
+    while (len > 0 && ossl_isspace(*from)) {
         from++;
         len--;
     }
 
-    to = from + len - 1;
+    to = from + len;
 
     /* Ignore trailing spaces */
-    while ((len > 0) && !(*to & 0x80) && isspace(*to)) {
+    while (len > 0 && ossl_isspace(to[-1])) {
         to--;
         len--;
     }
@@ -472,13 +430,13 @@ static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in)
 
     i = 0;
     while (i < len) {
-        /* If MSB set just copy across */
-        if (*from & 0x80) {
+        /* If not ASCII set just copy across */
+        if (!ossl_isascii(*from)) {
             *to++ = *from++;
             i++;
         }
         /* Collapse multiple spaces */
-        else if (isspace(*from)) {
+        else if (ossl_isspace(*from)) {
             /* Copy one space across */
             *to++ = ' ';
             /*
@@ -490,9 +448,9 @@ static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in)
                 from++;
                 i++;
             }
-            while (!(*from & 0x80) && isspace(*from));
+            while (ossl_isspace(*from));
         } else {
-            *to++ = tolower(*from);
+            *to++ = ossl_tolower(*from);
             from++;
             i++;
         }
@@ -525,6 +483,8 @@ static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) * _intname,
 
 int X509_NAME_set(X509_NAME **xn, X509_NAME *name)
 {
+    if (*xn == name)
+        return *xn != NULL;
     if ((name = X509_NAME_dup(name)) == NULL)
         return 0;
     X509_NAME_free(*xn);
@@ -532,6 +492,62 @@ int X509_NAME_set(X509_NAME **xn, X509_NAME *name)
     return 1;
 }
 
-IMPLEMENT_STACK_OF(X509_NAME_ENTRY)
+int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase)
+{
+    char *s, *c, *b;
+    int l, i;
+
+    l = 80 - 2 - obase;
 
-IMPLEMENT_ASN1_SET_OF(X509_NAME_ENTRY)
+    b = X509_NAME_oneline(name, NULL, 0);
+    if (!b)
+        return 0;
+    if (!*b) {
+        OPENSSL_free(b);
+        return 1;
+    }
+    s = b + 1;                  /* skip the first slash */
+
+    c = s;
+    for (;;) {
+        if (((*s == '/') &&
+             (ossl_isupper(s[1]) && ((s[2] == '=') ||
+                                (ossl_isupper(s[2]) && (s[3] == '='))
+              ))) || (*s == '\0'))
+        {
+            i = s - c;
+            if (BIO_write(bp, c, i) != i)
+                goto err;
+            c = s + 1;          /* skip following slash */
+            if (*s != '\0') {
+                if (BIO_write(bp, ", ", 2) != 2)
+                    goto err;
+            }
+            l--;
+        }
+        if (*s == '\0')
+            break;
+        s++;
+        l--;
+    }
+
+    OPENSSL_free(b);
+    return 1;
+ err:
+    X509err(X509_F_X509_NAME_PRINT, ERR_R_BUF_LIB);
+    OPENSSL_free(b);
+    return 0;
+}
+
+int X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder,
+                       size_t *pderlen)
+{
+    /* Make sure encoding is valid */
+    if (i2d_X509_NAME(nm, NULL) <= 0)
+        return 0;
+    if (pder != NULL)
+        *pder = (unsigned char *)nm->bytes->data;
+    if (pderlen != NULL)
+        *pderlen = nm->bytes->length;
+    return 1;
+}
diff --git a/freebsd/crypto/openssl/crypto/asn1/x_pubkey.c b/freebsd/crypto/openssl/crypto/x509/x_pubkey.c
index adc52b34..bb852126 100644
--- a/freebsd/crypto/openssl/crypto/asn1/x_pubkey.c
+++ b/freebsd/crypto/openssl/crypto/x509/x_pubkey.c
@@ -1,74 +1,31 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/asn1/x_pubkey.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
-#include "asn1_locl.h"
-#ifndef OPENSSL_NO_RSA
-# include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-# include <openssl/dsa.h>
-#endif
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
+#include "internal/x509_int.h"
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+
+struct X509_pubkey_st {
+    X509_ALGOR *algor;
+    ASN1_BIT_STRING *public_key;
+    EVP_PKEY *pkey;
+};
+
+static int x509_pubkey_decode(EVP_PKEY **pk, X509_PUBKEY *key);
 
 /* Minor tweak to operation: free up EVP_PKEY */
 static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
@@ -77,6 +34,19 @@ static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
     if (operation == ASN1_OP_FREE_POST) {
         X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval;
         EVP_PKEY_free(pubkey->pkey);
+    } else if (operation == ASN1_OP_D2I_POST) {
+        /* Attempt to decode public key and cache in pubkey structure. */
+        X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval;
+        EVP_PKEY_free(pubkey->pkey);
+        /*
+         * Opportunistically decode the key but remove any non fatal errors
+         * from the queue. Subsequent explicit attempts to decode/use the key
+         * will return an appropriate error.
+         */
+        ERR_set_mark();
+        if (x509_pubkey_decode(&pubkey->pkey, pubkey) == -1)
+            return 0;
+        ERR_pop_to_mark();
     }
     return 1;
 }
@@ -93,7 +63,7 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
     X509_PUBKEY *pk = NULL;
 
     if (x == NULL)
-        return (0);
+        return 0;
 
     if ((pk = X509_PUBKEY_new()) == NULL)
         goto error;
@@ -114,71 +84,95 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
         goto error;
     }
 
-    if (*x != NULL)
-        X509_PUBKEY_free(*x);
-
+    X509_PUBKEY_free(*x);
     *x = pk;
-
+    pk->pkey = pkey;
+    EVP_PKEY_up_ref(pkey);
     return 1;
+
  error:
-    if (pk != NULL)
-        X509_PUBKEY_free(pk);
+    X509_PUBKEY_free(pk);
     return 0;
 }
 
-EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
-{
-    EVP_PKEY *ret = NULL;
-
-    if (key == NULL)
-        goto error;
+/*
+ * Attempt to decode a public key.
+ * Returns 1 on success, 0 for a decode failure and -1 for a fatal
+ * error e.g. malloc failure.
+ */
 
-    if (key->pkey != NULL) {
-        CRYPTO_add(&key->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
-        return key->pkey;
-    }
 
-    if (key->public_key == NULL)
-        goto error;
+static int x509_pubkey_decode(EVP_PKEY **ppkey, X509_PUBKEY *key)
+{
+    EVP_PKEY *pkey = EVP_PKEY_new();
 
-    if ((ret = EVP_PKEY_new()) == NULL) {
-        X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
-        goto error;
+    if (pkey == NULL) {
+        X509err(X509_F_X509_PUBKEY_DECODE, ERR_R_MALLOC_FAILURE);
+        return -1;
     }
 
-    if (!EVP_PKEY_set_type(ret, OBJ_obj2nid(key->algor->algorithm))) {
-        X509err(X509_F_X509_PUBKEY_GET, X509_R_UNSUPPORTED_ALGORITHM);
+    if (!EVP_PKEY_set_type(pkey, OBJ_obj2nid(key->algor->algorithm))) {
+        X509err(X509_F_X509_PUBKEY_DECODE, X509_R_UNSUPPORTED_ALGORITHM);
         goto error;
     }
 
-    if (ret->ameth->pub_decode) {
-        if (!ret->ameth->pub_decode(ret, key)) {
-            X509err(X509_F_X509_PUBKEY_GET, X509_R_PUBLIC_KEY_DECODE_ERROR);
+    if (pkey->ameth->pub_decode) {
+        /*
+         * Treat any failure of pub_decode as a decode error. In
+         * future we could have different return codes for decode
+         * errors and fatal errors such as malloc failure.
+         */
+        if (!pkey->ameth->pub_decode(pkey, key)) {
+            X509err(X509_F_X509_PUBKEY_DECODE, X509_R_PUBLIC_KEY_DECODE_ERROR);
             goto error;
         }
     } else {
-        X509err(X509_F_X509_PUBKEY_GET, X509_R_METHOD_NOT_SUPPORTED);
+        X509err(X509_F_X509_PUBKEY_DECODE, X509_R_METHOD_NOT_SUPPORTED);
         goto error;
     }
 
-    /* Check to see if another thread set key->pkey first */
-    CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY);
-    if (key->pkey) {
-        CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
+    *ppkey = pkey;
+    return 1;
+
+ error:
+    EVP_PKEY_free(pkey);
+    return 0;
+}
+
+EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key)
+{
+    EVP_PKEY *ret = NULL;
+
+    if (key == NULL || key->public_key == NULL)
+        return NULL;
+
+    if (key->pkey != NULL)
+        return key->pkey;
+
+    /*
+     * When the key ASN.1 is initially parsed an attempt is made to
+     * decode the public key and cache the EVP_PKEY structure. If this
+     * operation fails the cached value will be NULL. Parsing continues
+     * to allow parsing of unknown key types or unsupported forms.
+     * We repeat the decode operation so the appropriate errors are left
+     * in the queue.
+     */
+    x509_pubkey_decode(&ret, key);
+    /* If decode doesn't fail something bad happened */
+    if (ret != NULL) {
+        X509err(X509_F_X509_PUBKEY_GET0, ERR_R_INTERNAL_ERROR);
         EVP_PKEY_free(ret);
-        ret = key->pkey;
-    } else {
-        key->pkey = ret;
-        CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
     }
-    CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY);
 
-    return ret;
+    return NULL;
+}
 
- error:
+EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
+{
+    EVP_PKEY *ret = X509_PUBKEY_get0(key);
     if (ret != NULL)
-        EVP_PKEY_free(ret);
-    return (NULL);
+        EVP_PKEY_up_ref(ret);
+    return ret;
 }
 
 /*
@@ -214,7 +208,7 @@ int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp)
     if (!a)
         return 0;
     if (!X509_PUBKEY_set(&xpk, a))
-        return 0;
+        return -1;
     ret = i2d_X509_PUBKEY(xpk, pp);
     X509_PUBKEY_free(xpk);
     return ret;
@@ -252,9 +246,9 @@ int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp)
     if (!a)
         return 0;
     pktmp = EVP_PKEY_new();
-    if (!pktmp) {
+    if (pktmp == NULL) {
         ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE);
-        return 0;
+        return -1;
     }
     EVP_PKEY_set1_RSA(pktmp, a);
     ret = i2d_PUBKEY(pktmp, pp);
@@ -292,9 +286,9 @@ int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp)
     if (!a)
         return 0;
     pktmp = EVP_PKEY_new();
-    if (!pktmp) {
+    if (pktmp == NULL) {
         ASN1err(ASN1_F_I2D_DSA_PUBKEY, ERR_R_MALLOC_FAILURE);
-        return 0;
+        return -1;
     }
     EVP_PKEY_set1_DSA(pktmp, a);
     ret = i2d_PUBKEY(pktmp, pp);
@@ -312,17 +306,17 @@ EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length)
     q = *pp;
     pkey = d2i_PUBKEY(NULL, &q, length);
     if (!pkey)
-        return (NULL);
+        return NULL;
     key = EVP_PKEY_get1_EC_KEY(pkey);
     EVP_PKEY_free(pkey);
     if (!key)
-        return (NULL);
+        return NULL;
     *pp = q;
     if (a) {
         EC_KEY_free(*a);
         *a = key;
     }
-    return (key);
+    return key;
 }
 
 int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp)
@@ -330,15 +324,15 @@ int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp)
     EVP_PKEY *pktmp;
     int ret;
     if (!a)
-        return (0);
+        return 0;
     if ((pktmp = EVP_PKEY_new()) == NULL) {
         ASN1err(ASN1_F_I2D_EC_PUBKEY, ERR_R_MALLOC_FAILURE);
-        return (0);
+        return -1;
     }
     EVP_PKEY_set1_EC_KEY(pktmp, a);
     ret = i2d_PUBKEY(pktmp, pp);
     EVP_PKEY_free(pktmp);
-    return (ret);
+    return ret;
 }
 #endif
 
@@ -349,8 +343,7 @@ int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
     if (!X509_ALGOR_set0(pub->algor, aobj, ptype, pval))
         return 0;
     if (penc) {
-        if (pub->public_key->data)
-            OPENSSL_free(pub->public_key->data);
+        OPENSSL_free(pub->public_key->data);
         pub->public_key->data = penc;
         pub->public_key->length = penclen;
         /* Set number of unused bits to zero */
@@ -374,3 +367,10 @@ int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg,
         *pa = pub->algor;
     return 1;
 }
+
+ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x)
+{
+    if (x == NULL)
+        return NULL;
+    return x->cert_info.key->public_key;
+}
diff --git a/freebsd/crypto/openssl/crypto/x509/x_req.c b/freebsd/crypto/openssl/crypto/x509/x_req.c
new file mode 100644
index 00000000..f3266167
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/x509/x_req.c
@@ -0,0 +1,70 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include "internal/x509_int.h"
+
+/*-
+ * X509_REQ_INFO is handled in an unusual way to get round
+ * invalid encodings. Some broken certificate requests don't
+ * encode the attributes field if it is empty. This is in
+ * violation of PKCS#10 but we need to tolerate it. We do
+ * this by making the attributes field OPTIONAL then using
+ * the callback to initialise it to an empty STACK.
+ *
+ * This means that the field will be correctly encoded unless
+ * we NULL out the field.
+ *
+ * As a result we no longer need the req_kludge field because
+ * the information is now contained in the attributes field:
+ * 1. If it is NULL then it's the invalid omission.
+ * 2. If it is empty it is the correct encoding.
+ * 3. If it is not empty then some attributes are present.
+ *
+ */
+
+static int rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                   void *exarg)
+{
+    X509_REQ_INFO *rinf = (X509_REQ_INFO *)*pval;
+
+    if (operation == ASN1_OP_NEW_POST) {
+        rinf->attributes = sk_X509_ATTRIBUTE_new_null();
+        if (!rinf->attributes)
+            return 0;
+    }
+    return 1;
+}
+
+ASN1_SEQUENCE_enc(X509_REQ_INFO, enc, rinf_cb) = {
+        ASN1_SIMPLE(X509_REQ_INFO, version, ASN1_INTEGER),
+        ASN1_SIMPLE(X509_REQ_INFO, subject, X509_NAME),
+        ASN1_SIMPLE(X509_REQ_INFO, pubkey, X509_PUBKEY),
+        /* This isn't really OPTIONAL but it gets round invalid
+         * encodings
+         */
+        ASN1_IMP_SET_OF_OPT(X509_REQ_INFO, attributes, X509_ATTRIBUTE, 0)
+} ASN1_SEQUENCE_END_enc(X509_REQ_INFO, X509_REQ_INFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_REQ_INFO)
+
+ASN1_SEQUENCE_ref(X509_REQ, 0) = {
+        ASN1_EMBED(X509_REQ, req_info, X509_REQ_INFO),
+        ASN1_EMBED(X509_REQ, sig_alg, X509_ALGOR),
+        ASN1_SIMPLE(X509_REQ, signature, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END_ref(X509_REQ, X509_REQ)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_REQ)
+
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_REQ)
diff --git a/freebsd/crypto/openssl/crypto/asn1/x_x509.c b/freebsd/crypto/openssl/crypto/x509/x_x509.c
index b331c15a..d63d3e8c 100644
--- a/freebsd/crypto/openssl/crypto/asn1/x_x509.c
+++ b/freebsd/crypto/openssl/crypto/x509/x_x509.c
@@ -1,76 +1,28 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/asn1/x_x509.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
+#include "internal/x509_int.h"
 
 ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = {
         ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0),
-        ASN1_SIMPLE(X509_CINF, serialNumber, ASN1_INTEGER),
-        ASN1_SIMPLE(X509_CINF, signature, X509_ALGOR),
+        ASN1_EMBED(X509_CINF, serialNumber, ASN1_INTEGER),
+        ASN1_EMBED(X509_CINF, signature, X509_ALGOR),
         ASN1_SIMPLE(X509_CINF, issuer, X509_NAME),
-        ASN1_SIMPLE(X509_CINF, validity, X509_VAL),
+        ASN1_EMBED(X509_CINF, validity, X509_VAL),
         ASN1_SIMPLE(X509_CINF, subject, X509_NAME),
         ASN1_SIMPLE(X509_CINF, key, X509_PUBKEY),
         ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1),
@@ -91,10 +43,9 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
     switch (operation) {
 
     case ASN1_OP_NEW_POST:
-        ret->valid = 0;
-        ret->name = NULL;
         ret->ex_flags = 0;
         ret->ex_pathlen = -1;
+        ret->ex_pcpathlen = -1;
         ret->skid = NULL;
         ret->akid = NULL;
 #ifndef OPENSSL_NO_RFC3779
@@ -103,13 +54,8 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
 #endif
         ret->aux = NULL;
         ret->crldp = NULL;
-        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
-        break;
-
-    case ASN1_OP_D2I_POST:
-        if (ret->name != NULL)
-            OPENSSL_free(ret->name);
-        ret->name = X509_NAME_oneline(ret->cert_info->subject, NULL, 0);
+        if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data))
+            return 0;
         break;
 
     case ASN1_OP_FREE_POST:
@@ -125,9 +71,6 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
         sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);
         ASIdentifiers_free(ret->rfc3779_asid);
 #endif
-
-        if (ret->name != NULL)
-            OPENSSL_free(ret->name);
         break;
 
     }
@@ -136,31 +79,24 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
 
 }
 
-ASN1_SEQUENCE_ref(X509, x509_cb, CRYPTO_LOCK_X509) = {
-        ASN1_SIMPLE(X509, cert_info, X509_CINF),
-        ASN1_SIMPLE(X509, sig_alg, X509_ALGOR),
-        ASN1_SIMPLE(X509, signature, ASN1_BIT_STRING)
+ASN1_SEQUENCE_ref(X509, x509_cb) = {
+        ASN1_EMBED(X509, cert_info, X509_CINF),
+        ASN1_EMBED(X509, sig_alg, X509_ALGOR),
+        ASN1_EMBED(X509, signature, ASN1_BIT_STRING)
 } ASN1_SEQUENCE_END_ref(X509, X509)
 
 IMPLEMENT_ASN1_FUNCTIONS(X509)
 
 IMPLEMENT_ASN1_DUP_FUNCTION(X509)
 
-int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-                          CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
-{
-    return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, argl, argp,
-                                   new_func, dup_func, free_func);
-}
-
 int X509_set_ex_data(X509 *r, int idx, void *arg)
 {
-    return (CRYPTO_set_ex_data(&r->ex_data, idx, arg));
+    return CRYPTO_set_ex_data(&r->ex_data, idx, arg);
 }
 
 void *X509_get_ex_data(X509 *r, int idx)
 {
-    return (CRYPTO_get_ex_data(&r->ex_data, idx));
+    return CRYPTO_get_ex_data(&r->ex_data, idx);
 }
 
 /*
@@ -179,12 +115,11 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
     /* Save start position */
     q = *pp;
 
-    if (!a || *a == NULL) {
+    if (a == NULL || *a == NULL)
         freeret = 1;
-    }
     ret = d2i_X509(a, &q, length);
     /* If certificate unreadable then forget it */
-    if (!ret)
+    if (ret == NULL)
         return NULL;
     /* update length */
     length -= q - *pp;
@@ -212,8 +147,6 @@ static int i2d_x509_aux_internal(X509 *a, unsigned char **pp)
     int length, tmplen;
     unsigned char *start = pp != NULL ? *pp : NULL;
 
-    OPENSSL_assert(pp == NULL || *pp != NULL);
-
     /*
      * This might perturb *pp on error, but fixing that belongs in i2d_X509()
      * not here.  It should be that if a == NULL length is zero, but we check
@@ -258,8 +191,10 @@ int i2d_X509_AUX(X509 *a, unsigned char **pp)
 
     /* Allocate requisite combined storage */
     *pp = tmp = OPENSSL_malloc(length);
-    if (tmp == NULL)
-        return -1; /* Push error onto error stack? */
+    if (tmp == NULL) {
+        X509err(X509_F_I2D_X509_AUX, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
 
     /* Encode, but keep *pp at the originally malloced pointer */
     length = i2d_x509_aux_internal(a, &tmp);
@@ -272,20 +207,20 @@ int i2d_X509_AUX(X509 *a, unsigned char **pp)
 
 int i2d_re_X509_tbs(X509 *x, unsigned char **pp)
 {
-    x->cert_info->enc.modified = 1;
-    return i2d_X509_CINF(x->cert_info, pp);
+    x->cert_info.enc.modified = 1;
+    return i2d_X509_CINF(&x->cert_info, pp);
 }
 
-void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg,
-                         const X509 *x)
+void X509_get0_signature(const ASN1_BIT_STRING **psig,
+                         const X509_ALGOR **palg, const X509 *x)
 {
     if (psig)
-        *psig = x->signature;
+        *psig = &x->signature;
     if (palg)
-        *palg = x->sig_alg;
+        *palg = &x->sig_alg;
 }
 
 int X509_get_signature_nid(const X509 *x)
 {
-    return OBJ_obj2nid(x->sig_alg->algorithm);
+    return OBJ_obj2nid(x->sig_alg.algorithm);
 }
diff --git a/freebsd/crypto/openssl/crypto/x509/x_x509a.c b/freebsd/crypto/openssl/crypto/x509/x_x509a.c
new file mode 100644
index 00000000..b85f2305
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/x509/x_x509a.c
@@ -0,0 +1,171 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include "internal/x509_int.h"
+
+/*
+ * X509_CERT_AUX routines. These are used to encode additional user
+ * modifiable data about a certificate. This data is appended to the X509
+ * encoding when the *_X509_AUX routines are used. This means that the
+ * "traditional" X509 routines will simply ignore the extra data.
+ */
+
+static X509_CERT_AUX *aux_get(X509 *x);
+
+ASN1_SEQUENCE(X509_CERT_AUX) = {
+        ASN1_SEQUENCE_OF_OPT(X509_CERT_AUX, trust, ASN1_OBJECT),
+        ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, reject, ASN1_OBJECT, 0),
+        ASN1_OPT(X509_CERT_AUX, alias, ASN1_UTF8STRING),
+        ASN1_OPT(X509_CERT_AUX, keyid, ASN1_OCTET_STRING),
+        ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, other, X509_ALGOR, 1)
+} ASN1_SEQUENCE_END(X509_CERT_AUX)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_AUX)
+
+int X509_trusted(const X509 *x)
+{
+    return x->aux ? 1 : 0;
+}
+
+static X509_CERT_AUX *aux_get(X509 *x)
+{
+    if (x == NULL)
+        return NULL;
+    if (x->aux == NULL && (x->aux = X509_CERT_AUX_new()) == NULL)
+        return NULL;
+    return x->aux;
+}
+
+int X509_alias_set1(X509 *x, const unsigned char *name, int len)
+{
+    X509_CERT_AUX *aux;
+    if (!name) {
+        if (!x || !x->aux || !x->aux->alias)
+            return 1;
+        ASN1_UTF8STRING_free(x->aux->alias);
+        x->aux->alias = NULL;
+        return 1;
+    }
+    if ((aux = aux_get(x)) == NULL)
+        return 0;
+    if (aux->alias == NULL && (aux->alias = ASN1_UTF8STRING_new()) == NULL)
+        return 0;
+    return ASN1_STRING_set(aux->alias, name, len);
+}
+
+int X509_keyid_set1(X509 *x, const unsigned char *id, int len)
+{
+    X509_CERT_AUX *aux;
+    if (!id) {
+        if (!x || !x->aux || !x->aux->keyid)
+            return 1;
+        ASN1_OCTET_STRING_free(x->aux->keyid);
+        x->aux->keyid = NULL;
+        return 1;
+    }
+    if ((aux = aux_get(x)) == NULL)
+        return 0;
+    if (aux->keyid == NULL
+        && (aux->keyid = ASN1_OCTET_STRING_new()) == NULL)
+        return 0;
+    return ASN1_STRING_set(aux->keyid, id, len);
+}
+
+unsigned char *X509_alias_get0(X509 *x, int *len)
+{
+    if (!x->aux || !x->aux->alias)
+        return NULL;
+    if (len)
+        *len = x->aux->alias->length;
+    return x->aux->alias->data;
+}
+
+unsigned char *X509_keyid_get0(X509 *x, int *len)
+{
+    if (!x->aux || !x->aux->keyid)
+        return NULL;
+    if (len)
+        *len = x->aux->keyid->length;
+    return x->aux->keyid->data;
+}
+
+int X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj)
+{
+    X509_CERT_AUX *aux;
+    ASN1_OBJECT *objtmp = NULL;
+    if (obj) {
+        objtmp = OBJ_dup(obj);
+        if (!objtmp)
+            return 0;
+    }
+    if ((aux = aux_get(x)) == NULL)
+        goto err;
+    if (aux->trust == NULL
+        && (aux->trust = sk_ASN1_OBJECT_new_null()) == NULL)
+        goto err;
+    if (!objtmp || sk_ASN1_OBJECT_push(aux->trust, objtmp))
+        return 1;
+ err:
+    ASN1_OBJECT_free(objtmp);
+    return 0;
+}
+
+int X509_add1_reject_object(X509 *x, const ASN1_OBJECT *obj)
+{
+    X509_CERT_AUX *aux;
+    ASN1_OBJECT *objtmp;
+    if ((objtmp = OBJ_dup(obj)) == NULL)
+        return 0;
+    if ((aux = aux_get(x)) == NULL)
+        goto err;
+    if (aux->reject == NULL
+        && (aux->reject = sk_ASN1_OBJECT_new_null()) == NULL)
+        goto err;
+    return sk_ASN1_OBJECT_push(aux->reject, objtmp);
+ err:
+    ASN1_OBJECT_free(objtmp);
+    return 0;
+}
+
+void X509_trust_clear(X509 *x)
+{
+    if (x->aux) {
+        sk_ASN1_OBJECT_pop_free(x->aux->trust, ASN1_OBJECT_free);
+        x->aux->trust = NULL;
+    }
+}
+
+void X509_reject_clear(X509 *x)
+{
+    if (x->aux) {
+        sk_ASN1_OBJECT_pop_free(x->aux->reject, ASN1_OBJECT_free);
+        x->aux->reject = NULL;
+    }
+}
+
+STACK_OF(ASN1_OBJECT) *X509_get0_trust_objects(X509 *x)
+{
+    if (x->aux != NULL)
+        return x->aux->trust;
+    return NULL;
+}
+
+STACK_OF(ASN1_OBJECT) *X509_get0_reject_objects(X509 *x)
+{
+    if (x->aux != NULL)
+        return x->aux->reject;
+    return NULL;
+}
diff --git a/freebsd/crypto/openssl/crypto/x509v3/ext_dat.h b/freebsd/crypto/openssl/crypto/x509v3/ext_dat.h
index c3a6fce7..762e264b 100644
--- a/freebsd/crypto/openssl/crypto/x509v3/ext_dat.h
+++ b/freebsd/crypto/openssl/crypto/x509v3/ext_dat.h
@@ -1,136 +1,25 @@
-/* ext_dat.h */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
-/* This file contains a table of "standard" extensions */
-
-extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;
-extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo;
-extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
-extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate;
-extern X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld, v3_freshest_crl;
-extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff;
-extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc;
-extern X509V3_EXT_METHOD v3_crl_hold, v3_pci;
-extern X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints;
-extern X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp, v3_idp;
-extern X509V3_EXT_METHOD v3_addr, v3_asid;
-extern X509V3_EXT_METHOD v3_ct_scts[];
-
-/*
- * This table will be searched using OBJ_bsearch so it *must* kept in order
- * of the ext_nid values.
- */
-
-static const X509V3_EXT_METHOD *standard_exts[] = {
-    &v3_nscert,
-    &v3_ns_ia5_list[0],
-    &v3_ns_ia5_list[1],
-    &v3_ns_ia5_list[2],
-    &v3_ns_ia5_list[3],
-    &v3_ns_ia5_list[4],
-    &v3_ns_ia5_list[5],
-    &v3_ns_ia5_list[6],
-    &v3_skey_id,
-    &v3_key_usage,
-    &v3_pkey_usage_period,
-    &v3_alt[0],
-    &v3_alt[1],
-    &v3_bcons,
-    &v3_crl_num,
-    &v3_cpols,
-    &v3_akey_id,
-    &v3_crld,
-    &v3_ext_ku,
-    &v3_delta_crl,
-    &v3_crl_reason,
-#ifndef OPENSSL_NO_OCSP
-    &v3_crl_invdate,
-#endif
-    &v3_sxnet,
-    &v3_info,
-#ifndef OPENSSL_NO_RFC3779
-    &v3_addr,
-    &v3_asid,
-#endif
-#ifndef OPENSSL_NO_OCSP
-    &v3_ocsp_nonce,
-    &v3_ocsp_crlid,
-    &v3_ocsp_accresp,
-    &v3_ocsp_nocheck,
-    &v3_ocsp_acutoff,
-    &v3_ocsp_serviceloc,
-#endif
-    &v3_sinfo,
-    &v3_policy_constraints,
-#ifndef OPENSSL_NO_OCSP
-    &v3_crl_hold,
-#endif
-    &v3_pci,
-    &v3_name_constraints,
-    &v3_policy_mappings,
-    &v3_inhibit_anyp,
-    &v3_idp,
-    &v3_alt[2],
-    &v3_freshest_crl,
-    &v3_ct_scts[0],
-    &v3_ct_scts[1],
-};
 
-/* Number of standard extensions */
+int name_cmp(const char *name, const char *cmp);
 
-#define STANDARD_EXTENSION_COUNT (sizeof(standard_exts)/sizeof(X509V3_EXT_METHOD *))
+extern const X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;
+extern const X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo;
+extern const X509V3_EXT_METHOD v3_ns_ia5_list[8], v3_alt[3], v3_skey_id, v3_akey_id;
+extern const X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate;
+extern const X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld, v3_freshest_crl;
+extern const X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff;
+extern const X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc;
+extern const X509V3_EXT_METHOD v3_crl_hold, v3_pci;
+extern const X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints;
+extern const X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp, v3_idp;
+extern const X509V3_EXT_METHOD v3_addr, v3_asid;
+extern const X509V3_EXT_METHOD v3_ct_scts[3];
+extern const X509V3_EXT_METHOD v3_tls_feature;
+extern const X509V3_EXT_METHOD v3_ext_admission;
diff --git a/freebsd/crypto/openssl/crypto/x509v3/pcy_cache.c b/freebsd/crypto/openssl/crypto/x509v3/pcy_cache.c
index ebde72d4..3694fddb 100644
--- a/freebsd/crypto/openssl/crypto/x509v3/pcy_cache.c
+++ b/freebsd/crypto/openssl/crypto/x509v3/pcy_cache.c
@@ -1,67 +1,18 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* pcy_cache.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
+#include "internal/x509_int.h"
 
 #include "pcy_int.h"
 
@@ -77,21 +28,25 @@ static int policy_cache_set_int(long *out, ASN1_INTEGER *value);
 static int policy_cache_create(X509 *x,
                                CERTIFICATEPOLICIES *policies, int crit)
 {
-    int i;
-    int ret = 0;
+    int i, num, ret = 0;
     X509_POLICY_CACHE *cache = x->policy_cache;
     X509_POLICY_DATA *data = NULL;
     POLICYINFO *policy;
-    if (sk_POLICYINFO_num(policies) == 0)
+
+    if ((num = sk_POLICYINFO_num(policies)) <= 0)
         goto bad_policy;
     cache->data = sk_X509_POLICY_DATA_new(policy_data_cmp);
-    if (!cache->data)
-        goto bad_policy;
-    for (i = 0; i < sk_POLICYINFO_num(policies); i++) {
+    if (cache->data == NULL) {
+        X509V3err(X509V3_F_POLICY_CACHE_CREATE, ERR_R_MALLOC_FAILURE);
+        goto just_cleanup;
+    }
+    for (i = 0; i < num; i++) {
         policy = sk_POLICYINFO_value(policies, i);
         data = policy_data_new(policy, NULL, crit);
-        if (!data)
-            goto bad_policy;
+        if (data == NULL) {
+            X509V3err(X509V3_F_POLICY_CACHE_CREATE, ERR_R_MALLOC_FAILURE);
+            goto just_cleanup;
+        }
         /*
          * Duplicate policy OIDs are illegal: reject if matches found.
          */
@@ -101,19 +56,22 @@ static int policy_cache_create(X509 *x,
                 goto bad_policy;
             }
             cache->anyPolicy = data;
-        } else if (sk_X509_POLICY_DATA_find(cache->data, data) != -1) {
+        } else if (sk_X509_POLICY_DATA_find(cache->data, data) >=0 ) {
             ret = -1;
             goto bad_policy;
-        } else if (!sk_X509_POLICY_DATA_push(cache->data, data))
+        } else if (!sk_X509_POLICY_DATA_push(cache->data, data)) {
+            X509V3err(X509V3_F_POLICY_CACHE_CREATE, ERR_R_MALLOC_FAILURE);
             goto bad_policy;
+        }
         data = NULL;
     }
     ret = 1;
+
  bad_policy:
     if (ret == -1)
         x->ex_flags |= EXFLAG_INVALID_POLICY;
-    if (data)
-        policy_data_free(data);
+    policy_data_free(data);
+ just_cleanup:
     sk_POLICYINFO_pop_free(policies, POLICYINFO_free);
     if (ret <= 0) {
         sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free);
@@ -130,9 +88,14 @@ static int policy_cache_new(X509 *x)
     CERTIFICATEPOLICIES *ext_cpols = NULL;
     POLICY_MAPPINGS *ext_pmaps = NULL;
     int i;
-    cache = OPENSSL_malloc(sizeof(X509_POLICY_CACHE));
-    if (!cache)
+
+    if (x->policy_cache != NULL)
+        return 1;
+    cache = OPENSSL_malloc(sizeof(*cache));
+    if (cache == NULL) {
+        X509V3err(X509V3_F_POLICY_CACHE_NEW, ERR_R_MALLOC_FAILURE);
         return 0;
+    }
     cache->anyPolicy = NULL;
     cache->data = NULL;
     cache->any_skip = -1;
@@ -202,18 +165,14 @@ static int policy_cache_new(X509 *x)
             goto bad_cache;
     } else if (!policy_cache_set_int(&cache->any_skip, ext_any))
         goto bad_cache;
+    goto just_cleanup;
 
-    if (0) {
  bad_cache:
-        x->ex_flags |= EXFLAG_INVALID_POLICY;
-    }
-
-    if (ext_pcons)
-        POLICY_CONSTRAINTS_free(ext_pcons);
-
-    if (ext_any)
-        ASN1_INTEGER_free(ext_any);
+    x->ex_flags |= EXFLAG_INVALID_POLICY;
 
+ just_cleanup:
+    POLICY_CONSTRAINTS_free(ext_pcons);
+    ASN1_INTEGER_free(ext_any);
     return 1;
 
 }
@@ -222,10 +181,8 @@ void policy_cache_free(X509_POLICY_CACHE *cache)
 {
     if (!cache)
         return;
-    if (cache->anyPolicy)
-        policy_data_free(cache->anyPolicy);
-    if (cache->data)
-        sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free);
+    policy_data_free(cache->anyPolicy);
+    sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free);
     OPENSSL_free(cache);
 }
 
@@ -233,9 +190,9 @@ const X509_POLICY_CACHE *policy_cache_set(X509 *x)
 {
 
     if (x->policy_cache == NULL) {
-        CRYPTO_w_lock(CRYPTO_LOCK_X509);
+        CRYPTO_THREAD_write_lock(x->lock);
         policy_cache_new(x);
-        CRYPTO_w_unlock(CRYPTO_LOCK_X509);
+        CRYPTO_THREAD_unlock(x->lock);
     }
 
     return x->policy_cache;
@@ -249,8 +206,6 @@ X509_POLICY_DATA *policy_cache_find_data(const X509_POLICY_CACHE *cache,
     X509_POLICY_DATA tmp;
     tmp.valid_policy = (ASN1_OBJECT *)id;
     idx = sk_X509_POLICY_DATA_find(cache->data, &tmp);
-    if (idx == -1)
-        return NULL;
     return sk_X509_POLICY_DATA_value(cache->data, idx);
 }
 
diff --git a/freebsd/crypto/openssl/crypto/x509v3/pcy_data.c b/freebsd/crypto/openssl/crypto/x509v3/pcy_data.c
index 22779b0f..89981e86 100644
--- a/freebsd/crypto/openssl/crypto/x509v3/pcy_data.c
+++ b/freebsd/crypto/openssl/crypto/x509v3/pcy_data.c
@@ -1,65 +1,15 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* pcy_data.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 
@@ -69,6 +19,8 @@
 
 void policy_data_free(X509_POLICY_DATA *data)
 {
+    if (data == NULL)
+        return;
     ASN1_OBJECT_free(data->valid_policy);
     /* Don't free qualifiers if shared */
     if (!(data->flags & POLICY_DATA_FLAG_SHARED_QUALIFIERS))
@@ -78,9 +30,9 @@ void policy_data_free(X509_POLICY_DATA *data)
 }
 
 /*
- * Create a data based on an existing policy. If 'id' is NULL use the oid in
+ * Create a data based on an existing policy. If 'id' is NULL use the OID in
  * the policy, otherwise use 'id'. This behaviour covers the two types of
- * data in RFC3280: data with from a CertificatePolcies extension and
+ * data in RFC3280: data with from a CertificatePolicies extension and
  * additional data with just the qualifiers of anyPolicy and ID from another
  * source.
  */
@@ -90,29 +42,30 @@ X509_POLICY_DATA *policy_data_new(POLICYINFO *policy,
 {
     X509_POLICY_DATA *ret;
     ASN1_OBJECT *id;
-    if (!policy && !cid)
+
+    if (policy == NULL && cid == NULL)
         return NULL;
     if (cid) {
         id = OBJ_dup(cid);
-        if (!id)
+        if (id == NULL)
             return NULL;
     } else
         id = NULL;
-    ret = OPENSSL_malloc(sizeof(X509_POLICY_DATA));
-    if (!ret)
+    ret = OPENSSL_zalloc(sizeof(*ret));
+    if (ret == NULL) {
+        X509V3err(X509V3_F_POLICY_DATA_NEW, ERR_R_MALLOC_FAILURE);
         return NULL;
+    }
     ret->expected_policy_set = sk_ASN1_OBJECT_new_null();
-    if (!ret->expected_policy_set) {
+    if (ret->expected_policy_set == NULL) {
         OPENSSL_free(ret);
-        if (id)
-            ASN1_OBJECT_free(id);
+        ASN1_OBJECT_free(id);
+        X509V3err(X509V3_F_POLICY_DATA_NEW, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
 
     if (crit)
         ret->flags = POLICY_DATA_FLAG_CRITICAL;
-    else
-        ret->flags = 0;
 
     if (id)
         ret->valid_policy = id;
@@ -124,8 +77,7 @@ X509_POLICY_DATA *policy_data_new(POLICYINFO *policy,
     if (policy) {
         ret->qualifier_set = policy->qualifiers;
         policy->qualifiers = NULL;
-    } else
-        ret->qualifier_set = NULL;
+    }
 
     return ret;
 }
diff --git a/freebsd/crypto/openssl/crypto/x509v3/pcy_int.h b/freebsd/crypto/openssl/crypto/x509v3/pcy_int.h
index b5075f9e..5daf78de 100644
--- a/freebsd/crypto/openssl/crypto/x509v3/pcy_int.h
+++ b/freebsd/crypto/openssl/crypto/x509v3/pcy_int.h
@@ -1,65 +1,15 @@
-/* pcy_int.h */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 typedef struct X509_POLICY_DATA_st X509_POLICY_DATA;
 
-DECLARE_STACK_OF(X509_POLICY_DATA)
+DEFINE_STACK_OF(X509_POLICY_DATA)
 
 /* Internal structures */
 
@@ -169,7 +119,7 @@ struct X509_POLICY_TREE_st {
      * required.
      */
     STACK_OF(X509_POLICY_DATA) *extra_data;
-    /* This is the authority constained policy set */
+    /* This is the authority constrained policy set */
     STACK_OF(X509_POLICY_NODE) *auth_policies;
     STACK_OF(X509_POLICY_NODE) *user_policies;
     unsigned int flags;
@@ -207,7 +157,7 @@ X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk,
                                const ASN1_OBJECT *id);
 
 X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
-                                 const X509_POLICY_DATA *data,
+                                 X509_POLICY_DATA *data,
                                  X509_POLICY_NODE *parent,
                                  X509_POLICY_TREE *tree);
 void policy_node_free(X509_POLICY_NODE *node);
diff --git a/freebsd/crypto/openssl/crypto/x509v3/pcy_lib.c b/freebsd/crypto/openssl/crypto/x509v3/pcy_lib.c
index bcb1ac8e..a4c96e5c 100644
--- a/freebsd/crypto/openssl/crypto/x509v3/pcy_lib.c
+++ b/freebsd/crypto/openssl/crypto/x509v3/pcy_lib.c
@@ -1,65 +1,15 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* pcy_lib.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 
@@ -142,15 +92,6 @@ const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node)
     return node->data->valid_policy;
 }
 
-#if 0
-int X509_policy_node_get_critical(const X509_POLICY_NODE *node)
-{
-    if (node_critical(node))
-        return 1;
-    return 0;
-}
-#endif
-
 STACK_OF(POLICYQUALINFO) *X509_policy_node_get0_qualifiers(const
                                                            X509_POLICY_NODE
                                                            *node)
diff --git a/freebsd/crypto/openssl/crypto/x509v3/pcy_map.c b/freebsd/crypto/openssl/crypto/x509v3/pcy_map.c
index 22f0f25b..1b740be2 100644
--- a/freebsd/crypto/openssl/crypto/x509v3/pcy_map.c
+++ b/freebsd/crypto/openssl/crypto/x509v3/pcy_map.c
@@ -1,67 +1,18 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* pcy_map.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
+#include "internal/x509_int.h"
 
 #include "pcy_int.h"
 
@@ -93,15 +44,15 @@ int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps)
         /* Attempt to find matching policy data */
         data = policy_cache_find_data(cache, map->issuerDomainPolicy);
         /* If we don't have anyPolicy can't map */
-        if (!data && !cache->anyPolicy)
+        if (data == NULL && !cache->anyPolicy)
             continue;
 
         /* Create a NODE from anyPolicy */
-        if (!data) {
+        if (data == NULL) {
             data = policy_data_new(NULL, map->issuerDomainPolicy,
                                    cache->anyPolicy->flags
                                    & POLICY_DATA_FLAG_CRITICAL);
-            if (!data)
+            if (data == NULL)
                 goto bad_mapping;
             data->qualifier_set = cache->anyPolicy->qualifier_set;
             /*
diff --git a/freebsd/crypto/openssl/crypto/x509v3/pcy_node.c b/freebsd/crypto/openssl/crypto/x509v3/pcy_node.c
index b9879302..afe13c03 100644
--- a/freebsd/crypto/openssl/crypto/x509v3/pcy_node.c
+++ b/freebsd/crypto/openssl/crypto/x509v3/pcy_node.c
@@ -1,67 +1,18 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* pcy_node.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <openssl/asn1.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
+#include <openssl/err.h>
 
 #include "pcy_int.h"
 
@@ -87,9 +38,6 @@ X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *nodes,
     l.data = &n;
 
     idx = sk_X509_POLICY_NODE_find(nodes, &l);
-    if (idx == -1)
-        return NULL;
-
     return sk_X509_POLICY_NODE_value(nodes, idx);
 
 }
@@ -111,17 +59,19 @@ X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level,
 }
 
 X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
-                                 const X509_POLICY_DATA *data,
+                                 X509_POLICY_DATA *data,
                                  X509_POLICY_NODE *parent,
                                  X509_POLICY_TREE *tree)
 {
     X509_POLICY_NODE *node;
-    node = OPENSSL_malloc(sizeof(X509_POLICY_NODE));
-    if (!node)
+
+    node = OPENSSL_zalloc(sizeof(*node));
+    if (node == NULL) {
+        X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE);
         return NULL;
+    }
     node->data = data;
     node->parent = parent;
-    node->nchild = 0;
     if (level) {
         if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) {
             if (level->anyPolicy)
@@ -129,22 +79,30 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
             level->anyPolicy = node;
         } else {
 
-            if (!level->nodes)
+            if (level->nodes == NULL)
                 level->nodes = policy_node_cmp_new();
-            if (!level->nodes)
+            if (level->nodes == NULL) {
+                X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE);
                 goto node_error;
-            if (!sk_X509_POLICY_NODE_push(level->nodes, node))
+            }
+            if (!sk_X509_POLICY_NODE_push(level->nodes, node)) {
+                X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE);
                 goto node_error;
+            }
         }
     }
 
     if (tree) {
-        if (!tree->extra_data)
+        if (tree->extra_data == NULL)
             tree->extra_data = sk_X509_POLICY_DATA_new_null();
-        if (!tree->extra_data)
+        if (tree->extra_data == NULL){
+            X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE);
             goto node_error;
-        if (!sk_X509_POLICY_DATA_push(tree->extra_data, data))
+        }
+        if (!sk_X509_POLICY_DATA_push(tree->extra_data, data)) {
+            X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE);
             goto node_error;
+        }
     }
 
     if (parent)
@@ -154,8 +112,7 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
 
  node_error:
     policy_node_free(node);
-    return 0;
-
+    return NULL;
 }
 
 void policy_node_free(X509_POLICY_NODE *node)
diff --git a/freebsd/crypto/openssl/crypto/x509v3/pcy_tree.c b/freebsd/crypto/openssl/crypto/x509v3/pcy_tree.c
index 31661ed4..26fe3797 100644
--- a/freebsd/crypto/openssl/crypto/x509v3/pcy_tree.c
+++ b/freebsd/crypto/openssl/crypto/x509v3/pcy_tree.c
@@ -1,65 +1,15 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* pcy_tree.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 
@@ -100,22 +50,26 @@ static void expected_print(BIO *err, X509_POLICY_LEVEL *lev,
 static void tree_print(char *str, X509_POLICY_TREE *tree,
                        X509_POLICY_LEVEL *curr)
 {
+    BIO *err = BIO_new_fp(stderr, BIO_NOCLOSE);
     X509_POLICY_LEVEL *plev;
-    X509_POLICY_NODE *node;
-    int i;
-    BIO *err;
-    err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+    if (err == NULL)
+        return;
     if (!curr)
         curr = tree->levels + tree->nlevel;
     else
         curr++;
+
     BIO_printf(err, "Level print after %s\n", str);
     BIO_printf(err, "Printing Up to Level %ld\n", curr - tree->levels);
     for (plev = tree->levels; plev != curr; plev++) {
+        int i;
+
         BIO_printf(err, "Level %ld, flags = %x\n",
-                   plev - tree->levels, plev->flags);
+                   (long)(plev - tree->levels), plev->flags);
         for (i = 0; i < sk_X509_POLICY_NODE_num(plev->nodes); i++) {
-            node = sk_X509_POLICY_NODE_value(plev->nodes, i);
+            X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(plev->nodes, i);
+
             X509_POLICY_NODE_print(err, node, 2);
             expected_print(err, plev, node, 2);
             BIO_printf(err, "  Flags: %x\n", node->data->flags);
@@ -123,26 +77,17 @@ static void tree_print(char *str, X509_POLICY_TREE *tree,
         if (plev->anyPolicy)
             X509_POLICY_NODE_print(err, plev->anyPolicy, 2);
     }
-
     BIO_free(err);
-
 }
-#else
-
-# define tree_print(a,b,c)      /* */
-
 #endif
 
 /*-
- * Initialize policy tree. Return values:
- *  0 Some internal error occurred.
- * -1 Inconsistent or invalid extensions in certificates.
- *  1 Tree initialized OK.
- *  2 Policy tree is empty.
- *  5 Tree OK and requireExplicitPolicy true.
- *  6 Tree empty and requireExplicitPolicy true.
+ * Return value: <= 0 on error, or positive bit mask:
+ *
+ * X509_PCY_TREE_VALID: valid tree
+ * X509_PCY_TREE_EMPTY: empty tree (including bare TA case)
+ * X509_PCY_TREE_EXPLICIT: explicit policy required
  */
-
 static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
                      unsigned int flags)
 {
@@ -150,114 +95,115 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
     X509_POLICY_LEVEL *level;
     const X509_POLICY_CACHE *cache;
     X509_POLICY_DATA *data = NULL;
-    X509 *x;
-    int ret = 1;
-    int i, n;
-    int explicit_policy;
-    int any_skip;
-    int map_skip;
+    int ret = X509_PCY_TREE_VALID;
+    int n = sk_X509_num(certs) - 1; /* RFC5280 paths omit the TA */
+    int explicit_policy = (flags & X509_V_FLAG_EXPLICIT_POLICY) ? 0 : n+1;
+    int any_skip = (flags & X509_V_FLAG_INHIBIT_ANY) ? 0 : n+1;
+    int map_skip = (flags & X509_V_FLAG_INHIBIT_MAP) ? 0 : n+1;
+    int i;
+
     *ptree = NULL;
-    n = sk_X509_num(certs);
 
-#if 0
-    /* Disable policy mapping for now... */
-    flags |= X509_V_FLAG_INHIBIT_MAP;
-#endif
+    /* Can't do anything with just a trust anchor */
+    if (n == 0)
+        return X509_PCY_TREE_EMPTY;
 
-    if (flags & X509_V_FLAG_EXPLICIT_POLICY)
-        explicit_policy = 0;
-    else
-        explicit_policy = n + 1;
+    /*
+     * First setup the policy cache in all n non-TA certificates, this will be
+     * used in X509_verify_cert() which will invoke the verify callback for all
+     * certificates with invalid policy extensions.
+     */
+    for (i = n - 1; i >= 0; i--) {
+        X509 *x = sk_X509_value(certs, i);
 
-    if (flags & X509_V_FLAG_INHIBIT_ANY)
-        any_skip = 0;
-    else
-        any_skip = n + 1;
+        /* Call for side-effect of computing hash and caching extensions */
+        X509_check_purpose(x, -1, 0);
 
-    if (flags & X509_V_FLAG_INHIBIT_MAP)
-        map_skip = 0;
-    else
-        map_skip = n + 1;
+        /* If cache is NULL, likely ENOMEM: return immediately */
+        if (policy_cache_set(x) == NULL)
+            return X509_PCY_TREE_INTERNAL;
+    }
 
-    /* Can't do anything with just a trust anchor */
-    if (n == 1)
-        return 1;
     /*
-     * First setup policy cache in all certificates apart from the trust
-     * anchor. Note any bad cache results on the way. Also can calculate
-     * explicit_policy value at this point.
+     * At this point check for invalid policies and required explicit policy.
+     * Note that the explicit_policy counter is a count-down to zero, with the
+     * requirement kicking in if and once it does that.  The counter is
+     * decremented for every non-self-issued certificate in the path, but may
+     * be further reduced by policy constraints in a non-leaf certificate.
+     *
+     * The ultimate policy set is the intersection of all the policies along
+     * the path, if we hit a certificate with an empty policy set, and explicit
+     * policy is required we're done.
      */
-    for (i = n - 2; i >= 0; i--) {
-        x = sk_X509_value(certs, i);
-        X509_check_purpose(x, -1, -1);
+    for (i = n - 1;
+         i >= 0 && (explicit_policy > 0 || (ret & X509_PCY_TREE_EMPTY) == 0);
+         i--) {
+        X509 *x = sk_X509_value(certs, i);
+        uint32_t ex_flags = X509_get_extension_flags(x);
+
+        /* All the policies are already cached, we can return early */
+        if (ex_flags & EXFLAG_INVALID_POLICY)
+            return X509_PCY_TREE_INVALID;
+
+        /* Access the cache which we now know exists */
         cache = policy_cache_set(x);
-        /* If cache NULL something bad happened: return immediately */
-        if (cache == NULL)
-            return 0;
-        /*
-         * If inconsistent extensions keep a note of it but continue
-         */
-        if (x->ex_flags & EXFLAG_INVALID_POLICY)
-            ret = -1;
-        /*
-         * Otherwise if we have no data (hence no CertificatePolicies) and
-         * haven't already set an inconsistent code note it.
-         */
-        else if ((ret == 1) && !cache->data)
-            ret = 2;
+
+        if ((ret & X509_PCY_TREE_VALID) && cache->data == NULL)
+            ret = X509_PCY_TREE_EMPTY;
         if (explicit_policy > 0) {
-            if (!(x->ex_flags & EXFLAG_SI))
+            if (!(ex_flags & EXFLAG_SI))
                 explicit_policy--;
-            if ((cache->explicit_skip != -1)
+            if ((cache->explicit_skip >= 0)
                 && (cache->explicit_skip < explicit_policy))
                 explicit_policy = cache->explicit_skip;
         }
     }
 
-    if (ret != 1) {
-        if (ret == 2 && !explicit_policy)
-            return 6;
+    if (explicit_policy == 0)
+        ret |= X509_PCY_TREE_EXPLICIT;
+    if ((ret & X509_PCY_TREE_VALID) == 0)
         return ret;
-    }
 
     /* If we get this far initialize the tree */
+    if ((tree = OPENSSL_zalloc(sizeof(*tree))) == NULL) {
+        X509V3err(X509V3_F_TREE_INIT, ERR_R_MALLOC_FAILURE);
+        return X509_PCY_TREE_INTERNAL;
+    }
 
-    tree = OPENSSL_malloc(sizeof(X509_POLICY_TREE));
-
-    if (!tree)
-        return 0;
-
-    tree->flags = 0;
-    tree->levels = OPENSSL_malloc(sizeof(X509_POLICY_LEVEL) * n);
-    tree->nlevel = 0;
-    tree->extra_data = NULL;
-    tree->auth_policies = NULL;
-    tree->user_policies = NULL;
-
-    if (!tree->levels) {
+    /*
+     * http://tools.ietf.org/html/rfc5280#section-6.1.2, figure 3.
+     *
+     * The top level is implicitly for the trust anchor with valid expected
+     * policies of anyPolicy.  (RFC 5280 has the TA at depth 0 and the leaf at
+     * depth n, we have the leaf at depth 0 and the TA at depth n).
+     */
+    if ((tree->levels = OPENSSL_zalloc(sizeof(*tree->levels)*(n+1))) == NULL) {
         OPENSSL_free(tree);
-        return 0;
+        X509V3err(X509V3_F_TREE_INIT, ERR_R_MALLOC_FAILURE);
+        return X509_PCY_TREE_INTERNAL;
     }
-
-    memset(tree->levels, 0, n * sizeof(X509_POLICY_LEVEL));
-
-    tree->nlevel = n;
-
+    tree->nlevel = n+1;
     level = tree->levels;
-
-    /* Root data: initialize to anyPolicy */
-
-    data = policy_data_new(NULL, OBJ_nid2obj(NID_any_policy), 0);
-
-    if (!data || !level_add_node(level, data, NULL, tree))
+    if ((data = policy_data_new(NULL, OBJ_nid2obj(NID_any_policy), 0)) == NULL)
         goto bad_tree;
+    if (level_add_node(level, data, NULL, tree) == NULL) {
+        policy_data_free(data);
+        goto bad_tree;
+    }
 
-    for (i = n - 2; i >= 0; i--) {
-        level++;
-        x = sk_X509_value(certs, i);
+    /*
+     * In this pass initialize all the tree levels and whether anyPolicy and
+     * policy mapping are inhibited at each level.
+     */
+    for (i = n - 1; i >= 0; i--) {
+        X509 *x = sk_X509_value(certs, i);
+        uint32_t ex_flags = X509_get_extension_flags(x);
+
+        /* Access the cache which we now know exists */
         cache = policy_cache_set(x);
-        CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
-        level->cert = x;
+
+        X509_up_ref(x);
+        (++level)->cert = x;
 
         if (!cache->anyPolicy)
             level->flags |= X509_V_FLAG_INHIBIT_ANY;
@@ -265,63 +211,57 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
         /* Determine inhibit any and inhibit map flags */
         if (any_skip == 0) {
             /*
-             * Any matching allowed if certificate is self issued and not the
-             * last in the chain.
+             * Any matching allowed only if certificate is self issued and not
+             * the last in the chain.
              */
-            if (!(x->ex_flags & EXFLAG_SI) || (i == 0))
+            if (!(ex_flags & EXFLAG_SI) || (i == 0))
                 level->flags |= X509_V_FLAG_INHIBIT_ANY;
         } else {
-            if (!(x->ex_flags & EXFLAG_SI))
+            if (!(ex_flags & EXFLAG_SI))
                 any_skip--;
-            if ((cache->any_skip >= 0)
-                && (cache->any_skip < any_skip))
+            if ((cache->any_skip >= 0) && (cache->any_skip < any_skip))
                 any_skip = cache->any_skip;
         }
 
         if (map_skip == 0)
             level->flags |= X509_V_FLAG_INHIBIT_MAP;
         else {
-            if (!(x->ex_flags & EXFLAG_SI))
+            if (!(ex_flags & EXFLAG_SI))
                 map_skip--;
-            if ((cache->map_skip >= 0)
-                && (cache->map_skip < map_skip))
+            if ((cache->map_skip >= 0) && (cache->map_skip < map_skip))
                 map_skip = cache->map_skip;
         }
-
     }
 
     *ptree = tree;
-
-    if (explicit_policy)
-        return 1;
-    else
-        return 5;
+    return ret;
 
  bad_tree:
-
     X509_policy_tree_free(tree);
-
-    return 0;
-
+    return X509_PCY_TREE_INTERNAL;
 }
 
+/*
+ * Return value: 1 on success, 0 otherwise
+ */
 static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
-                                    const X509_POLICY_DATA *data)
+                                    X509_POLICY_DATA *data)
 {
     X509_POLICY_LEVEL *last = curr - 1;
-    X509_POLICY_NODE *node;
     int i, matched = 0;
+
     /* Iterate through all in nodes linking matches */
     for (i = 0; i < sk_X509_POLICY_NODE_num(last->nodes); i++) {
-        node = sk_X509_POLICY_NODE_value(last->nodes, i);
+        X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(last->nodes, i);
+
         if (policy_node_match(last, node, data->valid_policy)) {
-            if (!level_add_node(curr, data, node, NULL))
+            if (level_add_node(curr, data, node, NULL) == NULL)
                 return 0;
             matched = 1;
         }
     }
     if (!matched && last->anyPolicy) {
-        if (!level_add_node(curr, data, last->anyPolicy, NULL))
+        if (level_add_node(curr, data, last->anyPolicy, NULL) == NULL)
             return 0;
     }
     return 1;
@@ -330,29 +270,17 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
 /*
  * This corresponds to RFC3280 6.1.3(d)(1): link any data from
  * CertificatePolicies onto matching parent or anyPolicy if no match.
+ *
+ * Return value: 1 on success, 0 otherwise.
  */
-
 static int tree_link_nodes(X509_POLICY_LEVEL *curr,
                            const X509_POLICY_CACHE *cache)
 {
     int i;
-    X509_POLICY_DATA *data;
 
     for (i = 0; i < sk_X509_POLICY_DATA_num(cache->data); i++) {
-        data = sk_X509_POLICY_DATA_value(cache->data, i);
-        /*
-         * If a node is mapped any it doesn't have a corresponding
-         * CertificatePolicies entry. However such an identical node would
-         * be created if anyPolicy matching is enabled because there would be
-         * no match with the parent valid_policy_set. So we create link
-         * because then it will have the mapping flags right and we can prune
-         * it later.
-         */
-#if 0
-        if ((data->flags & POLICY_DATA_FLAG_MAPPED_ANY)
-            && !(curr->flags & X509_V_FLAG_INHIBIT_ANY))
-            continue;
-#endif
+        X509_POLICY_DATA *data = sk_X509_POLICY_DATA_value(cache->data, i);
+
         /* Look for matching nodes in previous level */
         if (!tree_link_matching_nodes(curr, data))
             return 0;
@@ -363,35 +291,38 @@ static int tree_link_nodes(X509_POLICY_LEVEL *curr,
 /*
  * This corresponds to RFC3280 6.1.3(d)(2): Create new data for any unmatched
  * policies in the parent and link to anyPolicy.
+ *
+ * Return value: 1 on success, 0 otherwise.
  */
-
 static int tree_add_unmatched(X509_POLICY_LEVEL *curr,
                               const X509_POLICY_CACHE *cache,
                               const ASN1_OBJECT *id,
                               X509_POLICY_NODE *node, X509_POLICY_TREE *tree)
 {
     X509_POLICY_DATA *data;
+
     if (id == NULL)
         id = node->data->valid_policy;
     /*
      * Create a new node with qualifiers from anyPolicy and id from unmatched
      * node.
      */
-    data = policy_data_new(NULL, id, node_critical(node));
-
-    if (data == NULL)
+    if ((data = policy_data_new(NULL, id, node_critical(node))) == NULL)
         return 0;
+
     /* Curr may not have anyPolicy */
     data->qualifier_set = cache->anyPolicy->qualifier_set;
     data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
-    if (!level_add_node(curr, data, node, tree)) {
+    if (level_add_node(curr, data, node, tree) == NULL) {
         policy_data_free(data);
         return 0;
     }
-
     return 1;
 }
 
+/*
+ * Return value: 1 on success, 0 otherwise.
+ */
 static int tree_link_unmatched(X509_POLICY_LEVEL *curr,
                                const X509_POLICY_CACHE *cache,
                                X509_POLICY_NODE *node, X509_POLICY_TREE *tree)
@@ -422,19 +353,17 @@ static int tree_link_unmatched(X509_POLICY_LEVEL *curr,
         }
 
     }
-
     return 1;
-
 }
 
+/*
+ * Return value: 1 on success, 0 otherwise
+ */
 static int tree_link_any(X509_POLICY_LEVEL *curr,
                          const X509_POLICY_CACHE *cache,
                          X509_POLICY_TREE *tree)
 {
     int i;
-    /*
-     * X509_POLICY_DATA *data;
-     */
     X509_POLICY_NODE *node;
     X509_POLICY_LEVEL *last = curr - 1;
 
@@ -443,50 +372,24 @@ static int tree_link_any(X509_POLICY_LEVEL *curr,
 
         if (!tree_link_unmatched(curr, cache, node, tree))
             return 0;
-
-#if 0
-
-        /*
-         * Skip any node with any children: we only want unmathced nodes.
-         * Note: need something better for policy mapping because each node
-         * may have multiple children
-         */
-        if (node->nchild)
-            continue;
-
-        /*
-         * Create a new node with qualifiers from anyPolicy and id from
-         * unmatched node.
-         */
-        data = policy_data_new(NULL, node->data->valid_policy,
-                               node_critical(node));
-
-        if (data == NULL)
-            return 0;
-        /* Curr may not have anyPolicy */
-        data->qualifier_set = cache->anyPolicy->qualifier_set;
-        data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
-        if (!level_add_node(curr, data, node, tree)) {
-            policy_data_free(data);
-            return 0;
-        }
-#endif
-
     }
     /* Finally add link to anyPolicy */
-    if (last->anyPolicy) {
-        if (!level_add_node(curr, cache->anyPolicy, last->anyPolicy, NULL))
-            return 0;
-    }
+    if (last->anyPolicy &&
+        level_add_node(curr, cache->anyPolicy, last->anyPolicy, NULL) == NULL)
+        return 0;
     return 1;
 }
 
-/*
- * Prune the tree: delete any child mapped child data on the current level
- * then proceed up the tree deleting any data with no children. If we ever
- * have no data on a level we can halt because the tree will be empty.
+/*-
+ * Prune the tree: delete any child mapped child data on the current level then
+ * proceed up the tree deleting any data with no children. If we ever have no
+ * data on a level we can halt because the tree will be empty.
+ *
+ * Return value: <= 0 error, otherwise one of:
+ *
+ * X509_PCY_TREE_VALID: valid tree
+ * X509_PCY_TREE_EMPTY: empty tree
  */
-
 static int tree_prune(X509_POLICY_TREE *tree, X509_POLICY_LEVEL *curr)
 {
     STACK_OF(X509_POLICY_NODE) *nodes;
@@ -525,41 +428,43 @@ static int tree_prune(X509_POLICY_TREE *tree, X509_POLICY_LEVEL *curr)
         if (curr == tree->levels) {
             /* If we zapped anyPolicy at top then tree is empty */
             if (!curr->anyPolicy)
-                return 2;
-            return 1;
+                return X509_PCY_TREE_EMPTY;
+            break;
         }
     }
-
-    return 1;
-
+    return X509_PCY_TREE_VALID;
 }
 
+/*
+ * Return value: 1 on success, 0 otherwise.
+ */
 static int tree_add_auth_node(STACK_OF(X509_POLICY_NODE) **pnodes,
                               X509_POLICY_NODE *pcy)
 {
-    if (!*pnodes) {
-        *pnodes = policy_node_cmp_new();
-        if (!*pnodes)
-            return 0;
-    } else if (sk_X509_POLICY_NODE_find(*pnodes, pcy) != -1)
-        return 1;
-
-    if (!sk_X509_POLICY_NODE_push(*pnodes, pcy))
+    if (*pnodes == NULL &&
+        (*pnodes = policy_node_cmp_new()) == NULL)
         return 0;
-
-    return 1;
-
+    if (sk_X509_POLICY_NODE_find(*pnodes, pcy) >= 0)
+        return 1;
+    return sk_X509_POLICY_NODE_push(*pnodes, pcy) != 0;
 }
 
-/*
- * Calculate the authority set based on policy tree. The 'pnodes' parameter
- * is used as a store for the set of policy nodes used to calculate the user
- * set. If the authority set is not anyPolicy then pnodes will just point to
- * the authority set. If however the authority set is anyPolicy then the set
- * of valid policies (other than anyPolicy) is store in pnodes. The return
- * value of '2' is used in this case to indicate that pnodes should be freed.
- */
+#define TREE_CALC_FAILURE 0
+#define TREE_CALC_OK_NOFREE 1
+#define TREE_CALC_OK_DOFREE 2
 
+/*-
+ * Calculate the authority set based on policy tree. The 'pnodes' parameter is
+ * used as a store for the set of policy nodes used to calculate the user set.
+ * If the authority set is not anyPolicy then pnodes will just point to the
+ * authority set. If however the authority set is anyPolicy then the set of
+ * valid policies (other than anyPolicy) is store in pnodes.
+ *
+ * Return value:
+ *  TREE_CALC_FAILURE on failure,
+ *  TREE_CALC_OK_NOFREE on success and pnodes need not be freed,
+ *  TREE_CALC_OK_DOFREE on success and pnodes needs to be freed
+ */
 static int tree_calculate_authority_set(X509_POLICY_TREE *tree,
                                         STACK_OF(X509_POLICY_NODE) **pnodes)
 {
@@ -572,7 +477,7 @@ static int tree_calculate_authority_set(X509_POLICY_TREE *tree,
     /* If last level contains anyPolicy set is anyPolicy */
     if (curr->anyPolicy) {
         if (!tree_add_auth_node(&tree->auth_policies, curr->anyPolicy))
-            return 0;
+            return TREE_CALC_FAILURE;
         addnodes = pnodes;
     } else
         /* Add policies to authority set */
@@ -584,25 +489,31 @@ static int tree_calculate_authority_set(X509_POLICY_TREE *tree,
          * If no anyPolicy node on this this level it can't appear on lower
          * levels so end search.
          */
-        if (!(anyptr = curr->anyPolicy))
+        if ((anyptr = curr->anyPolicy) == NULL)
             break;
         curr++;
         for (j = 0; j < sk_X509_POLICY_NODE_num(curr->nodes); j++) {
             node = sk_X509_POLICY_NODE_value(curr->nodes, j);
             if ((node->parent == anyptr)
-                && !tree_add_auth_node(addnodes, node))
-                return 0;
+                && !tree_add_auth_node(addnodes, node)) {
+                if (addnodes == pnodes) {
+                    sk_X509_POLICY_NODE_free(*pnodes);
+                    *pnodes = NULL;
+                }
+                return TREE_CALC_FAILURE;
+            }
         }
     }
-
     if (addnodes == pnodes)
-        return 2;
+        return TREE_CALC_OK_DOFREE;
 
     *pnodes = tree->auth_policies;
-
-    return 1;
+    return TREE_CALC_OK_NOFREE;
 }
 
+/*
+ * Return value: 1 on success, 0 otherwise.
+ */
 static int tree_calculate_user_set(X509_POLICY_TREE *tree,
                                    STACK_OF(ASN1_OBJECT) *policy_oids,
                                    STACK_OF(X509_POLICY_NODE) *auth_nodes)
@@ -610,7 +521,6 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree,
     int i;
     X509_POLICY_NODE *node;
     ASN1_OBJECT *oid;
-
     X509_POLICY_NODE *anyPolicy;
     X509_POLICY_DATA *extra;
 
@@ -618,7 +528,6 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree,
      * Check if anyPolicy present in authority constrained policy set: this
      * will happen if it is a leaf node.
      */
-
     if (sk_ASN1_OBJECT_num(policy_oids) <= 0)
         return 1;
 
@@ -643,7 +552,7 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree,
              * from anyPolicy.
              */
             extra = policy_data_new(NULL, oid, node_critical(anyPolicy));
-            if (!extra)
+            if (extra == NULL)
                 return 0;
             extra->qualifier_set = anyPolicy->data->qualifier_set;
             extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS
@@ -659,9 +568,14 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree,
             return 0;
     }
     return 1;
-
 }
 
+/*-
+ * Return value: <= 0 error, otherwise one of:
+ *  X509_PCY_TREE_VALID: valid tree
+ *  X509_PCY_TREE_EMPTY: empty tree
+ * (see tree_prune()).
+ */
 static int tree_evaluate(X509_POLICY_TREE *tree)
 {
     int ret, i;
@@ -671,19 +585,19 @@ static int tree_evaluate(X509_POLICY_TREE *tree)
     for (i = 1; i < tree->nlevel; i++, curr++) {
         cache = policy_cache_set(curr->cert);
         if (!tree_link_nodes(curr, cache))
-            return 0;
+            return X509_PCY_TREE_INTERNAL;
 
         if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY)
             && !tree_link_any(curr, cache, tree))
-            return 0;
+            return X509_PCY_TREE_INTERNAL;
+#ifdef OPENSSL_POLICY_DEBUG
         tree_print("before tree_prune()", tree, curr);
+#endif
         ret = tree_prune(tree, curr);
-        if (ret != 1)
+        if (ret != X509_PCY_TREE_VALID)
             return ret;
     }
-
-    return 1;
-
+    return X509_PCY_TREE_VALID;
 }
 
 static void exnode_free(X509_POLICY_NODE *node)
@@ -704,17 +618,12 @@ void X509_policy_tree_free(X509_POLICY_TREE *tree)
     sk_X509_POLICY_NODE_pop_free(tree->user_policies, exnode_free);
 
     for (i = 0, curr = tree->levels; i < tree->nlevel; i++, curr++) {
-        if (curr->cert)
-            X509_free(curr->cert);
-        if (curr->nodes)
-            sk_X509_POLICY_NODE_pop_free(curr->nodes, policy_node_free);
-        if (curr->anyPolicy)
-            policy_node_free(curr->anyPolicy);
+        X509_free(curr->cert);
+        sk_X509_POLICY_NODE_pop_free(curr->nodes, policy_node_free);
+        policy_node_free(curr->anyPolicy);
     }
 
-    if (tree->extra_data)
-        sk_X509_POLICY_DATA_pop_free(tree->extra_data, policy_data_free);
-
+    sk_X509_POLICY_DATA_pop_free(tree->extra_data, policy_data_free);
     OPENSSL_free(tree->levels);
     OPENSSL_free(tree);
 
@@ -723,115 +632,74 @@ void X509_policy_tree_free(X509_POLICY_TREE *tree)
 /*-
  * Application policy checking function.
  * Return codes:
- *  0   Internal Error.
- *  1   Successful.
- * -1   One or more certificates contain invalid or inconsistent extensions
- * -2   User constrained policy set empty and requireExplicit true.
+ *  X509_PCY_TREE_FAILURE:  Failure to satisfy explicit policy
+ *  X509_PCY_TREE_INVALID:  Inconsistent or invalid extensions
+ *  X509_PCY_TREE_INTERNAL: Internal error, most likely malloc
+ *  X509_PCY_TREE_VALID:    Success (null tree if empty or bare TA)
  */
-
 int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
                       STACK_OF(X509) *certs,
                       STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags)
 {
+    int init_ret;
     int ret;
     int calc_ret;
     X509_POLICY_TREE *tree = NULL;
     STACK_OF(X509_POLICY_NODE) *nodes, *auth_nodes = NULL;
-    *ptree = NULL;
 
+    *ptree = NULL;
     *pexplicit_policy = 0;
-    ret = tree_init(&tree, certs, flags);
-
-    switch (ret) {
-
-        /* Tree empty requireExplicit False: OK */
-    case 2:
-        return 1;
+    init_ret = tree_init(&tree, certs, flags);
 
-        /* Some internal error */
-    case -1:
-        return -1;
+    if (init_ret <= 0)
+        return init_ret;
 
-        /* Some internal error */
-    case 0:
-        return 0;
-
-        /* Tree empty requireExplicit True: Error */
-
-    case 6:
-        *pexplicit_policy = 1;
-        return -2;
-
-        /* Tree OK requireExplicit True: OK and continue */
-    case 5:
+    if ((init_ret & X509_PCY_TREE_EXPLICIT) == 0) {
+        if (init_ret & X509_PCY_TREE_EMPTY) {
+            X509_policy_tree_free(tree);
+            return X509_PCY_TREE_VALID;
+        }
+    } else {
         *pexplicit_policy = 1;
-        break;
-
-        /* Tree OK: continue */
-
-    case 1:
-        if (!tree)
-            /*
-             * tree_init() returns success and a null tree
-             * if it's just looking at a trust anchor.
-             * I'm not sure that returning success here is
-             * correct, but I'm sure that reporting this
-             * as an internal error which our caller
-             * interprets as a malloc failure is wrong.
-             */
-            return 1;
-        break;
+        /* Tree empty and requireExplicit True: Error */
+        if (init_ret & X509_PCY_TREE_EMPTY)
+            return X509_PCY_TREE_FAILURE;
     }
 
-    if (!tree)
-        goto error;
     ret = tree_evaluate(tree);
-
+#ifdef OPENSSL_POLICY_DEBUG
     tree_print("tree_evaluate()", tree, NULL);
-
+#endif
     if (ret <= 0)
         goto error;
 
-    /* Return value 2 means tree empty */
-    if (ret == 2) {
+    if (ret == X509_PCY_TREE_EMPTY) {
         X509_policy_tree_free(tree);
-        if (*pexplicit_policy)
-            return -2;
-        else
-            return 1;
+        if (init_ret & X509_PCY_TREE_EXPLICIT)
+            return X509_PCY_TREE_FAILURE;
+        return X509_PCY_TREE_VALID;
     }
 
     /* Tree is not empty: continue */
 
-    calc_ret = tree_calculate_authority_set(tree, &auth_nodes);
-
-    if (!calc_ret)
+    if ((calc_ret = tree_calculate_authority_set(tree, &auth_nodes)) == 0)
         goto error;
-
     ret = tree_calculate_user_set(tree, policy_oids, auth_nodes);
-
-    if (calc_ret == 2)
+    if (calc_ret == TREE_CALC_OK_DOFREE)
         sk_X509_POLICY_NODE_free(auth_nodes);
-
     if (!ret)
         goto error;
 
+    *ptree = tree;
 
-    if (tree)
-        *ptree = tree;
-
-    if (*pexplicit_policy) {
+    if (init_ret & X509_PCY_TREE_EXPLICIT) {
         nodes = X509_policy_tree_get0_user_policies(tree);
         if (sk_X509_POLICY_NODE_num(nodes) <= 0)
-            return -2;
+            return X509_PCY_TREE_FAILURE;
     }
-
-    return 1;
+    return X509_PCY_TREE_VALID;
 
  error:
-
     X509_policy_tree_free(tree);
-
-    return 0;
-
+    return X509_PCY_TREE_INTERNAL;
 }
diff --git a/freebsd/crypto/openssl/crypto/x509v3/standard_exts.h b/freebsd/crypto/openssl/crypto/x509v3/standard_exts.h
new file mode 100644
index 00000000..944f4de0
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/x509v3/standard_exts.h
@@ -0,0 +1,78 @@
+/*
+ * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This table will be searched using OBJ_bsearch so it *must* kept in order
+ * of the ext_nid values.
+ */
+
+static const X509V3_EXT_METHOD *standard_exts[] = {
+    &v3_nscert,
+    &v3_ns_ia5_list[0],
+    &v3_ns_ia5_list[1],
+    &v3_ns_ia5_list[2],
+    &v3_ns_ia5_list[3],
+    &v3_ns_ia5_list[4],
+    &v3_ns_ia5_list[5],
+    &v3_ns_ia5_list[6],
+    &v3_skey_id,
+    &v3_key_usage,
+    &v3_pkey_usage_period,
+    &v3_alt[0],
+    &v3_alt[1],
+    &v3_bcons,
+    &v3_crl_num,
+    &v3_cpols,
+    &v3_akey_id,
+    &v3_crld,
+    &v3_ext_ku,
+    &v3_delta_crl,
+    &v3_crl_reason,
+#ifndef OPENSSL_NO_OCSP
+    &v3_crl_invdate,
+#endif
+    &v3_sxnet,
+    &v3_info,
+#ifndef OPENSSL_NO_RFC3779
+    &v3_addr,
+    &v3_asid,
+#endif
+#ifndef OPENSSL_NO_OCSP
+    &v3_ocsp_nonce,
+    &v3_ocsp_crlid,
+    &v3_ocsp_accresp,
+    &v3_ocsp_nocheck,
+    &v3_ocsp_acutoff,
+    &v3_ocsp_serviceloc,
+#endif
+    &v3_sinfo,
+    &v3_policy_constraints,
+#ifndef OPENSSL_NO_OCSP
+    &v3_crl_hold,
+#endif
+    &v3_pci,
+    &v3_name_constraints,
+    &v3_policy_mappings,
+    &v3_inhibit_anyp,
+    &v3_idp,
+    &v3_alt[2],
+    &v3_freshest_crl,
+#ifndef OPENSSL_NO_CT
+    &v3_ct_scts[0],
+    &v3_ct_scts[1],
+    &v3_ct_scts[2],
+#endif
+    &v3_tls_feature,
+    &v3_ext_admission
+};
+
+/* Number of standard extensions */
+
+#define STANDARD_EXTENSION_COUNT OSSL_NELEM(standard_exts)
+
diff --git a/freebsd/crypto/openssl/crypto/x509v3/tabtest.c b/freebsd/crypto/openssl/crypto/x509v3/tabtest.c
deleted file mode 100644
index ba891321..00000000
--- a/freebsd/crypto/openssl/crypto/x509v3/tabtest.c
+++ /dev/null
@@ -1,94 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* tabtest.c */
-/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/*
- * Simple program to check the ext_dat.h is correct and print out problems if
- * it is not.
- */
-
-#include <stdio.h>
-
-#include <openssl/x509v3.h>
-
-#include "ext_dat.h"
-
-main()
-{
-    int i, prev = -1, bad = 0;
-    X509V3_EXT_METHOD **tmp;
-    i = sizeof(standard_exts) / sizeof(X509V3_EXT_METHOD *);
-    if (i != STANDARD_EXTENSION_COUNT)
-        fprintf(stderr, "Extension number invalid expecting %d\n", i);
-    tmp = standard_exts;
-    for (i = 0; i < STANDARD_EXTENSION_COUNT; i++, tmp++) {
-        if ((*tmp)->ext_nid < prev)
-            bad = 1;
-        prev = (*tmp)->ext_nid;
-
-    }
-    if (bad) {
-        tmp = standard_exts;
-        fprintf(stderr, "Extensions out of order!\n");
-        for (i = 0; i < STANDARD_EXTENSION_COUNT; i++, tmp++)
-            printf("%d : %s\n", (*tmp)->ext_nid, OBJ_nid2sn((*tmp)->ext_nid));
-    } else
-        fprintf(stderr, "Order OK\n");
-}
diff --git a/freebsd/crypto/openssl/crypto/x509v3/v3_addr.c b/freebsd/crypto/openssl/crypto/x509v3/v3_addr.c
index cbf6ef30..c0a290ce 100644
--- a/freebsd/crypto/openssl/crypto/x509v3/v3_addr.c
+++ b/freebsd/crypto/openssl/crypto/x509v3/v3_addr.c
@@ -1,60 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
 /*
- * Contributed to the OpenSSL Project by the American Registry for
- * Internet Numbers ("ARIN").
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 /*
@@ -64,12 +16,14 @@
 #include <stdio.h>
 #include <stdlib.h>
 
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/conf.h>
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
 #include <openssl/buffer.h>
 #include <openssl/x509v3.h>
+#include "internal/x509_int.h"
+#include "ext_dat.h"
 
 #ifndef OPENSSL_NO_RFC3779
 
@@ -100,7 +54,7 @@ ASN1_SEQUENCE(IPAddressFamily) = {
 ASN1_ITEM_TEMPLATE(IPAddrBlocks) =
   ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0,
                         IPAddrBlocks, IPAddressFamily)
-ASN1_ITEM_TEMPLATE_END(IPAddrBlocks)
+static_ASN1_ITEM_TEMPLATE_END(IPAddrBlocks)
 
 IMPLEMENT_ASN1_FUNCTIONS(IPAddressRange)
 IMPLEMENT_ASN1_FUNCTIONS(IPAddressOrRange)
@@ -110,7 +64,7 @@ IMPLEMENT_ASN1_FUNCTIONS(IPAddressFamily)
 /*
  * How much buffer space do we need for a raw address?
  */
-# define ADDR_RAW_BUF_LEN        16
+#define ADDR_RAW_BUF_LEN        16
 
 /*
  * What's the address length associated with this AFI?
@@ -130,7 +84,7 @@ static int length_from_afi(const unsigned afi)
 /*
  * Extract the AFI from an IPAddressFamily.
  */
-unsigned int v3_addr_get_afi(const IPAddressFamily *f)
+unsigned int X509v3_addr_get_afi(const IPAddressFamily *f)
 {
     if (f == NULL
             || f->addressFamily == NULL
@@ -167,7 +121,7 @@ static int addr_expand(unsigned char *addr,
 /*
  * Extract the prefix length from a bitstring.
  */
-# define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7)))
+#define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7)))
 
 /*
  * i2r handler for one address bitstring.
@@ -250,7 +204,7 @@ static int i2r_IPAddrBlocks(const X509V3_EXT_METHOD *method,
     int i;
     for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
         IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
-        const unsigned int afi = v3_addr_get_afi(f);
+        const unsigned int afi = X509v3_addr_get_afi(f);
         switch (afi) {
         case IANA_AFI_IPV4:
             BIO_printf(out, "%*sIPv4", indent, "");
@@ -362,7 +316,7 @@ static int IPAddressOrRange_cmp(const IPAddressOrRange *a,
 
 /*
  * IPv4-specific closure over IPAddressOrRange_cmp, since sk_sort()
- * comparision routines are only allowed two arguments.
+ * comparison routines are only allowed two arguments.
  */
 static int v4IPAddressOrRange_cmp(const IPAddressOrRange *const *a,
                                   const IPAddressOrRange *const *b)
@@ -372,7 +326,7 @@ static int v4IPAddressOrRange_cmp(const IPAddressOrRange *const *a,
 
 /*
  * IPv6-specific closure over IPAddressOrRange_cmp, since sk_sort()
- * comparision routines are only allowed two arguments.
+ * comparison routines are only allowed two arguments.
  */
 static int v6IPAddressOrRange_cmp(const IPAddressOrRange *const *a,
                                   const IPAddressOrRange *const *b)
@@ -390,7 +344,8 @@ static int range_should_be_prefix(const unsigned char *min,
     unsigned char mask;
     int i, j;
 
-    OPENSSL_assert(memcmp(min, max, length) <= 0);
+    if (memcmp(min, max, length) <= 0)
+        return -1;
     for (i = 0; i < length && min[i] == max[i]; i++) ;
     for (j = length - 1; j >= 0 && min[j] == 0x00 && max[j] == 0xFF; j--) ;
     if (i < j)
@@ -479,7 +434,6 @@ static int make_addressRange(IPAddressOrRange **result,
     if ((aor = IPAddressOrRange_new()) == NULL)
         return 0;
     aor->type = IPAddressOrRange_addressRange;
-    OPENSSL_assert(aor->u.addressRange == NULL);
     if ((aor->u.addressRange = IPAddressRange_new()) == NULL)
         goto err;
     if (aor->u.addressRange->min == NULL &&
@@ -532,7 +486,7 @@ static IPAddressFamily *make_IPAddressFamily(IPAddrBlocks *addr,
 {
     IPAddressFamily *f;
     unsigned char key[3];
-    unsigned keylen;
+    int keylen;
     int i;
 
     key[0] = (afi >> 8) & 0xFF;
@@ -546,7 +500,6 @@ static IPAddressFamily *make_IPAddressFamily(IPAddrBlocks *addr,
 
     for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
         f = sk_IPAddressFamily_value(addr, i);
-        OPENSSL_assert(f->addressFamily->data != NULL);
         if (f->addressFamily->length == keylen &&
             !memcmp(f->addressFamily->data, key, keylen))
             return f;
@@ -575,8 +528,8 @@ static IPAddressFamily *make_IPAddressFamily(IPAddrBlocks *addr,
 /*
  * Add an inheritance element.
  */
-int v3_addr_add_inherit(IPAddrBlocks *addr,
-                        const unsigned afi, const unsigned *safi)
+int X509v3_addr_add_inherit(IPAddrBlocks *addr,
+                            const unsigned afi, const unsigned *safi)
 {
     IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi);
     if (f == NULL ||
@@ -631,10 +584,10 @@ static IPAddressOrRanges *make_prefix_or_range(IPAddrBlocks *addr,
 /*
  * Add a prefix.
  */
-int v3_addr_add_prefix(IPAddrBlocks *addr,
-                       const unsigned afi,
-                       const unsigned *safi,
-                       unsigned char *a, const int prefixlen)
+int X509v3_addr_add_prefix(IPAddrBlocks *addr,
+                           const unsigned afi,
+                           const unsigned *safi,
+                           unsigned char *a, const int prefixlen)
 {
     IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi);
     IPAddressOrRange *aor;
@@ -649,10 +602,10 @@ int v3_addr_add_prefix(IPAddrBlocks *addr,
 /*
  * Add a range.
  */
-int v3_addr_add_range(IPAddrBlocks *addr,
-                      const unsigned afi,
-                      const unsigned *safi,
-                      unsigned char *min, unsigned char *max)
+int X509v3_addr_add_range(IPAddrBlocks *addr,
+                          const unsigned afi,
+                          const unsigned *safi,
+                          unsigned char *min, unsigned char *max)
 {
     IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi);
     IPAddressOrRange *aor;
@@ -689,10 +642,10 @@ static int extract_min_max(IPAddressOrRange *aor,
 /*
  * Public wrapper for extract_min_max().
  */
-int v3_addr_get_range(IPAddressOrRange *aor,
-                      const unsigned afi,
-                      unsigned char *min,
-                      unsigned char *max, const int length)
+int X509v3_addr_get_range(IPAddressOrRange *aor,
+                          const unsigned afi,
+                          unsigned char *min,
+                          unsigned char *max, const int length)
 {
     int afi_length = length_from_afi(afi);
     if (aor == NULL || min == NULL || max == NULL ||
@@ -706,7 +659,7 @@ int v3_addr_get_range(IPAddressOrRange *aor,
 }
 
 /*
- * Sort comparision function for a sequence of IPAddressFamily.
+ * Sort comparison function for a sequence of IPAddressFamily.
  *
  * The last paragraph of RFC 3779 2.2.3.3 is slightly ambiguous about
  * the ordering: I can read it as meaning that IPv6 without a SAFI
@@ -728,7 +681,7 @@ static int IPAddressFamily_cmp(const IPAddressFamily *const *a_,
 /*
  * Check whether an IPAddrBLocks is in canonical form.
  */
-int v3_addr_is_canonical(IPAddrBlocks *addr)
+int X509v3_addr_is_canonical(IPAddrBlocks *addr)
 {
     unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
     unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN];
@@ -736,7 +689,7 @@ int v3_addr_is_canonical(IPAddrBlocks *addr)
     int i, j, k;
 
     /*
-     * Empty extension is cannonical.
+     * Empty extension is canonical.
      */
     if (addr == NULL)
         return 1;
@@ -756,7 +709,7 @@ int v3_addr_is_canonical(IPAddrBlocks *addr)
      */
     for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
         IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
-        int length = length_from_afi(v3_addr_get_afi(f));
+        int length = length_from_afi(X509v3_addr_get_afi(f));
 
         /*
          * Inheritance is canonical.  Anything other than inheritance or
@@ -899,7 +852,8 @@ static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors,
         IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
         if (a != NULL && a->type == IPAddressOrRange_addressRange) {
             unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
-            extract_min_max(a, a_min, a_max, length);
+            if (!extract_min_max(a, a_min, a_max, length))
+                return 0;
             if (memcmp(a_min, a_max, length) > 0)
                 return 0;
         }
@@ -911,7 +865,7 @@ static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors,
 /*
  * Whack an IPAddrBlocks extension into canonical form.
  */
-int v3_addr_canonize(IPAddrBlocks *addr)
+int X509v3_addr_canonize(IPAddrBlocks *addr)
 {
     int i;
     for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
@@ -919,12 +873,13 @@ int v3_addr_canonize(IPAddrBlocks *addr)
         if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges &&
             !IPAddressOrRanges_canonize(f->ipAddressChoice->
                                         u.addressesOrRanges,
-                                        v3_addr_get_afi(f)))
+                                        X509v3_addr_get_afi(f)))
             return 0;
     }
     (void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp);
     sk_IPAddressFamily_sort(addr);
-    OPENSSL_assert(v3_addr_is_canonical(addr));
+    if (!ossl_assert(X509v3_addr_is_canonical(addr)))
+        return 0;
     return 1;
 }
 
@@ -950,7 +905,7 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method,
         CONF_VALUE *val = sk_CONF_VALUE_value(values, i);
         unsigned char min[ADDR_RAW_BUF_LEN], max[ADDR_RAW_BUF_LEN];
         unsigned afi, *safi = NULL, safi_;
-        const char *addr_chars;
+        const char *addr_chars = NULL;
         int prefixlen, i1, i2, delim, length;
 
         if (!name_cmp(val->name, "IPv4")) {
@@ -982,7 +937,7 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method,
         length = length_from_afi(afi);
 
         /*
-         * Handle SAFI, if any, and BUF_strdup() so we can null-terminate
+         * Handle SAFI, if any, and OPENSSL_strdup() so we can null-terminate
          * the other input values.
          */
         if (safi != NULL) {
@@ -994,9 +949,9 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method,
                 goto err;
             }
             t += strspn(t, " \t");
-            s = BUF_strdup(t);
+            s = OPENSSL_strdup(t);
         } else {
-            s = BUF_strdup(val->value);
+            s = OPENSSL_strdup(val->value);
         }
         if (s == NULL) {
             X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
@@ -1007,8 +962,8 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method,
          * Check for inheritance.  Not worth additional complexity to
          * optimize this (seldom-used) case.
          */
-        if (!strcmp(s, "inherit")) {
-            if (!v3_addr_add_inherit(addr, afi, safi)) {
+        if (strcmp(s, "inherit") == 0) {
+            if (!X509v3_addr_add_inherit(addr, afi, safi)) {
                 X509V3err(X509V3_F_V2I_IPADDRBLOCKS,
                           X509V3_R_INVALID_INHERITANCE);
                 X509V3_conf_err(val);
@@ -1039,7 +994,7 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method,
                 X509V3_conf_err(val);
                 goto err;
             }
-            if (!v3_addr_add_prefix(addr, afi, safi, min, prefixlen)) {
+            if (!X509v3_addr_add_prefix(addr, afi, safi, min, prefixlen)) {
                 X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
                 goto err;
             }
@@ -1065,13 +1020,13 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method,
                 X509V3_conf_err(val);
                 goto err;
             }
-            if (!v3_addr_add_range(addr, afi, safi, min, max)) {
+            if (!X509v3_addr_add_range(addr, afi, safi, min, max)) {
                 X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
                 goto err;
             }
             break;
         case '\0':
-            if (!v3_addr_add_prefix(addr, afi, safi, min, length * 8)) {
+            if (!X509v3_addr_add_prefix(addr, afi, safi, min, length * 8)) {
                 X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
                 goto err;
             }
@@ -1090,7 +1045,7 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method,
     /*
      * Canonize the result, then we're done.
      */
-    if (!v3_addr_canonize(addr))
+    if (!X509v3_addr_canonize(addr))
         goto err;
     return addr;
 
@@ -1120,7 +1075,7 @@ const X509V3_EXT_METHOD v3_addr = {
 /*
  * Figure out whether extension sues inheritance.
  */
-int v3_addr_inherits(IPAddrBlocks *addr)
+int X509v3_addr_inherits(IPAddrBlocks *addr)
 {
     int i;
     if (addr == NULL)
@@ -1173,12 +1128,12 @@ static int addr_contains(IPAddressOrRanges *parent,
 /*
  * Test whether a is a subset of b.
  */
-int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b)
+int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b)
 {
     int i;
     if (a == NULL || a == b)
         return 1;
-    if (b == NULL || v3_addr_inherits(a) || v3_addr_inherits(b))
+    if (b == NULL || X509v3_addr_inherits(a) || X509v3_addr_inherits(b))
         return 0;
     (void)sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp);
     for (i = 0; i < sk_IPAddressFamily_num(a); i++) {
@@ -1190,7 +1145,7 @@ int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b)
             return 0;
         if (!addr_contains(fb->ipAddressChoice->u.addressesOrRanges,
                            fa->ipAddressChoice->u.addressesOrRanges,
-                           length_from_afi(v3_addr_get_afi(fb))))
+                           length_from_afi(X509v3_addr_get_afi(fb))))
             return 0;
     }
     return 1;
@@ -1199,7 +1154,7 @@ int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b)
 /*
  * Validation error handling via callback.
  */
-# define validation_err(_err_)           \
+#define validation_err(_err_)           \
   do {                                  \
     if (ctx != NULL) {                  \
       ctx->error = _err_;               \
@@ -1221,17 +1176,21 @@ int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b)
  * When returning 0, ctx->error MUST be set to an appropriate value other than
  * X509_V_OK.
  */
-static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
-                                          STACK_OF(X509) *chain,
-                                          IPAddrBlocks *ext)
+static int addr_validate_path_internal(X509_STORE_CTX *ctx,
+                                       STACK_OF(X509) *chain,
+                                       IPAddrBlocks *ext)
 {
     IPAddrBlocks *child = NULL;
     int i, j, ret = 1;
     X509 *x;
 
-    OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0);
-    OPENSSL_assert(ctx != NULL || ext != NULL);
-    OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL);
+    if (!ossl_assert(chain != NULL && sk_X509_num(chain) > 0)
+            || !ossl_assert(ctx != NULL || ext != NULL)
+            || !ossl_assert(ctx == NULL || ctx->verify_cb != NULL)) {
+        if (ctx != NULL)
+            ctx->error = X509_V_ERR_UNSPECIFIED;
+        return 0;
+    }
 
     /*
      * Figure out where to start.  If we don't have an extension to
@@ -1244,17 +1203,17 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
     } else {
         i = 0;
         x = sk_X509_value(chain, i);
-        OPENSSL_assert(x != NULL);
         if ((ext = x->rfc3779_addr) == NULL)
             goto done;
     }
-    if (!v3_addr_is_canonical(ext))
+    if (!X509v3_addr_is_canonical(ext))
         validation_err(X509_V_ERR_INVALID_EXTENSION);
     (void)sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp);
     if ((child = sk_IPAddressFamily_dup(ext)) == NULL) {
-        X509V3err(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL,
+        X509V3err(X509V3_F_ADDR_VALIDATE_PATH_INTERNAL,
                   ERR_R_MALLOC_FAILURE);
-        ctx->error = X509_V_ERR_OUT_OF_MEM;
+        if (ctx != NULL)
+            ctx->error = X509_V_ERR_OUT_OF_MEM;
         ret = 0;
         goto done;
     }
@@ -1265,8 +1224,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
      */
     for (i++; i < sk_X509_num(chain); i++) {
         x = sk_X509_value(chain, i);
-        OPENSSL_assert(x != NULL);
-        if (!v3_addr_is_canonical(x->rfc3779_addr))
+        if (!X509v3_addr_is_canonical(x->rfc3779_addr))
             validation_err(X509_V_ERR_INVALID_EXTENSION);
         if (x->rfc3779_addr == NULL) {
             for (j = 0; j < sk_IPAddressFamily_num(child); j++) {
@@ -1298,7 +1256,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
                 if (fc->ipAddressChoice->type == IPAddressChoice_inherit
                     || addr_contains(fp->ipAddressChoice->u.addressesOrRanges,
                                      fc->ipAddressChoice->u.addressesOrRanges,
-                                     length_from_afi(v3_addr_get_afi(fc))))
+                                     length_from_afi(X509v3_addr_get_afi(fc))))
                     sk_IPAddressFamily_set(child, j, fp);
                 else
                     validation_err(X509_V_ERR_UNNESTED_RESOURCE);
@@ -1309,7 +1267,6 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
     /*
      * Trust anchor can't inherit.
      */
-    OPENSSL_assert(x != NULL);
     if (x->rfc3779_addr != NULL) {
         for (j = 0; j < sk_IPAddressFamily_num(x->rfc3779_addr); j++) {
             IPAddressFamily *fp =
@@ -1325,30 +1282,36 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
     return ret;
 }
 
-# undef validation_err
+#undef validation_err
 
 /*
  * RFC 3779 2.3 path validation -- called from X509_verify_cert().
  */
-int v3_addr_validate_path(X509_STORE_CTX *ctx)
+int X509v3_addr_validate_path(X509_STORE_CTX *ctx)
 {
-    return v3_addr_validate_path_internal(ctx, ctx->chain, NULL);
+    if (ctx->chain == NULL
+            || sk_X509_num(ctx->chain) == 0
+            || ctx->verify_cb == NULL) {
+        ctx->error = X509_V_ERR_UNSPECIFIED;
+        return 0;
+    }
+    return addr_validate_path_internal(ctx, ctx->chain, NULL);
 }
 
 /*
  * RFC 3779 2.3 path validation of an extension.
  * Test whether chain covers extension.
  */
-int v3_addr_validate_resource_set(STACK_OF(X509) *chain,
+int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain,
                                   IPAddrBlocks *ext, int allow_inheritance)
 {
     if (ext == NULL)
         return 1;
     if (chain == NULL || sk_X509_num(chain) == 0)
         return 0;
-    if (!allow_inheritance && v3_addr_inherits(ext))
+    if (!allow_inheritance && X509v3_addr_inherits(ext))
         return 0;
-    return v3_addr_validate_path_internal(NULL, chain, ext);
+    return addr_validate_path_internal(NULL, chain, ext);
 }
 
 #endif                          /* OPENSSL_NO_RFC3779 */
diff --git a/freebsd/crypto/openssl/crypto/x509v3/v3_admis.c b/freebsd/crypto/openssl/crypto/x509v3/v3_admis.c
new file mode 100644
index 00000000..15909ee1
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/x509v3/v3_admis.c
@@ -0,0 +1,358 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/ossl_typ.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+
+#include <openssl/x509v3.h>
+
+#include <openssl/safestack.h>
+
+#include "v3_admis.h"
+#include "ext_dat.h"
+
+
+ASN1_SEQUENCE(NAMING_AUTHORITY) = {
+    ASN1_OPT(NAMING_AUTHORITY, namingAuthorityId, ASN1_OBJECT),
+    ASN1_OPT(NAMING_AUTHORITY, namingAuthorityUrl, ASN1_IA5STRING),
+    ASN1_OPT(NAMING_AUTHORITY, namingAuthorityText, DIRECTORYSTRING),
+} ASN1_SEQUENCE_END(NAMING_AUTHORITY)
+
+ASN1_SEQUENCE(PROFESSION_INFO) = {
+    ASN1_EXP_OPT(PROFESSION_INFO, namingAuthority, NAMING_AUTHORITY, 0),
+    ASN1_SEQUENCE_OF(PROFESSION_INFO, professionItems, DIRECTORYSTRING),
+    ASN1_SEQUENCE_OF_OPT(PROFESSION_INFO, professionOIDs, ASN1_OBJECT),
+    ASN1_OPT(PROFESSION_INFO, registrationNumber, ASN1_PRINTABLESTRING),
+    ASN1_OPT(PROFESSION_INFO, addProfessionInfo, ASN1_OCTET_STRING),
+} ASN1_SEQUENCE_END(PROFESSION_INFO)
+
+ASN1_SEQUENCE(ADMISSIONS) = {
+    ASN1_EXP_OPT(ADMISSIONS, admissionAuthority, GENERAL_NAME, 0),
+    ASN1_EXP_OPT(ADMISSIONS, namingAuthority, NAMING_AUTHORITY, 1),
+    ASN1_SEQUENCE_OF(ADMISSIONS, professionInfos, PROFESSION_INFO),
+} ASN1_SEQUENCE_END(ADMISSIONS)
+
+ASN1_SEQUENCE(ADMISSION_SYNTAX) = {
+    ASN1_OPT(ADMISSION_SYNTAX, admissionAuthority, GENERAL_NAME),
+    ASN1_SEQUENCE_OF(ADMISSION_SYNTAX, contentsOfAdmissions, ADMISSIONS),
+} ASN1_SEQUENCE_END(ADMISSION_SYNTAX)
+
+IMPLEMENT_ASN1_FUNCTIONS(NAMING_AUTHORITY)
+IMPLEMENT_ASN1_FUNCTIONS(PROFESSION_INFO)
+IMPLEMENT_ASN1_FUNCTIONS(ADMISSIONS)
+IMPLEMENT_ASN1_FUNCTIONS(ADMISSION_SYNTAX)
+
+static int i2r_ADMISSION_SYNTAX(const struct v3_ext_method *method, void *in,
+                                BIO *bp, int ind);
+
+const X509V3_EXT_METHOD v3_ext_admission = {
+    NID_x509ExtAdmission,   /* .ext_nid = */
+    0,                      /* .ext_flags = */
+    ASN1_ITEM_ref(ADMISSION_SYNTAX), /* .it = */
+    NULL, NULL, NULL, NULL,
+    NULL,                   /* .i2s = */
+    NULL,                   /* .s2i = */
+    NULL,                   /* .i2v = */
+    NULL,                   /* .v2i = */
+    &i2r_ADMISSION_SYNTAX,  /* .i2r = */
+    NULL,                   /* .r2i = */
+    NULL                    /* extension-specific data */
+};
+
+
+static int i2r_NAMING_AUTHORITY(const struct v3_ext_method *method, void *in,
+                                BIO *bp, int ind)
+{
+    NAMING_AUTHORITY * namingAuthority = (NAMING_AUTHORITY*) in;
+
+    if (namingAuthority == NULL)
+        return 0;
+
+    if (namingAuthority->namingAuthorityId == NULL
+        && namingAuthority->namingAuthorityText == NULL
+        && namingAuthority->namingAuthorityUrl == NULL)
+        return 0;
+
+    if (BIO_printf(bp, "%*snamingAuthority: ", ind, "") <= 0)
+        goto err;
+
+    if (namingAuthority->namingAuthorityId != NULL) {
+        char objbuf[128];
+        const char *ln = OBJ_nid2ln(OBJ_obj2nid(namingAuthority->namingAuthorityId));
+
+        if (BIO_printf(bp, "%*s  admissionAuthorityId: ", ind, "") <= 0)
+            goto err;
+
+        OBJ_obj2txt(objbuf, sizeof(objbuf), namingAuthority->namingAuthorityId, 1);
+
+        if (BIO_printf(bp, "%s%s%s%s\n", ln ? ln : "",
+                       ln ? " (" : "", objbuf, ln ? ")" : "") <= 0)
+            goto err;
+    }
+    if (namingAuthority->namingAuthorityText != NULL) {
+        if (BIO_printf(bp, "%*s  namingAuthorityText: ", ind, "") <= 0
+            || ASN1_STRING_print(bp, namingAuthority->namingAuthorityText) <= 0
+            || BIO_printf(bp, "\n") <= 0)
+            goto err;
+    }
+    if (namingAuthority->namingAuthorityUrl != NULL ) {
+        if (BIO_printf(bp, "%*s  namingAuthorityUrl: ", ind, "") <= 0
+            || ASN1_STRING_print(bp, namingAuthority->namingAuthorityUrl) <= 0
+            || BIO_printf(bp, "\n") <= 0)
+            goto err;
+    }
+    return 1;
+
+err:
+    return 0;
+}
+
+static int i2r_ADMISSION_SYNTAX(const struct v3_ext_method *method, void *in,
+                                BIO *bp, int ind)
+{
+    ADMISSION_SYNTAX * admission = (ADMISSION_SYNTAX *)in;
+    int i, j, k;
+
+    if (admission->admissionAuthority != NULL) {
+        if (BIO_printf(bp, "%*sadmissionAuthority:\n", ind, "") <= 0
+            || BIO_printf(bp, "%*s  ", ind, "") <= 0
+            || GENERAL_NAME_print(bp, admission->admissionAuthority) <= 0
+            || BIO_printf(bp, "\n") <= 0)
+            goto err;
+    }
+
+    for (i = 0; i < sk_ADMISSIONS_num(admission->contentsOfAdmissions); i++) {
+        ADMISSIONS* entry = sk_ADMISSIONS_value(admission->contentsOfAdmissions, i);
+
+        if (BIO_printf(bp, "%*sEntry %0d:\n", ind, "", 1 + i) <= 0) goto err;
+
+        if (entry->admissionAuthority != NULL) {
+            if (BIO_printf(bp, "%*s  admissionAuthority:\n", ind, "") <= 0
+                || BIO_printf(bp, "%*s    ", ind, "") <= 0
+                || GENERAL_NAME_print(bp, entry->admissionAuthority) <= 0
+                || BIO_printf(bp, "\n") <= 0)
+                goto err;
+        }
+
+        if (entry->namingAuthority != NULL) {
+            if (i2r_NAMING_AUTHORITY(method, entry->namingAuthority, bp, ind) <= 0)
+                goto err;
+        }
+
+        for (j = 0; j < sk_PROFESSION_INFO_num(entry->professionInfos); j++) {
+            PROFESSION_INFO* pinfo = sk_PROFESSION_INFO_value(entry->professionInfos, j);
+
+            if (BIO_printf(bp, "%*s  Profession Info Entry %0d:\n", ind, "", 1 + j) <= 0)
+                goto err;
+
+            if (pinfo->registrationNumber != NULL) {
+                if (BIO_printf(bp, "%*s    registrationNumber: ", ind, "") <= 0
+                    || ASN1_STRING_print(bp, pinfo->registrationNumber) <= 0
+                    || BIO_printf(bp, "\n") <= 0)
+                    goto err;
+            }
+
+            if (pinfo->namingAuthority != NULL) {
+                if (i2r_NAMING_AUTHORITY(method, pinfo->namingAuthority, bp, ind + 2) <= 0)
+                    goto err;
+            }
+
+            if (pinfo->professionItems != NULL) {
+
+                if (BIO_printf(bp, "%*s    Info Entries:\n", ind, "") <= 0)
+                    goto err;
+                for (k = 0; k < sk_ASN1_STRING_num(pinfo->professionItems); k++) {
+                    ASN1_STRING* val = sk_ASN1_STRING_value(pinfo->professionItems, k);
+
+                    if (BIO_printf(bp, "%*s      ", ind, "") <= 0
+                        || ASN1_STRING_print(bp, val) <= 0
+                        || BIO_printf(bp, "\n") <= 0)
+                        goto err;
+                }
+            }
+
+            if (pinfo->professionOIDs != NULL) {
+                if (BIO_printf(bp, "%*s    Profession OIDs:\n", ind, "") <= 0)
+                    goto err;
+                for (k = 0; k < sk_ASN1_OBJECT_num(pinfo->professionOIDs); k++) {
+                    ASN1_OBJECT* obj = sk_ASN1_OBJECT_value(pinfo->professionOIDs, k);
+                    const char *ln = OBJ_nid2ln(OBJ_obj2nid(obj));
+                    char objbuf[128];
+
+                    OBJ_obj2txt(objbuf, sizeof(objbuf), obj, 1);
+                    if (BIO_printf(bp, "%*s      %s%s%s%s\n", ind, "",
+                                   ln ? ln : "", ln ? " (" : "",
+                                   objbuf, ln ? ")" : "") <= 0)
+                        goto err;
+                }
+            }
+        }
+    }
+    return 1;
+
+err:
+    return -1;
+}
+
+const ASN1_OBJECT *NAMING_AUTHORITY_get0_authorityId(const NAMING_AUTHORITY *n)
+{
+    return n->namingAuthorityId;
+}
+
+void NAMING_AUTHORITY_set0_authorityId(NAMING_AUTHORITY *n, ASN1_OBJECT* id)
+{
+    ASN1_OBJECT_free(n->namingAuthorityId);
+    n->namingAuthorityId = id;
+}
+
+const ASN1_IA5STRING *NAMING_AUTHORITY_get0_authorityURL(
+    const NAMING_AUTHORITY *n)
+{
+    return n->namingAuthorityUrl;
+}
+
+void NAMING_AUTHORITY_set0_authorityURL(NAMING_AUTHORITY *n, ASN1_IA5STRING* u)
+{
+    ASN1_IA5STRING_free(n->namingAuthorityUrl);
+    n->namingAuthorityUrl = u;
+}
+
+const ASN1_STRING *NAMING_AUTHORITY_get0_authorityText(
+    const NAMING_AUTHORITY *n)
+{
+    return n->namingAuthorityText;
+}
+
+void NAMING_AUTHORITY_set0_authorityText(NAMING_AUTHORITY *n, ASN1_STRING* t)
+{
+    ASN1_IA5STRING_free(n->namingAuthorityText);
+    n->namingAuthorityText = t;
+}
+
+const GENERAL_NAME *ADMISSION_SYNTAX_get0_admissionAuthority(const ADMISSION_SYNTAX *as)
+{
+    return as->admissionAuthority;
+}
+
+void ADMISSION_SYNTAX_set0_admissionAuthority(ADMISSION_SYNTAX *as,
+                                              GENERAL_NAME *aa)
+{
+    GENERAL_NAME_free(as->admissionAuthority);
+    as->admissionAuthority = aa;
+}
+
+const STACK_OF(ADMISSIONS) *ADMISSION_SYNTAX_get0_contentsOfAdmissions(const ADMISSION_SYNTAX *as)
+{
+    return as->contentsOfAdmissions;
+}
+
+void ADMISSION_SYNTAX_set0_contentsOfAdmissions(ADMISSION_SYNTAX *as,
+                                                STACK_OF(ADMISSIONS) *a)
+{
+    sk_ADMISSIONS_pop_free(as->contentsOfAdmissions, ADMISSIONS_free);
+    as->contentsOfAdmissions = a;
+}
+
+const GENERAL_NAME *ADMISSIONS_get0_admissionAuthority(const ADMISSIONS *a)
+{
+    return a->admissionAuthority;
+}
+
+void ADMISSIONS_set0_admissionAuthority(ADMISSIONS *a, GENERAL_NAME *aa)
+{
+    GENERAL_NAME_free(a->admissionAuthority);
+    a->admissionAuthority = aa;
+}
+
+const NAMING_AUTHORITY *ADMISSIONS_get0_namingAuthority(const ADMISSIONS *a)
+{
+    return a->namingAuthority;
+}
+
+void ADMISSIONS_set0_namingAuthority(ADMISSIONS *a, NAMING_AUTHORITY *na)
+{
+    NAMING_AUTHORITY_free(a->namingAuthority);
+    a->namingAuthority = na;
+}
+
+const PROFESSION_INFOS *ADMISSIONS_get0_professionInfos(const ADMISSIONS *a)
+{
+    return a->professionInfos;
+}
+
+void ADMISSIONS_set0_professionInfos(ADMISSIONS *a, PROFESSION_INFOS *pi)
+{
+    sk_PROFESSION_INFO_pop_free(a->professionInfos, PROFESSION_INFO_free);
+    a->professionInfos = pi;
+}
+
+const ASN1_OCTET_STRING *PROFESSION_INFO_get0_addProfessionInfo(const PROFESSION_INFO *pi)
+{
+    return pi->addProfessionInfo;
+}
+
+void PROFESSION_INFO_set0_addProfessionInfo(PROFESSION_INFO *pi,
+                                            ASN1_OCTET_STRING *aos)
+{
+    ASN1_OCTET_STRING_free(pi->addProfessionInfo);
+    pi->addProfessionInfo = aos;
+}
+
+const NAMING_AUTHORITY *PROFESSION_INFO_get0_namingAuthority(const PROFESSION_INFO *pi)
+{
+    return pi->namingAuthority;
+}
+
+void PROFESSION_INFO_set0_namingAuthority(PROFESSION_INFO *pi,
+                                          NAMING_AUTHORITY *na)
+{
+    NAMING_AUTHORITY_free(pi->namingAuthority);
+    pi->namingAuthority = na;
+}
+
+const STACK_OF(ASN1_STRING) *PROFESSION_INFO_get0_professionItems(const PROFESSION_INFO *pi)
+{
+    return pi->professionItems;
+}
+
+void PROFESSION_INFO_set0_professionItems(PROFESSION_INFO *pi,
+                                          STACK_OF(ASN1_STRING) *as)
+{
+    sk_ASN1_STRING_pop_free(pi->professionItems, ASN1_STRING_free);
+    pi->professionItems = as;
+}
+
+const STACK_OF(ASN1_OBJECT) *PROFESSION_INFO_get0_professionOIDs(const PROFESSION_INFO *pi)
+{
+    return pi->professionOIDs;
+}
+
+void PROFESSION_INFO_set0_professionOIDs(PROFESSION_INFO *pi,
+                                         STACK_OF(ASN1_OBJECT) *po)
+{
+    sk_ASN1_OBJECT_pop_free(pi->professionOIDs, ASN1_OBJECT_free);
+    pi->professionOIDs = po;
+}
+
+const ASN1_PRINTABLESTRING *PROFESSION_INFO_get0_registrationNumber(const PROFESSION_INFO *pi)
+{
+    return pi->registrationNumber;
+}
+
+void PROFESSION_INFO_set0_registrationNumber(PROFESSION_INFO *pi,
+                                             ASN1_PRINTABLESTRING *rn)
+{
+    ASN1_PRINTABLESTRING_free(pi->registrationNumber);
+    pi->registrationNumber = rn;
+}
diff --git a/freebsd/crypto/openssl/crypto/x509v3/v3_admis.h b/freebsd/crypto/openssl/crypto/x509v3/v3_admis.h
new file mode 100644
index 00000000..fa23fc76
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/x509v3/v3_admis.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_V3_ADMISSION_H
+# define HEADER_V3_ADMISSION_H
+
+struct NamingAuthority_st {
+    ASN1_OBJECT* namingAuthorityId;
+    ASN1_IA5STRING* namingAuthorityUrl;
+    ASN1_STRING* namingAuthorityText;          /* i.e. DIRECTORYSTRING */
+};
+
+struct ProfessionInfo_st {
+    NAMING_AUTHORITY* namingAuthority;
+    STACK_OF(ASN1_STRING)* professionItems;    /* i.e. DIRECTORYSTRING */
+    STACK_OF(ASN1_OBJECT)* professionOIDs;
+    ASN1_PRINTABLESTRING* registrationNumber;
+    ASN1_OCTET_STRING* addProfessionInfo;
+};
+
+struct Admissions_st {
+    GENERAL_NAME* admissionAuthority;
+    NAMING_AUTHORITY* namingAuthority;
+    STACK_OF(PROFESSION_INFO)* professionInfos;
+};
+
+struct AdmissionSyntax_st {
+    GENERAL_NAME* admissionAuthority;
+    STACK_OF(ADMISSIONS)* contentsOfAdmissions;
+};
+
+#endif
diff --git a/freebsd/crypto/openssl/crypto/x509v3/v3_akey.c b/freebsd/crypto/openssl/crypto/x509v3/v3_akey.c
index a1d830ef..cc2841d6 100644
--- a/freebsd/crypto/openssl/crypto/x509v3/v3_akey.c
+++ b/freebsd/crypto/openssl/crypto/x509v3/v3_akey.c
@@ -1,70 +1,21 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* v3_akey.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/conf.h>
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
 #include <openssl/x509v3.h>
+#include "ext_dat.h"
 
 static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
                                                  AUTHORITY_KEYID *akeyid,
@@ -92,14 +43,14 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
 {
     char *tmp;
     if (akeyid->keyid) {
-        tmp = hex_to_string(akeyid->keyid->data, akeyid->keyid->length);
+        tmp = OPENSSL_buf2hexstr(akeyid->keyid->data, akeyid->keyid->length);
         X509V3_add_value("keyid", tmp, &extlist);
         OPENSSL_free(tmp);
     }
     if (akeyid->issuer)
         extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist);
     if (akeyid->serial) {
-        tmp = hex_to_string(akeyid->serial->data, akeyid->serial->length);
+        tmp = OPENSSL_buf2hexstr(akeyid->serial->data, akeyid->serial->length);
         X509V3_add_value("serial", tmp, &extlist);
         OPENSSL_free(tmp);
     }
@@ -133,13 +84,13 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
 
     for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
         cnf = sk_CONF_VALUE_value(values, i);
-        if (!strcmp(cnf->name, "keyid")) {
+        if (strcmp(cnf->name, "keyid") == 0) {
             keyid = 1;
-            if (cnf->value && !strcmp(cnf->value, "always"))
+            if (cnf->value && strcmp(cnf->value, "always") == 0)
                 keyid = 2;
-        } else if (!strcmp(cnf->name, "issuer")) {
+        } else if (strcmp(cnf->name, "issuer") == 0) {
             issuer = 1;
-            if (cnf->value && !strcmp(cnf->value, "always"))
+            if (cnf->value && strcmp(cnf->value, "always") == 0)
                 issuer = 2;
         } else {
             X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, X509V3_R_UNKNOWN_OPTION);
@@ -171,7 +122,7 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
 
     if ((issuer && !ikeyid) || (issuer == 2)) {
         isname = X509_NAME_dup(X509_get_issuer_name(cert));
-        serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert));
+        serial = ASN1_INTEGER_dup(X509_get_serialNumber(cert));
         if (!isname || !serial) {
             X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,
                       X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS);
@@ -179,12 +130,12 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
         }
     }
 
-    if (!(akeyid = AUTHORITY_KEYID_new()))
+    if ((akeyid = AUTHORITY_KEYID_new()) == NULL)
         goto err;
 
     if (isname) {
-        if (!(gens = sk_GENERAL_NAME_new_null())
-            || !(gen = GENERAL_NAME_new())
+        if ((gens = sk_GENERAL_NAME_new_null()) == NULL
+            || (gen = GENERAL_NAME_new()) == NULL
             || !sk_GENERAL_NAME_push(gens, gen)) {
             X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, ERR_R_MALLOC_FAILURE);
             goto err;
@@ -194,14 +145,18 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
     }
 
     akeyid->issuer = gens;
+    gen = NULL;
+    gens = NULL;
     akeyid->serial = serial;
     akeyid->keyid = ikeyid;
 
     return akeyid;
 
  err:
+    sk_GENERAL_NAME_free(gens);
+    GENERAL_NAME_free(gen);
     X509_NAME_free(isname);
-    M_ASN1_INTEGER_free(serial);
-    M_ASN1_OCTET_STRING_free(ikeyid);
+    ASN1_INTEGER_free(serial);
+    ASN1_OCTET_STRING_free(ikeyid);
     return NULL;
 }
diff --git a/freebsd/crypto/openssl/crypto/x509v3/v3_akeya.c b/freebsd/crypto/openssl/crypto/x509v3/v3_akeya.c
index 7fb1e027..a0ac5fb2 100644
--- a/freebsd/crypto/openssl/crypto/x509v3/v3_akeya.c
+++ b/freebsd/crypto/openssl/crypto/x509v3/v3_akeya.c
@@ -1,66 +1,16 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* v3_akey_asn1.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/conf.h>
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
diff --git a/freebsd/crypto/openssl/crypto/x509v3/v3_alt.c b/freebsd/crypto/openssl/crypto/x509v3/v3_alt.c
index d00765e7..cf02a773 100644
--- a/freebsd/crypto/openssl/crypto/x509v3/v3_alt.c
+++ b/freebsd/crypto/openssl/crypto/x509v3/v3_alt.c
@@ -1,68 +1,19 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* v3_alt.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 1999-2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
+#include "ext_dat.h"
 
 static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method,
                                       X509V3_CTX *ctx,
@@ -72,10 +23,10 @@ static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method,
                                      STACK_OF(CONF_VALUE) *nval);
 static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p);
 static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens);
-static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx);
-static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx);
+static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx);
+static int do_dirname(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx);
 
-const X509V3_EXT_METHOD v3_alt[] = {
+const X509V3_EXT_METHOD v3_alt[3] = {
     {NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
      0, 0, 0, 0,
      0, 0,
@@ -119,6 +70,7 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
     unsigned char *p;
     char oline[256], htmp[5];
     int i;
+
     switch (gen->type) {
     case GEN_OTHERNAME:
         if (!X509V3_add_value("othername", "<unsupported>", &ret))
@@ -151,7 +103,7 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
         break;
 
     case GEN_DIRNAME:
-        if (X509_NAME_oneline(gen->d.dirn, oline, 256) == NULL
+        if (X509_NAME_oneline(gen->d.dirn, oline, sizeof(oline)) == NULL
                 || !X509V3_add_value("DirName", oline, &ret))
             return NULL;
         break;
@@ -159,8 +111,8 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
     case GEN_IPADD:
         p = gen->d.ip->data;
         if (gen->d.ip->length == 4)
-            BIO_snprintf(oline, sizeof(oline),
-                         "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
+            BIO_snprintf(oline, sizeof(oline), "%d.%d.%d.%d",
+                         p[0], p[1], p[2], p[3]);
         else if (gen->d.ip->length == 16) {
             oline[0] = 0;
             for (i = 0; i < 8; i++) {
@@ -219,7 +171,7 @@ int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen)
         break;
 
     case GEN_DIRNAME:
-        BIO_printf(out, "DirName: ");
+        BIO_printf(out, "DirName:");
         X509_NAME_print_ex(out, gen->d.dirn, 0, XN_FLAG_ONELINE);
         break;
 
@@ -241,7 +193,7 @@ int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen)
         break;
 
     case GEN_RID:
-        BIO_printf(out, "Registered ID");
+        BIO_printf(out, "Registered ID:");
         i2a_ASN1_OBJECT(out, gen->d.rid);
         break;
     }
@@ -252,24 +204,28 @@ static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method,
                                      X509V3_CTX *ctx,
                                      STACK_OF(CONF_VALUE) *nval)
 {
-    GENERAL_NAMES *gens = NULL;
-    CONF_VALUE *cnf;
+    const int num = sk_CONF_VALUE_num(nval);
+    GENERAL_NAMES *gens = sk_GENERAL_NAME_new_reserve(NULL, num);
     int i;
-    if (!(gens = sk_GENERAL_NAME_new_null())) {
+
+    if (gens == NULL) {
         X509V3err(X509V3_F_V2I_ISSUER_ALT, ERR_R_MALLOC_FAILURE);
+        sk_GENERAL_NAME_free(gens);
         return NULL;
     }
-    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
-        cnf = sk_CONF_VALUE_value(nval, i);
-        if (!name_cmp(cnf->name, "issuer") && cnf->value &&
-            !strcmp(cnf->value, "copy")) {
+    for (i = 0; i < num; i++) {
+        CONF_VALUE *cnf = sk_CONF_VALUE_value(nval, i);
+
+        if (!name_cmp(cnf->name, "issuer")
+            && cnf->value && strcmp(cnf->value, "copy") == 0) {
             if (!copy_issuer(ctx, gens))
                 goto err;
         } else {
-            GENERAL_NAME *gen;
-            if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
+            GENERAL_NAME *gen = v2i_GENERAL_NAME(method, ctx, cnf);
+
+            if (gen == NULL)
                 goto err;
-            sk_GENERAL_NAME_push(gens, gen);
+            sk_GENERAL_NAME_push(gens, gen); /* no failure as it was reserved */
         }
     }
     return gens;
@@ -285,7 +241,8 @@ static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens)
     GENERAL_NAMES *ialt;
     GENERAL_NAME *gen;
     X509_EXTENSION *ext;
-    int i;
+    int i, num;
+
     if (ctx && (ctx->flags == CTX_TEST))
         return 1;
     if (!ctx || !ctx->issuer_cert) {
@@ -295,18 +252,21 @@ static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens)
     i = X509_get_ext_by_NID(ctx->issuer_cert, NID_subject_alt_name, -1);
     if (i < 0)
         return 1;
-    if (!(ext = X509_get_ext(ctx->issuer_cert, i)) ||
-        !(ialt = X509V3_EXT_d2i(ext))) {
+    if ((ext = X509_get_ext(ctx->issuer_cert, i)) == NULL
+        || (ialt = X509V3_EXT_d2i(ext)) == NULL) {
         X509V3err(X509V3_F_COPY_ISSUER, X509V3_R_ISSUER_DECODE_ERROR);
         goto err;
     }
 
-    for (i = 0; i < sk_GENERAL_NAME_num(ialt); i++) {
+    num = sk_GENERAL_NAME_num(ialt);
+    if (!sk_GENERAL_NAME_reserve(gens, num)) {
+        X509V3err(X509V3_F_COPY_ISSUER, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    for (i = 0; i < num; i++) {
         gen = sk_GENERAL_NAME_value(ialt, i);
-        if (!sk_GENERAL_NAME_push(gens, gen)) {
-            X509V3err(X509V3_F_COPY_ISSUER, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
+        sk_GENERAL_NAME_push(gens, gen);     /* no failure as it was reserved */
     }
     sk_GENERAL_NAME_free(ialt);
 
@@ -321,28 +281,33 @@ static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method,
                                       X509V3_CTX *ctx,
                                       STACK_OF(CONF_VALUE) *nval)
 {
-    GENERAL_NAMES *gens = NULL;
+    GENERAL_NAMES *gens;
     CONF_VALUE *cnf;
+    const int num = sk_CONF_VALUE_num(nval);
     int i;
-    if (!(gens = sk_GENERAL_NAME_new_null())) {
+
+    gens = sk_GENERAL_NAME_new_reserve(NULL, num);
+    if (gens == NULL) {
         X509V3err(X509V3_F_V2I_SUBJECT_ALT, ERR_R_MALLOC_FAILURE);
+        sk_GENERAL_NAME_free(gens);
         return NULL;
     }
-    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+
+    for (i = 0; i < num; i++) {
         cnf = sk_CONF_VALUE_value(nval, i);
-        if (!name_cmp(cnf->name, "email") && cnf->value &&
-            !strcmp(cnf->value, "copy")) {
+        if (!name_cmp(cnf->name, "email")
+            && cnf->value && strcmp(cnf->value, "copy") == 0) {
             if (!copy_email(ctx, gens, 0))
                 goto err;
-        } else if (!name_cmp(cnf->name, "email") && cnf->value &&
-                   !strcmp(cnf->value, "move")) {
+        } else if (!name_cmp(cnf->name, "email")
+                   && cnf->value && strcmp(cnf->value, "move") == 0) {
             if (!copy_email(ctx, gens, 1))
                 goto err;
         } else {
             GENERAL_NAME *gen;
-            if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
+            if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL)
                 goto err;
-            sk_GENERAL_NAME_push(gens, gen);
+            sk_GENERAL_NAME_push(gens, gen); /* no failure as it was reserved */
         }
     }
     return gens;
@@ -361,10 +326,12 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
     ASN1_IA5STRING *email = NULL;
     X509_NAME_ENTRY *ne;
     GENERAL_NAME *gen = NULL;
-    int i;
+    int i = -1;
+
     if (ctx != NULL && ctx->flags == CTX_TEST)
         return 1;
-    if (!ctx || (!ctx->subject_cert && !ctx->subject_req)) {
+    if (ctx == NULL
+        || (ctx->subject_cert == NULL && ctx->subject_req == NULL)) {
         X509V3err(X509V3_F_COPY_EMAIL, X509V3_R_NO_SUBJECT_DETAILS);
         goto err;
     }
@@ -375,17 +342,16 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
         nm = X509_REQ_get_subject_name(ctx->subject_req);
 
     /* Now add any email address(es) to STACK */
-    i = -1;
     while ((i = X509_NAME_get_index_by_NID(nm,
                                            NID_pkcs9_emailAddress, i)) >= 0) {
         ne = X509_NAME_get_entry(nm, i);
-        email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne));
+        email = ASN1_STRING_dup(X509_NAME_ENTRY_get_data(ne));
         if (move_p) {
             X509_NAME_delete_entry(nm, i);
             X509_NAME_ENTRY_free(ne);
             i--;
         }
-        if (!email || !(gen = GENERAL_NAME_new())) {
+        if (email == NULL || (gen = GENERAL_NAME_new()) == NULL) {
             X509V3err(X509V3_F_COPY_EMAIL, ERR_R_MALLOC_FAILURE);
             goto err;
         }
@@ -403,7 +369,7 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
 
  err:
     GENERAL_NAME_free(gen);
-    M_ASN1_IA5STRING_free(email);
+    ASN1_IA5STRING_free(email);
     return 0;
 
 }
@@ -412,18 +378,23 @@ GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method,
                                  X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
 {
     GENERAL_NAME *gen;
-    GENERAL_NAMES *gens = NULL;
+    GENERAL_NAMES *gens;
     CONF_VALUE *cnf;
+    const int num = sk_CONF_VALUE_num(nval);
     int i;
-    if (!(gens = sk_GENERAL_NAME_new_null())) {
+
+    gens = sk_GENERAL_NAME_new_reserve(NULL, num);
+    if (gens == NULL) {
         X509V3err(X509V3_F_V2I_GENERAL_NAMES, ERR_R_MALLOC_FAILURE);
+        sk_GENERAL_NAME_free(gens);
         return NULL;
     }
-    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+
+    for (i = 0; i < num; i++) {
         cnf = sk_CONF_VALUE_value(nval, i);
-        if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
+        if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL)
             goto err;
-        sk_GENERAL_NAME_push(gens, gen);
+        sk_GENERAL_NAME_push(gens, gen);    /* no failure as it was reserved */
     }
     return gens;
  err:
@@ -439,7 +410,7 @@ GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method,
 
 GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
                                const X509V3_EXT_METHOD *method,
-                               X509V3_CTX *ctx, int gen_type, char *value,
+                               X509V3_CTX *ctx, int gen_type, const char *value,
                                int is_nc)
 {
     char is_string = 0;
@@ -470,7 +441,7 @@ GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
     case GEN_RID:
         {
             ASN1_OBJECT *obj;
-            if (!(obj = OBJ_txt2obj(value, 0))) {
+            if ((obj = OBJ_txt2obj(value, 0)) == NULL) {
                 X509V3err(X509V3_F_A2I_GENERAL_NAME, X509V3_R_BAD_OBJECT);
                 ERR_add_error_data(2, "value=", value);
                 goto err;
@@ -510,7 +481,7 @@ GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
     }
 
     if (is_string) {
-        if (!(gen->d.ia5 = M_ASN1_IA5STRING_new()) ||
+        if ((gen->d.ia5 = ASN1_IA5STRING_new()) == NULL ||
             !ASN1_STRING_set(gen->d.ia5, (unsigned char *)value,
                              strlen(value))) {
             X509V3err(X509V3_F_A2I_GENERAL_NAME, ERR_R_MALLOC_FAILURE);
@@ -568,27 +539,26 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
 
 }
 
-static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
+static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx)
 {
     char *objtmp = NULL, *p;
     int objlen;
-    if (!(p = strchr(value, ';')))
+
+    if ((p = strchr(value, ';')) == NULL)
         return 0;
-    if (!(gen->d.otherName = OTHERNAME_new()))
+    if ((gen->d.otherName = OTHERNAME_new()) == NULL)
         return 0;
     /*
      * Free this up because we will overwrite it. no need to free type_id
      * because it is static
      */
     ASN1_TYPE_free(gen->d.otherName->value);
-    if (!(gen->d.otherName->value = ASN1_generate_v3(p + 1, ctx)))
+    if ((gen->d.otherName->value = ASN1_generate_v3(p + 1, ctx)) == NULL)
         return 0;
     objlen = p - value;
-    objtmp = OPENSSL_malloc(objlen + 1);
+    objtmp = OPENSSL_strndup(value, objlen);
     if (objtmp == NULL)
         return 0;
-    strncpy(objtmp, value, objlen);
-    objtmp[objlen] = 0;
     gen->d.otherName->type_id = OBJ_txt2obj(objtmp, 0);
     OPENSSL_free(objtmp);
     if (!gen->d.otherName->type_id)
@@ -596,12 +566,13 @@ static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
     return 1;
 }
 
-static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
+static int do_dirname(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx)
 {
     int ret = 0;
     STACK_OF(CONF_VALUE) *sk = NULL;
-    X509_NAME *nm = NULL;
-    if (!(nm = X509_NAME_new()))
+    X509_NAME *nm;
+
+    if ((nm = X509_NAME_new()) == NULL)
         goto err;
     sk = X509V3_get_section(ctx, value);
     if (!sk) {
diff --git a/freebsd/crypto/openssl/crypto/x509v3/v3_asid.c b/freebsd/crypto/openssl/crypto/x509v3/v3_asid.c
index 6c2979c0..b7e4e2f7 100644
--- a/freebsd/crypto/openssl/crypto/x509v3/v3_asid.c
+++ b/freebsd/crypto/openssl/crypto/x509v3/v3_asid.c
@@ -1,75 +1,30 @@
 #include <machine/rtems-bsd-user-space.h>
 
 /*
- * Contributed to the OpenSSL Project by the American Registry for
- * Internet Numbers ("ARIN").
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 /*
  * Implementation of RFC 3779 section 3.2.
  */
 
+#include <assert.h>
 #include <stdio.h>
 #include <string.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/conf.h>
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
 #include <openssl/x509v3.h>
 #include <openssl/x509.h>
+#include "internal/x509_int.h"
 #include <openssl/bn.h>
+#include "ext_dat.h"
 
 #ifndef OPENSSL_NO_RFC3779
 
@@ -164,20 +119,20 @@ static int i2r_ASIdentifiers(const X509V3_EXT_METHOD *method,
 }
 
 /*
- * Sort comparision function for a sequence of ASIdOrRange elements.
+ * Sort comparison function for a sequence of ASIdOrRange elements.
  */
 static int ASIdOrRange_cmp(const ASIdOrRange *const *a_,
                            const ASIdOrRange *const *b_)
 {
     const ASIdOrRange *a = *a_, *b = *b_;
 
-    OPENSSL_assert((a->type == ASIdOrRange_id && a->u.id != NULL) ||
-                   (a->type == ASIdOrRange_range && a->u.range != NULL &&
-                    a->u.range->min != NULL && a->u.range->max != NULL));
+    assert((a->type == ASIdOrRange_id && a->u.id != NULL) ||
+           (a->type == ASIdOrRange_range && a->u.range != NULL &&
+            a->u.range->min != NULL && a->u.range->max != NULL));
 
-    OPENSSL_assert((b->type == ASIdOrRange_id && b->u.id != NULL) ||
-                   (b->type == ASIdOrRange_range && b->u.range != NULL &&
-                    b->u.range->min != NULL && b->u.range->max != NULL));
+    assert((b->type == ASIdOrRange_id && b->u.id != NULL) ||
+           (b->type == ASIdOrRange_range && b->u.range != NULL &&
+            b->u.range->min != NULL && b->u.range->max != NULL));
 
     if (a->type == ASIdOrRange_id && b->type == ASIdOrRange_id)
         return ASN1_INTEGER_cmp(a->u.id, b->u.id);
@@ -197,7 +152,7 @@ static int ASIdOrRange_cmp(const ASIdOrRange *const *a_,
 /*
  * Add an inherit element.
  */
-int v3_asid_add_inherit(ASIdentifiers *asid, int which)
+int X509v3_asid_add_inherit(ASIdentifiers *asid, int which)
 {
     ASIdentifierChoice **choice;
     if (asid == NULL)
@@ -215,7 +170,6 @@ int v3_asid_add_inherit(ASIdentifiers *asid, int which)
     if (*choice == NULL) {
         if ((*choice = ASIdentifierChoice_new()) == NULL)
             return 0;
-        OPENSSL_assert((*choice)->u.inherit == NULL);
         if (((*choice)->u.inherit = ASN1_NULL_new()) == NULL)
             return 0;
         (*choice)->type = ASIdentifierChoice_inherit;
@@ -226,8 +180,8 @@ int v3_asid_add_inherit(ASIdentifiers *asid, int which)
 /*
  * Add an ID or range to an ASIdentifierChoice.
  */
-int v3_asid_add_id_or_range(ASIdentifiers *asid,
-                            int which, ASN1_INTEGER *min, ASN1_INTEGER *max)
+int X509v3_asid_add_id_or_range(ASIdentifiers *asid,
+                                int which, ASN1_INTEGER *min, ASN1_INTEGER *max)
 {
     ASIdentifierChoice **choice;
     ASIdOrRange *aor;
@@ -248,7 +202,6 @@ int v3_asid_add_id_or_range(ASIdentifiers *asid,
     if (*choice == NULL) {
         if ((*choice = ASIdentifierChoice_new()) == NULL)
             return 0;
-        OPENSSL_assert((*choice)->u.asIdsOrRanges == NULL);
         (*choice)->u.asIdsOrRanges = sk_ASIdOrRange_new(ASIdOrRange_cmp);
         if ((*choice)->u.asIdsOrRanges == NULL)
             return 0;
@@ -280,20 +233,23 @@ int v3_asid_add_id_or_range(ASIdentifiers *asid,
 /*
  * Extract min and max values from an ASIdOrRange.
  */
-static void extract_min_max(ASIdOrRange *aor,
-                            ASN1_INTEGER **min, ASN1_INTEGER **max)
+static int extract_min_max(ASIdOrRange *aor,
+                           ASN1_INTEGER **min, ASN1_INTEGER **max)
 {
-    OPENSSL_assert(aor != NULL && min != NULL && max != NULL);
+    if (!ossl_assert(aor != NULL))
+        return 0;
     switch (aor->type) {
     case ASIdOrRange_id:
         *min = aor->u.id;
         *max = aor->u.id;
-        return;
+        return 1;
     case ASIdOrRange_range:
         *min = aor->u.range->min;
         *max = aor->u.range->max;
-        return;
+        return 1;
     }
+
+    return 0;
 }
 
 /*
@@ -324,10 +280,12 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
     for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) {
         ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
         ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1);
-        ASN1_INTEGER *a_min, *a_max, *b_min, *b_max;
+        ASN1_INTEGER *a_min = NULL, *a_max = NULL, *b_min = NULL, *b_max =
+            NULL;
 
-        extract_min_max(a, &a_min, &a_max);
-        extract_min_max(b, &b_min, &b_max);
+        if (!extract_min_max(a, &a_min, &a_max)
+                || !extract_min_max(b, &b_min, &b_max))
+            goto done;
 
         /*
          * Punt misordered list, overlapping start, or inverted range.
@@ -365,8 +323,8 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
         ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
         ASN1_INTEGER *a_min, *a_max;
         if (a != NULL && a->type == ASIdOrRange_range) {
-            extract_min_max(a, &a_min, &a_max);
-            if (ASN1_INTEGER_cmp(a_min, a_max) > 0)
+            if (!extract_min_max(a, &a_min, &a_max)
+                    || ASN1_INTEGER_cmp(a_min, a_max) > 0)
                 goto done;
         }
     }
@@ -382,7 +340,7 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
 /*
  * Check whether an ASIdentifier extension is in canonical form.
  */
-int v3_asid_is_canonical(ASIdentifiers *asid)
+int X509v3_asid_is_canonical(ASIdentifiers *asid)
 {
     return (asid == NULL ||
             (ASIdentifierChoice_is_canonical(asid->asnum) &&
@@ -426,15 +384,18 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
     for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) {
         ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
         ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1);
-        ASN1_INTEGER *a_min, *a_max, *b_min, *b_max;
+        ASN1_INTEGER *a_min = NULL, *a_max = NULL, *b_min = NULL, *b_max =
+            NULL;
 
-        extract_min_max(a, &a_min, &a_max);
-        extract_min_max(b, &b_min, &b_max);
+        if (!extract_min_max(a, &a_min, &a_max)
+                || !extract_min_max(b, &b_min, &b_max))
+            goto done;
 
         /*
          * Make sure we're properly sorted (paranoia).
          */
-        OPENSSL_assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0);
+        if (!ossl_assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0))
+            goto done;
 
         /*
          * Punt inverted ranges.
@@ -472,7 +433,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
             ASRange *r;
             switch (a->type) {
             case ASIdOrRange_id:
-                if ((r = OPENSSL_malloc(sizeof(ASRange))) == NULL) {
+                if ((r = OPENSSL_malloc(sizeof(*r))) == NULL) {
                     X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
                               ERR_R_MALLOC_FAILURE);
                     goto done;
@@ -510,13 +471,15 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
         ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
         ASN1_INTEGER *a_min, *a_max;
         if (a != NULL && a->type == ASIdOrRange_range) {
-            extract_min_max(a, &a_min, &a_max);
-            if (ASN1_INTEGER_cmp(a_min, a_max) > 0)
+            if (!extract_min_max(a, &a_min, &a_max)
+                    || ASN1_INTEGER_cmp(a_min, a_max) > 0)
                 goto done;
         }
     }
 
-    OPENSSL_assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */
+    /* Paranoia */
+    if (!ossl_assert(ASIdentifierChoice_is_canonical(choice)))
+        goto done;
 
     ret = 1;
 
@@ -529,7 +492,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
 /*
  * Whack an ASIdentifier extension into canonical form.
  */
-int v3_asid_canonize(ASIdentifiers *asid)
+int X509v3_asid_canonize(ASIdentifiers *asid)
 {
     return (asid == NULL ||
             (ASIdentifierChoice_canonize(asid->asnum) &&
@@ -554,7 +517,7 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method,
 
     for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
         CONF_VALUE *val = sk_CONF_VALUE_value(values, i);
-        int i1, i2, i3, is_range, which;
+        int i1 = 0, i2 = 0, i3 = 0, is_range = 0, which = 0;
 
         /*
          * Figure out whether this is an AS or an RDI.
@@ -573,8 +536,8 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method,
         /*
          * Handle inheritance.
          */
-        if (!strcmp(val->value, "inherit")) {
-            if (v3_asid_add_inherit(asid, which))
+        if (strcmp(val->value, "inherit") == 0) {
+            if (X509v3_asid_add_inherit(asid, which))
                 continue;
             X509V3err(X509V3_F_V2I_ASIDENTIFIERS,
                       X509V3_R_INVALID_INHERITANCE);
@@ -617,7 +580,7 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method,
                 goto err;
             }
         } else {
-            char *s = BUF_strdup(val->value);
+            char *s = OPENSSL_strdup(val->value);
             if (s == NULL) {
                 X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
                 goto err;
@@ -636,7 +599,7 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method,
                 goto err;
             }
         }
-        if (!v3_asid_add_id_or_range(asid, which, min, max)) {
+        if (!X509v3_asid_add_id_or_range(asid, which, min, max)) {
             X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
             goto err;
         }
@@ -646,7 +609,7 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method,
     /*
      * Canonize the result, then we're done.
      */
-    if (!v3_asid_canonize(asid))
+    if (!X509v3_asid_canonize(asid))
         goto err;
     return asid;
 
@@ -677,7 +640,7 @@ const X509V3_EXT_METHOD v3_asid = {
 /*
  * Figure out whether extension uses inheritance.
  */
-int v3_asid_inherits(ASIdentifiers *asid)
+int X509v3_asid_inherits(ASIdentifiers *asid)
 {
     return (asid != NULL &&
             ((asid->asnum != NULL &&
@@ -691,7 +654,7 @@ int v3_asid_inherits(ASIdentifiers *asid)
  */
 static int asid_contains(ASIdOrRanges *parent, ASIdOrRanges *child)
 {
-    ASN1_INTEGER *p_min, *p_max, *c_min, *c_max;
+    ASN1_INTEGER *p_min = NULL, *p_max = NULL, *c_min = NULL, *c_max = NULL;
     int p, c;
 
     if (child == NULL || parent == child)
@@ -701,11 +664,14 @@ static int asid_contains(ASIdOrRanges *parent, ASIdOrRanges *child)
 
     p = 0;
     for (c = 0; c < sk_ASIdOrRange_num(child); c++) {
-        extract_min_max(sk_ASIdOrRange_value(child, c), &c_min, &c_max);
+        if (!extract_min_max(sk_ASIdOrRange_value(child, c), &c_min, &c_max))
+            return 0;
         for (;; p++) {
             if (p >= sk_ASIdOrRange_num(parent))
                 return 0;
-            extract_min_max(sk_ASIdOrRange_value(parent, p), &p_min, &p_max);
+            if (!extract_min_max(sk_ASIdOrRange_value(parent, p), &p_min,
+                                 &p_max))
+                return 0;
             if (ASN1_INTEGER_cmp(p_max, c_max) < 0)
                 continue;
             if (ASN1_INTEGER_cmp(p_min, c_min) > 0)
@@ -718,15 +684,15 @@ static int asid_contains(ASIdOrRanges *parent, ASIdOrRanges *child)
 }
 
 /*
- * Test whether a is a subet of b.
+ * Test whether a is a subset of b.
  */
-int v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b)
+int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b)
 {
     return (a == NULL ||
             a == b ||
             (b != NULL &&
-             !v3_asid_inherits(a) &&
-             !v3_asid_inherits(b) &&
+             !X509v3_asid_inherits(a) &&
+             !X509v3_asid_inherits(b) &&
              asid_contains(b->asnum->u.asIdsOrRanges,
                            a->asnum->u.asIdsOrRanges) &&
              asid_contains(b->rdi->u.asIdsOrRanges,
@@ -736,7 +702,7 @@ int v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b)
 /*
  * Validation error handling via callback.
  */
-# define validation_err(_err_)           \
+#define validation_err(_err_)           \
   do {                                  \
     if (ctx != NULL) {                  \
       ctx->error = _err_;               \
@@ -753,17 +719,22 @@ int v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b)
 /*
  * Core code for RFC 3779 3.3 path validation.
  */
-static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
-                                          STACK_OF(X509) *chain,
-                                          ASIdentifiers *ext)
+static int asid_validate_path_internal(X509_STORE_CTX *ctx,
+                                       STACK_OF(X509) *chain,
+                                       ASIdentifiers *ext)
 {
     ASIdOrRanges *child_as = NULL, *child_rdi = NULL;
     int i, ret = 1, inherit_as = 0, inherit_rdi = 0;
     X509 *x;
 
-    OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0);
-    OPENSSL_assert(ctx != NULL || ext != NULL);
-    OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL);
+    if (!ossl_assert(chain != NULL && sk_X509_num(chain) > 0)
+            || !ossl_assert(ctx != NULL || ext != NULL)
+            || !ossl_assert(ctx == NULL || ctx->verify_cb != NULL)) {
+        if (ctx != NULL)
+            ctx->error = X509_V_ERR_UNSPECIFIED;
+        return 0;
+    }
+
 
     /*
      * Figure out where to start.  If we don't have an extension to
@@ -776,11 +747,10 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
     } else {
         i = 0;
         x = sk_X509_value(chain, i);
-        OPENSSL_assert(x != NULL);
         if ((ext = x->rfc3779_asid) == NULL)
             goto done;
     }
-    if (!v3_asid_is_canonical(ext))
+    if (!X509v3_asid_is_canonical(ext))
         validation_err(X509_V_ERR_INVALID_EXTENSION);
     if (ext->asnum != NULL) {
         switch (ext->asnum->type) {
@@ -809,13 +779,17 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
      */
     for (i++; i < sk_X509_num(chain); i++) {
         x = sk_X509_value(chain, i);
-        OPENSSL_assert(x != NULL);
+        if (!ossl_assert(x != NULL)) {
+            if (ctx != NULL)
+                ctx->error = X509_V_ERR_UNSPECIFIED;
+            return 0;
+        }
         if (x->rfc3779_asid == NULL) {
             if (child_as != NULL || child_rdi != NULL)
                 validation_err(X509_V_ERR_UNNESTED_RESOURCE);
             continue;
         }
-        if (!v3_asid_is_canonical(x->rfc3779_asid))
+        if (!X509v3_asid_is_canonical(x->rfc3779_asid))
             validation_err(X509_V_ERR_INVALID_EXTENSION);
         if (x->rfc3779_asid->asnum == NULL && child_as != NULL) {
             validation_err(X509_V_ERR_UNNESTED_RESOURCE);
@@ -855,7 +829,11 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
     /*
      * Trust anchor can't inherit.
      */
-    OPENSSL_assert(x != NULL);
+    if (!ossl_assert(x != NULL)) {
+        if (ctx != NULL)
+            ctx->error = X509_V_ERR_UNSPECIFIED;
+        return 0;
+    }
     if (x->rfc3779_asid != NULL) {
         if (x->rfc3779_asid->asnum != NULL &&
             x->rfc3779_asid->asnum->type == ASIdentifierChoice_inherit)
@@ -869,30 +847,36 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
     return ret;
 }
 
-# undef validation_err
+#undef validation_err
 
 /*
  * RFC 3779 3.3 path validation -- called from X509_verify_cert().
  */
-int v3_asid_validate_path(X509_STORE_CTX *ctx)
+int X509v3_asid_validate_path(X509_STORE_CTX *ctx)
 {
-    return v3_asid_validate_path_internal(ctx, ctx->chain, NULL);
+    if (ctx->chain == NULL
+            || sk_X509_num(ctx->chain) == 0
+            || ctx->verify_cb == NULL) {
+        ctx->error = X509_V_ERR_UNSPECIFIED;
+        return 0;
+    }
+    return asid_validate_path_internal(ctx, ctx->chain, NULL);
 }
 
 /*
  * RFC 3779 3.3 path validation of an extension.
  * Test whether chain covers extension.
  */
-int v3_asid_validate_resource_set(STACK_OF(X509) *chain,
-                                  ASIdentifiers *ext, int allow_inheritance)
+int X509v3_asid_validate_resource_set(STACK_OF(X509) *chain,
+                                      ASIdentifiers *ext, int allow_inheritance)
 {
     if (ext == NULL)
         return 1;
     if (chain == NULL || sk_X509_num(chain) == 0)
         return 0;
-    if (!allow_inheritance && v3_asid_inherits(ext))
+    if (!allow_inheritance && X509v3_asid_inherits(ext))
         return 0;
-    return v3_asid_validate_path_internal(NULL, chain, ext);
+    return asid_validate_path_internal(NULL, chain, ext);
 }
 
 #endif                          /* OPENSSL_NO_RFC3779 */
diff --git a/freebsd/crypto/openssl/crypto/x509v3/v3_bcons.c b/freebsd/crypto/openssl/crypto/x509v3/v3_bcons.c
index 0440fa2d..34bd554f 100644
--- a/freebsd/crypto/openssl/crypto/x509v3/v3_bcons.c
+++ b/freebsd/crypto/openssl/crypto/x509v3/v3_bcons.c
@@ -1,70 +1,21 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* v3_bcons.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
+#include "ext_dat.h"
 
 static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
                                                    BASIC_CONSTRAINTS *bcons,
@@ -109,16 +60,17 @@ static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
     BASIC_CONSTRAINTS *bcons = NULL;
     CONF_VALUE *val;
     int i;
-    if (!(bcons = BASIC_CONSTRAINTS_new())) {
+
+    if ((bcons = BASIC_CONSTRAINTS_new()) == NULL) {
         X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
     for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
         val = sk_CONF_VALUE_value(values, i);
-        if (!strcmp(val->name, "CA")) {
+        if (strcmp(val->name, "CA") == 0) {
             if (!X509V3_get_value_bool(val, &bcons->ca))
                 goto err;
-        } else if (!strcmp(val->name, "pathlen")) {
+        } else if (strcmp(val->name, "pathlen") == 0) {
             if (!X509V3_get_value_int(val, &bcons->pathlen))
                 goto err;
         } else {
diff --git a/freebsd/crypto/openssl/crypto/x509v3/v3_bitst.c b/freebsd/crypto/openssl/crypto/x509v3/v3_bitst.c
index 94e57039..5c090cc1 100644
--- a/freebsd/crypto/openssl/crypto/x509v3/v3_bitst.c
+++ b/freebsd/crypto/openssl/crypto/x509v3/v3_bitst.c
@@ -1,68 +1,19 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* v3_bitst.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
+#include "ext_dat.h"
 
 static BIT_STRING_BITNAME ns_cert_type_table[] = {
     {0, "SSL Client", "client"},
@@ -114,19 +65,19 @@ ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
     ASN1_BIT_STRING *bs;
     int i;
     BIT_STRING_BITNAME *bnam;
-    if (!(bs = M_ASN1_BIT_STRING_new())) {
+    if ((bs = ASN1_BIT_STRING_new()) == NULL) {
         X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
     for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
         val = sk_CONF_VALUE_value(nval, i);
         for (bnam = method->usr_data; bnam->lname; bnam++) {
-            if (!strcmp(bnam->sname, val->name) ||
-                !strcmp(bnam->lname, val->name)) {
+            if (strcmp(bnam->sname, val->name) == 0
+                || strcmp(bnam->lname, val->name) == 0) {
                 if (!ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1)) {
                     X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,
                               ERR_R_MALLOC_FAILURE);
-                    M_ASN1_BIT_STRING_free(bs);
+                    ASN1_BIT_STRING_free(bs);
                     return NULL;
                 }
                 break;
@@ -136,7 +87,7 @@ ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
             X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,
                       X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT);
             X509V3_conf_err(val);
-            M_ASN1_BIT_STRING_free(bs);
+            ASN1_BIT_STRING_free(bs);
             return NULL;
         }
     }
diff --git a/freebsd/crypto/openssl/crypto/x509v3/v3_conf.c b/freebsd/crypto/openssl/crypto/x509v3/v3_conf.c
index 2b157af6..48b46331 100644
--- a/freebsd/crypto/openssl/crypto/x509v3/v3_conf.c
+++ b/freebsd/crypto/openssl/crypto/x509v3/v3_conf.c
@@ -1,90 +1,42 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* v3_conf.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999-2018 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
+
 /* extension creation utilities */
 
 #include <stdio.h>
-#include <ctype.h>
-#include "cryptlib.h"
+#include "internal/ctype.h"
+#include "internal/cryptlib.h"
 #include <openssl/conf.h>
 #include <openssl/x509.h>
+#include "internal/x509_int.h"
 #include <openssl/x509v3.h>
 
-static int v3_check_critical(char **value);
-static int v3_check_generic(char **value);
+static int v3_check_critical(const char **value);
+static int v3_check_generic(const char **value);
 static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
-                                    int crit, char *value);
-static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
+                                    int crit, const char *value);
+static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value,
                                             int crit, int type,
                                             X509V3_CTX *ctx);
-static char *conf_lhash_get_string(void *db, char *section, char *value);
-static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section);
+static char *conf_lhash_get_string(void *db, const char *section, const char *value);
+static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, const char *section);
 static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method,
                                   int ext_nid, int crit, void *ext_struc);
-static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx,
+static unsigned char *generic_asn1(const char *value, X509V3_CTX *ctx,
                                    long *ext_len);
 /* CONF *conf:  Config file    */
 /* char *name:  Name    */
 /* char *value:  Value    */
-X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name,
-                                 char *value)
+X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name,
+                                 const char *value)
 {
     int crit;
     int ext_type;
@@ -103,7 +55,7 @@ X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name,
 /* CONF *conf:  Config file    */
 /* char *value:  Value    */
 X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
-                                     char *value)
+                                     const char *value)
 {
     int crit;
     int ext_type;
@@ -117,17 +69,18 @@ X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
 /* CONF *conf:  Config file    */
 /* char *value:  Value    */
 static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
-                                    int crit, char *value)
+                                    int crit, const char *value)
 {
     const X509V3_EXT_METHOD *method;
     X509_EXTENSION *ext;
     STACK_OF(CONF_VALUE) *nval;
     void *ext_struc;
+
     if (ext_nid == NID_undef) {
         X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_UNKNOWN_EXTENSION_NAME);
         return NULL;
     }
-    if (!(method = X509V3_EXT_get_nid(ext_nid))) {
+    if ((method = X509V3_EXT_get_nid(ext_nid)) == NULL) {
         X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_UNKNOWN_EXTENSION);
         return NULL;
     }
@@ -143,7 +96,7 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
             ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=",
                                value);
             if (*value != '@')
-                sk_CONF_VALUE_free(nval);
+                sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
             return NULL;
         }
         ext_struc = method->v2i(method, ctx, nval);
@@ -152,14 +105,14 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
         if (!ext_struc)
             return NULL;
     } else if (method->s2i) {
-        if (!(ext_struc = method->s2i(method, ctx, value)))
+        if ((ext_struc = method->s2i(method, ctx, value)) == NULL)
             return NULL;
     } else if (method->r2i) {
         if (!ctx->db || !ctx->db_meth) {
             X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_NO_CONFIG_DATABASE);
             return NULL;
         }
-        if (!(ext_struc = method->r2i(method, ctx, value)))
+        if ((ext_struc = method->r2i(method, ctx, value)) == NULL)
             return NULL;
     } else {
         X509V3err(X509V3_F_DO_EXT_NCONF,
@@ -180,9 +133,9 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
 static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method,
                                   int ext_nid, int crit, void *ext_struc)
 {
-    unsigned char *ext_der;
+    unsigned char *ext_der = NULL;
     int ext_len;
-    ASN1_OCTET_STRING *ext_oct;
+    ASN1_OCTET_STRING *ext_oct = NULL;
     X509_EXTENSION *ext;
     /* Convert internal representation to DER */
     if (method->it) {
@@ -193,26 +146,30 @@ static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method,
             goto merr;
     } else {
         unsigned char *p;
+
         ext_len = method->i2d(ext_struc, NULL);
-        if (!(ext_der = OPENSSL_malloc(ext_len)))
+        if ((ext_der = OPENSSL_malloc(ext_len)) == NULL)
             goto merr;
         p = ext_der;
         method->i2d(ext_struc, &p);
     }
-    if (!(ext_oct = M_ASN1_OCTET_STRING_new()))
+    if ((ext_oct = ASN1_OCTET_STRING_new()) == NULL)
         goto merr;
     ext_oct->data = ext_der;
+    ext_der = NULL;
     ext_oct->length = ext_len;
 
     ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct);
     if (!ext)
         goto merr;
-    M_ASN1_OCTET_STRING_free(ext_oct);
+    ASN1_OCTET_STRING_free(ext_oct);
 
     return ext;
 
  merr:
     X509V3err(X509V3_F_DO_EXT_I2D, ERR_R_MALLOC_FAILURE);
+    OPENSSL_free(ext_der);
+    ASN1_OCTET_STRING_free(ext_oct);
     return NULL;
 
 }
@@ -222,7 +179,8 @@ static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method,
 X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
 {
     const X509V3_EXT_METHOD *method;
-    if (!(method = X509V3_EXT_get_nid(ext_nid))) {
+
+    if ((method = X509V3_EXT_get_nid(ext_nid)) == NULL) {
         X509V3err(X509V3_F_X509V3_EXT_I2D, X509V3_R_UNKNOWN_EXTENSION);
         return NULL;
     }
@@ -230,49 +188,50 @@ X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
 }
 
 /* Check the extension string for critical flag */
-static int v3_check_critical(char **value)
+static int v3_check_critical(const char **value)
 {
-    char *p = *value;
+    const char *p = *value;
     if ((strlen(p) < 9) || strncmp(p, "critical,", 9))
         return 0;
     p += 9;
-    while (isspace((unsigned char)*p))
+    while (ossl_isspace(*p))
         p++;
     *value = p;
     return 1;
 }
 
 /* Check extension string for generic extension and return the type */
-static int v3_check_generic(char **value)
+static int v3_check_generic(const char **value)
 {
     int gen_type = 0;
-    char *p = *value;
-    if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4)) {
+    const char *p = *value;
+    if ((strlen(p) >= 4) && strncmp(p, "DER:", 4) == 0) {
         p += 4;
         gen_type = 1;
-    } else if ((strlen(p) >= 5) && !strncmp(p, "ASN1:", 5)) {
+    } else if ((strlen(p) >= 5) && strncmp(p, "ASN1:", 5) == 0) {
         p += 5;
         gen_type = 2;
     } else
         return 0;
 
-    while (isspace((unsigned char)*p))
+    while (ossl_isspace(*p))
         p++;
     *value = p;
     return gen_type;
 }
 
 /* Create a generic extension: for now just handle DER type */
-static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
+static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value,
                                             int crit, int gen_type,
                                             X509V3_CTX *ctx)
 {
     unsigned char *ext_der = NULL;
-    long ext_len;
+    long ext_len = 0;
     ASN1_OBJECT *obj = NULL;
     ASN1_OCTET_STRING *oct = NULL;
     X509_EXTENSION *extension = NULL;
-    if (!(obj = OBJ_txt2obj(ext, 0))) {
+
+    if ((obj = OBJ_txt2obj(ext, 0)) == NULL) {
         X509V3err(X509V3_F_V3_GENERIC_EXTENSION,
                   X509V3_R_EXTENSION_NAME_ERROR);
         ERR_add_error_data(2, "name=", ext);
@@ -280,7 +239,7 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
     }
 
     if (gen_type == 1)
-        ext_der = string_to_hex(value, &ext_len);
+        ext_der = OPENSSL_hexstr2buf(value, &ext_len);
     else if (gen_type == 2)
         ext_der = generic_asn1(value, ctx, &ext_len);
 
@@ -291,7 +250,7 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
         goto err;
     }
 
-    if (!(oct = M_ASN1_OCTET_STRING_new())) {
+    if ((oct = ASN1_OCTET_STRING_new()) == NULL) {
         X509V3err(X509V3_F_V3_GENERIC_EXTENSION, ERR_R_MALLOC_FAILURE);
         goto err;
     }
@@ -304,14 +263,13 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
 
  err:
     ASN1_OBJECT_free(obj);
-    M_ASN1_OCTET_STRING_free(oct);
-    if (ext_der)
-        OPENSSL_free(ext_der);
+    ASN1_OCTET_STRING_free(oct);
+    OPENSSL_free(ext_der);
     return extension;
 
 }
 
-static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx,
+static unsigned char *generic_asn1(const char *value, X509V3_CTX *ctx,
                                    long *ext_len)
 {
     ASN1_TYPE *typ;
@@ -324,24 +282,39 @@ static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx,
     return ext_der;
 }
 
+static void delete_ext(STACK_OF(X509_EXTENSION) *sk, X509_EXTENSION *dext)
+{
+    int idx;
+    ASN1_OBJECT *obj;
+    obj = X509_EXTENSION_get_object(dext);
+    while ((idx = X509v3_get_ext_by_OBJ(sk, obj, -1)) >= 0) {
+        X509_EXTENSION *tmpext = X509v3_get_ext(sk, idx);
+        X509v3_delete_ext(sk, idx);
+        X509_EXTENSION_free(tmpext);
+    }
+}
+
 /*
  * This is the main function: add a bunch of extensions based on a config
  * file section to an extension STACK.
  */
 
-int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,
+int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section,
                             STACK_OF(X509_EXTENSION) **sk)
 {
     X509_EXTENSION *ext;
     STACK_OF(CONF_VALUE) *nval;
     CONF_VALUE *val;
     int i;
-    if (!(nval = NCONF_get_section(conf, section)))
+
+    if ((nval = NCONF_get_section(conf, section)) == NULL)
         return 0;
     for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
         val = sk_CONF_VALUE_value(nval, i);
-        if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value)))
+        if ((ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value)) == NULL)
             return 0;
+        if (ctx->flags == X509V3_CTX_REPLACE)
+            delete_ext(*sk, ext);
         if (sk != NULL) {
             if (X509v3_add_ext(sk, ext, -1) == NULL) {
                 X509_EXTENSION_free(ext);
@@ -357,29 +330,29 @@ int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,
  * Convenience functions to add extensions to a certificate, CRL and request
  */
 
-int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
+int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
                          X509 *cert)
 {
     STACK_OF(X509_EXTENSION) **sk = NULL;
     if (cert)
-        sk = &cert->cert_info->extensions;
+        sk = &cert->cert_info.extensions;
     return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
 }
 
 /* Same as above but for a CRL */
 
-int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
+int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
                              X509_CRL *crl)
 {
     STACK_OF(X509_EXTENSION) **sk = NULL;
     if (crl)
-        sk = &crl->crl->extensions;
+        sk = &crl->crl.extensions;
     return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
 }
 
 /* Add extensions to certificate request */
 
-int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
+int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
                              X509_REQ *req)
 {
     STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL;
@@ -396,7 +369,7 @@ int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
 
 /* Config database functions */
 
-char *X509V3_get_string(X509V3_CTX *ctx, char *name, char *section)
+char *X509V3_get_string(X509V3_CTX *ctx, const char *name, const char *section)
 {
     if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) {
         X509V3err(X509V3_F_X509V3_GET_STRING, X509V3_R_OPERATION_NOT_DEFINED);
@@ -407,7 +380,7 @@ char *X509V3_get_string(X509V3_CTX *ctx, char *name, char *section)
     return NULL;
 }
 
-STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, char *section)
+STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section)
 {
     if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) {
         X509V3err(X509V3_F_X509V3_GET_SECTION,
@@ -435,12 +408,12 @@ void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section)
         ctx->db_meth->free_section(ctx->db, section);
 }
 
-static char *nconf_get_string(void *db, char *section, char *value)
+static char *nconf_get_string(void *db, const char *section, const char *value)
 {
     return NCONF_get_string(db, section, value);
 }
 
-static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section)
+static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, const char *section)
 {
     return NCONF_get_section(db, section);
 }
@@ -471,7 +444,7 @@ void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,
 /* Old conf compatibility functions */
 
 X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-                                char *name, char *value)
+                                const char *name, const char *value)
 {
     CONF ctmp;
     CONF_set_nconf(&ctmp, conf);
@@ -481,19 +454,19 @@ X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
 /* LHASH *conf:  Config file    */
 /* char *value:  Value    */
 X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf,
-                                    X509V3_CTX *ctx, int ext_nid, char *value)
+                                    X509V3_CTX *ctx, int ext_nid, const char *value)
 {
     CONF ctmp;
     CONF_set_nconf(&ctmp, conf);
     return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value);
 }
 
-static char *conf_lhash_get_string(void *db, char *section, char *value)
+static char *conf_lhash_get_string(void *db, const char *section, const char *value)
 {
     return CONF_get_string(db, section, value);
 }
 
-static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section)
+static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, const char *section)
 {
     return CONF_get_section(db, section);
 }
@@ -512,7 +485,7 @@ void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash)
 }
 
 int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-                        char *section, X509 *cert)
+                        const char *section, X509 *cert)
 {
     CONF ctmp;
     CONF_set_nconf(&ctmp, conf);
@@ -522,7 +495,7 @@ int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
 /* Same as above but for a CRL */
 
 int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-                            char *section, X509_CRL *crl)
+                            const char *section, X509_CRL *crl)
 {
     CONF ctmp;
     CONF_set_nconf(&ctmp, conf);
@@ -532,7 +505,7 @@ int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
 /* Add extensions to certificate request */
 
 int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-                            char *section, X509_REQ *req)
+                            const char *section, X509_REQ *req)
 {
     CONF ctmp;
     CONF_set_nconf(&ctmp, conf);
diff --git a/freebsd/crypto/openssl/crypto/x509v3/v3_cpols.c b/freebsd/crypto/openssl/crypto/x509v3/v3_cpols.c
index 62a65747..0cbe266c 100644
--- a/freebsd/crypto/openssl/crypto/x509v3/v3_cpols.c
+++ b/freebsd/crypto/openssl/crypto/x509v3/v3_cpols.c
@@ -1,79 +1,30 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* v3_cpols.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/conf.h>
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
 #include <openssl/x509v3.h>
 
 #include "pcy_int.h"
+#include "ext_dat.h"
 
 /* Certificate policies extension support: this one is a bit complex... */
 
 static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol,
                        BIO *out, int indent);
 static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
-                                         X509V3_CTX *ctx, char *value);
+                                         X509V3_CTX *ctx, const char *value);
 static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals,
                              int indent);
 static void print_notice(BIO *out, USERNOTICE *notice, int indent);
@@ -82,6 +33,8 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx,
 static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
                                       STACK_OF(CONF_VALUE) *unot, int ia5org);
 static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos);
+static int displaytext_str2tag(const char *tagstr, unsigned int *tag_len);
+static int displaytext_get_tag_len(const char *tagstr);
 
 const X509V3_EXT_METHOD v3_cpols = {
     NID_certificate_policies, 0, ASN1_ITEM_ref(CERTIFICATEPOLICIES),
@@ -135,28 +88,32 @@ ASN1_SEQUENCE(NOTICEREF) = {
 IMPLEMENT_ASN1_FUNCTIONS(NOTICEREF)
 
 static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
-                                         X509V3_CTX *ctx, char *value)
+                                         X509V3_CTX *ctx, const char *value)
 {
-    STACK_OF(POLICYINFO) *pols = NULL;
+    STACK_OF(POLICYINFO) *pols;
     char *pstr;
     POLICYINFO *pol;
     ASN1_OBJECT *pobj;
-    STACK_OF(CONF_VALUE) *vals;
+    STACK_OF(CONF_VALUE) *vals = X509V3_parse_list(value);
     CONF_VALUE *cnf;
+    const int num = sk_CONF_VALUE_num(vals);
     int i, ia5org;
-    pols = sk_POLICYINFO_new_null();
-    if (pols == NULL) {
-        X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
-        return NULL;
-    }
-    vals = X509V3_parse_list(value);
+
     if (vals == NULL) {
         X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_X509V3_LIB);
+        return NULL;
+    }
+
+    pols = sk_POLICYINFO_new_reserve(NULL, num);
+    if (pols == NULL) {
+        X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
         goto err;
     }
+
     ia5org = 0;
-    for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
+    for (i = 0; i < num; i++) {
         cnf = sk_CONF_VALUE_value(vals, i);
+
         if (cnf->value || !cnf->name) {
             X509V3err(X509V3_F_R2I_CERTPOL,
                       X509V3_R_INVALID_POLICY_IDENTIFIER);
@@ -164,7 +121,7 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
             goto err;
         }
         pstr = cnf->name;
-        if (!strcmp(pstr, "ia5org")) {
+        if (strcmp(pstr, "ia5org") == 0) {
             ia5org = 1;
             continue;
         } else if (*pstr == '@') {
@@ -178,10 +135,10 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
             }
             pol = policy_section(ctx, polsect, ia5org);
             X509V3_section_free(ctx, polsect);
-            if (!pol)
+            if (pol == NULL)
                 goto err;
         } else {
-            if (!(pobj = OBJ_txt2obj(cnf->name, 0))) {
+            if ((pobj = OBJ_txt2obj(cnf->name, 0)) == NULL) {
                 X509V3err(X509V3_F_R2I_CERTPOL,
                           X509V3_R_INVALID_OBJECT_IDENTIFIER);
                 X509V3_conf_err(cnf);
@@ -189,6 +146,7 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
             }
             pol = POLICYINFO_new();
             if (pol == NULL) {
+                ASN1_OBJECT_free(pobj);
                 X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
                 goto err;
             }
@@ -215,13 +173,14 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx,
     CONF_VALUE *cnf;
     POLICYINFO *pol;
     POLICYQUALINFO *qual;
-    if (!(pol = POLICYINFO_new()))
+
+    if ((pol = POLICYINFO_new()) == NULL)
         goto merr;
     for (i = 0; i < sk_CONF_VALUE_num(polstrs); i++) {
         cnf = sk_CONF_VALUE_value(polstrs, i);
-        if (!strcmp(cnf->name, "policyIdentifier")) {
+        if (strcmp(cnf->name, "policyIdentifier") == 0) {
             ASN1_OBJECT *pobj;
-            if (!(pobj = OBJ_txt2obj(cnf->value, 0))) {
+            if ((pobj = OBJ_txt2obj(cnf->value, 0)) == NULL) {
                 X509V3err(X509V3_F_POLICY_SECTION,
                           X509V3_R_INVALID_OBJECT_IDENTIFIER);
                 X509V3_conf_err(cnf);
@@ -230,17 +189,17 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx,
             pol->policyid = pobj;
 
         } else if (!name_cmp(cnf->name, "CPS")) {
-            if (!pol->qualifiers)
+            if (pol->qualifiers == NULL)
                 pol->qualifiers = sk_POLICYQUALINFO_new_null();
-            if (!(qual = POLICYQUALINFO_new()))
+            if ((qual = POLICYQUALINFO_new()) == NULL)
                 goto merr;
             if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
                 goto merr;
-            if (!(qual->pqualid = OBJ_nid2obj(NID_id_qt_cps))) {
+            if ((qual->pqualid = OBJ_nid2obj(NID_id_qt_cps)) == NULL) {
                 X509V3err(X509V3_F_POLICY_SECTION, ERR_R_INTERNAL_ERROR);
                 goto err;
             }
-            if (!(qual->d.cpsuri = M_ASN1_IA5STRING_new()))
+            if ((qual->d.cpsuri = ASN1_IA5STRING_new()) == NULL)
                 goto merr;
             if (!ASN1_STRING_set(qual->d.cpsuri, cnf->value,
                                  strlen(cnf->value)))
@@ -288,37 +247,76 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx,
  err:
     POLICYINFO_free(pol);
     return NULL;
+}
+
+static int displaytext_get_tag_len(const char *tagstr)
+{
+    char *colon = strchr(tagstr, ':');
 
+    return (colon == NULL) ? -1 : colon - tagstr;
+}
+
+static int displaytext_str2tag(const char *tagstr, unsigned int *tag_len)
+{
+    int len;
+
+    *tag_len = 0;
+    len = displaytext_get_tag_len(tagstr);
+
+    if (len == -1)
+        return V_ASN1_VISIBLESTRING;
+    *tag_len = len;
+    if (len == sizeof("UTF8") - 1 && strncmp(tagstr, "UTF8", len) == 0)
+        return V_ASN1_UTF8STRING;
+    if (len == sizeof("UTF8String") - 1 && strncmp(tagstr, "UTF8String", len) == 0)
+        return V_ASN1_UTF8STRING;
+    if (len == sizeof("BMP") - 1 && strncmp(tagstr, "BMP", len) == 0)
+        return V_ASN1_BMPSTRING;
+    if (len == sizeof("BMPSTRING") - 1 && strncmp(tagstr, "BMPSTRING", len) == 0)
+        return V_ASN1_BMPSTRING;
+    if (len == sizeof("VISIBLE") - 1 && strncmp(tagstr, "VISIBLE", len) == 0)
+        return V_ASN1_VISIBLESTRING;
+    if (len == sizeof("VISIBLESTRING") - 1 && strncmp(tagstr, "VISIBLESTRING", len) == 0)
+        return V_ASN1_VISIBLESTRING;
+    *tag_len = 0;
+    return V_ASN1_VISIBLESTRING;
 }
 
 static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
                                       STACK_OF(CONF_VALUE) *unot, int ia5org)
 {
-    int i, ret;
+    int i, ret, len, tag;
+    unsigned int tag_len;
     CONF_VALUE *cnf;
     USERNOTICE *not;
     POLICYQUALINFO *qual;
-    if (!(qual = POLICYQUALINFO_new()))
+    char *value = NULL;
+
+    if ((qual = POLICYQUALINFO_new()) == NULL)
         goto merr;
-    if (!(qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice))) {
+    if ((qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice)) == NULL) {
         X509V3err(X509V3_F_NOTICE_SECTION, ERR_R_INTERNAL_ERROR);
         goto err;
     }
-    if (!(not = USERNOTICE_new()))
+    if ((not = USERNOTICE_new()) == NULL)
         goto merr;
     qual->d.usernotice = not;
     for (i = 0; i < sk_CONF_VALUE_num(unot); i++) {
         cnf = sk_CONF_VALUE_value(unot, i);
-        if (!strcmp(cnf->name, "explicitText")) {
-            if (!(not->exptext = M_ASN1_VISIBLESTRING_new()))
+        value = cnf->value;
+        if (strcmp(cnf->name, "explicitText") == 0) {
+            tag = displaytext_str2tag(value, &tag_len);
+            if ((not->exptext = ASN1_STRING_type_new(tag)) == NULL)
                 goto merr;
-            if (!ASN1_STRING_set(not->exptext, cnf->value,
-                                 strlen(cnf->value)))
+            if (tag_len != 0)
+                value += tag_len + 1;
+            len = strlen(value);
+            if (!ASN1_STRING_set(not->exptext, value, len))
                 goto merr;
-        } else if (!strcmp(cnf->name, "organization")) {
+        } else if (strcmp(cnf->name, "organization") == 0) {
             NOTICEREF *nref;
             if (!not->noticeref) {
-                if (!(nref = NOTICEREF_new()))
+                if ((nref = NOTICEREF_new()) == NULL)
                     goto merr;
                 not->noticeref = nref;
             } else
@@ -330,11 +328,11 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
             if (!ASN1_STRING_set(nref->organization, cnf->value,
                                  strlen(cnf->value)))
                 goto merr;
-        } else if (!strcmp(cnf->name, "noticeNumbers")) {
+        } else if (strcmp(cnf->name, "noticeNumbers") == 0) {
             NOTICEREF *nref;
             STACK_OF(CONF_VALUE) *nos;
             if (!not->noticeref) {
-                if (!(nref = NOTICEREF_new()))
+                if ((nref = NOTICEREF_new()) == NULL)
                     goto merr;
                 not->noticeref = nref;
             } else
@@ -343,6 +341,7 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
             if (!nos || !sk_CONF_VALUE_num(nos)) {
                 X509V3err(X509V3_F_NOTICE_SECTION, X509V3_R_INVALID_NUMBERS);
                 X509V3_conf_err(cnf);
+                sk_CONF_VALUE_pop_free(nos, X509V3_conf_free);
                 goto err;
             }
             ret = nref_nos(nref->noticenos, nos);
@@ -382,7 +381,7 @@ static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos)
 
     for (i = 0; i < sk_CONF_VALUE_num(nos); i++) {
         cnf = sk_CONF_VALUE_value(nos, i);
-        if (!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) {
+        if ((aint = s2i_ASN1_INTEGER(NULL, cnf->name)) == NULL) {
             X509V3err(X509V3_F_NREF_NOS, X509V3_R_INVALID_NUMBER);
             goto err;
         }
@@ -492,8 +491,3 @@ void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent)
     else
         BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, "");
 }
-
-
-IMPLEMENT_STACK_OF(X509_POLICY_NODE)
-
-IMPLEMENT_STACK_OF(X509_POLICY_DATA)
diff --git a/freebsd/crypto/openssl/crypto/x509v3/v3_crld.c b/freebsd/crypto/openssl/crypto/x509v3/v3_crld.c
index 15f22c0e..0c67628c 100644
--- a/freebsd/crypto/openssl/crypto/x509v3/v3_crld.c
+++ b/freebsd/crypto/openssl/crypto/x509v3/v3_crld.c
@@ -1,71 +1,24 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* v3_crld.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/conf.h>
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
 #include <openssl/x509v3.h>
 
+#include "internal/x509_int.h"
+#include "ext_dat.h"
+
 static void *v2i_crld(const X509V3_EXT_METHOD *method,
                       X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
 static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,
@@ -117,16 +70,17 @@ static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx,
 {
     STACK_OF(GENERAL_NAME) *fnm = NULL;
     STACK_OF(X509_NAME_ENTRY) *rnm = NULL;
-    if (!strncmp(cnf->name, "fullname", 9)) {
+
+    if (strncmp(cnf->name, "fullname", 9) == 0) {
         fnm = gnames_from_sectname(ctx, cnf->value);
         if (!fnm)
             goto err;
-    } else if (!strcmp(cnf->name, "relativename")) {
+    } else if (strcmp(cnf->name, "relativename") == 0) {
         int ret;
         STACK_OF(CONF_VALUE) *dnsect;
         X509_NAME *nm;
         nm = X509_NAME_new();
-        if (!nm)
+        if (nm == NULL)
             return -1;
         dnsect = X509V3_get_section(ctx, cnf->value);
         if (!dnsect) {
@@ -160,7 +114,7 @@ static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx,
     }
 
     *pdp = DIST_POINT_NAME_new();
-    if (!*pdp)
+    if (*pdp == NULL)
         goto err;
     if (fnm) {
         (*pdp)->type = 0;
@@ -173,10 +127,8 @@ static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx,
     return 1;
 
  err:
-    if (fnm)
-        sk_GENERAL_NAME_pop_free(fnm, GENERAL_NAME_free);
-    if (rnm)
-        sk_X509_NAME_ENTRY_pop_free(rnm, X509_NAME_ENTRY_free);
+    sk_GENERAL_NAME_pop_free(fnm, GENERAL_NAME_free);
+    sk_X509_NAME_ENTRY_pop_free(rnm, X509_NAME_ENTRY_free);
     return -1;
 }
 
@@ -200,19 +152,19 @@ static int set_reasons(ASN1_BIT_STRING **preas, char *value)
     const char *bnam;
     int i, ret = 0;
     rsk = X509V3_parse_list(value);
-    if (!rsk)
-        return 0;
-    if (*preas)
+    if (rsk == NULL)
         return 0;
+    if (*preas != NULL)
+        goto err;
     for (i = 0; i < sk_CONF_VALUE_num(rsk); i++) {
         bnam = sk_CONF_VALUE_value(rsk, i)->name;
-        if (!*preas) {
+        if (*preas == NULL) {
             *preas = ASN1_BIT_STRING_new();
-            if (!*preas)
+            if (*preas == NULL)
                 goto err;
         }
         for (pbn = reason_flags; pbn->lname; pbn++) {
-            if (!strcmp(pbn->sname, bnam)) {
+            if (strcmp(pbn->sname, bnam) == 0) {
                 if (!ASN1_BIT_STRING_set_bit(*preas, pbn->bitnum, 1))
                     goto err;
                 break;
@@ -255,9 +207,9 @@ static DIST_POINT *crldp_from_section(X509V3_CTX *ctx,
 {
     int i;
     CONF_VALUE *cnf;
-    DIST_POINT *point = NULL;
-    point = DIST_POINT_new();
-    if (!point)
+    DIST_POINT *point = DIST_POINT_new();
+
+    if (point == NULL)
         goto err;
     for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
         int ret;
@@ -267,10 +219,10 @@ static DIST_POINT *crldp_from_section(X509V3_CTX *ctx,
             continue;
         if (ret < 0)
             goto err;
-        if (!strcmp(cnf->name, "reasons")) {
+        if (strcmp(cnf->name, "reasons") == 0) {
             if (!set_reasons(&point->reasons, cnf->value))
                 goto err;
-        } else if (!strcmp(cnf->name, "CRLissuer")) {
+        } else if (strcmp(cnf->name, "CRLissuer") == 0) {
             point->CRLissuer = gnames_from_sectname(ctx, cnf->value);
             if (!point->CRLissuer)
                 goto err;
@@ -280,23 +232,26 @@ static DIST_POINT *crldp_from_section(X509V3_CTX *ctx,
     return point;
 
  err:
-    if (point)
-        DIST_POINT_free(point);
+    DIST_POINT_free(point);
     return NULL;
 }
 
 static void *v2i_crld(const X509V3_EXT_METHOD *method,
                       X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
 {
-    STACK_OF(DIST_POINT) *crld = NULL;
+    STACK_OF(DIST_POINT) *crld;
     GENERAL_NAMES *gens = NULL;
     GENERAL_NAME *gen = NULL;
     CONF_VALUE *cnf;
+    const int num = sk_CONF_VALUE_num(nval);
     int i;
-    if (!(crld = sk_DIST_POINT_new_null()))
+
+    crld = sk_DIST_POINT_new_reserve(NULL, num);
+    if (crld == NULL)
         goto merr;
-    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+    for (i = 0; i < num; i++) {
         DIST_POINT *point;
+
         cnf = sk_CONF_VALUE_value(nval, i);
         if (!cnf->value) {
             STACK_OF(CONF_VALUE) *dpsect;
@@ -307,25 +262,19 @@ static void *v2i_crld(const X509V3_EXT_METHOD *method,
             X509V3_section_free(ctx, dpsect);
             if (!point)
                 goto err;
-            if (!sk_DIST_POINT_push(crld, point)) {
-                DIST_POINT_free(point);
-                goto merr;
-            }
+            sk_DIST_POINT_push(crld, point); /* no failure as it was reserved */
         } else {
-            if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
+            if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL)
                 goto err;
-            if (!(gens = GENERAL_NAMES_new()))
+            if ((gens = GENERAL_NAMES_new()) == NULL)
                 goto merr;
             if (!sk_GENERAL_NAME_push(gens, gen))
                 goto merr;
             gen = NULL;
-            if (!(point = DIST_POINT_new()))
+            if ((point = DIST_POINT_new()) == NULL)
                 goto merr;
-            if (!sk_DIST_POINT_push(crld, point)) {
-                DIST_POINT_free(point);
-                goto merr;
-            }
-            if (!(point->distpoint = DIST_POINT_NAME_new()))
+            sk_DIST_POINT_push(crld, point); /* no failure as it was reserved */
+            if ((point->distpoint = DIST_POINT_NAME_new()) == NULL)
                 goto merr;
             point->distpoint->name.fullname = gens;
             point->distpoint->type = 0;
@@ -343,10 +292,6 @@ static void *v2i_crld(const X509V3_EXT_METHOD *method,
     return NULL;
 }
 
-IMPLEMENT_STACK_OF(DIST_POINT)
-
-IMPLEMENT_ASN1_SET_OF(DIST_POINT)
-
 static int dpn_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
                   void *exarg)
 {
@@ -358,8 +303,7 @@ static int dpn_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
         break;
 
     case ASN1_OP_FREE_POST:
-        if (dpn->dpname)
-            X509_NAME_free(dpn->dpname);
+        X509_NAME_free(dpn->dpname);
         break;
     }
     return 1;
@@ -423,7 +367,7 @@ static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
     char *name, *val;
     int i, ret;
     idp = ISSUING_DIST_POINT_new();
-    if (!idp)
+    if (idp == NULL)
         goto merr;
     for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
         cnf = sk_CONF_VALUE_value(nval, i);
@@ -434,19 +378,19 @@ static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
             continue;
         if (ret < 0)
             goto err;
-        if (!strcmp(name, "onlyuser")) {
+        if (strcmp(name, "onlyuser") == 0) {
             if (!X509V3_get_value_bool(cnf, &idp->onlyuser))
                 goto err;
-        } else if (!strcmp(name, "onlyCA")) {
+        } else if (strcmp(name, "onlyCA") == 0) {
             if (!X509V3_get_value_bool(cnf, &idp->onlyCA))
                 goto err;
-        } else if (!strcmp(name, "onlyAA")) {
+        } else if (strcmp(name, "onlyAA") == 0) {
             if (!X509V3_get_value_bool(cnf, &idp->onlyattr))
                 goto err;
-        } else if (!strcmp(name, "indirectCRL")) {
+        } else if (strcmp(name, "indirectCRL") == 0) {
             if (!X509V3_get_value_bool(cnf, &idp->indirectCRL))
                 goto err;
-        } else if (!strcmp(name, "onlysomereasons")) {
+        } else if (strcmp(name, "onlysomereasons") == 0) {
             if (!set_reasons(&idp->onlysomereasons, val))
                 goto err;
         } else {
diff --git a/freebsd/crypto/openssl/crypto/x509v3/v3_enum.c b/freebsd/crypto/openssl/crypto/x509v3/v3_enum.c
index c3727f52..4c959806 100644
--- a/freebsd/crypto/openssl/crypto/x509v3/v3_enum.c
+++ b/freebsd/crypto/openssl/crypto/x509v3/v3_enum.c
@@ -1,67 +1,18 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* v3_enum.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/x509v3.h>
+#include "ext_dat.h"
 
 static ENUMERATED_NAMES crl_reasons[] = {
     {CRL_REASON_UNSPECIFIED, "Unspecified", "unspecified"},
@@ -89,14 +40,16 @@ const X509V3_EXT_METHOD v3_crl_reason = {
     crl_reasons
 };
 
-char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method, ASN1_ENUMERATED *e)
+char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method,
+                                const ASN1_ENUMERATED *e)
 {
     ENUMERATED_NAMES *enam;
     long strval;
+
     strval = ASN1_ENUMERATED_get(e);
     for (enam = method->usr_data; enam->lname; enam++) {
         if (strval == enam->bitnum)
-            return BUF_strdup(enam->lname);
+            return OPENSSL_strdup(enam->lname);
     }
     return i2s_ASN1_ENUMERATED(method, e);
 }
diff --git a/freebsd/crypto/openssl/crypto/x509v3/v3_extku.c b/freebsd/crypto/openssl/crypto/x509v3/v3_extku.c
index 040c6d13..e581f966 100644
--- a/freebsd/crypto/openssl/crypto/x509v3/v3_extku.c
+++ b/freebsd/crypto/openssl/crypto/x509v3/v3_extku.c
@@ -1,69 +1,20 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* v3_extku.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
+#include "ext_dat.h"
 
 static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method,
                                     X509V3_CTX *ctx,
@@ -125,27 +76,30 @@ static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method,
     char *extval;
     ASN1_OBJECT *objtmp;
     CONF_VALUE *val;
+    const int num = sk_CONF_VALUE_num(nval);
     int i;
 
-    if (!(extku = sk_ASN1_OBJECT_new_null())) {
+    extku = sk_ASN1_OBJECT_new_reserve(NULL, num);
+    if (extku == NULL) {
         X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE, ERR_R_MALLOC_FAILURE);
+        sk_ASN1_OBJECT_free(extku);
         return NULL;
     }
 
-    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+    for (i = 0; i < num; i++) {
         val = sk_CONF_VALUE_value(nval, i);
         if (val->value)
             extval = val->value;
         else
             extval = val->name;
-        if (!(objtmp = OBJ_txt2obj(extval, 0))) {
+        if ((objtmp = OBJ_txt2obj(extval, 0)) == NULL) {
             sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free);
             X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE,
                       X509V3_R_INVALID_OBJECT_IDENTIFIER);
             X509V3_conf_err(val);
             return NULL;
         }
-        sk_ASN1_OBJECT_push(extku, objtmp);
+        sk_ASN1_OBJECT_push(extku, objtmp);  /* no failure as it was reserved */
     }
     return extku;
 }
diff --git a/freebsd/crypto/openssl/crypto/x509v3/v3_genn.c b/freebsd/crypto/openssl/crypto/x509v3/v3_genn.c
index b6e2f409..7fcc2193 100644
--- a/freebsd/crypto/openssl/crypto/x509v3/v3_genn.c
+++ b/freebsd/crypto/openssl/crypto/x509v3/v3_genn.c
@@ -1,66 +1,16 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* v3_genn.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
@@ -231,7 +181,7 @@ int GENERAL_NAME_set0_othername(GENERAL_NAME *gen,
 {
     OTHERNAME *oth;
     oth = OTHERNAME_new();
-    if (!oth)
+    if (oth == NULL)
         return 0;
     ASN1_TYPE_free(oth->value);
     oth->type_id = oid;
diff --git a/freebsd/crypto/openssl/crypto/x509v3/v3_ia5.c b/freebsd/crypto/openssl/crypto/x509v3/v3_ia5.c
index 125e091a..88379682 100644
--- a/freebsd/crypto/openssl/crypto/x509v3/v3_ia5.c
+++ b/freebsd/crypto/openssl/crypto/x509v3/v3_ia5.c
@@ -1,75 +1,22 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* v3_ia5.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1.h>
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
+#include "ext_dat.h"
 
-static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
-                                ASN1_IA5STRING *ia5);
-static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
-                                          X509V3_CTX *ctx, char *str);
-const X509V3_EXT_METHOD v3_ns_ia5_list[] = {
+const X509V3_EXT_METHOD v3_ns_ia5_list[8] = {
     EXT_IA5STRING(NID_netscape_base_url),
     EXT_IA5STRING(NID_netscape_revocation_url),
     EXT_IA5STRING(NID_netscape_ca_revocation_url),
@@ -80,13 +27,13 @@ const X509V3_EXT_METHOD v3_ns_ia5_list[] = {
     EXT_END
 };
 
-static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
-                                ASN1_IA5STRING *ia5)
+char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5)
 {
     char *tmp;
+
     if (!ia5 || !ia5->length)
         return NULL;
-    if (!(tmp = OPENSSL_malloc(ia5->length + 1))) {
+    if ((tmp = OPENSSL_malloc(ia5->length + 1)) == NULL) {
         X509V3err(X509V3_F_I2S_ASN1_IA5STRING, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
@@ -95,8 +42,8 @@ static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
     return tmp;
 }
 
-static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
-                                          X509V3_CTX *ctx, char *str)
+ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
+                                   X509V3_CTX *ctx, const char *str)
 {
     ASN1_IA5STRING *ia5;
     if (!str) {
@@ -104,12 +51,11 @@ static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
                   X509V3_R_INVALID_NULL_ARGUMENT);
         return NULL;
     }
-    if (!(ia5 = M_ASN1_IA5STRING_new()))
-        goto err;
-    if (!ASN1_STRING_set((ASN1_STRING *)ia5, (unsigned char *)str,
-                         strlen(str))) {
-        M_ASN1_IA5STRING_free(ia5);
+    if ((ia5 = ASN1_IA5STRING_new()) == NULL)
         goto err;
+    if (!ASN1_STRING_set((ASN1_STRING *)ia5, str, strlen(str))) {
+        ASN1_IA5STRING_free(ia5);
+        return NULL;
     }
 #ifdef CHARSET_EBCDIC
     ebcdic2ascii(ia5->data, ia5->data, ia5->length);
diff --git a/freebsd/crypto/openssl/crypto/x509v3/v3_info.c b/freebsd/crypto/openssl/crypto/x509v3/v3_info.c
index 21a901f0..9370448f 100644
--- a/freebsd/crypto/openssl/crypto/x509v3/v3_info.c
+++ b/freebsd/crypto/openssl/crypto/x509v3/v3_info.c
@@ -1,70 +1,21 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* v3_info.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/conf.h>
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
 #include <openssl/x509v3.h>
+#include "ext_dat.h"
 
 static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD
                                                        *method, AUTHORITY_INFO_ACCESS
@@ -129,16 +80,13 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(
         tret = tmp;
         vtmp = sk_CONF_VALUE_value(tret, i);
         i2t_ASN1_OBJECT(objtmp, sizeof(objtmp), desc->method);
-        nlen = strlen(objtmp) + strlen(vtmp->name) + 5;
+        nlen = strlen(objtmp) + 3 + strlen(vtmp->name) + 1;
         ntmp = OPENSSL_malloc(nlen);
         if (ntmp == NULL)
             goto err;
-        BUF_strlcpy(ntmp, objtmp, nlen);
-        BUF_strlcat(ntmp, " - ", nlen);
-        BUF_strlcat(ntmp, vtmp->name, nlen);
+        BIO_snprintf(ntmp, nlen, "%s - %s", objtmp, vtmp->name);
         OPENSSL_free(vtmp->name);
         vtmp->name = ntmp;
-
     }
     if (ret == NULL && tret == NULL)
         return sk_CONF_VALUE_new_null();
@@ -161,19 +109,21 @@ static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD
     CONF_VALUE *cnf, ctmp;
     ACCESS_DESCRIPTION *acc;
     int i, objlen;
+    const int num = sk_CONF_VALUE_num(nval);
     char *objtmp, *ptmp;
-    if (!(ainfo = sk_ACCESS_DESCRIPTION_new_null())) {
+
+    if ((ainfo = sk_ACCESS_DESCRIPTION_new_reserve(NULL, num)) == NULL) {
         X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
-    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+    for (i = 0; i < num; i++) {
         cnf = sk_CONF_VALUE_value(nval, i);
-        if (!(acc = ACCESS_DESCRIPTION_new())
-            || !sk_ACCESS_DESCRIPTION_push(ainfo, acc)) {
+        if ((acc = ACCESS_DESCRIPTION_new()) == NULL) {
             X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,
                       ERR_R_MALLOC_FAILURE);
             goto err;
         }
+        sk_ACCESS_DESCRIPTION_push(ainfo, acc); /* Cannot fail due to reserve */
         ptmp = strchr(cnf->name, ';');
         if (!ptmp) {
             X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,
@@ -185,13 +135,11 @@ static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD
         ctmp.value = cnf->value;
         if (!v2i_GENERAL_NAME_ex(acc->location, method, ctx, &ctmp, 0))
             goto err;
-        if (!(objtmp = OPENSSL_malloc(objlen + 1))) {
+        if ((objtmp = OPENSSL_strndup(cnf->name, objlen)) == NULL) {
             X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,
                       ERR_R_MALLOC_FAILURE);
             goto err;
         }
-        strncpy(objtmp, cnf->name, objlen);
-        objtmp[objlen] = 0;
         acc->method = OBJ_txt2obj(objtmp, 0);
         if (!acc->method) {
             X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,
@@ -209,11 +157,8 @@ static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD
     return NULL;
 }
 
-int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION *a)
+int i2a_ACCESS_DESCRIPTION(BIO *bp, const ACCESS_DESCRIPTION *a)
 {
     i2a_ASN1_OBJECT(bp, a->method);
-#ifdef UNDEF
-    i2a_GENERAL_NAME(bp, a->location);
-#endif
     return 2;
 }
diff --git a/freebsd/crypto/openssl/crypto/x509v3/v3_int.c b/freebsd/crypto/openssl/crypto/x509v3/v3_int.c
index abf4de38..f26a8c83 100644
--- a/freebsd/crypto/openssl/crypto/x509v3/v3_int.c
+++ b/freebsd/crypto/openssl/crypto/x509v3/v3_int.c
@@ -1,67 +1,18 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* v3_int.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/x509v3.h>
+#include "ext_dat.h"
 
 const X509V3_EXT_METHOD v3_crl_num = {
     NID_crl_number, 0, ASN1_ITEM_ref(ASN1_INTEGER),
@@ -80,7 +31,7 @@ const X509V3_EXT_METHOD v3_delta_crl = {
 };
 
 static void *s2i_asn1_int(X509V3_EXT_METHOD *meth, X509V3_CTX *ctx,
-                          char *value)
+                          const char *value)
 {
     return s2i_ASN1_INTEGER(meth, value);
 }
diff --git a/freebsd/crypto/openssl/crypto/x509v3/v3_lib.c b/freebsd/crypto/openssl/crypto/x509v3/v3_lib.c
index 9fd34e9d..308b5635 100644
--- a/freebsd/crypto/openssl/crypto/x509v3/v3_lib.c
+++ b/freebsd/crypto/openssl/crypto/x509v3/v3_lib.c
@@ -1,67 +1,18 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* v3_lib.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
+
 /* X509 v3 extension utilities */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
 
@@ -75,7 +26,8 @@ static void ext_list_free(X509V3_EXT_METHOD *ext);
 
 int X509V3_EXT_add(X509V3_EXT_METHOD *ext)
 {
-    if (!ext_list && !(ext_list = sk_X509V3_EXT_METHOD_new(ext_cmp))) {
+    if (ext_list == NULL
+        && (ext_list = sk_X509V3_EXT_METHOD_new(ext_cmp)) == NULL) {
         X509V3err(X509V3_F_X509V3_EXT_ADD, ERR_R_MALLOC_FAILURE);
         return 0;
     }
@@ -97,11 +49,14 @@ DECLARE_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *,
 IMPLEMENT_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *,
                              const X509V3_EXT_METHOD *, ext);
 
+#include "standard_exts.h"
+
 const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)
 {
     X509V3_EXT_METHOD tmp;
     const X509V3_EXT_METHOD *t = &tmp, *const *ret;
     int idx;
+
     if (nid < 0)
         return NULL;
     tmp.ext_nid = nid;
@@ -111,41 +66,17 @@ const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)
     if (!ext_list)
         return NULL;
     idx = sk_X509V3_EXT_METHOD_find(ext_list, &tmp);
-    if (idx == -1)
-        return NULL;
     return sk_X509V3_EXT_METHOD_value(ext_list, idx);
 }
 
 const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext)
 {
     int nid;
-    if ((nid = OBJ_obj2nid(ext->object)) == NID_undef)
+    if ((nid = OBJ_obj2nid(X509_EXTENSION_get_object(ext))) == NID_undef)
         return NULL;
     return X509V3_EXT_get_nid(nid);
 }
 
-int X509V3_EXT_free(int nid, void *ext_data)
-{
-    const X509V3_EXT_METHOD *ext_method = X509V3_EXT_get_nid(nid);
-    if (ext_method == NULL) {
-        X509V3err(X509V3_F_X509V3_EXT_FREE,
-                  X509V3_R_CANNOT_FIND_FREE_FUNCTION);
-        return 0;
-    }
-
-    if (ext_method->it != NULL)
-        ASN1_item_free(ext_data, ASN1_ITEM_ptr(ext_method->it));
-    else if (ext_method->ext_free != NULL)
-        ext_method->ext_free(ext_data);
-    else {
-        X509V3err(X509V3_F_X509V3_EXT_FREE,
-                  X509V3_R_CANNOT_FIND_FREE_FUNCTION);
-        return 0;
-    }
-
-    return 1;
-}
-
 int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist)
 {
     for (; extlist->ext_nid != -1; extlist++)
@@ -159,14 +90,11 @@ int X509V3_EXT_add_alias(int nid_to, int nid_from)
     const X509V3_EXT_METHOD *ext;
     X509V3_EXT_METHOD *tmpext;
 
-    if (!(ext = X509V3_EXT_get_nid(nid_from))) {
-        X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,
-                  X509V3_R_EXTENSION_NOT_FOUND);
+    if ((ext = X509V3_EXT_get_nid(nid_from)) == NULL) {
+        X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS, X509V3_R_EXTENSION_NOT_FOUND);
         return 0;
     }
-    if (!
-        (tmpext =
-         (X509V3_EXT_METHOD *)OPENSSL_malloc(sizeof(X509V3_EXT_METHOD)))) {
+    if ((tmpext = OPENSSL_malloc(sizeof(*tmpext))) == NULL) {
         X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS, ERR_R_MALLOC_FAILURE);
         return 0;
     }
@@ -204,14 +132,17 @@ void *X509V3_EXT_d2i(X509_EXTENSION *ext)
 {
     const X509V3_EXT_METHOD *method;
     const unsigned char *p;
+    ASN1_STRING *extvalue;
+    int extlen;
 
-    if (!(method = X509V3_EXT_get(ext)))
+    if ((method = X509V3_EXT_get(ext)) == NULL)
         return NULL;
-    p = ext->value->data;
+    extvalue = X509_EXTENSION_get_data(ext);
+    p = ASN1_STRING_get0_data(extvalue);
+    extlen = ASN1_STRING_length(extvalue);
     if (method->it)
-        return ASN1_item_d2i(NULL, &p, ext->value->length,
-                             ASN1_ITEM_ptr(method->it));
-    return method->d2i(NULL, &p, ext->value->length);
+        return ASN1_item_d2i(NULL, &p, extlen, ASN1_ITEM_ptr(method->it));
+    return method->d2i(NULL, &p, extlen);
 }
 
 /*-
@@ -230,11 +161,12 @@ void *X509V3_EXT_d2i(X509_EXTENSION *ext)
  * -2 extension occurs more than once.
  */
 
-void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
+void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
                      int *idx)
 {
     int lastpos, i;
     X509_EXTENSION *ex, *found_ex = NULL;
+
     if (!x) {
         if (idx)
             *idx = -1;
@@ -250,7 +182,7 @@ void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
         lastpos = 0;
     for (i = lastpos; i < sk_X509_EXTENSION_num(x); i++) {
         ex = sk_X509_EXTENSION_value(x, i);
-        if (OBJ_obj2nid(ex->object) == nid) {
+        if (OBJ_obj2nid(X509_EXTENSION_get_object(ex)) == nid) {
             if (idx) {
                 *idx = i;
                 found_ex = ex;
@@ -349,8 +281,9 @@ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
         return 1;
     }
 
-    if ((ret = *x) == NULL
-         && (ret = sk_X509_EXTENSION_new_null()) == NULL)
+    ret = *x;
+    if (*x == NULL
+        && (ret = sk_X509_EXTENSION_new_null()) == NULL)
         goto m_fail;
     if (!sk_X509_EXTENSION_push(ret, ext))
         goto m_fail;
@@ -359,6 +292,7 @@ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
     return 1;
 
  m_fail:
+    /* X509V3err(X509V3_F_X509V3_ADD1_I2D, ERR_R_MALLOC_FAILURE); */
     if (ret != *x)
         sk_X509_EXTENSION_free(ret);
     X509_EXTENSION_free(ext);
@@ -369,5 +303,3 @@ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
         X509V3err(X509V3_F_X509V3_ADD1_I2D, errcode);
     return 0;
 }
-
-IMPLEMENT_STACK_OF(X509V3_EXT_METHOD)
diff --git a/freebsd/crypto/openssl/crypto/x509v3/v3_ncons.c b/freebsd/crypto/openssl/crypto/x509v3/v3_ncons.c
index 006c2009..6ea741f1 100644
--- a/freebsd/crypto/openssl/crypto/x509v3/v3_ncons.c
+++ b/freebsd/crypto/openssl/crypto/x509v3/v3_ncons.c
@@ -1,70 +1,25 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* v3_ncons.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2003-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
+#include "internal/cryptlib.h"
+#include "internal/numbers.h"
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/asn1_int.h"
 #include <openssl/asn1t.h>
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
 
+#include "internal/x509_int.h"
+#include "ext_dat.h"
+
 static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
                                   X509V3_CTX *ctx,
                                   STACK_OF(CONF_VALUE) *nval);
@@ -72,7 +27,7 @@ static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a,
                                 BIO *bp, int ind);
 static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method,
                                    STACK_OF(GENERAL_SUBTREE) *trees, BIO *bp,
-                                   int ind, char *name);
+                                   int ind, const char *name);
 static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip);
 
 static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc);
@@ -81,6 +36,7 @@ static int nc_dn(X509_NAME *sub, X509_NAME *nm);
 static int nc_dns(ASN1_IA5STRING *sub, ASN1_IA5STRING *dns);
 static int nc_email(ASN1_IA5STRING *sub, ASN1_IA5STRING *eml);
 static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base);
+static int nc_ip(ASN1_OCTET_STRING *ip, ASN1_OCTET_STRING *base);
 
 const X509V3_EXT_METHOD v3_name_constraints = {
     NID_name_constraints, 0,
@@ -146,8 +102,7 @@ static int ia5ncasecmp(const char *s1, const char *s2, size_t n)
 
 static int ia5casecmp(const char *s1, const char *s2)
 {
-    /* No portable definition of SIZE_MAX, so we use (size_t)(-1) instead */
-    return ia5ncasecmp(s1, s2, (size_t)(-1));
+    return ia5ncasecmp(s1, s2, SIZE_MAX);
 }
 
 static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
@@ -158,15 +113,16 @@ static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
     STACK_OF(GENERAL_SUBTREE) **ptree = NULL;
     NAME_CONSTRAINTS *ncons = NULL;
     GENERAL_SUBTREE *sub = NULL;
+
     ncons = NAME_CONSTRAINTS_new();
-    if (!ncons)
+    if (ncons == NULL)
         goto memerr;
     for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
         val = sk_CONF_VALUE_value(nval, i);
-        if (!strncmp(val->name, "permitted", 9) && val->name[9]) {
+        if (strncmp(val->name, "permitted", 9) == 0 && val->name[9]) {
             ptree = &ncons->permittedSubtrees;
             tval.name = val->name + 10;
-        } else if (!strncmp(val->name, "excluded", 8) && val->name[8]) {
+        } else if (strncmp(val->name, "excluded", 8) == 0 && val->name[8]) {
             ptree = &ncons->excludedSubtrees;
             tval.name = val->name + 9;
         } else {
@@ -179,9 +135,9 @@ static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
             goto memerr;
         if (!v2i_GENERAL_NAME_ex(sub->base, method, ctx, &tval, 1))
             goto err;
-        if (!*ptree)
+        if (*ptree == NULL)
             *ptree = sk_GENERAL_SUBTREE_new_null();
-        if (!*ptree || !sk_GENERAL_SUBTREE_push(*ptree, sub))
+        if (*ptree == NULL || !sk_GENERAL_SUBTREE_push(*ptree, sub))
             goto memerr;
         sub = NULL;
     }
@@ -191,10 +147,8 @@ static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
  memerr:
     X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
  err:
-    if (ncons)
-        NAME_CONSTRAINTS_free(ncons);
-    if (sub)
-        GENERAL_SUBTREE_free(sub);
+    NAME_CONSTRAINTS_free(ncons);
+    GENERAL_SUBTREE_free(sub);
 
     return NULL;
 }
@@ -212,7 +166,7 @@ static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a,
 
 static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method,
                                    STACK_OF(GENERAL_SUBTREE) *trees,
-                                   BIO *bp, int ind, char *name)
+                                   BIO *bp, int ind, const char *name)
 {
     GENERAL_SUBTREE *tree;
     int i;
@@ -254,6 +208,22 @@ static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip)
     return 1;
 }
 
+#define NAME_CHECK_MAX (1 << 20)
+
+static int add_lengths(int *out, int a, int b)
+{
+    /* sk_FOO_num(NULL) returns -1 but is effectively 0 when iterating. */
+    if (a < 0)
+        a = 0;
+    if (b < 0)
+        b = 0;
+
+    if (a > INT_MAX - b)
+        return 0;
+    *out = a + b;
+    return 1;
+}
+
 /*-
  * Check a certificate conforms to a specified set of constraints.
  * Return values:
@@ -268,11 +238,23 @@ static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip)
 
 int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc)
 {
-    int r, i;
+    int r, i, name_count, constraint_count;
     X509_NAME *nm;
 
     nm = X509_get_subject_name(x);
 
+    /*
+     * Guard against certificates with an excessive number of names or
+     * constraints causing a computationally expensive name constraints check.
+     */
+    if (!add_lengths(&name_count, X509_NAME_entry_count(nm),
+                     sk_GENERAL_NAME_num(x->altname))
+        || !add_lengths(&constraint_count,
+                        sk_GENERAL_SUBTREE_num(nc->permittedSubtrees),
+                        sk_GENERAL_SUBTREE_num(nc->excludedSubtrees))
+        || (name_count > 0 && constraint_count > NAME_CHECK_MAX / name_count))
+        return X509_V_ERR_UNSPECIFIED;
+
     if (X509_NAME_entry_count(nm) > 0) {
         GENERAL_NAME gntmp;
         gntmp.type = GEN_DIRNAME;
@@ -288,7 +270,8 @@ int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc)
         /* Process any email address attributes in subject name */
 
         for (i = -1;;) {
-            X509_NAME_ENTRY *ne;
+            const X509_NAME_ENTRY *ne;
+
             i = X509_NAME_get_index_by_NID(nm, NID_pkcs9_emailAddress, i);
             if (i == -1)
                 break;
@@ -316,6 +299,144 @@ int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc)
 
 }
 
+static int cn2dnsid(ASN1_STRING *cn, unsigned char **dnsid, size_t *idlen)
+{
+    int utf8_length;
+    unsigned char *utf8_value;
+    int i;
+    int isdnsname = 0;
+
+    /* Don't leave outputs uninitialized */
+    *dnsid = NULL;
+    *idlen = 0;
+
+    /*-
+     * Per RFC 6125, DNS-IDs representing internationalized domain names appear
+     * in certificates in A-label encoded form:
+     *
+     *   https://tools.ietf.org/html/rfc6125#section-6.4.2
+     *
+     * The same applies to CNs which are intended to represent DNS names.
+     * However, while in the SAN DNS-IDs are IA5Strings, as CNs they may be
+     * needlessly encoded in 16-bit Unicode.  We perform a conversion to UTF-8
+     * to ensure that we get an ASCII representation of any CNs that are
+     * representable as ASCII, but just not encoded as ASCII.  The UTF-8 form
+     * may contain some non-ASCII octets, and that's fine, such CNs are not
+     * valid legacy DNS names.
+     *
+     * Note, 'int' is the return type of ASN1_STRING_to_UTF8() so that's what
+     * we must use for 'utf8_length'.
+     */
+    if ((utf8_length = ASN1_STRING_to_UTF8(&utf8_value, cn)) < 0)
+        return X509_V_ERR_OUT_OF_MEM;
+
+    /*
+     * Some certificates have had names that include a *trailing* NUL byte.
+     * Remove these harmless NUL characters. They would otherwise yield false
+     * alarms with the following embedded NUL check.
+     */
+    while (utf8_length > 0 && utf8_value[utf8_length - 1] == '\0')
+        --utf8_length;
+
+    /* Reject *embedded* NULs */
+    if ((size_t)utf8_length != strlen((char *)utf8_value)) {
+        OPENSSL_free(utf8_value);
+        return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
+    }
+
+    /*
+     * XXX: Deviation from strict DNS name syntax, also check names with '_'
+     * Check DNS name syntax, any '-' or '.' must be internal,
+     * and on either side of each '.' we can't have a '-' or '.'.
+     *
+     * If the name has just one label, we don't consider it a DNS name.  This
+     * means that "CN=sometld" cannot be precluded by DNS name constraints, but
+     * that is not a problem.
+     */
+    for (i = 0; i < utf8_length; ++i) {
+        unsigned char c = utf8_value[i];
+
+        if ((c >= 'a' && c <= 'z')
+            || (c >= 'A' && c <= 'Z')
+            || (c >= '0' && c <= '9')
+            || c == '_')
+            continue;
+
+        /* Dot and hyphen cannot be first or last. */
+        if (i > 0 && i < utf8_length - 1) {
+            if (c == '-')
+                continue;
+            /*
+             * Next to a dot the preceding and following characters must not be
+             * another dot or a hyphen.  Otherwise, record that the name is
+             * plausible, since it has two or more labels.
+             */
+            if (c == '.'
+                && utf8_value[i + 1] != '.'
+                && utf8_value[i - 1] != '-'
+                && utf8_value[i + 1] != '-') {
+                isdnsname = 1;
+                continue;
+            }
+        }
+        isdnsname = 0;
+        break;
+    }
+
+    if (isdnsname) {
+        *dnsid = utf8_value;
+        *idlen = (size_t)utf8_length;
+        return X509_V_OK;
+    }
+    OPENSSL_free(utf8_value);
+    return X509_V_OK;
+}
+
+/*
+ * Check CN against DNS-ID name constraints.
+ */
+int NAME_CONSTRAINTS_check_CN(X509 *x, NAME_CONSTRAINTS *nc)
+{
+    int r, i;
+    X509_NAME *nm = X509_get_subject_name(x);
+    ASN1_STRING stmp;
+    GENERAL_NAME gntmp;
+
+    stmp.flags = 0;
+    stmp.type = V_ASN1_IA5STRING;
+    gntmp.type = GEN_DNS;
+    gntmp.d.dNSName = &stmp;
+
+    /* Process any commonName attributes in subject name */
+
+    for (i = -1;;) {
+        X509_NAME_ENTRY *ne;
+        ASN1_STRING *cn;
+        unsigned char *idval;
+        size_t idlen;
+
+        i = X509_NAME_get_index_by_NID(nm, NID_commonName, i);
+        if (i == -1)
+            break;
+        ne = X509_NAME_get_entry(nm, i);
+        cn = X509_NAME_ENTRY_get_data(ne);
+
+        /* Only process attributes that look like host names */
+        if ((r = cn2dnsid(cn, &idval, &idlen)) != X509_V_OK)
+            return r;
+        if (idlen == 0)
+            continue;
+
+        stmp.length = idlen;
+        stmp.data = idval;
+        r = nc_match(&gntmp, nc);
+        OPENSSL_free(idval);
+        if (r != X509_V_OK)
+            return r;
+    }
+    return X509_V_OK;
+}
+
 static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc)
 {
     GENERAL_SUBTREE *sub;
@@ -384,6 +505,9 @@ static int nc_match_single(GENERAL_NAME *gen, GENERAL_NAME *base)
         return nc_uri(gen->d.uniformResourceIdentifier,
                       base->d.uniformResourceIdentifier);
 
+    case GEN_IPADD:
+        return nc_ip(gen->d.iPAddress, base->d.iPAddress);
+
     default:
         return X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE;
     }
@@ -443,7 +567,7 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base)
     const char *emlat = strchr(emlptr, '@');
     if (!emlat)
         return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
-    /* Special case: inital '.' is RHS match */
+    /* Special case: initial '.' is RHS match */
     if (!baseat && (*baseptr == '.')) {
         if (eml->length > base->length) {
             emlptr += eml->length - base->length;
@@ -503,7 +627,7 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base)
     if (hostlen == 0)
         return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
 
-    /* Special case: inital '.' is RHS match */
+    /* Special case: initial '.' is RHS match */
     if (*baseptr == '.') {
         if (hostlen > base->length) {
             p = hostptr + hostlen - base->length;
@@ -520,3 +644,34 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base)
     return X509_V_OK;
 
 }
+
+static int nc_ip(ASN1_OCTET_STRING *ip, ASN1_OCTET_STRING *base)
+{
+    int hostlen, baselen, i;
+    unsigned char *hostptr, *baseptr, *maskptr;
+    hostptr = ip->data;
+    hostlen = ip->length;
+    baseptr = base->data;
+    baselen = base->length;
+
+    /* Invalid if not IPv4 or IPv6 */
+    if (!((hostlen == 4) || (hostlen == 16)))
+        return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
+    if (!((baselen == 8) || (baselen == 32)))
+        return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
+
+    /* Do not match IPv4 with IPv6 */
+    if (hostlen * 2 != baselen)
+        return X509_V_ERR_PERMITTED_VIOLATION;
+
+    maskptr = base->data + hostlen;
+
+    /* Considering possible not aligned base ipAddress */
+    /* Not checking for wrong mask definition: i.e.: 255.0.255.0 */
+    for (i = 0; i < hostlen; i++)
+        if ((hostptr[i] & maskptr[i]) != (baseptr[i] & maskptr[i]))
+            return X509_V_ERR_PERMITTED_VIOLATION;
+
+    return X509_V_OK;
+
+}
diff --git a/freebsd/crypto/openssl/crypto/x509v3/v3_pci.c b/freebsd/crypto/openssl/crypto/x509v3/v3_pci.c
index a8263572..4b822751 100644
--- a/freebsd/crypto/openssl/crypto/x509v3/v3_pci.c
+++ b/freebsd/crypto/openssl/crypto/x509v3/v3_pci.c
@@ -1,11 +1,19 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* v3_pci.c */
 /*
- * Contributed to the OpenSSL Project 2004 by Richard Levitte
- * (richard@levitte.org)
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
-/* Copyright (c) 2004 Kungliga Tekniska Högskolan
+
+/*
+ * This file is dual-licensed and is also available under the following
+ * terms:
+ *
+ * Copyright (c) 2004 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  *
@@ -38,9 +46,10 @@
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
+#include "ext_dat.h"
 
 static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext,
                    BIO *out, int indent);
@@ -88,7 +97,7 @@ static int process_pci_value(CONF_VALUE *val,
             X509V3_conf_err(val);
             return 0;
         }
-        if (!(*language = OBJ_txt2obj(val->value, 0))) {
+        if ((*language = OBJ_txt2obj(val->value, 0)) == NULL) {
             X509V3err(X509V3_F_PROCESS_PCI_VALUE,
                       X509V3_R_INVALID_OBJECT_IDENTIFIER);
             X509V3_conf_err(val);
@@ -112,7 +121,7 @@ static int process_pci_value(CONF_VALUE *val,
         long val_len;
         if (!*policy) {
             *policy = ASN1_OCTET_STRING_new();
-            if (!*policy) {
+            if (*policy == NULL) {
                 X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE);
                 X509V3_conf_err(val);
                 return 0;
@@ -121,11 +130,9 @@ static int process_pci_value(CONF_VALUE *val,
         }
         if (strncmp(val->value, "hex:", 4) == 0) {
             unsigned char *tmp_data2 =
-                string_to_hex(val->value + 4, &val_len);
+                OPENSSL_hexstr2buf(val->value + 4, &val_len);
 
             if (!tmp_data2) {
-                X509V3err(X509V3_F_PROCESS_PCI_VALUE,
-                          X509V3_R_ILLEGAL_HEX_DIGIT);
                 X509V3_conf_err(val);
                 goto err;
             }
@@ -144,6 +151,7 @@ static int process_pci_value(CONF_VALUE *val,
                  * realloc failure implies the original data space is b0rked
                  * too!
                  */
+                OPENSSL_free((*policy)->data);
                 (*policy)->data = NULL;
                 (*policy)->length = 0;
                 X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE);
@@ -168,8 +176,16 @@ static int process_pci_value(CONF_VALUE *val,
                 tmp_data = OPENSSL_realloc((*policy)->data,
                                            (*policy)->length + n + 1);
 
-                if (!tmp_data)
-                    break;
+                if (!tmp_data) {
+                    OPENSSL_free((*policy)->data);
+                    (*policy)->data = NULL;
+                    (*policy)->length = 0;
+                    X509V3err(X509V3_F_PROCESS_PCI_VALUE,
+                              ERR_R_MALLOC_FAILURE);
+                    X509V3_conf_err(val);
+                    BIO_free_all(b);
+                    goto err;
+                }
 
                 (*policy)->data = tmp_data;
                 memcpy(&(*policy)->data[(*policy)->length], buf, n);
@@ -198,6 +214,7 @@ static int process_pci_value(CONF_VALUE *val,
                  * realloc failure implies the original data space is b0rked
                  * too!
                  */
+                OPENSSL_free((*policy)->data);
                 (*policy)->data = NULL;
                 (*policy)->length = 0;
                 X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE);
@@ -284,7 +301,7 @@ static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
     }
 
     pci = PROXY_CERT_INFO_EXTENSION_new();
-    if (!pci) {
+    if (pci == NULL) {
         X509V3err(X509V3_F_R2I_PCI, ERR_R_MALLOC_FAILURE);
         goto err;
     }
@@ -297,22 +314,13 @@ static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
     pathlen = NULL;
     goto end;
  err:
-    if (language) {
-        ASN1_OBJECT_free(language);
-        language = NULL;
-    }
-    if (pathlen) {
-        ASN1_INTEGER_free(pathlen);
-        pathlen = NULL;
-    }
-    if (policy) {
-        ASN1_OCTET_STRING_free(policy);
-        policy = NULL;
-    }
-    if (pci) {
-        PROXY_CERT_INFO_EXTENSION_free(pci);
-        pci = NULL;
-    }
+    ASN1_OBJECT_free(language);
+    ASN1_INTEGER_free(pathlen);
+    pathlen = NULL;
+    ASN1_OCTET_STRING_free(policy);
+    policy = NULL;
+    PROXY_CERT_INFO_EXTENSION_free(pci);
+    pci = NULL;
  end:
     sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
     return pci;
diff --git a/freebsd/crypto/openssl/crypto/x509v3/v3_pcia.c b/freebsd/crypto/openssl/crypto/x509v3/v3_pcia.c
index b296fe40..072c6b07 100644
--- a/freebsd/crypto/openssl/crypto/x509v3/v3_pcia.c
+++ b/freebsd/crypto/openssl/crypto/x509v3/v3_pcia.c
@@ -1,11 +1,19 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* v3_pcia.c */
 /*
- * Contributed to the OpenSSL Project 2004 by Richard Levitte
- * (richard@levitte.org)
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
-/* Copyright (c) 2004 Kungliga Tekniska Högskolan
+
+/*
+ * This file is dual-licensed and is also available under the following
+ * terms:
+ *
+ * Copyright (c) 2004 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  *
diff --git a/freebsd/crypto/openssl/crypto/x509v3/v3_pcons.c b/freebsd/crypto/openssl/crypto/x509v3/v3_pcons.c
index 437a4c3a..a5c97eba 100644
--- a/freebsd/crypto/openssl/crypto/x509v3/v3_pcons.c
+++ b/freebsd/crypto/openssl/crypto/x509v3/v3_pcons.c
@@ -1,70 +1,21 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* v3_pcons.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
+#include "ext_dat.h"
 
 static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD
                                                     *method, void *bcons, STACK_OF(CONF_VALUE)
@@ -110,16 +61,17 @@ static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method,
     POLICY_CONSTRAINTS *pcons = NULL;
     CONF_VALUE *val;
     int i;
-    if (!(pcons = POLICY_CONSTRAINTS_new())) {
+
+    if ((pcons = POLICY_CONSTRAINTS_new()) == NULL) {
         X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
     for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
         val = sk_CONF_VALUE_value(values, i);
-        if (!strcmp(val->name, "requireExplicitPolicy")) {
+        if (strcmp(val->name, "requireExplicitPolicy") == 0) {
             if (!X509V3_get_value_int(val, &pcons->requireExplicitPolicy))
                 goto err;
-        } else if (!strcmp(val->name, "inhibitPolicyMapping")) {
+        } else if (strcmp(val->name, "inhibitPolicyMapping") == 0) {
             if (!X509V3_get_value_int(val, &pcons->inhibitPolicyMapping))
                 goto err;
         } else {
diff --git a/freebsd/crypto/openssl/crypto/x509v3/v3_pku.c b/freebsd/crypto/openssl/crypto/x509v3/v3_pku.c
index 4b93349f..bdfb263f 100644
--- a/freebsd/crypto/openssl/crypto/x509v3/v3_pku.c
+++ b/freebsd/crypto/openssl/crypto/x509v3/v3_pku.c
@@ -1,77 +1,25 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* v3_pku.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
 #include <openssl/x509v3.h>
+#include "ext_dat.h"
 
 static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method,
                                  PKEY_USAGE_PERIOD *usage, BIO *out,
                                  int indent);
-/*
- * static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method,
- * X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
- */
+
 const X509V3_EXT_METHOD v3_pkey_usage_period = {
     NID_private_key_usage_period, 0, ASN1_ITEM_ref(PKEY_USAGE_PERIOD),
     0, 0, 0, 0,
@@ -104,13 +52,3 @@ static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method,
     }
     return 1;
 }
-
-/*-
-static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(method, ctx, values)
-X509V3_EXT_METHOD *method;
-X509V3_CTX *ctx;
-STACK_OF(CONF_VALUE) *values;
-{
-return NULL;
-}
-*/
diff --git a/freebsd/crypto/openssl/crypto/x509v3/v3_pmaps.c b/freebsd/crypto/openssl/crypto/x509v3/v3_pmaps.c
index 115196e5..e4562d6a 100644
--- a/freebsd/crypto/openssl/crypto/x509v3/v3_pmaps.c
+++ b/freebsd/crypto/openssl/crypto/x509v3/v3_pmaps.c
@@ -1,69 +1,20 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* v3_pmaps.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
+#include "ext_dat.h"
 
 static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method,
                                  X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
@@ -103,6 +54,7 @@ static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(const X509V3_EXT_METHOD
     int i;
     char obj_tmp1[80];
     char obj_tmp2[80];
+
     for (i = 0; i < sk_POLICY_MAPPING_num(pmaps); i++) {
         pmap = sk_POLICY_MAPPING_value(pmaps, i);
         i2t_ASN1_OBJECT(obj_tmp1, 80, pmap->issuerDomainPolicy);
@@ -115,44 +67,48 @@ static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(const X509V3_EXT_METHOD
 static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method,
                                  X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
 {
-    POLICY_MAPPINGS *pmaps;
-    POLICY_MAPPING *pmap;
-    ASN1_OBJECT *obj1, *obj2;
+    POLICY_MAPPING *pmap = NULL;
+    ASN1_OBJECT *obj1 = NULL, *obj2 = NULL;
     CONF_VALUE *val;
+    POLICY_MAPPINGS *pmaps;
+    const int num = sk_CONF_VALUE_num(nval);
     int i;
 
-    if (!(pmaps = sk_POLICY_MAPPING_new_null())) {
+    if ((pmaps = sk_POLICY_MAPPING_new_reserve(NULL, num)) == NULL) {
         X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
 
-    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+    for (i = 0; i < num; i++) {
         val = sk_CONF_VALUE_value(nval, i);
         if (!val->value || !val->name) {
-            sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free);
             X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,
                       X509V3_R_INVALID_OBJECT_IDENTIFIER);
             X509V3_conf_err(val);
-            return NULL;
+            goto err;
         }
         obj1 = OBJ_txt2obj(val->name, 0);
         obj2 = OBJ_txt2obj(val->value, 0);
         if (!obj1 || !obj2) {
-            sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free);
             X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,
                       X509V3_R_INVALID_OBJECT_IDENTIFIER);
             X509V3_conf_err(val);
-            return NULL;
+            goto err;
         }
         pmap = POLICY_MAPPING_new();
-        if (!pmap) {
-            sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free);
+        if (pmap == NULL) {
             X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, ERR_R_MALLOC_FAILURE);
-            return NULL;
+            goto err;
         }
         pmap->issuerDomainPolicy = obj1;
         pmap->subjectDomainPolicy = obj2;
-        sk_POLICY_MAPPING_push(pmaps, pmap);
+        obj1 = obj2 = NULL;
+        sk_POLICY_MAPPING_push(pmaps, pmap); /* no failure as it was reserved */
     }
     return pmaps;
+ err:
+    ASN1_OBJECT_free(obj1);
+    ASN1_OBJECT_free(obj2);
+    sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free);
+    return NULL;
 }
diff --git a/freebsd/crypto/openssl/crypto/x509v3/v3_prn.c b/freebsd/crypto/openssl/crypto/x509v3/v3_prn.c
index 3dffd073..e8a200df 100644
--- a/freebsd/crypto/openssl/crypto/x509v3/v3_prn.c
+++ b/freebsd/crypto/openssl/crypto/x509v3/v3_prn.c
@@ -1,73 +1,24 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* v3_prn.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
+
 /* X509 v3 extension utilities */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
 
 /* Extension printing routines */
 
-static int unknown_ext_print(BIO *out, X509_EXTENSION *ext,
+static int unknown_ext_print(BIO *out, const unsigned char *ext, int extlen,
                              unsigned long flag, int indent, int supported);
 
 /* Print out a name+value stack */
@@ -103,7 +54,7 @@ void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
             char *tmp;
             len = strlen(nval->value) + 1;
             tmp = OPENSSL_malloc(len);
-            if (tmp) {
+            if (tmp != NULL) {
                 ascii2ebcdic(tmp, nval->value, len);
                 BIO_printf(out, "%s:%s", nval->name, tmp);
                 OPENSSL_free(tmp);
@@ -122,26 +73,29 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag,
 {
     void *ext_str = NULL;
     char *value = NULL;
+    ASN1_OCTET_STRING *extoct;
     const unsigned char *p;
+    int extlen;
     const X509V3_EXT_METHOD *method;
     STACK_OF(CONF_VALUE) *nval = NULL;
     int ok = 1;
 
-    if (!(method = X509V3_EXT_get(ext)))
-        return unknown_ext_print(out, ext, flag, indent, 0);
-    p = ext->value->data;
+    extoct = X509_EXTENSION_get_data(ext);
+    p = ASN1_STRING_get0_data(extoct);
+    extlen = ASN1_STRING_length(extoct);
+
+    if ((method = X509V3_EXT_get(ext)) == NULL)
+        return unknown_ext_print(out, p, extlen, flag, indent, 0);
     if (method->it)
-        ext_str =
-            ASN1_item_d2i(NULL, &p, ext->value->length,
-                          ASN1_ITEM_ptr(method->it));
+        ext_str = ASN1_item_d2i(NULL, &p, extlen, ASN1_ITEM_ptr(method->it));
     else
-        ext_str = method->d2i(NULL, &p, ext->value->length);
+        ext_str = method->d2i(NULL, &p, extlen);
 
     if (!ext_str)
-        return unknown_ext_print(out, ext, flag, indent, 1);
+        return unknown_ext_print(out, p, extlen, flag, indent, 1);
 
     if (method->i2s) {
-        if (!(value = method->i2s(method, ext_str))) {
+        if ((value = method->i2s(method, ext_str)) == NULL) {
             ok = 0;
             goto err;
         }
@@ -153,7 +107,7 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag,
             char *tmp;
             len = strlen(value) + 1;
             tmp = OPENSSL_malloc(len);
-            if (tmp) {
+            if (tmp != NULL) {
                 ascii2ebcdic(tmp, value, len);
                 BIO_printf(out, "%*s%s", indent, "", tmp);
                 OPENSSL_free(tmp);
@@ -161,7 +115,7 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag,
         }
 #endif
     } else if (method->i2v) {
-        if (!(nval = method->i2v(method, ext_str, NULL))) {
+        if ((nval = method->i2v(method, ext_str, NULL)) == NULL) {
             ok = 0;
             goto err;
         }
@@ -175,8 +129,7 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag,
 
  err:
     sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
-    if (value)
-        OPENSSL_free(value);
+    OPENSSL_free(value);
     if (method->it)
         ASN1_item_free(ext_str, ASN1_ITEM_ptr(method->it));
     else
@@ -184,8 +137,8 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag,
     return ok;
 }
 
-int X509V3_extensions_print(BIO *bp, char *title,
-                            STACK_OF(X509_EXTENSION) *exts,
+int X509V3_extensions_print(BIO *bp, const char *title,
+                            const STACK_OF(X509_EXTENSION) *exts,
                             unsigned long flag, int indent)
 {
     int i, j;
@@ -211,7 +164,7 @@ int X509V3_extensions_print(BIO *bp, char *title,
             return 0;
         if (!X509V3_EXT_print(bp, ex, flag, indent + 4)) {
             BIO_printf(bp, "%*s", indent + 4, "");
-            M_ASN1_OCTET_STRING_print(bp, ex->value);
+            ASN1_STRING_print(bp, X509_EXTENSION_get_data(ex));
         }
         if (BIO_write(bp, "\n", 1) <= 0)
             return 0;
@@ -219,7 +172,7 @@ int X509V3_extensions_print(BIO *bp, char *title,
     return 1;
 }
 
-static int unknown_ext_print(BIO *out, X509_EXTENSION *ext,
+static int unknown_ext_print(BIO *out, const unsigned char *ext, int extlen,
                              unsigned long flag, int indent, int supported)
 {
     switch (flag & X509V3_EXT_UNKNOWN_MASK) {
@@ -235,24 +188,22 @@ static int unknown_ext_print(BIO *out, X509_EXTENSION *ext,
         return 1;
 
     case X509V3_EXT_PARSE_UNKNOWN:
-        return ASN1_parse_dump(out,
-                               ext->value->data, ext->value->length, indent,
-                               -1);
+        return ASN1_parse_dump(out, ext, extlen, indent, -1);
     case X509V3_EXT_DUMP_UNKNOWN:
-        return BIO_dump_indent(out, (char *)ext->value->data,
-                               ext->value->length, indent);
+        return BIO_dump_indent(out, (const char *)ext, extlen, indent);
 
     default:
         return 1;
     }
 }
 
-#ifndef OPENSSL_NO_FP_API
+#ifndef OPENSSL_NO_STDIO
 int X509V3_EXT_print_fp(FILE *fp, X509_EXTENSION *ext, int flag, int indent)
 {
     BIO *bio_tmp;
     int ret;
-    if (!(bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE)))
+
+    if ((bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL)
         return 0;
     ret = X509V3_EXT_print(bio_tmp, ext, flag, indent);
     BIO_free(bio_tmp);
diff --git a/freebsd/crypto/openssl/crypto/x509v3/v3_purp.c b/freebsd/crypto/openssl/crypto/x509v3/v3_purp.c
index 655e963e..a23a0ed1 100644
--- a/freebsd/crypto/openssl/crypto/x509v3/v3_purp.c
+++ b/freebsd/crypto/openssl/crypto/x509v3/v3_purp.c
@@ -1,68 +1,21 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* v3_purp.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2001.
- */
-/* ====================================================================
- * Copyright (c) 1999-2018 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
+#include "internal/numbers.h"
 #include <openssl/x509v3.h>
 #include <openssl/x509_vfy.h>
+#include "internal/x509_int.h"
+#include "internal/tsan_assist.h"
 
 static void x509v3_cache_extensions(X509 *x);
 
@@ -110,9 +63,7 @@ static X509_PURPOSE xstandard[] = {
      NULL},
 };
 
-#define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE))
-
-IMPLEMENT_STACK_OF(X509_PURPOSE)
+#define X509_PURPOSE_COUNT OSSL_NELEM(xstandard)
 
 static STACK_OF(X509_PURPOSE) *xptable = NULL;
 
@@ -169,13 +120,13 @@ X509_PURPOSE *X509_PURPOSE_get0(int idx)
     return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT);
 }
 
-int X509_PURPOSE_get_by_sname(char *sname)
+int X509_PURPOSE_get_by_sname(const char *sname)
 {
     int i;
     X509_PURPOSE *xptmp;
     for (i = 0; i < X509_PURPOSE_get_count(); i++) {
         xptmp = X509_PURPOSE_get0(i);
-        if (!strcmp(xptmp->sname, sname))
+        if (strcmp(xptmp->sname, sname) == 0)
             return i;
     }
     return -1;
@@ -185,20 +136,21 @@ int X509_PURPOSE_get_by_id(int purpose)
 {
     X509_PURPOSE tmp;
     int idx;
+
     if ((purpose >= X509_PURPOSE_MIN) && (purpose <= X509_PURPOSE_MAX))
         return purpose - X509_PURPOSE_MIN;
-    tmp.purpose = purpose;
-    if (!xptable)
+    if (xptable == NULL)
         return -1;
+    tmp.purpose = purpose;
     idx = sk_X509_PURPOSE_find(xptable, &tmp);
-    if (idx == -1)
+    if (idx < 0)
         return -1;
     return idx + X509_PURPOSE_COUNT;
 }
 
 int X509_PURPOSE_add(int id, int trust, int flags,
                      int (*ck) (const X509_PURPOSE *, const X509 *, int),
-                     char *name, char *sname, void *arg)
+                     const char *name, const char *sname, void *arg)
 {
     int idx;
     X509_PURPOSE *ptmp;
@@ -212,7 +164,7 @@ int X509_PURPOSE_add(int id, int trust, int flags,
     idx = X509_PURPOSE_get_by_id(id);
     /* Need a new entry */
     if (idx == -1) {
-        if (!(ptmp = OPENSSL_malloc(sizeof(X509_PURPOSE)))) {
+        if ((ptmp = OPENSSL_malloc(sizeof(*ptmp))) == NULL) {
             X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE);
             return 0;
         }
@@ -226,11 +178,11 @@ int X509_PURPOSE_add(int id, int trust, int flags,
         OPENSSL_free(ptmp->sname);
     }
     /* dup supplied name */
-    ptmp->name = BUF_strdup(name);
-    ptmp->sname = BUF_strdup(sname);
+    ptmp->name = OPENSSL_strdup(name);
+    ptmp->sname = OPENSSL_strdup(sname);
     if (!ptmp->name || !ptmp->sname) {
         X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE);
-        return 0;
+        goto err;
     }
     /* Keep the dynamic flag of existing entry */
     ptmp->flags &= X509_PURPOSE_DYNAMIC;
@@ -244,16 +196,24 @@ int X509_PURPOSE_add(int id, int trust, int flags,
 
     /* If its a new entry manage the dynamic table */
     if (idx == -1) {
-        if (!xptable && !(xptable = sk_X509_PURPOSE_new(xp_cmp))) {
+        if (xptable == NULL
+            && (xptable = sk_X509_PURPOSE_new(xp_cmp)) == NULL) {
             X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE);
-            return 0;
+            goto err;
         }
         if (!sk_X509_PURPOSE_push(xptable, ptmp)) {
             X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE);
-            return 0;
+            goto err;
         }
     }
     return 1;
+ err:
+    if (idx == -1) {
+        OPENSSL_free(ptmp->name);
+        OPENSSL_free(ptmp->sname);
+        OPENSSL_free(ptmp);
+    }
+    return 0;
 }
 
 static void xptable_free(X509_PURPOSE *p)
@@ -271,29 +231,26 @@ static void xptable_free(X509_PURPOSE *p)
 
 void X509_PURPOSE_cleanup(void)
 {
-    unsigned int i;
     sk_X509_PURPOSE_pop_free(xptable, xptable_free);
-    for (i = 0; i < X509_PURPOSE_COUNT; i++)
-        xptable_free(xstandard + i);
     xptable = NULL;
 }
 
-int X509_PURPOSE_get_id(X509_PURPOSE *xp)
+int X509_PURPOSE_get_id(const X509_PURPOSE *xp)
 {
     return xp->purpose;
 }
 
-char *X509_PURPOSE_get0_name(X509_PURPOSE *xp)
+char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp)
 {
     return xp->name;
 }
 
-char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp)
+char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp)
 {
     return xp->sname;
 }
 
-int X509_PURPOSE_get_trust(X509_PURPOSE *xp)
+int X509_PURPOSE_get_trust(const X509_PURPOSE *xp)
 {
     return xp->trust;
 }
@@ -340,8 +297,7 @@ int X509_supported_extension(X509_EXTENSION *ex)
     if (ex_nid == NID_undef)
         return 0;
 
-    if (OBJ_bsearch_nid(&ex_nid, supported_nids,
-                        sizeof(supported_nids) / sizeof(int)))
+    if (OBJ_bsearch_nid(&ex_nid, supported_nids, OSSL_NELEM(supported_nids)))
         return 1;
     return 0;
 }
@@ -398,21 +354,21 @@ static void x509v3_cache_extensions(X509 *x)
     ASN1_BIT_STRING *ns;
     EXTENDED_KEY_USAGE *extusage;
     X509_EXTENSION *ex;
-
     int i;
 
-    if (x->ex_flags & EXFLAG_SET)
+#ifdef tsan_ld_acq
+    /* fast lock-free check, see end of the function for details. */
+    if (tsan_ld_acq((TSAN_QUALIFIER int *)&x->ex_cached))
         return;
+#endif
 
-    CRYPTO_w_lock(CRYPTO_LOCK_X509);
+    CRYPTO_THREAD_write_lock(x->lock);
     if (x->ex_flags & EXFLAG_SET) {
-        CRYPTO_w_unlock(CRYPTO_LOCK_X509);
+        CRYPTO_THREAD_unlock(x->lock);
         return;
     }
 
-#ifndef OPENSSL_NO_SHA
     X509_digest(x, EVP_sha1(), x->sha1_hash, NULL);
-#endif
     /* V1 should mean no extensions ... */
     if (!X509_get_version(x))
         x->ex_flags |= EXFLAG_V1;
@@ -544,8 +500,17 @@ static void x509v3_cache_extensions(X509 *x)
             break;
         }
     }
+    x509_init_sig_info(x);
     x->ex_flags |= EXFLAG_SET;
-    CRYPTO_w_unlock(CRYPTO_LOCK_X509);
+#ifdef tsan_st_rel
+    tsan_st_rel((TSAN_QUALIFIER int *)&x->ex_cached, 1);
+    /*
+     * Above store triggers fast lock-free check in the beginning of the
+     * function. But one has to ensure that the structure is "stable", i.e.
+     * all stores are visible on all processors. Hence the release fence.
+     */
+#endif
+    CRYPTO_THREAD_unlock(x->lock);
 }
 
 /*-
@@ -586,6 +551,16 @@ static int check_ca(const X509 *x)
     }
 }
 
+void X509_set_proxy_flag(X509 *x)
+{
+    x->ex_flags |= EXFLAG_PROXY;
+}
+
+void X509_set_proxy_pathlen(X509 *x, long l)
+{
+    x->ex_pcpathlen = l;
+}
+
 int X509_check_ca(X509 *x)
 {
     x509v3_cache_extensions(x);
@@ -769,7 +744,7 @@ static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x,
         return 0;
 
     /* Extended Key Usage MUST be critical */
-    i_ext = X509_get_ext_by_NID((X509 *)x, NID_ext_key_usage, -1);
+    i_ext = X509_get_ext_by_NID(x, NID_ext_key_usage, -1);
     if (i_ext >= 0) {
         X509_EXTENSION *ext = X509_get_ext((X509 *)x, i_ext);
         if (!X509_EXTENSION_get_critical(ext))
@@ -858,3 +833,60 @@ int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid)
     }
     return X509_V_OK;
 }
+
+uint32_t X509_get_extension_flags(X509 *x)
+{
+    /* Call for side-effect of computing hash and caching extensions */
+    X509_check_purpose(x, -1, -1);
+    return x->ex_flags;
+}
+
+uint32_t X509_get_key_usage(X509 *x)
+{
+    /* Call for side-effect of computing hash and caching extensions */
+    X509_check_purpose(x, -1, -1);
+    if (x->ex_flags & EXFLAG_KUSAGE)
+        return x->ex_kusage;
+    return UINT32_MAX;
+}
+
+uint32_t X509_get_extended_key_usage(X509 *x)
+{
+    /* Call for side-effect of computing hash and caching extensions */
+    X509_check_purpose(x, -1, -1);
+    if (x->ex_flags & EXFLAG_XKUSAGE)
+        return x->ex_xkusage;
+    return UINT32_MAX;
+}
+
+const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x)
+{
+    /* Call for side-effect of computing hash and caching extensions */
+    X509_check_purpose(x, -1, -1);
+    return x->skid;
+}
+
+const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x)
+{
+    /* Call for side-effect of computing hash and caching extensions */
+    X509_check_purpose(x, -1, -1);
+    return (x->akid != NULL ? x->akid->keyid : NULL);
+}
+
+long X509_get_pathlen(X509 *x)
+{
+    /* Called for side effect of caching extensions */
+    if (X509_check_purpose(x, -1, -1) != 1
+            || (x->ex_flags & EXFLAG_BCONS) == 0)
+        return -1;
+    return x->ex_pathlen;
+}
+
+long X509_get_proxy_pathlen(X509 *x)
+{
+    /* Called for side effect of caching extensions */
+    if (X509_check_purpose(x, -1, -1) != 1
+            || (x->ex_flags & EXFLAG_PROXY) == 0)
+        return -1;
+    return x->ex_pcpathlen;
+}
diff --git a/freebsd/crypto/openssl/crypto/x509v3/v3_scts.c b/freebsd/crypto/openssl/crypto/x509v3/v3_scts.c
deleted file mode 100644
index afc84b95..00000000
--- a/freebsd/crypto/openssl/crypto/x509v3/v3_scts.c
+++ /dev/null
@@ -1,336 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* v3_scts.c */
-/*
- * Written by Rob Stradling (rob@comodo.com) for the OpenSSL project 2014.
- */
-/* ====================================================================
- * Copyright (c) 2014 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/x509v3.h>
-
-/* Signature and hash algorithms from RFC 5246 */
-#define TLSEXT_hash_sha256                              4
-
-#define TLSEXT_signature_rsa                            1
-#define TLSEXT_signature_ecdsa                          3
-
-
-#define n2s(c,s)        ((s=(((unsigned int)(c[0]))<< 8)| \
-                            (((unsigned int)(c[1]))    )),c+=2)
-
-#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
-# define SCT_TIMESTAMP unsigned __int64
-#elif defined(__arch64__)
-# define SCT_TIMESTAMP unsigned long
-#else
-# define SCT_TIMESTAMP unsigned long long
-#endif
-
-#define n2l8(c,l)       (l =((SCT_TIMESTAMP)(*((c)++)))<<56, \
-                         l|=((SCT_TIMESTAMP)(*((c)++)))<<48, \
-                         l|=((SCT_TIMESTAMP)(*((c)++)))<<40, \
-                         l|=((SCT_TIMESTAMP)(*((c)++)))<<32, \
-                         l|=((SCT_TIMESTAMP)(*((c)++)))<<24, \
-                         l|=((SCT_TIMESTAMP)(*((c)++)))<<16, \
-                         l|=((SCT_TIMESTAMP)(*((c)++)))<< 8, \
-                         l|=((SCT_TIMESTAMP)(*((c)++))))
-
-typedef struct SCT_st {
-    /* The encoded SCT */
-    unsigned char *sct;
-    unsigned short sctlen;
-    /*
-     * Components of the SCT.  "logid", "ext" and "sig" point to addresses
-     * inside "sct".
-     */
-    unsigned char version;
-    unsigned char *logid;
-    unsigned short logidlen;
-    SCT_TIMESTAMP timestamp;
-    unsigned char *ext;
-    unsigned short extlen;
-    unsigned char hash_alg;
-    unsigned char sig_alg;
-    unsigned char *sig;
-    unsigned short siglen;
-} SCT;
-
-DECLARE_STACK_OF(SCT)
-
-static void SCT_LIST_free(STACK_OF(SCT) *a);
-static STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a,
-                                   const unsigned char **pp, long length);
-static int i2r_SCT_LIST(X509V3_EXT_METHOD *method, STACK_OF(SCT) *sct_list,
-                        BIO *out, int indent);
-
-const X509V3_EXT_METHOD v3_ct_scts[] = {
-    {NID_ct_precert_scts, 0, NULL,
-     0, (X509V3_EXT_FREE)SCT_LIST_free,
-     (X509V3_EXT_D2I)d2i_SCT_LIST, 0,
-     0, 0, 0, 0,
-     (X509V3_EXT_I2R)i2r_SCT_LIST, 0,
-     NULL},
-
-    {NID_ct_cert_scts, 0, NULL,
-     0, (X509V3_EXT_FREE)SCT_LIST_free,
-     (X509V3_EXT_D2I)d2i_SCT_LIST, 0,
-     0, 0, 0, 0,
-     (X509V3_EXT_I2R)i2r_SCT_LIST, 0,
-     NULL},
-};
-
-static void tls12_signature_print(BIO *out, const unsigned char hash_alg,
-                                  const unsigned char sig_alg)
-{
-    int nid = NID_undef;
-    /* RFC6962 only permits two signature algorithms */
-    if (hash_alg == TLSEXT_hash_sha256) {
-        if (sig_alg == TLSEXT_signature_rsa)
-            nid = NID_sha256WithRSAEncryption;
-        else if (sig_alg == TLSEXT_signature_ecdsa)
-            nid = NID_ecdsa_with_SHA256;
-    }
-    if (nid == NID_undef)
-        BIO_printf(out, "%02X%02X", hash_alg, sig_alg);
-    else
-        BIO_printf(out, "%s", OBJ_nid2ln(nid));
-}
-
-static void timestamp_print(BIO *out, SCT_TIMESTAMP timestamp)
-{
-    ASN1_GENERALIZEDTIME *gen;
-    char genstr[20];
-    gen = ASN1_GENERALIZEDTIME_new();
-    ASN1_GENERALIZEDTIME_adj(gen, (time_t)0,
-                             (int)(timestamp / 86400000),
-                             (int)(timestamp % 86400000) / 1000);
-    /*
-     * Note GeneralizedTime from ASN1_GENERALIZETIME_adj is always 15
-     * characters long with a final Z. Update it with fractional seconds.
-     */
-    BIO_snprintf(genstr, sizeof(genstr), "%.14s.%03dZ",
-                 ASN1_STRING_data(gen), (unsigned int)(timestamp % 1000));
-    ASN1_GENERALIZEDTIME_set_string(gen, genstr);
-    ASN1_GENERALIZEDTIME_print(out, gen);
-    ASN1_GENERALIZEDTIME_free(gen);
-}
-
-static void SCT_free(SCT *sct)
-{
-    if (sct) {
-        if (sct->sct)
-            OPENSSL_free(sct->sct);
-        OPENSSL_free(sct);
-    }
-}
-
-static void SCT_LIST_free(STACK_OF(SCT) *a)
-{
-    sk_SCT_pop_free(a, SCT_free);
-}
-
-static STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a,
-                                   const unsigned char **pp, long length)
-{
-    ASN1_OCTET_STRING *oct = NULL;
-    STACK_OF(SCT) *sk = NULL;
-    SCT *sct;
-    unsigned char *p, *p2;
-    unsigned short listlen, sctlen = 0, fieldlen;
-    const unsigned char *q = *pp;
-
-    if (d2i_ASN1_OCTET_STRING(&oct, &q, length) == NULL)
-        return NULL;
-    if (oct->length < 2)
-        goto done;
-    p = oct->data;
-    n2s(p, listlen);
-    if (listlen != oct->length - 2)
-        goto done;
-
-    if ((sk = sk_SCT_new_null()) == NULL)
-        goto done;
-
-    while (listlen > 0) {
-        if (listlen < 2)
-            goto err;
-        n2s(p, sctlen);
-        listlen -= 2;
-
-        if ((sctlen < 1) || (sctlen > listlen))
-            goto err;
-        listlen -= sctlen;
-
-        sct = OPENSSL_malloc(sizeof(SCT));
-        if (!sct)
-            goto err;
-        if (!sk_SCT_push(sk, sct)) {
-            OPENSSL_free(sct);
-            goto err;
-        }
-
-        sct->sct = OPENSSL_malloc(sctlen);
-        if (!sct->sct)
-            goto err;
-        memcpy(sct->sct, p, sctlen);
-        sct->sctlen = sctlen;
-        p += sctlen;
-        p2 = sct->sct;
-
-        sct->version = *p2++;
-        if (sct->version == 0) { /* SCT v1 */
-            /*-
-             * Fixed-length header:
-             *              struct {
-             * (1 byte)       Version sct_version;
-             * (32 bytes)     LogID id;
-             * (8 bytes)      uint64 timestamp;
-             * (2 bytes + ?)  CtExtensions extensions;
-             */
-            if (sctlen < 43)
-                goto err;
-            sctlen -= 43;
-
-            sct->logid = p2;
-            sct->logidlen = 32;
-            p2 += 32;
-
-            n2l8(p2, sct->timestamp);
-
-            n2s(p2, fieldlen);
-            if (sctlen < fieldlen)
-                goto err;
-            sct->ext = p2;
-            sct->extlen = fieldlen;
-            p2 += fieldlen;
-            sctlen -= fieldlen;
-
-            /*-
-             * digitally-signed struct header:
-             * (1 byte)       Hash algorithm
-             * (1 byte)       Signature algorithm
-             * (2 bytes + ?)  Signature
-             */
-            if (sctlen < 4)
-                goto err;
-            sctlen -= 4;
-
-            sct->hash_alg = *p2++;
-            sct->sig_alg = *p2++;
-            n2s(p2, fieldlen);
-            if (sctlen != fieldlen)
-                goto err;
-            sct->sig = p2;
-            sct->siglen = fieldlen;
-        }
-    }
-
- done:
-    ASN1_OCTET_STRING_free(oct);
-    *pp = q;
-    return sk;
-
- err:
-    SCT_LIST_free(sk);
-    sk = NULL;
-    goto done;
-}
-
-static int i2r_SCT_LIST(X509V3_EXT_METHOD *method, STACK_OF(SCT) *sct_list,
-                        BIO *out, int indent)
-{
-    SCT *sct;
-    int i;
-
-    for (i = 0; i < sk_SCT_num(sct_list);) {
-        sct = sk_SCT_value(sct_list, i);
-
-        BIO_printf(out, "%*sSigned Certificate Timestamp:", indent, "");
-        BIO_printf(out, "\n%*sVersion   : ", indent + 4, "");
-
-        if (sct->version == 0) { /* SCT v1 */
-            BIO_printf(out, "v1(0)");
-
-            BIO_printf(out, "\n%*sLog ID    : ", indent + 4, "");
-            BIO_hex_string(out, indent + 16, 16, sct->logid, sct->logidlen);
-
-            BIO_printf(out, "\n%*sTimestamp : ", indent + 4, "");
-            timestamp_print(out, sct->timestamp);
-
-            BIO_printf(out, "\n%*sExtensions: ", indent + 4, "");
-            if (sct->extlen == 0)
-                BIO_printf(out, "none");
-            else
-                BIO_hex_string(out, indent + 16, 16, sct->ext, sct->extlen);
-
-            BIO_printf(out, "\n%*sSignature : ", indent + 4, "");
-            tls12_signature_print(out, sct->hash_alg, sct->sig_alg);
-            BIO_printf(out, "\n%*s            ", indent + 4, "");
-            BIO_hex_string(out, indent + 16, 16, sct->sig, sct->siglen);
-        } else {                /* Unknown version */
-
-            BIO_printf(out, "unknown\n%*s", indent + 16, "");
-            BIO_hex_string(out, indent + 16, 16, sct->sct, sct->sctlen);
-        }
-
-        if (++i < sk_SCT_num(sct_list))
-            BIO_printf(out, "\n");
-    }
-
-    return 1;
-}
diff --git a/freebsd/crypto/openssl/crypto/x509v3/v3_skey.c b/freebsd/crypto/openssl/crypto/x509v3/v3_skey.c
index 0b4a711a..e3e7cdb3 100644
--- a/freebsd/crypto/openssl/crypto/x509v3/v3_skey.c
+++ b/freebsd/crypto/openssl/crypto/x509v3/v3_skey.c
@@ -1,67 +1,19 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* v3_skey.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/x509v3.h>
+#include "internal/x509_int.h"
+#include "ext_dat.h"
 
 static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
                                       X509V3_CTX *ctx, char *str);
@@ -74,24 +26,25 @@ const X509V3_EXT_METHOD v3_skey_id = {
     NULL
 };
 
-char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *oct)
+char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
+                            const ASN1_OCTET_STRING *oct)
 {
-    return hex_to_string(oct->data, oct->length);
+    return OPENSSL_buf2hexstr(oct->data, oct->length);
 }
 
 ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
-                                         X509V3_CTX *ctx, char *str)
+                                         X509V3_CTX *ctx, const char *str)
 {
     ASN1_OCTET_STRING *oct;
     long length;
 
-    if (!(oct = M_ASN1_OCTET_STRING_new())) {
+    if ((oct = ASN1_OCTET_STRING_new()) == NULL) {
         X509V3err(X509V3_F_S2I_ASN1_OCTET_STRING, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
 
-    if (!(oct->data = string_to_hex(str, &length))) {
-        M_ASN1_OCTET_STRING_free(oct);
+    if ((oct->data = OPENSSL_hexstr2buf(str, &length)) == NULL) {
+        ASN1_OCTET_STRING_free(oct);
         return NULL;
     }
 
@@ -105,14 +58,16 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
                                       X509V3_CTX *ctx, char *str)
 {
     ASN1_OCTET_STRING *oct;
-    ASN1_BIT_STRING *pk;
+    X509_PUBKEY *pubkey;
+    const unsigned char *pk;
+    int pklen;
     unsigned char pkey_dig[EVP_MAX_MD_SIZE];
     unsigned int diglen;
 
     if (strcmp(str, "hash"))
         return s2i_ASN1_OCTET_STRING(method, ctx, str);
 
-    if (!(oct = M_ASN1_OCTET_STRING_new())) {
+    if ((oct = ASN1_OCTET_STRING_new()) == NULL) {
         X509V3err(X509V3_F_S2I_SKEY_ID, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
@@ -126,20 +81,21 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
     }
 
     if (ctx->subject_req)
-        pk = ctx->subject_req->req_info->pubkey->public_key;
+        pubkey = ctx->subject_req->req_info.pubkey;
     else
-        pk = ctx->subject_cert->cert_info->key->public_key;
+        pubkey = ctx->subject_cert->cert_info.key;
 
-    if (!pk) {
+    if (pubkey == NULL) {
         X509V3err(X509V3_F_S2I_SKEY_ID, X509V3_R_NO_PUBLIC_KEY);
         goto err;
     }
 
-    if (!EVP_Digest
-        (pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL))
+    X509_PUBKEY_get0_param(NULL, &pk, &pklen, NULL, pubkey);
+
+    if (!EVP_Digest(pk, pklen, pkey_dig, &diglen, EVP_sha1(), NULL))
         goto err;
 
-    if (!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) {
+    if (!ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) {
         X509V3err(X509V3_F_S2I_SKEY_ID, ERR_R_MALLOC_FAILURE);
         goto err;
     }
@@ -147,6 +103,6 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
     return oct;
 
  err:
-    M_ASN1_OCTET_STRING_free(oct);
+    ASN1_OCTET_STRING_free(oct);
     return NULL;
 }
diff --git a/freebsd/crypto/openssl/crypto/x509v3/v3_sxnet.c b/freebsd/crypto/openssl/crypto/x509v3/v3_sxnet.c
index e5d4c8cf..4502ea6c 100644
--- a/freebsd/crypto/openssl/crypto/x509v3/v3_sxnet.c
+++ b/freebsd/crypto/openssl/crypto/x509v3/v3_sxnet.c
@@ -1,70 +1,21 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* v3_sxnet.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/conf.h>
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
 #include <openssl/x509v3.h>
+#include "ext_dat.h"
 
 /* Support for Thawte strong extranet extension */
 
@@ -119,7 +70,7 @@ static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
         tmp = i2s_ASN1_INTEGER(NULL, id->zone);
         BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp);
         OPENSSL_free(tmp);
-        M_ASN1_OCTET_STRING_print(out, id->user);
+        ASN1_STRING_print(out, id->user);
     }
     return 1;
 }
@@ -152,10 +103,11 @@ static SXNET *sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
 
 /* Add an id given the zone as an ASCII number */
 
-int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen)
+int SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, int userlen)
 {
-    ASN1_INTEGER *izone = NULL;
-    if (!(izone = s2i_ASN1_INTEGER(NULL, zone))) {
+    ASN1_INTEGER *izone;
+
+    if ((izone = s2i_ASN1_INTEGER(NULL, zone)) == NULL) {
         X509V3err(X509V3_F_SXNET_ADD_ID_ASC, X509V3_R_ERROR_CONVERTING_ZONE);
         return 0;
     }
@@ -164,13 +116,15 @@ int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen)
 
 /* Add an id given the zone as an unsigned long */
 
-int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user,
+int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user,
                        int userlen)
 {
-    ASN1_INTEGER *izone = NULL;
-    if (!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {
+    ASN1_INTEGER *izone;
+
+    if ((izone = ASN1_INTEGER_new()) == NULL
+        || !ASN1_INTEGER_set(izone, lzone)) {
         X509V3err(X509V3_F_SXNET_ADD_ID_ULONG, ERR_R_MALLOC_FAILURE);
-        M_ASN1_INTEGER_free(izone);
+        ASN1_INTEGER_free(izone);
         return 0;
     }
     return SXNET_add_id_INTEGER(psx, izone, user, userlen);
@@ -182,7 +136,7 @@ int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user,
  * passed integer and doesn't make a copy so don't free it up afterwards.
  */
 
-int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user,
+int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, const char *user,
                          int userlen)
 {
     SXNET *sx = NULL;
@@ -198,8 +152,8 @@ int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user,
         X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, X509V3_R_USER_TOO_LONG);
         return 0;
     }
-    if (!*psx) {
-        if (!(sx = SXNET_new()))
+    if (*psx == NULL) {
+        if ((sx = SXNET_new()) == NULL)
             goto err;
         if (!ASN1_INTEGER_set(sx->version, 0))
             goto err;
@@ -211,12 +165,12 @@ int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user,
         return 0;
     }
 
-    if (!(id = SXNETID_new()))
+    if ((id = SXNETID_new()) == NULL)
         goto err;
     if (userlen == -1)
         userlen = strlen(user);
 
-    if (!M_ASN1_OCTET_STRING_set(id->user, user, userlen))
+    if (!ASN1_OCTET_STRING_set(id->user, (const unsigned char *)user, userlen))
         goto err;
     if (!sk_SXNETID_push(sx->ids, id))
         goto err;
@@ -231,30 +185,33 @@ int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user,
     return 0;
 }
 
-ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone)
+ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, const char *zone)
 {
-    ASN1_INTEGER *izone = NULL;
+    ASN1_INTEGER *izone;
     ASN1_OCTET_STRING *oct;
-    if (!(izone = s2i_ASN1_INTEGER(NULL, zone))) {
+
+    if ((izone = s2i_ASN1_INTEGER(NULL, zone)) == NULL) {
         X509V3err(X509V3_F_SXNET_GET_ID_ASC, X509V3_R_ERROR_CONVERTING_ZONE);
         return NULL;
     }
     oct = SXNET_get_id_INTEGER(sx, izone);
-    M_ASN1_INTEGER_free(izone);
+    ASN1_INTEGER_free(izone);
     return oct;
 }
 
 ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone)
 {
-    ASN1_INTEGER *izone = NULL;
+    ASN1_INTEGER *izone;
     ASN1_OCTET_STRING *oct;
-    if (!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {
+
+    if ((izone = ASN1_INTEGER_new()) == NULL
+        || !ASN1_INTEGER_set(izone, lzone)) {
         X509V3err(X509V3_F_SXNET_GET_ID_ULONG, ERR_R_MALLOC_FAILURE);
-        M_ASN1_INTEGER_free(izone);
+        ASN1_INTEGER_free(izone);
         return NULL;
     }
     oct = SXNET_get_id_INTEGER(sx, izone);
-    M_ASN1_INTEGER_free(izone);
+    ASN1_INTEGER_free(izone);
     return oct;
 }
 
@@ -264,12 +221,8 @@ ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone)
     int i;
     for (i = 0; i < sk_SXNETID_num(sx->ids); i++) {
         id = sk_SXNETID_value(sx->ids, i);
-        if (!M_ASN1_INTEGER_cmp(id->zone, zone))
+        if (!ASN1_INTEGER_cmp(id->zone, zone))
             return id->user;
     }
     return NULL;
 }
-
-IMPLEMENT_STACK_OF(SXNETID)
-
-IMPLEMENT_ASN1_SET_OF(SXNETID)
diff --git a/freebsd/crypto/openssl/crypto/x509v3/v3_tlsf.c b/freebsd/crypto/openssl/crypto/x509v3/v3_tlsf.c
new file mode 100644
index 00000000..1f8ec8ec
--- /dev/null
+++ b/freebsd/crypto/openssl/crypto/x509v3/v3_tlsf.c
@@ -0,0 +1,139 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include "internal/cryptlib.h"
+#include <stdio.h>
+#include "internal/o_str.h"
+#include <openssl/asn1t.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+static STACK_OF(CONF_VALUE) *i2v_TLS_FEATURE(const X509V3_EXT_METHOD *method,
+                                             TLS_FEATURE *tls_feature,
+                                             STACK_OF(CONF_VALUE) *ext_list);
+static TLS_FEATURE *v2i_TLS_FEATURE(const X509V3_EXT_METHOD *method,
+                                    X509V3_CTX *ctx,
+                                    STACK_OF(CONF_VALUE) *nval);
+
+ASN1_ITEM_TEMPLATE(TLS_FEATURE) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, TLS_FEATURE, ASN1_INTEGER)
+static_ASN1_ITEM_TEMPLATE_END(TLS_FEATURE)
+
+IMPLEMENT_ASN1_ALLOC_FUNCTIONS(TLS_FEATURE)
+
+const X509V3_EXT_METHOD v3_tls_feature = {
+    NID_tlsfeature, 0,
+    ASN1_ITEM_ref(TLS_FEATURE),
+    0, 0, 0, 0,
+    0, 0,
+    (X509V3_EXT_I2V)i2v_TLS_FEATURE,
+    (X509V3_EXT_V2I)v2i_TLS_FEATURE,
+    0, 0,
+    NULL
+};
+
+
+typedef struct {
+    long num;
+    const char *name;
+} TLS_FEATURE_NAME;
+
+static TLS_FEATURE_NAME tls_feature_tbl[] = {
+    { 5, "status_request" },
+    { 17, "status_request_v2" }
+};
+
+/*
+ * i2v_TLS_FEATURE converts the TLS_FEATURE structure tls_feature into the
+ * STACK_OF(CONF_VALUE) structure ext_list. STACK_OF(CONF_VALUE) is the format
+ * used by the CONF library to represent a multi-valued extension.  ext_list is
+ * returned.
+ */
+static STACK_OF(CONF_VALUE) *i2v_TLS_FEATURE(const X509V3_EXT_METHOD *method,
+                                             TLS_FEATURE *tls_feature,
+                                             STACK_OF(CONF_VALUE) *ext_list)
+{
+    int i;
+    size_t j;
+    ASN1_INTEGER *ai;
+    long tlsextid;
+    for (i = 0; i < sk_ASN1_INTEGER_num(tls_feature); i++) {
+        ai = sk_ASN1_INTEGER_value(tls_feature, i);
+        tlsextid = ASN1_INTEGER_get(ai);
+        for (j = 0; j < OSSL_NELEM(tls_feature_tbl); j++)
+            if (tlsextid == tls_feature_tbl[j].num)
+                break;
+        if (j < OSSL_NELEM(tls_feature_tbl))
+            X509V3_add_value(NULL, tls_feature_tbl[j].name, &ext_list);
+        else
+            X509V3_add_value_int(NULL, ai, &ext_list);
+    }
+    return ext_list;
+}
+
+/*
+ * v2i_TLS_FEATURE converts the multi-valued extension nval into a TLS_FEATURE
+ * structure, which is returned if the conversion is successful.  In case of
+ * error, NULL is returned.
+ */
+static TLS_FEATURE *v2i_TLS_FEATURE(const X509V3_EXT_METHOD *method,
+                                    X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+{
+    TLS_FEATURE *tlsf;
+    char *extval, *endptr;
+    ASN1_INTEGER *ai;
+    CONF_VALUE *val;
+    int i;
+    size_t j;
+    long tlsextid;
+
+    if ((tlsf = sk_ASN1_INTEGER_new_null()) == NULL) {
+        X509V3err(X509V3_F_V2I_TLS_FEATURE, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+        val = sk_CONF_VALUE_value(nval, i);
+        if (val->value)
+            extval = val->value;
+        else
+            extval = val->name;
+
+        for (j = 0; j < OSSL_NELEM(tls_feature_tbl); j++)
+            if (strcasecmp(extval, tls_feature_tbl[j].name) == 0)
+                break;
+        if (j < OSSL_NELEM(tls_feature_tbl))
+            tlsextid = tls_feature_tbl[j].num;
+        else {
+            tlsextid = strtol(extval, &endptr, 10);
+            if (((*endptr) != '\0') || (extval == endptr) || (tlsextid < 0) ||
+                (tlsextid > 65535)) {
+                X509V3err(X509V3_F_V2I_TLS_FEATURE, X509V3_R_INVALID_SYNTAX);
+                X509V3_conf_err(val);
+                goto err;
+            }
+        }
+
+        if ((ai = ASN1_INTEGER_new()) == NULL
+                || !ASN1_INTEGER_set(ai, tlsextid)
+                || sk_ASN1_INTEGER_push(tlsf, ai) <= 0) {
+            X509V3err(X509V3_F_V2I_TLS_FEATURE, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+    return tlsf;
+
+ err:
+    sk_ASN1_INTEGER_pop_free(tlsf, ASN1_INTEGER_free);
+    return NULL;
+}
diff --git a/freebsd/crypto/openssl/crypto/x509v3/v3_utl.c b/freebsd/crypto/openssl/crypto/x509v3/v3_utl.c
index b110ad39..13bb3839 100644
--- a/freebsd/crypto/openssl/crypto/x509v3/v3_utl.c
+++ b/freebsd/crypto/openssl/crypto/x509v3/v3_utl.c
@@ -1,78 +1,33 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* v3_utl.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 1999-2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
+
 /* X509 v3 extension utilities */
 
+#include "e_os.h"
+#include "internal/cryptlib.h"
 #include <stdio.h>
-#include <ctype.h>
-#include "cryptlib.h"
+#include "internal/ctype.h"
 #include <openssl/conf.h>
+#include <openssl/crypto.h>
 #include <openssl/x509v3.h>
+#include "internal/x509_int.h"
 #include <openssl/bn.h>
+#include "ext_dat.h"
 
 static char *strip_spaces(char *name);
 static int sk_strcmp(const char *const *a, const char *const *b);
 static STACK_OF(OPENSSL_STRING) *get_email(X509_NAME *name,
                                            GENERAL_NAMES *gens);
 static void str_free(OPENSSL_STRING str);
-static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email);
+static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, const ASN1_IA5STRING *email);
 
 static int ipv4_from_asc(unsigned char *v4, const char *in);
 static int ipv6_from_asc(unsigned char *v6, const char *in);
@@ -86,13 +41,15 @@ int X509V3_add_value(const char *name, const char *value,
 {
     CONF_VALUE *vtmp = NULL;
     char *tname = NULL, *tvalue = NULL;
-    if (name && !(tname = BUF_strdup(name)))
+    int sk_allocated = (*extlist == NULL);
+
+    if (name && (tname = OPENSSL_strdup(name)) == NULL)
         goto err;
-    if (value && !(tvalue = BUF_strdup(value)))
+    if (value && (tvalue = OPENSSL_strdup(value)) == NULL)
         goto err;
-    if (!(vtmp = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE))))
+    if ((vtmp = OPENSSL_malloc(sizeof(*vtmp))) == NULL)
         goto err;
-    if (!*extlist && !(*extlist = sk_CONF_VALUE_new_null()))
+    if (sk_allocated && (*extlist = sk_CONF_VALUE_new_null()) == NULL)
         goto err;
     vtmp->section = NULL;
     vtmp->name = tname;
@@ -102,12 +59,13 @@ int X509V3_add_value(const char *name, const char *value,
     return 1;
  err:
     X509V3err(X509V3_F_X509V3_ADD_VALUE, ERR_R_MALLOC_FAILURE);
-    if (vtmp)
-        OPENSSL_free(vtmp);
-    if (tname)
-        OPENSSL_free(tname);
-    if (tvalue)
-        OPENSSL_free(tvalue);
+    if (sk_allocated) {
+        sk_CONF_VALUE_free(*extlist);
+        *extlist = NULL;
+    }
+    OPENSSL_free(vtmp);
+    OPENSSL_free(tname);
+    OPENSSL_free(tvalue);
     return 0;
 }
 
@@ -123,12 +81,9 @@ void X509V3_conf_free(CONF_VALUE *conf)
 {
     if (!conf)
         return;
-    if (conf->name)
-        OPENSSL_free(conf->name);
-    if (conf->value)
-        OPENSSL_free(conf->value);
-    if (conf->section)
-        OPENSSL_free(conf->section);
+    OPENSSL_free(conf->name);
+    OPENSSL_free(conf->value);
+    OPENSSL_free(conf->section);
     OPENSSL_free(conf);
 }
 
@@ -140,7 +95,7 @@ int X509V3_add_value_bool(const char *name, int asn1_bool,
     return X509V3_add_value(name, "FALSE", extlist);
 }
 
-int X509V3_add_value_bool_nf(char *name, int asn1_bool,
+int X509V3_add_value_bool_nf(const char *name, int asn1_bool,
                              STACK_OF(CONF_VALUE) **extlist)
 {
     if (asn1_bool)
@@ -148,43 +103,86 @@ int X509V3_add_value_bool_nf(char *name, int asn1_bool,
     return 1;
 }
 
-char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, ASN1_ENUMERATED *a)
+static char *bignum_to_string(const BIGNUM *bn)
+{
+    char *tmp, *ret;
+    size_t len;
+
+    /*
+     * Display large numbers in hex and small numbers in decimal. Converting to
+     * decimal takes quadratic time and is no more useful than hex for large
+     * numbers.
+     */
+    if (BN_num_bits(bn) < 128)
+        return BN_bn2dec(bn);
+
+    tmp = BN_bn2hex(bn);
+    if (tmp == NULL)
+        return NULL;
+
+    len = strlen(tmp) + 3;
+    ret = OPENSSL_malloc(len);
+    if (ret == NULL) {
+        X509V3err(X509V3_F_BIGNUM_TO_STRING, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(tmp);
+        return NULL;
+    }
+
+    /* Prepend "0x", but place it after the "-" if negative. */
+    if (tmp[0] == '-') {
+        OPENSSL_strlcpy(ret, "-0x", len);
+        OPENSSL_strlcat(ret, tmp + 1, len);
+    } else {
+        OPENSSL_strlcpy(ret, "0x", len);
+        OPENSSL_strlcat(ret, tmp, len);
+    }
+    OPENSSL_free(tmp);
+    return ret;
+}
+
+char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, const ASN1_ENUMERATED *a)
 {
     BIGNUM *bntmp = NULL;
     char *strtmp = NULL;
+
     if (!a)
         return NULL;
-    if (!(bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) ||
-        !(strtmp = BN_bn2dec(bntmp)))
+    if ((bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) == NULL
+        || (strtmp = bignum_to_string(bntmp)) == NULL)
         X509V3err(X509V3_F_I2S_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE);
     BN_free(bntmp);
     return strtmp;
 }
 
-char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, ASN1_INTEGER *a)
+char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, const ASN1_INTEGER *a)
 {
     BIGNUM *bntmp = NULL;
     char *strtmp = NULL;
+
     if (!a)
         return NULL;
-    if (!(bntmp = ASN1_INTEGER_to_BN(a, NULL)) ||
-        !(strtmp = BN_bn2dec(bntmp)))
+    if ((bntmp = ASN1_INTEGER_to_BN(a, NULL)) == NULL
+        || (strtmp = bignum_to_string(bntmp)) == NULL)
         X509V3err(X509V3_F_I2S_ASN1_INTEGER, ERR_R_MALLOC_FAILURE);
     BN_free(bntmp);
     return strtmp;
 }
 
-ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value)
+ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, const char *value)
 {
     BIGNUM *bn = NULL;
     ASN1_INTEGER *aint;
     int isneg, ishex;
     int ret;
-    if (!value) {
+    if (value == NULL) {
         X509V3err(X509V3_F_S2I_ASN1_INTEGER, X509V3_R_INVALID_NULL_VALUE);
-        return 0;
+        return NULL;
     }
     bn = BN_new();
+    if (bn == NULL) {
+        X509V3err(X509V3_F_S2I_ASN1_INTEGER, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
     if (value[0] == '-') {
         value++;
         isneg = 1;
@@ -205,7 +203,7 @@ ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value)
     if (!ret || value[ret]) {
         BN_free(bn);
         X509V3err(X509V3_F_S2I_ASN1_INTEGER, X509V3_R_BN_DEC2BN_ERROR);
-        return 0;
+        return NULL;
     }
 
     if (isneg && BN_is_zero(bn))
@@ -216,40 +214,49 @@ ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value)
     if (!aint) {
         X509V3err(X509V3_F_S2I_ASN1_INTEGER,
                   X509V3_R_BN_TO_ASN1_INTEGER_ERROR);
-        return 0;
+        return NULL;
     }
     if (isneg)
         aint->type |= V_ASN1_NEG;
     return aint;
 }
 
-int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
+int X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint,
                          STACK_OF(CONF_VALUE) **extlist)
 {
     char *strtmp;
     int ret;
+
     if (!aint)
         return 1;
-    if (!(strtmp = i2s_ASN1_INTEGER(NULL, aint)))
+    if ((strtmp = i2s_ASN1_INTEGER(NULL, aint)) == NULL)
         return 0;
     ret = X509V3_add_value(name, strtmp, extlist);
     OPENSSL_free(strtmp);
     return ret;
 }
 
-int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool)
+int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool)
 {
-    char *btmp;
-    if (!(btmp = value->value))
+    const char *btmp;
+
+    if ((btmp = value->value) == NULL)
         goto err;
-    if (!strcmp(btmp, "TRUE") || !strcmp(btmp, "true")
-        || !strcmp(btmp, "Y") || !strcmp(btmp, "y")
-        || !strcmp(btmp, "YES") || !strcmp(btmp, "yes")) {
+    if (strcmp(btmp, "TRUE") == 0
+        || strcmp(btmp, "true") == 0
+        || strcmp(btmp, "Y") == 0
+        || strcmp(btmp, "y") == 0
+        || strcmp(btmp, "YES") == 0
+        || strcmp(btmp, "yes") == 0) {
         *asn1_bool = 0xff;
         return 1;
-    } else if (!strcmp(btmp, "FALSE") || !strcmp(btmp, "false")
-               || !strcmp(btmp, "N") || !strcmp(btmp, "n")
-               || !strcmp(btmp, "NO") || !strcmp(btmp, "no")) {
+    }
+    if (strcmp(btmp, "FALSE") == 0
+        || strcmp(btmp, "false") == 0
+        || strcmp(btmp, "N") == 0
+        || strcmp(btmp, "n") == 0
+        || strcmp(btmp, "NO") == 0
+        || strcmp(btmp, "no") == 0) {
         *asn1_bool = 0;
         return 1;
     }
@@ -260,10 +267,11 @@ int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool)
     return 0;
 }
 
-int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint)
+int X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint)
 {
     ASN1_INTEGER *itmp;
-    if (!(itmp = s2i_ASN1_INTEGER(NULL, value->value))) {
+
+    if ((itmp = s2i_ASN1_INTEGER(NULL, value->value)) == NULL) {
         X509V3_conf_err(value);
         return 0;
     }
@@ -286,7 +294,7 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line)
     char *linebuf;
     int state;
     /* We are going to modify the line so copy it first */
-    linebuf = BUF_strdup(line);
+    linebuf = OPENSSL_strdup(line);
     if (linebuf == NULL) {
         X509V3err(X509V3_F_X509V3_PARSE_LIST, ERR_R_MALLOC_FAILURE);
         goto err;
@@ -313,9 +321,6 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line)
                 *p = 0;
                 ntmp = strip_spaces(q);
                 q = p + 1;
-#if 0
-                printf("%s\n", ntmp);
-#endif
                 if (!ntmp) {
                     X509V3err(X509V3_F_X509V3_PARSE_LIST,
                               X509V3_R_INVALID_NULL_NAME);
@@ -330,9 +335,6 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line)
                 state = HDR_NAME;
                 *p = 0;
                 vtmp = strip_spaces(q);
-#if 0
-                printf("%s\n", ntmp);
-#endif
                 if (!vtmp) {
                     X509V3err(X509V3_F_X509V3_PARSE_LIST,
                               X509V3_R_INVALID_NULL_VALUE);
@@ -348,9 +350,6 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line)
 
     if (state == HDR_VALUE) {
         vtmp = strip_spaces(q);
-#if 0
-        printf("%s=%s\n", ntmp, vtmp);
-#endif
         if (!vtmp) {
             X509V3err(X509V3_F_X509V3_PARSE_LIST,
                       X509V3_R_INVALID_NULL_VALUE);
@@ -359,9 +358,6 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line)
         X509V3_add_value(ntmp, vtmp, &values);
     } else {
         ntmp = strip_spaces(q);
-#if 0
-        printf("%s\n", ntmp);
-#endif
         if (!ntmp) {
             X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
             goto err;
@@ -384,12 +380,12 @@ static char *strip_spaces(char *name)
     char *p, *q;
     /* Skip over leading spaces */
     p = name;
-    while (*p && isspace((unsigned char)*p))
+    while (*p && ossl_isspace(*p))
         p++;
     if (!*p)
         return NULL;
     q = p + strlen(p) - 1;
-    while ((q != p) && isspace((unsigned char)*q))
+    while ((q != p) && ossl_isspace(*q))
         q--;
     if (p != q)
         q[1] = 0;
@@ -398,109 +394,6 @@ static char *strip_spaces(char *name)
     return p;
 }
 
-/* hex string utilities */
-
-/*
- * Given a buffer of length 'len' return a OPENSSL_malloc'ed string with its
- * hex representation @@@ (Contents of buffer are always kept in ASCII, also
- * on EBCDIC machines)
- */
-
-char *hex_to_string(const unsigned char *buffer, long len)
-{
-    char *tmp, *q;
-    const unsigned char *p;
-    int i;
-    const static char hexdig[] = "0123456789ABCDEF";
-    if (!buffer || !len)
-        return NULL;
-    if (!(tmp = OPENSSL_malloc(len * 3 + 1))) {
-        X509V3err(X509V3_F_HEX_TO_STRING, ERR_R_MALLOC_FAILURE);
-        return NULL;
-    }
-    q = tmp;
-    for (i = 0, p = buffer; i < len; i++, p++) {
-        *q++ = hexdig[(*p >> 4) & 0xf];
-        *q++ = hexdig[*p & 0xf];
-        *q++ = ':';
-    }
-    q[-1] = 0;
-#ifdef CHARSET_EBCDIC
-    ebcdic2ascii(tmp, tmp, q - tmp - 1);
-#endif
-
-    return tmp;
-}
-
-/*
- * Give a string of hex digits convert to a buffer
- */
-
-unsigned char *string_to_hex(const char *str, long *len)
-{
-    unsigned char *hexbuf, *q;
-    unsigned char ch, cl, *p;
-    if (!str) {
-        X509V3err(X509V3_F_STRING_TO_HEX, X509V3_R_INVALID_NULL_ARGUMENT);
-        return NULL;
-    }
-    if (!(hexbuf = OPENSSL_malloc(strlen(str) >> 1)))
-        goto err;
-    for (p = (unsigned char *)str, q = hexbuf; *p;) {
-        ch = *p++;
-#ifdef CHARSET_EBCDIC
-        ch = os_toebcdic[ch];
-#endif
-        if (ch == ':')
-            continue;
-        cl = *p++;
-#ifdef CHARSET_EBCDIC
-        cl = os_toebcdic[cl];
-#endif
-        if (!cl) {
-            X509V3err(X509V3_F_STRING_TO_HEX, X509V3_R_ODD_NUMBER_OF_DIGITS);
-            OPENSSL_free(hexbuf);
-            return NULL;
-        }
-        if (isupper(ch))
-            ch = tolower(ch);
-        if (isupper(cl))
-            cl = tolower(cl);
-
-        if ((ch >= '0') && (ch <= '9'))
-            ch -= '0';
-        else if ((ch >= 'a') && (ch <= 'f'))
-            ch -= 'a' - 10;
-        else
-            goto badhex;
-
-        if ((cl >= '0') && (cl <= '9'))
-            cl -= '0';
-        else if ((cl >= 'a') && (cl <= 'f'))
-            cl -= 'a' - 10;
-        else
-            goto badhex;
-
-        *q++ = (ch << 4) | cl;
-    }
-
-    if (len)
-        *len = q - hexbuf;
-
-    return hexbuf;
-
- err:
-    if (hexbuf)
-        OPENSSL_free(hexbuf);
-    X509V3err(X509V3_F_STRING_TO_HEX, ERR_R_MALLOC_FAILURE);
-    return NULL;
-
- badhex:
-    OPENSSL_free(hexbuf);
-    X509V3err(X509V3_F_STRING_TO_HEX, X509V3_R_ILLEGAL_HEX_DIGIT);
-    return NULL;
-
-}
 
 /*
  * V2I name comparison function: returns zero if 'name' matches cmp or cmp.*
@@ -577,11 +470,11 @@ static STACK_OF(OPENSSL_STRING) *get_email(X509_NAME *name,
 {
     STACK_OF(OPENSSL_STRING) *ret = NULL;
     X509_NAME_ENTRY *ne;
-    ASN1_IA5STRING *email;
+    const ASN1_IA5STRING *email;
     GENERAL_NAME *gen;
-    int i;
+    int i = -1;
+
     /* Now add any email address(es) to STACK */
-    i = -1;
     /* First supplied X509_NAME */
     while ((i = X509_NAME_get_index_by_NID(name,
                                            NID_pkcs9_emailAddress, i)) >= 0) {
@@ -605,7 +498,7 @@ static void str_free(OPENSSL_STRING str)
     OPENSSL_free(str);
 }
 
-static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email)
+static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, const ASN1_IA5STRING *email)
 {
     char *emtmp;
     /* First some sanity checks */
@@ -613,15 +506,16 @@ static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email)
         return 1;
     if (!email->data || !email->length)
         return 1;
-    if (!*sk)
+    if (*sk == NULL)
         *sk = sk_OPENSSL_STRING_new(sk_strcmp);
-    if (!*sk)
+    if (*sk == NULL)
         return 0;
     /* Don't add duplicates */
     if (sk_OPENSSL_STRING_find(*sk, (char *)email->data) != -1)
         return 1;
-    emtmp = BUF_strdup((char *)email->data);
-    if (!emtmp || !sk_OPENSSL_STRING_push(*sk, emtmp)) {
+    emtmp = OPENSSL_strdup((char *)email->data);
+    if (emtmp == NULL || !sk_OPENSSL_STRING_push(*sk, emtmp)) {
+        OPENSSL_free(emtmp);    /* free on push failure */
         X509_email_free(*sk);
         *sk = NULL;
         return 0;
@@ -640,7 +534,7 @@ typedef int (*equal_fn) (const unsigned char *pattern, size_t pattern_len,
 
 /* Skip pattern prefix to match "wildcard" subject */
 static void skip_prefix(const unsigned char **p, size_t *plen,
-                        const unsigned char *subject, size_t subject_len,
+                        size_t subject_len,
                         unsigned int flags)
 {
     const unsigned char *pattern = *p;
@@ -675,7 +569,7 @@ static int equal_nocase(const unsigned char *pattern, size_t pattern_len,
                         const unsigned char *subject, size_t subject_len,
                         unsigned int flags)
 {
-    skip_prefix(&pattern, &pattern_len, subject, subject_len, flags);
+    skip_prefix(&pattern, &pattern_len, subject_len, flags);
     if (pattern_len != subject_len)
         return 0;
     while (pattern_len) {
@@ -704,7 +598,7 @@ static int equal_case(const unsigned char *pattern, size_t pattern_len,
                       const unsigned char *subject, size_t subject_len,
                       unsigned int flags)
 {
-    skip_prefix(&pattern, &pattern_len, subject, subject_len, flags);
+    skip_prefix(&pattern, &pattern_len, subject_len, flags);
     if (pattern_len != subject_len)
         return 0;
     return !memcmp(pattern, subject, pattern_len);
@@ -887,7 +781,7 @@ static int equal_wildcard(const unsigned char *pattern, size_t pattern_len,
  * to UTF8.
  */
 
-static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal,
+static int do_check_string(const ASN1_STRING *a, int cmp_type, equal_fn equal,
                            unsigned int flags, const char *b, size_t blen,
                            char **peername)
 {
@@ -903,7 +797,7 @@ static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal,
         else if (a->length == (int)blen && !memcmp(a->data, b, blen))
             rv = 1;
         if (rv > 0 && peername)
-            *peername = BUF_strndup((char *)a->data, a->length);
+            *peername = OPENSSL_strndup((char *)a->data, a->length);
     } else {
         int astrlen;
         unsigned char *astr;
@@ -917,7 +811,7 @@ static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal,
         }
         rv = equal(astr, astrlen, (unsigned char *)b, blen, flags);
         if (rv > 0 && peername)
-            *peername = BUF_strndup((char *)astr, astrlen);
+            *peername = OPENSSL_strndup((char *)astr, astrlen);
         OPENSSL_free(astr);
     }
     return rv;
@@ -982,23 +876,20 @@ static int do_x509_check(X509 *x, const char *chk, size_t chklen,
         GENERAL_NAMES_free(gens);
         if (rv != 0)
             return rv;
-        if (cnid == NID_undef
-            || (san_present
-                && !(flags & X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT)))
+        if (san_present && !(flags & X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT))
             return 0;
     }
 
     /* We're done if CN-ID is not pertinent */
-    if (cnid == NID_undef)
+    if (cnid == NID_undef || (flags & X509_CHECK_FLAG_NEVER_CHECK_SUBJECT))
         return 0;
 
     i = -1;
     name = X509_get_subject_name(x);
     while ((i = X509_NAME_get_index_by_NID(name, cnid, i)) >= 0) {
-        X509_NAME_ENTRY *ne;
-        ASN1_STRING *str;
-        ne = X509_NAME_get_entry(name, i);
-        str = X509_NAME_ENTRY_get_data(ne);
+        const X509_NAME_ENTRY *ne = X509_NAME_get_entry(name, i);
+        const ASN1_STRING *str = X509_NAME_ENTRY_get_data(ne);
+
         /* Positive on success, negative on error! */
         if ((rv = do_check_string(str, -1, equal, flags,
                                   chk, chklen, peername)) != 0)
@@ -1085,7 +976,7 @@ ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc)
         return NULL;
 
     ret = ASN1_OCTET_STRING_new();
-    if (!ret)
+    if (ret == NULL)
         return NULL;
     if (!ASN1_OCTET_STRING_set(ret, ipout, iplen)) {
         ASN1_OCTET_STRING_free(ret);
@@ -1103,7 +994,7 @@ ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc)
     p = strchr(ipasc, '/');
     if (!p)
         return NULL;
-    iptmp = BUF_strdup(ipasc);
+    iptmp = OPENSSL_strdup(ipasc);
     if (!iptmp)
         return NULL;
     p = iptmp + (p - ipasc);
@@ -1123,7 +1014,7 @@ ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc)
         goto err;
 
     ret = ASN1_OCTET_STRING_new();
-    if (!ret)
+    if (ret == NULL)
         goto err;
     if (!ASN1_OCTET_STRING_set(ret, ipout, iplen1 + iplen2))
         goto err;
@@ -1131,10 +1022,8 @@ ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc)
     return ret;
 
  err:
-    if (iptmp)
-        OPENSSL_free(iptmp);
-    if (ret)
-        ASN1_OCTET_STRING_free(ret);
+    OPENSSL_free(iptmp);
+    ASN1_OCTET_STRING_free(ret);
     return NULL;
 }
 
@@ -1286,19 +1175,17 @@ static int ipv6_hex(unsigned char *out, const char *in, int inlen)
 {
     unsigned char c;
     unsigned int num = 0;
+    int x;
+
     if (inlen > 4)
         return 0;
     while (inlen--) {
         c = *in++;
         num <<= 4;
-        if ((c >= '0') && (c <= '9'))
-            num |= c - '0';
-        else if ((c >= 'A') && (c <= 'F'))
-            num |= c - 'A' + 10;
-        else if ((c >= 'a') && (c <= 'f'))
-            num |= c - 'a' + 10;
-        else
+        x = OPENSSL_hexchar2int(c);
+        if (x < 0)
             return 0;
+        num |= (char)x;
     }
     out[0] = num >> 8;
     out[1] = num & 0xff;
@@ -1309,7 +1196,7 @@ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk,
                              unsigned long chtype)
 {
     CONF_VALUE *v;
-    int i, mval;
+    int i, mval, spec_char, plus_char;
     char *p, *type;
     if (!nm)
         return 0;
@@ -1320,25 +1207,26 @@ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk,
         /*
          * Skip past any leading X. X: X, etc to allow for multiple instances
          */
-        for (p = type; *p; p++)
+        for (p = type; *p; p++) {
 #ifndef CHARSET_EBCDIC
-            if ((*p == ':') || (*p == ',') || (*p == '.'))
+            spec_char = ((*p == ':') || (*p == ',') || (*p == '.'));
 #else
-            if ((*p == os_toascii[':']) || (*p == os_toascii[','])
-                || (*p == os_toascii['.']))
+            spec_char = ((*p == os_toascii[':']) || (*p == os_toascii[','])
+                    || (*p == os_toascii['.']));
 #endif
-            {
+            if (spec_char) {
                 p++;
                 if (*p)
                     type = p;
                 break;
             }
+        }
 #ifndef CHARSET_EBCDIC
-        if (*type == '+')
+        plus_char = (*type == '+');
 #else
-        if (*type == os_toascii['+'])
+        plus_char = (*type == os_toascii['+']);
 #endif
-        {
+        if (plus_char) {
             mval = -1;
             type++;
         } else
diff --git a/freebsd/crypto/openssl/crypto/x509v3/v3err.c b/freebsd/crypto/openssl/crypto/x509v3/v3err.c
index 87a7a642..6ebac686 100644
--- a/freebsd/crypto/openssl/crypto/x509v3/v3err.c
+++ b/freebsd/crypto/openssl/crypto/x509v3/v3err.c
@@ -1,251 +1,259 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* crypto/x509v3/v3err.c */
-/* ====================================================================
- * Copyright (c) 1999-2014 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
 /*
- * NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
-#include <openssl/x509v3.h>
+#include <openssl/x509v3err.h>
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509V3,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509V3,0,reason)
-
-static ERR_STRING_DATA X509V3_str_functs[] = {
-    {ERR_FUNC(X509V3_F_A2I_GENERAL_NAME), "a2i_GENERAL_NAME"},
-    {ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE),
-     "ASIDENTIFIERCHOICE_CANONIZE"},
-    {ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL),
-     "ASIDENTIFIERCHOICE_IS_CANONICAL"},
-    {ERR_FUNC(X509V3_F_COPY_EMAIL), "COPY_EMAIL"},
-    {ERR_FUNC(X509V3_F_COPY_ISSUER), "COPY_ISSUER"},
-    {ERR_FUNC(X509V3_F_DO_DIRNAME), "DO_DIRNAME"},
-    {ERR_FUNC(X509V3_F_DO_EXT_CONF), "DO_EXT_CONF"},
-    {ERR_FUNC(X509V3_F_DO_EXT_I2D), "DO_EXT_I2D"},
-    {ERR_FUNC(X509V3_F_DO_EXT_NCONF), "DO_EXT_NCONF"},
-    {ERR_FUNC(X509V3_F_DO_I2V_NAME_CONSTRAINTS), "DO_I2V_NAME_CONSTRAINTS"},
-    {ERR_FUNC(X509V3_F_GNAMES_FROM_SECTNAME), "GNAMES_FROM_SECTNAME"},
-    {ERR_FUNC(X509V3_F_HEX_TO_STRING), "hex_to_string"},
-    {ERR_FUNC(X509V3_F_I2S_ASN1_ENUMERATED), "i2s_ASN1_ENUMERATED"},
-    {ERR_FUNC(X509V3_F_I2S_ASN1_IA5STRING), "I2S_ASN1_IA5STRING"},
-    {ERR_FUNC(X509V3_F_I2S_ASN1_INTEGER), "i2s_ASN1_INTEGER"},
-    {ERR_FUNC(X509V3_F_I2V_AUTHORITY_INFO_ACCESS),
-     "I2V_AUTHORITY_INFO_ACCESS"},
-    {ERR_FUNC(X509V3_F_NOTICE_SECTION), "NOTICE_SECTION"},
-    {ERR_FUNC(X509V3_F_NREF_NOS), "NREF_NOS"},
-    {ERR_FUNC(X509V3_F_POLICY_SECTION), "POLICY_SECTION"},
-    {ERR_FUNC(X509V3_F_PROCESS_PCI_VALUE), "PROCESS_PCI_VALUE"},
-    {ERR_FUNC(X509V3_F_R2I_CERTPOL), "R2I_CERTPOL"},
-    {ERR_FUNC(X509V3_F_R2I_PCI), "R2I_PCI"},
-    {ERR_FUNC(X509V3_F_S2I_ASN1_IA5STRING), "S2I_ASN1_IA5STRING"},
-    {ERR_FUNC(X509V3_F_S2I_ASN1_INTEGER), "s2i_ASN1_INTEGER"},
-    {ERR_FUNC(X509V3_F_S2I_ASN1_OCTET_STRING), "s2i_ASN1_OCTET_STRING"},
-    {ERR_FUNC(X509V3_F_S2I_ASN1_SKEY_ID), "S2I_ASN1_SKEY_ID"},
-    {ERR_FUNC(X509V3_F_S2I_SKEY_ID), "S2I_SKEY_ID"},
-    {ERR_FUNC(X509V3_F_SET_DIST_POINT_NAME), "SET_DIST_POINT_NAME"},
-    {ERR_FUNC(X509V3_F_STRING_TO_HEX), "string_to_hex"},
-    {ERR_FUNC(X509V3_F_SXNET_ADD_ID_ASC), "SXNET_add_id_asc"},
-    {ERR_FUNC(X509V3_F_SXNET_ADD_ID_INTEGER), "SXNET_add_id_INTEGER"},
-    {ERR_FUNC(X509V3_F_SXNET_ADD_ID_ULONG), "SXNET_add_id_ulong"},
-    {ERR_FUNC(X509V3_F_SXNET_GET_ID_ASC), "SXNET_get_id_asc"},
-    {ERR_FUNC(X509V3_F_SXNET_GET_ID_ULONG), "SXNET_get_id_ulong"},
-    {ERR_FUNC(X509V3_F_V2I_ASIDENTIFIERS), "V2I_ASIDENTIFIERS"},
-    {ERR_FUNC(X509V3_F_V2I_ASN1_BIT_STRING), "v2i_ASN1_BIT_STRING"},
-    {ERR_FUNC(X509V3_F_V2I_AUTHORITY_INFO_ACCESS),
-     "V2I_AUTHORITY_INFO_ACCESS"},
-    {ERR_FUNC(X509V3_F_V2I_AUTHORITY_KEYID), "V2I_AUTHORITY_KEYID"},
-    {ERR_FUNC(X509V3_F_V2I_BASIC_CONSTRAINTS), "V2I_BASIC_CONSTRAINTS"},
-    {ERR_FUNC(X509V3_F_V2I_CRLD), "V2I_CRLD"},
-    {ERR_FUNC(X509V3_F_V2I_EXTENDED_KEY_USAGE), "V2I_EXTENDED_KEY_USAGE"},
-    {ERR_FUNC(X509V3_F_V2I_GENERAL_NAMES), "v2i_GENERAL_NAMES"},
-    {ERR_FUNC(X509V3_F_V2I_GENERAL_NAME_EX), "v2i_GENERAL_NAME_ex"},
-    {ERR_FUNC(X509V3_F_V2I_IDP), "V2I_IDP"},
-    {ERR_FUNC(X509V3_F_V2I_IPADDRBLOCKS), "V2I_IPADDRBLOCKS"},
-    {ERR_FUNC(X509V3_F_V2I_ISSUER_ALT), "V2I_ISSUER_ALT"},
-    {ERR_FUNC(X509V3_F_V2I_NAME_CONSTRAINTS), "V2I_NAME_CONSTRAINTS"},
-    {ERR_FUNC(X509V3_F_V2I_POLICY_CONSTRAINTS), "V2I_POLICY_CONSTRAINTS"},
-    {ERR_FUNC(X509V3_F_V2I_POLICY_MAPPINGS), "V2I_POLICY_MAPPINGS"},
-    {ERR_FUNC(X509V3_F_V2I_SUBJECT_ALT), "V2I_SUBJECT_ALT"},
-    {ERR_FUNC(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL),
-     "V3_ADDR_VALIDATE_PATH_INTERNAL"},
-    {ERR_FUNC(X509V3_F_V3_GENERIC_EXTENSION), "V3_GENERIC_EXTENSION"},
-    {ERR_FUNC(X509V3_F_X509V3_ADD1_I2D), "X509V3_add1_i2d"},
-    {ERR_FUNC(X509V3_F_X509V3_ADD_VALUE), "X509V3_add_value"},
-    {ERR_FUNC(X509V3_F_X509V3_EXT_ADD), "X509V3_EXT_add"},
-    {ERR_FUNC(X509V3_F_X509V3_EXT_ADD_ALIAS), "X509V3_EXT_add_alias"},
-    {ERR_FUNC(X509V3_F_X509V3_EXT_CONF), "X509V3_EXT_conf"},
-    {ERR_FUNC(X509V3_F_X509V3_EXT_FREE), "X509V3_EXT_free"},
-    {ERR_FUNC(X509V3_F_X509V3_EXT_I2D), "X509V3_EXT_i2d"},
-    {ERR_FUNC(X509V3_F_X509V3_EXT_NCONF), "X509V3_EXT_nconf"},
-    {ERR_FUNC(X509V3_F_X509V3_GET_SECTION), "X509V3_get_section"},
-    {ERR_FUNC(X509V3_F_X509V3_GET_STRING), "X509V3_get_string"},
-    {ERR_FUNC(X509V3_F_X509V3_GET_VALUE_BOOL), "X509V3_get_value_bool"},
-    {ERR_FUNC(X509V3_F_X509V3_PARSE_LIST), "X509V3_parse_list"},
-    {ERR_FUNC(X509V3_F_X509_PURPOSE_ADD), "X509_PURPOSE_add"},
-    {ERR_FUNC(X509V3_F_X509_PURPOSE_SET), "X509_PURPOSE_set"},
+static const ERR_STRING_DATA X509V3_str_functs[] = {
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_A2I_GENERAL_NAME, 0),
+     "a2i_GENERAL_NAME"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_ADDR_VALIDATE_PATH_INTERNAL, 0),
+     "addr_validate_path_internal"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, 0),
+     "ASIdentifierChoice_canonize"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL, 0),
+     "ASIdentifierChoice_is_canonical"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_BIGNUM_TO_STRING, 0),
+     "bignum_to_string"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_COPY_EMAIL, 0), "copy_email"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_COPY_ISSUER, 0), "copy_issuer"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_DO_DIRNAME, 0), "do_dirname"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_DO_EXT_I2D, 0), "do_ext_i2d"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_DO_EXT_NCONF, 0), "do_ext_nconf"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_GNAMES_FROM_SECTNAME, 0),
+     "gnames_from_sectname"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_I2S_ASN1_ENUMERATED, 0),
+     "i2s_ASN1_ENUMERATED"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_I2S_ASN1_IA5STRING, 0),
+     "i2s_ASN1_IA5STRING"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_I2S_ASN1_INTEGER, 0),
+     "i2s_ASN1_INTEGER"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_I2V_AUTHORITY_INFO_ACCESS, 0),
+     "i2v_AUTHORITY_INFO_ACCESS"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_LEVEL_ADD_NODE, 0), "level_add_node"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_NOTICE_SECTION, 0), "notice_section"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_NREF_NOS, 0), "nref_nos"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_POLICY_CACHE_CREATE, 0),
+     "policy_cache_create"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_POLICY_CACHE_NEW, 0),
+     "policy_cache_new"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_POLICY_DATA_NEW, 0), "policy_data_new"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_POLICY_SECTION, 0), "policy_section"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_PROCESS_PCI_VALUE, 0),
+     "process_pci_value"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_R2I_CERTPOL, 0), "r2i_certpol"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_R2I_PCI, 0), "r2i_pci"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_S2I_ASN1_IA5STRING, 0),
+     "s2i_ASN1_IA5STRING"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_S2I_ASN1_INTEGER, 0),
+     "s2i_ASN1_INTEGER"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_S2I_ASN1_OCTET_STRING, 0),
+     "s2i_ASN1_OCTET_STRING"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_S2I_SKEY_ID, 0), "s2i_skey_id"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_SET_DIST_POINT_NAME, 0),
+     "set_dist_point_name"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_SXNET_ADD_ID_ASC, 0),
+     "SXNET_add_id_asc"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_SXNET_ADD_ID_INTEGER, 0),
+     "SXNET_add_id_INTEGER"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_SXNET_ADD_ID_ULONG, 0),
+     "SXNET_add_id_ulong"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_SXNET_GET_ID_ASC, 0),
+     "SXNET_get_id_asc"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_SXNET_GET_ID_ULONG, 0),
+     "SXNET_get_id_ulong"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_TREE_INIT, 0), "tree_init"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_ASIDENTIFIERS, 0),
+     "v2i_ASIdentifiers"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_ASN1_BIT_STRING, 0),
+     "v2i_ASN1_BIT_STRING"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_AUTHORITY_INFO_ACCESS, 0),
+     "v2i_AUTHORITY_INFO_ACCESS"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_AUTHORITY_KEYID, 0),
+     "v2i_AUTHORITY_KEYID"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_BASIC_CONSTRAINTS, 0),
+     "v2i_BASIC_CONSTRAINTS"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_CRLD, 0), "v2i_crld"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_EXTENDED_KEY_USAGE, 0),
+     "v2i_EXTENDED_KEY_USAGE"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_GENERAL_NAMES, 0),
+     "v2i_GENERAL_NAMES"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_GENERAL_NAME_EX, 0),
+     "v2i_GENERAL_NAME_ex"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_IDP, 0), "v2i_idp"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_IPADDRBLOCKS, 0),
+     "v2i_IPAddrBlocks"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_ISSUER_ALT, 0), "v2i_issuer_alt"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_NAME_CONSTRAINTS, 0),
+     "v2i_NAME_CONSTRAINTS"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_POLICY_CONSTRAINTS, 0),
+     "v2i_POLICY_CONSTRAINTS"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_POLICY_MAPPINGS, 0),
+     "v2i_POLICY_MAPPINGS"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_SUBJECT_ALT, 0), "v2i_subject_alt"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_TLS_FEATURE, 0), "v2i_TLS_FEATURE"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V3_GENERIC_EXTENSION, 0),
+     "v3_generic_extension"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_ADD1_I2D, 0), "X509V3_add1_i2d"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_ADD_VALUE, 0),
+     "X509V3_add_value"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_EXT_ADD, 0), "X509V3_EXT_add"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_EXT_ADD_ALIAS, 0),
+     "X509V3_EXT_add_alias"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_EXT_I2D, 0), "X509V3_EXT_i2d"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_EXT_NCONF, 0),
+     "X509V3_EXT_nconf"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_GET_SECTION, 0),
+     "X509V3_get_section"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_GET_STRING, 0),
+     "X509V3_get_string"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_GET_VALUE_BOOL, 0),
+     "X509V3_get_value_bool"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_PARSE_LIST, 0),
+     "X509V3_parse_list"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509_PURPOSE_ADD, 0),
+     "X509_PURPOSE_add"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509_PURPOSE_SET, 0),
+     "X509_PURPOSE_set"},
     {0, NULL}
 };
 
-static ERR_STRING_DATA X509V3_str_reasons[] = {
-    {ERR_REASON(X509V3_R_BAD_IP_ADDRESS), "bad ip address"},
-    {ERR_REASON(X509V3_R_BAD_OBJECT), "bad object"},
-    {ERR_REASON(X509V3_R_BN_DEC2BN_ERROR), "bn dec2bn error"},
-    {ERR_REASON(X509V3_R_BN_TO_ASN1_INTEGER_ERROR),
-     "bn to asn1 integer error"},
-    {ERR_REASON(X509V3_R_CANNOT_FIND_FREE_FUNCTION),
-     "cannot find free function"},
-    {ERR_REASON(X509V3_R_DIRNAME_ERROR), "dirname error"},
-    {ERR_REASON(X509V3_R_DISTPOINT_ALREADY_SET), "distpoint already set"},
-    {ERR_REASON(X509V3_R_DUPLICATE_ZONE_ID), "duplicate zone id"},
-    {ERR_REASON(X509V3_R_ERROR_CONVERTING_ZONE), "error converting zone"},
-    {ERR_REASON(X509V3_R_ERROR_CREATING_EXTENSION),
-     "error creating extension"},
-    {ERR_REASON(X509V3_R_ERROR_IN_EXTENSION), "error in extension"},
-    {ERR_REASON(X509V3_R_EXPECTED_A_SECTION_NAME), "expected a section name"},
-    {ERR_REASON(X509V3_R_EXTENSION_EXISTS), "extension exists"},
-    {ERR_REASON(X509V3_R_EXTENSION_NAME_ERROR), "extension name error"},
-    {ERR_REASON(X509V3_R_EXTENSION_NOT_FOUND), "extension not found"},
-    {ERR_REASON(X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED),
-     "extension setting not supported"},
-    {ERR_REASON(X509V3_R_EXTENSION_VALUE_ERROR), "extension value error"},
-    {ERR_REASON(X509V3_R_ILLEGAL_EMPTY_EXTENSION), "illegal empty extension"},
-    {ERR_REASON(X509V3_R_ILLEGAL_HEX_DIGIT), "illegal hex digit"},
-    {ERR_REASON(X509V3_R_INCORRECT_POLICY_SYNTAX_TAG),
-     "incorrect policy syntax tag"},
-    {ERR_REASON(X509V3_R_INVALID_ASNUMBER), "invalid asnumber"},
-    {ERR_REASON(X509V3_R_INVALID_ASRANGE), "invalid asrange"},
-    {ERR_REASON(X509V3_R_INVALID_BOOLEAN_STRING), "invalid boolean string"},
-    {ERR_REASON(X509V3_R_INVALID_EXTENSION_STRING),
-     "invalid extension string"},
-    {ERR_REASON(X509V3_R_INVALID_INHERITANCE), "invalid inheritance"},
-    {ERR_REASON(X509V3_R_INVALID_IPADDRESS), "invalid ipaddress"},
-    {ERR_REASON(X509V3_R_INVALID_MULTIPLE_RDNS), "invalid multiple rdns"},
-    {ERR_REASON(X509V3_R_INVALID_NAME), "invalid name"},
-    {ERR_REASON(X509V3_R_INVALID_NULL_ARGUMENT), "invalid null argument"},
-    {ERR_REASON(X509V3_R_INVALID_NULL_NAME), "invalid null name"},
-    {ERR_REASON(X509V3_R_INVALID_NULL_VALUE), "invalid null value"},
-    {ERR_REASON(X509V3_R_INVALID_NUMBER), "invalid number"},
-    {ERR_REASON(X509V3_R_INVALID_NUMBERS), "invalid numbers"},
-    {ERR_REASON(X509V3_R_INVALID_OBJECT_IDENTIFIER),
-     "invalid object identifier"},
-    {ERR_REASON(X509V3_R_INVALID_OPTION), "invalid option"},
-    {ERR_REASON(X509V3_R_INVALID_POLICY_IDENTIFIER),
-     "invalid policy identifier"},
-    {ERR_REASON(X509V3_R_INVALID_PROXY_POLICY_SETTING),
-     "invalid proxy policy setting"},
-    {ERR_REASON(X509V3_R_INVALID_PURPOSE), "invalid purpose"},
-    {ERR_REASON(X509V3_R_INVALID_SAFI), "invalid safi"},
-    {ERR_REASON(X509V3_R_INVALID_SECTION), "invalid section"},
-    {ERR_REASON(X509V3_R_INVALID_SYNTAX), "invalid syntax"},
-    {ERR_REASON(X509V3_R_ISSUER_DECODE_ERROR), "issuer decode error"},
-    {ERR_REASON(X509V3_R_MISSING_VALUE), "missing value"},
-    {ERR_REASON(X509V3_R_NEED_ORGANIZATION_AND_NUMBERS),
-     "need organization and numbers"},
-    {ERR_REASON(X509V3_R_NO_CONFIG_DATABASE), "no config database"},
-    {ERR_REASON(X509V3_R_NO_ISSUER_CERTIFICATE), "no issuer certificate"},
-    {ERR_REASON(X509V3_R_NO_ISSUER_DETAILS), "no issuer details"},
-    {ERR_REASON(X509V3_R_NO_POLICY_IDENTIFIER), "no policy identifier"},
-    {ERR_REASON(X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED),
-     "no proxy cert policy language defined"},
-    {ERR_REASON(X509V3_R_NO_PUBLIC_KEY), "no public key"},
-    {ERR_REASON(X509V3_R_NO_SUBJECT_DETAILS), "no subject details"},
-    {ERR_REASON(X509V3_R_ODD_NUMBER_OF_DIGITS), "odd number of digits"},
-    {ERR_REASON(X509V3_R_OPERATION_NOT_DEFINED), "operation not defined"},
-    {ERR_REASON(X509V3_R_OTHERNAME_ERROR), "othername error"},
-    {ERR_REASON(X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED),
-     "policy language already defined"},
-    {ERR_REASON(X509V3_R_POLICY_PATH_LENGTH), "policy path length"},
-    {ERR_REASON(X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED),
-     "policy path length already defined"},
-    {ERR_REASON(X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED),
-     "policy syntax not currently supported"},
-    {ERR_REASON(X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY),
-     "policy when proxy language requires no policy"},
-    {ERR_REASON(X509V3_R_SECTION_NOT_FOUND), "section not found"},
-    {ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS),
-     "unable to get issuer details"},
-    {ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_KEYID),
-     "unable to get issuer keyid"},
-    {ERR_REASON(X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT),
-     "unknown bit string argument"},
-    {ERR_REASON(X509V3_R_UNKNOWN_EXTENSION), "unknown extension"},
-    {ERR_REASON(X509V3_R_UNKNOWN_EXTENSION_NAME), "unknown extension name"},
-    {ERR_REASON(X509V3_R_UNKNOWN_OPTION), "unknown option"},
-    {ERR_REASON(X509V3_R_UNSUPPORTED_OPTION), "unsupported option"},
-    {ERR_REASON(X509V3_R_UNSUPPORTED_TYPE), "unsupported type"},
-    {ERR_REASON(X509V3_R_USER_TOO_LONG), "user too long"},
+static const ERR_STRING_DATA X509V3_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_BAD_IP_ADDRESS), "bad ip address"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_BAD_OBJECT), "bad object"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_BN_DEC2BN_ERROR), "bn dec2bn error"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_BN_TO_ASN1_INTEGER_ERROR),
+    "bn to asn1 integer error"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_DIRNAME_ERROR), "dirname error"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_DISTPOINT_ALREADY_SET),
+    "distpoint already set"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_DUPLICATE_ZONE_ID),
+    "duplicate zone id"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_ERROR_CONVERTING_ZONE),
+    "error converting zone"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_ERROR_CREATING_EXTENSION),
+    "error creating extension"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_ERROR_IN_EXTENSION),
+    "error in extension"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXPECTED_A_SECTION_NAME),
+    "expected a section name"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXTENSION_EXISTS),
+    "extension exists"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXTENSION_NAME_ERROR),
+    "extension name error"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXTENSION_NOT_FOUND),
+    "extension not found"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED),
+    "extension setting not supported"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXTENSION_VALUE_ERROR),
+    "extension value error"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_ILLEGAL_EMPTY_EXTENSION),
+    "illegal empty extension"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INCORRECT_POLICY_SYNTAX_TAG),
+    "incorrect policy syntax tag"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_ASNUMBER),
+    "invalid asnumber"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_ASRANGE), "invalid asrange"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_BOOLEAN_STRING),
+    "invalid boolean string"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_EXTENSION_STRING),
+    "invalid extension string"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_INHERITANCE),
+    "invalid inheritance"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_IPADDRESS),
+    "invalid ipaddress"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_MULTIPLE_RDNS),
+    "invalid multiple rdns"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_NAME), "invalid name"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_NULL_ARGUMENT),
+    "invalid null argument"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_NULL_NAME),
+    "invalid null name"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_NULL_VALUE),
+    "invalid null value"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_NUMBER), "invalid number"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_NUMBERS), "invalid numbers"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_OBJECT_IDENTIFIER),
+    "invalid object identifier"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_OPTION), "invalid option"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_POLICY_IDENTIFIER),
+    "invalid policy identifier"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_PROXY_POLICY_SETTING),
+    "invalid proxy policy setting"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_PURPOSE), "invalid purpose"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_SAFI), "invalid safi"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_SECTION), "invalid section"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_SYNTAX), "invalid syntax"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_ISSUER_DECODE_ERROR),
+    "issuer decode error"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_MISSING_VALUE), "missing value"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NEED_ORGANIZATION_AND_NUMBERS),
+    "need organization and numbers"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_CONFIG_DATABASE),
+    "no config database"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_ISSUER_CERTIFICATE),
+    "no issuer certificate"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_ISSUER_DETAILS),
+    "no issuer details"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_POLICY_IDENTIFIER),
+    "no policy identifier"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED),
+    "no proxy cert policy language defined"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_PUBLIC_KEY), "no public key"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_SUBJECT_DETAILS),
+    "no subject details"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_OPERATION_NOT_DEFINED),
+    "operation not defined"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_OTHERNAME_ERROR), "othername error"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED),
+    "policy language already defined"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_POLICY_PATH_LENGTH),
+    "policy path length"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED),
+    "policy path length already defined"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY),
+    "policy when proxy language requires no policy"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_SECTION_NOT_FOUND),
+    "section not found"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS),
+    "unable to get issuer details"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNABLE_TO_GET_ISSUER_KEYID),
+    "unable to get issuer keyid"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT),
+    "unknown bit string argument"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNKNOWN_EXTENSION),
+    "unknown extension"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNKNOWN_EXTENSION_NAME),
+    "unknown extension name"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNKNOWN_OPTION), "unknown option"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNSUPPORTED_OPTION),
+    "unsupported option"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNSUPPORTED_TYPE),
+    "unsupported type"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_USER_TOO_LONG), "user too long"},
     {0, NULL}
 };
 
 #endif
 
-void ERR_load_X509V3_strings(void)
+int ERR_load_X509V3_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
-
     if (ERR_func_error_string(X509V3_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, X509V3_str_functs);
-        ERR_load_strings(0, X509V3_str_reasons);
+        ERR_load_strings_const(X509V3_str_functs);
+        ERR_load_strings_const(X509V3_str_reasons);
     }
 #endif
+    return 1;
 }
diff --git a/freebsd/crypto/openssl/crypto/x509v3/v3nametest.c b/freebsd/crypto/openssl/crypto/x509v3/v3nametest.c
deleted file mode 100644
index 3d98c86c..00000000
--- a/freebsd/crypto/openssl/crypto/x509v3/v3nametest.c
+++ /dev/null
@@ -1,348 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include "../e_os.h"
-#include <string.h>
-
-static const char *const names[] = {
-    "a", "b", ".", "*", "@",
-    ".a", "a.", ".b", "b.", ".*", "*.", "*@", "@*", "a@", "@a", "b@", "..",
-    "-example.com", "example-.com",
-    "@@", "**", "*.com", "*com", "*.*.com", "*com", "com*", "*example.com",
-    "*@example.com", "test@*.example.com", "example.com", "www.example.com",
-    "test.www.example.com", "*.example.com", "*.www.example.com",
-    "test.*.example.com", "www.*.com",
-    ".www.example.com", "*www.example.com",
-    "example.net", "xn--rger-koa.example.com",
-    "*.xn--rger-koa.example.com", "www.xn--rger-koa.example.com",
-    "*.good--example.com", "www.good--example.com",
-    "*.xn--bar.com", "xn--foo.xn--bar.com",
-    "a.example.com", "b.example.com",
-    "postmaster@example.com", "Postmaster@example.com",
-    "postmaster@EXAMPLE.COM",
-    NULL
-};
-
-static const char *const exceptions[] = {
-    "set CN: host: [*.example.com] matches [a.example.com]",
-    "set CN: host: [*.example.com] matches [b.example.com]",
-    "set CN: host: [*.example.com] matches [www.example.com]",
-    "set CN: host: [*.example.com] matches [xn--rger-koa.example.com]",
-    "set CN: host: [*.www.example.com] matches [test.www.example.com]",
-    "set CN: host: [*.www.example.com] matches [.www.example.com]",
-    "set CN: host: [*www.example.com] matches [www.example.com]",
-    "set CN: host: [test.www.example.com] matches [.www.example.com]",
-    "set CN: host: [*.xn--rger-koa.example.com] matches [www.xn--rger-koa.example.com]",
-    "set CN: host: [*.xn--bar.com] matches [xn--foo.xn--bar.com]",
-    "set CN: host: [*.good--example.com] matches [www.good--example.com]",
-    "set CN: host-no-wildcards: [*.www.example.com] matches [.www.example.com]",
-    "set CN: host-no-wildcards: [test.www.example.com] matches [.www.example.com]",
-    "set emailAddress: email: [postmaster@example.com] does not match [Postmaster@example.com]",
-    "set emailAddress: email: [postmaster@EXAMPLE.COM] does not match [Postmaster@example.com]",
-    "set emailAddress: email: [Postmaster@example.com] does not match [postmaster@example.com]",
-    "set emailAddress: email: [Postmaster@example.com] does not match [postmaster@EXAMPLE.COM]",
-    "set dnsName: host: [*.example.com] matches [www.example.com]",
-    "set dnsName: host: [*.example.com] matches [a.example.com]",
-    "set dnsName: host: [*.example.com] matches [b.example.com]",
-    "set dnsName: host: [*.example.com] matches [xn--rger-koa.example.com]",
-    "set dnsName: host: [*.www.example.com] matches [test.www.example.com]",
-    "set dnsName: host-no-wildcards: [*.www.example.com] matches [.www.example.com]",
-    "set dnsName: host-no-wildcards: [test.www.example.com] matches [.www.example.com]",
-    "set dnsName: host: [*.www.example.com] matches [.www.example.com]",
-    "set dnsName: host: [*www.example.com] matches [www.example.com]",
-    "set dnsName: host: [test.www.example.com] matches [.www.example.com]",
-    "set dnsName: host: [*.xn--rger-koa.example.com] matches [www.xn--rger-koa.example.com]",
-    "set dnsName: host: [*.xn--bar.com] matches [xn--foo.xn--bar.com]",
-    "set dnsName: host: [*.good--example.com] matches [www.good--example.com]",
-    "set rfc822Name: email: [postmaster@example.com] does not match [Postmaster@example.com]",
-    "set rfc822Name: email: [Postmaster@example.com] does not match [postmaster@example.com]",
-    "set rfc822Name: email: [Postmaster@example.com] does not match [postmaster@EXAMPLE.COM]",
-    "set rfc822Name: email: [postmaster@EXAMPLE.COM] does not match [Postmaster@example.com]",
-    NULL
-};
-
-static int is_exception(const char *msg)
-{
-    const char *const *p;
-    for (p = exceptions; *p; ++p)
-        if (strcmp(msg, *p) == 0)
-            return 1;
-    return 0;
-}
-
-static int set_cn(X509 *crt, ...)
-{
-    int ret = 0;
-    X509_NAME *n = NULL;
-    va_list ap;
-    va_start(ap, crt);
-    n = X509_NAME_new();
-    if (n == NULL)
-        goto out;
-    while (1) {
-        int nid;
-        const char *name;
-        nid = va_arg(ap, int);
-        if (nid == 0)
-            break;
-        name = va_arg(ap, const char *);
-        if (!X509_NAME_add_entry_by_NID(n, nid, MBSTRING_ASC,
-                                        (unsigned char *)name, -1, -1, 1))
-            goto out;
-    }
-    if (!X509_set_subject_name(crt, n))
-        goto out;
-    ret = 1;
- out:
-    X509_NAME_free(n);
-    va_end(ap);
-    return ret;
-}
-
-/*-
-int             X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
-X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex,
-                        int nid, int crit, ASN1_OCTET_STRING *data);
-int             X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
-*/
-
-static int set_altname(X509 *crt, ...)
-{
-    int ret = 0;
-    GENERAL_NAMES *gens = NULL;
-    GENERAL_NAME *gen = NULL;
-    ASN1_IA5STRING *ia5 = NULL;
-    va_list ap;
-    va_start(ap, crt);
-    gens = sk_GENERAL_NAME_new_null();
-    if (gens == NULL)
-        goto out;
-    while (1) {
-        int type;
-        const char *name;
-        type = va_arg(ap, int);
-        if (type == 0)
-            break;
-        name = va_arg(ap, const char *);
-
-        gen = GENERAL_NAME_new();
-        if (gen == NULL)
-            goto out;
-        ia5 = ASN1_IA5STRING_new();
-        if (ia5 == NULL)
-            goto out;
-        if (!ASN1_STRING_set(ia5, name, -1))
-            goto out;
-        switch (type) {
-        case GEN_EMAIL:
-        case GEN_DNS:
-            GENERAL_NAME_set0_value(gen, type, ia5);
-            ia5 = NULL;
-            break;
-        default:
-            abort();
-        }
-        sk_GENERAL_NAME_push(gens, gen);
-        gen = NULL;
-    }
-    if (!X509_add1_ext_i2d(crt, NID_subject_alt_name, gens, 0, 0))
-        goto out;
-    ret = 1;
- out:
-    ASN1_IA5STRING_free(ia5);
-    GENERAL_NAME_free(gen);
-    GENERAL_NAMES_free(gens);
-    va_end(ap);
-    return ret;
-}
-
-static int set_cn1(X509 *crt, const char *name)
-{
-    return set_cn(crt, NID_commonName, name, 0);
-}
-
-static int set_cn_and_email(X509 *crt, const char *name)
-{
-    return set_cn(crt, NID_commonName, name,
-                  NID_pkcs9_emailAddress, "dummy@example.com", 0);
-}
-
-static int set_cn2(X509 *crt, const char *name)
-{
-    return set_cn(crt, NID_commonName, "dummy value",
-                  NID_commonName, name, 0);
-}
-
-static int set_cn3(X509 *crt, const char *name)
-{
-    return set_cn(crt, NID_commonName, name,
-                  NID_commonName, "dummy value", 0);
-}
-
-static int set_email1(X509 *crt, const char *name)
-{
-    return set_cn(crt, NID_pkcs9_emailAddress, name, 0);
-}
-
-static int set_email2(X509 *crt, const char *name)
-{
-    return set_cn(crt, NID_pkcs9_emailAddress, "dummy@example.com",
-                  NID_pkcs9_emailAddress, name, 0);
-}
-
-static int set_email3(X509 *crt, const char *name)
-{
-    return set_cn(crt, NID_pkcs9_emailAddress, name,
-                  NID_pkcs9_emailAddress, "dummy@example.com", 0);
-}
-
-static int set_email_and_cn(X509 *crt, const char *name)
-{
-    return set_cn(crt, NID_pkcs9_emailAddress, name,
-                  NID_commonName, "www.example.org", 0);
-}
-
-static int set_altname_dns(X509 *crt, const char *name)
-{
-    return set_altname(crt, GEN_DNS, name, 0);
-}
-
-static int set_altname_email(X509 *crt, const char *name)
-{
-    return set_altname(crt, GEN_EMAIL, name, 0);
-}
-
-struct set_name_fn {
-    int (*fn) (X509 *, const char *);
-    const char *name;
-    int host;
-    int email;
-};
-
-static const struct set_name_fn name_fns[] = {
-    {set_cn1, "set CN", 1, 0},
-    {set_cn2, "set CN", 1, 0},
-    {set_cn3, "set CN", 1, 0},
-    {set_cn_and_email, "set CN", 1, 0},
-    {set_email1, "set emailAddress", 0, 1},
-    {set_email2, "set emailAddress", 0, 1},
-    {set_email3, "set emailAddress", 0, 1},
-    {set_email_and_cn, "set emailAddress", 0, 1},
-    {set_altname_dns, "set dnsName", 1, 0},
-    {set_altname_email, "set rfc822Name", 0, 1},
-    {NULL, NULL, 0}
-};
-
-static X509 *make_cert()
-{
-    X509 *ret = NULL;
-    X509 *crt = NULL;
-    X509_NAME *issuer = NULL;
-    crt = X509_new();
-    if (crt == NULL)
-        goto out;
-    if (!X509_set_version(crt, 3))
-        goto out;
-    ret = crt;
-    crt = NULL;
- out:
-    X509_NAME_free(issuer);
-    return ret;
-}
-
-static int errors;
-
-static void check_message(const struct set_name_fn *fn, const char *op,
-                          const char *nameincert, int match, const char *name)
-{
-    char msg[1024];
-    if (match < 0)
-        return;
-    BIO_snprintf(msg, sizeof(msg), "%s: %s: [%s] %s [%s]",
-                 fn->name, op, nameincert,
-                 match ? "matches" : "does not match", name);
-    if (is_exception(msg))
-        return;
-    puts(msg);
-    ++errors;
-}
-
-static void run_cert(X509 *crt, const char *nameincert,
-                     const struct set_name_fn *fn)
-{
-    const char *const *pname = names;
-    while (*pname) {
-        int samename = strcasecmp(nameincert, *pname) == 0;
-        size_t namelen = strlen(*pname);
-        char *name = malloc(namelen);
-        int match, ret;
-        memcpy(name, *pname, namelen);
-
-        ret = X509_check_host(crt, name, namelen, 0, NULL);
-        match = -1;
-        if (ret < 0) {
-            fprintf(stderr, "internal error in X509_check_host");
-            ++errors;
-        } else if (fn->host) {
-            if (ret == 1 && !samename)
-                match = 1;
-            if (ret == 0 && samename)
-                match = 0;
-        } else if (ret == 1)
-            match = 1;
-        check_message(fn, "host", nameincert, match, *pname);
-
-        ret = X509_check_host(crt, name, namelen,
-                              X509_CHECK_FLAG_NO_WILDCARDS, NULL);
-        match = -1;
-        if (ret < 0) {
-            fprintf(stderr, "internal error in X509_check_host");
-            ++errors;
-        } else if (fn->host) {
-            if (ret == 1 && !samename)
-                match = 1;
-            if (ret == 0 && samename)
-                match = 0;
-        } else if (ret == 1)
-            match = 1;
-        check_message(fn, "host-no-wildcards", nameincert, match, *pname);
-
-        ret = X509_check_email(crt, name, namelen, 0);
-        match = -1;
-        if (fn->email) {
-            if (ret && !samename)
-                match = 1;
-            if (!ret && samename && strchr(nameincert, '@') != NULL)
-                match = 0;
-        } else if (ret)
-            match = 1;
-        check_message(fn, "email", nameincert, match, *pname);
-        ++pname;
-        free(name);
-    }
-}
-
-int main(void)
-{
-    const struct set_name_fn *pfn = name_fns;
-    while (pfn->name) {
-        const char *const *pname = names;
-        while (*pname) {
-            X509 *crt = make_cert();
-            if (crt == NULL) {
-                fprintf(stderr, "make_cert failed\n");
-                return 1;
-            }
-            if (!pfn->fn(crt, *pname)) {
-                fprintf(stderr, "X509 name setting failed\n");
-                return 1;
-            }
-            run_cert(crt, *pname, pfn);
-            X509_free(crt);
-            ++pname;
-        }
-        ++pfn;
-    }
-    return errors > 0 ? 1 : 0;
-}
diff --git a/freebsd/crypto/openssl/crypto/x509v3/v3prin.c b/freebsd/crypto/openssl/crypto/x509v3/v3prin.c
deleted file mode 100644
index e9b4c995..00000000
--- a/freebsd/crypto/openssl/crypto/x509v3/v3prin.c
+++ /dev/null
@@ -1,101 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* v3prin.c */
-/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <openssl/asn1.h>
-#include <openssl/conf.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-int main(int argc, char **argv)
-{
-    X509 *cert;
-    FILE *inf;
-    int i, count;
-    X509_EXTENSION *ext;
-    X509V3_add_standard_extensions();
-    ERR_load_crypto_strings();
-    if (!argv[1]) {
-        fprintf(stderr, "Usage v3prin cert.pem\n");
-        exit(1);
-    }
-    if (!(inf = fopen(argv[1], "r"))) {
-        fprintf(stderr, "Can't open %s\n", argv[1]);
-        exit(1);
-    }
-    if (!(cert = PEM_read_X509(inf, NULL, NULL))) {
-        fprintf(stderr, "Can't read certificate %s\n", argv[1]);
-        ERR_print_errors_fp(stderr);
-        exit(1);
-    }
-    fclose(inf);
-    count = X509_get_ext_count(cert);
-    printf("%d extensions\n", count);
-    for (i = 0; i < count; i++) {
-        ext = X509_get_ext(cert, i);
-        printf("%s\n", OBJ_nid2ln(OBJ_obj2nid(ext->object)));
-        if (!X509V3_EXT_print_fp(stdout, ext, 0, 0))
-            ERR_print_errors_fp(stderr);
-        printf("\n");
-
-    }
-    return 0;
-}
diff --git a/freebsd/crypto/openssl/e_os.h b/freebsd/crypto/openssl/e_os.h
index 1fa36c17..5769029b 100644
--- a/freebsd/crypto/openssl/e_os.h
+++ b/freebsd/crypto/openssl/e_os.h
@@ -1,131 +1,58 @@
-/* e_os.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #ifndef HEADER_E_OS_H
 # define HEADER_E_OS_H
 
+# include <limits.h>
 # include <openssl/opensslconf.h>
 
 # include <openssl/e_os2.h>
+# include <openssl/crypto.h>
+# include "internal/nelem.h"
+
 /*
  * <openssl/e_os2.h> contains what we can justify to make visible to the
  * outside; this file e_os.h is not part of the exported interface.
  */
 
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* Used to checking reference counts, most while doing perl5 stuff :-) */
-# ifdef REF_PRINT
-#  undef REF_PRINT
-#  define REF_PRINT(a,b)  fprintf(stderr,"%08X:%4d:%s\n",(int)b,b->references,a)
-# endif
-
 # ifndef DEVRANDOM
 /*
- * set this to a comma-separated list of 'random' device files to try out. My
+ * set this to a comma-separated list of 'random' device files to try out. By
  * default, we will try to read at least one of these files
  */
-#  define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom"
+#  if defined(__s390__)
+#   define DEVRANDOM "/dev/prandom","/dev/urandom","/dev/hwrng","/dev/random"
+#  else
+#   define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom"
+#  endif
 # endif
-# ifndef DEVRANDOM_EGD
+# if !defined(OPENSSL_NO_EGD) && !defined(DEVRANDOM_EGD)
 /*
- * set this to a comma-seperated list of 'egd' sockets to try out. These
+ * set this to a comma-separated list of 'egd' sockets to try out. These
  * sockets will be tried in the order listed in case accessing the device
- * files listed in DEVRANDOM did not return enough entropy.
+ * files listed in DEVRANDOM did not return enough randomness.
  */
 #  define DEVRANDOM_EGD "/var/run/egd-pool","/dev/egd-pool","/etc/egd-pool","/etc/entropy"
 # endif
 
-# if defined(OPENSSL_SYS_VXWORKS)
-#  define NO_SYS_PARAM_H
+# if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)
 #  define NO_CHMOD
 #  define NO_SYSLOG
 # endif
 
-# if defined(OPENSSL_SYS_MACINTOSH_CLASSIC)
-#  if macintosh==1
-#   ifndef MAC_OS_GUSI_SOURCE
-#    define MAC_OS_pre_X
-#    define NO_SYS_TYPES_H
-#   endif
-#   define NO_SYS_PARAM_H
-#   define NO_CHMOD
-#   define NO_SYSLOG
-#   undef  DEVRANDOM
-#   define GETPID_IS_MEANINGLESS
-#  endif
-# endif
+# define get_last_sys_error()    errno
+# define clear_sys_error()       errno=0
 
 /********************************************************************
  The Microsoft section
  ********************************************************************/
-/*
- * The following is used because of the small stack in some Microsoft
- * operating systems
- */
-# if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYSNAME_WIN32)
-#  define MS_STATIC     static
-# else
-#  define MS_STATIC
-# endif
-
 # if defined(OPENSSL_SYS_WIN32) && !defined(WIN32)
 #  define WIN32
 # endif
@@ -136,99 +63,15 @@ extern "C" {
 #  define MSDOS
 # endif
 
-# if defined(MSDOS) && !defined(GETPID_IS_MEANINGLESS)
-#  define GETPID_IS_MEANINGLESS
-# endif
-
 # ifdef WIN32
+#  undef get_last_sys_error
+#  undef clear_sys_error
 #  define get_last_sys_error()    GetLastError()
 #  define clear_sys_error()       SetLastError(0)
 #  if !defined(WINNT)
 #   define WIN_CONSOLE_BUG
 #  endif
 # else
-#  define get_last_sys_error()    errno
-#  define clear_sys_error()       errno=0
-# endif
-
-# if defined(WINDOWS)
-#  define get_last_socket_error() WSAGetLastError()
-#  define clear_socket_error()    WSASetLastError(0)
-#  define readsocket(s,b,n)       recv((s),(b),(n),0)
-#  define writesocket(s,b,n)      send((s),(b),(n),0)
-# elif defined(__DJGPP__)
-#  define WATT32
-#  define get_last_socket_error() errno
-#  define clear_socket_error()    errno=0
-#  define closesocket(s)          close_s(s)
-#  define readsocket(s,b,n)       read_s(s,b,n)
-#  define writesocket(s,b,n)      send(s,b,n,0)
-# elif defined(MAC_OS_pre_X)
-#  define get_last_socket_error() errno
-#  define clear_socket_error()    errno=0
-#  define closesocket(s)          MacSocket_close(s)
-#  define readsocket(s,b,n)       MacSocket_recv((s),(b),(n),true)
-#  define writesocket(s,b,n)      MacSocket_send((s),(b),(n))
-# elif defined(OPENSSL_SYS_VMS)
-#  define get_last_socket_error() errno
-#  define clear_socket_error()    errno=0
-#  define ioctlsocket(a,b,c)      ioctl(a,b,c)
-#  define closesocket(s)          close(s)
-#  define readsocket(s,b,n)       recv((s),(b),(n),0)
-#  define writesocket(s,b,n)      send((s),(b),(n),0)
-# elif defined(OPENSSL_SYS_VXWORKS)
-#  define get_last_socket_error() errno
-#  define clear_socket_error()    errno=0
-#  define ioctlsocket(a,b,c)          ioctl((a),(b),(int)(c))
-#  define closesocket(s)              close(s)
-#  define readsocket(s,b,n)           read((s),(b),(n))
-#  define writesocket(s,b,n)          write((s),(char *)(b),(n))
-# elif defined(OPENSSL_SYS_BEOS_R5)
-#  define get_last_socket_error() errno
-#  define clear_socket_error()    errno=0
-#  define FIONBIO SO_NONBLOCK
-#  define ioctlsocket(a,b,c)                setsockopt((a),SOL_SOCKET,(b),(c),sizeof(*(c)))
-#  define readsocket(s,b,n)       recv((s),(b),(n),0)
-#  define writesocket(s,b,n)      send((s),(b),(n),0)
-# elif defined(OPENSSL_SYS_NETWARE)
-#  if defined(NETWARE_BSDSOCK)
-#   define get_last_socket_error() errno
-#   define clear_socket_error()    errno=0
-#   define closesocket(s)          close(s)
-#   define ioctlsocket(a,b,c)      ioctl(a,b,c)
-#   if defined(NETWARE_LIBC)
-#    define readsocket(s,b,n)       recv((s),(b),(n),0)
-#    define writesocket(s,b,n)      send((s),(b),(n),0)
-#   else
-#    define readsocket(s,b,n)       recv((s),(char*)(b),(n),0)
-#    define writesocket(s,b,n)      send((s),(char*)(b),(n),0)
-#   endif
-#  else
-#   define get_last_socket_error() WSAGetLastError()
-#   define clear_socket_error()    WSASetLastError(0)
-#   define readsocket(s,b,n)               recv((s),(b),(n),0)
-#   define writesocket(s,b,n)              send((s),(b),(n),0)
-#  endif
-# else
-#  define get_last_socket_error() errno
-#  define clear_socket_error()    errno=0
-#  define ioctlsocket(a,b,c)      ioctl(a,b,c)
-#  define closesocket(s)          close(s)
-#  define readsocket(s,b,n)       read((s),(b),(n))
-#  define writesocket(s,b,n)      write((s),(b),(n))
-# endif
-
-# ifdef WIN16                   /* never the case */
-#  define MS_CALLBACK   _far _loadds
-#  define MS_FAR        _far
-# else
-#  define MS_CALLBACK
-#  define MS_FAR
-# endif
-
-# ifdef OPENSSL_NO_STDIO
-#  undef OPENSSL_NO_FP_API
-#  define OPENSSL_NO_FP_API
 # endif
 
 # if (defined(WINDOWS) || defined(MSDOS))
@@ -236,12 +79,11 @@ extern "C" {
 #  ifdef __DJGPP__
 #   include <unistd.h>
 #   include <sys/stat.h>
-#   include <sys/socket.h>
-#   include <tcp.h>
-#   include <netdb.h>
 #   define _setmode setmode
 #   define _O_TEXT O_TEXT
 #   define _O_BINARY O_BINARY
+#   define HAS_LFN_SUPPORT(name)  (pathconf((name), _PC_NAME_MAX) > 12)
+#   undef DEVRANDOM_EGD  /*  Neither MS-DOS nor FreeDOS provide 'egd' sockets.  */
 #   undef DEVRANDOM
 #   define DEVRANDOM "/dev/urandom\x24"
 #  endif                        /* __DJGPP__ */
@@ -257,27 +99,24 @@ extern "C" {
 #  if !defined(WINNT) && !defined(__DJGPP__)
 #   define NO_SYSLOG
 #  endif
-#  define NO_DIRENT
 
 #  ifdef WINDOWS
 #   if !defined(_WIN32_WCE) && !defined(_WIN32_WINNT)
        /*
         * Defining _WIN32_WINNT here in e_os.h implies certain "discipline."
         * Most notably we ought to check for availability of each specific
-        * routine with GetProcAddress() and/or guard NT-specific calls with
-        * GetVersion() < 0x80000000. One can argue that in latter "or" case
-        * we ought to /DELAYLOAD some .DLLs in order to protect ourselves
-        * against run-time link errors. This doesn't seem to be necessary,
-        * because it turned out that already Windows 95, first non-NT Win32
-        * implementation, is equipped with at least NT 3.51 stubs, dummy
-        * routines with same name, but which do nothing. Meaning that it's
-        * apparently sufficient to guard "vanilla" NT calls with GetVersion
-        * alone, while NT 4.0 and above interfaces ought to be linked with
-        * GetProcAddress at run-time.
+        * routine that was introduced after denoted _WIN32_WINNT with
+        * GetProcAddress(). Normally newer functions are masked with higher
+        * _WIN32_WINNT in SDK headers. So that if you wish to use them in
+        * some module, you'd need to override _WIN32_WINNT definition in
+        * the target module in order to "reach for" prototypes, but replace
+        * calls to new functions with indirect calls. Alternatively it
+        * might be possible to achieve the goal by /DELAYLOAD-ing .DLLs
+        * and check for current OS version instead.
         */
-#    define _WIN32_WINNT 0x0400
+#    define _WIN32_WINNT 0x0501
 #   endif
-#   if !defined(OPENSSL_NO_SOCK) && (defined(_WIN32_WINNT) || defined(_WIN32_WCE))
+#   if defined(_WIN32_WINNT) || defined(_WIN32_WCE)
        /*
         * Just like defining _WIN32_WINNT including winsock2.h implies
         * certain "discipline" for maintaining [broad] binary compatibility.
@@ -309,14 +148,6 @@ static __inline unsigned int _strlen31(const char *str)
 }
 #   endif
 #   include <malloc.h>
-#   if defined(_MSC_VER) && _MSC_VER<=1200 && defined(_MT) && defined(isspace)
-       /* compensate for bug in VC6 ctype.h */
-#    undef isspace
-#    undef isdigit
-#    undef isalnum
-#    undef isupper
-#    undef isxdigit
-#   endif
 #   if defined(_MSC_VER) && !defined(_WIN32_WCE) && !defined(_DLL) && defined(stdin)
 #    if _MSC_VER>=1300 && _MSC_VER<1600
 #     undef stdin
@@ -351,29 +182,14 @@ extern FILE *_imp___iob;
 #   define OPENSSL_NO_POSIX_IO
 #  endif
 
-#  if defined (__BORLANDC__)
-#   define _setmode setmode
-#   define _O_TEXT O_TEXT
-#   define _O_BINARY O_BINARY
-#   define _int64 __int64
-#   define _kbhit kbhit
-#  endif
-
 #  define EXIT(n) exit(n)
 #  define LIST_SEPARATOR_CHAR ';'
-#  ifndef X_OK
-#   define X_OK        0
-#  endif
 #  ifndef W_OK
 #   define W_OK        2
 #  endif
 #  ifndef R_OK
 #   define R_OK        4
 #  endif
-#  define OPENSSL_CONF  "openssl.cnf"
-#  define SSLEAY_CONF   OPENSSL_CONF
-#  define NUL_DEV       "nul"
-#  define RFILE         ".rnd"
 #  ifdef OPENSSL_SYS_WINCE
 #   define DEFAULT_HOME  ""
 #  else
@@ -391,6 +207,12 @@ extern FILE *_imp___iob;
 
 # else                          /* The non-microsoft world */
 
+#  if defined(OPENSSL_SYS_VXWORKS)
+#   include <sys/times.h>
+#  else
+#   include <sys/time.h>
+#  endif
+
 #  ifdef OPENSSL_SYS_VMS
 #   define VMS 1
   /*
@@ -403,11 +225,7 @@ extern FILE *_imp___iob;
 #   else
 #    include <unixlib.h>
 #   endif
-#   define OPENSSL_CONF        "openssl.cnf"
-#   define SSLEAY_CONF         OPENSSL_CONF
-#   define RFILE               ".rnd"
 #   define LIST_SEPARATOR_CHAR ','
-#   define NUL_DEV             "NLA0:"
   /* We don't have any well-defined random devices on VMS, yet... */
 #   undef DEVRANDOM
   /*-
@@ -423,304 +241,57 @@ extern FILE *_imp___iob;
 
      So, what we do here is to change 0 to 1 to get the default success status,
      and everything else is shifted up to fit into the status number field, and
-     the status is tagged as an error, which I believe is what is wanted here.
+     the status is tagged as an error, which is what is wanted here.
+
+     Finally, we add the VMS C facility code 0x35a000, because there are some
+     programs, such as Perl, that will reinterpret the code back to something
+     POSIXly.  'man perlvms' explains it further.
+
+     NOTE: the perlvms manual wants to turn all codes 2 to 255 into success
+     codes (status type = 1).  I couldn't disagree more.  Fortunately, the
+     status type doesn't seem to bother Perl.
      -- Richard Levitte
   */
-#   define EXIT(n)             do { int __VMS_EXIT = n; \
-                                     if (__VMS_EXIT == 0) \
-                                       __VMS_EXIT = 1; \
-                                     else \
-                                       __VMS_EXIT = (n << 3) | 2; \
-                                     __VMS_EXIT |= 0x10000000; \
-                                     exit(__VMS_EXIT); } while(0)
-#   define NO_SYS_PARAM_H
-
-#  elif defined(OPENSSL_SYS_NETWARE)
-#   include <fcntl.h>
-#   include <unistd.h>
-#   define NO_SYS_TYPES_H
-#   undef  DEVRANDOM
-#   ifdef NETWARE_CLIB
-#    define getpid GetThreadID
-extern int GetThreadID(void);
-/* #      include <conio.h> */
-extern int kbhit(void);
-#   else
-#    include <screen.h>
-#   endif
-#   define NO_SYSLOG
-#   define _setmode setmode
-#   define _kbhit kbhit
-#   define _O_TEXT O_TEXT
-#   define _O_BINARY O_BINARY
-#   define OPENSSL_CONF   "openssl.cnf"
-#   define SSLEAY_CONF    OPENSSL_CONF
-#   define RFILE    ".rnd"
-#   define LIST_SEPARATOR_CHAR ';'
-#   define EXIT(n)  { if (n) printf("ERROR: %d\n", (int)n); exit(n); }
+#   define EXIT(n)  exit((n) ? (((n) << 3) | 2 | 0x10000000 | 0x35a000) : 1)
+
+#   define DEFAULT_HOME "SYS$LOGIN:"
 
 #  else
      /* !defined VMS */
-#   ifdef OPENSSL_SYS_MPE
-#    define NO_SYS_PARAM_H
-#   endif
 #   ifdef OPENSSL_UNISTD
 #    include OPENSSL_UNISTD
 #   else
 #    include <unistd.h>
 #   endif
-#   ifndef NO_SYS_TYPES_H
-#    include <sys/types.h>
-#   endif
-#   if defined(NeXT) || defined(OPENSSL_SYS_NEWS4)
-#    define pid_t int           /* pid_t is missing on NEXTSTEP/OPENSTEP
-                                 * (unless when compiling with
-                                 * -D_POSIX_SOURCE, which doesn't work for
-                                 * us) */
-#   endif
-#   ifdef OPENSSL_SYS_NEWS4     /* setvbuf is missing on mips-sony-bsd */
-#    define setvbuf(a, b, c, d) setbuffer((a), (b), (d))
-typedef unsigned long clock_t;
-#   endif
+#   include <sys/types.h>
 #   ifdef OPENSSL_SYS_WIN32_CYGWIN
 #    include <io.h>
 #    include <fcntl.h>
 #   endif
 
-#   define OPENSSL_CONF        "openssl.cnf"
-#   define SSLEAY_CONF         OPENSSL_CONF
-#   define RFILE               ".rnd"
 #   define LIST_SEPARATOR_CHAR ':'
-#   define NUL_DEV             "/dev/null"
 #   define EXIT(n)             exit(n)
 #  endif
 
-#  define SSLeay_getpid()       getpid()
-
-# endif
-
-/*************/
-
-# if defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_DGRAM)
-#  define OPENSSL_NO_DGRAM
-# endif
-
-# ifdef USE_SOCKETS
-#  if defined(WINDOWS) || defined(MSDOS)
-      /* windows world */
-
-#   ifdef OPENSSL_NO_SOCK
-#    define SSLeay_Write(a,b,c)       (-1)
-#    define SSLeay_Read(a,b,c)        (-1)
-#    define SHUTDOWN(fd)              close(fd)
-#    define SHUTDOWN2(fd)             close(fd)
-#   elif !defined(__DJGPP__)
-#    if defined(_WIN32_WCE) && _WIN32_WCE<410
-#     define getservbyname _masked_declaration_getservbyname
-#    endif
-#    if !defined(IPPROTO_IP)
-         /* winsock[2].h was included already? */
-#     include <winsock.h>
-#    endif
-#    ifdef getservbyname
-#     undef getservbyname
-         /* this is used to be wcecompat/include/winsock_extras.h */
-struct servent *PASCAL getservbyname(const char *, const char *);
-#    endif
-
-#    ifdef _WIN64
-/*
- * Even though sizeof(SOCKET) is 8, it's safe to cast it to int, because
- * the value constitutes an index in per-process table of limited size
- * and not a real pointer.
- */
-#     define socket(d,t,p)   ((int)socket(d,t,p))
-#     define accept(s,f,l)   ((int)accept(s,f,l))
-#    endif
-#    define SSLeay_Write(a,b,c)       send((a),(b),(c),0)
-#    define SSLeay_Read(a,b,c)        recv((a),(b),(c),0)
-#    define SHUTDOWN(fd)              { shutdown((fd),0); closesocket(fd); }
-#    define SHUTDOWN2(fd)             { shutdown((fd),2); closesocket(fd); }
-#   else
-#    define SSLeay_Write(a,b,c)       write_s(a,b,c,0)
-#    define SSLeay_Read(a,b,c)        read_s(a,b,c)
-#    define SHUTDOWN(fd)              close_s(fd)
-#    define SHUTDOWN2(fd)             close_s(fd)
-#   endif
-
-#  elif defined(MAC_OS_pre_X)
-
-#   include "MacSocket.h"
-#   define SSLeay_Write(a,b,c)         MacSocket_send((a),(b),(c))
-#   define SSLeay_Read(a,b,c)          MacSocket_recv((a),(b),(c),true)
-#   define SHUTDOWN(fd)                MacSocket_close(fd)
-#   define SHUTDOWN2(fd)               MacSocket_close(fd)
-
-#  elif defined(OPENSSL_SYS_NETWARE)
-         /*
-          * NetWare uses the WinSock2 interfaces by default, but can be
-          * configured for BSD
-          */
-#   if defined(NETWARE_BSDSOCK)
-#    include <sys/socket.h>
-#    include <netinet/in.h>
-#    include <sys/time.h>
-#    if defined(NETWARE_CLIB)
-#     include <sys/bsdskt.h>
-#    else
-#     include <sys/select.h>
-#    endif
-#    define INVALID_SOCKET (int)(~0)
-#   else
-#    include <novsock2.h>
-#   endif
-#   define SSLeay_Write(a,b,c)   send((a),(b),(c),0)
-#   define SSLeay_Read(a,b,c) recv((a),(b),(c),0)
-#   define SHUTDOWN(fd)    { shutdown((fd),0); closesocket(fd); }
-#   define SHUTDOWN2(fd)      { shutdown((fd),2); closesocket(fd); }
-
-#  else
-
-#   ifndef NO_SYS_PARAM_H
-#    include <sys/param.h>
-#   endif
-#   ifdef OPENSSL_SYS_VXWORKS
-#    include <time.h>
-#   elif !defined(OPENSSL_SYS_MPE)
-#    include <sys/time.h>       /* Needed under linux for FD_XXX */
-#   endif
-
-#   include <netdb.h>
-#   if defined(OPENSSL_SYS_VMS_NODECC)
-#    include <socket.h>
-#    include <in.h>
-#    include <inet.h>
-#   else
-#    include <sys/socket.h>
-#    ifdef FILIO_H
-#     include <sys/filio.h>     /* Added for FIONBIO under unixware */
-#    endif
-#    include <netinet/in.h>
-#    if !defined(OPENSSL_SYS_BEOS_R5)
-#     include <arpa/inet.h>
-#    endif
-#   endif
-
-#   if defined(NeXT) || defined(_NEXT_SOURCE)
-#    include <sys/fcntl.h>
-#    include <sys/types.h>
-#   endif
-
-#   ifdef OPENSSL_SYS_AIX
-#    include <sys/select.h>
-#   endif
-
-#   ifdef __QNX__
-#    include <sys/select.h>
-#   endif
-
-#   if defined(__sun) || defined(sun)
-#    include <sys/filio.h>
-#   else
-#    ifndef VMS
-#     include <sys/ioctl.h>
-#    else
-         /* ioctl is only in VMS > 7.0 and when socketshr is not used */
-#     if !defined(TCPIP_TYPE_SOCKETSHR) && defined(__VMS_VER) && (__VMS_VER > 70000000)
-#      include <sys/ioctl.h>
-#     endif
-#    endif
-#   endif
-
-#   ifdef VMS
-#    include <unixio.h>
-#    if defined(TCPIP_TYPE_SOCKETSHR)
-#     include <socketshr.h>
-#    endif
-#   endif
-
-#   define SSLeay_Read(a,b,c)     read((a),(b),(c))
-#   define SSLeay_Write(a,b,c)    write((a),(b),(c))
-#   define SHUTDOWN(fd)    { shutdown((fd),0); closesocket((fd)); }
-#   define SHUTDOWN2(fd)   { shutdown((fd),2); closesocket((fd)); }
-#   ifndef INVALID_SOCKET
-#    define INVALID_SOCKET      (-1)
-#   endif                       /* INVALID_SOCKET */
-#  endif
-
-/*
- * Some IPv6 implementations are broken, disable them in known bad versions.
- */
-#  if !defined(OPENSSL_USE_IPV6)
-#   if defined(AF_INET6) && !defined(OPENSSL_SYS_BEOS_BONE) && !defined(NETWARE_CLIB)
-#    define OPENSSL_USE_IPV6 1
-#   else
-#    define OPENSSL_USE_IPV6 0
-#   endif
-#  endif
-
-# endif
-
-# if (defined(__sun) || defined(sun)) && !defined(__svr4__) && !defined(__SVR4)
-  /* include headers first, so our defines don't break it */
-#  include <stdlib.h>
-#  include <string.h>
-  /* bcopy can handle overlapping moves according to SunOS 4.1.4 manpage */
-#  define memmove(s1,s2,n) bcopy((s2),(s1),(n))
-#  define strtoul(s,e,b) ((unsigned long int)strtol((s),(e),(b)))
-extern char *sys_errlist[];
-extern int sys_nerr;
-#  define strerror(errnum) \
-        (((errnum)<0 || (errnum)>=sys_nerr) ? NULL : sys_errlist[errnum])
-  /* Being signed SunOS 4.x memcpy breaks ASN1_OBJECT table lookup */
-#  include "crypto/o_str.h"
-#  define memcmp OPENSSL_memcmp
-# endif
-
-# ifndef OPENSSL_EXIT
-#  if defined(MONOLITH) && !defined(OPENSSL_C)
-#   define OPENSSL_EXIT(n) return(n)
-#  else
-#   define OPENSSL_EXIT(n) do { EXIT(n); return(n); } while(0)
-#  endif
 # endif
 
 /***********************************************/
 
-# define DG_GCC_BUG             /* gcc < 2.6.3 on DGUX */
-
-# ifdef sgi
-#  define IRIX_CC_BUG           /* all version of IRIX I've tested (4.* 5.*) */
-# endif
-# ifdef OPENSSL_SYS_SNI
-#  define IRIX_CC_BUG           /* CDS++ up to V2.0Bsomething suffered from
-                                 * the same bug. */
-# endif
-
 # if defined(OPENSSL_SYS_WINDOWS)
 #  define strcasecmp _stricmp
 #  define strncasecmp _strnicmp
-# elif defined(OPENSSL_SYS_VMS)
-/* VMS below version 7.0 doesn't have strcasecmp() */
-#  include "o_str.h"
-#  define strcasecmp OPENSSL_strcasecmp
-#  define strncasecmp OPENSSL_strncasecmp
-#  define OPENSSL_IMPLEMENTS_strncasecmp
-# elif defined(OPENSSL_SYS_OS2) && defined(__EMX__)
-#  define strcasecmp stricmp
-#  define strncasecmp strnicmp
-# elif defined(OPENSSL_SYS_NETWARE)
-#  include <string.h>
-#  if defined(NETWARE_CLIB)
-#   define strcasecmp stricmp
-#   define strncasecmp strnicmp
-#  endif                        /* NETWARE_CLIB */
-# endif
-
-# if defined(OPENSSL_SYS_OS2) && defined(__EMX__)
-#  include <io.h>
-#  include <fcntl.h>
-#  define NO_SYSLOG
+#  if (_MSC_VER >= 1310)
+#   define open _open
+#   define fdopen _fdopen
+#   define close _close
+#   ifndef strdup
+#    define strdup _strdup
+#   endif
+#   define unlink _unlink
+#   define fileno _fileno
+#  endif
+# else
+#  include <strings.h>
 # endif
 
 /* vxworks */
@@ -728,20 +299,16 @@ extern int sys_nerr;
 #  include <ioLib.h>
 #  include <tickLib.h>
 #  include <sysLib.h>
-
-#  define TTY_STRUCT int
-
-#  define sleep(a) taskDelay((a) * sysClkRateGet())
-
 #  include <vxWorks.h>
 #  include <sockLib.h>
 #  include <taskLib.h>
 
-#  define getpid taskIdSelf
+#  define TTY_STRUCT int
+#  define sleep(a) taskDelay((a) * sysClkRateGet())
 
 /*
  * NOTE: these are implemented by helpers in database app! if the database is
- * not linked, we need to implement them elswhere
+ * not linked, we need to implement them elsewhere
  */
 struct hostent *gethostbyname(const char *name);
 struct hostent *gethostbyaddr(const char *addr, int length, int type);
@@ -750,33 +317,8 @@ struct servent *getservbyname(const char *name, const char *proto);
 # endif
 /* end vxworks */
 
-/* beos */
-# if defined(OPENSSL_SYS_BEOS_R5)
-#  define SO_ERROR 0
-#  define NO_SYS_UN
-#  define IPPROTO_IP 0
-#  include <OS.h>
-# endif
-
-# if !defined(inline) && !defined(__cplusplus)
-#  if defined(__STDC_VERSION__) && __STDC_VERSION__>=199901L
-   /* do nothing, inline works */
-#  elif defined(__GNUC__) && __GNUC__>=2
-#   define inline __inline__
-#  elif defined(_MSC_VER)
-  /*
-   * Visual Studio: inline is available in C++ only, however
-   * __inline is available for C, see
-   * http://msdn.microsoft.com/en-us/library/z8y1yy88.aspx
-   */
-#   define inline __inline
-#  else
-#   define inline
-#  endif
-# endif
-
-#ifdef  __cplusplus
-}
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+# define CRYPTO_memcmp memcmp
 #endif
 
 #endif
diff --git a/freebsd/crypto/openssl/e_os2.h b/freebsd/crypto/openssl/e_os2.h
deleted file mode 100644
index 7be9989a..00000000
--- a/freebsd/crypto/openssl/e_os2.h
+++ /dev/null
@@ -1,328 +0,0 @@
-/* e_os2.h */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/opensslconf.h>
-
-#ifndef HEADER_E_OS2_H
-# define HEADER_E_OS2_H
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/******************************************************************************
- * Detect operating systems.  This probably needs completing.
- * The result is that at least one OPENSSL_SYS_os macro should be defined.
- * However, if none is defined, Unix is assumed.
- **/
-
-# define OPENSSL_SYS_UNIX
-
-/* ---------------------- Macintosh, before MacOS X ----------------------- */
-# if defined(__MWERKS__) && defined(macintosh) || defined(OPENSSL_SYSNAME_MAC)
-#  undef OPENSSL_SYS_UNIX
-#  define OPENSSL_SYS_MACINTOSH_CLASSIC
-# endif
-
-/* ---------------------- NetWare ----------------------------------------- */
-# if defined(NETWARE) || defined(OPENSSL_SYSNAME_NETWARE)
-#  undef OPENSSL_SYS_UNIX
-#  define OPENSSL_SYS_NETWARE
-# endif
-
-/* --------------------- Microsoft operating systems ---------------------- */
-
-/*
- * Note that MSDOS actually denotes 32-bit environments running on top of
- * MS-DOS, such as DJGPP one.
- */
-# if defined(OPENSSL_SYSNAME_MSDOS)
-#  undef OPENSSL_SYS_UNIX
-#  define OPENSSL_SYS_MSDOS
-# endif
-
-/*
- * For 32 bit environment, there seems to be the CygWin environment and then
- * all the others that try to do the same thing Microsoft does...
- */
-# if defined(OPENSSL_SYSNAME_UWIN)
-#  undef OPENSSL_SYS_UNIX
-#  define OPENSSL_SYS_WIN32_UWIN
-# else
-#  if defined(__CYGWIN__) || defined(OPENSSL_SYSNAME_CYGWIN)
-#   undef OPENSSL_SYS_UNIX
-#   define OPENSSL_SYS_WIN32_CYGWIN
-#  else
-#   if defined(_WIN32) || defined(OPENSSL_SYSNAME_WIN32)
-#    undef OPENSSL_SYS_UNIX
-#    define OPENSSL_SYS_WIN32
-#   endif
-#   if defined(_WIN64) || defined(OPENSSL_SYSNAME_WIN64)
-#    undef OPENSSL_SYS_UNIX
-#    if !defined(OPENSSL_SYS_WIN64)
-#     define OPENSSL_SYS_WIN64
-#    endif
-#   endif
-#   if defined(OPENSSL_SYSNAME_WINNT)
-#    undef OPENSSL_SYS_UNIX
-#    define OPENSSL_SYS_WINNT
-#   endif
-#   if defined(OPENSSL_SYSNAME_WINCE)
-#    undef OPENSSL_SYS_UNIX
-#    define OPENSSL_SYS_WINCE
-#   endif
-#  endif
-# endif
-
-/* Anything that tries to look like Microsoft is "Windows" */
-# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN64) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE)
-#  undef OPENSSL_SYS_UNIX
-#  define OPENSSL_SYS_WINDOWS
-#  ifndef OPENSSL_SYS_MSDOS
-#   define OPENSSL_SYS_MSDOS
-#  endif
-# endif
-
-/*
- * DLL settings.  This part is a bit tough, because it's up to the
- * application implementor how he or she will link the application, so it
- * requires some macro to be used.
- */
-# ifdef OPENSSL_SYS_WINDOWS
-#  ifndef OPENSSL_OPT_WINDLL
-#   if defined(_WINDLL)         /* This is used when building OpenSSL to
-                                 * indicate that DLL linkage should be used */
-#    define OPENSSL_OPT_WINDLL
-#   endif
-#  endif
-# endif
-
-/* ------------------------------- OpenVMS -------------------------------- */
-# if defined(__VMS) || defined(VMS) || defined(OPENSSL_SYSNAME_VMS)
-#  undef OPENSSL_SYS_UNIX
-#  define OPENSSL_SYS_VMS
-#  if defined(__DECC)
-#   define OPENSSL_SYS_VMS_DECC
-#  elif defined(__DECCXX)
-#   define OPENSSL_SYS_VMS_DECC
-#   define OPENSSL_SYS_VMS_DECCXX
-#  else
-#   define OPENSSL_SYS_VMS_NODECC
-#  endif
-# endif
-
-/* -------------------------------- OS/2 ---------------------------------- */
-# if defined(__EMX__) || defined(__OS2__)
-#  undef OPENSSL_SYS_UNIX
-#  define OPENSSL_SYS_OS2
-# endif
-
-/* -------------------------------- Unix ---------------------------------- */
-# ifdef OPENSSL_SYS_UNIX
-#  if defined(linux) || defined(__linux__) || defined(OPENSSL_SYSNAME_LINUX)
-#   define OPENSSL_SYS_LINUX
-#  endif
-#  ifdef OPENSSL_SYSNAME_MPE
-#   define OPENSSL_SYS_MPE
-#  endif
-#  ifdef OPENSSL_SYSNAME_SNI
-#   define OPENSSL_SYS_SNI
-#  endif
-#  ifdef OPENSSL_SYSNAME_ULTRASPARC
-#   define OPENSSL_SYS_ULTRASPARC
-#  endif
-#  ifdef OPENSSL_SYSNAME_NEWS4
-#   define OPENSSL_SYS_NEWS4
-#  endif
-#  ifdef OPENSSL_SYSNAME_MACOSX
-#   define OPENSSL_SYS_MACOSX
-#  endif
-#  ifdef OPENSSL_SYSNAME_MACOSX_RHAPSODY
-#   define OPENSSL_SYS_MACOSX_RHAPSODY
-#   define OPENSSL_SYS_MACOSX
-#  endif
-#  ifdef OPENSSL_SYSNAME_SUNOS
-#   define OPENSSL_SYS_SUNOS
-#  endif
-#  if defined(_CRAY) || defined(OPENSSL_SYSNAME_CRAY)
-#   define OPENSSL_SYS_CRAY
-#  endif
-#  if defined(_AIX) || defined(OPENSSL_SYSNAME_AIX)
-#   define OPENSSL_SYS_AIX
-#  endif
-# endif
-
-/* -------------------------------- VOS ----------------------------------- */
-# if defined(__VOS__) || defined(OPENSSL_SYSNAME_VOS)
-#  define OPENSSL_SYS_VOS
-#  ifdef __HPPA__
-#   define OPENSSL_SYS_VOS_HPPA
-#  endif
-#  ifdef __IA32__
-#   define OPENSSL_SYS_VOS_IA32
-#  endif
-# endif
-
-/* ------------------------------ VxWorks --------------------------------- */
-# ifdef OPENSSL_SYSNAME_VXWORKS
-#  define OPENSSL_SYS_VXWORKS
-# endif
-
-/* -------------------------------- BeOS ---------------------------------- */
-# if defined(__BEOS__)
-#  define OPENSSL_SYS_BEOS
-#  include <sys/socket.h>
-#  if defined(BONE_VERSION)
-#   define OPENSSL_SYS_BEOS_BONE
-#  else
-#   define OPENSSL_SYS_BEOS_R5
-#  endif
-# endif
-
-/**
- * That's it for OS-specific stuff
- *****************************************************************************/
-
-/* Specials for I/O an exit */
-# ifdef OPENSSL_SYS_MSDOS
-#  define OPENSSL_UNISTD_IO <io.h>
-#  define OPENSSL_DECLARE_EXIT extern void exit(int);
-# else
-#  define OPENSSL_UNISTD_IO OPENSSL_UNISTD
-#  define OPENSSL_DECLARE_EXIT  /* declared in unistd.h */
-# endif
-
-/*-
- * Definitions of OPENSSL_GLOBAL and OPENSSL_EXTERN, to define and declare
- * certain global symbols that, with some compilers under VMS, have to be
- * defined and declared explicitely with globaldef and globalref.
- * Definitions of OPENSSL_EXPORT and OPENSSL_IMPORT, to define and declare
- * DLL exports and imports for compilers under Win32.  These are a little
- * more complicated to use.  Basically, for any library that exports some
- * global variables, the following code must be present in the header file
- * that declares them, before OPENSSL_EXTERN is used:
- *
- * #ifdef SOME_BUILD_FLAG_MACRO
- * # undef OPENSSL_EXTERN
- * # define OPENSSL_EXTERN OPENSSL_EXPORT
- * #endif
- *
- * The default is to have OPENSSL_EXPORT, OPENSSL_IMPORT and OPENSSL_GLOBAL
- * have some generally sensible values, and for OPENSSL_EXTERN to have the
- * value OPENSSL_IMPORT.
- */
-
-# if defined(OPENSSL_SYS_VMS_NODECC)
-#  define OPENSSL_EXPORT globalref
-#  define OPENSSL_IMPORT globalref
-#  define OPENSSL_GLOBAL globaldef
-# elif defined(OPENSSL_SYS_WINDOWS) && defined(OPENSSL_OPT_WINDLL)
-#  define OPENSSL_EXPORT extern __declspec(dllexport)
-#  define OPENSSL_IMPORT extern __declspec(dllimport)
-#  define OPENSSL_GLOBAL
-# else
-#  define OPENSSL_EXPORT extern
-#  define OPENSSL_IMPORT extern
-#  define OPENSSL_GLOBAL
-# endif
-# define OPENSSL_EXTERN OPENSSL_IMPORT
-
-/*-
- * Macros to allow global variables to be reached through function calls when
- * required (if a shared library version requires it, for example.
- * The way it's done allows definitions like this:
- *
- *      // in foobar.c
- *      OPENSSL_IMPLEMENT_GLOBAL(int,foobar,0)
- *      // in foobar.h
- *      OPENSSL_DECLARE_GLOBAL(int,foobar);
- *      #define foobar OPENSSL_GLOBAL_REF(foobar)
- */
-# ifdef OPENSSL_EXPORT_VAR_AS_FUNCTION
-#  define OPENSSL_IMPLEMENT_GLOBAL(type,name,value)                      \
-        type *_shadow_##name(void)                                      \
-        { static type _hide_##name=value; return &_hide_##name; }
-#  define OPENSSL_DECLARE_GLOBAL(type,name) type *_shadow_##name(void)
-#  define OPENSSL_GLOBAL_REF(name) (*(_shadow_##name()))
-# else
-#  define OPENSSL_IMPLEMENT_GLOBAL(type,name,value) OPENSSL_GLOBAL type _shadow_##name=value;
-#  define OPENSSL_DECLARE_GLOBAL(type,name) OPENSSL_EXPORT type _shadow_##name
-#  define OPENSSL_GLOBAL_REF(name) _shadow_##name
-# endif
-
-# if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && macintosh==1 && !defined(MAC_OS_GUSI_SOURCE)
-#  define ossl_ssize_t long
-# endif
-
-# ifdef OPENSSL_SYS_MSDOS
-#  define ossl_ssize_t long
-# endif
-
-# if defined(NeXT) || defined(OPENSSL_SYS_NEWS4) || defined(OPENSSL_SYS_SUNOS)
-#  define ssize_t int
-# endif
-
-# if defined(__ultrix) && !defined(ssize_t)
-#  define ossl_ssize_t int
-# endif
-
-# ifndef ossl_ssize_t
-#  define ossl_ssize_t ssize_t
-# endif
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/freebsd/crypto/openssl/engines/ccgost/e_gost_err.c b/freebsd/crypto/openssl/engines/ccgost/e_gost_err.c
deleted file mode 100644
index fa1064f8..00000000
--- a/freebsd/crypto/openssl/engines/ccgost/e_gost_err.c
+++ /dev/null
@@ -1,223 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* e_gost_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2015 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/*
- * NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include "e_gost_err.h"
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-# define ERR_FUNC(func) ERR_PACK(0,func,0)
-# define ERR_REASON(reason) ERR_PACK(0,0,reason)
-
-static ERR_STRING_DATA GOST_str_functs[] = {
-    {ERR_FUNC(GOST_F_DECODE_GOST_ALGOR_PARAMS), "DECODE_GOST_ALGOR_PARAMS"},
-    {ERR_FUNC(GOST_F_ENCODE_GOST_ALGOR_PARAMS), "ENCODE_GOST_ALGOR_PARAMS"},
-    {ERR_FUNC(GOST_F_FILL_GOST2001_PARAMS), "FILL_GOST2001_PARAMS"},
-    {ERR_FUNC(GOST_F_FILL_GOST94_PARAMS), "FILL_GOST94_PARAMS"},
-    {ERR_FUNC(GOST_F_GET_ENCRYPTION_PARAMS), "GET_ENCRYPTION_PARAMS"},
-    {ERR_FUNC(GOST_F_GOST2001_COMPUTE_PUBLIC), "GOST2001_COMPUTE_PUBLIC"},
-    {ERR_FUNC(GOST_F_GOST2001_DO_SIGN), "GOST2001_DO_SIGN"},
-    {ERR_FUNC(GOST_F_GOST2001_DO_VERIFY), "GOST2001_DO_VERIFY"},
-    {ERR_FUNC(GOST_F_GOST2001_KEYGEN), "GOST2001_KEYGEN"},
-    {ERR_FUNC(GOST_F_GOST89_GET_ASN1_PARAMETERS),
-     "GOST89_GET_ASN1_PARAMETERS"},
-    {ERR_FUNC(GOST_F_GOST89_SET_ASN1_PARAMETERS),
-     "GOST89_SET_ASN1_PARAMETERS"},
-    {ERR_FUNC(GOST_F_GOST94_COMPUTE_PUBLIC), "GOST94_COMPUTE_PUBLIC"},
-    {ERR_FUNC(GOST_F_GOST_CIPHER_CTL), "GOST_CIPHER_CTL"},
-    {ERR_FUNC(GOST_F_GOST_DO_SIGN), "GOST_DO_SIGN"},
-    {ERR_FUNC(GOST_F_GOST_DO_VERIFY), "GOST_DO_VERIFY"},
-    {ERR_FUNC(GOST_F_GOST_IMIT_CTRL), "GOST_IMIT_CTRL"},
-    {ERR_FUNC(GOST_F_GOST_IMIT_FINAL), "GOST_IMIT_FINAL"},
-    {ERR_FUNC(GOST_F_GOST_IMIT_UPDATE), "GOST_IMIT_UPDATE"},
-    {ERR_FUNC(GOST_F_GOST_SIGN_KEYGEN), "GOST_SIGN_KEYGEN"},
-    {ERR_FUNC(GOST_F_PARAM_COPY_GOST01), "PARAM_COPY_GOST01"},
-    {ERR_FUNC(GOST_F_PARAM_COPY_GOST94), "PARAM_COPY_GOST94"},
-    {ERR_FUNC(GOST_F_PKEY_GOST01CP_DECRYPT), "PKEY_GOST01CP_DECRYPT"},
-    {ERR_FUNC(GOST_F_PKEY_GOST01CP_ENCRYPT), "PKEY_GOST01CP_ENCRYPT"},
-    {ERR_FUNC(GOST_F_PKEY_GOST01CP_KEYGEN), "PKEY_GOST01CP_KEYGEN"},
-    {ERR_FUNC(GOST_F_PKEY_GOST01_PARAMGEN), "PKEY_GOST01_PARAMGEN"},
-    {ERR_FUNC(GOST_F_PKEY_GOST2001_DERIVE), "PKEY_GOST2001_DERIVE"},
-    {ERR_FUNC(GOST_F_PKEY_GOST94CP_DECRYPT), "PKEY_GOST94CP_DECRYPT"},
-    {ERR_FUNC(GOST_F_PKEY_GOST94CP_ENCRYPT), "PKEY_GOST94CP_ENCRYPT"},
-    {ERR_FUNC(GOST_F_PKEY_GOST94CP_KEYGEN), "PKEY_GOST94CP_KEYGEN"},
-    {ERR_FUNC(GOST_F_PKEY_GOST94_PARAMGEN), "PKEY_GOST94_PARAMGEN"},
-    {ERR_FUNC(GOST_F_PKEY_GOST_CTRL), "PKEY_GOST_CTRL"},
-    {ERR_FUNC(GOST_F_PKEY_GOST_CTRL01_STR), "PKEY_GOST_CTRL01_STR"},
-    {ERR_FUNC(GOST_F_PKEY_GOST_CTRL94_STR), "PKEY_GOST_CTRL94_STR"},
-    {ERR_FUNC(GOST_F_PKEY_GOST_MAC_CTRL), "PKEY_GOST_MAC_CTRL"},
-    {ERR_FUNC(GOST_F_PKEY_GOST_MAC_CTRL_STR), "PKEY_GOST_MAC_CTRL_STR"},
-    {ERR_FUNC(GOST_F_PKEY_GOST_MAC_KEYGEN), "PKEY_GOST_MAC_KEYGEN"},
-    {ERR_FUNC(GOST_F_PRINT_GOST_01), "PRINT_GOST_01"},
-    {ERR_FUNC(GOST_F_PRIV_DECODE_GOST), "PRIV_DECODE_GOST"},
-    {ERR_FUNC(GOST_F_PUB_DECODE_GOST01), "PUB_DECODE_GOST01"},
-    {ERR_FUNC(GOST_F_PUB_DECODE_GOST94), "PUB_DECODE_GOST94"},
-    {ERR_FUNC(GOST_F_PUB_ENCODE_GOST01), "PUB_ENCODE_GOST01"},
-    {ERR_FUNC(GOST_F_UNPACK_CC_SIGNATURE), "UNPACK_CC_SIGNATURE"},
-    {ERR_FUNC(GOST_F_UNPACK_CP_SIGNATURE), "UNPACK_CP_SIGNATURE"},
-    {0, NULL}
-};
-
-static ERR_STRING_DATA GOST_str_reasons[] = {
-    {ERR_REASON(GOST_R_BAD_KEY_PARAMETERS_FORMAT),
-     "bad key parameters format"},
-    {ERR_REASON(GOST_R_BAD_PKEY_PARAMETERS_FORMAT),
-     "bad pkey parameters format"},
-    {ERR_REASON(GOST_R_CANNOT_PACK_EPHEMERAL_KEY),
-     "cannot pack ephemeral key"},
-    {ERR_REASON(GOST_R_CTRL_CALL_FAILED), "ctrl call failed"},
-    {ERR_REASON(GOST_R_ERROR_COMPUTING_SHARED_KEY),
-     "error computing shared key"},
-    {ERR_REASON(GOST_R_ERROR_PACKING_KEY_TRANSPORT_INFO),
-     "error packing key transport info"},
-    {ERR_REASON(GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO),
-     "error parsing key transport info"},
-    {ERR_REASON(GOST_R_INCOMPATIBLE_ALGORITHMS), "incompatible algorithms"},
-    {ERR_REASON(GOST_R_INCOMPATIBLE_PEER_KEY), "incompatible peer key"},
-    {ERR_REASON(GOST_R_INVALID_CIPHER_PARAMS), "invalid cipher params"},
-    {ERR_REASON(GOST_R_INVALID_CIPHER_PARAM_OID), "invalid cipher param oid"},
-    {ERR_REASON(GOST_R_INVALID_DIGEST_TYPE), "invalid digest type"},
-    {ERR_REASON(GOST_R_INVALID_GOST94_PARMSET), "invalid gost94 parmset"},
-    {ERR_REASON(GOST_R_INVALID_IV_LENGTH), "invalid iv length"},
-    {ERR_REASON(GOST_R_INVALID_MAC_KEY_LENGTH), "invalid mac key length"},
-    {ERR_REASON(GOST_R_INVALID_PARAMSET), "invalid paramset"},
-    {ERR_REASON(GOST_R_KEY_IS_NOT_INITALIZED), "key is not initalized"},
-    {ERR_REASON(GOST_R_KEY_IS_NOT_INITIALIZED), "key is not initialized"},
-    {ERR_REASON(GOST_R_KEY_PARAMETERS_MISSING), "key parameters missing"},
-    {ERR_REASON(GOST_R_MAC_KEY_NOT_SET), "mac key not set"},
-    {ERR_REASON(GOST_R_MALLOC_FAILURE), "malloc failure"},
-    {ERR_REASON(GOST_R_NO_MEMORY), "no memory"},
-    {ERR_REASON(GOST_R_NO_PARAMETERS_SET), "no parameters set"},
-    {ERR_REASON(GOST_R_NO_PEER_KEY), "no peer key"},
-    {ERR_REASON(GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR),
-     "no private part of non ephemeral keypair"},
-    {ERR_REASON(GOST_R_PUBLIC_KEY_UNDEFINED), "public key undefined"},
-    {ERR_REASON(GOST_R_RANDOM_GENERATOR_ERROR), "random generator error"},
-    {ERR_REASON(GOST_R_RANDOM_GENERATOR_FAILURE), "random generator failure"},
-    {ERR_REASON(GOST_R_RANDOM_NUMBER_GENERATOR_FAILED),
-     "random number generator failed"},
-    {ERR_REASON(GOST_R_SIGNATURE_MISMATCH), "signature mismatch"},
-    {ERR_REASON(GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q),
-     "signature parts greater than q"},
-    {ERR_REASON(GOST_R_UKM_NOT_SET), "ukm not set"},
-    {ERR_REASON(GOST_R_UNSUPPORTED_CIPHER_CTL_COMMAND),
-     "unsupported cipher ctl command"},
-    {ERR_REASON(GOST_R_UNSUPPORTED_PARAMETER_SET),
-     "unsupported parameter set"},
-    {0, NULL}
-};
-
-#endif
-
-#ifdef GOST_LIB_NAME
-static ERR_STRING_DATA GOST_lib_name[] = {
-    {0, GOST_LIB_NAME},
-    {0, NULL}
-};
-#endif
-
-static int GOST_lib_error_code = 0;
-static int GOST_error_init = 1;
-
-void ERR_load_GOST_strings(void)
-{
-    if (GOST_lib_error_code == 0)
-        GOST_lib_error_code = ERR_get_next_error_library();
-
-    if (GOST_error_init) {
-        GOST_error_init = 0;
-#ifndef OPENSSL_NO_ERR
-        ERR_load_strings(GOST_lib_error_code, GOST_str_functs);
-        ERR_load_strings(GOST_lib_error_code, GOST_str_reasons);
-#endif
-
-#ifdef GOST_LIB_NAME
-        GOST_lib_name->error = ERR_PACK(GOST_lib_error_code, 0, 0);
-        ERR_load_strings(0, GOST_lib_name);
-#endif
-    }
-}
-
-void ERR_unload_GOST_strings(void)
-{
-    if (GOST_error_init == 0) {
-#ifndef OPENSSL_NO_ERR
-        ERR_unload_strings(GOST_lib_error_code, GOST_str_functs);
-        ERR_unload_strings(GOST_lib_error_code, GOST_str_reasons);
-#endif
-
-#ifdef GOST_LIB_NAME
-        ERR_unload_strings(0, GOST_lib_name);
-#endif
-        GOST_error_init = 1;
-    }
-}
-
-void ERR_GOST_error(int function, int reason, char *file, int line)
-{
-    if (GOST_lib_error_code == 0)
-        GOST_lib_error_code = ERR_get_next_error_library();
-    ERR_PUT_error(GOST_lib_error_code, function, reason, file, line);
-}
diff --git a/freebsd/crypto/openssl/engines/ccgost/e_gost_err.h b/freebsd/crypto/openssl/engines/ccgost/e_gost_err.h
deleted file mode 100644
index a2018ec4..00000000
--- a/freebsd/crypto/openssl/engines/ccgost/e_gost_err.h
+++ /dev/null
@@ -1,158 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2001-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_GOST_ERR_H
-# define HEADER_GOST_ERR_H
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* BEGIN ERROR CODES */
-/*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_GOST_strings(void);
-void ERR_unload_GOST_strings(void);
-void ERR_GOST_error(int function, int reason, char *file, int line);
-# define GOSTerr(f,r) ERR_GOST_error((f),(r),__FILE__,__LINE__)
-
-/* Error codes for the GOST functions. */
-
-/* Function codes. */
-# define GOST_F_DECODE_GOST_ALGOR_PARAMS                  99
-# define GOST_F_ENCODE_GOST_ALGOR_PARAMS                  100
-# define GOST_F_FILL_GOST2001_PARAMS                      101
-# define GOST_F_FILL_GOST94_PARAMS                        102
-# define GOST_F_GET_ENCRYPTION_PARAMS                     103
-# define GOST_F_GOST2001_COMPUTE_PUBLIC                   104
-# define GOST_F_GOST2001_DO_SIGN                          105
-# define GOST_F_GOST2001_DO_VERIFY                        106
-# define GOST_F_GOST2001_KEYGEN                           107
-# define GOST_F_GOST89_GET_ASN1_PARAMETERS                108
-# define GOST_F_GOST89_SET_ASN1_PARAMETERS                109
-# define GOST_F_GOST94_COMPUTE_PUBLIC                     110
-# define GOST_F_GOST_CIPHER_CTL                           111
-# define GOST_F_GOST_DO_SIGN                              112
-# define GOST_F_GOST_DO_VERIFY                            113
-# define GOST_F_GOST_IMIT_CTRL                            114
-# define GOST_F_GOST_IMIT_FINAL                           140
-# define GOST_F_GOST_IMIT_UPDATE                          115
-# define GOST_F_GOST_SIGN_KEYGEN                          142
-# define GOST_F_PARAM_COPY_GOST01                         116
-# define GOST_F_PARAM_COPY_GOST94                         117
-# define GOST_F_PKEY_GOST01CP_DECRYPT                     118
-# define GOST_F_PKEY_GOST01CP_ENCRYPT                     119
-# define GOST_F_PKEY_GOST01CP_KEYGEN                      120
-# define GOST_F_PKEY_GOST01_PARAMGEN                      138
-# define GOST_F_PKEY_GOST2001_DERIVE                      121
-# define GOST_F_PKEY_GOST94CP_DECRYPT                     122
-# define GOST_F_PKEY_GOST94CP_ENCRYPT                     123
-# define GOST_F_PKEY_GOST94CP_KEYGEN                      124
-# define GOST_F_PKEY_GOST94_PARAMGEN                      139
-# define GOST_F_PKEY_GOST_CTRL                            125
-# define GOST_F_PKEY_GOST_CTRL01_STR                      126
-# define GOST_F_PKEY_GOST_CTRL94_STR                      127
-# define GOST_F_PKEY_GOST_MAC_CTRL                        128
-# define GOST_F_PKEY_GOST_MAC_CTRL_STR                    129
-# define GOST_F_PKEY_GOST_MAC_KEYGEN                      130
-# define GOST_F_PRINT_GOST_01                             131
-# define GOST_F_PRIV_DECODE_GOST                          132
-# define GOST_F_PUB_DECODE_GOST01                         133
-# define GOST_F_PUB_DECODE_GOST94                         134
-# define GOST_F_PUB_ENCODE_GOST01                         135
-# define GOST_F_UNPACK_CC_SIGNATURE                       136
-# define GOST_F_UNPACK_CP_SIGNATURE                       137
-
-/* Reason codes. */
-# define GOST_R_BAD_KEY_PARAMETERS_FORMAT                 99
-# define GOST_R_BAD_PKEY_PARAMETERS_FORMAT                100
-# define GOST_R_CANNOT_PACK_EPHEMERAL_KEY                 101
-# define GOST_R_CTRL_CALL_FAILED                          132
-# define GOST_R_ERROR_COMPUTING_SHARED_KEY                102
-# define GOST_R_ERROR_PACKING_KEY_TRANSPORT_INFO          103
-# define GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO          104
-# define GOST_R_INCOMPATIBLE_ALGORITHMS                   105
-# define GOST_R_INCOMPATIBLE_PEER_KEY                     131
-# define GOST_R_INVALID_CIPHER_PARAMS                     106
-# define GOST_R_INVALID_CIPHER_PARAM_OID                  107
-# define GOST_R_INVALID_DIGEST_TYPE                       108
-# define GOST_R_INVALID_GOST94_PARMSET                    109
-# define GOST_R_INVALID_IV_LENGTH                         110
-# define GOST_R_INVALID_MAC_KEY_LENGTH                    111
-# define GOST_R_INVALID_PARAMSET                          112
-# define GOST_R_KEY_IS_NOT_INITALIZED                     113
-# define GOST_R_KEY_IS_NOT_INITIALIZED                    114
-# define GOST_R_KEY_PARAMETERS_MISSING                    115
-# define GOST_R_MAC_KEY_NOT_SET                           116
-# define GOST_R_MALLOC_FAILURE                            117
-# define GOST_R_NO_MEMORY                                 118
-# define GOST_R_NO_PARAMETERS_SET                         119
-# define GOST_R_NO_PEER_KEY                               120
-# define GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR  121
-# define GOST_R_PUBLIC_KEY_UNDEFINED                      122
-# define GOST_R_RANDOM_GENERATOR_ERROR                    123
-# define GOST_R_RANDOM_GENERATOR_FAILURE                  124
-# define GOST_R_RANDOM_NUMBER_GENERATOR_FAILED            125
-# define GOST_R_SIGNATURE_MISMATCH                        126
-# define GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q            127
-# define GOST_R_UKM_NOT_SET                               128
-# define GOST_R_UNSUPPORTED_CIPHER_CTL_COMMAND            129
-# define GOST_R_UNSUPPORTED_PARAMETER_SET                 130
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/freebsd/crypto/openssl/engines/ccgost/gost2001.c b/freebsd/crypto/openssl/engines/ccgost/gost2001.c
deleted file mode 100644
index e4727c2d..00000000
--- a/freebsd/crypto/openssl/engines/ccgost/gost2001.c
+++ /dev/null
@@ -1,476 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/**********************************************************************
- *                          gost2001.c                                *
- *             Copyright (c) 2005-2006 Cryptocom LTD                  *
- *         This file is distributed under the same license as OpenSSL *
- *                                                                    *
- *          Implementation of GOST R 34.10-2001                                   *
- *          Requires OpenSSL 0.9.9 for compilation                    *
- **********************************************************************/
-#include "gost_lcl.h"
-#include "gost_params.h"
-#include <string.h>
-#include <openssl/rand.h>
-#include <openssl/ecdsa.h>
-#include <openssl/err.h>
-#include "e_gost_err.h"
-#ifdef DEBUG_SIGN
-extern
-void dump_signature(const char *message, const unsigned char *buffer,
-                    size_t len);
-void dump_dsa_sig(const char *message, DSA_SIG *sig);
-#else
-
-# define dump_signature(a,b,c)
-# define dump_dsa_sig(a,b)
-#endif
-
-/*
- * Fills EC_KEY structure hidden in the app_data field of DSA structure
- * with parameter information, extracted from parameter array in
- * params.c file.
- *
- * Also fils DSA->q field with copy of EC_GROUP order field to make
- * DSA_size function work
- */
-int fill_GOST2001_params(EC_KEY *eckey, int nid)
-{
-    R3410_2001_params *params = R3410_2001_paramset;
-    EC_GROUP *grp = NULL;
-    BIGNUM *p = NULL, *q = NULL, *a = NULL, *b = NULL, *x = NULL, *y = NULL;
-    EC_POINT *P = NULL;
-    BN_CTX *ctx = BN_CTX_new();
-    int ok = 0;
-
-    if(!ctx) {
-        GOSTerr(GOST_F_FILL_GOST2001_PARAMS, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    BN_CTX_start(ctx);
-    p = BN_CTX_get(ctx);
-    a = BN_CTX_get(ctx);
-    b = BN_CTX_get(ctx);
-    x = BN_CTX_get(ctx);
-    y = BN_CTX_get(ctx);
-    q = BN_CTX_get(ctx);
-    if(!p || !a || !b || !x || !y || !q) {
-        GOSTerr(GOST_F_FILL_GOST2001_PARAMS, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-    while (params->nid != NID_undef && params->nid != nid)
-        params++;
-    if (params->nid == NID_undef) {
-        GOSTerr(GOST_F_FILL_GOST2001_PARAMS,
-                GOST_R_UNSUPPORTED_PARAMETER_SET);
-        goto err;
-    }
-    if(!BN_hex2bn(&p, params->p)
-        || !BN_hex2bn(&a, params->a)
-        || !BN_hex2bn(&b, params->b)) {
-        GOSTerr(GOST_F_FILL_GOST2001_PARAMS,
-                ERR_R_INTERNAL_ERROR);
-        goto err;
-    }
-
-    grp = EC_GROUP_new_curve_GFp(p, a, b, ctx);
-    if(!grp)  {
-        GOSTerr(GOST_F_FILL_GOST2001_PARAMS, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    P = EC_POINT_new(grp);
-    if(!P)  {
-        GOSTerr(GOST_F_FILL_GOST2001_PARAMS, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    if(!BN_hex2bn(&x, params->x)
-        || !BN_hex2bn(&y, params->y)
-        || !EC_POINT_set_affine_coordinates_GFp(grp, P, x, y, ctx)
-        || !BN_hex2bn(&q, params->q))  {
-        GOSTerr(GOST_F_FILL_GOST2001_PARAMS, ERR_R_INTERNAL_ERROR);
-        goto err;
-    }
-#ifdef DEBUG_KEYS
-    fprintf(stderr, "Set params index %d oid %s\nq=",
-            (params - R3410_2001_paramset), OBJ_nid2sn(params->nid));
-    BN_print_fp(stderr, q);
-    fprintf(stderr, "\n");
-#endif
-
-    if(!EC_GROUP_set_generator(grp, P, q, NULL)) {
-        GOSTerr(GOST_F_FILL_GOST2001_PARAMS, ERR_R_INTERNAL_ERROR);
-        goto err;
-    }
-    EC_GROUP_set_curve_name(grp, params->nid);
-    if(!EC_KEY_set_group(eckey, grp)) {
-        GOSTerr(GOST_F_FILL_GOST2001_PARAMS, ERR_R_INTERNAL_ERROR);
-        goto err;
-    }
-    ok = 1;
- err:
-    if (P) EC_POINT_free(P);
-    if (grp) EC_GROUP_free(grp);
-    if (ctx) {
-        BN_CTX_end(ctx);
-        BN_CTX_free(ctx);
-    }
-    return ok;
-}
-
-/*
- * Computes gost2001 signature as DSA_SIG structure
- *
- *
- */
-DSA_SIG *gost2001_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey)
-{
-    DSA_SIG *newsig = NULL, *ret = NULL;
-    BIGNUM *md = hashsum2bn(dgst);
-    BIGNUM *order = NULL;
-    const EC_GROUP *group;
-    const BIGNUM *priv_key;
-    BIGNUM *r = NULL, *s = NULL, *X = NULL, *tmp = NULL, *tmp2 = NULL, *k =
-        NULL, *e = NULL;
-    EC_POINT *C = NULL;
-    BN_CTX *ctx = BN_CTX_new();
-    if(!ctx || !md) {
-        GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-    BN_CTX_start(ctx);
-    OPENSSL_assert(dlen == 32);
-    newsig = DSA_SIG_new();
-    if (!newsig) {
-        GOSTerr(GOST_F_GOST2001_DO_SIGN, GOST_R_NO_MEMORY);
-        goto err;
-    }
-    group = EC_KEY_get0_group(eckey);
-    if(!group) {
-        GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_INTERNAL_ERROR);
-        goto err;
-    }
-    order = BN_CTX_get(ctx);
-    if(!order || !EC_GROUP_get_order(group, order, ctx)) {
-        GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_INTERNAL_ERROR);
-        goto err;
-    }
-    priv_key = EC_KEY_get0_private_key(eckey);
-    if(!priv_key) {
-        GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_INTERNAL_ERROR);
-        goto err;
-    }
-    e = BN_CTX_get(ctx);
-    if(!e || !BN_mod(e, md, order, ctx)) {
-        GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_INTERNAL_ERROR);
-        goto err;
-    }
-#ifdef DEBUG_SIGN
-    fprintf(stderr, "digest as bignum=");
-    BN_print_fp(stderr, md);
-    fprintf(stderr, "\ndigest mod q=");
-    BN_print_fp(stderr, e);
-    fprintf(stderr, "\n");
-#endif
-    if (BN_is_zero(e)) {
-        BN_one(e);
-    }
-    k = BN_CTX_get(ctx);
-    C = EC_POINT_new(group);
-    if(!k || !C) {
-        GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-    do {
-        do {
-            if (!BN_rand_range(k, order)) {
-                GOSTerr(GOST_F_GOST2001_DO_SIGN,
-                        GOST_R_RANDOM_NUMBER_GENERATOR_FAILED);
-                goto err;
-            }
-            if (!EC_POINT_mul(group, C, k, NULL, NULL, ctx)) {
-                GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_EC_LIB);
-                goto err;
-            }
-            if (!X)
-                X = BN_CTX_get(ctx);
-            if (!r)
-                r = BN_CTX_get(ctx);
-            if (!X || !r) {
-                GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_MALLOC_FAILURE);
-                goto err;
-            }
-            if (!EC_POINT_get_affine_coordinates_GFp(group, C, X, NULL, ctx)) {
-                GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_EC_LIB);
-                goto err;
-            }
-
-            if(!BN_nnmod(r, X, order, ctx)) {
-                GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_INTERNAL_ERROR);
-                goto err;
-            }
-        }
-        while (BN_is_zero(r));
-        /* s =  (r*priv_key+k*e) mod order */
-        if (!tmp)
-            tmp = BN_CTX_get(ctx);
-        if (!tmp2)
-            tmp2 = BN_CTX_get(ctx);
-        if (!s)
-            s = BN_CTX_get(ctx);
-        if (!tmp || !tmp2 || !s) {
-            GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-
-        if(!BN_mod_mul(tmp, priv_key, r, order, ctx)
-            || !BN_mod_mul(tmp2, k, e, order, ctx)
-            || !BN_mod_add(s, tmp, tmp2, order, ctx)) {
-            GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_INTERNAL_ERROR);
-            goto err;
-        }
-    }
-    while (BN_is_zero(s));
-
-    newsig->s = BN_dup(s);
-    newsig->r = BN_dup(r);
-    if(!newsig->s || !newsig->r) {
-        GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    ret = newsig;
- err:
-    if(ctx) {
-        BN_CTX_end(ctx);
-        BN_CTX_free(ctx);
-    }
-    if (C) EC_POINT_free(C);
-    if (md) BN_free(md);
-    if (!ret && newsig) {
-        DSA_SIG_free(newsig);
-    }
-    return ret;
-}
-
-/*
- * Verifies gost 2001 signature
- *
- */
-int gost2001_do_verify(const unsigned char *dgst, int dgst_len,
-                       DSA_SIG *sig, EC_KEY *ec)
-{
-    BN_CTX *ctx = BN_CTX_new();
-    const EC_GROUP *group = EC_KEY_get0_group(ec);
-    BIGNUM *order;
-    BIGNUM *md = NULL, *e = NULL, *R = NULL, *v = NULL, *z1 = NULL, *z2 =
-        NULL;
-    BIGNUM *X = NULL, *tmp = NULL;
-    EC_POINT *C = NULL;
-    const EC_POINT *pub_key = NULL;
-    int ok = 0;
-
-    if(!ctx || !group) {
-        GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_INTERNAL_ERROR);
-        goto err;
-    }
-
-    BN_CTX_start(ctx);
-    order = BN_CTX_get(ctx);
-    e = BN_CTX_get(ctx);
-    z1 = BN_CTX_get(ctx);
-    z2 = BN_CTX_get(ctx);
-    tmp = BN_CTX_get(ctx);
-    X = BN_CTX_get(ctx);
-    R = BN_CTX_get(ctx);
-    v = BN_CTX_get(ctx);
-    if(!order || !e || !z1 || !z2 || !tmp || !X || !R || !v) {
-        GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    pub_key = EC_KEY_get0_public_key(ec);
-    if(!pub_key || !EC_GROUP_get_order(group, order, ctx)) {
-        GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_INTERNAL_ERROR);
-        goto err;
-    }
-
-    if (BN_is_zero(sig->s) || BN_is_zero(sig->r) ||
-        (BN_cmp(sig->s, order) >= 1) || (BN_cmp(sig->r, order) >= 1)) {
-        GOSTerr(GOST_F_GOST2001_DO_VERIFY,
-                GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q);
-        goto err;
-
-    }
-    md = hashsum2bn(dgst);
-
-    if(!md || !BN_mod(e, md, order, ctx)) {
-        GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_INTERNAL_ERROR);
-        goto err;
-    }
-#ifdef DEBUG_SIGN
-    fprintf(stderr, "digest as bignum: ");
-    BN_print_fp(stderr, md);
-    fprintf(stderr, "\ndigest mod q: ");
-    BN_print_fp(stderr, e);
-#endif
-    if (BN_is_zero(e) && !BN_one(e)) {
-        GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_INTERNAL_ERROR);
-        goto err;
-    }
-    v = BN_mod_inverse(v, e, order, ctx);
-    if(!v
-        || !BN_mod_mul(z1, sig->s, v, order, ctx)
-        || !BN_sub(tmp, order, sig->r)
-        || !BN_mod_mul(z2, tmp, v, order, ctx)) {
-        GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_INTERNAL_ERROR);
-        goto err;
-    }
-#ifdef DEBUG_SIGN
-    fprintf(stderr, "\nInverted digest value: ");
-    BN_print_fp(stderr, v);
-    fprintf(stderr, "\nz1: ");
-    BN_print_fp(stderr, z1);
-    fprintf(stderr, "\nz2: ");
-    BN_print_fp(stderr, z2);
-#endif
-    C = EC_POINT_new(group);
-    if (!C) {
-        GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-    if (!EC_POINT_mul(group, C, z1, pub_key, z2, ctx)) {
-        GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_EC_LIB);
-        goto err;
-    }
-    if (!EC_POINT_get_affine_coordinates_GFp(group, C, X, NULL, ctx)) {
-        GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_EC_LIB);
-        goto err;
-    }
-    if(!BN_mod(R, X, order, ctx)) {
-        GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_INTERNAL_ERROR);
-        goto err;
-    }
-#ifdef DEBUG_SIGN
-    fprintf(stderr, "\nX=");
-    BN_print_fp(stderr, X);
-    fprintf(stderr, "\nX mod q=");
-    BN_print_fp(stderr, R);
-    fprintf(stderr, "\n");
-#endif
-    if (BN_cmp(R, sig->r) != 0) {
-        GOSTerr(GOST_F_GOST2001_DO_VERIFY, GOST_R_SIGNATURE_MISMATCH);
-    } else {
-        ok = 1;
-    }
- err:
-    if (C) EC_POINT_free(C);
-    if (ctx) {
-        BN_CTX_end(ctx);
-        BN_CTX_free(ctx);
-    }
-    if (md) BN_free(md);
-    return ok;
-}
-
-/*
- * Computes GOST R 34.10-2001 public key
- *
- *
- */
-int gost2001_compute_public(EC_KEY *ec)
-{
-    const EC_GROUP *group = EC_KEY_get0_group(ec);
-    EC_POINT *pub_key = NULL;
-    const BIGNUM *priv_key = NULL;
-    BN_CTX *ctx = NULL;
-    int ok = 0;
-
-    if (!group) {
-        GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC,
-                GOST_R_KEY_IS_NOT_INITIALIZED);
-        return 0;
-    }
-    ctx = BN_CTX_new();
-    if(!ctx) {
-        GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-    BN_CTX_start(ctx);
-    if (!(priv_key = EC_KEY_get0_private_key(ec))) {
-        GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC, ERR_R_EC_LIB);
-        goto err;
-    }
-
-    pub_key = EC_POINT_new(group);
-    if(!pub_key) {
-        GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-    if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx)) {
-        GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC, ERR_R_EC_LIB);
-        goto err;
-    }
-    if (!EC_KEY_set_public_key(ec, pub_key)) {
-        GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC, ERR_R_EC_LIB);
-        goto err;
-    }
-    ok = 256;
- err:
-    if (pub_key) EC_POINT_free(pub_key);
-    if (ctx) {
-        BN_CTX_end(ctx);
-        BN_CTX_free(ctx);
-    }
-    return ok;
-}
-
-/*
- *
- * Generates GOST R 34.10-2001 keypair
- *
- *
- */
-int gost2001_keygen(EC_KEY *ec)
-{
-    BIGNUM *order = BN_new(), *d = BN_new();
-    const EC_GROUP *group = NULL;
-
-    if (order == NULL || d == NULL) {
-        GOSTerr(GOST_F_GOST2001_KEYGEN, ERR_R_MALLOC_FAILURE);
-        BN_free(d);
-        BN_free(order);
-        return 0;
-    }
-
-    group = EC_KEY_get0_group(ec);
-    if(!group || !EC_GROUP_get_order(group, order, NULL)) {
-        GOSTerr(GOST_F_GOST2001_KEYGEN, ERR_R_INTERNAL_ERROR);
-        BN_free(d);
-        BN_free(order);
-        return 0;
-    }
-
-    do {
-        if (!BN_rand_range(d, order)) {
-            GOSTerr(GOST_F_GOST2001_KEYGEN,
-                    GOST_R_RANDOM_NUMBER_GENERATOR_FAILED);
-            BN_free(d);
-            BN_free(order);
-            return 0;
-        }
-    }
-    while (BN_is_zero(d));
-
-    if(!EC_KEY_set_private_key(ec, d)) {
-        GOSTerr(GOST_F_GOST2001_KEYGEN, ERR_R_INTERNAL_ERROR);
-        BN_free(d);
-        BN_free(order);
-        return 0;
-    }
-    BN_free(d);
-    BN_free(order);
-    return gost2001_compute_public(ec);
-}
diff --git a/freebsd/crypto/openssl/engines/ccgost/gost2001_keyx.c b/freebsd/crypto/openssl/engines/ccgost/gost2001_keyx.c
deleted file mode 100644
index e65ec6a0..00000000
--- a/freebsd/crypto/openssl/engines/ccgost/gost2001_keyx.c
+++ /dev/null
@@ -1,296 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/**********************************************************************
- *                          gost_keyx.c                               *
- *             Copyright (c) 2005-2006 Cryptocom LTD                  *
- *         This file is distributed under the same license as OpenSSL *
- *                                                                    *
- *   VK0 34.10-2001 key exchange and GOST R 34.10-2001                *
- *   based PKCS7/SMIME support                                        *
- *          Requires OpenSSL 0.9.9 for compilation                    *
- **********************************************************************/
-#include <openssl/evp.h>
-#include <openssl/rand.h>
-#include <string.h>
-#include <openssl/objects.h>
-#include "gost89.h"
-#include "gosthash.h"
-#include "e_gost_err.h"
-#include "gost_keywrap.h"
-#include "gost_lcl.h"
-#include "gost2001_keyx.h"
-
-/* Implementation of CryptoPro VKO 34.10-2001 algorithm */
-static int VKO_compute_key(unsigned char *shared_key, size_t shared_key_size,
-                           const EC_POINT *pub_key, EC_KEY *priv_key,
-                           const unsigned char *ukm)
-{
-    unsigned char ukm_be[8], databuf[64], hashbuf[64];
-    BIGNUM *UKM = NULL, *p = NULL, *order = NULL, *X = NULL, *Y = NULL;
-    const BIGNUM *key = EC_KEY_get0_private_key(priv_key);
-    EC_POINT *pnt = EC_POINT_new(EC_KEY_get0_group(priv_key));
-    int i;
-    gost_hash_ctx hash_ctx;
-    BN_CTX *ctx = BN_CTX_new();
-
-    for (i = 0; i < 8; i++) {
-        ukm_be[7 - i] = ukm[i];
-    }
-    BN_CTX_start(ctx);
-    UKM = getbnfrombuf(ukm_be, 8);
-    p = BN_CTX_get(ctx);
-    order = BN_CTX_get(ctx);
-    X = BN_CTX_get(ctx);
-    Y = BN_CTX_get(ctx);
-    EC_GROUP_get_order(EC_KEY_get0_group(priv_key), order, ctx);
-    BN_mod_mul(p, key, UKM, order, ctx);
-    EC_POINT_mul(EC_KEY_get0_group(priv_key), pnt, NULL, pub_key, p, ctx);
-    EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(priv_key),
-                                        pnt, X, Y, ctx);
-    /*
-     * Serialize elliptic curve point same way as we do it when saving key
-     */
-    store_bignum(Y, databuf, 32);
-    store_bignum(X, databuf + 32, 32);
-    /* And reverse byte order of whole buffer */
-    for (i = 0; i < 64; i++) {
-        hashbuf[63 - i] = databuf[i];
-    }
-    init_gost_hash_ctx(&hash_ctx, &GostR3411_94_CryptoProParamSet);
-    start_hash(&hash_ctx);
-    hash_block(&hash_ctx, hashbuf, 64);
-    finish_hash(&hash_ctx, shared_key);
-    done_gost_hash_ctx(&hash_ctx);
-    BN_free(UKM);
-    BN_CTX_end(ctx);
-    BN_CTX_free(ctx);
-    EC_POINT_free(pnt);
-    return 32;
-}
-
-/*
- * EVP_PKEY_METHOD callback derive. Implements VKO R 34.10-2001
- * algorithm
- */
-int pkey_gost2001_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
-                         size_t *keylen)
-{
-    /*
-     * Public key of peer in the ctx field peerkey Our private key in the ctx
-     * pkey ukm is in the algorithm specific context data
-     */
-    EVP_PKEY *my_key = EVP_PKEY_CTX_get0_pkey(ctx);
-    EVP_PKEY *peer_key = EVP_PKEY_CTX_get0_peerkey(ctx);
-    struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
-
-    if (!data->shared_ukm) {
-        GOSTerr(GOST_F_PKEY_GOST2001_DERIVE, GOST_R_UKM_NOT_SET);
-        return 0;
-    }
-
-    if (key == NULL) {
-        *keylen = 32;
-        return 32;
-    }
-
-    *keylen =
-        VKO_compute_key(key, 32,
-                        EC_KEY_get0_public_key(EVP_PKEY_get0(peer_key)),
-                        (EC_KEY *)EVP_PKEY_get0(my_key), data->shared_ukm);
-    return 1;
-}
-
-/*
- * EVP_PKEY_METHOD callback encrypt
- * Implementation of GOST2001 key transport, cryptocom variation
- */
-/*
- * Generates ephemeral key based on pubk algorithm computes shared key using
- * VKO and returns filled up GOST_KEY_TRANSPORT structure
- */
-
-/*
- * EVP_PKEY_METHOD callback encrypt
- * Implementation of GOST2001 key transport, cryptopo variation
- */
-
-int pkey_GOST01cp_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out,
-                          size_t *out_len, const unsigned char *key,
-                          size_t key_len)
-{
-    GOST_KEY_TRANSPORT *gkt = NULL;
-    EVP_PKEY *pubk = EVP_PKEY_CTX_get0_pkey(pctx);
-    struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(pctx);
-    const struct gost_cipher_info *param = get_encryption_params(NULL);
-    unsigned char ukm[8], shared_key[32], crypted_key[44];
-    int ret = 0;
-    int key_is_ephemeral = 1;
-    gost_ctx cctx;
-    EVP_PKEY *sec_key = EVP_PKEY_CTX_get0_peerkey(pctx);
-    if (data->shared_ukm) {
-        memcpy(ukm, data->shared_ukm, 8);
-    } else if (out) {
-
-        if (RAND_bytes(ukm, 8) <= 0) {
-            GOSTerr(GOST_F_PKEY_GOST01CP_ENCRYPT,
-                    GOST_R_RANDOM_GENERATOR_FAILURE);
-            return 0;
-        }
-    }
-    /* Check for private key in the peer_key of context */
-    if (sec_key) {
-        key_is_ephemeral = 0;
-        if (!gost_get0_priv_key(sec_key)) {
-            GOSTerr(GOST_F_PKEY_GOST01CP_ENCRYPT,
-                    GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR);
-            goto err;
-        }
-    } else {
-        key_is_ephemeral = 1;
-        if (out) {
-            sec_key = EVP_PKEY_new();
-            if (sec_key == NULL)
-                goto err;
-            EVP_PKEY_assign(sec_key, EVP_PKEY_base_id(pubk), EC_KEY_new());
-            EVP_PKEY_copy_parameters(sec_key, pubk);
-            if (!gost2001_keygen(EVP_PKEY_get0(sec_key))) {
-                goto err;
-            }
-        }
-    }
-    if (!get_gost_engine_param(GOST_PARAM_CRYPT_PARAMS)
-        && param == gost_cipher_list) {
-        param = gost_cipher_list + 1;
-    }
-    if (out) {
-        VKO_compute_key(shared_key, 32,
-                        EC_KEY_get0_public_key(EVP_PKEY_get0(pubk)),
-                        EVP_PKEY_get0(sec_key), ukm);
-        gost_init(&cctx, param->sblock);
-        keyWrapCryptoPro(&cctx, shared_key, ukm, key, crypted_key);
-    }
-    gkt = GOST_KEY_TRANSPORT_new();
-    if (!gkt) {
-        goto err;
-    }
-    if (!ASN1_OCTET_STRING_set(gkt->key_agreement_info->eph_iv, ukm, 8)) {
-        goto err;
-    }
-    if (!ASN1_OCTET_STRING_set(gkt->key_info->imit, crypted_key + 40, 4)) {
-        goto err;
-    }
-    if (!ASN1_OCTET_STRING_set
-        (gkt->key_info->encrypted_key, crypted_key + 8, 32)) {
-        goto err;
-    }
-    if (key_is_ephemeral) {
-        if (!X509_PUBKEY_set
-            (&gkt->key_agreement_info->ephem_key, out ? sec_key : pubk)) {
-            GOSTerr(GOST_F_PKEY_GOST01CP_ENCRYPT,
-                    GOST_R_CANNOT_PACK_EPHEMERAL_KEY);
-            goto err;
-        }
-    }
-    ASN1_OBJECT_free(gkt->key_agreement_info->cipher);
-    gkt->key_agreement_info->cipher = OBJ_nid2obj(param->nid);
-    if (key_is_ephemeral && sec_key)
-        EVP_PKEY_free(sec_key);
-    if (!key_is_ephemeral) {
-        /* Set control "public key from client certificate used" */
-        if (EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL)
-            <= 0) {
-            GOSTerr(GOST_F_PKEY_GOST01CP_ENCRYPT, GOST_R_CTRL_CALL_FAILED);
-            goto err;
-        }
-    }
-    if ((*out_len = i2d_GOST_KEY_TRANSPORT(gkt, out ? &out : NULL)) > 0)
-        ret = 1;
-    GOST_KEY_TRANSPORT_free(gkt);
-    return ret;
- err:
-    if (key_is_ephemeral && sec_key)
-        EVP_PKEY_free(sec_key);
-    GOST_KEY_TRANSPORT_free(gkt);
-    return -1;
-}
-
-/*
- * EVP_PKEY_METHOD callback decrypt
- * Implementation of GOST2001 key transport, cryptopo variation
- */
-int pkey_GOST01cp_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key,
-                          size_t *key_len, const unsigned char *in,
-                          size_t in_len)
-{
-    const unsigned char *p = in;
-    EVP_PKEY *priv = EVP_PKEY_CTX_get0_pkey(pctx);
-    GOST_KEY_TRANSPORT *gkt = NULL;
-    int ret = 0;
-    unsigned char wrappedKey[44];
-    unsigned char sharedKey[32];
-    gost_ctx ctx;
-    const struct gost_cipher_info *param = NULL;
-    EVP_PKEY *eph_key = NULL, *peerkey = NULL;
-
-    if (!key) {
-        *key_len = 32;
-        return 1;
-    }
-    gkt = d2i_GOST_KEY_TRANSPORT(NULL, (const unsigned char **)&p, in_len);
-    if (!gkt) {
-        GOSTerr(GOST_F_PKEY_GOST01CP_DECRYPT,
-                GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO);
-        return -1;
-    }
-
-    /* If key transport structure contains public key, use it */
-    eph_key = X509_PUBKEY_get(gkt->key_agreement_info->ephem_key);
-    if (eph_key) {
-        if (EVP_PKEY_derive_set_peer(pctx, eph_key) <= 0) {
-            GOSTerr(GOST_F_PKEY_GOST01CP_DECRYPT,
-                    GOST_R_INCOMPATIBLE_PEER_KEY);
-            goto err;
-        }
-    } else {
-        /* Set control "public key from client certificate used" */
-        if (EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL)
-            <= 0) {
-            GOSTerr(GOST_F_PKEY_GOST01CP_DECRYPT, GOST_R_CTRL_CALL_FAILED);
-            goto err;
-        }
-    }
-    peerkey = EVP_PKEY_CTX_get0_peerkey(pctx);
-    if (!peerkey) {
-        GOSTerr(GOST_F_PKEY_GOST01CP_DECRYPT, GOST_R_NO_PEER_KEY);
-        goto err;
-    }
-
-    param = get_encryption_params(gkt->key_agreement_info->cipher);
-    if (!param) {
-        goto err;
-    }
-
-    gost_init(&ctx, param->sblock);
-    OPENSSL_assert(gkt->key_agreement_info->eph_iv->length == 8);
-    memcpy(wrappedKey, gkt->key_agreement_info->eph_iv->data, 8);
-    OPENSSL_assert(gkt->key_info->encrypted_key->length == 32);
-    memcpy(wrappedKey + 8, gkt->key_info->encrypted_key->data, 32);
-    OPENSSL_assert(gkt->key_info->imit->length == 4);
-    memcpy(wrappedKey + 40, gkt->key_info->imit->data, 4);
-    VKO_compute_key(sharedKey, 32,
-                    EC_KEY_get0_public_key(EVP_PKEY_get0(peerkey)),
-                    EVP_PKEY_get0(priv), wrappedKey);
-    if (!keyUnwrapCryptoPro(&ctx, sharedKey, wrappedKey, key)) {
-        GOSTerr(GOST_F_PKEY_GOST01CP_DECRYPT,
-                GOST_R_ERROR_COMPUTING_SHARED_KEY);
-        goto err;
-    }
-
-    ret = 1;
- err:
-    if (eph_key)
-        EVP_PKEY_free(eph_key);
-    if (gkt)
-        GOST_KEY_TRANSPORT_free(gkt);
-    return ret;
-}
diff --git a/freebsd/crypto/openssl/engines/ccgost/gost2001_keyx.h b/freebsd/crypto/openssl/engines/ccgost/gost2001_keyx.h
deleted file mode 100644
index 2d29113a..00000000
--- a/freebsd/crypto/openssl/engines/ccgost/gost2001_keyx.h
+++ /dev/null
@@ -1,10 +0,0 @@
-GOST_KEY_TRANSPORT *make_rfc4490_keytransport_2001(EVP_PKEY *pubk,
-                                                   BIGNUM *eph_key,
-                                                   const unsigned char *key,
-                                                   size_t keylen,
-                                                   unsigned char *ukm,
-                                                   size_t ukm_len);
-
-int decrypt_rfc4490_shared_key_2001(EVP_PKEY *priv,
-                                    GOST_KEY_TRANSPORT * gkt,
-                                    unsigned char *key_buf, int key_buf_len);
diff --git a/freebsd/crypto/openssl/engines/ccgost/gost89.c b/freebsd/crypto/openssl/engines/ccgost/gost89.c
deleted file mode 100644
index 4d5eff18..00000000
--- a/freebsd/crypto/openssl/engines/ccgost/gost89.c
+++ /dev/null
@@ -1,578 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/**********************************************************************
- *                        gost89.c                                    *
- *             Copyright (c) 2005-2006 Cryptocom LTD                  *
- *         This file is distributed under the same license as OpenSSL *
- *                                                                    *
- *          Implementation of GOST 28147-89 encryption algorithm      *
- *            No OpenSSL libraries required to compile and use        *
- *                              this code                             *
- **********************************************************************/
-#include <string.h>
-#include "gost89.h"
-/*-
-   Substitution blocks from RFC 4357
-
-   Note: our implementation of gost 28147-89 algorithm
-   uses S-box matrix rotated 90 degrees counterclockwise, relative to
-   examples given in RFC.
-
-
-*/
-
-/* Substitution blocks from test examples for GOST R 34.11-94*/
-gost_subst_block GostR3411_94_TestParamSet = {
-    {0X1, 0XF, 0XD, 0X0, 0X5, 0X7, 0XA, 0X4, 0X9, 0X2, 0X3, 0XE, 0X6, 0XB,
-     0X8, 0XC}
-    ,
-    {0XD, 0XB, 0X4, 0X1, 0X3, 0XF, 0X5, 0X9, 0X0, 0XA, 0XE, 0X7, 0X6, 0X8,
-     0X2, 0XC}
-    ,
-    {0X4, 0XB, 0XA, 0X0, 0X7, 0X2, 0X1, 0XD, 0X3, 0X6, 0X8, 0X5, 0X9, 0XC,
-     0XF, 0XE}
-    ,
-    {0X6, 0XC, 0X7, 0X1, 0X5, 0XF, 0XD, 0X8, 0X4, 0XA, 0X9, 0XE, 0X0, 0X3,
-     0XB, 0X2}
-    ,
-    {0X7, 0XD, 0XA, 0X1, 0X0, 0X8, 0X9, 0XF, 0XE, 0X4, 0X6, 0XC, 0XB, 0X2,
-     0X5, 0X3}
-    ,
-    {0X5, 0X8, 0X1, 0XD, 0XA, 0X3, 0X4, 0X2, 0XE, 0XF, 0XC, 0X7, 0X6, 0X0,
-     0X9, 0XB}
-    ,
-    {0XE, 0XB, 0X4, 0XC, 0X6, 0XD, 0XF, 0XA, 0X2, 0X3, 0X8, 0X1, 0X0, 0X7,
-     0X5, 0X9}
-    ,
-    {0X4, 0XA, 0X9, 0X2, 0XD, 0X8, 0X0, 0XE, 0X6, 0XB, 0X1, 0XC, 0X7, 0XF,
-     0X5, 0X3}
-};
-
-/* Substitution blocks for hash function 1.2.643.2.9.1.6.1  */
-gost_subst_block GostR3411_94_CryptoProParamSet = {
-    {0x1, 0x3, 0xA, 0x9, 0x5, 0xB, 0x4, 0xF, 0x8, 0x6, 0x7, 0xE, 0xD, 0x0,
-     0x2, 0xC}
-    ,
-    {0xD, 0xE, 0x4, 0x1, 0x7, 0x0, 0x5, 0xA, 0x3, 0xC, 0x8, 0xF, 0x6, 0x2,
-     0x9, 0xB}
-    ,
-    {0x7, 0x6, 0x2, 0x4, 0xD, 0x9, 0xF, 0x0, 0xA, 0x1, 0x5, 0xB, 0x8, 0xE,
-     0xC, 0x3}
-    ,
-    {0x7, 0x6, 0x4, 0xB, 0x9, 0xC, 0x2, 0xA, 0x1, 0x8, 0x0, 0xE, 0xF, 0xD,
-     0x3, 0x5}
-    ,
-    {0x4, 0xA, 0x7, 0xC, 0x0, 0xF, 0x2, 0x8, 0xE, 0x1, 0x6, 0x5, 0xD, 0xB,
-     0x9, 0x3}
-    ,
-    {0x7, 0xF, 0xC, 0xE, 0x9, 0x4, 0x1, 0x0, 0x3, 0xB, 0x5, 0x2, 0x6, 0xA,
-     0x8, 0xD}
-    ,
-    {0x5, 0xF, 0x4, 0x0, 0x2, 0xD, 0xB, 0x9, 0x1, 0x7, 0x6, 0x3, 0xC, 0xE,
-     0xA, 0x8}
-    ,
-    {0xA, 0x4, 0x5, 0x6, 0x8, 0x1, 0x3, 0x7, 0xD, 0xC, 0xE, 0x0, 0x9, 0x2,
-     0xB, 0xF}
-};
-
-/* Test paramset from GOST 28147 */
-gost_subst_block Gost28147_TestParamSet = {
-    {0xC, 0x6, 0x5, 0x2, 0xB, 0x0, 0x9, 0xD, 0x3, 0xE, 0x7, 0xA, 0xF, 0x4,
-     0x1, 0x8}
-    ,
-    {0x9, 0xB, 0xC, 0x0, 0x3, 0x6, 0x7, 0x5, 0x4, 0x8, 0xE, 0xF, 0x1, 0xA,
-     0x2, 0xD}
-    ,
-    {0x8, 0xF, 0x6, 0xB, 0x1, 0x9, 0xC, 0x5, 0xD, 0x3, 0x7, 0xA, 0x0, 0xE,
-     0x2, 0x4}
-    ,
-    {0x3, 0xE, 0x5, 0x9, 0x6, 0x8, 0x0, 0xD, 0xA, 0xB, 0x7, 0xC, 0x2, 0x1,
-     0xF, 0x4}
-    ,
-    {0xE, 0x9, 0xB, 0x2, 0x5, 0xF, 0x7, 0x1, 0x0, 0xD, 0xC, 0x6, 0xA, 0x4,
-     0x3, 0x8}
-    ,
-    {0xD, 0x8, 0xE, 0xC, 0x7, 0x3, 0x9, 0xA, 0x1, 0x5, 0x2, 0x4, 0x6, 0xF,
-     0x0, 0xB}
-    ,
-    {0xC, 0x9, 0xF, 0xE, 0x8, 0x1, 0x3, 0xA, 0x2, 0x7, 0x4, 0xD, 0x6, 0x0,
-     0xB, 0x5}
-    ,
-    {0x4, 0x2, 0xF, 0x5, 0x9, 0x1, 0x0, 0x8, 0xE, 0x3, 0xB, 0xC, 0xD, 0x7,
-     0xA, 0x6}
-};
-
-/* 1.2.643.2.2.31.1 */
-gost_subst_block Gost28147_CryptoProParamSetA = {
-    {0xB, 0xA, 0xF, 0x5, 0x0, 0xC, 0xE, 0x8, 0x6, 0x2, 0x3, 0x9, 0x1, 0x7,
-     0xD, 0x4}
-    ,
-    {0x1, 0xD, 0x2, 0x9, 0x7, 0xA, 0x6, 0x0, 0x8, 0xC, 0x4, 0x5, 0xF, 0x3,
-     0xB, 0xE}
-    ,
-    {0x3, 0xA, 0xD, 0xC, 0x1, 0x2, 0x0, 0xB, 0x7, 0x5, 0x9, 0x4, 0x8, 0xF,
-     0xE, 0x6}
-    ,
-    {0xB, 0x5, 0x1, 0x9, 0x8, 0xD, 0xF, 0x0, 0xE, 0x4, 0x2, 0x3, 0xC, 0x7,
-     0xA, 0x6}
-    ,
-    {0xE, 0x7, 0xA, 0xC, 0xD, 0x1, 0x3, 0x9, 0x0, 0x2, 0xB, 0x4, 0xF, 0x8,
-     0x5, 0x6}
-    ,
-    {0xE, 0x4, 0x6, 0x2, 0xB, 0x3, 0xD, 0x8, 0xC, 0xF, 0x5, 0xA, 0x0, 0x7,
-     0x1, 0x9}
-    ,
-    {0x3, 0x7, 0xE, 0x9, 0x8, 0xA, 0xF, 0x0, 0x5, 0x2, 0x6, 0xC, 0xB, 0x4,
-     0xD, 0x1}
-    ,
-    {0x9, 0x6, 0x3, 0x2, 0x8, 0xB, 0x1, 0x7, 0xA, 0x4, 0xE, 0xF, 0xC, 0x0,
-     0xD, 0x5}
-};
-
-/* 1.2.643.2.2.31.2 */
-gost_subst_block Gost28147_CryptoProParamSetB = {
-    {0x0, 0x4, 0xB, 0xE, 0x8, 0x3, 0x7, 0x1, 0xA, 0x2, 0x9, 0x6, 0xF, 0xD,
-     0x5, 0xC}
-    ,
-    {0x5, 0x2, 0xA, 0xB, 0x9, 0x1, 0xC, 0x3, 0x7, 0x4, 0xD, 0x0, 0x6, 0xF,
-     0x8, 0xE}
-    ,
-    {0x8, 0x3, 0x2, 0x6, 0x4, 0xD, 0xE, 0xB, 0xC, 0x1, 0x7, 0xF, 0xA, 0x0,
-     0x9, 0x5}
-    ,
-    {0x2, 0x7, 0xC, 0xF, 0x9, 0x5, 0xA, 0xB, 0x1, 0x4, 0x0, 0xD, 0x6, 0x8,
-     0xE, 0x3}
-    ,
-    {0x7, 0x5, 0x0, 0xD, 0xB, 0x6, 0x1, 0x2, 0x3, 0xA, 0xC, 0xF, 0x4, 0xE,
-     0x9, 0x8}
-    ,
-    {0xE, 0xC, 0x0, 0xA, 0x9, 0x2, 0xD, 0xB, 0x7, 0x5, 0x8, 0xF, 0x3, 0x6,
-     0x1, 0x4}
-    ,
-    {0x0, 0x1, 0x2, 0xA, 0x4, 0xD, 0x5, 0xC, 0x9, 0x7, 0x3, 0xF, 0xB, 0x8,
-     0x6, 0xE}
-    ,
-    {0x8, 0x4, 0xB, 0x1, 0x3, 0x5, 0x0, 0x9, 0x2, 0xE, 0xA, 0xC, 0xD, 0x6,
-     0x7, 0xF}
-};
-
-/* 1.2.643.2.2.31.3 */
-gost_subst_block Gost28147_CryptoProParamSetC = {
-    {0x7, 0x4, 0x0, 0x5, 0xA, 0x2, 0xF, 0xE, 0xC, 0x6, 0x1, 0xB, 0xD, 0x9,
-     0x3, 0x8}
-    ,
-    {0xA, 0x9, 0x6, 0x8, 0xD, 0xE, 0x2, 0x0, 0xF, 0x3, 0x5, 0xB, 0x4, 0x1,
-     0xC, 0x7}
-    ,
-    {0xC, 0x9, 0xB, 0x1, 0x8, 0xE, 0x2, 0x4, 0x7, 0x3, 0x6, 0x5, 0xA, 0x0,
-     0xF, 0xD}
-    ,
-    {0x8, 0xD, 0xB, 0x0, 0x4, 0x5, 0x1, 0x2, 0x9, 0x3, 0xC, 0xE, 0x6, 0xF,
-     0xA, 0x7}
-    ,
-    {0x3, 0x6, 0x0, 0x1, 0x5, 0xD, 0xA, 0x8, 0xB, 0x2, 0x9, 0x7, 0xE, 0xF,
-     0xC, 0x4}
-    ,
-    {0x8, 0x2, 0x5, 0x0, 0x4, 0x9, 0xF, 0xA, 0x3, 0x7, 0xC, 0xD, 0x6, 0xE,
-     0x1, 0xB}
-    ,
-    {0x0, 0x1, 0x7, 0xD, 0xB, 0x4, 0x5, 0x2, 0x8, 0xE, 0xF, 0xC, 0x9, 0xA,
-     0x6, 0x3}
-    ,
-    {0x1, 0xB, 0xC, 0x2, 0x9, 0xD, 0x0, 0xF, 0x4, 0x5, 0x8, 0xE, 0xA, 0x7,
-     0x6, 0x3}
-};
-
-/* 1.2.643.2.2.31.4 */
-gost_subst_block Gost28147_CryptoProParamSetD = {
-    {0x1, 0xA, 0x6, 0x8, 0xF, 0xB, 0x0, 0x4, 0xC, 0x3, 0x5, 0x9, 0x7, 0xD,
-     0x2, 0xE}
-    ,
-    {0x3, 0x0, 0x6, 0xF, 0x1, 0xE, 0x9, 0x2, 0xD, 0x8, 0xC, 0x4, 0xB, 0xA,
-     0x5, 0x7}
-    ,
-    {0x8, 0x0, 0xF, 0x3, 0x2, 0x5, 0xE, 0xB, 0x1, 0xA, 0x4, 0x7, 0xC, 0x9,
-     0xD, 0x6}
-    ,
-    {0x0, 0xC, 0x8, 0x9, 0xD, 0x2, 0xA, 0xB, 0x7, 0x3, 0x6, 0x5, 0x4, 0xE,
-     0xF, 0x1}
-    ,
-    {0x1, 0x5, 0xE, 0xC, 0xA, 0x7, 0x0, 0xD, 0x6, 0x2, 0xB, 0x4, 0x9, 0x3,
-     0xF, 0x8}
-    ,
-    {0x1, 0xC, 0xB, 0x0, 0xF, 0xE, 0x6, 0x5, 0xA, 0xD, 0x4, 0x8, 0x9, 0x3,
-     0x7, 0x2}
-    ,
-    {0xB, 0x6, 0x3, 0x4, 0xC, 0xF, 0xE, 0x2, 0x7, 0xD, 0x8, 0x0, 0x5, 0xA,
-     0x9, 0x1}
-    ,
-    {0xF, 0xC, 0x2, 0xA, 0x6, 0x4, 0x5, 0x0, 0x7, 0x9, 0xE, 0xD, 0x1, 0xB,
-     0x8, 0x3}
-};
-
-const byte CryptoProKeyMeshingKey[] = {
-    0x69, 0x00, 0x72, 0x22, 0x64, 0xC9, 0x04, 0x23,
-    0x8D, 0x3A, 0xDB, 0x96, 0x46, 0xE9, 0x2A, 0xC4,
-    0x18, 0xFE, 0xAC, 0x94, 0x00, 0xED, 0x07, 0x12,
-    0xC0, 0x86, 0xDC, 0xC2, 0xEF, 0x4C, 0xA9, 0x2B
-};
-
-/* Initialization of gost_ctx subst blocks*/
-static void kboxinit(gost_ctx * c, const gost_subst_block * b)
-{
-    int i;
-
-    for (i = 0; i < 256; i++) {
-        c->k87[i] = (word32) (b->k8[i >> 4] << 4 | b->k7[i & 15]) << 24;
-        c->k65[i] = (b->k6[i >> 4] << 4 | b->k5[i & 15]) << 16;
-        c->k43[i] = (b->k4[i >> 4] << 4 | b->k3[i & 15]) << 8;
-        c->k21[i] = b->k2[i >> 4] << 4 | b->k1[i & 15];
-
-    }
-}
-
-/* Part of GOST 28147 algorithm moved into separate function */
-static word32 f(gost_ctx * c, word32 x)
-{
-    x = c->k87[x >> 24 & 255] | c->k65[x >> 16 & 255] |
-        c->k43[x >> 8 & 255] | c->k21[x & 255];
-    /* Rotate left 11 bits */
-    return x << 11 | x >> (32 - 11);
-}
-
-/* Low-level encryption routine - encrypts one 64 bit block*/
-void gostcrypt(gost_ctx * c, const byte * in, byte * out)
-{
-    register word32 n1, n2;     /* As named in the GOST */
-    n1 = in[0] | (in[1] << 8) | (in[2] << 16) | ((word32) in[3] << 24);
-    n2 = in[4] | (in[5] << 8) | (in[6] << 16) | ((word32) in[7] << 24);
-    /* Instead of swapping halves, swap names each round */
-
-    n2 ^= f(c, n1 + c->k[0]);
-    n1 ^= f(c, n2 + c->k[1]);
-    n2 ^= f(c, n1 + c->k[2]);
-    n1 ^= f(c, n2 + c->k[3]);
-    n2 ^= f(c, n1 + c->k[4]);
-    n1 ^= f(c, n2 + c->k[5]);
-    n2 ^= f(c, n1 + c->k[6]);
-    n1 ^= f(c, n2 + c->k[7]);
-
-    n2 ^= f(c, n1 + c->k[0]);
-    n1 ^= f(c, n2 + c->k[1]);
-    n2 ^= f(c, n1 + c->k[2]);
-    n1 ^= f(c, n2 + c->k[3]);
-    n2 ^= f(c, n1 + c->k[4]);
-    n1 ^= f(c, n2 + c->k[5]);
-    n2 ^= f(c, n1 + c->k[6]);
-    n1 ^= f(c, n2 + c->k[7]);
-
-    n2 ^= f(c, n1 + c->k[0]);
-    n1 ^= f(c, n2 + c->k[1]);
-    n2 ^= f(c, n1 + c->k[2]);
-    n1 ^= f(c, n2 + c->k[3]);
-    n2 ^= f(c, n1 + c->k[4]);
-    n1 ^= f(c, n2 + c->k[5]);
-    n2 ^= f(c, n1 + c->k[6]);
-    n1 ^= f(c, n2 + c->k[7]);
-
-    n2 ^= f(c, n1 + c->k[7]);
-    n1 ^= f(c, n2 + c->k[6]);
-    n2 ^= f(c, n1 + c->k[5]);
-    n1 ^= f(c, n2 + c->k[4]);
-    n2 ^= f(c, n1 + c->k[3]);
-    n1 ^= f(c, n2 + c->k[2]);
-    n2 ^= f(c, n1 + c->k[1]);
-    n1 ^= f(c, n2 + c->k[0]);
-
-    out[0] = (byte) (n2 & 0xff);
-    out[1] = (byte) ((n2 >> 8) & 0xff);
-    out[2] = (byte) ((n2 >> 16) & 0xff);
-    out[3] = (byte) (n2 >> 24);
-    out[4] = (byte) (n1 & 0xff);
-    out[5] = (byte) ((n1 >> 8) & 0xff);
-    out[6] = (byte) ((n1 >> 16) & 0xff);
-    out[7] = (byte) (n1 >> 24);
-}
-
-/* Low-level decryption routine. Decrypts one 64-bit block */
-void gostdecrypt(gost_ctx * c, const byte * in, byte * out)
-{
-    register word32 n1, n2;     /* As named in the GOST */
-    n1 = in[0] | (in[1] << 8) | (in[2] << 16) | ((word32) in[3] << 24);
-    n2 = in[4] | (in[5] << 8) | (in[6] << 16) | ((word32) in[7] << 24);
-
-    n2 ^= f(c, n1 + c->k[0]);
-    n1 ^= f(c, n2 + c->k[1]);
-    n2 ^= f(c, n1 + c->k[2]);
-    n1 ^= f(c, n2 + c->k[3]);
-    n2 ^= f(c, n1 + c->k[4]);
-    n1 ^= f(c, n2 + c->k[5]);
-    n2 ^= f(c, n1 + c->k[6]);
-    n1 ^= f(c, n2 + c->k[7]);
-
-    n2 ^= f(c, n1 + c->k[7]);
-    n1 ^= f(c, n2 + c->k[6]);
-    n2 ^= f(c, n1 + c->k[5]);
-    n1 ^= f(c, n2 + c->k[4]);
-    n2 ^= f(c, n1 + c->k[3]);
-    n1 ^= f(c, n2 + c->k[2]);
-    n2 ^= f(c, n1 + c->k[1]);
-    n1 ^= f(c, n2 + c->k[0]);
-
-    n2 ^= f(c, n1 + c->k[7]);
-    n1 ^= f(c, n2 + c->k[6]);
-    n2 ^= f(c, n1 + c->k[5]);
-    n1 ^= f(c, n2 + c->k[4]);
-    n2 ^= f(c, n1 + c->k[3]);
-    n1 ^= f(c, n2 + c->k[2]);
-    n2 ^= f(c, n1 + c->k[1]);
-    n1 ^= f(c, n2 + c->k[0]);
-
-    n2 ^= f(c, n1 + c->k[7]);
-    n1 ^= f(c, n2 + c->k[6]);
-    n2 ^= f(c, n1 + c->k[5]);
-    n1 ^= f(c, n2 + c->k[4]);
-    n2 ^= f(c, n1 + c->k[3]);
-    n1 ^= f(c, n2 + c->k[2]);
-    n2 ^= f(c, n1 + c->k[1]);
-    n1 ^= f(c, n2 + c->k[0]);
-
-    out[0] = (byte) (n2 & 0xff);
-    out[1] = (byte) ((n2 >> 8) & 0xff);
-    out[2] = (byte) ((n2 >> 16) & 0xff);
-    out[3] = (byte) (n2 >> 24);
-    out[4] = (byte) (n1 & 0xff);
-    out[5] = (byte) ((n1 >> 8) & 0xff);
-    out[6] = (byte) ((n1 >> 16) & 0xff);
-    out[7] = (byte) (n1 >> 24);
-}
-
-/* Encrypts several blocks in ECB mode */
-void gost_enc(gost_ctx * c, const byte * clear, byte * cipher, int blocks)
-{
-    int i;
-    for (i = 0; i < blocks; i++) {
-        gostcrypt(c, clear, cipher);
-        clear += 8;
-        cipher += 8;
-    }
-}
-
-/* Decrypts several blocks in ECB mode */
-void gost_dec(gost_ctx * c, const byte * cipher, byte * clear, int blocks)
-{
-    int i;
-    for (i = 0; i < blocks; i++) {
-        gostdecrypt(c, cipher, clear);
-        clear += 8;
-        cipher += 8;
-    }
-}
-
-/* Encrypts several full blocks in CFB mode using 8byte IV */
-void gost_enc_cfb(gost_ctx * ctx, const byte * iv, const byte * clear,
-                  byte * cipher, int blocks)
-{
-    byte cur_iv[8];
-    byte gamma[8];
-    int i, j;
-    const byte *in;
-    byte *out;
-    memcpy(cur_iv, iv, 8);
-    for (i = 0, in = clear, out = cipher; i < blocks; i++, in += 8, out += 8) {
-        gostcrypt(ctx, cur_iv, gamma);
-        for (j = 0; j < 8; j++) {
-            cur_iv[j] = out[j] = in[j] ^ gamma[j];
-        }
-    }
-}
-
-/* Decrypts several full blocks in CFB mode using 8byte IV */
-void gost_dec_cfb(gost_ctx * ctx, const byte * iv, const byte * cipher,
-                  byte * clear, int blocks)
-{
-    byte cur_iv[8];
-    byte gamma[8];
-    int i, j;
-    const byte *in;
-    byte *out;
-    memcpy(cur_iv, iv, 8);
-    for (i = 0, in = cipher, out = clear; i < blocks; i++, in += 8, out += 8) {
-        gostcrypt(ctx, cur_iv, gamma);
-        for (j = 0; j < 8; j++) {
-            out[j] = (cur_iv[j] = in[j]) ^ gamma[j];
-        }
-    }
-}
-
-/* Encrypts one block using specified key */
-void gost_enc_with_key(gost_ctx * c, byte * key, byte * inblock,
-                       byte * outblock)
-{
-    gost_key(c, key);
-    gostcrypt(c, inblock, outblock);
-}
-
-/* Set 256 bit  key into context */
-void gost_key(gost_ctx * c, const byte * k)
-{
-    int i, j;
-    for (i = 0, j = 0; i < 8; i++, j += 4) {
-        c->k[i] =
-            k[j] | (k[j + 1] << 8) | (k[j + 2] << 16) | ((word32) k[j + 3] <<
-                                                         24);
-    }
-}
-
-/* Retrieve 256-bit key from context */
-void gost_get_key(gost_ctx * c, byte * k)
-{
-    int i, j;
-    for (i = 0, j = 0; i < 8; i++, j += 4) {
-        k[j] = (byte) (c->k[i] & 0xFF);
-        k[j + 1] = (byte) ((c->k[i] >> 8) & 0xFF);
-        k[j + 2] = (byte) ((c->k[i] >> 16) & 0xFF);
-        k[j + 3] = (byte) ((c->k[i] >> 24) & 0xFF);
-    }
-}
-
-/* Initalize context. Provides default value for subst_block */
-void gost_init(gost_ctx * c, const gost_subst_block * b)
-{
-    if (!b) {
-        b = &GostR3411_94_TestParamSet;
-    }
-    kboxinit(c, b);
-}
-
-/* Cleans up key from context */
-void gost_destroy(gost_ctx * c)
-{
-    int i;
-    for (i = 0; i < 8; i++)
-        c->k[i] = 0;
-}
-
-/*
- * Compute GOST 28147 mac block Parameters gost_ctx *c - context initalized
- * with substitution blocks and key buffer - 8-byte mac state buffer block
- * 8-byte block to process.
- */
-void mac_block(gost_ctx * c, byte * buffer, const byte * block)
-{
-    register word32 n1, n2;     /* As named in the GOST */
-    int i;
-    for (i = 0; i < 8; i++) {
-        buffer[i] ^= block[i];
-    }
-    n1 = buffer[0] | (buffer[1] << 8) | (buffer[2] << 16) | ((word32)
-                                                             buffer[3] << 24);
-    n2 = buffer[4] | (buffer[5] << 8) | (buffer[6] << 16) | ((word32)
-                                                             buffer[7] << 24);
-    /* Instead of swapping halves, swap names each round */
-
-    n2 ^= f(c, n1 + c->k[0]);
-    n1 ^= f(c, n2 + c->k[1]);
-    n2 ^= f(c, n1 + c->k[2]);
-    n1 ^= f(c, n2 + c->k[3]);
-    n2 ^= f(c, n1 + c->k[4]);
-    n1 ^= f(c, n2 + c->k[5]);
-    n2 ^= f(c, n1 + c->k[6]);
-    n1 ^= f(c, n2 + c->k[7]);
-
-    n2 ^= f(c, n1 + c->k[0]);
-    n1 ^= f(c, n2 + c->k[1]);
-    n2 ^= f(c, n1 + c->k[2]);
-    n1 ^= f(c, n2 + c->k[3]);
-    n2 ^= f(c, n1 + c->k[4]);
-    n1 ^= f(c, n2 + c->k[5]);
-    n2 ^= f(c, n1 + c->k[6]);
-    n1 ^= f(c, n2 + c->k[7]);
-
-    buffer[0] = (byte) (n1 & 0xff);
-    buffer[1] = (byte) ((n1 >> 8) & 0xff);
-    buffer[2] = (byte) ((n1 >> 16) & 0xff);
-    buffer[3] = (byte) (n1 >> 24);
-    buffer[4] = (byte) (n2 & 0xff);
-    buffer[5] = (byte) ((n2 >> 8) & 0xff);
-    buffer[6] = (byte) ((n2 >> 16) & 0xff);
-    buffer[7] = (byte) (n2 >> 24);
-}
-
-/* Get mac with specified number of bits from MAC state buffer */
-void get_mac(byte * buffer, int nbits, byte * out)
-{
-    int nbytes = nbits >> 3;
-    int rembits = nbits & 7;
-    int mask = rembits ? ((1 < rembits) - 1) : 0;
-    int i;
-    for (i = 0; i < nbytes; i++)
-        out[i] = buffer[i];
-    if (rembits)
-        out[i] = buffer[i] & mask;
-}
-
-/*
- * Compute mac of specified length (in bits) from data. Context should be
- * initialized with key and subst blocks
- */
-int gost_mac(gost_ctx * ctx, int mac_len, const unsigned char *data,
-             unsigned int data_len, unsigned char *mac)
-{
-    byte buffer[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
-    byte buf2[8];
-    unsigned int i;
-    for (i = 0; i + 8 <= data_len; i += 8)
-        mac_block(ctx, buffer, data + i);
-    if (i < data_len) {
-        memset(buf2, 0, 8);
-        memcpy(buf2, data + i, data_len - i);
-        mac_block(ctx, buffer, buf2);
-        i += 8;
-    }
-    if (i == 8) {
-        memset(buf2, 0, 8);
-        mac_block(ctx, buffer, buf2);
-    }
-    get_mac(buffer, mac_len, mac);
-    return 1;
-}
-
-/* Compute MAC with non-zero IV. Used in some RFC 4357 algorithms */
-int gost_mac_iv(gost_ctx * ctx, int mac_len, const unsigned char *iv,
-                const unsigned char *data, unsigned int data_len,
-                unsigned char *mac)
-{
-    byte buffer[8];
-    byte buf2[8];
-    unsigned int i;
-    memcpy(buffer, iv, 8);
-    for (i = 0; i + 8 <= data_len; i += 8)
-        mac_block(ctx, buffer, data + i);
-    if (i < data_len) {
-        memset(buf2, 0, 8);
-        memcpy(buf2, data + i, data_len - i);
-        mac_block(ctx, buffer, buf2);
-        i += 8;
-    }
-    if (i == 8) {
-        memset(buf2, 0, 8);
-        mac_block(ctx, buffer, buf2);
-    }
-    get_mac(buffer, mac_len, mac);
-    return 1;
-}
-
-/* Implements key meshing algorithm by modifing ctx and IV in place */
-void cryptopro_key_meshing(gost_ctx * ctx, unsigned char *iv)
-{
-    unsigned char newkey[32], newiv[8];
-    /* Set static keymeshing key */
-    /* "Decrypt" key with keymeshing key */
-    gost_dec(ctx, CryptoProKeyMeshingKey, newkey, 4);
-    /* set new key */
-    gost_key(ctx, newkey);
-    /* Encrypt iv with new key */
-    gostcrypt(ctx, iv, newiv);
-    memcpy(iv, newiv, 8);
-}
diff --git a/freebsd/crypto/openssl/engines/ccgost/gost89.h b/freebsd/crypto/openssl/engines/ccgost/gost89.h
deleted file mode 100644
index e5b877f4..00000000
--- a/freebsd/crypto/openssl/engines/ccgost/gost89.h
+++ /dev/null
@@ -1,98 +0,0 @@
-/**********************************************************************
- *                        gost89.h                                    *
- *             Copyright (c) 2005-2006 Cryptocom LTD                  *
- *     This file is distributed under the same license as OpenSSL     *
- *                                                                    *
- *          Declarations for GOST 28147-89 encryption algorithm       *
- *            No OpenSSL libraries required to compile and use        *
- *                       this code                                    *
- **********************************************************************/
-#ifndef GOST89_H
-# define GOST89_H
-
-/* Typedef for unsigned 32-bit integer */
-# if __LONG_MAX__ > 2147483647L
-typedef unsigned int u4;
-# else
-typedef unsigned long u4;
-# endif
-/* Typedef for unsigned 8-bit integer */
-typedef unsigned char byte;
-
-/* Internal representation of GOST substitution blocks */
-typedef struct {
-    byte k8[16];
-    byte k7[16];
-    byte k6[16];
-    byte k5[16];
-    byte k4[16];
-    byte k3[16];
-    byte k2[16];
-    byte k1[16];
-} gost_subst_block;
-
-/* Cipher context includes key and preprocessed  substitution block */
-typedef struct {
-    u4 k[8];
-    /* Constant s-boxes -- set up in gost_init(). */
-    u4 k87[256], k65[256], k43[256], k21[256];
-} gost_ctx;
-/*
- * Note: encrypt and decrypt expect full blocks--padding blocks is caller's
- * responsibility. All bulk encryption is done in ECB mode by these calls.
- * Other modes may be added easily enough.
- */
-/* Encrypt several full blocks in ECB mode */
-void gost_enc(gost_ctx * ctx, const byte * clear, byte * cipher, int blocks);
-/* Decrypt several full blocks in ECB mode */
-void gost_dec(gost_ctx * ctx, const byte * cipher, byte * clear, int blocks);
-/* Encrypts several full blocks in CFB mode using 8byte IV */
-void gost_enc_cfb(gost_ctx * ctx, const byte * iv, const byte * clear,
-                  byte * cipher, int blocks);
-/* Decrypts several full blocks in CFB mode using 8byte IV */
-void gost_dec_cfb(gost_ctx * ctx, const byte * iv, const byte * cipher,
-                  byte * clear, int blocks);
-
-/* Encrypt one  block */
-void gostcrypt(gost_ctx * c, const byte * in, byte * out);
-/* Decrypt one  block */
-void gostdecrypt(gost_ctx * c, const byte * in, byte * out);
-/* Set key into context */
-void gost_key(gost_ctx * ctx, const byte * key);
-/* Get key from context */
-void gost_get_key(gost_ctx * ctx, byte * key);
-/* Set S-blocks into context */
-void gost_init(gost_ctx * ctx, const gost_subst_block * subst_block);
-/* Clean up context */
-void gost_destroy(gost_ctx * ctx);
-/* Intermediate function used for calculate hash */
-void gost_enc_with_key(gost_ctx *, byte * key, byte * inblock,
-                       byte * outblock);
-/* Compute MAC of given length in bits from data */
-int gost_mac(gost_ctx * ctx, int hmac_len, const unsigned char *data,
-             unsigned int data_len, unsigned char *hmac);
-/*
- * Compute MAC of given length in bits from data, using non-zero 8-byte IV
- * (non-standard, for use in CryptoPro key transport only
- */
-int gost_mac_iv(gost_ctx * ctx, int hmac_len, const unsigned char *iv,
-                const unsigned char *data, unsigned int data_len,
-                unsigned char *hmac);
-/* Perform one step of MAC calculation like gostcrypt */
-void mac_block(gost_ctx * c, byte * buffer, const byte * block);
-/* Extracts MAC value from mac state buffer */
-void get_mac(byte * buffer, int nbits, byte * out);
-/* Implements cryptopro key meshing algorithm. Expect IV to be 8-byte size*/
-void cryptopro_key_meshing(gost_ctx * ctx, unsigned char *iv);
-/* Parameter sets specified in RFC 4357 */
-extern gost_subst_block GostR3411_94_TestParamSet;
-extern gost_subst_block GostR3411_94_CryptoProParamSet;
-extern gost_subst_block Gost28147_TestParamSet;
-extern gost_subst_block Gost28147_CryptoProParamSetA;
-extern gost_subst_block Gost28147_CryptoProParamSetB;
-extern gost_subst_block Gost28147_CryptoProParamSetC;
-extern gost_subst_block Gost28147_CryptoProParamSetD;
-extern const byte CryptoProKeyMeshingKey[];
-typedef unsigned int word32;
-
-#endif
diff --git a/freebsd/crypto/openssl/engines/ccgost/gost94_keyx.c b/freebsd/crypto/openssl/engines/ccgost/gost94_keyx.c
deleted file mode 100644
index 37ce9c7e..00000000
--- a/freebsd/crypto/openssl/engines/ccgost/gost94_keyx.c
+++ /dev/null
@@ -1,284 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/**********************************************************************
- *                             gost94_keyx.c                          *
- *             Copyright (c) 2005-2006 Cryptocom LTD                  *
- *         This file is distributed under the same license as OpenSSL *
- *                                                                    *
- *     Implements generation and parsing of GOST_KEY_TRANSPORT for    *
- *              GOST R 34.10-94 algorithms                            *
- *                                                                    *
- *          Requires OpenSSL 0.9.9 for compilation                    *
- **********************************************************************/
-#include <string.h>
-#include <openssl/dh.h>
-#include <openssl/rand.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-
-#include "gost89.h"
-#include "gosthash.h"
-#include "e_gost_err.h"
-#include "gost_keywrap.h"
-#include "gost_lcl.h"
-/* Common functions for both 94 and 2001 key exchange schemes */
-/*
- * Implementation of the Diffi-Hellman key agreement scheme based on GOST-94
- * keys
- */
-
-/*
- * Computes Diffie-Hellman key and stores it into buffer in little-endian
- * byte order as expected by both versions of GOST 94 algorithm
- */
-static int compute_pair_key_le(unsigned char *pair_key, BIGNUM *pub_key,
-                               DH *dh)
-{
-    unsigned char be_key[128];
-    int i, key_size;
-    key_size = DH_compute_key(be_key, pub_key, dh);
-    if (!key_size)
-        return 0;
-    memset(pair_key, 0, 128);
-    for (i = 0; i < key_size; i++) {
-        pair_key[i] = be_key[key_size - 1 - i];
-    }
-    return key_size;
-}
-
-/*
- * Computes 256 bit Key exchange key as specified in RFC 4357
- */
-static int make_cp_exchange_key(BIGNUM *priv_key, EVP_PKEY *pubk,
-                                unsigned char *shared_key)
-{
-    unsigned char dh_key[128];
-    int ret;
-    gost_hash_ctx hash_ctx;
-    DH *dh = DH_new();
-
-    if (!dh)
-        return 0;
-    memset(dh_key, 0, 128);
-    dh->g = BN_dup(pubk->pkey.dsa->g);
-    dh->p = BN_dup(pubk->pkey.dsa->p);
-    dh->priv_key = BN_dup(priv_key);
-    ret =
-        compute_pair_key_le(dh_key, ((DSA *)(EVP_PKEY_get0(pubk)))->pub_key,
-                            dh);
-    DH_free(dh);
-    if (!ret)
-        return 0;
-    init_gost_hash_ctx(&hash_ctx, &GostR3411_94_CryptoProParamSet);
-    start_hash(&hash_ctx);
-    hash_block(&hash_ctx, dh_key, 128);
-    finish_hash(&hash_ctx, shared_key);
-    done_gost_hash_ctx(&hash_ctx);
-    return 1;
-}
-
-/* EVP_PKEY_METHOD callback derive. Implements VKO R 34.10-94 */
-
-int pkey_gost94_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
-{
-    EVP_PKEY *pubk = EVP_PKEY_CTX_get0_peerkey(ctx);
-    EVP_PKEY *mykey = EVP_PKEY_CTX_get0_pkey(ctx);
-    *keylen = 32;
-    if (key == NULL)
-        return 1;
-
-    return make_cp_exchange_key(gost_get0_priv_key(mykey), pubk, key);
-}
-
-/*
- * EVP_PKEY_METHOD callback encrypt for GOST R 34.10-94 cryptopro
- * modification
- */
-
-int pkey_GOST94cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
-                          size_t *outlen, const unsigned char *key,
-                          size_t key_len)
-{
-    GOST_KEY_TRANSPORT *gkt = NULL;
-    unsigned char shared_key[32], ukm[8], crypted_key[44];
-    const struct gost_cipher_info *param = get_encryption_params(NULL);
-    EVP_PKEY *pubk = EVP_PKEY_CTX_get0_pkey(ctx);
-    struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
-    gost_ctx cctx;
-    int key_is_ephemeral = 1;
-    int tmp_outlen;
-    EVP_PKEY *mykey = EVP_PKEY_CTX_get0_peerkey(ctx);
-
-    /* Do not use vizir cipher parameters with cryptopro */
-    if (!get_gost_engine_param(GOST_PARAM_CRYPT_PARAMS)
-        && param == gost_cipher_list) {
-        param = gost_cipher_list + 1;
-    }
-
-    if (mykey) {
-        /* If key already set, it is not ephemeral */
-        key_is_ephemeral = 0;
-        if (!gost_get0_priv_key(mykey)) {
-            GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT,
-                    GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR);
-            goto err;
-        }
-    } else {
-        /* Otherwise generate ephemeral key */
-        key_is_ephemeral = 1;
-        if (out) {
-            mykey = EVP_PKEY_new();
-            if (!mykey)
-                goto memerr;
-            EVP_PKEY_assign(mykey, EVP_PKEY_base_id(pubk), DSA_new());
-            EVP_PKEY_copy_parameters(mykey, pubk);
-            if (!gost_sign_keygen(EVP_PKEY_get0(mykey))) {
-                goto err;
-            }
-        }
-    }
-    if (out)
-        make_cp_exchange_key(gost_get0_priv_key(mykey), pubk, shared_key);
-    if (data->shared_ukm) {
-        memcpy(ukm, data->shared_ukm, 8);
-    } else if (out) {
-        if (RAND_bytes(ukm, 8) <= 0) {
-            GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT,
-                    GOST_R_RANDOM_GENERATOR_FAILURE);
-            goto err;
-        }
-    }
-
-    if (out) {
-        gost_init(&cctx, param->sblock);
-        keyWrapCryptoPro(&cctx, shared_key, ukm, key, crypted_key);
-    }
-    gkt = GOST_KEY_TRANSPORT_new();
-    if (!gkt) {
-        goto memerr;
-    }
-    if (!ASN1_OCTET_STRING_set(gkt->key_agreement_info->eph_iv, ukm, 8)) {
-        goto memerr;
-    }
-    if (!ASN1_OCTET_STRING_set(gkt->key_info->imit, crypted_key + 40, 4)) {
-        goto memerr;
-    }
-    if (!ASN1_OCTET_STRING_set
-        (gkt->key_info->encrypted_key, crypted_key + 8, 32)) {
-        goto memerr;
-    }
-    if (key_is_ephemeral) {
-        if (!X509_PUBKEY_set
-            (&gkt->key_agreement_info->ephem_key, out ? mykey : pubk)) {
-            GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT,
-                    GOST_R_CANNOT_PACK_EPHEMERAL_KEY);
-            goto err;
-        }
-        if (out)
-            EVP_PKEY_free(mykey);
-    }
-    ASN1_OBJECT_free(gkt->key_agreement_info->cipher);
-    gkt->key_agreement_info->cipher = OBJ_nid2obj(param->nid);
-    tmp_outlen = i2d_GOST_KEY_TRANSPORT(gkt, out ? &out : NULL);
-    if (tmp_outlen <= 0) {
-        GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT,
-                GOST_R_ERROR_PACKING_KEY_TRANSPORT_INFO);
-        goto err;
-    }
-    *outlen = tmp_outlen;
-    if (!key_is_ephemeral) {
-        /* Set control "public key from client certificate used" */
-        if (EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL) <=
-            0) {
-            GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT, GOST_R_CTRL_CALL_FAILED);
-            goto err;
-        }
-    }
-    GOST_KEY_TRANSPORT_free(gkt);
-    return 1;
- memerr:
-    if (key_is_ephemeral) {
-        EVP_PKEY_free(mykey);
-    }
-    GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT, GOST_R_MALLOC_FAILURE);
- err:
-    GOST_KEY_TRANSPORT_free(gkt);
-    return -1;
-}
-
-/*
- * EVP_PLEY_METHOD callback decrypt for GOST R 34.10-94 cryptopro
- * modification
- */
-int pkey_GOST94cp_decrypt(EVP_PKEY_CTX *ctx, unsigned char *key,
-                          size_t *key_len, const unsigned char *in,
-                          size_t in_len)
-{
-    const unsigned char *p = in;
-    GOST_KEY_TRANSPORT *gkt = NULL;
-    unsigned char wrappedKey[44];
-    unsigned char sharedKey[32];
-    gost_ctx cctx;
-    const struct gost_cipher_info *param = NULL;
-    EVP_PKEY *eph_key = NULL, *peerkey = NULL;
-    EVP_PKEY *priv = EVP_PKEY_CTX_get0_pkey(ctx);
-
-    if (!key) {
-        *key_len = 32;
-        return 1;
-    }
-
-    gkt = d2i_GOST_KEY_TRANSPORT(NULL, (const unsigned char **)&p, in_len);
-    if (!gkt) {
-        GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT,
-                GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO);
-        return 0;
-    }
-    eph_key = X509_PUBKEY_get(gkt->key_agreement_info->ephem_key);
-    if (eph_key) {
-        if (EVP_PKEY_derive_set_peer(ctx, eph_key) <= 0) {
-            GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT,
-                    GOST_R_INCOMPATIBLE_PEER_KEY);
-            goto err;
-        }
-    } else {
-        /* Set control "public key from client certificate used" */
-        if (EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL) <=
-            0) {
-            GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT, GOST_R_CTRL_CALL_FAILED);
-            goto err;
-        }
-    }
-    peerkey = EVP_PKEY_CTX_get0_peerkey(ctx);
-    if (!peerkey) {
-        GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT, GOST_R_NO_PEER_KEY);
-        goto err;
-    }
-
-    param = get_encryption_params(gkt->key_agreement_info->cipher);
-    if (!param) {
-        goto err;
-    }
-
-    gost_init(&cctx, param->sblock);
-    OPENSSL_assert(gkt->key_agreement_info->eph_iv->length == 8);
-    memcpy(wrappedKey, gkt->key_agreement_info->eph_iv->data, 8);
-    OPENSSL_assert(gkt->key_info->encrypted_key->length == 32);
-    memcpy(wrappedKey + 8, gkt->key_info->encrypted_key->data, 32);
-    OPENSSL_assert(gkt->key_info->imit->length == 4);
-    memcpy(wrappedKey + 40, gkt->key_info->imit->data, 4);
-    make_cp_exchange_key(gost_get0_priv_key(priv), peerkey, sharedKey);
-    if (!keyUnwrapCryptoPro(&cctx, sharedKey, wrappedKey, key)) {
-        GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT,
-                GOST_R_ERROR_COMPUTING_SHARED_KEY);
-        goto err;
-    }
-
-    EVP_PKEY_free(eph_key);
-    GOST_KEY_TRANSPORT_free(gkt);
-    return 1;
- err:
-    EVP_PKEY_free(eph_key);
-    GOST_KEY_TRANSPORT_free(gkt);
-    return -1;
-}
diff --git a/freebsd/crypto/openssl/engines/ccgost/gost_ameth.c b/freebsd/crypto/openssl/engines/ccgost/gost_ameth.c
deleted file mode 100644
index 9e6b8830..00000000
--- a/freebsd/crypto/openssl/engines/ccgost/gost_ameth.c
+++ /dev/null
@@ -1,959 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/**********************************************************************
- *                          gost_ameth.c                              *
- *             Copyright (c) 2005-2006 Cryptocom LTD                  *
- *         This file is distributed under the same license as OpenSSL *
- *                                                                    *
- *       Implementation of RFC 4490/4491 ASN1 method                  *
- *       for OpenSSL                                                  *
- *          Requires OpenSSL 0.9.9 for compilation                    *
- **********************************************************************/
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/err.h>
-#include <openssl/engine.h>
-#include <openssl/evp.h>
-#include <openssl/asn1.h>
-#ifndef OPENSSL_NO_CMS
-# include <openssl/cms.h>
-#endif
-#include "gost_params.h"
-#include "gost_lcl.h"
-#include "e_gost_err.h"
-
-int gost94_nid_by_params(DSA *p)
-{
-    R3410_params *gost_params;
-    BIGNUM *q = BN_new();
-    for (gost_params = R3410_paramset; gost_params->q != NULL; gost_params++) {
-        BN_dec2bn(&q, gost_params->q);
-        if (!BN_cmp(q, p->q)) {
-            BN_free(q);
-            return gost_params->nid;
-        }
-    }
-    BN_free(q);
-    return NID_undef;
-}
-
-static ASN1_STRING *encode_gost_algor_params(const EVP_PKEY *key)
-{
-    ASN1_STRING *params = ASN1_STRING_new();
-    GOST_KEY_PARAMS *gkp = GOST_KEY_PARAMS_new();
-    int pkey_param_nid = NID_undef;
-
-    if (!params || !gkp) {
-        GOSTerr(GOST_F_ENCODE_GOST_ALGOR_PARAMS, ERR_R_MALLOC_FAILURE);
-        ASN1_STRING_free(params);
-        params = NULL;
-        goto err;
-    }
-    switch (EVP_PKEY_base_id(key)) {
-    case NID_id_GostR3410_2001:
-        pkey_param_nid =
-            EC_GROUP_get_curve_name(EC_KEY_get0_group
-                                    (EVP_PKEY_get0((EVP_PKEY *)key)));
-        break;
-    case NID_id_GostR3410_94:
-        pkey_param_nid =
-            (int)gost94_nid_by_params(EVP_PKEY_get0((EVP_PKEY *)key));
-        if (pkey_param_nid == NID_undef) {
-            GOSTerr(GOST_F_ENCODE_GOST_ALGOR_PARAMS,
-                    GOST_R_INVALID_GOST94_PARMSET);
-            ASN1_STRING_free(params);
-            params = NULL;
-            goto err;
-        }
-        break;
-    }
-    gkp->key_params = OBJ_nid2obj(pkey_param_nid);
-    gkp->hash_params = OBJ_nid2obj(NID_id_GostR3411_94_CryptoProParamSet);
-    /*
-     * gkp->cipher_params = OBJ_nid2obj(cipher_param_nid);
-     */
-    params->length = i2d_GOST_KEY_PARAMS(gkp, &params->data);
-    if (params->length <= 0) {
-        GOSTerr(GOST_F_ENCODE_GOST_ALGOR_PARAMS, ERR_R_MALLOC_FAILURE);
-        ASN1_STRING_free(params);
-        params = NULL;
-        goto err;
-    }
-    params->type = V_ASN1_SEQUENCE;
- err:
-    GOST_KEY_PARAMS_free(gkp);
-    return params;
-}
-
-/*
- * Parses GOST algorithm parameters from X509_ALGOR and modifies pkey setting
- * NID and parameters
- */
-static int decode_gost_algor_params(EVP_PKEY *pkey, X509_ALGOR *palg)
-{
-    ASN1_OBJECT *palg_obj = NULL;
-    int ptype = V_ASN1_UNDEF;
-    int pkey_nid = NID_undef, param_nid = NID_undef;
-    void *_pval;
-    ASN1_STRING *pval = NULL;
-    const unsigned char *p;
-    GOST_KEY_PARAMS *gkp = NULL;
-
-    X509_ALGOR_get0(&palg_obj, &ptype, &_pval, palg);
-    pval = _pval;
-    if (ptype != V_ASN1_SEQUENCE) {
-        GOSTerr(GOST_F_DECODE_GOST_ALGOR_PARAMS,
-                GOST_R_BAD_KEY_PARAMETERS_FORMAT);
-        return 0;
-    }
-    p = pval->data;
-    pkey_nid = OBJ_obj2nid(palg_obj);
-
-    gkp = d2i_GOST_KEY_PARAMS(NULL, &p, pval->length);
-    if (!gkp) {
-        GOSTerr(GOST_F_DECODE_GOST_ALGOR_PARAMS,
-                GOST_R_BAD_PKEY_PARAMETERS_FORMAT);
-        return 0;
-    }
-    param_nid = OBJ_obj2nid(gkp->key_params);
-    GOST_KEY_PARAMS_free(gkp);
-    if(!EVP_PKEY_set_type(pkey, pkey_nid)) {
-        GOSTerr(GOST_F_DECODE_GOST_ALGOR_PARAMS, ERR_R_INTERNAL_ERROR);
-        return 0;
-    }
-    switch (pkey_nid) {
-    case NID_id_GostR3410_94:
-        {
-            DSA *dsa = EVP_PKEY_get0(pkey);
-            if (!dsa) {
-                dsa = DSA_new();
-                if (!EVP_PKEY_assign(pkey, pkey_nid, dsa))
-                    return 0;
-            }
-            if (!fill_GOST94_params(dsa, param_nid))
-                return 0;
-            break;
-        }
-    case NID_id_GostR3410_2001:
-        {
-            EC_KEY *ec = EVP_PKEY_get0(pkey);
-            if (!ec) {
-                ec = EC_KEY_new();
-                if (!EVP_PKEY_assign(pkey, pkey_nid, ec))
-                    return 0;
-            }
-            if (!fill_GOST2001_params(ec, param_nid))
-                return 0;
-        }
-    }
-
-    return 1;
-}
-
-static int gost_set_priv_key(EVP_PKEY *pkey, BIGNUM *priv)
-{
-    switch (EVP_PKEY_base_id(pkey)) {
-    case NID_id_GostR3410_94:
-        {
-            DSA *dsa = EVP_PKEY_get0(pkey);
-            if (!dsa) {
-                dsa = DSA_new();
-                EVP_PKEY_assign(pkey, EVP_PKEY_base_id(pkey), dsa);
-            }
-            dsa->priv_key = BN_dup(priv);
-            if (!EVP_PKEY_missing_parameters(pkey))
-                gost94_compute_public(dsa);
-            break;
-        }
-    case NID_id_GostR3410_2001:
-        {
-            EC_KEY *ec = EVP_PKEY_get0(pkey);
-            if (!ec) {
-                ec = EC_KEY_new();
-                EVP_PKEY_assign(pkey, EVP_PKEY_base_id(pkey), ec);
-            }
-            if (!EC_KEY_set_private_key(ec, priv))
-                return 0;
-            if (!EVP_PKEY_missing_parameters(pkey))
-                gost2001_compute_public(ec);
-            break;
-        }
-    }
-    return 1;
-}
-
-BIGNUM *gost_get0_priv_key(const EVP_PKEY *pkey)
-{
-    switch (EVP_PKEY_base_id(pkey)) {
-    case NID_id_GostR3410_94:
-        {
-            DSA *dsa = EVP_PKEY_get0((EVP_PKEY *)pkey);
-            if (!dsa) {
-                return NULL;
-            }
-            if (!dsa->priv_key)
-                return NULL;
-            return dsa->priv_key;
-            break;
-        }
-    case NID_id_GostR3410_2001:
-        {
-            EC_KEY *ec = EVP_PKEY_get0((EVP_PKEY *)pkey);
-            const BIGNUM *priv;
-            if (!ec) {
-                return NULL;
-            }
-            if (!(priv = EC_KEY_get0_private_key(ec)))
-                return NULL;
-            return (BIGNUM *)priv;
-            break;
-        }
-    }
-    return NULL;
-}
-
-static int pkey_ctrl_gost(EVP_PKEY *pkey, int op, long arg1, void *arg2)
-{
-    switch (op) {
-    case ASN1_PKEY_CTRL_PKCS7_SIGN:
-        if (arg1 == 0) {
-            X509_ALGOR *alg1 = NULL, *alg2 = NULL;
-            int nid = EVP_PKEY_base_id(pkey);
-            PKCS7_SIGNER_INFO_get0_algs((PKCS7_SIGNER_INFO *)arg2,
-                                        NULL, &alg1, &alg2);
-            X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_id_GostR3411_94),
-                            V_ASN1_NULL, 0);
-            if (nid == NID_undef) {
-                return (-1);
-            }
-            X509_ALGOR_set0(alg2, OBJ_nid2obj(nid), V_ASN1_NULL, 0);
-        }
-        return 1;
-#ifndef OPENSSL_NO_CMS
-    case ASN1_PKEY_CTRL_CMS_SIGN:
-        if (arg1 == 0) {
-            X509_ALGOR *alg1 = NULL, *alg2 = NULL;
-            int nid = EVP_PKEY_base_id(pkey);
-            CMS_SignerInfo_get0_algs((CMS_SignerInfo *)arg2,
-                                     NULL, NULL, &alg1, &alg2);
-            X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_id_GostR3411_94),
-                            V_ASN1_NULL, 0);
-            if (nid == NID_undef) {
-                return (-1);
-            }
-            X509_ALGOR_set0(alg2, OBJ_nid2obj(nid), V_ASN1_NULL, 0);
-        }
-        return 1;
-#endif
-    case ASN1_PKEY_CTRL_PKCS7_ENCRYPT:
-        if (arg1 == 0) {
-            X509_ALGOR *alg;
-            ASN1_STRING *params = encode_gost_algor_params(pkey);
-            if (!params) {
-                return -1;
-            }
-            PKCS7_RECIP_INFO_get0_alg((PKCS7_RECIP_INFO *)arg2, &alg);
-            X509_ALGOR_set0(alg, OBJ_nid2obj(pkey->type),
-                            V_ASN1_SEQUENCE, params);
-        }
-        return 1;
-#ifndef OPENSSL_NO_CMS
-    case ASN1_PKEY_CTRL_CMS_ENVELOPE:
-        if (arg1 == 0) {
-            X509_ALGOR *alg = NULL;
-            ASN1_STRING *params = encode_gost_algor_params(pkey);
-            if (!params) {
-                return -1;
-            }
-            CMS_RecipientInfo_ktri_get0_algs((CMS_RecipientInfo *)arg2, NULL,
-                                             NULL, &alg);
-            X509_ALGOR_set0(alg, OBJ_nid2obj(pkey->type), V_ASN1_SEQUENCE,
-                            params);
-        }
-        return 1;
-#endif
-    case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
-        *(int *)arg2 = NID_id_GostR3411_94;
-        return 2;
-    }
-
-    return -2;
-}
-
-/* --------------------- free functions * ------------------------------*/
-static void pkey_free_gost94(EVP_PKEY *key)
-{
-    if (key->pkey.dsa) {
-        DSA_free(key->pkey.dsa);
-    }
-}
-
-static void pkey_free_gost01(EVP_PKEY *key)
-{
-    if (key->pkey.ec) {
-        EC_KEY_free(key->pkey.ec);
-    }
-}
-
-/* ------------------ private key functions  -----------------------------*/
-static int priv_decode_gost(EVP_PKEY *pk, PKCS8_PRIV_KEY_INFO *p8inf)
-{
-    const unsigned char *pkey_buf = NULL, *p = NULL;
-    int priv_len = 0;
-    BIGNUM *pk_num = NULL;
-    int ret = 0;
-    X509_ALGOR *palg = NULL;
-    ASN1_OBJECT *palg_obj = NULL;
-    ASN1_INTEGER *priv_key = NULL;
-
-    if (!PKCS8_pkey_get0(&palg_obj, &pkey_buf, &priv_len, &palg, p8inf))
-        return 0;
-    p = pkey_buf;
-    if (!decode_gost_algor_params(pk, palg)) {
-        return 0;
-    }
-    if (V_ASN1_OCTET_STRING == *p) {
-        /* New format - Little endian octet string */
-        unsigned char rev_buf[32];
-        int i;
-        ASN1_OCTET_STRING *s = d2i_ASN1_OCTET_STRING(NULL, &p, priv_len);
-        if (!s || s->length != 32) {
-            GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR);
-            return 0;
-        }
-        for (i = 0; i < 32; i++) {
-            rev_buf[31 - i] = s->data[i];
-        }
-        ASN1_STRING_free(s);
-        pk_num = getbnfrombuf(rev_buf, 32);
-    } else {
-        priv_key = d2i_ASN1_INTEGER(NULL, &p, priv_len);
-        if (!priv_key)
-            return 0;
-        ret = ((pk_num = ASN1_INTEGER_to_BN(priv_key, NULL)) != NULL);
-        ASN1_INTEGER_free(priv_key);
-        if (!ret) {
-            GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR);
-            return 0;
-        }
-    }
-
-    ret = gost_set_priv_key(pk, pk_num);
-    BN_free(pk_num);
-    return ret;
-}
-
-/* ----------------------------------------------------------------------*/
-static int priv_encode_gost(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk)
-{
-    ASN1_OBJECT *algobj = OBJ_nid2obj(EVP_PKEY_base_id(pk));
-    ASN1_STRING *params = encode_gost_algor_params(pk);
-    unsigned char *priv_buf = NULL;
-    int priv_len;
-
-    ASN1_INTEGER *asn1key = NULL;
-    if (!params) {
-        return 0;
-    }
-    asn1key = BN_to_ASN1_INTEGER(gost_get0_priv_key(pk), NULL);
-    priv_len = i2d_ASN1_INTEGER(asn1key, &priv_buf);
-    ASN1_INTEGER_free(asn1key);
-    return PKCS8_pkey_set0(p8, algobj, 0, V_ASN1_SEQUENCE, params,
-                           priv_buf, priv_len);
-}
-
-/* --------- printing keys --------------------------------*/
-static int print_gost_94(BIO *out, const EVP_PKEY *pkey, int indent,
-                         ASN1_PCTX *pctx, int type)
-{
-    int param_nid = NID_undef;
-
-    if (type == 2) {
-        BIGNUM *key;
-
-        if (!BIO_indent(out, indent, 128))
-            return 0;
-        BIO_printf(out, "Private key: ");
-        key = gost_get0_priv_key(pkey);
-        if (!key)
-            BIO_printf(out, "<undefined>");
-        else
-            BN_print(out, key);
-        BIO_printf(out, "\n");
-    }
-    if (type >= 1) {
-        BIGNUM *pubkey;
-
-        pubkey = ((DSA *)EVP_PKEY_get0((EVP_PKEY *)pkey))->pub_key;
-        BIO_indent(out, indent, 128);
-        BIO_printf(out, "Public key: ");
-        BN_print(out, pubkey);
-        BIO_printf(out, "\n");
-    }
-
-    param_nid = gost94_nid_by_params(EVP_PKEY_get0((EVP_PKEY *)pkey));
-    BIO_indent(out, indent, 128);
-    BIO_printf(out, "Parameter set: %s\n", OBJ_nid2ln(param_nid));
-    return 1;
-}
-
-static int param_print_gost94(BIO *out, const EVP_PKEY *pkey, int indent,
-                              ASN1_PCTX *pctx)
-{
-    return print_gost_94(out, pkey, indent, pctx, 0);
-}
-
-static int pub_print_gost94(BIO *out, const EVP_PKEY *pkey, int indent,
-                            ASN1_PCTX *pctx)
-{
-    return print_gost_94(out, pkey, indent, pctx, 1);
-}
-
-static int priv_print_gost94(BIO *out, const EVP_PKEY *pkey, int indent,
-                             ASN1_PCTX *pctx)
-{
-    return print_gost_94(out, pkey, indent, pctx, 2);
-}
-
-static int print_gost_01(BIO *out, const EVP_PKEY *pkey, int indent,
-                         ASN1_PCTX *pctx, int type)
-{
-    int param_nid = NID_undef;
-    if (type == 2) {
-        BIGNUM *key;
-
-        if (!BIO_indent(out, indent, 128))
-            return 0;
-        BIO_printf(out, "Private key: ");
-        key = gost_get0_priv_key(pkey);
-        if (!key)
-            BIO_printf(out, "<undefined)");
-        else
-            BN_print(out, key);
-        BIO_printf(out, "\n");
-    }
-    if (type >= 1) {
-        BN_CTX *ctx = BN_CTX_new();
-        BIGNUM *X, *Y;
-        const EC_POINT *pubkey;
-        const EC_GROUP *group;
-
-        if (!ctx) {
-            GOSTerr(GOST_F_PRINT_GOST_01, ERR_R_MALLOC_FAILURE);
-            return 0;
-        }
-        BN_CTX_start(ctx);
-        X = BN_CTX_get(ctx);
-        Y = BN_CTX_get(ctx);
-        pubkey =
-            EC_KEY_get0_public_key((EC_KEY *)EVP_PKEY_get0((EVP_PKEY *)pkey));
-        group = EC_KEY_get0_group((EC_KEY *)EVP_PKEY_get0((EVP_PKEY *)pkey));
-        if (!EC_POINT_get_affine_coordinates_GFp(group, pubkey, X, Y, ctx)) {
-            GOSTerr(GOST_F_PRINT_GOST_01, ERR_R_EC_LIB);
-            BN_CTX_free(ctx);
-            return 0;
-        }
-        if (!BIO_indent(out, indent, 128))
-            return 0;
-        BIO_printf(out, "Public key:\n");
-        if (!BIO_indent(out, indent + 3, 128))
-            return 0;
-        BIO_printf(out, "X:");
-        BN_print(out, X);
-        BIO_printf(out, "\n");
-        BIO_indent(out, indent + 3, 128);
-        BIO_printf(out, "Y:");
-        BN_print(out, Y);
-        BIO_printf(out, "\n");
-        BN_CTX_end(ctx);
-        BN_CTX_free(ctx);
-    }
-
-    param_nid =
-        EC_GROUP_get_curve_name(EC_KEY_get0_group
-                                (EVP_PKEY_get0((EVP_PKEY *)pkey)));
-    if (!BIO_indent(out, indent, 128))
-        return 0;
-    BIO_printf(out, "Parameter set: %s\n", OBJ_nid2ln(param_nid));
-    return 1;
-}
-
-static int param_print_gost01(BIO *out, const EVP_PKEY *pkey, int indent,
-                              ASN1_PCTX *pctx)
-{
-    return print_gost_01(out, pkey, indent, pctx, 0);
-}
-
-static int pub_print_gost01(BIO *out, const EVP_PKEY *pkey, int indent,
-                            ASN1_PCTX *pctx)
-{
-    return print_gost_01(out, pkey, indent, pctx, 1);
-}
-
-static int priv_print_gost01(BIO *out, const EVP_PKEY *pkey, int indent,
-                             ASN1_PCTX *pctx)
-{
-    return print_gost_01(out, pkey, indent, pctx, 2);
-}
-
-/* ---------------------------------------------------------------------*/
-static int param_missing_gost94(const EVP_PKEY *pk)
-{
-    const DSA *dsa = EVP_PKEY_get0((EVP_PKEY *)pk);
-    if (!dsa)
-        return 1;
-    if (!dsa->q)
-        return 1;
-    return 0;
-}
-
-static int param_missing_gost01(const EVP_PKEY *pk)
-{
-    const EC_KEY *ec = EVP_PKEY_get0((EVP_PKEY *)pk);
-    if (!ec)
-        return 1;
-    if (!EC_KEY_get0_group(ec))
-        return 1;
-    return 0;
-}
-
-static int param_copy_gost94(EVP_PKEY *to, const EVP_PKEY *from)
-{
-    const DSA *dfrom = EVP_PKEY_get0((EVP_PKEY *)from);
-    DSA *dto = EVP_PKEY_get0(to);
-    if (EVP_PKEY_base_id(from) != EVP_PKEY_base_id(to)) {
-        GOSTerr(GOST_F_PARAM_COPY_GOST94, GOST_R_INCOMPATIBLE_ALGORITHMS);
-        return 0;
-    }
-    if (!dfrom) {
-        GOSTerr(GOST_F_PARAM_COPY_GOST94, GOST_R_KEY_PARAMETERS_MISSING);
-        return 0;
-    }
-    if (!dto) {
-        dto = DSA_new();
-        EVP_PKEY_assign(to, EVP_PKEY_base_id(from), dto);
-    }
-#define COPYBIGNUM(a,b,x) if (a->x) BN_free(a->x); a->x=BN_dup(b->x);
-    COPYBIGNUM(dto, dfrom, p)
-        COPYBIGNUM(dto, dfrom, q)
-        COPYBIGNUM(dto, dfrom, g)
-
-        if (dto->priv_key)
-        gost94_compute_public(dto);
-    return 1;
-}
-
-static int param_copy_gost01(EVP_PKEY *to, const EVP_PKEY *from)
-{
-    EC_KEY *eto = EVP_PKEY_get0(to);
-    const EC_KEY *efrom = EVP_PKEY_get0((EVP_PKEY *)from);
-    if (EVP_PKEY_base_id(from) != EVP_PKEY_base_id(to)) {
-        GOSTerr(GOST_F_PARAM_COPY_GOST01, GOST_R_INCOMPATIBLE_ALGORITHMS);
-        return 0;
-    }
-    if (!efrom) {
-        GOSTerr(GOST_F_PARAM_COPY_GOST01, GOST_R_KEY_PARAMETERS_MISSING);
-        return 0;
-    }
-    if (!eto) {
-        eto = EC_KEY_new();
-        if(!eto) {
-            GOSTerr(GOST_F_PARAM_COPY_GOST01, ERR_R_MALLOC_FAILURE);
-            return 0;
-        }
-        if(!EVP_PKEY_assign(to, EVP_PKEY_base_id(from), eto)) {
-            GOSTerr(GOST_F_PARAM_COPY_GOST01, ERR_R_INTERNAL_ERROR);
-            return 0;
-        }
-    }
-    if(!EC_KEY_set_group(eto, EC_KEY_get0_group(efrom))) {
-        GOSTerr(GOST_F_PARAM_COPY_GOST01, ERR_R_INTERNAL_ERROR);
-        return 0;
-    }
-    if (EC_KEY_get0_private_key(eto)) {
-        gost2001_compute_public(eto);
-    }
-    return 1;
-}
-
-static int param_cmp_gost94(const EVP_PKEY *a, const EVP_PKEY *b)
-{
-    const DSA *da = EVP_PKEY_get0((EVP_PKEY *)a);
-    const DSA *db = EVP_PKEY_get0((EVP_PKEY *)b);
-    if (!BN_cmp(da->q, db->q))
-        return 1;
-    return 0;
-}
-
-static int param_cmp_gost01(const EVP_PKEY *a, const EVP_PKEY *b)
-{
-    if (EC_GROUP_get_curve_name
-        (EC_KEY_get0_group(EVP_PKEY_get0((EVP_PKEY *)a))) ==
-        EC_GROUP_get_curve_name(EC_KEY_get0_group
-                                (EVP_PKEY_get0((EVP_PKEY *)b)))) {
-        return 1;
-    }
-    return 0;
-
-}
-
-/* ---------- Public key functions * --------------------------------------*/
-static int pub_decode_gost94(EVP_PKEY *pk, X509_PUBKEY *pub)
-{
-    X509_ALGOR *palg = NULL;
-    const unsigned char *pubkey_buf = NULL;
-    unsigned char *databuf;
-    ASN1_OBJECT *palgobj = NULL;
-    int pub_len, i, j;
-    DSA *dsa;
-    ASN1_OCTET_STRING *octet = NULL;
-
-    if (!X509_PUBKEY_get0_param(&palgobj, &pubkey_buf, &pub_len, &palg, pub))
-        return 0;
-    EVP_PKEY_assign(pk, OBJ_obj2nid(palgobj), NULL);
-    if (!decode_gost_algor_params(pk, palg))
-        return 0;
-    octet = d2i_ASN1_OCTET_STRING(NULL, &pubkey_buf, pub_len);
-    if (!octet) {
-        GOSTerr(GOST_F_PUB_DECODE_GOST94, ERR_R_MALLOC_FAILURE);
-        return 0;
-    }
-    databuf = OPENSSL_malloc(octet->length);
-    if (databuf == NULL) {
-        GOSTerr(GOST_F_PUB_DECODE_GOST94, ERR_R_MALLOC_FAILURE);
-        return 0;
-    }
-    for (i = 0, j = octet->length - 1; i < octet->length; i++, j--) {
-        databuf[j] = octet->data[i];
-    }
-    dsa = EVP_PKEY_get0(pk);
-    dsa->pub_key = BN_bin2bn(databuf, octet->length, NULL);
-    ASN1_OCTET_STRING_free(octet);
-    OPENSSL_free(databuf);
-    return 1;
-
-}
-
-static int pub_encode_gost94(X509_PUBKEY *pub, const EVP_PKEY *pk)
-{
-    ASN1_OBJECT *algobj = NULL;
-    ASN1_OCTET_STRING *octet = NULL;
-    void *pval = NULL;
-    unsigned char *buf = NULL, *databuf, *sptr;
-    int i, j, data_len, ret = 0;
-
-    int ptype = V_ASN1_UNDEF;
-    DSA *dsa = EVP_PKEY_get0((EVP_PKEY *)pk);
-    algobj = OBJ_nid2obj(EVP_PKEY_base_id(pk));
-    if (pk->save_parameters) {
-        ASN1_STRING *params = encode_gost_algor_params(pk);
-        pval = params;
-        ptype = V_ASN1_SEQUENCE;
-    }
-    data_len = BN_num_bytes(dsa->pub_key);
-    databuf = OPENSSL_malloc(data_len);
-    if (databuf == NULL)
-        return 0;
-    BN_bn2bin(dsa->pub_key, databuf);
-    octet = ASN1_OCTET_STRING_new();
-    ASN1_STRING_set(octet, NULL, data_len);
-    sptr = ASN1_STRING_data(octet);
-    for (i = 0, j = data_len - 1; i < data_len; i++, j--) {
-        sptr[i] = databuf[j];
-    }
-    OPENSSL_free(databuf);
-    ret = i2d_ASN1_OCTET_STRING(octet, &buf);
-    ASN1_BIT_STRING_free(octet);
-    if (ret < 0)
-        return 0;
-    return X509_PUBKEY_set0_param(pub, algobj, ptype, pval, buf, ret);
-}
-
-static int pub_decode_gost01(EVP_PKEY *pk, X509_PUBKEY *pub)
-{
-    X509_ALGOR *palg = NULL;
-    const unsigned char *pubkey_buf = NULL;
-    unsigned char *databuf;
-    ASN1_OBJECT *palgobj = NULL;
-    int pub_len, i, j;
-    EC_POINT *pub_key;
-    BIGNUM *X, *Y;
-    ASN1_OCTET_STRING *octet = NULL;
-    int len;
-    const EC_GROUP *group;
-
-    if (!X509_PUBKEY_get0_param(&palgobj, &pubkey_buf, &pub_len, &palg, pub))
-        return 0;
-    EVP_PKEY_assign(pk, OBJ_obj2nid(palgobj), NULL);
-    if (!decode_gost_algor_params(pk, palg))
-        return 0;
-    group = EC_KEY_get0_group(EVP_PKEY_get0(pk));
-    octet = d2i_ASN1_OCTET_STRING(NULL, &pubkey_buf, pub_len);
-    if (!octet) {
-        GOSTerr(GOST_F_PUB_DECODE_GOST01, ERR_R_MALLOC_FAILURE);
-        return 0;
-    }
-    databuf = OPENSSL_malloc(octet->length);
-    if (databuf == NULL) {
-        GOSTerr(GOST_F_PUB_DECODE_GOST01, ERR_R_MALLOC_FAILURE);
-        return 0;
-    }
-    for (i = 0, j = octet->length - 1; i < octet->length; i++, j--) {
-        databuf[j] = octet->data[i];
-    }
-    len = octet->length / 2;
-    ASN1_OCTET_STRING_free(octet);
-
-    Y = getbnfrombuf(databuf, len);
-    X = getbnfrombuf(databuf + len, len);
-    OPENSSL_free(databuf);
-    pub_key = EC_POINT_new(group);
-    if (!EC_POINT_set_affine_coordinates_GFp(group, pub_key, X, Y, NULL)) {
-        GOSTerr(GOST_F_PUB_DECODE_GOST01, ERR_R_EC_LIB);
-        EC_POINT_free(pub_key);
-        BN_free(X);
-        BN_free(Y);
-        return 0;
-    }
-    BN_free(X);
-    BN_free(Y);
-    if (!EC_KEY_set_public_key(EVP_PKEY_get0(pk), pub_key)) {
-        GOSTerr(GOST_F_PUB_DECODE_GOST01, ERR_R_EC_LIB);
-        EC_POINT_free(pub_key);
-        return 0;
-    }
-    EC_POINT_free(pub_key);
-    return 1;
-
-}
-
-static int pub_encode_gost01(X509_PUBKEY *pub, const EVP_PKEY *pk)
-{
-    ASN1_OBJECT *algobj = NULL;
-    ASN1_OCTET_STRING *octet = NULL;
-    void *pval = NULL;
-    unsigned char *buf = NULL, *databuf, *sptr;
-    int i, j, data_len, ret = 0;
-    const EC_POINT *pub_key;
-    BIGNUM *X, *Y, *order;
-    const EC_KEY *ec = EVP_PKEY_get0((EVP_PKEY *)pk);
-    int ptype = V_ASN1_UNDEF;
-
-    algobj = OBJ_nid2obj(EVP_PKEY_base_id(pk));
-    if (pk->save_parameters) {
-        ASN1_STRING *params = encode_gost_algor_params(pk);
-        pval = params;
-        ptype = V_ASN1_SEQUENCE;
-    }
-    order = BN_new();
-    EC_GROUP_get_order(EC_KEY_get0_group(ec), order, NULL);
-    pub_key = EC_KEY_get0_public_key(ec);
-    if (!pub_key) {
-        GOSTerr(GOST_F_PUB_ENCODE_GOST01, GOST_R_PUBLIC_KEY_UNDEFINED);
-        return 0;
-    }
-    X = BN_new();
-    Y = BN_new();
-    if(!X || !Y) {
-        GOSTerr(GOST_F_PUB_ENCODE_GOST01, ERR_R_MALLOC_FAILURE);
-        if(X) BN_free(X);
-        if(Y) BN_free(Y);
-        BN_free(order);
-        return 0;
-    }
-    if(!EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(ec),
-                                        pub_key, X, Y, NULL)) {
-        GOSTerr(GOST_F_PUB_ENCODE_GOST01, ERR_R_INTERNAL_ERROR);
-        BN_free(X);
-        BN_free(Y);
-        BN_free(order);
-        return 0;
-    }
-    data_len = 2 * BN_num_bytes(order);
-    BN_free(order);
-    databuf = OPENSSL_malloc(data_len);
-    if (databuf == NULL) {
-        GOSTerr(GOST_F_PUB_ENCODE_GOST01, ERR_R_MALLOC_FAILURE);
-        return 0;
-    }
-    memset(databuf, 0, data_len);
-
-    store_bignum(X, databuf + data_len / 2, data_len / 2);
-    store_bignum(Y, databuf, data_len / 2);
-
-    BN_free(X);
-    BN_free(Y);
-    octet = ASN1_OCTET_STRING_new();
-    ASN1_STRING_set(octet, NULL, data_len);
-    sptr = ASN1_STRING_data(octet);
-    for (i = 0, j = data_len - 1; i < data_len; i++, j--) {
-        sptr[i] = databuf[j];
-    }
-    OPENSSL_free(databuf);
-    ret = i2d_ASN1_OCTET_STRING(octet, &buf);
-    ASN1_BIT_STRING_free(octet);
-    if (ret < 0)
-        return 0;
-    return X509_PUBKEY_set0_param(pub, algobj, ptype, pval, buf, ret);
-}
-
-static int pub_cmp_gost94(const EVP_PKEY *a, const EVP_PKEY *b)
-{
-    const DSA *da = EVP_PKEY_get0((EVP_PKEY *)a);
-    const DSA *db = EVP_PKEY_get0((EVP_PKEY *)b);
-    if (da && db && da->pub_key && db->pub_key
-        && !BN_cmp(da->pub_key, db->pub_key)) {
-        return 1;
-    }
-    return 0;
-}
-
-static int pub_cmp_gost01(const EVP_PKEY *a, const EVP_PKEY *b)
-{
-    const EC_KEY *ea = EVP_PKEY_get0((EVP_PKEY *)a);
-    const EC_KEY *eb = EVP_PKEY_get0((EVP_PKEY *)b);
-    const EC_POINT *ka, *kb;
-    int ret = 0;
-    if (!ea || !eb)
-        return 0;
-    ka = EC_KEY_get0_public_key(ea);
-    kb = EC_KEY_get0_public_key(eb);
-    if (!ka || !kb)
-        return 0;
-    ret = (0 == EC_POINT_cmp(EC_KEY_get0_group(ea), ka, kb, NULL));
-    return ret;
-}
-
-static int pkey_size_gost(const EVP_PKEY *pk)
-{
-    return 64;
-}
-
-static int pkey_bits_gost(const EVP_PKEY *pk)
-{
-    return 256;
-}
-
-/* ---------------------- ASN1 METHOD for GOST MAC  -------------------*/
-static void mackey_free_gost(EVP_PKEY *pk)
-{
-    if (pk->pkey.ptr) {
-        OPENSSL_free(pk->pkey.ptr);
-    }
-}
-
-static int mac_ctrl_gost(EVP_PKEY *pkey, int op, long arg1, void *arg2)
-{
-    switch (op) {
-    case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
-        *(int *)arg2 = NID_id_Gost28147_89_MAC;
-        return 2;
-    }
-    return -2;
-}
-
-static int gost94_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
-{
-    int nid = gost94_nid_by_params(EVP_PKEY_get0((EVP_PKEY *)pkey));
-    return i2d_ASN1_OBJECT(OBJ_nid2obj(nid), pder);
-}
-
-static int gost2001_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
-{
-    int nid =
-        EC_GROUP_get_curve_name(EC_KEY_get0_group
-                                (EVP_PKEY_get0((EVP_PKEY *)pkey)));
-    return i2d_ASN1_OBJECT(OBJ_nid2obj(nid), pder);
-}
-
-static int gost94_param_decode(EVP_PKEY *pkey, const unsigned char **pder,
-                               int derlen)
-{
-    ASN1_OBJECT *obj = NULL;
-    DSA *dsa = EVP_PKEY_get0(pkey);
-    int nid;
-    if (d2i_ASN1_OBJECT(&obj, pder, derlen) == NULL) {
-        return 0;
-    }
-    nid = OBJ_obj2nid(obj);
-    ASN1_OBJECT_free(obj);
-    if (!dsa) {
-        dsa = DSA_new();
-        if (!EVP_PKEY_assign(pkey, NID_id_GostR3410_94, dsa))
-            return 0;
-    }
-    if (!fill_GOST94_params(dsa, nid))
-        return 0;
-    return 1;
-}
-
-static int gost2001_param_decode(EVP_PKEY *pkey, const unsigned char **pder,
-                                 int derlen)
-{
-    ASN1_OBJECT *obj = NULL;
-    int nid;
-    EC_KEY *ec = EVP_PKEY_get0(pkey);
-    if (d2i_ASN1_OBJECT(&obj, pder, derlen) == NULL) {
-        return 0;
-    }
-    nid = OBJ_obj2nid(obj);
-    ASN1_OBJECT_free(obj);
-    if (!ec) {
-        ec = EC_KEY_new();
-        if (!EVP_PKEY_assign(pkey, NID_id_GostR3410_2001, ec))
-            return 0;
-    }
-    if (!fill_GOST2001_params(ec, nid))
-        return 0;
-    return 1;
-}
-
-/* ----------------------------------------------------------------------*/
-int register_ameth_gost(int nid, EVP_PKEY_ASN1_METHOD **ameth,
-                        const char *pemstr, const char *info)
-{
-    *ameth = EVP_PKEY_asn1_new(nid, ASN1_PKEY_SIGPARAM_NULL, pemstr, info);
-    if (!*ameth)
-        return 0;
-    switch (nid) {
-    case NID_id_GostR3410_94:
-        EVP_PKEY_asn1_set_free(*ameth, pkey_free_gost94);
-        EVP_PKEY_asn1_set_private(*ameth,
-                                  priv_decode_gost, priv_encode_gost,
-                                  priv_print_gost94);
-
-        EVP_PKEY_asn1_set_param(*ameth,
-                                gost94_param_decode, gost94_param_encode,
-                                param_missing_gost94, param_copy_gost94,
-                                param_cmp_gost94, param_print_gost94);
-        EVP_PKEY_asn1_set_public(*ameth,
-                                 pub_decode_gost94, pub_encode_gost94,
-                                 pub_cmp_gost94, pub_print_gost94,
-                                 pkey_size_gost, pkey_bits_gost);
-
-        EVP_PKEY_asn1_set_ctrl(*ameth, pkey_ctrl_gost);
-        break;
-    case NID_id_GostR3410_2001:
-        EVP_PKEY_asn1_set_free(*ameth, pkey_free_gost01);
-        EVP_PKEY_asn1_set_private(*ameth,
-                                  priv_decode_gost, priv_encode_gost,
-                                  priv_print_gost01);
-
-        EVP_PKEY_asn1_set_param(*ameth,
-                                gost2001_param_decode, gost2001_param_encode,
-                                param_missing_gost01, param_copy_gost01,
-                                param_cmp_gost01, param_print_gost01);
-        EVP_PKEY_asn1_set_public(*ameth,
-                                 pub_decode_gost01, pub_encode_gost01,
-                                 pub_cmp_gost01, pub_print_gost01,
-                                 pkey_size_gost, pkey_bits_gost);
-
-        EVP_PKEY_asn1_set_ctrl(*ameth, pkey_ctrl_gost);
-        break;
-    case NID_id_Gost28147_89_MAC:
-        EVP_PKEY_asn1_set_free(*ameth, mackey_free_gost);
-        EVP_PKEY_asn1_set_ctrl(*ameth, mac_ctrl_gost);
-        break;
-    }
-    return 1;
-}
diff --git a/freebsd/crypto/openssl/engines/ccgost/gost_asn1.c b/freebsd/crypto/openssl/engines/ccgost/gost_asn1.c
deleted file mode 100644
index 8fe01da6..00000000
--- a/freebsd/crypto/openssl/engines/ccgost/gost_asn1.c
+++ /dev/null
@@ -1,58 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/**********************************************************************
- *                          gost_keytrans.c                           *
- *             Copyright (c) 2005-2006 Cryptocom LTD                  *
- *         This file is distributed under the same license as OpenSSL *
- *                                                                    *
- *   ASN1 structure definition for GOST key transport                 *
- *          Requires OpenSSL 0.9.9 for compilation                    *
- **********************************************************************/
-#include <stdio.h>
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-#include "gost_lcl.h"
-
-ASN1_NDEF_SEQUENCE(GOST_KEY_TRANSPORT) = {
-        ASN1_SIMPLE(GOST_KEY_TRANSPORT, key_info, GOST_KEY_INFO),
-        ASN1_IMP(GOST_KEY_TRANSPORT, key_agreement_info, GOST_KEY_AGREEMENT_INFO, 0)
-} ASN1_NDEF_SEQUENCE_END(GOST_KEY_TRANSPORT)
-
-IMPLEMENT_ASN1_FUNCTIONS(GOST_KEY_TRANSPORT)
-
-ASN1_NDEF_SEQUENCE(GOST_KEY_INFO) = {
-        ASN1_SIMPLE(GOST_KEY_INFO, encrypted_key, ASN1_OCTET_STRING),
-        ASN1_SIMPLE(GOST_KEY_INFO, imit,          ASN1_OCTET_STRING)
-} ASN1_NDEF_SEQUENCE_END(GOST_KEY_INFO)
-
-IMPLEMENT_ASN1_FUNCTIONS(GOST_KEY_INFO)
-
-ASN1_NDEF_SEQUENCE(GOST_KEY_AGREEMENT_INFO) = {
-        ASN1_SIMPLE(GOST_KEY_AGREEMENT_INFO, cipher, ASN1_OBJECT),
-        ASN1_IMP_OPT(GOST_KEY_AGREEMENT_INFO, ephem_key, X509_PUBKEY, 0),
-        ASN1_SIMPLE(GOST_KEY_AGREEMENT_INFO, eph_iv, ASN1_OCTET_STRING)
-} ASN1_NDEF_SEQUENCE_END(GOST_KEY_AGREEMENT_INFO)
-
-IMPLEMENT_ASN1_FUNCTIONS(GOST_KEY_AGREEMENT_INFO)
-
-ASN1_NDEF_SEQUENCE(GOST_KEY_PARAMS) = {
-        ASN1_SIMPLE(GOST_KEY_PARAMS, key_params, ASN1_OBJECT),
-        ASN1_SIMPLE(GOST_KEY_PARAMS, hash_params, ASN1_OBJECT),
-        ASN1_OPT(GOST_KEY_PARAMS, cipher_params, ASN1_OBJECT),
-} ASN1_NDEF_SEQUENCE_END(GOST_KEY_PARAMS)
-
-IMPLEMENT_ASN1_FUNCTIONS(GOST_KEY_PARAMS)
-
-ASN1_NDEF_SEQUENCE(GOST_CIPHER_PARAMS) = {
-        ASN1_SIMPLE(GOST_CIPHER_PARAMS, iv, ASN1_OCTET_STRING),
-        ASN1_SIMPLE(GOST_CIPHER_PARAMS, enc_param_set, ASN1_OBJECT),
-} ASN1_NDEF_SEQUENCE_END(GOST_CIPHER_PARAMS)
-
-IMPLEMENT_ASN1_FUNCTIONS(GOST_CIPHER_PARAMS)
-
-ASN1_NDEF_SEQUENCE(GOST_CLIENT_KEY_EXCHANGE_PARAMS) = { /* FIXME incomplete */
-    ASN1_SIMPLE(GOST_CLIENT_KEY_EXCHANGE_PARAMS, gkt, GOST_KEY_TRANSPORT)
-}
-
-ASN1_NDEF_SEQUENCE_END(GOST_CLIENT_KEY_EXCHANGE_PARAMS)
-IMPLEMENT_ASN1_FUNCTIONS(GOST_CLIENT_KEY_EXCHANGE_PARAMS)
diff --git a/freebsd/crypto/openssl/engines/ccgost/gost_crypt.c b/freebsd/crypto/openssl/engines/ccgost/gost_crypt.c
deleted file mode 100644
index b98963bc..00000000
--- a/freebsd/crypto/openssl/engines/ccgost/gost_crypt.c
+++ /dev/null
@@ -1,625 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/**********************************************************************
- *                          gost_crypt.c                              *
- *             Copyright (c) 2005-2006 Cryptocom LTD                  *
- *         This file is distributed under the same license as OpenSSL *
- *                                                                    *
- *       OpenSSL interface to GOST 28147-89 cipher functions          *
- *          Requires OpenSSL 0.9.9 for compilation                    *
- **********************************************************************/
-#include <string.h>
-#include "gost89.h"
-#include <openssl/rand.h>
-#include "e_gost_err.h"
-#include "gost_lcl.h"
-
-#if !defined(CCGOST_DEBUG) && !defined(DEBUG)
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-#include <assert.h>
-
-static int gost_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                            const unsigned char *iv, int enc);
-static int gost_cipher_init_cpa(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                                const unsigned char *iv, int enc);
-/* Handles block of data in CFB mode */
-static int gost_cipher_do_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                              const unsigned char *in, size_t inl);
-/* Handles block of data in CNT mode */
-static int gost_cipher_do_cnt(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                              const unsigned char *in, size_t inl);
-/* Cleanup function */
-static int gost_cipher_cleanup(EVP_CIPHER_CTX *);
-/* set/get cipher parameters */
-static int gost89_set_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params);
-static int gost89_get_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params);
-/* Control function */
-static int gost_cipher_ctl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
-
-EVP_CIPHER cipher_gost = {
-    NID_id_Gost28147_89,
-    1,                          /* block_size */
-    32,                         /* key_size */
-    8,                          /* iv_len */
-    EVP_CIPH_CFB_MODE | EVP_CIPH_NO_PADDING |
-        EVP_CIPH_CUSTOM_IV | EVP_CIPH_RAND_KEY | EVP_CIPH_ALWAYS_CALL_INIT,
-    gost_cipher_init,
-    gost_cipher_do_cfb,
-    gost_cipher_cleanup,
-    sizeof(struct ossl_gost_cipher_ctx), /* ctx_size */
-    gost89_set_asn1_parameters,
-    gost89_get_asn1_parameters,
-    gost_cipher_ctl,
-    NULL,
-};
-
-EVP_CIPHER cipher_gost_cpacnt = {
-    NID_gost89_cnt,
-    1,                          /* block_size */
-    32,                         /* key_size */
-    8,                          /* iv_len */
-    EVP_CIPH_OFB_MODE | EVP_CIPH_NO_PADDING |
-        EVP_CIPH_CUSTOM_IV | EVP_CIPH_RAND_KEY | EVP_CIPH_ALWAYS_CALL_INIT,
-    gost_cipher_init_cpa,
-    gost_cipher_do_cnt,
-    gost_cipher_cleanup,
-    sizeof(struct ossl_gost_cipher_ctx), /* ctx_size */
-    gost89_set_asn1_parameters,
-    gost89_get_asn1_parameters,
-    gost_cipher_ctl,
-    NULL,
-};
-
-/* Implementation of GOST 28147-89 in MAC (imitovstavka) mode */
-/* Init functions which set specific parameters */
-static int gost_imit_init_cpa(EVP_MD_CTX *ctx);
-/* process block of data */
-static int gost_imit_update(EVP_MD_CTX *ctx, const void *data, size_t count);
-/* Return computed value */
-static int gost_imit_final(EVP_MD_CTX *ctx, unsigned char *md);
-/* Copies context */
-static int gost_imit_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from);
-static int gost_imit_cleanup(EVP_MD_CTX *ctx);
-/* Control function, knows how to set MAC key.*/
-static int gost_imit_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr);
-
-EVP_MD imit_gost_cpa = {
-    NID_id_Gost28147_89_MAC,
-    NID_undef,
-    4,
-    0,
-    gost_imit_init_cpa,
-    gost_imit_update,
-    gost_imit_final,
-    gost_imit_copy,
-    gost_imit_cleanup,
-    NULL,
-    NULL,
-    {0, 0, 0, 0, 0},
-    8,
-    sizeof(struct ossl_gost_imit_ctx),
-    gost_imit_ctrl
-};
-
-/*
- * Correspondence between gost parameter OIDs and substitution blocks
- * NID field is filed by register_gost_NID function in engine.c
- * upon engine initialization
- */
-
-struct gost_cipher_info gost_cipher_list[] = {
-    /*- NID *//*
-     * Subst block
-     *//*
-     * Key meshing
-     */
-    /*
-     * {NID_id_GostR3411_94_CryptoProParamSet,&GostR3411_94_CryptoProParamSet,0},
-     */
-    {NID_id_Gost28147_89_cc, &GostR3411_94_CryptoProParamSet, 0},
-    {NID_id_Gost28147_89_CryptoPro_A_ParamSet, &Gost28147_CryptoProParamSetA,
-     1},
-    {NID_id_Gost28147_89_CryptoPro_B_ParamSet, &Gost28147_CryptoProParamSetB,
-     1},
-    {NID_id_Gost28147_89_CryptoPro_C_ParamSet, &Gost28147_CryptoProParamSetC,
-     1},
-    {NID_id_Gost28147_89_CryptoPro_D_ParamSet, &Gost28147_CryptoProParamSetD,
-     1},
-    {NID_id_Gost28147_89_TestParamSet, &Gost28147_TestParamSet, 1},
-    {NID_undef, NULL, 0}
-};
-
-/*
- * get encryption parameters from crypto network settings FIXME For now we
- * use environment var CRYPT_PARAMS as place to store these settings.
- * Actually, it is better to use engine control command, read from
- * configuration file to set them
- */
-const struct gost_cipher_info *get_encryption_params(ASN1_OBJECT *obj)
-{
-    int nid;
-    struct gost_cipher_info *param;
-    if (!obj) {
-        const char *params = get_gost_engine_param(GOST_PARAM_CRYPT_PARAMS);
-        if (!params || !strlen(params))
-            return &gost_cipher_list[1];
-
-        nid = OBJ_txt2nid(params);
-        if (nid == NID_undef) {
-            GOSTerr(GOST_F_GET_ENCRYPTION_PARAMS,
-                    GOST_R_INVALID_CIPHER_PARAM_OID);
-            return NULL;
-        }
-    } else {
-        nid = OBJ_obj2nid(obj);
-    }
-    for (param = gost_cipher_list; param->sblock != NULL && param->nid != nid;
-         param++) ;
-    if (!param->sblock) {
-        GOSTerr(GOST_F_GET_ENCRYPTION_PARAMS, GOST_R_INVALID_CIPHER_PARAMS);
-        return NULL;
-    }
-    return param;
-}
-
-/* Sets cipher param from paramset NID. */
-static int gost_cipher_set_param(struct ossl_gost_cipher_ctx *c, int nid)
-{
-    const struct gost_cipher_info *param;
-    param =
-        get_encryption_params((nid == NID_undef ? NULL : OBJ_nid2obj(nid)));
-    if (!param)
-        return 0;
-
-    c->paramNID = param->nid;
-    c->key_meshing = param->key_meshing;
-    c->count = 0;
-    gost_init(&(c->cctx), param->sblock);
-    return 1;
-}
-
-/* Initializes EVP_CIPHER_CTX by paramset NID */
-static int gost_cipher_init_param(EVP_CIPHER_CTX *ctx,
-                                  const unsigned char *key,
-                                  const unsigned char *iv, int enc,
-                                  int paramNID, int mode)
-{
-    struct ossl_gost_cipher_ctx *c = ctx->cipher_data;
-    if (ctx->app_data == NULL) {
-        if (!gost_cipher_set_param(c, paramNID))
-            return 0;
-        ctx->app_data = ctx->cipher_data;
-    }
-    if (key)
-        gost_key(&(c->cctx), key);
-    if (iv)
-        memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
-    memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
-    return 1;
-}
-
-static int gost_cipher_init_cpa(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                                const unsigned char *iv, int enc)
-{
-    struct ossl_gost_cipher_ctx *c = ctx->cipher_data;
-    gost_init(&(c->cctx), &Gost28147_CryptoProParamSetA);
-    c->key_meshing = 1;
-    c->count = 0;
-    if (key)
-        gost_key(&(c->cctx), key);
-    if (iv)
-        memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
-    memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
-    return 1;
-}
-
-/* Initializes EVP_CIPHER_CTX with default values */
-int gost_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                     const unsigned char *iv, int enc)
-{
-    return gost_cipher_init_param(ctx, key, iv, enc, NID_undef,
-                                  EVP_CIPH_CFB_MODE);
-}
-
-/*
- * Wrapper around gostcrypt function from gost89.c which perform key meshing
- * when nesseccary
- */
-static void gost_crypt_mesh(void *ctx, unsigned char *iv, unsigned char *buf)
-{
-    struct ossl_gost_cipher_ctx *c = ctx;
-    assert(c->count % 8 == 0 && c->count <= 1024);
-    if (c->key_meshing && c->count == 1024) {
-        cryptopro_key_meshing(&(c->cctx), iv);
-    }
-    gostcrypt(&(c->cctx), iv, buf);
-    c->count = c->count % 1024 + 8;
-}
-
-static void gost_cnt_next(void *ctx, unsigned char *iv, unsigned char *buf)
-{
-    struct ossl_gost_cipher_ctx *c = ctx;
-    word32 g, go;
-    unsigned char buf1[8];
-    assert(c->count % 8 == 0 && c->count <= 1024);
-    if (c->key_meshing && c->count == 1024) {
-        cryptopro_key_meshing(&(c->cctx), iv);
-    }
-    if (c->count == 0) {
-        gostcrypt(&(c->cctx), iv, buf1);
-    } else {
-        memcpy(buf1, iv, 8);
-    }
-    g = buf1[0] | (buf1[1] << 8) | (buf1[2] << 16) | ((word32) buf1[3] << 24);
-    g += 0x01010101;
-    buf1[0] = (unsigned char)(g & 0xff);
-    buf1[1] = (unsigned char)((g >> 8) & 0xff);
-    buf1[2] = (unsigned char)((g >> 16) & 0xff);
-    buf1[3] = (unsigned char)((g >> 24) & 0xff);
-    g = buf1[4] | (buf1[5] << 8) | (buf1[6] << 16) | ((word32) buf1[7] << 24);
-    go = g;
-    g += 0x01010104;
-    if (go > g)                 /* overflow */
-        g++;
-    buf1[4] = (unsigned char)(g & 0xff);
-    buf1[5] = (unsigned char)((g >> 8) & 0xff);
-    buf1[6] = (unsigned char)((g >> 16) & 0xff);
-    buf1[7] = (unsigned char)((g >> 24) & 0xff);
-    memcpy(iv, buf1, 8);
-    gostcrypt(&(c->cctx), buf1, buf);
-    c->count = c->count % 1024 + 8;
-}
-
-/* GOST encryption in CFB mode */
-int gost_cipher_do_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                       const unsigned char *in, size_t inl)
-{
-    const unsigned char *in_ptr = in;
-    unsigned char *out_ptr = out;
-    size_t i = 0;
-    size_t j = 0;
-/* process partial block if any */
-    if (ctx->num) {
-        for (j = ctx->num, i = 0; j < 8 && i < inl;
-             j++, i++, in_ptr++, out_ptr++) {
-            if (!ctx->encrypt)
-                ctx->buf[j + 8] = *in_ptr;
-            *out_ptr = ctx->buf[j] ^ (*in_ptr);
-            if (ctx->encrypt)
-                ctx->buf[j + 8] = *out_ptr;
-        }
-        if (j == 8) {
-            memcpy(ctx->iv, ctx->buf + 8, 8);
-            ctx->num = 0;
-        } else {
-            ctx->num = j;
-            return 1;
-        }
-    }
-
-    for (; i + 8 < inl; i += 8, in_ptr += 8, out_ptr += 8) {
-        /*
-         * block cipher current iv
-         */
-        gost_crypt_mesh(ctx->cipher_data, ctx->iv, ctx->buf);
-        /*
-         * xor next block of input text with it and output it
-         */
-        /*
-         * output this block
-         */
-        if (!ctx->encrypt)
-            memcpy(ctx->iv, in_ptr, 8);
-        for (j = 0; j < 8; j++) {
-            out_ptr[j] = ctx->buf[j] ^ in_ptr[j];
-        }
-        /* Encrypt */
-        /* Next iv is next block of cipher text */
-        if (ctx->encrypt)
-            memcpy(ctx->iv, out_ptr, 8);
-    }
-/* Process rest of buffer */
-    if (i < inl) {
-        gost_crypt_mesh(ctx->cipher_data, ctx->iv, ctx->buf);
-        if (!ctx->encrypt)
-            memcpy(ctx->buf + 8, in_ptr, inl - i);
-        for (j = 0; i < inl; j++, i++) {
-            out_ptr[j] = ctx->buf[j] ^ in_ptr[j];
-        }
-        ctx->num = j;
-        if (ctx->encrypt)
-            memcpy(ctx->buf + 8, out_ptr, j);
-    } else {
-        ctx->num = 0;
-    }
-    return 1;
-}
-
-static int gost_cipher_do_cnt(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                              const unsigned char *in, size_t inl)
-{
-    const unsigned char *in_ptr = in;
-    unsigned char *out_ptr = out;
-    size_t i = 0;
-    size_t j;
-/* process partial block if any */
-    if (ctx->num) {
-        for (j = ctx->num, i = 0; j < 8 && i < inl;
-             j++, i++, in_ptr++, out_ptr++) {
-            *out_ptr = ctx->buf[j] ^ (*in_ptr);
-        }
-        if (j == 8) {
-            ctx->num = 0;
-        } else {
-            ctx->num = j;
-            return 1;
-        }
-    }
-
-    for (; i + 8 < inl; i += 8, in_ptr += 8, out_ptr += 8) {
-        /*
-         * block cipher current iv
-         */
-        /* Encrypt */
-        gost_cnt_next(ctx->cipher_data, ctx->iv, ctx->buf);
-        /*
-         * xor next block of input text with it and output it
-         */
-        /*
-         * output this block
-         */
-        for (j = 0; j < 8; j++) {
-            out_ptr[j] = ctx->buf[j] ^ in_ptr[j];
-        }
-    }
-/* Process rest of buffer */
-    if (i < inl) {
-        gost_cnt_next(ctx->cipher_data, ctx->iv, ctx->buf);
-        for (j = 0; i < inl; j++, i++) {
-            out_ptr[j] = ctx->buf[j] ^ in_ptr[j];
-        }
-        ctx->num = j;
-    } else {
-        ctx->num = 0;
-    }
-    return 1;
-}
-
-/* Cleaning up of EVP_CIPHER_CTX */
-int gost_cipher_cleanup(EVP_CIPHER_CTX *ctx)
-{
-    gost_destroy(&((struct ossl_gost_cipher_ctx *)ctx->cipher_data)->cctx);
-    ctx->app_data = NULL;
-    return 1;
-}
-
-/* Control function for gost cipher */
-int gost_cipher_ctl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
-{
-    switch (type) {
-    case EVP_CTRL_RAND_KEY:
-        {
-            if (RAND_bytes((unsigned char *)ptr, ctx->key_len) <= 0) {
-                GOSTerr(GOST_F_GOST_CIPHER_CTL,
-                        GOST_R_RANDOM_GENERATOR_ERROR);
-                return -1;
-            }
-            break;
-        }
-    case EVP_CTRL_PBE_PRF_NID:
-        if (ptr) {
-            *((int *)ptr) = NID_id_HMACGostR3411_94;
-            return 1;
-        } else {
-            return 0;
-        }
-
-    default:
-        GOSTerr(GOST_F_GOST_CIPHER_CTL,
-                GOST_R_UNSUPPORTED_CIPHER_CTL_COMMAND);
-        return -1;
-    }
-    return 1;
-}
-
-/* Set cipher parameters from ASN1 structure */
-int gost89_set_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params)
-{
-    int len = 0;
-    unsigned char *buf = NULL;
-    unsigned char *p = NULL;
-    struct ossl_gost_cipher_ctx *c = ctx->cipher_data;
-    GOST_CIPHER_PARAMS *gcp = GOST_CIPHER_PARAMS_new();
-    ASN1_OCTET_STRING *os = NULL;
-    if (!gcp) {
-        GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, GOST_R_NO_MEMORY);
-        return 0;
-    }
-    if (!ASN1_OCTET_STRING_set(gcp->iv, ctx->iv, ctx->cipher->iv_len)) {
-        GOST_CIPHER_PARAMS_free(gcp);
-        GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, GOST_R_NO_MEMORY);
-        return 0;
-    }
-    ASN1_OBJECT_free(gcp->enc_param_set);
-    gcp->enc_param_set = OBJ_nid2obj(c->paramNID);
-
-    len = i2d_GOST_CIPHER_PARAMS(gcp, NULL);
-    p = buf = (unsigned char *)OPENSSL_malloc(len);
-    if (!buf) {
-        GOST_CIPHER_PARAMS_free(gcp);
-        GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, GOST_R_NO_MEMORY);
-        return 0;
-    }
-    i2d_GOST_CIPHER_PARAMS(gcp, &p);
-    GOST_CIPHER_PARAMS_free(gcp);
-
-    os = ASN1_OCTET_STRING_new();
-
-    if (!os || !ASN1_OCTET_STRING_set(os, buf, len)) {
-        OPENSSL_free(buf);
-        GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, GOST_R_NO_MEMORY);
-        return 0;
-    }
-    OPENSSL_free(buf);
-
-    ASN1_TYPE_set(params, V_ASN1_SEQUENCE, os);
-    return 1;
-}
-
-/* Store parameters into ASN1 structure */
-int gost89_get_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params)
-{
-    int ret = -1;
-    int len;
-    GOST_CIPHER_PARAMS *gcp = NULL;
-    unsigned char *p;
-    struct ossl_gost_cipher_ctx *c = ctx->cipher_data;
-    if (ASN1_TYPE_get(params) != V_ASN1_SEQUENCE) {
-        return ret;
-    }
-
-    p = params->value.sequence->data;
-
-    gcp = d2i_GOST_CIPHER_PARAMS(NULL, (const unsigned char **)&p,
-                                 params->value.sequence->length);
-
-    len = gcp->iv->length;
-    if (len != ctx->cipher->iv_len) {
-        GOST_CIPHER_PARAMS_free(gcp);
-        GOSTerr(GOST_F_GOST89_GET_ASN1_PARAMETERS, GOST_R_INVALID_IV_LENGTH);
-        return -1;
-    }
-    if (!gost_cipher_set_param(c, OBJ_obj2nid(gcp->enc_param_set))) {
-        GOST_CIPHER_PARAMS_free(gcp);
-        return -1;
-    }
-    memcpy(ctx->oiv, gcp->iv->data, len);
-
-    GOST_CIPHER_PARAMS_free(gcp);
-
-    return 1;
-}
-
-int gost_imit_init_cpa(EVP_MD_CTX *ctx)
-{
-    struct ossl_gost_imit_ctx *c = ctx->md_data;
-    memset(c->buffer, 0, sizeof(c->buffer));
-    memset(c->partial_block, 0, sizeof(c->partial_block));
-    c->count = 0;
-    c->bytes_left = 0;
-    c->key_meshing = 1;
-    gost_init(&(c->cctx), &Gost28147_CryptoProParamSetA);
-    return 1;
-}
-
-static void mac_block_mesh(struct ossl_gost_imit_ctx *c,
-                           const unsigned char *data)
-{
-    unsigned char buffer[8];
-    /*
-     * We are using local buffer for iv because CryptoPro doesn't interpret
-     * internal state of MAC algorithm as iv during keymeshing (but does
-     * initialize internal state from iv in key transport
-     */
-    assert(c->count % 8 == 0 && c->count <= 1024);
-    if (c->key_meshing && c->count == 1024) {
-        cryptopro_key_meshing(&(c->cctx), buffer);
-    }
-    mac_block(&(c->cctx), c->buffer, data);
-    c->count = c->count % 1024 + 8;
-}
-
-int gost_imit_update(EVP_MD_CTX *ctx, const void *data, size_t count)
-{
-    struct ossl_gost_imit_ctx *c = ctx->md_data;
-    const unsigned char *p = data;
-    size_t bytes = count, i;
-    if (!(c->key_set)) {
-        GOSTerr(GOST_F_GOST_IMIT_UPDATE, GOST_R_MAC_KEY_NOT_SET);
-        return 0;
-    }
-    if (c->bytes_left) {
-        for (i = c->bytes_left; i < 8 && bytes > 0; bytes--, i++, p++) {
-            c->partial_block[i] = *p;
-        }
-        if (i == 8) {
-            mac_block_mesh(c, c->partial_block);
-        } else {
-            c->bytes_left = i;
-            return 1;
-        }
-    }
-    while (bytes > 8) {
-        mac_block_mesh(c, p);
-        p += 8;
-        bytes -= 8;
-    }
-    if (bytes > 0) {
-        memcpy(c->partial_block, p, bytes);
-    }
-    c->bytes_left = bytes;
-    return 1;
-}
-
-int gost_imit_final(EVP_MD_CTX *ctx, unsigned char *md)
-{
-    struct ossl_gost_imit_ctx *c = ctx->md_data;
-    if (!c->key_set) {
-        GOSTerr(GOST_F_GOST_IMIT_FINAL, GOST_R_MAC_KEY_NOT_SET);
-        return 0;
-    }
-    if (c->count == 0 && c->bytes_left) {
-        unsigned char buffer[8];
-        memset(buffer, 0, 8);
-        gost_imit_update(ctx, buffer, 8);
-    }
-    if (c->bytes_left) {
-        int i;
-        for (i = c->bytes_left; i < 8; i++) {
-            c->partial_block[i] = 0;
-        }
-        mac_block_mesh(c, c->partial_block);
-    }
-    get_mac(c->buffer, 32, md);
-    return 1;
-}
-
-int gost_imit_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr)
-{
-    switch (type) {
-    case EVP_MD_CTRL_KEY_LEN:
-        *((unsigned int *)(ptr)) = 32;
-        return 1;
-    case EVP_MD_CTRL_SET_KEY:
-        {
-            if (arg != 32) {
-                GOSTerr(GOST_F_GOST_IMIT_CTRL, GOST_R_INVALID_MAC_KEY_LENGTH);
-                return 0;
-            }
-
-            gost_key(&(((struct ossl_gost_imit_ctx *)(ctx->md_data))->cctx),
-                     ptr);
-            ((struct ossl_gost_imit_ctx *)(ctx->md_data))->key_set = 1;
-            return 1;
-
-        }
-    default:
-        return 0;
-    }
-}
-
-int gost_imit_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
-{
-    memcpy(to->md_data, from->md_data, sizeof(struct ossl_gost_imit_ctx));
-    return 1;
-}
-
-/* Clean up imit ctx */
-int gost_imit_cleanup(EVP_MD_CTX *ctx)
-{
-    memset(ctx->md_data, 0, sizeof(struct ossl_gost_imit_ctx));
-    return 1;
-}
diff --git a/freebsd/crypto/openssl/engines/ccgost/gost_ctl.c b/freebsd/crypto/openssl/engines/ccgost/gost_ctl.c
deleted file mode 100644
index a0ea1f4e..00000000
--- a/freebsd/crypto/openssl/engines/ccgost/gost_ctl.c
+++ /dev/null
@@ -1,95 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/**********************************************************************
- *                        gost_ctl.c                                  *
- *             Copyright (c) 2005-2006 Cryptocom LTD                  *
- *       This file is distributed under the same license as OpenSSL   *
- *                                                                    *
- *        Implementation of control commands for GOST engine          *
- *            OpenSSL 0.9.9 libraries required                        *
- **********************************************************************/
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/err.h>
-#include <openssl/engine.h>
-#include <openssl/buffer.h>
-#include "gost_lcl.h"
-
-static char *gost_params[GOST_PARAM_MAX + 1] = { NULL };
-static const char *gost_envnames[] = { "CRYPT_PARAMS" };
-
-const ENGINE_CMD_DEFN gost_cmds[] = {
-/*- { GOST_CTRL_RNG,
-    "RNG",
-    "Type of random number generator to use",
-    ENGINE_CMD_FLAG_STRING
-    },
-    { GOST_CTRL_RNG_PARAMS,
-    "RNG_PARAMS",
-    "Parameter for random number generator",
-    ENGINE_CMD_FLAG_STRING
-    },
-*/ {GOST_CTRL_CRYPT_PARAMS,
-           "CRYPT_PARAMS",
-           "OID of default GOST 28147-89 parameters",
-           ENGINE_CMD_FLAG_STRING},
-    {0, NULL, NULL, 0}
-};
-
-void gost_param_free()
-{
-    int i;
-    for (i = 0; i <= GOST_PARAM_MAX; i++)
-        if (gost_params[i] != NULL) {
-            OPENSSL_free(gost_params[i]);
-            gost_params[i] = NULL;
-        }
-
-}
-
-int gost_control_func(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
-{
-    int param = cmd - ENGINE_CMD_BASE;
-    int ret = 0;
-    if (param < 0 || param > GOST_PARAM_MAX)
-        return -1;
-    ret = gost_set_default_param(param, p);
-    return ret;
-}
-
-const char *get_gost_engine_param(int param)
-{
-    char *tmp;
-    if (param < 0 || param > GOST_PARAM_MAX)
-        return NULL;
-    if (gost_params[param] != NULL) {
-        return gost_params[param];
-    }
-    tmp = getenv(gost_envnames[param]);
-    if (tmp) {
-        if (gost_params[param])
-            OPENSSL_free(gost_params[param]);
-        gost_params[param] = BUF_strdup(tmp);
-        return gost_params[param];
-    }
-    return NULL;
-}
-
-int gost_set_default_param(int param, const char *value)
-{
-    const char *tmp;
-    if (param < 0 || param > GOST_PARAM_MAX)
-        return 0;
-    tmp = getenv(gost_envnames[param]);
-    /*
-     * if there is value in the environment, use it, else -passed string *
-     */
-    if (!tmp)
-        tmp = value;
-    if (gost_params[param])
-        OPENSSL_free(gost_params[param]);
-    gost_params[param] = BUF_strdup(tmp);
-
-    return 1;
-}
diff --git a/freebsd/crypto/openssl/engines/ccgost/gost_eng.c b/freebsd/crypto/openssl/engines/ccgost/gost_eng.c
deleted file mode 100644
index c6364fbe..00000000
--- a/freebsd/crypto/openssl/engines/ccgost/gost_eng.c
+++ /dev/null
@@ -1,282 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/**********************************************************************
- *                          gost_eng.c                                *
- *             Copyright (c) 2005-2006 Cryptocom LTD                  *
- *         This file is distributed under the same license as OpenSSL *
- *                                                                    *
- *              Main file of GOST engine                              *
- *       for OpenSSL                                                  *
- *          Requires OpenSSL 0.9.9 for compilation                    *
- **********************************************************************/
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/engine.h>
-#include <openssl/obj_mac.h>
-#include "e_gost_err.h"
-#include "gost_lcl.h"
-static const char *engine_gost_id = "gost";
-static const char *engine_gost_name =
-    "Reference implementation of GOST engine";
-
-/* Symmetric cipher and digest function registrar */
-
-static int gost_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
-                        const int **nids, int nid);
-
-static int gost_digests(ENGINE *e, const EVP_MD **digest,
-                        const int **nids, int ind);
-
-static int gost_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
-                           const int **nids, int nid);
-
-static int gost_pkey_asn1_meths(ENGINE *e, EVP_PKEY_ASN1_METHOD **ameth,
-                                const int **nids, int nid);
-
-static int gost_cipher_nids[] = { NID_id_Gost28147_89, NID_gost89_cnt, 0 };
-
-static int gost_digest_nids[] =
-    { NID_id_GostR3411_94, NID_id_Gost28147_89_MAC, 0 };
-
-static int gost_pkey_meth_nids[] = { NID_id_GostR3410_94,
-    NID_id_GostR3410_2001, NID_id_Gost28147_89_MAC, 0
-};
-
-static EVP_PKEY_METHOD *pmeth_GostR3410_94 = NULL,
-    *pmeth_GostR3410_2001 = NULL, *pmeth_Gost28147_MAC = NULL;
-
-static EVP_PKEY_ASN1_METHOD *ameth_GostR3410_94 = NULL,
-    *ameth_GostR3410_2001 = NULL, *ameth_Gost28147_MAC = NULL;
-
-static int gost_engine_init(ENGINE *e)
-{
-    return 1;
-}
-
-static int gost_engine_finish(ENGINE *e)
-{
-    return 1;
-}
-
-static int gost_engine_destroy(ENGINE *e)
-{
-    gost_param_free();
-
-    pmeth_GostR3410_94 = NULL;
-    pmeth_GostR3410_2001 = NULL;
-    pmeth_Gost28147_MAC = NULL;
-    ameth_GostR3410_94 = NULL;
-    ameth_GostR3410_2001 = NULL;
-    ameth_Gost28147_MAC = NULL;
-    return 1;
-}
-
-static int bind_gost(ENGINE *e, const char *id)
-{
-    int ret = 0;
-    if (id && strcmp(id, engine_gost_id))
-        return 0;
-    if (ameth_GostR3410_94) {
-        printf("GOST engine already loaded\n");
-        goto end;
-    }
-
-    if (!ENGINE_set_id(e, engine_gost_id)) {
-        printf("ENGINE_set_id failed\n");
-        goto end;
-    }
-    if (!ENGINE_set_name(e, engine_gost_name)) {
-        printf("ENGINE_set_name failed\n");
-        goto end;
-    }
-    if (!ENGINE_set_digests(e, gost_digests)) {
-        printf("ENGINE_set_digests failed\n");
-        goto end;
-    }
-    if (!ENGINE_set_ciphers(e, gost_ciphers)) {
-        printf("ENGINE_set_ciphers failed\n");
-        goto end;
-    }
-    if (!ENGINE_set_pkey_meths(e, gost_pkey_meths)) {
-        printf("ENGINE_set_pkey_meths failed\n");
-        goto end;
-    }
-    if (!ENGINE_set_pkey_asn1_meths(e, gost_pkey_asn1_meths)) {
-        printf("ENGINE_set_pkey_asn1_meths failed\n");
-        goto end;
-    }
-    /* Control function and commands */
-    if (!ENGINE_set_cmd_defns(e, gost_cmds)) {
-        fprintf(stderr, "ENGINE_set_cmd_defns failed\n");
-        goto end;
-    }
-    if (!ENGINE_set_ctrl_function(e, gost_control_func)) {
-        fprintf(stderr, "ENGINE_set_ctrl_func failed\n");
-        goto end;
-    }
-    if (!ENGINE_set_destroy_function(e, gost_engine_destroy)
-        || !ENGINE_set_init_function(e, gost_engine_init)
-        || !ENGINE_set_finish_function(e, gost_engine_finish)) {
-        goto end;
-    }
-
-    if (!register_ameth_gost
-        (NID_id_GostR3410_94, &ameth_GostR3410_94, "GOST94",
-         "GOST R 34.10-94"))
-        goto end;
-    if (!register_ameth_gost
-        (NID_id_GostR3410_2001, &ameth_GostR3410_2001, "GOST2001",
-         "GOST R 34.10-2001"))
-        goto end;
-    if (!register_ameth_gost(NID_id_Gost28147_89_MAC, &ameth_Gost28147_MAC,
-                             "GOST-MAC", "GOST 28147-89 MAC"))
-        goto end;
-
-    if (!register_pmeth_gost(NID_id_GostR3410_94, &pmeth_GostR3410_94, 0))
-        goto end;
-    if (!register_pmeth_gost(NID_id_GostR3410_2001, &pmeth_GostR3410_2001, 0))
-        goto end;
-    if (!register_pmeth_gost
-        (NID_id_Gost28147_89_MAC, &pmeth_Gost28147_MAC, 0))
-        goto end;
-    if (!ENGINE_register_ciphers(e)
-        || !ENGINE_register_digests(e)
-        || !ENGINE_register_pkey_meths(e)
-        /* These two actually should go in LIST_ADD command */
-        || !EVP_add_cipher(&cipher_gost)
-        || !EVP_add_cipher(&cipher_gost_cpacnt)
-        || !EVP_add_digest(&digest_gost)
-        || !EVP_add_digest(&imit_gost_cpa)
-        ) {
-        goto end;
-    }
-
-    ERR_load_GOST_strings();
-    ret = 1;
- end:
-    return ret;
-}
-
-static int gost_digests(ENGINE *e, const EVP_MD **digest,
-                        const int **nids, int nid)
-{
-    int ok = 1;
-    if (!digest) {
-        *nids = gost_digest_nids;
-        return 2;
-    }
-    /*
-     * printf("Digest no %d requested\n",nid);
-     */
-    if (nid == NID_id_GostR3411_94) {
-        *digest = &digest_gost;
-    } else if (nid == NID_id_Gost28147_89_MAC) {
-        *digest = &imit_gost_cpa;
-    } else {
-        ok = 0;
-        *digest = NULL;
-    }
-    return ok;
-}
-
-static int gost_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
-                        const int **nids, int nid)
-{
-    int ok = 1;
-    if (!cipher) {
-        *nids = gost_cipher_nids;
-        return 2;               /* two ciphers are supported */
-    }
-
-    if (nid == NID_id_Gost28147_89) {
-        *cipher = &cipher_gost;
-    } else if (nid == NID_gost89_cnt) {
-        *cipher = &cipher_gost_cpacnt;
-    } else {
-        ok = 0;
-        *cipher = NULL;
-    }
-    return ok;
-}
-
-static int gost_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
-                           const int **nids, int nid)
-{
-    if (!pmeth) {
-        *nids = gost_pkey_meth_nids;
-        return 3;
-    }
-
-    switch (nid) {
-    case NID_id_GostR3410_94:
-        *pmeth = pmeth_GostR3410_94;
-        return 1;
-    case NID_id_GostR3410_2001:
-        *pmeth = pmeth_GostR3410_2001;
-        return 1;
-    case NID_id_Gost28147_89_MAC:
-        *pmeth = pmeth_Gost28147_MAC;
-        return 1;
-    default:;
-    }
-
-    *pmeth = NULL;
-    return 0;
-}
-
-static int gost_pkey_asn1_meths(ENGINE *e, EVP_PKEY_ASN1_METHOD **ameth,
-                                const int **nids, int nid)
-{
-    if (!ameth) {
-        *nids = gost_pkey_meth_nids;
-        return 3;
-    }
-    switch (nid) {
-    case NID_id_GostR3410_94:
-        *ameth = ameth_GostR3410_94;
-        return 1;
-    case NID_id_GostR3410_2001:
-        *ameth = ameth_GostR3410_2001;
-        return 1;
-    case NID_id_Gost28147_89_MAC:
-        *ameth = ameth_Gost28147_MAC;
-        return 1;
-
-    default:;
-    }
-
-    *ameth = NULL;
-    return 0;
-}
-
-#ifdef OPENSSL_NO_DYNAMIC_ENGINE
-static ENGINE *engine_gost(void)
-{
-    ENGINE *ret = ENGINE_new();
-    if (!ret)
-        return NULL;
-    if (!bind_gost(ret, engine_gost_id)) {
-        ENGINE_free(ret);
-        return NULL;
-    }
-    return ret;
-}
-
-void ENGINE_load_gost(void)
-{
-    ENGINE *toadd;
-    if (pmeth_GostR3410_94)
-        return;
-    toadd = engine_gost();
-    if (!toadd)
-        return;
-    ENGINE_add(toadd);
-    ENGINE_free(toadd);
-    ERR_clear_error();
-}
-#else
-IMPLEMENT_DYNAMIC_BIND_FN(bind_gost)
-IMPLEMENT_DYNAMIC_CHECK_FN()
-#endif
diff --git a/freebsd/crypto/openssl/engines/ccgost/gost_keywrap.c b/freebsd/crypto/openssl/engines/ccgost/gost_keywrap.c
deleted file mode 100644
index 996e863e..00000000
--- a/freebsd/crypto/openssl/engines/ccgost/gost_keywrap.c
+++ /dev/null
@@ -1,108 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/**********************************************************************
- *                          keywrap.c                                 *
- *             Copyright (c) 2005-2006 Cryptocom LTD                  *
- *         This file is distributed under the same license as OpenSSL *
- *                                                                    *
- * Implementation of CryptoPro key wrap algorithm, as defined in      *
- *               RFC 4357 p 6.3 and 6.4                               *
- *                  Doesn't need OpenSSL                              *
- **********************************************************************/
-#include <string.h>
-#include "gost89.h"
-#include "gost_keywrap.h"
-
-/*-
- * Diversifies key using random UserKey Material
- * Implements RFC 4357 p 6.5 key diversification algorithm
- *
- * inputKey - 32byte key to be diversified
- * ukm - 8byte user key material
- * outputKey - 32byte buffer to store diversified key
- *
- */
-void keyDiversifyCryptoPro(gost_ctx * ctx, const unsigned char *inputKey,
-                           const unsigned char *ukm, unsigned char *outputKey)
-{
-
-    u4 k, s1, s2;
-    int i, j, mask;
-    unsigned char S[8];
-    memcpy(outputKey, inputKey, 32);
-    for (i = 0; i < 8; i++) {
-        /* Make array of integers from key */
-        /* Compute IV S */
-        s1 = 0, s2 = 0;
-        for (j = 0, mask = 1; j < 8; j++, mask <<= 1) {
-            k = ((u4) outputKey[4 * j]) | (outputKey[4 * j + 1] << 8) |
-                (outputKey[4 * j + 2] << 16) | (outputKey[4 * j + 3] << 24);
-            if (mask & ukm[i]) {
-                s1 += k;
-            } else {
-                s2 += k;
-            }
-        }
-        S[0] = (unsigned char)(s1 & 0xff);
-        S[1] = (unsigned char)((s1 >> 8) & 0xff);
-        S[2] = (unsigned char)((s1 >> 16) & 0xff);
-        S[3] = (unsigned char)((s1 >> 24) & 0xff);
-        S[4] = (unsigned char)(s2 & 0xff);
-        S[5] = (unsigned char)((s2 >> 8) & 0xff);
-        S[6] = (unsigned char)((s2 >> 16) & 0xff);
-        S[7] = (unsigned char)((s2 >> 24) & 0xff);
-        gost_key(ctx, outputKey);
-        gost_enc_cfb(ctx, S, outputKey, outputKey, 4);
-    }
-}
-
-/*-
- * Wraps key using RFC 4357 6.3
- * ctx - gost encryption context, initialized with some S-boxes
- * keyExchangeKey (KEK) 32-byte (256-bit) shared key
- * ukm - 8 byte (64 bit) user key material,
- * sessionKey - 32-byte (256-bit) key to be wrapped
- * wrappedKey - 44-byte buffer to store wrapped key
- */
-
-int keyWrapCryptoPro(gost_ctx * ctx, const unsigned char *keyExchangeKey,
-                     const unsigned char *ukm,
-                     const unsigned char *sessionKey,
-                     unsigned char *wrappedKey)
-{
-    unsigned char kek_ukm[32];
-    keyDiversifyCryptoPro(ctx, keyExchangeKey, ukm, kek_ukm);
-    gost_key(ctx, kek_ukm);
-    memcpy(wrappedKey, ukm, 8);
-    gost_enc(ctx, sessionKey, wrappedKey + 8, 4);
-    gost_mac_iv(ctx, 32, ukm, sessionKey, 32, wrappedKey + 40);
-    return 1;
-}
-
-/*-
- * Unwraps key using RFC 4357 6.4
- * ctx - gost encryption context, initialized with some S-boxes
- * keyExchangeKey 32-byte shared key
- * wrappedKey  44 byte key to be unwrapped (concatenation of 8-byte UKM,
- * 32 byte  encrypted key and 4 byte MAC
- *
- * sessionKEy - 32byte buffer to store sessionKey in
- * Returns 1 if key is decrypted successfully, and 0 if MAC doesn't match
- */
-
-int keyUnwrapCryptoPro(gost_ctx * ctx, const unsigned char *keyExchangeKey,
-                       const unsigned char *wrappedKey,
-                       unsigned char *sessionKey)
-{
-    unsigned char kek_ukm[32], cek_mac[4];
-    keyDiversifyCryptoPro(ctx, keyExchangeKey, wrappedKey
-                          /* First 8 bytes of wrapped Key is ukm */
-                          , kek_ukm);
-    gost_key(ctx, kek_ukm);
-    gost_dec(ctx, wrappedKey + 8, sessionKey, 4);
-    gost_mac_iv(ctx, 32, wrappedKey, sessionKey, 32, cek_mac);
-    if (memcmp(cek_mac, wrappedKey + 40, 4)) {
-        return 0;
-    }
-    return 1;
-}
diff --git a/freebsd/crypto/openssl/engines/ccgost/gost_keywrap.h b/freebsd/crypto/openssl/engines/ccgost/gost_keywrap.h
deleted file mode 100644
index 7def4c9f..00000000
--- a/freebsd/crypto/openssl/engines/ccgost/gost_keywrap.h
+++ /dev/null
@@ -1,56 +0,0 @@
-/**********************************************************************
- *                         gost_keywrap.h                             *
- *             Copyright (c) 2005-2006 Cryptocom LTD                  *
- *       This file is distributed under the same license as OpenSSL   *
- *                                                                    *
- * Implementation of CryptoPro key wrap algorithm, as defined in      *
- * RFC 4357 p 6.3 and 6.4                                             *
- * Doesn't need OpenSSL                                               *
- **********************************************************************/
-#ifndef GOST_KEYWRAP_H
-# define GOST_KEYWRAP_H
-# include <string.h>
-# include "gost89.h"
-/*-
- * Diversifies key using random UserKey Material
- * Implements RFC 4357 p 6.5 key diversification algorithm
- *
- * inputKey - 32byte key to be diversified
- * ukm - 8byte user key material
- * outputKey - 32byte buffer to store diversified key
- *
- */
-void keyDiversifyCryptoPro(gost_ctx * ctx,
-                           const unsigned char *inputKey,
-                           const unsigned char *ukm,
-                           unsigned char *outputKey);
-/*-
- * Wraps key using RFC 4357 6.3
- * ctx - gost encryption context, initialized with some S-boxes
- * keyExchangeKey (KEK) 32-byte (256-bit) shared key
- * ukm - 8 byte (64 bit) user key material,
- * sessionKey - 32-byte (256-bit) key to be wrapped
- * wrappedKey - 44-byte buffer to store wrapped key
- */
-
-int keyWrapCryptoPro(gost_ctx * ctx,
-                     const unsigned char *keyExchangeKey,
-                     const unsigned char *ukm,
-                     const unsigned char *sessionKey,
-                     unsigned char *wrappedKey);
-/*-
- * Unwraps key using RFC 4357 6.4
- * ctx - gost encryption context, initialized with some S-boxes
- * keyExchangeKey 32-byte shared key
- * wrappedKey  44 byte key to be unwrapped (concatenation of 8-byte UKM,
- * 32 byte  encrypted key and 4 byte MAC
- *
- * sessionKEy - 32byte buffer to store sessionKey in
- * Returns 1 if key is decrypted successfully, and 0 if MAC doesn't match
- */
-
-int keyUnwrapCryptoPro(gost_ctx * ctx,
-                       const unsigned char *keyExchangeKey,
-                       const unsigned char *wrappedKey,
-                       unsigned char *sessionKey);
-#endif
diff --git a/freebsd/crypto/openssl/engines/ccgost/gost_lcl.h b/freebsd/crypto/openssl/engines/ccgost/gost_lcl.h
deleted file mode 100644
index 3a2c7d57..00000000
--- a/freebsd/crypto/openssl/engines/ccgost/gost_lcl.h
+++ /dev/null
@@ -1,229 +0,0 @@
-#ifndef GOST_TOOLS_H
-# define GOST_TOOLS_H
-/**********************************************************************
- *                        gost_lcl.h                                  *
- *             Copyright (c) 2006 Cryptocom LTD                       *
- *       This file is distributed under the same license as OpenSSL   *
- *                                                                    *
- *         Internal declarations  used in GOST engine                *
- *         OpenSSL 0.9.9 libraries required to compile and use        *
- *                              this code                             *
- **********************************************************************/
-# include <openssl/bn.h>
-# include <openssl/evp.h>
-# include <openssl/dsa.h>
-# include <openssl/asn1t.h>
-# include <openssl/x509.h>
-# include <openssl/engine.h>
-# include <openssl/ec.h>
-# include "gost89.h"
-# include "gosthash.h"
-/* Control commands */
-# define GOST_PARAM_CRYPT_PARAMS 0
-# define GOST_PARAM_MAX 0
-# define GOST_CTRL_CRYPT_PARAMS (ENGINE_CMD_BASE+GOST_PARAM_CRYPT_PARAMS)
-
-extern const ENGINE_CMD_DEFN gost_cmds[];
-int gost_control_func(ENGINE *e, int cmd, long i, void *p, void (*f) (void));
-const char *get_gost_engine_param(int param);
-int gost_set_default_param(int param, const char *value);
-void gost_param_free(void);
-
-/* method registration */
-
-int register_ameth_gost(int nid, EVP_PKEY_ASN1_METHOD **ameth,
-                        const char *pemstr, const char *info);
-int register_pmeth_gost(int id, EVP_PKEY_METHOD **pmeth, int flags);
-
-/* Gost-specific pmeth control-function parameters */
-/* For GOST R34.10 parameters */
-# define param_ctrl_string "paramset"
-# define EVP_PKEY_CTRL_GOST_PARAMSET (EVP_PKEY_ALG_CTRL+1)
-/* For GOST 28147 MAC */
-# define key_ctrl_string "key"
-# define hexkey_ctrl_string "hexkey"
-# define EVP_PKEY_CTRL_GOST_MAC_HEXKEY (EVP_PKEY_ALG_CTRL+3)
-/* Pmeth internal representation */
-struct gost_pmeth_data {
-    int sign_param_nid;         /* Should be set whenever parameters are
-                                 * filled */
-    EVP_MD *md;
-    unsigned char *shared_ukm;
-    int peer_key_used;
-};
-
-struct gost_mac_pmeth_data {
-    int key_set;
-    EVP_MD *md;
-    unsigned char key[32];
-};
-/* GOST-specific ASN1 structures */
-
-typedef struct {
-    ASN1_OCTET_STRING *encrypted_key;
-    ASN1_OCTET_STRING *imit;
-} GOST_KEY_INFO;
-
-DECLARE_ASN1_FUNCTIONS(GOST_KEY_INFO)
-
-typedef struct {
-    ASN1_OBJECT *cipher;
-    X509_PUBKEY *ephem_key;
-    ASN1_OCTET_STRING *eph_iv;
-} GOST_KEY_AGREEMENT_INFO;
-
-DECLARE_ASN1_FUNCTIONS(GOST_KEY_AGREEMENT_INFO)
-
-typedef struct {
-    GOST_KEY_INFO *key_info;
-    GOST_KEY_AGREEMENT_INFO *key_agreement_info;
-} GOST_KEY_TRANSPORT;
-
-DECLARE_ASN1_FUNCTIONS(GOST_KEY_TRANSPORT)
-
-typedef struct {                /* FIXME incomplete */
-    GOST_KEY_TRANSPORT *gkt;
-} GOST_CLIENT_KEY_EXCHANGE_PARAMS;
-
-/*
- * Hacks to shorten symbols to 31 characters or less, or OpenVMS. This mimics
- * what's done in symhacks.h, but since this is a very local header file, I
- * prefered to put this hack directly here. -- Richard Levitte
- */
-# ifdef OPENSSL_SYS_VMS
-#  undef GOST_CLIENT_KEY_EXCHANGE_PARAMS_it
-#  define GOST_CLIENT_KEY_EXCHANGE_PARAMS_it      GOST_CLIENT_KEY_EXC_PARAMS_it
-#  undef GOST_CLIENT_KEY_EXCHANGE_PARAMS_new
-#  define GOST_CLIENT_KEY_EXCHANGE_PARAMS_new     GOST_CLIENT_KEY_EXC_PARAMS_new
-#  undef GOST_CLIENT_KEY_EXCHANGE_PARAMS_free
-#  define GOST_CLIENT_KEY_EXCHANGE_PARAMS_free    GOST_CLIENT_KEY_EXC_PARAMS_free
-#  undef d2i_GOST_CLIENT_KEY_EXCHANGE_PARAMS
-#  define d2i_GOST_CLIENT_KEY_EXCHANGE_PARAMS     d2i_GOST_CLIENT_KEY_EXC_PARAMS
-#  undef i2d_GOST_CLIENT_KEY_EXCHANGE_PARAMS
-#  define i2d_GOST_CLIENT_KEY_EXCHANGE_PARAMS     i2d_GOST_CLIENT_KEY_EXC_PARAMS
-# endif                         /* End of hack */
-DECLARE_ASN1_FUNCTIONS(GOST_CLIENT_KEY_EXCHANGE_PARAMS)
-typedef struct {
-    ASN1_OBJECT *key_params;
-    ASN1_OBJECT *hash_params;
-    ASN1_OBJECT *cipher_params;
-} GOST_KEY_PARAMS;
-
-DECLARE_ASN1_FUNCTIONS(GOST_KEY_PARAMS)
-
-typedef struct {
-    ASN1_OCTET_STRING *iv;
-    ASN1_OBJECT *enc_param_set;
-} GOST_CIPHER_PARAMS;
-
-DECLARE_ASN1_FUNCTIONS(GOST_CIPHER_PARAMS)
-/*============== Message digest  and cipher related structures  ==========*/
-         /*
-          * Structure used as EVP_MD_CTX-md_data. It allows to avoid storing
-          * in the md-data pointers to dynamically allocated memory. I
-          * cannot invent better way to avoid memory leaks, because openssl
-          * insist on invoking Init on Final-ed digests, and there is no
-          * reliable way to find out whether pointer in the passed md_data is
-          * valid or not.
-          */
-struct ossl_gost_digest_ctx {
-    gost_hash_ctx dctx;
-    gost_ctx cctx;
-};
-/* EVP_MD structure for GOST R 34.11 */
-extern EVP_MD digest_gost;
-/* EVP_MD structure for GOST 28147 in MAC mode */
-extern EVP_MD imit_gost_cpa;
-/* Cipher context used for EVP_CIPHER operation */
-struct ossl_gost_cipher_ctx {
-    int paramNID;
-    unsigned int count;
-    int key_meshing;
-    gost_ctx cctx;
-};
-/* Structure to map parameter NID to S-block */
-struct gost_cipher_info {
-    int nid;
-    gost_subst_block *sblock;
-    int key_meshing;
-};
-/* Context for MAC */
-struct ossl_gost_imit_ctx {
-    gost_ctx cctx;
-    unsigned char buffer[8];
-    unsigned char partial_block[8];
-    unsigned int count;
-    int key_meshing;
-    int bytes_left;
-    int key_set;
-};
-/* Table which maps parameter NID to S-blocks */
-extern struct gost_cipher_info gost_cipher_list[];
-/* Find encryption params from ASN1_OBJECT */
-const struct gost_cipher_info *get_encryption_params(ASN1_OBJECT *obj);
-/* Implementation of GOST 28147-89 cipher in CFB and CNT modes */
-extern EVP_CIPHER cipher_gost;
-extern EVP_CIPHER cipher_gost_cpacnt;
-# define EVP_MD_CTRL_KEY_LEN (EVP_MD_CTRL_ALG_CTRL+3)
-# define EVP_MD_CTRL_SET_KEY (EVP_MD_CTRL_ALG_CTRL+4)
-/* EVP_PKEY_METHOD key encryption callbacks */
-/* From gost94_keyx.c */
-int pkey_GOST94cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
-                          size_t *outlen, const unsigned char *key,
-                          size_t key_len);
-
-int pkey_GOST94cp_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
-                          size_t *outlen, const unsigned char *in,
-                          size_t in_len);
-/* From gost2001_keyx.c */
-int pkey_GOST01cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
-                          size_t *outlen, const unsigned char *key,
-                          size_t key_len);
-
-int pkey_GOST01cp_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
-                          size_t *outlen, const unsigned char *in,
-                          size_t in_len);
-/* derive functions */
-/* From gost2001_keyx.c */
-int pkey_gost2001_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
-                         size_t *keylen);
-/* From gost94_keyx.c */
-int pkey_gost94_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
-/* Internal functions for signature algorithms */
-int fill_GOST94_params(DSA *dsa, int nid);
-int fill_GOST2001_params(EC_KEY *eckey, int nid);
-int gost_sign_keygen(DSA *dsa);
-int gost2001_keygen(EC_KEY *ec);
-
-DSA_SIG *gost_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
-DSA_SIG *gost2001_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey);
-
-int gost_do_verify(const unsigned char *dgst, int dgst_len,
-                   DSA_SIG *sig, DSA *dsa);
-int gost2001_do_verify(const unsigned char *dgst, int dgst_len,
-                       DSA_SIG *sig, EC_KEY *ec);
-int gost2001_compute_public(EC_KEY *ec);
-int gost94_compute_public(DSA *dsa);
-/*============== miscellaneous functions============================= */
-/* from gost_sign.c */
-/* Convert GOST R 34.11 hash sum to bignum according to standard */
-BIGNUM *hashsum2bn(const unsigned char *dgst);
-/*
- * Store bignum in byte array of given length, prepending by zeros if
- * nesseccary
- */
-int store_bignum(BIGNUM *bn, unsigned char *buf, int len);
-/* Read bignum, which can have few MSB all-zeros    from buffer*/
-BIGNUM *getbnfrombuf(const unsigned char *buf, size_t len);
-/* Pack GOST R 34.10 signature according to CryptoPro rules */
-int pack_sign_cp(DSA_SIG *s, int order, unsigned char *sig, size_t *siglen);
-/* Unpack GOST R 34.10 signature according to CryptoPro rules */
-DSA_SIG *unpack_cp_signature(const unsigned char *sig, size_t siglen);
-/* from ameth.c */
-/* Get private key as BIGNUM from both R 34.10-94 and R 34.10-2001  keys*/
-/* Returns pointer into EVP_PKEY structure */
-BIGNUM *gost_get0_priv_key(const EVP_PKEY *pkey);
-/* Find NID by GOST 94 parameters */
-int gost94_nid_by_params(DSA *p);
-
-#endif
diff --git a/freebsd/crypto/openssl/engines/ccgost/gost_md.c b/freebsd/crypto/openssl/engines/ccgost/gost_md.c
deleted file mode 100644
index 9d7e8dd4..00000000
--- a/freebsd/crypto/openssl/engines/ccgost/gost_md.c
+++ /dev/null
@@ -1,78 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/**********************************************************************
- *                          md_gost.c                                 *
- *             Copyright (c) 2005-2006 Cryptocom LTD                  *
- *         This file is distributed under the same license as OpenSSL *
- *                                                                    *
- *       OpenSSL interface to GOST R 34.11-94 hash functions          *
- *          Requires OpenSSL 0.9.9 for compilation                    *
- **********************************************************************/
-#include <string.h>
-#include "gost_lcl.h"
-#include "gosthash.h"
-#include "e_gost_err.h"
-
-/* implementation of GOST 34.11 hash function See gost_md.c*/
-static int gost_digest_init(EVP_MD_CTX *ctx);
-static int gost_digest_update(EVP_MD_CTX *ctx, const void *data,
-                              size_t count);
-static int gost_digest_final(EVP_MD_CTX *ctx, unsigned char *md);
-static int gost_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from);
-static int gost_digest_cleanup(EVP_MD_CTX *ctx);
-
-EVP_MD digest_gost = {
-    NID_id_GostR3411_94,
-    NID_undef,
-    32,
-    EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
-    gost_digest_init,
-    gost_digest_update,
-    gost_digest_final,
-    gost_digest_copy,
-    gost_digest_cleanup,
-    NULL,
-    NULL,
-    {NID_undef, NID_undef, 0, 0, 0},
-    32,
-    sizeof(struct ossl_gost_digest_ctx),
-    NULL
-};
-
-int gost_digest_init(EVP_MD_CTX *ctx)
-{
-    struct ossl_gost_digest_ctx *c = ctx->md_data;
-    memset(&(c->dctx), 0, sizeof(gost_hash_ctx));
-    gost_init(&(c->cctx), &GostR3411_94_CryptoProParamSet);
-    c->dctx.cipher_ctx = &(c->cctx);
-    return 1;
-}
-
-int gost_digest_update(EVP_MD_CTX *ctx, const void *data, size_t count)
-{
-    return hash_block((gost_hash_ctx *) ctx->md_data, data, count);
-}
-
-int gost_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
-{
-    return finish_hash((gost_hash_ctx *) ctx->md_data, md);
-
-}
-
-int gost_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
-{
-    struct ossl_gost_digest_ctx *md_ctx = to->md_data;
-    if (to->md_data && from->md_data) {
-        memcpy(to->md_data, from->md_data,
-               sizeof(struct ossl_gost_digest_ctx));
-        md_ctx->dctx.cipher_ctx = &(md_ctx->cctx);
-    }
-    return 1;
-}
-
-int gost_digest_cleanup(EVP_MD_CTX *ctx)
-{
-    if (ctx->md_data)
-        memset(ctx->md_data, 0, sizeof(struct ossl_gost_digest_ctx));
-    return 1;
-}
diff --git a/freebsd/crypto/openssl/engines/ccgost/gost_params.c b/freebsd/crypto/openssl/engines/ccgost/gost_params.c
deleted file mode 100644
index 93a5b153..00000000
--- a/freebsd/crypto/openssl/engines/ccgost/gost_params.c
+++ /dev/null
@@ -1,209 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/**********************************************************************
- *                        params.c                                    *
- *             Copyright (c) 2005-2006 Cryptocom LTD                  *
- *         This file is distributed under the same license as OpenSSL *
- *                                                                    *
- * Definitions of GOST R 34.10 parameter sets, defined in RFC 4357    *
- *         OpenSSL 0.9.9 libraries required to compile and use        *
- *                              this code                             *
- **********************************************************************/
-#include "gost_params.h"
-#include <openssl/objects.h>
-/* Parameters of GOST 34.10 */
-
-R3410_params R3410_paramset[] = {
-/* Paramset A */
-    {NID_id_GostR3410_94_CryptoPro_A_ParamSet,
-     "100997906755055304772081815535925224869"
-     "8410825720534578748235158755771479905292727772441528526992987964833"
-     "5669968284202797289605274717317548059048560713474685214192868091256"
-     "1502802222185647539190902656116367847270145019066794290930185446216"
-     "3997308722217328898303231940973554032134009725883228768509467406639"
-     "62",
-     "127021248288932417465907042777176443525"
-     "7876535089165358128175072657050312609850984974231883334834011809259"
-     "9999512098893413065920561499672425412104927434935707492031276956145"
-     "1689224110579311248812610229678534638401693520013288995000362260684"
-     "2227508135323070045173416336850045410625869714168836867788425378203"
-     "83",
-     "683631961449557007844441656118272528951"
-     "02170888761442055095051287550314083023"}
-    ,
-    {NID_id_GostR3410_94_CryptoPro_B_ParamSet,
-     "429418261486158041438734477379555023926"
-     "7234596860714306679811299408947123142002706038521669956384871995765"
-     "7284814898909770759462613437669456364882730370838934791080835932647"
-     "9767786019153434744009610342313166725786869204821949328786333602033"
-     "8479709268434224762105576023501613261478065276102850944540333865234"
-     "1",
-     "139454871199115825601409655107690713107"
-     "0417070599280317977580014543757653577229840941243685222882398330391"
-     "1468164807668823692122073732267216074074777170091113455043205380464"
-     "7694904686120113087816240740184800477047157336662926249423571248823"
-     "9685422217536601433914856808405203368594584948031873412885804895251"
-     "63",
-     "79885141663410976897627118935756323747307951916507639758300472692338873533959"}
-    ,
-    {NID_id_GostR3410_94_CryptoPro_C_ParamSet,
-     "816552717970881016017893191415300348226"
-     "2544051353358162468249467681876621283478212884286545844013955142622"
-     "2087723485023722868022275009502224827866201744494021697716482008353"
-     "6398202298024892620480898699335508064332313529725332208819456895108"
-     "5155178100221003459370588291073071186553005962149936840737128710832"
-     "3",
-     "110624679233511963040518952417017040248"
-     "5862954819831383774196396298584395948970608956170224210628525560327"
-     "8638246716655439297654402921844747893079518669992827880792192992701"
-     "1428546551433875806377110443534293554066712653034996277099320715774"
-     "3542287621283671843703709141350171945045805050291770503634517804938"
-     "01",
-     "113468861199819350564868233378875198043"
-     "267947776488510997961231672532899549103"}
-    ,
-    {NID_id_GostR3410_94_CryptoPro_D_ParamSet,
-     "756976611021707301782128757801610628085"
-     "5283803109571158829574281419208532589041660017017859858216341400371"
-     "4687551412794400562878935266630754392677014598582103365983119173924"
-     "4732511225464712252386803315902707727668715343476086350472025298282"
-     "7271461690125050616858238384366331089777463541013033926723743254833"
-     "7",
-     "905457649621929965904290958774625315611"
-     "3056083907389766971404812524422262512556054474620855996091570786713"
-     "5849550236741915584185990627801066465809510095784713989819413820871"
-     "5964648914493053407920737078890520482730623038837767710173664838239"
-     "8574828787891286471201460474326612697849693665518073864436497893214"
-     "9",
-     "108988435796353506912374591498972192620"
-     "190487557619582334771735390599299211593"}
-    ,
-
-    {NID_id_GostR3410_94_CryptoPro_XchA_ParamSet,
-     "1335318132727206734338595199483190012179423759678474868994823595993"
-     "6964252873471246159040332773182141032801252925387191478859899310331"
-     "0567744136196364803064721377826656898686468463277710150809401182608"
-     "7702016153249904683329312949209127762411378780302243557466062839716"
-     "59376426832674269780880061631528163475887",
-     "14201174159756348119636828602231808974327613839524373876287257344192"
-     "74593935127189736311660784676003608489466235676257952827747192122419"
-     "29071046134208380636394084512691828894000571524625445295769349356752"
-     "72895683154177544176313938445719175509684710784659566254794231229333"
-     "8483924514339614727760681880609734239",
-     "91771529896554605945588149018382750217296858393520724172743325725474"
-     "374979801"}
-    ,
-    {NID_id_GostR3410_94_CryptoPro_XchB_ParamSet,
-     "8890864727828423151699995801875757891031463338652579140051973659"
-     "3048131440685857067369829407947744496306656291505503608252399443"
-     "7900272386749145996230867832228661977543992816745254823298629859"
-     "8753575466286051738837854736167685769017780335804511440773337196"
-     "2538423532919394477873664752824509986617878992443177",
-     "1028946126624994859676552074360530315217970499989304888248413244"
-     "8474923022758470167998871003604670704877377286176171227694098633"
-     "1539089568784129110109512690503345393869871295783467257264868341"
-     "7200196629860561193666752429682367397084815179752036423595736533"
-     "68957392061769855284593965042530895046088067160269433",
-     "9109671391802626916582318050603555673628769498182593088388796888"
-     "5281641595199"}
-    ,
-    {NID_id_GostR3410_94_CryptoPro_XchC_ParamSet,
-     "4430618464297584182473135030809859326863990650118941756995270074"
-     "8609973181426950235239623239110557450826919295792878938752101867"
-     "7047181623251027516953100431855964837602657827828194249605561893"
-     "6965865325513137194483136247773653468410118796740709840825496997"
-     "9375560722345106704721086025979309968763193072908334",
-     "1246996366993477513607147265794064436203408861395055989217248455"
-     "7299870737698999651480662364723992859320868822848751165438350943"
-     "3276647222625940615560580450040947211826027729977563540237169063"
-     "0448079715771649447778447000597419032457722226253269698374446528"
-     "35352729304393746106576383349151001715930924115499549",
-     "6787876137336591234380295020065682527118129468050147943114675429"
-     "4748422492761"}
-    ,
-
-    {NID_undef, NULL, NULL, NULL}
-};
-
-R3410_2001_params R3410_2001_paramset[] = {
-    /* default_cc_sign01_param 1.2.643.2.9.1.8.1 */
-    {NID_id_GostR3410_2001_ParamSet_cc,
-     /* A */
-     "C0000000000000000000000000000000000000000000000000000000000003c4",
-     /* B */
-     "2d06B4265ebc749ff7d0f1f1f88232e81632e9088fd44b7787d5e407e955080c",
-     /* P */
-     "C0000000000000000000000000000000000000000000000000000000000003C7",
-     /* Q */
-     "5fffffffffffffffffffffffffffffff606117a2f4bde428b7458a54b6e87b85",
-     /* X */
-     "2",
-     /* Y */
-     "a20e034bf8813ef5c18d01105e726a17eb248b264ae9706f440bedc8ccb6b22c"}
-    ,
-    /* 1.2.643.2.2.35.0 */
-    {NID_id_GostR3410_2001_TestParamSet,
-     "7",
-     "5FBFF498AA938CE739B8E022FBAFEF40563F6E6A3472FC2A514C0CE9DAE23B7E",
-     "8000000000000000000000000000000000000000000000000000000000000431",
-     "8000000000000000000000000000000150FE8A1892976154C59CFC193ACCF5B3",
-     "2",
-     "08E2A8A0E65147D4BD6316030E16D19C85C97F0A9CA267122B96ABBCEA7E8FC8"}
-    ,
-    /*
-     * 1.2.643.2.2.35.1
-     */
-    {NID_id_GostR3410_2001_CryptoPro_A_ParamSet,
-     "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD94",
-     "a6",
-     "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD97",
-     "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6C611070995AD10045841B09B761B893",
-     "1",
-     "8D91E471E0989CDA27DF505A453F2B7635294F2DDF23E3B122ACC99C9E9F1E14"}
-    ,
-    /*
-     * 1.2.643.2.2.35.2
-     */
-    {NID_id_GostR3410_2001_CryptoPro_B_ParamSet,
-     "8000000000000000000000000000000000000000000000000000000000000C96",
-     "3E1AF419A269A5F866A7D3C25C3DF80AE979259373FF2B182F49D4CE7E1BBC8B",
-     "8000000000000000000000000000000000000000000000000000000000000C99",
-     "800000000000000000000000000000015F700CFFF1A624E5E497161BCC8A198F",
-     "1",
-     "3FA8124359F96680B83D1C3EB2C070E5C545C9858D03ECFB744BF8D717717EFC"}
-    ,
-    /*
-     * 1.2.643.2.2.35.3
-     */
-    {NID_id_GostR3410_2001_CryptoPro_C_ParamSet,
-     "9B9F605F5A858107AB1EC85E6B41C8AACF846E86789051D37998F7B9022D7598",
-     "805a",
-     "9B9F605F5A858107AB1EC85E6B41C8AACF846E86789051D37998F7B9022D759B",
-     "9B9F605F5A858107AB1EC85E6B41C8AA582CA3511EDDFB74F02F3A6598980BB9",
-     "0",
-     "41ECE55743711A8C3CBF3783CD08C0EE4D4DC440D4641A8F366E550DFDB3BB67"}
-    ,
-    /*
-     * 1.2.643.2.2.36.0
-     */
-    {NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet,
-     "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD94",
-     "a6",
-     "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD97",
-     "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6C611070995AD10045841B09B761B893",
-     "1",
-     "8D91E471E0989CDA27DF505A453F2B7635294F2DDF23E3B122ACC99C9E9F1E14"}
-    ,
-    /*
-     * 1.2.643.2.2.36.1
-     */
-    {NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet,
-     "9B9F605F5A858107AB1EC85E6B41C8AACF846E86789051D37998F7B9022D7598",
-     "805a",
-     "9B9F605F5A858107AB1EC85E6B41C8AACF846E86789051D37998F7B9022D759B",
-     "9B9F605F5A858107AB1EC85E6B41C8AA582CA3511EDDFB74F02F3A6598980BB9",
-     "0",
-     "41ECE55743711A8C3CBF3783CD08C0EE4D4DC440D4641A8F366E550DFDB3BB67"}
-    ,
-    {0, NULL, NULL, NULL, NULL, NULL, NULL}
-};
diff --git a/freebsd/crypto/openssl/engines/ccgost/gost_params.h b/freebsd/crypto/openssl/engines/ccgost/gost_params.h
deleted file mode 100644
index 0773cbfa..00000000
--- a/freebsd/crypto/openssl/engines/ccgost/gost_params.h
+++ /dev/null
@@ -1,34 +0,0 @@
-/**********************************************************************
- *                        gost_params.h                               *
- *             Copyright (c) 2005-2006 Cryptocom LTD                  *
- *       This file is distributed under the same license as OpenSSL   *
- *                                                                    *
- *       Declaration of structures used to represent  GOST R 34.10    *
- *                     parameter sets, defined in RFC 4357                *
- *         OpenSSL 0.9.9 libraries required to compile and use        *
- *                              this code                             *
- **********************************************************************/
-#ifndef GOST_PARAMSET_H
-# define GOST_PARAMSET_H
-typedef struct R3410 {
-    int nid;
-    char *a;
-    char *p;
-    char *q;
-} R3410_params;
-
-extern R3410_params R3410_paramset[];
-
-typedef struct R3410_2001 {
-    int nid;
-    char *a;
-    char *b;
-    char *p;
-    char *q;
-    char *x;
-    char *y;
-} R3410_2001_params;
-
-extern R3410_2001_params R3410_2001_paramset[];
-
-#endif
diff --git a/freebsd/crypto/openssl/engines/ccgost/gost_pmeth.c b/freebsd/crypto/openssl/engines/ccgost/gost_pmeth.c
deleted file mode 100644
index dba62b9b..00000000
--- a/freebsd/crypto/openssl/engines/ccgost/gost_pmeth.c
+++ /dev/null
@@ -1,627 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/**********************************************************************
- *                          gost_pmeth.c                              *
- *             Copyright (c) 2005-2006 Cryptocom LTD                  *
- *         This file is distributed under the same license as OpenSSL *
- *                                                                    *
- *   Implementation of RFC 4357 (GOST R 34.10) Publick key method     *
- *       for OpenSSL                                                  *
- *          Requires OpenSSL 0.9.9 for compilation                    *
- **********************************************************************/
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/ec.h>
-#include <openssl/x509v3.h>     /* For string_to_hex */
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
-#include "gost_params.h"
-#include "gost_lcl.h"
-#include "e_gost_err.h"
-/* -----init, cleanup, copy - uniform for all algs  ---------------*/
-/* Allocates new gost_pmeth_data structure and assigns it as data */
-static int pkey_gost_init(EVP_PKEY_CTX *ctx)
-{
-    struct gost_pmeth_data *data;
-    EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
-    data = OPENSSL_malloc(sizeof(struct gost_pmeth_data));
-    if (!data)
-        return 0;
-    memset(data, 0, sizeof(struct gost_pmeth_data));
-    if (pkey && EVP_PKEY_get0(pkey)) {
-        switch (EVP_PKEY_base_id(pkey)) {
-        case NID_id_GostR3410_94:
-            data->sign_param_nid = gost94_nid_by_params(EVP_PKEY_get0(pkey));
-            break;
-        case NID_id_GostR3410_2001:
-            data->sign_param_nid =
-                EC_GROUP_get_curve_name(EC_KEY_get0_group
-                                        (EVP_PKEY_get0((EVP_PKEY *)pkey)));
-            break;
-        default:
-            return 0;
-        }
-    }
-    EVP_PKEY_CTX_set_data(ctx, data);
-    return 1;
-}
-
-/* Copies contents of gost_pmeth_data structure */
-static int pkey_gost_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
-{
-    struct gost_pmeth_data *dst_data, *src_data;
-    if (!pkey_gost_init(dst)) {
-        return 0;
-    }
-    src_data = EVP_PKEY_CTX_get_data(src);
-    dst_data = EVP_PKEY_CTX_get_data(dst);
-    *dst_data = *src_data;
-    if (src_data->shared_ukm) {
-        dst_data->shared_ukm = NULL;
-    }
-    return 1;
-}
-
-/* Frees up gost_pmeth_data structure */
-static void pkey_gost_cleanup(EVP_PKEY_CTX *ctx)
-{
-    struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
-    if (data->shared_ukm)
-        OPENSSL_free(data->shared_ukm);
-    OPENSSL_free(data);
-}
-
-/* --------------------- control functions  ------------------------------*/
-static int pkey_gost_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
-{
-    struct gost_pmeth_data *pctx =
-        (struct gost_pmeth_data *)EVP_PKEY_CTX_get_data(ctx);
-    switch (type) {
-    case EVP_PKEY_CTRL_MD:
-        {
-            if (EVP_MD_type((const EVP_MD *)p2) != NID_id_GostR3411_94) {
-                GOSTerr(GOST_F_PKEY_GOST_CTRL, GOST_R_INVALID_DIGEST_TYPE);
-                return 0;
-            }
-            pctx->md = (EVP_MD *)p2;
-            return 1;
-        }
-        break;
-
-    case EVP_PKEY_CTRL_GET_MD:
-        *(const EVP_MD **)p2 = pctx->md;
-        return 1;
-
-    case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
-    case EVP_PKEY_CTRL_PKCS7_DECRYPT:
-    case EVP_PKEY_CTRL_PKCS7_SIGN:
-    case EVP_PKEY_CTRL_DIGESTINIT:
-#ifndef OPENSSL_NO_CMS
-    case EVP_PKEY_CTRL_CMS_ENCRYPT:
-    case EVP_PKEY_CTRL_CMS_DECRYPT:
-    case EVP_PKEY_CTRL_CMS_SIGN:
-#endif
-        return 1;
-
-    case EVP_PKEY_CTRL_GOST_PARAMSET:
-        pctx->sign_param_nid = (int)p1;
-        return 1;
-    case EVP_PKEY_CTRL_SET_IV:
-        pctx->shared_ukm = OPENSSL_malloc((int)p1);
-        if (pctx->shared_ukm == NULL)
-            return 0;
-        memcpy(pctx->shared_ukm, p2, (int)p1);
-        return 1;
-    case EVP_PKEY_CTRL_PEER_KEY:
-        if (p1 == 0 || p1 == 1) /* call from EVP_PKEY_derive_set_peer */
-            return 1;
-        if (p1 == 2)            /* TLS: peer key used? */
-            return pctx->peer_key_used;
-        if (p1 == 3)            /* TLS: peer key used! */
-            return (pctx->peer_key_used = 1);
-        return -2;
-    }
-    return -2;
-}
-
-static int pkey_gost_ctrl94_str(EVP_PKEY_CTX *ctx,
-                                const char *type, const char *value)
-{
-    int param_nid = 0;
-    if (!strcmp(type, param_ctrl_string)) {
-        if (!value) {
-            return 0;
-        }
-        if (strlen(value) == 1) {
-            switch (toupper((unsigned char)value[0])) {
-            case 'A':
-                param_nid = NID_id_GostR3410_94_CryptoPro_A_ParamSet;
-                break;
-            case 'B':
-                param_nid = NID_id_GostR3410_94_CryptoPro_B_ParamSet;
-                break;
-            case 'C':
-                param_nid = NID_id_GostR3410_94_CryptoPro_C_ParamSet;
-                break;
-            case 'D':
-                param_nid = NID_id_GostR3410_94_CryptoPro_D_ParamSet;
-                break;
-            default:
-                return 0;
-                break;
-            }
-        } else if ((strlen(value) == 2)
-                   && (toupper((unsigned char)value[0]) == 'X')) {
-            switch (toupper((unsigned char)value[1])) {
-            case 'A':
-                param_nid = NID_id_GostR3410_94_CryptoPro_XchA_ParamSet;
-                break;
-            case 'B':
-                param_nid = NID_id_GostR3410_94_CryptoPro_XchB_ParamSet;
-                break;
-            case 'C':
-                param_nid = NID_id_GostR3410_94_CryptoPro_XchC_ParamSet;
-                break;
-            default:
-                return 0;
-                break;
-            }
-        } else {
-            R3410_params *p = R3410_paramset;
-            param_nid = OBJ_txt2nid(value);
-            if (param_nid == NID_undef) {
-                return 0;
-            }
-            for (; p->nid != NID_undef; p++) {
-                if (p->nid == param_nid)
-                    break;
-            }
-            if (p->nid == NID_undef) {
-                GOSTerr(GOST_F_PKEY_GOST_CTRL94_STR, GOST_R_INVALID_PARAMSET);
-                return 0;
-            }
-        }
-
-        return pkey_gost_ctrl(ctx, EVP_PKEY_CTRL_GOST_PARAMSET,
-                              param_nid, NULL);
-    }
-    return -2;
-}
-
-static int pkey_gost_ctrl01_str(EVP_PKEY_CTX *ctx,
-                                const char *type, const char *value)
-{
-    int param_nid = 0;
-    if (!strcmp(type, param_ctrl_string)) {
-        if (!value) {
-            return 0;
-        }
-        if (strlen(value) == 1) {
-            switch (toupper((unsigned char)value[0])) {
-            case 'A':
-                param_nid = NID_id_GostR3410_2001_CryptoPro_A_ParamSet;
-                break;
-            case 'B':
-                param_nid = NID_id_GostR3410_2001_CryptoPro_B_ParamSet;
-                break;
-            case 'C':
-                param_nid = NID_id_GostR3410_2001_CryptoPro_C_ParamSet;
-                break;
-            case '0':
-                param_nid = NID_id_GostR3410_2001_TestParamSet;
-                break;
-            default:
-                return 0;
-                break;
-            }
-        } else if ((strlen(value) == 2)
-                   && (toupper((unsigned char)value[0]) == 'X')) {
-            switch (toupper((unsigned char)value[1])) {
-            case 'A':
-                param_nid = NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet;
-                break;
-            case 'B':
-                param_nid = NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet;
-                break;
-            default:
-                return 0;
-                break;
-            }
-        } else {
-            R3410_2001_params *p = R3410_2001_paramset;
-            param_nid = OBJ_txt2nid(value);
-            if (param_nid == NID_undef) {
-                return 0;
-            }
-            for (; p->nid != NID_undef; p++) {
-                if (p->nid == param_nid)
-                    break;
-            }
-            if (p->nid == NID_undef) {
-                GOSTerr(GOST_F_PKEY_GOST_CTRL01_STR, GOST_R_INVALID_PARAMSET);
-                return 0;
-            }
-        }
-
-        return pkey_gost_ctrl(ctx, EVP_PKEY_CTRL_GOST_PARAMSET,
-                              param_nid, NULL);
-    }
-    return -2;
-}
-
-/* --------------------- key generation  --------------------------------*/
-
-static int pkey_gost_paramgen_init(EVP_PKEY_CTX *ctx)
-{
-    return 1;
-}
-
-static int pkey_gost94_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
-{
-    struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
-    DSA *dsa = NULL;
-    if (data->sign_param_nid == NID_undef) {
-        GOSTerr(GOST_F_PKEY_GOST94_PARAMGEN, GOST_R_NO_PARAMETERS_SET);
-        return 0;
-    }
-    dsa = DSA_new();
-    if (!fill_GOST94_params(dsa, data->sign_param_nid)) {
-        DSA_free(dsa);
-        return 0;
-    }
-    EVP_PKEY_assign(pkey, NID_id_GostR3410_94, dsa);
-    return 1;
-}
-
-static int pkey_gost01_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
-{
-    struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
-    EC_KEY *ec = NULL;
-
-    if (data->sign_param_nid == NID_undef) {
-        GOSTerr(GOST_F_PKEY_GOST01_PARAMGEN, GOST_R_NO_PARAMETERS_SET);
-        return 0;
-    }
-    if (!ec)
-        ec = EC_KEY_new();
-    if (!fill_GOST2001_params(ec, data->sign_param_nid)) {
-        EC_KEY_free(ec);
-        return 0;
-    }
-    EVP_PKEY_assign(pkey, NID_id_GostR3410_2001, ec);
-    return 1;
-}
-
-/* Generates Gost_R3410_94_cp key */
-static int pkey_gost94cp_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
-{
-    DSA *dsa;
-    if (!pkey_gost94_paramgen(ctx, pkey))
-        return 0;
-    dsa = EVP_PKEY_get0(pkey);
-    gost_sign_keygen(dsa);
-    return 1;
-}
-
-/* Generates GOST_R3410 2001 key and assigns it using specified type */
-static int pkey_gost01cp_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
-{
-    EC_KEY *ec;
-    if (!pkey_gost01_paramgen(ctx, pkey))
-        return 0;
-    ec = EVP_PKEY_get0(pkey);
-    gost2001_keygen(ec);
-    return 1;
-}
-
-/* ----------- sign callbacks --------------------------------------*/
-
-static int pkey_gost94_cp_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
-                               size_t *siglen, const unsigned char *tbs,
-                               size_t tbs_len)
-{
-    DSA_SIG *unpacked_sig = NULL;
-    EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
-    if (!siglen)
-        return 0;
-    if (!sig) {
-        *siglen = 64;           /* better to check size of pkey->pkey.dsa-q */
-        return 1;
-    }
-    unpacked_sig = gost_do_sign(tbs, tbs_len, EVP_PKEY_get0(pkey));
-    if (!unpacked_sig) {
-        return 0;
-    }
-    return pack_sign_cp(unpacked_sig, 32, sig, siglen);
-}
-
-static int pkey_gost01_cp_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
-                               size_t *siglen, const unsigned char *tbs,
-                               size_t tbs_len)
-{
-    DSA_SIG *unpacked_sig = NULL;
-    EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
-    if (!siglen)
-        return 0;
-    if (!sig) {
-        *siglen = 64;           /* better to check size of curve order */
-        return 1;
-    }
-    unpacked_sig = gost2001_do_sign(tbs, tbs_len, EVP_PKEY_get0(pkey));
-    if (!unpacked_sig) {
-        return 0;
-    }
-    return pack_sign_cp(unpacked_sig, 32, sig, siglen);
-}
-
-/* ------------------- verify callbacks ---------------------------*/
-
-static int pkey_gost94_cp_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig,
-                                 size_t siglen, const unsigned char *tbs,
-                                 size_t tbs_len)
-{
-    int ok = 0;
-    EVP_PKEY *pub_key = EVP_PKEY_CTX_get0_pkey(ctx);
-    DSA_SIG *s = unpack_cp_signature(sig, siglen);
-    if (!s)
-        return 0;
-    if (pub_key)
-        ok = gost_do_verify(tbs, tbs_len, s, EVP_PKEY_get0(pub_key));
-    DSA_SIG_free(s);
-    return ok;
-}
-
-static int pkey_gost01_cp_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig,
-                                 size_t siglen, const unsigned char *tbs,
-                                 size_t tbs_len)
-{
-    int ok = 0;
-    EVP_PKEY *pub_key = EVP_PKEY_CTX_get0_pkey(ctx);
-    DSA_SIG *s = unpack_cp_signature(sig, siglen);
-    if (!s)
-        return 0;
-#ifdef DEBUG_SIGN
-    fprintf(stderr, "R=");
-    BN_print_fp(stderr, s->r);
-    fprintf(stderr, "\nS=");
-    BN_print_fp(stderr, s->s);
-    fprintf(stderr, "\n");
-#endif
-    if (pub_key)
-        ok = gost2001_do_verify(tbs, tbs_len, s, EVP_PKEY_get0(pub_key));
-    DSA_SIG_free(s);
-    return ok;
-}
-
-/* ------------- encrypt init -------------------------------------*/
-/* Generates ephermeral key */
-static int pkey_gost_encrypt_init(EVP_PKEY_CTX *ctx)
-{
-    return 1;
-}
-
-/* --------------- Derive init ------------------------------------*/
-static int pkey_gost_derive_init(EVP_PKEY_CTX *ctx)
-{
-    return 1;
-}
-
-/* -------- PKEY_METHOD for GOST MAC algorithm --------------------*/
-static int pkey_gost_mac_init(EVP_PKEY_CTX *ctx)
-{
-    struct gost_mac_pmeth_data *data;
-    data = OPENSSL_malloc(sizeof(struct gost_mac_pmeth_data));
-    if (!data)
-        return 0;
-    memset(data, 0, sizeof(struct gost_mac_pmeth_data));
-    EVP_PKEY_CTX_set_data(ctx, data);
-    return 1;
-}
-
-static void pkey_gost_mac_cleanup(EVP_PKEY_CTX *ctx)
-{
-    struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
-    OPENSSL_free(data);
-}
-
-static int pkey_gost_mac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
-{
-    struct gost_mac_pmeth_data *dst_data, *src_data;
-    if (!pkey_gost_mac_init(dst)) {
-        return 0;
-    }
-    src_data = EVP_PKEY_CTX_get_data(src);
-    dst_data = EVP_PKEY_CTX_get_data(dst);
-    *dst_data = *src_data;
-    return 1;
-}
-
-static int pkey_gost_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
-{
-    struct gost_mac_pmeth_data *data =
-        (struct gost_mac_pmeth_data *)EVP_PKEY_CTX_get_data(ctx);
-
-    switch (type) {
-    case EVP_PKEY_CTRL_MD:
-        {
-            if (EVP_MD_type((const EVP_MD *)p2) != NID_id_Gost28147_89_MAC) {
-                GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL,
-                        GOST_R_INVALID_DIGEST_TYPE);
-                return 0;
-            }
-            data->md = (EVP_MD *)p2;
-            return 1;
-        }
-        break;
-
-    case EVP_PKEY_CTRL_GET_MD:
-        *(const EVP_MD **)p2 = data->md;
-        return 1;
-
-    case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
-    case EVP_PKEY_CTRL_PKCS7_DECRYPT:
-    case EVP_PKEY_CTRL_PKCS7_SIGN:
-        return 1;
-    case EVP_PKEY_CTRL_SET_MAC_KEY:
-        if (p1 != 32) {
-            GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL, GOST_R_INVALID_MAC_KEY_LENGTH);
-            return 0;
-        }
-
-        memcpy(data->key, p2, 32);
-        data->key_set = 1;
-        return 1;
-    case EVP_PKEY_CTRL_DIGESTINIT:
-        {
-            EVP_MD_CTX *mctx = p2;
-            void *key;
-            if (!data->key_set) {
-                EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
-                if (!pkey) {
-                    GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL,
-                            GOST_R_MAC_KEY_NOT_SET);
-                    return 0;
-                }
-                key = EVP_PKEY_get0(pkey);
-                if (!key) {
-                    GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL,
-                            GOST_R_MAC_KEY_NOT_SET);
-                    return 0;
-                }
-            } else {
-                key = &(data->key);
-            }
-            return mctx->digest->md_ctrl(mctx, EVP_MD_CTRL_SET_KEY, 32, key);
-        }
-    }
-    return -2;
-}
-
-static int pkey_gost_mac_ctrl_str(EVP_PKEY_CTX *ctx,
-                                  const char *type, const char *value)
-{
-    if (!strcmp(type, key_ctrl_string)) {
-        if (strlen(value) != 32) {
-            GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL_STR,
-                    GOST_R_INVALID_MAC_KEY_LENGTH);
-            return 0;
-        }
-        return pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY,
-                                  32, (char *)value);
-    }
-    if (!strcmp(type, hexkey_ctrl_string)) {
-        long keylen;
-        int ret;
-        unsigned char *keybuf = string_to_hex(value, &keylen);
-        if (!keybuf || keylen != 32) {
-            GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL_STR,
-                    GOST_R_INVALID_MAC_KEY_LENGTH);
-            OPENSSL_free(keybuf);
-            return 0;
-        }
-        ret = pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, 32, keybuf);
-        OPENSSL_free(keybuf);
-        return ret;
-
-    }
-    return -2;
-}
-
-static int pkey_gost_mac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
-{
-    struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
-    unsigned char *keydata;
-    if (!data->key_set) {
-        GOSTerr(GOST_F_PKEY_GOST_MAC_KEYGEN, GOST_R_MAC_KEY_NOT_SET);
-        return 0;
-    }
-    keydata = OPENSSL_malloc(32);
-    if (keydata == NULL)
-        return 0;
-    memcpy(keydata, data->key, 32);
-    EVP_PKEY_assign(pkey, NID_id_Gost28147_89_MAC, keydata);
-    return 1;
-}
-
-static int pkey_gost_mac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
-{
-    return 1;
-}
-
-static int pkey_gost_mac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig,
-                                 size_t *siglen, EVP_MD_CTX *mctx)
-{
-    unsigned int tmpsiglen = *siglen; /* for platforms where
-                                       * sizeof(int)!=sizeof(size_t) */
-    int ret;
-    if (!sig) {
-        *siglen = 4;
-        return 1;
-    }
-    ret = EVP_DigestFinal_ex(mctx, sig, &tmpsiglen);
-    *siglen = tmpsiglen;
-    return ret;
-}
-
-/* ----------------------------------------------------------------*/
-int register_pmeth_gost(int id, EVP_PKEY_METHOD **pmeth, int flags)
-{
-    *pmeth = EVP_PKEY_meth_new(id, flags);
-    if (!*pmeth)
-        return 0;
-
-    switch (id) {
-    case NID_id_GostR3410_94:
-        EVP_PKEY_meth_set_ctrl(*pmeth, pkey_gost_ctrl, pkey_gost_ctrl94_str);
-        EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost94cp_keygen);
-        EVP_PKEY_meth_set_sign(*pmeth, NULL, pkey_gost94_cp_sign);
-        EVP_PKEY_meth_set_verify(*pmeth, NULL, pkey_gost94_cp_verify);
-        EVP_PKEY_meth_set_encrypt(*pmeth,
-                                  pkey_gost_encrypt_init,
-                                  pkey_GOST94cp_encrypt);
-        EVP_PKEY_meth_set_decrypt(*pmeth, NULL, pkey_GOST94cp_decrypt);
-        EVP_PKEY_meth_set_derive(*pmeth,
-                                 pkey_gost_derive_init, pkey_gost94_derive);
-        EVP_PKEY_meth_set_paramgen(*pmeth, pkey_gost_paramgen_init,
-                                   pkey_gost94_paramgen);
-        break;
-    case NID_id_GostR3410_2001:
-        EVP_PKEY_meth_set_ctrl(*pmeth, pkey_gost_ctrl, pkey_gost_ctrl01_str);
-        EVP_PKEY_meth_set_sign(*pmeth, NULL, pkey_gost01_cp_sign);
-        EVP_PKEY_meth_set_verify(*pmeth, NULL, pkey_gost01_cp_verify);
-
-        EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost01cp_keygen);
-
-        EVP_PKEY_meth_set_encrypt(*pmeth,
-                                  pkey_gost_encrypt_init,
-                                  pkey_GOST01cp_encrypt);
-        EVP_PKEY_meth_set_decrypt(*pmeth, NULL, pkey_GOST01cp_decrypt);
-        EVP_PKEY_meth_set_derive(*pmeth,
-                                 pkey_gost_derive_init, pkey_gost2001_derive);
-        EVP_PKEY_meth_set_paramgen(*pmeth, pkey_gost_paramgen_init,
-                                   pkey_gost01_paramgen);
-        break;
-    case NID_id_Gost28147_89_MAC:
-        EVP_PKEY_meth_set_ctrl(*pmeth, pkey_gost_mac_ctrl,
-                               pkey_gost_mac_ctrl_str);
-        EVP_PKEY_meth_set_signctx(*pmeth, pkey_gost_mac_signctx_init,
-                                  pkey_gost_mac_signctx);
-        EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost_mac_keygen);
-        EVP_PKEY_meth_set_init(*pmeth, pkey_gost_mac_init);
-        EVP_PKEY_meth_set_cleanup(*pmeth, pkey_gost_mac_cleanup);
-        EVP_PKEY_meth_set_copy(*pmeth, pkey_gost_mac_copy);
-        return 1;
-    default:                   /* Unsupported method */
-        return 0;
-    }
-    EVP_PKEY_meth_set_init(*pmeth, pkey_gost_init);
-    EVP_PKEY_meth_set_cleanup(*pmeth, pkey_gost_cleanup);
-
-    EVP_PKEY_meth_set_copy(*pmeth, pkey_gost_copy);
-    /*
-     * FIXME derive etc...
-     */
-
-    return 1;
-}
diff --git a/freebsd/crypto/openssl/engines/ccgost/gost_sign.c b/freebsd/crypto/openssl/engines/ccgost/gost_sign.c
deleted file mode 100644
index fd679b1a..00000000
--- a/freebsd/crypto/openssl/engines/ccgost/gost_sign.c
+++ /dev/null
@@ -1,375 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/**********************************************************************
- *                          gost_sign.c                               *
- *             Copyright (c) 2005-2006 Cryptocom LTD                  *
- *         This file is distributed under the same license as OpenSSL *
- *                                                                    *
- *       Implementation of GOST R 34.10-94 signature algorithm        *
- *       for OpenSSL                                                  *
- *          Requires OpenSSL 0.9.9 for compilation                    *
- **********************************************************************/
-#include <string.h>
-#include <openssl/rand.h>
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/evp.h>
-#include <openssl/err.h>
-
-#include "gost_params.h"
-#include "gost_lcl.h"
-#include "e_gost_err.h"
-
-#ifdef DEBUG_SIGN
-void dump_signature(const char *message, const unsigned char *buffer,
-                    size_t len)
-{
-    size_t i;
-    fprintf(stderr, "signature %s Length=%d", message, len);
-    for (i = 0; i < len; i++) {
-        if (i % 16 == 0)
-            fputc('\n', stderr);
-        fprintf(stderr, " %02x", buffer[i]);
-    }
-    fprintf(stderr, "\nEnd of signature\n");
-}
-
-void dump_dsa_sig(const char *message, DSA_SIG *sig)
-{
-    fprintf(stderr, "%s\nR=", message);
-    BN_print_fp(stderr, sig->r);
-    fprintf(stderr, "\nS=");
-    BN_print_fp(stderr, sig->s);
-    fprintf(stderr, "\n");
-}
-
-#else
-
-# define dump_signature(a,b,c)
-# define dump_dsa_sig(a,b)
-#endif
-
-/*
- * Computes signature and returns it as DSA_SIG structure
- */
-DSA_SIG *gost_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
-{
-    BIGNUM *k = NULL, *tmp = NULL, *tmp2 = NULL;
-    DSA_SIG *newsig = NULL, *ret = NULL;
-    BIGNUM *md = hashsum2bn(dgst);
-    /* check if H(M) mod q is zero */
-    BN_CTX *ctx = BN_CTX_new();
-    if(!ctx) {
-        GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-    BN_CTX_start(ctx);
-    newsig = DSA_SIG_new();
-    if (!newsig) {
-        GOSTerr(GOST_F_GOST_DO_SIGN, GOST_R_NO_MEMORY);
-        goto err;
-    }
-    tmp = BN_CTX_get(ctx);
-    k = BN_CTX_get(ctx);
-    tmp2 = BN_CTX_get(ctx);
-    if(!tmp || !k || !tmp2) {
-        GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-    BN_mod(tmp, md, dsa->q, ctx);
-    if (BN_is_zero(tmp)) {
-        BN_one(md);
-    }
-    do {
-        do {
-            /*
-             * Generate random number k less than q
-             */
-            BN_rand_range(k, dsa->q);
-            /* generate r = (a^x mod p) mod q */
-            BN_mod_exp(tmp, dsa->g, k, dsa->p, ctx);
-            if (!(newsig->r)) {
-                newsig->r = BN_new();
-                if(!newsig->r) {
-                    GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);
-                    goto err;
-                }
-            }
-            BN_mod(newsig->r, tmp, dsa->q, ctx);
-        }
-        while (BN_is_zero(newsig->r));
-        /* generate s = (xr + k(Hm)) mod q */
-        BN_mod_mul(tmp, dsa->priv_key, newsig->r, dsa->q, ctx);
-        BN_mod_mul(tmp2, k, md, dsa->q, ctx);
-        if (!newsig->s) {
-            newsig->s = BN_new();
-            if(!newsig->s) {
-                GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);
-                goto err;
-            }
-        }
-        BN_mod_add(newsig->s, tmp, tmp2, dsa->q, ctx);
-    }
-    while (BN_is_zero(newsig->s));
-
-    ret = newsig;
- err:
-    BN_free(md);
-    if(ctx) {
-        BN_CTX_end(ctx);
-        BN_CTX_free(ctx);
-    }
-    if(!ret && newsig) {
-        DSA_SIG_free(newsig);
-    }
-    return ret;
-}
-
-/*
- * Packs signature according to Cryptocom rules
- * and frees up DSA_SIG structure
- */
-/*-
-int pack_sign_cc(DSA_SIG *s,int order,unsigned char *sig, size_t *siglen)
-        {
-        *siglen = 2*order;
-        memset(sig,0,*siglen);
-        store_bignum(s->r, sig,order);
-        store_bignum(s->s, sig + order,order);
-        dump_signature("serialized",sig,*siglen);
-        DSA_SIG_free(s);
-        return 1;
-        }
-*/
-/*
- * Packs signature according to Cryptopro rules
- * and frees up DSA_SIG structure
- */
-int pack_sign_cp(DSA_SIG *s, int order, unsigned char *sig, size_t *siglen)
-{
-    *siglen = 2 * order;
-    memset(sig, 0, *siglen);
-    store_bignum(s->s, sig, order);
-    store_bignum(s->r, sig + order, order);
-    dump_signature("serialized", sig, *siglen);
-    DSA_SIG_free(s);
-    return 1;
-}
-
-/*
- * Verifies signature passed as DSA_SIG structure
- *
- */
-
-int gost_do_verify(const unsigned char *dgst, int dgst_len,
-                   DSA_SIG *sig, DSA *dsa)
-{
-    BIGNUM *md = NULL, *tmp = NULL;
-    BIGNUM *q2 = NULL;
-    BIGNUM *u = NULL, *v = NULL, *z1 = NULL, *z2 = NULL;
-    BIGNUM *tmp2 = NULL, *tmp3 = NULL;
-    int ok = 0;
-    BN_CTX *ctx = BN_CTX_new();
-    if(!ctx) {
-        GOSTerr(GOST_F_GOST_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    BN_CTX_start(ctx);
-    if (BN_cmp(sig->s, dsa->q) >= 1 || BN_cmp(sig->r, dsa->q) >= 1) {
-        GOSTerr(GOST_F_GOST_DO_VERIFY, GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q);
-        goto err;
-    }
-    md = hashsum2bn(dgst);
-
-    tmp = BN_CTX_get(ctx);
-    v = BN_CTX_get(ctx);
-    q2 = BN_CTX_get(ctx);
-    z1 = BN_CTX_get(ctx);
-    z2 = BN_CTX_get(ctx);
-    tmp2 = BN_CTX_get(ctx);
-    tmp3 = BN_CTX_get(ctx);
-    u = BN_CTX_get(ctx);
-    if(!tmp || !v || !q2 || !z1 || !z2 || !tmp2 || !tmp3 || !u) {
-        GOSTerr(GOST_F_GOST_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    BN_mod(tmp, md, dsa->q, ctx);
-    if (BN_is_zero(tmp)) {
-        BN_one(md);
-    }
-    BN_copy(q2, dsa->q);
-    BN_sub_word(q2, 2);
-    BN_mod_exp(v, md, q2, dsa->q, ctx);
-    BN_mod_mul(z1, sig->s, v, dsa->q, ctx);
-    BN_sub(tmp, dsa->q, sig->r);
-    BN_mod_mul(z2, tmp, v, dsa->p, ctx);
-    BN_mod_exp(tmp, dsa->g, z1, dsa->p, ctx);
-    BN_mod_exp(tmp2, dsa->pub_key, z2, dsa->p, ctx);
-    BN_mod_mul(tmp3, tmp, tmp2, dsa->p, ctx);
-    BN_mod(u, tmp3, dsa->q, ctx);
-    ok = (BN_cmp(u, sig->r) == 0);
-
-    if (!ok) {
-        GOSTerr(GOST_F_GOST_DO_VERIFY, GOST_R_SIGNATURE_MISMATCH);
-    }
-err:
-    if(md) BN_free(md);
-    if(ctx) {
-        BN_CTX_end(ctx);
-        BN_CTX_free(ctx);
-    }
-    return ok;
-}
-
-/*
- * Computes public keys for GOST R 34.10-94 algorithm
- *
- */
-int gost94_compute_public(DSA *dsa)
-{
-    /* Now fill algorithm parameters with correct values */
-    BN_CTX *ctx;
-    if (!dsa->g) {
-        GOSTerr(GOST_F_GOST94_COMPUTE_PUBLIC, GOST_R_KEY_IS_NOT_INITALIZED);
-        return 0;
-    }
-    ctx = BN_CTX_new();
-    if(!ctx) {
-        GOSTerr(GOST_F_GOST94_COMPUTE_PUBLIC, ERR_R_MALLOC_FAILURE);
-        return 0;
-    }
-
-    dsa->pub_key = BN_new();
-    if(!dsa->pub_key) {
-        GOSTerr(GOST_F_GOST94_COMPUTE_PUBLIC, ERR_R_MALLOC_FAILURE);
-        BN_CTX_free(ctx);
-        return 0;
-    }
-    /* Compute public key  y = a^x mod p */
-    BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx);
-    BN_CTX_free(ctx);
-    return 1;
-}
-
-/*
- * Fill GOST 94 params, searching them in R3410_paramset array
- * by nid of paramset
- *
- */
-int fill_GOST94_params(DSA *dsa, int nid)
-{
-    R3410_params *params = R3410_paramset;
-    while (params->nid != NID_undef && params->nid != nid)
-        params++;
-    if (params->nid == NID_undef) {
-        GOSTerr(GOST_F_FILL_GOST94_PARAMS, GOST_R_UNSUPPORTED_PARAMETER_SET);
-        return 0;
-    }
-#define dump_signature(a,b,c)
-    if (dsa->p) {
-        BN_free(dsa->p);
-    }
-    dsa->p = NULL;
-    BN_dec2bn(&(dsa->p), params->p);
-    if (dsa->q) {
-        BN_free(dsa->q);
-    }
-    dsa->q = NULL;
-    BN_dec2bn(&(dsa->q), params->q);
-    if (dsa->g) {
-        BN_free(dsa->g);
-    }
-    dsa->g = NULL;
-    BN_dec2bn(&(dsa->g), params->a);
-    return 1;
-}
-
-/*
- *  Generate GOST R 34.10-94 keypair
- *
- *
- */
-int gost_sign_keygen(DSA *dsa)
-{
-    dsa->priv_key = BN_new();
-    if(!dsa->priv_key) {
-        GOSTerr(GOST_F_GOST_SIGN_KEYGEN, ERR_R_MALLOC_FAILURE);
-        return 0;
-    }
-    BN_rand_range(dsa->priv_key, dsa->q);
-    return gost94_compute_public(dsa);
-}
-
-/* Unpack signature according to cryptocom rules  */
-/*-
-DSA_SIG *unpack_cc_signature(const unsigned char *sig,size_t siglen)
-        {
-        DSA_SIG *s;
-        s = DSA_SIG_new();
-        if (s == NULL)
-                {
-                GOSTerr(GOST_F_UNPACK_CC_SIGNATURE,GOST_R_NO_MEMORY);
-                return(NULL);
-                }
-        s->r = getbnfrombuf(sig, siglen/2);
-        s->s = getbnfrombuf(sig + siglen/2, siglen/2);
-        return s;
-        }
-*/
-/* Unpack signature according to cryptopro rules  */
-DSA_SIG *unpack_cp_signature(const unsigned char *sig, size_t siglen)
-{
-    DSA_SIG *s;
-
-    s = DSA_SIG_new();
-    if (s == NULL) {
-        GOSTerr(GOST_F_UNPACK_CP_SIGNATURE, GOST_R_NO_MEMORY);
-        return NULL;
-    }
-    s->s = getbnfrombuf(sig, siglen / 2);
-    s->r = getbnfrombuf(sig + siglen / 2, siglen / 2);
-    return s;
-}
-
-/* Convert little-endian byte array into bignum */
-BIGNUM *hashsum2bn(const unsigned char *dgst)
-{
-    unsigned char buf[32];
-    int i;
-    for (i = 0; i < 32; i++) {
-        buf[31 - i] = dgst[i];
-    }
-    return getbnfrombuf(buf, 32);
-}
-
-/* Convert byte buffer to bignum, skipping leading zeros*/
-BIGNUM *getbnfrombuf(const unsigned char *buf, size_t len)
-{
-    while (*buf == 0 && len > 0) {
-        buf++;
-        len--;
-    }
-    if (len) {
-        return BN_bin2bn(buf, len, NULL);
-    } else {
-        BIGNUM *b = BN_new();
-        BN_zero(b);
-        return b;
-    }
-}
-
-/*
- * Pack bignum into byte buffer of given size, filling all leading bytes by
- * zeros
- */
-int store_bignum(BIGNUM *bn, unsigned char *buf, int len)
-{
-    int bytes = BN_num_bytes(bn);
-    if (bytes > len)
-        return 0;
-    memset(buf, 0, len);
-    BN_bn2bin(bn, buf + len - bytes);
-    return 1;
-}
diff --git a/freebsd/crypto/openssl/engines/ccgost/gosthash.c b/freebsd/crypto/openssl/engines/ccgost/gosthash.c
deleted file mode 100644
index dd87fc24..00000000
--- a/freebsd/crypto/openssl/engines/ccgost/gosthash.c
+++ /dev/null
@@ -1,270 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/**********************************************************************
- *                          gosthash.c                                *
- *             Copyright (c) 2005-2006 Cryptocom LTD                  *
- *         This file is distributed under the same license as OpenSSL *
- *                                                                    *
- *    Implementation of GOST R 34.11-94 hash function                 *
- *       uses on gost89.c and gost89.h Doesn't need OpenSSL           *
- **********************************************************************/
-#include <string.h>
-
-#include "gost89.h"
-#include "gosthash.h"
-
-/*
- * Use OPENSSL_malloc for memory allocation if compiled with
- * -DOPENSSL_BUILD, and libc malloc otherwise
- */
-#ifndef MYALLOC
-# ifdef OPENSSL_BUILD
-#  include <openssl/crypto.h>
-#  define MYALLOC(size) OPENSSL_malloc(size)
-#  define MYFREE(ptr) OPENSSL_free(ptr)
-# else
-#  define MYALLOC(size) malloc(size)
-#  define MYFREE(ptr) free(ptr)
-# endif
-#endif
-/*
- * Following functions are various bit meshing routines used in GOST R
- * 34.11-94 algorithms
- */
-static void swap_bytes(byte * w, byte * k)
-{
-    int i, j;
-    for (i = 0; i < 4; i++)
-        for (j = 0; j < 8; j++)
-            k[i + 4 * j] = w[8 * i + j];
-
-}
-
-/* was A_A */
-static void circle_xor8(const byte * w, byte * k)
-{
-    byte buf[8];
-    int i;
-    memcpy(buf, w, 8);
-    memmove(k, w + 8, 24);
-    for (i = 0; i < 8; i++)
-        k[i + 24] = buf[i] ^ k[i];
-}
-
-/* was R_R */
-static void transform_3(byte * data)
-{
-    unsigned short int acc;
-    acc = (data[0] ^ data[2] ^ data[4] ^ data[6] ^ data[24] ^ data[30]) |
-        ((data[1] ^ data[3] ^ data[5] ^ data[7] ^ data[25] ^ data[31]) << 8);
-    memmove(data, data + 2, 30);
-    data[30] = acc & 0xff;
-    data[31] = acc >> 8;
-}
-
-/* Adds blocks of N bytes modulo 2**(8*n). Returns carry*/
-static int add_blocks(int n, byte * left, const byte * right)
-{
-    int i;
-    int carry = 0;
-    int sum;
-    for (i = 0; i < n; i++) {
-        sum = (int)left[i] + (int)right[i] + carry;
-        left[i] = sum & 0xff;
-        carry = sum >> 8;
-    }
-    return carry;
-}
-
-/* Xor two sequences of bytes */
-static void xor_blocks(byte * result, const byte * a, const byte * b,
-                       size_t len)
-{
-    size_t i;
-    for (i = 0; i < len; i++)
-        result[i] = a[i] ^ b[i];
-}
-
-/*
- *      Calculate H(i+1) = Hash(Hi,Mi)
- *      Where H and M are 32 bytes long
- */
-static int hash_step(gost_ctx * c, byte * H, const byte * M)
-{
-    byte U[32], W[32], V[32], S[32], Key[32];
-    int i;
-    /* Compute first key */
-    xor_blocks(W, H, M, 32);
-    swap_bytes(W, Key);
-    /* Encrypt first 8 bytes of H with first key */
-    gost_enc_with_key(c, Key, H, S);
-    /* Compute second key */
-    circle_xor8(H, U);
-    circle_xor8(M, V);
-    circle_xor8(V, V);
-    xor_blocks(W, U, V, 32);
-    swap_bytes(W, Key);
-    /* encrypt second 8 bytes of H with second key */
-    gost_enc_with_key(c, Key, H + 8, S + 8);
-    /* compute third key */
-    circle_xor8(U, U);
-    U[31] = ~U[31];
-    U[29] = ~U[29];
-    U[28] = ~U[28];
-    U[24] = ~U[24];
-    U[23] = ~U[23];
-    U[20] = ~U[20];
-    U[18] = ~U[18];
-    U[17] = ~U[17];
-    U[14] = ~U[14];
-    U[12] = ~U[12];
-    U[10] = ~U[10];
-    U[8] = ~U[8];
-    U[7] = ~U[7];
-    U[5] = ~U[5];
-    U[3] = ~U[3];
-    U[1] = ~U[1];
-    circle_xor8(V, V);
-    circle_xor8(V, V);
-    xor_blocks(W, U, V, 32);
-    swap_bytes(W, Key);
-    /* encrypt third 8 bytes of H with third key */
-    gost_enc_with_key(c, Key, H + 16, S + 16);
-    /* Compute fourth key */
-    circle_xor8(U, U);
-    circle_xor8(V, V);
-    circle_xor8(V, V);
-    xor_blocks(W, U, V, 32);
-    swap_bytes(W, Key);
-    /* Encrypt last 8 bytes with fourth key */
-    gost_enc_with_key(c, Key, H + 24, S + 24);
-    for (i = 0; i < 12; i++)
-        transform_3(S);
-    xor_blocks(S, S, M, 32);
-    transform_3(S);
-    xor_blocks(S, S, H, 32);
-    for (i = 0; i < 61; i++)
-        transform_3(S);
-    memcpy(H, S, 32);
-    return 1;
-}
-
-/*
- * Initialize gost_hash ctx - cleans up temporary structures and set up
- * substitution blocks
- */
-int init_gost_hash_ctx(gost_hash_ctx * ctx,
-                       const gost_subst_block * subst_block)
-{
-    memset(ctx, 0, sizeof(gost_hash_ctx));
-    ctx->cipher_ctx = (gost_ctx *) MYALLOC(sizeof(gost_ctx));
-    if (!ctx->cipher_ctx) {
-        return 0;
-    }
-    gost_init(ctx->cipher_ctx, subst_block);
-    return 1;
-}
-
-/*
- * Free cipher CTX if it is dynamically allocated. Do not use
- * if cipher ctx is statically allocated as in OpenSSL implementation of
- * GOST hash algroritm
- *
- */
-void done_gost_hash_ctx(gost_hash_ctx * ctx)
-{
-    /*
-     * No need to use gost_destroy, because cipher keys are not really secret
-     * when hashing
-     */
-    MYFREE(ctx->cipher_ctx);
-}
-
-/*
- * reset state of hash context to begin hashing new message
- */
-int start_hash(gost_hash_ctx * ctx)
-{
-    if (!ctx->cipher_ctx)
-        return 0;
-    memset(&(ctx->H), 0, 32);
-    memset(&(ctx->S), 0, 32);
-    ctx->len = 0L;
-    ctx->left = 0;
-    return 1;
-}
-
-/*
- * Hash block of arbitrary length
- *
- *
- */
-int hash_block(gost_hash_ctx * ctx, const byte * block, size_t length)
-{
-    if (ctx->left) {
-        /*
-         * There are some bytes from previous step
-         */
-        unsigned int add_bytes = 32 - ctx->left;
-        if (add_bytes > length) {
-            add_bytes = length;
-        }
-        memcpy(&(ctx->remainder[ctx->left]), block, add_bytes);
-        ctx->left += add_bytes;
-        if (ctx->left < 32) {
-            return 1;
-        }
-        block += add_bytes;
-        length -= add_bytes;
-        hash_step(ctx->cipher_ctx, ctx->H, ctx->remainder);
-        add_blocks(32, ctx->S, ctx->remainder);
-        ctx->len += 32;
-        ctx->left = 0;
-    }
-    while (length >= 32) {
-        hash_step(ctx->cipher_ctx, ctx->H, block);
-
-        add_blocks(32, ctx->S, block);
-        ctx->len += 32;
-        block += 32;
-        length -= 32;
-    }
-    if (length) {
-        memcpy(ctx->remainder, block, ctx->left = length);
-    }
-    return 1;
-}
-
-/*
- * Compute hash value from current state of ctx
- * state of hash ctx becomes invalid and cannot be used for further
- * hashing.
- */
-int finish_hash(gost_hash_ctx * ctx, byte * hashval)
-{
-    byte buf[32];
-    byte H[32];
-    byte S[32];
-    ghosthash_len fin_len = ctx->len;
-    byte *bptr;
-    memcpy(H, ctx->H, 32);
-    memcpy(S, ctx->S, 32);
-    if (ctx->left) {
-        memset(buf, 0, 32);
-        memcpy(buf, ctx->remainder, ctx->left);
-        hash_step(ctx->cipher_ctx, H, buf);
-        add_blocks(32, S, buf);
-        fin_len += ctx->left;
-    }
-    memset(buf, 0, 32);
-    bptr = buf;
-    fin_len <<= 3;              /* Hash length in BITS!! */
-    while (fin_len > 0) {
-        *(bptr++) = (byte) (fin_len & 0xFF);
-        fin_len >>= 8;
-    };
-    hash_step(ctx->cipher_ctx, H, buf);
-    hash_step(ctx->cipher_ctx, H, S);
-    memcpy(hashval, H, 32);
-    return 1;
-}
diff --git a/freebsd/crypto/openssl/engines/ccgost/gosthash.h b/freebsd/crypto/openssl/engines/ccgost/gosthash.h
deleted file mode 100644
index 003e668e..00000000
--- a/freebsd/crypto/openssl/engines/ccgost/gosthash.h
+++ /dev/null
@@ -1,52 +0,0 @@
-/**********************************************************************
- *                          gosthash.h                                *
- *             Copyright (c) 2005-2006 Cryptocom LTD                  *
- *       This file is distributed under the same license as OpenSSL   *
- *                                                                    *
- *    Declaration of GOST R 34.11-94 hash functions                   *
- *       uses  and gost89.h Doesn't need OpenSSL                      *
- **********************************************************************/
-#ifndef GOSTHASH_H
-# define GOSTHASH_H
-# include "gost89.h"
-# include <stdlib.h>
-
-# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
-typedef __int64 ghosthash_len;
-# elif defined(__arch64__)
-typedef long ghosthash_len;
-# else
-typedef long long ghosthash_len;
-# endif
-
-typedef struct gost_hash_ctx {
-    ghosthash_len len;
-    gost_ctx *cipher_ctx;
-    int left;
-    byte H[32];
-    byte S[32];
-    byte remainder[32];
-} gost_hash_ctx;
-
-/* Initalizes gost hash ctx, including creation of gost cipher ctx */
-
-int init_gost_hash_ctx(gost_hash_ctx * ctx,
-                       const gost_subst_block * subst_block);
-void done_gost_hash_ctx(gost_hash_ctx * ctx);
-
-/*
- * Cleans up all fields, except cipher ctx preparing ctx for computing of new
- * hash value
- */
-int start_hash(gost_hash_ctx * ctx);
-
-/* Hashes block of data */
-int hash_block(gost_hash_ctx * ctx, const byte * block, size_t length);
-
-/*
- * Finalizes computation of hash and fills buffer (which should be at least
- * 32 bytes long) with value of computed hash.
- */
-int finish_hash(gost_hash_ctx * ctx, byte * hashval);
-
-#endif
diff --git a/freebsd/crypto/openssl/engines/ccgost/gostsum.c b/freebsd/crypto/openssl/engines/ccgost/gostsum.c
deleted file mode 100644
index 8231e5f4..00000000
--- a/freebsd/crypto/openssl/engines/ccgost/gostsum.c
+++ /dev/null
@@ -1,189 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/**********************************************************************
- *                        gostsum.c                                   *
- *             Copyright (c) 2005-2006 Cryptocom LTD                  *
- *         This file is distributed under the same license as OpenSSL *
- *                                                                    *
- *        Almost drop-in replacement for md5sum and sha1sum           *
- *          which computes GOST R 34.11-94 hashsum instead            *
- *                                                                    *
- **********************************************************************/
-#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <limits.h>
-#include <fcntl.h>
-#include <string.h>
-#include "gosthash.h"
-#define BUF_SIZE 262144
-int hash_file(gost_hash_ctx * ctx, char *filename, char *sum, int mode);
-int hash_stream(gost_hash_ctx * ctx, int fd, char *sum);
-int get_line(FILE *f, char *hash, char *filename);
-void help()
-{
-    fprintf(stderr, "gostsum [-bvt] [-c [file]]| [files]\n"
-            "\t-c check message digests (default is generate)\n"
-            "\t-v verbose, print file names when checking\n"
-            "\t-b read files in binary mode\n"
-            "\t-t use test GOST paramset (default is CryptoPro paramset)\n"
-            "The input for -c should be the list of message digests and file names\n"
-            "that is printed on stdout by this program when it generates digests.\n");
-    exit(3);
-}
-
-#ifndef O_BINARY
-# define O_BINARY 0
-#endif
-
-int main(int argc, char **argv)
-{
-    int c, i;
-    int verbose = 0;
-    int errors = 0;
-    int open_mode = O_RDONLY;
-    gost_subst_block *b = &GostR3411_94_CryptoProParamSet;
-    FILE *check_file = NULL;
-    gost_hash_ctx ctx;
-
-    while ((c = getopt(argc, argv, "bc::tv")) != -1) {
-        switch (c) {
-        case 'v':
-            verbose = 1;
-            break;
-        case 't':
-            b = &GostR3411_94_TestParamSet;
-            break;
-        case 'b':
-            open_mode |= O_BINARY;
-            break;
-        case 'c':
-            if (optarg) {
-                check_file = fopen(optarg, "r");
-                if (!check_file) {
-                    perror(optarg);
-                    exit(2);
-                }
-            } else {
-                check_file = stdin;
-            }
-            break;
-        default:
-            fprintf(stderr, "invalid option %c", optopt);
-            help();
-        }
-    }
-    init_gost_hash_ctx(&ctx, b);
-    if (check_file) {
-        char inhash[65], calcsum[65], filename[PATH_MAX];
-        int failcount = 0, count = 0;;
-        if (check_file == stdin && optind < argc) {
-            check_file = fopen(argv[optind], "r");
-            if (!check_file) {
-                perror(argv[optind]);
-                exit(2);
-            }
-        }
-        while (get_line(check_file, inhash, filename)) {
-            if (!hash_file(&ctx, filename, calcsum, open_mode)) {
-                exit(2);
-            }
-            count++;
-            if (!strncmp(calcsum, inhash, 65)) {
-                if (verbose) {
-                    fprintf(stderr, "%s\tOK\n", filename);
-                }
-            } else {
-                if (verbose) {
-                    fprintf(stderr, "%s\tFAILED\n", filename);
-                } else {
-                    fprintf(stderr,
-                            "%s: GOST hash sum check failed for '%s'\n",
-                            argv[0], filename);
-                }
-                failcount++;
-            }
-        }
-        if (verbose && failcount) {
-            fprintf(stderr,
-                    "%s: %d of %d file(f) failed GOST hash sum check\n",
-                    argv[0], failcount, count);
-        }
-        exit(failcount ? 1 : 0);
-    }
-    if (optind == argc) {
-        char sum[65];
-        if (!hash_stream(&ctx, fileno(stdin), sum)) {
-            perror("stdin");
-            exit(1);
-        }
-        printf("%s -\n", sum);
-        exit(0);
-    }
-    for (i = optind; i < argc; i++) {
-        char sum[65];
-        if (!hash_file(&ctx, argv[i], sum, open_mode)) {
-            errors++;
-        } else {
-            printf("%s %s\n", sum, argv[i]);
-        }
-    }
-    exit(errors ? 1 : 0);
-}
-
-int hash_file(gost_hash_ctx * ctx, char *filename, char *sum, int mode)
-{
-    int fd;
-    if ((fd = open(filename, mode)) < 0) {
-        perror(filename);
-        return 0;
-    }
-    if (!hash_stream(ctx, fd, sum)) {
-        perror(filename);
-        return 0;
-    }
-    close(fd);
-    return 1;
-}
-
-int hash_stream(gost_hash_ctx * ctx, int fd, char *sum)
-{
-    unsigned char buffer[BUF_SIZE];
-    ssize_t bytes;
-    int i;
-    start_hash(ctx);
-    while ((bytes = read(fd, buffer, BUF_SIZE)) > 0) {
-        hash_block(ctx, buffer, bytes);
-    }
-    if (bytes < 0) {
-        return 0;
-    }
-    finish_hash(ctx, buffer);
-    for (i = 0; i < 32; i++) {
-        sprintf(sum + 2 * i, "%02x", buffer[31 - i]);
-    }
-    return 1;
-}
-
-int get_line(FILE *f, char *hash, char *filename)
-{
-    int i;
-    if (fread(hash, 1, 64, f) < 64)
-        return 0;
-    hash[64] = 0;
-    for (i = 0; i < 64; i++) {
-        if (hash[i] < '0' || (hash[i] > '9' && hash[i] < 'A')
-            || (hash[i] > 'F' && hash[i] < 'a') || hash[i] > 'f') {
-            fprintf(stderr, "Not a hash value '%s'\n", hash);
-            return 0;
-        }
-    }
-    if (fgetc(f) != ' ') {
-        fprintf(stderr, "Malformed input line\n");
-        return 0;
-    }
-    i = strlen(fgets(filename, PATH_MAX, f));
-    while (filename[--i] == '\n' || filename[i] == '\r')
-        filename[i] = 0;
-    return 1;
-}
diff --git a/freebsd/crypto/openssl/engines/e_4758cca.c b/freebsd/crypto/openssl/engines/e_4758cca.c
deleted file mode 100644
index 7b636819..00000000
--- a/freebsd/crypto/openssl/engines/e_4758cca.c
+++ /dev/null
@@ -1,962 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* Author: Maurice Gittens <maurice@gittens.nl>                       */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/dso.h>
-#include <openssl/x509.h>
-#include <openssl/objects.h>
-#include <openssl/engine.h>
-#include <openssl/rand.h>
-#ifndef OPENSSL_NO_RSA
-# include <openssl/rsa.h>
-#endif
-#include <openssl/bn.h>
-
-#ifndef OPENSSL_NO_HW
-# ifndef OPENSSL_NO_HW_4758_CCA
-
-#  ifdef FLAT_INC
-#   include "hw_4758_cca.h"
-#  else
-#   include "vendor_defns/hw_4758_cca.h"
-#  endif
-
-#  include "e_4758cca_err.c"
-
-static int ibm_4758_cca_destroy(ENGINE *e);
-static int ibm_4758_cca_init(ENGINE *e);
-static int ibm_4758_cca_finish(ENGINE *e);
-static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p,
-                             void (*f) (void));
-
-/* rsa functions */
-/* -------------*/
-#  ifndef OPENSSL_NO_RSA
-static int cca_rsa_pub_enc(int flen, const unsigned char *from,
-                           unsigned char *to, RSA *rsa, int padding);
-static int cca_rsa_priv_dec(int flen, const unsigned char *from,
-                            unsigned char *to, RSA *rsa, int padding);
-static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len,
-                        unsigned char *sigret, unsigned int *siglen,
-                        const RSA *rsa);
-static int cca_rsa_verify(int dtype, const unsigned char *m,
-                          unsigned int m_len, const unsigned char *sigbuf,
-                          unsigned int siglen, const RSA *rsa);
-
-/* utility functions */
-/* ---------------------*/
-static EVP_PKEY *ibm_4758_load_privkey(ENGINE *, const char *,
-                                       UI_METHOD *ui_method,
-                                       void *callback_data);
-static EVP_PKEY *ibm_4758_load_pubkey(ENGINE *, const char *,
-                                      UI_METHOD *ui_method,
-                                      void *callback_data);
-
-static int getModulusAndExponent(const unsigned char *token,
-                                 long *exponentLength,
-                                 unsigned char *exponent, long *modulusLength,
-                                 long *modulusFieldLength,
-                                 unsigned char *modulus);
-#  endif
-
-/* RAND number functions */
-/* ---------------------*/
-static int cca_get_random_bytes(unsigned char *, int);
-static int cca_random_status(void);
-
-#  ifndef OPENSSL_NO_RSA
-static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
-                        int idx, long argl, void *argp);
-#  endif
-
-/* Function pointers for CCA verbs */
-/* -------------------------------*/
-#  ifndef OPENSSL_NO_RSA
-static F_KEYRECORDREAD keyRecordRead;
-static F_DIGITALSIGNATUREGENERATE digitalSignatureGenerate;
-static F_DIGITALSIGNATUREVERIFY digitalSignatureVerify;
-static F_PUBLICKEYEXTRACT publicKeyExtract;
-static F_PKAENCRYPT pkaEncrypt;
-static F_PKADECRYPT pkaDecrypt;
-#  endif
-static F_RANDOMNUMBERGENERATE randomNumberGenerate;
-
-/* static variables */
-/* ----------------*/
-static const char *CCA4758_LIB_NAME = NULL;
-static const char *get_CCA4758_LIB_NAME(void)
-{
-    if (CCA4758_LIB_NAME)
-        return CCA4758_LIB_NAME;
-    return CCA_LIB_NAME;
-}
-
-static void free_CCA4758_LIB_NAME(void)
-{
-    if (CCA4758_LIB_NAME)
-        OPENSSL_free((void *)CCA4758_LIB_NAME);
-    CCA4758_LIB_NAME = NULL;
-}
-
-static long set_CCA4758_LIB_NAME(const char *name)
-{
-    free_CCA4758_LIB_NAME();
-    return (((CCA4758_LIB_NAME = BUF_strdup(name)) != NULL) ? 1 : 0);
-}
-
-#  ifndef OPENSSL_NO_RSA
-static const char *n_keyRecordRead = CSNDKRR;
-static const char *n_digitalSignatureGenerate = CSNDDSG;
-static const char *n_digitalSignatureVerify = CSNDDSV;
-static const char *n_publicKeyExtract = CSNDPKX;
-static const char *n_pkaEncrypt = CSNDPKE;
-static const char *n_pkaDecrypt = CSNDPKD;
-#  endif
-static const char *n_randomNumberGenerate = CSNBRNG;
-
-#  ifndef OPENSSL_NO_RSA
-static int hndidx = -1;
-#  endif
-static DSO *dso = NULL;
-
-/* openssl engine initialization structures */
-/* ----------------------------------------*/
-
-#  define CCA4758_CMD_SO_PATH             ENGINE_CMD_BASE
-static const ENGINE_CMD_DEFN cca4758_cmd_defns[] = {
-    {CCA4758_CMD_SO_PATH,
-     "SO_PATH",
-     "Specifies the path to the '4758cca' shared library",
-     ENGINE_CMD_FLAG_STRING},
-    {0, NULL, NULL, 0}
-};
-
-#  ifndef OPENSSL_NO_RSA
-static RSA_METHOD ibm_4758_cca_rsa = {
-    "IBM 4758 CCA RSA method",
-    cca_rsa_pub_enc,
-    NULL,
-    NULL,
-    cca_rsa_priv_dec,
-    NULL,                       /* rsa_mod_exp, */
-    NULL,                       /* mod_exp_mont, */
-    NULL,                       /* init */
-    NULL,                       /* finish */
-    RSA_FLAG_SIGN_VER,          /* flags */
-    NULL,                       /* app_data */
-    cca_rsa_sign,               /* rsa_sign */
-    cca_rsa_verify,             /* rsa_verify */
-    NULL                        /* rsa_keygen */
-};
-#  endif
-
-static RAND_METHOD ibm_4758_cca_rand = {
-    /* "IBM 4758 RAND method", */
-    NULL,                       /* seed */
-    cca_get_random_bytes,       /* get random bytes from the card */
-    NULL,                       /* cleanup */
-    NULL,                       /* add */
-    cca_get_random_bytes,       /* pseudo rand */
-    cca_random_status,          /* status */
-};
-
-static const char *engine_4758_cca_id = "4758cca";
-static const char *engine_4758_cca_name =
-    "IBM 4758 CCA hardware engine support";
-#  ifndef OPENSSL_NO_DYNAMIC_ENGINE
-/* Compatibility hack, the dynamic library uses this form in the path */
-static const char *engine_4758_cca_id_alt = "4758_cca";
-#  endif
-
-/* engine implementation */
-/* ---------------------*/
-static int bind_helper(ENGINE *e)
-{
-    if (!ENGINE_set_id(e, engine_4758_cca_id) ||
-        !ENGINE_set_name(e, engine_4758_cca_name) ||
-#  ifndef OPENSSL_NO_RSA
-        !ENGINE_set_RSA(e, &ibm_4758_cca_rsa) ||
-#  endif
-        !ENGINE_set_RAND(e, &ibm_4758_cca_rand) ||
-        !ENGINE_set_destroy_function(e, ibm_4758_cca_destroy) ||
-        !ENGINE_set_init_function(e, ibm_4758_cca_init) ||
-        !ENGINE_set_finish_function(e, ibm_4758_cca_finish) ||
-        !ENGINE_set_ctrl_function(e, ibm_4758_cca_ctrl) ||
-#  ifndef OPENSSL_NO_RSA
-        !ENGINE_set_load_privkey_function(e, ibm_4758_load_privkey) ||
-        !ENGINE_set_load_pubkey_function(e, ibm_4758_load_pubkey) ||
-#  endif
-        !ENGINE_set_cmd_defns(e, cca4758_cmd_defns))
-        return 0;
-    /* Ensure the error handling is set up */
-    ERR_load_CCA4758_strings();
-    return 1;
-}
-
-#  ifdef OPENSSL_NO_DYNAMIC_ENGINE
-static ENGINE *engine_4758_cca(void)
-{
-    ENGINE *ret = ENGINE_new();
-    if (!ret)
-        return NULL;
-    if (!bind_helper(ret)) {
-        ENGINE_free(ret);
-        return NULL;
-    }
-    return ret;
-}
-
-void ENGINE_load_4758cca(void)
-{
-    ENGINE *e_4758 = engine_4758_cca();
-    if (!e_4758)
-        return;
-    ENGINE_add(e_4758);
-    ENGINE_free(e_4758);
-    ERR_clear_error();
-}
-#  endif
-
-static int ibm_4758_cca_destroy(ENGINE *e)
-{
-    ERR_unload_CCA4758_strings();
-    free_CCA4758_LIB_NAME();
-    return 1;
-}
-
-static int ibm_4758_cca_init(ENGINE *e)
-{
-    if (dso) {
-        CCA4758err(CCA4758_F_IBM_4758_CCA_INIT, CCA4758_R_ALREADY_LOADED);
-        goto err;
-    }
-
-    dso = DSO_load(NULL, get_CCA4758_LIB_NAME(), NULL, 0);
-    if (!dso) {
-        CCA4758err(CCA4758_F_IBM_4758_CCA_INIT, CCA4758_R_DSO_FAILURE);
-        goto err;
-    }
-#  ifndef OPENSSL_NO_RSA
-    if (!(keyRecordRead = (F_KEYRECORDREAD)
-          DSO_bind_func(dso, n_keyRecordRead)) ||
-        !(randomNumberGenerate = (F_RANDOMNUMBERGENERATE)
-          DSO_bind_func(dso, n_randomNumberGenerate)) ||
-        !(digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)
-          DSO_bind_func(dso, n_digitalSignatureGenerate)) ||
-        !(digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)
-          DSO_bind_func(dso, n_digitalSignatureVerify)) ||
-        !(publicKeyExtract = (F_PUBLICKEYEXTRACT)
-          DSO_bind_func(dso, n_publicKeyExtract)) ||
-        !(pkaEncrypt = (F_PKAENCRYPT)
-          DSO_bind_func(dso, n_pkaEncrypt)) || !(pkaDecrypt = (F_PKADECRYPT)
-                                                 DSO_bind_func(dso,
-                                                               n_pkaDecrypt)))
-    {
-        CCA4758err(CCA4758_F_IBM_4758_CCA_INIT, CCA4758_R_DSO_FAILURE);
-        goto err;
-    }
-#  else
-    if (!(randomNumberGenerate = (F_RANDOMNUMBERGENERATE)
-          DSO_bind_func(dso, n_randomNumberGenerate))) {
-        CCA4758err(CCA4758_F_IBM_4758_CCA_INIT, CCA4758_R_DSO_FAILURE);
-        goto err;
-    }
-#  endif
-
-#  ifndef OPENSSL_NO_RSA
-    hndidx = RSA_get_ex_new_index(0, "IBM 4758 CCA RSA key handle",
-                                  NULL, NULL, cca_ex_free);
-#  endif
-
-    return 1;
- err:
-    if (dso)
-        DSO_free(dso);
-    dso = NULL;
-
-#  ifndef OPENSSL_NO_RSA
-    keyRecordRead = (F_KEYRECORDREAD) 0;
-    digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE) 0;
-    digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)0;
-    publicKeyExtract = (F_PUBLICKEYEXTRACT)0;
-    pkaEncrypt = (F_PKAENCRYPT) 0;
-    pkaDecrypt = (F_PKADECRYPT) 0;
-#  endif
-    randomNumberGenerate = (F_RANDOMNUMBERGENERATE) 0;
-    return 0;
-}
-
-static int ibm_4758_cca_finish(ENGINE *e)
-{
-    free_CCA4758_LIB_NAME();
-    if (!dso) {
-        CCA4758err(CCA4758_F_IBM_4758_CCA_FINISH, CCA4758_R_NOT_LOADED);
-        return 0;
-    }
-    if (!DSO_free(dso)) {
-        CCA4758err(CCA4758_F_IBM_4758_CCA_FINISH, CCA4758_R_UNIT_FAILURE);
-        return 0;
-    }
-    dso = NULL;
-#  ifndef OPENSSL_NO_RSA
-    keyRecordRead = (F_KEYRECORDREAD) 0;
-    randomNumberGenerate = (F_RANDOMNUMBERGENERATE) 0;
-    digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE) 0;
-    digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)0;
-    publicKeyExtract = (F_PUBLICKEYEXTRACT)0;
-    pkaEncrypt = (F_PKAENCRYPT) 0;
-    pkaDecrypt = (F_PKADECRYPT) 0;
-#  endif
-    randomNumberGenerate = (F_RANDOMNUMBERGENERATE) 0;
-    return 1;
-}
-
-static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p,
-                             void (*f) (void))
-{
-    int initialised = ((dso == NULL) ? 0 : 1);
-    switch (cmd) {
-    case CCA4758_CMD_SO_PATH:
-        if (p == NULL) {
-            CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL,
-                       ERR_R_PASSED_NULL_PARAMETER);
-            return 0;
-        }
-        if (initialised) {
-            CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL, CCA4758_R_ALREADY_LOADED);
-            return 0;
-        }
-        return set_CCA4758_LIB_NAME((const char *)p);
-    default:
-        break;
-    }
-    CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL,
-               CCA4758_R_COMMAND_NOT_IMPLEMENTED);
-    return 0;
-}
-
-#  ifndef OPENSSL_NO_RSA
-
-#   define MAX_CCA_PKA_TOKEN_SIZE 2500
-
-static EVP_PKEY *ibm_4758_load_privkey(ENGINE *e, const char *key_id,
-                                       UI_METHOD *ui_method,
-                                       void *callback_data)
-{
-    RSA *rtmp = NULL;
-    EVP_PKEY *res = NULL;
-    unsigned char *keyToken = NULL;
-    unsigned char pubKeyToken[MAX_CCA_PKA_TOKEN_SIZE];
-    long pubKeyTokenLength = MAX_CCA_PKA_TOKEN_SIZE;
-    long keyTokenLength = MAX_CCA_PKA_TOKEN_SIZE;
-    long returnCode;
-    long reasonCode;
-    long exitDataLength = 0;
-    long ruleArrayLength = 0;
-    unsigned char exitData[8];
-    unsigned char ruleArray[8];
-    unsigned char keyLabel[64];
-    unsigned long keyLabelLength = strlen(key_id);
-    unsigned char modulus[256];
-    long modulusFieldLength = sizeof(modulus);
-    long modulusLength = 0;
-    unsigned char exponent[256];
-    long exponentLength = sizeof(exponent);
-
-    if (keyLabelLength > sizeof(keyLabel)) {
-        CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY,
-                   CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
-        return NULL;
-    }
-
-    memset(keyLabel, ' ', sizeof(keyLabel));
-    memcpy(keyLabel, key_id, keyLabelLength);
-
-    keyToken = OPENSSL_malloc(MAX_CCA_PKA_TOKEN_SIZE + sizeof(long));
-    if (!keyToken) {
-        CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    keyRecordRead(&returnCode, &reasonCode, &exitDataLength,
-                  exitData, &ruleArrayLength, ruleArray, keyLabel,
-                  &keyTokenLength, keyToken + sizeof(long));
-
-    if (returnCode) {
-        CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY,
-                   CCA4758_R_FAILED_LOADING_PRIVATE_KEY);
-        goto err;
-    }
-
-    publicKeyExtract(&returnCode, &reasonCode, &exitDataLength,
-                     exitData, &ruleArrayLength, ruleArray, &keyTokenLength,
-                     keyToken + sizeof(long), &pubKeyTokenLength,
-                     pubKeyToken);
-
-    if (returnCode) {
-        CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY,
-                   CCA4758_R_FAILED_LOADING_PRIVATE_KEY);
-        goto err;
-    }
-
-    if (!getModulusAndExponent(pubKeyToken, &exponentLength,
-                               exponent, &modulusLength, &modulusFieldLength,
-                               modulus)) {
-        CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY,
-                   CCA4758_R_FAILED_LOADING_PRIVATE_KEY);
-        goto err;
-    }
-
-    (*(long *)keyToken) = keyTokenLength;
-    rtmp = RSA_new_method(e);
-    if (rtmp == NULL) {
-        CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-    RSA_set_ex_data(rtmp, hndidx, (char *)keyToken);
-
-    rtmp->e = BN_bin2bn(exponent, exponentLength, NULL);
-    rtmp->n = BN_bin2bn(modulus, modulusFieldLength, NULL);
-    rtmp->flags |= RSA_FLAG_EXT_PKEY;
-
-    res = EVP_PKEY_new();
-    EVP_PKEY_assign_RSA(res, rtmp);
-
-    return res;
- err:
-    if (keyToken)
-        OPENSSL_free(keyToken);
-    return NULL;
-}
-
-static EVP_PKEY *ibm_4758_load_pubkey(ENGINE *e, const char *key_id,
-                                      UI_METHOD *ui_method,
-                                      void *callback_data)
-{
-    RSA *rtmp = NULL;
-    EVP_PKEY *res = NULL;
-    unsigned char *keyToken = NULL;
-    long keyTokenLength = MAX_CCA_PKA_TOKEN_SIZE;
-    long returnCode;
-    long reasonCode;
-    long exitDataLength = 0;
-    long ruleArrayLength = 0;
-    unsigned char exitData[8];
-    unsigned char ruleArray[8];
-    unsigned char keyLabel[64];
-    unsigned long keyLabelLength = strlen(key_id);
-    unsigned char modulus[512];
-    long modulusFieldLength = sizeof(modulus);
-    long modulusLength = 0;
-    unsigned char exponent[512];
-    long exponentLength = sizeof(exponent);
-
-    if (keyLabelLength > sizeof(keyLabel)) {
-        CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY,
-                   CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
-        return NULL;
-    }
-
-    memset(keyLabel, ' ', sizeof(keyLabel));
-    memcpy(keyLabel, key_id, keyLabelLength);
-
-    keyToken = OPENSSL_malloc(MAX_CCA_PKA_TOKEN_SIZE + sizeof(long));
-    if (!keyToken) {
-        CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    keyRecordRead(&returnCode, &reasonCode, &exitDataLength, exitData,
-                  &ruleArrayLength, ruleArray, keyLabel, &keyTokenLength,
-                  keyToken + sizeof(long));
-
-    if (returnCode) {
-        CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    if (!getModulusAndExponent(keyToken + sizeof(long), &exponentLength,
-                               exponent, &modulusLength, &modulusFieldLength,
-                               modulus)) {
-        CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY,
-                   CCA4758_R_FAILED_LOADING_PUBLIC_KEY);
-        goto err;
-    }
-
-    (*(long *)keyToken) = keyTokenLength;
-    rtmp = RSA_new_method(e);
-    if (rtmp == NULL) {
-        CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-    RSA_set_ex_data(rtmp, hndidx, (char *)keyToken);
-    rtmp->e = BN_bin2bn(exponent, exponentLength, NULL);
-    rtmp->n = BN_bin2bn(modulus, modulusFieldLength, NULL);
-    rtmp->flags |= RSA_FLAG_EXT_PKEY;
-    res = EVP_PKEY_new();
-    EVP_PKEY_assign_RSA(res, rtmp);
-
-    return res;
- err:
-    if (keyToken)
-        OPENSSL_free(keyToken);
-    return NULL;
-}
-
-static int cca_rsa_pub_enc(int flen, const unsigned char *from,
-                           unsigned char *to, RSA *rsa, int padding)
-{
-    long returnCode;
-    long reasonCode;
-    long lflen = flen;
-    long exitDataLength = 0;
-    unsigned char exitData[8];
-    long ruleArrayLength = 1;
-    unsigned char ruleArray[8] = "PKCS-1.2";
-    long dataStructureLength = 0;
-    unsigned char dataStructure[8];
-    long outputLength = RSA_size(rsa);
-    long keyTokenLength;
-    unsigned char *keyToken = (unsigned char *)RSA_get_ex_data(rsa, hndidx);
-
-    keyTokenLength = *(long *)keyToken;
-    keyToken += sizeof(long);
-
-    pkaEncrypt(&returnCode, &reasonCode, &exitDataLength, exitData,
-               &ruleArrayLength, ruleArray, &lflen, (unsigned char *)from,
-               &dataStructureLength, dataStructure, &keyTokenLength,
-               keyToken, &outputLength, to);
-
-    if (returnCode || reasonCode)
-        return -(returnCode << 16 | reasonCode);
-    return outputLength;
-}
-
-static int cca_rsa_priv_dec(int flen, const unsigned char *from,
-                            unsigned char *to, RSA *rsa, int padding)
-{
-    long returnCode;
-    long reasonCode;
-    long lflen = flen;
-    long exitDataLength = 0;
-    unsigned char exitData[8];
-    long ruleArrayLength = 1;
-    unsigned char ruleArray[8] = "PKCS-1.2";
-    long dataStructureLength = 0;
-    unsigned char dataStructure[8];
-    long outputLength = RSA_size(rsa);
-    long keyTokenLength;
-    unsigned char *keyToken = (unsigned char *)RSA_get_ex_data(rsa, hndidx);
-
-    keyTokenLength = *(long *)keyToken;
-    keyToken += sizeof(long);
-
-    pkaDecrypt(&returnCode, &reasonCode, &exitDataLength, exitData,
-               &ruleArrayLength, ruleArray, &lflen, (unsigned char *)from,
-               &dataStructureLength, dataStructure, &keyTokenLength,
-               keyToken, &outputLength, to);
-
-    return (returnCode | reasonCode) ? 0 : 1;
-}
-
-#   define SSL_SIG_LEN 36
-
-static int cca_rsa_verify(int type, const unsigned char *m,
-                          unsigned int m_len, const unsigned char *sigbuf,
-                          unsigned int siglen, const RSA *rsa)
-{
-    long returnCode;
-    long reasonCode;
-    long lsiglen = siglen;
-    long exitDataLength = 0;
-    unsigned char exitData[8];
-    long ruleArrayLength = 1;
-    unsigned char ruleArray[8] = "PKCS-1.1";
-    long keyTokenLength;
-    unsigned char *keyToken = (unsigned char *)RSA_get_ex_data(rsa, hndidx);
-    long length = SSL_SIG_LEN;
-    long keyLength;
-    unsigned char *hashBuffer = NULL;
-    X509_SIG sig;
-    ASN1_TYPE parameter;
-    X509_ALGOR algorithm;
-    ASN1_OCTET_STRING digest;
-
-    keyTokenLength = *(long *)keyToken;
-    keyToken += sizeof(long);
-
-    if (type == NID_md5 || type == NID_sha1) {
-        sig.algor = &algorithm;
-        algorithm.algorithm = OBJ_nid2obj(type);
-
-        if (!algorithm.algorithm) {
-            CCA4758err(CCA4758_F_CCA_RSA_VERIFY,
-                       CCA4758_R_UNKNOWN_ALGORITHM_TYPE);
-            return 0;
-        }
-
-        if (!algorithm.algorithm->length) {
-            CCA4758err(CCA4758_F_CCA_RSA_VERIFY,
-                       CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD);
-            return 0;
-        }
-
-        parameter.type = V_ASN1_NULL;
-        parameter.value.ptr = NULL;
-        algorithm.parameter = &parameter;
-
-        sig.digest = &digest;
-        sig.digest->data = (unsigned char *)m;
-        sig.digest->length = m_len;
-
-        length = i2d_X509_SIG(&sig, NULL);
-    }
-
-    keyLength = RSA_size(rsa);
-
-    if (length - RSA_PKCS1_PADDING > keyLength) {
-        CCA4758err(CCA4758_F_CCA_RSA_VERIFY,
-                   CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
-        return 0;
-    }
-
-    switch (type) {
-    case NID_md5_sha1:
-        if (m_len != SSL_SIG_LEN) {
-            CCA4758err(CCA4758_F_CCA_RSA_VERIFY,
-                       CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
-            return 0;
-        }
-
-        hashBuffer = (unsigned char *)m;
-        length = m_len;
-        break;
-    case NID_md5:
-        {
-            unsigned char *ptr;
-            ptr = hashBuffer = OPENSSL_malloc((unsigned int)keyLength + 1);
-            if (!hashBuffer) {
-                CCA4758err(CCA4758_F_CCA_RSA_VERIFY, ERR_R_MALLOC_FAILURE);
-                return 0;
-            }
-
-            i2d_X509_SIG(&sig, &ptr);
-        }
-        break;
-    case NID_sha1:
-        {
-            unsigned char *ptr;
-            ptr = hashBuffer = OPENSSL_malloc((unsigned int)keyLength + 1);
-            if (!hashBuffer) {
-                CCA4758err(CCA4758_F_CCA_RSA_VERIFY, ERR_R_MALLOC_FAILURE);
-                return 0;
-            }
-            i2d_X509_SIG(&sig, &ptr);
-        }
-        break;
-    default:
-        return 0;
-    }
-
-    digitalSignatureVerify(&returnCode, &reasonCode, &exitDataLength,
-                           exitData, &ruleArrayLength, ruleArray,
-                           &keyTokenLength, keyToken, &length, hashBuffer,
-                           &lsiglen, (unsigned char *)sigbuf);
-
-    if (type == NID_sha1 || type == NID_md5) {
-        OPENSSL_cleanse(hashBuffer, keyLength + 1);
-        OPENSSL_free(hashBuffer);
-    }
-
-    return ((returnCode || reasonCode) ? 0 : 1);
-}
-
-#   define SSL_SIG_LEN 36
-
-static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len,
-                        unsigned char *sigret, unsigned int *siglen,
-                        const RSA *rsa)
-{
-    long returnCode;
-    long reasonCode;
-    long exitDataLength = 0;
-    unsigned char exitData[8];
-    long ruleArrayLength = 1;
-    unsigned char ruleArray[8] = "PKCS-1.1";
-    long outputLength = 256;
-    long outputBitLength;
-    long keyTokenLength;
-    unsigned char *hashBuffer = NULL;
-    unsigned char *keyToken = (unsigned char *)RSA_get_ex_data(rsa, hndidx);
-    long length = SSL_SIG_LEN;
-    long keyLength;
-    X509_SIG sig;
-    ASN1_TYPE parameter;
-    X509_ALGOR algorithm;
-    ASN1_OCTET_STRING digest;
-
-    keyTokenLength = *(long *)keyToken;
-    keyToken += sizeof(long);
-
-    if (type == NID_md5 || type == NID_sha1) {
-        sig.algor = &algorithm;
-        algorithm.algorithm = OBJ_nid2obj(type);
-
-        if (!algorithm.algorithm) {
-            CCA4758err(CCA4758_F_CCA_RSA_SIGN,
-                       CCA4758_R_UNKNOWN_ALGORITHM_TYPE);
-            return 0;
-        }
-
-        if (!algorithm.algorithm->length) {
-            CCA4758err(CCA4758_F_CCA_RSA_SIGN,
-                       CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD);
-            return 0;
-        }
-
-        parameter.type = V_ASN1_NULL;
-        parameter.value.ptr = NULL;
-        algorithm.parameter = &parameter;
-
-        sig.digest = &digest;
-        sig.digest->data = (unsigned char *)m;
-        sig.digest->length = m_len;
-
-        length = i2d_X509_SIG(&sig, NULL);
-    }
-
-    keyLength = RSA_size(rsa);
-
-    if (length - RSA_PKCS1_PADDING > keyLength) {
-        CCA4758err(CCA4758_F_CCA_RSA_SIGN,
-                   CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
-        return 0;
-    }
-
-    switch (type) {
-    case NID_md5_sha1:
-        if (m_len != SSL_SIG_LEN) {
-            CCA4758err(CCA4758_F_CCA_RSA_SIGN,
-                       CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
-            return 0;
-        }
-        hashBuffer = (unsigned char *)m;
-        length = m_len;
-        break;
-    case NID_md5:
-        {
-            unsigned char *ptr;
-            ptr = hashBuffer = OPENSSL_malloc((unsigned int)keyLength + 1);
-            if (!hashBuffer) {
-                CCA4758err(CCA4758_F_CCA_RSA_SIGN, ERR_R_MALLOC_FAILURE);
-                return 0;
-            }
-            i2d_X509_SIG(&sig, &ptr);
-        }
-        break;
-    case NID_sha1:
-        {
-            unsigned char *ptr;
-            ptr = hashBuffer = OPENSSL_malloc((unsigned int)keyLength + 1);
-            if (!hashBuffer) {
-                CCA4758err(CCA4758_F_CCA_RSA_SIGN, ERR_R_MALLOC_FAILURE);
-                return 0;
-            }
-            i2d_X509_SIG(&sig, &ptr);
-        }
-        break;
-    default:
-        return 0;
-    }
-
-    digitalSignatureGenerate(&returnCode, &reasonCode, &exitDataLength,
-                             exitData, &ruleArrayLength, ruleArray,
-                             &keyTokenLength, keyToken, &length, hashBuffer,
-                             &outputLength, &outputBitLength, sigret);
-
-    if (type == NID_sha1 || type == NID_md5) {
-        OPENSSL_cleanse(hashBuffer, keyLength + 1);
-        OPENSSL_free(hashBuffer);
-    }
-
-    *siglen = outputLength;
-
-    return ((returnCode || reasonCode) ? 0 : 1);
-}
-
-static int getModulusAndExponent(const unsigned char *token,
-                                 long *exponentLength,
-                                 unsigned char *exponent, long *modulusLength,
-                                 long *modulusFieldLength,
-                                 unsigned char *modulus)
-{
-    unsigned long len;
-
-    if (*token++ != (char)0x1E) /* internal PKA token? */
-        return 0;
-
-    if (*token++)               /* token version must be zero */
-        return 0;
-
-    len = *token++;
-    len = len << 8;
-    len |= (unsigned char)*token++;
-
-    token += 4;                 /* skip reserved bytes */
-
-    if (*token++ == (char)0x04) {
-        if (*token++)           /* token version must be zero */
-            return 0;
-
-        len = *token++;
-        len = len << 8;
-        len |= (unsigned char)*token++;
-
-        token += 2;             /* skip reserved section */
-
-        len = *token++;
-        len = len << 8;
-        len |= (unsigned char)*token++;
-
-        *exponentLength = len;
-
-        len = *token++;
-        len = len << 8;
-        len |= (unsigned char)*token++;
-
-        *modulusLength = len;
-
-        len = *token++;
-        len = len << 8;
-        len |= (unsigned char)*token++;
-
-        *modulusFieldLength = len;
-
-        memcpy(exponent, token, *exponentLength);
-        token += *exponentLength;
-
-        memcpy(modulus, token, *modulusFieldLength);
-        return 1;
-    }
-    return 0;
-}
-
-#  endif                        /* OPENSSL_NO_RSA */
-
-static int cca_random_status(void)
-{
-    return 1;
-}
-
-static int cca_get_random_bytes(unsigned char *buf, int num)
-{
-    long ret_code;
-    long reason_code;
-    long exit_data_length;
-    unsigned char exit_data[4];
-    unsigned char form[] = "RANDOM  ";
-    unsigned char rand_buf[8];
-
-    while (num >= (int)sizeof(rand_buf)) {
-        randomNumberGenerate(&ret_code, &reason_code, &exit_data_length,
-                             exit_data, form, rand_buf);
-        if (ret_code)
-            return 0;
-        num -= sizeof(rand_buf);
-        memcpy(buf, rand_buf, sizeof(rand_buf));
-        buf += sizeof(rand_buf);
-    }
-
-    if (num) {
-        randomNumberGenerate(&ret_code, &reason_code, NULL, NULL,
-                             form, rand_buf);
-        if (ret_code)
-            return 0;
-        memcpy(buf, rand_buf, num);
-    }
-
-    return 1;
-}
-
-#  ifndef OPENSSL_NO_RSA
-static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, int idx,
-                        long argl, void *argp)
-{
-    if (item)
-        OPENSSL_free(item);
-}
-#  endif
-
-/* Goo to handle building as a dynamic engine */
-#  ifndef OPENSSL_NO_DYNAMIC_ENGINE
-static int bind_fn(ENGINE *e, const char *id)
-{
-    if (id && (strcmp(id, engine_4758_cca_id) != 0) &&
-        (strcmp(id, engine_4758_cca_id_alt) != 0))
-        return 0;
-    if (!bind_helper(e))
-        return 0;
-    return 1;
-}
-
-IMPLEMENT_DYNAMIC_CHECK_FN()
-    IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
-#  endif                        /* OPENSSL_NO_DYNAMIC_ENGINE */
-# endif                         /* !OPENSSL_NO_HW_4758_CCA */
-#endif                          /* !OPENSSL_NO_HW */
diff --git a/freebsd/crypto/openssl/engines/e_4758cca_err.c b/freebsd/crypto/openssl/engines/e_4758cca_err.c
deleted file mode 100644
index a2b170ac..00000000
--- a/freebsd/crypto/openssl/engines/e_4758cca_err.c
+++ /dev/null
@@ -1,155 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* e_4758cca_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/*
- * NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include "e_4758cca_err.h"
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-# define ERR_FUNC(func) ERR_PACK(0,func,0)
-# define ERR_REASON(reason) ERR_PACK(0,0,reason)
-
-static ERR_STRING_DATA CCA4758_str_functs[] = {
-    {ERR_FUNC(CCA4758_F_CCA_RSA_SIGN), "CCA_RSA_SIGN"},
-    {ERR_FUNC(CCA4758_F_CCA_RSA_VERIFY), "CCA_RSA_VERIFY"},
-    {ERR_FUNC(CCA4758_F_IBM_4758_CCA_CTRL), "IBM_4758_CCA_CTRL"},
-    {ERR_FUNC(CCA4758_F_IBM_4758_CCA_FINISH), "IBM_4758_CCA_FINISH"},
-    {ERR_FUNC(CCA4758_F_IBM_4758_CCA_INIT), "IBM_4758_CCA_INIT"},
-    {ERR_FUNC(CCA4758_F_IBM_4758_LOAD_PRIVKEY), "IBM_4758_LOAD_PRIVKEY"},
-    {ERR_FUNC(CCA4758_F_IBM_4758_LOAD_PUBKEY), "IBM_4758_LOAD_PUBKEY"},
-    {0, NULL}
-};
-
-static ERR_STRING_DATA CCA4758_str_reasons[] = {
-    {ERR_REASON(CCA4758_R_ALREADY_LOADED), "already loaded"},
-    {ERR_REASON(CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD),
-     "asn1 oid unknown for md"},
-    {ERR_REASON(CCA4758_R_COMMAND_NOT_IMPLEMENTED),
-     "command not implemented"},
-    {ERR_REASON(CCA4758_R_DSO_FAILURE), "dso failure"},
-    {ERR_REASON(CCA4758_R_FAILED_LOADING_PRIVATE_KEY),
-     "failed loading private key"},
-    {ERR_REASON(CCA4758_R_FAILED_LOADING_PUBLIC_KEY),
-     "failed loading public key"},
-    {ERR_REASON(CCA4758_R_NOT_LOADED), "not loaded"},
-    {ERR_REASON(CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL),
-     "size too large or too small"},
-    {ERR_REASON(CCA4758_R_UNIT_FAILURE), "unit failure"},
-    {ERR_REASON(CCA4758_R_UNKNOWN_ALGORITHM_TYPE), "unknown algorithm type"},
-    {0, NULL}
-};
-
-#endif
-
-#ifdef CCA4758_LIB_NAME
-static ERR_STRING_DATA CCA4758_lib_name[] = {
-    {0, CCA4758_LIB_NAME},
-    {0, NULL}
-};
-#endif
-
-static int CCA4758_lib_error_code = 0;
-static int CCA4758_error_init = 1;
-
-static void ERR_load_CCA4758_strings(void)
-{
-    if (CCA4758_lib_error_code == 0)
-        CCA4758_lib_error_code = ERR_get_next_error_library();
-
-    if (CCA4758_error_init) {
-        CCA4758_error_init = 0;
-#ifndef OPENSSL_NO_ERR
-        ERR_load_strings(CCA4758_lib_error_code, CCA4758_str_functs);
-        ERR_load_strings(CCA4758_lib_error_code, CCA4758_str_reasons);
-#endif
-
-#ifdef CCA4758_LIB_NAME
-        CCA4758_lib_name->error = ERR_PACK(CCA4758_lib_error_code, 0, 0);
-        ERR_load_strings(0, CCA4758_lib_name);
-#endif
-    }
-}
-
-static void ERR_unload_CCA4758_strings(void)
-{
-    if (CCA4758_error_init == 0) {
-#ifndef OPENSSL_NO_ERR
-        ERR_unload_strings(CCA4758_lib_error_code, CCA4758_str_functs);
-        ERR_unload_strings(CCA4758_lib_error_code, CCA4758_str_reasons);
-#endif
-
-#ifdef CCA4758_LIB_NAME
-        ERR_unload_strings(0, CCA4758_lib_name);
-#endif
-        CCA4758_error_init = 1;
-    }
-}
-
-static void ERR_CCA4758_error(int function, int reason, char *file, int line)
-{
-    if (CCA4758_lib_error_code == 0)
-        CCA4758_lib_error_code = ERR_get_next_error_library();
-    ERR_PUT_error(CCA4758_lib_error_code, function, reason, file, line);
-}
diff --git a/freebsd/crypto/openssl/engines/e_4758cca_err.h b/freebsd/crypto/openssl/engines/e_4758cca_err.h
deleted file mode 100644
index 2f29d96f..00000000
--- a/freebsd/crypto/openssl/engines/e_4758cca_err.h
+++ /dev/null
@@ -1,98 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_CCA4758_ERR_H
-# define HEADER_CCA4758_ERR_H
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* BEGIN ERROR CODES */
-/*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-static void ERR_load_CCA4758_strings(void);
-static void ERR_unload_CCA4758_strings(void);
-static void ERR_CCA4758_error(int function, int reason, char *file, int line);
-# define CCA4758err(f,r) ERR_CCA4758_error((f),(r),__FILE__,__LINE__)
-
-/* Error codes for the CCA4758 functions. */
-
-/* Function codes. */
-# define CCA4758_F_CCA_RSA_SIGN                           105
-# define CCA4758_F_CCA_RSA_VERIFY                         106
-# define CCA4758_F_IBM_4758_CCA_CTRL                      100
-# define CCA4758_F_IBM_4758_CCA_FINISH                    101
-# define CCA4758_F_IBM_4758_CCA_INIT                      102
-# define CCA4758_F_IBM_4758_LOAD_PRIVKEY                  103
-# define CCA4758_F_IBM_4758_LOAD_PUBKEY                   104
-
-/* Reason codes. */
-# define CCA4758_R_ALREADY_LOADED                         100
-# define CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD                101
-# define CCA4758_R_COMMAND_NOT_IMPLEMENTED                102
-# define CCA4758_R_DSO_FAILURE                            103
-# define CCA4758_R_FAILED_LOADING_PRIVATE_KEY             104
-# define CCA4758_R_FAILED_LOADING_PUBLIC_KEY              105
-# define CCA4758_R_NOT_LOADED                             106
-# define CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL            107
-# define CCA4758_R_UNIT_FAILURE                           108
-# define CCA4758_R_UNKNOWN_ALGORITHM_TYPE                 109
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/freebsd/crypto/openssl/engines/e_aep.c b/freebsd/crypto/openssl/engines/e_aep.c
deleted file mode 100644
index a7746673..00000000
--- a/freebsd/crypto/openssl/engines/e_aep.c
+++ /dev/null
@@ -1,1169 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <openssl/bn.h>
-#include <string.h>
-
-#include <openssl/e_os2.h>
-#if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__) || defined(__MINGW32__)
-# include <sys/types.h>
-# include <unistd.h>
-#else
-# include <process.h>
-typedef int pid_t;
-#endif
-
-#if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB)
-# define getpid GetThreadID
-extern int GetThreadID(void);
-#elif defined(_WIN32) && !defined(__WATCOMC__)
-# define getpid _getpid
-#endif
-
-#include <openssl/crypto.h>
-#include <openssl/dso.h>
-#include <openssl/engine.h>
-#include <openssl/buffer.h>
-#ifndef OPENSSL_NO_RSA
-# include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-# include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-# include <openssl/dh.h>
-#endif
-
-#ifndef OPENSSL_NO_HW
-# ifndef OPENSSL_NO_HW_AEP
-#  ifdef FLAT_INC
-#   include "aep.h"
-#  else
-#   include "vendor_defns/aep.h"
-#  endif
-
-#  define AEP_LIB_NAME "aep engine"
-#  define FAIL_TO_SW 0x10101010
-
-#  include "e_aep_err.c"
-
-static int aep_init(ENGINE *e);
-static int aep_finish(ENGINE *e);
-static int aep_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void));
-static int aep_destroy(ENGINE *e);
-
-static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR hConnection);
-static AEP_RV aep_return_connection(AEP_CONNECTION_HNDL hConnection);
-static AEP_RV aep_close_connection(AEP_CONNECTION_HNDL hConnection);
-static AEP_RV aep_close_all_connections(int use_engine_lock, int *in_use);
-
-/* BIGNUM stuff */
-#  ifndef OPENSSL_NO_RSA
-static int aep_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                       const BIGNUM *m, BN_CTX *ctx);
-
-static AEP_RV aep_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                              const BIGNUM *q, const BIGNUM *dmp1,
-                              const BIGNUM *dmq1, const BIGNUM *iqmp,
-                              BN_CTX *ctx);
-#  endif
-
-/* RSA stuff */
-#  ifndef OPENSSL_NO_RSA
-static int aep_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
-                           BN_CTX *ctx);
-#  endif
-
-/* This function is aliased to mod_exp (with the mont stuff dropped). */
-#  ifndef OPENSSL_NO_RSA
-static int aep_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                            const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-#  endif
-
-/* DSA stuff */
-#  ifndef OPENSSL_NO_DSA
-static int aep_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
-                           BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
-                           BN_CTX *ctx, BN_MONT_CTX *in_mont);
-
-static int aep_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
-                           const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
-                           BN_MONT_CTX *m_ctx);
-#  endif
-
-/* DH stuff */
-/* This function is aliased to mod_exp (with the DH and mont dropped). */
-#  ifndef OPENSSL_NO_DH
-static int aep_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
-                          const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
-                          BN_MONT_CTX *m_ctx);
-#  endif
-
-/* rand stuff   */
-#  ifdef AEPRAND
-static int aep_rand(unsigned char *buf, int num);
-static int aep_rand_status(void);
-#  endif
-
-/* Bignum conversion stuff */
-static AEP_RV GetBigNumSize(AEP_VOID_PTR ArbBigNum, AEP_U32 *BigNumSize);
-static AEP_RV MakeAEPBigNum(AEP_VOID_PTR ArbBigNum, AEP_U32 BigNumSize,
-                            unsigned char *AEP_BigNum);
-static AEP_RV ConvertAEPBigNum(void *ArbBigNum, AEP_U32 BigNumSize,
-                               unsigned char *AEP_BigNum);
-
-/* The definitions for control commands specific to this engine */
-#  define AEP_CMD_SO_PATH         ENGINE_CMD_BASE
-static const ENGINE_CMD_DEFN aep_cmd_defns[] = {
-    {AEP_CMD_SO_PATH,
-     "SO_PATH",
-     "Specifies the path to the 'aep' shared library",
-     ENGINE_CMD_FLAG_STRING},
-    {0, NULL, NULL, 0}
-};
-
-#  ifndef OPENSSL_NO_RSA
-/* Our internal RSA_METHOD that we provide pointers to */
-static RSA_METHOD aep_rsa = {
-    "Aep RSA method",
-    NULL,                       /* rsa_pub_encrypt */
-    NULL,                       /* rsa_pub_decrypt */
-    NULL,                       /* rsa_priv_encrypt */
-    NULL,                       /* rsa_priv_encrypt */
-    aep_rsa_mod_exp,            /* rsa_mod_exp */
-    aep_mod_exp_mont,           /* bn_mod_exp */
-    NULL,                       /* init */
-    NULL,                       /* finish */
-    0,                          /* flags */
-    NULL,                       /* app_data */
-    NULL,                       /* rsa_sign */
-    NULL,                       /* rsa_verify */
-    NULL                        /* rsa_keygen */
-};
-#  endif
-
-#  ifndef OPENSSL_NO_DSA
-/* Our internal DSA_METHOD that we provide pointers to */
-static DSA_METHOD aep_dsa = {
-    "Aep DSA method",
-    NULL,                       /* dsa_do_sign */
-    NULL,                       /* dsa_sign_setup */
-    NULL,                       /* dsa_do_verify */
-    aep_dsa_mod_exp,            /* dsa_mod_exp */
-    aep_mod_exp_dsa,            /* bn_mod_exp */
-    NULL,                       /* init */
-    NULL,                       /* finish */
-    0,                          /* flags */
-    NULL,                       /* app_data */
-    NULL,                       /* dsa_paramgen */
-    NULL                        /* dsa_keygen */
-};
-#  endif
-
-#  ifndef OPENSSL_NO_DH
-/* Our internal DH_METHOD that we provide pointers to */
-static DH_METHOD aep_dh = {
-    "Aep DH method",
-    NULL,
-    NULL,
-    aep_mod_exp_dh,
-    NULL,
-    NULL,
-    0,
-    NULL,
-    NULL
-};
-#  endif
-
-#  ifdef AEPRAND
-/* our internal RAND_method that we provide pointers to  */
-static RAND_METHOD aep_random = {
-    /*
-     * "AEP RAND method",
-     */
-    NULL,
-    aep_rand,
-    NULL,
-    NULL,
-    aep_rand,
-    aep_rand_status,
-};
-#  endif
-
-/*
- * Define an array of structures to hold connections
- */
-static AEP_CONNECTION_ENTRY aep_app_conn_table[MAX_PROCESS_CONNECTIONS];
-
-/*
- * Used to determine if this is a new process
- */
-static pid_t recorded_pid = 0;
-
-#  ifdef AEPRAND
-static AEP_U8 rand_block[RAND_BLK_SIZE];
-static AEP_U32 rand_block_bytes = 0;
-#  endif
-
-/* Constants used when creating the ENGINE */
-static const char *engine_aep_id = "aep";
-static const char *engine_aep_name = "Aep hardware engine support";
-
-static int max_key_len = 2176;
-
-/*
- * This internal function is used by ENGINE_aep() and possibly by the
- * "dynamic" ENGINE support too
- */
-static int bind_aep(ENGINE *e)
-{
-#  ifndef OPENSSL_NO_RSA
-    const RSA_METHOD *meth1;
-#  endif
-#  ifndef OPENSSL_NO_DSA
-    const DSA_METHOD *meth2;
-#  endif
-#  ifndef OPENSSL_NO_DH
-    const DH_METHOD *meth3;
-#  endif
-
-    if (!ENGINE_set_id(e, engine_aep_id) ||
-        !ENGINE_set_name(e, engine_aep_name) ||
-#  ifndef OPENSSL_NO_RSA
-        !ENGINE_set_RSA(e, &aep_rsa) ||
-#  endif
-#  ifndef OPENSSL_NO_DSA
-        !ENGINE_set_DSA(e, &aep_dsa) ||
-#  endif
-#  ifndef OPENSSL_NO_DH
-        !ENGINE_set_DH(e, &aep_dh) ||
-#  endif
-#  ifdef AEPRAND
-        !ENGINE_set_RAND(e, &aep_random) ||
-#  endif
-        !ENGINE_set_init_function(e, aep_init) ||
-        !ENGINE_set_destroy_function(e, aep_destroy) ||
-        !ENGINE_set_finish_function(e, aep_finish) ||
-        !ENGINE_set_ctrl_function(e, aep_ctrl) ||
-        !ENGINE_set_cmd_defns(e, aep_cmd_defns))
-        return 0;
-
-#  ifndef OPENSSL_NO_RSA
-    /*
-     * We know that the "PKCS1_SSLeay()" functions hook properly to the
-     * aep-specific mod_exp and mod_exp_crt so we use those functions. NB: We
-     * don't use ENGINE_openssl() or anything "more generic" because
-     * something like the RSAref code may not hook properly, and if you own
-     * one of these cards then you have the right to do RSA operations on it
-     * anyway!
-     */
-    meth1 = RSA_PKCS1_SSLeay();
-    aep_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
-    aep_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
-    aep_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
-    aep_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
-#  endif
-
-#  ifndef OPENSSL_NO_DSA
-    /*
-     * Use the DSA_OpenSSL() method and just hook the mod_exp-ish bits.
-     */
-    meth2 = DSA_OpenSSL();
-    aep_dsa.dsa_do_sign = meth2->dsa_do_sign;
-    aep_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
-    aep_dsa.dsa_do_verify = meth2->dsa_do_verify;
-
-    aep_dsa = *DSA_get_default_method();
-    aep_dsa.dsa_mod_exp = aep_dsa_mod_exp;
-    aep_dsa.bn_mod_exp = aep_mod_exp_dsa;
-#  endif
-
-#  ifndef OPENSSL_NO_DH
-    /* Much the same for Diffie-Hellman */
-    meth3 = DH_OpenSSL();
-    aep_dh.generate_key = meth3->generate_key;
-    aep_dh.compute_key = meth3->compute_key;
-    aep_dh.bn_mod_exp = meth3->bn_mod_exp;
-#  endif
-
-    /* Ensure the aep error handling is set up */
-    ERR_load_AEPHK_strings();
-
-    return 1;
-}
-
-#  ifndef OPENSSL_NO_DYNAMIC_ENGINE
-static int bind_helper(ENGINE *e, const char *id)
-{
-    if (id && (strcmp(id, engine_aep_id) != 0))
-        return 0;
-    if (!bind_aep(e))
-        return 0;
-    return 1;
-}
-
-IMPLEMENT_DYNAMIC_CHECK_FN()
-    IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
-#  else
-static ENGINE *engine_aep(void)
-{
-    ENGINE *ret = ENGINE_new();
-    if (!ret)
-        return NULL;
-    if (!bind_aep(ret)) {
-        ENGINE_free(ret);
-        return NULL;
-    }
-    return ret;
-}
-
-void ENGINE_load_aep(void)
-{
-    /* Copied from eng_[openssl|dyn].c */
-    ENGINE *toadd = engine_aep();
-    if (!toadd)
-        return;
-    ENGINE_add(toadd);
-    ENGINE_free(toadd);
-    ERR_clear_error();
-}
-#  endif
-
-/*
- * This is a process-global DSO handle used for loading and unloading the Aep
- * library. NB: This is only set (or unset) during an init() or finish() call
- * (reference counts permitting) and they're operating with global locks, so
- * this should be thread-safe implicitly.
- */
-static DSO *aep_dso = NULL;
-
-/*
- * These are the static string constants for the DSO file name and the
- * function symbol names to bind to.
- */
-static const char *AEP_LIBNAME = NULL;
-static const char *get_AEP_LIBNAME(void)
-{
-    if (AEP_LIBNAME)
-        return AEP_LIBNAME;
-    return "aep";
-}
-
-static void free_AEP_LIBNAME(void)
-{
-    if (AEP_LIBNAME)
-        OPENSSL_free((void *)AEP_LIBNAME);
-    AEP_LIBNAME = NULL;
-}
-
-static long set_AEP_LIBNAME(const char *name)
-{
-    free_AEP_LIBNAME();
-    return ((AEP_LIBNAME = BUF_strdup(name)) != NULL ? 1 : 0);
-}
-
-static const char *AEP_F1 = "AEP_ModExp";
-static const char *AEP_F2 = "AEP_ModExpCrt";
-#  ifdef AEPRAND
-static const char *AEP_F3 = "AEP_GenRandom";
-#  endif
-static const char *AEP_F4 = "AEP_Finalize";
-static const char *AEP_F5 = "AEP_Initialize";
-static const char *AEP_F6 = "AEP_OpenConnection";
-static const char *AEP_F7 = "AEP_SetBNCallBacks";
-static const char *AEP_F8 = "AEP_CloseConnection";
-
-/*
- * These are the function pointers that are (un)set when the library has
- * successfully (un)loaded.
- */
-static t_AEP_OpenConnection *p_AEP_OpenConnection = NULL;
-static t_AEP_CloseConnection *p_AEP_CloseConnection = NULL;
-static t_AEP_ModExp *p_AEP_ModExp = NULL;
-static t_AEP_ModExpCrt *p_AEP_ModExpCrt = NULL;
-#  ifdef AEPRAND
-static t_AEP_GenRandom *p_AEP_GenRandom = NULL;
-#  endif
-static t_AEP_Initialize *p_AEP_Initialize = NULL;
-static t_AEP_Finalize *p_AEP_Finalize = NULL;
-static t_AEP_SetBNCallBacks *p_AEP_SetBNCallBacks = NULL;
-
-/* (de)initialisation functions. */
-static int aep_init(ENGINE *e)
-{
-    t_AEP_ModExp *p1;
-    t_AEP_ModExpCrt *p2;
-#  ifdef AEPRAND
-    t_AEP_GenRandom *p3;
-#  endif
-    t_AEP_Finalize *p4;
-    t_AEP_Initialize *p5;
-    t_AEP_OpenConnection *p6;
-    t_AEP_SetBNCallBacks *p7;
-    t_AEP_CloseConnection *p8;
-
-    int to_return = 0;
-
-    if (aep_dso != NULL) {
-        AEPHKerr(AEPHK_F_AEP_INIT, AEPHK_R_ALREADY_LOADED);
-        goto err;
-    }
-    /* Attempt to load libaep.so. */
-
-    aep_dso = DSO_load(NULL, get_AEP_LIBNAME(), NULL, 0);
-
-    if (aep_dso == NULL) {
-        AEPHKerr(AEPHK_F_AEP_INIT, AEPHK_R_NOT_LOADED);
-        goto err;
-    }
-
-    if (!(p1 = (t_AEP_ModExp *) DSO_bind_func(aep_dso, AEP_F1)) ||
-        !(p2 = (t_AEP_ModExpCrt *) DSO_bind_func(aep_dso, AEP_F2)) ||
-#  ifdef AEPRAND
-        !(p3 = (t_AEP_GenRandom *) DSO_bind_func(aep_dso, AEP_F3)) ||
-#  endif
-        !(p4 = (t_AEP_Finalize *) DSO_bind_func(aep_dso, AEP_F4)) ||
-        !(p5 = (t_AEP_Initialize *) DSO_bind_func(aep_dso, AEP_F5)) ||
-        !(p6 = (t_AEP_OpenConnection *) DSO_bind_func(aep_dso, AEP_F6)) ||
-        !(p7 = (t_AEP_SetBNCallBacks *) DSO_bind_func(aep_dso, AEP_F7)) ||
-        !(p8 = (t_AEP_CloseConnection *) DSO_bind_func(aep_dso, AEP_F8))) {
-        AEPHKerr(AEPHK_F_AEP_INIT, AEPHK_R_NOT_LOADED);
-        goto err;
-    }
-
-    /* Copy the pointers */
-
-    p_AEP_ModExp = p1;
-    p_AEP_ModExpCrt = p2;
-#  ifdef AEPRAND
-    p_AEP_GenRandom = p3;
-#  endif
-    p_AEP_Finalize = p4;
-    p_AEP_Initialize = p5;
-    p_AEP_OpenConnection = p6;
-    p_AEP_SetBNCallBacks = p7;
-    p_AEP_CloseConnection = p8;
-
-    to_return = 1;
-
-    return to_return;
-
- err:
-
-    if (aep_dso)
-        DSO_free(aep_dso);
-    aep_dso = NULL;
-
-    p_AEP_OpenConnection = NULL;
-    p_AEP_ModExp = NULL;
-    p_AEP_ModExpCrt = NULL;
-#  ifdef AEPRAND
-    p_AEP_GenRandom = NULL;
-#  endif
-    p_AEP_Initialize = NULL;
-    p_AEP_Finalize = NULL;
-    p_AEP_SetBNCallBacks = NULL;
-    p_AEP_CloseConnection = NULL;
-
-    return to_return;
-}
-
-/* Destructor (complements the "ENGINE_aep()" constructor) */
-static int aep_destroy(ENGINE *e)
-{
-    free_AEP_LIBNAME();
-    ERR_unload_AEPHK_strings();
-    return 1;
-}
-
-static int aep_finish(ENGINE *e)
-{
-    int to_return = 0, in_use;
-    AEP_RV rv;
-
-    if (aep_dso == NULL) {
-        AEPHKerr(AEPHK_F_AEP_FINISH, AEPHK_R_NOT_LOADED);
-        goto err;
-    }
-
-    rv = aep_close_all_connections(0, &in_use);
-    if (rv != AEP_R_OK) {
-        AEPHKerr(AEPHK_F_AEP_FINISH, AEPHK_R_CLOSE_HANDLES_FAILED);
-        goto err;
-    }
-    if (in_use) {
-        AEPHKerr(AEPHK_F_AEP_FINISH, AEPHK_R_CONNECTIONS_IN_USE);
-        goto err;
-    }
-
-    rv = p_AEP_Finalize();
-    if (rv != AEP_R_OK) {
-        AEPHKerr(AEPHK_F_AEP_FINISH, AEPHK_R_FINALIZE_FAILED);
-        goto err;
-    }
-
-    if (!DSO_free(aep_dso)) {
-        AEPHKerr(AEPHK_F_AEP_FINISH, AEPHK_R_UNIT_FAILURE);
-        goto err;
-    }
-
-    aep_dso = NULL;
-    p_AEP_CloseConnection = NULL;
-    p_AEP_OpenConnection = NULL;
-    p_AEP_ModExp = NULL;
-    p_AEP_ModExpCrt = NULL;
-#  ifdef AEPRAND
-    p_AEP_GenRandom = NULL;
-#  endif
-    p_AEP_Initialize = NULL;
-    p_AEP_Finalize = NULL;
-    p_AEP_SetBNCallBacks = NULL;
-
-    to_return = 1;
- err:
-    return to_return;
-}
-
-static int aep_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
-{
-    int initialised = ((aep_dso == NULL) ? 0 : 1);
-    switch (cmd) {
-    case AEP_CMD_SO_PATH:
-        if (p == NULL) {
-            AEPHKerr(AEPHK_F_AEP_CTRL, ERR_R_PASSED_NULL_PARAMETER);
-            return 0;
-        }
-        if (initialised) {
-            AEPHKerr(AEPHK_F_AEP_CTRL, AEPHK_R_ALREADY_LOADED);
-            return 0;
-        }
-        return set_AEP_LIBNAME((const char *)p);
-    default:
-        break;
-    }
-    AEPHKerr(AEPHK_F_AEP_CTRL, AEPHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);
-    return 0;
-}
-
-static int aep_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                       const BIGNUM *m, BN_CTX *ctx)
-{
-    int to_return = 0;
-    int r_len = 0;
-    AEP_CONNECTION_HNDL hConnection;
-    AEP_RV rv;
-
-    r_len = BN_num_bits(m);
-
-    /* Perform in software if modulus is too large for hardware. */
-
-    if (r_len > max_key_len) {
-        AEPHKerr(AEPHK_F_AEP_MOD_EXP, AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
-        return BN_mod_exp(r, a, p, m, ctx);
-    }
-
-    /*
-     * Grab a connection from the pool
-     */
-    rv = aep_get_connection(&hConnection);
-    if (rv != AEP_R_OK) {
-        AEPHKerr(AEPHK_F_AEP_MOD_EXP, AEPHK_R_GET_HANDLE_FAILED);
-        return BN_mod_exp(r, a, p, m, ctx);
-    }
-
-    /*
-     * To the card with the mod exp
-     */
-    rv = p_AEP_ModExp(hConnection, (void *)a, (void *)p, (void *)m, (void *)r,
-                      NULL);
-
-    if (rv != AEP_R_OK) {
-        AEPHKerr(AEPHK_F_AEP_MOD_EXP, AEPHK_R_MOD_EXP_FAILED);
-        rv = aep_close_connection(hConnection);
-        return BN_mod_exp(r, a, p, m, ctx);
-    }
-
-    /*
-     * Return the connection to the pool
-     */
-    rv = aep_return_connection(hConnection);
-    if (rv != AEP_R_OK) {
-        AEPHKerr(AEPHK_F_AEP_MOD_EXP, AEPHK_R_RETURN_CONNECTION_FAILED);
-        goto err;
-    }
-
-    to_return = 1;
- err:
-    return to_return;
-}
-
-#  ifndef OPENSSL_NO_RSA
-static AEP_RV aep_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                              const BIGNUM *q, const BIGNUM *dmp1,
-                              const BIGNUM *dmq1, const BIGNUM *iqmp,
-                              BN_CTX *ctx)
-{
-    AEP_RV rv = AEP_R_OK;
-    AEP_CONNECTION_HNDL hConnection;
-
-    /*
-     * Grab a connection from the pool
-     */
-    rv = aep_get_connection(&hConnection);
-    if (rv != AEP_R_OK) {
-        AEPHKerr(AEPHK_F_AEP_MOD_EXP_CRT, AEPHK_R_GET_HANDLE_FAILED);
-        return FAIL_TO_SW;
-    }
-
-    /*
-     * To the card with the mod exp
-     */
-    rv = p_AEP_ModExpCrt(hConnection, (void *)a, (void *)p, (void *)q,
-                         (void *)dmp1, (void *)dmq1, (void *)iqmp, (void *)r,
-                         NULL);
-    if (rv != AEP_R_OK) {
-        AEPHKerr(AEPHK_F_AEP_MOD_EXP_CRT, AEPHK_R_MOD_EXP_CRT_FAILED);
-        rv = aep_close_connection(hConnection);
-        return FAIL_TO_SW;
-    }
-
-    /*
-     * Return the connection to the pool
-     */
-    rv = aep_return_connection(hConnection);
-    if (rv != AEP_R_OK) {
-        AEPHKerr(AEPHK_F_AEP_MOD_EXP_CRT, AEPHK_R_RETURN_CONNECTION_FAILED);
-        goto err;
-    }
-
- err:
-    return rv;
-}
-#  endif
-
-#  ifdef AEPRAND
-static int aep_rand(unsigned char *buf, int len)
-{
-    AEP_RV rv = AEP_R_OK;
-    AEP_CONNECTION_HNDL hConnection;
-
-    CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-
-    /*
-     * Can the request be serviced with what's already in the buffer?
-     */
-    if (len <= rand_block_bytes) {
-        memcpy(buf, &rand_block[RAND_BLK_SIZE - rand_block_bytes], len);
-        rand_block_bytes -= len;
-        CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-    } else
-        /*
-         * If not the get another block of random bytes
-         */
-    {
-        CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-
-        rv = aep_get_connection(&hConnection);
-        if (rv != AEP_R_OK) {
-            AEPHKerr(AEPHK_F_AEP_RAND, AEPHK_R_GET_HANDLE_FAILED);
-            goto err_nounlock;
-        }
-
-        if (len > RAND_BLK_SIZE) {
-            rv = p_AEP_GenRandom(hConnection, len, 2, buf, NULL);
-            if (rv != AEP_R_OK) {
-                AEPHKerr(AEPHK_F_AEP_RAND, AEPHK_R_GET_RANDOM_FAILED);
-                goto err_nounlock;
-            }
-        } else {
-            CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-
-            rv = p_AEP_GenRandom(hConnection, RAND_BLK_SIZE, 2,
-                                 &rand_block[0], NULL);
-            if (rv != AEP_R_OK) {
-                AEPHKerr(AEPHK_F_AEP_RAND, AEPHK_R_GET_RANDOM_FAILED);
-
-                goto err;
-            }
-
-            rand_block_bytes = RAND_BLK_SIZE;
-
-            memcpy(buf, &rand_block[RAND_BLK_SIZE - rand_block_bytes], len);
-            rand_block_bytes -= len;
-
-            CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-        }
-
-        rv = aep_return_connection(hConnection);
-        if (rv != AEP_R_OK) {
-            AEPHKerr(AEPHK_F_AEP_RAND, AEPHK_R_RETURN_CONNECTION_FAILED);
-
-            goto err_nounlock;
-        }
-    }
-
-    return 1;
- err:
-    CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
- err_nounlock:
-    return 0;
-}
-
-static int aep_rand_status(void)
-{
-    return 1;
-}
-#  endif
-
-#  ifndef OPENSSL_NO_RSA
-static int aep_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
-{
-    int to_return = 0;
-    AEP_RV rv = AEP_R_OK;
-
-    if (!aep_dso) {
-        AEPHKerr(AEPHK_F_AEP_RSA_MOD_EXP, AEPHK_R_NOT_LOADED);
-        goto err;
-    }
-
-    /*
-     * See if we have all the necessary bits for a crt
-     */
-    if (rsa->q && rsa->dmp1 && rsa->dmq1 && rsa->iqmp) {
-        rv = aep_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1, rsa->dmq1,
-                             rsa->iqmp, ctx);
-
-        if (rv == FAIL_TO_SW) {
-            const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
-            to_return = (*meth->rsa_mod_exp) (r0, I, rsa, ctx);
-            goto err;
-        } else if (rv != AEP_R_OK)
-            goto err;
-    } else {
-        if (!rsa->d || !rsa->n) {
-            AEPHKerr(AEPHK_F_AEP_RSA_MOD_EXP, AEPHK_R_MISSING_KEY_COMPONENTS);
-            goto err;
-        }
-
-        rv = aep_mod_exp(r0, I, rsa->d, rsa->n, ctx);
-        if (rv != AEP_R_OK)
-            goto err;
-
-    }
-
-    to_return = 1;
-
- err:
-    return to_return;
-}
-#  endif
-
-#  ifndef OPENSSL_NO_DSA
-static int aep_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
-                           BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
-                           BN_CTX *ctx, BN_MONT_CTX *in_mont)
-{
-    BIGNUM t;
-    int to_return = 0;
-    BN_init(&t);
-
-    /* let rr = a1 ^ p1 mod m */
-    if (!aep_mod_exp(rr, a1, p1, m, ctx))
-        goto end;
-    /* let t = a2 ^ p2 mod m */
-    if (!aep_mod_exp(&t, a2, p2, m, ctx))
-        goto end;
-    /* let rr = rr * t mod m */
-    if (!BN_mod_mul(rr, rr, &t, m, ctx))
-        goto end;
-    to_return = 1;
- end:
-    BN_free(&t);
-    return to_return;
-}
-
-static int aep_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
-                           const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
-                           BN_MONT_CTX *m_ctx)
-{
-    return aep_mod_exp(r, a, p, m, ctx);
-}
-#  endif
-
-#  ifndef OPENSSL_NO_RSA
-/* This function is aliased to mod_exp (with the mont stuff dropped). */
-static int aep_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                            const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
-{
-    return aep_mod_exp(r, a, p, m, ctx);
-}
-#  endif
-
-#  ifndef OPENSSL_NO_DH
-/* This function is aliased to mod_exp (with the dh and mont dropped). */
-static int aep_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
-                          const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
-                          BN_MONT_CTX *m_ctx)
-{
-    return aep_mod_exp(r, a, p, m, ctx);
-}
-#  endif
-
-static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR phConnection)
-{
-    int count;
-    AEP_RV rv = AEP_R_OK;
-
-    /*
-     * Get the current process id
-     */
-    pid_t curr_pid;
-
-    CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-
-    curr_pid = getpid();
-
-    /*
-     * Check if this is the first time this is being called from the current
-     * process
-     */
-    if (recorded_pid != curr_pid) {
-        /*
-         * Remember our pid so we can check if we're in a new process
-         */
-        recorded_pid = curr_pid;
-
-        /*
-         * Call Finalize to make sure we have not inherited some data from a
-         * parent process
-         */
-        p_AEP_Finalize();
-
-        /*
-         * Initialise the AEP API
-         */
-        rv = p_AEP_Initialize(NULL);
-
-        if (rv != AEP_R_OK) {
-            AEPHKerr(AEPHK_F_AEP_GET_CONNECTION, AEPHK_R_INIT_FAILURE);
-            recorded_pid = 0;
-            goto end;
-        }
-
-        /*
-         * Set the AEP big num call back functions
-         */
-        rv = p_AEP_SetBNCallBacks(&GetBigNumSize, &MakeAEPBigNum,
-                                  &ConvertAEPBigNum);
-
-        if (rv != AEP_R_OK) {
-            AEPHKerr(AEPHK_F_AEP_GET_CONNECTION,
-                     AEPHK_R_SETBNCALLBACK_FAILURE);
-            recorded_pid = 0;
-            goto end;
-        }
-#  ifdef AEPRAND
-        /*
-         * Reset the rand byte count
-         */
-        rand_block_bytes = 0;
-#  endif
-
-        /*
-         * Init the structures
-         */
-        for (count = 0; count < MAX_PROCESS_CONNECTIONS; count++) {
-            aep_app_conn_table[count].conn_state = NotConnected;
-            aep_app_conn_table[count].conn_hndl = 0;
-        }
-
-        /*
-         * Open a connection
-         */
-        rv = p_AEP_OpenConnection(phConnection);
-
-        if (rv != AEP_R_OK) {
-            AEPHKerr(AEPHK_F_AEP_GET_CONNECTION, AEPHK_R_UNIT_FAILURE);
-            recorded_pid = 0;
-            goto end;
-        }
-
-        aep_app_conn_table[0].conn_state = InUse;
-        aep_app_conn_table[0].conn_hndl = *phConnection;
-        goto end;
-    }
-    /*
-     * Check the existing connections to see if we can find a free one
-     */
-    for (count = 0; count < MAX_PROCESS_CONNECTIONS; count++) {
-        if (aep_app_conn_table[count].conn_state == Connected) {
-            aep_app_conn_table[count].conn_state = InUse;
-            *phConnection = aep_app_conn_table[count].conn_hndl;
-            goto end;
-        }
-    }
-    /*
-     * If no connections available, we're going to have to try to open a new
-     * one
-     */
-    for (count = 0; count < MAX_PROCESS_CONNECTIONS; count++) {
-        if (aep_app_conn_table[count].conn_state == NotConnected) {
-            /*
-             * Open a connection
-             */
-            rv = p_AEP_OpenConnection(phConnection);
-
-            if (rv != AEP_R_OK) {
-                AEPHKerr(AEPHK_F_AEP_GET_CONNECTION, AEPHK_R_UNIT_FAILURE);
-                goto end;
-            }
-
-            aep_app_conn_table[count].conn_state = InUse;
-            aep_app_conn_table[count].conn_hndl = *phConnection;
-            goto end;
-        }
-    }
-    rv = AEP_R_GENERAL_ERROR;
- end:
-    CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-    return rv;
-}
-
-static AEP_RV aep_return_connection(AEP_CONNECTION_HNDL hConnection)
-{
-    int count;
-
-    CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-
-    /*
-     * Find the connection item that matches this connection handle
-     */
-    for (count = 0; count < MAX_PROCESS_CONNECTIONS; count++) {
-        if (aep_app_conn_table[count].conn_hndl == hConnection) {
-            aep_app_conn_table[count].conn_state = Connected;
-            break;
-        }
-    }
-
-    CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-
-    return AEP_R_OK;
-}
-
-static AEP_RV aep_close_connection(AEP_CONNECTION_HNDL hConnection)
-{
-    int count;
-    AEP_RV rv = AEP_R_OK;
-
-    CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-
-    /*
-     * Find the connection item that matches this connection handle
-     */
-    for (count = 0; count < MAX_PROCESS_CONNECTIONS; count++) {
-        if (aep_app_conn_table[count].conn_hndl == hConnection) {
-            rv = p_AEP_CloseConnection(aep_app_conn_table[count].conn_hndl);
-            if (rv != AEP_R_OK)
-                goto end;
-            aep_app_conn_table[count].conn_state = NotConnected;
-            aep_app_conn_table[count].conn_hndl = 0;
-            break;
-        }
-    }
-
- end:
-    CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-    return rv;
-}
-
-static AEP_RV aep_close_all_connections(int use_engine_lock, int *in_use)
-{
-    int count;
-    AEP_RV rv = AEP_R_OK;
-
-    *in_use = 0;
-    if (use_engine_lock)
-        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-    for (count = 0; count < MAX_PROCESS_CONNECTIONS; count++) {
-        switch (aep_app_conn_table[count].conn_state) {
-        case Connected:
-            rv = p_AEP_CloseConnection(aep_app_conn_table[count].conn_hndl);
-            if (rv != AEP_R_OK)
-                goto end;
-            aep_app_conn_table[count].conn_state = NotConnected;
-            aep_app_conn_table[count].conn_hndl = 0;
-            break;
-        case InUse:
-            (*in_use)++;
-            break;
-        case NotConnected:
-            break;
-        }
-    }
- end:
-    if (use_engine_lock)
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-    return rv;
-}
-
-/*
- * BigNum call back functions, used to convert OpenSSL bignums into AEP
- * bignums. Note only 32bit Openssl build support
- */
-
-static AEP_RV GetBigNumSize(AEP_VOID_PTR ArbBigNum, AEP_U32 *BigNumSize)
-{
-    BIGNUM *bn;
-
-    /*
-     * Cast the ArbBigNum pointer to our BIGNUM struct
-     */
-    bn = (BIGNUM *)ArbBigNum;
-
-#  ifdef SIXTY_FOUR_BIT_LONG
-    *BigNumSize = bn->top << 3;
-#  else
-    /*
-     * Size of the bignum in bytes is equal to the bn->top (no of 32 bit
-     * words) multiplies by 4
-     */
-    *BigNumSize = bn->top << 2;
-#  endif
-
-    return AEP_R_OK;
-}
-
-static AEP_RV MakeAEPBigNum(AEP_VOID_PTR ArbBigNum, AEP_U32 BigNumSize,
-                            unsigned char *AEP_BigNum)
-{
-    BIGNUM *bn;
-
-#  ifndef SIXTY_FOUR_BIT_LONG
-    unsigned char *buf;
-    int i;
-#  endif
-
-    /*
-     * Cast the ArbBigNum pointer to our BIGNUM struct
-     */
-    bn = (BIGNUM *)ArbBigNum;
-
-#  ifdef SIXTY_FOUR_BIT_LONG
-    memcpy(AEP_BigNum, bn->d, BigNumSize);
-#  else
-    /*
-     * Must copy data into a (monotone) least significant byte first format
-     * performing endian conversion if necessary
-     */
-    for (i = 0; i < bn->top; i++) {
-        buf = (unsigned char *)&bn->d[i];
-
-        *((AEP_U32 *)AEP_BigNum) = (AEP_U32)
-            ((unsigned)buf[1] << 8 | buf[0]) |
-            ((unsigned)buf[3] << 8 | buf[2]) << 16;
-
-        AEP_BigNum += 4;
-    }
-#  endif
-
-    return AEP_R_OK;
-}
-
-/*
- * Turn an AEP Big Num back to a user big num
- */
-static AEP_RV ConvertAEPBigNum(void *ArbBigNum, AEP_U32 BigNumSize,
-                               unsigned char *AEP_BigNum)
-{
-    BIGNUM *bn;
-#  ifndef SIXTY_FOUR_BIT_LONG
-    int i;
-#  endif
-
-    bn = (BIGNUM *)ArbBigNum;
-
-    /*
-     * Expand the result bn so that it can hold our big num. Size is in bits
-     */
-    if (bn_expand(bn, (int)(BigNumSize << 3)) == NULL)
-        return AEP_R_HOST_MEMORY;
-
-#  ifdef SIXTY_FOUR_BIT_LONG
-    bn->top = BigNumSize >> 3;
-
-    if ((BigNumSize & 7) != 0)
-        bn->top++;
-
-    memset(bn->d, 0, bn->top << 3);
-
-    memcpy(bn->d, AEP_BigNum, BigNumSize);
-#  else
-    bn->top = BigNumSize >> 2;
-
-    for (i = 0; i < bn->top; i++) {
-        bn->d[i] = (AEP_U32)
-            ((unsigned)AEP_BigNum[3] << 8 | AEP_BigNum[2]) << 16 |
-            ((unsigned)AEP_BigNum[1] << 8 | AEP_BigNum[0]);
-        AEP_BigNum += 4;
-    }
-#  endif
-
-    return AEP_R_OK;
-}
-
-# endif                         /* !OPENSSL_NO_HW_AEP */
-#endif                          /* !OPENSSL_NO_HW */
diff --git a/freebsd/crypto/openssl/engines/e_aep_err.c b/freebsd/crypto/openssl/engines/e_aep_err.c
deleted file mode 100644
index 492926c5..00000000
--- a/freebsd/crypto/openssl/engines/e_aep_err.c
+++ /dev/null
@@ -1,161 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* e_aep_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/*
- * NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include "e_aep_err.h"
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-# define ERR_FUNC(func) ERR_PACK(0,func,0)
-# define ERR_REASON(reason) ERR_PACK(0,0,reason)
-
-static ERR_STRING_DATA AEPHK_str_functs[] = {
-    {ERR_FUNC(AEPHK_F_AEP_CTRL), "AEP_CTRL"},
-    {ERR_FUNC(AEPHK_F_AEP_FINISH), "AEP_FINISH"},
-    {ERR_FUNC(AEPHK_F_AEP_GET_CONNECTION), "AEP_GET_CONNECTION"},
-    {ERR_FUNC(AEPHK_F_AEP_INIT), "AEP_INIT"},
-    {ERR_FUNC(AEPHK_F_AEP_MOD_EXP), "AEP_MOD_EXP"},
-    {ERR_FUNC(AEPHK_F_AEP_MOD_EXP_CRT), "AEP_MOD_EXP_CRT"},
-    {ERR_FUNC(AEPHK_F_AEP_RAND), "AEP_RAND"},
-    {ERR_FUNC(AEPHK_F_AEP_RSA_MOD_EXP), "AEP_RSA_MOD_EXP"},
-    {0, NULL}
-};
-
-static ERR_STRING_DATA AEPHK_str_reasons[] = {
-    {ERR_REASON(AEPHK_R_ALREADY_LOADED), "already loaded"},
-    {ERR_REASON(AEPHK_R_CLOSE_HANDLES_FAILED), "close handles failed"},
-    {ERR_REASON(AEPHK_R_CONNECTIONS_IN_USE), "connections in use"},
-    {ERR_REASON(AEPHK_R_CTRL_COMMAND_NOT_IMPLEMENTED),
-     "ctrl command not implemented"},
-    {ERR_REASON(AEPHK_R_FINALIZE_FAILED), "finalize failed"},
-    {ERR_REASON(AEPHK_R_GET_HANDLE_FAILED), "get handle failed"},
-    {ERR_REASON(AEPHK_R_GET_RANDOM_FAILED), "get random failed"},
-    {ERR_REASON(AEPHK_R_INIT_FAILURE), "init failure"},
-    {ERR_REASON(AEPHK_R_MISSING_KEY_COMPONENTS), "missing key components"},
-    {ERR_REASON(AEPHK_R_MOD_EXP_CRT_FAILED), "mod exp crt failed"},
-    {ERR_REASON(AEPHK_R_MOD_EXP_FAILED), "mod exp failed"},
-    {ERR_REASON(AEPHK_R_NOT_LOADED), "not loaded"},
-    {ERR_REASON(AEPHK_R_OK), "ok"},
-    {ERR_REASON(AEPHK_R_RETURN_CONNECTION_FAILED),
-     "return connection failed"},
-    {ERR_REASON(AEPHK_R_SETBNCALLBACK_FAILURE), "setbncallback failure"},
-    {ERR_REASON(AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL),
-     "size too large or too small"},
-    {ERR_REASON(AEPHK_R_UNIT_FAILURE), "unit failure"},
-    {0, NULL}
-};
-
-#endif
-
-#ifdef AEPHK_LIB_NAME
-static ERR_STRING_DATA AEPHK_lib_name[] = {
-    {0, AEPHK_LIB_NAME},
-    {0, NULL}
-};
-#endif
-
-static int AEPHK_lib_error_code = 0;
-static int AEPHK_error_init = 1;
-
-static void ERR_load_AEPHK_strings(void)
-{
-    if (AEPHK_lib_error_code == 0)
-        AEPHK_lib_error_code = ERR_get_next_error_library();
-
-    if (AEPHK_error_init) {
-        AEPHK_error_init = 0;
-#ifndef OPENSSL_NO_ERR
-        ERR_load_strings(AEPHK_lib_error_code, AEPHK_str_functs);
-        ERR_load_strings(AEPHK_lib_error_code, AEPHK_str_reasons);
-#endif
-
-#ifdef AEPHK_LIB_NAME
-        AEPHK_lib_name->error = ERR_PACK(AEPHK_lib_error_code, 0, 0);
-        ERR_load_strings(0, AEPHK_lib_name);
-#endif
-    }
-}
-
-static void ERR_unload_AEPHK_strings(void)
-{
-    if (AEPHK_error_init == 0) {
-#ifndef OPENSSL_NO_ERR
-        ERR_unload_strings(AEPHK_lib_error_code, AEPHK_str_functs);
-        ERR_unload_strings(AEPHK_lib_error_code, AEPHK_str_reasons);
-#endif
-
-#ifdef AEPHK_LIB_NAME
-        ERR_unload_strings(0, AEPHK_lib_name);
-#endif
-        AEPHK_error_init = 1;
-    }
-}
-
-static void ERR_AEPHK_error(int function, int reason, char *file, int line)
-{
-    if (AEPHK_lib_error_code == 0)
-        AEPHK_lib_error_code = ERR_get_next_error_library();
-    ERR_PUT_error(AEPHK_lib_error_code, function, reason, file, line);
-}
diff --git a/freebsd/crypto/openssl/engines/e_aep_err.h b/freebsd/crypto/openssl/engines/e_aep_err.h
deleted file mode 100644
index 2ed01147..00000000
--- a/freebsd/crypto/openssl/engines/e_aep_err.h
+++ /dev/null
@@ -1,106 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_AEPHK_ERR_H
-# define HEADER_AEPHK_ERR_H
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* BEGIN ERROR CODES */
-/*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-static void ERR_load_AEPHK_strings(void);
-static void ERR_unload_AEPHK_strings(void);
-static void ERR_AEPHK_error(int function, int reason, char *file, int line);
-# define AEPHKerr(f,r) ERR_AEPHK_error((f),(r),__FILE__,__LINE__)
-
-/* Error codes for the AEPHK functions. */
-
-/* Function codes. */
-# define AEPHK_F_AEP_CTRL                                 100
-# define AEPHK_F_AEP_FINISH                               101
-# define AEPHK_F_AEP_GET_CONNECTION                       102
-# define AEPHK_F_AEP_INIT                                 103
-# define AEPHK_F_AEP_MOD_EXP                              104
-# define AEPHK_F_AEP_MOD_EXP_CRT                          105
-# define AEPHK_F_AEP_RAND                                 106
-# define AEPHK_F_AEP_RSA_MOD_EXP                          107
-
-/* Reason codes. */
-# define AEPHK_R_ALREADY_LOADED                           100
-# define AEPHK_R_CLOSE_HANDLES_FAILED                     101
-# define AEPHK_R_CONNECTIONS_IN_USE                       102
-# define AEPHK_R_CTRL_COMMAND_NOT_IMPLEMENTED             103
-# define AEPHK_R_FINALIZE_FAILED                          104
-# define AEPHK_R_GET_HANDLE_FAILED                        105
-# define AEPHK_R_GET_RANDOM_FAILED                        106
-# define AEPHK_R_INIT_FAILURE                             107
-# define AEPHK_R_MISSING_KEY_COMPONENTS                   108
-# define AEPHK_R_MOD_EXP_CRT_FAILED                       109
-# define AEPHK_R_MOD_EXP_FAILED                           110
-# define AEPHK_R_NOT_LOADED                               111
-# define AEPHK_R_OK                                       112
-# define AEPHK_R_RETURN_CONNECTION_FAILED                 113
-# define AEPHK_R_SETBNCALLBACK_FAILURE                    114
-# define AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL              116
-# define AEPHK_R_UNIT_FAILURE                             115
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/freebsd/crypto/openssl/engines/e_afalg.c b/freebsd/crypto/openssl/engines/e_afalg.c
new file mode 100644
index 00000000..f8f655d0
--- /dev/null
+++ b/freebsd/crypto/openssl/engines/e_afalg.c
@@ -0,0 +1,872 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Required for vmsplice */
+#ifndef _GNU_SOURCE
+# define _GNU_SOURCE
+#endif
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <openssl/engine.h>
+#include <openssl/async.h>
+#include <openssl/err.h>
+#include "internal/nelem.h"
+
+#include <sys/socket.h>
+#include <linux/version.h>
+#define K_MAJ   4
+#define K_MIN1  1
+#define K_MIN2  0
+#if LINUX_VERSION_CODE < KERNEL_VERSION(K_MAJ, K_MIN1, K_MIN2) || \
+    !defined(AF_ALG)
+# ifndef PEDANTIC
+#  warning "AFALG ENGINE requires Kernel Headers >= 4.1.0"
+#  warning "Skipping Compilation of AFALG engine"
+# endif
+void engine_load_afalg_int(void);
+void engine_load_afalg_int(void)
+{
+}
+#else
+
+# include <linux/if_alg.h>
+# include <fcntl.h>
+# include <sys/utsname.h>
+
+# include <linux/aio_abi.h>
+# include <sys/syscall.h>
+# include <errno.h>
+
+# include "e_afalg.h"
+# include "e_afalg_err.c"
+
+# ifndef SOL_ALG
+#  define SOL_ALG 279
+# endif
+
+# ifdef ALG_ZERO_COPY
+#  ifndef SPLICE_F_GIFT
+#   define SPLICE_F_GIFT    (0x08)
+#  endif
+# endif
+
+# define ALG_AES_IV_LEN 16
+# define ALG_IV_LEN(len) (sizeof(struct af_alg_iv) + (len))
+# define ALG_OP_TYPE     unsigned int
+# define ALG_OP_LEN      (sizeof(ALG_OP_TYPE))
+
+#define ALG_MAX_SALG_NAME       64
+#define ALG_MAX_SALG_TYPE       14
+
+# ifdef OPENSSL_NO_DYNAMIC_ENGINE
+void engine_load_afalg_int(void);
+# endif
+
+/* Local Linkage Functions */
+static int afalg_init_aio(afalg_aio *aio);
+static int afalg_fin_cipher_aio(afalg_aio *ptr, int sfd,
+                                unsigned char *buf, size_t len);
+static int afalg_create_sk(afalg_ctx *actx, const char *ciphertype,
+                                const char *ciphername);
+static int afalg_destroy(ENGINE *e);
+static int afalg_init(ENGINE *e);
+static int afalg_finish(ENGINE *e);
+static const EVP_CIPHER *afalg_aes_cbc(int nid);
+static cbc_handles *get_cipher_handle(int nid);
+static int afalg_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+                         const int **nids, int nid);
+static int afalg_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc);
+static int afalg_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                           const unsigned char *in, size_t inl);
+static int afalg_cipher_cleanup(EVP_CIPHER_CTX *ctx);
+static int afalg_chk_platform(void);
+
+/* Engine Id and Name */
+static const char *engine_afalg_id = "afalg";
+static const char *engine_afalg_name = "AFALG engine support";
+
+static int afalg_cipher_nids[] = {
+    NID_aes_128_cbc,
+    NID_aes_192_cbc,
+    NID_aes_256_cbc,
+};
+
+static cbc_handles cbc_handle[] = {{AES_KEY_SIZE_128, NULL},
+                                    {AES_KEY_SIZE_192, NULL},
+                                    {AES_KEY_SIZE_256, NULL}};
+
+static ossl_inline int io_setup(unsigned n, aio_context_t *ctx)
+{
+    return syscall(__NR_io_setup, n, ctx);
+}
+
+static ossl_inline int eventfd(int n)
+{
+    return syscall(__NR_eventfd2, n, 0);
+}
+
+static ossl_inline int io_destroy(aio_context_t ctx)
+{
+    return syscall(__NR_io_destroy, ctx);
+}
+
+static ossl_inline int io_read(aio_context_t ctx, long n, struct iocb **iocb)
+{
+    return syscall(__NR_io_submit, ctx, n, iocb);
+}
+
+static ossl_inline int io_getevents(aio_context_t ctx, long min, long max,
+                               struct io_event *events,
+                               struct timespec *timeout)
+{
+    return syscall(__NR_io_getevents, ctx, min, max, events, timeout);
+}
+
+static void afalg_waitfd_cleanup(ASYNC_WAIT_CTX *ctx, const void *key,
+                                 OSSL_ASYNC_FD waitfd, void *custom)
+{
+    close(waitfd);
+}
+
+static int afalg_setup_async_event_notification(afalg_aio *aio)
+{
+    ASYNC_JOB *job;
+    ASYNC_WAIT_CTX *waitctx;
+    void *custom = NULL;
+    int ret;
+
+    if ((job = ASYNC_get_current_job()) != NULL) {
+        /* Async mode */
+        waitctx = ASYNC_get_wait_ctx(job);
+        if (waitctx == NULL) {
+            ALG_WARN("%s(%d): ASYNC_get_wait_ctx error", __FILE__, __LINE__);
+            return 0;
+        }
+        /* Get waitfd from ASYNC_WAIT_CTX if it is already set */
+        ret = ASYNC_WAIT_CTX_get_fd(waitctx, engine_afalg_id,
+                                    &aio->efd, &custom);
+        if (ret == 0) {
+            /*
+             * waitfd is not set in ASYNC_WAIT_CTX, create a new one
+             * and set it. efd will be signaled when AIO operation completes
+             */
+            aio->efd = eventfd(0);
+            if (aio->efd == -1) {
+                ALG_PERR("%s(%d): Failed to get eventfd : ", __FILE__,
+                         __LINE__);
+                AFALGerr(AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION,
+                         AFALG_R_EVENTFD_FAILED);
+                return 0;
+            }
+            ret = ASYNC_WAIT_CTX_set_wait_fd(waitctx, engine_afalg_id,
+                                             aio->efd, custom,
+                                             afalg_waitfd_cleanup);
+            if (ret == 0) {
+                ALG_WARN("%s(%d): Failed to set wait fd", __FILE__, __LINE__);
+                close(aio->efd);
+                return 0;
+            }
+            /* make fd non-blocking in async mode */
+            if (fcntl(aio->efd, F_SETFL, O_NONBLOCK) != 0) {
+                ALG_WARN("%s(%d): Failed to set event fd as NONBLOCKING",
+                         __FILE__, __LINE__);
+            }
+        }
+        aio->mode = MODE_ASYNC;
+    } else {
+        /* Sync mode */
+        aio->efd = eventfd(0);
+        if (aio->efd == -1) {
+            ALG_PERR("%s(%d): Failed to get eventfd : ", __FILE__, __LINE__);
+            AFALGerr(AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION,
+                     AFALG_R_EVENTFD_FAILED);
+            return 0;
+        }
+        aio->mode = MODE_SYNC;
+    }
+    return 1;
+}
+
+static int afalg_init_aio(afalg_aio *aio)
+{
+    int r = -1;
+
+    /* Initialise for AIO */
+    aio->aio_ctx = 0;
+    r = io_setup(MAX_INFLIGHTS, &aio->aio_ctx);
+    if (r < 0) {
+        ALG_PERR("%s(%d): io_setup error : ", __FILE__, __LINE__);
+        AFALGerr(AFALG_F_AFALG_INIT_AIO, AFALG_R_IO_SETUP_FAILED);
+        return 0;
+    }
+
+    memset(aio->cbt, 0, sizeof(aio->cbt));
+    aio->efd = -1;
+    aio->mode = MODE_UNINIT;
+
+    return 1;
+}
+
+static int afalg_fin_cipher_aio(afalg_aio *aio, int sfd, unsigned char *buf,
+                                size_t len)
+{
+    int r;
+    int retry = 0;
+    unsigned int done = 0;
+    struct iocb *cb;
+    struct timespec timeout;
+    struct io_event events[MAX_INFLIGHTS];
+    u_int64_t eval = 0;
+
+    timeout.tv_sec = 0;
+    timeout.tv_nsec = 0;
+
+    /* if efd has not been initialised yet do it here */
+    if (aio->mode == MODE_UNINIT) {
+        r = afalg_setup_async_event_notification(aio);
+        if (r == 0)
+            return 0;
+    }
+
+    cb = &(aio->cbt[0 % MAX_INFLIGHTS]);
+    memset(cb, '\0', sizeof(*cb));
+    cb->aio_fildes = sfd;
+    cb->aio_lio_opcode = IOCB_CMD_PREAD;
+    /*
+     * The pointer has to be converted to unsigned value first to avoid
+     * sign extension on cast to 64 bit value in 32-bit builds
+     */
+    cb->aio_buf = (size_t)buf;
+    cb->aio_offset = 0;
+    cb->aio_data = 0;
+    cb->aio_nbytes = len;
+    cb->aio_flags = IOCB_FLAG_RESFD;
+    cb->aio_resfd = aio->efd;
+
+    /*
+     * Perform AIO read on AFALG socket, this in turn performs an async
+     * crypto operation in kernel space
+     */
+    r = io_read(aio->aio_ctx, 1, &cb);
+    if (r < 0) {
+        ALG_PWARN("%s(%d): io_read failed : ", __FILE__, __LINE__);
+        return 0;
+    }
+
+    do {
+        /* While AIO read is being performed pause job */
+        ASYNC_pause_job();
+
+        /* Check for completion of AIO read */
+        r = read(aio->efd, &eval, sizeof(eval));
+        if (r < 0) {
+            if (errno == EAGAIN || errno == EWOULDBLOCK)
+                continue;
+            ALG_PERR("%s(%d): read failed for event fd : ", __FILE__, __LINE__);
+            return 0;
+        } else if (r == 0 || eval <= 0) {
+            ALG_WARN("%s(%d): eventfd read %d bytes, eval = %lu\n", __FILE__,
+                     __LINE__, r, eval);
+        }
+        if (eval > 0) {
+
+            /* Get results of AIO read */
+            r = io_getevents(aio->aio_ctx, 1, MAX_INFLIGHTS,
+                             events, &timeout);
+            if (r > 0) {
+                /*
+                 * events.res indicates the actual status of the operation.
+                 * Handle the error condition first.
+                 */
+                if (events[0].res < 0) {
+                    /*
+                     * Underlying operation cannot be completed at the time
+                     * of previous submission. Resubmit for the operation.
+                     */
+                    if (events[0].res == -EBUSY && retry++ < 3) {
+                        r = io_read(aio->aio_ctx, 1, &cb);
+                        if (r < 0) {
+                            ALG_PERR("%s(%d): retry %d for io_read failed : ",
+                                     __FILE__, __LINE__, retry);
+                            return 0;
+                        }
+                        continue;
+                    } else {
+                        /*
+                         * Retries exceed for -EBUSY or unrecoverable error
+                         * condition for this instance of operation.
+                         */
+                        ALG_WARN
+                            ("%s(%d): Crypto Operation failed with code %lld\n",
+                             __FILE__, __LINE__, events[0].res);
+                        return 0;
+                    }
+                }
+                /* Operation successful. */
+                done = 1;
+            } else if (r < 0) {
+                ALG_PERR("%s(%d): io_getevents failed : ", __FILE__, __LINE__);
+                return 0;
+            } else {
+                ALG_WARN("%s(%d): io_geteventd read 0 bytes\n", __FILE__,
+                         __LINE__);
+            }
+        }
+    } while (!done);
+
+    return 1;
+}
+
+static ossl_inline void afalg_set_op_sk(struct cmsghdr *cmsg,
+                                   const ALG_OP_TYPE op)
+{
+    cmsg->cmsg_level = SOL_ALG;
+    cmsg->cmsg_type = ALG_SET_OP;
+    cmsg->cmsg_len = CMSG_LEN(ALG_OP_LEN);
+    memcpy(CMSG_DATA(cmsg), &op, ALG_OP_LEN);
+}
+
+static void afalg_set_iv_sk(struct cmsghdr *cmsg, const unsigned char *iv,
+                            const unsigned int len)
+{
+    struct af_alg_iv *aiv;
+
+    cmsg->cmsg_level = SOL_ALG;
+    cmsg->cmsg_type = ALG_SET_IV;
+    cmsg->cmsg_len = CMSG_LEN(ALG_IV_LEN(len));
+    aiv = (struct af_alg_iv *)CMSG_DATA(cmsg);
+    aiv->ivlen = len;
+    memcpy(aiv->iv, iv, len);
+}
+
+static ossl_inline int afalg_set_key(afalg_ctx *actx, const unsigned char *key,
+                                const int klen)
+{
+    int ret;
+    ret = setsockopt(actx->bfd, SOL_ALG, ALG_SET_KEY, key, klen);
+    if (ret < 0) {
+        ALG_PERR("%s(%d): Failed to set socket option : ", __FILE__, __LINE__);
+        AFALGerr(AFALG_F_AFALG_SET_KEY, AFALG_R_SOCKET_SET_KEY_FAILED);
+        return 0;
+    }
+    return 1;
+}
+
+static int afalg_create_sk(afalg_ctx *actx, const char *ciphertype,
+                                const char *ciphername)
+{
+    struct sockaddr_alg sa;
+    int r = -1;
+
+    actx->bfd = actx->sfd = -1;
+
+    memset(&sa, 0, sizeof(sa));
+    sa.salg_family = AF_ALG;
+    strncpy((char *) sa.salg_type, ciphertype, ALG_MAX_SALG_TYPE);
+    sa.salg_type[ALG_MAX_SALG_TYPE-1] = '\0';
+    strncpy((char *) sa.salg_name, ciphername, ALG_MAX_SALG_NAME);
+    sa.salg_name[ALG_MAX_SALG_NAME-1] = '\0';
+
+    actx->bfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
+    if (actx->bfd == -1) {
+        ALG_PERR("%s(%d): Failed to open socket : ", __FILE__, __LINE__);
+        AFALGerr(AFALG_F_AFALG_CREATE_SK, AFALG_R_SOCKET_CREATE_FAILED);
+        goto err;
+    }
+
+    r = bind(actx->bfd, (struct sockaddr *)&sa, sizeof(sa));
+    if (r < 0) {
+        ALG_PERR("%s(%d): Failed to bind socket : ", __FILE__, __LINE__);
+        AFALGerr(AFALG_F_AFALG_CREATE_SK, AFALG_R_SOCKET_BIND_FAILED);
+        goto err;
+    }
+
+    actx->sfd = accept(actx->bfd, NULL, 0);
+    if (actx->sfd < 0) {
+        ALG_PERR("%s(%d): Socket Accept Failed : ", __FILE__, __LINE__);
+        AFALGerr(AFALG_F_AFALG_CREATE_SK, AFALG_R_SOCKET_ACCEPT_FAILED);
+        goto err;
+    }
+
+    return 1;
+
+ err:
+    if (actx->bfd >= 0)
+        close(actx->bfd);
+    if (actx->sfd >= 0)
+        close(actx->sfd);
+    actx->bfd = actx->sfd = -1;
+    return 0;
+}
+
+static int afalg_start_cipher_sk(afalg_ctx *actx, const unsigned char *in,
+                                 size_t inl, const unsigned char *iv,
+                                 unsigned int enc)
+{
+    struct msghdr msg = { 0 };
+    struct cmsghdr *cmsg;
+    struct iovec iov;
+    ssize_t sbytes;
+# ifdef ALG_ZERO_COPY
+    int ret;
+# endif
+    char cbuf[CMSG_SPACE(ALG_IV_LEN(ALG_AES_IV_LEN)) + CMSG_SPACE(ALG_OP_LEN)];
+
+    memset(cbuf, 0, sizeof(cbuf));
+    msg.msg_control = cbuf;
+    msg.msg_controllen = sizeof(cbuf);
+
+    /*
+     * cipher direction (i.e. encrypt or decrypt) and iv are sent to the
+     * kernel as part of sendmsg()'s ancillary data
+     */
+    cmsg = CMSG_FIRSTHDR(&msg);
+    afalg_set_op_sk(cmsg, enc);
+    cmsg = CMSG_NXTHDR(&msg, cmsg);
+    afalg_set_iv_sk(cmsg, iv, ALG_AES_IV_LEN);
+
+    /* iov that describes input data */
+    iov.iov_base = (unsigned char *)in;
+    iov.iov_len = inl;
+
+    msg.msg_flags = MSG_MORE;
+
+# ifdef ALG_ZERO_COPY
+    /*
+     * ZERO_COPY mode
+     * Works best when buffer is 4k aligned
+     * OPENS: out of place processing (i.e. out != in)
+     */
+
+    /* Input data is not sent as part of call to sendmsg() */
+    msg.msg_iovlen = 0;
+    msg.msg_iov = NULL;
+
+    /* Sendmsg() sends iv and cipher direction to the kernel */
+    sbytes = sendmsg(actx->sfd, &msg, 0);
+    if (sbytes < 0) {
+        ALG_PERR("%s(%d): sendmsg failed for zero copy cipher operation : ",
+                 __FILE__, __LINE__);
+        return 0;
+    }
+
+    /*
+     * vmsplice and splice are used to pin the user space input buffer for
+     * kernel space processing avoiding copys from user to kernel space
+     */
+    ret = vmsplice(actx->zc_pipe[1], &iov, 1, SPLICE_F_GIFT);
+    if (ret < 0) {
+        ALG_PERR("%s(%d): vmsplice failed : ", __FILE__, __LINE__);
+        return 0;
+    }
+
+    ret = splice(actx->zc_pipe[0], NULL, actx->sfd, NULL, inl, 0);
+    if (ret < 0) {
+        ALG_PERR("%s(%d): splice failed : ", __FILE__, __LINE__);
+        return 0;
+    }
+# else
+    msg.msg_iovlen = 1;
+    msg.msg_iov = &iov;
+
+    /* Sendmsg() sends iv, cipher direction and input data to the kernel */
+    sbytes = sendmsg(actx->sfd, &msg, 0);
+    if (sbytes < 0) {
+        ALG_PERR("%s(%d): sendmsg failed for cipher operation : ", __FILE__,
+                 __LINE__);
+        return 0;
+    }
+
+    if (sbytes != (ssize_t) inl) {
+        ALG_WARN("Cipher operation send bytes %zd != inlen %zd\n", sbytes,
+                inl);
+        return 0;
+    }
+# endif
+
+    return 1;
+}
+
+static int afalg_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc)
+{
+    int ciphertype;
+    int ret;
+    afalg_ctx *actx;
+    char ciphername[ALG_MAX_SALG_NAME];
+
+    if (ctx == NULL || key == NULL) {
+        ALG_WARN("%s(%d): Null Parameter\n", __FILE__, __LINE__);
+        return 0;
+    }
+
+    if (EVP_CIPHER_CTX_cipher(ctx) == NULL) {
+        ALG_WARN("%s(%d): Cipher object NULL\n", __FILE__, __LINE__);
+        return 0;
+    }
+
+    actx = EVP_CIPHER_CTX_get_cipher_data(ctx);
+    if (actx == NULL) {
+        ALG_WARN("%s(%d): Cipher data NULL\n", __FILE__, __LINE__);
+        return 0;
+    }
+
+    ciphertype = EVP_CIPHER_CTX_nid(ctx);
+    switch (ciphertype) {
+    case NID_aes_128_cbc:
+    case NID_aes_192_cbc:
+    case NID_aes_256_cbc:
+        strncpy(ciphername, "cbc(aes)", ALG_MAX_SALG_NAME);
+        break;
+    default:
+        ALG_WARN("%s(%d): Unsupported Cipher type %d\n", __FILE__, __LINE__,
+                 ciphertype);
+        return 0;
+    }
+    ciphername[ALG_MAX_SALG_NAME-1]='\0';
+
+    if (ALG_AES_IV_LEN != EVP_CIPHER_CTX_iv_length(ctx)) {
+        ALG_WARN("%s(%d): Unsupported IV length :%d\n", __FILE__, __LINE__,
+                 EVP_CIPHER_CTX_iv_length(ctx));
+        return 0;
+    }
+
+    /* Setup AFALG socket for crypto processing */
+    ret = afalg_create_sk(actx, "skcipher", ciphername);
+    if (ret < 1)
+        return 0;
+
+
+    ret = afalg_set_key(actx, key, EVP_CIPHER_CTX_key_length(ctx));
+    if (ret < 1)
+        goto err;
+
+    /* Setup AIO ctx to allow async AFALG crypto processing */
+    if (afalg_init_aio(&actx->aio) == 0)
+        goto err;
+
+# ifdef ALG_ZERO_COPY
+    pipe(actx->zc_pipe);
+# endif
+
+    actx->init_done = MAGIC_INIT_NUM;
+
+    return 1;
+
+err:
+    close(actx->sfd);
+    close(actx->bfd);
+    return 0;
+}
+
+static int afalg_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                           const unsigned char *in, size_t inl)
+{
+    afalg_ctx *actx;
+    int ret;
+    char nxtiv[ALG_AES_IV_LEN] = { 0 };
+
+    if (ctx == NULL || out == NULL || in == NULL) {
+        ALG_WARN("NULL parameter passed to function %s(%d)\n", __FILE__,
+                 __LINE__);
+        return 0;
+    }
+
+    actx = (afalg_ctx *) EVP_CIPHER_CTX_get_cipher_data(ctx);
+    if (actx == NULL || actx->init_done != MAGIC_INIT_NUM) {
+        ALG_WARN("%s afalg ctx passed\n",
+                 ctx == NULL ? "NULL" : "Uninitialised");
+        return 0;
+    }
+
+    /*
+     * set iv now for decrypt operation as the input buffer can be
+     * overwritten for inplace operation where in = out.
+     */
+    if (EVP_CIPHER_CTX_encrypting(ctx) == 0) {
+        memcpy(nxtiv, in + (inl - ALG_AES_IV_LEN), ALG_AES_IV_LEN);
+    }
+
+    /* Send input data to kernel space */
+    ret = afalg_start_cipher_sk(actx, (unsigned char *)in, inl,
+                                EVP_CIPHER_CTX_iv(ctx),
+                                EVP_CIPHER_CTX_encrypting(ctx));
+    if (ret < 1) {
+        return 0;
+    }
+
+    /* Perform async crypto operation in kernel space */
+    ret = afalg_fin_cipher_aio(&actx->aio, actx->sfd, out, inl);
+    if (ret < 1)
+        return 0;
+
+    if (EVP_CIPHER_CTX_encrypting(ctx)) {
+        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), out + (inl - ALG_AES_IV_LEN),
+               ALG_AES_IV_LEN);
+    } else {
+        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), nxtiv, ALG_AES_IV_LEN);
+    }
+
+    return 1;
+}
+
+static int afalg_cipher_cleanup(EVP_CIPHER_CTX *ctx)
+{
+    afalg_ctx *actx;
+
+    if (ctx == NULL) {
+        ALG_WARN("NULL parameter passed to function %s(%d)\n", __FILE__,
+                 __LINE__);
+        return 0;
+    }
+
+    actx = (afalg_ctx *) EVP_CIPHER_CTX_get_cipher_data(ctx);
+    if (actx == NULL || actx->init_done != MAGIC_INIT_NUM) {
+        ALG_WARN("%s afalg ctx passed\n",
+                 ctx == NULL ? "NULL" : "Uninitialised");
+        return 0;
+    }
+
+    close(actx->sfd);
+    close(actx->bfd);
+# ifdef ALG_ZERO_COPY
+    close(actx->zc_pipe[0]);
+    close(actx->zc_pipe[1]);
+# endif
+    /* close efd in sync mode, async mode is closed in afalg_waitfd_cleanup() */
+    if (actx->aio.mode == MODE_SYNC)
+        close(actx->aio.efd);
+    io_destroy(actx->aio.aio_ctx);
+
+    return 1;
+}
+
+static cbc_handles *get_cipher_handle(int nid)
+{
+    switch (nid) {
+    case NID_aes_128_cbc:
+        return &cbc_handle[AES_CBC_128];
+    case NID_aes_192_cbc:
+        return &cbc_handle[AES_CBC_192];
+    case NID_aes_256_cbc:
+        return &cbc_handle[AES_CBC_256];
+    default:
+        return NULL;
+    }
+}
+
+static const EVP_CIPHER *afalg_aes_cbc(int nid)
+{
+    cbc_handles *cipher_handle = get_cipher_handle(nid);
+    if (cipher_handle->_hidden == NULL
+        && ((cipher_handle->_hidden =
+         EVP_CIPHER_meth_new(nid,
+                             AES_BLOCK_SIZE,
+                             cipher_handle->key_size)) == NULL
+        || !EVP_CIPHER_meth_set_iv_length(cipher_handle->_hidden,
+                                          AES_IV_LEN)
+        || !EVP_CIPHER_meth_set_flags(cipher_handle->_hidden,
+                                      EVP_CIPH_CBC_MODE |
+                                      EVP_CIPH_FLAG_DEFAULT_ASN1)
+        || !EVP_CIPHER_meth_set_init(cipher_handle->_hidden,
+                                     afalg_cipher_init)
+        || !EVP_CIPHER_meth_set_do_cipher(cipher_handle->_hidden,
+                                          afalg_do_cipher)
+        || !EVP_CIPHER_meth_set_cleanup(cipher_handle->_hidden,
+                                        afalg_cipher_cleanup)
+        || !EVP_CIPHER_meth_set_impl_ctx_size(cipher_handle->_hidden,
+                                              sizeof(afalg_ctx)))) {
+        EVP_CIPHER_meth_free(cipher_handle->_hidden);
+        cipher_handle->_hidden= NULL;
+    }
+    return cipher_handle->_hidden;
+}
+
+static int afalg_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+                         const int **nids, int nid)
+{
+    int r = 1;
+
+    if (cipher == NULL) {
+        *nids = afalg_cipher_nids;
+        return (sizeof(afalg_cipher_nids) / sizeof(afalg_cipher_nids[0]));
+    }
+
+    switch (nid) {
+    case NID_aes_128_cbc:
+    case NID_aes_192_cbc:
+    case NID_aes_256_cbc:
+        *cipher = afalg_aes_cbc(nid);
+        break;
+    default:
+        *cipher = NULL;
+        r = 0;
+    }
+    return r;
+}
+
+static int bind_afalg(ENGINE *e)
+{
+    /* Ensure the afalg error handling is set up */
+    unsigned short i;
+    ERR_load_AFALG_strings();
+
+    if (!ENGINE_set_id(e, engine_afalg_id)
+        || !ENGINE_set_name(e, engine_afalg_name)
+        || !ENGINE_set_destroy_function(e, afalg_destroy)
+        || !ENGINE_set_init_function(e, afalg_init)
+        || !ENGINE_set_finish_function(e, afalg_finish)) {
+        AFALGerr(AFALG_F_BIND_AFALG, AFALG_R_INIT_FAILED);
+        return 0;
+    }
+
+    /*
+     * Create _hidden_aes_xxx_cbc by calling afalg_aes_xxx_cbc
+     * now, as bind_aflag can only be called by one thread at a
+     * time.
+     */
+    for(i = 0; i < OSSL_NELEM(afalg_cipher_nids); i++) {
+        if (afalg_aes_cbc(afalg_cipher_nids[i]) == NULL) {
+            AFALGerr(AFALG_F_BIND_AFALG, AFALG_R_INIT_FAILED);
+            return 0;
+        }
+    }
+
+    if (!ENGINE_set_ciphers(e, afalg_ciphers)) {
+        AFALGerr(AFALG_F_BIND_AFALG, AFALG_R_INIT_FAILED);
+        return 0;
+    }
+
+    return 1;
+}
+
+# ifndef OPENSSL_NO_DYNAMIC_ENGINE
+static int bind_helper(ENGINE *e, const char *id)
+{
+    if (id && (strcmp(id, engine_afalg_id) != 0))
+        return 0;
+
+    if (!afalg_chk_platform())
+        return 0;
+
+    if (!bind_afalg(e))
+        return 0;
+    return 1;
+}
+
+IMPLEMENT_DYNAMIC_CHECK_FN()
+    IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
+# endif
+
+static int afalg_chk_platform(void)
+{
+    int ret;
+    int i;
+    int kver[3] = { -1, -1, -1 };
+    int sock;
+    char *str;
+    struct utsname ut;
+
+    ret = uname(&ut);
+    if (ret != 0) {
+        AFALGerr(AFALG_F_AFALG_CHK_PLATFORM,
+                 AFALG_R_FAILED_TO_GET_PLATFORM_INFO);
+        return 0;
+    }
+
+    str = strtok(ut.release, ".");
+    for (i = 0; i < 3 && str != NULL; i++) {
+        kver[i] = atoi(str);
+        str = strtok(NULL, ".");
+    }
+
+    if (KERNEL_VERSION(kver[0], kver[1], kver[2])
+        < KERNEL_VERSION(K_MAJ, K_MIN1, K_MIN2)) {
+        ALG_ERR("ASYNC AFALG not supported this kernel(%d.%d.%d)\n",
+                 kver[0], kver[1], kver[2]);
+        ALG_ERR("ASYNC AFALG requires kernel version %d.%d.%d or later\n",
+                 K_MAJ, K_MIN1, K_MIN2);
+        AFALGerr(AFALG_F_AFALG_CHK_PLATFORM,
+                 AFALG_R_KERNEL_DOES_NOT_SUPPORT_ASYNC_AFALG);
+        return 0;
+    }
+
+    /* Test if we can actually create an AF_ALG socket */
+    sock = socket(AF_ALG, SOCK_SEQPACKET, 0);
+    if (sock == -1) {
+        AFALGerr(AFALG_F_AFALG_CHK_PLATFORM, AFALG_R_SOCKET_CREATE_FAILED);
+        return 0;
+    }
+    close(sock);
+
+    return 1;
+}
+
+# ifdef OPENSSL_NO_DYNAMIC_ENGINE
+static ENGINE *engine_afalg(void)
+{
+    ENGINE *ret = ENGINE_new();
+    if (ret == NULL)
+        return NULL;
+    if (!bind_afalg(ret)) {
+        ENGINE_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+void engine_load_afalg_int(void)
+{
+    ENGINE *toadd;
+
+    if (!afalg_chk_platform())
+        return;
+
+    toadd = engine_afalg();
+    if (toadd == NULL)
+        return;
+    ENGINE_add(toadd);
+    ENGINE_free(toadd);
+    ERR_clear_error();
+}
+# endif
+
+static int afalg_init(ENGINE *e)
+{
+    return 1;
+}
+
+static int afalg_finish(ENGINE *e)
+{
+    return 1;
+}
+
+static int free_cbc(void)
+{
+    short unsigned int i;
+    for(i = 0; i < OSSL_NELEM(afalg_cipher_nids); i++) {
+        EVP_CIPHER_meth_free(cbc_handle[i]._hidden);
+        cbc_handle[i]._hidden = NULL;
+    }
+    return 1;
+}
+
+static int afalg_destroy(ENGINE *e)
+{
+    ERR_unload_AFALG_strings();
+    free_cbc();
+    return 1;
+}
+
+#endif                          /* KERNEL VERSION */
diff --git a/freebsd/crypto/openssl/engines/e_afalg.h b/freebsd/crypto/openssl/engines/e_afalg.h
new file mode 100644
index 00000000..2c03c448
--- /dev/null
+++ b/freebsd/crypto/openssl/engines/e_afalg.h
@@ -0,0 +1,95 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_AFALG_H
+# define HEADER_AFALG_H
+
+# if defined(__GNUC__) && __GNUC__ >= 4 && \
+     (!defined(__STDC_VERSION__) || __STDC_VERSION__ < 199901L)
+#  pragma GCC diagnostic ignored "-Wvariadic-macros"
+# endif
+
+# ifdef ALG_DEBUG
+#  define ALG_DGB(x, ...) fprintf(stderr, "ALG_DBG: " x, __VA_ARGS__)
+#  define ALG_INFO(x, ...) fprintf(stderr, "ALG_INFO: " x, __VA_ARGS__)
+#  define ALG_WARN(x, ...) fprintf(stderr, "ALG_WARN: " x, __VA_ARGS__)
+# else
+#  define ALG_DGB(x, ...)
+#  define ALG_INFO(x, ...)
+#  define ALG_WARN(x, ...)
+# endif
+
+# define ALG_ERR(x, ...) fprintf(stderr, "ALG_ERR: " x, __VA_ARGS__)
+# define ALG_PERR(x, ...) \
+                do { \
+                    fprintf(stderr, "ALG_PERR: " x, __VA_ARGS__); \
+                    perror(NULL); \
+                } while(0)
+# define ALG_PWARN(x, ...) \
+                do { \
+                    fprintf(stderr, "ALG_PERR: " x, __VA_ARGS__); \
+                    perror(NULL); \
+                } while(0)
+
+# ifndef AES_BLOCK_SIZE
+#  define AES_BLOCK_SIZE   16
+# endif
+# define AES_KEY_SIZE_128 16
+# define AES_KEY_SIZE_192 24
+# define AES_KEY_SIZE_256 32
+# define AES_IV_LEN       16
+
+# define MAX_INFLIGHTS 1
+
+typedef enum {
+    MODE_UNINIT = 0,
+    MODE_SYNC,
+    MODE_ASYNC
+} op_mode;
+
+enum {
+    AES_CBC_128 = 0,
+    AES_CBC_192,
+    AES_CBC_256
+};
+
+struct cbc_cipher_handles {
+    int key_size;
+    EVP_CIPHER *_hidden;
+};
+
+typedef struct cbc_cipher_handles cbc_handles;
+
+struct afalg_aio_st {
+    int efd;
+    op_mode mode;
+    aio_context_t aio_ctx;
+    struct io_event events[MAX_INFLIGHTS];
+    struct iocb cbt[MAX_INFLIGHTS];
+};
+typedef struct afalg_aio_st afalg_aio;
+
+/*
+ * MAGIC Number to identify correct initialisation
+ * of afalg_ctx.
+ */
+# define MAGIC_INIT_NUM 0x1890671
+
+struct afalg_ctx_st {
+    int init_done;
+    int sfd;
+    int bfd;
+# ifdef ALG_ZERO_COPY
+    int zc_pipe[2];
+# endif
+    afalg_aio aio;
+};
+
+typedef struct afalg_ctx_st afalg_ctx;
+#endif
diff --git a/freebsd/crypto/openssl/engines/e_afalg_err.c b/freebsd/crypto/openssl/engines/e_afalg_err.c
new file mode 100644
index 00000000..3e0c8575
--- /dev/null
+++ b/freebsd/crypto/openssl/engines/e_afalg_err.c
@@ -0,0 +1,85 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include "e_afalg_err.h"
+
+#ifndef OPENSSL_NO_ERR
+
+static ERR_STRING_DATA AFALG_str_functs[] = {
+    {ERR_PACK(0, AFALG_F_AFALG_CHK_PLATFORM, 0), "afalg_chk_platform"},
+    {ERR_PACK(0, AFALG_F_AFALG_CREATE_SK, 0), "afalg_create_sk"},
+    {ERR_PACK(0, AFALG_F_AFALG_INIT_AIO, 0), "afalg_init_aio"},
+    {ERR_PACK(0, AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION, 0),
+     "afalg_setup_async_event_notification"},
+    {ERR_PACK(0, AFALG_F_AFALG_SET_KEY, 0), "afalg_set_key"},
+    {ERR_PACK(0, AFALG_F_BIND_AFALG, 0), "bind_afalg"},
+    {0, NULL}
+};
+
+static ERR_STRING_DATA AFALG_str_reasons[] = {
+    {ERR_PACK(0, 0, AFALG_R_EVENTFD_FAILED), "eventfd failed"},
+    {ERR_PACK(0, 0, AFALG_R_FAILED_TO_GET_PLATFORM_INFO),
+    "failed to get platform info"},
+    {ERR_PACK(0, 0, AFALG_R_INIT_FAILED), "init failed"},
+    {ERR_PACK(0, 0, AFALG_R_IO_SETUP_FAILED), "io setup failed"},
+    {ERR_PACK(0, 0, AFALG_R_KERNEL_DOES_NOT_SUPPORT_AFALG),
+    "kernel does not support afalg"},
+    {ERR_PACK(0, 0, AFALG_R_KERNEL_DOES_NOT_SUPPORT_ASYNC_AFALG),
+    "kernel does not support async afalg"},
+    {ERR_PACK(0, 0, AFALG_R_MEM_ALLOC_FAILED), "mem alloc failed"},
+    {ERR_PACK(0, 0, AFALG_R_SOCKET_ACCEPT_FAILED), "socket accept failed"},
+    {ERR_PACK(0, 0, AFALG_R_SOCKET_BIND_FAILED), "socket bind failed"},
+    {ERR_PACK(0, 0, AFALG_R_SOCKET_CREATE_FAILED), "socket create failed"},
+    {ERR_PACK(0, 0, AFALG_R_SOCKET_OPERATION_FAILED),
+    "socket operation failed"},
+    {ERR_PACK(0, 0, AFALG_R_SOCKET_SET_KEY_FAILED), "socket set key failed"},
+    {0, NULL}
+};
+
+#endif
+
+static int lib_code = 0;
+static int error_loaded = 0;
+
+static int ERR_load_AFALG_strings(void)
+{
+    if (lib_code == 0)
+        lib_code = ERR_get_next_error_library();
+
+    if (!error_loaded) {
+#ifndef OPENSSL_NO_ERR
+        ERR_load_strings(lib_code, AFALG_str_functs);
+        ERR_load_strings(lib_code, AFALG_str_reasons);
+#endif
+        error_loaded = 1;
+    }
+    return 1;
+}
+
+static void ERR_unload_AFALG_strings(void)
+{
+    if (error_loaded) {
+#ifndef OPENSSL_NO_ERR
+        ERR_unload_strings(lib_code, AFALG_str_functs);
+        ERR_unload_strings(lib_code, AFALG_str_reasons);
+#endif
+        error_loaded = 0;
+    }
+}
+
+static void ERR_AFALG_error(int function, int reason, char *file, int line)
+{
+    if (lib_code == 0)
+        lib_code = ERR_get_next_error_library();
+    ERR_PUT_error(lib_code, function, reason, file, line);
+}
diff --git a/freebsd/crypto/openssl/engines/e_afalg_err.h b/freebsd/crypto/openssl/engines/e_afalg_err.h
new file mode 100644
index 00000000..3eb1332b
--- /dev/null
+++ b/freebsd/crypto/openssl/engines/e_afalg_err.h
@@ -0,0 +1,43 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_AFALGERR_H
+# define HEADER_AFALGERR_H
+
+# define AFALGerr(f, r) ERR_AFALG_error((f), (r), OPENSSL_FILE, OPENSSL_LINE)
+
+
+/*
+ * AFALG function codes.
+ */
+# define AFALG_F_AFALG_CHK_PLATFORM                       100
+# define AFALG_F_AFALG_CREATE_SK                          101
+# define AFALG_F_AFALG_INIT_AIO                           102
+# define AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION     103
+# define AFALG_F_AFALG_SET_KEY                            104
+# define AFALG_F_BIND_AFALG                               105
+
+/*
+ * AFALG reason codes.
+ */
+# define AFALG_R_EVENTFD_FAILED                           108
+# define AFALG_R_FAILED_TO_GET_PLATFORM_INFO              111
+# define AFALG_R_INIT_FAILED                              100
+# define AFALG_R_IO_SETUP_FAILED                          105
+# define AFALG_R_KERNEL_DOES_NOT_SUPPORT_AFALG            101
+# define AFALG_R_KERNEL_DOES_NOT_SUPPORT_ASYNC_AFALG      107
+# define AFALG_R_MEM_ALLOC_FAILED                         102
+# define AFALG_R_SOCKET_ACCEPT_FAILED                     110
+# define AFALG_R_SOCKET_BIND_FAILED                       103
+# define AFALG_R_SOCKET_CREATE_FAILED                     109
+# define AFALG_R_SOCKET_OPERATION_FAILED                  104
+# define AFALG_R_SOCKET_SET_KEY_FAILED                    106
+
+#endif
diff --git a/freebsd/crypto/openssl/engines/e_atalla.c b/freebsd/crypto/openssl/engines/e_atalla.c
deleted file mode 100644
index f7d1143b..00000000
--- a/freebsd/crypto/openssl/engines/e_atalla.c
+++ /dev/null
@@ -1,628 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/engine/hw_atalla.c */
-/*
- * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/buffer.h>
-#include <openssl/dso.h>
-#include <openssl/engine.h>
-#ifndef OPENSSL_NO_RSA
-# include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-# include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-# include <openssl/dh.h>
-#endif
-#include <openssl/bn.h>
-
-#ifndef OPENSSL_NO_HW
-# ifndef OPENSSL_NO_HW_ATALLA
-
-#  ifdef FLAT_INC
-#   include "atalla.h"
-#  else
-#   include "vendor_defns/atalla.h"
-#  endif
-
-#  define ATALLA_LIB_NAME "atalla engine"
-#  include "e_atalla_err.c"
-
-static int atalla_destroy(ENGINE *e);
-static int atalla_init(ENGINE *e);
-static int atalla_finish(ENGINE *e);
-static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void));
-
-/* BIGNUM stuff */
-static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                          const BIGNUM *m, BN_CTX *ctx);
-
-#  ifndef OPENSSL_NO_RSA
-/* RSA stuff */
-static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
-                              BN_CTX *ctx);
-/* This function is aliased to mod_exp (with the mont stuff dropped). */
-static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                               const BIGNUM *m, BN_CTX *ctx,
-                               BN_MONT_CTX *m_ctx);
-#  endif
-
-#  ifndef OPENSSL_NO_DSA
-/* DSA stuff */
-static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
-                              BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
-                              BN_CTX *ctx, BN_MONT_CTX *in_mont);
-static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
-                              const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
-                              BN_MONT_CTX *m_ctx);
-#  endif
-
-#  ifndef OPENSSL_NO_DH
-/* DH stuff */
-/* This function is alised to mod_exp (with the DH and mont dropped). */
-static int atalla_mod_exp_dh(const DH *dh, BIGNUM *r,
-                             const BIGNUM *a, const BIGNUM *p,
-                             const BIGNUM *m, BN_CTX *ctx,
-                             BN_MONT_CTX *m_ctx);
-#  endif
-
-/* The definitions for control commands specific to this engine */
-#  define ATALLA_CMD_SO_PATH              ENGINE_CMD_BASE
-static const ENGINE_CMD_DEFN atalla_cmd_defns[] = {
-    {ATALLA_CMD_SO_PATH,
-     "SO_PATH",
-     "Specifies the path to the 'atasi' shared library",
-     ENGINE_CMD_FLAG_STRING},
-    {0, NULL, NULL, 0}
-};
-
-#  ifndef OPENSSL_NO_RSA
-/* Our internal RSA_METHOD that we provide pointers to */
-static RSA_METHOD atalla_rsa = {
-    "Atalla RSA method",
-    NULL,
-    NULL,
-    NULL,
-    NULL,
-    atalla_rsa_mod_exp,
-    atalla_mod_exp_mont,
-    NULL,
-    NULL,
-    0,
-    NULL,
-    NULL,
-    NULL,
-    NULL
-};
-#  endif
-
-#  ifndef OPENSSL_NO_DSA
-/* Our internal DSA_METHOD that we provide pointers to */
-static DSA_METHOD atalla_dsa = {
-    "Atalla DSA method",
-    NULL,                       /* dsa_do_sign */
-    NULL,                       /* dsa_sign_setup */
-    NULL,                       /* dsa_do_verify */
-    atalla_dsa_mod_exp,         /* dsa_mod_exp */
-    atalla_mod_exp_dsa,         /* bn_mod_exp */
-    NULL,                       /* init */
-    NULL,                       /* finish */
-    0,                          /* flags */
-    NULL,                       /* app_data */
-    NULL,                       /* dsa_paramgen */
-    NULL                        /* dsa_keygen */
-};
-#  endif
-
-#  ifndef OPENSSL_NO_DH
-/* Our internal DH_METHOD that we provide pointers to */
-static DH_METHOD atalla_dh = {
-    "Atalla DH method",
-    NULL,
-    NULL,
-    atalla_mod_exp_dh,
-    NULL,
-    NULL,
-    0,
-    NULL,
-    NULL
-};
-#  endif
-
-/* Constants used when creating the ENGINE */
-static const char *engine_atalla_id = "atalla";
-static const char *engine_atalla_name = "Atalla hardware engine support";
-
-/*
- * This internal function is used by ENGINE_atalla() and possibly by the
- * "dynamic" ENGINE support too
- */
-static int bind_helper(ENGINE *e)
-{
-#  ifndef OPENSSL_NO_RSA
-    const RSA_METHOD *meth1;
-#  endif
-#  ifndef OPENSSL_NO_DSA
-    const DSA_METHOD *meth2;
-#  endif
-#  ifndef OPENSSL_NO_DH
-    const DH_METHOD *meth3;
-#  endif
-    if (!ENGINE_set_id(e, engine_atalla_id) ||
-        !ENGINE_set_name(e, engine_atalla_name) ||
-#  ifndef OPENSSL_NO_RSA
-        !ENGINE_set_RSA(e, &atalla_rsa) ||
-#  endif
-#  ifndef OPENSSL_NO_DSA
-        !ENGINE_set_DSA(e, &atalla_dsa) ||
-#  endif
-#  ifndef OPENSSL_NO_DH
-        !ENGINE_set_DH(e, &atalla_dh) ||
-#  endif
-        !ENGINE_set_destroy_function(e, atalla_destroy) ||
-        !ENGINE_set_init_function(e, atalla_init) ||
-        !ENGINE_set_finish_function(e, atalla_finish) ||
-        !ENGINE_set_ctrl_function(e, atalla_ctrl) ||
-        !ENGINE_set_cmd_defns(e, atalla_cmd_defns))
-        return 0;
-
-#  ifndef OPENSSL_NO_RSA
-    /*
-     * We know that the "PKCS1_SSLeay()" functions hook properly to the
-     * atalla-specific mod_exp and mod_exp_crt so we use those functions. NB:
-     * We don't use ENGINE_openssl() or anything "more generic" because
-     * something like the RSAref code may not hook properly, and if you own
-     * one of these cards then you have the right to do RSA operations on it
-     * anyway!
-     */
-    meth1 = RSA_PKCS1_SSLeay();
-    atalla_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
-    atalla_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
-    atalla_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
-    atalla_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
-#  endif
-
-#  ifndef OPENSSL_NO_DSA
-    /*
-     * Use the DSA_OpenSSL() method and just hook the mod_exp-ish bits.
-     */
-    meth2 = DSA_OpenSSL();
-    atalla_dsa.dsa_do_sign = meth2->dsa_do_sign;
-    atalla_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
-    atalla_dsa.dsa_do_verify = meth2->dsa_do_verify;
-#  endif
-
-#  ifndef OPENSSL_NO_DH
-    /* Much the same for Diffie-Hellman */
-    meth3 = DH_OpenSSL();
-    atalla_dh.generate_key = meth3->generate_key;
-    atalla_dh.compute_key = meth3->compute_key;
-#  endif
-
-    /* Ensure the atalla error handling is set up */
-    ERR_load_ATALLA_strings();
-    return 1;
-}
-
-#  ifdef OPENSSL_NO_DYNAMIC_ENGINE
-static ENGINE *engine_atalla(void)
-{
-    ENGINE *ret = ENGINE_new();
-    if (!ret)
-        return NULL;
-    if (!bind_helper(ret)) {
-        ENGINE_free(ret);
-        return NULL;
-    }
-    return ret;
-}
-
-void ENGINE_load_atalla(void)
-{
-    /* Copied from eng_[openssl|dyn].c */
-    ENGINE *toadd = engine_atalla();
-    if (!toadd)
-        return;
-    ENGINE_add(toadd);
-    ENGINE_free(toadd);
-    ERR_clear_error();
-}
-#  endif
-
-/*
- * This is a process-global DSO handle used for loading and unloading the
- * Atalla library. NB: This is only set (or unset) during an init() or
- * finish() call (reference counts permitting) and they're operating with
- * global locks, so this should be thread-safe implicitly.
- */
-static DSO *atalla_dso = NULL;
-
-/*
- * These are the function pointers that are (un)set when the library has
- * successfully (un)loaded.
- */
-static tfnASI_GetHardwareConfig *p_Atalla_GetHardwareConfig = NULL;
-static tfnASI_RSAPrivateKeyOpFn *p_Atalla_RSAPrivateKeyOpFn = NULL;
-static tfnASI_GetPerformanceStatistics *p_Atalla_GetPerformanceStatistics =
-    NULL;
-
-/*
- * These are the static string constants for the DSO file name and the
- * function symbol names to bind to. Regrettably, the DSO name on *nix
- * appears to be "atasi.so" rather than something more consistent like
- * "libatasi.so". At the time of writing, I'm not sure what the file name on
- * win32 is but clearly native name translation is not possible (eg
- * libatasi.so on *nix, and atasi.dll on win32). For the purposes of testing,
- * I have created a symbollic link called "libatasi.so" so that we can use
- * native name-translation - a better solution will be needed.
- */
-static const char *ATALLA_LIBNAME = NULL;
-static const char *get_ATALLA_LIBNAME(void)
-{
-    if (ATALLA_LIBNAME)
-        return ATALLA_LIBNAME;
-    return "atasi";
-}
-
-static void free_ATALLA_LIBNAME(void)
-{
-    if (ATALLA_LIBNAME)
-        OPENSSL_free((void *)ATALLA_LIBNAME);
-    ATALLA_LIBNAME = NULL;
-}
-
-static long set_ATALLA_LIBNAME(const char *name)
-{
-    free_ATALLA_LIBNAME();
-    return (((ATALLA_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
-}
-
-static const char *ATALLA_F1 = "ASI_GetHardwareConfig";
-static const char *ATALLA_F2 = "ASI_RSAPrivateKeyOpFn";
-static const char *ATALLA_F3 = "ASI_GetPerformanceStatistics";
-
-/* Destructor (complements the "ENGINE_atalla()" constructor) */
-static int atalla_destroy(ENGINE *e)
-{
-    free_ATALLA_LIBNAME();
-    /*
-     * Unload the atalla error strings so any error state including our
-     * functs or reasons won't lead to a segfault (they simply get displayed
-     * without corresponding string data because none will be found).
-     */
-    ERR_unload_ATALLA_strings();
-    return 1;
-}
-
-/* (de)initialisation functions. */
-static int atalla_init(ENGINE *e)
-{
-    tfnASI_GetHardwareConfig *p1;
-    tfnASI_RSAPrivateKeyOpFn *p2;
-    tfnASI_GetPerformanceStatistics *p3;
-    /*
-     * Not sure of the origin of this magic value, but Ben's code had it and
-     * it seemed to have been working for a few people. :-)
-     */
-    unsigned int config_buf[1024];
-
-    if (atalla_dso != NULL) {
-        ATALLAerr(ATALLA_F_ATALLA_INIT, ATALLA_R_ALREADY_LOADED);
-        goto err;
-    }
-    /*
-     * Attempt to load libatasi.so/atasi.dll/whatever. Needs to be changed
-     * unfortunately because the Atalla drivers don't have standard library
-     * names that can be platform-translated well.
-     */
-    /*
-     * TODO: Work out how to actually map to the names the Atalla drivers
-     * really use - for now a symbollic link needs to be created on the host
-     * system from libatasi.so to atasi.so on unix variants.
-     */
-    atalla_dso = DSO_load(NULL, get_ATALLA_LIBNAME(), NULL, 0);
-    if (atalla_dso == NULL) {
-        ATALLAerr(ATALLA_F_ATALLA_INIT, ATALLA_R_NOT_LOADED);
-        goto err;
-    }
-    if (!
-        (p1 =
-         (tfnASI_GetHardwareConfig *) DSO_bind_func(atalla_dso, ATALLA_F1))
-|| !(p2 = (tfnASI_RSAPrivateKeyOpFn *) DSO_bind_func(atalla_dso, ATALLA_F2))
-|| !(p3 =
-     (tfnASI_GetPerformanceStatistics *) DSO_bind_func(atalla_dso,
-                                                       ATALLA_F3))) {
-        ATALLAerr(ATALLA_F_ATALLA_INIT, ATALLA_R_NOT_LOADED);
-        goto err;
-    }
-    /* Copy the pointers */
-    p_Atalla_GetHardwareConfig = p1;
-    p_Atalla_RSAPrivateKeyOpFn = p2;
-    p_Atalla_GetPerformanceStatistics = p3;
-    /*
-     * Perform a basic test to see if there's actually any unit running.
-     */
-    if (p1(0L, config_buf) != 0) {
-        ATALLAerr(ATALLA_F_ATALLA_INIT, ATALLA_R_UNIT_FAILURE);
-        goto err;
-    }
-    /* Everything's fine. */
-    return 1;
- err:
-    if (atalla_dso)
-        DSO_free(atalla_dso);
-    atalla_dso = NULL;
-    p_Atalla_GetHardwareConfig = NULL;
-    p_Atalla_RSAPrivateKeyOpFn = NULL;
-    p_Atalla_GetPerformanceStatistics = NULL;
-    return 0;
-}
-
-static int atalla_finish(ENGINE *e)
-{
-    free_ATALLA_LIBNAME();
-    if (atalla_dso == NULL) {
-        ATALLAerr(ATALLA_F_ATALLA_FINISH, ATALLA_R_NOT_LOADED);
-        return 0;
-    }
-    if (!DSO_free(atalla_dso)) {
-        ATALLAerr(ATALLA_F_ATALLA_FINISH, ATALLA_R_UNIT_FAILURE);
-        return 0;
-    }
-    atalla_dso = NULL;
-    p_Atalla_GetHardwareConfig = NULL;
-    p_Atalla_RSAPrivateKeyOpFn = NULL;
-    p_Atalla_GetPerformanceStatistics = NULL;
-    return 1;
-}
-
-static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
-{
-    int initialised = ((atalla_dso == NULL) ? 0 : 1);
-    switch (cmd) {
-    case ATALLA_CMD_SO_PATH:
-        if (p == NULL) {
-            ATALLAerr(ATALLA_F_ATALLA_CTRL, ERR_R_PASSED_NULL_PARAMETER);
-            return 0;
-        }
-        if (initialised) {
-            ATALLAerr(ATALLA_F_ATALLA_CTRL, ATALLA_R_ALREADY_LOADED);
-            return 0;
-        }
-        return set_ATALLA_LIBNAME((const char *)p);
-    default:
-        break;
-    }
-    ATALLAerr(ATALLA_F_ATALLA_CTRL, ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED);
-    return 0;
-}
-
-static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                          const BIGNUM *m, BN_CTX *ctx)
-{
-    /*
-     * I need somewhere to store temporary serialised values for use with the
-     * Atalla API calls. A neat cheat - I'll use BIGNUMs from the BN_CTX but
-     * access their arrays directly as byte arrays <grin>. This way I don't
-     * have to clean anything up.
-     */
-    BIGNUM *modulus;
-    BIGNUM *exponent;
-    BIGNUM *argument;
-    BIGNUM *result;
-    RSAPrivateKey keydata;
-    int to_return, numbytes;
-
-    modulus = exponent = argument = result = NULL;
-    to_return = 0;              /* expect failure */
-
-    if (!atalla_dso) {
-        ATALLAerr(ATALLA_F_ATALLA_MOD_EXP, ATALLA_R_NOT_LOADED);
-        goto err;
-    }
-    /* Prepare the params */
-    BN_CTX_start(ctx);
-    modulus = BN_CTX_get(ctx);
-    exponent = BN_CTX_get(ctx);
-    argument = BN_CTX_get(ctx);
-    result = BN_CTX_get(ctx);
-    if (!result) {
-        ATALLAerr(ATALLA_F_ATALLA_MOD_EXP, ATALLA_R_BN_CTX_FULL);
-        goto err;
-    }
-    if (!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, m->top) ||
-        !bn_wexpand(argument, m->top) || !bn_wexpand(result, m->top)) {
-        ATALLAerr(ATALLA_F_ATALLA_MOD_EXP, ATALLA_R_BN_EXPAND_FAIL);
-        goto err;
-    }
-    /* Prepare the key-data */
-    memset(&keydata, 0, sizeof(keydata));
-    numbytes = BN_num_bytes(m);
-    memset(exponent->d, 0, numbytes);
-    memset(modulus->d, 0, numbytes);
-    BN_bn2bin(p, (unsigned char *)exponent->d + numbytes - BN_num_bytes(p));
-    BN_bn2bin(m, (unsigned char *)modulus->d + numbytes - BN_num_bytes(m));
-    keydata.privateExponent.data = (unsigned char *)exponent->d;
-    keydata.privateExponent.len = numbytes;
-    keydata.modulus.data = (unsigned char *)modulus->d;
-    keydata.modulus.len = numbytes;
-    /* Prepare the argument */
-    memset(argument->d, 0, numbytes);
-    memset(result->d, 0, numbytes);
-    BN_bn2bin(a, (unsigned char *)argument->d + numbytes - BN_num_bytes(a));
-    /* Perform the operation */
-    if (p_Atalla_RSAPrivateKeyOpFn(&keydata, (unsigned char *)result->d,
-                                   (unsigned char *)argument->d,
-                                   keydata.modulus.len) != 0) {
-        ATALLAerr(ATALLA_F_ATALLA_MOD_EXP, ATALLA_R_REQUEST_FAILED);
-        goto err;
-    }
-    /* Convert the response */
-    BN_bin2bn((unsigned char *)result->d, numbytes, r);
-    to_return = 1;
- err:
-    BN_CTX_end(ctx);
-    return to_return;
-}
-
-#  ifndef OPENSSL_NO_RSA
-static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
-                              BN_CTX *ctx)
-{
-    int to_return = 0;
-
-    if (!atalla_dso) {
-        ATALLAerr(ATALLA_F_ATALLA_RSA_MOD_EXP, ATALLA_R_NOT_LOADED);
-        goto err;
-    }
-    if (!rsa->d || !rsa->n) {
-        ATALLAerr(ATALLA_F_ATALLA_RSA_MOD_EXP,
-                  ATALLA_R_MISSING_KEY_COMPONENTS);
-        goto err;
-    }
-    to_return = atalla_mod_exp(r0, I, rsa->d, rsa->n, ctx);
- err:
-    return to_return;
-}
-#  endif
-
-#  ifndef OPENSSL_NO_DSA
-/*
- * This code was liberated and adapted from the commented-out code in
- * dsa_ossl.c. Because of the unoptimised form of the Atalla acceleration (it
- * doesn't have a CRT form for RSA), this function means that an Atalla
- * system running with a DSA server certificate can handshake around 5 or 6
- * times faster/more than an equivalent system running with RSA. Just check
- * out the "signs" statistics from the RSA and DSA parts of "openssl speed
- * -engine atalla dsa1024 rsa1024".
- */
-static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
-                              BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
-                              BN_CTX *ctx, BN_MONT_CTX *in_mont)
-{
-    BIGNUM t;
-    int to_return = 0;
-
-    BN_init(&t);
-    /* let rr = a1 ^ p1 mod m */
-    if (!atalla_mod_exp(rr, a1, p1, m, ctx))
-        goto end;
-    /* let t = a2 ^ p2 mod m */
-    if (!atalla_mod_exp(&t, a2, p2, m, ctx))
-        goto end;
-    /* let rr = rr * t mod m */
-    if (!BN_mod_mul(rr, rr, &t, m, ctx))
-        goto end;
-    to_return = 1;
- end:
-    BN_free(&t);
-    return to_return;
-}
-
-static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
-                              const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
-                              BN_MONT_CTX *m_ctx)
-{
-    return atalla_mod_exp(r, a, p, m, ctx);
-}
-#  endif
-
-#  ifndef OPENSSL_NO_RSA
-/* This function is aliased to mod_exp (with the mont stuff dropped). */
-static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                               const BIGNUM *m, BN_CTX *ctx,
-                               BN_MONT_CTX *m_ctx)
-{
-    return atalla_mod_exp(r, a, p, m, ctx);
-}
-#  endif
-
-#  ifndef OPENSSL_NO_DH
-/* This function is aliased to mod_exp (with the dh and mont dropped). */
-static int atalla_mod_exp_dh(const DH *dh, BIGNUM *r,
-                             const BIGNUM *a, const BIGNUM *p,
-                             const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
-{
-    return atalla_mod_exp(r, a, p, m, ctx);
-}
-#  endif
-
-/*
- * This stuff is needed if this ENGINE is being compiled into a
- * self-contained shared-library.
- */
-#  ifndef OPENSSL_NO_DYNAMIC_ENGINE
-static int bind_fn(ENGINE *e, const char *id)
-{
-    if (id && (strcmp(id, engine_atalla_id) != 0))
-        return 0;
-    if (!bind_helper(e))
-        return 0;
-    return 1;
-}
-
-IMPLEMENT_DYNAMIC_CHECK_FN()
-    IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
-#  endif                        /* OPENSSL_NO_DYNAMIC_ENGINE */
-# endif                         /* !OPENSSL_NO_HW_ATALLA */
-#endif                          /* !OPENSSL_NO_HW */
diff --git a/freebsd/crypto/openssl/engines/e_atalla_err.c b/freebsd/crypto/openssl/engines/e_atalla_err.c
deleted file mode 100644
index 800bc6c9..00000000
--- a/freebsd/crypto/openssl/engines/e_atalla_err.c
+++ /dev/null
@@ -1,147 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* e_atalla_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/*
- * NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include "e_atalla_err.h"
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-# define ERR_FUNC(func) ERR_PACK(0,func,0)
-# define ERR_REASON(reason) ERR_PACK(0,0,reason)
-
-static ERR_STRING_DATA ATALLA_str_functs[] = {
-    {ERR_FUNC(ATALLA_F_ATALLA_CTRL), "ATALLA_CTRL"},
-    {ERR_FUNC(ATALLA_F_ATALLA_FINISH), "ATALLA_FINISH"},
-    {ERR_FUNC(ATALLA_F_ATALLA_INIT), "ATALLA_INIT"},
-    {ERR_FUNC(ATALLA_F_ATALLA_MOD_EXP), "ATALLA_MOD_EXP"},
-    {ERR_FUNC(ATALLA_F_ATALLA_RSA_MOD_EXP), "ATALLA_RSA_MOD_EXP"},
-    {0, NULL}
-};
-
-static ERR_STRING_DATA ATALLA_str_reasons[] = {
-    {ERR_REASON(ATALLA_R_ALREADY_LOADED), "already loaded"},
-    {ERR_REASON(ATALLA_R_BN_CTX_FULL), "bn ctx full"},
-    {ERR_REASON(ATALLA_R_BN_EXPAND_FAIL), "bn expand fail"},
-    {ERR_REASON(ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED),
-     "ctrl command not implemented"},
-    {ERR_REASON(ATALLA_R_MISSING_KEY_COMPONENTS), "missing key components"},
-    {ERR_REASON(ATALLA_R_NOT_LOADED), "not loaded"},
-    {ERR_REASON(ATALLA_R_REQUEST_FAILED), "request failed"},
-    {ERR_REASON(ATALLA_R_UNIT_FAILURE), "unit failure"},
-    {0, NULL}
-};
-
-#endif
-
-#ifdef ATALLA_LIB_NAME
-static ERR_STRING_DATA ATALLA_lib_name[] = {
-    {0, ATALLA_LIB_NAME},
-    {0, NULL}
-};
-#endif
-
-static int ATALLA_lib_error_code = 0;
-static int ATALLA_error_init = 1;
-
-static void ERR_load_ATALLA_strings(void)
-{
-    if (ATALLA_lib_error_code == 0)
-        ATALLA_lib_error_code = ERR_get_next_error_library();
-
-    if (ATALLA_error_init) {
-        ATALLA_error_init = 0;
-#ifndef OPENSSL_NO_ERR
-        ERR_load_strings(ATALLA_lib_error_code, ATALLA_str_functs);
-        ERR_load_strings(ATALLA_lib_error_code, ATALLA_str_reasons);
-#endif
-
-#ifdef ATALLA_LIB_NAME
-        ATALLA_lib_name->error = ERR_PACK(ATALLA_lib_error_code, 0, 0);
-        ERR_load_strings(0, ATALLA_lib_name);
-#endif
-    }
-}
-
-static void ERR_unload_ATALLA_strings(void)
-{
-    if (ATALLA_error_init == 0) {
-#ifndef OPENSSL_NO_ERR
-        ERR_unload_strings(ATALLA_lib_error_code, ATALLA_str_functs);
-        ERR_unload_strings(ATALLA_lib_error_code, ATALLA_str_reasons);
-#endif
-
-#ifdef ATALLA_LIB_NAME
-        ERR_unload_strings(0, ATALLA_lib_name);
-#endif
-        ATALLA_error_init = 1;
-    }
-}
-
-static void ERR_ATALLA_error(int function, int reason, char *file, int line)
-{
-    if (ATALLA_lib_error_code == 0)
-        ATALLA_lib_error_code = ERR_get_next_error_library();
-    ERR_PUT_error(ATALLA_lib_error_code, function, reason, file, line);
-}
diff --git a/freebsd/crypto/openssl/engines/e_atalla_err.h b/freebsd/crypto/openssl/engines/e_atalla_err.h
deleted file mode 100644
index 7b71eff4..00000000
--- a/freebsd/crypto/openssl/engines/e_atalla_err.h
+++ /dev/null
@@ -1,94 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_ATALLA_ERR_H
-# define HEADER_ATALLA_ERR_H
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* BEGIN ERROR CODES */
-/*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-static void ERR_load_ATALLA_strings(void);
-static void ERR_unload_ATALLA_strings(void);
-static void ERR_ATALLA_error(int function, int reason, char *file, int line);
-# define ATALLAerr(f,r) ERR_ATALLA_error((f),(r),__FILE__,__LINE__)
-
-/* Error codes for the ATALLA functions. */
-
-/* Function codes. */
-# define ATALLA_F_ATALLA_CTRL                             100
-# define ATALLA_F_ATALLA_FINISH                           101
-# define ATALLA_F_ATALLA_INIT                             102
-# define ATALLA_F_ATALLA_MOD_EXP                          103
-# define ATALLA_F_ATALLA_RSA_MOD_EXP                      104
-
-/* Reason codes. */
-# define ATALLA_R_ALREADY_LOADED                          100
-# define ATALLA_R_BN_CTX_FULL                             101
-# define ATALLA_R_BN_EXPAND_FAIL                          102
-# define ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED            103
-# define ATALLA_R_MISSING_KEY_COMPONENTS                  104
-# define ATALLA_R_NOT_LOADED                              105
-# define ATALLA_R_REQUEST_FAILED                          106
-# define ATALLA_R_UNIT_FAILURE                            107
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/freebsd/crypto/openssl/engines/e_capi.c b/freebsd/crypto/openssl/engines/e_capi.c
index befaabce..83e1de5e 100644
--- a/freebsd/crypto/openssl/engines/e_capi.c
+++ b/freebsd/crypto/openssl/engines/e_capi.c
@@ -1,82 +1,37 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* engines/e_capi.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
+#ifdef _WIN32
+# ifndef _WIN32_WINNT
+#  define _WIN32_WINNT 0x0400
+# endif
+# include <windows.h>
+# include <wincrypt.h>
+
+# include <stdio.h>
+# include <string.h>
+# include <stdlib.h>
+# include <malloc.h>
+# ifndef alloca
+#  define alloca _alloca
+# endif
 
-#include <openssl/crypto.h>
+# include <openssl/crypto.h>
 
-#ifdef OPENSSL_SYS_WIN32
 # ifndef OPENSSL_NO_CAPIENG
 
 #  include <openssl/buffer.h>
 #  include <openssl/bn.h>
 #  include <openssl/rsa.h>
-
-#  ifndef _WIN32_WINNT
-#   define _WIN32_WINNT 0x0400
-#  endif
-
-#  include <windows.h>
-#  include <wincrypt.h>
-#  include <malloc.h>
-#  ifndef alloca
-#   define alloca _alloca
-#  endif
+#  include <openssl/dsa.h>
 
 /*
  * This module uses several "new" interfaces, among which is
@@ -96,12 +51,11 @@
 #   define __COMPILE_CAPIENG
 #  endif                        /* CERT_KEY_PROV_INFO_PROP_ID */
 # endif                         /* OPENSSL_NO_CAPIENG */
-#endif                          /* OPENSSL_SYS_WIN32 */
+#endif                          /* _WIN32 */
 
 #ifdef __COMPILE_CAPIENG
 
 # undef X509_EXTENSIONS
-# undef X509_CERT_PAIR
 
 /* Definitions which may be missing from earlier version of headers */
 # ifndef CERT_STORE_OPEN_EXISTING_FLAG
@@ -117,23 +71,27 @@
 # endif
 
 # ifndef ALG_SID_SHA_256
-#  define ALG_SID_SHA_256                 12
+#  define ALG_SID_SHA_256   12
 # endif
 # ifndef ALG_SID_SHA_384
-#  define ALG_SID_SHA_384                 13
+#  define ALG_SID_SHA_384   13
 # endif
 # ifndef ALG_SID_SHA_512
-#  define ALG_SID_SHA_512                 14
+#  define ALG_SID_SHA_512   14
 # endif
 
 # ifndef CALG_SHA_256
-#  define CALG_SHA_256            (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_256)
+#  define CALG_SHA_256      (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_256)
 # endif
 # ifndef CALG_SHA_384
-#  define CALG_SHA_384            (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_384)
+#  define CALG_SHA_384      (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_384)
 # endif
 # ifndef CALG_SHA_512
-#  define CALG_SHA_512            (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_512)
+#  define CALG_SHA_512      (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_512)
+# endif
+
+# ifndef PROV_RSA_AES
+#  define PROV_RSA_AES 24
 # endif
 
 # include <openssl/engine.h>
@@ -152,17 +110,17 @@ typedef struct CAPI_KEY_st CAPI_KEY;
 static void capi_addlasterror(void);
 static void capi_adderror(DWORD err);
 
-static void CAPI_trace(CAPI_CTX * ctx, char *format, ...);
+static void CAPI_trace(CAPI_CTX *ctx, char *format, ...);
 
-static int capi_list_providers(CAPI_CTX * ctx, BIO *out);
-static int capi_list_containers(CAPI_CTX * ctx, BIO *out);
-int capi_list_certs(CAPI_CTX * ctx, BIO *out, char *storename);
-void capi_free_key(CAPI_KEY * key);
+static int capi_list_providers(CAPI_CTX *ctx, BIO *out);
+static int capi_list_containers(CAPI_CTX *ctx, BIO *out);
+int capi_list_certs(CAPI_CTX *ctx, BIO *out, char *storename);
+void capi_free_key(CAPI_KEY *key);
 
-static PCCERT_CONTEXT capi_find_cert(CAPI_CTX * ctx, const char *id,
+static PCCERT_CONTEXT capi_find_cert(CAPI_CTX *ctx, const char *id,
                                      HCERTSTORE hstore);
 
-CAPI_KEY *capi_find_key(CAPI_CTX * ctx, const char *id);
+CAPI_KEY *capi_find_key(CAPI_CTX *ctx, const char *id);
 
 static EVP_PKEY *capi_load_privkey(ENGINE *eng, const char *key_id,
                                    UI_METHOD *ui_method, void *callback_data);
@@ -175,9 +133,11 @@ static int capi_rsa_priv_dec(int flen, const unsigned char *from,
                              unsigned char *to, RSA *rsa, int padding);
 static int capi_rsa_free(RSA *rsa);
 
+# ifndef OPENSSL_NO_DSA
 static DSA_SIG *capi_dsa_do_sign(const unsigned char *digest, int dlen,
                                  DSA *dsa);
 static int capi_dsa_free(DSA *dsa);
+# endif
 
 static int capi_load_ssl_client_cert(ENGINE *e, SSL *ssl,
                                      STACK_OF(X509_NAME) *ca_dn, X509 **pcert,
@@ -190,9 +150,11 @@ static int cert_select_simple(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs);
 static int cert_select_dialog(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs);
 # endif
 
-typedef PCCERT_CONTEXT(WINAPI *CERTDLG) (HCERTSTORE, HWND, LPCWSTR,
-                                         LPCWSTR, DWORD, DWORD, void *);
-typedef HWND(WINAPI *GETCONSWIN) (void);
+void engine_load_capi_int(void);
+
+typedef PCCERT_CONTEXT(WINAPI *CERTDLG)(HCERTSTORE, HWND, LPCWSTR,
+                                        LPCWSTR, DWORD, DWORD, void *);
+typedef HWND(WINAPI *GETCONSWIN)(void);
 
 /*
  * This structure contains CAPI ENGINE specific data: it contains various
@@ -215,37 +177,28 @@ struct CAPI_CTX_st {
     /* System store flags */
     DWORD store_flags;
 /* Lookup string meanings in load_private_key */
-/* Substring of subject: uses "storename" */
-# define CAPI_LU_SUBSTR          1
-/* Friendly name: uses storename */
-# define CAPI_LU_FNAME           2
-/* Container name: uses cspname, keytype */
-# define CAPI_LU_CONTNAME        3
+# define CAPI_LU_SUBSTR          1  /* Substring of subject: uses "storename" */
+# define CAPI_LU_FNAME           2  /* Friendly name: uses storename */
+# define CAPI_LU_CONTNAME        3  /* Container name: uses cspname, keytype */
     int lookup_method;
 /* Info to dump with dumpcerts option */
-/* Issuer and serial name strings */
-# define CAPI_DMP_SUMMARY        0x1
-/* Friendly name */
-# define CAPI_DMP_FNAME          0x2
-/* Full X509_print dump */
-# define CAPI_DMP_FULL           0x4
-/* Dump PEM format certificate */
-# define CAPI_DMP_PEM            0x8
-/* Dump pseudo key (if possible) */
-# define CAPI_DMP_PSKEY          0x10
-/* Dump key info (if possible) */
-# define CAPI_DMP_PKEYINFO       0x20
+# define CAPI_DMP_SUMMARY        0x1    /* Issuer and serial name strings */
+# define CAPI_DMP_FNAME          0x2    /* Friendly name */
+# define CAPI_DMP_FULL           0x4    /* Full X509_print dump */
+# define CAPI_DMP_PEM            0x8    /* Dump PEM format certificate */
+# define CAPI_DMP_PSKEY          0x10   /* Dump pseudo key (if possible) */
+# define CAPI_DMP_PKEYINFO       0x20   /* Dump key info (if possible) */
     DWORD dump_flags;
     int (*client_cert_select) (ENGINE *e, SSL *ssl, STACK_OF(X509) *certs);
     CERTDLG certselectdlg;
     GETCONSWIN getconswindow;
 };
 
-static CAPI_CTX *capi_ctx_new();
-static void capi_ctx_free(CAPI_CTX * ctx);
-static int capi_ctx_set_provname(CAPI_CTX * ctx, LPSTR pname, DWORD type,
+static CAPI_CTX *capi_ctx_new(void);
+static void capi_ctx_free(CAPI_CTX *ctx);
+static int capi_ctx_set_provname(CAPI_CTX *ctx, LPSTR pname, DWORD type,
                                  int check);
-static int capi_ctx_set_provname_idx(CAPI_CTX * ctx, int idx);
+static int capi_ctx_set_provname_idx(CAPI_CTX *ctx, int idx);
 
 # define CAPI_CMD_LIST_CERTS             ENGINE_CMD_BASE
 # define CAPI_CMD_LOOKUP_CERT            (ENGINE_CMD_BASE + 1)
@@ -334,12 +287,17 @@ static int capi_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
     int ret = 1;
     CAPI_CTX *ctx;
     BIO *out;
+    LPSTR tmpstr;
     if (capi_idx == -1) {
         CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_ENGINE_NOT_INITIALIZED);
         return 0;
     }
     ctx = ENGINE_get_ex_data(e, capi_idx);
     out = BIO_new_fp(stdout, BIO_NOCLOSE);
+    if (out == NULL) {
+        CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_FILE_OPEN_ERROR);
+        return 0;
+    }
     switch (cmd) {
     case CAPI_CMD_LIST_CSPS:
         ret = capi_list_providers(ctx, out);
@@ -358,10 +316,15 @@ static int capi_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
         break;
 
     case CAPI_CMD_STORE_NAME:
-        if (ctx->storename)
+        tmpstr = OPENSSL_strdup(p);
+        if (tmpstr != NULL) {
             OPENSSL_free(ctx->storename);
-        ctx->storename = BUF_strdup(p);
-        CAPI_trace(ctx, "Setting store name to %s\n", p);
+            ctx->storename = tmpstr;
+            CAPI_trace(ctx, "Setting store name to %s\n", p);
+        } else {
+            CAPIerr(CAPI_F_CAPI_CTRL, ERR_R_MALLOC_FAILURE);
+            ret = 0;
+        }
         break;
 
     case CAPI_CMD_STORE_FLAGS:
@@ -381,8 +344,14 @@ static int capi_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
         break;
 
     case CAPI_CMD_DEBUG_FILE:
-        ctx->debug_file = BUF_strdup(p);
-        CAPI_trace(ctx, "Setting debug file to %s\n", ctx->debug_file);
+        tmpstr = OPENSSL_strdup(p);
+        if (tmpstr != NULL) {
+            ctx->debug_file = tmpstr;
+            CAPI_trace(ctx, "Setting debug file to %s\n", ctx->debug_file);
+        } else {
+            CAPIerr(CAPI_F_CAPI_CTRL, ERR_R_MALLOC_FAILURE);
+            ret = 0;
+        }
         break;
 
     case CAPI_CMD_KEYTYPE:
@@ -401,6 +370,7 @@ static int capi_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
     case CAPI_CMD_LOOKUP_METHOD:
         if (i < 1 || i > 3) {
             CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_INVALID_LOOKUP_METHOD);
+            BIO_free(out);
             return 0;
         }
         ctx->lookup_method = i;
@@ -424,42 +394,25 @@ static int capi_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
 
 }
 
-static RSA_METHOD capi_rsa_method = {
-    "CryptoAPI RSA method",
-    0,                          /* pub_enc */
-    0,                          /* pub_dec */
-    capi_rsa_priv_enc,          /* priv_enc */
-    capi_rsa_priv_dec,          /* priv_dec */
-    0,                          /* rsa_mod_exp */
-    0,                          /* bn_mod_exp */
-    0,                          /* init */
-    capi_rsa_free,              /* finish */
-    RSA_FLAG_SIGN_VER,          /* flags */
-    NULL,                       /* app_data */
-    capi_rsa_sign,              /* rsa_sign */
-    0                           /* rsa_verify */
-};
+static RSA_METHOD *capi_rsa_method = NULL;
+# ifndef OPENSSL_NO_DSA
+static DSA_METHOD *capi_dsa_method = NULL;
+# endif
 
-static DSA_METHOD capi_dsa_method = {
-    "CryptoAPI DSA method",
-    capi_dsa_do_sign,           /* dsa_do_sign */
-    0,                          /* dsa_sign_setup */
-    0,                          /* dsa_do_verify */
-    0,                          /* dsa_mod_exp */
-    0,                          /* bn_mod_exp */
-    0,                          /* init */
-    capi_dsa_free,              /* finish */
-    0,                          /* flags */
-    NULL,                       /* app_data */
-    0,                          /* dsa_paramgen */
-    0                           /* dsa_keygen */
-};
+static int use_aes_csp = 0;
+static const WCHAR rsa_aes_cspname[] =
+    L"Microsoft Enhanced RSA and AES Cryptographic Provider";
+static const WCHAR rsa_enh_cspname[] =
+    L"Microsoft Enhanced Cryptographic Provider v1.0";
 
 static int capi_init(ENGINE *e)
 {
     CAPI_CTX *ctx;
     const RSA_METHOD *ossl_rsa_meth;
+# ifndef OPENSSL_NO_DSA
     const DSA_METHOD *ossl_dsa_meth;
+# endif
+    HCRYPTPROV hprov;
 
     if (capi_idx < 0) {
         capi_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL, 0);
@@ -470,22 +423,41 @@ static int capi_init(ENGINE *e)
 
         /* Setup RSA_METHOD */
         rsa_capi_idx = RSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
-        ossl_rsa_meth = RSA_PKCS1_SSLeay();
-        capi_rsa_method.rsa_pub_enc = ossl_rsa_meth->rsa_pub_enc;
-        capi_rsa_method.rsa_pub_dec = ossl_rsa_meth->rsa_pub_dec;
-        capi_rsa_method.rsa_mod_exp = ossl_rsa_meth->rsa_mod_exp;
-        capi_rsa_method.bn_mod_exp = ossl_rsa_meth->bn_mod_exp;
+        ossl_rsa_meth = RSA_PKCS1_OpenSSL();
+        if (   !RSA_meth_set_pub_enc(capi_rsa_method,
+                                     RSA_meth_get_pub_enc(ossl_rsa_meth))
+            || !RSA_meth_set_pub_dec(capi_rsa_method,
+                                     RSA_meth_get_pub_dec(ossl_rsa_meth))
+            || !RSA_meth_set_priv_enc(capi_rsa_method, capi_rsa_priv_enc)
+            || !RSA_meth_set_priv_dec(capi_rsa_method, capi_rsa_priv_dec)
+            || !RSA_meth_set_mod_exp(capi_rsa_method,
+                                     RSA_meth_get_mod_exp(ossl_rsa_meth))
+            || !RSA_meth_set_bn_mod_exp(capi_rsa_method,
+                                        RSA_meth_get_bn_mod_exp(ossl_rsa_meth))
+            || !RSA_meth_set_finish(capi_rsa_method, capi_rsa_free)
+            || !RSA_meth_set_sign(capi_rsa_method, capi_rsa_sign)) {
+            goto memerr;
+        }
 
+# ifndef OPENSSL_NO_DSA
         /* Setup DSA Method */
         dsa_capi_idx = DSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
         ossl_dsa_meth = DSA_OpenSSL();
-        capi_dsa_method.dsa_do_verify = ossl_dsa_meth->dsa_do_verify;
-        capi_dsa_method.dsa_mod_exp = ossl_dsa_meth->dsa_mod_exp;
-        capi_dsa_method.bn_mod_exp = ossl_dsa_meth->bn_mod_exp;
+        if (   !DSA_meth_set_sign(capi_dsa_method, capi_dsa_do_sign)
+            || !DSA_meth_set_verify(capi_dsa_method,
+                                    DSA_meth_get_verify(ossl_dsa_meth))
+            || !DSA_meth_set_finish(capi_dsa_method, capi_dsa_free)
+            || !DSA_meth_set_mod_exp(capi_dsa_method,
+                                     DSA_meth_get_mod_exp(ossl_dsa_meth))
+            || !DSA_meth_set_bn_mod_exp(capi_dsa_method,
+                                    DSA_meth_get_bn_mod_exp(ossl_dsa_meth))) {
+            goto memerr;
+        }
+# endif
     }
 
     ctx = capi_ctx_new();
-    if (!ctx)
+    if (ctx == NULL)
         goto memerr;
 
     ENGINE_set_ex_data(e, capi_idx, ctx);
@@ -506,6 +478,13 @@ static int capi_init(ENGINE *e)
     }
 # endif
 
+    /* See if there is RSA+AES CSP */
+    if (CryptAcquireContextW(&hprov, NULL, rsa_aes_cspname, PROV_RSA_AES,
+                             CRYPT_VERIFYCONTEXT)) {
+        use_aes_csp = 1;
+        CryptReleaseContext(hprov, 0);
+    }
+
     return 1;
 
  memerr:
@@ -517,6 +496,12 @@ static int capi_init(ENGINE *e)
 
 static int capi_destroy(ENGINE *e)
 {
+    RSA_meth_free(capi_rsa_method);
+    capi_rsa_method = NULL;
+# ifndef OPENSSL_NO_DSA
+    DSA_meth_free(capi_dsa_method);
+    capi_dsa_method = NULL;
+# endif
     ERR_unload_CAPI_strings();
     return 1;
 }
@@ -546,24 +531,41 @@ struct CAPI_KEY_st {
 
 static int bind_capi(ENGINE *e)
 {
+    capi_rsa_method = RSA_meth_new("CryptoAPI RSA method", 0);
+    if (capi_rsa_method == NULL)
+        return 0;
+# ifndef OPENSSL_NO_DSA
+    capi_dsa_method = DSA_meth_new("CryptoAPI DSA method", 0);
+    if (capi_dsa_method == NULL)
+        goto memerr;
+# endif
     if (!ENGINE_set_id(e, engine_capi_id)
         || !ENGINE_set_name(e, engine_capi_name)
         || !ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL)
         || !ENGINE_set_init_function(e, capi_init)
         || !ENGINE_set_finish_function(e, capi_finish)
         || !ENGINE_set_destroy_function(e, capi_destroy)
-        || !ENGINE_set_RSA(e, &capi_rsa_method)
-        || !ENGINE_set_DSA(e, &capi_dsa_method)
+        || !ENGINE_set_RSA(e, capi_rsa_method)
+# ifndef OPENSSL_NO_DSA
+        || !ENGINE_set_DSA(e, capi_dsa_method)
+# endif
         || !ENGINE_set_load_privkey_function(e, capi_load_privkey)
         || !ENGINE_set_load_ssl_client_cert_function(e,
                                                      capi_load_ssl_client_cert)
         || !ENGINE_set_cmd_defns(e, capi_cmd_defns)
         || !ENGINE_set_ctrl_function(e, capi_ctrl))
-        return 0;
+        goto memerr;
     ERR_load_CAPI_strings();
 
     return 1;
-
+ memerr:
+    RSA_meth_free(capi_rsa_method);
+    capi_rsa_method = NULL;
+# ifndef OPENSSL_NO_DSA
+    DSA_meth_free(capi_dsa_method);
+    capi_dsa_method = NULL;
+# endif
+    return 0;
 }
 
 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
@@ -577,12 +579,12 @@ static int bind_helper(ENGINE *e, const char *id)
 }
 
 IMPLEMENT_DYNAMIC_CHECK_FN()
-    IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
+IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
 # else
 static ENGINE *engine_capi(void)
 {
     ENGINE *ret = ENGINE_new();
-    if (!ret)
+    if (ret == NULL)
         return NULL;
     if (!bind_capi(ret)) {
         ENGINE_free(ret);
@@ -591,7 +593,7 @@ static ENGINE *engine_capi(void)
     return ret;
 }
 
-void ENGINE_load_capi(void)
+void engine_load_capi_int(void)
 {
     /* Copied from eng_[openssl|dyn].c */
     ENGINE *toadd = engine_capi();
@@ -625,7 +627,7 @@ static int lend_tobn(BIGNUM *bn, unsigned char *bin, int binlen)
 
 /* Given a CAPI_KEY get an EVP_PKEY structure */
 
-static EVP_PKEY *capi_get_pkey(ENGINE *eng, CAPI_KEY * key)
+static EVP_PKEY *capi_get_pkey(ENGINE *eng, CAPI_KEY *key)
 {
     unsigned char *pubkey = NULL;
     DWORD len;
@@ -641,7 +643,7 @@ static EVP_PKEY *capi_get_pkey(ENGINE *eng, CAPI_KEY * key)
 
     pubkey = OPENSSL_malloc(len);
 
-    if (!pubkey)
+    if (pubkey == NULL)
         goto memerr;
 
     if (!CryptExportKey(key->key, 0, PUBLICKEYBLOB, 0, pubkey, &len)) {
@@ -658,6 +660,7 @@ static EVP_PKEY *capi_get_pkey(ENGINE *eng, CAPI_KEY * key)
     if (bh->aiKeyAlg == CALG_RSA_SIGN || bh->aiKeyAlg == CALG_RSA_KEYX) {
         RSAPUBKEY *rp;
         DWORD rsa_modlen;
+        BIGNUM *e = NULL, *n = NULL;
         unsigned char *rsa_modulus;
         rp = (RSAPUBKEY *) (bh + 1);
         if (rp->magic != 0x31415352) {
@@ -673,31 +676,38 @@ static EVP_PKEY *capi_get_pkey(ENGINE *eng, CAPI_KEY * key)
         if (!rkey)
             goto memerr;
 
-        rkey->e = BN_new();
-        rkey->n = BN_new();
+        e = BN_new();
+        n = BN_new();
 
-        if (!rkey->e || !rkey->n)
+        if (e == NULL || n == NULL) {
+            BN_free(e);
+            BN_free(n);
             goto memerr;
+        }
+
+        RSA_set0_key(rkey, n, e, NULL);
 
-        if (!BN_set_word(rkey->e, rp->pubexp))
+        if (!BN_set_word(e, rp->pubexp))
             goto memerr;
 
         rsa_modlen = rp->bitlen / 8;
-        if (!lend_tobn(rkey->n, rsa_modulus, rsa_modlen))
+        if (!lend_tobn(n, rsa_modulus, rsa_modlen))
             goto memerr;
 
         RSA_set_ex_data(rkey, rsa_capi_idx, key);
 
-        if (!(ret = EVP_PKEY_new()))
+        if ((ret = EVP_PKEY_new()) == NULL)
             goto memerr;
 
         EVP_PKEY_assign_RSA(ret, rkey);
         rkey = NULL;
 
+# ifndef OPENSSL_NO_DSA
     } else if (bh->aiKeyAlg == CALG_DSS_SIGN) {
         DSSPUBKEY *dp;
         DWORD dsa_plen;
         unsigned char *btmp;
+        BIGNUM *p, *q, *g, *pub_key;
         dp = (DSSPUBKEY *) (bh + 1);
         if (dp->magic != 0x31535344) {
             char magstr[10];
@@ -712,35 +722,43 @@ static EVP_PKEY *capi_get_pkey(ENGINE *eng, CAPI_KEY * key)
         dkey = DSA_new_method(eng);
         if (!dkey)
             goto memerr;
-        dkey->p = BN_new();
-        dkey->q = BN_new();
-        dkey->g = BN_new();
-        dkey->pub_key = BN_new();
-        if (!dkey->p || !dkey->q || !dkey->g || !dkey->pub_key)
+        p = BN_new();
+        q = BN_new();
+        g = BN_new();
+        pub_key = BN_new();
+        if (p == NULL || q == NULL || g == NULL || pub_key == NULL) {
+            BN_free(p);
+            BN_free(q);
+            BN_free(g);
+            BN_free(pub_key);
             goto memerr;
-        if (!lend_tobn(dkey->p, btmp, dsa_plen))
+        }
+        DSA_set0_pqg(dkey, p, q, g);
+        DSA_set0_key(dkey, pub_key, NULL);
+        if (!lend_tobn(p, btmp, dsa_plen))
             goto memerr;
         btmp += dsa_plen;
-        if (!lend_tobn(dkey->q, btmp, 20))
+        if (!lend_tobn(q, btmp, 20))
             goto memerr;
         btmp += 20;
-        if (!lend_tobn(dkey->g, btmp, dsa_plen))
+        if (!lend_tobn(g, btmp, dsa_plen))
             goto memerr;
         btmp += dsa_plen;
-        if (!lend_tobn(dkey->pub_key, btmp, dsa_plen))
+        if (!lend_tobn(pub_key, btmp, dsa_plen))
             goto memerr;
         btmp += dsa_plen;
 
         DSA_set_ex_data(dkey, dsa_capi_idx, key);
 
-        if (!(ret = EVP_PKEY_new()))
+        if ((ret = EVP_PKEY_new()) == NULL)
             goto memerr;
 
         EVP_PKEY_assign_DSA(ret, dkey);
         dkey = NULL;
+# endif
     } else {
         char algstr[10];
-        BIO_snprintf(algstr, 10, "%lx", bh->aiKeyAlg);
+        BIO_snprintf(algstr, 10, "%ux", bh->aiKeyAlg);
         CAPIerr(CAPI_F_CAPI_GET_PKEY,
                 CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM);
         ERR_add_error_data(2, "aiKeyAlg=0x", algstr);
@@ -748,13 +766,12 @@ static EVP_PKEY *capi_get_pkey(ENGINE *eng, CAPI_KEY * key)
     }
 
  err:
-    if (pubkey)
-        OPENSSL_free(pubkey);
+    OPENSSL_free(pubkey);
     if (!ret) {
-        if (rkey)
-            RSA_free(rkey);
-        if (dkey)
-            DSA_free(dkey);
+        RSA_free(rkey);
+# ifndef OPENSSL_NO_DSA
+        DSA_free(dkey);
+# endif
     }
 
     return ret;
@@ -811,7 +828,7 @@ int capi_rsa_sign(int dtype, const unsigned char *m, unsigned int m_len,
     CAPI_KEY *capi_key;
     CAPI_CTX *ctx;
 
-    ctx = ENGINE_get_ex_data(rsa->engine, capi_idx);
+    ctx = ENGINE_get_ex_data(RSA_get0_engine(rsa), capi_idx);
 
     CAPI_trace(ctx, "Called CAPI_rsa_sign()\n");
 
@@ -820,7 +837,7 @@ int capi_rsa_sign(int dtype, const unsigned char *m, unsigned int m_len,
         CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_GET_KEY);
         return -1;
     }
-/* Convert the signature type to a CryptoAPI algorithm ID */
+    /* Convert the signature type to a CryptoAPI algorithm ID */
     switch (dtype) {
     case NID_sha256:
         alg = CALG_SHA_256;
@@ -848,20 +865,20 @@ int capi_rsa_sign(int dtype, const unsigned char *m, unsigned int m_len,
     default:
         {
             char algstr[10];
-            BIO_snprintf(algstr, 10, "%lx", dtype);
+            BIO_snprintf(algstr, 10, "%x", dtype);
             CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_UNSUPPORTED_ALGORITHM_NID);
             ERR_add_error_data(2, "NID=0x", algstr);
             return -1;
         }
     }
 
-/* Create the hash object */
+    /* Create the hash object */
     if (!CryptCreateHash(capi_key->hprov, alg, 0, 0, &hash)) {
         CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_CREATE_HASH_OBJECT);
         capi_addlasterror();
         return -1;
     }
-/* Set the hash value to the value passed */
+    /* Set the hash value to the value passed */
 
     if (!CryptSetHashParam(hash, HP_HASHVAL, (unsigned char *)m, 0)) {
         CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_SET_HASH_VALUE);
@@ -869,7 +886,7 @@ int capi_rsa_sign(int dtype, const unsigned char *m, unsigned int m_len,
         goto err;
     }
 
-/* Finally sign it */
+    /* Finally sign it */
     slen = RSA_size(rsa);
     if (!CryptSignHash(hash, capi_key->keyspec, NULL, 0, sigret, &slen)) {
         CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_ERROR_SIGNING_HASH);
@@ -902,7 +919,13 @@ int capi_rsa_priv_dec(int flen, const unsigned char *from,
     unsigned char *tmpbuf;
     CAPI_KEY *capi_key;
     CAPI_CTX *ctx;
-    ctx = ENGINE_get_ex_data(rsa->engine, capi_idx);
+    DWORD flags = 0;
+    DWORD dlen;
+
+    if (flen <= 0)
+        return flen;
+
+    ctx = ENGINE_get_ex_data(RSA_get0_engine(rsa), capi_idx);
 
     CAPI_trace(ctx, "Called capi_rsa_priv_dec()\n");
 
@@ -912,16 +935,27 @@ int capi_rsa_priv_dec(int flen, const unsigned char *from,
         return -1;
     }
 
-    if (padding != RSA_PKCS1_PADDING) {
-        char errstr[10];
-        BIO_snprintf(errstr, 10, "%d", padding);
-        CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_UNSUPPORTED_PADDING);
-        ERR_add_error_data(2, "padding=", errstr);
-        return -1;
+    switch (padding) {
+    case RSA_PKCS1_PADDING:
+        /* Nothing to do */
+        break;
+#ifdef CRYPT_DECRYPT_RSA_NO_PADDING_CHECK
+    case RSA_NO_PADDING:
+        flags = CRYPT_DECRYPT_RSA_NO_PADDING_CHECK;
+        break;
+#endif
+    default:
+        {
+            char errstr[10];
+            BIO_snprintf(errstr, 10, "%d", padding);
+            CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_UNSUPPORTED_PADDING);
+            ERR_add_error_data(2, "padding=", errstr);
+            return -1;
+        }
     }
 
     /* Create temp reverse order version of input */
-    if (!(tmpbuf = OPENSSL_malloc(flen))) {
+    if ((tmpbuf = OPENSSL_malloc(flen)) == NULL) {
         CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, ERR_R_MALLOC_FAILURE);
         return -1;
     }
@@ -929,14 +963,17 @@ int capi_rsa_priv_dec(int flen, const unsigned char *from,
         tmpbuf[flen - i - 1] = from[i];
 
     /* Finally decrypt it */
-    if (!CryptDecrypt(capi_key->key, 0, TRUE, 0, tmpbuf, &flen)) {
+    dlen = flen;
+    if (!CryptDecrypt(capi_key->key, 0, TRUE, flags, tmpbuf, &dlen)) {
         CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_DECRYPT_ERROR);
         capi_addlasterror();
+        OPENSSL_cleanse(tmpbuf, dlen);
         OPENSSL_free(tmpbuf);
         return -1;
-    } else
-        memcpy(to, tmpbuf, flen);
-
+    } else {
+        memcpy(to, tmpbuf, (flen = (int)dlen));
+    }
+    OPENSSL_cleanse(tmpbuf, flen);
     OPENSSL_free(tmpbuf);
 
     return flen;
@@ -951,6 +988,7 @@ static int capi_rsa_free(RSA *rsa)
     return 1;
 }
 
+# ifndef OPENSSL_NO_DSA
 /* CryptoAPI DSA operations */
 
 static DSA_SIG *capi_dsa_do_sign(const unsigned char *digest, int dlen,
@@ -963,7 +1001,7 @@ static DSA_SIG *capi_dsa_do_sign(const unsigned char *digest, int dlen,
     CAPI_CTX *ctx;
     unsigned char csigbuf[40];
 
-    ctx = ENGINE_get_ex_data(dsa->engine, capi_idx);
+    ctx = ENGINE_get_ex_data(DSA_get0_engine(dsa), capi_idx);
 
     CAPI_trace(ctx, "Called CAPI_dsa_do_sign()\n");
 
@@ -1000,19 +1038,17 @@ static DSA_SIG *capi_dsa_do_sign(const unsigned char *digest, int dlen,
         capi_addlasterror();
         goto err;
     } else {
-        ret = DSA_SIG_new();
-        if (!ret)
-            goto err;
-        ret->r = BN_new();
-        ret->s = BN_new();
-        if (!ret->r || !ret->s)
-            goto err;
-        if (!lend_tobn(ret->r, csigbuf, 20)
-            || !lend_tobn(ret->s, csigbuf + 20, 20)) {
-            DSA_SIG_free(ret);
-            ret = NULL;
+        BIGNUM *r = BN_new(), *s = BN_new();
+
+        if (r == NULL || s == NULL
+            || !lend_tobn(r, csigbuf, 20)
+            || !lend_tobn(s, csigbuf + 20, 20)
+            || (ret = DSA_SIG_new()) == NULL) {
+            BN_free(r); /* BN_free checks for BIGNUM * being NULL */
+            BN_free(s);
             goto err;
         }
+        DSA_SIG_set0(ret, r, s);
     }
 
     /* Now cleanup */
@@ -1031,8 +1067,9 @@ static int capi_dsa_free(DSA *dsa)
     DSA_set_ex_data(dsa, dsa_capi_idx, 0);
     return 1;
 }
+# endif
 
-static void capi_vtrace(CAPI_CTX * ctx, int level, char *format,
+static void capi_vtrace(CAPI_CTX *ctx, int level, char *format,
                         va_list argptr)
 {
     BIO *out;
@@ -1040,11 +1077,15 @@ static void capi_vtrace(CAPI_CTX * ctx, int level, char *format,
     if (!ctx || (ctx->debug_level < level) || (!ctx->debug_file))
         return;
     out = BIO_new_file(ctx->debug_file, "a+");
+    if (out == NULL) {
+        CAPIerr(CAPI_F_CAPI_VTRACE, CAPI_R_FILE_OPEN_ERROR);
+        return;
+    }
     BIO_vprintf(out, format, argptr);
     BIO_free(out);
 }
 
-static void CAPI_trace(CAPI_CTX * ctx, char *format, ...)
+static void CAPI_trace(CAPI_CTX *ctx, char *format, ...)
 {
     va_list args;
     va_start(args, format);
@@ -1078,7 +1119,7 @@ static char *wide_to_asc(LPCWSTR wstr)
         return NULL;
     }
     str = OPENSSL_malloc(sz);
-    if (!str) {
+    if (str == NULL) {
         CAPIerr(CAPI_F_WIDE_TO_ASC, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
@@ -1090,7 +1131,7 @@ static char *wide_to_asc(LPCWSTR wstr)
     return str;
 }
 
-static int capi_get_provname(CAPI_CTX * ctx, LPSTR * pname, DWORD * ptype,
+static int capi_get_provname(CAPI_CTX *ctx, LPSTR *pname, DWORD *ptype,
                              DWORD idx)
 {
     DWORD len, err;
@@ -1104,33 +1145,35 @@ static int capi_get_provname(CAPI_CTX * ctx, LPSTR * pname, DWORD * ptype,
         capi_adderror(err);
         return 0;
     }
-    if (sizeof(TCHAR) != sizeof(char))
-        name = alloca(len);
-    else
-        name = OPENSSL_malloc(len);
+    name = OPENSSL_malloc(len);
     if (name == NULL) {
         CAPIerr(CAPI_F_CAPI_GET_PROVNAME, ERR_R_MALLOC_FAILURE);
         return 0;
     }
     if (!CryptEnumProviders(idx, NULL, 0, ptype, name, &len)) {
         err = GetLastError();
+        OPENSSL_free(name);
         if (err == ERROR_NO_MORE_ITEMS)
             return 2;
         CAPIerr(CAPI_F_CAPI_GET_PROVNAME, CAPI_R_CRYPTENUMPROVIDERS_ERROR);
         capi_adderror(err);
         return 0;
     }
-    if (sizeof(TCHAR) != sizeof(char))
+    if (sizeof(TCHAR) != sizeof(char)) {
         *pname = wide_to_asc((WCHAR *)name);
-    else
+        OPENSSL_free(name);
+        if (*pname == NULL)
+            return 0;
+    } else {
         *pname = (char *)name;
+    }
     CAPI_trace(ctx, "capi_get_provname, returned name=%s, type=%d\n", *pname,
                *ptype);
 
     return 1;
 }
 
-static int capi_list_providers(CAPI_CTX * ctx, BIO *out)
+static int capi_list_providers(CAPI_CTX *ctx, BIO *out)
 {
     DWORD idx, ptype;
     int ret;
@@ -1143,45 +1186,44 @@ static int capi_list_providers(CAPI_CTX * ctx, BIO *out)
             break;
         if (ret == 0)
             break;
-        BIO_printf(out, "%d. %s, type %d\n", idx, provname, ptype);
+        BIO_printf(out, "%lu. %s, type %lu\n", idx, provname, ptype);
         OPENSSL_free(provname);
     }
     return 1;
 }
 
-static int capi_list_containers(CAPI_CTX * ctx, BIO *out)
+static int capi_list_containers(CAPI_CTX *ctx, BIO *out)
 {
     int ret = 1;
     HCRYPTPROV hprov;
     DWORD err, idx, flags, buflen = 0, clen;
     LPSTR cname;
-    LPTSTR cspname = NULL;
+    LPWSTR cspname = NULL;
 
     CAPI_trace(ctx, "Listing containers CSP=%s, type = %d\n", ctx->cspname,
                ctx->csptype);
-    if (ctx->cspname && sizeof(TCHAR) != sizeof(char)) {
-        if ((clen =
-             MultiByteToWideChar(CP_ACP, 0, ctx->cspname, -1, NULL, 0))) {
+    if (ctx->cspname != NULL) {
+        if ((clen = MultiByteToWideChar(CP_ACP, 0, ctx->cspname, -1,
+                                        NULL, 0))) {
             cspname = alloca(clen * sizeof(WCHAR));
             MultiByteToWideChar(CP_ACP, 0, ctx->cspname, -1, (WCHAR *)cspname,
                                 clen);
         }
-        if (!cspname) {
+        if (cspname == NULL) {
             CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, ERR_R_MALLOC_FAILURE);
             capi_addlasterror();
             return 0;
         }
-    } else
-        cspname = (TCHAR *)ctx->cspname;
-    if (!CryptAcquireContext
-        (&hprov, NULL, cspname, ctx->csptype, CRYPT_VERIFYCONTEXT)) {
+    }
+    if (!CryptAcquireContextW(&hprov, NULL, cspname, ctx->csptype,
+                              CRYPT_VERIFYCONTEXT)) {
         CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS,
                 CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
         capi_addlasterror();
         return 0;
     }
-    if (!CryptGetProvParam
-        (hprov, PP_ENUMCONTAINERS, NULL, &buflen, CRYPT_FIRST)) {
+    if (!CryptGetProvParam(hprov, PP_ENUMCONTAINERS, NULL, &buflen,
+                           CRYPT_FIRST)) {
         CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_ENUMCONTAINERS_ERROR);
         capi_addlasterror();
         CryptReleaseContext(hprov, 0);
@@ -1191,7 +1233,7 @@ static int capi_list_containers(CAPI_CTX * ctx, BIO *out)
     if (buflen == 0)
         buflen = 1024;
     cname = OPENSSL_malloc(buflen);
-    if (!cname) {
+    if (cname == NULL) {
         CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, ERR_R_MALLOC_FAILURE);
         goto err;
     }
@@ -1204,8 +1246,8 @@ static int capi_list_containers(CAPI_CTX * ctx, BIO *out)
             flags = CRYPT_FIRST;
         else
             flags = 0;
-        if (!CryptGetProvParam
-            (hprov, PP_ENUMCONTAINERS, (BYTE *) cname, &clen, flags)) {
+        if (!CryptGetProvParam(hprov, PP_ENUMCONTAINERS, (BYTE *)cname,
+                               &clen, flags)) {
             err = GetLastError();
             if (err == ERROR_NO_MORE_ITEMS)
                 goto done;
@@ -1219,35 +1261,35 @@ static int capi_list_containers(CAPI_CTX * ctx, BIO *out)
             CAPI_trace(ctx, "Enumerate bug: using workaround\n");
             goto done;
         }
-        BIO_printf(out, "%d. %s\n", idx, cname);
+        BIO_printf(out, "%lu. %s\n", idx, cname);
     }
  err:
 
     ret = 0;
 
  done:
-    if (cname)
-        OPENSSL_free(cname);
+    OPENSSL_free(cname);
     CryptReleaseContext(hprov, 0);
 
     return ret;
 }
 
-CRYPT_KEY_PROV_INFO *capi_get_prov_info(CAPI_CTX * ctx, PCCERT_CONTEXT cert)
+static CRYPT_KEY_PROV_INFO *capi_get_prov_info(CAPI_CTX *ctx,
+                                               PCCERT_CONTEXT cert)
 {
     DWORD len;
     CRYPT_KEY_PROV_INFO *pinfo;
 
-    if (!CertGetCertificateContextProperty
-        (cert, CERT_KEY_PROV_INFO_PROP_ID, NULL, &len))
+    if (!CertGetCertificateContextProperty(cert, CERT_KEY_PROV_INFO_PROP_ID,
+                                           NULL, &len))
         return NULL;
     pinfo = OPENSSL_malloc(len);
-    if (!pinfo) {
+    if (pinfo == NULL) {
         CAPIerr(CAPI_F_CAPI_GET_PROV_INFO, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
-    if (!CertGetCertificateContextProperty
-        (cert, CERT_KEY_PROV_INFO_PROP_ID, pinfo, &len)) {
+    if (!CertGetCertificateContextProperty(cert, CERT_KEY_PROV_INFO_PROP_ID,
+                                           pinfo, &len)) {
         CAPIerr(CAPI_F_CAPI_GET_PROV_INFO,
                 CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO);
         capi_addlasterror();
@@ -1257,8 +1299,8 @@ CRYPT_KEY_PROV_INFO *capi_get_prov_info(CAPI_CTX * ctx, PCCERT_CONTEXT cert)
     return pinfo;
 }
 
-static void capi_dump_prov_info(CAPI_CTX * ctx, BIO *out,
-                                CRYPT_KEY_PROV_INFO * pinfo)
+static void capi_dump_prov_info(CAPI_CTX *ctx, BIO *out,
+                                CRYPT_KEY_PROV_INFO *pinfo)
 {
     char *provname = NULL, *contname = NULL;
     if (!pinfo) {
@@ -1271,33 +1313,29 @@ static void capi_dump_prov_info(CAPI_CTX * ctx, BIO *out,
         goto err;
 
     BIO_printf(out, "  Private Key Info:\n");
-    BIO_printf(out, "    Provider Name:  %s, Provider Type %d\n", provname,
+    BIO_printf(out, "    Provider Name:  %s, Provider Type %lu\n", provname,
                pinfo->dwProvType);
-    BIO_printf(out, "    Container Name: %s, Key Type %d\n", contname,
+    BIO_printf(out, "    Container Name: %s, Key Type %lu\n", contname,
                pinfo->dwKeySpec);
  err:
-    if (provname)
-        OPENSSL_free(provname);
-    if (contname)
-        OPENSSL_free(contname);
+    OPENSSL_free(provname);
+    OPENSSL_free(contname);
 }
 
-char *capi_cert_get_fname(CAPI_CTX * ctx, PCCERT_CONTEXT cert)
+static char *capi_cert_get_fname(CAPI_CTX *ctx, PCCERT_CONTEXT cert)
 {
     LPWSTR wfname;
     DWORD dlen;
 
     CAPI_trace(ctx, "capi_cert_get_fname\n");
-    if (!CertGetCertificateContextProperty
-        (cert, CERT_FRIENDLY_NAME_PROP_ID, NULL, &dlen))
+    if (!CertGetCertificateContextProperty(cert, CERT_FRIENDLY_NAME_PROP_ID,
+                                           NULL, &dlen))
         return NULL;
     wfname = OPENSSL_malloc(dlen);
-    if (wfname == NULL) {
-        CAPIerr(CAPI_F_CAPI_CERT_GET_FNAME, ERR_R_MALLOC_FAILURE);
+    if (wfname == NULL)
         return NULL;
-    }
-    if (CertGetCertificateContextProperty
-        (cert, CERT_FRIENDLY_NAME_PROP_ID, wfname, &dlen)) {
+    if (CertGetCertificateContextProperty(cert, CERT_FRIENDLY_NAME_PROP_ID,
+                                          wfname, &dlen)) {
         char *fname = wide_to_asc(wfname);
         OPENSSL_free(wfname);
         return fname;
@@ -1309,10 +1347,10 @@ char *capi_cert_get_fname(CAPI_CTX * ctx, PCCERT_CONTEXT cert)
     return NULL;
 }
 
-void capi_dump_cert(CAPI_CTX * ctx, BIO *out, PCCERT_CONTEXT cert)
+static void capi_dump_cert(CAPI_CTX *ctx, BIO *out, PCCERT_CONTEXT cert)
 {
     X509 *x;
-    unsigned char *p;
+    const unsigned char *p;
     unsigned long flags = ctx->dump_flags;
     if (flags & CAPI_DMP_FNAME) {
         char *fname;
@@ -1320,8 +1358,9 @@ void capi_dump_cert(CAPI_CTX * ctx, BIO *out, PCCERT_CONTEXT cert)
         if (fname) {
             BIO_printf(out, "  Friendly Name \"%s\"\n", fname);
             OPENSSL_free(fname);
-        } else
+        } else {
             BIO_printf(out, "  <No Friendly Name>\n");
+        }
     }
 
     p = cert->pbCertEncoded;
@@ -1342,8 +1381,7 @@ void capi_dump_cert(CAPI_CTX * ctx, BIO *out, PCCERT_CONTEXT cert)
         CRYPT_KEY_PROV_INFO *pinfo;
         pinfo = capi_get_prov_info(ctx, cert);
         capi_dump_prov_info(ctx, out, pinfo);
-        if (pinfo)
-            OPENSSL_free(pinfo);
+        OPENSSL_free(pinfo);
     }
 
     if (flags & CAPI_DMP_PEM)
@@ -1351,7 +1389,7 @@ void capi_dump_cert(CAPI_CTX * ctx, BIO *out, PCCERT_CONTEXT cert)
     X509_free(x);
 }
 
-HCERTSTORE capi_open_store(CAPI_CTX * ctx, char *storename)
+static HCERTSTORE capi_open_store(CAPI_CTX *ctx, char *storename)
 {
     HCERTSTORE hstore;
 
@@ -1370,7 +1408,7 @@ HCERTSTORE capi_open_store(CAPI_CTX * ctx, char *storename)
     return hstore;
 }
 
-int capi_list_certs(CAPI_CTX * ctx, BIO *out, char *id)
+int capi_list_certs(CAPI_CTX *ctx, BIO *out, char *id)
 {
     char *storename;
     int idx;
@@ -1408,7 +1446,7 @@ int capi_list_certs(CAPI_CTX * ctx, BIO *out, char *id)
     return ret;
 }
 
-static PCCERT_CONTEXT capi_find_cert(CAPI_CTX * ctx, const char *id,
+static PCCERT_CONTEXT capi_find_cert(CAPI_CTX *ctx, const char *id,
                                      HCERTSTORE hstore)
 {
     PCCERT_CONTEXT cert = NULL;
@@ -1416,8 +1454,7 @@ static PCCERT_CONTEXT capi_find_cert(CAPI_CTX * ctx, const char *id,
     int match;
     switch (ctx->lookup_method) {
     case CAPI_LU_SUBSTR:
-        return CertFindCertificateInStore(hstore,
-                                          X509_ASN_ENCODING, 0,
+        return CertFindCertificateInStore(hstore, X509_ASN_ENCODING, 0,
                                           CERT_FIND_SUBJECT_STR_A, id, NULL);
     case CAPI_LU_FNAME:
         for (;;) {
@@ -1440,35 +1477,38 @@ static PCCERT_CONTEXT capi_find_cert(CAPI_CTX * ctx, const char *id,
     }
 }
 
-static CAPI_KEY *capi_get_key(CAPI_CTX * ctx, const TCHAR *contname,
-                              TCHAR *provname, DWORD ptype, DWORD keyspec)
+static CAPI_KEY *capi_get_key(CAPI_CTX *ctx, const WCHAR *contname,
+                              const WCHAR *provname, DWORD ptype,
+                              DWORD keyspec)
 {
-    CAPI_KEY *key;
     DWORD dwFlags = 0;
-    key = OPENSSL_malloc(sizeof(CAPI_KEY));
-    if (key == NULL) {
-        CAPIerr(CAPI_F_CAPI_GET_KEY, ERR_R_MALLOC_FAILURE);
-        capi_addlasterror();
-        goto err;
+    CAPI_KEY *key = OPENSSL_malloc(sizeof(*key));
+
+    if (key == NULL)
+        return NULL;
+    /* If PROV_RSA_AES supported use it instead */
+    if (ptype == PROV_RSA_FULL && use_aes_csp &&
+        wcscmp(provname, rsa_enh_cspname) == 0) {
+        provname = rsa_aes_cspname;
+        ptype = PROV_RSA_AES;
     }
-    if (sizeof(TCHAR) == sizeof(char))
-        CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s, type=%d\n",
-                   contname, provname, ptype);
-    else if (ctx && ctx->debug_level >= CAPI_DBG_TRACE && ctx->debug_file) {
-        /* above 'if' is optimization to minimize malloc-ations */
-        char *_contname = wide_to_asc((WCHAR *)contname);
-        char *_provname = wide_to_asc((WCHAR *)provname);
+    if (ctx && ctx->debug_level >= CAPI_DBG_TRACE && ctx->debug_file) {
+        /*
+         * above 'if' is [complementary] copy from CAPI_trace and serves
+         * as optimization to minimize [below] malloc-ations
+         */
+        char *_contname = wide_to_asc(contname);
+        char *_provname = wide_to_asc(provname);
 
         CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s, type=%d\n",
                    _contname, _provname, ptype);
-        if (_provname)
-            OPENSSL_free(_provname);
-        if (_contname)
-            OPENSSL_free(_contname);
+        OPENSSL_free(_provname);
+        OPENSSL_free(_contname);
     }
     if (ctx->store_flags & CERT_SYSTEM_STORE_LOCAL_MACHINE)
         dwFlags = CRYPT_MACHINE_KEYSET;
-    if (!CryptAcquireContext(&key->hprov, contname, provname, ptype, dwFlags)) {
+    if (!CryptAcquireContextW(&key->hprov, contname, provname, ptype,
+                              dwFlags)) {
         CAPIerr(CAPI_F_CAPI_GET_KEY, CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
         capi_addlasterror();
         goto err;
@@ -1488,42 +1528,27 @@ static CAPI_KEY *capi_get_key(CAPI_CTX * ctx, const TCHAR *contname,
     return NULL;
 }
 
-static CAPI_KEY *capi_get_cert_key(CAPI_CTX * ctx, PCCERT_CONTEXT cert)
+static CAPI_KEY *capi_get_cert_key(CAPI_CTX *ctx, PCCERT_CONTEXT cert)
 {
     CAPI_KEY *key = NULL;
     CRYPT_KEY_PROV_INFO *pinfo = NULL;
-    char *provname = NULL, *contname = NULL;
+
     pinfo = capi_get_prov_info(ctx, cert);
-    if (!pinfo)
-        goto err;
-    if (sizeof(TCHAR) != sizeof(char))
-        key = capi_get_key(ctx, (TCHAR *)pinfo->pwszContainerName,
-                           (TCHAR *)pinfo->pwszProvName,
-                           pinfo->dwProvType, pinfo->dwKeySpec);
-    else {
-        provname = wide_to_asc(pinfo->pwszProvName);
-        contname = wide_to_asc(pinfo->pwszContainerName);
-        if (!provname || !contname)
-            goto err;
-        key = capi_get_key(ctx, (TCHAR *)contname, (TCHAR *)provname,
+
+    if (pinfo != NULL)
+        key = capi_get_key(ctx, pinfo->pwszContainerName, pinfo->pwszProvName,
                            pinfo->dwProvType, pinfo->dwKeySpec);
-    }
 
- err:
-    if (pinfo)
-        OPENSSL_free(pinfo);
-    if (provname)
-        OPENSSL_free(provname);
-    if (contname)
-        OPENSSL_free(contname);
+    OPENSSL_free(pinfo);
     return key;
 }
 
-CAPI_KEY *capi_find_key(CAPI_CTX * ctx, const char *id)
+CAPI_KEY *capi_find_key(CAPI_CTX *ctx, const char *id)
 {
     PCCERT_CONTEXT cert;
     HCERTSTORE hstore;
     CAPI_KEY *key = NULL;
+
     switch (ctx->lookup_method) {
     case CAPI_LU_SUBSTR:
     case CAPI_LU_FNAME:
@@ -1539,36 +1564,28 @@ CAPI_KEY *capi_find_key(CAPI_CTX * ctx, const char *id)
         break;
 
     case CAPI_LU_CONTNAME:
-        if (sizeof(TCHAR) != sizeof(char)) {
+        {
             WCHAR *contname, *provname;
             DWORD len;
 
             if ((len = MultiByteToWideChar(CP_ACP, 0, id, -1, NULL, 0)) &&
                 (contname = alloca(len * sizeof(WCHAR)),
                  MultiByteToWideChar(CP_ACP, 0, id, -1, contname, len)) &&
-                (len =
-                 MultiByteToWideChar(CP_ACP, 0, ctx->cspname, -1, NULL, 0))
-                && (provname =
-                    alloca(len * sizeof(WCHAR)), MultiByteToWideChar(CP_ACP,
-                                                                     0,
-                                                                     ctx->cspname,
-                                                                     -1,
-                                                                     provname,
-                                                                     len)))
-                key =
-                    capi_get_key(ctx, (TCHAR *)contname, (TCHAR *)provname,
-                                 ctx->csptype, ctx->keytype);
-        } else
-            key = capi_get_key(ctx, (TCHAR *)id,
-                               (TCHAR *)ctx->cspname,
-                               ctx->csptype, ctx->keytype);
+                (len = MultiByteToWideChar(CP_ACP, 0, ctx->cspname, -1,
+                                           NULL, 0)) &&
+                (provname = alloca(len * sizeof(WCHAR)),
+                 MultiByteToWideChar(CP_ACP, 0, ctx->cspname, -1,
+                                     provname, len)))
+                key = capi_get_key(ctx, contname, provname,
+                                   ctx->csptype, ctx->keytype);
+        }
         break;
     }
 
     return key;
 }
 
-void capi_free_key(CAPI_KEY * key)
+void capi_free_key(CAPI_KEY *key)
 {
     if (!key)
         return;
@@ -1581,64 +1598,53 @@ void capi_free_key(CAPI_KEY * key)
 
 /* Initialize a CAPI_CTX structure */
 
-static CAPI_CTX *capi_ctx_new()
+static CAPI_CTX *capi_ctx_new(void)
 {
-    CAPI_CTX *ctx;
-    ctx = OPENSSL_malloc(sizeof(CAPI_CTX));
-    if (!ctx) {
+    CAPI_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
+
+    if (ctx == NULL) {
         CAPIerr(CAPI_F_CAPI_CTX_NEW, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
-    ctx->cspname = NULL;
     ctx->csptype = PROV_RSA_FULL;
     ctx->dump_flags = CAPI_DMP_SUMMARY | CAPI_DMP_FNAME;
     ctx->keytype = AT_KEYEXCHANGE;
-    ctx->storename = NULL;
-    ctx->ssl_client_store = NULL;
     ctx->store_flags = CERT_STORE_OPEN_EXISTING_FLAG |
         CERT_STORE_READONLY_FLAG | CERT_SYSTEM_STORE_CURRENT_USER;
     ctx->lookup_method = CAPI_LU_SUBSTR;
-    ctx->debug_level = 0;
-    ctx->debug_file = NULL;
     ctx->client_cert_select = cert_select_simple;
     return ctx;
 }
 
-static void capi_ctx_free(CAPI_CTX * ctx)
+static void capi_ctx_free(CAPI_CTX *ctx)
 {
     CAPI_trace(ctx, "Calling capi_ctx_free with %lx\n", ctx);
     if (!ctx)
         return;
-    if (ctx->cspname)
-        OPENSSL_free(ctx->cspname);
-    if (ctx->debug_file)
-        OPENSSL_free(ctx->debug_file);
-    if (ctx->storename)
-        OPENSSL_free(ctx->storename);
-    if (ctx->ssl_client_store)
-        OPENSSL_free(ctx->ssl_client_store);
+    OPENSSL_free(ctx->cspname);
+    OPENSSL_free(ctx->debug_file);
+    OPENSSL_free(ctx->storename);
+    OPENSSL_free(ctx->ssl_client_store);
     OPENSSL_free(ctx);
 }
 
-static int capi_ctx_set_provname(CAPI_CTX * ctx, LPSTR pname, DWORD type,
+static int capi_ctx_set_provname(CAPI_CTX *ctx, LPSTR pname, DWORD type,
                                  int check)
 {
+    LPSTR tmpcspname;
+
     CAPI_trace(ctx, "capi_ctx_set_provname, name=%s, type=%d\n", pname, type);
     if (check) {
         HCRYPTPROV hprov;
-        LPTSTR name = NULL;
+        LPWSTR name = NULL;
+        DWORD len;
 
-        if (sizeof(TCHAR) != sizeof(char)) {
-            DWORD len;
-            if ((len = MultiByteToWideChar(CP_ACP, 0, pname, -1, NULL, 0))) {
-                name = alloca(len * sizeof(WCHAR));
-                MultiByteToWideChar(CP_ACP, 0, pname, -1, (WCHAR *)name, len);
-            }
-        } else
-            name = (TCHAR *)pname;
-
-        if (!name || !CryptAcquireContext(&hprov, NULL, name, type,
-                                          CRYPT_VERIFYCONTEXT)) {
+        if ((len = MultiByteToWideChar(CP_ACP, 0, pname, -1, NULL, 0))) {
+            name = alloca(len * sizeof(WCHAR));
+            MultiByteToWideChar(CP_ACP, 0, pname, -1, (WCHAR *)name, len);
+        }
+        if (name == NULL || !CryptAcquireContextW(&hprov, NULL, name, type,
+                                                  CRYPT_VERIFYCONTEXT)) {
             CAPIerr(CAPI_F_CAPI_CTX_SET_PROVNAME,
                     CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
             capi_addlasterror();
@@ -1646,14 +1652,18 @@ static int capi_ctx_set_provname(CAPI_CTX * ctx, LPSTR pname, DWORD type,
         }
         CryptReleaseContext(hprov, 0);
     }
-    if (ctx->cspname)
-        OPENSSL_free(ctx->cspname);
-    ctx->cspname = BUF_strdup(pname);
+    tmpcspname = OPENSSL_strdup(pname);
+    if (tmpcspname == NULL) {
+        CAPIerr(CAPI_F_CAPI_CTX_SET_PROVNAME, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    OPENSSL_free(ctx->cspname);
+    ctx->cspname = tmpcspname;
     ctx->csptype = type;
     return 1;
 }
 
-static int capi_ctx_set_provname_idx(CAPI_CTX * ctx, int idx)
+static int capi_ctx_set_provname_idx(CAPI_CTX *ctx, int idx)
 {
     LPSTR pname;
     DWORD type;
@@ -1689,7 +1699,7 @@ static int capi_load_ssl_client_cert(ENGINE *e, SSL *ssl,
     STACK_OF(X509) *certs = NULL;
     X509 *x;
     char *storename;
-    const char *p;
+    const unsigned char *p;
     int i, client_cert_idx;
     HCERTSTORE hstore;
     PCCERT_CONTEXT cert = NULL, excert = NULL;
@@ -1737,9 +1747,9 @@ static int capi_load_ssl_client_cert(ENGINE *e, SSL *ssl,
                 certs = sk_X509_new_null();
 
             sk_X509_push(certs, x);
-        } else
+        } else {
             X509_free(x);
-
+        }
     }
 
     if (cert)
@@ -1888,7 +1898,8 @@ OPENSSL_EXPORT
 
 IMPLEMENT_DYNAMIC_CHECK_FN()
 # else
-void ENGINE_load_capi(void)
+void engine_load_capi_int(void);
+void engine_load_capi_int(void)
 {
 }
 # endif
diff --git a/freebsd/crypto/openssl/engines/e_capi_err.c b/freebsd/crypto/openssl/engines/e_capi_err.c
index 3793a6c9..2adc0199 100644
--- a/freebsd/crypto/openssl/engines/e_capi_err.c
+++ b/freebsd/crypto/openssl/engines/e_capi_err.c
@@ -1,189 +1,121 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* e_capi_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2009 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
 /*
- * NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
 #include "e_capi_err.h"
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(0,func,0)
-# define ERR_REASON(reason) ERR_PACK(0,0,reason)
-
 static ERR_STRING_DATA CAPI_str_functs[] = {
-    {ERR_FUNC(CAPI_F_CAPI_CERT_GET_FNAME), "CAPI_CERT_GET_FNAME"},
-    {ERR_FUNC(CAPI_F_CAPI_CTRL), "CAPI_CTRL"},
-    {ERR_FUNC(CAPI_F_CAPI_CTX_NEW), "CAPI_CTX_NEW"},
-    {ERR_FUNC(CAPI_F_CAPI_CTX_SET_PROVNAME), "CAPI_CTX_SET_PROVNAME"},
-    {ERR_FUNC(CAPI_F_CAPI_DSA_DO_SIGN), "CAPI_DSA_DO_SIGN"},
-    {ERR_FUNC(CAPI_F_CAPI_GET_KEY), "CAPI_GET_KEY"},
-    {ERR_FUNC(CAPI_F_CAPI_GET_PKEY), "CAPI_GET_PKEY"},
-    {ERR_FUNC(CAPI_F_CAPI_GET_PROVNAME), "CAPI_GET_PROVNAME"},
-    {ERR_FUNC(CAPI_F_CAPI_GET_PROV_INFO), "CAPI_GET_PROV_INFO"},
-    {ERR_FUNC(CAPI_F_CAPI_INIT), "CAPI_INIT"},
-    {ERR_FUNC(CAPI_F_CAPI_LIST_CONTAINERS), "CAPI_LIST_CONTAINERS"},
-    {ERR_FUNC(CAPI_F_CAPI_LOAD_PRIVKEY), "CAPI_LOAD_PRIVKEY"},
-    {ERR_FUNC(CAPI_F_CAPI_OPEN_STORE), "CAPI_OPEN_STORE"},
-    {ERR_FUNC(CAPI_F_CAPI_RSA_PRIV_DEC), "CAPI_RSA_PRIV_DEC"},
-    {ERR_FUNC(CAPI_F_CAPI_RSA_PRIV_ENC), "CAPI_RSA_PRIV_ENC"},
-    {ERR_FUNC(CAPI_F_CAPI_RSA_SIGN), "CAPI_RSA_SIGN"},
-    {ERR_FUNC(CAPI_F_CERT_SELECT_DIALOG), "CERT_SELECT_DIALOG"},
-    {ERR_FUNC(CAPI_F_CLIENT_CERT_SELECT), "CLIENT_CERT_SELECT"},
-    {ERR_FUNC(CAPI_F_WIDE_TO_ASC), "WIDE_TO_ASC"},
+    {ERR_PACK(0, CAPI_F_CAPI_CERT_GET_FNAME, 0), "capi_cert_get_fname"},
+    {ERR_PACK(0, CAPI_F_CAPI_CTRL, 0), "capi_ctrl"},
+    {ERR_PACK(0, CAPI_F_CAPI_CTX_NEW, 0), "capi_ctx_new"},
+    {ERR_PACK(0, CAPI_F_CAPI_CTX_SET_PROVNAME, 0), "capi_ctx_set_provname"},
+    {ERR_PACK(0, CAPI_F_CAPI_DSA_DO_SIGN, 0), "capi_dsa_do_sign"},
+    {ERR_PACK(0, CAPI_F_CAPI_GET_KEY, 0), "capi_get_key"},
+    {ERR_PACK(0, CAPI_F_CAPI_GET_PKEY, 0), "capi_get_pkey"},
+    {ERR_PACK(0, CAPI_F_CAPI_GET_PROVNAME, 0), "capi_get_provname"},
+    {ERR_PACK(0, CAPI_F_CAPI_GET_PROV_INFO, 0), "capi_get_prov_info"},
+    {ERR_PACK(0, CAPI_F_CAPI_INIT, 0), "capi_init"},
+    {ERR_PACK(0, CAPI_F_CAPI_LIST_CONTAINERS, 0), "capi_list_containers"},
+    {ERR_PACK(0, CAPI_F_CAPI_LOAD_PRIVKEY, 0), "capi_load_privkey"},
+    {ERR_PACK(0, CAPI_F_CAPI_OPEN_STORE, 0), "capi_open_store"},
+    {ERR_PACK(0, CAPI_F_CAPI_RSA_PRIV_DEC, 0), "capi_rsa_priv_dec"},
+    {ERR_PACK(0, CAPI_F_CAPI_RSA_PRIV_ENC, 0), "capi_rsa_priv_enc"},
+    {ERR_PACK(0, CAPI_F_CAPI_RSA_SIGN, 0), "capi_rsa_sign"},
+    {ERR_PACK(0, CAPI_F_CAPI_VTRACE, 0), "capi_vtrace"},
+    {ERR_PACK(0, CAPI_F_CERT_SELECT_DIALOG, 0), "cert_select_dialog"},
+    {ERR_PACK(0, CAPI_F_CLIENT_CERT_SELECT, 0), ""},
+    {ERR_PACK(0, CAPI_F_WIDE_TO_ASC, 0), "wide_to_asc"},
     {0, NULL}
 };
 
 static ERR_STRING_DATA CAPI_str_reasons[] = {
-    {ERR_REASON(CAPI_R_CANT_CREATE_HASH_OBJECT), "cant create hash object"},
-    {ERR_REASON(CAPI_R_CANT_FIND_CAPI_CONTEXT), "cant find capi context"},
-    {ERR_REASON(CAPI_R_CANT_GET_KEY), "cant get key"},
-    {ERR_REASON(CAPI_R_CANT_SET_HASH_VALUE), "cant set hash value"},
-    {ERR_REASON(CAPI_R_CRYPTACQUIRECONTEXT_ERROR),
-     "cryptacquirecontext error"},
-    {ERR_REASON(CAPI_R_CRYPTENUMPROVIDERS_ERROR), "cryptenumproviders error"},
-    {ERR_REASON(CAPI_R_DECRYPT_ERROR), "decrypt error"},
-    {ERR_REASON(CAPI_R_ENGINE_NOT_INITIALIZED), "engine not initialized"},
-    {ERR_REASON(CAPI_R_ENUMCONTAINERS_ERROR), "enumcontainers error"},
-    {ERR_REASON(CAPI_R_ERROR_ADDING_CERT), "error adding cert"},
-    {ERR_REASON(CAPI_R_ERROR_CREATING_STORE), "error creating store"},
-    {ERR_REASON(CAPI_R_ERROR_GETTING_FRIENDLY_NAME),
-     "error getting friendly name"},
-    {ERR_REASON(CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO),
-     "error getting key provider info"},
-    {ERR_REASON(CAPI_R_ERROR_OPENING_STORE), "error opening store"},
-    {ERR_REASON(CAPI_R_ERROR_SIGNING_HASH), "error signing hash"},
-    {ERR_REASON(CAPI_R_FUNCTION_NOT_SUPPORTED), "function not supported"},
-    {ERR_REASON(CAPI_R_GETUSERKEY_ERROR), "getuserkey error"},
-    {ERR_REASON(CAPI_R_INVALID_DIGEST_LENGTH), "invalid digest length"},
-    {ERR_REASON(CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER),
-     "invalid dsa public key blob magic number"},
-    {ERR_REASON(CAPI_R_INVALID_LOOKUP_METHOD), "invalid lookup method"},
-    {ERR_REASON(CAPI_R_INVALID_PUBLIC_KEY_BLOB), "invalid public key blob"},
-    {ERR_REASON(CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER),
-     "invalid rsa public key blob magic number"},
-    {ERR_REASON(CAPI_R_PUBKEY_EXPORT_ERROR), "pubkey export error"},
-    {ERR_REASON(CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR),
-     "pubkey export length error"},
-    {ERR_REASON(CAPI_R_UNKNOWN_COMMAND), "unknown command"},
-    {ERR_REASON(CAPI_R_UNSUPPORTED_ALGORITHM_NID),
-     "unsupported algorithm nid"},
-    {ERR_REASON(CAPI_R_UNSUPPORTED_PADDING), "unsupported padding"},
-    {ERR_REASON(CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM),
-     "unsupported public key algorithm"},
-    {ERR_REASON(CAPI_R_WIN32_ERROR), "win32 error"},
+    {ERR_PACK(0, 0, CAPI_R_CANT_CREATE_HASH_OBJECT), "cant create hash object"},
+    {ERR_PACK(0, 0, CAPI_R_CANT_FIND_CAPI_CONTEXT), "cant find capi context"},
+    {ERR_PACK(0, 0, CAPI_R_CANT_GET_KEY), "cant get key"},
+    {ERR_PACK(0, 0, CAPI_R_CANT_SET_HASH_VALUE), "cant set hash value"},
+    {ERR_PACK(0, 0, CAPI_R_CRYPTACQUIRECONTEXT_ERROR),
+    "cryptacquirecontext error"},
+    {ERR_PACK(0, 0, CAPI_R_CRYPTENUMPROVIDERS_ERROR),
+    "cryptenumproviders error"},
+    {ERR_PACK(0, 0, CAPI_R_DECRYPT_ERROR), "decrypt error"},
+    {ERR_PACK(0, 0, CAPI_R_ENGINE_NOT_INITIALIZED), "engine not initialized"},
+    {ERR_PACK(0, 0, CAPI_R_ENUMCONTAINERS_ERROR), "enumcontainers error"},
+    {ERR_PACK(0, 0, CAPI_R_ERROR_ADDING_CERT), "error adding cert"},
+    {ERR_PACK(0, 0, CAPI_R_ERROR_CREATING_STORE), "error creating store"},
+    {ERR_PACK(0, 0, CAPI_R_ERROR_GETTING_FRIENDLY_NAME),
+    "error getting friendly name"},
+    {ERR_PACK(0, 0, CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO),
+    "error getting key provider info"},
+    {ERR_PACK(0, 0, CAPI_R_ERROR_OPENING_STORE), "error opening store"},
+    {ERR_PACK(0, 0, CAPI_R_ERROR_SIGNING_HASH), "error signing hash"},
+    {ERR_PACK(0, 0, CAPI_R_FILE_OPEN_ERROR), "file open error"},
+    {ERR_PACK(0, 0, CAPI_R_FUNCTION_NOT_SUPPORTED), "function not supported"},
+    {ERR_PACK(0, 0, CAPI_R_GETUSERKEY_ERROR), "getuserkey error"},
+    {ERR_PACK(0, 0, CAPI_R_INVALID_DIGEST_LENGTH), "invalid digest length"},
+    {ERR_PACK(0, 0, CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER),
+    "invalid dsa public key blob magic number"},
+    {ERR_PACK(0, 0, CAPI_R_INVALID_LOOKUP_METHOD), "invalid lookup method"},
+    {ERR_PACK(0, 0, CAPI_R_INVALID_PUBLIC_KEY_BLOB), "invalid public key blob"},
+    {ERR_PACK(0, 0, CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER),
+    "invalid rsa public key blob magic number"},
+    {ERR_PACK(0, 0, CAPI_R_PUBKEY_EXPORT_ERROR), "pubkey export error"},
+    {ERR_PACK(0, 0, CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR),
+    "pubkey export length error"},
+    {ERR_PACK(0, 0, CAPI_R_UNKNOWN_COMMAND), "unknown command"},
+    {ERR_PACK(0, 0, CAPI_R_UNSUPPORTED_ALGORITHM_NID),
+    "unsupported algorithm nid"},
+    {ERR_PACK(0, 0, CAPI_R_UNSUPPORTED_PADDING), "unsupported padding"},
+    {ERR_PACK(0, 0, CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM),
+    "unsupported public key algorithm"},
+    {ERR_PACK(0, 0, CAPI_R_WIN32_ERROR), "win32 error"},
     {0, NULL}
 };
 
 #endif
 
-#ifdef CAPI_LIB_NAME
-static ERR_STRING_DATA CAPI_lib_name[] = {
-    {0, CAPI_LIB_NAME},
-    {0, NULL}
-};
-#endif
+static int lib_code = 0;
+static int error_loaded = 0;
 
-static int CAPI_lib_error_code = 0;
-static int CAPI_error_init = 1;
-
-static void ERR_load_CAPI_strings(void)
+static int ERR_load_CAPI_strings(void)
 {
-    if (CAPI_lib_error_code == 0)
-        CAPI_lib_error_code = ERR_get_next_error_library();
+    if (lib_code == 0)
+        lib_code = ERR_get_next_error_library();
 
-    if (CAPI_error_init) {
-        CAPI_error_init = 0;
+    if (!error_loaded) {
 #ifndef OPENSSL_NO_ERR
-        ERR_load_strings(CAPI_lib_error_code, CAPI_str_functs);
-        ERR_load_strings(CAPI_lib_error_code, CAPI_str_reasons);
-#endif
-
-#ifdef CAPI_LIB_NAME
-        CAPI_lib_name->error = ERR_PACK(CAPI_lib_error_code, 0, 0);
-        ERR_load_strings(0, CAPI_lib_name);
+        ERR_load_strings(lib_code, CAPI_str_functs);
+        ERR_load_strings(lib_code, CAPI_str_reasons);
 #endif
+        error_loaded = 1;
     }
+    return 1;
 }
 
 static void ERR_unload_CAPI_strings(void)
 {
-    if (CAPI_error_init == 0) {
+    if (error_loaded) {
 #ifndef OPENSSL_NO_ERR
-        ERR_unload_strings(CAPI_lib_error_code, CAPI_str_functs);
-        ERR_unload_strings(CAPI_lib_error_code, CAPI_str_reasons);
-#endif
-
-#ifdef CAPI_LIB_NAME
-        ERR_unload_strings(0, CAPI_lib_name);
+        ERR_unload_strings(lib_code, CAPI_str_functs);
+        ERR_unload_strings(lib_code, CAPI_str_reasons);
 #endif
-        CAPI_error_init = 1;
+        error_loaded = 0;
     }
 }
 
 static void ERR_CAPI_error(int function, int reason, char *file, int line)
 {
-    if (CAPI_lib_error_code == 0)
-        CAPI_lib_error_code = ERR_get_next_error_library();
-    ERR_PUT_error(CAPI_lib_error_code, function, reason, file, line);
+    if (lib_code == 0)
+        lib_code = ERR_get_next_error_library();
+    ERR_PUT_error(lib_code, function, reason, file, line);
 }
diff --git a/freebsd/crypto/openssl/engines/e_capi_err.h b/freebsd/crypto/openssl/engines/e_capi_err.h
index b5d06dce..e034c98c 100644
--- a/freebsd/crypto/openssl/engines/e_capi_err.h
+++ b/freebsd/crypto/openssl/engines/e_capi_err.h
@@ -1,77 +1,22 @@
-/* ====================================================================
- * Copyright (c) 2001-2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#ifndef HEADER_CAPI_ERR_H
-# define HEADER_CAPI_ERR_H
+#ifndef HEADER_CAPIERR_H
+# define HEADER_CAPIERR_H
+
+# define CAPIerr(f, r) ERR_CAPI_error((f), (r), OPENSSL_FILE, OPENSSL_LINE)
 
-#ifdef  __cplusplus
-extern "C" {
-#endif
 
-/* BEGIN ERROR CODES */
 /*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
+ * CAPI function codes.
  */
-static void ERR_load_CAPI_strings(void);
-static void ERR_unload_CAPI_strings(void);
-static void ERR_CAPI_error(int function, int reason, char *file, int line);
-# define CAPIerr(f,r) ERR_CAPI_error((f),(r),__FILE__,__LINE__)
-
-/* Error codes for the CAPI functions. */
-
-/* Function codes. */
 # define CAPI_F_CAPI_CERT_GET_FNAME                       99
 # define CAPI_F_CAPI_CTRL                                 100
 # define CAPI_F_CAPI_CTX_NEW                              101
@@ -88,42 +33,43 @@ static void ERR_CAPI_error(int function, int reason, char *file, int line);
 # define CAPI_F_CAPI_RSA_PRIV_DEC                         110
 # define CAPI_F_CAPI_RSA_PRIV_ENC                         111
 # define CAPI_F_CAPI_RSA_SIGN                             112
+# define CAPI_F_CAPI_VTRACE                               118
 # define CAPI_F_CERT_SELECT_DIALOG                        117
 # define CAPI_F_CLIENT_CERT_SELECT                        116
 # define CAPI_F_WIDE_TO_ASC                               113
 
-/* Reason codes. */
-# define CAPI_R_CANT_CREATE_HASH_OBJECT                   99
-# define CAPI_R_CANT_FIND_CAPI_CONTEXT                    100
-# define CAPI_R_CANT_GET_KEY                              101
-# define CAPI_R_CANT_SET_HASH_VALUE                       102
-# define CAPI_R_CRYPTACQUIRECONTEXT_ERROR                 103
-# define CAPI_R_CRYPTENUMPROVIDERS_ERROR                  104
-# define CAPI_R_DECRYPT_ERROR                             105
-# define CAPI_R_ENGINE_NOT_INITIALIZED                    106
-# define CAPI_R_ENUMCONTAINERS_ERROR                      107
-# define CAPI_R_ERROR_ADDING_CERT                         125
-# define CAPI_R_ERROR_CREATING_STORE                      126
-# define CAPI_R_ERROR_GETTING_FRIENDLY_NAME               108
-# define CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO           109
-# define CAPI_R_ERROR_OPENING_STORE                       110
-# define CAPI_R_ERROR_SIGNING_HASH                        111
-# define CAPI_R_FUNCTION_NOT_SUPPORTED                    112
-# define CAPI_R_GETUSERKEY_ERROR                          113
-# define CAPI_R_INVALID_DIGEST_LENGTH                     124
-# define CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER  122
-# define CAPI_R_INVALID_LOOKUP_METHOD                     114
-# define CAPI_R_INVALID_PUBLIC_KEY_BLOB                   115
-# define CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER  123
-# define CAPI_R_PUBKEY_EXPORT_ERROR                       116
-# define CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR                117
-# define CAPI_R_UNKNOWN_COMMAND                           118
-# define CAPI_R_UNSUPPORTED_ALGORITHM_NID                 119
-# define CAPI_R_UNSUPPORTED_PADDING                       120
-# define CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM          121
-# define CAPI_R_WIN32_ERROR                               127
+/*
+ * CAPI reason codes.
+ */
+# define CAPI_R_CANT_CREATE_HASH_OBJECT                   100
+# define CAPI_R_CANT_FIND_CAPI_CONTEXT                    101
+# define CAPI_R_CANT_GET_KEY                              102
+# define CAPI_R_CANT_SET_HASH_VALUE                       103
+# define CAPI_R_CRYPTACQUIRECONTEXT_ERROR                 104
+# define CAPI_R_CRYPTENUMPROVIDERS_ERROR                  105
+# define CAPI_R_DECRYPT_ERROR                             106
+# define CAPI_R_ENGINE_NOT_INITIALIZED                    107
+# define CAPI_R_ENUMCONTAINERS_ERROR                      108
+# define CAPI_R_ERROR_ADDING_CERT                         109
+# define CAPI_R_ERROR_CREATING_STORE                      110
+# define CAPI_R_ERROR_GETTING_FRIENDLY_NAME               111
+# define CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO           112
+# define CAPI_R_ERROR_OPENING_STORE                       113
+# define CAPI_R_ERROR_SIGNING_HASH                        114
+# define CAPI_R_FILE_OPEN_ERROR                           115
+# define CAPI_R_FUNCTION_NOT_SUPPORTED                    116
+# define CAPI_R_GETUSERKEY_ERROR                          117
+# define CAPI_R_INVALID_DIGEST_LENGTH                     118
+# define CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER  119
+# define CAPI_R_INVALID_LOOKUP_METHOD                     120
+# define CAPI_R_INVALID_PUBLIC_KEY_BLOB                   121
+# define CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER  122
+# define CAPI_R_PUBKEY_EXPORT_ERROR                       123
+# define CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR                124
+# define CAPI_R_UNKNOWN_COMMAND                           125
+# define CAPI_R_UNSUPPORTED_ALGORITHM_NID                 126
+# define CAPI_R_UNSUPPORTED_PADDING                       127
+# define CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM          128
+# define CAPI_R_WIN32_ERROR                               129
 
-#ifdef  __cplusplus
-}
-#endif
 #endif
diff --git a/freebsd/crypto/openssl/engines/e_chil.c b/freebsd/crypto/openssl/engines/e_chil.c
deleted file mode 100644
index 940fe379..00000000
--- a/freebsd/crypto/openssl/engines/e_chil.c
+++ /dev/null
@@ -1,1368 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/engine/e_chil.c */
-/*
- * Written by Richard Levitte (richard@levitte.org), Geoff Thorpe
- * (geoff@geoffthorpe.net) and Dr Stephen N Henson (steve@openssl.org) for
- * the OpenSSL project 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/pem.h>
-#include <openssl/dso.h>
-#include <openssl/engine.h>
-#include <openssl/ui.h>
-#include <openssl/rand.h>
-#ifndef OPENSSL_NO_RSA
-# include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-# include <openssl/dh.h>
-#endif
-#include <openssl/bn.h>
-
-#ifndef OPENSSL_NO_HW
-# ifndef OPENSSL_NO_HW_CHIL
-
-/*-
- * Attribution notice: nCipher have said several times that it's OK for
- * us to implement a general interface to their boxes, and recently declared
- * their HWCryptoHook to be public, and therefore available for us to use.
- * Thanks, nCipher.
- *
- * The hwcryptohook.h included here is from May 2000.
- * [Richard Levitte]
- */
-#  ifdef FLAT_INC
-#   include "hwcryptohook.h"
-#  else
-#   include "vendor_defns/hwcryptohook.h"
-#  endif
-
-#  define HWCRHK_LIB_NAME "CHIL engine"
-#  include "e_chil_err.c"
-
-static int hwcrhk_destroy(ENGINE *e);
-static int hwcrhk_init(ENGINE *e);
-static int hwcrhk_finish(ENGINE *e);
-static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void));
-
-/* Functions to handle mutexes */
-static int hwcrhk_mutex_init(HWCryptoHook_Mutex *,
-                             HWCryptoHook_CallerContext *);
-static int hwcrhk_mutex_lock(HWCryptoHook_Mutex *);
-static void hwcrhk_mutex_unlock(HWCryptoHook_Mutex *);
-static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex *);
-
-/* BIGNUM stuff */
-static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                          const BIGNUM *m, BN_CTX *ctx);
-
-#  ifndef OPENSSL_NO_RSA
-/* RSA stuff */
-static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa,
-                              BN_CTX *ctx);
-/* This function is aliased to mod_exp (with the mont stuff dropped). */
-static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                               const BIGNUM *m, BN_CTX *ctx,
-                               BN_MONT_CTX *m_ctx);
-static int hwcrhk_rsa_finish(RSA *rsa);
-#  endif
-
-#  ifndef OPENSSL_NO_DH
-/* DH stuff */
-/* This function is alised to mod_exp (with the DH and mont dropped). */
-static int hwcrhk_mod_exp_dh(const DH *dh, BIGNUM *r,
-                             const BIGNUM *a, const BIGNUM *p,
-                             const BIGNUM *m, BN_CTX *ctx,
-                             BN_MONT_CTX *m_ctx);
-#  endif
-
-/* RAND stuff */
-static int hwcrhk_rand_bytes(unsigned char *buf, int num);
-static int hwcrhk_rand_status(void);
-
-/* KM stuff */
-static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
-                                     UI_METHOD *ui_method,
-                                     void *callback_data);
-static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
-                                    UI_METHOD *ui_method,
-                                    void *callback_data);
-
-/* Interaction stuff */
-static int hwcrhk_insert_card(const char *prompt_info,
-                              const char *wrong_info,
-                              HWCryptoHook_PassphraseContext * ppctx,
-                              HWCryptoHook_CallerContext * cactx);
-static int hwcrhk_get_pass(const char *prompt_info,
-                           int *len_io, char *buf,
-                           HWCryptoHook_PassphraseContext * ppctx,
-                           HWCryptoHook_CallerContext * cactx);
-static void hwcrhk_log_message(void *logstr, const char *message);
-
-/* The definitions for control commands specific to this engine */
-#  define HWCRHK_CMD_SO_PATH              ENGINE_CMD_BASE
-#  define HWCRHK_CMD_FORK_CHECK           (ENGINE_CMD_BASE + 1)
-#  define HWCRHK_CMD_THREAD_LOCKING       (ENGINE_CMD_BASE + 2)
-#  define HWCRHK_CMD_SET_USER_INTERFACE   (ENGINE_CMD_BASE + 3)
-#  define HWCRHK_CMD_SET_CALLBACK_DATA    (ENGINE_CMD_BASE + 4)
-static const ENGINE_CMD_DEFN hwcrhk_cmd_defns[] = {
-    {HWCRHK_CMD_SO_PATH,
-     "SO_PATH",
-     "Specifies the path to the 'hwcrhk' shared library",
-     ENGINE_CMD_FLAG_STRING},
-    {HWCRHK_CMD_FORK_CHECK,
-     "FORK_CHECK",
-     "Turns fork() checking on (non-zero) or off (zero)",
-     ENGINE_CMD_FLAG_NUMERIC},
-    {HWCRHK_CMD_THREAD_LOCKING,
-     "THREAD_LOCKING",
-     "Turns thread-safe locking on (zero) or off (non-zero)",
-     ENGINE_CMD_FLAG_NUMERIC},
-    {HWCRHK_CMD_SET_USER_INTERFACE,
-     "SET_USER_INTERFACE",
-     "Set the global user interface (internal)",
-     ENGINE_CMD_FLAG_INTERNAL},
-    {HWCRHK_CMD_SET_CALLBACK_DATA,
-     "SET_CALLBACK_DATA",
-     "Set the global user interface extra data (internal)",
-     ENGINE_CMD_FLAG_INTERNAL},
-    {0, NULL, NULL, 0}
-};
-
-#  ifndef OPENSSL_NO_RSA
-/* Our internal RSA_METHOD that we provide pointers to */
-static RSA_METHOD hwcrhk_rsa = {
-    "CHIL RSA method",
-    NULL,
-    NULL,
-    NULL,
-    NULL,
-    hwcrhk_rsa_mod_exp,
-    hwcrhk_mod_exp_mont,
-    NULL,
-    hwcrhk_rsa_finish,
-    0,
-    NULL,
-    NULL,
-    NULL,
-    NULL
-};
-#  endif
-
-#  ifndef OPENSSL_NO_DH
-/* Our internal DH_METHOD that we provide pointers to */
-static DH_METHOD hwcrhk_dh = {
-    "CHIL DH method",
-    NULL,
-    NULL,
-    hwcrhk_mod_exp_dh,
-    NULL,
-    NULL,
-    0,
-    NULL,
-    NULL
-};
-#  endif
-
-static RAND_METHOD hwcrhk_rand = {
-    /* "CHIL RAND method", */
-    NULL,
-    hwcrhk_rand_bytes,
-    NULL,
-    NULL,
-    hwcrhk_rand_bytes,
-    hwcrhk_rand_status,
-};
-
-/* Constants used when creating the ENGINE */
-static const char *engine_hwcrhk_id = "chil";
-static const char *engine_hwcrhk_name = "CHIL hardware engine support";
-#  ifndef OPENSSL_NO_DYNAMIC_ENGINE
-/* Compatibility hack, the dynamic library uses this form in the path */
-static const char *engine_hwcrhk_id_alt = "ncipher";
-#  endif
-
-/* Internal stuff for HWCryptoHook */
-
-/* Some structures needed for proper use of thread locks */
-/*
- * hwcryptohook.h has some typedefs that turn struct HWCryptoHook_MutexValue
- * into HWCryptoHook_Mutex
- */
-struct HWCryptoHook_MutexValue {
-    int lockid;
-};
-
-/*
- * hwcryptohook.h has some typedefs that turn struct
- * HWCryptoHook_PassphraseContextValue into HWCryptoHook_PassphraseContext
- */
-struct HWCryptoHook_PassphraseContextValue {
-    UI_METHOD *ui_method;
-    void *callback_data;
-};
-
-/*
- * hwcryptohook.h has some typedefs that turn struct
- * HWCryptoHook_CallerContextValue into HWCryptoHook_CallerContext
- */
-struct HWCryptoHook_CallerContextValue {
-    pem_password_cb *password_callback; /* Deprecated! Only present for
-                                         * backward compatibility! */
-    UI_METHOD *ui_method;
-    void *callback_data;
-};
-
-/*
- * The MPI structure in HWCryptoHook is pretty compatible with OpenSSL
- * BIGNUM's, so lets define a couple of conversion macros
- */
-#  define BN2MPI(mp, bn) \
-    {mp.size = bn->top * sizeof(BN_ULONG); mp.buf = (unsigned char *)bn->d;}
-#  define MPI2BN(bn, mp) \
-    {mp.size = bn->dmax * sizeof(BN_ULONG); mp.buf = (unsigned char *)bn->d;}
-
-static BIO *logstream = NULL;
-static int disable_mutex_callbacks = 0;
-
-/*
- * One might wonder why these are needed, since one can pass down at least a
- * UI_METHOD and a pointer to callback data to the key-loading functions. The
- * thing is that the ModExp and RSAImmed functions can load keys as well, if
- * the data they get is in a special, nCipher-defined format (hint: if you
- * look at the private exponent of the RSA data as a string, you'll see this
- * string: "nCipher KM tool key id", followed by some bytes, followed a key
- * identity string, followed by more bytes.  This happens when you use
- * "embed" keys instead of "hwcrhk" keys).  Unfortunately, those functions do
- * not take any passphrase or caller context, and our functions can't really
- * take any callback data either.  Still, the "insert_card" and
- * "get_passphrase" callbacks may be called down the line, and will need to
- * know what user interface callbacks to call, and having callback data from
- * the application may be a nice thing as well, so we need to keep track of
- * that globally.
- */
-static HWCryptoHook_CallerContext password_context = { NULL, NULL, NULL };
-
-/* Stuff to pass to the HWCryptoHook library */
-static HWCryptoHook_InitInfo hwcrhk_globals = {
-    HWCryptoHook_InitFlags_SimpleForkCheck, /* Flags */
-    &logstream,                 /* logstream */
-    sizeof(BN_ULONG),           /* limbsize */
-    0,                          /* mslimb first: false for BNs */
-    -1,                         /* msbyte first: use native */
-    0,                          /* Max mutexes, 0 = no small limit */
-    0,                          /* Max simultaneous, 0 = default */
-
-    /*
-     * The next few are mutex stuff: we write wrapper functions around the OS
-     * mutex functions.  We initialise them to 0 here, and change that to
-     * actual function pointers in hwcrhk_init() if dynamic locks are
-     * supported (that is, if the application programmer has made sure of
-     * setting up callbacks bafore starting this engine) *and* if
-     * disable_mutex_callbacks hasn't been set by a call to
-     * ENGINE_ctrl(ENGINE_CTRL_CHIL_NO_LOCKING).
-     */
-    sizeof(HWCryptoHook_Mutex),
-    0,
-    0,
-    0,
-    0,
-
-    /*
-     * The next few are condvar stuff: we write wrapper functions round the
-     * OS functions.  Currently not implemented and not and absolute
-     * necessity even in threaded programs, therefore 0'ed.  Will hopefully
-     * be implemented some day, since it enhances the efficiency of
-     * HWCryptoHook.
-     */
-    0,                          /* sizeof(HWCryptoHook_CondVar), */
-    0,                          /* hwcrhk_cv_init, */
-    0,                          /* hwcrhk_cv_wait, */
-    0,                          /* hwcrhk_cv_signal, */
-    0,                          /* hwcrhk_cv_broadcast, */
-    0,                          /* hwcrhk_cv_destroy, */
-
-    hwcrhk_get_pass,            /* pass phrase */
-    hwcrhk_insert_card,         /* insert a card */
-    hwcrhk_log_message          /* Log message */
-};
-
-/* Now, to our own code */
-
-/*
- * This internal function is used by ENGINE_chil() and possibly by the
- * "dynamic" ENGINE support too
- */
-static int bind_helper(ENGINE *e)
-{
-#  ifndef OPENSSL_NO_RSA
-    const RSA_METHOD *meth1;
-#  endif
-#  ifndef OPENSSL_NO_DH
-    const DH_METHOD *meth2;
-#  endif
-    if (!ENGINE_set_id(e, engine_hwcrhk_id) ||
-        !ENGINE_set_name(e, engine_hwcrhk_name) ||
-#  ifndef OPENSSL_NO_RSA
-        !ENGINE_set_RSA(e, &hwcrhk_rsa) ||
-#  endif
-#  ifndef OPENSSL_NO_DH
-        !ENGINE_set_DH(e, &hwcrhk_dh) ||
-#  endif
-        !ENGINE_set_RAND(e, &hwcrhk_rand) ||
-        !ENGINE_set_destroy_function(e, hwcrhk_destroy) ||
-        !ENGINE_set_init_function(e, hwcrhk_init) ||
-        !ENGINE_set_finish_function(e, hwcrhk_finish) ||
-        !ENGINE_set_ctrl_function(e, hwcrhk_ctrl) ||
-        !ENGINE_set_load_privkey_function(e, hwcrhk_load_privkey) ||
-        !ENGINE_set_load_pubkey_function(e, hwcrhk_load_pubkey) ||
-        !ENGINE_set_cmd_defns(e, hwcrhk_cmd_defns))
-        return 0;
-
-#  ifndef OPENSSL_NO_RSA
-    /*
-     * We know that the "PKCS1_SSLeay()" functions hook properly to the
-     * cswift-specific mod_exp and mod_exp_crt so we use those functions. NB:
-     * We don't use ENGINE_openssl() or anything "more generic" because
-     * something like the RSAref code may not hook properly, and if you own
-     * one of these cards then you have the right to do RSA operations on it
-     * anyway!
-     */
-    meth1 = RSA_PKCS1_SSLeay();
-    hwcrhk_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
-    hwcrhk_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
-    hwcrhk_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
-    hwcrhk_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
-#  endif
-
-#  ifndef OPENSSL_NO_DH
-    /* Much the same for Diffie-Hellman */
-    meth2 = DH_OpenSSL();
-    hwcrhk_dh.generate_key = meth2->generate_key;
-    hwcrhk_dh.compute_key = meth2->compute_key;
-#  endif
-
-    /* Ensure the hwcrhk error handling is set up */
-    ERR_load_HWCRHK_strings();
-    return 1;
-}
-
-#  ifdef OPENSSL_NO_DYNAMIC_ENGINE
-static ENGINE *engine_chil(void)
-{
-    ENGINE *ret = ENGINE_new();
-    if (!ret)
-        return NULL;
-    if (!bind_helper(ret)) {
-        ENGINE_free(ret);
-        return NULL;
-    }
-    return ret;
-}
-
-void ENGINE_load_chil(void)
-{
-    /* Copied from eng_[openssl|dyn].c */
-    ENGINE *toadd = engine_chil();
-    if (!toadd)
-        return;
-    ENGINE_add(toadd);
-    ENGINE_free(toadd);
-    ERR_clear_error();
-}
-#  endif
-
-/*
- * This is a process-global DSO handle used for loading and unloading the
- * HWCryptoHook library. NB: This is only set (or unset) during an init() or
- * finish() call (reference counts permitting) and they're operating with
- * global locks, so this should be thread-safe implicitly.
- */
-static DSO *hwcrhk_dso = NULL;
-static HWCryptoHook_ContextHandle hwcrhk_context = 0;
-#  ifndef OPENSSL_NO_RSA
-/* Index for KM handle.  Not really used yet. */
-static int hndidx_rsa = -1;
-#  endif
-
-/*
- * These are the function pointers that are (un)set when the library has
- * successfully (un)loaded.
- */
-static HWCryptoHook_Init_t *p_hwcrhk_Init = NULL;
-static HWCryptoHook_Finish_t *p_hwcrhk_Finish = NULL;
-static HWCryptoHook_ModExp_t *p_hwcrhk_ModExp = NULL;
-#  ifndef OPENSSL_NO_RSA
-static HWCryptoHook_RSA_t *p_hwcrhk_RSA = NULL;
-#  endif
-static HWCryptoHook_RandomBytes_t *p_hwcrhk_RandomBytes = NULL;
-#  ifndef OPENSSL_NO_RSA
-static HWCryptoHook_RSALoadKey_t *p_hwcrhk_RSALoadKey = NULL;
-static HWCryptoHook_RSAGetPublicKey_t *p_hwcrhk_RSAGetPublicKey = NULL;
-static HWCryptoHook_RSAUnloadKey_t *p_hwcrhk_RSAUnloadKey = NULL;
-#  endif
-static HWCryptoHook_ModExpCRT_t *p_hwcrhk_ModExpCRT = NULL;
-
-/* Used in the DSO operations. */
-static const char *HWCRHK_LIBNAME = NULL;
-static void free_HWCRHK_LIBNAME(void)
-{
-    if (HWCRHK_LIBNAME)
-        OPENSSL_free((void *)HWCRHK_LIBNAME);
-    HWCRHK_LIBNAME = NULL;
-}
-
-static const char *get_HWCRHK_LIBNAME(void)
-{
-    if (HWCRHK_LIBNAME)
-        return HWCRHK_LIBNAME;
-    return "nfhwcrhk";
-}
-
-static long set_HWCRHK_LIBNAME(const char *name)
-{
-    free_HWCRHK_LIBNAME();
-    return (((HWCRHK_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
-}
-
-static const char *n_hwcrhk_Init = "HWCryptoHook_Init";
-static const char *n_hwcrhk_Finish = "HWCryptoHook_Finish";
-static const char *n_hwcrhk_ModExp = "HWCryptoHook_ModExp";
-#  ifndef OPENSSL_NO_RSA
-static const char *n_hwcrhk_RSA = "HWCryptoHook_RSA";
-#  endif
-static const char *n_hwcrhk_RandomBytes = "HWCryptoHook_RandomBytes";
-#  ifndef OPENSSL_NO_RSA
-static const char *n_hwcrhk_RSALoadKey = "HWCryptoHook_RSALoadKey";
-static const char *n_hwcrhk_RSAGetPublicKey = "HWCryptoHook_RSAGetPublicKey";
-static const char *n_hwcrhk_RSAUnloadKey = "HWCryptoHook_RSAUnloadKey";
-#  endif
-static const char *n_hwcrhk_ModExpCRT = "HWCryptoHook_ModExpCRT";
-
-/*
- * HWCryptoHook library functions and mechanics - these are used by the
- * higher-level functions further down. NB: As and where there's no error
- * checking, take a look lower down where these functions are called, the
- * checking and error handling is probably down there.
- */
-
-/* utility function to obtain a context */
-static int get_context(HWCryptoHook_ContextHandle * hac,
-                       HWCryptoHook_CallerContext * cac)
-{
-    char tempbuf[1024];
-    HWCryptoHook_ErrMsgBuf rmsg;
-
-    rmsg.buf = tempbuf;
-    rmsg.size = sizeof(tempbuf);
-
-    *hac = p_hwcrhk_Init(&hwcrhk_globals, sizeof(hwcrhk_globals), &rmsg, cac);
-    if (!*hac)
-        return 0;
-    return 1;
-}
-
-/* similarly to release one. */
-static void release_context(HWCryptoHook_ContextHandle hac)
-{
-    p_hwcrhk_Finish(hac);
-}
-
-/* Destructor (complements the "ENGINE_chil()" constructor) */
-static int hwcrhk_destroy(ENGINE *e)
-{
-    free_HWCRHK_LIBNAME();
-    ERR_unload_HWCRHK_strings();
-    return 1;
-}
-
-/* (de)initialisation functions. */
-static int hwcrhk_init(ENGINE *e)
-{
-    HWCryptoHook_Init_t *p1;
-    HWCryptoHook_Finish_t *p2;
-    HWCryptoHook_ModExp_t *p3;
-#  ifndef OPENSSL_NO_RSA
-    HWCryptoHook_RSA_t *p4;
-    HWCryptoHook_RSALoadKey_t *p5;
-    HWCryptoHook_RSAGetPublicKey_t *p6;
-    HWCryptoHook_RSAUnloadKey_t *p7;
-#  endif
-    HWCryptoHook_RandomBytes_t *p8;
-    HWCryptoHook_ModExpCRT_t *p9;
-
-    if (hwcrhk_dso != NULL) {
-        HWCRHKerr(HWCRHK_F_HWCRHK_INIT, HWCRHK_R_ALREADY_LOADED);
-        goto err;
-    }
-    /* Attempt to load libnfhwcrhk.so/nfhwcrhk.dll/whatever. */
-    hwcrhk_dso = DSO_load(NULL, get_HWCRHK_LIBNAME(), NULL, 0);
-    if (hwcrhk_dso == NULL) {
-        HWCRHKerr(HWCRHK_F_HWCRHK_INIT, HWCRHK_R_DSO_FAILURE);
-        goto err;
-    }
-    if (!(p1 = (HWCryptoHook_Init_t *)
-          DSO_bind_func(hwcrhk_dso, n_hwcrhk_Init)) ||
-        !(p2 = (HWCryptoHook_Finish_t *)
-          DSO_bind_func(hwcrhk_dso, n_hwcrhk_Finish)) ||
-        !(p3 = (HWCryptoHook_ModExp_t *)
-          DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExp)) ||
-#  ifndef OPENSSL_NO_RSA
-        !(p4 = (HWCryptoHook_RSA_t *)
-          DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSA)) ||
-        !(p5 = (HWCryptoHook_RSALoadKey_t *)
-          DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSALoadKey)) ||
-        !(p6 = (HWCryptoHook_RSAGetPublicKey_t *)
-          DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAGetPublicKey)) ||
-        !(p7 = (HWCryptoHook_RSAUnloadKey_t *)
-          DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAUnloadKey)) ||
-#  endif
-        !(p8 = (HWCryptoHook_RandomBytes_t *)
-          DSO_bind_func(hwcrhk_dso, n_hwcrhk_RandomBytes)) ||
-        !(p9 = (HWCryptoHook_ModExpCRT_t *)
-          DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExpCRT))) {
-        HWCRHKerr(HWCRHK_F_HWCRHK_INIT, HWCRHK_R_DSO_FAILURE);
-        goto err;
-    }
-    /* Copy the pointers */
-    p_hwcrhk_Init = p1;
-    p_hwcrhk_Finish = p2;
-    p_hwcrhk_ModExp = p3;
-#  ifndef OPENSSL_NO_RSA
-    p_hwcrhk_RSA = p4;
-    p_hwcrhk_RSALoadKey = p5;
-    p_hwcrhk_RSAGetPublicKey = p6;
-    p_hwcrhk_RSAUnloadKey = p7;
-#  endif
-    p_hwcrhk_RandomBytes = p8;
-    p_hwcrhk_ModExpCRT = p9;
-
-    /*
-     * Check if the application decided to support dynamic locks, and if it
-     * does, use them.
-     */
-    if (disable_mutex_callbacks == 0) {
-        if (CRYPTO_get_dynlock_create_callback() != NULL &&
-            CRYPTO_get_dynlock_lock_callback() != NULL &&
-            CRYPTO_get_dynlock_destroy_callback() != NULL) {
-            hwcrhk_globals.mutex_init = hwcrhk_mutex_init;
-            hwcrhk_globals.mutex_acquire = hwcrhk_mutex_lock;
-            hwcrhk_globals.mutex_release = hwcrhk_mutex_unlock;
-            hwcrhk_globals.mutex_destroy = hwcrhk_mutex_destroy;
-        }
-    }
-
-    /*
-     * Try and get a context - if not, we may have a DSO but no accelerator!
-     */
-    if (!get_context(&hwcrhk_context, &password_context)) {
-        HWCRHKerr(HWCRHK_F_HWCRHK_INIT, HWCRHK_R_UNIT_FAILURE);
-        goto err;
-    }
-    /* Everything's fine. */
-#  ifndef OPENSSL_NO_RSA
-    if (hndidx_rsa == -1)
-        hndidx_rsa = RSA_get_ex_new_index(0,
-                                          "nFast HWCryptoHook RSA key handle",
-                                          NULL, NULL, NULL);
-#  endif
-    return 1;
- err:
-    if (hwcrhk_dso)
-        DSO_free(hwcrhk_dso);
-    hwcrhk_dso = NULL;
-    p_hwcrhk_Init = NULL;
-    p_hwcrhk_Finish = NULL;
-    p_hwcrhk_ModExp = NULL;
-#  ifndef OPENSSL_NO_RSA
-    p_hwcrhk_RSA = NULL;
-    p_hwcrhk_RSALoadKey = NULL;
-    p_hwcrhk_RSAGetPublicKey = NULL;
-    p_hwcrhk_RSAUnloadKey = NULL;
-#  endif
-    p_hwcrhk_ModExpCRT = NULL;
-    p_hwcrhk_RandomBytes = NULL;
-    return 0;
-}
-
-static int hwcrhk_finish(ENGINE *e)
-{
-    int to_return = 1;
-    free_HWCRHK_LIBNAME();
-    if (hwcrhk_dso == NULL) {
-        HWCRHKerr(HWCRHK_F_HWCRHK_FINISH, HWCRHK_R_NOT_LOADED);
-        to_return = 0;
-        goto err;
-    }
-    release_context(hwcrhk_context);
-    if (!DSO_free(hwcrhk_dso)) {
-        HWCRHKerr(HWCRHK_F_HWCRHK_FINISH, HWCRHK_R_DSO_FAILURE);
-        to_return = 0;
-        goto err;
-    }
- err:
-    if (logstream)
-        BIO_free(logstream);
-    hwcrhk_dso = NULL;
-    p_hwcrhk_Init = NULL;
-    p_hwcrhk_Finish = NULL;
-    p_hwcrhk_ModExp = NULL;
-#  ifndef OPENSSL_NO_RSA
-    p_hwcrhk_RSA = NULL;
-    p_hwcrhk_RSALoadKey = NULL;
-    p_hwcrhk_RSAGetPublicKey = NULL;
-    p_hwcrhk_RSAUnloadKey = NULL;
-#  endif
-    p_hwcrhk_ModExpCRT = NULL;
-    p_hwcrhk_RandomBytes = NULL;
-    return to_return;
-}
-
-static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
-{
-    int to_return = 1;
-
-    switch (cmd) {
-    case HWCRHK_CMD_SO_PATH:
-        if (hwcrhk_dso) {
-            HWCRHKerr(HWCRHK_F_HWCRHK_CTRL, HWCRHK_R_ALREADY_LOADED);
-            return 0;
-        }
-        if (p == NULL) {
-            HWCRHKerr(HWCRHK_F_HWCRHK_CTRL, ERR_R_PASSED_NULL_PARAMETER);
-            return 0;
-        }
-        return set_HWCRHK_LIBNAME((const char *)p);
-    case ENGINE_CTRL_SET_LOGSTREAM:
-        {
-            BIO *bio = (BIO *)p;
-
-            CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-            if (logstream) {
-                BIO_free(logstream);
-                logstream = NULL;
-            }
-            if (CRYPTO_add(&bio->references, 1, CRYPTO_LOCK_BIO) > 1)
-                logstream = bio;
-            else
-                HWCRHKerr(HWCRHK_F_HWCRHK_CTRL, HWCRHK_R_BIO_WAS_FREED);
-        }
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        break;
-    case ENGINE_CTRL_SET_PASSWORD_CALLBACK:
-        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-        password_context.password_callback = (pem_password_cb *)f;
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        break;
-    case ENGINE_CTRL_SET_USER_INTERFACE:
-    case HWCRHK_CMD_SET_USER_INTERFACE:
-        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-        password_context.ui_method = (UI_METHOD *)p;
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        break;
-    case ENGINE_CTRL_SET_CALLBACK_DATA:
-    case HWCRHK_CMD_SET_CALLBACK_DATA:
-        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-        password_context.callback_data = p;
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        break;
-        /*
-         * this enables or disables the "SimpleForkCheck" flag used in the
-         * initialisation structure.
-         */
-    case ENGINE_CTRL_CHIL_SET_FORKCHECK:
-    case HWCRHK_CMD_FORK_CHECK:
-        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-        if (i)
-            hwcrhk_globals.flags |= HWCryptoHook_InitFlags_SimpleForkCheck;
-        else
-            hwcrhk_globals.flags &= ~HWCryptoHook_InitFlags_SimpleForkCheck;
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        break;
-        /*
-         * This will prevent the initialisation function from "installing"
-         * the mutex-handling callbacks, even if they are available from
-         * within the library (or were provided to the library from the
-         * calling application). This is to remove any baggage for
-         * applications not using multithreading.
-         */
-    case ENGINE_CTRL_CHIL_NO_LOCKING:
-        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-        disable_mutex_callbacks = 1;
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        break;
-    case HWCRHK_CMD_THREAD_LOCKING:
-        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-        disable_mutex_callbacks = ((i == 0) ? 0 : 1);
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        break;
-
-        /* The command isn't understood by this engine */
-    default:
-        HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,
-                  HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);
-        to_return = 0;
-        break;
-    }
-
-    return to_return;
-}
-
-static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
-                                     UI_METHOD *ui_method,
-                                     void *callback_data)
-{
-#  ifndef OPENSSL_NO_RSA
-    RSA *rtmp = NULL;
-#  endif
-    EVP_PKEY *res = NULL;
-#  ifndef OPENSSL_NO_RSA
-    HWCryptoHook_MPI e, n;
-    HWCryptoHook_RSAKeyHandle *hptr;
-#  endif
-#  if !defined(OPENSSL_NO_RSA)
-    char tempbuf[1024];
-    HWCryptoHook_ErrMsgBuf rmsg;
-    HWCryptoHook_PassphraseContext ppctx;
-#  endif
-
-#  if !defined(OPENSSL_NO_RSA)
-    rmsg.buf = tempbuf;
-    rmsg.size = sizeof(tempbuf);
-#  endif
-
-    if (!hwcrhk_context) {
-        HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_NOT_INITIALISED);
-        goto err;
-    }
-#  ifndef OPENSSL_NO_RSA
-    hptr = OPENSSL_malloc(sizeof(HWCryptoHook_RSAKeyHandle));
-    if (!hptr) {
-        HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-    ppctx.ui_method = ui_method;
-    ppctx.callback_data = callback_data;
-    if (p_hwcrhk_RSALoadKey(hwcrhk_context, key_id, hptr, &rmsg, &ppctx)) {
-        HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_CHIL_ERROR);
-        ERR_add_error_data(1, rmsg.buf);
-        goto err;
-    }
-    if (!*hptr) {
-        HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_NO_KEY);
-        goto err;
-    }
-#  endif
-#  ifndef OPENSSL_NO_RSA
-    rtmp = RSA_new_method(eng);
-    if (rtmp == NULL) {
-        HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-    RSA_set_ex_data(rtmp, hndidx_rsa, (char *)hptr);
-    rtmp->e = BN_new();
-    rtmp->n = BN_new();
-    if (rtmp->e == NULL || rtmp->n == NULL) {
-        HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-    rtmp->flags |= RSA_FLAG_EXT_PKEY;
-    MPI2BN(rtmp->e, e);
-    MPI2BN(rtmp->n, n);
-    if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg)
-        != HWCRYPTOHOOK_ERROR_MPISIZE) {
-        HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_CHIL_ERROR);
-        ERR_add_error_data(1, rmsg.buf);
-        goto err;
-    }
-
-    if (bn_expand2(rtmp->e, e.size / sizeof(BN_ULONG)) == NULL) {
-        HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-    if (bn_expand2(rtmp->n, n.size / sizeof(BN_ULONG)) == NULL) {
-        HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-    MPI2BN(rtmp->e, e);
-    MPI2BN(rtmp->n, n);
-
-    if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg)) {
-        HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_CHIL_ERROR);
-        ERR_add_error_data(1, rmsg.buf);
-        goto err;
-    }
-    rtmp->e->top = e.size / sizeof(BN_ULONG);
-    bn_fix_top(rtmp->e);
-    rtmp->n->top = n.size / sizeof(BN_ULONG);
-    bn_fix_top(rtmp->n);
-
-    res = EVP_PKEY_new();
-    if (res == NULL) {
-        HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_CHIL_ERROR);
-        goto err;
-    }
-    EVP_PKEY_assign_RSA(res, rtmp);
-#  endif
-
-    if (!res)
-        HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
-                  HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED);
-
-    return res;
- err:
-#  ifndef OPENSSL_NO_RSA
-    if (rtmp)
-        RSA_free(rtmp);
-#  endif
-    return NULL;
-}
-
-static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
-                                    UI_METHOD *ui_method, void *callback_data)
-{
-    EVP_PKEY *res = NULL;
-
-#  ifndef OPENSSL_NO_RSA
-    res = hwcrhk_load_privkey(eng, key_id, ui_method, callback_data);
-#  endif
-
-    if (res)
-        switch (res->type) {
-#  ifndef OPENSSL_NO_RSA
-        case EVP_PKEY_RSA:
-            {
-                RSA *rsa = NULL;
-
-                CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY);
-                rsa = res->pkey.rsa;
-                res->pkey.rsa = RSA_new();
-                res->pkey.rsa->n = rsa->n;
-                res->pkey.rsa->e = rsa->e;
-                rsa->n = NULL;
-                rsa->e = NULL;
-                CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
-                RSA_free(rsa);
-            }
-            break;
-#  endif
-        default:
-            HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY,
-                      HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);
-            goto err;
-        }
-
-    return res;
- err:
-    if (res)
-        EVP_PKEY_free(res);
-    return NULL;
-}
-
-/* A little mod_exp */
-static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                          const BIGNUM *m, BN_CTX *ctx)
-{
-    char tempbuf[1024];
-    HWCryptoHook_ErrMsgBuf rmsg;
-    /*
-     * Since HWCryptoHook_MPI is pretty compatible with BIGNUM's, we use them
-     * directly, plus a little macro magic.  We only thing we need to make
-     * sure of is that enough space is allocated.
-     */
-    HWCryptoHook_MPI m_a, m_p, m_n, m_r;
-    int to_return, ret;
-
-    to_return = 0;              /* expect failure */
-    rmsg.buf = tempbuf;
-    rmsg.size = sizeof(tempbuf);
-
-    if (!hwcrhk_context) {
-        HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP, HWCRHK_R_NOT_INITIALISED);
-        goto err;
-    }
-    /* Prepare the params */
-    if (bn_expand2(r, m->top) == NULL) {     /* Check for error !! */
-        HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-    BN2MPI(m_a, a);
-    BN2MPI(m_p, p);
-    BN2MPI(m_n, m);
-    MPI2BN(r, m_r);
-
-    /* Perform the operation */
-    ret = p_hwcrhk_ModExp(hwcrhk_context, m_a, m_p, m_n, &m_r, &rmsg);
-
-    /* Convert the response */
-    r->top = m_r.size / sizeof(BN_ULONG);
-    bn_fix_top(r);
-
-    if (ret < 0) {
-        /*
-         * FIXME: When this error is returned, HWCryptoHook is telling us
-         * that falling back to software computation might be a good thing.
-         */
-        if (ret == HWCRYPTOHOOK_ERROR_FALLBACK) {
-            HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP, HWCRHK_R_REQUEST_FALLBACK);
-        } else {
-            HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP, HWCRHK_R_REQUEST_FAILED);
-        }
-        ERR_add_error_data(1, rmsg.buf);
-        goto err;
-    }
-
-    to_return = 1;
- err:
-    return to_return;
-}
-
-#  ifndef OPENSSL_NO_RSA
-static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa,
-                              BN_CTX *ctx)
-{
-    char tempbuf[1024];
-    HWCryptoHook_ErrMsgBuf rmsg;
-    HWCryptoHook_RSAKeyHandle *hptr;
-    int to_return = 0, ret;
-
-    rmsg.buf = tempbuf;
-    rmsg.size = sizeof(tempbuf);
-
-    if (!hwcrhk_context) {
-        HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, HWCRHK_R_NOT_INITIALISED);
-        goto err;
-    }
-
-    /*
-     * This provides support for nForce keys.  Since that's opaque data all
-     * we do is provide a handle to the proper key and let HWCryptoHook take
-     * care of the rest.
-     */
-    if ((hptr =
-         (HWCryptoHook_RSAKeyHandle *) RSA_get_ex_data(rsa, hndidx_rsa))
-        != NULL) {
-        HWCryptoHook_MPI m_a, m_r;
-
-        if (!rsa->n) {
-            HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
-                      HWCRHK_R_MISSING_KEY_COMPONENTS);
-            goto err;
-        }
-
-        /* Prepare the params */
-        if (bn_expand2(r, rsa->n->top) == NULL) { /* Check for error !! */
-            HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-        BN2MPI(m_a, I);
-        MPI2BN(r, m_r);
-
-        /* Perform the operation */
-        ret = p_hwcrhk_RSA(m_a, *hptr, &m_r, &rmsg);
-
-        /* Convert the response */
-        r->top = m_r.size / sizeof(BN_ULONG);
-        bn_fix_top(r);
-
-        if (ret < 0) {
-            /*
-             * FIXME: When this error is returned, HWCryptoHook is telling us
-             * that falling back to software computation might be a good
-             * thing.
-             */
-            if (ret == HWCRYPTOHOOK_ERROR_FALLBACK) {
-                HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
-                          HWCRHK_R_REQUEST_FALLBACK);
-            } else {
-                HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
-                          HWCRHK_R_REQUEST_FAILED);
-            }
-            ERR_add_error_data(1, rmsg.buf);
-            goto err;
-        }
-    } else {
-        HWCryptoHook_MPI m_a, m_p, m_q, m_dmp1, m_dmq1, m_iqmp, m_r;
-
-        if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
-            HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
-                      HWCRHK_R_MISSING_KEY_COMPONENTS);
-            goto err;
-        }
-
-        /* Prepare the params */
-        if (bn_expand2(r, rsa->n->top) == NULL) { /* Check for error !! */
-            HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-        BN2MPI(m_a, I);
-        BN2MPI(m_p, rsa->p);
-        BN2MPI(m_q, rsa->q);
-        BN2MPI(m_dmp1, rsa->dmp1);
-        BN2MPI(m_dmq1, rsa->dmq1);
-        BN2MPI(m_iqmp, rsa->iqmp);
-        MPI2BN(r, m_r);
-
-        /* Perform the operation */
-        ret = p_hwcrhk_ModExpCRT(hwcrhk_context, m_a, m_p, m_q,
-                                 m_dmp1, m_dmq1, m_iqmp, &m_r, &rmsg);
-
-        /* Convert the response */
-        r->top = m_r.size / sizeof(BN_ULONG);
-        bn_fix_top(r);
-
-        if (ret < 0) {
-            /*
-             * FIXME: When this error is returned, HWCryptoHook is telling us
-             * that falling back to software computation might be a good
-             * thing.
-             */
-            if (ret == HWCRYPTOHOOK_ERROR_FALLBACK) {
-                HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
-                          HWCRHK_R_REQUEST_FALLBACK);
-            } else {
-                HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
-                          HWCRHK_R_REQUEST_FAILED);
-            }
-            ERR_add_error_data(1, rmsg.buf);
-            goto err;
-        }
-    }
-    /*
-     * If we're here, we must be here with some semblance of success :-)
-     */
-    to_return = 1;
- err:
-    return to_return;
-}
-#  endif
-
-#  ifndef OPENSSL_NO_RSA
-/* This function is aliased to mod_exp (with the mont stuff dropped). */
-static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                               const BIGNUM *m, BN_CTX *ctx,
-                               BN_MONT_CTX *m_ctx)
-{
-    return hwcrhk_mod_exp(r, a, p, m, ctx);
-}
-
-static int hwcrhk_rsa_finish(RSA *rsa)
-{
-    HWCryptoHook_RSAKeyHandle *hptr;
-
-    hptr = RSA_get_ex_data(rsa, hndidx_rsa);
-    if (hptr) {
-        p_hwcrhk_RSAUnloadKey(*hptr, NULL);
-        OPENSSL_free(hptr);
-        RSA_set_ex_data(rsa, hndidx_rsa, NULL);
-    }
-    return 1;
-}
-
-#  endif
-
-#  ifndef OPENSSL_NO_DH
-/* This function is aliased to mod_exp (with the dh and mont dropped). */
-static int hwcrhk_mod_exp_dh(const DH *dh, BIGNUM *r,
-                             const BIGNUM *a, const BIGNUM *p,
-                             const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
-{
-    return hwcrhk_mod_exp(r, a, p, m, ctx);
-}
-#  endif
-
-/* Random bytes are good */
-static int hwcrhk_rand_bytes(unsigned char *buf, int num)
-{
-    char tempbuf[1024];
-    HWCryptoHook_ErrMsgBuf rmsg;
-    int to_return = 0;          /* assume failure */
-    int ret;
-
-    rmsg.buf = tempbuf;
-    rmsg.size = sizeof(tempbuf);
-
-    if (!hwcrhk_context) {
-        HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES, HWCRHK_R_NOT_INITIALISED);
-        goto err;
-    }
-
-    ret = p_hwcrhk_RandomBytes(hwcrhk_context, buf, num, &rmsg);
-    if (ret < 0) {
-        /*
-         * FIXME: When this error is returned, HWCryptoHook is telling us
-         * that falling back to software computation might be a good thing.
-         */
-        if (ret == HWCRYPTOHOOK_ERROR_FALLBACK) {
-            HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES, HWCRHK_R_REQUEST_FALLBACK);
-        } else {
-            HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES, HWCRHK_R_REQUEST_FAILED);
-        }
-        ERR_add_error_data(1, rmsg.buf);
-        goto err;
-    }
-    to_return = 1;
- err:
-    return to_return;
-}
-
-static int hwcrhk_rand_status(void)
-{
-    return 1;
-}
-
-/*
- * Mutex calls: since the HWCryptoHook model closely follows the POSIX model
- * these just wrap the POSIX functions and add some logging.
- */
-
-static int hwcrhk_mutex_init(HWCryptoHook_Mutex * mt,
-                             HWCryptoHook_CallerContext * cactx)
-{
-    mt->lockid = CRYPTO_get_new_dynlockid();
-    if (mt->lockid == 0)
-        return 1;               /* failure */
-    return 0;                   /* success */
-}
-
-static int hwcrhk_mutex_lock(HWCryptoHook_Mutex * mt)
-{
-    CRYPTO_w_lock(mt->lockid);
-    return 0;
-}
-
-static void hwcrhk_mutex_unlock(HWCryptoHook_Mutex * mt)
-{
-    CRYPTO_w_unlock(mt->lockid);
-}
-
-static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex * mt)
-{
-    CRYPTO_destroy_dynlockid(mt->lockid);
-}
-
-static int hwcrhk_get_pass(const char *prompt_info,
-                           int *len_io, char *buf,
-                           HWCryptoHook_PassphraseContext * ppctx,
-                           HWCryptoHook_CallerContext * cactx)
-{
-    pem_password_cb *callback = NULL;
-    void *callback_data = NULL;
-    UI_METHOD *ui_method = NULL;
-    /*
-     * Despite what the documentation says prompt_info can be an empty
-     * string.
-     */
-    if (prompt_info && !*prompt_info)
-        prompt_info = NULL;
-
-    if (cactx) {
-        if (cactx->ui_method)
-            ui_method = cactx->ui_method;
-        if (cactx->password_callback)
-            callback = cactx->password_callback;
-        if (cactx->callback_data)
-            callback_data = cactx->callback_data;
-    }
-    if (ppctx) {
-        if (ppctx->ui_method) {
-            ui_method = ppctx->ui_method;
-            callback = NULL;
-        }
-        if (ppctx->callback_data)
-            callback_data = ppctx->callback_data;
-    }
-    if (callback == NULL && ui_method == NULL) {
-        HWCRHKerr(HWCRHK_F_HWCRHK_GET_PASS, HWCRHK_R_NO_CALLBACK);
-        return -1;
-    }
-
-    if (ui_method) {
-        UI *ui = UI_new_method(ui_method);
-        if (ui) {
-            int ok;
-            char *prompt = UI_construct_prompt(ui,
-                                               "pass phrase", prompt_info);
-
-            ok = UI_add_input_string(ui, prompt,
-                                     UI_INPUT_FLAG_DEFAULT_PWD,
-                                     buf, 0, (*len_io) - 1);
-            UI_add_user_data(ui, callback_data);
-            UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
-
-            if (ok >= 0)
-                do {
-                    ok = UI_process(ui);
-                }
-                while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
-
-            if (ok >= 0)
-                *len_io = strlen(buf);
-
-            UI_free(ui);
-            OPENSSL_free(prompt);
-        }
-    } else {
-        *len_io = callback(buf, *len_io, 0, callback_data);
-    }
-    if (!*len_io)
-        return -1;
-    return 0;
-}
-
-static int hwcrhk_insert_card(const char *prompt_info,
-                              const char *wrong_info,
-                              HWCryptoHook_PassphraseContext * ppctx,
-                              HWCryptoHook_CallerContext * cactx)
-{
-    int ok = -1;
-    UI *ui;
-    void *callback_data = NULL;
-    UI_METHOD *ui_method = NULL;
-
-    if (cactx) {
-        if (cactx->ui_method)
-            ui_method = cactx->ui_method;
-        if (cactx->callback_data)
-            callback_data = cactx->callback_data;
-    }
-    if (ppctx) {
-        if (ppctx->ui_method)
-            ui_method = ppctx->ui_method;
-        if (ppctx->callback_data)
-            callback_data = ppctx->callback_data;
-    }
-    if (ui_method == NULL) {
-        HWCRHKerr(HWCRHK_F_HWCRHK_INSERT_CARD, HWCRHK_R_NO_CALLBACK);
-        return -1;
-    }
-
-    ui = UI_new_method(ui_method);
-
-    if (ui) {
-        char answer = '\0';
-        char buf[BUFSIZ];
-        /*
-         * Despite what the documentation says wrong_info can be an empty
-         * string.
-         */
-        if (wrong_info && *wrong_info)
-            BIO_snprintf(buf, sizeof(buf) - 1,
-                         "Current card: \"%s\"\n", wrong_info);
-        else
-            buf[0] = 0;
-        ok = UI_dup_info_string(ui, buf);
-        if (ok >= 0 && prompt_info) {
-            BIO_snprintf(buf, sizeof(buf) - 1,
-                         "Insert card \"%s\"", prompt_info);
-            ok = UI_dup_input_boolean(ui, buf,
-                                      "\n then hit <enter> or C<enter> to cancel\n",
-                                      "\r\n", "Cc", UI_INPUT_FLAG_ECHO,
-                                      &answer);
-        }
-        UI_add_user_data(ui, callback_data);
-
-        if (ok >= 0)
-            ok = UI_process(ui);
-        UI_free(ui);
-
-        if (ok == -2 || (ok >= 0 && answer == 'C'))
-            ok = 1;
-        else if (ok < 0)
-            ok = -1;
-        else
-            ok = 0;
-    }
-    return ok;
-}
-
-static void hwcrhk_log_message(void *logstr, const char *message)
-{
-    BIO *lstream = NULL;
-
-    CRYPTO_w_lock(CRYPTO_LOCK_BIO);
-    if (logstr)
-        lstream = *(BIO **)logstr;
-    if (lstream) {
-        BIO_printf(lstream, "%s\n", message);
-    }
-    CRYPTO_w_unlock(CRYPTO_LOCK_BIO);
-}
-
-/*
- * This stuff is needed if this ENGINE is being compiled into a
- * self-contained shared-library.
- */
-#  ifndef OPENSSL_NO_DYNAMIC_ENGINE
-static int bind_fn(ENGINE *e, const char *id)
-{
-    if (id && (strcmp(id, engine_hwcrhk_id) != 0) &&
-        (strcmp(id, engine_hwcrhk_id_alt) != 0))
-        return 0;
-    if (!bind_helper(e))
-        return 0;
-    return 1;
-}
-
-IMPLEMENT_DYNAMIC_CHECK_FN()
-    IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
-#  endif                        /* OPENSSL_NO_DYNAMIC_ENGINE */
-# endif                         /* !OPENSSL_NO_HW_CHIL */
-#endif                          /* !OPENSSL_NO_HW */
diff --git a/freebsd/crypto/openssl/engines/e_chil_err.c b/freebsd/crypto/openssl/engines/e_chil_err.c
deleted file mode 100644
index 3396bc66..00000000
--- a/freebsd/crypto/openssl/engines/e_chil_err.c
+++ /dev/null
@@ -1,159 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* e_chil_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/*
- * NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include "e_chil_err.h"
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-# define ERR_FUNC(func) ERR_PACK(0,func,0)
-# define ERR_REASON(reason) ERR_PACK(0,0,reason)
-
-static ERR_STRING_DATA HWCRHK_str_functs[] = {
-    {ERR_FUNC(HWCRHK_F_HWCRHK_CTRL), "HWCRHK_CTRL"},
-    {ERR_FUNC(HWCRHK_F_HWCRHK_FINISH), "HWCRHK_FINISH"},
-    {ERR_FUNC(HWCRHK_F_HWCRHK_GET_PASS), "HWCRHK_GET_PASS"},
-    {ERR_FUNC(HWCRHK_F_HWCRHK_INIT), "HWCRHK_INIT"},
-    {ERR_FUNC(HWCRHK_F_HWCRHK_INSERT_CARD), "HWCRHK_INSERT_CARD"},
-    {ERR_FUNC(HWCRHK_F_HWCRHK_LOAD_PRIVKEY), "HWCRHK_LOAD_PRIVKEY"},
-    {ERR_FUNC(HWCRHK_F_HWCRHK_LOAD_PUBKEY), "HWCRHK_LOAD_PUBKEY"},
-    {ERR_FUNC(HWCRHK_F_HWCRHK_MOD_EXP), "HWCRHK_MOD_EXP"},
-    {ERR_FUNC(HWCRHK_F_HWCRHK_RAND_BYTES), "HWCRHK_RAND_BYTES"},
-    {ERR_FUNC(HWCRHK_F_HWCRHK_RSA_MOD_EXP), "HWCRHK_RSA_MOD_EXP"},
-    {0, NULL}
-};
-
-static ERR_STRING_DATA HWCRHK_str_reasons[] = {
-    {ERR_REASON(HWCRHK_R_ALREADY_LOADED), "already loaded"},
-    {ERR_REASON(HWCRHK_R_BIO_WAS_FREED), "bio was freed"},
-    {ERR_REASON(HWCRHK_R_CHIL_ERROR), "chil error"},
-    {ERR_REASON(HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED),
-     "ctrl command not implemented"},
-    {ERR_REASON(HWCRHK_R_DSO_FAILURE), "dso failure"},
-    {ERR_REASON(HWCRHK_R_MISSING_KEY_COMPONENTS), "missing key components"},
-    {ERR_REASON(HWCRHK_R_NOT_INITIALISED), "not initialised"},
-    {ERR_REASON(HWCRHK_R_NOT_LOADED), "not loaded"},
-    {ERR_REASON(HWCRHK_R_NO_CALLBACK), "no callback"},
-    {ERR_REASON(HWCRHK_R_NO_KEY), "no key"},
-    {ERR_REASON(HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED),
-     "private key algorithms disabled"},
-    {ERR_REASON(HWCRHK_R_REQUEST_FAILED), "request failed"},
-    {ERR_REASON(HWCRHK_R_REQUEST_FALLBACK), "request fallback"},
-    {ERR_REASON(HWCRHK_R_UNIT_FAILURE), "unit failure"},
-    {0, NULL}
-};
-
-#endif
-
-#ifdef HWCRHK_LIB_NAME
-static ERR_STRING_DATA HWCRHK_lib_name[] = {
-    {0, HWCRHK_LIB_NAME},
-    {0, NULL}
-};
-#endif
-
-static int HWCRHK_lib_error_code = 0;
-static int HWCRHK_error_init = 1;
-
-static void ERR_load_HWCRHK_strings(void)
-{
-    if (HWCRHK_lib_error_code == 0)
-        HWCRHK_lib_error_code = ERR_get_next_error_library();
-
-    if (HWCRHK_error_init) {
-        HWCRHK_error_init = 0;
-#ifndef OPENSSL_NO_ERR
-        ERR_load_strings(HWCRHK_lib_error_code, HWCRHK_str_functs);
-        ERR_load_strings(HWCRHK_lib_error_code, HWCRHK_str_reasons);
-#endif
-
-#ifdef HWCRHK_LIB_NAME
-        HWCRHK_lib_name->error = ERR_PACK(HWCRHK_lib_error_code, 0, 0);
-        ERR_load_strings(0, HWCRHK_lib_name);
-#endif
-    }
-}
-
-static void ERR_unload_HWCRHK_strings(void)
-{
-    if (HWCRHK_error_init == 0) {
-#ifndef OPENSSL_NO_ERR
-        ERR_unload_strings(HWCRHK_lib_error_code, HWCRHK_str_functs);
-        ERR_unload_strings(HWCRHK_lib_error_code, HWCRHK_str_reasons);
-#endif
-
-#ifdef HWCRHK_LIB_NAME
-        ERR_unload_strings(0, HWCRHK_lib_name);
-#endif
-        HWCRHK_error_init = 1;
-    }
-}
-
-static void ERR_HWCRHK_error(int function, int reason, char *file, int line)
-{
-    if (HWCRHK_lib_error_code == 0)
-        HWCRHK_lib_error_code = ERR_get_next_error_library();
-    ERR_PUT_error(HWCRHK_lib_error_code, function, reason, file, line);
-}
diff --git a/freebsd/crypto/openssl/engines/e_chil_err.h b/freebsd/crypto/openssl/engines/e_chil_err.h
deleted file mode 100644
index d86a4ce9..00000000
--- a/freebsd/crypto/openssl/engines/e_chil_err.h
+++ /dev/null
@@ -1,105 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_HWCRHK_ERR_H
-# define HEADER_HWCRHK_ERR_H
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* BEGIN ERROR CODES */
-/*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-static void ERR_load_HWCRHK_strings(void);
-static void ERR_unload_HWCRHK_strings(void);
-static void ERR_HWCRHK_error(int function, int reason, char *file, int line);
-# define HWCRHKerr(f,r) ERR_HWCRHK_error((f),(r),__FILE__,__LINE__)
-
-/* Error codes for the HWCRHK functions. */
-
-/* Function codes. */
-# define HWCRHK_F_HWCRHK_CTRL                             100
-# define HWCRHK_F_HWCRHK_FINISH                           101
-# define HWCRHK_F_HWCRHK_GET_PASS                         102
-# define HWCRHK_F_HWCRHK_INIT                             103
-# define HWCRHK_F_HWCRHK_INSERT_CARD                      104
-# define HWCRHK_F_HWCRHK_LOAD_PRIVKEY                     105
-# define HWCRHK_F_HWCRHK_LOAD_PUBKEY                      106
-# define HWCRHK_F_HWCRHK_MOD_EXP                          107
-# define HWCRHK_F_HWCRHK_RAND_BYTES                       108
-# define HWCRHK_F_HWCRHK_RSA_MOD_EXP                      109
-
-/* Reason codes. */
-# define HWCRHK_R_ALREADY_LOADED                          100
-# define HWCRHK_R_BIO_WAS_FREED                           101
-# define HWCRHK_R_CHIL_ERROR                              102
-# define HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED            103
-# define HWCRHK_R_DSO_FAILURE                             104
-# define HWCRHK_R_MISSING_KEY_COMPONENTS                  105
-# define HWCRHK_R_NOT_INITIALISED                         106
-# define HWCRHK_R_NOT_LOADED                              107
-# define HWCRHK_R_NO_CALLBACK                             108
-# define HWCRHK_R_NO_KEY                                  109
-# define HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED         110
-# define HWCRHK_R_REQUEST_FAILED                          111
-# define HWCRHK_R_REQUEST_FALLBACK                        112
-# define HWCRHK_R_UNIT_FAILURE                            113
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/freebsd/crypto/openssl/engines/e_cswift.c b/freebsd/crypto/openssl/engines/e_cswift.c
deleted file mode 100644
index 3ae73d65..00000000
--- a/freebsd/crypto/openssl/engines/e_cswift.c
+++ /dev/null
@@ -1,1105 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/engine/hw_cswift.c */
-/*
- * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/buffer.h>
-#include <openssl/dso.h>
-#include <openssl/engine.h>
-#ifndef OPENSSL_NO_RSA
-# include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-# include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-# include <openssl/dh.h>
-#endif
-#include <openssl/rand.h>
-#include <openssl/bn.h>
-
-#ifndef OPENSSL_NO_HW
-# ifndef OPENSSL_NO_HW_CSWIFT
-
-/*
- * Attribution notice: Rainbow have generously allowed me to reproduce the
- * necessary definitions here from their API. This means the support can
- * build independently of whether application builders have the API or
- * hardware. This will allow developers to easily produce software that has
- * latent hardware support for any users that have accelerators installed,
- * without the developers themselves needing anything extra. I have only
- * clipped the parts from the CryptoSwift header files that are (or seem)
- * relevant to the CryptoSwift support code. This is simply to keep the file
- * sizes reasonable. [Geoff]
- */
-#  ifdef FLAT_INC
-#   include "cswift.h"
-#  else
-#   include "vendor_defns/cswift.h"
-#  endif
-
-#  define CSWIFT_LIB_NAME "cswift engine"
-#  include "e_cswift_err.c"
-
-#  define DECIMAL_SIZE(type)      ((sizeof(type)*8+2)/3+1)
-
-static int cswift_destroy(ENGINE *e);
-static int cswift_init(ENGINE *e);
-static int cswift_finish(ENGINE *e);
-static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void));
-#  ifndef OPENSSL_NO_RSA
-static int cswift_bn_32copy(SW_LARGENUMBER *out, const BIGNUM *in);
-#  endif
-
-/* BIGNUM stuff */
-static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                          const BIGNUM *m, BN_CTX *ctx);
-#  ifndef OPENSSL_NO_RSA
-static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                              const BIGNUM *q, const BIGNUM *dmp1,
-                              const BIGNUM *dmq1, const BIGNUM *iqmp,
-                              BN_CTX *ctx);
-#  endif
-
-#  ifndef OPENSSL_NO_RSA
-/* RSA stuff */
-static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
-                              BN_CTX *ctx);
-/* This function is aliased to mod_exp (with the mont stuff dropped). */
-static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                               const BIGNUM *m, BN_CTX *ctx,
-                               BN_MONT_CTX *m_ctx);
-#  endif
-
-#  ifndef OPENSSL_NO_DSA
-/* DSA stuff */
-static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen,
-                                DSA *dsa);
-static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
-                             DSA_SIG *sig, DSA *dsa);
-#  endif
-
-#  ifndef OPENSSL_NO_DH
-/* DH stuff */
-/* This function is alised to mod_exp (with the DH and mont dropped). */
-static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r,
-                             const BIGNUM *a, const BIGNUM *p,
-                             const BIGNUM *m, BN_CTX *ctx,
-                             BN_MONT_CTX *m_ctx);
-#  endif
-
-/* RAND stuff */
-static int cswift_rand_bytes(unsigned char *buf, int num);
-static int cswift_rand_status(void);
-
-/* The definitions for control commands specific to this engine */
-#  define CSWIFT_CMD_SO_PATH              ENGINE_CMD_BASE
-static const ENGINE_CMD_DEFN cswift_cmd_defns[] = {
-    {CSWIFT_CMD_SO_PATH,
-     "SO_PATH",
-     "Specifies the path to the 'cswift' shared library",
-     ENGINE_CMD_FLAG_STRING},
-    {0, NULL, NULL, 0}
-};
-
-#  ifndef OPENSSL_NO_RSA
-/* Our internal RSA_METHOD that we provide pointers to */
-static RSA_METHOD cswift_rsa = {
-    "CryptoSwift RSA method",
-    NULL,
-    NULL,
-    NULL,
-    NULL,
-    cswift_rsa_mod_exp,
-    cswift_mod_exp_mont,
-    NULL,
-    NULL,
-    0,
-    NULL,
-    NULL,
-    NULL,
-    NULL
-};
-#  endif
-
-#  ifndef OPENSSL_NO_DSA
-/* Our internal DSA_METHOD that we provide pointers to */
-static DSA_METHOD cswift_dsa = {
-    "CryptoSwift DSA method",
-    cswift_dsa_sign,
-    NULL,                       /* dsa_sign_setup */
-    cswift_dsa_verify,
-    NULL,                       /* dsa_mod_exp */
-    NULL,                       /* bn_mod_exp */
-    NULL,                       /* init */
-    NULL,                       /* finish */
-    0,                          /* flags */
-    NULL,                       /* app_data */
-    NULL,                       /* dsa_paramgen */
-    NULL                        /* dsa_keygen */
-};
-#  endif
-
-#  ifndef OPENSSL_NO_DH
-/* Our internal DH_METHOD that we provide pointers to */
-static DH_METHOD cswift_dh = {
-    "CryptoSwift DH method",
-    NULL,
-    NULL,
-    cswift_mod_exp_dh,
-    NULL,
-    NULL,
-    0,
-    NULL,
-    NULL
-};
-#  endif
-
-static RAND_METHOD cswift_random = {
-    /* "CryptoSwift RAND method", */
-    NULL,
-    cswift_rand_bytes,
-    NULL,
-    NULL,
-    cswift_rand_bytes,
-    cswift_rand_status,
-};
-
-/* Constants used when creating the ENGINE */
-static const char *engine_cswift_id = "cswift";
-static const char *engine_cswift_name = "CryptoSwift hardware engine support";
-
-/*
- * This internal function is used by ENGINE_cswift() and possibly by the
- * "dynamic" ENGINE support too
- */
-static int bind_helper(ENGINE *e)
-{
-#  ifndef OPENSSL_NO_RSA
-    const RSA_METHOD *meth1;
-#  endif
-#  ifndef OPENSSL_NO_DH
-    const DH_METHOD *meth2;
-#  endif
-    if (!ENGINE_set_id(e, engine_cswift_id) ||
-        !ENGINE_set_name(e, engine_cswift_name) ||
-#  ifndef OPENSSL_NO_RSA
-        !ENGINE_set_RSA(e, &cswift_rsa) ||
-#  endif
-#  ifndef OPENSSL_NO_DSA
-        !ENGINE_set_DSA(e, &cswift_dsa) ||
-#  endif
-#  ifndef OPENSSL_NO_DH
-        !ENGINE_set_DH(e, &cswift_dh) ||
-#  endif
-        !ENGINE_set_RAND(e, &cswift_random) ||
-        !ENGINE_set_destroy_function(e, cswift_destroy) ||
-        !ENGINE_set_init_function(e, cswift_init) ||
-        !ENGINE_set_finish_function(e, cswift_finish) ||
-        !ENGINE_set_ctrl_function(e, cswift_ctrl) ||
-        !ENGINE_set_cmd_defns(e, cswift_cmd_defns))
-        return 0;
-
-#  ifndef OPENSSL_NO_RSA
-    /*
-     * We know that the "PKCS1_SSLeay()" functions hook properly to the
-     * cswift-specific mod_exp and mod_exp_crt so we use those functions. NB:
-     * We don't use ENGINE_openssl() or anything "more generic" because
-     * something like the RSAref code may not hook properly, and if you own
-     * one of these cards then you have the right to do RSA operations on it
-     * anyway!
-     */
-    meth1 = RSA_PKCS1_SSLeay();
-    cswift_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
-    cswift_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
-    cswift_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
-    cswift_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
-#  endif
-
-#  ifndef OPENSSL_NO_DH
-    /* Much the same for Diffie-Hellman */
-    meth2 = DH_OpenSSL();
-    cswift_dh.generate_key = meth2->generate_key;
-    cswift_dh.compute_key = meth2->compute_key;
-#  endif
-
-    /* Ensure the cswift error handling is set up */
-    ERR_load_CSWIFT_strings();
-    return 1;
-}
-
-#  ifdef OPENSSL_NO_DYNAMIC_ENGINE
-static ENGINE *engine_cswift(void)
-{
-    ENGINE *ret = ENGINE_new();
-    if (!ret)
-        return NULL;
-    if (!bind_helper(ret)) {
-        ENGINE_free(ret);
-        return NULL;
-    }
-    return ret;
-}
-
-void ENGINE_load_cswift(void)
-{
-    /* Copied from eng_[openssl|dyn].c */
-    ENGINE *toadd = engine_cswift();
-    if (!toadd)
-        return;
-    ENGINE_add(toadd);
-    ENGINE_free(toadd);
-    ERR_clear_error();
-}
-#  endif
-
-/*
- * This is a process-global DSO handle used for loading and unloading the
- * CryptoSwift library. NB: This is only set (or unset) during an init() or
- * finish() call (reference counts permitting) and they're operating with
- * global locks, so this should be thread-safe implicitly.
- */
-static DSO *cswift_dso = NULL;
-
-/*
- * These are the function pointers that are (un)set when the library has
- * successfully (un)loaded.
- */
-t_swAcquireAccContext *p_CSwift_AcquireAccContext = NULL;
-t_swAttachKeyParam *p_CSwift_AttachKeyParam = NULL;
-t_swSimpleRequest *p_CSwift_SimpleRequest = NULL;
-t_swReleaseAccContext *p_CSwift_ReleaseAccContext = NULL;
-
-/* Used in the DSO operations. */
-static const char *CSWIFT_LIBNAME = NULL;
-static const char *get_CSWIFT_LIBNAME(void)
-{
-    if (CSWIFT_LIBNAME)
-        return CSWIFT_LIBNAME;
-    return "swift";
-}
-
-static void free_CSWIFT_LIBNAME(void)
-{
-    if (CSWIFT_LIBNAME)
-        OPENSSL_free((void *)CSWIFT_LIBNAME);
-    CSWIFT_LIBNAME = NULL;
-}
-
-static long set_CSWIFT_LIBNAME(const char *name)
-{
-    free_CSWIFT_LIBNAME();
-    return (((CSWIFT_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
-}
-
-static const char *CSWIFT_F1 = "swAcquireAccContext";
-static const char *CSWIFT_F2 = "swAttachKeyParam";
-static const char *CSWIFT_F3 = "swSimpleRequest";
-static const char *CSWIFT_F4 = "swReleaseAccContext";
-
-/*
- * CryptoSwift library functions and mechanics - these are used by the
- * higher-level functions further down. NB: As and where there's no error
- * checking, take a look lower down where these functions are called, the
- * checking and error handling is probably down there.
- */
-
-/* utility function to obtain a context */
-static int get_context(SW_CONTEXT_HANDLE *hac)
-{
-    SW_STATUS status;
-
-    status = p_CSwift_AcquireAccContext(hac);
-    if (status != SW_OK)
-        return 0;
-    return 1;
-}
-
-/* similarly to release one. */
-static void release_context(SW_CONTEXT_HANDLE hac)
-{
-    p_CSwift_ReleaseAccContext(hac);
-}
-
-/* Destructor (complements the "ENGINE_cswift()" constructor) */
-static int cswift_destroy(ENGINE *e)
-{
-    free_CSWIFT_LIBNAME();
-    ERR_unload_CSWIFT_strings();
-    return 1;
-}
-
-/* (de)initialisation functions. */
-static int cswift_init(ENGINE *e)
-{
-    SW_CONTEXT_HANDLE hac;
-    t_swAcquireAccContext *p1;
-    t_swAttachKeyParam *p2;
-    t_swSimpleRequest *p3;
-    t_swReleaseAccContext *p4;
-
-    if (cswift_dso != NULL) {
-        CSWIFTerr(CSWIFT_F_CSWIFT_INIT, CSWIFT_R_ALREADY_LOADED);
-        goto err;
-    }
-    /* Attempt to load libswift.so/swift.dll/whatever. */
-    cswift_dso = DSO_load(NULL, get_CSWIFT_LIBNAME(), NULL, 0);
-    if (cswift_dso == NULL) {
-        CSWIFTerr(CSWIFT_F_CSWIFT_INIT, CSWIFT_R_NOT_LOADED);
-        goto err;
-    }
-    if (!(p1 = (t_swAcquireAccContext *)
-          DSO_bind_func(cswift_dso, CSWIFT_F1)) ||
-        !(p2 = (t_swAttachKeyParam *)
-          DSO_bind_func(cswift_dso, CSWIFT_F2)) ||
-        !(p3 = (t_swSimpleRequest *)
-          DSO_bind_func(cswift_dso, CSWIFT_F3)) ||
-        !(p4 = (t_swReleaseAccContext *)
-          DSO_bind_func(cswift_dso, CSWIFT_F4))) {
-        CSWIFTerr(CSWIFT_F_CSWIFT_INIT, CSWIFT_R_NOT_LOADED);
-        goto err;
-    }
-    /* Copy the pointers */
-    p_CSwift_AcquireAccContext = p1;
-    p_CSwift_AttachKeyParam = p2;
-    p_CSwift_SimpleRequest = p3;
-    p_CSwift_ReleaseAccContext = p4;
-    /*
-     * Try and get a context - if not, we may have a DSO but no accelerator!
-     */
-    if (!get_context(&hac)) {
-        CSWIFTerr(CSWIFT_F_CSWIFT_INIT, CSWIFT_R_UNIT_FAILURE);
-        goto err;
-    }
-    release_context(hac);
-    /* Everything's fine. */
-    return 1;
- err:
-    if (cswift_dso) {
-        DSO_free(cswift_dso);
-        cswift_dso = NULL;
-    }
-    p_CSwift_AcquireAccContext = NULL;
-    p_CSwift_AttachKeyParam = NULL;
-    p_CSwift_SimpleRequest = NULL;
-    p_CSwift_ReleaseAccContext = NULL;
-    return 0;
-}
-
-static int cswift_finish(ENGINE *e)
-{
-    free_CSWIFT_LIBNAME();
-    if (cswift_dso == NULL) {
-        CSWIFTerr(CSWIFT_F_CSWIFT_FINISH, CSWIFT_R_NOT_LOADED);
-        return 0;
-    }
-    if (!DSO_free(cswift_dso)) {
-        CSWIFTerr(CSWIFT_F_CSWIFT_FINISH, CSWIFT_R_UNIT_FAILURE);
-        return 0;
-    }
-    cswift_dso = NULL;
-    p_CSwift_AcquireAccContext = NULL;
-    p_CSwift_AttachKeyParam = NULL;
-    p_CSwift_SimpleRequest = NULL;
-    p_CSwift_ReleaseAccContext = NULL;
-    return 1;
-}
-
-static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
-{
-    int initialised = ((cswift_dso == NULL) ? 0 : 1);
-    switch (cmd) {
-    case CSWIFT_CMD_SO_PATH:
-        if (p == NULL) {
-            CSWIFTerr(CSWIFT_F_CSWIFT_CTRL, ERR_R_PASSED_NULL_PARAMETER);
-            return 0;
-        }
-        if (initialised) {
-            CSWIFTerr(CSWIFT_F_CSWIFT_CTRL, CSWIFT_R_ALREADY_LOADED);
-            return 0;
-        }
-        return set_CSWIFT_LIBNAME((const char *)p);
-    default:
-        break;
-    }
-    CSWIFTerr(CSWIFT_F_CSWIFT_CTRL, CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED);
-    return 0;
-}
-
-/* Un petit mod_exp */
-static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                          const BIGNUM *m, BN_CTX *ctx)
-{
-    /*
-     * I need somewhere to store temporary serialised values for use with the
-     * CryptoSwift API calls. A neat cheat - I'll use BIGNUMs from the BN_CTX
-     * but access their arrays directly as byte arrays <grin>. This way I
-     * don't have to clean anything up.
-     */
-    BIGNUM *modulus;
-    BIGNUM *exponent;
-    BIGNUM *argument;
-    BIGNUM *result;
-    SW_STATUS sw_status;
-    SW_LARGENUMBER arg, res;
-    SW_PARAM sw_param;
-    SW_CONTEXT_HANDLE hac;
-    int to_return, acquired;
-
-    modulus = exponent = argument = result = NULL;
-    to_return = 0;              /* expect failure */
-    acquired = 0;
-
-    if (!get_context(&hac)) {
-        CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP, CSWIFT_R_UNIT_FAILURE);
-        goto err;
-    }
-    acquired = 1;
-    /* Prepare the params */
-    BN_CTX_start(ctx);
-    modulus = BN_CTX_get(ctx);
-    exponent = BN_CTX_get(ctx);
-    argument = BN_CTX_get(ctx);
-    result = BN_CTX_get(ctx);
-    if (!result) {
-        CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP, CSWIFT_R_BN_CTX_FULL);
-        goto err;
-    }
-    if (!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, p->top) ||
-        !bn_wexpand(argument, a->top) || !bn_wexpand(result, m->top)) {
-        CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP, CSWIFT_R_BN_EXPAND_FAIL);
-        goto err;
-    }
-    sw_param.type = SW_ALG_EXP;
-    sw_param.up.exp.modulus.nbytes = BN_bn2bin(m,
-                                               (unsigned char *)modulus->d);
-    sw_param.up.exp.modulus.value = (unsigned char *)modulus->d;
-    sw_param.up.exp.exponent.nbytes = BN_bn2bin(p,
-                                                (unsigned char *)exponent->d);
-    sw_param.up.exp.exponent.value = (unsigned char *)exponent->d;
-    /* Attach the key params */
-    sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
-    switch (sw_status) {
-    case SW_OK:
-        break;
-    case SW_ERR_INPUT_SIZE:
-        CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP, CSWIFT_R_BAD_KEY_SIZE);
-        goto err;
-    default:
-        {
-            char tmpbuf[DECIMAL_SIZE(sw_status) + 1];
-            CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP, CSWIFT_R_REQUEST_FAILED);
-            sprintf(tmpbuf, "%ld", sw_status);
-            ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
-        }
-        goto err;
-    }
-    /* Prepare the argument and response */
-    arg.nbytes = BN_bn2bin(a, (unsigned char *)argument->d);
-    arg.value = (unsigned char *)argument->d;
-    res.nbytes = BN_num_bytes(m);
-    memset(result->d, 0, res.nbytes);
-    res.value = (unsigned char *)result->d;
-    /* Perform the operation */
-    if ((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP, &arg, 1,
-                                            &res, 1)) != SW_OK) {
-        char tmpbuf[DECIMAL_SIZE(sw_status) + 1];
-        CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP, CSWIFT_R_REQUEST_FAILED);
-        sprintf(tmpbuf, "%ld", sw_status);
-        ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
-        goto err;
-    }
-    /* Convert the response */
-    BN_bin2bn((unsigned char *)result->d, res.nbytes, r);
-    to_return = 1;
- err:
-    if (acquired)
-        release_context(hac);
-    BN_CTX_end(ctx);
-    return to_return;
-}
-
-#  ifndef OPENSSL_NO_RSA
-int cswift_bn_32copy(SW_LARGENUMBER *out, const BIGNUM *in)
-{
-    int mod;
-    int numbytes = BN_num_bytes(in);
-
-    mod = 0;
-    while (((out->nbytes = (numbytes + mod)) % 32)) {
-        mod++;
-    }
-    out->value = (unsigned char *)OPENSSL_malloc(out->nbytes);
-    if (!out->value) {
-        return 0;
-    }
-    BN_bn2bin(in, &out->value[mod]);
-    if (mod)
-        memset(out->value, 0, mod);
-
-    return 1;
-}
-#  endif
-
-#  ifndef OPENSSL_NO_RSA
-/* Un petit mod_exp chinois */
-static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                              const BIGNUM *q, const BIGNUM *dmp1,
-                              const BIGNUM *dmq1, const BIGNUM *iqmp,
-                              BN_CTX *ctx)
-{
-    SW_STATUS sw_status;
-    SW_LARGENUMBER arg, res;
-    SW_PARAM sw_param;
-    SW_CONTEXT_HANDLE hac;
-    BIGNUM *result = NULL;
-    BIGNUM *argument = NULL;
-    int to_return = 0;          /* expect failure */
-    int acquired = 0;
-
-    sw_param.up.crt.p.value = NULL;
-    sw_param.up.crt.q.value = NULL;
-    sw_param.up.crt.dmp1.value = NULL;
-    sw_param.up.crt.dmq1.value = NULL;
-    sw_param.up.crt.iqmp.value = NULL;
-
-    if (!get_context(&hac)) {
-        CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_UNIT_FAILURE);
-        goto err;
-    }
-    acquired = 1;
-
-    /* Prepare the params */
-    argument = BN_new();
-    result = BN_new();
-    if (!result || !argument) {
-        CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_BN_CTX_FULL);
-        goto err;
-    }
-
-    sw_param.type = SW_ALG_CRT;
-        /************************************************************************/
-    /*
-     * 04/02/2003
-     */
-    /*
-     * Modified by Frederic Giudicelli (deny-all.com) to overcome the
-     */
-    /*
-     * limitation of cswift with values not a multiple of 32
-     */
-        /************************************************************************/
-    if (!cswift_bn_32copy(&sw_param.up.crt.p, p)) {
-        CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_BN_EXPAND_FAIL);
-        goto err;
-    }
-    if (!cswift_bn_32copy(&sw_param.up.crt.q, q)) {
-        CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_BN_EXPAND_FAIL);
-        goto err;
-    }
-    if (!cswift_bn_32copy(&sw_param.up.crt.dmp1, dmp1)) {
-        CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_BN_EXPAND_FAIL);
-        goto err;
-    }
-    if (!cswift_bn_32copy(&sw_param.up.crt.dmq1, dmq1)) {
-        CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_BN_EXPAND_FAIL);
-        goto err;
-    }
-    if (!cswift_bn_32copy(&sw_param.up.crt.iqmp, iqmp)) {
-        CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_BN_EXPAND_FAIL);
-        goto err;
-    }
-    if (!bn_wexpand(argument, a->top) || !bn_wexpand(result, p->top + q->top)) {
-        CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_BN_EXPAND_FAIL);
-        goto err;
-    }
-
-    /* Attach the key params */
-    sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
-    switch (sw_status) {
-    case SW_OK:
-        break;
-    case SW_ERR_INPUT_SIZE:
-        CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_BAD_KEY_SIZE);
-        goto err;
-    default:
-        {
-            char tmpbuf[DECIMAL_SIZE(sw_status) + 1];
-            CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_REQUEST_FAILED);
-            sprintf(tmpbuf, "%ld", sw_status);
-            ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
-        }
-        goto err;
-    }
-    /* Prepare the argument and response */
-    arg.nbytes = BN_bn2bin(a, (unsigned char *)argument->d);
-    arg.value = (unsigned char *)argument->d;
-    res.nbytes = 2 * BN_num_bytes(p);
-    memset(result->d, 0, res.nbytes);
-    res.value = (unsigned char *)result->d;
-    /* Perform the operation */
-    if ((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP_CRT, &arg, 1,
-                                            &res, 1)) != SW_OK) {
-        char tmpbuf[DECIMAL_SIZE(sw_status) + 1];
-        CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_REQUEST_FAILED);
-        sprintf(tmpbuf, "%ld", sw_status);
-        ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
-        goto err;
-    }
-    /* Convert the response */
-    BN_bin2bn((unsigned char *)result->d, res.nbytes, r);
-    to_return = 1;
- err:
-    if (sw_param.up.crt.p.value)
-        OPENSSL_free(sw_param.up.crt.p.value);
-    if (sw_param.up.crt.q.value)
-        OPENSSL_free(sw_param.up.crt.q.value);
-    if (sw_param.up.crt.dmp1.value)
-        OPENSSL_free(sw_param.up.crt.dmp1.value);
-    if (sw_param.up.crt.dmq1.value)
-        OPENSSL_free(sw_param.up.crt.dmq1.value);
-    if (sw_param.up.crt.iqmp.value)
-        OPENSSL_free(sw_param.up.crt.iqmp.value);
-    if (result)
-        BN_free(result);
-    if (argument)
-        BN_free(argument);
-    if (acquired)
-        release_context(hac);
-    return to_return;
-}
-#  endif
-
-#  ifndef OPENSSL_NO_RSA
-static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
-                              BN_CTX *ctx)
-{
-    int to_return = 0;
-    const RSA_METHOD *def_rsa_method;
-
-    if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
-        CSWIFTerr(CSWIFT_F_CSWIFT_RSA_MOD_EXP,
-                  CSWIFT_R_MISSING_KEY_COMPONENTS);
-        goto err;
-    }
-
-    /* Try the limits of RSA (2048 bits) */
-    if (BN_num_bytes(rsa->p) > 128 ||
-        BN_num_bytes(rsa->q) > 128 ||
-        BN_num_bytes(rsa->dmp1) > 128 ||
-        BN_num_bytes(rsa->dmq1) > 128 || BN_num_bytes(rsa->iqmp) > 128) {
-#   ifdef RSA_NULL
-        def_rsa_method = RSA_null_method();
-#   else
-#    if 0
-        def_rsa_method = RSA_PKCS1_RSAref();
-#    else
-        def_rsa_method = RSA_PKCS1_SSLeay();
-#    endif
-#   endif
-        if (def_rsa_method)
-            return def_rsa_method->rsa_mod_exp(r0, I, rsa, ctx);
-    }
-
-    to_return = cswift_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,
-                                   rsa->dmq1, rsa->iqmp, ctx);
- err:
-    return to_return;
-}
-
-/* This function is aliased to mod_exp (with the mont stuff dropped). */
-static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                               const BIGNUM *m, BN_CTX *ctx,
-                               BN_MONT_CTX *m_ctx)
-{
-    const RSA_METHOD *def_rsa_method;
-
-    /* Try the limits of RSA (2048 bits) */
-    if (BN_num_bytes(r) > 256 ||
-        BN_num_bytes(a) > 256 || BN_num_bytes(m) > 256) {
-#   ifdef RSA_NULL
-        def_rsa_method = RSA_null_method();
-#   else
-#    if 0
-        def_rsa_method = RSA_PKCS1_RSAref();
-#    else
-        def_rsa_method = RSA_PKCS1_SSLeay();
-#    endif
-#   endif
-        if (def_rsa_method)
-            return def_rsa_method->bn_mod_exp(r, a, p, m, ctx, m_ctx);
-    }
-
-    return cswift_mod_exp(r, a, p, m, ctx);
-}
-#  endif                        /* OPENSSL_NO_RSA */
-
-#  ifndef OPENSSL_NO_DSA
-static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
-{
-    SW_CONTEXT_HANDLE hac;
-    SW_PARAM sw_param;
-    SW_STATUS sw_status;
-    SW_LARGENUMBER arg, res;
-    BN_CTX *ctx;
-    BIGNUM *dsa_p = NULL;
-    BIGNUM *dsa_q = NULL;
-    BIGNUM *dsa_g = NULL;
-    BIGNUM *dsa_key = NULL;
-    BIGNUM *result = NULL;
-    DSA_SIG *to_return = NULL;
-    int acquired = 0;
-
-    if ((ctx = BN_CTX_new()) == NULL)
-        goto err;
-    if (!get_context(&hac)) {
-        CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN, CSWIFT_R_UNIT_FAILURE);
-        goto err;
-    }
-    acquired = 1;
-    /* Prepare the params */
-    BN_CTX_start(ctx);
-    dsa_p = BN_CTX_get(ctx);
-    dsa_q = BN_CTX_get(ctx);
-    dsa_g = BN_CTX_get(ctx);
-    dsa_key = BN_CTX_get(ctx);
-    result = BN_CTX_get(ctx);
-    if (!result) {
-        CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN, CSWIFT_R_BN_CTX_FULL);
-        goto err;
-    }
-    if (!bn_wexpand(dsa_p, dsa->p->top) ||
-        !bn_wexpand(dsa_q, dsa->q->top) ||
-        !bn_wexpand(dsa_g, dsa->g->top) ||
-        !bn_wexpand(dsa_key, dsa->priv_key->top) ||
-        !bn_wexpand(result, dsa->p->top)) {
-        CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN, CSWIFT_R_BN_EXPAND_FAIL);
-        goto err;
-    }
-    sw_param.type = SW_ALG_DSA;
-    sw_param.up.dsa.p.nbytes = BN_bn2bin(dsa->p, (unsigned char *)dsa_p->d);
-    sw_param.up.dsa.p.value = (unsigned char *)dsa_p->d;
-    sw_param.up.dsa.q.nbytes = BN_bn2bin(dsa->q, (unsigned char *)dsa_q->d);
-    sw_param.up.dsa.q.value = (unsigned char *)dsa_q->d;
-    sw_param.up.dsa.g.nbytes = BN_bn2bin(dsa->g, (unsigned char *)dsa_g->d);
-    sw_param.up.dsa.g.value = (unsigned char *)dsa_g->d;
-    sw_param.up.dsa.key.nbytes = BN_bn2bin(dsa->priv_key,
-                                           (unsigned char *)dsa_key->d);
-    sw_param.up.dsa.key.value = (unsigned char *)dsa_key->d;
-    /* Attach the key params */
-    sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
-    switch (sw_status) {
-    case SW_OK:
-        break;
-    case SW_ERR_INPUT_SIZE:
-        CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN, CSWIFT_R_BAD_KEY_SIZE);
-        goto err;
-    default:
-        {
-            char tmpbuf[DECIMAL_SIZE(sw_status) + 1];
-            CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN, CSWIFT_R_REQUEST_FAILED);
-            sprintf(tmpbuf, "%ld", sw_status);
-            ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
-        }
-        goto err;
-    }
-    /* Prepare the argument and response */
-    arg.nbytes = dlen;
-    arg.value = (unsigned char *)dgst;
-    res.nbytes = BN_num_bytes(dsa->p);
-    memset(result->d, 0, res.nbytes);
-    res.value = (unsigned char *)result->d;
-    /* Perform the operation */
-    sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_DSS_SIGN, &arg, 1,
-                                       &res, 1);
-    if (sw_status != SW_OK) {
-        char tmpbuf[DECIMAL_SIZE(sw_status) + 1];
-        CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN, CSWIFT_R_REQUEST_FAILED);
-        sprintf(tmpbuf, "%ld", sw_status);
-        ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
-        goto err;
-    }
-    /* Convert the response */
-    if ((to_return = DSA_SIG_new()) == NULL)
-        goto err;
-    to_return->r = BN_bin2bn((unsigned char *)result->d, 20, NULL);
-    to_return->s = BN_bin2bn((unsigned char *)result->d + 20, 20, NULL);
-
- err:
-    if (acquired)
-        release_context(hac);
-    if (ctx) {
-        BN_CTX_end(ctx);
-        BN_CTX_free(ctx);
-    }
-    return to_return;
-}
-
-static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
-                             DSA_SIG *sig, DSA *dsa)
-{
-    SW_CONTEXT_HANDLE hac;
-    SW_PARAM sw_param;
-    SW_STATUS sw_status;
-    SW_LARGENUMBER arg[2], res;
-    unsigned long sig_result;
-    BN_CTX *ctx;
-    BIGNUM *dsa_p = NULL;
-    BIGNUM *dsa_q = NULL;
-    BIGNUM *dsa_g = NULL;
-    BIGNUM *dsa_key = NULL;
-    BIGNUM *argument = NULL;
-    int to_return = -1;
-    int acquired = 0;
-
-    if ((ctx = BN_CTX_new()) == NULL)
-        goto err;
-    if (!get_context(&hac)) {
-        CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY, CSWIFT_R_UNIT_FAILURE);
-        goto err;
-    }
-    acquired = 1;
-    /* Prepare the params */
-    BN_CTX_start(ctx);
-    dsa_p = BN_CTX_get(ctx);
-    dsa_q = BN_CTX_get(ctx);
-    dsa_g = BN_CTX_get(ctx);
-    dsa_key = BN_CTX_get(ctx);
-    argument = BN_CTX_get(ctx);
-    if (!argument) {
-        CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY, CSWIFT_R_BN_CTX_FULL);
-        goto err;
-    }
-    if (!bn_wexpand(dsa_p, dsa->p->top) ||
-        !bn_wexpand(dsa_q, dsa->q->top) ||
-        !bn_wexpand(dsa_g, dsa->g->top) ||
-        !bn_wexpand(dsa_key, dsa->pub_key->top) ||
-        !bn_wexpand(argument, 40)) {
-        CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY, CSWIFT_R_BN_EXPAND_FAIL);
-        goto err;
-    }
-    sw_param.type = SW_ALG_DSA;
-    sw_param.up.dsa.p.nbytes = BN_bn2bin(dsa->p, (unsigned char *)dsa_p->d);
-    sw_param.up.dsa.p.value = (unsigned char *)dsa_p->d;
-    sw_param.up.dsa.q.nbytes = BN_bn2bin(dsa->q, (unsigned char *)dsa_q->d);
-    sw_param.up.dsa.q.value = (unsigned char *)dsa_q->d;
-    sw_param.up.dsa.g.nbytes = BN_bn2bin(dsa->g, (unsigned char *)dsa_g->d);
-    sw_param.up.dsa.g.value = (unsigned char *)dsa_g->d;
-    sw_param.up.dsa.key.nbytes = BN_bn2bin(dsa->pub_key,
-                                           (unsigned char *)dsa_key->d);
-    sw_param.up.dsa.key.value = (unsigned char *)dsa_key->d;
-    /* Attach the key params */
-    sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
-    switch (sw_status) {
-    case SW_OK:
-        break;
-    case SW_ERR_INPUT_SIZE:
-        CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY, CSWIFT_R_BAD_KEY_SIZE);
-        goto err;
-    default:
-        {
-            char tmpbuf[DECIMAL_SIZE(sw_status) + 1];
-            CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY, CSWIFT_R_REQUEST_FAILED);
-            sprintf(tmpbuf, "%ld", sw_status);
-            ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
-        }
-        goto err;
-    }
-    /* Prepare the argument and response */
-    arg[0].nbytes = dgst_len;
-    arg[0].value = (unsigned char *)dgst;
-    arg[1].nbytes = 40;
-    arg[1].value = (unsigned char *)argument->d;
-    memset(arg[1].value, 0, 40);
-    BN_bn2bin(sig->r, arg[1].value + 20 - BN_num_bytes(sig->r));
-    BN_bn2bin(sig->s, arg[1].value + 40 - BN_num_bytes(sig->s));
-    res.nbytes = 4;             /* unsigned long */
-    res.value = (unsigned char *)(&sig_result);
-    /* Perform the operation */
-    sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_DSS_VERIFY, arg, 2,
-                                       &res, 1);
-    if (sw_status != SW_OK) {
-        char tmpbuf[DECIMAL_SIZE(sw_status) + 1];
-        CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY, CSWIFT_R_REQUEST_FAILED);
-        sprintf(tmpbuf, "%ld", sw_status);
-        ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
-        goto err;
-    }
-    /* Convert the response */
-    to_return = ((sig_result == 0) ? 0 : 1);
-
- err:
-    if (acquired)
-        release_context(hac);
-    if (ctx) {
-        BN_CTX_end(ctx);
-        BN_CTX_free(ctx);
-    }
-    return to_return;
-}
-#  endif
-
-#  ifndef OPENSSL_NO_DH
-/* This function is aliased to mod_exp (with the dh and mont dropped). */
-static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r,
-                             const BIGNUM *a, const BIGNUM *p,
-                             const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
-{
-    return cswift_mod_exp(r, a, p, m, ctx);
-}
-#  endif
-
-/* Random bytes are good */
-static int cswift_rand_bytes(unsigned char *buf, int num)
-{
-    SW_CONTEXT_HANDLE hac;
-    SW_STATUS swrc;
-    SW_LARGENUMBER largenum;
-    int acquired = 0;
-    int to_return = 0;          /* assume failure */
-    unsigned char buf32[1024];
-
-    if (!get_context(&hac)) {
-        CSWIFTerr(CSWIFT_F_CSWIFT_RAND_BYTES, CSWIFT_R_UNIT_FAILURE);
-        goto err;
-    }
-    acquired = 1;
-
-        /************************************************************************/
-    /*
-     * 04/02/2003
-     */
-    /*
-     * Modified by Frederic Giudicelli (deny-all.com) to overcome the
-     */
-    /*
-     * limitation of cswift with values not a multiple of 32
-     */
-        /************************************************************************/
-
-    while (num >= (int)sizeof(buf32)) {
-        largenum.value = buf;
-        largenum.nbytes = sizeof(buf32);
-        /*-
-         * tell CryptoSwift how many bytes we want and where we want it.
-         * Note: - CryptoSwift cannot do more than 4096 bytes at a time.
-         *       - CryptoSwift can only do multiple of 32-bits.
-         */
-        swrc =
-            p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
-        if (swrc != SW_OK) {
-            char tmpbuf[20];
-            CSWIFTerr(CSWIFT_F_CSWIFT_RAND_BYTES, CSWIFT_R_REQUEST_FAILED);
-            sprintf(tmpbuf, "%ld", swrc);
-            ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
-            goto err;
-        }
-        buf += sizeof(buf32);
-        num -= sizeof(buf32);
-    }
-    if (num) {
-        largenum.nbytes = sizeof(buf32);
-        largenum.value = buf32;
-        swrc =
-            p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
-        if (swrc != SW_OK) {
-            char tmpbuf[20];
-            CSWIFTerr(CSWIFT_F_CSWIFT_RAND_BYTES, CSWIFT_R_REQUEST_FAILED);
-            sprintf(tmpbuf, "%ld", swrc);
-            ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
-            goto err;
-        }
-        memcpy(buf, largenum.value, num);
-    }
-
-    to_return = 1;              /* success */
- err:
-    if (acquired)
-        release_context(hac);
-
-    return to_return;
-}
-
-static int cswift_rand_status(void)
-{
-    return 1;
-}
-
-/*
- * This stuff is needed if this ENGINE is being compiled into a
- * self-contained shared-library.
- */
-#  ifndef OPENSSL_NO_DYNAMIC_ENGINE
-static int bind_fn(ENGINE *e, const char *id)
-{
-    if (id && (strcmp(id, engine_cswift_id) != 0))
-        return 0;
-    if (!bind_helper(e))
-        return 0;
-    return 1;
-}
-
-IMPLEMENT_DYNAMIC_CHECK_FN()
-    IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
-#  endif                        /* OPENSSL_NO_DYNAMIC_ENGINE */
-# endif                         /* !OPENSSL_NO_HW_CSWIFT */
-#endif                          /* !OPENSSL_NO_HW */
diff --git a/freebsd/crypto/openssl/engines/e_cswift_err.c b/freebsd/crypto/openssl/engines/e_cswift_err.c
deleted file mode 100644
index 84920e37..00000000
--- a/freebsd/crypto/openssl/engines/e_cswift_err.c
+++ /dev/null
@@ -1,152 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* e_cswift_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/*
- * NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include "e_cswift_err.h"
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-# define ERR_FUNC(func) ERR_PACK(0,func,0)
-# define ERR_REASON(reason) ERR_PACK(0,0,reason)
-
-static ERR_STRING_DATA CSWIFT_str_functs[] = {
-    {ERR_FUNC(CSWIFT_F_CSWIFT_CTRL), "CSWIFT_CTRL"},
-    {ERR_FUNC(CSWIFT_F_CSWIFT_DSA_SIGN), "CSWIFT_DSA_SIGN"},
-    {ERR_FUNC(CSWIFT_F_CSWIFT_DSA_VERIFY), "CSWIFT_DSA_VERIFY"},
-    {ERR_FUNC(CSWIFT_F_CSWIFT_FINISH), "CSWIFT_FINISH"},
-    {ERR_FUNC(CSWIFT_F_CSWIFT_INIT), "CSWIFT_INIT"},
-    {ERR_FUNC(CSWIFT_F_CSWIFT_MOD_EXP), "CSWIFT_MOD_EXP"},
-    {ERR_FUNC(CSWIFT_F_CSWIFT_MOD_EXP_CRT), "CSWIFT_MOD_EXP_CRT"},
-    {ERR_FUNC(CSWIFT_F_CSWIFT_RAND_BYTES), "CSWIFT_RAND_BYTES"},
-    {ERR_FUNC(CSWIFT_F_CSWIFT_RSA_MOD_EXP), "CSWIFT_RSA_MOD_EXP"},
-    {0, NULL}
-};
-
-static ERR_STRING_DATA CSWIFT_str_reasons[] = {
-    {ERR_REASON(CSWIFT_R_ALREADY_LOADED), "already loaded"},
-    {ERR_REASON(CSWIFT_R_BAD_KEY_SIZE), "bad key size"},
-    {ERR_REASON(CSWIFT_R_BN_CTX_FULL), "bn ctx full"},
-    {ERR_REASON(CSWIFT_R_BN_EXPAND_FAIL), "bn expand fail"},
-    {ERR_REASON(CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED),
-     "ctrl command not implemented"},
-    {ERR_REASON(CSWIFT_R_MISSING_KEY_COMPONENTS), "missing key components"},
-    {ERR_REASON(CSWIFT_R_NOT_LOADED), "not loaded"},
-    {ERR_REASON(CSWIFT_R_REQUEST_FAILED), "request failed"},
-    {ERR_REASON(CSWIFT_R_UNIT_FAILURE), "unit failure"},
-    {0, NULL}
-};
-
-#endif
-
-#ifdef CSWIFT_LIB_NAME
-static ERR_STRING_DATA CSWIFT_lib_name[] = {
-    {0, CSWIFT_LIB_NAME},
-    {0, NULL}
-};
-#endif
-
-static int CSWIFT_lib_error_code = 0;
-static int CSWIFT_error_init = 1;
-
-static void ERR_load_CSWIFT_strings(void)
-{
-    if (CSWIFT_lib_error_code == 0)
-        CSWIFT_lib_error_code = ERR_get_next_error_library();
-
-    if (CSWIFT_error_init) {
-        CSWIFT_error_init = 0;
-#ifndef OPENSSL_NO_ERR
-        ERR_load_strings(CSWIFT_lib_error_code, CSWIFT_str_functs);
-        ERR_load_strings(CSWIFT_lib_error_code, CSWIFT_str_reasons);
-#endif
-
-#ifdef CSWIFT_LIB_NAME
-        CSWIFT_lib_name->error = ERR_PACK(CSWIFT_lib_error_code, 0, 0);
-        ERR_load_strings(0, CSWIFT_lib_name);
-#endif
-    }
-}
-
-static void ERR_unload_CSWIFT_strings(void)
-{
-    if (CSWIFT_error_init == 0) {
-#ifndef OPENSSL_NO_ERR
-        ERR_unload_strings(CSWIFT_lib_error_code, CSWIFT_str_functs);
-        ERR_unload_strings(CSWIFT_lib_error_code, CSWIFT_str_reasons);
-#endif
-
-#ifdef CSWIFT_LIB_NAME
-        ERR_unload_strings(0, CSWIFT_lib_name);
-#endif
-        CSWIFT_error_init = 1;
-    }
-}
-
-static void ERR_CSWIFT_error(int function, int reason, char *file, int line)
-{
-    if (CSWIFT_lib_error_code == 0)
-        CSWIFT_lib_error_code = ERR_get_next_error_library();
-    ERR_PUT_error(CSWIFT_lib_error_code, function, reason, file, line);
-}
diff --git a/freebsd/crypto/openssl/engines/e_cswift_err.h b/freebsd/crypto/openssl/engines/e_cswift_err.h
deleted file mode 100644
index fde3a827..00000000
--- a/freebsd/crypto/openssl/engines/e_cswift_err.h
+++ /dev/null
@@ -1,99 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_CSWIFT_ERR_H
-# define HEADER_CSWIFT_ERR_H
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* BEGIN ERROR CODES */
-/*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-static void ERR_load_CSWIFT_strings(void);
-static void ERR_unload_CSWIFT_strings(void);
-static void ERR_CSWIFT_error(int function, int reason, char *file, int line);
-# define CSWIFTerr(f,r) ERR_CSWIFT_error((f),(r),__FILE__,__LINE__)
-
-/* Error codes for the CSWIFT functions. */
-
-/* Function codes. */
-# define CSWIFT_F_CSWIFT_CTRL                             100
-# define CSWIFT_F_CSWIFT_DSA_SIGN                         101
-# define CSWIFT_F_CSWIFT_DSA_VERIFY                       102
-# define CSWIFT_F_CSWIFT_FINISH                           103
-# define CSWIFT_F_CSWIFT_INIT                             104
-# define CSWIFT_F_CSWIFT_MOD_EXP                          105
-# define CSWIFT_F_CSWIFT_MOD_EXP_CRT                      106
-# define CSWIFT_F_CSWIFT_RAND_BYTES                       108
-# define CSWIFT_F_CSWIFT_RSA_MOD_EXP                      107
-
-/* Reason codes. */
-# define CSWIFT_R_ALREADY_LOADED                          100
-# define CSWIFT_R_BAD_KEY_SIZE                            101
-# define CSWIFT_R_BN_CTX_FULL                             102
-# define CSWIFT_R_BN_EXPAND_FAIL                          103
-# define CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED            104
-# define CSWIFT_R_MISSING_KEY_COMPONENTS                  105
-# define CSWIFT_R_NOT_LOADED                              106
-# define CSWIFT_R_REQUEST_FAILED                          107
-# define CSWIFT_R_UNIT_FAILURE                            108
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/freebsd/crypto/openssl/engines/e_dasync.c b/freebsd/crypto/openssl/engines/e_dasync.c
new file mode 100644
index 00000000..e7091b93
--- /dev/null
+++ b/freebsd/crypto/openssl/engines/e_dasync.c
@@ -0,0 +1,772 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#if defined(_WIN32)
+# include <windows.h>
+#endif
+
+#include <stdio.h>
+#include <string.h>
+
+#include <openssl/engine.h>
+#include <openssl/sha.h>
+#include <openssl/aes.h>
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/async.h>
+#include <openssl/bn.h>
+#include <openssl/crypto.h>
+#include <openssl/ssl.h>
+#include <openssl/modes.h>
+
+#if defined(OPENSSL_SYS_UNIX) && defined(OPENSSL_THREADS)
+# undef ASYNC_POSIX
+# define ASYNC_POSIX
+# include <unistd.h>
+#elif defined(_WIN32)
+# undef ASYNC_WIN
+# define ASYNC_WIN
+#endif
+
+#include "e_dasync_err.c"
+
+/* Engine Id and Name */
+static const char *engine_dasync_id = "dasync";
+static const char *engine_dasync_name = "Dummy Async engine support";
+
+
+/* Engine Lifetime functions */
+static int dasync_destroy(ENGINE *e);
+static int dasync_init(ENGINE *e);
+static int dasync_finish(ENGINE *e);
+void engine_load_dasync_int(void);
+
+
+/* Set up digests. Just SHA1 for now */
+static int dasync_digests(ENGINE *e, const EVP_MD **digest,
+                          const int **nids, int nid);
+
+static void dummy_pause_job(void);
+
+/* SHA1 */
+static int dasync_sha1_init(EVP_MD_CTX *ctx);
+static int dasync_sha1_update(EVP_MD_CTX *ctx, const void *data,
+                             size_t count);
+static int dasync_sha1_final(EVP_MD_CTX *ctx, unsigned char *md);
+
+/*
+ * Holds the EVP_MD object for sha1 in this engine. Set up once only during
+ * engine bind and can then be reused many times.
+ */
+static EVP_MD *_hidden_sha1_md = NULL;
+static const EVP_MD *dasync_sha1(void)
+{
+    return _hidden_sha1_md;
+}
+static void destroy_digests(void)
+{
+    EVP_MD_meth_free(_hidden_sha1_md);
+    _hidden_sha1_md = NULL;
+}
+
+static int dasync_digest_nids(const int **nids)
+{
+    static int digest_nids[2] = { 0, 0 };
+    static int pos = 0;
+    static int init = 0;
+
+    if (!init) {
+        const EVP_MD *md;
+        if ((md = dasync_sha1()) != NULL)
+            digest_nids[pos++] = EVP_MD_type(md);
+        digest_nids[pos] = 0;
+        init = 1;
+    }
+    *nids = digest_nids;
+    return pos;
+}
+
+/* RSA */
+
+static int dasync_pub_enc(int flen, const unsigned char *from,
+                    unsigned char *to, RSA *rsa, int padding);
+static int dasync_pub_dec(int flen, const unsigned char *from,
+                    unsigned char *to, RSA *rsa, int padding);
+static int dasync_rsa_priv_enc(int flen, const unsigned char *from,
+                      unsigned char *to, RSA *rsa, int padding);
+static int dasync_rsa_priv_dec(int flen, const unsigned char *from,
+                      unsigned char *to, RSA *rsa, int padding);
+static int dasync_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+                              BN_CTX *ctx);
+
+static int dasync_rsa_init(RSA *rsa);
+static int dasync_rsa_finish(RSA *rsa);
+
+static RSA_METHOD *dasync_rsa_method = NULL;
+
+/* AES */
+
+static int dasync_aes128_cbc_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+                                  void *ptr);
+static int dasync_aes128_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                                  const unsigned char *iv, int enc);
+static int dasync_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                    const unsigned char *in, size_t inl);
+static int dasync_aes128_cbc_cleanup(EVP_CIPHER_CTX *ctx);
+
+static int dasync_aes128_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
+                                             int arg, void *ptr);
+static int dasync_aes128_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
+                                                 const unsigned char *key,
+                                                 const unsigned char *iv,
+                                                 int enc);
+static int dasync_aes128_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx,
+                                               unsigned char *out,
+                                               const unsigned char *in,
+                                               size_t inl);
+static int dasync_aes128_cbc_hmac_sha1_cleanup(EVP_CIPHER_CTX *ctx);
+
+struct dasync_pipeline_ctx {
+    void *inner_cipher_data;
+    unsigned int numpipes;
+    unsigned char **inbufs;
+    unsigned char **outbufs;
+    size_t *lens;
+    int enc;
+    unsigned char tlsaad[SSL_MAX_PIPELINES][EVP_AEAD_TLS1_AAD_LEN];
+    unsigned int aadctr;
+};
+
+/*
+ * Holds the EVP_CIPHER object for aes_128_cbc in this engine. Set up once only
+ * during engine bind and can then be reused many times.
+ */
+static EVP_CIPHER *_hidden_aes_128_cbc = NULL;
+static const EVP_CIPHER *dasync_aes_128_cbc(void)
+{
+    return _hidden_aes_128_cbc;
+}
+
+/*
+ * Holds the EVP_CIPHER object for aes_128_cbc_hmac_sha1 in this engine. Set up
+ * once only during engine bind and can then be reused many times.
+ */
+static EVP_CIPHER *_hidden_aes_128_cbc_hmac_sha1 = NULL;
+static const EVP_CIPHER *dasync_aes_128_cbc_hmac_sha1(void)
+{
+    return _hidden_aes_128_cbc_hmac_sha1;
+}
+
+static void destroy_ciphers(void)
+{
+    EVP_CIPHER_meth_free(_hidden_aes_128_cbc);
+    EVP_CIPHER_meth_free(_hidden_aes_128_cbc_hmac_sha1);
+    _hidden_aes_128_cbc = NULL;
+    _hidden_aes_128_cbc_hmac_sha1 = NULL;
+}
+
+static int dasync_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+                                   const int **nids, int nid);
+
+static int dasync_cipher_nids[] = {
+    NID_aes_128_cbc,
+    NID_aes_128_cbc_hmac_sha1,
+    0
+};
+
+static int bind_dasync(ENGINE *e)
+{
+    /* Setup RSA_METHOD */
+    if ((dasync_rsa_method = RSA_meth_new("Dummy Async RSA method", 0)) == NULL
+        || RSA_meth_set_pub_enc(dasync_rsa_method, dasync_pub_enc) == 0
+        || RSA_meth_set_pub_dec(dasync_rsa_method, dasync_pub_dec) == 0
+        || RSA_meth_set_priv_enc(dasync_rsa_method, dasync_rsa_priv_enc) == 0
+        || RSA_meth_set_priv_dec(dasync_rsa_method, dasync_rsa_priv_dec) == 0
+        || RSA_meth_set_mod_exp(dasync_rsa_method, dasync_rsa_mod_exp) == 0
+        || RSA_meth_set_bn_mod_exp(dasync_rsa_method, BN_mod_exp_mont) == 0
+        || RSA_meth_set_init(dasync_rsa_method, dasync_rsa_init) == 0
+        || RSA_meth_set_finish(dasync_rsa_method, dasync_rsa_finish) == 0) {
+        DASYNCerr(DASYNC_F_BIND_DASYNC, DASYNC_R_INIT_FAILED);
+        return 0;
+    }
+
+    /* Ensure the dasync error handling is set up */
+    ERR_load_DASYNC_strings();
+
+    if (!ENGINE_set_id(e, engine_dasync_id)
+        || !ENGINE_set_name(e, engine_dasync_name)
+        || !ENGINE_set_RSA(e, dasync_rsa_method)
+        || !ENGINE_set_digests(e, dasync_digests)
+        || !ENGINE_set_ciphers(e, dasync_ciphers)
+        || !ENGINE_set_destroy_function(e, dasync_destroy)
+        || !ENGINE_set_init_function(e, dasync_init)
+        || !ENGINE_set_finish_function(e, dasync_finish)) {
+        DASYNCerr(DASYNC_F_BIND_DASYNC, DASYNC_R_INIT_FAILED);
+        return 0;
+    }
+
+    /*
+     * Set up the EVP_CIPHER and EVP_MD objects for the ciphers/digests
+     * supplied by this engine
+     */
+    _hidden_sha1_md = EVP_MD_meth_new(NID_sha1, NID_sha1WithRSAEncryption);
+    if (_hidden_sha1_md == NULL
+        || !EVP_MD_meth_set_result_size(_hidden_sha1_md, SHA_DIGEST_LENGTH)
+        || !EVP_MD_meth_set_input_blocksize(_hidden_sha1_md, SHA_CBLOCK)
+        || !EVP_MD_meth_set_app_datasize(_hidden_sha1_md,
+                                         sizeof(EVP_MD *) + sizeof(SHA_CTX))
+        || !EVP_MD_meth_set_flags(_hidden_sha1_md, EVP_MD_FLAG_DIGALGID_ABSENT)
+        || !EVP_MD_meth_set_init(_hidden_sha1_md, dasync_sha1_init)
+        || !EVP_MD_meth_set_update(_hidden_sha1_md, dasync_sha1_update)
+        || !EVP_MD_meth_set_final(_hidden_sha1_md, dasync_sha1_final)) {
+        EVP_MD_meth_free(_hidden_sha1_md);
+        _hidden_sha1_md = NULL;
+    }
+
+    _hidden_aes_128_cbc = EVP_CIPHER_meth_new(NID_aes_128_cbc,
+                                              16 /* block size */,
+                                              16 /* key len */);
+    if (_hidden_aes_128_cbc == NULL
+            || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc,16)
+            || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc,
+                                          EVP_CIPH_FLAG_DEFAULT_ASN1
+                                          | EVP_CIPH_CBC_MODE
+                                          | EVP_CIPH_FLAG_PIPELINE)
+            || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc,
+                                         dasync_aes128_init_key)
+            || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc,
+                                              dasync_aes128_cbc_cipher)
+            || !EVP_CIPHER_meth_set_cleanup(_hidden_aes_128_cbc,
+                                            dasync_aes128_cbc_cleanup)
+            || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_cbc,
+                                         dasync_aes128_cbc_ctrl)
+            || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc,
+                                sizeof(struct dasync_pipeline_ctx))) {
+        EVP_CIPHER_meth_free(_hidden_aes_128_cbc);
+        _hidden_aes_128_cbc = NULL;
+    }
+
+    _hidden_aes_128_cbc_hmac_sha1 = EVP_CIPHER_meth_new(
+                                                NID_aes_128_cbc_hmac_sha1,
+                                                16 /* block size */,
+                                                16 /* key len */);
+    if (_hidden_aes_128_cbc_hmac_sha1 == NULL
+            || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc_hmac_sha1,16)
+            || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc_hmac_sha1,
+                                            EVP_CIPH_CBC_MODE
+                                          | EVP_CIPH_FLAG_DEFAULT_ASN1
+                                          | EVP_CIPH_FLAG_AEAD_CIPHER
+                                          | EVP_CIPH_FLAG_PIPELINE)
+            || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc_hmac_sha1,
+                                         dasync_aes128_cbc_hmac_sha1_init_key)
+            || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc_hmac_sha1,
+                                            dasync_aes128_cbc_hmac_sha1_cipher)
+            || !EVP_CIPHER_meth_set_cleanup(_hidden_aes_128_cbc_hmac_sha1,
+                                            dasync_aes128_cbc_hmac_sha1_cleanup)
+            || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_cbc_hmac_sha1,
+                                         dasync_aes128_cbc_hmac_sha1_ctrl)
+            || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc_hmac_sha1,
+                                sizeof(struct dasync_pipeline_ctx))) {
+        EVP_CIPHER_meth_free(_hidden_aes_128_cbc_hmac_sha1);
+        _hidden_aes_128_cbc_hmac_sha1 = NULL;
+    }
+
+    return 1;
+}
+
+# ifndef OPENSSL_NO_DYNAMIC_ENGINE
+static int bind_helper(ENGINE *e, const char *id)
+{
+    if (id && (strcmp(id, engine_dasync_id) != 0))
+        return 0;
+    if (!bind_dasync(e))
+        return 0;
+    return 1;
+}
+
+IMPLEMENT_DYNAMIC_CHECK_FN()
+    IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
+# endif
+
+static ENGINE *engine_dasync(void)
+{
+    ENGINE *ret = ENGINE_new();
+    if (!ret)
+        return NULL;
+    if (!bind_dasync(ret)) {
+        ENGINE_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+void engine_load_dasync_int(void)
+{
+    ENGINE *toadd = engine_dasync();
+    if (!toadd)
+        return;
+    ENGINE_add(toadd);
+    ENGINE_free(toadd);
+    ERR_clear_error();
+}
+
+static int dasync_init(ENGINE *e)
+{
+    return 1;
+}
+
+
+static int dasync_finish(ENGINE *e)
+{
+    return 1;
+}
+
+
+static int dasync_destroy(ENGINE *e)
+{
+    destroy_digests();
+    destroy_ciphers();
+    RSA_meth_free(dasync_rsa_method);
+    ERR_unload_DASYNC_strings();
+    return 1;
+}
+
+static int dasync_digests(ENGINE *e, const EVP_MD **digest,
+                          const int **nids, int nid)
+{
+    int ok = 1;
+    if (!digest) {
+        /* We are returning a list of supported nids */
+        return dasync_digest_nids(nids);
+    }
+    /* We are being asked for a specific digest */
+    switch (nid) {
+    case NID_sha1:
+        *digest = dasync_sha1();
+        break;
+    default:
+        ok = 0;
+        *digest = NULL;
+        break;
+    }
+    return ok;
+}
+
+static int dasync_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+                                   const int **nids, int nid)
+{
+    int ok = 1;
+    if (cipher == NULL) {
+        /* We are returning a list of supported nids */
+        *nids = dasync_cipher_nids;
+        return (sizeof(dasync_cipher_nids) -
+                1) / sizeof(dasync_cipher_nids[0]);
+    }
+    /* We are being asked for a specific cipher */
+    switch (nid) {
+    case NID_aes_128_cbc:
+        *cipher = dasync_aes_128_cbc();
+        break;
+    case NID_aes_128_cbc_hmac_sha1:
+        *cipher = dasync_aes_128_cbc_hmac_sha1();
+        break;
+    default:
+        ok = 0;
+        *cipher = NULL;
+        break;
+    }
+    return ok;
+}
+
+static void wait_cleanup(ASYNC_WAIT_CTX *ctx, const void *key,
+                         OSSL_ASYNC_FD readfd, void *pvwritefd)
+{
+    OSSL_ASYNC_FD *pwritefd = (OSSL_ASYNC_FD *)pvwritefd;
+#if defined(ASYNC_WIN)
+    CloseHandle(readfd);
+    CloseHandle(*pwritefd);
+#elif defined(ASYNC_POSIX)
+    close(readfd);
+    close(*pwritefd);
+#endif
+    OPENSSL_free(pwritefd);
+}
+
+#define DUMMY_CHAR 'X'
+
+static void dummy_pause_job(void) {
+    ASYNC_JOB *job;
+    ASYNC_WAIT_CTX *waitctx;
+    OSSL_ASYNC_FD pipefds[2] = {0, 0};
+    OSSL_ASYNC_FD *writefd;
+#if defined(ASYNC_WIN)
+    DWORD numwritten, numread;
+    char buf = DUMMY_CHAR;
+#elif defined(ASYNC_POSIX)
+    char buf = DUMMY_CHAR;
+#endif
+
+    if ((job = ASYNC_get_current_job()) == NULL)
+        return;
+
+    waitctx = ASYNC_get_wait_ctx(job);
+
+    if (ASYNC_WAIT_CTX_get_fd(waitctx, engine_dasync_id, &pipefds[0],
+                              (void **)&writefd)) {
+        pipefds[1] = *writefd;
+    } else {
+        writefd = OPENSSL_malloc(sizeof(*writefd));
+        if (writefd == NULL)
+            return;
+#if defined(ASYNC_WIN)
+        if (CreatePipe(&pipefds[0], &pipefds[1], NULL, 256) == 0) {
+            OPENSSL_free(writefd);
+            return;
+        }
+#elif defined(ASYNC_POSIX)
+        if (pipe(pipefds) != 0) {
+            OPENSSL_free(writefd);
+            return;
+        }
+#endif
+        *writefd = pipefds[1];
+
+        if (!ASYNC_WAIT_CTX_set_wait_fd(waitctx, engine_dasync_id, pipefds[0],
+                                        writefd, wait_cleanup)) {
+            wait_cleanup(waitctx, engine_dasync_id, pipefds[0], writefd);
+            return;
+        }
+    }
+    /*
+     * In the Dummy async engine we are cheating. We signal that the job
+     * is complete by waking it before the call to ASYNC_pause_job(). A real
+     * async engine would only wake when the job was actually complete
+     */
+#if defined(ASYNC_WIN)
+    WriteFile(pipefds[1], &buf, 1, &numwritten, NULL);
+#elif defined(ASYNC_POSIX)
+    if (write(pipefds[1], &buf, 1) < 0)
+        return;
+#endif
+
+    /* Ignore errors - we carry on anyway */
+    ASYNC_pause_job();
+
+    /* Clear the wake signal */
+#if defined(ASYNC_WIN)
+    ReadFile(pipefds[0], &buf, 1, &numread, NULL);
+#elif defined(ASYNC_POSIX)
+    if (read(pipefds[0], &buf, 1) < 0)
+        return;
+#endif
+}
+
+/*
+ * SHA1 implementation. At the moment we just defer to the standard
+ * implementation
+ */
+#undef data
+#define data(ctx) ((SHA_CTX *)EVP_MD_CTX_md_data(ctx))
+static int dasync_sha1_init(EVP_MD_CTX *ctx)
+{
+    dummy_pause_job();
+
+    return SHA1_Init(data(ctx));
+}
+
+static int dasync_sha1_update(EVP_MD_CTX *ctx, const void *data,
+                             size_t count)
+{
+    dummy_pause_job();
+
+    return SHA1_Update(data(ctx), data, (size_t)count);
+}
+
+static int dasync_sha1_final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    dummy_pause_job();
+
+    return SHA1_Final(md, data(ctx));
+}
+
+/*
+ * RSA implementation
+ */
+
+static int dasync_pub_enc(int flen, const unsigned char *from,
+                    unsigned char *to, RSA *rsa, int padding) {
+    /* Ignore errors - we carry on anyway */
+    dummy_pause_job();
+    return RSA_meth_get_pub_enc(RSA_PKCS1_OpenSSL())
+        (flen, from, to, rsa, padding);
+}
+
+static int dasync_pub_dec(int flen, const unsigned char *from,
+                    unsigned char *to, RSA *rsa, int padding) {
+    /* Ignore errors - we carry on anyway */
+    dummy_pause_job();
+    return RSA_meth_get_pub_dec(RSA_PKCS1_OpenSSL())
+        (flen, from, to, rsa, padding);
+}
+
+static int dasync_rsa_priv_enc(int flen, const unsigned char *from,
+                      unsigned char *to, RSA *rsa, int padding)
+{
+    /* Ignore errors - we carry on anyway */
+    dummy_pause_job();
+    return RSA_meth_get_priv_enc(RSA_PKCS1_OpenSSL())
+        (flen, from, to, rsa, padding);
+}
+
+static int dasync_rsa_priv_dec(int flen, const unsigned char *from,
+                      unsigned char *to, RSA *rsa, int padding)
+{
+    /* Ignore errors - we carry on anyway */
+    dummy_pause_job();
+    return RSA_meth_get_priv_dec(RSA_PKCS1_OpenSSL())
+        (flen, from, to, rsa, padding);
+}
+
+static int dasync_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
+{
+    /* Ignore errors - we carry on anyway */
+    dummy_pause_job();
+    return RSA_meth_get_mod_exp(RSA_PKCS1_OpenSSL())(r0, I, rsa, ctx);
+}
+
+static int dasync_rsa_init(RSA *rsa)
+{
+    return RSA_meth_get_init(RSA_PKCS1_OpenSSL())(rsa);
+}
+static int dasync_rsa_finish(RSA *rsa)
+{
+    return RSA_meth_get_finish(RSA_PKCS1_OpenSSL())(rsa);
+}
+
+/* Cipher helper functions */
+
+static int dasync_cipher_ctrl_helper(EVP_CIPHER_CTX *ctx, int type, int arg,
+                                     void *ptr, int aeadcapable)
+{
+    int ret;
+    struct dasync_pipeline_ctx *pipe_ctx =
+        (struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
+
+    if (pipe_ctx == NULL)
+        return 0;
+
+    switch (type) {
+        case EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS:
+            pipe_ctx->numpipes = arg;
+            pipe_ctx->outbufs = (unsigned char **)ptr;
+            break;
+
+        case EVP_CTRL_SET_PIPELINE_INPUT_BUFS:
+            pipe_ctx->numpipes = arg;
+            pipe_ctx->inbufs = (unsigned char **)ptr;
+            break;
+
+        case EVP_CTRL_SET_PIPELINE_INPUT_LENS:
+            pipe_ctx->numpipes = arg;
+            pipe_ctx->lens = (size_t *)ptr;
+            break;
+
+        case EVP_CTRL_AEAD_SET_MAC_KEY:
+            if (!aeadcapable)
+                return -1;
+            EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx->inner_cipher_data);
+            ret = EVP_CIPHER_meth_get_ctrl(EVP_aes_128_cbc_hmac_sha1())
+                                          (ctx, type, arg, ptr);
+            EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx);
+            return ret;
+
+        case EVP_CTRL_AEAD_TLS1_AAD:
+        {
+            unsigned char *p = ptr;
+            unsigned int len;
+
+            if (!aeadcapable || arg != EVP_AEAD_TLS1_AAD_LEN)
+                return -1;
+
+            if (pipe_ctx->aadctr >= SSL_MAX_PIPELINES)
+                return -1;
+
+            memcpy(pipe_ctx->tlsaad[pipe_ctx->aadctr], ptr,
+                   EVP_AEAD_TLS1_AAD_LEN);
+            pipe_ctx->aadctr++;
+
+            len = p[arg - 2] << 8 | p[arg - 1];
+
+            if (pipe_ctx->enc) {
+                if ((p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) {
+                    if (len < AES_BLOCK_SIZE)
+                        return 0;
+                    len -= AES_BLOCK_SIZE;
+                }
+
+                return ((len + SHA_DIGEST_LENGTH + AES_BLOCK_SIZE)
+                        & -AES_BLOCK_SIZE) - len;
+            } else {
+                return SHA_DIGEST_LENGTH;
+            }
+        }
+
+        default:
+            return 0;
+    }
+
+    return 1;
+}
+
+static int dasync_cipher_init_key_helper(EVP_CIPHER_CTX *ctx,
+                                         const unsigned char *key,
+                                         const unsigned char *iv, int enc,
+                                         const EVP_CIPHER *cipher)
+{
+    int ret;
+    struct dasync_pipeline_ctx *pipe_ctx =
+        (struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
+
+    if (pipe_ctx->inner_cipher_data == NULL
+            && EVP_CIPHER_impl_ctx_size(cipher) != 0) {
+        pipe_ctx->inner_cipher_data = OPENSSL_zalloc(
+            EVP_CIPHER_impl_ctx_size(cipher));
+        if (pipe_ctx->inner_cipher_data == NULL) {
+            DASYNCerr(DASYNC_F_DASYNC_CIPHER_INIT_KEY_HELPER,
+                        ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+    }
+
+    pipe_ctx->numpipes = 0;
+    pipe_ctx->aadctr = 0;
+
+    EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx->inner_cipher_data);
+    ret = EVP_CIPHER_meth_get_init(cipher)(ctx, key, iv, enc);
+    EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx);
+
+    return ret;
+}
+
+static int dasync_cipher_helper(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t inl,
+                                const EVP_CIPHER *cipher)
+{
+    int ret = 1;
+    unsigned int i, pipes;
+    struct dasync_pipeline_ctx *pipe_ctx =
+        (struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
+
+    pipes = pipe_ctx->numpipes;
+    EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx->inner_cipher_data);
+    if (pipes == 0) {
+        if (pipe_ctx->aadctr != 0) {
+            if (pipe_ctx->aadctr != 1)
+                return -1;
+            EVP_CIPHER_meth_get_ctrl(cipher)
+                                    (ctx, EVP_CTRL_AEAD_TLS1_AAD,
+                                     EVP_AEAD_TLS1_AAD_LEN,
+                                     pipe_ctx->tlsaad[0]);
+        }
+        ret = EVP_CIPHER_meth_get_do_cipher(cipher)
+                                           (ctx, out, in, inl);
+    } else {
+        if (pipe_ctx->aadctr > 0 && pipe_ctx->aadctr != pipes)
+            return -1;
+        for (i = 0; i < pipes; i++) {
+            if (pipe_ctx->aadctr > 0) {
+                EVP_CIPHER_meth_get_ctrl(cipher)
+                                        (ctx, EVP_CTRL_AEAD_TLS1_AAD,
+                                         EVP_AEAD_TLS1_AAD_LEN,
+                                         pipe_ctx->tlsaad[i]);
+            }
+            ret = ret && EVP_CIPHER_meth_get_do_cipher(cipher)
+                                (ctx, pipe_ctx->outbufs[i], pipe_ctx->inbufs[i],
+                                 pipe_ctx->lens[i]);
+        }
+        pipe_ctx->numpipes = 0;
+    }
+    pipe_ctx->aadctr = 0;
+    EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx);
+    return ret;
+}
+
+static int dasync_cipher_cleanup_helper(EVP_CIPHER_CTX *ctx,
+                                        const EVP_CIPHER *cipher)
+{
+    struct dasync_pipeline_ctx *pipe_ctx =
+        (struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
+
+    OPENSSL_clear_free(pipe_ctx->inner_cipher_data,
+                       EVP_CIPHER_impl_ctx_size(cipher));
+
+    return 1;
+}
+
+/*
+ * AES128 CBC Implementation
+ */
+
+static int dasync_aes128_cbc_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+                                  void *ptr)
+{
+    return dasync_cipher_ctrl_helper(ctx, type, arg, ptr, 0);
+}
+
+static int dasync_aes128_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc)
+{
+    return dasync_cipher_init_key_helper(ctx, key, iv, enc, EVP_aes_128_cbc());
+}
+
+static int dasync_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                               const unsigned char *in, size_t inl)
+{
+    return dasync_cipher_helper(ctx, out, in, inl, EVP_aes_128_cbc());
+}
+
+static int dasync_aes128_cbc_cleanup(EVP_CIPHER_CTX *ctx)
+{
+    return dasync_cipher_cleanup_helper(ctx, EVP_aes_128_cbc());
+}
+
+
+/*
+ * AES128 CBC HMAC SHA1 Implementation
+ */
+
+static int dasync_aes128_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
+                                             int arg, void *ptr)
+{
+    return dasync_cipher_ctrl_helper(ctx, type, arg, ptr, 1);
+}
+
+static int dasync_aes128_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
+                                                const unsigned char *key,
+                                                const unsigned char *iv,
+                                                int enc)
+{
+    return dasync_cipher_init_key_helper(ctx, key, iv, enc,
+                                         EVP_aes_128_cbc_hmac_sha1());
+}
+
+static int dasync_aes128_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx,
+                                               unsigned char *out,
+                                               const unsigned char *in,
+                                               size_t inl)
+{
+    return dasync_cipher_helper(ctx, out, in, inl, EVP_aes_128_cbc_hmac_sha1());
+}
+
+static int dasync_aes128_cbc_hmac_sha1_cleanup(EVP_CIPHER_CTX *ctx)
+{
+    return dasync_cipher_cleanup_helper(ctx, EVP_aes_128_cbc_hmac_sha1());
+}
diff --git a/freebsd/crypto/openssl/engines/e_dasync_err.c b/freebsd/crypto/openssl/engines/e_dasync_err.c
new file mode 100644
index 00000000..928878e5
--- /dev/null
+++ b/freebsd/crypto/openssl/engines/e_dasync_err.c
@@ -0,0 +1,75 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include "e_dasync_err.h"
+
+#ifndef OPENSSL_NO_ERR
+
+static ERR_STRING_DATA DASYNC_str_functs[] = {
+    {ERR_PACK(0, DASYNC_F_BIND_DASYNC, 0), "bind_dasync"},
+    {ERR_PACK(0, DASYNC_F_CIPHER_AES_128_CBC_CODE, 0), ""},
+    {ERR_PACK(0, DASYNC_F_DASYNC_AES128_CBC_HMAC_SHA1_INIT_KEY, 0), ""},
+    {ERR_PACK(0, DASYNC_F_DASYNC_AES128_INIT_KEY, 0), ""},
+    {ERR_PACK(0, DASYNC_F_DASYNC_BN_MOD_EXP, 0), ""},
+    {ERR_PACK(0, DASYNC_F_DASYNC_CIPHER_INIT_KEY_HELPER, 0),
+     "dasync_cipher_init_key_helper"},
+    {ERR_PACK(0, DASYNC_F_DASYNC_MOD_EXP, 0), ""},
+    {ERR_PACK(0, DASYNC_F_DASYNC_PRIVATE_DECRYPT, 0), ""},
+    {ERR_PACK(0, DASYNC_F_DASYNC_PRIVATE_ENCRYPT, 0), ""},
+    {ERR_PACK(0, DASYNC_F_DASYNC_PUBLIC_DECRYPT, 0), ""},
+    {ERR_PACK(0, DASYNC_F_DASYNC_PUBLIC_ENCRYPT, 0), ""},
+    {0, NULL}
+};
+
+static ERR_STRING_DATA DASYNC_str_reasons[] = {
+    {ERR_PACK(0, 0, DASYNC_R_INIT_FAILED), "init failed"},
+    {0, NULL}
+};
+
+#endif
+
+static int lib_code = 0;
+static int error_loaded = 0;
+
+static int ERR_load_DASYNC_strings(void)
+{
+    if (lib_code == 0)
+        lib_code = ERR_get_next_error_library();
+
+    if (!error_loaded) {
+#ifndef OPENSSL_NO_ERR
+        ERR_load_strings(lib_code, DASYNC_str_functs);
+        ERR_load_strings(lib_code, DASYNC_str_reasons);
+#endif
+        error_loaded = 1;
+    }
+    return 1;
+}
+
+static void ERR_unload_DASYNC_strings(void)
+{
+    if (error_loaded) {
+#ifndef OPENSSL_NO_ERR
+        ERR_unload_strings(lib_code, DASYNC_str_functs);
+        ERR_unload_strings(lib_code, DASYNC_str_reasons);
+#endif
+        error_loaded = 0;
+    }
+}
+
+static void ERR_DASYNC_error(int function, int reason, char *file, int line)
+{
+    if (lib_code == 0)
+        lib_code = ERR_get_next_error_library();
+    ERR_PUT_error(lib_code, function, reason, file, line);
+}
diff --git a/freebsd/crypto/openssl/engines/e_dasync_err.h b/freebsd/crypto/openssl/engines/e_dasync_err.h
new file mode 100644
index 00000000..7c2c0278
--- /dev/null
+++ b/freebsd/crypto/openssl/engines/e_dasync_err.h
@@ -0,0 +1,37 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_DASYNCERR_H
+# define HEADER_DASYNCERR_H
+
+# define DASYNCerr(f, r) ERR_DASYNC_error((f), (r), OPENSSL_FILE, OPENSSL_LINE)
+
+
+/*
+ * DASYNC function codes.
+ */
+# define DASYNC_F_BIND_DASYNC                             107
+# define DASYNC_F_CIPHER_AES_128_CBC_CODE                 100
+# define DASYNC_F_DASYNC_AES128_CBC_HMAC_SHA1_INIT_KEY    109
+# define DASYNC_F_DASYNC_AES128_INIT_KEY                  108
+# define DASYNC_F_DASYNC_BN_MOD_EXP                       101
+# define DASYNC_F_DASYNC_CIPHER_INIT_KEY_HELPER           110
+# define DASYNC_F_DASYNC_MOD_EXP                          102
+# define DASYNC_F_DASYNC_PRIVATE_DECRYPT                  103
+# define DASYNC_F_DASYNC_PRIVATE_ENCRYPT                  104
+# define DASYNC_F_DASYNC_PUBLIC_DECRYPT                   105
+# define DASYNC_F_DASYNC_PUBLIC_ENCRYPT                   106
+
+/*
+ * DASYNC reason codes.
+ */
+# define DASYNC_R_INIT_FAILED                             100
+
+#endif
diff --git a/freebsd/crypto/openssl/engines/e_gmp.c b/freebsd/crypto/openssl/engines/e_gmp.c
deleted file mode 100644
index e07486aa..00000000
--- a/freebsd/crypto/openssl/engines/e_gmp.c
+++ /dev/null
@@ -1,494 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/engine/e_gmp.c */
-/*
- * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
- * 2003.
- */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/*
- * This engine is not (currently) compiled in by default. Do enable it,
- * reconfigure OpenSSL with "enable-gmp -lgmp". The GMP libraries and headers
- * must reside in one of the paths searched by the compiler/linker, otherwise
- * paths must be specified - eg. try configuring with "enable-gmp
- * -I<includepath> -L<libpath> -lgmp". YMMV.
- */
-
-/*-
- * As for what this does - it's a largely unoptimised implementation of an
- * ENGINE that uses the GMP library to perform RSA private key operations. To
- * obtain more information about what "unoptimised" means, see my original mail
- * on the subject (though ignore the build instructions which have since
- * changed);
- *
- *    http://www.mail-archive.com/openssl-dev@openssl.org/msg12227.html
- *
- * On my athlon system at least, it appears the builtin OpenSSL code is now
- * slightly faster, which is to say that the RSA-related MPI performance
- * between OpenSSL's BIGNUM and GMP's mpz implementations is probably pretty
- * balanced for this chip, and so the performance degradation in this ENGINE by
- * having to convert to/from GMP formats (and not being able to cache
- * montgomery forms) is probably the difference. However, if some unconfirmed
- * reports from users is anything to go by, the situation on some other
- * chipsets might be a good deal more favourable to the GMP version (eg. PPC).
- * Feedback welcome. */
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/buffer.h>
-#include <openssl/engine.h>
-#ifndef OPENSSL_NO_RSA
-# include <openssl/rsa.h>
-#endif
-#include <openssl/bn.h>
-
-#ifndef OPENSSL_NO_HW
-# ifndef OPENSSL_NO_GMP
-
-#  include <gmp.h>
-
-#  define E_GMP_LIB_NAME "gmp engine"
-#  include "e_gmp_err.c"
-
-static int e_gmp_destroy(ENGINE *e);
-static int e_gmp_init(ENGINE *e);
-static int e_gmp_finish(ENGINE *e);
-static int e_gmp_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void));
-
-#  ifndef OPENSSL_NO_RSA
-/* RSA stuff */
-static int e_gmp_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa,
-                             BN_CTX *ctx);
-static int e_gmp_rsa_finish(RSA *r);
-#  endif
-
-/* The definitions for control commands specific to this engine */
-/* #define E_GMP_CMD_SO_PATH            ENGINE_CMD_BASE */
-static const ENGINE_CMD_DEFN e_gmp_cmd_defns[] = {
-#  if 0
-    {E_GMP_CMD_SO_PATH,
-     "SO_PATH",
-     "Specifies the path to the 'e_gmp' shared library",
-     ENGINE_CMD_FLAG_STRING},
-#  endif
-    {0, NULL, NULL, 0}
-};
-
-#  ifndef OPENSSL_NO_RSA
-/* Our internal RSA_METHOD that we provide pointers to */
-static RSA_METHOD e_gmp_rsa = {
-    "GMP RSA method",
-    NULL,
-    NULL,
-    NULL,
-    NULL,
-    e_gmp_rsa_mod_exp,
-    NULL,
-    NULL,
-    e_gmp_rsa_finish,
-    /*
-     * These flags initialise montgomery crud that GMP ignores, however it
-     * makes sure the public key ops (which are done in openssl) don't seem
-     * *slower* than usual :-)
-     */
-    RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE,
-    NULL,
-    NULL,
-    NULL
-};
-#  endif
-
-/* Constants used when creating the ENGINE */
-static const char *engine_e_gmp_id = "gmp";
-static const char *engine_e_gmp_name = "GMP engine support";
-
-/*
- * This internal function is used by ENGINE_gmp() and possibly by the
- * "dynamic" ENGINE support too
- */
-static int bind_helper(ENGINE *e)
-{
-#  ifndef OPENSSL_NO_RSA
-    const RSA_METHOD *meth1;
-#  endif
-    if (!ENGINE_set_id(e, engine_e_gmp_id) ||
-        !ENGINE_set_name(e, engine_e_gmp_name) ||
-#  ifndef OPENSSL_NO_RSA
-        !ENGINE_set_RSA(e, &e_gmp_rsa) ||
-#  endif
-        !ENGINE_set_destroy_function(e, e_gmp_destroy) ||
-        !ENGINE_set_init_function(e, e_gmp_init) ||
-        !ENGINE_set_finish_function(e, e_gmp_finish) ||
-        !ENGINE_set_ctrl_function(e, e_gmp_ctrl) ||
-        !ENGINE_set_cmd_defns(e, e_gmp_cmd_defns))
-        return 0;
-
-#  ifndef OPENSSL_NO_RSA
-    meth1 = RSA_PKCS1_SSLeay();
-    e_gmp_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
-    e_gmp_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
-    e_gmp_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
-    e_gmp_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
-    e_gmp_rsa.bn_mod_exp = meth1->bn_mod_exp;
-#  endif
-
-    /* Ensure the e_gmp error handling is set up */
-    ERR_load_GMP_strings();
-    return 1;
-}
-
-static ENGINE *engine_gmp(void)
-{
-    ENGINE *ret = ENGINE_new();
-    if (!ret)
-        return NULL;
-    if (!bind_helper(ret)) {
-        ENGINE_free(ret);
-        return NULL;
-    }
-    return ret;
-}
-
-void ENGINE_load_gmp(void)
-{
-    /* Copied from eng_[openssl|dyn].c */
-    ENGINE *toadd = engine_gmp();
-    if (!toadd)
-        return;
-    ENGINE_add(toadd);
-    ENGINE_free(toadd);
-    ERR_clear_error();
-}
-
-#  ifndef OPENSSL_NO_RSA
-/* Used to attach our own key-data to an RSA structure */
-static int hndidx_rsa = -1;
-#  endif
-
-static int e_gmp_destroy(ENGINE *e)
-{
-    ERR_unload_GMP_strings();
-    return 1;
-}
-
-/* (de)initialisation functions. */
-static int e_gmp_init(ENGINE *e)
-{
-#  ifndef OPENSSL_NO_RSA
-    if (hndidx_rsa == -1)
-        hndidx_rsa = RSA_get_ex_new_index(0,
-                                          "GMP-based RSA key handle",
-                                          NULL, NULL, NULL);
-#  endif
-    if (hndidx_rsa == -1)
-        return 0;
-    return 1;
-}
-
-static int e_gmp_finish(ENGINE *e)
-{
-    return 1;
-}
-
-static int e_gmp_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
-{
-    int to_return = 1;
-
-    switch (cmd) {
-#  if 0
-    case E_GMP_CMD_SO_PATH:
-        /* ... */
-#  endif
-        /* The command isn't understood by this engine */
-    default:
-        GMPerr(GMP_F_E_GMP_CTRL, GMP_R_CTRL_COMMAND_NOT_IMPLEMENTED);
-        to_return = 0;
-        break;
-    }
-
-    return to_return;
-}
-
-/*
- * Most often limb sizes will be the same. If not, we use hex conversion
- * which is neat, but extremely inefficient.
- */
-static int bn2gmp(const BIGNUM *bn, mpz_t g)
-{
-    bn_check_top(bn);
-    if (((sizeof(bn->d[0]) * 8) == GMP_NUMB_BITS) &&
-        (BN_BITS2 == GMP_NUMB_BITS)) {
-        /* The common case */
-        if (!_mpz_realloc(g, bn->top))
-            return 0;
-        memcpy(&g->_mp_d[0], &bn->d[0], bn->top * sizeof(bn->d[0]));
-        g->_mp_size = bn->top;
-        if (bn->neg)
-            g->_mp_size = -g->_mp_size;
-        return 1;
-    } else {
-        int toret;
-        char *tmpchar = BN_bn2hex(bn);
-        if (!tmpchar)
-            return 0;
-        toret = (mpz_set_str(g, tmpchar, 16) == 0 ? 1 : 0);
-        OPENSSL_free(tmpchar);
-        return toret;
-    }
-}
-
-static int gmp2bn(mpz_t g, BIGNUM *bn)
-{
-    if (((sizeof(bn->d[0]) * 8) == GMP_NUMB_BITS) &&
-        (BN_BITS2 == GMP_NUMB_BITS)) {
-        /* The common case */
-        int s = (g->_mp_size >= 0) ? g->_mp_size : -g->_mp_size;
-        BN_zero(bn);
-        if (bn_expand2(bn, s) == NULL)
-            return 0;
-        bn->top = s;
-        memcpy(&bn->d[0], &g->_mp_d[0], s * sizeof(bn->d[0]));
-        bn_correct_top(bn);
-        bn->neg = g->_mp_size >= 0 ? 0 : 1;
-        return 1;
-    } else {
-        int toret;
-        char *tmpchar = OPENSSL_malloc(mpz_sizeinbase(g, 16) + 10);
-        if (!tmpchar)
-            return 0;
-        mpz_get_str(tmpchar, 16, g);
-        toret = BN_hex2bn(&bn, tmpchar);
-        OPENSSL_free(tmpchar);
-        return toret;
-    }
-}
-
-#  ifndef OPENSSL_NO_RSA
-typedef struct st_e_gmp_rsa_ctx {
-    int public_only;
-    mpz_t n;
-    mpz_t d;
-    mpz_t e;
-    mpz_t p;
-    mpz_t q;
-    mpz_t dmp1;
-    mpz_t dmq1;
-    mpz_t iqmp;
-    mpz_t r0, r1, I0, m1;
-} E_GMP_RSA_CTX;
-
-static E_GMP_RSA_CTX *e_gmp_get_rsa(RSA *rsa)
-{
-    E_GMP_RSA_CTX *hptr = RSA_get_ex_data(rsa, hndidx_rsa);
-    if (hptr)
-        return hptr;
-    hptr = OPENSSL_malloc(sizeof(E_GMP_RSA_CTX));
-    if (!hptr)
-        return NULL;
-    /*
-     * These inits could probably be replaced by more intelligent mpz_init2()
-     * versions, to reduce malloc-thrashing.
-     */
-    mpz_init(hptr->n);
-    mpz_init(hptr->d);
-    mpz_init(hptr->e);
-    mpz_init(hptr->p);
-    mpz_init(hptr->q);
-    mpz_init(hptr->dmp1);
-    mpz_init(hptr->dmq1);
-    mpz_init(hptr->iqmp);
-    mpz_init(hptr->r0);
-    mpz_init(hptr->r1);
-    mpz_init(hptr->I0);
-    mpz_init(hptr->m1);
-    if (!bn2gmp(rsa->n, hptr->n) || !bn2gmp(rsa->e, hptr->e))
-        goto err;
-    if (!rsa->p || !rsa->q || !rsa->d || !rsa->dmp1 || !rsa->dmq1
-        || !rsa->iqmp) {
-        hptr->public_only = 1;
-        return hptr;
-    }
-    if (!bn2gmp(rsa->d, hptr->d) || !bn2gmp(rsa->p, hptr->p) ||
-        !bn2gmp(rsa->q, hptr->q) || !bn2gmp(rsa->dmp1, hptr->dmp1) ||
-        !bn2gmp(rsa->dmq1, hptr->dmq1) || !bn2gmp(rsa->iqmp, hptr->iqmp))
-        goto err;
-    hptr->public_only = 0;
-    RSA_set_ex_data(rsa, hndidx_rsa, hptr);
-    return hptr;
- err:
-    mpz_clear(hptr->n);
-    mpz_clear(hptr->d);
-    mpz_clear(hptr->e);
-    mpz_clear(hptr->p);
-    mpz_clear(hptr->q);
-    mpz_clear(hptr->dmp1);
-    mpz_clear(hptr->dmq1);
-    mpz_clear(hptr->iqmp);
-    mpz_clear(hptr->r0);
-    mpz_clear(hptr->r1);
-    mpz_clear(hptr->I0);
-    mpz_clear(hptr->m1);
-    OPENSSL_free(hptr);
-    return NULL;
-}
-
-static int e_gmp_rsa_finish(RSA *rsa)
-{
-    E_GMP_RSA_CTX *hptr = RSA_get_ex_data(rsa, hndidx_rsa);
-    if (!hptr)
-        return 0;
-    mpz_clear(hptr->n);
-    mpz_clear(hptr->d);
-    mpz_clear(hptr->e);
-    mpz_clear(hptr->p);
-    mpz_clear(hptr->q);
-    mpz_clear(hptr->dmp1);
-    mpz_clear(hptr->dmq1);
-    mpz_clear(hptr->iqmp);
-    mpz_clear(hptr->r0);
-    mpz_clear(hptr->r1);
-    mpz_clear(hptr->I0);
-    mpz_clear(hptr->m1);
-    OPENSSL_free(hptr);
-    RSA_set_ex_data(rsa, hndidx_rsa, NULL);
-    return 1;
-}
-
-static int e_gmp_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa,
-                             BN_CTX *ctx)
-{
-    E_GMP_RSA_CTX *hptr;
-    int to_return = 0;
-
-    hptr = e_gmp_get_rsa(rsa);
-    if (!hptr) {
-        GMPerr(GMP_F_E_GMP_RSA_MOD_EXP, GMP_R_KEY_CONTEXT_ERROR);
-        return 0;
-    }
-    if (hptr->public_only) {
-        GMPerr(GMP_F_E_GMP_RSA_MOD_EXP, GMP_R_MISSING_KEY_COMPONENTS);
-        return 0;
-    }
-
-    /* ugh!!! */
-    if (!bn2gmp(I, hptr->I0))
-        return 0;
-
-    /*
-     * This is basically the CRT logic in crypto/rsa/rsa_eay.c reworded into
-     * GMP-speak. It may be that GMP's API facilitates cleaner formulations
-     * of this stuff, eg. better handling of negatives, or functions that
-     * combine operations.
-     */
-
-    mpz_mod(hptr->r1, hptr->I0, hptr->q);
-    mpz_powm(hptr->m1, hptr->r1, hptr->dmq1, hptr->q);
-
-    mpz_mod(hptr->r1, hptr->I0, hptr->p);
-    mpz_powm(hptr->r0, hptr->r1, hptr->dmp1, hptr->p);
-
-    mpz_sub(hptr->r0, hptr->r0, hptr->m1);
-
-    if (mpz_sgn(hptr->r0) < 0)
-        mpz_add(hptr->r0, hptr->r0, hptr->p);
-    mpz_mul(hptr->r1, hptr->r0, hptr->iqmp);
-    mpz_mod(hptr->r0, hptr->r1, hptr->p);
-
-    if (mpz_sgn(hptr->r0) < 0)
-        mpz_add(hptr->r0, hptr->r0, hptr->p);
-    mpz_mul(hptr->r1, hptr->r0, hptr->q);
-    mpz_add(hptr->r0, hptr->r1, hptr->m1);
-
-    /* ugh!!! */
-    if (gmp2bn(hptr->r0, r))
-        to_return = 1;
-
-    return 1;
-}
-#  endif
-
-# endif                         /* !OPENSSL_NO_GMP */
-
-/*
- * This stuff is needed if this ENGINE is being compiled into a
- * self-contained shared-library.
- */
-# ifndef OPENSSL_NO_DYNAMIC_ENGINE
-IMPLEMENT_DYNAMIC_CHECK_FN()
-#  ifndef OPENSSL_NO_GMP
-static int bind_fn(ENGINE *e, const char *id)
-{
-    if (id && (strcmp(id, engine_e_gmp_id) != 0))
-        return 0;
-    if (!bind_helper(e))
-        return 0;
-    return 1;
-}
-
-IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
-#  else
-OPENSSL_EXPORT
-    int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns);
-OPENSSL_EXPORT
-    int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns)
-{
-    return 0;
-}
-#  endif
-# endif                         /* !OPENSSL_NO_DYNAMIC_ENGINE */
-
-#endif                          /* !OPENSSL_NO_HW */
diff --git a/freebsd/crypto/openssl/engines/e_gmp_err.c b/freebsd/crypto/openssl/engines/e_gmp_err.c
deleted file mode 100644
index 6fc83df5..00000000
--- a/freebsd/crypto/openssl/engines/e_gmp_err.c
+++ /dev/null
@@ -1,139 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* e_gmp_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/*
- * NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include "e_gmp_err.h"
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-# define ERR_FUNC(func) ERR_PACK(0,func,0)
-# define ERR_REASON(reason) ERR_PACK(0,0,reason)
-
-static ERR_STRING_DATA GMP_str_functs[] = {
-    {ERR_FUNC(GMP_F_E_GMP_CTRL), "E_GMP_CTRL"},
-    {ERR_FUNC(GMP_F_E_GMP_RSA_MOD_EXP), "E_GMP_RSA_MOD_EXP"},
-    {0, NULL}
-};
-
-static ERR_STRING_DATA GMP_str_reasons[] = {
-    {ERR_REASON(GMP_R_CTRL_COMMAND_NOT_IMPLEMENTED),
-     "ctrl command not implemented"},
-    {ERR_REASON(GMP_R_KEY_CONTEXT_ERROR), "key context error"},
-    {ERR_REASON(GMP_R_MISSING_KEY_COMPONENTS), "missing key components"},
-    {0, NULL}
-};
-
-#endif
-
-#ifdef GMP_LIB_NAME
-static ERR_STRING_DATA GMP_lib_name[] = {
-    {0, GMP_LIB_NAME},
-    {0, NULL}
-};
-#endif
-
-static int GMP_lib_error_code = 0;
-static int GMP_error_init = 1;
-
-static void ERR_load_GMP_strings(void)
-{
-    if (GMP_lib_error_code == 0)
-        GMP_lib_error_code = ERR_get_next_error_library();
-
-    if (GMP_error_init) {
-        GMP_error_init = 0;
-#ifndef OPENSSL_NO_ERR
-        ERR_load_strings(GMP_lib_error_code, GMP_str_functs);
-        ERR_load_strings(GMP_lib_error_code, GMP_str_reasons);
-#endif
-
-#ifdef GMP_LIB_NAME
-        GMP_lib_name->error = ERR_PACK(GMP_lib_error_code, 0, 0);
-        ERR_load_strings(0, GMP_lib_name);
-#endif
-    }
-}
-
-static void ERR_unload_GMP_strings(void)
-{
-    if (GMP_error_init == 0) {
-#ifndef OPENSSL_NO_ERR
-        ERR_unload_strings(GMP_lib_error_code, GMP_str_functs);
-        ERR_unload_strings(GMP_lib_error_code, GMP_str_reasons);
-#endif
-
-#ifdef GMP_LIB_NAME
-        ERR_unload_strings(0, GMP_lib_name);
-#endif
-        GMP_error_init = 1;
-    }
-}
-
-static void ERR_GMP_error(int function, int reason, char *file, int line)
-{
-    if (GMP_lib_error_code == 0)
-        GMP_lib_error_code = ERR_get_next_error_library();
-    ERR_PUT_error(GMP_lib_error_code, function, reason, file, line);
-}
diff --git a/freebsd/crypto/openssl/engines/e_gmp_err.h b/freebsd/crypto/openssl/engines/e_gmp_err.h
deleted file mode 100644
index 637abbc9..00000000
--- a/freebsd/crypto/openssl/engines/e_gmp_err.h
+++ /dev/null
@@ -1,86 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2001-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_GMP_ERR_H
-# define HEADER_GMP_ERR_H
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* BEGIN ERROR CODES */
-/*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-static void ERR_load_GMP_strings(void);
-static void ERR_unload_GMP_strings(void);
-static void ERR_GMP_error(int function, int reason, char *file, int line);
-# define GMPerr(f,r) ERR_GMP_error((f),(r),__FILE__,__LINE__)
-
-/* Error codes for the GMP functions. */
-
-/* Function codes. */
-# define GMP_F_E_GMP_CTRL                                 100
-# define GMP_F_E_GMP_RSA_MOD_EXP                          101
-
-/* Reason codes. */
-# define GMP_R_CTRL_COMMAND_NOT_IMPLEMENTED               100
-# define GMP_R_KEY_CONTEXT_ERROR                          101
-# define GMP_R_MISSING_KEY_COMPONENTS                     102
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/freebsd/crypto/openssl/engines/e_nuron.c b/freebsd/crypto/openssl/engines/e_nuron.c
deleted file mode 100644
index 00bfb877..00000000
--- a/freebsd/crypto/openssl/engines/e_nuron.c
+++ /dev/null
@@ -1,438 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/engine/hw_nuron.c */
-/*
- * Written by Ben Laurie for the OpenSSL Project, leaning heavily on Geoff
- * Thorpe's Atalla implementation.
- */
-/* ====================================================================
- * Copyright (c) 2000-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/buffer.h>
-#include <openssl/dso.h>
-#include <openssl/engine.h>
-#ifndef OPENSSL_NO_RSA
-# include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-# include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-# include <openssl/dh.h>
-#endif
-#include <openssl/bn.h>
-
-#ifndef OPENSSL_NO_HW
-# ifndef OPENSSL_NO_HW_NURON
-
-#  define NURON_LIB_NAME "nuron engine"
-#  include "e_nuron_err.c"
-
-static const char *NURON_LIBNAME = NULL;
-static const char *get_NURON_LIBNAME(void)
-{
-    if (NURON_LIBNAME)
-        return NURON_LIBNAME;
-    return "nuronssl";
-}
-
-static void free_NURON_LIBNAME(void)
-{
-    if (NURON_LIBNAME)
-        OPENSSL_free((void *)NURON_LIBNAME);
-    NURON_LIBNAME = NULL;
-}
-
-static long set_NURON_LIBNAME(const char *name)
-{
-    free_NURON_LIBNAME();
-    return (((NURON_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
-}
-
-static const char *NURON_F1 = "nuron_mod_exp";
-
-/* The definitions for control commands specific to this engine */
-#  define NURON_CMD_SO_PATH               ENGINE_CMD_BASE
-static const ENGINE_CMD_DEFN nuron_cmd_defns[] = {
-    {NURON_CMD_SO_PATH,
-     "SO_PATH",
-     "Specifies the path to the 'nuronssl' shared library",
-     ENGINE_CMD_FLAG_STRING},
-    {0, NULL, NULL, 0}
-};
-
-typedef int tfnModExp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                      const BIGNUM *m);
-static tfnModExp *pfnModExp = NULL;
-
-static DSO *pvDSOHandle = NULL;
-
-static int nuron_destroy(ENGINE *e)
-{
-    free_NURON_LIBNAME();
-    ERR_unload_NURON_strings();
-    return 1;
-}
-
-static int nuron_init(ENGINE *e)
-{
-    if (pvDSOHandle != NULL) {
-        NURONerr(NURON_F_NURON_INIT, NURON_R_ALREADY_LOADED);
-        return 0;
-    }
-
-    pvDSOHandle = DSO_load(NULL, get_NURON_LIBNAME(), NULL,
-                           DSO_FLAG_NAME_TRANSLATION_EXT_ONLY);
-    if (!pvDSOHandle) {
-        NURONerr(NURON_F_NURON_INIT, NURON_R_DSO_NOT_FOUND);
-        return 0;
-    }
-
-    pfnModExp = (tfnModExp *) DSO_bind_func(pvDSOHandle, NURON_F1);
-    if (!pfnModExp) {
-        NURONerr(NURON_F_NURON_INIT, NURON_R_DSO_FUNCTION_NOT_FOUND);
-        return 0;
-    }
-
-    return 1;
-}
-
-static int nuron_finish(ENGINE *e)
-{
-    free_NURON_LIBNAME();
-    if (pvDSOHandle == NULL) {
-        NURONerr(NURON_F_NURON_FINISH, NURON_R_NOT_LOADED);
-        return 0;
-    }
-    if (!DSO_free(pvDSOHandle)) {
-        NURONerr(NURON_F_NURON_FINISH, NURON_R_DSO_FAILURE);
-        return 0;
-    }
-    pvDSOHandle = NULL;
-    pfnModExp = NULL;
-    return 1;
-}
-
-static int nuron_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
-{
-    int initialised = ((pvDSOHandle == NULL) ? 0 : 1);
-    switch (cmd) {
-    case NURON_CMD_SO_PATH:
-        if (p == NULL) {
-            NURONerr(NURON_F_NURON_CTRL, ERR_R_PASSED_NULL_PARAMETER);
-            return 0;
-        }
-        if (initialised) {
-            NURONerr(NURON_F_NURON_CTRL, NURON_R_ALREADY_LOADED);
-            return 0;
-        }
-        return set_NURON_LIBNAME((const char *)p);
-    default:
-        break;
-    }
-    NURONerr(NURON_F_NURON_CTRL, NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED);
-    return 0;
-}
-
-static int nuron_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                         const BIGNUM *m, BN_CTX *ctx)
-{
-    if (!pvDSOHandle) {
-        NURONerr(NURON_F_NURON_MOD_EXP, NURON_R_NOT_LOADED);
-        return 0;
-    }
-    return pfnModExp(r, a, p, m);
-}
-
-#  ifndef OPENSSL_NO_RSA
-static int nuron_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
-                             BN_CTX *ctx)
-{
-    return nuron_mod_exp(r0, I, rsa->d, rsa->n, ctx);
-}
-#  endif
-
-#  ifndef OPENSSL_NO_DSA
-/*
- * This code was liberated and adapted from the commented-out code in
- * dsa_ossl.c. Because of the unoptimised form of the Atalla acceleration (it
- * doesn't have a CRT form for RSA), this function means that an Atalla
- * system running with a DSA server certificate can handshake around 5 or 6
- * times faster/more than an equivalent system running with RSA. Just check
- * out the "signs" statistics from the RSA and DSA parts of "openssl speed
- * -engine atalla dsa1024 rsa1024".
- */
-static int nuron_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
-                             BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
-                             BN_CTX *ctx, BN_MONT_CTX *in_mont)
-{
-    BIGNUM t;
-    int to_return = 0;
-
-    BN_init(&t);
-    /* let rr = a1 ^ p1 mod m */
-    if (!nuron_mod_exp(rr, a1, p1, m, ctx))
-        goto end;
-    /* let t = a2 ^ p2 mod m */
-    if (!nuron_mod_exp(&t, a2, p2, m, ctx))
-        goto end;
-    /* let rr = rr * t mod m */
-    if (!BN_mod_mul(rr, rr, &t, m, ctx))
-        goto end;
-    to_return = 1;
- end:
-    BN_free(&t);
-    return to_return;
-}
-
-static int nuron_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
-                             const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
-                             BN_MONT_CTX *m_ctx)
-{
-    return nuron_mod_exp(r, a, p, m, ctx);
-}
-#  endif
-
-/* This function is aliased to mod_exp (with the mont stuff dropped). */
-#  ifndef OPENSSL_NO_RSA
-static int nuron_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                              const BIGNUM *m, BN_CTX *ctx,
-                              BN_MONT_CTX *m_ctx)
-{
-    return nuron_mod_exp(r, a, p, m, ctx);
-}
-#  endif
-
-#  ifndef OPENSSL_NO_DH
-/* This function is aliased to mod_exp (with the dh and mont dropped). */
-static int nuron_mod_exp_dh(const DH *dh, BIGNUM *r,
-                            const BIGNUM *a, const BIGNUM *p,
-                            const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
-{
-    return nuron_mod_exp(r, a, p, m, ctx);
-}
-#  endif
-
-#  ifndef OPENSSL_NO_RSA
-static RSA_METHOD nuron_rsa = {
-    "Nuron RSA method",
-    NULL,
-    NULL,
-    NULL,
-    NULL,
-    nuron_rsa_mod_exp,
-    nuron_mod_exp_mont,
-    NULL,
-    NULL,
-    0,
-    NULL,
-    NULL,
-    NULL,
-    NULL
-};
-#  endif
-
-#  ifndef OPENSSL_NO_DSA
-static DSA_METHOD nuron_dsa = {
-    "Nuron DSA method",
-    NULL,                       /* dsa_do_sign */
-    NULL,                       /* dsa_sign_setup */
-    NULL,                       /* dsa_do_verify */
-    nuron_dsa_mod_exp,          /* dsa_mod_exp */
-    nuron_mod_exp_dsa,          /* bn_mod_exp */
-    NULL,                       /* init */
-    NULL,                       /* finish */
-    0,                          /* flags */
-    NULL,                       /* app_data */
-    NULL,                       /* dsa_paramgen */
-    NULL                        /* dsa_keygen */
-};
-#  endif
-
-#  ifndef OPENSSL_NO_DH
-static DH_METHOD nuron_dh = {
-    "Nuron DH method",
-    NULL,
-    NULL,
-    nuron_mod_exp_dh,
-    NULL,
-    NULL,
-    0,
-    NULL,
-    NULL
-};
-#  endif
-
-/* Constants used when creating the ENGINE */
-static const char *engine_nuron_id = "nuron";
-static const char *engine_nuron_name = "Nuron hardware engine support";
-
-/*
- * This internal function is used by ENGINE_nuron() and possibly by the
- * "dynamic" ENGINE support too
- */
-static int bind_helper(ENGINE *e)
-{
-#  ifndef OPENSSL_NO_RSA
-    const RSA_METHOD *meth1;
-#  endif
-#  ifndef OPENSSL_NO_DSA
-    const DSA_METHOD *meth2;
-#  endif
-#  ifndef OPENSSL_NO_DH
-    const DH_METHOD *meth3;
-#  endif
-    if (!ENGINE_set_id(e, engine_nuron_id) ||
-        !ENGINE_set_name(e, engine_nuron_name) ||
-#  ifndef OPENSSL_NO_RSA
-        !ENGINE_set_RSA(e, &nuron_rsa) ||
-#  endif
-#  ifndef OPENSSL_NO_DSA
-        !ENGINE_set_DSA(e, &nuron_dsa) ||
-#  endif
-#  ifndef OPENSSL_NO_DH
-        !ENGINE_set_DH(e, &nuron_dh) ||
-#  endif
-        !ENGINE_set_destroy_function(e, nuron_destroy) ||
-        !ENGINE_set_init_function(e, nuron_init) ||
-        !ENGINE_set_finish_function(e, nuron_finish) ||
-        !ENGINE_set_ctrl_function(e, nuron_ctrl) ||
-        !ENGINE_set_cmd_defns(e, nuron_cmd_defns))
-        return 0;
-
-#  ifndef OPENSSL_NO_RSA
-    /*
-     * We know that the "PKCS1_SSLeay()" functions hook properly to the
-     * nuron-specific mod_exp and mod_exp_crt so we use those functions. NB:
-     * We don't use ENGINE_openssl() or anything "more generic" because
-     * something like the RSAref code may not hook properly, and if you own
-     * one of these cards then you have the right to do RSA operations on it
-     * anyway!
-     */
-    meth1 = RSA_PKCS1_SSLeay();
-    nuron_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
-    nuron_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
-    nuron_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
-    nuron_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
-#  endif
-
-#  ifndef OPENSSL_NO_DSA
-    /*
-     * Use the DSA_OpenSSL() method and just hook the mod_exp-ish bits.
-     */
-    meth2 = DSA_OpenSSL();
-    nuron_dsa.dsa_do_sign = meth2->dsa_do_sign;
-    nuron_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
-    nuron_dsa.dsa_do_verify = meth2->dsa_do_verify;
-#  endif
-
-#  ifndef OPENSSL_NO_DH
-    /* Much the same for Diffie-Hellman */
-    meth3 = DH_OpenSSL();
-    nuron_dh.generate_key = meth3->generate_key;
-    nuron_dh.compute_key = meth3->compute_key;
-#  endif
-
-    /* Ensure the nuron error handling is set up */
-    ERR_load_NURON_strings();
-    return 1;
-}
-
-#  ifdef OPENSSL_NO_DYNAMIC_ENGINE
-static ENGINE *engine_nuron(void)
-{
-    ENGINE *ret = ENGINE_new();
-    if (!ret)
-        return NULL;
-    if (!bind_helper(ret)) {
-        ENGINE_free(ret);
-        return NULL;
-    }
-    return ret;
-}
-
-void ENGINE_load_nuron(void)
-{
-    /* Copied from eng_[openssl|dyn].c */
-    ENGINE *toadd = engine_nuron();
-    if (!toadd)
-        return;
-    ENGINE_add(toadd);
-    ENGINE_free(toadd);
-    ERR_clear_error();
-}
-#  endif
-
-/*
- * This stuff is needed if this ENGINE is being compiled into a
- * self-contained shared-library.
- */
-#  ifndef OPENSSL_NO_DYNAMIC_ENGINE
-static int bind_fn(ENGINE *e, const char *id)
-{
-    if (id && (strcmp(id, engine_nuron_id) != 0))
-        return 0;
-    if (!bind_helper(e))
-        return 0;
-    return 1;
-}
-
-IMPLEMENT_DYNAMIC_CHECK_FN()
-    IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
-#  endif                        /* OPENSSL_NO_DYNAMIC_ENGINE */
-# endif                         /* !OPENSSL_NO_HW_NURON */
-#endif                          /* !OPENSSL_NO_HW */
diff --git a/freebsd/crypto/openssl/engines/e_nuron_err.c b/freebsd/crypto/openssl/engines/e_nuron_err.c
deleted file mode 100644
index be12ac66..00000000
--- a/freebsd/crypto/openssl/engines/e_nuron_err.c
+++ /dev/null
@@ -1,144 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* e_nuron_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/*
- * NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include "e_nuron_err.h"
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-# define ERR_FUNC(func) ERR_PACK(0,func,0)
-# define ERR_REASON(reason) ERR_PACK(0,0,reason)
-
-static ERR_STRING_DATA NURON_str_functs[] = {
-    {ERR_FUNC(NURON_F_NURON_CTRL), "NURON_CTRL"},
-    {ERR_FUNC(NURON_F_NURON_FINISH), "NURON_FINISH"},
-    {ERR_FUNC(NURON_F_NURON_INIT), "NURON_INIT"},
-    {ERR_FUNC(NURON_F_NURON_MOD_EXP), "NURON_MOD_EXP"},
-    {0, NULL}
-};
-
-static ERR_STRING_DATA NURON_str_reasons[] = {
-    {ERR_REASON(NURON_R_ALREADY_LOADED), "already loaded"},
-    {ERR_REASON(NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED),
-     "ctrl command not implemented"},
-    {ERR_REASON(NURON_R_DSO_FAILURE), "dso failure"},
-    {ERR_REASON(NURON_R_DSO_FUNCTION_NOT_FOUND), "dso function not found"},
-    {ERR_REASON(NURON_R_DSO_NOT_FOUND), "dso not found"},
-    {ERR_REASON(NURON_R_NOT_LOADED), "not loaded"},
-    {0, NULL}
-};
-
-#endif
-
-#ifdef NURON_LIB_NAME
-static ERR_STRING_DATA NURON_lib_name[] = {
-    {0, NURON_LIB_NAME},
-    {0, NULL}
-};
-#endif
-
-static int NURON_lib_error_code = 0;
-static int NURON_error_init = 1;
-
-static void ERR_load_NURON_strings(void)
-{
-    if (NURON_lib_error_code == 0)
-        NURON_lib_error_code = ERR_get_next_error_library();
-
-    if (NURON_error_init) {
-        NURON_error_init = 0;
-#ifndef OPENSSL_NO_ERR
-        ERR_load_strings(NURON_lib_error_code, NURON_str_functs);
-        ERR_load_strings(NURON_lib_error_code, NURON_str_reasons);
-#endif
-
-#ifdef NURON_LIB_NAME
-        NURON_lib_name->error = ERR_PACK(NURON_lib_error_code, 0, 0);
-        ERR_load_strings(0, NURON_lib_name);
-#endif
-    }
-}
-
-static void ERR_unload_NURON_strings(void)
-{
-    if (NURON_error_init == 0) {
-#ifndef OPENSSL_NO_ERR
-        ERR_unload_strings(NURON_lib_error_code, NURON_str_functs);
-        ERR_unload_strings(NURON_lib_error_code, NURON_str_reasons);
-#endif
-
-#ifdef NURON_LIB_NAME
-        ERR_unload_strings(0, NURON_lib_name);
-#endif
-        NURON_error_init = 1;
-    }
-}
-
-static void ERR_NURON_error(int function, int reason, char *file, int line)
-{
-    if (NURON_lib_error_code == 0)
-        NURON_lib_error_code = ERR_get_next_error_library();
-    ERR_PUT_error(NURON_lib_error_code, function, reason, file, line);
-}
diff --git a/freebsd/crypto/openssl/engines/e_nuron_err.h b/freebsd/crypto/openssl/engines/e_nuron_err.h
deleted file mode 100644
index aa7849c6..00000000
--- a/freebsd/crypto/openssl/engines/e_nuron_err.h
+++ /dev/null
@@ -1,91 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_NURON_ERR_H
-# define HEADER_NURON_ERR_H
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* BEGIN ERROR CODES */
-/*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-static void ERR_load_NURON_strings(void);
-static void ERR_unload_NURON_strings(void);
-static void ERR_NURON_error(int function, int reason, char *file, int line);
-# define NURONerr(f,r) ERR_NURON_error((f),(r),__FILE__,__LINE__)
-
-/* Error codes for the NURON functions. */
-
-/* Function codes. */
-# define NURON_F_NURON_CTRL                               100
-# define NURON_F_NURON_FINISH                             101
-# define NURON_F_NURON_INIT                               102
-# define NURON_F_NURON_MOD_EXP                            103
-
-/* Reason codes. */
-# define NURON_R_ALREADY_LOADED                           100
-# define NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED             101
-# define NURON_R_DSO_FAILURE                              102
-# define NURON_R_DSO_FUNCTION_NOT_FOUND                   103
-# define NURON_R_DSO_NOT_FOUND                            104
-# define NURON_R_NOT_LOADED                               105
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/freebsd/crypto/openssl/engines/e_ossltest.c b/freebsd/crypto/openssl/engines/e_ossltest.c
new file mode 100644
index 00000000..92e488af
--- /dev/null
+++ b/freebsd/crypto/openssl/engines/e_ossltest.c
@@ -0,0 +1,698 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This is the OSSLTEST engine. It provides deliberately crippled digest
+ * implementations for test purposes. It is highly insecure and must NOT be
+ * used for any purpose except testing
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include <openssl/engine.h>
+#include <openssl/sha.h>
+#include <openssl/md5.h>
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/modes.h>
+#include <openssl/aes.h>
+#include <openssl/rand.h>
+#include <openssl/crypto.h>
+
+#include "e_ossltest_err.c"
+
+/* Engine Id and Name */
+static const char *engine_ossltest_id = "ossltest";
+static const char *engine_ossltest_name = "OpenSSL Test engine support";
+
+
+/* Engine Lifetime functions */
+static int ossltest_destroy(ENGINE *e);
+static int ossltest_init(ENGINE *e);
+static int ossltest_finish(ENGINE *e);
+void ENGINE_load_ossltest(void);
+
+
+/* Set up digests */
+static int ossltest_digests(ENGINE *e, const EVP_MD **digest,
+                          const int **nids, int nid);
+static const RAND_METHOD *ossltest_rand_method(void);
+
+/* MD5 */
+static int digest_md5_init(EVP_MD_CTX *ctx);
+static int digest_md5_update(EVP_MD_CTX *ctx, const void *data,
+                             size_t count);
+static int digest_md5_final(EVP_MD_CTX *ctx, unsigned char *md);
+
+static EVP_MD *_hidden_md5_md = NULL;
+static const EVP_MD *digest_md5(void)
+{
+    if (_hidden_md5_md == NULL) {
+        EVP_MD *md;
+
+        if ((md = EVP_MD_meth_new(NID_md5, NID_md5WithRSAEncryption)) == NULL
+            || !EVP_MD_meth_set_result_size(md, MD5_DIGEST_LENGTH)
+            || !EVP_MD_meth_set_input_blocksize(md, MD5_CBLOCK)
+            || !EVP_MD_meth_set_app_datasize(md,
+                                             sizeof(EVP_MD *) + sizeof(MD5_CTX))
+            || !EVP_MD_meth_set_flags(md, 0)
+            || !EVP_MD_meth_set_init(md, digest_md5_init)
+            || !EVP_MD_meth_set_update(md, digest_md5_update)
+            || !EVP_MD_meth_set_final(md, digest_md5_final)) {
+            EVP_MD_meth_free(md);
+            md = NULL;
+        }
+        _hidden_md5_md = md;
+    }
+    return _hidden_md5_md;
+}
+
+/* SHA1 */
+static int digest_sha1_init(EVP_MD_CTX *ctx);
+static int digest_sha1_update(EVP_MD_CTX *ctx, const void *data,
+                              size_t count);
+static int digest_sha1_final(EVP_MD_CTX *ctx, unsigned char *md);
+
+static EVP_MD *_hidden_sha1_md = NULL;
+static const EVP_MD *digest_sha1(void)
+{
+    if (_hidden_sha1_md == NULL) {
+        EVP_MD *md;
+
+        if ((md = EVP_MD_meth_new(NID_sha1, NID_sha1WithRSAEncryption)) == NULL
+            || !EVP_MD_meth_set_result_size(md, SHA_DIGEST_LENGTH)
+            || !EVP_MD_meth_set_input_blocksize(md, SHA_CBLOCK)
+            || !EVP_MD_meth_set_app_datasize(md,
+                                             sizeof(EVP_MD *) + sizeof(SHA_CTX))
+            || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT)
+            || !EVP_MD_meth_set_init(md, digest_sha1_init)
+            || !EVP_MD_meth_set_update(md, digest_sha1_update)
+            || !EVP_MD_meth_set_final(md, digest_sha1_final)) {
+            EVP_MD_meth_free(md);
+            md = NULL;
+        }
+        _hidden_sha1_md = md;
+    }
+    return _hidden_sha1_md;
+}
+
+/* SHA256 */
+static int digest_sha256_init(EVP_MD_CTX *ctx);
+static int digest_sha256_update(EVP_MD_CTX *ctx, const void *data,
+                                size_t count);
+static int digest_sha256_final(EVP_MD_CTX *ctx, unsigned char *md);
+
+static EVP_MD *_hidden_sha256_md = NULL;
+static const EVP_MD *digest_sha256(void)
+{
+    if (_hidden_sha256_md == NULL) {
+        EVP_MD *md;
+
+        if ((md = EVP_MD_meth_new(NID_sha256, NID_sha256WithRSAEncryption)) == NULL
+            || !EVP_MD_meth_set_result_size(md, SHA256_DIGEST_LENGTH)
+            || !EVP_MD_meth_set_input_blocksize(md, SHA256_CBLOCK)
+            || !EVP_MD_meth_set_app_datasize(md,
+                                             sizeof(EVP_MD *) + sizeof(SHA256_CTX))
+            || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT)
+            || !EVP_MD_meth_set_init(md, digest_sha256_init)
+            || !EVP_MD_meth_set_update(md, digest_sha256_update)
+            || !EVP_MD_meth_set_final(md, digest_sha256_final)) {
+            EVP_MD_meth_free(md);
+            md = NULL;
+        }
+        _hidden_sha256_md = md;
+    }
+    return _hidden_sha256_md;
+}
+
+/* SHA384/SHA512 */
+static int digest_sha384_init(EVP_MD_CTX *ctx);
+static int digest_sha512_init(EVP_MD_CTX *ctx);
+static int digest_sha512_update(EVP_MD_CTX *ctx, const void *data,
+                                size_t count);
+static int digest_sha384_final(EVP_MD_CTX *ctx, unsigned char *md);
+static int digest_sha512_final(EVP_MD_CTX *ctx, unsigned char *md);
+
+static EVP_MD *_hidden_sha384_md = NULL;
+static const EVP_MD *digest_sha384(void)
+{
+    if (_hidden_sha384_md == NULL) {
+        EVP_MD *md;
+
+        if ((md = EVP_MD_meth_new(NID_sha384, NID_sha384WithRSAEncryption)) == NULL
+            || !EVP_MD_meth_set_result_size(md, SHA384_DIGEST_LENGTH)
+            || !EVP_MD_meth_set_input_blocksize(md, SHA512_CBLOCK)
+            || !EVP_MD_meth_set_app_datasize(md,
+                                             sizeof(EVP_MD *) + sizeof(SHA512_CTX))
+            || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT)
+            || !EVP_MD_meth_set_init(md, digest_sha384_init)
+            || !EVP_MD_meth_set_update(md, digest_sha512_update)
+            || !EVP_MD_meth_set_final(md, digest_sha384_final)) {
+            EVP_MD_meth_free(md);
+            md = NULL;
+        }
+        _hidden_sha384_md = md;
+    }
+    return _hidden_sha384_md;
+}
+static EVP_MD *_hidden_sha512_md = NULL;
+static const EVP_MD *digest_sha512(void)
+{
+    if (_hidden_sha512_md == NULL) {
+        EVP_MD *md;
+
+        if ((md = EVP_MD_meth_new(NID_sha512, NID_sha512WithRSAEncryption)) == NULL
+            || !EVP_MD_meth_set_result_size(md, SHA512_DIGEST_LENGTH)
+            || !EVP_MD_meth_set_input_blocksize(md, SHA512_CBLOCK)
+            || !EVP_MD_meth_set_app_datasize(md,
+                                             sizeof(EVP_MD *) + sizeof(SHA512_CTX))
+            || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT)
+            || !EVP_MD_meth_set_init(md, digest_sha512_init)
+            || !EVP_MD_meth_set_update(md, digest_sha512_update)
+            || !EVP_MD_meth_set_final(md, digest_sha512_final)) {
+            EVP_MD_meth_free(md);
+            md = NULL;
+        }
+        _hidden_sha512_md = md;
+    }
+    return _hidden_sha512_md;
+}
+static void destroy_digests(void)
+{
+    EVP_MD_meth_free(_hidden_md5_md);
+    _hidden_md5_md = NULL;
+    EVP_MD_meth_free(_hidden_sha1_md);
+    _hidden_sha1_md = NULL;
+    EVP_MD_meth_free(_hidden_sha256_md);
+    _hidden_sha256_md = NULL;
+    EVP_MD_meth_free(_hidden_sha384_md);
+    _hidden_sha384_md = NULL;
+    EVP_MD_meth_free(_hidden_sha512_md);
+    _hidden_sha512_md = NULL;
+}
+static int ossltest_digest_nids(const int **nids)
+{
+    static int digest_nids[6] = { 0, 0, 0, 0, 0, 0 };
+    static int pos = 0;
+    static int init = 0;
+
+    if (!init) {
+        const EVP_MD *md;
+        if ((md = digest_md5()) != NULL)
+            digest_nids[pos++] = EVP_MD_type(md);
+        if ((md = digest_sha1()) != NULL)
+            digest_nids[pos++] = EVP_MD_type(md);
+        if ((md = digest_sha256()) != NULL)
+            digest_nids[pos++] = EVP_MD_type(md);
+        if ((md = digest_sha384()) != NULL)
+            digest_nids[pos++] = EVP_MD_type(md);
+        if ((md = digest_sha512()) != NULL)
+            digest_nids[pos++] = EVP_MD_type(md);
+        digest_nids[pos] = 0;
+        init = 1;
+    }
+    *nids = digest_nids;
+    return pos;
+}
+
+/* Setup ciphers */
+static int ossltest_ciphers(ENGINE *, const EVP_CIPHER **,
+                            const int **, int);
+
+static int ossltest_cipher_nids[] = {
+    NID_aes_128_cbc, NID_aes_128_gcm, 0
+};
+
+/* AES128 */
+
+int ossltest_aes128_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc);
+int ossltest_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                               const unsigned char *in, size_t inl);
+int ossltest_aes128_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc);
+int ossltest_aes128_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                               const unsigned char *in, size_t inl);
+static int ossltest_aes128_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+                                    void *ptr);
+
+static EVP_CIPHER *_hidden_aes_128_cbc = NULL;
+static const EVP_CIPHER *ossltest_aes_128_cbc(void)
+{
+    if (_hidden_aes_128_cbc == NULL
+        && ((_hidden_aes_128_cbc = EVP_CIPHER_meth_new(NID_aes_128_cbc,
+                                                       16 /* block size */,
+                                                       16 /* key len */)) == NULL
+            || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc,16)
+            || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc,
+                                          EVP_CIPH_FLAG_DEFAULT_ASN1
+                                          | EVP_CIPH_CBC_MODE)
+            || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc,
+                                         ossltest_aes128_init_key)
+            || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc,
+                                              ossltest_aes128_cbc_cipher)
+            || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc,
+                                                  EVP_CIPHER_impl_ctx_size(EVP_aes_128_cbc())))) {
+        EVP_CIPHER_meth_free(_hidden_aes_128_cbc);
+        _hidden_aes_128_cbc = NULL;
+    }
+    return _hidden_aes_128_cbc;
+}
+static EVP_CIPHER *_hidden_aes_128_gcm = NULL;
+
+#define AES_GCM_FLAGS   (EVP_CIPH_FLAG_DEFAULT_ASN1 \
+                | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
+                | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \
+                | EVP_CIPH_CUSTOM_COPY |EVP_CIPH_FLAG_AEAD_CIPHER \
+                | EVP_CIPH_GCM_MODE)
+
+static const EVP_CIPHER *ossltest_aes_128_gcm(void)
+{
+    if (_hidden_aes_128_gcm == NULL
+        && ((_hidden_aes_128_gcm = EVP_CIPHER_meth_new(NID_aes_128_gcm,
+                                                       1 /* block size */,
+                                                       16 /* key len */)) == NULL
+            || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_gcm,12)
+            || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_gcm, AES_GCM_FLAGS)
+            || !EVP_CIPHER_meth_set_init(_hidden_aes_128_gcm,
+                                         ossltest_aes128_gcm_init_key)
+            || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_gcm,
+                                              ossltest_aes128_gcm_cipher)
+            || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_gcm,
+                                              ossltest_aes128_gcm_ctrl)
+            || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_gcm,
+                              EVP_CIPHER_impl_ctx_size(EVP_aes_128_gcm())))) {
+        EVP_CIPHER_meth_free(_hidden_aes_128_gcm);
+        _hidden_aes_128_gcm = NULL;
+    }
+    return _hidden_aes_128_gcm;
+}
+
+static void destroy_ciphers(void)
+{
+    EVP_CIPHER_meth_free(_hidden_aes_128_cbc);
+    EVP_CIPHER_meth_free(_hidden_aes_128_gcm);
+    _hidden_aes_128_cbc = NULL;
+}
+
+static int bind_ossltest(ENGINE *e)
+{
+    /* Ensure the ossltest error handling is set up */
+    ERR_load_OSSLTEST_strings();
+
+    if (!ENGINE_set_id(e, engine_ossltest_id)
+        || !ENGINE_set_name(e, engine_ossltest_name)
+        || !ENGINE_set_digests(e, ossltest_digests)
+        || !ENGINE_set_ciphers(e, ossltest_ciphers)
+        || !ENGINE_set_RAND(e, ossltest_rand_method())
+        || !ENGINE_set_destroy_function(e, ossltest_destroy)
+        || !ENGINE_set_init_function(e, ossltest_init)
+        || !ENGINE_set_finish_function(e, ossltest_finish)) {
+        OSSLTESTerr(OSSLTEST_F_BIND_OSSLTEST, OSSLTEST_R_INIT_FAILED);
+        return 0;
+    }
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+static int bind_helper(ENGINE *e, const char *id)
+{
+    if (id && (strcmp(id, engine_ossltest_id) != 0))
+        return 0;
+    if (!bind_ossltest(e))
+        return 0;
+    return 1;
+}
+
+IMPLEMENT_DYNAMIC_CHECK_FN()
+    IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
+#endif
+
+static ENGINE *engine_ossltest(void)
+{
+    ENGINE *ret = ENGINE_new();
+    if (ret == NULL)
+        return NULL;
+    if (!bind_ossltest(ret)) {
+        ENGINE_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+void ENGINE_load_ossltest(void)
+{
+    /* Copied from eng_[openssl|dyn].c */
+    ENGINE *toadd = engine_ossltest();
+    if (!toadd)
+        return;
+    ENGINE_add(toadd);
+    ENGINE_free(toadd);
+    ERR_clear_error();
+}
+
+
+static int ossltest_init(ENGINE *e)
+{
+    return 1;
+}
+
+
+static int ossltest_finish(ENGINE *e)
+{
+    return 1;
+}
+
+
+static int ossltest_destroy(ENGINE *e)
+{
+    destroy_digests();
+    destroy_ciphers();
+    ERR_unload_OSSLTEST_strings();
+    return 1;
+}
+
+static int ossltest_digests(ENGINE *e, const EVP_MD **digest,
+                          const int **nids, int nid)
+{
+    int ok = 1;
+    if (!digest) {
+        /* We are returning a list of supported nids */
+        return ossltest_digest_nids(nids);
+    }
+    /* We are being asked for a specific digest */
+    switch (nid) {
+    case NID_md5:
+        *digest = digest_md5();
+        break;
+    case NID_sha1:
+        *digest = digest_sha1();
+        break;
+    case NID_sha256:
+        *digest = digest_sha256();
+        break;
+    case NID_sha384:
+        *digest = digest_sha384();
+        break;
+    case NID_sha512:
+        *digest = digest_sha512();
+        break;
+    default:
+        ok = 0;
+        *digest = NULL;
+        break;
+    }
+    return ok;
+}
+
+static int ossltest_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+                          const int **nids, int nid)
+{
+    int ok = 1;
+    if (!cipher) {
+        /* We are returning a list of supported nids */
+        *nids = ossltest_cipher_nids;
+        return (sizeof(ossltest_cipher_nids) - 1)
+               / sizeof(ossltest_cipher_nids[0]);
+    }
+    /* We are being asked for a specific cipher */
+    switch (nid) {
+    case NID_aes_128_cbc:
+        *cipher = ossltest_aes_128_cbc();
+        break;
+    case NID_aes_128_gcm:
+        *cipher = ossltest_aes_128_gcm();
+        break;
+    default:
+        ok = 0;
+        *cipher = NULL;
+        break;
+    }
+    return ok;
+}
+
+static void fill_known_data(unsigned char *md, unsigned int len)
+{
+    unsigned int i;
+
+    for (i=0; i<len; i++) {
+        md[i] = (unsigned char)(i & 0xff);
+    }
+}
+
+/*
+ * MD5 implementation. We go through the motions of doing MD5 by deferring to
+ * the standard implementation. Then we overwrite the result with a will defined
+ * value, so that all "MD5" digests using the test engine always end up with
+ * the same value.
+ */
+#undef data
+#define data(ctx) ((MD5_CTX *)EVP_MD_CTX_md_data(ctx))
+static int digest_md5_init(EVP_MD_CTX *ctx)
+{
+    return MD5_Init(data(ctx));
+}
+
+static int digest_md5_update(EVP_MD_CTX *ctx, const void *data,
+                             size_t count)
+{
+    return MD5_Update(data(ctx), data, (size_t)count);
+}
+
+static int digest_md5_final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    int ret;
+    ret = MD5_Final(md, data(ctx));
+
+    if (ret > 0) {
+        fill_known_data(md, MD5_DIGEST_LENGTH);
+    }
+    return ret;
+}
+
+/*
+ * SHA1 implementation.
+ */
+#undef data
+#define data(ctx) ((SHA_CTX *)EVP_MD_CTX_md_data(ctx))
+static int digest_sha1_init(EVP_MD_CTX *ctx)
+{
+    return SHA1_Init(data(ctx));
+}
+
+static int digest_sha1_update(EVP_MD_CTX *ctx, const void *data,
+                              size_t count)
+{
+    return SHA1_Update(data(ctx), data, (size_t)count);
+}
+
+static int digest_sha1_final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    int ret;
+    ret = SHA1_Final(md, data(ctx));
+
+    if (ret > 0) {
+        fill_known_data(md, SHA_DIGEST_LENGTH);
+    }
+    return ret;
+}
+
+/*
+ * SHA256 implementation.
+ */
+#undef data
+#define data(ctx) ((SHA256_CTX *)EVP_MD_CTX_md_data(ctx))
+static int digest_sha256_init(EVP_MD_CTX *ctx)
+{
+    return SHA256_Init(data(ctx));
+}
+
+static int digest_sha256_update(EVP_MD_CTX *ctx, const void *data,
+                                size_t count)
+{
+    return SHA256_Update(data(ctx), data, (size_t)count);
+}
+
+static int digest_sha256_final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    int ret;
+    ret = SHA256_Final(md, data(ctx));
+
+    if (ret > 0) {
+        fill_known_data(md, SHA256_DIGEST_LENGTH);
+    }
+    return ret;
+}
+
+/*
+ * SHA384/512 implementation.
+ */
+#undef data
+#define data(ctx) ((SHA512_CTX *)EVP_MD_CTX_md_data(ctx))
+static int digest_sha384_init(EVP_MD_CTX *ctx)
+{
+    return SHA384_Init(data(ctx));
+}
+
+static int digest_sha512_init(EVP_MD_CTX *ctx)
+{
+    return SHA512_Init(data(ctx));
+}
+
+static int digest_sha512_update(EVP_MD_CTX *ctx, const void *data,
+                                size_t count)
+{
+    return SHA512_Update(data(ctx), data, (size_t)count);
+}
+
+static int digest_sha384_final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    int ret;
+    /* Actually uses SHA512_Final! */
+    ret = SHA512_Final(md, data(ctx));
+
+    if (ret > 0) {
+        fill_known_data(md, SHA384_DIGEST_LENGTH);
+    }
+    return ret;
+}
+
+static int digest_sha512_final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    int ret;
+    ret = SHA512_Final(md, data(ctx));
+
+    if (ret > 0) {
+        fill_known_data(md, SHA512_DIGEST_LENGTH);
+    }
+    return ret;
+}
+
+/*
+ * AES128 Implementation
+ */
+
+int ossltest_aes128_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc)
+{
+    return EVP_CIPHER_meth_get_init(EVP_aes_128_cbc()) (ctx, key, iv, enc);
+}
+
+int ossltest_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                               const unsigned char *in, size_t inl)
+{
+    unsigned char *tmpbuf;
+    int ret;
+
+    tmpbuf = OPENSSL_malloc(inl);
+
+    /* OPENSSL_malloc will return NULL if inl == 0 */
+    if (tmpbuf == NULL && inl > 0)
+        return -1;
+
+    /* Remember what we were asked to encrypt */
+    if (tmpbuf != NULL)
+        memcpy(tmpbuf, in, inl);
+
+    /* Go through the motions of encrypting it */
+    ret = EVP_CIPHER_meth_get_do_cipher(EVP_aes_128_cbc())(ctx, out, in, inl);
+
+    /* Throw it all away and just use the plaintext as the output */
+    if (tmpbuf != NULL)
+        memcpy(out, tmpbuf, inl);
+    OPENSSL_free(tmpbuf);
+
+    return ret;
+}
+
+int ossltest_aes128_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc)
+{
+    return EVP_CIPHER_meth_get_init(EVP_aes_128_gcm()) (ctx, key, iv, enc);
+}
+
+
+int ossltest_aes128_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                               const unsigned char *in, size_t inl)
+{
+    unsigned char *tmpbuf = OPENSSL_malloc(inl);
+
+    /* OPENSSL_malloc will return NULL if inl == 0 */
+    if (tmpbuf == NULL && inl > 0)
+        return -1;
+
+    /* Remember what we were asked to encrypt */
+    if (tmpbuf != NULL)
+        memcpy(tmpbuf, in, inl);
+
+    /* Go through the motions of encrypting it */
+    EVP_CIPHER_meth_get_do_cipher(EVP_aes_128_gcm())(ctx, out, in, inl);
+
+    /* Throw it all away and just use the plaintext as the output */
+    if (tmpbuf != NULL && out != NULL)
+        memcpy(out, tmpbuf, inl);
+    OPENSSL_free(tmpbuf);
+
+    return inl;
+}
+
+static int ossltest_aes128_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+                                    void *ptr)
+{
+    /* Pass the ctrl down */
+    int ret = EVP_CIPHER_meth_get_ctrl(EVP_aes_128_gcm())(ctx, type, arg, ptr);
+
+    if (ret <= 0)
+        return ret;
+
+    switch(type) {
+    case EVP_CTRL_AEAD_GET_TAG:
+        /* Always give the same tag */
+        memset(ptr, 0, EVP_GCM_TLS_TAG_LEN);
+        break;
+
+    default:
+        break;
+    }
+
+    return 1;
+}
+
+static int ossltest_rand_bytes(unsigned char *buf, int num)
+{
+    unsigned char val = 1;
+
+    while (--num >= 0)
+        *buf++ = val++;
+    return 1;
+}
+
+static int ossltest_rand_status(void)
+{
+    return 1;
+}
+
+static const RAND_METHOD *ossltest_rand_method(void)
+{
+
+    static RAND_METHOD osslt_rand_meth = {
+        NULL,
+        ossltest_rand_bytes,
+        NULL,
+        NULL,
+        ossltest_rand_bytes,
+        ossltest_rand_status
+    };
+
+    return &osslt_rand_meth;
+}
diff --git a/freebsd/crypto/openssl/engines/e_ossltest_err.c b/freebsd/crypto/openssl/engines/e_ossltest_err.c
new file mode 100644
index 00000000..ee6d7b58
--- /dev/null
+++ b/freebsd/crypto/openssl/engines/e_ossltest_err.c
@@ -0,0 +1,65 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include "e_ossltest_err.h"
+
+#ifndef OPENSSL_NO_ERR
+
+static ERR_STRING_DATA OSSLTEST_str_functs[] = {
+    {ERR_PACK(0, OSSLTEST_F_BIND_OSSLTEST, 0), "bind_ossltest"},
+    {ERR_PACK(0, OSSLTEST_F_OSSLTEST_AES128_INIT_KEY, 0), ""},
+    {0, NULL}
+};
+
+static ERR_STRING_DATA OSSLTEST_str_reasons[] = {
+    {ERR_PACK(0, 0, OSSLTEST_R_INIT_FAILED), "init failed"},
+    {0, NULL}
+};
+
+#endif
+
+static int lib_code = 0;
+static int error_loaded = 0;
+
+static int ERR_load_OSSLTEST_strings(void)
+{
+    if (lib_code == 0)
+        lib_code = ERR_get_next_error_library();
+
+    if (!error_loaded) {
+#ifndef OPENSSL_NO_ERR
+        ERR_load_strings(lib_code, OSSLTEST_str_functs);
+        ERR_load_strings(lib_code, OSSLTEST_str_reasons);
+#endif
+        error_loaded = 1;
+    }
+    return 1;
+}
+
+static void ERR_unload_OSSLTEST_strings(void)
+{
+    if (error_loaded) {
+#ifndef OPENSSL_NO_ERR
+        ERR_unload_strings(lib_code, OSSLTEST_str_functs);
+        ERR_unload_strings(lib_code, OSSLTEST_str_reasons);
+#endif
+        error_loaded = 0;
+    }
+}
+
+static void ERR_OSSLTEST_error(int function, int reason, char *file, int line)
+{
+    if (lib_code == 0)
+        lib_code = ERR_get_next_error_library();
+    ERR_PUT_error(lib_code, function, reason, file, line);
+}
diff --git a/freebsd/crypto/openssl/engines/e_ossltest_err.h b/freebsd/crypto/openssl/engines/e_ossltest_err.h
new file mode 100644
index 00000000..e745c1a2
--- /dev/null
+++ b/freebsd/crypto/openssl/engines/e_ossltest_err.h
@@ -0,0 +1,28 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_OSSLTESTERR_H
+# define HEADER_OSSLTESTERR_H
+
+# define OSSLTESTerr(f, r) ERR_OSSLTEST_error((f), (r), OPENSSL_FILE, OPENSSL_LINE)
+
+
+/*
+ * OSSLTEST function codes.
+ */
+# define OSSLTEST_F_BIND_OSSLTEST                         100
+# define OSSLTEST_F_OSSLTEST_AES128_INIT_KEY              101
+
+/*
+ * OSSLTEST reason codes.
+ */
+# define OSSLTEST_R_INIT_FAILED                           100
+
+#endif
diff --git a/freebsd/crypto/openssl/engines/e_padlock.c b/freebsd/crypto/openssl/engines/e_padlock.c
index 32b2b9b2..9688d5f3 100644
--- a/freebsd/crypto/openssl/engines/e_padlock.c
+++ b/freebsd/crypto/openssl/engines/e_padlock.c
@@ -1,67 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/*-
- * Support for VIA PadLock Advanced Cryptography Engine (ACE)
- * Written by Michal Ludvig <michal@logix.cz>
- *            http://www.logix.cz/michal
- *
- * Big thanks to Andy Polyakov for a help with optimization,
- * assembler fixes, port to MS Windows and a lot of other
- * valuable work on this engine!
- */
-
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
@@ -69,14 +14,12 @@
 
 #include <openssl/opensslconf.h>
 #include <openssl/crypto.h>
-#include <openssl/dso.h>
 #include <openssl/engine.h>
 #include <openssl/evp.h>
-#ifndef OPENSSL_NO_AES
-# include <openssl/aes.h>
-#endif
+#include <openssl/aes.h>
 #include <openssl/rand.h>
 #include <openssl/err.h>
+#include <openssl/modes.h>
 
 #ifndef OPENSSL_NO_HW
 # ifndef OPENSSL_NO_HW_PADLOCK
@@ -97,24 +40,19 @@
 /*
  * VIA PadLock AES is available *ONLY* on some x86 CPUs. Not only that it
  * doesn't exist elsewhere, but it even can't be compiled on other platforms!
- *
- * In addition, because of the heavy use of inline assembler, compiler choice
- * is limited to GCC and Microsoft C.
  */
+
 #  undef COMPILE_HW_PADLOCK
-#  if !defined(I386_ONLY) && !defined(OPENSSL_NO_INLINE_ASM)
-#   if (defined(__GNUC__) && (defined(__i386__) || defined(__i386))) || \
-     (defined(_MSC_VER) && defined(_M_IX86))
-#    define COMPILE_HW_PADLOCK
+#  if !defined(I386_ONLY) && defined(PADLOCK_ASM)
+#   define COMPILE_HW_PADLOCK
+#   ifdef OPENSSL_NO_DYNAMIC_ENGINE
+static ENGINE *ENGINE_padlock(void);
 #   endif
 #  endif
 
 #  ifdef OPENSSL_NO_DYNAMIC_ENGINE
-#   ifdef COMPILE_HW_PADLOCK
-static ENGINE *ENGINE_padlock(void);
-#   endif
-
-void ENGINE_load_padlock(void)
+void engine_load_padlock_int(void);
+void engine_load_padlock_int(void)
 {
 /* On non-x86 CPUs it just returns. */
 #   ifdef COMPILE_HW_PADLOCK
@@ -130,21 +68,6 @@ void ENGINE_load_padlock(void)
 #  endif
 
 #  ifdef COMPILE_HW_PADLOCK
-/*
- * We do these includes here to avoid header problems on platforms that do
- * not have the VIA padlock anyway...
- */
-#   include <stdlib.h>
-#   ifdef _WIN32
-#    include <malloc.h>
-#    ifndef alloca
-#     define alloca _alloca
-#    endif
-#   elif defined(__GNUC__)
-#    ifndef alloca
-#     define alloca(s) __builtin_alloca(s)
-#    endif
-#   endif
 
 /* Function for ENGINE detection and control */
 static int padlock_available(void);
@@ -154,10 +77,8 @@ static int padlock_init(ENGINE *e);
 static RAND_METHOD padlock_rand;
 
 /* Cipher Stuff */
-#   ifndef OPENSSL_NO_AES
 static int padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
                            const int **nids, int nid);
-#   endif
 
 /* Engine names */
 static const char *padlock_id = "padlock";
@@ -166,9 +87,6 @@ static char padlock_name[100];
 /* Available features */
 static int padlock_use_ace = 0; /* Advanced Cryptography Engine */
 static int padlock_use_rng = 0; /* Random Number Generator */
-#   ifndef OPENSSL_NO_AES
-static int padlock_aes_align_required = 1;
-#   endif
 
 /* ===== Engine "management" functions ===== */
 
@@ -178,10 +96,11 @@ static int padlock_bind_helper(ENGINE *e)
     /* Check available features */
     padlock_available();
 
-#   if 1                        /* disable RNG for now, see commentary in
-                                 * vicinity of RNG code */
+    /*
+     * RNG is currently disabled for reasons discussed in commentary just
+     * before padlock_rand_bytes function.
+     */
     padlock_use_rng = 0;
-#   endif
 
     /* Generate a nice engine name with available features */
     BIO_snprintf(padlock_name, sizeof(padlock_name),
@@ -193,9 +112,7 @@ static int padlock_bind_helper(ENGINE *e)
     if (!ENGINE_set_id(e, padlock_id) ||
         !ENGINE_set_name(e, padlock_name) ||
         !ENGINE_set_init_function(e, padlock_init) ||
-#   ifndef OPENSSL_NO_AES
         (padlock_use_ace && !ENGINE_set_ciphers(e, padlock_ciphers)) ||
-#   endif
         (padlock_use_rng && !ENGINE_set_RAND(e, &padlock_rand))) {
         return 0;
     }
@@ -205,13 +122,12 @@ static int padlock_bind_helper(ENGINE *e)
 }
 
 #   ifdef OPENSSL_NO_DYNAMIC_ENGINE
-
 /* Constructor */
 static ENGINE *ENGINE_padlock(void)
 {
     ENGINE *eng = ENGINE_new();
 
-    if (!eng) {
+    if (eng == NULL) {
         return NULL;
     }
 
@@ -222,7 +138,6 @@ static ENGINE *ENGINE_padlock(void)
 
     return eng;
 }
-
 #   endif
 
 /* Check availability of the engine */
@@ -250,15 +165,15 @@ static int padlock_bind_fn(ENGINE *e, const char *id)
 }
 
 IMPLEMENT_DYNAMIC_CHECK_FN()
-    IMPLEMENT_DYNAMIC_BIND_FN(padlock_bind_fn)
+IMPLEMENT_DYNAMIC_BIND_FN(padlock_bind_fn)
 #   endif                       /* DYNAMIC_ENGINE */
 /* ===== Here comes the "real" engine ===== */
-#   ifndef OPENSSL_NO_AES
+
 /* Some AES-related constants */
-#    define AES_BLOCK_SIZE          16
-#    define AES_KEY_SIZE_128        16
-#    define AES_KEY_SIZE_192        24
-#    define AES_KEY_SIZE_256        32
+#   define AES_BLOCK_SIZE          16
+#   define AES_KEY_SIZE_128        16
+#   define AES_KEY_SIZE_192        24
+#   define AES_KEY_SIZE_256        32
     /*
      * Here we store the status information relevant to the current context.
      */
@@ -285,94 +200,35 @@ struct padlock_cipher_data {
     AES_KEY ks;                 /* Encryption key */
 };
 
-/*
- * Essentially this variable belongs in thread local storage.
- * Having this variable global on the other hand can only cause
- * few bogus key reloads [if any at all on single-CPU system],
- * so we accept the penatly...
- */
-static volatile struct padlock_cipher_data *padlock_saved_context;
-#   endif
-
-/*-
- * =======================================================
- * Inline assembler section(s).
- * =======================================================
- * Order of arguments is chosen to facilitate Windows port
- * using __fastcall calling convention. If you wish to add
- * more routines, keep in mind that first __fastcall
- * argument is passed in %ecx and second - in %edx.
- * =======================================================
- */
-#   if defined(__GNUC__) && __GNUC__>=2
-/*
- * As for excessive "push %ebx"/"pop %ebx" found all over.
- * When generating position-independent code GCC won't let
- * us use "b" in assembler templates nor even respect "ebx"
- * in "clobber description." Therefore the trouble...
- */
-
-/*
- * Helper function - check if a CPUID instruction is available on this CPU
- */
-static int padlock_insn_cpuid_available(void)
-{
-    int result = -1;
-
-    /*
-     * We're checking if the bit #21 of EFLAGS can be toggled. If yes =
-     * CPUID is available.
-     */
-    asm volatile ("pushf\n"
-                  "popl %%eax\n"
-                  "xorl $0x200000, %%eax\n"
-                  "movl %%eax, %%ecx\n"
-                  "andl $0x200000, %%ecx\n"
-                  "pushl %%eax\n"
-                  "popf\n"
-                  "pushf\n"
-                  "popl %%eax\n"
-                  "andl $0x200000, %%eax\n"
-                  "xorl %%eax, %%ecx\n"
-                  "movl %%ecx, %0\n":"=r" (result)::"eax", "ecx");
-
-    return (result == 0);
-}
+/* Interface to assembler module */
+unsigned int padlock_capability(void);
+void padlock_key_bswap(AES_KEY *key);
+void padlock_verify_context(struct padlock_cipher_data *ctx);
+void padlock_reload_key(void);
+void padlock_aes_block(void *out, const void *inp,
+                       struct padlock_cipher_data *ctx);
+int padlock_ecb_encrypt(void *out, const void *inp,
+                        struct padlock_cipher_data *ctx, size_t len);
+int padlock_cbc_encrypt(void *out, const void *inp,
+                        struct padlock_cipher_data *ctx, size_t len);
+int padlock_cfb_encrypt(void *out, const void *inp,
+                        struct padlock_cipher_data *ctx, size_t len);
+int padlock_ofb_encrypt(void *out, const void *inp,
+                        struct padlock_cipher_data *ctx, size_t len);
+int padlock_ctr32_encrypt(void *out, const void *inp,
+                          struct padlock_cipher_data *ctx, size_t len);
+int padlock_xstore(void *out, int edx);
+void padlock_sha1_oneshot(void *ctx, const void *inp, size_t len);
+void padlock_sha1(void *ctx, const void *inp, size_t len);
+void padlock_sha256_oneshot(void *ctx, const void *inp, size_t len);
+void padlock_sha256(void *ctx, const void *inp, size_t len);
 
 /*
  * Load supported features of the CPU to see if the PadLock is available.
  */
 static int padlock_available(void)
 {
-    char vendor_string[16];
-    unsigned int eax, edx;
-
-    /* First check if the CPUID instruction is available at all... */
-    if (!padlock_insn_cpuid_available())
-        return 0;
-
-    /* Are we running on the Centaur (VIA) CPU? */
-    eax = 0x00000000;
-    vendor_string[12] = 0;
-    asm volatile ("pushl  %%ebx\n"
-                  "cpuid\n"
-                  "movl   %%ebx,(%%edi)\n"
-                  "movl   %%edx,4(%%edi)\n"
-                  "movl   %%ecx,8(%%edi)\n"
-                  "popl   %%ebx":"+a" (eax):"D"(vendor_string):"ecx", "edx");
-    if (strcmp(vendor_string, "CentaurHauls") != 0)
-        return 0;
-
-    /* Check for Centaur Extended Feature Flags presence */
-    eax = 0xC0000000;
-    asm volatile ("pushl %%ebx; cpuid; popl %%ebx":"+a" (eax)::"ecx", "edx");
-    if (eax < 0xC0000001)
-        return 0;
-
-    /* Read the Centaur Extended Feature Flags */
-    eax = 0xC0000001;
-    asm volatile ("pushl %%ebx; cpuid; popl %%ebx":"+a" (eax),
-                  "=d"(edx)::"ecx");
+    unsigned int edx = padlock_capability();
 
     /* Fill up some flags */
     padlock_use_ace = ((edx & (0x3 << 6)) == (0x3 << 6));
@@ -381,349 +237,293 @@ static int padlock_available(void)
     return padlock_use_ace + padlock_use_rng;
 }
 
-#    ifndef OPENSSL_NO_AES
-#     ifndef AES_ASM
-/* Our own htonl()/ntohl() */
-static inline void padlock_bswapl(AES_KEY *ks)
-{
-    size_t i = sizeof(ks->rd_key) / sizeof(ks->rd_key[0]);
-    unsigned int *key = ks->rd_key;
-
-    while (i--) {
-        asm volatile ("bswapl %0":"+r" (*key));
-        key++;
-    }
-}
-#     endif
-#    endif
+/* ===== AES encryption/decryption ===== */
 
-/*
- * Force key reload from memory to the CPU microcode. Loading EFLAGS from the
- * stack clears EFLAGS[30] which does the trick.
- */
-static inline void padlock_reload_key(void)
-{
-    asm volatile ("pushfl; popfl");
-}
+#   if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb)
+#    define NID_aes_128_cfb NID_aes_128_cfb128
+#   endif
 
-#    ifndef OPENSSL_NO_AES
-/*
- * This is heuristic key context tracing. At first one
- * believes that one should use atomic swap instructions,
- * but it's not actually necessary. Point is that if
- * padlock_saved_context was changed by another thread
- * after we've read it and before we compare it with cdata,
- * our key *shall* be reloaded upon thread context switch
- * and we are therefore set in either case...
- */
-static inline void padlock_verify_context(struct padlock_cipher_data *cdata)
-{
-    asm volatile ("pushfl\n"
-                  "       btl     $30,(%%esp)\n"
-                  "       jnc     1f\n"
-                  "       cmpl    %2,%1\n"
-                  "       je      1f\n"
-                  "       popfl\n"
-                  "       subl    $4,%%esp\n"
-                  "1:     addl    $4,%%esp\n"
-                  "       movl    %2,%0":"+m" (padlock_saved_context)
-                  :"r"(padlock_saved_context), "r"(cdata):"cc");
-}
+#   if defined(NID_aes_128_ofb128) && ! defined (NID_aes_128_ofb)
+#    define NID_aes_128_ofb NID_aes_128_ofb128
+#   endif
 
-/* Template for padlock_xcrypt_* modes */
-/*
- * BIG FAT WARNING: The offsets used with 'leal' instructions describe items
- * of the 'padlock_cipher_data' structure.
- */
-#     define PADLOCK_XCRYPT_ASM(name,rep_xcrypt)     \
-static inline void *name(size_t cnt,            \
-        struct padlock_cipher_data *cdata,      \
-        void *out, const void *inp)             \
-{       void *iv;                               \
-        asm volatile ( "pushl   %%ebx\n"        \
-                "       leal    16(%0),%%edx\n" \
-                "       leal    32(%0),%%ebx\n" \
-                        rep_xcrypt "\n"         \
-                "       popl    %%ebx"          \
-                : "=a"(iv), "=c"(cnt), "=D"(out), "=S"(inp) \
-                : "0"(cdata), "1"(cnt), "2"(out), "3"(inp)  \
-                : "edx", "cc", "memory");       \
-        return iv;                              \
-}
+#   if defined(NID_aes_192_cfb128) && ! defined (NID_aes_192_cfb)
+#    define NID_aes_192_cfb NID_aes_192_cfb128
+#   endif
 
-/* Generate all functions with appropriate opcodes */
-/* rep xcryptecb */
-PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb, ".byte 0xf3,0x0f,0xa7,0xc8")
-/* rep xcryptcbc */
-    PADLOCK_XCRYPT_ASM(padlock_xcrypt_cbc, ".byte 0xf3,0x0f,0xa7,0xd0")
-/* rep xcryptcfb */
-    PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb, ".byte 0xf3,0x0f,0xa7,0xe0")
-/* rep xcryptofb */
-    PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb, ".byte 0xf3,0x0f,0xa7,0xe8")
-#    endif
-/* The RNG call itself */
-static inline unsigned int padlock_xstore(void *addr, unsigned int edx_in)
-{
-    unsigned int eax_out;
+#   if defined(NID_aes_192_ofb128) && ! defined (NID_aes_192_ofb)
+#    define NID_aes_192_ofb NID_aes_192_ofb128
+#   endif
 
-    asm volatile (".byte 0x0f,0xa7,0xc0" /* xstore */
-                  :"=a" (eax_out), "=m"(*(unsigned *)addr)
-                  :"D"(addr), "d"(edx_in)
-        );
+#   if defined(NID_aes_256_cfb128) && ! defined (NID_aes_256_cfb)
+#    define NID_aes_256_cfb NID_aes_256_cfb128
+#   endif
 
-    return eax_out;
-}
+#   if defined(NID_aes_256_ofb128) && ! defined (NID_aes_256_ofb)
+#    define NID_aes_256_ofb NID_aes_256_ofb128
+#   endif
 
-/*
- * Why not inline 'rep movsd'? I failed to find information on what value in
- * Direction Flag one can expect and consequently have to apply
- * "better-safe-than-sorry" approach and assume "undefined." I could
- * explicitly clear it and restore the original value upon return from
- * padlock_aes_cipher, but it's presumably too much trouble for too little
- * gain... In case you wonder 'rep xcrypt*' instructions above are *not*
- * affected by the Direction Flag and pointers advance toward larger
- * addresses unconditionally.
- */
-static inline unsigned char *padlock_memcpy(void *dst, const void *src,
-                                            size_t n)
-{
-    long *d = dst;
-    const long *s = src;
+/* List of supported ciphers. */
+static const int padlock_cipher_nids[] = {
+    NID_aes_128_ecb,
+    NID_aes_128_cbc,
+    NID_aes_128_cfb,
+    NID_aes_128_ofb,
+    NID_aes_128_ctr,
 
-    n /= sizeof(*d);
-    do {
-        *d++ = *s++;
-    } while (--n);
+    NID_aes_192_ecb,
+    NID_aes_192_cbc,
+    NID_aes_192_cfb,
+    NID_aes_192_ofb,
+    NID_aes_192_ctr,
 
-    return dst;
-}
+    NID_aes_256_ecb,
+    NID_aes_256_cbc,
+    NID_aes_256_cfb,
+    NID_aes_256_ofb,
+    NID_aes_256_ctr
+};
 
-#   elif defined(_MSC_VER)
-/*
- * Unlike GCC these are real functions. In order to minimize impact
- * on performance we adhere to __fastcall calling convention in
- * order to get two first arguments passed through %ecx and %edx.
- * Which kind of suits very well, as instructions in question use
- * both %ecx and %edx as input:-)
- */
-#    define REP_XCRYPT(code)                \
-        _asm _emit 0xf3                 \
-        _asm _emit 0x0f _asm _emit 0xa7 \
-        _asm _emit code
+static int padlock_cipher_nids_num = (sizeof(padlock_cipher_nids) /
+                                      sizeof(padlock_cipher_nids[0]));
 
-/*
- * BIG FAT WARNING: The offsets used with 'lea' instructions describe items
- * of the 'padlock_cipher_data' structure.
- */
-#    define PADLOCK_XCRYPT_ASM(name,code)   \
-static void * __fastcall                \
-        name (size_t cnt, void *cdata,  \
-        void *outp, const void *inp)    \
-{       _asm    mov     eax,edx         \
-        _asm    lea     edx,[eax+16]    \
-        _asm    lea     ebx,[eax+32]    \
-        _asm    mov     edi,outp        \
-        _asm    mov     esi,inp         \
-        REP_XCRYPT(code)                \
-}
+/* Function prototypes ... */
+static int padlock_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                                const unsigned char *iv, int enc);
 
-PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb,0xc8)
-PADLOCK_XCRYPT_ASM(padlock_xcrypt_cbc,0xd0)
-PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb,0xe0)
-PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb,0xe8)
+#   define NEAREST_ALIGNED(ptr) ( (unsigned char *)(ptr) +         \
+        ( (0x10 - ((size_t)(ptr) & 0x0F)) & 0x0F )      )
+#   define ALIGNED_CIPHER_DATA(ctx) ((struct padlock_cipher_data *)\
+        NEAREST_ALIGNED(EVP_CIPHER_CTX_get_cipher_data(ctx)))
 
-static int __fastcall padlock_xstore(void *outp, unsigned int code)
+static int
+padlock_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
+                   const unsigned char *in_arg, size_t nbytes)
 {
-    _asm    mov edi,ecx
-    _asm _emit 0x0f _asm _emit 0xa7 _asm _emit 0xc0
+    return padlock_ecb_encrypt(out_arg, in_arg,
+                               ALIGNED_CIPHER_DATA(ctx), nbytes);
 }
 
-static void __fastcall padlock_reload_key(void)
+static int
+padlock_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
+                   const unsigned char *in_arg, size_t nbytes)
 {
-    _asm pushfd
-    _asm popfd
+    struct padlock_cipher_data *cdata = ALIGNED_CIPHER_DATA(ctx);
+    int ret;
+
+    memcpy(cdata->iv, EVP_CIPHER_CTX_iv(ctx), AES_BLOCK_SIZE);
+    if ((ret = padlock_cbc_encrypt(out_arg, in_arg, cdata, nbytes)))
+        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), cdata->iv, AES_BLOCK_SIZE);
+    return ret;
 }
 
-static void __fastcall padlock_verify_context(void *cdata)
+static int
+padlock_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
+                   const unsigned char *in_arg, size_t nbytes)
 {
-    _asm    {
-        pushfd
-        bt  DWORD PTR[esp],30
-        jnc skip
-        cmp ecx,padlock_saved_context
-        je  skip
-        popfd
-        sub esp,4
-    skip:   add esp,4
-        mov padlock_saved_context,ecx
+    struct padlock_cipher_data *cdata = ALIGNED_CIPHER_DATA(ctx);
+    size_t chunk;
+
+    if ((chunk = EVP_CIPHER_CTX_num(ctx))) {   /* borrow chunk variable */
+        unsigned char *ivp = EVP_CIPHER_CTX_iv_noconst(ctx);
+
+        if (chunk >= AES_BLOCK_SIZE)
+            return 0;           /* bogus value */
+
+        if (EVP_CIPHER_CTX_encrypting(ctx))
+            while (chunk < AES_BLOCK_SIZE && nbytes != 0) {
+                ivp[chunk] = *(out_arg++) = *(in_arg++) ^ ivp[chunk];
+                chunk++, nbytes--;
+        } else
+            while (chunk < AES_BLOCK_SIZE && nbytes != 0) {
+                unsigned char c = *(in_arg++);
+                *(out_arg++) = c ^ ivp[chunk];
+                ivp[chunk++] = c, nbytes--;
+            }
+
+        EVP_CIPHER_CTX_set_num(ctx, chunk % AES_BLOCK_SIZE);
     }
+
+    if (nbytes == 0)
+        return 1;
+
+    memcpy(cdata->iv, EVP_CIPHER_CTX_iv(ctx), AES_BLOCK_SIZE);
+
+    if ((chunk = nbytes & ~(AES_BLOCK_SIZE - 1))) {
+        if (!padlock_cfb_encrypt(out_arg, in_arg, cdata, chunk))
+            return 0;
+        nbytes -= chunk;
+    }
+
+    if (nbytes) {
+        unsigned char *ivp = cdata->iv;
+
+        out_arg += chunk;
+        in_arg += chunk;
+        EVP_CIPHER_CTX_set_num(ctx, nbytes);
+        if (cdata->cword.b.encdec) {
+            cdata->cword.b.encdec = 0;
+            padlock_reload_key();
+            padlock_aes_block(ivp, ivp, cdata);
+            cdata->cword.b.encdec = 1;
+            padlock_reload_key();
+            while (nbytes) {
+                unsigned char c = *(in_arg++);
+                *(out_arg++) = c ^ *ivp;
+                *(ivp++) = c, nbytes--;
+            }
+        } else {
+            padlock_reload_key();
+            padlock_aes_block(ivp, ivp, cdata);
+            padlock_reload_key();
+            while (nbytes) {
+                *ivp = *(out_arg++) = *(in_arg++) ^ *ivp;
+                ivp++, nbytes--;
+            }
+        }
+    }
+
+    memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), cdata->iv, AES_BLOCK_SIZE);
+
+    return 1;
 }
 
 static int
-padlock_available(void)
+padlock_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
+                   const unsigned char *in_arg, size_t nbytes)
 {
-    _asm    {
-        pushfd
-        pop eax
-        mov ecx,eax
-        xor eax,1<<21
-        push    eax
-        popfd
-        pushfd
-        pop eax
-        xor eax,ecx
-        bt  eax,21
-        jnc noluck
-        mov eax,0
-        cpuid
-        xor eax,eax
-        cmp ebx,'tneC'
-        jne noluck
-        cmp edx,'Hrua'
-        jne noluck
-        cmp ecx,'slua'
-        jne noluck
-        mov eax,0xC0000000
-        cpuid
-        mov edx,eax
-        xor eax,eax
-        cmp edx,0xC0000001
-        jb  noluck
-        mov eax,0xC0000001
-        cpuid
-        xor eax,eax
-        bt  edx,6
-        jnc skip_a
-        bt  edx,7
-        jnc skip_a
-        mov padlock_use_ace,1
-        inc eax
-    skip_a: bt  edx,2
-        jnc skip_r
-        bt  edx,3
-        jnc skip_r
-        mov padlock_use_rng,1
-        inc eax
-    skip_r:
-    noluck:
+    struct padlock_cipher_data *cdata = ALIGNED_CIPHER_DATA(ctx);
+    size_t chunk;
+
+    /*
+     * ctx->num is maintained in byte-oriented modes, such as CFB and OFB...
+     */
+    if ((chunk = EVP_CIPHER_CTX_num(ctx))) {   /* borrow chunk variable */
+        unsigned char *ivp = EVP_CIPHER_CTX_iv_noconst(ctx);
+
+        if (chunk >= AES_BLOCK_SIZE)
+            return 0;           /* bogus value */
+
+        while (chunk < AES_BLOCK_SIZE && nbytes != 0) {
+            *(out_arg++) = *(in_arg++) ^ ivp[chunk];
+            chunk++, nbytes--;
+        }
+
+        EVP_CIPHER_CTX_set_num(ctx, chunk % AES_BLOCK_SIZE);
     }
-}
 
-static void __fastcall padlock_bswapl(void *key)
-{
-    _asm    {
-        pushfd
-        cld
-        mov esi,ecx
-        mov edi,ecx
-        mov ecx,60
-    up: lodsd
-        bswap   eax
-        stosd
-        loop    up
-        popfd
+    if (nbytes == 0)
+        return 1;
+
+    memcpy(cdata->iv, EVP_CIPHER_CTX_iv(ctx), AES_BLOCK_SIZE);
+
+    if ((chunk = nbytes & ~(AES_BLOCK_SIZE - 1))) {
+        if (!padlock_ofb_encrypt(out_arg, in_arg, cdata, chunk))
+            return 0;
+        nbytes -= chunk;
     }
-}
 
-/*
- * MS actually specifies status of Direction Flag and compiler even manages
- * to compile following as 'rep movsd' all by itself...
- */
-#    define padlock_memcpy(o,i,n) ((unsigned char *)memcpy((o),(i),(n)&~3U))
-#   endif
-/* ===== AES encryption/decryption ===== */
-#   ifndef OPENSSL_NO_AES
-#    if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb)
-#     define NID_aes_128_cfb NID_aes_128_cfb128
-#    endif
-#    if defined(NID_aes_128_ofb128) && ! defined (NID_aes_128_ofb)
-#     define NID_aes_128_ofb NID_aes_128_ofb128
-#    endif
-#    if defined(NID_aes_192_cfb128) && ! defined (NID_aes_192_cfb)
-#     define NID_aes_192_cfb NID_aes_192_cfb128
-#    endif
-#    if defined(NID_aes_192_ofb128) && ! defined (NID_aes_192_ofb)
-#     define NID_aes_192_ofb NID_aes_192_ofb128
-#    endif
-#    if defined(NID_aes_256_cfb128) && ! defined (NID_aes_256_cfb)
-#     define NID_aes_256_cfb NID_aes_256_cfb128
-#    endif
-#    if defined(NID_aes_256_ofb128) && ! defined (NID_aes_256_ofb)
-#     define NID_aes_256_ofb NID_aes_256_ofb128
-#    endif
-/*
- * List of supported ciphers.
- */ static int padlock_cipher_nids[] = {
-    NID_aes_128_ecb,
-    NID_aes_128_cbc,
-    NID_aes_128_cfb,
-    NID_aes_128_ofb,
+    if (nbytes) {
+        unsigned char *ivp = cdata->iv;
+
+        out_arg += chunk;
+        in_arg += chunk;
+        EVP_CIPHER_CTX_set_num(ctx, nbytes);
+        padlock_reload_key();   /* empirically found */
+        padlock_aes_block(ivp, ivp, cdata);
+        padlock_reload_key();   /* empirically found */
+        while (nbytes) {
+            *(out_arg++) = *(in_arg++) ^ *ivp;
+            ivp++, nbytes--;
+        }
+    }
 
-    NID_aes_192_ecb,
-    NID_aes_192_cbc,
-    NID_aes_192_cfb,
-    NID_aes_192_ofb,
+    memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), cdata->iv, AES_BLOCK_SIZE);
 
-    NID_aes_256_ecb,
-    NID_aes_256_cbc,
-    NID_aes_256_cfb,
-    NID_aes_256_ofb,
-};
+    return 1;
+}
 
-static int padlock_cipher_nids_num = (sizeof(padlock_cipher_nids) /
-                                      sizeof(padlock_cipher_nids[0]));
+static void padlock_ctr32_encrypt_glue(const unsigned char *in,
+                                       unsigned char *out, size_t blocks,
+                                       struct padlock_cipher_data *ctx,
+                                       const unsigned char *ivec)
+{
+    memcpy(ctx->iv, ivec, AES_BLOCK_SIZE);
+    padlock_ctr32_encrypt(out, in, ctx, AES_BLOCK_SIZE * blocks);
+}
 
-/* Function prototypes ... */
-static int padlock_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                                const unsigned char *iv, int enc);
-static int padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                              const unsigned char *in, size_t nbytes);
+static int
+padlock_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
+                   const unsigned char *in_arg, size_t nbytes)
+{
+    struct padlock_cipher_data *cdata = ALIGNED_CIPHER_DATA(ctx);
+    unsigned int num = EVP_CIPHER_CTX_num(ctx);
 
-#    define NEAREST_ALIGNED(ptr) ( (unsigned char *)(ptr) +         \
-        ( (0x10 - ((size_t)(ptr) & 0x0F)) & 0x0F )      )
-#    define ALIGNED_CIPHER_DATA(ctx) ((struct padlock_cipher_data *)\
-        NEAREST_ALIGNED(ctx->cipher_data))
+    CRYPTO_ctr128_encrypt_ctr32(in_arg, out_arg, nbytes,
+                                cdata, EVP_CIPHER_CTX_iv_noconst(ctx),
+                                EVP_CIPHER_CTX_buf_noconst(ctx), &num,
+                                (ctr128_f) padlock_ctr32_encrypt_glue);
+
+    EVP_CIPHER_CTX_set_num(ctx, (size_t)num);
+    return 1;
+}
 
-#    define EVP_CIPHER_block_size_ECB       AES_BLOCK_SIZE
-#    define EVP_CIPHER_block_size_CBC       AES_BLOCK_SIZE
-#    define EVP_CIPHER_block_size_OFB       1
-#    define EVP_CIPHER_block_size_CFB       1
+#   define EVP_CIPHER_block_size_ECB       AES_BLOCK_SIZE
+#   define EVP_CIPHER_block_size_CBC       AES_BLOCK_SIZE
+#   define EVP_CIPHER_block_size_OFB       1
+#   define EVP_CIPHER_block_size_CFB       1
+#   define EVP_CIPHER_block_size_CTR       1
 
 /*
  * Declaring so many ciphers by hand would be a pain. Instead introduce a bit
  * of preprocessor magic :-)
  */
-#    define DECLARE_AES_EVP(ksize,lmode,umode)      \
-static const EVP_CIPHER padlock_aes_##ksize##_##lmode = {       \
-        NID_aes_##ksize##_##lmode,              \
-        EVP_CIPHER_block_size_##umode,  \
-        AES_KEY_SIZE_##ksize,           \
-        AES_BLOCK_SIZE,                 \
-        0 | EVP_CIPH_##umode##_MODE,    \
-        padlock_aes_init_key,           \
-        padlock_aes_cipher,             \
-        NULL,                           \
-        sizeof(struct padlock_cipher_data) + 16,        \
-        EVP_CIPHER_set_asn1_iv,         \
-        EVP_CIPHER_get_asn1_iv,         \
-        NULL,                           \
-        NULL                            \
+#   define DECLARE_AES_EVP(ksize,lmode,umode)      \
+static EVP_CIPHER *_hidden_aes_##ksize##_##lmode = NULL; \
+static const EVP_CIPHER *padlock_aes_##ksize##_##lmode(void) \
+{                                                                       \
+    if (_hidden_aes_##ksize##_##lmode == NULL                           \
+        && ((_hidden_aes_##ksize##_##lmode =                            \
+             EVP_CIPHER_meth_new(NID_aes_##ksize##_##lmode,             \
+                                 EVP_CIPHER_block_size_##umode,         \
+                                 AES_KEY_SIZE_##ksize)) == NULL         \
+            || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_##ksize##_##lmode, \
+                                              AES_BLOCK_SIZE)           \
+            || !EVP_CIPHER_meth_set_flags(_hidden_aes_##ksize##_##lmode, \
+                                          0 | EVP_CIPH_##umode##_MODE)  \
+            || !EVP_CIPHER_meth_set_init(_hidden_aes_##ksize##_##lmode, \
+                                         padlock_aes_init_key)          \
+            || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_##ksize##_##lmode, \
+                                              padlock_##lmode##_cipher) \
+            || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_##ksize##_##lmode, \
+                                                  sizeof(struct padlock_cipher_data) + 16) \
+            || !EVP_CIPHER_meth_set_set_asn1_params(_hidden_aes_##ksize##_##lmode, \
+                                                    EVP_CIPHER_set_asn1_iv) \
+            || !EVP_CIPHER_meth_set_get_asn1_params(_hidden_aes_##ksize##_##lmode, \
+                                                    EVP_CIPHER_get_asn1_iv))) { \
+        EVP_CIPHER_meth_free(_hidden_aes_##ksize##_##lmode);            \
+        _hidden_aes_##ksize##_##lmode = NULL;                           \
+    }                                                                   \
+    return _hidden_aes_##ksize##_##lmode;                               \
 }
 
-DECLARE_AES_EVP(128, ecb, ECB);
-DECLARE_AES_EVP(128, cbc, CBC);
-DECLARE_AES_EVP(128, cfb, CFB);
-DECLARE_AES_EVP(128, ofb, OFB);
+DECLARE_AES_EVP(128, ecb, ECB)
+DECLARE_AES_EVP(128, cbc, CBC)
+DECLARE_AES_EVP(128, cfb, CFB)
+DECLARE_AES_EVP(128, ofb, OFB)
+DECLARE_AES_EVP(128, ctr, CTR)
 
-DECLARE_AES_EVP(192, ecb, ECB);
-DECLARE_AES_EVP(192, cbc, CBC);
-DECLARE_AES_EVP(192, cfb, CFB);
-DECLARE_AES_EVP(192, ofb, OFB);
+DECLARE_AES_EVP(192, ecb, ECB)
+DECLARE_AES_EVP(192, cbc, CBC)
+DECLARE_AES_EVP(192, cfb, CFB)
+DECLARE_AES_EVP(192, ofb, OFB)
+DECLARE_AES_EVP(192, ctr, CTR)
 
-DECLARE_AES_EVP(256, ecb, ECB);
-DECLARE_AES_EVP(256, cbc, CBC);
-DECLARE_AES_EVP(256, cfb, CFB);
-DECLARE_AES_EVP(256, ofb, OFB);
+DECLARE_AES_EVP(256, ecb, ECB)
+DECLARE_AES_EVP(256, cbc, CBC)
+DECLARE_AES_EVP(256, cfb, CFB)
+DECLARE_AES_EVP(256, ofb, OFB)
+DECLARE_AES_EVP(256, ctr, CTR)
 
 static int
 padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids,
@@ -738,42 +538,51 @@ padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids,
     /* ... or the requested "cipher" otherwise */
     switch (nid) {
     case NID_aes_128_ecb:
-        *cipher = &padlock_aes_128_ecb;
+        *cipher = padlock_aes_128_ecb();
         break;
     case NID_aes_128_cbc:
-        *cipher = &padlock_aes_128_cbc;
+        *cipher = padlock_aes_128_cbc();
         break;
     case NID_aes_128_cfb:
-        *cipher = &padlock_aes_128_cfb;
+        *cipher = padlock_aes_128_cfb();
         break;
     case NID_aes_128_ofb:
-        *cipher = &padlock_aes_128_ofb;
+        *cipher = padlock_aes_128_ofb();
+        break;
+    case NID_aes_128_ctr:
+        *cipher = padlock_aes_128_ctr();
         break;
 
     case NID_aes_192_ecb:
-        *cipher = &padlock_aes_192_ecb;
+        *cipher = padlock_aes_192_ecb();
         break;
     case NID_aes_192_cbc:
-        *cipher = &padlock_aes_192_cbc;
+        *cipher = padlock_aes_192_cbc();
         break;
     case NID_aes_192_cfb:
-        *cipher = &padlock_aes_192_cfb;
+        *cipher = padlock_aes_192_cfb();
         break;
     case NID_aes_192_ofb:
-        *cipher = &padlock_aes_192_ofb;
+        *cipher = padlock_aes_192_ofb();
+        break;
+    case NID_aes_192_ctr:
+        *cipher = padlock_aes_192_ctr();
         break;
 
     case NID_aes_256_ecb:
-        *cipher = &padlock_aes_256_ecb;
+        *cipher = padlock_aes_256_ecb();
         break;
     case NID_aes_256_cbc:
-        *cipher = &padlock_aes_256_cbc;
+        *cipher = padlock_aes_256_cbc();
         break;
     case NID_aes_256_cfb:
-        *cipher = &padlock_aes_256_cfb;
+        *cipher = padlock_aes_256_cfb();
         break;
     case NID_aes_256_ofb:
-        *cipher = &padlock_aes_256_ofb;
+        *cipher = padlock_aes_256_ofb();
+        break;
+    case NID_aes_256_ctr:
+        *cipher = padlock_aes_256_ctr();
         break;
 
     default:
@@ -792,18 +601,19 @@ padlock_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 {
     struct padlock_cipher_data *cdata;
     int key_len = EVP_CIPHER_CTX_key_length(ctx) * 8;
+    unsigned long mode = EVP_CIPHER_CTX_mode(ctx);
 
     if (key == NULL)
         return 0;               /* ERROR */
 
     cdata = ALIGNED_CIPHER_DATA(ctx);
-    memset(cdata, 0, sizeof(struct padlock_cipher_data));
+    memset(cdata, 0, sizeof(*cdata));
 
     /* Prepare Control word. */
-    if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE)
+    if (mode == EVP_CIPH_OFB_MODE || mode == EVP_CIPH_CTR_MODE)
         cdata->cword.b.encdec = 0;
     else
-        cdata->cword.b.encdec = (ctx->encrypt == 0);
+        cdata->cword.b.encdec = (EVP_CIPHER_CTX_encrypting(ctx) == 0);
     cdata->cword.b.rounds = 10 + (key_len - 128) / 32;
     cdata->cword.b.ksize = (key_len - 128) / 64;
 
@@ -826,17 +636,17 @@ padlock_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
          * hardware errata. They most likely will fix it at some point and
          * then a check for stepping would be due here.
          */
-        if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB_MODE ||
-            EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE || enc)
-            AES_set_encrypt_key(key, key_len, &cdata->ks);
-        else
+        if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
+            && !enc)
             AES_set_decrypt_key(key, key_len, &cdata->ks);
-#    ifndef AES_ASM
+        else
+            AES_set_encrypt_key(key, key_len, &cdata->ks);
+#   ifndef AES_ASM
         /*
          * OpenSSL C functions use byte-swapped extended key.
          */
-        padlock_bswapl(&cdata->ks);
-#    endif
+        padlock_key_bswap(&cdata->ks);
+#   endif
         cdata->cword.b.keygen = 1;
         break;
 
@@ -855,338 +665,6 @@ padlock_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
     return 1;
 }
 
-/*-
- * Simplified version of padlock_aes_cipher() used when
- * 1) both input and output buffers are at aligned addresses.
- * or when
- * 2) running on a newer CPU that doesn't require aligned buffers.
- */
-static int
-padlock_aes_cipher_omnivorous(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
-                              const unsigned char *in_arg, size_t nbytes)
-{
-    struct padlock_cipher_data *cdata;
-    void *iv;
-
-    cdata = ALIGNED_CIPHER_DATA(ctx);
-    padlock_verify_context(cdata);
-
-    switch (EVP_CIPHER_CTX_mode(ctx)) {
-    case EVP_CIPH_ECB_MODE:
-        padlock_xcrypt_ecb(nbytes / AES_BLOCK_SIZE, cdata, out_arg, in_arg);
-        break;
-
-    case EVP_CIPH_CBC_MODE:
-        memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);
-        iv = padlock_xcrypt_cbc(nbytes / AES_BLOCK_SIZE, cdata, out_arg,
-                                in_arg);
-        memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
-        break;
-
-    case EVP_CIPH_CFB_MODE:
-        memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);
-        iv = padlock_xcrypt_cfb(nbytes / AES_BLOCK_SIZE, cdata, out_arg,
-                                in_arg);
-        memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
-        break;
-
-    case EVP_CIPH_OFB_MODE:
-        memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);
-        padlock_xcrypt_ofb(nbytes / AES_BLOCK_SIZE, cdata, out_arg, in_arg);
-        memcpy(ctx->iv, cdata->iv, AES_BLOCK_SIZE);
-        break;
-
-    default:
-        return 0;
-    }
-
-    memset(cdata->iv, 0, AES_BLOCK_SIZE);
-
-    return 1;
-}
-
-#    ifndef  PADLOCK_CHUNK
-#     define PADLOCK_CHUNK  512 /* Must be a power of 2 larger than 16 */
-#    endif
-#    if PADLOCK_CHUNK<16 || PADLOCK_CHUNK&(PADLOCK_CHUNK-1)
-#     error "insane PADLOCK_CHUNK..."
-#    endif
-
-/*
- * Re-align the arguments to 16-Bytes boundaries and run the encryption
- * function itself. This function is not AES-specific.
- */
-static int
-padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
-                   const unsigned char *in_arg, size_t nbytes)
-{
-    struct padlock_cipher_data *cdata;
-    const void *inp;
-    unsigned char *out;
-    void *iv;
-    int inp_misaligned, out_misaligned, realign_in_loop;
-    size_t chunk, allocated = 0;
-
-    /*
-     * ctx->num is maintained in byte-oriented modes, such as CFB and OFB...
-     */
-    if ((chunk = ctx->num)) {   /* borrow chunk variable */
-        unsigned char *ivp = ctx->iv;
-
-        switch (EVP_CIPHER_CTX_mode(ctx)) {
-        case EVP_CIPH_CFB_MODE:
-            if (chunk >= AES_BLOCK_SIZE)
-                return 0;       /* bogus value */
-
-            if (ctx->encrypt)
-                while (chunk < AES_BLOCK_SIZE && nbytes != 0) {
-                    ivp[chunk] = *(out_arg++) = *(in_arg++) ^ ivp[chunk];
-                    chunk++, nbytes--;
-            } else
-                while (chunk < AES_BLOCK_SIZE && nbytes != 0) {
-                    unsigned char c = *(in_arg++);
-                    *(out_arg++) = c ^ ivp[chunk];
-                    ivp[chunk++] = c, nbytes--;
-                }
-
-            ctx->num = chunk % AES_BLOCK_SIZE;
-            break;
-        case EVP_CIPH_OFB_MODE:
-            if (chunk >= AES_BLOCK_SIZE)
-                return 0;       /* bogus value */
-
-            while (chunk < AES_BLOCK_SIZE && nbytes != 0) {
-                *(out_arg++) = *(in_arg++) ^ ivp[chunk];
-                chunk++, nbytes--;
-            }
-
-            ctx->num = chunk % AES_BLOCK_SIZE;
-            break;
-        }
-    }
-
-    if (nbytes == 0)
-        return 1;
-#    if 0
-    if (nbytes % AES_BLOCK_SIZE)
-        return 0;               /* are we expected to do tail processing? */
-#    else
-    /*
-     * nbytes is always multiple of AES_BLOCK_SIZE in ECB and CBC modes and
-     * arbitrary value in byte-oriented modes, such as CFB and OFB...
-     */
-#    endif
-
-    /*
-     * VIA promises CPUs that won't require alignment in the future. For now
-     * padlock_aes_align_required is initialized to 1 and the condition is
-     * never met...
-     */
-    /*
-     * C7 core is capable to manage unaligned input in non-ECB[!] mode, but
-     * performance penalties appear to be approximately same as for software
-     * alignment below or ~3x. They promise to improve it in the future, but
-     * for now we can just as well pretend that it can only handle aligned
-     * input...
-     */
-    if (!padlock_aes_align_required && (nbytes % AES_BLOCK_SIZE) == 0)
-        return padlock_aes_cipher_omnivorous(ctx, out_arg, in_arg, nbytes);
-
-    inp_misaligned = (((size_t)in_arg) & 0x0F);
-    out_misaligned = (((size_t)out_arg) & 0x0F);
-
-    /*
-     * Note that even if output is aligned and input not, I still prefer to
-     * loop instead of copy the whole input and then encrypt in one stroke.
-     * This is done in order to improve L1 cache utilization...
-     */
-    realign_in_loop = out_misaligned | inp_misaligned;
-
-    if (!realign_in_loop && (nbytes % AES_BLOCK_SIZE) == 0)
-        return padlock_aes_cipher_omnivorous(ctx, out_arg, in_arg, nbytes);
-
-    /* this takes one "if" out of the loops */
-    chunk = nbytes;
-    chunk %= PADLOCK_CHUNK;
-    if (chunk == 0)
-        chunk = PADLOCK_CHUNK;
-
-    if (out_misaligned) {
-        /* optmize for small input */
-        allocated = (chunk < nbytes ? PADLOCK_CHUNK : nbytes);
-        out = alloca(0x10 + allocated);
-        out = NEAREST_ALIGNED(out);
-    } else
-        out = out_arg;
-
-    cdata = ALIGNED_CIPHER_DATA(ctx);
-    padlock_verify_context(cdata);
-
-    switch (EVP_CIPHER_CTX_mode(ctx)) {
-    case EVP_CIPH_ECB_MODE:
-        do {
-            if (inp_misaligned)
-                inp = padlock_memcpy(out, in_arg, chunk);
-            else
-                inp = in_arg;
-            in_arg += chunk;
-
-            padlock_xcrypt_ecb(chunk / AES_BLOCK_SIZE, cdata, out, inp);
-
-            if (out_misaligned)
-                out_arg = padlock_memcpy(out_arg, out, chunk) + chunk;
-            else
-                out = out_arg += chunk;
-
-            nbytes -= chunk;
-            chunk = PADLOCK_CHUNK;
-        } while (nbytes);
-        break;
-
-    case EVP_CIPH_CBC_MODE:
-        memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);
-        goto cbc_shortcut;
-        do {
-            if (iv != cdata->iv)
-                memcpy(cdata->iv, iv, AES_BLOCK_SIZE);
-            chunk = PADLOCK_CHUNK;
- cbc_shortcut:                 /* optimize for small input */
-            if (inp_misaligned)
-                inp = padlock_memcpy(out, in_arg, chunk);
-            else
-                inp = in_arg;
-            in_arg += chunk;
-
-            iv = padlock_xcrypt_cbc(chunk / AES_BLOCK_SIZE, cdata, out, inp);
-
-            if (out_misaligned)
-                out_arg = padlock_memcpy(out_arg, out, chunk) + chunk;
-            else
-                out = out_arg += chunk;
-
-        } while (nbytes -= chunk);
-        memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
-        break;
-
-    case EVP_CIPH_CFB_MODE:
-        memcpy(iv = cdata->iv, ctx->iv, AES_BLOCK_SIZE);
-        chunk &= ~(AES_BLOCK_SIZE - 1);
-        if (chunk)
-            goto cfb_shortcut;
-        else
-            goto cfb_skiploop;
-        do {
-            if (iv != cdata->iv)
-                memcpy(cdata->iv, iv, AES_BLOCK_SIZE);
-            chunk = PADLOCK_CHUNK;
- cfb_shortcut:                 /* optimize for small input */
-            if (inp_misaligned)
-                inp = padlock_memcpy(out, in_arg, chunk);
-            else
-                inp = in_arg;
-            in_arg += chunk;
-
-            iv = padlock_xcrypt_cfb(chunk / AES_BLOCK_SIZE, cdata, out, inp);
-
-            if (out_misaligned)
-                out_arg = padlock_memcpy(out_arg, out, chunk) + chunk;
-            else
-                out = out_arg += chunk;
-
-            nbytes -= chunk;
-        } while (nbytes >= AES_BLOCK_SIZE);
-
- cfb_skiploop:
-        if (nbytes) {
-            unsigned char *ivp = cdata->iv;
-
-            if (iv != ivp) {
-                memcpy(ivp, iv, AES_BLOCK_SIZE);
-                iv = ivp;
-            }
-            ctx->num = nbytes;
-            if (cdata->cword.b.encdec) {
-                cdata->cword.b.encdec = 0;
-                padlock_reload_key();
-                padlock_xcrypt_ecb(1, cdata, ivp, ivp);
-                cdata->cword.b.encdec = 1;
-                padlock_reload_key();
-                while (nbytes) {
-                    unsigned char c = *(in_arg++);
-                    *(out_arg++) = c ^ *ivp;
-                    *(ivp++) = c, nbytes--;
-                }
-            } else {
-                padlock_reload_key();
-                padlock_xcrypt_ecb(1, cdata, ivp, ivp);
-                padlock_reload_key();
-                while (nbytes) {
-                    *ivp = *(out_arg++) = *(in_arg++) ^ *ivp;
-                    ivp++, nbytes--;
-                }
-            }
-        }
-
-        memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
-        break;
-
-    case EVP_CIPH_OFB_MODE:
-        memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);
-        chunk &= ~(AES_BLOCK_SIZE - 1);
-        if (chunk)
-            do {
-                if (inp_misaligned)
-                    inp = padlock_memcpy(out, in_arg, chunk);
-                else
-                    inp = in_arg;
-                in_arg += chunk;
-
-                padlock_xcrypt_ofb(chunk / AES_BLOCK_SIZE, cdata, out, inp);
-
-                if (out_misaligned)
-                    out_arg = padlock_memcpy(out_arg, out, chunk) + chunk;
-                else
-                    out = out_arg += chunk;
-
-                nbytes -= chunk;
-                chunk = PADLOCK_CHUNK;
-            } while (nbytes >= AES_BLOCK_SIZE);
-
-        if (nbytes) {
-            unsigned char *ivp = cdata->iv;
-
-            ctx->num = nbytes;
-            padlock_reload_key(); /* empirically found */
-            padlock_xcrypt_ecb(1, cdata, ivp, ivp);
-            padlock_reload_key(); /* empirically found */
-            while (nbytes) {
-                *(out_arg++) = *(in_arg++) ^ *ivp;
-                ivp++, nbytes--;
-            }
-        }
-
-        memcpy(ctx->iv, cdata->iv, AES_BLOCK_SIZE);
-        break;
-
-    default:
-        return 0;
-    }
-
-    /* Clean the realign buffer if it was used */
-    if (out_misaligned) {
-        volatile unsigned long *p = (void *)out;
-        size_t n = allocated / sizeof(*p);
-        while (n--)
-            *p++ = 0;
-    }
-
-    memset(cdata->iv, 0, AES_BLOCK_SIZE);
-
-    return 1;
-}
-
-#   endif                       /* OPENSSL_NO_AES */
-
 /* ===== Random Number Generator ===== */
 /*
  * This code is not engaged. The reason is that it does not comply
@@ -1230,7 +708,7 @@ static int padlock_rand_bytes(unsigned char *output, int count)
         *output++ = (unsigned char)buf;
         count--;
     }
-    *(volatile unsigned int *)&buf = 0;
+    OPENSSL_cleanse(&buf, sizeof(buf));
 
     return 1;
 }
@@ -1251,8 +729,13 @@ static RAND_METHOD padlock_rand = {
     padlock_rand_status,        /* rand status */
 };
 
-#  else                         /* !COMPILE_HW_PADLOCK */
-#   ifndef OPENSSL_NO_DYNAMIC_ENGINE
+#  endif                        /* COMPILE_HW_PADLOCK */
+# endif                         /* !OPENSSL_NO_HW_PADLOCK */
+#endif                          /* !OPENSSL_NO_HW */
+
+#if defined(OPENSSL_NO_HW) || defined(OPENSSL_NO_HW_PADLOCK) \
+        || !defined(COMPILE_HW_PADLOCK)
+# ifndef OPENSSL_NO_DYNAMIC_ENGINE
 OPENSSL_EXPORT
     int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns);
 OPENSSL_EXPORT
@@ -1262,7 +745,5 @@ OPENSSL_EXPORT
 }
 
 IMPLEMENT_DYNAMIC_CHECK_FN()
-#   endif
-#  endif                        /* COMPILE_HW_PADLOCK */
-# endif                         /* !OPENSSL_NO_HW_PADLOCK */
-#endif                          /* !OPENSSL_NO_HW */
+# endif
+#endif
diff --git a/freebsd/crypto/openssl/engines/e_sureware.c b/freebsd/crypto/openssl/engines/e_sureware.c
deleted file mode 100644
index 4e13a902..00000000
--- a/freebsd/crypto/openssl/engines/e_sureware.c
+++ /dev/null
@@ -1,1103 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/*-
-*  Written by Corinne Dive-Reclus(cdive@baltimore.com)
-*
-*
-* Redistribution and use in source and binary forms, with or without
-* modification, are permitted provided that the following conditions
-* are met:
-*
-* 1. Redistributions of source code must retain the above copyright
-*    notice, this list of conditions and the following disclaimer.
-*
-* 2. Redistributions in binary form must reproduce the above copyright
-*    notice, this list of conditions and the following disclaimer in
-*    the documentation and/or other materials provided with the
-*    distribution.
-*
-* 3. All advertising materials mentioning features or use of this
-*    software must display the following acknowledgment:
-*    "This product includes software developed by the OpenSSL Project
-*    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-*
-* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-*    endorse or promote products derived from this software without
-*    prior written permission. For written permission, please contact
-*    licensing@OpenSSL.org.
-*
-* 5. Products derived from this software may not be called "OpenSSL"
-*    nor may "OpenSSL" appear in their names without prior written
-*    permission of the OpenSSL Project.
-*
-* 6. Redistributions of any form whatsoever must retain the following
-*    acknowledgment:
-*    "This product includes software developed by the OpenSSL Project
-*    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-*
-* Written by Corinne Dive-Reclus(cdive@baltimore.com)
-*
-* Copyright@2001 Baltimore Technologies Ltd.
-* All right Reserved.
-*                                                                                      *
-*        THIS FILE IS PROVIDED BY BALTIMORE TECHNOLOGIES ``AS IS'' AND                 *
-*        ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE         *
-*        IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE    *
-*        ARE DISCLAIMED.  IN NO EVENT SHALL BALTIMORE TECHNOLOGIES BE LIABLE           *
-*        FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL    *
-*        DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS       *
-*        OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)         *
-*        HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT    *
-*        LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY     *
-*        OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF        *
-*        SUCH DAMAGE.                                                                  *
-====================================================================*/
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/pem.h>
-#include <openssl/dso.h>
-#include <openssl/engine.h>
-#include <openssl/rand.h>
-#ifndef OPENSSL_NO_RSA
-# include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-# include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-# include <openssl/dh.h>
-#endif
-#include <openssl/bn.h>
-
-#ifndef OPENSSL_NO_HW
-# ifndef OPENSSL_NO_HW_SUREWARE
-
-#  ifdef FLAT_INC
-#   include "sureware.h"
-#  else
-#   include "vendor_defns/sureware.h"
-#  endif
-
-#  define SUREWARE_LIB_NAME "sureware engine"
-#  include "e_sureware_err.c"
-
-static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p,
-                           void (*f) (void));
-static int surewarehk_destroy(ENGINE *e);
-static int surewarehk_init(ENGINE *e);
-static int surewarehk_finish(ENGINE *e);
-static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                             const BIGNUM *m, BN_CTX *ctx);
-
-/* RSA stuff */
-#  ifndef OPENSSL_NO_RSA
-static int surewarehk_rsa_priv_dec(int flen, const unsigned char *from,
-                                   unsigned char *to, RSA *rsa, int padding);
-static int surewarehk_rsa_sign(int flen, const unsigned char *from,
-                               unsigned char *to, RSA *rsa, int padding);
-#  endif
-
-/* RAND stuff */
-static int surewarehk_rand_bytes(unsigned char *buf, int num);
-static void surewarehk_rand_seed(const void *buf, int num);
-static void surewarehk_rand_add(const void *buf, int num, double entropy);
-
-/* KM stuff */
-static EVP_PKEY *surewarehk_load_privkey(ENGINE *e, const char *key_id,
-                                         UI_METHOD *ui_method,
-                                         void *callback_data);
-static EVP_PKEY *surewarehk_load_pubkey(ENGINE *e, const char *key_id,
-                                        UI_METHOD *ui_method,
-                                        void *callback_data);
-static void surewarehk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
-                               int idx, long argl, void *argp);
-#  if 0
-static void surewarehk_dh_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
-                                  int idx, long argl, void *argp);
-#  endif
-
-#  ifndef OPENSSL_NO_RSA
-/* This function is aliased to mod_exp (with the mont stuff dropped). */
-static int surewarehk_mod_exp_mont(BIGNUM *r, const BIGNUM *a,
-                                   const BIGNUM *p, const BIGNUM *m,
-                                   BN_CTX *ctx, BN_MONT_CTX *m_ctx)
-{
-    return surewarehk_modexp(r, a, p, m, ctx);
-}
-
-/* Our internal RSA_METHOD that we provide pointers to */
-static RSA_METHOD surewarehk_rsa = {
-    "SureWare RSA method",
-    NULL,                       /* pub_enc */
-    NULL,                       /* pub_dec */
-    surewarehk_rsa_sign,        /* our rsa_sign is OpenSSL priv_enc */
-    surewarehk_rsa_priv_dec,    /* priv_dec */
-    NULL,                       /* mod_exp */
-    surewarehk_mod_exp_mont,    /* mod_exp_mongomery */
-    NULL,                       /* init */
-    NULL,                       /* finish */
-    0,                          /* RSA flag */
-    NULL,
-    NULL,                       /* OpenSSL sign */
-    NULL,                       /* OpenSSL verify */
-    NULL                        /* keygen */
-};
-#  endif
-
-#  ifndef OPENSSL_NO_DH
-/* Our internal DH_METHOD that we provide pointers to */
-/* This function is aliased to mod_exp (with the dh and mont dropped). */
-static int surewarehk_modexp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
-                                const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
-                                BN_MONT_CTX *m_ctx)
-{
-    return surewarehk_modexp(r, a, p, m, ctx);
-}
-
-static DH_METHOD surewarehk_dh = {
-    "SureWare DH method",
-    NULL,                       /* gen_key */
-    NULL,                       /* agree, */
-    surewarehk_modexp_dh,       /* dh mod exp */
-    NULL,                       /* init */
-    NULL,                       /* finish */
-    0,                          /* flags */
-    NULL,
-    NULL
-};
-#  endif
-
-static RAND_METHOD surewarehk_rand = {
-    /* "SureWare RAND method", */
-    surewarehk_rand_seed,
-    surewarehk_rand_bytes,
-    NULL,                       /* cleanup */
-    surewarehk_rand_add,
-    surewarehk_rand_bytes,
-    NULL,                       /* rand_status */
-};
-
-#  ifndef OPENSSL_NO_DSA
-/* DSA stuff */
-static DSA_SIG *surewarehk_dsa_do_sign(const unsigned char *dgst, int dlen,
-                                       DSA *dsa);
-static int surewarehk_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
-                                  BIGNUM *p1, BIGNUM *a2, BIGNUM *p2,
-                                  BIGNUM *m, BN_CTX *ctx,
-                                  BN_MONT_CTX *in_mont)
-{
-    BIGNUM t;
-    int to_return = 0;
-    BN_init(&t);
-    /* let rr = a1 ^ p1 mod m */
-    if (!surewarehk_modexp(rr, a1, p1, m, ctx))
-        goto end;
-    /* let t = a2 ^ p2 mod m */
-    if (!surewarehk_modexp(&t, a2, p2, m, ctx))
-        goto end;
-    /* let rr = rr * t mod m */
-    if (!BN_mod_mul(rr, rr, &t, m, ctx))
-        goto end;
-    to_return = 1;
- end:
-    BN_free(&t);
-    return to_return;
-}
-
-static DSA_METHOD surewarehk_dsa = {
-    "SureWare DSA method",
-    surewarehk_dsa_do_sign,
-    NULL,                       /* sign setup */
-    NULL,                       /* verify, */
-    surewarehk_dsa_mod_exp,     /* mod exp */
-    NULL,                       /* bn mod exp */
-    NULL,                       /* init */
-    NULL,                       /* finish */
-    0,
-    NULL,
-    NULL,
-    NULL
-};
-#  endif
-
-static const char *engine_sureware_id = "sureware";
-static const char *engine_sureware_name = "SureWare hardware engine support";
-
-/* Now, to our own code */
-
-/*
- * As this is only ever called once, there's no need for locking (indeed -
- * the lock will already be held by our caller!!!)
- */
-static int bind_sureware(ENGINE *e)
-{
-#  ifndef OPENSSL_NO_RSA
-    const RSA_METHOD *meth1;
-#  endif
-#  ifndef OPENSSL_NO_DSA
-    const DSA_METHOD *meth2;
-#  endif
-#  ifndef OPENSSL_NO_DH
-    const DH_METHOD *meth3;
-#  endif
-
-    if (!ENGINE_set_id(e, engine_sureware_id) ||
-        !ENGINE_set_name(e, engine_sureware_name) ||
-#  ifndef OPENSSL_NO_RSA
-        !ENGINE_set_RSA(e, &surewarehk_rsa) ||
-#  endif
-#  ifndef OPENSSL_NO_DSA
-        !ENGINE_set_DSA(e, &surewarehk_dsa) ||
-#  endif
-#  ifndef OPENSSL_NO_DH
-        !ENGINE_set_DH(e, &surewarehk_dh) ||
-#  endif
-        !ENGINE_set_RAND(e, &surewarehk_rand) ||
-        !ENGINE_set_destroy_function(e, surewarehk_destroy) ||
-        !ENGINE_set_init_function(e, surewarehk_init) ||
-        !ENGINE_set_finish_function(e, surewarehk_finish) ||
-        !ENGINE_set_ctrl_function(e, surewarehk_ctrl) ||
-        !ENGINE_set_load_privkey_function(e, surewarehk_load_privkey) ||
-        !ENGINE_set_load_pubkey_function(e, surewarehk_load_pubkey))
-        return 0;
-
-#  ifndef OPENSSL_NO_RSA
-    /*
-     * We know that the "PKCS1_SSLeay()" functions hook properly to the
-     * cswift-specific mod_exp and mod_exp_crt so we use those functions. NB:
-     * We don't use ENGINE_openssl() or anything "more generic" because
-     * something like the RSAref code may not hook properly, and if you own
-     * one of these cards then you have the right to do RSA operations on it
-     * anyway!
-     */
-    meth1 = RSA_PKCS1_SSLeay();
-    if (meth1) {
-        surewarehk_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
-        surewarehk_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
-    }
-#  endif
-
-#  ifndef OPENSSL_NO_DSA
-    /*
-     * Use the DSA_OpenSSL() method and just hook the mod_exp-ish bits.
-     */
-    meth2 = DSA_OpenSSL();
-    if (meth2) {
-        surewarehk_dsa.dsa_do_verify = meth2->dsa_do_verify;
-    }
-#  endif
-
-#  ifndef OPENSSL_NO_DH
-    /* Much the same for Diffie-Hellman */
-    meth3 = DH_OpenSSL();
-    if (meth3) {
-        surewarehk_dh.generate_key = meth3->generate_key;
-        surewarehk_dh.compute_key = meth3->compute_key;
-    }
-#  endif
-
-    /* Ensure the sureware error handling is set up */
-    ERR_load_SUREWARE_strings();
-    return 1;
-}
-
-#  ifndef OPENSSL_NO_DYNAMIC_ENGINE
-static int bind_helper(ENGINE *e, const char *id)
-{
-    if (id && (strcmp(id, engine_sureware_id) != 0))
-        return 0;
-    if (!bind_sureware(e))
-        return 0;
-    return 1;
-}
-
-IMPLEMENT_DYNAMIC_CHECK_FN()
-    IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
-#  else
-static ENGINE *engine_sureware(void)
-{
-    ENGINE *ret = ENGINE_new();
-    if (!ret)
-        return NULL;
-    if (!bind_sureware(ret)) {
-        ENGINE_free(ret);
-        return NULL;
-    }
-    return ret;
-}
-
-void ENGINE_load_sureware(void)
-{
-    /* Copied from eng_[openssl|dyn].c */
-    ENGINE *toadd = engine_sureware();
-    if (!toadd)
-        return;
-    ENGINE_add(toadd);
-    ENGINE_free(toadd);
-    ERR_clear_error();
-}
-#  endif
-
-/*
- * This is a process-global DSO handle used for loading and unloading the
- * SureWareHook library. NB: This is only set (or unset) during an init() or
- * finish() call (reference counts permitting) and they're operating with
- * global locks, so this should be thread-safe implicitly.
- */
-static DSO *surewarehk_dso = NULL;
-#  ifndef OPENSSL_NO_RSA
-/* Index for KM handle.  Not really used yet. */
-static int rsaHndidx = -1;
-#  endif
-#  ifndef OPENSSL_NO_DSA
-/* Index for KM handle.  Not really used yet. */
-static int dsaHndidx = -1;
-#  endif
-
-/*
- * These are the function pointers that are (un)set when the library has
- * successfully (un)loaded.
- */
-static SureWareHook_Init_t *p_surewarehk_Init = NULL;
-static SureWareHook_Finish_t *p_surewarehk_Finish = NULL;
-static SureWareHook_Rand_Bytes_t *p_surewarehk_Rand_Bytes = NULL;
-static SureWareHook_Rand_Seed_t *p_surewarehk_Rand_Seed = NULL;
-static SureWareHook_Load_Privkey_t *p_surewarehk_Load_Privkey = NULL;
-static SureWareHook_Info_Pubkey_t *p_surewarehk_Info_Pubkey = NULL;
-static SureWareHook_Load_Rsa_Pubkey_t *p_surewarehk_Load_Rsa_Pubkey = NULL;
-static SureWareHook_Load_Dsa_Pubkey_t *p_surewarehk_Load_Dsa_Pubkey = NULL;
-static SureWareHook_Free_t *p_surewarehk_Free = NULL;
-static SureWareHook_Rsa_Priv_Dec_t *p_surewarehk_Rsa_Priv_Dec = NULL;
-static SureWareHook_Rsa_Sign_t *p_surewarehk_Rsa_Sign = NULL;
-static SureWareHook_Dsa_Sign_t *p_surewarehk_Dsa_Sign = NULL;
-static SureWareHook_Mod_Exp_t *p_surewarehk_Mod_Exp = NULL;
-
-/* Used in the DSO operations. */
-static const char *surewarehk_LIBNAME = "SureWareHook";
-static const char *n_surewarehk_Init = "SureWareHook_Init";
-static const char *n_surewarehk_Finish = "SureWareHook_Finish";
-static const char *n_surewarehk_Rand_Bytes = "SureWareHook_Rand_Bytes";
-static const char *n_surewarehk_Rand_Seed = "SureWareHook_Rand_Seed";
-static const char *n_surewarehk_Load_Privkey = "SureWareHook_Load_Privkey";
-static const char *n_surewarehk_Info_Pubkey = "SureWareHook_Info_Pubkey";
-static const char *n_surewarehk_Load_Rsa_Pubkey =
-    "SureWareHook_Load_Rsa_Pubkey";
-static const char *n_surewarehk_Load_Dsa_Pubkey =
-    "SureWareHook_Load_Dsa_Pubkey";
-static const char *n_surewarehk_Free = "SureWareHook_Free";
-static const char *n_surewarehk_Rsa_Priv_Dec = "SureWareHook_Rsa_Priv_Dec";
-static const char *n_surewarehk_Rsa_Sign = "SureWareHook_Rsa_Sign";
-static const char *n_surewarehk_Dsa_Sign = "SureWareHook_Dsa_Sign";
-static const char *n_surewarehk_Mod_Exp = "SureWareHook_Mod_Exp";
-static BIO *logstream = NULL;
-
-/*
- * SureWareHook library functions and mechanics - these are used by the
- * higher-level functions further down. NB: As and where there's no error
- * checking, take a look lower down where these functions are called, the
- * checking and error handling is probably down there.
- */
-static int threadsafe = 1;
-static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p,
-                           void (*f) (void))
-{
-    int to_return = 1;
-
-    switch (cmd) {
-    case ENGINE_CTRL_SET_LOGSTREAM:
-        {
-            BIO *bio = (BIO *)p;
-            CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-            if (logstream) {
-                BIO_free(logstream);
-                logstream = NULL;
-            }
-            if (CRYPTO_add(&bio->references, 1, CRYPTO_LOCK_BIO) > 1)
-                logstream = bio;
-            else
-                SUREWAREerr(SUREWARE_F_SUREWAREHK_CTRL,
-                            SUREWARE_R_BIO_WAS_FREED);
-        }
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        break;
-        /*
-         * This will prevent the initialisation function from "installing"
-         * the mutex-handling callbacks, even if they are available from
-         * within the library (or were provided to the library from the
-         * calling application). This is to remove any baggage for
-         * applications not using multithreading.
-         */
-    case ENGINE_CTRL_CHIL_NO_LOCKING:
-        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-        threadsafe = 0;
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        break;
-
-        /* The command isn't understood by this engine */
-    default:
-        SUREWAREerr(SUREWARE_F_SUREWAREHK_CTRL,
-                    ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
-        to_return = 0;
-        break;
-    }
-
-    return to_return;
-}
-
-/* Destructor (complements the "ENGINE_surewarehk()" constructor) */
-static int surewarehk_destroy(ENGINE *e)
-{
-    ERR_unload_SUREWARE_strings();
-    return 1;
-}
-
-/* (de)initialisation functions. */
-static int surewarehk_init(ENGINE *e)
-{
-    char msg[64] = "ENGINE_init";
-    SureWareHook_Init_t *p1 = NULL;
-    SureWareHook_Finish_t *p2 = NULL;
-    SureWareHook_Rand_Bytes_t *p3 = NULL;
-    SureWareHook_Rand_Seed_t *p4 = NULL;
-    SureWareHook_Load_Privkey_t *p5 = NULL;
-    SureWareHook_Load_Rsa_Pubkey_t *p6 = NULL;
-    SureWareHook_Free_t *p7 = NULL;
-    SureWareHook_Rsa_Priv_Dec_t *p8 = NULL;
-    SureWareHook_Rsa_Sign_t *p9 = NULL;
-    SureWareHook_Dsa_Sign_t *p12 = NULL;
-    SureWareHook_Info_Pubkey_t *p13 = NULL;
-    SureWareHook_Load_Dsa_Pubkey_t *p14 = NULL;
-    SureWareHook_Mod_Exp_t *p15 = NULL;
-
-    if (surewarehk_dso != NULL) {
-        SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT, ENGINE_R_ALREADY_LOADED);
-        goto err;
-    }
-    /* Attempt to load libsurewarehk.so/surewarehk.dll/whatever. */
-    surewarehk_dso = DSO_load(NULL, surewarehk_LIBNAME, NULL, 0);
-    if (surewarehk_dso == NULL) {
-        SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT, ENGINE_R_DSO_FAILURE);
-        goto err;
-    }
-    if (!
-        (p1 =
-         (SureWareHook_Init_t *) DSO_bind_func(surewarehk_dso,
-                                               n_surewarehk_Init))
-|| !(p2 =
-     (SureWareHook_Finish_t *) DSO_bind_func(surewarehk_dso,
-                                             n_surewarehk_Finish))
-|| !(p3 =
-     (SureWareHook_Rand_Bytes_t *) DSO_bind_func(surewarehk_dso,
-                                                 n_surewarehk_Rand_Bytes))
-|| !(p4 =
-     (SureWareHook_Rand_Seed_t *) DSO_bind_func(surewarehk_dso,
-                                                n_surewarehk_Rand_Seed))
-|| !(p5 =
-     (SureWareHook_Load_Privkey_t *) DSO_bind_func(surewarehk_dso,
-                                                   n_surewarehk_Load_Privkey))
-|| !(p6 =
-     (SureWareHook_Load_Rsa_Pubkey_t *) DSO_bind_func(surewarehk_dso,
-                                                      n_surewarehk_Load_Rsa_Pubkey))
-|| !(p7 =
-     (SureWareHook_Free_t *) DSO_bind_func(surewarehk_dso, n_surewarehk_Free))
-|| !(p8 =
-     (SureWareHook_Rsa_Priv_Dec_t *) DSO_bind_func(surewarehk_dso,
-                                                   n_surewarehk_Rsa_Priv_Dec))
-|| !(p9 =
-     (SureWareHook_Rsa_Sign_t *) DSO_bind_func(surewarehk_dso,
-                                               n_surewarehk_Rsa_Sign))
-|| !(p12 =
-     (SureWareHook_Dsa_Sign_t *) DSO_bind_func(surewarehk_dso,
-                                               n_surewarehk_Dsa_Sign))
-|| !(p13 =
-     (SureWareHook_Info_Pubkey_t *) DSO_bind_func(surewarehk_dso,
-                                                  n_surewarehk_Info_Pubkey))
-|| !(p14 =
-     (SureWareHook_Load_Dsa_Pubkey_t *) DSO_bind_func(surewarehk_dso,
-                                                      n_surewarehk_Load_Dsa_Pubkey))
-|| !(p15 =
-     (SureWareHook_Mod_Exp_t *) DSO_bind_func(surewarehk_dso,
-                                              n_surewarehk_Mod_Exp))) {
-        SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT, ENGINE_R_DSO_FAILURE);
-        goto err;
-    }
-    /* Copy the pointers */
-    p_surewarehk_Init = p1;
-    p_surewarehk_Finish = p2;
-    p_surewarehk_Rand_Bytes = p3;
-    p_surewarehk_Rand_Seed = p4;
-    p_surewarehk_Load_Privkey = p5;
-    p_surewarehk_Load_Rsa_Pubkey = p6;
-    p_surewarehk_Free = p7;
-    p_surewarehk_Rsa_Priv_Dec = p8;
-    p_surewarehk_Rsa_Sign = p9;
-    p_surewarehk_Dsa_Sign = p12;
-    p_surewarehk_Info_Pubkey = p13;
-    p_surewarehk_Load_Dsa_Pubkey = p14;
-    p_surewarehk_Mod_Exp = p15;
-    /* Contact the hardware and initialises it. */
-    if (p_surewarehk_Init(msg, threadsafe) == SUREWAREHOOK_ERROR_UNIT_FAILURE) {
-        SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT, SUREWARE_R_UNIT_FAILURE);
-        goto err;
-    }
-    if (p_surewarehk_Init(msg, threadsafe) == SUREWAREHOOK_ERROR_UNIT_FAILURE) {
-        SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT, SUREWARE_R_UNIT_FAILURE);
-        goto err;
-    }
-    /*
-     * try to load the default private key, if failed does not return a
-     * failure but wait for an explicit ENGINE_load_privakey
-     */
-    surewarehk_load_privkey(e, NULL, NULL, NULL);
-
-    /* Everything's fine. */
-#  ifndef OPENSSL_NO_RSA
-    if (rsaHndidx == -1)
-        rsaHndidx = RSA_get_ex_new_index(0,
-                                         "SureWareHook RSA key handle",
-                                         NULL, NULL, surewarehk_ex_free);
-#  endif
-#  ifndef OPENSSL_NO_DSA
-    if (dsaHndidx == -1)
-        dsaHndidx = DSA_get_ex_new_index(0,
-                                         "SureWareHook DSA key handle",
-                                         NULL, NULL, surewarehk_ex_free);
-#  endif
-
-    return 1;
- err:
-    if (surewarehk_dso)
-        DSO_free(surewarehk_dso);
-    surewarehk_dso = NULL;
-    p_surewarehk_Init = NULL;
-    p_surewarehk_Finish = NULL;
-    p_surewarehk_Rand_Bytes = NULL;
-    p_surewarehk_Rand_Seed = NULL;
-    p_surewarehk_Load_Privkey = NULL;
-    p_surewarehk_Load_Rsa_Pubkey = NULL;
-    p_surewarehk_Free = NULL;
-    p_surewarehk_Rsa_Priv_Dec = NULL;
-    p_surewarehk_Rsa_Sign = NULL;
-    p_surewarehk_Dsa_Sign = NULL;
-    p_surewarehk_Info_Pubkey = NULL;
-    p_surewarehk_Load_Dsa_Pubkey = NULL;
-    p_surewarehk_Mod_Exp = NULL;
-    return 0;
-}
-
-static int surewarehk_finish(ENGINE *e)
-{
-    int to_return = 1;
-    if (surewarehk_dso == NULL) {
-        SUREWAREerr(SUREWARE_F_SUREWAREHK_FINISH, ENGINE_R_NOT_LOADED);
-        to_return = 0;
-        goto err;
-    }
-    p_surewarehk_Finish();
-    if (!DSO_free(surewarehk_dso)) {
-        SUREWAREerr(SUREWARE_F_SUREWAREHK_FINISH, ENGINE_R_DSO_FAILURE);
-        to_return = 0;
-        goto err;
-    }
- err:
-    if (logstream)
-        BIO_free(logstream);
-    surewarehk_dso = NULL;
-    p_surewarehk_Init = NULL;
-    p_surewarehk_Finish = NULL;
-    p_surewarehk_Rand_Bytes = NULL;
-    p_surewarehk_Rand_Seed = NULL;
-    p_surewarehk_Load_Privkey = NULL;
-    p_surewarehk_Load_Rsa_Pubkey = NULL;
-    p_surewarehk_Free = NULL;
-    p_surewarehk_Rsa_Priv_Dec = NULL;
-    p_surewarehk_Rsa_Sign = NULL;
-    p_surewarehk_Dsa_Sign = NULL;
-    p_surewarehk_Info_Pubkey = NULL;
-    p_surewarehk_Load_Dsa_Pubkey = NULL;
-    p_surewarehk_Mod_Exp = NULL;
-    return to_return;
-}
-
-static void surewarehk_error_handling(char *const msg, int func, int ret)
-{
-    switch (ret) {
-    case SUREWAREHOOK_ERROR_UNIT_FAILURE:
-        ENGINEerr(func, SUREWARE_R_UNIT_FAILURE);
-        break;
-    case SUREWAREHOOK_ERROR_FALLBACK:
-        ENGINEerr(func, SUREWARE_R_REQUEST_FALLBACK);
-        break;
-    case SUREWAREHOOK_ERROR_DATA_SIZE:
-        ENGINEerr(func, SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
-        break;
-    case SUREWAREHOOK_ERROR_INVALID_PAD:
-        ENGINEerr(func, SUREWARE_R_PADDING_CHECK_FAILED);
-        break;
-    default:
-        ENGINEerr(func, SUREWARE_R_REQUEST_FAILED);
-        break;
-    case 1:                    /* nothing */
-        msg[0] = '\0';
-    }
-    if (*msg) {
-        ERR_add_error_data(1, msg);
-        if (logstream) {
-            CRYPTO_w_lock(CRYPTO_LOCK_BIO);
-            BIO_write(logstream, msg, strlen(msg));
-            CRYPTO_w_unlock(CRYPTO_LOCK_BIO);
-        }
-    }
-}
-
-static int surewarehk_rand_bytes(unsigned char *buf, int num)
-{
-    int ret = 0;
-    char msg[64] = "ENGINE_rand_bytes";
-    if (!p_surewarehk_Rand_Bytes) {
-        SUREWAREerr(SUREWARE_F_SUREWAREHK_RAND_BYTES,
-                    ENGINE_R_NOT_INITIALISED);
-    } else {
-        ret = p_surewarehk_Rand_Bytes(msg, buf, num);
-        surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_RAND_BYTES, ret);
-    }
-    return ret == 1 ? 1 : 0;
-}
-
-static void surewarehk_rand_seed(const void *buf, int num)
-{
-    int ret = 0;
-    char msg[64] = "ENGINE_rand_seed";
-    if (!p_surewarehk_Rand_Seed) {
-        SUREWAREerr(SUREWARE_F_SUREWAREHK_RAND_SEED,
-                    ENGINE_R_NOT_INITIALISED);
-    } else {
-        ret = p_surewarehk_Rand_Seed(msg, buf, num);
-        surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_RAND_SEED, ret);
-    }
-}
-
-static void surewarehk_rand_add(const void *buf, int num, double entropy)
-{
-    surewarehk_rand_seed(buf, num);
-}
-
-static EVP_PKEY *sureware_load_public(ENGINE *e, const char *key_id,
-                                      char *hptr, unsigned long el,
-                                      char keytype)
-{
-    EVP_PKEY *res = NULL;
-#  ifndef OPENSSL_NO_RSA
-    RSA *rsatmp = NULL;
-#  endif
-#  ifndef OPENSSL_NO_DSA
-    DSA *dsatmp = NULL;
-#  endif
-    char msg[64] = "sureware_load_public";
-    int ret = 0;
-    if (!p_surewarehk_Load_Rsa_Pubkey || !p_surewarehk_Load_Dsa_Pubkey) {
-        SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,
-                    ENGINE_R_NOT_INITIALISED);
-        goto err;
-    }
-    switch (keytype) {
-#  ifndef OPENSSL_NO_RSA
-    case 1:
-         /*RSA*/
-            /* set private external reference */
-            rsatmp = RSA_new_method(e);
-        RSA_set_ex_data(rsatmp, rsaHndidx, hptr);
-        rsatmp->flags |= RSA_FLAG_EXT_PKEY;
-
-        /* set public big nums */
-        rsatmp->e = BN_new();
-        rsatmp->n = BN_new();
-        if(!rsatmp->e || !rsatmp->n)
-            goto err;
-        bn_expand2(rsatmp->e, el / sizeof(BN_ULONG));
-        bn_expand2(rsatmp->n, el / sizeof(BN_ULONG));
-        if (rsatmp->e->dmax != (int)(el / sizeof(BN_ULONG)) ||
-            rsatmp->n->dmax != (int)(el / sizeof(BN_ULONG)))
-            goto err;
-        ret = p_surewarehk_Load_Rsa_Pubkey(msg, key_id, el,
-                                           (unsigned long *)rsatmp->n->d,
-                                           (unsigned long *)rsatmp->e->d);
-        surewarehk_error_handling(msg, SUREWARE_F_SUREWARE_LOAD_PUBLIC, ret);
-        if (ret != 1) {
-            SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,
-                        ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
-            goto err;
-        }
-        /* normalise pub e and pub n */
-        rsatmp->e->top = el / sizeof(BN_ULONG);
-        bn_fix_top(rsatmp->e);
-        rsatmp->n->top = el / sizeof(BN_ULONG);
-        bn_fix_top(rsatmp->n);
-        /* create an EVP object: engine + rsa key */
-        res = EVP_PKEY_new();
-        EVP_PKEY_assign_RSA(res, rsatmp);
-        break;
-#  endif
-
-#  ifndef OPENSSL_NO_DSA
-    case 2:
-         /*DSA*/
-            /* set private/public external reference */
-            dsatmp = DSA_new_method(e);
-        DSA_set_ex_data(dsatmp, dsaHndidx, hptr);
-        /*
-         * dsatmp->flags |= DSA_FLAG_EXT_PKEY;
-         */
-
-        /* set public key */
-        dsatmp->pub_key = BN_new();
-        dsatmp->p = BN_new();
-        dsatmp->q = BN_new();
-        dsatmp->g = BN_new();
-        if(!dsatmp->pub_key || !dsatmp->p || !dsatmp->q || !dsatmp->g)
-            goto err;
-        bn_expand2(dsatmp->pub_key, el / sizeof(BN_ULONG));
-        bn_expand2(dsatmp->p, el / sizeof(BN_ULONG));
-        bn_expand2(dsatmp->q, 20 / sizeof(BN_ULONG));
-        bn_expand2(dsatmp->g, el / sizeof(BN_ULONG));
-        if (dsatmp->pub_key->dmax != (int)(el / sizeof(BN_ULONG))
-            || dsatmp->p->dmax != (int)(el / sizeof(BN_ULONG))
-            || dsatmp->q->dmax != 20 / sizeof(BN_ULONG)
-            || dsatmp->g->dmax != (int)(el / sizeof(BN_ULONG)))
-            goto err;
-
-        ret = p_surewarehk_Load_Dsa_Pubkey(msg, key_id, el,
-                                           (unsigned long *)dsatmp->
-                                           pub_key->d,
-                                           (unsigned long *)dsatmp->p->d,
-                                           (unsigned long *)dsatmp->q->d,
-                                           (unsigned long *)dsatmp->g->d);
-        surewarehk_error_handling(msg, SUREWARE_F_SUREWARE_LOAD_PUBLIC, ret);
-        if (ret != 1) {
-            SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,
-                        ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
-            goto err;
-        }
-        /* set parameters */
-        /* normalise pubkey and parameters in case of */
-        dsatmp->pub_key->top = el / sizeof(BN_ULONG);
-        bn_fix_top(dsatmp->pub_key);
-        dsatmp->p->top = el / sizeof(BN_ULONG);
-        bn_fix_top(dsatmp->p);
-        dsatmp->q->top = 20 / sizeof(BN_ULONG);
-        bn_fix_top(dsatmp->q);
-        dsatmp->g->top = el / sizeof(BN_ULONG);
-        bn_fix_top(dsatmp->g);
-
-        /* create an EVP object: engine + rsa key */
-        res = EVP_PKEY_new();
-        EVP_PKEY_assign_DSA(res, dsatmp);
-        break;
-#  endif
-
-    default:
-        SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,
-                    ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
-        goto err;
-    }
-    return res;
- err:
-#  ifndef OPENSSL_NO_RSA
-    if (rsatmp)
-        RSA_free(rsatmp);
-#  endif
-#  ifndef OPENSSL_NO_DSA
-    if (dsatmp)
-        DSA_free(dsatmp);
-#  endif
-    return NULL;
-}
-
-static EVP_PKEY *surewarehk_load_privkey(ENGINE *e, const char *key_id,
-                                         UI_METHOD *ui_method,
-                                         void *callback_data)
-{
-    EVP_PKEY *res = NULL;
-    int ret = 0;
-    unsigned long el = 0;
-    char *hptr = NULL;
-    char keytype = 0;
-    char msg[64] = "ENGINE_load_privkey";
-
-    if (!p_surewarehk_Load_Privkey) {
-        SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVKEY,
-                    ENGINE_R_NOT_INITIALISED);
-    } else {
-        ret = p_surewarehk_Load_Privkey(msg, key_id, &hptr, &el, &keytype);
-        if (ret != 1) {
-            SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVKEY,
-                        ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
-            ERR_add_error_data(1, msg);
-        } else
-            res = sureware_load_public(e, key_id, hptr, el, keytype);
-    }
-    return res;
-}
-
-static EVP_PKEY *surewarehk_load_pubkey(ENGINE *e, const char *key_id,
-                                        UI_METHOD *ui_method,
-                                        void *callback_data)
-{
-    EVP_PKEY *res = NULL;
-    int ret = 0;
-    unsigned long el = 0;
-    char *hptr = NULL;
-    char keytype = 0;
-    char msg[64] = "ENGINE_load_pubkey";
-
-    if (!p_surewarehk_Info_Pubkey) {
-        SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBKEY,
-                    ENGINE_R_NOT_INITIALISED);
-    } else {
-        /* call once to identify if DSA or RSA */
-        ret = p_surewarehk_Info_Pubkey(msg, key_id, &el, &keytype);
-        if (ret != 1) {
-            SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBKEY,
-                        ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
-            ERR_add_error_data(1, msg);
-        } else
-            res = sureware_load_public(e, key_id, hptr, el, keytype);
-    }
-    return res;
-}
-
-/*
- * This cleans up an RSA/DSA KM key(do not destroy the key into the hardware)
- * , called when ex_data is freed
- */
-static void surewarehk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
-                               int idx, long argl, void *argp)
-{
-    if (!p_surewarehk_Free) {
-        SUREWAREerr(SUREWARE_F_SUREWAREHK_EX_FREE, ENGINE_R_NOT_INITIALISED);
-    } else
-        p_surewarehk_Free((char *)item, 0);
-}
-
-#  if 0
-/* not currently used (bug?) */
-/*
- * This cleans up an DH KM key (destroys the key into hardware), called when
- * ex_data is freed
- */
-static void surewarehk_dh_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
-                                  int idx, long argl, void *argp)
-{
-    if (!p_surewarehk_Free) {
-        SUREWAREerr(SUREWARE_F_SUREWAREHK_DH_EX_FREE,
-                    ENGINE_R_NOT_INITIALISED);
-    } else
-        p_surewarehk_Free((char *)item, 1);
-}
-#  endif
-
-/*
- * return number of decrypted bytes
- */
-#  ifndef OPENSSL_NO_RSA
-static int surewarehk_rsa_priv_dec(int flen, const unsigned char *from,
-                                   unsigned char *to, RSA *rsa, int padding)
-{
-    int ret = 0, tlen;
-    char *buf = NULL, *hptr = NULL;
-    char msg[64] = "ENGINE_rsa_priv_dec";
-    if (!p_surewarehk_Rsa_Priv_Dec) {
-        SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,
-                    ENGINE_R_NOT_INITIALISED);
-    }
-    /* extract ref to private key */
-    else if (!(hptr = RSA_get_ex_data(rsa, rsaHndidx))) {
-        SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,
-                    SUREWARE_R_MISSING_KEY_COMPONENTS);
-        goto err;
-    }
-    /* analyse what padding we can do into the hardware */
-    if (padding == RSA_PKCS1_PADDING) {
-        /* do it one shot */
-        ret =
-            p_surewarehk_Rsa_Priv_Dec(msg, flen, (unsigned char *)from, &tlen,
-                                      to, hptr, SUREWARE_PKCS1_PAD);
-        surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,
-                                  ret);
-        if (ret != 1)
-            goto err;
-        ret = tlen;
-    } else {                    /* do with no padding into hardware */
-
-        ret =
-            p_surewarehk_Rsa_Priv_Dec(msg, flen, (unsigned char *)from, &tlen,
-                                      to, hptr, SUREWARE_NO_PAD);
-        surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,
-                                  ret);
-        if (ret != 1)
-            goto err;
-        /* intermediate buffer for padding */
-        if ((buf = OPENSSL_malloc(tlen)) == NULL) {
-            SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,
-                        ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-        memcpy(buf, to, tlen);  /* transfert to into buf */
-        switch (padding) {      /* check padding in software */
-#   ifndef OPENSSL_NO_SHA
-        case RSA_PKCS1_OAEP_PADDING:
-            ret =
-                RSA_padding_check_PKCS1_OAEP(to, tlen, (unsigned char *)buf,
-                                             tlen, tlen, NULL, 0);
-            break;
-#   endif
-        case RSA_SSLV23_PADDING:
-            ret =
-                RSA_padding_check_SSLv23(to, tlen, (unsigned char *)buf, flen,
-                                         tlen);
-            break;
-        case RSA_NO_PADDING:
-            ret =
-                RSA_padding_check_none(to, tlen, (unsigned char *)buf, flen,
-                                       tlen);
-            break;
-        default:
-            SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,
-                        SUREWARE_R_UNKNOWN_PADDING_TYPE);
-            goto err;
-        }
-        if (ret < 0)
-            SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,
-                        SUREWARE_R_PADDING_CHECK_FAILED);
-    }
- err:
-    if (buf) {
-        OPENSSL_cleanse(buf, tlen);
-        OPENSSL_free(buf);
-    }
-    return ret;
-}
-
-/*
- * Does what OpenSSL rsa_priv_enc does.
- */
-static int surewarehk_rsa_sign(int flen, const unsigned char *from,
-                               unsigned char *to, RSA *rsa, int padding)
-{
-    int ret = 0, tlen;
-    char *hptr = NULL;
-    char msg[64] = "ENGINE_rsa_sign";
-    if (!p_surewarehk_Rsa_Sign) {
-        SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_SIGN, ENGINE_R_NOT_INITIALISED);
-    }
-    /* extract ref to private key */
-    else if (!(hptr = RSA_get_ex_data(rsa, rsaHndidx))) {
-        SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_SIGN,
-                    SUREWARE_R_MISSING_KEY_COMPONENTS);
-    } else {
-        switch (padding) {
-        case RSA_PKCS1_PADDING: /* do it in one shot */
-            ret =
-                p_surewarehk_Rsa_Sign(msg, flen, (unsigned char *)from, &tlen,
-                                      to, hptr, SUREWARE_PKCS1_PAD);
-            surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_RSA_SIGN,
-                                      ret);
-            break;
-        case RSA_NO_PADDING:
-        default:
-            SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_SIGN,
-                        SUREWARE_R_UNKNOWN_PADDING_TYPE);
-        }
-    }
-    return ret == 1 ? tlen : ret;
-}
-
-#  endif
-
-#  ifndef OPENSSL_NO_DSA
-/* DSA sign and verify */
-static DSA_SIG *surewarehk_dsa_do_sign(const unsigned char *from, int flen,
-                                       DSA *dsa)
-{
-    int ret = 0;
-    char *hptr = NULL;
-    DSA_SIG *psign = NULL;
-    char msg[64] = "ENGINE_dsa_do_sign";
-    if (!p_surewarehk_Dsa_Sign) {
-        SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,
-                    ENGINE_R_NOT_INITIALISED);
-        goto err;
-    }
-    /* extract ref to private key */
-    else if (!(hptr = DSA_get_ex_data(dsa, dsaHndidx))) {
-        SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,
-                    SUREWARE_R_MISSING_KEY_COMPONENTS);
-        goto err;
-    } else {
-        if ((psign = DSA_SIG_new()) == NULL) {
-            SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,
-                        ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-        psign->r = BN_new();
-        psign->s = BN_new();
-        if(!psign->r || !psign->s)
-            goto err;
-        bn_expand2(psign->r, 20 / sizeof(BN_ULONG));
-        bn_expand2(psign->s, 20 / sizeof(BN_ULONG));
-        if (psign->r->dmax != 20 / sizeof(BN_ULONG) ||
-            psign->s->dmax != 20 / sizeof(BN_ULONG))
-            goto err;
-        ret = p_surewarehk_Dsa_Sign(msg, flen, from,
-                                    (unsigned long *)psign->r->d,
-                                    (unsigned long *)psign->s->d, hptr);
-        surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,
-                                  ret);
-    }
-    psign->r->top = 20 / sizeof(BN_ULONG);
-    bn_fix_top(psign->r);
-    psign->s->top = 20 / sizeof(BN_ULONG);
-    bn_fix_top(psign->s);
-
- err:
-    if (psign) {
-        DSA_SIG_free(psign);
-        psign = NULL;
-    }
-    return psign;
-}
-#  endif
-
-static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                             const BIGNUM *m, BN_CTX *ctx)
-{
-    int ret = 0;
-    char msg[64] = "ENGINE_modexp";
-    if (!p_surewarehk_Mod_Exp) {
-        SUREWAREerr(SUREWARE_F_SUREWAREHK_MODEXP, ENGINE_R_NOT_INITIALISED);
-    } else if (r) {
-        bn_expand2(r, m->top);
-        if (r->dmax == m->top) {
-            /* do it */
-            ret = p_surewarehk_Mod_Exp(msg,
-                                       m->top * sizeof(BN_ULONG),
-                                       (unsigned long *)m->d,
-                                       p->top * sizeof(BN_ULONG),
-                                       (unsigned long *)p->d,
-                                       a->top * sizeof(BN_ULONG),
-                                       (unsigned long *)a->d,
-                                       (unsigned long *)r->d);
-            surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_MODEXP, ret);
-            if (ret == 1) {
-                /* normalise result */
-                r->top = m->top;
-                bn_fix_top(r);
-            }
-        }
-    }
-    return ret;
-}
-# endif                         /* !OPENSSL_NO_HW_SureWare */
-#endif                          /* !OPENSSL_NO_HW */
diff --git a/freebsd/crypto/openssl/engines/e_sureware_err.c b/freebsd/crypto/openssl/engines/e_sureware_err.c
deleted file mode 100644
index 4245ac39..00000000
--- a/freebsd/crypto/openssl/engines/e_sureware_err.c
+++ /dev/null
@@ -1,156 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* e_sureware_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/*
- * NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include "e_sureware_err.h"
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-# define ERR_FUNC(func) ERR_PACK(0,func,0)
-# define ERR_REASON(reason) ERR_PACK(0,0,reason)
-
-static ERR_STRING_DATA SUREWARE_str_functs[] = {
-    {ERR_FUNC(SUREWARE_F_SUREWAREHK_CTRL), "SUREWAREHK_CTRL"},
-    {ERR_FUNC(SUREWARE_F_SUREWAREHK_DH_EX_FREE), "SUREWAREHK_DH_EX_FREE"},
-    {ERR_FUNC(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN), "SUREWAREHK_DSA_DO_SIGN"},
-    {ERR_FUNC(SUREWARE_F_SUREWAREHK_EX_FREE), "SUREWAREHK_EX_FREE"},
-    {ERR_FUNC(SUREWARE_F_SUREWAREHK_FINISH), "SUREWAREHK_FINISH"},
-    {ERR_FUNC(SUREWARE_F_SUREWAREHK_INIT), "SUREWAREHK_INIT"},
-    {ERR_FUNC(SUREWARE_F_SUREWAREHK_LOAD_PRIVKEY), "SUREWAREHK_LOAD_PRIVKEY"},
-    {ERR_FUNC(SUREWARE_F_SUREWAREHK_LOAD_PUBKEY), "SUREWAREHK_LOAD_PUBKEY"},
-    {ERR_FUNC(SUREWARE_F_SUREWAREHK_MODEXP), "SUREWAREHK_MODEXP"},
-    {ERR_FUNC(SUREWARE_F_SUREWAREHK_RAND_BYTES), "SUREWAREHK_RAND_BYTES"},
-    {ERR_FUNC(SUREWARE_F_SUREWAREHK_RAND_SEED), "SUREWAREHK_RAND_SEED"},
-    {ERR_FUNC(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC), "SUREWAREHK_RSA_PRIV_DEC"},
-    {ERR_FUNC(SUREWARE_F_SUREWAREHK_RSA_SIGN), "SUREWAREHK_RSA_SIGN"},
-    {ERR_FUNC(SUREWARE_F_SUREWARE_LOAD_PUBLIC), "SUREWARE_LOAD_PUBLIC"},
-    {0, NULL}
-};
-
-static ERR_STRING_DATA SUREWARE_str_reasons[] = {
-    {ERR_REASON(SUREWARE_R_BIO_WAS_FREED), "bio was freed"},
-    {ERR_REASON(SUREWARE_R_MISSING_KEY_COMPONENTS), "missing key components"},
-    {ERR_REASON(SUREWARE_R_PADDING_CHECK_FAILED), "padding check failed"},
-    {ERR_REASON(SUREWARE_R_REQUEST_FAILED), "request failed"},
-    {ERR_REASON(SUREWARE_R_REQUEST_FALLBACK), "request fallback"},
-    {ERR_REASON(SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL),
-     "size too large or too small"},
-    {ERR_REASON(SUREWARE_R_UNIT_FAILURE), "unit failure"},
-    {ERR_REASON(SUREWARE_R_UNKNOWN_PADDING_TYPE), "unknown padding type"},
-    {0, NULL}
-};
-
-#endif
-
-#ifdef SUREWARE_LIB_NAME
-static ERR_STRING_DATA SUREWARE_lib_name[] = {
-    {0, SUREWARE_LIB_NAME},
-    {0, NULL}
-};
-#endif
-
-static int SUREWARE_lib_error_code = 0;
-static int SUREWARE_error_init = 1;
-
-static void ERR_load_SUREWARE_strings(void)
-{
-    if (SUREWARE_lib_error_code == 0)
-        SUREWARE_lib_error_code = ERR_get_next_error_library();
-
-    if (SUREWARE_error_init) {
-        SUREWARE_error_init = 0;
-#ifndef OPENSSL_NO_ERR
-        ERR_load_strings(SUREWARE_lib_error_code, SUREWARE_str_functs);
-        ERR_load_strings(SUREWARE_lib_error_code, SUREWARE_str_reasons);
-#endif
-
-#ifdef SUREWARE_LIB_NAME
-        SUREWARE_lib_name->error = ERR_PACK(SUREWARE_lib_error_code, 0, 0);
-        ERR_load_strings(0, SUREWARE_lib_name);
-#endif
-    }
-}
-
-static void ERR_unload_SUREWARE_strings(void)
-{
-    if (SUREWARE_error_init == 0) {
-#ifndef OPENSSL_NO_ERR
-        ERR_unload_strings(SUREWARE_lib_error_code, SUREWARE_str_functs);
-        ERR_unload_strings(SUREWARE_lib_error_code, SUREWARE_str_reasons);
-#endif
-
-#ifdef SUREWARE_LIB_NAME
-        ERR_unload_strings(0, SUREWARE_lib_name);
-#endif
-        SUREWARE_error_init = 1;
-    }
-}
-
-static void ERR_SUREWARE_error(int function, int reason, char *file, int line)
-{
-    if (SUREWARE_lib_error_code == 0)
-        SUREWARE_lib_error_code = ERR_get_next_error_library();
-    ERR_PUT_error(SUREWARE_lib_error_code, function, reason, file, line);
-}
diff --git a/freebsd/crypto/openssl/engines/e_sureware_err.h b/freebsd/crypto/openssl/engines/e_sureware_err.h
deleted file mode 100644
index bef86239..00000000
--- a/freebsd/crypto/openssl/engines/e_sureware_err.h
+++ /dev/null
@@ -1,104 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_SUREWARE_ERR_H
-# define HEADER_SUREWARE_ERR_H
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* BEGIN ERROR CODES */
-/*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-static void ERR_load_SUREWARE_strings(void);
-static void ERR_unload_SUREWARE_strings(void);
-static void ERR_SUREWARE_error(int function, int reason, char *file,
-                               int line);
-# define SUREWAREerr(f,r) ERR_SUREWARE_error((f),(r),__FILE__,__LINE__)
-
-/* Error codes for the SUREWARE functions. */
-
-/* Function codes. */
-# define SUREWARE_F_SUREWAREHK_CTRL                       100
-# define SUREWARE_F_SUREWAREHK_DH_EX_FREE                 112
-# define SUREWARE_F_SUREWAREHK_DSA_DO_SIGN                101
-# define SUREWARE_F_SUREWAREHK_EX_FREE                    102
-# define SUREWARE_F_SUREWAREHK_FINISH                     103
-# define SUREWARE_F_SUREWAREHK_INIT                       104
-# define SUREWARE_F_SUREWAREHK_LOAD_PRIVKEY               105
-# define SUREWARE_F_SUREWAREHK_LOAD_PUBKEY                113
-# define SUREWARE_F_SUREWAREHK_MODEXP                     107
-# define SUREWARE_F_SUREWAREHK_RAND_BYTES                 108
-# define SUREWARE_F_SUREWAREHK_RAND_SEED                  109
-# define SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC               110
-# define SUREWARE_F_SUREWAREHK_RSA_SIGN                   111
-# define SUREWARE_F_SUREWARE_LOAD_PUBLIC                  106
-
-/* Reason codes. */
-# define SUREWARE_R_BIO_WAS_FREED                         100
-# define SUREWARE_R_MISSING_KEY_COMPONENTS                105
-# define SUREWARE_R_PADDING_CHECK_FAILED                  106
-# define SUREWARE_R_REQUEST_FAILED                        101
-# define SUREWARE_R_REQUEST_FALLBACK                      102
-# define SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL           103
-# define SUREWARE_R_UNIT_FAILURE                          104
-# define SUREWARE_R_UNKNOWN_PADDING_TYPE                  107
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/freebsd/crypto/openssl/engines/e_ubsec.c b/freebsd/crypto/openssl/engines/e_ubsec.c
deleted file mode 100644
index 7671870a..00000000
--- a/freebsd/crypto/openssl/engines/e_ubsec.c
+++ /dev/null
@@ -1,1087 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* crypto/engine/hw_ubsec.c */
-/*
- * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
- * 2000. Cloned shamelessly by Joe Tardo.
- */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/buffer.h>
-#include <openssl/dso.h>
-#include <openssl/engine.h>
-#ifndef OPENSSL_NO_RSA
-# include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-# include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-# include <openssl/dh.h>
-#endif
-#include <openssl/bn.h>
-
-#ifndef OPENSSL_NO_HW
-# ifndef OPENSSL_NO_HW_UBSEC
-
-#  ifdef FLAT_INC
-#   include "hw_ubsec.h"
-#  else
-#   include "vendor_defns/hw_ubsec.h"
-#  endif
-
-#  define UBSEC_LIB_NAME "ubsec engine"
-#  include "e_ubsec_err.c"
-
-#  define FAIL_TO_SOFTWARE -15
-
-static int ubsec_destroy(ENGINE *e);
-static int ubsec_init(ENGINE *e);
-static int ubsec_finish(ENGINE *e);
-static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void));
-static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                         const BIGNUM *m, BN_CTX *ctx);
-#  ifndef OPENSSL_NO_RSA
-static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                             const BIGNUM *q, const BIGNUM *dp,
-                             const BIGNUM *dq, const BIGNUM *qinv,
-                             BN_CTX *ctx);
-static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
-                             BN_CTX *ctx);
-static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                              const BIGNUM *m, BN_CTX *ctx,
-                              BN_MONT_CTX *m_ctx);
-#  endif
-#  ifndef OPENSSL_NO_DSA
-#   ifdef NOT_USED
-static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
-                             BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
-                             BN_CTX *ctx, BN_MONT_CTX *in_mont);
-static int ubsec_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
-                             const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
-                             BN_MONT_CTX *m_ctx);
-#   endif
-static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen,
-                                  DSA *dsa);
-static int ubsec_dsa_verify(const unsigned char *dgst, int dgst_len,
-                            DSA_SIG *sig, DSA *dsa);
-#  endif
-#  ifndef OPENSSL_NO_DH
-static int ubsec_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
-                            const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
-                            BN_MONT_CTX *m_ctx);
-static int ubsec_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
-                                DH *dh);
-static int ubsec_dh_generate_key(DH *dh);
-#  endif
-
-#  ifdef NOT_USED
-static int ubsec_rand_bytes(unsigned char *buf, int num);
-static int ubsec_rand_status(void);
-#  endif
-
-#  define UBSEC_CMD_SO_PATH               ENGINE_CMD_BASE
-static const ENGINE_CMD_DEFN ubsec_cmd_defns[] = {
-    {UBSEC_CMD_SO_PATH,
-     "SO_PATH",
-     "Specifies the path to the 'ubsec' shared library",
-     ENGINE_CMD_FLAG_STRING},
-    {0, NULL, NULL, 0}
-};
-
-#  ifndef OPENSSL_NO_RSA
-/* Our internal RSA_METHOD that we provide pointers to */
-static RSA_METHOD ubsec_rsa = {
-    "UBSEC RSA method",
-    NULL,
-    NULL,
-    NULL,
-    NULL,
-    ubsec_rsa_mod_exp,
-    ubsec_mod_exp_mont,
-    NULL,
-    NULL,
-    0,
-    NULL,
-    NULL,
-    NULL,
-    NULL
-};
-#  endif
-
-#  ifndef OPENSSL_NO_DSA
-/* Our internal DSA_METHOD that we provide pointers to */
-static DSA_METHOD ubsec_dsa = {
-    "UBSEC DSA method",
-    ubsec_dsa_do_sign,          /* dsa_do_sign */
-    NULL,                       /* dsa_sign_setup */
-    ubsec_dsa_verify,           /* dsa_do_verify */
-    NULL,                       /* ubsec_dsa_mod_exp *//* dsa_mod_exp */
-    NULL,                       /* ubsec_mod_exp_dsa *//* bn_mod_exp */
-    NULL,                       /* init */
-    NULL,                       /* finish */
-    0,                          /* flags */
-    NULL,                       /* app_data */
-    NULL,                       /* dsa_paramgen */
-    NULL                        /* dsa_keygen */
-};
-#  endif
-
-#  ifndef OPENSSL_NO_DH
-/* Our internal DH_METHOD that we provide pointers to */
-static DH_METHOD ubsec_dh = {
-    "UBSEC DH method",
-    ubsec_dh_generate_key,
-    ubsec_dh_compute_key,
-    ubsec_mod_exp_dh,
-    NULL,
-    NULL,
-    0,
-    NULL,
-    NULL
-};
-#  endif
-
-/* Constants used when creating the ENGINE */
-static const char *engine_ubsec_id = "ubsec";
-static const char *engine_ubsec_name = "UBSEC hardware engine support";
-
-/*
- * This internal function is used by ENGINE_ubsec() and possibly by the
- * "dynamic" ENGINE support too
- */
-static int bind_helper(ENGINE *e)
-{
-#  ifndef OPENSSL_NO_RSA
-    const RSA_METHOD *meth1;
-#  endif
-#  ifndef OPENSSL_NO_DH
-#   ifndef HAVE_UBSEC_DH
-    const DH_METHOD *meth3;
-#   endif                       /* HAVE_UBSEC_DH */
-#  endif
-    if (!ENGINE_set_id(e, engine_ubsec_id) ||
-        !ENGINE_set_name(e, engine_ubsec_name) ||
-#  ifndef OPENSSL_NO_RSA
-        !ENGINE_set_RSA(e, &ubsec_rsa) ||
-#  endif
-#  ifndef OPENSSL_NO_DSA
-        !ENGINE_set_DSA(e, &ubsec_dsa) ||
-#  endif
-#  ifndef OPENSSL_NO_DH
-        !ENGINE_set_DH(e, &ubsec_dh) ||
-#  endif
-        !ENGINE_set_destroy_function(e, ubsec_destroy) ||
-        !ENGINE_set_init_function(e, ubsec_init) ||
-        !ENGINE_set_finish_function(e, ubsec_finish) ||
-        !ENGINE_set_ctrl_function(e, ubsec_ctrl) ||
-        !ENGINE_set_cmd_defns(e, ubsec_cmd_defns))
-        return 0;
-
-#  ifndef OPENSSL_NO_RSA
-    /*
-     * We know that the "PKCS1_SSLeay()" functions hook properly to the
-     * Broadcom-specific mod_exp and mod_exp_crt so we use those functions.
-     * NB: We don't use ENGINE_openssl() or anything "more generic" because
-     * something like the RSAref code may not hook properly, and if you own
-     * one of these cards then you have the right to do RSA operations on it
-     * anyway!
-     */
-    meth1 = RSA_PKCS1_SSLeay();
-    ubsec_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
-    ubsec_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
-    ubsec_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
-    ubsec_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
-#  endif
-
-#  ifndef OPENSSL_NO_DH
-#   ifndef HAVE_UBSEC_DH
-    /* Much the same for Diffie-Hellman */
-    meth3 = DH_OpenSSL();
-    ubsec_dh.generate_key = meth3->generate_key;
-    ubsec_dh.compute_key = meth3->compute_key;
-#   endif                       /* HAVE_UBSEC_DH */
-#  endif
-
-    /* Ensure the ubsec error handling is set up */
-    ERR_load_UBSEC_strings();
-    return 1;
-}
-
-#  ifdef OPENSSL_NO_DYNAMIC_ENGINE
-static ENGINE *engine_ubsec(void)
-{
-    ENGINE *ret = ENGINE_new();
-    if (!ret)
-        return NULL;
-    if (!bind_helper(ret)) {
-        ENGINE_free(ret);
-        return NULL;
-    }
-    return ret;
-}
-
-void ENGINE_load_ubsec(void)
-{
-    /* Copied from eng_[openssl|dyn].c */
-    ENGINE *toadd = engine_ubsec();
-    if (!toadd)
-        return;
-    ENGINE_add(toadd);
-    ENGINE_free(toadd);
-    ERR_clear_error();
-}
-#  endif
-
-/*
- * This is a process-global DSO handle used for loading and unloading the
- * UBSEC library. NB: This is only set (or unset) during an init() or
- * finish() call (reference counts permitting) and they're operating with
- * global locks, so this should be thread-safe implicitly.
- */
-
-static DSO *ubsec_dso = NULL;
-
-/*
- * These are the function pointers that are (un)set when the library has
- * successfully (un)loaded.
- */
-
-static t_UBSEC_ubsec_bytes_to_bits *p_UBSEC_ubsec_bytes_to_bits = NULL;
-static t_UBSEC_ubsec_bits_to_bytes *p_UBSEC_ubsec_bits_to_bytes = NULL;
-static t_UBSEC_ubsec_open *p_UBSEC_ubsec_open = NULL;
-static t_UBSEC_ubsec_close *p_UBSEC_ubsec_close = NULL;
-#  ifndef OPENSSL_NO_DH
-static t_UBSEC_diffie_hellman_generate_ioctl
-    * p_UBSEC_diffie_hellman_generate_ioctl = NULL;
-static t_UBSEC_diffie_hellman_agree_ioctl *p_UBSEC_diffie_hellman_agree_ioctl
-    = NULL;
-#  endif
-#  ifndef OPENSSL_NO_RSA
-static t_UBSEC_rsa_mod_exp_ioctl *p_UBSEC_rsa_mod_exp_ioctl = NULL;
-static t_UBSEC_rsa_mod_exp_crt_ioctl *p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;
-#  endif
-#  ifndef OPENSSL_NO_DSA
-static t_UBSEC_dsa_sign_ioctl *p_UBSEC_dsa_sign_ioctl = NULL;
-static t_UBSEC_dsa_verify_ioctl *p_UBSEC_dsa_verify_ioctl = NULL;
-#  endif
-static t_UBSEC_math_accelerate_ioctl *p_UBSEC_math_accelerate_ioctl = NULL;
-static t_UBSEC_rng_ioctl *p_UBSEC_rng_ioctl = NULL;
-static t_UBSEC_max_key_len_ioctl *p_UBSEC_max_key_len_ioctl = NULL;
-
-static int max_key_len = 1024;  /* ??? */
-
-/*
- * These are the static string constants for the DSO file name and the function
- * symbol names to bind to.
- */
-
-static const char *UBSEC_LIBNAME = NULL;
-static const char *get_UBSEC_LIBNAME(void)
-{
-    if (UBSEC_LIBNAME)
-        return UBSEC_LIBNAME;
-    return "ubsec";
-}
-
-static void free_UBSEC_LIBNAME(void)
-{
-    if (UBSEC_LIBNAME)
-        OPENSSL_free((void *)UBSEC_LIBNAME);
-    UBSEC_LIBNAME = NULL;
-}
-
-static long set_UBSEC_LIBNAME(const char *name)
-{
-    free_UBSEC_LIBNAME();
-    return (((UBSEC_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
-}
-
-static const char *UBSEC_F1 = "ubsec_bytes_to_bits";
-static const char *UBSEC_F2 = "ubsec_bits_to_bytes";
-static const char *UBSEC_F3 = "ubsec_open";
-static const char *UBSEC_F4 = "ubsec_close";
-#  ifndef OPENSSL_NO_DH
-static const char *UBSEC_F5 = "diffie_hellman_generate_ioctl";
-static const char *UBSEC_F6 = "diffie_hellman_agree_ioctl";
-#  endif
-/* #ifndef OPENSSL_NO_RSA */
-static const char *UBSEC_F7 = "rsa_mod_exp_ioctl";
-static const char *UBSEC_F8 = "rsa_mod_exp_crt_ioctl";
-/* #endif */
-#  ifndef OPENSSL_NO_DSA
-static const char *UBSEC_F9 = "dsa_sign_ioctl";
-static const char *UBSEC_F10 = "dsa_verify_ioctl";
-#  endif
-static const char *UBSEC_F11 = "math_accelerate_ioctl";
-static const char *UBSEC_F12 = "rng_ioctl";
-static const char *UBSEC_F13 = "ubsec_max_key_len_ioctl";
-
-/* Destructor (complements the "ENGINE_ubsec()" constructor) */
-static int ubsec_destroy(ENGINE *e)
-{
-    free_UBSEC_LIBNAME();
-    ERR_unload_UBSEC_strings();
-    return 1;
-}
-
-/* (de)initialisation functions. */
-static int ubsec_init(ENGINE *e)
-{
-    t_UBSEC_ubsec_bytes_to_bits *p1;
-    t_UBSEC_ubsec_bits_to_bytes *p2;
-    t_UBSEC_ubsec_open *p3;
-    t_UBSEC_ubsec_close *p4;
-#  ifndef OPENSSL_NO_DH
-    t_UBSEC_diffie_hellman_generate_ioctl *p5;
-    t_UBSEC_diffie_hellman_agree_ioctl *p6;
-#  endif
-/* #ifndef OPENSSL_NO_RSA */
-    t_UBSEC_rsa_mod_exp_ioctl *p7;
-    t_UBSEC_rsa_mod_exp_crt_ioctl *p8;
-/* #endif */
-#  ifndef OPENSSL_NO_DSA
-    t_UBSEC_dsa_sign_ioctl *p9;
-    t_UBSEC_dsa_verify_ioctl *p10;
-#  endif
-    t_UBSEC_math_accelerate_ioctl *p11;
-    t_UBSEC_rng_ioctl *p12;
-    t_UBSEC_max_key_len_ioctl *p13;
-    int fd = 0;
-
-    if (ubsec_dso != NULL) {
-        UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_ALREADY_LOADED);
-        goto err;
-    }
-    /*
-     * Attempt to load libubsec.so/ubsec.dll/whatever.
-     */
-    ubsec_dso = DSO_load(NULL, get_UBSEC_LIBNAME(), NULL, 0);
-    if (ubsec_dso == NULL) {
-        UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_DSO_FAILURE);
-        goto err;
-    }
-
-    if (!(p1 = (t_UBSEC_ubsec_bytes_to_bits *)
-          DSO_bind_func(ubsec_dso, UBSEC_F1))
-        || !(p2 = (t_UBSEC_ubsec_bits_to_bytes *)
-             DSO_bind_func(ubsec_dso, UBSEC_F2))
-        || !(p3 = (t_UBSEC_ubsec_open *)
-             DSO_bind_func(ubsec_dso, UBSEC_F3))
-        || !(p4 = (t_UBSEC_ubsec_close *)
-             DSO_bind_func(ubsec_dso, UBSEC_F4))
-#  ifndef OPENSSL_NO_DH
-        || !(p5 = (t_UBSEC_diffie_hellman_generate_ioctl *)
-             DSO_bind_func(ubsec_dso, UBSEC_F5))
-        || !(p6 = (t_UBSEC_diffie_hellman_agree_ioctl *)
-             DSO_bind_func(ubsec_dso, UBSEC_F6))
-#  endif
-/* #ifndef OPENSSL_NO_RSA */
-        || !(p7 = (t_UBSEC_rsa_mod_exp_ioctl *)
-             DSO_bind_func(ubsec_dso, UBSEC_F7))
-        || !(p8 = (t_UBSEC_rsa_mod_exp_crt_ioctl *)
-             DSO_bind_func(ubsec_dso, UBSEC_F8))
-/* #endif */
-#  ifndef OPENSSL_NO_DSA
-        || !(p9 = (t_UBSEC_dsa_sign_ioctl *)
-             DSO_bind_func(ubsec_dso, UBSEC_F9))
-        || !(p10 = (t_UBSEC_dsa_verify_ioctl *)
-             DSO_bind_func(ubsec_dso, UBSEC_F10))
-#  endif
-        || !(p11 = (t_UBSEC_math_accelerate_ioctl *)
-             DSO_bind_func(ubsec_dso, UBSEC_F11))
-        || !(p12 = (t_UBSEC_rng_ioctl *)
-             DSO_bind_func(ubsec_dso, UBSEC_F12))
-        || !(p13 = (t_UBSEC_max_key_len_ioctl *)
-             DSO_bind_func(ubsec_dso, UBSEC_F13))) {
-        UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_DSO_FAILURE);
-        goto err;
-    }
-
-    /* Copy the pointers */
-    p_UBSEC_ubsec_bytes_to_bits = p1;
-    p_UBSEC_ubsec_bits_to_bytes = p2;
-    p_UBSEC_ubsec_open = p3;
-    p_UBSEC_ubsec_close = p4;
-#  ifndef OPENSSL_NO_DH
-    p_UBSEC_diffie_hellman_generate_ioctl = p5;
-    p_UBSEC_diffie_hellman_agree_ioctl = p6;
-#  endif
-#  ifndef OPENSSL_NO_RSA
-    p_UBSEC_rsa_mod_exp_ioctl = p7;
-    p_UBSEC_rsa_mod_exp_crt_ioctl = p8;
-#  endif
-#  ifndef OPENSSL_NO_DSA
-    p_UBSEC_dsa_sign_ioctl = p9;
-    p_UBSEC_dsa_verify_ioctl = p10;
-#  endif
-    p_UBSEC_math_accelerate_ioctl = p11;
-    p_UBSEC_rng_ioctl = p12;
-    p_UBSEC_max_key_len_ioctl = p13;
-
-    /* Perform an open to see if there's actually any unit running. */
-    if (((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) > 0)
-        && (p_UBSEC_max_key_len_ioctl(fd, &max_key_len) == 0)) {
-        p_UBSEC_ubsec_close(fd);
-        return 1;
-    } else {
-        UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
-    }
-
- err:
-    if (ubsec_dso)
-        DSO_free(ubsec_dso);
-    ubsec_dso = NULL;
-    p_UBSEC_ubsec_bytes_to_bits = NULL;
-    p_UBSEC_ubsec_bits_to_bytes = NULL;
-    p_UBSEC_ubsec_open = NULL;
-    p_UBSEC_ubsec_close = NULL;
-#  ifndef OPENSSL_NO_DH
-    p_UBSEC_diffie_hellman_generate_ioctl = NULL;
-    p_UBSEC_diffie_hellman_agree_ioctl = NULL;
-#  endif
-#  ifndef OPENSSL_NO_RSA
-    p_UBSEC_rsa_mod_exp_ioctl = NULL;
-    p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;
-#  endif
-#  ifndef OPENSSL_NO_DSA
-    p_UBSEC_dsa_sign_ioctl = NULL;
-    p_UBSEC_dsa_verify_ioctl = NULL;
-#  endif
-    p_UBSEC_math_accelerate_ioctl = NULL;
-    p_UBSEC_rng_ioctl = NULL;
-    p_UBSEC_max_key_len_ioctl = NULL;
-
-    return 0;
-}
-
-static int ubsec_finish(ENGINE *e)
-{
-    free_UBSEC_LIBNAME();
-    if (ubsec_dso == NULL) {
-        UBSECerr(UBSEC_F_UBSEC_FINISH, UBSEC_R_NOT_LOADED);
-        return 0;
-    }
-    if (!DSO_free(ubsec_dso)) {
-        UBSECerr(UBSEC_F_UBSEC_FINISH, UBSEC_R_DSO_FAILURE);
-        return 0;
-    }
-    ubsec_dso = NULL;
-    p_UBSEC_ubsec_bytes_to_bits = NULL;
-    p_UBSEC_ubsec_bits_to_bytes = NULL;
-    p_UBSEC_ubsec_open = NULL;
-    p_UBSEC_ubsec_close = NULL;
-#  ifndef OPENSSL_NO_DH
-    p_UBSEC_diffie_hellman_generate_ioctl = NULL;
-    p_UBSEC_diffie_hellman_agree_ioctl = NULL;
-#  endif
-#  ifndef OPENSSL_NO_RSA
-    p_UBSEC_rsa_mod_exp_ioctl = NULL;
-    p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;
-#  endif
-#  ifndef OPENSSL_NO_DSA
-    p_UBSEC_dsa_sign_ioctl = NULL;
-    p_UBSEC_dsa_verify_ioctl = NULL;
-#  endif
-    p_UBSEC_math_accelerate_ioctl = NULL;
-    p_UBSEC_rng_ioctl = NULL;
-    p_UBSEC_max_key_len_ioctl = NULL;
-    return 1;
-}
-
-static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
-{
-    int initialised = ((ubsec_dso == NULL) ? 0 : 1);
-    switch (cmd) {
-    case UBSEC_CMD_SO_PATH:
-        if (p == NULL) {
-            UBSECerr(UBSEC_F_UBSEC_CTRL, ERR_R_PASSED_NULL_PARAMETER);
-            return 0;
-        }
-        if (initialised) {
-            UBSECerr(UBSEC_F_UBSEC_CTRL, UBSEC_R_ALREADY_LOADED);
-            return 0;
-        }
-        return set_UBSEC_LIBNAME((const char *)p);
-    default:
-        break;
-    }
-    UBSECerr(UBSEC_F_UBSEC_CTRL, UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED);
-    return 0;
-}
-
-static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                         const BIGNUM *m, BN_CTX *ctx)
-{
-    int y_len = 0;
-    int fd;
-
-    if (ubsec_dso == NULL) {
-        UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_NOT_LOADED);
-        return 0;
-    }
-
-    /* Check if hardware can't handle this argument. */
-    y_len = BN_num_bits(m);
-    if (y_len > max_key_len) {
-        UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
-        return BN_mod_exp(r, a, p, m, ctx);
-    }
-
-    if (!bn_wexpand(r, m->top)) {
-        UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_BN_EXPAND_FAIL);
-        return 0;
-    }
-
-    if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
-        fd = 0;
-        UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_UNIT_FAILURE);
-        return BN_mod_exp(r, a, p, m, ctx);
-    }
-
-    if (p_UBSEC_rsa_mod_exp_ioctl(fd, (unsigned char *)a->d, BN_num_bits(a),
-                                  (unsigned char *)m->d, BN_num_bits(m),
-                                  (unsigned char *)p->d, BN_num_bits(p),
-                                  (unsigned char *)r->d, &y_len) != 0) {
-        UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_REQUEST_FAILED);
-        p_UBSEC_ubsec_close(fd);
-
-        return BN_mod_exp(r, a, p, m, ctx);
-    }
-
-    p_UBSEC_ubsec_close(fd);
-
-    r->top = (BN_num_bits(m) + BN_BITS2 - 1) / BN_BITS2;
-    return 1;
-}
-
-#  ifndef OPENSSL_NO_RSA
-static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
-                             BN_CTX *ctx)
-{
-    int to_return = 0;
-
-    if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
-        UBSECerr(UBSEC_F_UBSEC_RSA_MOD_EXP, UBSEC_R_MISSING_KEY_COMPONENTS);
-        goto err;
-    }
-
-    to_return = ubsec_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,
-                                  rsa->dmq1, rsa->iqmp, ctx);
-    if (to_return == FAIL_TO_SOFTWARE) {
-        /*
-         * Do in software as hardware failed.
-         */
-        const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
-        to_return = (*meth->rsa_mod_exp) (r0, I, rsa, ctx);
-    }
- err:
-    return to_return;
-}
-
-static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                             const BIGNUM *q, const BIGNUM *dp,
-                             const BIGNUM *dq, const BIGNUM *qinv,
-                             BN_CTX *ctx)
-{
-    int y_len, fd;
-
-    y_len = BN_num_bits(p) + BN_num_bits(q);
-
-    /* Check if hardware can't handle this argument. */
-    if (y_len > max_key_len) {
-        UBSECerr(UBSEC_F_UBSEC_MOD_EXP_CRT,
-                 UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
-        return FAIL_TO_SOFTWARE;
-    }
-
-    if (!bn_wexpand(r, p->top + q->top + 1)) {
-        UBSECerr(UBSEC_F_UBSEC_MOD_EXP_CRT, UBSEC_R_BN_EXPAND_FAIL);
-        return 0;
-    }
-
-    if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
-        fd = 0;
-        UBSECerr(UBSEC_F_UBSEC_MOD_EXP_CRT, UBSEC_R_UNIT_FAILURE);
-        return FAIL_TO_SOFTWARE;
-    }
-
-    if (p_UBSEC_rsa_mod_exp_crt_ioctl(fd,
-                                      (unsigned char *)a->d, BN_num_bits(a),
-                                      (unsigned char *)qinv->d,
-                                      BN_num_bits(qinv),
-                                      (unsigned char *)dp->d, BN_num_bits(dp),
-                                      (unsigned char *)p->d, BN_num_bits(p),
-                                      (unsigned char *)dq->d, BN_num_bits(dq),
-                                      (unsigned char *)q->d, BN_num_bits(q),
-                                      (unsigned char *)r->d, &y_len) != 0) {
-        UBSECerr(UBSEC_F_UBSEC_MOD_EXP_CRT, UBSEC_R_REQUEST_FAILED);
-        p_UBSEC_ubsec_close(fd);
-        return FAIL_TO_SOFTWARE;
-    }
-
-    p_UBSEC_ubsec_close(fd);
-
-    r->top = (BN_num_bits(p) + BN_num_bits(q) + BN_BITS2 - 1) / BN_BITS2;
-    return 1;
-}
-#  endif
-
-#  ifndef OPENSSL_NO_DSA
-#   ifdef NOT_USED
-static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
-                             BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
-                             BN_CTX *ctx, BN_MONT_CTX *in_mont)
-{
-    BIGNUM t;
-    int to_return = 0;
-
-    BN_init(&t);
-    /* let rr = a1 ^ p1 mod m */
-    if (!ubsec_mod_exp(rr, a1, p1, m, ctx))
-        goto end;
-    /* let t = a2 ^ p2 mod m */
-    if (!ubsec_mod_exp(&t, a2, p2, m, ctx))
-        goto end;
-    /* let rr = rr * t mod m */
-    if (!BN_mod_mul(rr, rr, &t, m, ctx))
-        goto end;
-    to_return = 1;
- end:
-    BN_free(&t);
-    return to_return;
-}
-
-static int ubsec_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
-                             const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
-                             BN_MONT_CTX *m_ctx)
-{
-    return ubsec_mod_exp(r, a, p, m, ctx);
-}
-#   endif
-#  endif
-
-#  ifndef OPENSSL_NO_RSA
-
-/*
- * This function is aliased to mod_exp (with the mont stuff dropped).
- */
-static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                              const BIGNUM *m, BN_CTX *ctx,
-                              BN_MONT_CTX *m_ctx)
-{
-    int ret = 0;
-
-    /* Do in software if the key is too large for the hardware. */
-    if (BN_num_bits(m) > max_key_len) {
-        const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
-        ret = (*meth->bn_mod_exp) (r, a, p, m, ctx, m_ctx);
-    } else {
-        ret = ubsec_mod_exp(r, a, p, m, ctx);
-    }
-
-    return ret;
-}
-#  endif
-
-#  ifndef OPENSSL_NO_DH
-/* This function is aliased to mod_exp (with the dh and mont dropped). */
-static int ubsec_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
-                            const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
-                            BN_MONT_CTX *m_ctx)
-{
-    return ubsec_mod_exp(r, a, p, m, ctx);
-}
-#  endif
-
-#  ifndef OPENSSL_NO_DSA
-static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen,
-                                  DSA *dsa)
-{
-    DSA_SIG *to_return = NULL;
-    int s_len = 160, r_len = 160, d_len, fd;
-    BIGNUM m, *r = NULL, *s = NULL;
-
-    BN_init(&m);
-
-    s = BN_new();
-    r = BN_new();
-    if ((s == NULL) || (r == NULL))
-        goto err;
-
-    d_len = p_UBSEC_ubsec_bytes_to_bits((unsigned char *)dgst, dlen);
-
-    if (!bn_wexpand(r, (160 + BN_BITS2 - 1) / BN_BITS2) ||
-        (!bn_wexpand(s, (160 + BN_BITS2 - 1) / BN_BITS2))) {
-        UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_BN_EXPAND_FAIL);
-        goto err;
-    }
-
-    if (BN_bin2bn(dgst, dlen, &m) == NULL) {
-        UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_BN_EXPAND_FAIL);
-        goto err;
-    }
-
-    if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
-        const DSA_METHOD *meth;
-        fd = 0;
-        UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_UNIT_FAILURE);
-        meth = DSA_OpenSSL();
-        to_return = meth->dsa_do_sign(dgst, dlen, dsa);
-        goto err;
-    }
-
-    if (p_UBSEC_dsa_sign_ioctl(fd,
-                               /* compute hash before signing */
-                               0, (unsigned char *)dgst, d_len, NULL,
-                               /* compute random value */
-                               0,
-                               (unsigned char *)dsa->p->d,
-                               BN_num_bits(dsa->p),
-                               (unsigned char *)dsa->q->d,
-                               BN_num_bits(dsa->q),
-                               (unsigned char *)dsa->g->d,
-                               BN_num_bits(dsa->g),
-                               (unsigned char *)dsa->priv_key->d,
-                               BN_num_bits(dsa->priv_key),
-                               (unsigned char *)r->d, &r_len,
-                               (unsigned char *)s->d, &s_len) != 0) {
-        const DSA_METHOD *meth;
-
-        UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_REQUEST_FAILED);
-        p_UBSEC_ubsec_close(fd);
-        meth = DSA_OpenSSL();
-        to_return = meth->dsa_do_sign(dgst, dlen, dsa);
-
-        goto err;
-    }
-
-    p_UBSEC_ubsec_close(fd);
-
-    r->top = (160 + BN_BITS2 - 1) / BN_BITS2;
-    s->top = (160 + BN_BITS2 - 1) / BN_BITS2;
-
-    to_return = DSA_SIG_new();
-    if (to_return == NULL) {
-        UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_BN_EXPAND_FAIL);
-        goto err;
-    }
-
-    to_return->r = r;
-    to_return->s = s;
-
- err:
-    if (!to_return) {
-        if (r)
-            BN_free(r);
-        if (s)
-            BN_free(s);
-    }
-    BN_clear_free(&m);
-    return to_return;
-}
-
-static int ubsec_dsa_verify(const unsigned char *dgst, int dgst_len,
-                            DSA_SIG *sig, DSA *dsa)
-{
-    int v_len, d_len;
-    int to_return = 0;
-    int fd;
-    BIGNUM v, *pv = &v;
-
-    BN_init(&v);
-
-    if (!bn_wexpand(pv, dsa->p->top)) {
-        UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY, UBSEC_R_BN_EXPAND_FAIL);
-        goto err;
-    }
-
-    v_len = BN_num_bits(dsa->p);
-
-    d_len = p_UBSEC_ubsec_bytes_to_bits((unsigned char *)dgst, dgst_len);
-
-    if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
-        const DSA_METHOD *meth;
-        fd = 0;
-        UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY, UBSEC_R_UNIT_FAILURE);
-        meth = DSA_OpenSSL();
-        to_return = meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
-        goto err;
-    }
-
-    if (p_UBSEC_dsa_verify_ioctl(fd, 0, /* compute hash before signing */
-                                 (unsigned char *)dgst, d_len,
-                                 (unsigned char *)dsa->p->d,
-                                 BN_num_bits(dsa->p),
-                                 (unsigned char *)dsa->q->d,
-                                 BN_num_bits(dsa->q),
-                                 (unsigned char *)dsa->g->d,
-                                 BN_num_bits(dsa->g),
-                                 (unsigned char *)dsa->pub_key->d,
-                                 BN_num_bits(dsa->pub_key),
-                                 (unsigned char *)sig->r->d,
-                                 BN_num_bits(sig->r),
-                                 (unsigned char *)sig->s->d,
-                                 BN_num_bits(sig->s), (unsigned char *)v.d,
-                                 &v_len) != 0) {
-        const DSA_METHOD *meth;
-        UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY, UBSEC_R_REQUEST_FAILED);
-        p_UBSEC_ubsec_close(fd);
-
-        meth = DSA_OpenSSL();
-        to_return = meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
-
-        goto err;
-    }
-
-    p_UBSEC_ubsec_close(fd);
-
-    to_return = 1;
- err:
-    BN_clear_free(&v);
-    return to_return;
-}
-#  endif
-
-#  ifndef OPENSSL_NO_DH
-static int ubsec_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
-                                DH *dh)
-{
-    int ret = -1, k_len, fd;
-
-    k_len = BN_num_bits(dh->p);
-
-    if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
-        const DH_METHOD *meth;
-        UBSECerr(UBSEC_F_UBSEC_DH_COMPUTE_KEY, UBSEC_R_UNIT_FAILURE);
-        meth = DH_OpenSSL();
-        ret = meth->compute_key(key, pub_key, dh);
-        goto err;
-    }
-
-    if (p_UBSEC_diffie_hellman_agree_ioctl(fd,
-                                           (unsigned char *)dh->priv_key->d,
-                                           BN_num_bits(dh->priv_key),
-                                           (unsigned char *)pub_key->d,
-                                           BN_num_bits(pub_key),
-                                           (unsigned char *)dh->p->d,
-                                           BN_num_bits(dh->p), key,
-                                           &k_len) != 0) {
-        /* Hardware's a no go, failover to software */
-        const DH_METHOD *meth;
-        UBSECerr(UBSEC_F_UBSEC_DH_COMPUTE_KEY, UBSEC_R_REQUEST_FAILED);
-        p_UBSEC_ubsec_close(fd);
-
-        meth = DH_OpenSSL();
-        ret = meth->compute_key(key, pub_key, dh);
-
-        goto err;
-    }
-
-    p_UBSEC_ubsec_close(fd);
-
-    ret = p_UBSEC_ubsec_bits_to_bytes(k_len);
- err:
-    return ret;
-}
-
-static int ubsec_dh_generate_key(DH *dh)
-{
-    int ret = 0, random_bits = 0, pub_key_len = 0, priv_key_len = 0, fd;
-    BIGNUM *pub_key = NULL;
-    BIGNUM *priv_key = NULL;
-
-    /*
-     *  How many bits should Random x be? dh_key.c
-     *  sets the range from 0 to num_bits(modulus) ???
-     */
-
-    if (dh->priv_key == NULL) {
-        priv_key = BN_new();
-        if (priv_key == NULL)
-            goto err;
-        priv_key_len = BN_num_bits(dh->p);
-        if (bn_wexpand(priv_key, dh->p->top) == NULL)
-            goto err;
-        do
-            if (!BN_rand_range(priv_key, dh->p))
-                goto err;
-        while (BN_is_zero(priv_key)) ;
-        random_bits = BN_num_bits(priv_key);
-    } else {
-        priv_key = dh->priv_key;
-    }
-
-    if (dh->pub_key == NULL) {
-        pub_key = BN_new();
-        if (pub_key == NULL)
-            goto err;
-        pub_key_len = BN_num_bits(dh->p);
-        if (bn_wexpand(pub_key, dh->p->top) == NULL)
-            goto err;
-    } else {
-        pub_key = dh->pub_key;
-    }
-
-    if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
-        const DH_METHOD *meth;
-        UBSECerr(UBSEC_F_UBSEC_DH_GENERATE_KEY, UBSEC_R_UNIT_FAILURE);
-        meth = DH_OpenSSL();
-        ret = meth->generate_key(dh);
-        goto err;
-    }
-
-    if (p_UBSEC_diffie_hellman_generate_ioctl(fd,
-                                              (unsigned char *)priv_key->d,
-                                              &priv_key_len,
-                                              (unsigned char *)pub_key->d,
-                                              &pub_key_len,
-                                              (unsigned char *)dh->g->d,
-                                              BN_num_bits(dh->g),
-                                              (unsigned char *)dh->p->d,
-                                              BN_num_bits(dh->p), 0, 0,
-                                              random_bits) != 0) {
-        /* Hardware's a no go, failover to software */
-        const DH_METHOD *meth;
-
-        UBSECerr(UBSEC_F_UBSEC_DH_GENERATE_KEY, UBSEC_R_REQUEST_FAILED);
-        p_UBSEC_ubsec_close(fd);
-
-        meth = DH_OpenSSL();
-        ret = meth->generate_key(dh);
-
-        goto err;
-    }
-
-    p_UBSEC_ubsec_close(fd);
-
-    dh->pub_key = pub_key;
-    dh->pub_key->top = (pub_key_len + BN_BITS2 - 1) / BN_BITS2;
-    dh->priv_key = priv_key;
-    dh->priv_key->top = (priv_key_len + BN_BITS2 - 1) / BN_BITS2;
-
-    ret = 1;
- err:
-    return ret;
-}
-#  endif
-
-#  ifdef NOT_USED
-static int ubsec_rand_bytes(unsigned char *buf, int num)
-{
-    int ret = 0, fd;
-
-    if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
-        const RAND_METHOD *meth;
-        UBSECerr(UBSEC_F_UBSEC_RAND_BYTES, UBSEC_R_UNIT_FAILURE);
-        num = p_UBSEC_ubsec_bits_to_bytes(num);
-        meth = RAND_SSLeay();
-        meth->seed(buf, num);
-        ret = meth->bytes(buf, num);
-        goto err;
-    }
-
-    num *= 8;                   /* bytes to bits */
-
-    if (p_UBSEC_rng_ioctl(fd, UBSEC_RNG_DIRECT, buf, &num) != 0) {
-        /* Hardware's a no go, failover to software */
-        const RAND_METHOD *meth;
-
-        UBSECerr(UBSEC_F_UBSEC_RAND_BYTES, UBSEC_R_REQUEST_FAILED);
-        p_UBSEC_ubsec_close(fd);
-
-        num = p_UBSEC_ubsec_bits_to_bytes(num);
-        meth = RAND_SSLeay();
-        meth->seed(buf, num);
-        ret = meth->bytes(buf, num);
-
-        goto err;
-    }
-
-    p_UBSEC_ubsec_close(fd);
-
-    ret = 1;
- err:
-    return (ret);
-}
-
-static int ubsec_rand_status(void)
-{
-    return 0;
-}
-#  endif
-
-/*
- * This stuff is needed if this ENGINE is being compiled into a
- * self-contained shared-library.
- */
-#  ifndef OPENSSL_NO_DYNAMIC_ENGINE
-static int bind_fn(ENGINE *e, const char *id)
-{
-    if (id && (strcmp(id, engine_ubsec_id) != 0))
-        return 0;
-    if (!bind_helper(e))
-        return 0;
-    return 1;
-}
-
-IMPLEMENT_DYNAMIC_CHECK_FN()
-    IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
-#  endif                        /* OPENSSL_NO_DYNAMIC_ENGINE */
-# endif                         /* !OPENSSL_NO_HW_UBSEC */
-#endif                          /* !OPENSSL_NO_HW */
diff --git a/freebsd/crypto/openssl/engines/e_ubsec_err.c b/freebsd/crypto/openssl/engines/e_ubsec_err.c
deleted file mode 100644
index f154250d..00000000
--- a/freebsd/crypto/openssl/engines/e_ubsec_err.c
+++ /dev/null
@@ -1,156 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* e_ubsec_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/*
- * NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include "e_ubsec_err.h"
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-# define ERR_FUNC(func) ERR_PACK(0,func,0)
-# define ERR_REASON(reason) ERR_PACK(0,0,reason)
-
-static ERR_STRING_DATA UBSEC_str_functs[] = {
-    {ERR_FUNC(UBSEC_F_UBSEC_CTRL), "UBSEC_CTRL"},
-    {ERR_FUNC(UBSEC_F_UBSEC_DH_COMPUTE_KEY), "UBSEC_DH_COMPUTE_KEY"},
-    {ERR_FUNC(UBSEC_F_UBSEC_DH_GENERATE_KEY), "UBSEC_DH_GENERATE_KEY"},
-    {ERR_FUNC(UBSEC_F_UBSEC_DSA_DO_SIGN), "UBSEC_DSA_DO_SIGN"},
-    {ERR_FUNC(UBSEC_F_UBSEC_DSA_VERIFY), "UBSEC_DSA_VERIFY"},
-    {ERR_FUNC(UBSEC_F_UBSEC_FINISH), "UBSEC_FINISH"},
-    {ERR_FUNC(UBSEC_F_UBSEC_INIT), "UBSEC_INIT"},
-    {ERR_FUNC(UBSEC_F_UBSEC_MOD_EXP), "UBSEC_MOD_EXP"},
-    {ERR_FUNC(UBSEC_F_UBSEC_MOD_EXP_CRT), "UBSEC_MOD_EXP_CRT"},
-    {ERR_FUNC(UBSEC_F_UBSEC_RAND_BYTES), "UBSEC_RAND_BYTES"},
-    {ERR_FUNC(UBSEC_F_UBSEC_RSA_MOD_EXP), "UBSEC_RSA_MOD_EXP"},
-    {ERR_FUNC(UBSEC_F_UBSEC_RSA_MOD_EXP_CRT), "UBSEC_RSA_MOD_EXP_CRT"},
-    {0, NULL}
-};
-
-static ERR_STRING_DATA UBSEC_str_reasons[] = {
-    {ERR_REASON(UBSEC_R_ALREADY_LOADED), "already loaded"},
-    {ERR_REASON(UBSEC_R_BN_EXPAND_FAIL), "bn expand fail"},
-    {ERR_REASON(UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED),
-     "ctrl command not implemented"},
-    {ERR_REASON(UBSEC_R_DSO_FAILURE), "dso failure"},
-    {ERR_REASON(UBSEC_R_MISSING_KEY_COMPONENTS), "missing key components"},
-    {ERR_REASON(UBSEC_R_NOT_LOADED), "not loaded"},
-    {ERR_REASON(UBSEC_R_REQUEST_FAILED), "request failed"},
-    {ERR_REASON(UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL),
-     "size too large or too small"},
-    {ERR_REASON(UBSEC_R_UNIT_FAILURE), "unit failure"},
-    {0, NULL}
-};
-
-#endif
-
-#ifdef UBSEC_LIB_NAME
-static ERR_STRING_DATA UBSEC_lib_name[] = {
-    {0, UBSEC_LIB_NAME},
-    {0, NULL}
-};
-#endif
-
-static int UBSEC_lib_error_code = 0;
-static int UBSEC_error_init = 1;
-
-static void ERR_load_UBSEC_strings(void)
-{
-    if (UBSEC_lib_error_code == 0)
-        UBSEC_lib_error_code = ERR_get_next_error_library();
-
-    if (UBSEC_error_init) {
-        UBSEC_error_init = 0;
-#ifndef OPENSSL_NO_ERR
-        ERR_load_strings(UBSEC_lib_error_code, UBSEC_str_functs);
-        ERR_load_strings(UBSEC_lib_error_code, UBSEC_str_reasons);
-#endif
-
-#ifdef UBSEC_LIB_NAME
-        UBSEC_lib_name->error = ERR_PACK(UBSEC_lib_error_code, 0, 0);
-        ERR_load_strings(0, UBSEC_lib_name);
-#endif
-    }
-}
-
-static void ERR_unload_UBSEC_strings(void)
-{
-    if (UBSEC_error_init == 0) {
-#ifndef OPENSSL_NO_ERR
-        ERR_unload_strings(UBSEC_lib_error_code, UBSEC_str_functs);
-        ERR_unload_strings(UBSEC_lib_error_code, UBSEC_str_reasons);
-#endif
-
-#ifdef UBSEC_LIB_NAME
-        ERR_unload_strings(0, UBSEC_lib_name);
-#endif
-        UBSEC_error_init = 1;
-    }
-}
-
-static void ERR_UBSEC_error(int function, int reason, char *file, int line)
-{
-    if (UBSEC_lib_error_code == 0)
-        UBSEC_lib_error_code = ERR_get_next_error_library();
-    ERR_PUT_error(UBSEC_lib_error_code, function, reason, file, line);
-}
diff --git a/freebsd/crypto/openssl/engines/e_ubsec_err.h b/freebsd/crypto/openssl/engines/e_ubsec_err.h
deleted file mode 100644
index c8aec7c3..00000000
--- a/freebsd/crypto/openssl/engines/e_ubsec_err.h
+++ /dev/null
@@ -1,102 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_UBSEC_ERR_H
-# define HEADER_UBSEC_ERR_H
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* BEGIN ERROR CODES */
-/*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-static void ERR_load_UBSEC_strings(void);
-static void ERR_unload_UBSEC_strings(void);
-static void ERR_UBSEC_error(int function, int reason, char *file, int line);
-# define UBSECerr(f,r) ERR_UBSEC_error((f),(r),__FILE__,__LINE__)
-
-/* Error codes for the UBSEC functions. */
-
-/* Function codes. */
-# define UBSEC_F_UBSEC_CTRL                               100
-# define UBSEC_F_UBSEC_DH_COMPUTE_KEY                     101
-# define UBSEC_F_UBSEC_DH_GENERATE_KEY                    111
-# define UBSEC_F_UBSEC_DSA_DO_SIGN                        102
-# define UBSEC_F_UBSEC_DSA_VERIFY                         103
-# define UBSEC_F_UBSEC_FINISH                             104
-# define UBSEC_F_UBSEC_INIT                               105
-# define UBSEC_F_UBSEC_MOD_EXP                            106
-# define UBSEC_F_UBSEC_MOD_EXP_CRT                        110
-# define UBSEC_F_UBSEC_RAND_BYTES                         107
-# define UBSEC_F_UBSEC_RSA_MOD_EXP                        108
-# define UBSEC_F_UBSEC_RSA_MOD_EXP_CRT                    109
-
-/* Reason codes. */
-# define UBSEC_R_ALREADY_LOADED                           100
-# define UBSEC_R_BN_EXPAND_FAIL                           101
-# define UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED             102
-# define UBSEC_R_DSO_FAILURE                              103
-# define UBSEC_R_MISSING_KEY_COMPONENTS                   104
-# define UBSEC_R_NOT_LOADED                               105
-# define UBSEC_R_REQUEST_FAILED                           106
-# define UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL              107
-# define UBSEC_R_UNIT_FAILURE                             108
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/freebsd/crypto/openssl/engines/vendor_defns/aep.h b/freebsd/crypto/openssl/engines/vendor_defns/aep.h
deleted file mode 100644
index 04ab87eb..00000000
--- a/freebsd/crypto/openssl/engines/vendor_defns/aep.h
+++ /dev/null
@@ -1,235 +0,0 @@
-/*
- * This header declares the necessary definitions for using the
- * exponentiation acceleration capabilities, and rnd number generation of the
- * AEP card.
- */
-
-/*
- *
- * Some AEP defines
- *
- */
-
-/*
- * Successful return value
- */
-#define AEP_R_OK                                0x00000000
-
-/*
- * Miscelleanous unsuccessful return value
- */
-#define AEP_R_GENERAL_ERROR                     0x10000001
-
-/*
- * Insufficient host memory
- */
-#define AEP_R_HOST_MEMORY                       0x10000002
-
-#define AEP_R_FUNCTION_FAILED                   0x10000006
-
-/*
- * Invalid arguments in function call
- */
-#define AEP_R_ARGUMENTS_BAD                     0x10020000
-
-#define AEP_R_NO_TARGET_RESOURCES                               0x10030000
-
-/*
- * Error occuring on socket operation
- */
-#define AEP_R_SOCKERROR                                                 0x10000010
-
-/*
- * Socket has been closed from the other end
- */
-#define AEP_R_SOCKEOF                                                   0x10000011
-
-/*
- * Invalid handles
- */
-#define AEP_R_CONNECTION_HANDLE_INVALID         0x100000B3
-
-#define AEP_R_TRANSACTION_HANDLE_INVALID                0x10040000
-
-/*
- * Transaction has not yet returned from accelerator
- */
-#define AEP_R_TRANSACTION_NOT_READY                             0x00010000
-
-/*
- * There is already a thread waiting on this transaction
- */
-#define AEP_R_TRANSACTION_CLAIMED                               0x10050000
-
-/*
- * The transaction timed out
- */
-#define AEP_R_TIMED_OUT                                                 0x10060000
-
-#define AEP_R_FXN_NOT_IMPLEMENTED                               0x10070000
-
-#define AEP_R_TARGET_ERROR                                              0x10080000
-
-/*
- * Error in the AEP daemon process
- */
-#define AEP_R_DAEMON_ERROR                                              0x10090000
-
-/*
- * Invalid ctx id
- */
-#define AEP_R_INVALID_CTX_ID                                    0x10009000
-
-#define AEP_R_NO_KEY_MANAGER                                    0x1000a000
-
-/*
- * Error obtaining a mutex
- */
-#define AEP_R_MUTEX_BAD                         0x000001A0
-
-/*
- * Fxn call before AEP_Initialise ot after AEP_Finialise
- */
-#define AEP_R_AEPAPI_NOT_INITIALIZED                    0x10000190
-
-/*
- * AEP_Initialise has already been called
- */
-#define AEP_R_AEPAPI_ALREADY_INITIALIZED                0x10000191
-
-/*
- * Maximum number of connections to daemon reached
- */
-#define AEP_R_NO_MORE_CONNECTION_HNDLS                  0x10000200
-
-/*
- *
- * Some AEP Type definitions
- *
- */
-
-/* an unsigned 8-bit value */
-typedef unsigned char AEP_U8;
-
-/* an unsigned 8-bit character */
-typedef char AEP_CHAR;
-
-/* a BYTE-sized Boolean flag */
-typedef AEP_U8 AEP_BBOOL;
-
-/*
- * Unsigned value, at least 16 bits long
- */
-typedef unsigned short AEP_U16;
-
-/* an unsigned value, at least 32 bits long */
-#ifdef SIXTY_FOUR_BIT_LONG
-typedef unsigned int AEP_U32;
-#else
-typedef unsigned long AEP_U32;
-#endif
-
-#ifdef SIXTY_FOUR_BIT_LONG
-typedef unsigned long AEP_U64;
-#else
-typedef struct {
-    unsigned long l1, l2;
-} AEP_U64;
-#endif
-
-/* at least 32 bits; each bit is a Boolean flag */
-typedef AEP_U32 AEP_FLAGS;
-
-typedef AEP_U8 *AEP_U8_PTR;
-typedef AEP_CHAR *AEP_CHAR_PTR;
-typedef AEP_U32 *AEP_U32_PTR;
-typedef AEP_U64 *AEP_U64_PTR;
-typedef void *AEP_VOID_PTR;
-
-/* Pointer to a AEP_VOID_PTR-- i.e., pointer to pointer to void */
-typedef AEP_VOID_PTR *AEP_VOID_PTR_PTR;
-
-/*
- * Used to identify an AEP connection handle
- */
-typedef AEP_U32 AEP_CONNECTION_HNDL;
-
-/*
- * Pointer to an AEP connection handle
- */
-typedef AEP_CONNECTION_HNDL *AEP_CONNECTION_HNDL_PTR;
-
-/*
- * Used by an application (in conjunction with the apps process id) to
- * identify an individual transaction
- */
-typedef AEP_U32 AEP_TRANSACTION_ID;
-
-/*
- * Pointer to an applications transaction identifier
- */
-typedef AEP_TRANSACTION_ID *AEP_TRANSACTION_ID_PTR;
-
-/*
- * Return value type
- */
-typedef AEP_U32 AEP_RV;
-
-#define MAX_PROCESS_CONNECTIONS 256
-
-#define RAND_BLK_SIZE 1024
-
-typedef enum {
-    NotConnected = 0,
-    Connected = 1,
-    InUse = 2
-} AEP_CONNECTION_STATE;
-
-typedef struct AEP_CONNECTION_ENTRY {
-    AEP_CONNECTION_STATE conn_state;
-    AEP_CONNECTION_HNDL conn_hndl;
-} AEP_CONNECTION_ENTRY;
-
-typedef AEP_RV t_AEP_OpenConnection(AEP_CONNECTION_HNDL_PTR phConnection);
-typedef AEP_RV t_AEP_CloseConnection(AEP_CONNECTION_HNDL hConnection);
-
-typedef AEP_RV t_AEP_ModExp(AEP_CONNECTION_HNDL hConnection,
-                            AEP_VOID_PTR pA, AEP_VOID_PTR pP,
-                            AEP_VOID_PTR pN,
-                            AEP_VOID_PTR pResult,
-                            AEP_TRANSACTION_ID *pidTransID);
-
-typedef AEP_RV t_AEP_ModExpCrt(AEP_CONNECTION_HNDL hConnection,
-                               AEP_VOID_PTR pA, AEP_VOID_PTR pP,
-                               AEP_VOID_PTR pQ,
-                               AEP_VOID_PTR pDmp1, AEP_VOID_PTR pDmq1,
-                               AEP_VOID_PTR pIqmp,
-                               AEP_VOID_PTR pResult,
-                               AEP_TRANSACTION_ID *pidTransID);
-
-#ifdef AEPRAND
-typedef AEP_RV t_AEP_GenRandom(AEP_CONNECTION_HNDL hConnection,
-                               AEP_U32 Len,
-                               AEP_U32 Type,
-                               AEP_VOID_PTR pResult,
-                               AEP_TRANSACTION_ID *pidTransID);
-#endif
-
-typedef AEP_RV t_AEP_Initialize(AEP_VOID_PTR pInitArgs);
-typedef AEP_RV t_AEP_Finalize(void);
-typedef AEP_RV t_AEP_SetBNCallBacks(AEP_RV (*GetBigNumSizeFunc)
-                                     (AEP_VOID_PTR ArbBigNum,
-                                      AEP_U32 *BigNumSize),
-                                    AEP_RV (*MakeAEPBigNumFunc) (AEP_VOID_PTR
-                                                                 ArbBigNum,
-                                                                 AEP_U32
-                                                                 BigNumSize,
-                                                                 unsigned char
-                                                                 *AEP_BigNum),
-                                    AEP_RV (*ConverAEPBigNumFunc) (void
-                                                                   *ArbBigNum,
-                                                                   AEP_U32
-                                                                   BigNumSize,
-                                                                   unsigned
-                                                                   char
-                                                                   *AEP_BigNum));
diff --git a/freebsd/crypto/openssl/engines/vendor_defns/atalla.h b/freebsd/crypto/openssl/engines/vendor_defns/atalla.h
deleted file mode 100644
index 60e7eda5..00000000
--- a/freebsd/crypto/openssl/engines/vendor_defns/atalla.h
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * This header declares the necessary definitions for using the
- * exponentiation acceleration capabilities of Atalla cards. The only
- * cryptographic operation is performed by "ASI_RSAPrivateKeyOpFn" and this
- * takes a structure that defines an "RSA private key". However, it is really
- * only performing a regular mod_exp using the supplied modulus and exponent
- * - no CRT form is being used. Hence, it is a generic mod_exp function in
- * disguise, and we use it as such. Thanks to the people at Atalla for
- * letting me know these definitions are fine and that they can be reproduced
- * here. Geoff.
- */
-
-typedef struct ItemStr {
-    unsigned char *data;
-    int len;
-} Item;
-
-typedef struct RSAPrivateKeyStr {
-    void *reserved;
-    Item version;
-    Item modulus;
-    Item publicExponent;
-    Item privateExponent;
-    Item prime[2];
-    Item exponent[2];
-    Item coefficient;
-} RSAPrivateKey;
-
-/*
- * Predeclare the function pointer types that we dynamically load from the
- * DSO. These use the same names and form that Ben's original support code
- * had (in crypto/bn/bn_exp.c) unless of course I've inadvertently changed
- * the style somewhere along the way!
- */
-
-typedef int tfnASI_GetPerformanceStatistics(int reset_flag,
-                                            unsigned int *ret_buf);
-
-typedef int tfnASI_GetHardwareConfig(long card_num, unsigned int *ret_buf);
-
-typedef int tfnASI_RSAPrivateKeyOpFn(RSAPrivateKey * rsaKey,
-                                     unsigned char *output,
-                                     unsigned char *input,
-                                     unsigned int modulus_len);
diff --git a/freebsd/crypto/openssl/engines/vendor_defns/cswift.h b/freebsd/crypto/openssl/engines/vendor_defns/cswift.h
deleted file mode 100644
index 6dcd5fed..00000000
--- a/freebsd/crypto/openssl/engines/vendor_defns/cswift.h
+++ /dev/null
@@ -1,235 +0,0 @@
-/*
- * Attribution notice: Rainbow have generously allowed me to reproduce the
- * necessary definitions here from their API. This means the support can
- * build independently of whether application builders have the API or
- * hardware. This will allow developers to easily produce software that has
- * latent hardware support for any users that have accelertors installed,
- * without the developers themselves needing anything extra. I have only
- * clipped the parts from the CryptoSwift header files that are (or seem)
- * relevant to the CryptoSwift support code. This is simply to keep the file
- * sizes reasonable. [Geoff]
- */
-
-/*
- * NB: These type widths do *not* seem right in general, in particular
- * they're not terribly friendly to 64-bit architectures (unsigned long) will
- * be 64-bit on IA-64 for a start. I'm leaving these alone as they agree with
- * Rainbow's API and this will only be called into question on platforms with
- * Rainbow support anyway! ;-)
- */
-
-#ifdef __cplusplus
-extern "C" {
-#endif                          /* __cplusplus */
-
-    typedef long SW_STATUS;     /* status */
-    typedef unsigned char SW_BYTE; /* 8 bit byte */
-    typedef unsigned short SW_U16; /* 16 bit number */
-#if defined(_IRIX)
-# include <sgidefs.h>
-    typedef __uint32_t SW_U32;
-#else
-    typedef unsigned long SW_U32; /* 32 bit integer */
-#endif
-
-#if defined(OPENSSL_SYS_WIN32)
-    typedef struct _SW_U64 {
-        SW_U32 low32;
-        SW_U32 high32;
-    } SW_U64;                   /* 64 bit integer */
-#elif defined(OPENSSL_SYS_MACINTOSH_CLASSIC)
-    typedef longlong SW_U64
-#else                           /* Unix variants */
-    typedef struct _SW_U64 {
-        SW_U32 low32;
-        SW_U32 high32;
-    } SW_U64;                   /* 64 bit integer */
-#endif
-
-/* status codes */
-#define SW_OK                 (0L)
-#define SW_ERR_BASE           (-10000L)
-#define SW_ERR_NO_CARD        (SW_ERR_BASE-1) /* The Card is not present */
-#define SW_ERR_CARD_NOT_READY (SW_ERR_BASE-2) /* The card has not powered */
-    /*    up yet                 */
-#define SW_ERR_TIME_OUT       (SW_ERR_BASE-3) /* Execution of a command */
-    /*    time out               */
-#define SW_ERR_NO_EXECUTE     (SW_ERR_BASE-4) /* The Card failed to */
-    /*    execute the command    */
-#define SW_ERR_INPUT_NULL_PTR (SW_ERR_BASE-5) /* a required pointer is */
-    /*    NULL                   */
-#define SW_ERR_INPUT_SIZE     (SW_ERR_BASE-6) /* size is invalid, too */
-    /*    small, too large.      */
-#define SW_ERR_INVALID_HANDLE (SW_ERR_BASE-7) /* Invalid SW_ACC_CONTEXT */
-    /*    handle                 */
-#define SW_ERR_PENDING        (SW_ERR_BASE-8) /* A request is already out- */
-    /*    standing at this       */
-    /*    context handle         */
-#define SW_ERR_AVAILABLE      (SW_ERR_BASE-9) /* A result is available.  */
-#define SW_ERR_NO_PENDING     (SW_ERR_BASE-10) /* No request is pending.  */
-#define SW_ERR_NO_MEMORY      (SW_ERR_BASE-11) /* Not enough memory */
-#define SW_ERR_BAD_ALGORITHM  (SW_ERR_BASE-12) /* Invalid algorithm type */
-    /*    in SW_PARAM structure  */
-#define SW_ERR_MISSING_KEY    (SW_ERR_BASE-13) /* No key is associated with */
-    /*    context.               */
-    /*    swAttachKeyParam() is  */
-    /*    not called.            */
-#define SW_ERR_KEY_CMD_MISMATCH \
-                              (SW_ERR_BASE-14) /* Cannot perform requested */
-    /*    SW_COMMAND_CODE since  */
-    /*    key attached via       */
-    /*    swAttachKeyParam()     */
-    /*    cannot be used for this */
-    /*    SW_COMMAND_CODE.       */
-#define SW_ERR_NOT_IMPLEMENTED \
-                              (SW_ERR_BASE-15) /* Not implemented */
-#define SW_ERR_BAD_COMMAND    (SW_ERR_BASE-16) /* Bad command code */
-#define SW_ERR_BAD_ITEM_SIZE  (SW_ERR_BASE-17) /* too small or too large in */
-    /*    the "initems" or       */
-    /*    "outitems".            */
-#define SW_ERR_BAD_ACCNUM     (SW_ERR_BASE-18) /* Bad accelerator number */
-#define SW_ERR_SELFTEST_FAIL  (SW_ERR_BASE-19) /* At least one of the self */
-    /*    test fail, look at the */
-    /*    selfTestBitmap in      */
-    /*    SW_ACCELERATOR_INFO for */
-    /*    details.               */
-#define SW_ERR_MISALIGN       (SW_ERR_BASE-20) /* Certain alogrithms require */
-    /*    key materials aligned  */
-    /*    in certain order, e.g. */
-    /*    128 bit for CRT        */
-#define SW_ERR_OUTPUT_NULL_PTR \
-                              (SW_ERR_BASE-21) /* a required pointer is */
-    /*    NULL                   */
-#define SW_ERR_OUTPUT_SIZE \
-                              (SW_ERR_BASE-22) /* size is invalid, too */
-    /*    small, too large.      */
-#define SW_ERR_FIRMWARE_CHECKSUM \
-                              (SW_ERR_BASE-23) /* firmware checksum mismatch */
-    /*    download failed.       */
-#define SW_ERR_UNKNOWN_FIRMWARE \
-                              (SW_ERR_BASE-24) /* unknown firmware error */
-#define SW_ERR_INTERRUPT      (SW_ERR_BASE-25) /* request is abort when */
-    /*    it's waiting to be     */
-    /*    completed.             */
-#define SW_ERR_NVWRITE_FAIL   (SW_ERR_BASE-26) /* error in writing to Non- */
-    /*    volatile memory        */
-#define SW_ERR_NVWRITE_RANGE  (SW_ERR_BASE-27) /* out of range error in */
-    /*    writing to NV memory   */
-#define SW_ERR_RNG_ERROR      (SW_ERR_BASE-28) /* Random Number Generation */
-    /*    failure                */
-#define SW_ERR_DSS_FAILURE    (SW_ERR_BASE-29) /* DSS Sign or Verify failure */
-#define SW_ERR_MODEXP_FAILURE (SW_ERR_BASE-30) /* Failure in various math */
-    /*    calculations           */
-#define SW_ERR_ONBOARD_MEMORY (SW_ERR_BASE-31) /* Error in accessing on - */
-    /*    board memory           */
-#define SW_ERR_FIRMWARE_VERSION \
-                              (SW_ERR_BASE-32) /* Wrong version in firmware */
-    /*    update                 */
-#define SW_ERR_ZERO_WORKING_ACCELERATOR \
-                              (SW_ERR_BASE-44) /* All accelerators are bad */
-
-    /* algorithm type */
-#define SW_ALG_CRT          1
-#define SW_ALG_EXP          2
-#define SW_ALG_DSA          3
-#define SW_ALG_NVDATA       4
-
-    /* command code */
-#define SW_CMD_MODEXP_CRT   1   /* perform Modular Exponentiation using */
-    /*  Chinese Remainder Theorem (CRT)      */
-#define SW_CMD_MODEXP       2   /* perform Modular Exponentiation */
-#define SW_CMD_DSS_SIGN     3   /* perform DSS sign */
-#define SW_CMD_DSS_VERIFY   4   /* perform DSS verify */
-#define SW_CMD_RAND         5   /* perform random number generation */
-#define SW_CMD_NVREAD       6   /* perform read to nonvolatile RAM */
-#define SW_CMD_NVWRITE      7   /* perform write to nonvolatile RAM */
-
-    typedef SW_U32 SW_ALGTYPE;  /* alogrithm type */
-    typedef SW_U32 SW_STATE;    /* state */
-    typedef SW_U32 SW_COMMAND_CODE; /* command code */
-    typedef SW_U32 SW_COMMAND_BITMAP[4]; /* bitmap */
-
-    typedef struct _SW_LARGENUMBER {
-        SW_U32 nbytes;          /* number of bytes in the buffer "value" */
-        SW_BYTE *value;         /* the large integer as a string of */
-        /*   bytes in network (big endian) order  */
-    } SW_LARGENUMBER;
-
-#if defined(OPENSSL_SYS_WIN32)
-# include <windows.h>
-    typedef HANDLE SW_OSHANDLE; /* handle to kernel object */
-# define SW_OS_INVALID_HANDLE  INVALID_HANDLE_VALUE
-# define SW_CALLCONV _stdcall
-#elif defined(OPENSSL_SYS_MACINTOSH_CLASSIC)
-    /* async callback mechanisms */
-    /* swiftCallbackLevel */
-# define SW_MAC_CALLBACK_LEVEL_NO         0
-# define SW_MAC_CALLBACK_LEVEL_HARDWARE   1/* from the hardware ISR */
-# define SW_MAC_CALLBACK_LEVEL_SECONDARY  2/* as secondary ISR */
-    typedef int SW_MAC_CALLBACK_LEVEL;
-    typedef int SW_OSHANDLE;
-# define SW_OS_INVALID_HANDLE  (-1)
-# define SW_CALLCONV
-#else                           /* Unix variants */
-    typedef int SW_OSHANDLE;    /* handle to driver */
-# define SW_OS_INVALID_HANDLE  (-1)
-# define SW_CALLCONV
-#endif
-
-    typedef struct _SW_CRT {
-        SW_LARGENUMBER p;       /* prime number p */
-        SW_LARGENUMBER q;       /* prime number q */
-        SW_LARGENUMBER dmp1;    /* exponent1 */
-        SW_LARGENUMBER dmq1;    /* exponent2 */
-        SW_LARGENUMBER iqmp;    /* CRT coefficient */
-    } SW_CRT;
-
-    typedef struct _SW_EXP {
-        SW_LARGENUMBER modulus; /* modulus */
-        SW_LARGENUMBER exponent; /* exponent */
-    } SW_EXP;
-
-    typedef struct _SW_DSA {
-        SW_LARGENUMBER p;       /* */
-        SW_LARGENUMBER q;       /* */
-        SW_LARGENUMBER g;       /* */
-        SW_LARGENUMBER key;     /* private/public key */
-    } SW_DSA;
-
-    typedef struct _SW_NVDATA {
-        SW_U32 accnum;          /* accelerator board number */
-        SW_U32 offset;          /* offset in byte */
-    } SW_NVDATA;
-
-    typedef struct _SW_PARAM {
-        SW_ALGTYPE type;        /* type of the alogrithm */
-        union {
-            SW_CRT crt;
-            SW_EXP exp;
-            SW_DSA dsa;
-            SW_NVDATA nvdata;
-        } up;
-    } SW_PARAM;
-
-    typedef SW_U32 SW_CONTEXT_HANDLE; /* opaque context handle */
-
-    /*
-     * Now the OpenSSL bits, these function types are the for the function
-     * pointers that will bound into the Rainbow shared libraries.
-     */
-    typedef SW_STATUS SW_CALLCONV t_swAcquireAccContext(SW_CONTEXT_HANDLE
-                                                        *hac);
-    typedef SW_STATUS SW_CALLCONV t_swAttachKeyParam(SW_CONTEXT_HANDLE hac,
-                                                     SW_PARAM *key_params);
-    typedef SW_STATUS SW_CALLCONV t_swSimpleRequest(SW_CONTEXT_HANDLE hac,
-                                                    SW_COMMAND_CODE cmd,
-                                                    SW_LARGENUMBER pin[],
-                                                    SW_U32 pin_count,
-                                                    SW_LARGENUMBER pout[],
-                                                    SW_U32 pout_count);
-    typedef SW_STATUS SW_CALLCONV t_swReleaseAccContext(SW_CONTEXT_HANDLE
-                                                        hac);
-
-#ifdef __cplusplus
-}
-#endif                          /* __cplusplus */
diff --git a/freebsd/crypto/openssl/engines/vendor_defns/hw_4758_cca.h b/freebsd/crypto/openssl/engines/vendor_defns/hw_4758_cca.h
deleted file mode 100644
index 235543ad..00000000
--- a/freebsd/crypto/openssl/engines/vendor_defns/hw_4758_cca.h
+++ /dev/null
@@ -1,150 +0,0 @@
-/**********************************************************************/
-/*                                                                    */
-/*  Prototypes of the CCA verbs used by the 4758 CCA openssl driver   */
-/*                                                                    */
-/*  Maurice Gittens <maurice@gittens.nl>                              */
-/*                                                                    */
-/**********************************************************************/
-
-#ifndef __HW_4758_CCA__
-# define __HW_4758_CCA__
-
-/*
- *  Only WIN32 support for now
- */
-# if defined(WIN32)
-
-#  define CCA_LIB_NAME "CSUNSAPI"
-
-#  define CSNDPKX   "CSNDPKX_32"
-#  define CSNDKRR   "CSNDKRR_32"
-#  define CSNDPKE   "CSNDPKE_32"
-#  define CSNDPKD   "CSNDPKD_32"
-#  define CSNDDSV   "CSNDDSV_32"
-#  define CSNDDSG   "CSNDDSG_32"
-#  define CSNBRNG   "CSNBRNG_32"
-
-#  define SECURITYAPI __stdcall
-# else
-    /*
-     * Fixme!! Find out the values of these constants for other platforms.
-     */
-#  define CCA_LIB_NAME "CSUNSAPI"
-
-#  define CSNDPKX   "CSNDPKX"
-#  define CSNDKRR   "CSNDKRR"
-#  define CSNDPKE   "CSNDPKE"
-#  define CSNDPKD   "CSNDPKD"
-#  define CSNDDSV   "CSNDDSV"
-#  define CSNDDSG   "CSNDDSG"
-#  define CSNBRNG   "CSNBRNG"
-
-#  define SECURITYAPI
-# endif
-
-/*
- * security API prototypes
- */
-
-/* PKA Key Record Read */
-typedef void (SECURITYAPI * F_KEYRECORDREAD)
- (long *return_code,
-  long *reason_code,
-  long *exit_data_length,
-  unsigned char *exit_data,
-  long *rule_array_count,
-  unsigned char *rule_array,
-  unsigned char *key_label, long *key_token_length, unsigned char *key_token);
-
-/* Random Number Generate */
-typedef void (SECURITYAPI * F_RANDOMNUMBERGENERATE)
- (long *return_code,
-  long *reason_code,
-  long *exit_data_length,
-  unsigned char *exit_data,
-  unsigned char *form, unsigned char *random_number);
-
-/* Digital Signature Generate */
-typedef void (SECURITYAPI * F_DIGITALSIGNATUREGENERATE)
- (long *return_code,
-  long *reason_code,
-  long *exit_data_length,
-  unsigned char *exit_data,
-  long *rule_array_count,
-  unsigned char *rule_array,
-  long *PKA_private_key_id_length,
-  unsigned char *PKA_private_key_id,
-  long *hash_length,
-  unsigned char *hash,
-  long *signature_field_length,
-  long *signature_bit_length, unsigned char *signature_field);
-
-/* Digital Signature Verify */
-typedef void (SECURITYAPI * F_DIGITALSIGNATUREVERIFY) (long *return_code,
-                                                       long *reason_code,
-                                                       long *exit_data_length,
-                                                       unsigned char
-                                                       *exit_data,
-                                                       long *rule_array_count,
-                                                       unsigned char
-                                                       *rule_array,
-                                                       long
-                                                       *PKA_public_key_id_length,
-                                                       unsigned char
-                                                       *PKA_public_key_id,
-                                                       long *hash_length,
-                                                       unsigned char *hash,
-                                                       long
-                                                       *signature_field_length,
-                                                       unsigned char
-                                                       *signature_field);
-
-/* PKA Public Key Extract */
-typedef void (SECURITYAPI * F_PUBLICKEYEXTRACT) (long *return_code,
-                                                 long *reason_code,
-                                                 long *exit_data_length,
-                                                 unsigned char *exit_data,
-                                                 long *rule_array_count,
-                                                 unsigned char *rule_array,
-                                                 long
-                                                 *source_key_identifier_length,
-                                                 unsigned char
-                                                 *source_key_identifier,
-                                                 long
-                                                 *target_key_token_length,
-                                                 unsigned char
-                                                 *target_key_token);
-
-/* PKA Encrypt */
-typedef void (SECURITYAPI * F_PKAENCRYPT)
- (long *return_code,
-  long *reason_code,
-  long *exit_data_length,
-  unsigned char *exit_data,
-  long *rule_array_count,
-  unsigned char *rule_array,
-  long *key_value_length,
-  unsigned char *key_value,
-  long *data_struct_length,
-  unsigned char *data_struct,
-  long *RSA_public_key_length,
-  unsigned char *RSA_public_key,
-  long *RSA_encipher_length, unsigned char *RSA_encipher);
-
-/* PKA Decrypt */
-typedef void (SECURITYAPI * F_PKADECRYPT)
- (long *return_code,
-  long *reason_code,
-  long *exit_data_length,
-  unsigned char *exit_data,
-  long *rule_array_count,
-  unsigned char *rule_array,
-  long *enciphered_key_length,
-  unsigned char *enciphered_key,
-  long *data_struct_length,
-  unsigned char *data_struct,
-  long *RSA_private_key_length,
-  unsigned char *RSA_private_key,
-  long *key_value_length, unsigned char *key_value);
-
-#endif
diff --git a/freebsd/crypto/openssl/engines/vendor_defns/hw_ubsec.h b/freebsd/crypto/openssl/engines/vendor_defns/hw_ubsec.h
deleted file mode 100644
index a4e67fc5..00000000
--- a/freebsd/crypto/openssl/engines/vendor_defns/hw_ubsec.h
+++ /dev/null
@@ -1,124 +0,0 @@
-/******************************************************************************
- *
- *  Copyright 2000
- *  Broadcom Corporation
- *  16215 Alton Parkway
- *  PO Box 57013
- *  Irvine CA 92619-7013
- *
- *****************************************************************************/
-/*
- * Broadcom Corporation uBSec SDK
- */
-/*
- * Character device header file.
- */
-/*
- * Revision History:
- *
- * October 2000 JTT Created.
- */
-
-#define MAX_PUBLIC_KEY_BITS (1024)
-#define MAX_PUBLIC_KEY_BYTES (1024/8)
-#define SHA_BIT_SIZE  (160)
-#define MAX_CRYPTO_KEY_LENGTH 24
-#define MAX_MAC_KEY_LENGTH 64
-#define UBSEC_CRYPTO_DEVICE_NAME ((unsigned char *)"/dev/ubscrypt")
-#define UBSEC_KEY_DEVICE_NAME ((unsigned char *)"/dev/ubskey")
-
-/* Math command types. */
-#define UBSEC_MATH_MODADD 0x0001
-#define UBSEC_MATH_MODSUB 0x0002
-#define UBSEC_MATH_MODMUL 0x0004
-#define UBSEC_MATH_MODEXP 0x0008
-#define UBSEC_MATH_MODREM 0x0010
-#define UBSEC_MATH_MODINV 0x0020
-
-typedef long ubsec_MathCommand_t;
-typedef long ubsec_RNGCommand_t;
-
-typedef struct ubsec_crypto_context_s {
-    unsigned int flags;
-    unsigned char crypto[MAX_CRYPTO_KEY_LENGTH];
-    unsigned char auth[MAX_MAC_KEY_LENGTH];
-} ubsec_crypto_context_t, *ubsec_crypto_context_p;
-
-/*
- * Predeclare the function pointer types that we dynamically load from the DSO.
- */
-
-typedef int t_UBSEC_ubsec_bytes_to_bits(unsigned char *n, int bytes);
-
-typedef int t_UBSEC_ubsec_bits_to_bytes(int bits);
-
-typedef int t_UBSEC_ubsec_open(unsigned char *device);
-
-typedef int t_UBSEC_ubsec_close(int fd);
-
-typedef int t_UBSEC_diffie_hellman_generate_ioctl(int fd,
-                                                  unsigned char *x,
-                                                  int *x_len,
-                                                  unsigned char *y,
-                                                  int *y_len,
-                                                  unsigned char *g, int g_len,
-                                                  unsigned char *m, int m_len,
-                                                  unsigned char *userX,
-                                                  int userX_len,
-                                                  int random_bits);
-
-typedef int t_UBSEC_diffie_hellman_agree_ioctl(int fd,
-                                               unsigned char *x, int x_len,
-                                               unsigned char *y, int y_len,
-                                               unsigned char *m, int m_len,
-                                               unsigned char *k, int *k_len);
-
-typedef int t_UBSEC_rsa_mod_exp_ioctl(int fd,
-                                      unsigned char *x, int x_len,
-                                      unsigned char *m, int m_len,
-                                      unsigned char *e, int e_len,
-                                      unsigned char *y, int *y_len);
-
-typedef int t_UBSEC_rsa_mod_exp_crt_ioctl(int fd,
-                                          unsigned char *x, int x_len,
-                                          unsigned char *qinv, int qinv_len,
-                                          unsigned char *edq, int edq_len,
-                                          unsigned char *q, int q_len,
-                                          unsigned char *edp, int edp_len,
-                                          unsigned char *p, int p_len,
-                                          unsigned char *y, int *y_len);
-
-typedef int t_UBSEC_dsa_sign_ioctl(int fd,
-                                   int hash, unsigned char *data,
-                                   int data_len, unsigned char *rndom,
-                                   int random_len, unsigned char *p,
-                                   int p_len, unsigned char *q, int q_len,
-                                   unsigned char *g, int g_len,
-                                   unsigned char *key, int key_len,
-                                   unsigned char *r, int *r_len,
-                                   unsigned char *s, int *s_len);
-
-typedef int t_UBSEC_dsa_verify_ioctl(int fd,
-                                     int hash, unsigned char *data,
-                                     int data_len, unsigned char *p,
-                                     int p_len, unsigned char *q, int q_len,
-                                     unsigned char *g, int g_len,
-                                     unsigned char *key, int key_len,
-                                     unsigned char *r, int r_len,
-                                     unsigned char *s, int s_len,
-                                     unsigned char *v, int *v_len);
-
-typedef int t_UBSEC_math_accelerate_ioctl(int fd, ubsec_MathCommand_t command,
-                                          unsigned char *ModN, int *ModN_len,
-                                          unsigned char *ExpE, int *ExpE_len,
-                                          unsigned char *ParamA,
-                                          int *ParamA_len,
-                                          unsigned char *ParamB,
-                                          int *ParamB_len,
-                                          unsigned char *Result,
-                                          int *Result_len);
-
-typedef int t_UBSEC_rng_ioctl(int fd, ubsec_RNGCommand_t command,
-                              unsigned char *Result, int *Result_len);
-
-typedef int t_UBSEC_max_key_len_ioctl(int fd, int *max_key_len);
diff --git a/freebsd/crypto/openssl/engines/vendor_defns/hwcryptohook.h b/freebsd/crypto/openssl/engines/vendor_defns/hwcryptohook.h
deleted file mode 100644
index fa06396a..00000000
--- a/freebsd/crypto/openssl/engines/vendor_defns/hwcryptohook.h
+++ /dev/null
@@ -1,502 +0,0 @@
-/*-
- * ModExp / RSA (with/without KM) plugin API
- *
- * The application will load a dynamic library which
- * exports entrypoint(s) defined in this file.
- *
- * This set of entrypoints provides only a multithreaded,
- * synchronous-within-each-thread, facility.
- *
- *
- * This file is Copyright 1998-2000 nCipher Corporation Limited.
- *
- * Redistribution and use in source and binary forms, with opr without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the copyright notice,
- *    this list of conditions, and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above
- *    copyright notice, this list of conditions, and the following
- *    disclaimer, in the documentation and/or other materials provided
- *    with the distribution
- *
- * IN NO EVENT SHALL NCIPHER CORPORATION LIMITED (`NCIPHER') AND/OR
- * ANY OTHER AUTHORS OR DISTRIBUTORS OF THIS FILE BE LIABLE for any
- * damages arising directly or indirectly from this file, its use or
- * this licence.  Without prejudice to the generality of the
- * foregoing: all liability shall be excluded for direct, indirect,
- * special, incidental, consequential or other damages or any loss of
- * profits, business, revenue goodwill or anticipated savings;
- * liability shall be excluded even if nCipher or anyone else has been
- * advised of the possibility of damage.  In any event, if the
- * exclusion of liability is not effective, the liability of nCipher
- * or any author or distributor shall be limited to the lesser of the
- * price paid and 1,000 pounds sterling. This licence only fails to
- * exclude or limit liability for death or personal injury arising out
- * of negligence, and only to the extent that such an exclusion or
- * limitation is not effective.
- *
- * NCIPHER AND THE AUTHORS AND DISTRIBUTORS SPECIFICALLY DISCLAIM ALL
- * AND ANY WARRANTIES (WHETHER EXPRESS OR IMPLIED), including, but not
- * limited to, any implied warranties of merchantability, fitness for
- * a particular purpose, satisfactory quality, and/or non-infringement
- * of any third party rights.
- *
- * US Government use: This software and documentation is Commercial
- * Computer Software and Computer Software Documentation, as defined in
- * sub-paragraphs (a)(1) and (a)(5) of DFAR 252.227-7014, "Rights in
- * Noncommercial Computer Software and Noncommercial Computer Software
- * Documentation."  Use, duplication or disclosure by the Government is
- * subject to the terms and conditions specified here.
- *
- * By using or distributing this file you will be accepting these
- * terms and conditions, including the limitation of liability and
- * lack of warranty.  If you do not wish to accept these terms and
- * conditions, DO NOT USE THE FILE.
- *
- *
- * The actual dynamically loadable plugin, and the library files for
- * static linking, which are also provided in some distributions, are
- * not covered by the licence described above.  You should have
- * received a separate licence with terms and conditions for these
- * library files; if you received the library files without a licence,
- * please contact nCipher.
- *
- *
- * $Id: hwcryptohook.h,v 1.1 2002/10/11 17:10:59 levitte Exp $
- */
-
-#ifndef HWCRYPTOHOOK_H
-# define HWCRYPTOHOOK_H
-
-# include <sys/types.h>
-# include <stdio.h>
-
-# ifndef HWCRYPTOHOOK_DECLARE_APPTYPES
-#  define HWCRYPTOHOOK_DECLARE_APPTYPES 1
-# endif
-
-# define HWCRYPTOHOOK_ERROR_FAILED   -1
-# define HWCRYPTOHOOK_ERROR_FALLBACK -2
-# define HWCRYPTOHOOK_ERROR_MPISIZE  -3
-
-# if HWCRYPTOHOOK_DECLARE_APPTYPES
-
-/*-
- * These structs are defined by the application and opaque to the
- * crypto plugin.  The application may define these as it sees fit.
- * Default declarations are provided here, but the application may
- *  #define HWCRYPTOHOOK_DECLARE_APPTYPES 0
- * to prevent these declarations, and instead provide its own
- * declarations of these types.  (Pointers to them must still be
- * ordinary pointers to structs or unions, or the resulting combined
- * program will have a type inconsistency.)
- */
-typedef struct HWCryptoHook_MutexValue HWCryptoHook_Mutex;
-typedef struct HWCryptoHook_CondVarValue HWCryptoHook_CondVar;
-typedef struct HWCryptoHook_PassphraseContextValue
- HWCryptoHook_PassphraseContext;
-typedef struct HWCryptoHook_CallerContextValue HWCryptoHook_CallerContext;
-
-# endif                         /* HWCRYPTOHOOK_DECLARE_APPTYPES */
-
-/*-
- * These next two structs are opaque to the application.  The crypto
- * plugin will return pointers to them; the caller simply manipulates
- * the pointers.
- */
-typedef struct HWCryptoHook_Context *HWCryptoHook_ContextHandle;
-typedef struct HWCryptoHook_RSAKey *HWCryptoHook_RSAKeyHandle;
-
-typedef struct {
-    char *buf;
-    size_t size;
-} HWCryptoHook_ErrMsgBuf;
-/*-
- * Used for error reporting.  When a HWCryptoHook function fails it
- * will return a sentinel value (0 for pointer-valued functions, or a
- * negative number, usually HWCRYPTOHOOK_ERROR_FAILED, for
- * integer-valued ones).  It will, if an ErrMsgBuf is passed, also put
- * an error message there.
- *
- * size is the size of the buffer, and will not be modified.  If you
- * pass 0 for size you must pass 0 for buf, and nothing will be
- * recorded (just as if you passed 0 for the struct pointer).
- * Messages written to the buffer will always be null-terminated, even
- * when truncated to fit within size bytes.
- *
- * The contents of the buffer are not defined if there is no error.
- */
-
-typedef struct HWCryptoHook_MPIStruct {
-    unsigned char *buf;
-    size_t size;
-} HWCryptoHook_MPI;
-/*-
- * When one of these is returned, a pointer is passed to the function.
- * At call, size is the space available.  Afterwards it is updated to
- * be set to the actual length (which may be more than the space available,
- * if there was not enough room and the result was truncated).
- * buf (the pointer) is not updated.
- *
- * size is in bytes and may be zero at call or return, but must be a
- * multiple of the limb size.  Zero limbs at the MS end are not
- * permitted.
- */
-
-# define HWCryptoHook_InitFlags_FallbackModExp    0x0002UL
-# define HWCryptoHook_InitFlags_FallbackRSAImmed  0x0004UL
-/*-
- * Enable requesting fallback to software in case of problems with the
- * hardware support.  This indicates to the crypto provider that the
- * application is prepared to fall back to software operation if the
- * ModExp* or RSAImmed* functions return HWCRYPTOHOOK_ERROR_FALLBACK.
- * Without this flag those calls will never return
- * HWCRYPTOHOOK_ERROR_FALLBACK.  The flag will also cause the crypto
- * provider to avoid repeatedly attempting to contact dead hardware
- * within a short interval, if appropriate.
- */
-
-# define HWCryptoHook_InitFlags_SimpleForkCheck   0x0010UL
-/*-
- * Without _SimpleForkCheck the library is allowed to assume that the
- * application will not fork and call the library in the child(ren).
- *
- * When it is specified, this is allowed.  However, after a fork
- * neither parent nor child may unload any loaded keys or call
- * _Finish.  Instead, they should call exit (or die with a signal)
- * without calling _Finish.  After all the children have died the
- * parent may unload keys or call _Finish.
- *
- * This flag only has any effect on UN*X platforms.
- */
-
-typedef struct {
-    unsigned long flags;
-    void *logstream;            /* usually a FILE*.  See below. */
-    size_t limbsize;            /* bignum format - size of radix type, must
-                                 * be power of 2 */
-    int mslimbfirst;            /* 0 or 1 */
-    int msbytefirst;            /* 0 or 1; -1 = native */
-  /*-
-   * All the callback functions should return 0 on success, or a
-   * nonzero integer (whose value will be visible in the error message
-   * put in the buffer passed to the call).
-   *
-   * If a callback is not available pass a null function pointer.
-   *
-   * The callbacks may not call down again into the crypto plugin.
-   */
-  /*-
-   * For thread-safety.  Set everything to 0 if you promise only to be
-   * singlethreaded.  maxsimultaneous is the number of calls to
-   * ModExp[Crt]/RSAImmed{Priv,Pub}/RSA.  If you don't know what to
-   * put there then say 0 and the hook library will use a default.
-   *
-   * maxmutexes is a small limit on the number of simultaneous mutexes
-   * which will be requested by the library.  If there is no small
-   * limit, set it to 0.  If the crypto plugin cannot create the
-   * advertised number of mutexes the calls to its functions may fail.
-   * If a low number of mutexes is advertised the plugin will try to
-   * do the best it can.  Making larger numbers of mutexes available
-   * may improve performance and parallelism by reducing contention
-   * over critical sections.  Unavailability of any mutexes, implying
-   * single-threaded operation, should be indicated by the setting
-   * mutex_init et al to 0.
-   */
-    int maxmutexes;
-    int maxsimultaneous;
-    size_t mutexsize;
-    int (*mutex_init) (HWCryptoHook_Mutex *,
-                       HWCryptoHook_CallerContext * cactx);
-    int (*mutex_acquire) (HWCryptoHook_Mutex *);
-    void (*mutex_release) (HWCryptoHook_Mutex *);
-    void (*mutex_destroy) (HWCryptoHook_Mutex *);
-    /*-
-     * For greater efficiency, can use condition vars internally for
-     * synchronisation.  In this case maxsimultaneous is ignored, but
-     * the other mutex stuff must be available.  In singlethreaded
-     * programs, set everything to 0.
-     */
-    size_t condvarsize;
-    int (*condvar_init) (HWCryptoHook_CondVar *,
-                         HWCryptoHook_CallerContext * cactx);
-    int (*condvar_wait) (HWCryptoHook_CondVar *, HWCryptoHook_Mutex *);
-    void (*condvar_signal) (HWCryptoHook_CondVar *);
-    void (*condvar_broadcast) (HWCryptoHook_CondVar *);
-    void (*condvar_destroy) (HWCryptoHook_CondVar *);
-    /*-
-     * The semantics of acquiring and releasing mutexes and broadcasting
-     * and waiting on condition variables are expected to be those from
-     * POSIX threads (pthreads).  The mutexes may be (in pthread-speak)
-     * fast mutexes, recursive mutexes, or nonrecursive ones.
-     *
-     * The _release/_signal/_broadcast and _destroy functions must
-     * always succeed when given a valid argument; if they are given an
-     * invalid argument then the program (crypto plugin + application)
-     * has an internal error, and they should abort the program.
-     */
-    int (*getpassphrase) (const char *prompt_info,
-                          int *len_io, char *buf,
-                          HWCryptoHook_PassphraseContext * ppctx,
-                          HWCryptoHook_CallerContext * cactx);
-    /*-
-     * Passphrases and the prompt_info, if they contain high-bit-set
-     * characters, are UTF-8.  The prompt_info may be a null pointer if
-     * no prompt information is available (it should not be an empty
-     * string).  It will not contain text like `enter passphrase';
-     * instead it might say something like `Operator Card for John
-     * Smith' or `SmartCard in nFast Module #1, Slot #1'.
-     *
-     * buf points to a buffer in which to return the passphrase; on
-     * entry *len_io is the length of the buffer.  It should be updated
-     * by the callback.  The returned passphrase should not be
-     * null-terminated by the callback.
-     */
-    int (*getphystoken) (const char *prompt_info,
-                         const char *wrong_info,
-                         HWCryptoHook_PassphraseContext * ppctx,
-                         HWCryptoHook_CallerContext * cactx);
-    /*-
-     * Requests that the human user physically insert a different
-     * smartcard, DataKey, etc.  The plugin should check whether the
-     * currently inserted token(s) are appropriate, and if they are it
-     * should not make this call.
-     *
-     * prompt_info is as before.  wrong_info is a description of the
-     * currently inserted token(s) so that the user is told what
-     * something is.  wrong_info, like prompt_info, may be null, but
-     * should not be an empty string.  Its contents should be
-     * syntactically similar to that of prompt_info.
-     */
-    /*-
-     * Note that a single LoadKey operation might cause several calls to
-     * getpassphrase and/or requestphystoken.  If requestphystoken is
-     * not provided (ie, a null pointer is passed) then the plugin may
-     * not support loading keys for which authorisation by several cards
-     * is required.  If getpassphrase is not provided then cards with
-     * passphrases may not be supported.
-     *
-     * getpassphrase and getphystoken do not need to check that the
-     * passphrase has been entered correctly or the correct token
-     * inserted; the crypto plugin will do that.  If this is not the
-     * case then the crypto plugin is responsible for calling these
-     * routines again as appropriate until the correct token(s) and
-     * passphrase(s) are supplied as required, or until any retry limits
-     * implemented by the crypto plugin are reached.
-     *
-     * In either case, the application must allow the user to say `no'
-     * or `cancel' to indicate that they do not know the passphrase or
-     * have the appropriate token; this should cause the callback to
-     * return nonzero indicating error.
-     */
-    void (*logmessage) (void *logstream, const char *message);
-    /*-
-     * A log message will be generated at least every time something goes
-     * wrong and an ErrMsgBuf is filled in (or would be if one was
-     * provided).  Other diagnostic information may be written there too,
-     * including more detailed reasons for errors which are reported in an
-     * ErrMsgBuf.
-     *
-     * When a log message is generated, this callback is called.  It
-     * should write a message to the relevant logging arrangements.
-     *
-     * The message string passed will be null-terminated and may be of arbitrary
-     * length.  It will not be prefixed by the time and date, nor by the
-     * name of the library that is generating it - if this is required,
-     * the logmessage callback must do it.  The message will not have a
-     * trailing newline (though it may contain internal newlines).
-     *
-     * If a null pointer is passed for logmessage a default function is
-     * used.  The default function treats logstream as a FILE* which has
-     * been converted to a void*.  If logstream is 0 it does nothing.
-     * Otherwise it prepends the date and time and library name and
-     * writes the message to logstream.  Each line will be prefixed by a
-     * descriptive string containing the date, time and identity of the
-     * crypto plugin.  Errors on the logstream are not reported
-     * anywhere, and the default function doesn't flush the stream, so
-     * the application must set the buffering how it wants it.
-     *
-     * The crypto plugin may also provide a facility to have copies of
-     * log messages sent elsewhere, and or for adjusting the verbosity
-     * of the log messages; any such facilities will be configured by
-     * external means.
-     */
-} HWCryptoHook_InitInfo;
-
-typedef
-HWCryptoHook_ContextHandle HWCryptoHook_Init_t(const HWCryptoHook_InitInfo *
-                                               initinfo, size_t initinfosize,
-                                               const HWCryptoHook_ErrMsgBuf *
-                                               errors,
-                                               HWCryptoHook_CallerContext *
-                                               cactx);
-extern HWCryptoHook_Init_t HWCryptoHook_Init;
-
-/*-
- * Caller should set initinfosize to the size of the HWCryptoHook struct,
- * so it can be extended later.
- *
- * On success, a message for display or logging by the server,
- * including the name and version number of the plugin, will be filled
- * in into *errors; on failure *errors is used for error handling, as
- * usual.
- */
-
-/*-
- * All these functions return 0 on success, HWCRYPTOHOOK_ERROR_FAILED
- * on most failures.  HWCRYPTOHOOK_ERROR_MPISIZE means at least one of
- * the output MPI buffer(s) was too small; the sizes of all have been
- * set to the desired size (and for those where the buffer was large
- * enough, the value may have been copied in), and no error message
- * has been recorded.
- *
- * You may pass 0 for the errors struct.  In any case, unless you set
- * _NoStderr at init time then messages may be reported to stderr.
- */
-
-/*-
- * The RSAImmed* functions (and key managed RSA) only work with
- * modules which have an RSA patent licence - currently that means KM
- * units; the ModExp* ones work with all modules, so you need a patent
- * licence in the software in the US.  They are otherwise identical.
- */
-
-typedef
-void HWCryptoHook_Finish_t(HWCryptoHook_ContextHandle hwctx);
-extern HWCryptoHook_Finish_t HWCryptoHook_Finish;
-/* You must not have any calls going or keys loaded when you call this. */
-
-typedef
-int HWCryptoHook_RandomBytes_t(HWCryptoHook_ContextHandle hwctx,
-                               unsigned char *buf, size_t len,
-                               const HWCryptoHook_ErrMsgBuf * errors);
-extern HWCryptoHook_RandomBytes_t HWCryptoHook_RandomBytes;
-
-typedef
-int HWCryptoHook_ModExp_t(HWCryptoHook_ContextHandle hwctx,
-                          HWCryptoHook_MPI a,
-                          HWCryptoHook_MPI p,
-                          HWCryptoHook_MPI n,
-                          HWCryptoHook_MPI * r,
-                          const HWCryptoHook_ErrMsgBuf * errors);
-extern HWCryptoHook_ModExp_t HWCryptoHook_ModExp;
-
-typedef
-int HWCryptoHook_RSAImmedPub_t(HWCryptoHook_ContextHandle hwctx,
-                               HWCryptoHook_MPI m,
-                               HWCryptoHook_MPI e,
-                               HWCryptoHook_MPI n,
-                               HWCryptoHook_MPI * r,
-                               const HWCryptoHook_ErrMsgBuf * errors);
-extern HWCryptoHook_RSAImmedPub_t HWCryptoHook_RSAImmedPub;
-
-typedef
-int HWCryptoHook_ModExpCRT_t(HWCryptoHook_ContextHandle hwctx,
-                             HWCryptoHook_MPI a,
-                             HWCryptoHook_MPI p,
-                             HWCryptoHook_MPI q,
-                             HWCryptoHook_MPI dmp1,
-                             HWCryptoHook_MPI dmq1,
-                             HWCryptoHook_MPI iqmp,
-                             HWCryptoHook_MPI * r,
-                             const HWCryptoHook_ErrMsgBuf * errors);
-extern HWCryptoHook_ModExpCRT_t HWCryptoHook_ModExpCRT;
-
-typedef
-int HWCryptoHook_RSAImmedPriv_t(HWCryptoHook_ContextHandle hwctx,
-                                HWCryptoHook_MPI m,
-                                HWCryptoHook_MPI p,
-                                HWCryptoHook_MPI q,
-                                HWCryptoHook_MPI dmp1,
-                                HWCryptoHook_MPI dmq1,
-                                HWCryptoHook_MPI iqmp,
-                                HWCryptoHook_MPI * r,
-                                const HWCryptoHook_ErrMsgBuf * errors);
-extern HWCryptoHook_RSAImmedPriv_t HWCryptoHook_RSAImmedPriv;
-
-/*-
- * The RSAImmed* and ModExp* functions may return E_FAILED or
- * E_FALLBACK for failure.
- *
- * E_FAILED means the failure is permanent and definite and there
- *    should be no attempt to fall back to software.  (Eg, for some
- *    applications, which support only the acceleration-only
- *    functions, the `key material' may actually be an encoded key
- *    identifier, and doing the operation in software would give wrong
- *    answers.)
- *
- * E_FALLBACK means that doing the computation in software would seem
- *    reasonable.  If an application pays attention to this and is
- *    able to fall back, it should also set the Fallback init flags.
- */
-
-typedef
-int HWCryptoHook_RSALoadKey_t(HWCryptoHook_ContextHandle hwctx,
-                              const char *key_ident,
-                              HWCryptoHook_RSAKeyHandle * keyhandle_r,
-                              const HWCryptoHook_ErrMsgBuf * errors,
-                              HWCryptoHook_PassphraseContext * ppctx);
-extern HWCryptoHook_RSALoadKey_t HWCryptoHook_RSALoadKey;
-/*-
- * The key_ident is a null-terminated string configured by the
- * user via the application's usual configuration mechanisms.
- * It is provided to the user by the crypto provider's key management
- * system.  The user must be able to enter at least any string of between
- * 1 and 1023 characters inclusive, consisting of printable 7-bit
- * ASCII characters.  The provider should avoid using
- * any characters except alphanumerics and the punctuation
- * characters  _ - + . / @ ~  (the user is expected to be able
- * to enter these without quoting).  The string may be case-sensitive.
- * The application may allow the user to enter other NULL-terminated strings,
- * and the provider must cope (returning an error if the string is not
- * valid).
- *
- * If the key does not exist, no error is recorded and 0 is returned;
- * keyhandle_r will be set to 0 instead of to a key handle.
- */
-
-typedef
-int HWCryptoHook_RSAGetPublicKey_t(HWCryptoHook_RSAKeyHandle k,
-                                   HWCryptoHook_MPI * n,
-                                   HWCryptoHook_MPI * e,
-                                   const HWCryptoHook_ErrMsgBuf * errors);
-extern HWCryptoHook_RSAGetPublicKey_t HWCryptoHook_RSAGetPublicKey;
-/*-
- * The crypto plugin will not store certificates.
- *
- * Although this function for acquiring the public key value is
- * provided, it is not the purpose of this API to deal fully with the
- * handling of the public key.
- *
- * It is expected that the crypto supplier's key generation program
- * will provide general facilities for producing X.509
- * self-certificates and certificate requests in PEM format.  These
- * will be given to the user so that they can configure them in the
- * application, send them to CAs, or whatever.
- *
- * In case this kind of certificate handling is not appropriate, the
- * crypto supplier's key generation program should be able to be
- * configured not to generate such a self-certificate or certificate
- * request.  Then the application will need to do all of this, and
- * will need to store and handle the public key and certificates
- * itself.
- */
-
-typedef
-int HWCryptoHook_RSAUnloadKey_t(HWCryptoHook_RSAKeyHandle k,
-                                const HWCryptoHook_ErrMsgBuf * errors);
-extern HWCryptoHook_RSAUnloadKey_t HWCryptoHook_RSAUnloadKey;
-/* Might fail due to locking problems, or other serious internal problems. */
-
-typedef
-int HWCryptoHook_RSA_t(HWCryptoHook_MPI m,
-                       HWCryptoHook_RSAKeyHandle k,
-                       HWCryptoHook_MPI * r,
-                       const HWCryptoHook_ErrMsgBuf * errors);
-extern HWCryptoHook_RSA_t HWCryptoHook_RSA;
-/* RSA private key operation (sign or decrypt) - raw, unpadded. */
-
-#endif                          /* HWCRYPTOHOOK_H */
diff --git a/freebsd/crypto/openssl/engines/vendor_defns/sureware.h b/freebsd/crypto/openssl/engines/vendor_defns/sureware.h
deleted file mode 100644
index b1423e19..00000000
--- a/freebsd/crypto/openssl/engines/vendor_defns/sureware.h
+++ /dev/null
@@ -1,250 +0,0 @@
-/*-
- * Written by Corinne Dive-Reclus(cdive@baltimore.com)
- *
- * Copyright@2001 Baltimore Technologies Ltd.
- *
- * THIS FILE IS PROVIDED BY BALTIMORE TECHNOLOGIES ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL BALTIMORE TECHNOLOGIES BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef WIN32
-# define SW_EXPORT       __declspec ( dllexport )
-#else
-# define SW_EXPORT
-#endif
-
-/*
- *       List of exposed SureWare errors
- */
-#define SUREWAREHOOK_ERROR_FAILED               -1
-#define SUREWAREHOOK_ERROR_FALLBACK             -2
-#define SUREWAREHOOK_ERROR_UNIT_FAILURE -3
-#define SUREWAREHOOK_ERROR_DATA_SIZE -4
-#define SUREWAREHOOK_ERROR_INVALID_PAD -5
-/*-
-* -----------------WARNING-----------------------------------
-* In all the following functions:
-* msg is a string with at least 24 bytes free.
-* A 24 bytes string will be concatenated to the existing content of msg.
-*/
-/*-
-*       SureWare Initialisation function
-*       in param threadsafe, if !=0, thread safe enabled
-*       return SureWareHOOK_ERROR_UNIT_FAILURE if failure, 1 if success
-*/
-typedef int SureWareHook_Init_t(char *const msg, int threadsafe);
-extern SW_EXPORT SureWareHook_Init_t SureWareHook_Init;
-/*-
-*       SureWare Finish function
-*/
-typedef void SureWareHook_Finish_t(void);
-extern SW_EXPORT SureWareHook_Finish_t SureWareHook_Finish;
-/*-
-*        PRE_CONDITION:
-*               DO NOT CALL ANY OF THE FOLLOWING FUNCTIONS IN CASE OF INIT FAILURE
-*/
-/*-
-*       SureWare RAND Bytes function
-*       In case of failure, the content of buf is unpredictable.
-*       return 1 if success
-*                       SureWareHOOK_ERROR_FALLBACK if function not available in hardware
-*                       SureWareHOOK_ERROR_FAILED if error while processing
-*                       SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
-*                       SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
-*
-*       in/out param buf : a num bytes long buffer where random bytes will be put
-*       in param num : the number of bytes into buf
-*/
-typedef int SureWareHook_Rand_Bytes_t(char *const msg, unsigned char *buf,
-                                      int num);
-extern SW_EXPORT SureWareHook_Rand_Bytes_t SureWareHook_Rand_Bytes;
-
-/*-
-*       SureWare RAND Seed function
-*       Adds some seed to the Hardware Random Number Generator
-*       return 1 if success
-*                       SureWareHOOK_ERROR_FALLBACK if function not available in hardware
-*                       SureWareHOOK_ERROR_FAILED if error while processing
-*                       SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
-*                       SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
-*
-*       in param buf : the seed to add into the HRNG
-*       in param num : the number of bytes into buf
-*/
-typedef int SureWareHook_Rand_Seed_t(char *const msg, const void *buf,
-                                     int num);
-extern SW_EXPORT SureWareHook_Rand_Seed_t SureWareHook_Rand_Seed;
-
-/*-
-*       SureWare Load Private Key function
-*       return 1 if success
-*                       SureWareHOOK_ERROR_FAILED if error while processing
-*       No hardware is contact for this function.
-*
-*       in param key_id :the name of the private protected key file without the extension
-                                                ".sws"
-*       out param hptr : a pointer to a buffer allocated by SureWare_Hook
-*       out param num: the effective key length in bytes
-*       out param keytype: 1 if RSA 2 if DSA
-*/
-typedef int SureWareHook_Load_Privkey_t(char *const msg, const char *key_id,
-                                        char **hptr, unsigned long *num,
-                                        char *keytype);
-extern SW_EXPORT SureWareHook_Load_Privkey_t SureWareHook_Load_Privkey;
-
-/*-
-*       SureWare Info Public Key function
-*       return 1 if success
-*                       SureWareHOOK_ERROR_FAILED if error while processing
-*       No hardware is contact for this function.
-*
-*       in param key_id :the name of the private protected key file without the extension
-                                                ".swp"
-*       out param hptr : a pointer to a buffer allocated by SureWare_Hook
-*       out param num: the effective key length in bytes
-*       out param keytype: 1 if RSA 2 if DSA
-*/
-typedef int SureWareHook_Info_Pubkey_t(char *const msg, const char *key_id,
-                                       unsigned long *num, char *keytype);
-extern SW_EXPORT SureWareHook_Info_Pubkey_t SureWareHook_Info_Pubkey;
-
-/*-
-*       SureWare Load Public Key function
-*       return 1 if success
-*                       SureWareHOOK_ERROR_FAILED if error while processing
-*       No hardware is contact for this function.
-*
-*       in param key_id :the name of the public protected key file without the extension
-                                                ".swp"
-*       in param num : the bytes size of n and e
-*       out param n: where to write modulus in bn format
-*       out param e: where to write exponent in bn format
-*/
-typedef int SureWareHook_Load_Rsa_Pubkey_t(char *const msg,
-                                           const char *key_id,
-                                           unsigned long num,
-                                           unsigned long *n,
-                                           unsigned long *e);
-extern SW_EXPORT SureWareHook_Load_Rsa_Pubkey_t SureWareHook_Load_Rsa_Pubkey;
-
-/*-
-*       SureWare Load DSA Public Key function
-*       return 1 if success
-*                       SureWareHOOK_ERROR_FAILED if error while processing
-*       No hardware is contact for this function.
-*
-*       in param key_id :the name of the public protected key file without the extension
-                                                ".swp"
-*       in param num : the bytes size of n and e
-*       out param pub: where to write pub key in bn format
-*       out param p: where to write prime in bn format
-*       out param q: where to write sunprime (length 20 bytes) in bn format
-*       out param g: where to write base in bn format
-*/
-typedef int SureWareHook_Load_Dsa_Pubkey_t(char *const msg,
-                                           const char *key_id,
-                                           unsigned long num,
-                                           unsigned long *pub,
-                                           unsigned long *p, unsigned long *q,
-                                           unsigned long *g);
-extern SW_EXPORT SureWareHook_Load_Dsa_Pubkey_t SureWareHook_Load_Dsa_Pubkey;
-
-/*-
-*       SureWare Free function
-*       Destroy the key into the hardware if destroy==1
-*/
-typedef void SureWareHook_Free_t(char *p, int destroy);
-extern SW_EXPORT SureWareHook_Free_t SureWareHook_Free;
-
-#define SUREWARE_PKCS1_PAD 1
-#define SUREWARE_ISO9796_PAD 2
-#define SUREWARE_NO_PAD 0
-/*-
-* SureWare RSA Private Decryption
-* return 1 if success
-*                       SureWareHOOK_ERROR_FAILED if error while processing
-*                       SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
-*                       SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
-*
-*       in param flen : byte size of from and to
-*       in param from : encrypted data buffer, should be a not-null valid pointer
-*       out param tlen: byte size of decrypted data, if error, unexpected value
-*       out param to : decrypted data buffer, should be a not-null valid pointer
-*   in param prsa: a protected key pointer, should be a not-null valid pointer
-*   int padding: padding id as follow
-*                                       SUREWARE_PKCS1_PAD
-*                                       SUREWARE_NO_PAD
-*
-*/
-typedef int SureWareHook_Rsa_Priv_Dec_t(char *const msg, int flen,
-                                        unsigned char *from, int *tlen,
-                                        unsigned char *to, char *prsa,
-                                        int padding);
-extern SW_EXPORT SureWareHook_Rsa_Priv_Dec_t SureWareHook_Rsa_Priv_Dec;
-/*-
-* SureWare RSA Signature
-* return 1 if success
-*                       SureWareHOOK_ERROR_FAILED if error while processing
-*                       SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
-*                       SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
-*
-*       in param flen : byte size of from and to
-*       in param from : encrypted data buffer, should be a not-null valid pointer
-*       out param tlen: byte size of decrypted data, if error, unexpected value
-*       out param to : decrypted data buffer, should be a not-null valid pointer
-*   in param prsa: a protected key pointer, should be a not-null valid pointer
-*   int padding: padding id as follow
-*                                       SUREWARE_PKCS1_PAD
-*                                       SUREWARE_ISO9796_PAD
-*
-*/
-typedef int SureWareHook_Rsa_Sign_t(char *const msg, int flen,
-                                    unsigned char *from, int *tlen,
-                                    unsigned char *to, char *prsa,
-                                    int padding);
-extern SW_EXPORT SureWareHook_Rsa_Sign_t SureWareHook_Rsa_Sign;
-/*-
-* SureWare DSA Signature
-* return 1 if success
-*                       SureWareHOOK_ERROR_FAILED if error while processing
-*                       SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
-*                       SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
-*
-*       in param flen : byte size of from and to
-*       in param from : encrypted data buffer, should be a not-null valid pointer
-*       out param to : decrypted data buffer, should be a 40bytes valid pointer
-*   in param pdsa: a protected key pointer, should be a not-null valid pointer
-*
-*/
-typedef int SureWareHook_Dsa_Sign_t(char *const msg, int flen,
-                                    const unsigned char *from,
-                                    unsigned long *r, unsigned long *s,
-                                    char *pdsa);
-extern SW_EXPORT SureWareHook_Dsa_Sign_t SureWareHook_Dsa_Sign;
-
-/*-
-* SureWare Mod Exp
-* return 1 if success
-*                       SureWareHOOK_ERROR_FAILED if error while processing
-*                       SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
-*                       SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
-*
-*       mod and res are mlen bytes long.
-*       exp is elen bytes long
-*       data is dlen bytes long
-*       mlen,elen and dlen are all multiple of sizeof(unsigned long)
-*/
-typedef int SureWareHook_Mod_Exp_t(char *const msg, int mlen,
-                                   const unsigned long *mod, int elen,
-                                   const unsigned long *exponent, int dlen,
-                                   unsigned long *data, unsigned long *res);
-extern SW_EXPORT SureWareHook_Mod_Exp_t SureWareHook_Mod_Exp;
diff --git a/freebsd/crypto/openssl/include/internal/bio.h b/freebsd/crypto/openssl/include/internal/bio.h
new file mode 100644
index 00000000..c343b276
--- /dev/null
+++ b/freebsd/crypto/openssl/include/internal/bio.h
@@ -0,0 +1,33 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/bio.h>
+
+struct bio_method_st {
+    int type;
+    char *name;
+    int (*bwrite) (BIO *, const char *, size_t, size_t *);
+    int (*bwrite_old) (BIO *, const char *, int);
+    int (*bread) (BIO *, char *, size_t, size_t *);
+    int (*bread_old) (BIO *, char *, int);
+    int (*bputs) (BIO *, const char *);
+    int (*bgets) (BIO *, char *, int);
+    long (*ctrl) (BIO *, int, long, void *);
+    int (*create) (BIO *);
+    int (*destroy) (BIO *);
+    long (*callback_ctrl) (BIO *, int, BIO_info_cb *);
+};
+
+void bio_free_ex_data(BIO *bio);
+void bio_cleanup(void);
+
+
+/* Old style to new style BIO_METHOD conversion functions */
+int bwrite_conv(BIO *bio, const char *data, size_t datal, size_t *written);
+int bread_conv(BIO *bio, char *data, size_t datal, size_t *read);
diff --git a/freebsd/crypto/openssl/include/internal/comp.h b/freebsd/crypto/openssl/include/internal/comp.h
new file mode 100644
index 00000000..ac6e38b4
--- /dev/null
+++ b/freebsd/crypto/openssl/include/internal/comp.h
@@ -0,0 +1,12 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/comp.h>
+
+void comp_zlib_cleanup_int(void);
diff --git a/freebsd/crypto/openssl/include/internal/conf.h b/freebsd/crypto/openssl/include/internal/conf.h
new file mode 100644
index 00000000..dc1e7250
--- /dev/null
+++ b/freebsd/crypto/openssl/include/internal/conf.h
@@ -0,0 +1,23 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_INTERNAL_CONF_H
+# define HEADER_INTERNAL_CONF_H
+
+#include <openssl/conf.h>
+
+struct ossl_init_settings_st {
+    char *appname;
+};
+
+void openssl_config_int(const char *appname);
+void openssl_no_config_int(void);
+void conf_modules_free_int(void);
+
+#endif
diff --git a/freebsd/crypto/openssl/include/internal/constant_time_locl.h b/freebsd/crypto/openssl/include/internal/constant_time_locl.h
new file mode 100644
index 00000000..82ff7465
--- /dev/null
+++ b/freebsd/crypto/openssl/include/internal/constant_time_locl.h
@@ -0,0 +1,327 @@
+/*
+ * Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CONSTANT_TIME_LOCL_H
+# define HEADER_CONSTANT_TIME_LOCL_H
+
+# include <stdlib.h>
+# include <string.h>
+# include <openssl/e_os2.h>              /* For 'ossl_inline' */
+
+/*-
+ * The boolean methods return a bitmask of all ones (0xff...f) for true
+ * and 0 for false. This is useful for choosing a value based on the result
+ * of a conditional in constant time. For example,
+ *      if (a < b) {
+ *        c = a;
+ *      } else {
+ *        c = b;
+ *      }
+ * can be written as
+ *      unsigned int lt = constant_time_lt(a, b);
+ *      c = constant_time_select(lt, a, b);
+ */
+
+/* Returns the given value with the MSB copied to all the other bits. */
+static ossl_inline unsigned int constant_time_msb(unsigned int a);
+/* Convenience method for uint32_t. */
+static ossl_inline uint32_t constant_time_msb_32(uint32_t a);
+/* Convenience method for uint64_t. */
+static ossl_inline uint64_t constant_time_msb_64(uint64_t a);
+
+/* Returns 0xff..f if a < b and 0 otherwise. */
+static ossl_inline unsigned int constant_time_lt(unsigned int a,
+                                                 unsigned int b);
+/* Convenience method for getting an 8-bit mask. */
+static ossl_inline unsigned char constant_time_lt_8(unsigned int a,
+                                                    unsigned int b);
+/* Convenience method for uint64_t. */
+static ossl_inline uint64_t constant_time_lt_64(uint64_t a, uint64_t b);
+
+/* Returns 0xff..f if a >= b and 0 otherwise. */
+static ossl_inline unsigned int constant_time_ge(unsigned int a,
+                                                 unsigned int b);
+/* Convenience method for getting an 8-bit mask. */
+static ossl_inline unsigned char constant_time_ge_8(unsigned int a,
+                                                    unsigned int b);
+
+/* Returns 0xff..f if a == 0 and 0 otherwise. */
+static ossl_inline unsigned int constant_time_is_zero(unsigned int a);
+/* Convenience method for getting an 8-bit mask. */
+static ossl_inline unsigned char constant_time_is_zero_8(unsigned int a);
+/* Convenience method for getting a 32-bit mask. */
+static ossl_inline uint32_t constant_time_is_zero_32(uint32_t a);
+
+/* Returns 0xff..f if a == b and 0 otherwise. */
+static ossl_inline unsigned int constant_time_eq(unsigned int a,
+                                                 unsigned int b);
+/* Convenience method for getting an 8-bit mask. */
+static ossl_inline unsigned char constant_time_eq_8(unsigned int a,
+                                                    unsigned int b);
+/* Signed integers. */
+static ossl_inline unsigned int constant_time_eq_int(int a, int b);
+/* Convenience method for getting an 8-bit mask. */
+static ossl_inline unsigned char constant_time_eq_int_8(int a, int b);
+
+/*-
+ * Returns (mask & a) | (~mask & b).
+ *
+ * When |mask| is all 1s or all 0s (as returned by the methods above),
+ * the select methods return either |a| (if |mask| is nonzero) or |b|
+ * (if |mask| is zero).
+ */
+static ossl_inline unsigned int constant_time_select(unsigned int mask,
+                                                     unsigned int a,
+                                                     unsigned int b);
+/* Convenience method for unsigned chars. */
+static ossl_inline unsigned char constant_time_select_8(unsigned char mask,
+                                                        unsigned char a,
+                                                        unsigned char b);
+
+/* Convenience method for uint32_t. */
+static ossl_inline uint32_t constant_time_select_32(uint32_t mask, uint32_t a,
+                                                    uint32_t b);
+
+/* Convenience method for uint64_t. */
+static ossl_inline uint64_t constant_time_select_64(uint64_t mask, uint64_t a,
+                                                    uint64_t b);
+/* Convenience method for signed integers. */
+static ossl_inline int constant_time_select_int(unsigned int mask, int a,
+                                                int b);
+
+
+static ossl_inline unsigned int constant_time_msb(unsigned int a)
+{
+    return 0 - (a >> (sizeof(a) * 8 - 1));
+}
+
+
+static ossl_inline uint32_t constant_time_msb_32(uint32_t a)
+{
+    return 0 - (a >> 31);
+}
+
+static ossl_inline uint64_t constant_time_msb_64(uint64_t a)
+{
+    return 0 - (a >> 63);
+}
+
+static ossl_inline size_t constant_time_msb_s(size_t a)
+{
+    return 0 - (a >> (sizeof(a) * 8 - 1));
+}
+
+static ossl_inline unsigned int constant_time_lt(unsigned int a,
+                                                 unsigned int b)
+{
+    return constant_time_msb(a ^ ((a ^ b) | ((a - b) ^ b)));
+}
+
+static ossl_inline size_t constant_time_lt_s(size_t a, size_t b)
+{
+    return constant_time_msb_s(a ^ ((a ^ b) | ((a - b) ^ b)));
+}
+
+static ossl_inline unsigned char constant_time_lt_8(unsigned int a,
+                                                    unsigned int b)
+{
+    return (unsigned char)constant_time_lt(a, b);
+}
+
+static ossl_inline uint64_t constant_time_lt_64(uint64_t a, uint64_t b)
+{
+    return constant_time_msb_64(a ^ ((a ^ b) | ((a - b) ^ b)));
+}
+
+static ossl_inline unsigned int constant_time_ge(unsigned int a,
+                                                 unsigned int b)
+{
+    return ~constant_time_lt(a, b);
+}
+
+static ossl_inline size_t constant_time_ge_s(size_t a, size_t b)
+{
+    return ~constant_time_lt_s(a, b);
+}
+
+static ossl_inline unsigned char constant_time_ge_8(unsigned int a,
+                                                    unsigned int b)
+{
+    return (unsigned char)constant_time_ge(a, b);
+}
+
+static ossl_inline unsigned char constant_time_ge_8_s(size_t a, size_t b)
+{
+    return (unsigned char)constant_time_ge_s(a, b);
+}
+
+static ossl_inline unsigned int constant_time_is_zero(unsigned int a)
+{
+    return constant_time_msb(~a & (a - 1));
+}
+
+static ossl_inline size_t constant_time_is_zero_s(size_t a)
+{
+    return constant_time_msb_s(~a & (a - 1));
+}
+
+static ossl_inline unsigned char constant_time_is_zero_8(unsigned int a)
+{
+    return (unsigned char)constant_time_is_zero(a);
+}
+
+static ossl_inline uint32_t constant_time_is_zero_32(uint32_t a)
+{
+    return constant_time_msb_32(~a & (a - 1));
+}
+
+static ossl_inline unsigned int constant_time_eq(unsigned int a,
+                                                 unsigned int b)
+{
+    return constant_time_is_zero(a ^ b);
+}
+
+static ossl_inline size_t constant_time_eq_s(size_t a, size_t b)
+{
+    return constant_time_is_zero_s(a ^ b);
+}
+
+static ossl_inline unsigned char constant_time_eq_8(unsigned int a,
+                                                    unsigned int b)
+{
+    return (unsigned char)constant_time_eq(a, b);
+}
+
+static ossl_inline unsigned char constant_time_eq_8_s(size_t a, size_t b)
+{
+    return (unsigned char)constant_time_eq_s(a, b);
+}
+
+static ossl_inline unsigned int constant_time_eq_int(int a, int b)
+{
+    return constant_time_eq((unsigned)(a), (unsigned)(b));
+}
+
+static ossl_inline unsigned char constant_time_eq_int_8(int a, int b)
+{
+    return constant_time_eq_8((unsigned)(a), (unsigned)(b));
+}
+
+static ossl_inline unsigned int constant_time_select(unsigned int mask,
+                                                     unsigned int a,
+                                                     unsigned int b)
+{
+    return (mask & a) | (~mask & b);
+}
+
+static ossl_inline size_t constant_time_select_s(size_t mask,
+                                                 size_t a,
+                                                 size_t b)
+{
+    return (mask & a) | (~mask & b);
+}
+
+static ossl_inline unsigned char constant_time_select_8(unsigned char mask,
+                                                        unsigned char a,
+                                                        unsigned char b)
+{
+    return (unsigned char)constant_time_select(mask, a, b);
+}
+
+static ossl_inline int constant_time_select_int(unsigned int mask, int a,
+                                                int b)
+{
+    return (int)constant_time_select(mask, (unsigned)(a), (unsigned)(b));
+}
+
+static ossl_inline int constant_time_select_int_s(size_t mask, int a, int b)
+{
+    return (int)constant_time_select((unsigned)mask, (unsigned)(a),
+                                      (unsigned)(b));
+}
+
+static ossl_inline uint32_t constant_time_select_32(uint32_t mask, uint32_t a,
+                                                    uint32_t b)
+{
+    return (mask & a) | (~mask & b);
+}
+
+static ossl_inline uint64_t constant_time_select_64(uint64_t mask, uint64_t a,
+                                                    uint64_t b)
+{
+    return (mask & a) | (~mask & b);
+}
+
+/*
+ * mask must be 0xFFFFFFFF or 0x00000000.
+ *
+ * if (mask) {
+ *     uint32_t tmp = *a;
+ *
+ *     *a = *b;
+ *     *b = tmp;
+ * }
+ */
+static ossl_inline void constant_time_cond_swap_32(uint32_t mask, uint32_t *a,
+                                                   uint32_t *b)
+{
+    uint32_t xor = *a ^ *b;
+
+    xor &= mask;
+    *a ^= xor;
+    *b ^= xor;
+}
+
+/*
+ * mask must be 0xFFFFFFFF or 0x00000000.
+ *
+ * if (mask) {
+ *     uint64_t tmp = *a;
+ *
+ *     *a = *b;
+ *     *b = tmp;
+ * }
+ */
+static ossl_inline void constant_time_cond_swap_64(uint64_t mask, uint64_t *a,
+                                                   uint64_t *b)
+{
+    uint64_t xor = *a ^ *b;
+
+    xor &= mask;
+    *a ^= xor;
+    *b ^= xor;
+}
+
+/*
+ * table is a two dimensional array of bytes. Each row has rowsize elements.
+ * Copies row number idx into out. rowsize and numrows are not considered
+ * private.
+ */
+static ossl_inline void constant_time_lookup(void *out,
+                                             const void *table,
+                                             size_t rowsize,
+                                             size_t numrows,
+                                             size_t idx)
+{
+    size_t i, j;
+    const unsigned char *tablec = (const unsigned char *)table;
+    unsigned char *outc = (unsigned char *)out;
+    unsigned char mask;
+
+    memset(out, 0, rowsize);
+
+    /* Note idx may underflow - but that is well defined */
+    for (i = 0; i < numrows; i++, idx--) {
+        mask = (unsigned char)constant_time_is_zero_s(idx);
+        for (j = 0; j < rowsize; j++)
+            *(outc + j) |= constant_time_select_8(mask, *(tablec++), 0);
+    }
+}
+
+#endif                          /* HEADER_CONSTANT_TIME_LOCL_H */
diff --git a/freebsd/crypto/openssl/include/internal/cryptlib.h b/freebsd/crypto/openssl/include/internal/cryptlib.h
new file mode 100644
index 00000000..a6087351
--- /dev/null
+++ b/freebsd/crypto/openssl/include/internal/cryptlib.h
@@ -0,0 +1,94 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CRYPTLIB_H
+# define HEADER_CRYPTLIB_H
+
+# include <stdlib.h>
+# include <string.h>
+
+# ifdef OPENSSL_USE_APPLINK
+#  undef BIO_FLAGS_UPLINK
+#  define BIO_FLAGS_UPLINK 0x8000
+#  include "ms/uplink.h"
+# endif
+
+# include <openssl/crypto.h>
+# include <openssl/buffer.h>
+# include <openssl/bio.h>
+# include <openssl/err.h>
+# include "internal/nelem.h"
+
+#ifdef NDEBUG
+# define ossl_assert(x) ((x) != 0)
+#else
+__owur static ossl_inline int ossl_assert_int(int expr, const char *exprstr,
+                                              const char *file, int line)
+{
+    if (!expr)
+        OPENSSL_die(exprstr, file, line);
+
+    return expr;
+}
+
+# define ossl_assert(x) ossl_assert_int((x) != 0, "Assertion failed: "#x, \
+                                         __FILE__, __LINE__)
+
+#endif
+
+typedef struct ex_callback_st EX_CALLBACK;
+
+DEFINE_STACK_OF(EX_CALLBACK)
+
+typedef struct app_mem_info_st APP_INFO;
+
+typedef struct mem_st MEM;
+DEFINE_LHASH_OF(MEM);
+
+# define OPENSSL_CONF             "openssl.cnf"
+
+# ifndef OPENSSL_SYS_VMS
+#  define X509_CERT_AREA          OPENSSLDIR
+#  define X509_CERT_DIR           OPENSSLDIR "/certs"
+#  define X509_CERT_FILE          OPENSSLDIR "/cert.pem"
+#  define X509_PRIVATE_DIR        OPENSSLDIR "/private"
+#  define CTLOG_FILE              OPENSSLDIR "/ct_log_list.cnf"
+# else
+#  define X509_CERT_AREA          "OSSL$DATAROOT:[000000]"
+#  define X509_CERT_DIR           "OSSL$DATAROOT:[CERTS]"
+#  define X509_CERT_FILE          "OSSL$DATAROOT:[000000]cert.pem"
+#  define X509_PRIVATE_DIR        "OSSL$DATAROOT:[PRIVATE]"
+#  define CTLOG_FILE              "OSSL$DATAROOT:[000000]ct_log_list.cnf"
+# endif
+
+# define X509_CERT_DIR_EVP        "SSL_CERT_DIR"
+# define X509_CERT_FILE_EVP       "SSL_CERT_FILE"
+# define CTLOG_FILE_EVP           "CTLOG_FILE"
+
+/* size of string representations */
+# define DECIMAL_SIZE(type)      ((sizeof(type)*8+2)/3+1)
+# define HEX_SIZE(type)          (sizeof(type)*2)
+
+void OPENSSL_cpuid_setup(void);
+extern unsigned int OPENSSL_ia32cap_P[];
+void OPENSSL_showfatal(const char *fmta, ...);
+void crypto_cleanup_all_ex_data_int(void);
+int openssl_init_fork_handlers(void);
+
+extern CRYPTO_RWLOCK *memdbg_lock;
+int openssl_strerror_r(int errnum, char *buf, size_t buflen);
+# if !defined(OPENSSL_NO_STDIO)
+FILE *openssl_fopen(const char *filename, const char *mode);
+# else
+void *openssl_fopen(const char *filename, const char *mode);
+# endif
+
+uint32_t OPENSSL_rdtsc(void);
+
+#endif
diff --git a/freebsd/crypto/openssl/include/internal/dane.h b/freebsd/crypto/openssl/include/internal/dane.h
new file mode 100644
index 00000000..a1cb5488
--- /dev/null
+++ b/freebsd/crypto/openssl/include/internal/dane.h
@@ -0,0 +1,103 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_INTERNAL_DANE_H
+#define HEADER_INTERNAL_DANE_H
+
+#include <openssl/safestack.h>
+
+/*-
+ * Certificate usages:
+ * https://tools.ietf.org/html/rfc6698#section-2.1.1
+ */
+#define DANETLS_USAGE_PKIX_TA   0
+#define DANETLS_USAGE_PKIX_EE   1
+#define DANETLS_USAGE_DANE_TA   2
+#define DANETLS_USAGE_DANE_EE   3
+#define DANETLS_USAGE_LAST      DANETLS_USAGE_DANE_EE
+
+/*-
+ * Selectors:
+ * https://tools.ietf.org/html/rfc6698#section-2.1.2
+ */
+#define DANETLS_SELECTOR_CERT   0
+#define DANETLS_SELECTOR_SPKI   1
+#define DANETLS_SELECTOR_LAST   DANETLS_SELECTOR_SPKI
+
+/*-
+ * Matching types:
+ * https://tools.ietf.org/html/rfc6698#section-2.1.3
+ */
+#define DANETLS_MATCHING_FULL   0
+#define DANETLS_MATCHING_2256   1
+#define DANETLS_MATCHING_2512   2
+#define DANETLS_MATCHING_LAST   DANETLS_MATCHING_2512
+
+typedef struct danetls_record_st {
+    uint8_t usage;
+    uint8_t selector;
+    uint8_t mtype;
+    unsigned char *data;
+    size_t dlen;
+    EVP_PKEY *spki;
+} danetls_record;
+
+DEFINE_STACK_OF(danetls_record)
+
+/*
+ * Shared DANE context
+ */
+struct dane_ctx_st {
+    const EVP_MD  **mdevp;      /* mtype -> digest */
+    uint8_t        *mdord;      /* mtype -> preference */
+    uint8_t         mdmax;      /* highest supported mtype */
+    unsigned long   flags;      /* feature bitmask */
+};
+
+/*
+ * Per connection DANE state
+ */
+struct ssl_dane_st {
+    struct dane_ctx_st *dctx;
+    STACK_OF(danetls_record) *trecs;
+    STACK_OF(X509) *certs;      /* DANE-TA(2) Cert(0) Full(0) certs */
+    danetls_record *mtlsa;      /* Matching TLSA record */
+    X509           *mcert;      /* DANE matched cert */
+    uint32_t        umask;      /* Usages present */
+    int             mdpth;      /* Depth of matched cert */
+    int             pdpth;      /* Depth of PKIX trust */
+    unsigned long   flags;      /* feature bitmask */
+};
+
+#define DANETLS_ENABLED(dane)  \
+    ((dane) != NULL && sk_danetls_record_num((dane)->trecs) > 0)
+
+#define DANETLS_USAGE_BIT(u)   (((uint32_t)1) << u)
+
+#define DANETLS_PKIX_TA_MASK (DANETLS_USAGE_BIT(DANETLS_USAGE_PKIX_TA))
+#define DANETLS_PKIX_EE_MASK (DANETLS_USAGE_BIT(DANETLS_USAGE_PKIX_EE))
+#define DANETLS_DANE_TA_MASK (DANETLS_USAGE_BIT(DANETLS_USAGE_DANE_TA))
+#define DANETLS_DANE_EE_MASK (DANETLS_USAGE_BIT(DANETLS_USAGE_DANE_EE))
+
+#define DANETLS_PKIX_MASK (DANETLS_PKIX_TA_MASK | DANETLS_PKIX_EE_MASK)
+#define DANETLS_DANE_MASK (DANETLS_DANE_TA_MASK | DANETLS_DANE_EE_MASK)
+#define DANETLS_TA_MASK (DANETLS_PKIX_TA_MASK | DANETLS_DANE_TA_MASK)
+#define DANETLS_EE_MASK (DANETLS_PKIX_EE_MASK | DANETLS_DANE_EE_MASK)
+
+#define DANETLS_HAS_PKIX(dane) ((dane) && ((dane)->umask & DANETLS_PKIX_MASK))
+#define DANETLS_HAS_DANE(dane) ((dane) && ((dane)->umask & DANETLS_DANE_MASK))
+#define DANETLS_HAS_TA(dane)   ((dane) && ((dane)->umask & DANETLS_TA_MASK))
+#define DANETLS_HAS_EE(dane)   ((dane) && ((dane)->umask & DANETLS_EE_MASK))
+
+#define DANETLS_HAS_PKIX_TA(dane) ((dane)&&((dane)->umask & DANETLS_PKIX_TA_MASK))
+#define DANETLS_HAS_PKIX_EE(dane) ((dane)&&((dane)->umask & DANETLS_PKIX_EE_MASK))
+#define DANETLS_HAS_DANE_TA(dane) ((dane)&&((dane)->umask & DANETLS_DANE_TA_MASK))
+#define DANETLS_HAS_DANE_EE(dane) ((dane)&&((dane)->umask & DANETLS_DANE_EE_MASK))
+
+#endif /* HEADER_INTERNAL_DANE_H */
diff --git a/freebsd/crypto/openssl/include/internal/dso.h b/freebsd/crypto/openssl/include/internal/dso.h
new file mode 100644
index 00000000..eb5f7d53
--- /dev/null
+++ b/freebsd/crypto/openssl/include/internal/dso.h
@@ -0,0 +1,165 @@
+/*
+ * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_DSO_H
+# define HEADER_DSO_H
+
+# include <openssl/crypto.h>
+# include "internal/dsoerr.h"
+
+/* These values are used as commands to DSO_ctrl() */
+# define DSO_CTRL_GET_FLAGS      1
+# define DSO_CTRL_SET_FLAGS      2
+# define DSO_CTRL_OR_FLAGS       3
+
+/*
+ * By default, DSO_load() will translate the provided filename into a form
+ * typical for the platform using the dso_name_converter function of the
+ * method. Eg. win32 will transform "blah" into "blah.dll", and dlfcn will
+ * transform it into "libblah.so". This callback could even utilise the
+ * DSO_METHOD's converter too if it only wants to override behaviour for
+ * one or two possible DSO methods. However, the following flag can be
+ * set in a DSO to prevent *any* native name-translation at all - eg. if
+ * the caller has prompted the user for a path to a driver library so the
+ * filename should be interpreted as-is.
+ */
+# define DSO_FLAG_NO_NAME_TRANSLATION            0x01
+/*
+ * An extra flag to give if only the extension should be added as
+ * translation.  This is obviously only of importance on Unix and other
+ * operating systems where the translation also may prefix the name with
+ * something, like 'lib', and ignored everywhere else. This flag is also
+ * ignored if DSO_FLAG_NO_NAME_TRANSLATION is used at the same time.
+ */
+# define DSO_FLAG_NAME_TRANSLATION_EXT_ONLY      0x02
+
+/*
+ * Don't unload the DSO when we call DSO_free()
+ */
+# define DSO_FLAG_NO_UNLOAD_ON_FREE              0x04
+
+/*
+ * This flag loads the library with public symbols. Meaning: The exported
+ * symbols of this library are public to all libraries loaded after this
+ * library. At the moment only implemented in unix.
+ */
+# define DSO_FLAG_GLOBAL_SYMBOLS                 0x20
+
+typedef void (*DSO_FUNC_TYPE) (void);
+
+typedef struct dso_st DSO;
+typedef struct dso_meth_st DSO_METHOD;
+
+/*
+ * The function prototype used for method functions (or caller-provided
+ * callbacks) that transform filenames. They are passed a DSO structure
+ * pointer (or NULL if they are to be used independently of a DSO object) and
+ * a filename to transform. They should either return NULL (if there is an
+ * error condition) or a newly allocated string containing the transformed
+ * form that the caller will need to free with OPENSSL_free() when done.
+ */
+typedef char *(*DSO_NAME_CONVERTER_FUNC)(DSO *, const char *);
+/*
+ * The function prototype used for method functions (or caller-provided
+ * callbacks) that merge two file specifications. They are passed a DSO
+ * structure pointer (or NULL if they are to be used independently of a DSO
+ * object) and two file specifications to merge. They should either return
+ * NULL (if there is an error condition) or a newly allocated string
+ * containing the result of merging that the caller will need to free with
+ * OPENSSL_free() when done. Here, merging means that bits and pieces are
+ * taken from each of the file specifications and added together in whatever
+ * fashion that is sensible for the DSO method in question.  The only rule
+ * that really applies is that if the two specification contain pieces of the
+ * same type, the copy from the first string takes priority.  One could see
+ * it as the first specification is the one given by the user and the second
+ * being a bunch of defaults to add on if they're missing in the first.
+ */
+typedef char *(*DSO_MERGER_FUNC)(DSO *, const char *, const char *);
+
+DSO *DSO_new(void);
+int DSO_free(DSO *dso);
+int DSO_flags(DSO *dso);
+int DSO_up_ref(DSO *dso);
+long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg);
+
+/*
+ * These functions can be used to get/set the platform-independent filename
+ * used for a DSO. NB: set will fail if the DSO is already loaded.
+ */
+const char *DSO_get_filename(DSO *dso);
+int DSO_set_filename(DSO *dso, const char *filename);
+/*
+ * This function will invoke the DSO's name_converter callback to translate a
+ * filename, or if the callback isn't set it will instead use the DSO_METHOD's
+ * converter. If "filename" is NULL, the "filename" in the DSO itself will be
+ * used. If the DSO_FLAG_NO_NAME_TRANSLATION flag is set, then the filename is
+ * simply duplicated. NB: This function is usually called from within a
+ * DSO_METHOD during the processing of a DSO_load() call, and is exposed so
+ * that caller-created DSO_METHODs can do the same thing. A non-NULL return
+ * value will need to be OPENSSL_free()'d.
+ */
+char *DSO_convert_filename(DSO *dso, const char *filename);
+/*
+ * This function will invoke the DSO's merger callback to merge two file
+ * specifications, or if the callback isn't set it will instead use the
+ * DSO_METHOD's merger.  A non-NULL return value will need to be
+ * OPENSSL_free()'d.
+ */
+char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2);
+
+/*
+ * The all-singing all-dancing load function, you normally pass NULL for the
+ * first and third parameters. Use DSO_up_ref and DSO_free for subsequent
+ * reference count handling. Any flags passed in will be set in the
+ * constructed DSO after its init() function but before the load operation.
+ * If 'dso' is non-NULL, 'flags' is ignored.
+ */
+DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags);
+
+/* This function binds to a function inside a shared library. */
+DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname);
+
+/*
+ * This method is the default, but will beg, borrow, or steal whatever method
+ * should be the default on any particular platform (including
+ * DSO_METH_null() if necessary).
+ */
+DSO_METHOD *DSO_METHOD_openssl(void);
+
+/*
+ * This function writes null-terminated pathname of DSO module containing
+ * 'addr' into 'sz' large caller-provided 'path' and returns the number of
+ * characters [including trailing zero] written to it. If 'sz' is 0 or
+ * negative, 'path' is ignored and required amount of characters [including
+ * trailing zero] to accommodate pathname is returned. If 'addr' is NULL, then
+ * pathname of cryptolib itself is returned. Negative or zero return value
+ * denotes error.
+ */
+int DSO_pathbyaddr(void *addr, char *path, int sz);
+
+/*
+ * Like DSO_pathbyaddr() but instead returns a handle to the DSO for the symbol
+ * or NULL on error.
+ */
+DSO *DSO_dsobyaddr(void *addr, int flags);
+
+/*
+ * This function should be used with caution! It looks up symbols in *all*
+ * loaded modules and if module gets unloaded by somebody else attempt to
+ * dereference the pointer is doomed to have fatal consequences. Primary
+ * usage for this function is to probe *core* system functionality, e.g.
+ * check if getnameinfo(3) is available at run-time without bothering about
+ * OS-specific details such as libc.so.versioning or where does it actually
+ * reside: in libc itself or libsocket.
+ */
+void *DSO_global_lookup(const char *name);
+
+int ERR_load_DSO_strings(void);
+
+#endif
diff --git a/freebsd/crypto/openssl/include/internal/dsoerr.h b/freebsd/crypto/openssl/include/internal/dsoerr.h
new file mode 100644
index 00000000..a54a1854
--- /dev/null
+++ b/freebsd/crypto/openssl/include/internal/dsoerr.h
@@ -0,0 +1,83 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_DSOERR_H
+# define HEADER_DSOERR_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_DSO
+
+#  ifdef  __cplusplus
+extern "C"
+#  endif
+int ERR_load_DSO_strings(void);
+
+/*
+ * DSO function codes.
+ */
+#  define DSO_F_DLFCN_BIND_FUNC                            100
+#  define DSO_F_DLFCN_LOAD                                 102
+#  define DSO_F_DLFCN_MERGER                               130
+#  define DSO_F_DLFCN_NAME_CONVERTER                       123
+#  define DSO_F_DLFCN_UNLOAD                               103
+#  define DSO_F_DL_BIND_FUNC                               104
+#  define DSO_F_DL_LOAD                                    106
+#  define DSO_F_DL_MERGER                                  131
+#  define DSO_F_DL_NAME_CONVERTER                          124
+#  define DSO_F_DL_UNLOAD                                  107
+#  define DSO_F_DSO_BIND_FUNC                              108
+#  define DSO_F_DSO_CONVERT_FILENAME                       126
+#  define DSO_F_DSO_CTRL                                   110
+#  define DSO_F_DSO_FREE                                   111
+#  define DSO_F_DSO_GET_FILENAME                           127
+#  define DSO_F_DSO_GLOBAL_LOOKUP                          139
+#  define DSO_F_DSO_LOAD                                   112
+#  define DSO_F_DSO_MERGE                                  132
+#  define DSO_F_DSO_NEW_METHOD                             113
+#  define DSO_F_DSO_PATHBYADDR                             105
+#  define DSO_F_DSO_SET_FILENAME                           129
+#  define DSO_F_DSO_UP_REF                                 114
+#  define DSO_F_VMS_BIND_SYM                               115
+#  define DSO_F_VMS_LOAD                                   116
+#  define DSO_F_VMS_MERGER                                 133
+#  define DSO_F_VMS_UNLOAD                                 117
+#  define DSO_F_WIN32_BIND_FUNC                            101
+#  define DSO_F_WIN32_GLOBALLOOKUP                         142
+#  define DSO_F_WIN32_JOINER                               135
+#  define DSO_F_WIN32_LOAD                                 120
+#  define DSO_F_WIN32_MERGER                               134
+#  define DSO_F_WIN32_NAME_CONVERTER                       125
+#  define DSO_F_WIN32_PATHBYADDR                           109
+#  define DSO_F_WIN32_SPLITTER                             136
+#  define DSO_F_WIN32_UNLOAD                               121
+
+/*
+ * DSO reason codes.
+ */
+#  define DSO_R_CTRL_FAILED                                100
+#  define DSO_R_DSO_ALREADY_LOADED                         110
+#  define DSO_R_EMPTY_FILE_STRUCTURE                       113
+#  define DSO_R_FAILURE                                    114
+#  define DSO_R_FILENAME_TOO_BIG                           101
+#  define DSO_R_FINISH_FAILED                              102
+#  define DSO_R_INCORRECT_FILE_SYNTAX                      115
+#  define DSO_R_LOAD_FAILED                                103
+#  define DSO_R_NAME_TRANSLATION_FAILED                    109
+#  define DSO_R_NO_FILENAME                                111
+#  define DSO_R_NULL_HANDLE                                104
+#  define DSO_R_SET_FILENAME_FAILED                        112
+#  define DSO_R_STACK_ERROR                                105
+#  define DSO_R_SYM_FAILURE                                106
+#  define DSO_R_UNLOAD_FAILED                              107
+#  define DSO_R_UNSUPPORTED                                108
+
+# endif
+#endif
diff --git a/freebsd/crypto/openssl/include/internal/err.h b/freebsd/crypto/openssl/include/internal/err.h
new file mode 100644
index 00000000..d46b8bdb
--- /dev/null
+++ b/freebsd/crypto/openssl/include/internal/err.h
@@ -0,0 +1,15 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef INTERNAL_ERR_H
+# define INTERNAL_ERR_H
+
+void err_free_strings_int(void);
+
+#endif
diff --git a/freebsd/crypto/openssl/include/internal/nelem.h b/freebsd/crypto/openssl/include/internal/nelem.h
new file mode 100644
index 00000000..d65a21a9
--- /dev/null
+++ b/freebsd/crypto/openssl/include/internal/nelem.h
@@ -0,0 +1,14 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_NELEM_H
+# define HEADER_NELEM_H
+
+# define OSSL_NELEM(x)    (sizeof(x)/sizeof((x)[0]))
+#endif
diff --git a/freebsd/crypto/openssl/include/internal/numbers.h b/freebsd/crypto/openssl/include/internal/numbers.h
new file mode 100644
index 00000000..31931df3
--- /dev/null
+++ b/freebsd/crypto/openssl/include/internal/numbers.h
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_NUMBERS_H
+# define HEADER_NUMBERS_H
+
+# include <limits.h>
+
+# if (-1 & 3) == 0x03		/* Two's complement */
+
+#  define __MAXUINT__(T) ((T) -1)
+#  define __MAXINT__(T) ((T) ((((T) 1) << ((sizeof(T) * CHAR_BIT) - 1)) ^ __MAXUINT__(T)))
+#  define __MININT__(T) (-__MAXINT__(T) - 1)
+
+# elif (-1 & 3) == 0x02		/* One's complement */
+
+#  define __MAXUINT__(T) (((T) -1) + 1)
+#  define __MAXINT__(T) ((T) ((((T) 1) << ((sizeof(T) * CHAR_BIT) - 1)) ^ __MAXUINT__(T)))
+#  define __MININT__(T) (-__MAXINT__(T))
+
+# elif (-1 & 3) == 0x01		/* Sign/magnitude */
+
+#  define __MAXINT__(T) ((T) (((((T) 1) << ((sizeof(T) * CHAR_BIT) - 2)) - 1) | (((T) 1) << ((sizeof(T) * CHAR_BIT) - 2))))
+#  define __MAXUINT__(T) ((T) (__MAXINT__(T) | (((T) 1) << ((sizeof(T) * CHAR_BIT) - 1))))
+#  define __MININT__(T) (-__MAXINT__(T))
+
+# else
+
+#  error "do not know the integer encoding on this architecture"
+
+# endif
+
+# ifndef INT8_MAX
+#  define INT8_MIN __MININT__(int8_t)
+#  define INT8_MAX __MAXINT__(int8_t)
+#  define UINT8_MAX __MAXUINT__(uint8_t)
+# endif
+
+# ifndef INT16_MAX
+#  define INT16_MIN __MININT__(int16_t)
+#  define INT16_MAX __MAXINT__(int16_t)
+#  define UINT16_MAX __MAXUINT__(uint16_t)
+# endif
+
+# ifndef INT32_MAX
+#  define INT32_MIN __MININT__(int32_t)
+#  define INT32_MAX __MAXINT__(int32_t)
+#  define UINT32_MAX __MAXUINT__(uint32_t)
+# endif
+
+# ifndef INT64_MAX
+#  define INT64_MIN __MININT__(int64_t)
+#  define INT64_MAX __MAXINT__(int64_t)
+#  define UINT64_MAX __MAXUINT__(uint64_t)
+# endif
+
+# ifndef SIZE_MAX
+#  define SIZE_MAX __MAXUINT__(size_t)
+# endif
+
+#endif
+
diff --git a/freebsd/crypto/openssl/crypto/o_dir.h b/freebsd/crypto/openssl/include/internal/o_dir.h
index bf45a14d..e7b55e0c 100644
--- a/freebsd/crypto/openssl/crypto/o_dir.h
+++ b/freebsd/crypto/openssl/include/internal/o_dir.h
@@ -1,11 +1,16 @@
-/* crypto/o_dir.h */
 /*
- * Copied from Richard Levitte's (richard@levitte.org) LP library.  All
- * symbol names have been changed, with permission from the author.
+ * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-/* $LP: LPlib/source/LPdir.h,v 1.1 2004/06/14 08:56:04 _cvs_levitte Exp $ */
 /*
+ * This file is dual-licensed and is also available under the following
+ * terms:
+ *
  * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
  * All rights reserved.
  *
@@ -34,22 +39,14 @@
 #ifndef O_DIR_H
 # define O_DIR_H
 
-#ifdef __cplusplus
-extern "C" {
-#endif
-
 typedef struct OPENSSL_dir_context_st OPENSSL_DIR_CTX;
 
-  /*
-   * returns NULL on error or end-of-directory. If it is end-of-directory,
-   * errno will be zero
-   */
+/*
+ * returns NULL on error or end-of-directory. If it is end-of-directory,
+ * errno will be zero
+ */
 const char *OPENSSL_DIR_read(OPENSSL_DIR_CTX **ctx, const char *directory);
-  /* returns 1 on success, 0 on error */
+/* returns 1 on success, 0 on error */
 int OPENSSL_DIR_end(OPENSSL_DIR_CTX **ctx);
 
-#ifdef __cplusplus
-}
-#endif
-
 #endif                          /* LPDIR_H */
diff --git a/freebsd/crypto/openssl/include/internal/o_str.h b/freebsd/crypto/openssl/include/internal/o_str.h
new file mode 100644
index 00000000..86403c9e
--- /dev/null
+++ b/freebsd/crypto/openssl/include/internal/o_str.h
@@ -0,0 +1,17 @@
+/*
+ * Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_O_STR_H
+# define HEADER_O_STR_H
+
+# include <stddef.h>            /* to get size_t */
+
+int OPENSSL_memcmp(const void *p1, const void *p2, size_t n);
+
+#endif
diff --git a/freebsd/crypto/openssl/include/internal/refcount.h b/freebsd/crypto/openssl/include/internal/refcount.h
new file mode 100644
index 00000000..75d70a64
--- /dev/null
+++ b/freebsd/crypto/openssl/include/internal/refcount.h
@@ -0,0 +1,140 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+#ifndef HEADER_INTERNAL_REFCOUNT_H
+# define HEADER_INTERNAL_REFCOUNT_H
+
+/* Used to checking reference counts, most while doing perl5 stuff :-) */
+# if defined(OPENSSL_NO_STDIO)
+#  if defined(REF_PRINT)
+#   error "REF_PRINT requires stdio"
+#  endif
+# endif
+
+# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L \
+     && !defined(__STDC_NO_ATOMICS__)
+#  include <stdatomic.h>
+#  define HAVE_C11_ATOMICS
+# endif
+
+# if defined(HAVE_C11_ATOMICS) && defined(ATOMIC_INT_LOCK_FREE) \
+     && ATOMIC_INT_LOCK_FREE > 0
+
+#  define HAVE_ATOMICS 1
+
+typedef _Atomic int CRYPTO_REF_COUNT;
+
+static inline int CRYPTO_UP_REF(_Atomic int *val, int *ret, void *lock)
+{
+    *ret = atomic_fetch_add_explicit(val, 1, memory_order_relaxed) + 1;
+    return 1;
+}
+
+/*
+ * Changes to shared structure other than reference counter have to be
+ * serialized. And any kind of serialization implies a release fence. This
+ * means that by the time reference counter is decremented all other
+ * changes are visible on all processors. Hence decrement itself can be
+ * relaxed. In case it hits zero, object will be destructed. Since it's
+ * last use of the object, destructor programmer might reason that access
+ * to mutable members doesn't have to be serialized anymore, which would
+ * otherwise imply an acquire fence. Hence conditional acquire fence...
+ */
+static inline int CRYPTO_DOWN_REF(_Atomic int *val, int *ret, void *lock)
+{
+    *ret = atomic_fetch_sub_explicit(val, 1, memory_order_relaxed) - 1;
+    if (*ret == 0)
+        atomic_thread_fence(memory_order_acquire);
+    return 1;
+}
+
+# elif defined(__GNUC__) && defined(__ATOMIC_RELAXED) && __GCC_ATOMIC_INT_LOCK_FREE > 0
+
+#  define HAVE_ATOMICS 1
+
+typedef int CRYPTO_REF_COUNT;
+
+static __inline__ int CRYPTO_UP_REF(int *val, int *ret, void *lock)
+{
+    *ret = __atomic_fetch_add(val, 1, __ATOMIC_RELAXED) + 1;
+    return 1;
+}
+
+static __inline__ int CRYPTO_DOWN_REF(int *val, int *ret, void *lock)
+{
+    *ret = __atomic_fetch_sub(val, 1, __ATOMIC_RELAXED) - 1;
+    if (*ret == 0)
+        __atomic_thread_fence(__ATOMIC_ACQUIRE);
+    return 1;
+}
+
+# elif defined(_MSC_VER) && _MSC_VER>=1200
+
+#  define HAVE_ATOMICS 1
+
+typedef volatile int CRYPTO_REF_COUNT;
+
+#  if (defined(_M_ARM) && _M_ARM>=7) || defined(_M_ARM64)
+#   include <intrin.h>
+#   if defined(_M_ARM64) && !defined(_ARM_BARRIER_ISH)
+#    define _ARM_BARRIER_ISH _ARM64_BARRIER_ISH
+#   endif
+
+static __inline int CRYPTO_UP_REF(volatile int *val, int *ret, void *lock)
+{
+    *ret = _InterlockedExchangeAdd_nf(val, 1) + 1;
+    return 1;
+}
+
+static __inline int CRYPTO_DOWN_REF(volatile int *val, int *ret, void *lock)
+{
+    *ret = _InterlockedExchangeAdd_nf(val, -1) - 1;
+    if (*ret == 0)
+        __dmb(_ARM_BARRIER_ISH);
+    return 1;
+}
+#  else
+#   pragma intrinsic(_InterlockedExchangeAdd)
+
+static __inline int CRYPTO_UP_REF(volatile int *val, int *ret, void *lock)
+{
+    *ret = _InterlockedExchangeAdd(val, 1) + 1;
+    return 1;
+}
+
+static __inline int CRYPTO_DOWN_REF(volatile int *val, int *ret, void *lock)
+{
+    *ret = _InterlockedExchangeAdd(val, -1) - 1;
+    return 1;
+}
+#  endif
+
+# else
+
+typedef int CRYPTO_REF_COUNT;
+
+# define CRYPTO_UP_REF(val, ret, lock) CRYPTO_atomic_add(val, 1, ret, lock)
+# define CRYPTO_DOWN_REF(val, ret, lock) CRYPTO_atomic_add(val, -1, ret, lock)
+
+# endif
+
+# if !defined(NDEBUG) && !defined(OPENSSL_NO_STDIO)
+#  define REF_ASSERT_ISNT(test) \
+    (void)((test) ? (OPENSSL_die("refcount error", __FILE__, __LINE__), 1) : 0)
+# else
+#  define REF_ASSERT_ISNT(i)
+# endif
+
+# ifdef REF_PRINT
+#  define REF_PRINT_COUNT(a, b) \
+        fprintf(stderr, "%p:%4d:%s\n", b, b->references, a)
+# else
+#  define REF_PRINT_COUNT(a, b)
+# endif
+
+#endif
diff --git a/freebsd/crypto/openssl/include/internal/sockets.h b/freebsd/crypto/openssl/include/internal/sockets.h
new file mode 100644
index 00000000..a6026dad
--- /dev/null
+++ b/freebsd/crypto/openssl/include/internal/sockets.h
@@ -0,0 +1,159 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+
+#ifndef HEADER_INTERNAL_SOCKETS
+# define HEADER_INTERNAL_SOCKETS
+
+# if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)
+#  define NO_SYS_PARAM_H
+# endif
+# ifdef WIN32
+#  define NO_SYS_UN_H
+# endif
+# ifdef OPENSSL_SYS_VMS
+#  define NO_SYS_PARAM_H
+#  define NO_SYS_UN_H
+# endif
+
+# ifdef OPENSSL_NO_SOCK
+
+# elif defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
+#  if defined(__DJGPP__)
+#   include <sys/socket.h>
+#   include <sys/un.h>
+#   include <tcp.h>
+#   include <netdb.h>
+#  elif defined(_WIN32_WCE) && _WIN32_WCE<410
+#   define getservbyname _masked_declaration_getservbyname
+#  endif
+#  if !defined(IPPROTO_IP)
+    /* winsock[2].h was included already? */
+#   include <winsock.h>
+#  endif
+#  ifdef getservbyname
+     /* this is used to be wcecompat/include/winsock_extras.h */
+#   undef getservbyname
+struct servent *PASCAL getservbyname(const char *, const char *);
+#  endif
+
+#  ifdef _WIN64
+/*
+ * Even though sizeof(SOCKET) is 8, it's safe to cast it to int, because
+ * the value constitutes an index in per-process table of limited size
+ * and not a real pointer. And we also depend on fact that all processors
+ * Windows run on happen to be two's-complement, which allows to
+ * interchange INVALID_SOCKET and -1.
+ */
+#   define socket(d,t,p)   ((int)socket(d,t,p))
+#   define accept(s,f,l)   ((int)accept(s,f,l))
+#  endif
+
+# else
+
+#  ifndef NO_SYS_PARAM_H
+#   include <sys/param.h>
+#  endif
+#  ifdef OPENSSL_SYS_VXWORKS
+#   include <time.h>
+#  endif
+
+#  include <netdb.h>
+#  if defined(OPENSSL_SYS_VMS_NODECC)
+#   include <socket.h>
+#   include <in.h>
+#   include <inet.h>
+#  else
+#   include <sys/socket.h>
+#   ifndef NO_SYS_UN_H
+#    ifdef OPENSSL_SYS_VXWORKS
+#     include <streams/un.h>
+#    else
+#     include <sys/un.h>
+#    endif
+#    ifndef UNIX_PATH_MAX
+#     define UNIX_PATH_MAX sizeof(((struct sockaddr_un *)NULL)->sun_path)
+#    endif
+#   endif
+#   ifdef FILIO_H
+#    include <sys/filio.h> /* FIONBIO in some SVR4, e.g. unixware, solaris */
+#   endif
+#   include <netinet/in.h>
+#   include <arpa/inet.h>
+#   include <netinet/tcp.h>
+#  endif
+
+#  ifdef OPENSSL_SYS_AIX
+#   include <sys/select.h>
+#  endif
+
+#  ifndef VMS
+#   include <sys/ioctl.h>
+#  else
+#   if !defined(TCPIP_TYPE_SOCKETSHR) && defined(__VMS_VER) && (__VMS_VER > 70000000)
+     /* ioctl is only in VMS > 7.0 and when socketshr is not used */
+#    include <sys/ioctl.h>
+#   endif
+#   include <unixio.h>
+#   if defined(TCPIP_TYPE_SOCKETSHR)
+#    include <socketshr.h>
+#   endif
+#  endif
+
+#  ifndef INVALID_SOCKET
+#   define INVALID_SOCKET      (-1)
+#  endif
+# endif
+
+/*
+ * Some IPv6 implementations are broken, you can disable them in known
+ * bad versions.
+ */
+# if !defined(OPENSSL_USE_IPV6)
+#  if defined(AF_INET6)
+#   define OPENSSL_USE_IPV6 1
+#  else
+#   define OPENSSL_USE_IPV6 0
+#  endif
+# endif
+
+# define get_last_socket_error() errno
+# define clear_socket_error()    errno=0
+
+# if defined(OPENSSL_SYS_WINDOWS)
+#  undef get_last_socket_error
+#  undef clear_socket_error
+#  define get_last_socket_error() WSAGetLastError()
+#  define clear_socket_error()    WSASetLastError(0)
+#  define readsocket(s,b,n)       recv((s),(b),(n),0)
+#  define writesocket(s,b,n)      send((s),(b),(n),0)
+# elif defined(__DJGPP__)
+#  define WATT32
+#  define WATT32_NO_OLDIES
+#  define closesocket(s)          close_s(s)
+#  define readsocket(s,b,n)       read_s(s,b,n)
+#  define writesocket(s,b,n)      send(s,b,n,0)
+# elif defined(OPENSSL_SYS_VMS)
+#  define ioctlsocket(a,b,c)      ioctl(a,b,c)
+#  define closesocket(s)          close(s)
+#  define readsocket(s,b,n)       recv((s),(b),(n),0)
+#  define writesocket(s,b,n)      send((s),(b),(n),0)
+# elif defined(OPENSSL_SYS_VXWORKS)
+#  define ioctlsocket(a,b,c)          ioctl((a),(b),(int)(c))
+#  define closesocket(s)              close(s)
+#  define readsocket(s,b,n)           read((s),(b),(n))
+#  define writesocket(s,b,n)          write((s),(char *)(b),(n))
+# else
+#  define ioctlsocket(a,b,c)      ioctl(a,b,c)
+#  define closesocket(s)          close(s)
+#  define readsocket(s,b,n)       read((s),(b),(n))
+#  define writesocket(s,b,n)      write((s),(b),(n))
+# endif
+
+#endif
diff --git a/freebsd/crypto/openssl/include/internal/sslconf.h b/freebsd/crypto/openssl/include/internal/sslconf.h
new file mode 100644
index 00000000..d538f861
--- /dev/null
+++ b/freebsd/crypto/openssl/include/internal/sslconf.h
@@ -0,0 +1,20 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_SSLCONF_H
+# define HEADER_SSLCONF_H
+
+typedef struct ssl_conf_cmd_st SSL_CONF_CMD;
+
+const SSL_CONF_CMD *conf_ssl_get(size_t idx, const char **name, size_t *cnt);
+int conf_ssl_name_find(const char *name, size_t *idx);
+void conf_ssl_get_cmd(const SSL_CONF_CMD *cmd, size_t idx, char **cmdstr,
+                      char **arg);
+
+#endif
diff --git a/freebsd/crypto/openssl/include/internal/thread_once.h b/freebsd/crypto/openssl/include/internal/thread_once.h
new file mode 100644
index 00000000..22424435
--- /dev/null
+++ b/freebsd/crypto/openssl/include/internal/thread_once.h
@@ -0,0 +1,45 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+
+#define DEFINE_RUN_ONCE(init)                   \
+    static int init(void);                     \
+    int init##_ossl_ret_ = 0;                   \
+    void init##_ossl_(void)                     \
+    {                                           \
+        init##_ossl_ret_ = init();              \
+    }                                           \
+    static int init(void)
+#define DECLARE_RUN_ONCE(init)                  \
+    extern int init##_ossl_ret_;                \
+    void init##_ossl_(void);
+
+#define DEFINE_RUN_ONCE_STATIC(init)            \
+    static int init(void);                     \
+    static int init##_ossl_ret_ = 0;            \
+    static void init##_ossl_(void)              \
+    {                                           \
+        init##_ossl_ret_ = init();              \
+    }                                           \
+    static int init(void)
+
+/*
+ * RUN_ONCE - use CRYPTO_THREAD_run_once, and check if the init succeeded
+ * @once: pointer to static object of type CRYPTO_ONCE
+ * @init: function name that was previously given to DEFINE_RUN_ONCE,
+ *        DEFINE_RUN_ONCE_STATIC or DECLARE_RUN_ONCE.  This function
+ *        must return 1 for success or 0 for failure.
+ *
+ * The return value is 1 on success (*) or 0 in case of error.
+ *
+ * (*) by convention, since the init function must return 1 on success.
+ */
+#define RUN_ONCE(once, init)                                            \
+    (CRYPTO_THREAD_run_once(once, init##_ossl_) ? init##_ossl_ret_ : 0)
diff --git a/freebsd/crypto/openssl/include/internal/tsan_assist.h b/freebsd/crypto/openssl/include/internal/tsan_assist.h
new file mode 100644
index 00000000..2c763834
--- /dev/null
+++ b/freebsd/crypto/openssl/include/internal/tsan_assist.h
@@ -0,0 +1,138 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+ 
+/*
+ * Contemporary compilers implement lock-free atomic memory access
+ * primitives that facilitate writing "thread-opportunistic" or even real
+ * multi-threading low-overhead code. "Thread-opportunistic" is when
+ * exact result is not required, e.g. some statistics, or execution flow
+ * doesn't have to be unambiguous. Simplest example is lazy "constant"
+ * initialization when one can synchronize on variable itself, e.g.
+ *
+ * if (var == NOT_YET_INITIALIZED)
+ *     var = function_returning_same_value();
+ *
+ * This does work provided that loads and stores are single-instuction
+ * operations (and integer ones are on *all* supported platforms), but
+ * it upsets Thread Sanitizer. Suggested solution is
+ *
+ * if (tsan_load(&var) == NOT_YET_INITIALIZED)
+ *     tsan_store(&var, function_returning_same_value());
+ *
+ * Production machine code would be the same, so one can wonder why
+ * bother. Having Thread Sanitizer accept "thread-opportunistic" code
+ * allows to move on trouble-shooting real bugs.
+ *
+ * Resolving Thread Sanitizer nits was the initial purpose for this module,
+ * but it was later extended with more nuanced primitives that are useful
+ * even in "non-opportunistic" scenarios. Most notably verifying if a shared
+ * structure is fully initialized and bypassing the initialization lock.
+ * It's suggested to view macros defined in this module as "annotations" for
+ * thread-safe lock-free code, "Thread-Safe ANnotations"...
+ *
+ * It's assumed that ATOMIC_{LONG|INT}_LOCK_FREE are assigned same value as
+ * ATOMIC_POINTER_LOCK_FREE. And check for >= 2 ensures that corresponding
+ * code is inlined. It should be noted that statistics counters become
+ * accurate in such case.
+ *
+ * Special note about TSAN_QUALIFIER. It might be undesired to use it in
+ * a shared header. Because whether operation on specific variable or member
+ * is atomic or not might be irrelevant in other modules. In such case one
+ * can use TSAN_QUALIFIER in cast specifically when it has to count.
+ */
+
+#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L \
+    && !defined(__STDC_NO_ATOMICS__)
+# include <stdatomic.h>
+
+# if defined(ATOMIC_POINTER_LOCK_FREE) \
+          && ATOMIC_POINTER_LOCK_FREE >= 2
+#  define TSAN_QUALIFIER _Atomic
+#  define tsan_load(ptr) atomic_load_explicit((ptr), memory_order_relaxed)
+#  define tsan_store(ptr, val) atomic_store_explicit((ptr), (val), memory_order_relaxed)
+#  define tsan_counter(ptr) atomic_fetch_add_explicit((ptr), 1, memory_order_relaxed)
+#  define tsan_ld_acq(ptr) atomic_load_explicit((ptr), memory_order_acquire)
+#  define tsan_st_rel(ptr, val) atomic_store_explicit((ptr), (val), memory_order_release)
+# endif
+
+#elif defined(__GNUC__) && defined(__ATOMIC_RELAXED)
+
+# if defined(__GCC_ATOMIC_POINTER_LOCK_FREE) \
+          && __GCC_ATOMIC_POINTER_LOCK_FREE >= 2
+#  define TSAN_QUALIFIER volatile
+#  define tsan_load(ptr) __atomic_load_n((ptr), __ATOMIC_RELAXED)
+#  define tsan_store(ptr, val) __atomic_store_n((ptr), (val), __ATOMIC_RELAXED)
+#  define tsan_counter(ptr) __atomic_fetch_add((ptr), 1, __ATOMIC_RELAXED)
+#  define tsan_ld_acq(ptr) __atomic_load_n((ptr), __ATOMIC_ACQUIRE)
+#  define tsan_st_rel(ptr, val) __atomic_store_n((ptr), (val), __ATOMIC_RELEASE)
+# endif
+
+#elif defined(_MSC_VER) && _MSC_VER>=1200 \
+      && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \
+          defined(_M_ARM64) || (defined(_M_ARM) && _M_ARM >= 7))
+/*
+ * There is subtle dependency on /volatile:<iso|ms> command-line option.
+ * "ms" implies same semantic as memory_order_acquire for loads and
+ * memory_order_release for stores, while "iso" - memory_order_relaxed for
+ * either. Real complication is that defaults are different on x86 and ARM.
+ * There is explanation for that, "ms" is backward compatible with earlier
+ * compiler versions, while multi-processor ARM can be viewed as brand new
+ * platform to MSC and its users, and with non-relaxed semantic taking toll
+ * with additional instructions and penalties, it kind of makes sense to
+ * default to "iso"...
+ */
+# define TSAN_QUALIFIER volatile
+# if defined(_M_ARM) || defined(_M_ARM64)
+#  define _InterlockedExchangeAdd _InterlockedExchangeAdd_nf
+#  pragma intrinsic(_InterlockedExchangeAdd_nf)
+#  pragma intrinsic(__iso_volatile_load32, __iso_volatile_store32)
+#  ifdef _WIN64
+#   define _InterlockedExchangeAdd64 _InterlockedExchangeAdd64_nf
+#   pragma intrinsic(_InterlockedExchangeAdd64_nf)
+#   pragma intrinsic(__iso_volatile_load64, __iso_volatile_store64)
+#   define tsan_load(ptr) (sizeof(*(ptr)) == 8 ? __iso_volatile_load64(ptr) \
+                                               : __iso_volatile_load32(ptr))
+#   define tsan_store(ptr, val) (sizeof(*(ptr)) == 8 ? __iso_volatile_store64((ptr), (val)) \
+                                                     : __iso_volatile_store32((ptr), (val)))
+#  else
+#   define tsan_load(ptr) __iso_volatile_load32(ptr)
+#   define tsan_store(ptr, val) __iso_volatile_store32((ptr), (val))
+#  endif
+# else
+#  define tsan_load(ptr) (*(ptr))
+#  define tsan_store(ptr, val) (*(ptr) = (val))
+# endif
+# pragma intrinsic(_InterlockedExchangeAdd)
+# ifdef _WIN64
+#  pragma intrinsic(_InterlockedExchangeAdd64)
+#  define tsan_counter(ptr) (sizeof(*(ptr)) == 8 ? _InterlockedExchangeAdd64((ptr), 1) \
+                                                 : _InterlockedExchangeAdd((ptr), 1))
+# else
+#  define tsan_counter(ptr) _InterlockedExchangeAdd((ptr), 1)
+# endif
+# if !defined(_ISO_VOLATILE)
+#  define tsan_ld_acq(ptr) (*(ptr))
+#  define tsan_st_rel(ptr, val) (*(ptr) = (val))
+# endif
+
+#endif
+
+#ifndef TSAN_QUALIFIER
+
+# define TSAN_QUALIFIER volatile
+# define tsan_load(ptr) (*(ptr))
+# define tsan_store(ptr, val) (*(ptr) = (val))
+# define tsan_counter(ptr) ((*(ptr))++)
+/*
+ * Lack of tsan_ld_acq and tsan_ld_rel means that compiler support is not
+ * sophisticated enough to support them. Code that relies on them should be
+ * protected with #ifdef tsan_ld_acq with locked fallback.
+ */
+
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/aes.h b/freebsd/crypto/openssl/include/openssl/aes.h
new file mode 100644
index 00000000..245c552a
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/aes.h
@@ -0,0 +1,92 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_AES_H
+# define HEADER_AES_H
+
+# include <openssl/opensslconf.h>
+
+# include <stddef.h>
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+# define AES_ENCRYPT     1
+# define AES_DECRYPT     0
+
+/*
+ * Because array size can't be a const in C, the following two are macros.
+ * Both sizes are in bytes.
+ */
+# define AES_MAXNR 14
+# define AES_BLOCK_SIZE 16
+
+/* This should be a hidden type, but EVP requires that the size be known */
+struct aes_key_st {
+# ifdef AES_LONG
+    unsigned long rd_key[4 * (AES_MAXNR + 1)];
+# else
+    unsigned int rd_key[4 * (AES_MAXNR + 1)];
+# endif
+    int rounds;
+};
+typedef struct aes_key_st AES_KEY;
+
+const char *AES_options(void);
+
+int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+                        AES_KEY *key);
+int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+                        AES_KEY *key);
+
+void AES_encrypt(const unsigned char *in, unsigned char *out,
+                 const AES_KEY *key);
+void AES_decrypt(const unsigned char *in, unsigned char *out,
+                 const AES_KEY *key);
+
+void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                     const AES_KEY *key, const int enc);
+void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                     size_t length, const AES_KEY *key,
+                     unsigned char *ivec, const int enc);
+void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t length, const AES_KEY *key,
+                        unsigned char *ivec, int *num, const int enc);
+void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
+                      size_t length, const AES_KEY *key,
+                      unsigned char *ivec, int *num, const int enc);
+void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
+                      size_t length, const AES_KEY *key,
+                      unsigned char *ivec, int *num, const int enc);
+void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t length, const AES_KEY *key,
+                        unsigned char *ivec, int *num);
+/* NB: the IV is _two_ blocks long */
+void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
+                     size_t length, const AES_KEY *key,
+                     unsigned char *ivec, const int enc);
+/* NB: the IV is _four_ blocks long */
+void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t length, const AES_KEY *key,
+                        const AES_KEY *key2, const unsigned char *ivec,
+                        const int enc);
+
+int AES_wrap_key(AES_KEY *key, const unsigned char *iv,
+                 unsigned char *out,
+                 const unsigned char *in, unsigned int inlen);
+int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
+                   unsigned char *out,
+                   const unsigned char *in, unsigned int inlen);
+
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/asn1.h b/freebsd/crypto/openssl/include/openssl/asn1.h
new file mode 100644
index 00000000..9522eec1
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/asn1.h
@@ -0,0 +1,886 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_ASN1_H
+# define HEADER_ASN1_H
+
+# include <time.h>
+# include <openssl/e_os2.h>
+# include <openssl/opensslconf.h>
+# include <openssl/bio.h>
+# include <openssl/safestack.h>
+# include <openssl/asn1err.h>
+# include <openssl/symhacks.h>
+
+# include <openssl/ossl_typ.h>
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  include <openssl/bn.h>
+# endif
+
+# ifdef OPENSSL_BUILD_SHLIBCRYPTO
+#  undef OPENSSL_EXTERN
+#  define OPENSSL_EXTERN OPENSSL_EXPORT
+# endif
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# define V_ASN1_UNIVERSAL                0x00
+# define V_ASN1_APPLICATION              0x40
+# define V_ASN1_CONTEXT_SPECIFIC         0x80
+# define V_ASN1_PRIVATE                  0xc0
+
+# define V_ASN1_CONSTRUCTED              0x20
+# define V_ASN1_PRIMITIVE_TAG            0x1f
+# define V_ASN1_PRIMATIVE_TAG /*compat*/ V_ASN1_PRIMITIVE_TAG
+
+# define V_ASN1_APP_CHOOSE               -2/* let the recipient choose */
+# define V_ASN1_OTHER                    -3/* used in ASN1_TYPE */
+# define V_ASN1_ANY                      -4/* used in ASN1 template code */
+
+# define V_ASN1_UNDEF                    -1
+/* ASN.1 tag values */
+# define V_ASN1_EOC                      0
+# define V_ASN1_BOOLEAN                  1 /**/
+# define V_ASN1_INTEGER                  2
+# define V_ASN1_BIT_STRING               3
+# define V_ASN1_OCTET_STRING             4
+# define V_ASN1_NULL                     5
+# define V_ASN1_OBJECT                   6
+# define V_ASN1_OBJECT_DESCRIPTOR        7
+# define V_ASN1_EXTERNAL                 8
+# define V_ASN1_REAL                     9
+# define V_ASN1_ENUMERATED               10
+# define V_ASN1_UTF8STRING               12
+# define V_ASN1_SEQUENCE                 16
+# define V_ASN1_SET                      17
+# define V_ASN1_NUMERICSTRING            18 /**/
+# define V_ASN1_PRINTABLESTRING          19
+# define V_ASN1_T61STRING                20
+# define V_ASN1_TELETEXSTRING            20/* alias */
+# define V_ASN1_VIDEOTEXSTRING           21 /**/
+# define V_ASN1_IA5STRING                22
+# define V_ASN1_UTCTIME                  23
+# define V_ASN1_GENERALIZEDTIME          24 /**/
+# define V_ASN1_GRAPHICSTRING            25 /**/
+# define V_ASN1_ISO64STRING              26 /**/
+# define V_ASN1_VISIBLESTRING            26/* alias */
+# define V_ASN1_GENERALSTRING            27 /**/
+# define V_ASN1_UNIVERSALSTRING          28 /**/
+# define V_ASN1_BMPSTRING                30
+
+/*
+ * NB the constants below are used internally by ASN1_INTEGER
+ * and ASN1_ENUMERATED to indicate the sign. They are *not* on
+ * the wire tag values.
+ */
+
+# define V_ASN1_NEG                      0x100
+# define V_ASN1_NEG_INTEGER              (2 | V_ASN1_NEG)
+# define V_ASN1_NEG_ENUMERATED           (10 | V_ASN1_NEG)
+
+/* For use with d2i_ASN1_type_bytes() */
+# define B_ASN1_NUMERICSTRING    0x0001
+# define B_ASN1_PRINTABLESTRING  0x0002
+# define B_ASN1_T61STRING        0x0004
+# define B_ASN1_TELETEXSTRING    0x0004
+# define B_ASN1_VIDEOTEXSTRING   0x0008
+# define B_ASN1_IA5STRING        0x0010
+# define B_ASN1_GRAPHICSTRING    0x0020
+# define B_ASN1_ISO64STRING      0x0040
+# define B_ASN1_VISIBLESTRING    0x0040
+# define B_ASN1_GENERALSTRING    0x0080
+# define B_ASN1_UNIVERSALSTRING  0x0100
+# define B_ASN1_OCTET_STRING     0x0200
+# define B_ASN1_BIT_STRING       0x0400
+# define B_ASN1_BMPSTRING        0x0800
+# define B_ASN1_UNKNOWN          0x1000
+# define B_ASN1_UTF8STRING       0x2000
+# define B_ASN1_UTCTIME          0x4000
+# define B_ASN1_GENERALIZEDTIME  0x8000
+# define B_ASN1_SEQUENCE         0x10000
+/* For use with ASN1_mbstring_copy() */
+# define MBSTRING_FLAG           0x1000
+# define MBSTRING_UTF8           (MBSTRING_FLAG)
+# define MBSTRING_ASC            (MBSTRING_FLAG|1)
+# define MBSTRING_BMP            (MBSTRING_FLAG|2)
+# define MBSTRING_UNIV           (MBSTRING_FLAG|4)
+# define SMIME_OLDMIME           0x400
+# define SMIME_CRLFEOL           0x800
+# define SMIME_STREAM            0x1000
+    struct X509_algor_st;
+DEFINE_STACK_OF(X509_ALGOR)
+
+# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */
+/*
+ * This indicates that the ASN1_STRING is not a real value but just a place
+ * holder for the location where indefinite length constructed data should be
+ * inserted in the memory buffer
+ */
+# define ASN1_STRING_FLAG_NDEF 0x010
+
+/*
+ * This flag is used by the CMS code to indicate that a string is not
+ * complete and is a place holder for content when it had all been accessed.
+ * The flag will be reset when content has been written to it.
+ */
+
+# define ASN1_STRING_FLAG_CONT 0x020
+/*
+ * This flag is used by ASN1 code to indicate an ASN1_STRING is an MSTRING
+ * type.
+ */
+# define ASN1_STRING_FLAG_MSTRING 0x040
+/* String is embedded and only content should be freed */
+# define ASN1_STRING_FLAG_EMBED 0x080
+/* String should be parsed in RFC 5280's time format */
+# define ASN1_STRING_FLAG_X509_TIME 0x100
+/* This is the base type that holds just about everything :-) */
+struct asn1_string_st {
+    int length;
+    int type;
+    unsigned char *data;
+    /*
+     * The value of the following field depends on the type being held.  It
+     * is mostly being used for BIT_STRING so if the input data has a
+     * non-zero 'unused bits' value, it will be handled correctly
+     */
+    long flags;
+};
+
+/*
+ * ASN1_ENCODING structure: this is used to save the received encoding of an
+ * ASN1 type. This is useful to get round problems with invalid encodings
+ * which can break signatures.
+ */
+
+typedef struct ASN1_ENCODING_st {
+    unsigned char *enc;         /* DER encoding */
+    long len;                   /* Length of encoding */
+    int modified;               /* set to 1 if 'enc' is invalid */
+} ASN1_ENCODING;
+
+/* Used with ASN1 LONG type: if a long is set to this it is omitted */
+# define ASN1_LONG_UNDEF 0x7fffffffL
+
+# define STABLE_FLAGS_MALLOC     0x01
+/*
+ * A zero passed to ASN1_STRING_TABLE_new_add for the flags is interpreted
+ * as "don't change" and STABLE_FLAGS_MALLOC is always set. By setting
+ * STABLE_FLAGS_MALLOC only we can clear the existing value. Use the alias
+ * STABLE_FLAGS_CLEAR to reflect this.
+ */
+# define STABLE_FLAGS_CLEAR      STABLE_FLAGS_MALLOC
+# define STABLE_NO_MASK          0x02
+# define DIRSTRING_TYPE  \
+ (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_BMPSTRING|B_ASN1_UTF8STRING)
+# define PKCS9STRING_TYPE (DIRSTRING_TYPE|B_ASN1_IA5STRING)
+
+typedef struct asn1_string_table_st {
+    int nid;
+    long minsize;
+    long maxsize;
+    unsigned long mask;
+    unsigned long flags;
+} ASN1_STRING_TABLE;
+
+DEFINE_STACK_OF(ASN1_STRING_TABLE)
+
+/* size limits: this stuff is taken straight from RFC2459 */
+
+# define ub_name                         32768
+# define ub_common_name                  64
+# define ub_locality_name                128
+# define ub_state_name                   128
+# define ub_organization_name            64
+# define ub_organization_unit_name       64
+# define ub_title                        64
+# define ub_email_address                128
+
+/*
+ * Declarations for template structures: for full definitions see asn1t.h
+ */
+typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE;
+typedef struct ASN1_TLC_st ASN1_TLC;
+/* This is just an opaque pointer */
+typedef struct ASN1_VALUE_st ASN1_VALUE;
+
+/* Declare ASN1 functions: the implement macro in in asn1t.h */
+
+# define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type)
+
+# define DECLARE_ASN1_ALLOC_FUNCTIONS(type) \
+        DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, type)
+
+# define DECLARE_ASN1_FUNCTIONS_name(type, name) \
+        DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
+        DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name)
+
+# define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \
+        DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
+        DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name)
+
+# define DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \
+        type *d2i_##name(type **a, const unsigned char **in, long len); \
+        int i2d_##name(type *a, unsigned char **out); \
+        DECLARE_ASN1_ITEM(itname)
+
+# define DECLARE_ASN1_ENCODE_FUNCTIONS_const(type, name) \
+        type *d2i_##name(type **a, const unsigned char **in, long len); \
+        int i2d_##name(const type *a, unsigned char **out); \
+        DECLARE_ASN1_ITEM(name)
+
+# define DECLARE_ASN1_NDEF_FUNCTION(name) \
+        int i2d_##name##_NDEF(name *a, unsigned char **out);
+
+# define DECLARE_ASN1_FUNCTIONS_const(name) \
+        DECLARE_ASN1_ALLOC_FUNCTIONS(name) \
+        DECLARE_ASN1_ENCODE_FUNCTIONS_const(name, name)
+
+# define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
+        type *name##_new(void); \
+        void name##_free(type *a);
+
+# define DECLARE_ASN1_PRINT_FUNCTION(stname) \
+        DECLARE_ASN1_PRINT_FUNCTION_fname(stname, stname)
+
+# define DECLARE_ASN1_PRINT_FUNCTION_fname(stname, fname) \
+        int fname##_print_ctx(BIO *out, stname *x, int indent, \
+                                         const ASN1_PCTX *pctx);
+
+# define D2I_OF(type) type *(*)(type **,const unsigned char **,long)
+# define I2D_OF(type) int (*)(type *,unsigned char **)
+# define I2D_OF_const(type) int (*)(const type *,unsigned char **)
+
+# define CHECKED_D2I_OF(type, d2i) \
+    ((d2i_of_void*) (1 ? d2i : ((D2I_OF(type))0)))
+# define CHECKED_I2D_OF(type, i2d) \
+    ((i2d_of_void*) (1 ? i2d : ((I2D_OF(type))0)))
+# define CHECKED_NEW_OF(type, xnew) \
+    ((void *(*)(void)) (1 ? xnew : ((type *(*)(void))0)))
+# define CHECKED_PTR_OF(type, p) \
+    ((void*) (1 ? p : (type*)0))
+# define CHECKED_PPTR_OF(type, p) \
+    ((void**) (1 ? p : (type**)0))
+
+# define TYPEDEF_D2I_OF(type) typedef type *d2i_of_##type(type **,const unsigned char **,long)
+# define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(type *,unsigned char **)
+# define TYPEDEF_D2I2D_OF(type) TYPEDEF_D2I_OF(type); TYPEDEF_I2D_OF(type)
+
+TYPEDEF_D2I2D_OF(void);
+
+/*-
+ * The following macros and typedefs allow an ASN1_ITEM
+ * to be embedded in a structure and referenced. Since
+ * the ASN1_ITEM pointers need to be globally accessible
+ * (possibly from shared libraries) they may exist in
+ * different forms. On platforms that support it the
+ * ASN1_ITEM structure itself will be globally exported.
+ * Other platforms will export a function that returns
+ * an ASN1_ITEM pointer.
+ *
+ * To handle both cases transparently the macros below
+ * should be used instead of hard coding an ASN1_ITEM
+ * pointer in a structure.
+ *
+ * The structure will look like this:
+ *
+ * typedef struct SOMETHING_st {
+ *      ...
+ *      ASN1_ITEM_EXP *iptr;
+ *      ...
+ * } SOMETHING;
+ *
+ * It would be initialised as e.g.:
+ *
+ * SOMETHING somevar = {...,ASN1_ITEM_ref(X509),...};
+ *
+ * and the actual pointer extracted with:
+ *
+ * const ASN1_ITEM *it = ASN1_ITEM_ptr(somevar.iptr);
+ *
+ * Finally an ASN1_ITEM pointer can be extracted from an
+ * appropriate reference with: ASN1_ITEM_rptr(X509). This
+ * would be used when a function takes an ASN1_ITEM * argument.
+ *
+ */
+
+# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+/* ASN1_ITEM pointer exported type */
+typedef const ASN1_ITEM ASN1_ITEM_EXP;
+
+/* Macro to obtain ASN1_ITEM pointer from exported type */
+#  define ASN1_ITEM_ptr(iptr) (iptr)
+
+/* Macro to include ASN1_ITEM pointer from base type */
+#  define ASN1_ITEM_ref(iptr) (&(iptr##_it))
+
+#  define ASN1_ITEM_rptr(ref) (&(ref##_it))
+
+#  define DECLARE_ASN1_ITEM(name) \
+        OPENSSL_EXTERN const ASN1_ITEM name##_it;
+
+# else
+
+/*
+ * Platforms that can't easily handle shared global variables are declared as
+ * functions returning ASN1_ITEM pointers.
+ */
+
+/* ASN1_ITEM pointer exported type */
+typedef const ASN1_ITEM *ASN1_ITEM_EXP (void);
+
+/* Macro to obtain ASN1_ITEM pointer from exported type */
+#  define ASN1_ITEM_ptr(iptr) (iptr())
+
+/* Macro to include ASN1_ITEM pointer from base type */
+#  define ASN1_ITEM_ref(iptr) (iptr##_it)
+
+#  define ASN1_ITEM_rptr(ref) (ref##_it())
+
+#  define DECLARE_ASN1_ITEM(name) \
+        const ASN1_ITEM * name##_it(void);
+
+# endif
+
+/* Parameters used by ASN1_STRING_print_ex() */
+
+/*
+ * These determine which characters to escape: RFC2253 special characters,
+ * control characters and MSB set characters
+ */
+
+# define ASN1_STRFLGS_ESC_2253           1
+# define ASN1_STRFLGS_ESC_CTRL           2
+# define ASN1_STRFLGS_ESC_MSB            4
+
+/*
+ * This flag determines how we do escaping: normally RC2253 backslash only,
+ * set this to use backslash and quote.
+ */
+
+# define ASN1_STRFLGS_ESC_QUOTE          8
+
+/* These three flags are internal use only. */
+
+/* Character is a valid PrintableString character */
+# define CHARTYPE_PRINTABLESTRING        0x10
+/* Character needs escaping if it is the first character */
+# define CHARTYPE_FIRST_ESC_2253         0x20
+/* Character needs escaping if it is the last character */
+# define CHARTYPE_LAST_ESC_2253          0x40
+
+/*
+ * NB the internal flags are safely reused below by flags handled at the top
+ * level.
+ */
+
+/*
+ * If this is set we convert all character strings to UTF8 first
+ */
+
+# define ASN1_STRFLGS_UTF8_CONVERT       0x10
+
+/*
+ * If this is set we don't attempt to interpret content: just assume all
+ * strings are 1 byte per character. This will produce some pretty odd
+ * looking output!
+ */
+
+# define ASN1_STRFLGS_IGNORE_TYPE        0x20
+
+/* If this is set we include the string type in the output */
+# define ASN1_STRFLGS_SHOW_TYPE          0x40
+
+/*
+ * This determines which strings to display and which to 'dump' (hex dump of
+ * content octets or DER encoding). We can only dump non character strings or
+ * everything. If we don't dump 'unknown' they are interpreted as character
+ * strings with 1 octet per character and are subject to the usual escaping
+ * options.
+ */
+
+# define ASN1_STRFLGS_DUMP_ALL           0x80
+# define ASN1_STRFLGS_DUMP_UNKNOWN       0x100
+
+/*
+ * These determine what 'dumping' does, we can dump the content octets or the
+ * DER encoding: both use the RFC2253 #XXXXX notation.
+ */
+
+# define ASN1_STRFLGS_DUMP_DER           0x200
+
+/*
+ * This flag specifies that RC2254 escaping shall be performed.
+ */
+#define ASN1_STRFLGS_ESC_2254           0x400
+
+/*
+ * All the string flags consistent with RFC2253, escaping control characters
+ * isn't essential in RFC2253 but it is advisable anyway.
+ */
+
+# define ASN1_STRFLGS_RFC2253    (ASN1_STRFLGS_ESC_2253 | \
+                                ASN1_STRFLGS_ESC_CTRL | \
+                                ASN1_STRFLGS_ESC_MSB | \
+                                ASN1_STRFLGS_UTF8_CONVERT | \
+                                ASN1_STRFLGS_DUMP_UNKNOWN | \
+                                ASN1_STRFLGS_DUMP_DER)
+
+DEFINE_STACK_OF(ASN1_INTEGER)
+
+DEFINE_STACK_OF(ASN1_GENERALSTRING)
+
+DEFINE_STACK_OF(ASN1_UTF8STRING)
+
+typedef struct asn1_type_st {
+    int type;
+    union {
+        char *ptr;
+        ASN1_BOOLEAN boolean;
+        ASN1_STRING *asn1_string;
+        ASN1_OBJECT *object;
+        ASN1_INTEGER *integer;
+        ASN1_ENUMERATED *enumerated;
+        ASN1_BIT_STRING *bit_string;
+        ASN1_OCTET_STRING *octet_string;
+        ASN1_PRINTABLESTRING *printablestring;
+        ASN1_T61STRING *t61string;
+        ASN1_IA5STRING *ia5string;
+        ASN1_GENERALSTRING *generalstring;
+        ASN1_BMPSTRING *bmpstring;
+        ASN1_UNIVERSALSTRING *universalstring;
+        ASN1_UTCTIME *utctime;
+        ASN1_GENERALIZEDTIME *generalizedtime;
+        ASN1_VISIBLESTRING *visiblestring;
+        ASN1_UTF8STRING *utf8string;
+        /*
+         * set and sequence are left complete and still contain the set or
+         * sequence bytes
+         */
+        ASN1_STRING *set;
+        ASN1_STRING *sequence;
+        ASN1_VALUE *asn1_value;
+    } value;
+} ASN1_TYPE;
+
+DEFINE_STACK_OF(ASN1_TYPE)
+
+typedef STACK_OF(ASN1_TYPE) ASN1_SEQUENCE_ANY;
+
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SET_ANY)
+
+/* This is used to contain a list of bit names */
+typedef struct BIT_STRING_BITNAME_st {
+    int bitnum;
+    const char *lname;
+    const char *sname;
+} BIT_STRING_BITNAME;
+
+# define B_ASN1_TIME \
+                        B_ASN1_UTCTIME | \
+                        B_ASN1_GENERALIZEDTIME
+
+# define B_ASN1_PRINTABLE \
+                        B_ASN1_NUMERICSTRING| \
+                        B_ASN1_PRINTABLESTRING| \
+                        B_ASN1_T61STRING| \
+                        B_ASN1_IA5STRING| \
+                        B_ASN1_BIT_STRING| \
+                        B_ASN1_UNIVERSALSTRING|\
+                        B_ASN1_BMPSTRING|\
+                        B_ASN1_UTF8STRING|\
+                        B_ASN1_SEQUENCE|\
+                        B_ASN1_UNKNOWN
+
+# define B_ASN1_DIRECTORYSTRING \
+                        B_ASN1_PRINTABLESTRING| \
+                        B_ASN1_TELETEXSTRING|\
+                        B_ASN1_BMPSTRING|\
+                        B_ASN1_UNIVERSALSTRING|\
+                        B_ASN1_UTF8STRING
+
+# define B_ASN1_DISPLAYTEXT \
+                        B_ASN1_IA5STRING| \
+                        B_ASN1_VISIBLESTRING| \
+                        B_ASN1_BMPSTRING|\
+                        B_ASN1_UTF8STRING
+
+DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)
+
+int ASN1_TYPE_get(const ASN1_TYPE *a);
+void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
+int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value);
+int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b);
+
+ASN1_TYPE *ASN1_TYPE_pack_sequence(const ASN1_ITEM *it, void *s, ASN1_TYPE **t);
+void *ASN1_TYPE_unpack_sequence(const ASN1_ITEM *it, const ASN1_TYPE *t);
+
+ASN1_OBJECT *ASN1_OBJECT_new(void);
+void ASN1_OBJECT_free(ASN1_OBJECT *a);
+int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp);
+ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
+                             long length);
+
+DECLARE_ASN1_ITEM(ASN1_OBJECT)
+
+DEFINE_STACK_OF(ASN1_OBJECT)
+
+ASN1_STRING *ASN1_STRING_new(void);
+void ASN1_STRING_free(ASN1_STRING *a);
+void ASN1_STRING_clear_free(ASN1_STRING *a);
+int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str);
+ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *a);
+ASN1_STRING *ASN1_STRING_type_new(int type);
+int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b);
+  /*
+   * Since this is used to store all sorts of things, via macros, for now,
+   * make its data void *
+   */
+int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len);
+void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len);
+int ASN1_STRING_length(const ASN1_STRING *x);
+void ASN1_STRING_length_set(ASN1_STRING *x, int n);
+int ASN1_STRING_type(const ASN1_STRING *x);
+DEPRECATEDIN_1_1_0(unsigned char *ASN1_STRING_data(ASN1_STRING *x))
+const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x);
+
+DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING)
+int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, int length);
+int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value);
+int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n);
+int ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a,
+                          const unsigned char *flags, int flags_len);
+
+int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
+                               BIT_STRING_BITNAME *tbl, int indent);
+int ASN1_BIT_STRING_num_asc(const char *name, BIT_STRING_BITNAME *tbl);
+int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, const char *name, int value,
+                            BIT_STRING_BITNAME *tbl);
+
+DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER)
+ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
+                                long length);
+ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x);
+int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y);
+
+DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED)
+
+int ASN1_UTCTIME_check(const ASN1_UTCTIME *a);
+ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t);
+ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
+                               int offset_day, long offset_sec);
+int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str);
+int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
+
+int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *a);
+ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
+                                               time_t t);
+ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s,
+                                               time_t t, int offset_day,
+                                               long offset_sec);
+int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str);
+
+int ASN1_TIME_diff(int *pday, int *psec,
+                   const ASN1_TIME *from, const ASN1_TIME *to);
+
+DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING)
+ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *a);
+int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a,
+                          const ASN1_OCTET_STRING *b);
+int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data,
+                          int len);
+
+DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_UTF8STRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_NULL)
+DECLARE_ASN1_FUNCTIONS(ASN1_BMPSTRING)
+
+int UTF8_getc(const unsigned char *str, int len, unsigned long *val);
+int UTF8_putc(unsigned char *str, int len, unsigned long value);
+
+DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE)
+
+DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING)
+DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT)
+DECLARE_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_T61STRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_IA5STRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_GENERALSTRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_UTCTIME)
+DECLARE_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME)
+DECLARE_ASN1_FUNCTIONS(ASN1_TIME)
+
+DECLARE_ASN1_ITEM(ASN1_OCTET_STRING_NDEF)
+
+ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t);
+ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t,
+                         int offset_day, long offset_sec);
+int ASN1_TIME_check(const ASN1_TIME *t);
+ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t,
+                                                   ASN1_GENERALIZEDTIME **out);
+int ASN1_TIME_set_string(ASN1_TIME *s, const char *str);
+int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str);
+int ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm);
+int ASN1_TIME_normalize(ASN1_TIME *s);
+int ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t);
+int ASN1_TIME_compare(const ASN1_TIME *a, const ASN1_TIME *b);
+
+int i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a);
+int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size);
+int i2a_ASN1_ENUMERATED(BIO *bp, const ASN1_ENUMERATED *a);
+int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size);
+int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a);
+int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size);
+int i2a_ASN1_STRING(BIO *bp, const ASN1_STRING *a, int type);
+int i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a);
+
+int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num);
+ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len,
+                                const char *sn, const char *ln);
+
+int ASN1_INTEGER_get_int64(int64_t *pr, const ASN1_INTEGER *a);
+int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r);
+int ASN1_INTEGER_get_uint64(uint64_t *pr, const ASN1_INTEGER *a);
+int ASN1_INTEGER_set_uint64(ASN1_INTEGER *a, uint64_t r);
+
+int ASN1_INTEGER_set(ASN1_INTEGER *a, long v);
+long ASN1_INTEGER_get(const ASN1_INTEGER *a);
+ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai);
+BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn);
+
+int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_ENUMERATED *a);
+int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t r);
+
+
+int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v);
+long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a);
+ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai);
+BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, BIGNUM *bn);
+
+/* General */
+/* given a string, return the correct type, max is the maximum length */
+int ASN1_PRINTABLE_type(const unsigned char *s, int max);
+
+unsigned long ASN1_tag2bit(int tag);
+
+/* SPECIALS */
+int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
+                    int *pclass, long omax);
+int ASN1_check_infinite_end(unsigned char **p, long len);
+int ASN1_const_check_infinite_end(const unsigned char **p, long len);
+void ASN1_put_object(unsigned char **pp, int constructed, int length,
+                     int tag, int xclass);
+int ASN1_put_eoc(unsigned char **pp);
+int ASN1_object_size(int constructed, int length, int tag);
+
+/* Used to implement other functions */
+void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x);
+
+# define ASN1_dup_of(type,i2d,d2i,x) \
+    ((type*)ASN1_dup(CHECKED_I2D_OF(type, i2d), \
+                     CHECKED_D2I_OF(type, d2i), \
+                     CHECKED_PTR_OF(type, x)))
+
+# define ASN1_dup_of_const(type,i2d,d2i,x) \
+    ((type*)ASN1_dup(CHECKED_I2D_OF(const type, i2d), \
+                     CHECKED_D2I_OF(type, d2i), \
+                     CHECKED_PTR_OF(const type, x)))
+
+void *ASN1_item_dup(const ASN1_ITEM *it, void *x);
+
+/* ASN1 alloc/free macros for when a type is only used internally */
+
+# define M_ASN1_new_of(type) (type *)ASN1_item_new(ASN1_ITEM_rptr(type))
+# define M_ASN1_free_of(x, type) \
+                ASN1_item_free(CHECKED_PTR_OF(type, x), ASN1_ITEM_rptr(type))
+
+# ifndef OPENSSL_NO_STDIO
+void *ASN1_d2i_fp(void *(*xnew) (void), d2i_of_void *d2i, FILE *in, void **x);
+
+#  define ASN1_d2i_fp_of(type,xnew,d2i,in,x) \
+    ((type*)ASN1_d2i_fp(CHECKED_NEW_OF(type, xnew), \
+                        CHECKED_D2I_OF(type, d2i), \
+                        in, \
+                        CHECKED_PPTR_OF(type, x)))
+
+void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x);
+int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x);
+
+#  define ASN1_i2d_fp_of(type,i2d,out,x) \
+    (ASN1_i2d_fp(CHECKED_I2D_OF(type, i2d), \
+                 out, \
+                 CHECKED_PTR_OF(type, x)))
+
+#  define ASN1_i2d_fp_of_const(type,i2d,out,x) \
+    (ASN1_i2d_fp(CHECKED_I2D_OF(const type, i2d), \
+                 out, \
+                 CHECKED_PTR_OF(const type, x)))
+
+int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x);
+int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flags);
+# endif
+
+int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in);
+
+void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x);
+
+#  define ASN1_d2i_bio_of(type,xnew,d2i,in,x) \
+    ((type*)ASN1_d2i_bio( CHECKED_NEW_OF(type, xnew), \
+                          CHECKED_D2I_OF(type, d2i), \
+                          in, \
+                          CHECKED_PPTR_OF(type, x)))
+
+void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x);
+int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x);
+
+#  define ASN1_i2d_bio_of(type,i2d,out,x) \
+    (ASN1_i2d_bio(CHECKED_I2D_OF(type, i2d), \
+                  out, \
+                  CHECKED_PTR_OF(type, x)))
+
+#  define ASN1_i2d_bio_of_const(type,i2d,out,x) \
+    (ASN1_i2d_bio(CHECKED_I2D_OF(const type, i2d), \
+                  out, \
+                  CHECKED_PTR_OF(const type, x)))
+
+int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x);
+int ASN1_UTCTIME_print(BIO *fp, const ASN1_UTCTIME *a);
+int ASN1_GENERALIZEDTIME_print(BIO *fp, const ASN1_GENERALIZEDTIME *a);
+int ASN1_TIME_print(BIO *fp, const ASN1_TIME *a);
+int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v);
+int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags);
+int ASN1_buf_print(BIO *bp, const unsigned char *buf, size_t buflen, int off);
+int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num,
+                  unsigned char *buf, int off);
+int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent);
+int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent,
+                    int dump);
+const char *ASN1_tag2str(int tag);
+
+/* Used to load and write Netscape format cert */
+
+int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s);
+
+int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len);
+int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_len);
+int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num,
+                                  unsigned char *data, int len);
+int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
+                                  unsigned char *data, int max_len);
+
+void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it);
+
+ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it,
+                            ASN1_OCTET_STRING **oct);
+
+void ASN1_STRING_set_default_mask(unsigned long mask);
+int ASN1_STRING_set_default_mask_asc(const char *p);
+unsigned long ASN1_STRING_get_default_mask(void);
+int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len,
+                       int inform, unsigned long mask);
+int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
+                        int inform, unsigned long mask,
+                        long minsize, long maxsize);
+
+ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out,
+                                    const unsigned char *in, int inlen,
+                                    int inform, int nid);
+ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid);
+int ASN1_STRING_TABLE_add(int, long, long, unsigned long, unsigned long);
+void ASN1_STRING_TABLE_cleanup(void);
+
+/* ASN1 template functions */
+
+/* Old API compatible functions */
+ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it);
+void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it);
+ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **val, const unsigned char **in,
+                          long len, const ASN1_ITEM *it);
+int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);
+int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out,
+                       const ASN1_ITEM *it);
+
+void ASN1_add_oid_module(void);
+void ASN1_add_stable_module(void);
+
+ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf);
+ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf);
+int ASN1_str2mask(const char *str, unsigned long *pmask);
+
+/* ASN1 Print flags */
+
+/* Indicate missing OPTIONAL fields */
+# define ASN1_PCTX_FLAGS_SHOW_ABSENT             0x001
+/* Mark start and end of SEQUENCE */
+# define ASN1_PCTX_FLAGS_SHOW_SEQUENCE           0x002
+/* Mark start and end of SEQUENCE/SET OF */
+# define ASN1_PCTX_FLAGS_SHOW_SSOF               0x004
+/* Show the ASN1 type of primitives */
+# define ASN1_PCTX_FLAGS_SHOW_TYPE               0x008
+/* Don't show ASN1 type of ANY */
+# define ASN1_PCTX_FLAGS_NO_ANY_TYPE             0x010
+/* Don't show ASN1 type of MSTRINGs */
+# define ASN1_PCTX_FLAGS_NO_MSTRING_TYPE         0x020
+/* Don't show field names in SEQUENCE */
+# define ASN1_PCTX_FLAGS_NO_FIELD_NAME           0x040
+/* Show structure names of each SEQUENCE field */
+# define ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME  0x080
+/* Don't show structure name even at top level */
+# define ASN1_PCTX_FLAGS_NO_STRUCT_NAME          0x100
+
+int ASN1_item_print(BIO *out, ASN1_VALUE *ifld, int indent,
+                    const ASN1_ITEM *it, const ASN1_PCTX *pctx);
+ASN1_PCTX *ASN1_PCTX_new(void);
+void ASN1_PCTX_free(ASN1_PCTX *p);
+unsigned long ASN1_PCTX_get_flags(const ASN1_PCTX *p);
+void ASN1_PCTX_set_flags(ASN1_PCTX *p, unsigned long flags);
+unsigned long ASN1_PCTX_get_nm_flags(const ASN1_PCTX *p);
+void ASN1_PCTX_set_nm_flags(ASN1_PCTX *p, unsigned long flags);
+unsigned long ASN1_PCTX_get_cert_flags(const ASN1_PCTX *p);
+void ASN1_PCTX_set_cert_flags(ASN1_PCTX *p, unsigned long flags);
+unsigned long ASN1_PCTX_get_oid_flags(const ASN1_PCTX *p);
+void ASN1_PCTX_set_oid_flags(ASN1_PCTX *p, unsigned long flags);
+unsigned long ASN1_PCTX_get_str_flags(const ASN1_PCTX *p);
+void ASN1_PCTX_set_str_flags(ASN1_PCTX *p, unsigned long flags);
+
+ASN1_SCTX *ASN1_SCTX_new(int (*scan_cb) (ASN1_SCTX *ctx));
+void ASN1_SCTX_free(ASN1_SCTX *p);
+const ASN1_ITEM *ASN1_SCTX_get_item(ASN1_SCTX *p);
+const ASN1_TEMPLATE *ASN1_SCTX_get_template(ASN1_SCTX *p);
+unsigned long ASN1_SCTX_get_flags(ASN1_SCTX *p);
+void ASN1_SCTX_set_app_data(ASN1_SCTX *p, void *data);
+void *ASN1_SCTX_get_app_data(ASN1_SCTX *p);
+
+const BIO_METHOD *BIO_f_asn1(void);
+
+BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it);
+
+int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
+                        const ASN1_ITEM *it);
+int PEM_write_bio_ASN1_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
+                              const char *hdr, const ASN1_ITEM *it);
+int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
+                     int ctype_nid, int econt_nid,
+                     STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it);
+ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it);
+int SMIME_crlf_copy(BIO *in, BIO *out, int flags);
+int SMIME_text(BIO *in, BIO *out);
+
+const ASN1_ITEM *ASN1_ITEM_lookup(const char *name);
+const ASN1_ITEM *ASN1_ITEM_get(size_t i);
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/asn1_mac.h b/freebsd/crypto/openssl/include/openssl/asn1_mac.h
new file mode 100644
index 00000000..7ac1782a
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/asn1_mac.h
@@ -0,0 +1,10 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#error "This file is obsolete; please update your software."
diff --git a/freebsd/crypto/openssl/include/openssl/asn1err.h b/freebsd/crypto/openssl/include/openssl/asn1err.h
new file mode 100644
index 00000000..5a91126d
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/asn1err.h
@@ -0,0 +1,252 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_ASN1ERR_H
+# define HEADER_ASN1ERR_H
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_ASN1_strings(void);
+
+/*
+ * ASN1 function codes.
+ */
+# define ASN1_F_A2D_ASN1_OBJECT                           100
+# define ASN1_F_A2I_ASN1_INTEGER                          102
+# define ASN1_F_A2I_ASN1_STRING                           103
+# define ASN1_F_APPEND_EXP                                176
+# define ASN1_F_ASN1_BIO_INIT                             113
+# define ASN1_F_ASN1_BIT_STRING_SET_BIT                   183
+# define ASN1_F_ASN1_CB                                   177
+# define ASN1_F_ASN1_CHECK_TLEN                           104
+# define ASN1_F_ASN1_COLLECT                              106
+# define ASN1_F_ASN1_D2I_EX_PRIMITIVE                     108
+# define ASN1_F_ASN1_D2I_FP                               109
+# define ASN1_F_ASN1_D2I_READ_BIO                         107
+# define ASN1_F_ASN1_DIGEST                               184
+# define ASN1_F_ASN1_DO_ADB                               110
+# define ASN1_F_ASN1_DO_LOCK                              233
+# define ASN1_F_ASN1_DUP                                  111
+# define ASN1_F_ASN1_ENC_SAVE                             115
+# define ASN1_F_ASN1_EX_C2I                               204
+# define ASN1_F_ASN1_FIND_END                             190
+# define ASN1_F_ASN1_GENERALIZEDTIME_ADJ                  216
+# define ASN1_F_ASN1_GENERATE_V3                          178
+# define ASN1_F_ASN1_GET_INT64                            224
+# define ASN1_F_ASN1_GET_OBJECT                           114
+# define ASN1_F_ASN1_GET_UINT64                           225
+# define ASN1_F_ASN1_I2D_BIO                              116
+# define ASN1_F_ASN1_I2D_FP                               117
+# define ASN1_F_ASN1_ITEM_D2I_FP                          206
+# define ASN1_F_ASN1_ITEM_DUP                             191
+# define ASN1_F_ASN1_ITEM_EMBED_D2I                       120
+# define ASN1_F_ASN1_ITEM_EMBED_NEW                       121
+# define ASN1_F_ASN1_ITEM_FLAGS_I2D                       118
+# define ASN1_F_ASN1_ITEM_I2D_BIO                         192
+# define ASN1_F_ASN1_ITEM_I2D_FP                          193
+# define ASN1_F_ASN1_ITEM_PACK                            198
+# define ASN1_F_ASN1_ITEM_SIGN                            195
+# define ASN1_F_ASN1_ITEM_SIGN_CTX                        220
+# define ASN1_F_ASN1_ITEM_UNPACK                          199
+# define ASN1_F_ASN1_ITEM_VERIFY                          197
+# define ASN1_F_ASN1_MBSTRING_NCOPY                       122
+# define ASN1_F_ASN1_OBJECT_NEW                           123
+# define ASN1_F_ASN1_OUTPUT_DATA                          214
+# define ASN1_F_ASN1_PCTX_NEW                             205
+# define ASN1_F_ASN1_PRIMITIVE_NEW                        119
+# define ASN1_F_ASN1_SCTX_NEW                             221
+# define ASN1_F_ASN1_SIGN                                 128
+# define ASN1_F_ASN1_STR2TYPE                             179
+# define ASN1_F_ASN1_STRING_GET_INT64                     227
+# define ASN1_F_ASN1_STRING_GET_UINT64                    230
+# define ASN1_F_ASN1_STRING_SET                           186
+# define ASN1_F_ASN1_STRING_TABLE_ADD                     129
+# define ASN1_F_ASN1_STRING_TO_BN                         228
+# define ASN1_F_ASN1_STRING_TYPE_NEW                      130
+# define ASN1_F_ASN1_TEMPLATE_EX_D2I                      132
+# define ASN1_F_ASN1_TEMPLATE_NEW                         133
+# define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I                   131
+# define ASN1_F_ASN1_TIME_ADJ                             217
+# define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING             134
+# define ASN1_F_ASN1_TYPE_GET_OCTETSTRING                 135
+# define ASN1_F_ASN1_UTCTIME_ADJ                          218
+# define ASN1_F_ASN1_VERIFY                               137
+# define ASN1_F_B64_READ_ASN1                             209
+# define ASN1_F_B64_WRITE_ASN1                            210
+# define ASN1_F_BIO_NEW_NDEF                              208
+# define ASN1_F_BITSTR_CB                                 180
+# define ASN1_F_BN_TO_ASN1_STRING                         229
+# define ASN1_F_C2I_ASN1_BIT_STRING                       189
+# define ASN1_F_C2I_ASN1_INTEGER                          194
+# define ASN1_F_C2I_ASN1_OBJECT                           196
+# define ASN1_F_C2I_IBUF                                  226
+# define ASN1_F_C2I_UINT64_INT                            101
+# define ASN1_F_COLLECT_DATA                              140
+# define ASN1_F_D2I_ASN1_OBJECT                           147
+# define ASN1_F_D2I_ASN1_UINTEGER                         150
+# define ASN1_F_D2I_AUTOPRIVATEKEY                        207
+# define ASN1_F_D2I_PRIVATEKEY                            154
+# define ASN1_F_D2I_PUBLICKEY                             155
+# define ASN1_F_DO_BUF                                    142
+# define ASN1_F_DO_CREATE                                 124
+# define ASN1_F_DO_DUMP                                   125
+# define ASN1_F_DO_TCREATE                                222
+# define ASN1_F_I2A_ASN1_OBJECT                           126
+# define ASN1_F_I2D_ASN1_BIO_STREAM                       211
+# define ASN1_F_I2D_ASN1_OBJECT                           143
+# define ASN1_F_I2D_DSA_PUBKEY                            161
+# define ASN1_F_I2D_EC_PUBKEY                             181
+# define ASN1_F_I2D_PRIVATEKEY                            163
+# define ASN1_F_I2D_PUBLICKEY                             164
+# define ASN1_F_I2D_RSA_PUBKEY                            165
+# define ASN1_F_LONG_C2I                                  166
+# define ASN1_F_NDEF_PREFIX                               127
+# define ASN1_F_NDEF_SUFFIX                               136
+# define ASN1_F_OID_MODULE_INIT                           174
+# define ASN1_F_PARSE_TAGGING                             182
+# define ASN1_F_PKCS5_PBE2_SET_IV                         167
+# define ASN1_F_PKCS5_PBE2_SET_SCRYPT                     231
+# define ASN1_F_PKCS5_PBE_SET                             202
+# define ASN1_F_PKCS5_PBE_SET0_ALGOR                      215
+# define ASN1_F_PKCS5_PBKDF2_SET                          219
+# define ASN1_F_PKCS5_SCRYPT_SET                          232
+# define ASN1_F_SMIME_READ_ASN1                           212
+# define ASN1_F_SMIME_TEXT                                213
+# define ASN1_F_STABLE_GET                                138
+# define ASN1_F_STBL_MODULE_INIT                          223
+# define ASN1_F_UINT32_C2I                                105
+# define ASN1_F_UINT32_NEW                                139
+# define ASN1_F_UINT64_C2I                                112
+# define ASN1_F_UINT64_NEW                                141
+# define ASN1_F_X509_CRL_ADD0_REVOKED                     169
+# define ASN1_F_X509_INFO_NEW                             170
+# define ASN1_F_X509_NAME_ENCODE                          203
+# define ASN1_F_X509_NAME_EX_D2I                          158
+# define ASN1_F_X509_NAME_EX_NEW                          171
+# define ASN1_F_X509_PKEY_NEW                             173
+
+/*
+ * ASN1 reason codes.
+ */
+# define ASN1_R_ADDING_OBJECT                             171
+# define ASN1_R_ASN1_PARSE_ERROR                          203
+# define ASN1_R_ASN1_SIG_PARSE_ERROR                      204
+# define ASN1_R_AUX_ERROR                                 100
+# define ASN1_R_BAD_OBJECT_HEADER                         102
+# define ASN1_R_BMPSTRING_IS_WRONG_LENGTH                 214
+# define ASN1_R_BN_LIB                                    105
+# define ASN1_R_BOOLEAN_IS_WRONG_LENGTH                   106
+# define ASN1_R_BUFFER_TOO_SMALL                          107
+# define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER           108
+# define ASN1_R_CONTEXT_NOT_INITIALISED                   217
+# define ASN1_R_DATA_IS_WRONG                             109
+# define ASN1_R_DECODE_ERROR                              110
+# define ASN1_R_DEPTH_EXCEEDED                            174
+# define ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED         198
+# define ASN1_R_ENCODE_ERROR                              112
+# define ASN1_R_ERROR_GETTING_TIME                        173
+# define ASN1_R_ERROR_LOADING_SECTION                     172
+# define ASN1_R_ERROR_SETTING_CIPHER_PARAMS               114
+# define ASN1_R_EXPECTING_AN_INTEGER                      115
+# define ASN1_R_EXPECTING_AN_OBJECT                       116
+# define ASN1_R_EXPLICIT_LENGTH_MISMATCH                  119
+# define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED              120
+# define ASN1_R_FIELD_MISSING                             121
+# define ASN1_R_FIRST_NUM_TOO_LARGE                       122
+# define ASN1_R_HEADER_TOO_LONG                           123
+# define ASN1_R_ILLEGAL_BITSTRING_FORMAT                  175
+# define ASN1_R_ILLEGAL_BOOLEAN                           176
+# define ASN1_R_ILLEGAL_CHARACTERS                        124
+# define ASN1_R_ILLEGAL_FORMAT                            177
+# define ASN1_R_ILLEGAL_HEX                               178
+# define ASN1_R_ILLEGAL_IMPLICIT_TAG                      179
+# define ASN1_R_ILLEGAL_INTEGER                           180
+# define ASN1_R_ILLEGAL_NEGATIVE_VALUE                    226
+# define ASN1_R_ILLEGAL_NESTED_TAGGING                    181
+# define ASN1_R_ILLEGAL_NULL                              125
+# define ASN1_R_ILLEGAL_NULL_VALUE                        182
+# define ASN1_R_ILLEGAL_OBJECT                            183
+# define ASN1_R_ILLEGAL_OPTIONAL_ANY                      126
+# define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE          170
+# define ASN1_R_ILLEGAL_PADDING                           221
+# define ASN1_R_ILLEGAL_TAGGED_ANY                        127
+# define ASN1_R_ILLEGAL_TIME_VALUE                        184
+# define ASN1_R_ILLEGAL_ZERO_CONTENT                      222
+# define ASN1_R_INTEGER_NOT_ASCII_FORMAT                  185
+# define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG                128
+# define ASN1_R_INVALID_BIT_STRING_BITS_LEFT              220
+# define ASN1_R_INVALID_BMPSTRING_LENGTH                  129
+# define ASN1_R_INVALID_DIGIT                             130
+# define ASN1_R_INVALID_MIME_TYPE                         205
+# define ASN1_R_INVALID_MODIFIER                          186
+# define ASN1_R_INVALID_NUMBER                            187
+# define ASN1_R_INVALID_OBJECT_ENCODING                   216
+# define ASN1_R_INVALID_SCRYPT_PARAMETERS                 227
+# define ASN1_R_INVALID_SEPARATOR                         131
+# define ASN1_R_INVALID_STRING_TABLE_VALUE                218
+# define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH            133
+# define ASN1_R_INVALID_UTF8STRING                        134
+# define ASN1_R_INVALID_VALUE                             219
+# define ASN1_R_LIST_ERROR                                188
+# define ASN1_R_MIME_NO_CONTENT_TYPE                      206
+# define ASN1_R_MIME_PARSE_ERROR                          207
+# define ASN1_R_MIME_SIG_PARSE_ERROR                      208
+# define ASN1_R_MISSING_EOC                               137
+# define ASN1_R_MISSING_SECOND_NUMBER                     138
+# define ASN1_R_MISSING_VALUE                             189
+# define ASN1_R_MSTRING_NOT_UNIVERSAL                     139
+# define ASN1_R_MSTRING_WRONG_TAG                         140
+# define ASN1_R_NESTED_ASN1_STRING                        197
+# define ASN1_R_NESTED_TOO_DEEP                           201
+# define ASN1_R_NON_HEX_CHARACTERS                        141
+# define ASN1_R_NOT_ASCII_FORMAT                          190
+# define ASN1_R_NOT_ENOUGH_DATA                           142
+# define ASN1_R_NO_CONTENT_TYPE                           209
+# define ASN1_R_NO_MATCHING_CHOICE_TYPE                   143
+# define ASN1_R_NO_MULTIPART_BODY_FAILURE                 210
+# define ASN1_R_NO_MULTIPART_BOUNDARY                     211
+# define ASN1_R_NO_SIG_CONTENT_TYPE                       212
+# define ASN1_R_NULL_IS_WRONG_LENGTH                      144
+# define ASN1_R_OBJECT_NOT_ASCII_FORMAT                   191
+# define ASN1_R_ODD_NUMBER_OF_CHARS                       145
+# define ASN1_R_SECOND_NUMBER_TOO_LARGE                   147
+# define ASN1_R_SEQUENCE_LENGTH_MISMATCH                  148
+# define ASN1_R_SEQUENCE_NOT_CONSTRUCTED                  149
+# define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG              192
+# define ASN1_R_SHORT_LINE                                150
+# define ASN1_R_SIG_INVALID_MIME_TYPE                     213
+# define ASN1_R_STREAMING_NOT_SUPPORTED                   202
+# define ASN1_R_STRING_TOO_LONG                           151
+# define ASN1_R_STRING_TOO_SHORT                          152
+# define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154
+# define ASN1_R_TIME_NOT_ASCII_FORMAT                     193
+# define ASN1_R_TOO_LARGE                                 223
+# define ASN1_R_TOO_LONG                                  155
+# define ASN1_R_TOO_SMALL                                 224
+# define ASN1_R_TYPE_NOT_CONSTRUCTED                      156
+# define ASN1_R_TYPE_NOT_PRIMITIVE                        195
+# define ASN1_R_UNEXPECTED_EOC                            159
+# define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH           215
+# define ASN1_R_UNKNOWN_FORMAT                            160
+# define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM          161
+# define ASN1_R_UNKNOWN_OBJECT_TYPE                       162
+# define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE                   163
+# define ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM               199
+# define ASN1_R_UNKNOWN_TAG                               194
+# define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE           164
+# define ASN1_R_UNSUPPORTED_CIPHER                        228
+# define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE               167
+# define ASN1_R_UNSUPPORTED_TYPE                          196
+# define ASN1_R_WRONG_INTEGER_TYPE                        225
+# define ASN1_R_WRONG_PUBLIC_KEY_TYPE                     200
+# define ASN1_R_WRONG_TAG                                 168
+
+#endif
diff --git a/freebsd/crypto/openssl/crypto/asn1/asn1t.h b/freebsd/crypto/openssl/include/openssl/asn1t.h
index 99bc0eec..a450ba0d 100644
--- a/freebsd/crypto/openssl/crypto/asn1/asn1t.h
+++ b/freebsd/crypto/openssl/include/openssl/asn1t.h
@@ -1,61 +1,12 @@
-/* asn1t.h */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
+
 #ifndef HEADER_ASN1T_H
 # define HEADER_ASN1T_H
 
@@ -82,15 +33,18 @@ extern "C" {
 /* Macros for start and end of ASN1_ITEM definition */
 
 #  define ASN1_ITEM_start(itname) \
-        OPENSSL_GLOBAL const ASN1_ITEM itname##_it = {
+        const ASN1_ITEM itname##_it = {
 
-#  define ASN1_ITEM_end(itname) \
+#  define static_ASN1_ITEM_start(itname) \
+        static const ASN1_ITEM itname##_it = {
+
+#  define ASN1_ITEM_end(itname)                 \
                 };
 
 # else
 
 /* Macro to obtain ASN1_ADB pointer from a type (only used internally) */
-#  define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr()))
+#  define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)((iptr)()))
 
 /* Macros for start and end of ASN1_ITEM definition */
 
@@ -99,6 +53,9 @@ extern "C" {
         { \
                 static const ASN1_ITEM local_it = {
 
+#  define static_ASN1_ITEM_start(itname) \
+        static ASN1_ITEM_start(itname)
+
 #  define ASN1_ITEM_end(itname) \
                 }; \
         return &local_it; \
@@ -122,6 +79,17 @@ extern "C" {
                 0,\
                 #tname \
         ASN1_ITEM_end(tname)
+# define static_ASN1_ITEM_TEMPLATE_END(tname) \
+        ;\
+        static_ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_PRIMITIVE,\
+                -1,\
+                &tname##_item_tt,\
+                0,\
+                NULL,\
+                0,\
+                #tname \
+        ASN1_ITEM_end(tname)
 
 /* This is a ASN1 type which just embeds a template */
 
@@ -151,6 +119,8 @@ extern "C" {
 
 # define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname)
 
+# define static_ASN1_SEQUENCE_END(stname) static_ASN1_SEQUENCE_END_name(stname, stname)
+
 # define ASN1_SEQUENCE_END_name(stname, tname) \
         ;\
         ASN1_ITEM_start(tname) \
@@ -160,6 +130,18 @@ extern "C" {
                 sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
                 NULL,\
                 sizeof(stname),\
+                #tname \
+        ASN1_ITEM_end(tname)
+
+# define static_ASN1_SEQUENCE_END_name(stname, tname) \
+        ;\
+        static_ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_SEQUENCE,\
+                V_ASN1_SEQUENCE,\
+                tname##_seq_tt,\
+                sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+                NULL,\
+                sizeof(stname),\
                 #stname \
         ASN1_ITEM_end(tname)
 
@@ -177,8 +159,8 @@ extern "C" {
         static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \
         ASN1_SEQUENCE(tname)
 
-# define ASN1_SEQUENCE_ref(tname, cb, lck) \
-        static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), lck, cb, 0}; \
+# define ASN1_SEQUENCE_ref(tname, cb) \
+        static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), offsetof(tname, lock), cb, 0}; \
         ASN1_SEQUENCE(tname)
 
 # define ASN1_SEQUENCE_enc(tname, enc, cb) \
@@ -196,12 +178,26 @@ extern "C" {
                 sizeof(tname),\
                 #tname \
         ASN1_ITEM_end(tname)
+# define static_ASN1_NDEF_SEQUENCE_END(tname) \
+        ;\
+        static_ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_NDEF_SEQUENCE,\
+                V_ASN1_SEQUENCE,\
+                tname##_seq_tt,\
+                sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+                NULL,\
+                sizeof(tname),\
+                #tname \
+        ASN1_ITEM_end(tname)
 
 # define ASN1_BROKEN_SEQUENCE_END(stname) ASN1_SEQUENCE_END_ref(stname, stname)
+# define static_ASN1_BROKEN_SEQUENCE_END(stname) \
+        static_ASN1_SEQUENCE_END_ref(stname, stname)
 
 # define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
 
 # define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
+# define static_ASN1_SEQUENCE_END_cb(stname, tname) static_ASN1_SEQUENCE_END_ref(stname, tname)
 
 # define ASN1_SEQUENCE_END_ref(stname, tname) \
         ;\
@@ -212,6 +208,17 @@ extern "C" {
                 sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
                 &tname##_aux,\
                 sizeof(stname),\
+                #tname \
+        ASN1_ITEM_end(tname)
+# define static_ASN1_SEQUENCE_END_ref(stname, tname) \
+        ;\
+        static_ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_SEQUENCE,\
+                V_ASN1_SEQUENCE,\
+                tname##_seq_tt,\
+                sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+                &tname##_aux,\
+                sizeof(stname),\
                 #stname \
         ASN1_ITEM_end(tname)
 
@@ -259,8 +266,12 @@ extern "C" {
 
 # define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname)
 
+# define static_ASN1_CHOICE_END(stname) static_ASN1_CHOICE_END_name(stname, stname)
+
 # define ASN1_CHOICE_END_name(stname, tname) ASN1_CHOICE_END_selector(stname, tname, type)
 
+# define static_ASN1_CHOICE_END_name(stname, tname) static_ASN1_CHOICE_END_selector(stname, tname, type)
+
 # define ASN1_CHOICE_END_selector(stname, tname, selname) \
         ;\
         ASN1_ITEM_start(tname) \
@@ -273,6 +284,18 @@ extern "C" {
                 #stname \
         ASN1_ITEM_end(tname)
 
+# define static_ASN1_CHOICE_END_selector(stname, tname, selname) \
+        ;\
+        static_ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_CHOICE,\
+                offsetof(stname,selname) ,\
+                tname##_ch_tt,\
+                sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\
+                NULL,\
+                sizeof(stname),\
+                #stname \
+        ASN1_ITEM_end(tname)
+
 # define ASN1_CHOICE_END_cb(stname, tname, selname) \
         ;\
         ASN1_ITEM_start(tname) \
@@ -299,18 +322,13 @@ extern "C" {
         (flags), (tag), offsetof(stname, field),\
         #field, ASN1_ITEM_ref(type) }
 
-/* used when the structure is combined with the parent */
-
-# define ASN1_EX_COMBINE(flags, tag, type) { \
-        (flags)|ASN1_TFLG_COMBINE, (tag), 0, NULL, ASN1_ITEM_ref(type) }
-
 /* implicit and explicit helper macros */
 
 # define ASN1_IMP_EX(stname, field, type, tag, ex) \
-                ASN1_EX_TYPE(ASN1_TFLG_IMPLICIT | ex, tag, stname, field, type)
+         ASN1_EX_TYPE(ASN1_TFLG_IMPLICIT | (ex), tag, stname, field, type)
 
 # define ASN1_EXP_EX(stname, field, type, tag, ex) \
-                ASN1_EX_TYPE(ASN1_TFLG_EXPLICIT | ex, tag, stname, field, type)
+         ASN1_EX_TYPE(ASN1_TFLG_EXPLICIT | (ex), tag, stname, field, type)
 
 /* Any defined by macros: the field used is in the table itself */
 
@@ -323,20 +341,27 @@ extern "C" {
 # endif
 /* Plain simple type */
 # define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0,0, stname, field, type)
+/* Embedded simple type */
+# define ASN1_EMBED(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_EMBED,0, stname, field, type)
 
 /* OPTIONAL simple type */
 # define ASN1_OPT(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type)
+# define ASN1_OPT_EMBED(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL|ASN1_TFLG_EMBED, 0, stname, field, type)
 
 /* IMPLICIT tagged simple type */
 # define ASN1_IMP(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, 0)
+# define ASN1_IMP_EMBED(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_EMBED)
 
 /* IMPLICIT tagged OPTIONAL simple type */
 # define ASN1_IMP_OPT(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)
+# define ASN1_IMP_OPT_EMBED(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_EMBED)
 
 /* Same as above but EXPLICIT */
 
 # define ASN1_EXP(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, 0)
+# define ASN1_EXP_EMBED(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_EMBED)
 # define ASN1_EXP_OPT(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)
+# define ASN1_EXP_OPT_EMBED(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_EMBED)
 
 /* SEQUENCE OF type */
 # define ASN1_SEQUENCE_OF(stname, field, type) \
@@ -395,12 +420,12 @@ extern "C" {
 
 # ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
 
-#  define ASN1_ADB_END(name, flags, field, app_table, def, none) \
+#  define ASN1_ADB_END(name, flags, field, adb_cb, def, none) \
         ;\
         static const ASN1_ADB name##_adb = {\
                 flags,\
                 offsetof(name, field),\
-                app_table,\
+                adb_cb,\
                 name##_adbtbl,\
                 sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\
                 def,\
@@ -409,7 +434,7 @@ extern "C" {
 
 # else
 
-#  define ASN1_ADB_END(name, flags, field, app_table, def, none) \
+#  define ASN1_ADB_END(name, flags, field, adb_cb, def, none) \
         ;\
         static const ASN1_ITEM *name##_adb(void) \
         { \
@@ -417,7 +442,7 @@ extern "C" {
                 {\
                 flags,\
                 offsetof(name, field),\
-                app_table,\
+                adb_cb,\
                 name##_adbtbl,\
                 sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\
                 def,\
@@ -444,9 +469,7 @@ struct ASN1_TEMPLATE_st {
     unsigned long flags;        /* Various flags */
     long tag;                   /* tag, not used if no tagging */
     unsigned long offset;       /* Offset of this field in structure */
-# ifndef NO_ASN1_FIELD_NAMES
     const char *field_name;     /* Field name */
-# endif
     ASN1_ITEM_EXP *item;        /* Relevant ASN1_ITEM or ASN1_ADB */
 };
 
@@ -461,7 +484,7 @@ typedef struct ASN1_ADB_st ASN1_ADB;
 struct ASN1_ADB_st {
     unsigned long flags;        /* Various flags */
     unsigned long offset;       /* Offset of selector field */
-    STACK_OF(ASN1_ADB_TABLE) **app_items; /* Application defined items */
+    int (*adb_cb)(long *psel);  /* Application callback */
     const ASN1_ADB_TABLE *tbl;  /* Table of possible types */
     long tblcount;              /* Number of entries in tbl */
     const ASN1_TEMPLATE *default_tt; /* Type to use if no match */
@@ -508,10 +531,10 @@ struct ASN1_ADB_TABLE_st {
 # define ASN1_TFLG_TAG_MASK      (0x3 << 3)
 
 /* context specific IMPLICIT */
-# define ASN1_TFLG_IMPLICIT      ASN1_TFLG_IMPTAG|ASN1_TFLG_CONTEXT
+# define ASN1_TFLG_IMPLICIT      (ASN1_TFLG_IMPTAG|ASN1_TFLG_CONTEXT)
 
 /* context specific EXPLICIT */
-# define ASN1_TFLG_EXPLICIT      ASN1_TFLG_EXPTAG|ASN1_TFLG_CONTEXT
+# define ASN1_TFLG_EXPLICIT      (ASN1_TFLG_EXPTAG|ASN1_TFLG_CONTEXT)
 
 /*
  * If tagging is in force these determine the type of tag to use. Otherwise
@@ -543,21 +566,15 @@ struct ASN1_ADB_TABLE_st {
 # define ASN1_TFLG_ADB_INT       (0x1<<9)
 
 /*
- * This flag means a parent structure is passed instead of the field: this is
- * useful is a SEQUENCE is being combined with a CHOICE for example. Since
- * this means the structure and item name will differ we need to use the
- * ASN1_CHOICE_END_name() macro for example.
- */
-
-# define ASN1_TFLG_COMBINE       (0x1<<10)
-
-/*
  * This flag when present in a SEQUENCE OF, SET OF or EXPLICIT causes
  * indefinite length constructed encoding to be used if required.
  */
 
 # define ASN1_TFLG_NDEF          (0x1<<11)
 
+/* Field is embedded and not a pointer */
+# define ASN1_TFLG_EMBED         (0x1 << 12)
+
 /* This is the actual ASN1 item itself */
 
 struct ASN1_ITEM_st {
@@ -569,9 +586,7 @@ struct ASN1_ITEM_st {
     long tcount;                /* Number of templates if SEQUENCE or CHOICE */
     const void *funcs;          /* functions that handle this type */
     long size;                  /* Structure size (usually) */
-# ifndef NO_ASN1_FIELD_NAMES
     const char *sname;          /* Structure name */
-# endif
 };
 
 /*-
@@ -597,10 +612,6 @@ struct ASN1_ITEM_st {
  * The 'funcs' field is used for application
  * specific functions.
  *
- * For COMPAT types the funcs field gives a
- * set of functions that handle this type, this
- * supports the old d2i, i2d convention.
- *
  * The EXTERN type uses a new style d2i/i2d.
  * The new style should be used where possible
  * because it avoids things like the d2i IMPLICIT
@@ -625,8 +636,6 @@ struct ASN1_ITEM_st {
 
 # define ASN1_ITYPE_CHOICE               0x2
 
-# define ASN1_ITYPE_COMPAT               0x3
-
 # define ASN1_ITYPE_EXTERN               0x4
 
 # define ASN1_ITYPE_MSTRING              0x5
@@ -648,13 +657,6 @@ struct ASN1_TLC_st {
 };
 
 /* Typedefs for ASN1 function pointers */
-
-typedef ASN1_VALUE *ASN1_new_func(void);
-typedef void ASN1_free_func(ASN1_VALUE *a);
-typedef ASN1_VALUE *ASN1_d2i_func(ASN1_VALUE **a, const unsigned char **in,
-                                  long length);
-typedef int ASN1_i2d_func(ASN1_VALUE *a, unsigned char **in);
-
 typedef int ASN1_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
                         const ASN1_ITEM *it, int tag, int aclass, char opt,
                         ASN1_TLC *ctx);
@@ -677,13 +679,6 @@ typedef int ASN1_primitive_print(BIO *out, ASN1_VALUE **pval,
                                  const ASN1_ITEM *it, int indent,
                                  const ASN1_PCTX *pctx);
 
-typedef struct ASN1_COMPAT_FUNCS_st {
-    ASN1_new_func *asn1_new;
-    ASN1_free_func *asn1_free;
-    ASN1_d2i_func *asn1_d2i;
-    ASN1_i2d_func *asn1_i2d;
-} ASN1_COMPAT_FUNCS;
-
 typedef struct ASN1_EXTERN_FUNCS_st {
     void *app_data;
     ASN1_ex_new_func *asn1_ex_new;
@@ -786,27 +781,6 @@ typedef struct ASN1_STREAM_ARG_st {
                                         ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname \
                                 ASN1_ITEM_end(itname)
 
-/* Macro to implement an ASN1_ITEM in terms of old style funcs */
-
-# define IMPLEMENT_COMPAT_ASN1(sname) IMPLEMENT_COMPAT_ASN1_type(sname, V_ASN1_SEQUENCE)
-
-# define IMPLEMENT_COMPAT_ASN1_type(sname, tag) \
-        static const ASN1_COMPAT_FUNCS sname##_ff = { \
-                (ASN1_new_func *)sname##_new, \
-                (ASN1_free_func *)sname##_free, \
-                (ASN1_d2i_func *)d2i_##sname, \
-                (ASN1_i2d_func *)i2d_##sname, \
-        }; \
-        ASN1_ITEM_start(sname) \
-                ASN1_ITYPE_COMPAT, \
-                tag, \
-                NULL, \
-                0, \
-                &sname##_ff, \
-                0, \
-                #sname \
-        ASN1_ITEM_end(sname)
-
 # define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \
         ASN1_ITEM_start(sname) \
                 ASN1_ITYPE_EXTERN, \
@@ -873,6 +847,19 @@ typedef struct ASN1_STREAM_ARG_st {
                 return ASN1_item_ndef_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(stname));\
         }
 
+# define IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(stname) \
+        static stname *d2i_##stname(stname **a, \
+                                   const unsigned char **in, long len) \
+        { \
+                return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, \
+                                               ASN1_ITEM_rptr(stname)); \
+        } \
+        static int i2d_##stname(stname *a, unsigned char **out) \
+        { \
+                return ASN1_item_i2d((ASN1_VALUE *)a, out, \
+                                     ASN1_ITEM_rptr(stname)); \
+        }
+
 /*
  * This includes evil casts to remove const: they will go away when full ASN1
  * constification is done.
@@ -919,53 +906,38 @@ DECLARE_ASN1_ITEM(ASN1_FBOOLEAN)
 DECLARE_ASN1_ITEM(ASN1_SEQUENCE)
 DECLARE_ASN1_ITEM(CBIGNUM)
 DECLARE_ASN1_ITEM(BIGNUM)
+DECLARE_ASN1_ITEM(INT32)
+DECLARE_ASN1_ITEM(ZINT32)
+DECLARE_ASN1_ITEM(UINT32)
+DECLARE_ASN1_ITEM(ZUINT32)
+DECLARE_ASN1_ITEM(INT64)
+DECLARE_ASN1_ITEM(ZINT64)
+DECLARE_ASN1_ITEM(UINT64)
+DECLARE_ASN1_ITEM(ZUINT64)
+
+# if OPENSSL_API_COMPAT < 0x10200000L
+/*
+ * LONG and ZLONG are strongly discouraged for use as stored data, as the
+ * underlying C type (long) differs in size depending on the architecture.
+ * They are designed with 32-bit longs in mind.
+ */
 DECLARE_ASN1_ITEM(LONG)
 DECLARE_ASN1_ITEM(ZLONG)
+# endif
 
-DECLARE_STACK_OF(ASN1_VALUE)
+DEFINE_STACK_OF(ASN1_VALUE)
 
 /* Functions used internally by the ASN1 code */
 
 int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
 void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
-int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
-int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
 
-void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
-int ASN1_template_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
-                      const ASN1_TEMPLATE *tt);
 int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
                      const ASN1_ITEM *it, int tag, int aclass, char opt,
                      ASN1_TLC *ctx);
 
 int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
                      const ASN1_ITEM *it, int tag, int aclass);
-int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out,
-                      const ASN1_TEMPLATE *tt);
-void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
-
-int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
-                const ASN1_ITEM *it);
-int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
-                int utype, char *free_cont, const ASN1_ITEM *it);
-
-int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it);
-int asn1_set_choice_selector(ASN1_VALUE **pval, int value,
-                             const ASN1_ITEM *it);
-
-ASN1_VALUE **asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
-
-const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt,
-                                 int nullerr);
-
-int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it);
-
-void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it);
-void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
-int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval,
-                     const ASN1_ITEM *it);
-int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen,
-                  const ASN1_ITEM *it);
 
 #ifdef  __cplusplus
 }
diff --git a/freebsd/crypto/openssl/include/openssl/async.h b/freebsd/crypto/openssl/include/openssl/async.h
new file mode 100644
index 00000000..7052b890
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/async.h
@@ -0,0 +1,76 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdlib.h>
+
+#ifndef HEADER_ASYNC_H
+# define HEADER_ASYNC_H
+
+#if defined(_WIN32)
+# if defined(BASETYPES) || defined(_WINDEF_H)
+/* application has to include <windows.h> to use this */
+#define OSSL_ASYNC_FD       HANDLE
+#define OSSL_BAD_ASYNC_FD   INVALID_HANDLE_VALUE
+# endif
+#else
+#define OSSL_ASYNC_FD       int
+#define OSSL_BAD_ASYNC_FD   -1
+#endif
+# include <openssl/asyncerr.h>
+
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+typedef struct async_job_st ASYNC_JOB;
+typedef struct async_wait_ctx_st ASYNC_WAIT_CTX;
+
+#define ASYNC_ERR      0
+#define ASYNC_NO_JOBS  1
+#define ASYNC_PAUSE    2
+#define ASYNC_FINISH   3
+
+int ASYNC_init_thread(size_t max_size, size_t init_size);
+void ASYNC_cleanup_thread(void);
+
+#ifdef OSSL_ASYNC_FD
+ASYNC_WAIT_CTX *ASYNC_WAIT_CTX_new(void);
+void ASYNC_WAIT_CTX_free(ASYNC_WAIT_CTX *ctx);
+int ASYNC_WAIT_CTX_set_wait_fd(ASYNC_WAIT_CTX *ctx, const void *key,
+                               OSSL_ASYNC_FD fd,
+                               void *custom_data,
+                               void (*cleanup)(ASYNC_WAIT_CTX *, const void *,
+                                               OSSL_ASYNC_FD, void *));
+int ASYNC_WAIT_CTX_get_fd(ASYNC_WAIT_CTX *ctx, const void *key,
+                        OSSL_ASYNC_FD *fd, void **custom_data);
+int ASYNC_WAIT_CTX_get_all_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *fd,
+                               size_t *numfds);
+int ASYNC_WAIT_CTX_get_changed_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *addfd,
+                                   size_t *numaddfds, OSSL_ASYNC_FD *delfd,
+                                   size_t *numdelfds);
+int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key);
+#endif
+
+int ASYNC_is_capable(void);
+
+int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret,
+                    int (*func)(void *), void *args, size_t size);
+int ASYNC_pause_job(void);
+
+ASYNC_JOB *ASYNC_get_current_job(void);
+ASYNC_WAIT_CTX *ASYNC_get_wait_ctx(ASYNC_JOB *job);
+void ASYNC_block_pause(void);
+void ASYNC_unblock_pause(void);
+
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/asyncerr.h b/freebsd/crypto/openssl/include/openssl/asyncerr.h
new file mode 100644
index 00000000..5497ba75
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/asyncerr.h
@@ -0,0 +1,38 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_ASYNCERR_H
+# define HEADER_ASYNCERR_H
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_ASYNC_strings(void);
+
+/*
+ * ASYNC function codes.
+ */
+# define ASYNC_F_ASYNC_CTX_NEW                            100
+# define ASYNC_F_ASYNC_INIT_THREAD                        101
+# define ASYNC_F_ASYNC_JOB_NEW                            102
+# define ASYNC_F_ASYNC_PAUSE_JOB                          103
+# define ASYNC_F_ASYNC_START_FUNC                         104
+# define ASYNC_F_ASYNC_START_JOB                          105
+# define ASYNC_F_ASYNC_WAIT_CTX_SET_WAIT_FD               106
+
+/*
+ * ASYNC reason codes.
+ */
+# define ASYNC_R_FAILED_TO_SET_POOL                       101
+# define ASYNC_R_FAILED_TO_SWAP_CONTEXT                   102
+# define ASYNC_R_INIT_FAILED                              105
+# define ASYNC_R_INVALID_POOL_SIZE                        103
+
+#endif
diff --git a/freebsd/crypto/openssl/crypto/bio/bio.h b/freebsd/crypto/openssl/include/openssl/bio.h
index 8f2438cd..2888b42d 100644
--- a/freebsd/crypto/openssl/crypto/bio/bio.h
+++ b/freebsd/crypto/openssl/include/openssl/bio.h
@@ -1,59 +1,10 @@
-/* crypto/bio/bio.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #ifndef HEADER_BIO_H
@@ -61,57 +12,55 @@
 
 # include <openssl/e_os2.h>
 
-# ifndef OPENSSL_NO_FP_API
+# ifndef OPENSSL_NO_STDIO
 #  include <stdio.h>
 # endif
 # include <stdarg.h>
 
 # include <openssl/crypto.h>
+# include <openssl/bioerr.h>
 
 # ifndef OPENSSL_NO_SCTP
-#  ifndef OPENSSL_SYS_VMS
-#   include <stdint.h>
-#  else
-#   include <inttypes.h>
-#  endif
+#  include <openssl/e_os2.h>
 # endif
 
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
+/* There are the classes of BIOs */
+# define BIO_TYPE_DESCRIPTOR     0x0100 /* socket, fd, connect or accept */
+# define BIO_TYPE_FILTER         0x0200
+# define BIO_TYPE_SOURCE_SINK    0x0400
+
 /* These are the 'types' of BIOs */
-# define BIO_TYPE_NONE           0
-# define BIO_TYPE_MEM            (1|0x0400)
-# define BIO_TYPE_FILE           (2|0x0400)
-
-# define BIO_TYPE_FD             (4|0x0400|0x0100)
-# define BIO_TYPE_SOCKET         (5|0x0400|0x0100)
-# define BIO_TYPE_NULL           (6|0x0400)
-# define BIO_TYPE_SSL            (7|0x0200)
-# define BIO_TYPE_MD             (8|0x0200)/* passive filter */
-# define BIO_TYPE_BUFFER         (9|0x0200)/* filter */
-# define BIO_TYPE_CIPHER         (10|0x0200)/* filter */
-# define BIO_TYPE_BASE64         (11|0x0200)/* filter */
-# define BIO_TYPE_CONNECT        (12|0x0400|0x0100)/* socket - connect */
-# define BIO_TYPE_ACCEPT         (13|0x0400|0x0100)/* socket for accept */
-# define BIO_TYPE_PROXY_CLIENT   (14|0x0200)/* client proxy BIO */
-# define BIO_TYPE_PROXY_SERVER   (15|0x0200)/* server proxy BIO */
-# define BIO_TYPE_NBIO_TEST      (16|0x0200)/* server proxy BIO */
-# define BIO_TYPE_NULL_FILTER    (17|0x0200)
-# define BIO_TYPE_BER            (18|0x0200)/* BER -> bin filter */
-# define BIO_TYPE_BIO            (19|0x0400)/* (half a) BIO pair */
-# define BIO_TYPE_LINEBUFFER     (20|0x0200)/* filter */
-# define BIO_TYPE_DGRAM          (21|0x0400|0x0100)
+# define BIO_TYPE_NONE             0
+# define BIO_TYPE_MEM            ( 1|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_FILE           ( 2|BIO_TYPE_SOURCE_SINK)
+
+# define BIO_TYPE_FD             ( 4|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
+# define BIO_TYPE_SOCKET         ( 5|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
+# define BIO_TYPE_NULL           ( 6|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_SSL            ( 7|BIO_TYPE_FILTER)
+# define BIO_TYPE_MD             ( 8|BIO_TYPE_FILTER)
+# define BIO_TYPE_BUFFER         ( 9|BIO_TYPE_FILTER)
+# define BIO_TYPE_CIPHER         (10|BIO_TYPE_FILTER)
+# define BIO_TYPE_BASE64         (11|BIO_TYPE_FILTER)
+# define BIO_TYPE_CONNECT        (12|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
+# define BIO_TYPE_ACCEPT         (13|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
+
+# define BIO_TYPE_NBIO_TEST      (16|BIO_TYPE_FILTER)/* server proxy BIO */
+# define BIO_TYPE_NULL_FILTER    (17|BIO_TYPE_FILTER)
+# define BIO_TYPE_BIO            (19|BIO_TYPE_SOURCE_SINK)/* half a BIO pair */
+# define BIO_TYPE_LINEBUFFER     (20|BIO_TYPE_FILTER)
+# define BIO_TYPE_DGRAM          (21|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
+# define BIO_TYPE_ASN1           (22|BIO_TYPE_FILTER)
+# define BIO_TYPE_COMP           (23|BIO_TYPE_FILTER)
 # ifndef OPENSSL_NO_SCTP
-#  define BIO_TYPE_DGRAM_SCTP     (24|0x0400|0x0100)
+#  define BIO_TYPE_DGRAM_SCTP    (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
 # endif
-# define BIO_TYPE_ASN1           (22|0x0200)/* filter */
-# define BIO_TYPE_COMP           (23|0x0200)/* filter */
 
-# define BIO_TYPE_DESCRIPTOR     0x0100/* socket, fd, connect or accept */
-# define BIO_TYPE_FILTER         0x0200
-# define BIO_TYPE_SOURCE_SINK    0x0400
+#define BIO_TYPE_START           128
 
 /*
  * BIO_FILENAME_READ|BIO_CLOSE to open or close on free.
@@ -136,10 +85,10 @@ extern "C" {
 # define BIO_CTRL_FLUSH          11/* opt - 'flush' buffered output */
 # define BIO_CTRL_DUP            12/* man - extra stuff for 'duped' BIO */
 # define BIO_CTRL_WPENDING       13/* opt - number of bytes still to write */
-/* callback is int cb(BIO *bio,state,ret); */
 # define BIO_CTRL_SET_CALLBACK   14/* opt - set callback function */
 # define BIO_CTRL_GET_CALLBACK   15/* opt - set callback function */
 
+# define BIO_CTRL_PEEK           29/* BIO_f_buffer special */
 # define BIO_CTRL_SET_FILENAME   30/* BIO_s_file special */
 
 /* dgram BIO stuff */
@@ -178,9 +127,10 @@ extern "C" {
 
 # define BIO_CTRL_DGRAM_GET_MTU_OVERHEAD   49
 
+/* Deliberately outside of OPENSSL_NO_SCTP - used in bss_dgram.c */
+#  define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE    50
 # ifndef OPENSSL_NO_SCTP
 /* SCTP stuff */
-#  define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE    50
 #  define BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY                51
 #  define BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY               52
 #  define BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD               53
@@ -193,6 +143,8 @@ extern "C" {
 #  define BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN               70
 # endif
 
+# define BIO_CTRL_DGRAM_SET_PEEK_MODE      71
+
 /* modifiers */
 # define BIO_FP_READ             0x02
 # define BIO_FP_WRITE            0x04
@@ -212,31 +164,20 @@ extern "C" {
 #  define BIO_FLAGS_UPLINK        0
 # endif
 
-/* Used in BIO_gethostbyname() */
-# define BIO_GHBN_CTRL_HITS              1
-# define BIO_GHBN_CTRL_MISSES            2
-# define BIO_GHBN_CTRL_CACHE_SIZE        3
-# define BIO_GHBN_CTRL_GET_ENTRY         4
-# define BIO_GHBN_CTRL_FLUSH             5
-
-/* Mostly used in the SSL BIO */
-/*-
- * Not used anymore
- * #define BIO_FLAGS_PROTOCOL_DELAYED_READ 0x10
- * #define BIO_FLAGS_PROTOCOL_DELAYED_WRITE 0x20
- * #define BIO_FLAGS_PROTOCOL_STARTUP   0x40
- */
-
 # define BIO_FLAGS_BASE64_NO_NL  0x100
 
 /*
- * This is used with memory BIOs: it means we shouldn't free up or change the
- * data in any way.
+ * This is used with memory BIOs:
+ * BIO_FLAGS_MEM_RDONLY means we shouldn't free up or change the data in any way;
+ * BIO_FLAGS_NONCLEAR_RST means we shouldn't clear data on reset.
  */
 # define BIO_FLAGS_MEM_RDONLY    0x200
+# define BIO_FLAGS_NONCLEAR_RST  0x400
 
-typedef struct bio_st BIO;
+typedef union bio_addr_st BIO_ADDR;
+typedef struct bio_addrinfo_st BIO_ADDRINFO;
 
+int BIO_get_new_index(void);
 void BIO_set_flags(BIO *b, int flags);
 int BIO_test_flags(const BIO *b, int flags);
 void BIO_clear_flags(BIO *b, int flags);
@@ -295,76 +236,29 @@ void BIO_clear_flags(BIO *b, int flags);
 # define BIO_cb_pre(a)   (!((a)&BIO_CB_RETURN))
 # define BIO_cb_post(a)  ((a)&BIO_CB_RETURN)
 
-long (*BIO_get_callback(const BIO *b)) (struct bio_st *, int, const char *,
-                                        int, long, long);
-void BIO_set_callback(BIO *b,
-                      long (*callback) (struct bio_st *, int, const char *,
-                                        int, long, long));
+typedef long (*BIO_callback_fn)(BIO *b, int oper, const char *argp, int argi,
+                                long argl, long ret);
+typedef long (*BIO_callback_fn_ex)(BIO *b, int oper, const char *argp,
+                                   size_t len, int argi,
+                                   long argl, int ret, size_t *processed);
+BIO_callback_fn BIO_get_callback(const BIO *b);
+void BIO_set_callback(BIO *b, BIO_callback_fn callback);
+
+BIO_callback_fn_ex BIO_get_callback_ex(const BIO *b);
+void BIO_set_callback_ex(BIO *b, BIO_callback_fn_ex callback);
+
 char *BIO_get_callback_arg(const BIO *b);
 void BIO_set_callback_arg(BIO *b, char *arg);
 
+typedef struct bio_method_st BIO_METHOD;
+
 const char *BIO_method_name(const BIO *b);
 int BIO_method_type(const BIO *b);
 
-typedef void bio_info_cb (struct bio_st *, int, const char *, int, long,
-                          long);
-
-typedef struct bio_method_st {
-    int type;
-    const char *name;
-    int (*bwrite) (BIO *, const char *, int);
-    int (*bread) (BIO *, char *, int);
-    int (*bputs) (BIO *, const char *);
-    int (*bgets) (BIO *, char *, int);
-    long (*ctrl) (BIO *, int, long, void *);
-    int (*create) (BIO *);
-    int (*destroy) (BIO *);
-    long (*callback_ctrl) (BIO *, int, bio_info_cb *);
-} BIO_METHOD;
-
-struct bio_st {
-    BIO_METHOD *method;
-    /* bio, mode, argp, argi, argl, ret */
-    long (*callback) (struct bio_st *, int, const char *, int, long, long);
-    char *cb_arg;               /* first argument for the callback */
-    int init;
-    int shutdown;
-    int flags;                  /* extra storage */
-    int retry_reason;
-    int num;
-    void *ptr;
-    struct bio_st *next_bio;    /* used by filter BIOs */
-    struct bio_st *prev_bio;    /* used by filter BIOs */
-    int references;
-    unsigned long num_read;
-    unsigned long num_write;
-    CRYPTO_EX_DATA ex_data;
-};
+typedef int BIO_info_cb(BIO *, int, int);
+typedef BIO_info_cb bio_info_cb;  /* backward compatibility */
 
-DECLARE_STACK_OF(BIO)
-
-typedef struct bio_f_buffer_ctx_struct {
-    /*-
-     * Buffers are setup like this:
-     *
-     * <---------------------- size ----------------------->
-     * +---------------------------------------------------+
-     * | consumed | remaining          | free space        |
-     * +---------------------------------------------------+
-     * <-- off --><------- len ------->
-     */
-    /*- BIO *bio; *//*
-     * this is now in the BIO struct
-     */
-    int ibuf_size;              /* how big is the input buffer */
-    int obuf_size;              /* how big is the output buffer */
-    char *ibuf;                 /* the char array */
-    int ibuf_len;               /* how many bytes are in it */
-    int ibuf_off;               /* write/read offset */
-    char *obuf;                 /* the char array */
-    int obuf_len;               /* how many bytes are in it */
-    int obuf_off;               /* write/read offset */
-} BIO_F_BUFFER_CTX;
+DEFINE_STACK_OF(BIO)
 
 /* Prefix and suffix callback in ASN1 BIO */
 typedef int asn1_ps_func (BIO *b, unsigned char **pbuf, int *plen,
@@ -395,15 +289,6 @@ struct bio_dgram_sctp_prinfo {
 };
 # endif
 
-/* connect BIO stuff */
-# define BIO_CONN_S_BEFORE               1
-# define BIO_CONN_S_GET_IP               2
-# define BIO_CONN_S_GET_PORT             3
-# define BIO_CONN_S_CREATE_SOCKET        4
-# define BIO_CONN_S_CONNECT              5
-# define BIO_CONN_S_OK                   6
-# define BIO_CONN_S_BLOCKED_CONNECT      7
-# define BIO_CONN_S_NBIO                 8
 /*
  * #define BIO_CONN_get_param_hostname BIO_ctrl
  */
@@ -411,7 +296,7 @@ struct bio_dgram_sctp_prinfo {
 # define BIO_C_SET_CONNECT                       100
 # define BIO_C_DO_STATE_MACHINE                  101
 # define BIO_C_SET_NBIO                          102
-# define BIO_C_SET_PROXY_PARAM                   103
+/* # define BIO_C_SET_PROXY_PARAM                   103 */
 # define BIO_C_SET_FD                            104
 # define BIO_C_GET_FD                            105
 # define BIO_C_SET_FILE_PTR                      106
@@ -429,7 +314,7 @@ struct bio_dgram_sctp_prinfo {
 # define BIO_C_SET_ACCEPT                        118
 # define BIO_C_SSL_MODE                          119
 # define BIO_C_GET_MD_CTX                        120
-# define BIO_C_GET_PROXY_PARAM                   121
+/* # define BIO_C_GET_PROXY_PARAM                   121 */
 # define BIO_C_SET_BUFF_READ_DATA                122/* data to read first */
 # define BIO_C_GET_CONNECT                       123
 # define BIO_C_GET_ACCEPT                        124
@@ -468,61 +353,71 @@ struct bio_dgram_sctp_prinfo {
 # define BIO_C_SET_EX_ARG                        153
 # define BIO_C_GET_EX_ARG                        154
 
+# define BIO_C_SET_CONNECT_MODE                  155
+
 # define BIO_set_app_data(s,arg)         BIO_set_ex_data(s,0,arg)
 # define BIO_get_app_data(s)             BIO_get_ex_data(s,0)
 
-/* BIO_s_connect() and BIO_s_socks4a_connect() */
-# define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0,(char *)name)
-# define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1,(char *)port)
-# define BIO_set_conn_ip(b,ip)     BIO_ctrl(b,BIO_C_SET_CONNECT,2,(char *)ip)
-# define BIO_set_conn_int_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,3,(char *)port)
-# define BIO_get_conn_hostname(b)  BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)
-# define BIO_get_conn_port(b)      BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)
-# define BIO_get_conn_ip(b)               BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)
-# define BIO_get_conn_int_port(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL)
-
-# define BIO_set_nbio(b,n)       BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+# define BIO_set_nbio(b,n)             BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+
+# ifndef OPENSSL_NO_SOCK
+/* IP families we support, for BIO_s_connect() and BIO_s_accept() */
+/* Note: the underlying operating system may not support some of them */
+#  define BIO_FAMILY_IPV4                         4
+#  define BIO_FAMILY_IPV6                         6
+#  define BIO_FAMILY_IPANY                        256
+
+/* BIO_s_connect() */
+#  define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0, \
+                                                 (char *)(name))
+#  define BIO_set_conn_port(b,port)     BIO_ctrl(b,BIO_C_SET_CONNECT,1, \
+                                                 (char *)(port))
+#  define BIO_set_conn_address(b,addr)  BIO_ctrl(b,BIO_C_SET_CONNECT,2, \
+                                                 (char *)(addr))
+#  define BIO_set_conn_ip_family(b,f)   BIO_int_ctrl(b,BIO_C_SET_CONNECT,3,f)
+#  define BIO_get_conn_hostname(b)      ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0))
+#  define BIO_get_conn_port(b)          ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1))
+#  define BIO_get_conn_address(b)       ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2))
+#  define BIO_get_conn_ip_family(b)     BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL)
+#  define BIO_set_conn_mode(b,n)        BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL)
 
 /* BIO_s_accept() */
-# define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name)
-# define BIO_get_accept_port(b)  BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0)
+#  define BIO_set_accept_name(b,name)   BIO_ctrl(b,BIO_C_SET_ACCEPT,0, \
+                                                 (char *)(name))
+#  define BIO_set_accept_port(b,port)   BIO_ctrl(b,BIO_C_SET_ACCEPT,1, \
+                                                 (char *)(port))
+#  define BIO_get_accept_name(b)        ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0))
+#  define BIO_get_accept_port(b)        ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,1))
+#  define BIO_get_peer_name(b)          ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,2))
+#  define BIO_get_peer_port(b)          ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,3))
 /* #define BIO_set_nbio(b,n)    BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */
-# define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?(void *)"a":NULL)
-# define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(char *)bio)
-
-# define BIO_BIND_NORMAL                 0
-# define BIO_BIND_REUSEADDR_IF_UNUSED    1
-# define BIO_BIND_REUSEADDR              2
-# define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL)
-# define BIO_get_bind_mode(b,mode) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL)
+#  define BIO_set_nbio_accept(b,n)      BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(n)?(void *)"a":NULL)
+#  define BIO_set_accept_bios(b,bio)    BIO_ctrl(b,BIO_C_SET_ACCEPT,3, \
+                                                 (char *)(bio))
+#  define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f)
+#  define BIO_get_accept_ip_family(b)   BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL)
+
+/* Aliases kept for backward compatibility */
+#  define BIO_BIND_NORMAL                 0
+#  define BIO_BIND_REUSEADDR              BIO_SOCK_REUSEADDR
+#  define BIO_BIND_REUSEADDR_IF_UNUSED    BIO_SOCK_REUSEADDR
+#  define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL)
+#  define BIO_get_bind_mode(b)    BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL)
 
 /* BIO_s_accept() and BIO_s_connect() */
-# define BIO_do_connect(b)       BIO_do_handshake(b)
-# define BIO_do_accept(b)        BIO_do_handshake(b)
-# define BIO_do_handshake(b)     BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)
+#  define BIO_do_connect(b)       BIO_do_handshake(b)
+#  define BIO_do_accept(b)        BIO_do_handshake(b)
+# endif /* OPENSSL_NO_SOCK */
 
-/* BIO_s_proxy_client() */
-# define BIO_set_url(b,url)      BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,0,(char *)(url))
-# define BIO_set_proxies(b,p)    BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,1,(char *)(p))
-/* BIO_set_nbio(b,n) */
-# define BIO_set_filter_bio(b,s) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,2,(char *)(s))
-/* BIO *BIO_get_filter_bio(BIO *bio); */
-# define BIO_set_proxy_cb(b,cb) BIO_callback_ctrl(b,BIO_C_SET_PROXY_PARAM,3,(void *(*cb)()))
-# define BIO_set_proxy_header(b,sk) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,4,(char *)sk)
-# define BIO_set_no_connect_return(b,bool) BIO_int_ctrl(b,BIO_C_SET_PROXY_PARAM,5,bool)
-
-# define BIO_get_proxy_header(b,skp) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,0,(char *)skp)
-# define BIO_get_proxies(b,pxy_p) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,1,(char *)(pxy_p))
-# define BIO_get_url(b,url)      BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,2,(char *)(url))
-# define BIO_get_no_connect_return(b)    BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,5,NULL)
+# define BIO_do_handshake(b)     BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)
 
 /* BIO_s_datagram(), BIO_s_fd(), BIO_s_socket(), BIO_s_accept() and BIO_s_connect() */
 # define BIO_set_fd(b,fd,c)      BIO_int_ctrl(b,BIO_C_SET_FD,c,fd)
-# define BIO_get_fd(b,c)         BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c)
+# define BIO_get_fd(b,c)         BIO_ctrl(b,BIO_C_GET_FD,0,(char *)(c))
 
 /* BIO_s_file() */
-# define BIO_set_fp(b,fp,c)      BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)fp)
-# define BIO_get_fp(b,fpp)       BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)fpp)
+# define BIO_set_fp(b,fp,c)      BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)(fp))
+# define BIO_get_fp(b,fpp)       BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)(fpp))
 
 /* BIO_s_fd() and BIO_s_file() */
 # define BIO_seek(b,ofs) (int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL)
@@ -539,14 +434,14 @@ struct bio_dgram_sctp_prinfo {
  */
 int BIO_read_filename(BIO *b, const char *name);
 # else
-#  define BIO_read_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
-                BIO_CLOSE|BIO_FP_READ,(char *)name)
+#  define BIO_read_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \
+                BIO_CLOSE|BIO_FP_READ,(char *)(name))
 # endif
-# define BIO_write_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
+# define BIO_write_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \
                 BIO_CLOSE|BIO_FP_WRITE,name)
-# define BIO_append_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
+# define BIO_append_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \
                 BIO_CLOSE|BIO_FP_APPEND,name)
-# define BIO_rw_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
+# define BIO_rw_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \
                 BIO_CLOSE|BIO_FP_READ|BIO_FP_WRITE,name)
 
 /*
@@ -555,8 +450,8 @@ int BIO_read_filename(BIO *b, const char *name);
  * next_bio field in the bio.  So when you free the BIO, make sure you are
  * doing a BIO_free_all() to catch the underlying BIO.
  */
-# define BIO_set_ssl(b,ssl,c)    BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)ssl)
-# define BIO_get_ssl(b,sslp)     BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp)
+# define BIO_set_ssl(b,ssl,c)    BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)(ssl))
+# define BIO_get_ssl(b,sslp)     BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)(sslp))
 # define BIO_set_ssl_mode(b,client)      BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL)
 # define BIO_set_ssl_renegotiate_bytes(b,num) \
         BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL)
@@ -566,11 +461,12 @@ int BIO_read_filename(BIO *b, const char *name);
         BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL)
 
 /* defined in evp.h */
-/* #define BIO_set_md(b,md)     BIO_ctrl(b,BIO_C_SET_MD,1,(char *)md) */
+/* #define BIO_set_md(b,md)     BIO_ctrl(b,BIO_C_SET_MD,1,(char *)(md)) */
 
-# define BIO_get_mem_data(b,pp)  BIO_ctrl(b,BIO_CTRL_INFO,0,(char *)pp)
-# define BIO_set_mem_buf(b,bm,c) BIO_ctrl(b,BIO_C_SET_BUF_MEM,c,(char *)bm)
-# define BIO_get_mem_ptr(b,pp)   BIO_ctrl(b,BIO_C_GET_BUF_MEM_PTR,0,(char *)pp)
+# define BIO_get_mem_data(b,pp)  BIO_ctrl(b,BIO_CTRL_INFO,0,(char *)(pp))
+# define BIO_set_mem_buf(b,bm,c) BIO_ctrl(b,BIO_C_SET_BUF_MEM,c,(char *)(bm))
+# define BIO_get_mem_ptr(b,pp)   BIO_ctrl(b,BIO_C_GET_BUF_MEM_PTR,0, \
+                                          (char *)(pp))
 # define BIO_set_mem_eof_return(b,v) \
                                 BIO_ctrl(b,BIO_C_SET_BUF_MEM_EOF_RETURN,v,NULL)
 
@@ -600,6 +496,7 @@ size_t BIO_ctrl_wpending(BIO *b);
 
 /* For the BIO_f_buffer() type */
 # define BIO_buffer_get_num_lines(b) BIO_ctrl(b,BIO_CTRL_GET,0,NULL)
+# define BIO_buffer_peek(b,s,l) BIO_ctrl(b,BIO_CTRL_PEEK,(l),(s))
 
 /* For BIO_s_bio() */
 # define BIO_set_write_buf_size(b,size) (int)BIO_ctrl(b,BIO_C_SET_WRITE_BUF_SIZE,size,NULL)
@@ -616,29 +513,26 @@ int BIO_ctrl_reset_read_request(BIO *b);
 
 /* ctrl macros for dgram */
 # define BIO_ctrl_dgram_connect(b,peer)  \
-                     (int)BIO_ctrl(b,BIO_CTRL_DGRAM_CONNECT,0, (char *)peer)
-# define BIO_ctrl_set_connected(b, state, peer) \
-         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_CONNECTED, state, (char *)peer)
+                     (int)BIO_ctrl(b,BIO_CTRL_DGRAM_CONNECT,0, (char *)(peer))
+# define BIO_ctrl_set_connected(b,peer) \
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_CONNECTED, 0, (char *)(peer))
 # define BIO_dgram_recv_timedout(b) \
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP, 0, NULL)
 # define BIO_dgram_send_timedout(b) \
          (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP, 0, NULL)
 # define BIO_dgram_get_peer(b,peer) \
-         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)peer)
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)(peer))
 # define BIO_dgram_set_peer(b,peer) \
-         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)peer)
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)(peer))
 # define BIO_dgram_get_mtu_overhead(b) \
          (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL)
 
-/* These two aren't currently implemented */
-/* int BIO_get_ex_num(BIO *bio); */
-/* void BIO_set_ex_free_func(BIO *bio,int idx,void (*cb)()); */
+#define BIO_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO, l, p, newf, dupf, freef)
 int BIO_set_ex_data(BIO *bio, int idx, void *data);
 void *BIO_get_ex_data(BIO *bio, int idx);
-int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-                         CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-unsigned long BIO_number_read(BIO *bio);
-unsigned long BIO_number_written(BIO *bio);
+uint64_t BIO_number_read(BIO *bio);
+uint64_t BIO_number_written(BIO *bio);
 
 /* For BIO_f_asn1() */
 int BIO_asn1_set_prefix(BIO *b, asn1_ps_func *prefix,
@@ -650,34 +544,41 @@ int BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix,
 int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix,
                         asn1_ps_func **psuffix_free);
 
-# ifndef OPENSSL_NO_FP_API
-BIO_METHOD *BIO_s_file(void);
+const BIO_METHOD *BIO_s_file(void);
 BIO *BIO_new_file(const char *filename, const char *mode);
+# ifndef OPENSSL_NO_STDIO
 BIO *BIO_new_fp(FILE *stream, int close_flag);
-#  define BIO_s_file_internal    BIO_s_file
 # endif
-BIO *BIO_new(BIO_METHOD *type);
-int BIO_set(BIO *a, BIO_METHOD *type);
+BIO *BIO_new(const BIO_METHOD *type);
 int BIO_free(BIO *a);
+void BIO_set_data(BIO *a, void *ptr);
+void *BIO_get_data(BIO *a);
+void BIO_set_init(BIO *a, int init);
+int BIO_get_init(BIO *a);
+void BIO_set_shutdown(BIO *a, int shut);
+int BIO_get_shutdown(BIO *a);
 void BIO_vfree(BIO *a);
-int BIO_read(BIO *b, void *data, int len);
+int BIO_up_ref(BIO *a);
+int BIO_read(BIO *b, void *data, int dlen);
+int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes);
 int BIO_gets(BIO *bp, char *buf, int size);
-int BIO_write(BIO *b, const void *data, int len);
+int BIO_write(BIO *b, const void *data, int dlen);
+int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written);
 int BIO_puts(BIO *bp, const char *buf);
 int BIO_indent(BIO *b, int indent, int max);
 long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
-long BIO_callback_ctrl(BIO *b, int cmd,
-                       void (*fp) (struct bio_st *, int, const char *, int,
-                                   long, long));
-char *BIO_ptr_ctrl(BIO *bp, int cmd, long larg);
+long BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp);
+void *BIO_ptr_ctrl(BIO *bp, int cmd, long larg);
 long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg);
 BIO *BIO_push(BIO *b, BIO *append);
 BIO *BIO_pop(BIO *b);
 void BIO_free_all(BIO *a);
 BIO *BIO_find_type(BIO *b, int bio_type);
 BIO *BIO_next(BIO *b);
+void BIO_set_next(BIO *b, BIO *next);
 BIO *BIO_get_retry_BIO(BIO *bio, int *reason);
 int BIO_get_retry_reason(BIO *bio);
+void BIO_set_retry_reason(BIO *bio, int reason);
 BIO *BIO_dup_chain(BIO *in);
 
 int BIO_nread0(BIO *bio, char **buf);
@@ -688,35 +589,44 @@ int BIO_nwrite(BIO *bio, char **buf, int num);
 long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi,
                         long argl, long ret);
 
-BIO_METHOD *BIO_s_mem(void);
+const BIO_METHOD *BIO_s_mem(void);
+const BIO_METHOD *BIO_s_secmem(void);
 BIO *BIO_new_mem_buf(const void *buf, int len);
-BIO_METHOD *BIO_s_socket(void);
-BIO_METHOD *BIO_s_connect(void);
-BIO_METHOD *BIO_s_accept(void);
-BIO_METHOD *BIO_s_fd(void);
-# ifndef OPENSSL_SYS_OS2
-BIO_METHOD *BIO_s_log(void);
+# ifndef OPENSSL_NO_SOCK
+const BIO_METHOD *BIO_s_socket(void);
+const BIO_METHOD *BIO_s_connect(void);
+const BIO_METHOD *BIO_s_accept(void);
 # endif
-BIO_METHOD *BIO_s_bio(void);
-BIO_METHOD *BIO_s_null(void);
-BIO_METHOD *BIO_f_null(void);
-BIO_METHOD *BIO_f_buffer(void);
-# ifdef OPENSSL_SYS_VMS
-BIO_METHOD *BIO_f_linebuffer(void);
-# endif
-BIO_METHOD *BIO_f_nbio_test(void);
+const BIO_METHOD *BIO_s_fd(void);
+const BIO_METHOD *BIO_s_log(void);
+const BIO_METHOD *BIO_s_bio(void);
+const BIO_METHOD *BIO_s_null(void);
+const BIO_METHOD *BIO_f_null(void);
+const BIO_METHOD *BIO_f_buffer(void);
+const BIO_METHOD *BIO_f_linebuffer(void);
+const BIO_METHOD *BIO_f_nbio_test(void);
 # ifndef OPENSSL_NO_DGRAM
-BIO_METHOD *BIO_s_datagram(void);
+const BIO_METHOD *BIO_s_datagram(void);
+int BIO_dgram_non_fatal_error(int error);
+BIO *BIO_new_dgram(int fd, int close_flag);
 #  ifndef OPENSSL_NO_SCTP
-BIO_METHOD *BIO_s_datagram_sctp(void);
+const BIO_METHOD *BIO_s_datagram_sctp(void);
+BIO *BIO_new_dgram_sctp(int fd, int close_flag);
+int BIO_dgram_is_sctp(BIO *bio);
+int BIO_dgram_sctp_notification_cb(BIO *b,
+                                   void (*handle_notifications) (BIO *bio,
+                                                                 void *context,
+                                                                 void *buf),
+                                   void *context);
+int BIO_dgram_sctp_wait_for_dry(BIO *b);
+int BIO_dgram_sctp_msg_waiting(BIO *b);
 #  endif
 # endif
 
-/* BIO_METHOD *BIO_f_ber(void); */
-
+# ifndef OPENSSL_NO_SOCK
 int BIO_sock_should_retry(int i);
 int BIO_sock_non_fatal_error(int error);
-int BIO_dgram_non_fatal_error(int error);
+# endif
 
 int BIO_fd_should_retry(int i);
 int BIO_fd_non_fatal_error(int error);
@@ -726,51 +636,90 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u),
                        void *u, const char *s, int len, int indent);
 int BIO_dump(BIO *b, const char *bytes, int len);
 int BIO_dump_indent(BIO *b, const char *bytes, int len, int indent);
-# ifndef OPENSSL_NO_FP_API
+# ifndef OPENSSL_NO_STDIO
 int BIO_dump_fp(FILE *fp, const char *s, int len);
 int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent);
 # endif
 int BIO_hex_string(BIO *out, int indent, int width, unsigned char *data,
                    int datalen);
 
-struct hostent *BIO_gethostbyname(const char *name);
-/*-
- * We might want a thread-safe interface too:
- * struct hostent *BIO_gethostbyname_r(const char *name,
- *     struct hostent *result, void *buffer, size_t buflen);
- * or something similar (caller allocates a struct hostent,
- * pointed to by "result", and additional buffer space for the various
- * substructures; if the buffer does not suffice, NULL is returned
- * and an appropriate error code is set).
- */
+# ifndef OPENSSL_NO_SOCK
+BIO_ADDR *BIO_ADDR_new(void);
+int BIO_ADDR_rawmake(BIO_ADDR *ap, int family,
+                     const void *where, size_t wherelen, unsigned short port);
+void BIO_ADDR_free(BIO_ADDR *);
+void BIO_ADDR_clear(BIO_ADDR *ap);
+int BIO_ADDR_family(const BIO_ADDR *ap);
+int BIO_ADDR_rawaddress(const BIO_ADDR *ap, void *p, size_t *l);
+unsigned short BIO_ADDR_rawport(const BIO_ADDR *ap);
+char *BIO_ADDR_hostname_string(const BIO_ADDR *ap, int numeric);
+char *BIO_ADDR_service_string(const BIO_ADDR *ap, int numeric);
+char *BIO_ADDR_path_string(const BIO_ADDR *ap);
+
+const BIO_ADDRINFO *BIO_ADDRINFO_next(const BIO_ADDRINFO *bai);
+int BIO_ADDRINFO_family(const BIO_ADDRINFO *bai);
+int BIO_ADDRINFO_socktype(const BIO_ADDRINFO *bai);
+int BIO_ADDRINFO_protocol(const BIO_ADDRINFO *bai);
+const BIO_ADDR *BIO_ADDRINFO_address(const BIO_ADDRINFO *bai);
+void BIO_ADDRINFO_free(BIO_ADDRINFO *bai);
+
+enum BIO_hostserv_priorities {
+    BIO_PARSE_PRIO_HOST, BIO_PARSE_PRIO_SERV
+};
+int BIO_parse_hostserv(const char *hostserv, char **host, char **service,
+                       enum BIO_hostserv_priorities hostserv_prio);
+enum BIO_lookup_type {
+    BIO_LOOKUP_CLIENT, BIO_LOOKUP_SERVER
+};
+int BIO_lookup(const char *host, const char *service,
+               enum BIO_lookup_type lookup_type,
+               int family, int socktype, BIO_ADDRINFO **res);
+int BIO_lookup_ex(const char *host, const char *service,
+                  int lookup_type, int family, int socktype, int protocol,
+                  BIO_ADDRINFO **res);
 int BIO_sock_error(int sock);
 int BIO_socket_ioctl(int fd, long type, void *arg);
 int BIO_socket_nbio(int fd, int mode);
-int BIO_get_port(const char *str, unsigned short *port_ptr);
-int BIO_get_host_ip(const char *str, unsigned char *ip);
-int BIO_get_accept_socket(char *host_port, int mode);
-int BIO_accept(int sock, char **ip_port);
 int BIO_sock_init(void);
-void BIO_sock_cleanup(void);
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define BIO_sock_cleanup() while(0) continue
+# endif
 int BIO_set_tcp_ndelay(int sock, int turn_on);
 
+DEPRECATEDIN_1_1_0(struct hostent *BIO_gethostbyname(const char *name))
+DEPRECATEDIN_1_1_0(int BIO_get_port(const char *str, unsigned short *port_ptr))
+DEPRECATEDIN_1_1_0(int BIO_get_host_ip(const char *str, unsigned char *ip))
+DEPRECATEDIN_1_1_0(int BIO_get_accept_socket(char *host_port, int mode))
+DEPRECATEDIN_1_1_0(int BIO_accept(int sock, char **ip_port))
+
+union BIO_sock_info_u {
+    BIO_ADDR *addr;
+};
+enum BIO_sock_info_type {
+    BIO_SOCK_INFO_ADDRESS
+};
+int BIO_sock_info(int sock,
+                  enum BIO_sock_info_type type, union BIO_sock_info_u *info);
+
+#  define BIO_SOCK_REUSEADDR    0x01
+#  define BIO_SOCK_V6_ONLY      0x02
+#  define BIO_SOCK_KEEPALIVE    0x04
+#  define BIO_SOCK_NONBLOCK     0x08
+#  define BIO_SOCK_NODELAY      0x10
+
+int BIO_socket(int domain, int socktype, int protocol, int options);
+int BIO_connect(int sock, const BIO_ADDR *addr, int options);
+int BIO_bind(int sock, const BIO_ADDR *addr, int options);
+int BIO_listen(int sock, const BIO_ADDR *addr, int options);
+int BIO_accept_ex(int accept_sock, BIO_ADDR *addr, int options);
+int BIO_closesocket(int sock);
+
 BIO *BIO_new_socket(int sock, int close_flag);
-BIO *BIO_new_dgram(int fd, int close_flag);
-# ifndef OPENSSL_NO_SCTP
-BIO *BIO_new_dgram_sctp(int fd, int close_flag);
-int BIO_dgram_is_sctp(BIO *bio);
-int BIO_dgram_sctp_notification_cb(BIO *b,
-                                   void (*handle_notifications) (BIO *bio,
-                                                                 void
-                                                                 *context,
-                                                                 void *buf),
-                                   void *context);
-int BIO_dgram_sctp_wait_for_dry(BIO *b);
-int BIO_dgram_sctp_msg_waiting(BIO *b);
-# endif
-BIO *BIO_new_fd(int fd, int close_flag);
 BIO *BIO_new_connect(const char *host_port);
 BIO *BIO_new_accept(const char *host_port);
+# endif /* OPENSSL_NO_SOCK*/
+
+BIO *BIO_new_fd(int fd, int close_flag);
 
 int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
                      BIO **bio2, size_t writebuf2);
@@ -786,98 +735,70 @@ void BIO_copy_next_retry(BIO *b);
  * long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);
  */
 
-# ifdef __GNUC__
-#  define __bio_h__attr__ __attribute__
-# else
-#  define __bio_h__attr__(x)
+# define ossl_bio__attr__(x)
+# if defined(__GNUC__) && defined(__STDC_VERSION__) \
+    && !defined(__APPLE__)
+    /*
+     * Because we support the 'z' modifier, which made its appearance in C99,
+     * we can't use __attribute__ with pre C99 dialects.
+     */
+#  if __STDC_VERSION__ >= 199901L
+#   undef ossl_bio__attr__
+#   define ossl_bio__attr__ __attribute__
+#   if __GNUC__*10 + __GNUC_MINOR__ >= 44
+#    define ossl_bio__printf__ __gnu_printf__
+#   else
+#    define ossl_bio__printf__ __printf__
+#   endif
+#  endif
 # endif
 int BIO_printf(BIO *bio, const char *format, ...)
-__bio_h__attr__((__format__(__printf__, 2, 3)));
+ossl_bio__attr__((__format__(ossl_bio__printf__, 2, 3)));
 int BIO_vprintf(BIO *bio, const char *format, va_list args)
-__bio_h__attr__((__format__(__printf__, 2, 0)));
+ossl_bio__attr__((__format__(ossl_bio__printf__, 2, 0)));
 int BIO_snprintf(char *buf, size_t n, const char *format, ...)
-__bio_h__attr__((__format__(__printf__, 3, 4)));
+ossl_bio__attr__((__format__(ossl_bio__printf__, 3, 4)));
 int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
-__bio_h__attr__((__format__(__printf__, 3, 0)));
-# undef __bio_h__attr__
-
-/* BEGIN ERROR CODES */
-/*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_BIO_strings(void);
-
-/* Error codes for the BIO functions. */
-
-/* Function codes. */
-# define BIO_F_ACPT_STATE                                 100
-# define BIO_F_BIO_ACCEPT                                 101
-# define BIO_F_BIO_BER_GET_HEADER                         102
-# define BIO_F_BIO_CALLBACK_CTRL                          131
-# define BIO_F_BIO_CTRL                                   103
-# define BIO_F_BIO_GETHOSTBYNAME                          120
-# define BIO_F_BIO_GETS                                   104
-# define BIO_F_BIO_GET_ACCEPT_SOCKET                      105
-# define BIO_F_BIO_GET_HOST_IP                            106
-# define BIO_F_BIO_GET_PORT                               107
-# define BIO_F_BIO_MAKE_PAIR                              121
-# define BIO_F_BIO_NEW                                    108
-# define BIO_F_BIO_NEW_FILE                               109
-# define BIO_F_BIO_NEW_MEM_BUF                            126
-# define BIO_F_BIO_NREAD                                  123
-# define BIO_F_BIO_NREAD0                                 124
-# define BIO_F_BIO_NWRITE                                 125
-# define BIO_F_BIO_NWRITE0                                122
-# define BIO_F_BIO_PUTS                                   110
-# define BIO_F_BIO_READ                                   111
-# define BIO_F_BIO_SOCK_INIT                              112
-# define BIO_F_BIO_WRITE                                  113
-# define BIO_F_BUFFER_CTRL                                114
-# define BIO_F_CONN_CTRL                                  127
-# define BIO_F_CONN_STATE                                 115
-# define BIO_F_DGRAM_SCTP_READ                            132
-# define BIO_F_DGRAM_SCTP_WRITE                           133
-# define BIO_F_FILE_CTRL                                  116
-# define BIO_F_FILE_READ                                  130
-# define BIO_F_LINEBUFFER_CTRL                            129
-# define BIO_F_MEM_READ                                   128
-# define BIO_F_MEM_WRITE                                  117
-# define BIO_F_SSL_NEW                                    118
-# define BIO_F_WSASTARTUP                                 119
-
-/* Reason codes. */
-# define BIO_R_ACCEPT_ERROR                               100
-# define BIO_R_BAD_FOPEN_MODE                             101
-# define BIO_R_BAD_HOSTNAME_LOOKUP                        102
-# define BIO_R_BROKEN_PIPE                                124
-# define BIO_R_CONNECT_ERROR                              103
-# define BIO_R_EOF_ON_MEMORY_BIO                          127
-# define BIO_R_ERROR_SETTING_NBIO                         104
-# define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET      105
-# define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET        106
-# define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET          107
-# define BIO_R_INVALID_ARGUMENT                           125
-# define BIO_R_INVALID_IP_ADDRESS                         108
-# define BIO_R_IN_USE                                     123
-# define BIO_R_KEEPALIVE                                  109
-# define BIO_R_NBIO_CONNECT_ERROR                         110
-# define BIO_R_NO_ACCEPT_PORT_SPECIFIED                   111
-# define BIO_R_NO_HOSTNAME_SPECIFIED                      112
-# define BIO_R_NO_PORT_DEFINED                            113
-# define BIO_R_NO_PORT_SPECIFIED                          114
-# define BIO_R_NO_SUCH_FILE                               128
-# define BIO_R_NULL_PARAMETER                             115
-# define BIO_R_TAG_MISMATCH                               116
-# define BIO_R_UNABLE_TO_BIND_SOCKET                      117
-# define BIO_R_UNABLE_TO_CREATE_SOCKET                    118
-# define BIO_R_UNABLE_TO_LISTEN_SOCKET                    119
-# define BIO_R_UNINITIALIZED                              120
-# define BIO_R_UNSUPPORTED_METHOD                         121
-# define BIO_R_WRITE_TO_READ_ONLY_BIO                     126
-# define BIO_R_WSASTARTUP                                 122
-
-#ifdef  __cplusplus
+ossl_bio__attr__((__format__(ossl_bio__printf__, 3, 0)));
+# undef ossl_bio__attr__
+# undef ossl_bio__printf__
+
+
+BIO_METHOD *BIO_meth_new(int type, const char *name);
+void BIO_meth_free(BIO_METHOD *biom);
+int (*BIO_meth_get_write(const BIO_METHOD *biom)) (BIO *, const char *, int);
+int (*BIO_meth_get_write_ex(const BIO_METHOD *biom)) (BIO *, const char *, size_t,
+                                                size_t *);
+int BIO_meth_set_write(BIO_METHOD *biom,
+                       int (*write) (BIO *, const char *, int));
+int BIO_meth_set_write_ex(BIO_METHOD *biom,
+                       int (*bwrite) (BIO *, const char *, size_t, size_t *));
+int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int);
+int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *);
+int BIO_meth_set_read(BIO_METHOD *biom,
+                      int (*read) (BIO *, char *, int));
+int BIO_meth_set_read_ex(BIO_METHOD *biom,
+                         int (*bread) (BIO *, char *, size_t, size_t *));
+int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *);
+int BIO_meth_set_puts(BIO_METHOD *biom,
+                      int (*puts) (BIO *, const char *));
+int (*BIO_meth_get_gets(const BIO_METHOD *biom)) (BIO *, char *, int);
+int BIO_meth_set_gets(BIO_METHOD *biom,
+                      int (*gets) (BIO *, char *, int));
+long (*BIO_meth_get_ctrl(const BIO_METHOD *biom)) (BIO *, int, long, void *);
+int BIO_meth_set_ctrl(BIO_METHOD *biom,
+                      long (*ctrl) (BIO *, int, long, void *));
+int (*BIO_meth_get_create(const BIO_METHOD *bion)) (BIO *);
+int BIO_meth_set_create(BIO_METHOD *biom, int (*create) (BIO *));
+int (*BIO_meth_get_destroy(const BIO_METHOD *biom)) (BIO *);
+int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *));
+long (*BIO_meth_get_callback_ctrl(const BIO_METHOD *biom))
+                                 (BIO *, int, BIO_info_cb *);
+int BIO_meth_set_callback_ctrl(BIO_METHOD *biom,
+                               long (*callback_ctrl) (BIO *, int,
+                                                      BIO_info_cb *));
+
+# ifdef  __cplusplus
 }
-#endif
+# endif
 #endif
diff --git a/freebsd/crypto/openssl/include/openssl/bioerr.h b/freebsd/crypto/openssl/include/openssl/bioerr.h
new file mode 100644
index 00000000..f119a59c
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/bioerr.h
@@ -0,0 +1,120 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_BIOERR_H
+# define HEADER_BIOERR_H
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_BIO_strings(void);
+
+/*
+ * BIO function codes.
+ */
+# define BIO_F_ACPT_STATE                                 100
+# define BIO_F_ADDRINFO_WRAP                              148
+# define BIO_F_ADDR_STRINGS                               134
+# define BIO_F_BIO_ACCEPT                                 101
+# define BIO_F_BIO_ACCEPT_EX                              137
+# define BIO_F_BIO_ACCEPT_NEW                             152
+# define BIO_F_BIO_ADDR_NEW                               144
+# define BIO_F_BIO_BIND                                   147
+# define BIO_F_BIO_CALLBACK_CTRL                          131
+# define BIO_F_BIO_CONNECT                                138
+# define BIO_F_BIO_CONNECT_NEW                            153
+# define BIO_F_BIO_CTRL                                   103
+# define BIO_F_BIO_GETS                                   104
+# define BIO_F_BIO_GET_HOST_IP                            106
+# define BIO_F_BIO_GET_NEW_INDEX                          102
+# define BIO_F_BIO_GET_PORT                               107
+# define BIO_F_BIO_LISTEN                                 139
+# define BIO_F_BIO_LOOKUP                                 135
+# define BIO_F_BIO_LOOKUP_EX                              143
+# define BIO_F_BIO_MAKE_PAIR                              121
+# define BIO_F_BIO_METH_NEW                               146
+# define BIO_F_BIO_NEW                                    108
+# define BIO_F_BIO_NEW_DGRAM_SCTP                         145
+# define BIO_F_BIO_NEW_FILE                               109
+# define BIO_F_BIO_NEW_MEM_BUF                            126
+# define BIO_F_BIO_NREAD                                  123
+# define BIO_F_BIO_NREAD0                                 124
+# define BIO_F_BIO_NWRITE                                 125
+# define BIO_F_BIO_NWRITE0                                122
+# define BIO_F_BIO_PARSE_HOSTSERV                         136
+# define BIO_F_BIO_PUTS                                   110
+# define BIO_F_BIO_READ                                   111
+# define BIO_F_BIO_READ_EX                                105
+# define BIO_F_BIO_READ_INTERN                            120
+# define BIO_F_BIO_SOCKET                                 140
+# define BIO_F_BIO_SOCKET_NBIO                            142
+# define BIO_F_BIO_SOCK_INFO                              141
+# define BIO_F_BIO_SOCK_INIT                              112
+# define BIO_F_BIO_WRITE                                  113
+# define BIO_F_BIO_WRITE_EX                               119
+# define BIO_F_BIO_WRITE_INTERN                           128
+# define BIO_F_BUFFER_CTRL                                114
+# define BIO_F_CONN_CTRL                                  127
+# define BIO_F_CONN_STATE                                 115
+# define BIO_F_DGRAM_SCTP_NEW                             149
+# define BIO_F_DGRAM_SCTP_READ                            132
+# define BIO_F_DGRAM_SCTP_WRITE                           133
+# define BIO_F_DOAPR_OUTCH                                150
+# define BIO_F_FILE_CTRL                                  116
+# define BIO_F_FILE_READ                                  130
+# define BIO_F_LINEBUFFER_CTRL                            129
+# define BIO_F_LINEBUFFER_NEW                             151
+# define BIO_F_MEM_WRITE                                  117
+# define BIO_F_NBIOF_NEW                                  154
+# define BIO_F_SLG_WRITE                                  155
+# define BIO_F_SSL_NEW                                    118
+
+/*
+ * BIO reason codes.
+ */
+# define BIO_R_ACCEPT_ERROR                               100
+# define BIO_R_ADDRINFO_ADDR_IS_NOT_AF_INET               141
+# define BIO_R_AMBIGUOUS_HOST_OR_SERVICE                  129
+# define BIO_R_BAD_FOPEN_MODE                             101
+# define BIO_R_BROKEN_PIPE                                124
+# define BIO_R_CONNECT_ERROR                              103
+# define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET          107
+# define BIO_R_GETSOCKNAME_ERROR                          132
+# define BIO_R_GETSOCKNAME_TRUNCATED_ADDRESS              133
+# define BIO_R_GETTING_SOCKTYPE                           134
+# define BIO_R_INVALID_ARGUMENT                           125
+# define BIO_R_INVALID_SOCKET                             135
+# define BIO_R_IN_USE                                     123
+# define BIO_R_LENGTH_TOO_LONG                            102
+# define BIO_R_LISTEN_V6_ONLY                             136
+# define BIO_R_LOOKUP_RETURNED_NOTHING                    142
+# define BIO_R_MALFORMED_HOST_OR_SERVICE                  130
+# define BIO_R_NBIO_CONNECT_ERROR                         110
+# define BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED        143
+# define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED           144
+# define BIO_R_NO_PORT_DEFINED                            113
+# define BIO_R_NO_SUCH_FILE                               128
+# define BIO_R_NULL_PARAMETER                             115
+# define BIO_R_UNABLE_TO_BIND_SOCKET                      117
+# define BIO_R_UNABLE_TO_CREATE_SOCKET                    118
+# define BIO_R_UNABLE_TO_KEEPALIVE                        137
+# define BIO_R_UNABLE_TO_LISTEN_SOCKET                    119
+# define BIO_R_UNABLE_TO_NODELAY                          138
+# define BIO_R_UNABLE_TO_REUSEADDR                        139
+# define BIO_R_UNAVAILABLE_IP_FAMILY                      145
+# define BIO_R_UNINITIALIZED                              120
+# define BIO_R_UNKNOWN_INFO_TYPE                          140
+# define BIO_R_UNSUPPORTED_IP_FAMILY                      146
+# define BIO_R_UNSUPPORTED_METHOD                         121
+# define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY                131
+# define BIO_R_WRITE_TO_READ_ONLY_BIO                     126
+# define BIO_R_WSASTARTUP                                 122
+
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/blowfish.h b/freebsd/crypto/openssl/include/openssl/blowfish.h
new file mode 100644
index 00000000..cd3e460e
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/blowfish.h
@@ -0,0 +1,61 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_BLOWFISH_H
+# define HEADER_BLOWFISH_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_BF
+# include <openssl/e_os2.h>
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+# define BF_ENCRYPT      1
+# define BF_DECRYPT      0
+
+/*-
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * ! BF_LONG has to be at least 32 bits wide.                     !
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ */
+# define BF_LONG unsigned int
+
+# define BF_ROUNDS       16
+# define BF_BLOCK        8
+
+typedef struct bf_key_st {
+    BF_LONG P[BF_ROUNDS + 2];
+    BF_LONG S[4 * 256];
+} BF_KEY;
+
+void BF_set_key(BF_KEY *key, int len, const unsigned char *data);
+
+void BF_encrypt(BF_LONG *data, const BF_KEY *key);
+void BF_decrypt(BF_LONG *data, const BF_KEY *key);
+
+void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                    const BF_KEY *key, int enc);
+void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+                    const BF_KEY *schedule, unsigned char *ivec, int enc);
+void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                      long length, const BF_KEY *schedule,
+                      unsigned char *ivec, int *num, int enc);
+void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                      long length, const BF_KEY *schedule,
+                      unsigned char *ivec, int *num);
+const char *BF_options(void);
+
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/bn.h b/freebsd/crypto/openssl/include/openssl/bn.h
new file mode 100644
index 00000000..8af05d00
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/bn.h
@@ -0,0 +1,539 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_BN_H
+# define HEADER_BN_H
+
+# include <openssl/e_os2.h>
+# ifndef OPENSSL_NO_STDIO
+#  include <stdio.h>
+# endif
+# include <openssl/opensslconf.h>
+# include <openssl/ossl_typ.h>
+# include <openssl/crypto.h>
+# include <openssl/bnerr.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/*
+ * 64-bit processor with LP64 ABI
+ */
+# ifdef SIXTY_FOUR_BIT_LONG
+#  define BN_ULONG        unsigned long
+#  define BN_BYTES        8
+# endif
+
+/*
+ * 64-bit processor other than LP64 ABI
+ */
+# ifdef SIXTY_FOUR_BIT
+#  define BN_ULONG        unsigned long long
+#  define BN_BYTES        8
+# endif
+
+# ifdef THIRTY_TWO_BIT
+#  define BN_ULONG        unsigned int
+#  define BN_BYTES        4
+# endif
+
+# define BN_BITS2       (BN_BYTES * 8)
+# define BN_BITS        (BN_BITS2 * 2)
+# define BN_TBIT        ((BN_ULONG)1 << (BN_BITS2 - 1))
+
+# define BN_FLG_MALLOCED         0x01
+# define BN_FLG_STATIC_DATA      0x02
+
+/*
+ * avoid leaking exponent information through timing,
+ * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime,
+ * BN_div() will call BN_div_no_branch,
+ * BN_mod_inverse() will call BN_mod_inverse_no_branch.
+ */
+# define BN_FLG_CONSTTIME        0x04
+# define BN_FLG_SECURE           0x08
+
+# if OPENSSL_API_COMPAT < 0x00908000L
+/* deprecated name for the flag */
+#  define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME
+#  define BN_FLG_FREE            0x8000 /* used for debugging */
+# endif
+
+void BN_set_flags(BIGNUM *b, int n);
+int BN_get_flags(const BIGNUM *b, int n);
+
+/* Values for |top| in BN_rand() */
+#define BN_RAND_TOP_ANY    -1
+#define BN_RAND_TOP_ONE     0
+#define BN_RAND_TOP_TWO     1
+
+/* Values for |bottom| in BN_rand() */
+#define BN_RAND_BOTTOM_ANY  0
+#define BN_RAND_BOTTOM_ODD  1
+
+/*
+ * get a clone of a BIGNUM with changed flags, for *temporary* use only (the
+ * two BIGNUMs cannot be used in parallel!). Also only for *read only* use. The
+ * value |dest| should be a newly allocated BIGNUM obtained via BN_new() that
+ * has not been otherwise initialised or used.
+ */
+void BN_with_flags(BIGNUM *dest, const BIGNUM *b, int flags);
+
+/* Wrapper function to make using BN_GENCB easier */
+int BN_GENCB_call(BN_GENCB *cb, int a, int b);
+
+BN_GENCB *BN_GENCB_new(void);
+void BN_GENCB_free(BN_GENCB *cb);
+
+/* Populate a BN_GENCB structure with an "old"-style callback */
+void BN_GENCB_set_old(BN_GENCB *gencb, void (*callback) (int, int, void *),
+                      void *cb_arg);
+
+/* Populate a BN_GENCB structure with a "new"-style callback */
+void BN_GENCB_set(BN_GENCB *gencb, int (*callback) (int, int, BN_GENCB *),
+                  void *cb_arg);
+
+void *BN_GENCB_get_arg(BN_GENCB *cb);
+
+# define BN_prime_checks 0      /* default: select number of iterations based
+                                 * on the size of the number */
+
+/*
+ * BN_prime_checks_for_size() returns the number of Miller-Rabin iterations
+ * that will be done for checking that a random number is probably prime. The
+ * error rate for accepting a composite number as prime depends on the size of
+ * the prime |b|. The error rates used are for calculating an RSA key with 2 primes,
+ * and so the level is what you would expect for a key of double the size of the
+ * prime.
+ *
+ * This table is generated using the algorithm of FIPS PUB 186-4
+ * Digital Signature Standard (DSS), section F.1, page 117.
+ * (https://dx.doi.org/10.6028/NIST.FIPS.186-4)
+ *
+ * The following magma script was used to generate the output:
+ * securitybits:=125;
+ * k:=1024;
+ * for t:=1 to 65 do
+ *   for M:=3 to Floor(2*Sqrt(k-1)-1) do
+ *     S:=0;
+ *     // Sum over m
+ *     for m:=3 to M do
+ *       s:=0;
+ *       // Sum over j
+ *       for j:=2 to m do
+ *         s+:=(RealField(32)!2)^-(j+(k-1)/j);
+ *       end for;
+ *       S+:=2^(m-(m-1)*t)*s;
+ *     end for;
+ *     A:=2^(k-2-M*t);
+ *     B:=8*(Pi(RealField(32))^2-6)/3*2^(k-2)*S;
+ *     pkt:=2.00743*Log(2)*k*2^-k*(A+B);
+ *     seclevel:=Floor(-Log(2,pkt));
+ *     if seclevel ge securitybits then
+ *       printf "k: %5o, security: %o bits  (t: %o, M: %o)\n",k,seclevel,t,M;
+ *       break;
+ *     end if;
+ *   end for;
+ *   if seclevel ge securitybits then break; end if;
+ * end for;
+ *
+ * It can be run online at:
+ * http://magma.maths.usyd.edu.au/calc
+ *
+ * And will output:
+ * k:  1024, security: 129 bits  (t: 6, M: 23)
+ *
+ * k is the number of bits of the prime, securitybits is the level we want to
+ * reach.
+ *
+ * prime length | RSA key size | # MR tests | security level
+ * -------------+--------------|------------+---------------
+ *  (b) >= 6394 |     >= 12788 |          3 |        256 bit
+ *  (b) >= 3747 |     >=  7494 |          3 |        192 bit
+ *  (b) >= 1345 |     >=  2690 |          4 |        128 bit
+ *  (b) >= 1080 |     >=  2160 |          5 |        128 bit
+ *  (b) >=  852 |     >=  1704 |          5 |        112 bit
+ *  (b) >=  476 |     >=   952 |          5 |         80 bit
+ *  (b) >=  400 |     >=   800 |          6 |         80 bit
+ *  (b) >=  347 |     >=   694 |          7 |         80 bit
+ *  (b) >=  308 |     >=   616 |          8 |         80 bit
+ *  (b) >=   55 |     >=   110 |         27 |         64 bit
+ *  (b) >=    6 |     >=    12 |         34 |         64 bit
+ */
+
+# define BN_prime_checks_for_size(b) ((b) >= 3747 ?  3 : \
+                                (b) >=  1345 ?  4 : \
+                                (b) >=  476 ?  5 : \
+                                (b) >=  400 ?  6 : \
+                                (b) >=  347 ?  7 : \
+                                (b) >=  308 ?  8 : \
+                                (b) >=  55  ? 27 : \
+                                /* b >= 6 */ 34)
+
+# define BN_num_bytes(a) ((BN_num_bits(a)+7)/8)
+
+int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w);
+int BN_is_zero(const BIGNUM *a);
+int BN_is_one(const BIGNUM *a);
+int BN_is_word(const BIGNUM *a, const BN_ULONG w);
+int BN_is_odd(const BIGNUM *a);
+
+# define BN_one(a)       (BN_set_word((a),1))
+
+void BN_zero_ex(BIGNUM *a);
+
+# if OPENSSL_API_COMPAT >= 0x00908000L
+#  define BN_zero(a)      BN_zero_ex(a)
+# else
+#  define BN_zero(a)      (BN_set_word((a),0))
+# endif
+
+const BIGNUM *BN_value_one(void);
+char *BN_options(void);
+BN_CTX *BN_CTX_new(void);
+BN_CTX *BN_CTX_secure_new(void);
+void BN_CTX_free(BN_CTX *c);
+void BN_CTX_start(BN_CTX *ctx);
+BIGNUM *BN_CTX_get(BN_CTX *ctx);
+void BN_CTX_end(BN_CTX *ctx);
+int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
+int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom);
+int BN_rand_range(BIGNUM *rnd, const BIGNUM *range);
+int BN_priv_rand_range(BIGNUM *rnd, const BIGNUM *range);
+int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
+int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range);
+int BN_num_bits(const BIGNUM *a);
+int BN_num_bits_word(BN_ULONG l);
+int BN_security_bits(int L, int N);
+BIGNUM *BN_new(void);
+BIGNUM *BN_secure_new(void);
+void BN_clear_free(BIGNUM *a);
+BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
+void BN_swap(BIGNUM *a, BIGNUM *b);
+BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
+int BN_bn2bin(const BIGNUM *a, unsigned char *to);
+int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen);
+BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
+int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen);
+BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret);
+int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
+int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx);
+/** BN_set_negative sets sign of a BIGNUM
+ * \param  b  pointer to the BIGNUM object
+ * \param  n  0 if the BIGNUM b should be positive and a value != 0 otherwise
+ */
+void BN_set_negative(BIGNUM *b, int n);
+/** BN_is_negative returns 1 if the BIGNUM is negative
+ * \param  b  pointer to the BIGNUM object
+ * \return 1 if a < 0 and 0 otherwise
+ */
+int BN_is_negative(const BIGNUM *b);
+
+int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
+           BN_CTX *ctx);
+# define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx))
+int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx);
+int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
+               BN_CTX *ctx);
+int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                     const BIGNUM *m);
+int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
+               BN_CTX *ctx);
+int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                     const BIGNUM *m);
+int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
+               BN_CTX *ctx);
+int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m);
+int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m,
+                  BN_CTX *ctx);
+int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m);
+
+BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w);
+BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w);
+int BN_mul_word(BIGNUM *a, BN_ULONG w);
+int BN_add_word(BIGNUM *a, BN_ULONG w);
+int BN_sub_word(BIGNUM *a, BN_ULONG w);
+int BN_set_word(BIGNUM *a, BN_ULONG w);
+BN_ULONG BN_get_word(const BIGNUM *a);
+
+int BN_cmp(const BIGNUM *a, const BIGNUM *b);
+void BN_free(BIGNUM *a);
+int BN_is_bit_set(const BIGNUM *a, int n);
+int BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
+int BN_lshift1(BIGNUM *r, const BIGNUM *a);
+int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+
+int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+               const BIGNUM *m, BN_CTX *ctx);
+int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+                              const BIGNUM *m, BN_CTX *ctx,
+                              BN_MONT_CTX *in_mont);
+int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p,
+                         const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1,
+                     const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m,
+                     BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                      const BIGNUM *m, BN_CTX *ctx);
+
+int BN_mask_bits(BIGNUM *a, int n);
+# ifndef OPENSSL_NO_STDIO
+int BN_print_fp(FILE *fp, const BIGNUM *a);
+# endif
+int BN_print(BIO *bio, const BIGNUM *a);
+int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx);
+int BN_rshift(BIGNUM *r, const BIGNUM *a, int n);
+int BN_rshift1(BIGNUM *r, const BIGNUM *a);
+void BN_clear(BIGNUM *a);
+BIGNUM *BN_dup(const BIGNUM *a);
+int BN_ucmp(const BIGNUM *a, const BIGNUM *b);
+int BN_set_bit(BIGNUM *a, int n);
+int BN_clear_bit(BIGNUM *a, int n);
+char *BN_bn2hex(const BIGNUM *a);
+char *BN_bn2dec(const BIGNUM *a);
+int BN_hex2bn(BIGNUM **a, const char *str);
+int BN_dec2bn(BIGNUM **a, const char *str);
+int BN_asc2bn(BIGNUM **a, const char *str);
+int BN_gcd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); /* returns
+                                                                  * -2 for
+                                                                  * error */
+BIGNUM *BN_mod_inverse(BIGNUM *ret,
+                       const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx);
+BIGNUM *BN_mod_sqrt(BIGNUM *ret,
+                    const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx);
+
+void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords);
+
+/* Deprecated versions */
+DEPRECATEDIN_0_9_8(BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
+                                             const BIGNUM *add,
+                                             const BIGNUM *rem,
+                                             void (*callback) (int, int,
+                                                               void *),
+                                             void *cb_arg))
+DEPRECATEDIN_0_9_8(int
+                   BN_is_prime(const BIGNUM *p, int nchecks,
+                               void (*callback) (int, int, void *),
+                               BN_CTX *ctx, void *cb_arg))
+DEPRECATEDIN_0_9_8(int
+                   BN_is_prime_fasttest(const BIGNUM *p, int nchecks,
+                                        void (*callback) (int, int, void *),
+                                        BN_CTX *ctx, void *cb_arg,
+                                        int do_trial_division))
+
+/* Newer versions */
+int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add,
+                         const BIGNUM *rem, BN_GENCB *cb);
+int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb);
+int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx,
+                            int do_trial_division, BN_GENCB *cb);
+
+int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx);
+
+int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
+                            const BIGNUM *Xp, const BIGNUM *Xp1,
+                            const BIGNUM *Xp2, const BIGNUM *e, BN_CTX *ctx,
+                            BN_GENCB *cb);
+int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, BIGNUM *Xp1,
+                              BIGNUM *Xp2, const BIGNUM *Xp, const BIGNUM *e,
+                              BN_CTX *ctx, BN_GENCB *cb);
+
+BN_MONT_CTX *BN_MONT_CTX_new(void);
+int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                          BN_MONT_CTX *mont, BN_CTX *ctx);
+int BN_to_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
+                     BN_CTX *ctx);
+int BN_from_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
+                       BN_CTX *ctx);
+void BN_MONT_CTX_free(BN_MONT_CTX *mont);
+int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx);
+BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from);
+BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_RWLOCK *lock,
+                                    const BIGNUM *mod, BN_CTX *ctx);
+
+/* BN_BLINDING flags */
+# define BN_BLINDING_NO_UPDATE   0x00000001
+# define BN_BLINDING_NO_RECREATE 0x00000002
+
+BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod);
+void BN_BLINDING_free(BN_BLINDING *b);
+int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx);
+int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
+int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
+int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *);
+int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b,
+                          BN_CTX *);
+
+int BN_BLINDING_is_current_thread(BN_BLINDING *b);
+void BN_BLINDING_set_current_thread(BN_BLINDING *b);
+int BN_BLINDING_lock(BN_BLINDING *b);
+int BN_BLINDING_unlock(BN_BLINDING *b);
+
+unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
+void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
+BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
+                                      const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
+                                      int (*bn_mod_exp) (BIGNUM *r,
+                                                         const BIGNUM *a,
+                                                         const BIGNUM *p,
+                                                         const BIGNUM *m,
+                                                         BN_CTX *ctx,
+                                                         BN_MONT_CTX *m_ctx),
+                                      BN_MONT_CTX *m_ctx);
+
+DEPRECATEDIN_0_9_8(void BN_set_params(int mul, int high, int low, int mont))
+DEPRECATEDIN_0_9_8(int BN_get_params(int which)) /* 0, mul, 1 high, 2 low, 3
+                                                  * mont */
+
+BN_RECP_CTX *BN_RECP_CTX_new(void);
+void BN_RECP_CTX_free(BN_RECP_CTX *recp);
+int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *rdiv, BN_CTX *ctx);
+int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
+                          BN_RECP_CTX *recp, BN_CTX *ctx);
+int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                    const BIGNUM *m, BN_CTX *ctx);
+int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
+                BN_RECP_CTX *recp, BN_CTX *ctx);
+
+# ifndef OPENSSL_NO_EC2M
+
+/*
+ * Functions for arithmetic over binary polynomials represented by BIGNUMs.
+ * The BIGNUM::neg property of BIGNUMs representing binary polynomials is
+ * ignored. Note that input arguments are not const so that their bit arrays
+ * can be expanded to the appropriate size if needed.
+ */
+
+/*
+ * r = a + b
+ */
+int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+#  define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b)
+/*
+ * r=a mod p
+ */
+int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p);
+/* r = (a * b) mod p */
+int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                    const BIGNUM *p, BN_CTX *ctx);
+/* r = (a * a) mod p */
+int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+/* r = (1 / b) mod p */
+int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx);
+/* r = (a / b) mod p */
+int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                    const BIGNUM *p, BN_CTX *ctx);
+/* r = (a ^ b) mod p */
+int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                    const BIGNUM *p, BN_CTX *ctx);
+/* r = sqrt(a) mod p */
+int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                     BN_CTX *ctx);
+/* r^2 + r = a mod p */
+int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                           BN_CTX *ctx);
+#  define BN_GF2m_cmp(a, b) BN_ucmp((a), (b))
+/*-
+ * Some functions allow for representation of the irreducible polynomials
+ * as an unsigned int[], say p.  The irreducible f(t) is then of the form:
+ *     t^p[0] + t^p[1] + ... + t^p[k]
+ * where m = p[0] > p[1] > ... > p[k] = 0.
+ */
+/* r = a mod p */
+int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]);
+/* r = (a * b) mod p */
+int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                        const int p[], BN_CTX *ctx);
+/* r = (a * a) mod p */
+int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[],
+                        BN_CTX *ctx);
+/* r = (1 / b) mod p */
+int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const int p[],
+                        BN_CTX *ctx);
+/* r = (a / b) mod p */
+int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                        const int p[], BN_CTX *ctx);
+/* r = (a ^ b) mod p */
+int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                        const int p[], BN_CTX *ctx);
+/* r = sqrt(a) mod p */
+int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a,
+                         const int p[], BN_CTX *ctx);
+/* r^2 + r = a mod p */
+int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a,
+                               const int p[], BN_CTX *ctx);
+int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max);
+int BN_GF2m_arr2poly(const int p[], BIGNUM *a);
+
+# endif
+
+/*
+ * faster mod functions for the 'NIST primes' 0 <= a < p^2
+ */
+int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+
+const BIGNUM *BN_get0_nist_prime_192(void);
+const BIGNUM *BN_get0_nist_prime_224(void);
+const BIGNUM *BN_get0_nist_prime_256(void);
+const BIGNUM *BN_get0_nist_prime_384(void);
+const BIGNUM *BN_get0_nist_prime_521(void);
+
+int (*BN_nist_mod_func(const BIGNUM *p)) (BIGNUM *r, const BIGNUM *a,
+                                          const BIGNUM *field, BN_CTX *ctx);
+
+int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range,
+                          const BIGNUM *priv, const unsigned char *message,
+                          size_t message_len, BN_CTX *ctx);
+
+/* Primes from RFC 2409 */
+BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn);
+BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn);
+
+/* Primes from RFC 3526 */
+BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn);
+BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn);
+BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn);
+BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn);
+BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn);
+BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn);
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define get_rfc2409_prime_768 BN_get_rfc2409_prime_768
+#  define get_rfc2409_prime_1024 BN_get_rfc2409_prime_1024
+#  define get_rfc3526_prime_1536 BN_get_rfc3526_prime_1536
+#  define get_rfc3526_prime_2048 BN_get_rfc3526_prime_2048
+#  define get_rfc3526_prime_3072 BN_get_rfc3526_prime_3072
+#  define get_rfc3526_prime_4096 BN_get_rfc3526_prime_4096
+#  define get_rfc3526_prime_6144 BN_get_rfc3526_prime_6144
+#  define get_rfc3526_prime_8192 BN_get_rfc3526_prime_8192
+# endif
+
+int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom);
+
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/bnerr.h b/freebsd/crypto/openssl/include/openssl/bnerr.h
new file mode 100644
index 00000000..8a022cc0
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/bnerr.h
@@ -0,0 +1,96 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_BNERR_H
+# define HEADER_BNERR_H
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_BN_strings(void);
+
+/*
+ * BN function codes.
+ */
+# define BN_F_BNRAND                                      127
+# define BN_F_BNRAND_RANGE                                138
+# define BN_F_BN_BLINDING_CONVERT_EX                      100
+# define BN_F_BN_BLINDING_CREATE_PARAM                    128
+# define BN_F_BN_BLINDING_INVERT_EX                       101
+# define BN_F_BN_BLINDING_NEW                             102
+# define BN_F_BN_BLINDING_UPDATE                          103
+# define BN_F_BN_BN2DEC                                   104
+# define BN_F_BN_BN2HEX                                   105
+# define BN_F_BN_COMPUTE_WNAF                             142
+# define BN_F_BN_CTX_GET                                  116
+# define BN_F_BN_CTX_NEW                                  106
+# define BN_F_BN_CTX_START                                129
+# define BN_F_BN_DIV                                      107
+# define BN_F_BN_DIV_RECP                                 130
+# define BN_F_BN_EXP                                      123
+# define BN_F_BN_EXPAND_INTERNAL                          120
+# define BN_F_BN_GENCB_NEW                                143
+# define BN_F_BN_GENERATE_DSA_NONCE                       140
+# define BN_F_BN_GENERATE_PRIME_EX                        141
+# define BN_F_BN_GF2M_MOD                                 131
+# define BN_F_BN_GF2M_MOD_EXP                             132
+# define BN_F_BN_GF2M_MOD_MUL                             133
+# define BN_F_BN_GF2M_MOD_SOLVE_QUAD                      134
+# define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR                  135
+# define BN_F_BN_GF2M_MOD_SQR                             136
+# define BN_F_BN_GF2M_MOD_SQRT                            137
+# define BN_F_BN_LSHIFT                                   145
+# define BN_F_BN_MOD_EXP2_MONT                            118
+# define BN_F_BN_MOD_EXP_MONT                             109
+# define BN_F_BN_MOD_EXP_MONT_CONSTTIME                   124
+# define BN_F_BN_MOD_EXP_MONT_WORD                        117
+# define BN_F_BN_MOD_EXP_RECP                             125
+# define BN_F_BN_MOD_EXP_SIMPLE                           126
+# define BN_F_BN_MOD_INVERSE                              110
+# define BN_F_BN_MOD_INVERSE_NO_BRANCH                    139
+# define BN_F_BN_MOD_LSHIFT_QUICK                         119
+# define BN_F_BN_MOD_SQRT                                 121
+# define BN_F_BN_MONT_CTX_NEW                             149
+# define BN_F_BN_MPI2BN                                   112
+# define BN_F_BN_NEW                                      113
+# define BN_F_BN_POOL_GET                                 147
+# define BN_F_BN_RAND                                     114
+# define BN_F_BN_RAND_RANGE                               122
+# define BN_F_BN_RECP_CTX_NEW                             150
+# define BN_F_BN_RSHIFT                                   146
+# define BN_F_BN_SET_WORDS                                144
+# define BN_F_BN_STACK_PUSH                               148
+# define BN_F_BN_USUB                                     115
+
+/*
+ * BN reason codes.
+ */
+# define BN_R_ARG2_LT_ARG3                                100
+# define BN_R_BAD_RECIPROCAL                              101
+# define BN_R_BIGNUM_TOO_LONG                             114
+# define BN_R_BITS_TOO_SMALL                              118
+# define BN_R_CALLED_WITH_EVEN_MODULUS                    102
+# define BN_R_DIV_BY_ZERO                                 103
+# define BN_R_ENCODING_ERROR                              104
+# define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA                105
+# define BN_R_INPUT_NOT_REDUCED                           110
+# define BN_R_INVALID_LENGTH                              106
+# define BN_R_INVALID_RANGE                               115
+# define BN_R_INVALID_SHIFT                               119
+# define BN_R_NOT_A_SQUARE                                111
+# define BN_R_NOT_INITIALIZED                             107
+# define BN_R_NO_INVERSE                                  108
+# define BN_R_NO_SOLUTION                                 116
+# define BN_R_PRIVATE_KEY_TOO_LARGE                       117
+# define BN_R_P_IS_NOT_PRIME                              112
+# define BN_R_TOO_MANY_ITERATIONS                         113
+# define BN_R_TOO_MANY_TEMPORARY_VARIABLES                109
+
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/buffer.h b/freebsd/crypto/openssl/include/openssl/buffer.h
new file mode 100644
index 00000000..d2765766
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/buffer.h
@@ -0,0 +1,58 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_BUFFER_H
+# define HEADER_BUFFER_H
+
+# include <openssl/ossl_typ.h>
+# ifndef HEADER_CRYPTO_H
+#  include <openssl/crypto.h>
+# endif
+# include <openssl/buffererr.h>
+
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# include <stddef.h>
+# include <sys/types.h>
+
+/*
+ * These names are outdated as of OpenSSL 1.1; a future release
+ * will move them to be deprecated.
+ */
+# define BUF_strdup(s) OPENSSL_strdup(s)
+# define BUF_strndup(s, size) OPENSSL_strndup(s, size)
+# define BUF_memdup(data, size) OPENSSL_memdup(data, size)
+# define BUF_strlcpy(dst, src, size)  OPENSSL_strlcpy(dst, src, size)
+# define BUF_strlcat(dst, src, size) OPENSSL_strlcat(dst, src, size)
+# define BUF_strnlen(str, maxlen) OPENSSL_strnlen(str, maxlen)
+
+struct buf_mem_st {
+    size_t length;              /* current number of bytes */
+    char *data;
+    size_t max;                 /* size of buffer */
+    unsigned long flags;
+};
+
+# define BUF_MEM_FLAG_SECURE  0x01
+
+BUF_MEM *BUF_MEM_new(void);
+BUF_MEM *BUF_MEM_new_ex(unsigned long flags);
+void BUF_MEM_free(BUF_MEM *a);
+size_t BUF_MEM_grow(BUF_MEM *str, size_t len);
+size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len);
+void BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz);
+
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/buffererr.h b/freebsd/crypto/openssl/include/openssl/buffererr.h
new file mode 100644
index 00000000..3aee1323
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/buffererr.h
@@ -0,0 +1,30 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_BUFERR_H
+# define HEADER_BUFERR_H
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_BUF_strings(void);
+
+/*
+ * BUF function codes.
+ */
+# define BUF_F_BUF_MEM_GROW                               100
+# define BUF_F_BUF_MEM_GROW_CLEAN                         105
+# define BUF_F_BUF_MEM_NEW                                101
+
+/*
+ * BUF reason codes.
+ */
+
+#endif
diff --git a/freebsd/crypto/openssl/crypto/camellia/camellia.h b/freebsd/crypto/openssl/include/openssl/camellia.h
index 45e8d25b..151f3c13 100644
--- a/freebsd/crypto/openssl/crypto/camellia/camellia.h
+++ b/freebsd/crypto/openssl/include/openssl/camellia.h
@@ -1,52 +1,10 @@
-/* crypto/camellia/camellia.h */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #ifndef HEADER_CAMELLIA_H
@@ -54,11 +12,11 @@
 
 # include <openssl/opensslconf.h>
 
-# ifdef OPENSSL_NO_CAMELLIA
-#  error CAMELLIA is disabled.
-# endif
-
+# ifndef OPENSSL_NO_CAMELLIA
 # include <stddef.h>
+#ifdef  __cplusplus
+extern "C" {
+#endif
 
 # define CAMELLIA_ENCRYPT        1
 # define CAMELLIA_DECRYPT        0
@@ -68,10 +26,6 @@
  * Both sizes are in bytes.
  */
 
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
 /* This should be a hidden type, but EVP requires that the size be known */
 
 # define CAMELLIA_BLOCK_SIZE 16
@@ -90,10 +44,6 @@ struct camellia_key_st {
 };
 typedef struct camellia_key_st CAMELLIA_KEY;
 
-# ifdef OPENSSL_FIPS
-int private_Camellia_set_key(const unsigned char *userKey, const int bits,
-                             CAMELLIA_KEY *key);
-# endif
 int Camellia_set_key(const unsigned char *userKey, const int bits,
                      CAMELLIA_KEY *key);
 
@@ -125,8 +75,9 @@ void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out,
                              unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE],
                              unsigned int *num);
 
-#ifdef  __cplusplus
+# ifdef  __cplusplus
 }
-#endif
+# endif
+# endif
 
-#endif                          /* !HEADER_Camellia_H */
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/cast.h b/freebsd/crypto/openssl/include/openssl/cast.h
new file mode 100644
index 00000000..2cc89ae0
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/cast.h
@@ -0,0 +1,53 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CAST_H
+# define HEADER_CAST_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_CAST
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+# define CAST_ENCRYPT    1
+# define CAST_DECRYPT    0
+
+# define CAST_LONG unsigned int
+
+# define CAST_BLOCK      8
+# define CAST_KEY_LENGTH 16
+
+typedef struct cast_key_st {
+    CAST_LONG data[32];
+    int short_key;              /* Use reduced rounds for short key */
+} CAST_KEY;
+
+void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
+void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                      const CAST_KEY *key, int enc);
+void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key);
+void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key);
+void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                      long length, const CAST_KEY *ks, unsigned char *iv,
+                      int enc);
+void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                        long length, const CAST_KEY *schedule,
+                        unsigned char *ivec, int *num, int enc);
+void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                        long length, const CAST_KEY *schedule,
+                        unsigned char *ivec, int *num);
+
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/cmac.h b/freebsd/crypto/openssl/include/openssl/cmac.h
new file mode 100644
index 00000000..3535a9ab
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/cmac.h
@@ -0,0 +1,41 @@
+/*
+ * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CMAC_H
+# define HEADER_CMAC_H
+
+# ifndef OPENSSL_NO_CMAC
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# include <openssl/evp.h>
+
+/* Opaque */
+typedef struct CMAC_CTX_st CMAC_CTX;
+
+CMAC_CTX *CMAC_CTX_new(void);
+void CMAC_CTX_cleanup(CMAC_CTX *ctx);
+void CMAC_CTX_free(CMAC_CTX *ctx);
+EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx);
+int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in);
+
+int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
+              const EVP_CIPHER *cipher, ENGINE *impl);
+int CMAC_Update(CMAC_CTX *ctx, const void *data, size_t dlen);
+int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen);
+int CMAC_resume(CMAC_CTX *ctx);
+
+#ifdef  __cplusplus
+}
+#endif
+
+# endif
+#endif
diff --git a/freebsd/crypto/openssl/crypto/cms/cms.h b/freebsd/crypto/openssl/include/openssl/cms.h
index e6c7f964..ddf37e56 100644
--- a/freebsd/crypto/openssl/crypto/cms/cms.h
+++ b/freebsd/crypto/openssl/include/openssl/cms.h
@@ -1,69 +1,24 @@
-/* crypto/cms/cms.h */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #ifndef HEADER_CMS_H
 # define HEADER_CMS_H
 
-# include <openssl/x509.h>
-
-# ifdef OPENSSL_NO_CMS
-#  error CMS is disabled.
-# endif
+# include <openssl/opensslconf.h>
 
-#ifdef __cplusplus
+# ifndef OPENSSL_NO_CMS
+# include <openssl/x509.h>
+# include <openssl/x509v3.h>
+# include <openssl/cmserr.h>
+# ifdef __cplusplus
 extern "C" {
-#endif
+# endif
 
 typedef struct CMS_ContentInfo_st CMS_ContentInfo;
 typedef struct CMS_SignerInfo_st CMS_SignerInfo;
@@ -75,9 +30,10 @@ typedef struct CMS_Receipt_st CMS_Receipt;
 typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey;
 typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute;
 
-DECLARE_STACK_OF(CMS_SignerInfo)
-DECLARE_STACK_OF(GENERAL_NAMES)
-DECLARE_STACK_OF(CMS_RecipientEncryptedKey)
+DEFINE_STACK_OF(CMS_SignerInfo)
+DEFINE_STACK_OF(CMS_RecipientEncryptedKey)
+DEFINE_STACK_OF(CMS_RecipientInfo)
+DEFINE_STACK_OF(CMS_RevocationInfoChoice)
 DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
 DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
 DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
@@ -116,8 +72,9 @@ DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
 # define CMS_USE_KEYID                   0x10000
 # define CMS_DEBUG_DECRYPT               0x20000
 # define CMS_KEY_PARAM                   0x40000
+# define CMS_ASCIICRLF                   0x80000
 
-const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms);
+const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms);
 
 BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont);
 int CMS_dataFinal(CMS_ContentInfo *cms, BIO *bio);
@@ -188,7 +145,7 @@ int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
 int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert);
 int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
                          unsigned char *key, size_t keylen,
-                         unsigned char *id, size_t idlen);
+                         const unsigned char *id, size_t idlen);
 int CMS_decrypt_set1_password(CMS_ContentInfo *cms,
                               unsigned char *pass, ossl_ssize_t passlen);
 
@@ -290,7 +247,7 @@ int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap);
 int CMS_signed_get_attr_count(const CMS_SignerInfo *si);
 int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
                                int lastpos);
-int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
+int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, const ASN1_OBJECT *obj,
                                int lastpos);
 X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc);
 X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc);
@@ -304,14 +261,14 @@ int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si,
 int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si,
                                 const char *attrname, int type,
                                 const void *bytes, int len);
-void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
+void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *oid,
                                   int lastpos, int type);
 
 int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si);
 int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
                                  int lastpos);
-int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
-                                 int lastpos);
+int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si,
+                                 const ASN1_OBJECT *obj, int lastpos);
 X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc);
 X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc);
 int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
@@ -373,183 +330,13 @@ int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms,
 int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg,
                           ASN1_OCTET_STRING *ukm, int keylen);
 
-/* BEGIN ERROR CODES */
-/*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_CMS_strings(void);
-
-/* Error codes for the CMS functions. */
-
-/* Function codes. */
-# define CMS_F_CHECK_CONTENT                              99
-# define CMS_F_CMS_ADD0_CERT                              164
-# define CMS_F_CMS_ADD0_RECIPIENT_KEY                     100
-# define CMS_F_CMS_ADD0_RECIPIENT_PASSWORD                165
-# define CMS_F_CMS_ADD1_RECEIPTREQUEST                    158
-# define CMS_F_CMS_ADD1_RECIPIENT_CERT                    101
-# define CMS_F_CMS_ADD1_SIGNER                            102
-# define CMS_F_CMS_ADD1_SIGNINGTIME                       103
-# define CMS_F_CMS_COMPRESS                               104
-# define CMS_F_CMS_COMPRESSEDDATA_CREATE                  105
-# define CMS_F_CMS_COMPRESSEDDATA_INIT_BIO                106
-# define CMS_F_CMS_COPY_CONTENT                           107
-# define CMS_F_CMS_COPY_MESSAGEDIGEST                     108
-# define CMS_F_CMS_DATA                                   109
-# define CMS_F_CMS_DATAFINAL                              110
-# define CMS_F_CMS_DATAINIT                               111
-# define CMS_F_CMS_DECRYPT                                112
-# define CMS_F_CMS_DECRYPT_SET1_KEY                       113
-# define CMS_F_CMS_DECRYPT_SET1_PASSWORD                  166
-# define CMS_F_CMS_DECRYPT_SET1_PKEY                      114
-# define CMS_F_CMS_DIGESTALGORITHM_FIND_CTX               115
-# define CMS_F_CMS_DIGESTALGORITHM_INIT_BIO               116
-# define CMS_F_CMS_DIGESTEDDATA_DO_FINAL                  117
-# define CMS_F_CMS_DIGEST_VERIFY                          118
-# define CMS_F_CMS_ENCODE_RECEIPT                         161
-# define CMS_F_CMS_ENCRYPT                                119
-# define CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO              120
-# define CMS_F_CMS_ENCRYPTEDDATA_DECRYPT                  121
-# define CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT                  122
-# define CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY                 123
-# define CMS_F_CMS_ENVELOPEDDATA_CREATE                   124
-# define CMS_F_CMS_ENVELOPEDDATA_INIT_BIO                 125
-# define CMS_F_CMS_ENVELOPED_DATA_INIT                    126
-# define CMS_F_CMS_ENV_ASN1_CTRL                          171
-# define CMS_F_CMS_FINAL                                  127
-# define CMS_F_CMS_GET0_CERTIFICATE_CHOICES               128
-# define CMS_F_CMS_GET0_CONTENT                           129
-# define CMS_F_CMS_GET0_ECONTENT_TYPE                     130
-# define CMS_F_CMS_GET0_ENVELOPED                         131
-# define CMS_F_CMS_GET0_REVOCATION_CHOICES                132
-# define CMS_F_CMS_GET0_SIGNED                            133
-# define CMS_F_CMS_MSGSIGDIGEST_ADD1                      162
-# define CMS_F_CMS_RECEIPTREQUEST_CREATE0                 159
-# define CMS_F_CMS_RECEIPT_VERIFY                         160
-# define CMS_F_CMS_RECIPIENTINFO_DECRYPT                  134
-# define CMS_F_CMS_RECIPIENTINFO_ENCRYPT                  169
-# define CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT             178
-# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG            175
-# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID        173
-# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS           172
-# define CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP         174
-# define CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT            135
-# define CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT            136
-# define CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID            137
-# define CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP             138
-# define CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP            139
-# define CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT             140
-# define CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT             141
-# define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS           142
-# define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID      143
-# define CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT               167
-# define CMS_F_CMS_RECIPIENTINFO_SET0_KEY                 144
-# define CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD            168
-# define CMS_F_CMS_RECIPIENTINFO_SET0_PKEY                145
-# define CMS_F_CMS_SD_ASN1_CTRL                           170
-# define CMS_F_CMS_SET1_IAS                               176
-# define CMS_F_CMS_SET1_KEYID                             177
-# define CMS_F_CMS_SET1_SIGNERIDENTIFIER                  146
-# define CMS_F_CMS_SET_DETACHED                           147
-# define CMS_F_CMS_SIGN                                   148
-# define CMS_F_CMS_SIGNED_DATA_INIT                       149
-# define CMS_F_CMS_SIGNERINFO_CONTENT_SIGN                150
-# define CMS_F_CMS_SIGNERINFO_SIGN                        151
-# define CMS_F_CMS_SIGNERINFO_VERIFY                      152
-# define CMS_F_CMS_SIGNERINFO_VERIFY_CERT                 153
-# define CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT              154
-# define CMS_F_CMS_SIGN_RECEIPT                           163
-# define CMS_F_CMS_STREAM                                 155
-# define CMS_F_CMS_UNCOMPRESS                             156
-# define CMS_F_CMS_VERIFY                                 157
-
-/* Reason codes. */
-# define CMS_R_ADD_SIGNER_ERROR                           99
-# define CMS_R_CERTIFICATE_ALREADY_PRESENT                175
-# define CMS_R_CERTIFICATE_HAS_NO_KEYID                   160
-# define CMS_R_CERTIFICATE_VERIFY_ERROR                   100
-# define CMS_R_CIPHER_INITIALISATION_ERROR                101
-# define CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR      102
-# define CMS_R_CMS_DATAFINAL_ERROR                        103
-# define CMS_R_CMS_LIB                                    104
-# define CMS_R_CONTENTIDENTIFIER_MISMATCH                 170
-# define CMS_R_CONTENT_NOT_FOUND                          105
-# define CMS_R_CONTENT_TYPE_MISMATCH                      171
-# define CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA           106
-# define CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA            107
-# define CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA               108
-# define CMS_R_CONTENT_VERIFY_ERROR                       109
-# define CMS_R_CTRL_ERROR                                 110
-# define CMS_R_CTRL_FAILURE                               111
-# define CMS_R_DECRYPT_ERROR                              112
-# define CMS_R_DIGEST_ERROR                               161
-# define CMS_R_ERROR_GETTING_PUBLIC_KEY                   113
-# define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE      114
-# define CMS_R_ERROR_SETTING_KEY                          115
-# define CMS_R_ERROR_SETTING_RECIPIENTINFO                116
-# define CMS_R_INVALID_ENCRYPTED_KEY_LENGTH               117
-# define CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER           176
-# define CMS_R_INVALID_KEY_LENGTH                         118
-# define CMS_R_MD_BIO_INIT_ERROR                          119
-# define CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH       120
-# define CMS_R_MESSAGEDIGEST_WRONG_LENGTH                 121
-# define CMS_R_MSGSIGDIGEST_ERROR                         172
-# define CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE          162
-# define CMS_R_MSGSIGDIGEST_WRONG_LENGTH                  163
-# define CMS_R_NEED_ONE_SIGNER                            164
-# define CMS_R_NOT_A_SIGNED_RECEIPT                       165
-# define CMS_R_NOT_ENCRYPTED_DATA                         122
-# define CMS_R_NOT_KEK                                    123
-# define CMS_R_NOT_KEY_AGREEMENT                          181
-# define CMS_R_NOT_KEY_TRANSPORT                          124
-# define CMS_R_NOT_PWRI                                   177
-# define CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE            125
-# define CMS_R_NO_CIPHER                                  126
-# define CMS_R_NO_CONTENT                                 127
-# define CMS_R_NO_CONTENT_TYPE                            173
-# define CMS_R_NO_DEFAULT_DIGEST                          128
-# define CMS_R_NO_DIGEST_SET                              129
-# define CMS_R_NO_KEY                                     130
-# define CMS_R_NO_KEY_OR_CERT                             174
-# define CMS_R_NO_MATCHING_DIGEST                         131
-# define CMS_R_NO_MATCHING_RECIPIENT                      132
-# define CMS_R_NO_MATCHING_SIGNATURE                      166
-# define CMS_R_NO_MSGSIGDIGEST                            167
-# define CMS_R_NO_PASSWORD                                178
-# define CMS_R_NO_PRIVATE_KEY                             133
-# define CMS_R_NO_PUBLIC_KEY                              134
-# define CMS_R_NO_RECEIPT_REQUEST                         168
-# define CMS_R_NO_SIGNERS                                 135
-# define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE     136
-# define CMS_R_RECEIPT_DECODE_ERROR                       169
-# define CMS_R_RECIPIENT_ERROR                            137
-# define CMS_R_SIGNER_CERTIFICATE_NOT_FOUND               138
-# define CMS_R_SIGNFINAL_ERROR                            139
-# define CMS_R_SMIME_TEXT_ERROR                           140
-# define CMS_R_STORE_INIT_ERROR                           141
-# define CMS_R_TYPE_NOT_COMPRESSED_DATA                   142
-# define CMS_R_TYPE_NOT_DATA                              143
-# define CMS_R_TYPE_NOT_DIGESTED_DATA                     144
-# define CMS_R_TYPE_NOT_ENCRYPTED_DATA                    145
-# define CMS_R_TYPE_NOT_ENVELOPED_DATA                    146
-# define CMS_R_UNABLE_TO_FINALIZE_CONTEXT                 147
-# define CMS_R_UNKNOWN_CIPHER                             148
-# define CMS_R_UNKNOWN_DIGEST_ALGORIHM                    149
-# define CMS_R_UNKNOWN_ID                                 150
-# define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM          151
-# define CMS_R_UNSUPPORTED_CONTENT_TYPE                   152
-# define CMS_R_UNSUPPORTED_KEK_ALGORITHM                  153
-# define CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM       179
-# define CMS_R_UNSUPPORTED_RECIPIENT_TYPE                 154
-# define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE              155
-# define CMS_R_UNSUPPORTED_TYPE                           156
-# define CMS_R_UNWRAP_ERROR                               157
-# define CMS_R_UNWRAP_FAILURE                             180
-# define CMS_R_VERIFICATION_FAILURE                       158
-# define CMS_R_WRAP_ERROR                                 159
-
-#ifdef  __cplusplus
+/* Backward compatibility for spelling errors. */
+# define CMS_R_UNKNOWN_DIGEST_ALGORITM CMS_R_UNKNOWN_DIGEST_ALGORITHM
+# define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE \
+    CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE
+
+#  ifdef  __cplusplus
 }
-#endif
+#  endif
+# endif
 #endif
diff --git a/freebsd/crypto/openssl/include/openssl/cmserr.h b/freebsd/crypto/openssl/include/openssl/cmserr.h
new file mode 100644
index 00000000..3f8ae26d
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/cmserr.h
@@ -0,0 +1,196 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CMSERR_H
+# define HEADER_CMSERR_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_CMS
+
+#  ifdef  __cplusplus
+extern "C"
+#  endif
+int ERR_load_CMS_strings(void);
+
+/*
+ * CMS function codes.
+ */
+#  define CMS_F_CHECK_CONTENT                              99
+#  define CMS_F_CMS_ADD0_CERT                              164
+#  define CMS_F_CMS_ADD0_RECIPIENT_KEY                     100
+#  define CMS_F_CMS_ADD0_RECIPIENT_PASSWORD                165
+#  define CMS_F_CMS_ADD1_RECEIPTREQUEST                    158
+#  define CMS_F_CMS_ADD1_RECIPIENT_CERT                    101
+#  define CMS_F_CMS_ADD1_SIGNER                            102
+#  define CMS_F_CMS_ADD1_SIGNINGTIME                       103
+#  define CMS_F_CMS_COMPRESS                               104
+#  define CMS_F_CMS_COMPRESSEDDATA_CREATE                  105
+#  define CMS_F_CMS_COMPRESSEDDATA_INIT_BIO                106
+#  define CMS_F_CMS_COPY_CONTENT                           107
+#  define CMS_F_CMS_COPY_MESSAGEDIGEST                     108
+#  define CMS_F_CMS_DATA                                   109
+#  define CMS_F_CMS_DATAFINAL                              110
+#  define CMS_F_CMS_DATAINIT                               111
+#  define CMS_F_CMS_DECRYPT                                112
+#  define CMS_F_CMS_DECRYPT_SET1_KEY                       113
+#  define CMS_F_CMS_DECRYPT_SET1_PASSWORD                  166
+#  define CMS_F_CMS_DECRYPT_SET1_PKEY                      114
+#  define CMS_F_CMS_DIGESTALGORITHM_FIND_CTX               115
+#  define CMS_F_CMS_DIGESTALGORITHM_INIT_BIO               116
+#  define CMS_F_CMS_DIGESTEDDATA_DO_FINAL                  117
+#  define CMS_F_CMS_DIGEST_VERIFY                          118
+#  define CMS_F_CMS_ENCODE_RECEIPT                         161
+#  define CMS_F_CMS_ENCRYPT                                119
+#  define CMS_F_CMS_ENCRYPTEDCONTENT_INIT                  179
+#  define CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO              120
+#  define CMS_F_CMS_ENCRYPTEDDATA_DECRYPT                  121
+#  define CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT                  122
+#  define CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY                 123
+#  define CMS_F_CMS_ENVELOPEDDATA_CREATE                   124
+#  define CMS_F_CMS_ENVELOPEDDATA_INIT_BIO                 125
+#  define CMS_F_CMS_ENVELOPED_DATA_INIT                    126
+#  define CMS_F_CMS_ENV_ASN1_CTRL                          171
+#  define CMS_F_CMS_FINAL                                  127
+#  define CMS_F_CMS_GET0_CERTIFICATE_CHOICES               128
+#  define CMS_F_CMS_GET0_CONTENT                           129
+#  define CMS_F_CMS_GET0_ECONTENT_TYPE                     130
+#  define CMS_F_CMS_GET0_ENVELOPED                         131
+#  define CMS_F_CMS_GET0_REVOCATION_CHOICES                132
+#  define CMS_F_CMS_GET0_SIGNED                            133
+#  define CMS_F_CMS_MSGSIGDIGEST_ADD1                      162
+#  define CMS_F_CMS_RECEIPTREQUEST_CREATE0                 159
+#  define CMS_F_CMS_RECEIPT_VERIFY                         160
+#  define CMS_F_CMS_RECIPIENTINFO_DECRYPT                  134
+#  define CMS_F_CMS_RECIPIENTINFO_ENCRYPT                  169
+#  define CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT             178
+#  define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG            175
+#  define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID        173
+#  define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS           172
+#  define CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP         174
+#  define CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT            135
+#  define CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT            136
+#  define CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID            137
+#  define CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP             138
+#  define CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP            139
+#  define CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT             140
+#  define CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT             141
+#  define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS           142
+#  define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID      143
+#  define CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT               167
+#  define CMS_F_CMS_RECIPIENTINFO_SET0_KEY                 144
+#  define CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD            168
+#  define CMS_F_CMS_RECIPIENTINFO_SET0_PKEY                145
+#  define CMS_F_CMS_SD_ASN1_CTRL                           170
+#  define CMS_F_CMS_SET1_IAS                               176
+#  define CMS_F_CMS_SET1_KEYID                             177
+#  define CMS_F_CMS_SET1_SIGNERIDENTIFIER                  146
+#  define CMS_F_CMS_SET_DETACHED                           147
+#  define CMS_F_CMS_SIGN                                   148
+#  define CMS_F_CMS_SIGNED_DATA_INIT                       149
+#  define CMS_F_CMS_SIGNERINFO_CONTENT_SIGN                150
+#  define CMS_F_CMS_SIGNERINFO_SIGN                        151
+#  define CMS_F_CMS_SIGNERINFO_VERIFY                      152
+#  define CMS_F_CMS_SIGNERINFO_VERIFY_CERT                 153
+#  define CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT              154
+#  define CMS_F_CMS_SIGN_RECEIPT                           163
+#  define CMS_F_CMS_STREAM                                 155
+#  define CMS_F_CMS_UNCOMPRESS                             156
+#  define CMS_F_CMS_VERIFY                                 157
+#  define CMS_F_KEK_UNWRAP_KEY                             180
+
+/*
+ * CMS reason codes.
+ */
+#  define CMS_R_ADD_SIGNER_ERROR                           99
+#  define CMS_R_CERTIFICATE_ALREADY_PRESENT                175
+#  define CMS_R_CERTIFICATE_HAS_NO_KEYID                   160
+#  define CMS_R_CERTIFICATE_VERIFY_ERROR                   100
+#  define CMS_R_CIPHER_INITIALISATION_ERROR                101
+#  define CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR      102
+#  define CMS_R_CMS_DATAFINAL_ERROR                        103
+#  define CMS_R_CMS_LIB                                    104
+#  define CMS_R_CONTENTIDENTIFIER_MISMATCH                 170
+#  define CMS_R_CONTENT_NOT_FOUND                          105
+#  define CMS_R_CONTENT_TYPE_MISMATCH                      171
+#  define CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA           106
+#  define CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA            107
+#  define CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA               108
+#  define CMS_R_CONTENT_VERIFY_ERROR                       109
+#  define CMS_R_CTRL_ERROR                                 110
+#  define CMS_R_CTRL_FAILURE                               111
+#  define CMS_R_DECRYPT_ERROR                              112
+#  define CMS_R_ERROR_GETTING_PUBLIC_KEY                   113
+#  define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE      114
+#  define CMS_R_ERROR_SETTING_KEY                          115
+#  define CMS_R_ERROR_SETTING_RECIPIENTINFO                116
+#  define CMS_R_INVALID_ENCRYPTED_KEY_LENGTH               117
+#  define CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER           176
+#  define CMS_R_INVALID_KEY_LENGTH                         118
+#  define CMS_R_MD_BIO_INIT_ERROR                          119
+#  define CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH       120
+#  define CMS_R_MESSAGEDIGEST_WRONG_LENGTH                 121
+#  define CMS_R_MSGSIGDIGEST_ERROR                         172
+#  define CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE          162
+#  define CMS_R_MSGSIGDIGEST_WRONG_LENGTH                  163
+#  define CMS_R_NEED_ONE_SIGNER                            164
+#  define CMS_R_NOT_A_SIGNED_RECEIPT                       165
+#  define CMS_R_NOT_ENCRYPTED_DATA                         122
+#  define CMS_R_NOT_KEK                                    123
+#  define CMS_R_NOT_KEY_AGREEMENT                          181
+#  define CMS_R_NOT_KEY_TRANSPORT                          124
+#  define CMS_R_NOT_PWRI                                   177
+#  define CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE            125
+#  define CMS_R_NO_CIPHER                                  126
+#  define CMS_R_NO_CONTENT                                 127
+#  define CMS_R_NO_CONTENT_TYPE                            173
+#  define CMS_R_NO_DEFAULT_DIGEST                          128
+#  define CMS_R_NO_DIGEST_SET                              129
+#  define CMS_R_NO_KEY                                     130
+#  define CMS_R_NO_KEY_OR_CERT                             174
+#  define CMS_R_NO_MATCHING_DIGEST                         131
+#  define CMS_R_NO_MATCHING_RECIPIENT                      132
+#  define CMS_R_NO_MATCHING_SIGNATURE                      166
+#  define CMS_R_NO_MSGSIGDIGEST                            167
+#  define CMS_R_NO_PASSWORD                                178
+#  define CMS_R_NO_PRIVATE_KEY                             133
+#  define CMS_R_NO_PUBLIC_KEY                              134
+#  define CMS_R_NO_RECEIPT_REQUEST                         168
+#  define CMS_R_NO_SIGNERS                                 135
+#  define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE     136
+#  define CMS_R_RECEIPT_DECODE_ERROR                       169
+#  define CMS_R_RECIPIENT_ERROR                            137
+#  define CMS_R_SIGNER_CERTIFICATE_NOT_FOUND               138
+#  define CMS_R_SIGNFINAL_ERROR                            139
+#  define CMS_R_SMIME_TEXT_ERROR                           140
+#  define CMS_R_STORE_INIT_ERROR                           141
+#  define CMS_R_TYPE_NOT_COMPRESSED_DATA                   142
+#  define CMS_R_TYPE_NOT_DATA                              143
+#  define CMS_R_TYPE_NOT_DIGESTED_DATA                     144
+#  define CMS_R_TYPE_NOT_ENCRYPTED_DATA                    145
+#  define CMS_R_TYPE_NOT_ENVELOPED_DATA                    146
+#  define CMS_R_UNABLE_TO_FINALIZE_CONTEXT                 147
+#  define CMS_R_UNKNOWN_CIPHER                             148
+#  define CMS_R_UNKNOWN_DIGEST_ALGORITHM                   149
+#  define CMS_R_UNKNOWN_ID                                 150
+#  define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM          151
+#  define CMS_R_UNSUPPORTED_CONTENT_TYPE                   152
+#  define CMS_R_UNSUPPORTED_KEK_ALGORITHM                  153
+#  define CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM       179
+#  define CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE             155
+#  define CMS_R_UNSUPPORTED_RECIPIENT_TYPE                 154
+#  define CMS_R_UNSUPPORTED_TYPE                           156
+#  define CMS_R_UNWRAP_ERROR                               157
+#  define CMS_R_UNWRAP_FAILURE                             180
+#  define CMS_R_VERIFICATION_FAILURE                       158
+#  define CMS_R_WRAP_ERROR                                 159
+
+# endif
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/comp.h b/freebsd/crypto/openssl/include/openssl/comp.h
new file mode 100644
index 00000000..d814d3cf
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/comp.h
@@ -0,0 +1,53 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_COMP_H
+# define HEADER_COMP_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_COMP
+# include <openssl/crypto.h>
+# include <openssl/comperr.h>
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+
+
+COMP_CTX *COMP_CTX_new(COMP_METHOD *meth);
+const COMP_METHOD *COMP_CTX_get_method(const COMP_CTX *ctx);
+int COMP_CTX_get_type(const COMP_CTX* comp);
+int COMP_get_type(const COMP_METHOD *meth);
+const char *COMP_get_name(const COMP_METHOD *meth);
+void COMP_CTX_free(COMP_CTX *ctx);
+
+int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen,
+                        unsigned char *in, int ilen);
+int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
+                      unsigned char *in, int ilen);
+
+COMP_METHOD *COMP_zlib(void);
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+#define COMP_zlib_cleanup() while(0) continue
+#endif
+
+# ifdef HEADER_BIO_H
+#  ifdef ZLIB
+const BIO_METHOD *BIO_f_zlib(void);
+#  endif
+# endif
+
+
+#  ifdef  __cplusplus
+}
+#  endif
+# endif
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/comperr.h b/freebsd/crypto/openssl/include/openssl/comperr.h
new file mode 100644
index 00000000..edea63a6
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/comperr.h
@@ -0,0 +1,40 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_COMPERR_H
+# define HEADER_COMPERR_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_COMP
+
+#  ifdef  __cplusplus
+extern "C"
+#  endif
+int ERR_load_COMP_strings(void);
+
+/*
+ * COMP function codes.
+ */
+#  define COMP_F_BIO_ZLIB_FLUSH                            99
+#  define COMP_F_BIO_ZLIB_NEW                              100
+#  define COMP_F_BIO_ZLIB_READ                             101
+#  define COMP_F_BIO_ZLIB_WRITE                            102
+#  define COMP_F_COMP_CTX_NEW                              103
+
+/*
+ * COMP reason codes.
+ */
+#  define COMP_R_ZLIB_DEFLATE_ERROR                        99
+#  define COMP_R_ZLIB_INFLATE_ERROR                        100
+#  define COMP_R_ZLIB_NOT_SUPPORTED                        101
+
+# endif
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/conf.h b/freebsd/crypto/openssl/include/openssl/conf.h
new file mode 100644
index 00000000..7336cd2f
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/conf.h
@@ -0,0 +1,168 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef  HEADER_CONF_H
+# define HEADER_CONF_H
+
+# include <openssl/bio.h>
+# include <openssl/lhash.h>
+# include <openssl/safestack.h>
+# include <openssl/e_os2.h>
+# include <openssl/ossl_typ.h>
+# include <openssl/conferr.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+typedef struct {
+    char *section;
+    char *name;
+    char *value;
+} CONF_VALUE;
+
+DEFINE_STACK_OF(CONF_VALUE)
+DEFINE_LHASH_OF(CONF_VALUE);
+
+struct conf_st;
+struct conf_method_st;
+typedef struct conf_method_st CONF_METHOD;
+
+struct conf_method_st {
+    const char *name;
+    CONF *(*create) (CONF_METHOD *meth);
+    int (*init) (CONF *conf);
+    int (*destroy) (CONF *conf);
+    int (*destroy_data) (CONF *conf);
+    int (*load_bio) (CONF *conf, BIO *bp, long *eline);
+    int (*dump) (const CONF *conf, BIO *bp);
+    int (*is_number) (const CONF *conf, char c);
+    int (*to_int) (const CONF *conf, char c);
+    int (*load) (CONF *conf, const char *name, long *eline);
+};
+
+/* Module definitions */
+
+typedef struct conf_imodule_st CONF_IMODULE;
+typedef struct conf_module_st CONF_MODULE;
+
+DEFINE_STACK_OF(CONF_MODULE)
+DEFINE_STACK_OF(CONF_IMODULE)
+
+/* DSO module function typedefs */
+typedef int conf_init_func (CONF_IMODULE *md, const CONF *cnf);
+typedef void conf_finish_func (CONF_IMODULE *md);
+
+# define CONF_MFLAGS_IGNORE_ERRORS       0x1
+# define CONF_MFLAGS_IGNORE_RETURN_CODES 0x2
+# define CONF_MFLAGS_SILENT              0x4
+# define CONF_MFLAGS_NO_DSO              0x8
+# define CONF_MFLAGS_IGNORE_MISSING_FILE 0x10
+# define CONF_MFLAGS_DEFAULT_SECTION     0x20
+
+int CONF_set_default_method(CONF_METHOD *meth);
+void CONF_set_nconf(CONF *conf, LHASH_OF(CONF_VALUE) *hash);
+LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file,
+                                long *eline);
+# ifndef OPENSSL_NO_STDIO
+LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp,
+                                   long *eline);
+# endif
+LHASH_OF(CONF_VALUE) *CONF_load_bio(LHASH_OF(CONF_VALUE) *conf, BIO *bp,
+                                    long *eline);
+STACK_OF(CONF_VALUE) *CONF_get_section(LHASH_OF(CONF_VALUE) *conf,
+                                       const char *section);
+char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf, const char *group,
+                      const char *name);
+long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group,
+                     const char *name);
+void CONF_free(LHASH_OF(CONF_VALUE) *conf);
+#ifndef OPENSSL_NO_STDIO
+int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out);
+#endif
+int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out);
+
+DEPRECATEDIN_1_1_0(void OPENSSL_config(const char *config_name))
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define OPENSSL_no_config() \
+    OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL)
+#endif
+
+/*
+ * New conf code.  The semantics are different from the functions above. If
+ * that wasn't the case, the above functions would have been replaced
+ */
+
+struct conf_st {
+    CONF_METHOD *meth;
+    void *meth_data;
+    LHASH_OF(CONF_VALUE) *data;
+};
+
+CONF *NCONF_new(CONF_METHOD *meth);
+CONF_METHOD *NCONF_default(void);
+CONF_METHOD *NCONF_WIN32(void);
+void NCONF_free(CONF *conf);
+void NCONF_free_data(CONF *conf);
+
+int NCONF_load(CONF *conf, const char *file, long *eline);
+# ifndef OPENSSL_NO_STDIO
+int NCONF_load_fp(CONF *conf, FILE *fp, long *eline);
+# endif
+int NCONF_load_bio(CONF *conf, BIO *bp, long *eline);
+STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,
+                                        const char *section);
+char *NCONF_get_string(const CONF *conf, const char *group, const char *name);
+int NCONF_get_number_e(const CONF *conf, const char *group, const char *name,
+                       long *result);
+#ifndef OPENSSL_NO_STDIO
+int NCONF_dump_fp(const CONF *conf, FILE *out);
+#endif
+int NCONF_dump_bio(const CONF *conf, BIO *out);
+
+#define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r)
+
+/* Module functions */
+
+int CONF_modules_load(const CONF *cnf, const char *appname,
+                      unsigned long flags);
+int CONF_modules_load_file(const char *filename, const char *appname,
+                           unsigned long flags);
+void CONF_modules_unload(int all);
+void CONF_modules_finish(void);
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define CONF_modules_free() while(0) continue
+#endif
+int CONF_module_add(const char *name, conf_init_func *ifunc,
+                    conf_finish_func *ffunc);
+
+const char *CONF_imodule_get_name(const CONF_IMODULE *md);
+const char *CONF_imodule_get_value(const CONF_IMODULE *md);
+void *CONF_imodule_get_usr_data(const CONF_IMODULE *md);
+void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data);
+CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md);
+unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md);
+void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags);
+void *CONF_module_get_usr_data(CONF_MODULE *pmod);
+void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data);
+
+char *CONF_get1_default_config_file(void);
+
+int CONF_parse_list(const char *list, int sep, int nospc,
+                    int (*list_cb) (const char *elem, int len, void *usr),
+                    void *arg);
+
+void OPENSSL_load_builtin_modules(void);
+
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/conf_api.h b/freebsd/crypto/openssl/include/openssl/conf_api.h
new file mode 100644
index 00000000..a0275ad7
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/conf_api.h
@@ -0,0 +1,40 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef  HEADER_CONF_API_H
+# define HEADER_CONF_API_H
+
+# include <openssl/lhash.h>
+# include <openssl/conf.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* Up until OpenSSL 0.9.5a, this was new_section */
+CONF_VALUE *_CONF_new_section(CONF *conf, const char *section);
+/* Up until OpenSSL 0.9.5a, this was get_section */
+CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section);
+/* Up until OpenSSL 0.9.5a, this was CONF_get_section */
+STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf,
+                                               const char *section);
+
+int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value);
+char *_CONF_get_string(const CONF *conf, const char *section,
+                       const char *name);
+long _CONF_get_number(const CONF *conf, const char *section,
+                      const char *name);
+
+int _CONF_new_data(CONF *conf);
+void _CONF_free_data(CONF *conf);
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/conferr.h b/freebsd/crypto/openssl/include/openssl/conferr.h
new file mode 100644
index 00000000..d1c92f45
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/conferr.h
@@ -0,0 +1,72 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CONFERR_H
+# define HEADER_CONFERR_H
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_CONF_strings(void);
+
+/*
+ * CONF function codes.
+ */
+# define CONF_F_CONF_DUMP_FP                              104
+# define CONF_F_CONF_LOAD                                 100
+# define CONF_F_CONF_LOAD_FP                              103
+# define CONF_F_CONF_PARSE_LIST                           119
+# define CONF_F_DEF_LOAD                                  120
+# define CONF_F_DEF_LOAD_BIO                              121
+# define CONF_F_GET_NEXT_FILE                             107
+# define CONF_F_MODULE_ADD                                122
+# define CONF_F_MODULE_INIT                               115
+# define CONF_F_MODULE_LOAD_DSO                           117
+# define CONF_F_MODULE_RUN                                118
+# define CONF_F_NCONF_DUMP_BIO                            105
+# define CONF_F_NCONF_DUMP_FP                             106
+# define CONF_F_NCONF_GET_NUMBER_E                        112
+# define CONF_F_NCONF_GET_SECTION                         108
+# define CONF_F_NCONF_GET_STRING                          109
+# define CONF_F_NCONF_LOAD                                113
+# define CONF_F_NCONF_LOAD_BIO                            110
+# define CONF_F_NCONF_LOAD_FP                             114
+# define CONF_F_NCONF_NEW                                 111
+# define CONF_F_PROCESS_INCLUDE                           116
+# define CONF_F_SSL_MODULE_INIT                           123
+# define CONF_F_STR_COPY                                  101
+
+/*
+ * CONF reason codes.
+ */
+# define CONF_R_ERROR_LOADING_DSO                         110
+# define CONF_R_LIST_CANNOT_BE_NULL                       115
+# define CONF_R_MISSING_CLOSE_SQUARE_BRACKET              100
+# define CONF_R_MISSING_EQUAL_SIGN                        101
+# define CONF_R_MISSING_INIT_FUNCTION                     112
+# define CONF_R_MODULE_INITIALIZATION_ERROR               109
+# define CONF_R_NO_CLOSE_BRACE                            102
+# define CONF_R_NO_CONF                                   105
+# define CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE           106
+# define CONF_R_NO_SECTION                                107
+# define CONF_R_NO_SUCH_FILE                              114
+# define CONF_R_NO_VALUE                                  108
+# define CONF_R_NUMBER_TOO_LARGE                          121
+# define CONF_R_RECURSIVE_DIRECTORY_INCLUDE               111
+# define CONF_R_SSL_COMMAND_SECTION_EMPTY                 117
+# define CONF_R_SSL_COMMAND_SECTION_NOT_FOUND             118
+# define CONF_R_SSL_SECTION_EMPTY                         119
+# define CONF_R_SSL_SECTION_NOT_FOUND                     120
+# define CONF_R_UNABLE_TO_CREATE_NEW_SECTION              103
+# define CONF_R_UNKNOWN_MODULE_NAME                       113
+# define CONF_R_VARIABLE_EXPANSION_TOO_LONG               116
+# define CONF_R_VARIABLE_HAS_NO_VALUE                     104
+
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/crypto.h b/freebsd/crypto/openssl/include/openssl/crypto.h
new file mode 100644
index 00000000..7e50b1bf
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/crypto.h
@@ -0,0 +1,445 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CRYPTO_H
+# define HEADER_CRYPTO_H
+
+# include <stdlib.h>
+# include <time.h>
+
+# include <openssl/e_os2.h>
+
+# ifndef OPENSSL_NO_STDIO
+#  include <stdio.h>
+# endif
+
+# include <openssl/safestack.h>
+# include <openssl/opensslv.h>
+# include <openssl/ossl_typ.h>
+# include <openssl/opensslconf.h>
+# include <openssl/cryptoerr.h>
+
+# ifdef CHARSET_EBCDIC
+#  include <openssl/ebcdic.h>
+# endif
+
+/*
+ * Resolve problems on some operating systems with symbol names that clash
+ * one way or another
+ */
+# include <openssl/symhacks.h>
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  include <openssl/opensslv.h>
+# endif
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define SSLeay                  OpenSSL_version_num
+#  define SSLeay_version          OpenSSL_version
+#  define SSLEAY_VERSION_NUMBER   OPENSSL_VERSION_NUMBER
+#  define SSLEAY_VERSION          OPENSSL_VERSION
+#  define SSLEAY_CFLAGS           OPENSSL_CFLAGS
+#  define SSLEAY_BUILT_ON         OPENSSL_BUILT_ON
+#  define SSLEAY_PLATFORM         OPENSSL_PLATFORM
+#  define SSLEAY_DIR              OPENSSL_DIR
+
+/*
+ * Old type for allocating dynamic locks. No longer used. Use the new thread
+ * API instead.
+ */
+typedef struct {
+    int dummy;
+} CRYPTO_dynlock;
+
+# endif /* OPENSSL_API_COMPAT */
+
+typedef void CRYPTO_RWLOCK;
+
+CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void);
+int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock);
+int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock);
+int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock);
+void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock);
+
+int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock);
+
+/*
+ * The following can be used to detect memory leaks in the library. If
+ * used, it turns on malloc checking
+ */
+# define CRYPTO_MEM_CHECK_OFF     0x0   /* Control only */
+# define CRYPTO_MEM_CHECK_ON      0x1   /* Control and mode bit */
+# define CRYPTO_MEM_CHECK_ENABLE  0x2   /* Control and mode bit */
+# define CRYPTO_MEM_CHECK_DISABLE 0x3   /* Control only */
+
+struct crypto_ex_data_st {
+    STACK_OF(void) *sk;
+};
+DEFINE_STACK_OF(void)
+
+/*
+ * Per class, we have a STACK of function pointers.
+ */
+# define CRYPTO_EX_INDEX_SSL              0
+# define CRYPTO_EX_INDEX_SSL_CTX          1
+# define CRYPTO_EX_INDEX_SSL_SESSION      2
+# define CRYPTO_EX_INDEX_X509             3
+# define CRYPTO_EX_INDEX_X509_STORE       4
+# define CRYPTO_EX_INDEX_X509_STORE_CTX   5
+# define CRYPTO_EX_INDEX_DH               6
+# define CRYPTO_EX_INDEX_DSA              7
+# define CRYPTO_EX_INDEX_EC_KEY           8
+# define CRYPTO_EX_INDEX_RSA              9
+# define CRYPTO_EX_INDEX_ENGINE          10
+# define CRYPTO_EX_INDEX_UI              11
+# define CRYPTO_EX_INDEX_BIO             12
+# define CRYPTO_EX_INDEX_APP             13
+# define CRYPTO_EX_INDEX_UI_METHOD       14
+# define CRYPTO_EX_INDEX_DRBG            15
+# define CRYPTO_EX_INDEX__COUNT          16
+
+/*
+ * This is the default callbacks, but we can have others as well: this is
+ * needed in Win32 where the application malloc and the library malloc may
+ * not be the same.
+ */
+#define OPENSSL_malloc_init() \
+    CRYPTO_set_mem_functions(CRYPTO_malloc, CRYPTO_realloc, CRYPTO_free)
+
+int CRYPTO_mem_ctrl(int mode);
+
+# define OPENSSL_malloc(num) \
+        CRYPTO_malloc(num, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_zalloc(num) \
+        CRYPTO_zalloc(num, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_realloc(addr, num) \
+        CRYPTO_realloc(addr, num, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_clear_realloc(addr, old_num, num) \
+        CRYPTO_clear_realloc(addr, old_num, num, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_clear_free(addr, num) \
+        CRYPTO_clear_free(addr, num, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_free(addr) \
+        CRYPTO_free(addr, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_memdup(str, s) \
+        CRYPTO_memdup((str), s, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_strdup(str) \
+        CRYPTO_strdup(str, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_strndup(str, n) \
+        CRYPTO_strndup(str, n, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_secure_malloc(num) \
+        CRYPTO_secure_malloc(num, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_secure_zalloc(num) \
+        CRYPTO_secure_zalloc(num, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_secure_free(addr) \
+        CRYPTO_secure_free(addr, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_secure_clear_free(addr, num) \
+        CRYPTO_secure_clear_free(addr, num, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_secure_actual_size(ptr) \
+        CRYPTO_secure_actual_size(ptr)
+
+size_t OPENSSL_strlcpy(char *dst, const char *src, size_t siz);
+size_t OPENSSL_strlcat(char *dst, const char *src, size_t siz);
+size_t OPENSSL_strnlen(const char *str, size_t maxlen);
+char *OPENSSL_buf2hexstr(const unsigned char *buffer, long len);
+unsigned char *OPENSSL_hexstr2buf(const char *str, long *len);
+int OPENSSL_hexchar2int(unsigned char c);
+
+# define OPENSSL_MALLOC_MAX_NELEMS(type)  (((1U<<(sizeof(int)*8-1))-1)/sizeof(type))
+
+unsigned long OpenSSL_version_num(void);
+const char *OpenSSL_version(int type);
+# define OPENSSL_VERSION          0
+# define OPENSSL_CFLAGS           1
+# define OPENSSL_BUILT_ON         2
+# define OPENSSL_PLATFORM         3
+# define OPENSSL_DIR              4
+# define OPENSSL_ENGINES_DIR      5
+
+int OPENSSL_issetugid(void);
+
+typedef void CRYPTO_EX_new (void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+                           int idx, long argl, void *argp);
+typedef void CRYPTO_EX_free (void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+                             int idx, long argl, void *argp);
+typedef int CRYPTO_EX_dup (CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
+                           void *from_d, int idx, long argl, void *argp);
+__owur int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,
+                            CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
+                            CRYPTO_EX_free *free_func);
+/* No longer use an index. */
+int CRYPTO_free_ex_index(int class_index, int idx);
+
+/*
+ * Initialise/duplicate/free CRYPTO_EX_DATA variables corresponding to a
+ * given class (invokes whatever per-class callbacks are applicable)
+ */
+int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad);
+int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
+                       const CRYPTO_EX_DATA *from);
+
+void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad);
+
+/*
+ * Get/set data in a CRYPTO_EX_DATA variable corresponding to a particular
+ * index (relative to the class type involved)
+ */
+int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val);
+void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx);
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+/*
+ * This function cleans up all "ex_data" state. It mustn't be called under
+ * potential race-conditions.
+ */
+# define CRYPTO_cleanup_all_ex_data() while(0) continue
+
+/*
+ * The old locking functions have been removed completely without compatibility
+ * macros. This is because the old functions either could not properly report
+ * errors, or the returned error values were not clearly documented.
+ * Replacing the locking functions with no-ops would cause race condition
+ * issues in the affected applications. It is far better for them to fail at
+ * compile time.
+ * On the other hand, the locking callbacks are no longer used.  Consequently,
+ * the callback management functions can be safely replaced with no-op macros.
+ */
+#  define CRYPTO_num_locks()            (1)
+#  define CRYPTO_set_locking_callback(func)
+#  define CRYPTO_get_locking_callback()         (NULL)
+#  define CRYPTO_set_add_lock_callback(func)
+#  define CRYPTO_get_add_lock_callback()        (NULL)
+
+/*
+ * These defines where used in combination with the old locking callbacks,
+ * they are not called anymore, but old code that's not called might still
+ * use them.
+ */
+#  define CRYPTO_LOCK             1
+#  define CRYPTO_UNLOCK           2
+#  define CRYPTO_READ             4
+#  define CRYPTO_WRITE            8
+
+/* This structure is no longer used */
+typedef struct crypto_threadid_st {
+    int dummy;
+} CRYPTO_THREADID;
+/* Only use CRYPTO_THREADID_set_[numeric|pointer]() within callbacks */
+#  define CRYPTO_THREADID_set_numeric(id, val)
+#  define CRYPTO_THREADID_set_pointer(id, ptr)
+#  define CRYPTO_THREADID_set_callback(threadid_func)   (0)
+#  define CRYPTO_THREADID_get_callback()                (NULL)
+#  define CRYPTO_THREADID_current(id)
+#  define CRYPTO_THREADID_cmp(a, b)                     (-1)
+#  define CRYPTO_THREADID_cpy(dest, src)
+#  define CRYPTO_THREADID_hash(id)                      (0UL)
+
+#  if OPENSSL_API_COMPAT < 0x10000000L
+#   define CRYPTO_set_id_callback(func)
+#   define CRYPTO_get_id_callback()                     (NULL)
+#   define CRYPTO_thread_id()                           (0UL)
+#  endif /* OPENSSL_API_COMPAT < 0x10000000L */
+
+#  define CRYPTO_set_dynlock_create_callback(dyn_create_function)
+#  define CRYPTO_set_dynlock_lock_callback(dyn_lock_function)
+#  define CRYPTO_set_dynlock_destroy_callback(dyn_destroy_function)
+#  define CRYPTO_get_dynlock_create_callback()          (NULL)
+#  define CRYPTO_get_dynlock_lock_callback()            (NULL)
+#  define CRYPTO_get_dynlock_destroy_callback()         (NULL)
+# endif /* OPENSSL_API_COMPAT < 0x10100000L */
+
+int CRYPTO_set_mem_functions(
+        void *(*m) (size_t, const char *, int),
+        void *(*r) (void *, size_t, const char *, int),
+        void (*f) (void *, const char *, int));
+int CRYPTO_set_mem_debug(int flag);
+void CRYPTO_get_mem_functions(
+        void *(**m) (size_t, const char *, int),
+        void *(**r) (void *, size_t, const char *, int),
+        void (**f) (void *, const char *, int));
+
+void *CRYPTO_malloc(size_t num, const char *file, int line);
+void *CRYPTO_zalloc(size_t num, const char *file, int line);
+void *CRYPTO_memdup(const void *str, size_t siz, const char *file, int line);
+char *CRYPTO_strdup(const char *str, const char *file, int line);
+char *CRYPTO_strndup(const char *str, size_t s, const char *file, int line);
+void CRYPTO_free(void *ptr, const char *file, int line);
+void CRYPTO_clear_free(void *ptr, size_t num, const char *file, int line);
+void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line);
+void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num,
+                           const char *file, int line);
+
+int CRYPTO_secure_malloc_init(size_t sz, int minsize);
+int CRYPTO_secure_malloc_done(void);
+void *CRYPTO_secure_malloc(size_t num, const char *file, int line);
+void *CRYPTO_secure_zalloc(size_t num, const char *file, int line);
+void CRYPTO_secure_free(void *ptr, const char *file, int line);
+void CRYPTO_secure_clear_free(void *ptr, size_t num,
+                              const char *file, int line);
+int CRYPTO_secure_allocated(const void *ptr);
+int CRYPTO_secure_malloc_initialized(void);
+size_t CRYPTO_secure_actual_size(void *ptr);
+size_t CRYPTO_secure_used(void);
+
+void OPENSSL_cleanse(void *ptr, size_t len);
+
+# ifndef OPENSSL_NO_CRYPTO_MDEBUG
+#  define OPENSSL_mem_debug_push(info) \
+        CRYPTO_mem_debug_push(info, OPENSSL_FILE, OPENSSL_LINE)
+#  define OPENSSL_mem_debug_pop() \
+        CRYPTO_mem_debug_pop()
+int CRYPTO_mem_debug_push(const char *info, const char *file, int line);
+int CRYPTO_mem_debug_pop(void);
+void CRYPTO_get_alloc_counts(int *mcount, int *rcount, int *fcount);
+
+/*-
+ * Debugging functions (enabled by CRYPTO_set_mem_debug(1))
+ * The flag argument has the following significance:
+ *   0:   called before the actual memory allocation has taken place
+ *   1:   called after the actual memory allocation has taken place
+ */
+void CRYPTO_mem_debug_malloc(void *addr, size_t num, int flag,
+        const char *file, int line);
+void CRYPTO_mem_debug_realloc(void *addr1, void *addr2, size_t num, int flag,
+        const char *file, int line);
+void CRYPTO_mem_debug_free(void *addr, int flag,
+        const char *file, int line);
+
+int CRYPTO_mem_leaks_cb(int (*cb) (const char *str, size_t len, void *u),
+                        void *u);
+#  ifndef OPENSSL_NO_STDIO
+int CRYPTO_mem_leaks_fp(FILE *);
+#  endif
+int CRYPTO_mem_leaks(BIO *bio);
+# endif
+
+/* die if we have to */
+ossl_noreturn void OPENSSL_die(const char *assertion, const char *file, int line);
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define OpenSSLDie(f,l,a) OPENSSL_die((a),(f),(l))
+# endif
+# define OPENSSL_assert(e) \
+    (void)((e) ? 0 : (OPENSSL_die("assertion failed: " #e, OPENSSL_FILE, OPENSSL_LINE), 1))
+
+int OPENSSL_isservice(void);
+
+int FIPS_mode(void);
+int FIPS_mode_set(int r);
+
+void OPENSSL_init(void);
+# ifdef OPENSSL_SYS_UNIX
+void OPENSSL_fork_prepare(void);
+void OPENSSL_fork_parent(void);
+void OPENSSL_fork_child(void);
+# endif
+
+struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result);
+int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec);
+int OPENSSL_gmtime_diff(int *pday, int *psec,
+                        const struct tm *from, const struct tm *to);
+
+/*
+ * CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal.
+ * It takes an amount of time dependent on |len|, but independent of the
+ * contents of |a| and |b|. Unlike memcmp, it cannot be used to put elements
+ * into a defined order as the return value when a != b is undefined, other
+ * than to be non-zero.
+ */
+int CRYPTO_memcmp(const void * in_a, const void * in_b, size_t len);
+
+/* Standard initialisation options */
+# define OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS 0x00000001L
+# define OPENSSL_INIT_LOAD_CRYPTO_STRINGS    0x00000002L
+# define OPENSSL_INIT_ADD_ALL_CIPHERS        0x00000004L
+# define OPENSSL_INIT_ADD_ALL_DIGESTS        0x00000008L
+# define OPENSSL_INIT_NO_ADD_ALL_CIPHERS     0x00000010L
+# define OPENSSL_INIT_NO_ADD_ALL_DIGESTS     0x00000020L
+# define OPENSSL_INIT_LOAD_CONFIG            0x00000040L
+# define OPENSSL_INIT_NO_LOAD_CONFIG         0x00000080L
+# define OPENSSL_INIT_ASYNC                  0x00000100L
+# define OPENSSL_INIT_ENGINE_RDRAND          0x00000200L
+# define OPENSSL_INIT_ENGINE_DYNAMIC         0x00000400L
+# define OPENSSL_INIT_ENGINE_OPENSSL         0x00000800L
+# define OPENSSL_INIT_ENGINE_CRYPTODEV       0x00001000L
+# define OPENSSL_INIT_ENGINE_CAPI            0x00002000L
+# define OPENSSL_INIT_ENGINE_PADLOCK         0x00004000L
+# define OPENSSL_INIT_ENGINE_AFALG           0x00008000L
+/* OPENSSL_INIT_ZLIB                         0x00010000L */
+# define OPENSSL_INIT_ATFORK                 0x00020000L
+/* OPENSSL_INIT_BASE_ONLY                    0x00040000L */
+/* OPENSSL_INIT flag range 0xfff00000 reserved for OPENSSL_init_ssl() */
+/* Max OPENSSL_INIT flag value is 0x80000000 */
+
+/* openssl and dasync not counted as builtin */
+# define OPENSSL_INIT_ENGINE_ALL_BUILTIN \
+    (OPENSSL_INIT_ENGINE_RDRAND | OPENSSL_INIT_ENGINE_DYNAMIC \
+    | OPENSSL_INIT_ENGINE_CRYPTODEV | OPENSSL_INIT_ENGINE_CAPI | \
+    OPENSSL_INIT_ENGINE_PADLOCK)
+
+
+/* Library initialisation functions */
+void OPENSSL_cleanup(void);
+int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
+int OPENSSL_atexit(void (*handler)(void));
+void OPENSSL_thread_stop(void);
+
+/* Low-level control of initialization */
+OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void);
+# ifndef OPENSSL_NO_STDIO
+int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *settings,
+                                    const char *config_file);
+# endif
+void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *settings);
+
+# if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG)
+#  if defined(_WIN32)
+#   if defined(BASETYPES) || defined(_WINDEF_H)
+/* application has to include <windows.h> in order to use this */
+typedef DWORD CRYPTO_THREAD_LOCAL;
+typedef DWORD CRYPTO_THREAD_ID;
+
+typedef LONG CRYPTO_ONCE;
+#    define CRYPTO_ONCE_STATIC_INIT 0
+#   endif
+#  else
+#   include <pthread.h>
+typedef pthread_once_t CRYPTO_ONCE;
+typedef pthread_key_t CRYPTO_THREAD_LOCAL;
+typedef pthread_t CRYPTO_THREAD_ID;
+
+#   define CRYPTO_ONCE_STATIC_INIT PTHREAD_ONCE_INIT
+#  endif
+# endif
+
+# if !defined(CRYPTO_ONCE_STATIC_INIT)
+typedef unsigned int CRYPTO_ONCE;
+typedef unsigned int CRYPTO_THREAD_LOCAL;
+typedef unsigned int CRYPTO_THREAD_ID;
+#  define CRYPTO_ONCE_STATIC_INIT 0
+# endif
+
+int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void));
+
+int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *));
+void *CRYPTO_THREAD_get_local(CRYPTO_THREAD_LOCAL *key);
+int CRYPTO_THREAD_set_local(CRYPTO_THREAD_LOCAL *key, void *val);
+int CRYPTO_THREAD_cleanup_local(CRYPTO_THREAD_LOCAL *key);
+
+CRYPTO_THREAD_ID CRYPTO_THREAD_get_current_id(void);
+int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b);
+
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/cryptoerr.h b/freebsd/crypto/openssl/include/openssl/cryptoerr.h
new file mode 100644
index 00000000..e127ff60
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/cryptoerr.h
@@ -0,0 +1,53 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CRYPTOERR_H
+# define HEADER_CRYPTOERR_H
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_CRYPTO_strings(void);
+
+/*
+ * CRYPTO function codes.
+ */
+# define CRYPTO_F_CMAC_CTX_NEW                            120
+# define CRYPTO_F_CRYPTO_DUP_EX_DATA                      110
+# define CRYPTO_F_CRYPTO_FREE_EX_DATA                     111
+# define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX                 100
+# define CRYPTO_F_CRYPTO_MEMDUP                           115
+# define CRYPTO_F_CRYPTO_NEW_EX_DATA                      112
+# define CRYPTO_F_CRYPTO_OCB128_COPY_CTX                  121
+# define CRYPTO_F_CRYPTO_OCB128_INIT                      122
+# define CRYPTO_F_CRYPTO_SET_EX_DATA                      102
+# define CRYPTO_F_FIPS_MODE_SET                           109
+# define CRYPTO_F_GET_AND_LOCK                            113
+# define CRYPTO_F_OPENSSL_ATEXIT                          114
+# define CRYPTO_F_OPENSSL_BUF2HEXSTR                      117
+# define CRYPTO_F_OPENSSL_FOPEN                           119
+# define CRYPTO_F_OPENSSL_HEXSTR2BUF                      118
+# define CRYPTO_F_OPENSSL_INIT_CRYPTO                     116
+# define CRYPTO_F_OPENSSL_LH_NEW                          126
+# define CRYPTO_F_OPENSSL_SK_DEEP_COPY                    127
+# define CRYPTO_F_OPENSSL_SK_DUP                          128
+# define CRYPTO_F_PKEY_HMAC_INIT                          123
+# define CRYPTO_F_PKEY_POLY1305_INIT                      124
+# define CRYPTO_F_PKEY_SIPHASH_INIT                       125
+# define CRYPTO_F_SK_RESERVE                              129
+
+/*
+ * CRYPTO reason codes.
+ */
+# define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED                 101
+# define CRYPTO_R_ILLEGAL_HEX_DIGIT                       102
+# define CRYPTO_R_ODD_NUMBER_OF_DIGITS                    103
+
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/ct.h b/freebsd/crypto/openssl/include/openssl/ct.h
new file mode 100644
index 00000000..d4262fa0
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/ct.h
@@ -0,0 +1,476 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CT_H
+# define HEADER_CT_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_CT
+# include <openssl/ossl_typ.h>
+# include <openssl/safestack.h>
+# include <openssl/x509.h>
+# include <openssl/cterr.h>
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+
+/* Minimum RSA key size, from RFC6962 */
+# define SCT_MIN_RSA_BITS 2048
+
+/* All hashes are SHA256 in v1 of Certificate Transparency */
+# define CT_V1_HASHLEN SHA256_DIGEST_LENGTH
+
+typedef enum {
+    CT_LOG_ENTRY_TYPE_NOT_SET = -1,
+    CT_LOG_ENTRY_TYPE_X509 = 0,
+    CT_LOG_ENTRY_TYPE_PRECERT = 1
+} ct_log_entry_type_t;
+
+typedef enum {
+    SCT_VERSION_NOT_SET = -1,
+    SCT_VERSION_V1 = 0
+} sct_version_t;
+
+typedef enum {
+    SCT_SOURCE_UNKNOWN,
+    SCT_SOURCE_TLS_EXTENSION,
+    SCT_SOURCE_X509V3_EXTENSION,
+    SCT_SOURCE_OCSP_STAPLED_RESPONSE
+} sct_source_t;
+
+typedef enum {
+    SCT_VALIDATION_STATUS_NOT_SET,
+    SCT_VALIDATION_STATUS_UNKNOWN_LOG,
+    SCT_VALIDATION_STATUS_VALID,
+    SCT_VALIDATION_STATUS_INVALID,
+    SCT_VALIDATION_STATUS_UNVERIFIED,
+    SCT_VALIDATION_STATUS_UNKNOWN_VERSION
+} sct_validation_status_t;
+
+DEFINE_STACK_OF(SCT)
+DEFINE_STACK_OF(CTLOG)
+
+/******************************************
+ * CT policy evaluation context functions *
+ ******************************************/
+
+/*
+ * Creates a new, empty policy evaluation context.
+ * The caller is responsible for calling CT_POLICY_EVAL_CTX_free when finished
+ * with the CT_POLICY_EVAL_CTX.
+ */
+CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void);
+
+/* Deletes a policy evaluation context and anything it owns. */
+void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx);
+
+/* Gets the peer certificate that the SCTs are for */
+X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx);
+
+/*
+ * Sets the certificate associated with the received SCTs.
+ * Increments the reference count of cert.
+ * Returns 1 on success, 0 otherwise.
+ */
+int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert);
+
+/* Gets the issuer of the aforementioned certificate */
+X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx);
+
+/*
+ * Sets the issuer of the certificate associated with the received SCTs.
+ * Increments the reference count of issuer.
+ * Returns 1 on success, 0 otherwise.
+ */
+int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer);
+
+/* Gets the CT logs that are trusted sources of SCTs */
+const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx);
+
+/* Sets the log store that is in use. It must outlive the CT_POLICY_EVAL_CTX. */
+void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx,
+                                               CTLOG_STORE *log_store);
+
+/*
+ * Gets the time, in milliseconds since the Unix epoch, that will be used as the
+ * current time when checking whether an SCT was issued in the future.
+ * Such SCTs will fail validation, as required by RFC6962.
+ */
+uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx);
+
+/*
+ * Sets the time to evaluate SCTs against, in milliseconds since the Unix epoch.
+ * If an SCT's timestamp is after this time, it will be interpreted as having
+ * been issued in the future. RFC6962 states that "TLS clients MUST reject SCTs
+ * whose timestamp is in the future", so an SCT will not validate in this case.
+ */
+void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms);
+
+/*****************
+ * SCT functions *
+ *****************/
+
+/*
+ * Creates a new, blank SCT.
+ * The caller is responsible for calling SCT_free when finished with the SCT.
+ */
+SCT *SCT_new(void);
+
+/*
+ * Creates a new SCT from some base64-encoded strings.
+ * The caller is responsible for calling SCT_free when finished with the SCT.
+ */
+SCT *SCT_new_from_base64(unsigned char version,
+                         const char *logid_base64,
+                         ct_log_entry_type_t entry_type,
+                         uint64_t timestamp,
+                         const char *extensions_base64,
+                         const char *signature_base64);
+
+/*
+ * Frees the SCT and the underlying data structures.
+ */
+void SCT_free(SCT *sct);
+
+/*
+ * Free a stack of SCTs, and the underlying SCTs themselves.
+ * Intended to be compatible with X509V3_EXT_FREE.
+ */
+void SCT_LIST_free(STACK_OF(SCT) *a);
+
+/*
+ * Returns the version of the SCT.
+ */
+sct_version_t SCT_get_version(const SCT *sct);
+
+/*
+ * Set the version of an SCT.
+ * Returns 1 on success, 0 if the version is unrecognized.
+ */
+__owur int SCT_set_version(SCT *sct, sct_version_t version);
+
+/*
+ * Returns the log entry type of the SCT.
+ */
+ct_log_entry_type_t SCT_get_log_entry_type(const SCT *sct);
+
+/*
+ * Set the log entry type of an SCT.
+ * Returns 1 on success, 0 otherwise.
+ */
+__owur int SCT_set_log_entry_type(SCT *sct, ct_log_entry_type_t entry_type);
+
+/*
+ * Gets the ID of the log that an SCT came from.
+ * Ownership of the log ID remains with the SCT.
+ * Returns the length of the log ID.
+ */
+size_t SCT_get0_log_id(const SCT *sct, unsigned char **log_id);
+
+/*
+ * Set the log ID of an SCT to point directly to the *log_id specified.
+ * The SCT takes ownership of the specified pointer.
+ * Returns 1 on success, 0 otherwise.
+ */
+__owur int SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len);
+
+/*
+ * Set the log ID of an SCT.
+ * This makes a copy of the log_id.
+ * Returns 1 on success, 0 otherwise.
+ */
+__owur int SCT_set1_log_id(SCT *sct, const unsigned char *log_id,
+                           size_t log_id_len);
+
+/*
+ * Returns the timestamp for the SCT (epoch time in milliseconds).
+ */
+uint64_t SCT_get_timestamp(const SCT *sct);
+
+/*
+ * Set the timestamp of an SCT (epoch time in milliseconds).
+ */
+void SCT_set_timestamp(SCT *sct, uint64_t timestamp);
+
+/*
+ * Return the NID for the signature used by the SCT.
+ * For CT v1, this will be either NID_sha256WithRSAEncryption or
+ * NID_ecdsa_with_SHA256 (or NID_undef if incorrect/unset).
+ */
+int SCT_get_signature_nid(const SCT *sct);
+
+/*
+ * Set the signature type of an SCT
+ * For CT v1, this should be either NID_sha256WithRSAEncryption or
+ * NID_ecdsa_with_SHA256.
+ * Returns 1 on success, 0 otherwise.
+ */
+__owur int SCT_set_signature_nid(SCT *sct, int nid);
+
+/*
+ * Set *ext to point to the extension data for the SCT. ext must not be NULL.
+ * The SCT retains ownership of this pointer.
+ * Returns length of the data pointed to.
+ */
+size_t SCT_get0_extensions(const SCT *sct, unsigned char **ext);
+
+/*
+ * Set the extensions of an SCT to point directly to the *ext specified.
+ * The SCT takes ownership of the specified pointer.
+ */
+void SCT_set0_extensions(SCT *sct, unsigned char *ext, size_t ext_len);
+
+/*
+ * Set the extensions of an SCT.
+ * This takes a copy of the ext.
+ * Returns 1 on success, 0 otherwise.
+ */
+__owur int SCT_set1_extensions(SCT *sct, const unsigned char *ext,
+                               size_t ext_len);
+
+/*
+ * Set *sig to point to the signature for the SCT. sig must not be NULL.
+ * The SCT retains ownership of this pointer.
+ * Returns length of the data pointed to.
+ */
+size_t SCT_get0_signature(const SCT *sct, unsigned char **sig);
+
+/*
+ * Set the signature of an SCT to point directly to the *sig specified.
+ * The SCT takes ownership of the specified pointer.
+ */
+void SCT_set0_signature(SCT *sct, unsigned char *sig, size_t sig_len);
+
+/*
+ * Set the signature of an SCT to be a copy of the *sig specified.
+ * Returns 1 on success, 0 otherwise.
+ */
+__owur int SCT_set1_signature(SCT *sct, const unsigned char *sig,
+                              size_t sig_len);
+
+/*
+ * The origin of this SCT, e.g. TLS extension, OCSP response, etc.
+ */
+sct_source_t SCT_get_source(const SCT *sct);
+
+/*
+ * Set the origin of this SCT, e.g. TLS extension, OCSP response, etc.
+ * Returns 1 on success, 0 otherwise.
+ */
+__owur int SCT_set_source(SCT *sct, sct_source_t source);
+
+/*
+ * Returns a text string describing the validation status of |sct|.
+ */
+const char *SCT_validation_status_string(const SCT *sct);
+
+/*
+ * Pretty-prints an |sct| to |out|.
+ * It will be indented by the number of spaces specified by |indent|.
+ * If |logs| is not NULL, it will be used to lookup the CT log that the SCT came
+ * from, so that the log name can be printed.
+ */
+void SCT_print(const SCT *sct, BIO *out, int indent, const CTLOG_STORE *logs);
+
+/*
+ * Pretty-prints an |sct_list| to |out|.
+ * It will be indented by the number of spaces specified by |indent|.
+ * SCTs will be delimited by |separator|.
+ * If |logs| is not NULL, it will be used to lookup the CT log that each SCT
+ * came from, so that the log names can be printed.
+ */
+void SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent,
+                    const char *separator, const CTLOG_STORE *logs);
+
+/*
+ * Gets the last result of validating this SCT.
+ * If it has not been validated yet, returns SCT_VALIDATION_STATUS_NOT_SET.
+ */
+sct_validation_status_t SCT_get_validation_status(const SCT *sct);
+
+/*
+ * Validates the given SCT with the provided context.
+ * Sets the "validation_status" field of the SCT.
+ * Returns 1 if the SCT is valid and the signature verifies.
+ * Returns 0 if the SCT is invalid or could not be verified.
+ * Returns -1 if an error occurs.
+ */
+__owur int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx);
+
+/*
+ * Validates the given list of SCTs with the provided context.
+ * Sets the "validation_status" field of each SCT.
+ * Returns 1 if there are no invalid SCTs and all signatures verify.
+ * Returns 0 if at least one SCT is invalid or could not be verified.
+ * Returns a negative integer if an error occurs.
+ */
+__owur int SCT_LIST_validate(const STACK_OF(SCT) *scts,
+                             CT_POLICY_EVAL_CTX *ctx);
+
+
+/*********************************
+ * SCT parsing and serialisation *
+ *********************************/
+
+/*
+ * Serialize (to TLS format) a stack of SCTs and return the length.
+ * "a" must not be NULL.
+ * If "pp" is NULL, just return the length of what would have been serialized.
+ * If "pp" is not NULL and "*pp" is null, function will allocate a new pointer
+ * for data that caller is responsible for freeing (only if function returns
+ * successfully).
+ * If "pp" is NULL and "*pp" is not NULL, caller is responsible for ensuring
+ * that "*pp" is large enough to accept all of the serialized data.
+ * Returns < 0 on error, >= 0 indicating bytes written (or would have been)
+ * on success.
+ */
+__owur int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp);
+
+/*
+ * Convert TLS format SCT list to a stack of SCTs.
+ * If "a" or "*a" is NULL, a new stack will be created that the caller is
+ * responsible for freeing (by calling SCT_LIST_free).
+ * "**pp" and "*pp" must not be NULL.
+ * Upon success, "*pp" will point to after the last bytes read, and a stack
+ * will be returned.
+ * Upon failure, a NULL pointer will be returned, and the position of "*pp" is
+ * not defined.
+ */
+STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp,
+                            size_t len);
+
+/*
+ * Serialize (to DER format) a stack of SCTs and return the length.
+ * "a" must not be NULL.
+ * If "pp" is NULL, just returns the length of what would have been serialized.
+ * If "pp" is not NULL and "*pp" is null, function will allocate a new pointer
+ * for data that caller is responsible for freeing (only if function returns
+ * successfully).
+ * If "pp" is NULL and "*pp" is not NULL, caller is responsible for ensuring
+ * that "*pp" is large enough to accept all of the serialized data.
+ * Returns < 0 on error, >= 0 indicating bytes written (or would have been)
+ * on success.
+ */
+__owur int i2d_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp);
+
+/*
+ * Parses an SCT list in DER format and returns it.
+ * If "a" or "*a" is NULL, a new stack will be created that the caller is
+ * responsible for freeing (by calling SCT_LIST_free).
+ * "**pp" and "*pp" must not be NULL.
+ * Upon success, "*pp" will point to after the last bytes read, and a stack
+ * will be returned.
+ * Upon failure, a NULL pointer will be returned, and the position of "*pp" is
+ * not defined.
+ */
+STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp,
+                            long len);
+
+/*
+ * Serialize (to TLS format) an |sct| and write it to |out|.
+ * If |out| is null, no SCT will be output but the length will still be returned.
+ * If |out| points to a null pointer, a string will be allocated to hold the
+ * TLS-format SCT. It is the responsibility of the caller to free it.
+ * If |out| points to an allocated string, the TLS-format SCT will be written
+ * to it.
+ * The length of the SCT in TLS format will be returned.
+ */
+__owur int i2o_SCT(const SCT *sct, unsigned char **out);
+
+/*
+ * Parses an SCT in TLS format and returns it.
+ * If |psct| is not null, it will end up pointing to the parsed SCT. If it
+ * already points to a non-null pointer, the pointer will be free'd.
+ * |in| should be a pointer to a string containing the TLS-format SCT.
+ * |in| will be advanced to the end of the SCT if parsing succeeds.
+ * |len| should be the length of the SCT in |in|.
+ * Returns NULL if an error occurs.
+ * If the SCT is an unsupported version, only the SCT's 'sct' and 'sct_len'
+ * fields will be populated (with |in| and |len| respectively).
+ */
+SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len);
+
+/********************
+ * CT log functions *
+ ********************/
+
+/*
+ * Creates a new CT log instance with the given |public_key| and |name|.
+ * Takes ownership of |public_key| but copies |name|.
+ * Returns NULL if malloc fails or if |public_key| cannot be converted to DER.
+ * Should be deleted by the caller using CTLOG_free when no longer needed.
+ */
+CTLOG *CTLOG_new(EVP_PKEY *public_key, const char *name);
+
+/*
+ * Creates a new CTLOG instance with the base64-encoded SubjectPublicKeyInfo DER
+ * in |pkey_base64|. The |name| is a string to help users identify this log.
+ * Returns 1 on success, 0 on failure.
+ * Should be deleted by the caller using CTLOG_free when no longer needed.
+ */
+int CTLOG_new_from_base64(CTLOG ** ct_log,
+                          const char *pkey_base64, const char *name);
+
+/*
+ * Deletes a CT log instance and its fields.
+ */
+void CTLOG_free(CTLOG *log);
+
+/* Gets the name of the CT log */
+const char *CTLOG_get0_name(const CTLOG *log);
+/* Gets the ID of the CT log */
+void CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id,
+                       size_t *log_id_len);
+/* Gets the public key of the CT log */
+EVP_PKEY *CTLOG_get0_public_key(const CTLOG *log);
+
+/**************************
+ * CT log store functions *
+ **************************/
+
+/*
+ * Creates a new CT log store.
+ * Should be deleted by the caller using CTLOG_STORE_free when no longer needed.
+ */
+CTLOG_STORE *CTLOG_STORE_new(void);
+
+/*
+ * Deletes a CT log store and all of the CT log instances held within.
+ */
+void CTLOG_STORE_free(CTLOG_STORE *store);
+
+/*
+ * Finds a CT log in the store based on its log ID.
+ * Returns the CT log, or NULL if no match is found.
+ */
+const CTLOG *CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store,
+                                        const uint8_t *log_id,
+                                        size_t log_id_len);
+
+/*
+ * Loads a CT log list into a |store| from a |file|.
+ * Returns 1 if loading is successful, or 0 otherwise.
+ */
+__owur int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file);
+
+/*
+ * Loads the default CT log list into a |store|.
+ * See internal/cryptlib.h for the environment variable and file path that are
+ * consulted to find the default file.
+ * Returns 1 if loading is successful, or 0 otherwise.
+ */
+__owur int CTLOG_STORE_load_default_file(CTLOG_STORE *store);
+
+#  ifdef  __cplusplus
+}
+#  endif
+# endif
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/cterr.h b/freebsd/crypto/openssl/include/openssl/cterr.h
new file mode 100644
index 00000000..764e1a22
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/cterr.h
@@ -0,0 +1,76 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CTERR_H
+# define HEADER_CTERR_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_CT
+
+#  ifdef  __cplusplus
+extern "C"
+#  endif
+int ERR_load_CT_strings(void);
+
+/*
+ * CT function codes.
+ */
+#  define CT_F_CTLOG_NEW                                   117
+#  define CT_F_CTLOG_NEW_FROM_BASE64                       118
+#  define CT_F_CTLOG_NEW_FROM_CONF                         119
+#  define CT_F_CTLOG_STORE_LOAD_CTX_NEW                    122
+#  define CT_F_CTLOG_STORE_LOAD_FILE                       123
+#  define CT_F_CTLOG_STORE_LOAD_LOG                        130
+#  define CT_F_CTLOG_STORE_NEW                             131
+#  define CT_F_CT_BASE64_DECODE                            124
+#  define CT_F_CT_POLICY_EVAL_CTX_NEW                      133
+#  define CT_F_CT_V1_LOG_ID_FROM_PKEY                      125
+#  define CT_F_I2O_SCT                                     107
+#  define CT_F_I2O_SCT_LIST                                108
+#  define CT_F_I2O_SCT_SIGNATURE                           109
+#  define CT_F_O2I_SCT                                     110
+#  define CT_F_O2I_SCT_LIST                                111
+#  define CT_F_O2I_SCT_SIGNATURE                           112
+#  define CT_F_SCT_CTX_NEW                                 126
+#  define CT_F_SCT_CTX_VERIFY                              128
+#  define CT_F_SCT_NEW                                     100
+#  define CT_F_SCT_NEW_FROM_BASE64                         127
+#  define CT_F_SCT_SET0_LOG_ID                             101
+#  define CT_F_SCT_SET1_EXTENSIONS                         114
+#  define CT_F_SCT_SET1_LOG_ID                             115
+#  define CT_F_SCT_SET1_SIGNATURE                          116
+#  define CT_F_SCT_SET_LOG_ENTRY_TYPE                      102
+#  define CT_F_SCT_SET_SIGNATURE_NID                       103
+#  define CT_F_SCT_SET_VERSION                             104
+
+/*
+ * CT reason codes.
+ */
+#  define CT_R_BASE64_DECODE_ERROR                         108
+#  define CT_R_INVALID_LOG_ID_LENGTH                       100
+#  define CT_R_LOG_CONF_INVALID                            109
+#  define CT_R_LOG_CONF_INVALID_KEY                        110
+#  define CT_R_LOG_CONF_MISSING_DESCRIPTION                111
+#  define CT_R_LOG_CONF_MISSING_KEY                        112
+#  define CT_R_LOG_KEY_INVALID                             113
+#  define CT_R_SCT_FUTURE_TIMESTAMP                        116
+#  define CT_R_SCT_INVALID                                 104
+#  define CT_R_SCT_INVALID_SIGNATURE                       107
+#  define CT_R_SCT_LIST_INVALID                            105
+#  define CT_R_SCT_LOG_ID_MISMATCH                         114
+#  define CT_R_SCT_NOT_SET                                 106
+#  define CT_R_SCT_UNSUPPORTED_VERSION                     115
+#  define CT_R_UNRECOGNIZED_SIGNATURE_NID                  101
+#  define CT_R_UNSUPPORTED_ENTRY_TYPE                      102
+#  define CT_R_UNSUPPORTED_VERSION                         103
+
+# endif
+#endif
diff --git a/freebsd/crypto/openssl/crypto/des/des.h b/freebsd/crypto/openssl/include/openssl/des.h
index 1b40144e..be4abbdf 100644
--- a/freebsd/crypto/openssl/crypto/des/des.h
+++ b/freebsd/crypto/openssl/include/openssl/des.h
@@ -1,80 +1,30 @@
-/* crypto/des/des.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#ifndef HEADER_NEW_DES_H
-# define HEADER_NEW_DES_H
+#ifndef HEADER_DES_H
+# define HEADER_DES_H
 
-# include <openssl/e_os2.h>     /* OPENSSL_EXTERN, OPENSSL_NO_DES, DES_LONG
-                                 * (via openssl/opensslconf.h */
+# include <openssl/opensslconf.h>
 
-# ifdef OPENSSL_NO_DES
-#  error DES is disabled.
+# ifndef OPENSSL_NO_DES
+# ifdef  __cplusplus
+extern "C" {
 # endif
+# include <openssl/e_os2.h>
+
+typedef unsigned int DES_LONG;
 
 # ifdef OPENSSL_BUILD_SHLIBCRYPTO
 #  undef OPENSSL_EXTERN
 #  define OPENSSL_EXTERN OPENSSL_EXPORT
 # endif
 
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
 typedef unsigned char DES_cblock[8];
 typedef /* const */ unsigned char const_DES_cblock[8];
 /*
@@ -92,16 +42,6 @@ typedef struct DES_ks {
     } ks[16];
 } DES_key_schedule;
 
-# ifndef OPENSSL_DISABLE_OLD_DES_SUPPORT
-#  ifndef OPENSSL_ENABLE_OLD_DES_SUPPORT
-#   define OPENSSL_ENABLE_OLD_DES_SUPPORT
-#  endif
-# endif
-
-# ifdef OPENSSL_ENABLE_OLD_DES_SUPPORT
-#  include <openssl/des_old.h>
-# endif
-
 # define DES_KEY_SZ      (sizeof(DES_cblock))
 # define DES_SCHEDULE_SZ (sizeof(DES_key_schedule))
 
@@ -125,8 +65,6 @@ typedef struct DES_ks {
 
 OPENSSL_DECLARE_GLOBAL(int, DES_check_key); /* defaults to false */
 # define DES_check_key OPENSSL_GLOBAL_REF(DES_check_key)
-OPENSSL_DECLARE_GLOBAL(int, DES_rw_mode); /* defaults to DES_PCBC_MODE */
-# define DES_rw_mode OPENSSL_GLOBAL_REF(DES_rw_mode)
 
 const char *DES_options(void);
 void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,
@@ -182,11 +120,6 @@ void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output,
                           long length,
                           DES_key_schedule *ks1, DES_key_schedule *ks2,
                           DES_key_schedule *ks3, DES_cblock *ivec, int enc);
-void DES_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out,
-                           long length,
-                           DES_key_schedule *ks1, DES_key_schedule *ks2,
-                           DES_key_schedule *ks3,
-                           DES_cblock *ivec1, DES_cblock *ivec2, int enc);
 void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
                             long length, DES_key_schedule *ks1,
                             DES_key_schedule *ks2, DES_key_schedule *ks3,
@@ -199,15 +132,6 @@ void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out,
                             long length, DES_key_schedule *ks1,
                             DES_key_schedule *ks2, DES_key_schedule *ks3,
                             DES_cblock *ivec, int *num);
-# if 0
-void DES_xwhite_in2out(const_DES_cblock *DES_key, const_DES_cblock *in_white,
-                       DES_cblock *out_white);
-# endif
-
-int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched,
-                 DES_cblock *iv);
-int DES_enc_write(int fd, const void *buf, int len, DES_key_schedule *sched,
-                  DES_cblock *iv);
 char *DES_fcrypt(const char *buf, const char *salt, char *ret);
 char *DES_crypt(const char *buf, const char *salt);
 void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
@@ -231,10 +155,6 @@ int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule);
 int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule);
 int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule);
 void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule);
-# ifdef OPENSSL_FIPS
-void private_DES_set_key_unchecked(const_DES_cblock *key,
-                                   DES_key_schedule *schedule);
-# endif
 void DES_string_to_key(const char *str, DES_cblock *key);
 void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2);
 void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out,
@@ -244,14 +164,11 @@ void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out,
                        long length, DES_key_schedule *schedule,
                        DES_cblock *ivec, int *num);
 
-int DES_read_password(DES_cblock *key, const char *prompt, int verify);
-int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2,
-                        const char *prompt, int verify);
-
 # define DES_fixup_key_parity DES_set_odd_parity
 
-#ifdef  __cplusplus
+# ifdef  __cplusplus
 }
-#endif
+# endif
+# endif
 
 #endif
diff --git a/freebsd/crypto/openssl/crypto/dh/dh.h b/freebsd/crypto/openssl/include/openssl/dh.h
index 80b28fb3..3527540c 100644
--- a/freebsd/crypto/openssl/crypto/dh/dh.h
+++ b/freebsd/crypto/openssl/include/openssl/dh.h
@@ -1,98 +1,50 @@
-/* crypto/dh/dh.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #ifndef HEADER_DH_H
 # define HEADER_DH_H
 
-# include <openssl/e_os2.h>
-
-# ifdef OPENSSL_NO_DH
-#  error DH is disabled.
-# endif
+# include <openssl/opensslconf.h>
 
-# ifndef OPENSSL_NO_BIO
-#  include <openssl/bio.h>
-# endif
+# ifndef OPENSSL_NO_DH
+# include <openssl/e_os2.h>
+# include <openssl/bio.h>
+# include <openssl/asn1.h>
 # include <openssl/ossl_typ.h>
-# ifndef OPENSSL_NO_DEPRECATED
+# if OPENSSL_API_COMPAT < 0x10100000L
 #  include <openssl/bn.h>
 # endif
+# include <openssl/dherr.h>
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
 
 # ifndef OPENSSL_DH_MAX_MODULUS_BITS
 #  define OPENSSL_DH_MAX_MODULUS_BITS    10000
 # endif
 
+# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
+
 # define DH_FLAG_CACHE_MONT_P     0x01
 
+# if OPENSSL_API_COMPAT < 0x10100000L
 /*
- * new with 0.9.7h; the built-in DH
- * implementation now uses constant time
- * modular exponentiation for secret exponents
- * by default. This flag causes the
- * faster variable sliding window method to
- * be used for all exponents.
+ * Does nothing. Previously this switched off constant time behaviour.
  */
-# define DH_FLAG_NO_EXP_CONSTTIME 0x02
+#  define DH_FLAG_NO_EXP_CONSTTIME 0x00
+# endif
 
 /*
  * If this flag is set the DH method is FIPS compliant and can be used in
  * FIPS mode. This is set in the validated module method. If an application
- * sets this flag in its own methods it is its reposibility to ensure the
+ * sets this flag in its own methods it is its responsibility to ensure the
  * result is compliant.
  */
 
@@ -106,57 +58,11 @@
 
 # define DH_FLAG_NON_FIPS_ALLOW                  0x0400
 
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
 /* Already defined in ossl_typ.h */
 /* typedef struct dh_st DH; */
 /* typedef struct dh_method DH_METHOD; */
 
-struct dh_method {
-    const char *name;
-    /* Methods here */
-    int (*generate_key) (DH *dh);
-    int (*compute_key) (unsigned char *key, const BIGNUM *pub_key, DH *dh);
-    /* Can be null */
-    int (*bn_mod_exp) (const DH *dh, BIGNUM *r, const BIGNUM *a,
-                       const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
-                       BN_MONT_CTX *m_ctx);
-    int (*init) (DH *dh);
-    int (*finish) (DH *dh);
-    int flags;
-    char *app_data;
-    /* If this is non-NULL, it will be used to generate parameters */
-    int (*generate_params) (DH *dh, int prime_len, int generator,
-                            BN_GENCB *cb);
-};
-
-struct dh_st {
-    /*
-     * This first argument is used to pick up errors when a DH is passed
-     * instead of a EVP_PKEY
-     */
-    int pad;
-    int version;
-    BIGNUM *p;
-    BIGNUM *g;
-    long length;                /* optional */
-    BIGNUM *pub_key;            /* g^x % p */
-    BIGNUM *priv_key;           /* x */
-    int flags;
-    BN_MONT_CTX *method_mont_p;
-    /* Place holders if we want to do X9.42 DH */
-    BIGNUM *q;
-    BIGNUM *j;
-    unsigned char *seed;
-    int seedlen;
-    BIGNUM *counter;
-    int references;
-    CRYPTO_EX_DATA ex_data;
-    const DH_METHOD *meth;
-    ENGINE *engine;
-};
+DECLARE_ASN1_ITEM(DHparams)
 
 # define DH_GENERATOR_2          2
 /* #define DH_GENERATOR_3       3 */
@@ -218,22 +124,28 @@ DH *DH_new_method(ENGINE *engine);
 DH *DH_new(void);
 void DH_free(DH *dh);
 int DH_up_ref(DH *dh);
+int DH_bits(const DH *dh);
 int DH_size(const DH *dh);
-int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-                        CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+int DH_security_bits(const DH *dh);
+#define DH_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, l, p, newf, dupf, freef)
 int DH_set_ex_data(DH *d, int idx, void *arg);
 void *DH_get_ex_data(DH *d, int idx);
 
 /* Deprecated version */
-# ifndef OPENSSL_NO_DEPRECATED
-DH *DH_generate_parameters(int prime_len, int generator,
-                           void (*callback) (int, int, void *), void *cb_arg);
-# endif                         /* !defined(OPENSSL_NO_DEPRECATED) */
+DEPRECATEDIN_0_9_8(DH *DH_generate_parameters(int prime_len, int generator,
+                                              void (*callback) (int, int,
+                                                                void *),
+                                              void *cb_arg))
 
 /* New version */
 int DH_generate_parameters_ex(DH *dh, int prime_len, int generator,
                               BN_GENCB *cb);
 
+int DH_check_params_ex(const DH *dh);
+int DH_check_ex(const DH *dh);
+int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key);
+int DH_check_params(const DH *dh, int *ret);
 int DH_check(const DH *dh, int *codes);
 int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *codes);
 int DH_generate_key(DH *dh);
@@ -243,20 +155,20 @@ DH *d2i_DHparams(DH **a, const unsigned char **pp, long length);
 int i2d_DHparams(const DH *a, unsigned char **pp);
 DH *d2i_DHxparams(DH **a, const unsigned char **pp, long length);
 int i2d_DHxparams(const DH *a, unsigned char **pp);
-# ifndef OPENSSL_NO_FP_API
+# ifndef OPENSSL_NO_STDIO
 int DHparams_print_fp(FILE *fp, const DH *x);
 # endif
-# ifndef OPENSSL_NO_BIO
 int DHparams_print(BIO *bp, const DH *x);
-# else
-int DHparams_print(char *bp, const DH *x);
-# endif
 
 /* RFC 5114 parameters */
 DH *DH_get_1024_160(void);
 DH *DH_get_2048_224(void);
 DH *DH_get_2048_256(void);
 
+/* Named parameters, currently RFC7919 */
+DH *DH_new_by_nid(int nid);
+int DH_get_nid(const DH *dh);
+
 # ifndef OPENSSL_NO_CMS
 /* RFC2631 KDF */
 int DH_KDF_X9_42(unsigned char *out, size_t outlen,
@@ -265,6 +177,55 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,
                  const unsigned char *ukm, size_t ukmlen, const EVP_MD *md);
 # endif
 
+void DH_get0_pqg(const DH *dh,
+                 const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
+int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
+void DH_get0_key(const DH *dh,
+                 const BIGNUM **pub_key, const BIGNUM **priv_key);
+int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key);
+const BIGNUM *DH_get0_p(const DH *dh);
+const BIGNUM *DH_get0_q(const DH *dh);
+const BIGNUM *DH_get0_g(const DH *dh);
+const BIGNUM *DH_get0_priv_key(const DH *dh);
+const BIGNUM *DH_get0_pub_key(const DH *dh);
+void DH_clear_flags(DH *dh, int flags);
+int DH_test_flags(const DH *dh, int flags);
+void DH_set_flags(DH *dh, int flags);
+ENGINE *DH_get0_engine(DH *d);
+long DH_get_length(const DH *dh);
+int DH_set_length(DH *dh, long length);
+
+DH_METHOD *DH_meth_new(const char *name, int flags);
+void DH_meth_free(DH_METHOD *dhm);
+DH_METHOD *DH_meth_dup(const DH_METHOD *dhm);
+const char *DH_meth_get0_name(const DH_METHOD *dhm);
+int DH_meth_set1_name(DH_METHOD *dhm, const char *name);
+int DH_meth_get_flags(const DH_METHOD *dhm);
+int DH_meth_set_flags(DH_METHOD *dhm, int flags);
+void *DH_meth_get0_app_data(const DH_METHOD *dhm);
+int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data);
+int (*DH_meth_get_generate_key(const DH_METHOD *dhm)) (DH *);
+int DH_meth_set_generate_key(DH_METHOD *dhm, int (*generate_key) (DH *));
+int (*DH_meth_get_compute_key(const DH_METHOD *dhm))
+        (unsigned char *key, const BIGNUM *pub_key, DH *dh);
+int DH_meth_set_compute_key(DH_METHOD *dhm,
+        int (*compute_key) (unsigned char *key, const BIGNUM *pub_key, DH *dh));
+int (*DH_meth_get_bn_mod_exp(const DH_METHOD *dhm))
+    (const DH *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *,
+     BN_CTX *, BN_MONT_CTX *);
+int DH_meth_set_bn_mod_exp(DH_METHOD *dhm,
+    int (*bn_mod_exp) (const DH *, BIGNUM *, const BIGNUM *, const BIGNUM *,
+                       const BIGNUM *, BN_CTX *, BN_MONT_CTX *));
+int (*DH_meth_get_init(const DH_METHOD *dhm))(DH *);
+int DH_meth_set_init(DH_METHOD *dhm, int (*init)(DH *));
+int (*DH_meth_get_finish(const DH_METHOD *dhm)) (DH *);
+int DH_meth_set_finish(DH_METHOD *dhm, int (*finish) (DH *));
+int (*DH_meth_get_generate_params(const DH_METHOD *dhm))
+        (DH *, int, int, BN_GENCB *);
+int DH_meth_set_generate_params(DH_METHOD *dhm,
+        int (*generate_params) (DH *, int, int, BN_GENCB *));
+
+
 # define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \
         EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
                         EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, len, NULL)
@@ -289,6 +250,15 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,
         EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \
                         EVP_PKEY_CTRL_DH_RFC5114, gen, NULL)
 
+# define EVP_PKEY_CTX_set_dh_nid(ctx, nid) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, \
+                        EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN, \
+                        EVP_PKEY_CTRL_DH_NID, nid, NULL)
+
+# define EVP_PKEY_CTX_set_dh_pad(ctx, pad) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_DERIVE, \
+                          EVP_PKEY_CTRL_DH_PAD, pad, NULL)
+
 # define EVP_PKEY_CTX_set_dh_kdf_type(ctx, kdf) \
         EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
                                 EVP_PKEY_OP_DERIVE, \
@@ -302,22 +272,22 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,
 # define EVP_PKEY_CTX_set0_dh_kdf_oid(ctx, oid) \
         EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
                                 EVP_PKEY_OP_DERIVE, \
-                                EVP_PKEY_CTRL_DH_KDF_OID, 0, (void *)oid)
+                                EVP_PKEY_CTRL_DH_KDF_OID, 0, (void *)(oid))
 
 # define EVP_PKEY_CTX_get0_dh_kdf_oid(ctx, poid) \
         EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
                                 EVP_PKEY_OP_DERIVE, \
-                                EVP_PKEY_CTRL_GET_DH_KDF_OID, 0, (void *)poid)
+                                EVP_PKEY_CTRL_GET_DH_KDF_OID, 0, (void *)(poid))
 
 # define EVP_PKEY_CTX_set_dh_kdf_md(ctx, md) \
         EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
                                 EVP_PKEY_OP_DERIVE, \
-                                EVP_PKEY_CTRL_DH_KDF_MD, 0, (void *)md)
+                                EVP_PKEY_CTRL_DH_KDF_MD, 0, (void *)(md))
 
 # define EVP_PKEY_CTX_get_dh_kdf_md(ctx, pmd) \
         EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
                                 EVP_PKEY_OP_DERIVE, \
-                                EVP_PKEY_CTRL_GET_DH_KDF_MD, 0, (void *)pmd)
+                                EVP_PKEY_CTRL_GET_DH_KDF_MD, 0, (void *)(pmd))
 
 # define EVP_PKEY_CTX_set_dh_kdf_outlen(ctx, len) \
         EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
@@ -327,17 +297,17 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,
 # define EVP_PKEY_CTX_get_dh_kdf_outlen(ctx, plen) \
         EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
                                 EVP_PKEY_OP_DERIVE, \
-                        EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN, 0, (void *)plen)
+                        EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN, 0, (void *)(plen))
 
 # define EVP_PKEY_CTX_set0_dh_kdf_ukm(ctx, p, plen) \
         EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
                                 EVP_PKEY_OP_DERIVE, \
-                                EVP_PKEY_CTRL_DH_KDF_UKM, plen, (void *)p)
+                                EVP_PKEY_CTRL_DH_KDF_UKM, plen, (void *)(p))
 
 # define EVP_PKEY_CTX_get0_dh_kdf_ukm(ctx, p) \
         EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
                                 EVP_PKEY_OP_DERIVE, \
-                                EVP_PKEY_CTRL_GET_DH_KDF_UKM, 0, (void *)p)
+                                EVP_PKEY_CTRL_GET_DH_KDF_UKM, 0, (void *)(p))
 
 # define EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN     (EVP_PKEY_ALG_CTRL + 1)
 # define EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR     (EVP_PKEY_ALG_CTRL + 2)
@@ -353,60 +323,18 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,
 # define EVP_PKEY_CTRL_GET_DH_KDF_UKM            (EVP_PKEY_ALG_CTRL + 12)
 # define EVP_PKEY_CTRL_DH_KDF_OID                (EVP_PKEY_ALG_CTRL + 13)
 # define EVP_PKEY_CTRL_GET_DH_KDF_OID            (EVP_PKEY_ALG_CTRL + 14)
+# define EVP_PKEY_CTRL_DH_NID                    (EVP_PKEY_ALG_CTRL + 15)
+# define EVP_PKEY_CTRL_DH_PAD                    (EVP_PKEY_ALG_CTRL + 16)
 
 /* KDF types */
 # define EVP_PKEY_DH_KDF_NONE                            1
+# ifndef OPENSSL_NO_CMS
 # define EVP_PKEY_DH_KDF_X9_42                           2
+# endif
 
-/* BEGIN ERROR CODES */
-/*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_DH_strings(void);
-
-/* Error codes for the DH functions. */
-
-/* Function codes. */
-# define DH_F_COMPUTE_KEY                                 102
-# define DH_F_DHPARAMS_PRINT_FP                           101
-# define DH_F_DH_BUILTIN_GENPARAMS                        106
-# define DH_F_DH_CMS_DECRYPT                              117
-# define DH_F_DH_CMS_SET_PEERKEY                          118
-# define DH_F_DH_CMS_SET_SHARED_INFO                      119
-# define DH_F_DH_COMPUTE_KEY                              114
-# define DH_F_DH_GENERATE_KEY                             115
-# define DH_F_DH_GENERATE_PARAMETERS_EX                   116
-# define DH_F_DH_NEW_METHOD                               105
-# define DH_F_DH_PARAM_DECODE                             107
-# define DH_F_DH_PRIV_DECODE                              110
-# define DH_F_DH_PRIV_ENCODE                              111
-# define DH_F_DH_PUB_DECODE                               108
-# define DH_F_DH_PUB_ENCODE                               109
-# define DH_F_DO_DH_PRINT                                 100
-# define DH_F_GENERATE_KEY                                103
-# define DH_F_GENERATE_PARAMETERS                         104
-# define DH_F_PKEY_DH_DERIVE                              112
-# define DH_F_PKEY_DH_KEYGEN                              113
-
-/* Reason codes. */
-# define DH_R_BAD_GENERATOR                               101
-# define DH_R_BN_DECODE_ERROR                             109
-# define DH_R_BN_ERROR                                    106
-# define DH_R_DECODE_ERROR                                104
-# define DH_R_INVALID_PUBKEY                              102
-# define DH_R_KDF_PARAMETER_ERROR                         112
-# define DH_R_KEYS_NOT_SET                                108
-# define DH_R_KEY_SIZE_TOO_SMALL                          110
-# define DH_R_MODULUS_TOO_LARGE                           103
-# define DH_R_NON_FIPS_METHOD                             111
-# define DH_R_NO_PARAMETERS_SET                           107
-# define DH_R_NO_PRIVATE_VALUE                            100
-# define DH_R_PARAMETER_ENCODING_ERROR                    105
-# define DH_R_PEER_KEY_ERROR                              113
-# define DH_R_SHARED_INFO_ERROR                           114
-
-#ifdef  __cplusplus
+
+#  ifdef  __cplusplus
 }
-#endif
+#  endif
+# endif
 #endif
diff --git a/freebsd/crypto/openssl/include/openssl/dherr.h b/freebsd/crypto/openssl/include/openssl/dherr.h
new file mode 100644
index 00000000..81e73f75
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/dherr.h
@@ -0,0 +1,84 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_DHERR_H
+# define HEADER_DHERR_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_DH
+
+#  ifdef  __cplusplus
+extern "C"
+#  endif
+int ERR_load_DH_strings(void);
+
+/*
+ * DH function codes.
+ */
+#  define DH_F_COMPUTE_KEY                                 102
+#  define DH_F_DHPARAMS_PRINT_FP                           101
+#  define DH_F_DH_BUILTIN_GENPARAMS                        106
+#  define DH_F_DH_CHECK_EX                                 121
+#  define DH_F_DH_CHECK_PARAMS_EX                          122
+#  define DH_F_DH_CHECK_PUB_KEY_EX                         123
+#  define DH_F_DH_CMS_DECRYPT                              114
+#  define DH_F_DH_CMS_SET_PEERKEY                          115
+#  define DH_F_DH_CMS_SET_SHARED_INFO                      116
+#  define DH_F_DH_METH_DUP                                 117
+#  define DH_F_DH_METH_NEW                                 118
+#  define DH_F_DH_METH_SET1_NAME                           119
+#  define DH_F_DH_NEW_BY_NID                               104
+#  define DH_F_DH_NEW_METHOD                               105
+#  define DH_F_DH_PARAM_DECODE                             107
+#  define DH_F_DH_PKEY_PUBLIC_CHECK                        124
+#  define DH_F_DH_PRIV_DECODE                              110
+#  define DH_F_DH_PRIV_ENCODE                              111
+#  define DH_F_DH_PUB_DECODE                               108
+#  define DH_F_DH_PUB_ENCODE                               109
+#  define DH_F_DO_DH_PRINT                                 100
+#  define DH_F_GENERATE_KEY                                103
+#  define DH_F_PKEY_DH_CTRL_STR                            120
+#  define DH_F_PKEY_DH_DERIVE                              112
+#  define DH_F_PKEY_DH_INIT                                125
+#  define DH_F_PKEY_DH_KEYGEN                              113
+
+/*
+ * DH reason codes.
+ */
+#  define DH_R_BAD_GENERATOR                               101
+#  define DH_R_BN_DECODE_ERROR                             109
+#  define DH_R_BN_ERROR                                    106
+#  define DH_R_CHECK_INVALID_J_VALUE                       115
+#  define DH_R_CHECK_INVALID_Q_VALUE                       116
+#  define DH_R_CHECK_PUBKEY_INVALID                        122
+#  define DH_R_CHECK_PUBKEY_TOO_LARGE                      123
+#  define DH_R_CHECK_PUBKEY_TOO_SMALL                      124
+#  define DH_R_CHECK_P_NOT_PRIME                           117
+#  define DH_R_CHECK_P_NOT_SAFE_PRIME                      118
+#  define DH_R_CHECK_Q_NOT_PRIME                           119
+#  define DH_R_DECODE_ERROR                                104
+#  define DH_R_INVALID_PARAMETER_NAME                      110
+#  define DH_R_INVALID_PARAMETER_NID                       114
+#  define DH_R_INVALID_PUBKEY                              102
+#  define DH_R_KDF_PARAMETER_ERROR                         112
+#  define DH_R_KEYS_NOT_SET                                108
+#  define DH_R_MISSING_PUBKEY                              125
+#  define DH_R_MODULUS_TOO_LARGE                           103
+#  define DH_R_NOT_SUITABLE_GENERATOR                      120
+#  define DH_R_NO_PARAMETERS_SET                           107
+#  define DH_R_NO_PRIVATE_VALUE                            100
+#  define DH_R_PARAMETER_ENCODING_ERROR                    105
+#  define DH_R_PEER_KEY_ERROR                              111
+#  define DH_R_SHARED_INFO_ERROR                           113
+#  define DH_R_UNABLE_TO_CHECK_GENERATOR                   121
+
+# endif
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/dsa.h b/freebsd/crypto/openssl/include/openssl/dsa.h
new file mode 100644
index 00000000..822eff34
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/dsa.h
@@ -0,0 +1,238 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_DSA_H
+# define HEADER_DSA_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_DSA
+# ifdef  __cplusplus
+extern "C" {
+# endif
+# include <openssl/e_os2.h>
+# include <openssl/bio.h>
+# include <openssl/crypto.h>
+# include <openssl/ossl_typ.h>
+# include <openssl/bn.h>
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  include <openssl/dh.h>
+# endif
+# include <openssl/dsaerr.h>
+
+# ifndef OPENSSL_DSA_MAX_MODULUS_BITS
+#  define OPENSSL_DSA_MAX_MODULUS_BITS   10000
+# endif
+
+# define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024
+
+# define DSA_FLAG_CACHE_MONT_P   0x01
+# if OPENSSL_API_COMPAT < 0x10100000L
+/*
+ * Does nothing. Previously this switched off constant time behaviour.
+ */
+#  define DSA_FLAG_NO_EXP_CONSTTIME       0x00
+# endif
+
+/*
+ * If this flag is set the DSA method is FIPS compliant and can be used in
+ * FIPS mode. This is set in the validated module method. If an application
+ * sets this flag in its own methods it is its responsibility to ensure the
+ * result is compliant.
+ */
+
+# define DSA_FLAG_FIPS_METHOD                    0x0400
+
+/*
+ * If this flag is set the operations normally disabled in FIPS mode are
+ * permitted it is then the applications responsibility to ensure that the
+ * usage is compliant.
+ */
+
+# define DSA_FLAG_NON_FIPS_ALLOW                 0x0400
+# define DSA_FLAG_FIPS_CHECKED                   0x0800
+
+/* Already defined in ossl_typ.h */
+/* typedef struct dsa_st DSA; */
+/* typedef struct dsa_method DSA_METHOD; */
+
+typedef struct DSA_SIG_st DSA_SIG;
+
+# define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \
+                (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x))
+# define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \
+                (unsigned char *)(x))
+# define d2i_DSAparams_bio(bp,x) ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAparams,bp,x)
+# define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio_of_const(DSA,i2d_DSAparams,bp,x)
+
+DSA *DSAparams_dup(DSA *x);
+DSA_SIG *DSA_SIG_new(void);
+void DSA_SIG_free(DSA_SIG *a);
+int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
+DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length);
+void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
+int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s);
+
+DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+int DSA_do_verify(const unsigned char *dgst, int dgst_len,
+                  DSA_SIG *sig, DSA *dsa);
+
+const DSA_METHOD *DSA_OpenSSL(void);
+
+void DSA_set_default_method(const DSA_METHOD *);
+const DSA_METHOD *DSA_get_default_method(void);
+int DSA_set_method(DSA *dsa, const DSA_METHOD *);
+const DSA_METHOD *DSA_get_method(DSA *d);
+
+DSA *DSA_new(void);
+DSA *DSA_new_method(ENGINE *engine);
+void DSA_free(DSA *r);
+/* "up" the DSA object's reference count */
+int DSA_up_ref(DSA *r);
+int DSA_size(const DSA *);
+int DSA_bits(const DSA *d);
+int DSA_security_bits(const DSA *d);
+        /* next 4 return -1 on error */
+DEPRECATEDIN_1_2_0(int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp))
+int DSA_sign(int type, const unsigned char *dgst, int dlen,
+             unsigned char *sig, unsigned int *siglen, DSA *dsa);
+int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
+               const unsigned char *sigbuf, int siglen, DSA *dsa);
+#define DSA_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, l, p, newf, dupf, freef)
+int DSA_set_ex_data(DSA *d, int idx, void *arg);
+void *DSA_get_ex_data(DSA *d, int idx);
+
+DSA *d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length);
+DSA *d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length);
+DSA *d2i_DSAparams(DSA **a, const unsigned char **pp, long length);
+
+/* Deprecated version */
+DEPRECATEDIN_0_9_8(DSA *DSA_generate_parameters(int bits,
+                                                unsigned char *seed,
+                                                int seed_len,
+                                                int *counter_ret,
+                                                unsigned long *h_ret, void
+                                                 (*callback) (int, int,
+                                                              void *),
+                                                void *cb_arg))
+
+/* New version */
+int DSA_generate_parameters_ex(DSA *dsa, int bits,
+                               const unsigned char *seed, int seed_len,
+                               int *counter_ret, unsigned long *h_ret,
+                               BN_GENCB *cb);
+
+int DSA_generate_key(DSA *a);
+int i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
+int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);
+int i2d_DSAparams(const DSA *a, unsigned char **pp);
+
+int DSAparams_print(BIO *bp, const DSA *x);
+int DSA_print(BIO *bp, const DSA *x, int off);
+# ifndef OPENSSL_NO_STDIO
+int DSAparams_print_fp(FILE *fp, const DSA *x);
+int DSA_print_fp(FILE *bp, const DSA *x, int off);
+# endif
+
+# define DSS_prime_checks 64
+/*
+ * Primality test according to FIPS PUB 186-4, Appendix C.3. Since we only
+ * have one value here we set the number of checks to 64 which is the 128 bit
+ * security level that is the highest level and valid for creating a 3072 bit
+ * DSA key.
+ */
+# define DSA_is_prime(n, callback, cb_arg) \
+        BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg)
+
+# ifndef OPENSSL_NO_DH
+/*
+ * Convert DSA structure (key or just parameters) into DH structure (be
+ * careful to avoid small subgroup attacks when using this!)
+ */
+DH *DSA_dup_DH(const DSA *r);
+# endif
+
+# define EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \
+                                EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL)
+
+# define EVP_PKEY_CTRL_DSA_PARAMGEN_BITS         (EVP_PKEY_ALG_CTRL + 1)
+# define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS       (EVP_PKEY_ALG_CTRL + 2)
+# define EVP_PKEY_CTRL_DSA_PARAMGEN_MD           (EVP_PKEY_ALG_CTRL + 3)
+
+void DSA_get0_pqg(const DSA *d,
+                  const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
+int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g);
+void DSA_get0_key(const DSA *d,
+                  const BIGNUM **pub_key, const BIGNUM **priv_key);
+int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key);
+const BIGNUM *DSA_get0_p(const DSA *d);
+const BIGNUM *DSA_get0_q(const DSA *d);
+const BIGNUM *DSA_get0_g(const DSA *d);
+const BIGNUM *DSA_get0_pub_key(const DSA *d);
+const BIGNUM *DSA_get0_priv_key(const DSA *d);
+void DSA_clear_flags(DSA *d, int flags);
+int DSA_test_flags(const DSA *d, int flags);
+void DSA_set_flags(DSA *d, int flags);
+ENGINE *DSA_get0_engine(DSA *d);
+
+DSA_METHOD *DSA_meth_new(const char *name, int flags);
+void DSA_meth_free(DSA_METHOD *dsam);
+DSA_METHOD *DSA_meth_dup(const DSA_METHOD *dsam);
+const char *DSA_meth_get0_name(const DSA_METHOD *dsam);
+int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name);
+int DSA_meth_get_flags(const DSA_METHOD *dsam);
+int DSA_meth_set_flags(DSA_METHOD *dsam, int flags);
+void *DSA_meth_get0_app_data(const DSA_METHOD *dsam);
+int DSA_meth_set0_app_data(DSA_METHOD *dsam, void *app_data);
+DSA_SIG *(*DSA_meth_get_sign(const DSA_METHOD *dsam))
+        (const unsigned char *, int, DSA *);
+int DSA_meth_set_sign(DSA_METHOD *dsam,
+                       DSA_SIG *(*sign) (const unsigned char *, int, DSA *));
+int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam))
+        (DSA *, BN_CTX *, BIGNUM **, BIGNUM **);
+int DSA_meth_set_sign_setup(DSA_METHOD *dsam,
+        int (*sign_setup) (DSA *, BN_CTX *, BIGNUM **, BIGNUM **));
+int (*DSA_meth_get_verify(const DSA_METHOD *dsam))
+        (const unsigned char *, int, DSA_SIG *, DSA *);
+int DSA_meth_set_verify(DSA_METHOD *dsam,
+    int (*verify) (const unsigned char *, int, DSA_SIG *, DSA *));
+int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam))
+        (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *,
+         const BIGNUM *, const BIGNUM *, BN_CTX *, BN_MONT_CTX *);
+int DSA_meth_set_mod_exp(DSA_METHOD *dsam,
+    int (*mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *,
+                    const BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *,
+                    BN_MONT_CTX *));
+int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam))
+    (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *,
+     BN_CTX *, BN_MONT_CTX *);
+int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam,
+    int (*bn_mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *,
+                       const BIGNUM *, BN_CTX *, BN_MONT_CTX *));
+int (*DSA_meth_get_init(const DSA_METHOD *dsam))(DSA *);
+int DSA_meth_set_init(DSA_METHOD *dsam, int (*init)(DSA *));
+int (*DSA_meth_get_finish(const DSA_METHOD *dsam)) (DSA *);
+int DSA_meth_set_finish(DSA_METHOD *dsam, int (*finish) (DSA *));
+int (*DSA_meth_get_paramgen(const DSA_METHOD *dsam))
+        (DSA *, int, const unsigned char *, int, int *, unsigned long *,
+         BN_GENCB *);
+int DSA_meth_set_paramgen(DSA_METHOD *dsam,
+        int (*paramgen) (DSA *, int, const unsigned char *, int, int *,
+                         unsigned long *, BN_GENCB *));
+int (*DSA_meth_get_keygen(const DSA_METHOD *dsam)) (DSA *);
+int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen) (DSA *));
+
+
+#  ifdef  __cplusplus
+}
+#  endif
+# endif
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/dsaerr.h b/freebsd/crypto/openssl/include/openssl/dsaerr.h
new file mode 100644
index 00000000..d94f97bb
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/dsaerr.h
@@ -0,0 +1,67 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_DSAERR_H
+# define HEADER_DSAERR_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_DSA
+
+#  ifdef  __cplusplus
+extern "C"
+#  endif
+int ERR_load_DSA_strings(void);
+
+/*
+ * DSA function codes.
+ */
+#  define DSA_F_DSAPARAMS_PRINT                            100
+#  define DSA_F_DSAPARAMS_PRINT_FP                         101
+#  define DSA_F_DSA_BUILTIN_PARAMGEN                       125
+#  define DSA_F_DSA_BUILTIN_PARAMGEN2                      126
+#  define DSA_F_DSA_DO_SIGN                                112
+#  define DSA_F_DSA_DO_VERIFY                              113
+#  define DSA_F_DSA_METH_DUP                               127
+#  define DSA_F_DSA_METH_NEW                               128
+#  define DSA_F_DSA_METH_SET1_NAME                         129
+#  define DSA_F_DSA_NEW_METHOD                             103
+#  define DSA_F_DSA_PARAM_DECODE                           119
+#  define DSA_F_DSA_PRINT_FP                               105
+#  define DSA_F_DSA_PRIV_DECODE                            115
+#  define DSA_F_DSA_PRIV_ENCODE                            116
+#  define DSA_F_DSA_PUB_DECODE                             117
+#  define DSA_F_DSA_PUB_ENCODE                             118
+#  define DSA_F_DSA_SIGN                                   106
+#  define DSA_F_DSA_SIGN_SETUP                             107
+#  define DSA_F_DSA_SIG_NEW                                102
+#  define DSA_F_OLD_DSA_PRIV_DECODE                        122
+#  define DSA_F_PKEY_DSA_CTRL                              120
+#  define DSA_F_PKEY_DSA_CTRL_STR                          104
+#  define DSA_F_PKEY_DSA_KEYGEN                            121
+
+/*
+ * DSA reason codes.
+ */
+#  define DSA_R_BAD_Q_VALUE                                102
+#  define DSA_R_BN_DECODE_ERROR                            108
+#  define DSA_R_BN_ERROR                                   109
+#  define DSA_R_DECODE_ERROR                               104
+#  define DSA_R_INVALID_DIGEST_TYPE                        106
+#  define DSA_R_INVALID_PARAMETERS                         112
+#  define DSA_R_MISSING_PARAMETERS                         101
+#  define DSA_R_MODULUS_TOO_LARGE                          103
+#  define DSA_R_NO_PARAMETERS_SET                          107
+#  define DSA_R_PARAMETER_ENCODING_ERROR                   105
+#  define DSA_R_Q_NOT_PRIME                                113
+#  define DSA_R_SEED_LEN_SMALL                             110
+
+# endif
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/dtls1.h b/freebsd/crypto/openssl/include/openssl/dtls1.h
new file mode 100644
index 00000000..a312e386
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/dtls1.h
@@ -0,0 +1,55 @@
+/*
+ * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_DTLS1_H
+# define HEADER_DTLS1_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# define DTLS1_VERSION                   0xFEFF
+# define DTLS1_2_VERSION                 0xFEFD
+# define DTLS_MIN_VERSION                DTLS1_VERSION
+# define DTLS_MAX_VERSION                DTLS1_2_VERSION
+# define DTLS1_VERSION_MAJOR             0xFE
+
+# define DTLS1_BAD_VER                   0x0100
+
+/* Special value for method supporting multiple versions */
+# define DTLS_ANY_VERSION                0x1FFFF
+
+/* lengths of messages */
+/*
+ * Actually the max cookie length in DTLS is 255. But we can't change this now
+ * due to compatibility concerns.
+ */
+# define DTLS1_COOKIE_LENGTH                     256
+
+# define DTLS1_RT_HEADER_LENGTH                  13
+
+# define DTLS1_HM_HEADER_LENGTH                  12
+
+# define DTLS1_HM_BAD_FRAGMENT                   -2
+# define DTLS1_HM_FRAGMENT_RETRY                 -3
+
+# define DTLS1_CCS_HEADER_LENGTH                  1
+
+# define DTLS1_AL_HEADER_LENGTH                   2
+
+/* Timeout multipliers (timeout slice is defined in apps/timeouts.h */
+# define DTLS1_TMO_READ_COUNT                      2
+# define DTLS1_TMO_WRITE_COUNT                     2
+
+# define DTLS1_TMO_ALERT_COUNT                     12
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/e_os2.h b/freebsd/crypto/openssl/include/openssl/e_os2.h
new file mode 100644
index 00000000..eeae2154
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/e_os2.h
@@ -0,0 +1,293 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_E_OS2_H
+# define HEADER_E_OS2_H
+
+# include <openssl/opensslconf.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/******************************************************************************
+ * Detect operating systems.  This probably needs completing.
+ * The result is that at least one OPENSSL_SYS_os macro should be defined.
+ * However, if none is defined, Unix is assumed.
+ **/
+
+# define OPENSSL_SYS_UNIX
+
+/* --------------------- Microsoft operating systems ---------------------- */
+
+/*
+ * Note that MSDOS actually denotes 32-bit environments running on top of
+ * MS-DOS, such as DJGPP one.
+ */
+# if defined(OPENSSL_SYS_MSDOS)
+#  undef OPENSSL_SYS_UNIX
+# endif
+
+/*
+ * For 32 bit environment, there seems to be the CygWin environment and then
+ * all the others that try to do the same thing Microsoft does...
+ */
+/*
+ * UEFI lives here because it might be built with a Microsoft toolchain and
+ * we need to avoid the false positive match on Windows.
+ */
+# if defined(OPENSSL_SYS_UEFI)
+#  undef OPENSSL_SYS_UNIX
+# elif defined(OPENSSL_SYS_UWIN)
+#  undef OPENSSL_SYS_UNIX
+#  define OPENSSL_SYS_WIN32_UWIN
+# else
+#  if defined(__CYGWIN__) || defined(OPENSSL_SYS_CYGWIN)
+#   define OPENSSL_SYS_WIN32_CYGWIN
+#  else
+#   if defined(_WIN32) || defined(OPENSSL_SYS_WIN32)
+#    undef OPENSSL_SYS_UNIX
+#    if !defined(OPENSSL_SYS_WIN32)
+#     define OPENSSL_SYS_WIN32
+#    endif
+#   endif
+#   if defined(_WIN64) || defined(OPENSSL_SYS_WIN64)
+#    undef OPENSSL_SYS_UNIX
+#    if !defined(OPENSSL_SYS_WIN64)
+#     define OPENSSL_SYS_WIN64
+#    endif
+#   endif
+#   if defined(OPENSSL_SYS_WINNT)
+#    undef OPENSSL_SYS_UNIX
+#   endif
+#   if defined(OPENSSL_SYS_WINCE)
+#    undef OPENSSL_SYS_UNIX
+#   endif
+#  endif
+# endif
+
+/* Anything that tries to look like Microsoft is "Windows" */
+# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN64) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE)
+#  undef OPENSSL_SYS_UNIX
+#  define OPENSSL_SYS_WINDOWS
+#  ifndef OPENSSL_SYS_MSDOS
+#   define OPENSSL_SYS_MSDOS
+#  endif
+# endif
+
+/*
+ * DLL settings.  This part is a bit tough, because it's up to the
+ * application implementor how he or she will link the application, so it
+ * requires some macro to be used.
+ */
+# ifdef OPENSSL_SYS_WINDOWS
+#  ifndef OPENSSL_OPT_WINDLL
+#   if defined(_WINDLL)         /* This is used when building OpenSSL to
+                                 * indicate that DLL linkage should be used */
+#    define OPENSSL_OPT_WINDLL
+#   endif
+#  endif
+# endif
+
+/* ------------------------------- OpenVMS -------------------------------- */
+# if defined(__VMS) || defined(VMS) || defined(OPENSSL_SYS_VMS)
+#  if !defined(OPENSSL_SYS_VMS)
+#   undef OPENSSL_SYS_UNIX
+#  endif
+#  define OPENSSL_SYS_VMS
+#  if defined(__DECC)
+#   define OPENSSL_SYS_VMS_DECC
+#  elif defined(__DECCXX)
+#   define OPENSSL_SYS_VMS_DECC
+#   define OPENSSL_SYS_VMS_DECCXX
+#  else
+#   define OPENSSL_SYS_VMS_NODECC
+#  endif
+# endif
+
+/* -------------------------------- Unix ---------------------------------- */
+# ifdef OPENSSL_SYS_UNIX
+#  if defined(linux) || defined(__linux__) && !defined(OPENSSL_SYS_LINUX)
+#   define OPENSSL_SYS_LINUX
+#  endif
+#  if defined(_AIX) && !defined(OPENSSL_SYS_AIX)
+#   define OPENSSL_SYS_AIX
+#  endif
+# endif
+
+/* -------------------------------- VOS ----------------------------------- */
+# if defined(__VOS__) && !defined(OPENSSL_SYS_VOS)
+#  define OPENSSL_SYS_VOS
+#  ifdef __HPPA__
+#   define OPENSSL_SYS_VOS_HPPA
+#  endif
+#  ifdef __IA32__
+#   define OPENSSL_SYS_VOS_IA32
+#  endif
+# endif
+
+/**
+ * That's it for OS-specific stuff
+ *****************************************************************************/
+
+/* Specials for I/O an exit */
+# ifdef OPENSSL_SYS_MSDOS
+#  define OPENSSL_UNISTD_IO <io.h>
+#  define OPENSSL_DECLARE_EXIT extern void exit(int);
+# else
+#  define OPENSSL_UNISTD_IO OPENSSL_UNISTD
+#  define OPENSSL_DECLARE_EXIT  /* declared in unistd.h */
+# endif
+
+/*-
+ * OPENSSL_EXTERN is normally used to declare a symbol with possible extra
+ * attributes to handle its presence in a shared library.
+ * OPENSSL_EXPORT is used to define a symbol with extra possible attributes
+ * to make it visible in a shared library.
+ * Care needs to be taken when a header file is used both to declare and
+ * define symbols.  Basically, for any library that exports some global
+ * variables, the following code must be present in the header file that
+ * declares them, before OPENSSL_EXTERN is used:
+ *
+ * #ifdef SOME_BUILD_FLAG_MACRO
+ * # undef OPENSSL_EXTERN
+ * # define OPENSSL_EXTERN OPENSSL_EXPORT
+ * #endif
+ *
+ * The default is to have OPENSSL_EXPORT and OPENSSL_EXTERN
+ * have some generally sensible values.
+ */
+
+# if defined(OPENSSL_SYS_WINDOWS) && defined(OPENSSL_OPT_WINDLL)
+#  define OPENSSL_EXPORT extern __declspec(dllexport)
+#  define OPENSSL_EXTERN extern __declspec(dllimport)
+# else
+#  define OPENSSL_EXPORT extern
+#  define OPENSSL_EXTERN extern
+# endif
+
+/*-
+ * Macros to allow global variables to be reached through function calls when
+ * required (if a shared library version requires it, for example.
+ * The way it's done allows definitions like this:
+ *
+ *      // in foobar.c
+ *      OPENSSL_IMPLEMENT_GLOBAL(int,foobar,0)
+ *      // in foobar.h
+ *      OPENSSL_DECLARE_GLOBAL(int,foobar);
+ *      #define foobar OPENSSL_GLOBAL_REF(foobar)
+ */
+# ifdef OPENSSL_EXPORT_VAR_AS_FUNCTION
+#  define OPENSSL_IMPLEMENT_GLOBAL(type,name,value)                      \
+        type *_shadow_##name(void)                                      \
+        { static type _hide_##name=value; return &_hide_##name; }
+#  define OPENSSL_DECLARE_GLOBAL(type,name) type *_shadow_##name(void)
+#  define OPENSSL_GLOBAL_REF(name) (*(_shadow_##name()))
+# else
+#  define OPENSSL_IMPLEMENT_GLOBAL(type,name,value) type _shadow_##name=value;
+#  define OPENSSL_DECLARE_GLOBAL(type,name) OPENSSL_EXPORT type _shadow_##name
+#  define OPENSSL_GLOBAL_REF(name) _shadow_##name
+# endif
+
+# ifdef _WIN32
+#  ifdef _WIN64
+#   define ossl_ssize_t __int64
+#   define OSSL_SSIZE_MAX _I64_MAX
+#  else
+#   define ossl_ssize_t int
+#   define OSSL_SSIZE_MAX INT_MAX
+#  endif
+# endif
+
+# if defined(OPENSSL_SYS_UEFI) && !defined(ossl_ssize_t)
+#  define ossl_ssize_t INTN
+#  define OSSL_SSIZE_MAX MAX_INTN
+# endif
+
+# ifndef ossl_ssize_t
+#  define ossl_ssize_t ssize_t
+#  if defined(SSIZE_MAX)
+#   define OSSL_SSIZE_MAX SSIZE_MAX
+#  elif defined(_POSIX_SSIZE_MAX)
+#   define OSSL_SSIZE_MAX _POSIX_SSIZE_MAX
+#  else
+#   define OSSL_SSIZE_MAX ((ssize_t)(SIZE_MAX>>1))
+#  endif
+# endif
+
+# ifdef DEBUG_UNUSED
+#  define __owur __attribute__((__warn_unused_result__))
+# else
+#  define __owur
+# endif
+
+/* Standard integer types */
+# if defined(OPENSSL_SYS_UEFI)
+typedef INT8 int8_t;
+typedef UINT8 uint8_t;
+typedef INT16 int16_t;
+typedef UINT16 uint16_t;
+typedef INT32 int32_t;
+typedef UINT32 uint32_t;
+typedef INT64 int64_t;
+typedef UINT64 uint64_t;
+# elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \
+     defined(__osf__) || defined(__sgi) || defined(__hpux) || \
+     defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__)
+#  include <inttypes.h>
+# elif defined(_MSC_VER) && _MSC_VER<=1500
+/*
+ * minimally required typdefs for systems not supporting inttypes.h or
+ * stdint.h: currently just older VC++
+ */
+typedef signed char int8_t;
+typedef unsigned char uint8_t;
+typedef short int16_t;
+typedef unsigned short uint16_t;
+typedef int int32_t;
+typedef unsigned int uint32_t;
+typedef __int64 int64_t;
+typedef unsigned __int64 uint64_t;
+# else
+#  include <stdint.h>
+# endif
+
+/* ossl_inline: portable inline definition usable in public headers */
+# if !defined(inline) && !defined(__cplusplus)
+#  if defined(__STDC_VERSION__) && __STDC_VERSION__>=199901L
+   /* just use inline */
+#   define ossl_inline inline
+#  elif defined(__GNUC__) && __GNUC__>=2
+#   define ossl_inline __inline__
+#  elif defined(_MSC_VER)
+  /*
+   * Visual Studio: inline is available in C++ only, however
+   * __inline is available for C, see
+   * http://msdn.microsoft.com/en-us/library/z8y1yy88.aspx
+   */
+#   define ossl_inline __inline
+#  else
+#   define ossl_inline
+#  endif
+# else
+#  define ossl_inline inline
+# endif
+
+# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L
+#  define ossl_noreturn _Noreturn
+# elif defined(__GNUC__) && __GNUC__ >= 2
+#  define ossl_noreturn __attribute__((noreturn))
+# else
+#  define ossl_noreturn
+# endif
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/freebsd/crypto/openssl/crypto/ebcdic.h b/freebsd/crypto/openssl/include/openssl/ebcdic.h
index 4cbdfeb7..aa012855 100644
--- a/freebsd/crypto/openssl/crypto/ebcdic.h
+++ b/freebsd/crypto/openssl/include/openssl/ebcdic.h
@@ -1,9 +1,16 @@
-/* crypto/ebcdic.h */
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
 
 #ifndef HEADER_EBCDIC_H
 # define HEADER_EBCDIC_H
 
-# include <sys/types.h>
+# include <stdlib.h>
 
 #ifdef  __cplusplus
 extern "C" {
diff --git a/freebsd/crypto/openssl/crypto/ec/ec.h b/freebsd/crypto/openssl/include/openssl/ec.h
index 81e6faf6..4d70da70 100644
--- a/freebsd/crypto/openssl/crypto/ec/ec.h
+++ b/freebsd/crypto/openssl/include/openssl/ec.h
@@ -1,76 +1,11 @@
-/* crypto/ec/ec.h */
 /*
- * Originally written by Bodo Moeller for the OpenSSL project.
- */
-/**
- * \file crypto/ec/ec.h Include file for the OpenSSL EC functions
- * \author Originally written by Bodo Moeller for the OpenSSL project
- */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * The elliptic curve binary polynomial software is originally written by
- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
+ * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #ifndef HEADER_EC_H
@@ -78,22 +13,15 @@
 
 # include <openssl/opensslconf.h>
 
-# ifdef OPENSSL_NO_EC
-#  error EC is disabled.
-# endif
-
+# ifndef OPENSSL_NO_EC
 # include <openssl/asn1.h>
 # include <openssl/symhacks.h>
-# ifndef OPENSSL_NO_DEPRECATED
+# if OPENSSL_API_COMPAT < 0x10100000L
 #  include <openssl/bn.h>
 # endif
-
+# include <openssl/ecerr.h>
 # ifdef  __cplusplus
 extern "C" {
-# elif defined(__SUNPRO_C)
-#  if __SUNPRO_C >= 0x520
-#   pragma error_messages (off,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE)
-#  endif
 # endif
 
 # ifndef OPENSSL_ECC_MAX_FIELD_BITS
@@ -114,19 +42,10 @@ typedef enum {
 } point_conversion_form_t;
 
 typedef struct ec_method_st EC_METHOD;
-
-typedef struct ec_group_st
-    /*-
-     EC_METHOD *meth;
-     -- field definition
-     -- curve coefficients
-     -- optional generator with associated information (order, cofactor)
-     -- optional extra data (precomputed table for fast computation of multiples of generator)
-     -- ASN1 stuff
-    */
-    EC_GROUP;
-
+typedef struct ec_group_st EC_GROUP;
 typedef struct ec_point_st EC_POINT;
+typedef struct ecpk_parameters_st ECPKPARAMETERS;
+typedef struct ec_parameters_st ECPARAMETERS;
 
 /********************************************************************/
 /*               EC_METHODs for curves over GF(p)                   */
@@ -229,7 +148,7 @@ int EC_METHOD_get_field_type(const EC_METHOD *meth);
  *  \param  order      the order of the group generated by the generator.
  *  \param  cofactor   the index of the sub-group generated by the generator
  *                     in the group of all points on the elliptic curve.
- *  \return 1 on success and 0 if an error occured
+ *  \return 1 on success and 0 if an error occurred
  */
 int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,
                            const BIGNUM *order, const BIGNUM *cofactor);
@@ -242,27 +161,45 @@ const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group);
 
 /** Returns the montgomery data for order(Generator)
  *  \param  group  EC_GROUP object
- *  \return the currently used generator (possibly NULL).
+ *  \return the currently used montgomery data (possibly NULL).
 */
 BN_MONT_CTX *EC_GROUP_get_mont_data(const EC_GROUP *group);
 
 /** Gets the order of a EC_GROUP
  *  \param  group  EC_GROUP object
  *  \param  order  BIGNUM to which the order is copied
- *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
+ *  \param  ctx    unused
+ *  \return 1 on success and 0 if an error occurred
  */
 int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx);
 
+/** Gets the order of an EC_GROUP
+ *  \param  group  EC_GROUP object
+ *  \return the group order
+ */
+const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group);
+
+/** Gets the number of bits of the order of an EC_GROUP
+ *  \param  group  EC_GROUP object
+ *  \return number of bits of group order.
+ */
+int EC_GROUP_order_bits(const EC_GROUP *group);
+
 /** Gets the cofactor of a EC_GROUP
  *  \param  group     EC_GROUP object
  *  \param  cofactor  BIGNUM to which the cofactor is copied
- *  \param  ctx       BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
+ *  \param  ctx       unused
+ *  \return 1 on success and 0 if an error occurred
  */
 int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor,
                           BN_CTX *ctx);
 
+/** Gets the cofactor of an EC_GROUP
+ *  \param  group  EC_GROUP object
+ *  \return the group cofactor
+ */
+const BIGNUM *EC_GROUP_get0_cofactor(const EC_GROUP *group);
+
 /** Sets the name of a EC_GROUP object
  *  \param  group  EC_GROUP object
  *  \param  nid    NID of the curve name OID
@@ -286,50 +223,84 @@ unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x);
 size_t EC_GROUP_get_seed_len(const EC_GROUP *);
 size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len);
 
-/** Sets the parameter of a ec over GFp defined by y^2 = x^3 + a*x + b
+/** Sets the parameters of a ec curve defined by y^2 = x^3 + a*x + b (for GFp)
+ *  or y^2 + x*y = x^3 + a*x^2 + b (for GF2m)
  *  \param  group  EC_GROUP object
- *  \param  p      BIGNUM with the prime number
+ *  \param  p      BIGNUM with the prime number (GFp) or the polynomial
+ *                 defining the underlying field (GF2m)
  *  \param  a      BIGNUM with parameter a of the equation
  *  \param  b      BIGNUM with parameter b of the equation
  *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
+ *  \return 1 on success and 0 if an error occurred
  */
-int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
-                           const BIGNUM *b, BN_CTX *ctx);
+int EC_GROUP_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
+                       const BIGNUM *b, BN_CTX *ctx);
 
-/** Gets the parameter of the ec over GFp defined by y^2 = x^3 + a*x + b
+/** Gets the parameters of the ec curve defined by y^2 = x^3 + a*x + b (for GFp)
+ *  or y^2 + x*y = x^3 + a*x^2 + b (for GF2m)
  *  \param  group  EC_GROUP object
- *  \param  p      BIGNUM for the prime number
+ *  \param  p      BIGNUM with the prime number (GFp) or the polynomial
+ *                 defining the underlying field (GF2m)
  *  \param  a      BIGNUM for parameter a of the equation
  *  \param  b      BIGNUM for parameter b of the equation
  *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b,
+                       BN_CTX *ctx);
+
+/** Sets the parameters of an ec curve. Synonym for EC_GROUP_set_curve
+ *  \param  group  EC_GROUP object
+ *  \param  p      BIGNUM with the prime number (GFp) or the polynomial
+ *                 defining the underlying field (GF2m)
+ *  \param  a      BIGNUM with parameter a of the equation
+ *  \param  b      BIGNUM with parameter b of the equation
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
  */
-int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a,
-                           BIGNUM *b, BN_CTX *ctx);
+DEPRECATEDIN_1_2_0(int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p,
+                                              const BIGNUM *a, const BIGNUM *b,
+                                              BN_CTX *ctx))
+
+/** Gets the parameters of an ec curve. Synonym for EC_GROUP_get_curve
+ *  \param  group  EC_GROUP object
+ *  \param  p      BIGNUM with the prime number (GFp) or the polynomial
+ *                 defining the underlying field (GF2m)
+ *  \param  a      BIGNUM for parameter a of the equation
+ *  \param  b      BIGNUM for parameter b of the equation
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+DEPRECATEDIN_1_2_0(int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p,
+                                              BIGNUM *a, BIGNUM *b,
+                                              BN_CTX *ctx))
 
 # ifndef OPENSSL_NO_EC2M
-/** Sets the parameter of a ec over GF2m defined by y^2 + x*y = x^3 + a*x^2 + b
+/** Sets the parameter of an ec curve. Synonym for EC_GROUP_set_curve
  *  \param  group  EC_GROUP object
- *  \param  p      BIGNUM with the polynomial defining the underlying field
+ *  \param  p      BIGNUM with the prime number (GFp) or the polynomial
+ *                 defining the underlying field (GF2m)
  *  \param  a      BIGNUM with parameter a of the equation
  *  \param  b      BIGNUM with parameter b of the equation
  *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
+ *  \return 1 on success and 0 if an error occurred
  */
-int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
-                            const BIGNUM *b, BN_CTX *ctx);
+DEPRECATEDIN_1_2_0(int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p,
+                                               const BIGNUM *a, const BIGNUM *b,
+                                               BN_CTX *ctx))
 
-/** Gets the parameter of the ec over GF2m defined by y^2 + x*y = x^3 + a*x^2 + b
+/** Gets the parameters of an ec curve. Synonym for EC_GROUP_get_curve
  *  \param  group  EC_GROUP object
- *  \param  p      BIGNUM for the polynomial defining the underlying field
+ *  \param  p      BIGNUM with the prime number (GFp) or the polynomial
+ *                 defining the underlying field (GF2m)
  *  \param  a      BIGNUM for parameter a of the equation
  *  \param  b      BIGNUM for parameter b of the equation
  *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
+ *  \return 1 on success and 0 if an error occurred
  */
-int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a,
-                            BIGNUM *b, BN_CTX *ctx);
+DEPRECATEDIN_1_2_0(int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p,
+                                               BIGNUM *a, BIGNUM *b,
+                                               BN_CTX *ctx))
 # endif
 /** Returns the number of bits needed to represent a field element
  *  \param  group  EC_GROUP object
@@ -355,7 +326,7 @@ int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx);
  *  \param  a    first EC_GROUP object
  *  \param  b    second EC_GROUP object
  *  \param  ctx  BN_CTX object (optional)
- *  \return 0 if both groups are equal and 1 otherwise
+ *  \return 0 if the groups are equal, 1 if not, or -1 on error
  */
 int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx);
 
@@ -386,6 +357,7 @@ EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a,
 EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
                                   const BIGNUM *b, BN_CTX *ctx);
 # endif
+
 /** Creates a EC_GROUP object with a curve specified by a NID
  *  \param  nid  NID of the OID of the curve name
  *  \return newly created EC_GROUP object with specified curve or NULL
@@ -393,6 +365,38 @@ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
  */
 EC_GROUP *EC_GROUP_new_by_curve_name(int nid);
 
+/** Creates a new EC_GROUP object from an ECPARAMETERS object
+ *  \param  params  pointer to the ECPARAMETERS object
+ *  \return newly created EC_GROUP object with specified curve or NULL
+ *          if an error occurred
+ */
+EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params);
+
+/** Creates an ECPARAMETERS object for the given EC_GROUP object.
+ *  \param  group   pointer to the EC_GROUP object
+ *  \param  params  pointer to an existing ECPARAMETERS object or NULL
+ *  \return pointer to the new ECPARAMETERS object or NULL
+ *          if an error occurred.
+ */
+ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group,
+                                        ECPARAMETERS *params);
+
+/** Creates a new EC_GROUP object from an ECPKPARAMETERS object
+ *  \param  params  pointer to an existing ECPKPARAMETERS object, or NULL
+ *  \return newly created EC_GROUP object with specified curve, or NULL
+ *          if an error occurred
+ */
+EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params);
+
+/** Creates an ECPKPARAMETERS object for the given EC_GROUP object.
+ *  \param  group   pointer to the EC_GROUP object
+ *  \param  params  pointer to an existing ECPKPARAMETERS object or NULL
+ *  \return pointer to the new ECPKPARAMETERS object or NULL
+ *          if an error occurred.
+ */
+ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group,
+                                            ECPKPARAMETERS *params);
+
 /********************************************************************/
 /*               handling of internal curves                        */
 /********************************************************************/
@@ -404,7 +408,7 @@ typedef struct {
 
 /*
  * EC_builtin_curves(EC_builtin_curve *r, size_t size) returns number of all
- * available curves or zero if a error occurred. In case r ist not zero
+ * available curves or zero if a error occurred. In case r is not zero,
  * nitems EC_builtin_curve structures are filled with the data of the first
  * nitems internal groups
  */
@@ -436,7 +440,7 @@ void EC_POINT_clear_free(EC_POINT *point);
 /** Copies EC_POINT object
  *  \param  dst  destination EC_POINT object
  *  \param  src  source EC_POINT object
- *  \return 1 on success and 0 if an error occured
+ *  \return 1 on success and 0 if an error occurred
  */
 int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src);
 
@@ -457,7 +461,7 @@ const EC_METHOD *EC_POINT_method_of(const EC_POINT *point);
 /** Sets a point to infinity (neutral element)
  *  \param  group  underlying EC_GROUP object
  *  \param  point  EC_POINT to set to infinity
- *  \return 1 on success and 0 if an error occured
+ *  \return 1 on success and 0 if an error occurred
  */
 int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point);
 
@@ -468,7 +472,7 @@ int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point);
  *  \param  y      BIGNUM with the y-coordinate
  *  \param  z      BIGNUM with the z-coordinate
  *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
+ *  \return 1 on success and 0 if an error occurred
  */
 int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group,
                                              EC_POINT *p, const BIGNUM *x,
@@ -482,84 +486,137 @@ int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group,
  *  \param  y      BIGNUM for the y-coordinate
  *  \param  z      BIGNUM for the z-coordinate
  *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
+ *  \return 1 on success and 0 if an error occurred
  */
 int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
                                              const EC_POINT *p, BIGNUM *x,
                                              BIGNUM *y, BIGNUM *z,
                                              BN_CTX *ctx);
 
-/** Sets the affine coordinates of a EC_POINT over GFp
+/** Sets the affine coordinates of an EC_POINT
  *  \param  group  underlying EC_GROUP object
  *  \param  p      EC_POINT object
  *  \param  x      BIGNUM with the x-coordinate
  *  \param  y      BIGNUM with the y-coordinate
  *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
+ *  \return 1 on success and 0 if an error occurred
  */
-int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
-                                        const BIGNUM *x, const BIGNUM *y,
-                                        BN_CTX *ctx);
+int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *p,
+                                    const BIGNUM *x, const BIGNUM *y,
+                                    BN_CTX *ctx);
 
-/** Gets the affine coordinates of a EC_POINT over GFp
+/** Gets the affine coordinates of an EC_POINT.
  *  \param  group  underlying EC_GROUP object
  *  \param  p      EC_POINT object
  *  \param  x      BIGNUM for the x-coordinate
  *  \param  y      BIGNUM for the y-coordinate
  *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
+ *  \return 1 on success and 0 if an error occurred
  */
-int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
-                                        const EC_POINT *p, BIGNUM *x,
-                                        BIGNUM *y, BN_CTX *ctx);
+int EC_POINT_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *p,
+                                    BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
 
-/** Sets the x9.62 compressed coordinates of a EC_POINT over GFp
+/** Sets the affine coordinates of an EC_POINT. A synonym of
+ *  EC_POINT_set_affine_coordinates
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  x      BIGNUM with the x-coordinate
+ *  \param  y      BIGNUM with the y-coordinate
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+DEPRECATEDIN_1_2_0(int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group,
+                                                           EC_POINT *p,
+                                                           const BIGNUM *x,
+                                                           const BIGNUM *y,
+                                                           BN_CTX *ctx))
+
+/** Gets the affine coordinates of an EC_POINT. A synonym of
+ *  EC_POINT_get_affine_coordinates
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  x      BIGNUM for the x-coordinate
+ *  \param  y      BIGNUM for the y-coordinate
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+DEPRECATEDIN_1_2_0(int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
+                                                           const EC_POINT *p,
+                                                           BIGNUM *x,
+                                                           BIGNUM *y,
+                                                           BN_CTX *ctx))
+
+/** Sets the x9.62 compressed coordinates of a EC_POINT
  *  \param  group  underlying EC_GROUP object
  *  \param  p      EC_POINT object
  *  \param  x      BIGNUM with x-coordinate
  *  \param  y_bit  integer with the y-Bit (either 0 or 1)
  *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
+ *  \return 1 on success and 0 if an error occurred
  */
-int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group,
-                                            EC_POINT *p, const BIGNUM *x,
-                                            int y_bit, BN_CTX *ctx);
+int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *p,
+                                        const BIGNUM *x, int y_bit,
+                                        BN_CTX *ctx);
+
+/** Sets the x9.62 compressed coordinates of a EC_POINT. A synonym of
+ *  EC_POINT_set_compressed_coordinates
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  x      BIGNUM with x-coordinate
+ *  \param  y_bit  integer with the y-Bit (either 0 or 1)
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+DEPRECATEDIN_1_2_0(int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group,
+                                                               EC_POINT *p,
+                                                               const BIGNUM *x,
+                                                               int y_bit,
+                                                               BN_CTX *ctx))
 # ifndef OPENSSL_NO_EC2M
-/** Sets the affine coordinates of a EC_POINT over GF2m
+/** Sets the affine coordinates of an EC_POINT. A synonym of
+ *  EC_POINT_set_affine_coordinates
  *  \param  group  underlying EC_GROUP object
  *  \param  p      EC_POINT object
  *  \param  x      BIGNUM with the x-coordinate
  *  \param  y      BIGNUM with the y-coordinate
  *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
+ *  \return 1 on success and 0 if an error occurred
  */
-int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p,
-                                         const BIGNUM *x, const BIGNUM *y,
-                                         BN_CTX *ctx);
+DEPRECATEDIN_1_2_0(int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group,
+                                                            EC_POINT *p,
+                                                            const BIGNUM *x,
+                                                            const BIGNUM *y,
+                                                            BN_CTX *ctx))
 
-/** Gets the affine coordinates of a EC_POINT over GF2m
+/** Gets the affine coordinates of an EC_POINT. A synonym of
+ *  EC_POINT_get_affine_coordinates
  *  \param  group  underlying EC_GROUP object
  *  \param  p      EC_POINT object
  *  \param  x      BIGNUM for the x-coordinate
  *  \param  y      BIGNUM for the y-coordinate
  *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
+ *  \return 1 on success and 0 if an error occurred
  */
-int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group,
-                                         const EC_POINT *p, BIGNUM *x,
-                                         BIGNUM *y, BN_CTX *ctx);
+DEPRECATEDIN_1_2_0(int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group,
+                                                            const EC_POINT *p,
+                                                            BIGNUM *x,
+                                                            BIGNUM *y,
+                                                            BN_CTX *ctx))
 
-/** Sets the x9.62 compressed coordinates of a EC_POINT over GF2m
+/** Sets the x9.62 compressed coordinates of a EC_POINT. A synonym of
+ *  EC_POINT_set_compressed_coordinates
  *  \param  group  underlying EC_GROUP object
  *  \param  p      EC_POINT object
  *  \param  x      BIGNUM with x-coordinate
  *  \param  y_bit  integer with the y-Bit (either 0 or 1)
  *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
+ *  \return 1 on success and 0 if an error occurred
  */
-int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group,
-                                             EC_POINT *p, const BIGNUM *x,
-                                             int y_bit, BN_CTX *ctx);
+DEPRECATEDIN_1_2_0(int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group,
+                                                                EC_POINT *p,
+                                                                const BIGNUM *x,
+                                                                int y_bit,
+                                                                BN_CTX *ctx))
 # endif
 /** Encodes a EC_POINT object to a octet string
  *  \param  group  underlying EC_GROUP object
@@ -581,11 +638,23 @@ size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p,
  *  \param  buf    memory buffer with the encoded ec point
  *  \param  len    length of the encoded ec point
  *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
+ *  \return 1 on success and 0 if an error occurred
  */
 int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p,
                        const unsigned char *buf, size_t len, BN_CTX *ctx);
 
+/** Encodes an EC_POINT object to an allocated octet string
+ *  \param  group  underlying EC_GROUP object
+ *  \param  point  EC_POINT object
+ *  \param  form   point conversion form
+ *  \param  pbuf   returns pointer to allocated buffer
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return the length of the encoded octet string or 0 if an error occurred
+ */
+size_t EC_POINT_point2buf(const EC_GROUP *group, const EC_POINT *point,
+                          point_conversion_form_t form,
+                          unsigned char **pbuf, BN_CTX *ctx);
+
 /* other interfaces to point2oct/oct2point: */
 BIGNUM *EC_POINT_point2bn(const EC_GROUP *, const EC_POINT *,
                           point_conversion_form_t form, BIGNUM *, BN_CTX *);
@@ -606,7 +675,7 @@ EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *,
  *  \param  a      EC_POINT object with the first summand
  *  \param  b      EC_POINT object with the second summand
  *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
+ *  \return 1 on success and 0 if an error occurred
  */
 int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
                  const EC_POINT *b, BN_CTX *ctx);
@@ -616,7 +685,7 @@ int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
  *  \param  r      EC_POINT object for the result (r = 2 * a)
  *  \param  a      EC_POINT object
  *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
+ *  \return 1 on success and 0 if an error occurred
  */
 int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
                  BN_CTX *ctx);
@@ -625,7 +694,7 @@ int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
  *  \param  group  underlying EC_GROUP object
  *  \param  a      EC_POINT object to be inverted (it's used for the result as well)
  *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
+ *  \return 1 on success and 0 if an error occurred
  */
 int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx);
 
@@ -640,7 +709,7 @@ int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p);
  *  \param  group  underlying EC_GROUP object
  *  \param  point  EC_POINT object to check
  *  \param  ctx    BN_CTX object (optional)
- *  \return 1 if point if on the curve and 0 otherwise
+ *  \return 1 if the point is on the curve, 0 if not, or -1 on error
  */
 int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
                          BN_CTX *ctx);
@@ -650,7 +719,7 @@ int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
  *  \param  a      first EC_POINT object
  *  \param  b      second EC_POINT object
  *  \param  ctx    BN_CTX object (optional)
- *  \return 0 if both points are equal and a value != 0 otherwise
+ *  \return 1 if the points are not equal, 0 if they are, or -1 on error
  */
 int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b,
                  BN_CTX *ctx);
@@ -659,15 +728,15 @@ int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx);
 int EC_POINTs_make_affine(const EC_GROUP *group, size_t num,
                           EC_POINT *points[], BN_CTX *ctx);
 
-/** Computes r = generator * n sum_{i=0}^{num-1} p[i] * m[i]
+/** Computes r = generator * n + sum_{i=0}^{num-1} p[i] * m[i]
  *  \param  group  underlying EC_GROUP object
  *  \param  r      EC_POINT object for the result
  *  \param  n      BIGNUM with the multiplier for the group generator (optional)
- *  \param  num    number futher summands
+ *  \param  num    number further summands
  *  \param  p      array of size num of EC_POINT objects
  *  \param  m      array of size num of BIGNUM objects
  *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
+ *  \return 1 on success and 0 if an error occurred
  */
 int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n,
                   size_t num, const EC_POINT *p[], const BIGNUM *m[],
@@ -680,7 +749,7 @@ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n,
  *  \param  q      EC_POINT object with the first factor of the second summand
  *  \param  m      BIGNUM with the second factor of the second summand
  *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
+ *  \return 1 on success and 0 if an error occurred
  */
 int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n,
                  const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx);
@@ -688,7 +757,7 @@ int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n,
 /** Stores multiples of generator for faster point multiplication
  *  \param  group  EC_GROUP object
  *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
+ *  \return 1 on success and 0 if an error occurred
  */
 int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
 
@@ -702,6 +771,11 @@ int EC_GROUP_have_precompute_mult(const EC_GROUP *group);
 /*                       ASN1 stuff                                 */
 /********************************************************************/
 
+DECLARE_ASN1_ITEM(ECPKPARAMETERS)
+DECLARE_ASN1_ALLOC_FUNCTIONS(ECPKPARAMETERS)
+DECLARE_ASN1_ITEM(ECPARAMETERS)
+DECLARE_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS)
+
 /*
  * EC_GROUP_get_basis_type() returns the NID of the basis type used to
  * represent the field elements
@@ -713,9 +787,8 @@ int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1,
                                    unsigned int *k2, unsigned int *k3);
 # endif
 
-# define OPENSSL_EC_NAMED_CURVE  0x001
-
-typedef struct ecpk_parameters_st ECPKPARAMETERS;
+# define OPENSSL_EC_EXPLICIT_CURVE  0x000
+# define OPENSSL_EC_NAMED_CURVE     0x001
 
 EC_GROUP *d2i_ECPKParameters(EC_GROUP **, const unsigned char **in, long len);
 int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out);
@@ -727,10 +800,8 @@ int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out);
 # define i2d_ECPKParameters_fp(fp,x) ASN1_i2d_fp(i2d_ECPKParameters,(fp), \
                 (unsigned char *)(x))
 
-# ifndef OPENSSL_NO_BIO
 int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off);
-# endif
-# ifndef OPENSSL_NO_FP_API
+# ifndef OPENSSL_NO_STDIO
 int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off);
 # endif
 
@@ -738,8 +809,6 @@ int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off);
 /*                      EC_KEY functions                            */
 /********************************************************************/
 
-typedef struct ec_key_st EC_KEY;
-
 /* some values for the encoding_flag */
 # define EC_PKEY_NO_PARAMETERS   0x001
 # define EC_PKEY_NO_PUBKEY       0x002
@@ -747,6 +816,7 @@ typedef struct ec_key_st EC_KEY;
 /* some values for the flags field */
 # define EC_FLAG_NON_FIPS_ALLOW  0x1
 # define EC_FLAG_FIPS_CHECKED    0x2
+# define EC_FLAG_COFACTOR_ECDH   0x1000
 
 /** Creates a new EC_KEY object.
  *  \return EC_KEY object or NULL if an error occurred.
@@ -790,6 +860,12 @@ EC_KEY *EC_KEY_dup(const EC_KEY *src);
  */
 int EC_KEY_up_ref(EC_KEY *key);
 
+/** Returns the ENGINE object of a EC_KEY object
+ *  \param  eckey  EC_KEY object
+ *  \return the ENGINE object (possibly NULL).
+ */
+ENGINE *EC_KEY_get0_engine(const EC_KEY *eckey);
+
 /** Returns the EC_GROUP object of a EC_KEY object
  *  \param  key  EC_KEY object
  *  \return the EC_GROUP object (possibly NULL).
@@ -836,23 +912,12 @@ unsigned EC_KEY_get_enc_flags(const EC_KEY *key);
 void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags);
 point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key);
 void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform);
-/* functions to set/get method specific data  */
-void *EC_KEY_get_key_method_data(EC_KEY *key,
-                                 void *(*dup_func) (void *),
-                                 void (*free_func) (void *),
-                                 void (*clear_free_func) (void *));
-/** Sets the key method data of an EC_KEY object, if none has yet been set.
- *  \param  key              EC_KEY object
- *  \param  data             opaque data to install.
- *  \param  dup_func         a function that duplicates |data|.
- *  \param  free_func        a function that frees |data|.
- *  \param  clear_free_func  a function that wipes and frees |data|.
- *  \return the previously set data pointer, or NULL if |data| was inserted.
- */
-void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data,
-                                    void *(*dup_func) (void *),
-                                    void (*free_func) (void *),
-                                    void (*clear_free_func) (void *));
+
+#define EC_KEY_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_EC_KEY, l, p, newf, dupf, freef)
+int EC_KEY_set_ex_data(EC_KEY *key, int idx, void *arg);
+void *EC_KEY_get_ex_data(const EC_KEY *key, int idx);
+
 /* wrapper functions for the underlying EC_GROUP object */
 void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag);
 
@@ -876,8 +941,14 @@ int EC_KEY_generate_key(EC_KEY *key);
  */
 int EC_KEY_check_key(const EC_KEY *key);
 
-/** Sets a public key from affine coordindates performing
- *  neccessary NIST PKV tests.
+/** Indicates if an EC_KEY can be used for signing.
+ *  \param  eckey  the EC_KEY object
+ *  \return 1 if can can sign and 0 otherwise.
+ */
+int EC_KEY_can_sign(const EC_KEY *eckey);
+
+/** Sets a public key from affine coordinates performing
+ *  necessary NIST PKV tests.
  *  \param  key  the EC_KEY object
  *  \param  x    public key x coordinate
  *  \param  y    public key y coordinate
@@ -886,6 +957,53 @@ int EC_KEY_check_key(const EC_KEY *key);
 int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x,
                                              BIGNUM *y);
 
+/** Encodes an EC_KEY public key to an allocated octet string
+ *  \param  key    key to encode
+ *  \param  form   point conversion form
+ *  \param  pbuf   returns pointer to allocated buffer
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return the length of the encoded octet string or 0 if an error occurred
+ */
+size_t EC_KEY_key2buf(const EC_KEY *key, point_conversion_form_t form,
+                      unsigned char **pbuf, BN_CTX *ctx);
+
+/** Decodes a EC_KEY public key from a octet string
+ *  \param  key    key to decode
+ *  \param  buf    memory buffer with the encoded ec point
+ *  \param  len    length of the encoded ec point
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+
+int EC_KEY_oct2key(EC_KEY *key, const unsigned char *buf, size_t len,
+                   BN_CTX *ctx);
+
+/** Decodes an EC_KEY private key from an octet string
+ *  \param  key    key to decode
+ *  \param  buf    memory buffer with the encoded private key
+ *  \param  len    length of the encoded key
+ *  \return 1 on success and 0 if an error occurred
+ */
+
+int EC_KEY_oct2priv(EC_KEY *key, const unsigned char *buf, size_t len);
+
+/** Encodes a EC_KEY private key to an octet string
+ *  \param  key    key to encode
+ *  \param  buf    memory buffer for the result. If NULL the function returns
+ *                 required buffer size.
+ *  \param  len    length of the memory buffer
+ *  \return the length of the encoded octet string or 0 if an error occurred
+ */
+
+size_t EC_KEY_priv2oct(const EC_KEY *key, unsigned char *buf, size_t len);
+
+/** Encodes an EC_KEY private key to an allocated octet string
+ *  \param  eckey  key to encode
+ *  \param  pbuf   returns pointer to allocated buffer
+ *  \return the length of the encoded octet string or 0 if an error occurred
+ */
+size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf);
+
 /********************************************************************/
 /*        de- and encoding functions for SEC1 ECPrivateKey          */
 /********************************************************************/
@@ -920,7 +1038,7 @@ int i2d_ECPrivateKey(EC_KEY *key, unsigned char **out);
 EC_KEY *d2i_ECParameters(EC_KEY **key, const unsigned char **in, long len);
 
 /** Encodes ec parameter and stores the result in a buffer.
- *  \param  key  the EC_KEY object with ec paramters to encode
+ *  \param  key  the EC_KEY object with ec parameters to encode
  *  \param  out  the buffer for the result (if NULL the function returns number
  *               of bytes needed).
  *  \return 1 on success and 0 if an error occurred.
@@ -947,9 +1065,8 @@ EC_KEY *o2i_ECPublicKey(EC_KEY **key, const unsigned char **in, long len);
  *               of bytes needed).
  *  \return 1 on success and 0 if an error occurred
  */
-int i2o_ECPublicKey(EC_KEY *key, unsigned char **out);
+int i2o_ECPublicKey(const EC_KEY *key, unsigned char **out);
 
-# ifndef OPENSSL_NO_BIO
 /** Prints out the ec parameters on human readable form.
  *  \param  bp   BIO object to which the information is printed
  *  \param  key  EC_KEY object
@@ -965,8 +1082,7 @@ int ECParameters_print(BIO *bp, const EC_KEY *key);
  */
 int EC_KEY_print(BIO *bp, const EC_KEY *key, int off);
 
-# endif
-# ifndef OPENSSL_NO_FP_API
+# ifndef OPENSSL_NO_STDIO
 /** Prints out the ec parameters on human readable form.
  *  \param  fp   file descriptor to which the information is printed
  *  \param  key  EC_KEY object
@@ -984,6 +1100,264 @@ int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off);
 
 # endif
 
+const EC_KEY_METHOD *EC_KEY_OpenSSL(void);
+const EC_KEY_METHOD *EC_KEY_get_default_method(void);
+void EC_KEY_set_default_method(const EC_KEY_METHOD *meth);
+const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key);
+int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth);
+EC_KEY *EC_KEY_new_method(ENGINE *engine);
+
+int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
+                   const unsigned char *Z, size_t Zlen,
+                   const unsigned char *sinfo, size_t sinfolen,
+                   const EVP_MD *md);
+
+int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
+                     const EC_KEY *ecdh,
+                     void *(*KDF) (const void *in, size_t inlen,
+                                   void *out, size_t *outlen));
+
+typedef struct ECDSA_SIG_st ECDSA_SIG;
+
+/** Allocates and initialize a ECDSA_SIG structure
+ *  \return pointer to a ECDSA_SIG structure or NULL if an error occurred
+ */
+ECDSA_SIG *ECDSA_SIG_new(void);
+
+/** frees a ECDSA_SIG structure
+ *  \param  sig  pointer to the ECDSA_SIG structure
+ */
+void ECDSA_SIG_free(ECDSA_SIG *sig);
+
+/** DER encode content of ECDSA_SIG object (note: this function modifies *pp
+ *  (*pp += length of the DER encoded signature)).
+ *  \param  sig  pointer to the ECDSA_SIG object
+ *  \param  pp   pointer to a unsigned char pointer for the output or NULL
+ *  \return the length of the DER encoded ECDSA_SIG object or 0
+ */
+int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp);
+
+/** Decodes a DER encoded ECDSA signature (note: this function changes *pp
+ *  (*pp += len)).
+ *  \param  sig  pointer to ECDSA_SIG pointer (may be NULL)
+ *  \param  pp   memory buffer with the DER encoded signature
+ *  \param  len  length of the buffer
+ *  \return pointer to the decoded ECDSA_SIG structure (or NULL)
+ */
+ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len);
+
+/** Accessor for r and s fields of ECDSA_SIG
+ *  \param  sig  pointer to ECDSA_SIG structure
+ *  \param  pr   pointer to BIGNUM pointer for r (may be NULL)
+ *  \param  ps   pointer to BIGNUM pointer for s (may be NULL)
+ */
+void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
+
+/** Accessor for r field of ECDSA_SIG
+ *  \param  sig  pointer to ECDSA_SIG structure
+ */
+const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig);
+
+/** Accessor for s field of ECDSA_SIG
+ *  \param  sig  pointer to ECDSA_SIG structure
+ */
+const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig);
+
+/** Setter for r and s fields of ECDSA_SIG
+ *  \param  sig  pointer to ECDSA_SIG structure
+ *  \param  r    pointer to BIGNUM for r (may be NULL)
+ *  \param  s    pointer to BIGNUM for s (may be NULL)
+ */
+int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);
+
+/** Computes the ECDSA signature of the given hash value using
+ *  the supplied private key and returns the created signature.
+ *  \param  dgst      pointer to the hash value
+ *  \param  dgst_len  length of the hash value
+ *  \param  eckey     EC_KEY object containing a private EC key
+ *  \return pointer to a ECDSA_SIG structure or NULL if an error occurred
+ */
+ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len,
+                         EC_KEY *eckey);
+
+/** Computes ECDSA signature of a given hash value using the supplied
+ *  private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
+ *  \param  dgst     pointer to the hash value to sign
+ *  \param  dgstlen  length of the hash value
+ *  \param  kinv     BIGNUM with a pre-computed inverse k (optional)
+ *  \param  rp       BIGNUM with a pre-computed rp value (optional),
+ *                   see ECDSA_sign_setup
+ *  \param  eckey    EC_KEY object containing a private EC key
+ *  \return pointer to a ECDSA_SIG structure or NULL if an error occurred
+ */
+ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen,
+                            const BIGNUM *kinv, const BIGNUM *rp,
+                            EC_KEY *eckey);
+
+/** Verifies that the supplied signature is a valid ECDSA
+ *  signature of the supplied hash value using the supplied public key.
+ *  \param  dgst      pointer to the hash value
+ *  \param  dgst_len  length of the hash value
+ *  \param  sig       ECDSA_SIG structure
+ *  \param  eckey     EC_KEY object containing a public EC key
+ *  \return 1 if the signature is valid, 0 if the signature is invalid
+ *          and -1 on error
+ */
+int ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
+                    const ECDSA_SIG *sig, EC_KEY *eckey);
+
+/** Precompute parts of the signing operation
+ *  \param  eckey  EC_KEY object containing a private EC key
+ *  \param  ctx    BN_CTX object (optional)
+ *  \param  kinv   BIGNUM pointer for the inverse of k
+ *  \param  rp     BIGNUM pointer for x coordinate of k * generator
+ *  \return 1 on success and 0 otherwise
+ */
+int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp);
+
+/** Computes ECDSA signature of a given hash value using the supplied
+ *  private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
+ *  \param  type     this parameter is ignored
+ *  \param  dgst     pointer to the hash value to sign
+ *  \param  dgstlen  length of the hash value
+ *  \param  sig      memory for the DER encoded created signature
+ *  \param  siglen   pointer to the length of the returned signature
+ *  \param  eckey    EC_KEY object containing a private EC key
+ *  \return 1 on success and 0 otherwise
+ */
+int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen,
+               unsigned char *sig, unsigned int *siglen, EC_KEY *eckey);
+
+/** Computes ECDSA signature of a given hash value using the supplied
+ *  private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
+ *  \param  type     this parameter is ignored
+ *  \param  dgst     pointer to the hash value to sign
+ *  \param  dgstlen  length of the hash value
+ *  \param  sig      buffer to hold the DER encoded signature
+ *  \param  siglen   pointer to the length of the returned signature
+ *  \param  kinv     BIGNUM with a pre-computed inverse k (optional)
+ *  \param  rp       BIGNUM with a pre-computed rp value (optional),
+ *                   see ECDSA_sign_setup
+ *  \param  eckey    EC_KEY object containing a private EC key
+ *  \return 1 on success and 0 otherwise
+ */
+int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen,
+                  unsigned char *sig, unsigned int *siglen,
+                  const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey);
+
+/** Verifies that the given signature is valid ECDSA signature
+ *  of the supplied hash value using the specified public key.
+ *  \param  type     this parameter is ignored
+ *  \param  dgst     pointer to the hash value
+ *  \param  dgstlen  length of the hash value
+ *  \param  sig      pointer to the DER encoded signature
+ *  \param  siglen   length of the DER encoded signature
+ *  \param  eckey    EC_KEY object containing a public EC key
+ *  \return 1 if the signature is valid, 0 if the signature is invalid
+ *          and -1 on error
+ */
+int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen,
+                 const unsigned char *sig, int siglen, EC_KEY *eckey);
+
+/** Returns the maximum length of the DER encoded signature
+ *  \param  eckey  EC_KEY object
+ *  \return numbers of bytes required for the DER encoded signature
+ */
+int ECDSA_size(const EC_KEY *eckey);
+
+/********************************************************************/
+/*  EC_KEY_METHOD constructors, destructors, writers and accessors  */
+/********************************************************************/
+
+EC_KEY_METHOD *EC_KEY_METHOD_new(const EC_KEY_METHOD *meth);
+void EC_KEY_METHOD_free(EC_KEY_METHOD *meth);
+void EC_KEY_METHOD_set_init(EC_KEY_METHOD *meth,
+                            int (*init)(EC_KEY *key),
+                            void (*finish)(EC_KEY *key),
+                            int (*copy)(EC_KEY *dest, const EC_KEY *src),
+                            int (*set_group)(EC_KEY *key, const EC_GROUP *grp),
+                            int (*set_private)(EC_KEY *key,
+                                               const BIGNUM *priv_key),
+                            int (*set_public)(EC_KEY *key,
+                                              const EC_POINT *pub_key));
+
+void EC_KEY_METHOD_set_keygen(EC_KEY_METHOD *meth,
+                              int (*keygen)(EC_KEY *key));
+
+void EC_KEY_METHOD_set_compute_key(EC_KEY_METHOD *meth,
+                                   int (*ckey)(unsigned char **psec,
+                                               size_t *pseclen,
+                                               const EC_POINT *pub_key,
+                                               const EC_KEY *ecdh));
+
+void EC_KEY_METHOD_set_sign(EC_KEY_METHOD *meth,
+                            int (*sign)(int type, const unsigned char *dgst,
+                                        int dlen, unsigned char *sig,
+                                        unsigned int *siglen,
+                                        const BIGNUM *kinv, const BIGNUM *r,
+                                        EC_KEY *eckey),
+                            int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in,
+                                              BIGNUM **kinvp, BIGNUM **rp),
+                            ECDSA_SIG *(*sign_sig)(const unsigned char *dgst,
+                                                   int dgst_len,
+                                                   const BIGNUM *in_kinv,
+                                                   const BIGNUM *in_r,
+                                                   EC_KEY *eckey));
+
+void EC_KEY_METHOD_set_verify(EC_KEY_METHOD *meth,
+                              int (*verify)(int type, const unsigned
+                                            char *dgst, int dgst_len,
+                                            const unsigned char *sigbuf,
+                                            int sig_len, EC_KEY *eckey),
+                              int (*verify_sig)(const unsigned char *dgst,
+                                                int dgst_len,
+                                                const ECDSA_SIG *sig,
+                                                EC_KEY *eckey));
+
+void EC_KEY_METHOD_get_init(const EC_KEY_METHOD *meth,
+                            int (**pinit)(EC_KEY *key),
+                            void (**pfinish)(EC_KEY *key),
+                            int (**pcopy)(EC_KEY *dest, const EC_KEY *src),
+                            int (**pset_group)(EC_KEY *key,
+                                               const EC_GROUP *grp),
+                            int (**pset_private)(EC_KEY *key,
+                                                 const BIGNUM *priv_key),
+                            int (**pset_public)(EC_KEY *key,
+                                                const EC_POINT *pub_key));
+
+void EC_KEY_METHOD_get_keygen(const EC_KEY_METHOD *meth,
+                              int (**pkeygen)(EC_KEY *key));
+
+void EC_KEY_METHOD_get_compute_key(const EC_KEY_METHOD *meth,
+                                   int (**pck)(unsigned char **psec,
+                                               size_t *pseclen,
+                                               const EC_POINT *pub_key,
+                                               const EC_KEY *ecdh));
+
+void EC_KEY_METHOD_get_sign(const EC_KEY_METHOD *meth,
+                            int (**psign)(int type, const unsigned char *dgst,
+                                          int dlen, unsigned char *sig,
+                                          unsigned int *siglen,
+                                          const BIGNUM *kinv, const BIGNUM *r,
+                                          EC_KEY *eckey),
+                            int (**psign_setup)(EC_KEY *eckey, BN_CTX *ctx_in,
+                                                BIGNUM **kinvp, BIGNUM **rp),
+                            ECDSA_SIG *(**psign_sig)(const unsigned char *dgst,
+                                                     int dgst_len,
+                                                     const BIGNUM *in_kinv,
+                                                     const BIGNUM *in_r,
+                                                     EC_KEY *eckey));
+
+void EC_KEY_METHOD_get_verify(const EC_KEY_METHOD *meth,
+                              int (**pverify)(int type, const unsigned
+                                              char *dgst, int dgst_len,
+                                              const unsigned char *sigbuf,
+                                              int sig_len, EC_KEY *eckey),
+                              int (**pverify_sig)(const unsigned char *dgst,
+                                                  int dgst_len,
+                                                  const ECDSA_SIG *sig,
+                                                  EC_KEY *eckey));
+
 # define ECParameters_dup(x) ASN1_dup_of(EC_KEY,i2d_ECParameters,d2i_ECParameters,x)
 
 # ifndef __cplusplus
@@ -1027,12 +1401,12 @@ int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off);
 # define EVP_PKEY_CTX_set_ecdh_kdf_md(ctx, md) \
         EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
                                 EVP_PKEY_OP_DERIVE, \
-                                EVP_PKEY_CTRL_EC_KDF_MD, 0, (void *)md)
+                                EVP_PKEY_CTRL_EC_KDF_MD, 0, (void *)(md))
 
 # define EVP_PKEY_CTX_get_ecdh_kdf_md(ctx, pmd) \
         EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
                                 EVP_PKEY_OP_DERIVE, \
-                                EVP_PKEY_CTRL_GET_EC_KDF_MD, 0, (void *)pmd)
+                                EVP_PKEY_CTRL_GET_EC_KDF_MD, 0, (void *)(pmd))
 
 # define EVP_PKEY_CTX_set_ecdh_kdf_outlen(ctx, len) \
         EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
@@ -1042,17 +1416,31 @@ int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off);
 # define EVP_PKEY_CTX_get_ecdh_kdf_outlen(ctx, plen) \
         EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
                                 EVP_PKEY_OP_DERIVE, \
-                        EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN, 0, (void *)plen)
+                                EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN, 0, \
+                                (void *)(plen))
 
 # define EVP_PKEY_CTX_set0_ecdh_kdf_ukm(ctx, p, plen) \
         EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
                                 EVP_PKEY_OP_DERIVE, \
-                                EVP_PKEY_CTRL_EC_KDF_UKM, plen, (void *)p)
+                                EVP_PKEY_CTRL_EC_KDF_UKM, plen, (void *)(p))
 
 # define EVP_PKEY_CTX_get0_ecdh_kdf_ukm(ctx, p) \
         EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
                                 EVP_PKEY_OP_DERIVE, \
-                                EVP_PKEY_CTRL_GET_EC_KDF_UKM, 0, (void *)p)
+                                EVP_PKEY_CTRL_GET_EC_KDF_UKM, 0, (void *)(p))
+
+/* SM2 will skip the operation check so no need to pass operation here */
+# define EVP_PKEY_CTX_set1_id(ctx, id, id_len) \
+        EVP_PKEY_CTX_ctrl(ctx, -1, -1, \
+                                EVP_PKEY_CTRL_SET1_ID, (int)id_len, (void*)(id))
+
+# define EVP_PKEY_CTX_get1_id(ctx, id) \
+        EVP_PKEY_CTX_ctrl(ctx, -1, -1, \
+                                EVP_PKEY_CTRL_GET1_ID, 0, (void*)(id))
+
+# define EVP_PKEY_CTX_get1_id_len(ctx, id_len) \
+        EVP_PKEY_CTX_ctrl(ctx, -1, -1, \
+                                EVP_PKEY_CTRL_GET1_ID_LEN, 0, (void*)(id_len))
 
 # define EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID             (EVP_PKEY_ALG_CTRL + 1)
 # define EVP_PKEY_CTRL_EC_PARAM_ENC                      (EVP_PKEY_ALG_CTRL + 2)
@@ -1064,219 +1452,16 @@ int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off);
 # define EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN                 (EVP_PKEY_ALG_CTRL + 8)
 # define EVP_PKEY_CTRL_EC_KDF_UKM                        (EVP_PKEY_ALG_CTRL + 9)
 # define EVP_PKEY_CTRL_GET_EC_KDF_UKM                    (EVP_PKEY_ALG_CTRL + 10)
+# define EVP_PKEY_CTRL_SET1_ID                           (EVP_PKEY_ALG_CTRL + 11)
+# define EVP_PKEY_CTRL_GET1_ID                           (EVP_PKEY_ALG_CTRL + 12)
+# define EVP_PKEY_CTRL_GET1_ID_LEN                       (EVP_PKEY_ALG_CTRL + 13)
 /* KDF types */
 # define EVP_PKEY_ECDH_KDF_NONE                          1
 # define EVP_PKEY_ECDH_KDF_X9_62                         2
 
-/* BEGIN ERROR CODES */
-/*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_EC_strings(void);
-
-/* Error codes for the EC functions. */
-
-/* Function codes. */
-# define EC_F_BN_TO_FELEM                                 224
-# define EC_F_COMPUTE_WNAF                                143
-# define EC_F_D2I_ECPARAMETERS                            144
-# define EC_F_D2I_ECPKPARAMETERS                          145
-# define EC_F_D2I_ECPRIVATEKEY                            146
-# define EC_F_DO_EC_KEY_PRINT                             221
-# define EC_F_ECDH_CMS_DECRYPT                            238
-# define EC_F_ECDH_CMS_SET_SHARED_INFO                    239
-# define EC_F_ECKEY_PARAM2TYPE                            223
-# define EC_F_ECKEY_PARAM_DECODE                          212
-# define EC_F_ECKEY_PRIV_DECODE                           213
-# define EC_F_ECKEY_PRIV_ENCODE                           214
-# define EC_F_ECKEY_PUB_DECODE                            215
-# define EC_F_ECKEY_PUB_ENCODE                            216
-# define EC_F_ECKEY_TYPE2PARAM                            220
-# define EC_F_ECPARAMETERS_PRINT                          147
-# define EC_F_ECPARAMETERS_PRINT_FP                       148
-# define EC_F_ECPKPARAMETERS_PRINT                        149
-# define EC_F_ECPKPARAMETERS_PRINT_FP                     150
-# define EC_F_ECP_NISTZ256_GET_AFFINE                     240
-# define EC_F_ECP_NISTZ256_MULT_PRECOMPUTE                243
-# define EC_F_ECP_NISTZ256_POINTS_MUL                     241
-# define EC_F_ECP_NISTZ256_PRE_COMP_NEW                   244
-# define EC_F_ECP_NISTZ256_SET_WORDS                      245
-# define EC_F_ECP_NISTZ256_WINDOWED_MUL                   242
-# define EC_F_ECP_NIST_MOD_192                            203
-# define EC_F_ECP_NIST_MOD_224                            204
-# define EC_F_ECP_NIST_MOD_256                            205
-# define EC_F_ECP_NIST_MOD_521                            206
-# define EC_F_EC_ASN1_GROUP2CURVE                         153
-# define EC_F_EC_ASN1_GROUP2FIELDID                       154
-# define EC_F_EC_ASN1_GROUP2PARAMETERS                    155
-# define EC_F_EC_ASN1_GROUP2PKPARAMETERS                  156
-# define EC_F_EC_ASN1_PARAMETERS2GROUP                    157
-# define EC_F_EC_ASN1_PKPARAMETERS2GROUP                  158
-# define EC_F_EC_EX_DATA_SET_DATA                         211
-# define EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY           208
-# define EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT     159
-# define EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE              195
-# define EC_F_EC_GF2M_SIMPLE_OCT2POINT                    160
-# define EC_F_EC_GF2M_SIMPLE_POINT2OCT                    161
-# define EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES 162
-# define EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES 163
-# define EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES   164
-# define EC_F_EC_GFP_MONT_FIELD_DECODE                    133
-# define EC_F_EC_GFP_MONT_FIELD_ENCODE                    134
-# define EC_F_EC_GFP_MONT_FIELD_MUL                       131
-# define EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE                209
-# define EC_F_EC_GFP_MONT_FIELD_SQR                       132
-# define EC_F_EC_GFP_MONT_GROUP_SET_CURVE                 189
-# define EC_F_EC_GFP_MONT_GROUP_SET_CURVE_GFP             135
-# define EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE             225
-# define EC_F_EC_GFP_NISTP224_POINTS_MUL                  228
-# define EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES 226
-# define EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE             230
-# define EC_F_EC_GFP_NISTP256_POINTS_MUL                  231
-# define EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES 232
-# define EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE             233
-# define EC_F_EC_GFP_NISTP521_POINTS_MUL                  234
-# define EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES 235
-# define EC_F_EC_GFP_NIST_FIELD_MUL                       200
-# define EC_F_EC_GFP_NIST_FIELD_SQR                       201
-# define EC_F_EC_GFP_NIST_GROUP_SET_CURVE                 202
-# define EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT      165
-# define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE               166
-# define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP           100
-# define EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR           101
-# define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE                   102
-# define EC_F_EC_GFP_SIMPLE_OCT2POINT                     103
-# define EC_F_EC_GFP_SIMPLE_POINT2OCT                     104
-# define EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE            137
-# define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES  167
-# define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP 105
-# define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES  168
-# define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP 128
-# define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES    169
-# define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP 129
-# define EC_F_EC_GROUP_CHECK                              170
-# define EC_F_EC_GROUP_CHECK_DISCRIMINANT                 171
-# define EC_F_EC_GROUP_COPY                               106
-# define EC_F_EC_GROUP_GET0_GENERATOR                     139
-# define EC_F_EC_GROUP_GET_COFACTOR                       140
-# define EC_F_EC_GROUP_GET_CURVE_GF2M                     172
-# define EC_F_EC_GROUP_GET_CURVE_GFP                      130
-# define EC_F_EC_GROUP_GET_DEGREE                         173
-# define EC_F_EC_GROUP_GET_ORDER                          141
-# define EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS              193
-# define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS                194
-# define EC_F_EC_GROUP_NEW                                108
-# define EC_F_EC_GROUP_NEW_BY_CURVE_NAME                  174
-# define EC_F_EC_GROUP_NEW_FROM_DATA                      175
-# define EC_F_EC_GROUP_PRECOMPUTE_MULT                    142
-# define EC_F_EC_GROUP_SET_CURVE_GF2M                     176
-# define EC_F_EC_GROUP_SET_CURVE_GFP                      109
-# define EC_F_EC_GROUP_SET_EXTRA_DATA                     110
-# define EC_F_EC_GROUP_SET_GENERATOR                      111
-# define EC_F_EC_KEY_CHECK_KEY                            177
-# define EC_F_EC_KEY_COPY                                 178
-# define EC_F_EC_KEY_GENERATE_KEY                         179
-# define EC_F_EC_KEY_NEW                                  182
-# define EC_F_EC_KEY_PRINT                                180
-# define EC_F_EC_KEY_PRINT_FP                             181
-# define EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES    229
-# define EC_F_EC_POINTS_MAKE_AFFINE                       136
-# define EC_F_EC_POINT_ADD                                112
-# define EC_F_EC_POINT_CMP                                113
-# define EC_F_EC_POINT_COPY                               114
-# define EC_F_EC_POINT_DBL                                115
-# define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M        183
-# define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP         116
-# define EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP    117
-# define EC_F_EC_POINT_INVERT                             210
-# define EC_F_EC_POINT_IS_AT_INFINITY                     118
-# define EC_F_EC_POINT_IS_ON_CURVE                        119
-# define EC_F_EC_POINT_MAKE_AFFINE                        120
-# define EC_F_EC_POINT_MUL                                184
-# define EC_F_EC_POINT_NEW                                121
-# define EC_F_EC_POINT_OCT2POINT                          122
-# define EC_F_EC_POINT_POINT2OCT                          123
-# define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M        185
-# define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP         124
-# define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M    186
-# define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP     125
-# define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP    126
-# define EC_F_EC_POINT_SET_TO_INFINITY                    127
-# define EC_F_EC_PRE_COMP_DUP                             207
-# define EC_F_EC_PRE_COMP_NEW                             196
-# define EC_F_EC_WNAF_MUL                                 187
-# define EC_F_EC_WNAF_PRECOMPUTE_MULT                     188
-# define EC_F_I2D_ECPARAMETERS                            190
-# define EC_F_I2D_ECPKPARAMETERS                          191
-# define EC_F_I2D_ECPRIVATEKEY                            192
-# define EC_F_I2O_ECPUBLICKEY                             151
-# define EC_F_NISTP224_PRE_COMP_NEW                       227
-# define EC_F_NISTP256_PRE_COMP_NEW                       236
-# define EC_F_NISTP521_PRE_COMP_NEW                       237
-# define EC_F_O2I_ECPUBLICKEY                             152
-# define EC_F_OLD_EC_PRIV_DECODE                          222
-# define EC_F_PKEY_EC_CTRL                                197
-# define EC_F_PKEY_EC_CTRL_STR                            198
-# define EC_F_PKEY_EC_DERIVE                              217
-# define EC_F_PKEY_EC_KEYGEN                              199
-# define EC_F_PKEY_EC_PARAMGEN                            219
-# define EC_F_PKEY_EC_SIGN                                218
-
-/* Reason codes. */
-# define EC_R_ASN1_ERROR                                  115
-# define EC_R_ASN1_UNKNOWN_FIELD                          116
-# define EC_R_BIGNUM_OUT_OF_RANGE                         144
-# define EC_R_BUFFER_TOO_SMALL                            100
-# define EC_R_COORDINATES_OUT_OF_RANGE                    146
-# define EC_R_D2I_ECPKPARAMETERS_FAILURE                  117
-# define EC_R_DECODE_ERROR                                142
-# define EC_R_DISCRIMINANT_IS_ZERO                        118
-# define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE                119
-# define EC_R_FIELD_TOO_LARGE                             143
-# define EC_R_GF2M_NOT_SUPPORTED                          147
-# define EC_R_GROUP2PKPARAMETERS_FAILURE                  120
-# define EC_R_I2D_ECPKPARAMETERS_FAILURE                  121
-# define EC_R_INCOMPATIBLE_OBJECTS                        101
-# define EC_R_INVALID_ARGUMENT                            112
-# define EC_R_INVALID_COMPRESSED_POINT                    110
-# define EC_R_INVALID_COMPRESSION_BIT                     109
-# define EC_R_INVALID_CURVE                               141
-# define EC_R_INVALID_DIGEST                              151
-# define EC_R_INVALID_DIGEST_TYPE                         138
-# define EC_R_INVALID_ENCODING                            102
-# define EC_R_INVALID_FIELD                               103
-# define EC_R_INVALID_FORM                                104
-# define EC_R_INVALID_GROUP_ORDER                         122
-# define EC_R_INVALID_PENTANOMIAL_BASIS                   132
-# define EC_R_INVALID_PRIVATE_KEY                         123
-# define EC_R_INVALID_TRINOMIAL_BASIS                     137
-# define EC_R_KDF_PARAMETER_ERROR                         148
-# define EC_R_KEYS_NOT_SET                                140
-# define EC_R_MISSING_PARAMETERS                          124
-# define EC_R_MISSING_PRIVATE_KEY                         125
-# define EC_R_NOT_A_NIST_PRIME                            135
-# define EC_R_NOT_A_SUPPORTED_NIST_PRIME                  136
-# define EC_R_NOT_IMPLEMENTED                             126
-# define EC_R_NOT_INITIALIZED                             111
-# define EC_R_NO_FIELD_MOD                                133
-# define EC_R_NO_PARAMETERS_SET                           139
-# define EC_R_PASSED_NULL_PARAMETER                       134
-# define EC_R_PEER_KEY_ERROR                              149
-# define EC_R_PKPARAMETERS2GROUP_FAILURE                  127
-# define EC_R_POINT_AT_INFINITY                           106
-# define EC_R_POINT_IS_NOT_ON_CURVE                       107
-# define EC_R_SHARED_INFO_ERROR                           150
-# define EC_R_SLOT_FULL                                   108
-# define EC_R_UNDEFINED_GENERATOR                         113
-# define EC_R_UNDEFINED_ORDER                             128
-# define EC_R_UNKNOWN_GROUP                               129
-# define EC_R_UNKNOWN_ORDER                               114
-# define EC_R_UNSUPPORTED_FIELD                           131
-# define EC_R_WRONG_CURVE_PARAMETERS                      145
-# define EC_R_WRONG_ORDER                                 130
-
-#ifdef  __cplusplus
+
+#  ifdef  __cplusplus
 }
-#endif
+#  endif
+# endif
 #endif
diff --git a/freebsd/crypto/openssl/include/openssl/ecdh.h b/freebsd/crypto/openssl/include/openssl/ecdh.h
new file mode 100644
index 00000000..681f3d5e
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/ecdh.h
@@ -0,0 +1,10 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/ec.h>
diff --git a/freebsd/crypto/openssl/include/openssl/ecdsa.h b/freebsd/crypto/openssl/include/openssl/ecdsa.h
new file mode 100644
index 00000000..681f3d5e
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/ecdsa.h
@@ -0,0 +1,10 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/ec.h>
diff --git a/freebsd/crypto/openssl/include/openssl/ecerr.h b/freebsd/crypto/openssl/include/openssl/ecerr.h
new file mode 100644
index 00000000..8d429387
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/ecerr.h
@@ -0,0 +1,267 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_ECERR_H
+# define HEADER_ECERR_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_EC
+
+#  ifdef  __cplusplus
+extern "C"
+#  endif
+int ERR_load_EC_strings(void);
+
+/*
+ * EC function codes.
+ */
+#  define EC_F_BN_TO_FELEM                                 224
+#  define EC_F_D2I_ECPARAMETERS                            144
+#  define EC_F_D2I_ECPKPARAMETERS                          145
+#  define EC_F_D2I_ECPRIVATEKEY                            146
+#  define EC_F_DO_EC_KEY_PRINT                             221
+#  define EC_F_ECDH_CMS_DECRYPT                            238
+#  define EC_F_ECDH_CMS_SET_SHARED_INFO                    239
+#  define EC_F_ECDH_COMPUTE_KEY                            246
+#  define EC_F_ECDH_SIMPLE_COMPUTE_KEY                     257
+#  define EC_F_ECDSA_DO_SIGN_EX                            251
+#  define EC_F_ECDSA_DO_VERIFY                             252
+#  define EC_F_ECDSA_SIGN_EX                               254
+#  define EC_F_ECDSA_SIGN_SETUP                            248
+#  define EC_F_ECDSA_SIG_NEW                               265
+#  define EC_F_ECDSA_VERIFY                                253
+#  define EC_F_ECD_ITEM_VERIFY                             270
+#  define EC_F_ECKEY_PARAM2TYPE                            223
+#  define EC_F_ECKEY_PARAM_DECODE                          212
+#  define EC_F_ECKEY_PRIV_DECODE                           213
+#  define EC_F_ECKEY_PRIV_ENCODE                           214
+#  define EC_F_ECKEY_PUB_DECODE                            215
+#  define EC_F_ECKEY_PUB_ENCODE                            216
+#  define EC_F_ECKEY_TYPE2PARAM                            220
+#  define EC_F_ECPARAMETERS_PRINT                          147
+#  define EC_F_ECPARAMETERS_PRINT_FP                       148
+#  define EC_F_ECPKPARAMETERS_PRINT                        149
+#  define EC_F_ECPKPARAMETERS_PRINT_FP                     150
+#  define EC_F_ECP_NISTZ256_GET_AFFINE                     240
+#  define EC_F_ECP_NISTZ256_INV_MOD_ORD                    275
+#  define EC_F_ECP_NISTZ256_MULT_PRECOMPUTE                243
+#  define EC_F_ECP_NISTZ256_POINTS_MUL                     241
+#  define EC_F_ECP_NISTZ256_PRE_COMP_NEW                   244
+#  define EC_F_ECP_NISTZ256_WINDOWED_MUL                   242
+#  define EC_F_ECX_KEY_OP                                  266
+#  define EC_F_ECX_PRIV_ENCODE                             267
+#  define EC_F_ECX_PUB_ENCODE                              268
+#  define EC_F_EC_ASN1_GROUP2CURVE                         153
+#  define EC_F_EC_ASN1_GROUP2FIELDID                       154
+#  define EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY           208
+#  define EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT     159
+#  define EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE              195
+#  define EC_F_EC_GF2M_SIMPLE_LADDER_POST                  285
+#  define EC_F_EC_GF2M_SIMPLE_LADDER_PRE                   288
+#  define EC_F_EC_GF2M_SIMPLE_OCT2POINT                    160
+#  define EC_F_EC_GF2M_SIMPLE_POINT2OCT                    161
+#  define EC_F_EC_GF2M_SIMPLE_POINTS_MUL                   289
+#  define EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES 162
+#  define EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES 163
+#  define EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES   164
+#  define EC_F_EC_GFP_MONT_FIELD_DECODE                    133
+#  define EC_F_EC_GFP_MONT_FIELD_ENCODE                    134
+#  define EC_F_EC_GFP_MONT_FIELD_MUL                       131
+#  define EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE                209
+#  define EC_F_EC_GFP_MONT_FIELD_SQR                       132
+#  define EC_F_EC_GFP_MONT_GROUP_SET_CURVE                 189
+#  define EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE             225
+#  define EC_F_EC_GFP_NISTP224_POINTS_MUL                  228
+#  define EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES 226
+#  define EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE             230
+#  define EC_F_EC_GFP_NISTP256_POINTS_MUL                  231
+#  define EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES 232
+#  define EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE             233
+#  define EC_F_EC_GFP_NISTP521_POINTS_MUL                  234
+#  define EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES 235
+#  define EC_F_EC_GFP_NIST_FIELD_MUL                       200
+#  define EC_F_EC_GFP_NIST_FIELD_SQR                       201
+#  define EC_F_EC_GFP_NIST_GROUP_SET_CURVE                 202
+#  define EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES             287
+#  define EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT      165
+#  define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE               166
+#  define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE                   102
+#  define EC_F_EC_GFP_SIMPLE_OCT2POINT                     103
+#  define EC_F_EC_GFP_SIMPLE_POINT2OCT                     104
+#  define EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE            137
+#  define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES  167
+#  define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES  168
+#  define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES    169
+#  define EC_F_EC_GROUP_CHECK                              170
+#  define EC_F_EC_GROUP_CHECK_DISCRIMINANT                 171
+#  define EC_F_EC_GROUP_COPY                               106
+#  define EC_F_EC_GROUP_GET_CURVE                          291
+#  define EC_F_EC_GROUP_GET_CURVE_GF2M                     172
+#  define EC_F_EC_GROUP_GET_CURVE_GFP                      130
+#  define EC_F_EC_GROUP_GET_DEGREE                         173
+#  define EC_F_EC_GROUP_GET_ECPARAMETERS                   261
+#  define EC_F_EC_GROUP_GET_ECPKPARAMETERS                 262
+#  define EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS              193
+#  define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS                194
+#  define EC_F_EC_GROUP_NEW                                108
+#  define EC_F_EC_GROUP_NEW_BY_CURVE_NAME                  174
+#  define EC_F_EC_GROUP_NEW_FROM_DATA                      175
+#  define EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS              263
+#  define EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS            264
+#  define EC_F_EC_GROUP_SET_CURVE                          292
+#  define EC_F_EC_GROUP_SET_CURVE_GF2M                     176
+#  define EC_F_EC_GROUP_SET_CURVE_GFP                      109
+#  define EC_F_EC_GROUP_SET_GENERATOR                      111
+#  define EC_F_EC_GROUP_SET_SEED                           286
+#  define EC_F_EC_KEY_CHECK_KEY                            177
+#  define EC_F_EC_KEY_COPY                                 178
+#  define EC_F_EC_KEY_GENERATE_KEY                         179
+#  define EC_F_EC_KEY_NEW                                  182
+#  define EC_F_EC_KEY_NEW_METHOD                           245
+#  define EC_F_EC_KEY_OCT2PRIV                             255
+#  define EC_F_EC_KEY_PRINT                                180
+#  define EC_F_EC_KEY_PRINT_FP                             181
+#  define EC_F_EC_KEY_PRIV2BUF                             279
+#  define EC_F_EC_KEY_PRIV2OCT                             256
+#  define EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES    229
+#  define EC_F_EC_KEY_SIMPLE_CHECK_KEY                     258
+#  define EC_F_EC_KEY_SIMPLE_OCT2PRIV                      259
+#  define EC_F_EC_KEY_SIMPLE_PRIV2OCT                      260
+#  define EC_F_EC_PKEY_CHECK                               273
+#  define EC_F_EC_PKEY_PARAM_CHECK                         274
+#  define EC_F_EC_POINTS_MAKE_AFFINE                       136
+#  define EC_F_EC_POINTS_MUL                               290
+#  define EC_F_EC_POINT_ADD                                112
+#  define EC_F_EC_POINT_BN2POINT                           280
+#  define EC_F_EC_POINT_CMP                                113
+#  define EC_F_EC_POINT_COPY                               114
+#  define EC_F_EC_POINT_DBL                                115
+#  define EC_F_EC_POINT_GET_AFFINE_COORDINATES             293
+#  define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M        183
+#  define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP         116
+#  define EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP    117
+#  define EC_F_EC_POINT_INVERT                             210
+#  define EC_F_EC_POINT_IS_AT_INFINITY                     118
+#  define EC_F_EC_POINT_IS_ON_CURVE                        119
+#  define EC_F_EC_POINT_MAKE_AFFINE                        120
+#  define EC_F_EC_POINT_NEW                                121
+#  define EC_F_EC_POINT_OCT2POINT                          122
+#  define EC_F_EC_POINT_POINT2BUF                          281
+#  define EC_F_EC_POINT_POINT2OCT                          123
+#  define EC_F_EC_POINT_SET_AFFINE_COORDINATES             294
+#  define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M        185
+#  define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP         124
+#  define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES         295
+#  define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M    186
+#  define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP     125
+#  define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP    126
+#  define EC_F_EC_POINT_SET_TO_INFINITY                    127
+#  define EC_F_EC_PRE_COMP_NEW                             196
+#  define EC_F_EC_SCALAR_MUL_LADDER                        284
+#  define EC_F_EC_WNAF_MUL                                 187
+#  define EC_F_EC_WNAF_PRECOMPUTE_MULT                     188
+#  define EC_F_I2D_ECPARAMETERS                            190
+#  define EC_F_I2D_ECPKPARAMETERS                          191
+#  define EC_F_I2D_ECPRIVATEKEY                            192
+#  define EC_F_I2O_ECPUBLICKEY                             151
+#  define EC_F_NISTP224_PRE_COMP_NEW                       227
+#  define EC_F_NISTP256_PRE_COMP_NEW                       236
+#  define EC_F_NISTP521_PRE_COMP_NEW                       237
+#  define EC_F_O2I_ECPUBLICKEY                             152
+#  define EC_F_OLD_EC_PRIV_DECODE                          222
+#  define EC_F_OSSL_ECDH_COMPUTE_KEY                       247
+#  define EC_F_OSSL_ECDSA_SIGN_SIG                         249
+#  define EC_F_OSSL_ECDSA_VERIFY_SIG                       250
+#  define EC_F_PKEY_ECD_CTRL                               271
+#  define EC_F_PKEY_ECD_DIGESTSIGN                         272
+#  define EC_F_PKEY_ECD_DIGESTSIGN25519                    276
+#  define EC_F_PKEY_ECD_DIGESTSIGN448                      277
+#  define EC_F_PKEY_ECX_DERIVE                             269
+#  define EC_F_PKEY_EC_CTRL                                197
+#  define EC_F_PKEY_EC_CTRL_STR                            198
+#  define EC_F_PKEY_EC_DERIVE                              217
+#  define EC_F_PKEY_EC_INIT                                282
+#  define EC_F_PKEY_EC_KDF_DERIVE                          283
+#  define EC_F_PKEY_EC_KEYGEN                              199
+#  define EC_F_PKEY_EC_PARAMGEN                            219
+#  define EC_F_PKEY_EC_SIGN                                218
+#  define EC_F_VALIDATE_ECX_DERIVE                         278
+
+/*
+ * EC reason codes.
+ */
+#  define EC_R_ASN1_ERROR                                  115
+#  define EC_R_BAD_SIGNATURE                               156
+#  define EC_R_BIGNUM_OUT_OF_RANGE                         144
+#  define EC_R_BUFFER_TOO_SMALL                            100
+#  define EC_R_COORDINATES_OUT_OF_RANGE                    146
+#  define EC_R_CURVE_DOES_NOT_SUPPORT_ECDH                 160
+#  define EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING              159
+#  define EC_R_D2I_ECPKPARAMETERS_FAILURE                  117
+#  define EC_R_DECODE_ERROR                                142
+#  define EC_R_DISCRIMINANT_IS_ZERO                        118
+#  define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE                119
+#  define EC_R_FIELD_TOO_LARGE                             143
+#  define EC_R_GF2M_NOT_SUPPORTED                          147
+#  define EC_R_GROUP2PKPARAMETERS_FAILURE                  120
+#  define EC_R_I2D_ECPKPARAMETERS_FAILURE                  121
+#  define EC_R_INCOMPATIBLE_OBJECTS                        101
+#  define EC_R_INVALID_ARGUMENT                            112
+#  define EC_R_INVALID_COMPRESSED_POINT                    110
+#  define EC_R_INVALID_COMPRESSION_BIT                     109
+#  define EC_R_INVALID_CURVE                               141
+#  define EC_R_INVALID_DIGEST                              151
+#  define EC_R_INVALID_DIGEST_TYPE                         138
+#  define EC_R_INVALID_ENCODING                            102
+#  define EC_R_INVALID_FIELD                               103
+#  define EC_R_INVALID_FORM                                104
+#  define EC_R_INVALID_GROUP_ORDER                         122
+#  define EC_R_INVALID_KEY                                 116
+#  define EC_R_INVALID_OUTPUT_LENGTH                       161
+#  define EC_R_INVALID_PEER_KEY                            133
+#  define EC_R_INVALID_PENTANOMIAL_BASIS                   132
+#  define EC_R_INVALID_PRIVATE_KEY                         123
+#  define EC_R_INVALID_TRINOMIAL_BASIS                     137
+#  define EC_R_KDF_PARAMETER_ERROR                         148
+#  define EC_R_KEYS_NOT_SET                                140
+#  define EC_R_LADDER_POST_FAILURE                         136
+#  define EC_R_LADDER_PRE_FAILURE                          153
+#  define EC_R_LADDER_STEP_FAILURE                         162
+#  define EC_R_MISSING_PARAMETERS                          124
+#  define EC_R_MISSING_PRIVATE_KEY                         125
+#  define EC_R_NEED_NEW_SETUP_VALUES                       157
+#  define EC_R_NOT_A_NIST_PRIME                            135
+#  define EC_R_NOT_IMPLEMENTED                             126
+#  define EC_R_NOT_INITIALIZED                             111
+#  define EC_R_NO_PARAMETERS_SET                           139
+#  define EC_R_NO_PRIVATE_VALUE                            154
+#  define EC_R_OPERATION_NOT_SUPPORTED                     152
+#  define EC_R_PASSED_NULL_PARAMETER                       134
+#  define EC_R_PEER_KEY_ERROR                              149
+#  define EC_R_PKPARAMETERS2GROUP_FAILURE                  127
+#  define EC_R_POINT_ARITHMETIC_FAILURE                    155
+#  define EC_R_POINT_AT_INFINITY                           106
+#  define EC_R_POINT_COORDINATES_BLIND_FAILURE             163
+#  define EC_R_POINT_IS_NOT_ON_CURVE                       107
+#  define EC_R_RANDOM_NUMBER_GENERATION_FAILED             158
+#  define EC_R_SHARED_INFO_ERROR                           150
+#  define EC_R_SLOT_FULL                                   108
+#  define EC_R_UNDEFINED_GENERATOR                         113
+#  define EC_R_UNDEFINED_ORDER                             128
+#  define EC_R_UNKNOWN_COFACTOR                            164
+#  define EC_R_UNKNOWN_GROUP                               129
+#  define EC_R_UNKNOWN_ORDER                               114
+#  define EC_R_UNSUPPORTED_FIELD                           131
+#  define EC_R_WRONG_CURVE_PARAMETERS                      145
+#  define EC_R_WRONG_ORDER                                 130
+
+# endif
+#endif
diff --git a/freebsd/crypto/openssl/crypto/engine/engine.h b/freebsd/crypto/openssl/include/openssl/engine.h
index bd7b5914..0780f0fb 100644
--- a/freebsd/crypto/openssl/crypto/engine/engine.h
+++ b/freebsd/crypto/openssl/include/openssl/engine.h
@@ -1,65 +1,11 @@
-/* openssl/engine.h */
 /*
- * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #ifndef HEADER_ENGINE_H
@@ -67,40 +13,24 @@
 
 # include <openssl/opensslconf.h>
 
-# ifdef OPENSSL_NO_ENGINE
-#  error ENGINE is disabled.
-# endif
-
-# ifndef OPENSSL_NO_DEPRECATED
+# ifndef OPENSSL_NO_ENGINE
+# if OPENSSL_API_COMPAT < 0x10100000L
 #  include <openssl/bn.h>
-#  ifndef OPENSSL_NO_RSA
-#   include <openssl/rsa.h>
-#  endif
-#  ifndef OPENSSL_NO_DSA
-#   include <openssl/dsa.h>
-#  endif
-#  ifndef OPENSSL_NO_DH
-#   include <openssl/dh.h>
-#  endif
-#  ifndef OPENSSL_NO_ECDH
-#   include <openssl/ecdh.h>
-#  endif
-#  ifndef OPENSSL_NO_ECDSA
-#   include <openssl/ecdsa.h>
-#  endif
+#  include <openssl/rsa.h>
+#  include <openssl/dsa.h>
+#  include <openssl/dh.h>
+#  include <openssl/ec.h>
 #  include <openssl/rand.h>
 #  include <openssl/ui.h>
 #  include <openssl/err.h>
 # endif
-
 # include <openssl/ossl_typ.h>
 # include <openssl/symhacks.h>
-
 # include <openssl/x509.h>
-
-#ifdef  __cplusplus
+# include <openssl/engineerr.h>
+# ifdef  __cplusplus
 extern "C" {
-#endif
+# endif
 
 /*
  * These flags are used to control combinations of algorithm (methods) by
@@ -110,13 +40,11 @@ extern "C" {
 # define ENGINE_METHOD_DSA               (unsigned int)0x0002
 # define ENGINE_METHOD_DH                (unsigned int)0x0004
 # define ENGINE_METHOD_RAND              (unsigned int)0x0008
-# define ENGINE_METHOD_ECDH              (unsigned int)0x0010
-# define ENGINE_METHOD_ECDSA             (unsigned int)0x0020
 # define ENGINE_METHOD_CIPHERS           (unsigned int)0x0040
 # define ENGINE_METHOD_DIGESTS           (unsigned int)0x0080
-# define ENGINE_METHOD_STORE             (unsigned int)0x0100
 # define ENGINE_METHOD_PKEY_METHS        (unsigned int)0x0200
 # define ENGINE_METHOD_PKEY_ASN1_METHS   (unsigned int)0x0400
+# define ENGINE_METHOD_EC                (unsigned int)0x0800
 /* Obvious all-or-nothing cases. */
 # define ENGINE_METHOD_ALL               (unsigned int)0xFFFF
 # define ENGINE_METHOD_NONE              (unsigned int)0x0000
@@ -391,29 +319,25 @@ int ENGINE_add(ENGINE *e);
 int ENGINE_remove(ENGINE *e);
 /* Retrieve an engine from the list by its unique "id" value. */
 ENGINE *ENGINE_by_id(const char *id);
-/* Add all the built-in engines. */
-void ENGINE_load_openssl(void);
-void ENGINE_load_dynamic(void);
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define ENGINE_load_openssl() \
+    OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_OPENSSL, NULL)
+# define ENGINE_load_dynamic() \
+    OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_DYNAMIC, NULL)
 # ifndef OPENSSL_NO_STATIC_ENGINE
-void ENGINE_load_4758cca(void);
-void ENGINE_load_aep(void);
-void ENGINE_load_atalla(void);
-void ENGINE_load_chil(void);
-void ENGINE_load_cswift(void);
-void ENGINE_load_nuron(void);
-void ENGINE_load_sureware(void);
-void ENGINE_load_ubsec(void);
-void ENGINE_load_padlock(void);
-void ENGINE_load_capi(void);
-#  ifndef OPENSSL_NO_GMP
-void ENGINE_load_gmp(void);
-#  endif
-#  ifndef OPENSSL_NO_GOST
-void ENGINE_load_gost(void);
-#  endif
+#  define ENGINE_load_padlock() \
+    OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_PADLOCK, NULL)
+#  define ENGINE_load_capi() \
+    OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_CAPI, NULL)
+#  define ENGINE_load_afalg() \
+    OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_AFALG, NULL)
 # endif
-void ENGINE_load_cryptodev(void);
-void ENGINE_load_rdrand(void);
+# define ENGINE_load_cryptodev() \
+    OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_CRYPTODEV, NULL)
+# define ENGINE_load_rdrand() \
+    OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_RDRAND, NULL)
+#endif
 void ENGINE_load_builtin_engines(void);
 
 /*
@@ -428,8 +352,7 @@ void ENGINE_set_table_flags(unsigned int flags);
  *   ENGINE_register_***(e) - registers the implementation from 'e' (if it has one)
  *   ENGINE_unregister_***(e) - unregister the implementation from 'e'
  *   ENGINE_register_all_***() - call ENGINE_register_***() for each 'e' in the list
- * Cleanup is automatically registered from each table when required, so
- * ENGINE_cleanup() will reverse any "register" operations.
+ * Cleanup is automatically registered from each table when required.
  */
 
 int ENGINE_register_RSA(ENGINE *e);
@@ -440,13 +363,9 @@ int ENGINE_register_DSA(ENGINE *e);
 void ENGINE_unregister_DSA(ENGINE *e);
 void ENGINE_register_all_DSA(void);
 
-int ENGINE_register_ECDH(ENGINE *e);
-void ENGINE_unregister_ECDH(ENGINE *e);
-void ENGINE_register_all_ECDH(void);
-
-int ENGINE_register_ECDSA(ENGINE *e);
-void ENGINE_unregister_ECDSA(ENGINE *e);
-void ENGINE_register_all_ECDSA(void);
+int ENGINE_register_EC(ENGINE *e);
+void ENGINE_unregister_EC(ENGINE *e);
+void ENGINE_register_all_EC(void);
 
 int ENGINE_register_DH(ENGINE *e);
 void ENGINE_unregister_DH(ENGINE *e);
@@ -456,10 +375,6 @@ int ENGINE_register_RAND(ENGINE *e);
 void ENGINE_unregister_RAND(ENGINE *e);
 void ENGINE_register_all_RAND(void);
 
-int ENGINE_register_STORE(ENGINE *e);
-void ENGINE_unregister_STORE(ENGINE *e);
-void ENGINE_register_all_STORE(void);
-
 int ENGINE_register_ciphers(ENGINE *e);
 void ENGINE_unregister_ciphers(ENGINE *e);
 void ENGINE_register_all_ciphers(void);
@@ -486,7 +401,7 @@ int ENGINE_register_complete(ENGINE *e);
 int ENGINE_register_all_complete(void);
 
 /*
- * Send parametrised control commands to the engine. The possibilities to
+ * Send parameterised control commands to the engine. The possibilities to
  * send down an integer, a pointer to data or a function pointer are
  * provided. Any of the parameters may or may not be NULL, depending on the
  * command number. In actuality, this function only requires a structural
@@ -554,11 +469,9 @@ int ENGINE_set_id(ENGINE *e, const char *id);
 int ENGINE_set_name(ENGINE *e, const char *name);
 int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
 int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
-int ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *ecdh_meth);
-int ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *ecdsa_meth);
+int ENGINE_set_EC(ENGINE *e, const EC_KEY_METHOD *ecdsa_meth);
 int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth);
 int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth);
-int ENGINE_set_STORE(ENGINE *e, const STORE_METHOD *store_meth);
 int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f);
 int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f);
 int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
@@ -576,19 +489,18 @@ int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f);
 int ENGINE_set_flags(ENGINE *e, int flags);
 int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns);
 /* These functions allow control over any per-structure ENGINE data. */
-int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-                            CRYPTO_EX_dup *dup_func,
-                            CRYPTO_EX_free *free_func);
+#define ENGINE_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, l, p, newf, dupf, freef)
 int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg);
 void *ENGINE_get_ex_data(const ENGINE *e, int idx);
 
+#if OPENSSL_API_COMPAT < 0x10100000L
 /*
- * This function cleans up anything that needs it. Eg. the ENGINE_add()
- * function automatically ensures the list cleanup function is registered to
- * be called from ENGINE_cleanup(). Similarly, all ENGINE_register_***
- * functions ensure ENGINE_cleanup() will clean up after them.
+ * This function previously cleaned up anything that needs it. Auto-deinit will
+ * now take care of it so it is no longer required to call this function.
  */
-void ENGINE_cleanup(void);
+# define ENGINE_cleanup() while(0) continue
+#endif
 
 /*
  * These return values from within the ENGINE structure. These can be useful
@@ -600,11 +512,9 @@ const char *ENGINE_get_id(const ENGINE *e);
 const char *ENGINE_get_name(const ENGINE *e);
 const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e);
 const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e);
-const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *e);
-const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *e);
+const EC_KEY_METHOD *ENGINE_get_EC(const ENGINE *e);
 const DH_METHOD *ENGINE_get_DH(const ENGINE *e);
 const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e);
-const STORE_METHOD *ENGINE_get_STORE(const ENGINE *e);
 ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e);
 ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e);
 ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e);
@@ -679,8 +589,7 @@ int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
 ENGINE *ENGINE_get_default_RSA(void);
 /* Same for the other "methods" */
 ENGINE *ENGINE_get_default_DSA(void);
-ENGINE *ENGINE_get_default_ECDH(void);
-ENGINE *ENGINE_get_default_ECDSA(void);
+ENGINE *ENGINE_get_default_EC(void);
 ENGINE *ENGINE_get_default_DH(void);
 ENGINE *ENGINE_get_default_RAND(void);
 /*
@@ -702,8 +611,7 @@ int ENGINE_set_default_RSA(ENGINE *e);
 int ENGINE_set_default_string(ENGINE *e, const char *def_list);
 /* Same for the other "methods" */
 int ENGINE_set_default_DSA(ENGINE *e);
-int ENGINE_set_default_ECDH(ENGINE *e);
-int ENGINE_set_default_ECDSA(ENGINE *e);
+int ENGINE_set_default_EC(ENGINE *e);
 int ENGINE_set_default_DH(ENGINE *e);
 int ENGINE_set_default_RAND(ENGINE *e);
 int ENGINE_set_default_ciphers(ENGINE *e);
@@ -730,12 +638,12 @@ void ENGINE_add_conf_module(void);
 /**************************/
 
 /* Binary/behaviour compatibility levels */
-# define OSSL_DYNAMIC_VERSION            (unsigned long)0x00020000
+# define OSSL_DYNAMIC_VERSION            (unsigned long)0x00030000
 /*
  * Binary versions older than this are too old for us (whether we're a loader
  * or a loadee)
  */
-# define OSSL_DYNAMIC_OLDEST             (unsigned long)0x00020000
+# define OSSL_DYNAMIC_OLDEST             (unsigned long)0x00030000
 
 /*
  * When compiling an ENGINE entirely as an external shared library, loadable
@@ -748,40 +656,22 @@ void ENGINE_add_conf_module(void);
  * same static data as the calling application (or library), and thus whether
  * these callbacks need to be set or not.
  */
-typedef void *(*dyn_MEM_malloc_cb) (size_t);
-typedef void *(*dyn_MEM_realloc_cb) (void *, size_t);
-typedef void (*dyn_MEM_free_cb) (void *);
+typedef void *(*dyn_MEM_malloc_fn) (size_t, const char *, int);
+typedef void *(*dyn_MEM_realloc_fn) (void *, size_t, const char *, int);
+typedef void (*dyn_MEM_free_fn) (void *, const char *, int);
 typedef struct st_dynamic_MEM_fns {
-    dyn_MEM_malloc_cb malloc_cb;
-    dyn_MEM_realloc_cb realloc_cb;
-    dyn_MEM_free_cb free_cb;
+    dyn_MEM_malloc_fn malloc_fn;
+    dyn_MEM_realloc_fn realloc_fn;
+    dyn_MEM_free_fn free_fn;
 } dynamic_MEM_fns;
 /*
  * FIXME: Perhaps the memory and locking code (crypto.h) should declare and
- * use these types so we (and any other dependant code) can simplify a bit??
- */
-typedef void (*dyn_lock_locking_cb) (int, int, const char *, int);
-typedef int (*dyn_lock_add_lock_cb) (int *, int, int, const char *, int);
-typedef struct CRYPTO_dynlock_value *(*dyn_dynlock_create_cb) (const char *,
-                                                               int);
-typedef void (*dyn_dynlock_lock_cb) (int, struct CRYPTO_dynlock_value *,
-                                     const char *, int);
-typedef void (*dyn_dynlock_destroy_cb) (struct CRYPTO_dynlock_value *,
-                                        const char *, int);
-typedef struct st_dynamic_LOCK_fns {
-    dyn_lock_locking_cb lock_locking_cb;
-    dyn_lock_add_lock_cb lock_add_lock_cb;
-    dyn_dynlock_create_cb dynlock_create_cb;
-    dyn_dynlock_lock_cb dynlock_lock_cb;
-    dyn_dynlock_destroy_cb dynlock_destroy_cb;
-} dynamic_LOCK_fns;
+ * use these types so we (and any other dependent code) can simplify a bit??
+ */
 /* The top-level structure */
 typedef struct st_dynamic_fns {
     void *static_state;
-    const ERR_FNS *err_fns;
-    const CRYPTO_EX_DATA_IMPL *ex_data_fns;
     dynamic_MEM_fns mem_fns;
-    dynamic_LOCK_fns lock_fns;
 } dynamic_fns;
 
 /*
@@ -800,7 +690,7 @@ typedef unsigned long (*dynamic_v_check_fn) (unsigned long ossl_version);
 # define IMPLEMENT_DYNAMIC_CHECK_FN() \
         OPENSSL_EXPORT unsigned long v_check(unsigned long v); \
         OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \
-                if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \
+                if (v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \
                 return 0; }
 
 /*
@@ -828,21 +718,13 @@ typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id,
         int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); \
         OPENSSL_EXPORT \
         int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \
-                if(ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \
-                if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \
-                        fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \
-                        return 0; \
-                CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \
-                CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \
-                CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \
-                CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \
-                CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \
-                if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \
-                        return 0; \
-                if(!ERR_set_implementation(fns->err_fns)) return 0; \
+            if (ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \
+            CRYPTO_set_mem_functions(fns->mem_fns.malloc_fn, \
+                                     fns->mem_fns.realloc_fn, \
+                                     fns->mem_fns.free_fn); \
         skip_cbs: \
-                if(!fn(e,id)) return 0; \
-                return 1; }
+            if (!fn(e, id)) return 0; \
+            return 1; }
 
 /*
  * If the loading application (or library) and the loaded ENGINE library
@@ -857,104 +739,13 @@ typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id,
  */
 void *ENGINE_get_static_state(void);
 
-# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
-void ENGINE_setup_bsd_cryptodev(void);
+# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__DragonFly__)
+DEPRECATEDIN_1_1_0(void ENGINE_setup_bsd_cryptodev(void))
 # endif
 
-/* BEGIN ERROR CODES */
-/*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_ENGINE_strings(void);
-
-/* Error codes for the ENGINE functions. */
-
-/* Function codes. */
-# define ENGINE_F_DYNAMIC_CTRL                            180
-# define ENGINE_F_DYNAMIC_GET_DATA_CTX                    181
-# define ENGINE_F_DYNAMIC_LOAD                            182
-# define ENGINE_F_DYNAMIC_SET_DATA_CTX                    183
-# define ENGINE_F_ENGINE_ADD                              105
-# define ENGINE_F_ENGINE_BY_ID                            106
-# define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE                170
-# define ENGINE_F_ENGINE_CTRL                             142
-# define ENGINE_F_ENGINE_CTRL_CMD                         178
-# define ENGINE_F_ENGINE_CTRL_CMD_STRING                  171
-# define ENGINE_F_ENGINE_FINISH                           107
-# define ENGINE_F_ENGINE_FREE_UTIL                        108
-# define ENGINE_F_ENGINE_GET_CIPHER                       185
-# define ENGINE_F_ENGINE_GET_DEFAULT_TYPE                 177
-# define ENGINE_F_ENGINE_GET_DIGEST                       186
-# define ENGINE_F_ENGINE_GET_NEXT                         115
-# define ENGINE_F_ENGINE_GET_PKEY_ASN1_METH               193
-# define ENGINE_F_ENGINE_GET_PKEY_METH                    192
-# define ENGINE_F_ENGINE_GET_PREV                         116
-# define ENGINE_F_ENGINE_INIT                             119
-# define ENGINE_F_ENGINE_LIST_ADD                         120
-# define ENGINE_F_ENGINE_LIST_REMOVE                      121
-# define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY                 150
-# define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY                  151
-# define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT             194
-# define ENGINE_F_ENGINE_NEW                              122
-# define ENGINE_F_ENGINE_REMOVE                           123
-# define ENGINE_F_ENGINE_SET_DEFAULT_STRING               189
-# define ENGINE_F_ENGINE_SET_DEFAULT_TYPE                 126
-# define ENGINE_F_ENGINE_SET_ID                           129
-# define ENGINE_F_ENGINE_SET_NAME                         130
-# define ENGINE_F_ENGINE_TABLE_REGISTER                   184
-# define ENGINE_F_ENGINE_UNLOAD_KEY                       152
-# define ENGINE_F_ENGINE_UNLOCKED_FINISH                  191
-# define ENGINE_F_ENGINE_UP_REF                           190
-# define ENGINE_F_INT_CTRL_HELPER                         172
-# define ENGINE_F_INT_ENGINE_CONFIGURE                    188
-# define ENGINE_F_INT_ENGINE_MODULE_INIT                  187
-# define ENGINE_F_LOG_MESSAGE                             141
-
-/* Reason codes. */
-# define ENGINE_R_ALREADY_LOADED                          100
-# define ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER                133
-# define ENGINE_R_CMD_NOT_EXECUTABLE                      134
-# define ENGINE_R_COMMAND_TAKES_INPUT                     135
-# define ENGINE_R_COMMAND_TAKES_NO_INPUT                  136
-# define ENGINE_R_CONFLICTING_ENGINE_ID                   103
-# define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED            119
-# define ENGINE_R_DH_NOT_IMPLEMENTED                      139
-# define ENGINE_R_DSA_NOT_IMPLEMENTED                     140
-# define ENGINE_R_DSO_FAILURE                             104
-# define ENGINE_R_DSO_NOT_FOUND                           132
-# define ENGINE_R_ENGINES_SECTION_ERROR                   148
-# define ENGINE_R_ENGINE_CONFIGURATION_ERROR              102
-# define ENGINE_R_ENGINE_IS_NOT_IN_LIST                   105
-# define ENGINE_R_ENGINE_SECTION_ERROR                    149
-# define ENGINE_R_FAILED_LOADING_PRIVATE_KEY              128
-# define ENGINE_R_FAILED_LOADING_PUBLIC_KEY               129
-# define ENGINE_R_FINISH_FAILED                           106
-# define ENGINE_R_GET_HANDLE_FAILED                       107
-# define ENGINE_R_ID_OR_NAME_MISSING                      108
-# define ENGINE_R_INIT_FAILED                             109
-# define ENGINE_R_INTERNAL_LIST_ERROR                     110
-# define ENGINE_R_INVALID_ARGUMENT                        143
-# define ENGINE_R_INVALID_CMD_NAME                        137
-# define ENGINE_R_INVALID_CMD_NUMBER                      138
-# define ENGINE_R_INVALID_INIT_VALUE                      151
-# define ENGINE_R_INVALID_STRING                          150
-# define ENGINE_R_NOT_INITIALISED                         117
-# define ENGINE_R_NOT_LOADED                              112
-# define ENGINE_R_NO_CONTROL_FUNCTION                     120
-# define ENGINE_R_NO_INDEX                                144
-# define ENGINE_R_NO_LOAD_FUNCTION                        125
-# define ENGINE_R_NO_REFERENCE                            130
-# define ENGINE_R_NO_SUCH_ENGINE                          116
-# define ENGINE_R_NO_UNLOAD_FUNCTION                      126
-# define ENGINE_R_PROVIDE_PARAMETERS                      113
-# define ENGINE_R_RSA_NOT_IMPLEMENTED                     141
-# define ENGINE_R_UNIMPLEMENTED_CIPHER                    146
-# define ENGINE_R_UNIMPLEMENTED_DIGEST                    147
-# define ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD         101
-# define ENGINE_R_VERSION_INCOMPATIBILITY                 145
-
-#ifdef  __cplusplus
+
+#  ifdef  __cplusplus
 }
-#endif
+#  endif
+# endif
 #endif
diff --git a/freebsd/crypto/openssl/include/openssl/engineerr.h b/freebsd/crypto/openssl/include/openssl/engineerr.h
new file mode 100644
index 00000000..b4c036b2
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/engineerr.h
@@ -0,0 +1,107 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_ENGINEERR_H
+# define HEADER_ENGINEERR_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_ENGINE
+
+#  ifdef  __cplusplus
+extern "C"
+#  endif
+int ERR_load_ENGINE_strings(void);
+
+/*
+ * ENGINE function codes.
+ */
+#  define ENGINE_F_DIGEST_UPDATE                           198
+#  define ENGINE_F_DYNAMIC_CTRL                            180
+#  define ENGINE_F_DYNAMIC_GET_DATA_CTX                    181
+#  define ENGINE_F_DYNAMIC_LOAD                            182
+#  define ENGINE_F_DYNAMIC_SET_DATA_CTX                    183
+#  define ENGINE_F_ENGINE_ADD                              105
+#  define ENGINE_F_ENGINE_BY_ID                            106
+#  define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE                170
+#  define ENGINE_F_ENGINE_CTRL                             142
+#  define ENGINE_F_ENGINE_CTRL_CMD                         178
+#  define ENGINE_F_ENGINE_CTRL_CMD_STRING                  171
+#  define ENGINE_F_ENGINE_FINISH                           107
+#  define ENGINE_F_ENGINE_GET_CIPHER                       185
+#  define ENGINE_F_ENGINE_GET_DIGEST                       186
+#  define ENGINE_F_ENGINE_GET_FIRST                        195
+#  define ENGINE_F_ENGINE_GET_LAST                         196
+#  define ENGINE_F_ENGINE_GET_NEXT                         115
+#  define ENGINE_F_ENGINE_GET_PKEY_ASN1_METH               193
+#  define ENGINE_F_ENGINE_GET_PKEY_METH                    192
+#  define ENGINE_F_ENGINE_GET_PREV                         116
+#  define ENGINE_F_ENGINE_INIT                             119
+#  define ENGINE_F_ENGINE_LIST_ADD                         120
+#  define ENGINE_F_ENGINE_LIST_REMOVE                      121
+#  define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY                 150
+#  define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY                  151
+#  define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT             194
+#  define ENGINE_F_ENGINE_NEW                              122
+#  define ENGINE_F_ENGINE_PKEY_ASN1_FIND_STR               197
+#  define ENGINE_F_ENGINE_REMOVE                           123
+#  define ENGINE_F_ENGINE_SET_DEFAULT_STRING               189
+#  define ENGINE_F_ENGINE_SET_ID                           129
+#  define ENGINE_F_ENGINE_SET_NAME                         130
+#  define ENGINE_F_ENGINE_TABLE_REGISTER                   184
+#  define ENGINE_F_ENGINE_UNLOCKED_FINISH                  191
+#  define ENGINE_F_ENGINE_UP_REF                           190
+#  define ENGINE_F_INT_CLEANUP_ITEM                        199
+#  define ENGINE_F_INT_CTRL_HELPER                         172
+#  define ENGINE_F_INT_ENGINE_CONFIGURE                    188
+#  define ENGINE_F_INT_ENGINE_MODULE_INIT                  187
+#  define ENGINE_F_OSSL_HMAC_INIT                          200
+
+/*
+ * ENGINE reason codes.
+ */
+#  define ENGINE_R_ALREADY_LOADED                          100
+#  define ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER                133
+#  define ENGINE_R_CMD_NOT_EXECUTABLE                      134
+#  define ENGINE_R_COMMAND_TAKES_INPUT                     135
+#  define ENGINE_R_COMMAND_TAKES_NO_INPUT                  136
+#  define ENGINE_R_CONFLICTING_ENGINE_ID                   103
+#  define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED            119
+#  define ENGINE_R_DSO_FAILURE                             104
+#  define ENGINE_R_DSO_NOT_FOUND                           132
+#  define ENGINE_R_ENGINES_SECTION_ERROR                   148
+#  define ENGINE_R_ENGINE_CONFIGURATION_ERROR              102
+#  define ENGINE_R_ENGINE_IS_NOT_IN_LIST                   105
+#  define ENGINE_R_ENGINE_SECTION_ERROR                    149
+#  define ENGINE_R_FAILED_LOADING_PRIVATE_KEY              128
+#  define ENGINE_R_FAILED_LOADING_PUBLIC_KEY               129
+#  define ENGINE_R_FINISH_FAILED                           106
+#  define ENGINE_R_ID_OR_NAME_MISSING                      108
+#  define ENGINE_R_INIT_FAILED                             109
+#  define ENGINE_R_INTERNAL_LIST_ERROR                     110
+#  define ENGINE_R_INVALID_ARGUMENT                        143
+#  define ENGINE_R_INVALID_CMD_NAME                        137
+#  define ENGINE_R_INVALID_CMD_NUMBER                      138
+#  define ENGINE_R_INVALID_INIT_VALUE                      151
+#  define ENGINE_R_INVALID_STRING                          150
+#  define ENGINE_R_NOT_INITIALISED                         117
+#  define ENGINE_R_NOT_LOADED                              112
+#  define ENGINE_R_NO_CONTROL_FUNCTION                     120
+#  define ENGINE_R_NO_INDEX                                144
+#  define ENGINE_R_NO_LOAD_FUNCTION                        125
+#  define ENGINE_R_NO_REFERENCE                            130
+#  define ENGINE_R_NO_SUCH_ENGINE                          116
+#  define ENGINE_R_UNIMPLEMENTED_CIPHER                    146
+#  define ENGINE_R_UNIMPLEMENTED_DIGEST                    147
+#  define ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD         101
+#  define ENGINE_R_VERSION_INCOMPATIBILITY                 145
+
+# endif
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/err.h b/freebsd/crypto/openssl/include/openssl/err.h
new file mode 100644
index 00000000..6cae1a36
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/err.h
@@ -0,0 +1,273 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_ERR_H
+# define HEADER_ERR_H
+
+# include <openssl/e_os2.h>
+
+# ifndef OPENSSL_NO_STDIO
+#  include <stdio.h>
+#  include <stdlib.h>
+# endif
+
+# include <openssl/ossl_typ.h>
+# include <openssl/bio.h>
+# include <openssl/lhash.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# ifndef OPENSSL_NO_ERR
+#  define ERR_PUT_error(a,b,c,d,e)        ERR_put_error(a,b,c,d,e)
+# else
+#  define ERR_PUT_error(a,b,c,d,e)        ERR_put_error(a,b,c,NULL,0)
+# endif
+
+# include <errno.h>
+
+# define ERR_TXT_MALLOCED        0x01
+# define ERR_TXT_STRING          0x02
+
+# define ERR_FLAG_MARK           0x01
+
+# define ERR_NUM_ERRORS  16
+typedef struct err_state_st {
+    int err_flags[ERR_NUM_ERRORS];
+    unsigned long err_buffer[ERR_NUM_ERRORS];
+    char *err_data[ERR_NUM_ERRORS];
+    int err_data_flags[ERR_NUM_ERRORS];
+    const char *err_file[ERR_NUM_ERRORS];
+    int err_line[ERR_NUM_ERRORS];
+    int top, bottom;
+} ERR_STATE;
+
+/* library */
+# define ERR_LIB_NONE            1
+# define ERR_LIB_SYS             2
+# define ERR_LIB_BN              3
+# define ERR_LIB_RSA             4
+# define ERR_LIB_DH              5
+# define ERR_LIB_EVP             6
+# define ERR_LIB_BUF             7
+# define ERR_LIB_OBJ             8
+# define ERR_LIB_PEM             9
+# define ERR_LIB_DSA             10
+# define ERR_LIB_X509            11
+/* #define ERR_LIB_METH         12 */
+# define ERR_LIB_ASN1            13
+# define ERR_LIB_CONF            14
+# define ERR_LIB_CRYPTO          15
+# define ERR_LIB_EC              16
+# define ERR_LIB_SSL             20
+/* #define ERR_LIB_SSL23        21 */
+/* #define ERR_LIB_SSL2         22 */
+/* #define ERR_LIB_SSL3         23 */
+/* #define ERR_LIB_RSAREF       30 */
+/* #define ERR_LIB_PROXY        31 */
+# define ERR_LIB_BIO             32
+# define ERR_LIB_PKCS7           33
+# define ERR_LIB_X509V3          34
+# define ERR_LIB_PKCS12          35
+# define ERR_LIB_RAND            36
+# define ERR_LIB_DSO             37
+# define ERR_LIB_ENGINE          38
+# define ERR_LIB_OCSP            39
+# define ERR_LIB_UI              40
+# define ERR_LIB_COMP            41
+# define ERR_LIB_ECDSA           42
+# define ERR_LIB_ECDH            43
+# define ERR_LIB_OSSL_STORE      44
+# define ERR_LIB_FIPS            45
+# define ERR_LIB_CMS             46
+# define ERR_LIB_TS              47
+# define ERR_LIB_HMAC            48
+/* # define ERR_LIB_JPAKE       49 */
+# define ERR_LIB_CT              50
+# define ERR_LIB_ASYNC           51
+# define ERR_LIB_KDF             52
+# define ERR_LIB_SM2             53
+
+# define ERR_LIB_USER            128
+
+# define SYSerr(f,r)  ERR_PUT_error(ERR_LIB_SYS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define BNerr(f,r)   ERR_PUT_error(ERR_LIB_BN,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define RSAerr(f,r)  ERR_PUT_error(ERR_LIB_RSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define DHerr(f,r)   ERR_PUT_error(ERR_LIB_DH,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define EVPerr(f,r)  ERR_PUT_error(ERR_LIB_EVP,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define BUFerr(f,r)  ERR_PUT_error(ERR_LIB_BUF,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define OBJerr(f,r)  ERR_PUT_error(ERR_LIB_OBJ,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define PEMerr(f,r)  ERR_PUT_error(ERR_LIB_PEM,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define DSAerr(f,r)  ERR_PUT_error(ERR_LIB_DSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define ECerr(f,r)   ERR_PUT_error(ERR_LIB_EC,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define SSLerr(f,r)  ERR_PUT_error(ERR_LIB_SSL,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define BIOerr(f,r)  ERR_PUT_error(ERR_LIB_BIO,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define ECDSAerr(f,r)  ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define ECDHerr(f,r)  ERR_PUT_error(ERR_LIB_ECDH,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define OSSL_STOREerr(f,r) ERR_PUT_error(ERR_LIB_OSSL_STORE,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define CTerr(f,r) ERR_PUT_error(ERR_LIB_CT,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define ASYNCerr(f,r) ERR_PUT_error(ERR_LIB_ASYNC,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define KDFerr(f,r) ERR_PUT_error(ERR_LIB_KDF,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define SM2err(f,r) ERR_PUT_error(ERR_LIB_SM2,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+
+# define ERR_PACK(l,f,r) ( \
+        (((unsigned int)(l) & 0x0FF) << 24L) | \
+        (((unsigned int)(f) & 0xFFF) << 12L) | \
+        (((unsigned int)(r) & 0xFFF)       ) )
+# define ERR_GET_LIB(l)          (int)(((l) >> 24L) & 0x0FFL)
+# define ERR_GET_FUNC(l)         (int)(((l) >> 12L) & 0xFFFL)
+# define ERR_GET_REASON(l)       (int)( (l)         & 0xFFFL)
+# define ERR_FATAL_ERROR(l)      (int)( (l)         & ERR_R_FATAL)
+
+/* OS functions */
+# define SYS_F_FOPEN             1
+# define SYS_F_CONNECT           2
+# define SYS_F_GETSERVBYNAME     3
+# define SYS_F_SOCKET            4
+# define SYS_F_IOCTLSOCKET       5
+# define SYS_F_BIND              6
+# define SYS_F_LISTEN            7
+# define SYS_F_ACCEPT            8
+# define SYS_F_WSASTARTUP        9/* Winsock stuff */
+# define SYS_F_OPENDIR           10
+# define SYS_F_FREAD             11
+# define SYS_F_GETADDRINFO       12
+# define SYS_F_GETNAMEINFO       13
+# define SYS_F_SETSOCKOPT        14
+# define SYS_F_GETSOCKOPT        15
+# define SYS_F_GETSOCKNAME       16
+# define SYS_F_GETHOSTBYNAME     17
+# define SYS_F_FFLUSH            18
+# define SYS_F_OPEN              19
+# define SYS_F_CLOSE             20
+# define SYS_F_IOCTL             21
+# define SYS_F_STAT              22
+# define SYS_F_FCNTL             23
+# define SYS_F_FSTAT             24
+
+/* reasons */
+# define ERR_R_SYS_LIB   ERR_LIB_SYS/* 2 */
+# define ERR_R_BN_LIB    ERR_LIB_BN/* 3 */
+# define ERR_R_RSA_LIB   ERR_LIB_RSA/* 4 */
+# define ERR_R_DH_LIB    ERR_LIB_DH/* 5 */
+# define ERR_R_EVP_LIB   ERR_LIB_EVP/* 6 */
+# define ERR_R_BUF_LIB   ERR_LIB_BUF/* 7 */
+# define ERR_R_OBJ_LIB   ERR_LIB_OBJ/* 8 */
+# define ERR_R_PEM_LIB   ERR_LIB_PEM/* 9 */
+# define ERR_R_DSA_LIB   ERR_LIB_DSA/* 10 */
+# define ERR_R_X509_LIB  ERR_LIB_X509/* 11 */
+# define ERR_R_ASN1_LIB  ERR_LIB_ASN1/* 13 */
+# define ERR_R_EC_LIB    ERR_LIB_EC/* 16 */
+# define ERR_R_BIO_LIB   ERR_LIB_BIO/* 32 */
+# define ERR_R_PKCS7_LIB ERR_LIB_PKCS7/* 33 */
+# define ERR_R_X509V3_LIB ERR_LIB_X509V3/* 34 */
+# define ERR_R_ENGINE_LIB ERR_LIB_ENGINE/* 38 */
+# define ERR_R_UI_LIB    ERR_LIB_UI/* 40 */
+# define ERR_R_ECDSA_LIB ERR_LIB_ECDSA/* 42 */
+# define ERR_R_OSSL_STORE_LIB ERR_LIB_OSSL_STORE/* 44 */
+
+# define ERR_R_NESTED_ASN1_ERROR                 58
+# define ERR_R_MISSING_ASN1_EOS                  63
+
+/* fatal error */
+# define ERR_R_FATAL                             64
+# define ERR_R_MALLOC_FAILURE                    (1|ERR_R_FATAL)
+# define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED       (2|ERR_R_FATAL)
+# define ERR_R_PASSED_NULL_PARAMETER             (3|ERR_R_FATAL)
+# define ERR_R_INTERNAL_ERROR                    (4|ERR_R_FATAL)
+# define ERR_R_DISABLED                          (5|ERR_R_FATAL)
+# define ERR_R_INIT_FAIL                         (6|ERR_R_FATAL)
+# define ERR_R_PASSED_INVALID_ARGUMENT           (7)
+# define ERR_R_OPERATION_FAIL                    (8|ERR_R_FATAL)
+
+/*
+ * 99 is the maximum possible ERR_R_... code, higher values are reserved for
+ * the individual libraries
+ */
+
+typedef struct ERR_string_data_st {
+    unsigned long error;
+    const char *string;
+} ERR_STRING_DATA;
+
+DEFINE_LHASH_OF(ERR_STRING_DATA);
+
+void ERR_put_error(int lib, int func, int reason, const char *file, int line);
+void ERR_set_error_data(char *data, int flags);
+
+unsigned long ERR_get_error(void);
+unsigned long ERR_get_error_line(const char **file, int *line);
+unsigned long ERR_get_error_line_data(const char **file, int *line,
+                                      const char **data, int *flags);
+unsigned long ERR_peek_error(void);
+unsigned long ERR_peek_error_line(const char **file, int *line);
+unsigned long ERR_peek_error_line_data(const char **file, int *line,
+                                       const char **data, int *flags);
+unsigned long ERR_peek_last_error(void);
+unsigned long ERR_peek_last_error_line(const char **file, int *line);
+unsigned long ERR_peek_last_error_line_data(const char **file, int *line,
+                                            const char **data, int *flags);
+void ERR_clear_error(void);
+char *ERR_error_string(unsigned long e, char *buf);
+void ERR_error_string_n(unsigned long e, char *buf, size_t len);
+const char *ERR_lib_error_string(unsigned long e);
+const char *ERR_func_error_string(unsigned long e);
+const char *ERR_reason_error_string(unsigned long e);
+void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u),
+                         void *u);
+# ifndef OPENSSL_NO_STDIO
+void ERR_print_errors_fp(FILE *fp);
+# endif
+void ERR_print_errors(BIO *bp);
+void ERR_add_error_data(int num, ...);
+void ERR_add_error_vdata(int num, va_list args);
+int ERR_load_strings(int lib, ERR_STRING_DATA *str);
+int ERR_load_strings_const(const ERR_STRING_DATA *str);
+int ERR_unload_strings(int lib, ERR_STRING_DATA *str);
+int ERR_load_ERR_strings(void);
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define ERR_load_crypto_strings() \
+    OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL)
+# define ERR_free_strings() while(0) continue
+#endif
+
+DEPRECATEDIN_1_1_0(void ERR_remove_thread_state(void *))
+DEPRECATEDIN_1_0_0(void ERR_remove_state(unsigned long pid))
+ERR_STATE *ERR_get_state(void);
+
+int ERR_get_next_error_library(void);
+
+int ERR_set_mark(void);
+int ERR_pop_to_mark(void);
+int ERR_clear_last_mark(void);
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/freebsd/crypto/openssl/crypto/evp/evp.h b/freebsd/crypto/openssl/include/openssl/evp.h
index cf1de15e..8c805199 100644
--- a/freebsd/crypto/openssl/crypto/evp/evp.h
+++ b/freebsd/crypto/openssl/include/openssl/evp.h
@@ -1,87 +1,21 @@
-/* crypto/evp/evp.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #ifndef HEADER_ENVELOPE_H
 # define HEADER_ENVELOPE_H
 
-# ifdef OPENSSL_ALGORITHM_DEFINES
-#  include <openssl/opensslconf.h>
-# else
-#  define OPENSSL_ALGORITHM_DEFINES
-#  include <openssl/opensslconf.h>
-#  undef OPENSSL_ALGORITHM_DEFINES
-# endif
-
+# include <openssl/opensslconf.h>
 # include <openssl/ossl_typ.h>
-
 # include <openssl/symhacks.h>
+# include <openssl/bio.h>
+# include <openssl/evperr.h>
 
-# ifndef OPENSSL_NO_BIO
-#  include <openssl/bio.h>
-# endif
-
-/*-
-#define EVP_RC2_KEY_SIZE                16
-#define EVP_RC4_KEY_SIZE                16
-#define EVP_BLOWFISH_KEY_SIZE           16
-#define EVP_CAST5_KEY_SIZE              16
-#define EVP_RC5_32_12_16_KEY_SIZE       16
-*/
 # define EVP_MAX_MD_SIZE                 64/* longest known is SHA512 */
 # define EVP_MAX_KEY_LENGTH              64
 # define EVP_MAX_IV_LENGTH               16
@@ -107,6 +41,7 @@
 # define EVP_PKEY_NONE   NID_undef
 # define EVP_PKEY_RSA    NID_rsaEncryption
 # define EVP_PKEY_RSA2   NID_rsa
+# define EVP_PKEY_RSA_PSS NID_rsassaPss
 # define EVP_PKEY_DSA    NID_dsa
 # define EVP_PKEY_DSA1   NID_dsa_2
 # define EVP_PKEY_DSA2   NID_dsaWithSHA
@@ -115,93 +50,70 @@
 # define EVP_PKEY_DH     NID_dhKeyAgreement
 # define EVP_PKEY_DHX    NID_dhpublicnumber
 # define EVP_PKEY_EC     NID_X9_62_id_ecPublicKey
+# define EVP_PKEY_SM2    NID_sm2
 # define EVP_PKEY_HMAC   NID_hmac
 # define EVP_PKEY_CMAC   NID_cmac
+# define EVP_PKEY_SCRYPT NID_id_scrypt
+# define EVP_PKEY_TLS1_PRF NID_tls1_prf
+# define EVP_PKEY_HKDF   NID_hkdf
+# define EVP_PKEY_POLY1305 NID_poly1305
+# define EVP_PKEY_SIPHASH NID_siphash
+# define EVP_PKEY_X25519 NID_X25519
+# define EVP_PKEY_ED25519 NID_ED25519
+# define EVP_PKEY_X448 NID_X448
+# define EVP_PKEY_ED448 NID_ED448
 
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
-/*
- * Type needs to be a bit field Sub-type needs to be for variations on the
- * method, as in, can it do arbitrary encryption....
- */
-struct evp_pkey_st {
-    int type;
-    int save_type;
-    int references;
-    const EVP_PKEY_ASN1_METHOD *ameth;
-    ENGINE *engine;
-    union {
-        char *ptr;
-# ifndef OPENSSL_NO_RSA
-        struct rsa_st *rsa;     /* RSA */
-# endif
-# ifndef OPENSSL_NO_DSA
-        struct dsa_st *dsa;     /* DSA */
-# endif
-# ifndef OPENSSL_NO_DH
-        struct dh_st *dh;       /* DH */
-# endif
-# ifndef OPENSSL_NO_EC
-        struct ec_key_st *ec;   /* ECC */
-# endif
-    } pkey;
-    int save_parameters;
-    STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
-} /* EVP_PKEY */ ;
-
 # define EVP_PKEY_MO_SIGN        0x0001
 # define EVP_PKEY_MO_VERIFY      0x0002
 # define EVP_PKEY_MO_ENCRYPT     0x0004
 # define EVP_PKEY_MO_DECRYPT     0x0008
 
 # ifndef EVP_MD
-struct env_md_st {
-    int type;
-    int pkey_type;
-    int md_size;
-    unsigned long flags;
-    int (*init) (EVP_MD_CTX *ctx);
-    int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count);
-    int (*final) (EVP_MD_CTX *ctx, unsigned char *md);
-    int (*copy) (EVP_MD_CTX *to, const EVP_MD_CTX *from);
-    int (*cleanup) (EVP_MD_CTX *ctx);
-    /* FIXME: prototype these some day */
-    int (*sign) (int type, const unsigned char *m, unsigned int m_length,
-                 unsigned char *sigret, unsigned int *siglen, void *key);
-    int (*verify) (int type, const unsigned char *m, unsigned int m_length,
-                   const unsigned char *sigbuf, unsigned int siglen,
-                   void *key);
-    int required_pkey_type[5];  /* EVP_PKEY_xxx */
-    int block_size;
-    int ctx_size;               /* how big does the ctx->md_data need to be */
-    /* control function */
-    int (*md_ctrl) (EVP_MD_CTX *ctx, int cmd, int p1, void *p2);
-} /* EVP_MD */ ;
-
-typedef int evp_sign_method(int type, const unsigned char *m,
-                            unsigned int m_length, unsigned char *sigret,
-                            unsigned int *siglen, void *key);
-typedef int evp_verify_method(int type, const unsigned char *m,
-                              unsigned int m_length,
-                              const unsigned char *sigbuf,
-                              unsigned int siglen, void *key);
+EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type);
+EVP_MD *EVP_MD_meth_dup(const EVP_MD *md);
+void EVP_MD_meth_free(EVP_MD *md);
+
+int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize);
+int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize);
+int EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize);
+int EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags);
+int EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx));
+int EVP_MD_meth_set_update(EVP_MD *md, int (*update)(EVP_MD_CTX *ctx,
+                                                     const void *data,
+                                                     size_t count));
+int EVP_MD_meth_set_final(EVP_MD *md, int (*final)(EVP_MD_CTX *ctx,
+                                                   unsigned char *md));
+int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to,
+                                                 const EVP_MD_CTX *from));
+int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx));
+int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd,
+                                                 int p1, void *p2));
+
+int EVP_MD_meth_get_input_blocksize(const EVP_MD *md);
+int EVP_MD_meth_get_result_size(const EVP_MD *md);
+int EVP_MD_meth_get_app_datasize(const EVP_MD *md);
+unsigned long EVP_MD_meth_get_flags(const EVP_MD *md);
+int (*EVP_MD_meth_get_init(const EVP_MD *md))(EVP_MD_CTX *ctx);
+int (*EVP_MD_meth_get_update(const EVP_MD *md))(EVP_MD_CTX *ctx,
+                                                const void *data,
+                                                size_t count);
+int (*EVP_MD_meth_get_final(const EVP_MD *md))(EVP_MD_CTX *ctx,
+                                               unsigned char *md);
+int (*EVP_MD_meth_get_copy(const EVP_MD *md))(EVP_MD_CTX *to,
+                                              const EVP_MD_CTX *from);
+int (*EVP_MD_meth_get_cleanup(const EVP_MD *md))(EVP_MD_CTX *ctx);
+int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
+                                              int p1, void *p2);
 
 /* digest can only handle a single block */
 #  define EVP_MD_FLAG_ONESHOT     0x0001
 
-/*
- * digest is a "clone" digest used
- * which is a copy of an existing
- * one for a specific public key type.
- * EVP_dss1() etc
- */
-#  define EVP_MD_FLAG_PKEY_DIGEST 0x0002
-
-/* Digest uses EVP_PKEY_METHOD for signing instead of MD specific signing */
-
-#  define EVP_MD_FLAG_PKEY_METHOD_SIGNATURE       0x0004
+/* digest is extensible-output function, XOF */
+#  define EVP_MD_FLAG_XOF         0x0002
 
 /* DigestAlgorithmIdentifier flags... */
 
@@ -226,57 +138,14 @@ typedef int evp_verify_method(int type, const unsigned char *m,
 
 #  define EVP_MD_CTRL_DIGALGID                    0x1
 #  define EVP_MD_CTRL_MICALG                      0x2
+#  define EVP_MD_CTRL_XOF_LEN                     0x3
 
 /* Minimum Algorithm specific ctrl value */
 
 #  define EVP_MD_CTRL_ALG_CTRL                    0x1000
 
-#  define EVP_PKEY_NULL_method    NULL,NULL,{0,0,0,0}
-
-#  ifndef OPENSSL_NO_DSA
-#   define EVP_PKEY_DSA_method     (evp_sign_method *)DSA_sign, \
-                                (evp_verify_method *)DSA_verify, \
-                                {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \
-                                        EVP_PKEY_DSA4,0}
-#  else
-#   define EVP_PKEY_DSA_method     EVP_PKEY_NULL_method
-#  endif
-
-#  ifndef OPENSSL_NO_ECDSA
-#   define EVP_PKEY_ECDSA_method   (evp_sign_method *)ECDSA_sign, \
-                                (evp_verify_method *)ECDSA_verify, \
-                                 {EVP_PKEY_EC,0,0,0}
-#  else
-#   define EVP_PKEY_ECDSA_method   EVP_PKEY_NULL_method
-#  endif
-
-#  ifndef OPENSSL_NO_RSA
-#   define EVP_PKEY_RSA_method     (evp_sign_method *)RSA_sign, \
-                                (evp_verify_method *)RSA_verify, \
-                                {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0}
-#   define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \
-                                (evp_sign_method *)RSA_sign_ASN1_OCTET_STRING, \
-                                (evp_verify_method *)RSA_verify_ASN1_OCTET_STRING, \
-                                {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0}
-#  else
-#   define EVP_PKEY_RSA_method     EVP_PKEY_NULL_method
-#   define EVP_PKEY_RSA_ASN1_OCTET_STRING_method EVP_PKEY_NULL_method
-#  endif
-
 # endif                         /* !EVP_MD */
 
-struct env_md_ctx_st {
-    const EVP_MD *digest;
-    ENGINE *engine;             /* functional reference if 'digest' is
-                                 * ENGINE-provided */
-    unsigned long flags;
-    void *md_data;
-    /* Public key context for sign/verify */
-    EVP_PKEY_CTX *pctx;
-    /* Update function: usually copied from EVP_MD */
-    int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count);
-} /* EVP_MD_CTX */ ;
-
 /* values for EVP_MD_CTX flags */
 
 # define EVP_MD_CTX_FLAG_ONESHOT         0x0001/* digest update will be
@@ -284,7 +153,7 @@ struct env_md_ctx_st {
 # define EVP_MD_CTX_FLAG_CLEANED         0x0002/* context has already been
                                                 * cleaned */
 # define EVP_MD_CTX_FLAG_REUSE           0x0004/* Don't free up ctx->md_data
-                                                * in EVP_MD_CTX_cleanup */
+                                                * in EVP_MD_CTX_reset */
 /*
  * FIPS and pad options are ignored in 1.0.0, definitions are here so we
  * don't accidentally reuse the values for other purposes.
@@ -304,34 +173,60 @@ struct env_md_ctx_st {
 # define EVP_MD_CTX_FLAG_PAD_PSS         0x20/* PSS mode */
 
 # define EVP_MD_CTX_FLAG_NO_INIT         0x0100/* Don't initialize md_data */
-
-struct evp_cipher_st {
-    int nid;
-    int block_size;
-    /* Default value for variable length ciphers */
-    int key_len;
-    int iv_len;
-    /* Various flags */
-    unsigned long flags;
-    /* init key */
-    int (*init) (EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                 const unsigned char *iv, int enc);
-    /* encrypt/decrypt data */
-    int (*do_cipher) (EVP_CIPHER_CTX *ctx, unsigned char *out,
-                      const unsigned char *in, size_t inl);
-    /* cleanup ctx */
-    int (*cleanup) (EVP_CIPHER_CTX *);
-    /* how big ctx->cipher_data needs to be */
-    int ctx_size;
-    /* Populate a ASN1_TYPE with parameters */
-    int (*set_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *);
-    /* Get parameters from a ASN1_TYPE */
-    int (*get_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *);
-    /* Miscellaneous operations */
-    int (*ctrl) (EVP_CIPHER_CTX *, int type, int arg, void *ptr);
-    /* Application data */
-    void *app_data;
-} /* EVP_CIPHER */ ;
+/*
+ * Some functions such as EVP_DigestSign only finalise copies of internal
+ * contexts so additional data can be included after the finalisation call.
+ * This is inefficient if this functionality is not required: it is disabled
+ * if the following flag is set.
+ */
+# define EVP_MD_CTX_FLAG_FINALISE        0x0200
+/* NOTE: 0x0400 is reserved for internal usage in evp_int.h */
+
+EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len);
+EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher);
+void EVP_CIPHER_meth_free(EVP_CIPHER *cipher);
+
+int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len);
+int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags);
+int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size);
+int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher,
+                             int (*init) (EVP_CIPHER_CTX *ctx,
+                                          const unsigned char *key,
+                                          const unsigned char *iv,
+                                          int enc));
+int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher,
+                                  int (*do_cipher) (EVP_CIPHER_CTX *ctx,
+                                                    unsigned char *out,
+                                                    const unsigned char *in,
+                                                    size_t inl));
+int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher,
+                                int (*cleanup) (EVP_CIPHER_CTX *));
+int EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher,
+                                        int (*set_asn1_parameters) (EVP_CIPHER_CTX *,
+                                                                    ASN1_TYPE *));
+int EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher,
+                                        int (*get_asn1_parameters) (EVP_CIPHER_CTX *,
+                                                                    ASN1_TYPE *));
+int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher,
+                             int (*ctrl) (EVP_CIPHER_CTX *, int type,
+                                          int arg, void *ptr));
+
+int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx,
+                                                          const unsigned char *key,
+                                                          const unsigned char *iv,
+                                                          int enc);
+int (*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx,
+                                                               unsigned char *out,
+                                                               const unsigned char *in,
+                                                               size_t inl);
+int (*EVP_CIPHER_meth_get_cleanup(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *);
+int (*EVP_CIPHER_meth_get_set_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
+                                                                     ASN1_TYPE *);
+int (*EVP_CIPHER_meth_get_get_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
+                                                               ASN1_TYPE *);
+int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
+                                                          int type, int arg,
+                                                          void *ptr);
 
 /* Values for cipher flags */
 
@@ -347,6 +242,7 @@ struct evp_cipher_st {
 # define         EVP_CIPH_CCM_MODE               0x7
 # define         EVP_CIPH_XTS_MODE               0x10001
 # define         EVP_CIPH_WRAP_MODE              0x10002
+# define         EVP_CIPH_OCB_MODE               0x10003
 # define         EVP_CIPH_MODE                   0xF0007
 /* Set if variable length cipher */
 # define         EVP_CIPH_VARIABLE_LENGTH        0x8
@@ -378,6 +274,8 @@ struct evp_cipher_st {
 # define         EVP_CIPH_FLAG_CUSTOM_CIPHER     0x100000
 # define         EVP_CIPH_FLAG_AEAD_CIPHER       0x200000
 # define         EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0x400000
+/* Cipher can handle pipeline operations */
+# define         EVP_CIPH_FLAG_PIPELINE          0X800000
 
 /*
  * Cipher context flag to indicate we can handle wrap mode: if allowed in
@@ -397,14 +295,19 @@ struct evp_cipher_st {
 # define         EVP_CTRL_RAND_KEY               0x6
 # define         EVP_CTRL_PBE_PRF_NID            0x7
 # define         EVP_CTRL_COPY                   0x8
-# define         EVP_CTRL_GCM_SET_IVLEN          0x9
-# define         EVP_CTRL_GCM_GET_TAG            0x10
-# define         EVP_CTRL_GCM_SET_TAG            0x11
-# define         EVP_CTRL_GCM_SET_IV_FIXED       0x12
+# define         EVP_CTRL_AEAD_SET_IVLEN         0x9
+# define         EVP_CTRL_AEAD_GET_TAG           0x10
+# define         EVP_CTRL_AEAD_SET_TAG           0x11
+# define         EVP_CTRL_AEAD_SET_IV_FIXED      0x12
+# define         EVP_CTRL_GCM_SET_IVLEN          EVP_CTRL_AEAD_SET_IVLEN
+# define         EVP_CTRL_GCM_GET_TAG            EVP_CTRL_AEAD_GET_TAG
+# define         EVP_CTRL_GCM_SET_TAG            EVP_CTRL_AEAD_SET_TAG
+# define         EVP_CTRL_GCM_SET_IV_FIXED       EVP_CTRL_AEAD_SET_IV_FIXED
 # define         EVP_CTRL_GCM_IV_GEN             0x13
-# define         EVP_CTRL_CCM_SET_IVLEN          EVP_CTRL_GCM_SET_IVLEN
-# define         EVP_CTRL_CCM_GET_TAG            EVP_CTRL_GCM_GET_TAG
-# define         EVP_CTRL_CCM_SET_TAG            EVP_CTRL_GCM_SET_TAG
+# define         EVP_CTRL_CCM_SET_IVLEN          EVP_CTRL_AEAD_SET_IVLEN
+# define         EVP_CTRL_CCM_GET_TAG            EVP_CTRL_AEAD_GET_TAG
+# define         EVP_CTRL_CCM_SET_TAG            EVP_CTRL_AEAD_SET_TAG
+# define         EVP_CTRL_CCM_SET_IV_FIXED       EVP_CTRL_AEAD_SET_IV_FIXED
 # define         EVP_CTRL_CCM_SET_L              0x14
 # define         EVP_CTRL_CCM_SET_MSGLEN         0x15
 /*
@@ -423,6 +326,36 @@ struct evp_cipher_st {
 # define         EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT      0x1b
 # define         EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE  0x1c
 
+# define         EVP_CTRL_SSL3_MASTER_SECRET             0x1d
+
+/* EVP_CTRL_SET_SBOX takes the char * specifying S-boxes */
+# define         EVP_CTRL_SET_SBOX                       0x1e
+/*
+ * EVP_CTRL_SBOX_USED takes a 'size_t' and 'char *', pointing at a
+ * pre-allocated buffer with specified size
+ */
+# define         EVP_CTRL_SBOX_USED                      0x1f
+/* EVP_CTRL_KEY_MESH takes 'size_t' number of bytes to mesh the key after,
+ * 0 switches meshing off
+ */
+# define         EVP_CTRL_KEY_MESH                       0x20
+/* EVP_CTRL_BLOCK_PADDING_MODE takes the padding mode */
+# define         EVP_CTRL_BLOCK_PADDING_MODE             0x21
+
+/* Set the output buffers to use for a pipelined operation */
+# define         EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS       0x22
+/* Set the input buffers to use for a pipelined operation */
+# define         EVP_CTRL_SET_PIPELINE_INPUT_BUFS        0x23
+/* Set the input buffer lengths to use for a pipelined operation */
+# define         EVP_CTRL_SET_PIPELINE_INPUT_LENS        0x24
+
+/* Padding modes */
+#define EVP_PADDING_PKCS7       1
+#define EVP_PADDING_ISO7816_4   2
+#define EVP_PADDING_ANSI923     3
+#define EVP_PADDING_ISO10126    4
+#define EVP_PADDING_ZERO        5
+
 /* RFC 5246 defines additional data to be 13 bytes in length */
 # define         EVP_AEAD_TLS1_AAD_LEN           13
 
@@ -441,45 +374,26 @@ typedef struct {
 /* Length of tag for TLS */
 # define EVP_GCM_TLS_TAG_LEN                             16
 
+/* CCM TLS constants */
+/* Length of fixed part of IV derived from PRF */
+# define EVP_CCM_TLS_FIXED_IV_LEN                        4
+/* Length of explicit part of IV part of TLS records */
+# define EVP_CCM_TLS_EXPLICIT_IV_LEN                     8
+/* Total length of CCM IV length for TLS */
+# define EVP_CCM_TLS_IV_LEN                              12
+/* Length of tag for TLS */
+# define EVP_CCM_TLS_TAG_LEN                             16
+/* Length of CCM8 tag for TLS */
+# define EVP_CCM8_TLS_TAG_LEN                            8
+
+/* Length of tag for TLS */
+# define EVP_CHACHAPOLY_TLS_TAG_LEN                      16
+
 typedef struct evp_cipher_info_st {
     const EVP_CIPHER *cipher;
     unsigned char iv[EVP_MAX_IV_LENGTH];
 } EVP_CIPHER_INFO;
 
-struct evp_cipher_ctx_st {
-    const EVP_CIPHER *cipher;
-    ENGINE *engine;             /* functional reference if 'cipher' is
-                                 * ENGINE-provided */
-    int encrypt;                /* encrypt or decrypt */
-    int buf_len;                /* number we have left */
-    unsigned char oiv[EVP_MAX_IV_LENGTH]; /* original iv */
-    unsigned char iv[EVP_MAX_IV_LENGTH]; /* working iv */
-    unsigned char buf[EVP_MAX_BLOCK_LENGTH]; /* saved partial block */
-    int num;                    /* used by cfb/ofb/ctr mode */
-    void *app_data;             /* application stuff */
-    int key_len;                /* May change for variable length cipher */
-    unsigned long flags;        /* Various flags */
-    void *cipher_data;          /* per EVP data */
-    int final_used;
-    int block_mask;
-    unsigned char final[EVP_MAX_BLOCK_LENGTH]; /* possible final block */
-} /* EVP_CIPHER_CTX */ ;
-
-typedef struct evp_Encode_Ctx_st {
-    /* number saved in a partial encode/decode */
-    int num;
-    /*
-     * The length is either the output line length (in input bytes) or the
-     * shortest input line length that is ok.  Once decoding begins, the
-     * length is adjusted up each time a longer line is decoded
-     */
-    int length;
-    /* data to encode */
-    unsigned char enc_data[80];
-    /* number read on current line */
-    int line_num;
-    int expect_nl;
-} EVP_ENCODE_CTX;
 
 /* Password based encryption function */
 typedef int (EVP_PBE_KEYGEN) (EVP_CIPHER_CTX *ctx, const char *pass,
@@ -506,6 +420,15 @@ typedef int (EVP_PBE_KEYGEN) (EVP_CIPHER_CTX *ctx, const char *pass,
 #  define EVP_PKEY_assign_EC_KEY(pkey,eckey) EVP_PKEY_assign((pkey),EVP_PKEY_EC,\
                                         (char *)(eckey))
 # endif
+# ifndef OPENSSL_NO_SIPHASH
+#  define EVP_PKEY_assign_SIPHASH(pkey,shkey) EVP_PKEY_assign((pkey),EVP_PKEY_SIPHASH,\
+                                        (char *)(shkey))
+# endif
+
+# ifndef OPENSSL_NO_POLY1305
+#  define EVP_PKEY_assign_POLY1305(pkey,polykey) EVP_PKEY_assign((pkey),EVP_PKEY_POLY1305,\
+                                        (char *)(polykey))
+# endif
 
 /* Add some extra combinations */
 # define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))
@@ -522,32 +445,52 @@ int EVP_MD_block_size(const EVP_MD *md);
 unsigned long EVP_MD_flags(const EVP_MD *md);
 
 const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
+int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx,
+                                             const void *data, size_t count);
+void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx,
+                              int (*update) (EVP_MD_CTX *ctx,
+                                             const void *data, size_t count));
 # define EVP_MD_CTX_size(e)              EVP_MD_size(EVP_MD_CTX_md(e))
 # define EVP_MD_CTX_block_size(e)        EVP_MD_block_size(EVP_MD_CTX_md(e))
 # define EVP_MD_CTX_type(e)              EVP_MD_type(EVP_MD_CTX_md(e))
+EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx);
+void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx);
+void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx);
 
 int EVP_CIPHER_nid(const EVP_CIPHER *cipher);
 # define EVP_CIPHER_name(e)              OBJ_nid2sn(EVP_CIPHER_nid(e))
 int EVP_CIPHER_block_size(const EVP_CIPHER *cipher);
+int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *cipher);
 int EVP_CIPHER_key_length(const EVP_CIPHER *cipher);
 int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher);
 unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher);
 # define EVP_CIPHER_mode(e)              (EVP_CIPHER_flags(e) & EVP_CIPH_MODE)
 
 const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx);
+int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx);
 int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx);
 int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx);
 int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx);
 int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx);
+const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx);
+const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx);
+unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx);
+unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx);
+int EVP_CIPHER_CTX_num(const EVP_CIPHER_CTX *ctx);
+void EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num);
 int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in);
 void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx);
 void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data);
+void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx);
+void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data);
 # define EVP_CIPHER_CTX_type(c)         EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c))
-unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx);
-# define EVP_CIPHER_CTX_mode(e)          (EVP_CIPHER_CTX_flags(e) & EVP_CIPH_MODE)
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define EVP_CIPHER_CTX_flags(c)       EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(c))
+# endif
+# define EVP_CIPHER_CTX_mode(c)         EVP_CIPHER_mode(EVP_CIPHER_CTX_cipher(c))
 
-# define EVP_ENCODE_LENGTH(l)    (((l+2)/3*4)+(l/48+1)*2+80)
-# define EVP_DECODE_LENGTH(l)    ((l+3)/4*3+80)
+# define EVP_ENCODE_LENGTH(l)    ((((l)+2)/3*4)+((l)/48+1)*2+80)
+# define EVP_DECODE_LENGTH(l)    (((l)+3)/4*3+80)
 
 # define EVP_SignInit_ex(a,b,c)          EVP_DigestInit_ex(a,b,c)
 # define EVP_SignInit(a,b)               EVP_DigestInit(a,b)
@@ -563,16 +506,20 @@ unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx);
 # ifdef CONST_STRICT
 void BIO_set_md(BIO *, const EVP_MD *md);
 # else
-#  define BIO_set_md(b,md)               BIO_ctrl(b,BIO_C_SET_MD,0,(char *)md)
+#  define BIO_set_md(b,md)          BIO_ctrl(b,BIO_C_SET_MD,0,(char *)(md))
 # endif
-# define BIO_get_md(b,mdp)               BIO_ctrl(b,BIO_C_GET_MD,0,(char *)mdp)
-# define BIO_get_md_ctx(b,mdcp)     BIO_ctrl(b,BIO_C_GET_MD_CTX,0,(char *)mdcp)
-# define BIO_set_md_ctx(b,mdcp)     BIO_ctrl(b,BIO_C_SET_MD_CTX,0,(char *)mdcp)
-# define BIO_get_cipher_status(b)        BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
-# define BIO_get_cipher_ctx(b,c_pp)      BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp)
-
-int EVP_Cipher(EVP_CIPHER_CTX *c,
-               unsigned char *out, const unsigned char *in, unsigned int inl);
+# define BIO_get_md(b,mdp)          BIO_ctrl(b,BIO_C_GET_MD,0,(char *)(mdp))
+# define BIO_get_md_ctx(b,mdcp)     BIO_ctrl(b,BIO_C_GET_MD_CTX,0, \
+                                             (char *)(mdcp))
+# define BIO_set_md_ctx(b,mdcp)     BIO_ctrl(b,BIO_C_SET_MD_CTX,0, \
+                                             (char *)(mdcp))
+# define BIO_get_cipher_status(b)   BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
+# define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0, \
+                                             (char *)(c_pp))
+
+/*__owur*/ int EVP_Cipher(EVP_CIPHER_CTX *c,
+                          unsigned char *out,
+                          const unsigned char *in, unsigned int inl);
 
 # define EVP_add_cipher_alias(n,alias) \
         OBJ_NAME_add((alias),OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS,(n))
@@ -583,24 +530,33 @@ int EVP_Cipher(EVP_CIPHER_CTX *c,
 # define EVP_delete_digest_alias(alias) \
         OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS);
 
-void EVP_MD_CTX_init(EVP_MD_CTX *ctx);
-int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
-EVP_MD_CTX *EVP_MD_CTX_create(void);
-void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
-int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in);
+int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2);
+EVP_MD_CTX *EVP_MD_CTX_new(void);
+int EVP_MD_CTX_reset(EVP_MD_CTX *ctx);
+void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
+# define EVP_MD_CTX_create()     EVP_MD_CTX_new()
+# define EVP_MD_CTX_init(ctx)    EVP_MD_CTX_reset((ctx))
+# define EVP_MD_CTX_destroy(ctx) EVP_MD_CTX_free((ctx))
+__owur int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in);
 void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags);
 void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags);
 int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags);
-int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
-int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt);
-int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s);
-int EVP_Digest(const void *data, size_t count,
-               unsigned char *md, unsigned int *size, const EVP_MD *type,
-               ENGINE *impl);
-
-int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in);
-int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
-int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s);
+__owur int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type,
+                                 ENGINE *impl);
+__owur int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d,
+                                size_t cnt);
+__owur int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md,
+                                  unsigned int *s);
+__owur int EVP_Digest(const void *data, size_t count,
+                          unsigned char *md, unsigned int *size,
+                          const EVP_MD *type, ENGINE *impl);
+
+__owur int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in);
+__owur int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+__owur int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md,
+                           unsigned int *s);
+__owur int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md,
+                              size_t len);
 
 int EVP_read_pw_string(char *buf, int length, const char *prompt, int verify);
 int EVP_read_pw_string_min(char *buf, int minlen, int maxlen,
@@ -608,75 +564,100 @@ int EVP_read_pw_string_min(char *buf, int minlen, int maxlen,
 void EVP_set_pw_prompt(const char *prompt);
 char *EVP_get_pw_prompt(void);
 
-int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
-                   const unsigned char *salt, const unsigned char *data,
-                   int datal, int count, unsigned char *key,
-                   unsigned char *iv);
+__owur int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
+                          const unsigned char *salt,
+                          const unsigned char *data, int datal, int count,
+                          unsigned char *key, unsigned char *iv);
 
 void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags);
 void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags);
 int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags);
 
-int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
-                    const unsigned char *key, const unsigned char *iv);
-int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
-                       ENGINE *impl, const unsigned char *key,
-                       const unsigned char *iv);
-int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
-                      const unsigned char *in, int inl);
-int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
-int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
-
-int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
-                    const unsigned char *key, const unsigned char *iv);
-int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
-                       ENGINE *impl, const unsigned char *key,
-                       const unsigned char *iv);
-int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
-                      const unsigned char *in, int inl);
-int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
-int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
-
-int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
-                   const unsigned char *key, const unsigned char *iv,
-                   int enc);
-int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
-                      ENGINE *impl, const unsigned char *key,
-                      const unsigned char *iv, int enc);
-int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
-                     const unsigned char *in, int inl);
-int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
-int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
-
-int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s,
-                  EVP_PKEY *pkey);
-
-int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
-                    unsigned int siglen, EVP_PKEY *pkey);
-
-int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
-                       const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
-int EVP_DigestSignFinal(EVP_MD_CTX *ctx,
-                        unsigned char *sigret, size_t *siglen);
-
-int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
-                         const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
-int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx,
-                          const unsigned char *sig, size_t siglen);
-
-int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
-                 const unsigned char *ek, int ekl, const unsigned char *iv,
-                 EVP_PKEY *priv);
-int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
+__owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+                           const unsigned char *key, const unsigned char *iv);
+/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
+                                  const EVP_CIPHER *cipher, ENGINE *impl,
+                                  const unsigned char *key,
+                                  const unsigned char *iv);
+/*__owur*/ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                 int *outl, const unsigned char *in, int inl);
+/*__owur*/ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                   int *outl);
+/*__owur*/ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                int *outl);
+
+__owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+                           const unsigned char *key, const unsigned char *iv);
+/*__owur*/ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
+                                  const EVP_CIPHER *cipher, ENGINE *impl,
+                                  const unsigned char *key,
+                                  const unsigned char *iv);
+/*__owur*/ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                 int *outl, const unsigned char *in, int inl);
+__owur int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+                            int *outl);
+/*__owur*/ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+                                   int *outl);
+
+__owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+                          const unsigned char *key, const unsigned char *iv,
+                          int enc);
+/*__owur*/ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
+                                 const EVP_CIPHER *cipher, ENGINE *impl,
+                                 const unsigned char *key,
+                                 const unsigned char *iv, int enc);
+__owur int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                            int *outl, const unsigned char *in, int inl);
+__owur int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+                           int *outl);
+__owur int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+                              int *outl);
+
+__owur int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s,
+                         EVP_PKEY *pkey);
+
+__owur int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret,
+                          size_t *siglen, const unsigned char *tbs,
+                          size_t tbslen);
+
+__owur int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
+                           unsigned int siglen, EVP_PKEY *pkey);
+
+__owur int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
+                            size_t siglen, const unsigned char *tbs,
+                            size_t tbslen);
+
+/*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                                  const EVP_MD *type, ENGINE *e,
+                                  EVP_PKEY *pkey);
+__owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
+                               size_t *siglen);
+
+__owur int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                                const EVP_MD *type, ENGINE *e,
+                                EVP_PKEY *pkey);
+__owur int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
+                                 size_t siglen);
 
-int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
-                 unsigned char **ek, int *ekl, unsigned char *iv,
-                 EVP_PKEY **pubk, int npubk);
-int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
+# ifndef OPENSSL_NO_RSA
+__owur int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+                        const unsigned char *ek, int ekl,
+                        const unsigned char *iv, EVP_PKEY *priv);
+__owur int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
+
+__owur int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+                        unsigned char **ek, int *ekl, unsigned char *iv,
+                        EVP_PKEY **pubk, int npubk);
+__owur int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
+# endif
 
+EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void);
+void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx);
+int EVP_ENCODE_CTX_copy(EVP_ENCODE_CTX *dctx, EVP_ENCODE_CTX *sctx);
+int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx);
 void EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
-void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
-                      const unsigned char *in, int inl);
+int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
+                     const unsigned char *in, int inl);
 void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl);
 int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n);
 
@@ -687,23 +668,24 @@ int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned
                     char *out, int *outl);
 int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n);
 
-void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a);
-int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define EVP_CIPHER_CTX_init(c)      EVP_CIPHER_CTX_reset(c)
+#  define EVP_CIPHER_CTX_cleanup(c)   EVP_CIPHER_CTX_reset(c)
+# endif
 EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);
-void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *a);
+int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c);
+void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *c);
 int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);
 int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad);
 int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
 int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key);
 
-# ifndef OPENSSL_NO_BIO
-BIO_METHOD *BIO_f_md(void);
-BIO_METHOD *BIO_f_base64(void);
-BIO_METHOD *BIO_f_cipher(void);
-BIO_METHOD *BIO_f_reliable(void);
-void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k,
-                    const unsigned char *i, int enc);
-# endif
+const BIO_METHOD *BIO_f_md(void);
+const BIO_METHOD *BIO_f_base64(void);
+const BIO_METHOD *BIO_f_cipher(void);
+const BIO_METHOD *BIO_f_reliable(void);
+__owur int BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k,
+                          const unsigned char *i, int enc);
 
 const EVP_MD *EVP_md_null(void);
 # ifndef OPENSSL_NO_MD2
@@ -714,31 +696,37 @@ const EVP_MD *EVP_md4(void);
 # endif
 # ifndef OPENSSL_NO_MD5
 const EVP_MD *EVP_md5(void);
+const EVP_MD *EVP_md5_sha1(void);
 # endif
-# ifndef OPENSSL_NO_SHA
-const EVP_MD *EVP_sha(void);
-const EVP_MD *EVP_sha1(void);
-const EVP_MD *EVP_dss(void);
-const EVP_MD *EVP_dss1(void);
-const EVP_MD *EVP_ecdsa(void);
+# ifndef OPENSSL_NO_BLAKE2
+const EVP_MD *EVP_blake2b512(void);
+const EVP_MD *EVP_blake2s256(void);
 # endif
-# ifndef OPENSSL_NO_SHA256
+const EVP_MD *EVP_sha1(void);
 const EVP_MD *EVP_sha224(void);
 const EVP_MD *EVP_sha256(void);
-# endif
-# ifndef OPENSSL_NO_SHA512
 const EVP_MD *EVP_sha384(void);
 const EVP_MD *EVP_sha512(void);
-# endif
+const EVP_MD *EVP_sha512_224(void);
+const EVP_MD *EVP_sha512_256(void);
+const EVP_MD *EVP_sha3_224(void);
+const EVP_MD *EVP_sha3_256(void);
+const EVP_MD *EVP_sha3_384(void);
+const EVP_MD *EVP_sha3_512(void);
+const EVP_MD *EVP_shake128(void);
+const EVP_MD *EVP_shake256(void);
 # ifndef OPENSSL_NO_MDC2
 const EVP_MD *EVP_mdc2(void);
 # endif
-# ifndef OPENSSL_NO_RIPEMD
+# ifndef OPENSSL_NO_RMD160
 const EVP_MD *EVP_ripemd160(void);
 # endif
 # ifndef OPENSSL_NO_WHIRLPOOL
 const EVP_MD *EVP_whirlpool(void);
 # endif
+# ifndef OPENSSL_NO_SM3
+const EVP_MD *EVP_sm3(void);
+# endif
 const EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */
 # ifndef OPENSSL_NO_DES
 const EVP_CIPHER *EVP_des_ecb(void);
@@ -752,10 +740,6 @@ const EVP_CIPHER *EVP_des_cfb1(void);
 const EVP_CIPHER *EVP_des_cfb8(void);
 const EVP_CIPHER *EVP_des_ede_cfb64(void);
 #  define EVP_des_ede_cfb EVP_des_ede_cfb64
-#  if 0
-const EVP_CIPHER *EVP_des_ede_cfb1(void);
-const EVP_CIPHER *EVP_des_ede_cfb8(void);
-#  endif
 const EVP_CIPHER *EVP_des_ede3_cfb64(void);
 #  define EVP_des_ede3_cfb EVP_des_ede3_cfb64
 const EVP_CIPHER *EVP_des_ede3_cfb1(void);
@@ -773,13 +757,6 @@ const EVP_CIPHER *EVP_des_ede3_wrap(void);
  * are rc4 and md5 declarations made here inside a "NO_DES" precompiler
  * branch?
  */
-#  if 0
-#   ifdef OPENSSL_OPENBSD_DEV_CRYPTO
-const EVP_CIPHER *EVP_dev_crypto_des_ede3_cbc(void);
-const EVP_CIPHER *EVP_dev_crypto_rc4(void);
-const EVP_MD *EVP_dev_crypto_md5(void);
-#   endif
-#  endif
 # endif
 # ifndef OPENSSL_NO_RC4
 const EVP_CIPHER *EVP_rc4(void);
@@ -825,50 +802,88 @@ const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void);
 #  define EVP_rc5_32_12_16_cfb EVP_rc5_32_12_16_cfb64
 const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void);
 # endif
-# ifndef OPENSSL_NO_AES
 const EVP_CIPHER *EVP_aes_128_ecb(void);
 const EVP_CIPHER *EVP_aes_128_cbc(void);
 const EVP_CIPHER *EVP_aes_128_cfb1(void);
 const EVP_CIPHER *EVP_aes_128_cfb8(void);
 const EVP_CIPHER *EVP_aes_128_cfb128(void);
-#  define EVP_aes_128_cfb EVP_aes_128_cfb128
+# define EVP_aes_128_cfb EVP_aes_128_cfb128
 const EVP_CIPHER *EVP_aes_128_ofb(void);
 const EVP_CIPHER *EVP_aes_128_ctr(void);
 const EVP_CIPHER *EVP_aes_128_ccm(void);
 const EVP_CIPHER *EVP_aes_128_gcm(void);
 const EVP_CIPHER *EVP_aes_128_xts(void);
 const EVP_CIPHER *EVP_aes_128_wrap(void);
+const EVP_CIPHER *EVP_aes_128_wrap_pad(void);
+# ifndef OPENSSL_NO_OCB
+const EVP_CIPHER *EVP_aes_128_ocb(void);
+# endif
 const EVP_CIPHER *EVP_aes_192_ecb(void);
 const EVP_CIPHER *EVP_aes_192_cbc(void);
 const EVP_CIPHER *EVP_aes_192_cfb1(void);
 const EVP_CIPHER *EVP_aes_192_cfb8(void);
 const EVP_CIPHER *EVP_aes_192_cfb128(void);
-#  define EVP_aes_192_cfb EVP_aes_192_cfb128
+# define EVP_aes_192_cfb EVP_aes_192_cfb128
 const EVP_CIPHER *EVP_aes_192_ofb(void);
 const EVP_CIPHER *EVP_aes_192_ctr(void);
 const EVP_CIPHER *EVP_aes_192_ccm(void);
 const EVP_CIPHER *EVP_aes_192_gcm(void);
 const EVP_CIPHER *EVP_aes_192_wrap(void);
+const EVP_CIPHER *EVP_aes_192_wrap_pad(void);
+# ifndef OPENSSL_NO_OCB
+const EVP_CIPHER *EVP_aes_192_ocb(void);
+# endif
 const EVP_CIPHER *EVP_aes_256_ecb(void);
 const EVP_CIPHER *EVP_aes_256_cbc(void);
 const EVP_CIPHER *EVP_aes_256_cfb1(void);
 const EVP_CIPHER *EVP_aes_256_cfb8(void);
 const EVP_CIPHER *EVP_aes_256_cfb128(void);
-#  define EVP_aes_256_cfb EVP_aes_256_cfb128
+# define EVP_aes_256_cfb EVP_aes_256_cfb128
 const EVP_CIPHER *EVP_aes_256_ofb(void);
 const EVP_CIPHER *EVP_aes_256_ctr(void);
 const EVP_CIPHER *EVP_aes_256_ccm(void);
 const EVP_CIPHER *EVP_aes_256_gcm(void);
 const EVP_CIPHER *EVP_aes_256_xts(void);
 const EVP_CIPHER *EVP_aes_256_wrap(void);
-#  if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
+const EVP_CIPHER *EVP_aes_256_wrap_pad(void);
+# ifndef OPENSSL_NO_OCB
+const EVP_CIPHER *EVP_aes_256_ocb(void);
+# endif
 const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void);
 const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void);
-#  endif
-#  ifndef OPENSSL_NO_SHA256
 const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha256(void);
 const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void);
-#  endif
+# ifndef OPENSSL_NO_ARIA
+const EVP_CIPHER *EVP_aria_128_ecb(void);
+const EVP_CIPHER *EVP_aria_128_cbc(void);
+const EVP_CIPHER *EVP_aria_128_cfb1(void);
+const EVP_CIPHER *EVP_aria_128_cfb8(void);
+const EVP_CIPHER *EVP_aria_128_cfb128(void);
+#  define EVP_aria_128_cfb EVP_aria_128_cfb128
+const EVP_CIPHER *EVP_aria_128_ctr(void);
+const EVP_CIPHER *EVP_aria_128_ofb(void);
+const EVP_CIPHER *EVP_aria_128_gcm(void);
+const EVP_CIPHER *EVP_aria_128_ccm(void);
+const EVP_CIPHER *EVP_aria_192_ecb(void);
+const EVP_CIPHER *EVP_aria_192_cbc(void);
+const EVP_CIPHER *EVP_aria_192_cfb1(void);
+const EVP_CIPHER *EVP_aria_192_cfb8(void);
+const EVP_CIPHER *EVP_aria_192_cfb128(void);
+#  define EVP_aria_192_cfb EVP_aria_192_cfb128
+const EVP_CIPHER *EVP_aria_192_ctr(void);
+const EVP_CIPHER *EVP_aria_192_ofb(void);
+const EVP_CIPHER *EVP_aria_192_gcm(void);
+const EVP_CIPHER *EVP_aria_192_ccm(void);
+const EVP_CIPHER *EVP_aria_256_ecb(void);
+const EVP_CIPHER *EVP_aria_256_cbc(void);
+const EVP_CIPHER *EVP_aria_256_cfb1(void);
+const EVP_CIPHER *EVP_aria_256_cfb8(void);
+const EVP_CIPHER *EVP_aria_256_cfb128(void);
+#  define EVP_aria_256_cfb EVP_aria_256_cfb128
+const EVP_CIPHER *EVP_aria_256_ctr(void);
+const EVP_CIPHER *EVP_aria_256_ofb(void);
+const EVP_CIPHER *EVP_aria_256_gcm(void);
+const EVP_CIPHER *EVP_aria_256_ccm(void);
 # endif
 # ifndef OPENSSL_NO_CAMELLIA
 const EVP_CIPHER *EVP_camellia_128_ecb(void);
@@ -878,6 +893,7 @@ const EVP_CIPHER *EVP_camellia_128_cfb8(void);
 const EVP_CIPHER *EVP_camellia_128_cfb128(void);
 #  define EVP_camellia_128_cfb EVP_camellia_128_cfb128
 const EVP_CIPHER *EVP_camellia_128_ofb(void);
+const EVP_CIPHER *EVP_camellia_128_ctr(void);
 const EVP_CIPHER *EVP_camellia_192_ecb(void);
 const EVP_CIPHER *EVP_camellia_192_cbc(void);
 const EVP_CIPHER *EVP_camellia_192_cfb1(void);
@@ -885,6 +901,7 @@ const EVP_CIPHER *EVP_camellia_192_cfb8(void);
 const EVP_CIPHER *EVP_camellia_192_cfb128(void);
 #  define EVP_camellia_192_cfb EVP_camellia_192_cfb128
 const EVP_CIPHER *EVP_camellia_192_ofb(void);
+const EVP_CIPHER *EVP_camellia_192_ctr(void);
 const EVP_CIPHER *EVP_camellia_256_ecb(void);
 const EVP_CIPHER *EVP_camellia_256_cbc(void);
 const EVP_CIPHER *EVP_camellia_256_cfb1(void);
@@ -892,6 +909,13 @@ const EVP_CIPHER *EVP_camellia_256_cfb8(void);
 const EVP_CIPHER *EVP_camellia_256_cfb128(void);
 #  define EVP_camellia_256_cfb EVP_camellia_256_cfb128
 const EVP_CIPHER *EVP_camellia_256_ofb(void);
+const EVP_CIPHER *EVP_camellia_256_ctr(void);
+# endif
+# ifndef OPENSSL_NO_CHACHA
+const EVP_CIPHER *EVP_chacha20(void);
+#  ifndef OPENSSL_NO_POLY1305
+const EVP_CIPHER *EVP_chacha20_poly1305(void);
+#  endif
 # endif
 
 # ifndef OPENSSL_NO_SEED
@@ -902,29 +926,48 @@ const EVP_CIPHER *EVP_seed_cfb128(void);
 const EVP_CIPHER *EVP_seed_ofb(void);
 # endif
 
-void OPENSSL_add_all_algorithms_noconf(void);
-void OPENSSL_add_all_algorithms_conf(void);
-
-# ifdef OPENSSL_LOAD_CONF
-#  define OpenSSL_add_all_algorithms() \
-                OPENSSL_add_all_algorithms_conf()
-# else
-#  define OpenSSL_add_all_algorithms() \
-                OPENSSL_add_all_algorithms_noconf()
+# ifndef OPENSSL_NO_SM4
+const EVP_CIPHER *EVP_sm4_ecb(void);
+const EVP_CIPHER *EVP_sm4_cbc(void);
+const EVP_CIPHER *EVP_sm4_cfb128(void);
+#  define EVP_sm4_cfb EVP_sm4_cfb128
+const EVP_CIPHER *EVP_sm4_ofb(void);
+const EVP_CIPHER *EVP_sm4_ctr(void);
 # endif
 
-void OpenSSL_add_all_ciphers(void);
-void OpenSSL_add_all_digests(void);
-# define SSLeay_add_all_algorithms() OpenSSL_add_all_algorithms()
-# define SSLeay_add_all_ciphers() OpenSSL_add_all_ciphers()
-# define SSLeay_add_all_digests() OpenSSL_add_all_digests()
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define OPENSSL_add_all_algorithms_conf() \
+    OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \
+                        | OPENSSL_INIT_ADD_ALL_DIGESTS \
+                        | OPENSSL_INIT_LOAD_CONFIG, NULL)
+#  define OPENSSL_add_all_algorithms_noconf() \
+    OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \
+                        | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL)
+
+#  ifdef OPENSSL_LOAD_CONF
+#   define OpenSSL_add_all_algorithms() \
+    OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \
+                        | OPENSSL_INIT_ADD_ALL_DIGESTS \
+                        | OPENSSL_INIT_LOAD_CONFIG, NULL)
+#  else
+#   define OpenSSL_add_all_algorithms() \
+    OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \
+                        | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL)
+#  endif
+
+#  define OpenSSL_add_all_ciphers() \
+    OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL)
+#  define OpenSSL_add_all_digests() \
+    OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL)
+
+#  define EVP_cleanup() while(0) continue
+# endif
 
 int EVP_add_cipher(const EVP_CIPHER *cipher);
 int EVP_add_digest(const EVP_MD *digest);
 
 const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
 const EVP_MD *EVP_get_digestbyname(const char *name);
-void EVP_cleanup(void);
 
 void EVP_CIPHER_do_all(void (*fn) (const EVP_CIPHER *ciph,
                                    const char *from, const char *to, void *x),
@@ -949,35 +992,52 @@ int EVP_PKEY_encrypt_old(unsigned char *enc_key,
 int EVP_PKEY_type(int type);
 int EVP_PKEY_id(const EVP_PKEY *pkey);
 int EVP_PKEY_base_id(const EVP_PKEY *pkey);
-int EVP_PKEY_bits(EVP_PKEY *pkey);
+int EVP_PKEY_bits(const EVP_PKEY *pkey);
+int EVP_PKEY_security_bits(const EVP_PKEY *pkey);
 int EVP_PKEY_size(EVP_PKEY *pkey);
 int EVP_PKEY_set_type(EVP_PKEY *pkey, int type);
 int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len);
+int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type);
+# ifndef OPENSSL_NO_ENGINE
+int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *e);
+# endif
 int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key);
-void *EVP_PKEY_get0(EVP_PKEY *pkey);
+void *EVP_PKEY_get0(const EVP_PKEY *pkey);
+const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len);
+# ifndef OPENSSL_NO_POLY1305
+const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len);
+# endif
+# ifndef OPENSSL_NO_SIPHASH
+const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len);
+# endif
 
 # ifndef OPENSSL_NO_RSA
 struct rsa_st;
 int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, struct rsa_st *key);
+struct rsa_st *EVP_PKEY_get0_RSA(EVP_PKEY *pkey);
 struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
 # endif
 # ifndef OPENSSL_NO_DSA
 struct dsa_st;
 int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, struct dsa_st *key);
+struct dsa_st *EVP_PKEY_get0_DSA(EVP_PKEY *pkey);
 struct dsa_st *EVP_PKEY_get1_DSA(EVP_PKEY *pkey);
 # endif
 # ifndef OPENSSL_NO_DH
 struct dh_st;
 int EVP_PKEY_set1_DH(EVP_PKEY *pkey, struct dh_st *key);
+struct dh_st *EVP_PKEY_get0_DH(EVP_PKEY *pkey);
 struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
 # endif
 # ifndef OPENSSL_NO_EC
 struct ec_key_st;
 int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, struct ec_key_st *key);
+struct ec_key_st *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey);
 struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
 # endif
 
 EVP_PKEY *EVP_PKEY_new(void);
+int EVP_PKEY_up_ref(EVP_PKEY *pkey);
 void EVP_PKEY_free(EVP_PKEY *pkey);
 
 EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
@@ -1006,6 +1066,10 @@ int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey,
 
 int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid);
 
+int EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY *pkey,
+                                   const unsigned char *pt, size_t ptlen);
+size_t EVP_PKEY_get1_tls_encodedpoint(EVP_PKEY *pkey, unsigned char **ppt);
+
 int EVP_CIPHER_type(const EVP_CIPHER *ctx);
 
 /* calls methods */
@@ -1030,6 +1094,17 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
                           ASN1_TYPE *param, const EVP_CIPHER *cipher,
                           const EVP_MD *md, int en_de);
 
+#ifndef OPENSSL_NO_SCRYPT
+int EVP_PBE_scrypt(const char *pass, size_t passlen,
+                   const unsigned char *salt, size_t saltlen,
+                   uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem,
+                   unsigned char *key, size_t keylen);
+
+int PKCS5_v2_scrypt_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass,
+                             int passlen, ASN1_TYPE *param,
+                             const EVP_CIPHER *c, const EVP_MD *md, int en_de);
+#endif
+
 void PKCS5_PBE_add(void);
 
 int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
@@ -1041,6 +1116,8 @@ int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
 # define EVP_PBE_TYPE_OUTER      0x0
 /* Is an PRF type OID */
 # define EVP_PBE_TYPE_PRF        0x1
+/* Is a PKCS#5 v2.0 KDF */
+# define EVP_PBE_TYPE_KDF        0x2
 
 int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid,
                          int md_nid, EVP_PBE_KEYGEN *keygen);
@@ -1049,6 +1126,7 @@ int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,
 int EVP_PBE_find(int type, int pbe_nid, int *pcnid, int *pmnid,
                  EVP_PBE_KEYGEN **pkeygen);
 void EVP_PBE_cleanup(void);
+int EVP_PBE_get(int *ptype, int *ppbe_nid, size_t num);
 
 # define ASN1_PKEY_ALIAS         0x1
 # define ASN1_PKEY_DYNAMIC       0x2
@@ -1061,6 +1139,9 @@ void EVP_PBE_cleanup(void);
 # define ASN1_PKEY_CTRL_CMS_ENVELOPE     0x7
 # define ASN1_PKEY_CTRL_CMS_RI_TYPE      0x8
 
+# define ASN1_PKEY_CTRL_SET1_TLS_ENCPT   0x9
+# define ASN1_PKEY_CTRL_GET1_TLS_ENCPT   0xa
+
 int EVP_PKEY_asn1_get_count(void);
 const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx);
 const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type);
@@ -1073,7 +1154,7 @@ int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id,
                             const char **ppem_str,
                             const EVP_PKEY_ASN1_METHOD *ameth);
 
-const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(EVP_PKEY *pkey);
+const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(const EVP_PKEY *pkey);
 EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags,
                                         const char *pem_str,
                                         const char *info);
@@ -1094,7 +1175,7 @@ void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth,
                               int (*pkey_bits) (const EVP_PKEY *pk));
 void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth,
                                int (*priv_decode) (EVP_PKEY *pk,
-                                                   PKCS8_PRIV_KEY_INFO
+                                                   const PKCS8_PRIV_KEY_INFO
                                                    *p8inf),
                                int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8,
                                                    const EVP_PKEY *pk),
@@ -1137,6 +1218,42 @@ void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth,
                                               X509_ALGOR *alg2,
                                               ASN1_BIT_STRING *sig));
 
+void EVP_PKEY_asn1_set_siginf(EVP_PKEY_ASN1_METHOD *ameth,
+                              int (*siginf_set) (X509_SIG_INFO *siginf,
+                                                 const X509_ALGOR *alg,
+                                                 const ASN1_STRING *sig));
+
+void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth,
+                             int (*pkey_check) (const EVP_PKEY *pk));
+
+void EVP_PKEY_asn1_set_public_check(EVP_PKEY_ASN1_METHOD *ameth,
+                                    int (*pkey_pub_check) (const EVP_PKEY *pk));
+
+void EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth,
+                                   int (*pkey_param_check) (const EVP_PKEY *pk));
+
+void EVP_PKEY_asn1_set_set_priv_key(EVP_PKEY_ASN1_METHOD *ameth,
+                                    int (*set_priv_key) (EVP_PKEY *pk,
+                                                         const unsigned char
+                                                            *priv,
+                                                         size_t len));
+void EVP_PKEY_asn1_set_set_pub_key(EVP_PKEY_ASN1_METHOD *ameth,
+                                   int (*set_pub_key) (EVP_PKEY *pk,
+                                                       const unsigned char *pub,
+                                                       size_t len));
+void EVP_PKEY_asn1_set_get_priv_key(EVP_PKEY_ASN1_METHOD *ameth,
+                                    int (*get_priv_key) (const EVP_PKEY *pk,
+                                                         unsigned char *priv,
+                                                         size_t *len));
+void EVP_PKEY_asn1_set_get_pub_key(EVP_PKEY_ASN1_METHOD *ameth,
+                                   int (*get_pub_key) (const EVP_PKEY *pk,
+                                                       unsigned char *pub,
+                                                       size_t *len));
+
+void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth,
+                                     int (*pkey_security_bits) (const EVP_PKEY
+                                                                *pk));
+
 # define EVP_PKEY_OP_UNDEFINED           0
 # define EVP_PKEY_OP_PARAMGEN            (1<<1)
 # define EVP_PKEY_OP_KEYGEN              (1<<2)
@@ -1157,18 +1274,22 @@ void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth,
         (EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT)
 
 # define EVP_PKEY_OP_TYPE_NOGEN \
-        (EVP_PKEY_OP_SIG | EVP_PKEY_OP_CRYPT | EVP_PKEY_OP_DERIVE)
+        (EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_DERIVE)
 
 # define EVP_PKEY_OP_TYPE_GEN \
                 (EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN)
 
 # define  EVP_PKEY_CTX_set_signature_md(ctx, md) \
                 EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG,  \
-                                        EVP_PKEY_CTRL_MD, 0, (void *)md)
+                                        EVP_PKEY_CTRL_MD, 0, (void *)(md))
 
 # define  EVP_PKEY_CTX_get_signature_md(ctx, pmd)        \
                 EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG,  \
-                                        EVP_PKEY_CTRL_GET_MD, 0, (void *)pmd)
+                                        EVP_PKEY_CTRL_GET_MD, 0, (void *)(pmd))
+
+# define  EVP_PKEY_CTX_set_mac_key(ctx, key, len)        \
+                EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_KEYGEN,  \
+                                  EVP_PKEY_CTRL_SET_MAC_KEY, len, (void *)(key))
 
 # define EVP_PKEY_CTRL_MD                1
 # define EVP_PKEY_CTRL_PEER_KEY          2
@@ -1193,6 +1314,8 @@ void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth,
 
 # define EVP_PKEY_CTRL_GET_MD            13
 
+# define EVP_PKEY_CTRL_SET_DIGEST_SIZE   14
+
 # define EVP_PKEY_ALG_CTRL               0x1000
 
 # define EVP_PKEY_FLAG_AUTOARGLEN        2
@@ -1208,6 +1331,9 @@ void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags,
 void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src);
 void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth);
 int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth);
+int EVP_PKEY_meth_remove(const EVP_PKEY_METHOD *pmeth);
+size_t EVP_PKEY_meth_get_count(void);
+const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx);
 
 EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e);
 EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e);
@@ -1218,12 +1344,32 @@ int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
                       int cmd, int p1, void *p2);
 int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
                           const char *value);
+int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype,
+                             int cmd, uint64_t value);
+
+int EVP_PKEY_CTX_str2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *str);
+int EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *hex);
+
+int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md);
 
 int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx);
 void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen);
 
 EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e,
                                const unsigned char *key, int keylen);
+EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e,
+                                       const unsigned char *priv,
+                                       size_t len);
+EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e,
+                                      const unsigned char *pub,
+                                      size_t len);
+int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey, unsigned char *priv,
+                                 size_t *len);
+int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, unsigned char *pub,
+                                size_t *len);
+
+EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv,
+                                size_t len, const EVP_CIPHER *cipher);
 
 void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data);
 void *EVP_PKEY_CTX_get_data(EVP_PKEY_CTX *ctx);
@@ -1259,12 +1405,15 @@ int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx);
 int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
 int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
 
-typedef int EVP_PKEY_gen_cb (EVP_PKEY_CTX *ctx);
+typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
 
 int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx);
 int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
 int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx);
 int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
+int EVP_PKEY_check(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx);
 
 void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb);
 EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx);
@@ -1363,34 +1512,47 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
                                              const char *type,
                                              const char *value));
 
-void EVP_PKEY_meth_get_init(EVP_PKEY_METHOD *pmeth,
+void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth,
+                             int (*check) (EVP_PKEY *pkey));
+
+void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth,
+                                    int (*check) (EVP_PKEY *pkey));
+
+void EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth,
+                                   int (*check) (EVP_PKEY *pkey));
+
+void EVP_PKEY_meth_set_digest_custom(EVP_PKEY_METHOD *pmeth,
+                                     int (*digest_custom) (EVP_PKEY_CTX *ctx,
+                                                           EVP_MD_CTX *mctx));
+
+void EVP_PKEY_meth_get_init(const EVP_PKEY_METHOD *pmeth,
                             int (**pinit) (EVP_PKEY_CTX *ctx));
 
-void EVP_PKEY_meth_get_copy(EVP_PKEY_METHOD *pmeth,
+void EVP_PKEY_meth_get_copy(const EVP_PKEY_METHOD *pmeth,
                             int (**pcopy) (EVP_PKEY_CTX *dst,
                                            EVP_PKEY_CTX *src));
 
-void EVP_PKEY_meth_get_cleanup(EVP_PKEY_METHOD *pmeth,
+void EVP_PKEY_meth_get_cleanup(const EVP_PKEY_METHOD *pmeth,
                                void (**pcleanup) (EVP_PKEY_CTX *ctx));
 
-void EVP_PKEY_meth_get_paramgen(EVP_PKEY_METHOD *pmeth,
+void EVP_PKEY_meth_get_paramgen(const EVP_PKEY_METHOD *pmeth,
                                 int (**pparamgen_init) (EVP_PKEY_CTX *ctx),
                                 int (**pparamgen) (EVP_PKEY_CTX *ctx,
                                                    EVP_PKEY *pkey));
 
-void EVP_PKEY_meth_get_keygen(EVP_PKEY_METHOD *pmeth,
+void EVP_PKEY_meth_get_keygen(const EVP_PKEY_METHOD *pmeth,
                               int (**pkeygen_init) (EVP_PKEY_CTX *ctx),
                               int (**pkeygen) (EVP_PKEY_CTX *ctx,
                                                EVP_PKEY *pkey));
 
-void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth,
+void EVP_PKEY_meth_get_sign(const EVP_PKEY_METHOD *pmeth,
                             int (**psign_init) (EVP_PKEY_CTX *ctx),
                             int (**psign) (EVP_PKEY_CTX *ctx,
                                            unsigned char *sig, size_t *siglen,
                                            const unsigned char *tbs,
                                            size_t tbslen));
 
-void EVP_PKEY_meth_get_verify(EVP_PKEY_METHOD *pmeth,
+void EVP_PKEY_meth_get_verify(const EVP_PKEY_METHOD *pmeth,
                               int (**pverify_init) (EVP_PKEY_CTX *ctx),
                               int (**pverify) (EVP_PKEY_CTX *ctx,
                                                const unsigned char *sig,
@@ -1398,7 +1560,7 @@ void EVP_PKEY_meth_get_verify(EVP_PKEY_METHOD *pmeth,
                                                const unsigned char *tbs,
                                                size_t tbslen));
 
-void EVP_PKEY_meth_get_verify_recover(EVP_PKEY_METHOD *pmeth,
+void EVP_PKEY_meth_get_verify_recover(const EVP_PKEY_METHOD *pmeth,
                                       int (**pverify_recover_init) (EVP_PKEY_CTX
                                                                     *ctx),
                                       int (**pverify_recover) (EVP_PKEY_CTX
@@ -1410,7 +1572,7 @@ void EVP_PKEY_meth_get_verify_recover(EVP_PKEY_METHOD *pmeth,
                                                                char *tbs,
                                                                size_t tbslen));
 
-void EVP_PKEY_meth_get_signctx(EVP_PKEY_METHOD *pmeth,
+void EVP_PKEY_meth_get_signctx(const EVP_PKEY_METHOD *pmeth,
                                int (**psignctx_init) (EVP_PKEY_CTX *ctx,
                                                       EVP_MD_CTX *mctx),
                                int (**psignctx) (EVP_PKEY_CTX *ctx,
@@ -1418,7 +1580,7 @@ void EVP_PKEY_meth_get_signctx(EVP_PKEY_METHOD *pmeth,
                                                  size_t *siglen,
                                                  EVP_MD_CTX *mctx));
 
-void EVP_PKEY_meth_get_verifyctx(EVP_PKEY_METHOD *pmeth,
+void EVP_PKEY_meth_get_verifyctx(const EVP_PKEY_METHOD *pmeth,
                                  int (**pverifyctx_init) (EVP_PKEY_CTX *ctx,
                                                           EVP_MD_CTX *mctx),
                                  int (**pverifyctx) (EVP_PKEY_CTX *ctx,
@@ -1426,7 +1588,7 @@ void EVP_PKEY_meth_get_verifyctx(EVP_PKEY_METHOD *pmeth,
                                                      int siglen,
                                                      EVP_MD_CTX *mctx));
 
-void EVP_PKEY_meth_get_encrypt(EVP_PKEY_METHOD *pmeth,
+void EVP_PKEY_meth_get_encrypt(const EVP_PKEY_METHOD *pmeth,
                                int (**pencrypt_init) (EVP_PKEY_CTX *ctx),
                                int (**pencryptfn) (EVP_PKEY_CTX *ctx,
                                                    unsigned char *out,
@@ -1434,7 +1596,7 @@ void EVP_PKEY_meth_get_encrypt(EVP_PKEY_METHOD *pmeth,
                                                    const unsigned char *in,
                                                    size_t inlen));
 
-void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth,
+void EVP_PKEY_meth_get_decrypt(const EVP_PKEY_METHOD *pmeth,
                                int (**pdecrypt_init) (EVP_PKEY_CTX *ctx),
                                int (**pdecrypt) (EVP_PKEY_CTX *ctx,
                                                  unsigned char *out,
@@ -1442,185 +1604,33 @@ void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth,
                                                  const unsigned char *in,
                                                  size_t inlen));
 
-void EVP_PKEY_meth_get_derive(EVP_PKEY_METHOD *pmeth,
+void EVP_PKEY_meth_get_derive(const EVP_PKEY_METHOD *pmeth,
                               int (**pderive_init) (EVP_PKEY_CTX *ctx),
                               int (**pderive) (EVP_PKEY_CTX *ctx,
                                                unsigned char *key,
                                                size_t *keylen));
 
-void EVP_PKEY_meth_get_ctrl(EVP_PKEY_METHOD *pmeth,
+void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth,
                             int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1,
                                            void *p2),
                             int (**pctrl_str) (EVP_PKEY_CTX *ctx,
                                                const char *type,
                                                const char *value));
 
-void EVP_add_alg_module(void);
+void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth,
+                             int (**pcheck) (EVP_PKEY *pkey));
 
-/* BEGIN ERROR CODES */
-/*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
+void EVP_PKEY_meth_get_public_check(const EVP_PKEY_METHOD *pmeth,
+                                    int (**pcheck) (EVP_PKEY *pkey));
+
+void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD *pmeth,
+                                   int (**pcheck) (EVP_PKEY *pkey));
+
+void EVP_PKEY_meth_get_digest_custom(EVP_PKEY_METHOD *pmeth,
+                                     int (**pdigest_custom) (EVP_PKEY_CTX *ctx,
+                                                             EVP_MD_CTX *mctx));
+void EVP_add_alg_module(void);
 
-void ERR_load_EVP_strings(void);
-
-/* Error codes for the EVP functions. */
-
-/* Function codes. */
-# define EVP_F_AESNI_INIT_KEY                             165
-# define EVP_F_AESNI_XTS_CIPHER                           176
-# define EVP_F_AES_INIT_KEY                               133
-# define EVP_F_AES_T4_INIT_KEY                            178
-# define EVP_F_AES_XTS                                    172
-# define EVP_F_AES_XTS_CIPHER                             175
-# define EVP_F_ALG_MODULE_INIT                            177
-# define EVP_F_CAMELLIA_INIT_KEY                          159
-# define EVP_F_CMAC_INIT                                  173
-# define EVP_F_CMLL_T4_INIT_KEY                           179
-# define EVP_F_D2I_PKEY                                   100
-# define EVP_F_DO_SIGVER_INIT                             161
-# define EVP_F_DSAPKEY2PKCS8                              134
-# define EVP_F_DSA_PKEY2PKCS8                             135
-# define EVP_F_ECDSA_PKEY2PKCS8                           129
-# define EVP_F_ECKEY_PKEY2PKCS8                           132
-# define EVP_F_EVP_CIPHERINIT_EX                          123
-# define EVP_F_EVP_CIPHER_CTX_COPY                        163
-# define EVP_F_EVP_CIPHER_CTX_CTRL                        124
-# define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH              122
-# define EVP_F_EVP_DECRYPTFINAL_EX                        101
-# define EVP_F_EVP_DIGESTINIT_EX                          128
-# define EVP_F_EVP_ENCRYPTFINAL_EX                        127
-# define EVP_F_EVP_MD_CTX_COPY_EX                         110
-# define EVP_F_EVP_MD_SIZE                                162
-# define EVP_F_EVP_OPENINIT                               102
-# define EVP_F_EVP_PBE_ALG_ADD                            115
-# define EVP_F_EVP_PBE_ALG_ADD_TYPE                       160
-# define EVP_F_EVP_PBE_CIPHERINIT                         116
-# define EVP_F_EVP_PKCS82PKEY                             111
-# define EVP_F_EVP_PKCS82PKEY_BROKEN                      136
-# define EVP_F_EVP_PKEY2PKCS8_BROKEN                      113
-# define EVP_F_EVP_PKEY_COPY_PARAMETERS                   103
-# define EVP_F_EVP_PKEY_CTX_CTRL                          137
-# define EVP_F_EVP_PKEY_CTX_CTRL_STR                      150
-# define EVP_F_EVP_PKEY_CTX_DUP                           156
-# define EVP_F_EVP_PKEY_DECRYPT                           104
-# define EVP_F_EVP_PKEY_DECRYPT_INIT                      138
-# define EVP_F_EVP_PKEY_DECRYPT_OLD                       151
-# define EVP_F_EVP_PKEY_DERIVE                            153
-# define EVP_F_EVP_PKEY_DERIVE_INIT                       154
-# define EVP_F_EVP_PKEY_DERIVE_SET_PEER                   155
-# define EVP_F_EVP_PKEY_ENCRYPT                           105
-# define EVP_F_EVP_PKEY_ENCRYPT_INIT                      139
-# define EVP_F_EVP_PKEY_ENCRYPT_OLD                       152
-# define EVP_F_EVP_PKEY_GET1_DH                           119
-# define EVP_F_EVP_PKEY_GET1_DSA                          120
-# define EVP_F_EVP_PKEY_GET1_ECDSA                        130
-# define EVP_F_EVP_PKEY_GET1_EC_KEY                       131
-# define EVP_F_EVP_PKEY_GET1_RSA                          121
-# define EVP_F_EVP_PKEY_KEYGEN                            146
-# define EVP_F_EVP_PKEY_KEYGEN_INIT                       147
-# define EVP_F_EVP_PKEY_NEW                               106
-# define EVP_F_EVP_PKEY_PARAMGEN                          148
-# define EVP_F_EVP_PKEY_PARAMGEN_INIT                     149
-# define EVP_F_EVP_PKEY_SIGN                              140
-# define EVP_F_EVP_PKEY_SIGN_INIT                         141
-# define EVP_F_EVP_PKEY_VERIFY                            142
-# define EVP_F_EVP_PKEY_VERIFY_INIT                       143
-# define EVP_F_EVP_PKEY_VERIFY_RECOVER                    144
-# define EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT               145
-# define EVP_F_EVP_RIJNDAEL                               126
-# define EVP_F_EVP_SIGNFINAL                              107
-# define EVP_F_EVP_VERIFYFINAL                            108
-# define EVP_F_FIPS_CIPHERINIT                            166
-# define EVP_F_FIPS_CIPHER_CTX_COPY                       170
-# define EVP_F_FIPS_CIPHER_CTX_CTRL                       167
-# define EVP_F_FIPS_CIPHER_CTX_SET_KEY_LENGTH             171
-# define EVP_F_FIPS_DIGESTINIT                            168
-# define EVP_F_FIPS_MD_CTX_COPY                           169
-# define EVP_F_HMAC_INIT_EX                               174
-# define EVP_F_INT_CTX_NEW                                157
-# define EVP_F_PKCS5_PBE_KEYIVGEN                         117
-# define EVP_F_PKCS5_V2_PBE_KEYIVGEN                      118
-# define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN                   164
-# define EVP_F_PKCS8_SET_BROKEN                           112
-# define EVP_F_PKEY_SET_TYPE                              158
-# define EVP_F_RC2_MAGIC_TO_METH                          109
-# define EVP_F_RC5_CTRL                                   125
-
-/* Reason codes. */
-# define EVP_R_AES_IV_SETUP_FAILED                        162
-# define EVP_R_AES_KEY_SETUP_FAILED                       143
-# define EVP_R_ASN1_LIB                                   140
-# define EVP_R_BAD_BLOCK_LENGTH                           136
-# define EVP_R_BAD_DECRYPT                                100
-# define EVP_R_BAD_KEY_LENGTH                             137
-# define EVP_R_BN_DECODE_ERROR                            112
-# define EVP_R_BN_PUBKEY_ERROR                            113
-# define EVP_R_BUFFER_TOO_SMALL                           155
-# define EVP_R_CAMELLIA_KEY_SETUP_FAILED                  157
-# define EVP_R_CIPHER_PARAMETER_ERROR                     122
-# define EVP_R_COMMAND_NOT_SUPPORTED                      147
-# define EVP_R_CTRL_NOT_IMPLEMENTED                       132
-# define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED             133
-# define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH          138
-# define EVP_R_DECODE_ERROR                               114
-# define EVP_R_DIFFERENT_KEY_TYPES                        101
-# define EVP_R_DIFFERENT_PARAMETERS                       153
-# define EVP_R_DISABLED_FOR_FIPS                          163
-# define EVP_R_ENCODE_ERROR                               115
-# define EVP_R_ERROR_LOADING_SECTION                      165
-# define EVP_R_ERROR_SETTING_FIPS_MODE                    166
-# define EVP_R_EVP_PBE_CIPHERINIT_ERROR                   119
-# define EVP_R_EXPECTING_AN_RSA_KEY                       127
-# define EVP_R_EXPECTING_A_DH_KEY                         128
-# define EVP_R_EXPECTING_A_DSA_KEY                        129
-# define EVP_R_EXPECTING_A_ECDSA_KEY                      141
-# define EVP_R_EXPECTING_A_EC_KEY                         142
-# define EVP_R_FIPS_MODE_NOT_SUPPORTED                    167
-# define EVP_R_INITIALIZATION_ERROR                       134
-# define EVP_R_INPUT_NOT_INITIALIZED                      111
-# define EVP_R_INVALID_DIGEST                             152
-# define EVP_R_INVALID_FIPS_MODE                          168
-# define EVP_R_INVALID_KEY                                171
-# define EVP_R_INVALID_KEY_LENGTH                         130
-# define EVP_R_INVALID_OPERATION                          148
-# define EVP_R_IV_TOO_LARGE                               102
-# define EVP_R_KEYGEN_FAILURE                             120
-# define EVP_R_MESSAGE_DIGEST_IS_NULL                     159
-# define EVP_R_METHOD_NOT_SUPPORTED                       144
-# define EVP_R_MISSING_PARAMETERS                         103
-# define EVP_R_NO_CIPHER_SET                              131
-# define EVP_R_NO_DEFAULT_DIGEST                          158
-# define EVP_R_NO_DIGEST_SET                              139
-# define EVP_R_NO_DSA_PARAMETERS                          116
-# define EVP_R_NO_KEY_SET                                 154
-# define EVP_R_NO_OPERATION_SET                           149
-# define EVP_R_NO_SIGN_FUNCTION_CONFIGURED                104
-# define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED              105
-# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE   150
-# define EVP_R_OPERATON_NOT_INITIALIZED                   151
-# define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE                  117
-# define EVP_R_PRIVATE_KEY_DECODE_ERROR                   145
-# define EVP_R_PRIVATE_KEY_ENCODE_ERROR                   146
-# define EVP_R_PUBLIC_KEY_NOT_RSA                         106
-# define EVP_R_TOO_LARGE                                  164
-# define EVP_R_UNKNOWN_CIPHER                             160
-# define EVP_R_UNKNOWN_DIGEST                             161
-# define EVP_R_UNKNOWN_OPTION                             169
-# define EVP_R_UNKNOWN_PBE_ALGORITHM                      121
-# define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS                135
-# define EVP_R_UNSUPPORTED_ALGORITHM                      156
-# define EVP_R_UNSUPPORTED_CIPHER                         107
-# define EVP_R_UNSUPPORTED_KEYLENGTH                      123
-# define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION        124
-# define EVP_R_UNSUPPORTED_KEY_SIZE                       108
-# define EVP_R_UNSUPPORTED_PRF                            125
-# define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM          118
-# define EVP_R_UNSUPPORTED_SALT_TYPE                      126
-# define EVP_R_WRAP_MODE_NOT_ALLOWED                      170
-# define EVP_R_WRONG_FINAL_BLOCK_LENGTH                   109
-# define EVP_R_WRONG_PUBLIC_KEY_TYPE                      110
 
 # ifdef  __cplusplus
 }
diff --git a/freebsd/crypto/openssl/include/openssl/evperr.h b/freebsd/crypto/openssl/include/openssl/evperr.h
new file mode 100644
index 00000000..3484fa84
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/evperr.h
@@ -0,0 +1,193 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_EVPERR_H
+# define HEADER_EVPERR_H
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_EVP_strings(void);
+
+/*
+ * EVP function codes.
+ */
+# define EVP_F_AESNI_INIT_KEY                             165
+# define EVP_F_AES_GCM_CTRL                               196
+# define EVP_F_AES_INIT_KEY                               133
+# define EVP_F_AES_OCB_CIPHER                             169
+# define EVP_F_AES_T4_INIT_KEY                            178
+# define EVP_F_AES_WRAP_CIPHER                            170
+# define EVP_F_ALG_MODULE_INIT                            177
+# define EVP_F_ARIA_CCM_INIT_KEY                          175
+# define EVP_F_ARIA_GCM_CTRL                              197
+# define EVP_F_ARIA_GCM_INIT_KEY                          176
+# define EVP_F_ARIA_INIT_KEY                              185
+# define EVP_F_B64_NEW                                    198
+# define EVP_F_CAMELLIA_INIT_KEY                          159
+# define EVP_F_CHACHA20_POLY1305_CTRL                     182
+# define EVP_F_CMLL_T4_INIT_KEY                           179
+# define EVP_F_DES_EDE3_WRAP_CIPHER                       171
+# define EVP_F_DO_SIGVER_INIT                             161
+# define EVP_F_ENC_NEW                                    199
+# define EVP_F_EVP_CIPHERINIT_EX                          123
+# define EVP_F_EVP_CIPHER_ASN1_TO_PARAM                   204
+# define EVP_F_EVP_CIPHER_CTX_COPY                        163
+# define EVP_F_EVP_CIPHER_CTX_CTRL                        124
+# define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH              122
+# define EVP_F_EVP_CIPHER_PARAM_TO_ASN1                   205
+# define EVP_F_EVP_DECRYPTFINAL_EX                        101
+# define EVP_F_EVP_DECRYPTUPDATE                          166
+# define EVP_F_EVP_DIGESTFINALXOF                         174
+# define EVP_F_EVP_DIGESTINIT_EX                          128
+# define EVP_F_EVP_ENCRYPTFINAL_EX                        127
+# define EVP_F_EVP_ENCRYPTUPDATE                          167
+# define EVP_F_EVP_MD_CTX_COPY_EX                         110
+# define EVP_F_EVP_MD_SIZE                                162
+# define EVP_F_EVP_OPENINIT                               102
+# define EVP_F_EVP_PBE_ALG_ADD                            115
+# define EVP_F_EVP_PBE_ALG_ADD_TYPE                       160
+# define EVP_F_EVP_PBE_CIPHERINIT                         116
+# define EVP_F_EVP_PBE_SCRYPT                             181
+# define EVP_F_EVP_PKCS82PKEY                             111
+# define EVP_F_EVP_PKEY2PKCS8                             113
+# define EVP_F_EVP_PKEY_ASN1_ADD0                         188
+# define EVP_F_EVP_PKEY_CHECK                             186
+# define EVP_F_EVP_PKEY_COPY_PARAMETERS                   103
+# define EVP_F_EVP_PKEY_CTX_CTRL                          137
+# define EVP_F_EVP_PKEY_CTX_CTRL_STR                      150
+# define EVP_F_EVP_PKEY_CTX_DUP                           156
+# define EVP_F_EVP_PKEY_CTX_MD                            168
+# define EVP_F_EVP_PKEY_DECRYPT                           104
+# define EVP_F_EVP_PKEY_DECRYPT_INIT                      138
+# define EVP_F_EVP_PKEY_DECRYPT_OLD                       151
+# define EVP_F_EVP_PKEY_DERIVE                            153
+# define EVP_F_EVP_PKEY_DERIVE_INIT                       154
+# define EVP_F_EVP_PKEY_DERIVE_SET_PEER                   155
+# define EVP_F_EVP_PKEY_ENCRYPT                           105
+# define EVP_F_EVP_PKEY_ENCRYPT_INIT                      139
+# define EVP_F_EVP_PKEY_ENCRYPT_OLD                       152
+# define EVP_F_EVP_PKEY_GET0_DH                           119
+# define EVP_F_EVP_PKEY_GET0_DSA                          120
+# define EVP_F_EVP_PKEY_GET0_EC_KEY                       131
+# define EVP_F_EVP_PKEY_GET0_HMAC                         183
+# define EVP_F_EVP_PKEY_GET0_POLY1305                     184
+# define EVP_F_EVP_PKEY_GET0_RSA                          121
+# define EVP_F_EVP_PKEY_GET0_SIPHASH                      172
+# define EVP_F_EVP_PKEY_GET_RAW_PRIVATE_KEY               202
+# define EVP_F_EVP_PKEY_GET_RAW_PUBLIC_KEY                203
+# define EVP_F_EVP_PKEY_KEYGEN                            146
+# define EVP_F_EVP_PKEY_KEYGEN_INIT                       147
+# define EVP_F_EVP_PKEY_METH_ADD0                         194
+# define EVP_F_EVP_PKEY_METH_NEW                          195
+# define EVP_F_EVP_PKEY_NEW                               106
+# define EVP_F_EVP_PKEY_NEW_CMAC_KEY                      193
+# define EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY               191
+# define EVP_F_EVP_PKEY_NEW_RAW_PUBLIC_KEY                192
+# define EVP_F_EVP_PKEY_PARAMGEN                          148
+# define EVP_F_EVP_PKEY_PARAMGEN_INIT                     149
+# define EVP_F_EVP_PKEY_PARAM_CHECK                       189
+# define EVP_F_EVP_PKEY_PUBLIC_CHECK                      190
+# define EVP_F_EVP_PKEY_SET1_ENGINE                       187
+# define EVP_F_EVP_PKEY_SET_ALIAS_TYPE                    206
+# define EVP_F_EVP_PKEY_SIGN                              140
+# define EVP_F_EVP_PKEY_SIGN_INIT                         141
+# define EVP_F_EVP_PKEY_VERIFY                            142
+# define EVP_F_EVP_PKEY_VERIFY_INIT                       143
+# define EVP_F_EVP_PKEY_VERIFY_RECOVER                    144
+# define EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT               145
+# define EVP_F_EVP_SIGNFINAL                              107
+# define EVP_F_EVP_VERIFYFINAL                            108
+# define EVP_F_INT_CTX_NEW                                157
+# define EVP_F_OK_NEW                                     200
+# define EVP_F_PKCS5_PBE_KEYIVGEN                         117
+# define EVP_F_PKCS5_V2_PBE_KEYIVGEN                      118
+# define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN                   164
+# define EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN                   180
+# define EVP_F_PKEY_SET_TYPE                              158
+# define EVP_F_RC2_MAGIC_TO_METH                          109
+# define EVP_F_RC5_CTRL                                   125
+# define EVP_F_S390X_AES_GCM_CTRL                         201
+# define EVP_F_UPDATE                                     173
+
+/*
+ * EVP reason codes.
+ */
+# define EVP_R_AES_KEY_SETUP_FAILED                       143
+# define EVP_R_ARIA_KEY_SETUP_FAILED                      176
+# define EVP_R_BAD_DECRYPT                                100
+# define EVP_R_BUFFER_TOO_SMALL                           155
+# define EVP_R_CAMELLIA_KEY_SETUP_FAILED                  157
+# define EVP_R_CIPHER_PARAMETER_ERROR                     122
+# define EVP_R_COMMAND_NOT_SUPPORTED                      147
+# define EVP_R_COPY_ERROR                                 173
+# define EVP_R_CTRL_NOT_IMPLEMENTED                       132
+# define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED             133
+# define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH          138
+# define EVP_R_DECODE_ERROR                               114
+# define EVP_R_DIFFERENT_KEY_TYPES                        101
+# define EVP_R_DIFFERENT_PARAMETERS                       153
+# define EVP_R_ERROR_LOADING_SECTION                      165
+# define EVP_R_ERROR_SETTING_FIPS_MODE                    166
+# define EVP_R_EXPECTING_AN_HMAC_KEY                      174
+# define EVP_R_EXPECTING_AN_RSA_KEY                       127
+# define EVP_R_EXPECTING_A_DH_KEY                         128
+# define EVP_R_EXPECTING_A_DSA_KEY                        129
+# define EVP_R_EXPECTING_A_EC_KEY                         142
+# define EVP_R_EXPECTING_A_POLY1305_KEY                   164
+# define EVP_R_EXPECTING_A_SIPHASH_KEY                    175
+# define EVP_R_FIPS_MODE_NOT_SUPPORTED                    167
+# define EVP_R_GET_RAW_KEY_FAILED                         182
+# define EVP_R_ILLEGAL_SCRYPT_PARAMETERS                  171
+# define EVP_R_INITIALIZATION_ERROR                       134
+# define EVP_R_INPUT_NOT_INITIALIZED                      111
+# define EVP_R_INVALID_DIGEST                             152
+# define EVP_R_INVALID_FIPS_MODE                          168
+# define EVP_R_INVALID_KEY                                163
+# define EVP_R_INVALID_KEY_LENGTH                         130
+# define EVP_R_INVALID_OPERATION                          148
+# define EVP_R_KEYGEN_FAILURE                             120
+# define EVP_R_KEY_SETUP_FAILED                           180
+# define EVP_R_MEMORY_LIMIT_EXCEEDED                      172
+# define EVP_R_MESSAGE_DIGEST_IS_NULL                     159
+# define EVP_R_METHOD_NOT_SUPPORTED                       144
+# define EVP_R_MISSING_PARAMETERS                         103
+# define EVP_R_NOT_XOF_OR_INVALID_LENGTH                  178
+# define EVP_R_NO_CIPHER_SET                              131
+# define EVP_R_NO_DEFAULT_DIGEST                          158
+# define EVP_R_NO_DIGEST_SET                              139
+# define EVP_R_NO_KEY_SET                                 154
+# define EVP_R_NO_OPERATION_SET                           149
+# define EVP_R_ONLY_ONESHOT_SUPPORTED                     177
+# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE   150
+# define EVP_R_OPERATON_NOT_INITIALIZED                   151
+# define EVP_R_PARTIALLY_OVERLAPPING                      162
+# define EVP_R_PBKDF2_ERROR                               181
+# define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 179
+# define EVP_R_PRIVATE_KEY_DECODE_ERROR                   145
+# define EVP_R_PRIVATE_KEY_ENCODE_ERROR                   146
+# define EVP_R_PUBLIC_KEY_NOT_RSA                         106
+# define EVP_R_UNKNOWN_CIPHER                             160
+# define EVP_R_UNKNOWN_DIGEST                             161
+# define EVP_R_UNKNOWN_OPTION                             169
+# define EVP_R_UNKNOWN_PBE_ALGORITHM                      121
+# define EVP_R_UNSUPPORTED_ALGORITHM                      156
+# define EVP_R_UNSUPPORTED_CIPHER                         107
+# define EVP_R_UNSUPPORTED_KEYLENGTH                      123
+# define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION        124
+# define EVP_R_UNSUPPORTED_KEY_SIZE                       108
+# define EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS               135
+# define EVP_R_UNSUPPORTED_PRF                            125
+# define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM          118
+# define EVP_R_UNSUPPORTED_SALT_TYPE                      126
+# define EVP_R_WRAP_MODE_NOT_ALLOWED                      170
+# define EVP_R_WRONG_FINAL_BLOCK_LENGTH                   109
+
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/hmac.h b/freebsd/crypto/openssl/include/openssl/hmac.h
new file mode 100644
index 00000000..458efc1d
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/hmac.h
@@ -0,0 +1,51 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_HMAC_H
+# define HEADER_HMAC_H
+
+# include <openssl/opensslconf.h>
+
+# include <openssl/evp.h>
+
+# if OPENSSL_API_COMPAT < 0x10200000L
+#  define HMAC_MAX_MD_CBLOCK      128    /* Deprecated */
+# endif
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+size_t HMAC_size(const HMAC_CTX *e);
+HMAC_CTX *HMAC_CTX_new(void);
+int HMAC_CTX_reset(HMAC_CTX *ctx);
+void HMAC_CTX_free(HMAC_CTX *ctx);
+
+DEPRECATEDIN_1_1_0(__owur int HMAC_Init(HMAC_CTX *ctx, const void *key, int len,
+                     const EVP_MD *md))
+
+/*__owur*/ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
+                            const EVP_MD *md, ENGINE *impl);
+/*__owur*/ int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data,
+                           size_t len);
+/*__owur*/ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md,
+                          unsigned int *len);
+unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
+                    const unsigned char *d, size_t n, unsigned char *md,
+                    unsigned int *md_len);
+__owur int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx);
+
+void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags);
+const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx);
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/idea.h b/freebsd/crypto/openssl/include/openssl/idea.h
new file mode 100644
index 00000000..4334f3ea
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/idea.h
@@ -0,0 +1,64 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_IDEA_H
+# define HEADER_IDEA_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_IDEA
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+typedef unsigned int IDEA_INT;
+
+# define IDEA_ENCRYPT    1
+# define IDEA_DECRYPT    0
+
+# define IDEA_BLOCK      8
+# define IDEA_KEY_LENGTH 16
+
+typedef struct idea_key_st {
+    IDEA_INT data[9][6];
+} IDEA_KEY_SCHEDULE;
+
+const char *IDEA_options(void);
+void IDEA_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                      IDEA_KEY_SCHEDULE *ks);
+void IDEA_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks);
+void IDEA_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk);
+void IDEA_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                      long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,
+                      int enc);
+void IDEA_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                        long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,
+                        int *num, int enc);
+void IDEA_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                        long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,
+                        int *num);
+void IDEA_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks);
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define idea_options          IDEA_options
+#  define idea_ecb_encrypt      IDEA_ecb_encrypt
+#  define idea_set_encrypt_key  IDEA_set_encrypt_key
+#  define idea_set_decrypt_key  IDEA_set_decrypt_key
+#  define idea_cbc_encrypt      IDEA_cbc_encrypt
+#  define idea_cfb64_encrypt    IDEA_cfb64_encrypt
+#  define idea_ofb64_encrypt    IDEA_ofb64_encrypt
+#  define idea_encrypt          IDEA_encrypt
+# endif
+
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/kdf.h b/freebsd/crypto/openssl/include/openssl/kdf.h
new file mode 100644
index 00000000..5abd4c37
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/kdf.h
@@ -0,0 +1,97 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_KDF_H
+# define HEADER_KDF_H
+
+# include <openssl/kdferr.h>
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# define EVP_PKEY_CTRL_TLS_MD                   (EVP_PKEY_ALG_CTRL)
+# define EVP_PKEY_CTRL_TLS_SECRET               (EVP_PKEY_ALG_CTRL + 1)
+# define EVP_PKEY_CTRL_TLS_SEED                 (EVP_PKEY_ALG_CTRL + 2)
+# define EVP_PKEY_CTRL_HKDF_MD                  (EVP_PKEY_ALG_CTRL + 3)
+# define EVP_PKEY_CTRL_HKDF_SALT                (EVP_PKEY_ALG_CTRL + 4)
+# define EVP_PKEY_CTRL_HKDF_KEY                 (EVP_PKEY_ALG_CTRL + 5)
+# define EVP_PKEY_CTRL_HKDF_INFO                (EVP_PKEY_ALG_CTRL + 6)
+# define EVP_PKEY_CTRL_HKDF_MODE                (EVP_PKEY_ALG_CTRL + 7)
+# define EVP_PKEY_CTRL_PASS                     (EVP_PKEY_ALG_CTRL + 8)
+# define EVP_PKEY_CTRL_SCRYPT_SALT              (EVP_PKEY_ALG_CTRL + 9)
+# define EVP_PKEY_CTRL_SCRYPT_N                 (EVP_PKEY_ALG_CTRL + 10)
+# define EVP_PKEY_CTRL_SCRYPT_R                 (EVP_PKEY_ALG_CTRL + 11)
+# define EVP_PKEY_CTRL_SCRYPT_P                 (EVP_PKEY_ALG_CTRL + 12)
+# define EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES      (EVP_PKEY_ALG_CTRL + 13)
+
+# define EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND 0
+# define EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY       1
+# define EVP_PKEY_HKDEF_MODE_EXPAND_ONLY        2
+
+# define EVP_PKEY_CTX_set_tls1_prf_md(pctx, md) \
+            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                              EVP_PKEY_CTRL_TLS_MD, 0, (void *)(md))
+
+# define EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, sec, seclen) \
+            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                              EVP_PKEY_CTRL_TLS_SECRET, seclen, (void *)(sec))
+
+# define EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed, seedlen) \
+            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                              EVP_PKEY_CTRL_TLS_SEED, seedlen, (void *)(seed))
+
+# define EVP_PKEY_CTX_set_hkdf_md(pctx, md) \
+            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                              EVP_PKEY_CTRL_HKDF_MD, 0, (void *)(md))
+
+# define EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, saltlen) \
+            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                              EVP_PKEY_CTRL_HKDF_SALT, saltlen, (void *)(salt))
+
+# define EVP_PKEY_CTX_set1_hkdf_key(pctx, key, keylen) \
+            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                              EVP_PKEY_CTRL_HKDF_KEY, keylen, (void *)(key))
+
+# define EVP_PKEY_CTX_add1_hkdf_info(pctx, info, infolen) \
+            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                              EVP_PKEY_CTRL_HKDF_INFO, infolen, (void *)(info))
+
+# define EVP_PKEY_CTX_hkdf_mode(pctx, mode) \
+            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                              EVP_PKEY_CTRL_HKDF_MODE, mode, NULL)
+
+# define EVP_PKEY_CTX_set1_pbe_pass(pctx, pass, passlen) \
+            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                            EVP_PKEY_CTRL_PASS, passlen, (void *)(pass))
+
+# define EVP_PKEY_CTX_set1_scrypt_salt(pctx, salt, saltlen) \
+            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                            EVP_PKEY_CTRL_SCRYPT_SALT, saltlen, (void *)(salt))
+
+# define EVP_PKEY_CTX_set_scrypt_N(pctx, n) \
+            EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                            EVP_PKEY_CTRL_SCRYPT_N, n)
+
+# define EVP_PKEY_CTX_set_scrypt_r(pctx, r) \
+            EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                            EVP_PKEY_CTRL_SCRYPT_R, r)
+
+# define EVP_PKEY_CTX_set_scrypt_p(pctx, p) \
+            EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                            EVP_PKEY_CTRL_SCRYPT_P, p)
+
+# define EVP_PKEY_CTX_set_scrypt_maxmem_bytes(pctx, maxmem_bytes) \
+            EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                            EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES, maxmem_bytes)
+
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/kdferr.h b/freebsd/crypto/openssl/include/openssl/kdferr.h
new file mode 100644
index 00000000..6437c271
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/kdferr.h
@@ -0,0 +1,51 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_KDFERR_H
+# define HEADER_KDFERR_H
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_KDF_strings(void);
+
+/*
+ * KDF function codes.
+ */
+# define KDF_F_PKEY_HKDF_CTRL_STR                         103
+# define KDF_F_PKEY_HKDF_DERIVE                           102
+# define KDF_F_PKEY_HKDF_INIT                             108
+# define KDF_F_PKEY_SCRYPT_CTRL_STR                       104
+# define KDF_F_PKEY_SCRYPT_CTRL_UINT64                    105
+# define KDF_F_PKEY_SCRYPT_DERIVE                         109
+# define KDF_F_PKEY_SCRYPT_INIT                           106
+# define KDF_F_PKEY_SCRYPT_SET_MEMBUF                     107
+# define KDF_F_PKEY_TLS1_PRF_CTRL_STR                     100
+# define KDF_F_PKEY_TLS1_PRF_DERIVE                       101
+# define KDF_F_PKEY_TLS1_PRF_INIT                         110
+# define KDF_F_TLS1_PRF_ALG                               111
+
+/*
+ * KDF reason codes.
+ */
+# define KDF_R_INVALID_DIGEST                             100
+# define KDF_R_MISSING_ITERATION_COUNT                    109
+# define KDF_R_MISSING_KEY                                104
+# define KDF_R_MISSING_MESSAGE_DIGEST                     105
+# define KDF_R_MISSING_PARAMETER                          101
+# define KDF_R_MISSING_PASS                               110
+# define KDF_R_MISSING_SALT                               111
+# define KDF_R_MISSING_SECRET                             107
+# define KDF_R_MISSING_SEED                               106
+# define KDF_R_UNKNOWN_PARAMETER_TYPE                     103
+# define KDF_R_VALUE_ERROR                                108
+# define KDF_R_VALUE_MISSING                              102
+
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/lhash.h b/freebsd/crypto/openssl/include/openssl/lhash.h
new file mode 100644
index 00000000..88d7d977
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/lhash.h
@@ -0,0 +1,217 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Header for dynamic hash table routines Author - Eric Young
+ */
+
+#ifndef HEADER_LHASH_H
+# define HEADER_LHASH_H
+
+# include <openssl/e_os2.h>
+# include <openssl/bio.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+typedef struct lhash_node_st OPENSSL_LH_NODE;
+typedef int (*OPENSSL_LH_COMPFUNC) (const void *, const void *);
+typedef unsigned long (*OPENSSL_LH_HASHFUNC) (const void *);
+typedef void (*OPENSSL_LH_DOALL_FUNC) (void *);
+typedef void (*OPENSSL_LH_DOALL_FUNCARG) (void *, void *);
+typedef struct lhash_st OPENSSL_LHASH;
+
+/*
+ * Macros for declaring and implementing type-safe wrappers for LHASH
+ * callbacks. This way, callbacks can be provided to LHASH structures without
+ * function pointer casting and the macro-defined callbacks provide
+ * per-variable casting before deferring to the underlying type-specific
+ * callbacks. NB: It is possible to place a "static" in front of both the
+ * DECLARE and IMPLEMENT macros if the functions are strictly internal.
+ */
+
+/* First: "hash" functions */
+# define DECLARE_LHASH_HASH_FN(name, o_type) \
+        unsigned long name##_LHASH_HASH(const void *);
+# define IMPLEMENT_LHASH_HASH_FN(name, o_type) \
+        unsigned long name##_LHASH_HASH(const void *arg) { \
+                const o_type *a = arg; \
+                return name##_hash(a); }
+# define LHASH_HASH_FN(name) name##_LHASH_HASH
+
+/* Second: "compare" functions */
+# define DECLARE_LHASH_COMP_FN(name, o_type) \
+        int name##_LHASH_COMP(const void *, const void *);
+# define IMPLEMENT_LHASH_COMP_FN(name, o_type) \
+        int name##_LHASH_COMP(const void *arg1, const void *arg2) { \
+                const o_type *a = arg1;             \
+                const o_type *b = arg2; \
+                return name##_cmp(a,b); }
+# define LHASH_COMP_FN(name) name##_LHASH_COMP
+
+/* Fourth: "doall_arg" functions */
+# define DECLARE_LHASH_DOALL_ARG_FN(name, o_type, a_type) \
+        void name##_LHASH_DOALL_ARG(void *, void *);
+# define IMPLEMENT_LHASH_DOALL_ARG_FN(name, o_type, a_type) \
+        void name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \
+                o_type *a = arg1; \
+                a_type *b = arg2; \
+                name##_doall_arg(a, b); }
+# define LHASH_DOALL_ARG_FN(name) name##_LHASH_DOALL_ARG
+
+
+# define LH_LOAD_MULT    256
+
+int OPENSSL_LH_error(OPENSSL_LHASH *lh);
+OPENSSL_LHASH *OPENSSL_LH_new(OPENSSL_LH_HASHFUNC h, OPENSSL_LH_COMPFUNC c);
+void OPENSSL_LH_free(OPENSSL_LHASH *lh);
+void *OPENSSL_LH_insert(OPENSSL_LHASH *lh, void *data);
+void *OPENSSL_LH_delete(OPENSSL_LHASH *lh, const void *data);
+void *OPENSSL_LH_retrieve(OPENSSL_LHASH *lh, const void *data);
+void OPENSSL_LH_doall(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNC func);
+void OPENSSL_LH_doall_arg(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNCARG func, void *arg);
+unsigned long OPENSSL_LH_strhash(const char *c);
+unsigned long OPENSSL_LH_num_items(const OPENSSL_LHASH *lh);
+unsigned long OPENSSL_LH_get_down_load(const OPENSSL_LHASH *lh);
+void OPENSSL_LH_set_down_load(OPENSSL_LHASH *lh, unsigned long down_load);
+
+# ifndef OPENSSL_NO_STDIO
+void OPENSSL_LH_stats(const OPENSSL_LHASH *lh, FILE *fp);
+void OPENSSL_LH_node_stats(const OPENSSL_LHASH *lh, FILE *fp);
+void OPENSSL_LH_node_usage_stats(const OPENSSL_LHASH *lh, FILE *fp);
+# endif
+void OPENSSL_LH_stats_bio(const OPENSSL_LHASH *lh, BIO *out);
+void OPENSSL_LH_node_stats_bio(const OPENSSL_LHASH *lh, BIO *out);
+void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out);
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define _LHASH OPENSSL_LHASH
+#  define LHASH_NODE OPENSSL_LH_NODE
+#  define lh_error OPENSSL_LH_error
+#  define lh_new OPENSSL_LH_new
+#  define lh_free OPENSSL_LH_free
+#  define lh_insert OPENSSL_LH_insert
+#  define lh_delete OPENSSL_LH_delete
+#  define lh_retrieve OPENSSL_LH_retrieve
+#  define lh_doall OPENSSL_LH_doall
+#  define lh_doall_arg OPENSSL_LH_doall_arg
+#  define lh_strhash OPENSSL_LH_strhash
+#  define lh_num_items OPENSSL_LH_num_items
+#  ifndef OPENSSL_NO_STDIO
+#   define lh_stats OPENSSL_LH_stats
+#   define lh_node_stats OPENSSL_LH_node_stats
+#   define lh_node_usage_stats OPENSSL_LH_node_usage_stats
+#  endif
+#  define lh_stats_bio OPENSSL_LH_stats_bio
+#  define lh_node_stats_bio OPENSSL_LH_node_stats_bio
+#  define lh_node_usage_stats_bio OPENSSL_LH_node_usage_stats_bio
+# endif
+
+/* Type checking... */
+
+# define LHASH_OF(type) struct lhash_st_##type
+
+# define DEFINE_LHASH_OF(type) \
+    LHASH_OF(type) { union lh_##type##_dummy { void* d1; unsigned long d2; int d3; } dummy; }; \
+    static ossl_inline LHASH_OF(type) * \
+        lh_##type##_new(unsigned long (*hfn)(const type *), \
+                        int (*cfn)(const type *, const type *)) \
+    { \
+        return (LHASH_OF(type) *) \
+            OPENSSL_LH_new((OPENSSL_LH_HASHFUNC)hfn, (OPENSSL_LH_COMPFUNC)cfn); \
+    } \
+    static ossl_inline void lh_##type##_free(LHASH_OF(type) *lh) \
+    { \
+        OPENSSL_LH_free((OPENSSL_LHASH *)lh); \
+    } \
+    static ossl_inline type *lh_##type##_insert(LHASH_OF(type) *lh, type *d) \
+    { \
+        return (type *)OPENSSL_LH_insert((OPENSSL_LHASH *)lh, d); \
+    } \
+    static ossl_inline type *lh_##type##_delete(LHASH_OF(type) *lh, const type *d) \
+    { \
+        return (type *)OPENSSL_LH_delete((OPENSSL_LHASH *)lh, d); \
+    } \
+    static ossl_inline type *lh_##type##_retrieve(LHASH_OF(type) *lh, const type *d) \
+    { \
+        return (type *)OPENSSL_LH_retrieve((OPENSSL_LHASH *)lh, d); \
+    } \
+    static ossl_inline int lh_##type##_error(LHASH_OF(type) *lh) \
+    { \
+        return OPENSSL_LH_error((OPENSSL_LHASH *)lh); \
+    } \
+    static ossl_inline unsigned long lh_##type##_num_items(LHASH_OF(type) *lh) \
+    { \
+        return OPENSSL_LH_num_items((OPENSSL_LHASH *)lh); \
+    } \
+    static ossl_inline void lh_##type##_node_stats_bio(const LHASH_OF(type) *lh, BIO *out) \
+    { \
+        OPENSSL_LH_node_stats_bio((const OPENSSL_LHASH *)lh, out); \
+    } \
+    static ossl_inline void lh_##type##_node_usage_stats_bio(const LHASH_OF(type) *lh, BIO *out) \
+    { \
+        OPENSSL_LH_node_usage_stats_bio((const OPENSSL_LHASH *)lh, out); \
+    } \
+    static ossl_inline void lh_##type##_stats_bio(const LHASH_OF(type) *lh, BIO *out) \
+    { \
+        OPENSSL_LH_stats_bio((const OPENSSL_LHASH *)lh, out); \
+    } \
+    static ossl_inline unsigned long lh_##type##_get_down_load(LHASH_OF(type) *lh) \
+    { \
+        return OPENSSL_LH_get_down_load((OPENSSL_LHASH *)lh); \
+    } \
+    static ossl_inline void lh_##type##_set_down_load(LHASH_OF(type) *lh, unsigned long dl) \
+    { \
+        OPENSSL_LH_set_down_load((OPENSSL_LHASH *)lh, dl); \
+    } \
+    static ossl_inline void lh_##type##_doall(LHASH_OF(type) *lh, \
+                                         void (*doall)(type *)) \
+    { \
+        OPENSSL_LH_doall((OPENSSL_LHASH *)lh, (OPENSSL_LH_DOALL_FUNC)doall); \
+    } \
+    LHASH_OF(type)
+
+#define IMPLEMENT_LHASH_DOALL_ARG_CONST(type, argtype) \
+    int_implement_lhash_doall(type, argtype, const type)
+
+#define IMPLEMENT_LHASH_DOALL_ARG(type, argtype) \
+    int_implement_lhash_doall(type, argtype, type)
+
+#define int_implement_lhash_doall(type, argtype, cbargtype) \
+    static ossl_inline void \
+        lh_##type##_doall_##argtype(LHASH_OF(type) *lh, \
+                                   void (*fn)(cbargtype *, argtype *), \
+                                   argtype *arg) \
+    { \
+        OPENSSL_LH_doall_arg((OPENSSL_LHASH *)lh, (OPENSSL_LH_DOALL_FUNCARG)fn, (void *)arg); \
+    } \
+    LHASH_OF(type)
+
+DEFINE_LHASH_OF(OPENSSL_STRING);
+# ifdef _MSC_VER
+/*
+ * push and pop this warning:
+ *   warning C4090: 'function': different 'const' qualifiers
+ */
+#  pragma warning (push)
+#  pragma warning (disable: 4090)
+# endif
+
+DEFINE_LHASH_OF(OPENSSL_CSTRING);
+
+# ifdef _MSC_VER
+#  pragma warning (pop)
+# endif
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/md2.h b/freebsd/crypto/openssl/include/openssl/md2.h
new file mode 100644
index 00000000..7faf8e3d
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/md2.h
@@ -0,0 +1,44 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_MD2_H
+# define HEADER_MD2_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_MD2
+# include <stddef.h>
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+typedef unsigned char MD2_INT;
+
+# define MD2_DIGEST_LENGTH       16
+# define MD2_BLOCK               16
+
+typedef struct MD2state_st {
+    unsigned int num;
+    unsigned char data[MD2_BLOCK];
+    MD2_INT cksm[MD2_BLOCK];
+    MD2_INT state[MD2_BLOCK];
+} MD2_CTX;
+
+const char *MD2_options(void);
+int MD2_Init(MD2_CTX *c);
+int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len);
+int MD2_Final(unsigned char *md, MD2_CTX *c);
+unsigned char *MD2(const unsigned char *d, size_t n, unsigned char *md);
+
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/md4.h b/freebsd/crypto/openssl/include/openssl/md4.h
new file mode 100644
index 00000000..940e29db
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/md4.h
@@ -0,0 +1,51 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_MD4_H
+# define HEADER_MD4_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_MD4
+# include <openssl/e_os2.h>
+# include <stddef.h>
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+/*-
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * ! MD4_LONG has to be at least 32 bits wide.                     !
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ */
+# define MD4_LONG unsigned int
+
+# define MD4_CBLOCK      64
+# define MD4_LBLOCK      (MD4_CBLOCK/4)
+# define MD4_DIGEST_LENGTH 16
+
+typedef struct MD4state_st {
+    MD4_LONG A, B, C, D;
+    MD4_LONG Nl, Nh;
+    MD4_LONG data[MD4_LBLOCK];
+    unsigned int num;
+} MD4_CTX;
+
+int MD4_Init(MD4_CTX *c);
+int MD4_Update(MD4_CTX *c, const void *data, size_t len);
+int MD4_Final(unsigned char *md, MD4_CTX *c);
+unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md);
+void MD4_Transform(MD4_CTX *c, const unsigned char *b);
+
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/md5.h b/freebsd/crypto/openssl/include/openssl/md5.h
new file mode 100644
index 00000000..2deb7721
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/md5.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_MD5_H
+# define HEADER_MD5_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_MD5
+# include <openssl/e_os2.h>
+# include <stddef.h>
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+/*
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * ! MD5_LONG has to be at least 32 bits wide.                     !
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ */
+# define MD5_LONG unsigned int
+
+# define MD5_CBLOCK      64
+# define MD5_LBLOCK      (MD5_CBLOCK/4)
+# define MD5_DIGEST_LENGTH 16
+
+typedef struct MD5state_st {
+    MD5_LONG A, B, C, D;
+    MD5_LONG Nl, Nh;
+    MD5_LONG data[MD5_LBLOCK];
+    unsigned int num;
+} MD5_CTX;
+
+int MD5_Init(MD5_CTX *c);
+int MD5_Update(MD5_CTX *c, const void *data, size_t len);
+int MD5_Final(unsigned char *md, MD5_CTX *c);
+unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md);
+void MD5_Transform(MD5_CTX *c, const unsigned char *b);
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/mdc2.h b/freebsd/crypto/openssl/include/openssl/mdc2.h
new file mode 100644
index 00000000..aabd2bfa
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/mdc2.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_MDC2_H
+# define HEADER_MDC2_H
+
+# include <openssl/opensslconf.h>
+
+#ifndef OPENSSL_NO_MDC2
+# include <stdlib.h>
+# include <openssl/des.h>
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+# define MDC2_BLOCK              8
+# define MDC2_DIGEST_LENGTH      16
+
+typedef struct mdc2_ctx_st {
+    unsigned int num;
+    unsigned char data[MDC2_BLOCK];
+    DES_cblock h, hh;
+    int pad_type;               /* either 1 or 2, default 1 */
+} MDC2_CTX;
+
+int MDC2_Init(MDC2_CTX *c);
+int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len);
+int MDC2_Final(unsigned char *md, MDC2_CTX *c);
+unsigned char *MDC2(const unsigned char *d, size_t n, unsigned char *md);
+
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/freebsd/crypto/openssl/crypto/modes/modes.h b/freebsd/crypto/openssl/include/openssl/modes.h
index fd488499..d544f98d 100644
--- a/freebsd/crypto/openssl/crypto/modes/modes.h
+++ b/freebsd/crypto/openssl/include/openssl/modes.h
@@ -1,15 +1,20 @@
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * Rights for redistribution and usage in source and binary
- * forms are granted according to the OpenSSL license.
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include <stddef.h>
+#ifndef HEADER_MODES_H
+# define HEADER_MODES_H
 
-#ifdef  __cplusplus
+# include <stddef.h>
+
+# ifdef  __cplusplus
 extern "C" {
-#endif
+# endif
 typedef void (*block128_f) (const unsigned char in[16],
                             unsigned char out[16], const void *key);
 
@@ -157,7 +162,47 @@ size_t CRYPTO_128_unwrap(void *key, const unsigned char *iv,
                          unsigned char *out,
                          const unsigned char *in, size_t inlen,
                          block128_f block);
+size_t CRYPTO_128_wrap_pad(void *key, const unsigned char *icv,
+                           unsigned char *out, const unsigned char *in,
+                           size_t inlen, block128_f block);
+size_t CRYPTO_128_unwrap_pad(void *key, const unsigned char *icv,
+                             unsigned char *out, const unsigned char *in,
+                             size_t inlen, block128_f block);
+
+# ifndef OPENSSL_NO_OCB
+typedef struct ocb128_context OCB128_CONTEXT;
+
+typedef void (*ocb128_f) (const unsigned char *in, unsigned char *out,
+                          size_t blocks, const void *key,
+                          size_t start_block_num,
+                          unsigned char offset_i[16],
+                          const unsigned char L_[][16],
+                          unsigned char checksum[16]);
+
+OCB128_CONTEXT *CRYPTO_ocb128_new(void *keyenc, void *keydec,
+                                  block128_f encrypt, block128_f decrypt,
+                                  ocb128_f stream);
+int CRYPTO_ocb128_init(OCB128_CONTEXT *ctx, void *keyenc, void *keydec,
+                       block128_f encrypt, block128_f decrypt,
+                       ocb128_f stream);
+int CRYPTO_ocb128_copy_ctx(OCB128_CONTEXT *dest, OCB128_CONTEXT *src,
+                           void *keyenc, void *keydec);
+int CRYPTO_ocb128_setiv(OCB128_CONTEXT *ctx, const unsigned char *iv,
+                        size_t len, size_t taglen);
+int CRYPTO_ocb128_aad(OCB128_CONTEXT *ctx, const unsigned char *aad,
+                      size_t len);
+int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx, const unsigned char *in,
+                          unsigned char *out, size_t len);
+int CRYPTO_ocb128_decrypt(OCB128_CONTEXT *ctx, const unsigned char *in,
+                          unsigned char *out, size_t len);
+int CRYPTO_ocb128_finish(OCB128_CONTEXT *ctx, const unsigned char *tag,
+                         size_t len);
+int CRYPTO_ocb128_tag(OCB128_CONTEXT *ctx, unsigned char *tag, size_t len);
+void CRYPTO_ocb128_cleanup(OCB128_CONTEXT *ctx);
+# endif                          /* OPENSSL_NO_OCB */
 
-#ifdef  __cplusplus
+# ifdef  __cplusplus
 }
+# endif
+
 #endif
diff --git a/freebsd/crypto/openssl/crypto/objects/obj_mac.h b/freebsd/crypto/openssl/include/openssl/obj_mac.h
index 779c309b..80ff5a7c 100644
--- a/freebsd/crypto/openssl/crypto/objects/obj_mac.h
+++ b/freebsd/crypto/openssl/include/openssl/obj_mac.h
@@ -1,65 +1,12 @@
-/* crypto/objects/obj_mac.h */
-
 /*
- * THIS FILE IS GENERATED FROM objects.txt by objects.pl via the following
- * command: perl objects.pl objects.txt obj_mac.num obj_mac.h
- */
-
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+ * WARNING: do not edit!
+ * Generated by crypto/objects/objects.pl
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #define SN_undef                        "UNDEF"
@@ -107,10 +54,24 @@
 #define NID_hmac_sha1           781
 #define OBJ_hmac_sha1           OBJ_identified_organization,6L,1L,5L,5L,8L,1L,2L
 
+#define SN_x509ExtAdmission             "x509ExtAdmission"
+#define LN_x509ExtAdmission             "Professional Information or basis for Admission"
+#define NID_x509ExtAdmission            1093
+#define OBJ_x509ExtAdmission            OBJ_identified_organization,36L,8L,3L,3L
+
 #define SN_certicom_arc         "certicom-arc"
 #define NID_certicom_arc                677
 #define OBJ_certicom_arc                OBJ_identified_organization,132L
 
+#define SN_ieee         "ieee"
+#define NID_ieee                1170
+#define OBJ_ieee                OBJ_identified_organization,111L
+
+#define SN_ieee_siswg           "ieee-siswg"
+#define LN_ieee_siswg           "IEEE Security in Storage Working Group"
+#define NID_ieee_siswg          1171
+#define OBJ_ieee_siswg          OBJ_ieee,2L,1619L
+
 #define SN_international_organizations          "international-organizations"
 #define LN_international_organizations          "International Organizations"
 #define NID_international_organizations         647
@@ -148,6 +109,19 @@
 #define NID_X9cm                185
 #define OBJ_X9cm                OBJ_X9_57,4L
 
+#define SN_ISO_CN               "ISO-CN"
+#define LN_ISO_CN               "ISO CN Member Body"
+#define NID_ISO_CN              1140
+#define OBJ_ISO_CN              OBJ_member_body,156L
+
+#define SN_oscca                "oscca"
+#define NID_oscca               1141
+#define OBJ_oscca               OBJ_ISO_CN,10197L
+
+#define SN_sm_scheme            "sm-scheme"
+#define NID_sm_scheme           1142
+#define OBJ_sm_scheme           OBJ_oscca,1L
+
 #define SN_dsa          "DSA"
 #define LN_dsa          "dsaEncryption"
 #define NID_dsa         116
@@ -620,6 +594,16 @@
 #define NID_sha224WithRSAEncryption             671
 #define OBJ_sha224WithRSAEncryption             OBJ_pkcs1,14L
 
+#define SN_sha512_224WithRSAEncryption          "RSA-SHA512/224"
+#define LN_sha512_224WithRSAEncryption          "sha512-224WithRSAEncryption"
+#define NID_sha512_224WithRSAEncryption         1145
+#define OBJ_sha512_224WithRSAEncryption         OBJ_pkcs1,15L
+
+#define SN_sha512_256WithRSAEncryption          "RSA-SHA512/256"
+#define LN_sha512_256WithRSAEncryption          "sha512-256WithRSAEncryption"
+#define NID_sha512_256WithRSAEncryption         1146
+#define OBJ_sha512_256WithRSAEncryption         OBJ_pkcs1,16L
+
 #define SN_pkcs3                "pkcs3"
 #define NID_pkcs3               27
 #define OBJ_pkcs3               OBJ_pkcs,3L
@@ -853,10 +837,22 @@
 #define NID_id_smime_ct_compressedData          786
 #define OBJ_id_smime_ct_compressedData          OBJ_id_smime_ct,9L
 
+#define SN_id_smime_ct_contentCollection                "id-smime-ct-contentCollection"
+#define NID_id_smime_ct_contentCollection               1058
+#define OBJ_id_smime_ct_contentCollection               OBJ_id_smime_ct,19L
+
+#define SN_id_smime_ct_authEnvelopedData                "id-smime-ct-authEnvelopedData"
+#define NID_id_smime_ct_authEnvelopedData               1059
+#define OBJ_id_smime_ct_authEnvelopedData               OBJ_id_smime_ct,23L
+
 #define SN_id_ct_asciiTextWithCRLF              "id-ct-asciiTextWithCRLF"
 #define NID_id_ct_asciiTextWithCRLF             787
 #define OBJ_id_ct_asciiTextWithCRLF             OBJ_id_smime_ct,27L
 
+#define SN_id_ct_xml            "id-ct-xml"
+#define NID_id_ct_xml           1060
+#define OBJ_id_ct_xml           OBJ_id_smime_ct,28L
+
 #define SN_id_smime_aa_receiptRequest           "id-smime-aa-receiptRequest"
 #define NID_id_smime_aa_receiptRequest          212
 #define OBJ_id_smime_aa_receiptRequest          OBJ_id_smime_aa,1L
@@ -973,6 +969,10 @@
 #define NID_id_smime_aa_dvcs_dvc                240
 #define OBJ_id_smime_aa_dvcs_dvc                OBJ_id_smime_aa,29L
 
+#define SN_id_smime_aa_signingCertificateV2             "id-smime-aa-signingCertificateV2"
+#define NID_id_smime_aa_signingCertificateV2            1086
+#define OBJ_id_smime_aa_signingCertificateV2            OBJ_id_smime_aa,47L
+
 #define SN_id_smime_alg_ESDHwith3DES            "id-smime-alg-ESDHwith3DES"
 #define NID_id_smime_alg_ESDHwith3DES           241
 #define OBJ_id_smime_alg_ESDHwith3DES           OBJ_id_smime_alg,1L
@@ -1164,6 +1164,21 @@
 #define NID_hmacWithSHA1                163
 #define OBJ_hmacWithSHA1                OBJ_rsadsi,2L,7L
 
+#define SN_sm2          "SM2"
+#define LN_sm2          "sm2"
+#define NID_sm2         1172
+#define OBJ_sm2         OBJ_sm_scheme,301L
+
+#define SN_sm3          "SM3"
+#define LN_sm3          "sm3"
+#define NID_sm3         1143
+#define OBJ_sm3         OBJ_sm_scheme,401L
+
+#define SN_sm3WithRSAEncryption         "RSA-SM3"
+#define LN_sm3WithRSAEncryption         "sm3WithRSAEncryption"
+#define NID_sm3WithRSAEncryption                1144
+#define OBJ_sm3WithRSAEncryption                OBJ_sm_scheme,504L
+
 #define LN_hmacWithSHA224               "hmacWithSHA224"
 #define NID_hmacWithSHA224              798
 #define OBJ_hmacWithSHA224              OBJ_rsadsi,2L,8L
@@ -1180,6 +1195,14 @@
 #define NID_hmacWithSHA512              801
 #define OBJ_hmacWithSHA512              OBJ_rsadsi,2L,11L
 
+#define LN_hmacWithSHA512_224           "hmacWithSHA512-224"
+#define NID_hmacWithSHA512_224          1193
+#define OBJ_hmacWithSHA512_224          OBJ_rsadsi,2L,12L
+
+#define LN_hmacWithSHA512_256           "hmacWithSHA512-256"
+#define NID_hmacWithSHA512_256          1194
+#define OBJ_hmacWithSHA512_256          OBJ_rsadsi,2L,13L
+
 #define SN_rc2_cbc              "RC2-CBC"
 #define LN_rc2_cbc              "rc2-cbc"
 #define NID_rc2_cbc             37
@@ -1490,6 +1513,11 @@
 #define NID_proxyCertInfo               663
 #define OBJ_proxyCertInfo               OBJ_id_pe,14L
 
+#define SN_tlsfeature           "tlsfeature"
+#define LN_tlsfeature           "TLS Feature"
+#define NID_tlsfeature          1020
+#define OBJ_tlsfeature          OBJ_id_pe,24L
+
 #define SN_id_qt_cps            "id-qt-cps"
 #define LN_id_qt_cps            "Policy Qualifier CPS"
 #define NID_id_qt_cps           164
@@ -1554,6 +1582,61 @@
 #define NID_dvcs                297
 #define OBJ_dvcs                OBJ_id_kp,10L
 
+#define SN_ipsec_IKE            "ipsecIKE"
+#define LN_ipsec_IKE            "ipsec Internet Key Exchange"
+#define NID_ipsec_IKE           1022
+#define OBJ_ipsec_IKE           OBJ_id_kp,17L
+
+#define SN_capwapAC             "capwapAC"
+#define LN_capwapAC             "Ctrl/provision WAP Access"
+#define NID_capwapAC            1023
+#define OBJ_capwapAC            OBJ_id_kp,18L
+
+#define SN_capwapWTP            "capwapWTP"
+#define LN_capwapWTP            "Ctrl/Provision WAP Termination"
+#define NID_capwapWTP           1024
+#define OBJ_capwapWTP           OBJ_id_kp,19L
+
+#define SN_sshClient            "secureShellClient"
+#define LN_sshClient            "SSH Client"
+#define NID_sshClient           1025
+#define OBJ_sshClient           OBJ_id_kp,21L
+
+#define SN_sshServer            "secureShellServer"
+#define LN_sshServer            "SSH Server"
+#define NID_sshServer           1026
+#define OBJ_sshServer           OBJ_id_kp,22L
+
+#define SN_sendRouter           "sendRouter"
+#define LN_sendRouter           "Send Router"
+#define NID_sendRouter          1027
+#define OBJ_sendRouter          OBJ_id_kp,23L
+
+#define SN_sendProxiedRouter            "sendProxiedRouter"
+#define LN_sendProxiedRouter            "Send Proxied Router"
+#define NID_sendProxiedRouter           1028
+#define OBJ_sendProxiedRouter           OBJ_id_kp,24L
+
+#define SN_sendOwner            "sendOwner"
+#define LN_sendOwner            "Send Owner"
+#define NID_sendOwner           1029
+#define OBJ_sendOwner           OBJ_id_kp,25L
+
+#define SN_sendProxiedOwner             "sendProxiedOwner"
+#define LN_sendProxiedOwner             "Send Proxied Owner"
+#define NID_sendProxiedOwner            1030
+#define OBJ_sendProxiedOwner            OBJ_id_kp,26L
+
+#define SN_cmcCA                "cmcCA"
+#define LN_cmcCA                "CMC Certificate Authority"
+#define NID_cmcCA               1131
+#define OBJ_cmcCA               OBJ_id_kp,27L
+
+#define SN_cmcRA                "cmcRA"
+#define LN_cmcRA                "CMC Registration Authority"
+#define NID_cmcRA               1132
+#define OBJ_cmcRA               OBJ_id_kp,28L
+
 #define SN_id_it_caProtEncCert          "id-it-caProtEncCert"
 #define NID_id_it_caProtEncCert         298
 #define OBJ_id_it_caProtEncCert         OBJ_id_it,1L
@@ -2030,6 +2113,16 @@
 #define NID_ripemd160WithRSA            119
 #define OBJ_ripemd160WithRSA            1L,3L,36L,3L,3L,1L,2L
 
+#define SN_blake2b512           "BLAKE2b512"
+#define LN_blake2b512           "blake2b512"
+#define NID_blake2b512          1056
+#define OBJ_blake2b512          1L,3L,6L,1L,4L,1L,1722L,12L,2L,1L,16L
+
+#define SN_blake2s256           "BLAKE2s256"
+#define LN_blake2s256           "blake2s256"
+#define NID_blake2s256          1057
+#define OBJ_blake2s256          1L,3L,6L,1L,4L,1L,1722L,12L,2L,2L,8L
+
 #define SN_sxnet                "SXNetID"
 #define LN_sxnet                "Strong Extranet ID"
 #define NID_sxnet               143
@@ -2274,6 +2367,24 @@
 #define NID_role                400
 #define OBJ_role                OBJ_X509,72L
 
+#define LN_organizationIdentifier               "organizationIdentifier"
+#define NID_organizationIdentifier              1089
+#define OBJ_organizationIdentifier              OBJ_X509,97L
+
+#define SN_countryCode3c                "c3"
+#define LN_countryCode3c                "countryCode3c"
+#define NID_countryCode3c               1090
+#define OBJ_countryCode3c               OBJ_X509,98L
+
+#define SN_countryCode3n                "n3"
+#define LN_countryCode3n                "countryCode3n"
+#define NID_countryCode3n               1091
+#define OBJ_countryCode3n               OBJ_X509,99L
+
+#define LN_dnsName              "dnsName"
+#define NID_dnsName             1092
+#define OBJ_dnsName             OBJ_X509,100L
+
 #define SN_X500algorithms               "X500algorithms"
 #define LN_X500algorithms               "directory services - algorithms"
 #define NID_X500algorithms              378
@@ -2354,7 +2465,7 @@
 #define OBJ_delta_crl           OBJ_id_ce,27L
 
 #define SN_issuing_distribution_point           "issuingDistributionPoint"
-#define LN_issuing_distribution_point           "X509v3 Issuing Distrubution Point"
+#define LN_issuing_distribution_point           "X509v3 Issuing Distribution Point"
 #define NID_issuing_distribution_point          770
 #define OBJ_issuing_distribution_point          OBJ_id_ce,28L
 
@@ -2579,11 +2690,6 @@
 #define NID_id_hex_multipart_message            508
 #define OBJ_id_hex_multipart_message            OBJ_mime_mhs_headings,2L
 
-#define SN_rle_compression              "RLE"
-#define LN_rle_compression              "run length compression"
-#define NID_rle_compression             124
-#define OBJ_rle_compression             1L,1L,1L,1L,666L,1L
-
 #define SN_zlib_compression             "ZLIB"
 #define LN_zlib_compression             "zlib compression"
 #define NID_zlib_compression            125
@@ -2709,6 +2815,16 @@
 #define NID_id_aes256_wrap_pad          903
 #define OBJ_id_aes256_wrap_pad          OBJ_aes,48L
 
+#define SN_aes_128_xts          "AES-128-XTS"
+#define LN_aes_128_xts          "aes-128-xts"
+#define NID_aes_128_xts         913
+#define OBJ_aes_128_xts         OBJ_ieee_siswg,0L,1L,1L
+
+#define SN_aes_256_xts          "AES-256-XTS"
+#define LN_aes_256_xts          "aes-256-xts"
+#define NID_aes_256_xts         914
+#define OBJ_aes_256_xts         OBJ_ieee_siswg,0L,1L,2L
+
 #define SN_aes_128_cfb1         "AES-128-CFB1"
 #define LN_aes_128_cfb1         "aes-128-cfb1"
 #define NID_aes_128_cfb1                650
@@ -2745,13 +2861,17 @@
 #define LN_aes_256_ctr          "aes-256-ctr"
 #define NID_aes_256_ctr         906
 
-#define SN_aes_128_xts          "AES-128-XTS"
-#define LN_aes_128_xts          "aes-128-xts"
-#define NID_aes_128_xts         913
+#define SN_aes_128_ocb          "AES-128-OCB"
+#define LN_aes_128_ocb          "aes-128-ocb"
+#define NID_aes_128_ocb         958
 
-#define SN_aes_256_xts          "AES-256-XTS"
-#define LN_aes_256_xts          "aes-256-xts"
-#define NID_aes_256_xts         914
+#define SN_aes_192_ocb          "AES-192-OCB"
+#define LN_aes_192_ocb          "aes-192-ocb"
+#define NID_aes_192_ocb         959
+
+#define SN_aes_256_ocb          "AES-256-OCB"
+#define LN_aes_256_ocb          "aes-256-ocb"
+#define NID_aes_256_ocb         960
 
 #define SN_des_cfb1             "DES-CFB1"
 #define LN_des_cfb1             "des-cfb1"
@@ -2791,6 +2911,66 @@
 #define NID_sha224              675
 #define OBJ_sha224              OBJ_nist_hashalgs,4L
 
+#define SN_sha512_224           "SHA512-224"
+#define LN_sha512_224           "sha512-224"
+#define NID_sha512_224          1094
+#define OBJ_sha512_224          OBJ_nist_hashalgs,5L
+
+#define SN_sha512_256           "SHA512-256"
+#define LN_sha512_256           "sha512-256"
+#define NID_sha512_256          1095
+#define OBJ_sha512_256          OBJ_nist_hashalgs,6L
+
+#define SN_sha3_224             "SHA3-224"
+#define LN_sha3_224             "sha3-224"
+#define NID_sha3_224            1096
+#define OBJ_sha3_224            OBJ_nist_hashalgs,7L
+
+#define SN_sha3_256             "SHA3-256"
+#define LN_sha3_256             "sha3-256"
+#define NID_sha3_256            1097
+#define OBJ_sha3_256            OBJ_nist_hashalgs,8L
+
+#define SN_sha3_384             "SHA3-384"
+#define LN_sha3_384             "sha3-384"
+#define NID_sha3_384            1098
+#define OBJ_sha3_384            OBJ_nist_hashalgs,9L
+
+#define SN_sha3_512             "SHA3-512"
+#define LN_sha3_512             "sha3-512"
+#define NID_sha3_512            1099
+#define OBJ_sha3_512            OBJ_nist_hashalgs,10L
+
+#define SN_shake128             "SHAKE128"
+#define LN_shake128             "shake128"
+#define NID_shake128            1100
+#define OBJ_shake128            OBJ_nist_hashalgs,11L
+
+#define SN_shake256             "SHAKE256"
+#define LN_shake256             "shake256"
+#define NID_shake256            1101
+#define OBJ_shake256            OBJ_nist_hashalgs,12L
+
+#define SN_hmac_sha3_224                "id-hmacWithSHA3-224"
+#define LN_hmac_sha3_224                "hmac-sha3-224"
+#define NID_hmac_sha3_224               1102
+#define OBJ_hmac_sha3_224               OBJ_nist_hashalgs,13L
+
+#define SN_hmac_sha3_256                "id-hmacWithSHA3-256"
+#define LN_hmac_sha3_256                "hmac-sha3-256"
+#define NID_hmac_sha3_256               1103
+#define OBJ_hmac_sha3_256               OBJ_nist_hashalgs,14L
+
+#define SN_hmac_sha3_384                "id-hmacWithSHA3-384"
+#define LN_hmac_sha3_384                "hmac-sha3-384"
+#define NID_hmac_sha3_384               1104
+#define OBJ_hmac_sha3_384               OBJ_nist_hashalgs,15L
+
+#define SN_hmac_sha3_512                "id-hmacWithSHA3-512"
+#define LN_hmac_sha3_512                "hmac-sha3-512"
+#define NID_hmac_sha3_512               1105
+#define OBJ_hmac_sha3_512               OBJ_nist_hashalgs,16L
+
 #define OBJ_dsa_with_sha2               OBJ_nistAlgorithms,3L
 
 #define SN_dsa_with_SHA224              "dsa_with_SHA224"
@@ -2801,6 +2981,78 @@
 #define NID_dsa_with_SHA256             803
 #define OBJ_dsa_with_SHA256             OBJ_dsa_with_sha2,2L
 
+#define OBJ_sigAlgs             OBJ_nistAlgorithms,3L
+
+#define SN_dsa_with_SHA384              "id-dsa-with-sha384"
+#define LN_dsa_with_SHA384              "dsa_with_SHA384"
+#define NID_dsa_with_SHA384             1106
+#define OBJ_dsa_with_SHA384             OBJ_sigAlgs,3L
+
+#define SN_dsa_with_SHA512              "id-dsa-with-sha512"
+#define LN_dsa_with_SHA512              "dsa_with_SHA512"
+#define NID_dsa_with_SHA512             1107
+#define OBJ_dsa_with_SHA512             OBJ_sigAlgs,4L
+
+#define SN_dsa_with_SHA3_224            "id-dsa-with-sha3-224"
+#define LN_dsa_with_SHA3_224            "dsa_with_SHA3-224"
+#define NID_dsa_with_SHA3_224           1108
+#define OBJ_dsa_with_SHA3_224           OBJ_sigAlgs,5L
+
+#define SN_dsa_with_SHA3_256            "id-dsa-with-sha3-256"
+#define LN_dsa_with_SHA3_256            "dsa_with_SHA3-256"
+#define NID_dsa_with_SHA3_256           1109
+#define OBJ_dsa_with_SHA3_256           OBJ_sigAlgs,6L
+
+#define SN_dsa_with_SHA3_384            "id-dsa-with-sha3-384"
+#define LN_dsa_with_SHA3_384            "dsa_with_SHA3-384"
+#define NID_dsa_with_SHA3_384           1110
+#define OBJ_dsa_with_SHA3_384           OBJ_sigAlgs,7L
+
+#define SN_dsa_with_SHA3_512            "id-dsa-with-sha3-512"
+#define LN_dsa_with_SHA3_512            "dsa_with_SHA3-512"
+#define NID_dsa_with_SHA3_512           1111
+#define OBJ_dsa_with_SHA3_512           OBJ_sigAlgs,8L
+
+#define SN_ecdsa_with_SHA3_224          "id-ecdsa-with-sha3-224"
+#define LN_ecdsa_with_SHA3_224          "ecdsa_with_SHA3-224"
+#define NID_ecdsa_with_SHA3_224         1112
+#define OBJ_ecdsa_with_SHA3_224         OBJ_sigAlgs,9L
+
+#define SN_ecdsa_with_SHA3_256          "id-ecdsa-with-sha3-256"
+#define LN_ecdsa_with_SHA3_256          "ecdsa_with_SHA3-256"
+#define NID_ecdsa_with_SHA3_256         1113
+#define OBJ_ecdsa_with_SHA3_256         OBJ_sigAlgs,10L
+
+#define SN_ecdsa_with_SHA3_384          "id-ecdsa-with-sha3-384"
+#define LN_ecdsa_with_SHA3_384          "ecdsa_with_SHA3-384"
+#define NID_ecdsa_with_SHA3_384         1114
+#define OBJ_ecdsa_with_SHA3_384         OBJ_sigAlgs,11L
+
+#define SN_ecdsa_with_SHA3_512          "id-ecdsa-with-sha3-512"
+#define LN_ecdsa_with_SHA3_512          "ecdsa_with_SHA3-512"
+#define NID_ecdsa_with_SHA3_512         1115
+#define OBJ_ecdsa_with_SHA3_512         OBJ_sigAlgs,12L
+
+#define SN_RSA_SHA3_224         "id-rsassa-pkcs1-v1_5-with-sha3-224"
+#define LN_RSA_SHA3_224         "RSA-SHA3-224"
+#define NID_RSA_SHA3_224                1116
+#define OBJ_RSA_SHA3_224                OBJ_sigAlgs,13L
+
+#define SN_RSA_SHA3_256         "id-rsassa-pkcs1-v1_5-with-sha3-256"
+#define LN_RSA_SHA3_256         "RSA-SHA3-256"
+#define NID_RSA_SHA3_256                1117
+#define OBJ_RSA_SHA3_256                OBJ_sigAlgs,14L
+
+#define SN_RSA_SHA3_384         "id-rsassa-pkcs1-v1_5-with-sha3-384"
+#define LN_RSA_SHA3_384         "RSA-SHA3-384"
+#define NID_RSA_SHA3_384                1118
+#define OBJ_RSA_SHA3_384                OBJ_sigAlgs,15L
+
+#define SN_RSA_SHA3_512         "id-rsassa-pkcs1-v1_5-with-sha3-512"
+#define LN_RSA_SHA3_512         "RSA-SHA3-512"
+#define NID_RSA_SHA3_512                1119
+#define OBJ_RSA_SHA3_512                OBJ_sigAlgs,16L
+
 #define SN_hold_instruction_code                "holdInstructionCode"
 #define LN_hold_instruction_code                "Hold Instruction Code"
 #define NID_hold_instruction_code               430
@@ -3063,6 +3315,11 @@
 #define NID_friendlyCountryName         490
 #define OBJ_friendlyCountryName         OBJ_pilotAttributeType,43L
 
+#define SN_uniqueIdentifier             "uid"
+#define LN_uniqueIdentifier             "uniqueIdentifier"
+#define NID_uniqueIdentifier            102
+#define OBJ_uniqueIdentifier            OBJ_pilotAttributeType,44L
+
 #define LN_organizationalStatus         "organizationalStatus"
 #define NID_organizationalStatus                491
 #define OBJ_organizationalStatus                OBJ_pilotAttributeType,45L
@@ -3678,6 +3935,10 @@
 #define NID_cryptocom           806
 #define OBJ_cryptocom           OBJ_member_body,643L,2L,9L
 
+#define SN_id_tc26              "id-tc26"
+#define NID_id_tc26             974
+#define OBJ_id_tc26             OBJ_member_body,643L,7L,1L
+
 #define SN_id_GostR3411_94_with_GostR3410_2001          "id-GostR3411-94-with-GostR3410-2001"
 #define LN_id_GostR3411_94_with_GostR3410_2001          "GOST R 34.11-94 with GOST R 34.10-2001"
 #define NID_id_GostR3411_94_with_GostR3410_2001         807
@@ -3716,11 +3977,26 @@
 #define SN_gost89_cnt           "gost89-cnt"
 #define NID_gost89_cnt          814
 
+#define SN_gost89_cnt_12                "gost89-cnt-12"
+#define NID_gost89_cnt_12               975
+
+#define SN_gost89_cbc           "gost89-cbc"
+#define NID_gost89_cbc          1009
+
+#define SN_gost89_ecb           "gost89-ecb"
+#define NID_gost89_ecb          1010
+
+#define SN_gost89_ctr           "gost89-ctr"
+#define NID_gost89_ctr          1011
+
 #define SN_id_Gost28147_89_MAC          "gost-mac"
 #define LN_id_Gost28147_89_MAC          "GOST 28147-89 MAC"
 #define NID_id_Gost28147_89_MAC         815
 #define OBJ_id_Gost28147_89_MAC         OBJ_cryptopro,22L
 
+#define SN_gost_mac_12          "gost-mac-12"
+#define NID_gost_mac_12         976
+
 #define SN_id_GostR3411_94_prf          "prf-gostr3411-94"
 #define LN_id_GostR3411_94_prf          "GOST R 34.11-94 PRF"
 #define NID_id_GostR3411_94_prf         816
@@ -3886,6 +4162,260 @@
 #define NID_id_GostR3410_2001_ParamSet_cc               854
 #define OBJ_id_GostR3410_2001_ParamSet_cc               OBJ_cryptocom,1L,8L,1L
 
+#define SN_id_tc26_algorithms           "id-tc26-algorithms"
+#define NID_id_tc26_algorithms          977
+#define OBJ_id_tc26_algorithms          OBJ_id_tc26,1L
+
+#define SN_id_tc26_sign         "id-tc26-sign"
+#define NID_id_tc26_sign                978
+#define OBJ_id_tc26_sign                OBJ_id_tc26_algorithms,1L
+
+#define SN_id_GostR3410_2012_256                "gost2012_256"
+#define LN_id_GostR3410_2012_256                "GOST R 34.10-2012 with 256 bit modulus"
+#define NID_id_GostR3410_2012_256               979
+#define OBJ_id_GostR3410_2012_256               OBJ_id_tc26_sign,1L
+
+#define SN_id_GostR3410_2012_512                "gost2012_512"
+#define LN_id_GostR3410_2012_512                "GOST R 34.10-2012 with 512 bit modulus"
+#define NID_id_GostR3410_2012_512               980
+#define OBJ_id_GostR3410_2012_512               OBJ_id_tc26_sign,2L
+
+#define SN_id_tc26_digest               "id-tc26-digest"
+#define NID_id_tc26_digest              981
+#define OBJ_id_tc26_digest              OBJ_id_tc26_algorithms,2L
+
+#define SN_id_GostR3411_2012_256                "md_gost12_256"
+#define LN_id_GostR3411_2012_256                "GOST R 34.11-2012 with 256 bit hash"
+#define NID_id_GostR3411_2012_256               982
+#define OBJ_id_GostR3411_2012_256               OBJ_id_tc26_digest,2L
+
+#define SN_id_GostR3411_2012_512                "md_gost12_512"
+#define LN_id_GostR3411_2012_512                "GOST R 34.11-2012 with 512 bit hash"
+#define NID_id_GostR3411_2012_512               983
+#define OBJ_id_GostR3411_2012_512               OBJ_id_tc26_digest,3L
+
+#define SN_id_tc26_signwithdigest               "id-tc26-signwithdigest"
+#define NID_id_tc26_signwithdigest              984
+#define OBJ_id_tc26_signwithdigest              OBJ_id_tc26_algorithms,3L
+
+#define SN_id_tc26_signwithdigest_gost3410_2012_256             "id-tc26-signwithdigest-gost3410-2012-256"
+#define LN_id_tc26_signwithdigest_gost3410_2012_256             "GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)"
+#define NID_id_tc26_signwithdigest_gost3410_2012_256            985
+#define OBJ_id_tc26_signwithdigest_gost3410_2012_256            OBJ_id_tc26_signwithdigest,2L
+
+#define SN_id_tc26_signwithdigest_gost3410_2012_512             "id-tc26-signwithdigest-gost3410-2012-512"
+#define LN_id_tc26_signwithdigest_gost3410_2012_512             "GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)"
+#define NID_id_tc26_signwithdigest_gost3410_2012_512            986
+#define OBJ_id_tc26_signwithdigest_gost3410_2012_512            OBJ_id_tc26_signwithdigest,3L
+
+#define SN_id_tc26_mac          "id-tc26-mac"
+#define NID_id_tc26_mac         987
+#define OBJ_id_tc26_mac         OBJ_id_tc26_algorithms,4L
+
+#define SN_id_tc26_hmac_gost_3411_2012_256              "id-tc26-hmac-gost-3411-2012-256"
+#define LN_id_tc26_hmac_gost_3411_2012_256              "HMAC GOST 34.11-2012 256 bit"
+#define NID_id_tc26_hmac_gost_3411_2012_256             988
+#define OBJ_id_tc26_hmac_gost_3411_2012_256             OBJ_id_tc26_mac,1L
+
+#define SN_id_tc26_hmac_gost_3411_2012_512              "id-tc26-hmac-gost-3411-2012-512"
+#define LN_id_tc26_hmac_gost_3411_2012_512              "HMAC GOST 34.11-2012 512 bit"
+#define NID_id_tc26_hmac_gost_3411_2012_512             989
+#define OBJ_id_tc26_hmac_gost_3411_2012_512             OBJ_id_tc26_mac,2L
+
+#define SN_id_tc26_cipher               "id-tc26-cipher"
+#define NID_id_tc26_cipher              990
+#define OBJ_id_tc26_cipher              OBJ_id_tc26_algorithms,5L
+
+#define SN_id_tc26_cipher_gostr3412_2015_magma          "id-tc26-cipher-gostr3412-2015-magma"
+#define NID_id_tc26_cipher_gostr3412_2015_magma         1173
+#define OBJ_id_tc26_cipher_gostr3412_2015_magma         OBJ_id_tc26_cipher,1L
+
+#define SN_id_tc26_cipher_gostr3412_2015_magma_ctracpkm         "id-tc26-cipher-gostr3412-2015-magma-ctracpkm"
+#define NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm                1174
+#define OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm                OBJ_id_tc26_cipher_gostr3412_2015_magma,1L
+
+#define SN_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac            "id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac"
+#define NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac           1175
+#define OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac           OBJ_id_tc26_cipher_gostr3412_2015_magma,2L
+
+#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik             "id-tc26-cipher-gostr3412-2015-kuznyechik"
+#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik            1176
+#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik            OBJ_id_tc26_cipher,2L
+
+#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm            "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm"
+#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm           1177
+#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm           OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik,1L
+
+#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac               "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac"
+#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac              1178
+#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac              OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik,2L
+
+#define SN_id_tc26_agreement            "id-tc26-agreement"
+#define NID_id_tc26_agreement           991
+#define OBJ_id_tc26_agreement           OBJ_id_tc26_algorithms,6L
+
+#define SN_id_tc26_agreement_gost_3410_2012_256         "id-tc26-agreement-gost-3410-2012-256"
+#define NID_id_tc26_agreement_gost_3410_2012_256                992
+#define OBJ_id_tc26_agreement_gost_3410_2012_256                OBJ_id_tc26_agreement,1L
+
+#define SN_id_tc26_agreement_gost_3410_2012_512         "id-tc26-agreement-gost-3410-2012-512"
+#define NID_id_tc26_agreement_gost_3410_2012_512                993
+#define OBJ_id_tc26_agreement_gost_3410_2012_512                OBJ_id_tc26_agreement,2L
+
+#define SN_id_tc26_wrap         "id-tc26-wrap"
+#define NID_id_tc26_wrap                1179
+#define OBJ_id_tc26_wrap                OBJ_id_tc26_algorithms,7L
+
+#define SN_id_tc26_wrap_gostr3412_2015_magma            "id-tc26-wrap-gostr3412-2015-magma"
+#define NID_id_tc26_wrap_gostr3412_2015_magma           1180
+#define OBJ_id_tc26_wrap_gostr3412_2015_magma           OBJ_id_tc26_wrap,1L
+
+#define SN_id_tc26_wrap_gostr3412_2015_magma_kexp15             "id-tc26-wrap-gostr3412-2015-magma-kexp15"
+#define NID_id_tc26_wrap_gostr3412_2015_magma_kexp15            1181
+#define OBJ_id_tc26_wrap_gostr3412_2015_magma_kexp15            OBJ_id_tc26_wrap_gostr3412_2015_magma,1L
+
+#define SN_id_tc26_wrap_gostr3412_2015_kuznyechik               "id-tc26-wrap-gostr3412-2015-kuznyechik"
+#define NID_id_tc26_wrap_gostr3412_2015_kuznyechik              1182
+#define OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik              OBJ_id_tc26_wrap,2L
+
+#define SN_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15                "id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15"
+#define NID_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15               1183
+#define OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15               OBJ_id_tc26_wrap_gostr3412_2015_magma,1L
+
+#define SN_id_tc26_constants            "id-tc26-constants"
+#define NID_id_tc26_constants           994
+#define OBJ_id_tc26_constants           OBJ_id_tc26,2L
+
+#define SN_id_tc26_sign_constants               "id-tc26-sign-constants"
+#define NID_id_tc26_sign_constants              995
+#define OBJ_id_tc26_sign_constants              OBJ_id_tc26_constants,1L
+
+#define SN_id_tc26_gost_3410_2012_256_constants         "id-tc26-gost-3410-2012-256-constants"
+#define NID_id_tc26_gost_3410_2012_256_constants                1147
+#define OBJ_id_tc26_gost_3410_2012_256_constants                OBJ_id_tc26_sign_constants,1L
+
+#define SN_id_tc26_gost_3410_2012_256_paramSetA         "id-tc26-gost-3410-2012-256-paramSetA"
+#define LN_id_tc26_gost_3410_2012_256_paramSetA         "GOST R 34.10-2012 (256 bit) ParamSet A"
+#define NID_id_tc26_gost_3410_2012_256_paramSetA                1148
+#define OBJ_id_tc26_gost_3410_2012_256_paramSetA                OBJ_id_tc26_gost_3410_2012_256_constants,1L
+
+#define SN_id_tc26_gost_3410_2012_256_paramSetB         "id-tc26-gost-3410-2012-256-paramSetB"
+#define LN_id_tc26_gost_3410_2012_256_paramSetB         "GOST R 34.10-2012 (256 bit) ParamSet B"
+#define NID_id_tc26_gost_3410_2012_256_paramSetB                1184
+#define OBJ_id_tc26_gost_3410_2012_256_paramSetB                OBJ_id_tc26_gost_3410_2012_256_constants,2L
+
+#define SN_id_tc26_gost_3410_2012_256_paramSetC         "id-tc26-gost-3410-2012-256-paramSetC"
+#define LN_id_tc26_gost_3410_2012_256_paramSetC         "GOST R 34.10-2012 (256 bit) ParamSet C"
+#define NID_id_tc26_gost_3410_2012_256_paramSetC                1185
+#define OBJ_id_tc26_gost_3410_2012_256_paramSetC                OBJ_id_tc26_gost_3410_2012_256_constants,3L
+
+#define SN_id_tc26_gost_3410_2012_256_paramSetD         "id-tc26-gost-3410-2012-256-paramSetD"
+#define LN_id_tc26_gost_3410_2012_256_paramSetD         "GOST R 34.10-2012 (256 bit) ParamSet D"
+#define NID_id_tc26_gost_3410_2012_256_paramSetD                1186
+#define OBJ_id_tc26_gost_3410_2012_256_paramSetD                OBJ_id_tc26_gost_3410_2012_256_constants,4L
+
+#define SN_id_tc26_gost_3410_2012_512_constants         "id-tc26-gost-3410-2012-512-constants"
+#define NID_id_tc26_gost_3410_2012_512_constants                996
+#define OBJ_id_tc26_gost_3410_2012_512_constants                OBJ_id_tc26_sign_constants,2L
+
+#define SN_id_tc26_gost_3410_2012_512_paramSetTest              "id-tc26-gost-3410-2012-512-paramSetTest"
+#define LN_id_tc26_gost_3410_2012_512_paramSetTest              "GOST R 34.10-2012 (512 bit) testing parameter set"
+#define NID_id_tc26_gost_3410_2012_512_paramSetTest             997
+#define OBJ_id_tc26_gost_3410_2012_512_paramSetTest             OBJ_id_tc26_gost_3410_2012_512_constants,0L
+
+#define SN_id_tc26_gost_3410_2012_512_paramSetA         "id-tc26-gost-3410-2012-512-paramSetA"
+#define LN_id_tc26_gost_3410_2012_512_paramSetA         "GOST R 34.10-2012 (512 bit) ParamSet A"
+#define NID_id_tc26_gost_3410_2012_512_paramSetA                998
+#define OBJ_id_tc26_gost_3410_2012_512_paramSetA                OBJ_id_tc26_gost_3410_2012_512_constants,1L
+
+#define SN_id_tc26_gost_3410_2012_512_paramSetB         "id-tc26-gost-3410-2012-512-paramSetB"
+#define LN_id_tc26_gost_3410_2012_512_paramSetB         "GOST R 34.10-2012 (512 bit) ParamSet B"
+#define NID_id_tc26_gost_3410_2012_512_paramSetB                999
+#define OBJ_id_tc26_gost_3410_2012_512_paramSetB                OBJ_id_tc26_gost_3410_2012_512_constants,2L
+
+#define SN_id_tc26_gost_3410_2012_512_paramSetC         "id-tc26-gost-3410-2012-512-paramSetC"
+#define LN_id_tc26_gost_3410_2012_512_paramSetC         "GOST R 34.10-2012 (512 bit) ParamSet C"
+#define NID_id_tc26_gost_3410_2012_512_paramSetC                1149
+#define OBJ_id_tc26_gost_3410_2012_512_paramSetC                OBJ_id_tc26_gost_3410_2012_512_constants,3L
+
+#define SN_id_tc26_digest_constants             "id-tc26-digest-constants"
+#define NID_id_tc26_digest_constants            1000
+#define OBJ_id_tc26_digest_constants            OBJ_id_tc26_constants,2L
+
+#define SN_id_tc26_cipher_constants             "id-tc26-cipher-constants"
+#define NID_id_tc26_cipher_constants            1001
+#define OBJ_id_tc26_cipher_constants            OBJ_id_tc26_constants,5L
+
+#define SN_id_tc26_gost_28147_constants         "id-tc26-gost-28147-constants"
+#define NID_id_tc26_gost_28147_constants                1002
+#define OBJ_id_tc26_gost_28147_constants                OBJ_id_tc26_cipher_constants,1L
+
+#define SN_id_tc26_gost_28147_param_Z           "id-tc26-gost-28147-param-Z"
+#define LN_id_tc26_gost_28147_param_Z           "GOST 28147-89 TC26 parameter set"
+#define NID_id_tc26_gost_28147_param_Z          1003
+#define OBJ_id_tc26_gost_28147_param_Z          OBJ_id_tc26_gost_28147_constants,1L
+
+#define SN_INN          "INN"
+#define LN_INN          "INN"
+#define NID_INN         1004
+#define OBJ_INN         OBJ_member_body,643L,3L,131L,1L,1L
+
+#define SN_OGRN         "OGRN"
+#define LN_OGRN         "OGRN"
+#define NID_OGRN                1005
+#define OBJ_OGRN                OBJ_member_body,643L,100L,1L
+
+#define SN_SNILS                "SNILS"
+#define LN_SNILS                "SNILS"
+#define NID_SNILS               1006
+#define OBJ_SNILS               OBJ_member_body,643L,100L,3L
+
+#define SN_subjectSignTool              "subjectSignTool"
+#define LN_subjectSignTool              "Signing Tool of Subject"
+#define NID_subjectSignTool             1007
+#define OBJ_subjectSignTool             OBJ_member_body,643L,100L,111L
+
+#define SN_issuerSignTool               "issuerSignTool"
+#define LN_issuerSignTool               "Signing Tool of Issuer"
+#define NID_issuerSignTool              1008
+#define OBJ_issuerSignTool              OBJ_member_body,643L,100L,112L
+
+#define SN_grasshopper_ecb              "grasshopper-ecb"
+#define NID_grasshopper_ecb             1012
+
+#define SN_grasshopper_ctr              "grasshopper-ctr"
+#define NID_grasshopper_ctr             1013
+
+#define SN_grasshopper_ofb              "grasshopper-ofb"
+#define NID_grasshopper_ofb             1014
+
+#define SN_grasshopper_cbc              "grasshopper-cbc"
+#define NID_grasshopper_cbc             1015
+
+#define SN_grasshopper_cfb              "grasshopper-cfb"
+#define NID_grasshopper_cfb             1016
+
+#define SN_grasshopper_mac              "grasshopper-mac"
+#define NID_grasshopper_mac             1017
+
+#define SN_magma_ecb            "magma-ecb"
+#define NID_magma_ecb           1187
+
+#define SN_magma_ctr            "magma-ctr"
+#define NID_magma_ctr           1188
+
+#define SN_magma_ofb            "magma-ofb"
+#define NID_magma_ofb           1189
+
+#define SN_magma_cbc            "magma-cbc"
+#define NID_magma_cbc           1190
+
+#define SN_magma_cfb            "magma-cfb"
+#define NID_magma_cfb           1191
+
+#define SN_magma_mac            "magma-mac"
+#define NID_magma_mac           1192
+
 #define SN_camellia_128_cbc             "CAMELLIA-128-CBC"
 #define LN_camellia_128_cbc             "camellia-128-cbc"
 #define NID_camellia_128_cbc            751
@@ -3932,6 +4462,26 @@
 #define NID_camellia_128_cfb128         757
 #define OBJ_camellia_128_cfb128         OBJ_camellia,4L
 
+#define SN_camellia_128_gcm             "CAMELLIA-128-GCM"
+#define LN_camellia_128_gcm             "camellia-128-gcm"
+#define NID_camellia_128_gcm            961
+#define OBJ_camellia_128_gcm            OBJ_camellia,6L
+
+#define SN_camellia_128_ccm             "CAMELLIA-128-CCM"
+#define LN_camellia_128_ccm             "camellia-128-ccm"
+#define NID_camellia_128_ccm            962
+#define OBJ_camellia_128_ccm            OBJ_camellia,7L
+
+#define SN_camellia_128_ctr             "CAMELLIA-128-CTR"
+#define LN_camellia_128_ctr             "camellia-128-ctr"
+#define NID_camellia_128_ctr            963
+#define OBJ_camellia_128_ctr            OBJ_camellia,9L
+
+#define SN_camellia_128_cmac            "CAMELLIA-128-CMAC"
+#define LN_camellia_128_cmac            "camellia-128-cmac"
+#define NID_camellia_128_cmac           964
+#define OBJ_camellia_128_cmac           OBJ_camellia,10L
+
 #define SN_camellia_192_ecb             "CAMELLIA-192-ECB"
 #define LN_camellia_192_ecb             "camellia-192-ecb"
 #define NID_camellia_192_ecb            755
@@ -3947,6 +4497,26 @@
 #define NID_camellia_192_cfb128         758
 #define OBJ_camellia_192_cfb128         OBJ_camellia,24L
 
+#define SN_camellia_192_gcm             "CAMELLIA-192-GCM"
+#define LN_camellia_192_gcm             "camellia-192-gcm"
+#define NID_camellia_192_gcm            965
+#define OBJ_camellia_192_gcm            OBJ_camellia,26L
+
+#define SN_camellia_192_ccm             "CAMELLIA-192-CCM"
+#define LN_camellia_192_ccm             "camellia-192-ccm"
+#define NID_camellia_192_ccm            966
+#define OBJ_camellia_192_ccm            OBJ_camellia,27L
+
+#define SN_camellia_192_ctr             "CAMELLIA-192-CTR"
+#define LN_camellia_192_ctr             "camellia-192-ctr"
+#define NID_camellia_192_ctr            967
+#define OBJ_camellia_192_ctr            OBJ_camellia,29L
+
+#define SN_camellia_192_cmac            "CAMELLIA-192-CMAC"
+#define LN_camellia_192_cmac            "camellia-192-cmac"
+#define NID_camellia_192_cmac           968
+#define OBJ_camellia_192_cmac           OBJ_camellia,30L
+
 #define SN_camellia_256_ecb             "CAMELLIA-256-ECB"
 #define LN_camellia_256_ecb             "camellia-256-ecb"
 #define NID_camellia_256_ecb            756
@@ -3962,6 +4532,26 @@
 #define NID_camellia_256_cfb128         759
 #define OBJ_camellia_256_cfb128         OBJ_camellia,44L
 
+#define SN_camellia_256_gcm             "CAMELLIA-256-GCM"
+#define LN_camellia_256_gcm             "camellia-256-gcm"
+#define NID_camellia_256_gcm            969
+#define OBJ_camellia_256_gcm            OBJ_camellia,46L
+
+#define SN_camellia_256_ccm             "CAMELLIA-256-CCM"
+#define LN_camellia_256_ccm             "camellia-256-ccm"
+#define NID_camellia_256_ccm            970
+#define OBJ_camellia_256_ccm            OBJ_camellia,47L
+
+#define SN_camellia_256_ctr             "CAMELLIA-256-CTR"
+#define LN_camellia_256_ctr             "camellia-256-ctr"
+#define NID_camellia_256_ctr            971
+#define OBJ_camellia_256_ctr            OBJ_camellia,49L
+
+#define SN_camellia_256_cmac            "CAMELLIA-256-CMAC"
+#define LN_camellia_256_cmac            "camellia-256-cmac"
+#define NID_camellia_256_cmac           972
+#define OBJ_camellia_256_cmac           OBJ_camellia,50L
+
 #define SN_camellia_128_cfb1            "CAMELLIA-128-CFB1"
 #define LN_camellia_128_cfb1            "camellia-128-cfb1"
 #define NID_camellia_128_cfb1           760
@@ -3986,6 +4576,137 @@
 #define LN_camellia_256_cfb8            "camellia-256-cfb8"
 #define NID_camellia_256_cfb8           765
 
+#define OBJ_aria                1L,2L,410L,200046L,1L,1L
+
+#define SN_aria_128_ecb         "ARIA-128-ECB"
+#define LN_aria_128_ecb         "aria-128-ecb"
+#define NID_aria_128_ecb                1065
+#define OBJ_aria_128_ecb                OBJ_aria,1L
+
+#define SN_aria_128_cbc         "ARIA-128-CBC"
+#define LN_aria_128_cbc         "aria-128-cbc"
+#define NID_aria_128_cbc                1066
+#define OBJ_aria_128_cbc                OBJ_aria,2L
+
+#define SN_aria_128_cfb128              "ARIA-128-CFB"
+#define LN_aria_128_cfb128              "aria-128-cfb"
+#define NID_aria_128_cfb128             1067
+#define OBJ_aria_128_cfb128             OBJ_aria,3L
+
+#define SN_aria_128_ofb128              "ARIA-128-OFB"
+#define LN_aria_128_ofb128              "aria-128-ofb"
+#define NID_aria_128_ofb128             1068
+#define OBJ_aria_128_ofb128             OBJ_aria,4L
+
+#define SN_aria_128_ctr         "ARIA-128-CTR"
+#define LN_aria_128_ctr         "aria-128-ctr"
+#define NID_aria_128_ctr                1069
+#define OBJ_aria_128_ctr                OBJ_aria,5L
+
+#define SN_aria_192_ecb         "ARIA-192-ECB"
+#define LN_aria_192_ecb         "aria-192-ecb"
+#define NID_aria_192_ecb                1070
+#define OBJ_aria_192_ecb                OBJ_aria,6L
+
+#define SN_aria_192_cbc         "ARIA-192-CBC"
+#define LN_aria_192_cbc         "aria-192-cbc"
+#define NID_aria_192_cbc                1071
+#define OBJ_aria_192_cbc                OBJ_aria,7L
+
+#define SN_aria_192_cfb128              "ARIA-192-CFB"
+#define LN_aria_192_cfb128              "aria-192-cfb"
+#define NID_aria_192_cfb128             1072
+#define OBJ_aria_192_cfb128             OBJ_aria,8L
+
+#define SN_aria_192_ofb128              "ARIA-192-OFB"
+#define LN_aria_192_ofb128              "aria-192-ofb"
+#define NID_aria_192_ofb128             1073
+#define OBJ_aria_192_ofb128             OBJ_aria,9L
+
+#define SN_aria_192_ctr         "ARIA-192-CTR"
+#define LN_aria_192_ctr         "aria-192-ctr"
+#define NID_aria_192_ctr                1074
+#define OBJ_aria_192_ctr                OBJ_aria,10L
+
+#define SN_aria_256_ecb         "ARIA-256-ECB"
+#define LN_aria_256_ecb         "aria-256-ecb"
+#define NID_aria_256_ecb                1075
+#define OBJ_aria_256_ecb                OBJ_aria,11L
+
+#define SN_aria_256_cbc         "ARIA-256-CBC"
+#define LN_aria_256_cbc         "aria-256-cbc"
+#define NID_aria_256_cbc                1076
+#define OBJ_aria_256_cbc                OBJ_aria,12L
+
+#define SN_aria_256_cfb128              "ARIA-256-CFB"
+#define LN_aria_256_cfb128              "aria-256-cfb"
+#define NID_aria_256_cfb128             1077
+#define OBJ_aria_256_cfb128             OBJ_aria,13L
+
+#define SN_aria_256_ofb128              "ARIA-256-OFB"
+#define LN_aria_256_ofb128              "aria-256-ofb"
+#define NID_aria_256_ofb128             1078
+#define OBJ_aria_256_ofb128             OBJ_aria,14L
+
+#define SN_aria_256_ctr         "ARIA-256-CTR"
+#define LN_aria_256_ctr         "aria-256-ctr"
+#define NID_aria_256_ctr                1079
+#define OBJ_aria_256_ctr                OBJ_aria,15L
+
+#define SN_aria_128_cfb1                "ARIA-128-CFB1"
+#define LN_aria_128_cfb1                "aria-128-cfb1"
+#define NID_aria_128_cfb1               1080
+
+#define SN_aria_192_cfb1                "ARIA-192-CFB1"
+#define LN_aria_192_cfb1                "aria-192-cfb1"
+#define NID_aria_192_cfb1               1081
+
+#define SN_aria_256_cfb1                "ARIA-256-CFB1"
+#define LN_aria_256_cfb1                "aria-256-cfb1"
+#define NID_aria_256_cfb1               1082
+
+#define SN_aria_128_cfb8                "ARIA-128-CFB8"
+#define LN_aria_128_cfb8                "aria-128-cfb8"
+#define NID_aria_128_cfb8               1083
+
+#define SN_aria_192_cfb8                "ARIA-192-CFB8"
+#define LN_aria_192_cfb8                "aria-192-cfb8"
+#define NID_aria_192_cfb8               1084
+
+#define SN_aria_256_cfb8                "ARIA-256-CFB8"
+#define LN_aria_256_cfb8                "aria-256-cfb8"
+#define NID_aria_256_cfb8               1085
+
+#define SN_aria_128_ccm         "ARIA-128-CCM"
+#define LN_aria_128_ccm         "aria-128-ccm"
+#define NID_aria_128_ccm                1120
+#define OBJ_aria_128_ccm                OBJ_aria,37L
+
+#define SN_aria_192_ccm         "ARIA-192-CCM"
+#define LN_aria_192_ccm         "aria-192-ccm"
+#define NID_aria_192_ccm                1121
+#define OBJ_aria_192_ccm                OBJ_aria,38L
+
+#define SN_aria_256_ccm         "ARIA-256-CCM"
+#define LN_aria_256_ccm         "aria-256-ccm"
+#define NID_aria_256_ccm                1122
+#define OBJ_aria_256_ccm                OBJ_aria,39L
+
+#define SN_aria_128_gcm         "ARIA-128-GCM"
+#define LN_aria_128_gcm         "aria-128-gcm"
+#define NID_aria_128_gcm                1123
+#define OBJ_aria_128_gcm                OBJ_aria,34L
+
+#define SN_aria_192_gcm         "ARIA-192-GCM"
+#define LN_aria_192_gcm         "aria-192-gcm"
+#define NID_aria_192_gcm                1124
+#define OBJ_aria_192_gcm                OBJ_aria,35L
+
+#define SN_aria_256_gcm         "ARIA-256-GCM"
+#define LN_aria_256_gcm         "aria-256-gcm"
+#define NID_aria_256_gcm                1125
+#define OBJ_aria_256_gcm                OBJ_aria,36L
+
 #define SN_kisa         "KISA"
 #define LN_kisa         "kisa"
 #define NID_kisa                773
@@ -4011,6 +4732,41 @@
 #define NID_seed_ofb128         778
 #define OBJ_seed_ofb128         OBJ_kisa,1L,6L
 
+#define SN_sm4_ecb              "SM4-ECB"
+#define LN_sm4_ecb              "sm4-ecb"
+#define NID_sm4_ecb             1133
+#define OBJ_sm4_ecb             OBJ_sm_scheme,104L,1L
+
+#define SN_sm4_cbc              "SM4-CBC"
+#define LN_sm4_cbc              "sm4-cbc"
+#define NID_sm4_cbc             1134
+#define OBJ_sm4_cbc             OBJ_sm_scheme,104L,2L
+
+#define SN_sm4_ofb128           "SM4-OFB"
+#define LN_sm4_ofb128           "sm4-ofb"
+#define NID_sm4_ofb128          1135
+#define OBJ_sm4_ofb128          OBJ_sm_scheme,104L,3L
+
+#define SN_sm4_cfb128           "SM4-CFB"
+#define LN_sm4_cfb128           "sm4-cfb"
+#define NID_sm4_cfb128          1137
+#define OBJ_sm4_cfb128          OBJ_sm_scheme,104L,4L
+
+#define SN_sm4_cfb1             "SM4-CFB1"
+#define LN_sm4_cfb1             "sm4-cfb1"
+#define NID_sm4_cfb1            1136
+#define OBJ_sm4_cfb1            OBJ_sm_scheme,104L,5L
+
+#define SN_sm4_cfb8             "SM4-CFB8"
+#define LN_sm4_cfb8             "sm4-cfb8"
+#define NID_sm4_cfb8            1138
+#define OBJ_sm4_cfb8            OBJ_sm_scheme,104L,6L
+
+#define SN_sm4_ctr              "SM4-CTR"
+#define LN_sm4_ctr              "sm4-ctr"
+#define NID_sm4_ctr             1139
+#define OBJ_sm4_ctr             OBJ_sm_scheme,104L,7L
+
 #define SN_hmac         "HMAC"
 #define LN_hmac         "hmac"
 #define NID_hmac                855
@@ -4047,6 +4803,14 @@
 #define LN_aes_256_cbc_hmac_sha256              "aes-256-cbc-hmac-sha256"
 #define NID_aes_256_cbc_hmac_sha256             950
 
+#define SN_chacha20_poly1305            "ChaCha20-Poly1305"
+#define LN_chacha20_poly1305            "chacha20-poly1305"
+#define NID_chacha20_poly1305           1018
+
+#define SN_chacha20             "ChaCha20"
+#define LN_chacha20             "chacha20"
+#define NID_chacha20            1019
+
 #define SN_dhpublicnumber               "dhpublicnumber"
 #define LN_dhpublicnumber               "X9.42 DH"
 #define NID_dhpublicnumber              920
@@ -4192,3 +4956,243 @@
 #define LN_jurisdictionCountryName              "jurisdictionCountryName"
 #define NID_jurisdictionCountryName             957
 #define OBJ_jurisdictionCountryName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L
+
+#define SN_id_scrypt            "id-scrypt"
+#define LN_id_scrypt            "scrypt"
+#define NID_id_scrypt           973
+#define OBJ_id_scrypt           1L,3L,6L,1L,4L,1L,11591L,4L,11L
+
+#define SN_tls1_prf             "TLS1-PRF"
+#define LN_tls1_prf             "tls1-prf"
+#define NID_tls1_prf            1021
+
+#define SN_hkdf         "HKDF"
+#define LN_hkdf         "hkdf"
+#define NID_hkdf                1036
+
+#define SN_id_pkinit            "id-pkinit"
+#define NID_id_pkinit           1031
+#define OBJ_id_pkinit           1L,3L,6L,1L,5L,2L,3L
+
+#define SN_pkInitClientAuth             "pkInitClientAuth"
+#define LN_pkInitClientAuth             "PKINIT Client Auth"
+#define NID_pkInitClientAuth            1032
+#define OBJ_pkInitClientAuth            OBJ_id_pkinit,4L
+
+#define SN_pkInitKDC            "pkInitKDC"
+#define LN_pkInitKDC            "Signing KDC Response"
+#define NID_pkInitKDC           1033
+#define OBJ_pkInitKDC           OBJ_id_pkinit,5L
+
+#define SN_X25519               "X25519"
+#define NID_X25519              1034
+#define OBJ_X25519              1L,3L,101L,110L
+
+#define SN_X448         "X448"
+#define NID_X448                1035
+#define OBJ_X448                1L,3L,101L,111L
+
+#define SN_ED25519              "ED25519"
+#define NID_ED25519             1087
+#define OBJ_ED25519             1L,3L,101L,112L
+
+#define SN_ED448                "ED448"
+#define NID_ED448               1088
+#define OBJ_ED448               1L,3L,101L,113L
+
+#define SN_kx_rsa               "KxRSA"
+#define LN_kx_rsa               "kx-rsa"
+#define NID_kx_rsa              1037
+
+#define SN_kx_ecdhe             "KxECDHE"
+#define LN_kx_ecdhe             "kx-ecdhe"
+#define NID_kx_ecdhe            1038
+
+#define SN_kx_dhe               "KxDHE"
+#define LN_kx_dhe               "kx-dhe"
+#define NID_kx_dhe              1039
+
+#define SN_kx_ecdhe_psk         "KxECDHE-PSK"
+#define LN_kx_ecdhe_psk         "kx-ecdhe-psk"
+#define NID_kx_ecdhe_psk                1040
+
+#define SN_kx_dhe_psk           "KxDHE-PSK"
+#define LN_kx_dhe_psk           "kx-dhe-psk"
+#define NID_kx_dhe_psk          1041
+
+#define SN_kx_rsa_psk           "KxRSA_PSK"
+#define LN_kx_rsa_psk           "kx-rsa-psk"
+#define NID_kx_rsa_psk          1042
+
+#define SN_kx_psk               "KxPSK"
+#define LN_kx_psk               "kx-psk"
+#define NID_kx_psk              1043
+
+#define SN_kx_srp               "KxSRP"
+#define LN_kx_srp               "kx-srp"
+#define NID_kx_srp              1044
+
+#define SN_kx_gost              "KxGOST"
+#define LN_kx_gost              "kx-gost"
+#define NID_kx_gost             1045
+
+#define SN_kx_any               "KxANY"
+#define LN_kx_any               "kx-any"
+#define NID_kx_any              1063
+
+#define SN_auth_rsa             "AuthRSA"
+#define LN_auth_rsa             "auth-rsa"
+#define NID_auth_rsa            1046
+
+#define SN_auth_ecdsa           "AuthECDSA"
+#define LN_auth_ecdsa           "auth-ecdsa"
+#define NID_auth_ecdsa          1047
+
+#define SN_auth_psk             "AuthPSK"
+#define LN_auth_psk             "auth-psk"
+#define NID_auth_psk            1048
+
+#define SN_auth_dss             "AuthDSS"
+#define LN_auth_dss             "auth-dss"
+#define NID_auth_dss            1049
+
+#define SN_auth_gost01          "AuthGOST01"
+#define LN_auth_gost01          "auth-gost01"
+#define NID_auth_gost01         1050
+
+#define SN_auth_gost12          "AuthGOST12"
+#define LN_auth_gost12          "auth-gost12"
+#define NID_auth_gost12         1051
+
+#define SN_auth_srp             "AuthSRP"
+#define LN_auth_srp             "auth-srp"
+#define NID_auth_srp            1052
+
+#define SN_auth_null            "AuthNULL"
+#define LN_auth_null            "auth-null"
+#define NID_auth_null           1053
+
+#define SN_auth_any             "AuthANY"
+#define LN_auth_any             "auth-any"
+#define NID_auth_any            1064
+
+#define SN_poly1305             "Poly1305"
+#define LN_poly1305             "poly1305"
+#define NID_poly1305            1061
+
+#define SN_siphash              "SipHash"
+#define LN_siphash              "siphash"
+#define NID_siphash             1062
+
+#define SN_ffdhe2048            "ffdhe2048"
+#define NID_ffdhe2048           1126
+
+#define SN_ffdhe3072            "ffdhe3072"
+#define NID_ffdhe3072           1127
+
+#define SN_ffdhe4096            "ffdhe4096"
+#define NID_ffdhe4096           1128
+
+#define SN_ffdhe6144            "ffdhe6144"
+#define NID_ffdhe6144           1129
+
+#define SN_ffdhe8192            "ffdhe8192"
+#define NID_ffdhe8192           1130
+
+#define SN_ISO_UA               "ISO-UA"
+#define NID_ISO_UA              1150
+#define OBJ_ISO_UA              OBJ_member_body,804L
+
+#define SN_ua_pki               "ua-pki"
+#define NID_ua_pki              1151
+#define OBJ_ua_pki              OBJ_ISO_UA,2L,1L,1L,1L
+
+#define SN_dstu28147            "dstu28147"
+#define LN_dstu28147            "DSTU Gost 28147-2009"
+#define NID_dstu28147           1152
+#define OBJ_dstu28147           OBJ_ua_pki,1L,1L,1L
+
+#define SN_dstu28147_ofb                "dstu28147-ofb"
+#define LN_dstu28147_ofb                "DSTU Gost 28147-2009 OFB mode"
+#define NID_dstu28147_ofb               1153
+#define OBJ_dstu28147_ofb               OBJ_dstu28147,2L
+
+#define SN_dstu28147_cfb                "dstu28147-cfb"
+#define LN_dstu28147_cfb                "DSTU Gost 28147-2009 CFB mode"
+#define NID_dstu28147_cfb               1154
+#define OBJ_dstu28147_cfb               OBJ_dstu28147,3L
+
+#define SN_dstu28147_wrap               "dstu28147-wrap"
+#define LN_dstu28147_wrap               "DSTU Gost 28147-2009 key wrap"
+#define NID_dstu28147_wrap              1155
+#define OBJ_dstu28147_wrap              OBJ_dstu28147,5L
+
+#define SN_hmacWithDstu34311            "hmacWithDstu34311"
+#define LN_hmacWithDstu34311            "HMAC DSTU Gost 34311-95"
+#define NID_hmacWithDstu34311           1156
+#define OBJ_hmacWithDstu34311           OBJ_ua_pki,1L,1L,2L
+
+#define SN_dstu34311            "dstu34311"
+#define LN_dstu34311            "DSTU Gost 34311-95"
+#define NID_dstu34311           1157
+#define OBJ_dstu34311           OBJ_ua_pki,1L,2L,1L
+
+#define SN_dstu4145le           "dstu4145le"
+#define LN_dstu4145le           "DSTU 4145-2002 little endian"
+#define NID_dstu4145le          1158
+#define OBJ_dstu4145le          OBJ_ua_pki,1L,3L,1L,1L
+
+#define SN_dstu4145be           "dstu4145be"
+#define LN_dstu4145be           "DSTU 4145-2002 big endian"
+#define NID_dstu4145be          1159
+#define OBJ_dstu4145be          OBJ_dstu4145le,1L,1L
+
+#define SN_uacurve0             "uacurve0"
+#define LN_uacurve0             "DSTU curve 0"
+#define NID_uacurve0            1160
+#define OBJ_uacurve0            OBJ_dstu4145le,2L,0L
+
+#define SN_uacurve1             "uacurve1"
+#define LN_uacurve1             "DSTU curve 1"
+#define NID_uacurve1            1161
+#define OBJ_uacurve1            OBJ_dstu4145le,2L,1L
+
+#define SN_uacurve2             "uacurve2"
+#define LN_uacurve2             "DSTU curve 2"
+#define NID_uacurve2            1162
+#define OBJ_uacurve2            OBJ_dstu4145le,2L,2L
+
+#define SN_uacurve3             "uacurve3"
+#define LN_uacurve3             "DSTU curve 3"
+#define NID_uacurve3            1163
+#define OBJ_uacurve3            OBJ_dstu4145le,2L,3L
+
+#define SN_uacurve4             "uacurve4"
+#define LN_uacurve4             "DSTU curve 4"
+#define NID_uacurve4            1164
+#define OBJ_uacurve4            OBJ_dstu4145le,2L,4L
+
+#define SN_uacurve5             "uacurve5"
+#define LN_uacurve5             "DSTU curve 5"
+#define NID_uacurve5            1165
+#define OBJ_uacurve5            OBJ_dstu4145le,2L,5L
+
+#define SN_uacurve6             "uacurve6"
+#define LN_uacurve6             "DSTU curve 6"
+#define NID_uacurve6            1166
+#define OBJ_uacurve6            OBJ_dstu4145le,2L,6L
+
+#define SN_uacurve7             "uacurve7"
+#define LN_uacurve7             "DSTU curve 7"
+#define NID_uacurve7            1167
+#define OBJ_uacurve7            OBJ_dstu4145le,2L,7L
+
+#define SN_uacurve8             "uacurve8"
+#define LN_uacurve8             "DSTU curve 8"
+#define NID_uacurve8            1168
+#define OBJ_uacurve8            OBJ_dstu4145le,2L,8L
+
+#define SN_uacurve9             "uacurve9"
+#define LN_uacurve9             "DSTU curve 9"
+#define NID_uacurve9            1169
+#define OBJ_uacurve9            OBJ_dstu4145le,2L,9L
diff --git a/freebsd/crypto/openssl/include/openssl/objects.h b/freebsd/crypto/openssl/include/openssl/objects.h
new file mode 100644
index 00000000..5e8b5762
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/objects.h
@@ -0,0 +1,175 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_OBJECTS_H
+# define HEADER_OBJECTS_H
+
+# include <openssl/obj_mac.h>
+# include <openssl/bio.h>
+# include <openssl/asn1.h>
+# include <openssl/objectserr.h>
+
+# define OBJ_NAME_TYPE_UNDEF             0x00
+# define OBJ_NAME_TYPE_MD_METH           0x01
+# define OBJ_NAME_TYPE_CIPHER_METH       0x02
+# define OBJ_NAME_TYPE_PKEY_METH         0x03
+# define OBJ_NAME_TYPE_COMP_METH         0x04
+# define OBJ_NAME_TYPE_NUM               0x05
+
+# define OBJ_NAME_ALIAS                  0x8000
+
+# define OBJ_BSEARCH_VALUE_ON_NOMATCH            0x01
+# define OBJ_BSEARCH_FIRST_VALUE_ON_MATCH        0x02
+
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+typedef struct obj_name_st {
+    int type;
+    int alias;
+    const char *name;
+    const char *data;
+} OBJ_NAME;
+
+# define         OBJ_create_and_add_object(a,b,c) OBJ_create(a,b,c)
+
+int OBJ_NAME_init(void);
+int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *),
+                       int (*cmp_func) (const char *, const char *),
+                       void (*free_func) (const char *, int, const char *));
+const char *OBJ_NAME_get(const char *name, int type);
+int OBJ_NAME_add(const char *name, int type, const char *data);
+int OBJ_NAME_remove(const char *name, int type);
+void OBJ_NAME_cleanup(int type); /* -1 for everything */
+void OBJ_NAME_do_all(int type, void (*fn) (const OBJ_NAME *, void *arg),
+                     void *arg);
+void OBJ_NAME_do_all_sorted(int type,
+                            void (*fn) (const OBJ_NAME *, void *arg),
+                            void *arg);
+
+ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o);
+ASN1_OBJECT *OBJ_nid2obj(int n);
+const char *OBJ_nid2ln(int n);
+const char *OBJ_nid2sn(int n);
+int OBJ_obj2nid(const ASN1_OBJECT *o);
+ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name);
+int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name);
+int OBJ_txt2nid(const char *s);
+int OBJ_ln2nid(const char *s);
+int OBJ_sn2nid(const char *s);
+int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b);
+const void *OBJ_bsearch_(const void *key, const void *base, int num, int size,
+                         int (*cmp) (const void *, const void *));
+const void *OBJ_bsearch_ex_(const void *key, const void *base, int num,
+                            int size,
+                            int (*cmp) (const void *, const void *),
+                            int flags);
+
+# define _DECLARE_OBJ_BSEARCH_CMP_FN(scope, type1, type2, nm)    \
+  static int nm##_cmp_BSEARCH_CMP_FN(const void *, const void *); \
+  static int nm##_cmp(type1 const *, type2 const *); \
+  scope type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num)
+
+# define DECLARE_OBJ_BSEARCH_CMP_FN(type1, type2, cmp)   \
+  _DECLARE_OBJ_BSEARCH_CMP_FN(static, type1, type2, cmp)
+# define DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm)     \
+  type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num)
+
+/*-
+ * Unsolved problem: if a type is actually a pointer type, like
+ * nid_triple is, then its impossible to get a const where you need
+ * it. Consider:
+ *
+ * typedef int nid_triple[3];
+ * const void *a_;
+ * const nid_triple const *a = a_;
+ *
+ * The assignment discards a const because what you really want is:
+ *
+ * const int const * const *a = a_;
+ *
+ * But if you do that, you lose the fact that a is an array of 3 ints,
+ * which breaks comparison functions.
+ *
+ * Thus we end up having to cast, sadly, or unpack the
+ * declarations. Or, as I finally did in this case, declare nid_triple
+ * to be a struct, which it should have been in the first place.
+ *
+ * Ben, August 2008.
+ *
+ * Also, strictly speaking not all types need be const, but handling
+ * the non-constness means a lot of complication, and in practice
+ * comparison routines do always not touch their arguments.
+ */
+
+# define IMPLEMENT_OBJ_BSEARCH_CMP_FN(type1, type2, nm)  \
+  static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_)    \
+      { \
+      type1 const *a = a_; \
+      type2 const *b = b_; \
+      return nm##_cmp(a,b); \
+      } \
+  static type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \
+      { \
+      return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \
+                                        nm##_cmp_BSEARCH_CMP_FN); \
+      } \
+      extern void dummy_prototype(void)
+
+# define IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm)   \
+  static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_)    \
+      { \
+      type1 const *a = a_; \
+      type2 const *b = b_; \
+      return nm##_cmp(a,b); \
+      } \
+  type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \
+      { \
+      return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \
+                                        nm##_cmp_BSEARCH_CMP_FN); \
+      } \
+      extern void dummy_prototype(void)
+
+# define OBJ_bsearch(type1,key,type2,base,num,cmp)                              \
+  ((type2 *)OBJ_bsearch_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \
+                         num,sizeof(type2),                             \
+                         ((void)CHECKED_PTR_OF(type1,cmp##_type_1),     \
+                          (void)CHECKED_PTR_OF(type2,cmp##_type_2),     \
+                          cmp##_BSEARCH_CMP_FN)))
+
+# define OBJ_bsearch_ex(type1,key,type2,base,num,cmp,flags)                      \
+  ((type2 *)OBJ_bsearch_ex_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \
+                         num,sizeof(type2),                             \
+                         ((void)CHECKED_PTR_OF(type1,cmp##_type_1),     \
+                          (void)type_2=CHECKED_PTR_OF(type2,cmp##_type_2), \
+                          cmp##_BSEARCH_CMP_FN)),flags)
+
+int OBJ_new_nid(int num);
+int OBJ_add_object(const ASN1_OBJECT *obj);
+int OBJ_create(const char *oid, const char *sn, const char *ln);
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define OBJ_cleanup() while(0) continue
+#endif
+int OBJ_create_objects(BIO *in);
+
+size_t OBJ_length(const ASN1_OBJECT *obj);
+const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj);
+
+int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid);
+int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid);
+int OBJ_add_sigid(int signid, int dig_id, int pkey_id);
+void OBJ_sigid_free(void);
+
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/objectserr.h b/freebsd/crypto/openssl/include/openssl/objectserr.h
new file mode 100644
index 00000000..02308dfa
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/objectserr.h
@@ -0,0 +1,38 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_OBJERR_H
+# define HEADER_OBJERR_H
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_OBJ_strings(void);
+
+/*
+ * OBJ function codes.
+ */
+# define OBJ_F_OBJ_ADD_OBJECT                             105
+# define OBJ_F_OBJ_ADD_SIGID                              107
+# define OBJ_F_OBJ_CREATE                                 100
+# define OBJ_F_OBJ_DUP                                    101
+# define OBJ_F_OBJ_NAME_NEW_INDEX                         106
+# define OBJ_F_OBJ_NID2LN                                 102
+# define OBJ_F_OBJ_NID2OBJ                                103
+# define OBJ_F_OBJ_NID2SN                                 104
+# define OBJ_F_OBJ_TXT2OBJ                                108
+
+/*
+ * OBJ reason codes.
+ */
+# define OBJ_R_OID_EXISTS                                 102
+# define OBJ_R_UNKNOWN_NID                                101
+
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/ocsp.h b/freebsd/crypto/openssl/include/openssl/ocsp.h
new file mode 100644
index 00000000..937b3227
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/ocsp.h
@@ -0,0 +1,355 @@
+/*
+ * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_OCSP_H
+# define HEADER_OCSP_H
+
+#include <openssl/opensslconf.h>
+
+/*
+ * These definitions are outside the OPENSSL_NO_OCSP guard because although for
+ * historical reasons they have OCSP_* names, they can actually be used
+ * independently of OCSP. E.g. see RFC5280
+ */
+/*-
+ *   CRLReason ::= ENUMERATED {
+ *        unspecified             (0),
+ *        keyCompromise           (1),
+ *        cACompromise            (2),
+ *        affiliationChanged      (3),
+ *        superseded              (4),
+ *        cessationOfOperation    (5),
+ *        certificateHold         (6),
+ *        removeFromCRL           (8) }
+ */
+#  define OCSP_REVOKED_STATUS_NOSTATUS               -1
+#  define OCSP_REVOKED_STATUS_UNSPECIFIED             0
+#  define OCSP_REVOKED_STATUS_KEYCOMPROMISE           1
+#  define OCSP_REVOKED_STATUS_CACOMPROMISE            2
+#  define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED      3
+#  define OCSP_REVOKED_STATUS_SUPERSEDED              4
+#  define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION    5
+#  define OCSP_REVOKED_STATUS_CERTIFICATEHOLD         6
+#  define OCSP_REVOKED_STATUS_REMOVEFROMCRL           8
+
+
+# ifndef OPENSSL_NO_OCSP
+
+#  include <openssl/ossl_typ.h>
+#  include <openssl/x509.h>
+#  include <openssl/x509v3.h>
+#  include <openssl/safestack.h>
+#  include <openssl/ocsperr.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* Various flags and values */
+
+#  define OCSP_DEFAULT_NONCE_LENGTH       16
+
+#  define OCSP_NOCERTS                    0x1
+#  define OCSP_NOINTERN                   0x2
+#  define OCSP_NOSIGS                     0x4
+#  define OCSP_NOCHAIN                    0x8
+#  define OCSP_NOVERIFY                   0x10
+#  define OCSP_NOEXPLICIT                 0x20
+#  define OCSP_NOCASIGN                   0x40
+#  define OCSP_NODELEGATED                0x80
+#  define OCSP_NOCHECKS                   0x100
+#  define OCSP_TRUSTOTHER                 0x200
+#  define OCSP_RESPID_KEY                 0x400
+#  define OCSP_NOTIME                     0x800
+
+typedef struct ocsp_cert_id_st OCSP_CERTID;
+
+DEFINE_STACK_OF(OCSP_CERTID)
+
+typedef struct ocsp_one_request_st OCSP_ONEREQ;
+
+DEFINE_STACK_OF(OCSP_ONEREQ)
+
+typedef struct ocsp_req_info_st OCSP_REQINFO;
+typedef struct ocsp_signature_st OCSP_SIGNATURE;
+typedef struct ocsp_request_st OCSP_REQUEST;
+
+#  define OCSP_RESPONSE_STATUS_SUCCESSFUL           0
+#  define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST     1
+#  define OCSP_RESPONSE_STATUS_INTERNALERROR        2
+#  define OCSP_RESPONSE_STATUS_TRYLATER             3
+#  define OCSP_RESPONSE_STATUS_SIGREQUIRED          5
+#  define OCSP_RESPONSE_STATUS_UNAUTHORIZED         6
+
+typedef struct ocsp_resp_bytes_st OCSP_RESPBYTES;
+
+#  define V_OCSP_RESPID_NAME 0
+#  define V_OCSP_RESPID_KEY  1
+
+DEFINE_STACK_OF(OCSP_RESPID)
+DECLARE_ASN1_FUNCTIONS(OCSP_RESPID)
+
+typedef struct ocsp_revoked_info_st OCSP_REVOKEDINFO;
+
+#  define V_OCSP_CERTSTATUS_GOOD    0
+#  define V_OCSP_CERTSTATUS_REVOKED 1
+#  define V_OCSP_CERTSTATUS_UNKNOWN 2
+
+typedef struct ocsp_cert_status_st OCSP_CERTSTATUS;
+typedef struct ocsp_single_response_st OCSP_SINGLERESP;
+
+DEFINE_STACK_OF(OCSP_SINGLERESP)
+
+typedef struct ocsp_response_data_st OCSP_RESPDATA;
+
+typedef struct ocsp_basic_response_st OCSP_BASICRESP;
+
+typedef struct ocsp_crl_id_st OCSP_CRLID;
+typedef struct ocsp_service_locator_st OCSP_SERVICELOC;
+
+#  define PEM_STRING_OCSP_REQUEST "OCSP REQUEST"
+#  define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE"
+
+#  define d2i_OCSP_REQUEST_bio(bp,p) ASN1_d2i_bio_of(OCSP_REQUEST,OCSP_REQUEST_new,d2i_OCSP_REQUEST,bp,p)
+
+#  define d2i_OCSP_RESPONSE_bio(bp,p) ASN1_d2i_bio_of(OCSP_RESPONSE,OCSP_RESPONSE_new,d2i_OCSP_RESPONSE,bp,p)
+
+#  define PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \
+     (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST, \
+     bp,(char **)(x),cb,NULL)
+
+#  define PEM_read_bio_OCSP_RESPONSE(bp,x,cb)(OCSP_RESPONSE *)PEM_ASN1_read_bio(\
+     (char *(*)())d2i_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE, \
+     bp,(char **)(x),cb,NULL)
+
+#  define PEM_write_bio_OCSP_REQUEST(bp,o) \
+    PEM_ASN1_write_bio((int (*)())i2d_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,\
+                        bp,(char *)(o), NULL,NULL,0,NULL,NULL)
+
+#  define PEM_write_bio_OCSP_RESPONSE(bp,o) \
+    PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\
+                        bp,(char *)(o), NULL,NULL,0,NULL,NULL)
+
+#  define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio_of(OCSP_RESPONSE,i2d_OCSP_RESPONSE,bp,o)
+
+#  define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio_of(OCSP_REQUEST,i2d_OCSP_REQUEST,bp,o)
+
+#  define ASN1_BIT_STRING_digest(data,type,md,len) \
+        ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len)
+
+#  define OCSP_CERTSTATUS_dup(cs)\
+                (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\
+                (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs))
+
+OCSP_CERTID *OCSP_CERTID_dup(OCSP_CERTID *id);
+
+OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req);
+OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req,
+                               int maxline);
+int OCSP_REQ_CTX_nbio(OCSP_REQ_CTX *rctx);
+int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx);
+OCSP_REQ_CTX *OCSP_REQ_CTX_new(BIO *io, int maxline);
+void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx);
+void OCSP_set_max_response_length(OCSP_REQ_CTX *rctx, unsigned long len);
+int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const ASN1_ITEM *it,
+                     ASN1_VALUE *val);
+int OCSP_REQ_CTX_nbio_d2i(OCSP_REQ_CTX *rctx, ASN1_VALUE **pval,
+                          const ASN1_ITEM *it);
+BIO *OCSP_REQ_CTX_get0_mem_bio(OCSP_REQ_CTX *rctx);
+int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const ASN1_ITEM *it,
+                     ASN1_VALUE *val);
+int OCSP_REQ_CTX_http(OCSP_REQ_CTX *rctx, const char *op, const char *path);
+int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req);
+int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx,
+                             const char *name, const char *value);
+
+OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject,
+                             const X509 *issuer);
+
+OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
+                              const X509_NAME *issuerName,
+                              const ASN1_BIT_STRING *issuerKey,
+                              const ASN1_INTEGER *serialNumber);
+
+OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid);
+
+int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len);
+int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len);
+int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs);
+int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req);
+
+int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm);
+int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert);
+
+int OCSP_request_sign(OCSP_REQUEST *req,
+                      X509 *signer,
+                      EVP_PKEY *key,
+                      const EVP_MD *dgst,
+                      STACK_OF(X509) *certs, unsigned long flags);
+
+int OCSP_response_status(OCSP_RESPONSE *resp);
+OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp);
+
+const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs);
+const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs);
+const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs);
+int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer,
+                          STACK_OF(X509) *extra_certs);
+
+int OCSP_resp_count(OCSP_BASICRESP *bs);
+OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx);
+const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(const OCSP_BASICRESP* bs);
+const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs);
+int OCSP_resp_get0_id(const OCSP_BASICRESP *bs,
+                      const ASN1_OCTET_STRING **pid,
+                      const X509_NAME **pname);
+int OCSP_resp_get1_id(const OCSP_BASICRESP *bs,
+                      ASN1_OCTET_STRING **pid,
+                      X509_NAME **pname);
+
+int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last);
+int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,
+                            ASN1_GENERALIZEDTIME **revtime,
+                            ASN1_GENERALIZEDTIME **thisupd,
+                            ASN1_GENERALIZEDTIME **nextupd);
+int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status,
+                          int *reason,
+                          ASN1_GENERALIZEDTIME **revtime,
+                          ASN1_GENERALIZEDTIME **thisupd,
+                          ASN1_GENERALIZEDTIME **nextupd);
+int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
+                        ASN1_GENERALIZEDTIME *nextupd, long sec, long maxsec);
+
+int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs,
+                        X509_STORE *store, unsigned long flags);
+
+int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath,
+                   int *pssl);
+
+int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
+int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
+
+int OCSP_request_onereq_count(OCSP_REQUEST *req);
+OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i);
+OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one);
+int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,
+                      ASN1_OCTET_STRING **pikeyHash,
+                      ASN1_INTEGER **pserial, OCSP_CERTID *cid);
+int OCSP_request_is_signed(OCSP_REQUEST *req);
+OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs);
+OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp,
+                                        OCSP_CERTID *cid,
+                                        int status, int reason,
+                                        ASN1_TIME *revtime,
+                                        ASN1_TIME *thisupd,
+                                        ASN1_TIME *nextupd);
+int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert);
+int OCSP_basic_sign(OCSP_BASICRESP *brsp,
+                    X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
+                    STACK_OF(X509) *certs, unsigned long flags);
+int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp,
+                        X509 *signer, EVP_MD_CTX *ctx,
+                        STACK_OF(X509) *certs, unsigned long flags);
+int OCSP_RESPID_set_by_name(OCSP_RESPID *respid, X509 *cert);
+int OCSP_RESPID_set_by_key(OCSP_RESPID *respid, X509 *cert);
+int OCSP_RESPID_match(OCSP_RESPID *respid, X509 *cert);
+
+X509_EXTENSION *OCSP_crlID_new(const char *url, long *n, char *tim);
+
+X509_EXTENSION *OCSP_accept_responses_new(char **oids);
+
+X509_EXTENSION *OCSP_archive_cutoff_new(char *tim);
+
+X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, const char **urls);
+
+int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x);
+int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos);
+int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, const ASN1_OBJECT *obj,
+                                int lastpos);
+int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos);
+X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc);
+X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc);
+void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit,
+                                int *idx);
+int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit,
+                              unsigned long flags);
+int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc);
+
+int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x);
+int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos);
+int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, const ASN1_OBJECT *obj, int lastpos);
+int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos);
+X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc);
+X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc);
+void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx);
+int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit,
+                             unsigned long flags);
+int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc);
+
+int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x);
+int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos);
+int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, const ASN1_OBJECT *obj,
+                                  int lastpos);
+int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit,
+                                       int lastpos);
+X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc);
+X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc);
+void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit,
+                                  int *idx);
+int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value,
+                                int crit, unsigned long flags);
+int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc);
+
+int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x);
+int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos);
+int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, const ASN1_OBJECT *obj,
+                                   int lastpos);
+int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit,
+                                        int lastpos);
+X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc);
+X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc);
+void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit,
+                                   int *idx);
+int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value,
+                                 int crit, unsigned long flags);
+int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc);
+const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *x);
+
+DECLARE_ASN1_FUNCTIONS(OCSP_SINGLERESP)
+DECLARE_ASN1_FUNCTIONS(OCSP_CERTSTATUS)
+DECLARE_ASN1_FUNCTIONS(OCSP_REVOKEDINFO)
+DECLARE_ASN1_FUNCTIONS(OCSP_BASICRESP)
+DECLARE_ASN1_FUNCTIONS(OCSP_RESPDATA)
+DECLARE_ASN1_FUNCTIONS(OCSP_RESPID)
+DECLARE_ASN1_FUNCTIONS(OCSP_RESPONSE)
+DECLARE_ASN1_FUNCTIONS(OCSP_RESPBYTES)
+DECLARE_ASN1_FUNCTIONS(OCSP_ONEREQ)
+DECLARE_ASN1_FUNCTIONS(OCSP_CERTID)
+DECLARE_ASN1_FUNCTIONS(OCSP_REQUEST)
+DECLARE_ASN1_FUNCTIONS(OCSP_SIGNATURE)
+DECLARE_ASN1_FUNCTIONS(OCSP_REQINFO)
+DECLARE_ASN1_FUNCTIONS(OCSP_CRLID)
+DECLARE_ASN1_FUNCTIONS(OCSP_SERVICELOC)
+
+const char *OCSP_response_status_str(long s);
+const char *OCSP_cert_status_str(long s);
+const char *OCSP_crl_reason_str(long s);
+
+int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *a, unsigned long flags);
+int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags);
+
+int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
+                      X509_STORE *st, unsigned long flags);
+
+
+#  ifdef  __cplusplus
+}
+#  endif
+# endif
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/ocsperr.h b/freebsd/crypto/openssl/include/openssl/ocsperr.h
new file mode 100644
index 00000000..7d93b12d
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/ocsperr.h
@@ -0,0 +1,74 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_OCSPERR_H
+# define HEADER_OCSPERR_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_OCSP
+
+#  ifdef  __cplusplus
+extern "C"
+#  endif
+int ERR_load_OCSP_strings(void);
+
+/*
+ * OCSP function codes.
+ */
+#  define OCSP_F_D2I_OCSP_NONCE                            102
+#  define OCSP_F_OCSP_BASIC_ADD1_STATUS                    103
+#  define OCSP_F_OCSP_BASIC_SIGN                           104
+#  define OCSP_F_OCSP_BASIC_SIGN_CTX                       119
+#  define OCSP_F_OCSP_BASIC_VERIFY                         105
+#  define OCSP_F_OCSP_CERT_ID_NEW                          101
+#  define OCSP_F_OCSP_CHECK_DELEGATED                      106
+#  define OCSP_F_OCSP_CHECK_IDS                            107
+#  define OCSP_F_OCSP_CHECK_ISSUER                         108
+#  define OCSP_F_OCSP_CHECK_VALIDITY                       115
+#  define OCSP_F_OCSP_MATCH_ISSUERID                       109
+#  define OCSP_F_OCSP_PARSE_URL                            114
+#  define OCSP_F_OCSP_REQUEST_SIGN                         110
+#  define OCSP_F_OCSP_REQUEST_VERIFY                       116
+#  define OCSP_F_OCSP_RESPONSE_GET1_BASIC                  111
+#  define OCSP_F_PARSE_HTTP_LINE1                          118
+
+/*
+ * OCSP reason codes.
+ */
+#  define OCSP_R_CERTIFICATE_VERIFY_ERROR                  101
+#  define OCSP_R_DIGEST_ERR                                102
+#  define OCSP_R_ERROR_IN_NEXTUPDATE_FIELD                 122
+#  define OCSP_R_ERROR_IN_THISUPDATE_FIELD                 123
+#  define OCSP_R_ERROR_PARSING_URL                         121
+#  define OCSP_R_MISSING_OCSPSIGNING_USAGE                 103
+#  define OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE              124
+#  define OCSP_R_NOT_BASIC_RESPONSE                        104
+#  define OCSP_R_NO_CERTIFICATES_IN_CHAIN                  105
+#  define OCSP_R_NO_RESPONSE_DATA                          108
+#  define OCSP_R_NO_REVOKED_TIME                           109
+#  define OCSP_R_NO_SIGNER_KEY                             130
+#  define OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE    110
+#  define OCSP_R_REQUEST_NOT_SIGNED                        128
+#  define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA      111
+#  define OCSP_R_ROOT_CA_NOT_TRUSTED                       112
+#  define OCSP_R_SERVER_RESPONSE_ERROR                     114
+#  define OCSP_R_SERVER_RESPONSE_PARSE_ERROR               115
+#  define OCSP_R_SIGNATURE_FAILURE                         117
+#  define OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND              118
+#  define OCSP_R_STATUS_EXPIRED                            125
+#  define OCSP_R_STATUS_NOT_YET_VALID                      126
+#  define OCSP_R_STATUS_TOO_OLD                            127
+#  define OCSP_R_UNKNOWN_MESSAGE_DIGEST                    119
+#  define OCSP_R_UNKNOWN_NID                               120
+#  define OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE            129
+
+# endif
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/opensslconf.h b/freebsd/crypto/openssl/include/openssl/opensslconf.h
new file mode 100644
index 00000000..2344a943
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/opensslconf.h
@@ -0,0 +1,198 @@
+/* $FreeBSD$ */
+/*
+ * WARNING: do not edit!
+ * Generated by Makefile from include/openssl/opensslconf.h.in
+ *
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslv.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# error OPENSSL_ALGORITHM_DEFINES no longer supported
+#endif
+
+/*
+ * OpenSSL was configured with the following options:
+ */
+
+#ifndef OPENSSL_NO_MD2
+# define OPENSSL_NO_MD2
+#endif
+#ifndef OPENSSL_THREADS
+# define OPENSSL_THREADS
+#endif
+#ifndef OPENSSL_RAND_SEED_OS
+# define OPENSSL_RAND_SEED_OS
+#endif
+#ifndef OPENSSL_NO_ASAN
+# define OPENSSL_NO_ASAN
+#endif
+#ifndef OPENSSL_NO_ASM
+# define OPENSSL_NO_ASM
+#endif
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+# define OPENSSL_NO_CRYPTO_MDEBUG
+#endif
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+# define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+#endif
+#ifndef OPENSSL_NO_DEVCRYPTOENG
+# define OPENSSL_NO_DEVCRYPTOENG
+#endif
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+# define OPENSSL_NO_EC_NISTP_64_GCC_128
+#endif
+#ifndef OPENSSL_NO_EGD
+# define OPENSSL_NO_EGD
+#endif
+#ifndef OPENSSL_NO_EXTERNAL_TESTS
+# define OPENSSL_NO_EXTERNAL_TESTS
+#endif
+#ifndef OPENSSL_NO_FUZZ_AFL
+# define OPENSSL_NO_FUZZ_AFL
+#endif
+#ifndef OPENSSL_NO_FUZZ_LIBFUZZER
+# define OPENSSL_NO_FUZZ_LIBFUZZER
+#endif
+#ifndef OPENSSL_NO_HEARTBEATS
+# define OPENSSL_NO_HEARTBEATS
+#endif
+#ifndef OPENSSL_NO_MSAN
+# define OPENSSL_NO_MSAN
+#endif
+#ifndef OPENSSL_NO_SCTP
+# define OPENSSL_NO_SCTP
+#endif
+#ifndef OPENSSL_NO_SSL_TRACE
+# define OPENSSL_NO_SSL_TRACE
+#endif
+#ifndef OPENSSL_NO_UBSAN
+# define OPENSSL_NO_UBSAN
+#endif
+#ifndef OPENSSL_NO_UNIT_TEST
+# define OPENSSL_NO_UNIT_TEST
+#endif
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+# define OPENSSL_NO_WEAK_SSL_CIPHERS
+#endif
+#ifndef OPENSSL_NO_STATIC_ENGINE
+# define OPENSSL_NO_STATIC_ENGINE
+#endif
+#ifndef OPENSSL_NO_AFALGENG
+# define OPENSSL_NO_AFALGENG
+#endif
+
+
+/*
+ * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers
+ * don't like that.  This will hopefully silence them.
+ */
+#define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy;
+
+/*
+ * Applications should use -DOPENSSL_API_COMPAT=<version> to suppress the
+ * declarations of functions deprecated in or before <version>. Otherwise, they
+ * still won't see them if the library has been built to disable deprecated
+ * functions.
+ */
+#ifndef DECLARE_DEPRECATED
+# define DECLARE_DEPRECATED(f)   f;
+# ifdef __GNUC__
+#  if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
+#   undef DECLARE_DEPRECATED
+#   define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
+#  endif
+# endif
+#endif
+
+#ifndef OPENSSL_FILE
+# ifdef OPENSSL_NO_FILENAMES
+#  define OPENSSL_FILE ""
+#  define OPENSSL_LINE 0
+# else
+#  define OPENSSL_FILE __FILE__
+#  define OPENSSL_LINE __LINE__
+# endif
+#endif
+
+#ifndef OPENSSL_MIN_API
+# define OPENSSL_MIN_API 0
+#endif
+
+#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API
+# undef OPENSSL_API_COMPAT
+# define OPENSSL_API_COMPAT OPENSSL_MIN_API
+#endif
+
+/*
+ * Do not deprecate things to be deprecated in version 1.2.0 before the
+ * OpenSSL version number matches.
+ */
+#if OPENSSL_VERSION_NUMBER < 0x10200000L
+# define DEPRECATEDIN_1_2_0(f)   f;
+#elif OPENSSL_API_COMPAT < 0x10200000L
+# define DEPRECATEDIN_1_2_0(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_2_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define DEPRECATEDIN_1_1_0(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_1_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x10000000L
+# define DEPRECATEDIN_1_0_0(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_0_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x00908000L
+# define DEPRECATEDIN_0_9_8(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_0_9_8(f)
+#endif
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+/*
+ * The following are cipher-specific, but are part of the public API.
+ */
+#if !defined(OPENSSL_SYS_UEFI)
+#ifdef __LP64__
+# undef BN_LLONG
+/* Only one for the following should be defined */
+# define SIXTY_FOUR_BIT_LONG
+# undef SIXTY_FOUR_BIT
+# undef THIRTY_TWO_BIT
+#else
+# define BN_LLONG
+/* Only one for the following should be defined */
+# undef SIXTY_FOUR_BIT_LONG
+# undef SIXTY_FOUR_BIT
+# define THIRTY_TWO_BIT
+#endif
+#endif
+
+#define RC4_INT unsigned int
+
+#ifdef  __cplusplus
+}
+#endif
diff --git a/freebsd/crypto/openssl/crypto/opensslv.h b/freebsd/crypto/openssl/include/openssl/opensslv.h
index 68e558c7..d23d73f9 100644
--- a/freebsd/crypto/openssl/crypto/opensslv.h
+++ b/freebsd/crypto/openssl/include/openssl/opensslv.h
@@ -1,3 +1,12 @@
+/*
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
 #ifndef HEADER_OPENSSLV_H
 # define HEADER_OPENSSLV_H
 
@@ -30,13 +39,8 @@ extern "C" {
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-# define OPENSSL_VERSION_NUMBER  0x1000210fL
-# ifdef OPENSSL_FIPS
-#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2p-fips  14 Aug 2018"
-# else
-#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2p-freebsd  14 Aug 2018"
-# endif
-# define OPENSSL_VERSION_PTEXT   " part of " OPENSSL_VERSION_TEXT
+# define OPENSSL_VERSION_NUMBER  0x1010100fL
+# define OPENSSL_VERSION_TEXT    "OpenSSL 1.1.1-freebsd  11 Sep 2018"
 
 /*-
  * The macros below are to be used for shared library (.so, .dll, ...)
@@ -49,7 +53,7 @@ extern "C" {
  *
  *      libcrypto.so.0.9
  *
- * Some unixen also make a softlink with the major verson number only:
+ * Some unixen also make a softlink with the major version number only:
  *
  *      libcrypto.so.0
  *
@@ -88,7 +92,7 @@ extern "C" {
  * should only keep the versions that are binary compatible with the current.
  */
 # define SHLIB_VERSION_HISTORY ""
-# define SHLIB_VERSION_NUMBER "8"
+# define SHLIB_VERSION_NUMBER "9"
 
 
 #ifdef  __cplusplus
diff --git a/freebsd/crypto/openssl/crypto/ossl_typ.h b/freebsd/crypto/openssl/include/openssl/ossl_typ.h
index 364d2623..7993ca28 100644
--- a/freebsd/crypto/openssl/crypto/ossl_typ.h
+++ b/freebsd/crypto/openssl/include/openssl/ossl_typ.h
@@ -1,60 +1,17 @@
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #ifndef HEADER_OPENSSL_TYPES_H
 # define HEADER_OPENSSL_TYPES_H
 
+#include <limits.h>
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
@@ -104,12 +61,13 @@ typedef struct asn1_object_st ASN1_OBJECT;
 
 typedef struct ASN1_ITEM_st ASN1_ITEM;
 typedef struct asn1_pctx_st ASN1_PCTX;
+typedef struct asn1_sctx_st ASN1_SCTX;
 
-# ifdef OPENSSL_SYS_WIN32
+# ifdef _WIN32
 #  undef X509_NAME
 #  undef X509_EXTENSIONS
-#  undef X509_CERT_PAIR
 #  undef PKCS7_ISSUER_AND_SERIAL
+#  undef PKCS7_SIGNER_INFO
 #  undef OCSP_REQUEST
 #  undef OCSP_RESPONSE
 # endif
@@ -117,6 +75,8 @@ typedef struct asn1_pctx_st ASN1_PCTX;
 # ifdef BIGNUM
 #  undef BIGNUM
 # endif
+struct dane_st;
+typedef struct bio_st BIO;
 typedef struct bignum_st BIGNUM;
 typedef struct bignum_ctx BN_CTX;
 typedef struct bn_blinding_st BN_BLINDING;
@@ -128,8 +88,8 @@ typedef struct buf_mem_st BUF_MEM;
 
 typedef struct evp_cipher_st EVP_CIPHER;
 typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX;
-typedef struct env_md_st EVP_MD;
-typedef struct env_md_ctx_st EVP_MD_CTX;
+typedef struct evp_md_st EVP_MD;
+typedef struct evp_md_ctx_st EVP_MD_CTX;
 typedef struct evp_pkey_st EVP_PKEY;
 
 typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD;
@@ -137,6 +97,10 @@ typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD;
 typedef struct evp_pkey_method_st EVP_PKEY_METHOD;
 typedef struct evp_pkey_ctx_st EVP_PKEY_CTX;
 
+typedef struct evp_Encode_Ctx_st EVP_ENCODE_CTX;
+
+typedef struct hmac_ctx_st HMAC_CTX;
+
 typedef struct dh_st DH;
 typedef struct dh_method DH_METHOD;
 
@@ -146,11 +110,13 @@ typedef struct dsa_method DSA_METHOD;
 typedef struct rsa_st RSA;
 typedef struct rsa_meth_st RSA_METHOD;
 
-typedef struct rand_meth_st RAND_METHOD;
+typedef struct ec_key_st EC_KEY;
+typedef struct ec_key_method_st EC_KEY_METHOD;
 
-typedef struct ecdh_method ECDH_METHOD;
-typedef struct ecdsa_method ECDSA_METHOD;
+typedef struct rand_meth_st RAND_METHOD;
+typedef struct rand_drbg_st RAND_DRBG;
 
+typedef struct ssl_dane_st SSL_DANE;
 typedef struct x509_st X509;
 typedef struct X509_algor_st X509_ALGOR;
 typedef struct X509_crl_st X509_CRL;
@@ -161,23 +127,27 @@ typedef struct X509_pubkey_st X509_PUBKEY;
 typedef struct x509_store_st X509_STORE;
 typedef struct x509_store_ctx_st X509_STORE_CTX;
 
+typedef struct x509_object_st X509_OBJECT;
+typedef struct x509_lookup_st X509_LOOKUP;
+typedef struct x509_lookup_method_st X509_LOOKUP_METHOD;
+typedef struct X509_VERIFY_PARAM_st X509_VERIFY_PARAM;
+
+typedef struct x509_sig_info_st X509_SIG_INFO;
+
 typedef struct pkcs8_priv_key_info_st PKCS8_PRIV_KEY_INFO;
 
 typedef struct v3_ext_ctx X509V3_CTX;
 typedef struct conf_st CONF;
-
-typedef struct store_st STORE;
-typedef struct store_method_st STORE_METHOD;
+typedef struct ossl_init_settings_st OPENSSL_INIT_SETTINGS;
 
 typedef struct ui_st UI;
 typedef struct ui_method_st UI_METHOD;
 
-typedef struct st_ERR_FNS ERR_FNS;
-
 typedef struct engine_st ENGINE;
 typedef struct ssl_st SSL;
 typedef struct ssl_ctx_st SSL_CTX;
 
+typedef struct comp_ctx_st COMP_CTX;
 typedef struct comp_method_st COMP_METHOD;
 
 typedef struct X509_POLICY_NODE_st X509_POLICY_NODE;
@@ -190,23 +160,36 @@ typedef struct DIST_POINT_st DIST_POINT;
 typedef struct ISSUING_DIST_POINT_st ISSUING_DIST_POINT;
 typedef struct NAME_CONSTRAINTS_st NAME_CONSTRAINTS;
 
-  /* If placed in pkcs12.h, we end up with a circular depency with pkcs7.h */
-# define DECLARE_PKCS12_STACK_OF(type)/* Nothing */
-# define IMPLEMENT_PKCS12_STACK_OF(type)/* Nothing */
-
 typedef struct crypto_ex_data_st CRYPTO_EX_DATA;
-/* Callback types for crypto.h */
-typedef int CRYPTO_EX_new (void *parent, void *ptr, CRYPTO_EX_DATA *ad,
-                           int idx, long argl, void *argp);
-typedef void CRYPTO_EX_free (void *parent, void *ptr, CRYPTO_EX_DATA *ad,
-                             int idx, long argl, void *argp);
-typedef int CRYPTO_EX_dup (CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from,
-                           void *from_d, int idx, long argl, void *argp);
 
 typedef struct ocsp_req_ctx_st OCSP_REQ_CTX;
 typedef struct ocsp_response_st OCSP_RESPONSE;
 typedef struct ocsp_responder_id_st OCSP_RESPID;
 
+typedef struct sct_st SCT;
+typedef struct sct_ctx_st SCT_CTX;
+typedef struct ctlog_st CTLOG;
+typedef struct ctlog_store_st CTLOG_STORE;
+typedef struct ct_policy_eval_ctx_st CT_POLICY_EVAL_CTX;
+
+typedef struct ossl_store_info_st OSSL_STORE_INFO;
+typedef struct ossl_store_search_st OSSL_STORE_SEARCH;
+
+#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \
+    defined(INTMAX_MAX) && defined(UINTMAX_MAX)
+typedef intmax_t ossl_intmax_t;
+typedef uintmax_t ossl_uintmax_t;
+#else
+/*
+ * Not long long, because the C-library can only be expected to provide
+ * strtoll(), strtoull() at the same time as intmax_t and strtoimax(),
+ * strtoumax().  Since we use these for parsing arguments, we need the
+ * conversion functions, not just the sizes.
+ */
+typedef long ossl_intmax_t;
+typedef unsigned long ossl_uintmax_t;
+#endif
+
 #ifdef  __cplusplus
 }
 #endif
diff --git a/freebsd/crypto/openssl/crypto/pem/pem.h b/freebsd/crypto/openssl/include/openssl/pem.h
index 9c1d939a..2ef5b5d0 100644
--- a/freebsd/crypto/openssl/crypto/pem/pem.h
+++ b/freebsd/crypto/openssl/include/openssl/pem.h
@@ -1,74 +1,21 @@
-/* crypto/pem/pem.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #ifndef HEADER_PEM_H
 # define HEADER_PEM_H
 
 # include <openssl/e_os2.h>
-# ifndef OPENSSL_NO_BIO
-#  include <openssl/bio.h>
-# endif
-# ifndef OPENSSL_NO_STACK
-#  include <openssl/stack.h>
-# endif
+# include <openssl/bio.h>
+# include <openssl/safestack.h>
 # include <openssl/evp.h>
 # include <openssl/x509.h>
-# include <openssl/pem2.h>
+# include <openssl/pemerr.h>
 
 #ifdef  __cplusplus
 extern "C" {
@@ -76,44 +23,8 @@ extern "C" {
 
 # define PEM_BUFSIZE             1024
 
-# define PEM_OBJ_UNDEF           0
-# define PEM_OBJ_X509            1
-# define PEM_OBJ_X509_REQ        2
-# define PEM_OBJ_CRL             3
-# define PEM_OBJ_SSL_SESSION     4
-# define PEM_OBJ_PRIV_KEY        10
-# define PEM_OBJ_PRIV_RSA        11
-# define PEM_OBJ_PRIV_DSA        12
-# define PEM_OBJ_PRIV_DH         13
-# define PEM_OBJ_PUB_RSA         14
-# define PEM_OBJ_PUB_DSA         15
-# define PEM_OBJ_PUB_DH          16
-# define PEM_OBJ_DHPARAMS        17
-# define PEM_OBJ_DSAPARAMS       18
-# define PEM_OBJ_PRIV_RSA_PUBLIC 19
-# define PEM_OBJ_PRIV_ECDSA      20
-# define PEM_OBJ_PUB_ECDSA       21
-# define PEM_OBJ_ECPARAMETERS    22
-
-# define PEM_ERROR               30
-# define PEM_DEK_DES_CBC         40
-# define PEM_DEK_IDEA_CBC        45
-# define PEM_DEK_DES_EDE         50
-# define PEM_DEK_DES_ECB         60
-# define PEM_DEK_RSA             70
-# define PEM_DEK_RSA_MD2         80
-# define PEM_DEK_RSA_MD5         90
-
-# define PEM_MD_MD2              NID_md2
-# define PEM_MD_MD5              NID_md5
-# define PEM_MD_SHA              NID_sha
-# define PEM_MD_MD2_RSA          NID_md2WithRSAEncryption
-# define PEM_MD_MD5_RSA          NID_md5WithRSAEncryption
-# define PEM_MD_SHA_RSA          NID_sha1WithRSAEncryption
-
 # define PEM_STRING_X509_OLD     "X509 CERTIFICATE"
 # define PEM_STRING_X509         "CERTIFICATE"
-# define PEM_STRING_X509_PAIR    "CERTIFICATE PAIR"
 # define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE"
 # define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST"
 # define PEM_STRING_X509_REQ     "CERTIFICATE REQUEST"
@@ -138,78 +49,18 @@ extern "C" {
 # define PEM_STRING_PARAMETERS   "PARAMETERS"
 # define PEM_STRING_CMS          "CMS"
 
-  /*
-   * Note that this structure is initialised by PEM_SealInit and cleaned up
-   * by PEM_SealFinal (at least for now)
-   */
-typedef struct PEM_Encode_Seal_st {
-    EVP_ENCODE_CTX encode;
-    EVP_MD_CTX md;
-    EVP_CIPHER_CTX cipher;
-} PEM_ENCODE_SEAL_CTX;
-
-/* enc_type is one off */
 # define PEM_TYPE_ENCRYPTED      10
 # define PEM_TYPE_MIC_ONLY       20
 # define PEM_TYPE_MIC_CLEAR      30
 # define PEM_TYPE_CLEAR          40
 
-typedef struct pem_recip_st {
-    char *name;
-    X509_NAME *dn;
-    int cipher;
-    int key_enc;
-    /*      char iv[8]; unused and wrong size */
-} PEM_USER;
-
-typedef struct pem_ctx_st {
-    int type;                   /* what type of object */
-    struct {
-        int version;
-        int mode;
-    } proc_type;
-
-    char *domain;
-
-    struct {
-        int cipher;
-        /*-
-        unused, and wrong size
-        unsigned char iv[8]; */
-    } DEK_info;
-
-    PEM_USER *originator;
-
-    int num_recipient;
-    PEM_USER **recipient;
-/*-
-    XXX(ben): don#t think this is used!
-        STACK *x509_chain;      / * certificate chain */
-    EVP_MD *md;                 /* signature type */
-
-    int md_enc;                 /* is the md encrypted or not? */
-    int md_len;                 /* length of md_data */
-    char *md_data;              /* message digest, could be pkey encrypted */
-
-    EVP_CIPHER *dec;            /* date encryption cipher */
-    int key_len;                /* key length */
-    unsigned char *key;         /* key */
-  /*-
-    unused, and wrong size
-    unsigned char iv[8]; */
-
-    int data_enc;               /* is the data encrypted */
-    int data_len;
-    unsigned char *data;
-} PEM_CTX;
-
 /*
  * These macros make the PEM_read/PEM_write functions easier to maintain and
  * write. Now they are all implemented with either: IMPLEMENT_PEM_rw(...) or
  * IMPLEMENT_PEM_rw_cb(...)
  */
 
-# ifdef OPENSSL_NO_FP_API
+# ifdef OPENSSL_NO_STDIO
 
 #  define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/
 #  define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/
@@ -320,10 +171,11 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
 
 /* These are the same except they are for the declarations */
 
-# if defined(OPENSSL_NO_FP_API)
+# if defined(OPENSSL_NO_STDIO)
 
 #  define DECLARE_PEM_read_fp(name, type) /**/
 #  define DECLARE_PEM_write_fp(name, type) /**/
+#  define DECLARE_PEM_write_fp_const(name, type) /**/
 #  define DECLARE_PEM_write_cb_fp(name, type) /**/
 # else
 
@@ -342,7 +194,6 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
 
 # endif
 
-# ifndef OPENSSL_NO_BIO
 #  define DECLARE_PEM_read_bio(name, type) \
         type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u);
 
@@ -356,13 +207,6 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
         int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
              unsigned char *kstr, int klen, pem_password_cb *cb, void *u);
 
-# else
-
-#  define DECLARE_PEM_read_bio(name, type) /**/
-#  define DECLARE_PEM_write_bio(name, type) /**/
-#  define DECLARE_PEM_write_bio_const(name, type) /**/
-#  define DECLARE_PEM_write_cb_bio(name, type) /**/
-# endif
 # define DECLARE_PEM_write(name, type) \
         DECLARE_PEM_write_bio(name, type) \
         DECLARE_PEM_write_fp(name, type)
@@ -384,21 +228,22 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
 # define DECLARE_PEM_rw_cb(name, type) \
         DECLARE_PEM_read(name, type) \
         DECLARE_PEM_write_cb(name, type)
-# if 1
-/* "userdata": new with OpenSSL 0.9.4 */
 typedef int pem_password_cb (char *buf, int size, int rwflag, void *userdata);
-# else
-/* OpenSSL 0.9.3, 0.9.3a */
-typedef int pem_password_cb (char *buf, int size, int rwflag);
-# endif
 
 int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher);
 int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *len,
                   pem_password_cb *callback, void *u);
 
-# ifndef OPENSSL_NO_BIO
 int PEM_read_bio(BIO *bp, char **name, char **header,
                  unsigned char **data, long *len);
+#   define PEM_FLAG_SECURE             0x1
+#   define PEM_FLAG_EAY_COMPATIBLE     0x2
+#   define PEM_FLAG_ONLY_B64           0x4
+int PEM_read_bio_ex(BIO *bp, char **name, char **header,
+                    unsigned char **data, long *len, unsigned int flags);
+int PEM_bytes_read_bio_secmem(unsigned char **pdata, long *plen, char **pnm,
+                              const char *name, BIO *bp, pem_password_cb *cb,
+                              void *u);
 int PEM_write_bio(BIO *bp, const char *name, const char *hdr,
                   const unsigned char *data, long len);
 int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm,
@@ -415,8 +260,8 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk,
 int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
                             unsigned char *kstr, int klen,
                             pem_password_cb *cd, void *u);
-# endif
 
+#ifndef OPENSSL_NO_STDIO
 int PEM_read(FILE *fp, char **name, char **header,
              unsigned char **data, long *len);
 int PEM_write(FILE *fp, const char *name, const char *hdr,
@@ -428,17 +273,10 @@ int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
                    int klen, pem_password_cb *callback, void *u);
 STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
                                         pem_password_cb *cb, void *u);
+#endif
 
-int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type,
-                 EVP_MD *md_type, unsigned char **ek, int *ekl,
-                 unsigned char *iv, EVP_PKEY **pubk, int npubk);
-void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl,
-                    unsigned char *in, int inl);
-int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl,
-                  unsigned char *out, int *outl, EVP_PKEY *priv);
-
-void PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type);
-void PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *d, unsigned int cnt);
+int PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type);
+int PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *d, unsigned int cnt);
 int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
                   unsigned int *siglen, EVP_PKEY *pkey);
 
@@ -451,7 +289,6 @@ void PEM_dek_info(char *buf, const char *type, int len, char *str);
 
 DECLARE_PEM_rw(X509, X509)
 DECLARE_PEM_rw(X509_AUX, X509)
-DECLARE_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR)
 DECLARE_PEM_rw(X509_REQ, X509_REQ)
 DECLARE_PEM_write(X509_REQ_NEW, X509_REQ)
 DECLARE_PEM_rw(X509_CRL, X509_CRL)
@@ -481,6 +318,11 @@ DECLARE_PEM_write_const(DHxparams, DH)
 DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY)
 DECLARE_PEM_rw(PUBKEY, EVP_PKEY)
 
+int PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x,
+                                         const EVP_CIPHER *enc,
+                                         unsigned char *kstr, int klen,
+                                         pem_password_cb *cb, void *u);
+
 int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
                                       char *kstr, int klen,
                                       pem_password_cb *cb, void *u);
@@ -495,6 +337,7 @@ int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
 EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
                                   void *u);
 
+# ifndef OPENSSL_NO_STDIO
 int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
                            char *kstr, int klen,
                            pem_password_cb *cb, void *u);
@@ -511,107 +354,24 @@ EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb,
 int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
                               char *kstr, int klen, pem_password_cb *cd,
                               void *u);
-
+# endif
 EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x);
 int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x);
 
+# ifndef OPENSSL_NO_DSA
 EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length);
 EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length);
 EVP_PKEY *b2i_PrivateKey_bio(BIO *in);
 EVP_PKEY *b2i_PublicKey_bio(BIO *in);
 int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk);
 int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk);
-# ifndef OPENSSL_NO_RC4
+#  ifndef OPENSSL_NO_RC4
 EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u);
 int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel,
                 pem_password_cb *cb, void *u);
+#  endif
 # endif
 
-/* BEGIN ERROR CODES */
-/*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-
-void ERR_load_PEM_strings(void);
-
-/* Error codes for the PEM functions. */
-
-/* Function codes. */
-# define PEM_F_B2I_DSS                                    127
-# define PEM_F_B2I_PVK_BIO                                128
-# define PEM_F_B2I_RSA                                    129
-# define PEM_F_CHECK_BITLEN_DSA                           130
-# define PEM_F_CHECK_BITLEN_RSA                           131
-# define PEM_F_D2I_PKCS8PRIVATEKEY_BIO                    120
-# define PEM_F_D2I_PKCS8PRIVATEKEY_FP                     121
-# define PEM_F_DO_B2I                                     132
-# define PEM_F_DO_B2I_BIO                                 133
-# define PEM_F_DO_BLOB_HEADER                             134
-# define PEM_F_DO_PK8PKEY                                 126
-# define PEM_F_DO_PK8PKEY_FP                              125
-# define PEM_F_DO_PVK_BODY                                135
-# define PEM_F_DO_PVK_HEADER                              136
-# define PEM_F_I2B_PVK                                    137
-# define PEM_F_I2B_PVK_BIO                                138
-# define PEM_F_LOAD_IV                                    101
-# define PEM_F_PEM_ASN1_READ                              102
-# define PEM_F_PEM_ASN1_READ_BIO                          103
-# define PEM_F_PEM_ASN1_WRITE                             104
-# define PEM_F_PEM_ASN1_WRITE_BIO                         105
-# define PEM_F_PEM_DEF_CALLBACK                           100
-# define PEM_F_PEM_DO_HEADER                              106
-# define PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY            118
-# define PEM_F_PEM_GET_EVP_CIPHER_INFO                    107
-# define PEM_F_PEM_PK8PKEY                                119
-# define PEM_F_PEM_READ                                   108
-# define PEM_F_PEM_READ_BIO                               109
-# define PEM_F_PEM_READ_BIO_DHPARAMS                      141
-# define PEM_F_PEM_READ_BIO_PARAMETERS                    140
-# define PEM_F_PEM_READ_BIO_PRIVATEKEY                    123
-# define PEM_F_PEM_READ_DHPARAMS                          142
-# define PEM_F_PEM_READ_PRIVATEKEY                        124
-# define PEM_F_PEM_SEALFINAL                              110
-# define PEM_F_PEM_SEALINIT                               111
-# define PEM_F_PEM_SIGNFINAL                              112
-# define PEM_F_PEM_WRITE                                  113
-# define PEM_F_PEM_WRITE_BIO                              114
-# define PEM_F_PEM_WRITE_PRIVATEKEY                       139
-# define PEM_F_PEM_X509_INFO_READ                         115
-# define PEM_F_PEM_X509_INFO_READ_BIO                     116
-# define PEM_F_PEM_X509_INFO_WRITE_BIO                    117
-
-/* Reason codes. */
-# define PEM_R_BAD_BASE64_DECODE                          100
-# define PEM_R_BAD_DECRYPT                                101
-# define PEM_R_BAD_END_LINE                               102
-# define PEM_R_BAD_IV_CHARS                               103
-# define PEM_R_BAD_MAGIC_NUMBER                           116
-# define PEM_R_BAD_PASSWORD_READ                          104
-# define PEM_R_BAD_VERSION_NUMBER                         117
-# define PEM_R_BIO_WRITE_FAILURE                          118
-# define PEM_R_CIPHER_IS_NULL                             127
-# define PEM_R_ERROR_CONVERTING_PRIVATE_KEY               115
-# define PEM_R_EXPECTING_PRIVATE_KEY_BLOB                 119
-# define PEM_R_EXPECTING_PUBLIC_KEY_BLOB                  120
-# define PEM_R_HEADER_TOO_LONG                            128
-# define PEM_R_INCONSISTENT_HEADER                        121
-# define PEM_R_KEYBLOB_HEADER_PARSE_ERROR                 122
-# define PEM_R_KEYBLOB_TOO_SHORT                          123
-# define PEM_R_NOT_DEK_INFO                               105
-# define PEM_R_NOT_ENCRYPTED                              106
-# define PEM_R_NOT_PROC_TYPE                              107
-# define PEM_R_NO_START_LINE                              108
-# define PEM_R_PROBLEMS_GETTING_PASSWORD                  109
-# define PEM_R_PUBLIC_KEY_NO_RSA                          110
-# define PEM_R_PVK_DATA_TOO_SHORT                         124
-# define PEM_R_PVK_TOO_SHORT                              125
-# define PEM_R_READ_KEY                                   111
-# define PEM_R_SHORT_HEADER                               112
-# define PEM_R_UNSUPPORTED_CIPHER                         113
-# define PEM_R_UNSUPPORTED_ENCRYPTION                     114
-# define PEM_R_UNSUPPORTED_KEY_COMPONENTS                 126
-
 # ifdef  __cplusplus
 }
 # endif
diff --git a/freebsd/crypto/openssl/include/openssl/pem2.h b/freebsd/crypto/openssl/include/openssl/pem2.h
new file mode 100644
index 00000000..038fe790
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/pem2.h
@@ -0,0 +1,13 @@
+/*
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_PEM2_H
+# define HEADER_PEM2_H
+# include <openssl/pemerr.h>
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/pemerr.h b/freebsd/crypto/openssl/include/openssl/pemerr.h
new file mode 100644
index 00000000..cd61b823
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/pemerr.h
@@ -0,0 +1,99 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_PEMERR_H
+# define HEADER_PEMERR_H
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_PEM_strings(void);
+
+/*
+ * PEM function codes.
+ */
+# define PEM_F_B2I_DSS                                    127
+# define PEM_F_B2I_PVK_BIO                                128
+# define PEM_F_B2I_RSA                                    129
+# define PEM_F_CHECK_BITLEN_DSA                           130
+# define PEM_F_CHECK_BITLEN_RSA                           131
+# define PEM_F_D2I_PKCS8PRIVATEKEY_BIO                    120
+# define PEM_F_D2I_PKCS8PRIVATEKEY_FP                     121
+# define PEM_F_DO_B2I                                     132
+# define PEM_F_DO_B2I_BIO                                 133
+# define PEM_F_DO_BLOB_HEADER                             134
+# define PEM_F_DO_I2B                                     146
+# define PEM_F_DO_PK8PKEY                                 126
+# define PEM_F_DO_PK8PKEY_FP                              125
+# define PEM_F_DO_PVK_BODY                                135
+# define PEM_F_DO_PVK_HEADER                              136
+# define PEM_F_GET_HEADER_AND_DATA                        143
+# define PEM_F_GET_NAME                                   144
+# define PEM_F_I2B_PVK                                    137
+# define PEM_F_I2B_PVK_BIO                                138
+# define PEM_F_LOAD_IV                                    101
+# define PEM_F_PEM_ASN1_READ                              102
+# define PEM_F_PEM_ASN1_READ_BIO                          103
+# define PEM_F_PEM_ASN1_WRITE                             104
+# define PEM_F_PEM_ASN1_WRITE_BIO                         105
+# define PEM_F_PEM_DEF_CALLBACK                           100
+# define PEM_F_PEM_DO_HEADER                              106
+# define PEM_F_PEM_GET_EVP_CIPHER_INFO                    107
+# define PEM_F_PEM_READ                                   108
+# define PEM_F_PEM_READ_BIO                               109
+# define PEM_F_PEM_READ_BIO_DHPARAMS                      141
+# define PEM_F_PEM_READ_BIO_EX                            145
+# define PEM_F_PEM_READ_BIO_PARAMETERS                    140
+# define PEM_F_PEM_READ_BIO_PRIVATEKEY                    123
+# define PEM_F_PEM_READ_DHPARAMS                          142
+# define PEM_F_PEM_READ_PRIVATEKEY                        124
+# define PEM_F_PEM_SIGNFINAL                              112
+# define PEM_F_PEM_WRITE                                  113
+# define PEM_F_PEM_WRITE_BIO                              114
+# define PEM_F_PEM_WRITE_PRIVATEKEY                       139
+# define PEM_F_PEM_X509_INFO_READ                         115
+# define PEM_F_PEM_X509_INFO_READ_BIO                     116
+# define PEM_F_PEM_X509_INFO_WRITE_BIO                    117
+
+/*
+ * PEM reason codes.
+ */
+# define PEM_R_BAD_BASE64_DECODE                          100
+# define PEM_R_BAD_DECRYPT                                101
+# define PEM_R_BAD_END_LINE                               102
+# define PEM_R_BAD_IV_CHARS                               103
+# define PEM_R_BAD_MAGIC_NUMBER                           116
+# define PEM_R_BAD_PASSWORD_READ                          104
+# define PEM_R_BAD_VERSION_NUMBER                         117
+# define PEM_R_BIO_WRITE_FAILURE                          118
+# define PEM_R_CIPHER_IS_NULL                             127
+# define PEM_R_ERROR_CONVERTING_PRIVATE_KEY               115
+# define PEM_R_EXPECTING_PRIVATE_KEY_BLOB                 119
+# define PEM_R_EXPECTING_PUBLIC_KEY_BLOB                  120
+# define PEM_R_HEADER_TOO_LONG                            128
+# define PEM_R_INCONSISTENT_HEADER                        121
+# define PEM_R_KEYBLOB_HEADER_PARSE_ERROR                 122
+# define PEM_R_KEYBLOB_TOO_SHORT                          123
+# define PEM_R_MISSING_DEK_IV                             129
+# define PEM_R_NOT_DEK_INFO                               105
+# define PEM_R_NOT_ENCRYPTED                              106
+# define PEM_R_NOT_PROC_TYPE                              107
+# define PEM_R_NO_START_LINE                              108
+# define PEM_R_PROBLEMS_GETTING_PASSWORD                  109
+# define PEM_R_PVK_DATA_TOO_SHORT                         124
+# define PEM_R_PVK_TOO_SHORT                              125
+# define PEM_R_READ_KEY                                   111
+# define PEM_R_SHORT_HEADER                               112
+# define PEM_R_UNEXPECTED_DEK_IV                          130
+# define PEM_R_UNSUPPORTED_CIPHER                         113
+# define PEM_R_UNSUPPORTED_ENCRYPTION                     114
+# define PEM_R_UNSUPPORTED_KEY_COMPONENTS                 126
+
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/pkcs12.h b/freebsd/crypto/openssl/include/openssl/pkcs12.h
new file mode 100644
index 00000000..3f43dad6
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/pkcs12.h
@@ -0,0 +1,223 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_PKCS12_H
+# define HEADER_PKCS12_H
+
+# include <openssl/bio.h>
+# include <openssl/x509.h>
+# include <openssl/pkcs12err.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# define PKCS12_KEY_ID   1
+# define PKCS12_IV_ID    2
+# define PKCS12_MAC_ID   3
+
+/* Default iteration count */
+# ifndef PKCS12_DEFAULT_ITER
+#  define PKCS12_DEFAULT_ITER     PKCS5_DEFAULT_ITER
+# endif
+
+# define PKCS12_MAC_KEY_LENGTH 20
+
+# define PKCS12_SALT_LEN 8
+
+/* It's not clear if these are actually needed... */
+# define PKCS12_key_gen PKCS12_key_gen_utf8
+# define PKCS12_add_friendlyname PKCS12_add_friendlyname_utf8
+
+/* MS key usage constants */
+
+# define KEY_EX  0x10
+# define KEY_SIG 0x80
+
+typedef struct PKCS12_MAC_DATA_st PKCS12_MAC_DATA;
+
+typedef struct PKCS12_st PKCS12;
+
+typedef struct PKCS12_SAFEBAG_st PKCS12_SAFEBAG;
+
+DEFINE_STACK_OF(PKCS12_SAFEBAG)
+
+typedef struct pkcs12_bag_st PKCS12_BAGS;
+
+# define PKCS12_ERROR    0
+# define PKCS12_OK       1
+
+/* Compatibility macros */
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+
+# define M_PKCS12_bag_type PKCS12_bag_type
+# define M_PKCS12_cert_bag_type PKCS12_cert_bag_type
+# define M_PKCS12_crl_bag_type PKCS12_cert_bag_type
+
+# define PKCS12_certbag2x509 PKCS12_SAFEBAG_get1_cert
+# define PKCS12_certbag2scrl PKCS12_SAFEBAG_get1_crl
+# define PKCS12_bag_type PKCS12_SAFEBAG_get_nid
+# define PKCS12_cert_bag_type PKCS12_SAFEBAG_get_bag_nid
+# define PKCS12_x5092certbag PKCS12_SAFEBAG_create_cert
+# define PKCS12_x509crl2certbag PKCS12_SAFEBAG_create_crl
+# define PKCS12_MAKE_KEYBAG PKCS12_SAFEBAG_create0_p8inf
+# define PKCS12_MAKE_SHKEYBAG PKCS12_SAFEBAG_create_pkcs8_encrypt
+
+#endif
+
+DEPRECATEDIN_1_1_0(ASN1_TYPE *PKCS12_get_attr(const PKCS12_SAFEBAG *bag, int attr_nid))
+
+ASN1_TYPE *PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid);
+int PKCS12_mac_present(const PKCS12 *p12);
+void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac,
+                     const X509_ALGOR **pmacalg,
+                     const ASN1_OCTET_STRING **psalt,
+                     const ASN1_INTEGER **piter,
+                     const PKCS12 *p12);
+
+const ASN1_TYPE *PKCS12_SAFEBAG_get0_attr(const PKCS12_SAFEBAG *bag,
+                                          int attr_nid);
+const ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG *bag);
+int PKCS12_SAFEBAG_get_nid(const PKCS12_SAFEBAG *bag);
+int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag);
+
+X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag);
+X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag);
+const STACK_OF(PKCS12_SAFEBAG) *
+PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag);
+const PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(const PKCS12_SAFEBAG *bag);
+const X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(const PKCS12_SAFEBAG *bag);
+
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_cert(X509 *x509);
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl);
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8);
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8);
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid,
+                                                    const char *pass,
+                                                    int passlen,
+                                                    unsigned char *salt,
+                                                    int saltlen, int iter,
+                                                    PKCS8_PRIV_KEY_INFO *p8inf);
+
+PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it,
+                                         int nid1, int nid2);
+PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(const X509_SIG *p8, const char *pass,
+                                   int passlen);
+PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag,
+                                         const char *pass, int passlen);
+X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
+                        const char *pass, int passlen, unsigned char *salt,
+                        int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8);
+X509_SIG *PKCS8_set0_pbe(const char *pass, int passlen,
+                        PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe);
+PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk);
+STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7);
+PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
+                             unsigned char *salt, int saltlen, int iter,
+                             STACK_OF(PKCS12_SAFEBAG) *bags);
+STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass,
+                                                  int passlen);
+
+int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes);
+STACK_OF(PKCS7) *PKCS12_unpack_authsafes(const PKCS12 *p12);
+
+int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name,
+                          int namelen);
+int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,
+                                int namelen);
+int PKCS12_add_friendlyname_utf8(PKCS12_SAFEBAG *bag, const char *name,
+                                 int namelen);
+int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name,
+                           int namelen);
+int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag,
+                                const unsigned char *name, int namelen);
+int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage);
+ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs,
+                               int attr_nid);
+char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
+const STACK_OF(X509_ATTRIBUTE) *
+PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag);
+unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
+                                const char *pass, int passlen,
+                                const unsigned char *in, int inlen,
+                                unsigned char **data, int *datalen,
+                                int en_de);
+void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it,
+                              const char *pass, int passlen,
+                              const ASN1_OCTET_STRING *oct, int zbuf);
+ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor,
+                                           const ASN1_ITEM *it,
+                                           const char *pass, int passlen,
+                                           void *obj, int zbuf);
+PKCS12 *PKCS12_init(int mode);
+int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
+                       int saltlen, int id, int iter, int n,
+                       unsigned char *out, const EVP_MD *md_type);
+int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
+                       int saltlen, int id, int iter, int n,
+                       unsigned char *out, const EVP_MD *md_type);
+int PKCS12_key_gen_utf8(const char *pass, int passlen, unsigned char *salt,
+                        int saltlen, int id, int iter, int n,
+                        unsigned char *out, const EVP_MD *md_type);
+int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+                        ASN1_TYPE *param, const EVP_CIPHER *cipher,
+                        const EVP_MD *md_type, int en_de);
+int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
+                   unsigned char *mac, unsigned int *maclen);
+int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen);
+int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
+                   unsigned char *salt, int saltlen, int iter,
+                   const EVP_MD *md_type);
+int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt,
+                     int saltlen, const EVP_MD *md_type);
+unsigned char *OPENSSL_asc2uni(const char *asc, int asclen,
+                               unsigned char **uni, int *unilen);
+char *OPENSSL_uni2asc(const unsigned char *uni, int unilen);
+unsigned char *OPENSSL_utf82uni(const char *asc, int asclen,
+                                unsigned char **uni, int *unilen);
+char *OPENSSL_uni2utf8(const unsigned char *uni, int unilen);
+
+DECLARE_ASN1_FUNCTIONS(PKCS12)
+DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA)
+DECLARE_ASN1_FUNCTIONS(PKCS12_SAFEBAG)
+DECLARE_ASN1_FUNCTIONS(PKCS12_BAGS)
+
+DECLARE_ASN1_ITEM(PKCS12_SAFEBAGS)
+DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES)
+
+void PKCS12_PBE_add(void);
+int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
+                 STACK_OF(X509) **ca);
+PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey,
+                      X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
+                      int iter, int mac_iter, int keytype);
+
+PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
+PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
+                               EVP_PKEY *key, int key_usage, int iter,
+                               int key_nid, const char *pass);
+int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
+                    int safe_nid, int iter, const char *pass);
+PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid);
+
+int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12);
+# ifndef OPENSSL_NO_STDIO
+int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12);
+# endif
+PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12);
+# ifndef OPENSSL_NO_STDIO
+PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12);
+# endif
+int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass);
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/pkcs12err.h b/freebsd/crypto/openssl/include/openssl/pkcs12err.h
new file mode 100644
index 00000000..c7184ffe
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/pkcs12err.h
@@ -0,0 +1,77 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_PKCS12ERR_H
+# define HEADER_PKCS12ERR_H
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_PKCS12_strings(void);
+
+/*
+ * PKCS12 function codes.
+ */
+# define PKCS12_F_OPENSSL_ASC2UNI                         121
+# define PKCS12_F_OPENSSL_UNI2ASC                         124
+# define PKCS12_F_OPENSSL_UNI2UTF8                        127
+# define PKCS12_F_OPENSSL_UTF82UNI                        129
+# define PKCS12_F_PKCS12_CREATE                           105
+# define PKCS12_F_PKCS12_GEN_MAC                          107
+# define PKCS12_F_PKCS12_INIT                             109
+# define PKCS12_F_PKCS12_ITEM_DECRYPT_D2I                 106
+# define PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT                 108
+# define PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG                117
+# define PKCS12_F_PKCS12_KEY_GEN_ASC                      110
+# define PKCS12_F_PKCS12_KEY_GEN_UNI                      111
+# define PKCS12_F_PKCS12_KEY_GEN_UTF8                     116
+# define PKCS12_F_PKCS12_NEWPASS                          128
+# define PKCS12_F_PKCS12_PACK_P7DATA                      114
+# define PKCS12_F_PKCS12_PACK_P7ENCDATA                   115
+# define PKCS12_F_PKCS12_PARSE                            118
+# define PKCS12_F_PKCS12_PBE_CRYPT                        119
+# define PKCS12_F_PKCS12_PBE_KEYIVGEN                     120
+# define PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF            112
+# define PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8            113
+# define PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT     133
+# define PKCS12_F_PKCS12_SETUP_MAC                        122
+# define PKCS12_F_PKCS12_SET_MAC                          123
+# define PKCS12_F_PKCS12_UNPACK_AUTHSAFES                 130
+# define PKCS12_F_PKCS12_UNPACK_P7DATA                    131
+# define PKCS12_F_PKCS12_VERIFY_MAC                       126
+# define PKCS12_F_PKCS8_ENCRYPT                           125
+# define PKCS12_F_PKCS8_SET0_PBE                          132
+
+/*
+ * PKCS12 reason codes.
+ */
+# define PKCS12_R_CANT_PACK_STRUCTURE                     100
+# define PKCS12_R_CONTENT_TYPE_NOT_DATA                   121
+# define PKCS12_R_DECODE_ERROR                            101
+# define PKCS12_R_ENCODE_ERROR                            102
+# define PKCS12_R_ENCRYPT_ERROR                           103
+# define PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE       120
+# define PKCS12_R_INVALID_NULL_ARGUMENT                   104
+# define PKCS12_R_INVALID_NULL_PKCS12_POINTER             105
+# define PKCS12_R_IV_GEN_ERROR                            106
+# define PKCS12_R_KEY_GEN_ERROR                           107
+# define PKCS12_R_MAC_ABSENT                              108
+# define PKCS12_R_MAC_GENERATION_ERROR                    109
+# define PKCS12_R_MAC_SETUP_ERROR                         110
+# define PKCS12_R_MAC_STRING_SET_ERROR                    111
+# define PKCS12_R_MAC_VERIFY_FAILURE                      113
+# define PKCS12_R_PARSE_ERROR                             114
+# define PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR           115
+# define PKCS12_R_PKCS12_CIPHERFINAL_ERROR                116
+# define PKCS12_R_PKCS12_PBE_CRYPT_ERROR                  117
+# define PKCS12_R_UNKNOWN_DIGEST_ALGORITHM                118
+# define PKCS12_R_UNSUPPORTED_PKCS12_MODE                 119
+
+#endif
diff --git a/freebsd/crypto/openssl/crypto/pkcs7/pkcs7.h b/freebsd/crypto/openssl/include/openssl/pkcs7.h
index b51b3863..9b66e002 100644
--- a/freebsd/crypto/openssl/crypto/pkcs7/pkcs7.h
+++ b/freebsd/crypto/openssl/include/openssl/pkcs7.h
@@ -1,59 +1,10 @@
-/* crypto/pkcs7/pkcs7.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #ifndef HEADER_PKCS7_H
@@ -65,17 +16,12 @@
 
 # include <openssl/symhacks.h>
 # include <openssl/ossl_typ.h>
+# include <openssl/pkcs7err.h>
 
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
-# ifdef OPENSSL_SYS_WIN32
-/* Under Win32 thes are defined in wincrypt.h */
-#  undef PKCS7_ISSUER_AND_SERIAL
-#  undef PKCS7_SIGNER_INFO
-# endif
-
 /*-
 Encryption_ID           DES-CBC
 Digest_ID               MD5
@@ -100,8 +46,7 @@ typedef struct pkcs7_signer_info_st {
     EVP_PKEY *pkey;
 } PKCS7_SIGNER_INFO;
 
-DECLARE_STACK_OF(PKCS7_SIGNER_INFO)
-DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO)
+DEFINE_STACK_OF(PKCS7_SIGNER_INFO)
 
 typedef struct pkcs7_recip_info_st {
     ASN1_INTEGER *version;      /* version 0 */
@@ -111,8 +56,7 @@ typedef struct pkcs7_recip_info_st {
     X509 *cert;                 /* get the pub-key from this */
 } PKCS7_RECIP_INFO;
 
-DECLARE_STACK_OF(PKCS7_RECIP_INFO)
-DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO)
+DEFINE_STACK_OF(PKCS7_RECIP_INFO)
 
 typedef struct pkcs7_signed_st {
     ASN1_INTEGER *version;      /* version 1 */
@@ -199,9 +143,7 @@ typedef struct pkcs7_st {
     } d;
 } PKCS7;
 
-DECLARE_STACK_OF(PKCS7)
-DECLARE_ASN1_SET_OF(PKCS7)
-DECLARE_PKCS12_STACK_OF(PKCS7)
+DEFINE_STACK_OF(PKCS7)
 
 # define PKCS7_OP_SET_DETACHED_SIGNATURE 1
 # define PKCS7_OP_GET_DETACHED_SIGNATURE 2
@@ -242,6 +184,7 @@ DECLARE_PKCS12_STACK_OF(PKCS7)
 # define PKCS7_NOCRL             0x2000
 # define PKCS7_PARTIAL           0x4000
 # define PKCS7_REUSE_DIGEST      0x8000
+# define PKCS7_NO_DUAL_CONTENT   0x10000
 
 /* Flags: for compatibility with older code */
 
@@ -255,12 +198,15 @@ DECLARE_PKCS12_STACK_OF(PKCS7)
 # define SMIME_BINARY    PKCS7_BINARY
 # define SMIME_NOATTR    PKCS7_NOATTR
 
+/* CRLF ASCII canonicalisation */
+# define SMIME_ASCIICRLF         0x80000
+
 DECLARE_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL)
 
 int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,
                                    const EVP_MD *type, unsigned char *md,
                                    unsigned int *len);
-# ifndef OPENSSL_NO_FP_API
+# ifndef OPENSSL_NO_STDIO
 PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7);
 int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7);
 # endif
@@ -367,115 +313,7 @@ PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont);
 
 BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7);
 
-/* BEGIN ERROR CODES */
-/*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_PKCS7_strings(void);
-
-/* Error codes for the PKCS7 functions. */
-
-/* Function codes. */
-# define PKCS7_F_B64_READ_PKCS7                           120
-# define PKCS7_F_B64_WRITE_PKCS7                          121
-# define PKCS7_F_DO_PKCS7_SIGNED_ATTRIB                   136
-# define PKCS7_F_I2D_PKCS7_BIO_STREAM                     140
-# define PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME           135
-# define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP                118
-# define PKCS7_F_PKCS7_ADD_CERTIFICATE                    100
-# define PKCS7_F_PKCS7_ADD_CRL                            101
-# define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO                 102
-# define PKCS7_F_PKCS7_ADD_SIGNATURE                      131
-# define PKCS7_F_PKCS7_ADD_SIGNER                         103
-# define PKCS7_F_PKCS7_BIO_ADD_DIGEST                     125
-# define PKCS7_F_PKCS7_COPY_EXISTING_DIGEST               138
-# define PKCS7_F_PKCS7_CTRL                               104
-# define PKCS7_F_PKCS7_DATADECODE                         112
-# define PKCS7_F_PKCS7_DATAFINAL                          128
-# define PKCS7_F_PKCS7_DATAINIT                           105
-# define PKCS7_F_PKCS7_DATASIGN                           106
-# define PKCS7_F_PKCS7_DATAVERIFY                         107
-# define PKCS7_F_PKCS7_DECRYPT                            114
-# define PKCS7_F_PKCS7_DECRYPT_RINFO                      133
-# define PKCS7_F_PKCS7_ENCODE_RINFO                       132
-# define PKCS7_F_PKCS7_ENCRYPT                            115
-# define PKCS7_F_PKCS7_FINAL                              134
-# define PKCS7_F_PKCS7_FIND_DIGEST                        127
-# define PKCS7_F_PKCS7_GET0_SIGNERS                       124
-# define PKCS7_F_PKCS7_RECIP_INFO_SET                     130
-# define PKCS7_F_PKCS7_SET_CIPHER                         108
-# define PKCS7_F_PKCS7_SET_CONTENT                        109
-# define PKCS7_F_PKCS7_SET_DIGEST                         126
-# define PKCS7_F_PKCS7_SET_TYPE                           110
-# define PKCS7_F_PKCS7_SIGN                               116
-# define PKCS7_F_PKCS7_SIGNATUREVERIFY                    113
-# define PKCS7_F_PKCS7_SIGNER_INFO_SET                    129
-# define PKCS7_F_PKCS7_SIGNER_INFO_SIGN                   139
-# define PKCS7_F_PKCS7_SIGN_ADD_SIGNER                    137
-# define PKCS7_F_PKCS7_SIMPLE_SMIMECAP                    119
-# define PKCS7_F_PKCS7_VERIFY                             117
-# define PKCS7_F_SMIME_READ_PKCS7                         122
-# define PKCS7_F_SMIME_TEXT                               123
-
-/* Reason codes. */
-# define PKCS7_R_CERTIFICATE_VERIFY_ERROR                 117
-# define PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER          144
-# define PKCS7_R_CIPHER_NOT_INITIALIZED                   116
-# define PKCS7_R_CONTENT_AND_DATA_PRESENT                 118
-# define PKCS7_R_CTRL_ERROR                               152
-# define PKCS7_R_DECODE_ERROR                             130
-# define PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH            100
-# define PKCS7_R_DECRYPT_ERROR                            119
-# define PKCS7_R_DIGEST_FAILURE                           101
-# define PKCS7_R_ENCRYPTION_CTRL_FAILURE                  149
-# define PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 150
-# define PKCS7_R_ERROR_ADDING_RECIPIENT                   120
-# define PKCS7_R_ERROR_SETTING_CIPHER                     121
-# define PKCS7_R_INVALID_MIME_TYPE                        131
-# define PKCS7_R_INVALID_NULL_POINTER                     143
-# define PKCS7_R_INVALID_SIGNED_DATA_TYPE                 155
-# define PKCS7_R_MIME_NO_CONTENT_TYPE                     132
-# define PKCS7_R_MIME_PARSE_ERROR                         133
-# define PKCS7_R_MIME_SIG_PARSE_ERROR                     134
-# define PKCS7_R_MISSING_CERIPEND_INFO                    103
-# define PKCS7_R_NO_CONTENT                               122
-# define PKCS7_R_NO_CONTENT_TYPE                          135
-# define PKCS7_R_NO_DEFAULT_DIGEST                        151
-# define PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND            154
-# define PKCS7_R_NO_MULTIPART_BODY_FAILURE                136
-# define PKCS7_R_NO_MULTIPART_BOUNDARY                    137
-# define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE         115
-# define PKCS7_R_NO_RECIPIENT_MATCHES_KEY                 146
-# define PKCS7_R_NO_SIGNATURES_ON_DATA                    123
-# define PKCS7_R_NO_SIGNERS                               142
-# define PKCS7_R_NO_SIG_CONTENT_TYPE                      138
-# define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE     104
-# define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR                124
-# define PKCS7_R_PKCS7_ADD_SIGNER_ERROR                   153
-# define PKCS7_R_PKCS7_DATAFINAL                          126
-# define PKCS7_R_PKCS7_DATAFINAL_ERROR                    125
-# define PKCS7_R_PKCS7_DATASIGN                           145
-# define PKCS7_R_PKCS7_PARSE_ERROR                        139
-# define PKCS7_R_PKCS7_SIG_PARSE_ERROR                    140
-# define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE   127
-# define PKCS7_R_SIGNATURE_FAILURE                        105
-# define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND             128
-# define PKCS7_R_SIGNING_CTRL_FAILURE                     147
-# define PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE  148
-# define PKCS7_R_SIG_INVALID_MIME_TYPE                    141
-# define PKCS7_R_SMIME_TEXT_ERROR                         129
-# define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE               106
-# define PKCS7_R_UNABLE_TO_FIND_MEM_BIO                   107
-# define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST            108
-# define PKCS7_R_UNKNOWN_DIGEST_TYPE                      109
-# define PKCS7_R_UNKNOWN_OPERATION                        110
-# define PKCS7_R_UNSUPPORTED_CIPHER_TYPE                  111
-# define PKCS7_R_UNSUPPORTED_CONTENT_TYPE                 112
-# define PKCS7_R_WRONG_CONTENT_TYPE                       113
-# define PKCS7_R_WRONG_PKCS7_TYPE                         114
-
-#ifdef  __cplusplus
+# ifdef  __cplusplus
 }
-#endif
+# endif
 #endif
diff --git a/freebsd/crypto/openssl/include/openssl/pkcs7err.h b/freebsd/crypto/openssl/include/openssl/pkcs7err.h
new file mode 100644
index 00000000..0ba418d7
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/pkcs7err.h
@@ -0,0 +1,99 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_PKCS7ERR_H
+# define HEADER_PKCS7ERR_H
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_PKCS7_strings(void);
+
+/*
+ * PKCS7 function codes.
+ */
+# define PKCS7_F_DO_PKCS7_SIGNED_ATTRIB                   136
+# define PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME           135
+# define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP                118
+# define PKCS7_F_PKCS7_ADD_CERTIFICATE                    100
+# define PKCS7_F_PKCS7_ADD_CRL                            101
+# define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO                 102
+# define PKCS7_F_PKCS7_ADD_SIGNATURE                      131
+# define PKCS7_F_PKCS7_ADD_SIGNER                         103
+# define PKCS7_F_PKCS7_BIO_ADD_DIGEST                     125
+# define PKCS7_F_PKCS7_COPY_EXISTING_DIGEST               138
+# define PKCS7_F_PKCS7_CTRL                               104
+# define PKCS7_F_PKCS7_DATADECODE                         112
+# define PKCS7_F_PKCS7_DATAFINAL                          128
+# define PKCS7_F_PKCS7_DATAINIT                           105
+# define PKCS7_F_PKCS7_DATAVERIFY                         107
+# define PKCS7_F_PKCS7_DECRYPT                            114
+# define PKCS7_F_PKCS7_DECRYPT_RINFO                      133
+# define PKCS7_F_PKCS7_ENCODE_RINFO                       132
+# define PKCS7_F_PKCS7_ENCRYPT                            115
+# define PKCS7_F_PKCS7_FINAL                              134
+# define PKCS7_F_PKCS7_FIND_DIGEST                        127
+# define PKCS7_F_PKCS7_GET0_SIGNERS                       124
+# define PKCS7_F_PKCS7_RECIP_INFO_SET                     130
+# define PKCS7_F_PKCS7_SET_CIPHER                         108
+# define PKCS7_F_PKCS7_SET_CONTENT                        109
+# define PKCS7_F_PKCS7_SET_DIGEST                         126
+# define PKCS7_F_PKCS7_SET_TYPE                           110
+# define PKCS7_F_PKCS7_SIGN                               116
+# define PKCS7_F_PKCS7_SIGNATUREVERIFY                    113
+# define PKCS7_F_PKCS7_SIGNER_INFO_SET                    129
+# define PKCS7_F_PKCS7_SIGNER_INFO_SIGN                   139
+# define PKCS7_F_PKCS7_SIGN_ADD_SIGNER                    137
+# define PKCS7_F_PKCS7_SIMPLE_SMIMECAP                    119
+# define PKCS7_F_PKCS7_VERIFY                             117
+
+/*
+ * PKCS7 reason codes.
+ */
+# define PKCS7_R_CERTIFICATE_VERIFY_ERROR                 117
+# define PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER          144
+# define PKCS7_R_CIPHER_NOT_INITIALIZED                   116
+# define PKCS7_R_CONTENT_AND_DATA_PRESENT                 118
+# define PKCS7_R_CTRL_ERROR                               152
+# define PKCS7_R_DECRYPT_ERROR                            119
+# define PKCS7_R_DIGEST_FAILURE                           101
+# define PKCS7_R_ENCRYPTION_CTRL_FAILURE                  149
+# define PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 150
+# define PKCS7_R_ERROR_ADDING_RECIPIENT                   120
+# define PKCS7_R_ERROR_SETTING_CIPHER                     121
+# define PKCS7_R_INVALID_NULL_POINTER                     143
+# define PKCS7_R_INVALID_SIGNED_DATA_TYPE                 155
+# define PKCS7_R_NO_CONTENT                               122
+# define PKCS7_R_NO_DEFAULT_DIGEST                        151
+# define PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND            154
+# define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE         115
+# define PKCS7_R_NO_SIGNATURES_ON_DATA                    123
+# define PKCS7_R_NO_SIGNERS                               142
+# define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE     104
+# define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR                124
+# define PKCS7_R_PKCS7_ADD_SIGNER_ERROR                   153
+# define PKCS7_R_PKCS7_DATASIGN                           145
+# define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE   127
+# define PKCS7_R_SIGNATURE_FAILURE                        105
+# define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND             128
+# define PKCS7_R_SIGNING_CTRL_FAILURE                     147
+# define PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE  148
+# define PKCS7_R_SMIME_TEXT_ERROR                         129
+# define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE               106
+# define PKCS7_R_UNABLE_TO_FIND_MEM_BIO                   107
+# define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST            108
+# define PKCS7_R_UNKNOWN_DIGEST_TYPE                      109
+# define PKCS7_R_UNKNOWN_OPERATION                        110
+# define PKCS7_R_UNSUPPORTED_CIPHER_TYPE                  111
+# define PKCS7_R_UNSUPPORTED_CONTENT_TYPE                 112
+# define PKCS7_R_WRONG_CONTENT_TYPE                       113
+# define PKCS7_R_WRONG_PKCS7_TYPE                         114
+
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/rand.h b/freebsd/crypto/openssl/include/openssl/rand.h
new file mode 100644
index 00000000..38a2a271
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/rand.h
@@ -0,0 +1,77 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_RAND_H
+# define HEADER_RAND_H
+
+# include <stdlib.h>
+# include <openssl/ossl_typ.h>
+# include <openssl/e_os2.h>
+# include <openssl/randerr.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+struct rand_meth_st {
+    int (*seed) (const void *buf, int num);
+    int (*bytes) (unsigned char *buf, int num);
+    void (*cleanup) (void);
+    int (*add) (const void *buf, int num, double randomness);
+    int (*pseudorand) (unsigned char *buf, int num);
+    int (*status) (void);
+};
+
+int RAND_set_rand_method(const RAND_METHOD *meth);
+const RAND_METHOD *RAND_get_rand_method(void);
+# ifndef OPENSSL_NO_ENGINE
+int RAND_set_rand_engine(ENGINE *engine);
+# endif
+
+RAND_METHOD *RAND_OpenSSL(void);
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#   define RAND_cleanup() while(0) continue
+# endif
+int RAND_bytes(unsigned char *buf, int num);
+int RAND_priv_bytes(unsigned char *buf, int num);
+DEPRECATEDIN_1_1_0(int RAND_pseudo_bytes(unsigned char *buf, int num))
+
+void RAND_seed(const void *buf, int num);
+void RAND_keep_random_devices_open(int keep);
+
+# if defined(__ANDROID__) && defined(__NDK_FPABI__)
+__NDK_FPABI__	/* __attribute__((pcs("aapcs"))) on ARM */
+# endif
+void RAND_add(const void *buf, int num, double randomness);
+int RAND_load_file(const char *file, long max_bytes);
+int RAND_write_file(const char *file);
+const char *RAND_file_name(char *file, size_t num);
+int RAND_status(void);
+
+# ifndef OPENSSL_NO_EGD
+int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes);
+int RAND_egd(const char *path);
+int RAND_egd_bytes(const char *path, int bytes);
+# endif
+
+int RAND_poll(void);
+
+# if defined(_WIN32) && (defined(BASETYPES) || defined(_WINDEF_H))
+/* application has to include <windows.h> in order to use these */
+DEPRECATEDIN_1_1_0(void RAND_screen(void))
+DEPRECATEDIN_1_1_0(int RAND_event(UINT, WPARAM, LPARAM))
+# endif
+
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/rand_drbg.h b/freebsd/crypto/openssl/include/openssl/rand_drbg.h
new file mode 100644
index 00000000..282356e1
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/rand_drbg.h
@@ -0,0 +1,120 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_DRBG_RAND_H
+# define HEADER_DRBG_RAND_H
+
+# include <time.h>
+# include <openssl/ossl_typ.h>
+
+
+/* In CTR mode, disable derivation function ctr_df */
+# define RAND_DRBG_FLAG_CTR_NO_DF            0x1
+
+/* A logical OR of all used flag bits (currently there is only one) */
+# define RAND_DRBG_USED_FLAGS  ( \
+    RAND_DRBG_FLAG_CTR_NO_DF \
+                                 )
+
+/*
+ * Default security strength (in the sense of [NIST SP 800-90Ar1])
+ *
+ * NIST SP 800-90Ar1 supports the strength of the DRBG being smaller than that
+ * of the cipher by collecting less entropy. The current DRBG implemantion does
+ * not take RAND_DRBG_STRENGTH into account and sets the strength of the DRBG
+ * to that of the cipher.
+ *
+ * RAND_DRBG_STRENGTH is currently only used for the legacy RAND
+ * implementation.
+ *
+ * Currently supported ciphers are: NID_aes_128_ctr, NID_aes_192_ctr and
+ * NID_aes_256_ctr
+ */
+# define RAND_DRBG_STRENGTH             256
+# define RAND_DRBG_TYPE                 NID_aes_256_ctr
+# define RAND_DRBG_FLAGS                0
+
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+/*
+ * Object lifetime functions.
+ */
+RAND_DRBG *RAND_DRBG_new(int type, unsigned int flags, RAND_DRBG *parent);
+RAND_DRBG *RAND_DRBG_secure_new(int type, unsigned int flags, RAND_DRBG *parent);
+int RAND_DRBG_set(RAND_DRBG *drbg, int type, unsigned int flags);
+int RAND_DRBG_set_defaults(int type, unsigned int flags);
+int RAND_DRBG_instantiate(RAND_DRBG *drbg,
+                          const unsigned char *pers, size_t perslen);
+int RAND_DRBG_uninstantiate(RAND_DRBG *drbg);
+void RAND_DRBG_free(RAND_DRBG *drbg);
+
+/*
+ * Object "use" functions.
+ */
+int RAND_DRBG_reseed(RAND_DRBG *drbg,
+                     const unsigned char *adin, size_t adinlen,
+                     int prediction_resistance);
+int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen,
+                       int prediction_resistance,
+                       const unsigned char *adin, size_t adinlen);
+int RAND_DRBG_bytes(RAND_DRBG *drbg, unsigned char *out, size_t outlen);
+
+int RAND_DRBG_set_reseed_interval(RAND_DRBG *drbg, unsigned int interval);
+int RAND_DRBG_set_reseed_time_interval(RAND_DRBG *drbg, time_t interval);
+
+int RAND_DRBG_set_reseed_defaults(
+                                  unsigned int master_reseed_interval,
+                                  unsigned int slave_reseed_interval,
+                                  time_t master_reseed_time_interval,
+                                  time_t slave_reseed_time_interval
+                                  );
+
+RAND_DRBG *RAND_DRBG_get0_master(void);
+RAND_DRBG *RAND_DRBG_get0_public(void);
+RAND_DRBG *RAND_DRBG_get0_private(void);
+
+/*
+ * EXDATA
+ */
+# define RAND_DRBG_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DRBG, l, p, newf, dupf, freef)
+int RAND_DRBG_set_ex_data(RAND_DRBG *drbg, int idx, void *arg);
+void *RAND_DRBG_get_ex_data(const RAND_DRBG *drbg, int idx);
+
+/*
+ * Callback function typedefs
+ */
+typedef size_t (*RAND_DRBG_get_entropy_fn)(RAND_DRBG *drbg,
+                                           unsigned char **pout,
+                                           int entropy, size_t min_len,
+                                           size_t max_len,
+                                           int prediction_resistance);
+typedef void (*RAND_DRBG_cleanup_entropy_fn)(RAND_DRBG *ctx,
+                                             unsigned char *out, size_t outlen);
+typedef size_t (*RAND_DRBG_get_nonce_fn)(RAND_DRBG *drbg, unsigned char **pout,
+                                         int entropy, size_t min_len,
+                                         size_t max_len);
+typedef void (*RAND_DRBG_cleanup_nonce_fn)(RAND_DRBG *drbg,
+                                           unsigned char *out, size_t outlen);
+
+int RAND_DRBG_set_callbacks(RAND_DRBG *drbg,
+                            RAND_DRBG_get_entropy_fn get_entropy,
+                            RAND_DRBG_cleanup_entropy_fn cleanup_entropy,
+                            RAND_DRBG_get_nonce_fn get_nonce,
+                            RAND_DRBG_cleanup_nonce_fn cleanup_nonce);
+
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/randerr.h b/freebsd/crypto/openssl/include/openssl/randerr.h
new file mode 100644
index 00000000..128f4dea
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/randerr.h
@@ -0,0 +1,88 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_RANDERR_H
+# define HEADER_RANDERR_H
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_RAND_strings(void);
+
+/*
+ * RAND function codes.
+ */
+# define RAND_F_DRBG_BYTES                                101
+# define RAND_F_DRBG_GET_ENTROPY                          105
+# define RAND_F_DRBG_SETUP                                117
+# define RAND_F_GET_ENTROPY                               106
+# define RAND_F_RAND_BYTES                                100
+# define RAND_F_RAND_DRBG_ENABLE_LOCKING                  119
+# define RAND_F_RAND_DRBG_GENERATE                        107
+# define RAND_F_RAND_DRBG_GET_ENTROPY                     120
+# define RAND_F_RAND_DRBG_GET_NONCE                       123
+# define RAND_F_RAND_DRBG_INSTANTIATE                     108
+# define RAND_F_RAND_DRBG_NEW                             109
+# define RAND_F_RAND_DRBG_RESEED                          110
+# define RAND_F_RAND_DRBG_RESTART                         102
+# define RAND_F_RAND_DRBG_SET                             104
+# define RAND_F_RAND_DRBG_SET_DEFAULTS                    121
+# define RAND_F_RAND_DRBG_UNINSTANTIATE                   118
+# define RAND_F_RAND_LOAD_FILE                            111
+# define RAND_F_RAND_POOL_ACQUIRE_ENTROPY                 122
+# define RAND_F_RAND_POOL_ADD                             103
+# define RAND_F_RAND_POOL_ADD_BEGIN                       113
+# define RAND_F_RAND_POOL_ADD_END                         114
+# define RAND_F_RAND_POOL_BYTES_NEEDED                    115
+# define RAND_F_RAND_POOL_NEW                             116
+# define RAND_F_RAND_WRITE_FILE                           112
+
+/*
+ * RAND reason codes.
+ */
+# define RAND_R_ADDITIONAL_INPUT_TOO_LONG                 102
+# define RAND_R_ALREADY_INSTANTIATED                      103
+# define RAND_R_ARGUMENT_OUT_OF_RANGE                     105
+# define RAND_R_CANNOT_OPEN_FILE                          121
+# define RAND_R_DRBG_ALREADY_INITIALIZED                  129
+# define RAND_R_DRBG_NOT_INITIALISED                      104
+# define RAND_R_ENTROPY_INPUT_TOO_LONG                    106
+# define RAND_R_ENTROPY_OUT_OF_RANGE                      124
+# define RAND_R_ERROR_ENTROPY_POOL_WAS_IGNORED            127
+# define RAND_R_ERROR_INITIALISING_DRBG                   107
+# define RAND_R_ERROR_INSTANTIATING_DRBG                  108
+# define RAND_R_ERROR_RETRIEVING_ADDITIONAL_INPUT         109
+# define RAND_R_ERROR_RETRIEVING_ENTROPY                  110
+# define RAND_R_ERROR_RETRIEVING_NONCE                    111
+# define RAND_R_FAILED_TO_CREATE_LOCK                     126
+# define RAND_R_FUNC_NOT_IMPLEMENTED                      101
+# define RAND_R_FWRITE_ERROR                              123
+# define RAND_R_GENERATE_ERROR                            112
+# define RAND_R_INTERNAL_ERROR                            113
+# define RAND_R_IN_ERROR_STATE                            114
+# define RAND_R_NOT_A_REGULAR_FILE                        122
+# define RAND_R_NOT_INSTANTIATED                          115
+# define RAND_R_NO_DRBG_IMPLEMENTATION_SELECTED           128
+# define RAND_R_PARENT_LOCKING_NOT_ENABLED                130
+# define RAND_R_PARENT_STRENGTH_TOO_WEAK                  131
+# define RAND_R_PERSONALISATION_STRING_TOO_LONG           116
+# define RAND_R_PREDICTION_RESISTANCE_NOT_SUPPORTED       133
+# define RAND_R_PRNG_NOT_SEEDED                           100
+# define RAND_R_RANDOM_POOL_OVERFLOW                      125
+# define RAND_R_RANDOM_POOL_UNDERFLOW                     134
+# define RAND_R_REQUEST_TOO_LARGE_FOR_DRBG                117
+# define RAND_R_RESEED_ERROR                              118
+# define RAND_R_SELFTEST_FAILURE                          119
+# define RAND_R_TOO_LITTLE_NONCE_REQUESTED                135
+# define RAND_R_TOO_MUCH_NONCE_REQUESTED                  136
+# define RAND_R_UNSUPPORTED_DRBG_FLAGS                    132
+# define RAND_R_UNSUPPORTED_DRBG_TYPE                     120
+
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/rc2.h b/freebsd/crypto/openssl/include/openssl/rc2.h
new file mode 100644
index 00000000..585f9e4c
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/rc2.h
@@ -0,0 +1,51 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_RC2_H
+# define HEADER_RC2_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_RC2
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+typedef unsigned int RC2_INT;
+
+# define RC2_ENCRYPT     1
+# define RC2_DECRYPT     0
+
+# define RC2_BLOCK       8
+# define RC2_KEY_LENGTH  16
+
+typedef struct rc2_key_st {
+    RC2_INT data[64];
+} RC2_KEY;
+
+void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits);
+void RC2_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                     RC2_KEY *key, int enc);
+void RC2_encrypt(unsigned long *data, RC2_KEY *key);
+void RC2_decrypt(unsigned long *data, RC2_KEY *key);
+void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+                     RC2_KEY *ks, unsigned char *iv, int enc);
+void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                       long length, RC2_KEY *schedule, unsigned char *ivec,
+                       int *num, int enc);
+void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                       long length, RC2_KEY *schedule, unsigned char *ivec,
+                       int *num);
+
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/rc4.h b/freebsd/crypto/openssl/include/openssl/rc4.h
new file mode 100644
index 00000000..86803b37
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/rc4.h
@@ -0,0 +1,36 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_RC4_H
+# define HEADER_RC4_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_RC4
+# include <stddef.h>
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+typedef struct rc4_key_st {
+    RC4_INT x, y;
+    RC4_INT data[256];
+} RC4_KEY;
+
+const char *RC4_options(void);
+void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
+void RC4(RC4_KEY *key, size_t len, const unsigned char *indata,
+         unsigned char *outdata);
+
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/rc5.h b/freebsd/crypto/openssl/include/openssl/rc5.h
new file mode 100644
index 00000000..793f88e4
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/rc5.h
@@ -0,0 +1,63 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_RC5_H
+# define HEADER_RC5_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_RC5
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+# define RC5_ENCRYPT     1
+# define RC5_DECRYPT     0
+
+# define RC5_32_INT unsigned int
+
+# define RC5_32_BLOCK            8
+# define RC5_32_KEY_LENGTH       16/* This is a default, max is 255 */
+
+/*
+ * This are the only values supported.  Tweak the code if you want more The
+ * most supported modes will be RC5-32/12/16 RC5-32/16/8
+ */
+# define RC5_8_ROUNDS    8
+# define RC5_12_ROUNDS   12
+# define RC5_16_ROUNDS   16
+
+typedef struct rc5_key_st {
+    /* Number of rounds */
+    int rounds;
+    RC5_32_INT data[2 * (RC5_16_ROUNDS + 1)];
+} RC5_32_KEY;
+
+void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data,
+                    int rounds);
+void RC5_32_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                        RC5_32_KEY *key, int enc);
+void RC5_32_encrypt(unsigned long *data, RC5_32_KEY *key);
+void RC5_32_decrypt(unsigned long *data, RC5_32_KEY *key);
+void RC5_32_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                        long length, RC5_32_KEY *ks, unsigned char *iv,
+                        int enc);
+void RC5_32_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                          long length, RC5_32_KEY *schedule,
+                          unsigned char *ivec, int *num, int enc);
+void RC5_32_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                          long length, RC5_32_KEY *schedule,
+                          unsigned char *ivec, int *num);
+
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/ripemd.h b/freebsd/crypto/openssl/include/openssl/ripemd.h
new file mode 100644
index 00000000..c42026aa
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/ripemd.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_RIPEMD_H
+# define HEADER_RIPEMD_H
+
+# include <openssl/opensslconf.h>
+
+#ifndef OPENSSL_NO_RMD160
+# include <openssl/e_os2.h>
+# include <stddef.h>
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+# define RIPEMD160_LONG unsigned int
+
+# define RIPEMD160_CBLOCK        64
+# define RIPEMD160_LBLOCK        (RIPEMD160_CBLOCK/4)
+# define RIPEMD160_DIGEST_LENGTH 20
+
+typedef struct RIPEMD160state_st {
+    RIPEMD160_LONG A, B, C, D, E;
+    RIPEMD160_LONG Nl, Nh;
+    RIPEMD160_LONG data[RIPEMD160_LBLOCK];
+    unsigned int num;
+} RIPEMD160_CTX;
+
+int RIPEMD160_Init(RIPEMD160_CTX *c);
+int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len);
+int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);
+unsigned char *RIPEMD160(const unsigned char *d, size_t n, unsigned char *md);
+void RIPEMD160_Transform(RIPEMD160_CTX *c, const unsigned char *b);
+
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/rsa.h b/freebsd/crypto/openssl/include/openssl/rsa.h
new file mode 100644
index 00000000..a611b6a0
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/rsa.h
@@ -0,0 +1,512 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_RSA_H
+# define HEADER_RSA_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_RSA
+# include <openssl/asn1.h>
+# include <openssl/bio.h>
+# include <openssl/crypto.h>
+# include <openssl/ossl_typ.h>
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  include <openssl/bn.h>
+# endif
+# include <openssl/rsaerr.h>
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+/* The types RSA and RSA_METHOD are defined in ossl_typ.h */
+
+# ifndef OPENSSL_RSA_MAX_MODULUS_BITS
+#  define OPENSSL_RSA_MAX_MODULUS_BITS   16384
+# endif
+
+# define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024
+
+# ifndef OPENSSL_RSA_SMALL_MODULUS_BITS
+#  define OPENSSL_RSA_SMALL_MODULUS_BITS 3072
+# endif
+# ifndef OPENSSL_RSA_MAX_PUBEXP_BITS
+
+/* exponent limit enforced for "large" modulus only */
+#  define OPENSSL_RSA_MAX_PUBEXP_BITS    64
+# endif
+
+# define RSA_3   0x3L
+# define RSA_F4  0x10001L
+
+/* based on RFC 8017 appendix A.1.2 */
+# define RSA_ASN1_VERSION_DEFAULT        0
+# define RSA_ASN1_VERSION_MULTI          1
+
+# define RSA_DEFAULT_PRIME_NUM           2
+
+# define RSA_METHOD_FLAG_NO_CHECK        0x0001/* don't check pub/private
+                                                * match */
+
+# define RSA_FLAG_CACHE_PUBLIC           0x0002
+# define RSA_FLAG_CACHE_PRIVATE          0x0004
+# define RSA_FLAG_BLINDING               0x0008
+# define RSA_FLAG_THREAD_SAFE            0x0010
+/*
+ * This flag means the private key operations will be handled by rsa_mod_exp
+ * and that they do not depend on the private key components being present:
+ * for example a key stored in external hardware. Without this flag
+ * bn_mod_exp gets called when private key components are absent.
+ */
+# define RSA_FLAG_EXT_PKEY               0x0020
+
+/*
+ * new with 0.9.6j and 0.9.7b; the built-in
+ * RSA implementation now uses blinding by
+ * default (ignoring RSA_FLAG_BLINDING),
+ * but other engines might not need it
+ */
+# define RSA_FLAG_NO_BLINDING            0x0080
+# if OPENSSL_API_COMPAT < 0x10100000L
+/*
+ * Does nothing. Previously this switched off constant time behaviour.
+ */
+#  define RSA_FLAG_NO_CONSTTIME           0x0000
+# endif
+# if OPENSSL_API_COMPAT < 0x00908000L
+/* deprecated name for the flag*/
+/*
+ * new with 0.9.7h; the built-in RSA
+ * implementation now uses constant time
+ * modular exponentiation for secret exponents
+ * by default. This flag causes the
+ * faster variable sliding window method to
+ * be used for all exponents.
+ */
+#  define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME
+# endif
+
+# define EVP_PKEY_CTX_set_rsa_padding(ctx, pad) \
+        RSA_pkey_ctx_ctrl(ctx, -1, EVP_PKEY_CTRL_RSA_PADDING, pad, NULL)
+
+# define EVP_PKEY_CTX_get_rsa_padding(ctx, ppad) \
+        RSA_pkey_ctx_ctrl(ctx, -1, EVP_PKEY_CTRL_GET_RSA_PADDING, 0, ppad)
+
+# define EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, len) \
+        RSA_pkey_ctx_ctrl(ctx, (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \
+                          EVP_PKEY_CTRL_RSA_PSS_SALTLEN, len, NULL)
+/* Salt length matches digest */
+# define RSA_PSS_SALTLEN_DIGEST -1
+/* Verify only: auto detect salt length */
+# define RSA_PSS_SALTLEN_AUTO   -2
+/* Set salt length to maximum possible */
+# define RSA_PSS_SALTLEN_MAX    -3
+/* Old compatible max salt length for sign only */
+# define RSA_PSS_SALTLEN_MAX_SIGN    -2
+
+# define EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(ctx, len) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, \
+                          EVP_PKEY_CTRL_RSA_PSS_SALTLEN, len, NULL)
+
+# define EVP_PKEY_CTX_get_rsa_pss_saltlen(ctx, plen) \
+        RSA_pkey_ctx_ctrl(ctx, (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \
+                          EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN, 0, plen)
+
+# define EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits) \
+        RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_KEYGEN, \
+                          EVP_PKEY_CTRL_RSA_KEYGEN_BITS, bits, NULL)
+
+# define EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp) \
+        RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_KEYGEN, \
+                          EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp)
+
+# define EVP_PKEY_CTX_set_rsa_keygen_primes(ctx, primes) \
+        RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_KEYGEN, \
+                          EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES, primes, NULL)
+
+# define  EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, md) \
+        RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, \
+                          EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)(md))
+
+# define  EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(ctx, md) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, \
+                          EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)(md))
+
+# define  EVP_PKEY_CTX_set_rsa_oaep_md(ctx, md) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT,  \
+                          EVP_PKEY_CTRL_RSA_OAEP_MD, 0, (void *)(md))
+
+# define  EVP_PKEY_CTX_get_rsa_mgf1_md(ctx, pmd) \
+        RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, \
+                          EVP_PKEY_CTRL_GET_RSA_MGF1_MD, 0, (void *)(pmd))
+
+# define  EVP_PKEY_CTX_get_rsa_oaep_md(ctx, pmd) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT,  \
+                          EVP_PKEY_CTRL_GET_RSA_OAEP_MD, 0, (void *)(pmd))
+
+# define  EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, l, llen) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT,  \
+                          EVP_PKEY_CTRL_RSA_OAEP_LABEL, llen, (void *)(l))
+
+# define  EVP_PKEY_CTX_get0_rsa_oaep_label(ctx, l) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT,  \
+                          EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL, 0, (void *)(l))
+
+# define  EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS,  \
+                          EVP_PKEY_OP_TYPE_KEYGEN, EVP_PKEY_CTRL_MD,  \
+                          0, (void *)(md))
+
+# define EVP_PKEY_CTRL_RSA_PADDING       (EVP_PKEY_ALG_CTRL + 1)
+# define EVP_PKEY_CTRL_RSA_PSS_SALTLEN   (EVP_PKEY_ALG_CTRL + 2)
+
+# define EVP_PKEY_CTRL_RSA_KEYGEN_BITS   (EVP_PKEY_ALG_CTRL + 3)
+# define EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP (EVP_PKEY_ALG_CTRL + 4)
+# define EVP_PKEY_CTRL_RSA_MGF1_MD       (EVP_PKEY_ALG_CTRL + 5)
+
+# define EVP_PKEY_CTRL_GET_RSA_PADDING           (EVP_PKEY_ALG_CTRL + 6)
+# define EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN       (EVP_PKEY_ALG_CTRL + 7)
+# define EVP_PKEY_CTRL_GET_RSA_MGF1_MD           (EVP_PKEY_ALG_CTRL + 8)
+
+# define EVP_PKEY_CTRL_RSA_OAEP_MD       (EVP_PKEY_ALG_CTRL + 9)
+# define EVP_PKEY_CTRL_RSA_OAEP_LABEL    (EVP_PKEY_ALG_CTRL + 10)
+
+# define EVP_PKEY_CTRL_GET_RSA_OAEP_MD   (EVP_PKEY_ALG_CTRL + 11)
+# define EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 12)
+
+# define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES  (EVP_PKEY_ALG_CTRL + 13)
+
+# define RSA_PKCS1_PADDING       1
+# define RSA_SSLV23_PADDING      2
+# define RSA_NO_PADDING          3
+# define RSA_PKCS1_OAEP_PADDING  4
+# define RSA_X931_PADDING        5
+/* EVP_PKEY_ only */
+# define RSA_PKCS1_PSS_PADDING   6
+
+# define RSA_PKCS1_PADDING_SIZE  11
+
+# define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,arg)
+# define RSA_get_app_data(s)             RSA_get_ex_data(s,0)
+
+RSA *RSA_new(void);
+RSA *RSA_new_method(ENGINE *engine);
+int RSA_bits(const RSA *rsa);
+int RSA_size(const RSA *rsa);
+int RSA_security_bits(const RSA *rsa);
+
+int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
+int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q);
+int RSA_set0_crt_params(RSA *r,BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp);
+int RSA_set0_multi_prime_params(RSA *r, BIGNUM *primes[], BIGNUM *exps[],
+                                BIGNUM *coeffs[], int pnum);
+void RSA_get0_key(const RSA *r,
+                  const BIGNUM **n, const BIGNUM **e, const BIGNUM **d);
+void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q);
+int RSA_get_multi_prime_extra_count(const RSA *r);
+int RSA_get0_multi_prime_factors(const RSA *r, const BIGNUM *primes[]);
+void RSA_get0_crt_params(const RSA *r,
+                         const BIGNUM **dmp1, const BIGNUM **dmq1,
+                         const BIGNUM **iqmp);
+int RSA_get0_multi_prime_crt_params(const RSA *r, const BIGNUM *exps[],
+                                    const BIGNUM *coeffs[]);
+const BIGNUM *RSA_get0_n(const RSA *d);
+const BIGNUM *RSA_get0_e(const RSA *d);
+const BIGNUM *RSA_get0_d(const RSA *d);
+const BIGNUM *RSA_get0_p(const RSA *d);
+const BIGNUM *RSA_get0_q(const RSA *d);
+const BIGNUM *RSA_get0_dmp1(const RSA *r);
+const BIGNUM *RSA_get0_dmq1(const RSA *r);
+const BIGNUM *RSA_get0_iqmp(const RSA *r);
+void RSA_clear_flags(RSA *r, int flags);
+int RSA_test_flags(const RSA *r, int flags);
+void RSA_set_flags(RSA *r, int flags);
+int RSA_get_version(RSA *r);
+ENGINE *RSA_get0_engine(const RSA *r);
+
+/* Deprecated version */
+DEPRECATEDIN_0_9_8(RSA *RSA_generate_key(int bits, unsigned long e, void
+                                         (*callback) (int, int, void *),
+                                         void *cb_arg))
+
+/* New version */
+int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
+/* Multi-prime version */
+int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes,
+                                 BIGNUM *e, BN_GENCB *cb);
+
+int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1,
+                       BIGNUM *q2, const BIGNUM *Xp1, const BIGNUM *Xp2,
+                       const BIGNUM *Xp, const BIGNUM *Xq1, const BIGNUM *Xq2,
+                       const BIGNUM *Xq, const BIGNUM *e, BN_GENCB *cb);
+int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e,
+                             BN_GENCB *cb);
+
+int RSA_check_key(const RSA *);
+int RSA_check_key_ex(const RSA *, BN_GENCB *cb);
+        /* next 4 return -1 on error */
+int RSA_public_encrypt(int flen, const unsigned char *from,
+                       unsigned char *to, RSA *rsa, int padding);
+int RSA_private_encrypt(int flen, const unsigned char *from,
+                        unsigned char *to, RSA *rsa, int padding);
+int RSA_public_decrypt(int flen, const unsigned char *from,
+                       unsigned char *to, RSA *rsa, int padding);
+int RSA_private_decrypt(int flen, const unsigned char *from,
+                        unsigned char *to, RSA *rsa, int padding);
+void RSA_free(RSA *r);
+/* "up" the RSA object's reference count */
+int RSA_up_ref(RSA *r);
+
+int RSA_flags(const RSA *r);
+
+void RSA_set_default_method(const RSA_METHOD *meth);
+const RSA_METHOD *RSA_get_default_method(void);
+const RSA_METHOD *RSA_null_method(void);
+const RSA_METHOD *RSA_get_method(const RSA *rsa);
+int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
+
+/* these are the actual RSA functions */
+const RSA_METHOD *RSA_PKCS1_OpenSSL(void);
+
+int RSA_pkey_ctx_ctrl(EVP_PKEY_CTX *ctx, int optype, int cmd, int p1, void *p2);
+
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPublicKey)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPrivateKey)
+
+typedef struct rsa_pss_params_st {
+    X509_ALGOR *hashAlgorithm;
+    X509_ALGOR *maskGenAlgorithm;
+    ASN1_INTEGER *saltLength;
+    ASN1_INTEGER *trailerField;
+    /* Decoded hash algorithm from maskGenAlgorithm */
+    X509_ALGOR *maskHash;
+} RSA_PSS_PARAMS;
+
+DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS)
+
+typedef struct rsa_oaep_params_st {
+    X509_ALGOR *hashFunc;
+    X509_ALGOR *maskGenFunc;
+    X509_ALGOR *pSourceFunc;
+    /* Decoded hash algorithm from maskGenFunc */
+    X509_ALGOR *maskHash;
+} RSA_OAEP_PARAMS;
+
+DECLARE_ASN1_FUNCTIONS(RSA_OAEP_PARAMS)
+
+# ifndef OPENSSL_NO_STDIO
+int RSA_print_fp(FILE *fp, const RSA *r, int offset);
+# endif
+
+int RSA_print(BIO *bp, const RSA *r, int offset);
+
+/*
+ * The following 2 functions sign and verify a X509_SIG ASN1 object inside
+ * PKCS#1 padded RSA encryption
+ */
+int RSA_sign(int type, const unsigned char *m, unsigned int m_length,
+             unsigned char *sigret, unsigned int *siglen, RSA *rsa);
+int RSA_verify(int type, const unsigned char *m, unsigned int m_length,
+               const unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+
+/*
+ * The following 2 function sign and verify a ASN1_OCTET_STRING object inside
+ * PKCS#1 padded RSA encryption
+ */
+int RSA_sign_ASN1_OCTET_STRING(int type,
+                               const unsigned char *m, unsigned int m_length,
+                               unsigned char *sigret, unsigned int *siglen,
+                               RSA *rsa);
+int RSA_verify_ASN1_OCTET_STRING(int type, const unsigned char *m,
+                                 unsigned int m_length, unsigned char *sigbuf,
+                                 unsigned int siglen, RSA *rsa);
+
+int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
+void RSA_blinding_off(RSA *rsa);
+BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *ctx);
+
+int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
+                                 const unsigned char *f, int fl);
+int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
+                                   const unsigned char *f, int fl,
+                                   int rsa_len);
+int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
+                                 const unsigned char *f, int fl);
+int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
+                                   const unsigned char *f, int fl,
+                                   int rsa_len);
+int PKCS1_MGF1(unsigned char *mask, long len, const unsigned char *seed,
+               long seedlen, const EVP_MD *dgst);
+int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
+                               const unsigned char *f, int fl,
+                               const unsigned char *p, int pl);
+int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
+                                 const unsigned char *f, int fl, int rsa_len,
+                                 const unsigned char *p, int pl);
+int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
+                                    const unsigned char *from, int flen,
+                                    const unsigned char *param, int plen,
+                                    const EVP_MD *md, const EVP_MD *mgf1md);
+int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
+                                      const unsigned char *from, int flen,
+                                      int num, const unsigned char *param,
+                                      int plen, const EVP_MD *md,
+                                      const EVP_MD *mgf1md);
+int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
+                           const unsigned char *f, int fl);
+int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
+                             const unsigned char *f, int fl, int rsa_len);
+int RSA_padding_add_none(unsigned char *to, int tlen, const unsigned char *f,
+                         int fl);
+int RSA_padding_check_none(unsigned char *to, int tlen,
+                           const unsigned char *f, int fl, int rsa_len);
+int RSA_padding_add_X931(unsigned char *to, int tlen, const unsigned char *f,
+                         int fl);
+int RSA_padding_check_X931(unsigned char *to, int tlen,
+                           const unsigned char *f, int fl, int rsa_len);
+int RSA_X931_hash_id(int nid);
+
+int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
+                         const EVP_MD *Hash, const unsigned char *EM,
+                         int sLen);
+int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
+                              const unsigned char *mHash, const EVP_MD *Hash,
+                              int sLen);
+
+int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
+                              const EVP_MD *Hash, const EVP_MD *mgf1Hash,
+                              const unsigned char *EM, int sLen);
+
+int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
+                                   const unsigned char *mHash,
+                                   const EVP_MD *Hash, const EVP_MD *mgf1Hash,
+                                   int sLen);
+
+#define RSA_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, l, p, newf, dupf, freef)
+int RSA_set_ex_data(RSA *r, int idx, void *arg);
+void *RSA_get_ex_data(const RSA *r, int idx);
+
+RSA *RSAPublicKey_dup(RSA *rsa);
+RSA *RSAPrivateKey_dup(RSA *rsa);
+
+/*
+ * If this flag is set the RSA method is FIPS compliant and can be used in
+ * FIPS mode. This is set in the validated module method. If an application
+ * sets this flag in its own methods it is its responsibility to ensure the
+ * result is compliant.
+ */
+
+# define RSA_FLAG_FIPS_METHOD                    0x0400
+
+/*
+ * If this flag is set the operations normally disabled in FIPS mode are
+ * permitted it is then the applications responsibility to ensure that the
+ * usage is compliant.
+ */
+
+# define RSA_FLAG_NON_FIPS_ALLOW                 0x0400
+/*
+ * Application has decided PRNG is good enough to generate a key: don't
+ * check.
+ */
+# define RSA_FLAG_CHECKED                        0x0800
+
+RSA_METHOD *RSA_meth_new(const char *name, int flags);
+void RSA_meth_free(RSA_METHOD *meth);
+RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth);
+const char *RSA_meth_get0_name(const RSA_METHOD *meth);
+int RSA_meth_set1_name(RSA_METHOD *meth, const char *name);
+int RSA_meth_get_flags(const RSA_METHOD *meth);
+int RSA_meth_set_flags(RSA_METHOD *meth, int flags);
+void *RSA_meth_get0_app_data(const RSA_METHOD *meth);
+int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data);
+int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth))
+    (int flen, const unsigned char *from,
+     unsigned char *to, RSA *rsa, int padding);
+int RSA_meth_set_pub_enc(RSA_METHOD *rsa,
+                         int (*pub_enc) (int flen, const unsigned char *from,
+                                         unsigned char *to, RSA *rsa,
+                                         int padding));
+int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth))
+    (int flen, const unsigned char *from,
+     unsigned char *to, RSA *rsa, int padding);
+int RSA_meth_set_pub_dec(RSA_METHOD *rsa,
+                         int (*pub_dec) (int flen, const unsigned char *from,
+                                         unsigned char *to, RSA *rsa,
+                                         int padding));
+int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth))
+    (int flen, const unsigned char *from,
+     unsigned char *to, RSA *rsa, int padding);
+int RSA_meth_set_priv_enc(RSA_METHOD *rsa,
+                          int (*priv_enc) (int flen, const unsigned char *from,
+                                           unsigned char *to, RSA *rsa,
+                                           int padding));
+int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth))
+    (int flen, const unsigned char *from,
+     unsigned char *to, RSA *rsa, int padding);
+int RSA_meth_set_priv_dec(RSA_METHOD *rsa,
+                          int (*priv_dec) (int flen, const unsigned char *from,
+                                           unsigned char *to, RSA *rsa,
+                                           int padding));
+int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth))
+    (BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
+int RSA_meth_set_mod_exp(RSA_METHOD *rsa,
+                         int (*mod_exp) (BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+                                         BN_CTX *ctx));
+int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth))
+    (BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+     const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+int RSA_meth_set_bn_mod_exp(RSA_METHOD *rsa,
+                            int (*bn_mod_exp) (BIGNUM *r,
+                                               const BIGNUM *a,
+                                               const BIGNUM *p,
+                                               const BIGNUM *m,
+                                               BN_CTX *ctx,
+                                               BN_MONT_CTX *m_ctx));
+int (*RSA_meth_get_init(const RSA_METHOD *meth)) (RSA *rsa);
+int RSA_meth_set_init(RSA_METHOD *rsa, int (*init) (RSA *rsa));
+int (*RSA_meth_get_finish(const RSA_METHOD *meth)) (RSA *rsa);
+int RSA_meth_set_finish(RSA_METHOD *rsa, int (*finish) (RSA *rsa));
+int (*RSA_meth_get_sign(const RSA_METHOD *meth))
+    (int type,
+     const unsigned char *m, unsigned int m_length,
+     unsigned char *sigret, unsigned int *siglen,
+     const RSA *rsa);
+int RSA_meth_set_sign(RSA_METHOD *rsa,
+                      int (*sign) (int type, const unsigned char *m,
+                                   unsigned int m_length,
+                                   unsigned char *sigret, unsigned int *siglen,
+                                   const RSA *rsa));
+int (*RSA_meth_get_verify(const RSA_METHOD *meth))
+    (int dtype, const unsigned char *m,
+     unsigned int m_length, const unsigned char *sigbuf,
+     unsigned int siglen, const RSA *rsa);
+int RSA_meth_set_verify(RSA_METHOD *rsa,
+                        int (*verify) (int dtype, const unsigned char *m,
+                                       unsigned int m_length,
+                                       const unsigned char *sigbuf,
+                                       unsigned int siglen, const RSA *rsa));
+int (*RSA_meth_get_keygen(const RSA_METHOD *meth))
+    (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
+int RSA_meth_set_keygen(RSA_METHOD *rsa,
+                        int (*keygen) (RSA *rsa, int bits, BIGNUM *e,
+                                       BN_GENCB *cb));
+int (*RSA_meth_get_multi_prime_keygen(const RSA_METHOD *meth))
+    (RSA *rsa, int bits, int primes, BIGNUM *e, BN_GENCB *cb);
+int RSA_meth_set_multi_prime_keygen(RSA_METHOD *meth,
+                                    int (*keygen) (RSA *rsa, int bits,
+                                                   int primes, BIGNUM *e,
+                                                   BN_GENCB *cb));
+
+#  ifdef  __cplusplus
+}
+#  endif
+# endif
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/rsaerr.h b/freebsd/crypto/openssl/include/openssl/rsaerr.h
new file mode 100644
index 00000000..d5bc01c1
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/rsaerr.h
@@ -0,0 +1,162 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_RSAERR_H
+# define HEADER_RSAERR_H
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_RSA_strings(void);
+
+/*
+ * RSA function codes.
+ */
+# define RSA_F_CHECK_PADDING_MD                           140
+# define RSA_F_ENCODE_PKCS1                               146
+# define RSA_F_INT_RSA_VERIFY                             145
+# define RSA_F_OLD_RSA_PRIV_DECODE                        147
+# define RSA_F_PKEY_PSS_INIT                              165
+# define RSA_F_PKEY_RSA_CTRL                              143
+# define RSA_F_PKEY_RSA_CTRL_STR                          144
+# define RSA_F_PKEY_RSA_SIGN                              142
+# define RSA_F_PKEY_RSA_VERIFY                            149
+# define RSA_F_PKEY_RSA_VERIFYRECOVER                     141
+# define RSA_F_RSA_ALGOR_TO_MD                            156
+# define RSA_F_RSA_BUILTIN_KEYGEN                         129
+# define RSA_F_RSA_CHECK_KEY                              123
+# define RSA_F_RSA_CHECK_KEY_EX                           160
+# define RSA_F_RSA_CMS_DECRYPT                            159
+# define RSA_F_RSA_CMS_VERIFY                             158
+# define RSA_F_RSA_ITEM_VERIFY                            148
+# define RSA_F_RSA_METH_DUP                               161
+# define RSA_F_RSA_METH_NEW                               162
+# define RSA_F_RSA_METH_SET1_NAME                         163
+# define RSA_F_RSA_MGF1_TO_MD                             157
+# define RSA_F_RSA_MULTIP_INFO_NEW                        166
+# define RSA_F_RSA_NEW_METHOD                             106
+# define RSA_F_RSA_NULL                                   124
+# define RSA_F_RSA_NULL_PRIVATE_DECRYPT                   132
+# define RSA_F_RSA_NULL_PRIVATE_ENCRYPT                   133
+# define RSA_F_RSA_NULL_PUBLIC_DECRYPT                    134
+# define RSA_F_RSA_NULL_PUBLIC_ENCRYPT                    135
+# define RSA_F_RSA_OSSL_PRIVATE_DECRYPT                   101
+# define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT                   102
+# define RSA_F_RSA_OSSL_PUBLIC_DECRYPT                    103
+# define RSA_F_RSA_OSSL_PUBLIC_ENCRYPT                    104
+# define RSA_F_RSA_PADDING_ADD_NONE                       107
+# define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP                 121
+# define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1            154
+# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS                  125
+# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1             152
+# define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1               108
+# define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2               109
+# define RSA_F_RSA_PADDING_ADD_SSLV23                     110
+# define RSA_F_RSA_PADDING_ADD_X931                       127
+# define RSA_F_RSA_PADDING_CHECK_NONE                     111
+# define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP               122
+# define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1          153
+# define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1             112
+# define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2             113
+# define RSA_F_RSA_PADDING_CHECK_SSLV23                   114
+# define RSA_F_RSA_PADDING_CHECK_X931                     128
+# define RSA_F_RSA_PARAM_DECODE                           164
+# define RSA_F_RSA_PRINT                                  115
+# define RSA_F_RSA_PRINT_FP                               116
+# define RSA_F_RSA_PRIV_DECODE                            150
+# define RSA_F_RSA_PRIV_ENCODE                            138
+# define RSA_F_RSA_PSS_GET_PARAM                          151
+# define RSA_F_RSA_PSS_TO_CTX                             155
+# define RSA_F_RSA_PUB_DECODE                             139
+# define RSA_F_RSA_SETUP_BLINDING                         136
+# define RSA_F_RSA_SIGN                                   117
+# define RSA_F_RSA_SIGN_ASN1_OCTET_STRING                 118
+# define RSA_F_RSA_VERIFY                                 119
+# define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING               120
+# define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1                  126
+# define RSA_F_SETUP_TBUF                                 167
+
+/*
+ * RSA reason codes.
+ */
+# define RSA_R_ALGORITHM_MISMATCH                         100
+# define RSA_R_BAD_E_VALUE                                101
+# define RSA_R_BAD_FIXED_HEADER_DECRYPT                   102
+# define RSA_R_BAD_PAD_BYTE_COUNT                         103
+# define RSA_R_BAD_SIGNATURE                              104
+# define RSA_R_BLOCK_TYPE_IS_NOT_01                       106
+# define RSA_R_BLOCK_TYPE_IS_NOT_02                       107
+# define RSA_R_DATA_GREATER_THAN_MOD_LEN                  108
+# define RSA_R_DATA_TOO_LARGE                             109
+# define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE                110
+# define RSA_R_DATA_TOO_LARGE_FOR_MODULUS                 132
+# define RSA_R_DATA_TOO_SMALL                             111
+# define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE                122
+# define RSA_R_DIGEST_DOES_NOT_MATCH                      158
+# define RSA_R_DIGEST_NOT_ALLOWED                         145
+# define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY                 112
+# define RSA_R_DMP1_NOT_CONGRUENT_TO_D                    124
+# define RSA_R_DMQ1_NOT_CONGRUENT_TO_D                    125
+# define RSA_R_D_E_NOT_CONGRUENT_TO_1                     123
+# define RSA_R_FIRST_OCTET_INVALID                        133
+# define RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE        144
+# define RSA_R_INVALID_DIGEST                             157
+# define RSA_R_INVALID_DIGEST_LENGTH                      143
+# define RSA_R_INVALID_HEADER                             137
+# define RSA_R_INVALID_LABEL                              160
+# define RSA_R_INVALID_MESSAGE_LENGTH                     131
+# define RSA_R_INVALID_MGF1_MD                            156
+# define RSA_R_INVALID_MULTI_PRIME_KEY                    167
+# define RSA_R_INVALID_OAEP_PARAMETERS                    161
+# define RSA_R_INVALID_PADDING                            138
+# define RSA_R_INVALID_PADDING_MODE                       141
+# define RSA_R_INVALID_PSS_PARAMETERS                     149
+# define RSA_R_INVALID_PSS_SALTLEN                        146
+# define RSA_R_INVALID_SALT_LENGTH                        150
+# define RSA_R_INVALID_TRAILER                            139
+# define RSA_R_INVALID_X931_DIGEST                        142
+# define RSA_R_IQMP_NOT_INVERSE_OF_Q                      126
+# define RSA_R_KEY_PRIME_NUM_INVALID                      165
+# define RSA_R_KEY_SIZE_TOO_SMALL                         120
+# define RSA_R_LAST_OCTET_INVALID                         134
+# define RSA_R_MGF1_DIGEST_NOT_ALLOWED                    152
+# define RSA_R_MODULUS_TOO_LARGE                          105
+# define RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R            168
+# define RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D             169
+# define RSA_R_MP_R_NOT_PRIME                             170
+# define RSA_R_NO_PUBLIC_EXPONENT                         140
+# define RSA_R_NULL_BEFORE_BLOCK_MISSING                  113
+# define RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES         172
+# define RSA_R_N_DOES_NOT_EQUAL_P_Q                       127
+# define RSA_R_OAEP_DECODING_ERROR                        121
+# define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE   148
+# define RSA_R_PADDING_CHECK_FAILED                       114
+# define RSA_R_PKCS_DECODING_ERROR                        159
+# define RSA_R_PSS_SALTLEN_TOO_SMALL                      164
+# define RSA_R_P_NOT_PRIME                                128
+# define RSA_R_Q_NOT_PRIME                                129
+# define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED               130
+# define RSA_R_SLEN_CHECK_FAILED                          136
+# define RSA_R_SLEN_RECOVERY_FAILED                       135
+# define RSA_R_SSLV3_ROLLBACK_ATTACK                      115
+# define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116
+# define RSA_R_UNKNOWN_ALGORITHM_TYPE                     117
+# define RSA_R_UNKNOWN_DIGEST                             166
+# define RSA_R_UNKNOWN_MASK_DIGEST                        151
+# define RSA_R_UNKNOWN_PADDING_TYPE                       118
+# define RSA_R_UNSUPPORTED_ENCRYPTION_TYPE                162
+# define RSA_R_UNSUPPORTED_LABEL_SOURCE                   163
+# define RSA_R_UNSUPPORTED_MASK_ALGORITHM                 153
+# define RSA_R_UNSUPPORTED_MASK_PARAMETER                 154
+# define RSA_R_UNSUPPORTED_SIGNATURE_TYPE                 155
+# define RSA_R_VALUE_MISSING                              147
+# define RSA_R_WRONG_SIGNATURE_LENGTH                     119
+
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/safestack.h b/freebsd/crypto/openssl/include/openssl/safestack.h
new file mode 100644
index 00000000..7438b193
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/safestack.h
@@ -0,0 +1,172 @@
+/*
+ * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_SAFESTACK_H
+# define HEADER_SAFESTACK_H
+
+# include <openssl/stack.h>
+# include <openssl/e_os2.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# define STACK_OF(type) struct stack_st_##type
+
+# define SKM_DEFINE_STACK_OF(t1, t2, t3) \
+    STACK_OF(t1); \
+    typedef int (*sk_##t1##_compfunc)(const t3 * const *a, const t3 *const *b); \
+    typedef void (*sk_##t1##_freefunc)(t3 *a); \
+    typedef t3 * (*sk_##t1##_copyfunc)(const t3 *a); \
+    static ossl_inline int sk_##t1##_num(const STACK_OF(t1) *sk) \
+    { \
+        return OPENSSL_sk_num((const OPENSSL_STACK *)sk); \
+    } \
+    static ossl_inline t2 *sk_##t1##_value(const STACK_OF(t1) *sk, int idx) \
+    { \
+        return (t2 *)OPENSSL_sk_value((const OPENSSL_STACK *)sk, idx); \
+    } \
+    static ossl_inline STACK_OF(t1) *sk_##t1##_new(sk_##t1##_compfunc compare) \
+    { \
+        return (STACK_OF(t1) *)OPENSSL_sk_new((OPENSSL_sk_compfunc)compare); \
+    } \
+    static ossl_inline STACK_OF(t1) *sk_##t1##_new_null(void) \
+    { \
+        return (STACK_OF(t1) *)OPENSSL_sk_new_null(); \
+    } \
+    static ossl_inline STACK_OF(t1) *sk_##t1##_new_reserve(sk_##t1##_compfunc compare, int n) \
+    { \
+        return (STACK_OF(t1) *)OPENSSL_sk_new_reserve((OPENSSL_sk_compfunc)compare, n); \
+    } \
+    static ossl_inline int sk_##t1##_reserve(STACK_OF(t1) *sk, int n) \
+    { \
+        return OPENSSL_sk_reserve((OPENSSL_STACK *)sk, n); \
+    } \
+    static ossl_inline void sk_##t1##_free(STACK_OF(t1) *sk) \
+    { \
+        OPENSSL_sk_free((OPENSSL_STACK *)sk); \
+    } \
+    static ossl_inline void sk_##t1##_zero(STACK_OF(t1) *sk) \
+    { \
+        OPENSSL_sk_zero((OPENSSL_STACK *)sk); \
+    } \
+    static ossl_inline t2 *sk_##t1##_delete(STACK_OF(t1) *sk, int i) \
+    { \
+        return (t2 *)OPENSSL_sk_delete((OPENSSL_STACK *)sk, i); \
+    } \
+    static ossl_inline t2 *sk_##t1##_delete_ptr(STACK_OF(t1) *sk, t2 *ptr) \
+    { \
+        return (t2 *)OPENSSL_sk_delete_ptr((OPENSSL_STACK *)sk, \
+                                           (const void *)ptr); \
+    } \
+    static ossl_inline int sk_##t1##_push(STACK_OF(t1) *sk, t2 *ptr) \
+    { \
+        return OPENSSL_sk_push((OPENSSL_STACK *)sk, (const void *)ptr); \
+    } \
+    static ossl_inline int sk_##t1##_unshift(STACK_OF(t1) *sk, t2 *ptr) \
+    { \
+        return OPENSSL_sk_unshift((OPENSSL_STACK *)sk, (const void *)ptr); \
+    } \
+    static ossl_inline t2 *sk_##t1##_pop(STACK_OF(t1) *sk) \
+    { \
+        return (t2 *)OPENSSL_sk_pop((OPENSSL_STACK *)sk); \
+    } \
+    static ossl_inline t2 *sk_##t1##_shift(STACK_OF(t1) *sk) \
+    { \
+        return (t2 *)OPENSSL_sk_shift((OPENSSL_STACK *)sk); \
+    } \
+    static ossl_inline void sk_##t1##_pop_free(STACK_OF(t1) *sk, sk_##t1##_freefunc freefunc) \
+    { \
+        OPENSSL_sk_pop_free((OPENSSL_STACK *)sk, (OPENSSL_sk_freefunc)freefunc); \
+    } \
+    static ossl_inline int sk_##t1##_insert(STACK_OF(t1) *sk, t2 *ptr, int idx) \
+    { \
+        return OPENSSL_sk_insert((OPENSSL_STACK *)sk, (const void *)ptr, idx); \
+    } \
+    static ossl_inline t2 *sk_##t1##_set(STACK_OF(t1) *sk, int idx, t2 *ptr) \
+    { \
+        return (t2 *)OPENSSL_sk_set((OPENSSL_STACK *)sk, idx, (const void *)ptr); \
+    } \
+    static ossl_inline int sk_##t1##_find(STACK_OF(t1) *sk, t2 *ptr) \
+    { \
+        return OPENSSL_sk_find((OPENSSL_STACK *)sk, (const void *)ptr); \
+    } \
+    static ossl_inline int sk_##t1##_find_ex(STACK_OF(t1) *sk, t2 *ptr) \
+    { \
+        return OPENSSL_sk_find_ex((OPENSSL_STACK *)sk, (const void *)ptr); \
+    } \
+    static ossl_inline void sk_##t1##_sort(STACK_OF(t1) *sk) \
+    { \
+        OPENSSL_sk_sort((OPENSSL_STACK *)sk); \
+    } \
+    static ossl_inline int sk_##t1##_is_sorted(const STACK_OF(t1) *sk) \
+    { \
+        return OPENSSL_sk_is_sorted((const OPENSSL_STACK *)sk); \
+    } \
+    static ossl_inline STACK_OF(t1) * sk_##t1##_dup(const STACK_OF(t1) *sk) \
+    { \
+        return (STACK_OF(t1) *)OPENSSL_sk_dup((const OPENSSL_STACK *)sk); \
+    } \
+    static ossl_inline STACK_OF(t1) *sk_##t1##_deep_copy(const STACK_OF(t1) *sk, \
+                                                    sk_##t1##_copyfunc copyfunc, \
+                                                    sk_##t1##_freefunc freefunc) \
+    { \
+        return (STACK_OF(t1) *)OPENSSL_sk_deep_copy((const OPENSSL_STACK *)sk, \
+                                            (OPENSSL_sk_copyfunc)copyfunc, \
+                                            (OPENSSL_sk_freefunc)freefunc); \
+    } \
+    static ossl_inline sk_##t1##_compfunc sk_##t1##_set_cmp_func(STACK_OF(t1) *sk, sk_##t1##_compfunc compare) \
+    { \
+        return (sk_##t1##_compfunc)OPENSSL_sk_set_cmp_func((OPENSSL_STACK *)sk, (OPENSSL_sk_compfunc)compare); \
+    }
+
+# define DEFINE_SPECIAL_STACK_OF(t1, t2) SKM_DEFINE_STACK_OF(t1, t2, t2)
+# define DEFINE_STACK_OF(t) SKM_DEFINE_STACK_OF(t, t, t)
+# define DEFINE_SPECIAL_STACK_OF_CONST(t1, t2) \
+            SKM_DEFINE_STACK_OF(t1, const t2, t2)
+# define DEFINE_STACK_OF_CONST(t) SKM_DEFINE_STACK_OF(t, const t, t)
+
+/*-
+ * Strings are special: normally an lhash entry will point to a single
+ * (somewhat) mutable object. In the case of strings:
+ *
+ * a) Instead of a single char, there is an array of chars, NUL-terminated.
+ * b) The string may have be immutable.
+ *
+ * So, they need their own declarations. Especially important for
+ * type-checking tools, such as Deputy.
+ *
+ * In practice, however, it appears to be hard to have a const
+ * string. For now, I'm settling for dealing with the fact it is a
+ * string at all.
+ */
+typedef char *OPENSSL_STRING;
+typedef const char *OPENSSL_CSTRING;
+
+/*-
+ * Confusingly, LHASH_OF(STRING) deals with char ** throughout, but
+ * STACK_OF(STRING) is really more like STACK_OF(char), only, as mentioned
+ * above, instead of a single char each entry is a NUL-terminated array of
+ * chars. So, we have to implement STRING specially for STACK_OF. This is
+ * dealt with in the autogenerated macros below.
+ */
+DEFINE_SPECIAL_STACK_OF(OPENSSL_STRING, char)
+DEFINE_SPECIAL_STACK_OF_CONST(OPENSSL_CSTRING, char)
+
+/*
+ * Similarly, we sometimes use a block of characters, NOT nul-terminated.
+ * These should also be distinguished from "normal" stacks.
+ */
+typedef void *OPENSSL_BLOCK;
+DEFINE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/freebsd/crypto/openssl/crypto/seed/seed.h b/freebsd/crypto/openssl/include/openssl/seed.h
index 8cbf0d92..de10b085 100644
--- a/freebsd/crypto/openssl/crypto/seed/seed.h
+++ b/freebsd/crypto/openssl/include/openssl/seed.h
@@ -1,4 +1,13 @@
 /*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
  * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -21,72 +30,20 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
  */
 
 #ifndef HEADER_SEED_H
 # define HEADER_SEED_H
 
 # include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_SEED
 # include <openssl/e_os2.h>
 # include <openssl/crypto.h>
 
-# ifdef OPENSSL_NO_SEED
-#  error SEED is disabled.
-# endif
+#ifdef  __cplusplus
+extern "C" {
+#endif
 
 /* look whether we need 'long' to get 32 bits */
 # ifdef AES_LONG
@@ -95,18 +52,11 @@
 #  endif
 # endif
 
-# if !defined(NO_SYS_TYPES_H)
-#  include <sys/types.h>
-# endif
+# include <sys/types.h>
 
 # define SEED_BLOCK_SIZE 16
 # define SEED_KEY_LENGTH 16
 
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
 typedef struct seed_key_st {
 # ifdef SEED_LONG
     unsigned long data[32];
@@ -115,10 +65,6 @@ typedef struct seed_key_st {
 # endif
 } SEED_KEY_SCHEDULE;
 
-# ifdef OPENSSL_FIPS
-void private_SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH],
-                          SEED_KEY_SCHEDULE *ks);
-# endif
 void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH],
                   SEED_KEY_SCHEDULE *ks);
 
@@ -142,8 +88,9 @@ void SEED_ofb128_encrypt(const unsigned char *in, unsigned char *out,
                          size_t len, const SEED_KEY_SCHEDULE *ks,
                          unsigned char ivec[SEED_BLOCK_SIZE], int *num);
 
-#ifdef  __cplusplus
+# ifdef  __cplusplus
 }
-#endif
+# endif
+# endif
 
-#endif                          /* HEADER_SEED_H */
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/sha.h b/freebsd/crypto/openssl/include/openssl/sha.h
new file mode 100644
index 00000000..6a1eb0de
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/sha.h
@@ -0,0 +1,119 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_SHA_H
+# define HEADER_SHA_H
+
+# include <openssl/e_os2.h>
+# include <stddef.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/*-
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * ! SHA_LONG has to be at least 32 bits wide.                    !
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ */
+# define SHA_LONG unsigned int
+
+# define SHA_LBLOCK      16
+# define SHA_CBLOCK      (SHA_LBLOCK*4)/* SHA treats input data as a
+                                        * contiguous array of 32 bit wide
+                                        * big-endian values. */
+# define SHA_LAST_BLOCK  (SHA_CBLOCK-8)
+# define SHA_DIGEST_LENGTH 20
+
+typedef struct SHAstate_st {
+    SHA_LONG h0, h1, h2, h3, h4;
+    SHA_LONG Nl, Nh;
+    SHA_LONG data[SHA_LBLOCK];
+    unsigned int num;
+} SHA_CTX;
+
+int SHA1_Init(SHA_CTX *c);
+int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
+int SHA1_Final(unsigned char *md, SHA_CTX *c);
+unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md);
+void SHA1_Transform(SHA_CTX *c, const unsigned char *data);
+
+# define SHA256_CBLOCK   (SHA_LBLOCK*4)/* SHA-256 treats input data as a
+                                        * contiguous array of 32 bit wide
+                                        * big-endian values. */
+
+typedef struct SHA256state_st {
+    SHA_LONG h[8];
+    SHA_LONG Nl, Nh;
+    SHA_LONG data[SHA_LBLOCK];
+    unsigned int num, md_len;
+} SHA256_CTX;
+
+int SHA224_Init(SHA256_CTX *c);
+int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);
+int SHA224_Final(unsigned char *md, SHA256_CTX *c);
+unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md);
+int SHA256_Init(SHA256_CTX *c);
+int SHA256_Update(SHA256_CTX *c, const void *data, size_t len);
+int SHA256_Final(unsigned char *md, SHA256_CTX *c);
+unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md);
+void SHA256_Transform(SHA256_CTX *c, const unsigned char *data);
+
+# define SHA224_DIGEST_LENGTH    28
+# define SHA256_DIGEST_LENGTH    32
+# define SHA384_DIGEST_LENGTH    48
+# define SHA512_DIGEST_LENGTH    64
+
+/*
+ * Unlike 32-bit digest algorithms, SHA-512 *relies* on SHA_LONG64
+ * being exactly 64-bit wide. See Implementation Notes in sha512.c
+ * for further details.
+ */
+/*
+ * SHA-512 treats input data as a
+ * contiguous array of 64 bit
+ * wide big-endian values.
+ */
+# define SHA512_CBLOCK   (SHA_LBLOCK*8)
+# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
+#  define SHA_LONG64 unsigned __int64
+#  define U64(C)     C##UI64
+# elif defined(__arch64__)
+#  define SHA_LONG64 unsigned long
+#  define U64(C)     C##UL
+# else
+#  define SHA_LONG64 unsigned long long
+#  define U64(C)     C##ULL
+# endif
+
+typedef struct SHA512state_st {
+    SHA_LONG64 h[8];
+    SHA_LONG64 Nl, Nh;
+    union {
+        SHA_LONG64 d[SHA_LBLOCK];
+        unsigned char p[SHA512_CBLOCK];
+    } u;
+    unsigned int num, md_len;
+} SHA512_CTX;
+
+int SHA384_Init(SHA512_CTX *c);
+int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
+int SHA384_Final(unsigned char *md, SHA512_CTX *c);
+unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md);
+int SHA512_Init(SHA512_CTX *c);
+int SHA512_Update(SHA512_CTX *c, const void *data, size_t len);
+int SHA512_Final(unsigned char *md, SHA512_CTX *c);
+unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md);
+void SHA512_Transform(SHA512_CTX *c, const unsigned char *data);
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/srp.h b/freebsd/crypto/openssl/include/openssl/srp.h
new file mode 100644
index 00000000..aaf13558
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/srp.h
@@ -0,0 +1,135 @@
+/*
+ * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2004, EdelKey Project. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Christophe Renou and Peter Sylvester,
+ * for the EdelKey project.
+ */
+
+#ifndef HEADER_SRP_H
+# define HEADER_SRP_H
+
+#include <openssl/opensslconf.h>
+
+#ifndef OPENSSL_NO_SRP
+# include <stdio.h>
+# include <string.h>
+# include <openssl/safestack.h>
+# include <openssl/bn.h>
+# include <openssl/crypto.h>
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+typedef struct SRP_gN_cache_st {
+    char *b64_bn;
+    BIGNUM *bn;
+} SRP_gN_cache;
+
+
+DEFINE_STACK_OF(SRP_gN_cache)
+
+typedef struct SRP_user_pwd_st {
+    /* Owned by us. */
+    char *id;
+    BIGNUM *s;
+    BIGNUM *v;
+    /* Not owned by us. */
+    const BIGNUM *g;
+    const BIGNUM *N;
+    /* Owned by us. */
+    char *info;
+} SRP_user_pwd;
+
+void SRP_user_pwd_free(SRP_user_pwd *user_pwd);
+
+DEFINE_STACK_OF(SRP_user_pwd)
+
+typedef struct SRP_VBASE_st {
+    STACK_OF(SRP_user_pwd) *users_pwd;
+    STACK_OF(SRP_gN_cache) *gN_cache;
+/* to simulate a user */
+    char *seed_key;
+    const BIGNUM *default_g;
+    const BIGNUM *default_N;
+} SRP_VBASE;
+
+/*
+ * Internal structure storing N and g pair
+ */
+typedef struct SRP_gN_st {
+    char *id;
+    const BIGNUM *g;
+    const BIGNUM *N;
+} SRP_gN;
+
+DEFINE_STACK_OF(SRP_gN)
+
+SRP_VBASE *SRP_VBASE_new(char *seed_key);
+void SRP_VBASE_free(SRP_VBASE *vb);
+int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file);
+
+/* This method ignores the configured seed and fails for an unknown user. */
+DEPRECATEDIN_1_1_0(SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username))
+/* NOTE: unlike in SRP_VBASE_get_by_user, caller owns the returned pointer.*/
+SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username);
+
+char *SRP_create_verifier(const char *user, const char *pass, char **salt,
+                          char **verifier, const char *N, const char *g);
+int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
+                           BIGNUM **verifier, const BIGNUM *N,
+                           const BIGNUM *g);
+
+# define SRP_NO_ERROR 0
+# define SRP_ERR_VBASE_INCOMPLETE_FILE 1
+# define SRP_ERR_VBASE_BN_LIB 2
+# define SRP_ERR_OPEN_FILE 3
+# define SRP_ERR_MEMORY 4
+
+# define DB_srptype      0
+# define DB_srpverifier  1
+# define DB_srpsalt      2
+# define DB_srpid        3
+# define DB_srpgN        4
+# define DB_srpinfo      5
+# undef  DB_NUMBER
+# define DB_NUMBER       6
+
+# define DB_SRP_INDEX    'I'
+# define DB_SRP_VALID    'V'
+# define DB_SRP_REVOKED  'R'
+# define DB_SRP_MODIF    'v'
+
+/* see srp.c */
+char *SRP_check_known_gN_param(const BIGNUM *g, const BIGNUM *N);
+SRP_gN *SRP_get_default_gN(const char *id);
+
+/* server side .... */
+BIGNUM *SRP_Calc_server_key(const BIGNUM *A, const BIGNUM *v, const BIGNUM *u,
+                            const BIGNUM *b, const BIGNUM *N);
+BIGNUM *SRP_Calc_B(const BIGNUM *b, const BIGNUM *N, const BIGNUM *g,
+                   const BIGNUM *v);
+int SRP_Verify_A_mod_N(const BIGNUM *A, const BIGNUM *N);
+BIGNUM *SRP_Calc_u(const BIGNUM *A, const BIGNUM *B, const BIGNUM *N);
+
+/* client side .... */
+BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass);
+BIGNUM *SRP_Calc_A(const BIGNUM *a, const BIGNUM *N, const BIGNUM *g);
+BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g,
+                            const BIGNUM *x, const BIGNUM *a, const BIGNUM *u);
+int SRP_Verify_B_mod_N(const BIGNUM *B, const BIGNUM *N);
+
+# define SRP_MINIMAL_N 1024
+
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/srtp.h b/freebsd/crypto/openssl/include/openssl/srtp.h
new file mode 100644
index 00000000..0b57c235
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/srtp.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * DTLS code by Eric Rescorla <ekr@rtfm.com>
+ *
+ * Copyright (C) 2006, Network Resonance, Inc. Copyright (C) 2011, RTFM, Inc.
+ */
+
+#ifndef HEADER_D1_SRTP_H
+# define HEADER_D1_SRTP_H
+
+# include <openssl/ssl.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# define SRTP_AES128_CM_SHA1_80 0x0001
+# define SRTP_AES128_CM_SHA1_32 0x0002
+# define SRTP_AES128_F8_SHA1_80 0x0003
+# define SRTP_AES128_F8_SHA1_32 0x0004
+# define SRTP_NULL_SHA1_80      0x0005
+# define SRTP_NULL_SHA1_32      0x0006
+
+/* AEAD SRTP protection profiles from RFC 7714 */
+# define SRTP_AEAD_AES_128_GCM  0x0007
+# define SRTP_AEAD_AES_256_GCM  0x0008
+
+# ifndef OPENSSL_NO_SRTP
+
+__owur int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles);
+__owur int SSL_set_tlsext_use_srtp(SSL *ssl, const char *profiles);
+
+__owur STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl);
+__owur SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);
+
+# endif
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/ssl.h b/freebsd/crypto/openssl/include/openssl/ssl.h
new file mode 100644
index 00000000..0a18a435
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/ssl.h
@@ -0,0 +1,2413 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_SSL_H
+# define HEADER_SSL_H
+
+# include <openssl/e_os2.h>
+# include <openssl/opensslconf.h>
+# include <openssl/comp.h>
+# include <openssl/bio.h>
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  include <openssl/x509.h>
+#  include <openssl/crypto.h>
+#  include <openssl/buffer.h>
+# endif
+# include <openssl/lhash.h>
+# include <openssl/pem.h>
+# include <openssl/hmac.h>
+# include <openssl/async.h>
+
+# include <openssl/safestack.h>
+# include <openssl/symhacks.h>
+# include <openssl/ct.h>
+# include <openssl/sslerr.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* OpenSSL version number for ASN.1 encoding of the session information */
+/*-
+ * Version 0 - initial version
+ * Version 1 - added the optional peer certificate
+ */
+# define SSL_SESSION_ASN1_VERSION 0x0001
+
+# define SSL_MAX_SSL_SESSION_ID_LENGTH           32
+# define SSL_MAX_SID_CTX_LENGTH                  32
+
+# define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES     (512/8)
+# define SSL_MAX_KEY_ARG_LENGTH                  8
+# define SSL_MAX_MASTER_KEY_LENGTH               48
+
+/* The maximum number of encrypt/decrypt pipelines we can support */
+# define SSL_MAX_PIPELINES  32
+
+/* text strings for the ciphers */
+
+/* These are used to specify which ciphers to use and not to use */
+
+# define SSL_TXT_LOW             "LOW"
+# define SSL_TXT_MEDIUM          "MEDIUM"
+# define SSL_TXT_HIGH            "HIGH"
+# define SSL_TXT_FIPS            "FIPS"
+
+# define SSL_TXT_aNULL           "aNULL"
+# define SSL_TXT_eNULL           "eNULL"
+# define SSL_TXT_NULL            "NULL"
+
+# define SSL_TXT_kRSA            "kRSA"
+# define SSL_TXT_kDHr            "kDHr"/* this cipher class has been removed */
+# define SSL_TXT_kDHd            "kDHd"/* this cipher class has been removed */
+# define SSL_TXT_kDH             "kDH"/* this cipher class has been removed */
+# define SSL_TXT_kEDH            "kEDH"/* alias for kDHE */
+# define SSL_TXT_kDHE            "kDHE"
+# define SSL_TXT_kECDHr          "kECDHr"/* this cipher class has been removed */
+# define SSL_TXT_kECDHe          "kECDHe"/* this cipher class has been removed */
+# define SSL_TXT_kECDH           "kECDH"/* this cipher class has been removed */
+# define SSL_TXT_kEECDH          "kEECDH"/* alias for kECDHE */
+# define SSL_TXT_kECDHE          "kECDHE"
+# define SSL_TXT_kPSK            "kPSK"
+# define SSL_TXT_kRSAPSK         "kRSAPSK"
+# define SSL_TXT_kECDHEPSK       "kECDHEPSK"
+# define SSL_TXT_kDHEPSK         "kDHEPSK"
+# define SSL_TXT_kGOST           "kGOST"
+# define SSL_TXT_kSRP            "kSRP"
+
+# define SSL_TXT_aRSA            "aRSA"
+# define SSL_TXT_aDSS            "aDSS"
+# define SSL_TXT_aDH             "aDH"/* this cipher class has been removed */
+# define SSL_TXT_aECDH           "aECDH"/* this cipher class has been removed */
+# define SSL_TXT_aECDSA          "aECDSA"
+# define SSL_TXT_aPSK            "aPSK"
+# define SSL_TXT_aGOST94         "aGOST94"
+# define SSL_TXT_aGOST01         "aGOST01"
+# define SSL_TXT_aGOST12         "aGOST12"
+# define SSL_TXT_aGOST           "aGOST"
+# define SSL_TXT_aSRP            "aSRP"
+
+# define SSL_TXT_DSS             "DSS"
+# define SSL_TXT_DH              "DH"
+# define SSL_TXT_DHE             "DHE"/* same as "kDHE:-ADH" */
+# define SSL_TXT_EDH             "EDH"/* alias for DHE */
+# define SSL_TXT_ADH             "ADH"
+# define SSL_TXT_RSA             "RSA"
+# define SSL_TXT_ECDH            "ECDH"
+# define SSL_TXT_EECDH           "EECDH"/* alias for ECDHE" */
+# define SSL_TXT_ECDHE           "ECDHE"/* same as "kECDHE:-AECDH" */
+# define SSL_TXT_AECDH           "AECDH"
+# define SSL_TXT_ECDSA           "ECDSA"
+# define SSL_TXT_PSK             "PSK"
+# define SSL_TXT_SRP             "SRP"
+
+# define SSL_TXT_DES             "DES"
+# define SSL_TXT_3DES            "3DES"
+# define SSL_TXT_RC4             "RC4"
+# define SSL_TXT_RC2             "RC2"
+# define SSL_TXT_IDEA            "IDEA"
+# define SSL_TXT_SEED            "SEED"
+# define SSL_TXT_AES128          "AES128"
+# define SSL_TXT_AES256          "AES256"
+# define SSL_TXT_AES             "AES"
+# define SSL_TXT_AES_GCM         "AESGCM"
+# define SSL_TXT_AES_CCM         "AESCCM"
+# define SSL_TXT_AES_CCM_8       "AESCCM8"
+# define SSL_TXT_CAMELLIA128     "CAMELLIA128"
+# define SSL_TXT_CAMELLIA256     "CAMELLIA256"
+# define SSL_TXT_CAMELLIA        "CAMELLIA"
+# define SSL_TXT_CHACHA20        "CHACHA20"
+# define SSL_TXT_GOST            "GOST89"
+# define SSL_TXT_ARIA            "ARIA"
+# define SSL_TXT_ARIA_GCM        "ARIAGCM"
+# define SSL_TXT_ARIA128         "ARIA128"
+# define SSL_TXT_ARIA256         "ARIA256"
+
+# define SSL_TXT_MD5             "MD5"
+# define SSL_TXT_SHA1            "SHA1"
+# define SSL_TXT_SHA             "SHA"/* same as "SHA1" */
+# define SSL_TXT_GOST94          "GOST94"
+# define SSL_TXT_GOST89MAC       "GOST89MAC"
+# define SSL_TXT_GOST12          "GOST12"
+# define SSL_TXT_GOST89MAC12     "GOST89MAC12"
+# define SSL_TXT_SHA256          "SHA256"
+# define SSL_TXT_SHA384          "SHA384"
+
+# define SSL_TXT_SSLV3           "SSLv3"
+# define SSL_TXT_TLSV1           "TLSv1"
+# define SSL_TXT_TLSV1_1         "TLSv1.1"
+# define SSL_TXT_TLSV1_2         "TLSv1.2"
+
+# define SSL_TXT_ALL             "ALL"
+
+/*-
+ * COMPLEMENTOF* definitions. These identifiers are used to (de-select)
+ * ciphers normally not being used.
+ * Example: "RC4" will activate all ciphers using RC4 including ciphers
+ * without authentication, which would normally disabled by DEFAULT (due
+ * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT"
+ * will make sure that it is also disabled in the specific selection.
+ * COMPLEMENTOF* identifiers are portable between version, as adjustments
+ * to the default cipher setup will also be included here.
+ *
+ * COMPLEMENTOFDEFAULT does not experience the same special treatment that
+ * DEFAULT gets, as only selection is being done and no sorting as needed
+ * for DEFAULT.
+ */
+# define SSL_TXT_CMPALL          "COMPLEMENTOFALL"
+# define SSL_TXT_CMPDEF          "COMPLEMENTOFDEFAULT"
+
+/*
+ * The following cipher list is used by default. It also is substituted when
+ * an application-defined cipher list string starts with 'DEFAULT'.
+ * This applies to ciphersuites for TLSv1.2 and below.
+ */
+# define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL"
+/* This is the default set of TLSv1.3 ciphersuites */
+# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
+#  define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
+                                   "TLS_CHACHA20_POLY1305_SHA256:" \
+                                   "TLS_AES_128_GCM_SHA256"
+# else
+#  define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
+                                   "TLS_AES_128_GCM_SHA256"
+#endif
+/*
+ * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
+ * starts with a reasonable order, and all we have to do for DEFAULT is
+ * throwing out anonymous and unencrypted ciphersuites! (The latter are not
+ * actually enabled by ALL, but "ALL:RSA" would enable some of them.)
+ */
+
+/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
+# define SSL_SENT_SHUTDOWN       1
+# define SSL_RECEIVED_SHUTDOWN   2
+
+#ifdef __cplusplus
+}
+#endif
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# define SSL_FILETYPE_ASN1       X509_FILETYPE_ASN1
+# define SSL_FILETYPE_PEM        X509_FILETYPE_PEM
+
+/*
+ * This is needed to stop compilers complaining about the 'struct ssl_st *'
+ * function parameters used to prototype callbacks in SSL_CTX.
+ */
+typedef struct ssl_st *ssl_crock_st;
+typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT;
+typedef struct ssl_method_st SSL_METHOD;
+typedef struct ssl_cipher_st SSL_CIPHER;
+typedef struct ssl_session_st SSL_SESSION;
+typedef struct tls_sigalgs_st TLS_SIGALGS;
+typedef struct ssl_conf_ctx_st SSL_CONF_CTX;
+typedef struct ssl_comp_st SSL_COMP;
+
+STACK_OF(SSL_CIPHER);
+STACK_OF(SSL_COMP);
+
+/* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/
+typedef struct srtp_protection_profile_st {
+    const char *name;
+    unsigned long id;
+} SRTP_PROTECTION_PROFILE;
+
+DEFINE_STACK_OF(SRTP_PROTECTION_PROFILE)
+
+typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data,
+                                            int len, void *arg);
+typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len,
+                                        STACK_OF(SSL_CIPHER) *peer_ciphers,
+                                        const SSL_CIPHER **cipher, void *arg);
+
+/* Extension context codes */
+/* This extension is only allowed in TLS */
+#define SSL_EXT_TLS_ONLY                        0x0001
+/* This extension is only allowed in DTLS */
+#define SSL_EXT_DTLS_ONLY                       0x0002
+/* Some extensions may be allowed in DTLS but we don't implement them for it */
+#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x0004
+/* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */
+#define SSL_EXT_SSL3_ALLOWED                    0x0008
+/* Extension is only defined for TLS1.2 and below */
+#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x0010
+/* Extension is only defined for TLS1.3 and above */
+#define SSL_EXT_TLS1_3_ONLY                     0x0020
+/* Ignore this extension during parsing if we are resuming */
+#define SSL_EXT_IGNORE_ON_RESUMPTION            0x0040
+#define SSL_EXT_CLIENT_HELLO                    0x0080
+/* Really means TLS1.2 or below */
+#define SSL_EXT_TLS1_2_SERVER_HELLO             0x0100
+#define SSL_EXT_TLS1_3_SERVER_HELLO             0x0200
+#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x0400
+#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x0800
+#define SSL_EXT_TLS1_3_CERTIFICATE              0x1000
+#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x2000
+#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x4000
+
+/* Typedefs for handling custom extensions */
+
+typedef int (*custom_ext_add_cb)(SSL *s, unsigned int ext_type,
+                                 const unsigned char **out, size_t *outlen,
+                                 int *al, void *add_arg);
+
+typedef void (*custom_ext_free_cb)(SSL *s, unsigned int ext_type,
+                                   const unsigned char *out, void *add_arg);
+
+typedef int (*custom_ext_parse_cb)(SSL *s, unsigned int ext_type,
+                                   const unsigned char *in, size_t inlen,
+                                   int *al, void *parse_arg);
+
+
+typedef int (*SSL_custom_ext_add_cb_ex)(SSL *s, unsigned int ext_type,
+                                        unsigned int context,
+                                        const unsigned char **out,
+                                        size_t *outlen, X509 *x,
+                                        size_t chainidx,
+                                        int *al, void *add_arg);
+
+typedef void (*SSL_custom_ext_free_cb_ex)(SSL *s, unsigned int ext_type,
+                                          unsigned int context,
+                                          const unsigned char *out,
+                                          void *add_arg);
+
+typedef int (*SSL_custom_ext_parse_cb_ex)(SSL *s, unsigned int ext_type,
+                                          unsigned int context,
+                                          const unsigned char *in,
+                                          size_t inlen, X509 *x,
+                                          size_t chainidx,
+                                          int *al, void *parse_arg);
+
+/* Typedef for verification callback */
+typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx);
+
+/*
+ * Some values are reserved until OpenSSL 1.2.0 because they were previously
+ * included in SSL_OP_ALL in a 1.1.x release.
+ *
+ * Reserved value (until OpenSSL 1.2.0)                  0x00000001U
+ * Reserved value (until OpenSSL 1.2.0)                  0x00000002U
+ */
+/* Allow initial connection to servers that don't support RI */
+# define SSL_OP_LEGACY_SERVER_CONNECT                    0x00000004U
+
+/* Reserved value (until OpenSSL 1.2.0)                  0x00000008U */
+# define SSL_OP_TLSEXT_PADDING                           0x00000010U
+/* Reserved value (until OpenSSL 1.2.0)                  0x00000020U */
+# define SSL_OP_SAFARI_ECDHE_ECDSA_BUG                   0x00000040U
+/*
+ * Reserved value (until OpenSSL 1.2.0)                  0x00000080U
+ * Reserved value (until OpenSSL 1.2.0)                  0x00000100U
+ * Reserved value (until OpenSSL 1.2.0)                  0x00000200U
+ */
+
+/* In TLSv1.3 allow a non-(ec)dhe based kex_mode */
+# define SSL_OP_ALLOW_NO_DHE_KEX                         0x00000400U
+
+/*
+ * Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added in
+ * OpenSSL 0.9.6d.  Usually (depending on the application protocol) the
+ * workaround is not needed.  Unfortunately some broken SSL/TLS
+ * implementations cannot handle it at all, which is why we include it in
+ * SSL_OP_ALL. Added in 0.9.6e
+ */
+# define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS              0x00000800U
+
+/* DTLS options */
+# define SSL_OP_NO_QUERY_MTU                             0x00001000U
+/* Turn on Cookie Exchange (on relevant for servers) */
+# define SSL_OP_COOKIE_EXCHANGE                          0x00002000U
+/* Don't use RFC4507 ticket extension */
+# define SSL_OP_NO_TICKET                                0x00004000U
+# ifndef OPENSSL_NO_DTLS1_METHOD
+/* Use Cisco's "speshul" version of DTLS_BAD_VER
+ * (only with deprecated DTLSv1_client_method())  */
+#  define SSL_OP_CISCO_ANYCONNECT                        0x00008000U
+# endif
+
+/* As server, disallow session resumption on renegotiation */
+# define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION   0x00010000U
+/* Don't use compression even if supported */
+# define SSL_OP_NO_COMPRESSION                           0x00020000U
+/* Permit unsafe legacy renegotiation */
+# define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION        0x00040000U
+/* Disable encrypt-then-mac */
+# define SSL_OP_NO_ENCRYPT_THEN_MAC                      0x00080000U
+
+/*
+ * Enable TLSv1.3 Compatibility mode. This is on by default. A future version
+ * of OpenSSL may have this disabled by default.
+ */
+# define SSL_OP_ENABLE_MIDDLEBOX_COMPAT                  0x00100000U
+
+/* Prioritize Chacha20Poly1305 when client does.
+ * Modifies SSL_OP_CIPHER_SERVER_PREFERENCE */
+# define SSL_OP_PRIORITIZE_CHACHA                        0x00200000U
+
+/*
+ * Set on servers to choose the cipher according to the server's preferences
+ */
+# define SSL_OP_CIPHER_SERVER_PREFERENCE                 0x00400000U
+/*
+ * If set, a server will allow a client to issue a SSLv3.0 version number as
+ * latest version supported in the premaster secret, even when TLSv1.0
+ * (version 3.1) was announced in the client hello. Normally this is
+ * forbidden to prevent version rollback attacks.
+ */
+# define SSL_OP_TLS_ROLLBACK_BUG                         0x00800000U
+
+/*
+ * Switches off automatic TLSv1.3 anti-replay protection for early data. This
+ * is a server-side option only (no effect on the client).
+ */
+# define SSL_OP_NO_ANTI_REPLAY                           0x01000000U
+
+# define SSL_OP_NO_SSLv3                                 0x02000000U
+# define SSL_OP_NO_TLSv1                                 0x04000000U
+# define SSL_OP_NO_TLSv1_2                               0x08000000U
+# define SSL_OP_NO_TLSv1_1                               0x10000000U
+# define SSL_OP_NO_TLSv1_3                               0x20000000U
+
+# define SSL_OP_NO_DTLSv1                                0x04000000U
+# define SSL_OP_NO_DTLSv1_2                              0x08000000U
+
+# define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv3|\
+        SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2|SSL_OP_NO_TLSv1_3)
+# define SSL_OP_NO_DTLS_MASK (SSL_OP_NO_DTLSv1|SSL_OP_NO_DTLSv1_2)
+
+/* Disallow all renegotiation */
+# define SSL_OP_NO_RENEGOTIATION                         0x40000000U
+
+/*
+ * Make server add server-hello extension from early version of cryptopro
+ * draft, when GOST ciphersuite is negotiated. Required for interoperability
+ * with CryptoPro CSP 3.x
+ */
+# define SSL_OP_CRYPTOPRO_TLSEXT_BUG                     0x80000000U
+
+/*
+ * SSL_OP_ALL: various bug workarounds that should be rather harmless.
+ * This used to be 0x000FFFFFL before 0.9.7.
+ * This used to be 0x80000BFFU before 1.1.1.
+ */
+# define SSL_OP_ALL        (SSL_OP_CRYPTOPRO_TLSEXT_BUG|\
+                            SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS|\
+                            SSL_OP_LEGACY_SERVER_CONNECT|\
+                            SSL_OP_TLSEXT_PADDING|\
+                            SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
+
+/* OBSOLETE OPTIONS: retained for compatibility */
+
+/* Removed from OpenSSL 1.1.0. Was 0x00000001L */
+/* Related to removed SSLv2. */
+# define SSL_OP_MICROSOFT_SESS_ID_BUG                    0x0
+/* Removed from OpenSSL 1.1.0. Was 0x00000002L */
+/* Related to removed SSLv2. */
+# define SSL_OP_NETSCAPE_CHALLENGE_BUG                   0x0
+/* Removed from OpenSSL 0.9.8q and 1.0.0c. Was 0x00000008L */
+/* Dead forever, see CVE-2010-4180 */
+# define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG         0x0
+/* Removed from OpenSSL 1.0.1h and 1.0.2. Was 0x00000010L */
+/* Refers to ancient SSLREF and SSLv2. */
+# define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG              0x0
+/* Removed from OpenSSL 1.1.0. Was 0x00000020 */
+# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER               0x0
+/* Removed from OpenSSL 0.9.7h and 0.9.8b. Was 0x00000040L */
+# define SSL_OP_MSIE_SSLV2_RSA_PADDING                   0x0
+/* Removed from OpenSSL 1.1.0. Was 0x00000080 */
+/* Ancient SSLeay version. */
+# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG                 0x0
+/* Removed from OpenSSL 1.1.0. Was 0x00000100L */
+# define SSL_OP_TLS_D5_BUG                               0x0
+/* Removed from OpenSSL 1.1.0. Was 0x00000200L */
+# define SSL_OP_TLS_BLOCK_PADDING_BUG                    0x0
+/* Removed from OpenSSL 1.1.0. Was 0x00080000L */
+# define SSL_OP_SINGLE_ECDH_USE                          0x0
+/* Removed from OpenSSL 1.1.0. Was 0x00100000L */
+# define SSL_OP_SINGLE_DH_USE                            0x0
+/* Removed from OpenSSL 1.0.1k and 1.0.2. Was 0x00200000L */
+# define SSL_OP_EPHEMERAL_RSA                            0x0
+/* Removed from OpenSSL 1.1.0. Was 0x01000000L */
+# define SSL_OP_NO_SSLv2                                 0x0
+/* Removed from OpenSSL 1.0.1. Was 0x08000000L */
+# define SSL_OP_PKCS1_CHECK_1                            0x0
+/* Removed from OpenSSL 1.0.1. Was 0x10000000L */
+# define SSL_OP_PKCS1_CHECK_2                            0x0
+/* Removed from OpenSSL 1.1.0. Was 0x20000000L */
+# define SSL_OP_NETSCAPE_CA_DN_BUG                       0x0
+/* Removed from OpenSSL 1.1.0. Was 0x40000000L */
+# define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG          0x0
+
+/*
+ * Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
+ * when just a single record has been written):
+ */
+# define SSL_MODE_ENABLE_PARTIAL_WRITE       0x00000001U
+/*
+ * Make it possible to retry SSL_write() with changed buffer location (buffer
+ * contents must stay the same!); this is not the default to avoid the
+ * misconception that non-blocking SSL_write() behaves like non-blocking
+ * write():
+ */
+# define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002U
+/*
+ * Never bother the application with retries if the transport is blocking:
+ */
+# define SSL_MODE_AUTO_RETRY 0x00000004U
+/* Don't attempt to automatically build certificate chain */
+# define SSL_MODE_NO_AUTO_CHAIN 0x00000008U
+/*
+ * Save RAM by releasing read and write buffers when they're empty. (SSL3 and
+ * TLS only.) Released buffers are freed.
+ */
+# define SSL_MODE_RELEASE_BUFFERS 0x00000010U
+/*
+ * Send the current time in the Random fields of the ClientHello and
+ * ServerHello records for compatibility with hypothetical implementations
+ * that require it.
+ */
+# define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020U
+# define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040U
+/*
+ * Send TLS_FALLBACK_SCSV in the ClientHello. To be set only by applications
+ * that reconnect with a downgraded protocol version; see
+ * draft-ietf-tls-downgrade-scsv-00 for details. DO NOT ENABLE THIS if your
+ * application attempts a normal handshake. Only use this in explicit
+ * fallback retries, following the guidance in
+ * draft-ietf-tls-downgrade-scsv-00.
+ */
+# define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080U
+/*
+ * Support Asynchronous operation
+ */
+# define SSL_MODE_ASYNC 0x00000100U
+
+/* Cert related flags */
+/*
+ * Many implementations ignore some aspects of the TLS standards such as
+ * enforcing certificate chain algorithms. When this is set we enforce them.
+ */
+# define SSL_CERT_FLAG_TLS_STRICT                0x00000001U
+
+/* Suite B modes, takes same values as certificate verify flags */
+# define SSL_CERT_FLAG_SUITEB_128_LOS_ONLY       0x10000
+/* Suite B 192 bit only mode */
+# define SSL_CERT_FLAG_SUITEB_192_LOS            0x20000
+/* Suite B 128 bit mode allowing 192 bit algorithms */
+# define SSL_CERT_FLAG_SUITEB_128_LOS            0x30000
+
+/* Perform all sorts of protocol violations for testing purposes */
+# define SSL_CERT_FLAG_BROKEN_PROTOCOL           0x10000000
+
+/* Flags for building certificate chains */
+/* Treat any existing certificates as untrusted CAs */
+# define SSL_BUILD_CHAIN_FLAG_UNTRUSTED          0x1
+/* Don't include root CA in chain */
+# define SSL_BUILD_CHAIN_FLAG_NO_ROOT            0x2
+/* Just check certificates already there */
+# define SSL_BUILD_CHAIN_FLAG_CHECK              0x4
+/* Ignore verification errors */
+# define SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR       0x8
+/* Clear verification errors from queue */
+# define SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR        0x10
+
+/* Flags returned by SSL_check_chain */
+/* Certificate can be used with this session */
+# define CERT_PKEY_VALID         0x1
+/* Certificate can also be used for signing */
+# define CERT_PKEY_SIGN          0x2
+/* EE certificate signing algorithm OK */
+# define CERT_PKEY_EE_SIGNATURE  0x10
+/* CA signature algorithms OK */
+# define CERT_PKEY_CA_SIGNATURE  0x20
+/* EE certificate parameters OK */
+# define CERT_PKEY_EE_PARAM      0x40
+/* CA certificate parameters OK */
+# define CERT_PKEY_CA_PARAM      0x80
+/* Signing explicitly allowed as opposed to SHA1 fallback */
+# define CERT_PKEY_EXPLICIT_SIGN 0x100
+/* Client CA issuer names match (always set for server cert) */
+# define CERT_PKEY_ISSUER_NAME   0x200
+/* Cert type matches client types (always set for server cert) */
+# define CERT_PKEY_CERT_TYPE     0x400
+/* Cert chain suitable to Suite B */
+# define CERT_PKEY_SUITEB        0x800
+
+# define SSL_CONF_FLAG_CMDLINE           0x1
+# define SSL_CONF_FLAG_FILE              0x2
+# define SSL_CONF_FLAG_CLIENT            0x4
+# define SSL_CONF_FLAG_SERVER            0x8
+# define SSL_CONF_FLAG_SHOW_ERRORS       0x10
+# define SSL_CONF_FLAG_CERTIFICATE       0x20
+# define SSL_CONF_FLAG_REQUIRE_PRIVATE   0x40
+/* Configuration value types */
+# define SSL_CONF_TYPE_UNKNOWN           0x0
+# define SSL_CONF_TYPE_STRING            0x1
+# define SSL_CONF_TYPE_FILE              0x2
+# define SSL_CONF_TYPE_DIR               0x3
+# define SSL_CONF_TYPE_NONE              0x4
+
+/* Maximum length of the application-controlled segment of a a TLSv1.3 cookie */
+# define SSL_COOKIE_LENGTH                       4096
+
+/*
+ * Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, they
+ * cannot be used to clear bits.
+ */
+
+unsigned long SSL_CTX_get_options(const SSL_CTX *ctx);
+unsigned long SSL_get_options(const SSL *s);
+unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op);
+unsigned long SSL_clear_options(SSL *s, unsigned long op);
+unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op);
+unsigned long SSL_set_options(SSL *s, unsigned long op);
+
+# define SSL_CTX_set_mode(ctx,op) \
+        SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL)
+# define SSL_CTX_clear_mode(ctx,op) \
+        SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL)
+# define SSL_CTX_get_mode(ctx) \
+        SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL)
+# define SSL_clear_mode(ssl,op) \
+        SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL)
+# define SSL_set_mode(ssl,op) \
+        SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL)
+# define SSL_get_mode(ssl) \
+        SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL)
+# define SSL_set_mtu(ssl, mtu) \
+        SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL)
+# define DTLS_set_link_mtu(ssl, mtu) \
+        SSL_ctrl((ssl),DTLS_CTRL_SET_LINK_MTU,(mtu),NULL)
+# define DTLS_get_link_min_mtu(ssl) \
+        SSL_ctrl((ssl),DTLS_CTRL_GET_LINK_MIN_MTU,0,NULL)
+
+# define SSL_get_secure_renegotiation_support(ssl) \
+        SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL)
+
+# ifndef OPENSSL_NO_HEARTBEATS
+#  define SSL_heartbeat(ssl) \
+        SSL_ctrl((ssl),SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT,0,NULL)
+# endif
+
+# define SSL_CTX_set_cert_flags(ctx,op) \
+        SSL_CTX_ctrl((ctx),SSL_CTRL_CERT_FLAGS,(op),NULL)
+# define SSL_set_cert_flags(s,op) \
+        SSL_ctrl((s),SSL_CTRL_CERT_FLAGS,(op),NULL)
+# define SSL_CTX_clear_cert_flags(ctx,op) \
+        SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_CERT_FLAGS,(op),NULL)
+# define SSL_clear_cert_flags(s,op) \
+        SSL_ctrl((s),SSL_CTRL_CLEAR_CERT_FLAGS,(op),NULL)
+
+void SSL_CTX_set_msg_callback(SSL_CTX *ctx,
+                              void (*cb) (int write_p, int version,
+                                          int content_type, const void *buf,
+                                          size_t len, SSL *ssl, void *arg));
+void SSL_set_msg_callback(SSL *ssl,
+                          void (*cb) (int write_p, int version,
+                                      int content_type, const void *buf,
+                                      size_t len, SSL *ssl, void *arg));
+# define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
+# define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
+
+# define SSL_get_extms_support(s) \
+        SSL_ctrl((s),SSL_CTRL_GET_EXTMS_SUPPORT,0,NULL)
+
+# ifndef OPENSSL_NO_SRP
+
+/* see tls_srp.c */
+__owur int SSL_SRP_CTX_init(SSL *s);
+__owur int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx);
+int SSL_SRP_CTX_free(SSL *ctx);
+int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx);
+__owur int SSL_srp_server_param_with_username(SSL *s, int *ad);
+__owur int SRP_Calc_A_param(SSL *s);
+
+# endif
+
+/* 100k max cert list */
+# define SSL_MAX_CERT_LIST_DEFAULT 1024*100
+
+# define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT      (1024*20)
+
+/*
+ * This callback type is used inside SSL_CTX, SSL, and in the functions that
+ * set them. It is used to override the generation of SSL/TLS session IDs in
+ * a server. Return value should be zero on an error, non-zero to proceed.
+ * Also, callbacks should themselves check if the id they generate is unique
+ * otherwise the SSL handshake will fail with an error - callbacks can do
+ * this using the 'ssl' value they're passed by;
+ * SSL_has_matching_session_id(ssl, id, *id_len) The length value passed in
+ * is set at the maximum size the session ID can be. In SSLv3/TLSv1 it is 32
+ * bytes. The callback can alter this length to be less if desired. It is
+ * also an error for the callback to set the size to zero.
+ */
+typedef int (*GEN_SESSION_CB) (SSL *ssl, unsigned char *id,
+                               unsigned int *id_len);
+
+# define SSL_SESS_CACHE_OFF                      0x0000
+# define SSL_SESS_CACHE_CLIENT                   0x0001
+# define SSL_SESS_CACHE_SERVER                   0x0002
+# define SSL_SESS_CACHE_BOTH     (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)
+# define SSL_SESS_CACHE_NO_AUTO_CLEAR            0x0080
+/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */
+# define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP       0x0100
+# define SSL_SESS_CACHE_NO_INTERNAL_STORE        0x0200
+# define SSL_SESS_CACHE_NO_INTERNAL \
+        (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE)
+
+LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx);
+# define SSL_CTX_sess_number(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL)
+# define SSL_CTX_sess_connect(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL)
+# define SSL_CTX_sess_connect_good(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL)
+# define SSL_CTX_sess_connect_renegotiate(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL)
+# define SSL_CTX_sess_accept(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL)
+# define SSL_CTX_sess_accept_renegotiate(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL)
+# define SSL_CTX_sess_accept_good(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL)
+# define SSL_CTX_sess_hits(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL)
+# define SSL_CTX_sess_cb_hits(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL)
+# define SSL_CTX_sess_misses(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL)
+# define SSL_CTX_sess_timeouts(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL)
+# define SSL_CTX_sess_cache_full(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL)
+
+void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
+                             int (*new_session_cb) (struct ssl_st *ssl,
+                                                    SSL_SESSION *sess));
+int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)) (struct ssl_st *ssl,
+                                              SSL_SESSION *sess);
+void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
+                                void (*remove_session_cb) (struct ssl_ctx_st
+                                                           *ctx,
+                                                           SSL_SESSION *sess));
+void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (struct ssl_ctx_st *ctx,
+                                                  SSL_SESSION *sess);
+void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
+                             SSL_SESSION *(*get_session_cb) (struct ssl_st
+                                                             *ssl,
+                                                             const unsigned char
+                                                             *data, int len,
+                                                             int *copy));
+SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (struct ssl_st *ssl,
+                                                       const unsigned char *data,
+                                                       int len, int *copy);
+void SSL_CTX_set_info_callback(SSL_CTX *ctx,
+                               void (*cb) (const SSL *ssl, int type, int val));
+void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type,
+                                                 int val);
+void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
+                                int (*client_cert_cb) (SSL *ssl, X509 **x509,
+                                                       EVP_PKEY **pkey));
+int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx)) (SSL *ssl, X509 **x509,
+                                                 EVP_PKEY **pkey);
+# ifndef OPENSSL_NO_ENGINE
+__owur int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
+# endif
+void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
+                                    int (*app_gen_cookie_cb) (SSL *ssl,
+                                                              unsigned char
+                                                              *cookie,
+                                                              unsigned int
+                                                              *cookie_len));
+void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
+                                  int (*app_verify_cookie_cb) (SSL *ssl,
+                                                               const unsigned
+                                                               char *cookie,
+                                                               unsigned int
+                                                               cookie_len));
+
+void SSL_CTX_set_stateless_cookie_generate_cb(
+    SSL_CTX *ctx,
+    int (*gen_stateless_cookie_cb) (SSL *ssl,
+                                    unsigned char *cookie,
+                                    size_t *cookie_len));
+void SSL_CTX_set_stateless_cookie_verify_cb(
+    SSL_CTX *ctx,
+    int (*verify_stateless_cookie_cb) (SSL *ssl,
+                                       const unsigned char *cookie,
+                                       size_t cookie_len));
+# ifndef OPENSSL_NO_NEXTPROTONEG
+
+typedef int (*SSL_CTX_npn_advertised_cb_func)(SSL *ssl,
+                                              const unsigned char **out,
+                                              unsigned int *outlen,
+                                              void *arg);
+void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s,
+                                           SSL_CTX_npn_advertised_cb_func cb,
+                                           void *arg);
+#  define SSL_CTX_set_npn_advertised_cb SSL_CTX_set_next_protos_advertised_cb
+
+typedef int (*SSL_CTX_npn_select_cb_func)(SSL *s,
+                                          unsigned char **out,
+                                          unsigned char *outlen,
+                                          const unsigned char *in,
+                                          unsigned int inlen,
+                                          void *arg);
+void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s,
+                                      SSL_CTX_npn_select_cb_func cb,
+                                      void *arg);
+#  define SSL_CTX_set_npn_select_cb SSL_CTX_set_next_proto_select_cb
+
+void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
+                                    unsigned *len);
+#  define SSL_get0_npn_negotiated SSL_get0_next_proto_negotiated
+# endif
+
+__owur int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
+                                 const unsigned char *in, unsigned int inlen,
+                                 const unsigned char *client,
+                                 unsigned int client_len);
+
+# define OPENSSL_NPN_UNSUPPORTED 0
+# define OPENSSL_NPN_NEGOTIATED  1
+# define OPENSSL_NPN_NO_OVERLAP  2
+
+__owur int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
+                                   unsigned int protos_len);
+__owur int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
+                               unsigned int protos_len);
+typedef int (*SSL_CTX_alpn_select_cb_func)(SSL *ssl,
+                                           const unsigned char **out,
+                                           unsigned char *outlen,
+                                           const unsigned char *in,
+                                           unsigned int inlen,
+                                           void *arg);
+void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
+                                SSL_CTX_alpn_select_cb_func cb,
+                                void *arg);
+void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
+                            unsigned int *len);
+
+# ifndef OPENSSL_NO_PSK
+/*
+ * the maximum length of the buffer given to callbacks containing the
+ * resulting identity/psk
+ */
+#  define PSK_MAX_IDENTITY_LEN 128
+#  define PSK_MAX_PSK_LEN 256
+typedef unsigned int (*SSL_psk_client_cb_func)(SSL *ssl,
+                                               const char *hint,
+                                               char *identity,
+                                               unsigned int max_identity_len,
+                                               unsigned char *psk,
+                                               unsigned int max_psk_len);
+void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb);
+void SSL_set_psk_client_callback(SSL *ssl, SSL_psk_client_cb_func cb);
+
+typedef unsigned int (*SSL_psk_server_cb_func)(SSL *ssl,
+                                               const char *identity,
+                                               unsigned char *psk,
+                                               unsigned int max_psk_len);
+void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb);
+void SSL_set_psk_server_callback(SSL *ssl, SSL_psk_server_cb_func cb);
+
+__owur int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint);
+__owur int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint);
+const char *SSL_get_psk_identity_hint(const SSL *s);
+const char *SSL_get_psk_identity(const SSL *s);
+# endif
+
+typedef int (*SSL_psk_find_session_cb_func)(SSL *ssl,
+                                            const unsigned char *identity,
+                                            size_t identity_len,
+                                            SSL_SESSION **sess);
+typedef int (*SSL_psk_use_session_cb_func)(SSL *ssl, const EVP_MD *md,
+                                           const unsigned char **id,
+                                           size_t *idlen,
+                                           SSL_SESSION **sess);
+
+void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb);
+void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx,
+                                           SSL_psk_find_session_cb_func cb);
+void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb);
+void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx,
+                                          SSL_psk_use_session_cb_func cb);
+
+/* Register callbacks to handle custom TLS Extensions for client or server. */
+
+__owur int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx,
+                                         unsigned int ext_type);
+
+__owur int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx,
+                                         unsigned int ext_type,
+                                         custom_ext_add_cb add_cb,
+                                         custom_ext_free_cb free_cb,
+                                         void *add_arg,
+                                         custom_ext_parse_cb parse_cb,
+                                         void *parse_arg);
+
+__owur int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx,
+                                         unsigned int ext_type,
+                                         custom_ext_add_cb add_cb,
+                                         custom_ext_free_cb free_cb,
+                                         void *add_arg,
+                                         custom_ext_parse_cb parse_cb,
+                                         void *parse_arg);
+
+__owur int SSL_CTX_add_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
+                                  unsigned int context,
+                                  SSL_custom_ext_add_cb_ex add_cb,
+                                  SSL_custom_ext_free_cb_ex free_cb,
+                                  void *add_arg,
+                                  SSL_custom_ext_parse_cb_ex parse_cb,
+                                  void *parse_arg);
+
+__owur int SSL_extension_supported(unsigned int ext_type);
+
+# define SSL_NOTHING            1
+# define SSL_WRITING            2
+# define SSL_READING            3
+# define SSL_X509_LOOKUP        4
+# define SSL_ASYNC_PAUSED       5
+# define SSL_ASYNC_NO_JOBS      6
+# define SSL_CLIENT_HELLO_CB    7
+
+/* These will only be used when doing non-blocking IO */
+# define SSL_want_nothing(s)         (SSL_want(s) == SSL_NOTHING)
+# define SSL_want_read(s)            (SSL_want(s) == SSL_READING)
+# define SSL_want_write(s)           (SSL_want(s) == SSL_WRITING)
+# define SSL_want_x509_lookup(s)     (SSL_want(s) == SSL_X509_LOOKUP)
+# define SSL_want_async(s)           (SSL_want(s) == SSL_ASYNC_PAUSED)
+# define SSL_want_async_job(s)       (SSL_want(s) == SSL_ASYNC_NO_JOBS)
+# define SSL_want_client_hello_cb(s) (SSL_want(s) == SSL_CLIENT_HELLO_CB)
+
+# define SSL_MAC_FLAG_READ_MAC_STREAM 1
+# define SSL_MAC_FLAG_WRITE_MAC_STREAM 2
+
+/*
+ * A callback for logging out TLS key material. This callback should log out
+ * |line| followed by a newline.
+ */
+typedef void (*SSL_CTX_keylog_cb_func)(const SSL *ssl, const char *line);
+
+/*
+ * SSL_CTX_set_keylog_callback configures a callback to log key material. This
+ * is intended for debugging use with tools like Wireshark. The cb function
+ * should log line followed by a newline.
+ */
+void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb);
+
+/*
+ * SSL_CTX_get_keylog_callback returns the callback configured by
+ * SSL_CTX_set_keylog_callback.
+ */
+SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx);
+
+int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data);
+uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx);
+int SSL_set_max_early_data(SSL *s, uint32_t max_early_data);
+uint32_t SSL_get_max_early_data(const SSL *s);
+int SSL_CTX_set_recv_max_early_data(SSL_CTX *ctx, uint32_t recv_max_early_data);
+uint32_t SSL_CTX_get_recv_max_early_data(const SSL_CTX *ctx);
+int SSL_set_recv_max_early_data(SSL *s, uint32_t recv_max_early_data);
+uint32_t SSL_get_recv_max_early_data(const SSL *s);
+
+#ifdef __cplusplus
+}
+#endif
+
+# include <openssl/ssl2.h>
+# include <openssl/ssl3.h>
+# include <openssl/tls1.h>      /* This is mostly sslv3 with a few tweaks */
+# include <openssl/dtls1.h>     /* Datagram TLS */
+# include <openssl/srtp.h>      /* Support for the use_srtp extension */
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/*
+ * These need to be after the above set of includes due to a compiler bug
+ * in VisualStudio 2015
+ */
+DEFINE_STACK_OF_CONST(SSL_CIPHER)
+DEFINE_STACK_OF(SSL_COMP)
+
+/* compatibility */
+# define SSL_set_app_data(s,arg)         (SSL_set_ex_data(s,0,(char *)(arg)))
+# define SSL_get_app_data(s)             (SSL_get_ex_data(s,0))
+# define SSL_SESSION_set_app_data(s,a)   (SSL_SESSION_set_ex_data(s,0, \
+                                                                  (char *)(a)))
+# define SSL_SESSION_get_app_data(s)     (SSL_SESSION_get_ex_data(s,0))
+# define SSL_CTX_get_app_data(ctx)       (SSL_CTX_get_ex_data(ctx,0))
+# define SSL_CTX_set_app_data(ctx,arg)   (SSL_CTX_set_ex_data(ctx,0, \
+                                                              (char *)(arg)))
+DEPRECATEDIN_1_1_0(void SSL_set_debug(SSL *s, int debug))
+
+/* TLSv1.3 KeyUpdate message types */
+/* -1 used so that this is an invalid value for the on-the-wire protocol */
+#define SSL_KEY_UPDATE_NONE             -1
+/* Values as defined for the on-the-wire protocol */
+#define SSL_KEY_UPDATE_NOT_REQUESTED     0
+#define SSL_KEY_UPDATE_REQUESTED         1
+
+/*
+ * The valid handshake states (one for each type message sent and one for each
+ * type of message received). There are also two "special" states:
+ * TLS = TLS or DTLS state
+ * DTLS = DTLS specific state
+ * CR/SR = Client Read/Server Read
+ * CW/SW = Client Write/Server Write
+ *
+ * The "special" states are:
+ * TLS_ST_BEFORE = No handshake has been initiated yet
+ * TLS_ST_OK = A handshake has been successfully completed
+ */
+typedef enum {
+    TLS_ST_BEFORE,
+    TLS_ST_OK,
+    DTLS_ST_CR_HELLO_VERIFY_REQUEST,
+    TLS_ST_CR_SRVR_HELLO,
+    TLS_ST_CR_CERT,
+    TLS_ST_CR_CERT_STATUS,
+    TLS_ST_CR_KEY_EXCH,
+    TLS_ST_CR_CERT_REQ,
+    TLS_ST_CR_SRVR_DONE,
+    TLS_ST_CR_SESSION_TICKET,
+    TLS_ST_CR_CHANGE,
+    TLS_ST_CR_FINISHED,
+    TLS_ST_CW_CLNT_HELLO,
+    TLS_ST_CW_CERT,
+    TLS_ST_CW_KEY_EXCH,
+    TLS_ST_CW_CERT_VRFY,
+    TLS_ST_CW_CHANGE,
+    TLS_ST_CW_NEXT_PROTO,
+    TLS_ST_CW_FINISHED,
+    TLS_ST_SW_HELLO_REQ,
+    TLS_ST_SR_CLNT_HELLO,
+    DTLS_ST_SW_HELLO_VERIFY_REQUEST,
+    TLS_ST_SW_SRVR_HELLO,
+    TLS_ST_SW_CERT,
+    TLS_ST_SW_KEY_EXCH,
+    TLS_ST_SW_CERT_REQ,
+    TLS_ST_SW_SRVR_DONE,
+    TLS_ST_SR_CERT,
+    TLS_ST_SR_KEY_EXCH,
+    TLS_ST_SR_CERT_VRFY,
+    TLS_ST_SR_NEXT_PROTO,
+    TLS_ST_SR_CHANGE,
+    TLS_ST_SR_FINISHED,
+    TLS_ST_SW_SESSION_TICKET,
+    TLS_ST_SW_CERT_STATUS,
+    TLS_ST_SW_CHANGE,
+    TLS_ST_SW_FINISHED,
+    TLS_ST_SW_ENCRYPTED_EXTENSIONS,
+    TLS_ST_CR_ENCRYPTED_EXTENSIONS,
+    TLS_ST_CR_CERT_VRFY,
+    TLS_ST_SW_CERT_VRFY,
+    TLS_ST_CR_HELLO_REQ,
+    TLS_ST_SW_KEY_UPDATE,
+    TLS_ST_CW_KEY_UPDATE,
+    TLS_ST_SR_KEY_UPDATE,
+    TLS_ST_CR_KEY_UPDATE,
+    TLS_ST_EARLY_DATA,
+    TLS_ST_PENDING_EARLY_DATA_END,
+    TLS_ST_CW_END_OF_EARLY_DATA,
+    TLS_ST_SR_END_OF_EARLY_DATA
+} OSSL_HANDSHAKE_STATE;
+
+/*
+ * Most of the following state values are no longer used and are defined to be
+ * the closest equivalent value in the current state machine code. Not all
+ * defines have an equivalent and are set to a dummy value (-1). SSL_ST_CONNECT
+ * and SSL_ST_ACCEPT are still in use in the definition of SSL_CB_ACCEPT_LOOP,
+ * SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP and SSL_CB_CONNECT_EXIT.
+ */
+
+# define SSL_ST_CONNECT                  0x1000
+# define SSL_ST_ACCEPT                   0x2000
+
+# define SSL_ST_MASK                     0x0FFF
+
+# define SSL_CB_LOOP                     0x01
+# define SSL_CB_EXIT                     0x02
+# define SSL_CB_READ                     0x04
+# define SSL_CB_WRITE                    0x08
+# define SSL_CB_ALERT                    0x4000/* used in callback */
+# define SSL_CB_READ_ALERT               (SSL_CB_ALERT|SSL_CB_READ)
+# define SSL_CB_WRITE_ALERT              (SSL_CB_ALERT|SSL_CB_WRITE)
+# define SSL_CB_ACCEPT_LOOP              (SSL_ST_ACCEPT|SSL_CB_LOOP)
+# define SSL_CB_ACCEPT_EXIT              (SSL_ST_ACCEPT|SSL_CB_EXIT)
+# define SSL_CB_CONNECT_LOOP             (SSL_ST_CONNECT|SSL_CB_LOOP)
+# define SSL_CB_CONNECT_EXIT             (SSL_ST_CONNECT|SSL_CB_EXIT)
+# define SSL_CB_HANDSHAKE_START          0x10
+# define SSL_CB_HANDSHAKE_DONE           0x20
+
+/* Is the SSL_connection established? */
+# define SSL_in_connect_init(a)          (SSL_in_init(a) && !SSL_is_server(a))
+# define SSL_in_accept_init(a)           (SSL_in_init(a) && SSL_is_server(a))
+int SSL_in_init(const SSL *s);
+int SSL_in_before(const SSL *s);
+int SSL_is_init_finished(const SSL *s);
+
+/*
+ * The following 3 states are kept in ssl->rlayer.rstate when reads fail, you
+ * should not need these
+ */
+# define SSL_ST_READ_HEADER                      0xF0
+# define SSL_ST_READ_BODY                        0xF1
+# define SSL_ST_READ_DONE                        0xF2
+
+/*-
+ * Obtain latest Finished message
+ *   -- that we sent (SSL_get_finished)
+ *   -- that we expected from peer (SSL_get_peer_finished).
+ * Returns length (0 == no Finished so far), copies up to 'count' bytes.
+ */
+size_t SSL_get_finished(const SSL *s, void *buf, size_t count);
+size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
+
+/*
+ * use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 3 options are
+ * 'ored' with SSL_VERIFY_PEER if they are desired
+ */
+# define SSL_VERIFY_NONE                 0x00
+# define SSL_VERIFY_PEER                 0x01
+# define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02
+# define SSL_VERIFY_CLIENT_ONCE          0x04
+# define SSL_VERIFY_POST_HANDSHAKE       0x08
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define OpenSSL_add_ssl_algorithms()   SSL_library_init()
+#  define SSLeay_add_ssl_algorithms()    SSL_library_init()
+# endif
+
+/* More backward compatibility */
+# define SSL_get_cipher(s) \
+                SSL_CIPHER_get_name(SSL_get_current_cipher(s))
+# define SSL_get_cipher_bits(s,np) \
+                SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np)
+# define SSL_get_cipher_version(s) \
+                SSL_CIPHER_get_version(SSL_get_current_cipher(s))
+# define SSL_get_cipher_name(s) \
+                SSL_CIPHER_get_name(SSL_get_current_cipher(s))
+# define SSL_get_time(a)         SSL_SESSION_get_time(a)
+# define SSL_set_time(a,b)       SSL_SESSION_set_time((a),(b))
+# define SSL_get_timeout(a)      SSL_SESSION_get_timeout(a)
+# define SSL_set_timeout(a,b)    SSL_SESSION_set_timeout((a),(b))
+
+# define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id)
+# define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id)
+
+DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
+# define SSL_AD_REASON_OFFSET            1000/* offset to get SSL_R_... value
+                                              * from SSL_AD_... */
+/* These alert types are for SSLv3 and TLSv1 */
+# define SSL_AD_CLOSE_NOTIFY             SSL3_AD_CLOSE_NOTIFY
+/* fatal */
+# define SSL_AD_UNEXPECTED_MESSAGE       SSL3_AD_UNEXPECTED_MESSAGE
+/* fatal */
+# define SSL_AD_BAD_RECORD_MAC           SSL3_AD_BAD_RECORD_MAC
+# define SSL_AD_DECRYPTION_FAILED        TLS1_AD_DECRYPTION_FAILED
+# define SSL_AD_RECORD_OVERFLOW          TLS1_AD_RECORD_OVERFLOW
+/* fatal */
+# define SSL_AD_DECOMPRESSION_FAILURE    SSL3_AD_DECOMPRESSION_FAILURE
+/* fatal */
+# define SSL_AD_HANDSHAKE_FAILURE        SSL3_AD_HANDSHAKE_FAILURE
+/* Not for TLS */
+# define SSL_AD_NO_CERTIFICATE           SSL3_AD_NO_CERTIFICATE
+# define SSL_AD_BAD_CERTIFICATE          SSL3_AD_BAD_CERTIFICATE
+# define SSL_AD_UNSUPPORTED_CERTIFICATE  SSL3_AD_UNSUPPORTED_CERTIFICATE
+# define SSL_AD_CERTIFICATE_REVOKED      SSL3_AD_CERTIFICATE_REVOKED
+# define SSL_AD_CERTIFICATE_EXPIRED      SSL3_AD_CERTIFICATE_EXPIRED
+# define SSL_AD_CERTIFICATE_UNKNOWN      SSL3_AD_CERTIFICATE_UNKNOWN
+/* fatal */
+# define SSL_AD_ILLEGAL_PARAMETER        SSL3_AD_ILLEGAL_PARAMETER
+/* fatal */
+# define SSL_AD_UNKNOWN_CA               TLS1_AD_UNKNOWN_CA
+/* fatal */
+# define SSL_AD_ACCESS_DENIED            TLS1_AD_ACCESS_DENIED
+/* fatal */
+# define SSL_AD_DECODE_ERROR             TLS1_AD_DECODE_ERROR
+# define SSL_AD_DECRYPT_ERROR            TLS1_AD_DECRYPT_ERROR
+/* fatal */
+# define SSL_AD_EXPORT_RESTRICTION       TLS1_AD_EXPORT_RESTRICTION
+/* fatal */
+# define SSL_AD_PROTOCOL_VERSION         TLS1_AD_PROTOCOL_VERSION
+/* fatal */
+# define SSL_AD_INSUFFICIENT_SECURITY    TLS1_AD_INSUFFICIENT_SECURITY
+/* fatal */
+# define SSL_AD_INTERNAL_ERROR           TLS1_AD_INTERNAL_ERROR
+# define SSL_AD_USER_CANCELLED           TLS1_AD_USER_CANCELLED
+# define SSL_AD_NO_RENEGOTIATION         TLS1_AD_NO_RENEGOTIATION
+# define SSL_AD_MISSING_EXTENSION        TLS13_AD_MISSING_EXTENSION
+# define SSL_AD_CERTIFICATE_REQUIRED     TLS13_AD_CERTIFICATE_REQUIRED
+# define SSL_AD_UNSUPPORTED_EXTENSION    TLS1_AD_UNSUPPORTED_EXTENSION
+# define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE
+# define SSL_AD_UNRECOGNIZED_NAME        TLS1_AD_UNRECOGNIZED_NAME
+# define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE
+# define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE
+/* fatal */
+# define SSL_AD_UNKNOWN_PSK_IDENTITY     TLS1_AD_UNKNOWN_PSK_IDENTITY
+/* fatal */
+# define SSL_AD_INAPPROPRIATE_FALLBACK   TLS1_AD_INAPPROPRIATE_FALLBACK
+# define SSL_AD_NO_APPLICATION_PROTOCOL  TLS1_AD_NO_APPLICATION_PROTOCOL
+# define SSL_ERROR_NONE                  0
+# define SSL_ERROR_SSL                   1
+# define SSL_ERROR_WANT_READ             2
+# define SSL_ERROR_WANT_WRITE            3
+# define SSL_ERROR_WANT_X509_LOOKUP      4
+# define SSL_ERROR_SYSCALL               5/* look at error stack/return
+                                           * value/errno */
+# define SSL_ERROR_ZERO_RETURN           6
+# define SSL_ERROR_WANT_CONNECT          7
+# define SSL_ERROR_WANT_ACCEPT           8
+# define SSL_ERROR_WANT_ASYNC            9
+# define SSL_ERROR_WANT_ASYNC_JOB       10
+# define SSL_ERROR_WANT_CLIENT_HELLO_CB 11
+# define SSL_CTRL_SET_TMP_DH                     3
+# define SSL_CTRL_SET_TMP_ECDH                   4
+# define SSL_CTRL_SET_TMP_DH_CB                  6
+# define SSL_CTRL_GET_CLIENT_CERT_REQUEST        9
+# define SSL_CTRL_GET_NUM_RENEGOTIATIONS         10
+# define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS       11
+# define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS       12
+# define SSL_CTRL_GET_FLAGS                      13
+# define SSL_CTRL_EXTRA_CHAIN_CERT               14
+# define SSL_CTRL_SET_MSG_CALLBACK               15
+# define SSL_CTRL_SET_MSG_CALLBACK_ARG           16
+/* only applies to datagram connections */
+# define SSL_CTRL_SET_MTU                17
+/* Stats */
+# define SSL_CTRL_SESS_NUMBER                    20
+# define SSL_CTRL_SESS_CONNECT                   21
+# define SSL_CTRL_SESS_CONNECT_GOOD              22
+# define SSL_CTRL_SESS_CONNECT_RENEGOTIATE       23
+# define SSL_CTRL_SESS_ACCEPT                    24
+# define SSL_CTRL_SESS_ACCEPT_GOOD               25
+# define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE        26
+# define SSL_CTRL_SESS_HIT                       27
+# define SSL_CTRL_SESS_CB_HIT                    28
+# define SSL_CTRL_SESS_MISSES                    29
+# define SSL_CTRL_SESS_TIMEOUTS                  30
+# define SSL_CTRL_SESS_CACHE_FULL                31
+# define SSL_CTRL_MODE                           33
+# define SSL_CTRL_GET_READ_AHEAD                 40
+# define SSL_CTRL_SET_READ_AHEAD                 41
+# define SSL_CTRL_SET_SESS_CACHE_SIZE            42
+# define SSL_CTRL_GET_SESS_CACHE_SIZE            43
+# define SSL_CTRL_SET_SESS_CACHE_MODE            44
+# define SSL_CTRL_GET_SESS_CACHE_MODE            45
+# define SSL_CTRL_GET_MAX_CERT_LIST              50
+# define SSL_CTRL_SET_MAX_CERT_LIST              51
+# define SSL_CTRL_SET_MAX_SEND_FRAGMENT          52
+/* see tls1.h for macros based on these */
+# define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB       53
+# define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG      54
+# define SSL_CTRL_SET_TLSEXT_HOSTNAME            55
+# define SSL_CTRL_SET_TLSEXT_DEBUG_CB            56
+# define SSL_CTRL_SET_TLSEXT_DEBUG_ARG           57
+# define SSL_CTRL_GET_TLSEXT_TICKET_KEYS         58
+# define SSL_CTRL_SET_TLSEXT_TICKET_KEYS         59
+/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT    60 */
+/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61 */
+/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62 */
+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB       63
+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG   64
+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE     65
+# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS     66
+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS     67
+# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS      68
+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS      69
+# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP        70
+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP        71
+# define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB       72
+# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB    75
+# define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB                76
+# define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB             77
+# define SSL_CTRL_SET_SRP_ARG            78
+# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME               79
+# define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH               80
+# define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD               81
+# ifndef OPENSSL_NO_HEARTBEATS
+#  define SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT               85
+#  define SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING        86
+#  define SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS    87
+# endif
+# define DTLS_CTRL_GET_TIMEOUT           73
+# define DTLS_CTRL_HANDLE_TIMEOUT        74
+# define SSL_CTRL_GET_RI_SUPPORT                 76
+# define SSL_CTRL_CLEAR_MODE                     78
+# define SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB      79
+# define SSL_CTRL_GET_EXTRA_CHAIN_CERTS          82
+# define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS        83
+# define SSL_CTRL_CHAIN                          88
+# define SSL_CTRL_CHAIN_CERT                     89
+# define SSL_CTRL_GET_GROUPS                     90
+# define SSL_CTRL_SET_GROUPS                     91
+# define SSL_CTRL_SET_GROUPS_LIST                92
+# define SSL_CTRL_GET_SHARED_GROUP               93
+# define SSL_CTRL_SET_SIGALGS                    97
+# define SSL_CTRL_SET_SIGALGS_LIST               98
+# define SSL_CTRL_CERT_FLAGS                     99
+# define SSL_CTRL_CLEAR_CERT_FLAGS               100
+# define SSL_CTRL_SET_CLIENT_SIGALGS             101
+# define SSL_CTRL_SET_CLIENT_SIGALGS_LIST        102
+# define SSL_CTRL_GET_CLIENT_CERT_TYPES          103
+# define SSL_CTRL_SET_CLIENT_CERT_TYPES          104
+# define SSL_CTRL_BUILD_CERT_CHAIN               105
+# define SSL_CTRL_SET_VERIFY_CERT_STORE          106
+# define SSL_CTRL_SET_CHAIN_CERT_STORE           107
+# define SSL_CTRL_GET_PEER_SIGNATURE_NID         108
+# define SSL_CTRL_GET_SERVER_TMP_KEY             109
+# define SSL_CTRL_GET_RAW_CIPHERLIST             110
+# define SSL_CTRL_GET_EC_POINT_FORMATS           111
+# define SSL_CTRL_GET_CHAIN_CERTS                115
+# define SSL_CTRL_SELECT_CURRENT_CERT            116
+# define SSL_CTRL_SET_CURRENT_CERT               117
+# define SSL_CTRL_SET_DH_AUTO                    118
+# define DTLS_CTRL_SET_LINK_MTU                  120
+# define DTLS_CTRL_GET_LINK_MIN_MTU              121
+# define SSL_CTRL_GET_EXTMS_SUPPORT              122
+# define SSL_CTRL_SET_MIN_PROTO_VERSION          123
+# define SSL_CTRL_SET_MAX_PROTO_VERSION          124
+# define SSL_CTRL_SET_SPLIT_SEND_FRAGMENT        125
+# define SSL_CTRL_SET_MAX_PIPELINES              126
+# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE     127
+# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB       128
+# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG   129
+# define SSL_CTRL_GET_MIN_PROTO_VERSION          130
+# define SSL_CTRL_GET_MAX_PROTO_VERSION          131
+# define SSL_CERT_SET_FIRST                      1
+# define SSL_CERT_SET_NEXT                       2
+# define SSL_CERT_SET_SERVER                     3
+# define DTLSv1_get_timeout(ssl, arg) \
+        SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)(arg))
+# define DTLSv1_handle_timeout(ssl) \
+        SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL)
+# define SSL_num_renegotiations(ssl) \
+        SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL)
+# define SSL_clear_num_renegotiations(ssl) \
+        SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL)
+# define SSL_total_renegotiations(ssl) \
+        SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL)
+# define SSL_CTX_set_tmp_dh(ctx,dh) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)(dh))
+# define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)(ecdh))
+# define SSL_CTX_set_dh_auto(ctx, onoff) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_DH_AUTO,onoff,NULL)
+# define SSL_set_dh_auto(s, onoff) \
+        SSL_ctrl(s,SSL_CTRL_SET_DH_AUTO,onoff,NULL)
+# define SSL_set_tmp_dh(ssl,dh) \
+        SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)(dh))
+# define SSL_set_tmp_ecdh(ssl,ecdh) \
+        SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)(ecdh))
+# define SSL_CTX_add_extra_chain_cert(ctx,x509) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)(x509))
+# define SSL_CTX_get_extra_chain_certs(ctx,px509) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509)
+# define SSL_CTX_get_extra_chain_certs_only(ctx,px509) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,1,px509)
+# define SSL_CTX_clear_extra_chain_certs(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL)
+# define SSL_CTX_set0_chain(ctx,sk) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)(sk))
+# define SSL_CTX_set1_chain(ctx,sk) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,1,(char *)(sk))
+# define SSL_CTX_add0_chain_cert(ctx,x509) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,0,(char *)(x509))
+# define SSL_CTX_add1_chain_cert(ctx,x509) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)(x509))
+# define SSL_CTX_get0_chain_certs(ctx,px509) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERTS,0,px509)
+# define SSL_CTX_clear_chain_certs(ctx) \
+        SSL_CTX_set0_chain(ctx,NULL)
+# define SSL_CTX_build_cert_chain(ctx, flags) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL)
+# define SSL_CTX_select_current_cert(ctx,x509) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)(x509))
+# define SSL_CTX_set_current_cert(ctx, op) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURRENT_CERT, op, NULL)
+# define SSL_CTX_set0_verify_cert_store(ctx,st) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)(st))
+# define SSL_CTX_set1_verify_cert_store(ctx,st) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)(st))
+# define SSL_CTX_set0_chain_cert_store(ctx,st) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)(st))
+# define SSL_CTX_set1_chain_cert_store(ctx,st) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)(st))
+# define SSL_set0_chain(ctx,sk) \
+        SSL_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)(sk))
+# define SSL_set1_chain(ctx,sk) \
+        SSL_ctrl(ctx,SSL_CTRL_CHAIN,1,(char *)(sk))
+# define SSL_add0_chain_cert(ctx,x509) \
+        SSL_ctrl(ctx,SSL_CTRL_CHAIN_CERT,0,(char *)(x509))
+# define SSL_add1_chain_cert(ctx,x509) \
+        SSL_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)(x509))
+# define SSL_get0_chain_certs(ctx,px509) \
+        SSL_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERTS,0,px509)
+# define SSL_clear_chain_certs(ctx) \
+        SSL_set0_chain(ctx,NULL)
+# define SSL_build_cert_chain(s, flags) \
+        SSL_ctrl(s,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL)
+# define SSL_select_current_cert(ctx,x509) \
+        SSL_ctrl(ctx,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)(x509))
+# define SSL_set_current_cert(ctx,op) \
+        SSL_ctrl(ctx,SSL_CTRL_SET_CURRENT_CERT, op, NULL)
+# define SSL_set0_verify_cert_store(s,st) \
+        SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)(st))
+# define SSL_set1_verify_cert_store(s,st) \
+        SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)(st))
+# define SSL_set0_chain_cert_store(s,st) \
+        SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)(st))
+# define SSL_set1_chain_cert_store(s,st) \
+        SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)(st))
+# define SSL_get1_groups(ctx, s) \
+        SSL_ctrl(ctx,SSL_CTRL_GET_GROUPS,0,(char *)(s))
+# define SSL_CTX_set1_groups(ctx, glist, glistlen) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(char *)(glist))
+# define SSL_CTX_set1_groups_list(ctx, s) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS_LIST,0,(char *)(s))
+# define SSL_set1_groups(ctx, glist, glistlen) \
+        SSL_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(char *)(glist))
+# define SSL_set1_groups_list(ctx, s) \
+        SSL_ctrl(ctx,SSL_CTRL_SET_GROUPS_LIST,0,(char *)(s))
+# define SSL_get_shared_group(s, n) \
+        SSL_ctrl(s,SSL_CTRL_GET_SHARED_GROUP,n,NULL)
+# define SSL_CTX_set1_sigalgs(ctx, slist, slistlen) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)(slist))
+# define SSL_CTX_set1_sigalgs_list(ctx, s) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)(s))
+# define SSL_set1_sigalgs(ctx, slist, slistlen) \
+        SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)(slist))
+# define SSL_set1_sigalgs_list(ctx, s) \
+        SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)(s))
+# define SSL_CTX_set1_client_sigalgs(ctx, slist, slistlen) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,slistlen,(int *)(slist))
+# define SSL_CTX_set1_client_sigalgs_list(ctx, s) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)(s))
+# define SSL_set1_client_sigalgs(ctx, slist, slistlen) \
+        SSL_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,clistlen,(int *)(slist))
+# define SSL_set1_client_sigalgs_list(ctx, s) \
+        SSL_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)(s))
+# define SSL_get0_certificate_types(s, clist) \
+        SSL_ctrl(s, SSL_CTRL_GET_CLIENT_CERT_TYPES, 0, (char *)(clist))
+# define SSL_CTX_set1_client_certificate_types(ctx, clist, clistlen) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen, \
+                     (char *)(clist))
+# define SSL_set1_client_certificate_types(s, clist, clistlen) \
+        SSL_ctrl(s,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen,(char *)(clist))
+# define SSL_get_peer_signature_nid(s, pn) \
+        SSL_ctrl(s,SSL_CTRL_GET_PEER_SIGNATURE_NID,0,pn)
+# define SSL_get_server_tmp_key(s, pk) \
+        SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk)
+# define SSL_get0_raw_cipherlist(s, plst) \
+        SSL_ctrl(s,SSL_CTRL_GET_RAW_CIPHERLIST,0,plst)
+# define SSL_get0_ec_point_formats(s, plst) \
+        SSL_ctrl(s,SSL_CTRL_GET_EC_POINT_FORMATS,0,plst)
+# define SSL_CTX_set_min_proto_version(ctx, version) \
+        SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL)
+# define SSL_CTX_set_max_proto_version(ctx, version) \
+        SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL)
+# define SSL_CTX_get_min_proto_version(ctx) \
+        SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL)
+# define SSL_CTX_get_max_proto_version(ctx) \
+        SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL)
+# define SSL_set_min_proto_version(s, version) \
+        SSL_ctrl(s, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL)
+# define SSL_set_max_proto_version(s, version) \
+        SSL_ctrl(s, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL)
+# define SSL_get_min_proto_version(s) \
+        SSL_ctrl(s, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL)
+# define SSL_get_max_proto_version(s) \
+        SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL)
+
+/*
+ * The following symbol names are old and obsolete. They are kept
+ * for compatibility reasons only and should not be used anymore.
+ */
+# define SSL_CTRL_GET_CURVES           SSL_CTRL_GET_GROUPS
+# define SSL_CTRL_SET_CURVES           SSL_CTRL_SET_GROUPS
+# define SSL_CTRL_SET_CURVES_LIST      SSL_CTRL_SET_GROUPS_LIST
+# define SSL_CTRL_GET_SHARED_CURVE     SSL_CTRL_GET_SHARED_GROUP
+
+# define SSL_get1_curves               SSL_get1_groups
+# define SSL_CTX_set1_curves           SSL_CTX_set1_groups
+# define SSL_CTX_set1_curves_list      SSL_CTX_set1_groups_list
+# define SSL_set1_curves               SSL_set1_groups
+# define SSL_set1_curves_list          SSL_set1_groups_list
+# define SSL_get_shared_curve          SSL_get_shared_group
+
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+/* Provide some compatibility macros for removed functionality. */
+#  define SSL_CTX_need_tmp_RSA(ctx)                0
+#  define SSL_CTX_set_tmp_rsa(ctx,rsa)             1
+#  define SSL_need_tmp_RSA(ssl)                    0
+#  define SSL_set_tmp_rsa(ssl,rsa)                 1
+#  define SSL_CTX_set_ecdh_auto(dummy, onoff)      ((onoff) != 0)
+#  define SSL_set_ecdh_auto(dummy, onoff)          ((onoff) != 0)
+/*
+ * We "pretend" to call the callback to avoid warnings about unused static
+ * functions.
+ */
+#  define SSL_CTX_set_tmp_rsa_callback(ctx, cb)    while(0) (cb)(NULL, 0, 0)
+#  define SSL_set_tmp_rsa_callback(ssl, cb)        while(0) (cb)(NULL, 0, 0)
+# endif
+__owur const BIO_METHOD *BIO_f_ssl(void);
+__owur BIO *BIO_new_ssl(SSL_CTX *ctx, int client);
+__owur BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
+__owur BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
+__owur int BIO_ssl_copy_session_id(BIO *to, BIO *from);
+void BIO_ssl_shutdown(BIO *ssl_bio);
+
+__owur int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str);
+__owur SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
+int SSL_CTX_up_ref(SSL_CTX *ctx);
+void SSL_CTX_free(SSL_CTX *);
+__owur long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
+__owur long SSL_CTX_get_timeout(const SSL_CTX *ctx);
+__owur X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
+void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *);
+void SSL_CTX_set1_cert_store(SSL_CTX *, X509_STORE *);
+__owur int SSL_want(const SSL *s);
+__owur int SSL_clear(SSL *s);
+
+void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm);
+
+__owur const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
+__owur const SSL_CIPHER *SSL_get_pending_cipher(const SSL *s);
+__owur int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits);
+__owur const char *SSL_CIPHER_get_version(const SSL_CIPHER *c);
+__owur const char *SSL_CIPHER_get_name(const SSL_CIPHER *c);
+__owur const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c);
+__owur const char *OPENSSL_cipher_name(const char *rfc_name);
+__owur uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c);
+__owur uint16_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c);
+__owur int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c);
+__owur int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c);
+__owur const EVP_MD *SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c);
+__owur int SSL_CIPHER_is_aead(const SSL_CIPHER *c);
+
+__owur int SSL_get_fd(const SSL *s);
+__owur int SSL_get_rfd(const SSL *s);
+__owur int SSL_get_wfd(const SSL *s);
+__owur const char *SSL_get_cipher_list(const SSL *s, int n);
+__owur char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size);
+__owur int SSL_get_read_ahead(const SSL *s);
+__owur int SSL_pending(const SSL *s);
+__owur int SSL_has_pending(const SSL *s);
+# ifndef OPENSSL_NO_SOCK
+__owur int SSL_set_fd(SSL *s, int fd);
+__owur int SSL_set_rfd(SSL *s, int fd);
+__owur int SSL_set_wfd(SSL *s, int fd);
+# endif
+void SSL_set0_rbio(SSL *s, BIO *rbio);
+void SSL_set0_wbio(SSL *s, BIO *wbio);
+void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio);
+__owur BIO *SSL_get_rbio(const SSL *s);
+__owur BIO *SSL_get_wbio(const SSL *s);
+__owur int SSL_set_cipher_list(SSL *s, const char *str);
+__owur int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str);
+__owur int SSL_set_ciphersuites(SSL *s, const char *str);
+void SSL_set_read_ahead(SSL *s, int yes);
+__owur int SSL_get_verify_mode(const SSL *s);
+__owur int SSL_get_verify_depth(const SSL *s);
+__owur SSL_verify_cb SSL_get_verify_callback(const SSL *s);
+void SSL_set_verify(SSL *s, int mode, SSL_verify_cb callback);
+void SSL_set_verify_depth(SSL *s, int depth);
+void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg);
+# ifndef OPENSSL_NO_RSA
+__owur int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
+__owur int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d,
+                                      long len);
+# endif
+__owur int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
+__owur int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d,
+                                   long len);
+__owur int SSL_use_certificate(SSL *ssl, X509 *x);
+__owur int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len);
+__owur int SSL_use_cert_and_key(SSL *ssl, X509 *x509, EVP_PKEY *privatekey,
+                                STACK_OF(X509) *chain, int override);
+
+
+/* serverinfo file format versions */
+# define SSL_SERVERINFOV1   1
+# define SSL_SERVERINFOV2   2
+
+/* Set serverinfo data for the current active cert. */
+__owur int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo,
+                                  size_t serverinfo_length);
+__owur int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version,
+                                     const unsigned char *serverinfo,
+                                     size_t serverinfo_length);
+__owur int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file);
+
+#ifndef OPENSSL_NO_RSA
+__owur int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
+#endif
+
+__owur int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
+__owur int SSL_use_certificate_file(SSL *ssl, const char *file, int type);
+
+#ifndef OPENSSL_NO_RSA
+__owur int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file,
+                                          int type);
+#endif
+__owur int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file,
+                                       int type);
+__owur int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file,
+                                        int type);
+/* PEM type */
+__owur int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file);
+__owur int SSL_use_certificate_chain_file(SSL *ssl, const char *file);
+__owur STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
+__owur int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
+                                               const char *file);
+int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
+                                       const char *dir);
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define SSL_load_error_strings() \
+    OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \
+                     | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL)
+# endif
+
+__owur const char *SSL_state_string(const SSL *s);
+__owur const char *SSL_rstate_string(const SSL *s);
+__owur const char *SSL_state_string_long(const SSL *s);
+__owur const char *SSL_rstate_string_long(const SSL *s);
+__owur long SSL_SESSION_get_time(const SSL_SESSION *s);
+__owur long SSL_SESSION_set_time(SSL_SESSION *s, long t);
+__owur long SSL_SESSION_get_timeout(const SSL_SESSION *s);
+__owur long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
+__owur int SSL_SESSION_get_protocol_version(const SSL_SESSION *s);
+__owur int SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version);
+
+__owur const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s);
+__owur int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname);
+void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s,
+                                    const unsigned char **alpn,
+                                    size_t *len);
+__owur int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s,
+                                          const unsigned char *alpn,
+                                          size_t len);
+__owur const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s);
+__owur int SSL_SESSION_set_cipher(SSL_SESSION *s, const SSL_CIPHER *cipher);
+__owur int SSL_SESSION_has_ticket(const SSL_SESSION *s);
+__owur unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s);
+void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick,
+                             size_t *len);
+__owur uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *s);
+__owur int SSL_SESSION_set_max_early_data(SSL_SESSION *s,
+                                          uint32_t max_early_data);
+__owur int SSL_copy_session_id(SSL *to, const SSL *from);
+__owur X509 *SSL_SESSION_get0_peer(SSL_SESSION *s);
+__owur int SSL_SESSION_set1_id_context(SSL_SESSION *s,
+                                       const unsigned char *sid_ctx,
+                                       unsigned int sid_ctx_len);
+__owur int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid,
+                               unsigned int sid_len);
+__owur int SSL_SESSION_is_resumable(const SSL_SESSION *s);
+
+__owur SSL_SESSION *SSL_SESSION_new(void);
+__owur SSL_SESSION *SSL_SESSION_dup(SSL_SESSION *src);
+const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
+                                        unsigned int *len);
+const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s,
+                                                 unsigned int *len);
+__owur unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s);
+# ifndef OPENSSL_NO_STDIO
+int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses);
+# endif
+int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses);
+int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x);
+int SSL_SESSION_up_ref(SSL_SESSION *ses);
+void SSL_SESSION_free(SSL_SESSION *ses);
+__owur int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp);
+__owur int SSL_set_session(SSL *to, SSL_SESSION *session);
+int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *session);
+int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *session);
+__owur int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb);
+__owur int SSL_set_generate_session_id(SSL *s, GEN_SESSION_CB cb);
+__owur int SSL_has_matching_session_id(const SSL *s,
+                                       const unsigned char *id,
+                                       unsigned int id_len);
+SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
+                             long length);
+
+# ifdef HEADER_X509_H
+__owur X509 *SSL_get_peer_certificate(const SSL *s);
+# endif
+
+__owur STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s);
+
+__owur int SSL_CTX_get_verify_mode(const SSL_CTX *ctx);
+__owur int SSL_CTX_get_verify_depth(const SSL_CTX *ctx);
+__owur SSL_verify_cb SSL_CTX_get_verify_callback(const SSL_CTX *ctx);
+void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, SSL_verify_cb callback);
+void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth);
+void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
+                                      int (*cb) (X509_STORE_CTX *, void *),
+                                      void *arg);
+void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg),
+                         void *arg);
+# ifndef OPENSSL_NO_RSA
+__owur int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
+__owur int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d,
+                                          long len);
+# endif
+__owur int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
+__owur int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx,
+                                       const unsigned char *d, long len);
+__owur int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
+__owur int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len,
+                                        const unsigned char *d);
+__owur int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x509, EVP_PKEY *privatekey,
+                                    STACK_OF(X509) *chain, int override);
+
+void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
+void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
+pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx);
+void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx);
+void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb);
+void SSL_set_default_passwd_cb_userdata(SSL *s, void *u);
+pem_password_cb *SSL_get_default_passwd_cb(SSL *s);
+void *SSL_get_default_passwd_cb_userdata(SSL *s);
+
+__owur int SSL_CTX_check_private_key(const SSL_CTX *ctx);
+__owur int SSL_check_private_key(const SSL *ctx);
+
+__owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx,
+                                          const unsigned char *sid_ctx,
+                                          unsigned int sid_ctx_len);
+
+SSL *SSL_new(SSL_CTX *ctx);
+int SSL_up_ref(SSL *s);
+int SSL_is_dtls(const SSL *s);
+__owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
+                                      unsigned int sid_ctx_len);
+
+__owur int SSL_CTX_set_purpose(SSL_CTX *ctx, int purpose);
+__owur int SSL_set_purpose(SSL *ssl, int purpose);
+__owur int SSL_CTX_set_trust(SSL_CTX *ctx, int trust);
+__owur int SSL_set_trust(SSL *ssl, int trust);
+
+__owur int SSL_set1_host(SSL *s, const char *hostname);
+__owur int SSL_add1_host(SSL *s, const char *hostname);
+__owur const char *SSL_get0_peername(SSL *s);
+void SSL_set_hostflags(SSL *s, unsigned int flags);
+
+__owur int SSL_CTX_dane_enable(SSL_CTX *ctx);
+__owur int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md,
+                                  uint8_t mtype, uint8_t ord);
+__owur int SSL_dane_enable(SSL *s, const char *basedomain);
+__owur int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector,
+                             uint8_t mtype, unsigned const char *data, size_t dlen);
+__owur int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki);
+__owur int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector,
+                              uint8_t *mtype, unsigned const char **data,
+                              size_t *dlen);
+/*
+ * Bridge opacity barrier between libcrypt and libssl, also needed to support
+ * offline testing in test/danetest.c
+ */
+SSL_DANE *SSL_get0_dane(SSL *ssl);
+/*
+ * DANE flags
+ */
+unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags);
+unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags);
+unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags);
+unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags);
+
+__owur int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm);
+__owur int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm);
+
+__owur X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx);
+__owur X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl);
+
+# ifndef OPENSSL_NO_SRP
+int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name);
+int SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password);
+int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength);
+int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx,
+                                        char *(*cb) (SSL *, void *));
+int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx,
+                                          int (*cb) (SSL *, void *));
+int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx,
+                                      int (*cb) (SSL *, int *, void *));
+int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg);
+
+int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g,
+                             BIGNUM *sa, BIGNUM *v, char *info);
+int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass,
+                                const char *grp);
+
+__owur BIGNUM *SSL_get_srp_g(SSL *s);
+__owur BIGNUM *SSL_get_srp_N(SSL *s);
+
+__owur char *SSL_get_srp_username(SSL *s);
+__owur char *SSL_get_srp_userinfo(SSL *s);
+# endif
+
+/*
+ * ClientHello callback and helpers.
+ */
+
+# define SSL_CLIENT_HELLO_SUCCESS 1
+# define SSL_CLIENT_HELLO_ERROR   0
+# define SSL_CLIENT_HELLO_RETRY   (-1)
+
+typedef int (*SSL_client_hello_cb_fn) (SSL *s, int *al, void *arg);
+void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn cb,
+                                 void *arg);
+int SSL_client_hello_isv2(SSL *s);
+unsigned int SSL_client_hello_get0_legacy_version(SSL *s);
+size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out);
+size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out);
+size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out);
+size_t SSL_client_hello_get0_compression_methods(SSL *s,
+                                                 const unsigned char **out);
+int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen);
+int SSL_client_hello_get0_ext(SSL *s, unsigned int type,
+                              const unsigned char **out, size_t *outlen);
+
+void SSL_certs_clear(SSL *s);
+void SSL_free(SSL *ssl);
+# ifdef OSSL_ASYNC_FD
+/*
+ * Windows application developer has to include windows.h to use these.
+ */
+__owur int SSL_waiting_for_async(SSL *s);
+__owur int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds);
+__owur int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd,
+                                     size_t *numaddfds, OSSL_ASYNC_FD *delfd,
+                                     size_t *numdelfds);
+# endif
+__owur int SSL_accept(SSL *ssl);
+__owur int SSL_stateless(SSL *s);
+__owur int SSL_connect(SSL *ssl);
+__owur int SSL_read(SSL *ssl, void *buf, int num);
+__owur int SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes);
+
+# define SSL_READ_EARLY_DATA_ERROR   0
+# define SSL_READ_EARLY_DATA_SUCCESS 1
+# define SSL_READ_EARLY_DATA_FINISH  2
+
+__owur int SSL_read_early_data(SSL *s, void *buf, size_t num,
+                               size_t *readbytes);
+__owur int SSL_peek(SSL *ssl, void *buf, int num);
+__owur int SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes);
+__owur int SSL_write(SSL *ssl, const void *buf, int num);
+__owur int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written);
+__owur int SSL_write_early_data(SSL *s, const void *buf, size_t num,
+                                size_t *written);
+long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg);
+long SSL_callback_ctrl(SSL *, int, void (*)(void));
+long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg);
+long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void));
+
+# define SSL_EARLY_DATA_NOT_SENT    0
+# define SSL_EARLY_DATA_REJECTED    1
+# define SSL_EARLY_DATA_ACCEPTED    2
+
+__owur int SSL_get_early_data_status(const SSL *s);
+
+__owur int SSL_get_error(const SSL *s, int ret_code);
+__owur const char *SSL_get_version(const SSL *s);
+
+/* This sets the 'default' SSL version that SSL_new() will create */
+__owur int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);
+
+# ifndef OPENSSL_NO_SSL3_METHOD
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_method(void)) /* SSLv3 */
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_server_method(void))
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_client_method(void))
+# endif
+
+#define SSLv23_method           TLS_method
+#define SSLv23_server_method    TLS_server_method
+#define SSLv23_client_method    TLS_client_method
+
+/* Negotiate highest available SSL/TLS version */
+__owur const SSL_METHOD *TLS_method(void);
+__owur const SSL_METHOD *TLS_server_method(void);
+__owur const SSL_METHOD *TLS_client_method(void);
+
+# ifndef OPENSSL_NO_TLS1_METHOD
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_method(void)) /* TLSv1.0 */
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_server_method(void))
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_client_method(void))
+# endif
+
+# ifndef OPENSSL_NO_TLS1_1_METHOD
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_method(void)) /* TLSv1.1 */
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_server_method(void))
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_client_method(void))
+# endif
+
+# ifndef OPENSSL_NO_TLS1_2_METHOD
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_method(void)) /* TLSv1.2 */
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_server_method(void))
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_client_method(void))
+# endif
+
+# ifndef OPENSSL_NO_DTLS1_METHOD
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_method(void)) /* DTLSv1.0 */
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_server_method(void))
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_client_method(void))
+# endif
+
+# ifndef OPENSSL_NO_DTLS1_2_METHOD
+/* DTLSv1.2 */
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_method(void))
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_server_method(void))
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_client_method(void))
+# endif
+
+__owur const SSL_METHOD *DTLS_method(void); /* DTLS 1.0 and 1.2 */
+__owur const SSL_METHOD *DTLS_server_method(void); /* DTLS 1.0 and 1.2 */
+__owur const SSL_METHOD *DTLS_client_method(void); /* DTLS 1.0 and 1.2 */
+
+__owur size_t DTLS_get_data_mtu(const SSL *s);
+
+__owur STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s);
+__owur STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx);
+__owur STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s);
+__owur STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s);
+
+__owur int SSL_do_handshake(SSL *s);
+int SSL_key_update(SSL *s, int updatetype);
+int SSL_get_key_update_type(SSL *s);
+int SSL_renegotiate(SSL *s);
+int SSL_renegotiate_abbreviated(SSL *s);
+__owur int SSL_renegotiate_pending(SSL *s);
+int SSL_shutdown(SSL *s);
+__owur int SSL_verify_client_post_handshake(SSL *s);
+void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val);
+void SSL_set_post_handshake_auth(SSL *s, int val);
+
+__owur const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx);
+__owur const SSL_METHOD *SSL_get_ssl_method(SSL *s);
+__owur int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method);
+__owur const char *SSL_alert_type_string_long(int value);
+__owur const char *SSL_alert_type_string(int value);
+__owur const char *SSL_alert_desc_string_long(int value);
+__owur const char *SSL_alert_desc_string(int value);
+
+void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
+void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
+__owur const STACK_OF(X509_NAME) *SSL_get0_CA_list(const SSL *s);
+__owur const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx);
+__owur int SSL_add1_to_CA_list(SSL *ssl, const X509 *x);
+__owur int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x);
+__owur const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s);
+
+void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
+void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
+__owur STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);
+__owur STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s);
+__owur int SSL_add_client_CA(SSL *ssl, X509 *x);
+__owur int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x);
+
+void SSL_set_connect_state(SSL *s);
+void SSL_set_accept_state(SSL *s);
+
+__owur long SSL_get_default_timeout(const SSL *s);
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define SSL_library_init() OPENSSL_init_ssl(0, NULL)
+# endif
+
+__owur char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size);
+__owur STACK_OF(X509_NAME) *SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk);
+
+__owur SSL *SSL_dup(SSL *ssl);
+
+__owur X509 *SSL_get_certificate(const SSL *ssl);
+/*
+ * EVP_PKEY
+ */
+struct evp_pkey_st *SSL_get_privatekey(const SSL *ssl);
+
+__owur X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx);
+__owur EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx);
+
+void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode);
+__owur int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
+void SSL_set_quiet_shutdown(SSL *ssl, int mode);
+__owur int SSL_get_quiet_shutdown(const SSL *ssl);
+void SSL_set_shutdown(SSL *ssl, int mode);
+__owur int SSL_get_shutdown(const SSL *ssl);
+__owur int SSL_version(const SSL *ssl);
+__owur int SSL_client_version(const SSL *s);
+__owur int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
+__owur int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx);
+__owur int SSL_CTX_set_default_verify_file(SSL_CTX *ctx);
+__owur int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
+                                         const char *CApath);
+# define SSL_get0_session SSL_get_session/* just peek at pointer */
+__owur SSL_SESSION *SSL_get_session(const SSL *ssl);
+__owur SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */
+__owur SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
+SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx);
+void SSL_set_info_callback(SSL *ssl,
+                           void (*cb) (const SSL *ssl, int type, int val));
+void (*SSL_get_info_callback(const SSL *ssl)) (const SSL *ssl, int type,
+                                               int val);
+__owur OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl);
+
+void SSL_set_verify_result(SSL *ssl, long v);
+__owur long SSL_get_verify_result(const SSL *ssl);
+__owur STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s);
+
+__owur size_t SSL_get_client_random(const SSL *ssl, unsigned char *out,
+                                    size_t outlen);
+__owur size_t SSL_get_server_random(const SSL *ssl, unsigned char *out,
+                                    size_t outlen);
+__owur size_t SSL_SESSION_get_master_key(const SSL_SESSION *sess,
+                                         unsigned char *out, size_t outlen);
+__owur int SSL_SESSION_set1_master_key(SSL_SESSION *sess,
+                                       const unsigned char *in, size_t len);
+uint8_t SSL_SESSION_get_max_fragment_length(const SSL_SESSION *sess);
+
+#define SSL_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, l, p, newf, dupf, freef)
+__owur int SSL_set_ex_data(SSL *ssl, int idx, void *data);
+void *SSL_get_ex_data(const SSL *ssl, int idx);
+#define SSL_SESSION_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, l, p, newf, dupf, freef)
+__owur int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data);
+void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss, int idx);
+#define SSL_CTX_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, l, p, newf, dupf, freef)
+__owur int SSL_CTX_set_ex_data(SSL_CTX *ssl, int idx, void *data);
+void *SSL_CTX_get_ex_data(const SSL_CTX *ssl, int idx);
+
+__owur int SSL_get_ex_data_X509_STORE_CTX_idx(void);
+
+# define SSL_CTX_sess_set_cache_size(ctx,t) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL)
+# define SSL_CTX_sess_get_cache_size(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL)
+# define SSL_CTX_set_session_cache_mode(ctx,m) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL)
+# define SSL_CTX_get_session_cache_mode(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL)
+
+# define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx)
+# define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m)
+# define SSL_CTX_get_read_ahead(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL)
+# define SSL_CTX_set_read_ahead(ctx,m) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL)
+# define SSL_CTX_get_max_cert_list(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
+# define SSL_CTX_set_max_cert_list(ctx,m) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
+# define SSL_get_max_cert_list(ssl) \
+        SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
+# define SSL_set_max_cert_list(ssl,m) \
+        SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
+
+# define SSL_CTX_set_max_send_fragment(ctx,m) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
+# define SSL_set_max_send_fragment(ssl,m) \
+        SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
+# define SSL_CTX_set_split_send_fragment(ctx,m) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SPLIT_SEND_FRAGMENT,m,NULL)
+# define SSL_set_split_send_fragment(ssl,m) \
+        SSL_ctrl(ssl,SSL_CTRL_SET_SPLIT_SEND_FRAGMENT,m,NULL)
+# define SSL_CTX_set_max_pipelines(ctx,m) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_PIPELINES,m,NULL)
+# define SSL_set_max_pipelines(ssl,m) \
+        SSL_ctrl(ssl,SSL_CTRL_SET_MAX_PIPELINES,m,NULL)
+
+void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len);
+void SSL_set_default_read_buffer_len(SSL *s, size_t len);
+
+# ifndef OPENSSL_NO_DH
+/* NB: the |keylength| is only applicable when is_export is true */
+void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
+                                 DH *(*dh) (SSL *ssl, int is_export,
+                                            int keylength));
+void SSL_set_tmp_dh_callback(SSL *ssl,
+                             DH *(*dh) (SSL *ssl, int is_export,
+                                        int keylength));
+# endif
+
+__owur const COMP_METHOD *SSL_get_current_compression(SSL *s);
+__owur const COMP_METHOD *SSL_get_current_expansion(SSL *s);
+__owur const char *SSL_COMP_get_name(const COMP_METHOD *comp);
+__owur const char *SSL_COMP_get0_name(const SSL_COMP *comp);
+__owur int SSL_COMP_get_id(const SSL_COMP *comp);
+STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
+__owur STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP)
+                                                             *meths);
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define SSL_COMP_free_compression_methods() while(0) continue
+# endif
+__owur int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm);
+
+const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr);
+int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c);
+int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c);
+int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len,
+                             int isv2format, STACK_OF(SSL_CIPHER) **sk,
+                             STACK_OF(SSL_CIPHER) **scsvs);
+
+/* TLS extensions functions */
+__owur int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len);
+
+__owur int SSL_set_session_ticket_ext_cb(SSL *s,
+                                         tls_session_ticket_ext_cb_fn cb,
+                                         void *arg);
+
+/* Pre-shared secret session resumption functions */
+__owur int SSL_set_session_secret_cb(SSL *s,
+                                     tls_session_secret_cb_fn session_secret_cb,
+                                     void *arg);
+
+void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx,
+                                                int (*cb) (SSL *ssl,
+                                                           int
+                                                           is_forward_secure));
+
+void SSL_set_not_resumable_session_callback(SSL *ssl,
+                                            int (*cb) (SSL *ssl,
+                                                       int is_forward_secure));
+
+void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx,
+                                         size_t (*cb) (SSL *ssl, int type,
+                                                       size_t len, void *arg));
+void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg);
+void *SSL_CTX_get_record_padding_callback_arg(SSL_CTX *ctx);
+int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size);
+
+void SSL_set_record_padding_callback(SSL *ssl,
+                                    size_t (*cb) (SSL *ssl, int type,
+                                                  size_t len, void *arg));
+void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg);
+void *SSL_get_record_padding_callback_arg(SSL *ssl);
+int SSL_set_block_padding(SSL *ssl, size_t block_size);
+
+int SSL_set_num_tickets(SSL *s, size_t num_tickets);
+size_t SSL_get_num_tickets(SSL *s);
+int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets);
+size_t SSL_CTX_get_num_tickets(SSL_CTX *ctx);
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define SSL_cache_hit(s) SSL_session_reused(s)
+# endif
+
+__owur int SSL_session_reused(SSL *s);
+__owur int SSL_is_server(const SSL *s);
+
+__owur __owur SSL_CONF_CTX *SSL_CONF_CTX_new(void);
+int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx);
+void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx);
+unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags);
+__owur unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx,
+                                             unsigned int flags);
+__owur int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *pre);
+
+void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl);
+void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx);
+
+__owur int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value);
+__owur int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv);
+__owur int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd);
+
+void SSL_add_ssl_module(void);
+int SSL_config(SSL *s, const char *name);
+int SSL_CTX_config(SSL_CTX *ctx, const char *name);
+
+# ifndef OPENSSL_NO_SSL_TRACE
+void SSL_trace(int write_p, int version, int content_type,
+               const void *buf, size_t len, SSL *ssl, void *arg);
+# endif
+
+# ifndef OPENSSL_NO_SOCK
+int DTLSv1_listen(SSL *s, BIO_ADDR *client);
+# endif
+
+# ifndef OPENSSL_NO_CT
+
+/*
+ * A callback for verifying that the received SCTs are sufficient.
+ * Expected to return 1 if they are sufficient, otherwise 0.
+ * May return a negative integer if an error occurs.
+ * A connection should be aborted if the SCTs are deemed insufficient.
+ */
+typedef int (*ssl_ct_validation_cb)(const CT_POLICY_EVAL_CTX *ctx,
+                                    const STACK_OF(SCT) *scts, void *arg);
+
+/*
+ * Sets a |callback| that is invoked upon receipt of ServerHelloDone to validate
+ * the received SCTs.
+ * If the callback returns a non-positive result, the connection is terminated.
+ * Call this function before beginning a handshake.
+ * If a NULL |callback| is provided, SCT validation is disabled.
+ * |arg| is arbitrary userdata that will be passed to the callback whenever it
+ * is invoked. Ownership of |arg| remains with the caller.
+ *
+ * NOTE: A side-effect of setting a CT callback is that an OCSP stapled response
+ *       will be requested.
+ */
+int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback,
+                                   void *arg);
+int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx,
+                                       ssl_ct_validation_cb callback,
+                                       void *arg);
+#define SSL_disable_ct(s) \
+        ((void) SSL_set_validation_callback((s), NULL, NULL))
+#define SSL_CTX_disable_ct(ctx) \
+        ((void) SSL_CTX_set_validation_callback((ctx), NULL, NULL))
+
+/*
+ * The validation type enumerates the available behaviours of the built-in SSL
+ * CT validation callback selected via SSL_enable_ct() and SSL_CTX_enable_ct().
+ * The underlying callback is a static function in libssl.
+ */
+enum {
+    SSL_CT_VALIDATION_PERMISSIVE = 0,
+    SSL_CT_VALIDATION_STRICT
+};
+
+/*
+ * Enable CT by setting up a callback that implements one of the built-in
+ * validation variants.  The SSL_CT_VALIDATION_PERMISSIVE variant always
+ * continues the handshake, the application can make appropriate decisions at
+ * handshake completion.  The SSL_CT_VALIDATION_STRICT variant requires at
+ * least one valid SCT, or else handshake termination will be requested.  The
+ * handshake may continue anyway if SSL_VERIFY_NONE is in effect.
+ */
+int SSL_enable_ct(SSL *s, int validation_mode);
+int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode);
+
+/*
+ * Report whether a non-NULL callback is enabled.
+ */
+int SSL_ct_is_enabled(const SSL *s);
+int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx);
+
+/* Gets the SCTs received from a connection */
+const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s);
+
+/*
+ * Loads the CT log list from the default location.
+ * If a CTLOG_STORE has previously been set using SSL_CTX_set_ctlog_store,
+ * the log information loaded from this file will be appended to the
+ * CTLOG_STORE.
+ * Returns 1 on success, 0 otherwise.
+ */
+int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx);
+
+/*
+ * Loads the CT log list from the specified file path.
+ * If a CTLOG_STORE has previously been set using SSL_CTX_set_ctlog_store,
+ * the log information loaded from this file will be appended to the
+ * CTLOG_STORE.
+ * Returns 1 on success, 0 otherwise.
+ */
+int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path);
+
+/*
+ * Sets the CT log list used by all SSL connections created from this SSL_CTX.
+ * Ownership of the CTLOG_STORE is transferred to the SSL_CTX.
+ */
+void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE *logs);
+
+/*
+ * Gets the CT log list used by all SSL connections created from this SSL_CTX.
+ * This will be NULL unless one of the following functions has been called:
+ * - SSL_CTX_set_default_ctlog_list_file
+ * - SSL_CTX_set_ctlog_list_file
+ * - SSL_CTX_set_ctlog_store
+ */
+const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx);
+
+# endif /* OPENSSL_NO_CT */
+
+/* What the "other" parameter contains in security callback */
+/* Mask for type */
+# define SSL_SECOP_OTHER_TYPE    0xffff0000
+# define SSL_SECOP_OTHER_NONE    0
+# define SSL_SECOP_OTHER_CIPHER  (1 << 16)
+# define SSL_SECOP_OTHER_CURVE   (2 << 16)
+# define SSL_SECOP_OTHER_DH      (3 << 16)
+# define SSL_SECOP_OTHER_PKEY    (4 << 16)
+# define SSL_SECOP_OTHER_SIGALG  (5 << 16)
+# define SSL_SECOP_OTHER_CERT    (6 << 16)
+
+/* Indicated operation refers to peer key or certificate */
+# define SSL_SECOP_PEER          0x1000
+
+/* Values for "op" parameter in security callback */
+
+/* Called to filter ciphers */
+/* Ciphers client supports */
+# define SSL_SECOP_CIPHER_SUPPORTED      (1 | SSL_SECOP_OTHER_CIPHER)
+/* Cipher shared by client/server */
+# define SSL_SECOP_CIPHER_SHARED         (2 | SSL_SECOP_OTHER_CIPHER)
+/* Sanity check of cipher server selects */
+# define SSL_SECOP_CIPHER_CHECK          (3 | SSL_SECOP_OTHER_CIPHER)
+/* Curves supported by client */
+# define SSL_SECOP_CURVE_SUPPORTED       (4 | SSL_SECOP_OTHER_CURVE)
+/* Curves shared by client/server */
+# define SSL_SECOP_CURVE_SHARED          (5 | SSL_SECOP_OTHER_CURVE)
+/* Sanity check of curve server selects */
+# define SSL_SECOP_CURVE_CHECK           (6 | SSL_SECOP_OTHER_CURVE)
+/* Temporary DH key */
+# define SSL_SECOP_TMP_DH                (7 | SSL_SECOP_OTHER_PKEY)
+/* SSL/TLS version */
+# define SSL_SECOP_VERSION               (9 | SSL_SECOP_OTHER_NONE)
+/* Session tickets */
+# define SSL_SECOP_TICKET                (10 | SSL_SECOP_OTHER_NONE)
+/* Supported signature algorithms sent to peer */
+# define SSL_SECOP_SIGALG_SUPPORTED      (11 | SSL_SECOP_OTHER_SIGALG)
+/* Shared signature algorithm */
+# define SSL_SECOP_SIGALG_SHARED         (12 | SSL_SECOP_OTHER_SIGALG)
+/* Sanity check signature algorithm allowed */
+# define SSL_SECOP_SIGALG_CHECK          (13 | SSL_SECOP_OTHER_SIGALG)
+/* Used to get mask of supported public key signature algorithms */
+# define SSL_SECOP_SIGALG_MASK           (14 | SSL_SECOP_OTHER_SIGALG)
+/* Use to see if compression is allowed */
+# define SSL_SECOP_COMPRESSION           (15 | SSL_SECOP_OTHER_NONE)
+/* EE key in certificate */
+# define SSL_SECOP_EE_KEY                (16 | SSL_SECOP_OTHER_CERT)
+/* CA key in certificate */
+# define SSL_SECOP_CA_KEY                (17 | SSL_SECOP_OTHER_CERT)
+/* CA digest algorithm in certificate */
+# define SSL_SECOP_CA_MD                 (18 | SSL_SECOP_OTHER_CERT)
+/* Peer EE key in certificate */
+# define SSL_SECOP_PEER_EE_KEY           (SSL_SECOP_EE_KEY | SSL_SECOP_PEER)
+/* Peer CA key in certificate */
+# define SSL_SECOP_PEER_CA_KEY           (SSL_SECOP_CA_KEY | SSL_SECOP_PEER)
+/* Peer CA digest algorithm in certificate */
+# define SSL_SECOP_PEER_CA_MD            (SSL_SECOP_CA_MD | SSL_SECOP_PEER)
+
+void SSL_set_security_level(SSL *s, int level);
+__owur int SSL_get_security_level(const SSL *s);
+void SSL_set_security_callback(SSL *s,
+                               int (*cb) (const SSL *s, const SSL_CTX *ctx,
+                                          int op, int bits, int nid,
+                                          void *other, void *ex));
+int (*SSL_get_security_callback(const SSL *s)) (const SSL *s,
+                                                const SSL_CTX *ctx, int op,
+                                                int bits, int nid, void *other,
+                                                void *ex);
+void SSL_set0_security_ex_data(SSL *s, void *ex);
+__owur void *SSL_get0_security_ex_data(const SSL *s);
+
+void SSL_CTX_set_security_level(SSL_CTX *ctx, int level);
+__owur int SSL_CTX_get_security_level(const SSL_CTX *ctx);
+void SSL_CTX_set_security_callback(SSL_CTX *ctx,
+                                   int (*cb) (const SSL *s, const SSL_CTX *ctx,
+                                              int op, int bits, int nid,
+                                              void *other, void *ex));
+int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (const SSL *s,
+                                                          const SSL_CTX *ctx,
+                                                          int op, int bits,
+                                                          int nid,
+                                                          void *other,
+                                                          void *ex);
+void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex);
+__owur void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx);
+
+/* OPENSSL_INIT flag 0x010000 reserved for internal use */
+# define OPENSSL_INIT_NO_LOAD_SSL_STRINGS    0x00100000L
+# define OPENSSL_INIT_LOAD_SSL_STRINGS       0x00200000L
+
+# define OPENSSL_INIT_SSL_DEFAULT \
+        (OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS)
+
+int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
+
+# ifndef OPENSSL_NO_UNIT_TEST
+__owur const struct openssl_ssl_test_functions *SSL_test_functions(void);
+# endif
+
+__owur int SSL_free_buffers(SSL *ssl);
+__owur int SSL_alloc_buffers(SSL *ssl);
+
+/* Status codes passed to the decrypt session ticket callback. Some of these
+ * are for internal use only and are never passed to the callback. */
+typedef int SSL_TICKET_STATUS;
+
+/* Support for ticket appdata */
+/* fatal error, malloc failure */
+# define SSL_TICKET_FATAL_ERR_MALLOC 0
+/* fatal error, either from parsing or decrypting the ticket */
+# define SSL_TICKET_FATAL_ERR_OTHER  1
+/* No ticket present */
+# define SSL_TICKET_NONE             2
+/* Empty ticket present */
+# define SSL_TICKET_EMPTY            3
+/* the ticket couldn't be decrypted */
+# define SSL_TICKET_NO_DECRYPT       4
+/* a ticket was successfully decrypted */
+# define SSL_TICKET_SUCCESS          5
+/* same as above but the ticket needs to be renewed */
+# define SSL_TICKET_SUCCESS_RENEW    6
+
+/* Return codes for the decrypt session ticket callback */
+typedef int SSL_TICKET_RETURN;
+
+/* An error occurred */
+#define SSL_TICKET_RETURN_ABORT             0
+/* Do not use the ticket, do not send a renewed ticket to the client */
+#define SSL_TICKET_RETURN_IGNORE            1
+/* Do not use the ticket, send a renewed ticket to the client */
+#define SSL_TICKET_RETURN_IGNORE_RENEW      2
+/* Use the ticket, do not send a renewed ticket to the client */
+#define SSL_TICKET_RETURN_USE               3
+/* Use the ticket, send a renewed ticket to the client */
+#define SSL_TICKET_RETURN_USE_RENEW         4
+
+typedef int (*SSL_CTX_generate_session_ticket_fn)(SSL *s, void *arg);
+typedef SSL_TICKET_RETURN (*SSL_CTX_decrypt_session_ticket_fn)(SSL *s, SSL_SESSION *ss,
+                                                               const unsigned char *keyname,
+                                                               size_t keyname_length,
+                                                               SSL_TICKET_STATUS status,
+                                                               void *arg);
+int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx,
+                                  SSL_CTX_generate_session_ticket_fn gen_cb,
+                                  SSL_CTX_decrypt_session_ticket_fn dec_cb,
+                                  void *arg);
+int SSL_SESSION_set1_ticket_appdata(SSL_SESSION *ss, const void *data, size_t len);
+int SSL_SESSION_get0_ticket_appdata(SSL_SESSION *ss, void **data, size_t *len);
+
+extern const char SSL_version_str[];
+
+typedef unsigned int (*DTLS_timer_cb)(SSL *s, unsigned int timer_us);
+
+void DTLS_set_timer_cb(SSL *s, DTLS_timer_cb cb);
+
+
+typedef int (*SSL_allow_early_data_cb_fn)(SSL *s, void *arg);
+void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx,
+                                     SSL_allow_early_data_cb_fn cb,
+                                     void *arg);
+void SSL_set_allow_early_data_cb(SSL *s,
+                                 SSL_allow_early_data_cb_fn cb,
+                                 void *arg);
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/ssl2.h b/freebsd/crypto/openssl/include/openssl/ssl2.h
new file mode 100644
index 00000000..5321bd27
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/ssl2.h
@@ -0,0 +1,24 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_SSL2_H
+# define HEADER_SSL2_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# define SSL2_VERSION            0x0002
+
+# define SSL2_MT_CLIENT_HELLO            1
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/ssl3.h b/freebsd/crypto/openssl/include/openssl/ssl3.h
new file mode 100644
index 00000000..8d01fcc4
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/ssl3.h
@@ -0,0 +1,339 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_SSL3_H
+# define HEADER_SSL3_H
+
+# include <openssl/comp.h>
+# include <openssl/buffer.h>
+# include <openssl/evp.h>
+# include <openssl/ssl.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/*
+ * Signalling cipher suite value from RFC 5746
+ * (TLS_EMPTY_RENEGOTIATION_INFO_SCSV)
+ */
+# define SSL3_CK_SCSV                            0x030000FF
+
+/*
+ * Signalling cipher suite value from draft-ietf-tls-downgrade-scsv-00
+ * (TLS_FALLBACK_SCSV)
+ */
+# define SSL3_CK_FALLBACK_SCSV                   0x03005600
+
+# define SSL3_CK_RSA_NULL_MD5                    0x03000001
+# define SSL3_CK_RSA_NULL_SHA                    0x03000002
+# define SSL3_CK_RSA_RC4_40_MD5                  0x03000003
+# define SSL3_CK_RSA_RC4_128_MD5                 0x03000004
+# define SSL3_CK_RSA_RC4_128_SHA                 0x03000005
+# define SSL3_CK_RSA_RC2_40_MD5                  0x03000006
+# define SSL3_CK_RSA_IDEA_128_SHA                0x03000007
+# define SSL3_CK_RSA_DES_40_CBC_SHA              0x03000008
+# define SSL3_CK_RSA_DES_64_CBC_SHA              0x03000009
+# define SSL3_CK_RSA_DES_192_CBC3_SHA            0x0300000A
+
+# define SSL3_CK_DH_DSS_DES_40_CBC_SHA           0x0300000B
+# define SSL3_CK_DH_DSS_DES_64_CBC_SHA           0x0300000C
+# define SSL3_CK_DH_DSS_DES_192_CBC3_SHA         0x0300000D
+# define SSL3_CK_DH_RSA_DES_40_CBC_SHA           0x0300000E
+# define SSL3_CK_DH_RSA_DES_64_CBC_SHA           0x0300000F
+# define SSL3_CK_DH_RSA_DES_192_CBC3_SHA         0x03000010
+
+# define SSL3_CK_DHE_DSS_DES_40_CBC_SHA          0x03000011
+# define SSL3_CK_EDH_DSS_DES_40_CBC_SHA          SSL3_CK_DHE_DSS_DES_40_CBC_SHA
+# define SSL3_CK_DHE_DSS_DES_64_CBC_SHA          0x03000012
+# define SSL3_CK_EDH_DSS_DES_64_CBC_SHA          SSL3_CK_DHE_DSS_DES_64_CBC_SHA
+# define SSL3_CK_DHE_DSS_DES_192_CBC3_SHA        0x03000013
+# define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA        SSL3_CK_DHE_DSS_DES_192_CBC3_SHA
+# define SSL3_CK_DHE_RSA_DES_40_CBC_SHA          0x03000014
+# define SSL3_CK_EDH_RSA_DES_40_CBC_SHA          SSL3_CK_DHE_RSA_DES_40_CBC_SHA
+# define SSL3_CK_DHE_RSA_DES_64_CBC_SHA          0x03000015
+# define SSL3_CK_EDH_RSA_DES_64_CBC_SHA          SSL3_CK_DHE_RSA_DES_64_CBC_SHA
+# define SSL3_CK_DHE_RSA_DES_192_CBC3_SHA        0x03000016
+# define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA        SSL3_CK_DHE_RSA_DES_192_CBC3_SHA
+
+# define SSL3_CK_ADH_RC4_40_MD5                  0x03000017
+# define SSL3_CK_ADH_RC4_128_MD5                 0x03000018
+# define SSL3_CK_ADH_DES_40_CBC_SHA              0x03000019
+# define SSL3_CK_ADH_DES_64_CBC_SHA              0x0300001A
+# define SSL3_CK_ADH_DES_192_CBC_SHA             0x0300001B
+
+/* a bundle of RFC standard cipher names, generated from ssl3_ciphers[] */
+# define SSL3_RFC_RSA_NULL_MD5                   "TLS_RSA_WITH_NULL_MD5"
+# define SSL3_RFC_RSA_NULL_SHA                   "TLS_RSA_WITH_NULL_SHA"
+# define SSL3_RFC_RSA_DES_192_CBC3_SHA           "TLS_RSA_WITH_3DES_EDE_CBC_SHA"
+# define SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA       "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA"
+# define SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA       "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA"
+# define SSL3_RFC_ADH_DES_192_CBC_SHA            "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA"
+# define SSL3_RFC_RSA_IDEA_128_SHA               "TLS_RSA_WITH_IDEA_CBC_SHA"
+# define SSL3_RFC_RSA_RC4_128_MD5                "TLS_RSA_WITH_RC4_128_MD5"
+# define SSL3_RFC_RSA_RC4_128_SHA                "TLS_RSA_WITH_RC4_128_SHA"
+# define SSL3_RFC_ADH_RC4_128_MD5                "TLS_DH_anon_WITH_RC4_128_MD5"
+
+# define SSL3_TXT_RSA_NULL_MD5                   "NULL-MD5"
+# define SSL3_TXT_RSA_NULL_SHA                   "NULL-SHA"
+# define SSL3_TXT_RSA_RC4_40_MD5                 "EXP-RC4-MD5"
+# define SSL3_TXT_RSA_RC4_128_MD5                "RC4-MD5"
+# define SSL3_TXT_RSA_RC4_128_SHA                "RC4-SHA"
+# define SSL3_TXT_RSA_RC2_40_MD5                 "EXP-RC2-CBC-MD5"
+# define SSL3_TXT_RSA_IDEA_128_SHA               "IDEA-CBC-SHA"
+# define SSL3_TXT_RSA_DES_40_CBC_SHA             "EXP-DES-CBC-SHA"
+# define SSL3_TXT_RSA_DES_64_CBC_SHA             "DES-CBC-SHA"
+# define SSL3_TXT_RSA_DES_192_CBC3_SHA           "DES-CBC3-SHA"
+
+# define SSL3_TXT_DH_DSS_DES_40_CBC_SHA          "EXP-DH-DSS-DES-CBC-SHA"
+# define SSL3_TXT_DH_DSS_DES_64_CBC_SHA          "DH-DSS-DES-CBC-SHA"
+# define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA        "DH-DSS-DES-CBC3-SHA"
+# define SSL3_TXT_DH_RSA_DES_40_CBC_SHA          "EXP-DH-RSA-DES-CBC-SHA"
+# define SSL3_TXT_DH_RSA_DES_64_CBC_SHA          "DH-RSA-DES-CBC-SHA"
+# define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA        "DH-RSA-DES-CBC3-SHA"
+
+# define SSL3_TXT_DHE_DSS_DES_40_CBC_SHA         "EXP-DHE-DSS-DES-CBC-SHA"
+# define SSL3_TXT_DHE_DSS_DES_64_CBC_SHA         "DHE-DSS-DES-CBC-SHA"
+# define SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA       "DHE-DSS-DES-CBC3-SHA"
+# define SSL3_TXT_DHE_RSA_DES_40_CBC_SHA         "EXP-DHE-RSA-DES-CBC-SHA"
+# define SSL3_TXT_DHE_RSA_DES_64_CBC_SHA         "DHE-RSA-DES-CBC-SHA"
+# define SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA       "DHE-RSA-DES-CBC3-SHA"
+
+/*
+ * This next block of six "EDH" labels is for backward compatibility with
+ * older versions of OpenSSL.  New code should use the six "DHE" labels above
+ * instead:
+ */
+# define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA         "EXP-EDH-DSS-DES-CBC-SHA"
+# define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA         "EDH-DSS-DES-CBC-SHA"
+# define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA       "EDH-DSS-DES-CBC3-SHA"
+# define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA         "EXP-EDH-RSA-DES-CBC-SHA"
+# define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA         "EDH-RSA-DES-CBC-SHA"
+# define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA       "EDH-RSA-DES-CBC3-SHA"
+
+# define SSL3_TXT_ADH_RC4_40_MD5                 "EXP-ADH-RC4-MD5"
+# define SSL3_TXT_ADH_RC4_128_MD5                "ADH-RC4-MD5"
+# define SSL3_TXT_ADH_DES_40_CBC_SHA             "EXP-ADH-DES-CBC-SHA"
+# define SSL3_TXT_ADH_DES_64_CBC_SHA             "ADH-DES-CBC-SHA"
+# define SSL3_TXT_ADH_DES_192_CBC_SHA            "ADH-DES-CBC3-SHA"
+
+# define SSL3_SSL_SESSION_ID_LENGTH              32
+# define SSL3_MAX_SSL_SESSION_ID_LENGTH          32
+
+# define SSL3_MASTER_SECRET_SIZE                 48
+# define SSL3_RANDOM_SIZE                        32
+# define SSL3_SESSION_ID_SIZE                    32
+# define SSL3_RT_HEADER_LENGTH                   5
+
+# define SSL3_HM_HEADER_LENGTH                  4
+
+# ifndef SSL3_ALIGN_PAYLOAD
+ /*
+  * Some will argue that this increases memory footprint, but it's not
+  * actually true. Point is that malloc has to return at least 64-bit aligned
+  * pointers, meaning that allocating 5 bytes wastes 3 bytes in either case.
+  * Suggested pre-gaping simply moves these wasted bytes from the end of
+  * allocated region to its front, but makes data payload aligned, which
+  * improves performance:-)
+  */
+#  define SSL3_ALIGN_PAYLOAD                     8
+# else
+#  if (SSL3_ALIGN_PAYLOAD&(SSL3_ALIGN_PAYLOAD-1))!=0
+#   error "insane SSL3_ALIGN_PAYLOAD"
+#   undef SSL3_ALIGN_PAYLOAD
+#  endif
+# endif
+
+/*
+ * This is the maximum MAC (digest) size used by the SSL library. Currently
+ * maximum of 20 is used by SHA1, but we reserve for future extension for
+ * 512-bit hashes.
+ */
+
+# define SSL3_RT_MAX_MD_SIZE                     64
+
+/*
+ * Maximum block size used in all ciphersuites. Currently 16 for AES.
+ */
+
+# define SSL_RT_MAX_CIPHER_BLOCK_SIZE            16
+
+# define SSL3_RT_MAX_EXTRA                       (16384)
+
+/* Maximum plaintext length: defined by SSL/TLS standards */
+# define SSL3_RT_MAX_PLAIN_LENGTH                16384
+/* Maximum compression overhead: defined by SSL/TLS standards */
+# define SSL3_RT_MAX_COMPRESSED_OVERHEAD         1024
+
+/*
+ * The standards give a maximum encryption overhead of 1024 bytes. In
+ * practice the value is lower than this. The overhead is the maximum number
+ * of padding bytes (256) plus the mac size.
+ */
+# define SSL3_RT_MAX_ENCRYPTED_OVERHEAD        (256 + SSL3_RT_MAX_MD_SIZE)
+# define SSL3_RT_MAX_TLS13_ENCRYPTED_OVERHEAD  256
+
+/*
+ * OpenSSL currently only uses a padding length of at most one block so the
+ * send overhead is smaller.
+ */
+
+# define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \
+                        (SSL_RT_MAX_CIPHER_BLOCK_SIZE + SSL3_RT_MAX_MD_SIZE)
+
+/* If compression isn't used don't include the compression overhead */
+
+# ifdef OPENSSL_NO_COMP
+#  define SSL3_RT_MAX_COMPRESSED_LENGTH           SSL3_RT_MAX_PLAIN_LENGTH
+# else
+#  define SSL3_RT_MAX_COMPRESSED_LENGTH   \
+            (SSL3_RT_MAX_PLAIN_LENGTH+SSL3_RT_MAX_COMPRESSED_OVERHEAD)
+# endif
+# define SSL3_RT_MAX_ENCRYPTED_LENGTH    \
+            (SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH)
+# define SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH \
+            (SSL3_RT_MAX_PLAIN_LENGTH + SSL3_RT_MAX_TLS13_ENCRYPTED_OVERHEAD)
+# define SSL3_RT_MAX_PACKET_SIZE         \
+            (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
+
+# define SSL3_MD_CLIENT_FINISHED_CONST   "\x43\x4C\x4E\x54"
+# define SSL3_MD_SERVER_FINISHED_CONST   "\x53\x52\x56\x52"
+
+# define SSL3_VERSION                    0x0300
+# define SSL3_VERSION_MAJOR              0x03
+# define SSL3_VERSION_MINOR              0x00
+
+# define SSL3_RT_CHANGE_CIPHER_SPEC      20
+# define SSL3_RT_ALERT                   21
+# define SSL3_RT_HANDSHAKE               22
+# define SSL3_RT_APPLICATION_DATA        23
+# define DTLS1_RT_HEARTBEAT              24
+
+/* Pseudo content types to indicate additional parameters */
+# define TLS1_RT_CRYPTO                  0x1000
+# define TLS1_RT_CRYPTO_PREMASTER        (TLS1_RT_CRYPTO | 0x1)
+# define TLS1_RT_CRYPTO_CLIENT_RANDOM    (TLS1_RT_CRYPTO | 0x2)
+# define TLS1_RT_CRYPTO_SERVER_RANDOM    (TLS1_RT_CRYPTO | 0x3)
+# define TLS1_RT_CRYPTO_MASTER           (TLS1_RT_CRYPTO | 0x4)
+
+# define TLS1_RT_CRYPTO_READ             0x0000
+# define TLS1_RT_CRYPTO_WRITE            0x0100
+# define TLS1_RT_CRYPTO_MAC              (TLS1_RT_CRYPTO | 0x5)
+# define TLS1_RT_CRYPTO_KEY              (TLS1_RT_CRYPTO | 0x6)
+# define TLS1_RT_CRYPTO_IV               (TLS1_RT_CRYPTO | 0x7)
+# define TLS1_RT_CRYPTO_FIXED_IV         (TLS1_RT_CRYPTO | 0x8)
+
+/* Pseudo content types for SSL/TLS header info */
+# define SSL3_RT_HEADER                  0x100
+# define SSL3_RT_INNER_CONTENT_TYPE      0x101
+
+# define SSL3_AL_WARNING                 1
+# define SSL3_AL_FATAL                   2
+
+# define SSL3_AD_CLOSE_NOTIFY             0
+# define SSL3_AD_UNEXPECTED_MESSAGE      10/* fatal */
+# define SSL3_AD_BAD_RECORD_MAC          20/* fatal */
+# define SSL3_AD_DECOMPRESSION_FAILURE   30/* fatal */
+# define SSL3_AD_HANDSHAKE_FAILURE       40/* fatal */
+# define SSL3_AD_NO_CERTIFICATE          41
+# define SSL3_AD_BAD_CERTIFICATE         42
+# define SSL3_AD_UNSUPPORTED_CERTIFICATE 43
+# define SSL3_AD_CERTIFICATE_REVOKED     44
+# define SSL3_AD_CERTIFICATE_EXPIRED     45
+# define SSL3_AD_CERTIFICATE_UNKNOWN     46
+# define SSL3_AD_ILLEGAL_PARAMETER       47/* fatal */
+
+# define TLS1_HB_REQUEST         1
+# define TLS1_HB_RESPONSE        2
+
+
+# define SSL3_CT_RSA_SIGN                        1
+# define SSL3_CT_DSS_SIGN                        2
+# define SSL3_CT_RSA_FIXED_DH                    3
+# define SSL3_CT_DSS_FIXED_DH                    4
+# define SSL3_CT_RSA_EPHEMERAL_DH                5
+# define SSL3_CT_DSS_EPHEMERAL_DH                6
+# define SSL3_CT_FORTEZZA_DMS                    20
+/*
+ * SSL3_CT_NUMBER is used to size arrays and it must be large enough to
+ * contain all of the cert types defined for *either* SSLv3 and TLSv1.
+ */
+# define SSL3_CT_NUMBER                  10
+
+# if defined(TLS_CT_NUMBER)
+#  if TLS_CT_NUMBER != SSL3_CT_NUMBER
+#    error "SSL/TLS CT_NUMBER values do not match"
+#  endif
+# endif
+
+/* No longer used as of OpenSSL 1.1.1 */
+# define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS       0x0001
+
+/* Removed from OpenSSL 1.1.0 */
+# define TLS1_FLAGS_TLS_PADDING_BUG              0x0
+
+# define TLS1_FLAGS_SKIP_CERT_VERIFY             0x0010
+
+/* Set if we encrypt then mac instead of usual mac then encrypt */
+# define TLS1_FLAGS_ENCRYPT_THEN_MAC_READ        0x0100
+# define TLS1_FLAGS_ENCRYPT_THEN_MAC             TLS1_FLAGS_ENCRYPT_THEN_MAC_READ
+
+/* Set if extended master secret extension received from peer */
+# define TLS1_FLAGS_RECEIVED_EXTMS               0x0200
+
+# define TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE       0x0400
+
+# define TLS1_FLAGS_STATELESS                    0x0800
+
+# define SSL3_MT_HELLO_REQUEST                   0
+# define SSL3_MT_CLIENT_HELLO                    1
+# define SSL3_MT_SERVER_HELLO                    2
+# define SSL3_MT_NEWSESSION_TICKET               4
+# define SSL3_MT_END_OF_EARLY_DATA               5
+# define SSL3_MT_ENCRYPTED_EXTENSIONS            8
+# define SSL3_MT_CERTIFICATE                     11
+# define SSL3_MT_SERVER_KEY_EXCHANGE             12
+# define SSL3_MT_CERTIFICATE_REQUEST             13
+# define SSL3_MT_SERVER_DONE                     14
+# define SSL3_MT_CERTIFICATE_VERIFY              15
+# define SSL3_MT_CLIENT_KEY_EXCHANGE             16
+# define SSL3_MT_FINISHED                        20
+# define SSL3_MT_CERTIFICATE_URL                 21
+# define SSL3_MT_CERTIFICATE_STATUS              22
+# define SSL3_MT_SUPPLEMENTAL_DATA               23
+# define SSL3_MT_KEY_UPDATE                      24
+# ifndef OPENSSL_NO_NEXTPROTONEG
+#  define SSL3_MT_NEXT_PROTO                     67
+# endif
+# define SSL3_MT_MESSAGE_HASH                    254
+# define DTLS1_MT_HELLO_VERIFY_REQUEST           3
+
+/* Dummy message type for handling CCS like a normal handshake message */
+# define SSL3_MT_CHANGE_CIPHER_SPEC              0x0101
+
+# define SSL3_MT_CCS                             1
+
+/* These are used when changing over to a new cipher */
+# define SSL3_CC_READ            0x001
+# define SSL3_CC_WRITE           0x002
+# define SSL3_CC_CLIENT          0x010
+# define SSL3_CC_SERVER          0x020
+# define SSL3_CC_EARLY           0x040
+# define SSL3_CC_HANDSHAKE       0x080
+# define SSL3_CC_APPLICATION     0x100
+# define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE)
+# define SSL3_CHANGE_CIPHER_SERVER_READ  (SSL3_CC_SERVER|SSL3_CC_READ)
+# define SSL3_CHANGE_CIPHER_CLIENT_READ  (SSL3_CC_CLIENT|SSL3_CC_READ)
+# define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE)
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/sslerr.h b/freebsd/crypto/openssl/include/openssl/sslerr.h
new file mode 100644
index 00000000..87b295c9
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/sslerr.h
@@ -0,0 +1,767 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_SSLERR_H
+# define HEADER_SSLERR_H
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_SSL_strings(void);
+
+/*
+ * SSL function codes.
+ */
+# define SSL_F_ADD_CLIENT_KEY_SHARE_EXT                   438
+# define SSL_F_ADD_KEY_SHARE                              512
+# define SSL_F_BYTES_TO_CIPHER_LIST                       519
+# define SSL_F_CHECK_SUITEB_CIPHER_LIST                   331
+# define SSL_F_CIPHERSUITE_CB                             622
+# define SSL_F_CONSTRUCT_CA_NAMES                         552
+# define SSL_F_CONSTRUCT_KEY_EXCHANGE_TBS                 553
+# define SSL_F_CONSTRUCT_STATEFUL_TICKET                  636
+# define SSL_F_CONSTRUCT_STATELESS_TICKET                 637
+# define SSL_F_CREATE_SYNTHETIC_MESSAGE_HASH              539
+# define SSL_F_CREATE_TICKET_PREQUEL                      638
+# define SSL_F_CT_MOVE_SCTS                               345
+# define SSL_F_CT_STRICT                                  349
+# define SSL_F_CUSTOM_EXT_ADD                             554
+# define SSL_F_CUSTOM_EXT_PARSE                           555
+# define SSL_F_D2I_SSL_SESSION                            103
+# define SSL_F_DANE_CTX_ENABLE                            347
+# define SSL_F_DANE_MTYPE_SET                             393
+# define SSL_F_DANE_TLSA_ADD                              394
+# define SSL_F_DERIVE_SECRET_KEY_AND_IV                   514
+# define SSL_F_DO_DTLS1_WRITE                             245
+# define SSL_F_DO_SSL3_WRITE                              104
+# define SSL_F_DTLS1_BUFFER_RECORD                        247
+# define SSL_F_DTLS1_CHECK_TIMEOUT_NUM                    318
+# define SSL_F_DTLS1_HEARTBEAT                            305
+# define SSL_F_DTLS1_HM_FRAGMENT_NEW                      623
+# define SSL_F_DTLS1_PREPROCESS_FRAGMENT                  288
+# define SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS             424
+# define SSL_F_DTLS1_PROCESS_RECORD                       257
+# define SSL_F_DTLS1_READ_BYTES                           258
+# define SSL_F_DTLS1_READ_FAILED                          339
+# define SSL_F_DTLS1_RETRANSMIT_MESSAGE                   390
+# define SSL_F_DTLS1_WRITE_APP_DATA_BYTES                 268
+# define SSL_F_DTLS1_WRITE_BYTES                          545
+# define SSL_F_DTLSV1_LISTEN                              350
+# define SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC          371
+# define SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST        385
+# define SSL_F_DTLS_GET_REASSEMBLED_MESSAGE               370
+# define SSL_F_DTLS_PROCESS_HELLO_VERIFY                  386
+# define SSL_F_DTLS_RECORD_LAYER_NEW                      635
+# define SSL_F_DTLS_WAIT_FOR_DRY                          592
+# define SSL_F_EARLY_DATA_COUNT_OK                        532
+# define SSL_F_FINAL_EARLY_DATA                           556
+# define SSL_F_FINAL_EC_PT_FORMATS                        485
+# define SSL_F_FINAL_EMS                                  486
+# define SSL_F_FINAL_KEY_SHARE                            503
+# define SSL_F_FINAL_MAXFRAGMENTLEN                       557
+# define SSL_F_FINAL_RENEGOTIATE                          483
+# define SSL_F_FINAL_SERVER_NAME                          558
+# define SSL_F_FINAL_SIG_ALGS                             497
+# define SSL_F_GET_CERT_VERIFY_TBS_DATA                   588
+# define SSL_F_NSS_KEYLOG_INT                             500
+# define SSL_F_OPENSSL_INIT_SSL                           342
+# define SSL_F_OSSL_STATEM_CLIENT13_READ_TRANSITION       436
+# define SSL_F_OSSL_STATEM_CLIENT13_WRITE_TRANSITION      598
+# define SSL_F_OSSL_STATEM_CLIENT_CONSTRUCT_MESSAGE       430
+# define SSL_F_OSSL_STATEM_CLIENT_POST_PROCESS_MESSAGE    593
+# define SSL_F_OSSL_STATEM_CLIENT_PROCESS_MESSAGE         594
+# define SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION         417
+# define SSL_F_OSSL_STATEM_CLIENT_WRITE_TRANSITION        599
+# define SSL_F_OSSL_STATEM_SERVER13_READ_TRANSITION       437
+# define SSL_F_OSSL_STATEM_SERVER13_WRITE_TRANSITION      600
+# define SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE       431
+# define SSL_F_OSSL_STATEM_SERVER_POST_PROCESS_MESSAGE    601
+# define SSL_F_OSSL_STATEM_SERVER_POST_WORK               602
+# define SSL_F_OSSL_STATEM_SERVER_PROCESS_MESSAGE         603
+# define SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION         418
+# define SSL_F_OSSL_STATEM_SERVER_WRITE_TRANSITION        604
+# define SSL_F_PARSE_CA_NAMES                             541
+# define SSL_F_PITEM_NEW                                  624
+# define SSL_F_PQUEUE_NEW                                 625
+# define SSL_F_PROCESS_KEY_SHARE_EXT                      439
+# define SSL_F_READ_STATE_MACHINE                         352
+# define SSL_F_SET_CLIENT_CIPHERSUITE                     540
+# define SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET          595
+# define SSL_F_SRP_GENERATE_SERVER_MASTER_SECRET          589
+# define SSL_F_SRP_VERIFY_SERVER_PARAM                    596
+# define SSL_F_SSL3_CHANGE_CIPHER_STATE                   129
+# define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM              130
+# define SSL_F_SSL3_CTRL                                  213
+# define SSL_F_SSL3_CTX_CTRL                              133
+# define SSL_F_SSL3_DIGEST_CACHED_RECORDS                 293
+# define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC                 292
+# define SSL_F_SSL3_ENC                                   608
+# define SSL_F_SSL3_FINAL_FINISH_MAC                      285
+# define SSL_F_SSL3_FINISH_MAC                            587
+# define SSL_F_SSL3_GENERATE_KEY_BLOCK                    238
+# define SSL_F_SSL3_GENERATE_MASTER_SECRET                388
+# define SSL_F_SSL3_GET_RECORD                            143
+# define SSL_F_SSL3_INIT_FINISHED_MAC                     397
+# define SSL_F_SSL3_OUTPUT_CERT_CHAIN                     147
+# define SSL_F_SSL3_READ_BYTES                            148
+# define SSL_F_SSL3_READ_N                                149
+# define SSL_F_SSL3_SETUP_KEY_BLOCK                       157
+# define SSL_F_SSL3_SETUP_READ_BUFFER                     156
+# define SSL_F_SSL3_SETUP_WRITE_BUFFER                    291
+# define SSL_F_SSL3_WRITE_BYTES                           158
+# define SSL_F_SSL3_WRITE_PENDING                         159
+# define SSL_F_SSL_ADD_CERT_CHAIN                         316
+# define SSL_F_SSL_ADD_CERT_TO_BUF                        319
+# define SSL_F_SSL_ADD_CERT_TO_WPACKET                    493
+# define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT        298
+# define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT                 277
+# define SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT           307
+# define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK         215
+# define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK        216
+# define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT        299
+# define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT                 278
+# define SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT           308
+# define SSL_F_SSL_BAD_METHOD                             160
+# define SSL_F_SSL_BUILD_CERT_CHAIN                       332
+# define SSL_F_SSL_BYTES_TO_CIPHER_LIST                   161
+# define SSL_F_SSL_CACHE_CIPHERLIST                       520
+# define SSL_F_SSL_CERT_ADD0_CHAIN_CERT                   346
+# define SSL_F_SSL_CERT_DUP                               221
+# define SSL_F_SSL_CERT_NEW                               162
+# define SSL_F_SSL_CERT_SET0_CHAIN                        340
+# define SSL_F_SSL_CHECK_PRIVATE_KEY                      163
+# define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT               280
+# define SSL_F_SSL_CHECK_SRP_EXT_CLIENTHELLO              606
+# define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG            279
+# define SSL_F_SSL_CHOOSE_CLIENT_VERSION                  607
+# define SSL_F_SSL_CIPHER_DESCRIPTION                     626
+# define SSL_F_SSL_CIPHER_LIST_TO_BYTES                   425
+# define SSL_F_SSL_CIPHER_PROCESS_RULESTR                 230
+# define SSL_F_SSL_CIPHER_STRENGTH_SORT                   231
+# define SSL_F_SSL_CLEAR                                  164
+# define SSL_F_SSL_CLIENT_HELLO_GET1_EXTENSIONS_PRESENT   627
+# define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD            165
+# define SSL_F_SSL_CONF_CMD                               334
+# define SSL_F_SSL_CREATE_CIPHER_LIST                     166
+# define SSL_F_SSL_CTRL                                   232
+# define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY                  168
+# define SSL_F_SSL_CTX_ENABLE_CT                          398
+# define SSL_F_SSL_CTX_MAKE_PROFILES                      309
+# define SSL_F_SSL_CTX_NEW                                169
+# define SSL_F_SSL_CTX_SET_ALPN_PROTOS                    343
+# define SSL_F_SSL_CTX_SET_CIPHER_LIST                    269
+# define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE             290
+# define SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK         396
+# define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT             219
+# define SSL_F_SSL_CTX_SET_SSL_VERSION                    170
+# define SSL_F_SSL_CTX_SET_TLSEXT_MAX_FRAGMENT_LENGTH     551
+# define SSL_F_SSL_CTX_USE_CERTIFICATE                    171
+# define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1               172
+# define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE               173
+# define SSL_F_SSL_CTX_USE_PRIVATEKEY                     174
+# define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1                175
+# define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE                176
+# define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT              272
+# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY                  177
+# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1             178
+# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE             179
+# define SSL_F_SSL_CTX_USE_SERVERINFO                     336
+# define SSL_F_SSL_CTX_USE_SERVERINFO_EX                  543
+# define SSL_F_SSL_CTX_USE_SERVERINFO_FILE                337
+# define SSL_F_SSL_DANE_DUP                               403
+# define SSL_F_SSL_DANE_ENABLE                            395
+# define SSL_F_SSL_DERIVE                                 590
+# define SSL_F_SSL_DO_CONFIG                              391
+# define SSL_F_SSL_DO_HANDSHAKE                           180
+# define SSL_F_SSL_DUP_CA_LIST                            408
+# define SSL_F_SSL_ENABLE_CT                              402
+# define SSL_F_SSL_GENERATE_PKEY_GROUP                    559
+# define SSL_F_SSL_GENERATE_SESSION_ID                    547
+# define SSL_F_SSL_GET_NEW_SESSION                        181
+# define SSL_F_SSL_GET_PREV_SESSION                       217
+# define SSL_F_SSL_GET_SERVER_CERT_INDEX                  322
+# define SSL_F_SSL_GET_SIGN_PKEY                          183
+# define SSL_F_SSL_HANDSHAKE_HASH                         560
+# define SSL_F_SSL_INIT_WBIO_BUFFER                       184
+# define SSL_F_SSL_KEY_UPDATE                             515
+# define SSL_F_SSL_LOAD_CLIENT_CA_FILE                    185
+# define SSL_F_SSL_LOG_MASTER_SECRET                      498
+# define SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE            499
+# define SSL_F_SSL_MODULE_INIT                            392
+# define SSL_F_SSL_NEW                                    186
+# define SSL_F_SSL_NEXT_PROTO_VALIDATE                    565
+# define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT      300
+# define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT               302
+# define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT         310
+# define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT      301
+# define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT               303
+# define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT         311
+# define SSL_F_SSL_PEEK                                   270
+# define SSL_F_SSL_PEEK_EX                                432
+# define SSL_F_SSL_PEEK_INTERNAL                          522
+# define SSL_F_SSL_READ                                   223
+# define SSL_F_SSL_READ_EARLY_DATA                        529
+# define SSL_F_SSL_READ_EX                                434
+# define SSL_F_SSL_READ_INTERNAL                          523
+# define SSL_F_SSL_RENEGOTIATE                            516
+# define SSL_F_SSL_RENEGOTIATE_ABBREVIATED                546
+# define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT                320
+# define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT                321
+# define SSL_F_SSL_SESSION_DUP                            348
+# define SSL_F_SSL_SESSION_NEW                            189
+# define SSL_F_SSL_SESSION_PRINT_FP                       190
+# define SSL_F_SSL_SESSION_SET1_ID                        423
+# define SSL_F_SSL_SESSION_SET1_ID_CONTEXT                312
+# define SSL_F_SSL_SET_ALPN_PROTOS                        344
+# define SSL_F_SSL_SET_CERT                               191
+# define SSL_F_SSL_SET_CERT_AND_KEY                       621
+# define SSL_F_SSL_SET_CIPHER_LIST                        271
+# define SSL_F_SSL_SET_CT_VALIDATION_CALLBACK             399
+# define SSL_F_SSL_SET_FD                                 192
+# define SSL_F_SSL_SET_PKEY                               193
+# define SSL_F_SSL_SET_RFD                                194
+# define SSL_F_SSL_SET_SESSION                            195
+# define SSL_F_SSL_SET_SESSION_ID_CONTEXT                 218
+# define SSL_F_SSL_SET_SESSION_TICKET_EXT                 294
+# define SSL_F_SSL_SET_TLSEXT_MAX_FRAGMENT_LENGTH         550
+# define SSL_F_SSL_SET_WFD                                196
+# define SSL_F_SSL_SHUTDOWN                               224
+# define SSL_F_SSL_SRP_CTX_INIT                           313
+# define SSL_F_SSL_START_ASYNC_JOB                        389
+# define SSL_F_SSL_UNDEFINED_FUNCTION                     197
+# define SSL_F_SSL_UNDEFINED_VOID_FUNCTION                244
+# define SSL_F_SSL_USE_CERTIFICATE                        198
+# define SSL_F_SSL_USE_CERTIFICATE_ASN1                   199
+# define SSL_F_SSL_USE_CERTIFICATE_FILE                   200
+# define SSL_F_SSL_USE_PRIVATEKEY                         201
+# define SSL_F_SSL_USE_PRIVATEKEY_ASN1                    202
+# define SSL_F_SSL_USE_PRIVATEKEY_FILE                    203
+# define SSL_F_SSL_USE_PSK_IDENTITY_HINT                  273
+# define SSL_F_SSL_USE_RSAPRIVATEKEY                      204
+# define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1                 205
+# define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE                 206
+# define SSL_F_SSL_VALIDATE_CT                            400
+# define SSL_F_SSL_VERIFY_CERT_CHAIN                      207
+# define SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE           616
+# define SSL_F_SSL_WRITE                                  208
+# define SSL_F_SSL_WRITE_EARLY_DATA                       526
+# define SSL_F_SSL_WRITE_EARLY_FINISH                     527
+# define SSL_F_SSL_WRITE_EX                               433
+# define SSL_F_SSL_WRITE_INTERNAL                         524
+# define SSL_F_STATE_MACHINE                              353
+# define SSL_F_TLS12_CHECK_PEER_SIGALG                    333
+# define SSL_F_TLS12_COPY_SIGALGS                         533
+# define SSL_F_TLS13_CHANGE_CIPHER_STATE                  440
+# define SSL_F_TLS13_ENC                                  609
+# define SSL_F_TLS13_FINAL_FINISH_MAC                     605
+# define SSL_F_TLS13_GENERATE_SECRET                      591
+# define SSL_F_TLS13_HKDF_EXPAND                          561
+# define SSL_F_TLS13_RESTORE_HANDSHAKE_DIGEST_FOR_PHA     617
+# define SSL_F_TLS13_SAVE_HANDSHAKE_DIGEST_FOR_PHA        618
+# define SSL_F_TLS13_SETUP_KEY_BLOCK                      441
+# define SSL_F_TLS1_CHANGE_CIPHER_STATE                   209
+# define SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS            341
+# define SSL_F_TLS1_ENC                                   401
+# define SSL_F_TLS1_EXPORT_KEYING_MATERIAL                314
+# define SSL_F_TLS1_GET_CURVELIST                         338
+# define SSL_F_TLS1_PRF                                   284
+# define SSL_F_TLS1_SAVE_U16                              628
+# define SSL_F_TLS1_SETUP_KEY_BLOCK                       211
+# define SSL_F_TLS1_SET_GROUPS                            629
+# define SSL_F_TLS1_SET_RAW_SIGALGS                       630
+# define SSL_F_TLS1_SET_SERVER_SIGALGS                    335
+# define SSL_F_TLS1_SET_SHARED_SIGALGS                    631
+# define SSL_F_TLS1_SET_SIGALGS                           632
+# define SSL_F_TLS_CHOOSE_SIGALG                          513
+# define SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK          354
+# define SSL_F_TLS_COLLECT_EXTENSIONS                     435
+# define SSL_F_TLS_CONSTRUCT_CERTIFICATE_AUTHORITIES      542
+# define SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST          372
+# define SSL_F_TLS_CONSTRUCT_CERT_STATUS                  429
+# define SSL_F_TLS_CONSTRUCT_CERT_STATUS_BODY             494
+# define SSL_F_TLS_CONSTRUCT_CERT_VERIFY                  496
+# define SSL_F_TLS_CONSTRUCT_CHANGE_CIPHER_SPEC           427
+# define SSL_F_TLS_CONSTRUCT_CKE_DHE                      404
+# define SSL_F_TLS_CONSTRUCT_CKE_ECDHE                    405
+# define SSL_F_TLS_CONSTRUCT_CKE_GOST                     406
+# define SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE             407
+# define SSL_F_TLS_CONSTRUCT_CKE_RSA                      409
+# define SSL_F_TLS_CONSTRUCT_CKE_SRP                      410
+# define SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE           484
+# define SSL_F_TLS_CONSTRUCT_CLIENT_HELLO                 487
+# define SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE          488
+# define SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY                489
+# define SSL_F_TLS_CONSTRUCT_CTOS_ALPN                    466
+# define SSL_F_TLS_CONSTRUCT_CTOS_CERTIFICATE             355
+# define SSL_F_TLS_CONSTRUCT_CTOS_COOKIE                  535
+# define SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA              530
+# define SSL_F_TLS_CONSTRUCT_CTOS_EC_PT_FORMATS           467
+# define SSL_F_TLS_CONSTRUCT_CTOS_EMS                     468
+# define SSL_F_TLS_CONSTRUCT_CTOS_ETM                     469
+# define SSL_F_TLS_CONSTRUCT_CTOS_HELLO                   356
+# define SSL_F_TLS_CONSTRUCT_CTOS_KEY_EXCHANGE            357
+# define SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE               470
+# define SSL_F_TLS_CONSTRUCT_CTOS_MAXFRAGMENTLEN          549
+# define SSL_F_TLS_CONSTRUCT_CTOS_NPN                     471
+# define SSL_F_TLS_CONSTRUCT_CTOS_PADDING                 472
+# define SSL_F_TLS_CONSTRUCT_CTOS_POST_HANDSHAKE_AUTH     619
+# define SSL_F_TLS_CONSTRUCT_CTOS_PSK                     501
+# define SSL_F_TLS_CONSTRUCT_CTOS_PSK_KEX_MODES           509
+# define SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE             473
+# define SSL_F_TLS_CONSTRUCT_CTOS_SCT                     474
+# define SSL_F_TLS_CONSTRUCT_CTOS_SERVER_NAME             475
+# define SSL_F_TLS_CONSTRUCT_CTOS_SESSION_TICKET          476
+# define SSL_F_TLS_CONSTRUCT_CTOS_SIG_ALGS                477
+# define SSL_F_TLS_CONSTRUCT_CTOS_SRP                     478
+# define SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST          479
+# define SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS        480
+# define SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS      481
+# define SSL_F_TLS_CONSTRUCT_CTOS_USE_SRTP                482
+# define SSL_F_TLS_CONSTRUCT_CTOS_VERIFY                  358
+# define SSL_F_TLS_CONSTRUCT_ENCRYPTED_EXTENSIONS         443
+# define SSL_F_TLS_CONSTRUCT_END_OF_EARLY_DATA            536
+# define SSL_F_TLS_CONSTRUCT_EXTENSIONS                   447
+# define SSL_F_TLS_CONSTRUCT_FINISHED                     359
+# define SSL_F_TLS_CONSTRUCT_HELLO_REQUEST                373
+# define SSL_F_TLS_CONSTRUCT_HELLO_RETRY_REQUEST          510
+# define SSL_F_TLS_CONSTRUCT_KEY_UPDATE                   517
+# define SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET           428
+# define SSL_F_TLS_CONSTRUCT_NEXT_PROTO                   426
+# define SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE           490
+# define SSL_F_TLS_CONSTRUCT_SERVER_HELLO                 491
+# define SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE          492
+# define SSL_F_TLS_CONSTRUCT_STOC_ALPN                    451
+# define SSL_F_TLS_CONSTRUCT_STOC_CERTIFICATE             374
+# define SSL_F_TLS_CONSTRUCT_STOC_COOKIE                  613
+# define SSL_F_TLS_CONSTRUCT_STOC_CRYPTOPRO_BUG           452
+# define SSL_F_TLS_CONSTRUCT_STOC_DONE                    375
+# define SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA              531
+# define SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA_INFO         525
+# define SSL_F_TLS_CONSTRUCT_STOC_EC_PT_FORMATS           453
+# define SSL_F_TLS_CONSTRUCT_STOC_EMS                     454
+# define SSL_F_TLS_CONSTRUCT_STOC_ETM                     455
+# define SSL_F_TLS_CONSTRUCT_STOC_HELLO                   376
+# define SSL_F_TLS_CONSTRUCT_STOC_KEY_EXCHANGE            377
+# define SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE               456
+# define SSL_F_TLS_CONSTRUCT_STOC_MAXFRAGMENTLEN          548
+# define SSL_F_TLS_CONSTRUCT_STOC_NEXT_PROTO_NEG          457
+# define SSL_F_TLS_CONSTRUCT_STOC_PSK                     504
+# define SSL_F_TLS_CONSTRUCT_STOC_RENEGOTIATE             458
+# define SSL_F_TLS_CONSTRUCT_STOC_SERVER_NAME             459
+# define SSL_F_TLS_CONSTRUCT_STOC_SESSION_TICKET          460
+# define SSL_F_TLS_CONSTRUCT_STOC_STATUS_REQUEST          461
+# define SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS        544
+# define SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS      611
+# define SSL_F_TLS_CONSTRUCT_STOC_USE_SRTP                462
+# define SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO        521
+# define SSL_F_TLS_FINISH_HANDSHAKE                       597
+# define SSL_F_TLS_GET_MESSAGE_BODY                       351
+# define SSL_F_TLS_GET_MESSAGE_HEADER                     387
+# define SSL_F_TLS_HANDLE_ALPN                            562
+# define SSL_F_TLS_HANDLE_STATUS_REQUEST                  563
+# define SSL_F_TLS_PARSE_CERTIFICATE_AUTHORITIES          566
+# define SSL_F_TLS_PARSE_CLIENTHELLO_TLSEXT               449
+# define SSL_F_TLS_PARSE_CTOS_ALPN                        567
+# define SSL_F_TLS_PARSE_CTOS_COOKIE                      614
+# define SSL_F_TLS_PARSE_CTOS_EARLY_DATA                  568
+# define SSL_F_TLS_PARSE_CTOS_EC_PT_FORMATS               569
+# define SSL_F_TLS_PARSE_CTOS_EMS                         570
+# define SSL_F_TLS_PARSE_CTOS_KEY_SHARE                   463
+# define SSL_F_TLS_PARSE_CTOS_MAXFRAGMENTLEN              571
+# define SSL_F_TLS_PARSE_CTOS_POST_HANDSHAKE_AUTH         620
+# define SSL_F_TLS_PARSE_CTOS_PSK                         505
+# define SSL_F_TLS_PARSE_CTOS_PSK_KEX_MODES               572
+# define SSL_F_TLS_PARSE_CTOS_RENEGOTIATE                 464
+# define SSL_F_TLS_PARSE_CTOS_SERVER_NAME                 573
+# define SSL_F_TLS_PARSE_CTOS_SESSION_TICKET              574
+# define SSL_F_TLS_PARSE_CTOS_SIG_ALGS                    575
+# define SSL_F_TLS_PARSE_CTOS_SIG_ALGS_CERT               615
+# define SSL_F_TLS_PARSE_CTOS_SRP                         576
+# define SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST              577
+# define SSL_F_TLS_PARSE_CTOS_SUPPORTED_GROUPS            578
+# define SSL_F_TLS_PARSE_CTOS_USE_SRTP                    465
+# define SSL_F_TLS_PARSE_STOC_ALPN                        579
+# define SSL_F_TLS_PARSE_STOC_COOKIE                      534
+# define SSL_F_TLS_PARSE_STOC_EARLY_DATA                  538
+# define SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO             528
+# define SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS               580
+# define SSL_F_TLS_PARSE_STOC_KEY_SHARE                   445
+# define SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN              581
+# define SSL_F_TLS_PARSE_STOC_NPN                         582
+# define SSL_F_TLS_PARSE_STOC_PSK                         502
+# define SSL_F_TLS_PARSE_STOC_RENEGOTIATE                 448
+# define SSL_F_TLS_PARSE_STOC_SCT                         564
+# define SSL_F_TLS_PARSE_STOC_SERVER_NAME                 583
+# define SSL_F_TLS_PARSE_STOC_SESSION_TICKET              584
+# define SSL_F_TLS_PARSE_STOC_STATUS_REQUEST              585
+# define SSL_F_TLS_PARSE_STOC_SUPPORTED_VERSIONS          612
+# define SSL_F_TLS_PARSE_STOC_USE_SRTP                    446
+# define SSL_F_TLS_POST_PROCESS_CLIENT_HELLO              378
+# define SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE       384
+# define SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE             360
+# define SSL_F_TLS_PROCESS_AS_HELLO_RETRY_REQUEST         610
+# define SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST            361
+# define SSL_F_TLS_PROCESS_CERT_STATUS                    362
+# define SSL_F_TLS_PROCESS_CERT_STATUS_BODY               495
+# define SSL_F_TLS_PROCESS_CERT_VERIFY                    379
+# define SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC             363
+# define SSL_F_TLS_PROCESS_CKE_DHE                        411
+# define SSL_F_TLS_PROCESS_CKE_ECDHE                      412
+# define SSL_F_TLS_PROCESS_CKE_GOST                       413
+# define SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE               414
+# define SSL_F_TLS_PROCESS_CKE_RSA                        415
+# define SSL_F_TLS_PROCESS_CKE_SRP                        416
+# define SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE             380
+# define SSL_F_TLS_PROCESS_CLIENT_HELLO                   381
+# define SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE            382
+# define SSL_F_TLS_PROCESS_ENCRYPTED_EXTENSIONS           444
+# define SSL_F_TLS_PROCESS_END_OF_EARLY_DATA              537
+# define SSL_F_TLS_PROCESS_FINISHED                       364
+# define SSL_F_TLS_PROCESS_HELLO_REQ                      507
+# define SSL_F_TLS_PROCESS_HELLO_RETRY_REQUEST            511
+# define SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT          442
+# define SSL_F_TLS_PROCESS_KEY_EXCHANGE                   365
+# define SSL_F_TLS_PROCESS_KEY_UPDATE                     518
+# define SSL_F_TLS_PROCESS_NEW_SESSION_TICKET             366
+# define SSL_F_TLS_PROCESS_NEXT_PROTO                     383
+# define SSL_F_TLS_PROCESS_SERVER_CERTIFICATE             367
+# define SSL_F_TLS_PROCESS_SERVER_DONE                    368
+# define SSL_F_TLS_PROCESS_SERVER_HELLO                   369
+# define SSL_F_TLS_PROCESS_SKE_DHE                        419
+# define SSL_F_TLS_PROCESS_SKE_ECDHE                      420
+# define SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE               421
+# define SSL_F_TLS_PROCESS_SKE_SRP                        422
+# define SSL_F_TLS_PSK_DO_BINDER                          506
+# define SSL_F_TLS_SCAN_CLIENTHELLO_TLSEXT                450
+# define SSL_F_TLS_SETUP_HANDSHAKE                        508
+# define SSL_F_USE_CERTIFICATE_CHAIN_FILE                 220
+# define SSL_F_WPACKET_INTERN_INIT_LEN                    633
+# define SSL_F_WPACKET_START_SUB_PACKET_LEN__             634
+# define SSL_F_WRITE_STATE_MACHINE                        586
+
+/*
+ * SSL reason codes.
+ */
+# define SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY        291
+# define SSL_R_APP_DATA_IN_HANDSHAKE                      100
+# define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
+# define SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE       143
+# define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE     158
+# define SSL_R_BAD_CHANGE_CIPHER_SPEC                     103
+# define SSL_R_BAD_CIPHER                                 186
+# define SSL_R_BAD_DATA                                   390
+# define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK              106
+# define SSL_R_BAD_DECOMPRESSION                          107
+# define SSL_R_BAD_DH_VALUE                               102
+# define SSL_R_BAD_DIGEST_LENGTH                          111
+# define SSL_R_BAD_EARLY_DATA                             233
+# define SSL_R_BAD_ECC_CERT                               304
+# define SSL_R_BAD_ECPOINT                                306
+# define SSL_R_BAD_EXTENSION                              110
+# define SSL_R_BAD_HANDSHAKE_LENGTH                       332
+# define SSL_R_BAD_HANDSHAKE_STATE                        236
+# define SSL_R_BAD_HELLO_REQUEST                          105
+# define SSL_R_BAD_HRR_VERSION                            263
+# define SSL_R_BAD_KEY_SHARE                              108
+# define SSL_R_BAD_KEY_UPDATE                             122
+# define SSL_R_BAD_LEGACY_VERSION                         292
+# define SSL_R_BAD_LENGTH                                 271
+# define SSL_R_BAD_PACKET                                 240
+# define SSL_R_BAD_PACKET_LENGTH                          115
+# define SSL_R_BAD_PROTOCOL_VERSION_NUMBER                116
+# define SSL_R_BAD_PSK                                    219
+# define SSL_R_BAD_PSK_IDENTITY                           114
+# define SSL_R_BAD_RECORD_TYPE                            443
+# define SSL_R_BAD_RSA_ENCRYPT                            119
+# define SSL_R_BAD_SIGNATURE                              123
+# define SSL_R_BAD_SRP_A_LENGTH                           347
+# define SSL_R_BAD_SRP_PARAMETERS                         371
+# define SSL_R_BAD_SRTP_MKI_VALUE                         352
+# define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST           353
+# define SSL_R_BAD_SSL_FILETYPE                           124
+# define SSL_R_BAD_VALUE                                  384
+# define SSL_R_BAD_WRITE_RETRY                            127
+# define SSL_R_BINDER_DOES_NOT_VERIFY                     253
+# define SSL_R_BIO_NOT_SET                                128
+# define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG                  129
+# define SSL_R_BN_LIB                                     130
+# define SSL_R_CALLBACK_FAILED                            234
+# define SSL_R_CANNOT_CHANGE_CIPHER                       109
+# define SSL_R_CA_DN_LENGTH_MISMATCH                      131
+# define SSL_R_CA_KEY_TOO_SMALL                           397
+# define SSL_R_CA_MD_TOO_WEAK                             398
+# define SSL_R_CCS_RECEIVED_EARLY                         133
+# define SSL_R_CERTIFICATE_VERIFY_FAILED                  134
+# define SSL_R_CERT_CB_ERROR                              377
+# define SSL_R_CERT_LENGTH_MISMATCH                       135
+# define SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED             218
+# define SSL_R_CIPHER_CODE_WRONG_LENGTH                   137
+# define SSL_R_CIPHER_OR_HASH_UNAVAILABLE                 138
+# define SSL_R_CLIENTHELLO_TLSEXT                         226
+# define SSL_R_COMPRESSED_LENGTH_TOO_LONG                 140
+# define SSL_R_COMPRESSION_DISABLED                       343
+# define SSL_R_COMPRESSION_FAILURE                        141
+# define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE    307
+# define SSL_R_COMPRESSION_LIBRARY_ERROR                  142
+# define SSL_R_CONNECTION_TYPE_NOT_SET                    144
+# define SSL_R_CONTEXT_NOT_DANE_ENABLED                   167
+# define SSL_R_COOKIE_GEN_CALLBACK_FAILURE                400
+# define SSL_R_COOKIE_MISMATCH                            308
+# define SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED       206
+# define SSL_R_DANE_ALREADY_ENABLED                       172
+# define SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL            173
+# define SSL_R_DANE_NOT_ENABLED                           175
+# define SSL_R_DANE_TLSA_BAD_CERTIFICATE                  180
+# define SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE            184
+# define SSL_R_DANE_TLSA_BAD_DATA_LENGTH                  189
+# define SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH                192
+# define SSL_R_DANE_TLSA_BAD_MATCHING_TYPE                200
+# define SSL_R_DANE_TLSA_BAD_PUBLIC_KEY                   201
+# define SSL_R_DANE_TLSA_BAD_SELECTOR                     202
+# define SSL_R_DANE_TLSA_NULL_DATA                        203
+# define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED              145
+# define SSL_R_DATA_LENGTH_TOO_LONG                       146
+# define SSL_R_DECRYPTION_FAILED                          147
+# define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC        281
+# define SSL_R_DH_KEY_TOO_SMALL                           394
+# define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG            148
+# define SSL_R_DIGEST_CHECK_FAILED                        149
+# define SSL_R_DTLS_MESSAGE_TOO_BIG                       334
+# define SSL_R_DUPLICATE_COMPRESSION_ID                   309
+# define SSL_R_ECC_CERT_NOT_FOR_SIGNING                   318
+# define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE              374
+# define SSL_R_EE_KEY_TOO_SMALL                           399
+# define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST         354
+# define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                  150
+# define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              151
+# define SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN             204
+# define SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE                  194
+# define SSL_R_EXCESSIVE_MESSAGE_SIZE                     152
+# define SSL_R_EXTENSION_NOT_RECEIVED                     279
+# define SSL_R_EXTRA_DATA_IN_MESSAGE                      153
+# define SSL_R_EXT_LENGTH_MISMATCH                        163
+# define SSL_R_FAILED_TO_INIT_ASYNC                       405
+# define SSL_R_FRAGMENTED_CLIENT_HELLO                    401
+# define SSL_R_GOT_A_FIN_BEFORE_A_CCS                     154
+# define SSL_R_HTTPS_PROXY_REQUEST                        155
+# define SSL_R_HTTP_REQUEST                               156
+# define SSL_R_ILLEGAL_POINT_COMPRESSION                  162
+# define SSL_R_ILLEGAL_SUITEB_DIGEST                      380
+# define SSL_R_INAPPROPRIATE_FALLBACK                     373
+# define SSL_R_INCONSISTENT_COMPRESSION                   340
+# define SSL_R_INCONSISTENT_EARLY_DATA_ALPN               222
+# define SSL_R_INCONSISTENT_EARLY_DATA_SNI                231
+# define SSL_R_INCONSISTENT_EXTMS                         104
+# define SSL_R_INSUFFICIENT_SECURITY                      241
+# define SSL_R_INVALID_ALERT                              205
+# define SSL_R_INVALID_CCS_MESSAGE                        260
+# define SSL_R_INVALID_CERTIFICATE_OR_ALG                 238
+# define SSL_R_INVALID_COMMAND                            280
+# define SSL_R_INVALID_COMPRESSION_ALGORITHM              341
+# define SSL_R_INVALID_CONFIG                             283
+# define SSL_R_INVALID_CONFIGURATION_NAME                 113
+# define SSL_R_INVALID_CONTEXT                            282
+# define SSL_R_INVALID_CT_VALIDATION_TYPE                 212
+# define SSL_R_INVALID_KEY_UPDATE_TYPE                    120
+# define SSL_R_INVALID_MAX_EARLY_DATA                     174
+# define SSL_R_INVALID_NULL_CMD_NAME                      385
+# define SSL_R_INVALID_SEQUENCE_NUMBER                    402
+# define SSL_R_INVALID_SERVERINFO_DATA                    388
+# define SSL_R_INVALID_SESSION_ID                         999
+# define SSL_R_INVALID_SRP_USERNAME                       357
+# define SSL_R_INVALID_STATUS_RESPONSE                    328
+# define SSL_R_INVALID_TICKET_KEYS_LENGTH                 325
+# define SSL_R_LENGTH_MISMATCH                            159
+# define SSL_R_LENGTH_TOO_LONG                            404
+# define SSL_R_LENGTH_TOO_SHORT                           160
+# define SSL_R_LIBRARY_BUG                                274
+# define SSL_R_LIBRARY_HAS_NO_CIPHERS                     161
+# define SSL_R_MISSING_DSA_SIGNING_CERT                   165
+# define SSL_R_MISSING_ECDSA_SIGNING_CERT                 381
+# define SSL_R_MISSING_FATAL                              256
+# define SSL_R_MISSING_PARAMETERS                         290
+# define SSL_R_MISSING_RSA_CERTIFICATE                    168
+# define SSL_R_MISSING_RSA_ENCRYPTING_CERT                169
+# define SSL_R_MISSING_RSA_SIGNING_CERT                   170
+# define SSL_R_MISSING_SIGALGS_EXTENSION                  112
+# define SSL_R_MISSING_SIGNING_CERT                       221
+# define SSL_R_MISSING_SRP_PARAM                          358
+# define SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION         209
+# define SSL_R_MISSING_TMP_DH_KEY                         171
+# define SSL_R_MISSING_TMP_ECDH_KEY                       311
+# define SSL_R_NOT_ON_RECORD_BOUNDARY                     182
+# define SSL_R_NOT_REPLACING_CERTIFICATE                  289
+# define SSL_R_NOT_SERVER                                 284
+# define SSL_R_NO_APPLICATION_PROTOCOL                    235
+# define SSL_R_NO_CERTIFICATES_RETURNED                   176
+# define SSL_R_NO_CERTIFICATE_ASSIGNED                    177
+# define SSL_R_NO_CERTIFICATE_SET                         179
+# define SSL_R_NO_CHANGE_FOLLOWING_HRR                    214
+# define SSL_R_NO_CIPHERS_AVAILABLE                       181
+# define SSL_R_NO_CIPHERS_SPECIFIED                       183
+# define SSL_R_NO_CIPHER_MATCH                            185
+# define SSL_R_NO_CLIENT_CERT_METHOD                      331
+# define SSL_R_NO_COMPRESSION_SPECIFIED                   187
+# define SSL_R_NO_COOKIE_CALLBACK_SET                     287
+# define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER           330
+# define SSL_R_NO_METHOD_SPECIFIED                        188
+# define SSL_R_NO_PEM_EXTENSIONS                          389
+# define SSL_R_NO_PRIVATE_KEY_ASSIGNED                    190
+# define SSL_R_NO_PROTOCOLS_AVAILABLE                     191
+# define SSL_R_NO_RENEGOTIATION                           339
+# define SSL_R_NO_REQUIRED_DIGEST                         324
+# define SSL_R_NO_SHARED_CIPHER                           193
+# define SSL_R_NO_SHARED_GROUPS                           410
+# define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS             376
+# define SSL_R_NO_SRTP_PROFILES                           359
+# define SSL_R_NO_SUITABLE_KEY_SHARE                      101
+# define SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM            118
+# define SSL_R_NO_VALID_SCTS                              216
+# define SSL_R_NO_VERIFY_COOKIE_CALLBACK                  403
+# define SSL_R_NULL_SSL_CTX                               195
+# define SSL_R_NULL_SSL_METHOD_PASSED                     196
+# define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED            197
+# define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344
+# define SSL_R_OVERFLOW_ERROR                             237
+# define SSL_R_PACKET_LENGTH_TOO_LONG                     198
+# define SSL_R_PARSE_TLSEXT                               227
+# define SSL_R_PATH_TOO_LONG                              270
+# define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE          199
+# define SSL_R_PEM_NAME_BAD_PREFIX                        391
+# define SSL_R_PEM_NAME_TOO_SHORT                         392
+# define SSL_R_PIPELINE_FAILURE                           406
+# define SSL_R_POST_HANDSHAKE_AUTH_ENCODING_ERR           278
+# define SSL_R_PRIVATE_KEY_MISMATCH                       288
+# define SSL_R_PROTOCOL_IS_SHUTDOWN                       207
+# define SSL_R_PSK_IDENTITY_NOT_FOUND                     223
+# define SSL_R_PSK_NO_CLIENT_CB                           224
+# define SSL_R_PSK_NO_SERVER_CB                           225
+# define SSL_R_READ_BIO_NOT_SET                           211
+# define SSL_R_READ_TIMEOUT_EXPIRED                       312
+# define SSL_R_RECORD_LENGTH_MISMATCH                     213
+# define SSL_R_RECORD_TOO_SMALL                           298
+# define SSL_R_RENEGOTIATE_EXT_TOO_LONG                   335
+# define SSL_R_RENEGOTIATION_ENCODING_ERR                 336
+# define SSL_R_RENEGOTIATION_MISMATCH                     337
+# define SSL_R_REQUEST_PENDING                            285
+# define SSL_R_REQUEST_SENT                               286
+# define SSL_R_REQUIRED_CIPHER_MISSING                    215
+# define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING     342
+# define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING           345
+# define SSL_R_SCT_VERIFICATION_FAILED                    208
+# define SSL_R_SERVERHELLO_TLSEXT                         275
+# define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED           277
+# define SSL_R_SHUTDOWN_WHILE_IN_INIT                     407
+# define SSL_R_SIGNATURE_ALGORITHMS_ERROR                 360
+# define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE      220
+# define SSL_R_SRP_A_CALC                                 361
+# define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES           362
+# define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG      363
+# define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE            364
+# define SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH       232
+# define SSL_R_SSL3_EXT_INVALID_SERVERNAME                319
+# define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE           320
+# define SSL_R_SSL3_SESSION_ID_TOO_LONG                   300
+# define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE                1042
+# define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC                 1020
+# define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED            1045
+# define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED            1044
+# define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN            1046
+# define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE          1030
+# define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE              1040
+# define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER              1047
+# define SSL_R_SSLV3_ALERT_NO_CERTIFICATE                 1041
+# define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE             1010
+# define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE        1043
+# define SSL_R_SSL_COMMAND_SECTION_EMPTY                  117
+# define SSL_R_SSL_COMMAND_SECTION_NOT_FOUND              125
+# define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION         228
+# define SSL_R_SSL_HANDSHAKE_FAILURE                      229
+# define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS                 230
+# define SSL_R_SSL_NEGATIVE_LENGTH                        372
+# define SSL_R_SSL_SECTION_EMPTY                          126
+# define SSL_R_SSL_SECTION_NOT_FOUND                      136
+# define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED             301
+# define SSL_R_SSL_SESSION_ID_CONFLICT                    302
+# define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG            273
+# define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH              303
+# define SSL_R_SSL_SESSION_ID_TOO_LONG                    408
+# define SSL_R_SSL_SESSION_VERSION_MISMATCH               210
+# define SSL_R_STILL_IN_INIT                              121
+# define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED          1116
+# define SSL_R_TLSV13_ALERT_MISSING_EXTENSION             1109
+# define SSL_R_TLSV1_ALERT_ACCESS_DENIED                  1049
+# define SSL_R_TLSV1_ALERT_DECODE_ERROR                   1050
+# define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED              1021
+# define SSL_R_TLSV1_ALERT_DECRYPT_ERROR                  1051
+# define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION             1060
+# define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK         1086
+# define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY          1071
+# define SSL_R_TLSV1_ALERT_INTERNAL_ERROR                 1080
+# define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION               1100
+# define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION               1070
+# define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW                1022
+# define SSL_R_TLSV1_ALERT_UNKNOWN_CA                     1048
+# define SSL_R_TLSV1_ALERT_USER_CANCELLED                 1090
+# define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE           1114
+# define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE      1113
+# define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE             1111
+# define SSL_R_TLSV1_UNRECOGNIZED_NAME                    1112
+# define SSL_R_TLSV1_UNSUPPORTED_EXTENSION                1110
+# define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT           365
+# define SSL_R_TLS_HEARTBEAT_PENDING                      366
+# define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL                 367
+# define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST             157
+# define SSL_R_TOO_MANY_KEY_UPDATES                       132
+# define SSL_R_TOO_MANY_WARN_ALERTS                       409
+# define SSL_R_TOO_MUCH_EARLY_DATA                        164
+# define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS             314
+# define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS       239
+# define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES           242
+# define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES          243
+# define SSL_R_UNEXPECTED_CCS_MESSAGE                     262
+# define SSL_R_UNEXPECTED_END_OF_EARLY_DATA               178
+# define SSL_R_UNEXPECTED_MESSAGE                         244
+# define SSL_R_UNEXPECTED_RECORD                          245
+# define SSL_R_UNINITIALIZED                              276
+# define SSL_R_UNKNOWN_ALERT_TYPE                         246
+# define SSL_R_UNKNOWN_CERTIFICATE_TYPE                   247
+# define SSL_R_UNKNOWN_CIPHER_RETURNED                    248
+# define SSL_R_UNKNOWN_CIPHER_TYPE                        249
+# define SSL_R_UNKNOWN_CMD_NAME                           386
+# define SSL_R_UNKNOWN_COMMAND                            139
+# define SSL_R_UNKNOWN_DIGEST                             368
+# define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE                  250
+# define SSL_R_UNKNOWN_PKEY_TYPE                          251
+# define SSL_R_UNKNOWN_PROTOCOL                           252
+# define SSL_R_UNKNOWN_SSL_VERSION                        254
+# define SSL_R_UNKNOWN_STATE                              255
+# define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED       338
+# define SSL_R_UNSOLICITED_EXTENSION                      217
+# define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM          257
+# define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE                 315
+# define SSL_R_UNSUPPORTED_PROTOCOL                       258
+# define SSL_R_UNSUPPORTED_SSL_VERSION                    259
+# define SSL_R_UNSUPPORTED_STATUS_TYPE                    329
+# define SSL_R_USE_SRTP_NOT_NEGOTIATED                    369
+# define SSL_R_VERSION_TOO_HIGH                           166
+# define SSL_R_VERSION_TOO_LOW                            396
+# define SSL_R_WRONG_CERTIFICATE_TYPE                     383
+# define SSL_R_WRONG_CIPHER_RETURNED                      261
+# define SSL_R_WRONG_CURVE                                378
+# define SSL_R_WRONG_SIGNATURE_LENGTH                     264
+# define SSL_R_WRONG_SIGNATURE_SIZE                       265
+# define SSL_R_WRONG_SIGNATURE_TYPE                       370
+# define SSL_R_WRONG_SSL_VERSION                          266
+# define SSL_R_WRONG_VERSION_NUMBER                       267
+# define SSL_R_X509_LIB                                   268
+# define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS           269
+
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/stack.h b/freebsd/crypto/openssl/include/openssl/stack.h
new file mode 100644
index 00000000..cfc07505
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/stack.h
@@ -0,0 +1,83 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_STACK_H
+# define HEADER_STACK_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+typedef struct stack_st OPENSSL_STACK; /* Use STACK_OF(...) instead */
+
+typedef int (*OPENSSL_sk_compfunc)(const void *, const void *);
+typedef void (*OPENSSL_sk_freefunc)(void *);
+typedef void *(*OPENSSL_sk_copyfunc)(const void *);
+
+int OPENSSL_sk_num(const OPENSSL_STACK *);
+void *OPENSSL_sk_value(const OPENSSL_STACK *, int);
+
+void *OPENSSL_sk_set(OPENSSL_STACK *st, int i, const void *data);
+
+OPENSSL_STACK *OPENSSL_sk_new(OPENSSL_sk_compfunc cmp);
+OPENSSL_STACK *OPENSSL_sk_new_null(void);
+OPENSSL_STACK *OPENSSL_sk_new_reserve(OPENSSL_sk_compfunc c, int n);
+int OPENSSL_sk_reserve(OPENSSL_STACK *st, int n);
+void OPENSSL_sk_free(OPENSSL_STACK *);
+void OPENSSL_sk_pop_free(OPENSSL_STACK *st, void (*func) (void *));
+OPENSSL_STACK *OPENSSL_sk_deep_copy(const OPENSSL_STACK *,
+                                    OPENSSL_sk_copyfunc c,
+                                    OPENSSL_sk_freefunc f);
+int OPENSSL_sk_insert(OPENSSL_STACK *sk, const void *data, int where);
+void *OPENSSL_sk_delete(OPENSSL_STACK *st, int loc);
+void *OPENSSL_sk_delete_ptr(OPENSSL_STACK *st, const void *p);
+int OPENSSL_sk_find(OPENSSL_STACK *st, const void *data);
+int OPENSSL_sk_find_ex(OPENSSL_STACK *st, const void *data);
+int OPENSSL_sk_push(OPENSSL_STACK *st, const void *data);
+int OPENSSL_sk_unshift(OPENSSL_STACK *st, const void *data);
+void *OPENSSL_sk_shift(OPENSSL_STACK *st);
+void *OPENSSL_sk_pop(OPENSSL_STACK *st);
+void OPENSSL_sk_zero(OPENSSL_STACK *st);
+OPENSSL_sk_compfunc OPENSSL_sk_set_cmp_func(OPENSSL_STACK *sk,
+                                            OPENSSL_sk_compfunc cmp);
+OPENSSL_STACK *OPENSSL_sk_dup(const OPENSSL_STACK *st);
+void OPENSSL_sk_sort(OPENSSL_STACK *st);
+int OPENSSL_sk_is_sorted(const OPENSSL_STACK *st);
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define _STACK OPENSSL_STACK
+#  define sk_num OPENSSL_sk_num
+#  define sk_value OPENSSL_sk_value
+#  define sk_set OPENSSL_sk_set
+#  define sk_new OPENSSL_sk_new
+#  define sk_new_null OPENSSL_sk_new_null
+#  define sk_free OPENSSL_sk_free
+#  define sk_pop_free OPENSSL_sk_pop_free
+#  define sk_deep_copy OPENSSL_sk_deep_copy
+#  define sk_insert OPENSSL_sk_insert
+#  define sk_delete OPENSSL_sk_delete
+#  define sk_delete_ptr OPENSSL_sk_delete_ptr
+#  define sk_find OPENSSL_sk_find
+#  define sk_find_ex OPENSSL_sk_find_ex
+#  define sk_push OPENSSL_sk_push
+#  define sk_unshift OPENSSL_sk_unshift
+#  define sk_shift OPENSSL_sk_shift
+#  define sk_pop OPENSSL_sk_pop
+#  define sk_zero OPENSSL_sk_zero
+#  define sk_set_cmp_func OPENSSL_sk_set_cmp_func
+#  define sk_dup OPENSSL_sk_dup
+#  define sk_sort OPENSSL_sk_sort
+#  define sk_is_sorted OPENSSL_sk_is_sorted
+# endif
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/store.h b/freebsd/crypto/openssl/include/openssl/store.h
new file mode 100644
index 00000000..7b43e8bd
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/store.h
@@ -0,0 +1,266 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_OSSL_STORE_H
+# define HEADER_OSSL_STORE_H
+
+# include <stdarg.h>
+# include <openssl/ossl_typ.h>
+# include <openssl/pem.h>
+# include <openssl/storeerr.h>
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+/*-
+ *  The main OSSL_STORE functions.
+ *  ------------------------------
+ *
+ *  These allow applications to open a channel to a resource with supported
+ *  data (keys, certs, crls, ...), read the data a piece at a time and decide
+ *  what to do with it, and finally close.
+ */
+
+typedef struct ossl_store_ctx_st OSSL_STORE_CTX;
+
+/*
+ * Typedef for the OSSL_STORE_INFO post processing callback.  This can be used
+ * to massage the given OSSL_STORE_INFO, or to drop it entirely (by returning
+ * NULL).
+ */
+typedef OSSL_STORE_INFO *(*OSSL_STORE_post_process_info_fn)(OSSL_STORE_INFO *,
+                                                            void *);
+
+/*
+ * Open a channel given a URI.  The given UI method will be used any time the
+ * loader needs extra input, for example when a password or pin is needed, and
+ * will be passed the same user data every time it's needed in this context.
+ *
+ * Returns a context reference which represents the channel to communicate
+ * through.
+ */
+OSSL_STORE_CTX *OSSL_STORE_open(const char *uri, const UI_METHOD *ui_method,
+                                void *ui_data,
+                                OSSL_STORE_post_process_info_fn post_process,
+                                void *post_process_data);
+
+/*
+ * Control / fine tune the OSSL_STORE channel.  |cmd| determines what is to be
+ * done, and depends on the underlying loader (use OSSL_STORE_get0_scheme to
+ * determine which loader is used), except for common commands (see below).
+ * Each command takes different arguments.
+ */
+int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ... /* args */);
+int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd, va_list args);
+
+/*
+ * Common ctrl commands that different loaders may choose to support.
+ */
+/* int on = 0 or 1; STORE_ctrl(ctx, STORE_C_USE_SECMEM, &on); */
+# define OSSL_STORE_C_USE_SECMEM      1
+/* Where custom commands start */
+# define OSSL_STORE_C_CUSTOM_START    100
+
+/*
+ * Read one data item (a key, a cert, a CRL) that is supported by the OSSL_STORE
+ * functionality, given a context.
+ * Returns a OSSL_STORE_INFO pointer, from which OpenSSL typed data can be
+ * extracted with OSSL_STORE_INFO_get0_PKEY(), OSSL_STORE_INFO_get0_CERT(), ...
+ * NULL is returned on error, which may include that the data found at the URI
+ * can't be figured out for certain or is ambiguous.
+ */
+OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx);
+
+/*
+ * Check if end of data (end of file) is reached
+ * Returns 1 on end, 0 otherwise.
+ */
+int OSSL_STORE_eof(OSSL_STORE_CTX *ctx);
+
+/*
+ * Check if an error occured
+ * Returns 1 if it did, 0 otherwise.
+ */
+int OSSL_STORE_error(OSSL_STORE_CTX *ctx);
+
+/*
+ * Close the channel
+ * Returns 1 on success, 0 on error.
+ */
+int OSSL_STORE_close(OSSL_STORE_CTX *ctx);
+
+
+/*-
+ *  Extracting OpenSSL types from and creating new OSSL_STORE_INFOs
+ *  ---------------------------------------------------------------
+ */
+
+/*
+ * Types of data that can be ossl_stored in a OSSL_STORE_INFO.
+ * OSSL_STORE_INFO_NAME is typically found when getting a listing of
+ * available "files" / "tokens" / what have you.
+ */
+# define OSSL_STORE_INFO_NAME           1   /* char * */
+# define OSSL_STORE_INFO_PARAMS         2   /* EVP_PKEY * */
+# define OSSL_STORE_INFO_PKEY           3   /* EVP_PKEY * */
+# define OSSL_STORE_INFO_CERT           4   /* X509 * */
+# define OSSL_STORE_INFO_CRL            5   /* X509_CRL * */
+
+/*
+ * Functions to generate OSSL_STORE_INFOs, one function for each type we
+ * support having in them, as well as a generic constructor.
+ *
+ * In all cases, ownership of the object is transfered to the OSSL_STORE_INFO
+ * and will therefore be freed when the OSSL_STORE_INFO is freed.
+ */
+OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name);
+int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc);
+OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(EVP_PKEY *params);
+OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey);
+OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509);
+OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl);
+
+/*
+ * Functions to try to extract data from a OSSL_STORE_INFO.
+ */
+int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *info);
+const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *info);
+char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *info);
+const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO *info);
+char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *info);
+EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *info);
+EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *info);
+EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *info);
+EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *info);
+X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *info);
+X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *info);
+X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *info);
+X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *info);
+
+const char *OSSL_STORE_INFO_type_string(int type);
+
+/*
+ * Free the OSSL_STORE_INFO
+ */
+void OSSL_STORE_INFO_free(OSSL_STORE_INFO *info);
+
+
+/*-
+ *  Functions to construct a search URI from a base URI and search criteria
+ *  -----------------------------------------------------------------------
+ */
+
+/* OSSL_STORE search types */
+# define OSSL_STORE_SEARCH_BY_NAME              1 /* subject in certs, issuer in CRLs */
+# define OSSL_STORE_SEARCH_BY_ISSUER_SERIAL     2
+# define OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT   3
+# define OSSL_STORE_SEARCH_BY_ALIAS             4
+
+/* To check what search types the scheme handler supports */
+int OSSL_STORE_supports_search(OSSL_STORE_CTX *ctx, int search_type);
+
+/* Search term constructors */
+/*
+ * The input is considered to be owned by the caller, and must therefore
+ * remain present throughout the lifetime of the returned OSSL_STORE_SEARCH
+ */
+OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(X509_NAME *name);
+OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME *name,
+                                                      const ASN1_INTEGER
+                                                      *serial);
+OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD *digest,
+                                                        const unsigned char
+                                                        *bytes, size_t len);
+OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_alias(const char *alias);
+
+/* Search term destructor */
+void OSSL_STORE_SEARCH_free(OSSL_STORE_SEARCH *search);
+
+/* Search term accessors */
+int OSSL_STORE_SEARCH_get_type(const OSSL_STORE_SEARCH *criterion);
+X509_NAME *OSSL_STORE_SEARCH_get0_name(OSSL_STORE_SEARCH *criterion);
+const ASN1_INTEGER *OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH
+                                                  *criterion);
+const unsigned char *OSSL_STORE_SEARCH_get0_bytes(const OSSL_STORE_SEARCH
+                                                  *criterion, size_t *length);
+const char *OSSL_STORE_SEARCH_get0_string(const OSSL_STORE_SEARCH *criterion);
+const EVP_MD *OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH *criterion);
+
+/*
+ * Add search criterion and expected return type (which can be unspecified)
+ * to the loading channel.  This MUST happen before the first OSSL_STORE_load().
+ */
+int OSSL_STORE_expect(OSSL_STORE_CTX *ctx, int expected_type);
+int OSSL_STORE_find(OSSL_STORE_CTX *ctx, OSSL_STORE_SEARCH *search);
+
+
+/*-
+ *  Function to register a loader for the given URI scheme.
+ *  -------------------------------------------------------
+ *
+ *  The loader receives all the main components of an URI except for the
+ *  scheme.
+ */
+
+typedef struct ossl_store_loader_st OSSL_STORE_LOADER;
+OSSL_STORE_LOADER *OSSL_STORE_LOADER_new(ENGINE *e, const char *scheme);
+const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader);
+const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
+/* struct ossl_store_loader_ctx_st is defined differently by each loader */
+typedef struct ossl_store_loader_ctx_st OSSL_STORE_LOADER_CTX;
+typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_open_fn)(const OSSL_STORE_LOADER
+                                                     *loader,
+                                                     const char *uri,
+                                                     const UI_METHOD *ui_method,
+                                                     void *ui_data);
+int OSSL_STORE_LOADER_set_open(OSSL_STORE_LOADER *loader,
+                               OSSL_STORE_open_fn open_function);
+typedef int (*OSSL_STORE_ctrl_fn)(OSSL_STORE_LOADER_CTX *ctx, int cmd,
+                                  va_list args);
+int OSSL_STORE_LOADER_set_ctrl(OSSL_STORE_LOADER *loader,
+                               OSSL_STORE_ctrl_fn ctrl_function);
+typedef int (*OSSL_STORE_expect_fn)(OSSL_STORE_LOADER_CTX *ctx, int expected);
+int OSSL_STORE_LOADER_set_expect(OSSL_STORE_LOADER *loader,
+                                 OSSL_STORE_expect_fn expect_function);
+typedef int (*OSSL_STORE_find_fn)(OSSL_STORE_LOADER_CTX *ctx,
+                                  OSSL_STORE_SEARCH *criteria);
+int OSSL_STORE_LOADER_set_find(OSSL_STORE_LOADER *loader,
+                               OSSL_STORE_find_fn find_function);
+typedef OSSL_STORE_INFO *(*OSSL_STORE_load_fn)(OSSL_STORE_LOADER_CTX *ctx,
+                                               const UI_METHOD *ui_method,
+                                               void *ui_data);
+int OSSL_STORE_LOADER_set_load(OSSL_STORE_LOADER *loader,
+                               OSSL_STORE_load_fn load_function);
+typedef int (*OSSL_STORE_eof_fn)(OSSL_STORE_LOADER_CTX *ctx);
+int OSSL_STORE_LOADER_set_eof(OSSL_STORE_LOADER *loader,
+                              OSSL_STORE_eof_fn eof_function);
+typedef int (*OSSL_STORE_error_fn)(OSSL_STORE_LOADER_CTX *ctx);
+int OSSL_STORE_LOADER_set_error(OSSL_STORE_LOADER *loader,
+                                OSSL_STORE_error_fn error_function);
+typedef int (*OSSL_STORE_close_fn)(OSSL_STORE_LOADER_CTX *ctx);
+int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader,
+                                OSSL_STORE_close_fn close_function);
+void OSSL_STORE_LOADER_free(OSSL_STORE_LOADER *loader);
+
+int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader);
+OSSL_STORE_LOADER *OSSL_STORE_unregister_loader(const char *scheme);
+
+/*-
+ *  Functions to list STORE loaders
+ *  -------------------------------
+ */
+int OSSL_STORE_do_all_loaders(void (*do_function) (const OSSL_STORE_LOADER
+                                                   *loader, void *do_arg),
+                              void *do_arg);
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/storeerr.h b/freebsd/crypto/openssl/include/openssl/storeerr.h
new file mode 100644
index 00000000..33d0ab79
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/storeerr.h
@@ -0,0 +1,87 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_OSSL_STOREERR_H
+# define HEADER_OSSL_STOREERR_H
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_OSSL_STORE_strings(void);
+
+/*
+ * OSSL_STORE function codes.
+ */
+# define OSSL_STORE_F_FILE_CTRL                           129
+# define OSSL_STORE_F_FILE_FIND                           138
+# define OSSL_STORE_F_FILE_GET_PASS                       118
+# define OSSL_STORE_F_FILE_LOAD                           119
+# define OSSL_STORE_F_FILE_LOAD_TRY_DECODE                124
+# define OSSL_STORE_F_FILE_NAME_TO_URI                    126
+# define OSSL_STORE_F_FILE_OPEN                           120
+# define OSSL_STORE_F_OSSL_STORE_ATTACH_PEM_BIO           127
+# define OSSL_STORE_F_OSSL_STORE_EXPECT                   130
+# define OSSL_STORE_F_OSSL_STORE_FILE_ATTACH_PEM_BIO_INT  128
+# define OSSL_STORE_F_OSSL_STORE_FIND                     131
+# define OSSL_STORE_F_OSSL_STORE_GET0_LOADER_INT          100
+# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_CERT           101
+# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_CRL            102
+# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME           103
+# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION 135
+# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_PARAMS         104
+# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_PKEY           105
+# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_CERT            106
+# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_CRL             107
+# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED        123
+# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_NAME            109
+# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_PARAMS          110
+# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_PKEY            111
+# define OSSL_STORE_F_OSSL_STORE_INFO_SET0_NAME_DESCRIPTION 134
+# define OSSL_STORE_F_OSSL_STORE_INIT_ONCE                112
+# define OSSL_STORE_F_OSSL_STORE_LOADER_NEW               113
+# define OSSL_STORE_F_OSSL_STORE_OPEN                     114
+# define OSSL_STORE_F_OSSL_STORE_OPEN_INT                 115
+# define OSSL_STORE_F_OSSL_STORE_REGISTER_LOADER_INT      117
+# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ALIAS          132
+# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ISSUER_SERIAL  133
+# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT 136
+# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_NAME           137
+# define OSSL_STORE_F_OSSL_STORE_UNREGISTER_LOADER_INT    116
+# define OSSL_STORE_F_TRY_DECODE_PARAMS                   121
+# define OSSL_STORE_F_TRY_DECODE_PKCS12                   122
+# define OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED           125
+
+/*
+ * OSSL_STORE reason codes.
+ */
+# define OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE              107
+# define OSSL_STORE_R_BAD_PASSWORD_READ                   115
+# define OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC          113
+# define OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST 121
+# define OSSL_STORE_R_INVALID_SCHEME                      106
+# define OSSL_STORE_R_IS_NOT_A                            112
+# define OSSL_STORE_R_LOADER_INCOMPLETE                   116
+# define OSSL_STORE_R_LOADING_STARTED                     117
+# define OSSL_STORE_R_NOT_A_CERTIFICATE                   100
+# define OSSL_STORE_R_NOT_A_CRL                           101
+# define OSSL_STORE_R_NOT_A_KEY                           102
+# define OSSL_STORE_R_NOT_A_NAME                          103
+# define OSSL_STORE_R_NOT_PARAMETERS                      104
+# define OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR           114
+# define OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE               108
+# define OSSL_STORE_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES 119
+# define OSSL_STORE_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED 109
+# define OSSL_STORE_R_UNREGISTERED_SCHEME                 105
+# define OSSL_STORE_R_UNSUPPORTED_CONTENT_TYPE            110
+# define OSSL_STORE_R_UNSUPPORTED_OPERATION               118
+# define OSSL_STORE_R_UNSUPPORTED_SEARCH_TYPE             120
+# define OSSL_STORE_R_URI_AUTHORITY_UNSUPPORTED           111
+
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/symhacks.h b/freebsd/crypto/openssl/include/openssl/symhacks.h
new file mode 100644
index 00000000..caf1f1a7
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/symhacks.h
@@ -0,0 +1,52 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_SYMHACKS_H
+# define HEADER_SYMHACKS_H
+
+# include <openssl/e_os2.h>
+
+/* Case insensitive linking causes problems.... */
+# if defined(OPENSSL_SYS_VMS)
+#  undef ERR_load_CRYPTO_strings
+#  define ERR_load_CRYPTO_strings                 ERR_load_CRYPTOlib_strings
+#  undef OCSP_crlID_new
+#  define OCSP_crlID_new                          OCSP_crlID2_new
+
+#  undef d2i_ECPARAMETERS
+#  define d2i_ECPARAMETERS                        d2i_UC_ECPARAMETERS
+#  undef i2d_ECPARAMETERS
+#  define i2d_ECPARAMETERS                        i2d_UC_ECPARAMETERS
+#  undef d2i_ECPKPARAMETERS
+#  define d2i_ECPKPARAMETERS                      d2i_UC_ECPKPARAMETERS
+#  undef i2d_ECPKPARAMETERS
+#  define i2d_ECPKPARAMETERS                      i2d_UC_ECPKPARAMETERS
+
+/*
+ * These functions do not seem to exist! However, I'm paranoid... Original
+ * command in x509v3.h: These functions are being redefined in another
+ * directory, and clash when the linker is case-insensitive, so let's hide
+ * them a little, by giving them an extra 'o' at the beginning of the name...
+ */
+#  undef X509v3_cleanup_extensions
+#  define X509v3_cleanup_extensions               oX509v3_cleanup_extensions
+#  undef X509v3_add_extension
+#  define X509v3_add_extension                    oX509v3_add_extension
+#  undef X509v3_add_netscape_extensions
+#  define X509v3_add_netscape_extensions          oX509v3_add_netscape_extensions
+#  undef X509v3_add_standard_extensions
+#  define X509v3_add_standard_extensions          oX509v3_add_standard_extensions
+
+/* This one clashes with CMS_data_create */
+#  undef cms_Data_create
+#  define cms_Data_create                         priv_cms_Data_create
+
+# endif
+
+#endif                          /* ! defined HEADER_VMS_IDHACKS_H */
diff --git a/freebsd/crypto/openssl/include/openssl/tls1.h b/freebsd/crypto/openssl/include/openssl/tls1.h
new file mode 100644
index 00000000..2e46cf80
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/tls1.h
@@ -0,0 +1,1236 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_TLS1_H
+# define HEADER_TLS1_H
+
+# include <openssl/buffer.h>
+# include <openssl/x509.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* Default security level if not overridden at config time */
+# ifndef OPENSSL_TLS_SECURITY_LEVEL
+#  define OPENSSL_TLS_SECURITY_LEVEL 1
+# endif
+
+# define TLS1_VERSION                    0x0301
+# define TLS1_1_VERSION                  0x0302
+# define TLS1_2_VERSION                  0x0303
+# define TLS1_3_VERSION                  0x0304
+# define TLS_MAX_VERSION                 TLS1_3_VERSION
+
+/* Special value for method supporting multiple versions */
+# define TLS_ANY_VERSION                 0x10000
+
+# define TLS1_VERSION_MAJOR              0x03
+# define TLS1_VERSION_MINOR              0x01
+
+# define TLS1_1_VERSION_MAJOR            0x03
+# define TLS1_1_VERSION_MINOR            0x02
+
+# define TLS1_2_VERSION_MAJOR            0x03
+# define TLS1_2_VERSION_MINOR            0x03
+
+# define TLS1_get_version(s) \
+        ((SSL_version(s) >> 8) == TLS1_VERSION_MAJOR ? SSL_version(s) : 0)
+
+# define TLS1_get_client_version(s) \
+        ((SSL_client_version(s) >> 8) == TLS1_VERSION_MAJOR ? SSL_client_version(s) : 0)
+
+# define TLS1_AD_DECRYPTION_FAILED       21
+# define TLS1_AD_RECORD_OVERFLOW         22
+# define TLS1_AD_UNKNOWN_CA              48/* fatal */
+# define TLS1_AD_ACCESS_DENIED           49/* fatal */
+# define TLS1_AD_DECODE_ERROR            50/* fatal */
+# define TLS1_AD_DECRYPT_ERROR           51
+# define TLS1_AD_EXPORT_RESTRICTION      60/* fatal */
+# define TLS1_AD_PROTOCOL_VERSION        70/* fatal */
+# define TLS1_AD_INSUFFICIENT_SECURITY   71/* fatal */
+# define TLS1_AD_INTERNAL_ERROR          80/* fatal */
+# define TLS1_AD_INAPPROPRIATE_FALLBACK  86/* fatal */
+# define TLS1_AD_USER_CANCELLED          90
+# define TLS1_AD_NO_RENEGOTIATION        100
+/* TLSv1.3 alerts */
+# define TLS13_AD_MISSING_EXTENSION      109 /* fatal */
+# define TLS13_AD_CERTIFICATE_REQUIRED   116 /* fatal */
+/* codes 110-114 are from RFC3546 */
+# define TLS1_AD_UNSUPPORTED_EXTENSION   110
+# define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111
+# define TLS1_AD_UNRECOGNIZED_NAME       112
+# define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113
+# define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114
+# define TLS1_AD_UNKNOWN_PSK_IDENTITY    115/* fatal */
+# define TLS1_AD_NO_APPLICATION_PROTOCOL 120 /* fatal */
+
+/* ExtensionType values from RFC3546 / RFC4366 / RFC6066 */
+# define TLSEXT_TYPE_server_name                 0
+# define TLSEXT_TYPE_max_fragment_length         1
+# define TLSEXT_TYPE_client_certificate_url      2
+# define TLSEXT_TYPE_trusted_ca_keys             3
+# define TLSEXT_TYPE_truncated_hmac              4
+# define TLSEXT_TYPE_status_request              5
+/* ExtensionType values from RFC4681 */
+# define TLSEXT_TYPE_user_mapping                6
+/* ExtensionType values from RFC5878 */
+# define TLSEXT_TYPE_client_authz                7
+# define TLSEXT_TYPE_server_authz                8
+/* ExtensionType values from RFC6091 */
+# define TLSEXT_TYPE_cert_type           9
+
+/* ExtensionType values from RFC4492 */
+/*
+ * Prior to TLSv1.3 the supported_groups extension was known as
+ * elliptic_curves
+ */
+# define TLSEXT_TYPE_supported_groups            10
+# define TLSEXT_TYPE_elliptic_curves             TLSEXT_TYPE_supported_groups
+# define TLSEXT_TYPE_ec_point_formats            11
+
+
+/* ExtensionType value from RFC5054 */
+# define TLSEXT_TYPE_srp                         12
+
+/* ExtensionType values from RFC5246 */
+# define TLSEXT_TYPE_signature_algorithms        13
+
+/* ExtensionType value from RFC5764 */
+# define TLSEXT_TYPE_use_srtp    14
+
+/* ExtensionType value from RFC5620 */
+# define TLSEXT_TYPE_heartbeat   15
+
+/* ExtensionType value from RFC7301 */
+# define TLSEXT_TYPE_application_layer_protocol_negotiation 16
+
+/*
+ * Extension type for Certificate Transparency
+ * https://tools.ietf.org/html/rfc6962#section-3.3.1
+ */
+# define TLSEXT_TYPE_signed_certificate_timestamp    18
+
+/*
+ * ExtensionType value for TLS padding extension.
+ * http://tools.ietf.org/html/draft-agl-tls-padding
+ */
+# define TLSEXT_TYPE_padding     21
+
+/* ExtensionType value from RFC7366 */
+# define TLSEXT_TYPE_encrypt_then_mac    22
+
+/* ExtensionType value from RFC7627 */
+# define TLSEXT_TYPE_extended_master_secret      23
+
+/* ExtensionType value from RFC4507 */
+# define TLSEXT_TYPE_session_ticket              35
+
+/* As defined for TLS1.3 */
+# define TLSEXT_TYPE_psk                         41
+# define TLSEXT_TYPE_early_data                  42
+# define TLSEXT_TYPE_supported_versions          43
+# define TLSEXT_TYPE_cookie                      44
+# define TLSEXT_TYPE_psk_kex_modes               45
+# define TLSEXT_TYPE_certificate_authorities     47
+# define TLSEXT_TYPE_post_handshake_auth         49
+# define TLSEXT_TYPE_signature_algorithms_cert   50
+# define TLSEXT_TYPE_key_share                   51
+
+/* Temporary extension type */
+# define TLSEXT_TYPE_renegotiate                 0xff01
+
+# ifndef OPENSSL_NO_NEXTPROTONEG
+/* This is not an IANA defined extension number */
+#  define TLSEXT_TYPE_next_proto_neg              13172
+# endif
+
+/* NameType value from RFC3546 */
+# define TLSEXT_NAMETYPE_host_name 0
+/* status request value from RFC3546 */
+# define TLSEXT_STATUSTYPE_ocsp 1
+
+/* ECPointFormat values from RFC4492 */
+# define TLSEXT_ECPOINTFORMAT_first                      0
+# define TLSEXT_ECPOINTFORMAT_uncompressed               0
+# define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime  1
+# define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2  2
+# define TLSEXT_ECPOINTFORMAT_last                       2
+
+/* Signature and hash algorithms from RFC5246 */
+# define TLSEXT_signature_anonymous                      0
+# define TLSEXT_signature_rsa                            1
+# define TLSEXT_signature_dsa                            2
+# define TLSEXT_signature_ecdsa                          3
+# define TLSEXT_signature_gostr34102001                  237
+# define TLSEXT_signature_gostr34102012_256              238
+# define TLSEXT_signature_gostr34102012_512              239
+
+/* Total number of different signature algorithms */
+# define TLSEXT_signature_num                            7
+
+# define TLSEXT_hash_none                                0
+# define TLSEXT_hash_md5                                 1
+# define TLSEXT_hash_sha1                                2
+# define TLSEXT_hash_sha224                              3
+# define TLSEXT_hash_sha256                              4
+# define TLSEXT_hash_sha384                              5
+# define TLSEXT_hash_sha512                              6
+# define TLSEXT_hash_gostr3411                           237
+# define TLSEXT_hash_gostr34112012_256                   238
+# define TLSEXT_hash_gostr34112012_512                   239
+
+/* Total number of different digest algorithms */
+
+# define TLSEXT_hash_num                                 10
+
+/* Flag set for unrecognised algorithms */
+# define TLSEXT_nid_unknown                              0x1000000
+
+/* ECC curves */
+
+# define TLSEXT_curve_P_256                              23
+# define TLSEXT_curve_P_384                              24
+
+/* OpenSSL value to disable maximum fragment length extension */
+# define TLSEXT_max_fragment_length_DISABLED    0
+/* Allowed values for max fragment length extension */
+# define TLSEXT_max_fragment_length_512         1
+# define TLSEXT_max_fragment_length_1024        2
+# define TLSEXT_max_fragment_length_2048        3
+# define TLSEXT_max_fragment_length_4096        4
+
+int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode);
+int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode);
+
+# define TLSEXT_MAXLEN_host_name 255
+
+__owur const char *SSL_get_servername(const SSL *s, const int type);
+__owur int SSL_get_servername_type(const SSL *s);
+/*
+ * SSL_export_keying_material exports a value derived from the master secret,
+ * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and
+ * optional context. (Since a zero length context is allowed, the |use_context|
+ * flag controls whether a context is included.) It returns 1 on success and
+ * 0 or -1 otherwise.
+ */
+__owur int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
+                                      const char *label, size_t llen,
+                                      const unsigned char *context,
+                                      size_t contextlen, int use_context);
+
+/*
+ * SSL_export_keying_material_early exports a value derived from the
+ * early exporter master secret, as specified in
+ * https://tools.ietf.org/html/draft-ietf-tls-tls13-23. It writes
+ * |olen| bytes to |out| given a label and optional context. It
+ * returns 1 on success and 0 otherwise.
+ */
+__owur int SSL_export_keying_material_early(SSL *s, unsigned char *out,
+                                            size_t olen, const char *label,
+                                            size_t llen,
+                                            const unsigned char *context,
+                                            size_t contextlen);
+
+int SSL_get_peer_signature_type_nid(const SSL *s, int *pnid);
+
+int SSL_get_sigalgs(SSL *s, int idx,
+                    int *psign, int *phash, int *psignandhash,
+                    unsigned char *rsig, unsigned char *rhash);
+
+int SSL_get_shared_sigalgs(SSL *s, int idx,
+                           int *psign, int *phash, int *psignandhash,
+                           unsigned char *rsig, unsigned char *rhash);
+
+__owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain);
+
+# define SSL_set_tlsext_host_name(s,name) \
+        SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,\
+                (void *)name)
+
+# define SSL_set_tlsext_debug_callback(ssl, cb) \
+        SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,\
+                (void (*)(void))cb)
+
+# define SSL_set_tlsext_debug_arg(ssl, arg) \
+        SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0,arg)
+
+# define SSL_get_tlsext_status_type(ssl) \
+        SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE,0,NULL)
+
+# define SSL_set_tlsext_status_type(ssl, type) \
+        SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type,NULL)
+
+# define SSL_get_tlsext_status_exts(ssl, arg) \
+        SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0,arg)
+
+# define SSL_set_tlsext_status_exts(ssl, arg) \
+        SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0,arg)
+
+# define SSL_get_tlsext_status_ids(ssl, arg) \
+        SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0,arg)
+
+# define SSL_set_tlsext_status_ids(ssl, arg) \
+        SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0,arg)
+
+# define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \
+        SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0,arg)
+
+# define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \
+        SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen,arg)
+
+# define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \
+        SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,\
+                (void (*)(void))cb)
+
+# define SSL_TLSEXT_ERR_OK 0
+# define SSL_TLSEXT_ERR_ALERT_WARNING 1
+# define SSL_TLSEXT_ERR_ALERT_FATAL 2
+# define SSL_TLSEXT_ERR_NOACK 3
+
+# define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0,arg)
+
+# define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_TLSEXT_TICKET_KEYS,keylen,keys)
+# define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_TICKET_KEYS,keylen,keys)
+
+# define SSL_CTX_get_tlsext_status_cb(ssl, cb) \
+        SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB,0,(void *)cb)
+# define SSL_CTX_set_tlsext_status_cb(ssl, cb) \
+        SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,\
+                (void (*)(void))cb)
+
+# define SSL_CTX_get_tlsext_status_arg(ssl, arg) \
+        SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG,0,arg)
+# define SSL_CTX_set_tlsext_status_arg(ssl, arg) \
+        SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0,arg)
+
+# define SSL_CTX_set_tlsext_status_type(ssl, type) \
+        SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type,NULL)
+
+# define SSL_CTX_get_tlsext_status_type(ssl) \
+        SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE,0,NULL)
+
+# define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
+        SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,\
+                (void (*)(void))cb)
+
+# ifndef OPENSSL_NO_HEARTBEATS
+#  define SSL_DTLSEXT_HB_ENABLED                   0x01
+#  define SSL_DTLSEXT_HB_DONT_SEND_REQUESTS        0x02
+#  define SSL_DTLSEXT_HB_DONT_RECV_REQUESTS        0x04
+#  define SSL_get_dtlsext_heartbeat_pending(ssl) \
+        SSL_ctrl(ssl,SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING,0,NULL)
+#  define SSL_set_dtlsext_heartbeat_no_requests(ssl, arg) \
+        SSL_ctrl(ssl,SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS,arg,NULL)
+
+#  if OPENSSL_API_COMPAT < 0x10100000L
+#   define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT \
+        SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT
+#   define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING \
+        SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING
+#   define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS \
+        SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS
+#   define SSL_TLSEXT_HB_ENABLED \
+        SSL_DTLSEXT_HB_ENABLED
+#   define SSL_TLSEXT_HB_DONT_SEND_REQUESTS \
+        SSL_DTLSEXT_HB_DONT_SEND_REQUESTS
+#   define SSL_TLSEXT_HB_DONT_RECV_REQUESTS \
+        SSL_DTLSEXT_HB_DONT_RECV_REQUESTS
+#   define SSL_get_tlsext_heartbeat_pending(ssl) \
+        SSL_get_dtlsext_heartbeat_pending(ssl)
+#   define SSL_set_tlsext_heartbeat_no_requests(ssl, arg) \
+        SSL_set_dtlsext_heartbeat_no_requests(ssl,arg)
+#  endif
+# endif
+
+/* PSK ciphersuites from 4279 */
+# define TLS1_CK_PSK_WITH_RC4_128_SHA                    0x0300008A
+# define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA               0x0300008B
+# define TLS1_CK_PSK_WITH_AES_128_CBC_SHA                0x0300008C
+# define TLS1_CK_PSK_WITH_AES_256_CBC_SHA                0x0300008D
+# define TLS1_CK_DHE_PSK_WITH_RC4_128_SHA                0x0300008E
+# define TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA           0x0300008F
+# define TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA            0x03000090
+# define TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA            0x03000091
+# define TLS1_CK_RSA_PSK_WITH_RC4_128_SHA                0x03000092
+# define TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA           0x03000093
+# define TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA            0x03000094
+# define TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA            0x03000095
+
+/* PSK ciphersuites from 5487 */
+# define TLS1_CK_PSK_WITH_AES_128_GCM_SHA256             0x030000A8
+# define TLS1_CK_PSK_WITH_AES_256_GCM_SHA384             0x030000A9
+# define TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256         0x030000AA
+# define TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384         0x030000AB
+# define TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256         0x030000AC
+# define TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384         0x030000AD
+# define TLS1_CK_PSK_WITH_AES_128_CBC_SHA256             0x030000AE
+# define TLS1_CK_PSK_WITH_AES_256_CBC_SHA384             0x030000AF
+# define TLS1_CK_PSK_WITH_NULL_SHA256                    0x030000B0
+# define TLS1_CK_PSK_WITH_NULL_SHA384                    0x030000B1
+# define TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256         0x030000B2
+# define TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384         0x030000B3
+# define TLS1_CK_DHE_PSK_WITH_NULL_SHA256                0x030000B4
+# define TLS1_CK_DHE_PSK_WITH_NULL_SHA384                0x030000B5
+# define TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256         0x030000B6
+# define TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384         0x030000B7
+# define TLS1_CK_RSA_PSK_WITH_NULL_SHA256                0x030000B8
+# define TLS1_CK_RSA_PSK_WITH_NULL_SHA384                0x030000B9
+
+/* NULL PSK ciphersuites from RFC4785 */
+# define TLS1_CK_PSK_WITH_NULL_SHA                       0x0300002C
+# define TLS1_CK_DHE_PSK_WITH_NULL_SHA                   0x0300002D
+# define TLS1_CK_RSA_PSK_WITH_NULL_SHA                   0x0300002E
+
+/* AES ciphersuites from RFC3268 */
+# define TLS1_CK_RSA_WITH_AES_128_SHA                    0x0300002F
+# define TLS1_CK_DH_DSS_WITH_AES_128_SHA                 0x03000030
+# define TLS1_CK_DH_RSA_WITH_AES_128_SHA                 0x03000031
+# define TLS1_CK_DHE_DSS_WITH_AES_128_SHA                0x03000032
+# define TLS1_CK_DHE_RSA_WITH_AES_128_SHA                0x03000033
+# define TLS1_CK_ADH_WITH_AES_128_SHA                    0x03000034
+# define TLS1_CK_RSA_WITH_AES_256_SHA                    0x03000035
+# define TLS1_CK_DH_DSS_WITH_AES_256_SHA                 0x03000036
+# define TLS1_CK_DH_RSA_WITH_AES_256_SHA                 0x03000037
+# define TLS1_CK_DHE_DSS_WITH_AES_256_SHA                0x03000038
+# define TLS1_CK_DHE_RSA_WITH_AES_256_SHA                0x03000039
+# define TLS1_CK_ADH_WITH_AES_256_SHA                    0x0300003A
+
+/* TLS v1.2 ciphersuites */
+# define TLS1_CK_RSA_WITH_NULL_SHA256                    0x0300003B
+# define TLS1_CK_RSA_WITH_AES_128_SHA256                 0x0300003C
+# define TLS1_CK_RSA_WITH_AES_256_SHA256                 0x0300003D
+# define TLS1_CK_DH_DSS_WITH_AES_128_SHA256              0x0300003E
+# define TLS1_CK_DH_RSA_WITH_AES_128_SHA256              0x0300003F
+# define TLS1_CK_DHE_DSS_WITH_AES_128_SHA256             0x03000040
+
+/* Camellia ciphersuites from RFC4132 */
+# define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA           0x03000041
+# define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA        0x03000042
+# define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA        0x03000043
+# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA       0x03000044
+# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA       0x03000045
+# define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA           0x03000046
+
+/* TLS v1.2 ciphersuites */
+# define TLS1_CK_DHE_RSA_WITH_AES_128_SHA256             0x03000067
+# define TLS1_CK_DH_DSS_WITH_AES_256_SHA256              0x03000068
+# define TLS1_CK_DH_RSA_WITH_AES_256_SHA256              0x03000069
+# define TLS1_CK_DHE_DSS_WITH_AES_256_SHA256             0x0300006A
+# define TLS1_CK_DHE_RSA_WITH_AES_256_SHA256             0x0300006B
+# define TLS1_CK_ADH_WITH_AES_128_SHA256                 0x0300006C
+# define TLS1_CK_ADH_WITH_AES_256_SHA256                 0x0300006D
+
+/* Camellia ciphersuites from RFC4132 */
+# define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA           0x03000084
+# define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA        0x03000085
+# define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA        0x03000086
+# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA       0x03000087
+# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA       0x03000088
+# define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA           0x03000089
+
+/* SEED ciphersuites from RFC4162 */
+# define TLS1_CK_RSA_WITH_SEED_SHA                       0x03000096
+# define TLS1_CK_DH_DSS_WITH_SEED_SHA                    0x03000097
+# define TLS1_CK_DH_RSA_WITH_SEED_SHA                    0x03000098
+# define TLS1_CK_DHE_DSS_WITH_SEED_SHA                   0x03000099
+# define TLS1_CK_DHE_RSA_WITH_SEED_SHA                   0x0300009A
+# define TLS1_CK_ADH_WITH_SEED_SHA                       0x0300009B
+
+/* TLS v1.2 GCM ciphersuites from RFC5288 */
+# define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256             0x0300009C
+# define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384             0x0300009D
+# define TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256         0x0300009E
+# define TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384         0x0300009F
+# define TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256          0x030000A0
+# define TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384          0x030000A1
+# define TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256         0x030000A2
+# define TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384         0x030000A3
+# define TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256          0x030000A4
+# define TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384          0x030000A5
+# define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256             0x030000A6
+# define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384             0x030000A7
+
+/* CCM ciphersuites from RFC6655 */
+# define TLS1_CK_RSA_WITH_AES_128_CCM                    0x0300C09C
+# define TLS1_CK_RSA_WITH_AES_256_CCM                    0x0300C09D
+# define TLS1_CK_DHE_RSA_WITH_AES_128_CCM                0x0300C09E
+# define TLS1_CK_DHE_RSA_WITH_AES_256_CCM                0x0300C09F
+# define TLS1_CK_RSA_WITH_AES_128_CCM_8                  0x0300C0A0
+# define TLS1_CK_RSA_WITH_AES_256_CCM_8                  0x0300C0A1
+# define TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8              0x0300C0A2
+# define TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8              0x0300C0A3
+# define TLS1_CK_PSK_WITH_AES_128_CCM                    0x0300C0A4
+# define TLS1_CK_PSK_WITH_AES_256_CCM                    0x0300C0A5
+# define TLS1_CK_DHE_PSK_WITH_AES_128_CCM                0x0300C0A6
+# define TLS1_CK_DHE_PSK_WITH_AES_256_CCM                0x0300C0A7
+# define TLS1_CK_PSK_WITH_AES_128_CCM_8                  0x0300C0A8
+# define TLS1_CK_PSK_WITH_AES_256_CCM_8                  0x0300C0A9
+# define TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8              0x0300C0AA
+# define TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8              0x0300C0AB
+
+/* CCM ciphersuites from RFC7251 */
+# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM            0x0300C0AC
+# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM            0x0300C0AD
+# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8          0x0300C0AE
+# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8          0x0300C0AF
+
+/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */
+# define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256                0x030000BA
+# define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256             0x030000BB
+# define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256             0x030000BC
+# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256            0x030000BD
+# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256            0x030000BE
+# define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256                0x030000BF
+
+# define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256                0x030000C0
+# define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256             0x030000C1
+# define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256             0x030000C2
+# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256            0x030000C3
+# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256            0x030000C4
+# define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256                0x030000C5
+
+/* ECC ciphersuites from RFC4492 */
+# define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA                0x0300C001
+# define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA             0x0300C002
+# define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA        0x0300C003
+# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA         0x0300C004
+# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA         0x0300C005
+
+# define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA               0x0300C006
+# define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA            0x0300C007
+# define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA       0x0300C008
+# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA        0x0300C009
+# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA        0x0300C00A
+
+# define TLS1_CK_ECDH_RSA_WITH_NULL_SHA                  0x0300C00B
+# define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA               0x0300C00C
+# define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA          0x0300C00D
+# define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA           0x0300C00E
+# define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA           0x0300C00F
+
+# define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA                 0x0300C010
+# define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA              0x0300C011
+# define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA         0x0300C012
+# define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA          0x0300C013
+# define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA          0x0300C014
+
+# define TLS1_CK_ECDH_anon_WITH_NULL_SHA                 0x0300C015
+# define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA              0x0300C016
+# define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA         0x0300C017
+# define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA          0x0300C018
+# define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA          0x0300C019
+
+/* SRP ciphersuites from RFC 5054 */
+# define TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA           0x0300C01A
+# define TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA       0x0300C01B
+# define TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA       0x0300C01C
+# define TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA            0x0300C01D
+# define TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA        0x0300C01E
+# define TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA        0x0300C01F
+# define TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA            0x0300C020
+# define TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA        0x0300C021
+# define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA        0x0300C022
+
+/* ECDH HMAC based ciphersuites from RFC5289 */
+# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256         0x0300C023
+# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384         0x0300C024
+# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256          0x0300C025
+# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384          0x0300C026
+# define TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256           0x0300C027
+# define TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384           0x0300C028
+# define TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256            0x0300C029
+# define TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384            0x0300C02A
+
+/* ECDH GCM based ciphersuites from RFC5289 */
+# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256     0x0300C02B
+# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384     0x0300C02C
+# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256      0x0300C02D
+# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384      0x0300C02E
+# define TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256       0x0300C02F
+# define TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384       0x0300C030
+# define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256        0x0300C031
+# define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384        0x0300C032
+
+/* ECDHE PSK ciphersuites from RFC5489 */
+# define TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA              0x0300C033
+# define TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA         0x0300C034
+# define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA          0x0300C035
+# define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA          0x0300C036
+
+# define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256       0x0300C037
+# define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384       0x0300C038
+
+/* NULL PSK ciphersuites from RFC4785 */
+# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA                 0x0300C039
+# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256              0x0300C03A
+# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384              0x0300C03B
+
+/* Camellia-CBC ciphersuites from RFC6367 */
+# define TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C072
+# define TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C073
+# define TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256  0x0300C074
+# define TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384  0x0300C075
+# define TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256   0x0300C076
+# define TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384   0x0300C077
+# define TLS1_CK_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256    0x0300C078
+# define TLS1_CK_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384    0x0300C079
+
+# define TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256         0x0300C094
+# define TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384         0x0300C095
+# define TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256     0x0300C096
+# define TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384     0x0300C097
+# define TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256     0x0300C098
+# define TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384     0x0300C099
+# define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256   0x0300C09A
+# define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384   0x0300C09B
+
+/* draft-ietf-tls-chacha20-poly1305-03 */
+# define TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305         0x0300CCA8
+# define TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305       0x0300CCA9
+# define TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305           0x0300CCAA
+# define TLS1_CK_PSK_WITH_CHACHA20_POLY1305               0x0300CCAB
+# define TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305         0x0300CCAC
+# define TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305           0x0300CCAD
+# define TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305           0x0300CCAE
+
+/* TLS v1.3 ciphersuites */
+# define TLS1_3_CK_AES_128_GCM_SHA256                     0x03001301
+# define TLS1_3_CK_AES_256_GCM_SHA384                     0x03001302
+# define TLS1_3_CK_CHACHA20_POLY1305_SHA256               0x03001303
+# define TLS1_3_CK_AES_128_CCM_SHA256                     0x03001304
+# define TLS1_3_CK_AES_128_CCM_8_SHA256                   0x03001305
+
+/* Aria ciphersuites from RFC6209 */
+# define TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256             0x0300C050
+# define TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384             0x0300C051
+# define TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256         0x0300C052
+# define TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384         0x0300C053
+# define TLS1_CK_DH_RSA_WITH_ARIA_128_GCM_SHA256          0x0300C054
+# define TLS1_CK_DH_RSA_WITH_ARIA_256_GCM_SHA384          0x0300C055
+# define TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256         0x0300C056
+# define TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384         0x0300C057
+# define TLS1_CK_DH_DSS_WITH_ARIA_128_GCM_SHA256          0x0300C058
+# define TLS1_CK_DH_DSS_WITH_ARIA_256_GCM_SHA384          0x0300C059
+# define TLS1_CK_DH_anon_WITH_ARIA_128_GCM_SHA256         0x0300C05A
+# define TLS1_CK_DH_anon_WITH_ARIA_256_GCM_SHA384         0x0300C05B
+# define TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256     0x0300C05C
+# define TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384     0x0300C05D
+# define TLS1_CK_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256      0x0300C05E
+# define TLS1_CK_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384      0x0300C05F
+# define TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256       0x0300C060
+# define TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384       0x0300C061
+# define TLS1_CK_ECDH_RSA_WITH_ARIA_128_GCM_SHA256        0x0300C062
+# define TLS1_CK_ECDH_RSA_WITH_ARIA_256_GCM_SHA384        0x0300C063
+# define TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256             0x0300C06A
+# define TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384             0x0300C06B
+# define TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256         0x0300C06C
+# define TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384         0x0300C06D
+# define TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256         0x0300C06E
+# define TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384         0x0300C06F
+
+/* a bundle of RFC standard cipher names, generated from ssl3_ciphers[] */
+# define TLS1_RFC_RSA_WITH_AES_128_SHA                   "TLS_RSA_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_DHE_DSS_WITH_AES_128_SHA               "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_DHE_RSA_WITH_AES_128_SHA               "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_ADH_WITH_AES_128_SHA                   "TLS_DH_anon_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_RSA_WITH_AES_256_SHA                   "TLS_RSA_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_DHE_DSS_WITH_AES_256_SHA               "TLS_DHE_DSS_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_DHE_RSA_WITH_AES_256_SHA               "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_ADH_WITH_AES_256_SHA                   "TLS_DH_anon_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_RSA_WITH_NULL_SHA256                   "TLS_RSA_WITH_NULL_SHA256"
+# define TLS1_RFC_RSA_WITH_AES_128_SHA256                "TLS_RSA_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_RSA_WITH_AES_256_SHA256                "TLS_RSA_WITH_AES_256_CBC_SHA256"
+# define TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256            "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256            "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256            "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"
+# define TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256            "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"
+# define TLS1_RFC_ADH_WITH_AES_128_SHA256                "TLS_DH_anon_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_ADH_WITH_AES_256_SHA256                "TLS_DH_anon_WITH_AES_256_CBC_SHA256"
+# define TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256            "TLS_RSA_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384            "TLS_RSA_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256        "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384        "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256        "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384        "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256            "TLS_DH_anon_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384            "TLS_DH_anon_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_RSA_WITH_AES_128_CCM                   "TLS_RSA_WITH_AES_128_CCM"
+# define TLS1_RFC_RSA_WITH_AES_256_CCM                   "TLS_RSA_WITH_AES_256_CCM"
+# define TLS1_RFC_DHE_RSA_WITH_AES_128_CCM               "TLS_DHE_RSA_WITH_AES_128_CCM"
+# define TLS1_RFC_DHE_RSA_WITH_AES_256_CCM               "TLS_DHE_RSA_WITH_AES_256_CCM"
+# define TLS1_RFC_RSA_WITH_AES_128_CCM_8                 "TLS_RSA_WITH_AES_128_CCM_8"
+# define TLS1_RFC_RSA_WITH_AES_256_CCM_8                 "TLS_RSA_WITH_AES_256_CCM_8"
+# define TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8             "TLS_DHE_RSA_WITH_AES_128_CCM_8"
+# define TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8             "TLS_DHE_RSA_WITH_AES_256_CCM_8"
+# define TLS1_RFC_PSK_WITH_AES_128_CCM                   "TLS_PSK_WITH_AES_128_CCM"
+# define TLS1_RFC_PSK_WITH_AES_256_CCM                   "TLS_PSK_WITH_AES_256_CCM"
+# define TLS1_RFC_DHE_PSK_WITH_AES_128_CCM               "TLS_DHE_PSK_WITH_AES_128_CCM"
+# define TLS1_RFC_DHE_PSK_WITH_AES_256_CCM               "TLS_DHE_PSK_WITH_AES_256_CCM"
+# define TLS1_RFC_PSK_WITH_AES_128_CCM_8                 "TLS_PSK_WITH_AES_128_CCM_8"
+# define TLS1_RFC_PSK_WITH_AES_256_CCM_8                 "TLS_PSK_WITH_AES_256_CCM_8"
+# define TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8             "TLS_PSK_DHE_WITH_AES_128_CCM_8"
+# define TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8             "TLS_PSK_DHE_WITH_AES_256_CCM_8"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM           "TLS_ECDHE_ECDSA_WITH_AES_128_CCM"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM           "TLS_ECDHE_ECDSA_WITH_AES_256_CCM"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8         "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8         "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8"
+# define TLS1_3_RFC_AES_128_GCM_SHA256                   "TLS_AES_128_GCM_SHA256"
+# define TLS1_3_RFC_AES_256_GCM_SHA384                   "TLS_AES_256_GCM_SHA384"
+# define TLS1_3_RFC_CHACHA20_POLY1305_SHA256             "TLS_CHACHA20_POLY1305_SHA256"
+# define TLS1_3_RFC_AES_128_CCM_SHA256                   "TLS_AES_128_CCM_SHA256"
+# define TLS1_3_RFC_AES_128_CCM_8_SHA256                 "TLS_AES_128_CCM_8_SHA256"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA              "TLS_ECDHE_ECDSA_WITH_NULL_SHA"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA      "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA       "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA       "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA                "TLS_ECDHE_RSA_WITH_NULL_SHA"
+# define TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA        "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA         "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA         "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_ECDH_anon_WITH_NULL_SHA                "TLS_ECDH_anon_WITH_NULL_SHA"
+# define TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA        "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA         "TLS_ECDH_anon_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA         "TLS_ECDH_anon_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256        "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384        "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"
+# define TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256          "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384          "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256    "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384    "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256      "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384      "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_PSK_WITH_NULL_SHA                      "TLS_PSK_WITH_NULL_SHA"
+# define TLS1_RFC_DHE_PSK_WITH_NULL_SHA                  "TLS_DHE_PSK_WITH_NULL_SHA"
+# define TLS1_RFC_RSA_PSK_WITH_NULL_SHA                  "TLS_RSA_PSK_WITH_NULL_SHA"
+# define TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA              "TLS_PSK_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_PSK_WITH_AES_128_CBC_SHA               "TLS_PSK_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_PSK_WITH_AES_256_CBC_SHA               "TLS_PSK_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA          "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA           "TLS_DHE_PSK_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA           "TLS_DHE_PSK_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA          "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA           "TLS_RSA_PSK_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA           "TLS_RSA_PSK_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256            "TLS_PSK_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384            "TLS_PSK_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256        "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384        "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256        "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384        "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256            "TLS_PSK_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384            "TLS_PSK_WITH_AES_256_CBC_SHA384"
+# define TLS1_RFC_PSK_WITH_NULL_SHA256                   "TLS_PSK_WITH_NULL_SHA256"
+# define TLS1_RFC_PSK_WITH_NULL_SHA384                   "TLS_PSK_WITH_NULL_SHA384"
+# define TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256        "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384        "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384"
+# define TLS1_RFC_DHE_PSK_WITH_NULL_SHA256               "TLS_DHE_PSK_WITH_NULL_SHA256"
+# define TLS1_RFC_DHE_PSK_WITH_NULL_SHA384               "TLS_DHE_PSK_WITH_NULL_SHA384"
+# define TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256        "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384        "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384"
+# define TLS1_RFC_RSA_PSK_WITH_NULL_SHA256               "TLS_RSA_PSK_WITH_NULL_SHA256"
+# define TLS1_RFC_RSA_PSK_WITH_NULL_SHA384               "TLS_RSA_PSK_WITH_NULL_SHA384"
+# define TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA        "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA         "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA         "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256      "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384      "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384"
+# define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA                "TLS_ECDHE_PSK_WITH_NULL_SHA"
+# define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256             "TLS_ECDHE_PSK_WITH_NULL_SHA256"
+# define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384             "TLS_ECDHE_PSK_WITH_NULL_SHA384"
+# define TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA          "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA      "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA      "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA           "TLS_SRP_SHA_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA       "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA       "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA           "TLS_SRP_SHA_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA       "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA       "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305         "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"
+# define TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305       "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305     "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"
+# define TLS1_RFC_PSK_WITH_CHACHA20_POLY1305             "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256"
+# define TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305       "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256"
+# define TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305         "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256"
+# define TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305         "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256"
+# define TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256       "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256   "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256   "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256       "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256       "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256"
+# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256   "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256"
+# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256   "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256"
+# define TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256       "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256"
+# define TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA          "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA"
+# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA      "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA"
+# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA      "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA"
+# define TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA          "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA"
+# define TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA          "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA"
+# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA      "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA"
+# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA      "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA"
+# define TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA          "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384"
+# define TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384"
+# define TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256       "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384       "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384"
+# define TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256   "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384   "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"
+# define TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256   "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384   "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384"
+# define TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"
+# define TLS1_RFC_RSA_WITH_SEED_SHA                      "TLS_RSA_WITH_SEED_CBC_SHA"
+# define TLS1_RFC_DHE_DSS_WITH_SEED_SHA                  "TLS_DHE_DSS_WITH_SEED_CBC_SHA"
+# define TLS1_RFC_DHE_RSA_WITH_SEED_SHA                  "TLS_DHE_RSA_WITH_SEED_CBC_SHA"
+# define TLS1_RFC_ADH_WITH_SEED_SHA                      "TLS_DH_anon_WITH_SEED_CBC_SHA"
+# define TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA             "TLS_ECDHE_PSK_WITH_RC4_128_SHA"
+# define TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA             "TLS_ECDH_anon_WITH_RC4_128_SHA"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA           "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"
+# define TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA             "TLS_ECDHE_RSA_WITH_RC4_128_SHA"
+# define TLS1_RFC_PSK_WITH_RC4_128_SHA                   "TLS_PSK_WITH_RC4_128_SHA"
+# define TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA               "TLS_RSA_PSK_WITH_RC4_128_SHA"
+# define TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA               "TLS_DHE_PSK_WITH_RC4_128_SHA"
+# define TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256           "TLS_RSA_WITH_ARIA_128_GCM_SHA256"
+# define TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384           "TLS_RSA_WITH_ARIA_256_GCM_SHA384"
+# define TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256       "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256"
+# define TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384       "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384"
+# define TLS1_RFC_DH_RSA_WITH_ARIA_128_GCM_SHA256        "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256"
+# define TLS1_RFC_DH_RSA_WITH_ARIA_256_GCM_SHA384        "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384"
+# define TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256       "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256"
+# define TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384       "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384"
+# define TLS1_RFC_DH_DSS_WITH_ARIA_128_GCM_SHA256        "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256"
+# define TLS1_RFC_DH_DSS_WITH_ARIA_256_GCM_SHA384        "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384"
+# define TLS1_RFC_DH_anon_WITH_ARIA_128_GCM_SHA256       "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256"
+# define TLS1_RFC_DH_anon_WITH_ARIA_256_GCM_SHA384       "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256   "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384   "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384"
+# define TLS1_RFC_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256    "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256"
+# define TLS1_RFC_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384    "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384"
+# define TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256     "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256"
+# define TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384     "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384"
+# define TLS1_RFC_ECDH_RSA_WITH_ARIA_128_GCM_SHA256      "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256"
+# define TLS1_RFC_ECDH_RSA_WITH_ARIA_256_GCM_SHA384      "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384"
+# define TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256           "TLS_PSK_WITH_ARIA_128_GCM_SHA256"
+# define TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384           "TLS_PSK_WITH_ARIA_256_GCM_SHA384"
+# define TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256       "TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256"
+# define TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384       "TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384"
+# define TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256       "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256"
+# define TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384       "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384"
+
+
+/*
+ * XXX Backward compatibility alert: Older versions of OpenSSL gave some DHE
+ * ciphers names with "EDH" instead of "DHE".  Going forward, we should be
+ * using DHE everywhere, though we may indefinitely maintain aliases for
+ * users or configurations that used "EDH"
+ */
+# define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA               "DHE-DSS-RC4-SHA"
+
+# define TLS1_TXT_PSK_WITH_NULL_SHA                      "PSK-NULL-SHA"
+# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA                  "DHE-PSK-NULL-SHA"
+# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA                  "RSA-PSK-NULL-SHA"
+
+/* AES ciphersuites from RFC3268 */
+# define TLS1_TXT_RSA_WITH_AES_128_SHA                   "AES128-SHA"
+# define TLS1_TXT_DH_DSS_WITH_AES_128_SHA                "DH-DSS-AES128-SHA"
+# define TLS1_TXT_DH_RSA_WITH_AES_128_SHA                "DH-RSA-AES128-SHA"
+# define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA               "DHE-DSS-AES128-SHA"
+# define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA               "DHE-RSA-AES128-SHA"
+# define TLS1_TXT_ADH_WITH_AES_128_SHA                   "ADH-AES128-SHA"
+
+# define TLS1_TXT_RSA_WITH_AES_256_SHA                   "AES256-SHA"
+# define TLS1_TXT_DH_DSS_WITH_AES_256_SHA                "DH-DSS-AES256-SHA"
+# define TLS1_TXT_DH_RSA_WITH_AES_256_SHA                "DH-RSA-AES256-SHA"
+# define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA               "DHE-DSS-AES256-SHA"
+# define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA               "DHE-RSA-AES256-SHA"
+# define TLS1_TXT_ADH_WITH_AES_256_SHA                   "ADH-AES256-SHA"
+
+/* ECC ciphersuites from RFC4492 */
+# define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA               "ECDH-ECDSA-NULL-SHA"
+# define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA            "ECDH-ECDSA-RC4-SHA"
+# define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA       "ECDH-ECDSA-DES-CBC3-SHA"
+# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA        "ECDH-ECDSA-AES128-SHA"
+# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA        "ECDH-ECDSA-AES256-SHA"
+
+# define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA              "ECDHE-ECDSA-NULL-SHA"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA           "ECDHE-ECDSA-RC4-SHA"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA      "ECDHE-ECDSA-DES-CBC3-SHA"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA       "ECDHE-ECDSA-AES128-SHA"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA       "ECDHE-ECDSA-AES256-SHA"
+
+# define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA                 "ECDH-RSA-NULL-SHA"
+# define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA              "ECDH-RSA-RC4-SHA"
+# define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA         "ECDH-RSA-DES-CBC3-SHA"
+# define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA          "ECDH-RSA-AES128-SHA"
+# define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA          "ECDH-RSA-AES256-SHA"
+
+# define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA                "ECDHE-RSA-NULL-SHA"
+# define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA             "ECDHE-RSA-RC4-SHA"
+# define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA        "ECDHE-RSA-DES-CBC3-SHA"
+# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA         "ECDHE-RSA-AES128-SHA"
+# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA         "ECDHE-RSA-AES256-SHA"
+
+# define TLS1_TXT_ECDH_anon_WITH_NULL_SHA                "AECDH-NULL-SHA"
+# define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA             "AECDH-RC4-SHA"
+# define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA        "AECDH-DES-CBC3-SHA"
+# define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA         "AECDH-AES128-SHA"
+# define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA         "AECDH-AES256-SHA"
+
+/* PSK ciphersuites from RFC 4279 */
+# define TLS1_TXT_PSK_WITH_RC4_128_SHA                   "PSK-RC4-SHA"
+# define TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA              "PSK-3DES-EDE-CBC-SHA"
+# define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA               "PSK-AES128-CBC-SHA"
+# define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA               "PSK-AES256-CBC-SHA"
+
+# define TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA               "DHE-PSK-RC4-SHA"
+# define TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA          "DHE-PSK-3DES-EDE-CBC-SHA"
+# define TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA           "DHE-PSK-AES128-CBC-SHA"
+# define TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA           "DHE-PSK-AES256-CBC-SHA"
+# define TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA               "RSA-PSK-RC4-SHA"
+# define TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA          "RSA-PSK-3DES-EDE-CBC-SHA"
+# define TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA           "RSA-PSK-AES128-CBC-SHA"
+# define TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA           "RSA-PSK-AES256-CBC-SHA"
+
+/* PSK ciphersuites from RFC 5487 */
+# define TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256            "PSK-AES128-GCM-SHA256"
+# define TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384            "PSK-AES256-GCM-SHA384"
+# define TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256        "DHE-PSK-AES128-GCM-SHA256"
+# define TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384        "DHE-PSK-AES256-GCM-SHA384"
+# define TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256        "RSA-PSK-AES128-GCM-SHA256"
+# define TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384        "RSA-PSK-AES256-GCM-SHA384"
+
+# define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256            "PSK-AES128-CBC-SHA256"
+# define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384            "PSK-AES256-CBC-SHA384"
+# define TLS1_TXT_PSK_WITH_NULL_SHA256                   "PSK-NULL-SHA256"
+# define TLS1_TXT_PSK_WITH_NULL_SHA384                   "PSK-NULL-SHA384"
+
+# define TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256        "DHE-PSK-AES128-CBC-SHA256"
+# define TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384        "DHE-PSK-AES256-CBC-SHA384"
+# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA256               "DHE-PSK-NULL-SHA256"
+# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA384               "DHE-PSK-NULL-SHA384"
+
+# define TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256        "RSA-PSK-AES128-CBC-SHA256"
+# define TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384        "RSA-PSK-AES256-CBC-SHA384"
+# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA256               "RSA-PSK-NULL-SHA256"
+# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA384               "RSA-PSK-NULL-SHA384"
+
+/* SRP ciphersuite from RFC 5054 */
+# define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA          "SRP-3DES-EDE-CBC-SHA"
+# define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA      "SRP-RSA-3DES-EDE-CBC-SHA"
+# define TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA      "SRP-DSS-3DES-EDE-CBC-SHA"
+# define TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA           "SRP-AES-128-CBC-SHA"
+# define TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA       "SRP-RSA-AES-128-CBC-SHA"
+# define TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA       "SRP-DSS-AES-128-CBC-SHA"
+# define TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA           "SRP-AES-256-CBC-SHA"
+# define TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA       "SRP-RSA-AES-256-CBC-SHA"
+# define TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA       "SRP-DSS-AES-256-CBC-SHA"
+
+/* Camellia ciphersuites from RFC4132 */
+# define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA          "CAMELLIA128-SHA"
+# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA       "DH-DSS-CAMELLIA128-SHA"
+# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA       "DH-RSA-CAMELLIA128-SHA"
+# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA      "DHE-DSS-CAMELLIA128-SHA"
+# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA      "DHE-RSA-CAMELLIA128-SHA"
+# define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA          "ADH-CAMELLIA128-SHA"
+
+# define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA          "CAMELLIA256-SHA"
+# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA       "DH-DSS-CAMELLIA256-SHA"
+# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA       "DH-RSA-CAMELLIA256-SHA"
+# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA      "DHE-DSS-CAMELLIA256-SHA"
+# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA      "DHE-RSA-CAMELLIA256-SHA"
+# define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA          "ADH-CAMELLIA256-SHA"
+
+/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */
+# define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256               "CAMELLIA128-SHA256"
+# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256            "DH-DSS-CAMELLIA128-SHA256"
+# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256            "DH-RSA-CAMELLIA128-SHA256"
+# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256           "DHE-DSS-CAMELLIA128-SHA256"
+# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256           "DHE-RSA-CAMELLIA128-SHA256"
+# define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256               "ADH-CAMELLIA128-SHA256"
+
+# define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256               "CAMELLIA256-SHA256"
+# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256            "DH-DSS-CAMELLIA256-SHA256"
+# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256            "DH-RSA-CAMELLIA256-SHA256"
+# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256           "DHE-DSS-CAMELLIA256-SHA256"
+# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256           "DHE-RSA-CAMELLIA256-SHA256"
+# define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256               "ADH-CAMELLIA256-SHA256"
+
+# define TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256               "PSK-CAMELLIA128-SHA256"
+# define TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384               "PSK-CAMELLIA256-SHA384"
+# define TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256           "DHE-PSK-CAMELLIA128-SHA256"
+# define TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384           "DHE-PSK-CAMELLIA256-SHA384"
+# define TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256           "RSA-PSK-CAMELLIA128-SHA256"
+# define TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384           "RSA-PSK-CAMELLIA256-SHA384"
+# define TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256         "ECDHE-PSK-CAMELLIA128-SHA256"
+# define TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384         "ECDHE-PSK-CAMELLIA256-SHA384"
+
+/* SEED ciphersuites from RFC4162 */
+# define TLS1_TXT_RSA_WITH_SEED_SHA                      "SEED-SHA"
+# define TLS1_TXT_DH_DSS_WITH_SEED_SHA                   "DH-DSS-SEED-SHA"
+# define TLS1_TXT_DH_RSA_WITH_SEED_SHA                   "DH-RSA-SEED-SHA"
+# define TLS1_TXT_DHE_DSS_WITH_SEED_SHA                  "DHE-DSS-SEED-SHA"
+# define TLS1_TXT_DHE_RSA_WITH_SEED_SHA                  "DHE-RSA-SEED-SHA"
+# define TLS1_TXT_ADH_WITH_SEED_SHA                      "ADH-SEED-SHA"
+
+/* TLS v1.2 ciphersuites */
+# define TLS1_TXT_RSA_WITH_NULL_SHA256                   "NULL-SHA256"
+# define TLS1_TXT_RSA_WITH_AES_128_SHA256                "AES128-SHA256"
+# define TLS1_TXT_RSA_WITH_AES_256_SHA256                "AES256-SHA256"
+# define TLS1_TXT_DH_DSS_WITH_AES_128_SHA256             "DH-DSS-AES128-SHA256"
+# define TLS1_TXT_DH_RSA_WITH_AES_128_SHA256             "DH-RSA-AES128-SHA256"
+# define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256            "DHE-DSS-AES128-SHA256"
+# define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256            "DHE-RSA-AES128-SHA256"
+# define TLS1_TXT_DH_DSS_WITH_AES_256_SHA256             "DH-DSS-AES256-SHA256"
+# define TLS1_TXT_DH_RSA_WITH_AES_256_SHA256             "DH-RSA-AES256-SHA256"
+# define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256            "DHE-DSS-AES256-SHA256"
+# define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256            "DHE-RSA-AES256-SHA256"
+# define TLS1_TXT_ADH_WITH_AES_128_SHA256                "ADH-AES128-SHA256"
+# define TLS1_TXT_ADH_WITH_AES_256_SHA256                "ADH-AES256-SHA256"
+
+/* TLS v1.2 GCM ciphersuites from RFC5288 */
+# define TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256            "AES128-GCM-SHA256"
+# define TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384            "AES256-GCM-SHA384"
+# define TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256        "DHE-RSA-AES128-GCM-SHA256"
+# define TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384        "DHE-RSA-AES256-GCM-SHA384"
+# define TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256         "DH-RSA-AES128-GCM-SHA256"
+# define TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384         "DH-RSA-AES256-GCM-SHA384"
+# define TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256        "DHE-DSS-AES128-GCM-SHA256"
+# define TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384        "DHE-DSS-AES256-GCM-SHA384"
+# define TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256         "DH-DSS-AES128-GCM-SHA256"
+# define TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384         "DH-DSS-AES256-GCM-SHA384"
+# define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256            "ADH-AES128-GCM-SHA256"
+# define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384            "ADH-AES256-GCM-SHA384"
+
+/* CCM ciphersuites from RFC6655 */
+# define TLS1_TXT_RSA_WITH_AES_128_CCM                   "AES128-CCM"
+# define TLS1_TXT_RSA_WITH_AES_256_CCM                   "AES256-CCM"
+# define TLS1_TXT_DHE_RSA_WITH_AES_128_CCM               "DHE-RSA-AES128-CCM"
+# define TLS1_TXT_DHE_RSA_WITH_AES_256_CCM               "DHE-RSA-AES256-CCM"
+
+# define TLS1_TXT_RSA_WITH_AES_128_CCM_8                 "AES128-CCM8"
+# define TLS1_TXT_RSA_WITH_AES_256_CCM_8                 "AES256-CCM8"
+# define TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8             "DHE-RSA-AES128-CCM8"
+# define TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8             "DHE-RSA-AES256-CCM8"
+
+# define TLS1_TXT_PSK_WITH_AES_128_CCM                   "PSK-AES128-CCM"
+# define TLS1_TXT_PSK_WITH_AES_256_CCM                   "PSK-AES256-CCM"
+# define TLS1_TXT_DHE_PSK_WITH_AES_128_CCM               "DHE-PSK-AES128-CCM"
+# define TLS1_TXT_DHE_PSK_WITH_AES_256_CCM               "DHE-PSK-AES256-CCM"
+
+# define TLS1_TXT_PSK_WITH_AES_128_CCM_8                 "PSK-AES128-CCM8"
+# define TLS1_TXT_PSK_WITH_AES_256_CCM_8                 "PSK-AES256-CCM8"
+# define TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8             "DHE-PSK-AES128-CCM8"
+# define TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8             "DHE-PSK-AES256-CCM8"
+
+/* CCM ciphersuites from RFC7251 */
+# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM       "ECDHE-ECDSA-AES128-CCM"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM       "ECDHE-ECDSA-AES256-CCM"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8     "ECDHE-ECDSA-AES128-CCM8"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8     "ECDHE-ECDSA-AES256-CCM8"
+
+/* ECDH HMAC based ciphersuites from RFC5289 */
+# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256    "ECDHE-ECDSA-AES128-SHA256"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384    "ECDHE-ECDSA-AES256-SHA384"
+# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256     "ECDH-ECDSA-AES128-SHA256"
+# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384     "ECDH-ECDSA-AES256-SHA384"
+# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256      "ECDHE-RSA-AES128-SHA256"
+# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384      "ECDHE-RSA-AES256-SHA384"
+# define TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256       "ECDH-RSA-AES128-SHA256"
+# define TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384       "ECDH-RSA-AES256-SHA384"
+
+/* ECDH GCM based ciphersuites from RFC5289 */
+# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256    "ECDHE-ECDSA-AES128-GCM-SHA256"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384    "ECDHE-ECDSA-AES256-GCM-SHA384"
+# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256     "ECDH-ECDSA-AES128-GCM-SHA256"
+# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384     "ECDH-ECDSA-AES256-GCM-SHA384"
+# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256      "ECDHE-RSA-AES128-GCM-SHA256"
+# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384      "ECDHE-RSA-AES256-GCM-SHA384"
+# define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256       "ECDH-RSA-AES128-GCM-SHA256"
+# define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384       "ECDH-RSA-AES256-GCM-SHA384"
+
+/* TLS v1.2 PSK GCM ciphersuites from RFC5487 */
+# define TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256            "PSK-AES128-GCM-SHA256"
+# define TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384            "PSK-AES256-GCM-SHA384"
+
+/* ECDHE PSK ciphersuites from RFC 5489 */
+# define TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA               "ECDHE-PSK-RC4-SHA"
+# define TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA          "ECDHE-PSK-3DES-EDE-CBC-SHA"
+# define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA           "ECDHE-PSK-AES128-CBC-SHA"
+# define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA           "ECDHE-PSK-AES256-CBC-SHA"
+
+# define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256        "ECDHE-PSK-AES128-CBC-SHA256"
+# define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384        "ECDHE-PSK-AES256-CBC-SHA384"
+
+# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA                  "ECDHE-PSK-NULL-SHA"
+# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256               "ECDHE-PSK-NULL-SHA256"
+# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384               "ECDHE-PSK-NULL-SHA384"
+
+/* Camellia-CBC ciphersuites from RFC6367 */
+# define TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-ECDSA-CAMELLIA128-SHA256"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-ECDSA-CAMELLIA256-SHA384"
+# define TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256  "ECDH-ECDSA-CAMELLIA128-SHA256"
+# define TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384  "ECDH-ECDSA-CAMELLIA256-SHA384"
+# define TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256   "ECDHE-RSA-CAMELLIA128-SHA256"
+# define TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384   "ECDHE-RSA-CAMELLIA256-SHA384"
+# define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256    "ECDH-RSA-CAMELLIA128-SHA256"
+# define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384    "ECDH-RSA-CAMELLIA256-SHA384"
+
+/* draft-ietf-tls-chacha20-poly1305-03 */
+# define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305         "ECDHE-RSA-CHACHA20-POLY1305"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305       "ECDHE-ECDSA-CHACHA20-POLY1305"
+# define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305           "DHE-RSA-CHACHA20-POLY1305"
+# define TLS1_TXT_PSK_WITH_CHACHA20_POLY1305               "PSK-CHACHA20-POLY1305"
+# define TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305         "ECDHE-PSK-CHACHA20-POLY1305"
+# define TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305           "DHE-PSK-CHACHA20-POLY1305"
+# define TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305           "RSA-PSK-CHACHA20-POLY1305"
+
+/* Aria ciphersuites from RFC6209 */
+# define TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256             "ARIA128-GCM-SHA256"
+# define TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384             "ARIA256-GCM-SHA384"
+# define TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256         "DHE-RSA-ARIA128-GCM-SHA256"
+# define TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384         "DHE-RSA-ARIA256-GCM-SHA384"
+# define TLS1_TXT_DH_RSA_WITH_ARIA_128_GCM_SHA256          "DH-RSA-ARIA128-GCM-SHA256"
+# define TLS1_TXT_DH_RSA_WITH_ARIA_256_GCM_SHA384          "DH-RSA-ARIA256-GCM-SHA384"
+# define TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256         "DHE-DSS-ARIA128-GCM-SHA256"
+# define TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384         "DHE-DSS-ARIA256-GCM-SHA384"
+# define TLS1_TXT_DH_DSS_WITH_ARIA_128_GCM_SHA256          "DH-DSS-ARIA128-GCM-SHA256"
+# define TLS1_TXT_DH_DSS_WITH_ARIA_256_GCM_SHA384          "DH-DSS-ARIA256-GCM-SHA384"
+# define TLS1_TXT_DH_anon_WITH_ARIA_128_GCM_SHA256         "ADH-ARIA128-GCM-SHA256"
+# define TLS1_TXT_DH_anon_WITH_ARIA_256_GCM_SHA384         "ADH-ARIA256-GCM-SHA384"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256     "ECDHE-ECDSA-ARIA128-GCM-SHA256"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384     "ECDHE-ECDSA-ARIA256-GCM-SHA384"
+# define TLS1_TXT_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256      "ECDH-ECDSA-ARIA128-GCM-SHA256"
+# define TLS1_TXT_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384      "ECDH-ECDSA-ARIA256-GCM-SHA384"
+# define TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256       "ECDHE-ARIA128-GCM-SHA256"
+# define TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384       "ECDHE-ARIA256-GCM-SHA384"
+# define TLS1_TXT_ECDH_RSA_WITH_ARIA_128_GCM_SHA256        "ECDH-ARIA128-GCM-SHA256"
+# define TLS1_TXT_ECDH_RSA_WITH_ARIA_256_GCM_SHA384        "ECDH-ARIA256-GCM-SHA384"
+# define TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256             "PSK-ARIA128-GCM-SHA256"
+# define TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384             "PSK-ARIA256-GCM-SHA384"
+# define TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256         "DHE-PSK-ARIA128-GCM-SHA256"
+# define TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384         "DHE-PSK-ARIA256-GCM-SHA384"
+# define TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256         "RSA-PSK-ARIA128-GCM-SHA256"
+# define TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384         "RSA-PSK-ARIA256-GCM-SHA384"
+
+# define TLS_CT_RSA_SIGN                 1
+# define TLS_CT_DSS_SIGN                 2
+# define TLS_CT_RSA_FIXED_DH             3
+# define TLS_CT_DSS_FIXED_DH             4
+# define TLS_CT_ECDSA_SIGN               64
+# define TLS_CT_RSA_FIXED_ECDH           65
+# define TLS_CT_ECDSA_FIXED_ECDH         66
+# define TLS_CT_GOST01_SIGN              22
+# define TLS_CT_GOST12_SIGN              238
+# define TLS_CT_GOST12_512_SIGN          239
+
+/*
+ * when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see
+ * comment there)
+ */
+# define TLS_CT_NUMBER                   10
+
+# if defined(SSL3_CT_NUMBER)
+#  if TLS_CT_NUMBER != SSL3_CT_NUMBER
+#    error "SSL/TLS CT_NUMBER values do not match"
+#  endif
+# endif
+
+# define TLS1_FINISH_MAC_LENGTH          12
+
+# define TLS_MD_MAX_CONST_SIZE                   22
+# define TLS_MD_CLIENT_FINISH_CONST              "client finished"
+# define TLS_MD_CLIENT_FINISH_CONST_SIZE         15
+# define TLS_MD_SERVER_FINISH_CONST              "server finished"
+# define TLS_MD_SERVER_FINISH_CONST_SIZE         15
+# define TLS_MD_KEY_EXPANSION_CONST              "key expansion"
+# define TLS_MD_KEY_EXPANSION_CONST_SIZE         13
+# define TLS_MD_CLIENT_WRITE_KEY_CONST           "client write key"
+# define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE      16
+# define TLS_MD_SERVER_WRITE_KEY_CONST           "server write key"
+# define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE      16
+# define TLS_MD_IV_BLOCK_CONST                   "IV block"
+# define TLS_MD_IV_BLOCK_CONST_SIZE              8
+# define TLS_MD_MASTER_SECRET_CONST              "master secret"
+# define TLS_MD_MASTER_SECRET_CONST_SIZE         13
+# define TLS_MD_EXTENDED_MASTER_SECRET_CONST     "extended master secret"
+# define TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE        22
+
+# ifdef CHARSET_EBCDIC
+#  undef TLS_MD_CLIENT_FINISH_CONST
+/*
+ * client finished
+ */
+#  define TLS_MD_CLIENT_FINISH_CONST    "\x63\x6c\x69\x65\x6e\x74\x20\x66\x69\x6e\x69\x73\x68\x65\x64"
+
+#  undef TLS_MD_SERVER_FINISH_CONST
+/*
+ * server finished
+ */
+#  define TLS_MD_SERVER_FINISH_CONST    "\x73\x65\x72\x76\x65\x72\x20\x66\x69\x6e\x69\x73\x68\x65\x64"
+
+#  undef TLS_MD_SERVER_WRITE_KEY_CONST
+/*
+ * server write key
+ */
+#  define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"
+
+#  undef TLS_MD_KEY_EXPANSION_CONST
+/*
+ * key expansion
+ */
+#  define TLS_MD_KEY_EXPANSION_CONST    "\x6b\x65\x79\x20\x65\x78\x70\x61\x6e\x73\x69\x6f\x6e"
+
+#  undef TLS_MD_CLIENT_WRITE_KEY_CONST
+/*
+ * client write key
+ */
+#  define TLS_MD_CLIENT_WRITE_KEY_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"
+
+#  undef TLS_MD_SERVER_WRITE_KEY_CONST
+/*
+ * server write key
+ */
+#  define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"
+
+#  undef TLS_MD_IV_BLOCK_CONST
+/*
+ * IV block
+ */
+#  define TLS_MD_IV_BLOCK_CONST         "\x49\x56\x20\x62\x6c\x6f\x63\x6b"
+
+#  undef TLS_MD_MASTER_SECRET_CONST
+/*
+ * master secret
+ */
+#  define TLS_MD_MASTER_SECRET_CONST    "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74"
+#  undef TLS_MD_EXTENDED_MASTER_SECRET_CONST
+/*
+ * extended master secret
+ */
+#  define TLS_MD_EXTENDED_MASTER_SECRET_CONST    "\x65\x78\x74\x65\x63\x64\x65\x64\x20\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74"
+# endif
+
+/* TLS Session Ticket extension struct */
+struct tls_session_ticket_ext_st {
+    unsigned short length;
+    void *data;
+};
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/freebsd/crypto/openssl/crypto/ts/ts.h b/freebsd/crypto/openssl/include/openssl/ts.h
index 2daa1b2f..3b58aa52 100644
--- a/freebsd/crypto/openssl/crypto/ts/ts.h
+++ b/freebsd/crypto/openssl/include/openssl/ts.h
@@ -1,197 +1,41 @@
-/* crypto/ts/ts.h */
 /*
- * Written by Zoltan Glozik (zglozik@opentsa.org) for the OpenSSL project
- * 2002, 2003, 2004.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #ifndef HEADER_TS_H
 # define HEADER_TS_H
 
 # include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_TS
 # include <openssl/symhacks.h>
-# ifndef OPENSSL_NO_BUFFER
-#  include <openssl/buffer.h>
-# endif
-# ifndef OPENSSL_NO_EVP
-#  include <openssl/evp.h>
-# endif
-# ifndef OPENSSL_NO_BIO
-#  include <openssl/bio.h>
-# endif
-# include <openssl/stack.h>
+# include <openssl/buffer.h>
+# include <openssl/evp.h>
+# include <openssl/bio.h>
 # include <openssl/asn1.h>
 # include <openssl/safestack.h>
-
-# ifndef OPENSSL_NO_RSA
-#  include <openssl/rsa.h>
-# endif
-
-# ifndef OPENSSL_NO_DSA
-#  include <openssl/dsa.h>
-# endif
-
-# ifndef OPENSSL_NO_DH
-#  include <openssl/dh.h>
-# endif
-
-#ifdef  __cplusplus
+# include <openssl/rsa.h>
+# include <openssl/dsa.h>
+# include <openssl/dh.h>
+# include <openssl/tserr.h>
+# ifdef  __cplusplus
 extern "C" {
-#endif
-
-# ifdef WIN32
-/* Under Win32 this is defined in wincrypt.h */
-#  undef X509_NAME
 # endif
 
 # include <openssl/x509.h>
 # include <openssl/x509v3.h>
 
-/*-
-MessageImprint ::= SEQUENCE  {
-     hashAlgorithm                AlgorithmIdentifier,
-     hashedMessage                OCTET STRING  }
-*/
-
-typedef struct TS_msg_imprint_st {
-    X509_ALGOR *hash_algo;
-    ASN1_OCTET_STRING *hashed_msg;
-} TS_MSG_IMPRINT;
-
-/*-
-TimeStampReq ::= SEQUENCE  {
-   version                  INTEGER  { v1(1) },
-   messageImprint           MessageImprint,
-     --a hash algorithm OID and the hash value of the data to be
-     --time-stamped
-   reqPolicy                TSAPolicyId                OPTIONAL,
-   nonce                    INTEGER                    OPTIONAL,
-   certReq                  BOOLEAN                    DEFAULT FALSE,
-   extensions               [0] IMPLICIT Extensions    OPTIONAL  }
-*/
-
-typedef struct TS_req_st {
-    ASN1_INTEGER *version;
-    TS_MSG_IMPRINT *msg_imprint;
-    ASN1_OBJECT *policy_id;     /* OPTIONAL */
-    ASN1_INTEGER *nonce;        /* OPTIONAL */
-    ASN1_BOOLEAN cert_req;      /* DEFAULT FALSE */
-    STACK_OF(X509_EXTENSION) *extensions; /* [0] OPTIONAL */
-} TS_REQ;
-
-/*-
-Accuracy ::= SEQUENCE {
-                seconds        INTEGER           OPTIONAL,
-                millis     [0] INTEGER  (1..999) OPTIONAL,
-                micros     [1] INTEGER  (1..999) OPTIONAL  }
-*/
-
-typedef struct TS_accuracy_st {
-    ASN1_INTEGER *seconds;
-    ASN1_INTEGER *millis;
-    ASN1_INTEGER *micros;
-} TS_ACCURACY;
-
-/*-
-TSTInfo ::= SEQUENCE  {
-    version                      INTEGER  { v1(1) },
-    policy                       TSAPolicyId,
-    messageImprint               MessageImprint,
-      -- MUST have the same value as the similar field in
-      -- TimeStampReq
-    serialNumber                 INTEGER,
-     -- Time-Stamping users MUST be ready to accommodate integers
-     -- up to 160 bits.
-    genTime                      GeneralizedTime,
-    accuracy                     Accuracy                 OPTIONAL,
-    ordering                     BOOLEAN             DEFAULT FALSE,
-    nonce                        INTEGER                  OPTIONAL,
-      -- MUST be present if the similar field was present
-      -- in TimeStampReq.  In that case it MUST have the same value.
-    tsa                          [0] GeneralName          OPTIONAL,
-    extensions                   [1] IMPLICIT Extensions  OPTIONAL   }
-*/
-
-typedef struct TS_tst_info_st {
-    ASN1_INTEGER *version;
-    ASN1_OBJECT *policy_id;
-    TS_MSG_IMPRINT *msg_imprint;
-    ASN1_INTEGER *serial;
-    ASN1_GENERALIZEDTIME *time;
-    TS_ACCURACY *accuracy;
-    ASN1_BOOLEAN ordering;
-    ASN1_INTEGER *nonce;
-    GENERAL_NAME *tsa;
-    STACK_OF(X509_EXTENSION) *extensions;
-} TS_TST_INFO;
-
-/*-
-PKIStatusInfo ::= SEQUENCE {
-    status        PKIStatus,
-    statusString  PKIFreeText     OPTIONAL,
-    failInfo      PKIFailureInfo  OPTIONAL  }
-
-From RFC 1510 - section 3.1.1:
-PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String
-        -- text encoded as UTF-8 String (note:  each UTF8String SHOULD
-        -- include an RFC 1766 language tag to indicate the language
-        -- of the contained text)
-*/
-
-/* Possible values for status. See ts_resp_print.c && ts_resp_verify.c. */
+typedef struct TS_msg_imprint_st TS_MSG_IMPRINT;
+typedef struct TS_req_st TS_REQ;
+typedef struct TS_accuracy_st TS_ACCURACY;
+typedef struct TS_tst_info_st TS_TST_INFO;
 
+/* Possible values for status. */
 # define TS_STATUS_GRANTED                       0
 # define TS_STATUS_GRANTED_WITH_MODS             1
 # define TS_STATUS_REJECTION                     2
@@ -199,10 +43,7 @@ PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String
 # define TS_STATUS_REVOCATION_WARNING            4
 # define TS_STATUS_REVOCATION_NOTIFICATION       5
 
-/*
- * Possible values for failure_info. See ts_resp_print.c && ts_resp_verify.c
- */
-
+/* Possible values for failure_info. */
 # define TS_INFO_BAD_ALG                 0
 # define TS_INFO_BAD_REQUEST             2
 # define TS_INFO_BAD_DATA_FORMAT         5
@@ -212,67 +53,20 @@ PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String
 # define TS_INFO_ADD_INFO_NOT_AVAILABLE  17
 # define TS_INFO_SYSTEM_FAILURE          25
 
-typedef struct TS_status_info_st {
-    ASN1_INTEGER *status;
-    STACK_OF(ASN1_UTF8STRING) *text;
-    ASN1_BIT_STRING *failure_info;
-} TS_STATUS_INFO;
 
-DECLARE_STACK_OF(ASN1_UTF8STRING)
-DECLARE_ASN1_SET_OF(ASN1_UTF8STRING)
+typedef struct TS_status_info_st TS_STATUS_INFO;
+typedef struct ESS_issuer_serial ESS_ISSUER_SERIAL;
+typedef struct ESS_cert_id ESS_CERT_ID;
+typedef struct ESS_signing_cert ESS_SIGNING_CERT;
 
-/*-
-TimeStampResp ::= SEQUENCE  {
-     status                  PKIStatusInfo,
-     timeStampToken          TimeStampToken     OPTIONAL }
-*/
+DEFINE_STACK_OF(ESS_CERT_ID)
 
-typedef struct TS_resp_st {
-    TS_STATUS_INFO *status_info;
-    PKCS7 *token;
-    TS_TST_INFO *tst_info;
-} TS_RESP;
+typedef struct ESS_cert_id_v2_st ESS_CERT_ID_V2;
+typedef struct ESS_signing_cert_v2_st ESS_SIGNING_CERT_V2;
 
-/* The structure below would belong to the ESS component. */
+DEFINE_STACK_OF(ESS_CERT_ID_V2)
 
-/*-
-IssuerSerial ::= SEQUENCE {
-        issuer                   GeneralNames,
-        serialNumber             CertificateSerialNumber
-        }
-*/
-
-typedef struct ESS_issuer_serial {
-    STACK_OF(GENERAL_NAME) *issuer;
-    ASN1_INTEGER *serial;
-} ESS_ISSUER_SERIAL;
-
-/*-
-ESSCertID ::=  SEQUENCE {
-        certHash                 Hash,
-        issuerSerial             IssuerSerial OPTIONAL
-}
-*/
-
-typedef struct ESS_cert_id {
-    ASN1_OCTET_STRING *hash;    /* Always SHA-1 digest. */
-    ESS_ISSUER_SERIAL *issuer_serial;
-} ESS_CERT_ID;
-
-DECLARE_STACK_OF(ESS_CERT_ID)
-DECLARE_ASN1_SET_OF(ESS_CERT_ID)
-
-/*-
-SigningCertificate ::=  SEQUENCE {
-       certs        SEQUENCE OF ESSCertID,
-       policies     SEQUENCE OF PolicyInformation OPTIONAL
-}
-*/
-
-typedef struct ESS_signing_cert {
-    STACK_OF(ESS_CERT_ID) *cert_ids;
-    STACK_OF(POLICYINFO) *policy_info;
-} ESS_SIGNING_CERT;
+typedef struct TS_resp_st TS_RESP;
 
 TS_REQ *TS_REQ_new(void);
 void TS_REQ_free(TS_REQ *a);
@@ -281,8 +75,10 @@ TS_REQ *d2i_TS_REQ(TS_REQ **a, const unsigned char **pp, long length);
 
 TS_REQ *TS_REQ_dup(TS_REQ *a);
 
+#ifndef OPENSSL_NO_STDIO
 TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a);
 int i2d_TS_REQ_fp(FILE *fp, TS_REQ *a);
+#endif
 TS_REQ *d2i_TS_REQ_bio(BIO *fp, TS_REQ **a);
 int i2d_TS_REQ_bio(BIO *fp, TS_REQ *a);
 
@@ -294,10 +90,12 @@ TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT(TS_MSG_IMPRINT **a,
 
 TS_MSG_IMPRINT *TS_MSG_IMPRINT_dup(TS_MSG_IMPRINT *a);
 
+#ifndef OPENSSL_NO_STDIO
 TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a);
 int i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a);
-TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT **a);
-int i2d_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT *a);
+#endif
+TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *bio, TS_MSG_IMPRINT **a);
+int i2d_TS_MSG_IMPRINT_bio(BIO *bio, TS_MSG_IMPRINT *a);
 
 TS_RESP *TS_RESP_new(void);
 void TS_RESP_free(TS_RESP *a);
@@ -306,10 +104,12 @@ TS_RESP *d2i_TS_RESP(TS_RESP **a, const unsigned char **pp, long length);
 TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token);
 TS_RESP *TS_RESP_dup(TS_RESP *a);
 
+#ifndef OPENSSL_NO_STDIO
 TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a);
 int i2d_TS_RESP_fp(FILE *fp, TS_RESP *a);
-TS_RESP *d2i_TS_RESP_bio(BIO *fp, TS_RESP **a);
-int i2d_TS_RESP_bio(BIO *fp, TS_RESP *a);
+#endif
+TS_RESP *d2i_TS_RESP_bio(BIO *bio, TS_RESP **a);
+int i2d_TS_RESP_bio(BIO *bio, TS_RESP *a);
 
 TS_STATUS_INFO *TS_STATUS_INFO_new(void);
 void TS_STATUS_INFO_free(TS_STATUS_INFO *a);
@@ -325,10 +125,12 @@ TS_TST_INFO *d2i_TS_TST_INFO(TS_TST_INFO **a, const unsigned char **pp,
                              long length);
 TS_TST_INFO *TS_TST_INFO_dup(TS_TST_INFO *a);
 
+#ifndef OPENSSL_NO_STDIO
 TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a);
 int i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a);
-TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO **a);
-int i2d_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO *a);
+#endif
+TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *bio, TS_TST_INFO **a);
+int i2d_TS_TST_INFO_bio(BIO *bio, TS_TST_INFO *a);
 
 TS_ACCURACY *TS_ACCURACY_new(void);
 void TS_ACCURACY_free(TS_ACCURACY *a);
@@ -359,11 +161,33 @@ ESS_SIGNING_CERT *d2i_ESS_SIGNING_CERT(ESS_SIGNING_CERT **a,
                                        const unsigned char **pp, long length);
 ESS_SIGNING_CERT *ESS_SIGNING_CERT_dup(ESS_SIGNING_CERT *a);
 
-void ERR_load_TS_strings(void);
+ESS_CERT_ID_V2 *ESS_CERT_ID_V2_new(void);
+void ESS_CERT_ID_V2_free(ESS_CERT_ID_V2 *a);
+int i2d_ESS_CERT_ID_V2(const ESS_CERT_ID_V2 *a, unsigned char **pp);
+ESS_CERT_ID_V2 *d2i_ESS_CERT_ID_V2(ESS_CERT_ID_V2 **a,
+                                   const unsigned char **pp, long length);
+ESS_CERT_ID_V2 *ESS_CERT_ID_V2_dup(ESS_CERT_ID_V2 *a);
+
+ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_new(void);
+void ESS_SIGNING_CERT_V2_free(ESS_SIGNING_CERT_V2 *a);
+int i2d_ESS_SIGNING_CERT_V2(const ESS_SIGNING_CERT_V2 *a, unsigned char **pp);
+ESS_SIGNING_CERT_V2 *d2i_ESS_SIGNING_CERT_V2(ESS_SIGNING_CERT_V2 **a,
+                                             const unsigned char **pp,
+                                             long length);
+ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_dup(ESS_SIGNING_CERT_V2 *a);
 
 int TS_REQ_set_version(TS_REQ *a, long version);
 long TS_REQ_get_version(const TS_REQ *a);
 
+int TS_STATUS_INFO_set_status(TS_STATUS_INFO *a, int i);
+const ASN1_INTEGER *TS_STATUS_INFO_get0_status(const TS_STATUS_INFO *a);
+
+const STACK_OF(ASN1_UTF8STRING) *
+TS_STATUS_INFO_get0_text(const TS_STATUS_INFO *a);
+
+const ASN1_BIT_STRING *
+TS_STATUS_INFO_get0_failure_info(const TS_STATUS_INFO *a);
+
 int TS_REQ_set_msg_imprint(TS_REQ *a, TS_MSG_IMPRINT *msg_imprint);
 TS_MSG_IMPRINT *TS_REQ_get_msg_imprint(TS_REQ *a);
 
@@ -373,7 +197,7 @@ X509_ALGOR *TS_MSG_IMPRINT_get_algo(TS_MSG_IMPRINT *a);
 int TS_MSG_IMPRINT_set_msg(TS_MSG_IMPRINT *a, unsigned char *d, int len);
 ASN1_OCTET_STRING *TS_MSG_IMPRINT_get_msg(TS_MSG_IMPRINT *a);
 
-int TS_REQ_set_policy_id(TS_REQ *a, ASN1_OBJECT *policy);
+int TS_REQ_set_policy_id(TS_REQ *a, const ASN1_OBJECT *policy);
 ASN1_OBJECT *TS_REQ_get_policy_id(TS_REQ *a);
 
 int TS_REQ_set_nonce(TS_REQ *a, const ASN1_INTEGER *nonce);
@@ -386,7 +210,7 @@ STACK_OF(X509_EXTENSION) *TS_REQ_get_exts(TS_REQ *a);
 void TS_REQ_ext_free(TS_REQ *a);
 int TS_REQ_get_ext_count(TS_REQ *a);
 int TS_REQ_get_ext_by_NID(TS_REQ *a, int nid, int lastpos);
-int TS_REQ_get_ext_by_OBJ(TS_REQ *a, ASN1_OBJECT *obj, int lastpos);
+int TS_REQ_get_ext_by_OBJ(TS_REQ *a, const ASN1_OBJECT *obj, int lastpos);
 int TS_REQ_get_ext_by_critical(TS_REQ *a, int crit, int lastpos);
 X509_EXTENSION *TS_REQ_get_ext(TS_REQ *a, int loc);
 X509_EXTENSION *TS_REQ_delete_ext(TS_REQ *a, int loc);
@@ -447,7 +271,8 @@ STACK_OF(X509_EXTENSION) *TS_TST_INFO_get_exts(TS_TST_INFO *a);
 void TS_TST_INFO_ext_free(TS_TST_INFO *a);
 int TS_TST_INFO_get_ext_count(TS_TST_INFO *a);
 int TS_TST_INFO_get_ext_by_NID(TS_TST_INFO *a, int nid, int lastpos);
-int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, ASN1_OBJECT *obj, int lastpos);
+int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, const ASN1_OBJECT *obj,
+                               int lastpos);
 int TS_TST_INFO_get_ext_by_critical(TS_TST_INFO *a, int crit, int lastpos);
 X509_EXTENSION *TS_TST_INFO_get_ext(TS_TST_INFO *a, int loc);
 X509_EXTENSION *TS_TST_INFO_delete_ext(TS_TST_INFO *a, int loc);
@@ -495,34 +320,9 @@ typedef int (*TS_time_cb) (struct TS_resp_ctx *, void *, long *sec,
 typedef int (*TS_extension_cb) (struct TS_resp_ctx *, X509_EXTENSION *,
                                 void *);
 
-typedef struct TS_resp_ctx {
-    X509 *signer_cert;
-    EVP_PKEY *signer_key;
-    STACK_OF(X509) *certs;      /* Certs to include in signed data. */
-    STACK_OF(ASN1_OBJECT) *policies; /* Acceptable policies. */
-    ASN1_OBJECT *default_policy; /* It may appear in policies, too. */
-    STACK_OF(EVP_MD) *mds;      /* Acceptable message digests. */
-    ASN1_INTEGER *seconds;      /* accuracy, 0 means not specified. */
-    ASN1_INTEGER *millis;       /* accuracy, 0 means not specified. */
-    ASN1_INTEGER *micros;       /* accuracy, 0 means not specified. */
-    unsigned clock_precision_digits; /* fraction of seconds in time stamp
-                                      * token. */
-    unsigned flags;             /* Optional info, see values above. */
-    /* Callback functions. */
-    TS_serial_cb serial_cb;
-    void *serial_cb_data;       /* User data for serial_cb. */
-    TS_time_cb time_cb;
-    void *time_cb_data;         /* User data for time_cb. */
-    TS_extension_cb extension_cb;
-    void *extension_cb_data;    /* User data for extension_cb. */
-    /* These members are used only while creating the response. */
-    TS_REQ *request;
-    TS_RESP *response;
-    TS_TST_INFO *tst_info;
-} TS_RESP_CTX;
-
-DECLARE_STACK_OF(EVP_MD)
-DECLARE_ASN1_SET_OF(EVP_MD)
+typedef struct TS_resp_ctx TS_RESP_CTX;
+
+DEFINE_STACK_OF_CONST(EVP_MD)
 
 /* Creates a response context that can be used for generating responses. */
 TS_RESP_CTX *TS_RESP_CTX_new(void);
@@ -534,8 +334,12 @@ int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer);
 /* This parameter must be set. */
 int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key);
 
+int TS_RESP_CTX_set_signer_digest(TS_RESP_CTX *ctx,
+                                  const EVP_MD *signer_digest);
+int TS_RESP_CTX_set_ess_cert_id_digest(TS_RESP_CTX *ctx, const EVP_MD *md);
+
 /* This parameter must be set. */
-int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *def_policy);
+int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *def_policy);
 
 /* No additional certs are included in the response by default. */
 int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs);
@@ -544,7 +348,7 @@ int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs);
  * Adds a new acceptable policy, only the default policy is accepted by
  * default.
  */
-int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *policy);
+int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *policy);
 
 /*
  * Adds a new acceptable message digest. Note that no message digests are
@@ -657,42 +461,25 @@ int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs,
                                  | TS_VFY_SIGNER        \
                                  | TS_VFY_TSA_NAME)
 
-typedef struct TS_verify_ctx {
-    /* Set this to the union of TS_VFY_... flags you want to carry out. */
-    unsigned flags;
-    /* Must be set only with TS_VFY_SIGNATURE. certs is optional. */
-    X509_STORE *store;
-    STACK_OF(X509) *certs;
-    /* Must be set only with TS_VFY_POLICY. */
-    ASN1_OBJECT *policy;
-    /*
-     * Must be set only with TS_VFY_IMPRINT. If md_alg is NULL, the
-     * algorithm from the response is used.
-     */
-    X509_ALGOR *md_alg;
-    unsigned char *imprint;
-    unsigned imprint_len;
-    /* Must be set only with TS_VFY_DATA. */
-    BIO *data;
-    /* Must be set only with TS_VFY_TSA_NAME. */
-    ASN1_INTEGER *nonce;
-    /* Must be set only with TS_VFY_TSA_NAME. */
-    GENERAL_NAME *tsa_name;
-} TS_VERIFY_CTX;
+typedef struct TS_verify_ctx TS_VERIFY_CTX;
 
 int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response);
 int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token);
 
 /*
  * Declarations related to response verification context,
- * they are defined in ts/ts_verify_ctx.c.
  */
-
-/* Set all fields to zero. */
 TS_VERIFY_CTX *TS_VERIFY_CTX_new(void);
 void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx);
 void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx);
 void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx);
+int TS_VERIFY_CTX_set_flags(TS_VERIFY_CTX *ctx, int f);
+int TS_VERIFY_CTX_add_flags(TS_VERIFY_CTX *ctx, int f);
+BIO *TS_VERIFY_CTX_set_data(TS_VERIFY_CTX *ctx, BIO *b);
+unsigned char *TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx,
+                                         unsigned char *hexstr, long len);
+X509_STORE *TS_VERIFY_CTX_set_store(TS_VERIFY_CTX *ctx, X509_STORE *s);
+STACK_OF(X509) *TS_VERIFY_CTS_set_certs(TS_VERIFY_CTX *ctx, STACK_OF(X509) *certs);
 
 /*-
  * If ctx is NULL, it allocates and returns a new object, otherwise
@@ -737,9 +524,11 @@ EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass);
 const char *TS_CONF_get_tsa_section(CONF *conf, const char *section);
 int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb,
                        TS_RESP_CTX *ctx);
+#ifndef OPENSSL_NO_ENGINE
 int TS_CONF_set_crypto_device(CONF *conf, const char *section,
                               const char *device);
 int TS_CONF_set_default_engine(const char *name);
+#endif
 int TS_CONF_set_signer_cert(CONF *conf, const char *section,
                             const char *cert, TS_RESP_CTX *ctx);
 int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs,
@@ -747,6 +536,8 @@ int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs,
 int TS_CONF_set_signer_key(CONF *conf, const char *section,
                            const char *key, const char *pass,
                            TS_RESP_CTX *ctx);
+int TS_CONF_set_signer_digest(CONF *conf, const char *section,
+                               const char *md, TS_RESP_CTX *ctx);
 int TS_CONF_set_def_policy(CONF *conf, const char *section,
                            const char *policy, TS_RESP_CTX *ctx);
 int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx);
@@ -758,108 +549,11 @@ int TS_CONF_set_ordering(CONF *conf, const char *section, TS_RESP_CTX *ctx);
 int TS_CONF_set_tsa_name(CONF *conf, const char *section, TS_RESP_CTX *ctx);
 int TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section,
                                   TS_RESP_CTX *ctx);
+int TS_CONF_set_ess_cert_id_digest(CONF *conf, const char *section,
+                                      TS_RESP_CTX *ctx);
 
-/* -------------------------------------------------- */
-/* BEGIN ERROR CODES */
-/*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_TS_strings(void);
-
-/* Error codes for the TS functions. */
-
-/* Function codes. */
-# define TS_F_D2I_TS_RESP                                 147
-# define TS_F_DEF_SERIAL_CB                               110
-# define TS_F_DEF_TIME_CB                                 111
-# define TS_F_ESS_ADD_SIGNING_CERT                        112
-# define TS_F_ESS_CERT_ID_NEW_INIT                        113
-# define TS_F_ESS_SIGNING_CERT_NEW_INIT                   114
-# define TS_F_INT_TS_RESP_VERIFY_TOKEN                    149
-# define TS_F_PKCS7_TO_TS_TST_INFO                        148
-# define TS_F_TS_ACCURACY_SET_MICROS                      115
-# define TS_F_TS_ACCURACY_SET_MILLIS                      116
-# define TS_F_TS_ACCURACY_SET_SECONDS                     117
-# define TS_F_TS_CHECK_IMPRINTS                           100
-# define TS_F_TS_CHECK_NONCES                             101
-# define TS_F_TS_CHECK_POLICY                             102
-# define TS_F_TS_CHECK_SIGNING_CERTS                      103
-# define TS_F_TS_CHECK_STATUS_INFO                        104
-# define TS_F_TS_COMPUTE_IMPRINT                          145
-# define TS_F_TS_CONF_SET_DEFAULT_ENGINE                  146
-# define TS_F_TS_GET_STATUS_TEXT                          105
-# define TS_F_TS_MSG_IMPRINT_SET_ALGO                     118
-# define TS_F_TS_REQ_SET_MSG_IMPRINT                      119
-# define TS_F_TS_REQ_SET_NONCE                            120
-# define TS_F_TS_REQ_SET_POLICY_ID                        121
-# define TS_F_TS_RESP_CREATE_RESPONSE                     122
-# define TS_F_TS_RESP_CREATE_TST_INFO                     123
-# define TS_F_TS_RESP_CTX_ADD_FAILURE_INFO                124
-# define TS_F_TS_RESP_CTX_ADD_MD                          125
-# define TS_F_TS_RESP_CTX_ADD_POLICY                      126
-# define TS_F_TS_RESP_CTX_NEW                             127
-# define TS_F_TS_RESP_CTX_SET_ACCURACY                    128
-# define TS_F_TS_RESP_CTX_SET_CERTS                       129
-# define TS_F_TS_RESP_CTX_SET_DEF_POLICY                  130
-# define TS_F_TS_RESP_CTX_SET_SIGNER_CERT                 131
-# define TS_F_TS_RESP_CTX_SET_STATUS_INFO                 132
-# define TS_F_TS_RESP_GET_POLICY                          133
-# define TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION          134
-# define TS_F_TS_RESP_SET_STATUS_INFO                     135
-# define TS_F_TS_RESP_SET_TST_INFO                        150
-# define TS_F_TS_RESP_SIGN                                136
-# define TS_F_TS_RESP_VERIFY_SIGNATURE                    106
-# define TS_F_TS_RESP_VERIFY_TOKEN                        107
-# define TS_F_TS_TST_INFO_SET_ACCURACY                    137
-# define TS_F_TS_TST_INFO_SET_MSG_IMPRINT                 138
-# define TS_F_TS_TST_INFO_SET_NONCE                       139
-# define TS_F_TS_TST_INFO_SET_POLICY_ID                   140
-# define TS_F_TS_TST_INFO_SET_SERIAL                      141
-# define TS_F_TS_TST_INFO_SET_TIME                        142
-# define TS_F_TS_TST_INFO_SET_TSA                         143
-# define TS_F_TS_VERIFY                                   108
-# define TS_F_TS_VERIFY_CERT                              109
-# define TS_F_TS_VERIFY_CTX_NEW                           144
-
-/* Reason codes. */
-# define TS_R_BAD_PKCS7_TYPE                              132
-# define TS_R_BAD_TYPE                                    133
-# define TS_R_CERTIFICATE_VERIFY_ERROR                    100
-# define TS_R_COULD_NOT_SET_ENGINE                        127
-# define TS_R_COULD_NOT_SET_TIME                          115
-# define TS_R_D2I_TS_RESP_INT_FAILED                      128
-# define TS_R_DETACHED_CONTENT                            134
-# define TS_R_ESS_ADD_SIGNING_CERT_ERROR                  116
-# define TS_R_ESS_SIGNING_CERTIFICATE_ERROR               101
-# define TS_R_INVALID_NULL_POINTER                        102
-# define TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE          117
-# define TS_R_MESSAGE_IMPRINT_MISMATCH                    103
-# define TS_R_NONCE_MISMATCH                              104
-# define TS_R_NONCE_NOT_RETURNED                          105
-# define TS_R_NO_CONTENT                                  106
-# define TS_R_NO_TIME_STAMP_TOKEN                         107
-# define TS_R_PKCS7_ADD_SIGNATURE_ERROR                   118
-# define TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR                 119
-# define TS_R_PKCS7_TO_TS_TST_INFO_FAILED                 129
-# define TS_R_POLICY_MISMATCH                             108
-# define TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE      120
-# define TS_R_RESPONSE_SETUP_ERROR                        121
-# define TS_R_SIGNATURE_FAILURE                           109
-# define TS_R_THERE_MUST_BE_ONE_SIGNER                    110
-# define TS_R_TIME_SYSCALL_ERROR                          122
-# define TS_R_TOKEN_NOT_PRESENT                           130
-# define TS_R_TOKEN_PRESENT                               131
-# define TS_R_TSA_NAME_MISMATCH                           111
-# define TS_R_TSA_UNTRUSTED                               112
-# define TS_R_TST_INFO_SETUP_ERROR                        123
-# define TS_R_TS_DATASIGN                                 124
-# define TS_R_UNACCEPTABLE_POLICY                         125
-# define TS_R_UNSUPPORTED_MD_ALGORITHM                    126
-# define TS_R_UNSUPPORTED_VERSION                         113
-# define TS_R_WRONG_CONTENT_TYPE                          114
-
-#ifdef  __cplusplus
+#  ifdef  __cplusplus
 }
-#endif
+#  endif
+# endif
 #endif
diff --git a/freebsd/crypto/openssl/include/openssl/tserr.h b/freebsd/crypto/openssl/include/openssl/tserr.h
new file mode 100644
index 00000000..3e049256
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/tserr.h
@@ -0,0 +1,128 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_TSERR_H
+# define HEADER_TSERR_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_TS
+
+#  ifdef  __cplusplus
+extern "C"
+#  endif
+int ERR_load_TS_strings(void);
+
+/*
+ * TS function codes.
+ */
+#  define TS_F_DEF_SERIAL_CB                               110
+#  define TS_F_DEF_TIME_CB                                 111
+#  define TS_F_ESS_ADD_SIGNING_CERT                        112
+#  define TS_F_ESS_ADD_SIGNING_CERT_V2                     147
+#  define TS_F_ESS_CERT_ID_NEW_INIT                        113
+#  define TS_F_ESS_CERT_ID_V2_NEW_INIT                     156
+#  define TS_F_ESS_SIGNING_CERT_NEW_INIT                   114
+#  define TS_F_ESS_SIGNING_CERT_V2_NEW_INIT                157
+#  define TS_F_INT_TS_RESP_VERIFY_TOKEN                    149
+#  define TS_F_PKCS7_TO_TS_TST_INFO                        148
+#  define TS_F_TS_ACCURACY_SET_MICROS                      115
+#  define TS_F_TS_ACCURACY_SET_MILLIS                      116
+#  define TS_F_TS_ACCURACY_SET_SECONDS                     117
+#  define TS_F_TS_CHECK_IMPRINTS                           100
+#  define TS_F_TS_CHECK_NONCES                             101
+#  define TS_F_TS_CHECK_POLICY                             102
+#  define TS_F_TS_CHECK_SIGNING_CERTS                      103
+#  define TS_F_TS_CHECK_STATUS_INFO                        104
+#  define TS_F_TS_COMPUTE_IMPRINT                          145
+#  define TS_F_TS_CONF_INVALID                             151
+#  define TS_F_TS_CONF_LOAD_CERT                           153
+#  define TS_F_TS_CONF_LOAD_CERTS                          154
+#  define TS_F_TS_CONF_LOAD_KEY                            155
+#  define TS_F_TS_CONF_LOOKUP_FAIL                         152
+#  define TS_F_TS_CONF_SET_DEFAULT_ENGINE                  146
+#  define TS_F_TS_GET_STATUS_TEXT                          105
+#  define TS_F_TS_MSG_IMPRINT_SET_ALGO                     118
+#  define TS_F_TS_REQ_SET_MSG_IMPRINT                      119
+#  define TS_F_TS_REQ_SET_NONCE                            120
+#  define TS_F_TS_REQ_SET_POLICY_ID                        121
+#  define TS_F_TS_RESP_CREATE_RESPONSE                     122
+#  define TS_F_TS_RESP_CREATE_TST_INFO                     123
+#  define TS_F_TS_RESP_CTX_ADD_FAILURE_INFO                124
+#  define TS_F_TS_RESP_CTX_ADD_MD                          125
+#  define TS_F_TS_RESP_CTX_ADD_POLICY                      126
+#  define TS_F_TS_RESP_CTX_NEW                             127
+#  define TS_F_TS_RESP_CTX_SET_ACCURACY                    128
+#  define TS_F_TS_RESP_CTX_SET_CERTS                       129
+#  define TS_F_TS_RESP_CTX_SET_DEF_POLICY                  130
+#  define TS_F_TS_RESP_CTX_SET_SIGNER_CERT                 131
+#  define TS_F_TS_RESP_CTX_SET_STATUS_INFO                 132
+#  define TS_F_TS_RESP_GET_POLICY                          133
+#  define TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION          134
+#  define TS_F_TS_RESP_SET_STATUS_INFO                     135
+#  define TS_F_TS_RESP_SET_TST_INFO                        150
+#  define TS_F_TS_RESP_SIGN                                136
+#  define TS_F_TS_RESP_VERIFY_SIGNATURE                    106
+#  define TS_F_TS_TST_INFO_SET_ACCURACY                    137
+#  define TS_F_TS_TST_INFO_SET_MSG_IMPRINT                 138
+#  define TS_F_TS_TST_INFO_SET_NONCE                       139
+#  define TS_F_TS_TST_INFO_SET_POLICY_ID                   140
+#  define TS_F_TS_TST_INFO_SET_SERIAL                      141
+#  define TS_F_TS_TST_INFO_SET_TIME                        142
+#  define TS_F_TS_TST_INFO_SET_TSA                         143
+#  define TS_F_TS_VERIFY                                   108
+#  define TS_F_TS_VERIFY_CERT                              109
+#  define TS_F_TS_VERIFY_CTX_NEW                           144
+
+/*
+ * TS reason codes.
+ */
+#  define TS_R_BAD_PKCS7_TYPE                              132
+#  define TS_R_BAD_TYPE                                    133
+#  define TS_R_CANNOT_LOAD_CERT                            137
+#  define TS_R_CANNOT_LOAD_KEY                             138
+#  define TS_R_CERTIFICATE_VERIFY_ERROR                    100
+#  define TS_R_COULD_NOT_SET_ENGINE                        127
+#  define TS_R_COULD_NOT_SET_TIME                          115
+#  define TS_R_DETACHED_CONTENT                            134
+#  define TS_R_ESS_ADD_SIGNING_CERT_ERROR                  116
+#  define TS_R_ESS_ADD_SIGNING_CERT_V2_ERROR               139
+#  define TS_R_ESS_SIGNING_CERTIFICATE_ERROR               101
+#  define TS_R_INVALID_NULL_POINTER                        102
+#  define TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE          117
+#  define TS_R_MESSAGE_IMPRINT_MISMATCH                    103
+#  define TS_R_NONCE_MISMATCH                              104
+#  define TS_R_NONCE_NOT_RETURNED                          105
+#  define TS_R_NO_CONTENT                                  106
+#  define TS_R_NO_TIME_STAMP_TOKEN                         107
+#  define TS_R_PKCS7_ADD_SIGNATURE_ERROR                   118
+#  define TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR                 119
+#  define TS_R_PKCS7_TO_TS_TST_INFO_FAILED                 129
+#  define TS_R_POLICY_MISMATCH                             108
+#  define TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE      120
+#  define TS_R_RESPONSE_SETUP_ERROR                        121
+#  define TS_R_SIGNATURE_FAILURE                           109
+#  define TS_R_THERE_MUST_BE_ONE_SIGNER                    110
+#  define TS_R_TIME_SYSCALL_ERROR                          122
+#  define TS_R_TOKEN_NOT_PRESENT                           130
+#  define TS_R_TOKEN_PRESENT                               131
+#  define TS_R_TSA_NAME_MISMATCH                           111
+#  define TS_R_TSA_UNTRUSTED                               112
+#  define TS_R_TST_INFO_SETUP_ERROR                        123
+#  define TS_R_TS_DATASIGN                                 124
+#  define TS_R_UNACCEPTABLE_POLICY                         125
+#  define TS_R_UNSUPPORTED_MD_ALGORITHM                    126
+#  define TS_R_UNSUPPORTED_VERSION                         113
+#  define TS_R_VAR_BAD_VALUE                               135
+#  define TS_R_VAR_LOOKUP_FAILURE                          136
+#  define TS_R_WRONG_CONTENT_TYPE                          114
+
+# endif
+#endif
diff --git a/freebsd/crypto/openssl/include/openssl/txt_db.h b/freebsd/crypto/openssl/include/openssl/txt_db.h
new file mode 100644
index 00000000..ec981a43
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/txt_db.h
@@ -0,0 +1,57 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_TXT_DB_H
+# define HEADER_TXT_DB_H
+
+# include <openssl/opensslconf.h>
+# include <openssl/bio.h>
+# include <openssl/safestack.h>
+# include <openssl/lhash.h>
+
+# define DB_ERROR_OK                     0
+# define DB_ERROR_MALLOC                 1
+# define DB_ERROR_INDEX_CLASH            2
+# define DB_ERROR_INDEX_OUT_OF_RANGE     3
+# define DB_ERROR_NO_INDEX               4
+# define DB_ERROR_INSERT_INDEX_CLASH     5
+# define DB_ERROR_WRONG_NUM_FIELDS       6
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+typedef OPENSSL_STRING *OPENSSL_PSTRING;
+DEFINE_SPECIAL_STACK_OF(OPENSSL_PSTRING, OPENSSL_STRING)
+
+typedef struct txt_db_st {
+    int num_fields;
+    STACK_OF(OPENSSL_PSTRING) *data;
+    LHASH_OF(OPENSSL_STRING) **index;
+    int (**qual) (OPENSSL_STRING *);
+    long error;
+    long arg1;
+    long arg2;
+    OPENSSL_STRING *arg_row;
+} TXT_DB;
+
+TXT_DB *TXT_DB_read(BIO *in, int num);
+long TXT_DB_write(BIO *out, TXT_DB *db);
+int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *),
+                        OPENSSL_LH_HASHFUNC hash, OPENSSL_LH_COMPFUNC cmp);
+void TXT_DB_free(TXT_DB *db);
+OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx,
+                                    OPENSSL_STRING *value);
+int TXT_DB_insert(TXT_DB *db, OPENSSL_STRING *value);
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/freebsd/crypto/openssl/crypto/ui/ui.h b/freebsd/crypto/openssl/include/openssl/ui.h
index 0dc16330..7c721ec8 100644
--- a/freebsd/crypto/openssl/crypto/ui/ui.h
+++ b/freebsd/crypto/openssl/include/openssl/ui.h
@@ -1,78 +1,35 @@
-/* crypto/ui/ui.h */
 /*
- * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
- * 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #ifndef HEADER_UI_H
 # define HEADER_UI_H
 
-# ifndef OPENSSL_NO_DEPRECATED
+# include <openssl/opensslconf.h>
+
+# if OPENSSL_API_COMPAT < 0x10100000L
 #  include <openssl/crypto.h>
 # endif
 # include <openssl/safestack.h>
+# include <openssl/pem.h>
 # include <openssl/ossl_typ.h>
+# include <openssl/uierr.h>
 
-#ifdef  __cplusplus
-extern "C" {
-#endif
+/* For compatibility reasons, the macro OPENSSL_NO_UI is currently retained */
+# if OPENSSL_API_COMPAT < 0x10200000L
+#  ifdef OPENSSL_NO_UI_CONSOLE
+#   define OPENSSL_NO_UI
+#  endif
+# endif
 
-/* Declared already in ossl_typ.h */
-/* typedef struct ui_st UI; */
-/* typedef struct ui_method_st UI_METHOD; */
+# ifdef  __cplusplus
+extern "C" {
+# endif
 
 /*
  * All the following functions return -1 or NULL on error and in some cases
@@ -128,7 +85,7 @@ void UI_free(UI *ui);
    added, so the result is *not* a string.
 
    On success, the all return an index of the added information.  That index
-   is usefull when retrieving results with UI_get0_result(). */
+   is useful when retrieving results with UI_get0_result(). */
 int UI_add_input_string(UI *ui, const char *prompt, int flags,
                         char *result_buf, int minsize, int maxsize);
 int UI_dup_input_string(UI *ui, const char *prompt, int flags,
@@ -207,17 +164,24 @@ char *UI_construct_prompt(UI *ui_method,
  * methods may not, however.
  */
 void *UI_add_user_data(UI *ui, void *user_data);
+/*
+ * Alternatively, this function is used to duplicate the user data.
+ * This uses the duplicator method function.  The destroy function will
+ * be used to free the user data in this case.
+ */
+int UI_dup_user_data(UI *ui, void *user_data);
 /* We need a user data retrieving function as well.  */
 void *UI_get0_user_data(UI *ui);
 
 /* Return the result associated with a prompt given with the index i. */
 const char *UI_get0_result(UI *ui, int i);
+int UI_get_result_length(UI *ui, int i);
 
 /* When all strings have been added, process the whole thing. */
 int UI_process(UI *ui);
 
 /*
- * Give a user interface parametrised control commands.  This can be used to
+ * Give a user interface parameterised control commands.  This can be used to
  * send down an integer, a data pointer or a function pointer, as well as be
  * used to get information from a UI.
  */
@@ -240,8 +204,9 @@ int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void));
 /* Some methods may use extra data */
 # define UI_set_app_data(s,arg)         UI_set_ex_data(s,0,arg)
 # define UI_get_app_data(s)             UI_get_ex_data(s,0)
-int UI_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-                        CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+
+# define UI_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI, l, p, newf, dupf, freef)
 int UI_set_ex_data(UI *r, int idx, void *arg);
 void *UI_get_ex_data(UI *r, int idx);
 
@@ -251,9 +216,19 @@ const UI_METHOD *UI_get_default_method(void);
 const UI_METHOD *UI_get_method(UI *ui);
 const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth);
 
+# ifndef OPENSSL_NO_UI_CONSOLE
+
 /* The method with all the built-in thingies */
 UI_METHOD *UI_OpenSSL(void);
 
+# endif
+
+/*
+ * NULL method.  Literally does nothing, but may serve as a placeholder
+ * to avoid internal default.
+ */
+const UI_METHOD *UI_null(void);
+
 /* ---------- For method writers ---------- */
 /*-
    A method contains a number of functions that implement the low level
@@ -269,7 +244,7 @@ UI_METHOD *UI_OpenSSL(void);
                         display a dialog box after it has been built.
         a reader        This function is called to read a given prompt,
                         maybe from the tty, maybe from a field in a
-                        window.  Note that it's called wth all string
+                        window.  Note that it's called with all string
                         structures, not only the prompt ones, so it must
                         check such things itself.
         a closer        This function closes the session, maybe by closing
@@ -302,7 +277,7 @@ UI_METHOD *UI_OpenSSL(void);
  * about a string or a prompt, including test data for a verification prompt.
  */
 typedef struct ui_string_st UI_STRING;
-DECLARE_STACK_OF(UI_STRING)
+DEFINE_STACK_OF(UI_STRING)
 
 /*
  * The different types of strings that are currently supported. This is only
@@ -318,7 +293,7 @@ enum UI_string_types {
 };
 
 /* Create and manipulate methods */
-UI_METHOD *UI_create_method(char *name);
+UI_METHOD *UI_create_method(const char *name);
 void UI_destroy_method(UI_METHOD *ui_method);
 int UI_method_set_opener(UI_METHOD *method, int (*opener) (UI *ui));
 int UI_method_set_writer(UI_METHOD *method,
@@ -327,20 +302,26 @@ int UI_method_set_flusher(UI_METHOD *method, int (*flusher) (UI *ui));
 int UI_method_set_reader(UI_METHOD *method,
                          int (*reader) (UI *ui, UI_STRING *uis));
 int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui));
+int UI_method_set_data_duplicator(UI_METHOD *method,
+                                  void *(*duplicator) (UI *ui, void *ui_data),
+                                  void (*destructor)(UI *ui, void *ui_data));
 int UI_method_set_prompt_constructor(UI_METHOD *method,
                                      char *(*prompt_constructor) (UI *ui,
                                                                   const char
                                                                   *object_desc,
                                                                   const char
                                                                   *object_name));
-int (*UI_method_get_opener(UI_METHOD *method)) (UI *);
-int (*UI_method_get_writer(UI_METHOD *method)) (UI *, UI_STRING *);
-int (*UI_method_get_flusher(UI_METHOD *method)) (UI *);
-int (*UI_method_get_reader(UI_METHOD *method)) (UI *, UI_STRING *);
-int (*UI_method_get_closer(UI_METHOD *method)) (UI *);
-char *(*UI_method_get_prompt_constructor(UI_METHOD *method)) (UI *,
-                                                              const char *,
-                                                              const char *);
+int UI_method_set_ex_data(UI_METHOD *method, int idx, void *data);
+int (*UI_method_get_opener(const UI_METHOD *method)) (UI *);
+int (*UI_method_get_writer(const UI_METHOD *method)) (UI *, UI_STRING *);
+int (*UI_method_get_flusher(const UI_METHOD *method)) (UI *);
+int (*UI_method_get_reader(const UI_METHOD *method)) (UI *, UI_STRING *);
+int (*UI_method_get_closer(const UI_METHOD *method)) (UI *);
+char *(*UI_method_get_prompt_constructor(const UI_METHOD *method))
+    (UI *, const char *, const char *);
+void *(*UI_method_get_data_duplicator(const UI_METHOD *method)) (UI *, void *);
+void (*UI_method_get_data_destructor(const UI_METHOD *method)) (UI *, void *);
+const void *UI_method_get_ex_data(const UI_METHOD *method, int idx);
 
 /*
  * The following functions are helpers for method writers to access relevant
@@ -354,12 +335,13 @@ int UI_get_input_flags(UI_STRING *uis);
 /* Return the actual string to output (the prompt, info or error) */
 const char *UI_get0_output_string(UI_STRING *uis);
 /*
- * Return the optional action string to output (the boolean promtp
+ * Return the optional action string to output (the boolean prompt
  * instruction)
  */
 const char *UI_get0_action_string(UI_STRING *uis);
 /* Return the result of a prompt */
 const char *UI_get0_result_string(UI_STRING *uis);
+int UI_get_result_string_length(UI_STRING *uis);
 /*
  * Return the string to test the result against.  Only useful with verifies.
  */
@@ -370,46 +352,17 @@ int UI_get_result_minsize(UI_STRING *uis);
 int UI_get_result_maxsize(UI_STRING *uis);
 /* Set the result of a UI_STRING. */
 int UI_set_result(UI *ui, UI_STRING *uis, const char *result);
+int UI_set_result_ex(UI *ui, UI_STRING *uis, const char *result, int len);
 
 /* A couple of popular utility functions */
 int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt,
                            int verify);
 int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt,
                     int verify);
+UI_METHOD *UI_UTIL_wrap_read_pem_callback(pem_password_cb *cb, int rwflag);
 
-/* BEGIN ERROR CODES */
-/*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_UI_strings(void);
-
-/* Error codes for the UI functions. */
-
-/* Function codes. */
-# define UI_F_GENERAL_ALLOCATE_BOOLEAN                    108
-# define UI_F_GENERAL_ALLOCATE_PROMPT                     109
-# define UI_F_GENERAL_ALLOCATE_STRING                     100
-# define UI_F_UI_CTRL                                     111
-# define UI_F_UI_DUP_ERROR_STRING                         101
-# define UI_F_UI_DUP_INFO_STRING                          102
-# define UI_F_UI_DUP_INPUT_BOOLEAN                        110
-# define UI_F_UI_DUP_INPUT_STRING                         103
-# define UI_F_UI_DUP_VERIFY_STRING                        106
-# define UI_F_UI_GET0_RESULT                              107
-# define UI_F_UI_NEW_METHOD                               104
-# define UI_F_UI_SET_RESULT                               105
-
-/* Reason codes. */
-# define UI_R_COMMON_OK_AND_CANCEL_CHARACTERS             104
-# define UI_R_INDEX_TOO_LARGE                             102
-# define UI_R_INDEX_TOO_SMALL                             103
-# define UI_R_NO_RESULT_BUFFER                            105
-# define UI_R_RESULT_TOO_LARGE                            100
-# define UI_R_RESULT_TOO_SMALL                            101
-# define UI_R_UNKNOWN_CONTROL_COMMAND                     106
-
-#ifdef  __cplusplus
+
+# ifdef  __cplusplus
 }
-#endif
+# endif
 #endif
diff --git a/freebsd/crypto/openssl/include/openssl/uierr.h b/freebsd/crypto/openssl/include/openssl/uierr.h
new file mode 100644
index 00000000..72fd9a9d
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/uierr.h
@@ -0,0 +1,61 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_UIERR_H
+# define HEADER_UIERR_H
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_UI_strings(void);
+
+/*
+ * UI function codes.
+ */
+# define UI_F_CLOSE_CONSOLE                               115
+# define UI_F_ECHO_CONSOLE                                116
+# define UI_F_GENERAL_ALLOCATE_BOOLEAN                    108
+# define UI_F_GENERAL_ALLOCATE_PROMPT                     109
+# define UI_F_NOECHO_CONSOLE                              117
+# define UI_F_OPEN_CONSOLE                                114
+# define UI_F_UI_CONSTRUCT_PROMPT                         121
+# define UI_F_UI_CREATE_METHOD                            112
+# define UI_F_UI_CTRL                                     111
+# define UI_F_UI_DUP_ERROR_STRING                         101
+# define UI_F_UI_DUP_INFO_STRING                          102
+# define UI_F_UI_DUP_INPUT_BOOLEAN                        110
+# define UI_F_UI_DUP_INPUT_STRING                         103
+# define UI_F_UI_DUP_USER_DATA                            118
+# define UI_F_UI_DUP_VERIFY_STRING                        106
+# define UI_F_UI_GET0_RESULT                              107
+# define UI_F_UI_GET_RESULT_LENGTH                        119
+# define UI_F_UI_NEW_METHOD                               104
+# define UI_F_UI_PROCESS                                  113
+# define UI_F_UI_SET_RESULT                               105
+# define UI_F_UI_SET_RESULT_EX                            120
+
+/*
+ * UI reason codes.
+ */
+# define UI_R_COMMON_OK_AND_CANCEL_CHARACTERS             104
+# define UI_R_INDEX_TOO_LARGE                             102
+# define UI_R_INDEX_TOO_SMALL                             103
+# define UI_R_NO_RESULT_BUFFER                            105
+# define UI_R_PROCESSING_ERROR                            107
+# define UI_R_RESULT_TOO_LARGE                            100
+# define UI_R_RESULT_TOO_SMALL                            101
+# define UI_R_SYSASSIGN_ERROR                             109
+# define UI_R_SYSDASSGN_ERROR                             110
+# define UI_R_SYSQIOW_ERROR                               111
+# define UI_R_UNKNOWN_CONTROL_COMMAND                     106
+# define UI_R_UNKNOWN_TTYGET_ERRNO_VALUE                  108
+# define UI_R_USER_DATA_DUPLICATION_UNSUPPORTED           112
+
+#endif
diff --git a/freebsd/crypto/openssl/crypto/whrlpool/whrlpool.h b/freebsd/crypto/openssl/include/openssl/whrlpool.h
index 73c749da..20ea3503 100644
--- a/freebsd/crypto/openssl/crypto/whrlpool/whrlpool.h
+++ b/freebsd/crypto/openssl/include/openssl/whrlpool.h
@@ -1,12 +1,23 @@
+/*
+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
 #ifndef HEADER_WHRLPOOL_H
 # define HEADER_WHRLPOOL_H
 
+#include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_WHIRLPOOL
 # include <openssl/e_os2.h>
 # include <stddef.h>
-
-#ifdef __cplusplus
+# ifdef __cplusplus
 extern "C" {
-#endif
+# endif
 
 # define WHIRLPOOL_DIGEST_LENGTH (512/8)
 # define WHIRLPOOL_BBLOCK        512
@@ -23,19 +34,15 @@ typedef struct {
     size_t bitlen[WHIRLPOOL_COUNTER / sizeof(size_t)];
 } WHIRLPOOL_CTX;
 
-# ifndef OPENSSL_NO_WHIRLPOOL
-#  ifdef OPENSSL_FIPS
-int private_WHIRLPOOL_Init(WHIRLPOOL_CTX *c);
-#  endif
 int WHIRLPOOL_Init(WHIRLPOOL_CTX *c);
 int WHIRLPOOL_Update(WHIRLPOOL_CTX *c, const void *inp, size_t bytes);
 void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *inp, size_t bits);
 int WHIRLPOOL_Final(unsigned char *md, WHIRLPOOL_CTX *c);
 unsigned char *WHIRLPOOL(const void *inp, size_t bytes, unsigned char *md);
-# endif
 
-#ifdef __cplusplus
+# ifdef __cplusplus
 }
-#endif
+# endif
+# endif
 
 #endif
diff --git a/freebsd/crypto/openssl/crypto/x509/x509.h b/freebsd/crypto/openssl/include/openssl/x509.h
index 6fa28eba..39ca0ba5 100644
--- a/freebsd/crypto/openssl/crypto/x509/x509.h
+++ b/freebsd/crypto/openssl/include/openssl/x509.h
@@ -1,123 +1,45 @@
-/* crypto/x509/x509.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #ifndef HEADER_X509_H
 # define HEADER_X509_H
 
 # include <openssl/e_os2.h>
+# include <openssl/ossl_typ.h>
 # include <openssl/symhacks.h>
-# ifndef OPENSSL_NO_BUFFER
-#  include <openssl/buffer.h>
-# endif
-# ifndef OPENSSL_NO_EVP
-#  include <openssl/evp.h>
-# endif
-# ifndef OPENSSL_NO_BIO
-#  include <openssl/bio.h>
-# endif
-# include <openssl/stack.h>
+# include <openssl/buffer.h>
+# include <openssl/evp.h>
+# include <openssl/bio.h>
 # include <openssl/asn1.h>
 # include <openssl/safestack.h>
+# include <openssl/ec.h>
 
-# ifndef OPENSSL_NO_EC
-#  include <openssl/ec.h>
-# endif
-
-# ifndef OPENSSL_NO_ECDSA
-#  include <openssl/ecdsa.h>
-# endif
-
-# ifndef OPENSSL_NO_ECDH
-#  include <openssl/ecdh.h>
-# endif
-
-# ifndef OPENSSL_NO_DEPRECATED
-#  ifndef OPENSSL_NO_RSA
-#   include <openssl/rsa.h>
-#  endif
-#  ifndef OPENSSL_NO_DSA
-#   include <openssl/dsa.h>
-#  endif
-#  ifndef OPENSSL_NO_DH
-#   include <openssl/dh.h>
-#  endif
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  include <openssl/rsa.h>
+#  include <openssl/dsa.h>
+#  include <openssl/dh.h>
 # endif
 
-# ifndef OPENSSL_NO_SHA
-#  include <openssl/sha.h>
-# endif
-# include <openssl/ossl_typ.h>
+# include <openssl/sha.h>
+# include <openssl/x509err.h>
 
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
-# ifdef OPENSSL_SYS_WIN32
-/* Under Win32 these are defined in wincrypt.h */
-#  undef X509_NAME
-#  undef X509_CERT_PAIR
-#  undef X509_EXTENSIONS
-# endif
+
+/* Flags for X509_get_signature_info() */
+/* Signature info is valid */
+# define X509_SIG_INFO_VALID     0x1
+/* Signature is suitable for TLS use */
+# define X509_SIG_INFO_TLS       0x2
 
 # define X509_FILETYPE_PEM       1
 # define X509_FILETYPE_ASN1      2
@@ -134,19 +56,11 @@ extern "C" {
 # define X509v3_KU_DECIPHER_ONLY         0x8000
 # define X509v3_KU_UNDEF                 0xffff
 
-typedef struct X509_objects_st {
-    int nid;
-    int (*a2i) (void);
-    int (*i2a) (void);
-} X509_OBJECTS;
-
 struct X509_algor_st {
     ASN1_OBJECT *algorithm;
     ASN1_TYPE *parameter;
 } /* X509_ALGOR */ ;
 
-DECLARE_ASN1_SET_OF(X509_ALGOR)
-
 typedef STACK_OF(X509_ALGOR) X509_ALGORS;
 
 typedef struct X509_val_st {
@@ -154,152 +68,35 @@ typedef struct X509_val_st {
     ASN1_TIME *notAfter;
 } X509_VAL;
 
-struct X509_pubkey_st {
-    X509_ALGOR *algor;
-    ASN1_BIT_STRING *public_key;
-    EVP_PKEY *pkey;
-};
-
-typedef struct X509_sig_st {
-    X509_ALGOR *algor;
-    ASN1_OCTET_STRING *digest;
-} X509_SIG;
-
-typedef struct X509_name_entry_st {
-    ASN1_OBJECT *object;
-    ASN1_STRING *value;
-    int set;
-    int size;                   /* temp variable */
-} X509_NAME_ENTRY;
-
-DECLARE_STACK_OF(X509_NAME_ENTRY)
-DECLARE_ASN1_SET_OF(X509_NAME_ENTRY)
-
-/* we always keep X509_NAMEs in 2 forms. */
-struct X509_name_st {
-    STACK_OF(X509_NAME_ENTRY) *entries;
-    int modified;               /* true if 'bytes' needs to be built */
-# ifndef OPENSSL_NO_BUFFER
-    BUF_MEM *bytes;
-# else
-    char *bytes;
-# endif
-/*      unsigned long hash; Keep the hash around for lookups */
-    unsigned char *canon_enc;
-    int canon_enclen;
-} /* X509_NAME */ ;
+typedef struct X509_sig_st X509_SIG;
+
+typedef struct X509_name_entry_st X509_NAME_ENTRY;
 
-DECLARE_STACK_OF(X509_NAME)
+DEFINE_STACK_OF(X509_NAME_ENTRY)
+
+DEFINE_STACK_OF(X509_NAME)
 
 # define X509_EX_V_NETSCAPE_HACK         0x8000
 # define X509_EX_V_INIT                  0x0001
-typedef struct X509_extension_st {
-    ASN1_OBJECT *object;
-    ASN1_BOOLEAN critical;
-    ASN1_OCTET_STRING *value;
-} X509_EXTENSION;
+typedef struct X509_extension_st X509_EXTENSION;
 
 typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS;
 
-DECLARE_STACK_OF(X509_EXTENSION)
-DECLARE_ASN1_SET_OF(X509_EXTENSION)
-
-/* a sequence of these are used */
-typedef struct x509_attributes_st {
-    ASN1_OBJECT *object;
-    int single;                 /* 0 for a set, 1 for a single item (which is
-                                 * wrong) */
-    union {
-        char *ptr;
-        /*
-         * 0
-         */ STACK_OF(ASN1_TYPE) *set;
-        /*
-         * 1
-         */ ASN1_TYPE *single;
-    } value;
-} X509_ATTRIBUTE;
-
-DECLARE_STACK_OF(X509_ATTRIBUTE)
-DECLARE_ASN1_SET_OF(X509_ATTRIBUTE)
-
-typedef struct X509_req_info_st {
-    ASN1_ENCODING enc;
-    ASN1_INTEGER *version;
-    X509_NAME *subject;
-    X509_PUBKEY *pubkey;
-    /*  d=2 hl=2 l=  0 cons: cont: 00 */
-    STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
-} X509_REQ_INFO;
+DEFINE_STACK_OF(X509_EXTENSION)
 
-typedef struct X509_req_st {
-    X509_REQ_INFO *req_info;
-    X509_ALGOR *sig_alg;
-    ASN1_BIT_STRING *signature;
-    int references;
-} X509_REQ;
-
-typedef struct x509_cinf_st {
-    ASN1_INTEGER *version;      /* [ 0 ] default of v1 */
-    ASN1_INTEGER *serialNumber;
-    X509_ALGOR *signature;
-    X509_NAME *issuer;
-    X509_VAL *validity;
-    X509_NAME *subject;
-    X509_PUBKEY *key;
-    ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */
-    ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */
-    STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */
-    ASN1_ENCODING enc;
-} X509_CINF;
+typedef struct x509_attributes_st X509_ATTRIBUTE;
 
-/*
- * This stuff is certificate "auxiliary info" it contains details which are
- * useful in certificate stores and databases. When used this is tagged onto
- * the end of the certificate itself
- */
+DEFINE_STACK_OF(X509_ATTRIBUTE)
 
-typedef struct x509_cert_aux_st {
-    STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */
-    STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */
-    ASN1_UTF8STRING *alias;     /* "friendly name" */
-    ASN1_OCTET_STRING *keyid;   /* key id of private key */
-    STACK_OF(X509_ALGOR) *other; /* other unspecified info */
-} X509_CERT_AUX;
-
-struct x509_st {
-    X509_CINF *cert_info;
-    X509_ALGOR *sig_alg;
-    ASN1_BIT_STRING *signature;
-    int valid;
-    int references;
-    char *name;
-    CRYPTO_EX_DATA ex_data;
-    /* These contain copies of various extension values */
-    long ex_pathlen;
-    long ex_pcpathlen;
-    unsigned long ex_flags;
-    unsigned long ex_kusage;
-    unsigned long ex_xkusage;
-    unsigned long ex_nscert;
-    ASN1_OCTET_STRING *skid;
-    AUTHORITY_KEYID *akid;
-    X509_POLICY_CACHE *policy_cache;
-    STACK_OF(DIST_POINT) *crldp;
-    STACK_OF(GENERAL_NAME) *altname;
-    NAME_CONSTRAINTS *nc;
-# ifndef OPENSSL_NO_RFC3779
-    STACK_OF(IPAddressFamily) *rfc3779_addr;
-    struct ASIdentifiers_st *rfc3779_asid;
-# endif
-# ifndef OPENSSL_NO_SHA
-    unsigned char sha1_hash[SHA_DIGEST_LENGTH];
-# endif
-    X509_CERT_AUX *aux;
-} /* X509 */ ;
+typedef struct X509_req_info_st X509_REQ_INFO;
+
+typedef struct X509_req_st X509_REQ;
+
+typedef struct x509_cert_aux_st X509_CERT_AUX;
 
-DECLARE_STACK_OF(X509)
-DECLARE_ASN1_SET_OF(X509)
+typedef struct x509_cinf_st X509_CINF;
+
+DEFINE_STACK_OF(X509)
 
 /* This is used for a table of trust checking functions */
 
@@ -312,16 +109,11 @@ typedef struct x509_trust_st {
     void *arg2;
 } X509_TRUST;
 
-DECLARE_STACK_OF(X509_TRUST)
-
-typedef struct x509_cert_pair_st {
-    X509 *forward;
-    X509 *reverse;
-} X509_CERT_PAIR;
+DEFINE_STACK_OF(X509_TRUST)
 
 /* standard trust ids */
 
-# define X509_TRUST_DEFAULT      -1/* Only valid in purpose settings */
+# define X509_TRUST_DEFAULT      0 /* Only valid in purpose settings */
 
 # define X509_TRUST_COMPAT       1
 # define X509_TRUST_SSL_CLIENT   2
@@ -337,8 +129,14 @@ typedef struct x509_cert_pair_st {
 # define X509_TRUST_MAX          8
 
 /* trust_flags values */
-# define X509_TRUST_DYNAMIC      1
-# define X509_TRUST_DYNAMIC_NAME 2
+# define X509_TRUST_DYNAMIC      (1U << 0)
+# define X509_TRUST_DYNAMIC_NAME (1U << 1)
+/* No compat trust if self-signed, preempts "DO_SS" */
+# define X509_TRUST_NO_SS_COMPAT (1U << 2)
+/* Compat trust if no explicit accepted trust EKUs */
+# define X509_TRUST_DO_SS_COMPAT (1U << 3)
+/* Accept "anyEKU" as a wildcard trust OID */
+# define X509_TRUST_OK_ANY_EKU   (1U << 4)
 
 /* check_trust return codes */
 
@@ -369,8 +167,7 @@ typedef struct x509_cert_pair_st {
 
 # define XN_FLAG_SEP_MASK        (0xf << 16)
 
-# define XN_FLAG_COMPAT          0/* Traditional SSLeay: use old
-                                   * X509_NAME_print */
+# define XN_FLAG_COMPAT          0/* Traditional; use old X509_NAME_print */
 # define XN_FLAG_SEP_COMMA_PLUS  (1 << 16)/* RFC2253 ,+ */
 # define XN_FLAG_SEP_CPLUS_SPC   (2 << 16)/* ,+ spaced: more readable */
 # define XN_FLAG_SEP_SPLUS_SPC   (3 << 16)/* ;+ spaced */
@@ -424,57 +221,11 @@ typedef struct x509_cert_pair_st {
                         XN_FLAG_FN_LN | \
                         XN_FLAG_FN_ALIGN)
 
-struct x509_revoked_st {
-    ASN1_INTEGER *serialNumber;
-    ASN1_TIME *revocationDate;
-    STACK_OF(X509_EXTENSION) /* optional */ *extensions;
-    /* Set up if indirect CRL */
-    STACK_OF(GENERAL_NAME) *issuer;
-    /* Revocation reason */
-    int reason;
-    int sequence;               /* load sequence */
-};
-
-DECLARE_STACK_OF(X509_REVOKED)
-DECLARE_ASN1_SET_OF(X509_REVOKED)
-
-typedef struct X509_crl_info_st {
-    ASN1_INTEGER *version;
-    X509_ALGOR *sig_alg;
-    X509_NAME *issuer;
-    ASN1_TIME *lastUpdate;
-    ASN1_TIME *nextUpdate;
-    STACK_OF(X509_REVOKED) *revoked;
-    STACK_OF(X509_EXTENSION) /* [0] */ *extensions;
-    ASN1_ENCODING enc;
-} X509_CRL_INFO;
-
-struct X509_crl_st {
-    /* actual signature */
-    X509_CRL_INFO *crl;
-    X509_ALGOR *sig_alg;
-    ASN1_BIT_STRING *signature;
-    int references;
-    int flags;
-    /* Copies of various extensions */
-    AUTHORITY_KEYID *akid;
-    ISSUING_DIST_POINT *idp;
-    /* Convenient breakdown of IDP */
-    int idp_flags;
-    int idp_reasons;
-    /* CRL and base CRL numbers for delta processing */
-    ASN1_INTEGER *crl_number;
-    ASN1_INTEGER *base_crl_number;
-# ifndef OPENSSL_NO_SHA
-    unsigned char sha1_hash[SHA_DIGEST_LENGTH];
-# endif
-    STACK_OF(GENERAL_NAMES) *issuers;
-    const X509_CRL_METHOD *meth;
-    void *meth_data;
-} /* X509_CRL */ ;
+DEFINE_STACK_OF(X509_REVOKED)
 
-DECLARE_STACK_OF(X509_CRL)
-DECLARE_ASN1_SET_OF(X509_CRL)
+typedef struct X509_crl_info_st X509_CRL_INFO;
+
+DEFINE_STACK_OF(X509_CRL)
 
 typedef struct private_key_st {
     int version;
@@ -489,10 +240,8 @@ typedef struct private_key_st {
     int key_free;               /* true if we should auto free key_data */
     /* expanded version of 'enc_algor' */
     EVP_CIPHER_INFO cipher;
-    int references;
 } X509_PKEY;
 
-# ifndef OPENSSL_NO_EVP
 typedef struct X509_info_st {
     X509 *x509;
     X509_CRL *crl;
@@ -500,16 +249,13 @@ typedef struct X509_info_st {
     EVP_CIPHER_INFO enc_cipher;
     int enc_len;
     char *enc_data;
-    int references;
 } X509_INFO;
 
-DECLARE_STACK_OF(X509_INFO)
-# endif
+DEFINE_STACK_OF(X509_INFO)
 
 /*
- * The next 2 structures and their 8 routines were sent to me by Pat Richard
- * <patr@x509.com> and are used to manipulate Netscapes spki structures -
- * useful if you are writing a CA web page
+ * The next 2 structures and their 8 routines are used to manipulate Netscape's
+ * spki structures - useful if you are writing a CA web page
  */
 typedef struct Netscape_spkac_st {
     X509_PUBKEY *pubkey;
@@ -518,7 +264,7 @@ typedef struct Netscape_spkac_st {
 
 typedef struct Netscape_spki_st {
     NETSCAPE_SPKAC *spkac;      /* signed public key and challenge */
-    X509_ALGOR *sig_algor;
+    X509_ALGOR sig_algor;
     ASN1_BIT_STRING *signature;
 } NETSCAPE_SPKI;
 
@@ -557,22 +303,15 @@ typedef struct PBKDF2PARAM_st {
     X509_ALGOR *prf;
 } PBKDF2PARAM;
 
-/* PKCS#8 private key info structure */
-
-struct pkcs8_priv_key_info_st {
-    /* Flag for various broken formats */
-    int broken;
-# define PKCS8_OK                0
-# define PKCS8_NO_OCTET          1
-# define PKCS8_EMBEDDED_PARAM    2
-# define PKCS8_NS_DB             3
-# define PKCS8_NEG_PRIVKEY       4
-    ASN1_INTEGER *version;
-    X509_ALGOR *pkeyalg;
-    /* Should be OCTET STRING but some are broken */
-    ASN1_TYPE *pkey;
-    STACK_OF(X509_ATTRIBUTE) *attributes;
-};
+#ifndef OPENSSL_NO_SCRYPT
+typedef struct SCRYPT_PARAMS_st {
+    ASN1_OCTET_STRING *salt;
+    ASN1_INTEGER *costParameter;
+    ASN1_INTEGER *blockSize;
+    ASN1_INTEGER *parallelizationParameter;
+    ASN1_INTEGER *keyLength;
+} SCRYPT_PARAMS;
+#endif
 
 #ifdef  __cplusplus
 }
@@ -588,22 +327,9 @@ extern "C" {
 # define X509_EXT_PACK_UNKNOWN   1
 # define X509_EXT_PACK_STRING    2
 
-# define         X509_get_version(x) ASN1_INTEGER_get((x)->cert_info->version)
-/* #define      X509_get_serialNumber(x) ((x)->cert_info->serialNumber) */
-# define         X509_get_notBefore(x) ((x)->cert_info->validity->notBefore)
-# define         X509_get_notAfter(x) ((x)->cert_info->validity->notAfter)
 # define         X509_extract_key(x)     X509_get_pubkey(x)/*****/
-# define         X509_REQ_get_version(x) ASN1_INTEGER_get((x)->req_info->version)
-# define         X509_REQ_get_subject_name(x) ((x)->req_info->subject)
 # define         X509_REQ_extract_key(a) X509_REQ_get_pubkey(a)
 # define         X509_name_cmp(a,b)      X509_NAME_cmp((a),(b))
-# define         X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm))
-
-# define         X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version)
-# define         X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate)
-# define         X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate)
-# define         X509_CRL_get_issuer(x) ((x)->crl->issuer)
-# define         X509_CRL_get_REVOKED(x) ((x)->crl->revoked)
 
 void X509_CRL_set_default_method(const X509_CRL_METHOD *meth);
 X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl),
@@ -619,15 +345,8 @@ void X509_CRL_METHOD_free(X509_CRL_METHOD *m);
 void X509_CRL_set_meth_data(X509_CRL *crl, void *dat);
 void *X509_CRL_get_meth_data(X509_CRL *crl);
 
-/*
- * This one is only used so that a binary form can output, as in
- * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf)
- */
-# define         X509_get_X509_PUBKEY(x) ((x)->cert_info->key)
-
 const char *X509_verify_cert_error_string(long n);
 
-# ifndef OPENSSL_NO_EVP
 int X509_verify(X509 *a, EVP_PKEY *r);
 
 int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r);
@@ -642,16 +361,21 @@ int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey);
 int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki);
 
 int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent);
-int X509_signature_print(BIO *bp, X509_ALGOR *alg, ASN1_STRING *sig);
+int X509_signature_print(BIO *bp, const X509_ALGOR *alg,
+                         const ASN1_STRING *sig);
 
 int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
 int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx);
+# ifndef OPENSSL_NO_OCSP
 int X509_http_nbio(OCSP_REQ_CTX *rctx, X509 **pcert);
+# endif
 int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md);
 int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx);
 int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md);
 int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx);
+# ifndef OPENSSL_NO_OCSP
 int X509_CRL_http_nbio(OCSP_REQ_CTX *rctx, X509_CRL **pcrl);
+# endif
 int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md);
 
 int X509_pubkey_digest(const X509 *data, const EVP_MD *type,
@@ -664,9 +388,8 @@ int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type,
                     unsigned char *md, unsigned int *len);
 int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type,
                      unsigned char *md, unsigned int *len);
-# endif
 
-# ifndef OPENSSL_NO_FP_API
+# ifndef OPENSSL_NO_STDIO
 X509 *d2i_X509_fp(FILE *fp, X509 **x509);
 int i2d_X509_fp(FILE *fp, X509 *x509);
 X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl);
@@ -705,7 +428,6 @@ int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey);
 EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
 # endif
 
-# ifndef OPENSSL_NO_BIO
 X509 *d2i_X509_bio(BIO *bp, X509 **x509);
 int i2d_X509_bio(BIO *bp, X509 *x509);
 X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl);
@@ -742,7 +464,6 @@ int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey);
 EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
 int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey);
 EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
-# endif
 
 X509 *X509_dup(X509 *x509);
 X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa);
@@ -753,8 +474,8 @@ X509_REQ *X509_REQ_dup(X509_REQ *req);
 X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn);
 int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype,
                     void *pval);
-void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
-                     X509_ALGOR *algor);
+void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype,
+                     const void **ppval, const X509_ALGOR *algor);
 void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md);
 int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b);
 
@@ -785,8 +506,10 @@ DECLARE_ASN1_FUNCTIONS(X509_VAL)
 DECLARE_ASN1_FUNCTIONS(X509_PUBKEY)
 
 int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
+EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key);
 EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key);
 int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain);
+long X509_get_pathlen(X509 *x);
 int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp);
 EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length);
 # ifndef OPENSSL_NO_RSA
@@ -803,6 +526,11 @@ EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length);
 # endif
 
 DECLARE_ASN1_FUNCTIONS(X509_SIG)
+void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg,
+                   const ASN1_OCTET_STRING **pdigest);
+void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg,
+                   ASN1_OCTET_STRING **pdigest);
+
 DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO)
 DECLARE_ASN1_FUNCTIONS(X509_REQ)
 
@@ -823,10 +551,8 @@ DECLARE_ASN1_FUNCTIONS(X509_CINF)
 DECLARE_ASN1_FUNCTIONS(X509)
 DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX)
 
-DECLARE_ASN1_FUNCTIONS(X509_CERT_PAIR)
-
-int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-                          CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+#define X509_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, l, p, newf, dupf, freef)
 int X509_set_ex_data(X509 *r, int idx, void *arg);
 void *X509_get_ex_data(X509 *r, int idx);
 int i2d_X509_AUX(X509 *a, unsigned char **pp);
@@ -834,22 +560,34 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length);
 
 int i2d_re_X509_tbs(X509 *x, unsigned char **pp);
 
-void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg,
-                         const X509 *x);
+int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid,
+                      int *secbits, uint32_t *flags);
+void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid,
+                       int secbits, uint32_t flags);
+
+int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits,
+                            uint32_t *flags);
+
+void X509_get0_signature(const ASN1_BIT_STRING **psig,
+                         const X509_ALGOR **palg, const X509 *x);
 int X509_get_signature_nid(const X509 *x);
 
-int X509_alias_set1(X509 *x, unsigned char *name, int len);
-int X509_keyid_set1(X509 *x, unsigned char *id, int len);
+int X509_trusted(const X509 *x);
+int X509_alias_set1(X509 *x, const unsigned char *name, int len);
+int X509_keyid_set1(X509 *x, const unsigned char *id, int len);
 unsigned char *X509_alias_get0(X509 *x, int *len);
 unsigned char *X509_keyid_get0(X509 *x, int *len);
 int (*X509_TRUST_set_default(int (*trust) (int, X509 *, int))) (int, X509 *,
                                                                 int);
 int X509_TRUST_set(int *t, int trust);
-int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj);
-int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj);
+int X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj);
+int X509_add1_reject_object(X509 *x, const ASN1_OBJECT *obj);
 void X509_trust_clear(X509 *x);
 void X509_reject_clear(X509 *x);
 
+STACK_OF(ASN1_OBJECT) *X509_get0_trust_objects(X509 *x);
+STACK_OF(ASN1_OBJECT) *X509_get0_reject_objects(X509 *x);
+
 DECLARE_ASN1_FUNCTIONS(X509_REVOKED)
 DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO)
 DECLARE_ASN1_FUNCTIONS(X509_CRL)
@@ -861,18 +599,14 @@ int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x);
 
 X509_PKEY *X509_PKEY_new(void);
 void X509_PKEY_free(X509_PKEY *a);
-int i2d_X509_PKEY(X509_PKEY *a, unsigned char **pp);
-X509_PKEY *d2i_X509_PKEY(X509_PKEY **a, const unsigned char **pp,
-                         long length);
 
 DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI)
 DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC)
 DECLARE_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE)
 
-# ifndef OPENSSL_NO_EVP
 X509_INFO *X509_INFO_new(void);
 void X509_INFO_free(X509_INFO *a);
-char *X509_NAME_oneline(X509_NAME *a, char *buf, int size);
+char *X509_NAME_oneline(const X509_NAME *a, char *buf, int size);
 
 int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *algor1,
                 ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey);
@@ -896,26 +630,61 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1,
 int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1,
                        X509_ALGOR *algor2, ASN1_BIT_STRING *signature,
                        void *asn, EVP_MD_CTX *ctx);
-# endif
 
+long X509_get_version(const X509 *x);
 int X509_set_version(X509 *x, long version);
 int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial);
 ASN1_INTEGER *X509_get_serialNumber(X509 *x);
+const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x);
 int X509_set_issuer_name(X509 *x, X509_NAME *name);
-X509_NAME *X509_get_issuer_name(X509 *a);
+X509_NAME *X509_get_issuer_name(const X509 *a);
 int X509_set_subject_name(X509 *x, X509_NAME *name);
-X509_NAME *X509_get_subject_name(X509 *a);
-int X509_set_notBefore(X509 *x, const ASN1_TIME *tm);
-int X509_set_notAfter(X509 *x, const ASN1_TIME *tm);
+X509_NAME *X509_get_subject_name(const X509 *a);
+const ASN1_TIME * X509_get0_notBefore(const X509 *x);
+ASN1_TIME *X509_getm_notBefore(const X509 *x);
+int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm);
+const ASN1_TIME *X509_get0_notAfter(const X509 *x);
+ASN1_TIME *X509_getm_notAfter(const X509 *x);
+int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm);
 int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
+int X509_up_ref(X509 *x);
+int X509_get_signature_type(const X509 *x);
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define X509_get_notBefore X509_getm_notBefore
+#  define X509_get_notAfter X509_getm_notAfter
+#  define X509_set_notBefore X509_set1_notBefore
+#  define X509_set_notAfter X509_set1_notAfter
+#endif
+
+
+/*
+ * This one is only used so that a binary form can output, as in
+ * i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x), &buf)
+ */
+X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x);
+const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x);
+void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid,
+                    const ASN1_BIT_STRING **psuid);
+const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x);
+
+EVP_PKEY *X509_get0_pubkey(const X509 *x);
 EVP_PKEY *X509_get_pubkey(X509 *x);
 ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x);
-int X509_certificate_type(X509 *x, EVP_PKEY *pubkey /* optional */ );
+int X509_certificate_type(const X509 *x, const EVP_PKEY *pubkey);
 
+long X509_REQ_get_version(const X509_REQ *req);
 int X509_REQ_set_version(X509_REQ *x, long version);
+X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req);
 int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name);
+void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig,
+                             const X509_ALGOR **palg);
+int X509_REQ_get_signature_nid(const X509_REQ *req);
+int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp);
 int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
 EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
+EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req);
+X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req);
 int X509_REQ_extension_nid(int nid);
 int *X509_REQ_get_extension_nids(void);
 void X509_REQ_set_extension_nids(int *nids);
@@ -925,7 +694,7 @@ int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
 int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts);
 int X509_REQ_get_attr_count(const X509_REQ *req);
 int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos);
-int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj,
+int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, const ASN1_OBJECT *obj,
                              int lastpos);
 X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc);
 X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc);
@@ -942,19 +711,42 @@ int X509_REQ_add1_attr_by_txt(X509_REQ *req,
 
 int X509_CRL_set_version(X509_CRL *x, long version);
 int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
-int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm);
-int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm);
+int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm);
+int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm);
 int X509_CRL_sort(X509_CRL *crl);
+int X509_CRL_up_ref(X509_CRL *crl);
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define X509_CRL_set_lastUpdate X509_CRL_set1_lastUpdate
+#  define X509_CRL_set_nextUpdate X509_CRL_set1_nextUpdate
+#endif
 
+long X509_CRL_get_version(const X509_CRL *crl);
+const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl);
+const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl);
+DEPRECATEDIN_1_1_0(ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl))
+DEPRECATEDIN_1_1_0(ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl))
+X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl);
+const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl);
+STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl);
+void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig,
+                             const X509_ALGOR **palg);
+int X509_CRL_get_signature_nid(const X509_CRL *crl);
+int i2d_re_X509_CRL_tbs(X509_CRL *req, unsigned char **pp);
+
+const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *x);
 int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial);
+const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *x);
 int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm);
+const STACK_OF(X509_EXTENSION) *
+X509_REVOKED_get0_extensions(const X509_REVOKED *r);
 
 X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
                         EVP_PKEY *skey, const EVP_MD *md, unsigned int flags);
 
 int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey);
 
-int X509_check_private_key(X509 *x509, EVP_PKEY *pkey);
+int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey);
 int X509_chain_check_suiteb(int *perror_depth,
                             X509 *x, STACK_OF(X509) *chain,
                             unsigned long flags);
@@ -982,78 +774,82 @@ unsigned long X509_NAME_hash_old(X509_NAME *x);
 
 int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b);
 int X509_CRL_match(const X509_CRL *a, const X509_CRL *b);
-# ifndef OPENSSL_NO_FP_API
+int X509_aux_print(BIO *out, X509 *x, int indent);
+# ifndef OPENSSL_NO_STDIO
 int X509_print_ex_fp(FILE *bp, X509 *x, unsigned long nmflag,
                      unsigned long cflag);
 int X509_print_fp(FILE *bp, X509 *x);
 int X509_CRL_print_fp(FILE *bp, X509_CRL *x);
 int X509_REQ_print_fp(FILE *bp, X509_REQ *req);
-int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent,
+int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent,
                           unsigned long flags);
 # endif
 
-# ifndef OPENSSL_NO_BIO
-int X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
-int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent,
+int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase);
+int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent,
                        unsigned long flags);
 int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflag,
                   unsigned long cflag);
 int X509_print(BIO *bp, X509 *x);
 int X509_ocspid_print(BIO *bp, X509 *x);
-int X509_CERT_AUX_print(BIO *bp, X509_CERT_AUX *x, int indent);
+int X509_CRL_print_ex(BIO *out, X509_CRL *x, unsigned long nmflag);
 int X509_CRL_print(BIO *bp, X509_CRL *x);
 int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag,
                       unsigned long cflag);
 int X509_REQ_print(BIO *bp, X509_REQ *req);
-# endif
 
-int X509_NAME_entry_count(X509_NAME *name);
+int X509_NAME_entry_count(const X509_NAME *name);
 int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len);
-int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
+int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj,
                               char *buf, int len);
 
 /*
- * NOTE: you should be passsing -1, not 0 as lastpos.  The functions that use
+ * NOTE: you should be passing -1, not 0 as lastpos. The functions that use
  * lastpos, search after that position on.
  */
 int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos);
-int X509_NAME_get_index_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
+int X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj,
                                int lastpos);
-X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
+X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc);
 X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
-int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne,
+int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne,
                         int loc, int set);
-int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type,
-                               unsigned char *bytes, int len, int loc,
+int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type,
+                               const unsigned char *bytes, int len, int loc,
                                int set);
 int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
-                               unsigned char *bytes, int len, int loc,
+                               const unsigned char *bytes, int len, int loc,
                                int set);
 X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
                                                const char *field, int type,
                                                const unsigned char *bytes,
                                                int len);
 X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
-                                               int type, unsigned char *bytes,
+                                               int type,
+                                               const unsigned char *bytes,
                                                int len);
 int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type,
                                const unsigned char *bytes, int len, int loc,
                                int set);
 X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
-                                               ASN1_OBJECT *obj, int type,
+                                               const ASN1_OBJECT *obj, int type,
                                                const unsigned char *bytes,
                                                int len);
-int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj);
+int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj);
 int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
                              const unsigned char *bytes, int len);
-ASN1_OBJECT *X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
-ASN1_STRING *X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
+ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne);
+ASN1_STRING * X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne);
+int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne);
+
+int X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder,
+                       size_t *pderlen);
 
 int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x);
 int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x,
                           int nid, int lastpos);
 int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x,
-                          ASN1_OBJECT *obj, int lastpos);
+                          const ASN1_OBJECT *obj, int lastpos);
 int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x,
                                int crit, int lastpos);
 X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc);
@@ -1061,37 +857,40 @@ X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc);
 STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
                                          X509_EXTENSION *ex, int loc);
 
-int X509_get_ext_count(X509 *x);
-int X509_get_ext_by_NID(X509 *x, int nid, int lastpos);
-int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos);
-int X509_get_ext_by_critical(X509 *x, int crit, int lastpos);
-X509_EXTENSION *X509_get_ext(X509 *x, int loc);
+int X509_get_ext_count(const X509 *x);
+int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos);
+int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, int lastpos);
+int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos);
+X509_EXTENSION *X509_get_ext(const X509 *x, int loc);
 X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
 int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
-void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx);
+void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx);
 int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
                       unsigned long flags);
 
-int X509_CRL_get_ext_count(X509_CRL *x);
-int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos);
-int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos);
-int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos);
-X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc);
+int X509_CRL_get_ext_count(const X509_CRL *x);
+int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos);
+int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj,
+                            int lastpos);
+int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos);
+X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc);
 X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
 int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);
-void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx);
+void *X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit, int *idx);
 int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,
                           unsigned long flags);
 
-int X509_REVOKED_get_ext_count(X509_REVOKED *x);
-int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos);
-int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj,
+int X509_REVOKED_get_ext_count(const X509_REVOKED *x);
+int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos);
+int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, const ASN1_OBJECT *obj,
                                 int lastpos);
-int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos);
-X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc);
+int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit,
+                                     int lastpos);
+X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc);
 X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc);
 int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc);
-void *X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx);
+void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *x, int nid, int *crit,
+                               int *idx);
 int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit,
                               unsigned long flags);
 
@@ -1099,20 +898,20 @@ X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex,
                                              int nid, int crit,
                                              ASN1_OCTET_STRING *data);
 X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
-                                             ASN1_OBJECT *obj, int crit,
+                                             const ASN1_OBJECT *obj, int crit,
                                              ASN1_OCTET_STRING *data);
-int X509_EXTENSION_set_object(X509_EXTENSION *ex, ASN1_OBJECT *obj);
+int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj);
 int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit);
 int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data);
 ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex);
 ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);
-int X509_EXTENSION_get_critical(X509_EXTENSION *ex);
+int X509_EXTENSION_get_critical(const X509_EXTENSION *ex);
 
 int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x);
 int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
                            int lastpos);
 int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk,
-                           ASN1_OBJECT *obj, int lastpos);
+                           const ASN1_OBJECT *obj, int lastpos);
 X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc);
 X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc);
 STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
@@ -1131,8 +930,8 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE)
                                                   int type,
                                                   const unsigned char *bytes,
                                                   int len);
-void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x, ASN1_OBJECT *obj,
-                              int lastpos, int type);
+void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x,
+                              const ASN1_OBJECT *obj, int lastpos, int type);
 X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
                                              int atrtype, const void *data,
                                              int len);
@@ -1149,13 +948,13 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
                              const void *data, int len);
 void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, int atrtype,
                                void *data);
-int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr);
+int X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr);
 ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr);
 ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx);
 
 int EVP_PKEY_get_attr_count(const EVP_PKEY *key);
 int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, int lastpos);
-int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, ASN1_OBJECT *obj,
+int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, const ASN1_OBJECT *obj,
                              int lastpos);
 X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc);
 X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc);
@@ -1180,6 +979,9 @@ X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name);
 DECLARE_ASN1_FUNCTIONS(PBEPARAM)
 DECLARE_ASN1_FUNCTIONS(PBE2PARAM)
 DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM)
+#ifndef OPENSSL_NO_SCRYPT
+DECLARE_ASN1_FUNCTIONS(SCRYPT_PARAMS)
+#endif
 
 int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
                          const unsigned char *salt, int saltlen);
@@ -1192,6 +994,13 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
                               unsigned char *salt, int saltlen,
                               unsigned char *aiv, int prf_nid);
 
+#ifndef OPENSSL_NO_SCRYPT
+X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher,
+                                  const unsigned char *salt, int saltlen,
+                                  unsigned char *aiv, uint64_t N, uint64_t r,
+                                  uint64_t p);
+#endif
+
 X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
                              int prf_nid, int keylen);
 
@@ -1199,17 +1008,20 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
 
 DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
 
-EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8);
+EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8);
 PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey);
-PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken);
-PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken);
 
 int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj,
                     int version, int ptype, void *pval,
                     unsigned char *penc, int penclen);
-int PKCS8_pkey_get0(ASN1_OBJECT **ppkalg,
+int PKCS8_pkey_get0(const ASN1_OBJECT **ppkalg,
                     const unsigned char **pk, int *ppklen,
-                    X509_ALGOR **pa, PKCS8_PRIV_KEY_INFO *p8);
+                    const X509_ALGOR **pa, const PKCS8_PRIV_KEY_INFO *p8);
+
+const STACK_OF(X509_ATTRIBUTE) *
+PKCS8_pkey_get0_attrs(const PKCS8_PRIV_KEY_INFO *p8);
+int PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int nid, int type,
+                                const unsigned char *bytes, int len);
 
 int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
                            int ptype, void *pval,
@@ -1223,106 +1035,11 @@ int X509_TRUST_get_count(void);
 X509_TRUST *X509_TRUST_get0(int idx);
 int X509_TRUST_get_by_id(int id);
 int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int),
-                   char *name, int arg1, void *arg2);
+                   const char *name, int arg1, void *arg2);
 void X509_TRUST_cleanup(void);
-int X509_TRUST_get_flags(X509_TRUST *xp);
-char *X509_TRUST_get0_name(X509_TRUST *xp);
-int X509_TRUST_get_trust(X509_TRUST *xp);
-
-/* BEGIN ERROR CODES */
-/*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-
-void ERR_load_X509_strings(void);
-
-/* Error codes for the X509 functions. */
-
-/* Function codes. */
-# define X509_F_ADD_CERT_DIR                              100
-# define X509_F_BY_FILE_CTRL                              101
-# define X509_F_CHECK_NAME_CONSTRAINTS                    106
-# define X509_F_CHECK_POLICY                              145
-# define X509_F_DIR_CTRL                                  102
-# define X509_F_GET_CERT_BY_SUBJECT                       103
-# define X509_F_NETSCAPE_SPKI_B64_DECODE                  129
-# define X509_F_NETSCAPE_SPKI_B64_ENCODE                  130
-# define X509_F_X509AT_ADD1_ATTR                          135
-# define X509_F_X509V3_ADD_EXT                            104
-# define X509_F_X509_ATTRIBUTE_CREATE_BY_NID              136
-# define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ              137
-# define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT              140
-# define X509_F_X509_ATTRIBUTE_GET0_DATA                  139
-# define X509_F_X509_ATTRIBUTE_SET1_DATA                  138
-# define X509_F_X509_CHECK_PRIVATE_KEY                    128
-# define X509_F_X509_CRL_DIFF                             105
-# define X509_F_X509_CRL_PRINT_FP                         147
-# define X509_F_X509_EXTENSION_CREATE_BY_NID              108
-# define X509_F_X509_EXTENSION_CREATE_BY_OBJ              109
-# define X509_F_X509_GET_PUBKEY_PARAMETERS                110
-# define X509_F_X509_LOAD_CERT_CRL_FILE                   132
-# define X509_F_X509_LOAD_CERT_FILE                       111
-# define X509_F_X509_LOAD_CRL_FILE                        112
-# define X509_F_X509_NAME_ADD_ENTRY                       113
-# define X509_F_X509_NAME_ENTRY_CREATE_BY_NID             114
-# define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT             131
-# define X509_F_X509_NAME_ENTRY_SET_OBJECT                115
-# define X509_F_X509_NAME_ONELINE                         116
-# define X509_F_X509_NAME_PRINT                           117
-# define X509_F_X509_PRINT_EX_FP                          118
-# define X509_F_X509_PUBKEY_GET                           119
-# define X509_F_X509_PUBKEY_SET                           120
-# define X509_F_X509_REQ_CHECK_PRIVATE_KEY                144
-# define X509_F_X509_REQ_PRINT_EX                         121
-# define X509_F_X509_REQ_PRINT_FP                         122
-# define X509_F_X509_REQ_TO_X509                          123
-# define X509_F_X509_STORE_ADD_CERT                       124
-# define X509_F_X509_STORE_ADD_CRL                        125
-# define X509_F_X509_STORE_CTX_GET1_ISSUER                146
-# define X509_F_X509_STORE_CTX_INIT                       143
-# define X509_F_X509_STORE_CTX_NEW                        142
-# define X509_F_X509_STORE_CTX_PURPOSE_INHERIT            134
-# define X509_F_X509_TO_X509_REQ                          126
-# define X509_F_X509_TRUST_ADD                            133
-# define X509_F_X509_TRUST_SET                            141
-# define X509_F_X509_VERIFY_CERT                          127
-
-/* Reason codes. */
-# define X509_R_AKID_MISMATCH                             110
-# define X509_R_BAD_X509_FILETYPE                         100
-# define X509_R_BASE64_DECODE_ERROR                       118
-# define X509_R_CANT_CHECK_DH_KEY                         114
-# define X509_R_CERT_ALREADY_IN_HASH_TABLE                101
-# define X509_R_CRL_ALREADY_DELTA                         127
-# define X509_R_CRL_VERIFY_FAILURE                        131
-# define X509_R_ERR_ASN1_LIB                              102
-# define X509_R_IDP_MISMATCH                              128
-# define X509_R_INVALID_DIRECTORY                         113
-# define X509_R_INVALID_FIELD_NAME                        119
-# define X509_R_INVALID_TRUST                             123
-# define X509_R_ISSUER_MISMATCH                           129
-# define X509_R_KEY_TYPE_MISMATCH                         115
-# define X509_R_KEY_VALUES_MISMATCH                       116
-# define X509_R_LOADING_CERT_DIR                          103
-# define X509_R_LOADING_DEFAULTS                          104
-# define X509_R_METHOD_NOT_SUPPORTED                      124
-# define X509_R_NAME_TOO_LONG                             134
-# define X509_R_NEWER_CRL_NOT_NEWER                       132
-# define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY              105
-# define X509_R_NO_CRL_NUMBER                             130
-# define X509_R_PUBLIC_KEY_DECODE_ERROR                   125
-# define X509_R_PUBLIC_KEY_ENCODE_ERROR                   126
-# define X509_R_SHOULD_RETRY                              106
-# define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN        107
-# define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY            108
-# define X509_R_UNKNOWN_KEY_TYPE                          117
-# define X509_R_UNKNOWN_NID                               109
-# define X509_R_UNKNOWN_PURPOSE_ID                        121
-# define X509_R_UNKNOWN_TRUST_ID                          120
-# define X509_R_UNSUPPORTED_ALGORITHM                     111
-# define X509_R_WRONG_LOOKUP_TYPE                         112
-# define X509_R_WRONG_TYPE                                122
+int X509_TRUST_get_flags(const X509_TRUST *xp);
+char *X509_TRUST_get0_name(const X509_TRUST *xp);
+int X509_TRUST_get_trust(const X509_TRUST *xp);
 
 # ifdef  __cplusplus
 }
diff --git a/freebsd/crypto/openssl/crypto/x509/x509_vfy.h b/freebsd/crypto/openssl/include/openssl/x509_vfy.h
index 50626826..2adb1559 100644
--- a/freebsd/crypto/openssl/crypto/x509/x509_vfy.h
+++ b/freebsd/crypto/openssl/include/openssl/x509_vfy.h
@@ -1,76 +1,24 @@
-/* crypto/x509/x509_vfy.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_X509_H
-# include <openssl/x509.h>
 /*
- * openssl/x509.h ends up #include-ing this file at about the only
- * appropriate moment.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
-#endif
 
 #ifndef HEADER_X509_VFY_H
 # define HEADER_X509_VFY_H
 
-# include <openssl/opensslconf.h>
-# ifndef OPENSSL_NO_LHASH
-#  include <openssl/lhash.h>
+/*
+ * Protect against recursion, x509.h and x509_vfy.h each include the other.
+ */
+# ifndef HEADER_X509_H
+#  include <openssl/x509.h>
 # endif
+
+# include <openssl/opensslconf.h>
+# include <openssl/lhash.h>
 # include <openssl/bio.h>
 # include <openssl/crypto.h>
 # include <openssl/symhacks.h>
@@ -79,24 +27,6 @@
 extern "C" {
 #endif
 
-# if 0
-/* Outer object */
-typedef struct x509_hash_dir_st {
-    int num_dirs;
-    char **dirs;
-    int *dirs_type;
-    int num_dirs_alloced;
-} X509_HASH_DIR_CTX;
-# endif
-
-typedef struct x509_file_st {
-    int num_paths;              /* number of paths to files or directories */
-    int num_alloced;
-    char **paths;               /* the list of paths or directories */
-    int *path_type;
-} X509_CERT_FILE_CTX;
-
-/*******************************/
 /*-
 SSL_CTX -> X509_STORE
                 -> X509_LOOKUP
@@ -114,187 +44,41 @@ The X509_STORE then calls a function to actually verify the
 certificate chain.
 */
 
-# define X509_LU_RETRY           -1
-# define X509_LU_FAIL            0
-# define X509_LU_X509            1
-# define X509_LU_CRL             2
-# define X509_LU_PKEY            3
-
-typedef struct x509_object_st {
-    /* one of the above types */
-    int type;
-    union {
-        char *ptr;
-        X509 *x509;
-        X509_CRL *crl;
-        EVP_PKEY *pkey;
-    } data;
-} X509_OBJECT;
-
-typedef struct x509_lookup_st X509_LOOKUP;
-
-DECLARE_STACK_OF(X509_LOOKUP)
-DECLARE_STACK_OF(X509_OBJECT)
-
-/* This is a static that defines the function interface */
-typedef struct x509_lookup_method_st {
-    const char *name;
-    int (*new_item) (X509_LOOKUP *ctx);
-    void (*free) (X509_LOOKUP *ctx);
-    int (*init) (X509_LOOKUP *ctx);
-    int (*shutdown) (X509_LOOKUP *ctx);
-    int (*ctrl) (X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
-                 char **ret);
-    int (*get_by_subject) (X509_LOOKUP *ctx, int type, X509_NAME *name,
-                           X509_OBJECT *ret);
-    int (*get_by_issuer_serial) (X509_LOOKUP *ctx, int type, X509_NAME *name,
-                                 ASN1_INTEGER *serial, X509_OBJECT *ret);
-    int (*get_by_fingerprint) (X509_LOOKUP *ctx, int type,
-                               unsigned char *bytes, int len,
-                               X509_OBJECT *ret);
-    int (*get_by_alias) (X509_LOOKUP *ctx, int type, char *str, int len,
-                         X509_OBJECT *ret);
-} X509_LOOKUP_METHOD;
-
-typedef struct X509_VERIFY_PARAM_ID_st X509_VERIFY_PARAM_ID;
-
-/*
- * This structure hold all parameters associated with a verify operation by
- * including an X509_VERIFY_PARAM structure in related structures the
- * parameters used can be customized
- */
-
-typedef struct X509_VERIFY_PARAM_st {
-    char *name;
-    time_t check_time;          /* Time to use */
-    unsigned long inh_flags;    /* Inheritance flags */
-    unsigned long flags;        /* Various verify flags */
-    int purpose;                /* purpose to check untrusted certificates */
-    int trust;                  /* trust setting to check */
-    int depth;                  /* Verify depth */
-    STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */
-    X509_VERIFY_PARAM_ID *id;   /* opaque ID data */
-} X509_VERIFY_PARAM;
+typedef enum {
+    X509_LU_NONE = 0,
+    X509_LU_X509, X509_LU_CRL
+} X509_LOOKUP_TYPE;
 
-DECLARE_STACK_OF(X509_VERIFY_PARAM)
+#if OPENSSL_API_COMPAT < 0x10100000L
+#define X509_LU_RETRY   -1
+#define X509_LU_FAIL    0
+#endif
 
-/*
- * This is used to hold everything.  It is used for all certificate
- * validation.  Once we have a certificate chain, the 'verify' function is
- * then called to actually check the cert chain.
- */
-struct x509_store_st {
-    /* The following is a cache of trusted certs */
-    int cache;                  /* if true, stash any hits */
-    STACK_OF(X509_OBJECT) *objs; /* Cache of all objects */
-    /* These are external lookup methods */
-    STACK_OF(X509_LOOKUP) *get_cert_methods;
-    X509_VERIFY_PARAM *param;
-    /* Callbacks for various operations */
-    /* called to verify a certificate */
-    int (*verify) (X509_STORE_CTX *ctx);
-    /* error callback */
-    int (*verify_cb) (int ok, X509_STORE_CTX *ctx);
-    /* get issuers cert from ctx */
-    int (*get_issuer) (X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
-    /* check issued */
-    int (*check_issued) (X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
-    /* Check revocation status of chain */
-    int (*check_revocation) (X509_STORE_CTX *ctx);
-    /* retrieve CRL */
-    int (*get_crl) (X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x);
-    /* Check CRL validity */
-    int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl);
-    /* Check certificate against CRL */
-    int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x);
-    STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm);
-    STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm);
-    int (*cleanup) (X509_STORE_CTX *ctx);
-    CRYPTO_EX_DATA ex_data;
-    int references;
-} /* X509_STORE */ ;
+DEFINE_STACK_OF(X509_LOOKUP)
+DEFINE_STACK_OF(X509_OBJECT)
+DEFINE_STACK_OF(X509_VERIFY_PARAM)
 
 int X509_STORE_set_depth(X509_STORE *store, int depth);
 
-# define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func))
-# define X509_STORE_set_verify_func(ctx,func)    ((ctx)->verify=(func))
-
-/* This is the functions plus an instance of the local variables. */
-struct x509_lookup_st {
-    int init;                   /* have we been started */
-    int skip;                   /* don't use us. */
-    X509_LOOKUP_METHOD *method; /* the functions */
-    char *method_data;          /* method data */
-    X509_STORE *store_ctx;      /* who owns us */
-} /* X509_LOOKUP */ ;
+typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *);
+typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *);
+typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer,
+                                            X509_STORE_CTX *ctx, X509 *x);
+typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx,
+                                              X509 *x, X509 *issuer);
+typedef int (*X509_STORE_CTX_check_revocation_fn)(X509_STORE_CTX *ctx);
+typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx,
+                                         X509_CRL **crl, X509 *x);
+typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl);
+typedef int (*X509_STORE_CTX_cert_crl_fn)(X509_STORE_CTX *ctx,
+                                          X509_CRL *crl, X509 *x);
+typedef int (*X509_STORE_CTX_check_policy_fn)(X509_STORE_CTX *ctx);
+typedef STACK_OF(X509) *(*X509_STORE_CTX_lookup_certs_fn)(X509_STORE_CTX *ctx,
+                                                          X509_NAME *nm);
+typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)(X509_STORE_CTX *ctx,
+                                                             X509_NAME *nm);
+typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx);
 
-/*
- * This is a used when verifying cert chains.  Since the gathering of the
- * cert chain can take some time (and have to be 'retried', this needs to be
- * kept and passed around.
- */
-struct x509_store_ctx_st {      /* X509_STORE_CTX */
-    X509_STORE *ctx;
-    /* used when looking up certs */
-    int current_method;
-    /* The following are set by the caller */
-    /* The cert to check */
-    X509 *cert;
-    /* chain of X509s - untrusted - passed in */
-    STACK_OF(X509) *untrusted;
-    /* set of CRLs passed in */
-    STACK_OF(X509_CRL) *crls;
-    X509_VERIFY_PARAM *param;
-    /* Other info for use with get_issuer() */
-    void *other_ctx;
-    /* Callbacks for various operations */
-    /* called to verify a certificate */
-    int (*verify) (X509_STORE_CTX *ctx);
-    /* error callback */
-    int (*verify_cb) (int ok, X509_STORE_CTX *ctx);
-    /* get issuers cert from ctx */
-    int (*get_issuer) (X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
-    /* check issued */
-    int (*check_issued) (X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
-    /* Check revocation status of chain */
-    int (*check_revocation) (X509_STORE_CTX *ctx);
-    /* retrieve CRL */
-    int (*get_crl) (X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x);
-    /* Check CRL validity */
-    int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl);
-    /* Check certificate against CRL */
-    int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x);
-    int (*check_policy) (X509_STORE_CTX *ctx);
-    STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm);
-    STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm);
-    int (*cleanup) (X509_STORE_CTX *ctx);
-    /* The following is built up */
-    /* if 0, rebuild chain */
-    int valid;
-    /* index of last untrusted cert */
-    int last_untrusted;
-    /* chain of X509s - built up and trusted */
-    STACK_OF(X509) *chain;
-    /* Valid policy tree */
-    X509_POLICY_TREE *tree;
-    /* Require explicit policy value */
-    int explicit_policy;
-    /* When something goes wrong, this is why */
-    int error_depth;
-    int error;
-    X509 *current_cert;
-    /* cert currently being tested as valid issuer */
-    X509 *current_issuer;
-    /* current CRL */
-    X509_CRL *current_crl;
-    /* score of current CRL */
-    int current_crl_score;
-    /* Reason mask */
-    unsigned int current_reasons;
-    /* For CRL path validation: parent context */
-    X509_STORE_CTX *parent;
-    CRYPTO_EX_DATA ex_data;
-} /* X509_STORE_CTX */ ;
 
 void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
 
@@ -314,7 +98,6 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
 
 # define         X509_V_OK                                       0
 # define         X509_V_ERR_UNSPECIFIED                          1
-
 # define         X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT            2
 # define         X509_V_ERR_UNABLE_TO_GET_CRL                    3
 # define         X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE     4
@@ -347,7 +130,6 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
 # define         X509_V_ERR_AKID_SKID_MISMATCH                   30
 # define         X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH          31
 # define         X509_V_ERR_KEYUSAGE_NO_CERTSIGN                 32
-
 # define         X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER             33
 # define         X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION         34
 # define         X509_V_ERR_KEYUSAGE_NO_CRL_SIGN                 35
@@ -356,24 +138,23 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
 # define         X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED           38
 # define         X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE        39
 # define         X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED       40
-
 # define         X509_V_ERR_INVALID_EXTENSION                    41
 # define         X509_V_ERR_INVALID_POLICY_EXTENSION             42
 # define         X509_V_ERR_NO_EXPLICIT_POLICY                   43
 # define         X509_V_ERR_DIFFERENT_CRL_SCOPE                  44
 # define         X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE        45
-
 # define         X509_V_ERR_UNNESTED_RESOURCE                    46
-
 # define         X509_V_ERR_PERMITTED_VIOLATION                  47
 # define         X509_V_ERR_EXCLUDED_VIOLATION                   48
 # define         X509_V_ERR_SUBTREE_MINMAX                       49
+/* The application is not happy */
 # define         X509_V_ERR_APPLICATION_VERIFICATION             50
 # define         X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE          51
 # define         X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX        52
 # define         X509_V_ERR_UNSUPPORTED_NAME_SYNTAX              53
 # define         X509_V_ERR_CRL_PATH_VALIDATION_ERROR            54
-
+/* Another issuer check debug option */
+# define         X509_V_ERR_PATH_LOOP                            55
 /* Suite B mode algorithm violation */
 # define         X509_V_ERR_SUITE_B_INVALID_VERSION              56
 # define         X509_V_ERR_SUITE_B_INVALID_ALGORITHM            57
@@ -381,23 +162,34 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
 # define         X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM  59
 # define         X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED              60
 # define         X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61
-
 /* Host, email and IP check errors */
 # define         X509_V_ERR_HOSTNAME_MISMATCH                    62
 # define         X509_V_ERR_EMAIL_MISMATCH                       63
 # define         X509_V_ERR_IP_ADDRESS_MISMATCH                  64
-
+/* DANE TLSA errors */
+# define         X509_V_ERR_DANE_NO_MATCH                        65
+/* security level errors */
+# define         X509_V_ERR_EE_KEY_TOO_SMALL                     66
+# define         X509_V_ERR_CA_KEY_TOO_SMALL                     67
+# define         X509_V_ERR_CA_MD_TOO_WEAK                       68
 /* Caller error */
-# define         X509_V_ERR_INVALID_CALL                         65
+# define         X509_V_ERR_INVALID_CALL                         69
 /* Issuer lookup error */
-# define         X509_V_ERR_STORE_LOOKUP                         66
+# define         X509_V_ERR_STORE_LOOKUP                         70
+/* Certificate transparency */
+# define         X509_V_ERR_NO_VALID_SCTS                        71
 
-# define         X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION         67
+# define         X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION         72
+/* OCSP status errors */
+# define         X509_V_ERR_OCSP_VERIFY_NEEDED                   73  /* Need OCSP verification */
+# define         X509_V_ERR_OCSP_VERIFY_FAILED                   74  /* Couldn't verify cert through OCSP */
+# define         X509_V_ERR_OCSP_CERT_UNKNOWN                    75  /* Certificate wasn't recognized by the OCSP responder */
 
 /* Certificate verify flags */
 
-/* Send issuer+subject checks to verify_cb */
-# define X509_V_FLAG_CB_ISSUER_CHECK             0x1
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define X509_V_FLAG_CB_ISSUER_CHECK             0x0   /* Deprecated */
+# endif
 /* Use check time instead of current time */
 # define X509_V_FLAG_USE_CHECK_TIME              0x2
 /* Lookup CRLs */
@@ -424,7 +216,7 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
 # define X509_V_FLAG_EXTENDED_CRL_SUPPORT        0x1000
 /* Delta CRL support */
 # define X509_V_FLAG_USE_DELTAS                  0x2000
-/* Check selfsigned CA signature */
+/* Check self-signed CA signature */
 # define X509_V_FLAG_CHECK_SS_SIGNATURE          0x4000
 /* Use trusted store first */
 # define X509_V_FLAG_TRUSTED_FIRST               0x8000
@@ -434,15 +226,16 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
 # define X509_V_FLAG_SUITEB_192_LOS              0x20000
 /* Suite B 128 bit mode allowing 192 bit algorithms */
 # define X509_V_FLAG_SUITEB_128_LOS              0x30000
-
 /* Allow partial chains if at least one certificate is in trusted store */
 # define X509_V_FLAG_PARTIAL_CHAIN               0x80000
 /*
  * If the initial chain is not trusted, do not attempt to build an alternative
- * chain. Alternate chain checking was introduced in 1.0.2b. Setting this flag
+ * chain. Alternate chain checking was introduced in 1.1.0. Setting this flag
  * will force the behaviour to match that of previous versions.
  */
 # define X509_V_FLAG_NO_ALT_CHAINS               0x100000
+/* Do not check certificate/CRL validity against current time */
+# define X509_V_FLAG_NO_CHECK_TIME               0x200000
 
 # define X509_VP_FLAG_DEFAULT                    0x1
 # define X509_VP_FLAG_OVERWRITE                  0x2
@@ -456,31 +249,84 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
                                 | X509_V_FLAG_INHIBIT_ANY \
                                 | X509_V_FLAG_INHIBIT_MAP)
 
-int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
+int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type,
                                X509_NAME *name);
 X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,
-                                             int type, X509_NAME *name);
+                                             X509_LOOKUP_TYPE type,
+                                             X509_NAME *name);
 X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h,
                                         X509_OBJECT *x);
-void X509_OBJECT_up_ref_count(X509_OBJECT *a);
-void X509_OBJECT_free_contents(X509_OBJECT *a);
+int X509_OBJECT_up_ref_count(X509_OBJECT *a);
+X509_OBJECT *X509_OBJECT_new(void);
+void X509_OBJECT_free(X509_OBJECT *a);
+X509_LOOKUP_TYPE X509_OBJECT_get_type(const X509_OBJECT *a);
+X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a);
+int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj);
+X509_CRL *X509_OBJECT_get0_X509_CRL(X509_OBJECT *a);
+int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj);
 X509_STORE *X509_STORE_new(void);
 void X509_STORE_free(X509_STORE *v);
+int X509_STORE_lock(X509_STORE *ctx);
+int X509_STORE_unlock(X509_STORE *ctx);
+int X509_STORE_up_ref(X509_STORE *v);
+STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *v);
 
-STACK_OF(X509) *X509_STORE_get1_certs(X509_STORE_CTX *st, X509_NAME *nm);
-STACK_OF(X509_CRL) *X509_STORE_get1_crls(X509_STORE_CTX *st, X509_NAME *nm);
+STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st, X509_NAME *nm);
+STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(X509_STORE_CTX *st, X509_NAME *nm);
 int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
 int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
 int X509_STORE_set_trust(X509_STORE *ctx, int trust);
 int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm);
-
+X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx);
+
+void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
+#define X509_STORE_set_verify_func(ctx, func) \
+            X509_STORE_set_verify((ctx),(func))
+void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
+                               X509_STORE_CTX_verify_fn verify);
+X509_STORE_CTX_verify_fn X509_STORE_get_verify(X509_STORE *ctx);
 void X509_STORE_set_verify_cb(X509_STORE *ctx,
-                              int (*verify_cb) (int, X509_STORE_CTX *));
-
-void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx,
-                                   STACK_OF(X509_CRL) *(*cb) (X509_STORE_CTX
-                                                              *ctx,
-                                                              X509_NAME *nm));
+                              X509_STORE_CTX_verify_cb verify_cb);
+# define X509_STORE_set_verify_cb_func(ctx,func) \
+            X509_STORE_set_verify_cb((ctx),(func))
+X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE *ctx);
+void X509_STORE_set_get_issuer(X509_STORE *ctx,
+                               X509_STORE_CTX_get_issuer_fn get_issuer);
+X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE *ctx);
+void X509_STORE_set_check_issued(X509_STORE *ctx,
+                                 X509_STORE_CTX_check_issued_fn check_issued);
+X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE *ctx);
+void X509_STORE_set_check_revocation(X509_STORE *ctx,
+                                     X509_STORE_CTX_check_revocation_fn check_revocation);
+X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(X509_STORE *ctx);
+void X509_STORE_set_get_crl(X509_STORE *ctx,
+                            X509_STORE_CTX_get_crl_fn get_crl);
+X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(X509_STORE *ctx);
+void X509_STORE_set_check_crl(X509_STORE *ctx,
+                              X509_STORE_CTX_check_crl_fn check_crl);
+X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(X509_STORE *ctx);
+void X509_STORE_set_cert_crl(X509_STORE *ctx,
+                             X509_STORE_CTX_cert_crl_fn cert_crl);
+X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(X509_STORE *ctx);
+void X509_STORE_set_check_policy(X509_STORE *ctx,
+                                 X509_STORE_CTX_check_policy_fn check_policy);
+X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(X509_STORE *ctx);
+void X509_STORE_set_lookup_certs(X509_STORE *ctx,
+                                 X509_STORE_CTX_lookup_certs_fn lookup_certs);
+X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(X509_STORE *ctx);
+void X509_STORE_set_lookup_crls(X509_STORE *ctx,
+                                X509_STORE_CTX_lookup_crls_fn lookup_crls);
+#define X509_STORE_set_lookup_crls_cb(ctx, func) \
+    X509_STORE_set_lookup_crls((ctx), (func))
+X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(X509_STORE *ctx);
+void X509_STORE_set_cleanup(X509_STORE *ctx,
+                            X509_STORE_CTX_cleanup_fn cleanup);
+X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(X509_STORE *ctx);
+
+#define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef)
+int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data);
+void *X509_STORE_get_ex_data(X509_STORE *ctx, int idx);
 
 X509_STORE_CTX *X509_STORE_CTX_new(void);
 
@@ -489,68 +335,166 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
 void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
 int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
                         X509 *x509, STACK_OF(X509) *chain);
-void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
+void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
 
 X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx);
+X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx);
+STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
+void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
+                                  X509_STORE_CTX_verify_cb verify);
+X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx);
+X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx);
+X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(X509_STORE_CTX *ctx);
+X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx);
+X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(X509_STORE_CTX *ctx);
+X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(X509_STORE_CTX *ctx);
+X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(X509_STORE_CTX *ctx);
+X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(X509_STORE_CTX *ctx);
+X509_STORE_CTX_check_policy_fn X509_STORE_CTX_get_check_policy(X509_STORE_CTX *ctx);
+X509_STORE_CTX_lookup_certs_fn X509_STORE_CTX_get_lookup_certs(X509_STORE_CTX *ctx);
+X509_STORE_CTX_lookup_crls_fn X509_STORE_CTX_get_lookup_crls(X509_STORE_CTX *ctx);
+X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(X509_STORE_CTX *ctx);
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define X509_STORE_CTX_get_chain X509_STORE_CTX_get0_chain
+# define X509_STORE_CTX_set_chain X509_STORE_CTX_set0_untrusted
+# define X509_STORE_CTX_trusted_stack X509_STORE_CTX_set0_trusted_stack
+# define X509_STORE_get_by_subject X509_STORE_CTX_get_by_subject
+# define X509_STORE_get1_cert X509_STORE_CTX_get1_certs
+# define X509_STORE_get1_crl X509_STORE_CTX_get1_crls
+#endif
 
 X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
-
 X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
 
+typedef int (*X509_LOOKUP_ctrl_fn)(X509_LOOKUP *ctx, int cmd, const char *argc,
+                                   long argl, char **ret);
+typedef int (*X509_LOOKUP_get_by_subject_fn)(X509_LOOKUP *ctx,
+                                             X509_LOOKUP_TYPE type,
+                                             X509_NAME *name,
+                                             X509_OBJECT *ret);
+typedef int (*X509_LOOKUP_get_by_issuer_serial_fn)(X509_LOOKUP *ctx,
+                                                   X509_LOOKUP_TYPE type,
+                                                   X509_NAME *name,
+                                                   ASN1_INTEGER *serial,
+                                                   X509_OBJECT *ret);
+typedef int (*X509_LOOKUP_get_by_fingerprint_fn)(X509_LOOKUP *ctx,
+                                                 X509_LOOKUP_TYPE type,
+                                                 const unsigned char* bytes,
+                                                 int len,
+                                                 X509_OBJECT *ret);
+typedef int (*X509_LOOKUP_get_by_alias_fn)(X509_LOOKUP *ctx,
+                                           X509_LOOKUP_TYPE type,
+                                           const char *str,
+                                           int len,
+                                           X509_OBJECT *ret);
+
+X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name);
+void X509_LOOKUP_meth_free(X509_LOOKUP_METHOD *method);
+
+int X509_LOOKUP_meth_set_new_item(X509_LOOKUP_METHOD *method,
+                                  int (*new_item) (X509_LOOKUP *ctx));
+int (*X509_LOOKUP_meth_get_new_item(const X509_LOOKUP_METHOD* method))
+    (X509_LOOKUP *ctx);
+
+int X509_LOOKUP_meth_set_free(X509_LOOKUP_METHOD *method,
+                              void (*free_fn) (X509_LOOKUP *ctx));
+void (*X509_LOOKUP_meth_get_free(const X509_LOOKUP_METHOD* method))
+    (X509_LOOKUP *ctx);
+
+int X509_LOOKUP_meth_set_init(X509_LOOKUP_METHOD *method,
+                              int (*init) (X509_LOOKUP *ctx));
+int (*X509_LOOKUP_meth_get_init(const X509_LOOKUP_METHOD* method))
+    (X509_LOOKUP *ctx);
+
+int X509_LOOKUP_meth_set_shutdown(X509_LOOKUP_METHOD *method,
+                                  int (*shutdown) (X509_LOOKUP *ctx));
+int (*X509_LOOKUP_meth_get_shutdown(const X509_LOOKUP_METHOD* method))
+    (X509_LOOKUP *ctx);
+
+int X509_LOOKUP_meth_set_ctrl(X509_LOOKUP_METHOD *method,
+                              X509_LOOKUP_ctrl_fn ctrl_fn);
+X509_LOOKUP_ctrl_fn X509_LOOKUP_meth_get_ctrl(const X509_LOOKUP_METHOD *method);
+
+int X509_LOOKUP_meth_set_get_by_subject(X509_LOOKUP_METHOD *method,
+                                        X509_LOOKUP_get_by_subject_fn fn);
+X509_LOOKUP_get_by_subject_fn X509_LOOKUP_meth_get_get_by_subject(
+    const X509_LOOKUP_METHOD *method);
+
+int X509_LOOKUP_meth_set_get_by_issuer_serial(X509_LOOKUP_METHOD *method,
+    X509_LOOKUP_get_by_issuer_serial_fn fn);
+X509_LOOKUP_get_by_issuer_serial_fn X509_LOOKUP_meth_get_get_by_issuer_serial(
+    const X509_LOOKUP_METHOD *method);
+
+int X509_LOOKUP_meth_set_get_by_fingerprint(X509_LOOKUP_METHOD *method,
+    X509_LOOKUP_get_by_fingerprint_fn fn);
+X509_LOOKUP_get_by_fingerprint_fn X509_LOOKUP_meth_get_get_by_fingerprint(
+    const X509_LOOKUP_METHOD *method);
+
+int X509_LOOKUP_meth_set_get_by_alias(X509_LOOKUP_METHOD *method,
+                                      X509_LOOKUP_get_by_alias_fn fn);
+X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias(
+    const X509_LOOKUP_METHOD *method);
+
+
 int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
 int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
 
-int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
-                              X509_OBJECT *ret);
+int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type,
+                                  X509_NAME *name, X509_OBJECT *ret);
+X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs,
+                                               X509_LOOKUP_TYPE type,
+                                               X509_NAME *name);
 
 int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
                      long argl, char **ret);
 
-# ifndef OPENSSL_NO_STDIO
 int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type);
 int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type);
 int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type);
-# endif
 
 X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method);
 void X509_LOOKUP_free(X509_LOOKUP *ctx);
 int X509_LOOKUP_init(X509_LOOKUP *ctx);
-int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
-                           X509_OBJECT *ret);
-int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
-                                 ASN1_INTEGER *serial, X509_OBJECT *ret);
-int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
-                               unsigned char *bytes, int len,
+int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                           X509_NAME *name, X509_OBJECT *ret);
+int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                                 X509_NAME *name, ASN1_INTEGER *serial,
+                                 X509_OBJECT *ret);
+int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                               const unsigned char *bytes, int len,
                                X509_OBJECT *ret);
-int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len,
-                         X509_OBJECT *ret);
+int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                         const char *str, int len, X509_OBJECT *ret);
+int X509_LOOKUP_set_method_data(X509_LOOKUP *ctx, void *data);
+void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx);
+X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx);
 int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
 
-# ifndef OPENSSL_NO_STDIO
 int X509_STORE_load_locations(X509_STORE *ctx,
                               const char *file, const char *dir);
 int X509_STORE_set_default_paths(X509_STORE *ctx);
-# endif
 
-int X509_STORE_CTX_get_ex_new_index(long argl, void *argp,
-                                    CRYPTO_EX_new *new_func,
-                                    CRYPTO_EX_dup *dup_func,
-                                    CRYPTO_EX_free *free_func);
+#define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef)
 int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data);
 void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx);
 int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s);
 int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth);
 X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x);
 X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx);
 X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx);
 X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx);
-STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx);
+STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set_cert(X509_STORE_CTX *c, X509 *x);
-void X509_STORE_CTX_set_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk);
+void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set0_crls(X509_STORE_CTX *c, STACK_OF(X509_CRL) *sk);
 int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
 int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust);
@@ -559,16 +503,22 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
 void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags);
 void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
                              time_t t);
-void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
-                                  int (*verify_cb) (int, X509_STORE_CTX *));
 
 X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx);
 int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx);
+int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx);
 
 X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param);
 int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name);
 
+/*
+ * Bridge opacity barrier between libcrypt and libssl, also needed to support
+ * offline testing in test/danetest.c
+ */
+void X509_STORE_CTX_set0_dane(X509_STORE_CTX *ctx, SSL_DANE *dane);
+#define DANE_FLAG_NO_DANE_EE_NAMECHECKS (1L << 0)
+
 /* X509_VERIFY_PARAM functions */
 
 X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void);
@@ -586,19 +536,27 @@ unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param);
 int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose);
 int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust);
 void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth);
+void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param, int auth_level);
+time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param);
 void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t);
 int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
                                   ASN1_OBJECT *policy);
 int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
                                     STACK_OF(ASN1_OBJECT) *policies);
 
+int X509_VERIFY_PARAM_set_inh_flags(X509_VERIFY_PARAM *param,
+                                    uint32_t flags);
+uint32_t X509_VERIFY_PARAM_get_inh_flags(const X509_VERIFY_PARAM *param);
+
 int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
                                 const char *name, size_t namelen);
 int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
                                 const char *name, size_t namelen);
 void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
                                      unsigned int flags);
+unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param);
 char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *);
+void X509_VERIFY_PARAM_move_peername(X509_VERIFY_PARAM *, X509_VERIFY_PARAM *);
 int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
                                  const char *email, size_t emaillen);
 int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
@@ -607,6 +565,7 @@ int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param,
                                   const char *ipasc);
 
 int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param);
+int X509_VERIFY_PARAM_get_auth_level(const X509_VERIFY_PARAM *param);
 const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param);
 
 int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param);
@@ -615,6 +574,19 @@ const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id);
 const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name);
 void X509_VERIFY_PARAM_table_cleanup(void);
 
+/* Non positive return values are errors */
+#define X509_PCY_TREE_FAILURE  -2 /* Failure to satisfy explicit policy */
+#define X509_PCY_TREE_INVALID  -1 /* Inconsistent or invalid extensions */
+#define X509_PCY_TREE_INTERNAL  0 /* Internal error, most likely malloc */
+
+/*
+ * Positive return values form a bit mask, all but the first are internal to
+ * the library and don't appear in results from X509_policy_check().
+ */
+#define X509_PCY_TREE_VALID     1 /* The policy tree is valid */
+#define X509_PCY_TREE_EMPTY     2 /* The policy tree is empty */
+#define X509_PCY_TREE_EXPLICIT  4 /* Explicit policy required */
+
 int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
                       STACK_OF(X509) *certs,
                       STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags);
diff --git a/freebsd/crypto/openssl/include/openssl/x509err.h b/freebsd/crypto/openssl/include/openssl/x509err.h
new file mode 100644
index 00000000..b1d6a870
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/x509err.h
@@ -0,0 +1,125 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_X509ERR_H
+# define HEADER_X509ERR_H
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_X509_strings(void);
+
+/*
+ * X509 function codes.
+ */
+# define X509_F_ADD_CERT_DIR                              100
+# define X509_F_BUILD_CHAIN                               106
+# define X509_F_BY_FILE_CTRL                              101
+# define X509_F_CHECK_NAME_CONSTRAINTS                    149
+# define X509_F_CHECK_POLICY                              145
+# define X509_F_DANE_I2D                                  107
+# define X509_F_DIR_CTRL                                  102
+# define X509_F_GET_CERT_BY_SUBJECT                       103
+# define X509_F_I2D_X509_AUX                              151
+# define X509_F_LOOKUP_CERTS_SK                           152
+# define X509_F_NETSCAPE_SPKI_B64_DECODE                  129
+# define X509_F_NETSCAPE_SPKI_B64_ENCODE                  130
+# define X509_F_NEW_DIR                                   153
+# define X509_F_X509AT_ADD1_ATTR                          135
+# define X509_F_X509V3_ADD_EXT                            104
+# define X509_F_X509_ATTRIBUTE_CREATE_BY_NID              136
+# define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ              137
+# define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT              140
+# define X509_F_X509_ATTRIBUTE_GET0_DATA                  139
+# define X509_F_X509_ATTRIBUTE_SET1_DATA                  138
+# define X509_F_X509_CHECK_PRIVATE_KEY                    128
+# define X509_F_X509_CRL_DIFF                             105
+# define X509_F_X509_CRL_METHOD_NEW                       154
+# define X509_F_X509_CRL_PRINT_FP                         147
+# define X509_F_X509_EXTENSION_CREATE_BY_NID              108
+# define X509_F_X509_EXTENSION_CREATE_BY_OBJ              109
+# define X509_F_X509_GET_PUBKEY_PARAMETERS                110
+# define X509_F_X509_LOAD_CERT_CRL_FILE                   132
+# define X509_F_X509_LOAD_CERT_FILE                       111
+# define X509_F_X509_LOAD_CRL_FILE                        112
+# define X509_F_X509_LOOKUP_METH_NEW                      160
+# define X509_F_X509_LOOKUP_NEW                           155
+# define X509_F_X509_NAME_ADD_ENTRY                       113
+# define X509_F_X509_NAME_CANON                           156
+# define X509_F_X509_NAME_ENTRY_CREATE_BY_NID             114
+# define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT             131
+# define X509_F_X509_NAME_ENTRY_SET_OBJECT                115
+# define X509_F_X509_NAME_ONELINE                         116
+# define X509_F_X509_NAME_PRINT                           117
+# define X509_F_X509_OBJECT_NEW                           150
+# define X509_F_X509_PRINT_EX_FP                          118
+# define X509_F_X509_PUBKEY_DECODE                        148
+# define X509_F_X509_PUBKEY_GET0                          119
+# define X509_F_X509_PUBKEY_SET                           120
+# define X509_F_X509_REQ_CHECK_PRIVATE_KEY                144
+# define X509_F_X509_REQ_PRINT_EX                         121
+# define X509_F_X509_REQ_PRINT_FP                         122
+# define X509_F_X509_REQ_TO_X509                          123
+# define X509_F_X509_STORE_ADD_CERT                       124
+# define X509_F_X509_STORE_ADD_CRL                        125
+# define X509_F_X509_STORE_ADD_LOOKUP                     157
+# define X509_F_X509_STORE_CTX_GET1_ISSUER                146
+# define X509_F_X509_STORE_CTX_INIT                       143
+# define X509_F_X509_STORE_CTX_NEW                        142
+# define X509_F_X509_STORE_CTX_PURPOSE_INHERIT            134
+# define X509_F_X509_STORE_NEW                            158
+# define X509_F_X509_TO_X509_REQ                          126
+# define X509_F_X509_TRUST_ADD                            133
+# define X509_F_X509_TRUST_SET                            141
+# define X509_F_X509_VERIFY_CERT                          127
+# define X509_F_X509_VERIFY_PARAM_NEW                     159
+
+/*
+ * X509 reason codes.
+ */
+# define X509_R_AKID_MISMATCH                             110
+# define X509_R_BAD_SELECTOR                              133
+# define X509_R_BAD_X509_FILETYPE                         100
+# define X509_R_BASE64_DECODE_ERROR                       118
+# define X509_R_CANT_CHECK_DH_KEY                         114
+# define X509_R_CERT_ALREADY_IN_HASH_TABLE                101
+# define X509_R_CRL_ALREADY_DELTA                         127
+# define X509_R_CRL_VERIFY_FAILURE                        131
+# define X509_R_IDP_MISMATCH                              128
+# define X509_R_INVALID_DIRECTORY                         113
+# define X509_R_INVALID_FIELD_NAME                        119
+# define X509_R_INVALID_TRUST                             123
+# define X509_R_ISSUER_MISMATCH                           129
+# define X509_R_KEY_TYPE_MISMATCH                         115
+# define X509_R_KEY_VALUES_MISMATCH                       116
+# define X509_R_LOADING_CERT_DIR                          103
+# define X509_R_LOADING_DEFAULTS                          104
+# define X509_R_METHOD_NOT_SUPPORTED                      124
+# define X509_R_NAME_TOO_LONG                             134
+# define X509_R_NEWER_CRL_NOT_NEWER                       132
+# define X509_R_NO_CERTIFICATE_FOUND                      135
+# define X509_R_NO_CERTIFICATE_OR_CRL_FOUND               136
+# define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY              105
+# define X509_R_NO_CRL_FOUND                              137
+# define X509_R_NO_CRL_NUMBER                             130
+# define X509_R_PUBLIC_KEY_DECODE_ERROR                   125
+# define X509_R_PUBLIC_KEY_ENCODE_ERROR                   126
+# define X509_R_SHOULD_RETRY                              106
+# define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN        107
+# define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY            108
+# define X509_R_UNKNOWN_KEY_TYPE                          117
+# define X509_R_UNKNOWN_NID                               109
+# define X509_R_UNKNOWN_PURPOSE_ID                        121
+# define X509_R_UNKNOWN_TRUST_ID                          120
+# define X509_R_UNSUPPORTED_ALGORITHM                     111
+# define X509_R_WRONG_LOOKUP_TYPE                         112
+# define X509_R_WRONG_TYPE                                122
+
+#endif
diff --git a/freebsd/crypto/openssl/crypto/x509v3/x509v3.h b/freebsd/crypto/openssl/include/openssl/x509v3.h
index f5c61560..fe1791c6 100644
--- a/freebsd/crypto/openssl/crypto/x509v3/x509v3.h
+++ b/freebsd/crypto/openssl/include/openssl/x509v3.h
@@ -1,79 +1,24 @@
-/* x509v3.h */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
+
 #ifndef HEADER_X509V3_H
 # define HEADER_X509V3_H
 
 # include <openssl/bio.h>
 # include <openssl/x509.h>
 # include <openssl/conf.h>
+# include <openssl/x509v3err.h>
 
 #ifdef __cplusplus
 extern "C" {
 #endif
 
-# ifdef OPENSSL_SYS_WIN32
-/* Under Win32 these are defined in wincrypt.h */
-#  undef X509_NAME
-#  undef X509_CERT_PAIR
-#  undef X509_EXTENSIONS
-# endif
-
 /* Forward reference */
 struct v3_ext_method;
 struct v3_ext_ctx;
@@ -124,8 +69,8 @@ struct v3_ext_method {
 };
 
 typedef struct X509V3_CONF_METHOD_st {
-    char *(*get_string) (void *db, char *section, char *value);
-    STACK_OF(CONF_VALUE) *(*get_section) (void *db, char *section);
+    char *(*get_string) (void *db, const char *section, const char *value);
+    STACK_OF(CONF_VALUE) *(*get_section) (void *db, const char *section);
     void (*free_string) (void *db, char *string);
     void (*free_section) (void *db, STACK_OF(CONF_VALUE) *section);
 } X509V3_CONF_METHOD;
@@ -133,6 +78,7 @@ typedef struct X509V3_CONF_METHOD_st {
 /* Context specific info */
 struct v3_ext_ctx {
 # define CTX_TEST 0x1
+# define X509V3_CTX_REPLACE 0x2
     int flags;
     X509 *issuer_cert;
     X509 *subject_cert;
@@ -145,7 +91,7 @@ struct v3_ext_ctx {
 
 typedef struct v3_ext_method X509V3_EXT_METHOD;
 
-DECLARE_STACK_OF(X509V3_EXT_METHOD)
+DEFINE_STACK_OF(X509V3_EXT_METHOD)
 
 /* ext_flags values */
 # define X509V3_EXT_DYNAMIC      0x1
@@ -206,8 +152,6 @@ typedef struct GENERAL_NAME_st {
     } d;
 } GENERAL_NAME;
 
-typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
-
 typedef struct ACCESS_DESCRIPTION_st {
     ASN1_OBJECT *method;
     GENERAL_NAME *location;
@@ -217,11 +161,13 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 
 typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE;
 
-DECLARE_STACK_OF(GENERAL_NAME)
-DECLARE_ASN1_SET_OF(GENERAL_NAME)
+typedef STACK_OF(ASN1_INTEGER) TLS_FEATURE;
+
+DEFINE_STACK_OF(GENERAL_NAME)
+typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
+DEFINE_STACK_OF(GENERAL_NAMES)
 
-DECLARE_STACK_OF(ACCESS_DESCRIPTION)
-DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION)
+DEFINE_STACK_OF(ACCESS_DESCRIPTION)
 
 typedef struct DIST_POINT_NAME_st {
     int type;
@@ -256,8 +202,7 @@ struct DIST_POINT_st {
 
 typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS;
 
-DECLARE_STACK_OF(DIST_POINT)
-DECLARE_ASN1_SET_OF(DIST_POINT)
+DEFINE_STACK_OF(DIST_POINT)
 
 struct AUTHORITY_KEYID_st {
     ASN1_OCTET_STRING *keyid;
@@ -272,8 +217,7 @@ typedef struct SXNET_ID_st {
     ASN1_OCTET_STRING *user;
 } SXNETID;
 
-DECLARE_STACK_OF(SXNETID)
-DECLARE_ASN1_SET_OF(SXNETID)
+DEFINE_STACK_OF(SXNETID)
 
 typedef struct SXNET_st {
     ASN1_INTEGER *version;
@@ -299,8 +243,7 @@ typedef struct POLICYQUALINFO_st {
     } d;
 } POLICYQUALINFO;
 
-DECLARE_STACK_OF(POLICYQUALINFO)
-DECLARE_ASN1_SET_OF(POLICYQUALINFO)
+DEFINE_STACK_OF(POLICYQUALINFO)
 
 typedef struct POLICYINFO_st {
     ASN1_OBJECT *policyid;
@@ -309,15 +252,14 @@ typedef struct POLICYINFO_st {
 
 typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES;
 
-DECLARE_STACK_OF(POLICYINFO)
-DECLARE_ASN1_SET_OF(POLICYINFO)
+DEFINE_STACK_OF(POLICYINFO)
 
 typedef struct POLICY_MAPPING_st {
     ASN1_OBJECT *issuerDomainPolicy;
     ASN1_OBJECT *subjectDomainPolicy;
 } POLICY_MAPPING;
 
-DECLARE_STACK_OF(POLICY_MAPPING)
+DEFINE_STACK_OF(POLICY_MAPPING)
 
 typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS;
 
@@ -327,7 +269,7 @@ typedef struct GENERAL_SUBTREE_st {
     ASN1_INTEGER *maximum;
 } GENERAL_SUBTREE;
 
-DECLARE_STACK_OF(GENERAL_SUBTREE)
+DEFINE_STACK_OF(GENERAL_SUBTREE)
 
 struct NAME_CONSTRAINTS_st {
     STACK_OF(GENERAL_SUBTREE) *permittedSubtrees;
@@ -378,8 +320,9 @@ struct ISSUING_DIST_POINT_st {
 /* onlysomereasons present */
 # define IDP_REASONS     0x40
 
-# define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \
-",name:", val->name, ",value:", val->value);
+# define X509V3_conf_err(val) ERR_add_error_data(6, \
+                        "section:", (val)->section, \
+                        ",name:", (val)->name, ",value:", (val)->value)
 
 # define X509V3_set_ctx_test(ctx) \
                         X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST)
@@ -414,6 +357,7 @@ struct ISSUING_DIST_POINT_st {
 # define EXFLAG_SI               0x20
 # define EXFLAG_V1               0x40
 # define EXFLAG_INVALID          0x80
+/* EXFLAG_SET is set to indicate that some values have been precomputed */
 # define EXFLAG_SET              0x100
 # define EXFLAG_CRITICAL         0x200
 # define EXFLAG_PROXY            0x400
@@ -501,20 +445,20 @@ typedef struct x509_purpose_st {
 # define X509V3_ADD_DELETE               5L
 # define X509V3_ADD_SILENT               0x10
 
-DECLARE_STACK_OF(X509_PURPOSE)
+DEFINE_STACK_OF(X509_PURPOSE)
 
 DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS)
 
 DECLARE_ASN1_FUNCTIONS(SXNET)
 DECLARE_ASN1_FUNCTIONS(SXNETID)
 
-int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen);
-int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user,
+int SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, int userlen);
+int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user,
                        int userlen);
-int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, char *user,
+int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, const char *user,
                          int userlen);
 
-ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone);
+ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, const char *zone);
 ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone);
 ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone);
 
@@ -532,6 +476,9 @@ ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
 STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
                                           ASN1_BIT_STRING *bits,
                                           STACK_OF(CONF_VALUE) *extlist);
+char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5);
+ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
+                                   X509V3_CTX *ctx, const char *str);
 
 STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
                                        GENERAL_NAME *gen,
@@ -557,12 +504,14 @@ int GENERAL_NAME_get0_otherName(GENERAL_NAME *gen,
                                 ASN1_OBJECT **poid, ASN1_TYPE **pvalue);
 
 char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
-                            ASN1_OCTET_STRING *ia5);
+                            const ASN1_OCTET_STRING *ia5);
 ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
-                                         X509V3_CTX *ctx, char *str);
+                                         X509V3_CTX *ctx, const char *str);
 
 DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)
-int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION *a);
+int i2a_ACCESS_DESCRIPTION(BIO *bp, const ACCESS_DESCRIPTION *a);
+
+DECLARE_ASN1_ALLOC_FUNCTIONS(TLS_FEATURE)
 
 DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES)
 DECLARE_ASN1_FUNCTIONS(POLICYINFO)
@@ -578,6 +527,7 @@ DECLARE_ASN1_FUNCTIONS(ISSUING_DIST_POINT)
 int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname);
 
 int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc);
+int NAME_CONSTRAINTS_check_CN(X509 *x, NAME_CONSTRAINTS *nc);
 
 DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)
 DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
@@ -597,8 +547,8 @@ DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS)
 
 GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
                                const X509V3_EXT_METHOD *method,
-                               X509V3_CTX *ctx, int gen_type, char *value,
-                               int is_nc);
+                               X509V3_CTX *ctx, int gen_type,
+                               const char *value, int is_nc);
 
 # ifdef HEADER_CONF_H
 GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method,
@@ -610,40 +560,40 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
 void X509V3_conf_free(CONF_VALUE *val);
 
 X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
-                                     char *value);
-X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name,
-                                 char *value);
-int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,
+                                     const char *value);
+X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name,
+                                 const char *value);
+int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section,
                             STACK_OF(X509_EXTENSION) **sk);
-int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
+int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
                          X509 *cert);
-int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
+int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
                              X509_REQ *req);
-int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
+int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
                              X509_CRL *crl);
 
 X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf,
                                     X509V3_CTX *ctx, int ext_nid,
-                                    char *value);
+                                    const char *value);
 X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-                                char *name, char *value);
+                                const char *name, const char *value);
 int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-                        char *section, X509 *cert);
+                        const char *section, X509 *cert);
 int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-                            char *section, X509_REQ *req);
+                            const char *section, X509_REQ *req);
 int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-                            char *section, X509_CRL *crl);
+                            const char *section, X509_CRL *crl);
 
-int X509V3_add_value_bool_nf(char *name, int asn1_bool,
+int X509V3_add_value_bool_nf(const char *name, int asn1_bool,
                              STACK_OF(CONF_VALUE) **extlist);
-int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
-int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
+int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool);
+int X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint);
 void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf);
 void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash);
 # endif
 
-char *X509V3_get_string(X509V3_CTX *ctx, char *name, char *section);
-STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, char *section);
+char *X509V3_get_string(X509V3_CTX *ctx, const char *name, const char *section);
+STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section);
 void X509V3_string_free(X509V3_CTX *ctx, char *str);
 void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section);
 void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
@@ -655,13 +605,13 @@ int X509V3_add_value_uchar(const char *name, const unsigned char *value,
                            STACK_OF(CONF_VALUE) **extlist);
 int X509V3_add_value_bool(const char *name, int asn1_bool,
                           STACK_OF(CONF_VALUE) **extlist);
-int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
+int X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint,
                          STACK_OF(CONF_VALUE) **extlist);
-char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint);
-ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value);
-char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);
+char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const ASN1_INTEGER *aint);
+ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const char *value);
+char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, const ASN1_ENUMERATED *aint);
 char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth,
-                                ASN1_ENUMERATED *aint);
+                                const ASN1_ENUMERATED *aint);
 int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
 int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist);
 int X509V3_EXT_add_alias(int nid_to, int nid_from);
@@ -672,26 +622,28 @@ const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
 int X509V3_add_standard_extensions(void);
 STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line);
 void *X509V3_EXT_d2i(X509_EXTENSION *ext);
-void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
+void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
                      int *idx);
-int X509V3_EXT_free(int nid, void *ext_data);
 
 X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
 int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
                     int crit, unsigned long flags);
 
-char *hex_to_string(const unsigned char *buffer, long len);
-unsigned char *string_to_hex(const char *str, long *len);
-int name_cmp(const char *name, const char *cmp);
+#if OPENSSL_API_COMPAT < 0x10100000L
+/* The new declarations are in crypto.h, but the old ones were here. */
+# define hex_to_string OPENSSL_buf2hexstr
+# define string_to_hex OPENSSL_hexstr2buf
+#endif
 
 void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
                         int ml);
 int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag,
                      int indent);
+#ifndef OPENSSL_NO_STDIO
 int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
-
-int X509V3_extensions_print(BIO *out, char *title,
-                            STACK_OF(X509_EXTENSION) *exts,
+#endif
+int X509V3_extensions_print(BIO *out, const char *title,
+                            const STACK_OF(X509_EXTENSION) *exts,
                             unsigned long flag, int indent);
 
 int X509_check_ca(X509 *x);
@@ -700,18 +652,28 @@ int X509_supported_extension(X509_EXTENSION *ex);
 int X509_PURPOSE_set(int *p, int purpose);
 int X509_check_issued(X509 *issuer, X509 *subject);
 int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid);
+void X509_set_proxy_flag(X509 *x);
+void X509_set_proxy_pathlen(X509 *x, long l);
+long X509_get_proxy_pathlen(X509 *x);
+
+uint32_t X509_get_extension_flags(X509 *x);
+uint32_t X509_get_key_usage(X509 *x);
+uint32_t X509_get_extended_key_usage(X509 *x);
+const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x);
+const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x);
+
 int X509_PURPOSE_get_count(void);
 X509_PURPOSE *X509_PURPOSE_get0(int idx);
-int X509_PURPOSE_get_by_sname(char *sname);
+int X509_PURPOSE_get_by_sname(const char *sname);
 int X509_PURPOSE_get_by_id(int id);
 int X509_PURPOSE_add(int id, int trust, int flags,
                      int (*ck) (const X509_PURPOSE *, const X509 *, int),
-                     char *name, char *sname, void *arg);
-char *X509_PURPOSE_get0_name(X509_PURPOSE *xp);
-char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp);
-int X509_PURPOSE_get_trust(X509_PURPOSE *xp);
+                     const char *name, const char *sname, void *arg);
+char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp);
+char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp);
+int X509_PURPOSE_get_trust(const X509_PURPOSE *xp);
 void X509_PURPOSE_cleanup(void);
-int X509_PURPOSE_get_id(X509_PURPOSE *);
+int X509_PURPOSE_get_id(const X509_PURPOSE *);
 
 STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x);
 STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x);
@@ -731,6 +693,8 @@ STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x);
 # define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS 0x8
 /* Constraint verifier subdomain patterns to match a single labels. */
 # define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10
+/* Never check the subject CN */
+# define X509_CHECK_FLAG_NEVER_CHECK_SUBJECT    0x20
 /*
  * Match reference identifiers starting with "." to any sub-domain.
  * This is a non-public flag, turned on implicitly when the subject
@@ -748,21 +712,19 @@ int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags);
 
 ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc);
 ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc);
-int a2i_ipadd(unsigned char *ipout, const char *ipasc);
 int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk,
                              unsigned long chtype);
 
 void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent);
-DECLARE_STACK_OF(X509_POLICY_NODE)
-
-# ifndef OPENSSL_NO_RFC3779
+DEFINE_STACK_OF(X509_POLICY_NODE)
 
+#ifndef OPENSSL_NO_RFC3779
 typedef struct ASRange_st {
     ASN1_INTEGER *min, *max;
 } ASRange;
 
-#  define ASIdOrRange_id          0
-#  define ASIdOrRange_range       1
+# define ASIdOrRange_id          0
+# define ASIdOrRange_range       1
 
 typedef struct ASIdOrRange_st {
     int type;
@@ -773,10 +735,10 @@ typedef struct ASIdOrRange_st {
 } ASIdOrRange;
 
 typedef STACK_OF(ASIdOrRange) ASIdOrRanges;
-DECLARE_STACK_OF(ASIdOrRange)
+DEFINE_STACK_OF(ASIdOrRange)
 
-#  define ASIdentifierChoice_inherit              0
-#  define ASIdentifierChoice_asIdsOrRanges        1
+# define ASIdentifierChoice_inherit              0
+# define ASIdentifierChoice_asIdsOrRanges        1
 
 typedef struct ASIdentifierChoice_st {
     int type;
@@ -799,8 +761,8 @@ typedef struct IPAddressRange_st {
     ASN1_BIT_STRING *min, *max;
 } IPAddressRange;
 
-#  define IPAddressOrRange_addressPrefix  0
-#  define IPAddressOrRange_addressRange   1
+# define IPAddressOrRange_addressPrefix  0
+# define IPAddressOrRange_addressRange   1
 
 typedef struct IPAddressOrRange_st {
     int type;
@@ -811,10 +773,10 @@ typedef struct IPAddressOrRange_st {
 } IPAddressOrRange;
 
 typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges;
-DECLARE_STACK_OF(IPAddressOrRange)
+DEFINE_STACK_OF(IPAddressOrRange)
 
-#  define IPAddressChoice_inherit                 0
-#  define IPAddressChoice_addressesOrRanges       1
+# define IPAddressChoice_inherit                 0
+# define IPAddressChoice_addressesOrRanges       1
 
 typedef struct IPAddressChoice_st {
     int type;
@@ -830,7 +792,7 @@ typedef struct IPAddressFamily_st {
 } IPAddressFamily;
 
 typedef STACK_OF(IPAddressFamily) IPAddrBlocks;
-DECLARE_STACK_OF(IPAddressFamily)
+DEFINE_STACK_OF(IPAddressFamily)
 
 DECLARE_ASN1_FUNCTIONS(IPAddressRange)
 DECLARE_ASN1_FUNCTIONS(IPAddressOrRange)
@@ -840,8 +802,8 @@ DECLARE_ASN1_FUNCTIONS(IPAddressFamily)
 /*
  * API tag for elements of the ASIdentifer SEQUENCE.
  */
-#  define V3_ASID_ASNUM   0
-#  define V3_ASID_RDI     1
+# define V3_ASID_ASNUM   0
+# define V3_ASID_RDI     1
 
 /*
  * AFI values, assigned by IANA.  It'd be nice to make the AFI
@@ -849,207 +811,125 @@ DECLARE_ASN1_FUNCTIONS(IPAddressFamily)
  * that would need to be defined for other address families for it to
  * be worth the trouble.
  */
-#  define IANA_AFI_IPV4   1
-#  define IANA_AFI_IPV6   2
+# define IANA_AFI_IPV4   1
+# define IANA_AFI_IPV6   2
 
 /*
  * Utilities to construct and extract values from RFC3779 extensions,
  * since some of the encodings (particularly for IP address prefixes
  * and ranges) are a bit tedious to work with directly.
  */
-int v3_asid_add_inherit(ASIdentifiers *asid, int which);
-int v3_asid_add_id_or_range(ASIdentifiers *asid, int which,
-                            ASN1_INTEGER *min, ASN1_INTEGER *max);
-int v3_addr_add_inherit(IPAddrBlocks *addr,
-                        const unsigned afi, const unsigned *safi);
-int v3_addr_add_prefix(IPAddrBlocks *addr,
-                       const unsigned afi, const unsigned *safi,
-                       unsigned char *a, const int prefixlen);
-int v3_addr_add_range(IPAddrBlocks *addr,
-                      const unsigned afi, const unsigned *safi,
-                      unsigned char *min, unsigned char *max);
-unsigned v3_addr_get_afi(const IPAddressFamily *f);
-int v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi,
-                      unsigned char *min, unsigned char *max,
-                      const int length);
+int X509v3_asid_add_inherit(ASIdentifiers *asid, int which);
+int X509v3_asid_add_id_or_range(ASIdentifiers *asid, int which,
+                                ASN1_INTEGER *min, ASN1_INTEGER *max);
+int X509v3_addr_add_inherit(IPAddrBlocks *addr,
+                            const unsigned afi, const unsigned *safi);
+int X509v3_addr_add_prefix(IPAddrBlocks *addr,
+                           const unsigned afi, const unsigned *safi,
+                           unsigned char *a, const int prefixlen);
+int X509v3_addr_add_range(IPAddrBlocks *addr,
+                          const unsigned afi, const unsigned *safi,
+                          unsigned char *min, unsigned char *max);
+unsigned X509v3_addr_get_afi(const IPAddressFamily *f);
+int X509v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi,
+                          unsigned char *min, unsigned char *max,
+                          const int length);
 
 /*
  * Canonical forms.
  */
-int v3_asid_is_canonical(ASIdentifiers *asid);
-int v3_addr_is_canonical(IPAddrBlocks *addr);
-int v3_asid_canonize(ASIdentifiers *asid);
-int v3_addr_canonize(IPAddrBlocks *addr);
+int X509v3_asid_is_canonical(ASIdentifiers *asid);
+int X509v3_addr_is_canonical(IPAddrBlocks *addr);
+int X509v3_asid_canonize(ASIdentifiers *asid);
+int X509v3_addr_canonize(IPAddrBlocks *addr);
 
 /*
  * Tests for inheritance and containment.
  */
-int v3_asid_inherits(ASIdentifiers *asid);
-int v3_addr_inherits(IPAddrBlocks *addr);
-int v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b);
-int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b);
+int X509v3_asid_inherits(ASIdentifiers *asid);
+int X509v3_addr_inherits(IPAddrBlocks *addr);
+int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b);
+int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b);
 
 /*
  * Check whether RFC 3779 extensions nest properly in chains.
  */
-int v3_asid_validate_path(X509_STORE_CTX *);
-int v3_addr_validate_path(X509_STORE_CTX *);
-int v3_asid_validate_resource_set(STACK_OF(X509) *chain,
-                                  ASIdentifiers *ext, int allow_inheritance);
-int v3_addr_validate_resource_set(STACK_OF(X509) *chain,
-                                  IPAddrBlocks *ext, int allow_inheritance);
+int X509v3_asid_validate_path(X509_STORE_CTX *);
+int X509v3_addr_validate_path(X509_STORE_CTX *);
+int X509v3_asid_validate_resource_set(STACK_OF(X509) *chain,
+                                      ASIdentifiers *ext,
+                                      int allow_inheritance);
+int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain,
+                                      IPAddrBlocks *ext, int allow_inheritance);
 
-# endif                         /* OPENSSL_NO_RFC3779 */
+#endif                         /* OPENSSL_NO_RFC3779 */
+
+DEFINE_STACK_OF(ASN1_STRING)
 
-/* BEGIN ERROR CODES */
 /*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
+ * Admission Syntax
  */
-void ERR_load_X509V3_strings(void);
-
-/* Error codes for the X509V3 functions. */
-
-/* Function codes. */
-# define X509V3_F_A2I_GENERAL_NAME                        164
-# define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE             161
-# define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL         162
-# define X509V3_F_COPY_EMAIL                              122
-# define X509V3_F_COPY_ISSUER                             123
-# define X509V3_F_DO_DIRNAME                              144
-# define X509V3_F_DO_EXT_CONF                             124
-# define X509V3_F_DO_EXT_I2D                              135
-# define X509V3_F_DO_EXT_NCONF                            151
-# define X509V3_F_DO_I2V_NAME_CONSTRAINTS                 148
-# define X509V3_F_GNAMES_FROM_SECTNAME                    156
-# define X509V3_F_HEX_TO_STRING                           111
-# define X509V3_F_I2S_ASN1_ENUMERATED                     121
-# define X509V3_F_I2S_ASN1_IA5STRING                      149
-# define X509V3_F_I2S_ASN1_INTEGER                        120
-# define X509V3_F_I2V_AUTHORITY_INFO_ACCESS               138
-# define X509V3_F_NOTICE_SECTION                          132
-# define X509V3_F_NREF_NOS                                133
-# define X509V3_F_POLICY_SECTION                          131
-# define X509V3_F_PROCESS_PCI_VALUE                       150
-# define X509V3_F_R2I_CERTPOL                             130
-# define X509V3_F_R2I_PCI                                 155
-# define X509V3_F_S2I_ASN1_IA5STRING                      100
-# define X509V3_F_S2I_ASN1_INTEGER                        108
-# define X509V3_F_S2I_ASN1_OCTET_STRING                   112
-# define X509V3_F_S2I_ASN1_SKEY_ID                        114
-# define X509V3_F_S2I_SKEY_ID                             115
-# define X509V3_F_SET_DIST_POINT_NAME                     158
-# define X509V3_F_STRING_TO_HEX                           113
-# define X509V3_F_SXNET_ADD_ID_ASC                        125
-# define X509V3_F_SXNET_ADD_ID_INTEGER                    126
-# define X509V3_F_SXNET_ADD_ID_ULONG                      127
-# define X509V3_F_SXNET_GET_ID_ASC                        128
-# define X509V3_F_SXNET_GET_ID_ULONG                      129
-# define X509V3_F_V2I_ASIDENTIFIERS                       163
-# define X509V3_F_V2I_ASN1_BIT_STRING                     101
-# define X509V3_F_V2I_AUTHORITY_INFO_ACCESS               139
-# define X509V3_F_V2I_AUTHORITY_KEYID                     119
-# define X509V3_F_V2I_BASIC_CONSTRAINTS                   102
-# define X509V3_F_V2I_CRLD                                134
-# define X509V3_F_V2I_EXTENDED_KEY_USAGE                  103
-# define X509V3_F_V2I_GENERAL_NAMES                       118
-# define X509V3_F_V2I_GENERAL_NAME_EX                     117
-# define X509V3_F_V2I_IDP                                 157
-# define X509V3_F_V2I_IPADDRBLOCKS                        159
-# define X509V3_F_V2I_ISSUER_ALT                          153
-# define X509V3_F_V2I_NAME_CONSTRAINTS                    147
-# define X509V3_F_V2I_POLICY_CONSTRAINTS                  146
-# define X509V3_F_V2I_POLICY_MAPPINGS                     145
-# define X509V3_F_V2I_SUBJECT_ALT                         154
-# define X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL          160
-# define X509V3_F_V3_GENERIC_EXTENSION                    116
-# define X509V3_F_X509V3_ADD1_I2D                         140
-# define X509V3_F_X509V3_ADD_VALUE                        105
-# define X509V3_F_X509V3_EXT_ADD                          104
-# define X509V3_F_X509V3_EXT_ADD_ALIAS                    106
-# define X509V3_F_X509V3_EXT_CONF                         107
-# define X509V3_F_X509V3_EXT_FREE                         165
-# define X509V3_F_X509V3_EXT_I2D                          136
-# define X509V3_F_X509V3_EXT_NCONF                        152
-# define X509V3_F_X509V3_GET_SECTION                      142
-# define X509V3_F_X509V3_GET_STRING                       143
-# define X509V3_F_X509V3_GET_VALUE_BOOL                   110
-# define X509V3_F_X509V3_PARSE_LIST                       109
-# define X509V3_F_X509_PURPOSE_ADD                        137
-# define X509V3_F_X509_PURPOSE_SET                        141
-
-/* Reason codes. */
-# define X509V3_R_BAD_IP_ADDRESS                          118
-# define X509V3_R_BAD_OBJECT                              119
-# define X509V3_R_BN_DEC2BN_ERROR                         100
-# define X509V3_R_BN_TO_ASN1_INTEGER_ERROR                101
-# define X509V3_R_CANNOT_FIND_FREE_FUNCTION               168
-# define X509V3_R_DIRNAME_ERROR                           149
-# define X509V3_R_DISTPOINT_ALREADY_SET                   160
-# define X509V3_R_DUPLICATE_ZONE_ID                       133
-# define X509V3_R_ERROR_CONVERTING_ZONE                   131
-# define X509V3_R_ERROR_CREATING_EXTENSION                144
-# define X509V3_R_ERROR_IN_EXTENSION                      128
-# define X509V3_R_EXPECTED_A_SECTION_NAME                 137
-# define X509V3_R_EXTENSION_EXISTS                        145
-# define X509V3_R_EXTENSION_NAME_ERROR                    115
-# define X509V3_R_EXTENSION_NOT_FOUND                     102
-# define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED         103
-# define X509V3_R_EXTENSION_VALUE_ERROR                   116
-# define X509V3_R_ILLEGAL_EMPTY_EXTENSION                 151
-# define X509V3_R_ILLEGAL_HEX_DIGIT                       113
-# define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG             152
-# define X509V3_R_INVALID_ASNUMBER                        162
-# define X509V3_R_INVALID_ASRANGE                         163
-# define X509V3_R_INVALID_BOOLEAN_STRING                  104
-# define X509V3_R_INVALID_EXTENSION_STRING                105
-# define X509V3_R_INVALID_INHERITANCE                     165
-# define X509V3_R_INVALID_IPADDRESS                       166
-# define X509V3_R_INVALID_MULTIPLE_RDNS                   161
-# define X509V3_R_INVALID_NAME                            106
-# define X509V3_R_INVALID_NULL_ARGUMENT                   107
-# define X509V3_R_INVALID_NULL_NAME                       108
-# define X509V3_R_INVALID_NULL_VALUE                      109
-# define X509V3_R_INVALID_NUMBER                          140
-# define X509V3_R_INVALID_NUMBERS                         141
-# define X509V3_R_INVALID_OBJECT_IDENTIFIER               110
-# define X509V3_R_INVALID_OPTION                          138
-# define X509V3_R_INVALID_POLICY_IDENTIFIER               134
-# define X509V3_R_INVALID_PROXY_POLICY_SETTING            153
-# define X509V3_R_INVALID_PURPOSE                         146
-# define X509V3_R_INVALID_SAFI                            164
-# define X509V3_R_INVALID_SECTION                         135
-# define X509V3_R_INVALID_SYNTAX                          143
-# define X509V3_R_ISSUER_DECODE_ERROR                     126
-# define X509V3_R_MISSING_VALUE                           124
-# define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS           142
-# define X509V3_R_NO_CONFIG_DATABASE                      136
-# define X509V3_R_NO_ISSUER_CERTIFICATE                   121
-# define X509V3_R_NO_ISSUER_DETAILS                       127
-# define X509V3_R_NO_POLICY_IDENTIFIER                    139
-# define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED   154
-# define X509V3_R_NO_PUBLIC_KEY                           114
-# define X509V3_R_NO_SUBJECT_DETAILS                      125
-# define X509V3_R_ODD_NUMBER_OF_DIGITS                    112
-# define X509V3_R_OPERATION_NOT_DEFINED                   148
-# define X509V3_R_OTHERNAME_ERROR                         147
-# define X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED         155
-# define X509V3_R_POLICY_PATH_LENGTH                      156
-# define X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED      157
-# define X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED   158
-# define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159
-# define X509V3_R_SECTION_NOT_FOUND                       150
-# define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS            122
-# define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID              123
-# define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT             111
-# define X509V3_R_UNKNOWN_EXTENSION                       129
-# define X509V3_R_UNKNOWN_EXTENSION_NAME                  130
-# define X509V3_R_UNKNOWN_OPTION                          120
-# define X509V3_R_UNSUPPORTED_OPTION                      117
-# define X509V3_R_UNSUPPORTED_TYPE                        167
-# define X509V3_R_USER_TOO_LONG                           132
-
-#ifdef  __cplusplus
+typedef struct NamingAuthority_st NAMING_AUTHORITY;
+typedef struct ProfessionInfo_st PROFESSION_INFO;
+typedef struct Admissions_st ADMISSIONS;
+typedef struct AdmissionSyntax_st ADMISSION_SYNTAX;
+DECLARE_ASN1_FUNCTIONS(NAMING_AUTHORITY)
+DECLARE_ASN1_FUNCTIONS(PROFESSION_INFO)
+DECLARE_ASN1_FUNCTIONS(ADMISSIONS)
+DECLARE_ASN1_FUNCTIONS(ADMISSION_SYNTAX)
+DEFINE_STACK_OF(ADMISSIONS)
+DEFINE_STACK_OF(PROFESSION_INFO)
+typedef STACK_OF(PROFESSION_INFO) PROFESSION_INFOS;
+
+const ASN1_OBJECT *NAMING_AUTHORITY_get0_authorityId(
+    const NAMING_AUTHORITY *n);
+const ASN1_IA5STRING *NAMING_AUTHORITY_get0_authorityURL(
+    const NAMING_AUTHORITY *n);
+const ASN1_STRING *NAMING_AUTHORITY_get0_authorityText(
+    const NAMING_AUTHORITY *n);
+void NAMING_AUTHORITY_set0_authorityId(NAMING_AUTHORITY *n,
+    ASN1_OBJECT* namingAuthorityId);
+void NAMING_AUTHORITY_set0_authorityURL(NAMING_AUTHORITY *n,
+    ASN1_IA5STRING* namingAuthorityUrl);
+void NAMING_AUTHORITY_set0_authorityText(NAMING_AUTHORITY *n,
+    ASN1_STRING* namingAuthorityText);
+
+const GENERAL_NAME *ADMISSION_SYNTAX_get0_admissionAuthority(
+    const ADMISSION_SYNTAX *as);
+void ADMISSION_SYNTAX_set0_admissionAuthority(
+    ADMISSION_SYNTAX *as, GENERAL_NAME *aa);
+const STACK_OF(ADMISSIONS) *ADMISSION_SYNTAX_get0_contentsOfAdmissions(
+    const ADMISSION_SYNTAX *as);
+void ADMISSION_SYNTAX_set0_contentsOfAdmissions(
+    ADMISSION_SYNTAX *as, STACK_OF(ADMISSIONS) *a);
+const GENERAL_NAME *ADMISSIONS_get0_admissionAuthority(const ADMISSIONS *a);
+void ADMISSIONS_set0_admissionAuthority(ADMISSIONS *a, GENERAL_NAME *aa);
+const NAMING_AUTHORITY *ADMISSIONS_get0_namingAuthority(const ADMISSIONS *a);
+void ADMISSIONS_set0_namingAuthority(ADMISSIONS *a, NAMING_AUTHORITY *na);
+const PROFESSION_INFOS *ADMISSIONS_get0_professionInfos(const ADMISSIONS *a);
+void ADMISSIONS_set0_professionInfos(ADMISSIONS *a, PROFESSION_INFOS *pi);
+const ASN1_OCTET_STRING *PROFESSION_INFO_get0_addProfessionInfo(
+    const PROFESSION_INFO *pi);
+void PROFESSION_INFO_set0_addProfessionInfo(
+    PROFESSION_INFO *pi, ASN1_OCTET_STRING *aos);
+const NAMING_AUTHORITY *PROFESSION_INFO_get0_namingAuthority(
+    const PROFESSION_INFO *pi);
+void PROFESSION_INFO_set0_namingAuthority(
+    PROFESSION_INFO *pi, NAMING_AUTHORITY *na);
+const STACK_OF(ASN1_STRING) *PROFESSION_INFO_get0_professionItems(
+    const PROFESSION_INFO *pi);
+void PROFESSION_INFO_set0_professionItems(
+    PROFESSION_INFO *pi, STACK_OF(ASN1_STRING) *as);
+const STACK_OF(ASN1_OBJECT) *PROFESSION_INFO_get0_professionOIDs(
+    const PROFESSION_INFO *pi);
+void PROFESSION_INFO_set0_professionOIDs(
+    PROFESSION_INFO *pi, STACK_OF(ASN1_OBJECT) *po);
+const ASN1_PRINTABLESTRING *PROFESSION_INFO_get0_registrationNumber(
+    const PROFESSION_INFO *pi);
+void PROFESSION_INFO_set0_registrationNumber(
+    PROFESSION_INFO *pi, ASN1_PRINTABLESTRING *rn);
+
+# ifdef  __cplusplus
 }
-#endif
+# endif
 #endif
diff --git a/freebsd/crypto/openssl/include/openssl/x509v3err.h b/freebsd/crypto/openssl/include/openssl/x509v3err.h
new file mode 100644
index 00000000..6b3df12b
--- /dev/null
+++ b/freebsd/crypto/openssl/include/openssl/x509v3err.h
@@ -0,0 +1,158 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_X509V3ERR_H
+# define HEADER_X509V3ERR_H
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_X509V3_strings(void);
+
+/*
+ * X509V3 function codes.
+ */
+# define X509V3_F_A2I_GENERAL_NAME                        164
+# define X509V3_F_ADDR_VALIDATE_PATH_INTERNAL             166
+# define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE             161
+# define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL         162
+# define X509V3_F_BIGNUM_TO_STRING                        167
+# define X509V3_F_COPY_EMAIL                              122
+# define X509V3_F_COPY_ISSUER                             123
+# define X509V3_F_DO_DIRNAME                              144
+# define X509V3_F_DO_EXT_I2D                              135
+# define X509V3_F_DO_EXT_NCONF                            151
+# define X509V3_F_GNAMES_FROM_SECTNAME                    156
+# define X509V3_F_I2S_ASN1_ENUMERATED                     121
+# define X509V3_F_I2S_ASN1_IA5STRING                      149
+# define X509V3_F_I2S_ASN1_INTEGER                        120
+# define X509V3_F_I2V_AUTHORITY_INFO_ACCESS               138
+# define X509V3_F_LEVEL_ADD_NODE                          168
+# define X509V3_F_NOTICE_SECTION                          132
+# define X509V3_F_NREF_NOS                                133
+# define X509V3_F_POLICY_CACHE_CREATE                     169
+# define X509V3_F_POLICY_CACHE_NEW                        170
+# define X509V3_F_POLICY_DATA_NEW                         171
+# define X509V3_F_POLICY_SECTION                          131
+# define X509V3_F_PROCESS_PCI_VALUE                       150
+# define X509V3_F_R2I_CERTPOL                             130
+# define X509V3_F_R2I_PCI                                 155
+# define X509V3_F_S2I_ASN1_IA5STRING                      100
+# define X509V3_F_S2I_ASN1_INTEGER                        108
+# define X509V3_F_S2I_ASN1_OCTET_STRING                   112
+# define X509V3_F_S2I_SKEY_ID                             115
+# define X509V3_F_SET_DIST_POINT_NAME                     158
+# define X509V3_F_SXNET_ADD_ID_ASC                        125
+# define X509V3_F_SXNET_ADD_ID_INTEGER                    126
+# define X509V3_F_SXNET_ADD_ID_ULONG                      127
+# define X509V3_F_SXNET_GET_ID_ASC                        128
+# define X509V3_F_SXNET_GET_ID_ULONG                      129
+# define X509V3_F_TREE_INIT                               172
+# define X509V3_F_V2I_ASIDENTIFIERS                       163
+# define X509V3_F_V2I_ASN1_BIT_STRING                     101
+# define X509V3_F_V2I_AUTHORITY_INFO_ACCESS               139
+# define X509V3_F_V2I_AUTHORITY_KEYID                     119
+# define X509V3_F_V2I_BASIC_CONSTRAINTS                   102
+# define X509V3_F_V2I_CRLD                                134
+# define X509V3_F_V2I_EXTENDED_KEY_USAGE                  103
+# define X509V3_F_V2I_GENERAL_NAMES                       118
+# define X509V3_F_V2I_GENERAL_NAME_EX                     117
+# define X509V3_F_V2I_IDP                                 157
+# define X509V3_F_V2I_IPADDRBLOCKS                        159
+# define X509V3_F_V2I_ISSUER_ALT                          153
+# define X509V3_F_V2I_NAME_CONSTRAINTS                    147
+# define X509V3_F_V2I_POLICY_CONSTRAINTS                  146
+# define X509V3_F_V2I_POLICY_MAPPINGS                     145
+# define X509V3_F_V2I_SUBJECT_ALT                         154
+# define X509V3_F_V2I_TLS_FEATURE                         165
+# define X509V3_F_V3_GENERIC_EXTENSION                    116
+# define X509V3_F_X509V3_ADD1_I2D                         140
+# define X509V3_F_X509V3_ADD_VALUE                        105
+# define X509V3_F_X509V3_EXT_ADD                          104
+# define X509V3_F_X509V3_EXT_ADD_ALIAS                    106
+# define X509V3_F_X509V3_EXT_I2D                          136
+# define X509V3_F_X509V3_EXT_NCONF                        152
+# define X509V3_F_X509V3_GET_SECTION                      142
+# define X509V3_F_X509V3_GET_STRING                       143
+# define X509V3_F_X509V3_GET_VALUE_BOOL                   110
+# define X509V3_F_X509V3_PARSE_LIST                       109
+# define X509V3_F_X509_PURPOSE_ADD                        137
+# define X509V3_F_X509_PURPOSE_SET                        141
+
+/*
+ * X509V3 reason codes.
+ */
+# define X509V3_R_BAD_IP_ADDRESS                          118
+# define X509V3_R_BAD_OBJECT                              119
+# define X509V3_R_BN_DEC2BN_ERROR                         100
+# define X509V3_R_BN_TO_ASN1_INTEGER_ERROR                101
+# define X509V3_R_DIRNAME_ERROR                           149
+# define X509V3_R_DISTPOINT_ALREADY_SET                   160
+# define X509V3_R_DUPLICATE_ZONE_ID                       133
+# define X509V3_R_ERROR_CONVERTING_ZONE                   131
+# define X509V3_R_ERROR_CREATING_EXTENSION                144
+# define X509V3_R_ERROR_IN_EXTENSION                      128
+# define X509V3_R_EXPECTED_A_SECTION_NAME                 137
+# define X509V3_R_EXTENSION_EXISTS                        145
+# define X509V3_R_EXTENSION_NAME_ERROR                    115
+# define X509V3_R_EXTENSION_NOT_FOUND                     102
+# define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED         103
+# define X509V3_R_EXTENSION_VALUE_ERROR                   116
+# define X509V3_R_ILLEGAL_EMPTY_EXTENSION                 151
+# define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG             152
+# define X509V3_R_INVALID_ASNUMBER                        162
+# define X509V3_R_INVALID_ASRANGE                         163
+# define X509V3_R_INVALID_BOOLEAN_STRING                  104
+# define X509V3_R_INVALID_EXTENSION_STRING                105
+# define X509V3_R_INVALID_INHERITANCE                     165
+# define X509V3_R_INVALID_IPADDRESS                       166
+# define X509V3_R_INVALID_MULTIPLE_RDNS                   161
+# define X509V3_R_INVALID_NAME                            106
+# define X509V3_R_INVALID_NULL_ARGUMENT                   107
+# define X509V3_R_INVALID_NULL_NAME                       108
+# define X509V3_R_INVALID_NULL_VALUE                      109
+# define X509V3_R_INVALID_NUMBER                          140
+# define X509V3_R_INVALID_NUMBERS                         141
+# define X509V3_R_INVALID_OBJECT_IDENTIFIER               110
+# define X509V3_R_INVALID_OPTION                          138
+# define X509V3_R_INVALID_POLICY_IDENTIFIER               134
+# define X509V3_R_INVALID_PROXY_POLICY_SETTING            153
+# define X509V3_R_INVALID_PURPOSE                         146
+# define X509V3_R_INVALID_SAFI                            164
+# define X509V3_R_INVALID_SECTION                         135
+# define X509V3_R_INVALID_SYNTAX                          143
+# define X509V3_R_ISSUER_DECODE_ERROR                     126
+# define X509V3_R_MISSING_VALUE                           124
+# define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS           142
+# define X509V3_R_NO_CONFIG_DATABASE                      136
+# define X509V3_R_NO_ISSUER_CERTIFICATE                   121
+# define X509V3_R_NO_ISSUER_DETAILS                       127
+# define X509V3_R_NO_POLICY_IDENTIFIER                    139
+# define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED   154
+# define X509V3_R_NO_PUBLIC_KEY                           114
+# define X509V3_R_NO_SUBJECT_DETAILS                      125
+# define X509V3_R_OPERATION_NOT_DEFINED                   148
+# define X509V3_R_OTHERNAME_ERROR                         147
+# define X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED         155
+# define X509V3_R_POLICY_PATH_LENGTH                      156
+# define X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED      157
+# define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159
+# define X509V3_R_SECTION_NOT_FOUND                       150
+# define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS            122
+# define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID              123
+# define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT             111
+# define X509V3_R_UNKNOWN_EXTENSION                       129
+# define X509V3_R_UNKNOWN_EXTENSION_NAME                  130
+# define X509V3_R_UNKNOWN_OPTION                          120
+# define X509V3_R_UNSUPPORTED_OPTION                      117
+# define X509V3_R_UNSUPPORTED_TYPE                        167
+# define X509V3_R_USER_TOO_LONG                           132
+
+#endif
diff --git a/freebsd/crypto/openssl/ssl/bad_dtls_test.c b/freebsd/crypto/openssl/ssl/bad_dtls_test.c
deleted file mode 100644
index a31bebbb..00000000
--- a/freebsd/crypto/openssl/ssl/bad_dtls_test.c
+++ /dev/null
@@ -1,928 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/*
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-/*
- * Unit test for Cisco DTLS1_BAD_VER session resume, as used by
- * AnyConnect VPN protocol.
- *
- * This is designed to exercise the code paths in
- * http://git.infradead.org/users/dwmw2/openconnect.git/blob/HEAD:/dtls.c
- * which have frequently been affected by regressions in DTLS1_BAD_VER
- * support.
- *
- * Note that unlike other SSL tests, we don't test against our own SSL
- * server method. Firstly because we don't have one; we *only* support
- * DTLS1_BAD_VER as a client. And secondly because even if that were
- * fixed up it's the wrong thing to test against - because if changes
- * are made in generic DTLS code which don't take DTLS1_BAD_VER into
- * account, there's plenty of scope for making those changes such that
- * they break *both* the client and the server in the same way.
- *
- * So we handle the server side manually. In a session resume there isn't
- * much to be done anyway.
- */
-#include <string.h>
-
-/* On Windows this will include <winsock2.h> and thus it needs to be
- * included *before* anything that includes <windows.h>. Ick. */
-#include "e_os.h" /* for 'inline' */
-
-#include <openssl/bio.h>
-#include <openssl/crypto.h>
-#include <openssl/evp.h>
-#include <openssl/ssl.h>
-#include <openssl/err.h>
-#include <openssl/rand.h>
-
-/* PACKET functions lifted from OpenSSL 1.1's ssl/packet_locl.h */
-typedef struct {
-    /* Pointer to where we are currently reading from */
-    const unsigned char *curr;
-    /* Number of bytes remaining */
-    size_t remaining;
-} PACKET;
-
-/* Internal unchecked shorthand; don't use outside this file. */
-static inline void packet_forward(PACKET *pkt, size_t len)
-{
-    pkt->curr += len;
-    pkt->remaining -= len;
-}
-
-/*
- * Returns the number of bytes remaining to be read in the PACKET
- */
-static inline size_t PACKET_remaining(const PACKET *pkt)
-{
-    return pkt->remaining;
-}
-
-/*
- * Initialise a PACKET with |len| bytes held in |buf|. This does not make a
- * copy of the data so |buf| must be present for the whole time that the PACKET
- * is being used.
- */
-static inline int PACKET_buf_init(PACKET *pkt,
-                                              const unsigned char *buf,
-                                              size_t len)
-{
-    /* Sanity check for negative values. */
-    if (len > (size_t)65536)
-        return 0;
-
-    pkt->curr = buf;
-    pkt->remaining = len;
-    return 1;
-}
-
-/*
- * Returns 1 if the packet has length |num| and its contents equal the |num|
- * bytes read from |ptr|. Returns 0 otherwise (lengths or contents not equal).
- * If lengths are equal, performs the comparison in constant time.
- */
-static inline int PACKET_equal(const PACKET *pkt, const void *ptr,
-                                           size_t num)
-{
-    if (PACKET_remaining(pkt) != num)
-        return 0;
-    return CRYPTO_memcmp(pkt->curr, ptr, num) == 0;
-}
-
-/*
- * Peek ahead at 2 bytes in network order from |pkt| and store the value in
- * |*data|
- */
-static inline int PACKET_peek_net_2(const PACKET *pkt,
-                                                unsigned int *data)
-{
-    if (PACKET_remaining(pkt) < 2)
-        return 0;
-
-    *data = ((unsigned int)(*pkt->curr)) << 8;
-    *data |= *(pkt->curr + 1);
-
-    return 1;
-}
-
-/* Equivalent of n2s */
-/* Get 2 bytes in network order from |pkt| and store the value in |*data| */
-static inline int PACKET_get_net_2(PACKET *pkt,
-                                               unsigned int *data)
-{
-    if (!PACKET_peek_net_2(pkt, data))
-        return 0;
-
-    packet_forward(pkt, 2);
-
-    return 1;
-}
-
-/* Peek ahead at 1 byte from |pkt| and store the value in |*data| */
-static inline int PACKET_peek_1(const PACKET *pkt,
-                                            unsigned int *data)
-{
-    if (!PACKET_remaining(pkt))
-        return 0;
-
-    *data = *pkt->curr;
-
-    return 1;
-}
-
-/* Get 1 byte from |pkt| and store the value in |*data| */
-static inline int PACKET_get_1(PACKET *pkt, unsigned int *data)
-{
-    if (!PACKET_peek_1(pkt, data))
-        return 0;
-
-    packet_forward(pkt, 1);
-
-    return 1;
-}
-
-/*
- * Peek ahead at |len| bytes from the |pkt| and store a pointer to them in
- * |*data|. This just points at the underlying buffer that |pkt| is using. The
- * caller should not free this data directly (it will be freed when the
- * underlying buffer gets freed
- */
-static inline int PACKET_peek_bytes(const PACKET *pkt,
-                                                const unsigned char **data,
-                                                size_t len)
-{
-    if (PACKET_remaining(pkt) < len)
-        return 0;
-
-    *data = pkt->curr;
-
-    return 1;
-}
-
-/*
- * Read |len| bytes from the |pkt| and store a pointer to them in |*data|. This
- * just points at the underlying buffer that |pkt| is using. The caller should
- * not free this data directly (it will be freed when the underlying buffer gets
- * freed
- */
-static inline int PACKET_get_bytes(PACKET *pkt,
-                                               const unsigned char **data,
-                                               size_t len)
-{
-    if (!PACKET_peek_bytes(pkt, data, len))
-        return 0;
-
-    packet_forward(pkt, len);
-
-    return 1;
-}
-
-/* Peek ahead at |len| bytes from |pkt| and copy them to |data| */
-static inline int PACKET_peek_copy_bytes(const PACKET *pkt,
-                                                     unsigned char *data,
-                                                     size_t len)
-{
-    if (PACKET_remaining(pkt) < len)
-        return 0;
-
-    memcpy(data, pkt->curr, len);
-
-    return 1;
-}
-
-/*
- * Read |len| bytes from |pkt| and copy them to |data|.
- * The caller is responsible for ensuring that |data| can hold |len| bytes.
- */
-static inline int PACKET_copy_bytes(PACKET *pkt,
-                                                unsigned char *data,
-                                                size_t len)
-{
-    if (!PACKET_peek_copy_bytes(pkt, data, len))
-        return 0;
-
-    packet_forward(pkt, len);
-
-    return 1;
-}
-
-
-/* Move the current reading position forward |len| bytes */
-static inline int PACKET_forward(PACKET *pkt, size_t len)
-{
-    if (PACKET_remaining(pkt) < len)
-        return 0;
-
-    packet_forward(pkt, len);
-
-    return 1;
-}
-
-/*
- * Reads a variable-length vector prefixed with a one-byte length, and stores
- * the contents in |subpkt|. |pkt| can equal |subpkt|.
- * Data is not copied: the |subpkt| packet will share its underlying buffer with
- * the original |pkt|, so data wrapped by |pkt| must outlive the |subpkt|.
- * Upon failure, the original |pkt| and |subpkt| are not modified.
- */
-static inline int PACKET_get_length_prefixed_1(PACKET *pkt,
-                                                           PACKET *subpkt)
-{
-    unsigned int length;
-    const unsigned char *data;
-    PACKET tmp = *pkt;
-    if (!PACKET_get_1(&tmp, &length) ||
-        !PACKET_get_bytes(&tmp, &data, (size_t)length)) {
-        return 0;
-    }
-
-    *pkt = tmp;
-    subpkt->curr = data;
-    subpkt->remaining = length;
-
-    return 1;
-}
-
-#define OSSL_NELEM(x)    (sizeof(x)/sizeof(x[0]))
-
-/* For DTLS1_BAD_VER packets the MAC doesn't include the handshake header */
-#define MAC_OFFSET (DTLS1_RT_HEADER_LENGTH + DTLS1_HM_HEADER_LENGTH)
-
-static unsigned char client_random[SSL3_RANDOM_SIZE];
-static unsigned char server_random[SSL3_RANDOM_SIZE];
-
-/* These are all generated locally, sized purely according to our own whim */
-static unsigned char session_id[32];
-static unsigned char master_secret[48];
-static unsigned char cookie[20];
-
-/* We've hard-coded the cipher suite; we know it's 104 bytes */
-static unsigned char key_block[104];
-#define mac_key (key_block + 20)
-#define dec_key (key_block + 40)
-#define enc_key (key_block + 56)
-
-static EVP_MD_CTX handshake_md5;
-static EVP_MD_CTX handshake_sha1;
-
-/* PRF lifted from ssl/t1_enc.c since we can't easily use it directly */
-static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
-                       int sec_len,
-                       const void *seed1, int seed1_len,
-                       const void *seed2, int seed2_len,
-                       const void *seed3, int seed3_len,
-                       unsigned char *out, int olen)
-{
-    int chunk;
-    size_t j;
-    EVP_MD_CTX ctx, ctx_tmp, ctx_init;
-    EVP_PKEY *prf_mac_key;
-    unsigned char A1[EVP_MAX_MD_SIZE];
-    size_t A1_len;
-    int ret = 0;
-
-    chunk = EVP_MD_size(md);
-    OPENSSL_assert(chunk >= 0);
-
-    EVP_MD_CTX_init(&ctx);
-    EVP_MD_CTX_init(&ctx_tmp);
-    EVP_MD_CTX_init(&ctx_init);
-    EVP_MD_CTX_set_flags(&ctx_init, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-    prf_mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, sec, sec_len);
-    if (!prf_mac_key)
-        goto err;
-    if (!EVP_DigestSignInit(&ctx_init, NULL, md, NULL, prf_mac_key))
-        goto err;
-    if (!EVP_MD_CTX_copy_ex(&ctx, &ctx_init))
-        goto err;
-    if (seed1 && !EVP_DigestSignUpdate(&ctx, seed1, seed1_len))
-        goto err;
-    if (seed2 && !EVP_DigestSignUpdate(&ctx, seed2, seed2_len))
-        goto err;
-    if (seed3 && !EVP_DigestSignUpdate(&ctx, seed3, seed3_len))
-        goto err;
-    if (!EVP_DigestSignFinal(&ctx, A1, &A1_len))
-        goto err;
-
-    for (;;) {
-        /* Reinit mac contexts */
-        if (!EVP_MD_CTX_copy_ex(&ctx, &ctx_init))
-            goto err;
-        if (!EVP_DigestSignUpdate(&ctx, A1, A1_len))
-            goto err;
-        if (olen > chunk && !EVP_MD_CTX_copy_ex(&ctx_tmp, &ctx))
-            goto err;
-        if (seed1 && !EVP_DigestSignUpdate(&ctx, seed1, seed1_len))
-            goto err;
-        if (seed2 && !EVP_DigestSignUpdate(&ctx, seed2, seed2_len))
-            goto err;
-        if (seed3 && !EVP_DigestSignUpdate(&ctx, seed3, seed3_len))
-            goto err;
-
-        if (olen > chunk) {
-            if (!EVP_DigestSignFinal(&ctx, out, &j))
-                goto err;
-            out += j;
-            olen -= j;
-            /* calc the next A1 value */
-            if (!EVP_DigestSignFinal(&ctx_tmp, A1, &A1_len))
-                goto err;
-        } else {                /* last one */
-
-            if (!EVP_DigestSignFinal(&ctx, A1, &A1_len))
-                goto err;
-            memcpy(out, A1, olen);
-            break;
-        }
-    }
-    ret = 1;
- err:
-    EVP_PKEY_free(prf_mac_key);
-    EVP_MD_CTX_cleanup(&ctx);
-    EVP_MD_CTX_cleanup(&ctx_tmp);
-    EVP_MD_CTX_cleanup(&ctx_init);
-    OPENSSL_cleanse(A1, sizeof(A1));
-    return ret;
-}
-
-/* seed1 through seed5 are virtually concatenated */
-static int do_PRF(const void *seed1, int seed1_len,
-                  const void *seed2, int seed2_len,
-                  const void *seed3, int seed3_len,
-                  unsigned char *out, int olen)
-{
-    unsigned char out2[104];
-    int i, len;
-
-    if (olen > (int)sizeof(out2))
-        return 0;
-
-    len = sizeof(master_secret) / 2;
-
-    if (!tls1_P_hash(EVP_md5(), master_secret, len,
-                     seed1, seed1_len, seed2, seed2_len, seed3,
-                     seed3_len, out, olen))
-        return 0;
-
-    if (!tls1_P_hash(EVP_sha1(), master_secret + len, len,
-                     seed1, seed1_len, seed2, seed2_len, seed3,
-                     seed3_len, out2, olen))
-        return 0;
-
-    for (i = 0; i < olen; i++) {
-        out[i] ^= out2[i];
-    }
-
-    return 1;
-}
-
-static SSL_SESSION *client_session(void)
-{
-    static unsigned char session_asn1[] = {
-        0x30, 0x5F,              /* SEQUENCE, length 0x5F */
-        0x02, 0x01, 0x01,        /* INTEGER, SSL_SESSION_ASN1_VERSION */
-        0x02, 0x02, 0x01, 0x00,  /* INTEGER, DTLS1_BAD_VER */
-        0x04, 0x02, 0x00, 0x2F,  /* OCTET_STRING, AES128-SHA */
-        0x04, 0x20,              /* OCTET_STRING, session id */
-#define SS_SESSID_OFS 15 /* Session ID goes here */
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x04, 0x30,              /* OCTET_STRING, master secret */
-#define SS_SECRET_OFS 49 /* Master secret goes here */
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-    };
-    const unsigned char *p = session_asn1;
-
-    /* Copy the randomly-generated fields into the above ASN1 */
-    memcpy(session_asn1 + SS_SESSID_OFS, session_id, sizeof(session_id));
-    memcpy(session_asn1 + SS_SECRET_OFS, master_secret, sizeof(master_secret));
-
-    return d2i_SSL_SESSION(NULL, &p, sizeof(session_asn1));
-}
-
-/* Returns 1 for initial ClientHello, 2 for ClientHello with cookie */
-static int validate_client_hello(BIO *wbio)
-{
-    PACKET pkt, pkt2;
-    long len;
-    unsigned char *data;
-    int cookie_found = 0;
-    unsigned int u;
-
-    len = BIO_get_mem_data(wbio, (char **)&data);
-    if (!PACKET_buf_init(&pkt, data, len))
-        return 0;
-
-    /* Check record header type */
-    if (!PACKET_get_1(&pkt, &u) || u != SSL3_RT_HANDSHAKE)
-        return 0;
-    /* Version */
-    if (!PACKET_get_net_2(&pkt, &u) || u != DTLS1_BAD_VER)
-        return 0;
-    /* Skip the rest of the record header */
-    if (!PACKET_forward(&pkt, DTLS1_RT_HEADER_LENGTH - 3))
-        return 0;
-
-    /* Check it's a ClientHello */
-    if (!PACKET_get_1(&pkt, &u) || u != SSL3_MT_CLIENT_HELLO)
-        return 0;
-    /* Skip the rest of the handshake message header */
-    if (!PACKET_forward(&pkt, DTLS1_HM_HEADER_LENGTH - 1))
-        return 0;
-
-    /* Check client version */
-    if (!PACKET_get_net_2(&pkt, &u) || u != DTLS1_BAD_VER)
-        return 0;
-
-    /* Store random */
-    if (!PACKET_copy_bytes(&pkt, client_random, SSL3_RANDOM_SIZE))
-        return 0;
-
-    /* Check session id length and content */
-    if (!PACKET_get_length_prefixed_1(&pkt, &pkt2) ||
-        !PACKET_equal(&pkt2, session_id, sizeof(session_id)))
-        return 0;
-
-    /* Check cookie */
-    if (!PACKET_get_length_prefixed_1(&pkt, &pkt2))
-        return 0;
-    if (PACKET_remaining(&pkt2)) {
-        if (!PACKET_equal(&pkt2, cookie, sizeof(cookie)))
-            return 0;
-        cookie_found = 1;
-    }
-
-    /* Skip ciphers */
-    if (!PACKET_get_net_2(&pkt, &u) || !PACKET_forward(&pkt, u))
-        return 0;
-
-    /* Skip compression */
-    if (!PACKET_get_1(&pkt, &u) || !PACKET_forward(&pkt, u))
-        return 0;
-
-    /* Skip extensions */
-    if (!PACKET_get_net_2(&pkt, &u) || !PACKET_forward(&pkt, u))
-        return 0;
-
-    /* Now we are at the end */
-    if (PACKET_remaining(&pkt))
-        return 0;
-
-    /* Update handshake MAC for second ClientHello (with cookie) */
-    if (cookie_found && (!EVP_DigestUpdate(&handshake_md5, data + MAC_OFFSET,
-                                           len - MAC_OFFSET) ||
-                         !EVP_DigestUpdate(&handshake_sha1, data + MAC_OFFSET,
-                                           len - MAC_OFFSET)))
-        printf("EVP_DigestUpdate() failed\n");
-
-    (void)BIO_reset(wbio);
-
-    return 1 + cookie_found;
-}
-
-static int send_hello_verify(BIO *rbio)
-{
-    static unsigned char hello_verify[] = {
-        0x16, /* Handshake */
-        0x01, 0x00, /* DTLS1_BAD_VER */
-        0x00, 0x00, /* Epoch 0 */
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Seq# 0 */
-        0x00, 0x23, /* Length */
-        0x03, /* Hello Verify */
-        0x00, 0x00, 0x17, /* Length */
-        0x00, 0x00, /* Seq# 0 */
-        0x00, 0x00, 0x00, /* Fragment offset */
-        0x00, 0x00, 0x17, /* Fragment length */
-        0x01, 0x00, /* DTLS1_BAD_VER */
-        0x14, /* Cookie length */
-#define HV_COOKIE_OFS 28 /* Cookie goes here */
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00,
-    };
-
-    memcpy(hello_verify + HV_COOKIE_OFS, cookie, sizeof(cookie));
-
-    BIO_write(rbio, hello_verify, sizeof(hello_verify));
-
-    return 1;
-}
-
-static int send_server_hello(BIO *rbio)
-{
-    static unsigned char server_hello[] = {
-        0x16, /* Handshake */
-        0x01, 0x00, /* DTLS1_BAD_VER */
-        0x00, 0x00, /* Epoch 0 */
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x01, /* Seq# 1 */
-        0x00, 0x52, /* Length */
-        0x02, /* Server Hello */
-        0x00, 0x00, 0x46, /* Length */
-        0x00, 0x01, /* Seq# */
-        0x00, 0x00, 0x00, /* Fragment offset */
-        0x00, 0x00, 0x46, /* Fragment length */
-        0x01, 0x00, /* DTLS1_BAD_VER */
-#define SH_RANDOM_OFS 27 /* Server random goes here */
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x20, /* Session ID length */
-#define SH_SESSID_OFS 60 /* Session ID goes here */
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x2f, /* Cipher suite AES128-SHA */
-        0x00, /* Compression null */
-    };
-    static unsigned char change_cipher_spec[] = {
-        0x14, /* Change Cipher Spec */
-        0x01, 0x00, /* DTLS1_BAD_VER */
-        0x00, 0x00, /* Epoch 0 */
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x02, /* Seq# 2 */
-        0x00, 0x03, /* Length */
-        0x01, 0x00, 0x02, /* Message */
-    };
-
-    memcpy(server_hello + SH_RANDOM_OFS, server_random, sizeof(server_random));
-    memcpy(server_hello + SH_SESSID_OFS, session_id, sizeof(session_id));
-
-    if (!EVP_DigestUpdate(&handshake_md5, server_hello + MAC_OFFSET,
-                          sizeof(server_hello) - MAC_OFFSET) ||
-        !EVP_DigestUpdate(&handshake_sha1, server_hello + MAC_OFFSET,
-                          sizeof(server_hello) - MAC_OFFSET))
-        printf("EVP_DigestUpdate() failed\n");
-
-    BIO_write(rbio, server_hello, sizeof(server_hello));
-    BIO_write(rbio, change_cipher_spec, sizeof(change_cipher_spec));
-
-    return 1;
-}
-
-/* Create header, HMAC, pad, encrypt and send a record */
-static int send_record(BIO *rbio, unsigned char type, unsigned long seqnr,
-                       const void *msg, size_t len)
-{
-    /* Note that the order of the record header fields on the wire,
-     * and in the HMAC, is different. So we just keep them in separate
-     * variables and handle them individually. */
-    static unsigned char epoch[2] = { 0x00, 0x01 };
-    static unsigned char seq[6] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
-    static unsigned char ver[2] = { 0x01, 0x00 }; /* DTLS1_BAD_VER */
-    unsigned char lenbytes[2];
-    HMAC_CTX ctx;
-    EVP_CIPHER_CTX enc_ctx;
-    unsigned char iv[16];
-    unsigned char pad;
-    unsigned char *enc;
-
-#ifdef SIXTY_FOUR_BIT_LONG
-    seq[0] = (unsigned char)(seqnr >> 40);
-    seq[1] = (unsigned char)(seqnr >> 32);
-#endif
-    seq[2] = (unsigned char)(seqnr >> 24);
-    seq[3] = (unsigned char)(seqnr >> 16);
-    seq[4] = (unsigned char)(seqnr >> 8);
-    seq[5] = (unsigned char)(seqnr);
-
-    pad = 15 - ((len + SHA_DIGEST_LENGTH) % 16);
-    enc = OPENSSL_malloc(len + SHA_DIGEST_LENGTH + 1 + pad);
-    if (enc == NULL)
-        return 0;
-
-    /* Copy record to encryption buffer */
-    memcpy(enc, msg, len);
-
-    /* Append HMAC to data */
-    HMAC_Init(&ctx, mac_key, 20, EVP_sha1());
-    HMAC_Update(&ctx, epoch, 2);
-    HMAC_Update(&ctx, seq, 6);
-    HMAC_Update(&ctx, &type, 1);
-    HMAC_Update(&ctx, ver, 2); /* Version */
-    lenbytes[0] = (unsigned char)(len >> 8);
-    lenbytes[1] = (unsigned char)(len);
-    HMAC_Update(&ctx, lenbytes, 2); /* Length */
-    HMAC_Update(&ctx, enc, len); /* Finally the data itself */
-    HMAC_Final(&ctx, enc + len, NULL);
-    HMAC_CTX_cleanup(&ctx);
-
-    /* Append padding bytes */
-    len += SHA_DIGEST_LENGTH;
-    do {
-        enc[len++] = pad;
-    } while (len % 16);
-
-    /* Generate IV, and encrypt */
-    RAND_bytes(iv, sizeof(iv));
-    EVP_CIPHER_CTX_init(&enc_ctx);
-    EVP_CipherInit_ex(&enc_ctx, EVP_aes_128_cbc(), NULL, enc_key, iv, 1);
-    EVP_Cipher(&enc_ctx, enc, enc, len);
-    EVP_CIPHER_CTX_cleanup(&enc_ctx);
-
-    /* Finally write header (from fragmented variables), IV and encrypted record */
-    BIO_write(rbio, &type, 1);
-    BIO_write(rbio, ver, 2);
-    BIO_write(rbio, epoch, 2);
-    BIO_write(rbio, seq, 6);
-    lenbytes[0] = (unsigned char)((len + sizeof(iv)) >> 8);
-    lenbytes[1] = (unsigned char)(len + sizeof(iv));
-    BIO_write(rbio, lenbytes, 2);
-
-    BIO_write(rbio, iv, sizeof(iv));
-    BIO_write(rbio, enc, len);
-
-    OPENSSL_free(enc);
-    return 1;
-}
-
-static int send_finished(SSL *s, BIO *rbio)
-{
-    static unsigned char finished_msg[DTLS1_HM_HEADER_LENGTH +
-                                      TLS1_FINISH_MAC_LENGTH] = {
-        0x14, /* Finished */
-        0x00, 0x00, 0x0c, /* Length */
-        0x00, 0x03, /* Seq# 3 */
-        0x00, 0x00, 0x00, /* Fragment offset */
-        0x00, 0x00, 0x0c, /* Fragment length */
-        /* Finished MAC (12 bytes) */
-    };
-    unsigned char handshake_hash[EVP_MAX_MD_SIZE * 2];
-
-    /* Derive key material */
-    do_PRF(TLS_MD_KEY_EXPANSION_CONST, TLS_MD_KEY_EXPANSION_CONST_SIZE,
-           server_random, SSL3_RANDOM_SIZE,
-           client_random, SSL3_RANDOM_SIZE,
-           key_block, sizeof(key_block));
-
-    /* Generate Finished MAC */
-    if (!EVP_DigestFinal_ex(&handshake_md5, handshake_hash, NULL) ||
-        !EVP_DigestFinal_ex(&handshake_sha1, handshake_hash + EVP_MD_CTX_size(&handshake_md5), NULL))
-        printf("EVP_DigestFinal_ex() failed\n");
-
-    do_PRF(TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
-           handshake_hash, EVP_MD_CTX_size(&handshake_md5) + EVP_MD_CTX_size(&handshake_sha1),
-           NULL, 0,
-           finished_msg + DTLS1_HM_HEADER_LENGTH, TLS1_FINISH_MAC_LENGTH);
-
-    return send_record(rbio, SSL3_RT_HANDSHAKE, 0,
-                       finished_msg, sizeof(finished_msg));
-}
-
-static int validate_ccs(BIO *wbio)
-{
-    PACKET pkt;
-    long len;
-    unsigned char *data;
-    unsigned int u;
-
-    len = BIO_get_mem_data(wbio, (char **)&data);
-    if (!PACKET_buf_init(&pkt, data, len))
-        return 0;
-
-    /* Check record header type */
-    if (!PACKET_get_1(&pkt, &u) || u != SSL3_RT_CHANGE_CIPHER_SPEC)
-        return 0;
-    /* Version */
-    if (!PACKET_get_net_2(&pkt, &u) || u != DTLS1_BAD_VER)
-        return 0;
-    /* Skip the rest of the record header */
-    if (!PACKET_forward(&pkt, DTLS1_RT_HEADER_LENGTH - 3))
-        return 0;
-
-    /* Check ChangeCipherSpec message */
-    if (!PACKET_get_1(&pkt, &u) || u != SSL3_MT_CCS)
-        return 0;
-    /* A DTLS1_BAD_VER ChangeCipherSpec also contains the
-     * handshake sequence number (which is 2 here) */
-    if (!PACKET_get_net_2(&pkt, &u) || u != 0x0002)
-        return 0;
-
-    /* Now check the Finished packet */
-    if (!PACKET_get_1(&pkt, &u) || u != SSL3_RT_HANDSHAKE)
-        return 0;
-    if (!PACKET_get_net_2(&pkt, &u) || u != DTLS1_BAD_VER)
-        return 0;
-
-    /* Check epoch is now 1 */
-    if (!PACKET_get_net_2(&pkt, &u) || u != 0x0001)
-        return 0;
-
-    /* That'll do for now. If OpenSSL accepted *our* Finished packet
-     * then it's evidently remembered that DTLS1_BAD_VER doesn't
-     * include the handshake header in the MAC. There's not a lot of
-     * point in implementing decryption here, just to check that it
-     * continues to get it right for one more packet. */
-
-    return 1;
-}
-
-#define NODROP(x) { x##UL, 0 }
-#define DROP(x)   { x##UL, 1 }
-
-static struct {
-    unsigned long seq;
-    int drop;
-} tests[] = {
-    NODROP(1), NODROP(3), NODROP(2),
-    NODROP(0x1234), NODROP(0x1230), NODROP(0x1235),
-    NODROP(0xffff), NODROP(0x10001), NODROP(0xfffe), NODROP(0x10000),
-    DROP(0x10001), DROP(0xff), NODROP(0x100000), NODROP(0x800000), NODROP(0x7fffe1),
-    NODROP(0xffffff), NODROP(0x1000000), NODROP(0xfffffe), DROP(0xffffff), NODROP(0x1000010),
-    NODROP(0xfffffd), NODROP(0x1000011), DROP(0x12), NODROP(0x1000012),
-    NODROP(0x1ffffff), NODROP(0x2000000), DROP(0x1ff00fe), NODROP(0x2000001),
-    NODROP(0x20fffff), NODROP(0x2105500), DROP(0x20ffffe), NODROP(0x21054ff),
-    NODROP(0x211ffff), DROP(0x2110000), NODROP(0x2120000)
-    /* The last test should be NODROP, because a DROP wouldn't get tested. */
-};
-
-int main(int argc, char *argv[])
-{
-    SSL_SESSION *sess;
-    SSL_CTX *ctx;
-    SSL *con;
-    BIO *rbio;
-    BIO *wbio;
-    BIO *err;
-    time_t now = 0;
-    int testresult = 0;
-    int ret;
-    int i;
-
-    SSL_library_init();
-    SSL_load_error_strings();
-
-    err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
-
-    CRYPTO_malloc_debug_init();
-    CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
-    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
-    RAND_bytes(session_id, sizeof(session_id));
-    RAND_bytes(master_secret, sizeof(master_secret));
-    RAND_bytes(cookie, sizeof(cookie));
-    RAND_bytes(server_random + 4, sizeof(server_random) - 4);
-
-    now = time(NULL);
-    memcpy(server_random, &now, sizeof(now));
-
-    sess = client_session();
-    if (sess == NULL) {
-        printf("Failed to generate SSL_SESSION\n");
-        goto end;
-    }
-
-    if (!EVP_DigestInit_ex(&handshake_md5, EVP_md5(), NULL) ||
-        !EVP_DigestInit_ex(&handshake_sha1, EVP_sha1(), NULL)) {
-        printf("Failed to initialise handshake_md\n");
-        goto end;
-    }
-
-    ctx = SSL_CTX_new(DTLSv1_client_method());
-    if (ctx == NULL) {
-        printf("Failed to allocate SSL_CTX\n");
-        goto end_md;
-    }
-    SSL_CTX_set_options(ctx, SSL_OP_CISCO_ANYCONNECT);
-
-    if (!SSL_CTX_set_cipher_list(ctx, "AES128-SHA")) {
-        printf("SSL_CTX_set_cipher_list() failed\n");
-        goto end_ctx;
-    }
-
-    con = SSL_new(ctx);
-    if (!SSL_set_session(con, sess)) {
-        printf("SSL_set_session() failed\n");
-        goto end_con;
-    }
-    SSL_SESSION_free(sess);
-
-    rbio = BIO_new(BIO_s_mem());
-    wbio = BIO_new(BIO_s_mem());
-
-    BIO_set_nbio(rbio, 1);
-    BIO_set_nbio(wbio, 1);
-
-    SSL_set_bio(con, rbio, wbio);
-    SSL_set_connect_state(con);
-
-    /* Send initial ClientHello */
-    ret = SSL_do_handshake(con);
-    if (ret > 0 || SSL_get_error(con, ret) != SSL_ERROR_WANT_READ) {
-        printf("Unexpected handshake result at initial call!\n");
-        goto end_con;
-    }
-
-    if (validate_client_hello(wbio) != 1) {
-        printf("Initial ClientHello failed validation\n");
-        goto end_con;
-    }
-    if (send_hello_verify(rbio) != 1) {
-        printf("Failed to send HelloVerify\n");
-        goto end_con;
-    }
-    ret = SSL_do_handshake(con);
-    if (ret > 0 || SSL_get_error(con, ret) != SSL_ERROR_WANT_READ) {
-        printf("Unexpected handshake result after HelloVerify!\n");
-        goto end_con;
-    }
-    if (validate_client_hello(wbio) != 2) {
-        printf("Second ClientHello failed validation\n");
-        goto end_con;
-    }
-    if (send_server_hello(rbio) != 1) {
-        printf("Failed to send ServerHello\n");
-        goto end_con;
-    }
-    ret = SSL_do_handshake(con);
-    if (ret > 0 || SSL_get_error(con, ret) != SSL_ERROR_WANT_READ) {
-        printf("Unexpected handshake result after ServerHello!\n");
-        goto end_con;
-    }
-    if (send_finished(con, rbio) != 1) {
-        printf("Failed to send Finished\n");
-        goto end_con;
-    }
-    ret = SSL_do_handshake(con);
-    if (ret < 1) {
-        printf("Handshake not successful after Finished!\n");
-        goto end_con;
-    }
-    if (validate_ccs(wbio) != 1) {
-        printf("Failed to validate client CCS/Finished\n");
-        goto end_con;
-    }
-
-    /* While we're here and crafting packets by hand, we might as well do a
-       bit of a stress test on the DTLS record replay handling. Not Cisco-DTLS
-       specific but useful anyway for the general case. It's been broken
-       before, and in fact was broken even for a basic 0, 2, 1 test case
-       when this test was first added.... */
-    for (i = 0; i < (int)OSSL_NELEM(tests); i++) {
-        unsigned long recv_buf[2];
-
-        if (send_record(rbio, SSL3_RT_APPLICATION_DATA, tests[i].seq,
-                        &tests[i].seq, sizeof(unsigned long)) != 1) {
-            printf("Failed to send data seq #0x%lx (%d)\n",
-                   tests[i].seq, i);
-            goto end_con;
-        }
-
-        if (tests[i].drop)
-            continue;
-
-        ret = SSL_read(con, recv_buf, 2 * sizeof(unsigned long));
-        if (ret != sizeof(unsigned long)) {
-            printf("SSL_read failed or wrong size on seq#0x%lx (%d)\n",
-                   tests[i].seq, i);
-            goto end_con;
-        }
-        if (recv_buf[0] != tests[i].seq) {
-            printf("Wrong data packet received (0x%lx not 0x%lx) at packet %d\n",
-                   recv_buf[0], tests[i].seq, i);
-            goto end_con;
-        }
-    }
-    if (tests[i-1].drop) {
-        printf("Error: last test cannot be DROP()\n");
-        goto end_con;
-    }
-    testresult=1;
-
- end_con:
-    SSL_free(con);
- end_ctx:
-    SSL_CTX_free(ctx);
- end_md:
-    EVP_MD_CTX_cleanup(&handshake_md5);
-    EVP_MD_CTX_cleanup(&handshake_sha1);
- end:
-    ERR_print_errors_fp(stderr);
-
-    if (!testresult) {
-        printf("Cisco BadDTLS test: FAILED\n");
-    }
-
-    ERR_free_strings();
-    ERR_remove_thread_state(NULL);
-    EVP_cleanup();
-    CRYPTO_cleanup_all_ex_data();
-    CRYPTO_mem_leaks(err);
-    BIO_free(err);
-
-    return testresult?0:1;
-}
diff --git a/freebsd/crypto/openssl/ssl/bio_ssl.c b/freebsd/crypto/openssl/ssl/bio_ssl.c
index 3314ff66..64ccae0b 100644
--- a/freebsd/crypto/openssl/ssl/bio_ssl.c
+++ b/freebsd/crypto/openssl/ssl/bio_ssl.c
@@ -1,61 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* ssl/bio_ssl.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
@@ -63,58 +14,61 @@
 #include <string.h>
 #include <errno.h>
 #include <openssl/crypto.h>
-#include <openssl/bio.h>
+#include "internal/bio.h"
 #include <openssl/err.h>
-#include <openssl/ssl.h>
+#include "ssl_locl.h"
 
-static int ssl_write(BIO *h, const char *buf, int num);
-static int ssl_read(BIO *h, char *buf, int size);
+static int ssl_write(BIO *h, const char *buf, size_t size, size_t *written);
+static int ssl_read(BIO *b, char *buf, size_t size, size_t *readbytes);
 static int ssl_puts(BIO *h, const char *str);
 static long ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int ssl_new(BIO *h);
 static int ssl_free(BIO *data);
-static long ssl_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
+static long ssl_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
 typedef struct bio_ssl_st {
     SSL *ssl;                   /* The ssl handle :-) */
     /* re-negotiate every time the total number of bytes is this size */
     int num_renegotiates;
     unsigned long renegotiate_count;
-    unsigned long byte_count;
+    size_t byte_count;
     unsigned long renegotiate_timeout;
     unsigned long last_time;
 } BIO_SSL;
 
-static BIO_METHOD methods_sslp = {
-    BIO_TYPE_SSL, "ssl",
+static const BIO_METHOD methods_sslp = {
+    BIO_TYPE_SSL,
+    "ssl",
     ssl_write,
+    NULL,                       /* ssl_write_old, */
     ssl_read,
+    NULL,                       /* ssl_read_old,  */
     ssl_puts,
-    NULL,                       /* ssl_gets, */
+    NULL,                       /* ssl_gets,      */
     ssl_ctrl,
     ssl_new,
     ssl_free,
     ssl_callback_ctrl,
 };
 
-BIO_METHOD *BIO_f_ssl(void)
+const BIO_METHOD *BIO_f_ssl(void)
 {
-    return (&methods_sslp);
+    return &methods_sslp;
 }
 
 static int ssl_new(BIO *bi)
 {
-    BIO_SSL *bs;
+    BIO_SSL *bs = OPENSSL_zalloc(sizeof(*bs));
 
-    bs = (BIO_SSL *)OPENSSL_malloc(sizeof(BIO_SSL));
     if (bs == NULL) {
         BIOerr(BIO_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
-        return (0);
+        return 0;
     }
-    memset(bs, 0, sizeof(BIO_SSL));
-    bi->init = 0;
-    bi->ptr = (char *)bs;
-    bi->flags = 0;
-    return (1);
+    BIO_set_init(bi, 0);
+    BIO_set_data(bi, bs);
+    /* Clear all flags */
+    BIO_clear_flags(bi, ~0);
+
+    return 1;
 }
 
 static int ssl_free(BIO *a)
@@ -122,22 +76,22 @@ static int ssl_free(BIO *a)
     BIO_SSL *bs;
 
     if (a == NULL)
-        return (0);
-    bs = (BIO_SSL *)a->ptr;
+        return 0;
+    bs = BIO_get_data(a);
     if (bs->ssl != NULL)
         SSL_shutdown(bs->ssl);
-    if (a->shutdown) {
-        if (a->init && (bs->ssl != NULL))
+    if (BIO_get_shutdown(a)) {
+        if (BIO_get_init(a))
             SSL_free(bs->ssl);
-        a->init = 0;
-        a->flags = 0;
+        /* Clear all flags */
+        BIO_clear_flags(a, ~0);
+        BIO_set_init(a, 0);
     }
-    if (a->ptr != NULL)
-        OPENSSL_free(a->ptr);
-    return (1);
+    OPENSSL_free(bs);
+    return 1;
 }
 
-static int ssl_read(BIO *b, char *out, int outl)
+static int ssl_read(BIO *b, char *buf, size_t size, size_t *readbytes)
 {
     int ret = 1;
     BIO_SSL *sb;
@@ -145,33 +99,19 @@ static int ssl_read(BIO *b, char *out, int outl)
     int retry_reason = 0;
     int r = 0;
 
-    if (out == NULL)
-        return (0);
-    sb = (BIO_SSL *)b->ptr;
+    if (buf == NULL)
+        return 0;
+    sb = BIO_get_data(b);
     ssl = sb->ssl;
 
     BIO_clear_retry_flags(b);
 
-#if 0
-    if (!SSL_is_init_finished(ssl)) {
-/*              ret=SSL_do_handshake(ssl); */
-        if (ret > 0) {
-
-            outflags = (BIO_FLAGS_READ | BIO_FLAGS_SHOULD_RETRY);
-            ret = -1;
-            goto end;
-        }
-    }
-#endif
-/*      if (ret > 0) */
-    ret = SSL_read(ssl, out, outl);
+    ret = ssl_read_internal(ssl, buf, size, readbytes);
 
     switch (SSL_get_error(ssl, ret)) {
     case SSL_ERROR_NONE:
-        if (ret <= 0)
-            break;
         if (sb->renegotiate_count > 0) {
-            sb->byte_count += ret;
+            sb->byte_count += *readbytes;
             if (sb->byte_count > sb->renegotiate_count) {
                 sb->byte_count = 0;
                 sb->num_renegotiates++;
@@ -216,35 +156,31 @@ static int ssl_read(BIO *b, char *out, int outl)
         break;
     }
 
-    b->retry_reason = retry_reason;
-    return (ret);
+    BIO_set_retry_reason(b, retry_reason);
+
+    return ret;
 }
 
-static int ssl_write(BIO *b, const char *out, int outl)
+static int ssl_write(BIO *b, const char *buf, size_t size, size_t *written)
 {
     int ret, r = 0;
     int retry_reason = 0;
     SSL *ssl;
     BIO_SSL *bs;
 
-    if (out == NULL)
-        return (0);
-    bs = (BIO_SSL *)b->ptr;
+    if (buf == NULL)
+        return 0;
+    bs = BIO_get_data(b);
     ssl = bs->ssl;
 
     BIO_clear_retry_flags(b);
 
-    /*
-     * ret=SSL_do_handshake(ssl); if (ret > 0)
-     */
-    ret = SSL_write(ssl, out, outl);
+    ret = ssl_write_internal(ssl, buf, size, written);
 
     switch (SSL_get_error(ssl, ret)) {
     case SSL_ERROR_NONE:
-        if (ret <= 0)
-            break;
         if (bs->renegotiate_count > 0) {
-            bs->byte_count += ret;
+            bs->byte_count += *written;
             if (bs->byte_count > bs->renegotiate_count) {
                 bs->byte_count = 0;
                 bs->num_renegotiates++;
@@ -282,21 +218,24 @@ static int ssl_write(BIO *b, const char *out, int outl)
         break;
     }
 
-    b->retry_reason = retry_reason;
-    return (ret);
+    BIO_set_retry_reason(b, retry_reason);
+
+    return ret;
 }
 
 static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
 {
     SSL **sslp, *ssl;
-    BIO_SSL *bs;
+    BIO_SSL *bs, *dbs;
     BIO *dbio, *bio;
     long ret = 1;
+    BIO *next;
 
-    bs = (BIO_SSL *)b->ptr;
+    bs = BIO_get_data(b);
+    next = BIO_next(b);
     ssl = bs->ssl;
     if ((ssl == NULL) && (cmd != BIO_C_SET_SSL))
-        return (0);
+        return 0;
     switch (cmd) {
     case BIO_CTRL_RESET:
         SSL_shutdown(ssl);
@@ -306,10 +245,13 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
         else if (ssl->handshake_func == ssl->method->ssl_accept)
             SSL_set_accept_state(ssl);
 
-        SSL_clear(ssl);
+        if (!SSL_clear(ssl)) {
+            ret = 0;
+            break;
+        }
 
-        if (b->next_bio != NULL)
-            ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        if (next != NULL)
+            ret = BIO_ctrl(next, cmd, num, ptr);
         else if (ssl->rbio != NULL)
             ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
         else
@@ -345,17 +287,17 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
             if (!ssl_new(b))
                 return 0;
         }
-        b->shutdown = (int)num;
+        BIO_set_shutdown(b, num);
         ssl = (SSL *)ptr;
-        ((BIO_SSL *)b->ptr)->ssl = ssl;
+        bs->ssl = ssl;
         bio = SSL_get_rbio(ssl);
         if (bio != NULL) {
-            if (b->next_bio != NULL)
-                BIO_push(bio, b->next_bio);
-            b->next_bio = bio;
-            CRYPTO_add(&bio->references, 1, CRYPTO_LOCK_BIO);
+            if (next != NULL)
+                BIO_push(bio, next);
+            BIO_set_next(b, bio);
+            BIO_up_ref(bio);
         }
-        b->init = 1;
+        BIO_set_init(b, 1);
         break;
     case BIO_C_GET_SSL:
         if (ptr != NULL) {
@@ -365,10 +307,10 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
             ret = 0;
         break;
     case BIO_CTRL_GET_CLOSE:
-        ret = b->shutdown;
+        ret = BIO_get_shutdown(b);
         break;
     case BIO_CTRL_SET_CLOSE:
-        b->shutdown = (int)num;
+        BIO_set_shutdown(b, (int)num);
         break;
     case BIO_CTRL_WPENDING:
         ret = BIO_ctrl(ssl->wbio, cmd, num, ptr);
@@ -384,30 +326,26 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
         BIO_copy_next_retry(b);
         break;
     case BIO_CTRL_PUSH:
-        if ((b->next_bio != NULL) && (b->next_bio != ssl->rbio)) {
-            SSL_set_bio(ssl, b->next_bio, b->next_bio);
-            CRYPTO_add(&b->next_bio->references, 1, CRYPTO_LOCK_BIO);
+        if ((next != NULL) && (next != ssl->rbio)) {
+            /*
+             * We are going to pass ownership of next to the SSL object...but
+             * we don't own a reference to pass yet - so up ref
+             */
+            BIO_up_ref(next);
+            SSL_set_bio(ssl, next, next);
         }
         break;
     case BIO_CTRL_POP:
         /* Only detach if we are the BIO explicitly being popped */
         if (b == ptr) {
-            /*
-             * Shouldn't happen in practice because the rbio and wbio are the
-             * same when pushed.
-             */
-            if (ssl->rbio != ssl->wbio)
-                BIO_free_all(ssl->wbio);
-            if (b->next_bio != NULL)
-                CRYPTO_add(&b->next_bio->references, -1, CRYPTO_LOCK_BIO);
-            ssl->wbio = NULL;
-            ssl->rbio = NULL;
+            /* This will clear the reference we obtained during push */
+            SSL_set_bio(ssl, NULL, NULL);
         }
         break;
     case BIO_C_DO_STATE_MACHINE:
         BIO_clear_retry_flags(b);
 
-        b->retry_reason = 0;
+        BIO_set_retry_reason(b, 0);
         ret = (int)SSL_do_handshake(ssl);
 
         switch (SSL_get_error(ssl, (int)ret)) {
@@ -419,11 +357,11 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
             break;
         case SSL_ERROR_WANT_CONNECT:
             BIO_set_flags(b, BIO_FLAGS_IO_SPECIAL | BIO_FLAGS_SHOULD_RETRY);
-            b->retry_reason = b->next_bio->retry_reason;
+            BIO_set_retry_reason(b, BIO_get_retry_reason(next));
             break;
         case SSL_ERROR_WANT_X509_LOOKUP:
             BIO_set_retry_special(b);
-            b->retry_reason = BIO_RR_SSL_X509_LOOKUP;
+            BIO_set_retry_reason(b, BIO_RR_SSL_X509_LOOKUP);
             break;
         default:
             break;
@@ -431,69 +369,46 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
         break;
     case BIO_CTRL_DUP:
         dbio = (BIO *)ptr;
-        if (((BIO_SSL *)dbio->ptr)->ssl != NULL)
-            SSL_free(((BIO_SSL *)dbio->ptr)->ssl);
-        ((BIO_SSL *)dbio->ptr)->ssl = SSL_dup(ssl);
-        ((BIO_SSL *)dbio->ptr)->renegotiate_count =
-            ((BIO_SSL *)b->ptr)->renegotiate_count;
-        ((BIO_SSL *)dbio->ptr)->byte_count = ((BIO_SSL *)b->ptr)->byte_count;
-        ((BIO_SSL *)dbio->ptr)->renegotiate_timeout =
-            ((BIO_SSL *)b->ptr)->renegotiate_timeout;
-        ((BIO_SSL *)dbio->ptr)->last_time = ((BIO_SSL *)b->ptr)->last_time;
-        ret = (((BIO_SSL *)dbio->ptr)->ssl != NULL);
+        dbs = BIO_get_data(dbio);
+        SSL_free(dbs->ssl);
+        dbs->ssl = SSL_dup(ssl);
+        dbs->num_renegotiates = bs->num_renegotiates;
+        dbs->renegotiate_count = bs->renegotiate_count;
+        dbs->byte_count = bs->byte_count;
+        dbs->renegotiate_timeout = bs->renegotiate_timeout;
+        dbs->last_time = bs->last_time;
+        ret = (dbs->ssl != NULL);
         break;
     case BIO_C_GET_FD:
         ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
         break;
     case BIO_CTRL_SET_CALLBACK:
-        {
-#if 0                           /* FIXME: Should this be used? -- Richard
-                                 * Levitte */
-            SSLerr(SSL_F_SSL_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-            ret = -1;
-#else
-            ret = 0;
-#endif
-        }
-        break;
-    case BIO_CTRL_GET_CALLBACK:
-        {
-            void (**fptr) (const SSL *xssl, int type, int val);
-
-            fptr = (void (**)(const SSL *xssl, int type, int val))ptr;
-            *fptr = SSL_get_info_callback(ssl);
-        }
+        ret = 0; /* use callback ctrl */
         break;
     default:
         ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
         break;
     }
-    return (ret);
+    return ret;
 }
 
-static long ssl_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+static long ssl_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
 {
     SSL *ssl;
     BIO_SSL *bs;
     long ret = 1;
 
-    bs = (BIO_SSL *)b->ptr;
+    bs = BIO_get_data(b);
     ssl = bs->ssl;
     switch (cmd) {
     case BIO_CTRL_SET_CALLBACK:
-        {
-            /*
-             * FIXME: setting this via a completely different prototype seems
-             * like a crap idea
-             */
-            SSL_set_info_callback(ssl, (void (*)(const SSL *, int, int))fp);
-        }
+        ret = BIO_callback_ctrl(ssl->rbio, cmd, fp);
         break;
     default:
-        ret = BIO_callback_ctrl(ssl->rbio, cmd, fp);
+        ret = 0;
         break;
     }
-    return (ret);
+    return ret;
 }
 
 static int ssl_puts(BIO *bp, const char *str)
@@ -502,7 +417,7 @@ static int ssl_puts(BIO *bp, const char *str)
 
     n = strlen(str);
     ret = BIO_write(bp, str, n);
-    return (ret);
+    return ret;
 }
 
 BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx)
@@ -511,19 +426,17 @@ BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx)
     BIO *ret = NULL, *buf = NULL, *ssl = NULL;
 
     if ((buf = BIO_new(BIO_f_buffer())) == NULL)
-        return (NULL);
+        return NULL;
     if ((ssl = BIO_new_ssl_connect(ctx)) == NULL)
         goto err;
     if ((ret = BIO_push(buf, ssl)) == NULL)
         goto err;
-    return (ret);
+    return ret;
  err:
-    if (buf != NULL)
-        BIO_free(buf);
-    if (ssl != NULL)
-        BIO_free(ssl);
+    BIO_free(buf);
+    BIO_free(ssl);
 #endif
-    return (NULL);
+    return NULL;
 }
 
 BIO *BIO_new_ssl_connect(SSL_CTX *ctx)
@@ -532,17 +445,16 @@ BIO *BIO_new_ssl_connect(SSL_CTX *ctx)
     BIO *ret = NULL, *con = NULL, *ssl = NULL;
 
     if ((con = BIO_new(BIO_s_connect())) == NULL)
-        return (NULL);
+        return NULL;
     if ((ssl = BIO_new_ssl(ctx, 1)) == NULL)
         goto err;
     if ((ret = BIO_push(ssl, con)) == NULL)
         goto err;
-    return (ret);
+    return ret;
  err:
-    if (con != NULL)
-        BIO_free(con);
+    BIO_free(con);
 #endif
-    return (NULL);
+    return NULL;
 }
 
 BIO *BIO_new_ssl(SSL_CTX *ctx, int client)
@@ -551,10 +463,10 @@ BIO *BIO_new_ssl(SSL_CTX *ctx, int client)
     SSL *ssl;
 
     if ((ret = BIO_new(BIO_f_ssl())) == NULL)
-        return (NULL);
+        return NULL;
     if ((ssl = SSL_new(ctx)) == NULL) {
         BIO_free(ret);
-        return (NULL);
+        return NULL;
     }
     if (client)
         SSL_set_connect_state(ssl);
@@ -562,32 +474,34 @@ BIO *BIO_new_ssl(SSL_CTX *ctx, int client)
         SSL_set_accept_state(ssl);
 
     BIO_set_ssl(ret, ssl, BIO_CLOSE);
-    return (ret);
+    return ret;
 }
 
 int BIO_ssl_copy_session_id(BIO *t, BIO *f)
 {
+    BIO_SSL *tdata, *fdata;
     t = BIO_find_type(t, BIO_TYPE_SSL);
     f = BIO_find_type(f, BIO_TYPE_SSL);
     if ((t == NULL) || (f == NULL))
-        return (0);
-    if ((((BIO_SSL *)t->ptr)->ssl == NULL) ||
-        (((BIO_SSL *)f->ptr)->ssl == NULL))
-        return (0);
-    SSL_copy_session_id(((BIO_SSL *)t->ptr)->ssl, ((BIO_SSL *)f->ptr)->ssl);
-    return (1);
+        return 0;
+    tdata = BIO_get_data(t);
+    fdata = BIO_get_data(f);
+    if ((tdata->ssl == NULL) || (fdata->ssl == NULL))
+        return 0;
+    if (!SSL_copy_session_id(tdata->ssl, (fdata->ssl)))
+        return 0;
+    return 1;
 }
 
 void BIO_ssl_shutdown(BIO *b)
 {
-    SSL *s;
-
-    while (b != NULL) {
-        if (b->method->type == BIO_TYPE_SSL) {
-            s = ((BIO_SSL *)b->ptr)->ssl;
-            SSL_shutdown(s);
-            break;
-        }
-        b = b->next_bio;
+    BIO_SSL *bdata;
+
+    for (; b != NULL; b = BIO_next(b)) {
+        if (BIO_method_type(b) != BIO_TYPE_SSL)
+            continue;
+        bdata = BIO_get_data(b);
+        if (bdata != NULL && bdata->ssl != NULL)
+            SSL_shutdown(bdata->ssl);
     }
 }
diff --git a/freebsd/crypto/openssl/ssl/clienthellotest.c b/freebsd/crypto/openssl/ssl/clienthellotest.c
deleted file mode 100644
index e46e55d0..00000000
--- a/freebsd/crypto/openssl/ssl/clienthellotest.c
+++ /dev/null
@@ -1,221 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* Written by Matt Caswell for the OpenSSL Project */
-/* ====================================================================
- * Copyright (c) 1998-2015 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <string.h>
-
-#include <openssl/bio.h>
-#include <openssl/crypto.h>
-#include <openssl/evp.h>
-#include <openssl/ssl.h>
-#include <openssl/err.h>
-
-
-#define CLIENT_VERSION_LEN      2
-#define SESSION_ID_LEN_LEN      1
-#define CIPHERS_LEN_LEN         2
-#define COMPRESSION_LEN_LEN     1
-#define EXTENSIONS_LEN_LEN      2
-#define EXTENSION_TYPE_LEN      2
-#define EXTENSION_SIZE_LEN      2
-
-
-#define TOTAL_NUM_TESTS                         2
-
-/*
- * Test that explicitly setting ticket data results in it appearing in the
- * ClientHello for TLS1.2
- */
-#define TEST_SET_SESSION_TICK_DATA_TLS_1_2      0
-
-/*
- * Test that explicitly setting ticket data results in it appearing in the
- * ClientHello for a negotiated SSL/TLS version
- */
-#define TEST_SET_SESSION_TICK_DATA_VER_NEG      1
-
-int main(int argc, char *argv[])
-{
-    SSL_CTX *ctx;
-    SSL *con;
-    BIO *rbio;
-    BIO *wbio;
-    BIO *err;
-    long len;
-    unsigned char *data;
-    unsigned char *dataend;
-    char *dummytick = "Hello World!";
-    unsigned int tmplen;
-    unsigned int type;
-    unsigned int size;
-    int testresult = 0;
-    int currtest = 0;
-
-    SSL_library_init();
-    SSL_load_error_strings();
-
-    err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
-
-    CRYPTO_malloc_debug_init();
-    CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
-    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
-    /*
-     * For each test set up an SSL_CTX and SSL and see what ClientHello gets
-     * produced when we try to connect
-     */
-    for (; currtest < TOTAL_NUM_TESTS; currtest++) {
-        testresult = 0;
-        if (currtest == TEST_SET_SESSION_TICK_DATA_TLS_1_2) {
-            ctx = SSL_CTX_new(TLSv1_2_method());
-        } else {
-            ctx = SSL_CTX_new(SSLv23_method());
-        }
-        con = SSL_new(ctx);
-
-        rbio = BIO_new(BIO_s_mem());
-        wbio = BIO_new(BIO_s_mem());
-        SSL_set_bio(con, rbio, wbio);
-        SSL_set_connect_state(con);
-
-        if (currtest == TEST_SET_SESSION_TICK_DATA_TLS_1_2
-                || currtest == TEST_SET_SESSION_TICK_DATA_VER_NEG) {
-            if (!SSL_set_session_ticket_ext(con, dummytick, strlen(dummytick)))
-                goto end;
-        }
-
-        if (SSL_connect(con) > 0) {
-            /* This shouldn't succeed because we don't have a server! */
-            goto end;
-        }
-
-        len = BIO_get_mem_data(wbio, (char **)&data);
-        dataend = data + len;
-
-        /* Skip the record header */
-        data += SSL3_RT_HEADER_LENGTH;
-        /* Skip the handshake message header */
-        data += SSL3_HM_HEADER_LENGTH;
-        /* Skip client version and random */
-        data += CLIENT_VERSION_LEN + SSL3_RANDOM_SIZE;
-        if (data + SESSION_ID_LEN_LEN > dataend)
-            goto end;
-        /* Skip session id */
-        tmplen = *data;
-        data += SESSION_ID_LEN_LEN + tmplen;
-        if (data + CIPHERS_LEN_LEN > dataend)
-            goto end;
-        /* Skip ciphers */
-        tmplen = ((*data) << 8) | *(data + 1);
-        data += CIPHERS_LEN_LEN + tmplen;
-        if (data + COMPRESSION_LEN_LEN > dataend)
-            goto end;
-        /* Skip compression */
-        tmplen = *data;
-        data += COMPRESSION_LEN_LEN + tmplen;
-        if (data + EXTENSIONS_LEN_LEN > dataend)
-            goto end;
-        /* Extensions len */
-        tmplen = ((*data) << 8) | *(data + 1);
-        data += EXTENSIONS_LEN_LEN;
-        if (data + tmplen > dataend)
-            goto end;
-
-        /* Loop through all extensions */
-        while (tmplen > EXTENSION_TYPE_LEN + EXTENSION_SIZE_LEN) {
-            type = ((*data) << 8) | *(data + 1);
-            data += EXTENSION_TYPE_LEN;
-            size = ((*data) << 8) | *(data + 1);
-            data += EXTENSION_SIZE_LEN;
-            if (data + size > dataend)
-                goto end;
-
-            if (type == TLSEXT_TYPE_session_ticket) {
-                if (currtest == TEST_SET_SESSION_TICK_DATA_TLS_1_2
-                        || currtest == TEST_SET_SESSION_TICK_DATA_VER_NEG) {
-                    if (size == strlen(dummytick)
-                            && memcmp(data, dummytick, size) == 0) {
-                        /* Ticket data is as we expected */
-                        testresult = 1;
-                    } else {
-                        printf("Received session ticket is not as expected\n");
-                    }
-                    break;
-                }
-            }
-
-            tmplen -= EXTENSION_TYPE_LEN + EXTENSION_SIZE_LEN + size;
-            data += size;
-        }
-
- end:
-        SSL_free(con);
-        SSL_CTX_free(ctx);
-        if (!testresult) {
-            printf("ClientHello test: FAILED (Test %d)\n", currtest);
-            break;
-        }
-    }
-
-    ERR_free_strings();
-    ERR_remove_thread_state(NULL);
-    EVP_cleanup();
-    CRYPTO_cleanup_all_ex_data();
-    CRYPTO_mem_leaks(err);
-    BIO_free(err);
-
-    return testresult?0:1;
-}
diff --git a/freebsd/crypto/openssl/ssl/d1_clnt.c b/freebsd/crypto/openssl/ssl/d1_clnt.c
deleted file mode 100644
index 3b36606a..00000000
--- a/freebsd/crypto/openssl/ssl/d1_clnt.c
+++ /dev/null
@@ -1,877 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* ssl/d1_clnt.c */
-/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#ifndef OPENSSL_NO_KRB5
-# include "kssl_lcl.h"
-#endif
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/md5.h>
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_DH
-# include <openssl/dh.h>
-#endif
-
-static const SSL_METHOD *dtls1_get_client_method(int ver);
-static int dtls1_get_hello_verify(SSL *s);
-
-static const SSL_METHOD *dtls1_get_client_method(int ver)
-{
-    if (ver == DTLS_ANY_VERSION)
-        return DTLS_client_method();
-    else if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER)
-        return DTLSv1_client_method();
-    else if (ver == DTLS1_2_VERSION)
-        return DTLSv1_2_client_method();
-    else
-        return NULL;
-}
-
-IMPLEMENT_dtls1_meth_func(DTLS1_VERSION,
-                          DTLSv1_client_method,
-                          ssl_undefined_function,
-                          dtls1_connect,
-                          dtls1_get_client_method, DTLSv1_enc_data)
-
-IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION,
-                          DTLSv1_2_client_method,
-                          ssl_undefined_function,
-                          dtls1_connect,
-                          dtls1_get_client_method, DTLSv1_2_enc_data)
-
-IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION,
-                          DTLS_client_method,
-                          ssl_undefined_function,
-                          dtls1_connect,
-                          dtls1_get_client_method, DTLSv1_2_enc_data)
-
-int dtls1_connect(SSL *s)
-{
-    BUF_MEM *buf = NULL;
-    unsigned long Time = (unsigned long)time(NULL);
-    void (*cb) (const SSL *ssl, int type, int val) = NULL;
-    int ret = -1;
-    int new_state, state, skip = 0;
-#ifndef OPENSSL_NO_SCTP
-    unsigned char sctpauthkey[64];
-    char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
-#endif
-
-    RAND_add(&Time, sizeof(Time), 0);
-    ERR_clear_error();
-    clear_sys_error();
-
-    if (s->info_callback != NULL)
-        cb = s->info_callback;
-    else if (s->ctx->info_callback != NULL)
-        cb = s->ctx->info_callback;
-
-    s->in_handshake++;
-    if (!SSL_in_init(s) || SSL_in_before(s))
-        SSL_clear(s);
-
-#ifndef OPENSSL_NO_SCTP
-    /*
-     * Notify SCTP BIO socket to enter handshake mode and prevent stream
-     * identifier other than 0. Will be ignored if no SCTP is used.
-     */
-    BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
-             s->in_handshake, NULL);
-#endif
-
-#ifndef OPENSSL_NO_HEARTBEATS
-    /*
-     * If we're awaiting a HeartbeatResponse, pretend we already got and
-     * don't await it anymore, because Heartbeats don't make sense during
-     * handshakes anyway.
-     */
-    if (s->tlsext_hb_pending) {
-        dtls1_stop_timer(s);
-        s->tlsext_hb_pending = 0;
-        s->tlsext_hb_seq++;
-    }
-#endif
-
-    for (;;) {
-        state = s->state;
-
-        switch (s->state) {
-        case SSL_ST_RENEGOTIATE:
-            s->renegotiate = 1;
-            s->state = SSL_ST_CONNECT;
-            s->ctx->stats.sess_connect_renegotiate++;
-            /* break */
-        case SSL_ST_BEFORE:
-        case SSL_ST_CONNECT:
-        case SSL_ST_BEFORE | SSL_ST_CONNECT:
-        case SSL_ST_OK | SSL_ST_CONNECT:
-
-            s->server = 0;
-            if (cb != NULL)
-                cb(s, SSL_CB_HANDSHAKE_START, 1);
-
-            if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00) &&
-                (s->version & 0xff00) != (DTLS1_BAD_VER & 0xff00)) {
-                SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR);
-                ret = -1;
-                s->state = SSL_ST_ERR;
-                goto end;
-            }
-
-            /* s->version=SSL3_VERSION; */
-            s->type = SSL_ST_CONNECT;
-
-            if (s->init_buf == NULL) {
-                if ((buf = BUF_MEM_new()) == NULL) {
-                    ret = -1;
-                    s->state = SSL_ST_ERR;
-                    goto end;
-                }
-                if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
-                    ret = -1;
-                    s->state = SSL_ST_ERR;
-                    goto end;
-                }
-                s->init_buf = buf;
-                buf = NULL;
-            }
-
-            if (!ssl3_setup_buffers(s)) {
-                ret = -1;
-                s->state = SSL_ST_ERR;
-                goto end;
-            }
-
-            /* setup buffing BIO */
-            if (!ssl_init_wbio_buffer(s, 0)) {
-                ret = -1;
-                s->state = SSL_ST_ERR;
-                goto end;
-            }
-
-            /* don't push the buffering BIO quite yet */
-
-            s->state = SSL3_ST_CW_CLNT_HELLO_A;
-            s->ctx->stats.sess_connect++;
-            s->init_num = 0;
-            /* mark client_random uninitialized */
-            memset(s->s3->client_random, 0, sizeof(s->s3->client_random));
-            s->d1->send_cookie = 0;
-            s->hit = 0;
-            s->d1->change_cipher_spec_ok = 0;
-            /*
-             * Should have been reset by ssl3_get_finished, too.
-             */
-            s->s3->change_cipher_spec = 0;
-            break;
-
-#ifndef OPENSSL_NO_SCTP
-        case DTLS1_SCTP_ST_CR_READ_SOCK:
-
-            if (BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
-                s->s3->in_read_app_data = 2;
-                s->rwstate = SSL_READING;
-                BIO_clear_retry_flags(SSL_get_rbio(s));
-                BIO_set_retry_read(SSL_get_rbio(s));
-                ret = -1;
-                goto end;
-            }
-
-            s->state = s->s3->tmp.next_state;
-            break;
-
-        case DTLS1_SCTP_ST_CW_WRITE_SOCK:
-            /* read app data until dry event */
-
-            ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s));
-            if (ret < 0)
-                goto end;
-
-            if (ret == 0) {
-                s->s3->in_read_app_data = 2;
-                s->rwstate = SSL_READING;
-                BIO_clear_retry_flags(SSL_get_rbio(s));
-                BIO_set_retry_read(SSL_get_rbio(s));
-                ret = -1;
-                goto end;
-            }
-
-            s->state = s->d1->next_state;
-            break;
-#endif
-
-        case SSL3_ST_CW_CLNT_HELLO_A:
-            s->shutdown = 0;
-
-            /* every DTLS ClientHello resets Finished MAC */
-            if (!ssl3_init_finished_mac(s)) {
-                ret = -1;
-                s->state = SSL_ST_ERR;
-                goto end;
-            }
-
-            /* fall thru */
-        case SSL3_ST_CW_CLNT_HELLO_B:
-            dtls1_start_timer(s);
-            ret = ssl3_client_hello(s);
-            if (ret <= 0)
-                goto end;
-
-            if (s->d1->send_cookie) {
-                s->state = SSL3_ST_CW_FLUSH;
-                s->s3->tmp.next_state = SSL3_ST_CR_SRVR_HELLO_A;
-            } else
-                s->state = SSL3_ST_CR_SRVR_HELLO_A;
-
-            s->init_num = 0;
-
-#ifndef OPENSSL_NO_SCTP
-            /* Disable buffering for SCTP */
-            if (!BIO_dgram_is_sctp(SSL_get_wbio(s))) {
-#endif
-                /*
-                 * turn on buffering for the next lot of output
-                 */
-                if (s->bbio != s->wbio)
-                    s->wbio = BIO_push(s->bbio, s->wbio);
-#ifndef OPENSSL_NO_SCTP
-            }
-#endif
-
-            break;
-
-        case SSL3_ST_CR_SRVR_HELLO_A:
-        case SSL3_ST_CR_SRVR_HELLO_B:
-            ret = ssl3_get_server_hello(s);
-            if (ret <= 0)
-                goto end;
-            else {
-                if (s->hit) {
-#ifndef OPENSSL_NO_SCTP
-                    /*
-                     * Add new shared key for SCTP-Auth, will be ignored if
-                     * no SCTP used.
-                     */
-                    snprintf((char *)labelbuffer,
-                             sizeof(DTLS1_SCTP_AUTH_LABEL),
-                             DTLS1_SCTP_AUTH_LABEL);
-
-                    if (SSL_export_keying_material(s, sctpauthkey,
-                                               sizeof(sctpauthkey),
-                                               labelbuffer,
-                                               sizeof(labelbuffer), NULL, 0,
-                                               0) <= 0) {
-                        ret = -1;
-                        s->state = SSL_ST_ERR;
-                        goto end;
-                    }
-
-                    BIO_ctrl(SSL_get_wbio(s),
-                             BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
-                             sizeof(sctpauthkey), sctpauthkey);
-#endif
-
-                    s->state = SSL3_ST_CR_FINISHED_A;
-                    if (s->tlsext_ticket_expected) {
-                        /* receive renewed session ticket */
-                        s->state = SSL3_ST_CR_SESSION_TICKET_A;
-                    }
-                } else
-                    s->state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;
-            }
-            s->init_num = 0;
-            break;
-
-        case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
-        case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B:
-
-            ret = dtls1_get_hello_verify(s);
-            if (ret <= 0)
-                goto end;
-            dtls1_stop_timer(s);
-            if (s->d1->send_cookie) /* start again, with a cookie */
-                s->state = SSL3_ST_CW_CLNT_HELLO_A;
-            else
-                s->state = SSL3_ST_CR_CERT_A;
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_CR_CERT_A:
-        case SSL3_ST_CR_CERT_B:
-            /* Check if it is anon DH or PSK */
-            if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
-                !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
-                ret = ssl3_get_server_certificate(s);
-                if (ret <= 0)
-                    goto end;
-#ifndef OPENSSL_NO_TLSEXT
-                if (s->tlsext_status_expected)
-                    s->state = SSL3_ST_CR_CERT_STATUS_A;
-                else
-                    s->state = SSL3_ST_CR_KEY_EXCH_A;
-            } else {
-                skip = 1;
-                s->state = SSL3_ST_CR_KEY_EXCH_A;
-            }
-#else
-            } else
-                skip = 1;
-
-            s->state = SSL3_ST_CR_KEY_EXCH_A;
-#endif
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_CR_KEY_EXCH_A:
-        case SSL3_ST_CR_KEY_EXCH_B:
-            ret = ssl3_get_key_exchange(s);
-            if (ret <= 0)
-                goto end;
-            s->state = SSL3_ST_CR_CERT_REQ_A;
-            s->init_num = 0;
-
-            /*
-             * at this point we check that we have the required stuff from
-             * the server
-             */
-            if (!ssl3_check_cert_and_algorithm(s)) {
-                ret = -1;
-                s->state = SSL_ST_ERR;
-                goto end;
-            }
-            break;
-
-        case SSL3_ST_CR_CERT_REQ_A:
-        case SSL3_ST_CR_CERT_REQ_B:
-            ret = ssl3_get_certificate_request(s);
-            if (ret <= 0)
-                goto end;
-            s->state = SSL3_ST_CR_SRVR_DONE_A;
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_CR_SRVR_DONE_A:
-        case SSL3_ST_CR_SRVR_DONE_B:
-            ret = ssl3_get_server_done(s);
-            if (ret <= 0)
-                goto end;
-            dtls1_stop_timer(s);
-            if (s->s3->tmp.cert_req)
-                s->s3->tmp.next_state = SSL3_ST_CW_CERT_A;
-            else
-                s->s3->tmp.next_state = SSL3_ST_CW_KEY_EXCH_A;
-            s->init_num = 0;
-
-#ifndef OPENSSL_NO_SCTP
-            if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
-                state == SSL_ST_RENEGOTIATE)
-                s->state = DTLS1_SCTP_ST_CR_READ_SOCK;
-            else
-#endif
-                s->state = s->s3->tmp.next_state;
-            break;
-
-        case SSL3_ST_CW_CERT_A:
-        case SSL3_ST_CW_CERT_B:
-        case SSL3_ST_CW_CERT_C:
-        case SSL3_ST_CW_CERT_D:
-            dtls1_start_timer(s);
-            ret = ssl3_send_client_certificate(s);
-            if (ret <= 0)
-                goto end;
-            s->state = SSL3_ST_CW_KEY_EXCH_A;
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_CW_KEY_EXCH_A:
-        case SSL3_ST_CW_KEY_EXCH_B:
-            dtls1_start_timer(s);
-            ret = ssl3_send_client_key_exchange(s);
-            if (ret <= 0)
-                goto end;
-
-#ifndef OPENSSL_NO_SCTP
-            /*
-             * Add new shared key for SCTP-Auth, will be ignored if no SCTP
-             * used.
-             */
-            snprintf((char *)labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
-                     DTLS1_SCTP_AUTH_LABEL);
-
-            if (SSL_export_keying_material(s, sctpauthkey,
-                                       sizeof(sctpauthkey), labelbuffer,
-                                       sizeof(labelbuffer), NULL, 0, 0) <= 0) {
-                ret = -1;
-                s->state = SSL_ST_ERR;
-                goto end;
-            }
-
-            BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
-                     sizeof(sctpauthkey), sctpauthkey);
-#endif
-
-            /*
-             * EAY EAY EAY need to check for DH fix cert sent back
-             */
-            /*
-             * For TLS, cert_req is set to 2, so a cert chain of nothing is
-             * sent, but no verify packet is sent
-             */
-            if (s->s3->tmp.cert_req == 1) {
-                s->state = SSL3_ST_CW_CERT_VRFY_A;
-            } else {
-#ifndef OPENSSL_NO_SCTP
-                if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
-                    s->d1->next_state = SSL3_ST_CW_CHANGE_A;
-                    s->state = DTLS1_SCTP_ST_CW_WRITE_SOCK;
-                } else
-#endif
-                    s->state = SSL3_ST_CW_CHANGE_A;
-            }
-
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_CW_CERT_VRFY_A:
-        case SSL3_ST_CW_CERT_VRFY_B:
-            dtls1_start_timer(s);
-            ret = ssl3_send_client_verify(s);
-            if (ret <= 0)
-                goto end;
-#ifndef OPENSSL_NO_SCTP
-            if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
-                s->d1->next_state = SSL3_ST_CW_CHANGE_A;
-                s->state = DTLS1_SCTP_ST_CW_WRITE_SOCK;
-            } else
-#endif
-                s->state = SSL3_ST_CW_CHANGE_A;
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_CW_CHANGE_A:
-        case SSL3_ST_CW_CHANGE_B:
-            if (!s->hit)
-                dtls1_start_timer(s);
-            ret = dtls1_send_change_cipher_spec(s,
-                                                SSL3_ST_CW_CHANGE_A,
-                                                SSL3_ST_CW_CHANGE_B);
-            if (ret <= 0)
-                goto end;
-
-            s->state = SSL3_ST_CW_FINISHED_A;
-            s->init_num = 0;
-
-            s->session->cipher = s->s3->tmp.new_cipher;
-#ifdef OPENSSL_NO_COMP
-            s->session->compress_meth = 0;
-#else
-            if (s->s3->tmp.new_compression == NULL)
-                s->session->compress_meth = 0;
-            else
-                s->session->compress_meth = s->s3->tmp.new_compression->id;
-#endif
-            if (!s->method->ssl3_enc->setup_key_block(s)) {
-                ret = -1;
-                s->state = SSL_ST_ERR;
-                goto end;
-            }
-
-            if (!s->method->ssl3_enc->change_cipher_state(s,
-                                                          SSL3_CHANGE_CIPHER_CLIENT_WRITE))
-            {
-                ret = -1;
-                s->state = SSL_ST_ERR;
-                goto end;
-            }
-#ifndef OPENSSL_NO_SCTP
-            if (s->hit) {
-                /*
-                 * Change to new shared key of SCTP-Auth, will be ignored if
-                 * no SCTP used.
-                 */
-                BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY,
-                         0, NULL);
-            }
-#endif
-
-            dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
-            break;
-
-        case SSL3_ST_CW_FINISHED_A:
-        case SSL3_ST_CW_FINISHED_B:
-            if (!s->hit)
-                dtls1_start_timer(s);
-            ret = ssl3_send_finished(s,
-                                     SSL3_ST_CW_FINISHED_A,
-                                     SSL3_ST_CW_FINISHED_B,
-                                     s->method->
-                                     ssl3_enc->client_finished_label,
-                                     s->method->
-                                     ssl3_enc->client_finished_label_len);
-            if (ret <= 0)
-                goto end;
-            s->state = SSL3_ST_CW_FLUSH;
-
-            /* clear flags */
-            s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER;
-            if (s->hit) {
-                s->s3->tmp.next_state = SSL_ST_OK;
-#ifndef OPENSSL_NO_SCTP
-                if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
-                    s->d1->next_state = s->s3->tmp.next_state;
-                    s->s3->tmp.next_state = DTLS1_SCTP_ST_CW_WRITE_SOCK;
-                }
-#endif
-                if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) {
-                    s->state = SSL_ST_OK;
-#ifndef OPENSSL_NO_SCTP
-                    if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
-                        s->d1->next_state = SSL_ST_OK;
-                        s->state = DTLS1_SCTP_ST_CW_WRITE_SOCK;
-                    }
-#endif
-                    s->s3->flags |= SSL3_FLAGS_POP_BUFFER;
-                    s->s3->delay_buf_pop_ret = 0;
-                }
-            } else {
-#ifndef OPENSSL_NO_SCTP
-                /*
-                 * Change to new shared key of SCTP-Auth, will be ignored if
-                 * no SCTP used.
-                 */
-                BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY,
-                         0, NULL);
-#endif
-
-#ifndef OPENSSL_NO_TLSEXT
-                /*
-                 * Allow NewSessionTicket if ticket expected
-                 */
-                if (s->tlsext_ticket_expected)
-                    s->s3->tmp.next_state = SSL3_ST_CR_SESSION_TICKET_A;
-                else
-#endif
-
-                    s->s3->tmp.next_state = SSL3_ST_CR_FINISHED_A;
-            }
-            s->init_num = 0;
-            break;
-
-#ifndef OPENSSL_NO_TLSEXT
-        case SSL3_ST_CR_SESSION_TICKET_A:
-        case SSL3_ST_CR_SESSION_TICKET_B:
-            ret = ssl3_get_new_session_ticket(s);
-            if (ret <= 0)
-                goto end;
-            s->state = SSL3_ST_CR_FINISHED_A;
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_CR_CERT_STATUS_A:
-        case SSL3_ST_CR_CERT_STATUS_B:
-            ret = ssl3_get_cert_status(s);
-            if (ret <= 0)
-                goto end;
-            s->state = SSL3_ST_CR_KEY_EXCH_A;
-            s->init_num = 0;
-            break;
-#endif
-
-        case SSL3_ST_CR_FINISHED_A:
-        case SSL3_ST_CR_FINISHED_B:
-            s->d1->change_cipher_spec_ok = 1;
-            ret = ssl3_get_finished(s, SSL3_ST_CR_FINISHED_A,
-                                    SSL3_ST_CR_FINISHED_B);
-            if (ret <= 0)
-                goto end;
-            dtls1_stop_timer(s);
-
-            if (s->hit)
-                s->state = SSL3_ST_CW_CHANGE_A;
-            else
-                s->state = SSL_ST_OK;
-
-#ifndef OPENSSL_NO_SCTP
-            if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
-                state == SSL_ST_RENEGOTIATE) {
-                s->d1->next_state = s->state;
-                s->state = DTLS1_SCTP_ST_CW_WRITE_SOCK;
-            }
-#endif
-
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_CW_FLUSH:
-            s->rwstate = SSL_WRITING;
-            if (BIO_flush(s->wbio) <= 0) {
-                /*
-                 * If the write error was fatal, stop trying
-                 */
-                if (!BIO_should_retry(s->wbio)) {
-                    s->rwstate = SSL_NOTHING;
-                    s->state = s->s3->tmp.next_state;
-                }
-
-                ret = -1;
-                goto end;
-            }
-            s->rwstate = SSL_NOTHING;
-            s->state = s->s3->tmp.next_state;
-            break;
-
-        case SSL_ST_OK:
-            /* clean a few things up */
-            ssl3_cleanup_key_block(s);
-
-#if 0
-            if (s->init_buf != NULL) {
-                BUF_MEM_free(s->init_buf);
-                s->init_buf = NULL;
-            }
-#endif
-
-            /*
-             * If we are not 'joining' the last two packets, remove the
-             * buffering now
-             */
-            if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
-                ssl_free_wbio_buffer(s);
-            /* else do it later in ssl3_write */
-
-            s->init_num = 0;
-            s->renegotiate = 0;
-            s->new_session = 0;
-
-            ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
-            if (s->hit)
-                s->ctx->stats.sess_hit++;
-
-            ret = 1;
-            /* s->server=0; */
-            s->handshake_func = dtls1_connect;
-            s->ctx->stats.sess_connect_good++;
-
-            if (cb != NULL)
-                cb(s, SSL_CB_HANDSHAKE_DONE, 1);
-
-            /* done with handshaking */
-            s->d1->handshake_read_seq = 0;
-            s->d1->next_handshake_write_seq = 0;
-            dtls1_clear_received_buffer(s);
-            goto end;
-            /* break; */
-
-        case SSL_ST_ERR:
-        default:
-            SSLerr(SSL_F_DTLS1_CONNECT, SSL_R_UNKNOWN_STATE);
-            ret = -1;
-            goto end;
-            /* break; */
-        }
-
-        /* did we do anything */
-        if (!s->s3->tmp.reuse_message && !skip) {
-            if (s->debug) {
-                if ((ret = BIO_flush(s->wbio)) <= 0)
-                    goto end;
-            }
-
-            if ((cb != NULL) && (s->state != state)) {
-                new_state = s->state;
-                s->state = state;
-                cb(s, SSL_CB_CONNECT_LOOP, 1);
-                s->state = new_state;
-            }
-        }
-        skip = 0;
-    }
- end:
-    s->in_handshake--;
-
-#ifndef OPENSSL_NO_SCTP
-    /*
-     * Notify SCTP BIO socket to leave handshake mode and allow stream
-     * identifier other than 0. Will be ignored if no SCTP is used.
-     */
-    BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
-             s->in_handshake, NULL);
-#endif
-
-    if (buf != NULL)
-        BUF_MEM_free(buf);
-    if (cb != NULL)
-        cb(s, SSL_CB_CONNECT_EXIT, ret);
-    return (ret);
-}
-
-static int dtls1_get_hello_verify(SSL *s)
-{
-    int n, al, ok = 0;
-    unsigned char *data;
-    unsigned int cookie_len;
-
-    s->first_packet = 1;
-    n = s->method->ssl_get_message(s,
-                                   DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A,
-                                   DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B,
-                                   -1, s->max_cert_list, &ok);
-    s->first_packet = 0;
-
-    if (!ok)
-        return ((int)n);
-
-    if (s->s3->tmp.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) {
-        s->d1->send_cookie = 0;
-        s->s3->tmp.reuse_message = 1;
-        return (1);
-    }
-
-    data = (unsigned char *)s->init_msg;
-#if 0
-    if (s->method->version != DTLS_ANY_VERSION &&
-        ((data[0] != (s->version >> 8)) || (data[1] != (s->version & 0xff))))
-    {
-        SSLerr(SSL_F_DTLS1_GET_HELLO_VERIFY, SSL_R_WRONG_SSL_VERSION);
-        s->version = (s->version & 0xff00) | data[1];
-        al = SSL_AD_PROTOCOL_VERSION;
-        goto f_err;
-    }
-#endif
-    data += 2;
-
-    cookie_len = *(data++);
-    if (cookie_len > sizeof(s->d1->cookie)) {
-        al = SSL_AD_ILLEGAL_PARAMETER;
-        goto f_err;
-    }
-
-    memcpy(s->d1->cookie, data, cookie_len);
-    s->d1->cookie_len = cookie_len;
-
-    s->d1->send_cookie = 1;
-    return 1;
-
- f_err:
-    ssl3_send_alert(s, SSL3_AL_FATAL, al);
-    s->state = SSL_ST_ERR;
-    return -1;
-}
diff --git a/freebsd/crypto/openssl/ssl/d1_lib.c b/freebsd/crypto/openssl/ssl/d1_lib.c
index 19fce8bf..749bf40a 100644
--- a/freebsd/crypto/openssl/ssl/d1_lib.c
+++ b/freebsd/crypto/openssl/ssl/d1_lib.c
@@ -1,115 +1,59 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* ssl/d1_lib.c */
 /*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2005-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
+#include "e_os.h"
 #include <stdio.h>
-#define USE_SOCKETS
 #include <openssl/objects.h>
+#include <openssl/rand.h>
 #include "ssl_locl.h"
 
-#if defined(OPENSSL_SYS_VMS)
-# include <sys/timeb.h>
-#endif
-
 static void get_current_time(struct timeval *t);
-static void dtls1_set_handshake_header(SSL *s, int type, unsigned long len);
 static int dtls1_handshake_write(SSL *s);
-const char dtls1_version_str[] = "DTLSv1" OPENSSL_VERSION_PTEXT;
-int dtls1_listen(SSL *s, struct sockaddr *client);
+static size_t dtls1_link_min_mtu(void);
+
+/* XDTLS:  figure out the right values */
+static const size_t g_probable_mtu[] = { 1500, 512, 256 };
 
-SSL3_ENC_METHOD DTLSv1_enc_data = {
+const SSL3_ENC_METHOD DTLSv1_enc_data = {
     tls1_enc,
     tls1_mac,
     tls1_setup_key_block,
     tls1_generate_master_secret,
     tls1_change_cipher_state,
     tls1_final_finish_mac,
-    TLS1_FINISH_MAC_LENGTH,
-    tls1_cert_verify_mac,
     TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
     TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
     tls1_alert_code,
     tls1_export_keying_material,
     SSL_ENC_FLAG_DTLS | SSL_ENC_FLAG_EXPLICIT_IV,
-    DTLS1_HM_HEADER_LENGTH,
     dtls1_set_handshake_header,
+    dtls1_close_construct_packet,
     dtls1_handshake_write
 };
 
-SSL3_ENC_METHOD DTLSv1_2_enc_data = {
+const SSL3_ENC_METHOD DTLSv1_2_enc_data = {
     tls1_enc,
     tls1_mac,
     tls1_setup_key_block,
     tls1_generate_master_secret,
     tls1_change_cipher_state,
     tls1_final_finish_mac,
-    TLS1_FINISH_MAC_LENGTH,
-    tls1_cert_verify_mac,
     TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
     TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
     tls1_alert_code,
     tls1_export_keying_material,
     SSL_ENC_FLAG_DTLS | SSL_ENC_FLAG_EXPLICIT_IV | SSL_ENC_FLAG_SIGALGS
         | SSL_ENC_FLAG_SHA256_PRF | SSL_ENC_FLAG_TLS1_2_CIPHERS,
-    DTLS1_HM_HEADER_LENGTH,
     dtls1_set_handshake_header,
+    dtls1_close_construct_packet,
     dtls1_handshake_write
 };
 
@@ -126,19 +70,19 @@ int dtls1_new(SSL *s)
 {
     DTLS1_STATE *d1;
 
-    if (!ssl3_new(s))
-        return (0);
-    if ((d1 = OPENSSL_malloc(sizeof(*d1))) == NULL)
-        return (0);
-    memset(d1, 0, sizeof(*d1));
+    if (!DTLS_RECORD_LAYER_new(&s->rlayer)) {
+        return 0;
+    }
 
-    /* d1->handshake_epoch=0; */
+    if (!ssl3_new(s))
+        return 0;
+    if ((d1 = OPENSSL_zalloc(sizeof(*d1))) == NULL) {
+        ssl3_free(s);
+        return 0;
+    }
 
-    d1->unprocessed_rcds.q = pqueue_new();
-    d1->processed_rcds.q = pqueue_new();
     d1->buffered_messages = pqueue_new();
     d1->sent_messages = pqueue_new();
-    d1->buffered_app_data.q = pqueue_new();
 
     if (s->server) {
         d1->cookie_len = sizeof(s->d1->cookie);
@@ -147,60 +91,24 @@ int dtls1_new(SSL *s)
     d1->link_mtu = 0;
     d1->mtu = 0;
 
-    if (!d1->unprocessed_rcds.q || !d1->processed_rcds.q
-        || !d1->buffered_messages || !d1->sent_messages
-        || !d1->buffered_app_data.q) {
-        if (d1->unprocessed_rcds.q)
-            pqueue_free(d1->unprocessed_rcds.q);
-        if (d1->processed_rcds.q)
-            pqueue_free(d1->processed_rcds.q);
-        if (d1->buffered_messages)
-            pqueue_free(d1->buffered_messages);
-        if (d1->sent_messages)
-            pqueue_free(d1->sent_messages);
-        if (d1->buffered_app_data.q)
-            pqueue_free(d1->buffered_app_data.q);
+    if (d1->buffered_messages == NULL || d1->sent_messages == NULL) {
+        pqueue_free(d1->buffered_messages);
+        pqueue_free(d1->sent_messages);
         OPENSSL_free(d1);
-        return (0);
+        ssl3_free(s);
+        return 0;
     }
 
     s->d1 = d1;
-    s->method->ssl_clear(s);
-    return (1);
+
+    if (!s->method->ssl_clear(s))
+        return 0;
+
+    return 1;
 }
 
 static void dtls1_clear_queues(SSL *s)
 {
-    pitem *item = NULL;
-    DTLS1_RECORD_DATA *rdata;
-
-    while ((item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL) {
-        rdata = (DTLS1_RECORD_DATA *)item->data;
-        if (rdata->rbuf.buf) {
-            OPENSSL_free(rdata->rbuf.buf);
-        }
-        OPENSSL_free(item->data);
-        pitem_free(item);
-    }
-
-    while ((item = pqueue_pop(s->d1->processed_rcds.q)) != NULL) {
-        rdata = (DTLS1_RECORD_DATA *)item->data;
-        if (rdata->rbuf.buf) {
-            OPENSSL_free(rdata->rbuf.buf);
-        }
-        OPENSSL_free(item->data);
-        pitem_free(item);
-    }
-
-    while ((item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL) {
-        rdata = (DTLS1_RECORD_DATA *)item->data;
-        if (rdata->rbuf.buf) {
-            OPENSSL_free(rdata->rbuf.buf);
-        }
-        OPENSSL_free(item->data);
-        pitem_free(item);
-    }
-
     dtls1_clear_received_buffer(s);
     dtls1_clear_sent_buffer(s);
 }
@@ -232,42 +140,42 @@ void dtls1_clear_sent_buffer(SSL *s)
 
 void dtls1_free(SSL *s)
 {
+    DTLS_RECORD_LAYER_free(&s->rlayer);
+
     ssl3_free(s);
 
     dtls1_clear_queues(s);
 
-    pqueue_free(s->d1->unprocessed_rcds.q);
-    pqueue_free(s->d1->processed_rcds.q);
     pqueue_free(s->d1->buffered_messages);
     pqueue_free(s->d1->sent_messages);
-    pqueue_free(s->d1->buffered_app_data.q);
 
     OPENSSL_free(s->d1);
     s->d1 = NULL;
 }
 
-void dtls1_clear(SSL *s)
+int dtls1_clear(SSL *s)
 {
-    pqueue unprocessed_rcds;
-    pqueue processed_rcds;
-    pqueue buffered_messages;
-    pqueue sent_messages;
-    pqueue buffered_app_data;
-    unsigned int mtu;
-    unsigned int link_mtu;
+    pqueue *buffered_messages;
+    pqueue *sent_messages;
+    size_t mtu;
+    size_t link_mtu;
+
+    DTLS_RECORD_LAYER_clear(&s->rlayer);
 
     if (s->d1) {
-        unprocessed_rcds = s->d1->unprocessed_rcds.q;
-        processed_rcds = s->d1->processed_rcds.q;
+        DTLS_timer_cb timer_cb = s->d1->timer_cb;
+
         buffered_messages = s->d1->buffered_messages;
         sent_messages = s->d1->sent_messages;
-        buffered_app_data = s->d1->buffered_app_data.q;
         mtu = s->d1->mtu;
         link_mtu = s->d1->link_mtu;
 
         dtls1_clear_queues(s);
 
-        memset(s->d1, 0, sizeof(*(s->d1)));
+        memset(s->d1, 0, sizeof(*s->d1));
+
+        /* Restore the timer callback from previous state */
+        s->d1->timer_cb = timer_cb;
 
         if (s->server) {
             s->d1->cookie_len = sizeof(s->d1->cookie);
@@ -278,20 +186,23 @@ void dtls1_clear(SSL *s)
             s->d1->link_mtu = link_mtu;
         }
 
-        s->d1->unprocessed_rcds.q = unprocessed_rcds;
-        s->d1->processed_rcds.q = processed_rcds;
         s->d1->buffered_messages = buffered_messages;
         s->d1->sent_messages = sent_messages;
-        s->d1->buffered_app_data.q = buffered_app_data;
     }
 
-    ssl3_clear(s);
-    if (s->options & SSL_OP_CISCO_ANYCONNECT)
+    if (!ssl3_clear(s))
+        return 0;
+
+    if (s->method->version == DTLS_ANY_VERSION)
+        s->version = DTLS_MAX_VERSION;
+#ifndef OPENSSL_NO_DTLS1_METHOD
+    else if (s->options & SSL_OP_CISCO_ANYCONNECT)
         s->client_version = s->version = DTLS1_BAD_VER;
-    else if (s->method->version == DTLS_ANY_VERSION)
-        s->version = DTLS1_2_VERSION;
+#endif
     else
         s->version = s->method->version;
+
+    return 1;
 }
 
 long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg)
@@ -307,31 +218,6 @@ long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg)
     case DTLS_CTRL_HANDLE_TIMEOUT:
         ret = dtls1_handle_timeout(s);
         break;
-    case DTLS_CTRL_LISTEN:
-        ret = dtls1_listen(s, parg);
-        break;
-    case SSL_CTRL_CHECK_PROTO_VERSION:
-        /*
-         * For library-internal use; checks that the current protocol is the
-         * highest enabled version (according to s->ctx->method, as version
-         * negotiation may have changed s->method).
-         */
-        if (s->version == s->ctx->method->version)
-            return 1;
-        /*
-         * Apparently we're using a version-flexible SSL_METHOD (not at its
-         * highest protocol version).
-         */
-        if (s->ctx->method->version == DTLS_method()->version) {
-#if DTLS_MAX_VERSION != DTLS1_2_VERSION
-# error Code needs update for DTLS_method() support beyond DTLS1_2_VERSION.
-#endif
-            if (!(s->options & SSL_OP_NO_DTLSv1_2))
-                return s->version == DTLS1_2_VERSION;
-            if (!(s->options & SSL_OP_NO_DTLSv1))
-                return s->version == DTLS1_VERSION;
-        }
-        return 0;               /* Unexpected state; fail closed. */
     case DTLS_CTRL_SET_LINK_MTU:
         if (larg < (long)dtls1_link_min_mtu())
             return 0;
@@ -352,48 +238,49 @@ long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg)
         ret = ssl3_ctrl(s, cmd, larg, parg);
         break;
     }
-    return (ret);
-}
-
-/*
- * As it's impossible to use stream ciphers in "datagram" mode, this
- * simple filter is designed to disengage them in DTLS. Unfortunately
- * there is no universal way to identify stream SSL_CIPHER, so we have
- * to explicitly list their SSL_* codes. Currently RC4 is the only one
- * available, but if new ones emerge, they will have to be added...
- */
-const SSL_CIPHER *dtls1_get_cipher(unsigned int u)
-{
-    const SSL_CIPHER *ciph = ssl3_get_cipher(u);
-
-    if (ciph != NULL) {
-        if (ciph->algorithm_enc == SSL_RC4)
-            return NULL;
-    }
-
-    return ciph;
+    return ret;
 }
 
 void dtls1_start_timer(SSL *s)
 {
+    unsigned int sec, usec;
+
 #ifndef OPENSSL_NO_SCTP
     /* Disable timer for SCTP */
     if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
-        memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
+        memset(&s->d1->next_timeout, 0, sizeof(s->d1->next_timeout));
         return;
     }
 #endif
 
-    /* If timer is not set, initialize duration with 1 second */
+    /*
+     * If timer is not set, initialize duration with 1 second or
+     * a user-specified value if the timer callback is installed.
+     */
     if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) {
-        s->d1->timeout_duration = 1;
+
+        if (s->d1->timer_cb != NULL)
+            s->d1->timeout_duration_us = s->d1->timer_cb(s, 0);
+        else
+            s->d1->timeout_duration_us = 1000000;
     }
 
     /* Set timeout to current time */
     get_current_time(&(s->d1->next_timeout));
 
     /* Add duration to current time */
-    s->d1->next_timeout.tv_sec += s->d1->timeout_duration;
+
+    sec  = s->d1->timeout_duration_us / 1000000;
+    usec = s->d1->timeout_duration_us - (sec * 1000000);
+
+    s->d1->next_timeout.tv_sec  += sec;
+    s->d1->next_timeout.tv_usec += usec;
+
+    if (s->d1->next_timeout.tv_usec >= 1000000) {
+        s->d1->next_timeout.tv_sec++;
+        s->d1->next_timeout.tv_usec -= 1000000;
+    }
+
     BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
              &(s->d1->next_timeout));
 }
@@ -414,7 +301,7 @@ struct timeval *dtls1_get_timeout(SSL *s, struct timeval *timeleft)
     if (s->d1->next_timeout.tv_sec < timenow.tv_sec ||
         (s->d1->next_timeout.tv_sec == timenow.tv_sec &&
          s->d1->next_timeout.tv_usec <= timenow.tv_usec)) {
-        memset(timeleft, 0, sizeof(struct timeval));
+        memset(timeleft, 0, sizeof(*timeleft));
         return timeleft;
     }
 
@@ -429,10 +316,10 @@ struct timeval *dtls1_get_timeout(SSL *s, struct timeval *timeleft)
 
     /*
      * If remaining time is less than 15 ms, set it to 0 to prevent issues
-     * because of small devergences with socket timeouts.
+     * because of small divergences with socket timeouts.
      */
     if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000) {
-        memset(timeleft, 0, sizeof(struct timeval));
+        memset(timeleft, 0, sizeof(*timeleft));
     }
 
     return timeleft;
@@ -458,18 +345,18 @@ int dtls1_is_timer_expired(SSL *s)
 
 void dtls1_double_timeout(SSL *s)
 {
-    s->d1->timeout_duration *= 2;
-    if (s->d1->timeout_duration > 60)
-        s->d1->timeout_duration = 60;
+    s->d1->timeout_duration_us *= 2;
+    if (s->d1->timeout_duration_us > 60000000)
+        s->d1->timeout_duration_us = 60000000;
     dtls1_start_timer(s);
 }
 
 void dtls1_stop_timer(SSL *s)
 {
     /* Reset everything */
-    memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st));
-    memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
-    s->d1->timeout_duration = 1;
+    memset(&s->d1->timeout, 0, sizeof(s->d1->timeout));
+    memset(&s->d1->next_timeout, 0, sizeof(s->d1->next_timeout));
+    s->d1->timeout_duration_us = 1000000;
     BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
              &(s->d1->next_timeout));
     /* Clear retransmission buffer */
@@ -478,7 +365,7 @@ void dtls1_stop_timer(SSL *s)
 
 int dtls1_check_timeout_num(SSL *s)
 {
-    unsigned int mtu;
+    size_t mtu;
 
     s->d1->timeout.num_alerts++;
 
@@ -486,15 +373,15 @@ int dtls1_check_timeout_num(SSL *s)
     if (s->d1->timeout.num_alerts > 2
         && !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
         mtu =
-            BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0,
-                     NULL);
+            BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
         if (mtu < s->d1->mtu)
             s->d1->mtu = mtu;
     }
 
     if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) {
         /* fail the connection, enough alerts have been sent */
-        SSLerr(SSL_F_DTLS1_CHECK_TIMEOUT_NUM, SSL_R_READ_TIMEOUT_EXPIRED);
+        SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_DTLS1_CHECK_TIMEOUT_NUM,
+                 SSL_R_READ_TIMEOUT_EXPIRED);
         return -1;
     }
 
@@ -508,23 +395,23 @@ int dtls1_handle_timeout(SSL *s)
         return 0;
     }
 
-    dtls1_double_timeout(s);
+    if (s->d1->timer_cb != NULL)
+        s->d1->timeout_duration_us = s->d1->timer_cb(s, s->d1->timeout_duration_us);
+    else
+        dtls1_double_timeout(s);
 
-    if (dtls1_check_timeout_num(s) < 0)
+    if (dtls1_check_timeout_num(s) < 0) {
+        /* SSLfatal() already called */
         return -1;
+    }
 
     s->d1->timeout.read_timeouts++;
     if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) {
         s->d1->timeout.read_timeouts = 1;
     }
-#ifndef OPENSSL_NO_HEARTBEATS
-    if (s->tlsext_hb_pending) {
-        s->tlsext_hb_pending = 0;
-        return dtls1_heartbeat(s);
-    }
-#endif
 
     dtls1_start_timer(s);
+    /* Calls SSLfatal() if required */
     return dtls1_retransmit_buffered_messages(s);
 }
 
@@ -539,52 +426,568 @@ static void get_current_time(struct timeval *t)
 
     GetSystemTime(&st);
     SystemTimeToFileTime(&st, &now.ft);
+    /* re-bias to 1/1/1970 */
 # ifdef  __MINGW32__
     now.ul -= 116444736000000000ULL;
 # else
-    now.ul -= 116444736000000000UI64; /* re-bias to 1/1/1970 */
+    /* *INDENT-OFF* */
+    now.ul -= 116444736000000000UI64;
+    /* *INDENT-ON* */
 # endif
     t->tv_sec = (long)(now.ul / 10000000);
     t->tv_usec = ((int)(now.ul % 10000000)) / 10;
-#elif defined(OPENSSL_SYS_VMS)
-    struct timeb tb;
-    ftime(&tb);
-    t->tv_sec = (long)tb.time;
-    t->tv_usec = (long)tb.millitm * 1000;
 #else
     gettimeofday(t, NULL);
 #endif
 }
 
-int dtls1_listen(SSL *s, struct sockaddr *client)
+#define LISTEN_SUCCESS              2
+#define LISTEN_SEND_VERIFY_REQUEST  1
+
+#ifndef OPENSSL_NO_SOCK
+int DTLSv1_listen(SSL *s, BIO_ADDR *client)
 {
-    int ret;
+    int next, n, ret = 0, clearpkt = 0;
+    unsigned char cookie[DTLS1_COOKIE_LENGTH];
+    unsigned char seq[SEQ_NUM_SIZE];
+    const unsigned char *data;
+    unsigned char *buf;
+    size_t fragoff, fraglen, msglen;
+    unsigned int rectype, versmajor, msgseq, msgtype, clientvers, cookielen;
+    BIO *rbio, *wbio;
+    BUF_MEM *bufm;
+    BIO_ADDR *tmpclient = NULL;
+    PACKET pkt, msgpkt, msgpayload, session, cookiepkt;
+
+    if (s->handshake_func == NULL) {
+        /* Not properly initialized yet */
+        SSL_set_accept_state(s);
+    }
 
     /* Ensure there is no state left over from a previous invocation */
-    SSL_clear(s);
+    if (!SSL_clear(s))
+        return -1;
+
+    ERR_clear_error();
+
+    rbio = SSL_get_rbio(s);
+    wbio = SSL_get_wbio(s);
+
+    if (!rbio || !wbio) {
+        SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_BIO_NOT_SET);
+        return -1;
+    }
+
+    /*
+     * We only peek at incoming ClientHello's until we're sure we are going to
+     * to respond with a HelloVerifyRequest. If its a ClientHello with a valid
+     * cookie then we leave it in the BIO for accept to handle.
+     */
+    BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_PEEK_MODE, 1, NULL);
+
+    /*
+     * Note: This check deliberately excludes DTLS1_BAD_VER because that version
+     * requires the MAC to be calculated *including* the first ClientHello
+     * (without the cookie). Since DTLSv1_listen is stateless that cannot be
+     * supported. DTLS1_BAD_VER must use cookies in a stateful manner (e.g. via
+     * SSL_accept)
+     */
+    if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00)) {
+        SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_UNSUPPORTED_SSL_VERSION);
+        return -1;
+    }
+
+    if (s->init_buf == NULL) {
+        if ((bufm = BUF_MEM_new()) == NULL) {
+            SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_MALLOC_FAILURE);
+            return -1;
+        }
+
+        if (!BUF_MEM_grow(bufm, SSL3_RT_MAX_PLAIN_LENGTH)) {
+            BUF_MEM_free(bufm);
+            SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_MALLOC_FAILURE);
+            return -1;
+        }
+        s->init_buf = bufm;
+    }
+    buf = (unsigned char *)s->init_buf->data;
+
+    do {
+        /* Get a packet */
+
+        clear_sys_error();
+        /*
+         * Technically a ClientHello could be SSL3_RT_MAX_PLAIN_LENGTH
+         * + DTLS1_RT_HEADER_LENGTH bytes long. Normally init_buf does not store
+         * the record header as well, but we do here. We've set up init_buf to
+         * be the standard size for simplicity. In practice we shouldn't ever
+         * receive a ClientHello as long as this. If we do it will get dropped
+         * in the record length check below.
+         */
+        n = BIO_read(rbio, buf, SSL3_RT_MAX_PLAIN_LENGTH);
+
+        if (n <= 0) {
+            if (BIO_should_retry(rbio)) {
+                /* Non-blocking IO */
+                goto end;
+            }
+            return -1;
+        }
 
+        /* If we hit any problems we need to clear this packet from the BIO */
+        clearpkt = 1;
+
+        if (!PACKET_buf_init(&pkt, buf, n)) {
+            SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_INTERNAL_ERROR);
+            return -1;
+        }
+
+        /*
+         * Parse the received record. If there are any problems with it we just
+         * dump it - with no alert. RFC6347 says this "Unlike TLS, DTLS is
+         * resilient in the face of invalid records (e.g., invalid formatting,
+         * length, MAC, etc.).  In general, invalid records SHOULD be silently
+         * discarded, thus preserving the association; however, an error MAY be
+         * logged for diagnostic purposes."
+         */
+
+        /* this packet contained a partial record, dump it */
+        if (n < DTLS1_RT_HEADER_LENGTH) {
+            SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_RECORD_TOO_SMALL);
+            goto end;
+        }
+
+        if (s->msg_callback)
+            s->msg_callback(0, 0, SSL3_RT_HEADER, buf,
+                            DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg);
+
+        /* Get the record header */
+        if (!PACKET_get_1(&pkt, &rectype)
+            || !PACKET_get_1(&pkt, &versmajor)) {
+            SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_LENGTH_MISMATCH);
+            goto end;
+        }
+
+        if (rectype != SSL3_RT_HANDSHAKE) {
+            SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_UNEXPECTED_MESSAGE);
+            goto end;
+        }
+
+        /*
+         * Check record version number. We only check that the major version is
+         * the same.
+         */
+        if (versmajor != DTLS1_VERSION_MAJOR) {
+            SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_BAD_PROTOCOL_VERSION_NUMBER);
+            goto end;
+        }
+
+        if (!PACKET_forward(&pkt, 1)
+            /* Save the sequence number: 64 bits, with top 2 bytes = epoch */
+            || !PACKET_copy_bytes(&pkt, seq, SEQ_NUM_SIZE)
+            || !PACKET_get_length_prefixed_2(&pkt, &msgpkt)) {
+            SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_LENGTH_MISMATCH);
+            goto end;
+        }
+        /*
+         * We allow data remaining at the end of the packet because there could
+         * be a second record (but we ignore it)
+         */
+
+        /* This is an initial ClientHello so the epoch has to be 0 */
+        if (seq[0] != 0 || seq[1] != 0) {
+            SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_UNEXPECTED_MESSAGE);
+            goto end;
+        }
+
+        /* Get a pointer to the raw message for the later callback */
+        data = PACKET_data(&msgpkt);
+
+        /* Finished processing the record header, now process the message */
+        if (!PACKET_get_1(&msgpkt, &msgtype)
+            || !PACKET_get_net_3_len(&msgpkt, &msglen)
+            || !PACKET_get_net_2(&msgpkt, &msgseq)
+            || !PACKET_get_net_3_len(&msgpkt, &fragoff)
+            || !PACKET_get_net_3_len(&msgpkt, &fraglen)
+            || !PACKET_get_sub_packet(&msgpkt, &msgpayload, fraglen)
+            || PACKET_remaining(&msgpkt) != 0) {
+            SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_LENGTH_MISMATCH);
+            goto end;
+        }
+
+        if (msgtype != SSL3_MT_CLIENT_HELLO) {
+            SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_UNEXPECTED_MESSAGE);
+            goto end;
+        }
+
+        /* Message sequence number can only be 0 or 1 */
+        if (msgseq > 2) {
+            SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_INVALID_SEQUENCE_NUMBER);
+            goto end;
+        }
+
+        /*
+         * We don't support fragment reassembly for ClientHellos whilst
+         * listening because that would require server side state (which is
+         * against the whole point of the ClientHello/HelloVerifyRequest
+         * mechanism). Instead we only look at the first ClientHello fragment
+         * and require that the cookie must be contained within it.
+         */
+        if (fragoff != 0 || fraglen > msglen) {
+            /* Non initial ClientHello fragment (or bad fragment) */
+            SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_FRAGMENTED_CLIENT_HELLO);
+            goto end;
+        }
+
+        if (s->msg_callback)
+            s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, data,
+                            fraglen + DTLS1_HM_HEADER_LENGTH, s,
+                            s->msg_callback_arg);
+
+        if (!PACKET_get_net_2(&msgpayload, &clientvers)) {
+            SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_LENGTH_MISMATCH);
+            goto end;
+        }
+
+        /*
+         * Verify client version is supported
+         */
+        if (DTLS_VERSION_LT(clientvers, (unsigned int)s->method->version) &&
+            s->method->version != DTLS_ANY_VERSION) {
+            SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_WRONG_VERSION_NUMBER);
+            goto end;
+        }
+
+        if (!PACKET_forward(&msgpayload, SSL3_RANDOM_SIZE)
+            || !PACKET_get_length_prefixed_1(&msgpayload, &session)
+            || !PACKET_get_length_prefixed_1(&msgpayload, &cookiepkt)) {
+            /*
+             * Could be malformed or the cookie does not fit within the initial
+             * ClientHello fragment. Either way we can't handle it.
+             */
+            SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_LENGTH_MISMATCH);
+            goto end;
+        }
+
+        /*
+         * Check if we have a cookie or not. If not we need to send a
+         * HelloVerifyRequest.
+         */
+        if (PACKET_remaining(&cookiepkt) == 0) {
+            next = LISTEN_SEND_VERIFY_REQUEST;
+        } else {
+            /*
+             * We have a cookie, so lets check it.
+             */
+            if (s->ctx->app_verify_cookie_cb == NULL) {
+                SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_NO_VERIFY_COOKIE_CALLBACK);
+                /* This is fatal */
+                return -1;
+            }
+            if (s->ctx->app_verify_cookie_cb(s, PACKET_data(&cookiepkt),
+                    (unsigned int)PACKET_remaining(&cookiepkt)) == 0) {
+                /*
+                 * We treat invalid cookies in the same was as no cookie as
+                 * per RFC6347
+                 */
+                next = LISTEN_SEND_VERIFY_REQUEST;
+            } else {
+                /* Cookie verification succeeded */
+                next = LISTEN_SUCCESS;
+            }
+        }
+
+        if (next == LISTEN_SEND_VERIFY_REQUEST) {
+            WPACKET wpkt;
+            unsigned int version;
+            size_t wreclen;
+
+            /*
+             * There was no cookie in the ClientHello so we need to send a
+             * HelloVerifyRequest. If this fails we do not worry about trying
+             * to resend, we just drop it.
+             */
+
+            /*
+             * Dump the read packet, we don't need it any more. Ignore return
+             * value
+             */
+            BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_PEEK_MODE, 0, NULL);
+            BIO_read(rbio, buf, SSL3_RT_MAX_PLAIN_LENGTH);
+            BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_PEEK_MODE, 1, NULL);
+
+            /* Generate the cookie */
+            if (s->ctx->app_gen_cookie_cb == NULL ||
+                s->ctx->app_gen_cookie_cb(s, cookie, &cookielen) == 0 ||
+                cookielen > 255) {
+                SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_COOKIE_GEN_CALLBACK_FAILURE);
+                /* This is fatal */
+                return -1;
+            }
+
+            /*
+             * Special case: for hello verify request, client version 1.0 and we
+             * haven't decided which version to use yet send back using version
+             * 1.0 header: otherwise some clients will ignore it.
+             */
+            version = (s->method->version == DTLS_ANY_VERSION) ? DTLS1_VERSION
+                                                               : s->version;
+
+            /* Construct the record and message headers */
+            if (!WPACKET_init(&wpkt, s->init_buf)
+                    || !WPACKET_put_bytes_u8(&wpkt, SSL3_RT_HANDSHAKE)
+                    || !WPACKET_put_bytes_u16(&wpkt, version)
+                       /*
+                        * Record sequence number is always the same as in the
+                        * received ClientHello
+                        */
+                    || !WPACKET_memcpy(&wpkt, seq, SEQ_NUM_SIZE)
+                       /* End of record, start sub packet for message */
+                    || !WPACKET_start_sub_packet_u16(&wpkt)
+                       /* Message type */
+                    || !WPACKET_put_bytes_u8(&wpkt,
+                                             DTLS1_MT_HELLO_VERIFY_REQUEST)
+                       /*
+                        * Message length - doesn't follow normal TLS convention:
+                        * the length isn't the last thing in the message header.
+                        * We'll need to fill this in later when we know the
+                        * length. Set it to zero for now
+                        */
+                    || !WPACKET_put_bytes_u24(&wpkt, 0)
+                       /*
+                        * Message sequence number is always 0 for a
+                        * HelloVerifyRequest
+                        */
+                    || !WPACKET_put_bytes_u16(&wpkt, 0)
+                       /*
+                        * We never fragment a HelloVerifyRequest, so fragment
+                        * offset is 0
+                        */
+                    || !WPACKET_put_bytes_u24(&wpkt, 0)
+                       /*
+                        * Fragment length is the same as message length, but
+                        * this *is* the last thing in the message header so we
+                        * can just start a sub-packet. No need to come back
+                        * later for this one.
+                        */
+                    || !WPACKET_start_sub_packet_u24(&wpkt)
+                       /* Create the actual HelloVerifyRequest body */
+                    || !dtls_raw_hello_verify_request(&wpkt, cookie, cookielen)
+                       /* Close message body */
+                    || !WPACKET_close(&wpkt)
+                       /* Close record body */
+                    || !WPACKET_close(&wpkt)
+                    || !WPACKET_get_total_written(&wpkt, &wreclen)
+                    || !WPACKET_finish(&wpkt)) {
+                SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_INTERNAL_ERROR);
+                WPACKET_cleanup(&wpkt);
+                /* This is fatal */
+                return -1;
+            }
+
+            /*
+             * Fix up the message len in the message header. Its the same as the
+             * fragment len which has been filled in by WPACKET, so just copy
+             * that. Destination for the message len is after the record header
+             * plus one byte for the message content type. The source is the
+             * last 3 bytes of the message header
+             */
+            memcpy(&buf[DTLS1_RT_HEADER_LENGTH + 1],
+                   &buf[DTLS1_RT_HEADER_LENGTH + DTLS1_HM_HEADER_LENGTH - 3],
+                   3);
+
+            if (s->msg_callback)
+                s->msg_callback(1, 0, SSL3_RT_HEADER, buf,
+                                DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg);
+
+            if ((tmpclient = BIO_ADDR_new()) == NULL) {
+                SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_MALLOC_FAILURE);
+                goto end;
+            }
+
+            /*
+             * This is unnecessary if rbio and wbio are one and the same - but
+             * maybe they're not. We ignore errors here - some BIOs do not
+             * support this.
+             */
+            if (BIO_dgram_get_peer(rbio, tmpclient) > 0) {
+                (void)BIO_dgram_set_peer(wbio, tmpclient);
+            }
+            BIO_ADDR_free(tmpclient);
+            tmpclient = NULL;
+
+            /* TODO(size_t): convert this call */
+            if (BIO_write(wbio, buf, wreclen) < (int)wreclen) {
+                if (BIO_should_retry(wbio)) {
+                    /*
+                     * Non-blocking IO...but we're stateless, so we're just
+                     * going to drop this packet.
+                     */
+                    goto end;
+                }
+                return -1;
+            }
+
+            if (BIO_flush(wbio) <= 0) {
+                if (BIO_should_retry(wbio)) {
+                    /*
+                     * Non-blocking IO...but we're stateless, so we're just
+                     * going to drop this packet.
+                     */
+                    goto end;
+                }
+                return -1;
+            }
+        }
+    } while (next != LISTEN_SUCCESS);
+
+    /*
+     * Set expected sequence numbers to continue the handshake.
+     */
+    s->d1->handshake_read_seq = 1;
+    s->d1->handshake_write_seq = 1;
+    s->d1->next_handshake_write_seq = 1;
+    DTLS_RECORD_LAYER_set_write_sequence(&s->rlayer, seq);
+
+    /*
+     * We are doing cookie exchange, so make sure we set that option in the
+     * SSL object
+     */
     SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
-    s->d1->listen = 1;
 
-    ret = SSL_accept(s);
-    if (ret <= 0)
-        return ret;
+    /*
+     * Tell the state machine that we've done the initial hello verify
+     * exchange
+     */
+    ossl_statem_set_hello_verify_done(s);
+
+    /*
+     * Some BIOs may not support this. If we fail we clear the client address
+     */
+    if (BIO_dgram_get_peer(rbio, client) <= 0)
+        BIO_ADDR_clear(client);
+
+    ret = 1;
+    clearpkt = 0;
+ end:
+    BIO_ADDR_free(tmpclient);
+    BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_PEEK_MODE, 0, NULL);
+    if (clearpkt) {
+        /* Dump this packet. Ignore return value */
+        BIO_read(rbio, buf, SSL3_RT_MAX_PLAIN_LENGTH);
+    }
+    return ret;
+}
+#endif
+
+static int dtls1_handshake_write(SSL *s)
+{
+    return dtls1_do_write(s, SSL3_RT_HANDSHAKE);
+}
+
+int dtls1_shutdown(SSL *s)
+{
+    int ret;
+#ifndef OPENSSL_NO_SCTP
+    BIO *wbio;
+
+    wbio = SSL_get_wbio(s);
+    if (wbio != NULL && BIO_dgram_is_sctp(wbio) &&
+        !(s->shutdown & SSL_SENT_SHUTDOWN)) {
+        ret = BIO_dgram_sctp_wait_for_dry(wbio);
+        if (ret < 0)
+            return -1;
+
+        if (ret == 0)
+            BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 1,
+                     NULL);
+    }
+#endif
+    ret = ssl3_shutdown(s);
+#ifndef OPENSSL_NO_SCTP
+    BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 0, NULL);
+#endif
+    return ret;
+}
 
-    (void)BIO_dgram_get_peer(SSL_get_rbio(s), client);
+int dtls1_query_mtu(SSL *s)
+{
+    if (s->d1->link_mtu) {
+        s->d1->mtu =
+            s->d1->link_mtu - BIO_dgram_get_mtu_overhead(SSL_get_wbio(s));
+        s->d1->link_mtu = 0;
+    }
+
+    /* AHA!  Figure out the MTU, and stick to the right size */
+    if (s->d1->mtu < dtls1_min_mtu(s)) {
+        if (!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
+            s->d1->mtu =
+                BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
+
+            /*
+             * I've seen the kernel return bogus numbers when it doesn't know
+             * (initial write), so just make sure we have a reasonable number
+             */
+            if (s->d1->mtu < dtls1_min_mtu(s)) {
+                /* Set to min mtu */
+                s->d1->mtu = dtls1_min_mtu(s);
+                BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU,
+                         (long)s->d1->mtu, NULL);
+            }
+        } else
+            return 0;
+    }
     return 1;
 }
 
-static void dtls1_set_handshake_header(SSL *s, int htype, unsigned long len)
+static size_t dtls1_link_min_mtu(void)
 {
-    unsigned char *p = (unsigned char *)s->init_buf->data;
-    dtls1_set_message_header(s, p, htype, len, 0, len);
-    s->init_num = (int)len + DTLS1_HM_HEADER_LENGTH;
-    s->init_off = 0;
-    /* Buffer the message to handle re-xmits */
-    dtls1_buffer_message(s, 0);
+    return (g_probable_mtu[(sizeof(g_probable_mtu) /
+                            sizeof(g_probable_mtu[0])) - 1]);
 }
 
-static int dtls1_handshake_write(SSL *s)
+size_t dtls1_min_mtu(SSL *s)
 {
-    return dtls1_do_write(s, SSL3_RT_HANDSHAKE);
+    return dtls1_link_min_mtu() - BIO_dgram_get_mtu_overhead(SSL_get_wbio(s));
+}
+
+size_t DTLS_get_data_mtu(const SSL *s)
+{
+    size_t mac_overhead, int_overhead, blocksize, ext_overhead;
+    const SSL_CIPHER *ciph = SSL_get_current_cipher(s);
+    size_t mtu = s->d1->mtu;
+
+    if (ciph == NULL)
+        return 0;
+
+    if (!ssl_cipher_get_overhead(ciph, &mac_overhead, &int_overhead,
+                                 &blocksize, &ext_overhead))
+        return 0;
+
+    if (SSL_READ_ETM(s))
+        ext_overhead += mac_overhead;
+    else
+        int_overhead += mac_overhead;
+
+    /* Subtract external overhead (e.g. IV/nonce, separate MAC) */
+    if (ext_overhead + DTLS1_RT_HEADER_LENGTH >= mtu)
+        return 0;
+    mtu -= ext_overhead + DTLS1_RT_HEADER_LENGTH;
+
+    /* Round encrypted payload down to cipher block size (for CBC etc.)
+     * No check for overflow since 'mtu % blocksize' cannot exceed mtu. */
+    if (blocksize)
+        mtu -= (mtu % blocksize);
+
+    /* Subtract internal overhead (e.g. CBC padding len byte) */
+    if (int_overhead >= mtu)
+        return 0;
+    mtu -= int_overhead;
+
+    return mtu;
+}
+
+void DTLS_set_timer_cb(SSL *s, DTLS_timer_cb cb)
+{
+    s->d1->timer_cb = cb;
 }
diff --git a/freebsd/crypto/openssl/ssl/d1_meth.c b/freebsd/crypto/openssl/ssl/d1_meth.c
deleted file mode 100644
index 9d66f340..00000000
--- a/freebsd/crypto/openssl/ssl/d1_meth.c
+++ /dev/null
@@ -1,92 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* ssl/d1_meth.h */
-/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <openssl/objects.h>
-#include "ssl_locl.h"
-
-static const SSL_METHOD *dtls1_get_method(int ver);
-static const SSL_METHOD *dtls1_get_method(int ver)
-{
-    if (ver == DTLS_ANY_VERSION)
-        return DTLS_method();
-    else if (ver == DTLS1_VERSION)
-        return DTLSv1_method();
-    else if (ver == DTLS1_2_VERSION)
-        return DTLSv1_2_method();
-    else
-        return NULL;
-}
-
-IMPLEMENT_dtls1_meth_func(DTLS1_VERSION,
-                          DTLSv1_method,
-                          dtls1_accept,
-                          dtls1_connect, dtls1_get_method, DTLSv1_enc_data)
-
-IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION,
-                          DTLSv1_2_method,
-                          dtls1_accept,
-                          dtls1_connect, dtls1_get_method, DTLSv1_2_enc_data)
-
-IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION,
-                          DTLS_method,
-                          dtls1_accept,
-                          dtls1_connect, dtls1_get_method, DTLSv1_2_enc_data)
diff --git a/freebsd/crypto/openssl/ssl/d1_msg.c b/freebsd/crypto/openssl/ssl/d1_msg.c
new file mode 100644
index 00000000..feae6cac
--- /dev/null
+++ b/freebsd/crypto/openssl/ssl/d1_msg.c
@@ -0,0 +1,75 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "ssl_locl.h"
+
+int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, size_t len,
+                               size_t *written)
+{
+    int i;
+
+    if (SSL_in_init(s) && !ossl_statem_get_in_handshake(s)) {
+        i = s->handshake_func(s);
+        if (i < 0)
+            return i;
+        if (i == 0) {
+            SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES,
+                   SSL_R_SSL_HANDSHAKE_FAILURE);
+            return -1;
+        }
+    }
+
+    if (len > SSL3_RT_MAX_PLAIN_LENGTH) {
+        SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES, SSL_R_DTLS_MESSAGE_TOO_BIG);
+        return -1;
+    }
+
+    return dtls1_write_bytes(s, type, buf_, len, written);
+}
+
+int dtls1_dispatch_alert(SSL *s)
+{
+    int i, j;
+    void (*cb) (const SSL *ssl, int type, int val) = NULL;
+    unsigned char buf[DTLS1_AL_HEADER_LENGTH];
+    unsigned char *ptr = &buf[0];
+    size_t written;
+
+    s->s3->alert_dispatch = 0;
+
+    memset(buf, 0, sizeof(buf));
+    *ptr++ = s->s3->send_alert[0];
+    *ptr++ = s->s3->send_alert[1];
+
+    i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), 0, &written);
+    if (i <= 0) {
+        s->s3->alert_dispatch = 1;
+        /* fprintf( stderr, "not done with alert\n" ); */
+    } else {
+        if (s->s3->send_alert[0] == SSL3_AL_FATAL)
+            (void)BIO_flush(s->wbio);
+
+        if (s->msg_callback)
+            s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert,
+                            2, s, s->msg_callback_arg);
+
+        if (s->info_callback != NULL)
+            cb = s->info_callback;
+        else if (s->ctx->info_callback != NULL)
+            cb = s->ctx->info_callback;
+
+        if (cb != NULL) {
+            j = (s->s3->send_alert[0] << 8) | s->s3->send_alert[1];
+            cb(s, SSL_CB_WRITE_ALERT, j);
+        }
+    }
+    return i;
+}
diff --git a/freebsd/crypto/openssl/ssl/d1_pkt.c b/freebsd/crypto/openssl/ssl/d1_pkt.c
deleted file mode 100644
index 4cbfb8e6..00000000
--- a/freebsd/crypto/openssl/ssl/d1_pkt.c
+++ /dev/null
@@ -1,2043 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* ssl/d1_pkt.c */
-/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1998-2018 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#define USE_SOCKETS
-#include "ssl_locl.h"
-#include <openssl/evp.h>
-#include <openssl/buffer.h>
-#include <openssl/pqueue.h>
-#include <openssl/rand.h>
-
-/* mod 128 saturating subtract of two 64-bit values in big-endian order */
-static int satsub64be(const unsigned char *v1, const unsigned char *v2)
-{
-    int ret, i;
-
-    if (sizeof(long) == 8)
-        do {
-            const union {
-                long one;
-                char little;
-            } is_endian = {
-                1
-            };
-            long l;
-
-            if (is_endian.little)
-                break;
-            /* not reached on little-endians */
-            /*
-             * following test is redundant, because input is always aligned,
-             * but I take no chances...
-             */
-            if (((size_t)v1 | (size_t)v2) & 0x7)
-                break;
-
-            l = *((long *)v1);
-            l -= *((long *)v2);
-            if (l > 128)
-                return 128;
-            else if (l < -128)
-                return -128;
-            else
-                return (int)l;
-        } while (0);
-
-    ret = 0;
-    for (i=0; i<7; i++) {
-        if (v1[i] > v2[i]) {
-            /* v1 is larger... but by how much? */
-            if (v1[i] != v2[i] + 1)
-                return 128;
-            while (++i <= 6) {
-                if (v1[i] != 0x00 || v2[i] != 0xff)
-                    return 128; /* too much */
-            }
-            /* We checked all the way to the penultimate byte,
-             * so despite higher bytes changing we actually
-             * know that it only changed from (e.g.)
-             *       ... (xx)  ff ff ff ??
-             * to   ... (xx+1) 00 00 00 ??
-             * so we add a 'bias' of 256 for the carry that
-             * happened, and will eventually return
-             * 256 + v1[7] - v2[7]. */
-            ret = 256;
-            break;
-        } else if (v2[i] > v1[i]) {
-            /* v2 is larger... but by how much? */
-            if (v2[i] != v1[i] + 1)
-                return -128;
-            while (++i <= 6) {
-                if (v2[i] != 0x00 || v1[i] != 0xff)
-                    return -128; /* too much */
-            }
-            /* Similar to the case above, we know it changed
-             * from    ... (xx)  00 00 00 ??
-             * to     ... (xx-1) ff ff ff ??
-             * so we add a 'bias' of -256 for the borrow,
-             * to return -256 + v1[7] - v2[7]. */
-            ret = -256;
-        }
-    }
-
-    ret += (int)v1[7] - (int)v2[7];
-
-    if (ret > 128)
-        return 128;
-    else if (ret < -128)
-        return -128;
-    else
-        return ret;
-}
-
-static int have_handshake_fragment(SSL *s, int type, unsigned char *buf,
-                                   int len, int peek);
-static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap);
-static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap);
-static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,
-                                      unsigned int *is_next_epoch);
-#if 0
-static int dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr,
-                                        unsigned short *priority,
-                                        unsigned long *offset);
-#endif
-static int dtls1_buffer_record(SSL *s, record_pqueue *q,
-                               unsigned char *priority);
-static int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap);
-
-/* copy buffered record into SSL structure */
-static int dtls1_copy_record(SSL *s, pitem *item)
-{
-    DTLS1_RECORD_DATA *rdata;
-
-    rdata = (DTLS1_RECORD_DATA *)item->data;
-
-    if (s->s3->rbuf.buf != NULL)
-        OPENSSL_free(s->s3->rbuf.buf);
-
-    s->packet = rdata->packet;
-    s->packet_length = rdata->packet_length;
-    memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
-    memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
-
-    /* Set proper sequence number for mac calculation */
-    memcpy(&(s->s3->read_sequence[2]), &(rdata->packet[5]), 6);
-
-    return (1);
-}
-
-static int
-dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
-{
-    DTLS1_RECORD_DATA *rdata;
-    pitem *item;
-
-    /* Limit the size of the queue to prevent DOS attacks */
-    if (pqueue_size(queue->q) >= 100)
-        return 0;
-
-    rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
-    item = pitem_new(priority, rdata);
-    if (rdata == NULL || item == NULL) {
-        if (rdata != NULL)
-            OPENSSL_free(rdata);
-        if (item != NULL)
-            pitem_free(item);
-
-        SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
-        return -1;
-    }
-
-    rdata->packet = s->packet;
-    rdata->packet_length = s->packet_length;
-    memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER));
-    memcpy(&(rdata->rrec), &(s->s3->rrec), sizeof(SSL3_RECORD));
-
-    item->data = rdata;
-
-#ifndef OPENSSL_NO_SCTP
-    /* Store bio_dgram_sctp_rcvinfo struct */
-    if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
-        (s->state == SSL3_ST_SR_FINISHED_A
-         || s->state == SSL3_ST_CR_FINISHED_A)) {
-        BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_GET_RCVINFO,
-                 sizeof(rdata->recordinfo), &rdata->recordinfo);
-    }
-#endif
-
-    s->packet = NULL;
-    s->packet_length = 0;
-    memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER));
-    memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD));
-
-    if (!ssl3_setup_buffers(s)) {
-        SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
-        if (rdata->rbuf.buf != NULL)
-            OPENSSL_free(rdata->rbuf.buf);
-        OPENSSL_free(rdata);
-        pitem_free(item);
-        return (-1);
-    }
-
-    /* insert should not fail, since duplicates are dropped */
-    if (pqueue_insert(queue->q, item) == NULL) {
-        SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
-        if (rdata->rbuf.buf != NULL)
-            OPENSSL_free(rdata->rbuf.buf);
-        OPENSSL_free(rdata);
-        pitem_free(item);
-        return (-1);
-    }
-
-    return (1);
-}
-
-static int dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue)
-{
-    pitem *item;
-
-    item = pqueue_pop(queue->q);
-    if (item) {
-        dtls1_copy_record(s, item);
-
-        OPENSSL_free(item->data);
-        pitem_free(item);
-
-        return (1);
-    }
-
-    return (0);
-}
-
-/*
- * retrieve a buffered record that belongs to the new epoch, i.e., not
- * processed yet
- */
-#define dtls1_get_unprocessed_record(s) \
-                   dtls1_retrieve_buffered_record((s), \
-                   &((s)->d1->unprocessed_rcds))
-
-/*
- * retrieve a buffered record that belongs to the current epoch, ie,
- * processed
- */
-#define dtls1_get_processed_record(s) \
-                   dtls1_retrieve_buffered_record((s), \
-                   &((s)->d1->processed_rcds))
-
-static int dtls1_process_buffered_records(SSL *s)
-{
-    pitem *item;
-    SSL3_BUFFER *rb;
-    SSL3_RECORD *rr;
-    DTLS1_BITMAP *bitmap;
-    unsigned int is_next_epoch;
-    int replayok = 1;
-
-    item = pqueue_peek(s->d1->unprocessed_rcds.q);
-    if (item) {
-        /* Check if epoch is current. */
-        if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch)
-            return 1;         /* Nothing to do. */
-
-        rr = &s->s3->rrec;
-        rb = &s->s3->rbuf;
-
-        if (rb->left > 0) {
-            /*
-             * We've still got data from the current packet to read. There could
-             * be a record from the new epoch in it - so don't overwrite it
-             * with the unprocessed records yet (we'll do it when we've
-             * finished reading the current packet).
-             */
-            return 1;
-        }
-
-
-        /* Process all the records. */
-        while (pqueue_peek(s->d1->unprocessed_rcds.q)) {
-            dtls1_get_unprocessed_record(s);
-            bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);
-            if (bitmap == NULL) {
-                /*
-                 * Should not happen. This will only ever be NULL when the
-                 * current record is from a different epoch. But that cannot
-                 * be the case because we already checked the epoch above
-                 */
-                 SSLerr(SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS,
-                        ERR_R_INTERNAL_ERROR);
-                 return 0;
-            }
-#ifndef OPENSSL_NO_SCTP
-            /* Only do replay check if no SCTP bio */
-            if (!BIO_dgram_is_sctp(SSL_get_rbio(s)))
-#endif
-            {
-                /*
-                 * Check whether this is a repeat, or aged record. We did this
-                 * check once already when we first received the record - but
-                 * we might have updated the window since then due to
-                 * records we subsequently processed.
-                 */
-                replayok = dtls1_record_replay_check(s, bitmap);
-            }
-
-            if (!replayok || !dtls1_process_record(s, bitmap)) {
-                /* dump this record */
-                rr->length = 0;
-                s->packet_length = 0;
-                continue;
-            }
-
-            if (dtls1_buffer_record(s, &(s->d1->processed_rcds),
-                                    s->s3->rrec.seq_num) < 0)
-                return 0;
-        }
-    }
-
-    /*
-     * sync epoch numbers once all the unprocessed records have been
-     * processed
-     */
-    s->d1->processed_rcds.epoch = s->d1->r_epoch;
-    s->d1->unprocessed_rcds.epoch = s->d1->r_epoch + 1;
-
-    return 1;
-}
-
-#if 0
-
-static int dtls1_get_buffered_record(SSL *s)
-{
-    pitem *item;
-    PQ_64BIT priority =
-        (((PQ_64BIT) s->d1->handshake_read_seq) << 32) |
-        ((PQ_64BIT) s->d1->r_msg_hdr.frag_off);
-
-    /* if we're not (re)negotiating, nothing buffered */
-    if (!SSL_in_init(s))
-        return 0;
-
-    item = pqueue_peek(s->d1->rcvd_records);
-    if (item && item->priority == priority) {
-        /*
-         * Check if we've received the record of interest.  It must be a
-         * handshake record, since data records as passed up without
-         * buffering
-         */
-        DTLS1_RECORD_DATA *rdata;
-        item = pqueue_pop(s->d1->rcvd_records);
-        rdata = (DTLS1_RECORD_DATA *)item->data;
-
-        if (s->s3->rbuf.buf != NULL)
-            OPENSSL_free(s->s3->rbuf.buf);
-
-        s->packet = rdata->packet;
-        s->packet_length = rdata->packet_length;
-        memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
-        memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
-
-        OPENSSL_free(item->data);
-        pitem_free(item);
-
-        /* s->d1->next_expected_seq_num++; */
-        return (1);
-    }
-
-    return 0;
-}
-
-#endif
-
-static int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
-{
-    int i, al;
-    int enc_err;
-    SSL_SESSION *sess;
-    SSL3_RECORD *rr;
-    unsigned int mac_size, orig_len;
-    unsigned char md[EVP_MAX_MD_SIZE];
-
-    rr = &(s->s3->rrec);
-    sess = s->session;
-
-    /*
-     * At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
-     * and we have that many bytes in s->packet
-     */
-    rr->input = &(s->packet[DTLS1_RT_HEADER_LENGTH]);
-
-    /*
-     * ok, we can now read from 's->packet' data into 'rr' rr->input points
-     * at rr->length bytes, which need to be copied into rr->data by either
-     * the decryption or by the decompression When the data is 'copied' into
-     * the rr->data buffer, rr->input will be pointed at the new buffer
-     */
-
-    /*
-     * We now have - encrypted [ MAC [ compressed [ plain ] ] ] rr->length
-     * bytes of encrypted compressed stuff.
-     */
-
-    /* check is not needed I believe */
-    if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
-        al = SSL_AD_RECORD_OVERFLOW;
-        SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
-        goto f_err;
-    }
-
-    /* decrypt in place in 'rr->input' */
-    rr->data = rr->input;
-
-    enc_err = s->method->ssl3_enc->enc(s, 0);
-    /*-
-     * enc_err is:
-     *    0: (in non-constant time) if the record is publically invalid.
-     *    1: if the padding is valid
-     *   -1: if the padding is invalid
-     */
-    if (enc_err == 0) {
-        /* For DTLS we simply ignore bad packets. */
-        rr->length = 0;
-        s->packet_length = 0;
-        goto err;
-    }
-#ifdef TLS_DEBUG
-    printf("dec %d\n", rr->length);
-    {
-        unsigned int z;
-        for (z = 0; z < rr->length; z++)
-            printf("%02X%c", rr->data[z], ((z + 1) % 16) ? ' ' : '\n');
-    }
-    printf("\n");
-#endif
-
-    /* r->length is now the compressed data plus mac */
-    if ((sess != NULL) &&
-        (s->enc_read_ctx != NULL) && (EVP_MD_CTX_md(s->read_hash) != NULL)) {
-        /* s->read_hash != NULL => mac_size != -1 */
-        unsigned char *mac = NULL;
-        unsigned char mac_tmp[EVP_MAX_MD_SIZE];
-        mac_size = EVP_MD_CTX_size(s->read_hash);
-        OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
-
-        /*
-         * kludge: *_cbc_remove_padding passes padding length in rr->type
-         */
-        orig_len = rr->length + ((unsigned int)rr->type >> 8);
-
-        /*
-         * orig_len is the length of the record before any padding was
-         * removed. This is public information, as is the MAC in use,
-         * therefore we can safely process the record in a different amount
-         * of time if it's too short to possibly contain a MAC.
-         */
-        if (orig_len < mac_size ||
-            /* CBC records must have a padding length byte too. */
-            (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
-             orig_len < mac_size + 1)) {
-            al = SSL_AD_DECODE_ERROR;
-            SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_LENGTH_TOO_SHORT);
-            goto f_err;
-        }
-
-        if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) {
-            /*
-             * We update the length so that the TLS header bytes can be
-             * constructed correctly but we need to extract the MAC in
-             * constant time from within the record, without leaking the
-             * contents of the padding bytes.
-             */
-            mac = mac_tmp;
-            ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);
-            rr->length -= mac_size;
-        } else {
-            /*
-             * In this case there's no padding, so |orig_len| equals
-             * |rec->length| and we checked that there's enough bytes for
-             * |mac_size| above.
-             */
-            rr->length -= mac_size;
-            mac = &rr->data[rr->length];
-        }
-
-        i = s->method->ssl3_enc->mac(s, md, 0 /* not send */ );
-        if (i < 0 || mac == NULL
-            || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)
-            enc_err = -1;
-        if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size)
-            enc_err = -1;
-    }
-
-    if (enc_err < 0) {
-        /* decryption failed, silently discard message */
-        rr->length = 0;
-        s->packet_length = 0;
-        goto err;
-    }
-
-    /* r->length is now just compressed */
-    if (s->expand != NULL) {
-        if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) {
-            al = SSL_AD_RECORD_OVERFLOW;
-            SSLerr(SSL_F_DTLS1_PROCESS_RECORD,
-                   SSL_R_COMPRESSED_LENGTH_TOO_LONG);
-            goto f_err;
-        }
-        if (!ssl3_do_uncompress(s)) {
-            al = SSL_AD_DECOMPRESSION_FAILURE;
-            SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_BAD_DECOMPRESSION);
-            goto f_err;
-        }
-    }
-
-    if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) {
-        al = SSL_AD_RECORD_OVERFLOW;
-        SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_DATA_LENGTH_TOO_LONG);
-        goto f_err;
-    }
-
-    rr->off = 0;
-    /*-
-     * So at this point the following is true
-     * ssl->s3->rrec.type   is the type of record
-     * ssl->s3->rrec.length == number of bytes in record
-     * ssl->s3->rrec.off    == offset to first valid byte
-     * ssl->s3->rrec.data   == where to take bytes from, increment
-     *                         after use :-).
-     */
-
-    /* we have pulled in a full packet so zero things */
-    s->packet_length = 0;
-
-    /* Mark receipt of record. */
-    dtls1_record_bitmap_update(s, bitmap);
-
-    return (1);
-
- f_err:
-    ssl3_send_alert(s, SSL3_AL_FATAL, al);
- err:
-    return (0);
-}
-
-/*-
- * Call this to get a new input record.
- * It will return <= 0 if more data is needed, normally due to an error
- * or non-blocking IO.
- * When it finishes, one packet has been decoded and can be found in
- * ssl->s3->rrec.type    - is the type of record
- * ssl->s3->rrec.data,   - data
- * ssl->s3->rrec.length, - number of bytes
- */
-/* used only by dtls1_read_bytes */
-int dtls1_get_record(SSL *s)
-{
-    int ssl_major, ssl_minor;
-    int i, n;
-    SSL3_RECORD *rr;
-    unsigned char *p = NULL;
-    unsigned short version;
-    DTLS1_BITMAP *bitmap;
-    unsigned int is_next_epoch;
-
-    rr = &(s->s3->rrec);
-
- again:
-    /*
-     * The epoch may have changed.  If so, process all the pending records.
-     * This is a non-blocking operation.
-     */
-    if (!dtls1_process_buffered_records(s))
-        return -1;
-
-    /* if we're renegotiating, then there may be buffered records */
-    if (dtls1_get_processed_record(s))
-        return 1;
-
-    /* get something from the wire */
-    /* check if we have the header */
-    if ((s->rstate != SSL_ST_READ_BODY) ||
-        (s->packet_length < DTLS1_RT_HEADER_LENGTH)) {
-        n = ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
-        /* read timeout is handled by dtls1_read_bytes */
-        if (n <= 0)
-            return (n);         /* error or non-blocking */
-
-        /* this packet contained a partial record, dump it */
-        if (s->packet_length != DTLS1_RT_HEADER_LENGTH) {
-            s->packet_length = 0;
-            goto again;
-        }
-
-        s->rstate = SSL_ST_READ_BODY;
-
-        p = s->packet;
-
-        if (s->msg_callback)
-            s->msg_callback(0, 0, SSL3_RT_HEADER, p, DTLS1_RT_HEADER_LENGTH,
-                            s, s->msg_callback_arg);
-
-        /* Pull apart the header into the DTLS1_RECORD */
-        rr->type = *(p++);
-        ssl_major = *(p++);
-        ssl_minor = *(p++);
-        version = (ssl_major << 8) | ssl_minor;
-
-        /* sequence number is 64 bits, with top 2 bytes = epoch */
-        n2s(p, rr->epoch);
-
-        memcpy(&(s->s3->read_sequence[2]), p, 6);
-        p += 6;
-
-        n2s(p, rr->length);
-
-        /*
-         * Lets check the version. We tolerate alerts that don't have the exact
-         * version number (e.g. because of protocol version errors)
-         */
-        if (!s->first_packet && rr->type != SSL3_RT_ALERT) {
-            if (version != s->version) {
-                /* unexpected version, silently discard */
-                rr->length = 0;
-                s->packet_length = 0;
-                goto again;
-            }
-        }
-
-        if ((version & 0xff00) != (s->version & 0xff00)) {
-            /* wrong version, silently discard record */
-            rr->length = 0;
-            s->packet_length = 0;
-            goto again;
-        }
-
-        if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
-            /* record too long, silently discard it */
-            rr->length = 0;
-            s->packet_length = 0;
-            goto again;
-        }
-
-        /* now s->rstate == SSL_ST_READ_BODY */
-    }
-
-    /* s->rstate == SSL_ST_READ_BODY, get and decode the data */
-
-    if (rr->length > s->packet_length - DTLS1_RT_HEADER_LENGTH) {
-        /* now s->packet_length == DTLS1_RT_HEADER_LENGTH */
-        i = rr->length;
-        n = ssl3_read_n(s, i, i, 1);
-        /* this packet contained a partial record, dump it */
-        if (n != i) {
-            rr->length = 0;
-            s->packet_length = 0;
-            goto again;
-        }
-
-        /*
-         * now n == rr->length, and s->packet_length ==
-         * DTLS1_RT_HEADER_LENGTH + rr->length
-         */
-    }
-    s->rstate = SSL_ST_READ_HEADER; /* set state for later operations */
-
-    /* match epochs.  NULL means the packet is dropped on the floor */
-    bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);
-    if (bitmap == NULL) {
-        rr->length = 0;
-        s->packet_length = 0;   /* dump this record */
-        goto again;             /* get another record */
-    }
-#ifndef OPENSSL_NO_SCTP
-    /* Only do replay check if no SCTP bio */
-    if (!BIO_dgram_is_sctp(SSL_get_rbio(s))) {
-#endif
-        /*
-         * Check whether this is a repeat, or aged record. Don't check if
-         * we're listening and this message is a ClientHello. They can look
-         * as if they're replayed, since they arrive from different
-         * connections and would be dropped unnecessarily.
-         */
-        if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&
-              s->packet_length > DTLS1_RT_HEADER_LENGTH &&
-              s->packet[DTLS1_RT_HEADER_LENGTH] == SSL3_MT_CLIENT_HELLO) &&
-            !dtls1_record_replay_check(s, bitmap)) {
-            rr->length = 0;
-            s->packet_length = 0; /* dump this record */
-            goto again;         /* get another record */
-        }
-#ifndef OPENSSL_NO_SCTP
-    }
-#endif
-
-    /* just read a 0 length packet */
-    if (rr->length == 0)
-        goto again;
-
-    /*
-     * If this record is from the next epoch (either HM or ALERT), and a
-     * handshake is currently in progress, buffer it since it cannot be
-     * processed at this time. However, do not buffer anything while
-     * listening.
-     */
-    if (is_next_epoch) {
-        if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen) {
-            if (dtls1_buffer_record
-                (s, &(s->d1->unprocessed_rcds), rr->seq_num) < 0)
-                return -1;
-        }
-        rr->length = 0;
-        s->packet_length = 0;
-        goto again;
-    }
-
-    if (!dtls1_process_record(s, bitmap)) {
-        rr->length = 0;
-        s->packet_length = 0;   /* dump this record */
-        goto again;             /* get another record */
-    }
-
-    return (1);
-
-}
-
-/*-
- * Return up to 'len' payload bytes received in 'type' records.
- * 'type' is one of the following:
- *
- *   -  SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)
- *   -  SSL3_RT_APPLICATION_DATA (when ssl3_read calls us)
- *   -  0 (during a shutdown, no data has to be returned)
- *
- * If we don't have stored data to work from, read a SSL/TLS record first
- * (possibly multiple records if we still don't have anything to return).
- *
- * This function must handle any surprises the peer may have for us, such as
- * Alert records (e.g. close_notify), ChangeCipherSpec records (not really
- * a surprise, but handled as if it were), or renegotiation requests.
- * Also if record payloads contain fragments too small to process, we store
- * them until there is enough for the respective protocol (the record protocol
- * may use arbitrary fragmentation and even interleaving):
- *     Change cipher spec protocol
- *             just 1 byte needed, no need for keeping anything stored
- *     Alert protocol
- *             2 bytes needed (AlertLevel, AlertDescription)
- *     Handshake protocol
- *             4 bytes needed (HandshakeType, uint24 length) -- we just have
- *             to detect unexpected Client Hello and Hello Request messages
- *             here, anything else is handled by higher layers
- *     Application data protocol
- *             none of our business
- */
-int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
-{
-    int al, i, j, ret;
-    unsigned int n;
-    SSL3_RECORD *rr;
-    void (*cb) (const SSL *ssl, int type2, int val) = NULL;
-
-    if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
-        if (!ssl3_setup_buffers(s))
-            return (-1);
-
-    /* XXX: check what the second '&& type' is about */
-    if ((type && (type != SSL3_RT_APPLICATION_DATA) &&
-         (type != SSL3_RT_HANDSHAKE) && type) ||
-        (peek && (type != SSL3_RT_APPLICATION_DATA))) {
-        SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
-        return -1;
-    }
-
-    /*
-     * check whether there's a handshake message (client hello?) waiting
-     */
-    if ((ret = have_handshake_fragment(s, type, buf, len, peek)))
-        return ret;
-
-    /*
-     * Now s->d1->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE.
-     */
-
-#ifndef OPENSSL_NO_SCTP
-    /*
-     * Continue handshake if it had to be interrupted to read app data with
-     * SCTP.
-     */
-    if ((!s->in_handshake && SSL_in_init(s)) ||
-        (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
-         (s->state == DTLS1_SCTP_ST_SR_READ_SOCK
-          || s->state == DTLS1_SCTP_ST_CR_READ_SOCK)
-         && s->s3->in_read_app_data != 2))
-#else
-    if (!s->in_handshake && SSL_in_init(s))
-#endif
-    {
-        /* type == SSL3_RT_APPLICATION_DATA */
-        i = s->handshake_func(s);
-        if (i < 0)
-            return (i);
-        if (i == 0) {
-            SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
-            return (-1);
-        }
-    }
-
- start:
-    s->rwstate = SSL_NOTHING;
-
-    /*-
-     * s->s3->rrec.type         - is the type of record
-     * s->s3->rrec.data,    - data
-     * s->s3->rrec.off,     - offset into 'data' for next read
-     * s->s3->rrec.length,  - number of bytes.
-     */
-    rr = &(s->s3->rrec);
-
-    /*
-     * We are not handshaking and have no data yet, so process data buffered
-     * during the last handshake in advance, if any.
-     */
-    if (s->state == SSL_ST_OK && rr->length == 0) {
-        pitem *item;
-        item = pqueue_pop(s->d1->buffered_app_data.q);
-        if (item) {
-#ifndef OPENSSL_NO_SCTP
-            /* Restore bio_dgram_sctp_rcvinfo struct */
-            if (BIO_dgram_is_sctp(SSL_get_rbio(s))) {
-                DTLS1_RECORD_DATA *rdata = (DTLS1_RECORD_DATA *)item->data;
-                BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_SET_RCVINFO,
-                         sizeof(rdata->recordinfo), &rdata->recordinfo);
-            }
-#endif
-
-            dtls1_copy_record(s, item);
-
-            OPENSSL_free(item->data);
-            pitem_free(item);
-        }
-    }
-
-    /* Check for timeout */
-    if (dtls1_handle_timeout(s) > 0)
-        goto start;
-
-    /* get new packet if necessary */
-    if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) {
-        ret = dtls1_get_record(s);
-        if (ret <= 0) {
-            ret = dtls1_read_failed(s, ret);
-            /* anything other than a timeout is an error */
-            if (ret <= 0)
-                return (ret);
-            else
-                goto start;
-        }
-    }
-
-    if (s->d1->listen && rr->type != SSL3_RT_HANDSHAKE) {
-        rr->length = 0;
-        goto start;
-    }
-
-    /*
-     * Reset the count of consecutive warning alerts if we've got a non-empty
-     * record that isn't an alert.
-     */
-    if (rr->type != SSL3_RT_ALERT && rr->length != 0)
-        s->cert->alert_count = 0;
-
-    /* we now have a packet which can be read and processed */
-
-    if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
-                                   * reset by ssl3_get_finished */
-        && (rr->type != SSL3_RT_HANDSHAKE)) {
-        /*
-         * We now have application data between CCS and Finished. Most likely
-         * the packets were reordered on their way, so buffer the application
-         * data for later processing rather than dropping the connection.
-         */
-        if (dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num) <
-            0) {
-            SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
-            return -1;
-        }
-        rr->length = 0;
-        goto start;
-    }
-
-    /*
-     * If the other end has shut down, throw anything we read away (even in
-     * 'peek' mode)
-     */
-    if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
-        rr->length = 0;
-        s->rwstate = SSL_NOTHING;
-        return (0);
-    }
-
-    if (type == rr->type) {     /* SSL3_RT_APPLICATION_DATA or
-                                 * SSL3_RT_HANDSHAKE */
-        /*
-         * make sure that we are not getting application data when we are
-         * doing a handshake for the first time
-         */
-        if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
-            (s->enc_read_ctx == NULL)) {
-            al = SSL_AD_UNEXPECTED_MESSAGE;
-            SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_APP_DATA_IN_HANDSHAKE);
-            goto f_err;
-        }
-
-        if (len <= 0)
-            return (len);
-
-        if ((unsigned int)len > rr->length)
-            n = rr->length;
-        else
-            n = (unsigned int)len;
-
-        memcpy(buf, &(rr->data[rr->off]), n);
-        if (!peek) {
-            rr->length -= n;
-            rr->off += n;
-            if (rr->length == 0) {
-                s->rstate = SSL_ST_READ_HEADER;
-                rr->off = 0;
-            }
-        }
-#ifndef OPENSSL_NO_SCTP
-        /*
-         * We were about to renegotiate but had to read belated application
-         * data first, so retry.
-         */
-        if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
-            rr->type == SSL3_RT_APPLICATION_DATA &&
-            (s->state == DTLS1_SCTP_ST_SR_READ_SOCK
-             || s->state == DTLS1_SCTP_ST_CR_READ_SOCK)) {
-            s->rwstate = SSL_READING;
-            BIO_clear_retry_flags(SSL_get_rbio(s));
-            BIO_set_retry_read(SSL_get_rbio(s));
-        }
-
-        /*
-         * We might had to delay a close_notify alert because of reordered
-         * app data. If there was an alert and there is no message to read
-         * anymore, finally set shutdown.
-         */
-        if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
-            s->d1->shutdown_received
-            && !BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
-            s->shutdown |= SSL_RECEIVED_SHUTDOWN;
-            return (0);
-        }
-#endif
-        return (n);
-    }
-
-    /*
-     * If we get here, then type != rr->type; if we have a handshake message,
-     * then it was unexpected (Hello Request or Client Hello).
-     */
-
-    /*
-     * In case of record types for which we have 'fragment' storage, fill
-     * that so that we can process the data at a fixed place.
-     */
-    {
-        unsigned int k, dest_maxlen = 0;
-        unsigned char *dest = NULL;
-        unsigned int *dest_len = NULL;
-
-        if (rr->type == SSL3_RT_HANDSHAKE) {
-            dest_maxlen = sizeof(s->d1->handshake_fragment);
-            dest = s->d1->handshake_fragment;
-            dest_len = &s->d1->handshake_fragment_len;
-        } else if (rr->type == SSL3_RT_ALERT) {
-            dest_maxlen = sizeof(s->d1->alert_fragment);
-            dest = s->d1->alert_fragment;
-            dest_len = &s->d1->alert_fragment_len;
-        }
-#ifndef OPENSSL_NO_HEARTBEATS
-        else if (rr->type == TLS1_RT_HEARTBEAT) {
-            dtls1_process_heartbeat(s);
-
-            /* Exit and notify application to read again */
-            rr->length = 0;
-            s->rwstate = SSL_READING;
-            BIO_clear_retry_flags(SSL_get_rbio(s));
-            BIO_set_retry_read(SSL_get_rbio(s));
-            return (-1);
-        }
-#endif
-        /* else it's a CCS message, or application data or wrong */
-        else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC) {
-            /*
-             * Application data while renegotiating is allowed. Try again
-             * reading.
-             */
-            if (rr->type == SSL3_RT_APPLICATION_DATA) {
-                BIO *bio;
-                s->s3->in_read_app_data = 2;
-                bio = SSL_get_rbio(s);
-                s->rwstate = SSL_READING;
-                BIO_clear_retry_flags(bio);
-                BIO_set_retry_read(bio);
-                return (-1);
-            }
-
-            /* Not certain if this is the right error handling */
-            al = SSL_AD_UNEXPECTED_MESSAGE;
-            SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
-            goto f_err;
-        }
-
-        if (dest_maxlen > 0) {
-            /*
-             * XDTLS: In a pathalogical case, the Client Hello may be
-             * fragmented--don't always expect dest_maxlen bytes
-             */
-            if (rr->length < dest_maxlen) {
-#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
-                /*
-                 * for normal alerts rr->length is 2, while
-                 * dest_maxlen is 7 if we were to handle this
-                 * non-existing alert...
-                 */
-                FIX ME
-#endif
-                 s->rstate = SSL_ST_READ_HEADER;
-                rr->length = 0;
-                goto start;
-            }
-
-            /* now move 'n' bytes: */
-            for (k = 0; k < dest_maxlen; k++) {
-                dest[k] = rr->data[rr->off++];
-                rr->length--;
-            }
-            *dest_len = dest_maxlen;
-        }
-    }
-
-    /*-
-     * s->d1->handshake_fragment_len == 12  iff  rr->type == SSL3_RT_HANDSHAKE;
-     * s->d1->alert_fragment_len == 7      iff  rr->type == SSL3_RT_ALERT.
-     * (Possibly rr is 'empty' now, i.e. rr->length may be 0.)
-     */
-
-    /* If we are a client, check for an incoming 'Hello Request': */
-    if ((!s->server) &&
-        (s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) &&
-        (s->d1->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&
-        (s->session != NULL) && (s->session->cipher != NULL)) {
-        s->d1->handshake_fragment_len = 0;
-
-        if ((s->d1->handshake_fragment[1] != 0) ||
-            (s->d1->handshake_fragment[2] != 0) ||
-            (s->d1->handshake_fragment[3] != 0)) {
-            al = SSL_AD_DECODE_ERROR;
-            SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_BAD_HELLO_REQUEST);
-            goto f_err;
-        }
-
-        /*
-         * no need to check sequence number on HELLO REQUEST messages
-         */
-
-        if (s->msg_callback)
-            s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
-                            s->d1->handshake_fragment, 4, s,
-                            s->msg_callback_arg);
-
-        if (SSL_is_init_finished(s) &&
-            !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
-            !s->s3->renegotiate) {
-            s->d1->handshake_read_seq++;
-            s->new_session = 1;
-            ssl3_renegotiate(s);
-            if (ssl3_renegotiate_check(s)) {
-                i = s->handshake_func(s);
-                if (i < 0)
-                    return (i);
-                if (i == 0) {
-                    SSLerr(SSL_F_DTLS1_READ_BYTES,
-                           SSL_R_SSL_HANDSHAKE_FAILURE);
-                    return (-1);
-                }
-
-                if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
-                    if (s->s3->rbuf.left == 0) { /* no read-ahead left? */
-                        BIO *bio;
-                        /*
-                         * In the case where we try to read application data,
-                         * but we trigger an SSL handshake, we return -1 with
-                         * the retry option set.  Otherwise renegotiation may
-                         * cause nasty problems in the blocking world
-                         */
-                        s->rwstate = SSL_READING;
-                        bio = SSL_get_rbio(s);
-                        BIO_clear_retry_flags(bio);
-                        BIO_set_retry_read(bio);
-                        return (-1);
-                    }
-                }
-            }
-        }
-        /*
-         * we either finished a handshake or ignored the request, now try
-         * again to obtain the (application) data we were asked for
-         */
-        goto start;
-    }
-
-    /*
-     * If we are a server and get a client hello when renegotiation isn't
-     * allowed send back a no renegotiation alert and carry on.
-     */
-    if (s->server
-            && SSL_is_init_finished(s)
-            && !s->s3->send_connection_binding
-            && s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH
-            && s->d1->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO
-            && s->s3->previous_client_finished_len != 0
-            && (s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) == 0) {
-        s->d1->handshake_fragment_len = 0;
-        rr->length = 0;
-        ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
-        goto start;
-    }
-
-
-    if (s->d1->alert_fragment_len >= DTLS1_AL_HEADER_LENGTH) {
-        int alert_level = s->d1->alert_fragment[0];
-        int alert_descr = s->d1->alert_fragment[1];
-
-        s->d1->alert_fragment_len = 0;
-
-        if (s->msg_callback)
-            s->msg_callback(0, s->version, SSL3_RT_ALERT,
-                            s->d1->alert_fragment, 2, s, s->msg_callback_arg);
-
-        if (s->info_callback != NULL)
-            cb = s->info_callback;
-        else if (s->ctx->info_callback != NULL)
-            cb = s->ctx->info_callback;
-
-        if (cb != NULL) {
-            j = (alert_level << 8) | alert_descr;
-            cb(s, SSL_CB_READ_ALERT, j);
-        }
-
-        if (alert_level == SSL3_AL_WARNING) {
-            s->s3->warn_alert = alert_descr;
-
-            s->cert->alert_count++;
-            if (s->cert->alert_count == MAX_WARN_ALERT_COUNT) {
-                al = SSL_AD_UNEXPECTED_MESSAGE;
-                SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_TOO_MANY_WARN_ALERTS);
-                goto f_err;
-            }
-
-            if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
-#ifndef OPENSSL_NO_SCTP
-                /*
-                 * With SCTP and streams the socket may deliver app data
-                 * after a close_notify alert. We have to check this first so
-                 * that nothing gets discarded.
-                 */
-                if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
-                    BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
-                    s->d1->shutdown_received = 1;
-                    s->rwstate = SSL_READING;
-                    BIO_clear_retry_flags(SSL_get_rbio(s));
-                    BIO_set_retry_read(SSL_get_rbio(s));
-                    return -1;
-                }
-#endif
-                s->shutdown |= SSL_RECEIVED_SHUTDOWN;
-                return (0);
-            }
-#if 0
-            /* XXX: this is a possible improvement in the future */
-            /* now check if it's a missing record */
-            if (alert_descr == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) {
-                unsigned short seq;
-                unsigned int frag_off;
-                unsigned char *p = &(s->d1->alert_fragment[2]);
-
-                n2s(p, seq);
-                n2l3(p, frag_off);
-
-                dtls1_retransmit_message(s,
-                                         dtls1_get_queue_priority
-                                         (frag->msg_header.seq, 0), frag_off,
-                                         &found);
-                if (!found && SSL_in_init(s)) {
-                    /*
-                     * fprintf( stderr,"in init = %d\n", SSL_in_init(s));
-                     */
-                    /*
-                     * requested a message not yet sent, send an alert
-                     * ourselves
-                     */
-                    ssl3_send_alert(s, SSL3_AL_WARNING,
-                                    DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
-                }
-            }
-#endif
-        } else if (alert_level == SSL3_AL_FATAL) {
-            char tmp[16];
-
-            s->rwstate = SSL_NOTHING;
-            s->s3->fatal_alert = alert_descr;
-            SSLerr(SSL_F_DTLS1_READ_BYTES,
-                   SSL_AD_REASON_OFFSET + alert_descr);
-            BIO_snprintf(tmp, sizeof(tmp), "%d", alert_descr);
-            ERR_add_error_data(2, "SSL alert number ", tmp);
-            s->shutdown |= SSL_RECEIVED_SHUTDOWN;
-            SSL_CTX_remove_session(s->session_ctx, s->session);
-            return (0);
-        } else {
-            al = SSL_AD_ILLEGAL_PARAMETER;
-            SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE);
-            goto f_err;
-        }
-
-        goto start;
-    }
-
-    if (s->shutdown & SSL_SENT_SHUTDOWN) { /* but we have not received a
-                                            * shutdown */
-        s->rwstate = SSL_NOTHING;
-        rr->length = 0;
-        return (0);
-    }
-
-    if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) {
-        struct ccs_header_st ccs_hdr;
-        unsigned int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH;
-
-        dtls1_get_ccs_header(rr->data, &ccs_hdr);
-
-        if (s->version == DTLS1_BAD_VER)
-            ccs_hdr_len = 3;
-
-        /*
-         * 'Change Cipher Spec' is just a single byte, so we know exactly
-         * what the record payload has to look like
-         */
-        /* XDTLS: check that epoch is consistent */
-        if ((rr->length != ccs_hdr_len) ||
-            (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) {
-            al = SSL_AD_ILLEGAL_PARAMETER;
-            SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_BAD_CHANGE_CIPHER_SPEC);
-            goto f_err;
-        }
-
-        rr->length = 0;
-
-        if (s->msg_callback)
-            s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC,
-                            rr->data, 1, s, s->msg_callback_arg);
-
-        /*
-         * We can't process a CCS now, because previous handshake messages
-         * are still missing, so just drop it.
-         */
-        if (!s->d1->change_cipher_spec_ok) {
-            goto start;
-        }
-
-        s->d1->change_cipher_spec_ok = 0;
-
-        s->s3->change_cipher_spec = 1;
-        if (!ssl3_do_change_cipher_spec(s))
-            goto err;
-
-        /* do this whenever CCS is processed */
-        dtls1_reset_seq_numbers(s, SSL3_CC_READ);
-
-        if (s->version == DTLS1_BAD_VER)
-            s->d1->handshake_read_seq++;
-
-#ifndef OPENSSL_NO_SCTP
-        /*
-         * Remember that a CCS has been received, so that an old key of
-         * SCTP-Auth can be deleted when a CCS is sent. Will be ignored if no
-         * SCTP is used
-         */
-        BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD, 1, NULL);
-#endif
-
-        goto start;
-    }
-
-    /*
-     * Unexpected handshake message (Client Hello, or protocol violation)
-     */
-    if ((s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) &&
-        !s->in_handshake) {
-        struct hm_header_st msg_hdr;
-
-        /* this may just be a stale retransmit */
-        dtls1_get_message_header(rr->data, &msg_hdr);
-        if (rr->epoch != s->d1->r_epoch) {
-            rr->length = 0;
-            goto start;
-        }
-
-        /*
-         * If we are server, we may have a repeated FINISHED of the client
-         * here, then retransmit our CCS and FINISHED.
-         */
-        if (msg_hdr.type == SSL3_MT_FINISHED) {
-            if (dtls1_check_timeout_num(s) < 0)
-                return -1;
-
-            dtls1_retransmit_buffered_messages(s);
-            rr->length = 0;
-            goto start;
-        }
-
-        if (((s->state & SSL_ST_MASK) == SSL_ST_OK) &&
-            !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) {
-#if 0                           /* worked only because C operator preferences
-                                 * are not as expected (and because this is
-                                 * not really needed for clients except for
-                                 * detecting protocol violations): */
-            s->state = SSL_ST_BEFORE | (s->server)
-                ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
-#else
-            s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
-#endif
-            s->renegotiate = 1;
-            s->new_session = 1;
-        }
-        i = s->handshake_func(s);
-        if (i < 0)
-            return (i);
-        if (i == 0) {
-            SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
-            return (-1);
-        }
-
-        if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
-            if (s->s3->rbuf.left == 0) { /* no read-ahead left? */
-                BIO *bio;
-                /*
-                 * In the case where we try to read application data, but we
-                 * trigger an SSL handshake, we return -1 with the retry
-                 * option set.  Otherwise renegotiation may cause nasty
-                 * problems in the blocking world
-                 */
-                s->rwstate = SSL_READING;
-                bio = SSL_get_rbio(s);
-                BIO_clear_retry_flags(bio);
-                BIO_set_retry_read(bio);
-                return (-1);
-            }
-        }
-        goto start;
-    }
-
-    switch (rr->type) {
-    default:
-#ifndef OPENSSL_NO_TLS
-        /* TLS just ignores unknown message types */
-        if (s->version == TLS1_VERSION) {
-            rr->length = 0;
-            goto start;
-        }
-#endif
-        al = SSL_AD_UNEXPECTED_MESSAGE;
-        SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
-        goto f_err;
-    case SSL3_RT_CHANGE_CIPHER_SPEC:
-    case SSL3_RT_ALERT:
-    case SSL3_RT_HANDSHAKE:
-        /*
-         * we already handled all of these, with the possible exception of
-         * SSL3_RT_HANDSHAKE when s->in_handshake is set, but that should not
-         * happen when type != rr->type
-         */
-        al = SSL_AD_UNEXPECTED_MESSAGE;
-        SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
-        goto f_err;
-    case SSL3_RT_APPLICATION_DATA:
-        /*
-         * At this point, we were expecting handshake data, but have
-         * application data.  If the library was running inside ssl3_read()
-         * (i.e. in_read_app_data is set) and it makes sense to read
-         * application data at this point (session renegotiation not yet
-         * started), we will indulge it.
-         */
-        if (s->s3->in_read_app_data &&
-            (s->s3->total_renegotiations != 0) &&
-            (((s->state & SSL_ST_CONNECT) &&
-              (s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
-              (s->state <= SSL3_ST_CR_SRVR_HELLO_A)
-             ) || ((s->state & SSL_ST_ACCEPT) &&
-                   (s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
-                   (s->state >= SSL3_ST_SR_CLNT_HELLO_A)
-             )
-            )) {
-            s->s3->in_read_app_data = 2;
-            return (-1);
-        } else {
-            al = SSL_AD_UNEXPECTED_MESSAGE;
-            SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
-            goto f_err;
-        }
-    }
-    /* not reached */
-
- f_err:
-    ssl3_send_alert(s, SSL3_AL_FATAL, al);
- err:
-    return (-1);
-}
-
-int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len)
-{
-    int i;
-
-#ifndef OPENSSL_NO_SCTP
-    /*
-     * Check if we have to continue an interrupted handshake for reading
-     * belated app data with SCTP.
-     */
-    if ((SSL_in_init(s) && !s->in_handshake) ||
-        (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
-         (s->state == DTLS1_SCTP_ST_SR_READ_SOCK
-          || s->state == DTLS1_SCTP_ST_CR_READ_SOCK)))
-#else
-    if (SSL_in_init(s) && !s->in_handshake)
-#endif
-    {
-        i = s->handshake_func(s);
-        if (i < 0)
-            return (i);
-        if (i == 0) {
-            SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES,
-                   SSL_R_SSL_HANDSHAKE_FAILURE);
-            return -1;
-        }
-    }
-
-    if (len > SSL3_RT_MAX_PLAIN_LENGTH) {
-        SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES, SSL_R_DTLS_MESSAGE_TOO_BIG);
-        return -1;
-    }
-
-    i = dtls1_write_bytes(s, type, buf_, len);
-    return i;
-}
-
-        /*
-         * this only happens when a client hello is received and a handshake
-         * is started.
-         */
-static int
-have_handshake_fragment(SSL *s, int type, unsigned char *buf,
-                        int len, int peek)
-{
-
-    if ((type == SSL3_RT_HANDSHAKE) && (s->d1->handshake_fragment_len > 0))
-        /* (partially) satisfy request from storage */
-    {
-        unsigned char *src = s->d1->handshake_fragment;
-        unsigned char *dst = buf;
-        unsigned int k, n;
-
-        /* peek == 0 */
-        n = 0;
-        while ((len > 0) && (s->d1->handshake_fragment_len > 0)) {
-            *dst++ = *src++;
-            len--;
-            s->d1->handshake_fragment_len--;
-            n++;
-        }
-        /* move any remaining fragment bytes: */
-        for (k = 0; k < s->d1->handshake_fragment_len; k++)
-            s->d1->handshake_fragment[k] = *src++;
-        return n;
-    }
-
-    return 0;
-}
-
-/*
- * Call this to write data in records of type 'type' It will return <= 0 if
- * not all data has been sent or non-blocking IO.
- */
-int dtls1_write_bytes(SSL *s, int type, const void *buf, int len)
-{
-    int i;
-
-    OPENSSL_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH);
-    s->rwstate = SSL_NOTHING;
-    i = do_dtls1_write(s, type, buf, len, 0);
-    return i;
-}
-
-int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
-                   unsigned int len, int create_empty_fragment)
-{
-    unsigned char *p, *pseq;
-    int i, mac_size, clear = 0;
-    int prefix_len = 0;
-    int eivlen;
-    SSL3_RECORD *wr;
-    SSL3_BUFFER *wb;
-    SSL_SESSION *sess;
-
-    /*
-     * first check if there is a SSL3_BUFFER still being written out.  This
-     * will happen with non blocking IO
-     */
-    if (s->s3->wbuf.left != 0) {
-        OPENSSL_assert(0);      /* XDTLS: want to see if we ever get here */
-        return (ssl3_write_pending(s, type, buf, len));
-    }
-
-    /* If we have an alert to send, lets send it */
-    if (s->s3->alert_dispatch) {
-        i = s->method->ssl_dispatch_alert(s);
-        if (i <= 0)
-            return (i);
-        /* if it went, fall through and send more stuff */
-    }
-
-    if (len == 0 && !create_empty_fragment)
-        return 0;
-
-    wr = &(s->s3->wrec);
-    wb = &(s->s3->wbuf);
-    sess = s->session;
-
-    if ((sess == NULL) ||
-        (s->enc_write_ctx == NULL) || (EVP_MD_CTX_md(s->write_hash) == NULL))
-        clear = 1;
-
-    if (clear)
-        mac_size = 0;
-    else {
-        mac_size = EVP_MD_CTX_size(s->write_hash);
-        if (mac_size < 0)
-            goto err;
-    }
-
-    /* DTLS implements explicit IV, so no need for empty fragments */
-#if 0
-    /*
-     * 'create_empty_fragment' is true only when this function calls itself
-     */
-    if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done
-        && SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER)
-    {
-        /*
-         * countermeasure against known-IV weakness in CBC ciphersuites (see
-         * http://www.openssl.org/~bodo/tls-cbc.txt)
-         */
-
-        if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA) {
-            /*
-             * recursive function call with 'create_empty_fragment' set; this
-             * prepares and buffers the data for an empty fragment (these
-             * 'prefix_len' bytes are sent out later together with the actual
-             * payload)
-             */
-            prefix_len = s->method->do_ssl_write(s, type, buf, 0, 1);
-            if (prefix_len <= 0)
-                goto err;
-
-            if (s->s3->wbuf.len <
-                (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE) {
-                /* insufficient space */
-                SSLerr(SSL_F_DO_DTLS1_WRITE, ERR_R_INTERNAL_ERROR);
-                goto err;
-            }
-        }
-
-        s->s3->empty_fragment_done = 1;
-    }
-#endif
-    p = wb->buf + prefix_len;
-
-    /* write the header */
-
-    *(p++) = type & 0xff;
-    wr->type = type;
-    /*
-     * Special case: for hello verify request, client version 1.0 and we
-     * haven't decided which version to use yet send back using version 1.0
-     * header: otherwise some clients will ignore it.
-     */
-    if (s->method->version == DTLS_ANY_VERSION) {
-        *(p++) = DTLS1_VERSION >> 8;
-        *(p++) = DTLS1_VERSION & 0xff;
-    } else {
-        *(p++) = s->version >> 8;
-        *(p++) = s->version & 0xff;
-    }
-
-    /* field where we are to write out packet epoch, seq num and len */
-    pseq = p;
-    p += 10;
-
-    /* Explicit IV length, block ciphers appropriate version flag */
-    if (s->enc_write_ctx) {
-        int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx);
-        if (mode == EVP_CIPH_CBC_MODE) {
-            eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx);
-            if (eivlen <= 1)
-                eivlen = 0;
-        }
-        /* Need explicit part of IV for GCM mode */
-        else if (mode == EVP_CIPH_GCM_MODE)
-            eivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN;
-        else
-            eivlen = 0;
-    } else
-        eivlen = 0;
-
-    /* lets setup the record stuff. */
-    wr->data = p + eivlen;      /* make room for IV in case of CBC */
-    wr->length = (int)len;
-    wr->input = (unsigned char *)buf;
-
-    /*
-     * we now 'read' from wr->input, wr->length bytes into wr->data
-     */
-
-    /* first we compress */
-    if (s->compress != NULL) {
-        if (!ssl3_do_compress(s)) {
-            SSLerr(SSL_F_DO_DTLS1_WRITE, SSL_R_COMPRESSION_FAILURE);
-            goto err;
-        }
-    } else {
-        memcpy(wr->data, wr->input, wr->length);
-        wr->input = wr->data;
-    }
-
-    /*
-     * we should still have the output to wr->data and the input from
-     * wr->input.  Length should be wr->length. wr->data still points in the
-     * wb->buf
-     */
-
-    if (mac_size != 0) {
-        if (s->method->ssl3_enc->mac(s, &(p[wr->length + eivlen]), 1) < 0)
-            goto err;
-        wr->length += mac_size;
-    }
-
-    /* this is true regardless of mac size */
-    wr->input = p;
-    wr->data = p;
-
-    if (eivlen)
-        wr->length += eivlen;
-
-    if (s->method->ssl3_enc->enc(s, 1) < 1)
-        goto err;
-
-    /* record length after mac and block padding */
-    /*
-     * if (type == SSL3_RT_APPLICATION_DATA || (type == SSL3_RT_ALERT && !
-     * SSL_in_init(s)))
-     */
-
-    /* there's only one epoch between handshake and app data */
-
-    s2n(s->d1->w_epoch, pseq);
-
-    /* XDTLS: ?? */
-    /*
-     * else s2n(s->d1->handshake_epoch, pseq);
-     */
-
-    memcpy(pseq, &(s->s3->write_sequence[2]), 6);
-    pseq += 6;
-    s2n(wr->length, pseq);
-
-    if (s->msg_callback)
-        s->msg_callback(1, 0, SSL3_RT_HEADER, pseq - DTLS1_RT_HEADER_LENGTH,
-                        DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg);
-
-    /*
-     * we should now have wr->data pointing to the encrypted data, which is
-     * wr->length long
-     */
-    wr->type = type;            /* not needed but helps for debugging */
-    wr->length += DTLS1_RT_HEADER_LENGTH;
-
-#if 0                           /* this is now done at the message layer */
-    /* buffer the record, making it easy to handle retransmits */
-    if (type == SSL3_RT_HANDSHAKE || type == SSL3_RT_CHANGE_CIPHER_SPEC)
-        dtls1_buffer_record(s, wr->data, wr->length,
-                            *((PQ_64BIT *) & (s->s3->write_sequence[0])));
-#endif
-
-    ssl3_record_sequence_update(&(s->s3->write_sequence[0]));
-
-    if (create_empty_fragment) {
-        /*
-         * we are in a recursive call; just return the length, don't write
-         * out anything here
-         */
-        return wr->length;
-    }
-
-    /* now let's set up wb */
-    wb->left = prefix_len + wr->length;
-    wb->offset = 0;
-
-    /*
-     * memorize arguments so that ssl3_write_pending can detect bad write
-     * retries later
-     */
-    s->s3->wpend_tot = len;
-    s->s3->wpend_buf = buf;
-    s->s3->wpend_type = type;
-    s->s3->wpend_ret = len;
-
-    /* we now just need to write the buffer */
-    return ssl3_write_pending(s, type, buf, len);
- err:
-    return -1;
-}
-
-static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap)
-{
-    int cmp;
-    unsigned int shift;
-    const unsigned char *seq = s->s3->read_sequence;
-
-    cmp = satsub64be(seq, bitmap->max_seq_num);
-    if (cmp > 0) {
-        memcpy(s->s3->rrec.seq_num, seq, 8);
-        return 1;               /* this record in new */
-    }
-    shift = -cmp;
-    if (shift >= sizeof(bitmap->map) * 8)
-        return 0;               /* stale, outside the window */
-    else if (bitmap->map & (1UL << shift))
-        return 0;               /* record previously received */
-
-    memcpy(s->s3->rrec.seq_num, seq, 8);
-    return 1;
-}
-
-static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap)
-{
-    int cmp;
-    unsigned int shift;
-    const unsigned char *seq = s->s3->read_sequence;
-
-    cmp = satsub64be(seq, bitmap->max_seq_num);
-    if (cmp > 0) {
-        shift = cmp;
-        if (shift < sizeof(bitmap->map) * 8)
-            bitmap->map <<= shift, bitmap->map |= 1UL;
-        else
-            bitmap->map = 1UL;
-        memcpy(bitmap->max_seq_num, seq, 8);
-    } else {
-        shift = -cmp;
-        if (shift < sizeof(bitmap->map) * 8)
-            bitmap->map |= 1UL << shift;
-    }
-}
-
-int dtls1_dispatch_alert(SSL *s)
-{
-    int i, j;
-    void (*cb) (const SSL *ssl, int type, int val) = NULL;
-    unsigned char buf[DTLS1_AL_HEADER_LENGTH];
-    unsigned char *ptr = &buf[0];
-
-    s->s3->alert_dispatch = 0;
-
-    memset(buf, 0x00, sizeof(buf));
-    *ptr++ = s->s3->send_alert[0];
-    *ptr++ = s->s3->send_alert[1];
-
-#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
-    if (s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) {
-        s2n(s->d1->handshake_read_seq, ptr);
-# if 0
-        if (s->d1->r_msg_hdr.frag_off == 0)
-            /*
-             * waiting for a new msg
-             */
-            else
-            s2n(s->d1->r_msg_hdr.seq, ptr); /* partial msg read */
-# endif
-
-# if 0
-        fprintf(stderr,
-                "s->d1->handshake_read_seq = %d, s->d1->r_msg_hdr.seq = %d\n",
-                s->d1->handshake_read_seq, s->d1->r_msg_hdr.seq);
-# endif
-        l2n3(s->d1->r_msg_hdr.frag_off, ptr);
-    }
-#endif
-
-    i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), 0);
-    if (i <= 0) {
-        s->s3->alert_dispatch = 1;
-        /* fprintf( stderr, "not done with alert\n" ); */
-    } else {
-        if (s->s3->send_alert[0] == SSL3_AL_FATAL
-#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
-            || s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
-#endif
-            )
-            (void)BIO_flush(s->wbio);
-
-        if (s->msg_callback)
-            s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert,
-                            2, s, s->msg_callback_arg);
-
-        if (s->info_callback != NULL)
-            cb = s->info_callback;
-        else if (s->ctx->info_callback != NULL)
-            cb = s->ctx->info_callback;
-
-        if (cb != NULL) {
-            j = (s->s3->send_alert[0] << 8) | s->s3->send_alert[1];
-            cb(s, SSL_CB_WRITE_ALERT, j);
-        }
-    }
-    return (i);
-}
-
-static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,
-                                      unsigned int *is_next_epoch)
-{
-
-    *is_next_epoch = 0;
-
-    /* In current epoch, accept HM, CCS, DATA, & ALERT */
-    if (rr->epoch == s->d1->r_epoch)
-        return &s->d1->bitmap;
-
-    /*
-     * Only HM and ALERT messages can be from the next epoch and only if we
-     * have already processed all of the unprocessed records from the last
-     * epoch
-     */
-    else if (rr->epoch == (unsigned long)(s->d1->r_epoch + 1) &&
-             s->d1->unprocessed_rcds.epoch != s->d1->r_epoch &&
-             (rr->type == SSL3_RT_HANDSHAKE || rr->type == SSL3_RT_ALERT)) {
-        *is_next_epoch = 1;
-        return &s->d1->next_bitmap;
-    }
-
-    return NULL;
-}
-
-#if 0
-static int
-dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr,
-                             unsigned short *priority, unsigned long *offset)
-{
-
-    /* alerts are passed up immediately */
-    if (rr->type == SSL3_RT_APPLICATION_DATA || rr->type == SSL3_RT_ALERT)
-        return 0;
-
-    /*
-     * Only need to buffer if a handshake is underway. (this implies that
-     * Hello Request and Client Hello are passed up immediately)
-     */
-    if (SSL_in_init(s)) {
-        unsigned char *data = rr->data;
-        /* need to extract the HM/CCS sequence number here */
-        if (rr->type == SSL3_RT_HANDSHAKE ||
-            rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) {
-            unsigned short seq_num;
-            struct hm_header_st msg_hdr;
-            struct ccs_header_st ccs_hdr;
-
-            if (rr->type == SSL3_RT_HANDSHAKE) {
-                dtls1_get_message_header(data, &msg_hdr);
-                seq_num = msg_hdr.seq;
-                *offset = msg_hdr.frag_off;
-            } else {
-                dtls1_get_ccs_header(data, &ccs_hdr);
-                seq_num = ccs_hdr.seq;
-                *offset = 0;
-            }
-
-            /*
-             * this is either a record we're waiting for, or a retransmit of
-             * something we happened to previously receive (higher layers
-             * will drop the repeat silently
-             */
-            if (seq_num < s->d1->handshake_read_seq)
-                return 0;
-            if (rr->type == SSL3_RT_HANDSHAKE &&
-                seq_num == s->d1->handshake_read_seq &&
-                msg_hdr.frag_off < s->d1->r_msg_hdr.frag_off)
-                return 0;
-            else if (seq_num == s->d1->handshake_read_seq &&
-                     (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC ||
-                      msg_hdr.frag_off == s->d1->r_msg_hdr.frag_off))
-                return 0;
-            else {
-                *priority = seq_num;
-                return 1;
-            }
-        } else                  /* unknown record type */
-            return 0;
-    }
-
-    return 0;
-}
-#endif
-
-void dtls1_reset_seq_numbers(SSL *s, int rw)
-{
-    unsigned char *seq;
-    unsigned int seq_bytes = sizeof(s->s3->read_sequence);
-
-    if (rw & SSL3_CC_READ) {
-        seq = s->s3->read_sequence;
-        s->d1->r_epoch++;
-        memcpy(&(s->d1->bitmap), &(s->d1->next_bitmap), sizeof(DTLS1_BITMAP));
-        memset(&(s->d1->next_bitmap), 0x00, sizeof(DTLS1_BITMAP));
-
-        /*
-         * We must not use any buffered messages received from the previous
-         * epoch
-         */
-        dtls1_clear_received_buffer(s);
-    } else {
-        seq = s->s3->write_sequence;
-        memcpy(s->d1->last_write_sequence, seq,
-               sizeof(s->s3->write_sequence));
-        s->d1->w_epoch++;
-    }
-
-    memset(seq, 0x00, seq_bytes);
-}
diff --git a/freebsd/crypto/openssl/ssl/d1_srtp.c b/freebsd/crypto/openssl/ssl/d1_srtp.c
index b6df7c28..06ffb7ee 100644
--- a/freebsd/crypto/openssl/ssl/d1_srtp.c
+++ b/freebsd/crypto/openssl/ssl/d1_srtp.c
@@ -1,115 +1,14 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* ssl/t1_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
+
 /*
  * DTLS code by Eric Rescorla <ekr@rtfm.com>
  *
@@ -119,7 +18,6 @@
 #include <stdio.h>
 #include <openssl/objects.h>
 #include "ssl_locl.h"
-#include "srtp.h"
 
 #ifndef OPENSSL_NO_SRTP
 
@@ -132,27 +30,26 @@ static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = {
      "SRTP_AES128_CM_SHA1_32",
      SRTP_AES128_CM_SHA1_32,
      },
-# if 0
     {
-     "SRTP_NULL_SHA1_80",
-     SRTP_NULL_SHA1_80,
+     "SRTP_AEAD_AES_128_GCM",
+     SRTP_AEAD_AES_128_GCM,
      },
     {
-     "SRTP_NULL_SHA1_32",
-     SRTP_NULL_SHA1_32,
+     "SRTP_AEAD_AES_256_GCM",
+     SRTP_AEAD_AES_256_GCM,
      },
-# endif
     {0}
 };
 
 static int find_profile_by_name(char *profile_name,
-                                SRTP_PROTECTION_PROFILE **pptr, unsigned len)
+                                SRTP_PROTECTION_PROFILE **pptr, size_t len)
 {
     SRTP_PROTECTION_PROFILE *p;
 
     p = srtp_known_profiles;
     while (p->name) {
-        if ((len == strlen(p->name)) && !strncmp(p->name, profile_name, len)) {
+        if ((len == strlen(p->name))
+            && strncmp(p->name, profile_name, len) == 0) {
             *pptr = p;
             return 0;
         }
@@ -170,10 +67,9 @@ static int ssl_ctx_make_profiles(const char *profiles_string,
 
     char *col;
     char *ptr = (char *)profiles_string;
-
     SRTP_PROTECTION_PROFILE *p;
 
-    if (!(profiles = sk_SRTP_PROTECTION_PROFILE_new_null())) {
+    if ((profiles = sk_SRTP_PROTECTION_PROFILE_new_null()) == NULL) {
         SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,
                SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
         return 1;
@@ -182,30 +78,37 @@ static int ssl_ctx_make_profiles(const char *profiles_string,
     do {
         col = strchr(ptr, ':');
 
-        if (!find_profile_by_name(ptr, &p,
-                                  col ? col - ptr : (int)strlen(ptr))) {
+        if (!find_profile_by_name(ptr, &p, col ? (size_t)(col - ptr)
+                                               : strlen(ptr))) {
             if (sk_SRTP_PROTECTION_PROFILE_find(profiles, p) >= 0) {
                 SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,
                        SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
-                sk_SRTP_PROTECTION_PROFILE_free(profiles);
-                return 1;
+                goto err;
             }
 
-            sk_SRTP_PROTECTION_PROFILE_push(profiles, p);
+            if (!sk_SRTP_PROTECTION_PROFILE_push(profiles, p)) {
+                SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,
+                       SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
+                goto err;
+            }
         } else {
             SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,
                    SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE);
-            sk_SRTP_PROTECTION_PROFILE_free(profiles);
-            return 1;
+            goto err;
         }
 
         if (col)
             ptr = col + 1;
     } while (col);
 
+    sk_SRTP_PROTECTION_PROFILE_free(*out);
+
     *out = profiles;
 
     return 0;
+ err:
+    sk_SRTP_PROTECTION_PROFILE_free(profiles);
+    return 1;
 }
 
 int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles)
@@ -235,216 +138,4 @@ SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s)
 {
     return s->srtp_profile;
 }
-
-/*
- * Note: this function returns 0 length if there are no profiles specified
- */
-int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len,
-                                     int maxlen)
-{
-    int ct = 0;
-    int i;
-    STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = 0;
-    SRTP_PROTECTION_PROFILE *prof;
-
-    clnt = SSL_get_srtp_profiles(s);
-    ct = sk_SRTP_PROTECTION_PROFILE_num(clnt); /* -1 if clnt == 0 */
-
-    if (p) {
-        if (ct == 0) {
-            SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT,
-                   SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST);
-            return 1;
-        }
-
-        if ((2 + ct * 2 + 1) > maxlen) {
-            SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT,
-                   SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
-            return 1;
-        }
-
-        /* Add the length */
-        s2n(ct * 2, p);
-        for (i = 0; i < ct; i++) {
-            prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i);
-            s2n(prof->id, p);
-        }
-
-        /* Add an empty use_mki value */
-        *p++ = 0;
-    }
-
-    *len = 2 + ct * 2 + 1;
-
-    return 0;
-}
-
-int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,
-                                       int *al)
-{
-    SRTP_PROTECTION_PROFILE *sprof;
-    STACK_OF(SRTP_PROTECTION_PROFILE) *srvr;
-    int ct;
-    int mki_len;
-    int i, srtp_pref;
-    unsigned int id;
-
-    /* Length value + the MKI length */
-    if (len < 3) {
-        SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
-               SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
-        *al = SSL_AD_DECODE_ERROR;
-        return 1;
-    }
-
-    /* Pull off the length of the cipher suite list */
-    n2s(d, ct);
-    len -= 2;
-
-    /* Check that it is even */
-    if (ct % 2) {
-        SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
-               SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
-        *al = SSL_AD_DECODE_ERROR;
-        return 1;
-    }
-
-    /* Check that lengths are consistent */
-    if (len < (ct + 1)) {
-        SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
-               SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
-        *al = SSL_AD_DECODE_ERROR;
-        return 1;
-    }
-
-    srvr = SSL_get_srtp_profiles(s);
-    s->srtp_profile = NULL;
-    /* Search all profiles for a match initially */
-    srtp_pref = sk_SRTP_PROTECTION_PROFILE_num(srvr);
-
-    while (ct) {
-        n2s(d, id);
-        ct -= 2;
-        len -= 2;
-
-        /*
-         * Only look for match in profiles of higher preference than
-         * current match.
-         * If no profiles have been have been configured then this
-         * does nothing.
-         */
-        for (i = 0; i < srtp_pref; i++) {
-            sprof = sk_SRTP_PROTECTION_PROFILE_value(srvr, i);
-            if (sprof->id == id) {
-                s->srtp_profile = sprof;
-                srtp_pref = i;
-                break;
-            }
-        }
-    }
-
-    /*
-     * Now extract the MKI value as a sanity check, but discard it for now
-     */
-    mki_len = *d;
-    d++;
-    len--;
-
-    if (mki_len != len) {
-        SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
-               SSL_R_BAD_SRTP_MKI_VALUE);
-        *al = SSL_AD_DECODE_ERROR;
-        return 1;
-    }
-
-    return 0;
-}
-
-int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len,
-                                     int maxlen)
-{
-    if (p) {
-        if (maxlen < 5) {
-            SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT,
-                   SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
-            return 1;
-        }
-
-        if (s->srtp_profile == 0) {
-            SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT,
-                   SSL_R_USE_SRTP_NOT_NEGOTIATED);
-            return 1;
-        }
-        s2n(2, p);
-        s2n(s->srtp_profile->id, p);
-        *p++ = 0;
-    }
-    *len = 5;
-
-    return 0;
-}
-
-int ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len,
-                                       int *al)
-{
-    unsigned id;
-    int i;
-    int ct;
-
-    STACK_OF(SRTP_PROTECTION_PROFILE) *clnt;
-    SRTP_PROTECTION_PROFILE *prof;
-
-    if (len != 5) {
-        SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,
-               SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
-        *al = SSL_AD_DECODE_ERROR;
-        return 1;
-    }
-
-    n2s(d, ct);
-    if (ct != 2) {
-        SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,
-               SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
-        *al = SSL_AD_DECODE_ERROR;
-        return 1;
-    }
-
-    n2s(d, id);
-    if (*d) {                   /* Must be no MKI, since we never offer one */
-        SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,
-               SSL_R_BAD_SRTP_MKI_VALUE);
-        *al = SSL_AD_ILLEGAL_PARAMETER;
-        return 1;
-    }
-
-    clnt = SSL_get_srtp_profiles(s);
-
-    /* Throw an error if the server gave us an unsolicited extension */
-    if (clnt == NULL) {
-        SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,
-               SSL_R_NO_SRTP_PROFILES);
-        *al = SSL_AD_DECODE_ERROR;
-        return 1;
-    }
-
-    /*
-     * Check to see if the server gave us something we support (and
-     * presumably offered)
-     */
-    for (i = 0; i < sk_SRTP_PROTECTION_PROFILE_num(clnt); i++) {
-        prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i);
-
-        if (prof->id == id) {
-            s->srtp_profile = prof;
-            *al = 0;
-            return 0;
-        }
-    }
-
-    SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,
-           SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
-    *al = SSL_AD_DECODE_ERROR;
-    return 1;
-}
-
 #endif
diff --git a/freebsd/crypto/openssl/ssl/d1_srvr.c b/freebsd/crypto/openssl/ssl/d1_srvr.c
deleted file mode 100644
index a60b6964..00000000
--- a/freebsd/crypto/openssl/ssl/d1_srvr.c
+++ /dev/null
@@ -1,987 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* ssl/d1_srvr.c */
-/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/md5.h>
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_DH
-# include <openssl/dh.h>
-#endif
-
-static const SSL_METHOD *dtls1_get_server_method(int ver);
-static int dtls1_send_hello_verify_request(SSL *s);
-
-static const SSL_METHOD *dtls1_get_server_method(int ver)
-{
-    if (ver == DTLS_ANY_VERSION)
-        return DTLS_server_method();
-    else if (ver == DTLS1_VERSION)
-        return DTLSv1_server_method();
-    else if (ver == DTLS1_2_VERSION)
-        return DTLSv1_2_server_method();
-    else
-        return NULL;
-}
-
-IMPLEMENT_dtls1_meth_func(DTLS1_VERSION,
-                          DTLSv1_server_method,
-                          dtls1_accept,
-                          ssl_undefined_function,
-                          dtls1_get_server_method, DTLSv1_enc_data)
-
-IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION,
-                          DTLSv1_2_server_method,
-                          dtls1_accept,
-                          ssl_undefined_function,
-                          dtls1_get_server_method, DTLSv1_2_enc_data)
-
-IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION,
-                          DTLS_server_method,
-                          dtls1_accept,
-                          ssl_undefined_function,
-                          dtls1_get_server_method, DTLSv1_2_enc_data)
-
-int dtls1_accept(SSL *s)
-{
-    BUF_MEM *buf;
-    unsigned long Time = (unsigned long)time(NULL);
-    void (*cb) (const SSL *ssl, int type, int val) = NULL;
-    unsigned long alg_k;
-    int ret = -1;
-    int new_state, state, skip = 0;
-    int listen;
-#ifndef OPENSSL_NO_SCTP
-    unsigned char sctpauthkey[64];
-    char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
-#endif
-
-    RAND_add(&Time, sizeof(Time), 0);
-    ERR_clear_error();
-    clear_sys_error();
-
-    if (s->info_callback != NULL)
-        cb = s->info_callback;
-    else if (s->ctx->info_callback != NULL)
-        cb = s->ctx->info_callback;
-
-    listen = s->d1->listen;
-
-    /* init things to blank */
-    s->in_handshake++;
-    if (!SSL_in_init(s) || SSL_in_before(s))
-        SSL_clear(s);
-
-    s->d1->listen = listen;
-#ifndef OPENSSL_NO_SCTP
-    /*
-     * Notify SCTP BIO socket to enter handshake mode and prevent stream
-     * identifier other than 0. Will be ignored if no SCTP is used.
-     */
-    BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
-             s->in_handshake, NULL);
-#endif
-
-    if (s->cert == NULL) {
-        SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_NO_CERTIFICATE_SET);
-        return (-1);
-    }
-#ifndef OPENSSL_NO_HEARTBEATS
-    /*
-     * If we're awaiting a HeartbeatResponse, pretend we already got and
-     * don't await it anymore, because Heartbeats don't make sense during
-     * handshakes anyway.
-     */
-    if (s->tlsext_hb_pending) {
-        dtls1_stop_timer(s);
-        s->tlsext_hb_pending = 0;
-        s->tlsext_hb_seq++;
-    }
-#endif
-
-    for (;;) {
-        state = s->state;
-
-        switch (s->state) {
-        case SSL_ST_RENEGOTIATE:
-            s->renegotiate = 1;
-            /* s->state=SSL_ST_ACCEPT; */
-
-        case SSL_ST_BEFORE:
-        case SSL_ST_ACCEPT:
-        case SSL_ST_BEFORE | SSL_ST_ACCEPT:
-        case SSL_ST_OK | SSL_ST_ACCEPT:
-
-            s->server = 1;
-            if (cb != NULL)
-                cb(s, SSL_CB_HANDSHAKE_START, 1);
-
-            if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00)) {
-                SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR);
-                return -1;
-            }
-            s->type = SSL_ST_ACCEPT;
-
-            if (s->init_buf == NULL) {
-                if ((buf = BUF_MEM_new()) == NULL) {
-                    ret = -1;
-                    s->state = SSL_ST_ERR;
-                    goto end;
-                }
-                if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
-                    BUF_MEM_free(buf);
-                    ret = -1;
-                    s->state = SSL_ST_ERR;
-                    goto end;
-                }
-                s->init_buf = buf;
-            }
-
-            if (!ssl3_setup_buffers(s)) {
-                ret = -1;
-                s->state = SSL_ST_ERR;
-                goto end;
-            }
-
-            s->init_num = 0;
-            s->d1->change_cipher_spec_ok = 0;
-            /*
-             * Should have been reset by ssl3_get_finished, too.
-             */
-            s->s3->change_cipher_spec = 0;
-
-            if (s->state != SSL_ST_RENEGOTIATE) {
-                /*
-                 * Ok, we now need to push on a buffering BIO so that the
-                 * output is sent in a way that TCP likes :-) ...but not with
-                 * SCTP :-)
-                 */
-#ifndef OPENSSL_NO_SCTP
-                if (!BIO_dgram_is_sctp(SSL_get_wbio(s)))
-#endif
-                    if (!ssl_init_wbio_buffer(s, 1)) {
-                        ret = -1;
-                        s->state = SSL_ST_ERR;
-                        goto end;
-                    }
-
-                if (!ssl3_init_finished_mac(s)) {
-                    ret = -1;
-                    s->state = SSL_ST_ERR;
-                    goto end;
-                }
-
-                s->state = SSL3_ST_SR_CLNT_HELLO_A;
-                s->ctx->stats.sess_accept++;
-            } else if (!s->s3->send_connection_binding &&
-                       !(s->options &
-                         SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
-                /*
-                 * Server attempting to renegotiate with client that doesn't
-                 * support secure renegotiation.
-                 */
-                SSLerr(SSL_F_DTLS1_ACCEPT,
-                       SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
-                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
-                ret = -1;
-                s->state = SSL_ST_ERR;
-                goto end;
-            } else {
-                /*
-                 * s->state == SSL_ST_RENEGOTIATE, we will just send a
-                 * HelloRequest
-                 */
-                s->ctx->stats.sess_accept_renegotiate++;
-                s->state = SSL3_ST_SW_HELLO_REQ_A;
-            }
-
-            break;
-
-        case SSL3_ST_SW_HELLO_REQ_A:
-        case SSL3_ST_SW_HELLO_REQ_B:
-
-            s->shutdown = 0;
-            dtls1_clear_sent_buffer(s);
-            dtls1_start_timer(s);
-            ret = ssl3_send_hello_request(s);
-            if (ret <= 0)
-                goto end;
-            s->s3->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A;
-            s->state = SSL3_ST_SW_FLUSH;
-            s->init_num = 0;
-
-            if (!ssl3_init_finished_mac(s)) {
-                ret = -1;
-                s->state = SSL_ST_ERR;
-                goto end;
-            }
-            break;
-
-        case SSL3_ST_SW_HELLO_REQ_C:
-            s->state = SSL_ST_OK;
-            break;
-
-        case SSL3_ST_SR_CLNT_HELLO_A:
-        case SSL3_ST_SR_CLNT_HELLO_B:
-        case SSL3_ST_SR_CLNT_HELLO_C:
-
-            s->shutdown = 0;
-            ret = ssl3_get_client_hello(s);
-            if (ret <= 0)
-                goto end;
-            dtls1_stop_timer(s);
-
-            if (ret == 1 && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE))
-                s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A;
-            else
-                s->state = SSL3_ST_SW_SRVR_HELLO_A;
-
-            s->init_num = 0;
-
-            /* If we're just listening, stop here */
-            if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A) {
-                ret = 2;
-                s->d1->listen = 0;
-                /*
-                 * Set expected sequence numbers to continue the handshake.
-                 */
-                s->d1->handshake_read_seq = 2;
-                s->d1->handshake_write_seq = 1;
-                s->d1->next_handshake_write_seq = 1;
-                goto end;
-            }
-
-            break;
-
-        case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
-        case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
-
-            ret = dtls1_send_hello_verify_request(s);
-            if (ret <= 0)
-                goto end;
-            s->state = SSL3_ST_SW_FLUSH;
-            s->s3->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A;
-
-            /* HelloVerifyRequest resets Finished MAC */
-            if (s->version != DTLS1_BAD_VER)
-                if (!ssl3_init_finished_mac(s)) {
-                    ret = -1;
-                    s->state = SSL_ST_ERR;
-                    goto end;
-                }
-            break;
-
-#ifndef OPENSSL_NO_SCTP
-        case DTLS1_SCTP_ST_SR_READ_SOCK:
-
-            if (BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
-                s->s3->in_read_app_data = 2;
-                s->rwstate = SSL_READING;
-                BIO_clear_retry_flags(SSL_get_rbio(s));
-                BIO_set_retry_read(SSL_get_rbio(s));
-                ret = -1;
-                goto end;
-            }
-
-            s->state = SSL3_ST_SR_FINISHED_A;
-            break;
-
-        case DTLS1_SCTP_ST_SW_WRITE_SOCK:
-            ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s));
-            if (ret < 0)
-                goto end;
-
-            if (ret == 0) {
-                if (s->d1->next_state != SSL_ST_OK) {
-                    s->s3->in_read_app_data = 2;
-                    s->rwstate = SSL_READING;
-                    BIO_clear_retry_flags(SSL_get_rbio(s));
-                    BIO_set_retry_read(SSL_get_rbio(s));
-                    ret = -1;
-                    goto end;
-                }
-            }
-
-            s->state = s->d1->next_state;
-            break;
-#endif
-
-        case SSL3_ST_SW_SRVR_HELLO_A:
-        case SSL3_ST_SW_SRVR_HELLO_B:
-            s->renegotiate = 2;
-            dtls1_start_timer(s);
-            ret = ssl3_send_server_hello(s);
-            if (ret <= 0)
-                goto end;
-
-            if (s->hit) {
-#ifndef OPENSSL_NO_SCTP
-                /*
-                 * Add new shared key for SCTP-Auth, will be ignored if no
-                 * SCTP used.
-                 */
-                snprintf((char *)labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
-                         DTLS1_SCTP_AUTH_LABEL);
-
-                if (SSL_export_keying_material(s, sctpauthkey,
-                        sizeof(sctpauthkey), labelbuffer,
-                        sizeof(labelbuffer), NULL, 0, 0) <= 0) {
-                    ret = -1;
-                    s->state = SSL_ST_ERR;
-                    goto end;
-                }
-
-                BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
-                         sizeof(sctpauthkey), sctpauthkey);
-#endif
-#ifndef OPENSSL_NO_TLSEXT
-                if (s->tlsext_ticket_expected)
-                    s->state = SSL3_ST_SW_SESSION_TICKET_A;
-                else
-                    s->state = SSL3_ST_SW_CHANGE_A;
-#else
-                s->state = SSL3_ST_SW_CHANGE_A;
-#endif
-            } else
-                s->state = SSL3_ST_SW_CERT_A;
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_SW_CERT_A:
-        case SSL3_ST_SW_CERT_B:
-            /* Check if it is anon DH or normal PSK */
-            if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
-                && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
-                dtls1_start_timer(s);
-                ret = ssl3_send_server_certificate(s);
-                if (ret <= 0)
-                    goto end;
-#ifndef OPENSSL_NO_TLSEXT
-                if (s->tlsext_status_expected)
-                    s->state = SSL3_ST_SW_CERT_STATUS_A;
-                else
-                    s->state = SSL3_ST_SW_KEY_EXCH_A;
-            } else {
-                skip = 1;
-                s->state = SSL3_ST_SW_KEY_EXCH_A;
-            }
-#else
-            } else
-                skip = 1;
-
-            s->state = SSL3_ST_SW_KEY_EXCH_A;
-#endif
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_SW_KEY_EXCH_A:
-        case SSL3_ST_SW_KEY_EXCH_B:
-            alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
-
-            /*
-             * clear this, it may get reset by
-             * send_server_key_exchange
-             */
-            s->s3->tmp.use_rsa_tmp = 0;
-
-            /*
-             * only send if a DH key exchange or RSA but we have a sign only
-             * certificate
-             */
-            if (0
-                /*
-                 * PSK: send ServerKeyExchange if PSK identity hint if
-                 * provided
-                 */
-#ifndef OPENSSL_NO_PSK
-                || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
-#endif
-                || (alg_k & SSL_kDHE)
-                || (alg_k & SSL_kEECDH)
-                || ((alg_k & SSL_kRSA)
-                    && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
-                        || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
-                            && EVP_PKEY_size(s->cert->pkeys
-                                             [SSL_PKEY_RSA_ENC].privatekey) *
-                            8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
-                        )
-                    )
-                )
-                ) {
-                dtls1_start_timer(s);
-                ret = ssl3_send_server_key_exchange(s);
-                if (ret <= 0)
-                    goto end;
-            } else
-                skip = 1;
-
-            s->state = SSL3_ST_SW_CERT_REQ_A;
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_SW_CERT_REQ_A:
-        case SSL3_ST_SW_CERT_REQ_B:
-            if (                /* don't request cert unless asked for it: */
-                   !(s->verify_mode & SSL_VERIFY_PEER) ||
-                   /*
-                    * if SSL_VERIFY_CLIENT_ONCE is set, don't request cert
-                    * during re-negotiation:
-                    */
-                   ((s->session->peer != NULL) &&
-                    (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
-                   /*
-                    * never request cert in anonymous ciphersuites (see
-                    * section "Certificate request" in SSL 3 drafts and in
-                    * RFC 2246):
-                    */
-                   ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
-                    /*
-                     * ... except when the application insists on
-                     * verification (against the specs, but s3_clnt.c accepts
-                     * this for SSL 3)
-                     */
-                    !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
-                   /*
-                    * never request cert in Kerberos ciphersuites
-                    */
-                   (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)
-                   /*
-                    * With normal PSK Certificates and Certificate Requests
-                    * are omitted
-                    */
-                   || (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
-                /* no cert request */
-                skip = 1;
-                s->s3->tmp.cert_request = 0;
-                s->state = SSL3_ST_SW_SRVR_DONE_A;
-#ifndef OPENSSL_NO_SCTP
-                if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
-                    s->d1->next_state = SSL3_ST_SW_SRVR_DONE_A;
-                    s->state = DTLS1_SCTP_ST_SW_WRITE_SOCK;
-                }
-#endif
-            } else {
-                s->s3->tmp.cert_request = 1;
-                dtls1_start_timer(s);
-                ret = ssl3_send_certificate_request(s);
-                if (ret <= 0)
-                    goto end;
-#ifndef NETSCAPE_HANG_BUG
-                s->state = SSL3_ST_SW_SRVR_DONE_A;
-# ifndef OPENSSL_NO_SCTP
-                if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
-                    s->d1->next_state = SSL3_ST_SW_SRVR_DONE_A;
-                    s->state = DTLS1_SCTP_ST_SW_WRITE_SOCK;
-                }
-# endif
-#else
-                s->state = SSL3_ST_SW_FLUSH;
-                s->s3->tmp.next_state = SSL3_ST_SR_CERT_A;
-# ifndef OPENSSL_NO_SCTP
-                if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
-                    s->d1->next_state = s->s3->tmp.next_state;
-                    s->s3->tmp.next_state = DTLS1_SCTP_ST_SW_WRITE_SOCK;
-                }
-# endif
-#endif
-                s->init_num = 0;
-            }
-            break;
-
-        case SSL3_ST_SW_SRVR_DONE_A:
-        case SSL3_ST_SW_SRVR_DONE_B:
-            dtls1_start_timer(s);
-            ret = ssl3_send_server_done(s);
-            if (ret <= 0)
-                goto end;
-            s->s3->tmp.next_state = SSL3_ST_SR_CERT_A;
-            s->state = SSL3_ST_SW_FLUSH;
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_SW_FLUSH:
-            s->rwstate = SSL_WRITING;
-            if (BIO_flush(s->wbio) <= 0) {
-                /*
-                 * If the write error was fatal, stop trying
-                 */
-                if (!BIO_should_retry(s->wbio)) {
-                    s->rwstate = SSL_NOTHING;
-                    s->state = s->s3->tmp.next_state;
-                }
-
-                ret = -1;
-                goto end;
-            }
-            s->rwstate = SSL_NOTHING;
-            s->state = s->s3->tmp.next_state;
-            break;
-
-        case SSL3_ST_SR_CERT_A:
-        case SSL3_ST_SR_CERT_B:
-            if (s->s3->tmp.cert_request) {
-                ret = ssl3_get_client_certificate(s);
-                if (ret <= 0)
-                    goto end;
-            }
-            s->init_num = 0;
-            s->state = SSL3_ST_SR_KEY_EXCH_A;
-            break;
-
-        case SSL3_ST_SR_KEY_EXCH_A:
-        case SSL3_ST_SR_KEY_EXCH_B:
-            ret = ssl3_get_client_key_exchange(s);
-            if (ret <= 0)
-                goto end;
-#ifndef OPENSSL_NO_SCTP
-            /*
-             * Add new shared key for SCTP-Auth, will be ignored if no SCTP
-             * used.
-             */
-            snprintf((char *)labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
-                     DTLS1_SCTP_AUTH_LABEL);
-
-            if (SSL_export_keying_material(s, sctpauthkey,
-                                       sizeof(sctpauthkey), labelbuffer,
-                                       sizeof(labelbuffer), NULL, 0, 0) <= 0) {
-                ret = -1;
-                s->state = SSL_ST_ERR;
-                goto end;
-            }
-
-            BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
-                     sizeof(sctpauthkey), sctpauthkey);
-#endif
-
-            s->state = SSL3_ST_SR_CERT_VRFY_A;
-            s->init_num = 0;
-
-            if (ret == 2) {
-                /*
-                 * For the ECDH ciphersuites when the client sends its ECDH
-                 * pub key in a certificate, the CertificateVerify message is
-                 * not sent.
-                 */
-                s->state = SSL3_ST_SR_FINISHED_A;
-                s->init_num = 0;
-            } else if (SSL_USE_SIGALGS(s)) {
-                s->state = SSL3_ST_SR_CERT_VRFY_A;
-                s->init_num = 0;
-                if (!s->session->peer)
-                    break;
-                /*
-                 * For sigalgs freeze the handshake buffer at this point and
-                 * digest cached records.
-                 */
-                if (!s->s3->handshake_buffer) {
-                    SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR);
-                    s->state = SSL_ST_ERR;
-                    return -1;
-                }
-                s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE;
-                if (!ssl3_digest_cached_records(s)) {
-                    s->state = SSL_ST_ERR;
-                    return -1;
-                }
-            } else {
-                s->state = SSL3_ST_SR_CERT_VRFY_A;
-                s->init_num = 0;
-
-                /*
-                 * We need to get hashes here so if there is a client cert,
-                 * it can be verified
-                 */
-                s->method->ssl3_enc->cert_verify_mac(s,
-                                                     NID_md5,
-                                                     &(s->s3->
-                                                       tmp.cert_verify_md
-                                                       [0]));
-                s->method->ssl3_enc->cert_verify_mac(s, NID_sha1,
-                                                     &(s->s3->
-                                                       tmp.cert_verify_md
-                                                       [MD5_DIGEST_LENGTH]));
-            }
-            break;
-
-        case SSL3_ST_SR_CERT_VRFY_A:
-        case SSL3_ST_SR_CERT_VRFY_B:
-            ret = ssl3_get_cert_verify(s);
-            if (ret <= 0)
-                goto end;
-#ifndef OPENSSL_NO_SCTP
-            if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
-                state == SSL_ST_RENEGOTIATE)
-                s->state = DTLS1_SCTP_ST_SR_READ_SOCK;
-            else
-#endif
-                s->state = SSL3_ST_SR_FINISHED_A;
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_SR_FINISHED_A:
-        case SSL3_ST_SR_FINISHED_B:
-            /*
-             * Enable CCS. Receiving a CCS clears the flag, so make
-             * sure not to re-enable it to ban duplicates. This *should* be the
-             * first time we have received one - but we check anyway to be
-             * cautious.
-             * s->s3->change_cipher_spec is set when a CCS is
-             * processed in d1_pkt.c, and remains set until
-             * the client's Finished message is read.
-             */
-            if (!s->s3->change_cipher_spec)
-                s->d1->change_cipher_spec_ok = 1;
-            ret = ssl3_get_finished(s, SSL3_ST_SR_FINISHED_A,
-                                    SSL3_ST_SR_FINISHED_B);
-            if (ret <= 0)
-                goto end;
-            dtls1_stop_timer(s);
-            if (s->hit)
-                s->state = SSL_ST_OK;
-#ifndef OPENSSL_NO_TLSEXT
-            else if (s->tlsext_ticket_expected)
-                s->state = SSL3_ST_SW_SESSION_TICKET_A;
-#endif
-            else
-                s->state = SSL3_ST_SW_CHANGE_A;
-            s->init_num = 0;
-            break;
-
-#ifndef OPENSSL_NO_TLSEXT
-        case SSL3_ST_SW_SESSION_TICKET_A:
-        case SSL3_ST_SW_SESSION_TICKET_B:
-            ret = ssl3_send_newsession_ticket(s);
-            if (ret <= 0)
-                goto end;
-            s->state = SSL3_ST_SW_CHANGE_A;
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_SW_CERT_STATUS_A:
-        case SSL3_ST_SW_CERT_STATUS_B:
-            ret = ssl3_send_cert_status(s);
-            if (ret <= 0)
-                goto end;
-            s->state = SSL3_ST_SW_KEY_EXCH_A;
-            s->init_num = 0;
-            break;
-
-#endif
-
-        case SSL3_ST_SW_CHANGE_A:
-        case SSL3_ST_SW_CHANGE_B:
-
-            s->session->cipher = s->s3->tmp.new_cipher;
-            if (!s->method->ssl3_enc->setup_key_block(s)) {
-                ret = -1;
-                s->state = SSL_ST_ERR;
-                goto end;
-            }
-
-            ret = dtls1_send_change_cipher_spec(s,
-                                                SSL3_ST_SW_CHANGE_A,
-                                                SSL3_ST_SW_CHANGE_B);
-
-            if (ret <= 0)
-                goto end;
-
-#ifndef OPENSSL_NO_SCTP
-            if (!s->hit) {
-                /*
-                 * Change to new shared key of SCTP-Auth, will be ignored if
-                 * no SCTP used.
-                 */
-                BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY,
-                         0, NULL);
-            }
-#endif
-
-            s->state = SSL3_ST_SW_FINISHED_A;
-            s->init_num = 0;
-
-            if (!s->method->ssl3_enc->change_cipher_state(s,
-                                                          SSL3_CHANGE_CIPHER_SERVER_WRITE))
-            {
-                ret = -1;
-                s->state = SSL_ST_ERR;
-                goto end;
-            }
-
-            dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
-            break;
-
-        case SSL3_ST_SW_FINISHED_A:
-        case SSL3_ST_SW_FINISHED_B:
-            ret = ssl3_send_finished(s,
-                                     SSL3_ST_SW_FINISHED_A,
-                                     SSL3_ST_SW_FINISHED_B,
-                                     s->method->
-                                     ssl3_enc->server_finished_label,
-                                     s->method->
-                                     ssl3_enc->server_finished_label_len);
-            if (ret <= 0)
-                goto end;
-            s->state = SSL3_ST_SW_FLUSH;
-            if (s->hit) {
-                s->s3->tmp.next_state = SSL3_ST_SR_FINISHED_A;
-
-#ifndef OPENSSL_NO_SCTP
-                /*
-                 * Change to new shared key of SCTP-Auth, will be ignored if
-                 * no SCTP used.
-                 */
-                BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY,
-                         0, NULL);
-#endif
-            } else {
-                s->s3->tmp.next_state = SSL_ST_OK;
-#ifndef OPENSSL_NO_SCTP
-                if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
-                    s->d1->next_state = s->s3->tmp.next_state;
-                    s->s3->tmp.next_state = DTLS1_SCTP_ST_SW_WRITE_SOCK;
-                }
-#endif
-            }
-            s->init_num = 0;
-            break;
-
-        case SSL_ST_OK:
-            /* clean a few things up */
-            ssl3_cleanup_key_block(s);
-
-#if 0
-            BUF_MEM_free(s->init_buf);
-            s->init_buf = NULL;
-#endif
-
-            /* remove buffering on output */
-            ssl_free_wbio_buffer(s);
-
-            s->init_num = 0;
-
-            if (s->renegotiate == 2) { /* skipped if we just sent a
-                                        * HelloRequest */
-                s->renegotiate = 0;
-                s->new_session = 0;
-
-                ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
-
-                s->ctx->stats.sess_accept_good++;
-                /* s->server=1; */
-                s->handshake_func = dtls1_accept;
-
-                if (cb != NULL)
-                    cb(s, SSL_CB_HANDSHAKE_DONE, 1);
-            }
-
-            ret = 1;
-
-            /* done handshaking, next message is client hello */
-            s->d1->handshake_read_seq = 0;
-            /* next message is server hello */
-            s->d1->handshake_write_seq = 0;
-            s->d1->next_handshake_write_seq = 0;
-            dtls1_clear_received_buffer(s);
-            goto end;
-            /* break; */
-
-        case SSL_ST_ERR:
-        default:
-            SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_UNKNOWN_STATE);
-            ret = -1;
-            goto end;
-            /* break; */
-        }
-
-        if (!s->s3->tmp.reuse_message && !skip) {
-            if (s->debug) {
-                if ((ret = BIO_flush(s->wbio)) <= 0)
-                    goto end;
-            }
-
-            if ((cb != NULL) && (s->state != state)) {
-                new_state = s->state;
-                s->state = state;
-                cb(s, SSL_CB_ACCEPT_LOOP, 1);
-                s->state = new_state;
-            }
-        }
-        skip = 0;
-    }
- end:
-    /* BIO_flush(s->wbio); */
-
-    s->in_handshake--;
-#ifndef OPENSSL_NO_SCTP
-    /*
-     * Notify SCTP BIO socket to leave handshake mode and prevent stream
-     * identifier other than 0. Will be ignored if no SCTP is used.
-     */
-    BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
-             s->in_handshake, NULL);
-#endif
-
-    if (cb != NULL)
-        cb(s, SSL_CB_ACCEPT_EXIT, ret);
-    return (ret);
-}
-
-int dtls1_send_hello_verify_request(SSL *s)
-{
-    unsigned int msg_len;
-    unsigned char *msg, *buf, *p;
-
-    if (s->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) {
-        buf = (unsigned char *)s->init_buf->data;
-
-        msg = p = &(buf[DTLS1_HM_HEADER_LENGTH]);
-        /* Always use DTLS 1.0 version: see RFC 6347 */
-        *(p++) = DTLS1_VERSION >> 8;
-        *(p++) = DTLS1_VERSION & 0xFF;
-
-        if (s->ctx->app_gen_cookie_cb == NULL ||
-            s->ctx->app_gen_cookie_cb(s, s->d1->cookie,
-                                      &(s->d1->cookie_len)) == 0) {
-            SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,
-                   ERR_R_INTERNAL_ERROR);
-            s->state = SSL_ST_ERR;
-            return 0;
-        }
-
-        *(p++) = (unsigned char)s->d1->cookie_len;
-        memcpy(p, s->d1->cookie, s->d1->cookie_len);
-        p += s->d1->cookie_len;
-        msg_len = p - msg;
-
-        dtls1_set_message_header(s, buf,
-                                 DTLS1_MT_HELLO_VERIFY_REQUEST, msg_len, 0,
-                                 msg_len);
-
-        s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B;
-        /* number of bytes to write */
-        s->init_num = p - buf;
-        s->init_off = 0;
-    }
-
-    /* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */
-    return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
-}
diff --git a/freebsd/crypto/openssl/ssl/dtls1.h b/freebsd/crypto/openssl/ssl/dtls1.h
deleted file mode 100644
index 30bbcf27..00000000
--- a/freebsd/crypto/openssl/ssl/dtls1.h
+++ /dev/null
@@ -1,272 +0,0 @@
-/* ssl/dtls1.h */
-/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_DTLS1_H
-# define HEADER_DTLS1_H
-
-# include <openssl/buffer.h>
-# include <openssl/pqueue.h>
-# ifdef OPENSSL_SYS_VMS
-#  include <resource.h>
-#  include <sys/timeb.h>
-# endif
-# ifdef OPENSSL_SYS_WIN32
-/* Needed for struct timeval */
-#  include <winsock.h>
-# elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_)
-#  include <sys/timeval.h>
-# else
-#  if defined(OPENSSL_SYS_VXWORKS)
-#   include <sys/times.h>
-#  else
-#   include <sys/time.h>
-#  endif
-# endif
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-# define DTLS1_VERSION                   0xFEFF
-# define DTLS1_2_VERSION                 0xFEFD
-# define DTLS_MAX_VERSION                DTLS1_2_VERSION
-# define DTLS1_VERSION_MAJOR             0xFE
-
-# define DTLS1_BAD_VER                   0x0100
-
-/* Special value for method supporting multiple versions */
-# define DTLS_ANY_VERSION                0x1FFFF
-
-# if 0
-/* this alert description is not specified anywhere... */
-#  define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE    110
-# endif
-
-/* lengths of messages */
-# define DTLS1_COOKIE_LENGTH                     256
-
-# define DTLS1_RT_HEADER_LENGTH                  13
-
-# define DTLS1_HM_HEADER_LENGTH                  12
-
-# define DTLS1_HM_BAD_FRAGMENT                   -2
-# define DTLS1_HM_FRAGMENT_RETRY                 -3
-
-# define DTLS1_CCS_HEADER_LENGTH                  1
-
-# ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
-#  define DTLS1_AL_HEADER_LENGTH                   7
-# else
-#  define DTLS1_AL_HEADER_LENGTH                   2
-# endif
-
-# ifndef OPENSSL_NO_SSL_INTERN
-
-#  ifndef OPENSSL_NO_SCTP
-#   define DTLS1_SCTP_AUTH_LABEL   "EXPORTER_DTLS_OVER_SCTP"
-#  endif
-
-/* Max MTU overhead we know about so far is 40 for IPv6 + 8 for UDP */
-#  define DTLS1_MAX_MTU_OVERHEAD                   48
-
-typedef struct dtls1_bitmap_st {
-    unsigned long map;          /* track 32 packets on 32-bit systems and 64
-                                 * - on 64-bit systems */
-    unsigned char max_seq_num[8]; /* max record number seen so far, 64-bit
-                                   * value in big-endian encoding */
-} DTLS1_BITMAP;
-
-struct dtls1_retransmit_state {
-    EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
-    EVP_MD_CTX *write_hash;     /* used for mac generation */
-#  ifndef OPENSSL_NO_COMP
-    COMP_CTX *compress;         /* compression */
-#  else
-    char *compress;
-#  endif
-    SSL_SESSION *session;
-    unsigned short epoch;
-};
-
-struct hm_header_st {
-    unsigned char type;
-    unsigned long msg_len;
-    unsigned short seq;
-    unsigned long frag_off;
-    unsigned long frag_len;
-    unsigned int is_ccs;
-    struct dtls1_retransmit_state saved_retransmit_state;
-};
-
-struct ccs_header_st {
-    unsigned char type;
-    unsigned short seq;
-};
-
-struct dtls1_timeout_st {
-    /* Number of read timeouts so far */
-    unsigned int read_timeouts;
-    /* Number of write timeouts so far */
-    unsigned int write_timeouts;
-    /* Number of alerts received so far */
-    unsigned int num_alerts;
-};
-
-typedef struct record_pqueue_st {
-    unsigned short epoch;
-    pqueue q;
-} record_pqueue;
-
-typedef struct hm_fragment_st {
-    struct hm_header_st msg_header;
-    unsigned char *fragment;
-    unsigned char *reassembly;
-} hm_fragment;
-
-typedef struct dtls1_state_st {
-    unsigned int send_cookie;
-    unsigned char cookie[DTLS1_COOKIE_LENGTH];
-    unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH];
-    unsigned int cookie_len;
-    /*
-     * The current data and handshake epoch.  This is initially
-     * undefined, and starts at zero once the initial handshake is
-     * completed
-     */
-    unsigned short r_epoch;
-    unsigned short w_epoch;
-    /* records being received in the current epoch */
-    DTLS1_BITMAP bitmap;
-    /* renegotiation starts a new set of sequence numbers */
-    DTLS1_BITMAP next_bitmap;
-    /* handshake message numbers */
-    unsigned short handshake_write_seq;
-    unsigned short next_handshake_write_seq;
-    unsigned short handshake_read_seq;
-    /* save last sequence number for retransmissions */
-    unsigned char last_write_sequence[8];
-    /* Received handshake records (processed and unprocessed) */
-    record_pqueue unprocessed_rcds;
-    record_pqueue processed_rcds;
-    /* Buffered handshake messages */
-    pqueue buffered_messages;
-    /* Buffered (sent) handshake records */
-    pqueue sent_messages;
-    /*
-     * Buffered application records. Only for records between CCS and
-     * Finished to prevent either protocol violation or unnecessary message
-     * loss.
-     */
-    record_pqueue buffered_app_data;
-    /* Is set when listening for new connections with dtls1_listen() */
-    unsigned int listen;
-    unsigned int link_mtu;      /* max on-the-wire DTLS packet size */
-    unsigned int mtu;           /* max DTLS packet size */
-    struct hm_header_st w_msg_hdr;
-    struct hm_header_st r_msg_hdr;
-    struct dtls1_timeout_st timeout;
-    /*
-     * Indicates when the last handshake msg or heartbeat sent will timeout
-     */
-    struct timeval next_timeout;
-    /* Timeout duration */
-    unsigned short timeout_duration;
-    /*
-     * storage for Alert/Handshake protocol data received but not yet
-     * processed by ssl3_read_bytes:
-     */
-    unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH];
-    unsigned int alert_fragment_len;
-    unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH];
-    unsigned int handshake_fragment_len;
-    unsigned int retransmitting;
-    /*
-     * Set when the handshake is ready to process peer's ChangeCipherSpec message.
-     * Cleared after the message has been processed.
-     */
-    unsigned int change_cipher_spec_ok;
-#  ifndef OPENSSL_NO_SCTP
-    /* used when SSL_ST_XX_FLUSH is entered */
-    int next_state;
-    int shutdown_received;
-#  endif
-} DTLS1_STATE;
-
-typedef struct dtls1_record_data_st {
-    unsigned char *packet;
-    unsigned int packet_length;
-    SSL3_BUFFER rbuf;
-    SSL3_RECORD rrec;
-#  ifndef OPENSSL_NO_SCTP
-    struct bio_dgram_sctp_rcvinfo recordinfo;
-#  endif
-} DTLS1_RECORD_DATA;
-
-# endif
-
-/* Timeout multipliers (timeout slice is defined in apps/timeouts.h */
-# define DTLS1_TMO_READ_COUNT                      2
-# define DTLS1_TMO_WRITE_COUNT                     2
-
-# define DTLS1_TMO_ALERT_COUNT                     12
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/freebsd/crypto/openssl/ssl/kssl.c b/freebsd/crypto/openssl/ssl/kssl.c
deleted file mode 100644
index 0688bcf2..00000000
--- a/freebsd/crypto/openssl/ssl/kssl.c
+++ /dev/null
@@ -1,2273 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* ssl/kssl.c */
-/*
- * Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000-2018 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/*-
- * ssl/kssl.c  --  Routines to support (& debug) Kerberos5 auth for openssl
- *
- *  19990701    VRS     Started.
- *  200011??    Jeffrey Altman, Richard Levitte
- *                      Generalized for Heimdal, Newer MIT, & Win32.
- *                      Integrated into main OpenSSL 0.9.7 snapshots.
- *  20010413    Simon Wilkinson, VRS
- *                      Real RFC2712 KerberosWrapper replaces AP_REQ.
- */
-
-#include <openssl/opensslconf.h>
-
-#include <string.h>
-
-#define KRB5_PRIVATE    1
-
-#include <openssl/ssl.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/krb5_asn.h>
-#include "o_time.h"
-#include "kssl_lcl.h"
-
-#ifndef OPENSSL_NO_KRB5
-
-# ifndef ENOMEM
-#  define ENOMEM KRB5KRB_ERR_GENERIC
-# endif
-
-/*
- * When OpenSSL is built on Windows, we do not want to require that
- * the Kerberos DLLs be available in order for the OpenSSL DLLs to
- * work.  Therefore, all Kerberos routines are loaded at run time
- * and we do not link to a .LIB file.
- */
-
-# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
-/*
- * The purpose of the following pre-processor statements is to provide
- * compatibility with different releases of MIT Kerberos for Windows.
- * All versions up to 1.2 used macros.  But macros do not allow for
- * a binary compatible interface for DLLs.  Therefore, all macros are
- * being replaced by function calls.  The following code will allow
- * an OpenSSL DLL built on Windows to work whether or not the macro
- * or function form of the routines are utilized.
- */
-#  ifdef  krb5_cc_get_principal
-#   define NO_DEF_KRB5_CCACHE
-#   undef  krb5_cc_get_principal
-#  endif
-#  define krb5_cc_get_principal    kssl_krb5_cc_get_principal
-
-#  define krb5_free_data_contents  kssl_krb5_free_data_contents
-#  define krb5_free_context        kssl_krb5_free_context
-#  define krb5_auth_con_free       kssl_krb5_auth_con_free
-#  define krb5_free_principal      kssl_krb5_free_principal
-#  define krb5_mk_req_extended     kssl_krb5_mk_req_extended
-#  define krb5_get_credentials     kssl_krb5_get_credentials
-#  define krb5_cc_default          kssl_krb5_cc_default
-#  define krb5_sname_to_principal  kssl_krb5_sname_to_principal
-#  define krb5_init_context        kssl_krb5_init_context
-#  define krb5_free_ticket         kssl_krb5_free_ticket
-#  define krb5_rd_req              kssl_krb5_rd_req
-#  define krb5_kt_default          kssl_krb5_kt_default
-#  define krb5_kt_resolve          kssl_krb5_kt_resolve
-/* macros in mit 1.2.2 and earlier; functions in mit 1.2.3 and greater */
-#  ifndef krb5_kt_close
-#   define krb5_kt_close            kssl_krb5_kt_close
-#  endif                        /* krb5_kt_close */
-#  ifndef krb5_kt_get_entry
-#   define krb5_kt_get_entry        kssl_krb5_kt_get_entry
-#  endif                        /* krb5_kt_get_entry */
-#  define krb5_auth_con_init       kssl_krb5_auth_con_init
-
-#  define krb5_principal_compare   kssl_krb5_principal_compare
-#  define krb5_decrypt_tkt_part    kssl_krb5_decrypt_tkt_part
-#  define krb5_timeofday           kssl_krb5_timeofday
-#  define krb5_rc_default          kssl_krb5_rc_default
-
-#  ifdef krb5_rc_initialize
-#   undef krb5_rc_initialize
-#  endif
-#  define krb5_rc_initialize   kssl_krb5_rc_initialize
-
-#  ifdef krb5_rc_get_lifespan
-#   undef krb5_rc_get_lifespan
-#  endif
-#  define krb5_rc_get_lifespan kssl_krb5_rc_get_lifespan
-
-#  ifdef krb5_rc_destroy
-#   undef krb5_rc_destroy
-#  endif
-#  define krb5_rc_destroy      kssl_krb5_rc_destroy
-
-#  define valid_cksumtype      kssl_valid_cksumtype
-#  define krb5_checksum_size   kssl_krb5_checksum_size
-#  define krb5_kt_free_entry   kssl_krb5_kt_free_entry
-#  define krb5_auth_con_setrcache  kssl_krb5_auth_con_setrcache
-#  define krb5_auth_con_getrcache  kssl_krb5_auth_con_getrcache
-#  define krb5_get_server_rcache   kssl_krb5_get_server_rcache
-
-/* Prototypes for built in stubs */
-void kssl_krb5_free_data_contents(krb5_context, krb5_data *);
-void kssl_krb5_free_principal(krb5_context, krb5_principal);
-krb5_error_code kssl_krb5_kt_resolve(krb5_context,
-                                     krb5_const char *, krb5_keytab *);
-krb5_error_code kssl_krb5_kt_default(krb5_context, krb5_keytab *);
-krb5_error_code kssl_krb5_free_ticket(krb5_context, krb5_ticket *);
-krb5_error_code kssl_krb5_rd_req(krb5_context, krb5_auth_context *,
-                                 krb5_const krb5_data *,
-                                 krb5_const_principal, krb5_keytab,
-                                 krb5_flags *, krb5_ticket **);
-
-krb5_boolean kssl_krb5_principal_compare(krb5_context, krb5_const_principal,
-                                         krb5_const_principal);
-krb5_error_code kssl_krb5_mk_req_extended(krb5_context,
-                                          krb5_auth_context *,
-                                          krb5_const krb5_flags,
-                                          krb5_data *,
-                                          krb5_creds *, krb5_data *);
-krb5_error_code kssl_krb5_init_context(krb5_context *);
-void kssl_krb5_free_context(krb5_context);
-krb5_error_code kssl_krb5_cc_default(krb5_context, krb5_ccache *);
-krb5_error_code kssl_krb5_sname_to_principal(krb5_context,
-                                             krb5_const char *,
-                                             krb5_const char *,
-                                             krb5_int32, krb5_principal *);
-krb5_error_code kssl_krb5_get_credentials(krb5_context,
-                                          krb5_const krb5_flags,
-                                          krb5_ccache,
-                                          krb5_creds *, krb5_creds * *);
-krb5_error_code kssl_krb5_auth_con_init(krb5_context, krb5_auth_context *);
-krb5_error_code kssl_krb5_cc_get_principal(krb5_context context,
-                                           krb5_ccache cache,
-                                           krb5_principal *principal);
-krb5_error_code kssl_krb5_auth_con_free(krb5_context, krb5_auth_context);
-size_t kssl_krb5_checksum_size(krb5_context context, krb5_cksumtype ctype);
-krb5_boolean kssl_valid_cksumtype(krb5_cksumtype ctype);
-krb5_error_code krb5_kt_free_entry(krb5_context, krb5_keytab_entry FAR *);
-krb5_error_code kssl_krb5_auth_con_setrcache(krb5_context,
-                                             krb5_auth_context, krb5_rcache);
-krb5_error_code kssl_krb5_get_server_rcache(krb5_context,
-                                            krb5_const krb5_data *,
-                                            krb5_rcache *);
-krb5_error_code kssl_krb5_auth_con_getrcache(krb5_context,
-                                             krb5_auth_context,
-                                             krb5_rcache *);
-
-/* Function pointers (almost all Kerberos functions are _stdcall) */
-static void (_stdcall *p_krb5_free_data_contents) (krb5_context, krb5_data *)
-    = NULL;
-static void (_stdcall *p_krb5_free_principal) (krb5_context, krb5_principal)
-    = NULL;
-static krb5_error_code(_stdcall *p_krb5_kt_resolve)
- (krb5_context, krb5_const char *, krb5_keytab *) = NULL;
-static krb5_error_code(_stdcall *p_krb5_kt_default) (krb5_context,
-                                                     krb5_keytab *) = NULL;
-static krb5_error_code(_stdcall *p_krb5_free_ticket) (krb5_context,
-                                                      krb5_ticket *) = NULL;
-static krb5_error_code(_stdcall *p_krb5_rd_req) (krb5_context,
-                                                 krb5_auth_context *,
-                                                 krb5_const krb5_data *,
-                                                 krb5_const_principal,
-                                                 krb5_keytab, krb5_flags *,
-                                                 krb5_ticket **) = NULL;
-static krb5_error_code(_stdcall *p_krb5_mk_req_extended)
- (krb5_context, krb5_auth_context *,
-  krb5_const krb5_flags, krb5_data *, krb5_creds *, krb5_data *) = NULL;
-static krb5_error_code(_stdcall *p_krb5_init_context) (krb5_context *) = NULL;
-static void (_stdcall *p_krb5_free_context) (krb5_context) = NULL;
-static krb5_error_code(_stdcall *p_krb5_cc_default) (krb5_context,
-                                                     krb5_ccache *) = NULL;
-static krb5_error_code(_stdcall *p_krb5_sname_to_principal)
- (krb5_context, krb5_const char *, krb5_const char *,
-  krb5_int32, krb5_principal *) = NULL;
-static krb5_error_code(_stdcall *p_krb5_get_credentials)
- (krb5_context, krb5_const krb5_flags, krb5_ccache,
-  krb5_creds *, krb5_creds **) = NULL;
-static krb5_error_code(_stdcall *p_krb5_auth_con_init)
- (krb5_context, krb5_auth_context *) = NULL;
-static krb5_error_code(_stdcall *p_krb5_cc_get_principal)
- (krb5_context context, krb5_ccache cache, krb5_principal *principal) = NULL;
-static krb5_error_code(_stdcall *p_krb5_auth_con_free)
- (krb5_context, krb5_auth_context) = NULL;
-static krb5_error_code(_stdcall *p_krb5_decrypt_tkt_part)
- (krb5_context, krb5_const krb5_keyblock *, krb5_ticket *) = NULL;
-static krb5_error_code(_stdcall *p_krb5_timeofday)
- (krb5_context context, krb5_int32 *timeret) = NULL;
-static krb5_error_code(_stdcall *p_krb5_rc_default)
- (krb5_context context, krb5_rcache *rc) = NULL;
-static krb5_error_code(_stdcall *p_krb5_rc_initialize)
- (krb5_context context, krb5_rcache rc, krb5_deltat lifespan) = NULL;
-static krb5_error_code(_stdcall *p_krb5_rc_get_lifespan)
- (krb5_context context, krb5_rcache rc, krb5_deltat *lifespan) = NULL;
-static krb5_error_code(_stdcall *p_krb5_rc_destroy)
- (krb5_context context, krb5_rcache rc) = NULL;
-static krb5_boolean(_stdcall *p_krb5_principal_compare)
- (krb5_context, krb5_const_principal, krb5_const_principal) = NULL;
-static size_t (_stdcall *p_krb5_checksum_size) (krb5_context context,
-                                                krb5_cksumtype ctype) = NULL;
-static krb5_boolean(_stdcall *p_valid_cksumtype) (krb5_cksumtype ctype) =
-    NULL;
-static krb5_error_code(_stdcall *p_krb5_kt_free_entry)
- (krb5_context, krb5_keytab_entry *) = NULL;
-static krb5_error_code(_stdcall *p_krb5_auth_con_setrcache) (krb5_context,
-                                                             krb5_auth_context,
-                                                             krb5_rcache) =
-    NULL;
-static krb5_error_code(_stdcall *p_krb5_get_server_rcache) (krb5_context,
-                                                            krb5_const
-                                                            krb5_data *,
-                                                            krb5_rcache *) =
-    NULL;
-static krb5_error_code(*p_krb5_auth_con_getrcache) (krb5_context,
-                                                    krb5_auth_context,
-                                                    krb5_rcache *) = NULL;
-static krb5_error_code(_stdcall *p_krb5_kt_close) (krb5_context context,
-                                                   krb5_keytab keytab) = NULL;
-static krb5_error_code(_stdcall *p_krb5_kt_get_entry) (krb5_context context,
-                                                       krb5_keytab keytab,
-                                                       krb5_const_principal
-                                                       principal,
-                                                       krb5_kvno vno,
-                                                       krb5_enctype enctype,
-                                                       krb5_keytab_entry
-                                                       *entry) = NULL;
-static int krb5_loaded = 0;     /* only attempt to initialize func ptrs once */
-
-/* Function to Load the Kerberos 5 DLL and initialize function pointers */
-void load_krb5_dll(void)
-{
-    HANDLE hKRB5_32;
-
-    krb5_loaded++;
-    hKRB5_32 = LoadLibrary(TEXT("KRB5_32"));
-    if (!hKRB5_32)
-        return;
-
-    (FARPROC) p_krb5_free_data_contents =
-        GetProcAddress(hKRB5_32, "krb5_free_data_contents");
-    (FARPROC) p_krb5_free_context =
-        GetProcAddress(hKRB5_32, "krb5_free_context");
-    (FARPROC) p_krb5_auth_con_free =
-        GetProcAddress(hKRB5_32, "krb5_auth_con_free");
-    (FARPROC) p_krb5_free_principal =
-        GetProcAddress(hKRB5_32, "krb5_free_principal");
-    (FARPROC) p_krb5_mk_req_extended =
-        GetProcAddress(hKRB5_32, "krb5_mk_req_extended");
-    (FARPROC) p_krb5_get_credentials =
-        GetProcAddress(hKRB5_32, "krb5_get_credentials");
-    (FARPROC) p_krb5_cc_get_principal =
-        GetProcAddress(hKRB5_32, "krb5_cc_get_principal");
-    (FARPROC) p_krb5_cc_default = GetProcAddress(hKRB5_32, "krb5_cc_default");
-    (FARPROC) p_krb5_sname_to_principal =
-        GetProcAddress(hKRB5_32, "krb5_sname_to_principal");
-    (FARPROC) p_krb5_init_context =
-        GetProcAddress(hKRB5_32, "krb5_init_context");
-    (FARPROC) p_krb5_free_ticket =
-        GetProcAddress(hKRB5_32, "krb5_free_ticket");
-    (FARPROC) p_krb5_rd_req = GetProcAddress(hKRB5_32, "krb5_rd_req");
-    (FARPROC) p_krb5_principal_compare =
-        GetProcAddress(hKRB5_32, "krb5_principal_compare");
-    (FARPROC) p_krb5_decrypt_tkt_part =
-        GetProcAddress(hKRB5_32, "krb5_decrypt_tkt_part");
-    (FARPROC) p_krb5_timeofday = GetProcAddress(hKRB5_32, "krb5_timeofday");
-    (FARPROC) p_krb5_rc_default = GetProcAddress(hKRB5_32, "krb5_rc_default");
-    (FARPROC) p_krb5_rc_initialize =
-        GetProcAddress(hKRB5_32, "krb5_rc_initialize");
-    (FARPROC) p_krb5_rc_get_lifespan =
-        GetProcAddress(hKRB5_32, "krb5_rc_get_lifespan");
-    (FARPROC) p_krb5_rc_destroy = GetProcAddress(hKRB5_32, "krb5_rc_destroy");
-    (FARPROC) p_krb5_kt_default = GetProcAddress(hKRB5_32, "krb5_kt_default");
-    (FARPROC) p_krb5_kt_resolve = GetProcAddress(hKRB5_32, "krb5_kt_resolve");
-    (FARPROC) p_krb5_auth_con_init =
-        GetProcAddress(hKRB5_32, "krb5_auth_con_init");
-    (FARPROC) p_valid_cksumtype = GetProcAddress(hKRB5_32, "valid_cksumtype");
-    (FARPROC) p_krb5_checksum_size =
-        GetProcAddress(hKRB5_32, "krb5_checksum_size");
-    (FARPROC) p_krb5_kt_free_entry =
-        GetProcAddress(hKRB5_32, "krb5_kt_free_entry");
-    (FARPROC) p_krb5_auth_con_setrcache =
-        GetProcAddress(hKRB5_32, "krb5_auth_con_setrcache");
-    (FARPROC) p_krb5_get_server_rcache =
-        GetProcAddress(hKRB5_32, "krb5_get_server_rcache");
-    (FARPROC) p_krb5_auth_con_getrcache =
-        GetProcAddress(hKRB5_32, "krb5_auth_con_getrcache");
-    (FARPROC) p_krb5_kt_close = GetProcAddress(hKRB5_32, "krb5_kt_close");
-    (FARPROC) p_krb5_kt_get_entry =
-        GetProcAddress(hKRB5_32, "krb5_kt_get_entry");
-}
-
-/* Stubs for each function to be dynamicly loaded */
-void kssl_krb5_free_data_contents(krb5_context CO, krb5_data *data)
-{
-    if (!krb5_loaded)
-        load_krb5_dll();
-
-    if (p_krb5_free_data_contents)
-        p_krb5_free_data_contents(CO, data);
-}
-
-krb5_error_code
-kssl_krb5_mk_req_extended(krb5_context CO,
-                          krb5_auth_context *pACO,
-                          krb5_const krb5_flags F,
-                          krb5_data *pD1, krb5_creds *pC, krb5_data *pD2)
-{
-    if (!krb5_loaded)
-        load_krb5_dll();
-
-    if (p_krb5_mk_req_extended)
-        return (p_krb5_mk_req_extended(CO, pACO, F, pD1, pC, pD2));
-    else
-        return KRB5KRB_ERR_GENERIC;
-}
-
-krb5_error_code
-kssl_krb5_auth_con_init(krb5_context CO, krb5_auth_context *pACO)
-{
-    if (!krb5_loaded)
-        load_krb5_dll();
-
-    if (p_krb5_auth_con_init)
-        return (p_krb5_auth_con_init(CO, pACO));
-    else
-        return KRB5KRB_ERR_GENERIC;
-}
-
-krb5_error_code
-kssl_krb5_auth_con_free(krb5_context CO, krb5_auth_context ACO)
-{
-    if (!krb5_loaded)
-        load_krb5_dll();
-
-    if (p_krb5_auth_con_free)
-        return (p_krb5_auth_con_free(CO, ACO));
-    else
-        return KRB5KRB_ERR_GENERIC;
-}
-
-krb5_error_code
-kssl_krb5_get_credentials(krb5_context CO,
-                          krb5_const krb5_flags F,
-                          krb5_ccache CC, krb5_creds *pCR, krb5_creds **ppCR)
-{
-    if (!krb5_loaded)
-        load_krb5_dll();
-
-    if (p_krb5_get_credentials)
-        return (p_krb5_get_credentials(CO, F, CC, pCR, ppCR));
-    else
-        return KRB5KRB_ERR_GENERIC;
-}
-
-krb5_error_code
-kssl_krb5_sname_to_principal(krb5_context CO,
-                             krb5_const char *pC1,
-                             krb5_const char *pC2,
-                             krb5_int32 I, krb5_principal *pPR)
-{
-    if (!krb5_loaded)
-        load_krb5_dll();
-
-    if (p_krb5_sname_to_principal)
-        return (p_krb5_sname_to_principal(CO, pC1, pC2, I, pPR));
-    else
-        return KRB5KRB_ERR_GENERIC;
-}
-
-krb5_error_code kssl_krb5_cc_default(krb5_context CO, krb5_ccache *pCC)
-{
-    if (!krb5_loaded)
-        load_krb5_dll();
-
-    if (p_krb5_cc_default)
-        return (p_krb5_cc_default(CO, pCC));
-    else
-        return KRB5KRB_ERR_GENERIC;
-}
-
-krb5_error_code kssl_krb5_init_context(krb5_context *pCO)
-{
-    if (!krb5_loaded)
-        load_krb5_dll();
-
-    if (p_krb5_init_context)
-        return (p_krb5_init_context(pCO));
-    else
-        return KRB5KRB_ERR_GENERIC;
-}
-
-void kssl_krb5_free_context(krb5_context CO)
-{
-    if (!krb5_loaded)
-        load_krb5_dll();
-
-    if (p_krb5_free_context)
-        p_krb5_free_context(CO);
-}
-
-void kssl_krb5_free_principal(krb5_context c, krb5_principal p)
-{
-    if (!krb5_loaded)
-        load_krb5_dll();
-
-    if (p_krb5_free_principal)
-        p_krb5_free_principal(c, p);
-}
-
-krb5_error_code
-kssl_krb5_kt_resolve(krb5_context con, krb5_const char *sz, krb5_keytab *kt)
-{
-    if (!krb5_loaded)
-        load_krb5_dll();
-
-    if (p_krb5_kt_resolve)
-        return (p_krb5_kt_resolve(con, sz, kt));
-    else
-        return KRB5KRB_ERR_GENERIC;
-}
-
-krb5_error_code kssl_krb5_kt_default(krb5_context con, krb5_keytab *kt)
-{
-    if (!krb5_loaded)
-        load_krb5_dll();
-
-    if (p_krb5_kt_default)
-        return (p_krb5_kt_default(con, kt));
-    else
-        return KRB5KRB_ERR_GENERIC;
-}
-
-krb5_error_code kssl_krb5_free_ticket(krb5_context con, krb5_ticket *kt)
-{
-    if (!krb5_loaded)
-        load_krb5_dll();
-
-    if (p_krb5_free_ticket)
-        return (p_krb5_free_ticket(con, kt));
-    else
-        return KRB5KRB_ERR_GENERIC;
-}
-
-krb5_error_code
-kssl_krb5_rd_req(krb5_context con, krb5_auth_context *pacon,
-                 krb5_const krb5_data *data,
-                 krb5_const_principal princ, krb5_keytab keytab,
-                 krb5_flags *flags, krb5_ticket **pptkt)
-{
-    if (!krb5_loaded)
-        load_krb5_dll();
-
-    if (p_krb5_rd_req)
-        return (p_krb5_rd_req(con, pacon, data, princ, keytab, flags, pptkt));
-    else
-        return KRB5KRB_ERR_GENERIC;
-}
-
-krb5_boolean
-krb5_principal_compare(krb5_context con, krb5_const_principal princ1,
-                       krb5_const_principal princ2)
-{
-    if (!krb5_loaded)
-        load_krb5_dll();
-
-    if (p_krb5_principal_compare)
-        return (p_krb5_principal_compare(con, princ1, princ2));
-    else
-        return KRB5KRB_ERR_GENERIC;
-}
-
-krb5_error_code
-krb5_decrypt_tkt_part(krb5_context con, krb5_const krb5_keyblock *keys,
-                      krb5_ticket *ticket)
-{
-    if (!krb5_loaded)
-        load_krb5_dll();
-
-    if (p_krb5_decrypt_tkt_part)
-        return (p_krb5_decrypt_tkt_part(con, keys, ticket));
-    else
-        return KRB5KRB_ERR_GENERIC;
-}
-
-krb5_error_code krb5_timeofday(krb5_context con, krb5_int32 *timeret)
-{
-    if (!krb5_loaded)
-        load_krb5_dll();
-
-    if (p_krb5_timeofday)
-        return (p_krb5_timeofday(con, timeret));
-    else
-        return KRB5KRB_ERR_GENERIC;
-}
-
-krb5_error_code krb5_rc_default(krb5_context con, krb5_rcache *rc)
-{
-    if (!krb5_loaded)
-        load_krb5_dll();
-
-    if (p_krb5_rc_default)
-        return (p_krb5_rc_default(con, rc));
-    else
-        return KRB5KRB_ERR_GENERIC;
-}
-
-krb5_error_code
-krb5_rc_initialize(krb5_context con, krb5_rcache rc, krb5_deltat lifespan)
-{
-    if (!krb5_loaded)
-        load_krb5_dll();
-
-    if (p_krb5_rc_initialize)
-        return (p_krb5_rc_initialize(con, rc, lifespan));
-    else
-        return KRB5KRB_ERR_GENERIC;
-}
-
-krb5_error_code
-krb5_rc_get_lifespan(krb5_context con, krb5_rcache rc, krb5_deltat *lifespanp)
-{
-    if (!krb5_loaded)
-        load_krb5_dll();
-
-    if (p_krb5_rc_get_lifespan)
-        return (p_krb5_rc_get_lifespan(con, rc, lifespanp));
-    else
-        return KRB5KRB_ERR_GENERIC;
-}
-
-krb5_error_code krb5_rc_destroy(krb5_context con, krb5_rcache rc)
-{
-    if (!krb5_loaded)
-        load_krb5_dll();
-
-    if (p_krb5_rc_destroy)
-        return (p_krb5_rc_destroy(con, rc));
-    else
-        return KRB5KRB_ERR_GENERIC;
-}
-
-size_t krb5_checksum_size(krb5_context context, krb5_cksumtype ctype)
-{
-    if (!krb5_loaded)
-        load_krb5_dll();
-
-    if (p_krb5_checksum_size)
-        return (p_krb5_checksum_size(context, ctype));
-    else
-        return KRB5KRB_ERR_GENERIC;
-}
-
-krb5_boolean valid_cksumtype(krb5_cksumtype ctype)
-{
-    if (!krb5_loaded)
-        load_krb5_dll();
-
-    if (p_valid_cksumtype)
-        return (p_valid_cksumtype(ctype));
-    else
-        return KRB5KRB_ERR_GENERIC;
-}
-
-krb5_error_code krb5_kt_free_entry(krb5_context con, krb5_keytab_entry *entry)
-{
-    if (!krb5_loaded)
-        load_krb5_dll();
-
-    if (p_krb5_kt_free_entry)
-        return (p_krb5_kt_free_entry(con, entry));
-    else
-        return KRB5KRB_ERR_GENERIC;
-}
-
-/* Structure definitions  */
-#  ifndef NO_DEF_KRB5_CCACHE
-#   ifndef krb5_x
-#    define krb5_x(ptr,args) ((ptr)?((*(ptr)) args):(abort(),1))
-#    define krb5_xc(ptr,args) ((ptr)?((*(ptr)) args):(abort(),(char*)0))
-#   endif
-
-typedef krb5_pointer krb5_cc_cursor; /* cursor for sequential lookup */
-
-typedef struct _krb5_ccache {
-    krb5_magic magic;
-    struct _krb5_cc_ops FAR *ops;
-    krb5_pointer data;
-} *krb5_ccache;
-
-typedef struct _krb5_cc_ops {
-    krb5_magic magic;
-    char *prefix;
-    char *(KRB5_CALLCONV *get_name)
-     (krb5_context, krb5_ccache);
-     krb5_error_code(KRB5_CALLCONV *resolve)
-     (krb5_context, krb5_ccache *, const char *);
-     krb5_error_code(KRB5_CALLCONV *gen_new)
-     (krb5_context, krb5_ccache *);
-     krb5_error_code(KRB5_CALLCONV *init)
-     (krb5_context, krb5_ccache, krb5_principal);
-     krb5_error_code(KRB5_CALLCONV *destroy)
-     (krb5_context, krb5_ccache);
-     krb5_error_code(KRB5_CALLCONV *close)
-     (krb5_context, krb5_ccache);
-     krb5_error_code(KRB5_CALLCONV *store)
-     (krb5_context, krb5_ccache, krb5_creds *);
-     krb5_error_code(KRB5_CALLCONV *retrieve)
-     (krb5_context, krb5_ccache, krb5_flags, krb5_creds *, krb5_creds *);
-     krb5_error_code(KRB5_CALLCONV *get_princ)
-     (krb5_context, krb5_ccache, krb5_principal *);
-     krb5_error_code(KRB5_CALLCONV *get_first)
-     (krb5_context, krb5_ccache, krb5_cc_cursor *);
-     krb5_error_code(KRB5_CALLCONV *get_next)
-     (krb5_context, krb5_ccache, krb5_cc_cursor *, krb5_creds *);
-     krb5_error_code(KRB5_CALLCONV *end_get)
-     (krb5_context, krb5_ccache, krb5_cc_cursor *);
-     krb5_error_code(KRB5_CALLCONV *remove_cred)
-     (krb5_context, krb5_ccache, krb5_flags, krb5_creds *);
-     krb5_error_code(KRB5_CALLCONV *set_flags)
-     (krb5_context, krb5_ccache, krb5_flags);
-} krb5_cc_ops;
-#  endif                        /* NO_DEF_KRB5_CCACHE */
-
-krb5_error_code
-    kssl_krb5_cc_get_principal
-    (krb5_context context, krb5_ccache cache, krb5_principal *principal) {
-    if (p_krb5_cc_get_principal)
-        return (p_krb5_cc_get_principal(context, cache, principal));
-    else
-        return (krb5_x((cache)->ops->get_princ, (context, cache, principal)));
-}
-
-krb5_error_code
-kssl_krb5_auth_con_setrcache(krb5_context con, krb5_auth_context acon,
-                             krb5_rcache rcache)
-{
-    if (p_krb5_auth_con_setrcache)
-        return (p_krb5_auth_con_setrcache(con, acon, rcache));
-    else
-        return KRB5KRB_ERR_GENERIC;
-}
-
-krb5_error_code
-kssl_krb5_get_server_rcache(krb5_context con, krb5_const krb5_data *data,
-                            krb5_rcache *rcache)
-{
-    if (p_krb5_get_server_rcache)
-        return (p_krb5_get_server_rcache(con, data, rcache));
-    else
-        return KRB5KRB_ERR_GENERIC;
-}
-
-krb5_error_code
-kssl_krb5_auth_con_getrcache(krb5_context con, krb5_auth_context acon,
-                             krb5_rcache *prcache)
-{
-    if (p_krb5_auth_con_getrcache)
-        return (p_krb5_auth_con_getrcache(con, acon, prcache));
-    else
-        return KRB5KRB_ERR_GENERIC;
-}
-
-krb5_error_code kssl_krb5_kt_close(krb5_context context, krb5_keytab keytab)
-{
-    if (p_krb5_kt_close)
-        return (p_krb5_kt_close(context, keytab));
-    else
-        return KRB5KRB_ERR_GENERIC;
-}
-
-krb5_error_code
-kssl_krb5_kt_get_entry(krb5_context context, krb5_keytab keytab,
-                       krb5_const_principal principal, krb5_kvno vno,
-                       krb5_enctype enctype, krb5_keytab_entry *entry)
-{
-    if (p_krb5_kt_get_entry)
-        return (p_krb5_kt_get_entry
-                (context, keytab, principal, vno, enctype, entry));
-    else
-        return KRB5KRB_ERR_GENERIC;
-}
-# endif                         /* OPENSSL_SYS_WINDOWS || OPENSSL_SYS_WIN32 */
-
-/*
- * memory allocation functions for non-temporary storage (e.g. stuff that
- * gets saved into the kssl context)
- */
-static void *kssl_calloc(size_t nmemb, size_t size)
-{
-    void *p;
-
-    p = OPENSSL_malloc(nmemb * size);
-    if (p) {
-        memset(p, 0, nmemb * size);
-    }
-    return p;
-}
-
-# define kssl_malloc(size) OPENSSL_malloc((size))
-# define kssl_realloc(ptr, size) OPENSSL_realloc(ptr, size)
-# define kssl_free(ptr) OPENSSL_free((ptr))
-
-char
-*kstring(char *string)
-{
-    static char *null = "[NULL]";
-
-    return ((string == NULL) ? null : string);
-}
-
-/*
- * Given KRB5 enctype (basically DES or 3DES), return closest match openssl
- * EVP_ encryption algorithm.  Return NULL for unknown or problematic
- * (krb5_dk_encrypt) enctypes.  Assume ENCTYPE_*_RAW (krb5_raw_encrypt) are
- * OK.
- */
-const EVP_CIPHER *kssl_map_enc(krb5_enctype enctype)
-{
-    switch (enctype) {
-    case ENCTYPE_DES_HMAC_SHA1: /* EVP_des_cbc(); */
-    case ENCTYPE_DES_CBC_CRC:
-    case ENCTYPE_DES_CBC_MD4:
-    case ENCTYPE_DES_CBC_MD5:
-    case ENCTYPE_DES_CBC_RAW:
-        return EVP_des_cbc();
-        break;
-    case ENCTYPE_DES3_CBC_SHA1: /* EVP_des_ede3_cbc(); */
-    case ENCTYPE_DES3_CBC_SHA:
-    case ENCTYPE_DES3_CBC_RAW:
-        return EVP_des_ede3_cbc();
-        break;
-    default:
-        return NULL;
-        break;
-    }
-}
-
-/*
- * Return true:1 if p "looks like" the start of the real authenticator
- * described in kssl_skip_confound() below.  The ASN.1 pattern is "62 xx 30
- * yy" (APPLICATION-2, SEQUENCE), where xx-yy =~ 2, and xx and yy are
- * possibly multi-byte length fields.
- */
-static int kssl_test_confound(unsigned char *p)
-{
-    int len = 2;
-    int xx = 0, yy = 0;
-
-    if (*p++ != 0x62)
-        return 0;
-    if (*p > 0x82)
-        return 0;
-    switch (*p) {
-    case 0x82:
-        p++;
-        xx = (*p++ << 8);
-        xx += *p++;
-        break;
-    case 0x81:
-        p++;
-        xx = *p++;
-        break;
-    case 0x80:
-        return 0;
-    default:
-        xx = *p++;
-        break;
-    }
-    if (*p++ != 0x30)
-        return 0;
-    if (*p > 0x82)
-        return 0;
-    switch (*p) {
-    case 0x82:
-        p++;
-        len += 2;
-        yy = (*p++ << 8);
-        yy += *p++;
-        break;
-    case 0x81:
-        p++;
-        len++;
-        yy = *p++;
-        break;
-    case 0x80:
-        return 0;
-    default:
-        yy = *p++;
-        break;
-    }
-
-    return (xx - len == yy) ? 1 : 0;
-}
-
-/*
- * Allocate, fill, and return cksumlens array of checksum lengths.  This
- * array holds just the unique elements from the krb5_cksumarray[].  array[n]
- * == 0 signals end of data.  The krb5_cksumarray[] was an internal variable
- * that has since been replaced by a more general method for storing the
- * data.  It should not be used.  Instead we use real API calls and make a
- * guess for what the highest assigned CKSUMTYPE_ constant is.  As of 1.2.2
- * it is 0x000c (CKSUMTYPE_HMAC_SHA1_DES3).  So we will use 0x0010.
- */
-static size_t *populate_cksumlens(void)
-{
-    int i, j, n;
-    static size_t *cklens = NULL;
-
-# ifdef KRB5_MIT_OLD11
-    n = krb5_max_cksum;
-# else
-    n = 0x0010;
-# endif                         /* KRB5_MIT_OLD11 */
-
-# ifdef KRB5CHECKAUTH
-    if (!cklens && !(cklens = (size_t *)calloc(sizeof(int), n + 1)))
-        return NULL;
-
-    for (i = 0; i < n; i++) {
-        if (!valid_cksumtype(i))
-            continue;           /* array has holes */
-        for (j = 0; j < n; j++) {
-            if (cklens[j] == 0) {
-                cklens[j] = krb5_checksum_size(NULL, i);
-                break;          /* krb5 elem was new: add */
-            }
-            if (cklens[j] == krb5_checksum_size(NULL, i)) {
-                break;          /* ignore duplicate elements */
-            }
-        }
-    }
-# endif                         /* KRB5CHECKAUTH */
-
-    return cklens;
-}
-
-/*-
- *      Return pointer to start of real authenticator within authenticator, or
- *      return NULL on error.
- *      Decrypted authenticator looks like this:
- *              [0 or 8 byte confounder] [4-24 byte checksum] [real authent'r]
- *      This hackery wouldn't be necessary if MIT KRB5 1.0.6 had the
- *      krb5_auth_con_getcksumtype() function advertised in its krb5.h.
- */
-unsigned char *kssl_skip_confound(krb5_enctype etype, unsigned char *a)
-{
-    int i, conlen;
-    size_t cklen;
-    static size_t *cksumlens = NULL;
-    unsigned char *test_auth;
-
-    conlen = (etype) ? 8 : 0;
-
-    if (!cksumlens && !(cksumlens = populate_cksumlens()))
-        return NULL;
-    for (i = 0; (cklen = cksumlens[i]) != 0; i++) {
-        test_auth = a + conlen + cklen;
-        if (kssl_test_confound(test_auth))
-            return test_auth;
-    }
-
-    return NULL;
-}
-
-/*
- * Set kssl_err error info when reason text is a simple string kssl_err =
- * struct { int reason; char text[KSSL_ERR_MAX+1]; }
- */
-void kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text)
-{
-    if (kssl_err == NULL)
-        return;
-
-    kssl_err->reason = reason;
-    BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, "%s", text);
-    return;
-}
-
-/*
- * Display contents of krb5_data struct, for debugging
- */
-void print_krb5_data(char *label, krb5_data *kdata)
-{
-    int i;
-
-    fprintf(stderr, "%s[%d] ", label, kdata->length);
-    for (i = 0; i < (int)kdata->length; i++) {
-        if (0 && isprint((int)kdata->data[i]))
-            fprintf(stderr, "%c ", kdata->data[i]);
-        else
-            fprintf(stderr, "%02x ", (unsigned char)kdata->data[i]);
-    }
-    fprintf(stderr, "\n");
-}
-
-/*
- * Display contents of krb5_authdata struct, for debugging
- */
-void print_krb5_authdata(char *label, krb5_authdata **adata)
-{
-    if (adata == NULL) {
-        fprintf(stderr, "%s, authdata==0\n", label);
-        return;
-    }
-    fprintf(stderr, "%s [%p]\n", label, (void *)adata);
-# if 0
-    {
-        int i;
-        fprintf(stderr, "%s[at%d:%d] ", label, adata->ad_type, adata->length);
-        for (i = 0; i < adata->length; i++) {
-            fprintf(stderr, (isprint(adata->contents[i])) ? "%c " : "%02x",
-                    adata->contents[i]);
-        }
-        fprintf(stderr, "\n");
-    }
-# endif
-}
-
-/*
- * Display contents of krb5_keyblock struct, for debugging
- */
-void print_krb5_keyblock(char *label, krb5_keyblock *keyblk)
-{
-    int i;
-
-    if (keyblk == NULL) {
-        fprintf(stderr, "%s, keyblk==0\n", label);
-        return;
-    }
-# ifdef KRB5_HEIMDAL
-    fprintf(stderr, "%s\n\t[et%d:%d]: ", label, keyblk->keytype,
-            keyblk->keyvalue->length);
-    for (i = 0; i < (int)keyblk->keyvalue->length; i++) {
-        fprintf(stderr, "%02x",
-                (unsigned char *)(keyblk->keyvalue->contents)[i]);
-    }
-    fprintf(stderr, "\n");
-# else
-    fprintf(stderr, "%s\n\t[et%d:%d]: ", label, keyblk->enctype,
-            keyblk->length);
-    for (i = 0; i < (int)keyblk->length; i++) {
-        fprintf(stderr, "%02x", keyblk->contents[i]);
-    }
-    fprintf(stderr, "\n");
-# endif
-}
-
-/*
- * Display contents of krb5_principal_data struct, for debugging
- * (krb5_principal is typedef'd == krb5_principal_data *)
- */
-static void print_krb5_princ(char *label, krb5_principal_data *princ)
-{
-    int i, ui, uj;
-
-    fprintf(stderr, "%s principal Realm: ", label);
-    if (princ == NULL)
-        return;
-    for (ui = 0; ui < (int)princ->realm.length; ui++)
-        putchar(princ->realm.data[ui]);
-    fprintf(stderr, " (nametype %d) has %d strings:\n", princ->type,
-            princ->length);
-    for (i = 0; i < (int)princ->length; i++) {
-        fprintf(stderr, "\t%d [%d]: ", i, princ->data[i].length);
-        for (uj = 0; uj < (int)princ->data[i].length; uj++) {
-            putchar(princ->data[i].data[uj]);
-        }
-        fprintf(stderr, "\n");
-    }
-    return;
-}
-
-/*-     Given krb5 service (typically "kssl") and hostname in kssl_ctx,
- *      Return encrypted Kerberos ticket for service @ hostname.
- *      If authenp is non-NULL, also return encrypted authenticator,
- *      whose data should be freed by caller.
- *      (Originally was: Create Kerberos AP_REQ message for SSL Client.)
- *
- *      19990628        VRS     Started; Returns Kerberos AP_REQ message.
- *      20010409        VRS     Modified for RFC2712; Returns enc tkt.
- *      20010606        VRS     May also return optional authenticator.
- */
-krb5_error_code kssl_cget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx,
-                              /*
-                               * OUT
-                               */ krb5_data **enc_ticketp,
-                              /*
-                               * UPDATE
-                               */ krb5_data *authenp,
-                              /*
-                               * OUT
-                               */ KSSL_ERR *kssl_err)
-{
-    krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC;
-    krb5_context krb5context = NULL;
-    krb5_auth_context krb5auth_context = NULL;
-    krb5_ccache krb5ccdef = NULL;
-    krb5_creds krb5creds, *krb5credsp = NULL;
-    krb5_data krb5_app_req;
-
-    kssl_err_set(kssl_err, 0, "");
-    memset((char *)&krb5creds, 0, sizeof(krb5creds));
-
-    if (!kssl_ctx) {
-        kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, "No kssl_ctx defined.\n");
-        goto err;
-    } else if (!kssl_ctx->service_host) {
-        kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-                     "kssl_ctx service_host undefined.\n");
-        goto err;
-    }
-
-    if ((krb5rc = krb5_init_context(&krb5context)) != 0) {
-        BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
-                     "krb5_init_context() fails: %d\n", krb5rc);
-        kssl_err->reason = SSL_R_KRB5_C_INIT;
-        goto err;
-    }
-
-    if ((krb5rc = krb5_sname_to_principal(krb5context,
-                                          kssl_ctx->service_host,
-                                          (kssl_ctx->service_name) ?
-                                          kssl_ctx->service_name : KRB5SVC,
-                                          KRB5_NT_SRV_HST,
-                                          &krb5creds.server)) != 0) {
-        BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
-                     "krb5_sname_to_principal() fails for %s/%s\n",
-                     kssl_ctx->service_host,
-                     (kssl_ctx->
-                      service_name) ? kssl_ctx->service_name : KRB5SVC);
-        kssl_err->reason = SSL_R_KRB5_C_INIT;
-        goto err;
-    }
-
-    if ((krb5rc = krb5_cc_default(krb5context, &krb5ccdef)) != 0) {
-        kssl_err_set(kssl_err, SSL_R_KRB5_C_CC_PRINC,
-                     "krb5_cc_default fails.\n");
-        goto err;
-    }
-
-    if ((krb5rc = krb5_cc_get_principal(krb5context, krb5ccdef,
-                                        &krb5creds.client)) != 0) {
-        kssl_err_set(kssl_err, SSL_R_KRB5_C_CC_PRINC,
-                     "krb5_cc_get_principal() fails.\n");
-        goto err;
-    }
-
-    if ((krb5rc = krb5_get_credentials(krb5context, 0, krb5ccdef,
-                                       &krb5creds, &krb5credsp)) != 0) {
-        kssl_err_set(kssl_err, SSL_R_KRB5_C_GET_CRED,
-                     "krb5_get_credentials() fails.\n");
-        goto err;
-    }
-
-    *enc_ticketp = &krb5credsp->ticket;
-# ifdef KRB5_HEIMDAL
-    kssl_ctx->enctype = krb5credsp->session.keytype;
-# else
-    kssl_ctx->enctype = krb5credsp->keyblock.enctype;
-# endif
-
-    krb5rc = KRB5KRB_ERR_GENERIC;
-    /*      caller should free data of krb5_app_req  */
-    /*
-     * 20010406 VRS deleted for real KerberosWrapper 20010605 VRS reinstated
-     * to offer Authenticator to KerberosWrapper
-     */
-    krb5_app_req.length = 0;
-    if (authenp) {
-        krb5_data krb5in_data;
-        const unsigned char *p;
-        long arlen;
-        KRB5_APREQBODY *ap_req;
-
-        authenp->length = 0;
-        krb5in_data.data = NULL;
-        krb5in_data.length = 0;
-        if ((krb5rc = krb5_mk_req_extended(krb5context,
-                                           &krb5auth_context, 0, &krb5in_data,
-                                           krb5credsp, &krb5_app_req)) != 0) {
-            kssl_err_set(kssl_err, SSL_R_KRB5_C_MK_REQ,
-                         "krb5_mk_req_extended() fails.\n");
-            goto err;
-        }
-
-        arlen = krb5_app_req.length;
-        p = (unsigned char *)krb5_app_req.data;
-        ap_req = (KRB5_APREQBODY *)d2i_KRB5_APREQ(NULL, &p, arlen);
-        if (ap_req) {
-            authenp->length = i2d_KRB5_ENCDATA(ap_req->authenticator, NULL);
-            if (authenp->length && (authenp->data = malloc(authenp->length))) {
-                unsigned char *adp = (unsigned char *)authenp->data;
-                authenp->length =
-                    i2d_KRB5_ENCDATA(ap_req->authenticator, &adp);
-            }
-        }
-
-        if (ap_req)
-            KRB5_APREQ_free((KRB5_APREQ *) ap_req);
-        if (krb5_app_req.length)
-            kssl_krb5_free_data_contents(krb5context, &krb5_app_req);
-    }
-# ifdef KRB5_HEIMDAL
-    if (kssl_ctx_setkey(kssl_ctx, &krb5credsp->session)) {
-        kssl_err_set(kssl_err, SSL_R_KRB5_C_INIT,
-                     "kssl_ctx_setkey() fails.\n");
-    }
-# else
-    if (kssl_ctx_setkey(kssl_ctx, &krb5credsp->keyblock)) {
-        kssl_err_set(kssl_err, SSL_R_KRB5_C_INIT,
-                     "kssl_ctx_setkey() fails.\n");
-    }
-# endif
-    else
-        krb5rc = 0;
-
- err:
-# ifdef KSSL_DEBUG
-    kssl_ctx_show(kssl_ctx);
-# endif                         /* KSSL_DEBUG */
-
-    if (krb5creds.client)
-        krb5_free_principal(krb5context, krb5creds.client);
-    if (krb5creds.server)
-        krb5_free_principal(krb5context, krb5creds.server);
-    if (krb5auth_context)
-        krb5_auth_con_free(krb5context, krb5auth_context);
-    if (krb5context)
-        krb5_free_context(krb5context);
-    return (krb5rc);
-}
-
-/*-
- *  Given d2i_-decoded asn1ticket, allocate and return a new krb5_ticket.
- *  Return Kerberos error code and kssl_err struct on error.
- *  Allocates krb5_ticket and krb5_principal; caller should free these.
- *
- *      20010410        VRS     Implemented krb5_decode_ticket() as
- *                              old_krb5_decode_ticket(). Missing from MIT1.0.6.
- *      20010615        VRS     Re-cast as openssl/asn1 d2i_*() functions.
- *                              Re-used some of the old krb5_decode_ticket()
- *                              code here.  This tkt should alloc/free just
- *                              like the real thing.
- */
-static krb5_error_code kssl_TKT2tkt( /* IN */ krb5_context krb5context,
-                                    /*
-                                     * IN
-                                     */ KRB5_TKTBODY *asn1ticket,
-                                    /*
-                                     * OUT
-                                     */ krb5_ticket **krb5ticket,
-                                    /*
-                                     * OUT
-                                     */ KSSL_ERR *kssl_err)
-{
-    krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC;
-    krb5_ticket *new5ticket = NULL;
-    ASN1_GENERALSTRING *gstr_svc, *gstr_host;
-
-    *krb5ticket = NULL;
-
-    if (asn1ticket == NULL || asn1ticket->realm == NULL ||
-        asn1ticket->sname == NULL ||
-        sk_ASN1_GENERALSTRING_num(asn1ticket->sname->namestring) < 2) {
-        BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
-                     "Null field in asn1ticket.\n");
-        kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
-        return KRB5KRB_ERR_GENERIC;
-    }
-
-    if ((new5ticket = (krb5_ticket *)calloc(1, sizeof(krb5_ticket))) == NULL) {
-        BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
-                     "Unable to allocate new krb5_ticket.\n");
-        kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
-        return ENOMEM;          /* or KRB5KRB_ERR_GENERIC; */
-    }
-
-    gstr_svc = sk_ASN1_GENERALSTRING_value(asn1ticket->sname->namestring, 0);
-    gstr_host = sk_ASN1_GENERALSTRING_value(asn1ticket->sname->namestring, 1);
-
-    if ((krb5rc = kssl_build_principal_2(krb5context,
-                                         &new5ticket->server,
-                                         asn1ticket->realm->length,
-                                         (char *)asn1ticket->realm->data,
-                                         gstr_svc->length,
-                                         (char *)gstr_svc->data,
-                                         gstr_host->length,
-                                         (char *)gstr_host->data)) != 0) {
-        free(new5ticket);
-        BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
-                     "Error building ticket server principal.\n");
-        kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
-        return krb5rc;          /* or KRB5KRB_ERR_GENERIC; */
-    }
-
-    krb5_princ_type(krb5context, new5ticket->server) =
-        asn1ticket->sname->nametype->data[0];
-    new5ticket->enc_part.enctype = asn1ticket->encdata->etype->data[0];
-    new5ticket->enc_part.kvno = asn1ticket->encdata->kvno->data[0];
-    new5ticket->enc_part.ciphertext.length =
-        asn1ticket->encdata->cipher->length;
-    if ((new5ticket->enc_part.ciphertext.data =
-         calloc(1, asn1ticket->encdata->cipher->length)) == NULL) {
-        free(new5ticket);
-        BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
-                     "Error allocating cipher in krb5ticket.\n");
-        kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
-        return KRB5KRB_ERR_GENERIC;
-    } else {
-        memcpy(new5ticket->enc_part.ciphertext.data,
-               asn1ticket->encdata->cipher->data,
-               asn1ticket->encdata->cipher->length);
-    }
-
-    *krb5ticket = new5ticket;
-    return 0;
-}
-
-/*-
- *      Given krb5 service name in KSSL_CTX *kssl_ctx (typically "kssl"),
- *              and krb5 AP_REQ message & message length,
- *      Return Kerberos session key and client principle
- *              to SSL Server in KSSL_CTX *kssl_ctx.
- *
- *      19990702        VRS     Started.
- */
-krb5_error_code kssl_sget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx,
-                              /*
-                               * IN
-                               */ krb5_data *indata,
-                              /*
-                               * OUT
-                               */ krb5_ticket_times *ttimes,
-                              /*
-                               * OUT
-                               */ KSSL_ERR *kssl_err)
-{
-    krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC;
-    static krb5_context krb5context = NULL;
-    static krb5_auth_context krb5auth_context = NULL;
-    krb5_ticket *krb5ticket = NULL;
-    KRB5_TKTBODY *asn1ticket = NULL;
-    const unsigned char *p;
-    krb5_keytab krb5keytab = NULL;
-    krb5_keytab_entry kt_entry;
-    krb5_principal krb5server;
-    krb5_rcache rcache = NULL;
-
-    kssl_err_set(kssl_err, 0, "");
-
-    if (!kssl_ctx) {
-        kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, "No kssl_ctx defined.\n");
-        goto err;
-    }
-# ifdef KSSL_DEBUG
-    fprintf(stderr, "in kssl_sget_tkt(%s)\n",
-            kstring(kssl_ctx->service_name));
-# endif                         /* KSSL_DEBUG */
-
-    if (!krb5context && (krb5rc = krb5_init_context(&krb5context))) {
-        kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-                     "krb5_init_context() fails.\n");
-        goto err;
-    }
-    if (krb5auth_context &&
-        (krb5rc = krb5_auth_con_free(krb5context, krb5auth_context))) {
-        kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-                     "krb5_auth_con_free() fails.\n");
-        goto err;
-    } else
-        krb5auth_context = NULL;
-    if (!krb5auth_context &&
-        (krb5rc = krb5_auth_con_init(krb5context, &krb5auth_context))) {
-        kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-                     "krb5_auth_con_init() fails.\n");
-        goto err;
-    }
-
-    if ((krb5rc = krb5_auth_con_getrcache(krb5context, krb5auth_context,
-                                          &rcache))) {
-        kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-                     "krb5_auth_con_getrcache() fails.\n");
-        goto err;
-    }
-
-    if ((krb5rc = krb5_sname_to_principal(krb5context, NULL,
-                                          (kssl_ctx->service_name) ?
-                                          kssl_ctx->service_name : KRB5SVC,
-                                          KRB5_NT_SRV_HST,
-                                          &krb5server)) != 0) {
-        kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-                     "krb5_sname_to_principal() fails.\n");
-        goto err;
-    }
-
-    if (rcache == NULL) {
-        if ((krb5rc = krb5_get_server_rcache(krb5context,
-                                             krb5_princ_component(krb5context,
-                                                                  krb5server,
-                                                                  0),
-                                             &rcache))) {
-            kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-                         "krb5_get_server_rcache() fails.\n");
-            goto err;
-        }
-    }
-
-    if ((krb5rc =
-         krb5_auth_con_setrcache(krb5context, krb5auth_context, rcache))) {
-        kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-                     "krb5_auth_con_setrcache() fails.\n");
-        goto err;
-    }
-
-    /*
-     * kssl_ctx->keytab_file == NULL ==> use Kerberos default
-     */
-    if (kssl_ctx->keytab_file) {
-        krb5rc = krb5_kt_resolve(krb5context, kssl_ctx->keytab_file,
-                                 &krb5keytab);
-        if (krb5rc) {
-            kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-                         "krb5_kt_resolve() fails.\n");
-            goto err;
-        }
-    } else {
-        krb5rc = krb5_kt_default(krb5context, &krb5keytab);
-        if (krb5rc) {
-            kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-                         "krb5_kt_default() fails.\n");
-            goto err;
-        }
-    }
-
-    /*-     Actual Kerberos5 krb5_recvauth() has initial conversation here
-     *      o       check KRB5_SENDAUTH_BADAUTHVERS
-     *              unless KRB5_RECVAUTH_SKIP_VERSION
-     *      o       check KRB5_SENDAUTH_BADAPPLVERS
-     *      o       send "0" msg if all OK
-     */
-
-    /*-
-     * 20010411 was using AP_REQ instead of true KerberosWrapper
-     *
-     *  if ((krb5rc = krb5_rd_req(krb5context, &krb5auth_context,
-     *                      &krb5in_data, krb5server, krb5keytab,
-     *                      &ap_option, &krb5ticket)) != 0)  { Error }
-     */
-
-    p = (unsigned char *)indata->data;
-    if ((asn1ticket = (KRB5_TKTBODY *)d2i_KRB5_TICKET(NULL, &p,
-                                                      (long)indata->length))
-        == NULL) {
-        BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
-                     "d2i_KRB5_TICKET() ASN.1 decode failure.\n");
-        kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
-        goto err;
-    }
-
-    /*
-     * Was: krb5rc = krb5_decode_ticket(krb5in_data,&krb5ticket)) != 0)
-     */
-    if ((krb5rc = kssl_TKT2tkt(krb5context, asn1ticket, &krb5ticket,
-                               kssl_err)) != 0) {
-        BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
-                     "Error converting ASN.1 ticket to krb5_ticket.\n");
-        kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
-        goto err;
-    }
-
-    if (!krb5_principal_compare(krb5context, krb5server, krb5ticket->server)) {
-        krb5rc = KRB5_PRINC_NOMATCH;
-        BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
-                     "server principal != ticket principal\n");
-        kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
-        goto err;
-    }
-    if ((krb5rc = krb5_kt_get_entry(krb5context, krb5keytab,
-                                    krb5ticket->server,
-                                    krb5ticket->enc_part.kvno,
-                                    krb5ticket->enc_part.enctype,
-                                    &kt_entry)) != 0) {
-        BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
-                     "krb5_kt_get_entry() fails with %x.\n", krb5rc);
-        kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
-        goto err;
-    }
-    if ((krb5rc = krb5_decrypt_tkt_part(krb5context, &kt_entry.key,
-                                        krb5ticket)) != 0) {
-        BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
-                     "krb5_decrypt_tkt_part() failed.\n");
-        kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
-        goto err;
-    } else {
-        krb5_kt_free_entry(krb5context, &kt_entry);
-# ifdef KSSL_DEBUG
-        {
-            int i;
-            krb5_address **paddr = krb5ticket->enc_part2->caddrs;
-            fprintf(stderr, "Decrypted ticket fields:\n");
-            fprintf(stderr, "\tflags: %X, transit-type: %X",
-                    krb5ticket->enc_part2->flags,
-                    krb5ticket->enc_part2->transited.tr_type);
-            print_krb5_data("\ttransit-data: ",
-                            &(krb5ticket->enc_part2->transited.tr_contents));
-            fprintf(stderr, "\tcaddrs: %p, authdata: %p\n",
-                    krb5ticket->enc_part2->caddrs,
-                    krb5ticket->enc_part2->authorization_data);
-            if (paddr) {
-                fprintf(stderr, "\tcaddrs:\n");
-                for (i = 0; paddr[i] != NULL; i++) {
-                    krb5_data d;
-                    d.length = paddr[i]->length;
-                    d.data = paddr[i]->contents;
-                    print_krb5_data("\t\tIP: ", &d);
-                }
-            }
-            fprintf(stderr, "\tstart/auth/end times: %d / %d / %d\n",
-                    krb5ticket->enc_part2->times.starttime,
-                    krb5ticket->enc_part2->times.authtime,
-                    krb5ticket->enc_part2->times.endtime);
-        }
-# endif                         /* KSSL_DEBUG */
-    }
-
-    krb5rc = KRB5_NO_TKT_SUPPLIED;
-    if (!krb5ticket || !krb5ticket->enc_part2 ||
-        !krb5ticket->enc_part2->client ||
-        !krb5ticket->enc_part2->client->data ||
-        !krb5ticket->enc_part2->session) {
-        kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET,
-                     "bad ticket from krb5_rd_req.\n");
-    } else if (kssl_ctx_setprinc(kssl_ctx, KSSL_CLIENT,
-                                 &krb5ticket->enc_part2->client->realm,
-                                 krb5ticket->enc_part2->client->data,
-                                 krb5ticket->enc_part2->client->length)) {
-        kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET,
-                     "kssl_ctx_setprinc() fails.\n");
-    } else if (kssl_ctx_setkey(kssl_ctx, krb5ticket->enc_part2->session)) {
-        kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET,
-                     "kssl_ctx_setkey() fails.\n");
-    } else if (krb5ticket->enc_part2->flags & TKT_FLG_INVALID) {
-        krb5rc = KRB5KRB_AP_ERR_TKT_INVALID;
-        kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET,
-                     "invalid ticket from krb5_rd_req.\n");
-    } else
-        krb5rc = 0;
-
-    kssl_ctx->enctype = krb5ticket->enc_part.enctype;
-    ttimes->authtime = krb5ticket->enc_part2->times.authtime;
-    ttimes->starttime = krb5ticket->enc_part2->times.starttime;
-    ttimes->endtime = krb5ticket->enc_part2->times.endtime;
-    ttimes->renew_till = krb5ticket->enc_part2->times.renew_till;
-
- err:
-# ifdef KSSL_DEBUG
-    kssl_ctx_show(kssl_ctx);
-# endif                         /* KSSL_DEBUG */
-
-    if (asn1ticket)
-        KRB5_TICKET_free((KRB5_TICKET *) asn1ticket);
-    if (krb5keytab)
-        krb5_kt_close(krb5context, krb5keytab);
-    if (krb5ticket)
-        krb5_free_ticket(krb5context, krb5ticket);
-    if (krb5server)
-        krb5_free_principal(krb5context, krb5server);
-    return (krb5rc);
-}
-
-/*
- * Allocate & return a new kssl_ctx struct.
- */
-KSSL_CTX *kssl_ctx_new(void)
-{
-    return ((KSSL_CTX *)kssl_calloc(1, sizeof(KSSL_CTX)));
-}
-
-/*
- * Frees a kssl_ctx struct and any allocated memory it holds.  Returns NULL.
- */
-KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx)
-{
-    if (kssl_ctx == NULL)
-        return kssl_ctx;
-
-    if (kssl_ctx->key)
-        OPENSSL_cleanse(kssl_ctx->key, kssl_ctx->length);
-    if (kssl_ctx->key)
-        kssl_free(kssl_ctx->key);
-    if (kssl_ctx->client_princ)
-        kssl_free(kssl_ctx->client_princ);
-    if (kssl_ctx->service_host)
-        kssl_free(kssl_ctx->service_host);
-    if (kssl_ctx->service_name)
-        kssl_free(kssl_ctx->service_name);
-    if (kssl_ctx->keytab_file)
-        kssl_free(kssl_ctx->keytab_file);
-
-    kssl_free(kssl_ctx);
-    return (KSSL_CTX *)NULL;
-}
-
-/*
- * Given an array of (krb5_data *) entity (and optional realm), set the plain
- * (char *) client_princ or service_host member of the kssl_ctx struct.
- */
-krb5_error_code
-kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
-                  krb5_data *realm, krb5_data *entity, int nentities)
-{
-    char **princ;
-    int length;
-    int i;
-
-    if (kssl_ctx == NULL || entity == NULL)
-        return KSSL_CTX_ERR;
-
-    switch (which) {
-    case KSSL_CLIENT:
-        princ = &kssl_ctx->client_princ;
-        break;
-    case KSSL_SERVER:
-        princ = &kssl_ctx->service_host;
-        break;
-    default:
-        return KSSL_CTX_ERR;
-        break;
-    }
-    if (*princ)
-        kssl_free(*princ);
-
-    /* Add up all the entity->lengths */
-    length = 0;
-    for (i = 0; i < nentities; i++) {
-        length += entity[i].length;
-    }
-    /* Add in space for the '/' character(s) (if any) */
-    length += nentities - 1;
-    /* Space for the ('@'+realm+NULL | NULL) */
-    length += ((realm) ? realm->length + 2 : 1);
-
-    if ((*princ = kssl_calloc(1, length)) == NULL)
-        return KSSL_CTX_ERR;
-    else {
-        for (i = 0; i < nentities; i++) {
-            strncat(*princ, entity[i].data, entity[i].length);
-            if (i < nentities - 1) {
-                strcat(*princ, "/");
-            }
-        }
-        if (realm) {
-            strcat(*princ, "@");
-            (void)strncat(*princ, realm->data, realm->length);
-        }
-    }
-
-    return KSSL_CTX_OK;
-}
-
-/*-     Set one of the plain (char *) string members of the kssl_ctx struct.
- *      Default values should be:
- *              which == KSSL_SERVICE   =>      "khost" (KRB5SVC)
- *              which == KSSL_KEYTAB    =>      "/etc/krb5.keytab" (KRB5KEYTAB)
- */
-krb5_error_code kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text)
-{
-    char **string;
-
-    if (!kssl_ctx)
-        return KSSL_CTX_ERR;
-
-    switch (which) {
-    case KSSL_SERVICE:
-        string = &kssl_ctx->service_name;
-        break;
-    case KSSL_SERVER:
-        string = &kssl_ctx->service_host;
-        break;
-    case KSSL_CLIENT:
-        string = &kssl_ctx->client_princ;
-        break;
-    case KSSL_KEYTAB:
-        string = &kssl_ctx->keytab_file;
-        break;
-    default:
-        return KSSL_CTX_ERR;
-        break;
-    }
-    if (*string)
-        kssl_free(*string);
-
-    if (!text) {
-        *string = '\0';
-        return KSSL_CTX_OK;
-    }
-
-    if ((*string = kssl_calloc(1, strlen(text) + 1)) == NULL)
-        return KSSL_CTX_ERR;
-    else
-        strcpy(*string, text);
-
-    return KSSL_CTX_OK;
-}
-
-/*
- * Copy the Kerberos session key from a (krb5_keyblock *) to a kssl_ctx
- * struct.  Clear kssl_ctx->key if Kerberos session key is NULL.
- */
-krb5_error_code kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session)
-{
-    int length;
-    krb5_enctype enctype;
-    krb5_octet FAR *contents = NULL;
-
-    if (!kssl_ctx)
-        return KSSL_CTX_ERR;
-
-    if (kssl_ctx->key) {
-        OPENSSL_cleanse(kssl_ctx->key, kssl_ctx->length);
-        kssl_free(kssl_ctx->key);
-    }
-
-    if (session) {
-
-# ifdef KRB5_HEIMDAL
-        length = session->keyvalue->length;
-        enctype = session->keytype;
-        contents = session->keyvalue->contents;
-# else
-        length = session->length;
-        enctype = session->enctype;
-        contents = session->contents;
-# endif
-        kssl_ctx->enctype = enctype;
-        kssl_ctx->length = length;
-    } else {
-        kssl_ctx->enctype = ENCTYPE_UNKNOWN;
-        kssl_ctx->length = 0;
-        return KSSL_CTX_OK;
-    }
-
-    if ((kssl_ctx->key =
-         (krb5_octet FAR *)kssl_calloc(1, kssl_ctx->length)) == NULL) {
-        kssl_ctx->length = 0;
-        return KSSL_CTX_ERR;
-    } else
-        memcpy(kssl_ctx->key, contents, length);
-
-    return KSSL_CTX_OK;
-}
-
-/*
- * Display contents of kssl_ctx struct
- */
-void kssl_ctx_show(KSSL_CTX *kssl_ctx)
-{
-    int i;
-
-    printf("kssl_ctx: ");
-    if (kssl_ctx == NULL) {
-        printf("NULL\n");
-        return;
-    } else
-        printf("%p\n", (void *)kssl_ctx);
-
-    printf("\tservice:\t%s\n",
-           (kssl_ctx->service_name) ? kssl_ctx->service_name : "NULL");
-    printf("\tclient:\t%s\n",
-           (kssl_ctx->client_princ) ? kssl_ctx->client_princ : "NULL");
-    printf("\tserver:\t%s\n",
-           (kssl_ctx->service_host) ? kssl_ctx->service_host : "NULL");
-    printf("\tkeytab:\t%s\n",
-           (kssl_ctx->keytab_file) ? kssl_ctx->keytab_file : "NULL");
-    printf("\tkey [%d:%d]:\t", kssl_ctx->enctype, kssl_ctx->length);
-
-    for (i = 0; i < kssl_ctx->length && kssl_ctx->key; i++) {
-        printf("%02x", kssl_ctx->key[i]);
-    }
-    printf("\n");
-    return;
-}
-
-int kssl_keytab_is_available(KSSL_CTX *kssl_ctx)
-{
-    krb5_context krb5context = NULL;
-    krb5_keytab krb5keytab = NULL;
-    krb5_keytab_entry entry;
-    krb5_principal princ = NULL;
-    krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC;
-    int rc = 0;
-
-    if ((krb5rc = krb5_init_context(&krb5context)))
-        return (0);
-
-    /*
-     * kssl_ctx->keytab_file == NULL ==> use Kerberos default
-     */
-    if (kssl_ctx->keytab_file) {
-        krb5rc = krb5_kt_resolve(krb5context, kssl_ctx->keytab_file,
-                                 &krb5keytab);
-        if (krb5rc)
-            goto exit;
-    } else {
-        krb5rc = krb5_kt_default(krb5context, &krb5keytab);
-        if (krb5rc)
-            goto exit;
-    }
-
-    /* the host key we are looking for */
-    krb5rc = krb5_sname_to_principal(krb5context, NULL,
-                                     kssl_ctx->
-                                     service_name ? kssl_ctx->service_name :
-                                     KRB5SVC, KRB5_NT_SRV_HST, &princ);
-
-    if (krb5rc)
-        goto exit;
-
-    krb5rc = krb5_kt_get_entry(krb5context, krb5keytab, princ,
-                               /* IGNORE_VNO */
-                               0,
-                               /* IGNORE_ENCTYPE */
-                               0, &entry);
-    if (krb5rc == KRB5_KT_NOTFOUND) {
-        rc = 1;
-        goto exit;
-    } else if (krb5rc)
-        goto exit;
-
-    krb5_kt_free_entry(krb5context, &entry);
-    rc = 1;
-
- exit:
-    if (krb5keytab)
-        krb5_kt_close(krb5context, krb5keytab);
-    if (princ)
-        krb5_free_principal(krb5context, princ);
-    if (krb5context)
-        krb5_free_context(krb5context);
-    return (rc);
-}
-
-int kssl_tgt_is_available(KSSL_CTX *kssl_ctx)
-{
-    krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC;
-    krb5_context krb5context = NULL;
-    krb5_ccache krb5ccdef = NULL;
-    krb5_creds krb5creds, *krb5credsp = NULL;
-    int rc = 0;
-
-    memset((char *)&krb5creds, 0, sizeof(krb5creds));
-
-    if (!kssl_ctx)
-        return (0);
-
-    if (!kssl_ctx->service_host)
-        return (0);
-
-    if ((krb5rc = krb5_init_context(&krb5context)) != 0)
-        goto err;
-
-    if ((krb5rc = krb5_sname_to_principal(krb5context,
-                                          kssl_ctx->service_host,
-                                          (kssl_ctx->service_name) ?
-                                          kssl_ctx->service_name : KRB5SVC,
-                                          KRB5_NT_SRV_HST,
-                                          &krb5creds.server)) != 0)
-        goto err;
-
-    if ((krb5rc = krb5_cc_default(krb5context, &krb5ccdef)) != 0)
-        goto err;
-
-    if ((krb5rc = krb5_cc_get_principal(krb5context, krb5ccdef,
-                                        &krb5creds.client)) != 0)
-        goto err;
-
-    if ((krb5rc = krb5_get_credentials(krb5context, 0, krb5ccdef,
-                                       &krb5creds, &krb5credsp)) != 0)
-        goto err;
-
-    rc = 1;
-
- err:
-# ifdef KSSL_DEBUG
-    kssl_ctx_show(kssl_ctx);
-# endif                         /* KSSL_DEBUG */
-
-    if (krb5creds.client)
-        krb5_free_principal(krb5context, krb5creds.client);
-    if (krb5creds.server)
-        krb5_free_principal(krb5context, krb5creds.server);
-    if (krb5context)
-        krb5_free_context(krb5context);
-    return (rc);
-}
-
-# if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_WIN32)
-void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data)
-{
-#  ifdef KRB5_HEIMDAL
-    data->length = 0;
-    if (data->data)
-        free(data->data);
-#  elif defined(KRB5_MIT_OLD11)
-    if (data->data) {
-        krb5_xfree(data->data);
-        data->data = 0;
-    }
-#  else
-    krb5_free_data_contents(NULL, data);
-#  endif
-}
-# endif
-/* !OPENSSL_SYS_WINDOWS && !OPENSSL_SYS_WIN32 */
-
-/*
- * Given pointers to KerberosTime and struct tm structs, convert the
- * KerberosTime string to struct tm.  Note that KerberosTime is a
- * ASN1_GENERALIZEDTIME value, constrained to GMT with no fractional seconds
- * as defined in RFC 1510.  Return pointer to the (partially) filled in
- * struct tm on success, return NULL on failure.
- */
-static struct tm *k_gmtime(ASN1_GENERALIZEDTIME *gtime, struct tm *k_tm)
-{
-    char c, *p;
-
-    if (!k_tm)
-        return NULL;
-    if (gtime == NULL || gtime->length < 14)
-        return NULL;
-    if (gtime->data == NULL)
-        return NULL;
-
-    p = (char *)&gtime->data[14];
-
-    c = *p;
-    *p = '\0';
-    p -= 2;
-    k_tm->tm_sec = atoi(p);
-    *(p + 2) = c;
-    c = *p;
-    *p = '\0';
-    p -= 2;
-    k_tm->tm_min = atoi(p);
-    *(p + 2) = c;
-    c = *p;
-    *p = '\0';
-    p -= 2;
-    k_tm->tm_hour = atoi(p);
-    *(p + 2) = c;
-    c = *p;
-    *p = '\0';
-    p -= 2;
-    k_tm->tm_mday = atoi(p);
-    *(p + 2) = c;
-    c = *p;
-    *p = '\0';
-    p -= 2;
-    k_tm->tm_mon = atoi(p) - 1;
-    *(p + 2) = c;
-    c = *p;
-    *p = '\0';
-    p -= 4;
-    k_tm->tm_year = atoi(p) - 1900;
-    *(p + 4) = c;
-
-    return k_tm;
-}
-
-/*
- * Helper function for kssl_validate_times().  We need context->clockskew,
- * but krb5_context is an opaque struct.  So we try to sneek the clockskew
- * out through the replay cache.  If that fails just return a likely default
- * (300 seconds).
- */
-static krb5_deltat get_rc_clockskew(krb5_context context)
-{
-    krb5_rcache rc;
-    krb5_deltat clockskew;
-
-    if (krb5_rc_default(context, &rc))
-        return KSSL_CLOCKSKEW;
-    if (krb5_rc_initialize(context, rc, 0))
-        return KSSL_CLOCKSKEW;
-    if (krb5_rc_get_lifespan(context, rc, &clockskew)) {
-        clockskew = KSSL_CLOCKSKEW;
-    }
-    (void)krb5_rc_destroy(context, rc);
-    return clockskew;
-}
-
-/*
- * kssl_validate_times() combines (and more importantly exposes) the MIT KRB5
- * internal function krb5_validate_times() and the in_clock_skew() macro.
- * The authenticator client time is checked to be within clockskew secs of
- * the current time and the current time is checked to be within the ticket
- * start and expire times.  Either check may be omitted by supplying a NULL
- * value.  Returns 0 for valid times, SSL_R_KRB5* error codes otherwise.  See
- * Also: (Kerberos source)/krb5/lib/krb5/krb/valid_times.c 20010420 VRS
- */
-krb5_error_code kssl_validate_times(krb5_timestamp atime,
-                                    krb5_ticket_times *ttimes)
-{
-    krb5_deltat skew;
-    krb5_timestamp start, now;
-    krb5_error_code rc;
-    krb5_context context;
-
-    if ((rc = krb5_init_context(&context)))
-        return SSL_R_KRB5_S_BAD_TICKET;
-    skew = get_rc_clockskew(context);
-    if ((rc = krb5_timeofday(context, &now)))
-        return SSL_R_KRB5_S_BAD_TICKET;
-    krb5_free_context(context);
-
-    if (atime && labs(atime - now) >= skew)
-        return SSL_R_KRB5_S_TKT_SKEW;
-
-    if (!ttimes)
-        return 0;
-
-    start = (ttimes->starttime != 0) ? ttimes->starttime : ttimes->authtime;
-    if (start - now > skew)
-        return SSL_R_KRB5_S_TKT_NYV;
-    if ((now - ttimes->endtime) > skew)
-        return SSL_R_KRB5_S_TKT_EXPIRED;
-
-# ifdef KSSL_DEBUG
-    fprintf(stderr, "kssl_validate_times: %d |<-  | %d - %d | < %d  ->| %d\n",
-            start, atime, now, skew, ttimes->endtime);
-# endif                         /* KSSL_DEBUG */
-
-    return 0;
-}
-
-/*
- * Decode and decrypt given DER-encoded authenticator, then pass
- * authenticator ctime back in *atimep (or 0 if time unavailable).  Returns
- * krb5_error_code and kssl_err on error.  A NULL authenticator
- * (authentp->length == 0) is not considered an error.  Note that
- * kssl_check_authent() makes use of the KRB5 session key; you must call
- * kssl_sget_tkt() to get the key before calling this routine.
- */
-krb5_error_code kssl_check_authent(
-                                      /*
-                                       * IN
-                                       */ KSSL_CTX *kssl_ctx,
-                                      /*
-                                       * IN
-                                       */ krb5_data *authentp,
-                                      /*
-                                       * OUT
-                                       */ krb5_timestamp *atimep,
-                                      /*
-                                       * OUT
-                                       */ KSSL_ERR *kssl_err)
-{
-    krb5_error_code krb5rc = 0;
-    KRB5_ENCDATA *dec_authent = NULL;
-    KRB5_AUTHENTBODY *auth = NULL;
-    krb5_enctype enctype;
-    EVP_CIPHER_CTX ciph_ctx;
-    const EVP_CIPHER *enc = NULL;
-    unsigned char iv[EVP_MAX_IV_LENGTH];
-    const unsigned char *p;
-    unsigned char *unenc_authent;
-    int outl, unencbufsize;
-    struct tm tm_time, *tm_l, *tm_g;
-    time_t now, tl, tg, tr, tz_offset;
-    struct tm gmt_result = {0};
-    struct tm lt_result = {0};
-
-    EVP_CIPHER_CTX_init(&ciph_ctx);
-    *atimep = 0;
-    kssl_err_set(kssl_err, 0, "");
-
-# ifndef KRB5CHECKAUTH
-    authentp = NULL;
-# else
-#  if     KRB5CHECKAUTH == 0
-    authentp = NULL;
-#  endif
-# endif                         /* KRB5CHECKAUTH */
-
-    if (authentp == NULL || authentp->length == 0)
-        return 0;
-
-# ifdef KSSL_DEBUG
-    {
-        unsigned int ui;
-        fprintf(stderr, "kssl_check_authent: authenticator[%d]:\n",
-                authentp->length);
-        p = authentp->data;
-        for (ui = 0; ui < authentp->length; ui++)
-            fprintf(stderr, "%02x ", p[ui]);
-        fprintf(stderr, "\n");
-    }
-# endif                         /* KSSL_DEBUG */
-
-    unencbufsize = 2 * authentp->length;
-    if ((unenc_authent = calloc(1, unencbufsize)) == NULL) {
-        kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-                     "Unable to allocate authenticator buffer.\n");
-        krb5rc = KRB5KRB_ERR_GENERIC;
-        goto err;
-    }
-
-    p = (unsigned char *)authentp->data;
-    if ((dec_authent = d2i_KRB5_ENCDATA(NULL, &p,
-                                        (long)authentp->length)) == NULL) {
-        kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-                     "Error decoding authenticator.\n");
-        krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-        goto err;
-    }
-
-    enctype = dec_authent->etype->data[0]; /* should = kssl_ctx->enctype */
-# if !defined(KRB5_MIT_OLD11)
-    switch (enctype) {
-    case ENCTYPE_DES3_CBC_SHA1: /* EVP_des_ede3_cbc(); */
-    case ENCTYPE_DES3_CBC_SHA:
-    case ENCTYPE_DES3_CBC_RAW:
-        krb5rc = 0;             /* Skip, can't handle derived keys */
-        goto err;
-    }
-# endif
-    enc = kssl_map_enc(enctype);
-    memset(iv, 0, sizeof(iv));   /* per RFC 1510 */
-
-    if (enc == NULL) {
-        /*
-         * Disable kssl_check_authent for ENCTYPE_DES3_CBC_SHA1.  This
-         * enctype indicates the authenticator was encrypted using key-usage
-         * derived keys which openssl cannot decrypt.
-         */
-        goto err;
-    }
-
-    if (!EVP_CipherInit(&ciph_ctx, enc, kssl_ctx->key, iv, 0)) {
-        kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-                     "EVP_CipherInit error decrypting authenticator.\n");
-        krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-        goto err;
-    }
-    outl = dec_authent->cipher->length;
-    if (!EVP_Cipher
-        (&ciph_ctx, unenc_authent, dec_authent->cipher->data, outl)) {
-        kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-                     "EVP_Cipher error decrypting authenticator.\n");
-        krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-        goto err;
-    }
-    EVP_CIPHER_CTX_cleanup(&ciph_ctx);
-
-# ifdef KSSL_DEBUG
-    {
-        int padl;
-        fprintf(stderr, "kssl_check_authent: decrypted authenticator[%d] =\n",
-                outl);
-        for (padl = 0; padl < outl; padl++)
-            fprintf(stderr, "%02x ", unenc_authent[padl]);
-        fprintf(stderr, "\n");
-    }
-# endif                         /* KSSL_DEBUG */
-
-    if ((p = kssl_skip_confound(enctype, unenc_authent)) == NULL) {
-        kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-                     "confounded by authenticator.\n");
-        krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-        goto err;
-    }
-    outl -= p - unenc_authent;
-
-    if ((auth = (KRB5_AUTHENTBODY *)d2i_KRB5_AUTHENT(NULL, &p,
-                                                     (long)outl)) == NULL) {
-        kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-                     "Error decoding authenticator body.\n");
-        krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-        goto err;
-    }
-
-    memset(&tm_time, 0, sizeof(struct tm));
-    if (k_gmtime(auth->ctime, &tm_time) &&
-        ((tr = mktime(&tm_time)) != (time_t)(-1))) {
-        now = time(&now);
-        tm_g = OPENSSL_gmtime(&now, &gmt_result);
-
-# if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && \
-            !defined(OPENSSL_SYS_OS2) && !defined(OPENSSL_SYS_SUNOS) && \
-            (!defined(OPENSSL_SYS_VMS) || defined(localtime_r))
-        tm_l = localtime_r(&now, &lt_result);
-# else
-        tm_l = localtime(&now);
-# endif
-
-        tl = mktime(tm_l);
-        tg = mktime(tm_g);
-        tz_offset = tg - tl;
-
-        *atimep = (krb5_timestamp)(tr - tz_offset);
-    }
-# ifdef KSSL_DEBUG
-    fprintf(stderr, "kssl_check_authent: returns %d for client time ",
-            *atimep);
-    if (auth && auth->ctime && auth->ctime->length && auth->ctime->data)
-        fprintf(stderr, "%.*s\n", auth->ctime->length, auth->ctime->data);
-    else
-        fprintf(stderr, "NULL\n");
-# endif                         /* KSSL_DEBUG */
-
- err:
-    if (auth)
-        KRB5_AUTHENT_free((KRB5_AUTHENT *) auth);
-    if (dec_authent)
-        KRB5_ENCDATA_free(dec_authent);
-    if (unenc_authent)
-        free(unenc_authent);
-    EVP_CIPHER_CTX_cleanup(&ciph_ctx);
-    return krb5rc;
-}
-
-/*
- * Replaces krb5_build_principal_ext(), with varargs length == 2 (svc, host),
- * because I don't know how to stub varargs.  Returns krb5_error_code ==
- * ENOMEM on alloc error, otherwise passes back newly constructed principal,
- * which should be freed by caller.
- */
-krb5_error_code kssl_build_principal_2(
-                                          /*
-                                           * UPDATE
-                                           */ krb5_context context,
-                                          /*
-                                           * OUT
-                                           */ krb5_principal *princ,
-                                          /*
-                                           * IN
-                                           */ int rlen, const char *realm,
-                                          /*
-                                           * IN
-                                           */ int slen, const char *svc,
-                                          /*
-                                           * IN
-                                           */ int hlen, const char *host)
-{
-    krb5_data *p_data = NULL;
-    krb5_principal new_p = NULL;
-    char *new_r = NULL;
-
-    if ((p_data = (krb5_data *)calloc(2, sizeof(krb5_data))) == NULL ||
-        (new_p = (krb5_principal)calloc(1, sizeof(krb5_principal_data)))
-        == NULL)
-        goto err;
-    new_p->length = 2;
-    new_p->data = p_data;
-
-    if ((new_r = calloc(1, rlen + 1)) == NULL)
-        goto err;
-    memcpy(new_r, realm, rlen);
-    krb5_princ_set_realm_length(context, new_p, rlen);
-    krb5_princ_set_realm_data(context, new_p, new_r);
-
-    if ((new_p->data[0].data = calloc(1, slen + 1)) == NULL)
-        goto err;
-    memcpy(new_p->data[0].data, svc, slen);
-    new_p->data[0].length = slen;
-
-    if ((new_p->data[1].data = calloc(1, hlen + 1)) == NULL)
-        goto err;
-    memcpy(new_p->data[1].data, host, hlen);
-    new_p->data[1].length = hlen;
-
-    krb5_princ_type(context, new_p) = KRB5_NT_UNKNOWN;
-    *princ = new_p;
-    return 0;
-
- err:
-    if (new_p && new_p[0].data)
-        free(new_p[0].data);
-    if (new_p && new_p[1].data)
-        free(new_p[1].data);
-    if (new_p)
-        free(new_p);
-    if (new_r)
-        free(new_r);
-    return ENOMEM;
-}
-
-void SSL_set0_kssl_ctx(SSL *s, KSSL_CTX *kctx)
-{
-    s->kssl_ctx = kctx;
-}
-
-KSSL_CTX *SSL_get0_kssl_ctx(SSL *s)
-{
-    return s->kssl_ctx;
-}
-
-char *kssl_ctx_get0_client_princ(KSSL_CTX *kctx)
-{
-    if (kctx)
-        return kctx->client_princ;
-    return NULL;
-}
-
-#else                           /* !OPENSSL_NO_KRB5 */
-
-# if defined(PEDANTIC) || defined(OPENSSL_SYS_VMS)
-static void *dummy = &dummy;
-# endif
-
-#endif                          /* !OPENSSL_NO_KRB5 */
diff --git a/freebsd/crypto/openssl/ssl/kssl.h b/freebsd/crypto/openssl/ssl/kssl.h
deleted file mode 100644
index ae8a51f4..00000000
--- a/freebsd/crypto/openssl/ssl/kssl.h
+++ /dev/null
@@ -1,197 +0,0 @@
-/* ssl/kssl.h */
-/*
- * Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project
- * 2000. project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/*
- **      19990701        VRS     Started.
- */
-
-#ifndef KSSL_H
-# define KSSL_H
-
-# include <openssl/opensslconf.h>
-
-# ifndef OPENSSL_NO_KRB5
-
-#  include <stdio.h>
-#  include <ctype.h>
-#  include <krb5.h>
-#  ifdef OPENSSL_SYS_WIN32
-/*
- * These can sometimes get redefined indirectly by krb5 header files after
- * they get undefed in ossl_typ.h
- */
-#   undef X509_NAME
-#   undef X509_EXTENSIONS
-#   undef OCSP_REQUEST
-#   undef OCSP_RESPONSE
-#  endif
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/*
- *      Depending on which KRB5 implementation used, some types from
- *      the other may be missing.  Resolve that here and now
- */
-#  ifdef KRB5_HEIMDAL
-typedef unsigned char krb5_octet;
-#   define FAR
-#  else
-
-#   ifndef FAR
-#    define FAR
-#   endif
-
-#  endif
-
-/*-
- *      Uncomment this to debug kssl problems or
- *      to trace usage of the Kerberos session key
- *
- *      #define         KSSL_DEBUG
- */
-
-#  ifndef KRB5SVC
-#   define KRB5SVC "host"
-#  endif
-
-#  ifndef KRB5KEYTAB
-#   define KRB5KEYTAB      "/etc/krb5.keytab"
-#  endif
-
-#  ifndef KRB5SENDAUTH
-#   define KRB5SENDAUTH    1
-#  endif
-
-#  ifndef KRB5CHECKAUTH
-#   define KRB5CHECKAUTH   1
-#  endif
-
-#  ifndef KSSL_CLOCKSKEW
-#   define KSSL_CLOCKSKEW  300;
-#  endif
-
-#  define KSSL_ERR_MAX    255
-typedef struct kssl_err_st {
-    int reason;
-    char text[KSSL_ERR_MAX + 1];
-} KSSL_ERR;
-
-/*-     Context for passing
- *              (1) Kerberos session key to SSL, and
- *              (2)     Config data between application and SSL lib
- */
-typedef struct kssl_ctx_st {
-    /*      used by:    disposition:            */
-    char *service_name;         /* C,S default ok (kssl) */
-    char *service_host;         /* C input, REQUIRED */
-    char *client_princ;         /* S output from krb5 ticket */
-    char *keytab_file;          /* S NULL (/etc/krb5.keytab) */
-    char *cred_cache;           /* C NULL (default) */
-    krb5_enctype enctype;
-    int length;
-    krb5_octet FAR *key;
-} KSSL_CTX;
-
-#  define KSSL_CLIENT     1
-#  define KSSL_SERVER     2
-#  define KSSL_SERVICE    3
-#  define KSSL_KEYTAB     4
-
-#  define KSSL_CTX_OK     0
-#  define KSSL_CTX_ERR    1
-#  define KSSL_NOMEM      2
-
-/* Public (for use by applications that use OpenSSL with Kerberos 5 support */
-krb5_error_code kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text);
-KSSL_CTX *kssl_ctx_new(void);
-KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx);
-void kssl_ctx_show(KSSL_CTX *kssl_ctx);
-krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
-                                  krb5_data *realm, krb5_data *entity,
-                                  int nentities);
-krb5_error_code kssl_cget_tkt(KSSL_CTX *kssl_ctx, krb5_data **enc_tktp,
-                              krb5_data *authenp, KSSL_ERR *kssl_err);
-krb5_error_code kssl_sget_tkt(KSSL_CTX *kssl_ctx, krb5_data *indata,
-                              krb5_ticket_times *ttimes, KSSL_ERR *kssl_err);
-krb5_error_code kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session);
-void kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text);
-void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data);
-krb5_error_code kssl_build_principal_2(krb5_context context,
-                                       krb5_principal *princ, int rlen,
-                                       const char *realm, int slen,
-                                       const char *svc, int hlen,
-                                       const char *host);
-krb5_error_code kssl_validate_times(krb5_timestamp atime,
-                                    krb5_ticket_times *ttimes);
-krb5_error_code kssl_check_authent(KSSL_CTX *kssl_ctx, krb5_data *authentp,
-                                   krb5_timestamp *atimep,
-                                   KSSL_ERR *kssl_err);
-unsigned char *kssl_skip_confound(krb5_enctype enctype, unsigned char *authn);
-
-void SSL_set0_kssl_ctx(SSL *s, KSSL_CTX *kctx);
-KSSL_CTX *SSL_get0_kssl_ctx(SSL *s);
-char *kssl_ctx_get0_client_princ(KSSL_CTX *kctx);
-
-#ifdef  __cplusplus
-}
-#endif
-# endif                         /* OPENSSL_NO_KRB5 */
-#endif                          /* KSSL_H */
diff --git a/freebsd/crypto/openssl/ssl/kssl_lcl.h b/freebsd/crypto/openssl/ssl/kssl_lcl.h
deleted file mode 100644
index 8e6a6d69..00000000
--- a/freebsd/crypto/openssl/ssl/kssl_lcl.h
+++ /dev/null
@@ -1,88 +0,0 @@
-/* ssl/kssl.h */
-/*
- * Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project
- * 2000. project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef KSSL_LCL_H
-# define KSSL_LCL_H
-
-# include <openssl/kssl.h>
-
-# ifndef OPENSSL_NO_KRB5
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* Private (internal to OpenSSL) */
-void print_krb5_data(char *label, krb5_data *kdata);
-void print_krb5_authdata(char *label, krb5_authdata **adata);
-void print_krb5_keyblock(char *label, krb5_keyblock *keyblk);
-
-char *kstring(char *string);
-char *knumber(int len, krb5_octet *contents);
-
-const EVP_CIPHER *kssl_map_enc(krb5_enctype enctype);
-
-int kssl_keytab_is_available(KSSL_CTX *kssl_ctx);
-int kssl_tgt_is_available(KSSL_CTX *kssl_ctx);
-
-#ifdef  __cplusplus
-}
-#endif
-# endif                         /* OPENSSL_NO_KRB5 */
-#endif                          /* KSSL_LCL_H */
diff --git a/freebsd/crypto/openssl/ssl/methods.c b/freebsd/crypto/openssl/ssl/methods.c
new file mode 100644
index 00000000..bb791f58
--- /dev/null
+++ b/freebsd/crypto/openssl/ssl/methods.c
@@ -0,0 +1,280 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/objects.h>
+#include "ssl_locl.h"
+
+/*-
+ * TLS/SSLv3 methods
+ */
+
+IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0,
+                        TLS_method,
+                        ossl_statem_accept,
+                        ossl_statem_connect, TLSv1_2_enc_data)
+IMPLEMENT_tls_meth_func(TLS1_3_VERSION, 0, SSL_OP_NO_TLSv1_3,
+                        tlsv1_3_method,
+                        ossl_statem_accept,
+                        ossl_statem_connect, TLSv1_3_enc_data)
+#ifndef OPENSSL_NO_TLS1_2_METHOD
+IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2,
+                        tlsv1_2_method,
+                        ossl_statem_accept,
+                        ossl_statem_connect, TLSv1_2_enc_data)
+#endif
+#ifndef OPENSSL_NO_TLS1_1_METHOD
+IMPLEMENT_tls_meth_func(TLS1_1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1_1,
+                        tlsv1_1_method,
+                        ossl_statem_accept,
+                        ossl_statem_connect, TLSv1_1_enc_data)
+#endif
+#ifndef OPENSSL_NO_TLS1_METHOD
+IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1,
+                        tlsv1_method,
+                        ossl_statem_accept, ossl_statem_connect, TLSv1_enc_data)
+#endif
+#ifndef OPENSSL_NO_SSL3_METHOD
+IMPLEMENT_ssl3_meth_func(sslv3_method, ossl_statem_accept, ossl_statem_connect)
+#endif
+/*-
+ * TLS/SSLv3 server methods
+ */
+IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0,
+                        TLS_server_method,
+                        ossl_statem_accept,
+                        ssl_undefined_function, TLSv1_2_enc_data)
+IMPLEMENT_tls_meth_func(TLS1_3_VERSION, 0, SSL_OP_NO_TLSv1_3,
+                        tlsv1_3_server_method,
+                        ossl_statem_accept,
+                        ssl_undefined_function, TLSv1_3_enc_data)
+#ifndef OPENSSL_NO_TLS1_2_METHOD
+IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2,
+                        tlsv1_2_server_method,
+                        ossl_statem_accept,
+                        ssl_undefined_function, TLSv1_2_enc_data)
+#endif
+#ifndef OPENSSL_NO_TLS1_1_METHOD
+IMPLEMENT_tls_meth_func(TLS1_1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1_1,
+                        tlsv1_1_server_method,
+                        ossl_statem_accept,
+                        ssl_undefined_function, TLSv1_1_enc_data)
+#endif
+#ifndef OPENSSL_NO_TLS1_METHOD
+IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1,
+                        tlsv1_server_method,
+                        ossl_statem_accept,
+                        ssl_undefined_function, TLSv1_enc_data)
+#endif
+#ifndef OPENSSL_NO_SSL3_METHOD
+IMPLEMENT_ssl3_meth_func(sslv3_server_method,
+                         ossl_statem_accept, ssl_undefined_function)
+#endif
+/*-
+ * TLS/SSLv3 client methods
+ */
+IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0,
+                        TLS_client_method,
+                        ssl_undefined_function,
+                        ossl_statem_connect, TLSv1_2_enc_data)
+IMPLEMENT_tls_meth_func(TLS1_3_VERSION, 0, SSL_OP_NO_TLSv1_3,
+                        tlsv1_3_client_method,
+                        ssl_undefined_function,
+                        ossl_statem_connect, TLSv1_3_enc_data)
+#ifndef OPENSSL_NO_TLS1_2_METHOD
+IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2,
+                        tlsv1_2_client_method,
+                        ssl_undefined_function,
+                        ossl_statem_connect, TLSv1_2_enc_data)
+#endif
+#ifndef OPENSSL_NO_TLS1_1_METHOD
+IMPLEMENT_tls_meth_func(TLS1_1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1_1,
+                        tlsv1_1_client_method,
+                        ssl_undefined_function,
+                        ossl_statem_connect, TLSv1_1_enc_data)
+#endif
+#ifndef OPENSSL_NO_TLS1_METHOD
+IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1,
+                        tlsv1_client_method,
+                        ssl_undefined_function,
+                        ossl_statem_connect, TLSv1_enc_data)
+#endif
+#ifndef OPENSSL_NO_SSL3_METHOD
+IMPLEMENT_ssl3_meth_func(sslv3_client_method,
+                         ssl_undefined_function, ossl_statem_connect)
+#endif
+/*-
+ * DTLS methods
+ */
+#ifndef OPENSSL_NO_DTLS1_METHOD
+IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1,
+                          dtlsv1_method,
+                          ossl_statem_accept,
+                          ossl_statem_connect, DTLSv1_enc_data)
+#endif
+#ifndef OPENSSL_NO_DTLS1_2_METHOD
+IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2,
+                          dtlsv1_2_method,
+                          ossl_statem_accept,
+                          ossl_statem_connect, DTLSv1_2_enc_data)
+#endif
+IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0,
+                          DTLS_method,
+                          ossl_statem_accept,
+                          ossl_statem_connect, DTLSv1_2_enc_data)
+
+/*-
+ * DTLS server methods
+ */
+#ifndef OPENSSL_NO_DTLS1_METHOD
+IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1,
+                          dtlsv1_server_method,
+                          ossl_statem_accept,
+                          ssl_undefined_function, DTLSv1_enc_data)
+#endif
+#ifndef OPENSSL_NO_DTLS1_2_METHOD
+IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2,
+                          dtlsv1_2_server_method,
+                          ossl_statem_accept,
+                          ssl_undefined_function, DTLSv1_2_enc_data)
+#endif
+IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0,
+                          DTLS_server_method,
+                          ossl_statem_accept,
+                          ssl_undefined_function, DTLSv1_2_enc_data)
+
+/*-
+ * DTLS client methods
+ */
+#ifndef OPENSSL_NO_DTLS1_METHOD
+IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1,
+                          dtlsv1_client_method,
+                          ssl_undefined_function,
+                          ossl_statem_connect, DTLSv1_enc_data)
+IMPLEMENT_dtls1_meth_func(DTLS1_BAD_VER, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1,
+                          dtls_bad_ver_client_method,
+                          ssl_undefined_function,
+                          ossl_statem_connect, DTLSv1_enc_data)
+#endif
+#ifndef OPENSSL_NO_DTLS1_2_METHOD
+IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2,
+                          dtlsv1_2_client_method,
+                          ssl_undefined_function,
+                          ossl_statem_connect, DTLSv1_2_enc_data)
+#endif
+IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0,
+                          DTLS_client_method,
+                          ssl_undefined_function,
+                          ossl_statem_connect, DTLSv1_2_enc_data)
+#if OPENSSL_API_COMPAT < 0x10100000L
+# ifndef OPENSSL_NO_TLS1_2_METHOD
+const SSL_METHOD *TLSv1_2_method(void)
+{
+    return tlsv1_2_method();
+}
+
+const SSL_METHOD *TLSv1_2_server_method(void)
+{
+    return tlsv1_2_server_method();
+}
+
+const SSL_METHOD *TLSv1_2_client_method(void)
+{
+    return tlsv1_2_client_method();
+}
+# endif
+
+# ifndef OPENSSL_NO_TLS1_1_METHOD
+const SSL_METHOD *TLSv1_1_method(void)
+{
+    return tlsv1_1_method();
+}
+
+const SSL_METHOD *TLSv1_1_server_method(void)
+{
+    return tlsv1_1_server_method();
+}
+
+const SSL_METHOD *TLSv1_1_client_method(void)
+{
+    return tlsv1_1_client_method();
+}
+# endif
+
+# ifndef OPENSSL_NO_TLS1_METHOD
+const SSL_METHOD *TLSv1_method(void)
+{
+    return tlsv1_method();
+}
+
+const SSL_METHOD *TLSv1_server_method(void)
+{
+    return tlsv1_server_method();
+}
+
+const SSL_METHOD *TLSv1_client_method(void)
+{
+    return tlsv1_client_method();
+}
+# endif
+
+# ifndef OPENSSL_NO_SSL3_METHOD
+const SSL_METHOD *SSLv3_method(void)
+{
+    return sslv3_method();
+}
+
+const SSL_METHOD *SSLv3_server_method(void)
+{
+    return sslv3_server_method();
+}
+
+const SSL_METHOD *SSLv3_client_method(void)
+{
+    return sslv3_client_method();
+}
+# endif
+
+# ifndef OPENSSL_NO_DTLS1_2_METHOD
+const SSL_METHOD *DTLSv1_2_method(void)
+{
+    return dtlsv1_2_method();
+}
+
+const SSL_METHOD *DTLSv1_2_server_method(void)
+{
+    return dtlsv1_2_server_method();
+}
+
+const SSL_METHOD *DTLSv1_2_client_method(void)
+{
+    return dtlsv1_2_client_method();
+}
+# endif
+
+# ifndef OPENSSL_NO_DTLS1_METHOD
+const SSL_METHOD *DTLSv1_method(void)
+{
+    return dtlsv1_method();
+}
+
+const SSL_METHOD *DTLSv1_server_method(void)
+{
+    return dtlsv1_server_method();
+}
+
+const SSL_METHOD *DTLSv1_client_method(void)
+{
+    return dtlsv1_client_method();
+}
+# endif
+
+#endif
diff --git a/freebsd/crypto/openssl/ssl/packet.c b/freebsd/crypto/openssl/ssl/packet.c
new file mode 100644
index 00000000..f29b8181
--- /dev/null
+++ b/freebsd/crypto/openssl/ssl/packet.c
@@ -0,0 +1,426 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include "packet_locl.h"
+#include <openssl/sslerr.h>
+
+#define DEFAULT_BUF_SIZE    256
+
+int WPACKET_allocate_bytes(WPACKET *pkt, size_t len, unsigned char **allocbytes)
+{
+    if (!WPACKET_reserve_bytes(pkt, len, allocbytes))
+        return 0;
+
+    pkt->written += len;
+    pkt->curr += len;
+    return 1;
+}
+
+int WPACKET_sub_allocate_bytes__(WPACKET *pkt, size_t len,
+                                 unsigned char **allocbytes, size_t lenbytes)
+{
+    if (!WPACKET_start_sub_packet_len__(pkt, lenbytes)
+            || !WPACKET_allocate_bytes(pkt, len, allocbytes)
+            || !WPACKET_close(pkt))
+        return 0;
+
+    return 1;
+}
+
+#define GETBUF(p)   (((p)->staticbuf != NULL) \
+                     ? (p)->staticbuf : (unsigned char *)(p)->buf->data)
+
+int WPACKET_reserve_bytes(WPACKET *pkt, size_t len, unsigned char **allocbytes)
+{
+    /* Internal API, so should not fail */
+    if (!ossl_assert(pkt->subs != NULL && len != 0))
+        return 0;
+
+    if (pkt->maxsize - pkt->written < len)
+        return 0;
+
+    if (pkt->staticbuf == NULL && (pkt->buf->length - pkt->written < len)) {
+        size_t newlen;
+        size_t reflen;
+
+        reflen = (len > pkt->buf->length) ? len : pkt->buf->length;
+
+        if (reflen > SIZE_MAX / 2) {
+            newlen = SIZE_MAX;
+        } else {
+            newlen = reflen * 2;
+            if (newlen < DEFAULT_BUF_SIZE)
+                newlen = DEFAULT_BUF_SIZE;
+        }
+        if (BUF_MEM_grow(pkt->buf, newlen) == 0)
+            return 0;
+    }
+    if (allocbytes != NULL)
+        *allocbytes = WPACKET_get_curr(pkt);
+
+    return 1;
+}
+
+int WPACKET_sub_reserve_bytes__(WPACKET *pkt, size_t len,
+                                unsigned char **allocbytes, size_t lenbytes)
+{
+    if (!WPACKET_reserve_bytes(pkt, lenbytes + len, allocbytes))
+        return 0;
+
+    *allocbytes += lenbytes;
+
+    return 1;
+}
+
+static size_t maxmaxsize(size_t lenbytes)
+{
+    if (lenbytes >= sizeof(size_t) || lenbytes == 0)
+        return SIZE_MAX;
+
+    return ((size_t)1 << (lenbytes * 8)) - 1 + lenbytes;
+}
+
+static int wpacket_intern_init_len(WPACKET *pkt, size_t lenbytes)
+{
+    unsigned char *lenchars;
+
+    pkt->curr = 0;
+    pkt->written = 0;
+
+    if ((pkt->subs = OPENSSL_zalloc(sizeof(*pkt->subs))) == NULL) {
+        SSLerr(SSL_F_WPACKET_INTERN_INIT_LEN, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    if (lenbytes == 0)
+        return 1;
+
+    pkt->subs->pwritten = lenbytes;
+    pkt->subs->lenbytes = lenbytes;
+
+    if (!WPACKET_allocate_bytes(pkt, lenbytes, &lenchars)) {
+        OPENSSL_free(pkt->subs);
+        pkt->subs = NULL;
+        return 0;
+    }
+    pkt->subs->packet_len = lenchars - GETBUF(pkt);
+
+    return 1;
+}
+
+int WPACKET_init_static_len(WPACKET *pkt, unsigned char *buf, size_t len,
+                            size_t lenbytes)
+{
+    size_t max = maxmaxsize(lenbytes);
+
+    /* Internal API, so should not fail */
+    if (!ossl_assert(buf != NULL && len > 0))
+        return 0;
+
+    pkt->staticbuf = buf;
+    pkt->buf = NULL;
+    pkt->maxsize = (max < len) ? max : len;
+
+    return wpacket_intern_init_len(pkt, lenbytes);
+}
+
+int WPACKET_init_len(WPACKET *pkt, BUF_MEM *buf, size_t lenbytes)
+{
+    /* Internal API, so should not fail */
+    if (!ossl_assert(buf != NULL))
+        return 0;
+
+    pkt->staticbuf = NULL;
+    pkt->buf = buf;
+    pkt->maxsize = maxmaxsize(lenbytes);
+
+    return wpacket_intern_init_len(pkt, lenbytes);
+}
+
+int WPACKET_init(WPACKET *pkt, BUF_MEM *buf)
+{
+    return WPACKET_init_len(pkt, buf, 0);
+}
+
+int WPACKET_set_flags(WPACKET *pkt, unsigned int flags)
+{
+    /* Internal API, so should not fail */
+    if (!ossl_assert(pkt->subs != NULL))
+        return 0;
+
+    pkt->subs->flags = flags;
+
+    return 1;
+}
+
+/* Store the |value| of length |len| at location |data| */
+static int put_value(unsigned char *data, size_t value, size_t len)
+{
+    for (data += len - 1; len > 0; len--) {
+        *data = (unsigned char)(value & 0xff);
+        data--;
+        value >>= 8;
+    }
+
+    /* Check whether we could fit the value in the assigned number of bytes */
+    if (value > 0)
+        return 0;
+
+    return 1;
+}
+
+
+/*
+ * Internal helper function used by WPACKET_close(), WPACKET_finish() and
+ * WPACKET_fill_lengths() to close a sub-packet and write out its length if
+ * necessary. If |doclose| is 0 then it goes through the motions of closing
+ * (i.e. it fills in all the lengths), but doesn't actually close anything.
+ */
+static int wpacket_intern_close(WPACKET *pkt, WPACKET_SUB *sub, int doclose)
+{
+    size_t packlen = pkt->written - sub->pwritten;
+
+    if (packlen == 0
+            && (sub->flags & WPACKET_FLAGS_NON_ZERO_LENGTH) != 0)
+        return 0;
+
+    if (packlen == 0
+            && sub->flags & WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH) {
+        /* We can't handle this case. Return an error */
+        if (!doclose)
+            return 0;
+
+        /* Deallocate any bytes allocated for the length of the WPACKET */
+        if ((pkt->curr - sub->lenbytes) == sub->packet_len) {
+            pkt->written -= sub->lenbytes;
+            pkt->curr -= sub->lenbytes;
+        }
+
+        /* Don't write out the packet length */
+        sub->packet_len = 0;
+        sub->lenbytes = 0;
+    }
+
+    /* Write out the WPACKET length if needed */
+    if (sub->lenbytes > 0
+                && !put_value(&GETBUF(pkt)[sub->packet_len], packlen,
+                              sub->lenbytes))
+            return 0;
+
+    if (doclose) {
+        pkt->subs = sub->parent;
+        OPENSSL_free(sub);
+    }
+
+    return 1;
+}
+
+int WPACKET_fill_lengths(WPACKET *pkt)
+{
+    WPACKET_SUB *sub;
+
+    if (!ossl_assert(pkt->subs != NULL))
+        return 0;
+
+    for (sub = pkt->subs; sub != NULL; sub = sub->parent) {
+        if (!wpacket_intern_close(pkt, sub, 0))
+            return 0;
+    }
+
+    return 1;
+}
+
+int WPACKET_close(WPACKET *pkt)
+{
+    /*
+     * Internal API, so should not fail - but we do negative testing of this
+     * so no assert (otherwise the tests fail)
+     */
+    if (pkt->subs == NULL || pkt->subs->parent == NULL)
+        return 0;
+
+    return wpacket_intern_close(pkt, pkt->subs, 1);
+}
+
+int WPACKET_finish(WPACKET *pkt)
+{
+    int ret;
+
+    /*
+     * Internal API, so should not fail - but we do negative testing of this
+     * so no assert (otherwise the tests fail)
+     */
+    if (pkt->subs == NULL || pkt->subs->parent != NULL)
+        return 0;
+
+    ret = wpacket_intern_close(pkt, pkt->subs, 1);
+    if (ret) {
+        OPENSSL_free(pkt->subs);
+        pkt->subs = NULL;
+    }
+
+    return ret;
+}
+
+int WPACKET_start_sub_packet_len__(WPACKET *pkt, size_t lenbytes)
+{
+    WPACKET_SUB *sub;
+    unsigned char *lenchars;
+
+    /* Internal API, so should not fail */
+    if (!ossl_assert(pkt->subs != NULL))
+        return 0;
+
+    if ((sub = OPENSSL_zalloc(sizeof(*sub))) == NULL) {
+        SSLerr(SSL_F_WPACKET_START_SUB_PACKET_LEN__, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    sub->parent = pkt->subs;
+    pkt->subs = sub;
+    sub->pwritten = pkt->written + lenbytes;
+    sub->lenbytes = lenbytes;
+
+    if (lenbytes == 0) {
+        sub->packet_len = 0;
+        return 1;
+    }
+
+    if (!WPACKET_allocate_bytes(pkt, lenbytes, &lenchars))
+        return 0;
+    /* Convert to an offset in case the underlying BUF_MEM gets realloc'd */
+    sub->packet_len = lenchars - GETBUF(pkt);
+
+    return 1;
+}
+
+int WPACKET_start_sub_packet(WPACKET *pkt)
+{
+    return WPACKET_start_sub_packet_len__(pkt, 0);
+}
+
+int WPACKET_put_bytes__(WPACKET *pkt, unsigned int val, size_t size)
+{
+    unsigned char *data;
+
+    /* Internal API, so should not fail */
+    if (!ossl_assert(size <= sizeof(unsigned int))
+            || !WPACKET_allocate_bytes(pkt, size, &data)
+            || !put_value(data, val, size))
+        return 0;
+
+    return 1;
+}
+
+int WPACKET_set_max_size(WPACKET *pkt, size_t maxsize)
+{
+    WPACKET_SUB *sub;
+    size_t lenbytes;
+
+    /* Internal API, so should not fail */
+    if (!ossl_assert(pkt->subs != NULL))
+        return 0;
+
+    /* Find the WPACKET_SUB for the top level */
+    for (sub = pkt->subs; sub->parent != NULL; sub = sub->parent)
+        continue;
+
+    lenbytes = sub->lenbytes;
+    if (lenbytes == 0)
+        lenbytes = sizeof(pkt->maxsize);
+
+    if (maxmaxsize(lenbytes) < maxsize || maxsize < pkt->written)
+        return 0;
+
+    pkt->maxsize = maxsize;
+
+    return 1;
+}
+
+int WPACKET_memset(WPACKET *pkt, int ch, size_t len)
+{
+    unsigned char *dest;
+
+    if (len == 0)
+        return 1;
+
+    if (!WPACKET_allocate_bytes(pkt, len, &dest))
+        return 0;
+
+    memset(dest, ch, len);
+
+    return 1;
+}
+
+int WPACKET_memcpy(WPACKET *pkt, const void *src, size_t len)
+{
+    unsigned char *dest;
+
+    if (len == 0)
+        return 1;
+
+    if (!WPACKET_allocate_bytes(pkt, len, &dest))
+        return 0;
+
+    memcpy(dest, src, len);
+
+    return 1;
+}
+
+int WPACKET_sub_memcpy__(WPACKET *pkt, const void *src, size_t len,
+                         size_t lenbytes)
+{
+    if (!WPACKET_start_sub_packet_len__(pkt, lenbytes)
+            || !WPACKET_memcpy(pkt, src, len)
+            || !WPACKET_close(pkt))
+        return 0;
+
+    return 1;
+}
+
+int WPACKET_get_total_written(WPACKET *pkt, size_t *written)
+{
+    /* Internal API, so should not fail */
+    if (!ossl_assert(written != NULL))
+        return 0;
+
+    *written = pkt->written;
+
+    return 1;
+}
+
+int WPACKET_get_length(WPACKET *pkt, size_t *len)
+{
+    /* Internal API, so should not fail */
+    if (!ossl_assert(pkt->subs != NULL && len != NULL))
+        return 0;
+
+    *len = pkt->written - pkt->subs->pwritten;
+
+    return 1;
+}
+
+unsigned char *WPACKET_get_curr(WPACKET *pkt)
+{
+    return GETBUF(pkt) + pkt->curr;
+}
+
+void WPACKET_cleanup(WPACKET *pkt)
+{
+    WPACKET_SUB *sub, *parent;
+
+    for (sub = pkt->subs; sub != NULL; sub = parent) {
+        parent = sub->parent;
+        OPENSSL_free(sub);
+    }
+    pkt->subs = NULL;
+}
diff --git a/freebsd/crypto/openssl/ssl/packet_locl.h b/freebsd/crypto/openssl/ssl/packet_locl.h
new file mode 100644
index 00000000..860360b8
--- /dev/null
+++ b/freebsd/crypto/openssl/ssl/packet_locl.h
@@ -0,0 +1,874 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_PACKET_LOCL_H
+# define HEADER_PACKET_LOCL_H
+
+# include <string.h>
+# include <openssl/bn.h>
+# include <openssl/buffer.h>
+# include <openssl/crypto.h>
+# include <openssl/e_os2.h>
+
+# include "internal/numbers.h"
+
+typedef struct {
+    /* Pointer to where we are currently reading from */
+    const unsigned char *curr;
+    /* Number of bytes remaining */
+    size_t remaining;
+} PACKET;
+
+/* Internal unchecked shorthand; don't use outside this file. */
+static ossl_inline void packet_forward(PACKET *pkt, size_t len)
+{
+    pkt->curr += len;
+    pkt->remaining -= len;
+}
+
+/*
+ * Returns the number of bytes remaining to be read in the PACKET
+ */
+static ossl_inline size_t PACKET_remaining(const PACKET *pkt)
+{
+    return pkt->remaining;
+}
+
+/*
+ * Returns a pointer to the first byte after the packet data.
+ * Useful for integrating with non-PACKET parsing code.
+ * Specifically, we use PACKET_end() to verify that a d2i_... call
+ * has consumed the entire packet contents.
+ */
+static ossl_inline const unsigned char *PACKET_end(const PACKET *pkt)
+{
+    return pkt->curr + pkt->remaining;
+}
+
+/*
+ * Returns a pointer to the PACKET's current position.
+ * For use in non-PACKETized APIs.
+ */
+static ossl_inline const unsigned char *PACKET_data(const PACKET *pkt)
+{
+    return pkt->curr;
+}
+
+/*
+ * Initialise a PACKET with |len| bytes held in |buf|. This does not make a
+ * copy of the data so |buf| must be present for the whole time that the PACKET
+ * is being used.
+ */
+__owur static ossl_inline int PACKET_buf_init(PACKET *pkt,
+                                              const unsigned char *buf,
+                                              size_t len)
+{
+    /* Sanity check for negative values. */
+    if (len > (size_t)(SIZE_MAX / 2))
+        return 0;
+
+    pkt->curr = buf;
+    pkt->remaining = len;
+    return 1;
+}
+
+/* Initialize a PACKET to hold zero bytes. */
+static ossl_inline void PACKET_null_init(PACKET *pkt)
+{
+    pkt->curr = NULL;
+    pkt->remaining = 0;
+}
+
+/*
+ * Returns 1 if the packet has length |num| and its contents equal the |num|
+ * bytes read from |ptr|. Returns 0 otherwise (lengths or contents not equal).
+ * If lengths are equal, performs the comparison in constant time.
+ */
+__owur static ossl_inline int PACKET_equal(const PACKET *pkt, const void *ptr,
+                                           size_t num)
+{
+    if (PACKET_remaining(pkt) != num)
+        return 0;
+    return CRYPTO_memcmp(pkt->curr, ptr, num) == 0;
+}
+
+/*
+ * Peek ahead and initialize |subpkt| with the next |len| bytes read from |pkt|.
+ * Data is not copied: the |subpkt| packet will share its underlying buffer with
+ * the original |pkt|, so data wrapped by |pkt| must outlive the |subpkt|.
+ */
+__owur static ossl_inline int PACKET_peek_sub_packet(const PACKET *pkt,
+                                                     PACKET *subpkt, size_t len)
+{
+    if (PACKET_remaining(pkt) < len)
+        return 0;
+
+    return PACKET_buf_init(subpkt, pkt->curr, len);
+}
+
+/*
+ * Initialize |subpkt| with the next |len| bytes read from |pkt|. Data is not
+ * copied: the |subpkt| packet will share its underlying buffer with the
+ * original |pkt|, so data wrapped by |pkt| must outlive the |subpkt|.
+ */
+__owur static ossl_inline int PACKET_get_sub_packet(PACKET *pkt,
+                                                    PACKET *subpkt, size_t len)
+{
+    if (!PACKET_peek_sub_packet(pkt, subpkt, len))
+        return 0;
+
+    packet_forward(pkt, len);
+
+    return 1;
+}
+
+/*
+ * Peek ahead at 2 bytes in network order from |pkt| and store the value in
+ * |*data|
+ */
+__owur static ossl_inline int PACKET_peek_net_2(const PACKET *pkt,
+                                                unsigned int *data)
+{
+    if (PACKET_remaining(pkt) < 2)
+        return 0;
+
+    *data = ((unsigned int)(*pkt->curr)) << 8;
+    *data |= *(pkt->curr + 1);
+
+    return 1;
+}
+
+/* Equivalent of n2s */
+/* Get 2 bytes in network order from |pkt| and store the value in |*data| */
+__owur static ossl_inline int PACKET_get_net_2(PACKET *pkt, unsigned int *data)
+{
+    if (!PACKET_peek_net_2(pkt, data))
+        return 0;
+
+    packet_forward(pkt, 2);
+
+    return 1;
+}
+
+/* Same as PACKET_get_net_2() but for a size_t */
+__owur static ossl_inline int PACKET_get_net_2_len(PACKET *pkt, size_t *data)
+{
+    unsigned int i;
+    int ret = PACKET_get_net_2(pkt, &i);
+
+    if (ret)
+        *data = (size_t)i;
+
+    return ret;
+}
+
+/*
+ * Peek ahead at 3 bytes in network order from |pkt| and store the value in
+ * |*data|
+ */
+__owur static ossl_inline int PACKET_peek_net_3(const PACKET *pkt,
+                                                unsigned long *data)
+{
+    if (PACKET_remaining(pkt) < 3)
+        return 0;
+
+    *data = ((unsigned long)(*pkt->curr)) << 16;
+    *data |= ((unsigned long)(*(pkt->curr + 1))) << 8;
+    *data |= *(pkt->curr + 2);
+
+    return 1;
+}
+
+/* Equivalent of n2l3 */
+/* Get 3 bytes in network order from |pkt| and store the value in |*data| */
+__owur static ossl_inline int PACKET_get_net_3(PACKET *pkt, unsigned long *data)
+{
+    if (!PACKET_peek_net_3(pkt, data))
+        return 0;
+
+    packet_forward(pkt, 3);
+
+    return 1;
+}
+
+/* Same as PACKET_get_net_3() but for a size_t */
+__owur static ossl_inline int PACKET_get_net_3_len(PACKET *pkt, size_t *data)
+{
+    unsigned long i;
+    int ret = PACKET_get_net_3(pkt, &i);
+
+    if (ret)
+        *data = (size_t)i;
+
+    return ret;
+}
+
+/*
+ * Peek ahead at 4 bytes in network order from |pkt| and store the value in
+ * |*data|
+ */
+__owur static ossl_inline int PACKET_peek_net_4(const PACKET *pkt,
+                                                unsigned long *data)
+{
+    if (PACKET_remaining(pkt) < 4)
+        return 0;
+
+    *data = ((unsigned long)(*pkt->curr)) << 24;
+    *data |= ((unsigned long)(*(pkt->curr + 1))) << 16;
+    *data |= ((unsigned long)(*(pkt->curr + 2))) << 8;
+    *data |= *(pkt->curr + 3);
+
+    return 1;
+}
+
+/* Equivalent of n2l */
+/* Get 4 bytes in network order from |pkt| and store the value in |*data| */
+__owur static ossl_inline int PACKET_get_net_4(PACKET *pkt, unsigned long *data)
+{
+    if (!PACKET_peek_net_4(pkt, data))
+        return 0;
+
+    packet_forward(pkt, 4);
+
+    return 1;
+}
+
+/* Same as PACKET_get_net_4() but for a size_t */
+__owur static ossl_inline int PACKET_get_net_4_len(PACKET *pkt, size_t *data)
+{
+    unsigned long i;
+    int ret = PACKET_get_net_4(pkt, &i);
+
+    if (ret)
+        *data = (size_t)i;
+
+    return ret;
+}
+
+/* Peek ahead at 1 byte from |pkt| and store the value in |*data| */
+__owur static ossl_inline int PACKET_peek_1(const PACKET *pkt,
+                                            unsigned int *data)
+{
+    if (!PACKET_remaining(pkt))
+        return 0;
+
+    *data = *pkt->curr;
+
+    return 1;
+}
+
+/* Get 1 byte from |pkt| and store the value in |*data| */
+__owur static ossl_inline int PACKET_get_1(PACKET *pkt, unsigned int *data)
+{
+    if (!PACKET_peek_1(pkt, data))
+        return 0;
+
+    packet_forward(pkt, 1);
+
+    return 1;
+}
+
+/* Same as PACKET_get_1() but for a size_t */
+__owur static ossl_inline int PACKET_get_1_len(PACKET *pkt, size_t *data)
+{
+    unsigned int i;
+    int ret = PACKET_get_1(pkt, &i);
+
+    if (ret)
+        *data = (size_t)i;
+
+    return ret;
+}
+
+/*
+ * Peek ahead at 4 bytes in reverse network order from |pkt| and store the value
+ * in |*data|
+ */
+__owur static ossl_inline int PACKET_peek_4(const PACKET *pkt,
+                                            unsigned long *data)
+{
+    if (PACKET_remaining(pkt) < 4)
+        return 0;
+
+    *data = *pkt->curr;
+    *data |= ((unsigned long)(*(pkt->curr + 1))) << 8;
+    *data |= ((unsigned long)(*(pkt->curr + 2))) << 16;
+    *data |= ((unsigned long)(*(pkt->curr + 3))) << 24;
+
+    return 1;
+}
+
+/* Equivalent of c2l */
+/*
+ * Get 4 bytes in reverse network order from |pkt| and store the value in
+ * |*data|
+ */
+__owur static ossl_inline int PACKET_get_4(PACKET *pkt, unsigned long *data)
+{
+    if (!PACKET_peek_4(pkt, data))
+        return 0;
+
+    packet_forward(pkt, 4);
+
+    return 1;
+}
+
+/*
+ * Peek ahead at |len| bytes from the |pkt| and store a pointer to them in
+ * |*data|. This just points at the underlying buffer that |pkt| is using. The
+ * caller should not free this data directly (it will be freed when the
+ * underlying buffer gets freed
+ */
+__owur static ossl_inline int PACKET_peek_bytes(const PACKET *pkt,
+                                                const unsigned char **data,
+                                                size_t len)
+{
+    if (PACKET_remaining(pkt) < len)
+        return 0;
+
+    *data = pkt->curr;
+
+    return 1;
+}
+
+/*
+ * Read |len| bytes from the |pkt| and store a pointer to them in |*data|. This
+ * just points at the underlying buffer that |pkt| is using. The caller should
+ * not free this data directly (it will be freed when the underlying buffer gets
+ * freed
+ */
+__owur static ossl_inline int PACKET_get_bytes(PACKET *pkt,
+                                               const unsigned char **data,
+                                               size_t len)
+{
+    if (!PACKET_peek_bytes(pkt, data, len))
+        return 0;
+
+    packet_forward(pkt, len);
+
+    return 1;
+}
+
+/* Peek ahead at |len| bytes from |pkt| and copy them to |data| */
+__owur static ossl_inline int PACKET_peek_copy_bytes(const PACKET *pkt,
+                                                     unsigned char *data,
+                                                     size_t len)
+{
+    if (PACKET_remaining(pkt) < len)
+        return 0;
+
+    memcpy(data, pkt->curr, len);
+
+    return 1;
+}
+
+/*
+ * Read |len| bytes from |pkt| and copy them to |data|.
+ * The caller is responsible for ensuring that |data| can hold |len| bytes.
+ */
+__owur static ossl_inline int PACKET_copy_bytes(PACKET *pkt,
+                                                unsigned char *data, size_t len)
+{
+    if (!PACKET_peek_copy_bytes(pkt, data, len))
+        return 0;
+
+    packet_forward(pkt, len);
+
+    return 1;
+}
+
+/*
+ * Copy packet data to |dest|, and set |len| to the number of copied bytes.
+ * If the packet has more than |dest_len| bytes, nothing is copied.
+ * Returns 1 if the packet data fits in |dest_len| bytes, 0 otherwise.
+ * Does not forward PACKET position (because it is typically the last thing
+ * done with a given PACKET).
+ */
+__owur static ossl_inline int PACKET_copy_all(const PACKET *pkt,
+                                              unsigned char *dest,
+                                              size_t dest_len, size_t *len)
+{
+    if (PACKET_remaining(pkt) > dest_len) {
+        *len = 0;
+        return 0;
+    }
+    *len = pkt->remaining;
+    memcpy(dest, pkt->curr, pkt->remaining);
+    return 1;
+}
+
+/*
+ * Copy |pkt| bytes to a newly allocated buffer and store a pointer to the
+ * result in |*data|, and the length in |len|.
+ * If |*data| is not NULL, the old data is OPENSSL_free'd.
+ * If the packet is empty, or malloc fails, |*data| will be set to NULL.
+ * Returns 1 if the malloc succeeds and 0 otherwise.
+ * Does not forward PACKET position (because it is typically the last thing
+ * done with a given PACKET).
+ */
+__owur static ossl_inline int PACKET_memdup(const PACKET *pkt,
+                                            unsigned char **data, size_t *len)
+{
+    size_t length;
+
+    OPENSSL_free(*data);
+    *data = NULL;
+    *len = 0;
+
+    length = PACKET_remaining(pkt);
+
+    if (length == 0)
+        return 1;
+
+    *data = OPENSSL_memdup(pkt->curr, length);
+    if (*data == NULL)
+        return 0;
+
+    *len = length;
+    return 1;
+}
+
+/*
+ * Read a C string from |pkt| and copy to a newly allocated, NUL-terminated
+ * buffer. Store a pointer to the result in |*data|.
+ * If |*data| is not NULL, the old data is OPENSSL_free'd.
+ * If the data in |pkt| does not contain a NUL-byte, the entire data is
+ * copied and NUL-terminated.
+ * Returns 1 if the malloc succeeds and 0 otherwise.
+ * Does not forward PACKET position (because it is typically the last thing done
+ * with a given PACKET).
+ */
+__owur static ossl_inline int PACKET_strndup(const PACKET *pkt, char **data)
+{
+    OPENSSL_free(*data);
+
+    /* This will succeed on an empty packet, unless pkt->curr == NULL. */
+    *data = OPENSSL_strndup((const char *)pkt->curr, PACKET_remaining(pkt));
+    return (*data != NULL);
+}
+
+/* Returns 1 if |pkt| contains at least one 0-byte, 0 otherwise. */
+static ossl_inline int PACKET_contains_zero_byte(const PACKET *pkt)
+{
+    return memchr(pkt->curr, 0, pkt->remaining) != NULL;
+}
+
+/* Move the current reading position forward |len| bytes */
+__owur static ossl_inline int PACKET_forward(PACKET *pkt, size_t len)
+{
+    if (PACKET_remaining(pkt) < len)
+        return 0;
+
+    packet_forward(pkt, len);
+
+    return 1;
+}
+
+/*
+ * Reads a variable-length vector prefixed with a one-byte length, and stores
+ * the contents in |subpkt|. |pkt| can equal |subpkt|.
+ * Data is not copied: the |subpkt| packet will share its underlying buffer with
+ * the original |pkt|, so data wrapped by |pkt| must outlive the |subpkt|.
+ * Upon failure, the original |pkt| and |subpkt| are not modified.
+ */
+__owur static ossl_inline int PACKET_get_length_prefixed_1(PACKET *pkt,
+                                                           PACKET *subpkt)
+{
+    unsigned int length;
+    const unsigned char *data;
+    PACKET tmp = *pkt;
+    if (!PACKET_get_1(&tmp, &length) ||
+        !PACKET_get_bytes(&tmp, &data, (size_t)length)) {
+        return 0;
+    }
+
+    *pkt = tmp;
+    subpkt->curr = data;
+    subpkt->remaining = length;
+
+    return 1;
+}
+
+/*
+ * Like PACKET_get_length_prefixed_1, but additionally, fails when there are
+ * leftover bytes in |pkt|.
+ */
+__owur static ossl_inline int PACKET_as_length_prefixed_1(PACKET *pkt,
+                                                          PACKET *subpkt)
+{
+    unsigned int length;
+    const unsigned char *data;
+    PACKET tmp = *pkt;
+    if (!PACKET_get_1(&tmp, &length) ||
+        !PACKET_get_bytes(&tmp, &data, (size_t)length) ||
+        PACKET_remaining(&tmp) != 0) {
+        return 0;
+    }
+
+    *pkt = tmp;
+    subpkt->curr = data;
+    subpkt->remaining = length;
+
+    return 1;
+}
+
+/*
+ * Reads a variable-length vector prefixed with a two-byte length, and stores
+ * the contents in |subpkt|. |pkt| can equal |subpkt|.
+ * Data is not copied: the |subpkt| packet will share its underlying buffer with
+ * the original |pkt|, so data wrapped by |pkt| must outlive the |subpkt|.
+ * Upon failure, the original |pkt| and |subpkt| are not modified.
+ */
+__owur static ossl_inline int PACKET_get_length_prefixed_2(PACKET *pkt,
+                                                           PACKET *subpkt)
+{
+    unsigned int length;
+    const unsigned char *data;
+    PACKET tmp = *pkt;
+
+    if (!PACKET_get_net_2(&tmp, &length) ||
+        !PACKET_get_bytes(&tmp, &data, (size_t)length)) {
+        return 0;
+    }
+
+    *pkt = tmp;
+    subpkt->curr = data;
+    subpkt->remaining = length;
+
+    return 1;
+}
+
+/*
+ * Like PACKET_get_length_prefixed_2, but additionally, fails when there are
+ * leftover bytes in |pkt|.
+ */
+__owur static ossl_inline int PACKET_as_length_prefixed_2(PACKET *pkt,
+                                                          PACKET *subpkt)
+{
+    unsigned int length;
+    const unsigned char *data;
+    PACKET tmp = *pkt;
+
+    if (!PACKET_get_net_2(&tmp, &length) ||
+        !PACKET_get_bytes(&tmp, &data, (size_t)length) ||
+        PACKET_remaining(&tmp) != 0) {
+        return 0;
+    }
+
+    *pkt = tmp;
+    subpkt->curr = data;
+    subpkt->remaining = length;
+
+    return 1;
+}
+
+/*
+ * Reads a variable-length vector prefixed with a three-byte length, and stores
+ * the contents in |subpkt|. |pkt| can equal |subpkt|.
+ * Data is not copied: the |subpkt| packet will share its underlying buffer with
+ * the original |pkt|, so data wrapped by |pkt| must outlive the |subpkt|.
+ * Upon failure, the original |pkt| and |subpkt| are not modified.
+ */
+__owur static ossl_inline int PACKET_get_length_prefixed_3(PACKET *pkt,
+                                                           PACKET *subpkt)
+{
+    unsigned long length;
+    const unsigned char *data;
+    PACKET tmp = *pkt;
+    if (!PACKET_get_net_3(&tmp, &length) ||
+        !PACKET_get_bytes(&tmp, &data, (size_t)length)) {
+        return 0;
+    }
+
+    *pkt = tmp;
+    subpkt->curr = data;
+    subpkt->remaining = length;
+
+    return 1;
+}
+
+/* Writeable packets */
+
+typedef struct wpacket_sub WPACKET_SUB;
+struct wpacket_sub {
+    /* The parent WPACKET_SUB if we have one or NULL otherwise */
+    WPACKET_SUB *parent;
+
+    /*
+     * Offset into the buffer where the length of this WPACKET goes. We use an
+     * offset in case the buffer grows and gets reallocated.
+     */
+    size_t packet_len;
+
+    /* Number of bytes in the packet_len or 0 if we don't write the length */
+    size_t lenbytes;
+
+    /* Number of bytes written to the buf prior to this packet starting */
+    size_t pwritten;
+
+    /* Flags for this sub-packet */
+    unsigned int flags;
+};
+
+typedef struct wpacket_st WPACKET;
+struct wpacket_st {
+    /* The buffer where we store the output data */
+    BUF_MEM *buf;
+
+    /* Fixed sized buffer which can be used as an alternative to buf */
+    unsigned char *staticbuf;
+
+    /*
+     * Offset into the buffer where we are currently writing. We use an offset
+     * in case the buffer grows and gets reallocated.
+     */
+    size_t curr;
+
+    /* Number of bytes written so far */
+    size_t written;
+
+    /* Maximum number of bytes we will allow to be written to this WPACKET */
+    size_t maxsize;
+
+    /* Our sub-packets (always at least one if not finished) */
+    WPACKET_SUB *subs;
+};
+
+/* Flags */
+
+/* Default */
+#define WPACKET_FLAGS_NONE                      0
+
+/* Error on WPACKET_close() if no data written to the WPACKET */
+#define WPACKET_FLAGS_NON_ZERO_LENGTH           1
+
+/*
+ * Abandon all changes on WPACKET_close() if no data written to the WPACKET,
+ * i.e. this does not write out a zero packet length
+ */
+#define WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH    2
+
+
+/*
+ * Initialise a WPACKET with the buffer in |buf|. The buffer must exist
+ * for the whole time that the WPACKET is being used. Additionally |lenbytes| of
+ * data is preallocated at the start of the buffer to store the length of the
+ * WPACKET once we know it.
+ */
+int WPACKET_init_len(WPACKET *pkt, BUF_MEM *buf, size_t lenbytes);
+
+/*
+ * Same as WPACKET_init_len except there is no preallocation of the WPACKET
+ * length.
+ */
+int WPACKET_init(WPACKET *pkt, BUF_MEM *buf);
+
+/*
+ * Same as WPACKET_init_len except we do not use a growable BUF_MEM structure.
+ * A fixed buffer of memory |buf| of size |len| is used instead. A failure will
+ * occur if you attempt to write beyond the end of the buffer
+ */
+int WPACKET_init_static_len(WPACKET *pkt, unsigned char *buf, size_t len,
+                            size_t lenbytes);
+/*
+ * Set the flags to be applied to the current sub-packet
+ */
+int WPACKET_set_flags(WPACKET *pkt, unsigned int flags);
+
+/*
+ * Closes the most recent sub-packet. It also writes out the length of the
+ * packet to the required location (normally the start of the WPACKET) if
+ * appropriate. The top level WPACKET should be closed using WPACKET_finish()
+ * instead of this function.
+ */
+int WPACKET_close(WPACKET *pkt);
+
+/*
+ * The same as WPACKET_close() but only for the top most WPACKET. Additionally
+ * frees memory resources for this WPACKET.
+ */
+int WPACKET_finish(WPACKET *pkt);
+
+/*
+ * Iterate through all the sub-packets and write out their lengths as if they
+ * were being closed. The lengths will be overwritten with the final lengths
+ * when the sub-packets are eventually closed (which may be different if more
+ * data is added to the WPACKET). This function fails if a sub-packet is of 0
+ * length and WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH is set.
+ */
+int WPACKET_fill_lengths(WPACKET *pkt);
+
+/*
+ * Initialise a new sub-packet. Additionally |lenbytes| of data is preallocated
+ * at the start of the sub-packet to store its length once we know it. Don't
+ * call this directly. Use the convenience macros below instead.
+ */
+int WPACKET_start_sub_packet_len__(WPACKET *pkt, size_t lenbytes);
+
+/*
+ * Convenience macros for calling WPACKET_start_sub_packet_len with different
+ * lengths
+ */
+#define WPACKET_start_sub_packet_u8(pkt) \
+    WPACKET_start_sub_packet_len__((pkt), 1)
+#define WPACKET_start_sub_packet_u16(pkt) \
+    WPACKET_start_sub_packet_len__((pkt), 2)
+#define WPACKET_start_sub_packet_u24(pkt) \
+    WPACKET_start_sub_packet_len__((pkt), 3)
+#define WPACKET_start_sub_packet_u32(pkt) \
+    WPACKET_start_sub_packet_len__((pkt), 4)
+
+/*
+ * Same as WPACKET_start_sub_packet_len__() except no bytes are pre-allocated
+ * for the sub-packet length.
+ */
+int WPACKET_start_sub_packet(WPACKET *pkt);
+
+/*
+ * Allocate bytes in the WPACKET for the output. This reserves the bytes
+ * and counts them as "written", but doesn't actually do the writing. A pointer
+ * to the allocated bytes is stored in |*allocbytes|. |allocbytes| may be NULL.
+ * WARNING: the allocated bytes must be filled in immediately, without further
+ * WPACKET_* calls. If not then the underlying buffer may be realloc'd and
+ * change its location.
+ */
+int WPACKET_allocate_bytes(WPACKET *pkt, size_t len,
+                           unsigned char **allocbytes);
+
+/*
+ * The same as WPACKET_allocate_bytes() except additionally a new sub-packet is
+ * started for the allocated bytes, and then closed immediately afterwards. The
+ * number of length bytes for the sub-packet is in |lenbytes|. Don't call this
+ * directly. Use the convenience macros below instead.
+ */
+int WPACKET_sub_allocate_bytes__(WPACKET *pkt, size_t len,
+                                 unsigned char **allocbytes, size_t lenbytes);
+
+/*
+ * Convenience macros for calling WPACKET_sub_allocate_bytes with different
+ * lengths
+ */
+#define WPACKET_sub_allocate_bytes_u8(pkt, len, bytes) \
+    WPACKET_sub_allocate_bytes__((pkt), (len), (bytes), 1)
+#define WPACKET_sub_allocate_bytes_u16(pkt, len, bytes) \
+    WPACKET_sub_allocate_bytes__((pkt), (len), (bytes), 2)
+#define WPACKET_sub_allocate_bytes_u24(pkt, len, bytes) \
+    WPACKET_sub_allocate_bytes__((pkt), (len), (bytes), 3)
+#define WPACKET_sub_allocate_bytes_u32(pkt, len, bytes) \
+    WPACKET_sub_allocate_bytes__((pkt), (len), (bytes), 4)
+
+/*
+ * The same as WPACKET_allocate_bytes() except the reserved bytes are not
+ * actually counted as written. Typically this will be for when we don't know
+ * how big arbitrary data is going to be up front, but we do know what the
+ * maximum size will be. If this function is used, then it should be immediately
+ * followed by a WPACKET_allocate_bytes() call before any other WPACKET
+ * functions are called (unless the write to the allocated bytes is abandoned).
+ *
+ * For example: If we are generating a signature, then the size of that
+ * signature may not be known in advance. We can use WPACKET_reserve_bytes() to
+ * handle this:
+ *
+ *  if (!WPACKET_sub_reserve_bytes_u16(&pkt, EVP_PKEY_size(pkey), &sigbytes1)
+ *          || EVP_SignFinal(md_ctx, sigbytes1, &siglen, pkey) <= 0
+ *          || !WPACKET_sub_allocate_bytes_u16(&pkt, siglen, &sigbytes2)
+ *          || sigbytes1 != sigbytes2)
+ *      goto err;
+ */
+int WPACKET_reserve_bytes(WPACKET *pkt, size_t len, unsigned char **allocbytes);
+
+/*
+ * The "reserve_bytes" equivalent of WPACKET_sub_allocate_bytes__()
+ */
+int WPACKET_sub_reserve_bytes__(WPACKET *pkt, size_t len,
+                                 unsigned char **allocbytes, size_t lenbytes);
+
+/*
+ * Convenience macros for  WPACKET_sub_reserve_bytes with different lengths
+ */
+#define WPACKET_sub_reserve_bytes_u8(pkt, len, bytes) \
+    WPACKET_reserve_bytes__((pkt), (len), (bytes), 1)
+#define WPACKET_sub_reserve_bytes_u16(pkt, len, bytes) \
+    WPACKET_sub_reserve_bytes__((pkt), (len), (bytes), 2)
+#define WPACKET_sub_reserve_bytes_u24(pkt, len, bytes) \
+    WPACKET_sub_reserve_bytes__((pkt), (len), (bytes), 3)
+#define WPACKET_sub_reserve_bytes_u32(pkt, len, bytes) \
+    WPACKET_sub_reserve_bytes__((pkt), (len), (bytes), 4)
+
+/*
+ * Write the value stored in |val| into the WPACKET. The value will consume
+ * |bytes| amount of storage. An error will occur if |val| cannot be
+ * accommodated in |bytes| storage, e.g. attempting to write the value 256 into
+ * 1 byte will fail. Don't call this directly. Use the convenience macros below
+ * instead.
+ */
+int WPACKET_put_bytes__(WPACKET *pkt, unsigned int val, size_t bytes);
+
+/*
+ * Convenience macros for calling WPACKET_put_bytes with different
+ * lengths
+ */
+#define WPACKET_put_bytes_u8(pkt, val) \
+    WPACKET_put_bytes__((pkt), (val), 1)
+#define WPACKET_put_bytes_u16(pkt, val) \
+    WPACKET_put_bytes__((pkt), (val), 2)
+#define WPACKET_put_bytes_u24(pkt, val) \
+    WPACKET_put_bytes__((pkt), (val), 3)
+#define WPACKET_put_bytes_u32(pkt, val) \
+    WPACKET_put_bytes__((pkt), (val), 4)
+
+/* Set a maximum size that we will not allow the WPACKET to grow beyond */
+int WPACKET_set_max_size(WPACKET *pkt, size_t maxsize);
+
+/* Copy |len| bytes of data from |*src| into the WPACKET. */
+int WPACKET_memcpy(WPACKET *pkt, const void *src, size_t len);
+
+/* Set |len| bytes of data to |ch| into the WPACKET. */
+int WPACKET_memset(WPACKET *pkt, int ch, size_t len);
+
+/*
+ * Copy |len| bytes of data from |*src| into the WPACKET and prefix with its
+ * length (consuming |lenbytes| of data for the length). Don't call this
+ * directly. Use the convenience macros below instead.
+ */
+int WPACKET_sub_memcpy__(WPACKET *pkt, const void *src, size_t len,
+                       size_t lenbytes);
+
+/* Convenience macros for calling WPACKET_sub_memcpy with different lengths */
+#define WPACKET_sub_memcpy_u8(pkt, src, len) \
+    WPACKET_sub_memcpy__((pkt), (src), (len), 1)
+#define WPACKET_sub_memcpy_u16(pkt, src, len) \
+    WPACKET_sub_memcpy__((pkt), (src), (len), 2)
+#define WPACKET_sub_memcpy_u24(pkt, src, len) \
+    WPACKET_sub_memcpy__((pkt), (src), (len), 3)
+#define WPACKET_sub_memcpy_u32(pkt, src, len) \
+    WPACKET_sub_memcpy__((pkt), (src), (len), 4)
+
+/*
+ * Return the total number of bytes written so far to the underlying buffer
+ * including any storage allocated for length bytes
+ */
+int WPACKET_get_total_written(WPACKET *pkt, size_t *written);
+
+/*
+ * Returns the length of the current sub-packet. This excludes any bytes
+ * allocated for the length itself.
+ */
+int WPACKET_get_length(WPACKET *pkt, size_t *len);
+
+/*
+ * Returns a pointer to the current write location, but does not allocate any
+ * bytes.
+ */
+unsigned char *WPACKET_get_curr(WPACKET *pkt);
+
+/* Release resources in a WPACKET if a failure has occurred. */
+void WPACKET_cleanup(WPACKET *pkt);
+
+#endif                          /* HEADER_PACKET_LOCL_H */
diff --git a/freebsd/crypto/openssl/ssl/pqueue.c b/freebsd/crypto/openssl/ssl/pqueue.c
new file mode 100644
index 00000000..ea5a3b66
--- /dev/null
+++ b/freebsd/crypto/openssl/ssl/pqueue.c
@@ -0,0 +1,160 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "ssl_locl.h"
+#include <openssl/bn.h>
+
+struct pqueue_st {
+    pitem *items;
+    int count;
+};
+
+pitem *pitem_new(unsigned char *prio64be, void *data)
+{
+    pitem *item = OPENSSL_malloc(sizeof(*item));
+
+    if (item == NULL) {
+        SSLerr(SSL_F_PITEM_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    memcpy(item->priority, prio64be, sizeof(item->priority));
+    item->data = data;
+    item->next = NULL;
+    return item;
+}
+
+void pitem_free(pitem *item)
+{
+    OPENSSL_free(item);
+}
+
+pqueue *pqueue_new(void)
+{
+    pqueue *pq = OPENSSL_zalloc(sizeof(*pq));
+
+    if (pq == NULL)
+        SSLerr(SSL_F_PQUEUE_NEW, ERR_R_MALLOC_FAILURE);
+
+    return pq;
+}
+
+void pqueue_free(pqueue *pq)
+{
+    OPENSSL_free(pq);
+}
+
+pitem *pqueue_insert(pqueue *pq, pitem *item)
+{
+    pitem *curr, *next;
+
+    if (pq->items == NULL) {
+        pq->items = item;
+        return item;
+    }
+
+    for (curr = NULL, next = pq->items;
+         next != NULL; curr = next, next = next->next) {
+        /*
+         * we can compare 64-bit value in big-endian encoding with memcmp:-)
+         */
+        int cmp = memcmp(next->priority, item->priority, 8);
+        if (cmp > 0) {          /* next > item */
+            item->next = next;
+
+            if (curr == NULL)
+                pq->items = item;
+            else
+                curr->next = item;
+
+            return item;
+        }
+
+        else if (cmp == 0)      /* duplicates not allowed */
+            return NULL;
+    }
+
+    item->next = NULL;
+    curr->next = item;
+
+    return item;
+}
+
+pitem *pqueue_peek(pqueue *pq)
+{
+    return pq->items;
+}
+
+pitem *pqueue_pop(pqueue *pq)
+{
+    pitem *item = pq->items;
+
+    if (pq->items != NULL)
+        pq->items = pq->items->next;
+
+    return item;
+}
+
+pitem *pqueue_find(pqueue *pq, unsigned char *prio64be)
+{
+    pitem *next;
+    pitem *found = NULL;
+
+    if (pq->items == NULL)
+        return NULL;
+
+    for (next = pq->items; next->next != NULL; next = next->next) {
+        if (memcmp(next->priority, prio64be, 8) == 0) {
+            found = next;
+            break;
+        }
+    }
+
+    /* check the one last node */
+    if (memcmp(next->priority, prio64be, 8) == 0)
+        found = next;
+
+    if (!found)
+        return NULL;
+
+    return found;
+}
+
+pitem *pqueue_iterator(pqueue *pq)
+{
+    return pqueue_peek(pq);
+}
+
+pitem *pqueue_next(piterator *item)
+{
+    pitem *ret;
+
+    if (item == NULL || *item == NULL)
+        return NULL;
+
+    /* *item != NULL */
+    ret = *item;
+    *item = (*item)->next;
+
+    return ret;
+}
+
+size_t pqueue_size(pqueue *pq)
+{
+    pitem *item = pq->items;
+    size_t count = 0;
+
+    while (item != NULL) {
+        count++;
+        item = item->next;
+    }
+    return count;
+}
diff --git a/freebsd/crypto/openssl/ssl/record/dtls1_bitmap.c b/freebsd/crypto/openssl/ssl/record/dtls1_bitmap.c
new file mode 100644
index 00000000..0483f503
--- /dev/null
+++ b/freebsd/crypto/openssl/ssl/record/dtls1_bitmap.c
@@ -0,0 +1,80 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "../ssl_locl.h"
+#include "record_locl.h"
+
+/* mod 128 saturating subtract of two 64-bit values in big-endian order */
+static int satsub64be(const unsigned char *v1, const unsigned char *v2)
+{
+    int64_t ret;
+    uint64_t l1, l2;
+
+    n2l8(v1, l1);
+    n2l8(v2, l2);
+
+    ret = l1 - l2;
+
+    /* We do not permit wrap-around */
+    if (l1 > l2 && ret < 0)
+        return 128;
+    else if (l2 > l1 && ret > 0)
+        return -128;
+
+    if (ret > 128)
+        return 128;
+    else if (ret < -128)
+        return -128;
+    else
+        return (int)ret;
+}
+
+int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap)
+{
+    int cmp;
+    unsigned int shift;
+    const unsigned char *seq = s->rlayer.read_sequence;
+
+    cmp = satsub64be(seq, bitmap->max_seq_num);
+    if (cmp > 0) {
+        SSL3_RECORD_set_seq_num(RECORD_LAYER_get_rrec(&s->rlayer), seq);
+        return 1;               /* this record in new */
+    }
+    shift = -cmp;
+    if (shift >= sizeof(bitmap->map) * 8)
+        return 0;               /* stale, outside the window */
+    else if (bitmap->map & (1UL << shift))
+        return 0;               /* record previously received */
+
+    SSL3_RECORD_set_seq_num(RECORD_LAYER_get_rrec(&s->rlayer), seq);
+    return 1;
+}
+
+void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap)
+{
+    int cmp;
+    unsigned int shift;
+    const unsigned char *seq = RECORD_LAYER_get_read_sequence(&s->rlayer);
+
+    cmp = satsub64be(seq, bitmap->max_seq_num);
+    if (cmp > 0) {
+        shift = cmp;
+        if (shift < sizeof(bitmap->map) * 8)
+            bitmap->map <<= shift, bitmap->map |= 1UL;
+        else
+            bitmap->map = 1UL;
+        memcpy(bitmap->max_seq_num, seq, SEQ_NUM_SIZE);
+    } else {
+        shift = -cmp;
+        if (shift < sizeof(bitmap->map) * 8)
+            bitmap->map |= 1UL << shift;
+    }
+}
diff --git a/freebsd/crypto/openssl/ssl/record/rec_layer_d1.c b/freebsd/crypto/openssl/ssl/record/rec_layer_d1.c
new file mode 100644
index 00000000..b147229e
--- /dev/null
+++ b/freebsd/crypto/openssl/ssl/record/rec_layer_d1.c
@@ -0,0 +1,1077 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "../ssl_locl.h"
+#include <openssl/evp.h>
+#include <openssl/buffer.h>
+#include "record_locl.h"
+#include "../packet_locl.h"
+#include "internal/cryptlib.h"
+
+int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl)
+{
+    DTLS_RECORD_LAYER *d;
+
+    if ((d = OPENSSL_malloc(sizeof(*d))) == NULL) {
+        SSLerr(SSL_F_DTLS_RECORD_LAYER_NEW, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    rl->d = d;
+
+    d->unprocessed_rcds.q = pqueue_new();
+    d->processed_rcds.q = pqueue_new();
+    d->buffered_app_data.q = pqueue_new();
+
+    if (d->unprocessed_rcds.q == NULL || d->processed_rcds.q == NULL
+        || d->buffered_app_data.q == NULL) {
+        pqueue_free(d->unprocessed_rcds.q);
+        pqueue_free(d->processed_rcds.q);
+        pqueue_free(d->buffered_app_data.q);
+        OPENSSL_free(d);
+        rl->d = NULL;
+        return 0;
+    }
+
+    return 1;
+}
+
+void DTLS_RECORD_LAYER_free(RECORD_LAYER *rl)
+{
+    DTLS_RECORD_LAYER_clear(rl);
+    pqueue_free(rl->d->unprocessed_rcds.q);
+    pqueue_free(rl->d->processed_rcds.q);
+    pqueue_free(rl->d->buffered_app_data.q);
+    OPENSSL_free(rl->d);
+    rl->d = NULL;
+}
+
+void DTLS_RECORD_LAYER_clear(RECORD_LAYER *rl)
+{
+    DTLS_RECORD_LAYER *d;
+    pitem *item = NULL;
+    DTLS1_RECORD_DATA *rdata;
+    pqueue *unprocessed_rcds;
+    pqueue *processed_rcds;
+    pqueue *buffered_app_data;
+
+    d = rl->d;
+
+    while ((item = pqueue_pop(d->unprocessed_rcds.q)) != NULL) {
+        rdata = (DTLS1_RECORD_DATA *)item->data;
+        OPENSSL_free(rdata->rbuf.buf);
+        OPENSSL_free(item->data);
+        pitem_free(item);
+    }
+
+    while ((item = pqueue_pop(d->processed_rcds.q)) != NULL) {
+        rdata = (DTLS1_RECORD_DATA *)item->data;
+        OPENSSL_free(rdata->rbuf.buf);
+        OPENSSL_free(item->data);
+        pitem_free(item);
+    }
+
+    while ((item = pqueue_pop(d->buffered_app_data.q)) != NULL) {
+        rdata = (DTLS1_RECORD_DATA *)item->data;
+        OPENSSL_free(rdata->rbuf.buf);
+        OPENSSL_free(item->data);
+        pitem_free(item);
+    }
+
+    unprocessed_rcds = d->unprocessed_rcds.q;
+    processed_rcds = d->processed_rcds.q;
+    buffered_app_data = d->buffered_app_data.q;
+    memset(d, 0, sizeof(*d));
+    d->unprocessed_rcds.q = unprocessed_rcds;
+    d->processed_rcds.q = processed_rcds;
+    d->buffered_app_data.q = buffered_app_data;
+}
+
+void DTLS_RECORD_LAYER_set_saved_w_epoch(RECORD_LAYER *rl, unsigned short e)
+{
+    if (e == rl->d->w_epoch - 1) {
+        memcpy(rl->d->curr_write_sequence,
+               rl->write_sequence, sizeof(rl->write_sequence));
+        memcpy(rl->write_sequence,
+               rl->d->last_write_sequence, sizeof(rl->write_sequence));
+    } else if (e == rl->d->w_epoch + 1) {
+        memcpy(rl->d->last_write_sequence,
+               rl->write_sequence, sizeof(unsigned char[8]));
+        memcpy(rl->write_sequence,
+               rl->d->curr_write_sequence, sizeof(rl->write_sequence));
+    }
+    rl->d->w_epoch = e;
+}
+
+void DTLS_RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, unsigned char *seq)
+{
+    memcpy(rl->write_sequence, seq, SEQ_NUM_SIZE);
+}
+
+/* copy buffered record into SSL structure */
+static int dtls1_copy_record(SSL *s, pitem *item)
+{
+    DTLS1_RECORD_DATA *rdata;
+
+    rdata = (DTLS1_RECORD_DATA *)item->data;
+
+    SSL3_BUFFER_release(&s->rlayer.rbuf);
+
+    s->rlayer.packet = rdata->packet;
+    s->rlayer.packet_length = rdata->packet_length;
+    memcpy(&s->rlayer.rbuf, &(rdata->rbuf), sizeof(SSL3_BUFFER));
+    memcpy(&s->rlayer.rrec, &(rdata->rrec), sizeof(SSL3_RECORD));
+
+    /* Set proper sequence number for mac calculation */
+    memcpy(&(s->rlayer.read_sequence[2]), &(rdata->packet[5]), 6);
+
+    return 1;
+}
+
+int dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
+{
+    DTLS1_RECORD_DATA *rdata;
+    pitem *item;
+
+    /* Limit the size of the queue to prevent DOS attacks */
+    if (pqueue_size(queue->q) >= 100)
+        return 0;
+
+    rdata = OPENSSL_malloc(sizeof(*rdata));
+    item = pitem_new(priority, rdata);
+    if (rdata == NULL || item == NULL) {
+        OPENSSL_free(rdata);
+        pitem_free(item);
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_BUFFER_RECORD,
+                 ERR_R_INTERNAL_ERROR);
+        return -1;
+    }
+
+    rdata->packet = s->rlayer.packet;
+    rdata->packet_length = s->rlayer.packet_length;
+    memcpy(&(rdata->rbuf), &s->rlayer.rbuf, sizeof(SSL3_BUFFER));
+    memcpy(&(rdata->rrec), &s->rlayer.rrec, sizeof(SSL3_RECORD));
+
+    item->data = rdata;
+
+#ifndef OPENSSL_NO_SCTP
+    /* Store bio_dgram_sctp_rcvinfo struct */
+    if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
+        (SSL_get_state(s) == TLS_ST_SR_FINISHED
+         || SSL_get_state(s) == TLS_ST_CR_FINISHED)) {
+        BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_GET_RCVINFO,
+                 sizeof(rdata->recordinfo), &rdata->recordinfo);
+    }
+#endif
+
+    s->rlayer.packet = NULL;
+    s->rlayer.packet_length = 0;
+    memset(&s->rlayer.rbuf, 0, sizeof(s->rlayer.rbuf));
+    memset(&s->rlayer.rrec, 0, sizeof(s->rlayer.rrec));
+
+    if (!ssl3_setup_buffers(s)) {
+        /* SSLfatal() already called */
+        OPENSSL_free(rdata->rbuf.buf);
+        OPENSSL_free(rdata);
+        pitem_free(item);
+        return -1;
+    }
+
+    /* insert should not fail, since duplicates are dropped */
+    if (pqueue_insert(queue->q, item) == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_BUFFER_RECORD,
+                 ERR_R_INTERNAL_ERROR);
+        OPENSSL_free(rdata->rbuf.buf);
+        OPENSSL_free(rdata);
+        pitem_free(item);
+        return -1;
+    }
+
+    return 1;
+}
+
+int dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue)
+{
+    pitem *item;
+
+    item = pqueue_pop(queue->q);
+    if (item) {
+        dtls1_copy_record(s, item);
+
+        OPENSSL_free(item->data);
+        pitem_free(item);
+
+        return 1;
+    }
+
+    return 0;
+}
+
+/*
+ * retrieve a buffered record that belongs to the new epoch, i.e., not
+ * processed yet
+ */
+#define dtls1_get_unprocessed_record(s) \
+                   dtls1_retrieve_buffered_record((s), \
+                   &((s)->rlayer.d->unprocessed_rcds))
+
+int dtls1_process_buffered_records(SSL *s)
+{
+    pitem *item;
+    SSL3_BUFFER *rb;
+    SSL3_RECORD *rr;
+    DTLS1_BITMAP *bitmap;
+    unsigned int is_next_epoch;
+    int replayok = 1;
+
+    item = pqueue_peek(s->rlayer.d->unprocessed_rcds.q);
+    if (item) {
+        /* Check if epoch is current. */
+        if (s->rlayer.d->unprocessed_rcds.epoch != s->rlayer.d->r_epoch)
+            return 1;         /* Nothing to do. */
+
+        rr = RECORD_LAYER_get_rrec(&s->rlayer);
+
+        rb = RECORD_LAYER_get_rbuf(&s->rlayer);
+
+        if (SSL3_BUFFER_get_left(rb) > 0) {
+            /*
+             * We've still got data from the current packet to read. There could
+             * be a record from the new epoch in it - so don't overwrite it
+             * with the unprocessed records yet (we'll do it when we've
+             * finished reading the current packet).
+             */
+            return 1;
+        }
+
+        /* Process all the records. */
+        while (pqueue_peek(s->rlayer.d->unprocessed_rcds.q)) {
+            dtls1_get_unprocessed_record(s);
+            bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);
+            if (bitmap == NULL) {
+                /*
+                 * Should not happen. This will only ever be NULL when the
+                 * current record is from a different epoch. But that cannot
+                 * be the case because we already checked the epoch above
+                 */
+                 SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                          SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS,
+                          ERR_R_INTERNAL_ERROR);
+                 return 0;
+            }
+#ifndef OPENSSL_NO_SCTP
+            /* Only do replay check if no SCTP bio */
+            if (!BIO_dgram_is_sctp(SSL_get_rbio(s)))
+#endif
+            {
+                /*
+                 * Check whether this is a repeat, or aged record. We did this
+                 * check once already when we first received the record - but
+                 * we might have updated the window since then due to
+                 * records we subsequently processed.
+                 */
+                replayok = dtls1_record_replay_check(s, bitmap);
+            }
+
+            if (!replayok || !dtls1_process_record(s, bitmap)) {
+                if (ossl_statem_in_error(s)) {
+                    /* dtls1_process_record called SSLfatal() */
+                    return -1;
+                }
+                /* dump this record */
+                rr->length = 0;
+                RECORD_LAYER_reset_packet_length(&s->rlayer);
+                continue;
+            }
+
+            if (dtls1_buffer_record(s, &(s->rlayer.d->processed_rcds),
+                    SSL3_RECORD_get_seq_num(s->rlayer.rrec)) < 0) {
+                /* SSLfatal() already called */
+                return 0;
+            }
+        }
+    }
+
+    /*
+     * sync epoch numbers once all the unprocessed records have been
+     * processed
+     */
+    s->rlayer.d->processed_rcds.epoch = s->rlayer.d->r_epoch;
+    s->rlayer.d->unprocessed_rcds.epoch = s->rlayer.d->r_epoch + 1;
+
+    return 1;
+}
+
+/*-
+ * Return up to 'len' payload bytes received in 'type' records.
+ * 'type' is one of the following:
+ *
+ *   -  SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)
+ *   -  SSL3_RT_APPLICATION_DATA (when ssl3_read calls us)
+ *   -  0 (during a shutdown, no data has to be returned)
+ *
+ * If we don't have stored data to work from, read a SSL/TLS record first
+ * (possibly multiple records if we still don't have anything to return).
+ *
+ * This function must handle any surprises the peer may have for us, such as
+ * Alert records (e.g. close_notify) or renegotiation requests. ChangeCipherSpec
+ * messages are treated as if they were handshake messages *if* the |recd_type|
+ * argument is non NULL.
+ * Also if record payloads contain fragments too small to process, we store
+ * them until there is enough for the respective protocol (the record protocol
+ * may use arbitrary fragmentation and even interleaving):
+ *     Change cipher spec protocol
+ *             just 1 byte needed, no need for keeping anything stored
+ *     Alert protocol
+ *             2 bytes needed (AlertLevel, AlertDescription)
+ *     Handshake protocol
+ *             4 bytes needed (HandshakeType, uint24 length) -- we just have
+ *             to detect unexpected Client Hello and Hello Request messages
+ *             here, anything else is handled by higher layers
+ *     Application data protocol
+ *             none of our business
+ */
+int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
+                     size_t len, int peek, size_t *readbytes)
+{
+    int i, j, iret;
+    size_t n;
+    SSL3_RECORD *rr;
+    void (*cb) (const SSL *ssl, int type2, int val) = NULL;
+
+    if (!SSL3_BUFFER_is_initialised(&s->rlayer.rbuf)) {
+        /* Not initialized yet */
+        if (!ssl3_setup_buffers(s)) {
+            /* SSLfatal() already called */
+            return -1;
+        }
+    }
+
+    if ((type && (type != SSL3_RT_APPLICATION_DATA) &&
+         (type != SSL3_RT_HANDSHAKE)) ||
+        (peek && (type != SSL3_RT_APPLICATION_DATA))) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_READ_BYTES,
+                 ERR_R_INTERNAL_ERROR);
+        return -1;
+    }
+
+    if (!ossl_statem_get_in_handshake(s) && SSL_in_init(s)) {
+        /* type == SSL3_RT_APPLICATION_DATA */
+        i = s->handshake_func(s);
+        /* SSLfatal() already called if appropriate */
+        if (i < 0)
+            return i;
+        if (i == 0)
+            return -1;
+    }
+
+ start:
+    s->rwstate = SSL_NOTHING;
+
+    /*-
+     * s->s3->rrec.type         - is the type of record
+     * s->s3->rrec.data,    - data
+     * s->s3->rrec.off,     - offset into 'data' for next read
+     * s->s3->rrec.length,  - number of bytes.
+     */
+    rr = s->rlayer.rrec;
+
+    /*
+     * We are not handshaking and have no data yet, so process data buffered
+     * during the last handshake in advance, if any.
+     */
+    if (SSL_is_init_finished(s) && SSL3_RECORD_get_length(rr) == 0) {
+        pitem *item;
+        item = pqueue_pop(s->rlayer.d->buffered_app_data.q);
+        if (item) {
+#ifndef OPENSSL_NO_SCTP
+            /* Restore bio_dgram_sctp_rcvinfo struct */
+            if (BIO_dgram_is_sctp(SSL_get_rbio(s))) {
+                DTLS1_RECORD_DATA *rdata = (DTLS1_RECORD_DATA *)item->data;
+                BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_SET_RCVINFO,
+                         sizeof(rdata->recordinfo), &rdata->recordinfo);
+            }
+#endif
+
+            dtls1_copy_record(s, item);
+
+            OPENSSL_free(item->data);
+            pitem_free(item);
+        }
+    }
+
+    /* Check for timeout */
+    if (dtls1_handle_timeout(s) > 0) {
+        goto start;
+    } else if (ossl_statem_in_error(s)) {
+        /* dtls1_handle_timeout() has failed with a fatal error */
+        return -1;
+    }
+
+    /* get new packet if necessary */
+    if ((SSL3_RECORD_get_length(rr) == 0)
+        || (s->rlayer.rstate == SSL_ST_READ_BODY)) {
+        RECORD_LAYER_set_numrpipes(&s->rlayer, 0);
+        iret = dtls1_get_record(s);
+        if (iret <= 0) {
+            iret = dtls1_read_failed(s, iret);
+            /*
+             * Anything other than a timeout is an error. SSLfatal() already
+             * called if appropriate.
+             */
+            if (iret <= 0)
+                return iret;
+            else
+                goto start;
+        }
+        RECORD_LAYER_set_numrpipes(&s->rlayer, 1);
+    }
+
+    /*
+     * Reset the count of consecutive warning alerts if we've got a non-empty
+     * record that isn't an alert.
+     */
+    if (SSL3_RECORD_get_type(rr) != SSL3_RT_ALERT
+            && SSL3_RECORD_get_length(rr) != 0)
+        s->rlayer.alert_count = 0;
+
+    if (SSL3_RECORD_get_type(rr) != SSL3_RT_HANDSHAKE
+            && SSL3_RECORD_get_type(rr) != SSL3_RT_CHANGE_CIPHER_SPEC
+            && !SSL_in_init(s)
+            && (s->d1->next_timeout.tv_sec != 0
+                || s->d1->next_timeout.tv_usec != 0)) {
+        /*
+         * The timer is still running but we've received something that isn't
+         * handshake data - so the peer must have finished processing our
+         * last handshake flight. Stop the timer.
+         */
+        dtls1_stop_timer(s);
+    }
+
+    /* we now have a packet which can be read and processed */
+
+    if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
+                                   * reset by ssl3_get_finished */
+        && (SSL3_RECORD_get_type(rr) != SSL3_RT_HANDSHAKE)) {
+        /*
+         * We now have application data between CCS and Finished. Most likely
+         * the packets were reordered on their way, so buffer the application
+         * data for later processing rather than dropping the connection.
+         */
+        if (dtls1_buffer_record(s, &(s->rlayer.d->buffered_app_data),
+                                SSL3_RECORD_get_seq_num(rr)) < 0) {
+            /* SSLfatal() already called */
+            return -1;
+        }
+        SSL3_RECORD_set_length(rr, 0);
+        SSL3_RECORD_set_read(rr);
+        goto start;
+    }
+
+    /*
+     * If the other end has shut down, throw anything we read away (even in
+     * 'peek' mode)
+     */
+    if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
+        SSL3_RECORD_set_length(rr, 0);
+        SSL3_RECORD_set_read(rr);
+        s->rwstate = SSL_NOTHING;
+        return 0;
+    }
+
+    if (type == SSL3_RECORD_get_type(rr)
+        || (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC
+            && type == SSL3_RT_HANDSHAKE && recvd_type != NULL)) {
+        /*
+         * SSL3_RT_APPLICATION_DATA or
+         * SSL3_RT_HANDSHAKE or
+         * SSL3_RT_CHANGE_CIPHER_SPEC
+         */
+        /*
+         * make sure that we are not getting application data when we are
+         * doing a handshake for the first time
+         */
+        if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
+            (s->enc_read_ctx == NULL)) {
+            SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_DTLS1_READ_BYTES,
+                     SSL_R_APP_DATA_IN_HANDSHAKE);
+            return -1;
+        }
+
+        if (recvd_type != NULL)
+            *recvd_type = SSL3_RECORD_get_type(rr);
+
+        if (len == 0) {
+            /*
+             * Mark a zero length record as read. This ensures multiple calls to
+             * SSL_read() with a zero length buffer will eventually cause
+             * SSL_pending() to report data as being available.
+             */
+            if (SSL3_RECORD_get_length(rr) == 0)
+                SSL3_RECORD_set_read(rr);
+            return 0;
+        }
+
+        if (len > SSL3_RECORD_get_length(rr))
+            n = SSL3_RECORD_get_length(rr);
+        else
+            n = len;
+
+        memcpy(buf, &(SSL3_RECORD_get_data(rr)[SSL3_RECORD_get_off(rr)]), n);
+        if (peek) {
+            if (SSL3_RECORD_get_length(rr) == 0)
+                SSL3_RECORD_set_read(rr);
+        } else {
+            SSL3_RECORD_sub_length(rr, n);
+            SSL3_RECORD_add_off(rr, n);
+            if (SSL3_RECORD_get_length(rr) == 0) {
+                s->rlayer.rstate = SSL_ST_READ_HEADER;
+                SSL3_RECORD_set_off(rr, 0);
+                SSL3_RECORD_set_read(rr);
+            }
+        }
+#ifndef OPENSSL_NO_SCTP
+        /*
+         * We might had to delay a close_notify alert because of reordered
+         * app data. If there was an alert and there is no message to read
+         * anymore, finally set shutdown.
+         */
+        if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
+            s->d1->shutdown_received
+            && !BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
+            s->shutdown |= SSL_RECEIVED_SHUTDOWN;
+            return 0;
+        }
+#endif
+        *readbytes = n;
+        return 1;
+    }
+
+    /*
+     * If we get here, then type != rr->type; if we have a handshake message,
+     * then it was unexpected (Hello Request or Client Hello).
+     */
+
+    if (SSL3_RECORD_get_type(rr) == SSL3_RT_ALERT) {
+        unsigned int alert_level, alert_descr;
+        unsigned char *alert_bytes = SSL3_RECORD_get_data(rr)
+                                     + SSL3_RECORD_get_off(rr);
+        PACKET alert;
+
+        if (!PACKET_buf_init(&alert, alert_bytes, SSL3_RECORD_get_length(rr))
+                || !PACKET_get_1(&alert, &alert_level)
+                || !PACKET_get_1(&alert, &alert_descr)
+                || PACKET_remaining(&alert) != 0) {
+            SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_DTLS1_READ_BYTES,
+                     SSL_R_INVALID_ALERT);
+            return -1;
+        }
+
+        if (s->msg_callback)
+            s->msg_callback(0, s->version, SSL3_RT_ALERT, alert_bytes, 2, s,
+                            s->msg_callback_arg);
+
+        if (s->info_callback != NULL)
+            cb = s->info_callback;
+        else if (s->ctx->info_callback != NULL)
+            cb = s->ctx->info_callback;
+
+        if (cb != NULL) {
+            j = (alert_level << 8) | alert_descr;
+            cb(s, SSL_CB_READ_ALERT, j);
+        }
+
+        if (alert_level == SSL3_AL_WARNING) {
+            s->s3->warn_alert = alert_descr;
+            SSL3_RECORD_set_read(rr);
+
+            s->rlayer.alert_count++;
+            if (s->rlayer.alert_count == MAX_WARN_ALERT_COUNT) {
+                SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_DTLS1_READ_BYTES,
+                         SSL_R_TOO_MANY_WARN_ALERTS);
+                return -1;
+            }
+
+            if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
+#ifndef OPENSSL_NO_SCTP
+                /*
+                 * With SCTP and streams the socket may deliver app data
+                 * after a close_notify alert. We have to check this first so
+                 * that nothing gets discarded.
+                 */
+                if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
+                    BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
+                    s->d1->shutdown_received = 1;
+                    s->rwstate = SSL_READING;
+                    BIO_clear_retry_flags(SSL_get_rbio(s));
+                    BIO_set_retry_read(SSL_get_rbio(s));
+                    return -1;
+                }
+#endif
+                s->shutdown |= SSL_RECEIVED_SHUTDOWN;
+                return 0;
+            }
+        } else if (alert_level == SSL3_AL_FATAL) {
+            char tmp[16];
+
+            s->rwstate = SSL_NOTHING;
+            s->s3->fatal_alert = alert_descr;
+            SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_DTLS1_READ_BYTES,
+                     SSL_AD_REASON_OFFSET + alert_descr);
+            BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr);
+            ERR_add_error_data(2, "SSL alert number ", tmp);
+            s->shutdown |= SSL_RECEIVED_SHUTDOWN;
+            SSL3_RECORD_set_read(rr);
+            SSL_CTX_remove_session(s->session_ctx, s->session);
+            return 0;
+        } else {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_DTLS1_READ_BYTES,
+                     SSL_R_UNKNOWN_ALERT_TYPE);
+            return -1;
+        }
+
+        goto start;
+    }
+
+    if (s->shutdown & SSL_SENT_SHUTDOWN) { /* but we have not received a
+                                            * shutdown */
+        s->rwstate = SSL_NOTHING;
+        SSL3_RECORD_set_length(rr, 0);
+        SSL3_RECORD_set_read(rr);
+        return 0;
+    }
+
+    if (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC) {
+        /*
+         * We can't process a CCS now, because previous handshake messages
+         * are still missing, so just drop it.
+         */
+        SSL3_RECORD_set_length(rr, 0);
+        SSL3_RECORD_set_read(rr);
+        goto start;
+    }
+
+    /*
+     * Unexpected handshake message (Client Hello, or protocol violation)
+     */
+    if ((SSL3_RECORD_get_type(rr) == SSL3_RT_HANDSHAKE) &&
+            !ossl_statem_get_in_handshake(s)) {
+        struct hm_header_st msg_hdr;
+
+        /*
+         * This may just be a stale retransmit. Also sanity check that we have
+         * at least enough record bytes for a message header
+         */
+        if (SSL3_RECORD_get_epoch(rr) != s->rlayer.d->r_epoch
+                || SSL3_RECORD_get_length(rr) < DTLS1_HM_HEADER_LENGTH) {
+            SSL3_RECORD_set_length(rr, 0);
+            SSL3_RECORD_set_read(rr);
+            goto start;
+        }
+
+        dtls1_get_message_header(rr->data, &msg_hdr);
+
+        /*
+         * If we are server, we may have a repeated FINISHED of the client
+         * here, then retransmit our CCS and FINISHED.
+         */
+        if (msg_hdr.type == SSL3_MT_FINISHED) {
+            if (dtls1_check_timeout_num(s) < 0) {
+                /* SSLfatal) already called */
+                return -1;
+            }
+
+            if (dtls1_retransmit_buffered_messages(s) <= 0) {
+                /* Fail if we encountered a fatal error */
+                if (ossl_statem_in_error(s))
+                    return -1;
+            }
+            SSL3_RECORD_set_length(rr, 0);
+            SSL3_RECORD_set_read(rr);
+            if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
+                if (SSL3_BUFFER_get_left(&s->rlayer.rbuf) == 0) {
+                    /* no read-ahead left? */
+                    BIO *bio;
+
+                    s->rwstate = SSL_READING;
+                    bio = SSL_get_rbio(s);
+                    BIO_clear_retry_flags(bio);
+                    BIO_set_retry_read(bio);
+                    return -1;
+                }
+            }
+            goto start;
+        }
+
+        /*
+         * To get here we must be trying to read app data but found handshake
+         * data. But if we're trying to read app data, and we're not in init
+         * (which is tested for at the top of this function) then init must be
+         * finished
+         */
+        if (!ossl_assert(SSL_is_init_finished(s))) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_READ_BYTES,
+                     ERR_R_INTERNAL_ERROR);
+            return -1;
+        }
+
+        /* We found handshake data, so we're going back into init */
+        ossl_statem_set_in_init(s, 1);
+
+        i = s->handshake_func(s);
+        /* SSLfatal() called if appropriate */
+        if (i < 0)
+            return i;
+        if (i == 0)
+            return -1;
+
+        if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
+            if (SSL3_BUFFER_get_left(&s->rlayer.rbuf) == 0) {
+                /* no read-ahead left? */
+                BIO *bio;
+                /*
+                 * In the case where we try to read application data, but we
+                 * trigger an SSL handshake, we return -1 with the retry
+                 * option set.  Otherwise renegotiation may cause nasty
+                 * problems in the blocking world
+                 */
+                s->rwstate = SSL_READING;
+                bio = SSL_get_rbio(s);
+                BIO_clear_retry_flags(bio);
+                BIO_set_retry_read(bio);
+                return -1;
+            }
+        }
+        goto start;
+    }
+
+    switch (SSL3_RECORD_get_type(rr)) {
+    default:
+        SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_DTLS1_READ_BYTES,
+                 SSL_R_UNEXPECTED_RECORD);
+        return -1;
+    case SSL3_RT_CHANGE_CIPHER_SPEC:
+    case SSL3_RT_ALERT:
+    case SSL3_RT_HANDSHAKE:
+        /*
+         * we already handled all of these, with the possible exception of
+         * SSL3_RT_HANDSHAKE when ossl_statem_get_in_handshake(s) is true, but
+         * that should not happen when type != rr->type
+         */
+        SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_DTLS1_READ_BYTES,
+                 ERR_R_INTERNAL_ERROR);
+        return -1;
+    case SSL3_RT_APPLICATION_DATA:
+        /*
+         * At this point, we were expecting handshake data, but have
+         * application data.  If the library was running inside ssl3_read()
+         * (i.e. in_read_app_data is set) and it makes sense to read
+         * application data at this point (session renegotiation not yet
+         * started), we will indulge it.
+         */
+        if (s->s3->in_read_app_data &&
+            (s->s3->total_renegotiations != 0) &&
+            ossl_statem_app_data_allowed(s)) {
+            s->s3->in_read_app_data = 2;
+            return -1;
+        } else {
+            SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_DTLS1_READ_BYTES,
+                     SSL_R_UNEXPECTED_RECORD);
+            return -1;
+        }
+    }
+    /* not reached */
+}
+
+/*
+ * Call this to write data in records of type 'type' It will return <= 0 if
+ * not all data has been sent or non-blocking IO.
+ */
+int dtls1_write_bytes(SSL *s, int type, const void *buf, size_t len,
+                      size_t *written)
+{
+    int i;
+
+    if (!ossl_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_WRITE_BYTES,
+                 ERR_R_INTERNAL_ERROR);
+        return -1;
+    }
+    s->rwstate = SSL_NOTHING;
+    i = do_dtls1_write(s, type, buf, len, 0, written);
+    return i;
+}
+
+int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
+                   size_t len, int create_empty_fragment, size_t *written)
+{
+    unsigned char *p, *pseq;
+    int i, mac_size, clear = 0;
+    size_t prefix_len = 0;
+    int eivlen;
+    SSL3_RECORD wr;
+    SSL3_BUFFER *wb;
+    SSL_SESSION *sess;
+
+    wb = &s->rlayer.wbuf[0];
+
+    /*
+     * first check if there is a SSL3_BUFFER still being written out.  This
+     * will happen with non blocking IO
+     */
+    if (!ossl_assert(SSL3_BUFFER_get_left(wb) == 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    /* If we have an alert to send, lets send it */
+    if (s->s3->alert_dispatch) {
+        i = s->method->ssl_dispatch_alert(s);
+        if (i <= 0)
+            return i;
+        /* if it went, fall through and send more stuff */
+    }
+
+    if (len == 0 && !create_empty_fragment)
+        return 0;
+
+    if (len > ssl_get_max_send_fragment(s)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE,
+                 SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE);
+        return 0;
+    }
+
+    sess = s->session;
+
+    if ((sess == NULL) ||
+        (s->enc_write_ctx == NULL) || (EVP_MD_CTX_md(s->write_hash) == NULL))
+        clear = 1;
+
+    if (clear)
+        mac_size = 0;
+    else {
+        mac_size = EVP_MD_CTX_size(s->write_hash);
+        if (mac_size < 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE,
+                     SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE);
+            return -1;
+        }
+    }
+
+    p = SSL3_BUFFER_get_buf(wb) + prefix_len;
+
+    /* write the header */
+
+    *(p++) = type & 0xff;
+    SSL3_RECORD_set_type(&wr, type);
+    /*
+     * Special case: for hello verify request, client version 1.0 and we
+     * haven't decided which version to use yet send back using version 1.0
+     * header: otherwise some clients will ignore it.
+     */
+    if (s->method->version == DTLS_ANY_VERSION &&
+        s->max_proto_version != DTLS1_BAD_VER) {
+        *(p++) = DTLS1_VERSION >> 8;
+        *(p++) = DTLS1_VERSION & 0xff;
+    } else {
+        *(p++) = s->version >> 8;
+        *(p++) = s->version & 0xff;
+    }
+
+    /* field where we are to write out packet epoch, seq num and len */
+    pseq = p;
+    p += 10;
+
+    /* Explicit IV length, block ciphers appropriate version flag */
+    if (s->enc_write_ctx) {
+        int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx);
+        if (mode == EVP_CIPH_CBC_MODE) {
+            eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx);
+            if (eivlen <= 1)
+                eivlen = 0;
+        }
+        /* Need explicit part of IV for GCM mode */
+        else if (mode == EVP_CIPH_GCM_MODE)
+            eivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN;
+        else if (mode == EVP_CIPH_CCM_MODE)
+            eivlen = EVP_CCM_TLS_EXPLICIT_IV_LEN;
+        else
+            eivlen = 0;
+    } else
+        eivlen = 0;
+
+    /* lets setup the record stuff. */
+    SSL3_RECORD_set_data(&wr, p + eivlen); /* make room for IV in case of CBC */
+    SSL3_RECORD_set_length(&wr, len);
+    SSL3_RECORD_set_input(&wr, (unsigned char *)buf);
+
+    /*
+     * we now 'read' from wr.input, wr.length bytes into wr.data
+     */
+
+    /* first we compress */
+    if (s->compress != NULL) {
+        if (!ssl3_do_compress(s, &wr)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE,
+                     SSL_R_COMPRESSION_FAILURE);
+            return -1;
+        }
+    } else {
+        memcpy(SSL3_RECORD_get_data(&wr), SSL3_RECORD_get_input(&wr),
+               SSL3_RECORD_get_length(&wr));
+        SSL3_RECORD_reset_input(&wr);
+    }
+
+    /*
+     * we should still have the output to wr.data and the input from
+     * wr.input.  Length should be wr.length. wr.data still points in the
+     * wb->buf
+     */
+
+    if (!SSL_WRITE_ETM(s) && mac_size != 0) {
+        if (!s->method->ssl3_enc->mac(s, &wr,
+                                      &(p[SSL3_RECORD_get_length(&wr) + eivlen]),
+                                      1)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE,
+                     ERR_R_INTERNAL_ERROR);
+            return -1;
+        }
+        SSL3_RECORD_add_length(&wr, mac_size);
+    }
+
+    /* this is true regardless of mac size */
+    SSL3_RECORD_set_data(&wr, p);
+    SSL3_RECORD_reset_input(&wr);
+
+    if (eivlen)
+        SSL3_RECORD_add_length(&wr, eivlen);
+
+    if (s->method->ssl3_enc->enc(s, &wr, 1, 1) < 1) {
+        if (!ossl_statem_in_error(s)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE,
+                     ERR_R_INTERNAL_ERROR);
+        }
+        return -1;
+    }
+
+    if (SSL_WRITE_ETM(s) && mac_size != 0) {
+        if (!s->method->ssl3_enc->mac(s, &wr,
+                                      &(p[SSL3_RECORD_get_length(&wr)]), 1)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE,
+                     ERR_R_INTERNAL_ERROR);
+            return -1;
+        }
+        SSL3_RECORD_add_length(&wr, mac_size);
+    }
+
+    /* record length after mac and block padding */
+
+    /* there's only one epoch between handshake and app data */
+
+    s2n(s->rlayer.d->w_epoch, pseq);
+
+    memcpy(pseq, &(s->rlayer.write_sequence[2]), 6);
+    pseq += 6;
+    s2n(SSL3_RECORD_get_length(&wr), pseq);
+
+    if (s->msg_callback)
+        s->msg_callback(1, 0, SSL3_RT_HEADER, pseq - DTLS1_RT_HEADER_LENGTH,
+                        DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg);
+
+    /*
+     * we should now have wr.data pointing to the encrypted data, which is
+     * wr->length long
+     */
+    SSL3_RECORD_set_type(&wr, type); /* not needed but helps for debugging */
+    SSL3_RECORD_add_length(&wr, DTLS1_RT_HEADER_LENGTH);
+
+    ssl3_record_sequence_update(&(s->rlayer.write_sequence[0]));
+
+    if (create_empty_fragment) {
+        /*
+         * we are in a recursive call; just return the length, don't write
+         * out anything here
+         */
+        *written = wr.length;
+        return 1;
+    }
+
+    /* now let's set up wb */
+    SSL3_BUFFER_set_left(wb, prefix_len + SSL3_RECORD_get_length(&wr));
+    SSL3_BUFFER_set_offset(wb, 0);
+
+    /*
+     * memorize arguments so that ssl3_write_pending can detect bad write
+     * retries later
+     */
+    s->rlayer.wpend_tot = len;
+    s->rlayer.wpend_buf = buf;
+    s->rlayer.wpend_type = type;
+    s->rlayer.wpend_ret = len;
+
+    /* we now just need to write the buffer. Calls SSLfatal() as required. */
+    return ssl3_write_pending(s, type, buf, len, written);
+}
+
+DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,
+                               unsigned int *is_next_epoch)
+{
+
+    *is_next_epoch = 0;
+
+    /* In current epoch, accept HM, CCS, DATA, & ALERT */
+    if (rr->epoch == s->rlayer.d->r_epoch)
+        return &s->rlayer.d->bitmap;
+
+    /*
+     * Only HM and ALERT messages can be from the next epoch and only if we
+     * have already processed all of the unprocessed records from the last
+     * epoch
+     */
+    else if (rr->epoch == (unsigned long)(s->rlayer.d->r_epoch + 1) &&
+             s->rlayer.d->unprocessed_rcds.epoch != s->rlayer.d->r_epoch &&
+             (rr->type == SSL3_RT_HANDSHAKE || rr->type == SSL3_RT_ALERT)) {
+        *is_next_epoch = 1;
+        return &s->rlayer.d->next_bitmap;
+    }
+
+    return NULL;
+}
+
+void dtls1_reset_seq_numbers(SSL *s, int rw)
+{
+    unsigned char *seq;
+    unsigned int seq_bytes = sizeof(s->rlayer.read_sequence);
+
+    if (rw & SSL3_CC_READ) {
+        seq = s->rlayer.read_sequence;
+        s->rlayer.d->r_epoch++;
+        memcpy(&s->rlayer.d->bitmap, &s->rlayer.d->next_bitmap,
+               sizeof(s->rlayer.d->bitmap));
+        memset(&s->rlayer.d->next_bitmap, 0, sizeof(s->rlayer.d->next_bitmap));
+
+        /*
+         * We must not use any buffered messages received from the previous
+         * epoch
+         */
+        dtls1_clear_received_buffer(s);
+    } else {
+        seq = s->rlayer.write_sequence;
+        memcpy(s->rlayer.d->last_write_sequence, seq,
+               sizeof(s->rlayer.write_sequence));
+        s->rlayer.d->w_epoch++;
+    }
+
+    memset(seq, 0, seq_bytes);
+}
diff --git a/freebsd/crypto/openssl/ssl/record/rec_layer_s3.c b/freebsd/crypto/openssl/ssl/record/rec_layer_s3.c
new file mode 100644
index 00000000..fdc374ae
--- /dev/null
+++ b/freebsd/crypto/openssl/ssl/record/rec_layer_s3.c
@@ -0,0 +1,1765 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <limits.h>
+#include <errno.h>
+#include "../ssl_locl.h"
+#include <openssl/evp.h>
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include "record_locl.h"
+#include "../packet_locl.h"
+
+#if     defined(OPENSSL_SMALL_FOOTPRINT) || \
+        !(      defined(AES_ASM) &&     ( \
+                defined(__x86_64)       || defined(__x86_64__)  || \
+                defined(_M_AMD64)       || defined(_M_X64)      ) \
+        )
+# undef EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
+# define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0
+#endif
+
+void RECORD_LAYER_init(RECORD_LAYER *rl, SSL *s)
+{
+    rl->s = s;
+    RECORD_LAYER_set_first_record(&s->rlayer);
+    SSL3_RECORD_clear(rl->rrec, SSL_MAX_PIPELINES);
+}
+
+void RECORD_LAYER_clear(RECORD_LAYER *rl)
+{
+    rl->rstate = SSL_ST_READ_HEADER;
+
+    /*
+     * Do I need to clear read_ahead? As far as I can tell read_ahead did not
+     * previously get reset by SSL_clear...so I'll keep it that way..but is
+     * that right?
+     */
+
+    rl->packet = NULL;
+    rl->packet_length = 0;
+    rl->wnum = 0;
+    memset(rl->handshake_fragment, 0, sizeof(rl->handshake_fragment));
+    rl->handshake_fragment_len = 0;
+    rl->wpend_tot = 0;
+    rl->wpend_type = 0;
+    rl->wpend_ret = 0;
+    rl->wpend_buf = NULL;
+
+    SSL3_BUFFER_clear(&rl->rbuf);
+    ssl3_release_write_buffer(rl->s);
+    rl->numrpipes = 0;
+    SSL3_RECORD_clear(rl->rrec, SSL_MAX_PIPELINES);
+
+    RECORD_LAYER_reset_read_sequence(rl);
+    RECORD_LAYER_reset_write_sequence(rl);
+
+    if (rl->d)
+        DTLS_RECORD_LAYER_clear(rl);
+}
+
+void RECORD_LAYER_release(RECORD_LAYER *rl)
+{
+    if (SSL3_BUFFER_is_initialised(&rl->rbuf))
+        ssl3_release_read_buffer(rl->s);
+    if (rl->numwpipes > 0)
+        ssl3_release_write_buffer(rl->s);
+    SSL3_RECORD_release(rl->rrec, SSL_MAX_PIPELINES);
+}
+
+/* Checks if we have unprocessed read ahead data pending */
+int RECORD_LAYER_read_pending(const RECORD_LAYER *rl)
+{
+    return SSL3_BUFFER_get_left(&rl->rbuf) != 0;
+}
+
+/* Checks if we have decrypted unread record data pending */
+int RECORD_LAYER_processed_read_pending(const RECORD_LAYER *rl)
+{
+    size_t curr_rec = 0, num_recs = RECORD_LAYER_get_numrpipes(rl);
+    const SSL3_RECORD *rr = rl->rrec;
+
+    while (curr_rec < num_recs && SSL3_RECORD_is_read(&rr[curr_rec]))
+        curr_rec++;
+
+    return curr_rec < num_recs;
+}
+
+int RECORD_LAYER_write_pending(const RECORD_LAYER *rl)
+{
+    return (rl->numwpipes > 0)
+        && SSL3_BUFFER_get_left(&rl->wbuf[rl->numwpipes - 1]) != 0;
+}
+
+void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl)
+{
+    memset(rl->read_sequence, 0, sizeof(rl->read_sequence));
+}
+
+void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl)
+{
+    memset(rl->write_sequence, 0, sizeof(rl->write_sequence));
+}
+
+size_t ssl3_pending(const SSL *s)
+{
+    size_t i, num = 0;
+
+    if (s->rlayer.rstate == SSL_ST_READ_BODY)
+        return 0;
+
+    for (i = 0; i < RECORD_LAYER_get_numrpipes(&s->rlayer); i++) {
+        if (SSL3_RECORD_get_type(&s->rlayer.rrec[i])
+            != SSL3_RT_APPLICATION_DATA)
+            return 0;
+        num += SSL3_RECORD_get_length(&s->rlayer.rrec[i]);
+    }
+
+    return num;
+}
+
+void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len)
+{
+    ctx->default_read_buf_len = len;
+}
+
+void SSL_set_default_read_buffer_len(SSL *s, size_t len)
+{
+    SSL3_BUFFER_set_default_len(RECORD_LAYER_get_rbuf(&s->rlayer), len);
+}
+
+const char *SSL_rstate_string_long(const SSL *s)
+{
+    switch (s->rlayer.rstate) {
+    case SSL_ST_READ_HEADER:
+        return "read header";
+    case SSL_ST_READ_BODY:
+        return "read body";
+    case SSL_ST_READ_DONE:
+        return "read done";
+    default:
+        return "unknown";
+    }
+}
+
+const char *SSL_rstate_string(const SSL *s)
+{
+    switch (s->rlayer.rstate) {
+    case SSL_ST_READ_HEADER:
+        return "RH";
+    case SSL_ST_READ_BODY:
+        return "RB";
+    case SSL_ST_READ_DONE:
+        return "RD";
+    default:
+        return "unknown";
+    }
+}
+
+/*
+ * Return values are as per SSL_read()
+ */
+int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold,
+                size_t *readbytes)
+{
+    /*
+     * If extend == 0, obtain new n-byte packet; if extend == 1, increase
+     * packet by another n bytes. The packet will be in the sub-array of
+     * s->s3->rbuf.buf specified by s->packet and s->packet_length. (If
+     * s->rlayer.read_ahead is set, 'max' bytes may be stored in rbuf [plus
+     * s->packet_length bytes if extend == 1].)
+     * if clearold == 1, move the packet to the start of the buffer; if
+     * clearold == 0 then leave any old packets where they were
+     */
+    size_t len, left, align = 0;
+    unsigned char *pkt;
+    SSL3_BUFFER *rb;
+
+    if (n == 0)
+        return 0;
+
+    rb = &s->rlayer.rbuf;
+    if (rb->buf == NULL)
+        if (!ssl3_setup_read_buffer(s)) {
+            /* SSLfatal() already called */
+            return -1;
+        }
+
+    left = rb->left;
+#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
+    align = (size_t)rb->buf + SSL3_RT_HEADER_LENGTH;
+    align = SSL3_ALIGN_PAYLOAD - 1 - ((align - 1) % SSL3_ALIGN_PAYLOAD);
+#endif
+
+    if (!extend) {
+        /* start with empty packet ... */
+        if (left == 0)
+            rb->offset = align;
+        else if (align != 0 && left >= SSL3_RT_HEADER_LENGTH) {
+            /*
+             * check if next packet length is large enough to justify payload
+             * alignment...
+             */
+            pkt = rb->buf + rb->offset;
+            if (pkt[0] == SSL3_RT_APPLICATION_DATA
+                && (pkt[3] << 8 | pkt[4]) >= 128) {
+                /*
+                 * Note that even if packet is corrupted and its length field
+                 * is insane, we can only be led to wrong decision about
+                 * whether memmove will occur or not. Header values has no
+                 * effect on memmove arguments and therefore no buffer
+                 * overrun can be triggered.
+                 */
+                memmove(rb->buf + align, pkt, left);
+                rb->offset = align;
+            }
+        }
+        s->rlayer.packet = rb->buf + rb->offset;
+        s->rlayer.packet_length = 0;
+        /* ... now we can act as if 'extend' was set */
+    }
+
+    len = s->rlayer.packet_length;
+    pkt = rb->buf + align;
+    /*
+     * Move any available bytes to front of buffer: 'len' bytes already
+     * pointed to by 'packet', 'left' extra ones at the end
+     */
+    if (s->rlayer.packet != pkt && clearold == 1) {
+        memmove(pkt, s->rlayer.packet, len + left);
+        s->rlayer.packet = pkt;
+        rb->offset = len + align;
+    }
+
+    /*
+     * For DTLS/UDP reads should not span multiple packets because the read
+     * operation returns the whole packet at once (as long as it fits into
+     * the buffer).
+     */
+    if (SSL_IS_DTLS(s)) {
+        if (left == 0 && extend)
+            return 0;
+        if (left > 0 && n > left)
+            n = left;
+    }
+
+    /* if there is enough in the buffer from a previous read, take some */
+    if (left >= n) {
+        s->rlayer.packet_length += n;
+        rb->left = left - n;
+        rb->offset += n;
+        *readbytes = n;
+        return 1;
+    }
+
+    /* else we need to read more data */
+
+    if (n > rb->len - rb->offset) {
+        /* does not happen */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_N,
+                 ERR_R_INTERNAL_ERROR);
+        return -1;
+    }
+
+    /* We always act like read_ahead is set for DTLS */
+    if (!s->rlayer.read_ahead && !SSL_IS_DTLS(s))
+        /* ignore max parameter */
+        max = n;
+    else {
+        if (max < n)
+            max = n;
+        if (max > rb->len - rb->offset)
+            max = rb->len - rb->offset;
+    }
+
+    while (left < n) {
+        size_t bioread = 0;
+        int ret;
+
+        /*
+         * Now we have len+left bytes at the front of s->s3->rbuf.buf and
+         * need to read in more until we have len+n (up to len+max if
+         * possible)
+         */
+
+        clear_sys_error();
+        if (s->rbio != NULL) {
+            s->rwstate = SSL_READING;
+            /* TODO(size_t): Convert this function */
+            ret = BIO_read(s->rbio, pkt + len + left, max - left);
+            if (ret >= 0)
+                bioread = ret;
+        } else {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_N,
+                     SSL_R_READ_BIO_NOT_SET);
+            ret = -1;
+        }
+
+        if (ret <= 0) {
+            rb->left = left;
+            if (s->mode & SSL_MODE_RELEASE_BUFFERS && !SSL_IS_DTLS(s))
+                if (len + left == 0)
+                    ssl3_release_read_buffer(s);
+            return ret;
+        }
+        left += bioread;
+        /*
+         * reads should *never* span multiple packets for DTLS because the
+         * underlying transport protocol is message oriented as opposed to
+         * byte oriented as in the TLS case.
+         */
+        if (SSL_IS_DTLS(s)) {
+            if (n > left)
+                n = left;       /* makes the while condition false */
+        }
+    }
+
+    /* done reading, now the book-keeping */
+    rb->offset += n;
+    rb->left = left - n;
+    s->rlayer.packet_length += n;
+    s->rwstate = SSL_NOTHING;
+    *readbytes = n;
+    return 1;
+}
+
+/*
+ * Call this to write data in records of type 'type' It will return <= 0 if
+ * not all data has been sent or non-blocking IO.
+ */
+int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
+                     size_t *written)
+{
+    const unsigned char *buf = buf_;
+    size_t tot;
+    size_t n, max_send_fragment, split_send_fragment, maxpipes;
+#if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
+    size_t nw;
+#endif
+    SSL3_BUFFER *wb = &s->rlayer.wbuf[0];
+    int i;
+    size_t tmpwrit;
+
+    s->rwstate = SSL_NOTHING;
+    tot = s->rlayer.wnum;
+    /*
+     * ensure that if we end up with a smaller value of data to write out
+     * than the original len from a write which didn't complete for
+     * non-blocking I/O and also somehow ended up avoiding the check for
+     * this in ssl3_write_pending/SSL_R_BAD_WRITE_RETRY as it must never be
+     * possible to end up with (len-tot) as a large number that will then
+     * promptly send beyond the end of the users buffer ... so we trap and
+     * report the error in a way the user will notice
+     */
+    if ((len < s->rlayer.wnum)
+        || ((wb->left != 0) && (len < (s->rlayer.wnum + s->rlayer.wpend_tot)))) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_WRITE_BYTES,
+                 SSL_R_BAD_LENGTH);
+        return -1;
+    }
+
+    if (s->early_data_state == SSL_EARLY_DATA_WRITING
+            && !early_data_count_ok(s, len, 0, 1)) {
+        /* SSLfatal() already called */
+        return -1;
+    }
+
+    s->rlayer.wnum = 0;
+
+    /*
+     * When writing early data on the server side we could be "in_init" in
+     * between receiving the EoED and the CF - but we don't want to handle those
+     * messages yet.
+     */
+    if (SSL_in_init(s) && !ossl_statem_get_in_handshake(s)
+            && s->early_data_state != SSL_EARLY_DATA_UNAUTH_WRITING) {
+        i = s->handshake_func(s);
+        /* SSLfatal() already called */
+        if (i < 0)
+            return i;
+        if (i == 0) {
+            return -1;
+        }
+    }
+
+    /*
+     * first check if there is a SSL3_BUFFER still being written out.  This
+     * will happen with non blocking IO
+     */
+    if (wb->left != 0) {
+        /* SSLfatal() already called if appropriate */
+        i = ssl3_write_pending(s, type, &buf[tot], s->rlayer.wpend_tot,
+                               &tmpwrit);
+        if (i <= 0) {
+            /* XXX should we ssl3_release_write_buffer if i<0? */
+            s->rlayer.wnum = tot;
+            return i;
+        }
+        tot += tmpwrit;               /* this might be last fragment */
+    }
+#if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
+    /*
+     * Depending on platform multi-block can deliver several *times*
+     * better performance. Downside is that it has to allocate
+     * jumbo buffer to accommodate up to 8 records, but the
+     * compromise is considered worthy.
+     */
+    if (type == SSL3_RT_APPLICATION_DATA &&
+        len >= 4 * (max_send_fragment = ssl_get_max_send_fragment(s)) &&
+        s->compress == NULL && s->msg_callback == NULL &&
+        !SSL_WRITE_ETM(s) && SSL_USE_EXPLICIT_IV(s) &&
+        EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_write_ctx)) &
+        EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) {
+        unsigned char aad[13];
+        EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param;
+        size_t packlen;
+        int packleni;
+
+        /* minimize address aliasing conflicts */
+        if ((max_send_fragment & 0xfff) == 0)
+            max_send_fragment -= 512;
+
+        if (tot == 0 || wb->buf == NULL) { /* allocate jumbo buffer */
+            ssl3_release_write_buffer(s);
+
+            packlen = EVP_CIPHER_CTX_ctrl(s->enc_write_ctx,
+                                          EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE,
+                                          (int)max_send_fragment, NULL);
+
+            if (len >= 8 * max_send_fragment)
+                packlen *= 8;
+            else
+                packlen *= 4;
+
+            if (!ssl3_setup_write_buffer(s, 1, packlen)) {
+                /* SSLfatal() already called */
+                return -1;
+            }
+        } else if (tot == len) { /* done? */
+            /* free jumbo buffer */
+            ssl3_release_write_buffer(s);
+            *written = tot;
+            return 1;
+        }
+
+        n = (len - tot);
+        for (;;) {
+            if (n < 4 * max_send_fragment) {
+                /* free jumbo buffer */
+                ssl3_release_write_buffer(s);
+                break;
+            }
+
+            if (s->s3->alert_dispatch) {
+                i = s->method->ssl_dispatch_alert(s);
+                if (i <= 0) {
+                    /* SSLfatal() already called if appropriate */
+                    s->rlayer.wnum = tot;
+                    return i;
+                }
+            }
+
+            if (n >= 8 * max_send_fragment)
+                nw = max_send_fragment * (mb_param.interleave = 8);
+            else
+                nw = max_send_fragment * (mb_param.interleave = 4);
+
+            memcpy(aad, s->rlayer.write_sequence, 8);
+            aad[8] = type;
+            aad[9] = (unsigned char)(s->version >> 8);
+            aad[10] = (unsigned char)(s->version);
+            aad[11] = 0;
+            aad[12] = 0;
+            mb_param.out = NULL;
+            mb_param.inp = aad;
+            mb_param.len = nw;
+
+            packleni = EVP_CIPHER_CTX_ctrl(s->enc_write_ctx,
+                                          EVP_CTRL_TLS1_1_MULTIBLOCK_AAD,
+                                          sizeof(mb_param), &mb_param);
+            packlen = (size_t)packleni;
+            if (packleni <= 0 || packlen > wb->len) { /* never happens */
+                /* free jumbo buffer */
+                ssl3_release_write_buffer(s);
+                break;
+            }
+
+            mb_param.out = wb->buf;
+            mb_param.inp = &buf[tot];
+            mb_param.len = nw;
+
+            if (EVP_CIPHER_CTX_ctrl(s->enc_write_ctx,
+                                    EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT,
+                                    sizeof(mb_param), &mb_param) <= 0)
+                return -1;
+
+            s->rlayer.write_sequence[7] += mb_param.interleave;
+            if (s->rlayer.write_sequence[7] < mb_param.interleave) {
+                int j = 6;
+                while (j >= 0 && (++s->rlayer.write_sequence[j--]) == 0) ;
+            }
+
+            wb->offset = 0;
+            wb->left = packlen;
+
+            s->rlayer.wpend_tot = nw;
+            s->rlayer.wpend_buf = &buf[tot];
+            s->rlayer.wpend_type = type;
+            s->rlayer.wpend_ret = nw;
+
+            i = ssl3_write_pending(s, type, &buf[tot], nw, &tmpwrit);
+            if (i <= 0) {
+                /* SSLfatal() already called if appropriate */
+                if (i < 0 && (!s->wbio || !BIO_should_retry(s->wbio))) {
+                    /* free jumbo buffer */
+                    ssl3_release_write_buffer(s);
+                }
+                s->rlayer.wnum = tot;
+                return i;
+            }
+            if (tmpwrit == n) {
+                /* free jumbo buffer */
+                ssl3_release_write_buffer(s);
+                *written = tot + tmpwrit;
+                return 1;
+            }
+            n -= tmpwrit;
+            tot += tmpwrit;
+        }
+    } else
+#endif  /* !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK */
+    if (tot == len) {           /* done? */
+        if (s->mode & SSL_MODE_RELEASE_BUFFERS && !SSL_IS_DTLS(s))
+            ssl3_release_write_buffer(s);
+
+        *written = tot;
+        return 1;
+    }
+
+    n = (len - tot);
+
+    max_send_fragment = ssl_get_max_send_fragment(s);
+    split_send_fragment = ssl_get_split_send_fragment(s);
+    /*
+     * If max_pipelines is 0 then this means "undefined" and we default to
+     * 1 pipeline. Similarly if the cipher does not support pipelined
+     * processing then we also only use 1 pipeline, or if we're not using
+     * explicit IVs
+     */
+    maxpipes = s->max_pipelines;
+    if (maxpipes > SSL_MAX_PIPELINES) {
+        /*
+         * We should have prevented this when we set max_pipelines so we
+         * shouldn't get here
+         */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_WRITE_BYTES,
+                 ERR_R_INTERNAL_ERROR);
+        return -1;
+    }
+    if (maxpipes == 0
+        || s->enc_write_ctx == NULL
+        || !(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_write_ctx))
+             & EVP_CIPH_FLAG_PIPELINE)
+        || !SSL_USE_EXPLICIT_IV(s))
+        maxpipes = 1;
+    if (max_send_fragment == 0 || split_send_fragment == 0
+        || split_send_fragment > max_send_fragment) {
+        /*
+         * We should have prevented this when we set/get the split and max send
+         * fragments so we shouldn't get here
+         */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_WRITE_BYTES,
+                 ERR_R_INTERNAL_ERROR);
+        return -1;
+    }
+
+    for (;;) {
+        size_t pipelens[SSL_MAX_PIPELINES], tmppipelen, remain;
+        size_t numpipes, j;
+
+        if (n == 0)
+            numpipes = 1;
+        else
+            numpipes = ((n - 1) / split_send_fragment) + 1;
+        if (numpipes > maxpipes)
+            numpipes = maxpipes;
+
+        if (n / numpipes >= max_send_fragment) {
+            /*
+             * We have enough data to completely fill all available
+             * pipelines
+             */
+            for (j = 0; j < numpipes; j++) {
+                pipelens[j] = max_send_fragment;
+            }
+        } else {
+            /* We can partially fill all available pipelines */
+            tmppipelen = n / numpipes;
+            remain = n % numpipes;
+            for (j = 0; j < numpipes; j++) {
+                pipelens[j] = tmppipelen;
+                if (j < remain)
+                    pipelens[j]++;
+            }
+        }
+
+        i = do_ssl3_write(s, type, &(buf[tot]), pipelens, numpipes, 0,
+                          &tmpwrit);
+        if (i <= 0) {
+            /* SSLfatal() already called if appropriate */
+            /* XXX should we ssl3_release_write_buffer if i<0? */
+            s->rlayer.wnum = tot;
+            return i;
+        }
+
+        if (tmpwrit == n ||
+            (type == SSL3_RT_APPLICATION_DATA &&
+             (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) {
+            /*
+             * next chunk of data should get another prepended empty fragment
+             * in ciphersuites with known-IV weakness:
+             */
+            s->s3->empty_fragment_done = 0;
+
+            if ((i == (int)n) && s->mode & SSL_MODE_RELEASE_BUFFERS &&
+                !SSL_IS_DTLS(s))
+                ssl3_release_write_buffer(s);
+
+            *written = tot + tmpwrit;
+            return 1;
+        }
+
+        n -= tmpwrit;
+        tot += tmpwrit;
+    }
+}
+
+int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
+                  size_t *pipelens, size_t numpipes,
+                  int create_empty_fragment, size_t *written)
+{
+    WPACKET pkt[SSL_MAX_PIPELINES];
+    SSL3_RECORD wr[SSL_MAX_PIPELINES];
+    WPACKET *thispkt;
+    SSL3_RECORD *thiswr;
+    unsigned char *recordstart;
+    int i, mac_size, clear = 0;
+    size_t prefix_len = 0;
+    int eivlen = 0;
+    size_t align = 0;
+    SSL3_BUFFER *wb;
+    SSL_SESSION *sess;
+    size_t totlen = 0, len, wpinited = 0;
+    size_t j;
+
+    for (j = 0; j < numpipes; j++)
+        totlen += pipelens[j];
+    /*
+     * first check if there is a SSL3_BUFFER still being written out.  This
+     * will happen with non blocking IO
+     */
+    if (RECORD_LAYER_write_pending(&s->rlayer)) {
+        /* Calls SSLfatal() as required */
+        return ssl3_write_pending(s, type, buf, totlen, written);
+    }
+
+    /* If we have an alert to send, lets send it */
+    if (s->s3->alert_dispatch) {
+        i = s->method->ssl_dispatch_alert(s);
+        if (i <= 0) {
+            /* SSLfatal() already called if appropriate */
+            return i;
+        }
+        /* if it went, fall through and send more stuff */
+    }
+
+    if (s->rlayer.numwpipes < numpipes) {
+        if (!ssl3_setup_write_buffer(s, numpipes, 0)) {
+            /* SSLfatal() already called */
+            return -1;
+        }
+    }
+
+    if (totlen == 0 && !create_empty_fragment)
+        return 0;
+
+    sess = s->session;
+
+    if ((sess == NULL) ||
+        (s->enc_write_ctx == NULL) || (EVP_MD_CTX_md(s->write_hash) == NULL)) {
+        clear = s->enc_write_ctx ? 0 : 1; /* must be AEAD cipher */
+        mac_size = 0;
+    } else {
+        /* TODO(siz_t): Convert me */
+        mac_size = EVP_MD_CTX_size(s->write_hash);
+        if (mac_size < 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+    }
+
+    /*
+     * 'create_empty_fragment' is true only when this function calls itself
+     */
+    if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done) {
+        /*
+         * countermeasure against known-IV weakness in CBC ciphersuites (see
+         * http://www.openssl.org/~bodo/tls-cbc.txt)
+         */
+
+        if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA) {
+            /*
+             * recursive function call with 'create_empty_fragment' set; this
+             * prepares and buffers the data for an empty fragment (these
+             * 'prefix_len' bytes are sent out later together with the actual
+             * payload)
+             */
+            size_t tmppipelen = 0;
+            int ret;
+
+            ret = do_ssl3_write(s, type, buf, &tmppipelen, 1, 1, &prefix_len);
+            if (ret <= 0) {
+                /* SSLfatal() already called if appropriate */
+                goto err;
+            }
+
+            if (prefix_len >
+                (SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) {
+                /* insufficient space */
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                         ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+        }
+
+        s->s3->empty_fragment_done = 1;
+    }
+
+    if (create_empty_fragment) {
+        wb = &s->rlayer.wbuf[0];
+#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
+        /*
+         * extra fragment would be couple of cipher blocks, which would be
+         * multiple of SSL3_ALIGN_PAYLOAD, so if we want to align the real
+         * payload, then we can just pretend we simply have two headers.
+         */
+        align = (size_t)SSL3_BUFFER_get_buf(wb) + 2 * SSL3_RT_HEADER_LENGTH;
+        align = SSL3_ALIGN_PAYLOAD - 1 - ((align - 1) % SSL3_ALIGN_PAYLOAD);
+#endif
+        SSL3_BUFFER_set_offset(wb, align);
+        if (!WPACKET_init_static_len(&pkt[0], SSL3_BUFFER_get_buf(wb),
+                                     SSL3_BUFFER_get_len(wb), 0)
+                || !WPACKET_allocate_bytes(&pkt[0], align, NULL)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        wpinited = 1;
+    } else if (prefix_len) {
+        wb = &s->rlayer.wbuf[0];
+        if (!WPACKET_init_static_len(&pkt[0],
+                                     SSL3_BUFFER_get_buf(wb),
+                                     SSL3_BUFFER_get_len(wb), 0)
+                || !WPACKET_allocate_bytes(&pkt[0], SSL3_BUFFER_get_offset(wb)
+                                                    + prefix_len, NULL)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        wpinited = 1;
+    } else {
+        for (j = 0; j < numpipes; j++) {
+            thispkt = &pkt[j];
+
+            wb = &s->rlayer.wbuf[j];
+#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD != 0
+            align = (size_t)SSL3_BUFFER_get_buf(wb) + SSL3_RT_HEADER_LENGTH;
+            align = SSL3_ALIGN_PAYLOAD - 1 - ((align - 1) % SSL3_ALIGN_PAYLOAD);
+#endif
+            SSL3_BUFFER_set_offset(wb, align);
+            if (!WPACKET_init_static_len(thispkt, SSL3_BUFFER_get_buf(wb),
+                                         SSL3_BUFFER_get_len(wb), 0)
+                    || !WPACKET_allocate_bytes(thispkt, align, NULL)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                         ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            wpinited++;
+        }
+    }
+
+    /* Explicit IV length, block ciphers appropriate version flag */
+    if (s->enc_write_ctx && SSL_USE_EXPLICIT_IV(s) && !SSL_TREAT_AS_TLS13(s)) {
+        int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx);
+        if (mode == EVP_CIPH_CBC_MODE) {
+            /* TODO(size_t): Convert me */
+            eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx);
+            if (eivlen <= 1)
+                eivlen = 0;
+        } else if (mode == EVP_CIPH_GCM_MODE) {
+            /* Need explicit part of IV for GCM mode */
+            eivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN;
+        } else if (mode == EVP_CIPH_CCM_MODE) {
+            eivlen = EVP_CCM_TLS_EXPLICIT_IV_LEN;
+        }
+    }
+
+    totlen = 0;
+    /* Clear our SSL3_RECORD structures */
+    memset(wr, 0, sizeof(wr));
+    for (j = 0; j < numpipes; j++) {
+        unsigned int version = (s->version == TLS1_3_VERSION) ? TLS1_2_VERSION
+                                                              : s->version;
+        unsigned char *compressdata = NULL;
+        size_t maxcomplen;
+        unsigned int rectype;
+
+        thispkt = &pkt[j];
+        thiswr = &wr[j];
+
+        /*
+         * In TLSv1.3, once encrypting, we always use application data for the
+         * record type
+         */
+        if (SSL_TREAT_AS_TLS13(s)
+                && s->enc_write_ctx != NULL
+                && (s->statem.enc_write_state != ENC_WRITE_STATE_WRITE_PLAIN_ALERTS
+                    || type != SSL3_RT_ALERT))
+            rectype = SSL3_RT_APPLICATION_DATA;
+        else
+            rectype = type;
+        SSL3_RECORD_set_type(thiswr, rectype);
+
+        /*
+         * Some servers hang if initial client hello is larger than 256 bytes
+         * and record version number > TLS 1.0
+         */
+        if (SSL_get_state(s) == TLS_ST_CW_CLNT_HELLO
+                && !s->renegotiate
+                && TLS1_get_version(s) > TLS1_VERSION
+                && s->hello_retry_request == SSL_HRR_NONE)
+            version = TLS1_VERSION;
+        SSL3_RECORD_set_rec_version(thiswr, version);
+
+        maxcomplen = pipelens[j];
+        if (s->compress != NULL)
+            maxcomplen += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
+
+        /* write the header */
+        if (!WPACKET_put_bytes_u8(thispkt, rectype)
+                || !WPACKET_put_bytes_u16(thispkt, version)
+                || !WPACKET_start_sub_packet_u16(thispkt)
+                || (eivlen > 0
+                    && !WPACKET_allocate_bytes(thispkt, eivlen, NULL))
+                || (maxcomplen > 0
+                    && !WPACKET_reserve_bytes(thispkt, maxcomplen,
+                                              &compressdata))) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        /* lets setup the record stuff. */
+        SSL3_RECORD_set_data(thiswr, compressdata);
+        SSL3_RECORD_set_length(thiswr, pipelens[j]);
+        SSL3_RECORD_set_input(thiswr, (unsigned char *)&buf[totlen]);
+        totlen += pipelens[j];
+
+        /*
+         * we now 'read' from thiswr->input, thiswr->length bytes into
+         * thiswr->data
+         */
+
+        /* first we compress */
+        if (s->compress != NULL) {
+            if (!ssl3_do_compress(s, thiswr)
+                    || !WPACKET_allocate_bytes(thispkt, thiswr->length, NULL)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                         SSL_R_COMPRESSION_FAILURE);
+                goto err;
+            }
+        } else {
+            if (!WPACKET_memcpy(thispkt, thiswr->input, thiswr->length)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                         ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            SSL3_RECORD_reset_input(&wr[j]);
+        }
+
+        if (SSL_TREAT_AS_TLS13(s)
+                && s->enc_write_ctx != NULL
+                && (s->statem.enc_write_state != ENC_WRITE_STATE_WRITE_PLAIN_ALERTS
+                    || type != SSL3_RT_ALERT)) {
+            size_t rlen, max_send_fragment;
+
+            if (!WPACKET_put_bytes_u8(thispkt, type)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                         ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            SSL3_RECORD_add_length(thiswr, 1);
+
+            /* Add TLS1.3 padding */
+            max_send_fragment = ssl_get_max_send_fragment(s);
+            rlen = SSL3_RECORD_get_length(thiswr);
+            if (rlen < max_send_fragment) {
+                size_t padding = 0;
+                size_t max_padding = max_send_fragment - rlen;
+                if (s->record_padding_cb != NULL) {
+                    padding = s->record_padding_cb(s, type, rlen, s->record_padding_arg);
+                } else if (s->block_padding > 0) {
+                    size_t mask = s->block_padding - 1;
+                    size_t remainder;
+
+                    /* optimize for power of 2 */
+                    if ((s->block_padding & mask) == 0)
+                        remainder = rlen & mask;
+                    else
+                        remainder = rlen % s->block_padding;
+                    /* don't want to add a block of padding if we don't have to */
+                    if (remainder == 0)
+                        padding = 0;
+                    else
+                        padding = s->block_padding - remainder;
+                }
+                if (padding > 0) {
+                    /* do not allow the record to exceed max plaintext length */
+                    if (padding > max_padding)
+                        padding = max_padding;
+                    if (!WPACKET_memset(thispkt, 0, padding)) {
+                        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                                 ERR_R_INTERNAL_ERROR);
+                        goto err;
+                    }
+                    SSL3_RECORD_add_length(thiswr, padding);
+                }
+            }
+        }
+
+        /*
+         * we should still have the output to thiswr->data and the input from
+         * wr->input. Length should be thiswr->length. thiswr->data still points
+         * in the wb->buf
+         */
+
+        if (!SSL_WRITE_ETM(s) && mac_size != 0) {
+            unsigned char *mac;
+
+            if (!WPACKET_allocate_bytes(thispkt, mac_size, &mac)
+                    || !s->method->ssl3_enc->mac(s, thiswr, mac, 1)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                         ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+        }
+
+        /*
+         * Reserve some bytes for any growth that may occur during encryption.
+         * This will be at most one cipher block or the tag length if using
+         * AEAD. SSL_RT_MAX_CIPHER_BLOCK_SIZE covers either case.
+         */
+        if (!WPACKET_reserve_bytes(thispkt, SSL_RT_MAX_CIPHER_BLOCK_SIZE,
+                                   NULL)
+                   /*
+                    * We also need next the amount of bytes written to this
+                    * sub-packet
+                    */
+                || !WPACKET_get_length(thispkt, &len)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        /* Get a pointer to the start of this record excluding header */
+        recordstart = WPACKET_get_curr(thispkt) - len;
+
+        SSL3_RECORD_set_data(thiswr, recordstart);
+        SSL3_RECORD_reset_input(thiswr);
+        SSL3_RECORD_set_length(thiswr, len);
+    }
+
+    if (s->statem.enc_write_state == ENC_WRITE_STATE_WRITE_PLAIN_ALERTS) {
+        /*
+         * We haven't actually negotiated the version yet, but we're trying to
+         * send early data - so we need to use the tls13enc function.
+         */
+        if (tls13_enc(s, wr, numpipes, 1) < 1) {
+            if (!ossl_statem_in_error(s)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                         ERR_R_INTERNAL_ERROR);
+            }
+            goto err;
+        }
+    } else {
+        if (s->method->ssl3_enc->enc(s, wr, numpipes, 1) < 1) {
+            if (!ossl_statem_in_error(s)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                         ERR_R_INTERNAL_ERROR);
+            }
+            goto err;
+        }
+    }
+
+    for (j = 0; j < numpipes; j++) {
+        size_t origlen;
+
+        thispkt = &pkt[j];
+        thiswr = &wr[j];
+
+        /* Allocate bytes for the encryption overhead */
+        if (!WPACKET_get_length(thispkt, &origlen)
+                   /* Encryption should never shrink the data! */
+                || origlen > thiswr->length
+                || (thiswr->length > origlen
+                    && !WPACKET_allocate_bytes(thispkt,
+                                               thiswr->length - origlen, NULL))) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        if (SSL_WRITE_ETM(s) && mac_size != 0) {
+            unsigned char *mac;
+
+            if (!WPACKET_allocate_bytes(thispkt, mac_size, &mac)
+                    || !s->method->ssl3_enc->mac(s, thiswr, mac, 1)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                         ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            SSL3_RECORD_add_length(thiswr, mac_size);
+        }
+
+        if (!WPACKET_get_length(thispkt, &len)
+                || !WPACKET_close(thispkt)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        if (s->msg_callback) {
+            recordstart = WPACKET_get_curr(thispkt) - len
+                          - SSL3_RT_HEADER_LENGTH;
+            s->msg_callback(1, 0, SSL3_RT_HEADER, recordstart,
+                            SSL3_RT_HEADER_LENGTH, s,
+                            s->msg_callback_arg);
+
+            if (SSL_TREAT_AS_TLS13(s) && s->enc_write_ctx != NULL) {
+                unsigned char ctype = type;
+
+                s->msg_callback(1, s->version, SSL3_RT_INNER_CONTENT_TYPE,
+                                &ctype, 1, s, s->msg_callback_arg);
+            }
+        }
+
+        if (!WPACKET_finish(thispkt)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        /*
+         * we should now have thiswr->data pointing to the encrypted data, which
+         * is thiswr->length long
+         */
+        SSL3_RECORD_set_type(thiswr, type); /* not needed but helps for
+                                             * debugging */
+        SSL3_RECORD_add_length(thiswr, SSL3_RT_HEADER_LENGTH);
+
+        if (create_empty_fragment) {
+            /*
+             * we are in a recursive call; just return the length, don't write
+             * out anything here
+             */
+            if (j > 0) {
+                /* We should never be pipelining an empty fragment!! */
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                         ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            *written = SSL3_RECORD_get_length(thiswr);
+            return 1;
+        }
+
+        /* now let's set up wb */
+        SSL3_BUFFER_set_left(&s->rlayer.wbuf[j],
+                             prefix_len + SSL3_RECORD_get_length(thiswr));
+    }
+
+    /*
+     * memorize arguments so that ssl3_write_pending can detect bad write
+     * retries later
+     */
+    s->rlayer.wpend_tot = totlen;
+    s->rlayer.wpend_buf = buf;
+    s->rlayer.wpend_type = type;
+    s->rlayer.wpend_ret = totlen;
+
+    /* we now just need to write the buffer */
+    return ssl3_write_pending(s, type, buf, totlen, written);
+ err:
+    for (j = 0; j < wpinited; j++)
+        WPACKET_cleanup(&pkt[j]);
+    return -1;
+}
+
+/* if s->s3->wbuf.left != 0, we need to call this
+ *
+ * Return values are as per SSL_write()
+ */
+int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, size_t len,
+                       size_t *written)
+{
+    int i;
+    SSL3_BUFFER *wb = s->rlayer.wbuf;
+    size_t currbuf = 0;
+    size_t tmpwrit = 0;
+
+    if ((s->rlayer.wpend_tot > len)
+        || (!(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)
+            && (s->rlayer.wpend_buf != buf))
+        || (s->rlayer.wpend_type != type)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_WRITE_PENDING,
+                 SSL_R_BAD_WRITE_RETRY);
+        return -1;
+    }
+
+    for (;;) {
+        /* Loop until we find a buffer we haven't written out yet */
+        if (SSL3_BUFFER_get_left(&wb[currbuf]) == 0
+            && currbuf < s->rlayer.numwpipes - 1) {
+            currbuf++;
+            continue;
+        }
+        clear_sys_error();
+        if (s->wbio != NULL) {
+            s->rwstate = SSL_WRITING;
+            /* TODO(size_t): Convert this call */
+            i = BIO_write(s->wbio, (char *)
+                          &(SSL3_BUFFER_get_buf(&wb[currbuf])
+                            [SSL3_BUFFER_get_offset(&wb[currbuf])]),
+                          (unsigned int)SSL3_BUFFER_get_left(&wb[currbuf]));
+            if (i >= 0)
+                tmpwrit = i;
+        } else {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_WRITE_PENDING,
+                     SSL_R_BIO_NOT_SET);
+            i = -1;
+        }
+        if (i > 0 && tmpwrit == SSL3_BUFFER_get_left(&wb[currbuf])) {
+            SSL3_BUFFER_set_left(&wb[currbuf], 0);
+            SSL3_BUFFER_add_offset(&wb[currbuf], tmpwrit);
+            if (currbuf + 1 < s->rlayer.numwpipes)
+                continue;
+            s->rwstate = SSL_NOTHING;
+            *written = s->rlayer.wpend_ret;
+            return 1;
+        } else if (i <= 0) {
+            if (SSL_IS_DTLS(s)) {
+                /*
+                 * For DTLS, just drop it. That's kind of the whole point in
+                 * using a datagram service
+                 */
+                SSL3_BUFFER_set_left(&wb[currbuf], 0);
+            }
+            return i;
+        }
+        SSL3_BUFFER_add_offset(&wb[currbuf], tmpwrit);
+        SSL3_BUFFER_sub_left(&wb[currbuf], tmpwrit);
+    }
+}
+
+/*-
+ * Return up to 'len' payload bytes received in 'type' records.
+ * 'type' is one of the following:
+ *
+ *   -  SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)
+ *   -  SSL3_RT_APPLICATION_DATA (when ssl3_read calls us)
+ *   -  0 (during a shutdown, no data has to be returned)
+ *
+ * If we don't have stored data to work from, read a SSL/TLS record first
+ * (possibly multiple records if we still don't have anything to return).
+ *
+ * This function must handle any surprises the peer may have for us, such as
+ * Alert records (e.g. close_notify) or renegotiation requests. ChangeCipherSpec
+ * messages are treated as if they were handshake messages *if* the |recd_type|
+ * argument is non NULL.
+ * Also if record payloads contain fragments too small to process, we store
+ * them until there is enough for the respective protocol (the record protocol
+ * may use arbitrary fragmentation and even interleaving):
+ *     Change cipher spec protocol
+ *             just 1 byte needed, no need for keeping anything stored
+ *     Alert protocol
+ *             2 bytes needed (AlertLevel, AlertDescription)
+ *     Handshake protocol
+ *             4 bytes needed (HandshakeType, uint24 length) -- we just have
+ *             to detect unexpected Client Hello and Hello Request messages
+ *             here, anything else is handled by higher layers
+ *     Application data protocol
+ *             none of our business
+ */
+int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
+                    size_t len, int peek, size_t *readbytes)
+{
+    int i, j, ret;
+    size_t n, curr_rec, num_recs, totalbytes;
+    SSL3_RECORD *rr;
+    SSL3_BUFFER *rbuf;
+    void (*cb) (const SSL *ssl, int type2, int val) = NULL;
+    int is_tls13 = SSL_IS_TLS13(s);
+
+    rbuf = &s->rlayer.rbuf;
+
+    if (!SSL3_BUFFER_is_initialised(rbuf)) {
+        /* Not initialized yet */
+        if (!ssl3_setup_read_buffer(s)) {
+            /* SSLfatal() already called */
+            return -1;
+        }
+    }
+
+    if ((type && (type != SSL3_RT_APPLICATION_DATA)
+         && (type != SSL3_RT_HANDSHAKE)) || (peek
+                                             && (type !=
+                                                 SSL3_RT_APPLICATION_DATA))) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_BYTES,
+                 ERR_R_INTERNAL_ERROR);
+        return -1;
+    }
+
+    if ((type == SSL3_RT_HANDSHAKE) && (s->rlayer.handshake_fragment_len > 0))
+        /* (partially) satisfy request from storage */
+    {
+        unsigned char *src = s->rlayer.handshake_fragment;
+        unsigned char *dst = buf;
+        unsigned int k;
+
+        /* peek == 0 */
+        n = 0;
+        while ((len > 0) && (s->rlayer.handshake_fragment_len > 0)) {
+            *dst++ = *src++;
+            len--;
+            s->rlayer.handshake_fragment_len--;
+            n++;
+        }
+        /* move any remaining fragment bytes: */
+        for (k = 0; k < s->rlayer.handshake_fragment_len; k++)
+            s->rlayer.handshake_fragment[k] = *src++;
+
+        if (recvd_type != NULL)
+            *recvd_type = SSL3_RT_HANDSHAKE;
+
+        *readbytes = n;
+        return 1;
+    }
+
+    /*
+     * Now s->rlayer.handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE.
+     */
+
+    if (!ossl_statem_get_in_handshake(s) && SSL_in_init(s)) {
+        /* type == SSL3_RT_APPLICATION_DATA */
+        i = s->handshake_func(s);
+        /* SSLfatal() already called */
+        if (i < 0)
+            return i;
+        if (i == 0)
+            return -1;
+    }
+ start:
+    s->rwstate = SSL_NOTHING;
+
+    /*-
+     * For each record 'i' up to |num_recs]
+     * rr[i].type     - is the type of record
+     * rr[i].data,    - data
+     * rr[i].off,     - offset into 'data' for next read
+     * rr[i].length,  - number of bytes.
+     */
+    rr = s->rlayer.rrec;
+    num_recs = RECORD_LAYER_get_numrpipes(&s->rlayer);
+
+    do {
+        /* get new records if necessary */
+        if (num_recs == 0) {
+            ret = ssl3_get_record(s);
+            if (ret <= 0) {
+                /* SSLfatal() already called if appropriate */
+                return ret;
+            }
+            num_recs = RECORD_LAYER_get_numrpipes(&s->rlayer);
+            if (num_recs == 0) {
+                /* Shouldn't happen */
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_BYTES,
+                         ERR_R_INTERNAL_ERROR);
+                return -1;
+            }
+        }
+        /* Skip over any records we have already read */
+        for (curr_rec = 0;
+             curr_rec < num_recs && SSL3_RECORD_is_read(&rr[curr_rec]);
+             curr_rec++) ;
+        if (curr_rec == num_recs) {
+            RECORD_LAYER_set_numrpipes(&s->rlayer, 0);
+            num_recs = 0;
+            curr_rec = 0;
+        }
+    } while (num_recs == 0);
+    rr = &rr[curr_rec];
+
+    /*
+     * Reset the count of consecutive warning alerts if we've got a non-empty
+     * record that isn't an alert.
+     */
+    if (SSL3_RECORD_get_type(rr) != SSL3_RT_ALERT
+            && SSL3_RECORD_get_length(rr) != 0)
+        s->rlayer.alert_count = 0;
+
+    /* we now have a packet which can be read and processed */
+
+    if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
+                                   * reset by ssl3_get_finished */
+        && (SSL3_RECORD_get_type(rr) != SSL3_RT_HANDSHAKE)) {
+        SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+                 SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
+        return -1;
+    }
+
+    /*
+     * If the other end has shut down, throw anything we read away (even in
+     * 'peek' mode)
+     */
+    if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
+        SSL3_RECORD_set_length(rr, 0);
+        s->rwstate = SSL_NOTHING;
+        return 0;
+    }
+
+    if (type == SSL3_RECORD_get_type(rr)
+        || (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC
+            && type == SSL3_RT_HANDSHAKE && recvd_type != NULL
+            && !is_tls13)) {
+        /*
+         * SSL3_RT_APPLICATION_DATA or
+         * SSL3_RT_HANDSHAKE or
+         * SSL3_RT_CHANGE_CIPHER_SPEC
+         */
+        /*
+         * make sure that we are not getting application data when we are
+         * doing a handshake for the first time
+         */
+        if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
+            (s->enc_read_ctx == NULL)) {
+            SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+                     SSL_R_APP_DATA_IN_HANDSHAKE);
+            return -1;
+        }
+
+        if (type == SSL3_RT_HANDSHAKE
+            && SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC
+            && s->rlayer.handshake_fragment_len > 0) {
+            SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+                     SSL_R_CCS_RECEIVED_EARLY);
+            return -1;
+        }
+
+        if (recvd_type != NULL)
+            *recvd_type = SSL3_RECORD_get_type(rr);
+
+        if (len == 0) {
+            /*
+             * Mark a zero length record as read. This ensures multiple calls to
+             * SSL_read() with a zero length buffer will eventually cause
+             * SSL_pending() to report data as being available.
+             */
+            if (SSL3_RECORD_get_length(rr) == 0)
+                SSL3_RECORD_set_read(rr);
+            return 0;
+        }
+
+        totalbytes = 0;
+        do {
+            if (len - totalbytes > SSL3_RECORD_get_length(rr))
+                n = SSL3_RECORD_get_length(rr);
+            else
+                n = len - totalbytes;
+
+            memcpy(buf, &(rr->data[rr->off]), n);
+            buf += n;
+            if (peek) {
+                /* Mark any zero length record as consumed CVE-2016-6305 */
+                if (SSL3_RECORD_get_length(rr) == 0)
+                    SSL3_RECORD_set_read(rr);
+            } else {
+                SSL3_RECORD_sub_length(rr, n);
+                SSL3_RECORD_add_off(rr, n);
+                if (SSL3_RECORD_get_length(rr) == 0) {
+                    s->rlayer.rstate = SSL_ST_READ_HEADER;
+                    SSL3_RECORD_set_off(rr, 0);
+                    SSL3_RECORD_set_read(rr);
+                }
+            }
+            if (SSL3_RECORD_get_length(rr) == 0
+                || (peek && n == SSL3_RECORD_get_length(rr))) {
+                curr_rec++;
+                rr++;
+            }
+            totalbytes += n;
+        } while (type == SSL3_RT_APPLICATION_DATA && curr_rec < num_recs
+                 && totalbytes < len);
+        if (totalbytes == 0) {
+            /* We must have read empty records. Get more data */
+            goto start;
+        }
+        if (!peek && curr_rec == num_recs
+            && (s->mode & SSL_MODE_RELEASE_BUFFERS)
+            && SSL3_BUFFER_get_left(rbuf) == 0)
+            ssl3_release_read_buffer(s);
+        *readbytes = totalbytes;
+        return 1;
+    }
+
+    /*
+     * If we get here, then type != rr->type; if we have a handshake message,
+     * then it was unexpected (Hello Request or Client Hello) or invalid (we
+     * were actually expecting a CCS).
+     */
+
+    /*
+     * Lets just double check that we've not got an SSLv2 record
+     */
+    if (rr->rec_version == SSL2_VERSION) {
+        /*
+         * Should never happen. ssl3_get_record() should only give us an SSLv2
+         * record back if this is the first packet and we are looking for an
+         * initial ClientHello. Therefore |type| should always be equal to
+         * |rr->type|. If not then something has gone horribly wrong
+         */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_BYTES,
+                 ERR_R_INTERNAL_ERROR);
+        return -1;
+    }
+
+    if (s->method->version == TLS_ANY_VERSION
+        && (s->server || rr->type != SSL3_RT_ALERT)) {
+        /*
+         * If we've got this far and still haven't decided on what version
+         * we're using then this must be a client side alert we're dealing with
+         * (we don't allow heartbeats yet). We shouldn't be receiving anything
+         * other than a ClientHello if we are a server.
+         */
+        s->version = rr->rec_version;
+        SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+                 SSL_R_UNEXPECTED_MESSAGE);
+        return -1;
+    }
+
+    /*-
+     * s->rlayer.handshake_fragment_len == 4  iff  rr->type == SSL3_RT_HANDSHAKE;
+     * (Possibly rr is 'empty' now, i.e. rr->length may be 0.)
+     */
+
+    if (SSL3_RECORD_get_type(rr) == SSL3_RT_ALERT) {
+        unsigned int alert_level, alert_descr;
+        unsigned char *alert_bytes = SSL3_RECORD_get_data(rr)
+                                     + SSL3_RECORD_get_off(rr);
+        PACKET alert;
+
+        if (!PACKET_buf_init(&alert, alert_bytes, SSL3_RECORD_get_length(rr))
+                || !PACKET_get_1(&alert, &alert_level)
+                || !PACKET_get_1(&alert, &alert_descr)
+                || PACKET_remaining(&alert) != 0) {
+            SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+                     SSL_R_INVALID_ALERT);
+            return -1;
+        }
+
+        if (s->msg_callback)
+            s->msg_callback(0, s->version, SSL3_RT_ALERT, alert_bytes, 2, s,
+                            s->msg_callback_arg);
+
+        if (s->info_callback != NULL)
+            cb = s->info_callback;
+        else if (s->ctx->info_callback != NULL)
+            cb = s->ctx->info_callback;
+
+        if (cb != NULL) {
+            j = (alert_level << 8) | alert_descr;
+            cb(s, SSL_CB_READ_ALERT, j);
+        }
+
+        if (alert_level == SSL3_AL_WARNING
+                || (is_tls13 && alert_descr == SSL_AD_USER_CANCELLED)) {
+            s->s3->warn_alert = alert_descr;
+            SSL3_RECORD_set_read(rr);
+
+            s->rlayer.alert_count++;
+            if (s->rlayer.alert_count == MAX_WARN_ALERT_COUNT) {
+                SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+                         SSL_R_TOO_MANY_WARN_ALERTS);
+                return -1;
+            }
+        }
+
+        /*
+         * Apart from close_notify the only other warning alert in TLSv1.3
+         * is user_cancelled - which we just ignore.
+         */
+        if (is_tls13 && alert_descr == SSL_AD_USER_CANCELLED) {
+            goto start;
+        } else if (alert_descr == SSL_AD_CLOSE_NOTIFY
+                && (is_tls13 || alert_level == SSL3_AL_WARNING)) {
+            s->shutdown |= SSL_RECEIVED_SHUTDOWN;
+            return 0;
+        } else if (alert_level == SSL3_AL_FATAL || is_tls13) {
+            char tmp[16];
+
+            s->rwstate = SSL_NOTHING;
+            s->s3->fatal_alert = alert_descr;
+            SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_READ_BYTES,
+                     SSL_AD_REASON_OFFSET + alert_descr);
+            BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr);
+            ERR_add_error_data(2, "SSL alert number ", tmp);
+            s->shutdown |= SSL_RECEIVED_SHUTDOWN;
+            SSL3_RECORD_set_read(rr);
+            SSL_CTX_remove_session(s->session_ctx, s->session);
+            return 0;
+        } else if (alert_descr == SSL_AD_NO_RENEGOTIATION) {
+            /*
+             * This is a warning but we receive it if we requested
+             * renegotiation and the peer denied it. Terminate with a fatal
+             * alert because if application tried to renegotiate it
+             * presumably had a good reason and expects it to succeed. In
+             * future we might have a renegotiation where we don't care if
+             * the peer refused it where we carry on.
+             */
+            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_SSL3_READ_BYTES,
+                     SSL_R_NO_RENEGOTIATION);
+            return -1;
+        } else if (alert_level == SSL3_AL_WARNING) {
+            /* We ignore any other warning alert in TLSv1.2 and below */
+            goto start;
+        }
+
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SSL3_READ_BYTES,
+                 SSL_R_UNKNOWN_ALERT_TYPE);
+        return -1;
+    }
+
+    if ((s->shutdown & SSL_SENT_SHUTDOWN) != 0) {
+        if (SSL3_RECORD_get_type(rr) == SSL3_RT_HANDSHAKE) {
+            BIO *rbio;
+
+            /*
+             * We ignore any handshake messages sent to us unless they are
+             * TLSv1.3 in which case we want to process them. For all other
+             * handshake messages we can't do anything reasonable with them
+             * because we are unable to write any response due to having already
+             * sent close_notify.
+             */
+            if (!SSL_IS_TLS13(s)) {
+                SSL3_RECORD_set_length(rr, 0);
+                SSL3_RECORD_set_read(rr);
+
+                if ((s->mode & SSL_MODE_AUTO_RETRY) != 0)
+                    goto start;
+
+                s->rwstate = SSL_READING;
+                rbio = SSL_get_rbio(s);
+                BIO_clear_retry_flags(rbio);
+                BIO_set_retry_read(rbio);
+                return -1;
+            }
+        } else {
+            /*
+             * The peer is continuing to send application data, but we have
+             * already sent close_notify. If this was expected we should have
+             * been called via SSL_read() and this would have been handled
+             * above.
+             * No alert sent because we already sent close_notify
+             */
+            SSL3_RECORD_set_length(rr, 0);
+            SSL3_RECORD_set_read(rr);
+            SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_READ_BYTES,
+                     SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY);
+            return -1;
+        }
+    }
+
+    /*
+     * For handshake data we have 'fragment' storage, so fill that so that we
+     * can process the header at a fixed place. This is done after the
+     * "SHUTDOWN" code above to avoid filling the fragment storage with data
+     * that we're just going to discard.
+     */
+    if (SSL3_RECORD_get_type(rr) == SSL3_RT_HANDSHAKE) {
+        size_t dest_maxlen = sizeof(s->rlayer.handshake_fragment);
+        unsigned char *dest = s->rlayer.handshake_fragment;
+        size_t *dest_len = &s->rlayer.handshake_fragment_len;
+
+        n = dest_maxlen - *dest_len; /* available space in 'dest' */
+        if (SSL3_RECORD_get_length(rr) < n)
+            n = SSL3_RECORD_get_length(rr); /* available bytes */
+
+        /* now move 'n' bytes: */
+        memcpy(dest + *dest_len,
+               SSL3_RECORD_get_data(rr) + SSL3_RECORD_get_off(rr), n);
+        SSL3_RECORD_add_off(rr, n);
+        SSL3_RECORD_sub_length(rr, n);
+        *dest_len += n;
+        if (SSL3_RECORD_get_length(rr) == 0)
+            SSL3_RECORD_set_read(rr);
+
+        if (*dest_len < dest_maxlen)
+            goto start;     /* fragment was too small */
+    }
+
+    if (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC) {
+        SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+                 SSL_R_CCS_RECEIVED_EARLY);
+        return -1;
+    }
+
+    /*
+     * Unexpected handshake message (ClientHello, NewSessionTicket (TLS1.3) or
+     * protocol violation)
+     */
+    if ((s->rlayer.handshake_fragment_len >= 4)
+            && !ossl_statem_get_in_handshake(s)) {
+        int ined = (s->early_data_state == SSL_EARLY_DATA_READING);
+
+        /* We found handshake data, so we're going back into init */
+        ossl_statem_set_in_init(s, 1);
+
+        i = s->handshake_func(s);
+        /* SSLfatal() already called if appropriate */
+        if (i < 0)
+            return i;
+        if (i == 0) {
+            return -1;
+        }
+
+        /*
+         * If we were actually trying to read early data and we found a
+         * handshake message, then we don't want to continue to try and read
+         * the application data any more. It won't be "early" now.
+         */
+        if (ined)
+            return -1;
+
+        if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
+            if (SSL3_BUFFER_get_left(rbuf) == 0) {
+                /* no read-ahead left? */
+                BIO *bio;
+                /*
+                 * In the case where we try to read application data, but we
+                 * trigger an SSL handshake, we return -1 with the retry
+                 * option set.  Otherwise renegotiation may cause nasty
+                 * problems in the blocking world
+                 */
+                s->rwstate = SSL_READING;
+                bio = SSL_get_rbio(s);
+                BIO_clear_retry_flags(bio);
+                BIO_set_retry_read(bio);
+                return -1;
+            }
+        }
+        goto start;
+    }
+
+    switch (SSL3_RECORD_get_type(rr)) {
+    default:
+        /*
+         * TLS 1.0 and 1.1 say you SHOULD ignore unrecognised record types, but
+         * TLS 1.2 says you MUST send an unexpected message alert. We use the
+         * TLS 1.2 behaviour for all protocol versions to prevent issues where
+         * no progress is being made and the peer continually sends unrecognised
+         * record types, using up resources processing them.
+         */
+        SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+                 SSL_R_UNEXPECTED_RECORD);
+        return -1;
+    case SSL3_RT_CHANGE_CIPHER_SPEC:
+    case SSL3_RT_ALERT:
+    case SSL3_RT_HANDSHAKE:
+        /*
+         * we already handled all of these, with the possible exception of
+         * SSL3_RT_HANDSHAKE when ossl_statem_get_in_handshake(s) is true, but
+         * that should not happen when type != rr->type
+         */
+        SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+                 ERR_R_INTERNAL_ERROR);
+        return -1;
+    case SSL3_RT_APPLICATION_DATA:
+        /*
+         * At this point, we were expecting handshake data, but have
+         * application data.  If the library was running inside ssl3_read()
+         * (i.e. in_read_app_data is set) and it makes sense to read
+         * application data at this point (session renegotiation not yet
+         * started), we will indulge it.
+         */
+        if (ossl_statem_app_data_allowed(s)) {
+            s->s3->in_read_app_data = 2;
+            return -1;
+        } else if (ossl_statem_skip_early_data(s)) {
+            /*
+             * This can happen after a client sends a CH followed by early_data,
+             * but the server responds with a HelloRetryRequest. The server
+             * reads the next record from the client expecting to find a
+             * plaintext ClientHello but gets a record which appears to be
+             * application data. The trial decrypt "works" because null
+             * decryption was applied. We just skip it and move on to the next
+             * record.
+             */
+            if (!early_data_count_ok(s, rr->length,
+                                     EARLY_DATA_CIPHERTEXT_OVERHEAD, 0)) {
+                /* SSLfatal() already called */
+                return -1;
+            }
+            SSL3_RECORD_set_read(rr);
+            goto start;
+        } else {
+            SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+                     SSL_R_UNEXPECTED_RECORD);
+            return -1;
+        }
+    }
+}
+
+void ssl3_record_sequence_update(unsigned char *seq)
+{
+    int i;
+
+    for (i = 7; i >= 0; i--) {
+        ++seq[i];
+        if (seq[i] != 0)
+            break;
+    }
+}
+
+/*
+ * Returns true if the current rrec was sent in SSLv2 backwards compatible
+ * format and false otherwise.
+ */
+int RECORD_LAYER_is_sslv2_record(RECORD_LAYER *rl)
+{
+    return SSL3_RECORD_is_sslv2_record(&rl->rrec[0]);
+}
+
+/*
+ * Returns the length in bytes of the current rrec
+ */
+size_t RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl)
+{
+    return SSL3_RECORD_get_length(&rl->rrec[0]);
+}
diff --git a/freebsd/crypto/openssl/ssl/record/record.h b/freebsd/crypto/openssl/ssl/record/record.h
new file mode 100644
index 00000000..32db8212
--- /dev/null
+++ b/freebsd/crypto/openssl/ssl/record/record.h
@@ -0,0 +1,232 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*****************************************************************************
+ *                                                                           *
+ * These structures should be considered PRIVATE to the record layer. No     *
+ * non-record layer code should be using these structures in any way.        *
+ *                                                                           *
+ *****************************************************************************/
+
+typedef struct ssl3_buffer_st {
+    /* at least SSL3_RT_MAX_PACKET_SIZE bytes, see ssl3_setup_buffers() */
+    unsigned char *buf;
+    /* default buffer size (or 0 if no default set) */
+    size_t default_len;
+    /* buffer size */
+    size_t len;
+    /* where to 'copy from' */
+    size_t offset;
+    /* how many bytes left */
+    size_t left;
+} SSL3_BUFFER;
+
+#define SEQ_NUM_SIZE                            8
+
+typedef struct ssl3_record_st {
+    /* Record layer version */
+    /* r */
+    int rec_version;
+    /* type of record */
+    /* r */
+    int type;
+    /* How many bytes available */
+    /* rw */
+    size_t length;
+    /*
+     * How many bytes were available before padding was removed? This is used
+     * to implement the MAC check in constant time for CBC records.
+     */
+    /* rw */
+    size_t orig_len;
+    /* read/write offset into 'buf' */
+    /* r */
+    size_t off;
+    /* pointer to the record data */
+    /* rw */
+    unsigned char *data;
+    /* where the decode bytes are */
+    /* rw */
+    unsigned char *input;
+    /* only used with decompression - malloc()ed */
+    /* r */
+    unsigned char *comp;
+    /* Whether the data from this record has already been read or not */
+    /* r */
+    unsigned int read;
+    /* epoch number, needed by DTLS1 */
+    /* r */
+    unsigned long epoch;
+    /* sequence number, needed by DTLS1 */
+    /* r */
+    unsigned char seq_num[SEQ_NUM_SIZE];
+} SSL3_RECORD;
+
+typedef struct dtls1_bitmap_st {
+    /* Track 32 packets on 32-bit systems and 64 - on 64-bit systems */
+    unsigned long map;
+    /* Max record number seen so far, 64-bit value in big-endian encoding */
+    unsigned char max_seq_num[SEQ_NUM_SIZE];
+} DTLS1_BITMAP;
+
+typedef struct record_pqueue_st {
+    unsigned short epoch;
+    struct pqueue_st *q;
+} record_pqueue;
+
+typedef struct dtls1_record_data_st {
+    unsigned char *packet;
+    size_t packet_length;
+    SSL3_BUFFER rbuf;
+    SSL3_RECORD rrec;
+#ifndef OPENSSL_NO_SCTP
+    struct bio_dgram_sctp_rcvinfo recordinfo;
+#endif
+} DTLS1_RECORD_DATA;
+
+typedef struct dtls_record_layer_st {
+    /*
+     * The current data and handshake epoch.  This is initially
+     * undefined, and starts at zero once the initial handshake is
+     * completed
+     */
+    unsigned short r_epoch;
+    unsigned short w_epoch;
+    /* records being received in the current epoch */
+    DTLS1_BITMAP bitmap;
+    /* renegotiation starts a new set of sequence numbers */
+    DTLS1_BITMAP next_bitmap;
+    /* Received handshake records (processed and unprocessed) */
+    record_pqueue unprocessed_rcds;
+    record_pqueue processed_rcds;
+    /*
+     * Buffered application records. Only for records between CCS and
+     * Finished to prevent either protocol violation or unnecessary message
+     * loss.
+     */
+    record_pqueue buffered_app_data;
+    /* save last and current sequence numbers for retransmissions */
+    unsigned char last_write_sequence[8];
+    unsigned char curr_write_sequence[8];
+} DTLS_RECORD_LAYER;
+
+/*****************************************************************************
+ *                                                                           *
+ * This structure should be considered "opaque" to anything outside of the   *
+ * record layer. No non-record layer code should be accessing the members of *
+ * this structure.                                                           *
+ *                                                                           *
+ *****************************************************************************/
+
+typedef struct record_layer_st {
+    /* The parent SSL structure */
+    SSL *s;
+    /*
+     * Read as many input bytes as possible (for
+     * non-blocking reads)
+     */
+    int read_ahead;
+    /* where we are when reading */
+    int rstate;
+    /* How many pipelines can be used to read data */
+    size_t numrpipes;
+    /* How many pipelines can be used to write data */
+    size_t numwpipes;
+    /* read IO goes into here */
+    SSL3_BUFFER rbuf;
+    /* write IO goes into here */
+    SSL3_BUFFER wbuf[SSL_MAX_PIPELINES];
+    /* each decoded record goes in here */
+    SSL3_RECORD rrec[SSL_MAX_PIPELINES];
+    /* used internally to point at a raw packet */
+    unsigned char *packet;
+    size_t packet_length;
+    /* number of bytes sent so far */
+    size_t wnum;
+    unsigned char handshake_fragment[4];
+    size_t handshake_fragment_len;
+    /* The number of consecutive empty records we have received */
+    size_t empty_record_count;
+    /* partial write - check the numbers match */
+    /* number bytes written */
+    size_t wpend_tot;
+    int wpend_type;
+    /* number of bytes submitted */
+    size_t wpend_ret;
+    const unsigned char *wpend_buf;
+    unsigned char read_sequence[SEQ_NUM_SIZE];
+    unsigned char write_sequence[SEQ_NUM_SIZE];
+    /* Set to true if this is the first record in a connection */
+    unsigned int is_first_record;
+    /* Count of the number of consecutive warning alerts received */
+    unsigned int alert_count;
+    DTLS_RECORD_LAYER *d;
+} RECORD_LAYER;
+
+/*****************************************************************************
+ *                                                                           *
+ * The following macros/functions represent the libssl internal API to the   *
+ * record layer. Any libssl code may call these functions/macros             *
+ *                                                                           *
+ *****************************************************************************/
+
+#define MIN_SSL2_RECORD_LEN     9
+
+#define RECORD_LAYER_set_read_ahead(rl, ra)     ((rl)->read_ahead = (ra))
+#define RECORD_LAYER_get_read_ahead(rl)         ((rl)->read_ahead)
+#define RECORD_LAYER_get_packet(rl)             ((rl)->packet)
+#define RECORD_LAYER_get_packet_length(rl)      ((rl)->packet_length)
+#define RECORD_LAYER_add_packet_length(rl, inc) ((rl)->packet_length += (inc))
+#define DTLS_RECORD_LAYER_get_w_epoch(rl)       ((rl)->d->w_epoch)
+#define DTLS_RECORD_LAYER_get_processed_rcds(rl) \
+                                                ((rl)->d->processed_rcds)
+#define DTLS_RECORD_LAYER_get_unprocessed_rcds(rl) \
+                                                ((rl)->d->unprocessed_rcds)
+
+void RECORD_LAYER_init(RECORD_LAYER *rl, SSL *s);
+void RECORD_LAYER_clear(RECORD_LAYER *rl);
+void RECORD_LAYER_release(RECORD_LAYER *rl);
+int RECORD_LAYER_read_pending(const RECORD_LAYER *rl);
+int RECORD_LAYER_processed_read_pending(const RECORD_LAYER *rl);
+int RECORD_LAYER_write_pending(const RECORD_LAYER *rl);
+void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl);
+void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl);
+int RECORD_LAYER_is_sslv2_record(RECORD_LAYER *rl);
+size_t RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl);
+__owur size_t ssl3_pending(const SSL *s);
+__owur int ssl3_write_bytes(SSL *s, int type, const void *buf, size_t len,
+                            size_t *written);
+int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
+                  size_t *pipelens, size_t numpipes,
+                  int create_empty_fragment, size_t *written);
+__owur int ssl3_read_bytes(SSL *s, int type, int *recvd_type,
+                           unsigned char *buf, size_t len, int peek,
+                           size_t *readbytes);
+__owur int ssl3_setup_buffers(SSL *s);
+__owur int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int send);
+__owur int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send);
+__owur int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, size_t len,
+                              size_t *written);
+__owur int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int send);
+__owur int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send);
+__owur int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int send);
+int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl);
+void DTLS_RECORD_LAYER_free(RECORD_LAYER *rl);
+void DTLS_RECORD_LAYER_clear(RECORD_LAYER *rl);
+void DTLS_RECORD_LAYER_set_saved_w_epoch(RECORD_LAYER *rl, unsigned short e);
+void DTLS_RECORD_LAYER_clear(RECORD_LAYER *rl);
+void DTLS_RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, unsigned char *seq);
+__owur int dtls1_read_bytes(SSL *s, int type, int *recvd_type,
+                            unsigned char *buf, size_t len, int peek,
+                            size_t *readbytes);
+__owur int dtls1_write_bytes(SSL *s, int type, const void *buf, size_t len,
+                             size_t *written);
+int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
+                   size_t len, int create_empty_fragment, size_t *written);
+void dtls1_reset_seq_numbers(SSL *s, int rw);
diff --git a/freebsd/crypto/openssl/ssl/record/record_locl.h b/freebsd/crypto/openssl/ssl/record/record_locl.h
new file mode 100644
index 00000000..07fd7ab6
--- /dev/null
+++ b/freebsd/crypto/openssl/ssl/record/record_locl.h
@@ -0,0 +1,118 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*****************************************************************************
+ *                                                                           *
+ * The following macros/functions are PRIVATE to the record layer. They      *
+ * should NOT be used outside of the record layer.                           *
+ *                                                                           *
+ *****************************************************************************/
+
+#define MAX_WARN_ALERT_COUNT    5
+
+/* Functions/macros provided by the RECORD_LAYER component */
+
+#define RECORD_LAYER_get_rbuf(rl)               (&(rl)->rbuf)
+#define RECORD_LAYER_get_wbuf(rl)               ((rl)->wbuf)
+#define RECORD_LAYER_get_rrec(rl)               ((rl)->rrec)
+#define RECORD_LAYER_set_packet(rl, p)          ((rl)->packet = (p))
+#define RECORD_LAYER_reset_packet_length(rl)    ((rl)->packet_length = 0)
+#define RECORD_LAYER_get_rstate(rl)             ((rl)->rstate)
+#define RECORD_LAYER_set_rstate(rl, st)         ((rl)->rstate = (st))
+#define RECORD_LAYER_get_read_sequence(rl)      ((rl)->read_sequence)
+#define RECORD_LAYER_get_write_sequence(rl)     ((rl)->write_sequence)
+#define RECORD_LAYER_get_numrpipes(rl)          ((rl)->numrpipes)
+#define RECORD_LAYER_set_numrpipes(rl, n)       ((rl)->numrpipes = (n))
+#define RECORD_LAYER_inc_empty_record_count(rl) ((rl)->empty_record_count++)
+#define RECORD_LAYER_reset_empty_record_count(rl) \
+                                                ((rl)->empty_record_count = 0)
+#define RECORD_LAYER_get_empty_record_count(rl) ((rl)->empty_record_count)
+#define RECORD_LAYER_is_first_record(rl)        ((rl)->is_first_record)
+#define RECORD_LAYER_set_first_record(rl)       ((rl)->is_first_record = 1)
+#define RECORD_LAYER_clear_first_record(rl)     ((rl)->is_first_record = 0)
+#define DTLS_RECORD_LAYER_get_r_epoch(rl)       ((rl)->d->r_epoch)
+
+__owur int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold,
+                       size_t *readbytes);
+
+DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,
+                               unsigned int *is_next_epoch);
+int dtls1_process_buffered_records(SSL *s);
+int dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue);
+int dtls1_buffer_record(SSL *s, record_pqueue *q, unsigned char *priority);
+void ssl3_record_sequence_update(unsigned char *seq);
+
+/* Functions provided by the DTLS1_BITMAP component */
+
+int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap);
+void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap);
+
+/* Macros/functions provided by the SSL3_BUFFER component */
+
+#define SSL3_BUFFER_get_buf(b)              ((b)->buf)
+#define SSL3_BUFFER_set_buf(b, n)           ((b)->buf = (n))
+#define SSL3_BUFFER_get_len(b)              ((b)->len)
+#define SSL3_BUFFER_set_len(b, l)           ((b)->len = (l))
+#define SSL3_BUFFER_get_left(b)             ((b)->left)
+#define SSL3_BUFFER_set_left(b, l)          ((b)->left = (l))
+#define SSL3_BUFFER_sub_left(b, l)          ((b)->left -= (l))
+#define SSL3_BUFFER_get_offset(b)           ((b)->offset)
+#define SSL3_BUFFER_set_offset(b, o)        ((b)->offset = (o))
+#define SSL3_BUFFER_add_offset(b, o)        ((b)->offset += (o))
+#define SSL3_BUFFER_is_initialised(b)       ((b)->buf != NULL)
+#define SSL3_BUFFER_set_default_len(b, l)   ((b)->default_len = (l))
+
+void SSL3_BUFFER_clear(SSL3_BUFFER *b);
+void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, size_t n);
+void SSL3_BUFFER_release(SSL3_BUFFER *b);
+__owur int ssl3_setup_read_buffer(SSL *s);
+__owur int ssl3_setup_write_buffer(SSL *s, size_t numwpipes, size_t len);
+int ssl3_release_read_buffer(SSL *s);
+int ssl3_release_write_buffer(SSL *s);
+
+/* Macros/functions provided by the SSL3_RECORD component */
+
+#define SSL3_RECORD_get_type(r)                 ((r)->type)
+#define SSL3_RECORD_set_type(r, t)              ((r)->type = (t))
+#define SSL3_RECORD_set_rec_version(r, v)       ((r)->rec_version = (v))
+#define SSL3_RECORD_get_length(r)               ((r)->length)
+#define SSL3_RECORD_set_length(r, l)            ((r)->length = (l))
+#define SSL3_RECORD_add_length(r, l)            ((r)->length += (l))
+#define SSL3_RECORD_sub_length(r, l)            ((r)->length -= (l))
+#define SSL3_RECORD_get_data(r)                 ((r)->data)
+#define SSL3_RECORD_set_data(r, d)              ((r)->data = (d))
+#define SSL3_RECORD_get_input(r)                ((r)->input)
+#define SSL3_RECORD_set_input(r, i)             ((r)->input = (i))
+#define SSL3_RECORD_reset_input(r)              ((r)->input = (r)->data)
+#define SSL3_RECORD_get_seq_num(r)              ((r)->seq_num)
+#define SSL3_RECORD_get_off(r)                  ((r)->off)
+#define SSL3_RECORD_set_off(r, o)               ((r)->off = (o))
+#define SSL3_RECORD_add_off(r, o)               ((r)->off += (o))
+#define SSL3_RECORD_get_epoch(r)                ((r)->epoch)
+#define SSL3_RECORD_is_sslv2_record(r) \
+            ((r)->rec_version == SSL2_VERSION)
+#define SSL3_RECORD_is_read(r)                  ((r)->read)
+#define SSL3_RECORD_set_read(r)                 ((r)->read = 1)
+
+void SSL3_RECORD_clear(SSL3_RECORD *r, size_t);
+void SSL3_RECORD_release(SSL3_RECORD *r, size_t num_recs);
+void SSL3_RECORD_set_seq_num(SSL3_RECORD *r, const unsigned char *seq_num);
+int ssl3_get_record(SSL *s);
+__owur int ssl3_do_compress(SSL *ssl, SSL3_RECORD *wr);
+__owur int ssl3_do_uncompress(SSL *ssl, SSL3_RECORD *rr);
+int ssl3_cbc_copy_mac(unsigned char *out,
+                       const SSL3_RECORD *rec, size_t md_size);
+__owur int ssl3_cbc_remove_padding(SSL3_RECORD *rec,
+                                   size_t block_size, size_t mac_size);
+__owur int tls1_cbc_remove_padding(const SSL *s,
+                                   SSL3_RECORD *rec,
+                                   size_t block_size, size_t mac_size);
+int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap);
+__owur int dtls1_get_record(SSL *s);
+int early_data_count_ok(SSL *s, size_t length, size_t overhead, int send);
diff --git a/freebsd/crypto/openssl/ssl/record/ssl3_buffer.c b/freebsd/crypto/openssl/ssl/record/ssl3_buffer.c
new file mode 100644
index 00000000..714e7ac1
--- /dev/null
+++ b/freebsd/crypto/openssl/ssl/record/ssl3_buffer.c
@@ -0,0 +1,181 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "../ssl_locl.h"
+#include "record_locl.h"
+
+void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, size_t n)
+{
+    if (d != NULL)
+        memcpy(b->buf, d, n);
+    b->left = n;
+    b->offset = 0;
+}
+
+/*
+ * Clear the contents of an SSL3_BUFFER but retain any memory allocated. Also
+ * retains the default_len setting
+ */
+void SSL3_BUFFER_clear(SSL3_BUFFER *b)
+{
+    b->offset = 0;
+    b->left = 0;
+}
+
+void SSL3_BUFFER_release(SSL3_BUFFER *b)
+{
+    OPENSSL_free(b->buf);
+    b->buf = NULL;
+}
+
+int ssl3_setup_read_buffer(SSL *s)
+{
+    unsigned char *p;
+    size_t len, align = 0, headerlen;
+    SSL3_BUFFER *b;
+
+    b = RECORD_LAYER_get_rbuf(&s->rlayer);
+
+    if (SSL_IS_DTLS(s))
+        headerlen = DTLS1_RT_HEADER_LENGTH;
+    else
+        headerlen = SSL3_RT_HEADER_LENGTH;
+
+#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
+    align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1);
+#endif
+
+    if (b->buf == NULL) {
+        len = SSL3_RT_MAX_PLAIN_LENGTH
+            + SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
+#ifndef OPENSSL_NO_COMP
+        if (ssl_allow_compression(s))
+            len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
+#endif
+        if (b->default_len > len)
+            len = b->default_len;
+        if ((p = OPENSSL_malloc(len)) == NULL) {
+            /*
+             * We've got a malloc failure, and we're still initialising buffers.
+             * We assume we're so doomed that we won't even be able to send an
+             * alert.
+             */
+            SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_SETUP_READ_BUFFER,
+                     ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        b->buf = p;
+        b->len = len;
+    }
+
+    RECORD_LAYER_set_packet(&s->rlayer, &(b->buf[0]));
+    return 1;
+}
+
+int ssl3_setup_write_buffer(SSL *s, size_t numwpipes, size_t len)
+{
+    unsigned char *p;
+    size_t align = 0, headerlen;
+    SSL3_BUFFER *wb;
+    size_t currpipe;
+
+    s->rlayer.numwpipes = numwpipes;
+
+    if (len == 0) {
+        if (SSL_IS_DTLS(s))
+            headerlen = DTLS1_RT_HEADER_LENGTH + 1;
+        else
+            headerlen = SSL3_RT_HEADER_LENGTH;
+
+#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
+        align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1);
+#endif
+
+        len = ssl_get_max_send_fragment(s)
+            + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
+#ifndef OPENSSL_NO_COMP
+        if (ssl_allow_compression(s))
+            len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
+#endif
+        if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
+            len += headerlen + align + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
+    }
+
+    wb = RECORD_LAYER_get_wbuf(&s->rlayer);
+    for (currpipe = 0; currpipe < numwpipes; currpipe++) {
+        SSL3_BUFFER *thiswb = &wb[currpipe];
+
+        if (thiswb->buf != NULL && thiswb->len != len) {
+            OPENSSL_free(thiswb->buf);
+            thiswb->buf = NULL;         /* force reallocation */
+        }
+
+        if (thiswb->buf == NULL) {
+            p = OPENSSL_malloc(len);
+            if (p == NULL) {
+                s->rlayer.numwpipes = currpipe;
+                /*
+                 * We've got a malloc failure, and we're still initialising
+                 * buffers. We assume we're so doomed that we won't even be able
+                 * to send an alert.
+                 */
+                SSLfatal(s, SSL_AD_NO_ALERT,
+                         SSL_F_SSL3_SETUP_WRITE_BUFFER, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+            memset(thiswb, 0, sizeof(SSL3_BUFFER));
+            thiswb->buf = p;
+            thiswb->len = len;
+        }
+    }
+
+    return 1;
+}
+
+int ssl3_setup_buffers(SSL *s)
+{
+    if (!ssl3_setup_read_buffer(s)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+    if (!ssl3_setup_write_buffer(s, 1, 0)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+    return 1;
+}
+
+int ssl3_release_write_buffer(SSL *s)
+{
+    SSL3_BUFFER *wb;
+    size_t pipes;
+
+    pipes = s->rlayer.numwpipes;
+    while (pipes > 0) {
+        wb = &RECORD_LAYER_get_wbuf(&s->rlayer)[pipes - 1];
+
+        OPENSSL_free(wb->buf);
+        wb->buf = NULL;
+        pipes--;
+    }
+    s->rlayer.numwpipes = 0;
+    return 1;
+}
+
+int ssl3_release_read_buffer(SSL *s)
+{
+    SSL3_BUFFER *b;
+
+    b = RECORD_LAYER_get_rbuf(&s->rlayer);
+    OPENSSL_free(b->buf);
+    b->buf = NULL;
+    return 1;
+}
diff --git a/freebsd/crypto/openssl/ssl/record/ssl3_record.c b/freebsd/crypto/openssl/ssl/record/ssl3_record.c
new file mode 100644
index 00000000..d7e47474
--- /dev/null
+++ b/freebsd/crypto/openssl/ssl/record/ssl3_record.c
@@ -0,0 +1,2034 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "../ssl_locl.h"
+#include "internal/constant_time_locl.h"
+#include <openssl/rand.h>
+#include "record_locl.h"
+#include "internal/cryptlib.h"
+
+static const unsigned char ssl3_pad_1[48] = {
+    0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+    0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+    0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+    0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+    0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+    0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36
+};
+
+static const unsigned char ssl3_pad_2[48] = {
+    0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+    0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+    0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+    0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+    0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+    0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c
+};
+
+/*
+ * Clear the contents of an SSL3_RECORD but retain any memory allocated
+ */
+void SSL3_RECORD_clear(SSL3_RECORD *r, size_t num_recs)
+{
+    unsigned char *comp;
+    size_t i;
+
+    for (i = 0; i < num_recs; i++) {
+        comp = r[i].comp;
+
+        memset(&r[i], 0, sizeof(*r));
+        r[i].comp = comp;
+    }
+}
+
+void SSL3_RECORD_release(SSL3_RECORD *r, size_t num_recs)
+{
+    size_t i;
+
+    for (i = 0; i < num_recs; i++) {
+        OPENSSL_free(r[i].comp);
+        r[i].comp = NULL;
+    }
+}
+
+void SSL3_RECORD_set_seq_num(SSL3_RECORD *r, const unsigned char *seq_num)
+{
+    memcpy(r->seq_num, seq_num, SEQ_NUM_SIZE);
+}
+
+/*
+ * Peeks ahead into "read_ahead" data to see if we have a whole record waiting
+ * for us in the buffer.
+ */
+static int ssl3_record_app_data_waiting(SSL *s)
+{
+    SSL3_BUFFER *rbuf;
+    size_t left, len;
+    unsigned char *p;
+
+    rbuf = RECORD_LAYER_get_rbuf(&s->rlayer);
+
+    p = SSL3_BUFFER_get_buf(rbuf);
+    if (p == NULL)
+        return 0;
+
+    left = SSL3_BUFFER_get_left(rbuf);
+
+    if (left < SSL3_RT_HEADER_LENGTH)
+        return 0;
+
+    p += SSL3_BUFFER_get_offset(rbuf);
+
+    /*
+     * We only check the type and record length, we will sanity check version
+     * etc later
+     */
+    if (*p != SSL3_RT_APPLICATION_DATA)
+        return 0;
+
+    p += 3;
+    n2s(p, len);
+
+    if (left < SSL3_RT_HEADER_LENGTH + len)
+        return 0;
+
+    return 1;
+}
+
+int early_data_count_ok(SSL *s, size_t length, size_t overhead, int send)
+{
+    uint32_t max_early_data;
+    SSL_SESSION *sess = s->session;
+
+    /*
+     * If we are a client then we always use the max_early_data from the
+     * session/psksession. Otherwise we go with the lowest out of the max early
+     * data set in the session and the configured max_early_data.
+     */
+    if (!s->server && sess->ext.max_early_data == 0) {
+        if (!ossl_assert(s->psksession != NULL
+                         && s->psksession->ext.max_early_data > 0)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_EARLY_DATA_COUNT_OK,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+        sess = s->psksession;
+    }
+
+    if (!s->server)
+        max_early_data = sess->ext.max_early_data;
+    else if (s->ext.early_data != SSL_EARLY_DATA_ACCEPTED)
+        max_early_data = s->recv_max_early_data;
+    else
+        max_early_data = s->recv_max_early_data < sess->ext.max_early_data
+                         ? s->recv_max_early_data : sess->ext.max_early_data;
+
+    if (max_early_data == 0) {
+        SSLfatal(s, send ? SSL_AD_INTERNAL_ERROR : SSL_AD_UNEXPECTED_MESSAGE,
+                 SSL_F_EARLY_DATA_COUNT_OK, SSL_R_TOO_MUCH_EARLY_DATA);
+        return 0;
+    }
+
+    /* If we are dealing with ciphertext we need to allow for the overhead */
+    max_early_data += overhead;
+
+    if (s->early_data_count + length > max_early_data) {
+        SSLfatal(s, send ? SSL_AD_INTERNAL_ERROR : SSL_AD_UNEXPECTED_MESSAGE,
+                 SSL_F_EARLY_DATA_COUNT_OK, SSL_R_TOO_MUCH_EARLY_DATA);
+        return 0;
+    }
+    s->early_data_count += length;
+
+    return 1;
+}
+
+/*
+ * MAX_EMPTY_RECORDS defines the number of consecutive, empty records that
+ * will be processed per call to ssl3_get_record. Without this limit an
+ * attacker could send empty records at a faster rate than we can process and
+ * cause ssl3_get_record to loop forever.
+ */
+#define MAX_EMPTY_RECORDS 32
+
+#define SSL2_RT_HEADER_LENGTH   2
+/*-
+ * Call this to get new input records.
+ * It will return <= 0 if more data is needed, normally due to an error
+ * or non-blocking IO.
+ * When it finishes, |numrpipes| records have been decoded. For each record 'i':
+ * rr[i].type    - is the type of record
+ * rr[i].data,   - data
+ * rr[i].length, - number of bytes
+ * Multiple records will only be returned if the record types are all
+ * SSL3_RT_APPLICATION_DATA. The number of records returned will always be <=
+ * |max_pipelines|
+ */
+/* used only by ssl3_read_bytes */
+int ssl3_get_record(SSL *s)
+{
+    int enc_err, rret;
+    int i;
+    size_t more, n;
+    SSL3_RECORD *rr, *thisrr;
+    SSL3_BUFFER *rbuf;
+    SSL_SESSION *sess;
+    unsigned char *p;
+    unsigned char md[EVP_MAX_MD_SIZE];
+    unsigned int version;
+    size_t mac_size;
+    int imac_size;
+    size_t num_recs = 0, max_recs, j;
+    PACKET pkt, sslv2pkt;
+    size_t first_rec_len;
+
+    rr = RECORD_LAYER_get_rrec(&s->rlayer);
+    rbuf = RECORD_LAYER_get_rbuf(&s->rlayer);
+    max_recs = s->max_pipelines;
+    if (max_recs == 0)
+        max_recs = 1;
+    sess = s->session;
+
+    do {
+        thisrr = &rr[num_recs];
+
+        /* check if we have the header */
+        if ((RECORD_LAYER_get_rstate(&s->rlayer) != SSL_ST_READ_BODY) ||
+            (RECORD_LAYER_get_packet_length(&s->rlayer)
+             < SSL3_RT_HEADER_LENGTH)) {
+            size_t sslv2len;
+            unsigned int type;
+
+            rret = ssl3_read_n(s, SSL3_RT_HEADER_LENGTH,
+                               SSL3_BUFFER_get_len(rbuf), 0,
+                               num_recs == 0 ? 1 : 0, &n);
+            if (rret <= 0)
+                return rret;     /* error or non-blocking */
+            RECORD_LAYER_set_rstate(&s->rlayer, SSL_ST_READ_BODY);
+
+            p = RECORD_LAYER_get_packet(&s->rlayer);
+            if (!PACKET_buf_init(&pkt, RECORD_LAYER_get_packet(&s->rlayer),
+                                 RECORD_LAYER_get_packet_length(&s->rlayer))) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GET_RECORD,
+                         ERR_R_INTERNAL_ERROR);
+                return -1;
+            }
+            sslv2pkt = pkt;
+            if (!PACKET_get_net_2_len(&sslv2pkt, &sslv2len)
+                    || !PACKET_get_1(&sslv2pkt, &type)) {
+                SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL3_GET_RECORD,
+                         ERR_R_INTERNAL_ERROR);
+                return -1;
+            }
+            /*
+             * The first record received by the server may be a V2ClientHello.
+             */
+            if (s->server && RECORD_LAYER_is_first_record(&s->rlayer)
+                    && (sslv2len & 0x8000) != 0
+                    && (type == SSL2_MT_CLIENT_HELLO)) {
+                /*
+                 *  SSLv2 style record
+                 *
+                 * |num_recs| here will actually always be 0 because
+                 * |num_recs > 0| only ever occurs when we are processing
+                 * multiple app data records - which we know isn't the case here
+                 * because it is an SSLv2ClientHello. We keep it using
+                 * |num_recs| for the sake of consistency
+                 */
+                thisrr->type = SSL3_RT_HANDSHAKE;
+                thisrr->rec_version = SSL2_VERSION;
+
+                thisrr->length = sslv2len & 0x7fff;
+
+                if (thisrr->length > SSL3_BUFFER_get_len(rbuf)
+                    - SSL2_RT_HEADER_LENGTH) {
+                    SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_SSL3_GET_RECORD,
+                             SSL_R_PACKET_LENGTH_TOO_LONG);
+                    return -1;
+                }
+
+                if (thisrr->length < MIN_SSL2_RECORD_LEN) {
+                    SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL3_GET_RECORD,
+                             SSL_R_LENGTH_TOO_SHORT);
+                    return -1;
+                }
+            } else {
+                /* SSLv3+ style record */
+                if (s->msg_callback)
+                    s->msg_callback(0, 0, SSL3_RT_HEADER, p, 5, s,
+                                    s->msg_callback_arg);
+
+                /* Pull apart the header into the SSL3_RECORD */
+                if (!PACKET_get_1(&pkt, &type)
+                        || !PACKET_get_net_2(&pkt, &version)
+                        || !PACKET_get_net_2_len(&pkt, &thisrr->length)) {
+                    SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL3_GET_RECORD,
+                             ERR_R_INTERNAL_ERROR);
+                    return -1;
+                }
+                thisrr->type = type;
+                thisrr->rec_version = version;
+
+                /*
+                 * Lets check version. In TLSv1.3 we only check this field
+                 * when encryption is occurring (see later check). For the
+                 * ServerHello after an HRR we haven't actually selected TLSv1.3
+                 * yet, but we still treat it as TLSv1.3, so we must check for
+                 * that explicitly
+                 */
+                if (!s->first_packet && !SSL_IS_TLS13(s)
+                        && s->hello_retry_request != SSL_HRR_PENDING
+                        && version != (unsigned int)s->version) {
+                    if ((s->version & 0xFF00) == (version & 0xFF00)
+                        && !s->enc_write_ctx && !s->write_hash) {
+                        if (thisrr->type == SSL3_RT_ALERT) {
+                            /*
+                             * The record is using an incorrect version number,
+                             * but what we've got appears to be an alert. We
+                             * haven't read the body yet to check whether its a
+                             * fatal or not - but chances are it is. We probably
+                             * shouldn't send a fatal alert back. We'll just
+                             * end.
+                             */
+                            SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_GET_RECORD,
+                                     SSL_R_WRONG_VERSION_NUMBER);
+                            return -1;
+                        }
+                        /*
+                         * Send back error using their minor version number :-)
+                         */
+                        s->version = (unsigned short)version;
+                    }
+                    SSLfatal(s, SSL_AD_PROTOCOL_VERSION, SSL_F_SSL3_GET_RECORD,
+                             SSL_R_WRONG_VERSION_NUMBER);
+                    return -1;
+                }
+
+                if ((version >> 8) != SSL3_VERSION_MAJOR) {
+                    if (RECORD_LAYER_is_first_record(&s->rlayer)) {
+                        /* Go back to start of packet, look at the five bytes
+                         * that we have. */
+                        p = RECORD_LAYER_get_packet(&s->rlayer);
+                        if (strncmp((char *)p, "GET ", 4) == 0 ||
+                            strncmp((char *)p, "POST ", 5) == 0 ||
+                            strncmp((char *)p, "HEAD ", 5) == 0 ||
+                            strncmp((char *)p, "PUT ", 4) == 0) {
+                            SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_GET_RECORD,
+                                     SSL_R_HTTP_REQUEST);
+                            return -1;
+                        } else if (strncmp((char *)p, "CONNE", 5) == 0) {
+                            SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_GET_RECORD,
+                                     SSL_R_HTTPS_PROXY_REQUEST);
+                            return -1;
+                        }
+
+                        /* Doesn't look like TLS - don't send an alert */
+                        SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_GET_RECORD,
+                                 SSL_R_WRONG_VERSION_NUMBER);
+                        return -1;
+                    } else {
+                        SSLfatal(s, SSL_AD_PROTOCOL_VERSION,
+                                 SSL_F_SSL3_GET_RECORD,
+                                 SSL_R_WRONG_VERSION_NUMBER);
+                        return -1;
+                    }
+                }
+
+                if (SSL_IS_TLS13(s) && s->enc_read_ctx != NULL) {
+                    if (thisrr->type != SSL3_RT_APPLICATION_DATA
+                            && (thisrr->type != SSL3_RT_CHANGE_CIPHER_SPEC
+                                || !SSL_IS_FIRST_HANDSHAKE(s))
+                            && (thisrr->type != SSL3_RT_ALERT
+                                || s->statem.enc_read_state
+                                   != ENC_READ_STATE_ALLOW_PLAIN_ALERTS)) {
+                        SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
+                                 SSL_F_SSL3_GET_RECORD, SSL_R_BAD_RECORD_TYPE);
+                        return -1;
+                    }
+                    if (thisrr->rec_version != TLS1_2_VERSION) {
+                        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL3_GET_RECORD,
+                                 SSL_R_WRONG_VERSION_NUMBER);
+                        return -1;
+                    }
+                }
+
+                if (thisrr->length >
+                    SSL3_BUFFER_get_len(rbuf) - SSL3_RT_HEADER_LENGTH) {
+                    SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_SSL3_GET_RECORD,
+                             SSL_R_PACKET_LENGTH_TOO_LONG);
+                    return -1;
+                }
+            }
+
+            /* now s->rlayer.rstate == SSL_ST_READ_BODY */
+        }
+
+        if (SSL_IS_TLS13(s)) {
+            if (thisrr->length > SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH) {
+                SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_SSL3_GET_RECORD,
+                         SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
+                return -1;
+            }
+        } else {
+            size_t len = SSL3_RT_MAX_ENCRYPTED_LENGTH;
+
+#ifndef OPENSSL_NO_COMP
+            /*
+             * If OPENSSL_NO_COMP is defined then SSL3_RT_MAX_ENCRYPTED_LENGTH
+             * does not include the compression overhead anyway.
+             */
+            if (s->expand == NULL)
+                len -= SSL3_RT_MAX_COMPRESSED_OVERHEAD;
+#endif
+
+            if (thisrr->length > len) {
+                SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_SSL3_GET_RECORD,
+                         SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
+                return -1;
+            }
+        }
+
+        /*
+         * s->rlayer.rstate == SSL_ST_READ_BODY, get and decode the data.
+         * Calculate how much more data we need to read for the rest of the
+         * record
+         */
+        if (thisrr->rec_version == SSL2_VERSION) {
+            more = thisrr->length + SSL2_RT_HEADER_LENGTH
+                - SSL3_RT_HEADER_LENGTH;
+        } else {
+            more = thisrr->length;
+        }
+        if (more > 0) {
+            /* now s->packet_length == SSL3_RT_HEADER_LENGTH */
+
+            rret = ssl3_read_n(s, more, more, 1, 0, &n);
+            if (rret <= 0)
+                return rret;     /* error or non-blocking io */
+        }
+
+        /* set state for later operations */
+        RECORD_LAYER_set_rstate(&s->rlayer, SSL_ST_READ_HEADER);
+
+        /*
+         * At this point, s->packet_length == SSL3_RT_HEADER_LENGTH
+         * + thisrr->length, or s->packet_length == SSL2_RT_HEADER_LENGTH
+         * + thisrr->length and we have that many bytes in s->packet
+         */
+        if (thisrr->rec_version == SSL2_VERSION) {
+            thisrr->input =
+                &(RECORD_LAYER_get_packet(&s->rlayer)[SSL2_RT_HEADER_LENGTH]);
+        } else {
+            thisrr->input =
+                &(RECORD_LAYER_get_packet(&s->rlayer)[SSL3_RT_HEADER_LENGTH]);
+        }
+
+        /*
+         * ok, we can now read from 's->packet' data into 'thisrr' thisrr->input
+         * points at thisrr->length bytes, which need to be copied into
+         * thisrr->data by either the decryption or by the decompression When
+         * the data is 'copied' into the thisrr->data buffer, thisrr->input will
+         * be pointed at the new buffer
+         */
+
+        /*
+         * We now have - encrypted [ MAC [ compressed [ plain ] ] ]
+         * thisrr->length bytes of encrypted compressed stuff.
+         */
+
+        /* decrypt in place in 'thisrr->input' */
+        thisrr->data = thisrr->input;
+        thisrr->orig_len = thisrr->length;
+
+        /* Mark this record as not read by upper layers yet */
+        thisrr->read = 0;
+
+        num_recs++;
+
+        /* we have pulled in a full packet so zero things */
+        RECORD_LAYER_reset_packet_length(&s->rlayer);
+        RECORD_LAYER_clear_first_record(&s->rlayer);
+    } while (num_recs < max_recs
+             && thisrr->type == SSL3_RT_APPLICATION_DATA
+             && SSL_USE_EXPLICIT_IV(s)
+             && s->enc_read_ctx != NULL
+             && (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_read_ctx))
+                 & EVP_CIPH_FLAG_PIPELINE)
+             && ssl3_record_app_data_waiting(s));
+
+    if (num_recs == 1
+            && thisrr->type == SSL3_RT_CHANGE_CIPHER_SPEC
+            && (SSL_IS_TLS13(s) || s->hello_retry_request != SSL_HRR_NONE)
+            && SSL_IS_FIRST_HANDSHAKE(s)) {
+        /*
+         * CCS messages must be exactly 1 byte long, containing the value 0x01
+         */
+        if (thisrr->length != 1 || thisrr->data[0] != 0x01) {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SSL3_GET_RECORD,
+                     SSL_R_INVALID_CCS_MESSAGE);
+            return -1;
+        }
+        /*
+         * CCS messages are ignored in TLSv1.3. We treat it like an empty
+         * handshake record
+         */
+        thisrr->type = SSL3_RT_HANDSHAKE;
+        RECORD_LAYER_inc_empty_record_count(&s->rlayer);
+        if (RECORD_LAYER_get_empty_record_count(&s->rlayer)
+            > MAX_EMPTY_RECORDS) {
+            SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_GET_RECORD,
+                     SSL_R_UNEXPECTED_CCS_MESSAGE);
+            return -1;
+        }
+        thisrr->read = 1;
+        RECORD_LAYER_set_numrpipes(&s->rlayer, 1);
+
+        return 1;
+    }
+
+    /*
+     * If in encrypt-then-mac mode calculate mac from encrypted record. All
+     * the details below are public so no timing details can leak.
+     */
+    if (SSL_READ_ETM(s) && s->read_hash) {
+        unsigned char *mac;
+        /* TODO(size_t): convert this to do size_t properly */
+        imac_size = EVP_MD_CTX_size(s->read_hash);
+        if (!ossl_assert(imac_size >= 0 && imac_size <= EVP_MAX_MD_SIZE)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GET_RECORD,
+                         ERR_LIB_EVP);
+                return -1;
+        }
+        mac_size = (size_t)imac_size;
+        for (j = 0; j < num_recs; j++) {
+            thisrr = &rr[j];
+
+            if (thisrr->length < mac_size) {
+                SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL3_GET_RECORD,
+                         SSL_R_LENGTH_TOO_SHORT);
+                return -1;
+            }
+            thisrr->length -= mac_size;
+            mac = thisrr->data + thisrr->length;
+            i = s->method->ssl3_enc->mac(s, thisrr, md, 0 /* not send */ );
+            if (i == 0 || CRYPTO_memcmp(md, mac, mac_size) != 0) {
+                SSLfatal(s, SSL_AD_BAD_RECORD_MAC, SSL_F_SSL3_GET_RECORD,
+                       SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
+                return -1;
+            }
+        }
+    }
+
+    first_rec_len = rr[0].length;
+
+    enc_err = s->method->ssl3_enc->enc(s, rr, num_recs, 0);
+
+    /*-
+     * enc_err is:
+     *    0: (in non-constant time) if the record is publicly invalid.
+     *    1: if the padding is valid
+     *    -1: if the padding is invalid
+     */
+    if (enc_err == 0) {
+        if (ossl_statem_in_error(s)) {
+            /* SSLfatal() already got called */
+            return -1;
+        }
+        if (num_recs == 1 && ossl_statem_skip_early_data(s)) {
+            /*
+             * Valid early_data that we cannot decrypt might fail here as
+             * publicly invalid. We treat it like an empty record.
+             */
+
+            thisrr = &rr[0];
+
+            if (!early_data_count_ok(s, thisrr->length,
+                                     EARLY_DATA_CIPHERTEXT_OVERHEAD, 0)) {
+                /* SSLfatal() already called */
+                return -1;
+            }
+
+            thisrr->length = 0;
+            thisrr->read = 1;
+            RECORD_LAYER_set_numrpipes(&s->rlayer, 1);
+            RECORD_LAYER_reset_read_sequence(&s->rlayer);
+            return 1;
+        }
+        SSLfatal(s, SSL_AD_DECRYPTION_FAILED, SSL_F_SSL3_GET_RECORD,
+                 SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
+        return -1;
+    }
+#ifdef SSL_DEBUG
+    printf("dec %lu\n", (unsigned long)rr[0].length);
+    {
+        size_t z;
+        for (z = 0; z < rr[0].length; z++)
+            printf("%02X%c", rr[0].data[z], ((z + 1) % 16) ? ' ' : '\n');
+    }
+    printf("\n");
+#endif
+
+    /* r->length is now the compressed data plus mac */
+    if ((sess != NULL) &&
+        (s->enc_read_ctx != NULL) &&
+        (!SSL_READ_ETM(s) && EVP_MD_CTX_md(s->read_hash) != NULL)) {
+        /* s->read_hash != NULL => mac_size != -1 */
+        unsigned char *mac = NULL;
+        unsigned char mac_tmp[EVP_MAX_MD_SIZE];
+
+        mac_size = EVP_MD_CTX_size(s->read_hash);
+        if (!ossl_assert(mac_size <= EVP_MAX_MD_SIZE)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GET_RECORD,
+                     ERR_R_INTERNAL_ERROR);
+            return -1;
+        }
+
+        for (j = 0; j < num_recs; j++) {
+            thisrr = &rr[j];
+            /*
+             * orig_len is the length of the record before any padding was
+             * removed. This is public information, as is the MAC in use,
+             * therefore we can safely process the record in a different amount
+             * of time if it's too short to possibly contain a MAC.
+             */
+            if (thisrr->orig_len < mac_size ||
+                /* CBC records must have a padding length byte too. */
+                (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
+                 thisrr->orig_len < mac_size + 1)) {
+                SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL3_GET_RECORD,
+                         SSL_R_LENGTH_TOO_SHORT);
+                return -1;
+            }
+
+            if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) {
+                /*
+                 * We update the length so that the TLS header bytes can be
+                 * constructed correctly but we need to extract the MAC in
+                 * constant time from within the record, without leaking the
+                 * contents of the padding bytes.
+                 */
+                mac = mac_tmp;
+                if (!ssl3_cbc_copy_mac(mac_tmp, thisrr, mac_size)) {
+                    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GET_RECORD,
+                             ERR_R_INTERNAL_ERROR);
+                    return -1;
+                }
+                thisrr->length -= mac_size;
+            } else {
+                /*
+                 * In this case there's no padding, so |rec->orig_len| equals
+                 * |rec->length| and we checked that there's enough bytes for
+                 * |mac_size| above.
+                 */
+                thisrr->length -= mac_size;
+                mac = &thisrr->data[thisrr->length];
+            }
+
+            i = s->method->ssl3_enc->mac(s, thisrr, md, 0 /* not send */ );
+            if (i == 0 || mac == NULL
+                || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)
+                enc_err = -1;
+            if (thisrr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size)
+                enc_err = -1;
+        }
+    }
+
+    if (enc_err < 0) {
+        if (ossl_statem_in_error(s)) {
+            /* We already called SSLfatal() */
+            return -1;
+        }
+        if (num_recs == 1 && ossl_statem_skip_early_data(s)) {
+            /*
+             * We assume this is unreadable early_data - we treat it like an
+             * empty record
+             */
+
+            /*
+             * The record length may have been modified by the mac check above
+             * so we use the previously saved value
+             */
+            if (!early_data_count_ok(s, first_rec_len,
+                                     EARLY_DATA_CIPHERTEXT_OVERHEAD, 0)) {
+                /* SSLfatal() already called */
+                return -1;
+            }
+
+            thisrr = &rr[0];
+            thisrr->length = 0;
+            thisrr->read = 1;
+            RECORD_LAYER_set_numrpipes(&s->rlayer, 1);
+            RECORD_LAYER_reset_read_sequence(&s->rlayer);
+            return 1;
+        }
+        /*
+         * A separate 'decryption_failed' alert was introduced with TLS 1.0,
+         * SSL 3.0 only has 'bad_record_mac'.  But unless a decryption
+         * failure is directly visible from the ciphertext anyway, we should
+         * not reveal which kind of error occurred -- this might become
+         * visible to an attacker (e.g. via a logfile)
+         */
+        SSLfatal(s, SSL_AD_BAD_RECORD_MAC, SSL_F_SSL3_GET_RECORD,
+                 SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
+        return -1;
+    }
+
+    for (j = 0; j < num_recs; j++) {
+        thisrr = &rr[j];
+
+        /* thisrr->length is now just compressed */
+        if (s->expand != NULL) {
+            if (thisrr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) {
+                SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_SSL3_GET_RECORD,
+                         SSL_R_COMPRESSED_LENGTH_TOO_LONG);
+                return -1;
+            }
+            if (!ssl3_do_uncompress(s, thisrr)) {
+                SSLfatal(s, SSL_AD_DECOMPRESSION_FAILURE, SSL_F_SSL3_GET_RECORD,
+                         SSL_R_BAD_DECOMPRESSION);
+                return -1;
+            }
+        }
+
+        if (SSL_IS_TLS13(s)
+                && s->enc_read_ctx != NULL
+                && thisrr->type != SSL3_RT_ALERT) {
+            size_t end;
+
+            if (thisrr->length == 0
+                    || thisrr->type != SSL3_RT_APPLICATION_DATA) {
+                SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_GET_RECORD,
+                         SSL_R_BAD_RECORD_TYPE);
+                return -1;
+            }
+
+            /* Strip trailing padding */
+            for (end = thisrr->length - 1; end > 0 && thisrr->data[end] == 0;
+                 end--)
+                continue;
+
+            thisrr->length = end;
+            thisrr->type = thisrr->data[end];
+            if (thisrr->type != SSL3_RT_APPLICATION_DATA
+                    && thisrr->type != SSL3_RT_ALERT
+                    && thisrr->type != SSL3_RT_HANDSHAKE) {
+                SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_GET_RECORD,
+                         SSL_R_BAD_RECORD_TYPE);
+                return -1;
+            }
+            if (s->msg_callback)
+                s->msg_callback(0, s->version, SSL3_RT_INNER_CONTENT_TYPE,
+                                &thisrr->data[end], 1, s, s->msg_callback_arg);
+        }
+
+        /*
+         * TLSv1.3 alert and handshake records are required to be non-zero in
+         * length.
+         */
+        if (SSL_IS_TLS13(s)
+                && (thisrr->type == SSL3_RT_HANDSHAKE
+                    || thisrr->type == SSL3_RT_ALERT)
+                && thisrr->length == 0) {
+            SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_GET_RECORD,
+                     SSL_R_BAD_LENGTH);
+            return -1;
+        }
+
+        if (thisrr->length > SSL3_RT_MAX_PLAIN_LENGTH) {
+            SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_SSL3_GET_RECORD,
+                     SSL_R_DATA_LENGTH_TOO_LONG);
+            return -1;
+        }
+
+        /* If received packet overflows current Max Fragment Length setting */
+        if (s->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(s->session)
+                && thisrr->length > GET_MAX_FRAGMENT_LENGTH(s->session)) {
+            SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_SSL3_GET_RECORD,
+                     SSL_R_DATA_LENGTH_TOO_LONG);
+            return -1;
+        }
+
+        thisrr->off = 0;
+        /*-
+         * So at this point the following is true
+         * thisrr->type   is the type of record
+         * thisrr->length == number of bytes in record
+         * thisrr->off    == offset to first valid byte
+         * thisrr->data   == where to take bytes from, increment after use :-).
+         */
+
+        /* just read a 0 length packet */
+        if (thisrr->length == 0) {
+            RECORD_LAYER_inc_empty_record_count(&s->rlayer);
+            if (RECORD_LAYER_get_empty_record_count(&s->rlayer)
+                > MAX_EMPTY_RECORDS) {
+                SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_GET_RECORD,
+                         SSL_R_RECORD_TOO_SMALL);
+                return -1;
+            }
+        } else {
+            RECORD_LAYER_reset_empty_record_count(&s->rlayer);
+        }
+    }
+
+    if (s->early_data_state == SSL_EARLY_DATA_READING) {
+        thisrr = &rr[0];
+        if (thisrr->type == SSL3_RT_APPLICATION_DATA
+                && !early_data_count_ok(s, thisrr->length, 0, 0)) {
+            /* SSLfatal already called */
+            return -1;
+        }
+    }
+
+    RECORD_LAYER_set_numrpipes(&s->rlayer, num_recs);
+    return 1;
+}
+
+int ssl3_do_uncompress(SSL *ssl, SSL3_RECORD *rr)
+{
+#ifndef OPENSSL_NO_COMP
+    int i;
+
+    if (rr->comp == NULL) {
+        rr->comp = (unsigned char *)
+            OPENSSL_malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);
+    }
+    if (rr->comp == NULL)
+        return 0;
+
+    /* TODO(size_t): Convert this call */
+    i = COMP_expand_block(ssl->expand, rr->comp,
+                          SSL3_RT_MAX_PLAIN_LENGTH, rr->data, (int)rr->length);
+    if (i < 0)
+        return 0;
+    else
+        rr->length = i;
+    rr->data = rr->comp;
+#endif
+    return 1;
+}
+
+int ssl3_do_compress(SSL *ssl, SSL3_RECORD *wr)
+{
+#ifndef OPENSSL_NO_COMP
+    int i;
+
+    /* TODO(size_t): Convert this call */
+    i = COMP_compress_block(ssl->compress, wr->data,
+                            (int)(wr->length + SSL3_RT_MAX_COMPRESSED_OVERHEAD),
+                            wr->input, (int)wr->length);
+    if (i < 0)
+        return 0;
+    else
+        wr->length = i;
+
+    wr->input = wr->data;
+#endif
+    return 1;
+}
+
+/*-
+ * ssl3_enc encrypts/decrypts |n_recs| records in |inrecs|.  Will call
+ * SSLfatal() for internal errors, but not otherwise.
+ *
+ * Returns:
+ *   0: (in non-constant time) if the record is publically invalid (i.e. too
+ *       short etc).
+ *   1: if the record's padding is valid / the encryption was successful.
+ *   -1: if the record's padding is invalid or, if sending, an internal error
+ *       occurred.
+ */
+int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int sending)
+{
+    SSL3_RECORD *rec;
+    EVP_CIPHER_CTX *ds;
+    size_t l, i;
+    size_t bs, mac_size = 0;
+    int imac_size;
+    const EVP_CIPHER *enc;
+
+    rec = inrecs;
+    /*
+     * We shouldn't ever be called with more than one record in the SSLv3 case
+     */
+    if (n_recs != 1)
+        return 0;
+    if (sending) {
+        ds = s->enc_write_ctx;
+        if (s->enc_write_ctx == NULL)
+            enc = NULL;
+        else
+            enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
+    } else {
+        ds = s->enc_read_ctx;
+        if (s->enc_read_ctx == NULL)
+            enc = NULL;
+        else
+            enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
+    }
+
+    if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) {
+        memmove(rec->data, rec->input, rec->length);
+        rec->input = rec->data;
+    } else {
+        l = rec->length;
+        /* TODO(size_t): Convert this call */
+        bs = EVP_CIPHER_CTX_block_size(ds);
+
+        /* COMPRESS */
+
+        if ((bs != 1) && sending) {
+            i = bs - (l % bs);
+
+            /* we need to add 'i-1' padding bytes */
+            l += i;
+            /*
+             * the last of these zero bytes will be overwritten with the
+             * padding length.
+             */
+            memset(&rec->input[rec->length], 0, i);
+            rec->length += i;
+            rec->input[l - 1] = (unsigned char)(i - 1);
+        }
+
+        if (!sending) {
+            if (l == 0 || l % bs != 0)
+                return 0;
+            /* otherwise, rec->length >= bs */
+        }
+
+        /* TODO(size_t): Convert this call */
+        if (EVP_Cipher(ds, rec->data, rec->input, (unsigned int)l) < 1)
+            return -1;
+
+        if (EVP_MD_CTX_md(s->read_hash) != NULL) {
+            /* TODO(size_t): convert me */
+            imac_size = EVP_MD_CTX_size(s->read_hash);
+            if (imac_size < 0) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_ENC,
+                         ERR_R_INTERNAL_ERROR);
+                return -1;
+            }
+            mac_size = (size_t)imac_size;
+        }
+        if ((bs != 1) && !sending)
+            return ssl3_cbc_remove_padding(rec, bs, mac_size);
+    }
+    return 1;
+}
+
+#define MAX_PADDING 256
+/*-
+ * tls1_enc encrypts/decrypts |n_recs| in |recs|.  Will call SSLfatal() for
+ * internal errors, but not otherwise.
+ *
+ * Returns:
+ *   0: (in non-constant time) if the record is publically invalid (i.e. too
+ *       short etc).
+ *   1: if the record's padding is valid / the encryption was successful.
+ *   -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
+ *       an internal error occurred.
+ */
+int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending)
+{
+    EVP_CIPHER_CTX *ds;
+    size_t reclen[SSL_MAX_PIPELINES];
+    unsigned char buf[SSL_MAX_PIPELINES][EVP_AEAD_TLS1_AAD_LEN];
+    int i, pad = 0, ret, tmpr;
+    size_t bs, mac_size = 0, ctr, padnum, loop;
+    unsigned char padval;
+    int imac_size;
+    const EVP_CIPHER *enc;
+
+    if (n_recs == 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    if (sending) {
+        if (EVP_MD_CTX_md(s->write_hash)) {
+            int n = EVP_MD_CTX_size(s->write_hash);
+            if (!ossl_assert(n >= 0)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
+                         ERR_R_INTERNAL_ERROR);
+                return -1;
+            }
+        }
+        ds = s->enc_write_ctx;
+        if (s->enc_write_ctx == NULL)
+            enc = NULL;
+        else {
+            int ivlen;
+            enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
+            /* For TLSv1.1 and later explicit IV */
+            if (SSL_USE_EXPLICIT_IV(s)
+                && EVP_CIPHER_mode(enc) == EVP_CIPH_CBC_MODE)
+                ivlen = EVP_CIPHER_iv_length(enc);
+            else
+                ivlen = 0;
+            if (ivlen > 1) {
+                for (ctr = 0; ctr < n_recs; ctr++) {
+                    if (recs[ctr].data != recs[ctr].input) {
+                        /*
+                         * we can't write into the input stream: Can this ever
+                         * happen?? (steve)
+                         */
+                        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
+                                 ERR_R_INTERNAL_ERROR);
+                        return -1;
+                    } else if (RAND_bytes(recs[ctr].input, ivlen) <= 0) {
+                        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
+                                 ERR_R_INTERNAL_ERROR);
+                        return -1;
+                    }
+                }
+            }
+        }
+    } else {
+        if (EVP_MD_CTX_md(s->read_hash)) {
+            int n = EVP_MD_CTX_size(s->read_hash);
+            if (!ossl_assert(n >= 0)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
+                         ERR_R_INTERNAL_ERROR);
+                return -1;
+            }
+        }
+        ds = s->enc_read_ctx;
+        if (s->enc_read_ctx == NULL)
+            enc = NULL;
+        else
+            enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
+    }
+
+    if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) {
+        for (ctr = 0; ctr < n_recs; ctr++) {
+            memmove(recs[ctr].data, recs[ctr].input, recs[ctr].length);
+            recs[ctr].input = recs[ctr].data;
+        }
+        ret = 1;
+    } else {
+        bs = EVP_CIPHER_block_size(EVP_CIPHER_CTX_cipher(ds));
+
+        if (n_recs > 1) {
+            if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ds))
+                  & EVP_CIPH_FLAG_PIPELINE)) {
+                /*
+                 * We shouldn't have been called with pipeline data if the
+                 * cipher doesn't support pipelining
+                 */
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
+                         SSL_R_PIPELINE_FAILURE);
+                return -1;
+            }
+        }
+        for (ctr = 0; ctr < n_recs; ctr++) {
+            reclen[ctr] = recs[ctr].length;
+
+            if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ds))
+                & EVP_CIPH_FLAG_AEAD_CIPHER) {
+                unsigned char *seq;
+
+                seq = sending ? RECORD_LAYER_get_write_sequence(&s->rlayer)
+                    : RECORD_LAYER_get_read_sequence(&s->rlayer);
+
+                if (SSL_IS_DTLS(s)) {
+                    /* DTLS does not support pipelining */
+                    unsigned char dtlsseq[9], *p = dtlsseq;
+
+                    s2n(sending ? DTLS_RECORD_LAYER_get_w_epoch(&s->rlayer) :
+                        DTLS_RECORD_LAYER_get_r_epoch(&s->rlayer), p);
+                    memcpy(p, &seq[2], 6);
+                    memcpy(buf[ctr], dtlsseq, 8);
+                } else {
+                    memcpy(buf[ctr], seq, 8);
+                    for (i = 7; i >= 0; i--) { /* increment */
+                        ++seq[i];
+                        if (seq[i] != 0)
+                            break;
+                    }
+                }
+
+                buf[ctr][8] = recs[ctr].type;
+                buf[ctr][9] = (unsigned char)(s->version >> 8);
+                buf[ctr][10] = (unsigned char)(s->version);
+                buf[ctr][11] = (unsigned char)(recs[ctr].length >> 8);
+                buf[ctr][12] = (unsigned char)(recs[ctr].length & 0xff);
+                pad = EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_AEAD_TLS1_AAD,
+                                          EVP_AEAD_TLS1_AAD_LEN, buf[ctr]);
+                if (pad <= 0) {
+                    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
+                             ERR_R_INTERNAL_ERROR);
+                    return -1;
+                }
+
+                if (sending) {
+                    reclen[ctr] += pad;
+                    recs[ctr].length += pad;
+                }
+
+            } else if ((bs != 1) && sending) {
+                padnum = bs - (reclen[ctr] % bs);
+
+                /* Add weird padding of upto 256 bytes */
+
+                if (padnum > MAX_PADDING) {
+                    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
+                             ERR_R_INTERNAL_ERROR);
+                    return -1;
+                }
+                /* we need to add 'padnum' padding bytes of value padval */
+                padval = (unsigned char)(padnum - 1);
+                for (loop = reclen[ctr]; loop < reclen[ctr] + padnum; loop++)
+                    recs[ctr].input[loop] = padval;
+                reclen[ctr] += padnum;
+                recs[ctr].length += padnum;
+            }
+
+            if (!sending) {
+                if (reclen[ctr] == 0 || reclen[ctr] % bs != 0)
+                    return 0;
+            }
+        }
+        if (n_recs > 1) {
+            unsigned char *data[SSL_MAX_PIPELINES];
+
+            /* Set the output buffers */
+            for (ctr = 0; ctr < n_recs; ctr++) {
+                data[ctr] = recs[ctr].data;
+            }
+            if (EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS,
+                                    (int)n_recs, data) <= 0) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
+                         SSL_R_PIPELINE_FAILURE);
+                return -1;
+            }
+            /* Set the input buffers */
+            for (ctr = 0; ctr < n_recs; ctr++) {
+                data[ctr] = recs[ctr].input;
+            }
+            if (EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_INPUT_BUFS,
+                                    (int)n_recs, data) <= 0
+                || EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_INPUT_LENS,
+                                       (int)n_recs, reclen) <= 0) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
+                         SSL_R_PIPELINE_FAILURE);
+                return -1;
+            }
+        }
+
+        /* TODO(size_t): Convert this call */
+        tmpr = EVP_Cipher(ds, recs[0].data, recs[0].input,
+                          (unsigned int)reclen[0]);
+        if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ds))
+             & EVP_CIPH_FLAG_CUSTOM_CIPHER)
+            ? (tmpr < 0)
+            : (tmpr == 0))
+            return -1;          /* AEAD can fail to verify MAC */
+
+        if (sending == 0) {
+            if (EVP_CIPHER_mode(enc) == EVP_CIPH_GCM_MODE) {
+                for (ctr = 0; ctr < n_recs; ctr++) {
+                    recs[ctr].data += EVP_GCM_TLS_EXPLICIT_IV_LEN;
+                    recs[ctr].input += EVP_GCM_TLS_EXPLICIT_IV_LEN;
+                    recs[ctr].length -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
+                }
+            } else if (EVP_CIPHER_mode(enc) == EVP_CIPH_CCM_MODE) {
+                for (ctr = 0; ctr < n_recs; ctr++) {
+                    recs[ctr].data += EVP_CCM_TLS_EXPLICIT_IV_LEN;
+                    recs[ctr].input += EVP_CCM_TLS_EXPLICIT_IV_LEN;
+                    recs[ctr].length -= EVP_CCM_TLS_EXPLICIT_IV_LEN;
+                }
+            }
+        }
+
+        ret = 1;
+        if (!SSL_READ_ETM(s) && EVP_MD_CTX_md(s->read_hash) != NULL) {
+            imac_size = EVP_MD_CTX_size(s->read_hash);
+            if (imac_size < 0) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
+                         ERR_R_INTERNAL_ERROR);
+                return -1;
+            }
+            mac_size = (size_t)imac_size;
+        }
+        if ((bs != 1) && !sending) {
+            int tmpret;
+            for (ctr = 0; ctr < n_recs; ctr++) {
+                tmpret = tls1_cbc_remove_padding(s, &recs[ctr], bs, mac_size);
+                /*
+                 * If tmpret == 0 then this means publicly invalid so we can
+                 * short circuit things here. Otherwise we must respect constant
+                 * time behaviour.
+                 */
+                if (tmpret == 0)
+                    return 0;
+                ret = constant_time_select_int(constant_time_eq_int(tmpret, 1),
+                                               ret, -1);
+            }
+        }
+        if (pad && !sending) {
+            for (ctr = 0; ctr < n_recs; ctr++) {
+                recs[ctr].length -= pad;
+            }
+        }
+    }
+    return ret;
+}
+
+int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending)
+{
+    unsigned char *mac_sec, *seq;
+    const EVP_MD_CTX *hash;
+    unsigned char *p, rec_char;
+    size_t md_size;
+    size_t npad;
+    int t;
+
+    if (sending) {
+        mac_sec = &(ssl->s3->write_mac_secret[0]);
+        seq = RECORD_LAYER_get_write_sequence(&ssl->rlayer);
+        hash = ssl->write_hash;
+    } else {
+        mac_sec = &(ssl->s3->read_mac_secret[0]);
+        seq = RECORD_LAYER_get_read_sequence(&ssl->rlayer);
+        hash = ssl->read_hash;
+    }
+
+    t = EVP_MD_CTX_size(hash);
+    if (t < 0)
+        return 0;
+    md_size = t;
+    npad = (48 / md_size) * md_size;
+
+    if (!sending &&
+        EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
+        ssl3_cbc_record_digest_supported(hash)) {
+        /*
+         * This is a CBC-encrypted record. We must avoid leaking any
+         * timing-side channel information about how many blocks of data we
+         * are hashing because that gives an attacker a timing-oracle.
+         */
+
+        /*-
+         * npad is, at most, 48 bytes and that's with MD5:
+         *   16 + 48 + 8 (sequence bytes) + 1 + 2 = 75.
+         *
+         * With SHA-1 (the largest hash speced for SSLv3) the hash size
+         * goes up 4, but npad goes down by 8, resulting in a smaller
+         * total size.
+         */
+        unsigned char header[75];
+        size_t j = 0;
+        memcpy(header + j, mac_sec, md_size);
+        j += md_size;
+        memcpy(header + j, ssl3_pad_1, npad);
+        j += npad;
+        memcpy(header + j, seq, 8);
+        j += 8;
+        header[j++] = rec->type;
+        header[j++] = (unsigned char)(rec->length >> 8);
+        header[j++] = (unsigned char)(rec->length & 0xff);
+
+        /* Final param == is SSLv3 */
+        if (ssl3_cbc_digest_record(hash,
+                                   md, &md_size,
+                                   header, rec->input,
+                                   rec->length + md_size, rec->orig_len,
+                                   mac_sec, md_size, 1) <= 0)
+            return 0;
+    } else {
+        unsigned int md_size_u;
+        /* Chop the digest off the end :-) */
+        EVP_MD_CTX *md_ctx = EVP_MD_CTX_new();
+
+        if (md_ctx == NULL)
+            return 0;
+
+        rec_char = rec->type;
+        p = md;
+        s2n(rec->length, p);
+        if (EVP_MD_CTX_copy_ex(md_ctx, hash) <= 0
+            || EVP_DigestUpdate(md_ctx, mac_sec, md_size) <= 0
+            || EVP_DigestUpdate(md_ctx, ssl3_pad_1, npad) <= 0
+            || EVP_DigestUpdate(md_ctx, seq, 8) <= 0
+            || EVP_DigestUpdate(md_ctx, &rec_char, 1) <= 0
+            || EVP_DigestUpdate(md_ctx, md, 2) <= 0
+            || EVP_DigestUpdate(md_ctx, rec->input, rec->length) <= 0
+            || EVP_DigestFinal_ex(md_ctx, md, NULL) <= 0
+            || EVP_MD_CTX_copy_ex(md_ctx, hash) <= 0
+            || EVP_DigestUpdate(md_ctx, mac_sec, md_size) <= 0
+            || EVP_DigestUpdate(md_ctx, ssl3_pad_2, npad) <= 0
+            || EVP_DigestUpdate(md_ctx, md, md_size) <= 0
+            || EVP_DigestFinal_ex(md_ctx, md, &md_size_u) <= 0) {
+            EVP_MD_CTX_free(md_ctx);
+            return 0;
+        }
+
+        EVP_MD_CTX_free(md_ctx);
+    }
+
+    ssl3_record_sequence_update(seq);
+    return 1;
+}
+
+int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending)
+{
+    unsigned char *seq;
+    EVP_MD_CTX *hash;
+    size_t md_size;
+    int i;
+    EVP_MD_CTX *hmac = NULL, *mac_ctx;
+    unsigned char header[13];
+    int stream_mac = (sending ? (ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM)
+                      : (ssl->mac_flags & SSL_MAC_FLAG_READ_MAC_STREAM));
+    int t;
+
+    if (sending) {
+        seq = RECORD_LAYER_get_write_sequence(&ssl->rlayer);
+        hash = ssl->write_hash;
+    } else {
+        seq = RECORD_LAYER_get_read_sequence(&ssl->rlayer);
+        hash = ssl->read_hash;
+    }
+
+    t = EVP_MD_CTX_size(hash);
+    if (!ossl_assert(t >= 0))
+        return 0;
+    md_size = t;
+
+    /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */
+    if (stream_mac) {
+        mac_ctx = hash;
+    } else {
+        hmac = EVP_MD_CTX_new();
+        if (hmac == NULL || !EVP_MD_CTX_copy(hmac, hash)) {
+            EVP_MD_CTX_free(hmac);
+            return 0;
+        }
+        mac_ctx = hmac;
+    }
+
+    if (SSL_IS_DTLS(ssl)) {
+        unsigned char dtlsseq[8], *p = dtlsseq;
+
+        s2n(sending ? DTLS_RECORD_LAYER_get_w_epoch(&ssl->rlayer) :
+            DTLS_RECORD_LAYER_get_r_epoch(&ssl->rlayer), p);
+        memcpy(p, &seq[2], 6);
+
+        memcpy(header, dtlsseq, 8);
+    } else
+        memcpy(header, seq, 8);
+
+    header[8] = rec->type;
+    header[9] = (unsigned char)(ssl->version >> 8);
+    header[10] = (unsigned char)(ssl->version);
+    header[11] = (unsigned char)(rec->length >> 8);
+    header[12] = (unsigned char)(rec->length & 0xff);
+
+    if (!sending && !SSL_READ_ETM(ssl) &&
+        EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
+        ssl3_cbc_record_digest_supported(mac_ctx)) {
+        /*
+         * This is a CBC-encrypted record. We must avoid leaking any
+         * timing-side channel information about how many blocks of data we
+         * are hashing because that gives an attacker a timing-oracle.
+         */
+        /* Final param == not SSLv3 */
+        if (ssl3_cbc_digest_record(mac_ctx,
+                                   md, &md_size,
+                                   header, rec->input,
+                                   rec->length + md_size, rec->orig_len,
+                                   ssl->s3->read_mac_secret,
+                                   ssl->s3->read_mac_secret_size, 0) <= 0) {
+            EVP_MD_CTX_free(hmac);
+            return 0;
+        }
+    } else {
+        /* TODO(size_t): Convert these calls */
+        if (EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)) <= 0
+            || EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length) <= 0
+            || EVP_DigestSignFinal(mac_ctx, md, &md_size) <= 0) {
+            EVP_MD_CTX_free(hmac);
+            return 0;
+        }
+    }
+
+    EVP_MD_CTX_free(hmac);
+
+#ifdef SSL_DEBUG
+    fprintf(stderr, "seq=");
+    {
+        int z;
+        for (z = 0; z < 8; z++)
+            fprintf(stderr, "%02X ", seq[z]);
+        fprintf(stderr, "\n");
+    }
+    fprintf(stderr, "rec=");
+    {
+        size_t z;
+        for (z = 0; z < rec->length; z++)
+            fprintf(stderr, "%02X ", rec->data[z]);
+        fprintf(stderr, "\n");
+    }
+#endif
+
+    if (!SSL_IS_DTLS(ssl)) {
+        for (i = 7; i >= 0; i--) {
+            ++seq[i];
+            if (seq[i] != 0)
+                break;
+        }
+    }
+#ifdef SSL_DEBUG
+    {
+        unsigned int z;
+        for (z = 0; z < md_size; z++)
+            fprintf(stderr, "%02X ", md[z]);
+        fprintf(stderr, "\n");
+    }
+#endif
+    return 1;
+}
+
+/*-
+ * ssl3_cbc_remove_padding removes padding from the decrypted, SSLv3, CBC
+ * record in |rec| by updating |rec->length| in constant time.
+ *
+ * block_size: the block size of the cipher used to encrypt the record.
+ * returns:
+ *   0: (in non-constant time) if the record is publicly invalid.
+ *   1: if the padding was valid
+ *  -1: otherwise.
+ */
+int ssl3_cbc_remove_padding(SSL3_RECORD *rec,
+                            size_t block_size, size_t mac_size)
+{
+    size_t padding_length;
+    size_t good;
+    const size_t overhead = 1 /* padding length byte */  + mac_size;
+
+    /*
+     * These lengths are all public so we can test them in non-constant time.
+     */
+    if (overhead > rec->length)
+        return 0;
+
+    padding_length = rec->data[rec->length - 1];
+    good = constant_time_ge_s(rec->length, padding_length + overhead);
+    /* SSLv3 requires that the padding is minimal. */
+    good &= constant_time_ge_s(block_size, padding_length + 1);
+    rec->length -= good & (padding_length + 1);
+    return constant_time_select_int_s(good, 1, -1);
+}
+
+/*-
+ * tls1_cbc_remove_padding removes the CBC padding from the decrypted, TLS, CBC
+ * record in |rec| in constant time and returns 1 if the padding is valid and
+ * -1 otherwise. It also removes any explicit IV from the start of the record
+ * without leaking any timing about whether there was enough space after the
+ * padding was removed.
+ *
+ * block_size: the block size of the cipher used to encrypt the record.
+ * returns:
+ *   0: (in non-constant time) if the record is publicly invalid.
+ *   1: if the padding was valid
+ *  -1: otherwise.
+ */
+int tls1_cbc_remove_padding(const SSL *s,
+                            SSL3_RECORD *rec,
+                            size_t block_size, size_t mac_size)
+{
+    size_t good;
+    size_t padding_length, to_check, i;
+    const size_t overhead = 1 /* padding length byte */  + mac_size;
+    /* Check if version requires explicit IV */
+    if (SSL_USE_EXPLICIT_IV(s)) {
+        /*
+         * These lengths are all public so we can test them in non-constant
+         * time.
+         */
+        if (overhead + block_size > rec->length)
+            return 0;
+        /* We can now safely skip explicit IV */
+        rec->data += block_size;
+        rec->input += block_size;
+        rec->length -= block_size;
+        rec->orig_len -= block_size;
+    } else if (overhead > rec->length)
+        return 0;
+
+    padding_length = rec->data[rec->length - 1];
+
+    if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_read_ctx)) &
+        EVP_CIPH_FLAG_AEAD_CIPHER) {
+        /* padding is already verified */
+        rec->length -= padding_length + 1;
+        return 1;
+    }
+
+    good = constant_time_ge_s(rec->length, overhead + padding_length);
+    /*
+     * The padding consists of a length byte at the end of the record and
+     * then that many bytes of padding, all with the same value as the length
+     * byte. Thus, with the length byte included, there are i+1 bytes of
+     * padding. We can't check just |padding_length+1| bytes because that
+     * leaks decrypted information. Therefore we always have to check the
+     * maximum amount of padding possible. (Again, the length of the record
+     * is public information so we can use it.)
+     */
+    to_check = 256;            /* maximum amount of padding, inc length byte. */
+    if (to_check > rec->length)
+        to_check = rec->length;
+
+    for (i = 0; i < to_check; i++) {
+        unsigned char mask = constant_time_ge_8_s(padding_length, i);
+        unsigned char b = rec->data[rec->length - 1 - i];
+        /*
+         * The final |padding_length+1| bytes should all have the value
+         * |padding_length|. Therefore the XOR should be zero.
+         */
+        good &= ~(mask & (padding_length ^ b));
+    }
+
+    /*
+     * If any of the final |padding_length+1| bytes had the wrong value, one
+     * or more of the lower eight bits of |good| will be cleared.
+     */
+    good = constant_time_eq_s(0xff, good & 0xff);
+    rec->length -= good & (padding_length + 1);
+
+    return constant_time_select_int_s(good, 1, -1);
+}
+
+/*-
+ * ssl3_cbc_copy_mac copies |md_size| bytes from the end of |rec| to |out| in
+ * constant time (independent of the concrete value of rec->length, which may
+ * vary within a 256-byte window).
+ *
+ * ssl3_cbc_remove_padding or tls1_cbc_remove_padding must be called prior to
+ * this function.
+ *
+ * On entry:
+ *   rec->orig_len >= md_size
+ *   md_size <= EVP_MAX_MD_SIZE
+ *
+ * If CBC_MAC_ROTATE_IN_PLACE is defined then the rotation is performed with
+ * variable accesses in a 64-byte-aligned buffer. Assuming that this fits into
+ * a single or pair of cache-lines, then the variable memory accesses don't
+ * actually affect the timing. CPUs with smaller cache-lines [if any] are
+ * not multi-core and are not considered vulnerable to cache-timing attacks.
+ */
+#define CBC_MAC_ROTATE_IN_PLACE
+
+int ssl3_cbc_copy_mac(unsigned char *out,
+                       const SSL3_RECORD *rec, size_t md_size)
+{
+#if defined(CBC_MAC_ROTATE_IN_PLACE)
+    unsigned char rotated_mac_buf[64 + EVP_MAX_MD_SIZE];
+    unsigned char *rotated_mac;
+#else
+    unsigned char rotated_mac[EVP_MAX_MD_SIZE];
+#endif
+
+    /*
+     * mac_end is the index of |rec->data| just after the end of the MAC.
+     */
+    size_t mac_end = rec->length;
+    size_t mac_start = mac_end - md_size;
+    size_t in_mac;
+    /*
+     * scan_start contains the number of bytes that we can ignore because the
+     * MAC's position can only vary by 255 bytes.
+     */
+    size_t scan_start = 0;
+    size_t i, j;
+    size_t rotate_offset;
+
+    if (!ossl_assert(rec->orig_len >= md_size
+                     && md_size <= EVP_MAX_MD_SIZE))
+        return 0;
+
+#if defined(CBC_MAC_ROTATE_IN_PLACE)
+    rotated_mac = rotated_mac_buf + ((0 - (size_t)rotated_mac_buf) & 63);
+#endif
+
+    /* This information is public so it's safe to branch based on it. */
+    if (rec->orig_len > md_size + 255 + 1)
+        scan_start = rec->orig_len - (md_size + 255 + 1);
+
+    in_mac = 0;
+    rotate_offset = 0;
+    memset(rotated_mac, 0, md_size);
+    for (i = scan_start, j = 0; i < rec->orig_len; i++) {
+        size_t mac_started = constant_time_eq_s(i, mac_start);
+        size_t mac_ended = constant_time_lt_s(i, mac_end);
+        unsigned char b = rec->data[i];
+
+        in_mac |= mac_started;
+        in_mac &= mac_ended;
+        rotate_offset |= j & mac_started;
+        rotated_mac[j++] |= b & in_mac;
+        j &= constant_time_lt_s(j, md_size);
+    }
+
+    /* Now rotate the MAC */
+#if defined(CBC_MAC_ROTATE_IN_PLACE)
+    j = 0;
+    for (i = 0; i < md_size; i++) {
+        /* in case cache-line is 32 bytes, touch second line */
+        ((volatile unsigned char *)rotated_mac)[rotate_offset ^ 32];
+        out[j++] = rotated_mac[rotate_offset++];
+        rotate_offset &= constant_time_lt_s(rotate_offset, md_size);
+    }
+#else
+    memset(out, 0, md_size);
+    rotate_offset = md_size - rotate_offset;
+    rotate_offset &= constant_time_lt_s(rotate_offset, md_size);
+    for (i = 0; i < md_size; i++) {
+        for (j = 0; j < md_size; j++)
+            out[j] |= rotated_mac[i] & constant_time_eq_8_s(j, rotate_offset);
+        rotate_offset++;
+        rotate_offset &= constant_time_lt_s(rotate_offset, md_size);
+    }
+#endif
+
+    return 1;
+}
+
+int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
+{
+    int i;
+    int enc_err;
+    SSL_SESSION *sess;
+    SSL3_RECORD *rr;
+    int imac_size;
+    size_t mac_size;
+    unsigned char md[EVP_MAX_MD_SIZE];
+
+    rr = RECORD_LAYER_get_rrec(&s->rlayer);
+    sess = s->session;
+
+    /*
+     * At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
+     * and we have that many bytes in s->packet
+     */
+    rr->input = &(RECORD_LAYER_get_packet(&s->rlayer)[DTLS1_RT_HEADER_LENGTH]);
+
+    /*
+     * ok, we can now read from 's->packet' data into 'rr' rr->input points
+     * at rr->length bytes, which need to be copied into rr->data by either
+     * the decryption or by the decompression When the data is 'copied' into
+     * the rr->data buffer, rr->input will be pointed at the new buffer
+     */
+
+    /*
+     * We now have - encrypted [ MAC [ compressed [ plain ] ] ] rr->length
+     * bytes of encrypted compressed stuff.
+     */
+
+    /* check is not needed I believe */
+    if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
+        SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_DTLS1_PROCESS_RECORD,
+                 SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
+        return 0;
+    }
+
+    /* decrypt in place in 'rr->input' */
+    rr->data = rr->input;
+    rr->orig_len = rr->length;
+
+    if (SSL_READ_ETM(s) && s->read_hash) {
+        unsigned char *mac;
+        mac_size = EVP_MD_CTX_size(s->read_hash);
+        if (!ossl_assert(mac_size <= EVP_MAX_MD_SIZE)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_PROCESS_RECORD,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+        if (rr->orig_len < mac_size) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_DTLS1_PROCESS_RECORD,
+                     SSL_R_LENGTH_TOO_SHORT);
+            return 0;
+        }
+        rr->length -= mac_size;
+        mac = rr->data + rr->length;
+        i = s->method->ssl3_enc->mac(s, rr, md, 0 /* not send */ );
+        if (i == 0 || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) {
+            SSLfatal(s, SSL_AD_BAD_RECORD_MAC, SSL_F_DTLS1_PROCESS_RECORD,
+                   SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
+            return 0;
+        }
+    }
+
+    enc_err = s->method->ssl3_enc->enc(s, rr, 1, 0);
+    /*-
+     * enc_err is:
+     *    0: (in non-constant time) if the record is publically invalid.
+     *    1: if the padding is valid
+     *   -1: if the padding is invalid
+     */
+    if (enc_err == 0) {
+        if (ossl_statem_in_error(s)) {
+            /* SSLfatal() got called */
+            return 0;
+        }
+        /* For DTLS we simply ignore bad packets. */
+        rr->length = 0;
+        RECORD_LAYER_reset_packet_length(&s->rlayer);
+        return 0;
+    }
+#ifdef SSL_DEBUG
+    printf("dec %ld\n", rr->length);
+    {
+        size_t z;
+        for (z = 0; z < rr->length; z++)
+            printf("%02X%c", rr->data[z], ((z + 1) % 16) ? ' ' : '\n');
+    }
+    printf("\n");
+#endif
+
+    /* r->length is now the compressed data plus mac */
+    if ((sess != NULL) && !SSL_READ_ETM(s) &&
+        (s->enc_read_ctx != NULL) && (EVP_MD_CTX_md(s->read_hash) != NULL)) {
+        /* s->read_hash != NULL => mac_size != -1 */
+        unsigned char *mac = NULL;
+        unsigned char mac_tmp[EVP_MAX_MD_SIZE];
+
+        /* TODO(size_t): Convert this to do size_t properly */
+        imac_size = EVP_MD_CTX_size(s->read_hash);
+        if (imac_size < 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_PROCESS_RECORD,
+                     ERR_LIB_EVP);
+            return 0;
+        }
+        mac_size = (size_t)imac_size;
+        if (!ossl_assert(mac_size <= EVP_MAX_MD_SIZE)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_PROCESS_RECORD,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+
+        /*
+         * orig_len is the length of the record before any padding was
+         * removed. This is public information, as is the MAC in use,
+         * therefore we can safely process the record in a different amount
+         * of time if it's too short to possibly contain a MAC.
+         */
+        if (rr->orig_len < mac_size ||
+            /* CBC records must have a padding length byte too. */
+            (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
+             rr->orig_len < mac_size + 1)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_DTLS1_PROCESS_RECORD,
+                     SSL_R_LENGTH_TOO_SHORT);
+            return 0;
+        }
+
+        if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) {
+            /*
+             * We update the length so that the TLS header bytes can be
+             * constructed correctly but we need to extract the MAC in
+             * constant time from within the record, without leaking the
+             * contents of the padding bytes.
+             */
+            mac = mac_tmp;
+            if (!ssl3_cbc_copy_mac(mac_tmp, rr, mac_size)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_PROCESS_RECORD,
+                         ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+            rr->length -= mac_size;
+        } else {
+            /*
+             * In this case there's no padding, so |rec->orig_len| equals
+             * |rec->length| and we checked that there's enough bytes for
+             * |mac_size| above.
+             */
+            rr->length -= mac_size;
+            mac = &rr->data[rr->length];
+        }
+
+        i = s->method->ssl3_enc->mac(s, rr, md, 0 /* not send */ );
+        if (i == 0 || mac == NULL
+            || CRYPTO_memcmp(md, mac, mac_size) != 0)
+            enc_err = -1;
+        if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size)
+            enc_err = -1;
+    }
+
+    if (enc_err < 0) {
+        /* decryption failed, silently discard message */
+        rr->length = 0;
+        RECORD_LAYER_reset_packet_length(&s->rlayer);
+        return 0;
+    }
+
+    /* r->length is now just compressed */
+    if (s->expand != NULL) {
+        if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) {
+            SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_DTLS1_PROCESS_RECORD,
+                     SSL_R_COMPRESSED_LENGTH_TOO_LONG);
+            return 0;
+        }
+        if (!ssl3_do_uncompress(s, rr)) {
+            SSLfatal(s, SSL_AD_DECOMPRESSION_FAILURE,
+                     SSL_F_DTLS1_PROCESS_RECORD, SSL_R_BAD_DECOMPRESSION);
+            return 0;
+        }
+    }
+
+    if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) {
+        SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_DTLS1_PROCESS_RECORD,
+                 SSL_R_DATA_LENGTH_TOO_LONG);
+        return 0;
+    }
+
+    rr->off = 0;
+    /*-
+     * So at this point the following is true
+     * ssl->s3->rrec.type   is the type of record
+     * ssl->s3->rrec.length == number of bytes in record
+     * ssl->s3->rrec.off    == offset to first valid byte
+     * ssl->s3->rrec.data   == where to take bytes from, increment
+     *                         after use :-).
+     */
+
+    /* we have pulled in a full packet so zero things */
+    RECORD_LAYER_reset_packet_length(&s->rlayer);
+
+    /* Mark receipt of record. */
+    dtls1_record_bitmap_update(s, bitmap);
+
+    return 1;
+}
+
+/*
+ * Retrieve a buffered record that belongs to the current epoch, i.e. processed
+ */
+#define dtls1_get_processed_record(s) \
+                   dtls1_retrieve_buffered_record((s), \
+                   &(DTLS_RECORD_LAYER_get_processed_rcds(&s->rlayer)))
+
+/*-
+ * Call this to get a new input record.
+ * It will return <= 0 if more data is needed, normally due to an error
+ * or non-blocking IO.
+ * When it finishes, one packet has been decoded and can be found in
+ * ssl->s3->rrec.type    - is the type of record
+ * ssl->s3->rrec.data,   - data
+ * ssl->s3->rrec.length, - number of bytes
+ */
+/* used only by dtls1_read_bytes */
+int dtls1_get_record(SSL *s)
+{
+    int ssl_major, ssl_minor;
+    int rret;
+    size_t more, n;
+    SSL3_RECORD *rr;
+    unsigned char *p = NULL;
+    unsigned short version;
+    DTLS1_BITMAP *bitmap;
+    unsigned int is_next_epoch;
+
+    rr = RECORD_LAYER_get_rrec(&s->rlayer);
+
+ again:
+    /*
+     * The epoch may have changed.  If so, process all the pending records.
+     * This is a non-blocking operation.
+     */
+    if (!dtls1_process_buffered_records(s)) {
+        /* SSLfatal() already called */
+        return -1;
+    }
+
+    /* if we're renegotiating, then there may be buffered records */
+    if (dtls1_get_processed_record(s))
+        return 1;
+
+    /* get something from the wire */
+
+    /* check if we have the header */
+    if ((RECORD_LAYER_get_rstate(&s->rlayer) != SSL_ST_READ_BODY) ||
+        (RECORD_LAYER_get_packet_length(&s->rlayer) < DTLS1_RT_HEADER_LENGTH)) {
+        rret = ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH,
+                           SSL3_BUFFER_get_len(&s->rlayer.rbuf), 0, 1, &n);
+        /* read timeout is handled by dtls1_read_bytes */
+        if (rret <= 0) {
+            /* SSLfatal() already called if appropriate */
+            return rret;         /* error or non-blocking */
+        }
+
+        /* this packet contained a partial record, dump it */
+        if (RECORD_LAYER_get_packet_length(&s->rlayer) !=
+            DTLS1_RT_HEADER_LENGTH) {
+            RECORD_LAYER_reset_packet_length(&s->rlayer);
+            goto again;
+        }
+
+        RECORD_LAYER_set_rstate(&s->rlayer, SSL_ST_READ_BODY);
+
+        p = RECORD_LAYER_get_packet(&s->rlayer);
+
+        if (s->msg_callback)
+            s->msg_callback(0, 0, SSL3_RT_HEADER, p, DTLS1_RT_HEADER_LENGTH,
+                            s, s->msg_callback_arg);
+
+        /* Pull apart the header into the DTLS1_RECORD */
+        rr->type = *(p++);
+        ssl_major = *(p++);
+        ssl_minor = *(p++);
+        version = (ssl_major << 8) | ssl_minor;
+
+        /* sequence number is 64 bits, with top 2 bytes = epoch */
+        n2s(p, rr->epoch);
+
+        memcpy(&(RECORD_LAYER_get_read_sequence(&s->rlayer)[2]), p, 6);
+        p += 6;
+
+        n2s(p, rr->length);
+        rr->read = 0;
+
+        /*
+         * Lets check the version. We tolerate alerts that don't have the exact
+         * version number (e.g. because of protocol version errors)
+         */
+        if (!s->first_packet && rr->type != SSL3_RT_ALERT) {
+            if (version != s->version) {
+                /* unexpected version, silently discard */
+                rr->length = 0;
+                rr->read = 1;
+                RECORD_LAYER_reset_packet_length(&s->rlayer);
+                goto again;
+            }
+        }
+
+        if ((version & 0xff00) != (s->version & 0xff00)) {
+            /* wrong version, silently discard record */
+            rr->length = 0;
+            rr->read = 1;
+            RECORD_LAYER_reset_packet_length(&s->rlayer);
+            goto again;
+        }
+
+        if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
+            /* record too long, silently discard it */
+            rr->length = 0;
+            rr->read = 1;
+            RECORD_LAYER_reset_packet_length(&s->rlayer);
+            goto again;
+        }
+
+        /* If received packet overflows own-client Max Fragment Length setting */
+        if (s->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(s->session)
+                && rr->length > GET_MAX_FRAGMENT_LENGTH(s->session)) {
+            /* record too long, silently discard it */
+            rr->length = 0;
+            rr->read = 1;
+            RECORD_LAYER_reset_packet_length(&s->rlayer);
+            goto again;
+        }
+
+        /* now s->rlayer.rstate == SSL_ST_READ_BODY */
+    }
+
+    /* s->rlayer.rstate == SSL_ST_READ_BODY, get and decode the data */
+
+    if (rr->length >
+        RECORD_LAYER_get_packet_length(&s->rlayer) - DTLS1_RT_HEADER_LENGTH) {
+        /* now s->packet_length == DTLS1_RT_HEADER_LENGTH */
+        more = rr->length;
+        rret = ssl3_read_n(s, more, more, 1, 1, &n);
+        /* this packet contained a partial record, dump it */
+        if (rret <= 0 || n != more) {
+            if (ossl_statem_in_error(s)) {
+                /* ssl3_read_n() called SSLfatal() */
+                return -1;
+            }
+            rr->length = 0;
+            rr->read = 1;
+            RECORD_LAYER_reset_packet_length(&s->rlayer);
+            goto again;
+        }
+
+        /*
+         * now n == rr->length, and s->packet_length ==
+         * DTLS1_RT_HEADER_LENGTH + rr->length
+         */
+    }
+    /* set state for later operations */
+    RECORD_LAYER_set_rstate(&s->rlayer, SSL_ST_READ_HEADER);
+
+    /* match epochs.  NULL means the packet is dropped on the floor */
+    bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);
+    if (bitmap == NULL) {
+        rr->length = 0;
+        RECORD_LAYER_reset_packet_length(&s->rlayer); /* dump this record */
+        goto again;             /* get another record */
+    }
+#ifndef OPENSSL_NO_SCTP
+    /* Only do replay check if no SCTP bio */
+    if (!BIO_dgram_is_sctp(SSL_get_rbio(s))) {
+#endif
+        /* Check whether this is a repeat, or aged record. */
+        /*
+         * TODO: Does it make sense to have replay protection in epoch 0 where
+         * we have no integrity negotiated yet?
+         */
+        if (!dtls1_record_replay_check(s, bitmap)) {
+            rr->length = 0;
+            rr->read = 1;
+            RECORD_LAYER_reset_packet_length(&s->rlayer); /* dump this record */
+            goto again;         /* get another record */
+        }
+#ifndef OPENSSL_NO_SCTP
+    }
+#endif
+
+    /* just read a 0 length packet */
+    if (rr->length == 0) {
+        rr->read = 1;
+        goto again;
+    }
+
+    /*
+     * If this record is from the next epoch (either HM or ALERT), and a
+     * handshake is currently in progress, buffer it since it cannot be
+     * processed at this time.
+     */
+    if (is_next_epoch) {
+        if ((SSL_in_init(s) || ossl_statem_get_in_handshake(s))) {
+            if (dtls1_buffer_record (s,
+                    &(DTLS_RECORD_LAYER_get_unprocessed_rcds(&s->rlayer)),
+                    rr->seq_num) < 0) {
+                /* SSLfatal() already called */
+                return -1;
+            }
+        }
+        rr->length = 0;
+        rr->read = 1;
+        RECORD_LAYER_reset_packet_length(&s->rlayer);
+        goto again;
+    }
+
+    if (!dtls1_process_record(s, bitmap)) {
+        if (ossl_statem_in_error(s)) {
+            /* dtls1_process_record() called SSLfatal */
+            return -1;
+        }
+        rr->length = 0;
+        rr->read = 1;
+        RECORD_LAYER_reset_packet_length(&s->rlayer); /* dump this record */
+        goto again;             /* get another record */
+    }
+
+    return 1;
+
+}
diff --git a/freebsd/crypto/openssl/ssl/record/ssl3_record_tls13.c b/freebsd/crypto/openssl/ssl/record/ssl3_record_tls13.c
new file mode 100644
index 00000000..d53f7e42
--- /dev/null
+++ b/freebsd/crypto/openssl/ssl/record/ssl3_record_tls13.c
@@ -0,0 +1,198 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "../ssl_locl.h"
+#include "record_locl.h"
+#include "internal/cryptlib.h"
+
+/*-
+ * tls13_enc encrypts/decrypts |n_recs| in |recs|. Will call SSLfatal() for
+ * internal errors, but not otherwise.
+ *
+ * Returns:
+ *    0: (in non-constant time) if the record is publically invalid (i.e. too
+ *        short etc).
+ *    1: if the record encryption was successful.
+ *   -1: if the record's AEAD-authenticator is invalid or, if sending,
+ *       an internal error occurred.
+ */
+int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending)
+{
+    EVP_CIPHER_CTX *ctx;
+    unsigned char iv[EVP_MAX_IV_LENGTH], recheader[SSL3_RT_HEADER_LENGTH];
+    size_t ivlen, taglen, offset, loop, hdrlen;
+    unsigned char *staticiv;
+    unsigned char *seq;
+    int lenu, lenf;
+    SSL3_RECORD *rec = &recs[0];
+    uint32_t alg_enc;
+    WPACKET wpkt;
+
+    if (n_recs != 1) {
+        /* Should not happen */
+        /* TODO(TLS1.3): Support pipelining */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC,
+                 ERR_R_INTERNAL_ERROR);
+        return -1;
+    }
+
+    if (sending) {
+        ctx = s->enc_write_ctx;
+        staticiv = s->write_iv;
+        seq = RECORD_LAYER_get_write_sequence(&s->rlayer);
+    } else {
+        ctx = s->enc_read_ctx;
+        staticiv = s->read_iv;
+        seq = RECORD_LAYER_get_read_sequence(&s->rlayer);
+    }
+
+    /*
+     * If we're sending an alert and ctx != NULL then we must be forcing
+     * plaintext alerts. If we're reading and ctx != NULL then we allow
+     * plaintext alerts at certain points in the handshake. If we've got this
+     * far then we have already validated that a plaintext alert is ok here.
+     */
+    if (ctx == NULL || rec->type == SSL3_RT_ALERT) {
+        memmove(rec->data, rec->input, rec->length);
+        rec->input = rec->data;
+        return 1;
+    }
+
+    ivlen = EVP_CIPHER_CTX_iv_length(ctx);
+
+    if (s->early_data_state == SSL_EARLY_DATA_WRITING
+            || s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY) {
+        if (s->session != NULL && s->session->ext.max_early_data > 0) {
+            alg_enc = s->session->cipher->algorithm_enc;
+        } else {
+            if (!ossl_assert(s->psksession != NULL
+                             && s->psksession->ext.max_early_data > 0)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC,
+                         ERR_R_INTERNAL_ERROR);
+                return -1;
+            }
+            alg_enc = s->psksession->cipher->algorithm_enc;
+        }
+    } else {
+        /*
+         * To get here we must have selected a ciphersuite - otherwise ctx would
+         * be NULL
+         */
+        if (!ossl_assert(s->s3->tmp.new_cipher != NULL)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC,
+                     ERR_R_INTERNAL_ERROR);
+            return -1;
+        }
+        alg_enc = s->s3->tmp.new_cipher->algorithm_enc;
+    }
+
+    if (alg_enc & SSL_AESCCM) {
+        if (alg_enc & (SSL_AES128CCM8 | SSL_AES256CCM8))
+            taglen = EVP_CCM8_TLS_TAG_LEN;
+         else
+            taglen = EVP_CCM_TLS_TAG_LEN;
+         if (sending && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen,
+                                         NULL) <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC,
+                     ERR_R_INTERNAL_ERROR);
+            return -1;
+        }
+    } else if (alg_enc & SSL_AESGCM) {
+        taglen = EVP_GCM_TLS_TAG_LEN;
+    } else if (alg_enc & SSL_CHACHA20) {
+        taglen = EVP_CHACHAPOLY_TLS_TAG_LEN;
+    } else {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC,
+                 ERR_R_INTERNAL_ERROR);
+        return -1;
+    }
+
+    if (!sending) {
+        /*
+         * Take off tag. There must be at least one byte of content type as
+         * well as the tag
+         */
+        if (rec->length < taglen + 1)
+            return 0;
+        rec->length -= taglen;
+    }
+
+    /* Set up IV */
+    if (ivlen < SEQ_NUM_SIZE) {
+        /* Should not happen */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC,
+                 ERR_R_INTERNAL_ERROR);
+        return -1;
+    }
+    offset = ivlen - SEQ_NUM_SIZE;
+    memcpy(iv, staticiv, offset);
+    for (loop = 0; loop < SEQ_NUM_SIZE; loop++)
+        iv[offset + loop] = staticiv[offset + loop] ^ seq[loop];
+
+    /* Increment the sequence counter */
+    for (loop = SEQ_NUM_SIZE; loop > 0; loop--) {
+        ++seq[loop - 1];
+        if (seq[loop - 1] != 0)
+            break;
+    }
+    if (loop == 0) {
+        /* Sequence has wrapped */
+        return -1;
+    }
+
+    /* TODO(size_t): lenu/lenf should be a size_t but EVP doesn't support it */
+    if (EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, sending) <= 0
+            || (!sending && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
+                                             taglen,
+                                             rec->data + rec->length) <= 0)) {
+        return -1;
+    }
+
+    /* Set up the AAD */
+    if (!WPACKET_init_static_len(&wpkt, recheader, sizeof(recheader), 0)
+            || !WPACKET_put_bytes_u8(&wpkt, rec->type)
+            || !WPACKET_put_bytes_u16(&wpkt, rec->rec_version)
+            || !WPACKET_put_bytes_u16(&wpkt, rec->length + taglen)
+            || !WPACKET_get_total_written(&wpkt, &hdrlen)
+            || hdrlen != SSL3_RT_HEADER_LENGTH
+            || !WPACKET_finish(&wpkt)) {
+        WPACKET_cleanup(&wpkt);
+        return -1;
+    }
+
+    /*
+     * For CCM we must explicitly set the total plaintext length before we add
+     * any AAD.
+     */
+    if (((alg_enc & SSL_AESCCM) != 0
+                 && EVP_CipherUpdate(ctx, NULL, &lenu, NULL,
+                                     (unsigned int)rec->length) <= 0)
+            || EVP_CipherUpdate(ctx, NULL, &lenu, recheader,
+                                sizeof(recheader)) <= 0
+            || EVP_CipherUpdate(ctx, rec->data, &lenu, rec->input,
+                                (unsigned int)rec->length) <= 0
+            || EVP_CipherFinal_ex(ctx, rec->data + lenu, &lenf) <= 0
+            || (size_t)(lenu + lenf) != rec->length) {
+        return -1;
+    }
+    if (sending) {
+        /* Add the tag */
+        if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen,
+                                rec->data + rec->length) <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC,
+                     ERR_R_INTERNAL_ERROR);
+            return -1;
+        }
+        rec->length += taglen;
+    }
+
+    return 1;
+}
diff --git a/freebsd/crypto/openssl/ssl/s23_clnt.c b/freebsd/crypto/openssl/ssl/s23_clnt.c
deleted file mode 100644
index 840c0ddb..00000000
--- a/freebsd/crypto/openssl/ssl/s23_clnt.c
+++ /dev/null
@@ -1,837 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* ssl/s23_clnt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-
-static const SSL_METHOD *ssl23_get_client_method(int ver);
-static int ssl23_client_hello(SSL *s);
-static int ssl23_get_server_hello(SSL *s);
-static const SSL_METHOD *ssl23_get_client_method(int ver)
-{
-#ifndef OPENSSL_NO_SSL2
-    if (ver == SSL2_VERSION)
-        return (SSLv2_client_method());
-#endif
-#ifndef OPENSSL_NO_SSL3
-    if (ver == SSL3_VERSION)
-        return (SSLv3_client_method());
-#endif
-    if (ver == TLS1_VERSION)
-        return (TLSv1_client_method());
-    else if (ver == TLS1_1_VERSION)
-        return (TLSv1_1_client_method());
-    else if (ver == TLS1_2_VERSION)
-        return (TLSv1_2_client_method());
-    else
-        return (NULL);
-}
-
-IMPLEMENT_ssl23_meth_func(SSLv23_client_method,
-                          ssl_undefined_function,
-                          ssl23_connect, ssl23_get_client_method)
-
-int ssl23_connect(SSL *s)
-{
-    BUF_MEM *buf = NULL;
-    unsigned long Time = (unsigned long)time(NULL);
-    void (*cb) (const SSL *ssl, int type, int val) = NULL;
-    int ret = -1;
-    int new_state, state;
-
-    RAND_add(&Time, sizeof(Time), 0);
-    ERR_clear_error();
-    clear_sys_error();
-
-    if (s->info_callback != NULL)
-        cb = s->info_callback;
-    else if (s->ctx->info_callback != NULL)
-        cb = s->ctx->info_callback;
-
-    s->in_handshake++;
-    if (!SSL_in_init(s) || SSL_in_before(s))
-        SSL_clear(s);
-
-    for (;;) {
-        state = s->state;
-
-        switch (s->state) {
-        case SSL_ST_BEFORE:
-        case SSL_ST_CONNECT:
-        case SSL_ST_BEFORE | SSL_ST_CONNECT:
-        case SSL_ST_OK | SSL_ST_CONNECT:
-
-            if (s->session != NULL) {
-                SSLerr(SSL_F_SSL23_CONNECT,
-                       SSL_R_SSL23_DOING_SESSION_ID_REUSE);
-                ret = -1;
-                goto end;
-            }
-            s->server = 0;
-            if (cb != NULL)
-                cb(s, SSL_CB_HANDSHAKE_START, 1);
-
-            /* s->version=TLS1_VERSION; */
-            s->type = SSL_ST_CONNECT;
-
-            if (s->init_buf == NULL) {
-                if ((buf = BUF_MEM_new()) == NULL) {
-                    ret = -1;
-                    goto end;
-                }
-                if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
-                    ret = -1;
-                    goto end;
-                }
-                s->init_buf = buf;
-                buf = NULL;
-            }
-
-            if (!ssl3_setup_buffers(s)) {
-                ret = -1;
-                goto end;
-            }
-
-            if (!ssl3_init_finished_mac(s)) {
-                ret = -1;
-                goto end;
-            }
-
-            s->state = SSL23_ST_CW_CLNT_HELLO_A;
-            s->ctx->stats.sess_connect++;
-            s->init_num = 0;
-            break;
-
-        case SSL23_ST_CW_CLNT_HELLO_A:
-        case SSL23_ST_CW_CLNT_HELLO_B:
-
-            s->shutdown = 0;
-            ret = ssl23_client_hello(s);
-            if (ret <= 0)
-                goto end;
-            s->state = SSL23_ST_CR_SRVR_HELLO_A;
-            s->init_num = 0;
-
-            break;
-
-        case SSL23_ST_CR_SRVR_HELLO_A:
-        case SSL23_ST_CR_SRVR_HELLO_B:
-            ret = ssl23_get_server_hello(s);
-            if (ret >= 0)
-                cb = NULL;
-            goto end;
-            /* break; */
-
-        default:
-            SSLerr(SSL_F_SSL23_CONNECT, SSL_R_UNKNOWN_STATE);
-            ret = -1;
-            goto end;
-            /* break; */
-        }
-
-        if (s->debug) {
-            (void)BIO_flush(s->wbio);
-        }
-
-        if ((cb != NULL) && (s->state != state)) {
-            new_state = s->state;
-            s->state = state;
-            cb(s, SSL_CB_CONNECT_LOOP, 1);
-            s->state = new_state;
-        }
-    }
- end:
-    s->in_handshake--;
-    if (buf != NULL)
-        BUF_MEM_free(buf);
-    if (cb != NULL)
-        cb(s, SSL_CB_CONNECT_EXIT, ret);
-    return (ret);
-}
-
-static int ssl23_no_ssl2_ciphers(SSL *s)
-{
-    SSL_CIPHER *cipher;
-    STACK_OF(SSL_CIPHER) *ciphers;
-    int i;
-    ciphers = SSL_get_ciphers(s);
-    for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
-        cipher = sk_SSL_CIPHER_value(ciphers, i);
-        if (cipher->algorithm_ssl == SSL_SSLV2)
-            return 0;
-    }
-    return 1;
-}
-
-/*
- * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
- * failure, 1 on success.
- */
-int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len)
-{
-    int send_time = 0;
-    if (len < 4)
-        return 0;
-    if (server)
-        send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
-    else
-        send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
-    if (send_time) {
-        unsigned long Time = (unsigned long)time(NULL);
-        unsigned char *p = result;
-        l2n(Time, p);
-        return RAND_bytes(p, len - 4);
-    } else
-        return RAND_bytes(result, len);
-}
-
-static int ssl23_client_hello(SSL *s)
-{
-    unsigned char *buf;
-    unsigned char *p, *d;
-    int i, ch_len;
-    unsigned long l;
-    int ssl2_compat;
-    int version = 0, version_major, version_minor;
-    int al = 0;
-#ifndef OPENSSL_NO_COMP
-    int j;
-    SSL_COMP *comp;
-#endif
-    int ret;
-    unsigned long mask, options = s->options;
-
-    ssl2_compat = (options & SSL_OP_NO_SSLv2) ? 0 : 1;
-
-    if (ssl2_compat && ssl23_no_ssl2_ciphers(s))
-        ssl2_compat = 0;
-
-    /*
-     * SSL_OP_NO_X disables all protocols above X *if* there are
-     * some protocols below X enabled. This is required in order
-     * to maintain "version capability" vector contiguous. So
-     * that if application wants to disable TLS1.0 in favour of
-     * TLS1>=1, it would be insufficient to pass SSL_NO_TLSv1, the
-     * answer is SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2.
-     */
-    mask = SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1
-#if !defined(OPENSSL_NO_SSL3)
-        | SSL_OP_NO_SSLv3
-#endif
-#if !defined(OPENSSL_NO_SSL2)
-        | (ssl2_compat ? SSL_OP_NO_SSLv2 : 0)
-#endif
-        ;
-#if !defined(OPENSSL_NO_TLS1_2_CLIENT)
-    version = TLS1_2_VERSION;
-
-    if ((options & SSL_OP_NO_TLSv1_2) && (options & mask) != mask)
-        version = TLS1_1_VERSION;
-#else
-    version = TLS1_1_VERSION;
-#endif
-    mask &= ~SSL_OP_NO_TLSv1_1;
-    if ((options & SSL_OP_NO_TLSv1_1) && (options & mask) != mask)
-        version = TLS1_VERSION;
-    mask &= ~SSL_OP_NO_TLSv1;
-#if !defined(OPENSSL_NO_SSL3)
-    if ((options & SSL_OP_NO_TLSv1) && (options & mask) != mask)
-        version = SSL3_VERSION;
-    mask &= ~SSL_OP_NO_SSLv3;
-#endif
-#if !defined(OPENSSL_NO_SSL2)
-    if ((options & SSL_OP_NO_SSLv3) && (options & mask) != mask)
-        version = SSL2_VERSION;
-#endif
-
-#ifndef OPENSSL_NO_TLSEXT
-    if (version != SSL2_VERSION) {
-        /*
-         * have to disable SSL 2.0 compatibility if we need TLS extensions
-         */
-
-        if (s->tlsext_hostname != NULL)
-            ssl2_compat = 0;
-        if (s->tlsext_status_type != -1)
-            ssl2_compat = 0;
-# ifdef TLSEXT_TYPE_opaque_prf_input
-        if (s->ctx->tlsext_opaque_prf_input_callback != 0
-            || s->tlsext_opaque_prf_input != NULL)
-            ssl2_compat = 0;
-# endif
-        if (s->cert->cli_ext.meths_count != 0)
-            ssl2_compat = 0;
-    }
-#endif
-
-    buf = (unsigned char *)s->init_buf->data;
-    if (s->state == SSL23_ST_CW_CLNT_HELLO_A) {
-        /*
-         * Since we're sending s23 client hello, we're not reusing a session, as
-         * we'd be using the method from the saved session instead
-         */
-        if (!ssl_get_new_session(s, 0)) {
-            return -1;
-        }
-
-        p = s->s3->client_random;
-        if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0)
-            return -1;
-
-        if (version == TLS1_2_VERSION) {
-            version_major = TLS1_2_VERSION_MAJOR;
-            version_minor = TLS1_2_VERSION_MINOR;
-        } else if (tls1_suiteb(s)) {
-            SSLerr(SSL_F_SSL23_CLIENT_HELLO,
-                   SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE);
-            return -1;
-        } else if (version == TLS1_1_VERSION) {
-            version_major = TLS1_1_VERSION_MAJOR;
-            version_minor = TLS1_1_VERSION_MINOR;
-        } else if (version == TLS1_VERSION) {
-            version_major = TLS1_VERSION_MAJOR;
-            version_minor = TLS1_VERSION_MINOR;
-        }
-#ifdef OPENSSL_FIPS
-        else if (FIPS_mode()) {
-            SSLerr(SSL_F_SSL23_CLIENT_HELLO,
-                   SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
-            return -1;
-        }
-#endif
-        else if (version == SSL3_VERSION) {
-            version_major = SSL3_VERSION_MAJOR;
-            version_minor = SSL3_VERSION_MINOR;
-        } else if (version == SSL2_VERSION) {
-            version_major = SSL2_VERSION_MAJOR;
-            version_minor = SSL2_VERSION_MINOR;
-        } else {
-            SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_NO_PROTOCOLS_AVAILABLE);
-            return (-1);
-        }
-
-        s->client_version = version;
-
-        if (ssl2_compat) {
-            /* create SSL 2.0 compatible Client Hello */
-
-            /* two byte record header will be written last */
-            d = &(buf[2]);
-            p = d + 9;          /* leave space for message type, version,
-                                 * individual length fields */
-
-            *(d++) = SSL2_MT_CLIENT_HELLO;
-            *(d++) = version_major;
-            *(d++) = version_minor;
-
-            /* Ciphers supported */
-            i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), p, 0);
-            if (i == 0) {
-                /* no ciphers */
-                SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE);
-                return -1;
-            }
-            s2n(i, d);
-            p += i;
-
-            /*
-             * put in the session-id length (zero since there is no reuse)
-             */
-            s2n(0, d);
-
-            if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
-                ch_len = SSL2_CHALLENGE_LENGTH;
-            else
-                ch_len = SSL2_MAX_CHALLENGE_LENGTH;
-
-            /* write out sslv2 challenge */
-            /*
-             * Note that ch_len must be <= SSL3_RANDOM_SIZE (32), because it
-             * is one of SSL2_MAX_CHALLENGE_LENGTH (32) or
-             * SSL2_MAX_CHALLENGE_LENGTH (16), but leave the check in for
-             * futurproofing
-             */
-            if (SSL3_RANDOM_SIZE < ch_len)
-                i = SSL3_RANDOM_SIZE;
-            else
-                i = ch_len;
-            s2n(i, d);
-            memset(&(s->s3->client_random[0]), 0, SSL3_RANDOM_SIZE);
-            if (RAND_bytes (&(s->s3->client_random[SSL3_RANDOM_SIZE - i]), i)
-                    <= 0)
-                return -1;
-
-            memcpy(p, &(s->s3->client_random[SSL3_RANDOM_SIZE - i]), i);
-            p += i;
-
-            i = p - &(buf[2]);
-            buf[0] = ((i >> 8) & 0xff) | 0x80;
-            buf[1] = (i & 0xff);
-
-            /* number of bytes to write */
-            s->init_num = i + 2;
-            s->init_off = 0;
-
-            ssl3_finish_mac(s, &(buf[2]), i);
-        } else {
-            /* create Client Hello in SSL 3.0/TLS 1.0 format */
-
-            /*
-             * do the record header (5 bytes) and handshake message header (4
-             * bytes) last
-             */
-            d = p = &(buf[9]);
-
-            *(p++) = version_major;
-            *(p++) = version_minor;
-
-            /* Random stuff */
-            memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
-            p += SSL3_RANDOM_SIZE;
-
-            /* Session ID (zero since there is no reuse) */
-            *(p++) = 0;
-
-            /* Ciphers supported (using SSL 3.0/TLS 1.0 format) */
-            i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]),
-                                         ssl3_put_cipher_by_char);
-            if (i == 0) {
-                SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE);
-                return -1;
-            }
-#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH
-            /*
-             * Some servers hang if client hello > 256 bytes as hack
-             * workaround chop number of supported ciphers to keep it well
-             * below this if we use TLS v1.2
-             */
-            if (TLS1_get_version(s) >= TLS1_2_VERSION
-                && i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH)
-                i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1;
-#endif
-            s2n(i, p);
-            p += i;
-
-            /* COMPRESSION */
-#ifdef OPENSSL_NO_COMP
-            *(p++) = 1;
-#else
-            if ((s->options & SSL_OP_NO_COMPRESSION)
-                || !s->ctx->comp_methods)
-                j = 0;
-            else
-                j = sk_SSL_COMP_num(s->ctx->comp_methods);
-            *(p++) = 1 + j;
-            for (i = 0; i < j; i++) {
-                comp = sk_SSL_COMP_value(s->ctx->comp_methods, i);
-                *(p++) = comp->id;
-            }
-#endif
-            *(p++) = 0;         /* Add the NULL method */
-
-#ifndef OPENSSL_NO_TLSEXT
-            /* TLS extensions */
-            if (ssl_prepare_clienthello_tlsext(s) <= 0) {
-                SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT);
-                return -1;
-            }
-            if ((p =
-                 ssl_add_clienthello_tlsext(s, p,
-                                            buf + SSL3_RT_MAX_PLAIN_LENGTH,
-                                            &al)) == NULL) {
-                ssl3_send_alert(s, SSL3_AL_FATAL, al);
-                SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
-                return -1;
-            }
-#endif
-
-            l = p - d;
-
-            /* fill in 4-byte handshake header */
-            d = &(buf[5]);
-            *(d++) = SSL3_MT_CLIENT_HELLO;
-            l2n3(l, d);
-
-            l += 4;
-
-            if (l > SSL3_RT_MAX_PLAIN_LENGTH) {
-                SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
-                return -1;
-            }
-
-            /* fill in 5-byte record header */
-            d = buf;
-            *(d++) = SSL3_RT_HANDSHAKE;
-            *(d++) = version_major;
-            /*
-             * Some servers hang if we use long client hellos and a record
-             * number > TLS 1.0.
-             */
-            if (TLS1_get_client_version(s) > TLS1_VERSION)
-                *(d++) = 1;
-            else
-                *(d++) = version_minor;
-            s2n((int)l, d);
-
-            /* number of bytes to write */
-            s->init_num = p - buf;
-            s->init_off = 0;
-
-            ssl3_finish_mac(s, &(buf[5]), s->init_num - 5);
-        }
-
-        s->state = SSL23_ST_CW_CLNT_HELLO_B;
-        s->init_off = 0;
-    }
-
-    /* SSL3_ST_CW_CLNT_HELLO_B */
-    ret = ssl23_write_bytes(s);
-
-    if ((ret >= 2) && s->msg_callback) {
-        /* Client Hello has been sent; tell msg_callback */
-
-        if (ssl2_compat)
-            s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data + 2,
-                            ret - 2, s, s->msg_callback_arg);
-        else {
-            s->msg_callback(1, version, SSL3_RT_HEADER, s->init_buf->data, 5,
-                            s, s->msg_callback_arg);
-            s->msg_callback(1, version, SSL3_RT_HANDSHAKE,
-                            s->init_buf->data + 5, ret - 5, s,
-                            s->msg_callback_arg);
-        }
-    }
-
-    return ret;
-}
-
-static int ssl23_get_server_hello(SSL *s)
-{
-    char buf[8];
-    unsigned char *p;
-    int i;
-    int n;
-
-    n = ssl23_read_bytes(s, 7);
-
-    if (n != 7)
-        return (n);
-    p = s->packet;
-
-    memcpy(buf, p, n);
-
-    if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) &&
-        (p[5] == 0x00) && (p[6] == 0x02)) {
-#ifdef OPENSSL_NO_SSL2
-        SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_PROTOCOL);
-        goto err;
-#else
-        /* we are talking sslv2 */
-        /*
-         * we need to clean up the SSLv3 setup and put in the sslv2 stuff.
-         */
-        int ch_len;
-
-        if (s->options & SSL_OP_NO_SSLv2) {
-            SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_PROTOCOL);
-            goto err;
-        }
-        if (s->s2 == NULL) {
-            if (!ssl2_new(s))
-                goto err;
-        } else
-            ssl2_clear(s);
-
-        if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
-            ch_len = SSL2_CHALLENGE_LENGTH;
-        else
-            ch_len = SSL2_MAX_CHALLENGE_LENGTH;
-
-        /* write out sslv2 challenge */
-        /*
-         * Note that ch_len must be <= SSL3_RANDOM_SIZE (32), because it is
-         * one of SSL2_MAX_CHALLENGE_LENGTH (32) or SSL2_MAX_CHALLENGE_LENGTH
-         * (16), but leave the check in for futurproofing
-         */
-        i = (SSL3_RANDOM_SIZE < ch_len)
-            ? SSL3_RANDOM_SIZE : ch_len;
-        s->s2->challenge_length = i;
-        memcpy(s->s2->challenge,
-               &(s->s3->client_random[SSL3_RANDOM_SIZE - i]), i);
-
-        if (s->s3 != NULL)
-            ssl3_free(s);
-
-        if (!BUF_MEM_grow_clean(s->init_buf,
-                                SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) {
-            SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, ERR_R_BUF_LIB);
-            goto err;
-        }
-
-        s->state = SSL2_ST_GET_SERVER_HELLO_A;
-        if (!(s->client_version == SSL2_VERSION))
-            /*
-             * use special padding (SSL 3.0 draft/RFC 2246, App. E.2)
-             */
-            s->s2->ssl2_rollback = 1;
-
-        /*
-         * setup the 7 bytes we have read so we get them from the sslv2
-         * buffer
-         */
-        s->rstate = SSL_ST_READ_HEADER;
-        s->packet_length = n;
-        s->packet = &(s->s2->rbuf[0]);
-        memcpy(s->packet, buf, n);
-        s->s2->rbuf_left = n;
-        s->s2->rbuf_offs = 0;
-
-        /* we have already written one */
-        s->s2->write_sequence = 1;
-
-        s->method = SSLv2_client_method();
-        s->handshake_func = s->method->ssl_connect;
-#endif
-    } else if (p[1] == SSL3_VERSION_MAJOR &&
-               p[2] <= TLS1_2_VERSION_MINOR &&
-               ((p[0] == SSL3_RT_HANDSHAKE && p[5] == SSL3_MT_SERVER_HELLO) ||
-                (p[0] == SSL3_RT_ALERT && p[3] == 0 && p[4] == 2))) {
-        /* we have sslv3 or tls1 (server hello or alert) */
-
-#ifndef OPENSSL_NO_SSL3
-        if ((p[2] == SSL3_VERSION_MINOR) && !(s->options & SSL_OP_NO_SSLv3)) {
-# ifdef OPENSSL_FIPS
-            if (FIPS_mode()) {
-                SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
-                       SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
-                goto err;
-            }
-# endif
-            s->version = SSL3_VERSION;
-            s->method = SSLv3_client_method();
-        } else
-#endif
-        if ((p[2] == TLS1_VERSION_MINOR) && !(s->options & SSL_OP_NO_TLSv1)) {
-            s->version = TLS1_VERSION;
-            s->method = TLSv1_client_method();
-        } else if ((p[2] == TLS1_1_VERSION_MINOR) &&
-                   !(s->options & SSL_OP_NO_TLSv1_1)) {
-            s->version = TLS1_1_VERSION;
-            s->method = TLSv1_1_client_method();
-        } else if ((p[2] == TLS1_2_VERSION_MINOR) &&
-                   !(s->options & SSL_OP_NO_TLSv1_2)) {
-            s->version = TLS1_2_VERSION;
-            s->method = TLSv1_2_client_method();
-        } else {
-            /*
-             * Unrecognised version, we'll send a protocol version alert using
-             * our preferred version.
-             */
-            switch(s->client_version) {
-            default:
-                /*
-                 * Shouldn't happen
-                 * Fall through
-                 */
-            case TLS1_2_VERSION:
-                s->version = TLS1_2_VERSION;
-                s->method = TLSv1_2_client_method();
-                break;
-            case TLS1_1_VERSION:
-                s->version = TLS1_1_VERSION;
-                s->method = TLSv1_1_client_method();
-                break;
-            case TLS1_VERSION:
-                s->version = TLS1_VERSION;
-                s->method = TLSv1_client_method();
-                break;
-#ifndef OPENSSL_NO_SSL3
-            case SSL3_VERSION:
-                s->version = SSL3_VERSION;
-                s->method = SSLv3_client_method();
-                break;
-#endif
-            }
-            SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_PROTOCOL);
-            ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_PROTOCOL_VERSION);
-            goto err;
-        }
-
-        s->session->ssl_version = s->version;
-
-        /* ensure that TLS_MAX_VERSION is up-to-date */
-        OPENSSL_assert(s->version <= TLS_MAX_VERSION);
-
-        if (p[0] == SSL3_RT_ALERT && p[5] != SSL3_AL_WARNING) {
-            /* fatal alert */
-
-            void (*cb) (const SSL *ssl, int type, int val) = NULL;
-            int j;
-
-            if (s->info_callback != NULL)
-                cb = s->info_callback;
-            else if (s->ctx->info_callback != NULL)
-                cb = s->ctx->info_callback;
-
-            i = p[5];
-            if (cb != NULL) {
-                j = (i << 8) | p[6];
-                cb(s, SSL_CB_READ_ALERT, j);
-            }
-
-            if (s->msg_callback) {
-                s->msg_callback(0, s->version, SSL3_RT_HEADER, p, 5, s,
-                                s->msg_callback_arg);
-                s->msg_callback(0, s->version, SSL3_RT_ALERT, p + 5, 2, s,
-                                s->msg_callback_arg);
-            }
-
-            s->rwstate = SSL_NOTHING;
-            SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_AD_REASON_OFFSET + p[6]);
-            goto err;
-        }
-
-        if (!ssl_init_wbio_buffer(s, 1))
-            goto err;
-
-        /* we are in this state */
-        s->state = SSL3_ST_CR_SRVR_HELLO_A;
-
-        /*
-         * put the 7 bytes we have read into the input buffer for SSLv3
-         */
-        s->rstate = SSL_ST_READ_HEADER;
-        s->packet_length = n;
-        if (s->s3->rbuf.buf == NULL)
-            if (!ssl3_setup_read_buffer(s))
-                goto err;
-        s->packet = &(s->s3->rbuf.buf[0]);
-        memcpy(s->packet, buf, n);
-        s->s3->rbuf.left = n;
-        s->s3->rbuf.offset = 0;
-
-        s->handshake_func = s->method->ssl_connect;
-    } else {
-        SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_UNKNOWN_PROTOCOL);
-        goto err;
-    }
-    s->init_num = 0;
-
-    return (SSL_connect(s));
- err:
-    return (-1);
-}
diff --git a/freebsd/crypto/openssl/ssl/s23_lib.c b/freebsd/crypto/openssl/ssl/s23_lib.c
deleted file mode 100644
index e69d7cbc..00000000
--- a/freebsd/crypto/openssl/ssl/s23_lib.c
+++ /dev/null
@@ -1,187 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* ssl/s23_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/objects.h>
-#include "ssl_locl.h"
-
-long ssl23_default_timeout(void)
-{
-    return (300);
-}
-
-int ssl23_num_ciphers(void)
-{
-    return (ssl3_num_ciphers()
-#ifndef OPENSSL_NO_SSL2
-            + ssl2_num_ciphers()
-#endif
-        );
-}
-
-const SSL_CIPHER *ssl23_get_cipher(unsigned int u)
-{
-    unsigned int uu = ssl3_num_ciphers();
-
-    if (u < uu)
-        return (ssl3_get_cipher(u));
-    else
-#ifndef OPENSSL_NO_SSL2
-        return (ssl2_get_cipher(u - uu));
-#else
-        return (NULL);
-#endif
-}
-
-/*
- * This function needs to check if the ciphers required are actually
- * available
- */
-const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p)
-{
-    const SSL_CIPHER *cp;
-
-    cp = ssl3_get_cipher_by_char(p);
-#ifndef OPENSSL_NO_SSL2
-    if (cp == NULL)
-        cp = ssl2_get_cipher_by_char(p);
-#endif
-    return (cp);
-}
-
-int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
-{
-    long l;
-
-    /* We can write SSLv2 and SSLv3 ciphers */
-    /* but no ECC ciphers */
-    if (c->algorithm_mkey == SSL_kECDHr ||
-        c->algorithm_mkey == SSL_kECDHe ||
-        c->algorithm_mkey == SSL_kEECDH ||
-        c->algorithm_auth == SSL_aECDH || c->algorithm_auth == SSL_aECDSA)
-        return 0;
-    if (p != NULL) {
-        l = c->id;
-        p[0] = ((unsigned char)(l >> 16L)) & 0xFF;
-        p[1] = ((unsigned char)(l >> 8L)) & 0xFF;
-        p[2] = ((unsigned char)(l)) & 0xFF;
-    }
-    return (3);
-}
-
-int ssl23_read(SSL *s, void *buf, int len)
-{
-    int n;
-
-    clear_sys_error();
-    if (SSL_in_init(s) && (!s->in_handshake)) {
-        n = s->handshake_func(s);
-        if (n < 0)
-            return (n);
-        if (n == 0) {
-            SSLerr(SSL_F_SSL23_READ, SSL_R_SSL_HANDSHAKE_FAILURE);
-            return (-1);
-        }
-        return (SSL_read(s, buf, len));
-    } else {
-        ssl_undefined_function(s);
-        return (-1);
-    }
-}
-
-int ssl23_peek(SSL *s, void *buf, int len)
-{
-    int n;
-
-    clear_sys_error();
-    if (SSL_in_init(s) && (!s->in_handshake)) {
-        n = s->handshake_func(s);
-        if (n < 0)
-            return (n);
-        if (n == 0) {
-            SSLerr(SSL_F_SSL23_PEEK, SSL_R_SSL_HANDSHAKE_FAILURE);
-            return (-1);
-        }
-        return (SSL_peek(s, buf, len));
-    } else {
-        ssl_undefined_function(s);
-        return (-1);
-    }
-}
-
-int ssl23_write(SSL *s, const void *buf, int len)
-{
-    int n;
-
-    clear_sys_error();
-    if (SSL_in_init(s) && (!s->in_handshake)) {
-        n = s->handshake_func(s);
-        if (n < 0)
-            return (n);
-        if (n == 0) {
-            SSLerr(SSL_F_SSL23_WRITE, SSL_R_SSL_HANDSHAKE_FAILURE);
-            return (-1);
-        }
-        return (SSL_write(s, buf, len));
-    } else {
-        ssl_undefined_function(s);
-        return (-1);
-    }
-}
diff --git a/freebsd/crypto/openssl/ssl/s23_meth.c b/freebsd/crypto/openssl/ssl/s23_meth.c
deleted file mode 100644
index dd992a1d..00000000
--- a/freebsd/crypto/openssl/ssl/s23_meth.c
+++ /dev/null
@@ -1,91 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* ssl/s23_meth.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/objects.h>
-#include "ssl_locl.h"
-
-static const SSL_METHOD *ssl23_get_method(int ver);
-static const SSL_METHOD *ssl23_get_method(int ver)
-{
-#ifndef OPENSSL_NO_SSL2
-    if (ver == SSL2_VERSION)
-        return (SSLv2_method());
-    else
-#endif
-#ifndef OPENSSL_NO_SSL3
-    if (ver == SSL3_VERSION)
-        return (SSLv3_method());
-    else
-#endif
-#ifndef OPENSSL_NO_TLS1
-    if (ver == TLS1_VERSION)
-        return (TLSv1_method());
-    else if (ver == TLS1_1_VERSION)
-        return (TLSv1_1_method());
-    else if (ver == TLS1_2_VERSION)
-        return (TLSv1_2_method());
-    else
-#endif
-        return (NULL);
-}
-
-IMPLEMENT_ssl23_meth_func(SSLv23_method,
-                          ssl23_accept, ssl23_connect, ssl23_get_method)
diff --git a/freebsd/crypto/openssl/ssl/s23_pkt.c b/freebsd/crypto/openssl/ssl/s23_pkt.c
deleted file mode 100644
index 1f84c32a..00000000
--- a/freebsd/crypto/openssl/ssl/s23_pkt.c
+++ /dev/null
@@ -1,121 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* ssl/s23_pkt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#define USE_SOCKETS
-#include "ssl_locl.h"
-#include <openssl/evp.h>
-#include <openssl/buffer.h>
-
-/*
- * Return values are as per SSL_write()
- */
-int ssl23_write_bytes(SSL *s)
-{
-    int i, num, tot;
-    char *buf;
-
-    buf = s->init_buf->data;
-    tot = s->init_off;
-    num = s->init_num;
-    for (;;) {
-        s->rwstate = SSL_WRITING;
-        i = BIO_write(s->wbio, &(buf[tot]), num);
-        if (i <= 0) {
-            s->init_off = tot;
-            s->init_num = num;
-            return i;
-        }
-        s->rwstate = SSL_NOTHING;
-        if (i == num)
-            return (tot + i);
-
-        num -= i;
-        tot += i;
-    }
-}
-
-/* return regularly only when we have read (at least) 'n' bytes
- *
- * Return values are as per SSL_read()
- */
-int ssl23_read_bytes(SSL *s, int n)
-{
-    unsigned char *p;
-    int j;
-
-    if (s->packet_length < (unsigned int)n) {
-        p = s->packet;
-
-        for (;;) {
-            s->rwstate = SSL_READING;
-            j = BIO_read(s->rbio, (char *)&(p[s->packet_length]),
-                         n - s->packet_length);
-            if (j <= 0)
-                return j;
-            s->rwstate = SSL_NOTHING;
-            s->packet_length += j;
-            if (s->packet_length >= (unsigned int)n)
-                return (s->packet_length);
-        }
-    }
-    return (n);
-}
diff --git a/freebsd/crypto/openssl/ssl/s23_srvr.c b/freebsd/crypto/openssl/ssl/s23_srvr.c
deleted file mode 100644
index 1929962b..00000000
--- a/freebsd/crypto/openssl/ssl/s23_srvr.c
+++ /dev/null
@@ -1,657 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* ssl/s23_srvr.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#ifdef OPENSSL_FIPS
-# include <openssl/fips.h>
-#endif
-
-static const SSL_METHOD *ssl23_get_server_method(int ver);
-int ssl23_get_client_hello(SSL *s);
-static const SSL_METHOD *ssl23_get_server_method(int ver)
-{
-#ifndef OPENSSL_NO_SSL2
-    if (ver == SSL2_VERSION)
-        return (SSLv2_server_method());
-#endif
-#ifndef OPENSSL_NO_SSL3
-    if (ver == SSL3_VERSION)
-        return (SSLv3_server_method());
-#endif
-    if (ver == TLS1_VERSION)
-        return (TLSv1_server_method());
-    else if (ver == TLS1_1_VERSION)
-        return (TLSv1_1_server_method());
-    else if (ver == TLS1_2_VERSION)
-        return (TLSv1_2_server_method());
-    else
-        return (NULL);
-}
-
-IMPLEMENT_ssl23_meth_func(SSLv23_server_method,
-                          ssl23_accept,
-                          ssl_undefined_function, ssl23_get_server_method)
-
-int ssl23_accept(SSL *s)
-{
-    BUF_MEM *buf;
-    unsigned long Time = (unsigned long)time(NULL);
-    void (*cb) (const SSL *ssl, int type, int val) = NULL;
-    int ret = -1;
-    int new_state, state;
-
-    RAND_add(&Time, sizeof(Time), 0);
-    ERR_clear_error();
-    clear_sys_error();
-
-    if (s->info_callback != NULL)
-        cb = s->info_callback;
-    else if (s->ctx->info_callback != NULL)
-        cb = s->ctx->info_callback;
-
-    s->in_handshake++;
-    if (!SSL_in_init(s) || SSL_in_before(s))
-        SSL_clear(s);
-
-    for (;;) {
-        state = s->state;
-
-        switch (s->state) {
-        case SSL_ST_BEFORE:
-        case SSL_ST_ACCEPT:
-        case SSL_ST_BEFORE | SSL_ST_ACCEPT:
-        case SSL_ST_OK | SSL_ST_ACCEPT:
-
-            s->server = 1;
-            if (cb != NULL)
-                cb(s, SSL_CB_HANDSHAKE_START, 1);
-
-            /* s->version=SSL3_VERSION; */
-            s->type = SSL_ST_ACCEPT;
-
-            if (s->init_buf == NULL) {
-                if ((buf = BUF_MEM_new()) == NULL) {
-                    ret = -1;
-                    goto end;
-                }
-                if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
-                    BUF_MEM_free(buf);
-                    ret = -1;
-                    goto end;
-                }
-                s->init_buf = buf;
-            }
-
-            if (!ssl3_init_finished_mac(s)) {
-                ret = -1;
-                goto end;
-            }
-
-            s->state = SSL23_ST_SR_CLNT_HELLO_A;
-            s->ctx->stats.sess_accept++;
-            s->init_num = 0;
-            break;
-
-        case SSL23_ST_SR_CLNT_HELLO_A:
-        case SSL23_ST_SR_CLNT_HELLO_B:
-
-            s->shutdown = 0;
-            ret = ssl23_get_client_hello(s);
-            if (ret >= 0)
-                cb = NULL;
-            goto end;
-            /* break; */
-
-        default:
-            SSLerr(SSL_F_SSL23_ACCEPT, SSL_R_UNKNOWN_STATE);
-            ret = -1;
-            goto end;
-            /* break; */
-        }
-
-        if ((cb != NULL) && (s->state != state)) {
-            new_state = s->state;
-            s->state = state;
-            cb(s, SSL_CB_ACCEPT_LOOP, 1);
-            s->state = new_state;
-        }
-    }
- end:
-    s->in_handshake--;
-    if (cb != NULL)
-        cb(s, SSL_CB_ACCEPT_EXIT, ret);
-    return (ret);
-}
-
-int ssl23_get_client_hello(SSL *s)
-{
-    /*-
-     * Request this many bytes in initial read.
-     * We can detect SSL 3.0/TLS 1.0 Client Hellos
-     * ('type == 3') correctly only when the following
-     * is in a single record, which is not guaranteed by
-     * the protocol specification:
-     * Byte  Content
-     *  0     type            \
-     *  1/2   version          > record header
-     *  3/4   length          /
-     *  5     msg_type        \
-     *  6-8   length           > Client Hello message
-     *  9/10  client_version  /
-     */
-    char buf_space[11];
-    char *buf = &(buf_space[0]);
-    unsigned char *p, *d, *d_len, *dd;
-    unsigned int i;
-    unsigned int csl, sil, cl;
-    int n = 0, j;
-    int type = 0;
-    int v[2];
-
-    if (s->state == SSL23_ST_SR_CLNT_HELLO_A) {
-        /* read the initial header */
-        v[0] = v[1] = 0;
-
-        if (!ssl3_setup_buffers(s))
-            goto err;
-
-        n = ssl23_read_bytes(s, sizeof(buf_space));
-        if (n != sizeof(buf_space))
-            return (n);         /* n == -1 || n == 0 */
-
-        p = s->packet;
-
-        memcpy(buf, p, n);
-
-        if ((p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO)) {
-            /*
-             * SSLv2 header
-             */
-            if ((p[3] == 0x00) && (p[4] == 0x02)) {
-                v[0] = p[3];
-                v[1] = p[4];
-                /* SSLv2 */
-                if (!(s->options & SSL_OP_NO_SSLv2))
-                    type = 1;
-            } else if (p[3] == SSL3_VERSION_MAJOR) {
-                v[0] = p[3];
-                v[1] = p[4];
-                /* SSLv3/TLSv1 */
-                if (p[4] >= TLS1_VERSION_MINOR) {
-                    if (p[4] >= TLS1_2_VERSION_MINOR &&
-                        !(s->options & SSL_OP_NO_TLSv1_2)) {
-                        s->version = TLS1_2_VERSION;
-                        s->state = SSL23_ST_SR_CLNT_HELLO_B;
-                    } else if (p[4] >= TLS1_1_VERSION_MINOR &&
-                               !(s->options & SSL_OP_NO_TLSv1_1)) {
-                        s->version = TLS1_1_VERSION;
-                        /*
-                         * type=2;
-                         *//*
-                         * done later to survive restarts
-                         */
-                        s->state = SSL23_ST_SR_CLNT_HELLO_B;
-                    } else if (!(s->options & SSL_OP_NO_TLSv1)) {
-                        s->version = TLS1_VERSION;
-                        /*
-                         * type=2;
-                         *//*
-                         * done later to survive restarts
-                         */
-                        s->state = SSL23_ST_SR_CLNT_HELLO_B;
-                    } else if (!(s->options & SSL_OP_NO_SSLv3)) {
-                        s->version = SSL3_VERSION;
-                        /* type=2; */
-                        s->state = SSL23_ST_SR_CLNT_HELLO_B;
-                    } else if (!(s->options & SSL_OP_NO_SSLv2)) {
-                        type = 1;
-                    }
-                } else if (!(s->options & SSL_OP_NO_SSLv3)) {
-                    s->version = SSL3_VERSION;
-                    /* type=2; */
-                    s->state = SSL23_ST_SR_CLNT_HELLO_B;
-                } else if (!(s->options & SSL_OP_NO_SSLv2))
-                    type = 1;
-
-            }
-        }
-        /* p[4] < 5 ... silly record length? */
-        else if ((p[0] == SSL3_RT_HANDSHAKE) &&
-                 (p[1] == SSL3_VERSION_MAJOR) &&
-                 (p[5] == SSL3_MT_CLIENT_HELLO) && ((p[3] == 0 && p[4] < 5)
-                                                    || (p[9] >= p[1]))) {
-            /*
-             * SSLv3 or tls1 header
-             */
-
-            v[0] = p[1];        /* major version (= SSL3_VERSION_MAJOR) */
-            /*
-             * We must look at client_version inside the Client Hello message
-             * to get the correct minor version. However if we have only a
-             * pathologically small fragment of the Client Hello message, this
-             * would be difficult, and we'd have to read more records to find
-             * out. No known SSL 3.0 client fragments ClientHello like this,
-             * so we simply reject such connections to avoid protocol version
-             * downgrade attacks.
-             */
-            if (p[3] == 0 && p[4] < 6) {
-                SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_RECORD_TOO_SMALL);
-                goto err;
-            }
-            /*
-             * if major version number > 3 set minor to a value which will
-             * use the highest version 3 we support. If TLS 2.0 ever appears
-             * we will need to revise this....
-             */
-            if (p[9] > SSL3_VERSION_MAJOR)
-                v[1] = 0xff;
-            else
-                v[1] = p[10];   /* minor version according to client_version */
-            if (v[1] >= TLS1_VERSION_MINOR) {
-                if (v[1] >= TLS1_2_VERSION_MINOR &&
-                    !(s->options & SSL_OP_NO_TLSv1_2)) {
-                    s->version = TLS1_2_VERSION;
-                    type = 3;
-                } else if (v[1] >= TLS1_1_VERSION_MINOR &&
-                           !(s->options & SSL_OP_NO_TLSv1_1)) {
-                    s->version = TLS1_1_VERSION;
-                    type = 3;
-                } else if (!(s->options & SSL_OP_NO_TLSv1)) {
-                    s->version = TLS1_VERSION;
-                    type = 3;
-                } else if (!(s->options & SSL_OP_NO_SSLv3)) {
-                    s->version = SSL3_VERSION;
-                    type = 3;
-                }
-            } else {
-                /* client requests SSL 3.0 */
-                if (!(s->options & SSL_OP_NO_SSLv3)) {
-                    s->version = SSL3_VERSION;
-                    type = 3;
-                } else if (!(s->options & SSL_OP_NO_TLSv1)) {
-                    /*
-                     * we won't be able to use TLS of course, but this will
-                     * send an appropriate alert
-                     */
-                    s->version = TLS1_VERSION;
-                    type = 3;
-                }
-            }
-        } else if ((strncmp("GET ", (char *)p, 4) == 0) ||
-                   (strncmp("POST ", (char *)p, 5) == 0) ||
-                   (strncmp("HEAD ", (char *)p, 5) == 0) ||
-                   (strncmp("PUT ", (char *)p, 4) == 0)) {
-            SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_HTTP_REQUEST);
-            goto err;
-        } else if (strncmp("CONNECT", (char *)p, 7) == 0) {
-            SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_HTTPS_PROXY_REQUEST);
-            goto err;
-        }
-    }
-
-    /* ensure that TLS_MAX_VERSION is up-to-date */
-    OPENSSL_assert(s->version <= TLS_MAX_VERSION);
-
-    if (s->version < TLS1_2_VERSION && tls1_suiteb(s)) {
-        SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
-               SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE);
-        goto err;
-    }
-#ifdef OPENSSL_FIPS
-    if (FIPS_mode() && (s->version < TLS1_VERSION)) {
-        SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
-               SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
-        goto err;
-    }
-#endif
-
-    if (s->state == SSL23_ST_SR_CLNT_HELLO_B) {
-        /*
-         * we have SSLv3/TLSv1 in an SSLv2 header (other cases skip this
-         * state)
-         */
-
-        type = 2;
-        p = s->packet;
-        v[0] = p[3];            /* == SSL3_VERSION_MAJOR */
-        v[1] = p[4];
-
-        /*-
-         * An SSLv3/TLSv1 backwards-compatible CLIENT-HELLO in an SSLv2
-         * header is sent directly on the wire, not wrapped as a TLS
-         * record. It's format is:
-         * Byte  Content
-         * 0-1   msg_length
-         * 2     msg_type
-         * 3-4   version
-         * 5-6   cipher_spec_length
-         * 7-8   session_id_length
-         * 9-10  challenge_length
-         * ...   ...
-         */
-        n = ((p[0] & 0x7f) << 8) | p[1];
-        if (n > (1024 * 4)) {
-            SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_RECORD_TOO_LARGE);
-            goto err;
-        }
-        if (n < 9) {
-            SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
-                   SSL_R_RECORD_LENGTH_MISMATCH);
-            goto err;
-        }
-
-        j = ssl23_read_bytes(s, n + 2);
-        /*
-         * We previously read 11 bytes, so if j > 0, we must have j == n+2 ==
-         * s->packet_length. We have at least 11 valid packet bytes.
-         */
-        if (j <= 0)
-            return (j);
-
-        ssl3_finish_mac(s, s->packet + 2, s->packet_length - 2);
-
-        /* CLIENT-HELLO */
-        if (s->msg_callback)
-            s->msg_callback(0, SSL2_VERSION, 0, s->packet + 2,
-                            s->packet_length - 2, s, s->msg_callback_arg);
-
-        p = s->packet;
-        p += 5;
-        n2s(p, csl);
-        n2s(p, sil);
-        n2s(p, cl);
-        d = (unsigned char *)s->init_buf->data;
-        if ((csl + sil + cl + 11) != s->packet_length) { /* We can't have TLS
-                                                          * extensions in SSL
-                                                          * 2.0 format *
-                                                          * Client Hello, can
-                                                          * we? Error
-                                                          * condition should
-                                                          * be * '>'
-                                                          * otherweise */
-            SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
-                   SSL_R_RECORD_LENGTH_MISMATCH);
-            goto err;
-        }
-
-        /* record header: msg_type ... */
-        *(d++) = SSL3_MT_CLIENT_HELLO;
-        /* ... and length (actual value will be written later) */
-        d_len = d;
-        d += 3;
-
-        /* client_version */
-        *(d++) = SSL3_VERSION_MAJOR; /* == v[0] */
-        *(d++) = v[1];
-
-        /* lets populate the random area */
-        /* get the challenge_length */
-        i = (cl > SSL3_RANDOM_SIZE) ? SSL3_RANDOM_SIZE : cl;
-        memset(d, 0, SSL3_RANDOM_SIZE);
-        memcpy(&(d[SSL3_RANDOM_SIZE - i]), &(p[csl + sil]), i);
-        d += SSL3_RANDOM_SIZE;
-
-        /* no session-id reuse */
-        *(d++) = 0;
-
-        /* ciphers */
-        j = 0;
-        dd = d;
-        d += 2;
-        for (i = 0; i < csl; i += 3) {
-            if (p[i] != 0)
-                continue;
-            *(d++) = p[i + 1];
-            *(d++) = p[i + 2];
-            j += 2;
-        }
-        s2n(j, dd);
-
-        /* COMPRESSION */
-        *(d++) = 1;
-        *(d++) = 0;
-
-#if 0
-        /* copy any remaining data with may be extensions */
-        p = p + csl + sil + cl;
-        while (p < s->packet + s->packet_length) {
-            *(d++) = *(p++);
-        }
-#endif
-
-        i = (d - (unsigned char *)s->init_buf->data) - 4;
-        l2n3((long)i, d_len);
-
-        /* get the data reused from the init_buf */
-        s->s3->tmp.reuse_message = 1;
-        s->s3->tmp.message_type = SSL3_MT_CLIENT_HELLO;
-        s->s3->tmp.message_size = i;
-    }
-
-    /* imaginary new state (for program structure): */
-    /* s->state = SSL23_SR_CLNT_HELLO_C */
-
-    if (type == 1) {
-#ifdef OPENSSL_NO_SSL2
-        SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_UNSUPPORTED_PROTOCOL);
-        goto err;
-#else
-        /* we are talking sslv2 */
-        /*
-         * we need to clean up the SSLv3/TLSv1 setup and put in the sslv2
-         * stuff.
-         */
-
-        if (s->s2 == NULL) {
-            if (!ssl2_new(s))
-                goto err;
-        } else
-            ssl2_clear(s);
-
-        if (s->s3 != NULL)
-            ssl3_free(s);
-
-        if (!BUF_MEM_grow_clean(s->init_buf,
-                                SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) {
-            goto err;
-        }
-
-        s->state = SSL2_ST_GET_CLIENT_HELLO_A;
-        if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)
-            s->s2->ssl2_rollback = 0;
-        else
-            /*
-             * reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0
-             * (SSL 3.0 draft/RFC 2246, App. E.2)
-             */
-            s->s2->ssl2_rollback = 1;
-
-        /*
-         * setup the n bytes we have read so we get them from the sslv2
-         * buffer
-         */
-        s->rstate = SSL_ST_READ_HEADER;
-        s->packet_length = n;
-        s->packet = &(s->s2->rbuf[0]);
-        memcpy(s->packet, buf, n);
-        s->s2->rbuf_left = n;
-        s->s2->rbuf_offs = 0;
-
-        s->method = SSLv2_server_method();
-        s->handshake_func = s->method->ssl_accept;
-#endif
-    }
-
-    if ((type == 2) || (type == 3)) {
-        /*
-         * we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style)
-         */
-        const SSL_METHOD *new_method;
-        new_method = ssl23_get_server_method(s->version);
-        if (new_method == NULL) {
-            SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_UNSUPPORTED_PROTOCOL);
-            goto err;
-        }
-        s->method = new_method;
-
-        if (!ssl_init_wbio_buffer(s, 1))
-            goto err;
-
-        /* we are in this state */
-        s->state = SSL3_ST_SR_CLNT_HELLO_A;
-
-        if (type == 3) {
-            /*
-             * put the 'n' bytes we have read into the input buffer for SSLv3
-             */
-            s->rstate = SSL_ST_READ_HEADER;
-            s->packet_length = n;
-            if (s->s3->rbuf.buf == NULL)
-                if (!ssl3_setup_read_buffer(s))
-                    goto err;
-
-            s->packet = &(s->s3->rbuf.buf[0]);
-            memcpy(s->packet, buf, n);
-            s->s3->rbuf.left = n;
-            s->s3->rbuf.offset = 0;
-        } else {
-            s->packet_length = 0;
-            s->s3->rbuf.left = 0;
-            s->s3->rbuf.offset = 0;
-        }
-#if 0                           /* ssl3_get_client_hello does this */
-        s->client_version = (v[0] << 8) | v[1];
-#endif
-        s->handshake_func = s->method->ssl_accept;
-    }
-
-    if ((type < 1) || (type > 3)) {
-        /* bad, very bad */
-        SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_UNKNOWN_PROTOCOL);
-        goto err;
-    }
-    s->init_num = 0;
-
-    if (buf != buf_space)
-        OPENSSL_free(buf);
-    return (SSL_accept(s));
- err:
-    if (buf != buf_space)
-        OPENSSL_free(buf);
-    return (-1);
-}
diff --git a/freebsd/crypto/openssl/ssl/s2_clnt.c b/freebsd/crypto/openssl/ssl/s2_clnt.c
deleted file mode 100644
index 32bb60a2..00000000
--- a/freebsd/crypto/openssl/ssl/s2_clnt.c
+++ /dev/null
@@ -1,1096 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* ssl/s2_clnt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "ssl_locl.h"
-#ifndef OPENSSL_NO_SSL2
-# include <stdio.h>
-# include <openssl/rand.h>
-# include <openssl/buffer.h>
-# include <openssl/objects.h>
-# include <openssl/evp.h>
-
-static const SSL_METHOD *ssl2_get_client_method(int ver);
-static int get_server_finished(SSL *s);
-static int get_server_verify(SSL *s);
-static int get_server_hello(SSL *s);
-static int client_hello(SSL *s);
-static int client_master_key(SSL *s);
-static int client_finished(SSL *s);
-static int client_certificate(SSL *s);
-static int ssl_rsa_public_encrypt(SESS_CERT *sc, int len, unsigned char *from,
-                                  unsigned char *to, int padding);
-# define BREAK   break
-
-static const SSL_METHOD *ssl2_get_client_method(int ver)
-{
-    if (ver == SSL2_VERSION)
-        return (SSLv2_client_method());
-    else
-        return (NULL);
-}
-
-IMPLEMENT_ssl2_meth_func(SSLv2_client_method,
-                         ssl_undefined_function,
-                         ssl2_connect, ssl2_get_client_method)
-
-int ssl2_connect(SSL *s)
-{
-    unsigned long l = (unsigned long)time(NULL);
-    BUF_MEM *buf = NULL;
-    int ret = -1;
-    void (*cb) (const SSL *ssl, int type, int val) = NULL;
-    int new_state, state;
-
-    RAND_add(&l, sizeof(l), 0);
-    ERR_clear_error();
-    clear_sys_error();
-
-    if (s->info_callback != NULL)
-        cb = s->info_callback;
-    else if (s->ctx->info_callback != NULL)
-        cb = s->ctx->info_callback;
-
-    /* init things to blank */
-    s->in_handshake++;
-    if (!SSL_in_init(s) || SSL_in_before(s))
-        SSL_clear(s);
-
-    for (;;) {
-        state = s->state;
-
-        switch (s->state) {
-        case SSL_ST_BEFORE:
-        case SSL_ST_CONNECT:
-        case SSL_ST_BEFORE | SSL_ST_CONNECT:
-        case SSL_ST_OK | SSL_ST_CONNECT:
-
-            s->server = 0;
-            if (cb != NULL)
-                cb(s, SSL_CB_HANDSHAKE_START, 1);
-
-            s->version = SSL2_VERSION;
-            s->type = SSL_ST_CONNECT;
-
-            buf = s->init_buf;
-            if ((buf == NULL) && ((buf = BUF_MEM_new()) == NULL)) {
-                ret = -1;
-                goto end;
-            }
-            if (!BUF_MEM_grow(buf, SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) {
-                if (buf == s->init_buf)
-                    buf = NULL;
-                ret = -1;
-                goto end;
-            }
-            s->init_buf = buf;
-            buf = NULL;
-            s->init_num = 0;
-            s->state = SSL2_ST_SEND_CLIENT_HELLO_A;
-            s->ctx->stats.sess_connect++;
-            s->handshake_func = ssl2_connect;
-            BREAK;
-
-        case SSL2_ST_SEND_CLIENT_HELLO_A:
-        case SSL2_ST_SEND_CLIENT_HELLO_B:
-            s->shutdown = 0;
-            ret = client_hello(s);
-            if (ret <= 0)
-                goto end;
-            s->init_num = 0;
-            s->state = SSL2_ST_GET_SERVER_HELLO_A;
-            BREAK;
-
-        case SSL2_ST_GET_SERVER_HELLO_A:
-        case SSL2_ST_GET_SERVER_HELLO_B:
-            ret = get_server_hello(s);
-            if (ret <= 0)
-                goto end;
-            s->init_num = 0;
-            if (!s->hit) {      /* new session */
-                s->state = SSL2_ST_SEND_CLIENT_MASTER_KEY_A;
-                BREAK;
-            } else {
-                s->state = SSL2_ST_CLIENT_START_ENCRYPTION;
-                break;
-            }
-
-        case SSL2_ST_SEND_CLIENT_MASTER_KEY_A:
-        case SSL2_ST_SEND_CLIENT_MASTER_KEY_B:
-            ret = client_master_key(s);
-            if (ret <= 0)
-                goto end;
-            s->init_num = 0;
-            s->state = SSL2_ST_CLIENT_START_ENCRYPTION;
-            break;
-
-        case SSL2_ST_CLIENT_START_ENCRYPTION:
-            /*
-             * Ok, we now have all the stuff needed to start encrypting, so
-             * lets fire it up :-)
-             */
-            if (!ssl2_enc_init(s, 1)) {
-                ret = -1;
-                goto end;
-            }
-            s->s2->clear_text = 0;
-            s->state = SSL2_ST_SEND_CLIENT_FINISHED_A;
-            break;
-
-        case SSL2_ST_SEND_CLIENT_FINISHED_A:
-        case SSL2_ST_SEND_CLIENT_FINISHED_B:
-            ret = client_finished(s);
-            if (ret <= 0)
-                goto end;
-            s->init_num = 0;
-            s->state = SSL2_ST_GET_SERVER_VERIFY_A;
-            break;
-
-        case SSL2_ST_GET_SERVER_VERIFY_A:
-        case SSL2_ST_GET_SERVER_VERIFY_B:
-            ret = get_server_verify(s);
-            if (ret <= 0)
-                goto end;
-            s->init_num = 0;
-            s->state = SSL2_ST_GET_SERVER_FINISHED_A;
-            break;
-
-        case SSL2_ST_GET_SERVER_FINISHED_A:
-        case SSL2_ST_GET_SERVER_FINISHED_B:
-            ret = get_server_finished(s);
-            if (ret <= 0)
-                goto end;
-            break;
-
-        case SSL2_ST_SEND_CLIENT_CERTIFICATE_A:
-        case SSL2_ST_SEND_CLIENT_CERTIFICATE_B:
-        case SSL2_ST_SEND_CLIENT_CERTIFICATE_C:
-        case SSL2_ST_SEND_CLIENT_CERTIFICATE_D:
-        case SSL2_ST_X509_GET_CLIENT_CERTIFICATE:
-            ret = client_certificate(s);
-            if (ret <= 0)
-                goto end;
-            s->init_num = 0;
-            s->state = SSL2_ST_GET_SERVER_FINISHED_A;
-            break;
-
-        case SSL_ST_OK:
-            if (s->init_buf != NULL) {
-                BUF_MEM_free(s->init_buf);
-                s->init_buf = NULL;
-            }
-            s->init_num = 0;
-            /*      ERR_clear_error(); */
-
-            /*
-             * If we want to cache session-ids in the client and we
-             * successfully add the session-id to the cache, and there is a
-             * callback, then pass it out. 26/11/96 - eay - only add if not a
-             * re-used session.
-             */
-
-            ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
-            if (s->hit)
-                s->ctx->stats.sess_hit++;
-
-            ret = 1;
-            /* s->server=0; */
-            s->ctx->stats.sess_connect_good++;
-
-            if (cb != NULL)
-                cb(s, SSL_CB_HANDSHAKE_DONE, 1);
-
-            goto end;
-            /* break; */
-        default:
-            SSLerr(SSL_F_SSL2_CONNECT, SSL_R_UNKNOWN_STATE);
-            return (-1);
-            /* break; */
-        }
-
-        if ((cb != NULL) && (s->state != state)) {
-            new_state = s->state;
-            s->state = state;
-            cb(s, SSL_CB_CONNECT_LOOP, 1);
-            s->state = new_state;
-        }
-    }
- end:
-    s->in_handshake--;
-    if (buf != NULL)
-        BUF_MEM_free(buf);
-    if (cb != NULL)
-        cb(s, SSL_CB_CONNECT_EXIT, ret);
-    return (ret);
-}
-
-static int get_server_hello(SSL *s)
-{
-    unsigned char *buf;
-    unsigned char *p;
-    int i, j;
-    unsigned long len;
-    STACK_OF(SSL_CIPHER) *sk = NULL, *cl, *prio, *allow;
-
-    buf = (unsigned char *)s->init_buf->data;
-    p = buf;
-    if (s->state == SSL2_ST_GET_SERVER_HELLO_A) {
-        i = ssl2_read(s, (char *)&(buf[s->init_num]), 11 - s->init_num);
-        if (i < (11 - s->init_num))
-            return (ssl2_part_read(s, SSL_F_GET_SERVER_HELLO, i));
-        s->init_num = 11;
-
-        if (*(p++) != SSL2_MT_SERVER_HELLO) {
-            if (p[-1] != SSL2_MT_ERROR) {
-                ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-                SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_READ_WRONG_PACKET_TYPE);
-            } else
-                SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_PEER_ERROR);
-            return (-1);
-        }
-# if 0
-        s->hit = (*(p++)) ? 1 : 0;
-        /*
-         * Some [PPC?] compilers fail to increment p in above statement, e.g.
-         * one provided with Rhapsody 5.5, but most recent example XL C 11.1
-         * for AIX, even without optimization flag...
-         */
-# else
-        s->hit = (*p) ? 1 : 0;
-        p++;
-# endif
-        s->s2->tmp.cert_type = *(p++);
-        n2s(p, i);
-        if (i < s->version)
-            s->version = i;
-        n2s(p, i);
-        s->s2->tmp.cert_length = i;
-        n2s(p, i);
-        s->s2->tmp.csl = i;
-        n2s(p, i);
-        s->s2->tmp.conn_id_length = i;
-        s->state = SSL2_ST_GET_SERVER_HELLO_B;
-    }
-
-    /* SSL2_ST_GET_SERVER_HELLO_B */
-    len =
-        11 + (unsigned long)s->s2->tmp.cert_length +
-        (unsigned long)s->s2->tmp.csl +
-        (unsigned long)s->s2->tmp.conn_id_length;
-    if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) {
-        SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_MESSAGE_TOO_LONG);
-        return -1;
-    }
-    j = (int)len - s->init_num;
-    i = ssl2_read(s, (char *)&(buf[s->init_num]), j);
-    if (i != j)
-        return (ssl2_part_read(s, SSL_F_GET_SERVER_HELLO, i));
-    if (s->msg_callback) {
-        /* SERVER-HELLO */
-        s->msg_callback(0, s->version, 0, buf, (size_t)len, s,
-                        s->msg_callback_arg);
-    }
-
-    /* things are looking good */
-
-    p = buf + 11;
-    if (s->hit) {
-        if (s->s2->tmp.cert_length != 0) {
-            SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_REUSE_CERT_LENGTH_NOT_ZERO);
-            return (-1);
-        }
-        if (s->s2->tmp.cert_type != 0) {
-            if (!(s->options & SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG)) {
-                SSLerr(SSL_F_GET_SERVER_HELLO,
-                       SSL_R_REUSE_CERT_TYPE_NOT_ZERO);
-                return (-1);
-            }
-        }
-        if (s->s2->tmp.csl != 0) {
-            SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_REUSE_CIPHER_LIST_NOT_ZERO);
-            return (-1);
-        }
-    } else {
-# if 0
-        /* very bad */
-        memset(s->session->session_id, 0,
-               SSL_MAX_SSL_SESSION_ID_LENGTH_IN_BYTES);
-        s->session->session_id_length = 0;
-# endif
-
-        /*
-         * we need to do this in case we were trying to reuse a client
-         * session but others are already reusing it. If this was a new
-         * 'blank' session ID, the session-id length will still be 0
-         */
-        if (s->session->session_id_length > 0) {
-            if (!ssl_get_new_session(s, 0)) {
-                ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-                return (-1);
-            }
-        }
-
-        if (ssl2_set_certificate(s, s->s2->tmp.cert_type,
-                                 s->s2->tmp.cert_length, p) <= 0) {
-            ssl2_return_error(s, SSL2_PE_BAD_CERTIFICATE);
-            return (-1);
-        }
-        p += s->s2->tmp.cert_length;
-
-        if (s->s2->tmp.csl == 0) {
-            ssl2_return_error(s, SSL2_PE_NO_CIPHER);
-            SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_NO_CIPHER_LIST);
-            return (-1);
-        }
-
-        /*
-         * We have just received a list of ciphers back from the server.  We
-         * need to get the ones that match, then select the one we want the
-         * most :-).
-         */
-
-        /* load the ciphers */
-        sk = ssl_bytes_to_cipher_list(s, p, s->s2->tmp.csl,
-                                      &s->session->ciphers);
-        p += s->s2->tmp.csl;
-        if (sk == NULL) {
-            ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-            SSLerr(SSL_F_GET_SERVER_HELLO, ERR_R_MALLOC_FAILURE);
-            return (-1);
-        }
-
-        (void)sk_SSL_CIPHER_set_cmp_func(sk, ssl_cipher_ptr_id_cmp);
-
-        /* get the array of ciphers we will accept */
-        cl = SSL_get_ciphers(s);
-        (void)sk_SSL_CIPHER_set_cmp_func(cl, ssl_cipher_ptr_id_cmp);
-
-        /*
-         * If server preference flag set, choose the first
-         * (highest priority) cipher the server sends, otherwise
-         * client preference has priority.
-         */
-        if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
-            prio = sk;
-            allow = cl;
-        } else {
-            prio = cl;
-            allow = sk;
-        }
-        /*
-         * In theory we could have ciphers sent back that we don't want to
-         * use but that does not matter since we will check against the list
-         * we originally sent and for performance reasons we should not
-         * bother to match the two lists up just to check.
-         */
-        for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
-            if (sk_SSL_CIPHER_find(allow, sk_SSL_CIPHER_value(prio, i)) >= 0)
-                break;
-        }
-
-        if (i >= sk_SSL_CIPHER_num(prio)) {
-            ssl2_return_error(s, SSL2_PE_NO_CIPHER);
-            SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_NO_CIPHER_MATCH);
-            return (-1);
-        }
-        s->session->cipher = sk_SSL_CIPHER_value(prio, i);
-
-        if (s->session->peer != NULL) { /* can't happen */
-            ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-            SSLerr(SSL_F_GET_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
-            return (-1);
-        }
-
-        s->session->peer = s->session->sess_cert->peer_key->x509;
-        /* peer_key->x509 has been set by ssl2_set_certificate. */
-        CRYPTO_add(&s->session->peer->references, 1, CRYPTO_LOCK_X509);
-    }
-
-    if (s->session->sess_cert == NULL
-        || s->session->peer != s->session->sess_cert->peer_key->x509)
-        /* can't happen */
-    {
-        ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-        SSLerr(SSL_F_GET_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
-        return (-1);
-    }
-
-    s->s2->conn_id_length = s->s2->tmp.conn_id_length;
-    if (s->s2->conn_id_length > sizeof(s->s2->conn_id)) {
-        ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-        SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_SSL2_CONNECTION_ID_TOO_LONG);
-        return -1;
-    }
-    memcpy(s->s2->conn_id, p, s->s2->tmp.conn_id_length);
-    return (1);
-}
-
-static int client_hello(SSL *s)
-{
-    unsigned char *buf;
-    unsigned char *p, *d;
-/*      CIPHER **cipher;*/
-    int i, n, j;
-
-    buf = (unsigned char *)s->init_buf->data;
-    if (s->state == SSL2_ST_SEND_CLIENT_HELLO_A) {
-        if ((s->session == NULL) || (s->session->ssl_version != s->version)) {
-            if (!ssl_get_new_session(s, 0)) {
-                ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-                return (-1);
-            }
-        }
-        /* else use the pre-loaded session */
-
-        p = buf;                /* header */
-        d = p + 9;              /* data section */
-        *(p++) = SSL2_MT_CLIENT_HELLO; /* type */
-        s2n(SSL2_VERSION, p);   /* version */
-        n = j = 0;
-
-        n = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), d, 0);
-        d += n;
-
-        if (n == 0) {
-            SSLerr(SSL_F_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE);
-            return (-1);
-        }
-
-        s2n(n, p);              /* cipher spec num bytes */
-
-        if ((s->session->session_id_length > 0) &&
-            (s->session->session_id_length <=
-             SSL2_MAX_SSL_SESSION_ID_LENGTH)) {
-            i = s->session->session_id_length;
-            s2n(i, p);          /* session id length */
-            memcpy(d, s->session->session_id, (unsigned int)i);
-            d += i;
-        } else {
-            s2n(0, p);
-        }
-
-        s->s2->challenge_length = SSL2_CHALLENGE_LENGTH;
-        s2n(SSL2_CHALLENGE_LENGTH, p); /* challenge length */
-        /*
-         * challenge id data
-         */
-        if (RAND_bytes(s->s2->challenge, SSL2_CHALLENGE_LENGTH) <= 0)
-            return -1;
-        memcpy(d, s->s2->challenge, SSL2_CHALLENGE_LENGTH);
-        d += SSL2_CHALLENGE_LENGTH;
-
-        s->state = SSL2_ST_SEND_CLIENT_HELLO_B;
-        s->init_num = d - buf;
-        s->init_off = 0;
-    }
-    /* SSL2_ST_SEND_CLIENT_HELLO_B */
-    return (ssl2_do_write(s));
-}
-
-static int client_master_key(SSL *s)
-{
-    unsigned char *buf;
-    unsigned char *p, *d;
-    int clear, enc, karg, i;
-    SSL_SESSION *sess;
-    const EVP_CIPHER *c;
-    const EVP_MD *md;
-
-    buf = (unsigned char *)s->init_buf->data;
-    if (s->state == SSL2_ST_SEND_CLIENT_MASTER_KEY_A) {
-
-        if (!ssl_cipher_get_evp(s->session, &c, &md, NULL, NULL, NULL)) {
-            ssl2_return_error(s, SSL2_PE_NO_CIPHER);
-            SSLerr(SSL_F_CLIENT_MASTER_KEY,
-                   SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
-            return (-1);
-        }
-        sess = s->session;
-        p = buf;
-        d = p + 10;
-        *(p++) = SSL2_MT_CLIENT_MASTER_KEY; /* type */
-
-        i = ssl_put_cipher_by_char(s, sess->cipher, p);
-        p += i;
-
-        /* make key_arg data */
-        i = EVP_CIPHER_iv_length(c);
-        sess->key_arg_length = i;
-        if (i > SSL_MAX_KEY_ARG_LENGTH) {
-            ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-            SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
-            return -1;
-        }
-        if (i > 0)
-            if (RAND_bytes(sess->key_arg, i) <= 0)
-                return -1;
-
-        /* make a master key */
-        i = EVP_CIPHER_key_length(c);
-        sess->master_key_length = i;
-        if (i > 0) {
-            if (i > (int)sizeof(sess->master_key)) {
-                ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-                SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
-                return -1;
-            }
-            if (RAND_bytes(sess->master_key, i) <= 0) {
-                ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-                return (-1);
-            }
-        }
-
-        if (sess->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC)
-            enc = 8;
-        else if (SSL_C_IS_EXPORT(sess->cipher))
-            enc = 5;
-        else
-            enc = i;
-
-        if ((int)i < enc) {
-            ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-            SSLerr(SSL_F_CLIENT_MASTER_KEY, SSL_R_CIPHER_TABLE_SRC_ERROR);
-            return (-1);
-        }
-        clear = i - enc;
-        s2n(clear, p);
-        memcpy(d, sess->master_key, (unsigned int)clear);
-        d += clear;
-
-        enc = ssl_rsa_public_encrypt(sess->sess_cert, enc,
-                                     &(sess->master_key[clear]), d,
-                                     (s->
-                                      s2->ssl2_rollback) ? RSA_SSLV23_PADDING
-                                     : RSA_PKCS1_PADDING);
-        if (enc <= 0) {
-            ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-            SSLerr(SSL_F_CLIENT_MASTER_KEY, SSL_R_PUBLIC_KEY_ENCRYPT_ERROR);
-            return (-1);
-        }
-# ifdef PKCS1_CHECK
-        if (s->options & SSL_OP_PKCS1_CHECK_1)
-            d[1]++;
-        if (s->options & SSL_OP_PKCS1_CHECK_2)
-            sess->master_key[clear]++;
-# endif
-        s2n(enc, p);
-        d += enc;
-        karg = sess->key_arg_length;
-        s2n(karg, p);           /* key arg size */
-        if (karg > (int)sizeof(sess->key_arg)) {
-            ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-            SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
-            return -1;
-        }
-        memcpy(d, sess->key_arg, (unsigned int)karg);
-        d += karg;
-
-        s->state = SSL2_ST_SEND_CLIENT_MASTER_KEY_B;
-        s->init_num = d - buf;
-        s->init_off = 0;
-    }
-
-    /* SSL2_ST_SEND_CLIENT_MASTER_KEY_B */
-    return (ssl2_do_write(s));
-}
-
-static int client_finished(SSL *s)
-{
-    unsigned char *p;
-
-    if (s->state == SSL2_ST_SEND_CLIENT_FINISHED_A) {
-        p = (unsigned char *)s->init_buf->data;
-        *(p++) = SSL2_MT_CLIENT_FINISHED;
-        if (s->s2->conn_id_length > sizeof(s->s2->conn_id)) {
-            SSLerr(SSL_F_CLIENT_FINISHED, ERR_R_INTERNAL_ERROR);
-            return -1;
-        }
-        memcpy(p, s->s2->conn_id, (unsigned int)s->s2->conn_id_length);
-
-        s->state = SSL2_ST_SEND_CLIENT_FINISHED_B;
-        s->init_num = s->s2->conn_id_length + 1;
-        s->init_off = 0;
-    }
-    return (ssl2_do_write(s));
-}
-
-/* read the data and then respond */
-static int client_certificate(SSL *s)
-{
-    unsigned char *buf;
-    unsigned char *p, *d;
-    int i;
-    unsigned int n;
-    int cert_ch_len;
-    unsigned char *cert_ch;
-
-    buf = (unsigned char *)s->init_buf->data;
-
-    /*
-     * We have a cert associated with the SSL, so attach it to the session if
-     * it does not have one
-     */
-
-    if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_A) {
-        i = ssl2_read(s, (char *)&(buf[s->init_num]),
-                      SSL2_MAX_CERT_CHALLENGE_LENGTH + 2 - s->init_num);
-        if (i < (SSL2_MIN_CERT_CHALLENGE_LENGTH + 2 - s->init_num))
-            return (ssl2_part_read(s, SSL_F_CLIENT_CERTIFICATE, i));
-        s->init_num += i;
-        if (s->msg_callback) {
-            /* REQUEST-CERTIFICATE */
-            s->msg_callback(0, s->version, 0, buf, (size_t)s->init_num, s,
-                            s->msg_callback_arg);
-        }
-
-        /* type=buf[0]; */
-        /* type eq x509 */
-        if (buf[1] != SSL2_AT_MD5_WITH_RSA_ENCRYPTION) {
-            ssl2_return_error(s, SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE);
-            SSLerr(SSL_F_CLIENT_CERTIFICATE, SSL_R_BAD_AUTHENTICATION_TYPE);
-            return (-1);
-        }
-
-        if ((s->cert == NULL) ||
-            (s->cert->key->x509 == NULL) ||
-            (s->cert->key->privatekey == NULL)) {
-            s->state = SSL2_ST_X509_GET_CLIENT_CERTIFICATE;
-        } else
-            s->state = SSL2_ST_SEND_CLIENT_CERTIFICATE_C;
-    }
-
-    cert_ch = buf + 2;
-    cert_ch_len = s->init_num - 2;
-
-    if (s->state == SSL2_ST_X509_GET_CLIENT_CERTIFICATE) {
-        X509 *x509 = NULL;
-        EVP_PKEY *pkey = NULL;
-
-        /*
-         * If we get an error we need to ssl->rwstate=SSL_X509_LOOKUP;
-         * return(error); We should then be retried when things are ok and we
-         * can get a cert or not
-         */
-
-        i = 0;
-        if (s->ctx->client_cert_cb != NULL) {
-            i = s->ctx->client_cert_cb(s, &(x509), &(pkey));
-        }
-
-        if (i < 0) {
-            s->rwstate = SSL_X509_LOOKUP;
-            return (-1);
-        }
-        s->rwstate = SSL_NOTHING;
-
-        if ((i == 1) && (pkey != NULL) && (x509 != NULL)) {
-            s->state = SSL2_ST_SEND_CLIENT_CERTIFICATE_C;
-            if (!SSL_use_certificate(s, x509) || !SSL_use_PrivateKey(s, pkey)) {
-                i = 0;
-            }
-            X509_free(x509);
-            EVP_PKEY_free(pkey);
-        } else if (i == 1) {
-            if (x509 != NULL)
-                X509_free(x509);
-            if (pkey != NULL)
-                EVP_PKEY_free(pkey);
-            SSLerr(SSL_F_CLIENT_CERTIFICATE,
-                   SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
-            i = 0;
-        }
-
-        if (i == 0) {
-            /*
-             * We have no client certificate to respond with so send the
-             * correct error message back
-             */
-            s->state = SSL2_ST_SEND_CLIENT_CERTIFICATE_B;
-            p = buf;
-            *(p++) = SSL2_MT_ERROR;
-            s2n(SSL2_PE_NO_CERTIFICATE, p);
-            s->init_off = 0;
-            s->init_num = 3;
-            /* Write is done at the end */
-        }
-    }
-
-    if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_B) {
-        return (ssl2_do_write(s));
-    }
-
-    if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_C) {
-        EVP_MD_CTX ctx;
-
-        /*
-         * ok, now we calculate the checksum do it first so we can reuse buf
-         * :-)
-         */
-        p = buf;
-        EVP_MD_CTX_init(&ctx);
-        EVP_SignInit_ex(&ctx, s->ctx->rsa_md5, NULL);
-        EVP_SignUpdate(&ctx, s->s2->key_material, s->s2->key_material_length);
-        EVP_SignUpdate(&ctx, cert_ch, (unsigned int)cert_ch_len);
-        i = i2d_X509(s->session->sess_cert->peer_key->x509, &p);
-        /*
-         * Don't update the signature if it fails - FIXME: probably should
-         * handle this better
-         */
-        if (i > 0)
-            EVP_SignUpdate(&ctx, buf, (unsigned int)i);
-
-        p = buf;
-        d = p + 6;
-        *(p++) = SSL2_MT_CLIENT_CERTIFICATE;
-        *(p++) = SSL2_CT_X509_CERTIFICATE;
-        n = i2d_X509(s->cert->key->x509, &d);
-        s2n(n, p);
-
-        if (!EVP_SignFinal(&ctx, d, &n, s->cert->key->privatekey)) {
-            /*
-             * this is not good.  If things have failed it means there so
-             * something wrong with the key. We will continue with a 0 length
-             * signature
-             */
-        }
-        EVP_MD_CTX_cleanup(&ctx);
-        s2n(n, p);
-        d += n;
-
-        s->state = SSL2_ST_SEND_CLIENT_CERTIFICATE_D;
-        s->init_num = d - buf;
-        s->init_off = 0;
-    }
-    /* if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_D) */
-    return (ssl2_do_write(s));
-}
-
-static int get_server_verify(SSL *s)
-{
-    unsigned char *p;
-    int i, n, len;
-
-    p = (unsigned char *)s->init_buf->data;
-    if (s->state == SSL2_ST_GET_SERVER_VERIFY_A) {
-        i = ssl2_read(s, (char *)&(p[s->init_num]), 1 - s->init_num);
-        if (i < (1 - s->init_num))
-            return (ssl2_part_read(s, SSL_F_GET_SERVER_VERIFY, i));
-        s->init_num += i;
-
-        s->state = SSL2_ST_GET_SERVER_VERIFY_B;
-        if (*p != SSL2_MT_SERVER_VERIFY) {
-            if (p[0] != SSL2_MT_ERROR) {
-                ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-                SSLerr(SSL_F_GET_SERVER_VERIFY, SSL_R_READ_WRONG_PACKET_TYPE);
-            } else {
-                SSLerr(SSL_F_GET_SERVER_VERIFY, SSL_R_PEER_ERROR);
-                /* try to read the error message */
-                i = ssl2_read(s, (char *)&(p[s->init_num]), 3 - s->init_num);
-                return ssl2_part_read(s, SSL_F_GET_SERVER_VERIFY, i);
-            }
-            return (-1);
-        }
-    }
-
-    p = (unsigned char *)s->init_buf->data;
-    len = 1 + s->s2->challenge_length;
-    n = len - s->init_num;
-    i = ssl2_read(s, (char *)&(p[s->init_num]), n);
-    if (i < n)
-        return (ssl2_part_read(s, SSL_F_GET_SERVER_VERIFY, i));
-    if (s->msg_callback) {
-        /* SERVER-VERIFY */
-        s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg);
-    }
-    p += 1;
-
-    if (CRYPTO_memcmp(p, s->s2->challenge, s->s2->challenge_length) != 0) {
-        ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-        SSLerr(SSL_F_GET_SERVER_VERIFY, SSL_R_CHALLENGE_IS_DIFFERENT);
-        return (-1);
-    }
-    return (1);
-}
-
-static int get_server_finished(SSL *s)
-{
-    unsigned char *buf;
-    unsigned char *p;
-    int i, n, len;
-
-    buf = (unsigned char *)s->init_buf->data;
-    p = buf;
-    if (s->state == SSL2_ST_GET_SERVER_FINISHED_A) {
-        i = ssl2_read(s, (char *)&(buf[s->init_num]), 1 - s->init_num);
-        if (i < (1 - s->init_num))
-            return (ssl2_part_read(s, SSL_F_GET_SERVER_FINISHED, i));
-        s->init_num += i;
-
-        if (*p == SSL2_MT_REQUEST_CERTIFICATE) {
-            s->state = SSL2_ST_SEND_CLIENT_CERTIFICATE_A;
-            return (1);
-        } else if (*p != SSL2_MT_SERVER_FINISHED) {
-            if (p[0] != SSL2_MT_ERROR) {
-                ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-                SSLerr(SSL_F_GET_SERVER_FINISHED,
-                       SSL_R_READ_WRONG_PACKET_TYPE);
-            } else {
-                SSLerr(SSL_F_GET_SERVER_FINISHED, SSL_R_PEER_ERROR);
-                /* try to read the error message */
-                i = ssl2_read(s, (char *)&(p[s->init_num]), 3 - s->init_num);
-                return ssl2_part_read(s, SSL_F_GET_SERVER_VERIFY, i);
-            }
-            return (-1);
-        }
-        s->state = SSL2_ST_GET_SERVER_FINISHED_B;
-    }
-
-    len = 1 + SSL2_SSL_SESSION_ID_LENGTH;
-    n = len - s->init_num;
-    i = ssl2_read(s, (char *)&(buf[s->init_num]), n);
-    if (i < n) {
-        /*
-         * XXX could be shorter than SSL2_SSL_SESSION_ID_LENGTH,
-         * that's the maximum
-         */
-        return (ssl2_part_read(s, SSL_F_GET_SERVER_FINISHED, i));
-    }
-    s->init_num += i;
-    if (s->msg_callback) {
-        /* SERVER-FINISHED */
-        s->msg_callback(0, s->version, 0, buf, (size_t)s->init_num, s,
-                        s->msg_callback_arg);
-    }
-
-    if (!s->hit) {              /* new session */
-        /* new session-id */
-        /*
-         * Make sure we were not trying to re-use an old SSL_SESSION or bad
-         * things can happen
-         */
-        /* ZZZZZZZZZZZZZ */
-        s->session->session_id_length = SSL2_SSL_SESSION_ID_LENGTH;
-        memcpy(s->session->session_id, p + 1, SSL2_SSL_SESSION_ID_LENGTH);
-    } else {
-        if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG)) {
-            if ((s->session->session_id_length >
-                 sizeof(s->session->session_id))
-                || (0 !=
-                    memcmp(buf + 1, s->session->session_id,
-                           (unsigned int)s->session->session_id_length))) {
-                ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-                SSLerr(SSL_F_GET_SERVER_FINISHED,
-                       SSL_R_SSL_SESSION_ID_IS_DIFFERENT);
-                return (-1);
-            }
-        }
-    }
-    s->state = SSL_ST_OK;
-    return (1);
-}
-
-/* loads in the certificate from the server */
-int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data)
-{
-    STACK_OF(X509) *sk = NULL;
-    EVP_PKEY *pkey = NULL;
-    SESS_CERT *sc = NULL;
-    int i;
-    X509 *x509 = NULL;
-    int ret = 0;
-
-    x509 = d2i_X509(NULL, &data, (long)len);
-    if (x509 == NULL) {
-        SSLerr(SSL_F_SSL2_SET_CERTIFICATE, ERR_R_X509_LIB);
-        goto err;
-    }
-
-    if ((sk = sk_X509_new_null()) == NULL || !sk_X509_push(sk, x509)) {
-        SSLerr(SSL_F_SSL2_SET_CERTIFICATE, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    i = ssl_verify_cert_chain(s, sk);
-
-    if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)) {
-        SSLerr(SSL_F_SSL2_SET_CERTIFICATE, SSL_R_CERTIFICATE_VERIFY_FAILED);
-        goto err;
-    }
-    ERR_clear_error();          /* but we keep s->verify_result */
-    s->session->verify_result = s->verify_result;
-
-    /* server's cert for this session */
-    sc = ssl_sess_cert_new();
-    if (sc == NULL) {
-        ret = -1;
-        goto err;
-    }
-    if (s->session->sess_cert)
-        ssl_sess_cert_free(s->session->sess_cert);
-    s->session->sess_cert = sc;
-
-    sc->peer_pkeys[SSL_PKEY_RSA_ENC].x509 = x509;
-    sc->peer_key = &(sc->peer_pkeys[SSL_PKEY_RSA_ENC]);
-
-    pkey = X509_get_pubkey(x509);
-    x509 = NULL;
-    if (pkey == NULL) {
-        SSLerr(SSL_F_SSL2_SET_CERTIFICATE,
-               SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY);
-        goto err;
-    }
-    if (pkey->type != EVP_PKEY_RSA) {
-        SSLerr(SSL_F_SSL2_SET_CERTIFICATE, SSL_R_PUBLIC_KEY_NOT_RSA);
-        goto err;
-    }
-
-    if (!ssl_set_peer_cert_type(sc, SSL2_CT_X509_CERTIFICATE))
-        goto err;
-    ret = 1;
- err:
-    sk_X509_free(sk);
-    X509_free(x509);
-    EVP_PKEY_free(pkey);
-    return (ret);
-}
-
-static int ssl_rsa_public_encrypt(SESS_CERT *sc, int len, unsigned char *from,
-                                  unsigned char *to, int padding)
-{
-    EVP_PKEY *pkey = NULL;
-    int i = -1;
-
-    if ((sc == NULL) || (sc->peer_key->x509 == NULL) ||
-        ((pkey = X509_get_pubkey(sc->peer_key->x509)) == NULL)) {
-        SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT, SSL_R_NO_PUBLICKEY);
-        return (-1);
-    }
-    if (pkey->type != EVP_PKEY_RSA) {
-        SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT, SSL_R_PUBLIC_KEY_IS_NOT_RSA);
-        goto end;
-    }
-
-    /* we have the public key */
-    i = RSA_public_encrypt(len, from, to, pkey->pkey.rsa, padding);
-    if (i < 0)
-        SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT, ERR_R_RSA_LIB);
- end:
-    EVP_PKEY_free(pkey);
-    return (i);
-}
-#else                           /* !OPENSSL_NO_SSL2 */
-
-# if PEDANTIC
-static void *dummy = &dummy;
-# endif
-
-#endif
diff --git a/freebsd/crypto/openssl/ssl/s2_enc.c b/freebsd/crypto/openssl/ssl/s2_enc.c
deleted file mode 100644
index 61597d3b..00000000
--- a/freebsd/crypto/openssl/ssl/s2_enc.c
+++ /dev/null
@@ -1,199 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* ssl/s2_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "ssl_locl.h"
-#ifndef OPENSSL_NO_SSL2
-# include <stdio.h>
-
-int ssl2_enc_init(SSL *s, int client)
-{
-    /* Max number of bytes needed */
-    EVP_CIPHER_CTX *rs, *ws;
-    const EVP_CIPHER *c;
-    const EVP_MD *md;
-    int num;
-
-    if (!ssl_cipher_get_evp(s->session, &c, &md, NULL, NULL, NULL)) {
-        ssl2_return_error(s, SSL2_PE_NO_CIPHER);
-        SSLerr(SSL_F_SSL2_ENC_INIT, SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
-        return (0);
-    }
-    ssl_replace_hash(&s->read_hash, md);
-    ssl_replace_hash(&s->write_hash, md);
-
-    if ((s->enc_read_ctx == NULL) && ((s->enc_read_ctx = (EVP_CIPHER_CTX *)
-                                       OPENSSL_malloc(sizeof(EVP_CIPHER_CTX)))
-                                      == NULL))
-        goto err;
-
-    /*
-     * make sure it's intialized in case the malloc for enc_write_ctx fails
-     * and we exit with an error
-     */
-    rs = s->enc_read_ctx;
-    EVP_CIPHER_CTX_init(rs);
-
-    if ((s->enc_write_ctx == NULL) && ((s->enc_write_ctx = (EVP_CIPHER_CTX *)
-                                        OPENSSL_malloc(sizeof
-                                                       (EVP_CIPHER_CTX))) ==
-                                       NULL))
-        goto err;
-
-    ws = s->enc_write_ctx;
-    EVP_CIPHER_CTX_init(ws);
-
-    num = c->key_len;
-    s->s2->key_material_length = num * 2;
-    OPENSSL_assert(s->s2->key_material_length <= sizeof(s->s2->key_material));
-
-    if (ssl2_generate_key_material(s) <= 0)
-        return 0;
-
-    OPENSSL_assert(c->iv_len <= (int)sizeof(s->session->key_arg));
-    EVP_EncryptInit_ex(ws, c, NULL,
-                       &(s->s2->key_material[(client) ? num : 0]),
-                       s->session->key_arg);
-    EVP_DecryptInit_ex(rs, c, NULL,
-                       &(s->s2->key_material[(client) ? 0 : num]),
-                       s->session->key_arg);
-    s->s2->read_key = &(s->s2->key_material[(client) ? 0 : num]);
-    s->s2->write_key = &(s->s2->key_material[(client) ? num : 0]);
-    return (1);
- err:
-    SSLerr(SSL_F_SSL2_ENC_INIT, ERR_R_MALLOC_FAILURE);
-    return (0);
-}
-
-/*
- * read/writes from s->s2->mac_data using length for encrypt and decrypt.
- * It sets s->s2->padding and s->[rw]length if we are encrypting Returns 0 on
- * error and 1 on success
- */
-int ssl2_enc(SSL *s, int send)
-{
-    EVP_CIPHER_CTX *ds;
-    unsigned long l;
-    int bs;
-
-    if (send) {
-        ds = s->enc_write_ctx;
-        l = s->s2->wlength;
-    } else {
-        ds = s->enc_read_ctx;
-        l = s->s2->rlength;
-    }
-
-    /* check for NULL cipher */
-    if (ds == NULL)
-        return 1;
-
-    bs = ds->cipher->block_size;
-    /*
-     * This should be using (bs-1) and bs instead of 7 and 8, but what the
-     * hell.
-     */
-    if (bs == 8)
-        l = (l + 7) / 8 * 8;
-
-    if (EVP_Cipher(ds, s->s2->mac_data, s->s2->mac_data, l) < 1)
-        return 0;
-
-    return 1;
-}
-
-void ssl2_mac(SSL *s, unsigned char *md, int send)
-{
-    EVP_MD_CTX c;
-    unsigned char sequence[4], *p, *sec, *act;
-    unsigned long seq;
-    unsigned int len;
-
-    if (send) {
-        seq = s->s2->write_sequence;
-        sec = s->s2->write_key;
-        len = s->s2->wact_data_length;
-        act = s->s2->wact_data;
-    } else {
-        seq = s->s2->read_sequence;
-        sec = s->s2->read_key;
-        len = s->s2->ract_data_length;
-        act = s->s2->ract_data;
-    }
-
-    p = &(sequence[0]);
-    l2n(seq, p);
-
-    /* There has to be a MAC algorithm. */
-    EVP_MD_CTX_init(&c);
-    EVP_MD_CTX_copy(&c, s->read_hash);
-    EVP_DigestUpdate(&c, sec, EVP_CIPHER_CTX_key_length(s->enc_read_ctx));
-    EVP_DigestUpdate(&c, act, len);
-    /* the above line also does the pad data */
-    EVP_DigestUpdate(&c, sequence, 4);
-    EVP_DigestFinal_ex(&c, md, NULL);
-    EVP_MD_CTX_cleanup(&c);
-}
-#else                           /* !OPENSSL_NO_SSL2 */
-
-# if PEDANTIC
-static void *dummy = &dummy;
-# endif
-
-#endif
diff --git a/freebsd/crypto/openssl/ssl/s2_lib.c b/freebsd/crypto/openssl/ssl/s2_lib.c
deleted file mode 100644
index 263d143a..00000000
--- a/freebsd/crypto/openssl/ssl/s2_lib.c
+++ /dev/null
@@ -1,572 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* ssl/s2_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "ssl_locl.h"
-#ifndef OPENSSL_NO_SSL2
-# include <stdio.h>
-# include <openssl/objects.h>
-# include <openssl/evp.h>
-# include <openssl/md5.h>
-
-const char ssl2_version_str[] = "SSLv2" OPENSSL_VERSION_PTEXT;
-
-# define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER))
-
-/* list of available SSLv2 ciphers (sorted by id) */
-OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
-# if 0
-/* NULL_WITH_MD5 v3 */
-    {
-     1,
-     SSL2_TXT_NULL_WITH_MD5,
-     SSL2_CK_NULL_WITH_MD5,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_eNULL,
-     SSL_MD5,
-     SSL_SSLV2,
-     SSL_EXPORT | SSL_EXP40 | SSL_STRONG_NONE,
-     0,
-     0,
-     0,
-     },
-# endif
-
-/* RC4_128_WITH_MD5 */
-    {
-     1,
-     SSL2_TXT_RC4_128_WITH_MD5,
-     SSL2_CK_RC4_128_WITH_MD5,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_RC4,
-     SSL_MD5,
-     SSL_SSLV2,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
-     0,
-     128,
-     128,
-     },
-
-# if 0
-/* RC4_128_EXPORT40_WITH_MD5 */
-    {
-     1,
-     SSL2_TXT_RC4_128_EXPORT40_WITH_MD5,
-     SSL2_CK_RC4_128_EXPORT40_WITH_MD5,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_RC4,
-     SSL_MD5,
-     SSL_SSLV2,
-     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
-     SSL2_CF_5_BYTE_ENC,
-     40,
-     128,
-     },
-# endif
-
-/* RC2_128_CBC_WITH_MD5 */
-    {
-     1,
-     SSL2_TXT_RC2_128_CBC_WITH_MD5,
-     SSL2_CK_RC2_128_CBC_WITH_MD5,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_RC2,
-     SSL_MD5,
-     SSL_SSLV2,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
-     0,
-     128,
-     128,
-     },
-
-# if 0
-/* RC2_128_CBC_EXPORT40_WITH_MD5 */
-    {
-     1,
-     SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5,
-     SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_RC2,
-     SSL_MD5,
-     SSL_SSLV2,
-     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
-     SSL2_CF_5_BYTE_ENC,
-     40,
-     128,
-     },
-# endif
-
-# ifndef OPENSSL_NO_IDEA
-/* IDEA_128_CBC_WITH_MD5 */
-    {
-     1,
-     SSL2_TXT_IDEA_128_CBC_WITH_MD5,
-     SSL2_CK_IDEA_128_CBC_WITH_MD5,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_IDEA,
-     SSL_MD5,
-     SSL_SSLV2,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
-     0,
-     128,
-     128,
-     },
-# endif
-
-# if 0
-/* DES_64_CBC_WITH_MD5 */
-    {
-     1,
-     SSL2_TXT_DES_64_CBC_WITH_MD5,
-     SSL2_CK_DES_64_CBC_WITH_MD5,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_DES,
-     SSL_MD5,
-     SSL_SSLV2,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
-     0,
-     56,
-     56,
-     },
-# endif
-
-/* DES_192_EDE3_CBC_WITH_MD5 */
-    {
-     1,
-     SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5,
-     SSL2_CK_DES_192_EDE3_CBC_WITH_MD5,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_3DES,
-     SSL_MD5,
-     SSL_SSLV2,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
-     0,
-     112,
-     168,
-     },
-
-# if 0
-/* RC4_64_WITH_MD5 */
-    {
-     1,
-     SSL2_TXT_RC4_64_WITH_MD5,
-     SSL2_CK_RC4_64_WITH_MD5,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_RC4,
-     SSL_MD5,
-     SSL_SSLV2,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
-     SSL2_CF_8_BYTE_ENC,
-     64,
-     64,
-     },
-# endif
-
-# if 0
-/* NULL SSLeay (testing) */
-    {
-     0,
-     SSL2_TXT_NULL,
-     SSL2_CK_NULL,
-     0,
-     0,
-     0,
-     0,
-     SSL_SSLV2,
-     SSL_STRONG_NONE,
-     0,
-     0,
-     0,
-     },
-# endif
-
-/* end of list :-) */
-};
-
-long ssl2_default_timeout(void)
-{
-    return (300);
-}
-
-int ssl2_num_ciphers(void)
-{
-    return (SSL2_NUM_CIPHERS);
-}
-
-const SSL_CIPHER *ssl2_get_cipher(unsigned int u)
-{
-    if (u < SSL2_NUM_CIPHERS)
-        return (&(ssl2_ciphers[SSL2_NUM_CIPHERS - 1 - u]));
-    else
-        return (NULL);
-}
-
-int ssl2_pending(const SSL *s)
-{
-    return SSL_in_init(s) ? 0 : s->s2->ract_data_length;
-}
-
-int ssl2_new(SSL *s)
-{
-    SSL2_STATE *s2;
-
-    if ((s2 = OPENSSL_malloc(sizeof(*s2))) == NULL)
-        goto err;
-    memset(s2, 0, sizeof(*s2));
-
-# if SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER + 3 > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2
-#  error "assertion failed"
-# endif
-
-    if ((s2->rbuf =
-         OPENSSL_malloc(SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2)) == NULL)
-        goto err;
-    /*
-     * wbuf needs one byte more because when using two-byte headers, we leave
-     * the first byte unused in do_ssl_write (s2_pkt.c)
-     */
-    if ((s2->wbuf =
-         OPENSSL_malloc(SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 3)) == NULL)
-        goto err;
-    s->s2 = s2;
-
-    ssl2_clear(s);
-    return (1);
- err:
-    if (s2 != NULL) {
-        if (s2->wbuf != NULL)
-            OPENSSL_free(s2->wbuf);
-        if (s2->rbuf != NULL)
-            OPENSSL_free(s2->rbuf);
-        OPENSSL_free(s2);
-    }
-    return (0);
-}
-
-void ssl2_free(SSL *s)
-{
-    SSL2_STATE *s2;
-
-    if (s == NULL)
-        return;
-
-    s2 = s->s2;
-    if (s2->rbuf != NULL)
-        OPENSSL_free(s2->rbuf);
-    if (s2->wbuf != NULL)
-        OPENSSL_free(s2->wbuf);
-    OPENSSL_cleanse(s2, sizeof(*s2));
-    OPENSSL_free(s2);
-    s->s2 = NULL;
-}
-
-void ssl2_clear(SSL *s)
-{
-    SSL2_STATE *s2;
-    unsigned char *rbuf, *wbuf;
-
-    s2 = s->s2;
-
-    rbuf = s2->rbuf;
-    wbuf = s2->wbuf;
-
-    memset(s2, 0, sizeof(*s2));
-
-    s2->rbuf = rbuf;
-    s2->wbuf = wbuf;
-    s2->clear_text = 1;
-    s->packet = s2->rbuf;
-    s->version = SSL2_VERSION;
-    s->packet_length = 0;
-}
-
-long ssl2_ctrl(SSL *s, int cmd, long larg, void *parg)
-{
-    int ret = 0;
-
-    switch (cmd) {
-    case SSL_CTRL_GET_SESSION_REUSED:
-        ret = s->hit;
-        break;
-    case SSL_CTRL_CHECK_PROTO_VERSION:
-        return ssl3_ctrl(s, SSL_CTRL_CHECK_PROTO_VERSION, larg, parg);
-    default:
-        break;
-    }
-    return (ret);
-}
-
-long ssl2_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
-{
-    return (0);
-}
-
-long ssl2_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
-{
-    return (0);
-}
-
-long ssl2_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
-{
-    return (0);
-}
-
-/*
- * This function needs to check if the ciphers required are actually
- * available
- */
-const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p)
-{
-    SSL_CIPHER c;
-    const SSL_CIPHER *cp;
-    unsigned long id;
-
-    id = 0x02000000L | ((unsigned long)p[0] << 16L) |
-        ((unsigned long)p[1] << 8L) | (unsigned long)p[2];
-    c.id = id;
-    cp = OBJ_bsearch_ssl_cipher_id(&c, ssl2_ciphers, SSL2_NUM_CIPHERS);
-    return cp;
-}
-
-int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
-{
-    long l;
-
-    if (p != NULL) {
-        l = c->id;
-        if ((l & 0xff000000) != 0x02000000 && l != SSL3_CK_FALLBACK_SCSV)
-            return (0);
-        p[0] = ((unsigned char)(l >> 16L)) & 0xFF;
-        p[1] = ((unsigned char)(l >> 8L)) & 0xFF;
-        p[2] = ((unsigned char)(l)) & 0xFF;
-    }
-    return (3);
-}
-
-int ssl2_generate_key_material(SSL *s)
-{
-    unsigned int i;
-    EVP_MD_CTX ctx;
-    unsigned char *km;
-    unsigned char c = '0';
-    const EVP_MD *md5;
-    int md_size;
-
-    md5 = EVP_md5();
-
-# ifdef CHARSET_EBCDIC
-    c = os_toascii['0'];        /* Must be an ASCII '0', not EBCDIC '0', see
-                                 * SSLv2 docu */
-# endif
-    EVP_MD_CTX_init(&ctx);
-    km = s->s2->key_material;
-
-    if (s->session->master_key_length < 0 ||
-        s->session->master_key_length > (int)sizeof(s->session->master_key)) {
-        SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);
-        return 0;
-    }
-    md_size = EVP_MD_size(md5);
-    if (md_size < 0)
-        return 0;
-    for (i = 0; i < s->s2->key_material_length; i += md_size) {
-        if (((km - s->s2->key_material) + md_size) >
-            (int)sizeof(s->s2->key_material)) {
-            /*
-             * EVP_DigestFinal_ex() below would write beyond buffer
-             */
-            SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);
-            return 0;
-        }
-
-        EVP_DigestInit_ex(&ctx, md5, NULL);
-
-        OPENSSL_assert(s->session->master_key_length >= 0
-                       && s->session->master_key_length
-                       <= (int)sizeof(s->session->master_key));
-        EVP_DigestUpdate(&ctx, s->session->master_key,
-                         s->session->master_key_length);
-        EVP_DigestUpdate(&ctx, &c, 1);
-        c++;
-        EVP_DigestUpdate(&ctx, s->s2->challenge, s->s2->challenge_length);
-        EVP_DigestUpdate(&ctx, s->s2->conn_id, s->s2->conn_id_length);
-        EVP_DigestFinal_ex(&ctx, km, NULL);
-        km += md_size;
-    }
-
-    EVP_MD_CTX_cleanup(&ctx);
-    return 1;
-}
-
-void ssl2_return_error(SSL *s, int err)
-{
-    if (!s->error) {
-        s->error = 3;
-        s->error_code = err;
-
-        ssl2_write_error(s);
-    }
-}
-
-void ssl2_write_error(SSL *s)
-{
-    unsigned char buf[3];
-    int i, error;
-
-    buf[0] = SSL2_MT_ERROR;
-    buf[1] = (s->error_code >> 8) & 0xff;
-    buf[2] = (s->error_code) & 0xff;
-
-/*      state=s->rwstate;*/
-
-    error = s->error;           /* number of bytes left to write */
-    s->error = 0;
-    OPENSSL_assert(error >= 0 && error <= (int)sizeof(buf));
-    i = ssl2_write(s, &(buf[3 - error]), error);
-
-/*      if (i == error) s->rwstate=state; */
-
-    if (i < 0)
-        s->error = error;
-    else {
-        s->error = error - i;
-
-        if (s->error == 0)
-            if (s->msg_callback) {
-                /* ERROR */
-                s->msg_callback(1, s->version, 0, buf, 3, s,
-                                s->msg_callback_arg);
-            }
-    }
-}
-
-int ssl2_shutdown(SSL *s)
-{
-    s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
-    return (1);
-}
-#else                           /* !OPENSSL_NO_SSL2 */
-
-# if PEDANTIC
-static void *dummy = &dummy;
-# endif
-
-#endif
diff --git a/freebsd/crypto/openssl/ssl/s2_meth.c b/freebsd/crypto/openssl/ssl/s2_meth.c
deleted file mode 100644
index 0707d8e3..00000000
--- a/freebsd/crypto/openssl/ssl/s2_meth.c
+++ /dev/null
@@ -1,93 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* ssl/s2_meth.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "ssl_locl.h"
-#ifndef OPENSSL_NO_SSL2_METHOD
-# ifndef OPENSSL_NO_SSL2
-# include <stdio.h>
-# include <openssl/objects.h>
-
-static const SSL_METHOD *ssl2_get_method(int ver);
-static const SSL_METHOD *ssl2_get_method(int ver)
-{
-    if (ver == SSL2_VERSION)
-        return (SSLv2_method());
-    else
-        return (NULL);
-}
-
-IMPLEMENT_ssl2_meth_func(SSLv2_method,
-                         ssl2_accept, ssl2_connect, ssl2_get_method)
-
-# else /* !OPENSSL_NO_SSL2 */
-
-const SSL_METHOD *SSLv2_method(void) { return NULL; }
-const SSL_METHOD *SSLv2_client_method(void) { return NULL; }
-const SSL_METHOD *SSLv2_server_method(void) { return NULL; }
-
-# endif
-
-#else /* !OPENSSL_NO_SSL2_METHOD */
-
-# if PEDANTIC
-static void *dummy = &dummy;
-# endif
-
-#endif
diff --git a/freebsd/crypto/openssl/ssl/s2_pkt.c b/freebsd/crypto/openssl/ssl/s2_pkt.c
deleted file mode 100644
index 1a3c817e..00000000
--- a/freebsd/crypto/openssl/ssl/s2_pkt.c
+++ /dev/null
@@ -1,733 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* ssl/s2_pkt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "ssl_locl.h"
-#ifndef OPENSSL_NO_SSL2
-# include <stdio.h>
-# include <errno.h>
-# define USE_SOCKETS
-
-static int read_n(SSL *s, unsigned int n, unsigned int max,
-                  unsigned int extend);
-static int n_do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len);
-static int write_pending(SSL *s, const unsigned char *buf, unsigned int len);
-static int ssl_mt_error(int n);
-
-/*
- * SSL 2.0 imlementation for SSL_read/SSL_peek - This routine will return 0
- * to len bytes, decrypted etc if required.
- */
-static int ssl2_read_internal(SSL *s, void *buf, int len, int peek)
-{
-    int n;
-    unsigned char mac[MAX_MAC_SIZE];
-    unsigned char *p;
-    int i;
-    int mac_size;
-
- ssl2_read_again:
-    if (SSL_in_init(s) && !s->in_handshake) {
-        n = s->handshake_func(s);
-        if (n < 0)
-            return (n);
-        if (n == 0) {
-            SSLerr(SSL_F_SSL2_READ_INTERNAL, SSL_R_SSL_HANDSHAKE_FAILURE);
-            return (-1);
-        }
-    }
-
-    clear_sys_error();
-    s->rwstate = SSL_NOTHING;
-    if (len <= 0)
-        return (len);
-
-    if (s->s2->ract_data_length != 0) { /* read from buffer */
-        if (len > s->s2->ract_data_length)
-            n = s->s2->ract_data_length;
-        else
-            n = len;
-
-        memcpy(buf, s->s2->ract_data, (unsigned int)n);
-        if (!peek) {
-            s->s2->ract_data_length -= n;
-            s->s2->ract_data += n;
-            if (s->s2->ract_data_length == 0)
-                s->rstate = SSL_ST_READ_HEADER;
-        }
-
-        return (n);
-    }
-
-    /*
-     * s->s2->ract_data_length == 0 Fill the buffer, then goto
-     * ssl2_read_again.
-     */
-
-    if (s->rstate == SSL_ST_READ_HEADER) {
-        if (s->first_packet) {
-            n = read_n(s, 5, SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2, 0);
-            if (n <= 0)
-                return (n);     /* error or non-blocking */
-            s->first_packet = 0;
-            p = s->packet;
-            if (!((p[0] & 0x80) && ((p[2] == SSL2_MT_CLIENT_HELLO) ||
-                                    (p[2] == SSL2_MT_SERVER_HELLO)))) {
-                SSLerr(SSL_F_SSL2_READ_INTERNAL,
-                       SSL_R_NON_SSLV2_INITIAL_PACKET);
-                return (-1);
-            }
-        } else {
-            n = read_n(s, 2, SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2, 0);
-            if (n <= 0)
-                return (n);     /* error or non-blocking */
-        }
-        /* part read stuff */
-
-        s->rstate = SSL_ST_READ_BODY;
-        p = s->packet;
-        /* Do header */
-        /*
-         * s->s2->padding=0;
-         */
-        s->s2->escape = 0;
-        s->s2->rlength = (((unsigned int)p[0]) << 8) | ((unsigned int)p[1]);
-        if ((p[0] & TWO_BYTE_BIT)) { /* Two byte header? */
-            s->s2->three_byte_header = 0;
-            s->s2->rlength &= TWO_BYTE_MASK;
-        } else {
-            s->s2->three_byte_header = 1;
-            s->s2->rlength &= THREE_BYTE_MASK;
-
-            /* security >s2->escape */
-            s->s2->escape = ((p[0] & SEC_ESC_BIT)) ? 1 : 0;
-        }
-    }
-
-    if (s->rstate == SSL_ST_READ_BODY) {
-        n = s->s2->rlength + 2 + s->s2->three_byte_header;
-        if (n > (int)s->packet_length) {
-            n -= s->packet_length;
-            i = read_n(s, (unsigned int)n, (unsigned int)n, 1);
-            if (i <= 0)
-                return (i);     /* ERROR */
-        }
-
-        p = &(s->packet[2]);
-        s->rstate = SSL_ST_READ_HEADER;
-        if (s->s2->three_byte_header)
-            s->s2->padding = *(p++);
-        else
-            s->s2->padding = 0;
-
-        /* Data portion */
-        if (s->s2->clear_text) {
-            mac_size = 0;
-            s->s2->mac_data = p;
-            s->s2->ract_data = p;
-            if (s->s2->padding) {
-                SSLerr(SSL_F_SSL2_READ_INTERNAL, SSL_R_ILLEGAL_PADDING);
-                return (-1);
-            }
-        } else {
-            mac_size = EVP_MD_CTX_size(s->read_hash);
-            if (mac_size < 0)
-                return -1;
-            OPENSSL_assert(mac_size <= MAX_MAC_SIZE);
-            s->s2->mac_data = p;
-            s->s2->ract_data = &p[mac_size];
-            if (s->s2->padding + mac_size > s->s2->rlength) {
-                SSLerr(SSL_F_SSL2_READ_INTERNAL, SSL_R_ILLEGAL_PADDING);
-                return (-1);
-            }
-        }
-
-        s->s2->ract_data_length = s->s2->rlength;
-        /*
-         * added a check for length > max_size in case encryption was not
-         * turned on yet due to an error
-         */
-        if ((!s->s2->clear_text) &&
-            (s->s2->rlength >= (unsigned int)mac_size)) {
-            if (!ssl2_enc(s, 0)) {
-                SSLerr(SSL_F_SSL2_READ_INTERNAL, SSL_R_DECRYPTION_FAILED);
-                return (-1);
-            }
-            s->s2->ract_data_length -= mac_size;
-            ssl2_mac(s, mac, 0);
-            s->s2->ract_data_length -= s->s2->padding;
-            if ((CRYPTO_memcmp(mac, s->s2->mac_data, mac_size) != 0) ||
-                (s->s2->rlength %
-                 EVP_CIPHER_CTX_block_size(s->enc_read_ctx) != 0)) {
-                SSLerr(SSL_F_SSL2_READ_INTERNAL, SSL_R_BAD_MAC_DECODE);
-                return (-1);
-            }
-        }
-        INC32(s->s2->read_sequence); /* expect next number */
-        /* s->s2->ract_data is now available for processing */
-
-        /*
-         * Possibly the packet that we just read had 0 actual data bytes.
-         * (SSLeay/OpenSSL itself never sends such packets; see ssl2_write.)
-         * In this case, returning 0 would be interpreted by the caller as
-         * indicating EOF, so it's not a good idea.  Instead, we just
-         * continue reading; thus ssl2_read_internal may have to process
-         * multiple packets before it can return. [Note that using select()
-         * for blocking sockets *never* guarantees that the next SSL_read
-         * will not block -- the available data may contain incomplete
-         * packets, and except for SSL 2, renegotiation can confuse things
-         * even more.]
-         */
-
-        goto ssl2_read_again;   /* This should really be "return
-                                 * ssl2_read(s,buf,len)", but that would
-                                 * allow for denial-of-service attacks if a C
-                                 * compiler is used that does not recognize
-                                 * end-recursion. */
-    } else {
-        SSLerr(SSL_F_SSL2_READ_INTERNAL, SSL_R_BAD_STATE);
-        return (-1);
-    }
-}
-
-int ssl2_read(SSL *s, void *buf, int len)
-{
-    return ssl2_read_internal(s, buf, len, 0);
-}
-
-int ssl2_peek(SSL *s, void *buf, int len)
-{
-    return ssl2_read_internal(s, buf, len, 1);
-}
-
-/*
- * Return values are as per SSL_read()
- */
-static int read_n(SSL *s, unsigned int n, unsigned int max,
-                  unsigned int extend)
-{
-    int i, off, newb;
-
-    /*
-     * if there is stuff still in the buffer from a previous read, and there
-     * is more than we want, take some.
-     */
-    if (s->s2->rbuf_left >= (int)n) {
-        if (extend)
-            s->packet_length += n;
-        else {
-            s->packet = &(s->s2->rbuf[s->s2->rbuf_offs]);
-            s->packet_length = n;
-        }
-        s->s2->rbuf_left -= n;
-        s->s2->rbuf_offs += n;
-        return (n);
-    }
-
-    if (!s->read_ahead)
-        max = n;
-    if (max > (unsigned int)(SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2))
-        max = SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2;
-
-    /*
-     * Else we want more than we have. First, if there is some left or we
-     * want to extend
-     */
-    off = 0;
-    if ((s->s2->rbuf_left != 0) || ((s->packet_length != 0) && extend)) {
-        newb = s->s2->rbuf_left;
-        if (extend) {
-            off = s->packet_length;
-            if (s->packet != s->s2->rbuf)
-                memcpy(s->s2->rbuf, s->packet, (unsigned int)newb + off);
-        } else if (s->s2->rbuf_offs != 0) {
-            memcpy(s->s2->rbuf, &(s->s2->rbuf[s->s2->rbuf_offs]),
-                   (unsigned int)newb);
-            s->s2->rbuf_offs = 0;
-        }
-        s->s2->rbuf_left = 0;
-    } else
-        newb = 0;
-
-    /*
-     * off is the offset to start writing too. r->s2->rbuf_offs is the
-     * 'unread data', now 0. newb is the number of new bytes so far
-     */
-    s->packet = s->s2->rbuf;
-    while (newb < (int)n) {
-        clear_sys_error();
-        if (s->rbio != NULL) {
-            s->rwstate = SSL_READING;
-            i = BIO_read(s->rbio, (char *)&(s->s2->rbuf[off + newb]),
-                         max - newb);
-        } else {
-            SSLerr(SSL_F_READ_N, SSL_R_READ_BIO_NOT_SET);
-            i = -1;
-        }
-# ifdef PKT_DEBUG
-        if (s->debug & 0x01)
-            sleep(1);
-# endif
-        if (i <= 0) {
-            s->s2->rbuf_left += newb;
-            return i;
-        }
-        newb += i;
-    }
-
-    /* record unread data */
-    if (newb > (int)n) {
-        s->s2->rbuf_offs = n + off;
-        s->s2->rbuf_left = newb - n;
-    } else {
-        s->s2->rbuf_offs = 0;
-        s->s2->rbuf_left = 0;
-    }
-    if (extend)
-        s->packet_length += n;
-    else
-        s->packet_length = n;
-    s->rwstate = SSL_NOTHING;
-    return (n);
-}
-
-int ssl2_write(SSL *s, const void *_buf, int len)
-{
-    const unsigned char *buf = _buf;
-    unsigned int n, tot;
-    int i;
-
-    if (SSL_in_init(s) && !s->in_handshake) {
-        i = s->handshake_func(s);
-        if (i < 0)
-            return (i);
-        if (i == 0) {
-            SSLerr(SSL_F_SSL2_WRITE, SSL_R_SSL_HANDSHAKE_FAILURE);
-            return (-1);
-        }
-    }
-
-    if (s->error) {
-        ssl2_write_error(s);
-        if (s->error)
-            return (-1);
-    }
-
-    clear_sys_error();
-    s->rwstate = SSL_NOTHING;
-    if (len <= 0)
-        return (len);
-
-    tot = s->s2->wnum;
-    s->s2->wnum = 0;
-
-    n = (len - tot);
-    for (;;) {
-        i = n_do_ssl_write(s, &(buf[tot]), n);
-        if (i <= 0) {
-            s->s2->wnum = tot;
-            return (i);
-        }
-        if ((i == (int)n) || (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE)) {
-            return (tot + i);
-        }
-
-        n -= i;
-        tot += i;
-    }
-}
-
-/*
- * Return values are as per SSL_write()
- */
-static int write_pending(SSL *s, const unsigned char *buf, unsigned int len)
-{
-    int i;
-
-    /* s->s2->wpend_len != 0 MUST be true. */
-
-    /*
-     * check that they have given us the same buffer to write
-     */
-    if ((s->s2->wpend_tot > (int)len) ||
-        ((s->s2->wpend_buf != buf) &&
-         !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER))) {
-        SSLerr(SSL_F_WRITE_PENDING, SSL_R_BAD_WRITE_RETRY);
-        return (-1);
-    }
-
-    for (;;) {
-        clear_sys_error();
-        if (s->wbio != NULL) {
-            s->rwstate = SSL_WRITING;
-            i = BIO_write(s->wbio,
-                          (char *)&(s->s2->write_ptr[s->s2->wpend_off]),
-                          (unsigned int)s->s2->wpend_len);
-        } else {
-            SSLerr(SSL_F_WRITE_PENDING, SSL_R_WRITE_BIO_NOT_SET);
-            i = -1;
-        }
-# ifdef PKT_DEBUG
-        if (s->debug & 0x01)
-            sleep(1);
-# endif
-        if (i == s->s2->wpend_len) {
-            s->s2->wpend_len = 0;
-            s->rwstate = SSL_NOTHING;
-            return (s->s2->wpend_ret);
-        } else if (i <= 0)
-            return i;
-        s->s2->wpend_off += i;
-        s->s2->wpend_len -= i;
-    }
-}
-
-static int n_do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len)
-{
-    unsigned int j, k, olen, p, bs;
-    int mac_size;
-    register unsigned char *pp;
-
-    olen = len;
-
-    /*
-     * first check if there is data from an encryption waiting to be sent -
-     * it must be sent because the other end is waiting. This will happen
-     * with non-blocking IO.  We print it and then return.
-     */
-    if (s->s2->wpend_len != 0)
-        return (write_pending(s, buf, len));
-
-    /* set mac_size to mac size */
-    if (s->s2->clear_text)
-        mac_size = 0;
-    else {
-        mac_size = EVP_MD_CTX_size(s->write_hash);
-        if (mac_size < 0)
-            return -1;
-    }
-
-    /* lets set the pad p */
-    if (s->s2->clear_text) {
-        if (len > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER)
-            len = SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER;
-        p = 0;
-        s->s2->three_byte_header = 0;
-        /* len=len; */
-    } else {
-        bs = EVP_CIPHER_CTX_block_size(s->enc_read_ctx);
-        j = len + mac_size;
-        /*
-         * Two-byte headers allow for a larger record length than three-byte
-         * headers, but we can't use them if we need padding or if we have to
-         * set the escape bit.
-         */
-        if ((j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) && (!s->s2->escape)) {
-            if (j > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER)
-                j = SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER;
-            /*
-             * set k to the max number of bytes with 2 byte header
-             */
-            k = j - (j % bs);
-            /* how many data bytes? */
-            len = k - mac_size;
-            s->s2->three_byte_header = 0;
-            p = 0;
-        } else if ((bs <= 1) && (!s->s2->escape)) {
-            /*-
-             * j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, thus
-             * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER
-             */
-            s->s2->three_byte_header = 0;
-            p = 0;
-        } else {                /* we may have to use a 3 byte header */
-
-            /*-
-             * If s->s2->escape is not set, then
-             * j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, and thus
-             * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER.
-             */
-            p = (j % bs);
-            p = (p == 0) ? 0 : (bs - p);
-            if (s->s2->escape) {
-                s->s2->three_byte_header = 1;
-                if (j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
-                    j = SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER;
-            } else
-                s->s2->three_byte_header = (p == 0) ? 0 : 1;
-        }
-    }
-
-    /*-
-     * Now
-     *      j <= SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER
-     * holds, and if s->s2->three_byte_header is set, then even
-     *      j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER.
-     */
-
-    /*
-     * mac_size is the number of MAC bytes len is the number of data bytes we
-     * are going to send p is the number of padding bytes (if it is a
-     * two-byte header, then p == 0)
-     */
-
-    s->s2->wlength = len;
-    s->s2->padding = p;
-    s->s2->mac_data = &(s->s2->wbuf[3]);
-    s->s2->wact_data = &(s->s2->wbuf[3 + mac_size]);
-
-    /*
-     * It would be clearer to write this as follows:
-     *     if (mac_size + len + p > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER)
-     * However |len| is user input that could in theory be very large. We
-     * know |mac_size| and |p| are small, so to avoid any possibility of
-     * overflow we write it like this.
-     *
-     * In theory this should never fail because the logic above should have
-     * modified |len| if it is too big. But we are being cautious.
-     */
-    if (len > (SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER - (mac_size + p))) {
-        return -1;
-    }
-    /* we copy the data into s->s2->wbuf */
-    memcpy(s->s2->wact_data, buf, len);
-    if (p)
-        memset(&(s->s2->wact_data[len]), 0, p); /* arbitrary padding */
-
-    if (!s->s2->clear_text) {
-        s->s2->wact_data_length = len + p;
-        ssl2_mac(s, s->s2->mac_data, 1);
-        s->s2->wlength += p + mac_size;
-        if (ssl2_enc(s, 1) < 1)
-            return -1;
-    }
-
-    /* package up the header */
-    s->s2->wpend_len = s->s2->wlength;
-    if (s->s2->three_byte_header) { /* 3 byte header */
-        pp = s->s2->mac_data;
-        pp -= 3;
-        pp[0] = (s->s2->wlength >> 8) & (THREE_BYTE_MASK >> 8);
-        if (s->s2->escape)
-            pp[0] |= SEC_ESC_BIT;
-        pp[1] = s->s2->wlength & 0xff;
-        pp[2] = s->s2->padding;
-        s->s2->wpend_len += 3;
-    } else {
-        pp = s->s2->mac_data;
-        pp -= 2;
-        pp[0] = ((s->s2->wlength >> 8) & (TWO_BYTE_MASK >> 8)) | TWO_BYTE_BIT;
-        pp[1] = s->s2->wlength & 0xff;
-        s->s2->wpend_len += 2;
-    }
-    s->s2->write_ptr = pp;
-
-    INC32(s->s2->write_sequence); /* expect next number */
-
-    /* lets try to actually write the data */
-    s->s2->wpend_tot = olen;
-    s->s2->wpend_buf = buf;
-
-    s->s2->wpend_ret = len;
-
-    s->s2->wpend_off = 0;
-    return (write_pending(s, buf, olen));
-}
-
-int ssl2_part_read(SSL *s, unsigned long f, int i)
-{
-    unsigned char *p;
-    int j;
-
-    if (i < 0) {
-        /* ssl2_return_error(s); */
-        /*
-         * for non-blocking io, this is not necessarily fatal
-         */
-        return (i);
-    } else {
-        s->init_num += i;
-
-        /*
-         * Check for error.  While there are recoverable errors, this
-         * function is not called when those must be expected; any error
-         * detected here is fatal.
-         */
-        if (s->init_num >= 3) {
-            p = (unsigned char *)s->init_buf->data;
-            if (p[0] == SSL2_MT_ERROR) {
-                j = (p[1] << 8) | p[2];
-                SSLerr((int)f, ssl_mt_error(j));
-                s->init_num -= 3;
-                if (s->init_num > 0)
-                    memmove(p, p + 3, s->init_num);
-            }
-        }
-
-        /*
-         * If it's not an error message, we have some error anyway -- the
-         * message was shorter than expected.  This too is treated as fatal
-         * (at least if SSL_get_error is asked for its opinion).
-         */
-        return (0);
-    }
-}
-
-int ssl2_do_write(SSL *s)
-{
-    int ret;
-
-    ret = ssl2_write(s, &s->init_buf->data[s->init_off], s->init_num);
-    if (ret == s->init_num) {
-        if (s->msg_callback)
-            s->msg_callback(1, s->version, 0, s->init_buf->data,
-                            (size_t)(s->init_off + s->init_num), s,
-                            s->msg_callback_arg);
-        return (1);
-    }
-    if (ret < 0)
-        return (-1);
-    s->init_off += ret;
-    s->init_num -= ret;
-    return (0);
-}
-
-static int ssl_mt_error(int n)
-{
-    int ret;
-
-    switch (n) {
-    case SSL2_PE_NO_CIPHER:
-        ret = SSL_R_PEER_ERROR_NO_CIPHER;
-        break;
-    case SSL2_PE_NO_CERTIFICATE:
-        ret = SSL_R_PEER_ERROR_NO_CERTIFICATE;
-        break;
-    case SSL2_PE_BAD_CERTIFICATE:
-        ret = SSL_R_PEER_ERROR_CERTIFICATE;
-        break;
-    case SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE:
-        ret = SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE;
-        break;
-    default:
-        ret = SSL_R_UNKNOWN_REMOTE_ERROR_TYPE;
-        break;
-    }
-    return (ret);
-}
-#else                           /* !OPENSSL_NO_SSL2 */
-
-# if PEDANTIC
-static void *dummy = &dummy;
-# endif
-
-#endif
diff --git a/freebsd/crypto/openssl/ssl/s2_srvr.c b/freebsd/crypto/openssl/ssl/s2_srvr.c
deleted file mode 100644
index 115bdadb..00000000
--- a/freebsd/crypto/openssl/ssl/s2_srvr.c
+++ /dev/null
@@ -1,1169 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* ssl/s2_srvr.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "ssl_locl.h"
-#ifndef OPENSSL_NO_SSL2
-#include "../crypto/constant_time_locl.h"
-# include <stdio.h>
-# include <openssl/bio.h>
-# include <openssl/rand.h>
-# include <openssl/objects.h>
-# include <openssl/evp.h>
-
-static const SSL_METHOD *ssl2_get_server_method(int ver);
-static int get_client_master_key(SSL *s);
-static int get_client_hello(SSL *s);
-static int server_hello(SSL *s);
-static int get_client_finished(SSL *s);
-static int server_verify(SSL *s);
-static int server_finish(SSL *s);
-static int request_certificate(SSL *s);
-static int ssl_rsa_private_decrypt(CERT *c, int len, unsigned char *from,
-                                   unsigned char *to, int padding);
-# define BREAK   break
-
-static const SSL_METHOD *ssl2_get_server_method(int ver)
-{
-    if (ver == SSL2_VERSION)
-        return (SSLv2_server_method());
-    else
-        return (NULL);
-}
-
-IMPLEMENT_ssl2_meth_func(SSLv2_server_method,
-                         ssl2_accept,
-                         ssl_undefined_function, ssl2_get_server_method)
-
-int ssl2_accept(SSL *s)
-{
-    unsigned long l = (unsigned long)time(NULL);
-    BUF_MEM *buf = NULL;
-    int ret = -1;
-    long num1;
-    void (*cb) (const SSL *ssl, int type, int val) = NULL;
-    int new_state, state;
-
-    RAND_add(&l, sizeof(l), 0);
-    ERR_clear_error();
-    clear_sys_error();
-
-    if (s->info_callback != NULL)
-        cb = s->info_callback;
-    else if (s->ctx->info_callback != NULL)
-        cb = s->ctx->info_callback;
-
-    /* init things to blank */
-    s->in_handshake++;
-    if (!SSL_in_init(s) || SSL_in_before(s))
-        SSL_clear(s);
-
-    if (s->cert == NULL) {
-        SSLerr(SSL_F_SSL2_ACCEPT, SSL_R_NO_CERTIFICATE_SET);
-        return (-1);
-    }
-
-    clear_sys_error();
-    for (;;) {
-        state = s->state;
-
-        switch (s->state) {
-        case SSL_ST_BEFORE:
-        case SSL_ST_ACCEPT:
-        case SSL_ST_BEFORE | SSL_ST_ACCEPT:
-        case SSL_ST_OK | SSL_ST_ACCEPT:
-
-            s->server = 1;
-            if (cb != NULL)
-                cb(s, SSL_CB_HANDSHAKE_START, 1);
-
-            s->version = SSL2_VERSION;
-            s->type = SSL_ST_ACCEPT;
-
-            if (s->init_buf == NULL) {
-                if ((buf = BUF_MEM_new()) == NULL) {
-                    ret = -1;
-                    goto end;
-                }
-                if (!BUF_MEM_grow
-                    (buf, (int)SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) {
-                    BUF_MEM_free(buf);
-                    ret = -1;
-                    goto end;
-                }
-                s->init_buf = buf;
-            }
-            s->init_num = 0;
-            s->ctx->stats.sess_accept++;
-            s->handshake_func = ssl2_accept;
-            s->state = SSL2_ST_GET_CLIENT_HELLO_A;
-            BREAK;
-
-        case SSL2_ST_GET_CLIENT_HELLO_A:
-        case SSL2_ST_GET_CLIENT_HELLO_B:
-        case SSL2_ST_GET_CLIENT_HELLO_C:
-            s->shutdown = 0;
-            ret = get_client_hello(s);
-            if (ret <= 0)
-                goto end;
-            s->init_num = 0;
-            s->state = SSL2_ST_SEND_SERVER_HELLO_A;
-            BREAK;
-
-        case SSL2_ST_SEND_SERVER_HELLO_A:
-        case SSL2_ST_SEND_SERVER_HELLO_B:
-            ret = server_hello(s);
-            if (ret <= 0)
-                goto end;
-            s->init_num = 0;
-            if (!s->hit) {
-                s->state = SSL2_ST_GET_CLIENT_MASTER_KEY_A;
-                BREAK;
-            } else {
-                s->state = SSL2_ST_SERVER_START_ENCRYPTION;
-                BREAK;
-            }
-        case SSL2_ST_GET_CLIENT_MASTER_KEY_A:
-        case SSL2_ST_GET_CLIENT_MASTER_KEY_B:
-            ret = get_client_master_key(s);
-            if (ret <= 0)
-                goto end;
-            s->init_num = 0;
-            s->state = SSL2_ST_SERVER_START_ENCRYPTION;
-            BREAK;
-
-        case SSL2_ST_SERVER_START_ENCRYPTION:
-            /*
-             * Ok we how have sent all the stuff needed to start encrypting,
-             * the next packet back will be encrypted.
-             */
-            if (!ssl2_enc_init(s, 0)) {
-                ret = -1;
-                goto end;
-            }
-            s->s2->clear_text = 0;
-            s->state = SSL2_ST_SEND_SERVER_VERIFY_A;
-            BREAK;
-
-        case SSL2_ST_SEND_SERVER_VERIFY_A:
-        case SSL2_ST_SEND_SERVER_VERIFY_B:
-            ret = server_verify(s);
-            if (ret <= 0)
-                goto end;
-            s->init_num = 0;
-            if (s->hit) {
-                /*
-                 * If we are in here, we have been buffering the output, so
-                 * we need to flush it and remove buffering from future
-                 * traffic
-                 */
-                s->state = SSL2_ST_SEND_SERVER_VERIFY_C;
-                BREAK;
-            } else {
-                s->state = SSL2_ST_GET_CLIENT_FINISHED_A;
-                break;
-            }
-
-        case SSL2_ST_SEND_SERVER_VERIFY_C:
-            /* get the number of bytes to write */
-            num1 = BIO_ctrl(s->wbio, BIO_CTRL_INFO, 0, NULL);
-            if (num1 > 0) {
-                s->rwstate = SSL_WRITING;
-                num1 = BIO_flush(s->wbio);
-                if (num1 <= 0) {
-                    ret = -1;
-                    goto end;
-                }
-                s->rwstate = SSL_NOTHING;
-            }
-
-            /* flushed and now remove buffering */
-            s->wbio = BIO_pop(s->wbio);
-
-            s->state = SSL2_ST_GET_CLIENT_FINISHED_A;
-            BREAK;
-
-        case SSL2_ST_GET_CLIENT_FINISHED_A:
-        case SSL2_ST_GET_CLIENT_FINISHED_B:
-            ret = get_client_finished(s);
-            if (ret <= 0)
-                goto end;
-            s->init_num = 0;
-            s->state = SSL2_ST_SEND_REQUEST_CERTIFICATE_A;
-            BREAK;
-
-        case SSL2_ST_SEND_REQUEST_CERTIFICATE_A:
-        case SSL2_ST_SEND_REQUEST_CERTIFICATE_B:
-        case SSL2_ST_SEND_REQUEST_CERTIFICATE_C:
-        case SSL2_ST_SEND_REQUEST_CERTIFICATE_D:
-            /*
-             * don't do a 'request certificate' if we don't want to, or we
-             * already have one, and we only want to do it once.
-             */
-            if (!(s->verify_mode & SSL_VERIFY_PEER) ||
-                ((s->session->peer != NULL) &&
-                 (s->verify_mode & SSL_VERIFY_CLIENT_ONCE))) {
-                s->state = SSL2_ST_SEND_SERVER_FINISHED_A;
-                break;
-            } else {
-                ret = request_certificate(s);
-                if (ret <= 0)
-                    goto end;
-                s->init_num = 0;
-                s->state = SSL2_ST_SEND_SERVER_FINISHED_A;
-            }
-            BREAK;
-
-        case SSL2_ST_SEND_SERVER_FINISHED_A:
-        case SSL2_ST_SEND_SERVER_FINISHED_B:
-            ret = server_finish(s);
-            if (ret <= 0)
-                goto end;
-            s->init_num = 0;
-            s->state = SSL_ST_OK;
-            break;
-
-        case SSL_ST_OK:
-            BUF_MEM_free(s->init_buf);
-            ssl_free_wbio_buffer(s);
-            s->init_buf = NULL;
-            s->init_num = 0;
-            /*      ERR_clear_error(); */
-
-            ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
-
-            s->ctx->stats.sess_accept_good++;
-            /* s->server=1; */
-            ret = 1;
-
-            if (cb != NULL)
-                cb(s, SSL_CB_HANDSHAKE_DONE, 1);
-
-            goto end;
-            /* BREAK; */
-
-        default:
-            SSLerr(SSL_F_SSL2_ACCEPT, SSL_R_UNKNOWN_STATE);
-            ret = -1;
-            goto end;
-            /* BREAK; */
-        }
-
-        if ((cb != NULL) && (s->state != state)) {
-            new_state = s->state;
-            s->state = state;
-            cb(s, SSL_CB_ACCEPT_LOOP, 1);
-            s->state = new_state;
-        }
-    }
- end:
-    s->in_handshake--;
-    if (cb != NULL)
-        cb(s, SSL_CB_ACCEPT_EXIT, ret);
-    return (ret);
-}
-
-static int get_client_master_key(SSL *s)
-{
-    int is_export, i, n, keya;
-    unsigned int num_encrypted_key_bytes, key_length;
-    unsigned long len;
-    unsigned char *p;
-    const SSL_CIPHER *cp;
-    const EVP_CIPHER *c;
-    const EVP_MD *md;
-    unsigned char rand_premaster_secret[SSL_MAX_MASTER_KEY_LENGTH];
-    unsigned char decrypt_good;
-    size_t j;
-
-    p = (unsigned char *)s->init_buf->data;
-    if (s->state == SSL2_ST_GET_CLIENT_MASTER_KEY_A) {
-        i = ssl2_read(s, (char *)&(p[s->init_num]), 10 - s->init_num);
-
-        if (i < (10 - s->init_num))
-            return (ssl2_part_read(s, SSL_F_GET_CLIENT_MASTER_KEY, i));
-        s->init_num = 10;
-
-        if (*(p++) != SSL2_MT_CLIENT_MASTER_KEY) {
-            if (p[-1] != SSL2_MT_ERROR) {
-                ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-                SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
-                       SSL_R_READ_WRONG_PACKET_TYPE);
-            } else
-                SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_PEER_ERROR);
-            return (-1);
-        }
-
-        cp = ssl2_get_cipher_by_char(p);
-        if (cp == NULL || sk_SSL_CIPHER_find(s->session->ciphers, cp) < 0) {
-            ssl2_return_error(s, SSL2_PE_NO_CIPHER);
-            SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_CIPHER_MATCH);
-            return (-1);
-        }
-        s->session->cipher = cp;
-
-        p += 3;
-        n2s(p, i);
-        s->s2->tmp.clear = i;
-        n2s(p, i);
-        s->s2->tmp.enc = i;
-        n2s(p, i);
-        if (i > SSL_MAX_KEY_ARG_LENGTH) {
-            ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-            SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_KEY_ARG_TOO_LONG);
-            return -1;
-        }
-        s->session->key_arg_length = i;
-        s->state = SSL2_ST_GET_CLIENT_MASTER_KEY_B;
-    }
-
-    /* SSL2_ST_GET_CLIENT_MASTER_KEY_B */
-    p = (unsigned char *)s->init_buf->data;
-    if (s->init_buf->length < SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) {
-        ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-        SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
-        return -1;
-    }
-    keya = s->session->key_arg_length;
-    len =
-        10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc +
-        (unsigned long)keya;
-    if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) {
-        ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-        SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_MESSAGE_TOO_LONG);
-        return -1;
-    }
-    n = (int)len - s->init_num;
-    i = ssl2_read(s, (char *)&(p[s->init_num]), n);
-    if (i != n)
-        return (ssl2_part_read(s, SSL_F_GET_CLIENT_MASTER_KEY, i));
-    if (s->msg_callback) {
-        /* CLIENT-MASTER-KEY */
-        s->msg_callback(0, s->version, 0, p, (size_t)len, s,
-                        s->msg_callback_arg);
-    }
-    p += 10;
-
-    memcpy(s->session->key_arg, &(p[s->s2->tmp.clear + s->s2->tmp.enc]),
-           (unsigned int)keya);
-
-    if (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) {
-        ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-        SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_PRIVATEKEY);
-        return (-1);
-    }
-
-    is_export = SSL_C_IS_EXPORT(s->session->cipher);
-
-    if (!ssl_cipher_get_evp(s->session, &c, &md, NULL, NULL, NULL)) {
-        ssl2_return_error(s, SSL2_PE_NO_CIPHER);
-        SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
-               SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
-        return (0);
-    }
-
-    /*
-     * The format of the CLIENT-MASTER-KEY message is
-     * 1 byte message type
-     * 3 bytes cipher
-     * 2-byte clear key length (stored in s->s2->tmp.clear)
-     * 2-byte encrypted key length (stored in s->s2->tmp.enc)
-     * 2-byte key args length (IV etc)
-     * clear key
-     * encrypted key
-     * key args
-     *
-     * If the cipher is an export cipher, then the encrypted key bytes
-     * are a fixed portion of the total key (5 or 8 bytes). The size of
-     * this portion is in |num_encrypted_key_bytes|. If the cipher is not an
-     * export cipher, then the entire key material is encrypted (i.e., clear
-     * key length must be zero).
-     */
-    key_length = (unsigned int)EVP_CIPHER_key_length(c);
-    if (key_length > SSL_MAX_MASTER_KEY_LENGTH) {
-        ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-        SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
-        return -1;
-    }
-
-    if (s->session->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC) {
-        is_export = 1;
-        num_encrypted_key_bytes = 8;
-    } else if (is_export) {
-        num_encrypted_key_bytes = 5;
-    } else {
-        num_encrypted_key_bytes = key_length;
-    }
-
-    if (s->s2->tmp.clear + num_encrypted_key_bytes != key_length) {
-        ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-        SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_LENGTH);
-        return -1;
-    }
-    /*
-     * The encrypted blob must decrypt to the encrypted portion of the key.
-     * Decryption can't be expanding, so if we don't have enough encrypted
-     * bytes to fit the key in the buffer, stop now.
-     */
-    if (s->s2->tmp.enc < num_encrypted_key_bytes) {
-        ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
-        SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_LENGTH_TOO_SHORT);
-        return -1;
-    }
-
-    /*
-     * We must not leak whether a decryption failure occurs because of
-     * Bleichenbacher's attack on PKCS #1 v1.5 RSA padding (see RFC 2246,
-     * section 7.4.7.1). The code follows that advice of the TLS RFC and
-     * generates a random premaster secret for the case that the decrypt
-     * fails. See https://tools.ietf.org/html/rfc5246#section-7.4.7.1
-     */
-
-    if (RAND_bytes(rand_premaster_secret,
-                  (int)num_encrypted_key_bytes) <= 0)
-        return 0;
-
-    i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc,
-                                &(p[s->s2->tmp.clear]),
-                                &(p[s->s2->tmp.clear]),
-                                (s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING :
-                                RSA_PKCS1_PADDING);
-    ERR_clear_error();
-    /*
-     * If a bad decrypt, continue with protocol but with a random master
-     * secret (Bleichenbacher attack)
-     */
-    decrypt_good = constant_time_eq_int_8(i, (int)num_encrypted_key_bytes);
-    for (j = 0; j < num_encrypted_key_bytes; j++) {
-        p[s->s2->tmp.clear + j] =
-                constant_time_select_8(decrypt_good, p[s->s2->tmp.clear + j],
-                                       rand_premaster_secret[j]);
-    }
-
-    s->session->master_key_length = (int)key_length;
-    memcpy(s->session->master_key, p, key_length);
-    OPENSSL_cleanse(p, key_length);
-
-    return 1;
-}
-
-static int get_client_hello(SSL *s)
-{
-    int i, n;
-    unsigned long len;
-    unsigned char *p;
-    STACK_OF(SSL_CIPHER) *cs;   /* a stack of SSL_CIPHERS */
-    STACK_OF(SSL_CIPHER) *cl;   /* the ones we want to use */
-    STACK_OF(SSL_CIPHER) *prio, *allow;
-    int z;
-
-    /*
-     * This is a bit of a hack to check for the correct packet type the first
-     * time round.
-     */
-    if (s->state == SSL2_ST_GET_CLIENT_HELLO_A) {
-        s->first_packet = 1;
-        s->state = SSL2_ST_GET_CLIENT_HELLO_B;
-    }
-
-    p = (unsigned char *)s->init_buf->data;
-    if (s->state == SSL2_ST_GET_CLIENT_HELLO_B) {
-        i = ssl2_read(s, (char *)&(p[s->init_num]), 9 - s->init_num);
-        if (i < (9 - s->init_num))
-            return (ssl2_part_read(s, SSL_F_GET_CLIENT_HELLO, i));
-        s->init_num = 9;
-
-        if (*(p++) != SSL2_MT_CLIENT_HELLO) {
-            if (p[-1] != SSL2_MT_ERROR) {
-                ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-                SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_READ_WRONG_PACKET_TYPE);
-            } else
-                SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_PEER_ERROR);
-            return (-1);
-        }
-        n2s(p, i);
-        if (i < s->version)
-            s->version = i;
-        n2s(p, i);
-        s->s2->tmp.cipher_spec_length = i;
-        n2s(p, i);
-        s->s2->tmp.session_id_length = i;
-        if ((i < 0) || (i > SSL_MAX_SSL_SESSION_ID_LENGTH)) {
-            ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-            SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
-            return -1;
-        }
-        n2s(p, i);
-        s->s2->challenge_length = i;
-        if ((i < SSL2_MIN_CHALLENGE_LENGTH) ||
-            (i > SSL2_MAX_CHALLENGE_LENGTH)) {
-            ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-            SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_INVALID_CHALLENGE_LENGTH);
-            return (-1);
-        }
-        s->state = SSL2_ST_GET_CLIENT_HELLO_C;
-    }
-
-    /* SSL2_ST_GET_CLIENT_HELLO_C */
-    p = (unsigned char *)s->init_buf->data;
-    len =
-        9 + (unsigned long)s->s2->tmp.cipher_spec_length +
-        (unsigned long)s->s2->challenge_length +
-        (unsigned long)s->s2->tmp.session_id_length;
-    if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) {
-        ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-        SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_MESSAGE_TOO_LONG);
-        return -1;
-    }
-    n = (int)len - s->init_num;
-    i = ssl2_read(s, (char *)&(p[s->init_num]), n);
-    if (i != n)
-        return (ssl2_part_read(s, SSL_F_GET_CLIENT_HELLO, i));
-    if (s->msg_callback) {
-        /* CLIENT-HELLO */
-        s->msg_callback(0, s->version, 0, p, (size_t)len, s,
-                        s->msg_callback_arg);
-    }
-    p += 9;
-
-    /*
-     * get session-id before cipher stuff so we can get out session structure
-     * if it is cached
-     */
-    /* session-id */
-    if ((s->s2->tmp.session_id_length != 0) &&
-        (s->s2->tmp.session_id_length != SSL2_SSL_SESSION_ID_LENGTH)) {
-        ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-        SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_BAD_SSL_SESSION_ID_LENGTH);
-        return (-1);
-    }
-
-    if (s->s2->tmp.session_id_length == 0) {
-        if (!ssl_get_new_session(s, 1)) {
-            ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-            return (-1);
-        }
-    } else {
-        i = ssl_get_prev_session(s, &(p[s->s2->tmp.cipher_spec_length]),
-                                 s->s2->tmp.session_id_length, NULL);
-        if (i == 1) {           /* previous session */
-            s->hit = 1;
-        } else if (i == -1) {
-            ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-            return (-1);
-        } else {
-            if (s->cert == NULL) {
-                ssl2_return_error(s, SSL2_PE_NO_CERTIFICATE);
-                SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_NO_CERTIFICATE_SET);
-                return (-1);
-            }
-
-            if (!ssl_get_new_session(s, 1)) {
-                ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-                return (-1);
-            }
-        }
-    }
-
-    if (!s->hit) {
-        cs = ssl_bytes_to_cipher_list(s, p, s->s2->tmp.cipher_spec_length,
-                                      &s->session->ciphers);
-        if (cs == NULL)
-            goto mem_err;
-
-        cl = SSL_get_ciphers(s);
-
-        if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
-            prio = sk_SSL_CIPHER_dup(cl);
-            if (prio == NULL)
-                goto mem_err;
-            allow = cs;
-        } else {
-            prio = cs;
-            allow = cl;
-        }
-
-        /* Generate list of SSLv2 ciphers shared between client and server */
-        for (z = 0; z < sk_SSL_CIPHER_num(prio); z++) {
-            const SSL_CIPHER *cp = sk_SSL_CIPHER_value(prio, z);
-            if ((cp->algorithm_ssl & SSL_SSLV2) == 0 ||
-                sk_SSL_CIPHER_find(allow, cp) < 0) {
-                (void)sk_SSL_CIPHER_delete(prio, z);
-                z--;
-            }
-        }
-        if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
-            sk_SSL_CIPHER_free(s->session->ciphers);
-            s->session->ciphers = prio;
-        }
-
-        /* Make sure we have at least one cipher in common */
-        if (sk_SSL_CIPHER_num(s->session->ciphers) == 0) {
-            ssl2_return_error(s, SSL2_PE_NO_CIPHER);
-            SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_NO_CIPHER_MATCH);
-            return -1;
-        }
-        /*
-         * s->session->ciphers should now have a list of ciphers that are on
-         * both the client and server. This list is ordered by the order the
-         * client sent the ciphers or in the order of the server's preference
-         * if SSL_OP_CIPHER_SERVER_PREFERENCE was set.
-         */
-    }
-    p += s->s2->tmp.cipher_spec_length;
-    /* done cipher selection */
-
-    /* session id extracted already */
-    p += s->s2->tmp.session_id_length;
-
-    /* challenge */
-    if (s->s2->challenge_length > sizeof(s->s2->challenge)) {
-        ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-        SSLerr(SSL_F_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
-        return -1;
-    }
-    memcpy(s->s2->challenge, p, (unsigned int)s->s2->challenge_length);
-    return (1);
- mem_err:
-    SSLerr(SSL_F_GET_CLIENT_HELLO, ERR_R_MALLOC_FAILURE);
-    return (0);
-}
-
-static int server_hello(SSL *s)
-{
-    unsigned char *p, *d;
-    int n, hit;
-
-    p = (unsigned char *)s->init_buf->data;
-    if (s->state == SSL2_ST_SEND_SERVER_HELLO_A) {
-        d = p + 11;
-        *(p++) = SSL2_MT_SERVER_HELLO; /* type */
-        hit = s->hit;
-        *(p++) = (unsigned char)hit;
-# if 1
-        if (!hit) {
-            if (s->session->sess_cert != NULL)
-                /*
-                 * This can't really happen because get_client_hello has
-                 * called ssl_get_new_session, which does not set sess_cert.
-                 */
-                ssl_sess_cert_free(s->session->sess_cert);
-            s->session->sess_cert = ssl_sess_cert_new();
-            if (s->session->sess_cert == NULL) {
-                SSLerr(SSL_F_SERVER_HELLO, ERR_R_MALLOC_FAILURE);
-                return (-1);
-            }
-        }
-        /*
-         * If 'hit' is set, then s->sess_cert may be non-NULL or NULL,
-         * depending on whether it survived in the internal cache or was
-         * retrieved from an external cache. If it is NULL, we cannot put any
-         * useful data in it anyway, so we don't touch it.
-         */
-
-# else                          /* That's what used to be done when cert_st
-                                 * and sess_cert_st were * the same. */
-        if (!hit) {             /* else add cert to session */
-            CRYPTO_add(&s->cert->references, 1, CRYPTO_LOCK_SSL_CERT);
-            if (s->session->sess_cert != NULL)
-                ssl_cert_free(s->session->sess_cert);
-            s->session->sess_cert = s->cert;
-        } else {                /* We have a session id-cache hit, if the *
-                                 * session-id has no certificate listed
-                                 * against * the 'cert' structure, grab the
-                                 * 'old' one * listed against the SSL
-                                 * connection */
-            if (s->session->sess_cert == NULL) {
-                CRYPTO_add(&s->cert->references, 1, CRYPTO_LOCK_SSL_CERT);
-                s->session->sess_cert = s->cert;
-            }
-        }
-# endif
-
-        if (s->cert == NULL) {
-            ssl2_return_error(s, SSL2_PE_NO_CERTIFICATE);
-            SSLerr(SSL_F_SERVER_HELLO, SSL_R_NO_CERTIFICATE_SPECIFIED);
-            return (-1);
-        }
-
-        if (hit) {
-            *(p++) = 0;         /* no certificate type */
-            s2n(s->version, p); /* version */
-            s2n(0, p);          /* cert len */
-            s2n(0, p);          /* ciphers len */
-        } else {
-            /* EAY EAY */
-            /* put certificate type */
-            *(p++) = SSL2_CT_X509_CERTIFICATE;
-            s2n(s->version, p); /* version */
-            n = i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509, NULL);
-            s2n(n, p);          /* certificate length */
-            i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509, &d);
-            n = 0;
-
-            /*
-             * lets send out the ciphers we like in the prefered order
-             */
-            n = ssl_cipher_list_to_bytes(s, s->session->ciphers, d, 0);
-            d += n;
-            s2n(n, p);          /* add cipher length */
-        }
-
-        /* make and send conn_id */
-        s2n(SSL2_CONNECTION_ID_LENGTH, p); /* add conn_id length */
-        s->s2->conn_id_length = SSL2_CONNECTION_ID_LENGTH;
-        if (RAND_bytes(s->s2->conn_id, (int)s->s2->conn_id_length) <= 0)
-            return -1;
-        memcpy(d, s->s2->conn_id, SSL2_CONNECTION_ID_LENGTH);
-        d += SSL2_CONNECTION_ID_LENGTH;
-
-        s->state = SSL2_ST_SEND_SERVER_HELLO_B;
-        s->init_num = d - (unsigned char *)s->init_buf->data;
-        s->init_off = 0;
-    }
-    /* SSL2_ST_SEND_SERVER_HELLO_B */
-    /*
-     * If we are using TCP/IP, the performance is bad if we do 2 writes
-     * without a read between them.  This occurs when Session-id reuse is
-     * used, so I will put in a buffering module
-     */
-    if (s->hit) {
-        if (!ssl_init_wbio_buffer(s, 1))
-            return (-1);
-    }
-
-    return (ssl2_do_write(s));
-}
-
-static int get_client_finished(SSL *s)
-{
-    unsigned char *p;
-    int i, n;
-    unsigned long len;
-
-    p = (unsigned char *)s->init_buf->data;
-    if (s->state == SSL2_ST_GET_CLIENT_FINISHED_A) {
-        i = ssl2_read(s, (char *)&(p[s->init_num]), 1 - s->init_num);
-        if (i < 1 - s->init_num)
-            return (ssl2_part_read(s, SSL_F_GET_CLIENT_FINISHED, i));
-        s->init_num += i;
-
-        if (*p != SSL2_MT_CLIENT_FINISHED) {
-            if (*p != SSL2_MT_ERROR) {
-                ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-                SSLerr(SSL_F_GET_CLIENT_FINISHED,
-                       SSL_R_READ_WRONG_PACKET_TYPE);
-            } else {
-                SSLerr(SSL_F_GET_CLIENT_FINISHED, SSL_R_PEER_ERROR);
-                /* try to read the error message */
-                i = ssl2_read(s, (char *)&(p[s->init_num]), 3 - s->init_num);
-                return ssl2_part_read(s, SSL_F_GET_SERVER_VERIFY, i);
-            }
-            return (-1);
-        }
-        s->state = SSL2_ST_GET_CLIENT_FINISHED_B;
-    }
-
-    /* SSL2_ST_GET_CLIENT_FINISHED_B */
-    if (s->s2->conn_id_length > sizeof(s->s2->conn_id)) {
-        ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-        SSLerr(SSL_F_GET_CLIENT_FINISHED, ERR_R_INTERNAL_ERROR);
-        return -1;
-    }
-    len = 1 + (unsigned long)s->s2->conn_id_length;
-    n = (int)len - s->init_num;
-    i = ssl2_read(s, (char *)&(p[s->init_num]), n);
-    if (i < n) {
-        return (ssl2_part_read(s, SSL_F_GET_CLIENT_FINISHED, i));
-    }
-    if (s->msg_callback) {
-        /* CLIENT-FINISHED */
-        s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg);
-    }
-    p += 1;
-    if (memcmp(p, s->s2->conn_id, s->s2->conn_id_length) != 0) {
-        ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-        SSLerr(SSL_F_GET_CLIENT_FINISHED, SSL_R_CONNECTION_ID_IS_DIFFERENT);
-        return (-1);
-    }
-    return (1);
-}
-
-static int server_verify(SSL *s)
-{
-    unsigned char *p;
-
-    if (s->state == SSL2_ST_SEND_SERVER_VERIFY_A) {
-        p = (unsigned char *)s->init_buf->data;
-        *(p++) = SSL2_MT_SERVER_VERIFY;
-        if (s->s2->challenge_length > sizeof(s->s2->challenge)) {
-            SSLerr(SSL_F_SERVER_VERIFY, ERR_R_INTERNAL_ERROR);
-            return -1;
-        }
-        memcpy(p, s->s2->challenge, (unsigned int)s->s2->challenge_length);
-        /* p+=s->s2->challenge_length; */
-
-        s->state = SSL2_ST_SEND_SERVER_VERIFY_B;
-        s->init_num = s->s2->challenge_length + 1;
-        s->init_off = 0;
-    }
-    return (ssl2_do_write(s));
-}
-
-static int server_finish(SSL *s)
-{
-    unsigned char *p;
-
-    if (s->state == SSL2_ST_SEND_SERVER_FINISHED_A) {
-        p = (unsigned char *)s->init_buf->data;
-        *(p++) = SSL2_MT_SERVER_FINISHED;
-
-        if (s->session->session_id_length > sizeof(s->session->session_id)) {
-            SSLerr(SSL_F_SERVER_FINISH, ERR_R_INTERNAL_ERROR);
-            return -1;
-        }
-        memcpy(p, s->session->session_id,
-               (unsigned int)s->session->session_id_length);
-        /* p+=s->session->session_id_length; */
-
-        s->state = SSL2_ST_SEND_SERVER_FINISHED_B;
-        s->init_num = s->session->session_id_length + 1;
-        s->init_off = 0;
-    }
-
-    /* SSL2_ST_SEND_SERVER_FINISHED_B */
-    return (ssl2_do_write(s));
-}
-
-/* send the request and check the response */
-static int request_certificate(SSL *s)
-{
-    const unsigned char *cp;
-    unsigned char *p, *p2, *buf2;
-    unsigned char *ccd;
-    int i, j, ctype, ret = -1;
-    unsigned long len;
-    X509 *x509 = NULL;
-    STACK_OF(X509) *sk = NULL;
-
-    ccd = s->s2->tmp.ccl;
-    if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_A) {
-        p = (unsigned char *)s->init_buf->data;
-        *(p++) = SSL2_MT_REQUEST_CERTIFICATE;
-        *(p++) = SSL2_AT_MD5_WITH_RSA_ENCRYPTION;
-        if (RAND_bytes(ccd, SSL2_MIN_CERT_CHALLENGE_LENGTH) <= 0)
-            return -1;
-        memcpy(p, ccd, SSL2_MIN_CERT_CHALLENGE_LENGTH);
-
-        s->state = SSL2_ST_SEND_REQUEST_CERTIFICATE_B;
-        s->init_num = SSL2_MIN_CERT_CHALLENGE_LENGTH + 2;
-        s->init_off = 0;
-    }
-
-    if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_B) {
-        i = ssl2_do_write(s);
-        if (i <= 0) {
-            ret = i;
-            goto end;
-        }
-
-        s->init_num = 0;
-        s->state = SSL2_ST_SEND_REQUEST_CERTIFICATE_C;
-    }
-
-    if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_C) {
-        p = (unsigned char *)s->init_buf->data;
-        /* try to read 6 octets ... */
-        i = ssl2_read(s, (char *)&(p[s->init_num]), 6 - s->init_num);
-        /*
-         * ... but don't call ssl2_part_read now if we got at least 3
-         * (probably NO-CERTIFICATE-ERROR)
-         */
-        if (i < 3 - s->init_num) {
-            ret = ssl2_part_read(s, SSL_F_REQUEST_CERTIFICATE, i);
-            goto end;
-        }
-        s->init_num += i;
-
-        if ((s->init_num >= 3) && (p[0] == SSL2_MT_ERROR)) {
-            n2s(p, i);
-            if (i != SSL2_PE_NO_CERTIFICATE) {
-                /*
-                 * not the error message we expected -- let ssl2_part_read
-                 * handle it
-                 */
-                s->init_num -= 3;
-                ret = ssl2_part_read(s, SSL_F_REQUEST_CERTIFICATE, 3);
-                goto end;
-            }
-
-            if (s->msg_callback) {
-                /* ERROR */
-                s->msg_callback(0, s->version, 0, p, 3, s,
-                                s->msg_callback_arg);
-            }
-
-            /*
-             * this is the one place where we can recover from an SSL 2.0
-             * error
-             */
-
-            if (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) {
-                ssl2_return_error(s, SSL2_PE_BAD_CERTIFICATE);
-                SSLerr(SSL_F_REQUEST_CERTIFICATE,
-                       SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
-                goto end;
-            }
-            ret = 1;
-            goto end;
-        }
-        if ((*(p++) != SSL2_MT_CLIENT_CERTIFICATE) || (s->init_num < 6)) {
-            ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-            SSLerr(SSL_F_REQUEST_CERTIFICATE, SSL_R_SHORT_READ);
-            goto end;
-        }
-        if (s->init_num != 6) {
-            SSLerr(SSL_F_REQUEST_CERTIFICATE, ERR_R_INTERNAL_ERROR);
-            goto end;
-        }
-
-        /* ok we have a response */
-        /* certificate type, there is only one right now. */
-        ctype = *(p++);
-        if (ctype != SSL2_AT_MD5_WITH_RSA_ENCRYPTION) {
-            ssl2_return_error(s, SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE);
-            SSLerr(SSL_F_REQUEST_CERTIFICATE, SSL_R_BAD_RESPONSE_ARGUMENT);
-            goto end;
-        }
-        n2s(p, i);
-        s->s2->tmp.clen = i;
-        n2s(p, i);
-        s->s2->tmp.rlen = i;
-        s->state = SSL2_ST_SEND_REQUEST_CERTIFICATE_D;
-    }
-
-    /* SSL2_ST_SEND_REQUEST_CERTIFICATE_D */
-    p = (unsigned char *)s->init_buf->data;
-    len = 6 + (unsigned long)s->s2->tmp.clen + (unsigned long)s->s2->tmp.rlen;
-    if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) {
-        SSLerr(SSL_F_REQUEST_CERTIFICATE, SSL_R_MESSAGE_TOO_LONG);
-        goto end;
-    }
-    j = (int)len - s->init_num;
-    i = ssl2_read(s, (char *)&(p[s->init_num]), j);
-    if (i < j) {
-        ret = ssl2_part_read(s, SSL_F_REQUEST_CERTIFICATE, i);
-        goto end;
-    }
-    if (s->msg_callback) {
-        /* CLIENT-CERTIFICATE */
-        s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg);
-    }
-    p += 6;
-
-    cp = p;
-    x509 = (X509 *)d2i_X509(NULL, &cp, (long)s->s2->tmp.clen);
-    if (x509 == NULL) {
-        SSLerr(SSL_F_REQUEST_CERTIFICATE, ERR_R_X509_LIB);
-        goto msg_end;
-    }
-
-    if (((sk = sk_X509_new_null()) == NULL) || (!sk_X509_push(sk, x509))) {
-        SSLerr(SSL_F_REQUEST_CERTIFICATE, ERR_R_MALLOC_FAILURE);
-        goto msg_end;
-    }
-
-    i = ssl_verify_cert_chain(s, sk);
-
-    if (i > 0) {                /* we like the packet, now check the chksum */
-        EVP_MD_CTX ctx;
-        EVP_PKEY *pkey = NULL;
-
-        EVP_MD_CTX_init(&ctx);
-        if (!EVP_VerifyInit_ex(&ctx, s->ctx->rsa_md5, NULL)
-            || !EVP_VerifyUpdate(&ctx, s->s2->key_material,
-                                 s->s2->key_material_length)
-            || !EVP_VerifyUpdate(&ctx, ccd, SSL2_MIN_CERT_CHALLENGE_LENGTH))
-            goto msg_end;
-
-        i = i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509, NULL);
-        buf2 = OPENSSL_malloc((unsigned int)i);
-        if (buf2 == NULL) {
-            SSLerr(SSL_F_REQUEST_CERTIFICATE, ERR_R_MALLOC_FAILURE);
-            goto msg_end;
-        }
-        p2 = buf2;
-        i = i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509, &p2);
-        if (!EVP_VerifyUpdate(&ctx, buf2, (unsigned int)i)) {
-            OPENSSL_free(buf2);
-            goto msg_end;
-        }
-        OPENSSL_free(buf2);
-
-        pkey = X509_get_pubkey(x509);
-        if (pkey == NULL)
-            goto end;
-        i = EVP_VerifyFinal(&ctx, cp, s->s2->tmp.rlen, pkey);
-        EVP_PKEY_free(pkey);
-        EVP_MD_CTX_cleanup(&ctx);
-
-        if (i > 0) {
-            if (s->session->peer != NULL)
-                X509_free(s->session->peer);
-            s->session->peer = x509;
-            CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509);
-            s->session->verify_result = s->verify_result;
-            ret = 1;
-            goto end;
-        } else {
-            SSLerr(SSL_F_REQUEST_CERTIFICATE, SSL_R_BAD_CHECKSUM);
-            goto msg_end;
-        }
-    } else {
- msg_end:
-        ssl2_return_error(s, SSL2_PE_BAD_CERTIFICATE);
-    }
- end:
-    sk_X509_free(sk);
-    X509_free(x509);
-    return (ret);
-}
-
-static int ssl_rsa_private_decrypt(CERT *c, int len, unsigned char *from,
-                                   unsigned char *to, int padding)
-{
-    RSA *rsa;
-    int i;
-
-    if ((c == NULL) || (c->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL)) {
-        SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT, SSL_R_NO_PRIVATEKEY);
-        return (-1);
-    }
-    if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey->type != EVP_PKEY_RSA) {
-        SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT, SSL_R_PUBLIC_KEY_IS_NOT_RSA);
-        return (-1);
-    }
-    rsa = c->pkeys[SSL_PKEY_RSA_ENC].privatekey->pkey.rsa;
-
-    /* we have the public key */
-    i = RSA_private_decrypt(len, from, to, rsa, padding);
-    if (i < 0)
-        SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT, ERR_R_RSA_LIB);
-    return (i);
-}
-#else                           /* !OPENSSL_NO_SSL2 */
-
-# if PEDANTIC
-static void *dummy = &dummy;
-# endif
-
-#endif
diff --git a/freebsd/crypto/openssl/ssl/s3_both.c b/freebsd/crypto/openssl/ssl/s3_both.c
deleted file mode 100644
index 88409614..00000000
--- a/freebsd/crypto/openssl/ssl/s3_both.c
+++ /dev/null
@@ -1,760 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* ssl/s3_both.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-#include <limits.h>
-#include <string.h>
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-
-/*
- * send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or
- * SSL3_RT_CHANGE_CIPHER_SPEC)
- */
-int ssl3_do_write(SSL *s, int type)
-{
-    int ret;
-
-    ret = ssl3_write_bytes(s, type, &s->init_buf->data[s->init_off],
-                           s->init_num);
-    if (ret < 0)
-        return (-1);
-    if (type == SSL3_RT_HANDSHAKE)
-        /*
-         * should not be done for 'Hello Request's, but in that case we'll
-         * ignore the result anyway
-         */
-        ssl3_finish_mac(s, (unsigned char *)&s->init_buf->data[s->init_off],
-                        ret);
-
-    if (ret == s->init_num) {
-        if (s->msg_callback)
-            s->msg_callback(1, s->version, type, s->init_buf->data,
-                            (size_t)(s->init_off + s->init_num), s,
-                            s->msg_callback_arg);
-        return (1);
-    }
-    s->init_off += ret;
-    s->init_num -= ret;
-    return (0);
-}
-
-int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
-{
-    unsigned char *p;
-    int i;
-    unsigned long l;
-
-    if (s->state == a) {
-        p = ssl_handshake_start(s);
-
-        i = s->method->ssl3_enc->final_finish_mac(s,
-                                                  sender, slen,
-                                                  s->s3->tmp.finish_md);
-        if (i <= 0)
-            return 0;
-        s->s3->tmp.finish_md_len = i;
-        memcpy(p, s->s3->tmp.finish_md, i);
-        l = i;
-
-        /*
-         * Copy the finished so we can use it for renegotiation checks
-         */
-        if (s->type == SSL_ST_CONNECT) {
-            OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
-            memcpy(s->s3->previous_client_finished, s->s3->tmp.finish_md, i);
-            s->s3->previous_client_finished_len = i;
-        } else {
-            OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
-            memcpy(s->s3->previous_server_finished, s->s3->tmp.finish_md, i);
-            s->s3->previous_server_finished_len = i;
-        }
-
-#ifdef OPENSSL_SYS_WIN16
-        /*
-         * MSVC 1.5 does not clear the top bytes of the word unless I do
-         * this.
-         */
-        l &= 0xffff;
-#endif
-        ssl_set_handshake_header(s, SSL3_MT_FINISHED, l);
-        s->state = b;
-    }
-
-    /* SSL3_ST_SEND_xxxxxx_HELLO_B */
-    return ssl_do_write(s);
-}
-
-#ifndef OPENSSL_NO_NEXTPROTONEG
-/*
- * ssl3_take_mac calculates the Finished MAC for the handshakes messages seen
- * to far.
- */
-static void ssl3_take_mac(SSL *s)
-{
-    const char *sender;
-    int slen;
-    /*
-     * If no new cipher setup return immediately: other functions will set
-     * the appropriate error.
-     */
-    if (s->s3->tmp.new_cipher == NULL)
-        return;
-    if (s->state & SSL_ST_CONNECT) {
-        sender = s->method->ssl3_enc->server_finished_label;
-        slen = s->method->ssl3_enc->server_finished_label_len;
-    } else {
-        sender = s->method->ssl3_enc->client_finished_label;
-        slen = s->method->ssl3_enc->client_finished_label_len;
-    }
-
-    s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
-                                                                          sender,
-                                                                          slen,
-                                                                          s->s3->tmp.peer_finish_md);
-}
-#endif
-
-int ssl3_get_finished(SSL *s, int a, int b)
-{
-    int al, i, ok;
-    long n;
-    unsigned char *p;
-
-#ifdef OPENSSL_NO_NEXTPROTONEG
-    /*
-     * the mac has already been generated when we received the change cipher
-     * spec message and is in s->s3->tmp.peer_finish_md
-     */
-#endif
-
-    /* 64 argument should actually be 36+4 :-) */
-    n = s->method->ssl_get_message(s, a, b, SSL3_MT_FINISHED, 64, &ok);
-
-    if (!ok)
-        return ((int)n);
-
-    /* If this occurs, we have missed a message */
-    if (!s->s3->change_cipher_spec) {
-        al = SSL_AD_UNEXPECTED_MESSAGE;
-        SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_GOT_A_FIN_BEFORE_A_CCS);
-        goto f_err;
-    }
-    s->s3->change_cipher_spec = 0;
-
-    p = (unsigned char *)s->init_msg;
-    i = s->s3->tmp.peer_finish_md_len;
-
-    if (i != n) {
-        al = SSL_AD_DECODE_ERROR;
-        SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_BAD_DIGEST_LENGTH);
-        goto f_err;
-    }
-
-    if (CRYPTO_memcmp(p, s->s3->tmp.peer_finish_md, i) != 0) {
-        al = SSL_AD_DECRYPT_ERROR;
-        SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_DIGEST_CHECK_FAILED);
-        goto f_err;
-    }
-
-    /*
-     * Copy the finished so we can use it for renegotiation checks
-     */
-    if (s->type == SSL_ST_ACCEPT) {
-        OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
-        memcpy(s->s3->previous_client_finished, s->s3->tmp.peer_finish_md, i);
-        s->s3->previous_client_finished_len = i;
-    } else {
-        OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
-        memcpy(s->s3->previous_server_finished, s->s3->tmp.peer_finish_md, i);
-        s->s3->previous_server_finished_len = i;
-    }
-
-    return (1);
- f_err:
-    ssl3_send_alert(s, SSL3_AL_FATAL, al);
-    return (0);
-}
-
-/*-
- * for these 2 messages, we need to
- * ssl->enc_read_ctx                    re-init
- * ssl->s3->read_sequence               zero
- * ssl->s3->read_mac_secret             re-init
- * ssl->session->read_sym_enc           assign
- * ssl->session->read_compression       assign
- * ssl->session->read_hash              assign
- */
-int ssl3_send_change_cipher_spec(SSL *s, int a, int b)
-{
-    unsigned char *p;
-
-    if (s->state == a) {
-        p = (unsigned char *)s->init_buf->data;
-        *p = SSL3_MT_CCS;
-        s->init_num = 1;
-        s->init_off = 0;
-
-        s->state = b;
-    }
-
-    /* SSL3_ST_CW_CHANGE_B */
-    return (ssl3_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC));
-}
-
-unsigned long ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk)
-{
-    unsigned char *p;
-    unsigned long l = 3 + SSL_HM_HEADER_LENGTH(s);
-
-    if (!ssl_add_cert_chain(s, cpk, &l))
-        return 0;
-
-    l -= 3 + SSL_HM_HEADER_LENGTH(s);
-    p = ssl_handshake_start(s);
-    l2n3(l, p);
-    l += 3;
-    ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE, l);
-    return l + SSL_HM_HEADER_LENGTH(s);
-}
-
-/*
- * Obtain handshake message of message type 'mt' (any if mt == -1), maximum
- * acceptable body length 'max'. The first four bytes (msg_type and length)
- * are read in state 'st1', the body is read in state 'stn'.
- */
-long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
-{
-    unsigned char *p;
-    unsigned long l;
-    long n;
-    int i, al;
-
-    if (s->s3->tmp.reuse_message) {
-        s->s3->tmp.reuse_message = 0;
-        if ((mt >= 0) && (s->s3->tmp.message_type != mt)) {
-            al = SSL_AD_UNEXPECTED_MESSAGE;
-            SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
-            goto f_err;
-        }
-        *ok = 1;
-        s->state = stn;
-        s->init_msg = s->init_buf->data + SSL3_HM_HEADER_LENGTH;
-        s->init_num = (int)s->s3->tmp.message_size;
-        return s->init_num;
-    }
-
-    p = (unsigned char *)s->init_buf->data;
-
-    if (s->state == st1) {      /* s->init_num < SSL3_HM_HEADER_LENGTH */
-        int skip_message;
-
-        do {
-            while (s->init_num < SSL3_HM_HEADER_LENGTH) {
-                i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
-                                              &p[s->init_num],
-                                              SSL3_HM_HEADER_LENGTH -
-                                              s->init_num, 0);
-                if (i <= 0) {
-                    s->rwstate = SSL_READING;
-                    *ok = 0;
-                    return i;
-                }
-                s->init_num += i;
-            }
-
-            skip_message = 0;
-            if (!s->server)
-                if (p[0] == SSL3_MT_HELLO_REQUEST)
-                    /*
-                     * The server may always send 'Hello Request' messages --
-                     * we are doing a handshake anyway now, so ignore them if
-                     * their format is correct. Does not count for 'Finished'
-                     * MAC.
-                     */
-                    if (p[1] == 0 && p[2] == 0 && p[3] == 0) {
-                        s->init_num = 0;
-                        skip_message = 1;
-
-                        if (s->msg_callback)
-                            s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
-                                            p, SSL3_HM_HEADER_LENGTH, s,
-                                            s->msg_callback_arg);
-                    }
-        }
-        while (skip_message);
-
-        /* s->init_num == SSL3_HM_HEADER_LENGTH */
-
-        if ((mt >= 0) && (*p != mt)) {
-            al = SSL_AD_UNEXPECTED_MESSAGE;
-            SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
-            goto f_err;
-        }
-
-        s->s3->tmp.message_type = *(p++);
-
-        n2l3(p, l);
-        if (l > (unsigned long)max) {
-            al = SSL_AD_ILLEGAL_PARAMETER;
-            SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_EXCESSIVE_MESSAGE_SIZE);
-            goto f_err;
-        }
-        /*
-         * Make buffer slightly larger than message length as a precaution
-         * against small OOB reads e.g. CVE-2016-6306
-         */
-        if (l
-            && !BUF_MEM_grow_clean(s->init_buf,
-                                   (int)l + SSL3_HM_HEADER_LENGTH + 16)) {
-            SSLerr(SSL_F_SSL3_GET_MESSAGE, ERR_R_BUF_LIB);
-            goto err;
-        }
-        s->s3->tmp.message_size = l;
-        s->state = stn;
-
-        s->init_msg = s->init_buf->data + SSL3_HM_HEADER_LENGTH;
-        s->init_num = 0;
-    }
-
-    /* next state (stn) */
-    p = s->init_msg;
-    n = s->s3->tmp.message_size - s->init_num;
-    while (n > 0) {
-        i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &p[s->init_num],
-                                      n, 0);
-        if (i <= 0) {
-            s->rwstate = SSL_READING;
-            *ok = 0;
-            return i;
-        }
-        s->init_num += i;
-        n -= i;
-    }
-
-#ifndef OPENSSL_NO_NEXTPROTONEG
-    /*
-     * If receiving Finished, record MAC of prior handshake messages for
-     * Finished verification.
-     */
-    if (*s->init_buf->data == SSL3_MT_FINISHED)
-        ssl3_take_mac(s);
-#endif
-
-    /* Feed this message into MAC computation. */
-    ssl3_finish_mac(s, (unsigned char *)s->init_buf->data,
-                    s->init_num + SSL3_HM_HEADER_LENGTH);
-    if (s->msg_callback)
-        s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data,
-                        (size_t)s->init_num + SSL3_HM_HEADER_LENGTH, s,
-                        s->msg_callback_arg);
-    *ok = 1;
-    return s->init_num;
- f_err:
-    ssl3_send_alert(s, SSL3_AL_FATAL, al);
- err:
-    *ok = 0;
-    return (-1);
-}
-
-int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
-{
-    EVP_PKEY *pk;
-    int ret = -1, i;
-
-    if (pkey == NULL)
-        pk = X509_get_pubkey(x);
-    else
-        pk = pkey;
-    if (pk == NULL)
-        goto err;
-
-    i = pk->type;
-    if (i == EVP_PKEY_RSA) {
-        ret = SSL_PKEY_RSA_ENC;
-    } else if (i == EVP_PKEY_DSA) {
-        ret = SSL_PKEY_DSA_SIGN;
-    }
-#ifndef OPENSSL_NO_EC
-    else if (i == EVP_PKEY_EC) {
-        ret = SSL_PKEY_ECC;
-    }
-#endif
-    else if (i == NID_id_GostR3410_94 || i == NID_id_GostR3410_94_cc) {
-        ret = SSL_PKEY_GOST94;
-    } else if (i == NID_id_GostR3410_2001 || i == NID_id_GostR3410_2001_cc) {
-        ret = SSL_PKEY_GOST01;
-    } else if (x && (i == EVP_PKEY_DH || i == EVP_PKEY_DHX)) {
-        /*
-         * For DH two cases: DH certificate signed with RSA and DH
-         * certificate signed with DSA.
-         */
-        i = X509_certificate_type(x, pk);
-        if (i & EVP_PKS_RSA)
-            ret = SSL_PKEY_DH_RSA;
-        else if (i & EVP_PKS_DSA)
-            ret = SSL_PKEY_DH_DSA;
-    }
-
- err:
-    if (!pkey)
-        EVP_PKEY_free(pk);
-    return (ret);
-}
-
-int ssl_verify_alarm_type(long type)
-{
-    int al;
-
-    switch (type) {
-    case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
-    case X509_V_ERR_UNABLE_TO_GET_CRL:
-    case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
-        al = SSL_AD_UNKNOWN_CA;
-        break;
-    case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
-    case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
-    case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
-    case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
-    case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
-    case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
-    case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
-    case X509_V_ERR_CERT_NOT_YET_VALID:
-    case X509_V_ERR_CRL_NOT_YET_VALID:
-    case X509_V_ERR_CERT_UNTRUSTED:
-    case X509_V_ERR_CERT_REJECTED:
-    case X509_V_ERR_HOSTNAME_MISMATCH:
-    case X509_V_ERR_EMAIL_MISMATCH:
-    case X509_V_ERR_IP_ADDRESS_MISMATCH:
-        al = SSL_AD_BAD_CERTIFICATE;
-        break;
-    case X509_V_ERR_CERT_SIGNATURE_FAILURE:
-    case X509_V_ERR_CRL_SIGNATURE_FAILURE:
-        al = SSL_AD_DECRYPT_ERROR;
-        break;
-    case X509_V_ERR_CERT_HAS_EXPIRED:
-    case X509_V_ERR_CRL_HAS_EXPIRED:
-        al = SSL_AD_CERTIFICATE_EXPIRED;
-        break;
-    case X509_V_ERR_CERT_REVOKED:
-        al = SSL_AD_CERTIFICATE_REVOKED;
-        break;
-    case X509_V_ERR_UNSPECIFIED:
-    case X509_V_ERR_OUT_OF_MEM:
-    case X509_V_ERR_INVALID_CALL:
-    case X509_V_ERR_STORE_LOOKUP:
-        al = SSL_AD_INTERNAL_ERROR;
-        break;
-    case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
-    case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
-    case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
-    case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
-    case X509_V_ERR_CERT_CHAIN_TOO_LONG:
-    case X509_V_ERR_PATH_LENGTH_EXCEEDED:
-    case X509_V_ERR_INVALID_CA:
-        al = SSL_AD_UNKNOWN_CA;
-        break;
-    case X509_V_ERR_APPLICATION_VERIFICATION:
-        al = SSL_AD_HANDSHAKE_FAILURE;
-        break;
-    case X509_V_ERR_INVALID_PURPOSE:
-        al = SSL_AD_UNSUPPORTED_CERTIFICATE;
-        break;
-    default:
-        al = SSL_AD_CERTIFICATE_UNKNOWN;
-        break;
-    }
-    return (al);
-}
-
-#ifndef OPENSSL_NO_BUF_FREELISTS
-/*-
- * On some platforms, malloc() performance is bad enough that you can't just
- * free() and malloc() buffers all the time, so we need to use freelists from
- * unused buffers.  Currently, each freelist holds memory chunks of only a
- * given size (list->chunklen); other sized chunks are freed and malloced.
- * This doesn't help much if you're using many different SSL option settings
- * with a given context.  (The options affecting buffer size are
- * max_send_fragment, read buffer vs write buffer,
- * SSL_OP_MICROSOFT_BIG_WRITE_BUFFER, SSL_OP_NO_COMPRESSION, and
- * SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS.)  Using a separate freelist for every
- * possible size is not an option, since max_send_fragment can take on many
- * different values.
- *
- * If you are on a platform with a slow malloc(), and you're using SSL
- * connections with many different settings for these options, and you need to
- * use the SSL_MOD_RELEASE_BUFFERS feature, you have a few options:
- *    - Link against a faster malloc implementation.
- *    - Use a separate SSL_CTX for each option set.
- *    - Improve this code.
- */
-static void *freelist_extract(SSL_CTX *ctx, int for_read, int sz)
-{
-    SSL3_BUF_FREELIST *list;
-    SSL3_BUF_FREELIST_ENTRY *ent = NULL;
-    void *result = NULL;
-
-    CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
-    list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist;
-    if (list != NULL && sz == (int)list->chunklen)
-        ent = list->head;
-    if (ent != NULL) {
-        list->head = ent->next;
-        result = ent;
-        if (--list->len == 0)
-            list->chunklen = 0;
-    }
-    CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
-    if (!result)
-        result = OPENSSL_malloc(sz);
-    return result;
-}
-
-static void freelist_insert(SSL_CTX *ctx, int for_read, size_t sz, void *mem)
-{
-    SSL3_BUF_FREELIST *list;
-    SSL3_BUF_FREELIST_ENTRY *ent;
-
-    CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
-    list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist;
-    if (list != NULL &&
-        (sz == list->chunklen || list->chunklen == 0) &&
-        list->len < ctx->freelist_max_len && sz >= sizeof(*ent)) {
-        list->chunklen = sz;
-        ent = mem;
-        ent->next = list->head;
-        list->head = ent;
-        ++list->len;
-        mem = NULL;
-    }
-
-    CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
-    if (mem)
-        OPENSSL_free(mem);
-}
-#else
-# define freelist_extract(c,fr,sz) OPENSSL_malloc(sz)
-# define freelist_insert(c,fr,sz,m) OPENSSL_free(m)
-#endif
-
-int ssl3_setup_read_buffer(SSL *s)
-{
-    unsigned char *p;
-    size_t len, align = 0, headerlen;
-
-    if (SSL_IS_DTLS(s))
-        headerlen = DTLS1_RT_HEADER_LENGTH;
-    else
-        headerlen = SSL3_RT_HEADER_LENGTH;
-
-#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
-    align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1);
-#endif
-
-    if (s->s3->rbuf.buf == NULL) {
-        len = SSL3_RT_MAX_PLAIN_LENGTH
-            + SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
-        if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) {
-            s->s3->init_extra = 1;
-            len += SSL3_RT_MAX_EXTRA;
-        }
-#ifndef OPENSSL_NO_COMP
-        if (!(s->options & SSL_OP_NO_COMPRESSION))
-            len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
-#endif
-        if ((p = freelist_extract(s->ctx, 1, len)) == NULL)
-            goto err;
-        s->s3->rbuf.buf = p;
-        s->s3->rbuf.len = len;
-    }
-
-    s->packet = &(s->s3->rbuf.buf[0]);
-    return 1;
-
- err:
-    SSLerr(SSL_F_SSL3_SETUP_READ_BUFFER, ERR_R_MALLOC_FAILURE);
-    return 0;
-}
-
-int ssl3_setup_write_buffer(SSL *s)
-{
-    unsigned char *p;
-    size_t len, align = 0, headerlen;
-
-    if (SSL_IS_DTLS(s))
-        headerlen = DTLS1_RT_HEADER_LENGTH + 1;
-    else
-        headerlen = SSL3_RT_HEADER_LENGTH;
-
-#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
-    align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1);
-#endif
-
-    if (s->s3->wbuf.buf == NULL) {
-        len = s->max_send_fragment
-            + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
-#ifndef OPENSSL_NO_COMP
-        if (!(s->options & SSL_OP_NO_COMPRESSION))
-            len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
-#endif
-        if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
-            len += headerlen + align + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
-
-        if ((p = freelist_extract(s->ctx, 0, len)) == NULL)
-            goto err;
-        s->s3->wbuf.buf = p;
-        s->s3->wbuf.len = len;
-    }
-
-    return 1;
-
- err:
-    SSLerr(SSL_F_SSL3_SETUP_WRITE_BUFFER, ERR_R_MALLOC_FAILURE);
-    return 0;
-}
-
-int ssl3_setup_buffers(SSL *s)
-{
-    if (!ssl3_setup_read_buffer(s))
-        return 0;
-    if (!ssl3_setup_write_buffer(s))
-        return 0;
-    return 1;
-}
-
-int ssl3_release_write_buffer(SSL *s)
-{
-    if (s->s3->wbuf.buf != NULL) {
-        freelist_insert(s->ctx, 0, s->s3->wbuf.len, s->s3->wbuf.buf);
-        s->s3->wbuf.buf = NULL;
-    }
-    return 1;
-}
-
-int ssl3_release_read_buffer(SSL *s)
-{
-    if (s->s3->rbuf.buf != NULL) {
-        freelist_insert(s->ctx, 1, s->s3->rbuf.len, s->s3->rbuf.buf);
-        s->s3->rbuf.buf = NULL;
-    }
-    return 1;
-}
diff --git a/freebsd/crypto/openssl/ssl/s3_cbc.c b/freebsd/crypto/openssl/ssl/s3_cbc.c
index 1052bbf7..4774ab51 100644
--- a/freebsd/crypto/openssl/ssl/s3_cbc.c
+++ b/freebsd/crypto/openssl/ssl/s3_cbc.c
@@ -1,62 +1,17 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* ssl/s3_cbc.c */
-/* ====================================================================
- * Copyright (c) 2012 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include "../crypto/constant_time_locl.h"
+#include "internal/constant_time_locl.h"
 #include "ssl_locl.h"
+#include "internal/cryptlib.h"
 
 #include <openssl/md5.h>
 #include <openssl/sha.h>
@@ -74,232 +29,6 @@
  */
 #define MAX_HASH_BLOCK_SIZE 128
 
-/*-
- * ssl3_cbc_remove_padding removes padding from the decrypted, SSLv3, CBC
- * record in |rec| by updating |rec->length| in constant time.
- *
- * block_size: the block size of the cipher used to encrypt the record.
- * returns:
- *   0: (in non-constant time) if the record is publicly invalid.
- *   1: if the padding was valid
- *  -1: otherwise.
- */
-int ssl3_cbc_remove_padding(const SSL *s,
-                            SSL3_RECORD *rec,
-                            unsigned block_size, unsigned mac_size)
-{
-    unsigned padding_length, good;
-    const unsigned overhead = 1 /* padding length byte */  + mac_size;
-
-    /*
-     * These lengths are all public so we can test them in non-constant time.
-     */
-    if (overhead > rec->length)
-        return 0;
-
-    padding_length = rec->data[rec->length - 1];
-    good = constant_time_ge(rec->length, padding_length + overhead);
-    /* SSLv3 requires that the padding is minimal. */
-    good &= constant_time_ge(block_size, padding_length + 1);
-    padding_length = good & (padding_length + 1);
-    rec->length -= padding_length;
-    rec->type |= padding_length << 8; /* kludge: pass padding length */
-    return constant_time_select_int(good, 1, -1);
-}
-
-/*-
- * tls1_cbc_remove_padding removes the CBC padding from the decrypted, TLS, CBC
- * record in |rec| in constant time and returns 1 if the padding is valid and
- * -1 otherwise. It also removes any explicit IV from the start of the record
- * without leaking any timing about whether there was enough space after the
- * padding was removed.
- *
- * block_size: the block size of the cipher used to encrypt the record.
- * returns:
- *   0: (in non-constant time) if the record is publicly invalid.
- *   1: if the padding was valid
- *  -1: otherwise.
- */
-int tls1_cbc_remove_padding(const SSL *s,
-                            SSL3_RECORD *rec,
-                            unsigned block_size, unsigned mac_size)
-{
-    unsigned padding_length, good, to_check, i;
-    const unsigned overhead = 1 /* padding length byte */  + mac_size;
-    /* Check if version requires explicit IV */
-    if (SSL_USE_EXPLICIT_IV(s)) {
-        /*
-         * These lengths are all public so we can test them in non-constant
-         * time.
-         */
-        if (overhead + block_size > rec->length)
-            return 0;
-        /* We can now safely skip explicit IV */
-        rec->data += block_size;
-        rec->input += block_size;
-        rec->length -= block_size;
-    } else if (overhead > rec->length)
-        return 0;
-
-    padding_length = rec->data[rec->length - 1];
-
-    /*
-     * NB: if compression is in operation the first packet may not be of even
-     * length so the padding bug check cannot be performed. This bug
-     * workaround has been around since SSLeay so hopefully it is either
-     * fixed now or no buggy implementation supports compression [steve]
-     */
-    if ((s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand) {
-        /* First packet is even in size, so check */
-        if ((CRYPTO_memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0", 8) == 0) &&
-            !(padding_length & 1)) {
-            s->s3->flags |= TLS1_FLAGS_TLS_PADDING_BUG;
-        }
-        if ((s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) && padding_length > 0) {
-            padding_length--;
-        }
-    }
-
-    if (EVP_CIPHER_flags(s->enc_read_ctx->cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
-        /* padding is already verified */
-        rec->length -= padding_length + 1;
-        return 1;
-    }
-
-    good = constant_time_ge(rec->length, overhead + padding_length);
-    /*
-     * The padding consists of a length byte at the end of the record and
-     * then that many bytes of padding, all with the same value as the length
-     * byte. Thus, with the length byte included, there are i+1 bytes of
-     * padding. We can't check just |padding_length+1| bytes because that
-     * leaks decrypted information. Therefore we always have to check the
-     * maximum amount of padding possible. (Again, the length of the record
-     * is public information so we can use it.)
-     */
-    to_check = 255;             /* maximum amount of padding. */
-    if (to_check > rec->length - 1)
-        to_check = rec->length - 1;
-
-    for (i = 0; i < to_check; i++) {
-        unsigned char mask = constant_time_ge_8(padding_length, i);
-        unsigned char b = rec->data[rec->length - 1 - i];
-        /*
-         * The final |padding_length+1| bytes should all have the value
-         * |padding_length|. Therefore the XOR should be zero.
-         */
-        good &= ~(mask & (padding_length ^ b));
-    }
-
-    /*
-     * If any of the final |padding_length+1| bytes had the wrong value, one
-     * or more of the lower eight bits of |good| will be cleared.
-     */
-    good = constant_time_eq(0xff, good & 0xff);
-    padding_length = good & (padding_length + 1);
-    rec->length -= padding_length;
-    rec->type |= padding_length << 8; /* kludge: pass padding length */
-
-    return constant_time_select_int(good, 1, -1);
-}
-
-/*-
- * ssl3_cbc_copy_mac copies |md_size| bytes from the end of |rec| to |out| in
- * constant time (independent of the concrete value of rec->length, which may
- * vary within a 256-byte window).
- *
- * ssl3_cbc_remove_padding or tls1_cbc_remove_padding must be called prior to
- * this function.
- *
- * On entry:
- *   rec->orig_len >= md_size
- *   md_size <= EVP_MAX_MD_SIZE
- *
- * If CBC_MAC_ROTATE_IN_PLACE is defined then the rotation is performed with
- * variable accesses in a 64-byte-aligned buffer. Assuming that this fits into
- * a single or pair of cache-lines, then the variable memory accesses don't
- * actually affect the timing. CPUs with smaller cache-lines [if any] are
- * not multi-core and are not considered vulnerable to cache-timing attacks.
- */
-#define CBC_MAC_ROTATE_IN_PLACE
-
-void ssl3_cbc_copy_mac(unsigned char *out,
-                       const SSL3_RECORD *rec,
-                       unsigned md_size, unsigned orig_len)
-{
-#if defined(CBC_MAC_ROTATE_IN_PLACE)
-    unsigned char rotated_mac_buf[64 + EVP_MAX_MD_SIZE];
-    unsigned char *rotated_mac;
-#else
-    unsigned char rotated_mac[EVP_MAX_MD_SIZE];
-#endif
-
-    /*
-     * mac_end is the index of |rec->data| just after the end of the MAC.
-     */
-    unsigned mac_end = rec->length;
-    unsigned mac_start = mac_end - md_size;
-    /*
-     * scan_start contains the number of bytes that we can ignore because the
-     * MAC's position can only vary by 255 bytes.
-     */
-    unsigned scan_start = 0;
-    unsigned i, j;
-    unsigned div_spoiler;
-    unsigned rotate_offset;
-
-    OPENSSL_assert(orig_len >= md_size);
-    OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE);
-
-#if defined(CBC_MAC_ROTATE_IN_PLACE)
-    rotated_mac = rotated_mac_buf + ((0 - (size_t)rotated_mac_buf) & 63);
-#endif
-
-    /* This information is public so it's safe to branch based on it. */
-    if (orig_len > md_size + 255 + 1)
-        scan_start = orig_len - (md_size + 255 + 1);
-    /*
-     * div_spoiler contains a multiple of md_size that is used to cause the
-     * modulo operation to be constant time. Without this, the time varies
-     * based on the amount of padding when running on Intel chips at least.
-     * The aim of right-shifting md_size is so that the compiler doesn't
-     * figure out that it can remove div_spoiler as that would require it to
-     * prove that md_size is always even, which I hope is beyond it.
-     */
-    div_spoiler = md_size >> 1;
-    div_spoiler <<= (sizeof(div_spoiler) - 1) * 8;
-    rotate_offset = (div_spoiler + mac_start - scan_start) % md_size;
-
-    memset(rotated_mac, 0, md_size);
-    for (i = scan_start, j = 0; i < orig_len; i++) {
-        unsigned char mac_started = constant_time_ge_8(i, mac_start);
-        unsigned char mac_ended = constant_time_ge_8(i, mac_end);
-        unsigned char b = rec->data[i];
-        rotated_mac[j++] |= b & mac_started & ~mac_ended;
-        j &= constant_time_lt(j, md_size);
-    }
-
-    /* Now rotate the MAC */
-#if defined(CBC_MAC_ROTATE_IN_PLACE)
-    j = 0;
-    for (i = 0; i < md_size; i++) {
-        /* in case cache-line is 32 bytes, touch second line */
-        ((volatile unsigned char *)rotated_mac)[rotate_offset ^ 32];
-        out[j++] = rotated_mac[rotate_offset++];
-        rotate_offset &= constant_time_lt(rotate_offset, md_size);
-    }
-#else
-    memset(out, 0, md_size);
-    rotate_offset = md_size - rotate_offset;
-    rotate_offset &= constant_time_lt(rotate_offset, md_size);
-    for (i = 0; i < md_size; i++) {
-        for (j = 0; j < md_size; j++)
-            out[j] |= rotated_mac[i] & constant_time_eq_8(j, rotate_offset);
-        rotate_offset++;
-        rotate_offset &= constant_time_lt(rotate_offset, md_size);
-    }
-#endif
-}
-
 /*
  * u32toLE serialises an unsigned, 32-bit number (n) as four bytes at (p) in
  * little-endian order. The value of p is advanced by four.
@@ -334,9 +63,6 @@ static void tls1_sha1_final_raw(void *ctx, unsigned char *md_out)
     l2n(sha1->h4, md_out);
 }
 
-#define LARGEST_DIGEST_CTX SHA_CTX
-
-#ifndef OPENSSL_NO_SHA256
 static void tls1_sha256_final_raw(void *ctx, unsigned char *md_out)
 {
     SHA256_CTX *sha256 = ctx;
@@ -347,11 +73,6 @@ static void tls1_sha256_final_raw(void *ctx, unsigned char *md_out)
     }
 }
 
-# undef  LARGEST_DIGEST_CTX
-# define LARGEST_DIGEST_CTX SHA256_CTX
-#endif
-
-#ifndef OPENSSL_NO_SHA512
 static void tls1_sha512_final_raw(void *ctx, unsigned char *md_out)
 {
     SHA512_CTX *sha512 = ctx;
@@ -362,9 +83,8 @@ static void tls1_sha512_final_raw(void *ctx, unsigned char *md_out)
     }
 }
 
-# undef  LARGEST_DIGEST_CTX
-# define LARGEST_DIGEST_CTX SHA512_CTX
-#endif
+#undef  LARGEST_DIGEST_CTX
+#define LARGEST_DIGEST_CTX SHA512_CTX
 
 /*
  * ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function
@@ -372,21 +92,13 @@ static void tls1_sha512_final_raw(void *ctx, unsigned char *md_out)
  */
 char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx)
 {
-#ifdef OPENSSL_FIPS
-    if (FIPS_mode())
-        return 0;
-#endif
     switch (EVP_MD_CTX_type(ctx)) {
     case NID_md5:
     case NID_sha1:
-#ifndef OPENSSL_NO_SHA256
     case NID_sha224:
     case NID_sha256:
-#endif
-#ifndef OPENSSL_NO_SHA512
     case NID_sha384:
     case NID_sha512:
-#endif
         return 1;
     default:
         return 0;
@@ -402,7 +114,7 @@ char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx)
  *   md_out: the digest output. At most EVP_MAX_MD_SIZE bytes will be written.
  *   md_out_size: if non-NULL, the number of output bytes is written here.
  *   header: the 13-byte, TLS record header.
- *   data: the record data itself, less any preceeding explicit IV.
+ *   data: the record data itself, less any preceding explicit IV.
  *   data_plus_mac_size: the secret, reported length of the data and MAC
  *     once the padding has been removed.
  *   data_plus_mac_plus_padding_size: the public length of the whole
@@ -416,14 +128,14 @@ char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx)
  * Returns 1 on success or 0 on error
  */
 int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
-                            unsigned char *md_out,
-                            size_t *md_out_size,
-                            const unsigned char header[13],
-                            const unsigned char *data,
-                            size_t data_plus_mac_size,
-                            size_t data_plus_mac_plus_padding_size,
-                            const unsigned char *mac_secret,
-                            unsigned mac_secret_length, char is_sslv3)
+                           unsigned char *md_out,
+                           size_t *md_out_size,
+                           const unsigned char header[13],
+                           const unsigned char *data,
+                           size_t data_plus_mac_size,
+                           size_t data_plus_mac_plus_padding_size,
+                           const unsigned char *mac_secret,
+                           size_t mac_secret_length, char is_sslv3)
 {
     union {
         double align;
@@ -431,30 +143,33 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
     } md_state;
     void (*md_final_raw) (void *ctx, unsigned char *md_out);
     void (*md_transform) (void *ctx, const unsigned char *block);
-    unsigned md_size, md_block_size = 64;
-    unsigned sslv3_pad_length = 40, header_length, variance_blocks,
+    size_t md_size, md_block_size = 64;
+    size_t sslv3_pad_length = 40, header_length, variance_blocks,
         len, max_mac_bytes, num_blocks,
         num_starting_blocks, k, mac_end_offset, c, index_a, index_b;
-    unsigned int bits;          /* at most 18 bits */
+    size_t bits;          /* at most 18 bits */
     unsigned char length_bytes[MAX_HASH_BIT_COUNT_BYTES];
     /* hmac_pad is the masked HMAC key. */
     unsigned char hmac_pad[MAX_HASH_BLOCK_SIZE];
     unsigned char first_block[MAX_HASH_BLOCK_SIZE];
     unsigned char mac_out[EVP_MAX_MD_SIZE];
-    unsigned i, j, md_out_size_u;
-    EVP_MD_CTX md_ctx;
+    size_t i, j;
+    unsigned md_out_size_u;
+    EVP_MD_CTX *md_ctx = NULL;
     /*
      * mdLengthSize is the number of bytes in the length field that
      * terminates * the hash.
      */
-    unsigned md_length_size = 8;
+    size_t md_length_size = 8;
     char length_is_big_endian = 1;
+    int ret;
 
     /*
      * This is a, hopefully redundant, check that allows us to forget about
      * many possible overflows later in this function.
      */
-    OPENSSL_assert(data_plus_mac_plus_padding_size < 1024 * 1024);
+    if (!ossl_assert(data_plus_mac_plus_padding_size < 1024 * 1024))
+        return 0;
 
     switch (EVP_MD_CTX_type(ctx)) {
     case NID_md5:
@@ -475,7 +190,6 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
             (void (*)(void *ctx, const unsigned char *block))SHA1_Transform;
         md_size = 20;
         break;
-#ifndef OPENSSL_NO_SHA256
     case NID_sha224:
         if (SHA224_Init((SHA256_CTX *)md_state.c) <= 0)
             return 0;
@@ -492,8 +206,6 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
             (void (*)(void *ctx, const unsigned char *block))SHA256_Transform;
         md_size = 32;
         break;
-#endif
-#ifndef OPENSSL_NO_SHA512
     case NID_sha384:
         if (SHA384_Init((SHA512_CTX *)md_state.c) <= 0)
             return 0;
@@ -514,21 +226,20 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
         md_block_size = 128;
         md_length_size = 16;
         break;
-#endif
     default:
         /*
          * ssl3_cbc_record_digest_supported should have been called first to
          * check that the hash function is supported.
          */
-        OPENSSL_assert(0);
-        if (md_out_size)
+        if (md_out_size != NULL)
             *md_out_size = 0;
-        return 0;
+        return ossl_assert(0);
     }
 
-    OPENSSL_assert(md_length_size <= MAX_HASH_BIT_COUNT_BYTES);
-    OPENSSL_assert(md_block_size <= MAX_HASH_BLOCK_SIZE);
-    OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE);
+    if (!ossl_assert(md_length_size <= MAX_HASH_BIT_COUNT_BYTES)
+            || !ossl_assert(md_block_size <= MAX_HASH_BLOCK_SIZE)
+            || !ossl_assert(md_size <= EVP_MAX_MD_SIZE))
+        return 0;
 
     header_length = 13;
     if (is_sslv3) {
@@ -624,7 +335,8 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
          */
         bits += 8 * md_block_size;
         memset(hmac_pad, 0, md_block_size);
-        OPENSSL_assert(mac_secret_length <= sizeof(hmac_pad));
+        if (!ossl_assert(mac_secret_length <= sizeof(hmac_pad)))
+            return 0;
         memcpy(hmac_pad, mac_secret, mac_secret_length);
         for (i = 0; i < md_block_size; i++)
             hmac_pad[i] ^= 0x36;
@@ -648,7 +360,7 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
 
     if (k > 0) {
         if (is_sslv3) {
-            unsigned overhang;
+            size_t overhang;
 
             /*
              * The SSLv3 header is larger than a single block. overhang is
@@ -691,8 +403,8 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
     for (i = num_starting_blocks; i <= num_starting_blocks + variance_blocks;
          i++) {
         unsigned char block[MAX_HASH_BLOCK_SIZE];
-        unsigned char is_block_a = constant_time_eq_8(i, index_a);
-        unsigned char is_block_b = constant_time_eq_8(i, index_b);
+        unsigned char is_block_a = constant_time_eq_8_s(i, index_a);
+        unsigned char is_block_b = constant_time_eq_8_s(i, index_b);
         for (j = 0; j < md_block_size; j++) {
             unsigned char b = 0, is_past_c, is_past_cp1;
             if (k < header_length)
@@ -701,8 +413,8 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
                 b = data[k - header_length];
             k++;
 
-            is_past_c = is_block_a & constant_time_ge_8(j, c);
-            is_past_cp1 = is_block_a & constant_time_ge_8(j, c + 1);
+            is_past_c = is_block_a & constant_time_ge_8_s(j, c);
+            is_past_cp1 = is_block_a & constant_time_ge_8_s(j, c + 1);
             /*
              * If this is the block containing the end of the application
              * data, and we are at the offset for the 0x80 value, then
@@ -710,8 +422,8 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
              */
             b = constant_time_select_8(is_past_c, 0x80, b);
             /*
-             * If this the the block containing the end of the application
-             * data and we're past the 0x80 value then just write zero.
+             * If this block contains the end of the application data
+             * and we're past the 0x80 value then just write zero.
              */
             b = b & ~is_past_cp1;
             /*
@@ -741,82 +453,36 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
             mac_out[j] |= block[j] & is_block_b;
     }
 
-    EVP_MD_CTX_init(&md_ctx);
-    if (EVP_DigestInit_ex(&md_ctx, ctx->digest, NULL /* engine */ ) <= 0)
+    md_ctx = EVP_MD_CTX_new();
+    if (md_ctx == NULL)
+        goto err;
+    if (EVP_DigestInit_ex(md_ctx, EVP_MD_CTX_md(ctx), NULL /* engine */ ) <= 0)
         goto err;
     if (is_sslv3) {
         /* We repurpose |hmac_pad| to contain the SSLv3 pad2 block. */
         memset(hmac_pad, 0x5c, sslv3_pad_length);
 
-        if (EVP_DigestUpdate(&md_ctx, mac_secret, mac_secret_length) <= 0
-                || EVP_DigestUpdate(&md_ctx, hmac_pad, sslv3_pad_length) <= 0
-                || EVP_DigestUpdate(&md_ctx, mac_out, md_size) <= 0)
+        if (EVP_DigestUpdate(md_ctx, mac_secret, mac_secret_length) <= 0
+            || EVP_DigestUpdate(md_ctx, hmac_pad, sslv3_pad_length) <= 0
+            || EVP_DigestUpdate(md_ctx, mac_out, md_size) <= 0)
             goto err;
     } else {
         /* Complete the HMAC in the standard manner. */
         for (i = 0; i < md_block_size; i++)
             hmac_pad[i] ^= 0x6a;
 
-        if (EVP_DigestUpdate(&md_ctx, hmac_pad, md_block_size) <= 0
-                || EVP_DigestUpdate(&md_ctx, mac_out, md_size) <= 0)
+        if (EVP_DigestUpdate(md_ctx, hmac_pad, md_block_size) <= 0
+            || EVP_DigestUpdate(md_ctx, mac_out, md_size) <= 0)
             goto err;
     }
-    EVP_DigestFinal(&md_ctx, md_out, &md_out_size_u);
-    if (md_out_size)
+    /* TODO(size_t): Convert me */
+    ret = EVP_DigestFinal(md_ctx, md_out, &md_out_size_u);
+    if (ret && md_out_size)
         *md_out_size = md_out_size_u;
-    EVP_MD_CTX_cleanup(&md_ctx);
+    EVP_MD_CTX_free(md_ctx);
 
     return 1;
-err:
-    EVP_MD_CTX_cleanup(&md_ctx);
+ err:
+    EVP_MD_CTX_free(md_ctx);
     return 0;
 }
-
-#ifdef OPENSSL_FIPS
-
-/*
- * Due to the need to use EVP in FIPS mode we can't reimplement digests but
- * we can ensure the number of blocks processed is equal for all cases by
- * digesting additional data.
- */
-
-void tls_fips_digest_extra(const EVP_CIPHER_CTX *cipher_ctx,
-                           EVP_MD_CTX *mac_ctx, const unsigned char *data,
-                           size_t data_len, size_t orig_len)
-{
-    size_t block_size, digest_pad, blocks_data, blocks_orig;
-    if (EVP_CIPHER_CTX_mode(cipher_ctx) != EVP_CIPH_CBC_MODE)
-        return;
-    block_size = EVP_MD_CTX_block_size(mac_ctx);
-    /*-
-     * We are in FIPS mode if we get this far so we know we have only SHA*
-     * digests and TLS to deal with.
-     * Minimum digest padding length is 17 for SHA384/SHA512 and 9
-     * otherwise.
-     * Additional header is 13 bytes. To get the number of digest blocks
-     * processed round up the amount of data plus padding to the nearest
-     * block length. Block length is 128 for SHA384/SHA512 and 64 otherwise.
-     * So we have:
-     * blocks = (payload_len + digest_pad + 13 + block_size - 1)/block_size
-     * equivalently:
-     * blocks = (payload_len + digest_pad + 12)/block_size + 1
-     * HMAC adds a constant overhead.
-     * We're ultimately only interested in differences so this becomes
-     * blocks = (payload_len + 29)/128
-     * for SHA384/SHA512 and
-     * blocks = (payload_len + 21)/64
-     * otherwise.
-     */
-    digest_pad = block_size == 64 ? 21 : 29;
-    blocks_orig = (orig_len + digest_pad) / block_size;
-    blocks_data = (data_len + digest_pad) / block_size;
-    /*
-     * MAC enough blocks to make up the difference between the original and
-     * actual lengths plus one extra block to ensure this is never a no op.
-     * The "data" pointer should always have enough space to perform this
-     * operation as it is large enough for a maximum length TLS buffer.
-     */
-    EVP_DigestSignUpdate(mac_ctx, data,
-                         (blocks_orig - blocks_data + 1) * block_size);
-}
-#endif
diff --git a/freebsd/crypto/openssl/ssl/s3_clnt.c b/freebsd/crypto/openssl/ssl/s3_clnt.c
deleted file mode 100644
index b57694b3..00000000
--- a/freebsd/crypto/openssl/ssl/s3_clnt.c
+++ /dev/null
@@ -1,3789 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* ssl/s3_clnt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * ECC cipher suite support in OpenSSL originally written by
- * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
- *
- */
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include "kssl_lcl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/md5.h>
-#ifdef OPENSSL_FIPS
-# include <openssl/fips.h>
-#endif
-#ifndef OPENSSL_NO_DH
-# include <openssl/dh.h>
-#endif
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
-#endif
-
-static int ca_dn_cmp(const X509_NAME *const *a, const X509_NAME *const *b);
-#ifndef OPENSSL_NO_TLSEXT
-static int ssl3_check_finished(SSL *s);
-#endif
-
-#ifndef OPENSSL_NO_SSL3_METHOD
-static const SSL_METHOD *ssl3_get_client_method(int ver)
-{
-    if (ver == SSL3_VERSION)
-        return (SSLv3_client_method());
-    else
-        return (NULL);
-}
-
-IMPLEMENT_ssl3_meth_func(SSLv3_client_method,
-                         ssl_undefined_function,
-                         ssl3_connect, ssl3_get_client_method)
-#endif
-int ssl3_connect(SSL *s)
-{
-    BUF_MEM *buf = NULL;
-    unsigned long Time = (unsigned long)time(NULL);
-    void (*cb) (const SSL *ssl, int type, int val) = NULL;
-    int ret = -1;
-    int new_state, state, skip = 0;
-
-    RAND_add(&Time, sizeof(Time), 0);
-    ERR_clear_error();
-    clear_sys_error();
-
-    if (s->info_callback != NULL)
-        cb = s->info_callback;
-    else if (s->ctx->info_callback != NULL)
-        cb = s->ctx->info_callback;
-
-    s->in_handshake++;
-    if (!SSL_in_init(s) || SSL_in_before(s))
-        SSL_clear(s);
-
-#ifndef OPENSSL_NO_HEARTBEATS
-    /*
-     * If we're awaiting a HeartbeatResponse, pretend we already got and
-     * don't await it anymore, because Heartbeats don't make sense during
-     * handshakes anyway.
-     */
-    if (s->tlsext_hb_pending) {
-        s->tlsext_hb_pending = 0;
-        s->tlsext_hb_seq++;
-    }
-#endif
-
-    for (;;) {
-        state = s->state;
-
-        switch (s->state) {
-        case SSL_ST_RENEGOTIATE:
-            s->renegotiate = 1;
-            s->state = SSL_ST_CONNECT;
-            s->ctx->stats.sess_connect_renegotiate++;
-            /* break */
-        case SSL_ST_BEFORE:
-        case SSL_ST_CONNECT:
-        case SSL_ST_BEFORE | SSL_ST_CONNECT:
-        case SSL_ST_OK | SSL_ST_CONNECT:
-
-            s->server = 0;
-            if (cb != NULL)
-                cb(s, SSL_CB_HANDSHAKE_START, 1);
-
-            if ((s->version & 0xff00) != 0x0300) {
-                SSLerr(SSL_F_SSL3_CONNECT, ERR_R_INTERNAL_ERROR);
-                s->state = SSL_ST_ERR;
-                ret = -1;
-                goto end;
-            }
-
-            /* s->version=SSL3_VERSION; */
-            s->type = SSL_ST_CONNECT;
-
-            if (s->init_buf == NULL) {
-                if ((buf = BUF_MEM_new()) == NULL) {
-                    ret = -1;
-                    s->state = SSL_ST_ERR;
-                    goto end;
-                }
-                if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
-                    ret = -1;
-                    s->state = SSL_ST_ERR;
-                    goto end;
-                }
-                s->init_buf = buf;
-                buf = NULL;
-            }
-
-            if (!ssl3_setup_buffers(s)) {
-                ret = -1;
-                s->state = SSL_ST_ERR;
-                goto end;
-            }
-
-            /* setup buffing BIO */
-            if (!ssl_init_wbio_buffer(s, 0)) {
-                ret = -1;
-                s->state = SSL_ST_ERR;
-                goto end;
-            }
-
-            /* don't push the buffering BIO quite yet */
-
-            if (!ssl3_init_finished_mac(s)) {
-                ret = -1;
-                s->state = SSL_ST_ERR;
-                goto end;
-            }
-
-            s->state = SSL3_ST_CW_CLNT_HELLO_A;
-            s->ctx->stats.sess_connect++;
-            s->init_num = 0;
-            s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
-            /*
-             * Should have been reset by ssl3_get_finished, too.
-             */
-            s->s3->change_cipher_spec = 0;
-            break;
-
-        case SSL3_ST_CW_CLNT_HELLO_A:
-        case SSL3_ST_CW_CLNT_HELLO_B:
-
-            s->shutdown = 0;
-            ret = ssl3_client_hello(s);
-            if (ret <= 0)
-                goto end;
-            s->state = SSL3_ST_CR_SRVR_HELLO_A;
-            s->init_num = 0;
-
-            /* turn on buffering for the next lot of output */
-            if (s->bbio != s->wbio)
-                s->wbio = BIO_push(s->bbio, s->wbio);
-
-            break;
-
-        case SSL3_ST_CR_SRVR_HELLO_A:
-        case SSL3_ST_CR_SRVR_HELLO_B:
-            ret = ssl3_get_server_hello(s);
-            if (ret <= 0)
-                goto end;
-
-            if (s->hit) {
-                s->state = SSL3_ST_CR_FINISHED_A;
-#ifndef OPENSSL_NO_TLSEXT
-                if (s->tlsext_ticket_expected) {
-                    /* receive renewed session ticket */
-                    s->state = SSL3_ST_CR_SESSION_TICKET_A;
-                }
-#endif
-            } else {
-                s->state = SSL3_ST_CR_CERT_A;
-            }
-            s->init_num = 0;
-            break;
-        case SSL3_ST_CR_CERT_A:
-        case SSL3_ST_CR_CERT_B:
-#ifndef OPENSSL_NO_TLSEXT
-            /* Noop (ret = 0) for everything but EAP-FAST. */
-            ret = ssl3_check_finished(s);
-            if (ret < 0)
-                goto end;
-            if (ret == 1) {
-                s->hit = 1;
-                s->state = SSL3_ST_CR_FINISHED_A;
-                s->init_num = 0;
-                break;
-            }
-#endif
-            /* Check if it is anon DH/ECDH, SRP auth */
-            /* or PSK */
-            if (!
-                (s->s3->tmp.
-                 new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
-                    && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
-                ret = ssl3_get_server_certificate(s);
-                if (ret <= 0)
-                    goto end;
-#ifndef OPENSSL_NO_TLSEXT
-                if (s->tlsext_status_expected)
-                    s->state = SSL3_ST_CR_CERT_STATUS_A;
-                else
-                    s->state = SSL3_ST_CR_KEY_EXCH_A;
-            } else {
-                skip = 1;
-                s->state = SSL3_ST_CR_KEY_EXCH_A;
-            }
-#else
-            } else
-                skip = 1;
-
-            s->state = SSL3_ST_CR_KEY_EXCH_A;
-#endif
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_CR_KEY_EXCH_A:
-        case SSL3_ST_CR_KEY_EXCH_B:
-            ret = ssl3_get_key_exchange(s);
-            if (ret <= 0)
-                goto end;
-            s->state = SSL3_ST_CR_CERT_REQ_A;
-            s->init_num = 0;
-
-            /*
-             * at this point we check that we have the required stuff from
-             * the server
-             */
-            if (!ssl3_check_cert_and_algorithm(s)) {
-                ret = -1;
-                s->state = SSL_ST_ERR;
-                goto end;
-            }
-            break;
-
-        case SSL3_ST_CR_CERT_REQ_A:
-        case SSL3_ST_CR_CERT_REQ_B:
-            ret = ssl3_get_certificate_request(s);
-            if (ret <= 0)
-                goto end;
-            s->state = SSL3_ST_CR_SRVR_DONE_A;
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_CR_SRVR_DONE_A:
-        case SSL3_ST_CR_SRVR_DONE_B:
-            ret = ssl3_get_server_done(s);
-            if (ret <= 0)
-                goto end;
-#ifndef OPENSSL_NO_SRP
-            if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) {
-                if ((ret = SRP_Calc_A_param(s)) <= 0) {
-                    SSLerr(SSL_F_SSL3_CONNECT, SSL_R_SRP_A_CALC);
-                    ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
-                    s->state = SSL_ST_ERR;
-                    goto end;
-                }
-            }
-#endif
-            if (s->s3->tmp.cert_req)
-                s->state = SSL3_ST_CW_CERT_A;
-            else
-                s->state = SSL3_ST_CW_KEY_EXCH_A;
-            s->init_num = 0;
-
-            break;
-
-        case SSL3_ST_CW_CERT_A:
-        case SSL3_ST_CW_CERT_B:
-        case SSL3_ST_CW_CERT_C:
-        case SSL3_ST_CW_CERT_D:
-            ret = ssl3_send_client_certificate(s);
-            if (ret <= 0)
-                goto end;
-            s->state = SSL3_ST_CW_KEY_EXCH_A;
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_CW_KEY_EXCH_A:
-        case SSL3_ST_CW_KEY_EXCH_B:
-            ret = ssl3_send_client_key_exchange(s);
-            if (ret <= 0)
-                goto end;
-            /*
-             * EAY EAY EAY need to check for DH fix cert sent back
-             */
-            /*
-             * For TLS, cert_req is set to 2, so a cert chain of nothing is
-             * sent, but no verify packet is sent
-             */
-            /*
-             * XXX: For now, we do not support client authentication in ECDH
-             * cipher suites with ECDH (rather than ECDSA) certificates. We
-             * need to skip the certificate verify message when client's
-             * ECDH public key is sent inside the client certificate.
-             */
-            if (s->s3->tmp.cert_req == 1) {
-                s->state = SSL3_ST_CW_CERT_VRFY_A;
-            } else {
-                s->state = SSL3_ST_CW_CHANGE_A;
-            }
-            if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) {
-                s->state = SSL3_ST_CW_CHANGE_A;
-            }
-
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_CW_CERT_VRFY_A:
-        case SSL3_ST_CW_CERT_VRFY_B:
-            ret = ssl3_send_client_verify(s);
-            if (ret <= 0)
-                goto end;
-            s->state = SSL3_ST_CW_CHANGE_A;
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_CW_CHANGE_A:
-        case SSL3_ST_CW_CHANGE_B:
-            ret = ssl3_send_change_cipher_spec(s,
-                                               SSL3_ST_CW_CHANGE_A,
-                                               SSL3_ST_CW_CHANGE_B);
-            if (ret <= 0)
-                goto end;
-
-#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
-            s->state = SSL3_ST_CW_FINISHED_A;
-#else
-            if (s->s3->next_proto_neg_seen)
-                s->state = SSL3_ST_CW_NEXT_PROTO_A;
-            else
-                s->state = SSL3_ST_CW_FINISHED_A;
-#endif
-            s->init_num = 0;
-
-            s->session->cipher = s->s3->tmp.new_cipher;
-#ifdef OPENSSL_NO_COMP
-            s->session->compress_meth = 0;
-#else
-            if (s->s3->tmp.new_compression == NULL)
-                s->session->compress_meth = 0;
-            else
-                s->session->compress_meth = s->s3->tmp.new_compression->id;
-#endif
-            if (!s->method->ssl3_enc->setup_key_block(s)) {
-                ret = -1;
-                s->state = SSL_ST_ERR;
-                goto end;
-            }
-
-            if (!s->method->ssl3_enc->change_cipher_state(s,
-                                                          SSL3_CHANGE_CIPHER_CLIENT_WRITE))
-            {
-                ret = -1;
-                s->state = SSL_ST_ERR;
-                goto end;
-            }
-
-            break;
-
-#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
-        case SSL3_ST_CW_NEXT_PROTO_A:
-        case SSL3_ST_CW_NEXT_PROTO_B:
-            ret = ssl3_send_next_proto(s);
-            if (ret <= 0)
-                goto end;
-            s->state = SSL3_ST_CW_FINISHED_A;
-            break;
-#endif
-
-        case SSL3_ST_CW_FINISHED_A:
-        case SSL3_ST_CW_FINISHED_B:
-            ret = ssl3_send_finished(s,
-                                     SSL3_ST_CW_FINISHED_A,
-                                     SSL3_ST_CW_FINISHED_B,
-                                     s->method->
-                                     ssl3_enc->client_finished_label,
-                                     s->method->
-                                     ssl3_enc->client_finished_label_len);
-            if (ret <= 0)
-                goto end;
-            s->state = SSL3_ST_CW_FLUSH;
-
-            /* clear flags */
-            s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER;
-            if (s->hit) {
-                s->s3->tmp.next_state = SSL_ST_OK;
-                if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) {
-                    s->state = SSL_ST_OK;
-                    s->s3->flags |= SSL3_FLAGS_POP_BUFFER;
-                    s->s3->delay_buf_pop_ret = 0;
-                }
-            } else {
-#ifndef OPENSSL_NO_TLSEXT
-                /*
-                 * Allow NewSessionTicket if ticket expected
-                 */
-                if (s->tlsext_ticket_expected)
-                    s->s3->tmp.next_state = SSL3_ST_CR_SESSION_TICKET_A;
-                else
-#endif
-
-                    s->s3->tmp.next_state = SSL3_ST_CR_FINISHED_A;
-            }
-            s->init_num = 0;
-            break;
-
-#ifndef OPENSSL_NO_TLSEXT
-        case SSL3_ST_CR_SESSION_TICKET_A:
-        case SSL3_ST_CR_SESSION_TICKET_B:
-            ret = ssl3_get_new_session_ticket(s);
-            if (ret <= 0)
-                goto end;
-            s->state = SSL3_ST_CR_FINISHED_A;
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_CR_CERT_STATUS_A:
-        case SSL3_ST_CR_CERT_STATUS_B:
-            ret = ssl3_get_cert_status(s);
-            if (ret <= 0)
-                goto end;
-            s->state = SSL3_ST_CR_KEY_EXCH_A;
-            s->init_num = 0;
-            break;
-#endif
-
-        case SSL3_ST_CR_FINISHED_A:
-        case SSL3_ST_CR_FINISHED_B:
-            if (!s->s3->change_cipher_spec)
-                s->s3->flags |= SSL3_FLAGS_CCS_OK;
-            ret = ssl3_get_finished(s, SSL3_ST_CR_FINISHED_A,
-                                    SSL3_ST_CR_FINISHED_B);
-            if (ret <= 0)
-                goto end;
-
-            if (s->hit)
-                s->state = SSL3_ST_CW_CHANGE_A;
-            else
-                s->state = SSL_ST_OK;
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_CW_FLUSH:
-            s->rwstate = SSL_WRITING;
-            if (BIO_flush(s->wbio) <= 0) {
-                ret = -1;
-                goto end;
-            }
-            s->rwstate = SSL_NOTHING;
-            s->state = s->s3->tmp.next_state;
-            break;
-
-        case SSL_ST_OK:
-            /* clean a few things up */
-            ssl3_cleanup_key_block(s);
-
-            if (s->init_buf != NULL) {
-                BUF_MEM_free(s->init_buf);
-                s->init_buf = NULL;
-            }
-
-            /*
-             * If we are not 'joining' the last two packets, remove the
-             * buffering now
-             */
-            if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
-                ssl_free_wbio_buffer(s);
-            /* else do it later in ssl3_write */
-
-            s->init_num = 0;
-            s->renegotiate = 0;
-            s->new_session = 0;
-
-            ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
-            if (s->hit)
-                s->ctx->stats.sess_hit++;
-
-            ret = 1;
-            /* s->server=0; */
-            s->handshake_func = ssl3_connect;
-            s->ctx->stats.sess_connect_good++;
-
-            if (cb != NULL)
-                cb(s, SSL_CB_HANDSHAKE_DONE, 1);
-
-            goto end;
-            /* break; */
-
-        case SSL_ST_ERR:
-        default:
-            SSLerr(SSL_F_SSL3_CONNECT, SSL_R_UNKNOWN_STATE);
-            ret = -1;
-            goto end;
-            /* break; */
-        }
-
-        /* did we do anything */
-        if (!s->s3->tmp.reuse_message && !skip) {
-            if (s->debug) {
-                if ((ret = BIO_flush(s->wbio)) <= 0)
-                    goto end;
-            }
-
-            if ((cb != NULL) && (s->state != state)) {
-                new_state = s->state;
-                s->state = state;
-                cb(s, SSL_CB_CONNECT_LOOP, 1);
-                s->state = new_state;
-            }
-        }
-        skip = 0;
-    }
- end:
-    s->in_handshake--;
-    if (buf != NULL)
-        BUF_MEM_free(buf);
-    if (cb != NULL)
-        cb(s, SSL_CB_CONNECT_EXIT, ret);
-    return (ret);
-}
-
-int ssl3_client_hello(SSL *s)
-{
-    unsigned char *buf;
-    unsigned char *p, *d;
-    int i;
-    unsigned long l;
-    int al = 0;
-#ifndef OPENSSL_NO_COMP
-    int j;
-    SSL_COMP *comp;
-#endif
-
-    buf = (unsigned char *)s->init_buf->data;
-    if (s->state == SSL3_ST_CW_CLNT_HELLO_A) {
-        SSL_SESSION *sess = s->session;
-        if ((sess == NULL) || (sess->ssl_version != s->version) ||
-#ifdef OPENSSL_NO_TLSEXT
-            !sess->session_id_length ||
-#else
-            /*
-             * In the case of EAP-FAST, we can have a pre-shared
-             * "ticket" without a session ID.
-             */
-            (!sess->session_id_length && !sess->tlsext_tick) ||
-#endif
-            (sess->not_resumable)) {
-            if (!ssl_get_new_session(s, 0))
-                goto err;
-        }
-        if (s->method->version == DTLS_ANY_VERSION) {
-            /* Determine which DTLS version to use */
-            int options = s->options;
-            /* If DTLS 1.2 disabled correct the version number */
-            if (options & SSL_OP_NO_DTLSv1_2) {
-                if (tls1_suiteb(s)) {
-                    SSLerr(SSL_F_SSL3_CLIENT_HELLO,
-                           SSL_R_ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE);
-                    goto err;
-                }
-                /*
-                 * Disabling all versions is silly: return an error.
-                 */
-                if (options & SSL_OP_NO_DTLSv1) {
-                    SSLerr(SSL_F_SSL3_CLIENT_HELLO, SSL_R_WRONG_SSL_VERSION);
-                    goto err;
-                }
-                /*
-                 * Update method so we don't use any DTLS 1.2 features.
-                 */
-                s->method = DTLSv1_client_method();
-                s->version = DTLS1_VERSION;
-            } else {
-                /*
-                 * We only support one version: update method
-                 */
-                if (options & SSL_OP_NO_DTLSv1)
-                    s->method = DTLSv1_2_client_method();
-                s->version = DTLS1_2_VERSION;
-            }
-            s->client_version = s->version;
-        }
-        /* else use the pre-loaded session */
-
-        p = s->s3->client_random;
-
-        /*
-         * for DTLS if client_random is initialized, reuse it, we are
-         * required to use same upon reply to HelloVerify
-         */
-        if (SSL_IS_DTLS(s)) {
-            size_t idx;
-            i = 1;
-            for (idx = 0; idx < sizeof(s->s3->client_random); idx++) {
-                if (p[idx]) {
-                    i = 0;
-                    break;
-                }
-            }
-        } else
-            i = 1;
-
-        if (i && ssl_fill_hello_random(s, 0, p,
-                                       sizeof(s->s3->client_random)) <= 0)
-            goto err;
-
-        /* Do the message type and length last */
-        d = p = ssl_handshake_start(s);
-
-        /*-
-         * version indicates the negotiated version: for example from
-         * an SSLv2/v3 compatible client hello). The client_version
-         * field is the maximum version we permit and it is also
-         * used in RSA encrypted premaster secrets. Some servers can
-         * choke if we initially report a higher version then
-         * renegotiate to a lower one in the premaster secret. This
-         * didn't happen with TLS 1.0 as most servers supported it
-         * but it can with TLS 1.1 or later if the server only supports
-         * 1.0.
-         *
-         * Possible scenario with previous logic:
-         *      1. Client hello indicates TLS 1.2
-         *      2. Server hello says TLS 1.0
-         *      3. RSA encrypted premaster secret uses 1.2.
-         *      4. Handhaked proceeds using TLS 1.0.
-         *      5. Server sends hello request to renegotiate.
-         *      6. Client hello indicates TLS v1.0 as we now
-         *         know that is maximum server supports.
-         *      7. Server chokes on RSA encrypted premaster secret
-         *         containing version 1.0.
-         *
-         * For interoperability it should be OK to always use the
-         * maximum version we support in client hello and then rely
-         * on the checking of version to ensure the servers isn't
-         * being inconsistent: for example initially negotiating with
-         * TLS 1.0 and renegotiating with TLS 1.2. We do this by using
-         * client_version in client hello and not resetting it to
-         * the negotiated version.
-         */
-#if 0
-        *(p++) = s->version >> 8;
-        *(p++) = s->version & 0xff;
-        s->client_version = s->version;
-#else
-        *(p++) = s->client_version >> 8;
-        *(p++) = s->client_version & 0xff;
-#endif
-
-        /* Random stuff */
-        memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
-        p += SSL3_RANDOM_SIZE;
-
-        /* Session ID */
-        if (s->new_session)
-            i = 0;
-        else
-            i = s->session->session_id_length;
-        *(p++) = i;
-        if (i != 0) {
-            if (i > (int)sizeof(s->session->session_id)) {
-                SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
-                goto err;
-            }
-            memcpy(p, s->session->session_id, i);
-            p += i;
-        }
-
-        /* cookie stuff for DTLS */
-        if (SSL_IS_DTLS(s)) {
-            if (s->d1->cookie_len > sizeof(s->d1->cookie)) {
-                SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
-                goto err;
-            }
-            *(p++) = s->d1->cookie_len;
-            memcpy(p, s->d1->cookie, s->d1->cookie_len);
-            p += s->d1->cookie_len;
-        }
-
-        /* Ciphers supported */
-        i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]), 0);
-        if (i == 0) {
-            SSLerr(SSL_F_SSL3_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE);
-            goto err;
-        }
-#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH
-        /*
-         * Some servers hang if client hello > 256 bytes as hack workaround
-         * chop number of supported ciphers to keep it well below this if we
-         * use TLS v1.2
-         */
-        if (TLS1_get_version(s) >= TLS1_2_VERSION
-            && i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH)
-            i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1;
-#endif
-        s2n(i, p);
-        p += i;
-
-        /* COMPRESSION */
-#ifdef OPENSSL_NO_COMP
-        *(p++) = 1;
-#else
-
-        if ((s->options & SSL_OP_NO_COMPRESSION)
-            || !s->ctx->comp_methods)
-            j = 0;
-        else
-            j = sk_SSL_COMP_num(s->ctx->comp_methods);
-        *(p++) = 1 + j;
-        for (i = 0; i < j; i++) {
-            comp = sk_SSL_COMP_value(s->ctx->comp_methods, i);
-            *(p++) = comp->id;
-        }
-#endif
-        *(p++) = 0;             /* Add the NULL method */
-
-#ifndef OPENSSL_NO_TLSEXT
-        /* TLS extensions */
-        if (ssl_prepare_clienthello_tlsext(s) <= 0) {
-            SSLerr(SSL_F_SSL3_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT);
-            goto err;
-        }
-        if ((p =
-             ssl_add_clienthello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH,
-                                        &al)) == NULL) {
-            ssl3_send_alert(s, SSL3_AL_FATAL, al);
-            SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
-            goto err;
-        }
-#endif
-
-        l = p - d;
-        ssl_set_handshake_header(s, SSL3_MT_CLIENT_HELLO, l);
-        s->state = SSL3_ST_CW_CLNT_HELLO_B;
-    }
-
-    /* SSL3_ST_CW_CLNT_HELLO_B */
-    return ssl_do_write(s);
- err:
-    s->state = SSL_ST_ERR;
-    return (-1);
-}
-
-int ssl3_get_server_hello(SSL *s)
-{
-    STACK_OF(SSL_CIPHER) *sk;
-    const SSL_CIPHER *c;
-    CERT *ct = s->cert;
-    unsigned char *p, *d;
-    int i, al = SSL_AD_INTERNAL_ERROR, ok;
-    unsigned int j;
-    long n;
-#ifndef OPENSSL_NO_COMP
-    SSL_COMP *comp;
-#endif
-    /*
-     * Hello verify request and/or server hello version may not match so set
-     * first packet if we're negotiating version.
-     */
-    if (SSL_IS_DTLS(s))
-        s->first_packet = 1;
-
-    n = s->method->ssl_get_message(s,
-                                   SSL3_ST_CR_SRVR_HELLO_A,
-                                   SSL3_ST_CR_SRVR_HELLO_B, -1, 20000, &ok);
-
-    if (!ok)
-        return ((int)n);
-
-    if (SSL_IS_DTLS(s)) {
-        s->first_packet = 0;
-        if (s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) {
-            if (s->d1->send_cookie == 0) {
-                s->s3->tmp.reuse_message = 1;
-                return 1;
-            } else {            /* already sent a cookie */
-
-                al = SSL_AD_UNEXPECTED_MESSAGE;
-                SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_BAD_MESSAGE_TYPE);
-                goto f_err;
-            }
-        }
-    }
-
-    if (s->s3->tmp.message_type != SSL3_MT_SERVER_HELLO) {
-        al = SSL_AD_UNEXPECTED_MESSAGE;
-        SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_BAD_MESSAGE_TYPE);
-        goto f_err;
-    }
-
-    d = p = (unsigned char *)s->init_msg;
-    if (s->method->version == DTLS_ANY_VERSION) {
-        /* Work out correct protocol version to use */
-        int hversion = (p[0] << 8) | p[1];
-        int options = s->options;
-        if (hversion == DTLS1_2_VERSION && !(options & SSL_OP_NO_DTLSv1_2))
-            s->method = DTLSv1_2_client_method();
-        else if (tls1_suiteb(s)) {
-            SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
-                   SSL_R_ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE);
-            s->version = hversion;
-            al = SSL_AD_PROTOCOL_VERSION;
-            goto f_err;
-        } else if (hversion == DTLS1_VERSION && !(options & SSL_OP_NO_DTLSv1))
-            s->method = DTLSv1_client_method();
-        else {
-            SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_WRONG_SSL_VERSION);
-            s->version = hversion;
-            al = SSL_AD_PROTOCOL_VERSION;
-            goto f_err;
-        }
-        s->session->ssl_version = s->version = s->method->version;
-    }
-
-    if ((p[0] != (s->version >> 8)) || (p[1] != (s->version & 0xff))) {
-        SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_WRONG_SSL_VERSION);
-        s->version = (s->version & 0xff00) | p[1];
-        al = SSL_AD_PROTOCOL_VERSION;
-        goto f_err;
-    }
-    p += 2;
-
-    /* load the server hello data */
-    /* load the server random */
-    memcpy(s->s3->server_random, p, SSL3_RANDOM_SIZE);
-    p += SSL3_RANDOM_SIZE;
-
-    s->hit = 0;
-
-    /* get the session-id */
-    j = *(p++);
-
-    if ((j > sizeof(s->session->session_id)) || (j > SSL3_SESSION_ID_SIZE)) {
-        al = SSL_AD_ILLEGAL_PARAMETER;
-        SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_SSL3_SESSION_ID_TOO_LONG);
-        goto f_err;
-    }
-#ifndef OPENSSL_NO_TLSEXT
-    /*
-     * Check if we can resume the session based on external pre-shared secret.
-     * EAP-FAST (RFC 4851) supports two types of session resumption.
-     * Resumption based on server-side state works with session IDs.
-     * Resumption based on pre-shared Protected Access Credentials (PACs)
-     * works by overriding the SessionTicket extension at the application
-     * layer, and does not send a session ID. (We do not know whether EAP-FAST
-     * servers would honour the session ID.) Therefore, the session ID alone
-     * is not a reliable indicator of session resumption, so we first check if
-     * we can resume, and later peek at the next handshake message to see if the
-     * server wants to resume.
-     */
-    if (s->version >= TLS1_VERSION && s->tls_session_secret_cb &&
-        s->session->tlsext_tick) {
-        SSL_CIPHER *pref_cipher = NULL;
-        s->session->master_key_length = sizeof(s->session->master_key);
-        if (s->tls_session_secret_cb(s, s->session->master_key,
-                                     &s->session->master_key_length,
-                                     NULL, &pref_cipher,
-                                     s->tls_session_secret_cb_arg)) {
-            s->session->cipher = pref_cipher ?
-                pref_cipher : ssl_get_cipher_by_char(s, p + j);
-        } else {
-            SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
-            al = SSL_AD_INTERNAL_ERROR;
-            goto f_err;
-        }
-    }
-#endif                          /* OPENSSL_NO_TLSEXT */
-
-    if (j != 0 && j == s->session->session_id_length
-        && memcmp(p, s->session->session_id, j) == 0) {
-        if (s->sid_ctx_length != s->session->sid_ctx_length
-            || memcmp(s->session->sid_ctx, s->sid_ctx, s->sid_ctx_length)) {
-            /* actually a client application bug */
-            al = SSL_AD_ILLEGAL_PARAMETER;
-            SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
-                   SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
-            goto f_err;
-        }
-        s->hit = 1;
-    } else {
-        /*
-         * If we were trying for session-id reuse but the server
-         * didn't echo the ID, make a new SSL_SESSION.
-         * In the case of EAP-FAST and PAC, we do not send a session ID,
-         * so the PAC-based session secret is always preserved. It'll be
-         * overwritten if the server refuses resumption.
-         */
-        if (s->session->session_id_length > 0) {
-            if (!ssl_get_new_session(s, 0)) {
-                goto f_err;
-            }
-        }
-        s->session->session_id_length = j;
-        memcpy(s->session->session_id, p, j); /* j could be 0 */
-    }
-    p += j;
-    c = ssl_get_cipher_by_char(s, p);
-    if (c == NULL) {
-        /* unknown cipher */
-        al = SSL_AD_ILLEGAL_PARAMETER;
-        SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_UNKNOWN_CIPHER_RETURNED);
-        goto f_err;
-    }
-    /* Set version disabled mask now we know version */
-    if (!SSL_USE_TLS1_2_CIPHERS(s))
-        ct->mask_ssl = SSL_TLSV1_2;
-    else
-        ct->mask_ssl = 0;
-    /*
-     * If it is a disabled cipher we didn't send it in client hello, so
-     * return an error.
-     */
-    if (c->algorithm_ssl & ct->mask_ssl ||
-        c->algorithm_mkey & ct->mask_k || c->algorithm_auth & ct->mask_a) {
-        al = SSL_AD_ILLEGAL_PARAMETER;
-        SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_WRONG_CIPHER_RETURNED);
-        goto f_err;
-    }
-    p += ssl_put_cipher_by_char(s, NULL, NULL);
-
-    sk = ssl_get_ciphers_by_id(s);
-    i = sk_SSL_CIPHER_find(sk, c);
-    if (i < 0) {
-        /* we did not say we would use this cipher */
-        al = SSL_AD_ILLEGAL_PARAMETER;
-        SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_WRONG_CIPHER_RETURNED);
-        goto f_err;
-    }
-
-    /*
-     * Depending on the session caching (internal/external), the cipher
-     * and/or cipher_id values may not be set. Make sure that cipher_id is
-     * set and use it for comparison.
-     */
-    if (s->session->cipher)
-        s->session->cipher_id = s->session->cipher->id;
-    if (s->hit && (s->session->cipher_id != c->id)) {
-/* Workaround is now obsolete */
-#if 0
-        if (!(s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG))
-#endif
-        {
-            al = SSL_AD_ILLEGAL_PARAMETER;
-            SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
-                   SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
-            goto f_err;
-        }
-    }
-    s->s3->tmp.new_cipher = c;
-    /*
-     * Don't digest cached records if no sigalgs: we may need them for client
-     * authentication.
-     */
-    if (!SSL_USE_SIGALGS(s) && !ssl3_digest_cached_records(s))
-        goto f_err;
-    /* lets get the compression algorithm */
-    /* COMPRESSION */
-#ifdef OPENSSL_NO_COMP
-    if (*(p++) != 0) {
-        al = SSL_AD_ILLEGAL_PARAMETER;
-        SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
-               SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
-        goto f_err;
-    }
-    /*
-     * If compression is disabled we'd better not try to resume a session
-     * using compression.
-     */
-    if (s->session->compress_meth != 0) {
-        SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_INCONSISTENT_COMPRESSION);
-        goto f_err;
-    }
-#else
-    j = *(p++);
-    if (s->hit && j != s->session->compress_meth) {
-        al = SSL_AD_ILLEGAL_PARAMETER;
-        SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
-               SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED);
-        goto f_err;
-    }
-    if (j == 0)
-        comp = NULL;
-    else if (s->options & SSL_OP_NO_COMPRESSION) {
-        al = SSL_AD_ILLEGAL_PARAMETER;
-        SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_COMPRESSION_DISABLED);
-        goto f_err;
-    } else
-        comp = ssl3_comp_find(s->ctx->comp_methods, j);
-
-    if ((j != 0) && (comp == NULL)) {
-        al = SSL_AD_ILLEGAL_PARAMETER;
-        SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
-               SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
-        goto f_err;
-    } else {
-        s->s3->tmp.new_compression = comp;
-    }
-#endif
-
-#ifndef OPENSSL_NO_TLSEXT
-    /* TLS extensions */
-    if (!ssl_parse_serverhello_tlsext(s, &p, d, n)) {
-        SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_PARSE_TLSEXT);
-        goto err;
-    }
-#endif
-
-    if (p != (d + n)) {
-        /* wrong packet length */
-        al = SSL_AD_DECODE_ERROR;
-        SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_BAD_PACKET_LENGTH);
-        goto f_err;
-    }
-
-    return (1);
- f_err:
-    ssl3_send_alert(s, SSL3_AL_FATAL, al);
- err:
-    s->state = SSL_ST_ERR;
-    return (-1);
-}
-
-int ssl3_get_server_certificate(SSL *s)
-{
-    int al, i, ok, ret = -1;
-    unsigned long n, nc, llen, l;
-    X509 *x = NULL;
-    const unsigned char *q, *p;
-    unsigned char *d;
-    STACK_OF(X509) *sk = NULL;
-    SESS_CERT *sc;
-    EVP_PKEY *pkey = NULL;
-    int need_cert = 1;          /* VRS: 0=> will allow null cert if auth ==
-                                 * KRB5 */
-
-    n = s->method->ssl_get_message(s,
-                                   SSL3_ST_CR_CERT_A,
-                                   SSL3_ST_CR_CERT_B,
-                                   -1, s->max_cert_list, &ok);
-
-    if (!ok)
-        return ((int)n);
-
-    if ((s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) ||
-        ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) &&
-         (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE))) {
-        s->s3->tmp.reuse_message = 1;
-        return (1);
-    }
-
-    if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE) {
-        al = SSL_AD_UNEXPECTED_MESSAGE;
-        SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, SSL_R_BAD_MESSAGE_TYPE);
-        goto f_err;
-    }
-    p = d = (unsigned char *)s->init_msg;
-
-    if ((sk = sk_X509_new_null()) == NULL) {
-        SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    n2l3(p, llen);
-    if (llen + 3 != n) {
-        al = SSL_AD_DECODE_ERROR;
-        SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, SSL_R_LENGTH_MISMATCH);
-        goto f_err;
-    }
-    for (nc = 0; nc < llen;) {
-        if (nc + 3 > llen) {
-            al = SSL_AD_DECODE_ERROR;
-            SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
-                   SSL_R_CERT_LENGTH_MISMATCH);
-            goto f_err;
-        }
-        n2l3(p, l);
-        if ((l + nc + 3) > llen) {
-            al = SSL_AD_DECODE_ERROR;
-            SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
-                   SSL_R_CERT_LENGTH_MISMATCH);
-            goto f_err;
-        }
-
-        q = p;
-        x = d2i_X509(NULL, &q, l);
-        if (x == NULL) {
-            al = SSL_AD_BAD_CERTIFICATE;
-            SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, ERR_R_ASN1_LIB);
-            goto f_err;
-        }
-        if (q != (p + l)) {
-            al = SSL_AD_DECODE_ERROR;
-            SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
-                   SSL_R_CERT_LENGTH_MISMATCH);
-            goto f_err;
-        }
-        if (!sk_X509_push(sk, x)) {
-            SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-        x = NULL;
-        nc += l + 3;
-        p = q;
-    }
-
-    i = ssl_verify_cert_chain(s, sk);
-    if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)
-#ifndef OPENSSL_NO_KRB5
-        && !((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) &&
-             (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5))
-#endif                          /* OPENSSL_NO_KRB5 */
-        ) {
-        al = ssl_verify_alarm_type(s->verify_result);
-        SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
-               SSL_R_CERTIFICATE_VERIFY_FAILED);
-        goto f_err;
-    }
-    ERR_clear_error();          /* but we keep s->verify_result */
-
-    sc = ssl_sess_cert_new();
-    if (sc == NULL)
-        goto err;
-
-    if (s->session->sess_cert)
-        ssl_sess_cert_free(s->session->sess_cert);
-    s->session->sess_cert = sc;
-
-    sc->cert_chain = sk;
-    /*
-     * Inconsistency alert: cert_chain does include the peer's certificate,
-     * which we don't include in s3_srvr.c
-     */
-    x = sk_X509_value(sk, 0);
-    sk = NULL;
-    /*
-     * VRS 19990621: possible memory leak; sk=null ==> !sk_pop_free() @end
-     */
-
-    pkey = X509_get_pubkey(x);
-
-    /* VRS: allow null cert if auth == KRB5 */
-    need_cert = ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) &&
-                 (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5))
-        ? 0 : 1;
-
-#ifdef KSSL_DEBUG
-    fprintf(stderr, "pkey,x = %p, %p\n", pkey, x);
-    fprintf(stderr, "ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x, pkey));
-    fprintf(stderr, "cipher, alg, nc = %s, %lx, %lx, %d\n",
-            s->s3->tmp.new_cipher->name,
-            s->s3->tmp.new_cipher->algorithm_mkey,
-            s->s3->tmp.new_cipher->algorithm_auth, need_cert);
-#endif                          /* KSSL_DEBUG */
-
-    if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey))) {
-        x = NULL;
-        al = SSL3_AL_FATAL;
-        SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
-               SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
-        goto f_err;
-    }
-
-    i = ssl_cert_type(x, pkey);
-    if (need_cert && i < 0) {
-        x = NULL;
-        al = SSL3_AL_FATAL;
-        SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
-               SSL_R_UNKNOWN_CERTIFICATE_TYPE);
-        goto f_err;
-    }
-
-    if (need_cert) {
-        int exp_idx = ssl_cipher_get_cert_index(s->s3->tmp.new_cipher);
-        if (exp_idx >= 0 && i != exp_idx) {
-            x = NULL;
-            al = SSL_AD_ILLEGAL_PARAMETER;
-            SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
-                   SSL_R_WRONG_CERTIFICATE_TYPE);
-            goto f_err;
-        }
-        sc->peer_cert_type = i;
-        CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
-        /*
-         * Why would the following ever happen? We just created sc a couple
-         * of lines ago.
-         */
-        if (sc->peer_pkeys[i].x509 != NULL)
-            X509_free(sc->peer_pkeys[i].x509);
-        sc->peer_pkeys[i].x509 = x;
-        sc->peer_key = &(sc->peer_pkeys[i]);
-
-        if (s->session->peer != NULL)
-            X509_free(s->session->peer);
-        CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
-        s->session->peer = x;
-    } else {
-        sc->peer_cert_type = i;
-        sc->peer_key = NULL;
-
-        if (s->session->peer != NULL)
-            X509_free(s->session->peer);
-        s->session->peer = NULL;
-    }
-    s->session->verify_result = s->verify_result;
-
-    x = NULL;
-    ret = 1;
-    if (0) {
- f_err:
-        ssl3_send_alert(s, SSL3_AL_FATAL, al);
- err:
-        s->state = SSL_ST_ERR;
-    }
-
-    EVP_PKEY_free(pkey);
-    X509_free(x);
-    sk_X509_pop_free(sk, X509_free);
-    return (ret);
-}
-
-int ssl3_get_key_exchange(SSL *s)
-{
-#ifndef OPENSSL_NO_RSA
-    unsigned char *q, md_buf[EVP_MAX_MD_SIZE * 2];
-#endif
-    EVP_MD_CTX md_ctx;
-    unsigned char *param, *p;
-    int al, j, ok;
-    long i, param_len, n, alg_k, alg_a;
-    EVP_PKEY *pkey = NULL;
-    const EVP_MD *md = NULL;
-#ifndef OPENSSL_NO_RSA
-    RSA *rsa = NULL;
-#endif
-#ifndef OPENSSL_NO_DH
-    DH *dh = NULL;
-#endif
-#ifndef OPENSSL_NO_ECDH
-    EC_KEY *ecdh = NULL;
-    BN_CTX *bn_ctx = NULL;
-    EC_POINT *srvr_ecpoint = NULL;
-    int curve_nid = 0;
-    int encoded_pt_len = 0;
-#endif
-
-    EVP_MD_CTX_init(&md_ctx);
-
-    /*
-     * use same message size as in ssl3_get_certificate_request() as
-     * ServerKeyExchange message may be skipped
-     */
-    n = s->method->ssl_get_message(s,
-                                   SSL3_ST_CR_KEY_EXCH_A,
-                                   SSL3_ST_CR_KEY_EXCH_B,
-                                   -1, s->max_cert_list, &ok);
-    if (!ok)
-        return ((int)n);
-
-    alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
-
-    if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) {
-        /*
-         * Can't skip server key exchange if this is an ephemeral
-         * ciphersuite.
-         */
-        if (alg_k & (SSL_kDHE | SSL_kECDHE)) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE);
-            al = SSL_AD_UNEXPECTED_MESSAGE;
-            goto f_err;
-        }
-#ifndef OPENSSL_NO_PSK
-        /*
-         * In plain PSK ciphersuite, ServerKeyExchange can be omitted if no
-         * identity hint is sent. Set session->sess_cert anyway to avoid
-         * problems later.
-         */
-        if (alg_k & SSL_kPSK) {
-            s->session->sess_cert = ssl_sess_cert_new();
-            if (s->ctx->psk_identity_hint)
-                OPENSSL_free(s->ctx->psk_identity_hint);
-            s->ctx->psk_identity_hint = NULL;
-        }
-#endif
-        s->s3->tmp.reuse_message = 1;
-        return (1);
-    }
-
-    param = p = (unsigned char *)s->init_msg;
-    if (s->session->sess_cert != NULL) {
-#ifndef OPENSSL_NO_RSA
-        if (s->session->sess_cert->peer_rsa_tmp != NULL) {
-            RSA_free(s->session->sess_cert->peer_rsa_tmp);
-            s->session->sess_cert->peer_rsa_tmp = NULL;
-        }
-#endif
-#ifndef OPENSSL_NO_DH
-        if (s->session->sess_cert->peer_dh_tmp) {
-            DH_free(s->session->sess_cert->peer_dh_tmp);
-            s->session->sess_cert->peer_dh_tmp = NULL;
-        }
-#endif
-#ifndef OPENSSL_NO_ECDH
-        if (s->session->sess_cert->peer_ecdh_tmp) {
-            EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp);
-            s->session->sess_cert->peer_ecdh_tmp = NULL;
-        }
-#endif
-    } else {
-        s->session->sess_cert = ssl_sess_cert_new();
-    }
-
-    /* Total length of the parameters including the length prefix */
-    param_len = 0;
-
-    alg_a = s->s3->tmp.new_cipher->algorithm_auth;
-
-    al = SSL_AD_DECODE_ERROR;
-
-#ifndef OPENSSL_NO_PSK
-    if (alg_k & SSL_kPSK) {
-        param_len = 2;
-        if (param_len > n) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
-            goto f_err;
-        }
-        n2s(p, i);
-
-        /*
-         * Store PSK identity hint for later use, hint is used in
-         * ssl3_send_client_key_exchange.  Assume that the maximum length of
-         * a PSK identity hint can be as long as the maximum length of a PSK
-         * identity.
-         */
-        if (i > PSK_MAX_IDENTITY_LEN) {
-            al = SSL_AD_HANDSHAKE_FAILURE;
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_DATA_LENGTH_TOO_LONG);
-            goto f_err;
-        }
-        if (i > n - param_len) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
-                   SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH);
-            goto f_err;
-        }
-        param_len += i;
-
-        s->session->psk_identity_hint = BUF_strndup((char *)p, i);
-        if (s->session->psk_identity_hint == NULL) {
-            al = SSL_AD_HANDSHAKE_FAILURE;
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
-            goto f_err;
-        }
-
-        p += i;
-        n -= param_len;
-    } else
-#endif                          /* !OPENSSL_NO_PSK */
-#ifndef OPENSSL_NO_SRP
-    if (alg_k & SSL_kSRP) {
-        param_len = 2;
-        if (param_len > n) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
-            goto f_err;
-        }
-        n2s(p, i);
-
-        if (i > n - param_len) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_N_LENGTH);
-            goto f_err;
-        }
-        param_len += i;
-
-        if (!(s->srp_ctx.N = BN_bin2bn(p, i, NULL))) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
-            goto err;
-        }
-        p += i;
-
-        if (2 > n - param_len) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
-            goto f_err;
-        }
-        param_len += 2;
-
-        n2s(p, i);
-
-        if (i > n - param_len) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_G_LENGTH);
-            goto f_err;
-        }
-        param_len += i;
-
-        if (!(s->srp_ctx.g = BN_bin2bn(p, i, NULL))) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
-            goto err;
-        }
-        p += i;
-
-        if (1 > n - param_len) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
-            goto f_err;
-        }
-        param_len += 1;
-
-        i = (unsigned int)(p[0]);
-        p++;
-
-        if (i > n - param_len) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_S_LENGTH);
-            goto f_err;
-        }
-        param_len += i;
-
-        if (!(s->srp_ctx.s = BN_bin2bn(p, i, NULL))) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
-            goto err;
-        }
-        p += i;
-
-        if (2 > n - param_len) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
-            goto f_err;
-        }
-        param_len += 2;
-
-        n2s(p, i);
-
-        if (i > n - param_len) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_B_LENGTH);
-            goto f_err;
-        }
-        param_len += i;
-
-        if (!(s->srp_ctx.B = BN_bin2bn(p, i, NULL))) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
-            goto err;
-        }
-        p += i;
-        n -= param_len;
-
-        if (!srp_verify_server_param(s, &al)) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_PARAMETERS);
-            goto f_err;
-        }
-
-/* We must check if there is a certificate */
-# ifndef OPENSSL_NO_RSA
-        if (alg_a & SSL_aRSA)
-            pkey =
-                X509_get_pubkey(s->session->
-                                sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
-# else
-        if (0) ;
-# endif
-# ifndef OPENSSL_NO_DSA
-        else if (alg_a & SSL_aDSS)
-            pkey =
-                X509_get_pubkey(s->session->
-                                sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].
-                                x509);
-# endif
-    } else
-#endif                          /* !OPENSSL_NO_SRP */
-#ifndef OPENSSL_NO_RSA
-    if (alg_k & SSL_kRSA) {
-        /* Temporary RSA keys only allowed in export ciphersuites */
-        if (!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)) {
-            al = SSL_AD_UNEXPECTED_MESSAGE;
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE);
-            goto f_err;
-        }
-        if ((rsa = RSA_new()) == NULL) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-
-        param_len = 2;
-        if (param_len > n) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
-            goto f_err;
-        }
-        n2s(p, i);
-
-        if (i > n - param_len) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_RSA_MODULUS_LENGTH);
-            goto f_err;
-        }
-        param_len += i;
-
-        if (!(rsa->n = BN_bin2bn(p, i, rsa->n))) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
-            goto err;
-        }
-        p += i;
-
-        if (2 > n - param_len) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
-            goto f_err;
-        }
-        param_len += 2;
-
-        n2s(p, i);
-
-        if (i > n - param_len) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_RSA_E_LENGTH);
-            goto f_err;
-        }
-        param_len += i;
-
-        if (!(rsa->e = BN_bin2bn(p, i, rsa->e))) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
-            goto err;
-        }
-        p += i;
-        n -= param_len;
-
-        /* this should be because we are using an export cipher */
-        if (alg_a & SSL_aRSA)
-            pkey =
-                X509_get_pubkey(s->session->
-                                sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
-        else {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
-            goto err;
-        }
-
-        if (EVP_PKEY_bits(pkey) <= SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
-            al = SSL_AD_UNEXPECTED_MESSAGE;
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE);
-            goto f_err;
-        }
-
-        s->session->sess_cert->peer_rsa_tmp = rsa;
-        rsa = NULL;
-    }
-#else                           /* OPENSSL_NO_RSA */
-    if (0) ;
-#endif
-#ifndef OPENSSL_NO_DH
-    else if (alg_k & SSL_kEDH) {
-        if ((dh = DH_new()) == NULL) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_DH_LIB);
-            goto err;
-        }
-
-        param_len = 2;
-        if (param_len > n) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
-            goto f_err;
-        }
-        n2s(p, i);
-
-        if (i > n - param_len) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_P_LENGTH);
-            goto f_err;
-        }
-        param_len += i;
-
-        if (!(dh->p = BN_bin2bn(p, i, NULL))) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
-            goto err;
-        }
-        p += i;
-
-        if (2 > n - param_len) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
-            goto f_err;
-        }
-        param_len += 2;
-
-        n2s(p, i);
-
-        if (i > n - param_len) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_G_LENGTH);
-            goto f_err;
-        }
-        param_len += i;
-
-        if (!(dh->g = BN_bin2bn(p, i, NULL))) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
-            goto err;
-        }
-        p += i;
-
-        if (2 > n - param_len) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
-            goto f_err;
-        }
-        param_len += 2;
-
-        n2s(p, i);
-
-        if (i > n - param_len) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_PUB_KEY_LENGTH);
-            goto f_err;
-        }
-        param_len += i;
-
-        if (!(dh->pub_key = BN_bin2bn(p, i, NULL))) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
-            goto err;
-        }
-        p += i;
-        n -= param_len;
-
-        if (BN_is_zero(dh->pub_key)) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_PUB_KEY_VALUE);
-            goto f_err;
-        }
-
-        /*-
-         * Check that p and g are suitable enough
-         *
-         * p is odd
-         * 1 < g < p - 1
-         */
-        {
-            BIGNUM *tmp = NULL;
-
-            if (!BN_is_odd(dh->p)) {
-                SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_P_VALUE);
-                goto f_err;
-            }
-            if (BN_is_negative(dh->g) || BN_is_zero(dh->g)
-                || BN_is_one(dh->g)) {
-                SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_G_VALUE);
-                goto f_err;
-            }
-            if ((tmp = BN_new()) == NULL
-                || BN_copy(tmp, dh->p) == NULL
-                || !BN_sub_word(tmp, 1)) {
-                BN_free(tmp);
-                SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
-                goto err;
-            }
-            if (BN_cmp(dh->g, tmp) >= 0) {
-                BN_free(tmp);
-                SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_G_VALUE);
-                goto f_err;
-            }
-            BN_free(tmp);
-        }
-
-# ifndef OPENSSL_NO_RSA
-        if (alg_a & SSL_aRSA)
-            pkey =
-                X509_get_pubkey(s->session->
-                                sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
-# else
-        if (0) ;
-# endif
-# ifndef OPENSSL_NO_DSA
-        else if (alg_a & SSL_aDSS)
-            pkey =
-                X509_get_pubkey(s->session->
-                                sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].
-                                x509);
-# endif
-        /* else anonymous DH, so no certificate or pkey. */
-
-        s->session->sess_cert->peer_dh_tmp = dh;
-        dh = NULL;
-    } else if ((alg_k & SSL_kDHr) || (alg_k & SSL_kDHd)) {
-        al = SSL_AD_ILLEGAL_PARAMETER;
-        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
-               SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
-        goto f_err;
-    }
-#endif                          /* !OPENSSL_NO_DH */
-
-#ifndef OPENSSL_NO_ECDH
-    else if (alg_k & SSL_kEECDH) {
-        EC_GROUP *ngroup;
-        const EC_GROUP *group;
-
-        if ((ecdh = EC_KEY_new()) == NULL) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-
-        /*
-         * Extract elliptic curve parameters and the server's ephemeral ECDH
-         * public key. Keep accumulating lengths of various components in
-         * param_len and make sure it never exceeds n.
-         */
-
-        /*
-         * XXX: For now we only support named (not generic) curves and the
-         * ECParameters in this case is just three bytes. We also need one
-         * byte for the length of the encoded point
-         */
-        param_len = 4;
-        if (param_len > n) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
-            goto f_err;
-        }
-        /*
-         * Check curve is one of our preferences, if not server has sent an
-         * invalid curve. ECParameters is 3 bytes.
-         */
-        if (!tls1_check_curve(s, p, 3)) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_WRONG_CURVE);
-            goto f_err;
-        }
-
-        if ((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) == 0) {
-            al = SSL_AD_INTERNAL_ERROR;
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
-                   SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
-            goto f_err;
-        }
-
-        ngroup = EC_GROUP_new_by_curve_name(curve_nid);
-        if (ngroup == NULL) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_EC_LIB);
-            goto err;
-        }
-        if (EC_KEY_set_group(ecdh, ngroup) == 0) {
-            EC_GROUP_free(ngroup);
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_EC_LIB);
-            goto err;
-        }
-        EC_GROUP_free(ngroup);
-
-        group = EC_KEY_get0_group(ecdh);
-
-        if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
-            (EC_GROUP_get_degree(group) > 163)) {
-            al = SSL_AD_EXPORT_RESTRICTION;
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
-                   SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
-            goto f_err;
-        }
-
-        p += 3;
-
-        /* Next, get the encoded ECPoint */
-        if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) ||
-            ((bn_ctx = BN_CTX_new()) == NULL)) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-
-        encoded_pt_len = *p;    /* length of encoded point */
-        p += 1;
-
-        if ((encoded_pt_len > n - param_len) ||
-            (EC_POINT_oct2point(group, srvr_ecpoint,
-                                p, encoded_pt_len, bn_ctx) == 0)) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_ECPOINT);
-            goto f_err;
-        }
-        param_len += encoded_pt_len;
-
-        n -= param_len;
-        p += encoded_pt_len;
-
-        /*
-         * The ECC/TLS specification does not mention the use of DSA to sign
-         * ECParameters in the server key exchange message. We do support RSA
-         * and ECDSA.
-         */
-        if (0) ;
-# ifndef OPENSSL_NO_RSA
-        else if (alg_a & SSL_aRSA)
-            pkey =
-                X509_get_pubkey(s->session->
-                                sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
-# endif
-# ifndef OPENSSL_NO_ECDSA
-        else if (alg_a & SSL_aECDSA)
-            pkey =
-                X509_get_pubkey(s->session->
-                                sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
-# endif
-        /* else anonymous ECDH, so no certificate or pkey. */
-        EC_KEY_set_public_key(ecdh, srvr_ecpoint);
-        s->session->sess_cert->peer_ecdh_tmp = ecdh;
-        ecdh = NULL;
-        BN_CTX_free(bn_ctx);
-        bn_ctx = NULL;
-        EC_POINT_free(srvr_ecpoint);
-        srvr_ecpoint = NULL;
-    } else if (alg_k) {
-        al = SSL_AD_UNEXPECTED_MESSAGE;
-        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE);
-        goto f_err;
-    }
-#endif                          /* !OPENSSL_NO_ECDH */
-
-    /* p points to the next byte, there are 'n' bytes left */
-
-    /* if it was signed, check the signature */
-    if (pkey != NULL) {
-        if (SSL_USE_SIGALGS(s)) {
-            int rv;
-            if (2 > n) {
-                SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
-                goto f_err;
-            }
-            rv = tls12_check_peer_sigalg(&md, s, p, pkey);
-            if (rv == -1)
-                goto err;
-            else if (rv == 0) {
-                goto f_err;
-            }
-#ifdef SSL_DEBUG
-            fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
-#endif
-            p += 2;
-            n -= 2;
-        } else
-            md = EVP_sha1();
-
-        if (2 > n) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
-            goto f_err;
-        }
-        n2s(p, i);
-        n -= 2;
-        j = EVP_PKEY_size(pkey);
-
-        /*
-         * Check signature length. If n is 0 then signature is empty
-         */
-        if ((i != n) || (n > j) || (n <= 0)) {
-            /* wrong packet length */
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_WRONG_SIGNATURE_LENGTH);
-            goto f_err;
-        }
-#ifndef OPENSSL_NO_RSA
-        if (pkey->type == EVP_PKEY_RSA && !SSL_USE_SIGALGS(s)) {
-            int num;
-            unsigned int size;
-
-            j = 0;
-            q = md_buf;
-            for (num = 2; num > 0; num--) {
-                EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-                if (EVP_DigestInit_ex(&md_ctx,
-                                      (num == 2) ? s->ctx->md5 : s->ctx->sha1,
-                                      NULL) <= 0
-                        || EVP_DigestUpdate(&md_ctx, &(s->s3->client_random[0]),
-                                            SSL3_RANDOM_SIZE) <= 0
-                        || EVP_DigestUpdate(&md_ctx, &(s->s3->server_random[0]),
-                                            SSL3_RANDOM_SIZE) <= 0
-                        || EVP_DigestUpdate(&md_ctx, param, param_len) <= 0
-                        || EVP_DigestFinal_ex(&md_ctx, q, &size) <= 0) {
-                    SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
-                           ERR_R_INTERNAL_ERROR);
-                    al = SSL_AD_INTERNAL_ERROR;
-                    goto f_err;
-                }
-                q += size;
-                j += size;
-            }
-            i = RSA_verify(NID_md5_sha1, md_buf, j, p, n, pkey->pkey.rsa);
-            if (i < 0) {
-                al = SSL_AD_DECRYPT_ERROR;
-                SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_RSA_DECRYPT);
-                goto f_err;
-            }
-            if (i == 0) {
-                /* bad signature */
-                al = SSL_AD_DECRYPT_ERROR;
-                SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SIGNATURE);
-                goto f_err;
-            }
-        } else
-#endif
-        {
-            if (EVP_VerifyInit_ex(&md_ctx, md, NULL) <= 0
-                    || EVP_VerifyUpdate(&md_ctx, &(s->s3->client_random[0]),
-                                        SSL3_RANDOM_SIZE) <= 0
-                    || EVP_VerifyUpdate(&md_ctx, &(s->s3->server_random[0]),
-                                        SSL3_RANDOM_SIZE) <= 0
-                    || EVP_VerifyUpdate(&md_ctx, param, param_len) <= 0) {
-                al = SSL_AD_INTERNAL_ERROR;
-                SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_EVP_LIB);
-                goto f_err;
-            }
-            if (EVP_VerifyFinal(&md_ctx, p, (int)n, pkey) <= 0) {
-                /* bad signature */
-                al = SSL_AD_DECRYPT_ERROR;
-                SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SIGNATURE);
-                goto f_err;
-            }
-        }
-    } else {
-        /* aNULL, aSRP or kPSK do not need public keys */
-        if (!(alg_a & (SSL_aNULL | SSL_aSRP)) && !(alg_k & SSL_kPSK)) {
-            /* Might be wrong key type, check it */
-            if (ssl3_check_cert_and_algorithm(s))
-                /* Otherwise this shouldn't happen */
-                SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
-            goto err;
-        }
-        /* still data left over */
-        if (n != 0) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_EXTRA_DATA_IN_MESSAGE);
-            goto f_err;
-        }
-    }
-    EVP_PKEY_free(pkey);
-    EVP_MD_CTX_cleanup(&md_ctx);
-    return (1);
- f_err:
-    ssl3_send_alert(s, SSL3_AL_FATAL, al);
- err:
-    EVP_PKEY_free(pkey);
-#ifndef OPENSSL_NO_RSA
-    if (rsa != NULL)
-        RSA_free(rsa);
-#endif
-#ifndef OPENSSL_NO_DH
-    if (dh != NULL)
-        DH_free(dh);
-#endif
-#ifndef OPENSSL_NO_ECDH
-    BN_CTX_free(bn_ctx);
-    EC_POINT_free(srvr_ecpoint);
-    if (ecdh != NULL)
-        EC_KEY_free(ecdh);
-#endif
-    EVP_MD_CTX_cleanup(&md_ctx);
-    s->state = SSL_ST_ERR;
-    return (-1);
-}
-
-int ssl3_get_certificate_request(SSL *s)
-{
-    int ok, ret = 0;
-    unsigned long n, nc, l;
-    unsigned int llen, ctype_num, i;
-    X509_NAME *xn = NULL;
-    const unsigned char *p, *q;
-    unsigned char *d;
-    STACK_OF(X509_NAME) *ca_sk = NULL;
-
-    n = s->method->ssl_get_message(s,
-                                   SSL3_ST_CR_CERT_REQ_A,
-                                   SSL3_ST_CR_CERT_REQ_B,
-                                   -1, s->max_cert_list, &ok);
-
-    if (!ok)
-        return ((int)n);
-
-    s->s3->tmp.cert_req = 0;
-
-    if (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE) {
-        s->s3->tmp.reuse_message = 1;
-        /*
-         * If we get here we don't need any cached handshake records as we
-         * wont be doing client auth.
-         */
-        if (s->s3->handshake_buffer) {
-            if (!ssl3_digest_cached_records(s))
-                goto err;
-        }
-        return (1);
-    }
-
-    if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST) {
-        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
-        SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_WRONG_MESSAGE_TYPE);
-        goto err;
-    }
-
-    /* TLS does not like anon-DH with client cert */
-    if (s->version > SSL3_VERSION) {
-        if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) {
-            ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
-            SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
-                   SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);
-            goto err;
-        }
-    }
-
-    p = d = (unsigned char *)s->init_msg;
-
-    if ((ca_sk = sk_X509_NAME_new(ca_dn_cmp)) == NULL) {
-        SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    /* get the certificate types */
-    ctype_num = *(p++);
-    if (s->cert->ctypes) {
-        OPENSSL_free(s->cert->ctypes);
-        s->cert->ctypes = NULL;
-    }
-    if (ctype_num > SSL3_CT_NUMBER) {
-        /* If we exceed static buffer copy all to cert structure */
-        s->cert->ctypes = OPENSSL_malloc(ctype_num);
-        if (s->cert->ctypes == NULL) {
-            SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-        memcpy(s->cert->ctypes, p, ctype_num);
-        s->cert->ctype_num = (size_t)ctype_num;
-        ctype_num = SSL3_CT_NUMBER;
-    }
-    for (i = 0; i < ctype_num; i++)
-        s->s3->tmp.ctype[i] = p[i];
-    p += p[-1];
-    if (SSL_USE_SIGALGS(s)) {
-        n2s(p, llen);
-        /*
-         * Check we have enough room for signature algorithms and following
-         * length value.
-         */
-        if ((unsigned long)(p - d + llen + 2) > n) {
-            ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
-            SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
-                   SSL_R_DATA_LENGTH_TOO_LONG);
-            goto err;
-        }
-        /* Clear certificate digests and validity flags */
-        for (i = 0; i < SSL_PKEY_NUM; i++) {
-            s->cert->pkeys[i].digest = NULL;
-            s->cert->pkeys[i].valid_flags = 0;
-        }
-        if ((llen & 1) || !tls1_save_sigalgs(s, p, llen)) {
-            ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
-            SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
-                   SSL_R_SIGNATURE_ALGORITHMS_ERROR);
-            goto err;
-        }
-        if (!tls1_process_sigalgs(s)) {
-            ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
-            SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-        p += llen;
-    }
-
-    /* get the CA RDNs */
-    n2s(p, llen);
-#if 0
-    {
-        FILE *out;
-        out = fopen("/tmp/vsign.der", "w");
-        fwrite(p, 1, llen, out);
-        fclose(out);
-    }
-#endif
-
-    if ((unsigned long)(p - d + llen) != n) {
-        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
-        SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_LENGTH_MISMATCH);
-        goto err;
-    }
-
-    for (nc = 0; nc < llen;) {
-        if (nc + 2 > llen) {
-            ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
-            SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_CA_DN_TOO_LONG);
-            goto err;
-        }
-        n2s(p, l);
-        if ((l + nc + 2) > llen) {
-            if ((s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
-                goto cont;      /* netscape bugs */
-            ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
-            SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_CA_DN_TOO_LONG);
-            goto err;
-        }
-
-        q = p;
-
-        if ((xn = d2i_X509_NAME(NULL, &q, l)) == NULL) {
-            /* If netscape tolerance is on, ignore errors */
-            if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG)
-                goto cont;
-            else {
-                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
-                SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, ERR_R_ASN1_LIB);
-                goto err;
-            }
-        }
-
-        if (q != (p + l)) {
-            ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
-            SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
-                   SSL_R_CA_DN_LENGTH_MISMATCH);
-            goto err;
-        }
-        if (!sk_X509_NAME_push(ca_sk, xn)) {
-            SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-        xn = NULL;
-
-        p += l;
-        nc += l + 2;
-    }
-
-    if (0) {
- cont:
-        ERR_clear_error();
-    }
-
-    /* we should setup a certificate to return.... */
-    s->s3->tmp.cert_req = 1;
-    s->s3->tmp.ctype_num = ctype_num;
-    if (s->s3->tmp.ca_names != NULL)
-        sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
-    s->s3->tmp.ca_names = ca_sk;
-    ca_sk = NULL;
-
-    ret = 1;
-    goto done;
- err:
-    s->state = SSL_ST_ERR;
- done:
-    X509_NAME_free(xn);
-    if (ca_sk != NULL)
-        sk_X509_NAME_pop_free(ca_sk, X509_NAME_free);
-    return (ret);
-}
-
-static int ca_dn_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
-{
-    return (X509_NAME_cmp(*a, *b));
-}
-
-#ifndef OPENSSL_NO_TLSEXT
-int ssl3_get_new_session_ticket(SSL *s)
-{
-    int ok, al, ret = 0, ticklen;
-    long n;
-    const unsigned char *p;
-    unsigned char *d;
-    unsigned long ticket_lifetime_hint;
-
-    n = s->method->ssl_get_message(s,
-                                   SSL3_ST_CR_SESSION_TICKET_A,
-                                   SSL3_ST_CR_SESSION_TICKET_B,
-                                   SSL3_MT_NEWSESSION_TICKET, 16384, &ok);
-
-    if (!ok)
-        return ((int)n);
-
-    if (n < 6) {
-        /* need at least ticket_lifetime_hint + ticket length */
-        al = SSL_AD_DECODE_ERROR;
-        SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH);
-        goto f_err;
-    }
-
-    p = d = (unsigned char *)s->init_msg;
-
-    n2l(p, ticket_lifetime_hint);
-    n2s(p, ticklen);
-    /* ticket_lifetime_hint + ticket_length + ticket */
-    if (ticklen + 6 != n) {
-        al = SSL_AD_DECODE_ERROR;
-        SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH);
-        goto f_err;
-    }
-
-    /* Server is allowed to change its mind and send an empty ticket. */
-    if (ticklen == 0)
-        return 1;
-
-    if (s->session->session_id_length > 0) {
-        int i = s->session_ctx->session_cache_mode;
-        SSL_SESSION *new_sess;
-        /*
-         * We reused an existing session, so we need to replace it with a new
-         * one
-         */
-        if (i & SSL_SESS_CACHE_CLIENT) {
-            /*
-             * Remove the old session from the cache
-             */
-            if (i & SSL_SESS_CACHE_NO_INTERNAL_STORE) {
-                if (s->session_ctx->remove_session_cb != NULL)
-                    s->session_ctx->remove_session_cb(s->session_ctx,
-                                                      s->session);
-            } else {
-                /* We carry on if this fails */
-                SSL_CTX_remove_session(s->session_ctx, s->session);
-            }
-        }
-
-        if ((new_sess = ssl_session_dup(s->session, 0)) == 0) {
-            al = SSL_AD_INTERNAL_ERROR;
-            SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE);
-            goto f_err;
-        }
-
-        SSL_SESSION_free(s->session);
-        s->session = new_sess;
-    }
-
-    if (s->session->tlsext_tick) {
-        OPENSSL_free(s->session->tlsext_tick);
-        s->session->tlsext_ticklen = 0;
-    }
-    s->session->tlsext_tick = OPENSSL_malloc(ticklen);
-    if (!s->session->tlsext_tick) {
-        SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-    memcpy(s->session->tlsext_tick, p, ticklen);
-    s->session->tlsext_tick_lifetime_hint = ticket_lifetime_hint;
-    s->session->tlsext_ticklen = ticklen;
-    /*
-     * There are two ways to detect a resumed ticket session. One is to set
-     * an appropriate session ID and then the server must return a match in
-     * ServerHello. This allows the normal client session ID matching to work
-     * and we know much earlier that the ticket has been accepted. The
-     * other way is to set zero length session ID when the ticket is
-     * presented and rely on the handshake to determine session resumption.
-     * We choose the former approach because this fits in with assumptions
-     * elsewhere in OpenSSL. The session ID is set to the SHA256 (or SHA1 is
-     * SHA256 is disabled) hash of the ticket.
-     */
-    EVP_Digest(p, ticklen,
-               s->session->session_id, &s->session->session_id_length,
-# ifndef OPENSSL_NO_SHA256
-               EVP_sha256(), NULL);
-# else
-               EVP_sha1(), NULL);
-# endif
-    ret = 1;
-    return (ret);
- f_err:
-    ssl3_send_alert(s, SSL3_AL_FATAL, al);
- err:
-    s->state = SSL_ST_ERR;
-    return (-1);
-}
-
-int ssl3_get_cert_status(SSL *s)
-{
-    int ok, al;
-    unsigned long resplen, n;
-    const unsigned char *p;
-
-    n = s->method->ssl_get_message(s,
-                                   SSL3_ST_CR_CERT_STATUS_A,
-                                   SSL3_ST_CR_CERT_STATUS_B,
-                                   -1, 16384, &ok);
-
-    if (!ok)
-        return ((int)n);
-
-    if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_STATUS) {
-        /*
-         * The CertificateStatus message is optional even if
-         * tlsext_status_expected is set
-         */
-        s->s3->tmp.reuse_message = 1;
-    } else {
-        if (n < 4) {
-            /* need at least status type + length */
-            al = SSL_AD_DECODE_ERROR;
-            SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_LENGTH_MISMATCH);
-            goto f_err;
-        }
-        p = (unsigned char *)s->init_msg;
-        if (*p++ != TLSEXT_STATUSTYPE_ocsp) {
-            al = SSL_AD_DECODE_ERROR;
-            SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_UNSUPPORTED_STATUS_TYPE);
-            goto f_err;
-        }
-        n2l3(p, resplen);
-        if (resplen + 4 != n) {
-            al = SSL_AD_DECODE_ERROR;
-            SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_LENGTH_MISMATCH);
-            goto f_err;
-        }
-        s->tlsext_ocsp_resp = BUF_memdup(p, resplen);
-        if (s->tlsext_ocsp_resp == NULL) {
-            al = SSL_AD_INTERNAL_ERROR;
-            SSLerr(SSL_F_SSL3_GET_CERT_STATUS, ERR_R_MALLOC_FAILURE);
-            goto f_err;
-        }
-        s->tlsext_ocsp_resplen = resplen;
-    }
-    if (s->ctx->tlsext_status_cb) {
-        int ret;
-        ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
-        if (ret == 0) {
-            al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
-            SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_INVALID_STATUS_RESPONSE);
-            goto f_err;
-        }
-        if (ret < 0) {
-            al = SSL_AD_INTERNAL_ERROR;
-            SSLerr(SSL_F_SSL3_GET_CERT_STATUS, ERR_R_MALLOC_FAILURE);
-            goto f_err;
-        }
-    }
-    return 1;
- f_err:
-    ssl3_send_alert(s, SSL3_AL_FATAL, al);
-    s->state = SSL_ST_ERR;
-    return (-1);
-}
-#endif
-
-int ssl3_get_server_done(SSL *s)
-{
-    int ok, ret = 0;
-    long n;
-
-    /* Second to last param should be very small, like 0 :-) */
-    n = s->method->ssl_get_message(s,
-                                   SSL3_ST_CR_SRVR_DONE_A,
-                                   SSL3_ST_CR_SRVR_DONE_B,
-                                   SSL3_MT_SERVER_DONE, 30, &ok);
-
-    if (!ok)
-        return ((int)n);
-    if (n > 0) {
-        /* should contain no data */
-        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
-        SSLerr(SSL_F_SSL3_GET_SERVER_DONE, SSL_R_LENGTH_MISMATCH);
-        s->state = SSL_ST_ERR;
-        return -1;
-    }
-    ret = 1;
-    return (ret);
-}
-
-#ifndef OPENSSL_NO_DH
-static DH *get_server_static_dh_key(SESS_CERT *scert)
-{
-    DH *dh_srvr = NULL;
-    EVP_PKEY *spkey = NULL;
-    int idx = scert->peer_cert_type;
-
-    if (idx >= 0)
-        spkey = X509_get_pubkey(scert->peer_pkeys[idx].x509);
-    if (spkey) {
-        dh_srvr = EVP_PKEY_get1_DH(spkey);
-        EVP_PKEY_free(spkey);
-    }
-    if (dh_srvr == NULL)
-        SSLerr(SSL_F_GET_SERVER_STATIC_DH_KEY, ERR_R_INTERNAL_ERROR);
-    return dh_srvr;
-}
-#endif
-
-int ssl3_send_client_key_exchange(SSL *s)
-{
-    unsigned char *p;
-    int n;
-    unsigned long alg_k;
-#ifndef OPENSSL_NO_RSA
-    unsigned char *q;
-    EVP_PKEY *pkey = NULL;
-#endif
-#ifndef OPENSSL_NO_KRB5
-    KSSL_ERR kssl_err;
-#endif                          /* OPENSSL_NO_KRB5 */
-#ifndef OPENSSL_NO_ECDH
-    EC_KEY *clnt_ecdh = NULL;
-    const EC_POINT *srvr_ecpoint = NULL;
-    EVP_PKEY *srvr_pub_pkey = NULL;
-    unsigned char *encodedPoint = NULL;
-    int encoded_pt_len = 0;
-    BN_CTX *bn_ctx = NULL;
-#endif
-
-    if (s->state == SSL3_ST_CW_KEY_EXCH_A) {
-        p = ssl_handshake_start(s);
-
-        alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
-
-        /* Fool emacs indentation */
-        if (0) {
-        }
-#ifndef OPENSSL_NO_RSA
-        else if (alg_k & SSL_kRSA) {
-            RSA *rsa;
-            unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
-
-            if (s->session->sess_cert == NULL) {
-                /*
-                 * We should always have a server certificate with SSL_kRSA.
-                 */
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                       ERR_R_INTERNAL_ERROR);
-                goto err;
-            }
-
-            if (s->session->sess_cert->peer_rsa_tmp != NULL)
-                rsa = s->session->sess_cert->peer_rsa_tmp;
-            else {
-                pkey =
-                    X509_get_pubkey(s->session->
-                                    sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].
-                                    x509);
-                if ((pkey == NULL) || (pkey->type != EVP_PKEY_RSA)
-                    || (pkey->pkey.rsa == NULL)) {
-                    SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                           ERR_R_INTERNAL_ERROR);
-                    EVP_PKEY_free(pkey);
-                    goto err;
-                }
-                rsa = pkey->pkey.rsa;
-                EVP_PKEY_free(pkey);
-            }
-
-            tmp_buf[0] = s->client_version >> 8;
-            tmp_buf[1] = s->client_version & 0xff;
-            if (RAND_bytes(&(tmp_buf[2]), sizeof(tmp_buf) - 2) <= 0)
-                goto err;
-
-            s->session->master_key_length = sizeof(tmp_buf);
-
-            q = p;
-            /* Fix buf for TLS and beyond */
-            if (s->version > SSL3_VERSION)
-                p += 2;
-            n = RSA_public_encrypt(sizeof(tmp_buf),
-                                   tmp_buf, p, rsa, RSA_PKCS1_PADDING);
-# ifdef PKCS1_CHECK
-            if (s->options & SSL_OP_PKCS1_CHECK_1)
-                p[1]++;
-            if (s->options & SSL_OP_PKCS1_CHECK_2)
-                tmp_buf[0] = 0x70;
-# endif
-            if (n <= 0) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                       SSL_R_BAD_RSA_ENCRYPT);
-                goto err;
-            }
-
-            /* Fix buf for TLS and beyond */
-            if (s->version > SSL3_VERSION) {
-                s2n(n, q);
-                n += 2;
-            }
-
-            s->session->master_key_length =
-                s->method->ssl3_enc->generate_master_secret(s,
-                                                            s->
-                                                            session->master_key,
-                                                            tmp_buf,
-                                                            sizeof(tmp_buf));
-            OPENSSL_cleanse(tmp_buf, sizeof(tmp_buf));
-        }
-#endif
-#ifndef OPENSSL_NO_KRB5
-        else if (alg_k & SSL_kKRB5) {
-            krb5_error_code krb5rc;
-            KSSL_CTX *kssl_ctx = s->kssl_ctx;
-            /*  krb5_data   krb5_ap_req;  */
-            krb5_data *enc_ticket;
-            krb5_data authenticator, *authp = NULL;
-            EVP_CIPHER_CTX ciph_ctx;
-            const EVP_CIPHER *enc = NULL;
-            unsigned char iv[EVP_MAX_IV_LENGTH];
-            unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
-            unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH + EVP_MAX_IV_LENGTH];
-            int padl, outl = sizeof(epms);
-
-            EVP_CIPHER_CTX_init(&ciph_ctx);
-
-# ifdef KSSL_DEBUG
-            fprintf(stderr, "ssl3_send_client_key_exchange(%lx & %lx)\n",
-                    alg_k, SSL_kKRB5);
-# endif                         /* KSSL_DEBUG */
-
-            authp = NULL;
-# ifdef KRB5SENDAUTH
-            if (KRB5SENDAUTH)
-                authp = &authenticator;
-# endif                         /* KRB5SENDAUTH */
-
-            krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp, &kssl_err);
-            enc = kssl_map_enc(kssl_ctx->enctype);
-            if (enc == NULL)
-                goto err;
-# ifdef KSSL_DEBUG
-            {
-                fprintf(stderr, "kssl_cget_tkt rtn %d\n", krb5rc);
-                if (krb5rc && kssl_err.text)
-                    fprintf(stderr, "kssl_cget_tkt kssl_err=%s\n",
-                            kssl_err.text);
-            }
-# endif                         /* KSSL_DEBUG */
-
-            if (krb5rc) {
-                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, kssl_err.reason);
-                goto err;
-            }
-
-            /*-
-             * 20010406 VRS - Earlier versions used KRB5 AP_REQ
-             * in place of RFC 2712 KerberosWrapper, as in:
-             *
-             * Send ticket (copy to *p, set n = length)
-             * n = krb5_ap_req.length;
-             * memcpy(p, krb5_ap_req.data, krb5_ap_req.length);
-             * if (krb5_ap_req.data)
-             *   kssl_krb5_free_data_contents(NULL,&krb5_ap_req);
-             *
-             * Now using real RFC 2712 KerberosWrapper
-             * (Thanks to Simon Wilkinson <sxw@sxw.org.uk>)
-             * Note: 2712 "opaque" types are here replaced
-             * with a 2-byte length followed by the value.
-             * Example:
-             * KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms
-             * Where "xx xx" = length bytes.  Shown here with
-             * optional authenticator omitted.
-             */
-
-            /*  KerberosWrapper.Ticket              */
-            s2n(enc_ticket->length, p);
-            memcpy(p, enc_ticket->data, enc_ticket->length);
-            p += enc_ticket->length;
-            n = enc_ticket->length + 2;
-
-            /*  KerberosWrapper.Authenticator       */
-            if (authp && authp->length) {
-                s2n(authp->length, p);
-                memcpy(p, authp->data, authp->length);
-                p += authp->length;
-                n += authp->length + 2;
-
-                free(authp->data);
-                authp->data = NULL;
-                authp->length = 0;
-            } else {
-                s2n(0, p);      /* null authenticator length */
-                n += 2;
-            }
-
-            tmp_buf[0] = s->client_version >> 8;
-            tmp_buf[1] = s->client_version & 0xff;
-            if (RAND_bytes(&(tmp_buf[2]), sizeof(tmp_buf) - 2) <= 0)
-                goto err;
-
-            /*-
-             * 20010420 VRS.  Tried it this way; failed.
-             *      EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
-             *      EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
-             *                              kssl_ctx->length);
-             *      EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
-             */
-
-            memset(iv, 0, sizeof(iv)); /* per RFC 1510 */
-            EVP_EncryptInit_ex(&ciph_ctx, enc, NULL, kssl_ctx->key, iv);
-            EVP_EncryptUpdate(&ciph_ctx, epms, &outl, tmp_buf,
-                              sizeof(tmp_buf));
-            EVP_EncryptFinal_ex(&ciph_ctx, &(epms[outl]), &padl);
-            outl += padl;
-            if (outl > (int)sizeof(epms)) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                       ERR_R_INTERNAL_ERROR);
-                goto err;
-            }
-            EVP_CIPHER_CTX_cleanup(&ciph_ctx);
-
-            /*  KerberosWrapper.EncryptedPreMasterSecret    */
-            s2n(outl, p);
-            memcpy(p, epms, outl);
-            p += outl;
-            n += outl + 2;
-
-            s->session->master_key_length =
-                s->method->ssl3_enc->generate_master_secret(s,
-                                                            s->
-                                                            session->master_key,
-                                                            tmp_buf,
-                                                            sizeof(tmp_buf));
-
-            OPENSSL_cleanse(tmp_buf, sizeof(tmp_buf));
-            OPENSSL_cleanse(epms, outl);
-        }
-#endif
-#ifndef OPENSSL_NO_DH
-        else if (alg_k & (SSL_kEDH | SSL_kDHr | SSL_kDHd)) {
-            DH *dh_srvr, *dh_clnt;
-            SESS_CERT *scert = s->session->sess_cert;
-
-            if (scert == NULL) {
-                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                       SSL_R_UNEXPECTED_MESSAGE);
-                goto err;
-            }
-
-            if (scert->peer_dh_tmp != NULL) {
-                dh_srvr = scert->peer_dh_tmp;
-            } else {
-                dh_srvr = get_server_static_dh_key(scert);
-                if (dh_srvr == NULL)
-                    goto err;
-            }
-
-            if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) {
-                /* Use client certificate key */
-                EVP_PKEY *clkey = s->cert->key->privatekey;
-                dh_clnt = NULL;
-                if (clkey)
-                    dh_clnt = EVP_PKEY_get1_DH(clkey);
-                if (dh_clnt == NULL) {
-                    SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                           ERR_R_INTERNAL_ERROR);
-                    goto err;
-                }
-            } else {
-                /* generate a new random key */
-                if ((dh_clnt = DHparams_dup(dh_srvr)) == NULL) {
-                    SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
-                    goto err;
-                }
-                if (!DH_generate_key(dh_clnt)) {
-                    SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
-                    DH_free(dh_clnt);
-                    goto err;
-                }
-            }
-
-            /*
-             * use the 'p' output buffer for the DH key, but make sure to
-             * clear it out afterwards
-             */
-
-            n = DH_compute_key(p, dh_srvr->pub_key, dh_clnt);
-            if (scert->peer_dh_tmp == NULL)
-                DH_free(dh_srvr);
-
-            if (n <= 0) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
-                DH_free(dh_clnt);
-                goto err;
-            }
-
-            /* generate master key from the result */
-            s->session->master_key_length =
-                s->method->ssl3_enc->generate_master_secret(s,
-                                                            s->
-                                                            session->master_key,
-                                                            p, n);
-            /* clean up */
-            memset(p, 0, n);
-
-            if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY)
-                n = 0;
-            else {
-                /* send off the data */
-                n = BN_num_bytes(dh_clnt->pub_key);
-                s2n(n, p);
-                BN_bn2bin(dh_clnt->pub_key, p);
-                n += 2;
-            }
-
-            DH_free(dh_clnt);
-        }
-#endif
-
-#ifndef OPENSSL_NO_ECDH
-        else if (alg_k & (SSL_kEECDH | SSL_kECDHr | SSL_kECDHe)) {
-            const EC_GROUP *srvr_group = NULL;
-            EC_KEY *tkey;
-            int ecdh_clnt_cert = 0;
-            int field_size = 0;
-
-            if (s->session->sess_cert == NULL) {
-                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                       SSL_R_UNEXPECTED_MESSAGE);
-                goto err;
-            }
-
-            /*
-             * Did we send out the client's ECDH share for use in premaster
-             * computation as part of client certificate? If so, set
-             * ecdh_clnt_cert to 1.
-             */
-            if ((alg_k & (SSL_kECDHr | SSL_kECDHe)) && (s->cert != NULL)) {
-                /*-
-                 * XXX: For now, we do not support client
-                 * authentication using ECDH certificates.
-                 * To add such support, one needs to add
-                 * code that checks for appropriate
-                 * conditions and sets ecdh_clnt_cert to 1.
-                 * For example, the cert have an ECC
-                 * key on the same curve as the server's
-                 * and the key should be authorized for
-                 * key agreement.
-                 *
-                 * One also needs to add code in ssl3_connect
-                 * to skip sending the certificate verify
-                 * message.
-                 *
-                 * if ((s->cert->key->privatekey != NULL) &&
-                 *     (s->cert->key->privatekey->type ==
-                 *      EVP_PKEY_EC) && ...)
-                 * ecdh_clnt_cert = 1;
-                 */
-            }
-
-            if (s->session->sess_cert->peer_ecdh_tmp != NULL) {
-                tkey = s->session->sess_cert->peer_ecdh_tmp;
-            } else {
-                /* Get the Server Public Key from Cert */
-                srvr_pub_pkey =
-                    X509_get_pubkey(s->session->
-                                    sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
-                if ((srvr_pub_pkey == NULL)
-                    || (srvr_pub_pkey->type != EVP_PKEY_EC)
-                    || (srvr_pub_pkey->pkey.ec == NULL)) {
-                    SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                           ERR_R_INTERNAL_ERROR);
-                    goto err;
-                }
-
-                tkey = srvr_pub_pkey->pkey.ec;
-            }
-
-            srvr_group = EC_KEY_get0_group(tkey);
-            srvr_ecpoint = EC_KEY_get0_public_key(tkey);
-
-            if ((srvr_group == NULL) || (srvr_ecpoint == NULL)) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                       ERR_R_INTERNAL_ERROR);
-                goto err;
-            }
-
-            if ((clnt_ecdh = EC_KEY_new()) == NULL) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                       ERR_R_MALLOC_FAILURE);
-                goto err;
-            }
-
-            if (!EC_KEY_set_group(clnt_ecdh, srvr_group)) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
-                goto err;
-            }
-            if (ecdh_clnt_cert) {
-                /*
-                 * Reuse key info from our certificate We only need our
-                 * private key to perform the ECDH computation.
-                 */
-                const BIGNUM *priv_key;
-                tkey = s->cert->key->privatekey->pkey.ec;
-                priv_key = EC_KEY_get0_private_key(tkey);
-                if (priv_key == NULL) {
-                    SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                           ERR_R_MALLOC_FAILURE);
-                    goto err;
-                }
-                if (!EC_KEY_set_private_key(clnt_ecdh, priv_key)) {
-                    SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
-                    goto err;
-                }
-            } else {
-                /* Generate a new ECDH key pair */
-                if (!(EC_KEY_generate_key(clnt_ecdh))) {
-                    SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                           ERR_R_ECDH_LIB);
-                    goto err;
-                }
-            }
-
-            /*
-             * use the 'p' output buffer for the ECDH key, but make sure to
-             * clear it out afterwards
-             */
-
-            field_size = EC_GROUP_get_degree(srvr_group);
-            if (field_size <= 0) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
-                goto err;
-            }
-            n = ECDH_compute_key(p, (field_size + 7) / 8, srvr_ecpoint,
-                                 clnt_ecdh, NULL);
-            if (n <= 0) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
-                goto err;
-            }
-
-            /* generate master key from the result */
-            s->session->master_key_length =
-                s->method->ssl3_enc->generate_master_secret(s,
-                                                            s->
-                                                            session->master_key,
-                                                            p, n);
-
-            memset(p, 0, n);    /* clean up */
-
-            if (ecdh_clnt_cert) {
-                /* Send empty client key exch message */
-                n = 0;
-            } else {
-                /*
-                 * First check the size of encoding and allocate memory
-                 * accordingly.
-                 */
-                encoded_pt_len =
-                    EC_POINT_point2oct(srvr_group,
-                                       EC_KEY_get0_public_key(clnt_ecdh),
-                                       POINT_CONVERSION_UNCOMPRESSED,
-                                       NULL, 0, NULL);
-
-                encodedPoint = (unsigned char *)
-                    OPENSSL_malloc(encoded_pt_len * sizeof(unsigned char));
-                bn_ctx = BN_CTX_new();
-                if ((encodedPoint == NULL) || (bn_ctx == NULL)) {
-                    SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                           ERR_R_MALLOC_FAILURE);
-                    goto err;
-                }
-
-                /* Encode the public key */
-                n = EC_POINT_point2oct(srvr_group,
-                                       EC_KEY_get0_public_key(clnt_ecdh),
-                                       POINT_CONVERSION_UNCOMPRESSED,
-                                       encodedPoint, encoded_pt_len, bn_ctx);
-
-                *p = n;         /* length of encoded point */
-                /* Encoded point will be copied here */
-                p += 1;
-                /* copy the point */
-                memcpy((unsigned char *)p, encodedPoint, n);
-                /* increment n to account for length field */
-                n += 1;
-            }
-
-            /* Free allocated memory */
-            BN_CTX_free(bn_ctx);
-            if (encodedPoint != NULL)
-                OPENSSL_free(encodedPoint);
-            if (clnt_ecdh != NULL)
-                EC_KEY_free(clnt_ecdh);
-            EVP_PKEY_free(srvr_pub_pkey);
-        }
-#endif                          /* !OPENSSL_NO_ECDH */
-        else if (alg_k & SSL_kGOST) {
-            /* GOST key exchange message creation */
-            EVP_PKEY_CTX *pkey_ctx;
-            X509 *peer_cert;
-            size_t msglen;
-            unsigned int md_len;
-            int keytype;
-            unsigned char premaster_secret[32], shared_ukm[32], tmp[256];
-            EVP_MD_CTX *ukm_hash;
-            EVP_PKEY *pub_key;
-
-            /*
-             * Get server sertificate PKEY and create ctx from it
-             */
-            peer_cert =
-                s->session->
-                sess_cert->peer_pkeys[(keytype = SSL_PKEY_GOST01)].x509;
-            if (!peer_cert)
-                peer_cert =
-                    s->session->
-                    sess_cert->peer_pkeys[(keytype = SSL_PKEY_GOST94)].x509;
-            if (!peer_cert) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                       SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
-                goto err;
-            }
-
-            pkey_ctx = EVP_PKEY_CTX_new(pub_key =
-                                        X509_get_pubkey(peer_cert), NULL);
-            if (pkey_ctx == NULL) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                       ERR_R_MALLOC_FAILURE);
-                goto err;
-            }
-            /*
-             * If we have send a certificate, and certificate key
-             *
-             * * parameters match those of server certificate, use
-             * certificate key for key exchange
-             */
-
-            /* Otherwise, generate ephemeral key pair */
-
-            if (pkey_ctx == NULL
-                    || EVP_PKEY_encrypt_init(pkey_ctx) <= 0
-                    /* Generate session key */
-                    || RAND_bytes(premaster_secret, 32) <= 0) {
-                EVP_PKEY_CTX_free(pkey_ctx);
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                       ERR_R_INTERNAL_ERROR);
-                goto err;
-            }
-            /*
-             * Compute shared IV and store it in algorithm-specific context
-             * data
-             */
-            ukm_hash = EVP_MD_CTX_create();
-            if (EVP_DigestInit(ukm_hash,
-                               EVP_get_digestbynid(NID_id_GostR3411_94)) <= 0
-                    || EVP_DigestUpdate(ukm_hash, s->s3->client_random,
-                                        SSL3_RANDOM_SIZE) <= 0
-                    || EVP_DigestUpdate(ukm_hash, s->s3->server_random,
-                                        SSL3_RANDOM_SIZE) <= 0
-                    || EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len) <= 0) {
-                EVP_MD_CTX_destroy(ukm_hash);
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                       ERR_R_INTERNAL_ERROR);
-                goto err;
-            }
-            EVP_MD_CTX_destroy(ukm_hash);
-            if (EVP_PKEY_CTX_ctrl
-                (pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT, EVP_PKEY_CTRL_SET_IV, 8,
-                 shared_ukm) < 0) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                       SSL_R_LIBRARY_BUG);
-                goto err;
-            }
-            /* Make GOST keytransport blob message */
-            /*
-             * Encapsulate it into sequence
-             */
-            *(p++) = V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED;
-            msglen = 255;
-            if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, premaster_secret, 32)
-                <= 0) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                       SSL_R_LIBRARY_BUG);
-                goto err;
-            }
-            if (msglen >= 0x80) {
-                *(p++) = 0x81;
-                *(p++) = msglen & 0xff;
-                n = msglen + 3;
-            } else {
-                *(p++) = msglen & 0xff;
-                n = msglen + 2;
-            }
-            memcpy(p, tmp, msglen);
-            EVP_PKEY_CTX_free(pkey_ctx);
-            s->session->master_key_length =
-                s->method->ssl3_enc->generate_master_secret(s,
-                                                            s->
-                                                            session->master_key,
-                                                            premaster_secret,
-                                                            32);
-            EVP_PKEY_free(pub_key);
-
-        }
-#ifndef OPENSSL_NO_SRP
-        else if (alg_k & SSL_kSRP) {
-            if (s->srp_ctx.A != NULL) {
-                /* send off the data */
-                n = BN_num_bytes(s->srp_ctx.A);
-                s2n(n, p);
-                BN_bn2bin(s->srp_ctx.A, p);
-                n += 2;
-            } else {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                       ERR_R_INTERNAL_ERROR);
-                goto err;
-            }
-            if (s->session->srp_username != NULL)
-                OPENSSL_free(s->session->srp_username);
-            s->session->srp_username = BUF_strdup(s->srp_ctx.login);
-            if (s->session->srp_username == NULL) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                       ERR_R_MALLOC_FAILURE);
-                goto err;
-            }
-
-            if ((s->session->master_key_length =
-                 SRP_generate_client_master_secret(s,
-                                                   s->session->master_key)) <
-                0) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                       ERR_R_INTERNAL_ERROR);
-                goto err;
-            }
-        }
-#endif
-#ifndef OPENSSL_NO_PSK
-        else if (alg_k & SSL_kPSK) {
-            /*
-             * The callback needs PSK_MAX_IDENTITY_LEN + 1 bytes to return a
-             * \0-terminated identity. The last byte is for us for simulating
-             * strnlen.
-             */
-            char identity[PSK_MAX_IDENTITY_LEN + 2];
-            size_t identity_len;
-            unsigned char *t = NULL;
-            unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN * 2 + 4];
-            unsigned int pre_ms_len = 0, psk_len = 0;
-            int psk_err = 1;
-
-            n = 0;
-            if (s->psk_client_callback == NULL) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                       SSL_R_PSK_NO_CLIENT_CB);
-                goto err;
-            }
-
-            memset(identity, 0, sizeof(identity));
-            psk_len = s->psk_client_callback(s, s->session->psk_identity_hint,
-                                             identity, sizeof(identity) - 1,
-                                             psk_or_pre_ms,
-                                             sizeof(psk_or_pre_ms));
-            if (psk_len > PSK_MAX_PSK_LEN) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                       ERR_R_INTERNAL_ERROR);
-                goto psk_err;
-            } else if (psk_len == 0) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                       SSL_R_PSK_IDENTITY_NOT_FOUND);
-                goto psk_err;
-            }
-            identity[PSK_MAX_IDENTITY_LEN + 1] = '\0';
-            identity_len = strlen(identity);
-            if (identity_len > PSK_MAX_IDENTITY_LEN) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                       ERR_R_INTERNAL_ERROR);
-                goto psk_err;
-            }
-            /* create PSK pre_master_secret */
-            pre_ms_len = 2 + psk_len + 2 + psk_len;
-            t = psk_or_pre_ms;
-            memmove(psk_or_pre_ms + psk_len + 4, psk_or_pre_ms, psk_len);
-            s2n(psk_len, t);
-            memset(t, 0, psk_len);
-            t += psk_len;
-            s2n(psk_len, t);
-
-            if (s->session->psk_identity_hint != NULL)
-                OPENSSL_free(s->session->psk_identity_hint);
-            s->session->psk_identity_hint =
-                BUF_strdup(s->ctx->psk_identity_hint);
-            if (s->ctx->psk_identity_hint != NULL
-                && s->session->psk_identity_hint == NULL) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                       ERR_R_MALLOC_FAILURE);
-                goto psk_err;
-            }
-
-            if (s->session->psk_identity != NULL)
-                OPENSSL_free(s->session->psk_identity);
-            s->session->psk_identity = BUF_strdup(identity);
-            if (s->session->psk_identity == NULL) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                       ERR_R_MALLOC_FAILURE);
-                goto psk_err;
-            }
-
-            s->session->master_key_length =
-                s->method->ssl3_enc->generate_master_secret(s,
-                                                            s->
-                                                            session->master_key,
-                                                            psk_or_pre_ms,
-                                                            pre_ms_len);
-            s2n(identity_len, p);
-            memcpy(p, identity, identity_len);
-            n = 2 + identity_len;
-            psk_err = 0;
- psk_err:
-            OPENSSL_cleanse(identity, sizeof(identity));
-            OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms));
-            if (psk_err != 0) {
-                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
-                goto err;
-            }
-        }
-#endif
-        else {
-            ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
-            SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
-            goto err;
-        }
-
-        ssl_set_handshake_header(s, SSL3_MT_CLIENT_KEY_EXCHANGE, n);
-        s->state = SSL3_ST_CW_KEY_EXCH_B;
-    }
-
-    /* SSL3_ST_CW_KEY_EXCH_B */
-    return ssl_do_write(s);
- err:
-#ifndef OPENSSL_NO_ECDH
-    BN_CTX_free(bn_ctx);
-    if (encodedPoint != NULL)
-        OPENSSL_free(encodedPoint);
-    if (clnt_ecdh != NULL)
-        EC_KEY_free(clnt_ecdh);
-    EVP_PKEY_free(srvr_pub_pkey);
-#endif
-    s->state = SSL_ST_ERR;
-    return (-1);
-}
-
-int ssl3_send_client_verify(SSL *s)
-{
-    unsigned char *p;
-    unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
-    EVP_PKEY *pkey;
-    EVP_PKEY_CTX *pctx = NULL;
-    EVP_MD_CTX mctx;
-    unsigned u = 0;
-    unsigned long n;
-    int j;
-
-    EVP_MD_CTX_init(&mctx);
-
-    if (s->state == SSL3_ST_CW_CERT_VRFY_A) {
-        p = ssl_handshake_start(s);
-        pkey = s->cert->key->privatekey;
-/* Create context from key and test if sha1 is allowed as digest */
-        pctx = EVP_PKEY_CTX_new(pkey, NULL);
-        if (pctx == NULL || EVP_PKEY_sign_init(pctx) <= 0) {
-            SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);
-            goto err;
-        }
-        if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) > 0) {
-            if (!SSL_USE_SIGALGS(s))
-                s->method->ssl3_enc->cert_verify_mac(s,
-                                                     NID_sha1,
-                                                     &(data
-                                                       [MD5_DIGEST_LENGTH]));
-        } else {
-            ERR_clear_error();
-        }
-        /*
-         * For TLS v1.2 send signature algorithm and signature using agreed
-         * digest and cached handshake records.
-         */
-        if (SSL_USE_SIGALGS(s)) {
-            long hdatalen = 0;
-            void *hdata;
-            const EVP_MD *md = s->cert->key->digest;
-            hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
-            if (hdatalen <= 0 || !tls12_get_sigandhash(p, pkey, md)) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);
-                goto err;
-            }
-            p += 2;
-#ifdef SSL_DEBUG
-            fprintf(stderr, "Using TLS 1.2 with client alg %s\n",
-                    EVP_MD_name(md));
-#endif
-            if (!EVP_SignInit_ex(&mctx, md, NULL)
-                || !EVP_SignUpdate(&mctx, hdata, hdatalen)
-                || !EVP_SignFinal(&mctx, p + 2, &u, pkey)) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_EVP_LIB);
-                goto err;
-            }
-            s2n(u, p);
-            n = u + 4;
-            if (!ssl3_digest_cached_records(s))
-                goto err;
-        } else
-#ifndef OPENSSL_NO_RSA
-        if (pkey->type == EVP_PKEY_RSA) {
-            s->method->ssl3_enc->cert_verify_mac(s, NID_md5, &(data[0]));
-            if (RSA_sign(NID_md5_sha1, data,
-                         MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
-                         &(p[2]), &u, pkey->pkey.rsa) <= 0) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_RSA_LIB);
-                goto err;
-            }
-            s2n(u, p);
-            n = u + 2;
-        } else
-#endif
-#ifndef OPENSSL_NO_DSA
-        if (pkey->type == EVP_PKEY_DSA) {
-            if (!DSA_sign(pkey->save_type,
-                          &(data[MD5_DIGEST_LENGTH]),
-                          SHA_DIGEST_LENGTH, &(p[2]),
-                          (unsigned int *)&j, pkey->pkey.dsa)) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_DSA_LIB);
-                goto err;
-            }
-            s2n(j, p);
-            n = j + 2;
-        } else
-#endif
-#ifndef OPENSSL_NO_ECDSA
-        if (pkey->type == EVP_PKEY_EC) {
-            if (!ECDSA_sign(pkey->save_type,
-                            &(data[MD5_DIGEST_LENGTH]),
-                            SHA_DIGEST_LENGTH, &(p[2]),
-                            (unsigned int *)&j, pkey->pkey.ec)) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_ECDSA_LIB);
-                goto err;
-            }
-            s2n(j, p);
-            n = j + 2;
-        } else
-#endif
-        if (pkey->type == NID_id_GostR3410_94
-                || pkey->type == NID_id_GostR3410_2001) {
-            unsigned char signbuf[64];
-            int i;
-            size_t sigsize = 64;
-            s->method->ssl3_enc->cert_verify_mac(s,
-                                                 NID_id_GostR3411_94, data);
-            if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) <= 0) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);
-                goto err;
-            }
-            for (i = 63, j = 0; i >= 0; j++, i--) {
-                p[2 + j] = signbuf[i];
-            }
-            s2n(j, p);
-            n = j + 2;
-        } else {
-            SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);
-            goto err;
-        }
-        ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE_VERIFY, n);
-        s->state = SSL3_ST_CW_CERT_VRFY_B;
-    }
-    EVP_MD_CTX_cleanup(&mctx);
-    EVP_PKEY_CTX_free(pctx);
-    return ssl_do_write(s);
- err:
-    EVP_MD_CTX_cleanup(&mctx);
-    EVP_PKEY_CTX_free(pctx);
-    s->state = SSL_ST_ERR;
-    return (-1);
-}
-
-/*
- * Check a certificate can be used for client authentication. Currently check
- * cert exists, if we have a suitable digest for TLS 1.2 if static DH client
- * certificates can be used and optionally checks suitability for Suite B.
- */
-static int ssl3_check_client_certificate(SSL *s)
-{
-    unsigned long alg_k;
-    if (!s->cert || !s->cert->key->x509 || !s->cert->key->privatekey)
-        return 0;
-    /* If no suitable signature algorithm can't use certificate */
-    if (SSL_USE_SIGALGS(s) && !s->cert->key->digest)
-        return 0;
-    /*
-     * If strict mode check suitability of chain before using it. This also
-     * adjusts suite B digest if necessary.
-     */
-    if (s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT &&
-        !tls1_check_chain(s, NULL, NULL, NULL, -2))
-        return 0;
-    alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
-    /* See if we can use client certificate for fixed DH */
-    if (alg_k & (SSL_kDHr | SSL_kDHd)) {
-        SESS_CERT *scert = s->session->sess_cert;
-        int i = scert->peer_cert_type;
-        EVP_PKEY *clkey = NULL, *spkey = NULL;
-        clkey = s->cert->key->privatekey;
-        /* If client key not DH assume it can be used */
-        if (EVP_PKEY_id(clkey) != EVP_PKEY_DH)
-            return 1;
-        if (i >= 0)
-            spkey = X509_get_pubkey(scert->peer_pkeys[i].x509);
-        if (spkey) {
-            /* Compare server and client parameters */
-            i = EVP_PKEY_cmp_parameters(clkey, spkey);
-            EVP_PKEY_free(spkey);
-            if (i != 1)
-                return 0;
-        }
-        s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY;
-    }
-    return 1;
-}
-
-int ssl3_send_client_certificate(SSL *s)
-{
-    X509 *x509 = NULL;
-    EVP_PKEY *pkey = NULL;
-    int i;
-
-    if (s->state == SSL3_ST_CW_CERT_A) {
-        /* Let cert callback update client certificates if required */
-        if (s->cert->cert_cb) {
-            i = s->cert->cert_cb(s, s->cert->cert_cb_arg);
-            if (i < 0) {
-                s->rwstate = SSL_X509_LOOKUP;
-                return -1;
-            }
-            if (i == 0) {
-                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
-                s->state = SSL_ST_ERR;
-                return 0;
-            }
-            s->rwstate = SSL_NOTHING;
-        }
-        if (ssl3_check_client_certificate(s))
-            s->state = SSL3_ST_CW_CERT_C;
-        else
-            s->state = SSL3_ST_CW_CERT_B;
-    }
-
-    /* We need to get a client cert */
-    if (s->state == SSL3_ST_CW_CERT_B) {
-        /*
-         * If we get an error, we need to ssl->rwstate=SSL_X509_LOOKUP;
-         * return(-1); We then get retied later
-         */
-        i = ssl_do_client_cert_cb(s, &x509, &pkey);
-        if (i < 0) {
-            s->rwstate = SSL_X509_LOOKUP;
-            return (-1);
-        }
-        s->rwstate = SSL_NOTHING;
-        if ((i == 1) && (pkey != NULL) && (x509 != NULL)) {
-            s->state = SSL3_ST_CW_CERT_B;
-            if (!SSL_use_certificate(s, x509) || !SSL_use_PrivateKey(s, pkey))
-                i = 0;
-        } else if (i == 1) {
-            i = 0;
-            SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE,
-                   SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
-        }
-
-        if (x509 != NULL)
-            X509_free(x509);
-        if (pkey != NULL)
-            EVP_PKEY_free(pkey);
-        if (i && !ssl3_check_client_certificate(s))
-            i = 0;
-        if (i == 0) {
-            if (s->version == SSL3_VERSION) {
-                s->s3->tmp.cert_req = 0;
-                ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_CERTIFICATE);
-                return (1);
-            } else {
-                s->s3->tmp.cert_req = 2;
-            }
-        }
-
-        /* Ok, we have a cert */
-        s->state = SSL3_ST_CW_CERT_C;
-    }
-
-    if (s->state == SSL3_ST_CW_CERT_C) {
-        s->state = SSL3_ST_CW_CERT_D;
-        if (!ssl3_output_cert_chain(s,
-                                    (s->s3->tmp.cert_req ==
-                                     2) ? NULL : s->cert->key)) {
-            SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE, ERR_R_INTERNAL_ERROR);
-            ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
-            s->state = SSL_ST_ERR;
-            return 0;
-        }
-    }
-    /* SSL3_ST_CW_CERT_D */
-    return ssl_do_write(s);
-}
-
-#define has_bits(i,m)   (((i)&(m)) == (m))
-
-int ssl3_check_cert_and_algorithm(SSL *s)
-{
-    int i, idx;
-    long alg_k, alg_a;
-    EVP_PKEY *pkey = NULL;
-    int pkey_bits;
-    SESS_CERT *sc;
-#ifndef OPENSSL_NO_RSA
-    RSA *rsa;
-#endif
-#ifndef OPENSSL_NO_DH
-    DH *dh;
-#endif
-    int al = SSL_AD_HANDSHAKE_FAILURE;
-
-    alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
-    alg_a = s->s3->tmp.new_cipher->algorithm_auth;
-
-    /* we don't have a certificate */
-    if ((alg_a & (SSL_aNULL | SSL_aKRB5)) || (alg_k & SSL_kPSK))
-        return (1);
-
-    sc = s->session->sess_cert;
-    if (sc == NULL) {
-        SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, ERR_R_INTERNAL_ERROR);
-        goto err;
-    }
-#ifndef OPENSSL_NO_RSA
-    rsa = s->session->sess_cert->peer_rsa_tmp;
-#endif
-#ifndef OPENSSL_NO_DH
-    dh = s->session->sess_cert->peer_dh_tmp;
-#endif
-
-    /* This is the passed certificate */
-
-    idx = sc->peer_cert_type;
-#ifndef OPENSSL_NO_ECDH
-    if (idx == SSL_PKEY_ECC) {
-        if (ssl_check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509, s) == 0) {
-            /* check failed */
-            SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_BAD_ECC_CERT);
-            goto f_err;
-        } else {
-            return 1;
-        }
-    } else if (alg_a & SSL_aECDSA) {
-        SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
-               SSL_R_MISSING_ECDSA_SIGNING_CERT);
-        goto f_err;
-    } else if (alg_k & (SSL_kECDHr | SSL_kECDHe)) {
-        SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_ECDH_CERT);
-        goto f_err;
-    }
-#endif
-    pkey = X509_get_pubkey(sc->peer_pkeys[idx].x509);
-    pkey_bits = EVP_PKEY_bits(pkey);
-    i = X509_certificate_type(sc->peer_pkeys[idx].x509, pkey);
-    EVP_PKEY_free(pkey);
-
-    /* Check that we have a certificate if we require one */
-    if ((alg_a & SSL_aRSA) && !has_bits(i, EVP_PK_RSA | EVP_PKT_SIGN)) {
-        SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
-               SSL_R_MISSING_RSA_SIGNING_CERT);
-        goto f_err;
-    }
-#ifndef OPENSSL_NO_DSA
-    else if ((alg_a & SSL_aDSS) && !has_bits(i, EVP_PK_DSA | EVP_PKT_SIGN)) {
-        SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
-               SSL_R_MISSING_DSA_SIGNING_CERT);
-        goto f_err;
-    }
-#endif
-#ifndef OPENSSL_NO_RSA
-    if (alg_k & SSL_kRSA) {
-        if (!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
-            !has_bits(i, EVP_PK_RSA | EVP_PKT_ENC)) {
-            SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
-                   SSL_R_MISSING_RSA_ENCRYPTING_CERT);
-            goto f_err;
-        } else if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)) {
-            if (pkey_bits <= SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
-                if (!has_bits(i, EVP_PK_RSA | EVP_PKT_ENC)) {
-                    SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
-                           SSL_R_MISSING_RSA_ENCRYPTING_CERT);
-                    goto f_err;
-                }
-                if (rsa != NULL) {
-                    /* server key exchange is not allowed. */
-                    al = SSL_AD_INTERNAL_ERROR;
-                    SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, ERR_R_INTERNAL_ERROR);
-                    goto f_err;
-                }
-            }
-        }
-    }
-#endif
-#ifndef OPENSSL_NO_DH
-    if ((alg_k & SSL_kEDH) && dh == NULL) {
-        al = SSL_AD_INTERNAL_ERROR;
-        SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, ERR_R_INTERNAL_ERROR);
-        goto f_err;
-    }
-    if ((alg_k & SSL_kDHr) && !SSL_USE_SIGALGS(s) &&
-               !has_bits(i, EVP_PK_DH | EVP_PKS_RSA)) {
-        SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
-               SSL_R_MISSING_DH_RSA_CERT);
-        goto f_err;
-    }
-# ifndef OPENSSL_NO_DSA
-    if ((alg_k & SSL_kDHd) && !SSL_USE_SIGALGS(s) &&
-        !has_bits(i, EVP_PK_DH | EVP_PKS_DSA)) {
-        SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
-               SSL_R_MISSING_DH_DSA_CERT);
-        goto f_err;
-    }
-# endif
-
-    if (alg_k & (SSL_kDHE | SSL_kDHr | SSL_kDHd)) {
-        int dh_size;
-        if (alg_k & SSL_kDHE) {
-            dh_size = BN_num_bits(dh->p);
-        } else {
-            DH *dh_srvr = get_server_static_dh_key(sc);
-            if (dh_srvr == NULL)
-                goto f_err;
-            dh_size = BN_num_bits(dh_srvr->p);
-            DH_free(dh_srvr);
-        }
-
-        if ((!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && dh_size < 1024)
-            || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && dh_size < 512)) {
-            SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_DH_KEY_TOO_SMALL);
-            goto f_err;
-        }
-    }
-#endif  /* !OPENSSL_NO_DH */
-
-    if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
-        pkey_bits > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
-#ifndef OPENSSL_NO_RSA
-        if (alg_k & SSL_kRSA) {
-            if (rsa == NULL) {
-                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
-                       SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
-                goto f_err;
-            } else if (BN_num_bits(rsa->n) >
-                SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
-                /* We have a temporary RSA key but it's too large. */
-                al = SSL_AD_EXPORT_RESTRICTION;
-                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
-                       SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
-                goto f_err;
-            }
-        } else
-#endif
-#ifndef OPENSSL_NO_DH
-        if (alg_k & SSL_kDHE) {
-            if (BN_num_bits(dh->p) >
-                SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
-                /* We have a temporary DH key but it's too large. */
-                al = SSL_AD_EXPORT_RESTRICTION;
-                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
-                       SSL_R_MISSING_EXPORT_TMP_DH_KEY);
-                goto f_err;
-            }
-        } else if (alg_k & (SSL_kDHr | SSL_kDHd)) {
-            /* The cert should have had an export DH key. */
-            al = SSL_AD_EXPORT_RESTRICTION;
-            SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
-                   SSL_R_MISSING_EXPORT_TMP_DH_KEY);
-                goto f_err;
-        } else
-#endif
-        {
-            SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
-                   SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
-            goto f_err;
-        }
-    }
-    return (1);
- f_err:
-    ssl3_send_alert(s, SSL3_AL_FATAL, al);
- err:
-    return (0);
-}
-
-#ifndef OPENSSL_NO_TLSEXT
-/*
- * Normally, we can tell if the server is resuming the session from
- * the session ID. EAP-FAST (RFC 4851), however, relies on the next server
- * message after the ServerHello to determine if the server is resuming.
- * Therefore, we allow EAP-FAST to peek ahead.
- * ssl3_check_finished returns 1 if we are resuming from an external
- * pre-shared secret, we have a "ticket" and the next server handshake message
- * is Finished; and 0 otherwise. It returns -1 upon an error.
- */
-static int ssl3_check_finished(SSL *s)
-{
-    int ok = 0;
-
-    if (s->version < TLS1_VERSION || !s->tls_session_secret_cb ||
-        !s->session->tlsext_tick)
-        return 0;
-
-    /* Need to permit this temporarily, in case the next message is Finished. */
-    s->s3->flags |= SSL3_FLAGS_CCS_OK;
-    /*
-     * This function is called when we might get a Certificate message instead,
-     * so permit appropriate message length.
-     * We ignore the return value as we're only interested in the message type
-     * and not its length.
-     */
-    s->method->ssl_get_message(s,
-                               SSL3_ST_CR_CERT_A,
-                               SSL3_ST_CR_CERT_B,
-                               -1, s->max_cert_list, &ok);
-    s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
-
-    if (!ok)
-        return -1;
-
-    s->s3->tmp.reuse_message = 1;
-
-    if (s->s3->tmp.message_type == SSL3_MT_FINISHED)
-        return 1;
-
-    /* If we're not done, then the CCS arrived early and we should bail. */
-    if (s->s3->change_cipher_spec) {
-        SSLerr(SSL_F_SSL3_CHECK_FINISHED, SSL_R_CCS_RECEIVED_EARLY);
-        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
-        return -1;
-    }
-
-    return 0;
-}
-
-# ifndef OPENSSL_NO_NEXTPROTONEG
-int ssl3_send_next_proto(SSL *s)
-{
-    unsigned int len, padding_len;
-    unsigned char *d;
-
-    if (s->state == SSL3_ST_CW_NEXT_PROTO_A) {
-        len = s->next_proto_negotiated_len;
-        padding_len = 32 - ((len + 2) % 32);
-        d = (unsigned char *)s->init_buf->data;
-        d[4] = len;
-        memcpy(d + 5, s->next_proto_negotiated, len);
-        d[5 + len] = padding_len;
-        memset(d + 6 + len, 0, padding_len);
-        *(d++) = SSL3_MT_NEXT_PROTO;
-        l2n3(2 + len + padding_len, d);
-        s->state = SSL3_ST_CW_NEXT_PROTO_B;
-        s->init_num = 4 + 2 + len + padding_len;
-        s->init_off = 0;
-    }
-
-    return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
-}
-#endif                          /* !OPENSSL_NO_NEXTPROTONEG */
-#endif                          /* !OPENSSL_NO_TLSEXT */
-
-int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
-{
-    int i = 0;
-#ifndef OPENSSL_NO_ENGINE
-    if (s->ctx->client_cert_engine) {
-        i = ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s,
-                                        SSL_get_client_CA_list(s),
-                                        px509, ppkey, NULL, NULL, NULL);
-        if (i != 0)
-            return i;
-    }
-#endif
-    if (s->ctx->client_cert_cb)
-        i = s->ctx->client_cert_cb(s, px509, ppkey);
-    return i;
-}
diff --git a/freebsd/crypto/openssl/ssl/s3_enc.c b/freebsd/crypto/openssl/ssl/s3_enc.c
index 5d797e8c..fb8cd81d 100644
--- a/freebsd/crypto/openssl/ssl/s3_enc.c
+++ b/freebsd/crypto/openssl/ssl/s3_enc.c
@@ -1,225 +1,92 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* ssl/s3_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright 2005 Nokia. All rights reserved.
  *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include "ssl_locl.h"
 #include <openssl/evp.h>
 #include <openssl/md5.h>
+#include "internal/cryptlib.h"
 
-static unsigned char ssl3_pad_1[48] = {
-    0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
-    0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
-    0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
-    0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
-    0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
-    0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36
-};
-
-static unsigned char ssl3_pad_2[48] = {
-    0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
-    0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
-    0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
-    0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
-    0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
-    0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c
-};
-
-static int ssl3_handshake_mac(SSL *s, int md_nid,
-                              const char *sender, int len, unsigned char *p);
 static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
 {
-    EVP_MD_CTX m5;
-    EVP_MD_CTX s1;
+    EVP_MD_CTX *m5;
+    EVP_MD_CTX *s1;
     unsigned char buf[16], smd[SHA_DIGEST_LENGTH];
     unsigned char c = 'A';
     unsigned int i, j, k;
+    int ret = 0;
 
 #ifdef CHARSET_EBCDIC
     c = os_toascii[c];          /* 'A' in ASCII */
 #endif
     k = 0;
-    EVP_MD_CTX_init(&m5);
-    EVP_MD_CTX_set_flags(&m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-    EVP_MD_CTX_init(&s1);
+    m5 = EVP_MD_CTX_new();
+    s1 = EVP_MD_CTX_new();
+    if (m5 == NULL || s1 == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GENERATE_KEY_BLOCK,
+                 ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    EVP_MD_CTX_set_flags(m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
     for (i = 0; (int)i < num; i += MD5_DIGEST_LENGTH) {
         k++;
-        if (k > sizeof(buf))
+        if (k > sizeof(buf)) {
             /* bug: 'buf' is too small for this ciphersuite */
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GENERATE_KEY_BLOCK,
+                     ERR_R_INTERNAL_ERROR);
             goto err;
+        }
 
         for (j = 0; j < k; j++)
             buf[j] = c;
         c++;
-        if (!EVP_DigestInit_ex(&s1, EVP_sha1(), NULL) ||
-            !EVP_DigestUpdate(&s1, buf, k) ||
-            !EVP_DigestUpdate(&s1, s->session->master_key,
-                              s->session->master_key_length) ||
-            !EVP_DigestUpdate(&s1, s->s3->server_random, SSL3_RANDOM_SIZE) ||
-            !EVP_DigestUpdate(&s1, s->s3->client_random, SSL3_RANDOM_SIZE) ||
-            !EVP_DigestFinal_ex(&s1, smd, NULL))
-            goto err2;
-
-        if (!EVP_DigestInit_ex(&m5, EVP_md5(), NULL) ||
-            !EVP_DigestUpdate(&m5, s->session->master_key,
-                              s->session->master_key_length) ||
-            !EVP_DigestUpdate(&m5, smd, SHA_DIGEST_LENGTH))
-            goto err2;
+        if (!EVP_DigestInit_ex(s1, EVP_sha1(), NULL)
+            || !EVP_DigestUpdate(s1, buf, k)
+            || !EVP_DigestUpdate(s1, s->session->master_key,
+                                 s->session->master_key_length)
+            || !EVP_DigestUpdate(s1, s->s3->server_random, SSL3_RANDOM_SIZE)
+            || !EVP_DigestUpdate(s1, s->s3->client_random, SSL3_RANDOM_SIZE)
+            || !EVP_DigestFinal_ex(s1, smd, NULL)
+            || !EVP_DigestInit_ex(m5, EVP_md5(), NULL)
+            || !EVP_DigestUpdate(m5, s->session->master_key,
+                                 s->session->master_key_length)
+            || !EVP_DigestUpdate(m5, smd, SHA_DIGEST_LENGTH)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GENERATE_KEY_BLOCK,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
         if ((int)(i + MD5_DIGEST_LENGTH) > num) {
-            if (!EVP_DigestFinal_ex(&m5, smd, NULL))
-                goto err2;
+            if (!EVP_DigestFinal_ex(m5, smd, NULL)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
             memcpy(km, smd, (num - i));
-        } else
-            if (!EVP_DigestFinal_ex(&m5, km, NULL))
-                goto err2;
+        } else {
+            if (!EVP_DigestFinal_ex(m5, km, NULL)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+        }
 
         km += MD5_DIGEST_LENGTH;
     }
-    OPENSSL_cleanse(smd, SHA_DIGEST_LENGTH);
-    EVP_MD_CTX_cleanup(&m5);
-    EVP_MD_CTX_cleanup(&s1);
-    return 1;
+    OPENSSL_cleanse(smd, sizeof(smd));
+    ret = 1;
  err:
-    SSLerr(SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR);
- err2:
-    EVP_MD_CTX_cleanup(&m5);
-    EVP_MD_CTX_cleanup(&s1);
-    return 0;
+    EVP_MD_CTX_free(m5);
+    EVP_MD_CTX_free(s1);
+    return ret;
 }
 
 int ssl3_change_cipher_state(SSL *s, int which)
@@ -227,22 +94,25 @@ int ssl3_change_cipher_state(SSL *s, int which)
     unsigned char *p, *mac_secret;
     unsigned char exp_key[EVP_MAX_KEY_LENGTH];
     unsigned char exp_iv[EVP_MAX_IV_LENGTH];
-    unsigned char *ms, *key, *iv, *er1, *er2;
+    unsigned char *ms, *key, *iv;
     EVP_CIPHER_CTX *dd;
     const EVP_CIPHER *c;
 #ifndef OPENSSL_NO_COMP
     COMP_METHOD *comp;
 #endif
     const EVP_MD *m;
-    EVP_MD_CTX md;
-    int is_exp, n, i, j, k, cl;
+    int mdi;
+    size_t n, i, j, k, cl;
     int reuse_dd = 0;
 
-    is_exp = SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
     c = s->s3->tmp.new_sym_enc;
     m = s->s3->tmp.new_hash;
     /* m == NULL will lead to a crash later */
-    OPENSSL_assert(m);
+    if (!ossl_assert(m != NULL)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
 #ifndef OPENSSL_NO_COMP
     if (s->s3->tmp.new_compression == NULL)
         comp = NULL;
@@ -251,90 +121,92 @@ int ssl3_change_cipher_state(SSL *s, int which)
 #endif
 
     if (which & SSL3_CC_READ) {
-        if (s->enc_read_ctx != NULL)
+        if (s->enc_read_ctx != NULL) {
             reuse_dd = 1;
-        else if ((s->enc_read_ctx =
-                  OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
+        } else if ((s->enc_read_ctx = EVP_CIPHER_CTX_new()) == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
+                     ERR_R_MALLOC_FAILURE);
             goto err;
-        else
+        } else {
             /*
-             * make sure it's intialized in case we exit later with an error
+             * make sure it's initialised in case we exit later with an error
              */
-            EVP_CIPHER_CTX_init(s->enc_read_ctx);
+            EVP_CIPHER_CTX_reset(s->enc_read_ctx);
+        }
         dd = s->enc_read_ctx;
 
         if (ssl_replace_hash(&s->read_hash, m) == NULL) {
-                SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
-                goto err2;
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
         }
 #ifndef OPENSSL_NO_COMP
         /* COMPRESS */
-        if (s->expand != NULL) {
-            COMP_CTX_free(s->expand);
-            s->expand = NULL;
-        }
+        COMP_CTX_free(s->expand);
+        s->expand = NULL;
         if (comp != NULL) {
             s->expand = COMP_CTX_new(comp);
             if (s->expand == NULL) {
-                SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,
-                       SSL_R_COMPRESSION_LIBRARY_ERROR);
-                goto err2;
-            }
-            if (s->s3->rrec.comp == NULL)
-                s->s3->rrec.comp = (unsigned char *)
-                    OPENSSL_malloc(SSL3_RT_MAX_PLAIN_LENGTH);
-            if (s->s3->rrec.comp == NULL)
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_SSL3_CHANGE_CIPHER_STATE,
+                         SSL_R_COMPRESSION_LIBRARY_ERROR);
                 goto err;
+            }
         }
 #endif
-        memset(&(s->s3->read_sequence[0]), 0, 8);
+        RECORD_LAYER_reset_read_sequence(&s->rlayer);
         mac_secret = &(s->s3->read_mac_secret[0]);
     } else {
-        if (s->enc_write_ctx != NULL)
+        s->statem.enc_write_state = ENC_WRITE_STATE_INVALID;
+        if (s->enc_write_ctx != NULL) {
             reuse_dd = 1;
-        else if ((s->enc_write_ctx =
-                  OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
+        } else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
+                     ERR_R_MALLOC_FAILURE);
             goto err;
-        else
+        } else {
             /*
-             * make sure it's intialized in case we exit later with an error
+             * make sure it's initialised in case we exit later with an error
              */
-            EVP_CIPHER_CTX_init(s->enc_write_ctx);
+            EVP_CIPHER_CTX_reset(s->enc_write_ctx);
+        }
         dd = s->enc_write_ctx;
         if (ssl_replace_hash(&s->write_hash, m) == NULL) {
-                SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
-                goto err2;
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
+                     ERR_R_MALLOC_FAILURE);
+            goto err;
         }
 #ifndef OPENSSL_NO_COMP
         /* COMPRESS */
-        if (s->compress != NULL) {
-            COMP_CTX_free(s->compress);
-            s->compress = NULL;
-        }
+        COMP_CTX_free(s->compress);
+        s->compress = NULL;
         if (comp != NULL) {
             s->compress = COMP_CTX_new(comp);
             if (s->compress == NULL) {
-                SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,
-                       SSL_R_COMPRESSION_LIBRARY_ERROR);
-                goto err2;
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_SSL3_CHANGE_CIPHER_STATE,
+                         SSL_R_COMPRESSION_LIBRARY_ERROR);
+                goto err;
             }
         }
 #endif
-        memset(&(s->s3->write_sequence[0]), 0, 8);
+        RECORD_LAYER_reset_write_sequence(&s->rlayer);
         mac_secret = &(s->s3->write_mac_secret[0]);
     }
 
     if (reuse_dd)
-        EVP_CIPHER_CTX_cleanup(dd);
+        EVP_CIPHER_CTX_reset(dd);
 
     p = s->s3->tmp.key_block;
-    i = EVP_MD_size(m);
-    if (i < 0)
-        goto err2;
+    mdi = EVP_MD_size(m);
+    if (mdi < 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    i = mdi;
     cl = EVP_CIPHER_key_length(c);
-    j = is_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
-                  cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
-    /* Was j=(is_exp)?5:EVP_CIPHER_key_length(c); */
+    j = cl;
     k = EVP_CIPHER_iv_length(c);
     if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
         (which == SSL3_CHANGE_CIPHER_SERVER_READ)) {
@@ -344,8 +216,6 @@ int ssl3_change_cipher_state(SSL *s, int which)
         n += j + j;
         iv = &(p[n]);
         n += k + k;
-        er1 = &(s->s3->client_random[0]);
-        er2 = &(s->s3->server_random[0]);
     } else {
         n = i;
         ms = &(p[n]);
@@ -354,74 +224,30 @@ int ssl3_change_cipher_state(SSL *s, int which)
         n += j + k;
         iv = &(p[n]);
         n += k;
-        er1 = &(s->s3->server_random[0]);
-        er2 = &(s->s3->client_random[0]);
     }
 
     if (n > s->s3->tmp.key_block_length) {
-        SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
-        goto err2;
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
     }
 
-    EVP_MD_CTX_init(&md);
     memcpy(mac_secret, ms, i);
-    if (is_exp) {
-        /*
-         * In here I set both the read and write key/iv to the same value
-         * since only the correct one will be used :-).
-         */
-        if (!EVP_DigestInit_ex(&md, EVP_md5(), NULL) ||
-            !EVP_DigestUpdate(&md, key, j) ||
-            !EVP_DigestUpdate(&md, er1, SSL3_RANDOM_SIZE) ||
-            !EVP_DigestUpdate(&md, er2, SSL3_RANDOM_SIZE) ||
-            !EVP_DigestFinal_ex(&md, &(exp_key[0]), NULL)) {
-            EVP_MD_CTX_cleanup(&md);
-            goto err2;
-        }
-        key = &(exp_key[0]);
-
-        if (k > 0) {
-            if (!EVP_DigestInit_ex(&md, EVP_md5(), NULL) ||
-                !EVP_DigestUpdate(&md, er1, SSL3_RANDOM_SIZE) ||
-                !EVP_DigestUpdate(&md, er2, SSL3_RANDOM_SIZE) ||
-                !EVP_DigestFinal_ex(&md, &(exp_iv[0]), NULL)) {
-                EVP_MD_CTX_cleanup(&md);
-                goto err2;
-            }
-            iv = &(exp_iv[0]);
-        }
-    }
-    EVP_MD_CTX_cleanup(&md);
-
-    s->session->key_arg_length = 0;
-
-    if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE)))
-        goto err2;
-
-#ifdef OPENSSL_SSL_TRACE_CRYPTO
-    if (s->msg_callback) {
-
-        int wh = which & SSL3_CC_WRITE ?
-            TLS1_RT_CRYPTO_WRITE : TLS1_RT_CRYPTO_READ;
-        s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_MAC,
-                        mac_secret, EVP_MD_size(m), s, s->msg_callback_arg);
-        if (c->key_len)
-            s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_KEY,
-                            key, c->key_len, s, s->msg_callback_arg);
-        if (k) {
-            s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_IV,
-                            iv, k, s, s->msg_callback_arg);
-        }
+
+    if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE))) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
     }
-#endif
 
-    OPENSSL_cleanse(&(exp_key[0]), sizeof(exp_key));
-    OPENSSL_cleanse(&(exp_iv[0]), sizeof(exp_iv));
-    return (1);
+    s->statem.enc_write_state = ENC_WRITE_STATE_VALID;
+    OPENSSL_cleanse(exp_key, sizeof(exp_key));
+    OPENSSL_cleanse(exp_iv, sizeof(exp_iv));
+    return 1;
  err:
-    SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE);
- err2:
-    return (0);
+    OPENSSL_cleanse(exp_key, sizeof(exp_key));
+    OPENSSL_cleanse(exp_iv, sizeof(exp_iv));
+    return 0;
 }
 
 int ssl3_setup_key_block(SSL *s)
@@ -434,11 +260,12 @@ int ssl3_setup_key_block(SSL *s)
     SSL_COMP *comp;
 
     if (s->s3->tmp.key_block_length != 0)
-        return (1);
+        return 1;
 
-    if (!ssl_cipher_get_evp(s->session, &c, &hash, NULL, NULL, &comp)) {
-        SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK, SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
-        return (0);
+    if (!ssl_cipher_get_evp(s->session, &c, &hash, NULL, NULL, &comp, 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_SETUP_KEY_BLOCK,
+                 SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
+        return 0;
     }
 
     s->s3->tmp.new_sym_enc = c;
@@ -458,12 +285,16 @@ int ssl3_setup_key_block(SSL *s)
 
     ssl3_cleanup_key_block(s);
 
-    if ((p = OPENSSL_malloc(num)) == NULL)
-        goto err;
+    if ((p = OPENSSL_malloc(num)) == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_SETUP_KEY_BLOCK,
+                 ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
 
     s->s3->tmp.key_block_length = num;
     s->s3->tmp.key_block = p;
 
+    /* Calls SSLfatal() as required */
     ret = ssl3_generate_key_block(s, p, num);
 
     if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) {
@@ -485,185 +316,101 @@ int ssl3_setup_key_block(SSL *s)
     }
 
     return ret;
-
- err:
-    SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE);
-    return (0);
 }
 
 void ssl3_cleanup_key_block(SSL *s)
 {
-    if (s->s3->tmp.key_block != NULL) {
-        OPENSSL_cleanse(s->s3->tmp.key_block, s->s3->tmp.key_block_length);
-        OPENSSL_free(s->s3->tmp.key_block);
-        s->s3->tmp.key_block = NULL;
-    }
+    OPENSSL_clear_free(s->s3->tmp.key_block, s->s3->tmp.key_block_length);
+    s->s3->tmp.key_block = NULL;
     s->s3->tmp.key_block_length = 0;
 }
 
-/*-
- * ssl3_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
- *
- * Returns:
- *   0: (in non-constant time) if the record is publically invalid (i.e. too
- *       short etc).
- *   1: if the record's padding is valid / the encryption was successful.
- *   -1: if the record's padding is invalid or, if sending, an internal error
- *       occured.
- */
-int ssl3_enc(SSL *s, int send)
-{
-    SSL3_RECORD *rec;
-    EVP_CIPHER_CTX *ds;
-    unsigned long l;
-    int bs, i, mac_size = 0;
-    const EVP_CIPHER *enc;
-
-    if (send) {
-        ds = s->enc_write_ctx;
-        rec = &(s->s3->wrec);
-        if (s->enc_write_ctx == NULL)
-            enc = NULL;
-        else
-            enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
-    } else {
-        ds = s->enc_read_ctx;
-        rec = &(s->s3->rrec);
-        if (s->enc_read_ctx == NULL)
-            enc = NULL;
-        else
-            enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
-    }
-
-    if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) {
-        memmove(rec->data, rec->input, rec->length);
-        rec->input = rec->data;
-    } else {
-        l = rec->length;
-        bs = EVP_CIPHER_block_size(ds->cipher);
-
-        /* COMPRESS */
-
-        if ((bs != 1) && send) {
-            i = bs - ((int)l % bs);
-
-            /* we need to add 'i-1' padding bytes */
-            l += i;
-            /*
-             * the last of these zero bytes will be overwritten with the
-             * padding length.
-             */
-            memset(&rec->input[rec->length], 0, i);
-            rec->length += i;
-            rec->input[l - 1] = (i - 1);
-        }
-
-        if (!send) {
-            if (l == 0 || l % bs != 0)
-                return 0;
-            /* otherwise, rec->length >= bs */
-        }
-
-        if (EVP_Cipher(ds, rec->data, rec->input, l) < 1)
-            return -1;
-
-        if (EVP_MD_CTX_md(s->read_hash) != NULL)
-            mac_size = EVP_MD_CTX_size(s->read_hash);
-        if ((bs != 1) && !send)
-            return ssl3_cbc_remove_padding(s, rec, bs, mac_size);
-    }
-    return 1;
-}
-
 int ssl3_init_finished_mac(SSL *s)
 {
-    if (s->s3->handshake_buffer)
-        BIO_free(s->s3->handshake_buffer);
-    if (s->s3->handshake_dgst)
-        ssl3_free_digest_list(s);
-    s->s3->handshake_buffer = BIO_new(BIO_s_mem());
-    if (s->s3->handshake_buffer == NULL)
+    BIO *buf = BIO_new(BIO_s_mem());
+
+    if (buf == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_INIT_FINISHED_MAC,
+                 ERR_R_MALLOC_FAILURE);
         return 0;
+    }
+    ssl3_free_digest_list(s);
+    s->s3->handshake_buffer = buf;
     (void)BIO_set_close(s->s3->handshake_buffer, BIO_CLOSE);
     return 1;
 }
 
+/*
+ * Free digest list. Also frees handshake buffer since they are always freed
+ * together.
+ */
+
 void ssl3_free_digest_list(SSL *s)
 {
-    int i;
-    if (!s->s3->handshake_dgst)
-        return;
-    for (i = 0; i < SSL_MAX_DIGEST; i++) {
-        if (s->s3->handshake_dgst[i])
-            EVP_MD_CTX_destroy(s->s3->handshake_dgst[i]);
-    }
-    OPENSSL_free(s->s3->handshake_dgst);
+    BIO_free(s->s3->handshake_buffer);
+    s->s3->handshake_buffer = NULL;
+    EVP_MD_CTX_free(s->s3->handshake_dgst);
     s->s3->handshake_dgst = NULL;
 }
 
-void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len)
+int ssl3_finish_mac(SSL *s, const unsigned char *buf, size_t len)
 {
-    if (s->s3->handshake_buffer
-        && !(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) {
-        BIO_write(s->s3->handshake_buffer, (void *)buf, len);
+    int ret;
+
+    if (s->s3->handshake_dgst == NULL) {
+        /* Note: this writes to a memory BIO so a failure is a fatal error */
+        if (len > INT_MAX) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINISH_MAC,
+                     SSL_R_OVERFLOW_ERROR);
+            return 0;
+        }
+        ret = BIO_write(s->s3->handshake_buffer, (void *)buf, (int)len);
+        if (ret <= 0 || ret != (int)len) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINISH_MAC,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
     } else {
-        int i;
-        for (i = 0; i < SSL_MAX_DIGEST; i++) {
-            if (s->s3->handshake_dgst[i] != NULL)
-                EVP_DigestUpdate(s->s3->handshake_dgst[i], buf, len);
+        ret = EVP_DigestUpdate(s->s3->handshake_dgst, buf, len);
+        if (!ret) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINISH_MAC,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
         }
     }
+    return 1;
 }
 
-int ssl3_digest_cached_records(SSL *s)
+int ssl3_digest_cached_records(SSL *s, int keep)
 {
-    int i;
-    long mask;
     const EVP_MD *md;
     long hdatalen;
     void *hdata;
 
-    /* Allocate handshake_dgst array */
-    ssl3_free_digest_list(s);
-    s->s3->handshake_dgst =
-        OPENSSL_malloc(SSL_MAX_DIGEST * sizeof(EVP_MD_CTX *));
     if (s->s3->handshake_dgst == NULL) {
-        SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_MALLOC_FAILURE);
-        return 0;
-    }
-    memset(s->s3->handshake_dgst, 0, SSL_MAX_DIGEST * sizeof(EVP_MD_CTX *));
-    hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
-    if (hdatalen <= 0) {
-        SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, SSL_R_BAD_HANDSHAKE_LENGTH);
-        return 0;
-    }
+        hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
+        if (hdatalen <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS,
+                     SSL_R_BAD_HANDSHAKE_LENGTH);
+            return 0;
+        }
 
-    /* Loop through bitso of algorithm2 field and create MD_CTX-es */
-    for (i = 0; ssl_get_handshake_digest(i, &mask, &md); i++) {
-        if ((mask & ssl_get_algorithm2(s)) && md) {
-            s->s3->handshake_dgst[i] = EVP_MD_CTX_create();
-            if (s->s3->handshake_dgst[i] == NULL) {
-                SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_MALLOC_FAILURE);
-                return 0;
-            }
-#ifdef OPENSSL_FIPS
-            if (EVP_MD_nid(md) == NID_md5) {
-                EVP_MD_CTX_set_flags(s->s3->handshake_dgst[i],
-                                     EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-            }
-#endif
-            if (!EVP_DigestInit_ex(s->s3->handshake_dgst[i], md, NULL)
-                || !EVP_DigestUpdate(s->s3->handshake_dgst[i], hdata,
-                                     hdatalen)) {
-                SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_INTERNAL_ERROR);
-                return 0;
-            }
-        } else {
-            s->s3->handshake_dgst[i] = NULL;
+        s->s3->handshake_dgst = EVP_MD_CTX_new();
+        if (s->s3->handshake_dgst == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS,
+                     ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+
+        md = ssl_handshake_md(s);
+        if (md == NULL || !EVP_DigestInit_ex(s->s3->handshake_dgst, md, NULL)
+            || !EVP_DigestUpdate(s->s3->handshake_dgst, hdata, hdatalen)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
         }
     }
-    if (!(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) {
-        /* Free handshake_buffer BIO */
+    if (keep == 0) {
         BIO_free(s->s3->handshake_buffer);
         s->s3->handshake_buffer = NULL;
     }
@@ -671,202 +418,60 @@ int ssl3_digest_cached_records(SSL *s)
     return 1;
 }
 
-int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p)
+size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t len,
+                             unsigned char *p)
 {
-    return (ssl3_handshake_mac(s, md_nid, NULL, 0, p));
-}
+    int ret;
+    EVP_MD_CTX *ctx = NULL;
 
-int ssl3_final_finish_mac(SSL *s,
-                          const char *sender, int len, unsigned char *p)
-{
-    int ret, sha1len;
-    ret = ssl3_handshake_mac(s, NID_md5, sender, len, p);
-    if (ret == 0)
+    if (!ssl3_digest_cached_records(s, 0)) {
+        /* SSLfatal() already called */
         return 0;
+    }
 
-    p += ret;
-
-    sha1len = ssl3_handshake_mac(s, NID_sha1, sender, len, p);
-    if (sha1len == 0)
+    if (EVP_MD_CTX_type(s->s3->handshake_dgst) != NID_md5_sha1) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC,
+                 SSL_R_NO_REQUIRED_DIGEST);
         return 0;
-
-    ret += sha1len;
-    return (ret);
-}
-
-static int ssl3_handshake_mac(SSL *s, int md_nid,
-                              const char *sender, int len, unsigned char *p)
-{
-    unsigned int ret;
-    int npad, n;
-    unsigned int i;
-    unsigned char md_buf[EVP_MAX_MD_SIZE];
-    EVP_MD_CTX ctx, *d = NULL;
-
-    if (s->s3->handshake_buffer)
-        if (!ssl3_digest_cached_records(s))
-            return 0;
-
-    /*
-     * Search for digest of specified type in the handshake_dgst array
-     */
-    for (i = 0; i < SSL_MAX_DIGEST; i++) {
-        if (s->s3->handshake_dgst[i]
-            && EVP_MD_CTX_type(s->s3->handshake_dgst[i]) == md_nid) {
-            d = s->s3->handshake_dgst[i];
-            break;
-        }
     }
-    if (!d) {
-        SSLerr(SSL_F_SSL3_HANDSHAKE_MAC, SSL_R_NO_REQUIRED_DIGEST);
+
+    ctx = EVP_MD_CTX_new();
+    if (ctx == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC,
+                 ERR_R_MALLOC_FAILURE);
         return 0;
     }
-    EVP_MD_CTX_init(&ctx);
-    EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-    EVP_MD_CTX_copy_ex(&ctx, d);
-    n = EVP_MD_CTX_size(&ctx);
-    if (n < 0)
+    if (!EVP_MD_CTX_copy_ex(ctx, s->s3->handshake_dgst)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC,
+                 ERR_R_INTERNAL_ERROR);
         return 0;
-
-    npad = (48 / n) * n;
-    if ((sender != NULL && EVP_DigestUpdate(&ctx, sender, len) <= 0)
-            || EVP_DigestUpdate(&ctx, s->session->master_key,
-                                s->session->master_key_length) <= 0
-            || EVP_DigestUpdate(&ctx, ssl3_pad_1, npad) <= 0
-            || EVP_DigestFinal_ex(&ctx, md_buf, &i) <= 0
-
-            || EVP_DigestInit_ex(&ctx, EVP_MD_CTX_md(&ctx), NULL) <= 0
-            || EVP_DigestUpdate(&ctx, s->session->master_key,
-                                s->session->master_key_length) <= 0
-            || EVP_DigestUpdate(&ctx, ssl3_pad_2, npad) <= 0
-            || EVP_DigestUpdate(&ctx, md_buf, i) <= 0
-            || EVP_DigestFinal_ex(&ctx, p, &ret) <= 0) {
-        SSLerr(SSL_F_SSL3_HANDSHAKE_MAC, ERR_R_INTERNAL_ERROR);
-        ret = 0;
     }
 
-    EVP_MD_CTX_cleanup(&ctx);
-
-    return ((int)ret);
-}
-
-int n_ssl3_mac(SSL *ssl, unsigned char *md, int send)
-{
-    SSL3_RECORD *rec;
-    unsigned char *mac_sec, *seq;
-    EVP_MD_CTX md_ctx;
-    const EVP_MD_CTX *hash;
-    unsigned char *p, rec_char;
-    size_t md_size, orig_len;
-    int npad;
-    int t;
-
-    if (send) {
-        rec = &(ssl->s3->wrec);
-        mac_sec = &(ssl->s3->write_mac_secret[0]);
-        seq = &(ssl->s3->write_sequence[0]);
-        hash = ssl->write_hash;
-    } else {
-        rec = &(ssl->s3->rrec);
-        mac_sec = &(ssl->s3->read_mac_secret[0]);
-        seq = &(ssl->s3->read_sequence[0]);
-        hash = ssl->read_hash;
+    ret = EVP_MD_CTX_size(ctx);
+    if (ret < 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC,
+                 ERR_R_INTERNAL_ERROR);
+        EVP_MD_CTX_reset(ctx);
+        return 0;
     }
 
-    t = EVP_MD_CTX_size(hash);
-    if (t < 0)
-        return -1;
-    md_size = t;
-    npad = (48 / md_size) * md_size;
-
-    /*
-     * kludge: ssl3_cbc_remove_padding passes padding length in rec->type
-     */
-    orig_len = rec->length + md_size + ((unsigned int)rec->type >> 8);
-    rec->type &= 0xff;
-
-    if (!send &&
-        EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
-        ssl3_cbc_record_digest_supported(hash)) {
-        /*
-         * This is a CBC-encrypted record. We must avoid leaking any
-         * timing-side channel information about how many blocks of data we
-         * are hashing because that gives an attacker a timing-oracle.
-         */
-
-        /*-
-         * npad is, at most, 48 bytes and that's with MD5:
-         *   16 + 48 + 8 (sequence bytes) + 1 + 2 = 75.
-         *
-         * With SHA-1 (the largest hash speced for SSLv3) the hash size
-         * goes up 4, but npad goes down by 8, resulting in a smaller
-         * total size.
-         */
-        unsigned char header[75];
-        unsigned j = 0;
-        memcpy(header + j, mac_sec, md_size);
-        j += md_size;
-        memcpy(header + j, ssl3_pad_1, npad);
-        j += npad;
-        memcpy(header + j, seq, 8);
-        j += 8;
-        header[j++] = rec->type;
-        header[j++] = rec->length >> 8;
-        header[j++] = rec->length & 0xff;
-
-        /* Final param == is SSLv3 */
-        if (ssl3_cbc_digest_record(hash,
-                                   md, &md_size,
-                                   header, rec->input,
-                                   rec->length + md_size, orig_len,
-                                   mac_sec, md_size, 1) <= 0)
-            return -1;
-    } else {
-        unsigned int md_size_u;
-        /* Chop the digest off the end :-) */
-        EVP_MD_CTX_init(&md_ctx);
-
-        rec_char = rec->type;
-        p = md;
-        s2n(rec->length, p);
-        if (EVP_MD_CTX_copy_ex(&md_ctx, hash) <= 0
-                || EVP_DigestUpdate(&md_ctx, mac_sec, md_size) <= 0
-                || EVP_DigestUpdate(&md_ctx, ssl3_pad_1, npad) <= 0
-                || EVP_DigestUpdate(&md_ctx, seq, 8) <= 0
-                || EVP_DigestUpdate(&md_ctx, &rec_char, 1) <= 0
-                || EVP_DigestUpdate(&md_ctx, md, 2) <= 0
-                || EVP_DigestUpdate(&md_ctx, rec->input, rec->length) <= 0
-                || EVP_DigestFinal_ex(&md_ctx, md, NULL) <= 0
-                || EVP_MD_CTX_copy_ex(&md_ctx, hash) <= 0
-                || EVP_DigestUpdate(&md_ctx, mac_sec, md_size) <= 0
-                || EVP_DigestUpdate(&md_ctx, ssl3_pad_2, npad) <= 0
-                || EVP_DigestUpdate(&md_ctx, md, md_size) <= 0
-                || EVP_DigestFinal_ex(&md_ctx, md, &md_size_u) <= 0) {
-            EVP_MD_CTX_cleanup(&md_ctx);
-            return -1;
-        }
-        md_size = md_size_u;
-
-        EVP_MD_CTX_cleanup(&md_ctx);
+    if ((sender != NULL && EVP_DigestUpdate(ctx, sender, len) <= 0)
+        || EVP_MD_CTX_ctrl(ctx, EVP_CTRL_SSL3_MASTER_SECRET,
+                           (int)s->session->master_key_length,
+                           s->session->master_key) <= 0
+        || EVP_DigestFinal_ex(ctx, p, NULL) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC,
+                 ERR_R_INTERNAL_ERROR);
+        ret = 0;
     }
 
-    ssl3_record_sequence_update(seq);
-    return (md_size);
-}
+    EVP_MD_CTX_free(ctx);
 
-void ssl3_record_sequence_update(unsigned char *seq)
-{
-    int i;
-
-    for (i = 7; i >= 0; i--) {
-        ++seq[i];
-        if (seq[i] != 0)
-            break;
-    }
+    return ret;
 }
 
 int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
-                                int len)
+                                size_t len, size_t *secret_size)
 {
     static const unsigned char *salt[3] = {
 #ifndef CHARSET_EBCDIC
@@ -880,123 +485,117 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
 #endif
     };
     unsigned char buf[EVP_MAX_MD_SIZE];
-    EVP_MD_CTX ctx;
-    int i, ret = 0;
+    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+    int i, ret = 1;
     unsigned int n;
-#ifdef OPENSSL_SSL_TRACE_CRYPTO
-    unsigned char *tmpout = out;
-#endif
+    size_t ret_secret_size = 0;
 
-    EVP_MD_CTX_init(&ctx);
+    if (ctx == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GENERATE_MASTER_SECRET,
+                 ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
     for (i = 0; i < 3; i++) {
-        if (EVP_DigestInit_ex(&ctx, s->ctx->sha1, NULL) <= 0
-                || EVP_DigestUpdate(&ctx, salt[i],
-                                    strlen((const char *)salt[i])) <= 0
-                || EVP_DigestUpdate(&ctx, p, len) <= 0
-                || EVP_DigestUpdate(&ctx, &(s->s3->client_random[0]),
-                                    SSL3_RANDOM_SIZE) <= 0
-                || EVP_DigestUpdate(&ctx, &(s->s3->server_random[0]),
-                                    SSL3_RANDOM_SIZE) <= 0
-                || EVP_DigestFinal_ex(&ctx, buf, &n) <= 0
-
-                || EVP_DigestInit_ex(&ctx, s->ctx->md5, NULL) <= 0
-                || EVP_DigestUpdate(&ctx, p, len) <= 0
-                || EVP_DigestUpdate(&ctx, buf, n) <= 0
-                || EVP_DigestFinal_ex(&ctx, out, &n) <= 0) {
-            SSLerr(SSL_F_SSL3_GENERATE_MASTER_SECRET, ERR_R_INTERNAL_ERROR);
+        if (EVP_DigestInit_ex(ctx, s->ctx->sha1, NULL) <= 0
+            || EVP_DigestUpdate(ctx, salt[i],
+                                strlen((const char *)salt[i])) <= 0
+            || EVP_DigestUpdate(ctx, p, len) <= 0
+            || EVP_DigestUpdate(ctx, &(s->s3->client_random[0]),
+                                SSL3_RANDOM_SIZE) <= 0
+            || EVP_DigestUpdate(ctx, &(s->s3->server_random[0]),
+                                SSL3_RANDOM_SIZE) <= 0
+               /* TODO(size_t) : convert me */
+            || EVP_DigestFinal_ex(ctx, buf, &n) <= 0
+            || EVP_DigestInit_ex(ctx, s->ctx->md5, NULL) <= 0
+            || EVP_DigestUpdate(ctx, p, len) <= 0
+            || EVP_DigestUpdate(ctx, buf, n) <= 0
+            || EVP_DigestFinal_ex(ctx, out, &n) <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_SSL3_GENERATE_MASTER_SECRET, ERR_R_INTERNAL_ERROR);
             ret = 0;
             break;
         }
         out += n;
-        ret += n;
+        ret_secret_size += n;
     }
-    EVP_MD_CTX_cleanup(&ctx);
-
-#ifdef OPENSSL_SSL_TRACE_CRYPTO
-    if (ret > 0 && s->msg_callback) {
-        s->msg_callback(2, s->version, TLS1_RT_CRYPTO_PREMASTER,
-                        p, len, s, s->msg_callback_arg);
-        s->msg_callback(2, s->version, TLS1_RT_CRYPTO_CLIENT_RANDOM,
-                        s->s3->client_random, SSL3_RANDOM_SIZE,
-                        s, s->msg_callback_arg);
-        s->msg_callback(2, s->version, TLS1_RT_CRYPTO_SERVER_RANDOM,
-                        s->s3->server_random, SSL3_RANDOM_SIZE,
-                        s, s->msg_callback_arg);
-        s->msg_callback(2, s->version, TLS1_RT_CRYPTO_MASTER,
-                        tmpout, SSL3_MASTER_SECRET_SIZE,
-                        s, s->msg_callback_arg);
-    }
-#endif
+    EVP_MD_CTX_free(ctx);
+
     OPENSSL_cleanse(buf, sizeof(buf));
-    return (ret);
+    if (ret)
+        *secret_size = ret_secret_size;
+    return ret;
 }
 
 int ssl3_alert_code(int code)
 {
     switch (code) {
     case SSL_AD_CLOSE_NOTIFY:
-        return (SSL3_AD_CLOSE_NOTIFY);
+        return SSL3_AD_CLOSE_NOTIFY;
     case SSL_AD_UNEXPECTED_MESSAGE:
-        return (SSL3_AD_UNEXPECTED_MESSAGE);
+        return SSL3_AD_UNEXPECTED_MESSAGE;
     case SSL_AD_BAD_RECORD_MAC:
-        return (SSL3_AD_BAD_RECORD_MAC);
+        return SSL3_AD_BAD_RECORD_MAC;
     case SSL_AD_DECRYPTION_FAILED:
-        return (SSL3_AD_BAD_RECORD_MAC);
+        return SSL3_AD_BAD_RECORD_MAC;
     case SSL_AD_RECORD_OVERFLOW:
-        return (SSL3_AD_BAD_RECORD_MAC);
+        return SSL3_AD_BAD_RECORD_MAC;
     case SSL_AD_DECOMPRESSION_FAILURE:
-        return (SSL3_AD_DECOMPRESSION_FAILURE);
+        return SSL3_AD_DECOMPRESSION_FAILURE;
     case SSL_AD_HANDSHAKE_FAILURE:
-        return (SSL3_AD_HANDSHAKE_FAILURE);
+        return SSL3_AD_HANDSHAKE_FAILURE;
     case SSL_AD_NO_CERTIFICATE:
-        return (SSL3_AD_NO_CERTIFICATE);
+        return SSL3_AD_NO_CERTIFICATE;
     case SSL_AD_BAD_CERTIFICATE:
-        return (SSL3_AD_BAD_CERTIFICATE);
+        return SSL3_AD_BAD_CERTIFICATE;
     case SSL_AD_UNSUPPORTED_CERTIFICATE:
-        return (SSL3_AD_UNSUPPORTED_CERTIFICATE);
+        return SSL3_AD_UNSUPPORTED_CERTIFICATE;
     case SSL_AD_CERTIFICATE_REVOKED:
-        return (SSL3_AD_CERTIFICATE_REVOKED);
+        return SSL3_AD_CERTIFICATE_REVOKED;
     case SSL_AD_CERTIFICATE_EXPIRED:
-        return (SSL3_AD_CERTIFICATE_EXPIRED);
+        return SSL3_AD_CERTIFICATE_EXPIRED;
     case SSL_AD_CERTIFICATE_UNKNOWN:
-        return (SSL3_AD_CERTIFICATE_UNKNOWN);
+        return SSL3_AD_CERTIFICATE_UNKNOWN;
     case SSL_AD_ILLEGAL_PARAMETER:
-        return (SSL3_AD_ILLEGAL_PARAMETER);
+        return SSL3_AD_ILLEGAL_PARAMETER;
     case SSL_AD_UNKNOWN_CA:
-        return (SSL3_AD_BAD_CERTIFICATE);
+        return SSL3_AD_BAD_CERTIFICATE;
     case SSL_AD_ACCESS_DENIED:
-        return (SSL3_AD_HANDSHAKE_FAILURE);
+        return SSL3_AD_HANDSHAKE_FAILURE;
     case SSL_AD_DECODE_ERROR:
-        return (SSL3_AD_HANDSHAKE_FAILURE);
+        return SSL3_AD_HANDSHAKE_FAILURE;
     case SSL_AD_DECRYPT_ERROR:
-        return (SSL3_AD_HANDSHAKE_FAILURE);
+        return SSL3_AD_HANDSHAKE_FAILURE;
     case SSL_AD_EXPORT_RESTRICTION:
-        return (SSL3_AD_HANDSHAKE_FAILURE);
+        return SSL3_AD_HANDSHAKE_FAILURE;
     case SSL_AD_PROTOCOL_VERSION:
-        return (SSL3_AD_HANDSHAKE_FAILURE);
+        return SSL3_AD_HANDSHAKE_FAILURE;
     case SSL_AD_INSUFFICIENT_SECURITY:
-        return (SSL3_AD_HANDSHAKE_FAILURE);
+        return SSL3_AD_HANDSHAKE_FAILURE;
     case SSL_AD_INTERNAL_ERROR:
-        return (SSL3_AD_HANDSHAKE_FAILURE);
+        return SSL3_AD_HANDSHAKE_FAILURE;
     case SSL_AD_USER_CANCELLED:
-        return (SSL3_AD_HANDSHAKE_FAILURE);
+        return SSL3_AD_HANDSHAKE_FAILURE;
     case SSL_AD_NO_RENEGOTIATION:
-        return (-1);            /* Don't send it :-) */
+        return -1;            /* Don't send it :-) */
     case SSL_AD_UNSUPPORTED_EXTENSION:
-        return (SSL3_AD_HANDSHAKE_FAILURE);
+        return SSL3_AD_HANDSHAKE_FAILURE;
     case SSL_AD_CERTIFICATE_UNOBTAINABLE:
-        return (SSL3_AD_HANDSHAKE_FAILURE);
+        return SSL3_AD_HANDSHAKE_FAILURE;
     case SSL_AD_UNRECOGNIZED_NAME:
-        return (SSL3_AD_HANDSHAKE_FAILURE);
+        return SSL3_AD_HANDSHAKE_FAILURE;
     case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
-        return (SSL3_AD_HANDSHAKE_FAILURE);
+        return SSL3_AD_HANDSHAKE_FAILURE;
     case SSL_AD_BAD_CERTIFICATE_HASH_VALUE:
-        return (SSL3_AD_HANDSHAKE_FAILURE);
+        return SSL3_AD_HANDSHAKE_FAILURE;
     case SSL_AD_UNKNOWN_PSK_IDENTITY:
-        return (TLS1_AD_UNKNOWN_PSK_IDENTITY);
+        return TLS1_AD_UNKNOWN_PSK_IDENTITY;
     case SSL_AD_INAPPROPRIATE_FALLBACK:
-        return (TLS1_AD_INAPPROPRIATE_FALLBACK);
+        return TLS1_AD_INAPPROPRIATE_FALLBACK;
+    case SSL_AD_NO_APPLICATION_PROTOCOL:
+        return TLS1_AD_NO_APPLICATION_PROTOCOL;
+    case SSL_AD_CERTIFICATE_REQUIRED:
+        return SSL_AD_HANDSHAKE_FAILURE;
     default:
-        return (-1);
+        return -1;
     }
 }
diff --git a/freebsd/crypto/openssl/ssl/s3_lib.c b/freebsd/crypto/openssl/ssl/s3_lib.c
index 0b53bd4e..57680ac2 100644
--- a/freebsd/crypto/openssl/ssl/s3_lib.c
+++ b/freebsd/crypto/openssl/ssl/s3_lib.c
@@ -1,2973 +1,3252 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* ssl/s3_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2018 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * ECC cipher suite support in OpenSSL originally written by
- * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
- *
- */
-/* ====================================================================
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <openssl/objects.h>
+#include "internal/nelem.h"
 #include "ssl_locl.h"
-#include "kssl_lcl.h"
 #include <openssl/md5.h>
-#ifndef OPENSSL_NO_DH
-# include <openssl/dh.h>
-#endif
+#include <openssl/dh.h>
+#include <openssl/rand.h>
+#include "internal/cryptlib.h"
 
-const char ssl3_version_str[] = "SSLv3" OPENSSL_VERSION_PTEXT;
+#define TLS13_NUM_CIPHERS       OSSL_NELEM(tls13_ciphers)
+#define SSL3_NUM_CIPHERS        OSSL_NELEM(ssl3_ciphers)
+#define SSL3_NUM_SCSVS          OSSL_NELEM(ssl3_scsvs)
 
-#define SSL3_NUM_CIPHERS        (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
+/* TLSv1.3 downgrade protection sentinel values */
+const unsigned char tls11downgrade[] = {
+    0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
+};
+const unsigned char tls12downgrade[] = {
+    0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
+};
 
-/* list of available SSLv3 ciphers (sorted by id) */
-OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+/* The list of available TLSv1.3 ciphers */
+static SSL_CIPHER tls13_ciphers[] = {
+    {
+        1,
+        TLS1_3_RFC_AES_128_GCM_SHA256,
+        TLS1_3_RFC_AES_128_GCM_SHA256,
+        TLS1_3_CK_AES_128_GCM_SHA256,
+        SSL_kANY,
+        SSL_aANY,
+        SSL_AES128GCM,
+        SSL_AEAD,
+        TLS1_3_VERSION, TLS1_3_VERSION,
+        0, 0,
+        SSL_HIGH,
+        SSL_HANDSHAKE_MAC_SHA256,
+        128,
+        128,
+    }, {
+        1,
+        TLS1_3_RFC_AES_256_GCM_SHA384,
+        TLS1_3_RFC_AES_256_GCM_SHA384,
+        TLS1_3_CK_AES_256_GCM_SHA384,
+        SSL_kANY,
+        SSL_aANY,
+        SSL_AES256GCM,
+        SSL_AEAD,
+        TLS1_3_VERSION, TLS1_3_VERSION,
+        0, 0,
+        SSL_HIGH,
+        SSL_HANDSHAKE_MAC_SHA384,
+        256,
+        256,
+    },
+#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
+    {
+        1,
+        TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
+        TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
+        TLS1_3_CK_CHACHA20_POLY1305_SHA256,
+        SSL_kANY,
+        SSL_aANY,
+        SSL_CHACHA20POLY1305,
+        SSL_AEAD,
+        TLS1_3_VERSION, TLS1_3_VERSION,
+        0, 0,
+        SSL_HIGH,
+        SSL_HANDSHAKE_MAC_SHA256,
+        256,
+        256,
+    },
+#endif
+    {
+        1,
+        TLS1_3_RFC_AES_128_CCM_SHA256,
+        TLS1_3_RFC_AES_128_CCM_SHA256,
+        TLS1_3_CK_AES_128_CCM_SHA256,
+        SSL_kANY,
+        SSL_aANY,
+        SSL_AES128CCM,
+        SSL_AEAD,
+        TLS1_3_VERSION, TLS1_3_VERSION,
+        0, 0,
+        SSL_NOT_DEFAULT | SSL_HIGH,
+        SSL_HANDSHAKE_MAC_SHA256,
+        128,
+        128,
+    }, {
+        1,
+        TLS1_3_RFC_AES_128_CCM_8_SHA256,
+        TLS1_3_RFC_AES_128_CCM_8_SHA256,
+        TLS1_3_CK_AES_128_CCM_8_SHA256,
+        SSL_kANY,
+        SSL_aANY,
+        SSL_AES128CCM8,
+        SSL_AEAD,
+        TLS1_3_VERSION, TLS1_3_VERSION,
+        0, 0,
+        SSL_NOT_DEFAULT | SSL_HIGH,
+        SSL_HANDSHAKE_MAC_SHA256,
+        128,
+        128,
+    }
+};
 
-/* The RSA ciphers */
-/* Cipher 01 */
+/*
+ * The list of available ciphers, mostly organized into the following
+ * groups:
+ *      Always there
+ *      EC
+ *      PSK
+ *      SRP (within that: RSA EC PSK)
+ *      Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED
+ *      Weak ciphers
+ */
+static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      SSL3_TXT_RSA_NULL_MD5,
+     SSL3_RFC_RSA_NULL_MD5,
      SSL3_CK_RSA_NULL_MD5,
      SSL_kRSA,
      SSL_aRSA,
      SSL_eNULL,
      SSL_MD5,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_STRONG_NONE,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      0,
      0,
      },
-
-/* Cipher 02 */
     {
      1,
      SSL3_TXT_RSA_NULL_SHA,
+     SSL3_RFC_RSA_NULL_SHA,
      SSL3_CK_RSA_NULL_SHA,
      SSL_kRSA,
      SSL_aRSA,
      SSL_eNULL,
      SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      0,
      0,
      },
-
-/* Cipher 03 */
 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
     {
      1,
-     SSL3_TXT_RSA_RC4_40_MD5,
-     SSL3_CK_RSA_RC4_40_MD5,
+     SSL3_TXT_RSA_DES_192_CBC3_SHA,
+     SSL3_RFC_RSA_DES_192_CBC3_SHA,
+     SSL3_CK_RSA_DES_192_CBC3_SHA,
      SSL_kRSA,
      SSL_aRSA,
-     SSL_RC4,
-     SSL_MD5,
-     SSL_SSLV3,
-     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
+     SSL_3DES,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     40,
-     128,
+     112,
+     168,
      },
-#endif
-
-/* Cipher 04 */
     {
      1,
-     SSL3_TXT_RSA_RC4_128_MD5,
-     SSL3_CK_RSA_RC4_128_MD5,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_RC4,
-     SSL_MD5,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_MEDIUM,
+     SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
+     SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA,
+     SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
+     SSL_kDHE,
+     SSL_aDSS,
+     SSL_3DES,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
+     112,
+     168,
      },
-
-/* Cipher 05 */
     {
      1,
-     SSL3_TXT_RSA_RC4_128_SHA,
-     SSL3_CK_RSA_RC4_128_SHA,
-     SSL_kRSA,
+     SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
+     SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA,
+     SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
+     SSL_kDHE,
      SSL_aRSA,
-     SSL_RC4,
+     SSL_3DES,
      SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_MEDIUM,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
+     112,
+     168,
      },
-
-/* Cipher 06 */
-#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
     {
      1,
-     SSL3_TXT_RSA_RC2_40_MD5,
-     SSL3_CK_RSA_RC2_40_MD5,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_RC2,
-     SSL_MD5,
-     SSL_SSLV3,
-     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
+     SSL3_TXT_ADH_DES_192_CBC_SHA,
+     SSL3_RFC_ADH_DES_192_CBC_SHA,
+     SSL3_CK_ADH_DES_192_CBC_SHA,
+     SSL_kDHE,
+     SSL_aNULL,
+     SSL_3DES,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     40,
-     128,
+     112,
+     168,
      },
 #endif
-
-/* Cipher 07 */
-#ifndef OPENSSL_NO_IDEA
     {
      1,
-     SSL3_TXT_RSA_IDEA_128_SHA,
-     SSL3_CK_RSA_IDEA_128_SHA,
+     TLS1_TXT_RSA_WITH_AES_128_SHA,
+     TLS1_RFC_RSA_WITH_AES_128_SHA,
+     TLS1_CK_RSA_WITH_AES_128_SHA,
      SSL_kRSA,
      SSL_aRSA,
-     SSL_IDEA,
+     SSL_AES128,
      SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_MEDIUM,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      128,
      128,
      },
-#endif
-
-/* Cipher 08 */
-#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
     {
      1,
-     SSL3_TXT_RSA_DES_40_CBC_SHA,
-     SSL3_CK_RSA_DES_40_CBC_SHA,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_DES,
+     TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
+     TLS1_RFC_DHE_DSS_WITH_AES_128_SHA,
+     TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
+     SSL_kDHE,
+     SSL_aDSS,
+     SSL_AES128,
      SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     40,
-     56,
+     128,
+     128,
      },
-#endif
-
-/* Cipher 09 */
-#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
     {
      1,
-     SSL3_TXT_RSA_DES_64_CBC_SHA,
-     SSL3_CK_RSA_DES_64_CBC_SHA,
-     SSL_kRSA,
+     TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
+     TLS1_RFC_DHE_RSA_WITH_AES_128_SHA,
+     TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
+     SSL_kDHE,
      SSL_aRSA,
-     SSL_DES,
+     SSL_AES128,
      SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     56,
-     56,
+     128,
+     128,
      },
-#endif
-
-/* Cipher 0A */
     {
      1,
-     SSL3_TXT_RSA_DES_192_CBC3_SHA,
-     SSL3_CK_RSA_DES_192_CBC3_SHA,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_3DES,
+     TLS1_TXT_ADH_WITH_AES_128_SHA,
+     TLS1_RFC_ADH_WITH_AES_128_SHA,
+     TLS1_CK_ADH_WITH_AES_128_SHA,
+     SSL_kDHE,
+     SSL_aNULL,
+     SSL_AES128,
      SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     112,
-     168,
+     128,
+     128,
      },
-
-/* The DH ciphers */
-/* Cipher 0B */
-#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
-    {
-     0,
-     SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
-     SSL3_CK_DH_DSS_DES_40_CBC_SHA,
-     SSL_kDHd,
-     SSL_aDH,
-     SSL_DES,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     40,
-     56,
-     },
-#endif
-
-/* Cipher 0C */
-#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
     {
      1,
-     SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
-     SSL3_CK_DH_DSS_DES_64_CBC_SHA,
-     SSL_kDHd,
-     SSL_aDH,
-     SSL_DES,
+     TLS1_TXT_RSA_WITH_AES_256_SHA,
+     TLS1_RFC_RSA_WITH_AES_256_SHA,
+     TLS1_CK_RSA_WITH_AES_256_SHA,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_AES256,
      SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     56,
-     56,
+     256,
+     256,
      },
-#endif
-
-/* Cipher 0D */
     {
      1,
-     SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
-     SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
-     SSL_kDHd,
-     SSL_aDH,
-     SSL_3DES,
+     TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
+     TLS1_RFC_DHE_DSS_WITH_AES_256_SHA,
+     TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
+     SSL_kDHE,
+     SSL_aDSS,
+     SSL_AES256,
      SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     112,
-     168,
+     256,
+     256,
      },
-
-/* Cipher 0E */
-#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
     {
-     0,
-     SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
-     SSL3_CK_DH_RSA_DES_40_CBC_SHA,
-     SSL_kDHr,
-     SSL_aDH,
-     SSL_DES,
+     1,
+     TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
+     TLS1_RFC_DHE_RSA_WITH_AES_256_SHA,
+     TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_AES256,
      SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     40,
-     56,
+     256,
+     256,
      },
-#endif
-
-/* Cipher 0F */
-#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
     {
      1,
-     SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
-     SSL3_CK_DH_RSA_DES_64_CBC_SHA,
-     SSL_kDHr,
-     SSL_aDH,
-     SSL_DES,
+     TLS1_TXT_ADH_WITH_AES_256_SHA,
+     TLS1_RFC_ADH_WITH_AES_256_SHA,
+     TLS1_CK_ADH_WITH_AES_256_SHA,
+     SSL_kDHE,
+     SSL_aNULL,
+     SSL_AES256,
      SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     56,
-     56,
+     256,
+     256,
      },
-#endif
-
-/* Cipher 10 */
     {
      1,
-     SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
-     SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
-     SSL_kDHr,
-     SSL_aDH,
-     SSL_3DES,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
+     TLS1_TXT_RSA_WITH_NULL_SHA256,
+     TLS1_RFC_RSA_WITH_NULL_SHA256,
+     TLS1_CK_RSA_WITH_NULL_SHA256,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_eNULL,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     112,
-     168,
+     0,
+     0,
      },
-
-/* The Ephemeral DH ciphers */
-/* Cipher 11 */
-#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
     {
      1,
-     SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
-     SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
-     SSL_kEDH,
-     SSL_aDSS,
-     SSL_DES,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
+     TLS1_TXT_RSA_WITH_AES_128_SHA256,
+     TLS1_RFC_RSA_WITH_AES_128_SHA256,
+     TLS1_CK_RSA_WITH_AES_128_SHA256,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_AES128,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     40,
-     56,
+     128,
+     128,
      },
-#endif
-
-/* Cipher 12 */
-#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
     {
      1,
-     SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
-     SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
-     SSL_kEDH,
-     SSL_aDSS,
-     SSL_DES,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
+     TLS1_TXT_RSA_WITH_AES_256_SHA256,
+     TLS1_RFC_RSA_WITH_AES_256_SHA256,
+     TLS1_CK_RSA_WITH_AES_256_SHA256,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_AES256,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     56,
-     56,
+     256,
+     256,
      },
-#endif
-
-/* Cipher 13 */
     {
      1,
-     SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
-     SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
-     SSL_kEDH,
+     TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
+     TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256,
+     TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
+     SSL_kDHE,
      SSL_aDSS,
-     SSL_3DES,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
+     SSL_AES128,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     112,
-     168,
+     128,
+     128,
      },
-
-/* Cipher 14 */
-#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
     {
      1,
-     SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
-     SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
-     SSL_kEDH,
+     TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
+     TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256,
+     TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
+     SSL_kDHE,
      SSL_aRSA,
-     SSL_DES,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
+     SSL_AES128,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     40,
-     56,
+     128,
+     128,
      },
-#endif
-
-/* Cipher 15 */
-#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
     {
      1,
-     SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
-     SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
-     SSL_kEDH,
-     SSL_aRSA,
-     SSL_DES,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
+     TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
+     TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256,
+     TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
+     SSL_kDHE,
+     SSL_aDSS,
+     SSL_AES256,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     56,
-     56,
+     256,
+     256,
      },
-#endif
-
-/* Cipher 16 */
     {
      1,
-     SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
-     SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
-     SSL_kEDH,
+     TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
+     TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256,
+     TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
+     SSL_kDHE,
      SSL_aRSA,
-     SSL_3DES,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
+     SSL_AES256,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     112,
-     168,
+     256,
+     256,
      },
-
-/* Cipher 17 */
-#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
     {
      1,
-     SSL3_TXT_ADH_RC4_40_MD5,
-     SSL3_CK_ADH_RC4_40_MD5,
-     SSL_kEDH,
+     TLS1_TXT_ADH_WITH_AES_128_SHA256,
+     TLS1_RFC_ADH_WITH_AES_128_SHA256,
+     TLS1_CK_ADH_WITH_AES_128_SHA256,
+     SSL_kDHE,
      SSL_aNULL,
-     SSL_RC4,
-     SSL_MD5,
-     SSL_SSLV3,
-     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
+     SSL_AES128,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     40,
+     128,
      128,
      },
-#endif
-
-/* Cipher 18 */
     {
      1,
-     SSL3_TXT_ADH_RC4_128_MD5,
-     SSL3_CK_ADH_RC4_128_MD5,
-     SSL_kEDH,
+     TLS1_TXT_ADH_WITH_AES_256_SHA256,
+     TLS1_RFC_ADH_WITH_AES_256_SHA256,
+     TLS1_CK_ADH_WITH_AES_256_SHA256,
+     SSL_kDHE,
      SSL_aNULL,
-     SSL_RC4,
-     SSL_MD5,
-     SSL_SSLV3,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
+     SSL_AES256,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
+     TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256,
+     TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_AES128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      128,
      128,
      },
-
-/* Cipher 19 */
-#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
     {
      1,
-     SSL3_TXT_ADH_DES_40_CBC_SHA,
-     SSL3_CK_ADH_DES_40_CBC_SHA,
-     SSL_kEDH,
-     SSL_aNULL,
-     SSL_DES,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     40,
-     128,
+     TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
+     TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384,
+     TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_AES256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
      },
-#endif
-
-/* Cipher 1A */
-#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
     {
      1,
-     SSL3_TXT_ADH_DES_64_CBC_SHA,
-     SSL3_CK_ADH_DES_64_CBC_SHA,
-     SSL_kEDH,
-     SSL_aNULL,
-     SSL_DES,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     56,
-     56,
+     TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
+     TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256,
+     TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_AES128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
      },
-#endif
-
-/* Cipher 1B */
     {
      1,
-     SSL3_TXT_ADH_DES_192_CBC_SHA,
-     SSL3_CK_ADH_DES_192_CBC_SHA,
-     SSL_kEDH,
-     SSL_aNULL,
-     SSL_3DES,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     112,
-     168,
+     TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
+     TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384,
+     TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_AES256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
      },
-
-/* Fortezza ciphersuite from SSL 3.0 spec */
-#if 0
-/* Cipher 1C */
     {
-     0,
-     SSL3_TXT_FZA_DMS_NULL_SHA,
-     SSL3_CK_FZA_DMS_NULL_SHA,
-     SSL_kFZA,
-     SSL_aFZA,
-     SSL_eNULL,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_STRONG_NONE,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     0,
-     0,
+     1,
+     TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
+     TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256,
+     TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
+     SSL_kDHE,
+     SSL_aDSS,
+     SSL_AES128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
      },
-
-/* Cipher 1D */
     {
-     0,
-     SSL3_TXT_FZA_DMS_FZA_SHA,
-     SSL3_CK_FZA_DMS_FZA_SHA,
-     SSL_kFZA,
-     SSL_aFZA,
-     SSL_eFZA,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_STRONG_NONE,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     0,
-     0,
+     1,
+     TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
+     TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384,
+     TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
+     SSL_kDHE,
+     SSL_aDSS,
+     SSL_AES256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
      },
-
-/* Cipher 1E */
     {
-     0,
-     SSL3_TXT_FZA_DMS_RC4_SHA,
-     SSL3_CK_FZA_DMS_RC4_SHA,
-     SSL_kFZA,
-     SSL_aFZA,
-     SSL_RC4,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_MEDIUM,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     1,
+     TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
+     TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256,
+     TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
+     SSL_kDHE,
+     SSL_aNULL,
+     SSL_AES128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      128,
      128,
      },
-#endif
-
-#ifndef OPENSSL_NO_KRB5
-/* The Kerberos ciphers*/
-/* Cipher 1E */
-# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
     {
      1,
-     SSL3_TXT_KRB5_DES_64_CBC_SHA,
-     SSL3_CK_KRB5_DES_64_CBC_SHA,
-     SSL_kKRB5,
-     SSL_aKRB5,
-     SSL_DES,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     56,
-     56,
+     TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
+     TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384,
+     TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
+     SSL_kDHE,
+     SSL_aNULL,
+     SSL_AES256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
      },
-# endif
-
-/* Cipher 1F */
     {
      1,
-     SSL3_TXT_KRB5_DES_192_CBC3_SHA,
-     SSL3_CK_KRB5_DES_192_CBC3_SHA,
-     SSL_kKRB5,
-     SSL_aKRB5,
-     SSL_3DES,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     112,
-     168,
+     TLS1_TXT_RSA_WITH_AES_128_CCM,
+     TLS1_RFC_RSA_WITH_AES_128_CCM,
+     TLS1_CK_RSA_WITH_AES_128_CCM,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_AES128CCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
      },
-
-/* Cipher 20 */
     {
      1,
-     SSL3_TXT_KRB5_RC4_128_SHA,
-     SSL3_CK_KRB5_RC4_128_SHA,
-     SSL_kKRB5,
-     SSL_aKRB5,
-     SSL_RC4,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_MEDIUM,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
+     TLS1_TXT_RSA_WITH_AES_256_CCM,
+     TLS1_RFC_RSA_WITH_AES_256_CCM,
+     TLS1_CK_RSA_WITH_AES_256_CCM,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_AES256CCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
      },
-
-/* Cipher 21 */
     {
      1,
-     SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
-     SSL3_CK_KRB5_IDEA_128_CBC_SHA,
-     SSL_kKRB5,
-     SSL_aKRB5,
-     SSL_IDEA,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_MEDIUM,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
+     TLS1_RFC_DHE_RSA_WITH_AES_128_CCM,
+     TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_AES128CCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      128,
      128,
      },
-
-/* Cipher 22 */
-# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
     {
      1,
-     SSL3_TXT_KRB5_DES_64_CBC_MD5,
-     SSL3_CK_KRB5_DES_64_CBC_MD5,
-     SSL_kKRB5,
-     SSL_aKRB5,
-     SSL_DES,
-     SSL_MD5,
-     SSL_SSLV3,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     56,
-     56,
+     TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
+     TLS1_RFC_DHE_RSA_WITH_AES_256_CCM,
+     TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_AES256CCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
      },
-# endif
-
-/* Cipher 23 */
     {
      1,
-     SSL3_TXT_KRB5_DES_192_CBC3_MD5,
-     SSL3_CK_KRB5_DES_192_CBC3_MD5,
-     SSL_kKRB5,
-     SSL_aKRB5,
-     SSL_3DES,
-     SSL_MD5,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_MEDIUM,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     112,
-     168,
+     TLS1_TXT_RSA_WITH_AES_128_CCM_8,
+     TLS1_RFC_RSA_WITH_AES_128_CCM_8,
+     TLS1_CK_RSA_WITH_AES_128_CCM_8,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_AES128CCM8,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
      },
-
-/* Cipher 24 */
     {
      1,
-     SSL3_TXT_KRB5_RC4_128_MD5,
-     SSL3_CK_KRB5_RC4_128_MD5,
-     SSL_kKRB5,
-     SSL_aKRB5,
-     SSL_RC4,
-     SSL_MD5,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_MEDIUM,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
+     TLS1_TXT_RSA_WITH_AES_256_CCM_8,
+     TLS1_RFC_RSA_WITH_AES_256_CCM_8,
+     TLS1_CK_RSA_WITH_AES_256_CCM_8,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_AES256CCM8,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
      },
-
-/* Cipher 25 */
     {
      1,
-     SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
-     SSL3_CK_KRB5_IDEA_128_CBC_MD5,
-     SSL_kKRB5,
-     SSL_aKRB5,
-     SSL_IDEA,
-     SSL_MD5,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_MEDIUM,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
+     TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8,
+     TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_AES128CCM8,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      128,
      128,
      },
-
-/* Cipher 26 */
-# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
     {
      1,
-     SSL3_TXT_KRB5_DES_40_CBC_SHA,
-     SSL3_CK_KRB5_DES_40_CBC_SHA,
-     SSL_kKRB5,
-     SSL_aKRB5,
-     SSL_DES,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     40,
-     56,
+     TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
+     TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8,
+     TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_AES256CCM8,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
      },
-# endif
-
-/* Cipher 27 */
-# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
     {
      1,
-     SSL3_TXT_KRB5_RC2_40_CBC_SHA,
-     SSL3_CK_KRB5_RC2_40_CBC_SHA,
-     SSL_kKRB5,
-     SSL_aKRB5,
-     SSL_RC2,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     40,
+     TLS1_TXT_PSK_WITH_AES_128_CCM,
+     TLS1_RFC_PSK_WITH_AES_128_CCM,
+     TLS1_CK_PSK_WITH_AES_128_CCM,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_AES128CCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
      128,
      },
-# endif
-
-/* Cipher 28 */
-# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
     {
      1,
-     SSL3_TXT_KRB5_RC4_40_SHA,
-     SSL3_CK_KRB5_RC4_40_SHA,
-     SSL_kKRB5,
-     SSL_aKRB5,
-     SSL_RC4,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     40,
+     TLS1_TXT_PSK_WITH_AES_256_CCM,
+     TLS1_RFC_PSK_WITH_AES_256_CCM,
+     TLS1_CK_PSK_WITH_AES_256_CCM,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_AES256CCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
+     TLS1_RFC_DHE_PSK_WITH_AES_128_CCM,
+     TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_AES128CCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
      128,
      },
-# endif
-
-/* Cipher 29 */
-# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
     {
      1,
-     SSL3_TXT_KRB5_DES_40_CBC_MD5,
-     SSL3_CK_KRB5_DES_40_CBC_MD5,
-     SSL_kKRB5,
-     SSL_aKRB5,
-     SSL_DES,
-     SSL_MD5,
-     SSL_SSLV3,
-     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     40,
-     56,
+     TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
+     TLS1_RFC_DHE_PSK_WITH_AES_256_CCM,
+     TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_AES256CCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
      },
-# endif
-
-/* Cipher 2A */
-# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
     {
      1,
-     SSL3_TXT_KRB5_RC2_40_CBC_MD5,
-     SSL3_CK_KRB5_RC2_40_CBC_MD5,
-     SSL_kKRB5,
-     SSL_aKRB5,
-     SSL_RC2,
-     SSL_MD5,
-     SSL_SSLV3,
-     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     40,
+     TLS1_TXT_PSK_WITH_AES_128_CCM_8,
+     TLS1_RFC_PSK_WITH_AES_128_CCM_8,
+     TLS1_CK_PSK_WITH_AES_128_CCM_8,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_AES128CCM8,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
      128,
      },
-# endif
-
-/* Cipher 2B */
-# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
     {
      1,
-     SSL3_TXT_KRB5_RC4_40_MD5,
-     SSL3_CK_KRB5_RC4_40_MD5,
-     SSL_kKRB5,
-     SSL_aKRB5,
-     SSL_RC4,
-     SSL_MD5,
-     SSL_SSLV3,
-     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     40,
-     128,
+     TLS1_TXT_PSK_WITH_AES_256_CCM_8,
+     TLS1_RFC_PSK_WITH_AES_256_CCM_8,
+     TLS1_CK_PSK_WITH_AES_256_CCM_8,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_AES256CCM8,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
      },
-# endif
-#endif                          /* OPENSSL_NO_KRB5 */
-
-/* New AES ciphersuites */
-/* Cipher 2F */
     {
      1,
-     TLS1_TXT_RSA_WITH_AES_128_SHA,
-     TLS1_CK_RSA_WITH_AES_128_SHA,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_AES128,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
+     TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8,
+     TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_AES128CCM8,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      128,
      128,
      },
-/* Cipher 30 */
     {
      1,
-     TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
-     TLS1_CK_DH_DSS_WITH_AES_128_SHA,
-     SSL_kDHd,
-     SSL_aDH,
-     SSL_AES128,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
+     TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8,
+     TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_AES256CCM8,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
+     TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM,
+     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_AES128CCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      128,
      128,
      },
-/* Cipher 31 */
     {
      1,
-     TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
-     TLS1_CK_DH_RSA_WITH_AES_128_SHA,
-     SSL_kDHr,
-     SSL_aDH,
-     SSL_AES128,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
+     TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM,
+     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_AES256CCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
+     TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8,
+     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_AES128CCM8,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      128,
      128,
      },
-/* Cipher 32 */
     {
      1,
-     TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
-     TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
-     SSL_kEDH,
-     SSL_aDSS,
-     SSL_AES128,
+     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
+     TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8,
+     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_AES256CCM8,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
+     TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA,
+     TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_eNULL,
      SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
+     0,
+     0,
      },
-/* Cipher 33 */
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
     {
      1,
-     TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
-     TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
-     SSL_kEDH,
-     SSL_aRSA,
-     SSL_AES128,
+     TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
+     TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
+     TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_3DES,
      SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
+     112,
+     168,
      },
-/* Cipher 34 */
+# endif
     {
      1,
-     TLS1_TXT_ADH_WITH_AES_128_SHA,
-     TLS1_CK_ADH_WITH_AES_128_SHA,
-     SSL_kEDH,
-     SSL_aNULL,
+     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+     TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+     SSL_kECDHE,
+     SSL_aECDSA,
      SSL_AES128,
      SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      128,
      128,
      },
-
-/* Cipher 35 */
     {
      1,
-     TLS1_TXT_RSA_WITH_AES_256_SHA,
-     TLS1_CK_RSA_WITH_AES_256_SHA,
-     SSL_kRSA,
-     SSL_aRSA,
+     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+     TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+     SSL_kECDHE,
+     SSL_aECDSA,
      SSL_AES256,
      SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      256,
      256,
      },
-/* Cipher 36 */
     {
      1,
-     TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
-     TLS1_CK_DH_DSS_WITH_AES_256_SHA,
-     SSL_kDHd,
-     SSL_aDH,
-     SSL_AES256,
+     TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
+     TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA,
+     TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
+     SSL_kECDHE,
+     SSL_aRSA,
+     SSL_eNULL,
      SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     256,
-     256,
+     0,
+     0,
      },
-
-/* Cipher 37 */
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
     {
      1,
-     TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
-     TLS1_CK_DH_RSA_WITH_AES_256_SHA,
-     SSL_kDHr,
-     SSL_aDH,
-     SSL_AES256,
+     TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
+     TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
+     TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
+     SSL_kECDHE,
+     SSL_aRSA,
+     SSL_3DES,
      SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     256,
-     256,
+     112,
+     168,
      },
-
-/* Cipher 38 */
+# endif
     {
      1,
-     TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
-     TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
-     SSL_kEDH,
-     SSL_aDSS,
-     SSL_AES256,
+     TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+     TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+     TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+     SSL_kECDHE,
+     SSL_aRSA,
+     SSL_AES128,
      SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     256,
-     256,
+     128,
+     128,
      },
-
-/* Cipher 39 */
     {
      1,
-     TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
-     TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
-     SSL_kEDH,
+     TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+     TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+     TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+     SSL_kECDHE,
      SSL_aRSA,
      SSL_AES256,
      SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      256,
      256,
      },
-
-    /* Cipher 3A */
     {
      1,
-     TLS1_TXT_ADH_WITH_AES_256_SHA,
-     TLS1_CK_ADH_WITH_AES_256_SHA,
-     SSL_kEDH,
+     TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
+     TLS1_RFC_ECDH_anon_WITH_NULL_SHA,
+     TLS1_CK_ECDH_anon_WITH_NULL_SHA,
+     SSL_kECDHE,
      SSL_aNULL,
-     SSL_AES256,
+     SSL_eNULL,
      SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     256,
-     256,
+     0,
+     0,
      },
-
-    /* TLS v1.2 ciphersuites */
-    /* Cipher 3B */
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
     {
      1,
-     TLS1_TXT_RSA_WITH_NULL_SHA256,
-     TLS1_CK_RSA_WITH_NULL_SHA256,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_eNULL,
-     SSL_SHA256,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+     TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
+     TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA,
+     TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
+     SSL_kECDHE,
+     SSL_aNULL,
+     SSL_3DES,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     0,
-     0,
+     112,
+     168,
      },
-
-    /* Cipher 3C */
+# endif
     {
      1,
-     TLS1_TXT_RSA_WITH_AES_128_SHA256,
-     TLS1_CK_RSA_WITH_AES_128_SHA256,
-     SSL_kRSA,
-     SSL_aRSA,
+     TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
+     TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA,
+     TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
+     SSL_kECDHE,
+     SSL_aNULL,
      SSL_AES128,
-     SSL_SHA256,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      128,
      128,
      },
-
-    /* Cipher 3D */
     {
      1,
-     TLS1_TXT_RSA_WITH_AES_256_SHA256,
-     TLS1_CK_RSA_WITH_AES_256_SHA256,
-     SSL_kRSA,
-     SSL_aRSA,
+     TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
+     TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA,
+     TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
+     SSL_kECDHE,
+     SSL_aNULL,
      SSL_AES256,
-     SSL_SHA256,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      256,
      256,
      },
-
-    /* Cipher 3E */
     {
      1,
-     TLS1_TXT_DH_DSS_WITH_AES_128_SHA256,
-     TLS1_CK_DH_DSS_WITH_AES_128_SHA256,
-     SSL_kDHd,
-     SSL_aDH,
+     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
+     TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256,
+     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
+     SSL_kECDHE,
+     SSL_aECDSA,
      SSL_AES128,
      SSL_SHA256,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      128,
      128,
      },
-
-    /* Cipher 3F */
     {
      1,
-     TLS1_TXT_DH_RSA_WITH_AES_128_SHA256,
-     TLS1_CK_DH_RSA_WITH_AES_128_SHA256,
-     SSL_kDHr,
-     SSL_aDH,
-     SSL_AES128,
-     SSL_SHA256,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
+     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
+     TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384,
+     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_AES256,
+     SSL_SHA384,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
      },
-
-    /* Cipher 40 */
     {
      1,
-     TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
-     TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
-     SSL_kEDH,
-     SSL_aDSS,
+     TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
+     TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256,
+     TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
+     SSL_kECDHE,
+     SSL_aRSA,
      SSL_AES128,
      SSL_SHA256,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      128,
      128,
      },
-
-#ifndef OPENSSL_NO_CAMELLIA
-    /* Camellia ciphersuites from RFC4132 (128-bit portion) */
-
-    /* Cipher 41 */
     {
      1,
-     TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
-     TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
-     SSL_kRSA,
+     TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
+     TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384,
+     TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
+     SSL_kECDHE,
      SSL_aRSA,
-     SSL_CAMELLIA128,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     SSL_AES256,
+     SSL_SHA384,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+     TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_AES128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      128,
      128,
      },
-
-    /* Cipher 42 */
     {
      1,
-     TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
-     TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
-     SSL_kDHd,
-     SSL_aDH,
-     SSL_CAMELLIA128,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+     TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_AES256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+     TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+     TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+     SSL_kECDHE,
+     SSL_aRSA,
+     SSL_AES128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      128,
      128,
      },
-
-    /* Cipher 43 */
     {
      1,
-     TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
-     TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
-     SSL_kDHr,
-     SSL_aDH,
-     SSL_CAMELLIA128,
+     TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+     TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+     TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+     SSL_kECDHE,
+     SSL_aRSA,
+     SSL_AES256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_PSK_WITH_NULL_SHA,
+     TLS1_RFC_PSK_WITH_NULL_SHA,
+     TLS1_CK_PSK_WITH_NULL_SHA,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_eNULL,
      SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
+     0,
+     0,
      },
-
-    /* Cipher 44 */
     {
      1,
-     TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
-     TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
-     SSL_kEDH,
-     SSL_aDSS,
-     SSL_CAMELLIA128,
+     TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
+     TLS1_RFC_DHE_PSK_WITH_NULL_SHA,
+     TLS1_CK_DHE_PSK_WITH_NULL_SHA,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_eNULL,
      SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
+     0,
+     0,
      },
-
-    /* Cipher 45 */
     {
      1,
-     TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
-     TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
-     SSL_kEDH,
+     TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
+     TLS1_RFC_RSA_PSK_WITH_NULL_SHA,
+     TLS1_CK_RSA_PSK_WITH_NULL_SHA,
+     SSL_kRSAPSK,
      SSL_aRSA,
-     SSL_CAMELLIA128,
+     SSL_eNULL,
      SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
+     0,
+     0,
      },
-
-    /* Cipher 46 */
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
     {
      1,
-     TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
-     TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
-     SSL_kEDH,
-     SSL_aNULL,
-     SSL_CAMELLIA128,
+     TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
+     TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA,
+     TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_3DES,
      SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
+     112,
+     168,
      },
-#endif                          /* OPENSSL_NO_CAMELLIA */
-
-#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
-    /* New TLS Export CipherSuites from expired ID */
-# if 0
-    /* Cipher 60 */
+# endif
     {
      1,
-     TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
-     TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_RC4,
-     SSL_MD5,
-     SSL_TLSV1,
-     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP56,
+     TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
+     TLS1_RFC_PSK_WITH_AES_128_CBC_SHA,
+     TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_AES128,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     56,
+     128,
      128,
      },
-
-    /* Cipher 61 */
     {
      1,
-     TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
-     TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_RC2,
-     SSL_MD5,
-     SSL_TLSV1,
-     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP56,
+     TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
+     TLS1_RFC_PSK_WITH_AES_256_CBC_SHA,
+     TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_AES256,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     56,
-     128,
+     256,
+     256,
      },
-# endif
-
-    /* Cipher 62 */
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
     {
      1,
-     TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
-     TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_DES,
+     TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
+     TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
+     TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_3DES,
      SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP56,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     56,
-     56,
+     112,
+     168,
      },
 # endif
-
-    /* Cipher 63 */
-# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
     {
      1,
-     TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
-     TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
-     SSL_kEDH,
-     SSL_aDSS,
-     SSL_DES,
+     TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
+     TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA,
+     TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_AES128,
      SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP56,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     56,
-     56,
+     128,
+     128,
      },
-# endif
-
-    /* Cipher 64 */
-# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
     {
      1,
-     TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
-     TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_RC4,
+     TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
+     TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA,
+     TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_AES256,
      SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP56,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     56,
-     128,
+     256,
+     256,
      },
-# endif
-
-    /* Cipher 65 */
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
     {
      1,
-     TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
-     TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
-     SSL_kEDH,
-     SSL_aDSS,
-     SSL_RC4,
+     TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
+     TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
+     TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_3DES,
      SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP56,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     56,
-     128,
+     112,
+     168,
      },
 # endif
-
-    /* Cipher 66 */
     {
      1,
-     TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
-     TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
-     SSL_kEDH,
-     SSL_aDSS,
-     SSL_RC4,
+     TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
+     TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA,
+     TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_AES128,
      SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_MEDIUM,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      128,
      128,
      },
-#endif
-
-    /* TLS v1.2 ciphersuites */
-    /* Cipher 67 */
     {
      1,
-     TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
-     TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
-     SSL_kEDH,
+     TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
+     TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA,
+     TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
+     SSL_kRSAPSK,
      SSL_aRSA,
-     SSL_AES128,
-     SSL_SHA256,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_AES256,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
+     TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256,
+     TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_AES128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      128,
      128,
      },
-
-    /* Cipher 68 */
     {
      1,
-     TLS1_TXT_DH_DSS_WITH_AES_256_SHA256,
-     TLS1_CK_DH_DSS_WITH_AES_256_SHA256,
-     SSL_kDHd,
-     SSL_aDH,
-     SSL_AES256,
-     SSL_SHA256,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
+     TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384,
+     TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_AES256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
      256,
      256,
      },
-
-    /* Cipher 69 */
     {
      1,
-     TLS1_TXT_DH_RSA_WITH_AES_256_SHA256,
-     TLS1_CK_DH_RSA_WITH_AES_256_SHA256,
-     SSL_kDHr,
-     SSL_aDH,
-     SSL_AES256,
-     SSL_SHA256,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     256,
-     256,
+     TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
+     TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256,
+     TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_AES128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
      },
-
-    /* Cipher 6A */
     {
      1,
-     TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
-     TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
-     SSL_kEDH,
-     SSL_aDSS,
-     SSL_AES256,
-     SSL_SHA256,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
+     TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384,
+     TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_AES256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
      256,
      256,
      },
-
-    /* Cipher 6B */
     {
      1,
-     TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
-     TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
-     SSL_kEDH,
+     TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
+     TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256,
+     TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
+     SSL_kRSAPSK,
      SSL_aRSA,
-     SSL_AES256,
-     SSL_SHA256,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     SSL_AES128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
+     TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384,
+     TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_AES256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
      256,
      256,
      },
-
-    /* Cipher 6C */
     {
      1,
-     TLS1_TXT_ADH_WITH_AES_128_SHA256,
-     TLS1_CK_ADH_WITH_AES_128_SHA256,
-     SSL_kEDH,
-     SSL_aNULL,
+     TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
+     TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256,
+     TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
+     SSL_kPSK,
+     SSL_aPSK,
      SSL_AES128,
      SSL_SHA256,
-     SSL_TLSV1_2,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      128,
      128,
      },
-
-    /* Cipher 6D */
     {
      1,
-     TLS1_TXT_ADH_WITH_AES_256_SHA256,
-     TLS1_CK_ADH_WITH_AES_256_SHA256,
-     SSL_kEDH,
-     SSL_aNULL,
+     TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
+     TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384,
+     TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
+     SSL_kPSK,
+     SSL_aPSK,
      SSL_AES256,
-     SSL_SHA256,
-     SSL_TLSV1_2,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     SSL_SHA384,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
      256,
      256,
      },
-
-    /* GOST Ciphersuites */
-
     {
      1,
-     "GOST94-GOST89-GOST89",
-     0x3000080,
-     SSL_kGOST,
-     SSL_aGOST94,
-     SSL_eGOST2814789CNT,
-     SSL_GOST89MAC,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
-     SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
-     256,
-     256},
+     TLS1_TXT_PSK_WITH_NULL_SHA256,
+     TLS1_RFC_PSK_WITH_NULL_SHA256,
+     TLS1_CK_PSK_WITH_NULL_SHA256,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_eNULL,
+     SSL_SHA256,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
     {
      1,
-     "GOST2001-GOST89-GOST89",
-     0x3000081,
-     SSL_kGOST,
-     SSL_aGOST01,
-     SSL_eGOST2814789CNT,
-     SSL_GOST89MAC,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
-     SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
+     TLS1_TXT_PSK_WITH_NULL_SHA384,
+     TLS1_RFC_PSK_WITH_NULL_SHA384,
+     TLS1_CK_PSK_WITH_NULL_SHA384,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_eNULL,
+     SSL_SHA384,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     0,
+     0,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
+     TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256,
+     TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_AES128,
+     SSL_SHA256,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
+     TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384,
+     TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_AES256,
+     SSL_SHA384,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
      256,
-     256},
+     },
     {
      1,
-     "GOST94-NULL-GOST94",
-     0x3000082,
-     SSL_kGOST,
-     SSL_aGOST94,
+     TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
+     TLS1_RFC_DHE_PSK_WITH_NULL_SHA256,
+     TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
+     SSL_kDHEPSK,
+     SSL_aPSK,
      SSL_eNULL,
-     SSL_GOST94,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_STRONG_NONE,
-     SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
+     SSL_SHA256,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
      0,
-     0},
+     },
     {
      1,
-     "GOST2001-NULL-GOST94",
-     0x3000083,
-     SSL_kGOST,
-     SSL_aGOST01,
+     TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
+     TLS1_RFC_DHE_PSK_WITH_NULL_SHA384,
+     TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
+     SSL_kDHEPSK,
+     SSL_aPSK,
      SSL_eNULL,
-     SSL_GOST94,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_STRONG_NONE,
-     SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
+     SSL_SHA384,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
      0,
-     0},
-
-#ifndef OPENSSL_NO_CAMELLIA
-    /* Camellia ciphersuites from RFC4132 (256-bit portion) */
-
-    /* Cipher 84 */
+     0,
+     },
     {
      1,
-     TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
-     TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
-     SSL_kRSA,
+     TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
+     TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256,
+     TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
+     SSL_kRSAPSK,
      SSL_aRSA,
-     SSL_CAMELLIA256,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
+     SSL_AES128,
+     SSL_SHA256,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
+     TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384,
+     TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_AES256,
+     SSL_SHA384,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
      256,
      256,
      },
-    /* Cipher 85 */
     {
      1,
-     TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
-     TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
-     SSL_kDHd,
-     SSL_aDH,
-     SSL_CAMELLIA256,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
+     TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
+     TLS1_RFC_RSA_PSK_WITH_NULL_SHA256,
+     TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_eNULL,
+     SSL_SHA256,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     256,
-     256,
+     0,
+     0,
      },
-
-    /* Cipher 86 */
     {
      1,
-     TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
-     TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
-     SSL_kDHr,
-     SSL_aDH,
-     SSL_CAMELLIA256,
+     TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
+     TLS1_RFC_RSA_PSK_WITH_NULL_SHA384,
+     TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_eNULL,
+     SSL_SHA384,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     0,
+     0,
+     },
+#  ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
+     TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
+     TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
+     SSL_kECDHEPSK,
+     SSL_aPSK,
+     SSL_3DES,
      SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     256,
-     256,
+     112,
+     168,
      },
-
-    /* Cipher 87 */
+#  endif
     {
      1,
-     TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
-     TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
-     SSL_kEDH,
-     SSL_aDSS,
-     SSL_CAMELLIA256,
+     TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
+     TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA,
+     TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
+     SSL_kECDHEPSK,
+     SSL_aPSK,
+     SSL_AES128,
      SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     256,
-     256,
+     128,
+     128,
      },
-
-    /* Cipher 88 */
     {
      1,
-     TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
-     TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
-     SSL_kEDH,
-     SSL_aRSA,
-     SSL_CAMELLIA256,
+     TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
+     TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA,
+     TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
+     SSL_kECDHEPSK,
+     SSL_aPSK,
+     SSL_AES256,
      SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      256,
      256,
      },
-
-    /* Cipher 89 */
     {
      1,
-     TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
-     TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
-     SSL_kEDH,
-     SSL_aNULL,
-     SSL_CAMELLIA256,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH,
+     TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
+     TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
+     TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
+     SSL_kECDHEPSK,
+     SSL_aPSK,
+     SSL_AES128,
+     SSL_SHA256,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
+     TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
+     TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
+     SSL_kECDHEPSK,
+     SSL_aPSK,
+     SSL_AES256,
+     SSL_SHA384,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
      256,
      256,
      },
-#endif                          /* OPENSSL_NO_CAMELLIA */
-
-#ifndef OPENSSL_NO_PSK
-    /* Cipher 8A */
     {
      1,
-     TLS1_TXT_PSK_WITH_RC4_128_SHA,
-     TLS1_CK_PSK_WITH_RC4_128_SHA,
-     SSL_kPSK,
+     TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
+     TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA,
+     TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
+     SSL_kECDHEPSK,
      SSL_aPSK,
-     SSL_RC4,
+     SSL_eNULL,
      SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_MEDIUM,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
+     0,
+     0,
      },
-
-    /* Cipher 8B */
     {
      1,
-     TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
-     TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
-     SSL_kPSK,
+     TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
+     TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256,
+     TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
+     SSL_kECDHEPSK,
      SSL_aPSK,
+     SSL_eNULL,
+     SSL_SHA256,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
+     TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384,
+     TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
+     SSL_kECDHEPSK,
+     SSL_aPSK,
+     SSL_eNULL,
+     SSL_SHA384,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     0,
+     0,
+     },
+
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
+     TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
+     TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
+     SSL_kSRP,
+     SSL_aSRP,
      SSL_3DES,
      SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      112,
      168,
      },
-
-    /* Cipher 8C */
     {
      1,
-     TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
-     TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
-     SSL_kPSK,
-     SSL_aPSK,
-     SSL_AES128,
+     TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
+     TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
+     TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
+     SSL_kSRP,
+     SSL_aRSA,
+     SSL_3DES,
      SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
+     112,
+     168,
      },
-
-    /* Cipher 8D */
     {
      1,
-     TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
-     TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
-     SSL_kPSK,
-     SSL_aPSK,
-     SSL_AES256,
+     TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
+     TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
+     TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
+     SSL_kSRP,
+     SSL_aDSS,
+     SSL_3DES,
      SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     256,
-     256,
+     112,
+     168,
      },
-#endif                          /* OPENSSL_NO_PSK */
-
-#ifndef OPENSSL_NO_SEED
-    /* SEED ciphersuites from RFC4162 */
-
-    /* Cipher 96 */
+# endif
     {
      1,
-     TLS1_TXT_RSA_WITH_SEED_SHA,
-     TLS1_CK_RSA_WITH_SEED_SHA,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_SEED,
+     TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
+     TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA,
+     TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
+     SSL_kSRP,
+     SSL_aSRP,
+     SSL_AES128,
      SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_MEDIUM,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      128,
      128,
      },
-
-    /* Cipher 97 */
     {
      1,
-     TLS1_TXT_DH_DSS_WITH_SEED_SHA,
-     TLS1_CK_DH_DSS_WITH_SEED_SHA,
-     SSL_kDHd,
-     SSL_aDH,
-     SSL_SEED,
+     TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
+     TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
+     TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
+     SSL_kSRP,
+     SSL_aRSA,
+     SSL_AES128,
      SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_MEDIUM,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      128,
      128,
      },
-
-    /* Cipher 98 */
     {
      1,
-     TLS1_TXT_DH_RSA_WITH_SEED_SHA,
-     TLS1_CK_DH_RSA_WITH_SEED_SHA,
-     SSL_kDHr,
-     SSL_aDH,
-     SSL_SEED,
+     TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
+     TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
+     TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
+     SSL_kSRP,
+     SSL_aDSS,
+     SSL_AES128,
      SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_MEDIUM,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      128,
      128,
      },
-
-    /* Cipher 99 */
     {
      1,
-     TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
-     TLS1_CK_DHE_DSS_WITH_SEED_SHA,
-     SSL_kEDH,
-     SSL_aDSS,
-     SSL_SEED,
+     TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
+     TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA,
+     TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
+     SSL_kSRP,
+     SSL_aSRP,
+     SSL_AES256,
      SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_MEDIUM,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
+     256,
+     256,
      },
-
-    /* Cipher 9A */
     {
      1,
-     TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
-     TLS1_CK_DHE_RSA_WITH_SEED_SHA,
-     SSL_kEDH,
+     TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
+     TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
+     TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
+     SSL_kSRP,
      SSL_aRSA,
-     SSL_SEED,
+     SSL_AES256,
      SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_MEDIUM,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
+     256,
+     256,
      },
-
-    /* Cipher 9B */
     {
      1,
-     TLS1_TXT_ADH_WITH_SEED_SHA,
-     TLS1_CK_ADH_WITH_SEED_SHA,
-     SSL_kEDH,
-     SSL_aNULL,
-     SSL_SEED,
+     TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
+     TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
+     TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
+     SSL_kSRP,
+     SSL_aDSS,
+     SSL_AES256,
      SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
+     256,
+     256,
      },
 
-#endif                          /* OPENSSL_NO_SEED */
-
-    /* GCM ciphersuites from RFC5288 */
-
-    /* Cipher 9C */
+#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
     {
      1,
-     TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
-     TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
-     SSL_kRSA,
+     TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
+     TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305,
+     TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
+     SSL_kDHE,
      SSL_aRSA,
-     SSL_AES128GCM,
+     SSL_CHACHA20POLY1305,
      SSL_AEAD,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
-     128,
-     128,
+     256,
+     256,
      },
-
-    /* Cipher 9D */
     {
      1,
-     TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
-     TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
-     SSL_kRSA,
+     TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+     TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+     TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+     SSL_kECDHE,
      SSL_aRSA,
-     SSL_AES256GCM,
+     SSL_CHACHA20POLY1305,
      SSL_AEAD,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      256,
      256,
      },
-
-    /* Cipher 9E */
     {
      1,
-     TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
-     TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
-     SSL_kEDH,
-     SSL_aRSA,
-     SSL_AES128GCM,
+     TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+     TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+     TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_CHACHA20POLY1305,
      SSL_AEAD,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
-     128,
-     128,
+     256,
+     256,
      },
-
-    /* Cipher 9F */
     {
      1,
-     TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
-     TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
-     SSL_kEDH,
-     SSL_aRSA,
-     SSL_AES256GCM,
+     TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
+     TLS1_RFC_PSK_WITH_CHACHA20_POLY1305,
+     TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_CHACHA20POLY1305,
      SSL_AEAD,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      256,
      256,
      },
-
-    /* Cipher A0 */
     {
      1,
-     TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256,
-     TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256,
-     SSL_kDHr,
-     SSL_aDH,
-     SSL_AES128GCM,
+     TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
+     TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305,
+     TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
+     SSL_kECDHEPSK,
+     SSL_aPSK,
+     SSL_CHACHA20POLY1305,
      SSL_AEAD,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
-     128,
-     128,
+     256,
+     256,
      },
-
-    /* Cipher A1 */
     {
      1,
-     TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384,
-     TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384,
-     SSL_kDHr,
-     SSL_aDH,
-     SSL_AES256GCM,
+     TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
+     TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305,
+     TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_CHACHA20POLY1305,
      SSL_AEAD,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
+     TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305,
+     TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_CHACHA20POLY1305,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      256,
      256,
      },
+#endif                          /* !defined(OPENSSL_NO_CHACHA) &&
+                                 * !defined(OPENSSL_NO_POLY1305) */
 
-    /* Cipher A2 */
+#ifndef OPENSSL_NO_CAMELLIA
     {
      1,
-     TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
-     TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
+     TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_CAMELLIA128,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
      SSL_kEDH,
      SSL_aDSS,
-     SSL_AES128GCM,
-     SSL_AEAD,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_CAMELLIA128,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      128,
      128,
      },
-
-    /* Cipher A3 */
     {
      1,
-     TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
-     TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
+     TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
      SSL_kEDH,
-     SSL_aDSS,
-     SSL_AES256GCM,
-     SSL_AEAD,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
-     256,
-     256,
+     SSL_aRSA,
+     SSL_CAMELLIA128,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
      },
-
-    /* Cipher A4 */
     {
      1,
-     TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256,
-     TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256,
-     SSL_kDHd,
-     SSL_aDH,
-     SSL_AES128GCM,
-     SSL_AEAD,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
+     SSL_kEDH,
+     SSL_aNULL,
+     SSL_CAMELLIA128,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      128,
      128,
      },
-
-    /* Cipher A5 */
     {
      1,
-     TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384,
-     TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384,
-     SSL_kDHd,
-     SSL_aDH,
-     SSL_AES256GCM,
-     SSL_AEAD,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
+     TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256,
+     TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_CAMELLIA256,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      256,
      256,
      },
-
-    /* Cipher A6 */
     {
      1,
-     TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
-     TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
+     TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
+     TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
+     TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
      SSL_kEDH,
-     SSL_aNULL,
-     SSL_AES128GCM,
-     SSL_AEAD,
-     SSL_TLSV1_2,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_aDSS,
+     SSL_CAMELLIA256,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
-     128,
-     128,
+     256,
+     256,
      },
-
-    /* Cipher A7 */
     {
      1,
-     TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
-     TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
+     TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
+     TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
+     TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
      SSL_kEDH,
-     SSL_aNULL,
-     SSL_AES256GCM,
-     SSL_AEAD,
-     SSL_TLSV1_2,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     SSL_aRSA,
+     SSL_CAMELLIA256,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      256,
      256,
      },
-#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
     {
      1,
-     "SCSV",
-     SSL3_CK_SCSV,
-     0,
-     0,
-     0,
-     0,
-     0,
-     0,
-     0,
-     0,
-     0},
-#endif
-
-#ifndef OPENSSL_NO_ECDH
-    /* Cipher C001 */
+     TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
+     TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256,
+     TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
+     SSL_kEDH,
+     SSL_aNULL,
+     SSL_CAMELLIA256,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
     {
      1,
-     TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
-     TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
-     SSL_kECDHe,
-     SSL_aECDH,
-     SSL_eNULL,
+     TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
+     TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA,
+     TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_CAMELLIA256,
      SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     0,
-     0,
+     256,
+     256,
      },
-
-    /* Cipher C002 */
     {
      1,
-     TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
-     TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
-     SSL_kECDHe,
-     SSL_aECDH,
-     SSL_RC4,
+     TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
+     TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
+     TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
+     SSL_kDHE,
+     SSL_aDSS,
+     SSL_CAMELLIA256,
      SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_MEDIUM,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
+     256,
+     256,
      },
-
-    /* Cipher C003 */
     {
      1,
-     TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
-     TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
-     SSL_kECDHe,
-     SSL_aECDH,
-     SSL_3DES,
+     TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
+     TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
+     TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_CAMELLIA256,
      SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     112,
-     168,
+     256,
+     256,
      },
-
-    /* Cipher C004 */
     {
      1,
-     TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
-     TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
-     SSL_kECDHe,
-     SSL_aECDH,
-     SSL_AES128,
+     TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
+     TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA,
+     TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
+     SSL_kDHE,
+     SSL_aNULL,
+     SSL_CAMELLIA256,
      SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
+     256,
+     256,
      },
-
-    /* Cipher C005 */
     {
      1,
-     TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
-     TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
-     SSL_kECDHe,
-     SSL_aECDH,
-     SSL_AES256,
+     TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
+     TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA,
+     TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_CAMELLIA128,
      SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     256,
-     256,
+     128,
+     128,
      },
-
-    /* Cipher C006 */
     {
      1,
-     TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
-     TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
-     SSL_kEECDH,
-     SSL_aECDSA,
-     SSL_eNULL,
+     TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
+     TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
+     TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
+     SSL_kDHE,
+     SSL_aDSS,
+     SSL_CAMELLIA128,
      SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     0,
-     0,
+     128,
+     128,
      },
-
-    /* Cipher C007 */
     {
      1,
-     TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
-     TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
-     SSL_kEECDH,
-     SSL_aECDSA,
-     SSL_RC4,
+     TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
+     TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
+     TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_CAMELLIA128,
      SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_MEDIUM,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      128,
      128,
      },
-
-    /* Cipher C008 */
     {
      1,
-     TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
-     TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
-     SSL_kEECDH,
-     SSL_aECDSA,
-     SSL_3DES,
+     TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
+     TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA,
+     TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
+     SSL_kDHE,
+     SSL_aNULL,
+     SSL_CAMELLIA128,
      SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     112,
-     168,
+     128,
+     128,
      },
-
-    /* Cipher C009 */
     {
      1,
-     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
-     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
-     SSL_kEECDH,
+     TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
+     SSL_kECDHE,
      SSL_aECDSA,
-     SSL_AES128,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     SSL_CAMELLIA128,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      128,
      128,
      },
-
-    /* Cipher C00A */
     {
      1,
-     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
-     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
-     SSL_kEECDH,
+     TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
+     SSL_kECDHE,
      SSL_aECDSA,
-     SSL_AES256,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     SSL_CAMELLIA256,
+     SSL_SHA384,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
      256,
      256,
      },
-
-    /* Cipher C00B */
     {
      1,
-     TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
-     TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
-     SSL_kECDHr,
-     SSL_aECDH,
-     SSL_eNULL,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     0,
-     0,
+     TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+     SSL_kECDHE,
+     SSL_aRSA,
+     SSL_CAMELLIA128,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
      },
-
-    /* Cipher C00C */
     {
      1,
-     TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
-     TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
-     SSL_kECDHr,
-     SSL_aECDH,
-     SSL_RC4,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_MEDIUM,
+     TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
+     SSL_kECDHE,
+     SSL_aRSA,
+     SSL_CAMELLIA256,
+     SSL_SHA384,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_CAMELLIA128,
+     SSL_SHA256,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      128,
      128,
      },
-
-    /* Cipher C00D */
     {
      1,
-     TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
-     TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
-     SSL_kECDHr,
-     SSL_aECDH,
-     SSL_3DES,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     112,
-     168,
+     TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_CAMELLIA256,
+     SSL_SHA384,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
      },
-
-    /* Cipher C00E */
     {
      1,
-     TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
-     TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
-     SSL_kECDHr,
-     SSL_aECDH,
-     SSL_AES128,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_CAMELLIA128,
+     SSL_SHA256,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      128,
      128,
      },
-
-    /* Cipher C00F */
     {
      1,
-     TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
-     TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
-     SSL_kECDHr,
-     SSL_aECDH,
-     SSL_AES256,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_CAMELLIA256,
+     SSL_SHA384,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
      256,
      256,
      },
-
-    /* Cipher C010 */
     {
      1,
-     TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
-     TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
-     SSL_kEECDH,
+     TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+     SSL_kRSAPSK,
      SSL_aRSA,
-     SSL_eNULL,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+     SSL_CAMELLIA128,
+     SSL_SHA256,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     0,
-     0,
+     128,
+     128,
      },
-
-    /* Cipher C011 */
     {
      1,
-     TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
-     TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
-     SSL_kEECDH,
+     TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+     SSL_kRSAPSK,
      SSL_aRSA,
-     SSL_RC4,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_MEDIUM,
+     SSL_CAMELLIA256,
+     SSL_SHA384,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+     SSL_kECDHEPSK,
+     SSL_aPSK,
+     SSL_CAMELLIA128,
+     SSL_SHA256,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      128,
      128,
      },
-
-    /* Cipher C012 */
     {
      1,
-     TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
-     TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
-     SSL_kEECDH,
-     SSL_aRSA,
-     SSL_3DES,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     112,
-     168,
+     TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+     SSL_kECDHEPSK,
+     SSL_aPSK,
+     SSL_CAMELLIA256,
+     SSL_SHA384,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
      },
+#endif                          /* OPENSSL_NO_CAMELLIA */
 
-    /* Cipher C013 */
+#ifndef OPENSSL_NO_GOST
     {
      1,
-     TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
-     TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
-     SSL_kEECDH,
-     SSL_aRSA,
-     SSL_AES128,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
+     "GOST2001-GOST89-GOST89",
+     "TLS_GOSTR341001_WITH_28147_CNT_IMIT",
+     0x3000081,
+     SSL_kGOST,
+     SSL_aGOST01,
+     SSL_eGOST2814789CNT,
+     SSL_GOST89MAC,
+     TLS1_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_HIGH,
+     SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
+     256,
+     256,
      },
-
-    /* Cipher C014 */
     {
      1,
-     TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
-     TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
-     SSL_kEECDH,
-     SSL_aRSA,
-     SSL_AES256,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     "GOST2001-NULL-GOST94",
+     "TLS_GOSTR341001_WITH_NULL_GOSTR3411",
+     0x3000083,
+     SSL_kGOST,
+     SSL_aGOST01,
+     SSL_eNULL,
+     SSL_GOST94,
+     TLS1_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_STRONG_NONE,
+     SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
+     0,
+     0,
+     },
+    {
+     1,
+     "GOST2012-GOST8912-GOST8912",
+     NULL,
+     0x0300ff85,
+     SSL_kGOST,
+     SSL_aGOST12 | SSL_aGOST01,
+     SSL_eGOST2814789CNT12,
+     SSL_GOST89MAC12,
+     TLS1_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_HIGH,
+     SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
      256,
      256,
      },
-
-    /* Cipher C015 */
     {
      1,
-     TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
-     TLS1_CK_ECDH_anon_WITH_NULL_SHA,
-     SSL_kEECDH,
-     SSL_aNULL,
+     "GOST2012-NULL-GOST12",
+     NULL,
+     0x0300ff87,
+     SSL_kGOST,
+     SSL_aGOST12 | SSL_aGOST01,
      SSL_eNULL,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     SSL_GOST12_256,
+     TLS1_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_STRONG_NONE,
+     SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
      0,
      0,
      },
+#endif                          /* OPENSSL_NO_GOST */
 
-    /* Cipher C016 */
+#ifndef OPENSSL_NO_IDEA
     {
      1,
-     TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
-     TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
-     SSL_kEECDH,
-     SSL_aNULL,
-     SSL_RC4,
+     SSL3_TXT_RSA_IDEA_128_SHA,
+     SSL3_RFC_RSA_IDEA_128_SHA,
+     SSL3_CK_RSA_IDEA_128_SHA,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_IDEA,
      SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
+     SSL3_VERSION, TLS1_1_VERSION,
+     DTLS1_BAD_VER, DTLS1_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      128,
      128,
      },
+#endif
 
-    /* Cipher C017 */
+#ifndef OPENSSL_NO_SEED
     {
      1,
-     TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
-     TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
-     SSL_kEECDH,
-     SSL_aNULL,
-     SSL_3DES,
+     TLS1_TXT_RSA_WITH_SEED_SHA,
+     TLS1_RFC_RSA_WITH_SEED_SHA,
+     TLS1_CK_RSA_WITH_SEED_SHA,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_SEED,
      SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     112,
-     168,
+     128,
+     128,
      },
-
-    /* Cipher C018 */
     {
      1,
-     TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
-     TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
-     SSL_kEECDH,
-     SSL_aNULL,
-     SSL_AES128,
+     TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
+     TLS1_RFC_DHE_DSS_WITH_SEED_SHA,
+     TLS1_CK_DHE_DSS_WITH_SEED_SHA,
+     SSL_kDHE,
+     SSL_aDSS,
+     SSL_SEED,
      SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      128,
      128,
      },
-
-    /* Cipher C019 */
     {
      1,
-     TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
-     TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
-     SSL_kEECDH,
-     SSL_aNULL,
-     SSL_AES256,
+     TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
+     TLS1_RFC_DHE_RSA_WITH_SEED_SHA,
+     TLS1_CK_DHE_RSA_WITH_SEED_SHA,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_SEED,
      SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     256,
-     256,
+     128,
+     128,
      },
-#endif                          /* OPENSSL_NO_ECDH */
-
-#ifndef OPENSSL_NO_SRP
-    /* Cipher C01A */
     {
      1,
-     TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
-     TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
-     SSL_kSRP,
-     SSL_aSRP,
-     SSL_3DES,
+     TLS1_TXT_ADH_WITH_SEED_SHA,
+     TLS1_RFC_ADH_WITH_SEED_SHA,
+     TLS1_CK_ADH_WITH_SEED_SHA,
+     SSL_kDHE,
+     SSL_aNULL,
+     SSL_SEED,
      SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_MEDIUM,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     112,
-     168,
+     128,
+     128,
      },
+#endif                          /* OPENSSL_NO_SEED */
 
-    /* Cipher C01B */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
     {
      1,
-     TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
-     TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
-     SSL_kSRP,
+     SSL3_TXT_RSA_RC4_128_MD5,
+     SSL3_RFC_RSA_RC4_128_MD5,
+     SSL3_CK_RSA_RC4_128_MD5,
+     SSL_kRSA,
      SSL_aRSA,
-     SSL_3DES,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_MEDIUM,
+     SSL_RC4,
+     SSL_MD5,
+     SSL3_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     112,
-     168,
+     128,
+     128,
      },
-
-    /* Cipher C01C */
     {
      1,
-     TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
-     TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
-     SSL_kSRP,
-     SSL_aDSS,
-     SSL_3DES,
+     SSL3_TXT_RSA_RC4_128_SHA,
+     SSL3_RFC_RSA_RC4_128_SHA,
+     SSL3_CK_RSA_RC4_128_SHA,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_RC4,
      SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_MEDIUM,
+     SSL3_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     112,
-     168,
+     128,
+     128,
      },
-
-    /* Cipher C01D */
     {
      1,
-     TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
-     TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
-     SSL_kSRP,
-     SSL_aSRP,
-     SSL_AES128,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
+     SSL3_TXT_ADH_RC4_128_MD5,
+     SSL3_RFC_ADH_RC4_128_MD5,
+     SSL3_CK_ADH_RC4_128_MD5,
+     SSL_kDHE,
+     SSL_aNULL,
+     SSL_RC4,
+     SSL_MD5,
+     SSL3_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      128,
      128,
      },
-
-    /* Cipher C01E */
     {
      1,
-     TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
-     TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
-     SSL_kSRP,
-     SSL_aRSA,
-     SSL_AES128,
+     TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
+     TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA,
+     TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
+     SSL_kECDHEPSK,
+     SSL_aPSK,
+     SSL_RC4,
      SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
+     TLS1_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      128,
      128,
      },
-
-    /* Cipher C01F */
     {
      1,
-     TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
-     TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
-     SSL_kSRP,
-     SSL_aDSS,
-     SSL_AES128,
+     TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
+     TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA,
+     TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
+     SSL_kECDHE,
+     SSL_aNULL,
+     SSL_RC4,
      SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
+     TLS1_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      128,
      128,
      },
-
-    /* Cipher C020 */
     {
      1,
-     TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
-     TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
-     SSL_kSRP,
-     SSL_aSRP,
-     SSL_AES256,
+     TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
+     TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA,
+     TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_RC4,
      SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
+     TLS1_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     256,
-     256,
+     128,
+     128,
      },
-
-    /* Cipher C021 */
     {
      1,
-     TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
-     TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
-     SSL_kSRP,
+     TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
+     TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA,
+     TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
+     SSL_kECDHE,
      SSL_aRSA,
-     SSL_AES256,
+     SSL_RC4,
      SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
+     TLS1_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     256,
-     256,
+     128,
+     128,
      },
-
-    /* Cipher C022 */
     {
      1,
-     TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
-     TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
-     SSL_kSRP,
-     SSL_aDSS,
-     SSL_AES256,
+     TLS1_TXT_PSK_WITH_RC4_128_SHA,
+     TLS1_RFC_PSK_WITH_RC4_128_SHA,
+     TLS1_CK_PSK_WITH_RC4_128_SHA,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_RC4,
      SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
+     SSL3_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     256,
-     256,
+     128,
+     128,
      },
-#endif                          /* OPENSSL_NO_SRP */
-#ifndef OPENSSL_NO_ECDH
-
-    /* HMAC based TLS v1.2 ciphersuites from RFC5289 */
-
-    /* Cipher C023 */
     {
      1,
-     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
-     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
-     SSL_kEECDH,
-     SSL_aECDSA,
-     SSL_AES128,
-     SSL_SHA256,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
+     TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA,
+     TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_RC4,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      128,
      128,
      },
-
-    /* Cipher C024 */
     {
      1,
-     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
-     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
-     SSL_kEECDH,
-     SSL_aECDSA,
-     SSL_AES256,
-     SSL_SHA384,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
-     256,
-     256,
+     TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
+     TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA,
+     TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_RC4,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
      },
+#endif                          /* OPENSSL_NO_WEAK_SSL_CIPHERS */
 
-    /* Cipher C025 */
+#ifndef OPENSSL_NO_ARIA
     {
      1,
-     TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256,
-     TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256,
-     SSL_kECDHe,
-     SSL_aECDH,
-     SSL_AES128,
-     SSL_SHA256,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256,
+     TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256,
+     TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_ARIA128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      128,
      128,
      },
-
-    /* Cipher C026 */
     {
      1,
-     TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384,
-     TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384,
-     SSL_kECDHe,
-     SSL_aECDH,
-     SSL_AES256,
-     SSL_SHA384,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384,
+     TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384,
+     TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_ARIA256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
      256,
      256,
      },
-
-    /* Cipher C027 */
     {
      1,
-     TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
-     TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
-     SSL_kEECDH,
+     TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
+     TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
+     TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
+     SSL_kDHE,
      SSL_aRSA,
-     SSL_AES128,
-     SSL_SHA256,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_ARIA128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      128,
      128,
      },
-
-    /* Cipher C028 */
     {
      1,
-     TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
-     TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
-     SSL_kEECDH,
+     TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
+     TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
+     TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
+     SSL_kDHE,
      SSL_aRSA,
-     SSL_AES256,
-     SSL_SHA384,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_ARIA256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
      256,
      256,
      },
-
-    /* Cipher C029 */
     {
      1,
-     TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256,
-     TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256,
-     SSL_kECDHr,
-     SSL_aECDH,
-     SSL_AES128,
-     SSL_SHA256,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
+     TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
+     TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
+     SSL_kDHE,
+     SSL_aDSS,
+     SSL_ARIA128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      128,
      128,
      },
-
-    /* Cipher C02A */
     {
      1,
-     TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384,
-     TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384,
-     SSL_kECDHr,
-     SSL_aECDH,
-     SSL_AES256,
-     SSL_SHA384,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
+     TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
+     TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
+     SSL_kDHE,
+     SSL_aDSS,
+     SSL_ARIA256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
      256,
      256,
      },
-
-    /* GCM based TLS v1.2 ciphersuites from RFC5289 */
-
-    /* Cipher C02B */
     {
      1,
-     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-     SSL_kEECDH,
+     TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
+     TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
+     TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
+     SSL_kECDHE,
      SSL_aECDSA,
-     SSL_AES128GCM,
+     SSL_ARIA128GCM,
      SSL_AEAD,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      128,
      128,
      },
-
-    /* Cipher C02C */
     {
      1,
-     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-     SSL_kEECDH,
+     TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
+     TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
+     TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
+     SSL_kECDHE,
      SSL_aECDSA,
-     SSL_AES256GCM,
+     SSL_ARIA256GCM,
      SSL_AEAD,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
      256,
      256,
      },
-
-    /* Cipher C02D */
     {
      1,
-     TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
-     TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
-     SSL_kECDHe,
-     SSL_aECDH,
-     SSL_AES128GCM,
+     TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
+     TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
+     TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
+     SSL_kECDHE,
+     SSL_aRSA,
+     SSL_ARIA128GCM,
      SSL_AEAD,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      128,
      128,
      },
-
-    /* Cipher C02E */
     {
      1,
-     TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
-     TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
-     SSL_kECDHe,
-     SSL_aECDH,
-     SSL_AES256GCM,
+     TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
+     TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
+     TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
+     SSL_kECDHE,
+     SSL_aRSA,
+     SSL_ARIA256GCM,
      SSL_AEAD,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
      256,
      256,
      },
-
-    /* Cipher C02F */
     {
      1,
-     TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-     TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-     SSL_kEECDH,
-     SSL_aRSA,
-     SSL_AES128GCM,
+     TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256,
+     TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256,
+     TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_ARIA128GCM,
      SSL_AEAD,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      128,
      128,
      },
-
-    /* Cipher C030 */
     {
      1,
-     TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-     TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-     SSL_kEECDH,
-     SSL_aRSA,
-     SSL_AES256GCM,
+     TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384,
+     TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384,
+     TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_ARIA256GCM,
      SSL_AEAD,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
      256,
      256,
      },
-
-    /* Cipher C031 */
     {
      1,
-     TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256,
-     TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256,
-     SSL_kECDHr,
-     SSL_aECDH,
-     SSL_AES128GCM,
+     TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
+     TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
+     TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_ARIA128GCM,
      SSL_AEAD,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      128,
      128,
      },
-
-    /* Cipher C032 */
     {
      1,
-     TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384,
-     TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384,
-     SSL_kECDHr,
-     SSL_aECDH,
-     SSL_AES256GCM,
+     TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
+     TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
+     TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_ARIA256GCM,
      SSL_AEAD,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
      256,
      256,
      },
-
-#endif                          /* OPENSSL_NO_ECDH */
-
-#ifdef TEMP_GOST_TLS
-/* Cipher FF00 */
     {
      1,
-     "GOST-MD5",
-     0x0300ff00,
-     SSL_kRSA,
+     TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
+     TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
+     TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
+     SSL_kRSAPSK,
      SSL_aRSA,
-     SSL_eGOST2814789CNT,
-     SSL_MD5,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     256,
-     256,
+     SSL_ARIA128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
      },
     {
      1,
-     "GOST-GOST94",
-     0x0300ff01,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_eGOST2814789CNT,
-     SSL_GOST94,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     256,
-     256},
-    {
-     1,
-     "GOST-GOST89MAC",
-     0x0300ff02,
-     SSL_kRSA,
+     TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
+     TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
+     TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
+     SSL_kRSAPSK,
      SSL_aRSA,
-     SSL_eGOST2814789CNT,
-     SSL_GOST89MAC,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     SSL_ARIA256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
      256,
-     256},
-    {
-     1,
-     "GOST-GOST89STREAM",
-     0x0300ff03,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_eGOST2814789CNT,
-     SSL_GOST89MAC,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF | TLS1_STREAM_MAC,
      256,
-     256},
-#endif
+     },
+#endif /* OPENSSL_NO_ARIA */
+};
 
-/* end of list */
+/*
+ * The list of known Signalling Cipher-Suite Value "ciphers", non-valid
+ * values stuffed into the ciphers field of the wire protocol for signalling
+ * purposes.
+ */
+static SSL_CIPHER ssl3_scsvs[] = {
+    {
+     0,
+     "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
+     "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
+     SSL3_CK_SCSV,
+     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    },
+    {
+     0,
+     "TLS_FALLBACK_SCSV",
+     "TLS_FALLBACK_SCSV",
+     SSL3_CK_FALLBACK_SCSV,
+     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    },
 };
 
-SSL3_ENC_METHOD SSLv3_enc_data = {
+static int cipher_compare(const void *a, const void *b)
+{
+    const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
+    const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
+
+    if (ap->id == bp->id)
+        return 0;
+    return ap->id < bp->id ? -1 : 1;
+}
+
+void ssl_sort_cipher_list(void)
+{
+    qsort(tls13_ciphers, TLS13_NUM_CIPHERS, sizeof(tls13_ciphers[0]),
+          cipher_compare);
+    qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(ssl3_ciphers[0]),
+          cipher_compare);
+    qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof(ssl3_scsvs[0]), cipher_compare);
+}
+
+static int ssl_undefined_function_1(SSL *ssl, unsigned char *r, size_t s,
+                                    const char * t, size_t u,
+                                    const unsigned char * v, size_t w, int x)
+{
+    (void)r;
+    (void)s;
+    (void)t;
+    (void)u;
+    (void)v;
+    (void)w;
+    (void)x;
+    return ssl_undefined_function(ssl);
+}
+
+const SSL3_ENC_METHOD SSLv3_enc_data = {
     ssl3_enc,
     n_ssl3_mac,
     ssl3_setup_key_block,
     ssl3_generate_master_secret,
     ssl3_change_cipher_state,
     ssl3_final_finish_mac,
-    MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
-    ssl3_cert_verify_mac,
     SSL3_MD_CLIENT_FINISHED_CONST, 4,
     SSL3_MD_SERVER_FINISHED_CONST, 4,
     ssl3_alert_code,
-    (int (*)(SSL *, unsigned char *, size_t, const char *,
-             size_t, const unsigned char *, size_t,
-             int use_context))ssl_undefined_function,
+    ssl_undefined_function_1,
     0,
-    SSL3_HM_HEADER_LENGTH,
     ssl3_set_handshake_header,
+    tls_close_construct_packet,
     ssl3_handshake_write
 };
 
@@ -2982,33 +3261,29 @@ long ssl3_default_timeout(void)
 
 int ssl3_num_ciphers(void)
 {
-    return (SSL3_NUM_CIPHERS);
+    return SSL3_NUM_CIPHERS;
 }
 
 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
 {
     if (u < SSL3_NUM_CIPHERS)
-        return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]));
+        return &(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]);
     else
-        return (NULL);
+        return NULL;
 }
 
-int ssl3_pending(const SSL *s)
+int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype)
 {
-    if (s->rstate == SSL_ST_READ_BODY)
-        return 0;
+    /* No header in the event of a CCS */
+    if (htype == SSL3_MT_CHANGE_CIPHER_SPEC)
+        return 1;
 
-    return (s->s3->rrec.type ==
-            SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
-}
+    /* Set the content type and 3 bytes for the message len */
+    if (!WPACKET_put_bytes_u8(pkt, htype)
+            || !WPACKET_start_sub_packet_u24(pkt))
+        return 0;
 
-void ssl3_set_handshake_header(SSL *s, int htype, unsigned long len)
-{
-    unsigned char *p = (unsigned char *)s->init_buf->data;
-    *(p++) = htype;
-    l2n3(len, p);
-    s->init_num = (int)len + SSL3_HM_HEADER_LENGTH;
-    s->init_off = 0;
+    return 1;
 }
 
 int ssl3_handshake_write(SSL *s)
@@ -3020,21 +3295,21 @@ int ssl3_new(SSL *s)
 {
     SSL3_STATE *s3;
 
-    if ((s3 = OPENSSL_malloc(sizeof(*s3))) == NULL)
+    if ((s3 = OPENSSL_zalloc(sizeof(*s3))) == NULL)
         goto err;
-    memset(s3, 0, sizeof(*s3));
-    memset(s3->rrec.seq_num, 0, sizeof(s3->rrec.seq_num));
-    memset(s3->wrec.seq_num, 0, sizeof(s3->wrec.seq_num));
-
     s->s3 = s3;
 
 #ifndef OPENSSL_NO_SRP
-    SSL_SRP_CTX_init(s);
+    if (!SSL_SRP_CTX_init(s))
+        goto err;
 #endif
-    s->method->ssl_clear(s);
-    return (1);
+
+    if (!s->method->ssl_clear(s))
+        return 0;
+
+    return 1;
  err:
-    return (0);
+    return 0;
 }
 
 void ssl3_free(SSL *s)
@@ -3042,167 +3317,83 @@ void ssl3_free(SSL *s)
     if (s == NULL || s->s3 == NULL)
         return;
 
-#ifdef TLSEXT_TYPE_opaque_prf_input
-    if (s->s3->client_opaque_prf_input != NULL)
-        OPENSSL_free(s->s3->client_opaque_prf_input);
-    if (s->s3->server_opaque_prf_input != NULL)
-        OPENSSL_free(s->s3->server_opaque_prf_input);
-#endif
-
     ssl3_cleanup_key_block(s);
-    if (s->s3->rbuf.buf != NULL)
-        ssl3_release_read_buffer(s);
-    if (s->s3->wbuf.buf != NULL)
-        ssl3_release_write_buffer(s);
-    if (s->s3->rrec.comp != NULL)
-        OPENSSL_free(s->s3->rrec.comp);
-#ifndef OPENSSL_NO_DH
-    if (s->s3->tmp.dh != NULL)
-        DH_free(s->s3->tmp.dh);
-#endif
-#ifndef OPENSSL_NO_ECDH
-    if (s->s3->tmp.ecdh != NULL)
-        EC_KEY_free(s->s3->tmp.ecdh);
-#endif
 
-    if (s->s3->tmp.ca_names != NULL)
-        sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
-    if (s->s3->handshake_buffer) {
-        BIO_free(s->s3->handshake_buffer);
-    }
-    if (s->s3->handshake_dgst)
-        ssl3_free_digest_list(s);
-#ifndef OPENSSL_NO_TLSEXT
-    if (s->s3->alpn_selected)
-        OPENSSL_free(s->s3->alpn_selected);
+#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
+    EVP_PKEY_free(s->s3->peer_tmp);
+    s->s3->peer_tmp = NULL;
+    EVP_PKEY_free(s->s3->tmp.pkey);
+    s->s3->tmp.pkey = NULL;
 #endif
 
+    OPENSSL_free(s->s3->tmp.ctype);
+    sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
+    OPENSSL_free(s->s3->tmp.ciphers_raw);
+    OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
+    OPENSSL_free(s->s3->tmp.peer_sigalgs);
+    OPENSSL_free(s->s3->tmp.peer_cert_sigalgs);
+    ssl3_free_digest_list(s);
+    OPENSSL_free(s->s3->alpn_selected);
+    OPENSSL_free(s->s3->alpn_proposed);
+
 #ifndef OPENSSL_NO_SRP
     SSL_SRP_CTX_free(s);
 #endif
-    OPENSSL_cleanse(s->s3, sizeof(*s->s3));
-    OPENSSL_free(s->s3);
+    OPENSSL_clear_free(s->s3, sizeof(*s->s3));
     s->s3 = NULL;
 }
 
-void ssl3_clear(SSL *s)
+int ssl3_clear(SSL *s)
 {
-    unsigned char *rp, *wp;
-    size_t rlen, wlen;
-    int init_extra;
-
-#ifdef TLSEXT_TYPE_opaque_prf_input
-    if (s->s3->client_opaque_prf_input != NULL)
-        OPENSSL_free(s->s3->client_opaque_prf_input);
-    s->s3->client_opaque_prf_input = NULL;
-    if (s->s3->server_opaque_prf_input != NULL)
-        OPENSSL_free(s->s3->server_opaque_prf_input);
-    s->s3->server_opaque_prf_input = NULL;
-#endif
-
     ssl3_cleanup_key_block(s);
-    if (s->s3->tmp.ca_names != NULL)
-        sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
+    OPENSSL_free(s->s3->tmp.ctype);
+    sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
+    OPENSSL_free(s->s3->tmp.ciphers_raw);
+    OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
+    OPENSSL_free(s->s3->tmp.peer_sigalgs);
+    OPENSSL_free(s->s3->tmp.peer_cert_sigalgs);
 
-    if (s->s3->rrec.comp != NULL) {
-        OPENSSL_free(s->s3->rrec.comp);
-        s->s3->rrec.comp = NULL;
-    }
-#ifndef OPENSSL_NO_DH
-    if (s->s3->tmp.dh != NULL) {
-        DH_free(s->s3->tmp.dh);
-        s->s3->tmp.dh = NULL;
-    }
-#endif
-#ifndef OPENSSL_NO_ECDH
-    if (s->s3->tmp.ecdh != NULL) {
-        EC_KEY_free(s->s3->tmp.ecdh);
-        s->s3->tmp.ecdh = NULL;
-    }
-#endif
-#ifndef OPENSSL_NO_TLSEXT
-# ifndef OPENSSL_NO_EC
-    s->s3->is_probably_safari = 0;
-# endif                         /* !OPENSSL_NO_EC */
-#endif                          /* !OPENSSL_NO_TLSEXT */
-
-    rp = s->s3->rbuf.buf;
-    wp = s->s3->wbuf.buf;
-    rlen = s->s3->rbuf.len;
-    wlen = s->s3->wbuf.len;
-    init_extra = s->s3->init_extra;
-    if (s->s3->handshake_buffer) {
-        BIO_free(s->s3->handshake_buffer);
-        s->s3->handshake_buffer = NULL;
-    }
-    if (s->s3->handshake_dgst) {
-        ssl3_free_digest_list(s);
-    }
-#if !defined(OPENSSL_NO_TLSEXT)
-    if (s->s3->alpn_selected) {
-        OPENSSL_free(s->s3->alpn_selected);
-        s->s3->alpn_selected = NULL;
-    }
-#endif
+#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
+    EVP_PKEY_free(s->s3->tmp.pkey);
+    EVP_PKEY_free(s->s3->peer_tmp);
+#endif                          /* !OPENSSL_NO_EC */
+
+    ssl3_free_digest_list(s);
+
+    OPENSSL_free(s->s3->alpn_selected);
+    OPENSSL_free(s->s3->alpn_proposed);
+
+    /* NULL/zero-out everything in the s3 struct */
     memset(s->s3, 0, sizeof(*s->s3));
-    s->s3->rbuf.buf = rp;
-    s->s3->wbuf.buf = wp;
-    s->s3->rbuf.len = rlen;
-    s->s3->wbuf.len = wlen;
-    s->s3->init_extra = init_extra;
-
-    ssl_free_wbio_buffer(s);
-
-    s->packet_length = 0;
-    s->s3->renegotiate = 0;
-    s->s3->total_renegotiations = 0;
-    s->s3->num_renegotiations = 0;
-    s->s3->in_read_app_data = 0;
+
+    if (!ssl_free_wbio_buffer(s))
+        return 0;
+
     s->version = SSL3_VERSION;
 
-#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
-    if (s->next_proto_negotiated) {
-        OPENSSL_free(s->next_proto_negotiated);
-        s->next_proto_negotiated = NULL;
-        s->next_proto_negotiated_len = 0;
-    }
+#if !defined(OPENSSL_NO_NEXTPROTONEG)
+    OPENSSL_free(s->ext.npn);
+    s->ext.npn = NULL;
+    s->ext.npn_len = 0;
 #endif
+
+    return 1;
 }
 
 #ifndef OPENSSL_NO_SRP
-static char *MS_CALLBACK srp_password_from_info_cb(SSL *s, void *arg)
+static char *srp_password_from_info_cb(SSL *s, void *arg)
 {
-    return BUF_strdup(s->srp_ctx.info);
+    return OPENSSL_strdup(s->srp_ctx.info);
 }
 #endif
 
-static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p,
-                                  size_t len);
+static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
 
 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
 {
     int ret = 0;
 
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
-    if (
-# ifndef OPENSSL_NO_RSA
-           cmd == SSL_CTRL_SET_TMP_RSA || cmd == SSL_CTRL_SET_TMP_RSA_CB ||
-# endif
-# ifndef OPENSSL_NO_DSA
-           cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB ||
-# endif
-           0) {
-        if (!ssl_cert_inst(&s->cert)) {
-            SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
-            return (0);
-        }
-    }
-#endif
-
     switch (cmd) {
-    case SSL_CTRL_GET_SESSION_REUSED:
-        ret = s->hit;
-        break;
     case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
         break;
     case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
@@ -3218,105 +3409,79 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
     case SSL_CTRL_GET_FLAGS:
         ret = (int)(s->s3->flags);
         break;
-#ifndef OPENSSL_NO_RSA
-    case SSL_CTRL_NEED_TMP_RSA:
-        if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
-            ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
-             (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) >
-              (512 / 8))))
-            ret = 1;
-        break;
-    case SSL_CTRL_SET_TMP_RSA:
-        {
-            RSA *rsa = (RSA *)parg;
-            if (rsa == NULL) {
-                SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
-                return (ret);
-            }
-            if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) {
-                SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);
-                return (ret);
-            }
-            if (s->cert->rsa_tmp != NULL)
-                RSA_free(s->cert->rsa_tmp);
-            s->cert->rsa_tmp = rsa;
-            ret = 1;
-        }
-        break;
-    case SSL_CTRL_SET_TMP_RSA_CB:
-        {
-            SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-            return (ret);
-        }
-        break;
-#endif
 #ifndef OPENSSL_NO_DH
     case SSL_CTRL_SET_TMP_DH:
         {
             DH *dh = (DH *)parg;
+            EVP_PKEY *pkdh = NULL;
             if (dh == NULL) {
                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
-                return (ret);
+                return ret;
             }
-            if ((dh = DHparams_dup(dh)) == NULL) {
-                SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
-                return (ret);
+            pkdh = ssl_dh_to_pkey(dh);
+            if (pkdh == NULL) {
+                SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
+                return 0;
             }
-            if (s->cert->dh_tmp != NULL)
-                DH_free(s->cert->dh_tmp);
-            s->cert->dh_tmp = dh;
+            if (!ssl_security(s, SSL_SECOP_TMP_DH,
+                              EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
+                SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL);
+                EVP_PKEY_free(pkdh);
+                return ret;
+            }
+            EVP_PKEY_free(s->cert->dh_tmp);
+            s->cert->dh_tmp = pkdh;
             ret = 1;
         }
         break;
     case SSL_CTRL_SET_TMP_DH_CB:
         {
             SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-            return (ret);
+            return ret;
         }
-        break;
+    case SSL_CTRL_SET_DH_AUTO:
+        s->cert->dh_tmp_auto = larg;
+        return 1;
 #endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     case SSL_CTRL_SET_TMP_ECDH:
         {
-            EC_KEY *ecdh = NULL;
+            const EC_GROUP *group = NULL;
+            int nid;
 
             if (parg == NULL) {
                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
-                return (ret);
-            }
-            if (!EC_KEY_up_ref((EC_KEY *)parg)) {
-                SSLerr(SSL_F_SSL3_CTRL, ERR_R_ECDH_LIB);
-                return (ret);
+                return 0;
             }
-            ecdh = (EC_KEY *)parg;
-            if (!(s->options & SSL_OP_SINGLE_ECDH_USE)) {
-                if (!EC_KEY_generate_key(ecdh)) {
-                    EC_KEY_free(ecdh);
-                    SSLerr(SSL_F_SSL3_CTRL, ERR_R_ECDH_LIB);
-                    return (ret);
-                }
+            group = EC_KEY_get0_group((const EC_KEY *)parg);
+            if (group == NULL) {
+                SSLerr(SSL_F_SSL3_CTRL, EC_R_MISSING_PARAMETERS);
+                return 0;
             }
-            if (s->cert->ecdh_tmp != NULL)
-                EC_KEY_free(s->cert->ecdh_tmp);
-            s->cert->ecdh_tmp = ecdh;
-            ret = 1;
-        }
-        break;
-    case SSL_CTRL_SET_TMP_ECDH_CB:
-        {
-            SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-            return (ret);
+            nid = EC_GROUP_get_curve_name(group);
+            if (nid == NID_undef)
+                return 0;
+            return tls1_set_groups(&s->ext.supportedgroups,
+                                   &s->ext.supportedgroups_len,
+                                   &nid, 1);
         }
         break;
-#endif                          /* !OPENSSL_NO_ECDH */
-#ifndef OPENSSL_NO_TLSEXT
+#endif                          /* !OPENSSL_NO_EC */
     case SSL_CTRL_SET_TLSEXT_HOSTNAME:
+        /*
+         * TODO(OpenSSL1.2)
+         * This API is only used for a client to set what SNI it will request
+         * from the server, but we currently allow it to be used on servers
+         * as well, which is a programming error.  Currently we just clear
+         * the field in SSL_do_handshake() for server SSLs, but when we can
+         * make ABI-breaking changes, we may want to make use of this API
+         * an error on server SSLs.
+         */
         if (larg == TLSEXT_NAMETYPE_host_name) {
             size_t len;
 
-            if (s->tlsext_hostname != NULL)
-                OPENSSL_free(s->tlsext_hostname);
-            s->tlsext_hostname = NULL;
+            OPENSSL_free(s->ext.hostname);
+            s->ext.hostname = NULL;
 
             ret = 1;
             if (parg == NULL)
@@ -3326,7 +3491,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
                 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
                 return 0;
             }
-            if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL) {
+            if ((s->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
                 return 0;
             }
@@ -3336,105 +3501,71 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
         }
         break;
     case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
-        s->tlsext_debug_arg = parg;
+        s->ext.debug_arg = parg;
         ret = 1;
         break;
 
-# ifdef TLSEXT_TYPE_opaque_prf_input
-    case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT:
-        if (larg > 12288) {     /* actual internal limit is 2^16 for the
-                                 * complete hello message * (including the
-                                 * cert chain and everything) */
-            SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG);
-            break;
-        }
-        if (s->tlsext_opaque_prf_input != NULL)
-            OPENSSL_free(s->tlsext_opaque_prf_input);
-        if ((size_t)larg == 0)
-            s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte
-                                                             * just to get
-                                                             * non-NULL */
-        else
-            s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg);
-        if (s->tlsext_opaque_prf_input != NULL) {
-            s->tlsext_opaque_prf_input_len = (size_t)larg;
-            ret = 1;
-        } else
-            s->tlsext_opaque_prf_input_len = 0;
+    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
+        ret = s->ext.status_type;
         break;
-# endif
 
     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
-        s->tlsext_status_type = larg;
+        s->ext.status_type = larg;
         ret = 1;
         break;
 
     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
-        *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts;
+        *(STACK_OF(X509_EXTENSION) **)parg = s->ext.ocsp.exts;
         ret = 1;
         break;
 
     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
-        s->tlsext_ocsp_exts = parg;
+        s->ext.ocsp.exts = parg;
         ret = 1;
         break;
 
     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
-        *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids;
+        *(STACK_OF(OCSP_RESPID) **)parg = s->ext.ocsp.ids;
         ret = 1;
         break;
 
     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
-        s->tlsext_ocsp_ids = parg;
+        s->ext.ocsp.ids = parg;
         ret = 1;
         break;
 
     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
-        *(unsigned char **)parg = s->tlsext_ocsp_resp;
-        return s->tlsext_ocsp_resplen;
+        *(unsigned char **)parg = s->ext.ocsp.resp;
+        if (s->ext.ocsp.resp_len == 0
+                || s->ext.ocsp.resp_len > LONG_MAX)
+            return -1;
+        return (long)s->ext.ocsp.resp_len;
 
     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
-        if (s->tlsext_ocsp_resp)
-            OPENSSL_free(s->tlsext_ocsp_resp);
-        s->tlsext_ocsp_resp = parg;
-        s->tlsext_ocsp_resplen = larg;
+        OPENSSL_free(s->ext.ocsp.resp);
+        s->ext.ocsp.resp = parg;
+        s->ext.ocsp.resp_len = larg;
         ret = 1;
         break;
 
-# ifndef OPENSSL_NO_HEARTBEATS
-    case SSL_CTRL_TLS_EXT_SEND_HEARTBEAT:
-        if (SSL_IS_DTLS(s))
-            ret = dtls1_heartbeat(s);
-        else
-            ret = tls1_heartbeat(s);
+#ifndef OPENSSL_NO_HEARTBEATS
+    case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT:
+    case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING:
+    case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS:
         break;
-
-    case SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING:
-        ret = s->tlsext_hb_pending;
-        break;
-
-    case SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS:
-        if (larg)
-            s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_RECV_REQUESTS;
-        else
-            s->tlsext_heartbeat &= ~SSL_TLSEXT_HB_DONT_RECV_REQUESTS;
-        ret = 1;
-        break;
-# endif
-
-#endif                          /* !OPENSSL_NO_TLSEXT */
+#endif
 
     case SSL_CTRL_CHAIN:
         if (larg)
-            return ssl_cert_set1_chain(s->cert, (STACK_OF(X509) *)parg);
+            return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
         else
-            return ssl_cert_set0_chain(s->cert, (STACK_OF(X509) *)parg);
+            return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg);
 
     case SSL_CTRL_CHAIN_CERT:
         if (larg)
-            return ssl_cert_add1_chain_cert(s->cert, (X509 *)parg);
+            return ssl_cert_add1_chain_cert(s, NULL, (X509 *)parg);
         else
-            return ssl_cert_add0_chain_cert(s->cert, (X509 *)parg);
+            return ssl_cert_add0_chain_cert(s, NULL, (X509 *)parg);
 
     case SSL_CTRL_GET_CHAIN_CERTS:
         *(STACK_OF(X509) **)parg = s->cert->key->chain;
@@ -3445,12 +3576,11 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
 
     case SSL_CTRL_SET_CURRENT_CERT:
         if (larg == SSL_CERT_SET_SERVER) {
-            CERT_PKEY *cpk;
             const SSL_CIPHER *cipher;
             if (!s->server)
                 return 0;
             cipher = s->s3->tmp.new_cipher;
-            if (!cipher)
+            if (cipher == NULL)
                 return 0;
             /*
              * No certificate for unauthenticated ciphersuites or using SRP
@@ -3458,57 +3588,58 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
              */
             if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
                 return 2;
-            cpk = ssl_get_server_send_pkey(s);
-            if (!cpk)
+            if (s->s3->tmp.cert == NULL)
                 return 0;
-            s->cert->key = cpk;
+            s->cert->key = s->s3->tmp.cert;
             return 1;
         }
         return ssl_cert_set_current(s->cert, larg);
 
 #ifndef OPENSSL_NO_EC
-    case SSL_CTRL_GET_CURVES:
+    case SSL_CTRL_GET_GROUPS:
         {
-            unsigned char *clist;
+            uint16_t *clist;
             size_t clistlen;
+
             if (!s->session)
                 return 0;
-            clist = s->session->tlsext_ellipticcurvelist;
-            clistlen = s->session->tlsext_ellipticcurvelist_length / 2;
+            clist = s->session->ext.supportedgroups;
+            clistlen = s->session->ext.supportedgroups_len;
             if (parg) {
                 size_t i;
                 int *cptr = parg;
-                unsigned int cid, nid;
+
                 for (i = 0; i < clistlen; i++) {
-                    n2s(clist, cid);
-                    nid = tls1_ec_curve_id2nid(cid);
-                    if (nid != 0)
-                        cptr[i] = nid;
+                    const TLS_GROUP_INFO *cinf = tls1_group_id_lookup(clist[i]);
+
+                    if (cinf != NULL)
+                        cptr[i] = cinf->nid;
                     else
-                        cptr[i] = TLSEXT_nid_unknown | cid;
+                        cptr[i] = TLSEXT_nid_unknown | clist[i];
                 }
             }
             return (int)clistlen;
         }
 
-    case SSL_CTRL_SET_CURVES:
-        return tls1_set_curves(&s->tlsext_ellipticcurvelist,
-                               &s->tlsext_ellipticcurvelist_length,
-                               parg, larg);
+    case SSL_CTRL_SET_GROUPS:
+        return tls1_set_groups(&s->ext.supportedgroups,
+                               &s->ext.supportedgroups_len, parg, larg);
 
-    case SSL_CTRL_SET_CURVES_LIST:
-        return tls1_set_curves_list(&s->tlsext_ellipticcurvelist,
-                                    &s->tlsext_ellipticcurvelist_length,
-                                    parg);
+    case SSL_CTRL_SET_GROUPS_LIST:
+        return tls1_set_groups_list(&s->ext.supportedgroups,
+                                    &s->ext.supportedgroups_len, parg);
 
-    case SSL_CTRL_GET_SHARED_CURVE:
-        return tls1_shared_curve(s, larg);
+    case SSL_CTRL_GET_SHARED_GROUP:
+        {
+            uint16_t id = tls1_shared_group(s, larg);
 
-# ifndef OPENSSL_NO_ECDH
-    case SSL_CTRL_SET_ECDH_AUTO:
-        s->cert->ecdh_tmp_auto = larg;
-        return 1;
-# endif
+            if (larg != -1) {
+                const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
+
+                return ginf == NULL ? 0 : ginf->nid;
+            }
+            return id;
+        }
 #endif
     case SSL_CTRL_SET_SIGALGS:
         return tls1_set_sigalgs(s->cert, parg, larg, 0);
@@ -3527,14 +3658,9 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
             const unsigned char **pctype = parg;
             if (s->server || !s->s3->tmp.cert_req)
                 return 0;
-            if (s->cert->ctypes) {
-                if (pctype)
-                    *pctype = s->cert->ctypes;
-                return (int)s->cert->ctype_num;
-            }
             if (pctype)
-                *pctype = (unsigned char *)s->s3->tmp.ctype;
-            return s->s3->tmp.ctype_num;
+                *pctype = s->s3->tmp.ctype;
+            return s->s3->tmp.ctype_len;
         }
 
     case SSL_CTRL_SET_CLIENT_CERT_TYPES:
@@ -3543,7 +3669,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
         return ssl3_set_req_cert_type(s->cert, parg, larg);
 
     case SSL_CTRL_BUILD_CERT_CHAIN:
-        return ssl_build_cert_chain(s->cert, s->ctx->cert_store, larg);
+        return ssl_build_cert_chain(s, NULL, larg);
 
     case SSL_CTRL_SET_VERIFY_CERT_STORE:
         return ssl_cert_set_cert_store(s->cert, parg, 0, larg);
@@ -3552,131 +3678,47 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
         return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
 
     case SSL_CTRL_GET_PEER_SIGNATURE_NID:
-        if (SSL_USE_SIGALGS(s)) {
-            if (s->session && s->session->sess_cert) {
-                const EVP_MD *sig;
-                sig = s->session->sess_cert->peer_key->digest;
-                if (sig) {
-                    *(int *)parg = EVP_MD_type(sig);
-                    return 1;
-                }
-            }
-            return 0;
-        }
-        /* Might want to do something here for other versions */
-        else
+        if (s->s3->tmp.peer_sigalg == NULL)
             return 0;
+        *(int *)parg = s->s3->tmp.peer_sigalg->hash;
+        return 1;
 
     case SSL_CTRL_GET_SERVER_TMP_KEY:
-        if (s->server || !s->session || !s->session->sess_cert)
-            return 0;
-        else {
-            SESS_CERT *sc;
-            EVP_PKEY *ptmp;
-            int rv = 0;
-            sc = s->session->sess_cert;
-#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_ECDH)
-            if (!sc->peer_rsa_tmp && !sc->peer_dh_tmp && !sc->peer_ecdh_tmp)
-                return 0;
-#endif
-            ptmp = EVP_PKEY_new();
-            if (!ptmp)
-                return 0;
-            if (0) ;
-#ifndef OPENSSL_NO_RSA
-            else if (sc->peer_rsa_tmp)
-                rv = EVP_PKEY_set1_RSA(ptmp, sc->peer_rsa_tmp);
-#endif
-#ifndef OPENSSL_NO_DH
-            else if (sc->peer_dh_tmp)
-                rv = EVP_PKEY_set1_DH(ptmp, sc->peer_dh_tmp);
-#endif
-#ifndef OPENSSL_NO_ECDH
-            else if (sc->peer_ecdh_tmp)
-                rv = EVP_PKEY_set1_EC_KEY(ptmp, sc->peer_ecdh_tmp);
-#endif
-            if (rv) {
-                *(EVP_PKEY **)parg = ptmp;
-                return 1;
-            }
-            EVP_PKEY_free(ptmp);
+#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
+        if (s->server || s->session == NULL || s->s3->peer_tmp == NULL) {
             return 0;
+        } else {
+            EVP_PKEY_up_ref(s->s3->peer_tmp);
+            *(EVP_PKEY **)parg = s->s3->peer_tmp;
+            return 1;
         }
+#else
+        return 0;
+#endif
 #ifndef OPENSSL_NO_EC
     case SSL_CTRL_GET_EC_POINT_FORMATS:
         {
             SSL_SESSION *sess = s->session;
             const unsigned char **pformat = parg;
-            if (!sess || !sess->tlsext_ecpointformatlist)
+
+            if (sess == NULL || sess->ext.ecpointformats == NULL)
                 return 0;
-            *pformat = sess->tlsext_ecpointformatlist;
-            return (int)sess->tlsext_ecpointformatlist_length;
+            *pformat = sess->ext.ecpointformats;
+            return (int)sess->ext.ecpointformats_len;
         }
 #endif
 
-    case SSL_CTRL_CHECK_PROTO_VERSION:
-        /*
-         * For library-internal use; checks that the current protocol is the
-         * highest enabled version (according to s->ctx->method, as version
-         * negotiation may have changed s->method).
-         */
-        if (s->version == s->ctx->method->version)
-            return 1;
-        /*
-         * Apparently we're using a version-flexible SSL_METHOD (not at its
-         * highest protocol version).
-         */
-        if (s->ctx->method->version == SSLv23_method()->version) {
-#if TLS_MAX_VERSION != TLS1_2_VERSION
-# error Code needs update for SSLv23_method() support beyond TLS1_2_VERSION.
-#endif
-            if (!(s->options & SSL_OP_NO_TLSv1_2))
-                return s->version == TLS1_2_VERSION;
-            if (!(s->options & SSL_OP_NO_TLSv1_1))
-                return s->version == TLS1_1_VERSION;
-            if (!(s->options & SSL_OP_NO_TLSv1))
-                return s->version == TLS1_VERSION;
-            if (!(s->options & SSL_OP_NO_SSLv3))
-                return s->version == SSL3_VERSION;
-            if (!(s->options & SSL_OP_NO_SSLv2))
-                return s->version == SSL2_VERSION;
-        }
-        return 0;               /* Unexpected state; fail closed. */
-
     default:
         break;
     }
-    return (ret);
+    return ret;
 }
 
 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
 {
     int ret = 0;
 
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
-    if (
-# ifndef OPENSSL_NO_RSA
-           cmd == SSL_CTRL_SET_TMP_RSA_CB ||
-# endif
-# ifndef OPENSSL_NO_DSA
-           cmd == SSL_CTRL_SET_TMP_DH_CB ||
-# endif
-           0) {
-        if (!ssl_cert_inst(&s->cert)) {
-            SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE);
-            return (0);
-        }
-    }
-#endif
-
     switch (cmd) {
-#ifndef OPENSSL_NO_RSA
-    case SSL_CTRL_SET_TMP_RSA_CB:
-        {
-            s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
-        }
-        break;
-#endif
 #ifndef OPENSSL_NO_DH
     case SSL_CTRL_SET_TMP_DH_CB:
         {
@@ -3684,186 +3726,152 @@ long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
         }
         break;
 #endif
-#ifndef OPENSSL_NO_ECDH
-    case SSL_CTRL_SET_TMP_ECDH_CB:
+    case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
+        s->ext.debug_cb = (void (*)(SSL *, int, int,
+                                    const unsigned char *, int, void *))fp;
+        break;
+
+    case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
         {
-            s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
+            s->not_resumable_session_cb = (int (*)(SSL *, int))fp;
         }
         break;
-#endif
-#ifndef OPENSSL_NO_TLSEXT
-    case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
-        s->tlsext_debug_cb = (void (*)(SSL *, int, int,
-                                       unsigned char *, int, void *))fp;
-        break;
-#endif
     default:
         break;
     }
-    return (ret);
+    return ret;
 }
 
 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
 {
-    CERT *cert;
-
-    cert = ctx->cert;
-
     switch (cmd) {
-#ifndef OPENSSL_NO_RSA
-    case SSL_CTRL_NEED_TMP_RSA:
-        if ((cert->rsa_tmp == NULL) &&
-            ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
-             (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) >
-              (512 / 8)))
-            )
-            return (1);
-        else
-            return (0);
-        /* break; */
-    case SSL_CTRL_SET_TMP_RSA:
-        {
-            RSA *rsa;
-            int i;
-
-            rsa = (RSA *)parg;
-            i = 1;
-            if (rsa == NULL)
-                i = 0;
-            else {
-                if ((rsa = RSAPrivateKey_dup(rsa)) == NULL)
-                    i = 0;
-            }
-            if (!i) {
-                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_RSA_LIB);
-                return (0);
-            } else {
-                if (cert->rsa_tmp != NULL)
-                    RSA_free(cert->rsa_tmp);
-                cert->rsa_tmp = rsa;
-                return (1);
-            }
-        }
-        /* break; */
-    case SSL_CTRL_SET_TMP_RSA_CB:
-        {
-            SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-            return (0);
-        }
-        break;
-#endif
 #ifndef OPENSSL_NO_DH
     case SSL_CTRL_SET_TMP_DH:
         {
-            DH *new = NULL, *dh;
-
-            dh = (DH *)parg;
-            if ((new = DHparams_dup(dh)) == NULL) {
-                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB);
+            DH *dh = (DH *)parg;
+            EVP_PKEY *pkdh = NULL;
+            if (dh == NULL) {
+                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
                 return 0;
             }
-            if (cert->dh_tmp != NULL)
-                DH_free(cert->dh_tmp);
-            cert->dh_tmp = new;
+            pkdh = ssl_dh_to_pkey(dh);
+            if (pkdh == NULL) {
+                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+            if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
+                                  EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
+                SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
+                EVP_PKEY_free(pkdh);
+                return 1;
+            }
+            EVP_PKEY_free(ctx->cert->dh_tmp);
+            ctx->cert->dh_tmp = pkdh;
             return 1;
         }
-        /*
-         * break;
-         */
     case SSL_CTRL_SET_TMP_DH_CB:
         {
             SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-            return (0);
+            return 0;
         }
-        break;
+    case SSL_CTRL_SET_DH_AUTO:
+        ctx->cert->dh_tmp_auto = larg;
+        return 1;
 #endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     case SSL_CTRL_SET_TMP_ECDH:
         {
-            EC_KEY *ecdh = NULL;
+            const EC_GROUP *group = NULL;
+            int nid;
 
             if (parg == NULL) {
-                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_ECDH_LIB);
+                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
                 return 0;
             }
-            ecdh = EC_KEY_dup((EC_KEY *)parg);
-            if (ecdh == NULL) {
-                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_EC_LIB);
+            group = EC_KEY_get0_group((const EC_KEY *)parg);
+            if (group == NULL) {
+                SSLerr(SSL_F_SSL3_CTX_CTRL, EC_R_MISSING_PARAMETERS);
                 return 0;
             }
-            if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE)) {
-                if (!EC_KEY_generate_key(ecdh)) {
-                    EC_KEY_free(ecdh);
-                    SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_ECDH_LIB);
-                    return 0;
-                }
-            }
-
-            if (cert->ecdh_tmp != NULL) {
-                EC_KEY_free(cert->ecdh_tmp);
-            }
-            cert->ecdh_tmp = ecdh;
-            return 1;
-        }
-        /* break; */
-    case SSL_CTRL_SET_TMP_ECDH_CB:
-        {
-            SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-            return (0);
+            nid = EC_GROUP_get_curve_name(group);
+            if (nid == NID_undef)
+                return 0;
+            return tls1_set_groups(&ctx->ext.supportedgroups,
+                                   &ctx->ext.supportedgroups_len,
+                                   &nid, 1);
         }
-        break;
-#endif                          /* !OPENSSL_NO_ECDH */
-#ifndef OPENSSL_NO_TLSEXT
+#endif                          /* !OPENSSL_NO_EC */
     case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
-        ctx->tlsext_servername_arg = parg;
+        ctx->ext.servername_arg = parg;
         break;
     case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
     case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
         {
             unsigned char *keys = parg;
-            if (!keys)
-                return 48;
-            if (larg != 48) {
+            long tick_keylen = (sizeof(ctx->ext.tick_key_name) +
+                                sizeof(ctx->ext.secure->tick_hmac_key) +
+                                sizeof(ctx->ext.secure->tick_aes_key));
+            if (keys == NULL)
+                return tick_keylen;
+            if (larg != tick_keylen) {
                 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
                 return 0;
             }
             if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
-                memcpy(ctx->tlsext_tick_key_name, keys, 16);
-                memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
-                memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
+                memcpy(ctx->ext.tick_key_name, keys,
+                       sizeof(ctx->ext.tick_key_name));
+                memcpy(ctx->ext.secure->tick_hmac_key,
+                       keys + sizeof(ctx->ext.tick_key_name),
+                       sizeof(ctx->ext.secure->tick_hmac_key));
+                memcpy(ctx->ext.secure->tick_aes_key,
+                       keys + sizeof(ctx->ext.tick_key_name) +
+                       sizeof(ctx->ext.secure->tick_hmac_key),
+                       sizeof(ctx->ext.secure->tick_aes_key));
             } else {
-                memcpy(keys, ctx->tlsext_tick_key_name, 16);
-                memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);
-                memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);
+                memcpy(keys, ctx->ext.tick_key_name,
+                       sizeof(ctx->ext.tick_key_name));
+                memcpy(keys + sizeof(ctx->ext.tick_key_name),
+                       ctx->ext.secure->tick_hmac_key,
+                       sizeof(ctx->ext.secure->tick_hmac_key));
+                memcpy(keys + sizeof(ctx->ext.tick_key_name) +
+                       sizeof(ctx->ext.secure->tick_hmac_key),
+                       ctx->ext.secure->tick_aes_key,
+                       sizeof(ctx->ext.secure->tick_aes_key));
             }
             return 1;
         }
 
-# ifdef TLSEXT_TYPE_opaque_prf_input
-    case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG:
-        ctx->tlsext_opaque_prf_input_callback_arg = parg;
-        return 1;
-# endif
+    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
+        return ctx->ext.status_type;
+
+    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
+        ctx->ext.status_type = larg;
+        break;
 
     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
-        ctx->tlsext_status_arg = parg;
+        ctx->ext.status_arg = parg;
         return 1;
+
+    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
+        *(void**)parg = ctx->ext.status_arg;
+        break;
+
+    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
+        *(int (**)(SSL*, void*))parg = ctx->ext.status_cb;
         break;
 
-# ifndef OPENSSL_NO_SRP
+#ifndef OPENSSL_NO_SRP
     case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
         ctx->srp_ctx.srp_Mask |= SSL_kSRP;
-        if (ctx->srp_ctx.login != NULL)
-            OPENSSL_free(ctx->srp_ctx.login);
+        OPENSSL_free(ctx->srp_ctx.login);
         ctx->srp_ctx.login = NULL;
         if (parg == NULL)
             break;
-        if (strlen((const char *)parg) > 255
-            || strlen((const char *)parg) < 1) {
+        if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
             SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
             return 0;
         }
-        if ((ctx->srp_ctx.login = BUF_strdup((char *)parg)) == NULL) {
+        if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
             SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
             return 0;
         }
@@ -3871,7 +3879,12 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
     case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
         ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
             srp_password_from_info_cb;
-        ctx->srp_ctx.info = parg;
+        if (ctx->srp_ctx.info != NULL)
+            OPENSSL_free(ctx->srp_ctx.info);
+        if ((ctx->srp_ctx.info = BUF_strdup((char *)parg)) == NULL) {
+            SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
         break;
     case SSL_CTRL_SET_SRP_ARG:
         ctx->srp_ctx.srp_Mask |= SSL_kSRP;
@@ -3881,24 +3894,19 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
     case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
         ctx->srp_ctx.strength = larg;
         break;
-# endif
+#endif
 
-# ifndef OPENSSL_NO_EC
-    case SSL_CTRL_SET_CURVES:
-        return tls1_set_curves(&ctx->tlsext_ellipticcurvelist,
-                               &ctx->tlsext_ellipticcurvelist_length,
+#ifndef OPENSSL_NO_EC
+    case SSL_CTRL_SET_GROUPS:
+        return tls1_set_groups(&ctx->ext.supportedgroups,
+                               &ctx->ext.supportedgroups_len,
                                parg, larg);
 
-    case SSL_CTRL_SET_CURVES_LIST:
-        return tls1_set_curves_list(&ctx->tlsext_ellipticcurvelist,
-                                    &ctx->tlsext_ellipticcurvelist_length,
+    case SSL_CTRL_SET_GROUPS_LIST:
+        return tls1_set_groups_list(&ctx->ext.supportedgroups,
+                                    &ctx->ext.supportedgroups_len,
                                     parg);
-#  ifndef OPENSSL_NO_ECDH
-    case SSL_CTRL_SET_ECDH_AUTO:
-        ctx->cert->ecdh_tmp_auto = larg;
-        return 1;
-#  endif
-# endif
+#endif
     case SSL_CTRL_SET_SIGALGS:
         return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
 
@@ -3915,7 +3923,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
         return ssl3_set_req_cert_type(ctx->cert, parg, larg);
 
     case SSL_CTRL_BUILD_CERT_CHAIN:
-        return ssl_build_cert_chain(ctx->cert, ctx->cert_store, larg);
+        return ssl_build_cert_chain(NULL, ctx, larg);
 
     case SSL_CTRL_SET_VERIFY_CERT_STORE:
         return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
@@ -3923,15 +3931,18 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
     case SSL_CTRL_SET_CHAIN_CERT_STORE:
         return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
 
-#endif                          /* !OPENSSL_NO_TLSEXT */
-
         /* A Thawte special :-) */
     case SSL_CTRL_EXTRA_CHAIN_CERT:
         if (ctx->extra_certs == NULL) {
-            if ((ctx->extra_certs = sk_X509_new_null()) == NULL)
-                return (0);
+            if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
+                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+        }
+        if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
+            SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
+            return 0;
         }
-        sk_X509_push(ctx->extra_certs, (X509 *)parg);
         break;
 
     case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
@@ -3942,23 +3953,21 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
         break;
 
     case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
-        if (ctx->extra_certs) {
-            sk_X509_pop_free(ctx->extra_certs, X509_free);
-            ctx->extra_certs = NULL;
-        }
+        sk_X509_pop_free(ctx->extra_certs, X509_free);
+        ctx->extra_certs = NULL;
         break;
 
     case SSL_CTRL_CHAIN:
         if (larg)
-            return ssl_cert_set1_chain(ctx->cert, (STACK_OF(X509) *)parg);
+            return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
         else
-            return ssl_cert_set0_chain(ctx->cert, (STACK_OF(X509) *)parg);
+            return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
 
     case SSL_CTRL_CHAIN_CERT:
         if (larg)
-            return ssl_cert_add1_chain_cert(ctx->cert, (X509 *)parg);
+            return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
         else
-            return ssl_cert_add0_chain_cert(ctx->cert, (X509 *)parg);
+            return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
 
     case SSL_CTRL_GET_CHAIN_CERTS:
         *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
@@ -3971,63 +3980,37 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
         return ssl_cert_set_current(ctx->cert, larg);
 
     default:
-        return (0);
+        return 0;
     }
-    return (1);
+    return 1;
 }
 
 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
 {
-    CERT *cert;
-
-    cert = ctx->cert;
-
     switch (cmd) {
-#ifndef OPENSSL_NO_RSA
-    case SSL_CTRL_SET_TMP_RSA_CB:
-        {
-            cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
-        }
-        break;
-#endif
 #ifndef OPENSSL_NO_DH
     case SSL_CTRL_SET_TMP_DH_CB:
         {
-            cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
-        }
-        break;
-#endif
-#ifndef OPENSSL_NO_ECDH
-    case SSL_CTRL_SET_TMP_ECDH_CB:
-        {
-            cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
+            ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
         }
         break;
 #endif
-#ifndef OPENSSL_NO_TLSEXT
     case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
-        ctx->tlsext_servername_callback = (int (*)(SSL *, int *, void *))fp;
+        ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp;
         break;
 
-# ifdef TLSEXT_TYPE_opaque_prf_input
-    case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB:
-        ctx->tlsext_opaque_prf_input_callback =
-            (int (*)(SSL *, void *, size_t, void *))fp;
-        break;
-# endif
-
     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
-        ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp;
+        ctx->ext.status_cb = (int (*)(SSL *, void *))fp;
         break;
 
     case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
-        ctx->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char *,
+        ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *,
                                              unsigned char *,
                                              EVP_CIPHER_CTX *,
                                              HMAC_CTX *, int))fp;
         break;
 
-# ifndef OPENSSL_NO_SRP
+#ifndef OPENSSL_NO_SRP
     case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
         ctx->srp_ctx.srp_Mask |= SSL_kSRP;
         ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
@@ -4042,70 +4025,115 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
         ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
             (char *(*)(SSL *, void *))fp;
         break;
-# endif
 #endif
+    case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
+        {
+            ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
+        }
+        break;
     default:
-        return (0);
+        return 0;
     }
-    return (1);
+    return 1;
 }
 
-/*
- * This function needs to check if the ciphers required are actually
- * available
- */
-const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
+const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
 {
     SSL_CIPHER c;
     const SSL_CIPHER *cp;
-    unsigned long id;
 
-    id = 0x03000000L | ((unsigned long)p[0] << 8L) | (unsigned long)p[1];
     c.id = id;
+    cp = OBJ_bsearch_ssl_cipher_id(&c, tls13_ciphers, TLS13_NUM_CIPHERS);
+    if (cp != NULL)
+        return cp;
     cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
-#ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES
-    if (cp == NULL)
-        fprintf(stderr, "Unknown cipher ID %x\n", (p[0] << 8) | p[1]);
-#endif
-    return cp;
+    if (cp != NULL)
+        return cp;
+    return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS);
 }
 
-int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
+const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname)
 {
-    long l;
-
-    if (p != NULL) {
-        l = c->id;
-        if ((l & 0xff000000) != 0x03000000)
-            return (0);
-        p[0] = ((unsigned char)(l >> 8L)) & 0xFF;
-        p[1] = ((unsigned char)(l)) & 0xFF;
+    SSL_CIPHER *c = NULL, *tbl;
+    SSL_CIPHER *alltabs[] = {tls13_ciphers, ssl3_ciphers};
+    size_t i, j, tblsize[] = {TLS13_NUM_CIPHERS, SSL3_NUM_CIPHERS};
+
+    /* this is not efficient, necessary to optimize this? */
+    for (j = 0; j < OSSL_NELEM(alltabs); j++) {
+        for (i = 0, tbl = alltabs[j]; i < tblsize[j]; i++, tbl++) {
+            if (tbl->stdname == NULL)
+                continue;
+            if (strcmp(stdname, tbl->stdname) == 0) {
+                c = tbl;
+                break;
+            }
+        }
+    }
+    if (c == NULL) {
+        tbl = ssl3_scsvs;
+        for (i = 0; i < SSL3_NUM_SCSVS; i++, tbl++) {
+            if (strcmp(stdname, tbl->stdname) == 0) {
+                c = tbl;
+                break;
+            }
+        }
     }
-    return (2);
+    return c;
+}
+
+/*
+ * This function needs to check if the ciphers required are actually
+ * available
+ */
+const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
+{
+    return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG
+                                 | ((uint32_t)p[0] << 8L)
+                                 | (uint32_t)p[1]);
 }
 
-SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
-                               STACK_OF(SSL_CIPHER) *srvr)
+int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
 {
-    SSL_CIPHER *c, *ret = NULL;
+    if ((c->id & 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG) {
+        *len = 0;
+        return 1;
+    }
+
+    if (!WPACKET_put_bytes_u16(pkt, c->id & 0xffff))
+        return 0;
+
+    *len = 2;
+    return 1;
+}
+
+/*
+ * ssl3_choose_cipher - choose a cipher from those offered by the client
+ * @s: SSL connection
+ * @clnt: ciphers offered by the client
+ * @srvr: ciphers enabled on the server?
+ *
+ * Returns the selected cipher or NULL when no common ciphers.
+ */
+const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
+                                     STACK_OF(SSL_CIPHER) *srvr)
+{
+    const SSL_CIPHER *c, *ret = NULL;
     STACK_OF(SSL_CIPHER) *prio, *allow;
-    int i, ii, ok;
-    CERT *cert;
-    unsigned long alg_k, alg_a, mask_k, mask_a, emask_k, emask_a;
+    int i, ii, ok, prefer_sha256 = 0;
+    unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0;
+    const EVP_MD *mdsha256 = EVP_sha256();
+#ifndef OPENSSL_NO_CHACHA
+    STACK_OF(SSL_CIPHER) *prio_chacha = NULL;
+#endif
 
     /* Let's see which ciphers we can support */
-    cert = s->cert;
 
-#if 0
     /*
      * Do not set the compare functions, because this may lead to a
      * reordering by "id". We want to keep the original ordering. We may pay
      * a price in performance during sk_SSL_CIPHER_find(), but would have to
      * pay with the price of sk_SSL_CIPHER_dup().
      */
-    sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);
-    sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
-#endif
 
 #ifdef CIPHER_DEBUG
     fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
@@ -4122,235 +4150,235 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
     }
 #endif
 
-    if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || tls1_suiteb(s)) {
+    /* SUITE-B takes precedence over server preference and ChaCha priortiy */
+    if (tls1_suiteb(s)) {
         prio = srvr;
         allow = clnt;
+    } else if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
+        prio = srvr;
+        allow = clnt;
+#ifndef OPENSSL_NO_CHACHA
+        /* If ChaCha20 is at the top of the client preference list,
+           and there are ChaCha20 ciphers in the server list, then
+           temporarily prioritize all ChaCha20 ciphers in the servers list. */
+        if (s->options & SSL_OP_PRIORITIZE_CHACHA && sk_SSL_CIPHER_num(clnt) > 0) {
+            c = sk_SSL_CIPHER_value(clnt, 0);
+            if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
+                /* ChaCha20 is client preferred, check server... */
+                int num = sk_SSL_CIPHER_num(srvr);
+                int found = 0;
+                for (i = 0; i < num; i++) {
+                    c = sk_SSL_CIPHER_value(srvr, i);
+                    if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
+                        found = 1;
+                        break;
+                    }
+                }
+                if (found) {
+                    prio_chacha = sk_SSL_CIPHER_new_reserve(NULL, num);
+                    /* if reserve fails, then there's likely a memory issue */
+                    if (prio_chacha != NULL) {
+                        /* Put all ChaCha20 at the top, starting with the one we just found */
+                        sk_SSL_CIPHER_push(prio_chacha, c);
+                        for (i++; i < num; i++) {
+                            c = sk_SSL_CIPHER_value(srvr, i);
+                            if (c->algorithm_enc == SSL_CHACHA20POLY1305)
+                                sk_SSL_CIPHER_push(prio_chacha, c);
+                        }
+                        /* Pull in the rest */
+                        for (i = 0; i < num; i++) {
+                            c = sk_SSL_CIPHER_value(srvr, i);
+                            if (c->algorithm_enc != SSL_CHACHA20POLY1305)
+                                sk_SSL_CIPHER_push(prio_chacha, c);
+                        }
+                        prio = prio_chacha;
+                    }
+                }
+            }
+        }
+# endif
     } else {
         prio = clnt;
         allow = srvr;
     }
 
-    tls1_set_cert_validity(s);
+    if (SSL_IS_TLS13(s)) {
+#ifndef OPENSSL_NO_PSK
+        int j;
+
+        /*
+         * If we allow "old" style PSK callbacks, and we have no certificate (so
+         * we're not going to succeed without a PSK anyway), and we're in
+         * TLSv1.3 then the default hash for a PSK is SHA-256 (as per the
+         * TLSv1.3 spec). Therefore we should prioritise ciphersuites using
+         * that.
+         */
+        if (s->psk_server_callback != NULL) {
+            for (j = 0; j < SSL_PKEY_NUM && !ssl_has_cert(s, j); j++);
+            if (j == SSL_PKEY_NUM) {
+                /* There are no certificates */
+                prefer_sha256 = 1;
+            }
+        }
+#endif
+    } else {
+        tls1_set_cert_validity(s);
+        ssl_set_masks(s);
+    }
 
     for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
         c = sk_SSL_CIPHER_value(prio, i);
 
-        /* Skip TLS v1.2 only ciphersuites if not supported */
-        if ((c->algorithm_ssl & SSL_TLSV1_2) && !SSL_USE_TLS1_2_CIPHERS(s))
+        /* Skip ciphers not supported by the protocol version */
+        if (!SSL_IS_DTLS(s) &&
+            ((s->version < c->min_tls) || (s->version > c->max_tls)))
+            continue;
+        if (SSL_IS_DTLS(s) &&
+            (DTLS_VERSION_LT(s->version, c->min_dtls) ||
+             DTLS_VERSION_GT(s->version, c->max_dtls)))
             continue;
 
-        ssl_set_cert_masks(cert, c);
-        mask_k = cert->mask_k;
-        mask_a = cert->mask_a;
-        emask_k = cert->export_mask_k;
-        emask_a = cert->export_mask_a;
-#ifndef OPENSSL_NO_SRP
-        if (s->srp_ctx.srp_Mask & SSL_kSRP) {
-            mask_k |= SSL_kSRP;
-            emask_k |= SSL_kSRP;
-            mask_a |= SSL_aSRP;
-            emask_a |= SSL_aSRP;
-        }
-#endif
-
-#ifdef KSSL_DEBUG
         /*
-         * fprintf(stderr,"ssl3_choose_cipher %d alg= %lx\n",
-         * i,c->algorithms);
+         * Since TLS 1.3 ciphersuites can be used with any auth or
+         * key exchange scheme skip tests.
          */
-#endif                          /* KSSL_DEBUG */
+        if (!SSL_IS_TLS13(s)) {
+            mask_k = s->s3->tmp.mask_k;
+            mask_a = s->s3->tmp.mask_a;
+#ifndef OPENSSL_NO_SRP
+            if (s->srp_ctx.srp_Mask & SSL_kSRP) {
+                mask_k |= SSL_kSRP;
+                mask_a |= SSL_aSRP;
+            }
+#endif
 
-        alg_k = c->algorithm_mkey;
-        alg_a = c->algorithm_auth;
+            alg_k = c->algorithm_mkey;
+            alg_a = c->algorithm_auth;
 
-#ifndef OPENSSL_NO_KRB5
-        if (alg_k & SSL_kKRB5) {
-            if (!kssl_keytab_is_available(s->kssl_ctx))
-                continue;
-        }
-#endif                          /* OPENSSL_NO_KRB5 */
 #ifndef OPENSSL_NO_PSK
-        /* with PSK there must be server callback set */
-        if ((alg_k & SSL_kPSK) && s->psk_server_callback == NULL)
-            continue;
+            /* with PSK there must be server callback set */
+            if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
+                continue;
 #endif                          /* OPENSSL_NO_PSK */
 
-        if (SSL_C_IS_EXPORT(c)) {
-            ok = (alg_k & emask_k) && (alg_a & emask_a);
-#ifdef CIPHER_DEBUG
-            fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n",
-                    ok, alg_k, alg_a, emask_k, emask_a, (void *)c, c->name);
-#endif
-        } else {
             ok = (alg_k & mask_k) && (alg_a & mask_a);
 #ifdef CIPHER_DEBUG
             fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
                     alg_a, mask_k, mask_a, (void *)c, c->name);
 #endif
-        }
 
-#ifndef OPENSSL_NO_TLSEXT
-# ifndef OPENSSL_NO_EC
-#  ifndef OPENSSL_NO_ECDH
-        /*
-         * if we are considering an ECC cipher suite that uses an ephemeral
-         * EC key check it
-         */
-        if (alg_k & SSL_kEECDH)
-            ok = ok && tls1_check_ec_tmp_key(s, c->id);
-#  endif                        /* OPENSSL_NO_ECDH */
-# endif                         /* OPENSSL_NO_EC */
-#endif                          /* OPENSSL_NO_TLSEXT */
+#ifndef OPENSSL_NO_EC
+            /*
+             * if we are considering an ECC cipher suite that uses an ephemeral
+             * EC key check it
+             */
+            if (alg_k & SSL_kECDHE)
+                ok = ok && tls1_check_ec_tmp_key(s, c->id);
+#endif                          /* OPENSSL_NO_EC */
 
-        if (!ok)
-            continue;
+            if (!ok)
+                continue;
+        }
         ii = sk_SSL_CIPHER_find(allow, c);
         if (ii >= 0) {
-#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT)
-            if ((alg_k & SSL_kEECDH) && (alg_a & SSL_aECDSA)
+            /* Check security callback permits this cipher */
+            if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
+                              c->strength_bits, 0, (void *)c))
+                continue;
+#if !defined(OPENSSL_NO_EC)
+            if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
                 && s->s3->is_probably_safari) {
                 if (!ret)
                     ret = sk_SSL_CIPHER_value(allow, ii);
                 continue;
             }
 #endif
+            if (prefer_sha256) {
+                const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii);
+
+                if (ssl_md(tmp->algorithm2) == mdsha256) {
+                    ret = tmp;
+                    break;
+                }
+                if (ret == NULL)
+                    ret = tmp;
+                continue;
+            }
             ret = sk_SSL_CIPHER_value(allow, ii);
             break;
         }
     }
-    return (ret);
+#ifndef OPENSSL_NO_CHACHA
+    sk_SSL_CIPHER_free(prio_chacha);
+#endif
+    return ret;
 }
 
-int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
+int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt)
 {
-    int ret = 0;
-    const unsigned char *sig;
-    size_t i, siglen;
-    int have_rsa_sign = 0, have_dsa_sign = 0;
-#ifndef OPENSSL_NO_ECDSA
-    int have_ecdsa_sign = 0;
-#endif
-#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH)
-    int nostrict = 1;
-#endif
-#if !defined(OPENSSL_NO_GOST) || !defined(OPENSSL_NO_DH) || \
-    !defined(OPENSSL_NO_ECDH)
-    unsigned long alg_k;
-#endif
+    uint32_t alg_k, alg_a = 0;
 
     /* If we have custom certificate types set, use them */
-    if (s->cert->ctypes) {
-        memcpy(p, s->cert->ctypes, s->cert->ctype_num);
-        return (int)s->cert->ctype_num;
-    }
-    /* get configured sigalgs */
-    siglen = tls12_get_psigalgs(s, 1, &sig);
-#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH)
-    if (s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT)
-        nostrict = 0;
-#endif
-    for (i = 0; i < siglen; i += 2, sig += 2) {
-        switch (sig[1]) {
-        case TLSEXT_signature_rsa:
-            have_rsa_sign = 1;
-            break;
-
-        case TLSEXT_signature_dsa:
-            have_dsa_sign = 1;
-            break;
-#ifndef OPENSSL_NO_ECDSA
-        case TLSEXT_signature_ecdsa:
-            have_ecdsa_sign = 1;
-            break;
-#endif
-        }
-    }
+    if (s->cert->ctype)
+        return WPACKET_memcpy(pkt, s->cert->ctype, s->cert->ctype_len);
+    /* Get mask of algorithms disabled by signature list */
+    ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
 
-#if !defined(OPENSSL_NO_GOST) || !defined(OPENSSL_NO_DH) || \
-    !defined(OPENSSL_NO_ECDH)
     alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
-#endif
 
 #ifndef OPENSSL_NO_GOST
-    if (s->version >= TLS1_VERSION) {
-        if (alg_k & SSL_kGOST) {
-            p[ret++] = TLS_CT_GOST94_SIGN;
-            p[ret++] = TLS_CT_GOST01_SIGN;
-            return (ret);
-        }
-    }
+    if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST))
+            return WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
+                    && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_SIGN)
+                    && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_512_SIGN);
 #endif
 
+    if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
 #ifndef OPENSSL_NO_DH
-    if (alg_k & (SSL_kDHr | SSL_kEDH)) {
-# ifndef OPENSSL_NO_RSA
-        /*
-         * Since this refers to a certificate signed with an RSA algorithm,
-         * only check for rsa signing in strict mode.
-         */
-        if (nostrict || have_rsa_sign)
-            p[ret++] = SSL3_CT_RSA_FIXED_DH;
-# endif
-# ifndef OPENSSL_NO_DSA
-        if (nostrict || have_dsa_sign)
-            p[ret++] = SSL3_CT_DSS_FIXED_DH;
-# endif
-    }
-    if ((s->version == SSL3_VERSION) &&
-        (alg_k & (SSL_kEDH | SSL_kDHd | SSL_kDHr))) {
 # ifndef OPENSSL_NO_RSA
-        p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH;
+        if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH))
+            return 0;
 # endif
 # ifndef OPENSSL_NO_DSA
-        p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH;
+        if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
+            return 0;
 # endif
-    }
 #endif                          /* !OPENSSL_NO_DH */
+    }
 #ifndef OPENSSL_NO_RSA
-    if (have_rsa_sign)
-        p[ret++] = SSL3_CT_RSA_SIGN;
+    if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN))
+        return 0;
 #endif
 #ifndef OPENSSL_NO_DSA
-    if (have_dsa_sign)
-        p[ret++] = SSL3_CT_DSS_SIGN;
-#endif
-#ifndef OPENSSL_NO_ECDH
-    if ((alg_k & (SSL_kECDHr | SSL_kECDHe)) && (s->version >= TLS1_VERSION)) {
-        if (nostrict || have_rsa_sign)
-            p[ret++] = TLS_CT_RSA_FIXED_ECDH;
-        if (nostrict || have_ecdsa_sign)
-            p[ret++] = TLS_CT_ECDSA_FIXED_ECDH;
-    }
+    if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN))
+        return 0;
 #endif
-
-#ifndef OPENSSL_NO_ECDSA
+#ifndef OPENSSL_NO_EC
     /*
-     * ECDSA certs can be used with RSA cipher suites as well so we don't
-     * need to check for SSL_kECDH or SSL_kEECDH
+     * ECDSA certs can be used with RSA cipher suites too so we don't
+     * need to check for SSL_kECDH or SSL_kECDHE
      */
-    if (s->version >= TLS1_VERSION) {
-        if (have_ecdsa_sign)
-            p[ret++] = TLS_CT_ECDSA_SIGN;
-    }
+    if (s->version >= TLS1_VERSION
+            && !(alg_a & SSL_aECDSA)
+            && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN))
+        return 0;
 #endif
-    return (ret);
+    return 1;
 }
 
 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
 {
-    if (c->ctypes) {
-        OPENSSL_free(c->ctypes);
-        c->ctypes = NULL;
-    }
-    if (!p || !len)
+    OPENSSL_free(c->ctype);
+    c->ctype = NULL;
+    c->ctype_len = 0;
+    if (p == NULL || len == 0)
         return 1;
     if (len > 0xff)
         return 0;
-    c->ctypes = OPENSSL_malloc(len);
-    if (!c->ctypes)
+    c->ctype = OPENSSL_memdup(p, len);
+    if (c->ctype == NULL)
         return 0;
-    memcpy(c->ctypes, p, len);
-    c->ctype_num = len;
+    c->ctype_len = len;
     return 1;
 }
 
@@ -4362,115 +4390,71 @@ int ssl3_shutdown(SSL *s)
      * Don't do anything much if we have not done the handshake or we don't
      * want to send messages :-)
      */
-    if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) {
+    if (s->quiet_shutdown || SSL_in_before(s)) {
         s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
-        return (1);
+        return 1;
     }
 
     if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
         s->shutdown |= SSL_SENT_SHUTDOWN;
-#if 1
         ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
-#endif
         /*
          * our shutdown alert has been sent now, and if it still needs to be
          * written, s->s3->alert_dispatch will be true
          */
         if (s->s3->alert_dispatch)
-            return (-1);        /* return WANT_WRITE */
+            return -1;        /* return WANT_WRITE */
     } else if (s->s3->alert_dispatch) {
         /* resend it if not sent */
-#if 1
         ret = s->method->ssl_dispatch_alert(s);
         if (ret == -1) {
             /*
              * we only get to return -1 here the 2nd/Nth invocation, we must
-             * have already signalled return 0 upon a previous invoation,
+             * have already signalled return 0 upon a previous invocation,
              * return WANT_WRITE
              */
-            return (ret);
+            return ret;
         }
-#endif
     } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
+        size_t readbytes;
         /*
          * If we are waiting for a close from our peer, we are closed
          */
-        s->method->ssl_read_bytes(s, 0, NULL, 0, 0);
+        s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &readbytes);
         if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
-            return (-1);        /* return WANT_READ */
+            return -1;        /* return WANT_READ */
         }
     }
 
     if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
         !s->s3->alert_dispatch)
-        return (1);
+        return 1;
     else
-        return (0);
+        return 0;
 }
 
-int ssl3_write(SSL *s, const void *buf, int len)
+int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written)
 {
-    int ret, n;
-
-#if 0
-    if (s->shutdown & SSL_SEND_SHUTDOWN) {
-        s->rwstate = SSL_NOTHING;
-        return (0);
-    }
-#endif
     clear_sys_error();
     if (s->s3->renegotiate)
-        ssl3_renegotiate_check(s);
+        ssl3_renegotiate_check(s, 0);
 
-    /*
-     * This is an experimental flag that sends the last handshake message in
-     * the same packet as the first use data - used to see if it helps the
-     * TCP protocol during session-id reuse
-     */
-    /* The second test is because the buffer may have been removed */
-    if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) {
-        /* First time through, we write into the buffer */
-        if (s->s3->delay_buf_pop_ret == 0) {
-            ret = ssl3_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len);
-            if (ret <= 0)
-                return (ret);
-
-            s->s3->delay_buf_pop_ret = ret;
-        }
-
-        s->rwstate = SSL_WRITING;
-        n = BIO_flush(s->wbio);
-        if (n <= 0)
-            return (n);
-        s->rwstate = SSL_NOTHING;
-
-        /* We have flushed the buffer, so remove it */
-        ssl_free_wbio_buffer(s);
-        s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER;
-
-        ret = s->s3->delay_buf_pop_ret;
-        s->s3->delay_buf_pop_ret = 0;
-    } else {
-        ret = s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA,
-                                         buf, len);
-        if (ret <= 0)
-            return (ret);
-    }
-
-    return (ret);
+    return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
+                                      written);
 }
 
-static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
+static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek,
+                              size_t *readbytes)
 {
     int ret;
 
     clear_sys_error();
     if (s->s3->renegotiate)
-        ssl3_renegotiate_check(s);
+        ssl3_renegotiate_check(s, 0);
     s->s3->in_read_app_data = 1;
     ret =
-        s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
-                                  peek);
+        s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
+                                  peek, readbytes);
     if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
         /*
          * ssl3_read_bytes decided to call s->handshake_func, which called
@@ -4479,64 +4463,72 @@ static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
          * makes sense here; so disable handshake processing and try to read
          * application data again.
          */
-        s->in_handshake++;
+        ossl_statem_set_in_handshake(s, 1);
         ret =
-            s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
-                                      peek);
-        s->in_handshake--;
+            s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
+                                      len, peek, readbytes);
+        ossl_statem_set_in_handshake(s, 0);
     } else
         s->s3->in_read_app_data = 0;
 
-    return (ret);
+    return ret;
 }
 
-int ssl3_read(SSL *s, void *buf, int len)
+int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes)
 {
-    return ssl3_read_internal(s, buf, len, 0);
+    return ssl3_read_internal(s, buf, len, 0, readbytes);
 }
 
-int ssl3_peek(SSL *s, void *buf, int len)
+int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes)
 {
-    return ssl3_read_internal(s, buf, len, 1);
+    return ssl3_read_internal(s, buf, len, 1, readbytes);
 }
 
 int ssl3_renegotiate(SSL *s)
 {
     if (s->handshake_func == NULL)
-        return (1);
-
-    if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
-        return (0);
+        return 1;
 
     s->s3->renegotiate = 1;
-    return (1);
+    return 1;
 }
 
-int ssl3_renegotiate_check(SSL *s)
+/*
+ * Check if we are waiting to do a renegotiation and if so whether now is a
+ * good time to do it. If |initok| is true then we are being called from inside
+ * the state machine so ignore the result of SSL_in_init(s). Otherwise we
+ * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we
+ * should do a renegotiation now and sets up the state machine for it. Otherwise
+ * returns 0.
+ */
+int ssl3_renegotiate_check(SSL *s, int initok)
 {
     int ret = 0;
 
     if (s->s3->renegotiate) {
-        if ((s->s3->rbuf.left == 0) &&
-            (s->s3->wbuf.left == 0) && !SSL_in_init(s)) {
+        if (!RECORD_LAYER_read_pending(&s->rlayer)
+            && !RECORD_LAYER_write_pending(&s->rlayer)
+            && (initok || !SSL_in_init(s))) {
             /*
              * if we are the server, and we have sent a 'RENEGOTIATE'
-             * message, we need to go to SSL_ST_ACCEPT.
+             * message, we need to set the state machine into the renegotiate
+             * state.
              */
-            /* SSL_ST_ACCEPT */
-            s->state = SSL_ST_RENEGOTIATE;
+            ossl_statem_set_renegotiate(s);
             s->s3->renegotiate = 0;
             s->s3->num_renegotiations++;
             s->s3->total_renegotiations++;
             ret = 1;
         }
     }
-    return (ret);
+    return ret;
 }
 
 /*
  * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
  * handshake macs if required.
+ *
+ * If PSK and using SHA384 for TLS < 1.2 switch to default.
  */
 long ssl_get_algorithm2(SSL *s)
 {
@@ -4544,8 +4536,311 @@ long ssl_get_algorithm2(SSL *s)
     if (s->s3 == NULL || s->s3->tmp.new_cipher == NULL)
         return -1;
     alg2 = s->s3->tmp.new_cipher->algorithm2;
-    if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF
-        && alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
-        return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
+    if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
+        if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
+            return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
+    } else if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK) {
+        if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
+            return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
+    }
     return alg2;
 }
+
+/*
+ * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
+ * failure, 1 on success.
+ */
+int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len,
+                          DOWNGRADE dgrd)
+{
+    int send_time = 0, ret;
+
+    if (len < 4)
+        return 0;
+    if (server)
+        send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
+    else
+        send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
+    if (send_time) {
+        unsigned long Time = (unsigned long)time(NULL);
+        unsigned char *p = result;
+
+        l2n(Time, p);
+        ret = RAND_bytes(p, len - 4);
+    } else {
+        ret = RAND_bytes(result, len);
+    }
+
+    if (ret > 0) {
+        if (!ossl_assert(sizeof(tls11downgrade) < len)
+                || !ossl_assert(sizeof(tls12downgrade) < len))
+             return 0;
+        if (dgrd == DOWNGRADE_TO_1_2)
+            memcpy(result + len - sizeof(tls12downgrade), tls12downgrade,
+                   sizeof(tls12downgrade));
+        else if (dgrd == DOWNGRADE_TO_1_1)
+            memcpy(result + len - sizeof(tls11downgrade), tls11downgrade,
+                   sizeof(tls11downgrade));
+    }
+
+    return ret;
+}
+
+int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
+                               int free_pms)
+{
+    unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+    int ret = 0;
+
+    if (alg_k & SSL_PSK) {
+#ifndef OPENSSL_NO_PSK
+        unsigned char *pskpms, *t;
+        size_t psklen = s->s3->tmp.psklen;
+        size_t pskpmslen;
+
+        /* create PSK premaster_secret */
+
+        /* For plain PSK "other_secret" is psklen zeroes */
+        if (alg_k & SSL_kPSK)
+            pmslen = psklen;
+
+        pskpmslen = 4 + pmslen + psklen;
+        pskpms = OPENSSL_malloc(pskpmslen);
+        if (pskpms == NULL)
+            goto err;
+        t = pskpms;
+        s2n(pmslen, t);
+        if (alg_k & SSL_kPSK)
+            memset(t, 0, pmslen);
+        else
+            memcpy(t, pms, pmslen);
+        t += pmslen;
+        s2n(psklen, t);
+        memcpy(t, s->s3->tmp.psk, psklen);
+
+        OPENSSL_clear_free(s->s3->tmp.psk, psklen);
+        s->s3->tmp.psk = NULL;
+        if (!s->method->ssl3_enc->generate_master_secret(s,
+                    s->session->master_key,pskpms, pskpmslen,
+                    &s->session->master_key_length)) {
+            OPENSSL_clear_free(pskpms, pskpmslen);
+            /* SSLfatal() already called */
+            goto err;
+        }
+        OPENSSL_clear_free(pskpms, pskpmslen);
+#else
+        /* Should never happen */
+        goto err;
+#endif
+    } else {
+        if (!s->method->ssl3_enc->generate_master_secret(s,
+                s->session->master_key, pms, pmslen,
+                &s->session->master_key_length)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    }
+
+    ret = 1;
+ err:
+    if (pms) {
+        if (free_pms)
+            OPENSSL_clear_free(pms, pmslen);
+        else
+            OPENSSL_cleanse(pms, pmslen);
+    }
+    if (s->server == 0)
+        s->s3->tmp.pms = NULL;
+    return ret;
+}
+
+/* Generate a private key from parameters */
+EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm)
+{
+    EVP_PKEY_CTX *pctx = NULL;
+    EVP_PKEY *pkey = NULL;
+
+    if (pm == NULL)
+        return NULL;
+    pctx = EVP_PKEY_CTX_new(pm, NULL);
+    if (pctx == NULL)
+        goto err;
+    if (EVP_PKEY_keygen_init(pctx) <= 0)
+        goto err;
+    if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
+        EVP_PKEY_free(pkey);
+        pkey = NULL;
+    }
+
+    err:
+    EVP_PKEY_CTX_free(pctx);
+    return pkey;
+}
+#ifndef OPENSSL_NO_EC
+/* Generate a private key from a group ID */
+EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id)
+{
+    EVP_PKEY_CTX *pctx = NULL;
+    EVP_PKEY *pkey = NULL;
+    const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
+    uint16_t gtype;
+
+    if (ginf == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    gtype = ginf->flags & TLS_CURVE_TYPE;
+    if (gtype == TLS_CURVE_CUSTOM)
+        pctx = EVP_PKEY_CTX_new_id(ginf->nid, NULL);
+    else
+        pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
+    if (pctx == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
+                 ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (EVP_PKEY_keygen_init(pctx) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
+                 ERR_R_EVP_LIB);
+        goto err;
+    }
+    if (gtype != TLS_CURVE_CUSTOM
+            && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
+                 ERR_R_EVP_LIB);
+        goto err;
+    }
+    if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
+                 ERR_R_EVP_LIB);
+        EVP_PKEY_free(pkey);
+        pkey = NULL;
+    }
+
+ err:
+    EVP_PKEY_CTX_free(pctx);
+    return pkey;
+}
+
+/*
+ * Generate parameters from a group ID
+ */
+EVP_PKEY *ssl_generate_param_group(uint16_t id)
+{
+    EVP_PKEY_CTX *pctx = NULL;
+    EVP_PKEY *pkey = NULL;
+    const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
+
+    if (ginf == NULL)
+        goto err;
+
+    if ((ginf->flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
+        pkey = EVP_PKEY_new();
+        if (pkey != NULL && EVP_PKEY_set_type(pkey, ginf->nid))
+            return pkey;
+        EVP_PKEY_free(pkey);
+        return NULL;
+    }
+
+    pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
+    if (pctx == NULL)
+        goto err;
+    if (EVP_PKEY_paramgen_init(pctx) <= 0)
+        goto err;
+    if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0)
+        goto err;
+    if (EVP_PKEY_paramgen(pctx, &pkey) <= 0) {
+        EVP_PKEY_free(pkey);
+        pkey = NULL;
+    }
+
+ err:
+    EVP_PKEY_CTX_free(pctx);
+    return pkey;
+}
+#endif
+
+/* Derive secrets for ECDH/DH */
+int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
+{
+    int rv = 0;
+    unsigned char *pms = NULL;
+    size_t pmslen = 0;
+    EVP_PKEY_CTX *pctx;
+
+    if (privkey == NULL || pubkey == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    pctx = EVP_PKEY_CTX_new(privkey, NULL);
+
+    if (EVP_PKEY_derive_init(pctx) <= 0
+        || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
+        || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    pms = OPENSSL_malloc(pmslen);
+    if (pms == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
+                 ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    if (gensecret) {
+        /* SSLfatal() called as appropriate in the below functions */
+        if (SSL_IS_TLS13(s)) {
+            /*
+             * If we are resuming then we already generated the early secret
+             * when we created the ClientHello, so don't recreate it.
+             */
+            if (!s->hit)
+                rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL,
+                                           0,
+                                           (unsigned char *)&s->early_secret);
+            else
+                rv = 1;
+
+            rv = rv && tls13_generate_handshake_secret(s, pms, pmslen);
+        } else {
+            rv = ssl_generate_master_secret(s, pms, pmslen, 0);
+        }
+    } else {
+        /* Save premaster secret */
+        s->s3->tmp.pms = pms;
+        s->s3->tmp.pmslen = pmslen;
+        pms = NULL;
+        rv = 1;
+    }
+
+ err:
+    OPENSSL_clear_free(pms, pmslen);
+    EVP_PKEY_CTX_free(pctx);
+    return rv;
+}
+
+#ifndef OPENSSL_NO_DH
+EVP_PKEY *ssl_dh_to_pkey(DH *dh)
+{
+    EVP_PKEY *ret;
+    if (dh == NULL)
+        return NULL;
+    ret = EVP_PKEY_new();
+    if (EVP_PKEY_set1_DH(ret, dh) <= 0) {
+        EVP_PKEY_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+#endif
diff --git a/freebsd/crypto/openssl/ssl/s3_meth.c b/freebsd/crypto/openssl/ssl/s3_meth.c
deleted file mode 100644
index 8025e8b9..00000000
--- a/freebsd/crypto/openssl/ssl/s3_meth.c
+++ /dev/null
@@ -1,76 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* ssl/s3_meth.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/objects.h>
-#include "ssl_locl.h"
-
-#ifndef OPENSSL_NO_SSL3_METHOD
-static const SSL_METHOD *ssl3_get_method(int ver)
-{
-    if (ver == SSL3_VERSION)
-        return (SSLv3_method());
-    else
-        return (NULL);
-}
-
-IMPLEMENT_ssl3_meth_func(SSLv3_method,
-                         ssl3_accept, ssl3_connect, ssl3_get_method)
-#endif
diff --git a/freebsd/crypto/openssl/ssl/s3_msg.c b/freebsd/crypto/openssl/ssl/s3_msg.c
new file mode 100644
index 00000000..6eb39f5a
--- /dev/null
+++ b/freebsd/crypto/openssl/ssl/s3_msg.c
@@ -0,0 +1,106 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "ssl_locl.h"
+
+int ssl3_do_change_cipher_spec(SSL *s)
+{
+    int i;
+
+    if (s->server)
+        i = SSL3_CHANGE_CIPHER_SERVER_READ;
+    else
+        i = SSL3_CHANGE_CIPHER_CLIENT_READ;
+
+    if (s->s3->tmp.key_block == NULL) {
+        if (s->session == NULL || s->session->master_key_length == 0) {
+            /* might happen if dtls1_read_bytes() calls this */
+            SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, SSL_R_CCS_RECEIVED_EARLY);
+            return 0;
+        }
+
+        s->session->cipher = s->s3->tmp.new_cipher;
+        if (!s->method->ssl3_enc->setup_key_block(s))
+            return 0;
+    }
+
+    if (!s->method->ssl3_enc->change_cipher_state(s, i))
+        return 0;
+
+    return 1;
+}
+
+int ssl3_send_alert(SSL *s, int level, int desc)
+{
+    /* Map tls/ssl alert value to correct one */
+    if (SSL_TREAT_AS_TLS13(s))
+        desc = tls13_alert_code(desc);
+    else
+        desc = s->method->ssl3_enc->alert_value(desc);
+    if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION)
+        desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have
+                                          * protocol_version alerts */
+    if (desc < 0)
+        return -1;
+    /* If a fatal one, remove from cache */
+    if ((level == SSL3_AL_FATAL) && (s->session != NULL))
+        SSL_CTX_remove_session(s->session_ctx, s->session);
+
+    s->s3->alert_dispatch = 1;
+    s->s3->send_alert[0] = level;
+    s->s3->send_alert[1] = desc;
+    if (!RECORD_LAYER_write_pending(&s->rlayer)) {
+        /* data still being written out? */
+        return s->method->ssl_dispatch_alert(s);
+    }
+    /*
+     * else data is still being written out, we will get written some time in
+     * the future
+     */
+    return -1;
+}
+
+int ssl3_dispatch_alert(SSL *s)
+{
+    int i, j;
+    size_t alertlen;
+    void (*cb) (const SSL *ssl, int type, int val) = NULL;
+    size_t written;
+
+    s->s3->alert_dispatch = 0;
+    alertlen = 2;
+    i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], &alertlen, 1, 0,
+                      &written);
+    if (i <= 0) {
+        s->s3->alert_dispatch = 1;
+    } else {
+        /*
+         * Alert sent to BIO - now flush. If the message does not get sent due
+         * to non-blocking IO, we will not worry too much.
+         */
+        (void)BIO_flush(s->wbio);
+
+        if (s->msg_callback)
+            s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert,
+                            2, s, s->msg_callback_arg);
+
+        if (s->info_callback != NULL)
+            cb = s->info_callback;
+        else if (s->ctx->info_callback != NULL)
+            cb = s->ctx->info_callback;
+
+        if (cb != NULL) {
+            j = (s->s3->send_alert[0] << 8) | s->s3->send_alert[1];
+            cb(s, SSL_CB_WRITE_ALERT, j);
+        }
+    }
+    return i;
+}
diff --git a/freebsd/crypto/openssl/ssl/s3_pkt.c b/freebsd/crypto/openssl/ssl/s3_pkt.c
deleted file mode 100644
index 13f2c0f3..00000000
--- a/freebsd/crypto/openssl/ssl/s3_pkt.c
+++ /dev/null
@@ -1,1773 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* ssl/s3_pkt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2018 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <limits.h>
-#include <errno.h>
-#define USE_SOCKETS
-#include "ssl_locl.h"
-#include <openssl/evp.h>
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-
-#ifndef  EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
-# define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0
-#endif
-
-#if     defined(OPENSSL_SMALL_FOOTPRINT) || \
-        !(      defined(AES_ASM) &&     ( \
-                defined(__x86_64)       || defined(__x86_64__)  || \
-                defined(_M_AMD64)       || defined(_M_X64)      || \
-                defined(__INTEL__)      ) \
-        )
-# undef EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
-# define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0
-#endif
-
-static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
-                         unsigned int len, int create_empty_fragment);
-static int ssl3_get_record(SSL *s);
-
-/*
- * Return values are as per SSL_read()
- */
-int ssl3_read_n(SSL *s, int n, int max, int extend)
-{
-    /*
-     * If extend == 0, obtain new n-byte packet; if extend == 1, increase
-     * packet by another n bytes. The packet will be in the sub-array of
-     * s->s3->rbuf.buf specified by s->packet and s->packet_length. (If
-     * s->read_ahead is set, 'max' bytes may be stored in rbuf [plus
-     * s->packet_length bytes if extend == 1].)
-     */
-    int i, len, left;
-    long align = 0;
-    unsigned char *pkt;
-    SSL3_BUFFER *rb;
-
-    if (n <= 0)
-        return n;
-
-    rb = &(s->s3->rbuf);
-    if (rb->buf == NULL)
-        if (!ssl3_setup_read_buffer(s))
-            return -1;
-
-    left = rb->left;
-#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
-    align = (long)rb->buf + SSL3_RT_HEADER_LENGTH;
-    align = (-align) & (SSL3_ALIGN_PAYLOAD - 1);
-#endif
-
-    if (!extend) {
-        /* start with empty packet ... */
-        if (left == 0)
-            rb->offset = align;
-        else if (align != 0 && left >= SSL3_RT_HEADER_LENGTH) {
-            /*
-             * check if next packet length is large enough to justify payload
-             * alignment...
-             */
-            pkt = rb->buf + rb->offset;
-            if (pkt[0] == SSL3_RT_APPLICATION_DATA
-                && (pkt[3] << 8 | pkt[4]) >= 128) {
-                /*
-                 * Note that even if packet is corrupted and its length field
-                 * is insane, we can only be led to wrong decision about
-                 * whether memmove will occur or not. Header values has no
-                 * effect on memmove arguments and therefore no buffer
-                 * overrun can be triggered.
-                 */
-                memmove(rb->buf + align, pkt, left);
-                rb->offset = align;
-            }
-        }
-        s->packet = rb->buf + rb->offset;
-        s->packet_length = 0;
-        /* ... now we can act as if 'extend' was set */
-    }
-
-    /*
-     * For DTLS/UDP reads should not span multiple packets because the read
-     * operation returns the whole packet at once (as long as it fits into
-     * the buffer).
-     */
-    if (SSL_IS_DTLS(s)) {
-        if (left == 0 && extend)
-            return 0;
-        if (left > 0 && n > left)
-            n = left;
-    }
-
-    /* if there is enough in the buffer from a previous read, take some */
-    if (left >= n) {
-        s->packet_length += n;
-        rb->left = left - n;
-        rb->offset += n;
-        return (n);
-    }
-
-    /* else we need to read more data */
-
-    len = s->packet_length;
-    pkt = rb->buf + align;
-    /*
-     * Move any available bytes to front of buffer: 'len' bytes already
-     * pointed to by 'packet', 'left' extra ones at the end
-     */
-    if (s->packet != pkt) {     /* len > 0 */
-        memmove(pkt, s->packet, len + left);
-        s->packet = pkt;
-        rb->offset = len + align;
-    }
-
-    if (n > (int)(rb->len - rb->offset)) { /* does not happen */
-        SSLerr(SSL_F_SSL3_READ_N, ERR_R_INTERNAL_ERROR);
-        return -1;
-    }
-
-    /* We always act like read_ahead is set for DTLS */
-    if (!s->read_ahead && !SSL_IS_DTLS(s))
-        /* ignore max parameter */
-        max = n;
-    else {
-        if (max < n)
-            max = n;
-        if (max > (int)(rb->len - rb->offset))
-            max = rb->len - rb->offset;
-    }
-
-    while (left < n) {
-        /*
-         * Now we have len+left bytes at the front of s->s3->rbuf.buf and
-         * need to read in more until we have len+n (up to len+max if
-         * possible)
-         */
-
-        clear_sys_error();
-        if (s->rbio != NULL) {
-            s->rwstate = SSL_READING;
-            i = BIO_read(s->rbio, pkt + len + left, max - left);
-        } else {
-            SSLerr(SSL_F_SSL3_READ_N, SSL_R_READ_BIO_NOT_SET);
-            i = -1;
-        }
-
-        if (i <= 0) {
-            rb->left = left;
-            if (s->mode & SSL_MODE_RELEASE_BUFFERS && !SSL_IS_DTLS(s))
-                if (len + left == 0)
-                    ssl3_release_read_buffer(s);
-            return (i);
-        }
-        left += i;
-        /*
-         * reads should *never* span multiple packets for DTLS because the
-         * underlying transport protocol is message oriented as opposed to
-         * byte oriented as in the TLS case.
-         */
-        if (SSL_IS_DTLS(s)) {
-            if (n > left)
-                n = left;       /* makes the while condition false */
-        }
-    }
-
-    /* done reading, now the book-keeping */
-    rb->offset += n;
-    rb->left = left - n;
-    s->packet_length += n;
-    s->rwstate = SSL_NOTHING;
-    return (n);
-}
-
-/*
- * MAX_EMPTY_RECORDS defines the number of consecutive, empty records that
- * will be processed per call to ssl3_get_record. Without this limit an
- * attacker could send empty records at a faster rate than we can process and
- * cause ssl3_get_record to loop forever.
- */
-#define MAX_EMPTY_RECORDS 32
-
-/*-
- * Call this to get a new input record.
- * It will return <= 0 if more data is needed, normally due to an error
- * or non-blocking IO.
- * When it finishes, one packet has been decoded and can be found in
- * ssl->s3->rrec.type    - is the type of record
- * ssl->s3->rrec.data,   - data
- * ssl->s3->rrec.length, - number of bytes
- */
-/* used only by ssl3_read_bytes */
-static int ssl3_get_record(SSL *s)
-{
-    int ssl_major, ssl_minor, al;
-    int enc_err, n, i, ret = -1;
-    SSL3_RECORD *rr;
-    SSL_SESSION *sess;
-    unsigned char *p;
-    unsigned char md[EVP_MAX_MD_SIZE];
-    short version;
-    unsigned mac_size, orig_len;
-    size_t extra;
-    unsigned empty_record_count = 0;
-
-    rr = &(s->s3->rrec);
-    sess = s->session;
-
-    if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
-        extra = SSL3_RT_MAX_EXTRA;
-    else
-        extra = 0;
-    if (extra && !s->s3->init_extra) {
-        /*
-         * An application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER set after
-         * ssl3_setup_buffers() was done
-         */
-        SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR);
-        return -1;
-    }
-
- again:
-    /* check if we have the header */
-    if ((s->rstate != SSL_ST_READ_BODY) ||
-        (s->packet_length < SSL3_RT_HEADER_LENGTH)) {
-        n = ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
-        if (n <= 0)
-            return (n);         /* error or non-blocking */
-        s->rstate = SSL_ST_READ_BODY;
-
-        p = s->packet;
-        if (s->msg_callback)
-            s->msg_callback(0, 0, SSL3_RT_HEADER, p, 5, s,
-                            s->msg_callback_arg);
-
-        /* Pull apart the header into the SSL3_RECORD */
-        rr->type = *(p++);
-        ssl_major = *(p++);
-        ssl_minor = *(p++);
-        version = (ssl_major << 8) | ssl_minor;
-        n2s(p, rr->length);
-#if 0
-        fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length);
-#endif
-
-        /* Lets check version */
-        if (!s->first_packet) {
-            if (version != s->version) {
-                SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_WRONG_VERSION_NUMBER);
-                if ((s->version & 0xFF00) == (version & 0xFF00)
-                    && !s->enc_write_ctx && !s->write_hash) {
-                    if (rr->type == SSL3_RT_ALERT) {
-                        /*
-                         * The record is using an incorrect version number, but
-                         * what we've got appears to be an alert. We haven't
-                         * read the body yet to check whether its a fatal or
-                         * not - but chances are it is. We probably shouldn't
-                         * send a fatal alert back. We'll just end.
-                         */
-                         goto err;
-                    }
-                    /*
-                     * Send back error using their minor version number :-)
-                     */
-                    s->version = (unsigned short)version;
-                }
-                al = SSL_AD_PROTOCOL_VERSION;
-                goto f_err;
-            }
-        }
-
-        if ((version >> 8) != SSL3_VERSION_MAJOR) {
-            SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_WRONG_VERSION_NUMBER);
-            goto err;
-        }
-
-        if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH) {
-            al = SSL_AD_RECORD_OVERFLOW;
-            SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_PACKET_LENGTH_TOO_LONG);
-            goto f_err;
-        }
-
-        /* now s->rstate == SSL_ST_READ_BODY */
-    }
-
-    /* s->rstate == SSL_ST_READ_BODY, get and decode the data */
-
-    if (rr->length > s->packet_length - SSL3_RT_HEADER_LENGTH) {
-        /* now s->packet_length == SSL3_RT_HEADER_LENGTH */
-        i = rr->length;
-        n = ssl3_read_n(s, i, i, 1);
-        if (n <= 0)
-            return (n);         /* error or non-blocking io */
-        /*
-         * now n == rr->length, and s->packet_length == SSL3_RT_HEADER_LENGTH
-         * + rr->length
-         */
-    }
-
-    s->rstate = SSL_ST_READ_HEADER; /* set state for later operations */
-
-    /*
-     * At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
-     * and we have that many bytes in s->packet
-     */
-    rr->input = &(s->packet[SSL3_RT_HEADER_LENGTH]);
-
-    /*
-     * ok, we can now read from 's->packet' data into 'rr' rr->input points
-     * at rr->length bytes, which need to be copied into rr->data by either
-     * the decryption or by the decompression When the data is 'copied' into
-     * the rr->data buffer, rr->input will be pointed at the new buffer
-     */
-
-    /*
-     * We now have - encrypted [ MAC [ compressed [ plain ] ] ] rr->length
-     * bytes of encrypted compressed stuff.
-     */
-
-    /* check is not needed I believe */
-    if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH + extra) {
-        al = SSL_AD_RECORD_OVERFLOW;
-        SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
-        goto f_err;
-    }
-
-    /* decrypt in place in 'rr->input' */
-    rr->data = rr->input;
-
-    enc_err = s->method->ssl3_enc->enc(s, 0);
-    /*-
-     * enc_err is:
-     *    0: (in non-constant time) if the record is publically invalid.
-     *    1: if the padding is valid
-     *    -1: if the padding is invalid
-     */
-    if (enc_err == 0) {
-        al = SSL_AD_DECRYPTION_FAILED;
-        SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
-        goto f_err;
-    }
-#ifdef TLS_DEBUG
-    printf("dec %d\n", rr->length);
-    {
-        unsigned int z;
-        for (z = 0; z < rr->length; z++)
-            printf("%02X%c", rr->data[z], ((z + 1) % 16) ? ' ' : '\n');
-    }
-    printf("\n");
-#endif
-
-    /* r->length is now the compressed data plus mac */
-    if ((sess != NULL) &&
-        (s->enc_read_ctx != NULL) && (EVP_MD_CTX_md(s->read_hash) != NULL)) {
-        /* s->read_hash != NULL => mac_size != -1 */
-        unsigned char *mac = NULL;
-        unsigned char mac_tmp[EVP_MAX_MD_SIZE];
-        mac_size = EVP_MD_CTX_size(s->read_hash);
-        OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
-
-        /*
-         * kludge: *_cbc_remove_padding passes padding length in rr->type
-         */
-        orig_len = rr->length + ((unsigned int)rr->type >> 8);
-
-        /*
-         * orig_len is the length of the record before any padding was
-         * removed. This is public information, as is the MAC in use,
-         * therefore we can safely process the record in a different amount
-         * of time if it's too short to possibly contain a MAC.
-         */
-        if (orig_len < mac_size ||
-            /* CBC records must have a padding length byte too. */
-            (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
-             orig_len < mac_size + 1)) {
-            al = SSL_AD_DECODE_ERROR;
-            SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_LENGTH_TOO_SHORT);
-            goto f_err;
-        }
-
-        if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) {
-            /*
-             * We update the length so that the TLS header bytes can be
-             * constructed correctly but we need to extract the MAC in
-             * constant time from within the record, without leaking the
-             * contents of the padding bytes.
-             */
-            mac = mac_tmp;
-            ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);
-            rr->length -= mac_size;
-        } else {
-            /*
-             * In this case there's no padding, so |orig_len| equals
-             * |rec->length| and we checked that there's enough bytes for
-             * |mac_size| above.
-             */
-            rr->length -= mac_size;
-            mac = &rr->data[rr->length];
-        }
-
-        i = s->method->ssl3_enc->mac(s, md, 0 /* not send */ );
-        if (i < 0 || mac == NULL
-            || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)
-            enc_err = -1;
-        if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + extra + mac_size)
-            enc_err = -1;
-    }
-
-    if (enc_err < 0) {
-        /*
-         * A separate 'decryption_failed' alert was introduced with TLS 1.0,
-         * SSL 3.0 only has 'bad_record_mac'.  But unless a decryption
-         * failure is directly visible from the ciphertext anyway, we should
-         * not reveal which kind of error occured -- this might become
-         * visible to an attacker (e.g. via a logfile)
-         */
-        al = SSL_AD_BAD_RECORD_MAC;
-        SSLerr(SSL_F_SSL3_GET_RECORD,
-               SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
-        goto f_err;
-    }
-
-    /* r->length is now just compressed */
-    if (s->expand != NULL) {
-        if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + extra) {
-            al = SSL_AD_RECORD_OVERFLOW;
-            SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_COMPRESSED_LENGTH_TOO_LONG);
-            goto f_err;
-        }
-        if (!ssl3_do_uncompress(s)) {
-            al = SSL_AD_DECOMPRESSION_FAILURE;
-            SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_BAD_DECOMPRESSION);
-            goto f_err;
-        }
-    }
-
-    if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH + extra) {
-        al = SSL_AD_RECORD_OVERFLOW;
-        SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_DATA_LENGTH_TOO_LONG);
-        goto f_err;
-    }
-
-    rr->off = 0;
-    /*-
-     * So at this point the following is true
-     * ssl->s3->rrec.type   is the type of record
-     * ssl->s3->rrec.length == number of bytes in record
-     * ssl->s3->rrec.off    == offset to first valid byte
-     * ssl->s3->rrec.data   == where to take bytes from, increment
-     *                         after use :-).
-     */
-
-    /* we have pulled in a full packet so zero things */
-    s->packet_length = 0;
-
-    /* just read a 0 length packet */
-    if (rr->length == 0) {
-        empty_record_count++;
-        if (empty_record_count > MAX_EMPTY_RECORDS) {
-            al = SSL_AD_UNEXPECTED_MESSAGE;
-            SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_RECORD_TOO_SMALL);
-            goto f_err;
-        }
-        goto again;
-    }
-#if 0
-    fprintf(stderr, "Ultimate Record type=%d, Length=%d\n", rr->type,
-            rr->length);
-#endif
-
-    return (1);
-
- f_err:
-    ssl3_send_alert(s, SSL3_AL_FATAL, al);
- err:
-    return (ret);
-}
-
-int ssl3_do_uncompress(SSL *ssl)
-{
-#ifndef OPENSSL_NO_COMP
-    int i;
-    SSL3_RECORD *rr;
-
-    rr = &(ssl->s3->rrec);
-    i = COMP_expand_block(ssl->expand, rr->comp,
-                          SSL3_RT_MAX_PLAIN_LENGTH, rr->data,
-                          (int)rr->length);
-    if (i < 0)
-        return (0);
-    else
-        rr->length = i;
-    rr->data = rr->comp;
-#endif
-    return (1);
-}
-
-int ssl3_do_compress(SSL *ssl)
-{
-#ifndef OPENSSL_NO_COMP
-    int i;
-    SSL3_RECORD *wr;
-
-    wr = &(ssl->s3->wrec);
-    i = COMP_compress_block(ssl->compress, wr->data,
-                            SSL3_RT_MAX_COMPRESSED_LENGTH,
-                            wr->input, (int)wr->length);
-    if (i < 0)
-        return (0);
-    else
-        wr->length = i;
-
-    wr->input = wr->data;
-#endif
-    return (1);
-}
-
-/*
- * Call this to write data in records of type 'type' It will return <= 0 if
- * not all data has been sent or non-blocking IO.
- */
-int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
-{
-    const unsigned char *buf = buf_;
-    int tot;
-    unsigned int n, nw;
-#if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
-    unsigned int max_send_fragment;
-#endif
-    SSL3_BUFFER *wb = &(s->s3->wbuf);
-    int i;
-
-    s->rwstate = SSL_NOTHING;
-    OPENSSL_assert(s->s3->wnum <= INT_MAX);
-    tot = s->s3->wnum;
-    s->s3->wnum = 0;
-
-    if (SSL_in_init(s) && !s->in_handshake) {
-        i = s->handshake_func(s);
-        if (i < 0)
-            return (i);
-        if (i == 0) {
-            SSLerr(SSL_F_SSL3_WRITE_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
-            return -1;
-        }
-    }
-
-    /*
-     * ensure that if we end up with a smaller value of data to write out
-     * than the the original len from a write which didn't complete for
-     * non-blocking I/O and also somehow ended up avoiding the check for
-     * this in ssl3_write_pending/SSL_R_BAD_WRITE_RETRY as it must never be
-     * possible to end up with (len-tot) as a large number that will then
-     * promptly send beyond the end of the users buffer ... so we trap and
-     * report the error in a way the user will notice
-     */
-    if ((len < tot) || ((wb->left != 0) && (len < (tot + s->s3->wpend_tot)))) {
-        SSLerr(SSL_F_SSL3_WRITE_BYTES, SSL_R_BAD_LENGTH);
-        return (-1);
-    }
-
-    /*
-     * first check if there is a SSL3_BUFFER still being written out.  This
-     * will happen with non blocking IO
-     */
-    if (wb->left != 0) {
-        i = ssl3_write_pending(s, type, &buf[tot], s->s3->wpend_tot);
-        if (i <= 0) {
-            /* XXX should we ssl3_release_write_buffer if i<0? */
-            s->s3->wnum = tot;
-            return i;
-        }
-        tot += i;               /* this might be last fragment */
-    }
-#if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
-    /*
-     * Depending on platform multi-block can deliver several *times*
-     * better performance. Downside is that it has to allocate
-     * jumbo buffer to accomodate up to 8 records, but the
-     * compromise is considered worthy.
-     */
-    if (type == SSL3_RT_APPLICATION_DATA &&
-        len >= 4 * (int)(max_send_fragment = s->max_send_fragment) &&
-        s->compress == NULL && s->msg_callback == NULL &&
-        SSL_USE_EXPLICIT_IV(s) &&
-        s->enc_write_ctx != NULL &&
-        EVP_CIPHER_flags(s->enc_write_ctx->cipher) &
-        EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) {
-        unsigned char aad[13];
-        EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param;
-        int packlen;
-
-        /* minimize address aliasing conflicts */
-        if ((max_send_fragment & 0xfff) == 0)
-            max_send_fragment -= 512;
-
-        if (tot == 0 || wb->buf == NULL) { /* allocate jumbo buffer */
-            ssl3_release_write_buffer(s);
-
-            packlen = EVP_CIPHER_CTX_ctrl(s->enc_write_ctx,
-                                          EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE,
-                                          max_send_fragment, NULL);
-
-            if (len >= 8 * (int)max_send_fragment)
-                packlen *= 8;
-            else
-                packlen *= 4;
-
-            wb->buf = OPENSSL_malloc(packlen);
-            if (!wb->buf) {
-                SSLerr(SSL_F_SSL3_WRITE_BYTES, ERR_R_MALLOC_FAILURE);
-                return -1;
-            }
-            wb->len = packlen;
-        } else if (tot == len) { /* done? */
-            OPENSSL_free(wb->buf); /* free jumbo buffer */
-            wb->buf = NULL;
-            return tot;
-        }
-
-        n = (len - tot);
-        for (;;) {
-            if (n < 4 * max_send_fragment) {
-                OPENSSL_free(wb->buf); /* free jumbo buffer */
-                wb->buf = NULL;
-                break;
-            }
-
-            if (s->s3->alert_dispatch) {
-                i = s->method->ssl_dispatch_alert(s);
-                if (i <= 0) {
-                    s->s3->wnum = tot;
-                    return i;
-                }
-            }
-
-            if (n >= 8 * max_send_fragment)
-                nw = max_send_fragment * (mb_param.interleave = 8);
-            else
-                nw = max_send_fragment * (mb_param.interleave = 4);
-
-            memcpy(aad, s->s3->write_sequence, 8);
-            aad[8] = type;
-            aad[9] = (unsigned char)(s->version >> 8);
-            aad[10] = (unsigned char)(s->version);
-            aad[11] = 0;
-            aad[12] = 0;
-            mb_param.out = NULL;
-            mb_param.inp = aad;
-            mb_param.len = nw;
-
-            packlen = EVP_CIPHER_CTX_ctrl(s->enc_write_ctx,
-                                          EVP_CTRL_TLS1_1_MULTIBLOCK_AAD,
-                                          sizeof(mb_param), &mb_param);
-
-            if (packlen <= 0 || packlen > (int)wb->len) { /* never happens */
-                OPENSSL_free(wb->buf); /* free jumbo buffer */
-                wb->buf = NULL;
-                break;
-            }
-
-            mb_param.out = wb->buf;
-            mb_param.inp = &buf[tot];
-            mb_param.len = nw;
-
-            if (EVP_CIPHER_CTX_ctrl(s->enc_write_ctx,
-                                    EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT,
-                                    sizeof(mb_param), &mb_param) <= 0)
-                return -1;
-
-            s->s3->write_sequence[7] += mb_param.interleave;
-            if (s->s3->write_sequence[7] < mb_param.interleave) {
-                int j = 6;
-                while (j >= 0 && (++s->s3->write_sequence[j--]) == 0) ;
-            }
-
-            wb->offset = 0;
-            wb->left = packlen;
-
-            s->s3->wpend_tot = nw;
-            s->s3->wpend_buf = &buf[tot];
-            s->s3->wpend_type = type;
-            s->s3->wpend_ret = nw;
-
-            i = ssl3_write_pending(s, type, &buf[tot], nw);
-            if (i <= 0) {
-                if (i < 0 && (!s->wbio || !BIO_should_retry(s->wbio))) {
-                    OPENSSL_free(wb->buf);
-                    wb->buf = NULL;
-                }
-                s->s3->wnum = tot;
-                return i;
-            }
-            if (i == (int)n) {
-                OPENSSL_free(wb->buf); /* free jumbo buffer */
-                wb->buf = NULL;
-                return tot + i;
-            }
-            n -= i;
-            tot += i;
-        }
-    } else
-#endif
-    if (tot == len) {           /* done? */
-        if (s->mode & SSL_MODE_RELEASE_BUFFERS && !SSL_IS_DTLS(s))
-            ssl3_release_write_buffer(s);
-
-        return tot;
-    }
-
-    n = (len - tot);
-    for (;;) {
-        if (n > s->max_send_fragment)
-            nw = s->max_send_fragment;
-        else
-            nw = n;
-
-        i = do_ssl3_write(s, type, &(buf[tot]), nw, 0);
-        if (i <= 0) {
-            /* XXX should we ssl3_release_write_buffer if i<0? */
-            s->s3->wnum = tot;
-            return i;
-        }
-
-        if ((i == (int)n) ||
-            (type == SSL3_RT_APPLICATION_DATA &&
-             (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) {
-            /*
-             * next chunk of data should get another prepended empty fragment
-             * in ciphersuites with known-IV weakness:
-             */
-            s->s3->empty_fragment_done = 0;
-
-            if ((i == (int)n) && s->mode & SSL_MODE_RELEASE_BUFFERS &&
-                !SSL_IS_DTLS(s))
-                ssl3_release_write_buffer(s);
-
-            return tot + i;
-        }
-
-        n -= i;
-        tot += i;
-    }
-}
-
-static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
-                         unsigned int len, int create_empty_fragment)
-{
-    unsigned char *p, *plen;
-    int i, mac_size, clear = 0;
-    int prefix_len = 0;
-    int eivlen;
-    long align = 0;
-    SSL3_RECORD *wr;
-    SSL3_BUFFER *wb = &(s->s3->wbuf);
-    SSL_SESSION *sess;
-
-    /*
-     * first check if there is a SSL3_BUFFER still being written out.  This
-     * will happen with non blocking IO
-     */
-    if (wb->left != 0)
-        return (ssl3_write_pending(s, type, buf, len));
-
-    /* If we have an alert to send, lets send it */
-    if (s->s3->alert_dispatch) {
-        i = s->method->ssl_dispatch_alert(s);
-        if (i <= 0)
-            return (i);
-        /* if it went, fall through and send more stuff */
-    }
-
-    if (wb->buf == NULL)
-        if (!ssl3_setup_write_buffer(s))
-            return -1;
-
-    if (len == 0 && !create_empty_fragment)
-        return 0;
-
-    wr = &(s->s3->wrec);
-    sess = s->session;
-
-    if ((sess == NULL) ||
-        (s->enc_write_ctx == NULL) ||
-        (EVP_MD_CTX_md(s->write_hash) == NULL)) {
-#if 1
-        clear = s->enc_write_ctx ? 0 : 1; /* must be AEAD cipher */
-#else
-        clear = 1;
-#endif
-        mac_size = 0;
-    } else {
-        mac_size = EVP_MD_CTX_size(s->write_hash);
-        if (mac_size < 0)
-            goto err;
-    }
-
-    /*
-     * 'create_empty_fragment' is true only when this function calls itself
-     */
-    if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done) {
-        /*
-         * countermeasure against known-IV weakness in CBC ciphersuites (see
-         * http://www.openssl.org/~bodo/tls-cbc.txt)
-         */
-
-        if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA) {
-            /*
-             * recursive function call with 'create_empty_fragment' set; this
-             * prepares and buffers the data for an empty fragment (these
-             * 'prefix_len' bytes are sent out later together with the actual
-             * payload)
-             */
-            prefix_len = do_ssl3_write(s, type, buf, 0, 1);
-            if (prefix_len <= 0)
-                goto err;
-
-            if (prefix_len >
-                (SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD))
-            {
-                /* insufficient space */
-                SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR);
-                goto err;
-            }
-        }
-
-        s->s3->empty_fragment_done = 1;
-    }
-
-    if (create_empty_fragment) {
-#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
-        /*
-         * extra fragment would be couple of cipher blocks, which would be
-         * multiple of SSL3_ALIGN_PAYLOAD, so if we want to align the real
-         * payload, then we can just pretent we simply have two headers.
-         */
-        align = (long)wb->buf + 2 * SSL3_RT_HEADER_LENGTH;
-        align = (-align) & (SSL3_ALIGN_PAYLOAD - 1);
-#endif
-        p = wb->buf + align;
-        wb->offset = align;
-    } else if (prefix_len) {
-        p = wb->buf + wb->offset + prefix_len;
-    } else {
-#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
-        align = (long)wb->buf + SSL3_RT_HEADER_LENGTH;
-        align = (-align) & (SSL3_ALIGN_PAYLOAD - 1);
-#endif
-        p = wb->buf + align;
-        wb->offset = align;
-    }
-
-    /* write the header */
-
-    *(p++) = type & 0xff;
-    wr->type = type;
-
-    *(p++) = (s->version >> 8);
-    /*
-     * Some servers hang if iniatial client hello is larger than 256 bytes
-     * and record version number > TLS 1.0
-     */
-    if (s->state == SSL3_ST_CW_CLNT_HELLO_B
-        && !s->renegotiate && TLS1_get_version(s) > TLS1_VERSION)
-        *(p++) = 0x1;
-    else
-        *(p++) = s->version & 0xff;
-
-    /* field where we are to write out packet length */
-    plen = p;
-    p += 2;
-    /* Explicit IV length, block ciphers appropriate version flag */
-    if (s->enc_write_ctx && SSL_USE_EXPLICIT_IV(s)) {
-        int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx);
-        if (mode == EVP_CIPH_CBC_MODE) {
-            eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx);
-            if (eivlen <= 1)
-                eivlen = 0;
-        }
-        /* Need explicit part of IV for GCM mode */
-        else if (mode == EVP_CIPH_GCM_MODE)
-            eivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN;
-        else
-            eivlen = 0;
-    } else
-        eivlen = 0;
-
-    /* lets setup the record stuff. */
-    wr->data = p + eivlen;
-    wr->length = (int)len;
-    wr->input = (unsigned char *)buf;
-
-    /*
-     * we now 'read' from wr->input, wr->length bytes into wr->data
-     */
-
-    /* first we compress */
-    if (s->compress != NULL) {
-        if (!ssl3_do_compress(s)) {
-            SSLerr(SSL_F_DO_SSL3_WRITE, SSL_R_COMPRESSION_FAILURE);
-            goto err;
-        }
-    } else {
-        memcpy(wr->data, wr->input, wr->length);
-        wr->input = wr->data;
-    }
-
-    /*
-     * we should still have the output to wr->data and the input from
-     * wr->input.  Length should be wr->length. wr->data still points in the
-     * wb->buf
-     */
-
-    if (mac_size != 0) {
-        if (s->method->ssl3_enc->mac(s, &(p[wr->length + eivlen]), 1) < 0)
-            goto err;
-        wr->length += mac_size;
-    }
-
-    wr->input = p;
-    wr->data = p;
-
-    if (eivlen) {
-        /*
-         * if (RAND_pseudo_bytes(p, eivlen) <= 0) goto err;
-         */
-        wr->length += eivlen;
-    }
-
-    if (s->method->ssl3_enc->enc(s, 1) < 1)
-        goto err;
-
-    /* record length after mac and block padding */
-    s2n(wr->length, plen);
-
-    if (s->msg_callback)
-        s->msg_callback(1, 0, SSL3_RT_HEADER, plen - 5, 5, s,
-                        s->msg_callback_arg);
-
-    /*
-     * we should now have wr->data pointing to the encrypted data, which is
-     * wr->length long
-     */
-    wr->type = type;            /* not needed but helps for debugging */
-    wr->length += SSL3_RT_HEADER_LENGTH;
-
-    if (create_empty_fragment) {
-        /*
-         * we are in a recursive call; just return the length, don't write
-         * out anything here
-         */
-        return wr->length;
-    }
-
-    /* now let's set up wb */
-    wb->left = prefix_len + wr->length;
-
-    /*
-     * memorize arguments so that ssl3_write_pending can detect bad write
-     * retries later
-     */
-    s->s3->wpend_tot = len;
-    s->s3->wpend_buf = buf;
-    s->s3->wpend_type = type;
-    s->s3->wpend_ret = len;
-
-    /* we now just need to write the buffer */
-    return ssl3_write_pending(s, type, buf, len);
- err:
-    return -1;
-}
-
-/* if s->s3->wbuf.left != 0, we need to call this
- *
- * Return values are as per SSL_write(), i.e.
- */
-int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
-                       unsigned int len)
-{
-    int i;
-    SSL3_BUFFER *wb = &(s->s3->wbuf);
-
-    if ((s->s3->wpend_tot > (int)len)
-        || (!(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)
-            && (s->s3->wpend_buf != buf))
-        || (s->s3->wpend_type != type)) {
-        SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BAD_WRITE_RETRY);
-        return (-1);
-    }
-
-    for (;;) {
-        clear_sys_error();
-        if (s->wbio != NULL) {
-            s->rwstate = SSL_WRITING;
-            i = BIO_write(s->wbio,
-                          (char *)&(wb->buf[wb->offset]),
-                          (unsigned int)wb->left);
-        } else {
-            SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BIO_NOT_SET);
-            i = -1;
-        }
-        if (i == wb->left) {
-            wb->left = 0;
-            wb->offset += i;
-            s->rwstate = SSL_NOTHING;
-            return (s->s3->wpend_ret);
-        } else if (i <= 0) {
-            if (SSL_IS_DTLS(s)) {
-                /*
-                 * For DTLS, just drop it. That's kind of the whole point in
-                 * using a datagram service
-                 */
-                wb->left = 0;
-            }
-            return i;
-        }
-        wb->offset += i;
-        wb->left -= i;
-    }
-}
-
-/*-
- * Return up to 'len' payload bytes received in 'type' records.
- * 'type' is one of the following:
- *
- *   -  SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)
- *   -  SSL3_RT_APPLICATION_DATA (when ssl3_read calls us)
- *   -  0 (during a shutdown, no data has to be returned)
- *
- * If we don't have stored data to work from, read a SSL/TLS record first
- * (possibly multiple records if we still don't have anything to return).
- *
- * This function must handle any surprises the peer may have for us, such as
- * Alert records (e.g. close_notify), ChangeCipherSpec records (not really
- * a surprise, but handled as if it were), or renegotiation requests.
- * Also if record payloads contain fragments too small to process, we store
- * them until there is enough for the respective protocol (the record protocol
- * may use arbitrary fragmentation and even interleaving):
- *     Change cipher spec protocol
- *             just 1 byte needed, no need for keeping anything stored
- *     Alert protocol
- *             2 bytes needed (AlertLevel, AlertDescription)
- *     Handshake protocol
- *             4 bytes needed (HandshakeType, uint24 length) -- we just have
- *             to detect unexpected Client Hello and Hello Request messages
- *             here, anything else is handled by higher layers
- *     Application data protocol
- *             none of our business
- */
-int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
-{
-    int al, i, j, ret;
-    unsigned int n;
-    SSL3_RECORD *rr;
-    void (*cb) (const SSL *ssl, int type2, int val) = NULL;
-
-    if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
-        if (!ssl3_setup_read_buffer(s))
-            return (-1);
-
-    if ((type && (type != SSL3_RT_APPLICATION_DATA)
-         && (type != SSL3_RT_HANDSHAKE)) || (peek
-                                             && (type !=
-                                                 SSL3_RT_APPLICATION_DATA))) {
-        SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
-        return -1;
-    }
-
-    if ((type == SSL3_RT_HANDSHAKE) && (s->s3->handshake_fragment_len > 0))
-        /* (partially) satisfy request from storage */
-    {
-        unsigned char *src = s->s3->handshake_fragment;
-        unsigned char *dst = buf;
-        unsigned int k;
-
-        /* peek == 0 */
-        n = 0;
-        while ((len > 0) && (s->s3->handshake_fragment_len > 0)) {
-            *dst++ = *src++;
-            len--;
-            s->s3->handshake_fragment_len--;
-            n++;
-        }
-        /* move any remaining fragment bytes: */
-        for (k = 0; k < s->s3->handshake_fragment_len; k++)
-            s->s3->handshake_fragment[k] = *src++;
-        return n;
-    }
-
-    /*
-     * Now s->s3->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE.
-     */
-
-    if (!s->in_handshake && SSL_in_init(s)) {
-        /* type == SSL3_RT_APPLICATION_DATA */
-        i = s->handshake_func(s);
-        if (i < 0)
-            return (i);
-        if (i == 0) {
-            SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
-            return (-1);
-        }
-    }
- start:
-    s->rwstate = SSL_NOTHING;
-
-    /*-
-     * s->s3->rrec.type         - is the type of record
-     * s->s3->rrec.data,    - data
-     * s->s3->rrec.off,     - offset into 'data' for next read
-     * s->s3->rrec.length,  - number of bytes.
-     */
-    rr = &(s->s3->rrec);
-
-    /* get new packet if necessary */
-    if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) {
-        ret = ssl3_get_record(s);
-        if (ret <= 0)
-            return (ret);
-    }
-
-    /*
-     * Reset the count of consecutive warning alerts if we've got a non-empty
-     * record that isn't an alert.
-     */
-    if (rr->type != SSL3_RT_ALERT && rr->length != 0)
-        s->cert->alert_count = 0;
-
-    /* we now have a packet which can be read and processed */
-
-    if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
-                                   * reset by ssl3_get_finished */
-        && (rr->type != SSL3_RT_HANDSHAKE)) {
-        al = SSL_AD_UNEXPECTED_MESSAGE;
-        SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
-        goto f_err;
-    }
-
-    /*
-     * If the other end has shut down, throw anything we read away (even in
-     * 'peek' mode)
-     */
-    if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
-        rr->length = 0;
-        s->rwstate = SSL_NOTHING;
-        return (0);
-    }
-
-    if (type == rr->type) {     /* SSL3_RT_APPLICATION_DATA or
-                                 * SSL3_RT_HANDSHAKE */
-        /*
-         * make sure that we are not getting application data when we are
-         * doing a handshake for the first time
-         */
-        if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
-            (s->enc_read_ctx == NULL)) {
-            al = SSL_AD_UNEXPECTED_MESSAGE;
-            SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_APP_DATA_IN_HANDSHAKE);
-            goto f_err;
-        }
-
-        if (len <= 0)
-            return (len);
-
-        if ((unsigned int)len > rr->length)
-            n = rr->length;
-        else
-            n = (unsigned int)len;
-
-        memcpy(buf, &(rr->data[rr->off]), n);
-        if (!peek) {
-            rr->length -= n;
-            rr->off += n;
-            if (rr->length == 0) {
-                s->rstate = SSL_ST_READ_HEADER;
-                rr->off = 0;
-                if (s->mode & SSL_MODE_RELEASE_BUFFERS
-                    && s->s3->rbuf.left == 0)
-                    ssl3_release_read_buffer(s);
-            }
-        }
-        return (n);
-    }
-
-    /*
-     * If we get here, then type != rr->type; if we have a handshake message,
-     * then it was unexpected (Hello Request or Client Hello).
-     */
-
-    /*
-     * In case of record types for which we have 'fragment' storage, fill
-     * that so that we can process the data at a fixed place.
-     */
-    {
-        unsigned int dest_maxlen = 0;
-        unsigned char *dest = NULL;
-        unsigned int *dest_len = NULL;
-
-        if (rr->type == SSL3_RT_HANDSHAKE) {
-            dest_maxlen = sizeof(s->s3->handshake_fragment);
-            dest = s->s3->handshake_fragment;
-            dest_len = &s->s3->handshake_fragment_len;
-        } else if (rr->type == SSL3_RT_ALERT) {
-            dest_maxlen = sizeof(s->s3->alert_fragment);
-            dest = s->s3->alert_fragment;
-            dest_len = &s->s3->alert_fragment_len;
-        }
-#ifndef OPENSSL_NO_HEARTBEATS
-        else if (rr->type == TLS1_RT_HEARTBEAT) {
-            i = tls1_process_heartbeat(s);
-
-            if (i < 0)
-                return i;
-
-            rr->length = 0;
-            if (s->mode & SSL_MODE_AUTO_RETRY)
-                goto start;
-
-            /* Exit and notify application to read again */
-            s->rwstate = SSL_READING;
-            BIO_clear_retry_flags(SSL_get_rbio(s));
-            BIO_set_retry_read(SSL_get_rbio(s));
-            return (-1);
-        }
-#endif
-
-        if (dest_maxlen > 0) {
-            n = dest_maxlen - *dest_len; /* available space in 'dest' */
-            if (rr->length < n)
-                n = rr->length; /* available bytes */
-
-            /* now move 'n' bytes: */
-            while (n-- > 0) {
-                dest[(*dest_len)++] = rr->data[rr->off++];
-                rr->length--;
-            }
-
-            if (*dest_len < dest_maxlen)
-                goto start;     /* fragment was too small */
-        }
-    }
-
-    /*-
-     * s->s3->handshake_fragment_len == 4  iff  rr->type == SSL3_RT_HANDSHAKE;
-     * s->s3->alert_fragment_len == 2      iff  rr->type == SSL3_RT_ALERT.
-     * (Possibly rr is 'empty' now, i.e. rr->length may be 0.)
-     */
-
-    /* If we are a client, check for an incoming 'Hello Request': */
-    if ((!s->server) &&
-        (s->s3->handshake_fragment_len >= 4) &&
-        (s->s3->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&
-        (s->session != NULL) && (s->session->cipher != NULL)) {
-        s->s3->handshake_fragment_len = 0;
-
-        if ((s->s3->handshake_fragment[1] != 0) ||
-            (s->s3->handshake_fragment[2] != 0) ||
-            (s->s3->handshake_fragment[3] != 0)) {
-            al = SSL_AD_DECODE_ERROR;
-            SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_BAD_HELLO_REQUEST);
-            goto f_err;
-        }
-
-        if (s->msg_callback)
-            s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
-                            s->s3->handshake_fragment, 4, s,
-                            s->msg_callback_arg);
-
-        if (SSL_is_init_finished(s) &&
-            !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
-            !s->s3->renegotiate) {
-            ssl3_renegotiate(s);
-            if (ssl3_renegotiate_check(s)) {
-                i = s->handshake_func(s);
-                if (i < 0)
-                    return (i);
-                if (i == 0) {
-                    SSLerr(SSL_F_SSL3_READ_BYTES,
-                           SSL_R_SSL_HANDSHAKE_FAILURE);
-                    return (-1);
-                }
-
-                if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
-                    if (s->s3->rbuf.left == 0) { /* no read-ahead left? */
-                        BIO *bio;
-                        /*
-                         * In the case where we try to read application data,
-                         * but we trigger an SSL handshake, we return -1 with
-                         * the retry option set.  Otherwise renegotiation may
-                         * cause nasty problems in the blocking world
-                         */
-                        s->rwstate = SSL_READING;
-                        bio = SSL_get_rbio(s);
-                        BIO_clear_retry_flags(bio);
-                        BIO_set_retry_read(bio);
-                        return (-1);
-                    }
-                }
-            }
-        }
-        /*
-         * we either finished a handshake or ignored the request, now try
-         * again to obtain the (application) data we were asked for
-         */
-        goto start;
-    }
-
-    /*
-     * If we are a server and get a client hello when renegotiation isn't
-     * allowed send back a no renegotiation alert and carry on.
-     */
-    if (s->server
-            && SSL_is_init_finished(s)
-            && !s->s3->send_connection_binding
-            && s->version > SSL3_VERSION
-            && s->s3->handshake_fragment_len >= SSL3_HM_HEADER_LENGTH
-            && s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO
-            && s->s3->previous_client_finished_len != 0
-            && (s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) == 0) {
-        s->s3->handshake_fragment_len = 0;
-        rr->length = 0;
-        ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
-        goto start;
-    }
-
-    if (s->s3->alert_fragment_len >= 2) {
-        int alert_level = s->s3->alert_fragment[0];
-        int alert_descr = s->s3->alert_fragment[1];
-
-        s->s3->alert_fragment_len = 0;
-
-        if (s->msg_callback)
-            s->msg_callback(0, s->version, SSL3_RT_ALERT,
-                            s->s3->alert_fragment, 2, s, s->msg_callback_arg);
-
-        if (s->info_callback != NULL)
-            cb = s->info_callback;
-        else if (s->ctx->info_callback != NULL)
-            cb = s->ctx->info_callback;
-
-        if (cb != NULL) {
-            j = (alert_level << 8) | alert_descr;
-            cb(s, SSL_CB_READ_ALERT, j);
-        }
-
-        if (alert_level == SSL3_AL_WARNING) {
-            s->s3->warn_alert = alert_descr;
-
-            s->cert->alert_count++;
-            if (s->cert->alert_count == MAX_WARN_ALERT_COUNT) {
-                al = SSL_AD_UNEXPECTED_MESSAGE;
-                SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_TOO_MANY_WARN_ALERTS);
-                goto f_err;
-            }
-
-            if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
-                s->shutdown |= SSL_RECEIVED_SHUTDOWN;
-                return (0);
-            }
-            /*
-             * This is a warning but we receive it if we requested
-             * renegotiation and the peer denied it. Terminate with a fatal
-             * alert because if application tried to renegotiatie it
-             * presumably had a good reason and expects it to succeed. In
-             * future we might have a renegotiation where we don't care if
-             * the peer refused it where we carry on.
-             */
-            else if (alert_descr == SSL_AD_NO_RENEGOTIATION) {
-                al = SSL_AD_HANDSHAKE_FAILURE;
-                SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_NO_RENEGOTIATION);
-                goto f_err;
-            }
-#ifdef SSL_AD_MISSING_SRP_USERNAME
-            else if (alert_descr == SSL_AD_MISSING_SRP_USERNAME)
-                return (0);
-#endif
-        } else if (alert_level == SSL3_AL_FATAL) {
-            char tmp[16];
-
-            s->rwstate = SSL_NOTHING;
-            s->s3->fatal_alert = alert_descr;
-            SSLerr(SSL_F_SSL3_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
-            BIO_snprintf(tmp, sizeof(tmp), "%d", alert_descr);
-            ERR_add_error_data(2, "SSL alert number ", tmp);
-            s->shutdown |= SSL_RECEIVED_SHUTDOWN;
-            SSL_CTX_remove_session(s->session_ctx, s->session);
-            return (0);
-        } else {
-            al = SSL_AD_ILLEGAL_PARAMETER;
-            SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE);
-            goto f_err;
-        }
-
-        goto start;
-    }
-
-    if (s->shutdown & SSL_SENT_SHUTDOWN) { /* but we have not received a
-                                            * shutdown */
-        s->rwstate = SSL_NOTHING;
-        rr->length = 0;
-        return (0);
-    }
-
-    if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) {
-        /*
-         * 'Change Cipher Spec' is just a single byte, so we know exactly
-         * what the record payload has to look like
-         */
-        if ((rr->length != 1) || (rr->off != 0) ||
-            (rr->data[0] != SSL3_MT_CCS)) {
-            al = SSL_AD_ILLEGAL_PARAMETER;
-            SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_BAD_CHANGE_CIPHER_SPEC);
-            goto f_err;
-        }
-
-        /* Check we have a cipher to change to */
-        if (s->s3->tmp.new_cipher == NULL) {
-            al = SSL_AD_UNEXPECTED_MESSAGE;
-            SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_CCS_RECEIVED_EARLY);
-            goto f_err;
-        }
-
-        if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) {
-            al = SSL_AD_UNEXPECTED_MESSAGE;
-            SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_CCS_RECEIVED_EARLY);
-            goto f_err;
-        }
-
-        s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
-
-        rr->length = 0;
-
-        if (s->msg_callback)
-            s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC,
-                            rr->data, 1, s, s->msg_callback_arg);
-
-        s->s3->change_cipher_spec = 1;
-        if (!ssl3_do_change_cipher_spec(s))
-            goto err;
-        else
-            goto start;
-    }
-
-    /*
-     * Unexpected handshake message (Client Hello, or protocol violation)
-     */
-    if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake) {
-        if (((s->state & SSL_ST_MASK) == SSL_ST_OK) &&
-            !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) {
-#if 0                           /* worked only because C operator preferences
-                                 * are not as expected (and because this is
-                                 * not really needed for clients except for
-                                 * detecting protocol violations): */
-            s->state = SSL_ST_BEFORE | (s->server)
-                ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
-#else
-            s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
-#endif
-            s->renegotiate = 1;
-            s->new_session = 1;
-        }
-        i = s->handshake_func(s);
-        if (i < 0)
-            return (i);
-        if (i == 0) {
-            SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
-            return (-1);
-        }
-
-        if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
-            if (s->s3->rbuf.left == 0) { /* no read-ahead left? */
-                BIO *bio;
-                /*
-                 * In the case where we try to read application data, but we
-                 * trigger an SSL handshake, we return -1 with the retry
-                 * option set.  Otherwise renegotiation may cause nasty
-                 * problems in the blocking world
-                 */
-                s->rwstate = SSL_READING;
-                bio = SSL_get_rbio(s);
-                BIO_clear_retry_flags(bio);
-                BIO_set_retry_read(bio);
-                return (-1);
-            }
-        }
-        goto start;
-    }
-
-    switch (rr->type) {
-    default:
-        /*
-         * TLS 1.0 and 1.1 say you SHOULD ignore unrecognised record types, but
-         * TLS 1.2 says you MUST send an unexpected message alert. We use the
-         * TLS 1.2 behaviour for all protocol versions to prevent issues where
-         * no progress is being made and the peer continually sends unrecognised
-         * record types, using up resources processing them.
-         */
-        al = SSL_AD_UNEXPECTED_MESSAGE;
-        SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
-        goto f_err;
-    case SSL3_RT_CHANGE_CIPHER_SPEC:
-    case SSL3_RT_ALERT:
-    case SSL3_RT_HANDSHAKE:
-        /*
-         * we already handled all of these, with the possible exception of
-         * SSL3_RT_HANDSHAKE when s->in_handshake is set, but that should not
-         * happen when type != rr->type
-         */
-        al = SSL_AD_UNEXPECTED_MESSAGE;
-        SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
-        goto f_err;
-    case SSL3_RT_APPLICATION_DATA:
-        /*
-         * At this point, we were expecting handshake data, but have
-         * application data.  If the library was running inside ssl3_read()
-         * (i.e. in_read_app_data is set) and it makes sense to read
-         * application data at this point (session renegotiation not yet
-         * started), we will indulge it.
-         */
-        if (s->s3->in_read_app_data &&
-            (s->s3->total_renegotiations != 0) &&
-            (((s->state & SSL_ST_CONNECT) &&
-              (s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
-              (s->state <= SSL3_ST_CR_SRVR_HELLO_A)
-             ) || ((s->state & SSL_ST_ACCEPT) &&
-                   (s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
-                   (s->state >= SSL3_ST_SR_CLNT_HELLO_A)
-             )
-            )) {
-            s->s3->in_read_app_data = 2;
-            return (-1);
-        } else {
-            al = SSL_AD_UNEXPECTED_MESSAGE;
-            SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
-            goto f_err;
-        }
-    }
-    /* not reached */
-
- f_err:
-    ssl3_send_alert(s, SSL3_AL_FATAL, al);
- err:
-    return (-1);
-}
-
-int ssl3_do_change_cipher_spec(SSL *s)
-{
-    int i;
-    const char *sender;
-    int slen;
-
-    if (s->state & SSL_ST_ACCEPT)
-        i = SSL3_CHANGE_CIPHER_SERVER_READ;
-    else
-        i = SSL3_CHANGE_CIPHER_CLIENT_READ;
-
-    if (s->s3->tmp.key_block == NULL) {
-        if (s->session == NULL || s->session->master_key_length == 0) {
-            /* might happen if dtls1_read_bytes() calls this */
-            SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,
-                   SSL_R_CCS_RECEIVED_EARLY);
-            return (0);
-        }
-
-        s->session->cipher = s->s3->tmp.new_cipher;
-        if (!s->method->ssl3_enc->setup_key_block(s))
-            return (0);
-    }
-
-    if (!s->method->ssl3_enc->change_cipher_state(s, i))
-        return (0);
-
-    /*
-     * we have to record the message digest at this point so we can get it
-     * before we read the finished message
-     */
-    if (s->state & SSL_ST_CONNECT) {
-        sender = s->method->ssl3_enc->server_finished_label;
-        slen = s->method->ssl3_enc->server_finished_label_len;
-    } else {
-        sender = s->method->ssl3_enc->client_finished_label;
-        slen = s->method->ssl3_enc->client_finished_label_len;
-    }
-
-    i = s->method->ssl3_enc->final_finish_mac(s,
-                                              sender, slen,
-                                              s->s3->tmp.peer_finish_md);
-    if (i == 0) {
-        SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR);
-        return 0;
-    }
-    s->s3->tmp.peer_finish_md_len = i;
-
-    return (1);
-}
-
-int ssl3_send_alert(SSL *s, int level, int desc)
-{
-    /* Map tls/ssl alert value to correct one */
-    desc = s->method->ssl3_enc->alert_value(desc);
-    if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION)
-        desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have
-                                          * protocol_version alerts */
-    if (desc < 0)
-        return -1;
-    /* If a fatal one, remove from cache */
-    if ((level == 2) && (s->session != NULL))
-        SSL_CTX_remove_session(s->session_ctx, s->session);
-
-    s->s3->alert_dispatch = 1;
-    s->s3->send_alert[0] = level;
-    s->s3->send_alert[1] = desc;
-    if (s->s3->wbuf.left == 0)  /* data still being written out? */
-        return s->method->ssl_dispatch_alert(s);
-    /*
-     * else data is still being written out, we will get written some time in
-     * the future
-     */
-    return -1;
-}
-
-int ssl3_dispatch_alert(SSL *s)
-{
-    int i, j;
-    void (*cb) (const SSL *ssl, int type, int val) = NULL;
-
-    s->s3->alert_dispatch = 0;
-    i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], 2, 0);
-    if (i <= 0) {
-        s->s3->alert_dispatch = 1;
-    } else {
-        /*
-         * Alert sent to BIO.  If it is important, flush it now. If the
-         * message does not get sent due to non-blocking IO, we will not
-         * worry too much.
-         */
-        if (s->s3->send_alert[0] == SSL3_AL_FATAL)
-            (void)BIO_flush(s->wbio);
-
-        if (s->msg_callback)
-            s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert,
-                            2, s, s->msg_callback_arg);
-
-        if (s->info_callback != NULL)
-            cb = s->info_callback;
-        else if (s->ctx->info_callback != NULL)
-            cb = s->ctx->info_callback;
-
-        if (cb != NULL) {
-            j = (s->s3->send_alert[0] << 8) | s->s3->send_alert[1];
-            cb(s, SSL_CB_WRITE_ALERT, j);
-        }
-    }
-    return (i);
-}
diff --git a/freebsd/crypto/openssl/ssl/s3_srvr.c b/freebsd/crypto/openssl/ssl/s3_srvr.c
deleted file mode 100644
index 5916d77d..00000000
--- a/freebsd/crypto/openssl/ssl/s3_srvr.c
+++ /dev/null
@@ -1,3717 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* ssl/s3_srvr.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2018 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * ECC cipher suite support in OpenSSL originally written by
- * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
- *
- */
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
-
-#define REUSE_CIPHER_BUG
-#define NETSCAPE_HANG_BUG
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include "kssl_lcl.h"
-#include "../crypto/constant_time_locl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/hmac.h>
-#include <openssl/x509.h>
-#ifndef OPENSSL_NO_DH
-# include <openssl/dh.h>
-#endif
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_KRB5
-# include <openssl/krb5_asn.h>
-#endif
-#include <openssl/md5.h>
-
-#ifndef OPENSSL_NO_SSL3_METHOD
-static const SSL_METHOD *ssl3_get_server_method(int ver);
-
-static const SSL_METHOD *ssl3_get_server_method(int ver)
-{
-    if (ver == SSL3_VERSION)
-        return (SSLv3_server_method());
-    else
-        return (NULL);
-}
-
-IMPLEMENT_ssl3_meth_func(SSLv3_server_method,
-                         ssl3_accept,
-                         ssl_undefined_function, ssl3_get_server_method)
-#endif
-#ifndef OPENSSL_NO_SRP
-static int ssl_check_srp_ext_ClientHello(SSL *s, int *al)
-{
-    int ret = SSL_ERROR_NONE;
-
-    *al = SSL_AD_UNRECOGNIZED_NAME;
-
-    if ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) &&
-        (s->srp_ctx.TLS_ext_srp_username_callback != NULL)) {
-        if (s->srp_ctx.login == NULL) {
-            /*
-             * RFC 5054 says SHOULD reject, we do so if There is no srp
-             * login name
-             */
-            ret = SSL3_AL_FATAL;
-            *al = SSL_AD_UNKNOWN_PSK_IDENTITY;
-        } else {
-            ret = SSL_srp_server_param_with_username(s, al);
-        }
-    }
-    return ret;
-}
-#endif
-
-int ssl3_accept(SSL *s)
-{
-    BUF_MEM *buf;
-    unsigned long alg_k, Time = (unsigned long)time(NULL);
-    void (*cb) (const SSL *ssl, int type, int val) = NULL;
-    int ret = -1;
-    int new_state, state, skip = 0;
-
-    RAND_add(&Time, sizeof(Time), 0);
-    ERR_clear_error();
-    clear_sys_error();
-
-    if (s->info_callback != NULL)
-        cb = s->info_callback;
-    else if (s->ctx->info_callback != NULL)
-        cb = s->ctx->info_callback;
-
-    /* init things to blank */
-    s->in_handshake++;
-    if (!SSL_in_init(s) || SSL_in_before(s))
-        SSL_clear(s);
-
-    if (s->cert == NULL) {
-        SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_NO_CERTIFICATE_SET);
-        return (-1);
-    }
-#ifndef OPENSSL_NO_HEARTBEATS
-    /*
-     * If we're awaiting a HeartbeatResponse, pretend we already got and
-     * don't await it anymore, because Heartbeats don't make sense during
-     * handshakes anyway.
-     */
-    if (s->tlsext_hb_pending) {
-        s->tlsext_hb_pending = 0;
-        s->tlsext_hb_seq++;
-    }
-#endif
-
-    for (;;) {
-        state = s->state;
-
-        switch (s->state) {
-        case SSL_ST_RENEGOTIATE:
-            s->renegotiate = 1;
-            /* s->state=SSL_ST_ACCEPT; */
-
-        case SSL_ST_BEFORE:
-        case SSL_ST_ACCEPT:
-        case SSL_ST_BEFORE | SSL_ST_ACCEPT:
-        case SSL_ST_OK | SSL_ST_ACCEPT:
-
-            s->server = 1;
-            if (cb != NULL)
-                cb(s, SSL_CB_HANDSHAKE_START, 1);
-
-            if ((s->version >> 8) != 3) {
-                SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR);
-                s->state = SSL_ST_ERR;
-                return -1;
-            }
-            s->type = SSL_ST_ACCEPT;
-
-            if (s->init_buf == NULL) {
-                if ((buf = BUF_MEM_new()) == NULL) {
-                    ret = -1;
-                    s->state = SSL_ST_ERR;
-                    goto end;
-                }
-                if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
-                    BUF_MEM_free(buf);
-                    ret = -1;
-                    s->state = SSL_ST_ERR;
-                    goto end;
-                }
-                s->init_buf = buf;
-            }
-
-            if (!ssl3_setup_buffers(s)) {
-                ret = -1;
-                s->state = SSL_ST_ERR;
-                goto end;
-            }
-
-            s->init_num = 0;
-            s->s3->flags &= ~TLS1_FLAGS_SKIP_CERT_VERIFY;
-            s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
-            /*
-             * Should have been reset by ssl3_get_finished, too.
-             */
-            s->s3->change_cipher_spec = 0;
-
-            if (s->state != SSL_ST_RENEGOTIATE) {
-                /*
-                 * Ok, we now need to push on a buffering BIO so that the
-                 * output is sent in a way that TCP likes :-)
-                 */
-                if (!ssl_init_wbio_buffer(s, 1)) {
-                    ret = -1;
-                    s->state = SSL_ST_ERR;
-                    goto end;
-                }
-
-                if (!ssl3_init_finished_mac(s)) {
-                    ret = -1;
-                    s->state = SSL_ST_ERR;
-                    goto end;
-                }
-
-                s->state = SSL3_ST_SR_CLNT_HELLO_A;
-                s->ctx->stats.sess_accept++;
-            } else if (!s->s3->send_connection_binding &&
-                       !(s->options &
-                         SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
-                /*
-                 * Server attempting to renegotiate with client that doesn't
-                 * support secure renegotiation.
-                 */
-                SSLerr(SSL_F_SSL3_ACCEPT,
-                       SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
-                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
-                ret = -1;
-                s->state = SSL_ST_ERR;
-                goto end;
-            } else {
-                /*
-                 * s->state == SSL_ST_RENEGOTIATE, we will just send a
-                 * HelloRequest
-                 */
-                s->ctx->stats.sess_accept_renegotiate++;
-                s->state = SSL3_ST_SW_HELLO_REQ_A;
-            }
-            break;
-
-        case SSL3_ST_SW_HELLO_REQ_A:
-        case SSL3_ST_SW_HELLO_REQ_B:
-
-            s->shutdown = 0;
-            ret = ssl3_send_hello_request(s);
-            if (ret <= 0)
-                goto end;
-            s->s3->tmp.next_state = SSL3_ST_SW_HELLO_REQ_C;
-            s->state = SSL3_ST_SW_FLUSH;
-            s->init_num = 0;
-
-            if (!ssl3_init_finished_mac(s)) {
-                ret = -1;
-                s->state = SSL_ST_ERR;
-                goto end;
-            }
-            break;
-
-        case SSL3_ST_SW_HELLO_REQ_C:
-            s->state = SSL_ST_OK;
-            break;
-
-        case SSL3_ST_SR_CLNT_HELLO_A:
-        case SSL3_ST_SR_CLNT_HELLO_B:
-        case SSL3_ST_SR_CLNT_HELLO_C:
-
-            s->shutdown = 0;
-            ret = ssl3_get_client_hello(s);
-            if (ret <= 0)
-                goto end;
-#ifndef OPENSSL_NO_SRP
-            s->state = SSL3_ST_SR_CLNT_HELLO_D;
-        case SSL3_ST_SR_CLNT_HELLO_D:
-            {
-                int al;
-                if ((ret = ssl_check_srp_ext_ClientHello(s, &al)) < 0) {
-                    /*
-                     * callback indicates firther work to be done
-                     */
-                    s->rwstate = SSL_X509_LOOKUP;
-                    goto end;
-                }
-                if (ret != SSL_ERROR_NONE) {
-                    ssl3_send_alert(s, SSL3_AL_FATAL, al);
-                    /*
-                     * This is not really an error but the only means to for
-                     * a client to detect whether srp is supported.
-                     */
-                    if (al != TLS1_AD_UNKNOWN_PSK_IDENTITY)
-                        SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_CLIENTHELLO_TLSEXT);
-                    ret = -1;
-                    s->state = SSL_ST_ERR;
-                    goto end;
-                }
-            }
-#endif
-
-            s->renegotiate = 2;
-            s->state = SSL3_ST_SW_SRVR_HELLO_A;
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_SW_SRVR_HELLO_A:
-        case SSL3_ST_SW_SRVR_HELLO_B:
-            ret = ssl3_send_server_hello(s);
-            if (ret <= 0)
-                goto end;
-#ifndef OPENSSL_NO_TLSEXT
-            if (s->hit) {
-                if (s->tlsext_ticket_expected)
-                    s->state = SSL3_ST_SW_SESSION_TICKET_A;
-                else
-                    s->state = SSL3_ST_SW_CHANGE_A;
-            }
-#else
-            if (s->hit)
-                s->state = SSL3_ST_SW_CHANGE_A;
-#endif
-            else
-                s->state = SSL3_ST_SW_CERT_A;
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_SW_CERT_A:
-        case SSL3_ST_SW_CERT_B:
-            /* Check if it is anon DH or anon ECDH, */
-            /* normal PSK or KRB5 or SRP */
-            if (!
-                (s->s3->tmp.
-                 new_cipher->algorithm_auth & (SSL_aNULL | SSL_aKRB5 |
-                                               SSL_aSRP))
-&& !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
-                ret = ssl3_send_server_certificate(s);
-                if (ret <= 0)
-                    goto end;
-#ifndef OPENSSL_NO_TLSEXT
-                if (s->tlsext_status_expected)
-                    s->state = SSL3_ST_SW_CERT_STATUS_A;
-                else
-                    s->state = SSL3_ST_SW_KEY_EXCH_A;
-            } else {
-                skip = 1;
-                s->state = SSL3_ST_SW_KEY_EXCH_A;
-            }
-#else
-            } else
-                skip = 1;
-
-            s->state = SSL3_ST_SW_KEY_EXCH_A;
-#endif
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_SW_KEY_EXCH_A:
-        case SSL3_ST_SW_KEY_EXCH_B:
-            alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
-
-            /*
-             * clear this, it may get reset by
-             * send_server_key_exchange
-             */
-            s->s3->tmp.use_rsa_tmp = 0;
-
-            /*
-             * only send if a DH key exchange, fortezza or RSA but we have a
-             * sign only certificate PSK: may send PSK identity hints For
-             * ECC ciphersuites, we send a serverKeyExchange message only if
-             * the cipher suite is either ECDH-anon or ECDHE. In other cases,
-             * the server certificate contains the server's public key for
-             * key exchange.
-             */
-            if (0
-                /*
-                 * PSK: send ServerKeyExchange if PSK identity hint if
-                 * provided
-                 */
-#ifndef OPENSSL_NO_PSK
-                || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
-#endif
-#ifndef OPENSSL_NO_SRP
-                /* SRP: send ServerKeyExchange */
-                || (alg_k & SSL_kSRP)
-#endif
-                || (alg_k & SSL_kEDH)
-                || (alg_k & SSL_kEECDH)
-                || ((alg_k & SSL_kRSA)
-                    && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
-                        || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
-                            && EVP_PKEY_size(s->cert->pkeys
-                                             [SSL_PKEY_RSA_ENC].privatekey) *
-                            8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
-                        )
-                    )
-                )
-                ) {
-                ret = ssl3_send_server_key_exchange(s);
-                if (ret <= 0)
-                    goto end;
-            } else
-                skip = 1;
-
-            s->state = SSL3_ST_SW_CERT_REQ_A;
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_SW_CERT_REQ_A:
-        case SSL3_ST_SW_CERT_REQ_B:
-            if (                /* don't request cert unless asked for it: */
-                   !(s->verify_mode & SSL_VERIFY_PEER) ||
-                   /*
-                    * if SSL_VERIFY_CLIENT_ONCE is set, don't request cert
-                    * during re-negotiation:
-                    */
-                   (s->s3->tmp.finish_md_len != 0 &&
-                    (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
-                   /*
-                    * never request cert in anonymous ciphersuites (see
-                    * section "Certificate request" in SSL 3 drafts and in
-                    * RFC 2246):
-                    */
-                   ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
-                    /*
-                     * ... except when the application insists on
-                     * verification (against the specs, but s3_clnt.c accepts
-                     * this for SSL 3)
-                     */
-                    !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
-                   /*
-                    * never request cert in Kerberos ciphersuites
-                    */
-                   (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) ||
-                   /* don't request certificate for SRP auth */
-                   (s->s3->tmp.new_cipher->algorithm_auth & SSL_aSRP)
-                   /*
-                    * With normal PSK Certificates and Certificate Requests
-                    * are omitted
-                    */
-                   || (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
-                /* no cert request */
-                skip = 1;
-                s->s3->tmp.cert_request = 0;
-                s->state = SSL3_ST_SW_SRVR_DONE_A;
-                if (s->s3->handshake_buffer) {
-                    if (!ssl3_digest_cached_records(s)) {
-                        s->state = SSL_ST_ERR;
-                        return -1;
-                    }
-                }
-            } else {
-                s->s3->tmp.cert_request = 1;
-                ret = ssl3_send_certificate_request(s);
-                if (ret <= 0)
-                    goto end;
-#ifndef NETSCAPE_HANG_BUG
-                s->state = SSL3_ST_SW_SRVR_DONE_A;
-#else
-                s->state = SSL3_ST_SW_FLUSH;
-                s->s3->tmp.next_state = SSL3_ST_SR_CERT_A;
-#endif
-                s->init_num = 0;
-            }
-            break;
-
-        case SSL3_ST_SW_SRVR_DONE_A:
-        case SSL3_ST_SW_SRVR_DONE_B:
-            ret = ssl3_send_server_done(s);
-            if (ret <= 0)
-                goto end;
-            s->s3->tmp.next_state = SSL3_ST_SR_CERT_A;
-            s->state = SSL3_ST_SW_FLUSH;
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_SW_FLUSH:
-
-            /*
-             * This code originally checked to see if any data was pending
-             * using BIO_CTRL_INFO and then flushed. This caused problems as
-             * documented in PR#1939. The proposed fix doesn't completely
-             * resolve this issue as buggy implementations of
-             * BIO_CTRL_PENDING still exist. So instead we just flush
-             * unconditionally.
-             */
-
-            s->rwstate = SSL_WRITING;
-            if (BIO_flush(s->wbio) <= 0) {
-                ret = -1;
-                goto end;
-            }
-            s->rwstate = SSL_NOTHING;
-
-            s->state = s->s3->tmp.next_state;
-            break;
-
-        case SSL3_ST_SR_CERT_A:
-        case SSL3_ST_SR_CERT_B:
-            if (s->s3->tmp.cert_request) {
-                ret = ssl3_get_client_certificate(s);
-                if (ret <= 0)
-                    goto end;
-            }
-            s->init_num = 0;
-            s->state = SSL3_ST_SR_KEY_EXCH_A;
-            break;
-
-        case SSL3_ST_SR_KEY_EXCH_A:
-        case SSL3_ST_SR_KEY_EXCH_B:
-            ret = ssl3_get_client_key_exchange(s);
-            if (ret <= 0)
-                goto end;
-            if (ret == 2) {
-                /*
-                 * For the ECDH ciphersuites when the client sends its ECDH
-                 * pub key in a certificate, the CertificateVerify message is
-                 * not sent. Also for GOST ciphersuites when the client uses
-                 * its key from the certificate for key exchange.
-                 */
-#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
-                s->state = SSL3_ST_SR_FINISHED_A;
-#else
-                if (s->s3->next_proto_neg_seen)
-                    s->state = SSL3_ST_SR_NEXT_PROTO_A;
-                else
-                    s->state = SSL3_ST_SR_FINISHED_A;
-#endif
-                s->init_num = 0;
-            } else if (SSL_USE_SIGALGS(s)) {
-                s->state = SSL3_ST_SR_CERT_VRFY_A;
-                s->init_num = 0;
-                if (!s->session->peer)
-                    break;
-                /*
-                 * For sigalgs freeze the handshake buffer at this point and
-                 * digest cached records.
-                 */
-                if (!s->s3->handshake_buffer) {
-                    SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR);
-                    s->state = SSL_ST_ERR;
-                    return -1;
-                }
-                s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE;
-                if (!ssl3_digest_cached_records(s)) {
-                    s->state = SSL_ST_ERR;
-                    return -1;
-                }
-            } else {
-                int offset = 0;
-                int dgst_num;
-
-                s->state = SSL3_ST_SR_CERT_VRFY_A;
-                s->init_num = 0;
-
-                /*
-                 * We need to get hashes here so if there is a client cert,
-                 * it can be verified FIXME - digest processing for
-                 * CertificateVerify should be generalized. But it is next
-                 * step
-                 */
-                if (s->s3->handshake_buffer) {
-                    if (!ssl3_digest_cached_records(s)) {
-                        s->state = SSL_ST_ERR;
-                        return -1;
-                    }
-                }
-                for (dgst_num = 0; dgst_num < SSL_MAX_DIGEST; dgst_num++)
-                    if (s->s3->handshake_dgst[dgst_num]) {
-                        int dgst_size;
-
-                        s->method->ssl3_enc->cert_verify_mac(s,
-                                                             EVP_MD_CTX_type
-                                                             (s->
-                                                              s3->handshake_dgst
-                                                              [dgst_num]),
-                                                             &(s->s3->
-                                                               tmp.cert_verify_md
-                                                               [offset]));
-                        dgst_size =
-                            EVP_MD_CTX_size(s->s3->handshake_dgst[dgst_num]);
-                        if (dgst_size < 0) {
-                            s->state = SSL_ST_ERR;
-                            ret = -1;
-                            goto end;
-                        }
-                        offset += dgst_size;
-                    }
-            }
-            break;
-
-        case SSL3_ST_SR_CERT_VRFY_A:
-        case SSL3_ST_SR_CERT_VRFY_B:
-            ret = ssl3_get_cert_verify(s);
-            if (ret <= 0)
-                goto end;
-
-#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
-            s->state = SSL3_ST_SR_FINISHED_A;
-#else
-            if (s->s3->next_proto_neg_seen)
-                s->state = SSL3_ST_SR_NEXT_PROTO_A;
-            else
-                s->state = SSL3_ST_SR_FINISHED_A;
-#endif
-            s->init_num = 0;
-            break;
-
-#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
-        case SSL3_ST_SR_NEXT_PROTO_A:
-        case SSL3_ST_SR_NEXT_PROTO_B:
-            /*
-             * Enable CCS for NPN. Receiving a CCS clears the flag, so make
-             * sure not to re-enable it to ban duplicates. This *should* be the
-             * first time we have received one - but we check anyway to be
-             * cautious.
-             * s->s3->change_cipher_spec is set when a CCS is
-             * processed in s3_pkt.c, and remains set until
-             * the client's Finished message is read.
-             */
-            if (!s->s3->change_cipher_spec)
-                s->s3->flags |= SSL3_FLAGS_CCS_OK;
-
-            ret = ssl3_get_next_proto(s);
-            if (ret <= 0)
-                goto end;
-            s->init_num = 0;
-            s->state = SSL3_ST_SR_FINISHED_A;
-            break;
-#endif
-
-        case SSL3_ST_SR_FINISHED_A:
-        case SSL3_ST_SR_FINISHED_B:
-            /*
-             * Enable CCS for handshakes without NPN. In NPN the CCS flag has
-             * already been set. Receiving a CCS clears the flag, so make
-             * sure not to re-enable it to ban duplicates.
-             * s->s3->change_cipher_spec is set when a CCS is
-             * processed in s3_pkt.c, and remains set until
-             * the client's Finished message is read.
-             */
-            if (!s->s3->change_cipher_spec)
-                s->s3->flags |= SSL3_FLAGS_CCS_OK;
-            ret = ssl3_get_finished(s, SSL3_ST_SR_FINISHED_A,
-                                    SSL3_ST_SR_FINISHED_B);
-            if (ret <= 0)
-                goto end;
-            if (s->hit)
-                s->state = SSL_ST_OK;
-#ifndef OPENSSL_NO_TLSEXT
-            else if (s->tlsext_ticket_expected)
-                s->state = SSL3_ST_SW_SESSION_TICKET_A;
-#endif
-            else
-                s->state = SSL3_ST_SW_CHANGE_A;
-            s->init_num = 0;
-            break;
-
-#ifndef OPENSSL_NO_TLSEXT
-        case SSL3_ST_SW_SESSION_TICKET_A:
-        case SSL3_ST_SW_SESSION_TICKET_B:
-            ret = ssl3_send_newsession_ticket(s);
-            if (ret <= 0)
-                goto end;
-            s->state = SSL3_ST_SW_CHANGE_A;
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_SW_CERT_STATUS_A:
-        case SSL3_ST_SW_CERT_STATUS_B:
-            ret = ssl3_send_cert_status(s);
-            if (ret <= 0)
-                goto end;
-            s->state = SSL3_ST_SW_KEY_EXCH_A;
-            s->init_num = 0;
-            break;
-
-#endif
-
-        case SSL3_ST_SW_CHANGE_A:
-        case SSL3_ST_SW_CHANGE_B:
-
-            s->session->cipher = s->s3->tmp.new_cipher;
-            if (!s->method->ssl3_enc->setup_key_block(s)) {
-                ret = -1;
-                s->state = SSL_ST_ERR;
-                goto end;
-            }
-
-            ret = ssl3_send_change_cipher_spec(s,
-                                               SSL3_ST_SW_CHANGE_A,
-                                               SSL3_ST_SW_CHANGE_B);
-
-            if (ret <= 0)
-                goto end;
-            s->state = SSL3_ST_SW_FINISHED_A;
-            s->init_num = 0;
-
-            if (!s->method->ssl3_enc->change_cipher_state(s,
-                                                          SSL3_CHANGE_CIPHER_SERVER_WRITE))
-            {
-                ret = -1;
-                s->state = SSL_ST_ERR;
-                goto end;
-            }
-
-            break;
-
-        case SSL3_ST_SW_FINISHED_A:
-        case SSL3_ST_SW_FINISHED_B:
-            ret = ssl3_send_finished(s,
-                                     SSL3_ST_SW_FINISHED_A,
-                                     SSL3_ST_SW_FINISHED_B,
-                                     s->method->
-                                     ssl3_enc->server_finished_label,
-                                     s->method->
-                                     ssl3_enc->server_finished_label_len);
-            if (ret <= 0)
-                goto end;
-            s->state = SSL3_ST_SW_FLUSH;
-            if (s->hit) {
-#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
-                s->s3->tmp.next_state = SSL3_ST_SR_FINISHED_A;
-#else
-                if (s->s3->next_proto_neg_seen) {
-                    s->s3->tmp.next_state = SSL3_ST_SR_NEXT_PROTO_A;
-                } else
-                    s->s3->tmp.next_state = SSL3_ST_SR_FINISHED_A;
-#endif
-            } else
-                s->s3->tmp.next_state = SSL_ST_OK;
-            s->init_num = 0;
-            break;
-
-        case SSL_ST_OK:
-            /* clean a few things up */
-            ssl3_cleanup_key_block(s);
-
-            BUF_MEM_free(s->init_buf);
-            s->init_buf = NULL;
-
-            /* remove buffering on output */
-            ssl_free_wbio_buffer(s);
-
-            s->init_num = 0;
-
-            if (s->renegotiate == 2) { /* skipped if we just sent a
-                                        * HelloRequest */
-                s->renegotiate = 0;
-                s->new_session = 0;
-
-                ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
-
-                s->ctx->stats.sess_accept_good++;
-                /* s->server=1; */
-                s->handshake_func = ssl3_accept;
-
-                if (cb != NULL)
-                    cb(s, SSL_CB_HANDSHAKE_DONE, 1);
-            }
-
-            ret = 1;
-            goto end;
-            /* break; */
-
-        case SSL_ST_ERR:
-        default:
-            SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_UNKNOWN_STATE);
-            ret = -1;
-            goto end;
-            /* break; */
-        }
-
-        if (!s->s3->tmp.reuse_message && !skip) {
-            if (s->debug) {
-                if ((ret = BIO_flush(s->wbio)) <= 0)
-                    goto end;
-            }
-
-            if ((cb != NULL) && (s->state != state)) {
-                new_state = s->state;
-                s->state = state;
-                cb(s, SSL_CB_ACCEPT_LOOP, 1);
-                s->state = new_state;
-            }
-        }
-        skip = 0;
-    }
- end:
-    /* BIO_flush(s->wbio); */
-
-    s->in_handshake--;
-    if (cb != NULL)
-        cb(s, SSL_CB_ACCEPT_EXIT, ret);
-    return (ret);
-}
-
-int ssl3_send_hello_request(SSL *s)
-{
-
-    if (s->state == SSL3_ST_SW_HELLO_REQ_A) {
-        ssl_set_handshake_header(s, SSL3_MT_HELLO_REQUEST, 0);
-        s->state = SSL3_ST_SW_HELLO_REQ_B;
-    }
-
-    /* SSL3_ST_SW_HELLO_REQ_B */
-    return ssl_do_write(s);
-}
-
-int ssl3_get_client_hello(SSL *s)
-{
-    int i, j, ok, al = SSL_AD_INTERNAL_ERROR, ret = -1, cookie_valid = 0;
-    unsigned int cookie_len;
-    long n;
-    unsigned long id;
-    unsigned char *p, *d;
-    SSL_CIPHER *c;
-#ifndef OPENSSL_NO_COMP
-    unsigned char *q;
-    SSL_COMP *comp = NULL;
-#endif
-    STACK_OF(SSL_CIPHER) *ciphers = NULL;
-
-    if (s->state == SSL3_ST_SR_CLNT_HELLO_C && !s->first_packet)
-        goto retry_cert;
-
-    /*
-     * We do this so that we will respond with our native type. If we are
-     * TLSv1 and we get SSLv3, we will respond with TLSv1, This down
-     * switching should be handled by a different method. If we are SSLv3, we
-     * will respond with SSLv3, even if prompted with TLSv1.
-     */
-    if (s->state == SSL3_ST_SR_CLNT_HELLO_A) {
-        s->state = SSL3_ST_SR_CLNT_HELLO_B;
-    }
-    s->first_packet = 1;
-    n = s->method->ssl_get_message(s,
-                                   SSL3_ST_SR_CLNT_HELLO_B,
-                                   SSL3_ST_SR_CLNT_HELLO_C,
-                                   SSL3_MT_CLIENT_HELLO,
-                                   SSL3_RT_MAX_PLAIN_LENGTH, &ok);
-
-    if (!ok)
-        return ((int)n);
-    s->first_packet = 0;
-    d = p = (unsigned char *)s->init_msg;
-
-    /*
-     * 2 bytes for client version, SSL3_RANDOM_SIZE bytes for random, 1 byte
-     * for session id length
-     */
-    if (n < 2 + SSL3_RANDOM_SIZE + 1) {
-        al = SSL_AD_DECODE_ERROR;
-        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
-        goto f_err;
-    }
-
-    /*
-     * use version from inside client hello, not from record header (may
-     * differ: see RFC 2246, Appendix E, second paragraph)
-     */
-    s->client_version = (((int)p[0]) << 8) | (int)p[1];
-    p += 2;
-
-    if (SSL_IS_DTLS(s) ? (s->client_version > s->version &&
-                          s->method->version != DTLS_ANY_VERSION)
-        : (s->client_version < s->version)) {
-        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER);
-        if ((s->client_version >> 8) == SSL3_VERSION_MAJOR &&
-            !s->enc_write_ctx && !s->write_hash) {
-            /*
-             * similar to ssl3_get_record, send alert using remote version
-             * number
-             */
-            s->version = s->client_version;
-        }
-        al = SSL_AD_PROTOCOL_VERSION;
-        goto f_err;
-    }
-
-    /*
-     * If we require cookies and this ClientHello doesn't contain one, just
-     * return since we do not want to allocate any memory yet. So check
-     * cookie length...
-     */
-    if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) {
-        unsigned int session_length, cookie_length;
-
-        session_length = *(p + SSL3_RANDOM_SIZE);
-
-        if (SSL3_RANDOM_SIZE + session_length + 1
-                >= (unsigned int)((d + n) - p)) {
-            al = SSL_AD_DECODE_ERROR;
-            SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
-            goto f_err;
-        }
-        cookie_length = *(p + SSL3_RANDOM_SIZE + session_length + 1);
-
-        if (cookie_length == 0)
-            return 1;
-    }
-
-    /* load the client random */
-    memcpy(s->s3->client_random, p, SSL3_RANDOM_SIZE);
-    p += SSL3_RANDOM_SIZE;
-
-    /* get the session-id */
-    j = *(p++);
-
-    if ((d + n) - p < j) {
-        al = SSL_AD_DECODE_ERROR;
-        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
-        goto f_err;
-    }
-
-    if ((j < 0) || (j > SSL_MAX_SSL_SESSION_ID_LENGTH)) {
-        al = SSL_AD_DECODE_ERROR;
-        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
-        goto f_err;
-    }
-
-    s->hit = 0;
-    /*
-     * Versions before 0.9.7 always allow clients to resume sessions in
-     * renegotiation. 0.9.7 and later allow this by default, but optionally
-     * ignore resumption requests with flag
-     * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION (it's a new flag rather
-     * than a change to default behavior so that applications relying on this
-     * for security won't even compile against older library versions).
-     * 1.0.1 and later also have a function SSL_renegotiate_abbreviated() to
-     * request renegotiation but not a new session (s->new_session remains
-     * unset): for servers, this essentially just means that the
-     * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION setting will be ignored.
-     */
-    if ((s->new_session
-         && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION))) {
-        if (!ssl_get_new_session(s, 1))
-            goto err;
-    } else {
-        i = ssl_get_prev_session(s, p, j, d + n);
-        /*
-         * Only resume if the session's version matches the negotiated
-         * version.
-         * RFC 5246 does not provide much useful advice on resumption
-         * with a different protocol version. It doesn't forbid it but
-         * the sanity of such behaviour would be questionable.
-         * In practice, clients do not accept a version mismatch and
-         * will abort the handshake with an error.
-         */
-        if (i == 1 && s->version == s->session->ssl_version) { /* previous
-                                                                * session */
-            s->hit = 1;
-        } else if (i == -1)
-            goto err;
-        else {                  /* i == 0 */
-
-            if (!ssl_get_new_session(s, 1))
-                goto err;
-        }
-    }
-
-    p += j;
-
-    if (SSL_IS_DTLS(s)) {
-        /* cookie stuff */
-        if ((d + n) - p < 1) {
-            al = SSL_AD_DECODE_ERROR;
-            SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
-            goto f_err;
-        }
-        cookie_len = *(p++);
-
-        if ((unsigned int)((d + n ) - p) < cookie_len) {
-            al = SSL_AD_DECODE_ERROR;
-            SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
-            goto f_err;
-        }
-
-        /*
-         * The ClientHello may contain a cookie even if the
-         * HelloVerify message has not been sent--make sure that it
-         * does not cause an overflow.
-         */
-        if (cookie_len > sizeof(s->d1->rcvd_cookie)) {
-            /* too much data */
-            al = SSL_AD_DECODE_ERROR;
-            SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH);
-            goto f_err;
-        }
-
-        /* verify the cookie if appropriate option is set. */
-        if ((SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) && cookie_len > 0) {
-            memcpy(s->d1->rcvd_cookie, p, cookie_len);
-
-            if (s->ctx->app_verify_cookie_cb != NULL) {
-                if (s->ctx->app_verify_cookie_cb(s, s->d1->rcvd_cookie,
-                                                 cookie_len) == 0) {
-                    al = SSL_AD_HANDSHAKE_FAILURE;
-                    SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
-                           SSL_R_COOKIE_MISMATCH);
-                    goto f_err;
-                }
-                /* else cookie verification succeeded */
-            }
-            /* default verification */
-            else if (memcmp(s->d1->rcvd_cookie, s->d1->cookie,
-                            s->d1->cookie_len) != 0) {
-                al = SSL_AD_HANDSHAKE_FAILURE;
-                SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH);
-                goto f_err;
-            }
-            cookie_valid = 1;
-        }
-
-        p += cookie_len;
-        if (s->method->version == DTLS_ANY_VERSION) {
-            /* Select version to use */
-            if (s->client_version <= DTLS1_2_VERSION &&
-                !(s->options & SSL_OP_NO_DTLSv1_2)) {
-                s->version = DTLS1_2_VERSION;
-                s->method = DTLSv1_2_server_method();
-            } else if (tls1_suiteb(s)) {
-                SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
-                       SSL_R_ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE);
-                s->version = s->client_version;
-                al = SSL_AD_PROTOCOL_VERSION;
-                goto f_err;
-            } else if (s->client_version <= DTLS1_VERSION &&
-                       !(s->options & SSL_OP_NO_DTLSv1)) {
-                s->version = DTLS1_VERSION;
-                s->method = DTLSv1_server_method();
-            } else {
-                SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
-                       SSL_R_WRONG_VERSION_NUMBER);
-                s->version = s->client_version;
-                al = SSL_AD_PROTOCOL_VERSION;
-                goto f_err;
-            }
-            s->session->ssl_version = s->version;
-        }
-    }
-
-    if ((d + n ) - p < 2) {
-        al = SSL_AD_DECODE_ERROR;
-        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
-        goto f_err;
-    }
-    n2s(p, i);
-
-    if (i == 0) {
-        al = SSL_AD_ILLEGAL_PARAMETER;
-        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_NO_CIPHERS_SPECIFIED);
-        goto f_err;
-    }
-
-    /* i bytes of cipher data + 1 byte for compression length later */
-    if ((d + n) - p < i + 1) {
-        /* not enough data */
-        al = SSL_AD_DECODE_ERROR;
-        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
-        goto f_err;
-    }
-    if (ssl_bytes_to_cipher_list(s, p, i, &(ciphers)) == NULL) {
-        goto err;
-    }
-    p += i;
-
-    /* If it is a hit, check that the cipher is in the list */
-    if (s->hit) {
-        j = 0;
-        id = s->session->cipher->id;
-
-#ifdef CIPHER_DEBUG
-        fprintf(stderr, "client sent %d ciphers\n",
-                sk_SSL_CIPHER_num(ciphers));
-#endif
-        for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
-            c = sk_SSL_CIPHER_value(ciphers, i);
-#ifdef CIPHER_DEBUG
-            fprintf(stderr, "client [%2d of %2d]:%s\n",
-                    i, sk_SSL_CIPHER_num(ciphers), SSL_CIPHER_get_name(c));
-#endif
-            if (c->id == id) {
-                j = 1;
-                break;
-            }
-        }
-        /*
-         * Disabled because it can be used in a ciphersuite downgrade attack:
-         * CVE-2010-4180.
-         */
-#if 0
-        if (j == 0 && (s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)
-            && (sk_SSL_CIPHER_num(ciphers) == 1)) {
-            /*
-             * Special case as client bug workaround: the previously used
-             * cipher may not be in the current list, the client instead
-             * might be trying to continue using a cipher that before wasn't
-             * chosen due to server preferences.  We'll have to reject the
-             * connection if the cipher is not enabled, though.
-             */
-            c = sk_SSL_CIPHER_value(ciphers, 0);
-            if (sk_SSL_CIPHER_find(SSL_get_ciphers(s), c) >= 0) {
-                s->session->cipher = c;
-                j = 1;
-            }
-        }
-#endif
-        if (j == 0) {
-            /*
-             * we need to have the cipher in the cipher list if we are asked
-             * to reuse it
-             */
-            al = SSL_AD_ILLEGAL_PARAMETER;
-            SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
-                   SSL_R_REQUIRED_CIPHER_MISSING);
-            goto f_err;
-        }
-    }
-
-    /* compression */
-    i = *(p++);
-    if ((d + n) - p < i) {
-        /* not enough data */
-        al = SSL_AD_DECODE_ERROR;
-        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
-        goto f_err;
-    }
-#ifndef OPENSSL_NO_COMP
-    q = p;
-#endif
-    for (j = 0; j < i; j++) {
-        if (p[j] == 0)
-            break;
-    }
-
-    p += i;
-    if (j >= i) {
-        /* no compress */
-        al = SSL_AD_DECODE_ERROR;
-        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_NO_COMPRESSION_SPECIFIED);
-        goto f_err;
-    }
-#ifndef OPENSSL_NO_TLSEXT
-    /* TLS extensions */
-    if (s->version >= SSL3_VERSION) {
-        if (!ssl_parse_clienthello_tlsext(s, &p, d + n)) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_PARSE_TLSEXT);
-            goto err;
-        }
-    }
-
-    /*
-     * Check if we want to use external pre-shared secret for this handshake
-     * for not reused session only. We need to generate server_random before
-     * calling tls_session_secret_cb in order to allow SessionTicket
-     * processing to use it in key derivation.
-     */
-    {
-        unsigned char *pos;
-        pos = s->s3->server_random;
-        if (ssl_fill_hello_random(s, 1, pos, SSL3_RANDOM_SIZE) <= 0) {
-            goto f_err;
-        }
-    }
-
-    if (!s->hit && s->version >= TLS1_VERSION && s->tls_session_secret_cb) {
-        SSL_CIPHER *pref_cipher = NULL;
-
-        s->session->master_key_length = sizeof(s->session->master_key);
-        if (s->tls_session_secret_cb(s, s->session->master_key,
-                                     &s->session->master_key_length, ciphers,
-                                     &pref_cipher,
-                                     s->tls_session_secret_cb_arg)) {
-            s->hit = 1;
-            s->session->ciphers = ciphers;
-            s->session->verify_result = X509_V_OK;
-
-            ciphers = NULL;
-
-            /* check if some cipher was preferred by call back */
-            pref_cipher =
-                pref_cipher ? pref_cipher : ssl3_choose_cipher(s,
-                                                               s->
-                                                               session->ciphers,
-                                                               SSL_get_ciphers
-                                                               (s));
-            if (pref_cipher == NULL) {
-                al = SSL_AD_HANDSHAKE_FAILURE;
-                SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_NO_SHARED_CIPHER);
-                goto f_err;
-            }
-
-            s->session->cipher = pref_cipher;
-
-            if (s->cipher_list)
-                sk_SSL_CIPHER_free(s->cipher_list);
-
-            if (s->cipher_list_by_id)
-                sk_SSL_CIPHER_free(s->cipher_list_by_id);
-
-            s->cipher_list = sk_SSL_CIPHER_dup(s->session->ciphers);
-            s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->session->ciphers);
-        }
-    }
-#endif
-
-    /*
-     * Worst case, we will use the NULL compression, but if we have other
-     * options, we will now look for them.  We have i-1 compression
-     * algorithms from the client, starting at q.
-     */
-    s->s3->tmp.new_compression = NULL;
-#ifndef OPENSSL_NO_COMP
-    /* This only happens if we have a cache hit */
-    if (s->session->compress_meth != 0) {
-        int m, comp_id = s->session->compress_meth;
-        /* Perform sanity checks on resumed compression algorithm */
-        /* Can't disable compression */
-        if (s->options & SSL_OP_NO_COMPRESSION) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
-                   SSL_R_INCONSISTENT_COMPRESSION);
-            goto f_err;
-        }
-        /* Look for resumed compression method */
-        for (m = 0; m < sk_SSL_COMP_num(s->ctx->comp_methods); m++) {
-            comp = sk_SSL_COMP_value(s->ctx->comp_methods, m);
-            if (comp_id == comp->id) {
-                s->s3->tmp.new_compression = comp;
-                break;
-            }
-        }
-        if (s->s3->tmp.new_compression == NULL) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
-                   SSL_R_INVALID_COMPRESSION_ALGORITHM);
-            goto f_err;
-        }
-        /* Look for resumed method in compression list */
-        for (m = 0; m < i; m++) {
-            if (q[m] == comp_id)
-                break;
-        }
-        if (m >= i) {
-            al = SSL_AD_ILLEGAL_PARAMETER;
-            SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
-                   SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING);
-            goto f_err;
-        }
-    } else if (s->hit)
-        comp = NULL;
-    else if (!(s->options & SSL_OP_NO_COMPRESSION) && s->ctx->comp_methods) {
-        /* See if we have a match */
-        int m, nn, o, v, done = 0;
-
-        nn = sk_SSL_COMP_num(s->ctx->comp_methods);
-        for (m = 0; m < nn; m++) {
-            comp = sk_SSL_COMP_value(s->ctx->comp_methods, m);
-            v = comp->id;
-            for (o = 0; o < i; o++) {
-                if (v == q[o]) {
-                    done = 1;
-                    break;
-                }
-            }
-            if (done)
-                break;
-        }
-        if (done)
-            s->s3->tmp.new_compression = comp;
-        else
-            comp = NULL;
-    }
-#else
-    /*
-     * If compression is disabled we'd better not try to resume a session
-     * using compression.
-     */
-    if (s->session->compress_meth != 0) {
-        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_INCONSISTENT_COMPRESSION);
-        goto f_err;
-    }
-#endif
-
-    /*
-     * Given s->session->ciphers and SSL_get_ciphers, we must pick a cipher
-     */
-
-    if (!s->hit) {
-#ifdef OPENSSL_NO_COMP
-        s->session->compress_meth = 0;
-#else
-        s->session->compress_meth = (comp == NULL) ? 0 : comp->id;
-#endif
-        if (s->session->ciphers != NULL)
-            sk_SSL_CIPHER_free(s->session->ciphers);
-        s->session->ciphers = ciphers;
-        if (ciphers == NULL) {
-            al = SSL_AD_INTERNAL_ERROR;
-            SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
-            goto f_err;
-        }
-        ciphers = NULL;
-        if (!tls1_set_server_sigalgs(s)) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT);
-            goto err;
-        }
-        /* Let cert callback update server certificates if required */
- retry_cert:
-        if (s->cert->cert_cb) {
-            int rv = s->cert->cert_cb(s, s->cert->cert_cb_arg);
-            if (rv == 0) {
-                al = SSL_AD_INTERNAL_ERROR;
-                SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_CERT_CB_ERROR);
-                goto f_err;
-            }
-            if (rv < 0) {
-                s->rwstate = SSL_X509_LOOKUP;
-                return -1;
-            }
-            s->rwstate = SSL_NOTHING;
-        }
-        c = ssl3_choose_cipher(s, s->session->ciphers, SSL_get_ciphers(s));
-
-        if (c == NULL) {
-            al = SSL_AD_HANDSHAKE_FAILURE;
-            SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_NO_SHARED_CIPHER);
-            goto f_err;
-        }
-        s->s3->tmp.new_cipher = c;
-    } else {
-        /* Session-id reuse */
-#ifdef REUSE_CIPHER_BUG
-        STACK_OF(SSL_CIPHER) *sk;
-        SSL_CIPHER *nc = NULL;
-        SSL_CIPHER *ec = NULL;
-
-        if (s->options & SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG) {
-            sk = s->session->ciphers;
-            for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
-                c = sk_SSL_CIPHER_value(sk, i);
-                if (c->algorithm_enc & SSL_eNULL)
-                    nc = c;
-                if (SSL_C_IS_EXPORT(c))
-                    ec = c;
-            }
-            if (nc != NULL)
-                s->s3->tmp.new_cipher = nc;
-            else if (ec != NULL)
-                s->s3->tmp.new_cipher = ec;
-            else
-                s->s3->tmp.new_cipher = s->session->cipher;
-        } else
-#endif
-            s->s3->tmp.new_cipher = s->session->cipher;
-    }
-
-    if (!SSL_USE_SIGALGS(s) || !(s->verify_mode & SSL_VERIFY_PEER)) {
-        if (!ssl3_digest_cached_records(s))
-            goto f_err;
-    }
-
-    /*-
-    * we now have the following setup.
-     * client_random
-     * cipher_list          - our prefered list of ciphers
-     * ciphers              - the clients prefered list of ciphers
-     * compression          - basically ignored right now
-     * ssl version is set   - sslv3
-     * s->session           - The ssl session has been setup.
-     * s->hit               - session reuse flag
-     * s->tmp.new_cipher    - the new cipher to use.
-     */
-
-    /* Handles TLS extensions that we couldn't check earlier */
-    if (s->version >= SSL3_VERSION) {
-        if (!ssl_check_clienthello_tlsext_late(s, &al)) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT);
-            goto f_err;
-        }
-    }
-
-    ret = cookie_valid ? 2 : 1;
-    if (0) {
- f_err:
-        ssl3_send_alert(s, SSL3_AL_FATAL, al);
- err:
-        s->state = SSL_ST_ERR;
-    }
-
-    if (ciphers != NULL)
-        sk_SSL_CIPHER_free(ciphers);
-    return ret;
-}
-
-int ssl3_send_server_hello(SSL *s)
-{
-    unsigned char *buf;
-    unsigned char *p, *d;
-    int i, sl;
-    int al = 0;
-    unsigned long l;
-
-    if (s->state == SSL3_ST_SW_SRVR_HELLO_A) {
-        buf = (unsigned char *)s->init_buf->data;
-#ifdef OPENSSL_NO_TLSEXT
-        p = s->s3->server_random;
-        if (ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE) <= 0) {
-            s->state = SSL_ST_ERR;
-            return -1;
-        }
-#endif
-        /* Do the message type and length last */
-        d = p = ssl_handshake_start(s);
-
-        *(p++) = s->version >> 8;
-        *(p++) = s->version & 0xff;
-
-        /* Random stuff */
-        memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE);
-        p += SSL3_RANDOM_SIZE;
-
-        /*-
-         * There are several cases for the session ID to send
-         * back in the server hello:
-         * - For session reuse from the session cache,
-         *   we send back the old session ID.
-         * - If stateless session reuse (using a session ticket)
-         *   is successful, we send back the client's "session ID"
-         *   (which doesn't actually identify the session).
-         * - If it is a new session, we send back the new
-         *   session ID.
-         * - However, if we want the new session to be single-use,
-         *   we send back a 0-length session ID.
-         * s->hit is non-zero in either case of session reuse,
-         * so the following won't overwrite an ID that we're supposed
-         * to send back.
-         */
-        if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)
-            && !s->hit)
-            s->session->session_id_length = 0;
-
-        sl = s->session->session_id_length;
-        if (sl > (int)sizeof(s->session->session_id)) {
-            SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
-            s->state = SSL_ST_ERR;
-            return -1;
-        }
-        *(p++) = sl;
-        memcpy(p, s->session->session_id, sl);
-        p += sl;
-
-        /* put the cipher */
-        i = ssl3_put_cipher_by_char(s->s3->tmp.new_cipher, p);
-        p += i;
-
-        /* put the compression method */
-#ifdef OPENSSL_NO_COMP
-        *(p++) = 0;
-#else
-        if (s->s3->tmp.new_compression == NULL)
-            *(p++) = 0;
-        else
-            *(p++) = s->s3->tmp.new_compression->id;
-#endif
-#ifndef OPENSSL_NO_TLSEXT
-        if (ssl_prepare_serverhello_tlsext(s) <= 0) {
-            SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, SSL_R_SERVERHELLO_TLSEXT);
-            s->state = SSL_ST_ERR;
-            return -1;
-        }
-        if ((p =
-             ssl_add_serverhello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH,
-                                        &al)) == NULL) {
-            ssl3_send_alert(s, SSL3_AL_FATAL, al);
-            SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
-            s->state = SSL_ST_ERR;
-            return -1;
-        }
-#endif
-        /* do the header */
-        l = (p - d);
-        ssl_set_handshake_header(s, SSL3_MT_SERVER_HELLO, l);
-        s->state = SSL3_ST_SW_SRVR_HELLO_B;
-    }
-
-    /* SSL3_ST_SW_SRVR_HELLO_B */
-    return ssl_do_write(s);
-}
-
-int ssl3_send_server_done(SSL *s)
-{
-
-    if (s->state == SSL3_ST_SW_SRVR_DONE_A) {
-        ssl_set_handshake_header(s, SSL3_MT_SERVER_DONE, 0);
-        s->state = SSL3_ST_SW_SRVR_DONE_B;
-    }
-
-    /* SSL3_ST_SW_SRVR_DONE_B */
-    return ssl_do_write(s);
-}
-
-int ssl3_send_server_key_exchange(SSL *s)
-{
-#ifndef OPENSSL_NO_RSA
-    unsigned char *q;
-    int j, num;
-    RSA *rsa;
-    unsigned char md_buf[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
-    unsigned int u;
-#endif
-#ifndef OPENSSL_NO_DH
-# ifdef OPENSSL_NO_RSA
-    int j;
-# endif
-    DH *dh = NULL, *dhp;
-#endif
-#ifndef OPENSSL_NO_ECDH
-    EC_KEY *ecdh = NULL, *ecdhp;
-    unsigned char *encodedPoint = NULL;
-    int encodedlen = 0;
-    int curve_id = 0;
-    BN_CTX *bn_ctx = NULL;
-#endif
-    EVP_PKEY *pkey;
-    const EVP_MD *md = NULL;
-    unsigned char *p, *d;
-    int al, i;
-    unsigned long type;
-    int n;
-    CERT *cert;
-    BIGNUM *r[4];
-    int nr[4], kn;
-    BUF_MEM *buf;
-    EVP_MD_CTX md_ctx;
-
-    EVP_MD_CTX_init(&md_ctx);
-    if (s->state == SSL3_ST_SW_KEY_EXCH_A) {
-        type = s->s3->tmp.new_cipher->algorithm_mkey;
-        cert = s->cert;
-
-        buf = s->init_buf;
-
-        r[0] = r[1] = r[2] = r[3] = NULL;
-        n = 0;
-#ifndef OPENSSL_NO_RSA
-        if (type & SSL_kRSA) {
-            rsa = cert->rsa_tmp;
-            if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) {
-                rsa = s->cert->rsa_tmp_cb(s,
-                                          SSL_C_IS_EXPORT(s->s3->
-                                                          tmp.new_cipher),
-                                          SSL_C_EXPORT_PKEYLENGTH(s->s3->
-                                                                  tmp.new_cipher));
-                if (rsa == NULL) {
-                    al = SSL_AD_HANDSHAKE_FAILURE;
-                    SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
-                           SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
-                    goto f_err;
-                }
-                RSA_up_ref(rsa);
-                cert->rsa_tmp = rsa;
-            }
-            if (rsa == NULL) {
-                al = SSL_AD_HANDSHAKE_FAILURE;
-                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
-                       SSL_R_MISSING_TMP_RSA_KEY);
-                goto f_err;
-            }
-            r[0] = rsa->n;
-            r[1] = rsa->e;
-            s->s3->tmp.use_rsa_tmp = 1;
-        } else
-#endif
-#ifndef OPENSSL_NO_DH
-        if (type & SSL_kEDH) {
-            dhp = cert->dh_tmp;
-            if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
-                dhp = s->cert->dh_tmp_cb(s,
-                                         SSL_C_IS_EXPORT(s->s3->
-                                                         tmp.new_cipher),
-                                         SSL_C_EXPORT_PKEYLENGTH(s->s3->
-                                                                 tmp.new_cipher));
-            if (dhp == NULL) {
-                al = SSL_AD_HANDSHAKE_FAILURE;
-                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
-                       SSL_R_MISSING_TMP_DH_KEY);
-                goto f_err;
-            }
-
-            if (s->s3->tmp.dh != NULL) {
-                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
-                       ERR_R_INTERNAL_ERROR);
-                goto err;
-            }
-
-            if ((dh = DHparams_dup(dhp)) == NULL) {
-                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB);
-                goto err;
-            }
-
-            s->s3->tmp.dh = dh;
-            if (!DH_generate_key(dh)) {
-                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB);
-                goto err;
-            }
-            r[0] = dh->p;
-            r[1] = dh->g;
-            r[2] = dh->pub_key;
-        } else
-#endif
-#ifndef OPENSSL_NO_ECDH
-        if (type & SSL_kEECDH) {
-            const EC_GROUP *group;
-
-            if (s->s3->tmp.ecdh != NULL) {
-                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
-                       ERR_R_INTERNAL_ERROR);
-                goto err;
-            }
-
-            ecdhp = cert->ecdh_tmp;
-            if (s->cert->ecdh_tmp_auto) {
-                /* Get NID of appropriate shared curve */
-                int nid = tls1_shared_curve(s, -2);
-                if (nid != NID_undef)
-                    ecdhp = EC_KEY_new_by_curve_name(nid);
-            } else if ((ecdhp == NULL) && s->cert->ecdh_tmp_cb) {
-                ecdhp = s->cert->ecdh_tmp_cb(s,
-                                             SSL_C_IS_EXPORT(s->s3->
-                                                             tmp.new_cipher),
-                                             SSL_C_EXPORT_PKEYLENGTH(s->
-                                                                     s3->tmp.new_cipher));
-            }
-            if (ecdhp == NULL) {
-                al = SSL_AD_HANDSHAKE_FAILURE;
-                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
-                       SSL_R_MISSING_TMP_ECDH_KEY);
-                goto f_err;
-            }
-
-            /* Duplicate the ECDH structure. */
-            if (s->cert->ecdh_tmp_auto)
-                ecdh = ecdhp;
-            else if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) {
-                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
-                goto err;
-            }
-
-            s->s3->tmp.ecdh = ecdh;
-            if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
-                (EC_KEY_get0_private_key(ecdh) == NULL) ||
-                (s->options & SSL_OP_SINGLE_ECDH_USE)) {
-                if (!EC_KEY_generate_key(ecdh)) {
-                    SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
-                           ERR_R_ECDH_LIB);
-                    goto err;
-                }
-            }
-
-            if (((group = EC_KEY_get0_group(ecdh)) == NULL) ||
-                (EC_KEY_get0_public_key(ecdh) == NULL) ||
-                (EC_KEY_get0_private_key(ecdh) == NULL)) {
-                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
-                goto err;
-            }
-
-            if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
-                (EC_GROUP_get_degree(group) > 163)) {
-                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
-                       SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
-                goto err;
-            }
-
-            /*
-             * XXX: For now, we only support ephemeral ECDH keys over named
-             * (not generic) curves. For supported named curves, curve_id is
-             * non-zero.
-             */
-            if ((curve_id =
-                 tls1_ec_nid2curve_id(EC_GROUP_get_curve_name(group)))
-                == 0) {
-                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
-                       SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
-                goto err;
-            }
-
-            /*
-             * Encode the public key. First check the size of encoding and
-             * allocate memory accordingly.
-             */
-            encodedlen = EC_POINT_point2oct(group,
-                                            EC_KEY_get0_public_key(ecdh),
-                                            POINT_CONVERSION_UNCOMPRESSED,
-                                            NULL, 0, NULL);
-
-            encodedPoint = (unsigned char *)
-                OPENSSL_malloc(encodedlen * sizeof(unsigned char));
-            bn_ctx = BN_CTX_new();
-            if ((encodedPoint == NULL) || (bn_ctx == NULL)) {
-                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
-                       ERR_R_MALLOC_FAILURE);
-                goto err;
-            }
-
-            encodedlen = EC_POINT_point2oct(group,
-                                            EC_KEY_get0_public_key(ecdh),
-                                            POINT_CONVERSION_UNCOMPRESSED,
-                                            encodedPoint, encodedlen, bn_ctx);
-
-            if (encodedlen == 0) {
-                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
-                goto err;
-            }
-
-            BN_CTX_free(bn_ctx);
-            bn_ctx = NULL;
-
-            /*
-             * XXX: For now, we only support named (not generic) curves in
-             * ECDH ephemeral key exchanges. In this situation, we need four
-             * additional bytes to encode the entire ServerECDHParams
-             * structure.
-             */
-            n = 4 + encodedlen;
-
-            /*
-             * We'll generate the serverKeyExchange message explicitly so we
-             * can set these to NULLs
-             */
-            r[0] = NULL;
-            r[1] = NULL;
-            r[2] = NULL;
-            r[3] = NULL;
-        } else
-#endif                          /* !OPENSSL_NO_ECDH */
-#ifndef OPENSSL_NO_PSK
-        if (type & SSL_kPSK) {
-            /*
-             * reserve size for record length and PSK identity hint
-             */
-            n += 2 + strlen(s->ctx->psk_identity_hint);
-        } else
-#endif                          /* !OPENSSL_NO_PSK */
-#ifndef OPENSSL_NO_SRP
-        if (type & SSL_kSRP) {
-            if ((s->srp_ctx.N == NULL) ||
-                (s->srp_ctx.g == NULL) ||
-                (s->srp_ctx.s == NULL) || (s->srp_ctx.B == NULL)) {
-                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
-                       SSL_R_MISSING_SRP_PARAM);
-                goto err;
-            }
-            r[0] = s->srp_ctx.N;
-            r[1] = s->srp_ctx.g;
-            r[2] = s->srp_ctx.s;
-            r[3] = s->srp_ctx.B;
-        } else
-#endif
-        {
-            al = SSL_AD_HANDSHAKE_FAILURE;
-            SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
-                   SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
-            goto f_err;
-        }
-        for (i = 0; i < 4 && r[i] != NULL; i++) {
-            nr[i] = BN_num_bytes(r[i]);
-#ifndef OPENSSL_NO_SRP
-            if ((i == 2) && (type & SSL_kSRP))
-                n += 1 + nr[i];
-            else
-#endif
-#ifndef OPENSSL_NO_DH
-            /*
-             * for interoperability with some versions of the Microsoft TLS
-             * stack, we need to zero pad the DHE pub key to the same length
-             * as the prime, so use the length of the prime here
-             */
-            if ((i == 2) && (type & (SSL_kEDH)))
-                n += 2 + nr[0];
-            else
-#endif
-                n += 2 + nr[i];
-        }
-
-        if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
-            && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
-            if ((pkey = ssl_get_sign_pkey(s, s->s3->tmp.new_cipher, &md))
-                == NULL) {
-                al = SSL_AD_DECODE_ERROR;
-                goto f_err;
-            }
-            kn = EVP_PKEY_size(pkey);
-            /* Allow space for signature algorithm */
-            if (SSL_USE_SIGALGS(s))
-                kn += 2;
-            /* Allow space for signature length */
-            kn += 2;
-        } else {
-            pkey = NULL;
-            kn = 0;
-        }
-
-        if (!BUF_MEM_grow_clean(buf, n + SSL_HM_HEADER_LENGTH(s) + kn)) {
-            SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_BUF);
-            goto err;
-        }
-        d = p = ssl_handshake_start(s);
-
-        for (i = 0; i < 4 && r[i] != NULL; i++) {
-#ifndef OPENSSL_NO_SRP
-            if ((i == 2) && (type & SSL_kSRP)) {
-                *p = nr[i];
-                p++;
-            } else
-#endif
-#ifndef OPENSSL_NO_DH
-            /*
-             * for interoperability with some versions of the Microsoft TLS
-             * stack, we need to zero pad the DHE pub key to the same length
-             * as the prime
-             */
-            if ((i == 2) && (type & (SSL_kEDH))) {
-                s2n(nr[0], p);
-                for (j = 0; j < (nr[0] - nr[2]); ++j) {
-                    *p = 0;
-                    ++p;
-                }
-            } else
-#endif
-                s2n(nr[i], p);
-            BN_bn2bin(r[i], p);
-            p += nr[i];
-        }
-
-#ifndef OPENSSL_NO_ECDH
-        if (type & SSL_kEECDH) {
-            /*
-             * XXX: For now, we only support named (not generic) curves. In
-             * this situation, the serverKeyExchange message has: [1 byte
-             * CurveType], [2 byte CurveName] [1 byte length of encoded
-             * point], followed by the actual encoded point itself
-             */
-            *p = NAMED_CURVE_TYPE;
-            p += 1;
-            *p = 0;
-            p += 1;
-            *p = curve_id;
-            p += 1;
-            *p = encodedlen;
-            p += 1;
-            memcpy((unsigned char *)p,
-                   (unsigned char *)encodedPoint, encodedlen);
-            OPENSSL_free(encodedPoint);
-            encodedPoint = NULL;
-            p += encodedlen;
-        }
-#endif
-
-#ifndef OPENSSL_NO_PSK
-        if (type & SSL_kPSK) {
-            size_t len = strlen(s->ctx->psk_identity_hint);
-
-            /* copy PSK identity hint */
-            s2n(len, p);
-            memcpy(p, s->ctx->psk_identity_hint, len);
-            p += len;
-        }
-#endif
-
-        /* not anonymous */
-        if (pkey != NULL) {
-            /*
-             * n is the length of the params, they start at &(d[4]) and p
-             * points to the space at the end.
-             */
-#ifndef OPENSSL_NO_RSA
-            if (pkey->type == EVP_PKEY_RSA && !SSL_USE_SIGALGS(s)) {
-                q = md_buf;
-                j = 0;
-                for (num = 2; num > 0; num--) {
-                    EVP_MD_CTX_set_flags(&md_ctx,
-                                         EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-                    if (EVP_DigestInit_ex(&md_ctx,
-                                          (num == 2) ? s->ctx->md5
-                                                     : s->ctx->sha1,
-                                          NULL) <= 0
-                        || EVP_DigestUpdate(&md_ctx, &(s->s3->client_random[0]),
-                                            SSL3_RANDOM_SIZE) <= 0
-                        || EVP_DigestUpdate(&md_ctx, &(s->s3->server_random[0]),
-                                            SSL3_RANDOM_SIZE) <= 0
-                        || EVP_DigestUpdate(&md_ctx, d, n) <= 0
-                        || EVP_DigestFinal_ex(&md_ctx, q,
-                                              (unsigned int *)&i) <= 0) {
-                        SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
-                               ERR_LIB_EVP);
-                        al = SSL_AD_INTERNAL_ERROR;
-                        goto f_err;
-                    }
-                    q += i;
-                    j += i;
-                }
-                if (RSA_sign(NID_md5_sha1, md_buf, j,
-                             &(p[2]), &u, pkey->pkey.rsa) <= 0) {
-                    SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_RSA);
-                    goto err;
-                }
-                s2n(u, p);
-                n += u + 2;
-            } else
-#endif
-            if (md) {
-                /* send signature algorithm */
-                if (SSL_USE_SIGALGS(s)) {
-                    if (!tls12_get_sigandhash(p, pkey, md)) {
-                        /* Should never happen */
-                        al = SSL_AD_INTERNAL_ERROR;
-                        SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
-                               ERR_R_INTERNAL_ERROR);
-                        goto f_err;
-                    }
-                    p += 2;
-                }
-#ifdef SSL_DEBUG
-                fprintf(stderr, "Using hash %s\n", EVP_MD_name(md));
-#endif
-                if (EVP_SignInit_ex(&md_ctx, md, NULL) <= 0
-                        || EVP_SignUpdate(&md_ctx, &(s->s3->client_random[0]),
-                                          SSL3_RANDOM_SIZE) <= 0
-                        || EVP_SignUpdate(&md_ctx, &(s->s3->server_random[0]),
-                                          SSL3_RANDOM_SIZE) <= 0
-                        || EVP_SignUpdate(&md_ctx, d, n) <= 0
-                        || EVP_SignFinal(&md_ctx, &(p[2]),
-                                         (unsigned int *)&i, pkey) <= 0) {
-                    SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_EVP);
-                    al = SSL_AD_INTERNAL_ERROR;
-                    goto f_err;
-                }
-                s2n(i, p);
-                n += i + 2;
-                if (SSL_USE_SIGALGS(s))
-                    n += 2;
-            } else {
-                /* Is this error check actually needed? */
-                al = SSL_AD_HANDSHAKE_FAILURE;
-                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
-                       SSL_R_UNKNOWN_PKEY_TYPE);
-                goto f_err;
-            }
-        }
-
-        ssl_set_handshake_header(s, SSL3_MT_SERVER_KEY_EXCHANGE, n);
-    }
-
-    s->state = SSL3_ST_SW_KEY_EXCH_B;
-    EVP_MD_CTX_cleanup(&md_ctx);
-    return ssl_do_write(s);
- f_err:
-    ssl3_send_alert(s, SSL3_AL_FATAL, al);
- err:
-#ifndef OPENSSL_NO_ECDH
-    if (encodedPoint != NULL)
-        OPENSSL_free(encodedPoint);
-    BN_CTX_free(bn_ctx);
-#endif
-    EVP_MD_CTX_cleanup(&md_ctx);
-    s->state = SSL_ST_ERR;
-    return (-1);
-}
-
-int ssl3_send_certificate_request(SSL *s)
-{
-    unsigned char *p, *d;
-    int i, j, nl, off, n;
-    STACK_OF(X509_NAME) *sk = NULL;
-    X509_NAME *name;
-    BUF_MEM *buf;
-
-    if (s->state == SSL3_ST_SW_CERT_REQ_A) {
-        buf = s->init_buf;
-
-        d = p = ssl_handshake_start(s);
-
-        /* get the list of acceptable cert types */
-        p++;
-        n = ssl3_get_req_cert_type(s, p);
-        d[0] = n;
-        p += n;
-        n++;
-
-        if (SSL_USE_SIGALGS(s)) {
-            const unsigned char *psigs;
-            nl = tls12_get_psigalgs(s, 1, &psigs);
-            if (nl > SSL_MAX_2_BYTE_LEN) {
-                SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,
-                       SSL_R_LENGTH_TOO_LONG);
-                goto err;
-            }
-            s2n(nl, p);
-            memcpy(p, psigs, nl);
-            p += nl;
-            n += nl + 2;
-        }
-
-        off = n;
-        p += 2;
-        n += 2;
-
-        sk = SSL_get_client_CA_list(s);
-        nl = 0;
-        if (sk != NULL) {
-            for (i = 0; i < sk_X509_NAME_num(sk); i++) {
-                name = sk_X509_NAME_value(sk, i);
-                j = i2d_X509_NAME(name, NULL);
-                if (j > SSL_MAX_2_BYTE_LEN) {
-                    SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,
-                           SSL_R_LENGTH_TOO_LONG);
-                    goto err;
-                }
-                if (!BUF_MEM_grow_clean
-                    (buf, SSL_HM_HEADER_LENGTH(s) + n + j + 2)) {
-                    SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,
-                           ERR_R_BUF_LIB);
-                    goto err;
-                }
-                p = ssl_handshake_start(s) + n;
-                if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG)) {
-                    s2n(j, p);
-                    i2d_X509_NAME(name, &p);
-                    n += 2 + j;
-                    nl += 2 + j;
-                } else {
-                    d = p;
-                    i2d_X509_NAME(name, &p);
-                    j -= 2;
-                    s2n(j, d);
-                    j += 2;
-                    n += j;
-                    nl += j;
-                }
-                if (nl > SSL_MAX_2_BYTE_LEN) {
-                    SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,
-                           SSL_R_LENGTH_TOO_LONG);
-                    goto err;
-                }
-            }
-        }
-        /* else no CA names */
-        p = ssl_handshake_start(s) + off;
-        s2n(nl, p);
-
-        ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE_REQUEST, n);
-
-#ifdef NETSCAPE_HANG_BUG
-        if (!SSL_IS_DTLS(s)) {
-            if (!BUF_MEM_grow_clean(buf, s->init_num + 4)) {
-                SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST, ERR_R_BUF_LIB);
-                goto err;
-            }
-            p = (unsigned char *)s->init_buf->data + s->init_num;
-            /* do the header */
-            *(p++) = SSL3_MT_SERVER_DONE;
-            *(p++) = 0;
-            *(p++) = 0;
-            *(p++) = 0;
-            s->init_num += 4;
-        }
-#endif
-
-        s->state = SSL3_ST_SW_CERT_REQ_B;
-    }
-
-    /* SSL3_ST_SW_CERT_REQ_B */
-    return ssl_do_write(s);
- err:
-    s->state = SSL_ST_ERR;
-    return (-1);
-}
-
-int ssl3_get_client_key_exchange(SSL *s)
-{
-    int i, al, ok;
-    long n;
-    unsigned long alg_k;
-    unsigned char *p;
-#ifndef OPENSSL_NO_RSA
-    RSA *rsa = NULL;
-    EVP_PKEY *pkey = NULL;
-#endif
-#ifndef OPENSSL_NO_DH
-    BIGNUM *pub = NULL;
-    DH *dh_srvr, *dh_clnt = NULL;
-#endif
-#ifndef OPENSSL_NO_KRB5
-    KSSL_ERR kssl_err;
-#endif                          /* OPENSSL_NO_KRB5 */
-
-#ifndef OPENSSL_NO_ECDH
-    EC_KEY *srvr_ecdh = NULL;
-    EVP_PKEY *clnt_pub_pkey = NULL;
-    EC_POINT *clnt_ecpoint = NULL;
-    BN_CTX *bn_ctx = NULL;
-#endif
-
-    n = s->method->ssl_get_message(s,
-                                   SSL3_ST_SR_KEY_EXCH_A,
-                                   SSL3_ST_SR_KEY_EXCH_B,
-                                   SSL3_MT_CLIENT_KEY_EXCHANGE, 2048, &ok);
-
-    if (!ok)
-        return ((int)n);
-    p = (unsigned char *)s->init_msg;
-
-    alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
-
-#ifndef OPENSSL_NO_RSA
-    if (alg_k & SSL_kRSA) {
-        unsigned char rand_premaster_secret[SSL_MAX_MASTER_KEY_LENGTH];
-        int decrypt_len;
-        unsigned char decrypt_good, version_good;
-        size_t j, padding_len;
-
-        /* FIX THIS UP EAY EAY EAY EAY */
-        if (s->s3->tmp.use_rsa_tmp) {
-            if ((s->cert != NULL) && (s->cert->rsa_tmp != NULL))
-                rsa = s->cert->rsa_tmp;
-            /*
-             * Don't do a callback because rsa_tmp should be sent already
-             */
-            if (rsa == NULL) {
-                al = SSL_AD_HANDSHAKE_FAILURE;
-                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                       SSL_R_MISSING_TMP_RSA_PKEY);
-                goto f_err;
-
-            }
-        } else {
-            pkey = s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey;
-            if ((pkey == NULL) ||
-                (pkey->type != EVP_PKEY_RSA) || (pkey->pkey.rsa == NULL)) {
-                al = SSL_AD_HANDSHAKE_FAILURE;
-                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                       SSL_R_MISSING_RSA_CERTIFICATE);
-                goto f_err;
-            }
-            rsa = pkey->pkey.rsa;
-        }
-
-        /* TLS and [incidentally] DTLS{0xFEFF} */
-        if (s->version > SSL3_VERSION && s->version != DTLS1_BAD_VER) {
-            n2s(p, i);
-            if (n != i + 2) {
-                if (!(s->options & SSL_OP_TLS_D5_BUG)) {
-                    al = SSL_AD_DECODE_ERROR;
-                    SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                           SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);
-                    goto f_err;
-                } else
-                    p -= 2;
-            } else
-                n = i;
-        }
-
-        /*
-         * Reject overly short RSA ciphertext because we want to be sure
-         * that the buffer size makes it safe to iterate over the entire
-         * size of a premaster secret (SSL_MAX_MASTER_KEY_LENGTH). The
-         * actual expected size is larger due to RSA padding, but the
-         * bound is sufficient to be safe.
-         */
-        if (n < SSL_MAX_MASTER_KEY_LENGTH) {
-            al = SSL_AD_DECRYPT_ERROR;
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                   SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);
-            goto f_err;
-        }
-
-        /*
-         * We must not leak whether a decryption failure occurs because of
-         * Bleichenbacher's attack on PKCS #1 v1.5 RSA padding (see RFC 2246,
-         * section 7.4.7.1). The code follows that advice of the TLS RFC and
-         * generates a random premaster secret for the case that the decrypt
-         * fails. See https://tools.ietf.org/html/rfc5246#section-7.4.7.1
-         */
-
-        if (RAND_bytes(rand_premaster_secret,
-                       sizeof(rand_premaster_secret)) <= 0)
-            goto err;
-
-        /*
-         * Decrypt with no padding. PKCS#1 padding will be removed as part of
-         * the timing-sensitive code below.
-         */
-        decrypt_len =
-            RSA_private_decrypt((int)n, p, p, rsa, RSA_NO_PADDING);
-        if (decrypt_len < 0)
-            goto err;
-
-        /* Check the padding. See RFC 3447, section 7.2.2. */
-
-        /*
-         * The smallest padded premaster is 11 bytes of overhead. Small keys
-         * are publicly invalid, so this may return immediately. This ensures
-         * PS is at least 8 bytes.
-         */
-        if (decrypt_len < 11 + SSL_MAX_MASTER_KEY_LENGTH) {
-            al = SSL_AD_DECRYPT_ERROR;
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                   SSL_R_DECRYPTION_FAILED);
-            goto f_err;
-        }
-
-        padding_len = decrypt_len - SSL_MAX_MASTER_KEY_LENGTH;
-        decrypt_good = constant_time_eq_int_8(p[0], 0) &
-                       constant_time_eq_int_8(p[1], 2);
-        for (j = 2; j < padding_len - 1; j++) {
-            decrypt_good &= ~constant_time_is_zero_8(p[j]);
-        }
-        decrypt_good &= constant_time_is_zero_8(p[padding_len - 1]);
-        p += padding_len;
-
-        /*
-         * If the version in the decrypted pre-master secret is correct then
-         * version_good will be 0xff, otherwise it'll be zero. The
-         * Klima-Pokorny-Rosa extension of Bleichenbacher's attack
-         * (http://eprint.iacr.org/2003/052/) exploits the version number
-         * check as a "bad version oracle". Thus version checks are done in
-         * constant time and are treated like any other decryption error.
-         */
-        version_good =
-            constant_time_eq_8(p[0], (unsigned)(s->client_version >> 8));
-        version_good &=
-            constant_time_eq_8(p[1], (unsigned)(s->client_version & 0xff));
-
-        /*
-         * The premaster secret must contain the same version number as the
-         * ClientHello to detect version rollback attacks (strangely, the
-         * protocol does not offer such protection for DH ciphersuites).
-         * However, buggy clients exist that send the negotiated protocol
-         * version instead if the server does not support the requested
-         * protocol version. If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such
-         * clients.
-         */
-        if (s->options & SSL_OP_TLS_ROLLBACK_BUG) {
-            unsigned char workaround_good;
-            workaround_good =
-                constant_time_eq_8(p[0], (unsigned)(s->version >> 8));
-            workaround_good &=
-                constant_time_eq_8(p[1], (unsigned)(s->version & 0xff));
-            version_good |= workaround_good;
-        }
-
-        /*
-         * Both decryption and version must be good for decrypt_good to
-         * remain non-zero (0xff).
-         */
-        decrypt_good &= version_good;
-
-        /*
-         * Now copy rand_premaster_secret over from p using
-         * decrypt_good_mask. If decryption failed, then p does not
-         * contain valid plaintext, however, a check above guarantees
-         * it is still sufficiently large to read from.
-         */
-        for (j = 0; j < sizeof(rand_premaster_secret); j++) {
-            p[j] = constant_time_select_8(decrypt_good, p[j],
-                                          rand_premaster_secret[j]);
-        }
-
-        s->session->master_key_length =
-            s->method->ssl3_enc->generate_master_secret(s,
-                                                        s->
-                                                        session->master_key,
-                                                        p,
-                                                        sizeof
-                                                        (rand_premaster_secret));
-        OPENSSL_cleanse(p, sizeof(rand_premaster_secret));
-    } else
-#endif
-#ifndef OPENSSL_NO_DH
-    if (alg_k & (SSL_kEDH | SSL_kDHr | SSL_kDHd)) {
-        int idx = -1;
-        EVP_PKEY *skey = NULL;
-        if (n > 1) {
-            n2s(p, i);
-        } else {
-            if (alg_k & SSL_kDHE) {
-                al = SSL_AD_HANDSHAKE_FAILURE;
-                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                       SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
-                goto f_err;
-            }
-            i = 0;
-        }
-        if (n && n != i + 2) {
-            if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG)) {
-                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                       SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
-                al = SSL_AD_HANDSHAKE_FAILURE;
-                goto f_err;
-            } else {
-                p -= 2;
-                i = (int)n;
-            }
-        }
-        if (alg_k & SSL_kDHr)
-            idx = SSL_PKEY_DH_RSA;
-        else if (alg_k & SSL_kDHd)
-            idx = SSL_PKEY_DH_DSA;
-        if (idx >= 0) {
-            skey = s->cert->pkeys[idx].privatekey;
-            if ((skey == NULL) ||
-                (skey->type != EVP_PKEY_DH) || (skey->pkey.dh == NULL)) {
-                al = SSL_AD_HANDSHAKE_FAILURE;
-                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                       SSL_R_MISSING_RSA_CERTIFICATE);
-                goto f_err;
-            }
-            dh_srvr = skey->pkey.dh;
-        } else if (s->s3->tmp.dh == NULL) {
-            al = SSL_AD_HANDSHAKE_FAILURE;
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                   SSL_R_MISSING_TMP_DH_KEY);
-            goto f_err;
-        } else
-            dh_srvr = s->s3->tmp.dh;
-
-        if (n == 0L) {
-            /* Get pubkey from cert */
-            EVP_PKEY *clkey = X509_get_pubkey(s->session->peer);
-            if (clkey) {
-                if (EVP_PKEY_cmp_parameters(clkey, skey) == 1)
-                    dh_clnt = EVP_PKEY_get1_DH(clkey);
-            }
-            if (dh_clnt == NULL) {
-                al = SSL_AD_HANDSHAKE_FAILURE;
-                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                       SSL_R_MISSING_TMP_DH_KEY);
-                goto f_err;
-            }
-            EVP_PKEY_free(clkey);
-            pub = dh_clnt->pub_key;
-        } else
-            pub = BN_bin2bn(p, i, NULL);
-        if (pub == NULL) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_BN_LIB);
-            goto err;
-        }
-
-        i = DH_compute_key(p, pub, dh_srvr);
-
-        if (i <= 0) {
-            al = SSL_AD_HANDSHAKE_FAILURE;
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
-            BN_clear_free(pub);
-            goto f_err;
-        }
-
-        DH_free(s->s3->tmp.dh);
-        s->s3->tmp.dh = NULL;
-        if (dh_clnt)
-            DH_free(dh_clnt);
-        else
-            BN_clear_free(pub);
-        pub = NULL;
-        s->session->master_key_length =
-            s->method->ssl3_enc->generate_master_secret(s,
-                                                        s->
-                                                        session->master_key,
-                                                        p, i);
-        OPENSSL_cleanse(p, i);
-        if (dh_clnt)
-            return 2;
-    } else
-#endif
-#ifndef OPENSSL_NO_KRB5
-    if (alg_k & SSL_kKRB5) {
-        krb5_error_code krb5rc;
-        krb5_data enc_ticket;
-        krb5_data authenticator;
-        krb5_data enc_pms;
-        KSSL_CTX *kssl_ctx = s->kssl_ctx;
-        EVP_CIPHER_CTX ciph_ctx;
-        const EVP_CIPHER *enc = NULL;
-        unsigned char iv[EVP_MAX_IV_LENGTH];
-        unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH + EVP_MAX_BLOCK_LENGTH];
-        int padl, outl;
-        krb5_timestamp authtime = 0;
-        krb5_ticket_times ttimes;
-        int kerr = 0;
-
-        EVP_CIPHER_CTX_init(&ciph_ctx);
-
-        if (!kssl_ctx)
-            kssl_ctx = kssl_ctx_new();
-
-        n2s(p, i);
-        enc_ticket.length = i;
-
-        if (n < (long)(enc_ticket.length + 6)) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                   SSL_R_DATA_LENGTH_TOO_LONG);
-            goto err;
-        }
-
-        enc_ticket.data = (char *)p;
-        p += enc_ticket.length;
-
-        n2s(p, i);
-        authenticator.length = i;
-
-        if (n < (long)(enc_ticket.length + authenticator.length + 6)) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                   SSL_R_DATA_LENGTH_TOO_LONG);
-            goto err;
-        }
-
-        authenticator.data = (char *)p;
-        p += authenticator.length;
-
-        n2s(p, i);
-        enc_pms.length = i;
-        enc_pms.data = (char *)p;
-        p += enc_pms.length;
-
-        /*
-         * Note that the length is checked again below, ** after decryption
-         */
-        if (enc_pms.length > sizeof(pms)) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                   SSL_R_DATA_LENGTH_TOO_LONG);
-            goto err;
-        }
-
-        if (n != (long)(enc_ticket.length + authenticator.length +
-                        enc_pms.length + 6)) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                   SSL_R_DATA_LENGTH_TOO_LONG);
-            goto err;
-        }
-
-        if ((krb5rc = kssl_sget_tkt(kssl_ctx, &enc_ticket, &ttimes,
-                                    &kssl_err)) != 0) {
-# ifdef KSSL_DEBUG
-            fprintf(stderr, "kssl_sget_tkt rtn %d [%d]\n",
-                    krb5rc, kssl_err.reason);
-            if (kssl_err.text)
-                fprintf(stderr, "kssl_err text= %s\n", kssl_err.text);
-# endif                         /* KSSL_DEBUG */
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, kssl_err.reason);
-            goto err;
-        }
-
-        /*
-         * Note: no authenticator is not considered an error, ** but will
-         * return authtime == 0.
-         */
-        if ((krb5rc = kssl_check_authent(kssl_ctx, &authenticator,
-                                         &authtime, &kssl_err)) != 0) {
-# ifdef KSSL_DEBUG
-            fprintf(stderr, "kssl_check_authent rtn %d [%d]\n",
-                    krb5rc, kssl_err.reason);
-            if (kssl_err.text)
-                fprintf(stderr, "kssl_err text= %s\n", kssl_err.text);
-# endif                         /* KSSL_DEBUG */
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, kssl_err.reason);
-            goto err;
-        }
-
-        if ((krb5rc = kssl_validate_times(authtime, &ttimes)) != 0) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, krb5rc);
-            goto err;
-        }
-# ifdef KSSL_DEBUG
-        kssl_ctx_show(kssl_ctx);
-# endif                         /* KSSL_DEBUG */
-
-        enc = kssl_map_enc(kssl_ctx->enctype);
-        if (enc == NULL)
-            goto err;
-
-        memset(iv, 0, sizeof(iv)); /* per RFC 1510 */
-
-        if (!EVP_DecryptInit_ex(&ciph_ctx, enc, NULL, kssl_ctx->key, iv)) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                   SSL_R_DECRYPTION_FAILED);
-            goto err;
-        }
-        if (!EVP_DecryptUpdate(&ciph_ctx, pms, &outl,
-                               (unsigned char *)enc_pms.data, enc_pms.length))
-        {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                   SSL_R_DECRYPTION_FAILED);
-            kerr = 1;
-            goto kclean;
-        }
-        if (outl > SSL_MAX_MASTER_KEY_LENGTH) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                   SSL_R_DATA_LENGTH_TOO_LONG);
-            kerr = 1;
-            goto kclean;
-        }
-        if (!EVP_DecryptFinal_ex(&ciph_ctx, &(pms[outl]), &padl)) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                   SSL_R_DECRYPTION_FAILED);
-            kerr = 1;
-            goto kclean;
-        }
-        outl += padl;
-        if (outl > SSL_MAX_MASTER_KEY_LENGTH) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                   SSL_R_DATA_LENGTH_TOO_LONG);
-            kerr = 1;
-            goto kclean;
-        }
-        if (!((pms[0] == (s->client_version >> 8))
-              && (pms[1] == (s->client_version & 0xff)))) {
-            /*
-             * The premaster secret must contain the same version number as
-             * the ClientHello to detect version rollback attacks (strangely,
-             * the protocol does not offer such protection for DH
-             * ciphersuites). However, buggy clients exist that send random
-             * bytes instead of the protocol version. If
-             * SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients.
-             * (Perhaps we should have a separate BUG value for the Kerberos
-             * cipher)
-             */
-            if (!(s->options & SSL_OP_TLS_ROLLBACK_BUG)) {
-                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                       SSL_AD_DECODE_ERROR);
-                kerr = 1;
-                goto kclean;
-            }
-        }
-
-        EVP_CIPHER_CTX_cleanup(&ciph_ctx);
-
-        s->session->master_key_length =
-            s->method->ssl3_enc->generate_master_secret(s,
-                                                        s->
-                                                        session->master_key,
-                                                        pms, outl);
-
-        if (kssl_ctx->client_princ) {
-            size_t len = strlen(kssl_ctx->client_princ);
-            if (len < SSL_MAX_KRB5_PRINCIPAL_LENGTH) {
-                s->session->krb5_client_princ_len = len;
-                memcpy(s->session->krb5_client_princ, kssl_ctx->client_princ,
-                       len);
-            }
-        }
-
-        /*- Was doing kssl_ctx_free() here,
-         *  but it caused problems for apache.
-         *  kssl_ctx = kssl_ctx_free(kssl_ctx);
-         *  if (s->kssl_ctx)  s->kssl_ctx = NULL;
-         */
-
- kclean:
-        OPENSSL_cleanse(pms, sizeof(pms));
-        if (kerr)
-            goto err;
-    } else
-#endif                          /* OPENSSL_NO_KRB5 */
-
-#ifndef OPENSSL_NO_ECDH
-    if (alg_k & (SSL_kEECDH | SSL_kECDHr | SSL_kECDHe)) {
-        int ret = 1;
-        int field_size = 0;
-        const EC_KEY *tkey;
-        const EC_GROUP *group;
-        const BIGNUM *priv_key;
-
-        /* initialize structures for server's ECDH key pair */
-        if ((srvr_ecdh = EC_KEY_new()) == NULL) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-
-        /* Let's get server private key and group information */
-        if (alg_k & (SSL_kECDHr | SSL_kECDHe)) {
-            /* use the certificate */
-            tkey = s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec;
-        } else {
-            /*
-             * use the ephermeral values we saved when generating the
-             * ServerKeyExchange msg.
-             */
-            tkey = s->s3->tmp.ecdh;
-        }
-
-        group = EC_KEY_get0_group(tkey);
-        priv_key = EC_KEY_get0_private_key(tkey);
-
-        if (!EC_KEY_set_group(srvr_ecdh, group) ||
-            !EC_KEY_set_private_key(srvr_ecdh, priv_key)) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
-            goto err;
-        }
-
-        /* Let's get client's public key */
-        if ((clnt_ecpoint = EC_POINT_new(group)) == NULL) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-
-        if (n == 0L) {
-            /* Client Publickey was in Client Certificate */
-
-            if (alg_k & SSL_kEECDH) {
-                al = SSL_AD_HANDSHAKE_FAILURE;
-                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                       SSL_R_MISSING_TMP_ECDH_KEY);
-                goto f_err;
-            }
-            if (((clnt_pub_pkey = X509_get_pubkey(s->session->peer))
-                 == NULL) || (clnt_pub_pkey->type != EVP_PKEY_EC)) {
-                /*
-                 * XXX: For now, we do not support client authentication
-                 * using ECDH certificates so this branch (n == 0L) of the
-                 * code is never executed. When that support is added, we
-                 * ought to ensure the key received in the certificate is
-                 * authorized for key agreement. ECDH_compute_key implicitly
-                 * checks that the two ECDH shares are for the same group.
-                 */
-                al = SSL_AD_HANDSHAKE_FAILURE;
-                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                       SSL_R_UNABLE_TO_DECODE_ECDH_CERTS);
-                goto f_err;
-            }
-
-            if (EC_POINT_copy(clnt_ecpoint,
-                              EC_KEY_get0_public_key(clnt_pub_pkey->
-                                                     pkey.ec)) == 0) {
-                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
-                goto err;
-            }
-            ret = 2;            /* Skip certificate verify processing */
-        } else {
-            /*
-             * Get client's public key from encoded point in the
-             * ClientKeyExchange message.
-             */
-            if ((bn_ctx = BN_CTX_new()) == NULL) {
-                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                       ERR_R_MALLOC_FAILURE);
-                goto err;
-            }
-
-            /* Get encoded point length */
-            i = *p;
-            p += 1;
-            if (n != 1 + i) {
-                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
-                al = SSL_AD_DECODE_ERROR;
-                goto f_err;
-            }
-            if (EC_POINT_oct2point(group, clnt_ecpoint, p, i, bn_ctx) == 0) {
-                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
-                al = SSL_AD_HANDSHAKE_FAILURE;
-                goto f_err;
-            }
-            /*
-             * p is pointing to somewhere in the buffer currently, so set it
-             * to the start
-             */
-            p = (unsigned char *)s->init_buf->data;
-        }
-
-        /* Compute the shared pre-master secret */
-        field_size = EC_GROUP_get_degree(group);
-        if (field_size <= 0) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
-            goto err;
-        }
-        i = ECDH_compute_key(p, (field_size + 7) / 8, clnt_ecpoint, srvr_ecdh,
-                             NULL);
-        if (i <= 0) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
-            goto err;
-        }
-
-        EVP_PKEY_free(clnt_pub_pkey);
-        EC_POINT_free(clnt_ecpoint);
-        EC_KEY_free(srvr_ecdh);
-        BN_CTX_free(bn_ctx);
-        EC_KEY_free(s->s3->tmp.ecdh);
-        s->s3->tmp.ecdh = NULL;
-
-        /* Compute the master secret */
-        s->session->master_key_length =
-            s->method->ssl3_enc->generate_master_secret(s,
-                                                        s->
-                                                        session->master_key,
-                                                        p, i);
-
-        OPENSSL_cleanse(p, i);
-        return (ret);
-    } else
-#endif
-#ifndef OPENSSL_NO_PSK
-    if (alg_k & SSL_kPSK) {
-        unsigned char *t = NULL;
-        unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN * 2 + 4];
-        unsigned int pre_ms_len = 0, psk_len = 0;
-        int psk_err = 1;
-        char tmp_id[PSK_MAX_IDENTITY_LEN + 1];
-
-        al = SSL_AD_HANDSHAKE_FAILURE;
-
-        n2s(p, i);
-        if (n != i + 2) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
-            goto psk_err;
-        }
-        if (i > PSK_MAX_IDENTITY_LEN) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                   SSL_R_DATA_LENGTH_TOO_LONG);
-            goto psk_err;
-        }
-        if (s->psk_server_callback == NULL) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                   SSL_R_PSK_NO_SERVER_CB);
-            goto psk_err;
-        }
-
-        /*
-         * Create guaranteed NULL-terminated identity string for the callback
-         */
-        memcpy(tmp_id, p, i);
-        memset(tmp_id + i, 0, PSK_MAX_IDENTITY_LEN + 1 - i);
-        psk_len = s->psk_server_callback(s, tmp_id,
-                                         psk_or_pre_ms,
-                                         sizeof(psk_or_pre_ms));
-        OPENSSL_cleanse(tmp_id, PSK_MAX_IDENTITY_LEN + 1);
-
-        if (psk_len > PSK_MAX_PSK_LEN) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
-            goto psk_err;
-        } else if (psk_len == 0) {
-            /*
-             * PSK related to the given identity not found
-             */
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                   SSL_R_PSK_IDENTITY_NOT_FOUND);
-            al = SSL_AD_UNKNOWN_PSK_IDENTITY;
-            goto psk_err;
-        }
-
-        /* create PSK pre_master_secret */
-        pre_ms_len = 2 + psk_len + 2 + psk_len;
-        t = psk_or_pre_ms;
-        memmove(psk_or_pre_ms + psk_len + 4, psk_or_pre_ms, psk_len);
-        s2n(psk_len, t);
-        memset(t, 0, psk_len);
-        t += psk_len;
-        s2n(psk_len, t);
-
-        if (s->session->psk_identity != NULL)
-            OPENSSL_free(s->session->psk_identity);
-        s->session->psk_identity = BUF_strndup((char *)p, i);
-        if (s->session->psk_identity == NULL) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
-            goto psk_err;
-        }
-
-        if (s->session->psk_identity_hint != NULL)
-            OPENSSL_free(s->session->psk_identity_hint);
-        s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint);
-        if (s->ctx->psk_identity_hint != NULL &&
-            s->session->psk_identity_hint == NULL) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
-            goto psk_err;
-        }
-
-        s->session->master_key_length =
-            s->method->ssl3_enc->generate_master_secret(s,
-                                                        s->
-                                                        session->master_key,
-                                                        psk_or_pre_ms,
-                                                        pre_ms_len);
-        psk_err = 0;
- psk_err:
-        OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms));
-        if (psk_err != 0)
-            goto f_err;
-    } else
-#endif
-#ifndef OPENSSL_NO_SRP
-    if (alg_k & SSL_kSRP) {
-        int param_len;
-
-        n2s(p, i);
-        param_len = i + 2;
-        if (param_len > n) {
-            al = SSL_AD_DECODE_ERROR;
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                   SSL_R_BAD_SRP_A_LENGTH);
-            goto f_err;
-        }
-        if (!(s->srp_ctx.A = BN_bin2bn(p, i, NULL))) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_BN_LIB);
-            goto err;
-        }
-        if (BN_ucmp(s->srp_ctx.A, s->srp_ctx.N) >= 0
-            || BN_is_zero(s->srp_ctx.A)) {
-            al = SSL_AD_ILLEGAL_PARAMETER;
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                   SSL_R_BAD_SRP_PARAMETERS);
-            goto f_err;
-        }
-        if (s->session->srp_username != NULL)
-            OPENSSL_free(s->session->srp_username);
-        s->session->srp_username = BUF_strdup(s->srp_ctx.login);
-        if (s->session->srp_username == NULL) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-
-        if ((s->session->master_key_length =
-             SRP_generate_server_master_secret(s,
-                                               s->session->master_key)) < 0) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
-            goto err;
-        }
-
-        p += i;
-    } else
-#endif                          /* OPENSSL_NO_SRP */
-    if (alg_k & SSL_kGOST) {
-        int ret = 0;
-        EVP_PKEY_CTX *pkey_ctx;
-        EVP_PKEY *client_pub_pkey = NULL, *pk = NULL;
-        unsigned char premaster_secret[32], *start;
-        size_t outlen = 32, inlen;
-        unsigned long alg_a;
-        int Ttag, Tclass;
-        long Tlen;
-
-        /* Get our certificate private key */
-        alg_a = s->s3->tmp.new_cipher->algorithm_auth;
-        if (alg_a & SSL_aGOST94)
-            pk = s->cert->pkeys[SSL_PKEY_GOST94].privatekey;
-        else if (alg_a & SSL_aGOST01)
-            pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
-
-        pkey_ctx = EVP_PKEY_CTX_new(pk, NULL);
-        if (pkey_ctx == NULL) {
-            al = SSL_AD_INTERNAL_ERROR;
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
-            goto f_err;
-        }
-        if (EVP_PKEY_decrypt_init(pkey_ctx) <= 0) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
-            goto gerr;
-        }
-        /*
-         * If client certificate is present and is of the same type, maybe
-         * use it for key exchange.  Don't mind errors from
-         * EVP_PKEY_derive_set_peer, because it is completely valid to use a
-         * client certificate for authorization only.
-         */
-        client_pub_pkey = X509_get_pubkey(s->session->peer);
-        if (client_pub_pkey) {
-            if (EVP_PKEY_derive_set_peer(pkey_ctx, client_pub_pkey) <= 0)
-                ERR_clear_error();
-        }
-        /* Decrypt session key */
-        if (ASN1_get_object
-            ((const unsigned char **)&p, &Tlen, &Ttag, &Tclass,
-             n) != V_ASN1_CONSTRUCTED || Ttag != V_ASN1_SEQUENCE
-            || Tclass != V_ASN1_UNIVERSAL) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                   SSL_R_DECRYPTION_FAILED);
-            goto gerr;
-        }
-        start = p;
-        inlen = Tlen;
-        if (EVP_PKEY_decrypt
-            (pkey_ctx, premaster_secret, &outlen, start, inlen) <= 0) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                   SSL_R_DECRYPTION_FAILED);
-            goto gerr;
-        }
-        /* Generate master secret */
-        s->session->master_key_length =
-            s->method->ssl3_enc->generate_master_secret(s,
-                                                        s->
-                                                        session->master_key,
-                                                        premaster_secret, 32);
-        OPENSSL_cleanse(premaster_secret, sizeof(premaster_secret));
-        /* Check if pubkey from client certificate was used */
-        if (EVP_PKEY_CTX_ctrl
-            (pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0)
-            ret = 2;
-        else
-            ret = 1;
- gerr:
-        EVP_PKEY_free(client_pub_pkey);
-        EVP_PKEY_CTX_free(pkey_ctx);
-        if (ret)
-            return ret;
-        else
-            goto err;
-    } else {
-        al = SSL_AD_HANDSHAKE_FAILURE;
-        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_UNKNOWN_CIPHER_TYPE);
-        goto f_err;
-    }
-
-    return (1);
- f_err:
-    ssl3_send_alert(s, SSL3_AL_FATAL, al);
-#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_ECDH) || defined(OPENSSL_NO_SRP)
- err:
-#endif
-#ifndef OPENSSL_NO_ECDH
-    EVP_PKEY_free(clnt_pub_pkey);
-    EC_POINT_free(clnt_ecpoint);
-    if (srvr_ecdh != NULL)
-        EC_KEY_free(srvr_ecdh);
-    BN_CTX_free(bn_ctx);
-#endif
-    s->state = SSL_ST_ERR;
-    return (-1);
-}
-
-int ssl3_get_cert_verify(SSL *s)
-{
-    EVP_PKEY *pkey = NULL;
-    unsigned char *p;
-    int al, ok, ret = 0;
-    long n;
-    int type = 0, i, j;
-    X509 *peer;
-    const EVP_MD *md = NULL;
-    EVP_MD_CTX mctx;
-    EVP_MD_CTX_init(&mctx);
-
-    /*
-     * We should only process a CertificateVerify message if we have received
-     * a Certificate from the client. If so then |s->session->peer| will be non
-     * NULL. In some instances a CertificateVerify message is not required even
-     * if the peer has sent a Certificate (e.g. such as in the case of static
-     * DH). In that case the ClientKeyExchange processing will skip the
-     * CertificateVerify state so we should not arrive here.
-     */
-    if (s->session->peer == NULL) {
-        ret = 1;
-        goto end;
-    }
-
-    n = s->method->ssl_get_message(s,
-                                   SSL3_ST_SR_CERT_VRFY_A,
-                                   SSL3_ST_SR_CERT_VRFY_B,
-                                   SSL3_MT_CERTIFICATE_VERIFY,
-                                   SSL3_RT_MAX_PLAIN_LENGTH, &ok);
-
-    if (!ok)
-        return ((int)n);
-
-    peer = s->session->peer;
-    pkey = X509_get_pubkey(peer);
-    if (pkey == NULL) {
-        al = SSL_AD_INTERNAL_ERROR;
-        goto f_err;
-    }
-
-    type = X509_certificate_type(peer, pkey);
-
-    if (!(type & EVP_PKT_SIGN)) {
-        SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
-               SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE);
-        al = SSL_AD_ILLEGAL_PARAMETER;
-        goto f_err;
-    }
-
-    /* we now have a signature that we need to verify */
-    p = (unsigned char *)s->init_msg;
-    /* Check for broken implementations of GOST ciphersuites */
-    /*
-     * If key is GOST and n is exactly 64, it is bare signature without
-     * length field
-     */
-    if (n == 64 && (pkey->type == NID_id_GostR3410_94 ||
-                    pkey->type == NID_id_GostR3410_2001)) {
-        i = 64;
-    } else {
-        if (SSL_USE_SIGALGS(s)) {
-            int rv = tls12_check_peer_sigalg(&md, s, p, pkey);
-            if (rv == -1) {
-                al = SSL_AD_INTERNAL_ERROR;
-                goto f_err;
-            } else if (rv == 0) {
-                al = SSL_AD_DECODE_ERROR;
-                goto f_err;
-            }
-#ifdef SSL_DEBUG
-            fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
-#endif
-            p += 2;
-            n -= 2;
-        }
-        n2s(p, i);
-        n -= 2;
-        if (i > n) {
-            SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_LENGTH_MISMATCH);
-            al = SSL_AD_DECODE_ERROR;
-            goto f_err;
-        }
-    }
-    j = EVP_PKEY_size(pkey);
-    if ((i > j) || (n > j) || (n <= 0)) {
-        SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_WRONG_SIGNATURE_SIZE);
-        al = SSL_AD_DECODE_ERROR;
-        goto f_err;
-    }
-
-    if (SSL_USE_SIGALGS(s)) {
-        long hdatalen = 0;
-        void *hdata;
-        hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
-        if (hdatalen <= 0) {
-            SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_INTERNAL_ERROR);
-            al = SSL_AD_INTERNAL_ERROR;
-            goto f_err;
-        }
-#ifdef SSL_DEBUG
-        fprintf(stderr, "Using TLS 1.2 with client verify alg %s\n",
-                EVP_MD_name(md));
-#endif
-        if (!EVP_VerifyInit_ex(&mctx, md, NULL)
-            || !EVP_VerifyUpdate(&mctx, hdata, hdatalen)) {
-            SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_EVP_LIB);
-            al = SSL_AD_INTERNAL_ERROR;
-            goto f_err;
-        }
-
-        if (EVP_VerifyFinal(&mctx, p, i, pkey) <= 0) {
-            al = SSL_AD_DECRYPT_ERROR;
-            SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_BAD_SIGNATURE);
-            goto f_err;
-        }
-    } else
-#ifndef OPENSSL_NO_RSA
-    if (pkey->type == EVP_PKEY_RSA) {
-        i = RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md,
-                       MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, p, i,
-                       pkey->pkey.rsa);
-        if (i < 0) {
-            al = SSL_AD_DECRYPT_ERROR;
-            SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_BAD_RSA_DECRYPT);
-            goto f_err;
-        }
-        if (i == 0) {
-            al = SSL_AD_DECRYPT_ERROR;
-            SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_BAD_RSA_SIGNATURE);
-            goto f_err;
-        }
-    } else
-#endif
-#ifndef OPENSSL_NO_DSA
-    if (pkey->type == EVP_PKEY_DSA) {
-        j = DSA_verify(pkey->save_type,
-                       &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
-                       SHA_DIGEST_LENGTH, p, i, pkey->pkey.dsa);
-        if (j <= 0) {
-            /* bad signature */
-            al = SSL_AD_DECRYPT_ERROR;
-            SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_BAD_DSA_SIGNATURE);
-            goto f_err;
-        }
-    } else
-#endif
-#ifndef OPENSSL_NO_ECDSA
-    if (pkey->type == EVP_PKEY_EC) {
-        j = ECDSA_verify(pkey->save_type,
-                         &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
-                         SHA_DIGEST_LENGTH, p, i, pkey->pkey.ec);
-        if (j <= 0) {
-            /* bad signature */
-            al = SSL_AD_DECRYPT_ERROR;
-            SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_BAD_ECDSA_SIGNATURE);
-            goto f_err;
-        }
-    } else
-#endif
-    if (pkey->type == NID_id_GostR3410_94
-            || pkey->type == NID_id_GostR3410_2001) {
-        unsigned char signature[64];
-        int idx;
-        EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(pkey, NULL);
-        if (pctx == NULL) {
-            al = SSL_AD_INTERNAL_ERROR;
-            SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_MALLOC_FAILURE);
-            goto f_err;
-        }
-        if (EVP_PKEY_verify_init(pctx) <= 0) {
-            EVP_PKEY_CTX_free(pctx);
-            al = SSL_AD_INTERNAL_ERROR;
-            SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_INTERNAL_ERROR);
-            goto f_err;
-        }
-        if (i != 64) {
-#ifdef SSL_DEBUG
-            fprintf(stderr, "GOST signature length is %d", i);
-#endif
-        }
-        for (idx = 0; idx < 64; idx++) {
-            signature[63 - idx] = p[idx];
-        }
-        j = EVP_PKEY_verify(pctx, signature, 64, s->s3->tmp.cert_verify_md,
-                            32);
-        EVP_PKEY_CTX_free(pctx);
-        if (j <= 0) {
-            al = SSL_AD_DECRYPT_ERROR;
-            SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_BAD_ECDSA_SIGNATURE);
-            goto f_err;
-        }
-    } else {
-        SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_INTERNAL_ERROR);
-        al = SSL_AD_UNSUPPORTED_CERTIFICATE;
-        goto f_err;
-    }
-
-    ret = 1;
-    if (0) {
- f_err:
-        ssl3_send_alert(s, SSL3_AL_FATAL, al);
-        s->state = SSL_ST_ERR;
-    }
- end:
-    if (s->s3->handshake_buffer) {
-        BIO_free(s->s3->handshake_buffer);
-        s->s3->handshake_buffer = NULL;
-        s->s3->flags &= ~TLS1_FLAGS_KEEP_HANDSHAKE;
-    }
-    EVP_MD_CTX_cleanup(&mctx);
-    EVP_PKEY_free(pkey);
-    return (ret);
-}
-
-int ssl3_get_client_certificate(SSL *s)
-{
-    int i, ok, al, ret = -1;
-    X509 *x = NULL;
-    unsigned long l, nc, llen, n;
-    const unsigned char *p, *q;
-    unsigned char *d;
-    STACK_OF(X509) *sk = NULL;
-
-    n = s->method->ssl_get_message(s,
-                                   SSL3_ST_SR_CERT_A,
-                                   SSL3_ST_SR_CERT_B,
-                                   -1, s->max_cert_list, &ok);
-
-    if (!ok)
-        return ((int)n);
-
-    if (s->s3->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) {
-        if ((s->verify_mode & SSL_VERIFY_PEER) &&
-            (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
-                   SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
-            al = SSL_AD_HANDSHAKE_FAILURE;
-            goto f_err;
-        }
-        /*
-         * If tls asked for a client cert, the client must return a 0 list
-         */
-        if ((s->version > SSL3_VERSION) && s->s3->tmp.cert_request) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
-                   SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST);
-            al = SSL_AD_UNEXPECTED_MESSAGE;
-            goto f_err;
-        }
-        s->s3->tmp.reuse_message = 1;
-        return (1);
-    }
-
-    if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE) {
-        al = SSL_AD_UNEXPECTED_MESSAGE;
-        SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, SSL_R_WRONG_MESSAGE_TYPE);
-        goto f_err;
-    }
-    p = d = (unsigned char *)s->init_msg;
-
-    if ((sk = sk_X509_new_null()) == NULL) {
-        SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    n2l3(p, llen);
-    if (llen + 3 != n) {
-        al = SSL_AD_DECODE_ERROR;
-        SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, SSL_R_LENGTH_MISMATCH);
-        goto f_err;
-    }
-    for (nc = 0; nc < llen;) {
-        if (nc + 3 > llen) {
-            al = SSL_AD_DECODE_ERROR;
-            SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
-                   SSL_R_CERT_LENGTH_MISMATCH);
-            goto f_err;
-        }
-        n2l3(p, l);
-        if ((l + nc + 3) > llen) {
-            al = SSL_AD_DECODE_ERROR;
-            SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
-                   SSL_R_CERT_LENGTH_MISMATCH);
-            goto f_err;
-        }
-
-        q = p;
-        x = d2i_X509(NULL, &p, l);
-        if (x == NULL) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_ASN1_LIB);
-            goto err;
-        }
-        if (p != (q + l)) {
-            al = SSL_AD_DECODE_ERROR;
-            SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
-                   SSL_R_CERT_LENGTH_MISMATCH);
-            goto f_err;
-        }
-        if (!sk_X509_push(sk, x)) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-        x = NULL;
-        nc += l + 3;
-    }
-
-    if (sk_X509_num(sk) <= 0) {
-        /* TLS does not mind 0 certs returned */
-        if (s->version == SSL3_VERSION) {
-            al = SSL_AD_HANDSHAKE_FAILURE;
-            SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
-                   SSL_R_NO_CERTIFICATES_RETURNED);
-            goto f_err;
-        }
-        /* Fail for TLS only if we required a certificate */
-        else if ((s->verify_mode & SSL_VERIFY_PEER) &&
-                 (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
-                   SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
-            al = SSL_AD_HANDSHAKE_FAILURE;
-            goto f_err;
-        }
-        /* No client certificate so digest cached records */
-        if (s->s3->handshake_buffer && !ssl3_digest_cached_records(s)) {
-            al = SSL_AD_INTERNAL_ERROR;
-            goto f_err;
-        }
-    } else {
-        i = ssl_verify_cert_chain(s, sk);
-        if (i <= 0) {
-            al = ssl_verify_alarm_type(s->verify_result);
-            SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
-                   SSL_R_CERTIFICATE_VERIFY_FAILED);
-            goto f_err;
-        }
-    }
-
-    if (s->session->peer != NULL) /* This should not be needed */
-        X509_free(s->session->peer);
-    s->session->peer = sk_X509_shift(sk);
-    s->session->verify_result = s->verify_result;
-
-    /*
-     * With the current implementation, sess_cert will always be NULL when we
-     * arrive here.
-     */
-    if (s->session->sess_cert == NULL) {
-        s->session->sess_cert = ssl_sess_cert_new();
-        if (s->session->sess_cert == NULL) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-    }
-    if (s->session->sess_cert->cert_chain != NULL)
-        sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free);
-    s->session->sess_cert->cert_chain = sk;
-    /*
-     * Inconsistency alert: cert_chain does *not* include the peer's own
-     * certificate, while we do include it in s3_clnt.c
-     */
-
-    sk = NULL;
-
-    ret = 1;
-    if (0) {
- f_err:
-        ssl3_send_alert(s, SSL3_AL_FATAL, al);
- err:
-        s->state = SSL_ST_ERR;
-    }
-
-    if (x != NULL)
-        X509_free(x);
-    if (sk != NULL)
-        sk_X509_pop_free(sk, X509_free);
-    return (ret);
-}
-
-int ssl3_send_server_certificate(SSL *s)
-{
-    CERT_PKEY *cpk;
-
-    if (s->state == SSL3_ST_SW_CERT_A) {
-        cpk = ssl_get_server_send_pkey(s);
-        if (cpk == NULL) {
-            /* VRS: allow null cert if auth == KRB5 */
-            if ((s->s3->tmp.new_cipher->algorithm_auth != SSL_aKRB5) ||
-                (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5)) {
-                SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,
-                       ERR_R_INTERNAL_ERROR);
-                s->state = SSL_ST_ERR;
-                return (0);
-            }
-        }
-
-        if (!ssl3_output_cert_chain(s, cpk)) {
-            SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE, ERR_R_INTERNAL_ERROR);
-            s->state = SSL_ST_ERR;
-            return (0);
-        }
-        s->state = SSL3_ST_SW_CERT_B;
-    }
-
-    /* SSL3_ST_SW_CERT_B */
-    return ssl_do_write(s);
-}
-
-#ifndef OPENSSL_NO_TLSEXT
-/* send a new session ticket (not necessarily for a new session) */
-int ssl3_send_newsession_ticket(SSL *s)
-{
-    unsigned char *senc = NULL;
-    EVP_CIPHER_CTX ctx;
-    HMAC_CTX hctx;
-
-    if (s->state == SSL3_ST_SW_SESSION_TICKET_A) {
-        unsigned char *p, *macstart;
-        const unsigned char *const_p;
-        int len, slen_full, slen;
-        SSL_SESSION *sess;
-        unsigned int hlen;
-        SSL_CTX *tctx = s->initial_ctx;
-        unsigned char iv[EVP_MAX_IV_LENGTH];
-        unsigned char key_name[16];
-
-        /* get session encoding length */
-        slen_full = i2d_SSL_SESSION(s->session, NULL);
-        /*
-         * Some length values are 16 bits, so forget it if session is too
-         * long
-         */
-        if (slen_full == 0 || slen_full > 0xFF00) {
-            s->state = SSL_ST_ERR;
-            return -1;
-        }
-        senc = OPENSSL_malloc(slen_full);
-        if (!senc) {
-            s->state = SSL_ST_ERR;
-            return -1;
-        }
-
-        EVP_CIPHER_CTX_init(&ctx);
-        HMAC_CTX_init(&hctx);
-
-        p = senc;
-        if (!i2d_SSL_SESSION(s->session, &p))
-            goto err;
-
-        /*
-         * create a fresh copy (not shared with other threads) to clean up
-         */
-        const_p = senc;
-        sess = d2i_SSL_SESSION(NULL, &const_p, slen_full);
-        if (sess == NULL)
-            goto err;
-        sess->session_id_length = 0; /* ID is irrelevant for the ticket */
-
-        slen = i2d_SSL_SESSION(sess, NULL);
-        if (slen == 0 || slen > slen_full) { /* shouldn't ever happen */
-            SSL_SESSION_free(sess);
-            goto err;
-        }
-        p = senc;
-        if (!i2d_SSL_SESSION(sess, &p)) {
-            SSL_SESSION_free(sess);
-            goto err;
-        }
-        SSL_SESSION_free(sess);
-
-        /*-
-         * Grow buffer if need be: the length calculation is as
-         * follows handshake_header_length +
-         * 4 (ticket lifetime hint) + 2 (ticket length) +
-         * 16 (key name) + max_iv_len (iv length) +
-         * session_length + max_enc_block_size (max encrypted session
-         * length) + max_md_size (HMAC).
-         */
-        if (!BUF_MEM_grow(s->init_buf,
-                          SSL_HM_HEADER_LENGTH(s) + 22 + EVP_MAX_IV_LENGTH +
-                          EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE + slen))
-            goto err;
-
-        p = ssl_handshake_start(s);
-        /*
-         * Initialize HMAC and cipher contexts. If callback present it does
-         * all the work otherwise use generated values from parent ctx.
-         */
-        if (tctx->tlsext_ticket_key_cb) {
-            /* if 0 is returned, write en empty ticket */
-            int ret = tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
-                                                 &hctx, 1);
-
-            if (ret == 0) {
-                l2n(0, p); /* timeout */
-                s2n(0, p); /* length */
-                ssl_set_handshake_header(s, SSL3_MT_NEWSESSION_TICKET,
-                                         p - ssl_handshake_start(s));
-                s->state = SSL3_ST_SW_SESSION_TICKET_B;
-                OPENSSL_free(senc);
-                EVP_CIPHER_CTX_cleanup(&ctx);
-                HMAC_CTX_cleanup(&hctx);
-                return ssl_do_write(s);
-            }
-            if (ret < 0)
-                goto err;
-        } else {
-            if (RAND_bytes(iv, 16) <= 0)
-                goto err;
-            if (!EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
-                                    tctx->tlsext_tick_aes_key, iv))
-                goto err;
-            if (!HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
-                              tlsext_tick_md(), NULL))
-                goto err;
-            memcpy(key_name, tctx->tlsext_tick_key_name, 16);
-        }
-
-        /*
-         * Ticket lifetime hint (advisory only): We leave this unspecified
-         * for resumed session (for simplicity), and guess that tickets for
-         * new sessions will live as long as their sessions.
-         */
-        l2n(s->hit ? 0 : s->session->timeout, p);
-
-        /* Skip ticket length for now */
-        p += 2;
-        /* Output key name */
-        macstart = p;
-        memcpy(p, key_name, 16);
-        p += 16;
-        /* output IV */
-        memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx));
-        p += EVP_CIPHER_CTX_iv_length(&ctx);
-        /* Encrypt session data */
-        if (!EVP_EncryptUpdate(&ctx, p, &len, senc, slen))
-            goto err;
-        p += len;
-        if (!EVP_EncryptFinal(&ctx, p, &len))
-            goto err;
-        p += len;
-
-        if (!HMAC_Update(&hctx, macstart, p - macstart))
-            goto err;
-        if (!HMAC_Final(&hctx, p, &hlen))
-            goto err;
-
-        EVP_CIPHER_CTX_cleanup(&ctx);
-        HMAC_CTX_cleanup(&hctx);
-
-        p += hlen;
-        /* Now write out lengths: p points to end of data written */
-        /* Total length */
-        len = p - ssl_handshake_start(s);
-        /* Skip ticket lifetime hint */
-        p = ssl_handshake_start(s) + 4;
-        s2n(len - 6, p);
-        ssl_set_handshake_header(s, SSL3_MT_NEWSESSION_TICKET, len);
-        s->state = SSL3_ST_SW_SESSION_TICKET_B;
-        OPENSSL_free(senc);
-    }
-
-    /* SSL3_ST_SW_SESSION_TICKET_B */
-    return ssl_do_write(s);
- err:
-    if (senc)
-        OPENSSL_free(senc);
-    EVP_CIPHER_CTX_cleanup(&ctx);
-    HMAC_CTX_cleanup(&hctx);
-    s->state = SSL_ST_ERR;
-    return -1;
-}
-
-int ssl3_send_cert_status(SSL *s)
-{
-    if (s->state == SSL3_ST_SW_CERT_STATUS_A) {
-        unsigned char *p;
-        size_t msglen;
-
-        /*-
-         * Grow buffer if need be: the length calculation is as
-         * follows handshake_header_length +
-         * 1 (ocsp response type) + 3 (ocsp response length)
-         * + (ocsp response)
-         */
-        msglen = 4 + s->tlsext_ocsp_resplen;
-        if (!BUF_MEM_grow(s->init_buf, SSL_HM_HEADER_LENGTH(s) + msglen)) {
-            s->state = SSL_ST_ERR;
-            return -1;
-        }
-
-        p = ssl_handshake_start(s);
-
-        /* status type */
-        *(p++) = s->tlsext_status_type;
-        /* length of OCSP response */
-        l2n3(s->tlsext_ocsp_resplen, p);
-        /* actual response */
-        memcpy(p, s->tlsext_ocsp_resp, s->tlsext_ocsp_resplen);
-
-        ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE_STATUS, msglen);
-    }
-
-    /* SSL3_ST_SW_CERT_STATUS_B */
-    return (ssl_do_write(s));
-}
-
-# ifndef OPENSSL_NO_NEXTPROTONEG
-/*
- * ssl3_get_next_proto reads a Next Protocol Negotiation handshake message.
- * It sets the next_proto member in s if found
- */
-int ssl3_get_next_proto(SSL *s)
-{
-    int ok;
-    int proto_len, padding_len;
-    long n;
-    const unsigned char *p;
-
-    /*
-     * Clients cannot send a NextProtocol message if we didn't see the
-     * extension in their ClientHello
-     */
-    if (!s->s3->next_proto_neg_seen) {
-        SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,
-               SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION);
-        s->state = SSL_ST_ERR;
-        return -1;
-    }
-
-    /* See the payload format below */
-    n = s->method->ssl_get_message(s,
-                                   SSL3_ST_SR_NEXT_PROTO_A,
-                                   SSL3_ST_SR_NEXT_PROTO_B,
-                                   SSL3_MT_NEXT_PROTO, 514, &ok);
-
-    if (!ok)
-        return ((int)n);
-
-    /*
-     * s->state doesn't reflect whether ChangeCipherSpec has been received in
-     * this handshake, but s->s3->change_cipher_spec does (will be reset by
-     * ssl3_get_finished).
-     */
-    if (!s->s3->change_cipher_spec) {
-        SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS);
-        s->state = SSL_ST_ERR;
-        return -1;
-    }
-
-    if (n < 2) {
-        s->state = SSL_ST_ERR;
-        return 0;               /* The body must be > 1 bytes long */
-    }
-
-    p = (unsigned char *)s->init_msg;
-
-    /*-
-     * The payload looks like:
-     *   uint8 proto_len;
-     *   uint8 proto[proto_len];
-     *   uint8 padding_len;
-     *   uint8 padding[padding_len];
-     */
-    proto_len = p[0];
-    if (proto_len + 2 > s->init_num) {
-        s->state = SSL_ST_ERR;
-        return 0;
-    }
-    padding_len = p[proto_len + 1];
-    if (proto_len + padding_len + 2 != s->init_num) {
-        s->state = SSL_ST_ERR;
-        return 0;
-    }
-
-    s->next_proto_negotiated = OPENSSL_malloc(proto_len);
-    if (!s->next_proto_negotiated) {
-        SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, ERR_R_MALLOC_FAILURE);
-        s->state = SSL_ST_ERR;
-        return 0;
-    }
-    memcpy(s->next_proto_negotiated, p + 1, proto_len);
-    s->next_proto_negotiated_len = proto_len;
-
-    return 1;
-}
-# endif
-
-#endif
diff --git a/freebsd/crypto/openssl/ssl/srtp.h b/freebsd/crypto/openssl/ssl/srtp.h
deleted file mode 100644
index 2279c32b..00000000
--- a/freebsd/crypto/openssl/ssl/srtp.h
+++ /dev/null
@@ -1,147 +0,0 @@
-/* ssl/srtp.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/*
- * DTLS code by Eric Rescorla <ekr@rtfm.com>
- *
- * Copyright (C) 2006, Network Resonance, Inc. Copyright (C) 2011, RTFM, Inc.
- */
-
-#ifndef HEADER_D1_SRTP_H
-# define HEADER_D1_SRTP_H
-
-# include <openssl/ssl.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-# define SRTP_AES128_CM_SHA1_80 0x0001
-# define SRTP_AES128_CM_SHA1_32 0x0002
-# define SRTP_AES128_F8_SHA1_80 0x0003
-# define SRTP_AES128_F8_SHA1_32 0x0004
-# define SRTP_NULL_SHA1_80      0x0005
-# define SRTP_NULL_SHA1_32      0x0006
-
-# ifndef OPENSSL_NO_SRTP
-
-int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles);
-int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles);
-
-STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl);
-SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);
-
-# endif
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/freebsd/crypto/openssl/ssl/ssl.h b/freebsd/crypto/openssl/ssl/ssl.h
deleted file mode 100644
index 4bc1f4e6..00000000
--- a/freebsd/crypto/openssl/ssl/ssl.h
+++ /dev/null
@@ -1,3164 +0,0 @@
-/* ssl/ssl.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2018 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
-
-#ifndef HEADER_SSL_H
-# define HEADER_SSL_H
-
-# include <openssl/e_os2.h>
-
-# ifndef OPENSSL_NO_COMP
-#  include <openssl/comp.h>
-# endif
-# ifndef OPENSSL_NO_BIO
-#  include <openssl/bio.h>
-# endif
-# ifndef OPENSSL_NO_DEPRECATED
-#  ifndef OPENSSL_NO_X509
-#   include <openssl/x509.h>
-#  endif
-#  include <openssl/crypto.h>
-#  include <openssl/lhash.h>
-#  include <openssl/buffer.h>
-# endif
-# include <openssl/pem.h>
-# include <openssl/hmac.h>
-
-# include <openssl/kssl.h>
-# include <openssl/safestack.h>
-# include <openssl/symhacks.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* SSLeay version number for ASN.1 encoding of the session information */
-/*-
- * Version 0 - initial version
- * Version 1 - added the optional peer certificate
- */
-# define SSL_SESSION_ASN1_VERSION 0x0001
-
-/* text strings for the ciphers */
-# define SSL_TXT_NULL_WITH_MD5           SSL2_TXT_NULL_WITH_MD5
-# define SSL_TXT_RC4_128_WITH_MD5        SSL2_TXT_RC4_128_WITH_MD5
-# define SSL_TXT_RC4_128_EXPORT40_WITH_MD5 SSL2_TXT_RC4_128_EXPORT40_WITH_MD5
-# define SSL_TXT_RC2_128_CBC_WITH_MD5    SSL2_TXT_RC2_128_CBC_WITH_MD5
-# define SSL_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5
-# define SSL_TXT_IDEA_128_CBC_WITH_MD5   SSL2_TXT_IDEA_128_CBC_WITH_MD5
-# define SSL_TXT_DES_64_CBC_WITH_MD5     SSL2_TXT_DES_64_CBC_WITH_MD5
-# define SSL_TXT_DES_64_CBC_WITH_SHA     SSL2_TXT_DES_64_CBC_WITH_SHA
-# define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5
-# define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA
-
-/*
- * VRS Additional Kerberos5 entries
- */
-# define SSL_TXT_KRB5_DES_64_CBC_SHA   SSL3_TXT_KRB5_DES_64_CBC_SHA
-# define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA
-# define SSL_TXT_KRB5_RC4_128_SHA      SSL3_TXT_KRB5_RC4_128_SHA
-# define SSL_TXT_KRB5_IDEA_128_CBC_SHA SSL3_TXT_KRB5_IDEA_128_CBC_SHA
-# define SSL_TXT_KRB5_DES_64_CBC_MD5   SSL3_TXT_KRB5_DES_64_CBC_MD5
-# define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5
-# define SSL_TXT_KRB5_RC4_128_MD5      SSL3_TXT_KRB5_RC4_128_MD5
-# define SSL_TXT_KRB5_IDEA_128_CBC_MD5 SSL3_TXT_KRB5_IDEA_128_CBC_MD5
-
-# define SSL_TXT_KRB5_DES_40_CBC_SHA   SSL3_TXT_KRB5_DES_40_CBC_SHA
-# define SSL_TXT_KRB5_RC2_40_CBC_SHA   SSL3_TXT_KRB5_RC2_40_CBC_SHA
-# define SSL_TXT_KRB5_RC4_40_SHA       SSL3_TXT_KRB5_RC4_40_SHA
-# define SSL_TXT_KRB5_DES_40_CBC_MD5   SSL3_TXT_KRB5_DES_40_CBC_MD5
-# define SSL_TXT_KRB5_RC2_40_CBC_MD5   SSL3_TXT_KRB5_RC2_40_CBC_MD5
-# define SSL_TXT_KRB5_RC4_40_MD5       SSL3_TXT_KRB5_RC4_40_MD5
-
-# define SSL_TXT_KRB5_DES_40_CBC_SHA   SSL3_TXT_KRB5_DES_40_CBC_SHA
-# define SSL_TXT_KRB5_DES_40_CBC_MD5   SSL3_TXT_KRB5_DES_40_CBC_MD5
-# define SSL_TXT_KRB5_DES_64_CBC_SHA   SSL3_TXT_KRB5_DES_64_CBC_SHA
-# define SSL_TXT_KRB5_DES_64_CBC_MD5   SSL3_TXT_KRB5_DES_64_CBC_MD5
-# define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA
-# define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5
-# define SSL_MAX_KRB5_PRINCIPAL_LENGTH  256
-
-# define SSL_MAX_SSL_SESSION_ID_LENGTH           32
-# define SSL_MAX_SID_CTX_LENGTH                  32
-
-# define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES     (512/8)
-# define SSL_MAX_KEY_ARG_LENGTH                  8
-# define SSL_MAX_MASTER_KEY_LENGTH               48
-
-/* These are used to specify which ciphers to use and not to use */
-
-# define SSL_TXT_EXP40           "EXPORT40"
-# define SSL_TXT_EXP56           "EXPORT56"
-# define SSL_TXT_LOW             "LOW"
-# define SSL_TXT_MEDIUM          "MEDIUM"
-# define SSL_TXT_HIGH            "HIGH"
-# define SSL_TXT_FIPS            "FIPS"
-
-# define SSL_TXT_kFZA            "kFZA"/* unused! */
-# define SSL_TXT_aFZA            "aFZA"/* unused! */
-# define SSL_TXT_eFZA            "eFZA"/* unused! */
-# define SSL_TXT_FZA             "FZA"/* unused! */
-
-# define SSL_TXT_aNULL           "aNULL"
-# define SSL_TXT_eNULL           "eNULL"
-# define SSL_TXT_NULL            "NULL"
-
-# define SSL_TXT_kRSA            "kRSA"
-# define SSL_TXT_kDHr            "kDHr"
-# define SSL_TXT_kDHd            "kDHd"
-# define SSL_TXT_kDH             "kDH"
-# define SSL_TXT_kEDH            "kEDH"
-# define SSL_TXT_kDHE            "kDHE"/* alias for kEDH */
-# define SSL_TXT_kKRB5           "kKRB5"
-# define SSL_TXT_kECDHr          "kECDHr"
-# define SSL_TXT_kECDHe          "kECDHe"
-# define SSL_TXT_kECDH           "kECDH"
-# define SSL_TXT_kEECDH          "kEECDH"
-# define SSL_TXT_kECDHE          "kECDHE"/* alias for kEECDH */
-# define SSL_TXT_kPSK            "kPSK"
-# define SSL_TXT_kGOST           "kGOST"
-# define SSL_TXT_kSRP            "kSRP"
-
-# define SSL_TXT_aRSA            "aRSA"
-# define SSL_TXT_aDSS            "aDSS"
-# define SSL_TXT_aDH             "aDH"
-# define SSL_TXT_aECDH           "aECDH"
-# define SSL_TXT_aKRB5           "aKRB5"
-# define SSL_TXT_aECDSA          "aECDSA"
-# define SSL_TXT_aPSK            "aPSK"
-# define SSL_TXT_aGOST94 "aGOST94"
-# define SSL_TXT_aGOST01 "aGOST01"
-# define SSL_TXT_aGOST  "aGOST"
-# define SSL_TXT_aSRP            "aSRP"
-
-# define SSL_TXT_DSS             "DSS"
-# define SSL_TXT_DH              "DH"
-# define SSL_TXT_EDH             "EDH"/* same as "kEDH:-ADH" */
-# define SSL_TXT_DHE             "DHE"/* alias for EDH */
-# define SSL_TXT_ADH             "ADH"
-# define SSL_TXT_RSA             "RSA"
-# define SSL_TXT_ECDH            "ECDH"
-# define SSL_TXT_EECDH           "EECDH"/* same as "kEECDH:-AECDH" */
-# define SSL_TXT_ECDHE           "ECDHE"/* alias for ECDHE" */
-# define SSL_TXT_AECDH           "AECDH"
-# define SSL_TXT_ECDSA           "ECDSA"
-# define SSL_TXT_KRB5            "KRB5"
-# define SSL_TXT_PSK             "PSK"
-# define SSL_TXT_SRP             "SRP"
-
-# define SSL_TXT_DES             "DES"
-# define SSL_TXT_3DES            "3DES"
-# define SSL_TXT_RC4             "RC4"
-# define SSL_TXT_RC2             "RC2"
-# define SSL_TXT_IDEA            "IDEA"
-# define SSL_TXT_SEED            "SEED"
-# define SSL_TXT_AES128          "AES128"
-# define SSL_TXT_AES256          "AES256"
-# define SSL_TXT_AES             "AES"
-# define SSL_TXT_AES_GCM         "AESGCM"
-# define SSL_TXT_CAMELLIA128     "CAMELLIA128"
-# define SSL_TXT_CAMELLIA256     "CAMELLIA256"
-# define SSL_TXT_CAMELLIA        "CAMELLIA"
-
-# define SSL_TXT_MD5             "MD5"
-# define SSL_TXT_SHA1            "SHA1"
-# define SSL_TXT_SHA             "SHA"/* same as "SHA1" */
-# define SSL_TXT_GOST94          "GOST94"
-# define SSL_TXT_GOST89MAC               "GOST89MAC"
-# define SSL_TXT_SHA256          "SHA256"
-# define SSL_TXT_SHA384          "SHA384"
-
-# define SSL_TXT_SSLV2           "SSLv2"
-# define SSL_TXT_SSLV3           "SSLv3"
-# define SSL_TXT_TLSV1           "TLSv1"
-# define SSL_TXT_TLSV1_1         "TLSv1.1"
-# define SSL_TXT_TLSV1_2         "TLSv1.2"
-
-# define SSL_TXT_EXP             "EXP"
-# define SSL_TXT_EXPORT          "EXPORT"
-
-# define SSL_TXT_ALL             "ALL"
-
-/*-
- * COMPLEMENTOF* definitions. These identifiers are used to (de-select)
- * ciphers normally not being used.
- * Example: "RC4" will activate all ciphers using RC4 including ciphers
- * without authentication, which would normally disabled by DEFAULT (due
- * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT"
- * will make sure that it is also disabled in the specific selection.
- * COMPLEMENTOF* identifiers are portable between version, as adjustments
- * to the default cipher setup will also be included here.
- *
- * COMPLEMENTOFDEFAULT does not experience the same special treatment that
- * DEFAULT gets, as only selection is being done and no sorting as needed
- * for DEFAULT.
- */
-# define SSL_TXT_CMPALL          "COMPLEMENTOFALL"
-# define SSL_TXT_CMPDEF          "COMPLEMENTOFDEFAULT"
-
-/*
- * The following cipher list is used by default. It also is substituted when
- * an application-defined cipher list string starts with 'DEFAULT'.
- */
-# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2"
-/*
- * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
- * starts with a reasonable order, and all we have to do for DEFAULT is
- * throwing out anonymous and unencrypted ciphersuites! (The latter are not
- * actually enabled by ALL, but "ALL:RSA" would enable some of them.)
- */
-
-/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
-# define SSL_SENT_SHUTDOWN       1
-# define SSL_RECEIVED_SHUTDOWN   2
-
-#ifdef __cplusplus
-}
-#endif
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-# if (defined(OPENSSL_NO_RSA) || defined(OPENSSL_NO_MD5)) && !defined(OPENSSL_NO_SSL2)
-#  define OPENSSL_NO_SSL2
-# endif
-
-# define SSL_FILETYPE_ASN1       X509_FILETYPE_ASN1
-# define SSL_FILETYPE_PEM        X509_FILETYPE_PEM
-
-/*
- * This is needed to stop compilers complaining about the 'struct ssl_st *'
- * function parameters used to prototype callbacks in SSL_CTX.
- */
-typedef struct ssl_st *ssl_crock_st;
-typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT;
-typedef struct ssl_method_st SSL_METHOD;
-typedef struct ssl_cipher_st SSL_CIPHER;
-typedef struct ssl_session_st SSL_SESSION;
-typedef struct tls_sigalgs_st TLS_SIGALGS;
-typedef struct ssl_conf_ctx_st SSL_CONF_CTX;
-
-DECLARE_STACK_OF(SSL_CIPHER)
-
-/* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/
-typedef struct srtp_protection_profile_st {
-    const char *name;
-    unsigned long id;
-} SRTP_PROTECTION_PROFILE;
-
-DECLARE_STACK_OF(SRTP_PROTECTION_PROFILE)
-
-typedef int (*tls_session_ticket_ext_cb_fn) (SSL *s,
-                                             const unsigned char *data,
-                                             int len, void *arg);
-typedef int (*tls_session_secret_cb_fn) (SSL *s, void *secret,
-                                         int *secret_len,
-                                         STACK_OF(SSL_CIPHER) *peer_ciphers,
-                                         SSL_CIPHER **cipher, void *arg);
-
-# ifndef OPENSSL_NO_TLSEXT
-
-/* Typedefs for handling custom extensions */
-
-typedef int (*custom_ext_add_cb) (SSL *s, unsigned int ext_type,
-                                  const unsigned char **out,
-                                  size_t *outlen, int *al, void *add_arg);
-
-typedef void (*custom_ext_free_cb) (SSL *s, unsigned int ext_type,
-                                    const unsigned char *out, void *add_arg);
-
-typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type,
-                                    const unsigned char *in,
-                                    size_t inlen, int *al, void *parse_arg);
-
-# endif
-
-# ifndef OPENSSL_NO_SSL_INTERN
-
-/* used to hold info on the particular ciphers used */
-struct ssl_cipher_st {
-    int valid;
-    const char *name;           /* text name */
-    unsigned long id;           /* id, 4 bytes, first is version */
-    /*
-     * changed in 0.9.9: these four used to be portions of a single value
-     * 'algorithms'
-     */
-    unsigned long algorithm_mkey; /* key exchange algorithm */
-    unsigned long algorithm_auth; /* server authentication */
-    unsigned long algorithm_enc; /* symmetric encryption */
-    unsigned long algorithm_mac; /* symmetric authentication */
-    unsigned long algorithm_ssl; /* (major) protocol version */
-    unsigned long algo_strength; /* strength and export flags */
-    unsigned long algorithm2;   /* Extra flags */
-    int strength_bits;          /* Number of bits really used */
-    int alg_bits;               /* Number of bits for algorithm */
-};
-
-/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
-struct ssl_method_st {
-    int version;
-    int (*ssl_new) (SSL *s);
-    void (*ssl_clear) (SSL *s);
-    void (*ssl_free) (SSL *s);
-    int (*ssl_accept) (SSL *s);
-    int (*ssl_connect) (SSL *s);
-    int (*ssl_read) (SSL *s, void *buf, int len);
-    int (*ssl_peek) (SSL *s, void *buf, int len);
-    int (*ssl_write) (SSL *s, const void *buf, int len);
-    int (*ssl_shutdown) (SSL *s);
-    int (*ssl_renegotiate) (SSL *s);
-    int (*ssl_renegotiate_check) (SSL *s);
-    long (*ssl_get_message) (SSL *s, int st1, int stn, int mt, long
-                             max, int *ok);
-    int (*ssl_read_bytes) (SSL *s, int type, unsigned char *buf, int len,
-                           int peek);
-    int (*ssl_write_bytes) (SSL *s, int type, const void *buf_, int len);
-    int (*ssl_dispatch_alert) (SSL *s);
-    long (*ssl_ctrl) (SSL *s, int cmd, long larg, void *parg);
-    long (*ssl_ctx_ctrl) (SSL_CTX *ctx, int cmd, long larg, void *parg);
-    const SSL_CIPHER *(*get_cipher_by_char) (const unsigned char *ptr);
-    int (*put_cipher_by_char) (const SSL_CIPHER *cipher, unsigned char *ptr);
-    int (*ssl_pending) (const SSL *s);
-    int (*num_ciphers) (void);
-    const SSL_CIPHER *(*get_cipher) (unsigned ncipher);
-    const struct ssl_method_st *(*get_ssl_method) (int version);
-    long (*get_timeout) (void);
-    struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
-    int (*ssl_version) (void);
-    long (*ssl_callback_ctrl) (SSL *s, int cb_id, void (*fp) (void));
-    long (*ssl_ctx_callback_ctrl) (SSL_CTX *s, int cb_id, void (*fp) (void));
-};
-
-/*-
- * Lets make this into an ASN.1 type structure as follows
- * SSL_SESSION_ID ::= SEQUENCE {
- *      version                 INTEGER,        -- structure version number
- *      SSLversion              INTEGER,        -- SSL version number
- *      Cipher                  OCTET STRING,   -- the 3 byte cipher ID
- *      Session_ID              OCTET STRING,   -- the Session ID
- *      Master_key              OCTET STRING,   -- the master key
- *      KRB5_principal          OCTET STRING    -- optional Kerberos principal
- *      Key_Arg [ 0 ] IMPLICIT  OCTET STRING,   -- the optional Key argument
- *      Time [ 1 ] EXPLICIT     INTEGER,        -- optional Start Time
- *      Timeout [ 2 ] EXPLICIT  INTEGER,        -- optional Timeout ins seconds
- *      Peer [ 3 ] EXPLICIT     X509,           -- optional Peer Certificate
- *      Session_ID_context [ 4 ] EXPLICIT OCTET STRING,   -- the Session ID context
- *      Verify_result [ 5 ] EXPLICIT INTEGER,   -- X509_V_... code for `Peer'
- *      HostName [ 6 ] EXPLICIT OCTET STRING,   -- optional HostName from servername TLS extension
- *      PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint
- *      PSK_identity [ 8 ] EXPLICIT OCTET STRING,  -- optional PSK identity
- *      Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket
- *      Ticket [10]             EXPLICIT OCTET STRING, -- session ticket (clients only)
- *      Compression_meth [11]   EXPLICIT OCTET STRING, -- optional compression method
- *      SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username
- *      }
- * Look in ssl/ssl_asn1.c for more details
- * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
- */
-struct ssl_session_st {
-    int ssl_version;            /* what ssl version session info is being
-                                 * kept in here? */
-    /* only really used in SSLv2 */
-    unsigned int key_arg_length;
-    unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH];
-    int master_key_length;
-    unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
-    /* session_id - valid? */
-    unsigned int session_id_length;
-    unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
-    /*
-     * this is used to determine whether the session is being reused in the
-     * appropriate context. It is up to the application to set this, via
-     * SSL_new
-     */
-    unsigned int sid_ctx_length;
-    unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
-#  ifndef OPENSSL_NO_KRB5
-    unsigned int krb5_client_princ_len;
-    unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH];
-#  endif                        /* OPENSSL_NO_KRB5 */
-#  ifndef OPENSSL_NO_PSK
-    char *psk_identity_hint;
-    char *psk_identity;
-#  endif
-    /*
-     * Used to indicate that session resumption is not allowed. Applications
-     * can also set this bit for a new session via not_resumable_session_cb
-     * to disable session caching and tickets.
-     */
-    int not_resumable;
-    /* The cert is the certificate used to establish this connection */
-    struct sess_cert_st /* SESS_CERT */ *sess_cert;
-    /*
-     * This is the cert for the other end. On clients, it will be the same as
-     * sess_cert->peer_key->x509 (the latter is not enough as sess_cert is
-     * not retained in the external representation of sessions, see
-     * ssl_asn1.c).
-     */
-    X509 *peer;
-    /*
-     * when app_verify_callback accepts a session where the peer's
-     * certificate is not ok, we must remember the error for session reuse:
-     */
-    long verify_result;         /* only for servers */
-    int references;
-    long timeout;
-    long time;
-    unsigned int compress_meth; /* Need to lookup the method */
-    const SSL_CIPHER *cipher;
-    unsigned long cipher_id;    /* when ASN.1 loaded, this needs to be used
-                                 * to load the 'cipher' structure */
-    STACK_OF(SSL_CIPHER) *ciphers; /* ciphers offered by the client */
-    CRYPTO_EX_DATA ex_data;     /* application specific data */
-    /*
-     * These are used to make removal of session-ids more efficient and to
-     * implement a maximum cache size.
-     */
-    struct ssl_session_st *prev, *next;
-#  ifndef OPENSSL_NO_TLSEXT
-    char *tlsext_hostname;
-#   ifndef OPENSSL_NO_EC
-    size_t tlsext_ecpointformatlist_length;
-    unsigned char *tlsext_ecpointformatlist; /* peer's list */
-    size_t tlsext_ellipticcurvelist_length;
-    unsigned char *tlsext_ellipticcurvelist; /* peer's list */
-#   endif                       /* OPENSSL_NO_EC */
-    /* RFC4507 info */
-    unsigned char *tlsext_tick; /* Session ticket */
-    size_t tlsext_ticklen;      /* Session ticket length */
-    long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */
-#  endif
-#  ifndef OPENSSL_NO_SRP
-    char *srp_username;
-#  endif
-};
-
-# endif
-
-# define SSL_OP_MICROSOFT_SESS_ID_BUG                    0x00000001L
-# define SSL_OP_NETSCAPE_CHALLENGE_BUG                   0x00000002L
-/* Allow initial connection to servers that don't support RI */
-# define SSL_OP_LEGACY_SERVER_CONNECT                    0x00000004L
-# define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG         0x00000008L
-# define SSL_OP_TLSEXT_PADDING                           0x00000010L
-# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER               0x00000020L
-# define SSL_OP_SAFARI_ECDHE_ECDSA_BUG                   0x00000040L
-# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG                 0x00000080L
-# define SSL_OP_TLS_D5_BUG                               0x00000100L
-# define SSL_OP_TLS_BLOCK_PADDING_BUG                    0x00000200L
-
-/* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */
-# define SSL_OP_MSIE_SSLV2_RSA_PADDING                   0x0
-/* Refers to ancient SSLREF and SSLv2, retained for compatibility */
-# define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG              0x0
-
-/*
- * Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added in
- * OpenSSL 0.9.6d.  Usually (depending on the application protocol) the
- * workaround is not needed.  Unfortunately some broken SSL/TLS
- * implementations cannot handle it at all, which is why we include it in
- * SSL_OP_ALL.
- */
-/* added in 0.9.6e */
-# define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS              0x00000800L
-
-/*
- * SSL_OP_ALL: various bug workarounds that should be rather harmless.  This
- * used to be 0x000FFFFFL before 0.9.7.
- */
-# define SSL_OP_ALL                                      0x80000BFFL
-
-/* DTLS options */
-# define SSL_OP_NO_QUERY_MTU                 0x00001000L
-/* Turn on Cookie Exchange (on relevant for servers) */
-# define SSL_OP_COOKIE_EXCHANGE              0x00002000L
-/* Don't use RFC4507 ticket extension */
-# define SSL_OP_NO_TICKET                    0x00004000L
-/* Use Cisco's "speshul" version of DTLS_BAD_VER (as client)  */
-# define SSL_OP_CISCO_ANYCONNECT             0x00008000L
-
-/* As server, disallow session resumption on renegotiation */
-# define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION   0x00010000L
-/* Don't use compression even if supported */
-# define SSL_OP_NO_COMPRESSION                           0x00020000L
-/* Permit unsafe legacy renegotiation */
-# define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION        0x00040000L
-/* If set, always create a new key when using tmp_ecdh parameters */
-# define SSL_OP_SINGLE_ECDH_USE                          0x00080000L
-/* Does nothing: retained for compatibility */
-# define SSL_OP_SINGLE_DH_USE                            0x00100000L
-/* Does nothing: retained for compatibiity */
-# define SSL_OP_EPHEMERAL_RSA                            0x0
-/*
- * Set on servers to choose the cipher according to the server's preferences
- */
-# define SSL_OP_CIPHER_SERVER_PREFERENCE                 0x00400000L
-/*
- * If set, a server will allow a client to issue a SSLv3.0 version number as
- * latest version supported in the premaster secret, even when TLSv1.0
- * (version 3.1) was announced in the client hello. Normally this is
- * forbidden to prevent version rollback attacks.
- */
-# define SSL_OP_TLS_ROLLBACK_BUG                         0x00800000L
-
-# define SSL_OP_NO_SSLv2                                 0x01000000L
-# define SSL_OP_NO_SSLv3                                 0x02000000L
-# define SSL_OP_NO_TLSv1                                 0x04000000L
-# define SSL_OP_NO_TLSv1_2                               0x08000000L
-# define SSL_OP_NO_TLSv1_1                               0x10000000L
-
-# define SSL_OP_NO_DTLSv1                                0x04000000L
-# define SSL_OP_NO_DTLSv1_2                              0x08000000L
-
-# define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|\
-        SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2)
-
-/*
- * These next two were never actually used for anything since SSLeay zap so
- * we have some more flags.
- */
-/*
- * The next flag deliberately changes the ciphertest, this is a check for the
- * PKCS#1 attack
- */
-# define SSL_OP_PKCS1_CHECK_1                            0x0
-# define SSL_OP_PKCS1_CHECK_2                            0x0
-
-# define SSL_OP_NETSCAPE_CA_DN_BUG                       0x20000000L
-# define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG          0x40000000L
-/*
- * Make server add server-hello extension from early version of cryptopro
- * draft, when GOST ciphersuite is negotiated. Required for interoperability
- * with CryptoPro CSP 3.x
- */
-# define SSL_OP_CRYPTOPRO_TLSEXT_BUG                     0x80000000L
-
-/*
- * Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
- * when just a single record has been written):
- */
-# define SSL_MODE_ENABLE_PARTIAL_WRITE       0x00000001L
-/*
- * Make it possible to retry SSL_write() with changed buffer location (buffer
- * contents must stay the same!); this is not the default to avoid the
- * misconception that non-blocking SSL_write() behaves like non-blocking
- * write():
- */
-# define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L
-/*
- * Never bother the application with retries if the transport is blocking:
- */
-# define SSL_MODE_AUTO_RETRY 0x00000004L
-/* Don't attempt to automatically build certificate chain */
-# define SSL_MODE_NO_AUTO_CHAIN 0x00000008L
-/*
- * Save RAM by releasing read and write buffers when they're empty. (SSL3 and
- * TLS only.) "Released" buffers are put onto a free-list in the context or
- * just freed (depending on the context's setting for freelist_max_len).
- */
-# define SSL_MODE_RELEASE_BUFFERS 0x00000010L
-/*
- * Send the current time in the Random fields of the ClientHello and
- * ServerHello records for compatibility with hypothetical implementations
- * that require it.
- */
-# define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L
-# define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L
-/*
- * Send TLS_FALLBACK_SCSV in the ClientHello. To be set only by applications
- * that reconnect with a downgraded protocol version; see
- * draft-ietf-tls-downgrade-scsv-00 for details. DO NOT ENABLE THIS if your
- * application attempts a normal handshake. Only use this in explicit
- * fallback retries, following the guidance in
- * draft-ietf-tls-downgrade-scsv-00.
- */
-# define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L
-
-/* Cert related flags */
-/*
- * Many implementations ignore some aspects of the TLS standards such as
- * enforcing certifcate chain algorithms. When this is set we enforce them.
- */
-# define SSL_CERT_FLAG_TLS_STRICT                0x00000001L
-
-/* Suite B modes, takes same values as certificate verify flags */
-# define SSL_CERT_FLAG_SUITEB_128_LOS_ONLY       0x10000
-/* Suite B 192 bit only mode */
-# define SSL_CERT_FLAG_SUITEB_192_LOS            0x20000
-/* Suite B 128 bit mode allowing 192 bit algorithms */
-# define SSL_CERT_FLAG_SUITEB_128_LOS            0x30000
-
-/* Perform all sorts of protocol violations for testing purposes */
-# define SSL_CERT_FLAG_BROKEN_PROTOCOL           0x10000000
-
-/* Flags for building certificate chains */
-/* Treat any existing certificates as untrusted CAs */
-# define SSL_BUILD_CHAIN_FLAG_UNTRUSTED          0x1
-/* Don't include root CA in chain */
-# define SSL_BUILD_CHAIN_FLAG_NO_ROOT            0x2
-/* Just check certificates already there */
-# define SSL_BUILD_CHAIN_FLAG_CHECK              0x4
-/* Ignore verification errors */
-# define SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR       0x8
-/* Clear verification errors from queue */
-# define SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR        0x10
-
-/* Flags returned by SSL_check_chain */
-/* Certificate can be used with this session */
-# define CERT_PKEY_VALID         0x1
-/* Certificate can also be used for signing */
-# define CERT_PKEY_SIGN          0x2
-/* EE certificate signing algorithm OK */
-# define CERT_PKEY_EE_SIGNATURE  0x10
-/* CA signature algorithms OK */
-# define CERT_PKEY_CA_SIGNATURE  0x20
-/* EE certificate parameters OK */
-# define CERT_PKEY_EE_PARAM      0x40
-/* CA certificate parameters OK */
-# define CERT_PKEY_CA_PARAM      0x80
-/* Signing explicitly allowed as opposed to SHA1 fallback */
-# define CERT_PKEY_EXPLICIT_SIGN 0x100
-/* Client CA issuer names match (always set for server cert) */
-# define CERT_PKEY_ISSUER_NAME   0x200
-/* Cert type matches client types (always set for server cert) */
-# define CERT_PKEY_CERT_TYPE     0x400
-/* Cert chain suitable to Suite B */
-# define CERT_PKEY_SUITEB        0x800
-
-# define SSL_CONF_FLAG_CMDLINE           0x1
-# define SSL_CONF_FLAG_FILE              0x2
-# define SSL_CONF_FLAG_CLIENT            0x4
-# define SSL_CONF_FLAG_SERVER            0x8
-# define SSL_CONF_FLAG_SHOW_ERRORS       0x10
-# define SSL_CONF_FLAG_CERTIFICATE       0x20
-/* Configuration value types */
-# define SSL_CONF_TYPE_UNKNOWN           0x0
-# define SSL_CONF_TYPE_STRING            0x1
-# define SSL_CONF_TYPE_FILE              0x2
-# define SSL_CONF_TYPE_DIR               0x3
-
-/*
- * Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, they
- * cannot be used to clear bits.
- */
-
-# define SSL_CTX_set_options(ctx,op) \
-        SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL)
-# define SSL_CTX_clear_options(ctx,op) \
-        SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
-# define SSL_CTX_get_options(ctx) \
-        SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL)
-# define SSL_set_options(ssl,op) \
-        SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL)
-# define SSL_clear_options(ssl,op) \
-        SSL_ctrl((ssl),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
-# define SSL_get_options(ssl) \
-        SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL)
-
-# define SSL_CTX_set_mode(ctx,op) \
-        SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL)
-# define SSL_CTX_clear_mode(ctx,op) \
-        SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL)
-# define SSL_CTX_get_mode(ctx) \
-        SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL)
-# define SSL_clear_mode(ssl,op) \
-        SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL)
-# define SSL_set_mode(ssl,op) \
-        SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL)
-# define SSL_get_mode(ssl) \
-        SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL)
-# define SSL_set_mtu(ssl, mtu) \
-        SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL)
-# define DTLS_set_link_mtu(ssl, mtu) \
-        SSL_ctrl((ssl),DTLS_CTRL_SET_LINK_MTU,(mtu),NULL)
-# define DTLS_get_link_min_mtu(ssl) \
-        SSL_ctrl((ssl),DTLS_CTRL_GET_LINK_MIN_MTU,0,NULL)
-
-# define SSL_get_secure_renegotiation_support(ssl) \
-        SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL)
-
-# ifndef OPENSSL_NO_HEARTBEATS
-#  define SSL_heartbeat(ssl) \
-        SSL_ctrl((ssl),SSL_CTRL_TLS_EXT_SEND_HEARTBEAT,0,NULL)
-# endif
-
-# define SSL_CTX_set_cert_flags(ctx,op) \
-        SSL_CTX_ctrl((ctx),SSL_CTRL_CERT_FLAGS,(op),NULL)
-# define SSL_set_cert_flags(s,op) \
-        SSL_ctrl((s),SSL_CTRL_CERT_FLAGS,(op),NULL)
-# define SSL_CTX_clear_cert_flags(ctx,op) \
-        SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_CERT_FLAGS,(op),NULL)
-# define SSL_clear_cert_flags(s,op) \
-        SSL_ctrl((s),SSL_CTRL_CLEAR_CERT_FLAGS,(op),NULL)
-
-void SSL_CTX_set_msg_callback(SSL_CTX *ctx,
-                              void (*cb) (int write_p, int version,
-                                          int content_type, const void *buf,
-                                          size_t len, SSL *ssl, void *arg));
-void SSL_set_msg_callback(SSL *ssl,
-                          void (*cb) (int write_p, int version,
-                                      int content_type, const void *buf,
-                                      size_t len, SSL *ssl, void *arg));
-# define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
-# define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
-
-# ifndef OPENSSL_NO_SRP
-
-#  ifndef OPENSSL_NO_SSL_INTERN
-
-typedef struct srp_ctx_st {
-    /* param for all the callbacks */
-    void *SRP_cb_arg;
-    /* set client Hello login callback */
-    int (*TLS_ext_srp_username_callback) (SSL *, int *, void *);
-    /* set SRP N/g param callback for verification */
-    int (*SRP_verify_param_callback) (SSL *, void *);
-    /* set SRP client passwd callback */
-    char *(*SRP_give_srp_client_pwd_callback) (SSL *, void *);
-    char *login;
-    BIGNUM *N, *g, *s, *B, *A;
-    BIGNUM *a, *b, *v;
-    char *info;
-    int strength;
-    unsigned long srp_Mask;
-} SRP_CTX;
-
-#  endif
-
-/* see tls_srp.c */
-int SSL_SRP_CTX_init(SSL *s);
-int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx);
-int SSL_SRP_CTX_free(SSL *ctx);
-int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx);
-int SSL_srp_server_param_with_username(SSL *s, int *ad);
-int SRP_generate_server_master_secret(SSL *s, unsigned char *master_key);
-int SRP_Calc_A_param(SSL *s);
-int SRP_generate_client_master_secret(SSL *s, unsigned char *master_key);
-
-# endif
-
-# if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)
-#  define SSL_MAX_CERT_LIST_DEFAULT 1024*30
-                                          /* 30k max cert list :-) */
-# else
-#  define SSL_MAX_CERT_LIST_DEFAULT 1024*100
-                                           /* 100k max cert list :-) */
-# endif
-
-# define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT      (1024*20)
-
-/*
- * This callback type is used inside SSL_CTX, SSL, and in the functions that
- * set them. It is used to override the generation of SSL/TLS session IDs in
- * a server. Return value should be zero on an error, non-zero to proceed.
- * Also, callbacks should themselves check if the id they generate is unique
- * otherwise the SSL handshake will fail with an error - callbacks can do
- * this using the 'ssl' value they're passed by;
- * SSL_has_matching_session_id(ssl, id, *id_len) The length value passed in
- * is set at the maximum size the session ID can be. In SSLv2 this is 16
- * bytes, whereas SSLv3/TLSv1 it is 32 bytes. The callback can alter this
- * length to be less if desired, but under SSLv2 session IDs are supposed to
- * be fixed at 16 bytes so the id will be padded after the callback returns
- * in this case. It is also an error for the callback to set the size to
- * zero.
- */
-typedef int (*GEN_SESSION_CB) (const SSL *ssl, unsigned char *id,
-                               unsigned int *id_len);
-
-typedef struct ssl_comp_st SSL_COMP;
-
-# ifndef OPENSSL_NO_SSL_INTERN
-
-struct ssl_comp_st {
-    int id;
-    const char *name;
-#  ifndef OPENSSL_NO_COMP
-    COMP_METHOD *method;
-#  else
-    char *method;
-#  endif
-};
-
-DECLARE_STACK_OF(SSL_COMP)
-DECLARE_LHASH_OF(SSL_SESSION);
-
-struct ssl_ctx_st {
-    const SSL_METHOD *method;
-    STACK_OF(SSL_CIPHER) *cipher_list;
-    /* same as above but sorted for lookup */
-    STACK_OF(SSL_CIPHER) *cipher_list_by_id;
-    struct x509_store_st /* X509_STORE */ *cert_store;
-    LHASH_OF(SSL_SESSION) *sessions;
-    /*
-     * Most session-ids that will be cached, default is
-     * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited.
-     */
-    unsigned long session_cache_size;
-    struct ssl_session_st *session_cache_head;
-    struct ssl_session_st *session_cache_tail;
-    /*
-     * This can have one of 2 values, ored together, SSL_SESS_CACHE_CLIENT,
-     * SSL_SESS_CACHE_SERVER, Default is SSL_SESSION_CACHE_SERVER, which
-     * means only SSL_accept which cache SSL_SESSIONS.
-     */
-    int session_cache_mode;
-    /*
-     * If timeout is not 0, it is the default timeout value set when
-     * SSL_new() is called.  This has been put in to make life easier to set
-     * things up
-     */
-    long session_timeout;
-    /*
-     * If this callback is not null, it will be called each time a session id
-     * is added to the cache.  If this function returns 1, it means that the
-     * callback will do a SSL_SESSION_free() when it has finished using it.
-     * Otherwise, on 0, it means the callback has finished with it. If
-     * remove_session_cb is not null, it will be called when a session-id is
-     * removed from the cache.  After the call, OpenSSL will
-     * SSL_SESSION_free() it.
-     */
-    int (*new_session_cb) (struct ssl_st *ssl, SSL_SESSION *sess);
-    void (*remove_session_cb) (struct ssl_ctx_st *ctx, SSL_SESSION *sess);
-    SSL_SESSION *(*get_session_cb) (struct ssl_st *ssl,
-                                    unsigned char *data, int len, int *copy);
-    struct {
-        int sess_connect;       /* SSL new conn - started */
-        int sess_connect_renegotiate; /* SSL reneg - requested */
-        int sess_connect_good;  /* SSL new conne/reneg - finished */
-        int sess_accept;        /* SSL new accept - started */
-        int sess_accept_renegotiate; /* SSL reneg - requested */
-        int sess_accept_good;   /* SSL accept/reneg - finished */
-        int sess_miss;          /* session lookup misses */
-        int sess_timeout;       /* reuse attempt on timeouted session */
-        int sess_cache_full;    /* session removed due to full cache */
-        int sess_hit;           /* session reuse actually done */
-        int sess_cb_hit;        /* session-id that was not in the cache was
-                                 * passed back via the callback.  This
-                                 * indicates that the application is
-                                 * supplying session-id's from other
-                                 * processes - spooky :-) */
-    } stats;
-
-    int references;
-
-    /* if defined, these override the X509_verify_cert() calls */
-    int (*app_verify_callback) (X509_STORE_CTX *, void *);
-    void *app_verify_arg;
-    /*
-     * before OpenSSL 0.9.7, 'app_verify_arg' was ignored
-     * ('app_verify_callback' was called with just one argument)
-     */
-
-    /* Default password callback. */
-    pem_password_cb *default_passwd_callback;
-
-    /* Default password callback user data. */
-    void *default_passwd_callback_userdata;
-
-    /* get client cert callback */
-    int (*client_cert_cb) (SSL *ssl, X509 **x509, EVP_PKEY **pkey);
-
-    /* cookie generate callback */
-    int (*app_gen_cookie_cb) (SSL *ssl, unsigned char *cookie,
-                              unsigned int *cookie_len);
-
-    /* verify cookie callback */
-    int (*app_verify_cookie_cb) (SSL *ssl, unsigned char *cookie,
-                                 unsigned int cookie_len);
-
-    CRYPTO_EX_DATA ex_data;
-
-    const EVP_MD *rsa_md5;      /* For SSLv2 - name is 'ssl2-md5' */
-    const EVP_MD *md5;          /* For SSLv3/TLSv1 'ssl3-md5' */
-    const EVP_MD *sha1;         /* For SSLv3/TLSv1 'ssl3->sha1' */
-
-    STACK_OF(X509) *extra_certs;
-    STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */
-
-    /* Default values used when no per-SSL value is defined follow */
-
-    /* used if SSL's info_callback is NULL */
-    void (*info_callback) (const SSL *ssl, int type, int val);
-
-    /* what we put in client cert requests */
-    STACK_OF(X509_NAME) *client_CA;
-
-    /*
-     * Default values to use in SSL structures follow (these are copied by
-     * SSL_new)
-     */
-
-    unsigned long options;
-    unsigned long mode;
-    long max_cert_list;
-
-    struct cert_st /* CERT */ *cert;
-    int read_ahead;
-
-    /* callback that allows applications to peek at protocol messages */
-    void (*msg_callback) (int write_p, int version, int content_type,
-                          const void *buf, size_t len, SSL *ssl, void *arg);
-    void *msg_callback_arg;
-
-    int verify_mode;
-    unsigned int sid_ctx_length;
-    unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
-    /* called 'verify_callback' in the SSL */
-    int (*default_verify_callback) (int ok, X509_STORE_CTX *ctx);
-
-    /* Default generate session ID callback. */
-    GEN_SESSION_CB generate_session_id;
-
-    X509_VERIFY_PARAM *param;
-
-#  if 0
-    int purpose;                /* Purpose setting */
-    int trust;                  /* Trust setting */
-#  endif
-
-    int quiet_shutdown;
-
-    /*
-     * Maximum amount of data to send in one fragment. actual record size can
-     * be more than this due to padding and MAC overheads.
-     */
-    unsigned int max_send_fragment;
-
-#  ifndef OPENSSL_NO_ENGINE
-    /*
-     * Engine to pass requests for client certs to
-     */
-    ENGINE *client_cert_engine;
-#  endif
-
-#  ifndef OPENSSL_NO_TLSEXT
-    /* TLS extensions servername callback */
-    int (*tlsext_servername_callback) (SSL *, int *, void *);
-    void *tlsext_servername_arg;
-    /* RFC 4507 session ticket keys */
-    unsigned char tlsext_tick_key_name[16];
-    unsigned char tlsext_tick_hmac_key[16];
-    unsigned char tlsext_tick_aes_key[16];
-    /* Callback to support customisation of ticket key setting */
-    int (*tlsext_ticket_key_cb) (SSL *ssl,
-                                 unsigned char *name, unsigned char *iv,
-                                 EVP_CIPHER_CTX *ectx,
-                                 HMAC_CTX *hctx, int enc);
-
-    /* certificate status request info */
-    /* Callback for status request */
-    int (*tlsext_status_cb) (SSL *ssl, void *arg);
-    void *tlsext_status_arg;
-
-    /* draft-rescorla-tls-opaque-prf-input-00.txt information */
-    int (*tlsext_opaque_prf_input_callback) (SSL *, void *peerinput,
-                                             size_t len, void *arg);
-    void *tlsext_opaque_prf_input_callback_arg;
-#  endif
-
-#  ifndef OPENSSL_NO_PSK
-    char *psk_identity_hint;
-    unsigned int (*psk_client_callback) (SSL *ssl, const char *hint,
-                                         char *identity,
-                                         unsigned int max_identity_len,
-                                         unsigned char *psk,
-                                         unsigned int max_psk_len);
-    unsigned int (*psk_server_callback) (SSL *ssl, const char *identity,
-                                         unsigned char *psk,
-                                         unsigned int max_psk_len);
-#  endif
-
-#  ifndef OPENSSL_NO_BUF_FREELISTS
-#   define SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32
-    unsigned int freelist_max_len;
-    struct ssl3_buf_freelist_st *wbuf_freelist;
-    struct ssl3_buf_freelist_st *rbuf_freelist;
-#  endif
-#  ifndef OPENSSL_NO_SRP
-    SRP_CTX srp_ctx;            /* ctx for SRP authentication */
-#  endif
-
-#  ifndef OPENSSL_NO_TLSEXT
-
-#   ifndef OPENSSL_NO_NEXTPROTONEG
-    /* Next protocol negotiation information */
-    /* (for experimental NPN extension). */
-
-    /*
-     * For a server, this contains a callback function by which the set of
-     * advertised protocols can be provided.
-     */
-    int (*next_protos_advertised_cb) (SSL *s, const unsigned char **buf,
-                                      unsigned int *len, void *arg);
-    void *next_protos_advertised_cb_arg;
-    /*
-     * For a client, this contains a callback function that selects the next
-     * protocol from the list provided by the server.
-     */
-    int (*next_proto_select_cb) (SSL *s, unsigned char **out,
-                                 unsigned char *outlen,
-                                 const unsigned char *in,
-                                 unsigned int inlen, void *arg);
-    void *next_proto_select_cb_arg;
-#   endif
-    /* SRTP profiles we are willing to do from RFC 5764 */
-    STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
-
-    /*
-     * ALPN information (we are in the process of transitioning from NPN to
-     * ALPN.)
-     */
-
-    /*-
-     * For a server, this contains a callback function that allows the
-     * server to select the protocol for the connection.
-     *   out: on successful return, this must point to the raw protocol
-     *        name (without the length prefix).
-     *   outlen: on successful return, this contains the length of |*out|.
-     *   in: points to the client's list of supported protocols in
-     *       wire-format.
-     *   inlen: the length of |in|.
-     */
-    int (*alpn_select_cb) (SSL *s,
-                           const unsigned char **out,
-                           unsigned char *outlen,
-                           const unsigned char *in,
-                           unsigned int inlen, void *arg);
-    void *alpn_select_cb_arg;
-
-    /*
-     * For a client, this contains the list of supported protocols in wire
-     * format.
-     */
-    unsigned char *alpn_client_proto_list;
-    unsigned alpn_client_proto_list_len;
-
-#   ifndef OPENSSL_NO_EC
-    /* EC extension values inherited by SSL structure */
-    size_t tlsext_ecpointformatlist_length;
-    unsigned char *tlsext_ecpointformatlist;
-    size_t tlsext_ellipticcurvelist_length;
-    unsigned char *tlsext_ellipticcurvelist;
-#   endif                       /* OPENSSL_NO_EC */
-#  endif
-};
-
-# endif
-
-# define SSL_SESS_CACHE_OFF                      0x0000
-# define SSL_SESS_CACHE_CLIENT                   0x0001
-# define SSL_SESS_CACHE_SERVER                   0x0002
-# define SSL_SESS_CACHE_BOTH     (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)
-# define SSL_SESS_CACHE_NO_AUTO_CLEAR            0x0080
-/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */
-# define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP       0x0100
-# define SSL_SESS_CACHE_NO_INTERNAL_STORE        0x0200
-# define SSL_SESS_CACHE_NO_INTERNAL \
-        (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE)
-
-LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx);
-# define SSL_CTX_sess_number(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL)
-# define SSL_CTX_sess_connect(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL)
-# define SSL_CTX_sess_connect_good(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL)
-# define SSL_CTX_sess_connect_renegotiate(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL)
-# define SSL_CTX_sess_accept(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL)
-# define SSL_CTX_sess_accept_renegotiate(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL)
-# define SSL_CTX_sess_accept_good(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL)
-# define SSL_CTX_sess_hits(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL)
-# define SSL_CTX_sess_cb_hits(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL)
-# define SSL_CTX_sess_misses(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL)
-# define SSL_CTX_sess_timeouts(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL)
-# define SSL_CTX_sess_cache_full(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL)
-
-void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
-                             int (*new_session_cb) (struct ssl_st *ssl,
-                                                    SSL_SESSION *sess));
-int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)) (struct ssl_st *ssl,
-                                              SSL_SESSION *sess);
-void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
-                                void (*remove_session_cb) (struct ssl_ctx_st
-                                                           *ctx,
-                                                           SSL_SESSION
-                                                           *sess));
-void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (struct ssl_ctx_st *ctx,
-                                                  SSL_SESSION *sess);
-void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
-                             SSL_SESSION *(*get_session_cb) (struct ssl_st
-                                                             *ssl,
-                                                             unsigned char
-                                                             *data, int len,
-                                                             int *copy));
-SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (struct ssl_st *ssl,
-                                                       unsigned char *Data,
-                                                       int len, int *copy);
-void SSL_CTX_set_info_callback(SSL_CTX *ctx,
-                               void (*cb) (const SSL *ssl, int type,
-                                           int val));
-void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type,
-                                                 int val);
-void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
-                                int (*client_cert_cb) (SSL *ssl, X509 **x509,
-                                                       EVP_PKEY **pkey));
-int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx)) (SSL *ssl, X509 **x509,
-                                                 EVP_PKEY **pkey);
-# ifndef OPENSSL_NO_ENGINE
-int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
-# endif
-void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
-                                    int (*app_gen_cookie_cb) (SSL *ssl,
-                                                              unsigned char
-                                                              *cookie,
-                                                              unsigned int
-                                                              *cookie_len));
-void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
-                                  int (*app_verify_cookie_cb) (SSL *ssl,
-                                                               unsigned char
-                                                               *cookie,
-                                                               unsigned int
-                                                               cookie_len));
-# ifndef OPENSSL_NO_NEXTPROTONEG
-void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s,
-                                           int (*cb) (SSL *ssl,
-                                                      const unsigned char
-                                                      **out,
-                                                      unsigned int *outlen,
-                                                      void *arg), void *arg);
-void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s,
-                                      int (*cb) (SSL *ssl,
-                                                 unsigned char **out,
-                                                 unsigned char *outlen,
-                                                 const unsigned char *in,
-                                                 unsigned int inlen,
-                                                 void *arg), void *arg);
-void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
-                                    unsigned *len);
-# endif
-
-# ifndef OPENSSL_NO_TLSEXT
-int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
-                          const unsigned char *in, unsigned int inlen,
-                          const unsigned char *client,
-                          unsigned int client_len);
-# endif
-
-# define OPENSSL_NPN_UNSUPPORTED 0
-# define OPENSSL_NPN_NEGOTIATED  1
-# define OPENSSL_NPN_NO_OVERLAP  2
-
-int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
-                            unsigned protos_len);
-int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
-                        unsigned protos_len);
-void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
-                                int (*cb) (SSL *ssl,
-                                           const unsigned char **out,
-                                           unsigned char *outlen,
-                                           const unsigned char *in,
-                                           unsigned int inlen,
-                                           void *arg), void *arg);
-void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
-                            unsigned *len);
-
-# ifndef OPENSSL_NO_PSK
-/*
- * the maximum length of the buffer given to callbacks containing the
- * resulting identity/psk
- */
-#  define PSK_MAX_IDENTITY_LEN 128
-#  define PSK_MAX_PSK_LEN 256
-void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx,
-                                     unsigned int (*psk_client_callback) (SSL
-                                                                          *ssl,
-                                                                          const
-                                                                          char
-                                                                          *hint,
-                                                                          char
-                                                                          *identity,
-                                                                          unsigned
-                                                                          int
-                                                                          max_identity_len,
-                                                                          unsigned
-                                                                          char
-                                                                          *psk,
-                                                                          unsigned
-                                                                          int
-                                                                          max_psk_len));
-void SSL_set_psk_client_callback(SSL *ssl,
-                                 unsigned int (*psk_client_callback) (SSL
-                                                                      *ssl,
-                                                                      const
-                                                                      char
-                                                                      *hint,
-                                                                      char
-                                                                      *identity,
-                                                                      unsigned
-                                                                      int
-                                                                      max_identity_len,
-                                                                      unsigned
-                                                                      char
-                                                                      *psk,
-                                                                      unsigned
-                                                                      int
-                                                                      max_psk_len));
-void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx,
-                                     unsigned int (*psk_server_callback) (SSL
-                                                                          *ssl,
-                                                                          const
-                                                                          char
-                                                                          *identity,
-                                                                          unsigned
-                                                                          char
-                                                                          *psk,
-                                                                          unsigned
-                                                                          int
-                                                                          max_psk_len));
-void SSL_set_psk_server_callback(SSL *ssl,
-                                 unsigned int (*psk_server_callback) (SSL
-                                                                      *ssl,
-                                                                      const
-                                                                      char
-                                                                      *identity,
-                                                                      unsigned
-                                                                      char
-                                                                      *psk,
-                                                                      unsigned
-                                                                      int
-                                                                      max_psk_len));
-int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint);
-int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint);
-const char *SSL_get_psk_identity_hint(const SSL *s);
-const char *SSL_get_psk_identity(const SSL *s);
-# endif
-
-# ifndef OPENSSL_NO_TLSEXT
-/* Register callbacks to handle custom TLS Extensions for client or server. */
-
-int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
-                                  custom_ext_add_cb add_cb,
-                                  custom_ext_free_cb free_cb,
-                                  void *add_arg,
-                                  custom_ext_parse_cb parse_cb,
-                                  void *parse_arg);
-
-int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
-                                  custom_ext_add_cb add_cb,
-                                  custom_ext_free_cb free_cb,
-                                  void *add_arg,
-                                  custom_ext_parse_cb parse_cb,
-                                  void *parse_arg);
-
-int SSL_extension_supported(unsigned int ext_type);
-
-# endif
-
-# define SSL_NOTHING     1
-# define SSL_WRITING     2
-# define SSL_READING     3
-# define SSL_X509_LOOKUP 4
-
-/* These will only be used when doing non-blocking IO */
-# define SSL_want_nothing(s)     (SSL_want(s) == SSL_NOTHING)
-# define SSL_want_read(s)        (SSL_want(s) == SSL_READING)
-# define SSL_want_write(s)       (SSL_want(s) == SSL_WRITING)
-# define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP)
-
-# define SSL_MAC_FLAG_READ_MAC_STREAM 1
-# define SSL_MAC_FLAG_WRITE_MAC_STREAM 2
-
-# ifndef OPENSSL_NO_SSL_INTERN
-
-struct ssl_st {
-    /*
-     * protocol version (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION,
-     * DTLS1_VERSION)
-     */
-    int version;
-    /* SSL_ST_CONNECT or SSL_ST_ACCEPT */
-    int type;
-    /* SSLv3 */
-    const SSL_METHOD *method;
-    /*
-     * There are 2 BIO's even though they are normally both the same.  This
-     * is so data can be read and written to different handlers
-     */
-#  ifndef OPENSSL_NO_BIO
-    /* used by SSL_read */
-    BIO *rbio;
-    /* used by SSL_write */
-    BIO *wbio;
-    /* used during session-id reuse to concatenate messages */
-    BIO *bbio;
-#  else
-    /* used by SSL_read */
-    char *rbio;
-    /* used by SSL_write */
-    char *wbio;
-    char *bbio;
-#  endif
-    /*
-     * This holds a variable that indicates what we were doing when a 0 or -1
-     * is returned.  This is needed for non-blocking IO so we know what
-     * request needs re-doing when in SSL_accept or SSL_connect
-     */
-    int rwstate;
-    /* true when we are actually in SSL_accept() or SSL_connect() */
-    int in_handshake;
-    int (*handshake_func) (SSL *);
-    /*
-     * Imagine that here's a boolean member "init" that is switched as soon
-     * as SSL_set_{accept/connect}_state is called for the first time, so
-     * that "state" and "handshake_func" are properly initialized.  But as
-     * handshake_func is == 0 until then, we use this test instead of an
-     * "init" member.
-     */
-    /* are we the server side? - mostly used by SSL_clear */
-    int server;
-    /*
-     * Generate a new session or reuse an old one.
-     * NB: For servers, the 'new' session may actually be a previously
-     * cached session or even the previous session unless
-     * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set
-     */
-    int new_session;
-    /* don't send shutdown packets */
-    int quiet_shutdown;
-    /* we have shut things down, 0x01 sent, 0x02 for received */
-    int shutdown;
-    /* where we are */
-    int state;
-    /* where we are when reading */
-    int rstate;
-    BUF_MEM *init_buf;          /* buffer used during init */
-    void *init_msg;             /* pointer to handshake message body, set by
-                                 * ssl3_get_message() */
-    int init_num;               /* amount read/written */
-    int init_off;               /* amount read/written */
-    /* used internally to point at a raw packet */
-    unsigned char *packet;
-    unsigned int packet_length;
-    struct ssl2_state_st *s2;   /* SSLv2 variables */
-    struct ssl3_state_st *s3;   /* SSLv3 variables */
-    struct dtls1_state_st *d1;  /* DTLSv1 variables */
-    int read_ahead;             /* Read as many input bytes as possible (for
-                                 * non-blocking reads) */
-    /* callback that allows applications to peek at protocol messages */
-    void (*msg_callback) (int write_p, int version, int content_type,
-                          const void *buf, size_t len, SSL *ssl, void *arg);
-    void *msg_callback_arg;
-    int hit;                    /* reusing a previous session */
-    X509_VERIFY_PARAM *param;
-#  if 0
-    int purpose;                /* Purpose setting */
-    int trust;                  /* Trust setting */
-#  endif
-    /* crypto */
-    STACK_OF(SSL_CIPHER) *cipher_list;
-    STACK_OF(SSL_CIPHER) *cipher_list_by_id;
-    /*
-     * These are the ones being used, the ones in SSL_SESSION are the ones to
-     * be 'copied' into these ones
-     */
-    int mac_flags;
-    EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */
-    EVP_MD_CTX *read_hash;      /* used for mac generation */
-#  ifndef OPENSSL_NO_COMP
-    COMP_CTX *expand;           /* uncompress */
-#  else
-    char *expand;
-#  endif
-    EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
-    EVP_MD_CTX *write_hash;     /* used for mac generation */
-#  ifndef OPENSSL_NO_COMP
-    COMP_CTX *compress;         /* compression */
-#  else
-    char *compress;
-#  endif
-    /* session info */
-    /* client cert? */
-    /* This is used to hold the server certificate used */
-    struct cert_st /* CERT */ *cert;
-    /*
-     * the session_id_context is used to ensure sessions are only reused in
-     * the appropriate context
-     */
-    unsigned int sid_ctx_length;
-    unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
-    /* This can also be in the session once a session is established */
-    SSL_SESSION *session;
-    /* Default generate session ID callback. */
-    GEN_SESSION_CB generate_session_id;
-    /* Used in SSL2 and SSL3 */
-    /*
-     * 0 don't care about verify failure.
-     * 1 fail if verify fails
-     */
-    int verify_mode;
-    /* fail if callback returns 0 */
-    int (*verify_callback) (int ok, X509_STORE_CTX *ctx);
-    /* optional informational callback */
-    void (*info_callback) (const SSL *ssl, int type, int val);
-    /* error bytes to be written */
-    int error;
-    /* actual code */
-    int error_code;
-#  ifndef OPENSSL_NO_KRB5
-    /* Kerberos 5 context */
-    KSSL_CTX *kssl_ctx;
-#  endif                        /* OPENSSL_NO_KRB5 */
-#  ifndef OPENSSL_NO_PSK
-    unsigned int (*psk_client_callback) (SSL *ssl, const char *hint,
-                                         char *identity,
-                                         unsigned int max_identity_len,
-                                         unsigned char *psk,
-                                         unsigned int max_psk_len);
-    unsigned int (*psk_server_callback) (SSL *ssl, const char *identity,
-                                         unsigned char *psk,
-                                         unsigned int max_psk_len);
-#  endif
-    SSL_CTX *ctx;
-    /*
-     * set this flag to 1 and a sleep(1) is put into all SSL_read() and
-     * SSL_write() calls, good for nbio debuging :-)
-     */
-    int debug;
-    /* extra application data */
-    long verify_result;
-    CRYPTO_EX_DATA ex_data;
-    /* for server side, keep the list of CA_dn we can use */
-    STACK_OF(X509_NAME) *client_CA;
-    int references;
-    /* protocol behaviour */
-    unsigned long options;
-    /* API behaviour */
-    unsigned long mode;
-    long max_cert_list;
-    int first_packet;
-    /* what was passed, used for SSLv3/TLS rollback check */
-    int client_version;
-    unsigned int max_send_fragment;
-#  ifndef OPENSSL_NO_TLSEXT
-    /* TLS extension debug callback */
-    void (*tlsext_debug_cb) (SSL *s, int client_server, int type,
-                             unsigned char *data, int len, void *arg);
-    void *tlsext_debug_arg;
-    char *tlsext_hostname;
-    /*-
-     * no further mod of servername
-     * 0 : call the servername extension callback.
-     * 1 : prepare 2, allow last ack just after in server callback.
-     * 2 : don't call servername callback, no ack in server hello
-     */
-    int servername_done;
-    /* certificate status request info */
-    /* Status type or -1 if no status type */
-    int tlsext_status_type;
-    /* Expect OCSP CertificateStatus message */
-    int tlsext_status_expected;
-    /* OCSP status request only */
-    STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids;
-    X509_EXTENSIONS *tlsext_ocsp_exts;
-    /* OCSP response received or to be sent */
-    unsigned char *tlsext_ocsp_resp;
-    int tlsext_ocsp_resplen;
-    /* RFC4507 session ticket expected to be received or sent */
-    int tlsext_ticket_expected;
-#   ifndef OPENSSL_NO_EC
-    size_t tlsext_ecpointformatlist_length;
-    /* our list */
-    unsigned char *tlsext_ecpointformatlist;
-    size_t tlsext_ellipticcurvelist_length;
-    /* our list */
-    unsigned char *tlsext_ellipticcurvelist;
-#   endif                       /* OPENSSL_NO_EC */
-    /*
-     * draft-rescorla-tls-opaque-prf-input-00.txt information to be used for
-     * handshakes
-     */
-    void *tlsext_opaque_prf_input;
-    size_t tlsext_opaque_prf_input_len;
-    /* TLS Session Ticket extension override */
-    TLS_SESSION_TICKET_EXT *tlsext_session_ticket;
-    /* TLS Session Ticket extension callback */
-    tls_session_ticket_ext_cb_fn tls_session_ticket_ext_cb;
-    void *tls_session_ticket_ext_cb_arg;
-    /* TLS pre-shared secret session resumption */
-    tls_session_secret_cb_fn tls_session_secret_cb;
-    void *tls_session_secret_cb_arg;
-    SSL_CTX *initial_ctx;       /* initial ctx, used to store sessions */
-#   ifndef OPENSSL_NO_NEXTPROTONEG
-    /*
-     * Next protocol negotiation. For the client, this is the protocol that
-     * we sent in NextProtocol and is set when handling ServerHello
-     * extensions. For a server, this is the client's selected_protocol from
-     * NextProtocol and is set when handling the NextProtocol message, before
-     * the Finished message.
-     */
-    unsigned char *next_proto_negotiated;
-    unsigned char next_proto_negotiated_len;
-#   endif
-#   define session_ctx initial_ctx
-    /* What we'll do */
-    STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
-    /* What's been chosen */
-    SRTP_PROTECTION_PROFILE *srtp_profile;
-        /*-
-         * Is use of the Heartbeat extension negotiated?
-         * 0: disabled
-         * 1: enabled
-         * 2: enabled, but not allowed to send Requests
-         */
-    unsigned int tlsext_heartbeat;
-    /* Indicates if a HeartbeatRequest is in flight */
-    unsigned int tlsext_hb_pending;
-    /* HeartbeatRequest sequence number */
-    unsigned int tlsext_hb_seq;
-#  else
-#   define session_ctx ctx
-#  endif                        /* OPENSSL_NO_TLSEXT */
-    /*-
-     * 1 if we are renegotiating.
-     * 2 if we are a server and are inside a handshake
-     * (i.e. not just sending a HelloRequest)
-     */
-    int renegotiate;
-#  ifndef OPENSSL_NO_SRP
-    /* ctx for SRP authentication */
-    SRP_CTX srp_ctx;
-#  endif
-#  ifndef OPENSSL_NO_TLSEXT
-    /*
-     * For a client, this contains the list of supported protocols in wire
-     * format.
-     */
-    unsigned char *alpn_client_proto_list;
-    unsigned alpn_client_proto_list_len;
-#  endif                        /* OPENSSL_NO_TLSEXT */
-};
-
-# endif
-
-#ifdef __cplusplus
-}
-#endif
-
-# include <openssl/ssl2.h>
-# include <openssl/ssl3.h>
-# include <openssl/tls1.h>      /* This is mostly sslv3 with a few tweaks */
-# include <openssl/dtls1.h>     /* Datagram TLS */
-# include <openssl/ssl23.h>
-# include <openssl/srtp.h>      /* Support for the use_srtp extension */
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* compatibility */
-# define SSL_set_app_data(s,arg)         (SSL_set_ex_data(s,0,(char *)arg))
-# define SSL_get_app_data(s)             (SSL_get_ex_data(s,0))
-# define SSL_SESSION_set_app_data(s,a)   (SSL_SESSION_set_ex_data(s,0,(char *)a))
-# define SSL_SESSION_get_app_data(s)     (SSL_SESSION_get_ex_data(s,0))
-# define SSL_CTX_get_app_data(ctx)       (SSL_CTX_get_ex_data(ctx,0))
-# define SSL_CTX_set_app_data(ctx,arg)   (SSL_CTX_set_ex_data(ctx,0,(char *)arg))
-
-/*
- * The following are the possible values for ssl->state are are used to
- * indicate where we are up to in the SSL connection establishment. The
- * macros that follow are about the only things you should need to use and
- * even then, only when using non-blocking IO. It can also be useful to work
- * out where you were when the connection failed
- */
-
-# define SSL_ST_CONNECT                  0x1000
-# define SSL_ST_ACCEPT                   0x2000
-# define SSL_ST_MASK                     0x0FFF
-# define SSL_ST_INIT                     (SSL_ST_CONNECT|SSL_ST_ACCEPT)
-# define SSL_ST_BEFORE                   0x4000
-# define SSL_ST_OK                       0x03
-# define SSL_ST_RENEGOTIATE              (0x04|SSL_ST_INIT)
-# define SSL_ST_ERR                      (0x05|SSL_ST_INIT)
-
-# define SSL_CB_LOOP                     0x01
-# define SSL_CB_EXIT                     0x02
-# define SSL_CB_READ                     0x04
-# define SSL_CB_WRITE                    0x08
-# define SSL_CB_ALERT                    0x4000/* used in callback */
-# define SSL_CB_READ_ALERT               (SSL_CB_ALERT|SSL_CB_READ)
-# define SSL_CB_WRITE_ALERT              (SSL_CB_ALERT|SSL_CB_WRITE)
-# define SSL_CB_ACCEPT_LOOP              (SSL_ST_ACCEPT|SSL_CB_LOOP)
-# define SSL_CB_ACCEPT_EXIT              (SSL_ST_ACCEPT|SSL_CB_EXIT)
-# define SSL_CB_CONNECT_LOOP             (SSL_ST_CONNECT|SSL_CB_LOOP)
-# define SSL_CB_CONNECT_EXIT             (SSL_ST_CONNECT|SSL_CB_EXIT)
-# define SSL_CB_HANDSHAKE_START          0x10
-# define SSL_CB_HANDSHAKE_DONE           0x20
-
-/* Is the SSL_connection established? */
-# define SSL_get_state(a)                SSL_state(a)
-# define SSL_is_init_finished(a)         (SSL_state(a) == SSL_ST_OK)
-# define SSL_in_init(a)                  (SSL_state(a)&SSL_ST_INIT)
-# define SSL_in_before(a)                (SSL_state(a)&SSL_ST_BEFORE)
-# define SSL_in_connect_init(a)          (SSL_state(a)&SSL_ST_CONNECT)
-# define SSL_in_accept_init(a)           (SSL_state(a)&SSL_ST_ACCEPT)
-
-/*
- * The following 2 states are kept in ssl->rstate when reads fail, you should
- * not need these
- */
-# define SSL_ST_READ_HEADER                      0xF0
-# define SSL_ST_READ_BODY                        0xF1
-# define SSL_ST_READ_DONE                        0xF2
-
-/*-
- * Obtain latest Finished message
- *   -- that we sent (SSL_get_finished)
- *   -- that we expected from peer (SSL_get_peer_finished).
- * Returns length (0 == no Finished so far), copies up to 'count' bytes.
- */
-size_t SSL_get_finished(const SSL *s, void *buf, size_t count);
-size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
-
-/*
- * use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options are
- * 'ored' with SSL_VERIFY_PEER if they are desired
- */
-# define SSL_VERIFY_NONE                 0x00
-# define SSL_VERIFY_PEER                 0x01
-# define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02
-# define SSL_VERIFY_CLIENT_ONCE          0x04
-
-# define OpenSSL_add_ssl_algorithms()    SSL_library_init()
-# define SSLeay_add_ssl_algorithms()     SSL_library_init()
-
-/* this is for backward compatibility */
-# if 0                          /* NEW_SSLEAY */
-#  define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c)
-#  define SSL_set_pref_cipher(c,n)        SSL_set_cipher_list(c,n)
-#  define SSL_add_session(a,b)            SSL_CTX_add_session((a),(b))
-#  define SSL_remove_session(a,b)         SSL_CTX_remove_session((a),(b))
-#  define SSL_flush_sessions(a,b)         SSL_CTX_flush_sessions((a),(b))
-# endif
-/* More backward compatibility */
-# define SSL_get_cipher(s) \
-                SSL_CIPHER_get_name(SSL_get_current_cipher(s))
-# define SSL_get_cipher_bits(s,np) \
-                SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np)
-# define SSL_get_cipher_version(s) \
-                SSL_CIPHER_get_version(SSL_get_current_cipher(s))
-# define SSL_get_cipher_name(s) \
-                SSL_CIPHER_get_name(SSL_get_current_cipher(s))
-# define SSL_get_time(a)         SSL_SESSION_get_time(a)
-# define SSL_set_time(a,b)       SSL_SESSION_set_time((a),(b))
-# define SSL_get_timeout(a)      SSL_SESSION_get_timeout(a)
-# define SSL_set_timeout(a,b)    SSL_SESSION_set_timeout((a),(b))
-
-# define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id)
-# define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id)
-
-DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
-# define SSL_AD_REASON_OFFSET            1000/* offset to get SSL_R_... value
-                                              * from SSL_AD_... */
-/* These alert types are for SSLv3 and TLSv1 */
-# define SSL_AD_CLOSE_NOTIFY             SSL3_AD_CLOSE_NOTIFY
-/* fatal */
-# define SSL_AD_UNEXPECTED_MESSAGE       SSL3_AD_UNEXPECTED_MESSAGE
-/* fatal */
-# define SSL_AD_BAD_RECORD_MAC           SSL3_AD_BAD_RECORD_MAC
-# define SSL_AD_DECRYPTION_FAILED        TLS1_AD_DECRYPTION_FAILED
-# define SSL_AD_RECORD_OVERFLOW          TLS1_AD_RECORD_OVERFLOW
-/* fatal */
-# define SSL_AD_DECOMPRESSION_FAILURE    SSL3_AD_DECOMPRESSION_FAILURE
-/* fatal */
-# define SSL_AD_HANDSHAKE_FAILURE        SSL3_AD_HANDSHAKE_FAILURE
-/* Not for TLS */
-# define SSL_AD_NO_CERTIFICATE           SSL3_AD_NO_CERTIFICATE
-# define SSL_AD_BAD_CERTIFICATE          SSL3_AD_BAD_CERTIFICATE
-# define SSL_AD_UNSUPPORTED_CERTIFICATE  SSL3_AD_UNSUPPORTED_CERTIFICATE
-# define SSL_AD_CERTIFICATE_REVOKED      SSL3_AD_CERTIFICATE_REVOKED
-# define SSL_AD_CERTIFICATE_EXPIRED      SSL3_AD_CERTIFICATE_EXPIRED
-# define SSL_AD_CERTIFICATE_UNKNOWN      SSL3_AD_CERTIFICATE_UNKNOWN
-/* fatal */
-# define SSL_AD_ILLEGAL_PARAMETER        SSL3_AD_ILLEGAL_PARAMETER
-/* fatal */
-# define SSL_AD_UNKNOWN_CA               TLS1_AD_UNKNOWN_CA
-/* fatal */
-# define SSL_AD_ACCESS_DENIED            TLS1_AD_ACCESS_DENIED
-/* fatal */
-# define SSL_AD_DECODE_ERROR             TLS1_AD_DECODE_ERROR
-# define SSL_AD_DECRYPT_ERROR            TLS1_AD_DECRYPT_ERROR
-/* fatal */
-# define SSL_AD_EXPORT_RESTRICTION       TLS1_AD_EXPORT_RESTRICTION
-/* fatal */
-# define SSL_AD_PROTOCOL_VERSION         TLS1_AD_PROTOCOL_VERSION
-/* fatal */
-# define SSL_AD_INSUFFICIENT_SECURITY    TLS1_AD_INSUFFICIENT_SECURITY
-/* fatal */
-# define SSL_AD_INTERNAL_ERROR           TLS1_AD_INTERNAL_ERROR
-# define SSL_AD_USER_CANCELLED           TLS1_AD_USER_CANCELLED
-# define SSL_AD_NO_RENEGOTIATION         TLS1_AD_NO_RENEGOTIATION
-# define SSL_AD_UNSUPPORTED_EXTENSION    TLS1_AD_UNSUPPORTED_EXTENSION
-# define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE
-# define SSL_AD_UNRECOGNIZED_NAME        TLS1_AD_UNRECOGNIZED_NAME
-# define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE
-# define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE
-/* fatal */
-# define SSL_AD_UNKNOWN_PSK_IDENTITY     TLS1_AD_UNKNOWN_PSK_IDENTITY
-/* fatal */
-# define SSL_AD_INAPPROPRIATE_FALLBACK   TLS1_AD_INAPPROPRIATE_FALLBACK
-# define SSL_ERROR_NONE                  0
-# define SSL_ERROR_SSL                   1
-# define SSL_ERROR_WANT_READ             2
-# define SSL_ERROR_WANT_WRITE            3
-# define SSL_ERROR_WANT_X509_LOOKUP      4
-# define SSL_ERROR_SYSCALL               5/* look at error stack/return
-                                           * value/errno */
-# define SSL_ERROR_ZERO_RETURN           6
-# define SSL_ERROR_WANT_CONNECT          7
-# define SSL_ERROR_WANT_ACCEPT           8
-# define SSL_CTRL_NEED_TMP_RSA                   1
-# define SSL_CTRL_SET_TMP_RSA                    2
-# define SSL_CTRL_SET_TMP_DH                     3
-# define SSL_CTRL_SET_TMP_ECDH                   4
-# define SSL_CTRL_SET_TMP_RSA_CB                 5
-# define SSL_CTRL_SET_TMP_DH_CB                  6
-# define SSL_CTRL_SET_TMP_ECDH_CB                7
-# define SSL_CTRL_GET_SESSION_REUSED             8
-# define SSL_CTRL_GET_CLIENT_CERT_REQUEST        9
-# define SSL_CTRL_GET_NUM_RENEGOTIATIONS         10
-# define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS       11
-# define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS       12
-# define SSL_CTRL_GET_FLAGS                      13
-# define SSL_CTRL_EXTRA_CHAIN_CERT               14
-# define SSL_CTRL_SET_MSG_CALLBACK               15
-# define SSL_CTRL_SET_MSG_CALLBACK_ARG           16
-/* only applies to datagram connections */
-# define SSL_CTRL_SET_MTU                17
-/* Stats */
-# define SSL_CTRL_SESS_NUMBER                    20
-# define SSL_CTRL_SESS_CONNECT                   21
-# define SSL_CTRL_SESS_CONNECT_GOOD              22
-# define SSL_CTRL_SESS_CONNECT_RENEGOTIATE       23
-# define SSL_CTRL_SESS_ACCEPT                    24
-# define SSL_CTRL_SESS_ACCEPT_GOOD               25
-# define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE        26
-# define SSL_CTRL_SESS_HIT                       27
-# define SSL_CTRL_SESS_CB_HIT                    28
-# define SSL_CTRL_SESS_MISSES                    29
-# define SSL_CTRL_SESS_TIMEOUTS                  30
-# define SSL_CTRL_SESS_CACHE_FULL                31
-# define SSL_CTRL_OPTIONS                        32
-# define SSL_CTRL_MODE                           33
-# define SSL_CTRL_GET_READ_AHEAD                 40
-# define SSL_CTRL_SET_READ_AHEAD                 41
-# define SSL_CTRL_SET_SESS_CACHE_SIZE            42
-# define SSL_CTRL_GET_SESS_CACHE_SIZE            43
-# define SSL_CTRL_SET_SESS_CACHE_MODE            44
-# define SSL_CTRL_GET_SESS_CACHE_MODE            45
-# define SSL_CTRL_GET_MAX_CERT_LIST              50
-# define SSL_CTRL_SET_MAX_CERT_LIST              51
-# define SSL_CTRL_SET_MAX_SEND_FRAGMENT          52
-/* see tls1.h for macros based on these */
-# ifndef OPENSSL_NO_TLSEXT
-#  define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB       53
-#  define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG      54
-#  define SSL_CTRL_SET_TLSEXT_HOSTNAME            55
-#  define SSL_CTRL_SET_TLSEXT_DEBUG_CB            56
-#  define SSL_CTRL_SET_TLSEXT_DEBUG_ARG           57
-#  define SSL_CTRL_GET_TLSEXT_TICKET_KEYS         58
-#  define SSL_CTRL_SET_TLSEXT_TICKET_KEYS         59
-#  define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT    60
-#  define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61
-#  define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62
-#  define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB       63
-#  define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG   64
-#  define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE     65
-#  define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS     66
-#  define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS     67
-#  define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS      68
-#  define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS      69
-#  define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP        70
-#  define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP        71
-#  define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB       72
-#  define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB    75
-#  define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB                76
-#  define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB             77
-#  define SSL_CTRL_SET_SRP_ARG            78
-#  define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME               79
-#  define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH               80
-#  define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD               81
-#  ifndef OPENSSL_NO_HEARTBEATS
-#   define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT                         85
-#   define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING          86
-#   define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS      87
-#  endif
-# endif                         /* OPENSSL_NO_TLSEXT */
-# define DTLS_CTRL_GET_TIMEOUT           73
-# define DTLS_CTRL_HANDLE_TIMEOUT        74
-# define DTLS_CTRL_LISTEN                        75
-# define SSL_CTRL_GET_RI_SUPPORT                 76
-# define SSL_CTRL_CLEAR_OPTIONS                  77
-# define SSL_CTRL_CLEAR_MODE                     78
-# define SSL_CTRL_GET_EXTRA_CHAIN_CERTS          82
-# define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS        83
-# define SSL_CTRL_CHAIN                          88
-# define SSL_CTRL_CHAIN_CERT                     89
-# define SSL_CTRL_GET_CURVES                     90
-# define SSL_CTRL_SET_CURVES                     91
-# define SSL_CTRL_SET_CURVES_LIST                92
-# define SSL_CTRL_GET_SHARED_CURVE               93
-# define SSL_CTRL_SET_ECDH_AUTO                  94
-# define SSL_CTRL_SET_SIGALGS                    97
-# define SSL_CTRL_SET_SIGALGS_LIST               98
-# define SSL_CTRL_CERT_FLAGS                     99
-# define SSL_CTRL_CLEAR_CERT_FLAGS               100
-# define SSL_CTRL_SET_CLIENT_SIGALGS             101
-# define SSL_CTRL_SET_CLIENT_SIGALGS_LIST        102
-# define SSL_CTRL_GET_CLIENT_CERT_TYPES          103
-# define SSL_CTRL_SET_CLIENT_CERT_TYPES          104
-# define SSL_CTRL_BUILD_CERT_CHAIN               105
-# define SSL_CTRL_SET_VERIFY_CERT_STORE          106
-# define SSL_CTRL_SET_CHAIN_CERT_STORE           107
-# define SSL_CTRL_GET_PEER_SIGNATURE_NID         108
-# define SSL_CTRL_GET_SERVER_TMP_KEY             109
-# define SSL_CTRL_GET_RAW_CIPHERLIST             110
-# define SSL_CTRL_GET_EC_POINT_FORMATS           111
-# define SSL_CTRL_GET_CHAIN_CERTS                115
-# define SSL_CTRL_SELECT_CURRENT_CERT            116
-# define SSL_CTRL_SET_CURRENT_CERT               117
-# define SSL_CTRL_CHECK_PROTO_VERSION            119
-# define DTLS_CTRL_SET_LINK_MTU                  120
-# define DTLS_CTRL_GET_LINK_MIN_MTU              121
-# define SSL_CERT_SET_FIRST                      1
-# define SSL_CERT_SET_NEXT                       2
-# define SSL_CERT_SET_SERVER                     3
-# define DTLSv1_get_timeout(ssl, arg) \
-        SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
-# define DTLSv1_handle_timeout(ssl) \
-        SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL)
-# define DTLSv1_listen(ssl, peer) \
-        SSL_ctrl(ssl,DTLS_CTRL_LISTEN,0, (void *)peer)
-# define SSL_session_reused(ssl) \
-        SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL)
-# define SSL_num_renegotiations(ssl) \
-        SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL)
-# define SSL_clear_num_renegotiations(ssl) \
-        SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL)
-# define SSL_total_renegotiations(ssl) \
-        SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL)
-# define SSL_CTX_need_tmp_RSA(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL)
-# define SSL_CTX_set_tmp_rsa(ctx,rsa) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
-# define SSL_CTX_set_tmp_dh(ctx,dh) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
-# define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
-# define SSL_need_tmp_RSA(ssl) \
-        SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL)
-# define SSL_set_tmp_rsa(ssl,rsa) \
-        SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
-# define SSL_set_tmp_dh(ssl,dh) \
-        SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
-# define SSL_set_tmp_ecdh(ssl,ecdh) \
-        SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
-# define SSL_CTX_add_extra_chain_cert(ctx,x509) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
-# define SSL_CTX_get_extra_chain_certs(ctx,px509) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509)
-# define SSL_CTX_get_extra_chain_certs_only(ctx,px509) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,1,px509)
-# define SSL_CTX_clear_extra_chain_certs(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL)
-# define SSL_CTX_set0_chain(ctx,sk) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)sk)
-# define SSL_CTX_set1_chain(ctx,sk) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,1,(char *)sk)
-# define SSL_CTX_add0_chain_cert(ctx,x509) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,0,(char *)x509)
-# define SSL_CTX_add1_chain_cert(ctx,x509) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)x509)
-# define SSL_CTX_get0_chain_certs(ctx,px509) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERTS,0,px509)
-# define SSL_CTX_clear_chain_certs(ctx) \
-        SSL_CTX_set0_chain(ctx,NULL)
-# define SSL_CTX_build_cert_chain(ctx, flags) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL)
-# define SSL_CTX_select_current_cert(ctx,x509) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)x509)
-# define SSL_CTX_set_current_cert(ctx, op) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURRENT_CERT, op, NULL)
-# define SSL_CTX_set0_verify_cert_store(ctx,st) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)st)
-# define SSL_CTX_set1_verify_cert_store(ctx,st) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)st)
-# define SSL_CTX_set0_chain_cert_store(ctx,st) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)st)
-# define SSL_CTX_set1_chain_cert_store(ctx,st) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)st)
-# define SSL_set0_chain(ctx,sk) \
-        SSL_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)sk)
-# define SSL_set1_chain(ctx,sk) \
-        SSL_ctrl(ctx,SSL_CTRL_CHAIN,1,(char *)sk)
-# define SSL_add0_chain_cert(ctx,x509) \
-        SSL_ctrl(ctx,SSL_CTRL_CHAIN_CERT,0,(char *)x509)
-# define SSL_add1_chain_cert(ctx,x509) \
-        SSL_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)x509)
-# define SSL_get0_chain_certs(ctx,px509) \
-        SSL_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERTS,0,px509)
-# define SSL_clear_chain_certs(ctx) \
-        SSL_set0_chain(ctx,NULL)
-# define SSL_build_cert_chain(s, flags) \
-        SSL_ctrl(s,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL)
-# define SSL_select_current_cert(ctx,x509) \
-        SSL_ctrl(ctx,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)x509)
-# define SSL_set_current_cert(ctx,op) \
-        SSL_ctrl(ctx,SSL_CTRL_SET_CURRENT_CERT, op, NULL)
-# define SSL_set0_verify_cert_store(s,st) \
-        SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)st)
-# define SSL_set1_verify_cert_store(s,st) \
-        SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)st)
-# define SSL_set0_chain_cert_store(s,st) \
-        SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)st)
-# define SSL_set1_chain_cert_store(s,st) \
-        SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)st)
-# define SSL_get1_curves(ctx, s) \
-        SSL_ctrl(ctx,SSL_CTRL_GET_CURVES,0,(char *)s)
-# define SSL_CTX_set1_curves(ctx, clist, clistlen) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURVES,clistlen,(char *)clist)
-# define SSL_CTX_set1_curves_list(ctx, s) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURVES_LIST,0,(char *)s)
-# define SSL_set1_curves(ctx, clist, clistlen) \
-        SSL_ctrl(ctx,SSL_CTRL_SET_CURVES,clistlen,(char *)clist)
-# define SSL_set1_curves_list(ctx, s) \
-        SSL_ctrl(ctx,SSL_CTRL_SET_CURVES_LIST,0,(char *)s)
-# define SSL_get_shared_curve(s, n) \
-        SSL_ctrl(s,SSL_CTRL_GET_SHARED_CURVE,n,NULL)
-# define SSL_CTX_set_ecdh_auto(ctx, onoff) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_ECDH_AUTO,onoff,NULL)
-# define SSL_set_ecdh_auto(s, onoff) \
-        SSL_ctrl(s,SSL_CTRL_SET_ECDH_AUTO,onoff,NULL)
-# define SSL_CTX_set1_sigalgs(ctx, slist, slistlen) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)slist)
-# define SSL_CTX_set1_sigalgs_list(ctx, s) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)s)
-# define SSL_set1_sigalgs(ctx, slist, slistlen) \
-        SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)slist)
-# define SSL_set1_sigalgs_list(ctx, s) \
-        SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)s)
-# define SSL_CTX_set1_client_sigalgs(ctx, slist, slistlen) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,slistlen,(int *)slist)
-# define SSL_CTX_set1_client_sigalgs_list(ctx, s) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)s)
-# define SSL_set1_client_sigalgs(ctx, slist, slistlen) \
-        SSL_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,clistlen,(int *)slist)
-# define SSL_set1_client_sigalgs_list(ctx, s) \
-        SSL_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)s)
-# define SSL_get0_certificate_types(s, clist) \
-        SSL_ctrl(s, SSL_CTRL_GET_CLIENT_CERT_TYPES, 0, (char *)clist)
-# define SSL_CTX_set1_client_certificate_types(ctx, clist, clistlen) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen,(char *)clist)
-# define SSL_set1_client_certificate_types(s, clist, clistlen) \
-        SSL_ctrl(s,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen,(char *)clist)
-# define SSL_get_peer_signature_nid(s, pn) \
-        SSL_ctrl(s,SSL_CTRL_GET_PEER_SIGNATURE_NID,0,pn)
-# define SSL_get_server_tmp_key(s, pk) \
-        SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk)
-# define SSL_get0_raw_cipherlist(s, plst) \
-        SSL_ctrl(s,SSL_CTRL_GET_RAW_CIPHERLIST,0,(char *)plst)
-# define SSL_get0_ec_point_formats(s, plst) \
-        SSL_ctrl(s,SSL_CTRL_GET_EC_POINT_FORMATS,0,(char *)plst)
-# ifndef OPENSSL_NO_BIO
-BIO_METHOD *BIO_f_ssl(void);
-BIO *BIO_new_ssl(SSL_CTX *ctx, int client);
-BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
-BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
-int BIO_ssl_copy_session_id(BIO *to, BIO *from);
-void BIO_ssl_shutdown(BIO *ssl_bio);
-
-# endif
-
-int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str);
-SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
-void SSL_CTX_free(SSL_CTX *);
-long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
-long SSL_CTX_get_timeout(const SSL_CTX *ctx);
-X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
-void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *);
-int SSL_want(const SSL *s);
-int SSL_clear(SSL *s);
-
-void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm);
-
-const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
-int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits);
-char *SSL_CIPHER_get_version(const SSL_CIPHER *c);
-const char *SSL_CIPHER_get_name(const SSL_CIPHER *c);
-unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c);
-
-int SSL_get_fd(const SSL *s);
-int SSL_get_rfd(const SSL *s);
-int SSL_get_wfd(const SSL *s);
-const char *SSL_get_cipher_list(const SSL *s, int n);
-char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size);
-int SSL_get_read_ahead(const SSL *s);
-int SSL_pending(const SSL *s);
-# ifndef OPENSSL_NO_SOCK
-int SSL_set_fd(SSL *s, int fd);
-int SSL_set_rfd(SSL *s, int fd);
-int SSL_set_wfd(SSL *s, int fd);
-# endif
-# ifndef OPENSSL_NO_BIO
-void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio);
-BIO *SSL_get_rbio(const SSL *s);
-BIO *SSL_get_wbio(const SSL *s);
-# endif
-int SSL_set_cipher_list(SSL *s, const char *str);
-void SSL_set_read_ahead(SSL *s, int yes);
-int SSL_get_verify_mode(const SSL *s);
-int SSL_get_verify_depth(const SSL *s);
-int (*SSL_get_verify_callback(const SSL *s)) (int, X509_STORE_CTX *);
-void SSL_set_verify(SSL *s, int mode,
-                    int (*callback) (int ok, X509_STORE_CTX *ctx));
-void SSL_set_verify_depth(SSL *s, int depth);
-void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg);
-# ifndef OPENSSL_NO_RSA
-int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
-# endif
-int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
-int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
-int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d,
-                            long len);
-int SSL_use_certificate(SSL *ssl, X509 *x);
-int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len);
-
-# ifndef OPENSSL_NO_TLSEXT
-/* Set serverinfo data for the current active cert. */
-int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo,
-                           size_t serverinfo_length);
-#  ifndef OPENSSL_NO_STDIO
-int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file);
-#  endif                        /* NO_STDIO */
-
-# endif
-
-# ifndef OPENSSL_NO_STDIO
-int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
-int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
-int SSL_use_certificate_file(SSL *ssl, const char *file, int type);
-int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
-int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
-int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
-/* PEM type */
-int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file);
-STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
-int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
-                                        const char *file);
-#  ifndef OPENSSL_SYS_VMS
-/* XXXXX: Better scheme needed! [was: #ifndef MAC_OS_pre_X] */
-#   ifndef OPENSSL_SYS_MACINTOSH_CLASSIC
-int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
-                                       const char *dir);
-#   endif
-#  endif
-
-# endif
-
-void SSL_load_error_strings(void);
-const char *SSL_state_string(const SSL *s);
-const char *SSL_rstate_string(const SSL *s);
-const char *SSL_state_string_long(const SSL *s);
-const char *SSL_rstate_string_long(const SSL *s);
-long SSL_SESSION_get_time(const SSL_SESSION *s);
-long SSL_SESSION_set_time(SSL_SESSION *s, long t);
-long SSL_SESSION_get_timeout(const SSL_SESSION *s);
-long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
-void SSL_copy_session_id(SSL *to, const SSL *from);
-X509 *SSL_SESSION_get0_peer(SSL_SESSION *s);
-int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
-                                unsigned int sid_ctx_len);
-
-SSL_SESSION *SSL_SESSION_new(void);
-const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
-                                        unsigned int *len);
-unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s);
-# ifndef OPENSSL_NO_FP_API
-int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses);
-# endif
-# ifndef OPENSSL_NO_BIO
-int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses);
-# endif
-void SSL_SESSION_free(SSL_SESSION *ses);
-int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp);
-int SSL_set_session(SSL *to, SSL_SESSION *session);
-int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
-int SSL_CTX_remove_session(SSL_CTX *, SSL_SESSION *c);
-int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB);
-int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB);
-int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
-                                unsigned int id_len);
-SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
-                             long length);
-
-# ifdef HEADER_X509_H
-X509 *SSL_get_peer_certificate(const SSL *s);
-# endif
-
-STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s);
-
-int SSL_CTX_get_verify_mode(const SSL_CTX *ctx);
-int SSL_CTX_get_verify_depth(const SSL_CTX *ctx);
-int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx)) (int,
-                                                        X509_STORE_CTX *);
-void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
-                        int (*callback) (int, X509_STORE_CTX *));
-void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth);
-void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
-                                      int (*cb) (X509_STORE_CTX *, void *),
-                                      void *arg);
-void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg),
-                         void *arg);
-# ifndef OPENSSL_NO_RSA
-int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
-# endif
-int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d,
-                                   long len);
-int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
-int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx,
-                                const unsigned char *d, long len);
-int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
-int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len,
-                                 const unsigned char *d);
-
-void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
-void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
-
-int SSL_CTX_check_private_key(const SSL_CTX *ctx);
-int SSL_check_private_key(const SSL *ctx);
-
-int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
-                                   unsigned int sid_ctx_len);
-
-SSL *SSL_new(SSL_CTX *ctx);
-int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
-                               unsigned int sid_ctx_len);
-
-int SSL_CTX_set_purpose(SSL_CTX *s, int purpose);
-int SSL_set_purpose(SSL *s, int purpose);
-int SSL_CTX_set_trust(SSL_CTX *s, int trust);
-int SSL_set_trust(SSL *s, int trust);
-
-int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm);
-int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm);
-
-X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx);
-X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl);
-
-# ifndef OPENSSL_NO_SRP
-int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name);
-int SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password);
-int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength);
-int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx,
-                                        char *(*cb) (SSL *, void *));
-int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx,
-                                          int (*cb) (SSL *, void *));
-int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx,
-                                      int (*cb) (SSL *, int *, void *));
-int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg);
-
-int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g,
-                             BIGNUM *sa, BIGNUM *v, char *info);
-int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass,
-                                const char *grp);
-
-BIGNUM *SSL_get_srp_g(SSL *s);
-BIGNUM *SSL_get_srp_N(SSL *s);
-
-char *SSL_get_srp_username(SSL *s);
-char *SSL_get_srp_userinfo(SSL *s);
-# endif
-
-void SSL_certs_clear(SSL *s);
-void SSL_free(SSL *ssl);
-int SSL_accept(SSL *ssl);
-int SSL_connect(SSL *ssl);
-int SSL_read(SSL *ssl, void *buf, int num);
-int SSL_peek(SSL *ssl, void *buf, int num);
-int SSL_write(SSL *ssl, const void *buf, int num);
-long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg);
-long SSL_callback_ctrl(SSL *, int, void (*)(void));
-long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg);
-long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void));
-
-int SSL_get_error(const SSL *s, int ret_code);
-const char *SSL_get_version(const SSL *s);
-
-/* This sets the 'default' SSL version that SSL_new() will create */
-int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);
-
-# ifndef OPENSSL_NO_SSL2_METHOD
-const SSL_METHOD *SSLv2_method(void); /* SSLv2 */
-const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */
-const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */
-# endif
-
-# ifndef OPENSSL_NO_SSL3_METHOD
-const SSL_METHOD *SSLv3_method(void); /* SSLv3 */
-const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */
-const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */
-# endif
-
-const SSL_METHOD *SSLv23_method(void); /* Negotiate highest available SSL/TLS
-                                        * version */
-const SSL_METHOD *SSLv23_server_method(void); /* Negotiate highest available
-                                               * SSL/TLS version */
-const SSL_METHOD *SSLv23_client_method(void); /* Negotiate highest available
-                                               * SSL/TLS version */
-
-const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */
-const SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */
-const SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */
-
-const SSL_METHOD *TLSv1_1_method(void); /* TLSv1.1 */
-const SSL_METHOD *TLSv1_1_server_method(void); /* TLSv1.1 */
-const SSL_METHOD *TLSv1_1_client_method(void); /* TLSv1.1 */
-
-const SSL_METHOD *TLSv1_2_method(void); /* TLSv1.2 */
-const SSL_METHOD *TLSv1_2_server_method(void); /* TLSv1.2 */
-const SSL_METHOD *TLSv1_2_client_method(void); /* TLSv1.2 */
-
-const SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */
-const SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */
-const SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */
-
-const SSL_METHOD *DTLSv1_2_method(void); /* DTLSv1.2 */
-const SSL_METHOD *DTLSv1_2_server_method(void); /* DTLSv1.2 */
-const SSL_METHOD *DTLSv1_2_client_method(void); /* DTLSv1.2 */
-
-const SSL_METHOD *DTLS_method(void); /* DTLS 1.0 and 1.2 */
-const SSL_METHOD *DTLS_server_method(void); /* DTLS 1.0 and 1.2 */
-const SSL_METHOD *DTLS_client_method(void); /* DTLS 1.0 and 1.2 */
-
-STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s);
-
-int SSL_do_handshake(SSL *s);
-int SSL_renegotiate(SSL *s);
-int SSL_renegotiate_abbreviated(SSL *s);
-int SSL_renegotiate_pending(SSL *s);
-int SSL_shutdown(SSL *s);
-
-const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx);
-const SSL_METHOD *SSL_get_ssl_method(SSL *s);
-int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method);
-const char *SSL_alert_type_string_long(int value);
-const char *SSL_alert_type_string(int value);
-const char *SSL_alert_desc_string_long(int value);
-const char *SSL_alert_desc_string(int value);
-
-void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
-void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
-STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);
-STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s);
-int SSL_add_client_CA(SSL *ssl, X509 *x);
-int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x);
-
-void SSL_set_connect_state(SSL *s);
-void SSL_set_accept_state(SSL *s);
-
-long SSL_get_default_timeout(const SSL *s);
-
-int SSL_library_init(void);
-
-char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size);
-STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk);
-
-SSL *SSL_dup(SSL *ssl);
-
-X509 *SSL_get_certificate(const SSL *ssl);
-/*
- * EVP_PKEY
- */ struct evp_pkey_st *SSL_get_privatekey(const SSL *ssl);
-
-X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx);
-EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx);
-
-void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode);
-int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
-void SSL_set_quiet_shutdown(SSL *ssl, int mode);
-int SSL_get_quiet_shutdown(const SSL *ssl);
-void SSL_set_shutdown(SSL *ssl, int mode);
-int SSL_get_shutdown(const SSL *ssl);
-int SSL_version(const SSL *ssl);
-int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
-int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
-                                  const char *CApath);
-# define SSL_get0_session SSL_get_session/* just peek at pointer */
-SSL_SESSION *SSL_get_session(const SSL *ssl);
-SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */
-SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
-SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx);
-void SSL_set_info_callback(SSL *ssl,
-                           void (*cb) (const SSL *ssl, int type, int val));
-void (*SSL_get_info_callback(const SSL *ssl)) (const SSL *ssl, int type,
-                                               int val);
-int SSL_state(const SSL *ssl);
-void SSL_set_state(SSL *ssl, int state);
-
-void SSL_set_verify_result(SSL *ssl, long v);
-long SSL_get_verify_result(const SSL *ssl);
-
-int SSL_set_ex_data(SSL *ssl, int idx, void *data);
-void *SSL_get_ex_data(const SSL *ssl, int idx);
-int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-                         CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-
-int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data);
-void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss, int idx);
-int SSL_SESSION_get_ex_new_index(long argl, void *argp,
-                                 CRYPTO_EX_new *new_func,
-                                 CRYPTO_EX_dup *dup_func,
-                                 CRYPTO_EX_free *free_func);
-
-int SSL_CTX_set_ex_data(SSL_CTX *ssl, int idx, void *data);
-void *SSL_CTX_get_ex_data(const SSL_CTX *ssl, int idx);
-int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-                             CRYPTO_EX_dup *dup_func,
-                             CRYPTO_EX_free *free_func);
-
-int SSL_get_ex_data_X509_STORE_CTX_idx(void);
-
-# define SSL_CTX_sess_set_cache_size(ctx,t) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL)
-# define SSL_CTX_sess_get_cache_size(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL)
-# define SSL_CTX_set_session_cache_mode(ctx,m) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL)
-# define SSL_CTX_get_session_cache_mode(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL)
-
-# define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx)
-# define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m)
-# define SSL_CTX_get_read_ahead(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL)
-# define SSL_CTX_set_read_ahead(ctx,m) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL)
-# define SSL_CTX_get_max_cert_list(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
-# define SSL_CTX_set_max_cert_list(ctx,m) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
-# define SSL_get_max_cert_list(ssl) \
-        SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
-# define SSL_set_max_cert_list(ssl,m) \
-        SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
-
-# define SSL_CTX_set_max_send_fragment(ctx,m) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
-# define SSL_set_max_send_fragment(ssl,m) \
-        SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
-
-     /* NB: the keylength is only applicable when is_export is true */
-# ifndef OPENSSL_NO_RSA
-void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
-                                  RSA *(*cb) (SSL *ssl, int is_export,
-                                              int keylength));
-
-void SSL_set_tmp_rsa_callback(SSL *ssl,
-                              RSA *(*cb) (SSL *ssl, int is_export,
-                                          int keylength));
-# endif
-# ifndef OPENSSL_NO_DH
-void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
-                                 DH *(*dh) (SSL *ssl, int is_export,
-                                            int keylength));
-void SSL_set_tmp_dh_callback(SSL *ssl,
-                             DH *(*dh) (SSL *ssl, int is_export,
-                                        int keylength));
-# endif
-# ifndef OPENSSL_NO_ECDH
-void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,
-                                   EC_KEY *(*ecdh) (SSL *ssl, int is_export,
-                                                    int keylength));
-void SSL_set_tmp_ecdh_callback(SSL *ssl,
-                               EC_KEY *(*ecdh) (SSL *ssl, int is_export,
-                                                int keylength));
-# endif
-
-const COMP_METHOD *SSL_get_current_compression(SSL *s);
-const COMP_METHOD *SSL_get_current_expansion(SSL *s);
-const char *SSL_COMP_get_name(const COMP_METHOD *comp);
-STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
-STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP)
-                                                      *meths);
-void SSL_COMP_free_compression_methods(void);
-int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm);
-
-const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr);
-
-/* TLS extensions functions */
-int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len);
-
-int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
-                                  void *arg);
-
-/* Pre-shared secret session resumption functions */
-int SSL_set_session_secret_cb(SSL *s,
-                              tls_session_secret_cb_fn tls_session_secret_cb,
-                              void *arg);
-
-void SSL_set_debug(SSL *s, int debug);
-int SSL_cache_hit(SSL *s);
-int SSL_is_server(SSL *s);
-
-SSL_CONF_CTX *SSL_CONF_CTX_new(void);
-int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx);
-void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx);
-unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags);
-unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, unsigned int flags);
-int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *pre);
-
-void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl);
-void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx);
-
-int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value);
-int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv);
-int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd);
-
-# ifndef OPENSSL_NO_SSL_TRACE
-void SSL_trace(int write_p, int version, int content_type,
-               const void *buf, size_t len, SSL *ssl, void *arg);
-const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c);
-# endif
-
-# ifndef OPENSSL_NO_UNIT_TEST
-const struct openssl_ssl_test_functions *SSL_test_functions(void);
-# endif
-
-/* BEGIN ERROR CODES */
-/*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_SSL_strings(void);
-
-/* Error codes for the SSL functions. */
-
-/* Function codes. */
-# define SSL_F_CHECK_SUITEB_CIPHER_LIST                   331
-# define SSL_F_CLIENT_CERTIFICATE                         100
-# define SSL_F_CLIENT_FINISHED                            167
-# define SSL_F_CLIENT_HELLO                               101
-# define SSL_F_CLIENT_MASTER_KEY                          102
-# define SSL_F_D2I_SSL_SESSION                            103
-# define SSL_F_DO_DTLS1_WRITE                             245
-# define SSL_F_DO_SSL3_WRITE                              104
-# define SSL_F_DTLS1_ACCEPT                               246
-# define SSL_F_DTLS1_ADD_CERT_TO_BUF                      295
-# define SSL_F_DTLS1_BUFFER_RECORD                        247
-# define SSL_F_DTLS1_CHECK_TIMEOUT_NUM                    316
-# define SSL_F_DTLS1_CLIENT_HELLO                         248
-# define SSL_F_DTLS1_CONNECT                              249
-# define SSL_F_DTLS1_ENC                                  250
-# define SSL_F_DTLS1_GET_HELLO_VERIFY                     251
-# define SSL_F_DTLS1_GET_MESSAGE                          252
-# define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT                 253
-# define SSL_F_DTLS1_GET_RECORD                           254
-# define SSL_F_DTLS1_HANDLE_TIMEOUT                       297
-# define SSL_F_DTLS1_HEARTBEAT                            305
-# define SSL_F_DTLS1_OUTPUT_CERT_CHAIN                    255
-# define SSL_F_DTLS1_PREPROCESS_FRAGMENT                  288
-# define SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS             424
-# define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE           256
-# define SSL_F_DTLS1_PROCESS_RECORD                       257
-# define SSL_F_DTLS1_READ_BYTES                           258
-# define SSL_F_DTLS1_READ_FAILED                          259
-# define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST             260
-# define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE              261
-# define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE             262
-# define SSL_F_DTLS1_SEND_CLIENT_VERIFY                   263
-# define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST            264
-# define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE              265
-# define SSL_F_DTLS1_SEND_SERVER_HELLO                    266
-# define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE             267
-# define SSL_F_DTLS1_WRITE_APP_DATA_BYTES                 268
-# define SSL_F_GET_CLIENT_FINISHED                        105
-# define SSL_F_GET_CLIENT_HELLO                           106
-# define SSL_F_GET_CLIENT_MASTER_KEY                      107
-# define SSL_F_GET_SERVER_FINISHED                        108
-# define SSL_F_GET_SERVER_HELLO                           109
-# define SSL_F_GET_SERVER_STATIC_DH_KEY                   340
-# define SSL_F_GET_SERVER_VERIFY                          110
-# define SSL_F_I2D_SSL_SESSION                            111
-# define SSL_F_READ_N                                     112
-# define SSL_F_REQUEST_CERTIFICATE                        113
-# define SSL_F_SERVER_FINISH                              239
-# define SSL_F_SERVER_HELLO                               114
-# define SSL_F_SERVER_VERIFY                              240
-# define SSL_F_SSL23_ACCEPT                               115
-# define SSL_F_SSL23_CLIENT_HELLO                         116
-# define SSL_F_SSL23_CONNECT                              117
-# define SSL_F_SSL23_GET_CLIENT_HELLO                     118
-# define SSL_F_SSL23_GET_SERVER_HELLO                     119
-# define SSL_F_SSL23_PEEK                                 237
-# define SSL_F_SSL23_READ                                 120
-# define SSL_F_SSL23_WRITE                                121
-# define SSL_F_SSL2_ACCEPT                                122
-# define SSL_F_SSL2_CONNECT                               123
-# define SSL_F_SSL2_ENC_INIT                              124
-# define SSL_F_SSL2_GENERATE_KEY_MATERIAL                 241
-# define SSL_F_SSL2_PEEK                                  234
-# define SSL_F_SSL2_READ                                  125
-# define SSL_F_SSL2_READ_INTERNAL                         236
-# define SSL_F_SSL2_SET_CERTIFICATE                       126
-# define SSL_F_SSL2_WRITE                                 127
-# define SSL_F_SSL3_ACCEPT                                128
-# define SSL_F_SSL3_ADD_CERT_TO_BUF                       296
-# define SSL_F_SSL3_CALLBACK_CTRL                         233
-# define SSL_F_SSL3_CHANGE_CIPHER_STATE                   129
-# define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM              130
-# define SSL_F_SSL3_CHECK_CLIENT_HELLO                    304
-# define SSL_F_SSL3_CHECK_FINISHED                        339
-# define SSL_F_SSL3_CLIENT_HELLO                          131
-# define SSL_F_SSL3_CONNECT                               132
-# define SSL_F_SSL3_CTRL                                  213
-# define SSL_F_SSL3_CTX_CTRL                              133
-# define SSL_F_SSL3_DIGEST_CACHED_RECORDS                 293
-# define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC                 292
-# define SSL_F_SSL3_ENC                                   134
-# define SSL_F_SSL3_GENERATE_KEY_BLOCK                    238
-# define SSL_F_SSL3_GENERATE_MASTER_SECRET                388
-# define SSL_F_SSL3_GET_CERTIFICATE_REQUEST               135
-# define SSL_F_SSL3_GET_CERT_STATUS                       289
-# define SSL_F_SSL3_GET_CERT_VERIFY                       136
-# define SSL_F_SSL3_GET_CLIENT_CERTIFICATE                137
-# define SSL_F_SSL3_GET_CLIENT_HELLO                      138
-# define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE               139
-# define SSL_F_SSL3_GET_FINISHED                          140
-# define SSL_F_SSL3_GET_KEY_EXCHANGE                      141
-# define SSL_F_SSL3_GET_MESSAGE                           142
-# define SSL_F_SSL3_GET_NEW_SESSION_TICKET                283
-# define SSL_F_SSL3_GET_NEXT_PROTO                        306
-# define SSL_F_SSL3_GET_RECORD                            143
-# define SSL_F_SSL3_GET_SERVER_CERTIFICATE                144
-# define SSL_F_SSL3_GET_SERVER_DONE                       145
-# define SSL_F_SSL3_GET_SERVER_HELLO                      146
-# define SSL_F_SSL3_HANDSHAKE_MAC                         285
-# define SSL_F_SSL3_NEW_SESSION_TICKET                    287
-# define SSL_F_SSL3_OUTPUT_CERT_CHAIN                     147
-# define SSL_F_SSL3_PEEK                                  235
-# define SSL_F_SSL3_READ_BYTES                            148
-# define SSL_F_SSL3_READ_N                                149
-# define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST              150
-# define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE               151
-# define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE              152
-# define SSL_F_SSL3_SEND_CLIENT_VERIFY                    153
-# define SSL_F_SSL3_SEND_SERVER_CERTIFICATE               154
-# define SSL_F_SSL3_SEND_SERVER_HELLO                     242
-# define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE              155
-# define SSL_F_SSL3_SETUP_KEY_BLOCK                       157
-# define SSL_F_SSL3_SETUP_READ_BUFFER                     156
-# define SSL_F_SSL3_SETUP_WRITE_BUFFER                    291
-# define SSL_F_SSL3_WRITE_BYTES                           158
-# define SSL_F_SSL3_WRITE_PENDING                         159
-# define SSL_F_SSL_ADD_CERT_CHAIN                         318
-# define SSL_F_SSL_ADD_CERT_TO_BUF                        319
-# define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT        298
-# define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT                 277
-# define SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT           307
-# define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK         215
-# define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK        216
-# define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT        299
-# define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT                 278
-# define SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT           308
-# define SSL_F_SSL_BAD_METHOD                             160
-# define SSL_F_SSL_BUILD_CERT_CHAIN                       332
-# define SSL_F_SSL_BYTES_TO_CIPHER_LIST                   161
-# define SSL_F_SSL_CERT_DUP                               221
-# define SSL_F_SSL_CERT_INST                              222
-# define SSL_F_SSL_CERT_INSTANTIATE                       214
-# define SSL_F_SSL_CERT_NEW                               162
-# define SSL_F_SSL_CHECK_PRIVATE_KEY                      163
-# define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT               280
-# define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG            279
-# define SSL_F_SSL_CIPHER_PROCESS_RULESTR                 230
-# define SSL_F_SSL_CIPHER_STRENGTH_SORT                   231
-# define SSL_F_SSL_CLEAR                                  164
-# define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD            165
-# define SSL_F_SSL_CONF_CMD                               334
-# define SSL_F_SSL_CREATE_CIPHER_LIST                     166
-# define SSL_F_SSL_CTRL                                   232
-# define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY                  168
-# define SSL_F_SSL_CTX_MAKE_PROFILES                      309
-# define SSL_F_SSL_CTX_NEW                                169
-# define SSL_F_SSL_CTX_SET_CIPHER_LIST                    269
-# define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE             290
-# define SSL_F_SSL_CTX_SET_PURPOSE                        226
-# define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT             219
-# define SSL_F_SSL_CTX_SET_SSL_VERSION                    170
-# define SSL_F_SSL_CTX_SET_TRUST                          229
-# define SSL_F_SSL_CTX_USE_CERTIFICATE                    171
-# define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1               172
-# define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE         220
-# define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE               173
-# define SSL_F_SSL_CTX_USE_PRIVATEKEY                     174
-# define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1                175
-# define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE                176
-# define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT              272
-# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY                  177
-# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1             178
-# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE             179
-# define SSL_F_SSL_CTX_USE_SERVERINFO                     336
-# define SSL_F_SSL_CTX_USE_SERVERINFO_FILE                337
-# define SSL_F_SSL_DO_HANDSHAKE                           180
-# define SSL_F_SSL_GET_NEW_SESSION                        181
-# define SSL_F_SSL_GET_PREV_SESSION                       217
-# define SSL_F_SSL_GET_SERVER_CERT_INDEX                  322
-# define SSL_F_SSL_GET_SERVER_SEND_CERT                   182
-# define SSL_F_SSL_GET_SERVER_SEND_PKEY                   317
-# define SSL_F_SSL_GET_SIGN_PKEY                          183
-# define SSL_F_SSL_INIT_WBIO_BUFFER                       184
-# define SSL_F_SSL_LOAD_CLIENT_CA_FILE                    185
-# define SSL_F_SSL_NEW                                    186
-# define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT      300
-# define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT               302
-# define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT         310
-# define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT      301
-# define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT               303
-# define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT         311
-# define SSL_F_SSL_PEEK                                   270
-# define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT             281
-# define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT             282
-# define SSL_F_SSL_READ                                   223
-# define SSL_F_SSL_RSA_PRIVATE_DECRYPT                    187
-# define SSL_F_SSL_RSA_PUBLIC_ENCRYPT                     188
-# define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT                320
-# define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT                321
-# define SSL_F_SSL_SESSION_DUP                            348
-# define SSL_F_SSL_SESSION_NEW                            189
-# define SSL_F_SSL_SESSION_PRINT_FP                       190
-# define SSL_F_SSL_SESSION_SET1_ID_CONTEXT                312
-# define SSL_F_SSL_SESS_CERT_NEW                          225
-# define SSL_F_SSL_SET_CERT                               191
-# define SSL_F_SSL_SET_CIPHER_LIST                        271
-# define SSL_F_SSL_SET_FD                                 192
-# define SSL_F_SSL_SET_PKEY                               193
-# define SSL_F_SSL_SET_PURPOSE                            227
-# define SSL_F_SSL_SET_RFD                                194
-# define SSL_F_SSL_SET_SESSION                            195
-# define SSL_F_SSL_SET_SESSION_ID_CONTEXT                 218
-# define SSL_F_SSL_SET_SESSION_TICKET_EXT                 294
-# define SSL_F_SSL_SET_TRUST                              228
-# define SSL_F_SSL_SET_WFD                                196
-# define SSL_F_SSL_SHUTDOWN                               224
-# define SSL_F_SSL_SRP_CTX_INIT                           313
-# define SSL_F_SSL_UNDEFINED_CONST_FUNCTION               243
-# define SSL_F_SSL_UNDEFINED_FUNCTION                     197
-# define SSL_F_SSL_UNDEFINED_VOID_FUNCTION                244
-# define SSL_F_SSL_USE_CERTIFICATE                        198
-# define SSL_F_SSL_USE_CERTIFICATE_ASN1                   199
-# define SSL_F_SSL_USE_CERTIFICATE_FILE                   200
-# define SSL_F_SSL_USE_PRIVATEKEY                         201
-# define SSL_F_SSL_USE_PRIVATEKEY_ASN1                    202
-# define SSL_F_SSL_USE_PRIVATEKEY_FILE                    203
-# define SSL_F_SSL_USE_PSK_IDENTITY_HINT                  273
-# define SSL_F_SSL_USE_RSAPRIVATEKEY                      204
-# define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1                 205
-# define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE                 206
-# define SSL_F_SSL_VERIFY_CERT_CHAIN                      207
-# define SSL_F_SSL_WRITE                                  208
-# define SSL_F_TLS12_CHECK_PEER_SIGALG                    333
-# define SSL_F_TLS1_CERT_VERIFY_MAC                       286
-# define SSL_F_TLS1_CHANGE_CIPHER_STATE                   209
-# define SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT              274
-# define SSL_F_TLS1_ENC                                   210
-# define SSL_F_TLS1_EXPORT_KEYING_MATERIAL                314
-# define SSL_F_TLS1_GET_CURVELIST                         338
-# define SSL_F_TLS1_HEARTBEAT                             315
-# define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT            275
-# define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT            276
-# define SSL_F_TLS1_PRF                                   284
-# define SSL_F_TLS1_SETUP_KEY_BLOCK                       211
-# define SSL_F_TLS1_SET_SERVER_SIGALGS                    335
-# define SSL_F_WRITE_PENDING                              212
-
-/* Reason codes. */
-# define SSL_R_APP_DATA_IN_HANDSHAKE                      100
-# define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
-# define SSL_R_BAD_ALERT_RECORD                           101
-# define SSL_R_BAD_AUTHENTICATION_TYPE                    102
-# define SSL_R_BAD_CHANGE_CIPHER_SPEC                     103
-# define SSL_R_BAD_CHECKSUM                               104
-# define SSL_R_BAD_DATA                                   390
-# define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK              106
-# define SSL_R_BAD_DECOMPRESSION                          107
-# define SSL_R_BAD_DH_G_LENGTH                            108
-# define SSL_R_BAD_DH_G_VALUE                             375
-# define SSL_R_BAD_DH_PUB_KEY_LENGTH                      109
-# define SSL_R_BAD_DH_PUB_KEY_VALUE                       393
-# define SSL_R_BAD_DH_P_LENGTH                            110
-# define SSL_R_BAD_DH_P_VALUE                             395
-# define SSL_R_BAD_DIGEST_LENGTH                          111
-# define SSL_R_BAD_DSA_SIGNATURE                          112
-# define SSL_R_BAD_ECC_CERT                               304
-# define SSL_R_BAD_ECDSA_SIGNATURE                        305
-# define SSL_R_BAD_ECPOINT                                306
-# define SSL_R_BAD_HANDSHAKE_LENGTH                       332
-# define SSL_R_BAD_HELLO_REQUEST                          105
-# define SSL_R_BAD_LENGTH                                 271
-# define SSL_R_BAD_MAC_DECODE                             113
-# define SSL_R_BAD_MAC_LENGTH                             333
-# define SSL_R_BAD_MESSAGE_TYPE                           114
-# define SSL_R_BAD_PACKET_LENGTH                          115
-# define SSL_R_BAD_PROTOCOL_VERSION_NUMBER                116
-# define SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH               316
-# define SSL_R_BAD_RESPONSE_ARGUMENT                      117
-# define SSL_R_BAD_RSA_DECRYPT                            118
-# define SSL_R_BAD_RSA_ENCRYPT                            119
-# define SSL_R_BAD_RSA_E_LENGTH                           120
-# define SSL_R_BAD_RSA_MODULUS_LENGTH                     121
-# define SSL_R_BAD_RSA_SIGNATURE                          122
-# define SSL_R_BAD_SIGNATURE                              123
-# define SSL_R_BAD_SRP_A_LENGTH                           347
-# define SSL_R_BAD_SRP_B_LENGTH                           348
-# define SSL_R_BAD_SRP_G_LENGTH                           349
-# define SSL_R_BAD_SRP_N_LENGTH                           350
-# define SSL_R_BAD_SRP_PARAMETERS                         371
-# define SSL_R_BAD_SRP_S_LENGTH                           351
-# define SSL_R_BAD_SRTP_MKI_VALUE                         352
-# define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST           353
-# define SSL_R_BAD_SSL_FILETYPE                           124
-# define SSL_R_BAD_SSL_SESSION_ID_LENGTH                  125
-# define SSL_R_BAD_STATE                                  126
-# define SSL_R_BAD_VALUE                                  384
-# define SSL_R_BAD_WRITE_RETRY                            127
-# define SSL_R_BIO_NOT_SET                                128
-# define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG                  129
-# define SSL_R_BN_LIB                                     130
-# define SSL_R_CA_DN_LENGTH_MISMATCH                      131
-# define SSL_R_CA_DN_TOO_LONG                             132
-# define SSL_R_CCS_RECEIVED_EARLY                         133
-# define SSL_R_CERTIFICATE_VERIFY_FAILED                  134
-# define SSL_R_CERT_CB_ERROR                              377
-# define SSL_R_CERT_LENGTH_MISMATCH                       135
-# define SSL_R_CHALLENGE_IS_DIFFERENT                     136
-# define SSL_R_CIPHER_CODE_WRONG_LENGTH                   137
-# define SSL_R_CIPHER_OR_HASH_UNAVAILABLE                 138
-# define SSL_R_CIPHER_TABLE_SRC_ERROR                     139
-# define SSL_R_CLIENTHELLO_TLSEXT                         226
-# define SSL_R_COMPRESSED_LENGTH_TOO_LONG                 140
-# define SSL_R_COMPRESSION_DISABLED                       343
-# define SSL_R_COMPRESSION_FAILURE                        141
-# define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE    307
-# define SSL_R_COMPRESSION_LIBRARY_ERROR                  142
-# define SSL_R_CONNECTION_ID_IS_DIFFERENT                 143
-# define SSL_R_CONNECTION_TYPE_NOT_SET                    144
-# define SSL_R_COOKIE_MISMATCH                            308
-# define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED              145
-# define SSL_R_DATA_LENGTH_TOO_LONG                       146
-# define SSL_R_DECRYPTION_FAILED                          147
-# define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC        281
-# define SSL_R_DH_KEY_TOO_SMALL                           372
-# define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG            148
-# define SSL_R_DIGEST_CHECK_FAILED                        149
-# define SSL_R_DTLS_MESSAGE_TOO_BIG                       334
-# define SSL_R_DUPLICATE_COMPRESSION_ID                   309
-# define SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT             317
-# define SSL_R_ECC_CERT_NOT_FOR_SIGNING                   318
-# define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE         322
-# define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE        323
-# define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE              374
-# define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER               310
-# define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST         354
-# define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                  150
-# define SSL_R_ERROR_GENERATING_TMP_RSA_KEY               282
-# define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              151
-# define SSL_R_EXCESSIVE_MESSAGE_SIZE                     152
-# define SSL_R_EXTRA_DATA_IN_MESSAGE                      153
-# define SSL_R_GOT_A_FIN_BEFORE_A_CCS                     154
-# define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS                355
-# define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION           356
-# define SSL_R_HTTPS_PROXY_REQUEST                        155
-# define SSL_R_HTTP_REQUEST                               156
-# define SSL_R_ILLEGAL_PADDING                            283
-# define SSL_R_ILLEGAL_SUITEB_DIGEST                      380
-# define SSL_R_INAPPROPRIATE_FALLBACK                     373
-# define SSL_R_INCONSISTENT_COMPRESSION                   340
-# define SSL_R_INVALID_CHALLENGE_LENGTH                   158
-# define SSL_R_INVALID_COMMAND                            280
-# define SSL_R_INVALID_COMPRESSION_ALGORITHM              341
-# define SSL_R_INVALID_NULL_CMD_NAME                      385
-# define SSL_R_INVALID_PURPOSE                            278
-# define SSL_R_INVALID_SERVERINFO_DATA                    388
-# define SSL_R_INVALID_SRP_USERNAME                       357
-# define SSL_R_INVALID_STATUS_RESPONSE                    328
-# define SSL_R_INVALID_TICKET_KEYS_LENGTH                 325
-# define SSL_R_INVALID_TRUST                              279
-# define SSL_R_KEY_ARG_TOO_LONG                           284
-# define SSL_R_KRB5                                       285
-# define SSL_R_KRB5_C_CC_PRINC                            286
-# define SSL_R_KRB5_C_GET_CRED                            287
-# define SSL_R_KRB5_C_INIT                                288
-# define SSL_R_KRB5_C_MK_REQ                              289
-# define SSL_R_KRB5_S_BAD_TICKET                          290
-# define SSL_R_KRB5_S_INIT                                291
-# define SSL_R_KRB5_S_RD_REQ                              292
-# define SSL_R_KRB5_S_TKT_EXPIRED                         293
-# define SSL_R_KRB5_S_TKT_NYV                             294
-# define SSL_R_KRB5_S_TKT_SKEW                            295
-# define SSL_R_LENGTH_MISMATCH                            159
-# define SSL_R_LENGTH_TOO_LONG                            404
-# define SSL_R_LENGTH_TOO_SHORT                           160
-# define SSL_R_LIBRARY_BUG                                274
-# define SSL_R_LIBRARY_HAS_NO_CIPHERS                     161
-# define SSL_R_MESSAGE_TOO_LONG                           296
-# define SSL_R_MISSING_DH_DSA_CERT                        162
-# define SSL_R_MISSING_DH_KEY                             163
-# define SSL_R_MISSING_DH_RSA_CERT                        164
-# define SSL_R_MISSING_DSA_SIGNING_CERT                   165
-# define SSL_R_MISSING_ECDH_CERT                          382
-# define SSL_R_MISSING_ECDSA_SIGNING_CERT                 381
-# define SSL_R_MISSING_EXPORT_TMP_DH_KEY                  166
-# define SSL_R_MISSING_EXPORT_TMP_RSA_KEY                 167
-# define SSL_R_MISSING_RSA_CERTIFICATE                    168
-# define SSL_R_MISSING_RSA_ENCRYPTING_CERT                169
-# define SSL_R_MISSING_RSA_SIGNING_CERT                   170
-# define SSL_R_MISSING_SRP_PARAM                          358
-# define SSL_R_MISSING_TMP_DH_KEY                         171
-# define SSL_R_MISSING_TMP_ECDH_KEY                       311
-# define SSL_R_MISSING_TMP_RSA_KEY                        172
-# define SSL_R_MISSING_TMP_RSA_PKEY                       173
-# define SSL_R_MISSING_VERIFY_MESSAGE                     174
-# define SSL_R_MULTIPLE_SGC_RESTARTS                      346
-# define SSL_R_NON_SSLV2_INITIAL_PACKET                   175
-# define SSL_R_NO_CERTIFICATES_RETURNED                   176
-# define SSL_R_NO_CERTIFICATE_ASSIGNED                    177
-# define SSL_R_NO_CERTIFICATE_RETURNED                    178
-# define SSL_R_NO_CERTIFICATE_SET                         179
-# define SSL_R_NO_CERTIFICATE_SPECIFIED                   180
-# define SSL_R_NO_CIPHERS_AVAILABLE                       181
-# define SSL_R_NO_CIPHERS_PASSED                          182
-# define SSL_R_NO_CIPHERS_SPECIFIED                       183
-# define SSL_R_NO_CIPHER_LIST                             184
-# define SSL_R_NO_CIPHER_MATCH                            185
-# define SSL_R_NO_CLIENT_CERT_METHOD                      331
-# define SSL_R_NO_CLIENT_CERT_RECEIVED                    186
-# define SSL_R_NO_COMPRESSION_SPECIFIED                   187
-# define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER           330
-# define SSL_R_NO_METHOD_SPECIFIED                        188
-# define SSL_R_NO_PEM_EXTENSIONS                          389
-# define SSL_R_NO_PRIVATEKEY                              189
-# define SSL_R_NO_PRIVATE_KEY_ASSIGNED                    190
-# define SSL_R_NO_PROTOCOLS_AVAILABLE                     191
-# define SSL_R_NO_PUBLICKEY                               192
-# define SSL_R_NO_RENEGOTIATION                           339
-# define SSL_R_NO_REQUIRED_DIGEST                         324
-# define SSL_R_NO_SHARED_CIPHER                           193
-# define SSL_R_NO_SHARED_SIGATURE_ALGORITHMS              376
-# define SSL_R_NO_SRTP_PROFILES                           359
-# define SSL_R_NO_VERIFY_CALLBACK                         194
-# define SSL_R_NULL_SSL_CTX                               195
-# define SSL_R_NULL_SSL_METHOD_PASSED                     196
-# define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED            197
-# define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344
-# define SSL_R_ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE       387
-# define SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE        379
-# define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE              297
-# define SSL_R_OPAQUE_PRF_INPUT_TOO_LONG                  327
-# define SSL_R_PACKET_LENGTH_TOO_LONG                     198
-# define SSL_R_PARSE_TLSEXT                               227
-# define SSL_R_PATH_TOO_LONG                              270
-# define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE          199
-# define SSL_R_PEER_ERROR                                 200
-# define SSL_R_PEER_ERROR_CERTIFICATE                     201
-# define SSL_R_PEER_ERROR_NO_CERTIFICATE                  202
-# define SSL_R_PEER_ERROR_NO_CIPHER                       203
-# define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE    204
-# define SSL_R_PEM_NAME_BAD_PREFIX                        391
-# define SSL_R_PEM_NAME_TOO_SHORT                         392
-# define SSL_R_PRE_MAC_LENGTH_TOO_LONG                    205
-# define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS          206
-# define SSL_R_PROTOCOL_IS_SHUTDOWN                       207
-# define SSL_R_PSK_IDENTITY_NOT_FOUND                     223
-# define SSL_R_PSK_NO_CLIENT_CB                           224
-# define SSL_R_PSK_NO_SERVER_CB                           225
-# define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR                   208
-# define SSL_R_PUBLIC_KEY_IS_NOT_RSA                      209
-# define SSL_R_PUBLIC_KEY_NOT_RSA                         210
-# define SSL_R_READ_BIO_NOT_SET                           211
-# define SSL_R_READ_TIMEOUT_EXPIRED                       312
-# define SSL_R_READ_WRONG_PACKET_TYPE                     212
-# define SSL_R_RECORD_LENGTH_MISMATCH                     213
-# define SSL_R_RECORD_TOO_LARGE                           214
-# define SSL_R_RECORD_TOO_SMALL                           298
-# define SSL_R_RENEGOTIATE_EXT_TOO_LONG                   335
-# define SSL_R_RENEGOTIATION_ENCODING_ERR                 336
-# define SSL_R_RENEGOTIATION_MISMATCH                     337
-# define SSL_R_REQUIRED_CIPHER_MISSING                    215
-# define SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING    342
-# define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO                 216
-# define SSL_R_REUSE_CERT_TYPE_NOT_ZERO                   217
-# define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO                 218
-# define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING           345
-# define SSL_R_SERVERHELLO_TLSEXT                         275
-# define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED           277
-# define SSL_R_SHORT_READ                                 219
-# define SSL_R_SHUTDOWN_WHILE_IN_INIT                     407
-# define SSL_R_SIGNATURE_ALGORITHMS_ERROR                 360
-# define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE      220
-# define SSL_R_SRP_A_CALC                                 361
-# define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES           362
-# define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG      363
-# define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE            364
-# define SSL_R_SSL23_DOING_SESSION_ID_REUSE               221
-# define SSL_R_SSL2_CONNECTION_ID_TOO_LONG                299
-# define SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT             321
-# define SSL_R_SSL3_EXT_INVALID_SERVERNAME                319
-# define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE           320
-# define SSL_R_SSL3_SESSION_ID_TOO_LONG                   300
-# define SSL_R_SSL3_SESSION_ID_TOO_SHORT                  222
-# define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE                1042
-# define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC                 1020
-# define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED            1045
-# define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED            1044
-# define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN            1046
-# define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE          1030
-# define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE              1040
-# define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER              1047
-# define SSL_R_SSLV3_ALERT_NO_CERTIFICATE                 1041
-# define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE             1010
-# define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE        1043
-# define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION         228
-# define SSL_R_SSL_HANDSHAKE_FAILURE                      229
-# define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS                 230
-# define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED             301
-# define SSL_R_SSL_SESSION_ID_CONFLICT                    302
-# define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG            273
-# define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH              303
-# define SSL_R_SSL_SESSION_ID_IS_DIFFERENT                231
-# define SSL_R_TLSV1_ALERT_ACCESS_DENIED                  1049
-# define SSL_R_TLSV1_ALERT_DECODE_ERROR                   1050
-# define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED              1021
-# define SSL_R_TLSV1_ALERT_DECRYPT_ERROR                  1051
-# define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION             1060
-# define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK         1086
-# define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY          1071
-# define SSL_R_TLSV1_ALERT_INTERNAL_ERROR                 1080
-# define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION               1100
-# define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION               1070
-# define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW                1022
-# define SSL_R_TLSV1_ALERT_UNKNOWN_CA                     1048
-# define SSL_R_TLSV1_ALERT_USER_CANCELLED                 1090
-# define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE           1114
-# define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE      1113
-# define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE             1111
-# define SSL_R_TLSV1_UNRECOGNIZED_NAME                    1112
-# define SSL_R_TLSV1_UNSUPPORTED_EXTENSION                1110
-# define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER       232
-# define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT           365
-# define SSL_R_TLS_HEARTBEAT_PENDING                      366
-# define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL                 367
-# define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST             157
-# define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
-# define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG    234
-# define SSL_R_TOO_MANY_WARN_ALERTS                       409
-# define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER            235
-# define SSL_R_UNABLE_TO_DECODE_DH_CERTS                  236
-# define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS                313
-# define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY               237
-# define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS               238
-# define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS             314
-# define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS       239
-# define SSL_R_UNABLE_TO_FIND_SSL_METHOD                  240
-# define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES           241
-# define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES           242
-# define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES          243
-# define SSL_R_UNEXPECTED_MESSAGE                         244
-# define SSL_R_UNEXPECTED_RECORD                          245
-# define SSL_R_UNINITIALIZED                              276
-# define SSL_R_UNKNOWN_ALERT_TYPE                         246
-# define SSL_R_UNKNOWN_CERTIFICATE_TYPE                   247
-# define SSL_R_UNKNOWN_CIPHER_RETURNED                    248
-# define SSL_R_UNKNOWN_CIPHER_TYPE                        249
-# define SSL_R_UNKNOWN_CMD_NAME                           386
-# define SSL_R_UNKNOWN_DIGEST                             368
-# define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE                  250
-# define SSL_R_UNKNOWN_PKEY_TYPE                          251
-# define SSL_R_UNKNOWN_PROTOCOL                           252
-# define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE                  253
-# define SSL_R_UNKNOWN_SSL_VERSION                        254
-# define SSL_R_UNKNOWN_STATE                              255
-# define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED       338
-# define SSL_R_UNSUPPORTED_CIPHER                         256
-# define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM          257
-# define SSL_R_UNSUPPORTED_DIGEST_TYPE                    326
-# define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE                 315
-# define SSL_R_UNSUPPORTED_PROTOCOL                       258
-# define SSL_R_UNSUPPORTED_SSL_VERSION                    259
-# define SSL_R_UNSUPPORTED_STATUS_TYPE                    329
-# define SSL_R_USE_SRTP_NOT_NEGOTIATED                    369
-# define SSL_R_WRITE_BIO_NOT_SET                          260
-# define SSL_R_WRONG_CERTIFICATE_TYPE                     383
-# define SSL_R_WRONG_CIPHER_RETURNED                      261
-# define SSL_R_WRONG_CURVE                                378
-# define SSL_R_WRONG_MESSAGE_TYPE                         262
-# define SSL_R_WRONG_NUMBER_OF_KEY_BITS                   263
-# define SSL_R_WRONG_SIGNATURE_LENGTH                     264
-# define SSL_R_WRONG_SIGNATURE_SIZE                       265
-# define SSL_R_WRONG_SIGNATURE_TYPE                       370
-# define SSL_R_WRONG_SSL_VERSION                          266
-# define SSL_R_WRONG_VERSION_NUMBER                       267
-# define SSL_R_X509_LIB                                   268
-# define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS           269
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/freebsd/crypto/openssl/ssl/ssl2.h b/freebsd/crypto/openssl/ssl/ssl2.h
deleted file mode 100644
index 03c7dd8c..00000000
--- a/freebsd/crypto/openssl/ssl/ssl2.h
+++ /dev/null
@@ -1,265 +0,0 @@
-/* ssl/ssl2.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_SSL2_H
-# define HEADER_SSL2_H
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* Protocol Version Codes */
-# define SSL2_VERSION            0x0002
-# define SSL2_VERSION_MAJOR      0x00
-# define SSL2_VERSION_MINOR      0x02
-/* #define SSL2_CLIENT_VERSION  0x0002 */
-/* #define SSL2_SERVER_VERSION  0x0002 */
-
-/* Protocol Message Codes */
-# define SSL2_MT_ERROR                   0
-# define SSL2_MT_CLIENT_HELLO            1
-# define SSL2_MT_CLIENT_MASTER_KEY       2
-# define SSL2_MT_CLIENT_FINISHED         3
-# define SSL2_MT_SERVER_HELLO            4
-# define SSL2_MT_SERVER_VERIFY           5
-# define SSL2_MT_SERVER_FINISHED         6
-# define SSL2_MT_REQUEST_CERTIFICATE     7
-# define SSL2_MT_CLIENT_CERTIFICATE      8
-
-/* Error Message Codes */
-# define SSL2_PE_UNDEFINED_ERROR         0x0000
-# define SSL2_PE_NO_CIPHER               0x0001
-# define SSL2_PE_NO_CERTIFICATE          0x0002
-# define SSL2_PE_BAD_CERTIFICATE         0x0004
-# define SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006
-
-/* Cipher Kind Values */
-# define SSL2_CK_NULL_WITH_MD5                   0x02000000/* v3 */
-# define SSL2_CK_RC4_128_WITH_MD5                0x02010080
-# define SSL2_CK_RC4_128_EXPORT40_WITH_MD5       0x02020080
-# define SSL2_CK_RC2_128_CBC_WITH_MD5            0x02030080
-# define SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5   0x02040080
-# define SSL2_CK_IDEA_128_CBC_WITH_MD5           0x02050080
-# define SSL2_CK_DES_64_CBC_WITH_MD5             0x02060040
-# define SSL2_CK_DES_64_CBC_WITH_SHA             0x02060140/* v3 */
-# define SSL2_CK_DES_192_EDE3_CBC_WITH_MD5       0x020700c0
-# define SSL2_CK_DES_192_EDE3_CBC_WITH_SHA       0x020701c0/* v3 */
-# define SSL2_CK_RC4_64_WITH_MD5                 0x02080080/* MS hack */
-
-# define SSL2_CK_DES_64_CFB64_WITH_MD5_1         0x02ff0800/* SSLeay */
-# define SSL2_CK_NULL                            0x02ff0810/* SSLeay */
-
-# define SSL2_TXT_DES_64_CFB64_WITH_MD5_1        "DES-CFB-M1"
-# define SSL2_TXT_NULL_WITH_MD5                  "NULL-MD5"
-# define SSL2_TXT_RC4_128_WITH_MD5               "RC4-MD5"
-# define SSL2_TXT_RC4_128_EXPORT40_WITH_MD5      "EXP-RC4-MD5"
-# define SSL2_TXT_RC2_128_CBC_WITH_MD5           "RC2-CBC-MD5"
-# define SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5  "EXP-RC2-CBC-MD5"
-# define SSL2_TXT_IDEA_128_CBC_WITH_MD5          "IDEA-CBC-MD5"
-# define SSL2_TXT_DES_64_CBC_WITH_MD5            "DES-CBC-MD5"
-# define SSL2_TXT_DES_64_CBC_WITH_SHA            "DES-CBC-SHA"
-# define SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5      "DES-CBC3-MD5"
-# define SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA      "DES-CBC3-SHA"
-# define SSL2_TXT_RC4_64_WITH_MD5                "RC4-64-MD5"
-
-# define SSL2_TXT_NULL                           "NULL"
-
-/* Flags for the SSL_CIPHER.algorithm2 field */
-# define SSL2_CF_5_BYTE_ENC                      0x01
-# define SSL2_CF_8_BYTE_ENC                      0x02
-
-/* Certificate Type Codes */
-# define SSL2_CT_X509_CERTIFICATE                0x01
-
-/* Authentication Type Code */
-# define SSL2_AT_MD5_WITH_RSA_ENCRYPTION         0x01
-
-# define SSL2_MAX_SSL_SESSION_ID_LENGTH          32
-
-/* Upper/Lower Bounds */
-# define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS      256
-# ifdef OPENSSL_SYS_MPE
-#  define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER    29998u
-# else
-#  define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER    32767u
-                                                       /* 2^15-1 */
-# endif
-# define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER    16383/* 2^14-1 */
-
-# define SSL2_CHALLENGE_LENGTH   16
-/*
- * #define SSL2_CHALLENGE_LENGTH 32
- */
-# define SSL2_MIN_CHALLENGE_LENGTH       16
-# define SSL2_MAX_CHALLENGE_LENGTH       32
-# define SSL2_CONNECTION_ID_LENGTH       16
-# define SSL2_MAX_CONNECTION_ID_LENGTH   16
-# define SSL2_SSL_SESSION_ID_LENGTH      16
-# define SSL2_MAX_CERT_CHALLENGE_LENGTH  32
-# define SSL2_MIN_CERT_CHALLENGE_LENGTH  16
-# define SSL2_MAX_KEY_MATERIAL_LENGTH    24
-
-# ifndef HEADER_SSL_LOCL_H
-#  define  CERT           char
-# endif
-
-# ifndef OPENSSL_NO_SSL_INTERN
-
-typedef struct ssl2_state_st {
-    int three_byte_header;
-    int clear_text;             /* clear text */
-    int escape;                 /* not used in SSLv2 */
-    int ssl2_rollback;          /* used if SSLv23 rolled back to SSLv2 */
-    /*
-     * non-blocking io info, used to make sure the same args were passwd
-     */
-    unsigned int wnum;          /* number of bytes sent so far */
-    int wpend_tot;
-    const unsigned char *wpend_buf;
-    int wpend_off;              /* offset to data to write */
-    int wpend_len;              /* number of bytes passwd to write */
-    int wpend_ret;              /* number of bytes to return to caller */
-    /* buffer raw data */
-    int rbuf_left;
-    int rbuf_offs;
-    unsigned char *rbuf;
-    unsigned char *wbuf;
-    unsigned char *write_ptr;   /* used to point to the start due to 2/3 byte
-                                 * header. */
-    unsigned int padding;
-    unsigned int rlength;       /* passed to ssl2_enc */
-    int ract_data_length;       /* Set when things are encrypted. */
-    unsigned int wlength;       /* passed to ssl2_enc */
-    int wact_data_length;       /* Set when things are decrypted. */
-    unsigned char *ract_data;
-    unsigned char *wact_data;
-    unsigned char *mac_data;
-    unsigned char *read_key;
-    unsigned char *write_key;
-    /* Stuff specifically to do with this SSL session */
-    unsigned int challenge_length;
-    unsigned char challenge[SSL2_MAX_CHALLENGE_LENGTH];
-    unsigned int conn_id_length;
-    unsigned char conn_id[SSL2_MAX_CONNECTION_ID_LENGTH];
-    unsigned int key_material_length;
-    unsigned char key_material[SSL2_MAX_KEY_MATERIAL_LENGTH * 2];
-    unsigned long read_sequence;
-    unsigned long write_sequence;
-    struct {
-        unsigned int conn_id_length;
-        unsigned int cert_type;
-        unsigned int cert_length;
-        unsigned int csl;
-        unsigned int clear;
-        unsigned int enc;
-        unsigned char ccl[SSL2_MAX_CERT_CHALLENGE_LENGTH];
-        unsigned int cipher_spec_length;
-        unsigned int session_id_length;
-        unsigned int clen;
-        unsigned int rlen;
-    } tmp;
-} SSL2_STATE;
-
-# endif
-
-/* SSLv2 */
-/* client */
-# define SSL2_ST_SEND_CLIENT_HELLO_A             (0x10|SSL_ST_CONNECT)
-# define SSL2_ST_SEND_CLIENT_HELLO_B             (0x11|SSL_ST_CONNECT)
-# define SSL2_ST_GET_SERVER_HELLO_A              (0x20|SSL_ST_CONNECT)
-# define SSL2_ST_GET_SERVER_HELLO_B              (0x21|SSL_ST_CONNECT)
-# define SSL2_ST_SEND_CLIENT_MASTER_KEY_A        (0x30|SSL_ST_CONNECT)
-# define SSL2_ST_SEND_CLIENT_MASTER_KEY_B        (0x31|SSL_ST_CONNECT)
-# define SSL2_ST_SEND_CLIENT_FINISHED_A          (0x40|SSL_ST_CONNECT)
-# define SSL2_ST_SEND_CLIENT_FINISHED_B          (0x41|SSL_ST_CONNECT)
-# define SSL2_ST_SEND_CLIENT_CERTIFICATE_A       (0x50|SSL_ST_CONNECT)
-# define SSL2_ST_SEND_CLIENT_CERTIFICATE_B       (0x51|SSL_ST_CONNECT)
-# define SSL2_ST_SEND_CLIENT_CERTIFICATE_C       (0x52|SSL_ST_CONNECT)
-# define SSL2_ST_SEND_CLIENT_CERTIFICATE_D       (0x53|SSL_ST_CONNECT)
-# define SSL2_ST_GET_SERVER_VERIFY_A             (0x60|SSL_ST_CONNECT)
-# define SSL2_ST_GET_SERVER_VERIFY_B             (0x61|SSL_ST_CONNECT)
-# define SSL2_ST_GET_SERVER_FINISHED_A           (0x70|SSL_ST_CONNECT)
-# define SSL2_ST_GET_SERVER_FINISHED_B           (0x71|SSL_ST_CONNECT)
-# define SSL2_ST_CLIENT_START_ENCRYPTION         (0x80|SSL_ST_CONNECT)
-# define SSL2_ST_X509_GET_CLIENT_CERTIFICATE     (0x90|SSL_ST_CONNECT)
-/* server */
-# define SSL2_ST_GET_CLIENT_HELLO_A              (0x10|SSL_ST_ACCEPT)
-# define SSL2_ST_GET_CLIENT_HELLO_B              (0x11|SSL_ST_ACCEPT)
-# define SSL2_ST_GET_CLIENT_HELLO_C              (0x12|SSL_ST_ACCEPT)
-# define SSL2_ST_SEND_SERVER_HELLO_A             (0x20|SSL_ST_ACCEPT)
-# define SSL2_ST_SEND_SERVER_HELLO_B             (0x21|SSL_ST_ACCEPT)
-# define SSL2_ST_GET_CLIENT_MASTER_KEY_A         (0x30|SSL_ST_ACCEPT)
-# define SSL2_ST_GET_CLIENT_MASTER_KEY_B         (0x31|SSL_ST_ACCEPT)
-# define SSL2_ST_SEND_SERVER_VERIFY_A            (0x40|SSL_ST_ACCEPT)
-# define SSL2_ST_SEND_SERVER_VERIFY_B            (0x41|SSL_ST_ACCEPT)
-# define SSL2_ST_SEND_SERVER_VERIFY_C            (0x42|SSL_ST_ACCEPT)
-# define SSL2_ST_GET_CLIENT_FINISHED_A           (0x50|SSL_ST_ACCEPT)
-# define SSL2_ST_GET_CLIENT_FINISHED_B           (0x51|SSL_ST_ACCEPT)
-# define SSL2_ST_SEND_SERVER_FINISHED_A          (0x60|SSL_ST_ACCEPT)
-# define SSL2_ST_SEND_SERVER_FINISHED_B          (0x61|SSL_ST_ACCEPT)
-# define SSL2_ST_SEND_REQUEST_CERTIFICATE_A      (0x70|SSL_ST_ACCEPT)
-# define SSL2_ST_SEND_REQUEST_CERTIFICATE_B      (0x71|SSL_ST_ACCEPT)
-# define SSL2_ST_SEND_REQUEST_CERTIFICATE_C      (0x72|SSL_ST_ACCEPT)
-# define SSL2_ST_SEND_REQUEST_CERTIFICATE_D      (0x73|SSL_ST_ACCEPT)
-# define SSL2_ST_SERVER_START_ENCRYPTION         (0x80|SSL_ST_ACCEPT)
-# define SSL2_ST_X509_GET_SERVER_CERTIFICATE     (0x90|SSL_ST_ACCEPT)
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/freebsd/crypto/openssl/ssl/ssl23.h b/freebsd/crypto/openssl/ssl/ssl23.h
deleted file mode 100644
index 9de4685a..00000000
--- a/freebsd/crypto/openssl/ssl/ssl23.h
+++ /dev/null
@@ -1,84 +0,0 @@
-/* ssl/ssl23.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_SSL23_H
-# define HEADER_SSL23_H
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/*
- * client
- */
-/* write to server */
-# define SSL23_ST_CW_CLNT_HELLO_A        (0x210|SSL_ST_CONNECT)
-# define SSL23_ST_CW_CLNT_HELLO_B        (0x211|SSL_ST_CONNECT)
-/* read from server */
-# define SSL23_ST_CR_SRVR_HELLO_A        (0x220|SSL_ST_CONNECT)
-# define SSL23_ST_CR_SRVR_HELLO_B        (0x221|SSL_ST_CONNECT)
-
-/* server */
-/* read from client */
-# define SSL23_ST_SR_CLNT_HELLO_A        (0x210|SSL_ST_ACCEPT)
-# define SSL23_ST_SR_CLNT_HELLO_B        (0x211|SSL_ST_ACCEPT)
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/freebsd/crypto/openssl/ssl/ssl3.h b/freebsd/crypto/openssl/ssl/ssl3.h
deleted file mode 100644
index e681d50a..00000000
--- a/freebsd/crypto/openssl/ssl/ssl3.h
+++ /dev/null
@@ -1,774 +0,0 @@
-/* ssl/ssl3.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-#ifndef HEADER_SSL3_H
-# define HEADER_SSL3_H
-
-# ifndef OPENSSL_NO_COMP
-#  include <openssl/comp.h>
-# endif
-# include <openssl/buffer.h>
-# include <openssl/evp.h>
-# include <openssl/ssl.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/*
- * Signalling cipher suite value from RFC 5746
- * (TLS_EMPTY_RENEGOTIATION_INFO_SCSV)
- */
-# define SSL3_CK_SCSV                            0x030000FF
-
-/*
- * Signalling cipher suite value from draft-ietf-tls-downgrade-scsv-00
- * (TLS_FALLBACK_SCSV)
- */
-# define SSL3_CK_FALLBACK_SCSV                   0x03005600
-
-# define SSL3_CK_RSA_NULL_MD5                    0x03000001
-# define SSL3_CK_RSA_NULL_SHA                    0x03000002
-# define SSL3_CK_RSA_RC4_40_MD5                  0x03000003
-# define SSL3_CK_RSA_RC4_128_MD5                 0x03000004
-# define SSL3_CK_RSA_RC4_128_SHA                 0x03000005
-# define SSL3_CK_RSA_RC2_40_MD5                  0x03000006
-# define SSL3_CK_RSA_IDEA_128_SHA                0x03000007
-# define SSL3_CK_RSA_DES_40_CBC_SHA              0x03000008
-# define SSL3_CK_RSA_DES_64_CBC_SHA              0x03000009
-# define SSL3_CK_RSA_DES_192_CBC3_SHA            0x0300000A
-
-# define SSL3_CK_DH_DSS_DES_40_CBC_SHA           0x0300000B
-# define SSL3_CK_DH_DSS_DES_64_CBC_SHA           0x0300000C
-# define SSL3_CK_DH_DSS_DES_192_CBC3_SHA         0x0300000D
-# define SSL3_CK_DH_RSA_DES_40_CBC_SHA           0x0300000E
-# define SSL3_CK_DH_RSA_DES_64_CBC_SHA           0x0300000F
-# define SSL3_CK_DH_RSA_DES_192_CBC3_SHA         0x03000010
-
-# define SSL3_CK_EDH_DSS_DES_40_CBC_SHA          0x03000011
-# define SSL3_CK_DHE_DSS_DES_40_CBC_SHA          SSL3_CK_EDH_DSS_DES_40_CBC_SHA
-# define SSL3_CK_EDH_DSS_DES_64_CBC_SHA          0x03000012
-# define SSL3_CK_DHE_DSS_DES_64_CBC_SHA          SSL3_CK_EDH_DSS_DES_64_CBC_SHA
-# define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA        0x03000013
-# define SSL3_CK_DHE_DSS_DES_192_CBC3_SHA        SSL3_CK_EDH_DSS_DES_192_CBC3_SHA
-# define SSL3_CK_EDH_RSA_DES_40_CBC_SHA          0x03000014
-# define SSL3_CK_DHE_RSA_DES_40_CBC_SHA          SSL3_CK_EDH_RSA_DES_40_CBC_SHA
-# define SSL3_CK_EDH_RSA_DES_64_CBC_SHA          0x03000015
-# define SSL3_CK_DHE_RSA_DES_64_CBC_SHA          SSL3_CK_EDH_RSA_DES_64_CBC_SHA
-# define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA        0x03000016
-# define SSL3_CK_DHE_RSA_DES_192_CBC3_SHA        SSL3_CK_EDH_RSA_DES_192_CBC3_SHA
-
-# define SSL3_CK_ADH_RC4_40_MD5                  0x03000017
-# define SSL3_CK_ADH_RC4_128_MD5                 0x03000018
-# define SSL3_CK_ADH_DES_40_CBC_SHA              0x03000019
-# define SSL3_CK_ADH_DES_64_CBC_SHA              0x0300001A
-# define SSL3_CK_ADH_DES_192_CBC_SHA             0x0300001B
-
-# if 0
-#  define SSL3_CK_FZA_DMS_NULL_SHA                0x0300001C
-#  define SSL3_CK_FZA_DMS_FZA_SHA                 0x0300001D
-#  if 0                         /* Because it clashes with KRB5, is never
-                                 * used any more, and is safe to remove
-                                 * according to David Hopwood
-                                 * <david.hopwood@zetnet.co.uk> of the
-                                 * ietf-tls list */
-#   define SSL3_CK_FZA_DMS_RC4_SHA                 0x0300001E
-#  endif
-# endif
-
-/*
- * VRS Additional Kerberos5 entries
- */
-# define SSL3_CK_KRB5_DES_64_CBC_SHA             0x0300001E
-# define SSL3_CK_KRB5_DES_192_CBC3_SHA           0x0300001F
-# define SSL3_CK_KRB5_RC4_128_SHA                0x03000020
-# define SSL3_CK_KRB5_IDEA_128_CBC_SHA           0x03000021
-# define SSL3_CK_KRB5_DES_64_CBC_MD5             0x03000022
-# define SSL3_CK_KRB5_DES_192_CBC3_MD5           0x03000023
-# define SSL3_CK_KRB5_RC4_128_MD5                0x03000024
-# define SSL3_CK_KRB5_IDEA_128_CBC_MD5           0x03000025
-
-# define SSL3_CK_KRB5_DES_40_CBC_SHA             0x03000026
-# define SSL3_CK_KRB5_RC2_40_CBC_SHA             0x03000027
-# define SSL3_CK_KRB5_RC4_40_SHA                 0x03000028
-# define SSL3_CK_KRB5_DES_40_CBC_MD5             0x03000029
-# define SSL3_CK_KRB5_RC2_40_CBC_MD5             0x0300002A
-# define SSL3_CK_KRB5_RC4_40_MD5                 0x0300002B
-
-# define SSL3_TXT_RSA_NULL_MD5                   "NULL-MD5"
-# define SSL3_TXT_RSA_NULL_SHA                   "NULL-SHA"
-# define SSL3_TXT_RSA_RC4_40_MD5                 "EXP-RC4-MD5"
-# define SSL3_TXT_RSA_RC4_128_MD5                "RC4-MD5"
-# define SSL3_TXT_RSA_RC4_128_SHA                "RC4-SHA"
-# define SSL3_TXT_RSA_RC2_40_MD5                 "EXP-RC2-CBC-MD5"
-# define SSL3_TXT_RSA_IDEA_128_SHA               "IDEA-CBC-SHA"
-# define SSL3_TXT_RSA_DES_40_CBC_SHA             "EXP-DES-CBC-SHA"
-# define SSL3_TXT_RSA_DES_64_CBC_SHA             "DES-CBC-SHA"
-# define SSL3_TXT_RSA_DES_192_CBC3_SHA           "DES-CBC3-SHA"
-
-# define SSL3_TXT_DH_DSS_DES_40_CBC_SHA          "EXP-DH-DSS-DES-CBC-SHA"
-# define SSL3_TXT_DH_DSS_DES_64_CBC_SHA          "DH-DSS-DES-CBC-SHA"
-# define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA        "DH-DSS-DES-CBC3-SHA"
-# define SSL3_TXT_DH_RSA_DES_40_CBC_SHA          "EXP-DH-RSA-DES-CBC-SHA"
-# define SSL3_TXT_DH_RSA_DES_64_CBC_SHA          "DH-RSA-DES-CBC-SHA"
-# define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA        "DH-RSA-DES-CBC3-SHA"
-
-# define SSL3_TXT_DHE_DSS_DES_40_CBC_SHA         "EXP-DHE-DSS-DES-CBC-SHA"
-# define SSL3_TXT_DHE_DSS_DES_64_CBC_SHA         "DHE-DSS-DES-CBC-SHA"
-# define SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA       "DHE-DSS-DES-CBC3-SHA"
-# define SSL3_TXT_DHE_RSA_DES_40_CBC_SHA         "EXP-DHE-RSA-DES-CBC-SHA"
-# define SSL3_TXT_DHE_RSA_DES_64_CBC_SHA         "DHE-RSA-DES-CBC-SHA"
-# define SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA       "DHE-RSA-DES-CBC3-SHA"
-
-/*
- * This next block of six "EDH" labels is for backward compatibility with
- * older versions of OpenSSL.  New code should use the six "DHE" labels above
- * instead:
- */
-# define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA         "EXP-EDH-DSS-DES-CBC-SHA"
-# define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA         "EDH-DSS-DES-CBC-SHA"
-# define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA       "EDH-DSS-DES-CBC3-SHA"
-# define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA         "EXP-EDH-RSA-DES-CBC-SHA"
-# define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA         "EDH-RSA-DES-CBC-SHA"
-# define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA       "EDH-RSA-DES-CBC3-SHA"
-
-# define SSL3_TXT_ADH_RC4_40_MD5                 "EXP-ADH-RC4-MD5"
-# define SSL3_TXT_ADH_RC4_128_MD5                "ADH-RC4-MD5"
-# define SSL3_TXT_ADH_DES_40_CBC_SHA             "EXP-ADH-DES-CBC-SHA"
-# define SSL3_TXT_ADH_DES_64_CBC_SHA             "ADH-DES-CBC-SHA"
-# define SSL3_TXT_ADH_DES_192_CBC_SHA            "ADH-DES-CBC3-SHA"
-
-# if 0
-#  define SSL3_TXT_FZA_DMS_NULL_SHA               "FZA-NULL-SHA"
-#  define SSL3_TXT_FZA_DMS_FZA_SHA                "FZA-FZA-CBC-SHA"
-#  define SSL3_TXT_FZA_DMS_RC4_SHA                "FZA-RC4-SHA"
-# endif
-
-# define SSL3_TXT_KRB5_DES_64_CBC_SHA            "KRB5-DES-CBC-SHA"
-# define SSL3_TXT_KRB5_DES_192_CBC3_SHA          "KRB5-DES-CBC3-SHA"
-# define SSL3_TXT_KRB5_RC4_128_SHA               "KRB5-RC4-SHA"
-# define SSL3_TXT_KRB5_IDEA_128_CBC_SHA          "KRB5-IDEA-CBC-SHA"
-# define SSL3_TXT_KRB5_DES_64_CBC_MD5            "KRB5-DES-CBC-MD5"
-# define SSL3_TXT_KRB5_DES_192_CBC3_MD5          "KRB5-DES-CBC3-MD5"
-# define SSL3_TXT_KRB5_RC4_128_MD5               "KRB5-RC4-MD5"
-# define SSL3_TXT_KRB5_IDEA_128_CBC_MD5          "KRB5-IDEA-CBC-MD5"
-
-# define SSL3_TXT_KRB5_DES_40_CBC_SHA            "EXP-KRB5-DES-CBC-SHA"
-# define SSL3_TXT_KRB5_RC2_40_CBC_SHA            "EXP-KRB5-RC2-CBC-SHA"
-# define SSL3_TXT_KRB5_RC4_40_SHA                "EXP-KRB5-RC4-SHA"
-# define SSL3_TXT_KRB5_DES_40_CBC_MD5            "EXP-KRB5-DES-CBC-MD5"
-# define SSL3_TXT_KRB5_RC2_40_CBC_MD5            "EXP-KRB5-RC2-CBC-MD5"
-# define SSL3_TXT_KRB5_RC4_40_MD5                "EXP-KRB5-RC4-MD5"
-
-# define SSL3_SSL_SESSION_ID_LENGTH              32
-# define SSL3_MAX_SSL_SESSION_ID_LENGTH          32
-
-# define SSL3_MASTER_SECRET_SIZE                 48
-# define SSL3_RANDOM_SIZE                        32
-# define SSL3_SESSION_ID_SIZE                    32
-# define SSL3_RT_HEADER_LENGTH                   5
-
-# define SSL3_HM_HEADER_LENGTH                  4
-
-# ifndef SSL3_ALIGN_PAYLOAD
- /*
-  * Some will argue that this increases memory footprint, but it's not
-  * actually true. Point is that malloc has to return at least 64-bit aligned
-  * pointers, meaning that allocating 5 bytes wastes 3 bytes in either case.
-  * Suggested pre-gaping simply moves these wasted bytes from the end of
-  * allocated region to its front, but makes data payload aligned, which
-  * improves performance:-)
-  */
-#  define SSL3_ALIGN_PAYLOAD                     8
-# else
-#  if (SSL3_ALIGN_PAYLOAD&(SSL3_ALIGN_PAYLOAD-1))!=0
-#   error "insane SSL3_ALIGN_PAYLOAD"
-#   undef SSL3_ALIGN_PAYLOAD
-#  endif
-# endif
-
-/*
- * This is the maximum MAC (digest) size used by the SSL library. Currently
- * maximum of 20 is used by SHA1, but we reserve for future extension for
- * 512-bit hashes.
- */
-
-# define SSL3_RT_MAX_MD_SIZE                     64
-
-/*
- * Maximum block size used in all ciphersuites. Currently 16 for AES.
- */
-
-# define SSL_RT_MAX_CIPHER_BLOCK_SIZE            16
-
-# define SSL3_RT_MAX_EXTRA                       (16384)
-
-/* Maximum plaintext length: defined by SSL/TLS standards */
-# define SSL3_RT_MAX_PLAIN_LENGTH                16384
-/* Maximum compression overhead: defined by SSL/TLS standards */
-# define SSL3_RT_MAX_COMPRESSED_OVERHEAD         1024
-
-/*
- * The standards give a maximum encryption overhead of 1024 bytes. In
- * practice the value is lower than this. The overhead is the maximum number
- * of padding bytes (256) plus the mac size.
- */
-# define SSL3_RT_MAX_ENCRYPTED_OVERHEAD  (256 + SSL3_RT_MAX_MD_SIZE)
-
-/*
- * OpenSSL currently only uses a padding length of at most one block so the
- * send overhead is smaller.
- */
-
-# define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \
-                        (SSL_RT_MAX_CIPHER_BLOCK_SIZE + SSL3_RT_MAX_MD_SIZE)
-
-/* If compression isn't used don't include the compression overhead */
-
-# ifdef OPENSSL_NO_COMP
-#  define SSL3_RT_MAX_COMPRESSED_LENGTH           SSL3_RT_MAX_PLAIN_LENGTH
-# else
-#  define SSL3_RT_MAX_COMPRESSED_LENGTH   \
-                (SSL3_RT_MAX_PLAIN_LENGTH+SSL3_RT_MAX_COMPRESSED_OVERHEAD)
-# endif
-# define SSL3_RT_MAX_ENCRYPTED_LENGTH    \
-                (SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH)
-# define SSL3_RT_MAX_PACKET_SIZE         \
-                (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
-
-# define SSL3_MD_CLIENT_FINISHED_CONST   "\x43\x4C\x4E\x54"
-# define SSL3_MD_SERVER_FINISHED_CONST   "\x53\x52\x56\x52"
-
-# define SSL3_VERSION                    0x0300
-# define SSL3_VERSION_MAJOR              0x03
-# define SSL3_VERSION_MINOR              0x00
-
-# define SSL3_RT_CHANGE_CIPHER_SPEC      20
-# define SSL3_RT_ALERT                   21
-# define SSL3_RT_HANDSHAKE               22
-# define SSL3_RT_APPLICATION_DATA        23
-# define TLS1_RT_HEARTBEAT               24
-
-/* Pseudo content types to indicate additional parameters */
-# define TLS1_RT_CRYPTO                  0x1000
-# define TLS1_RT_CRYPTO_PREMASTER        (TLS1_RT_CRYPTO | 0x1)
-# define TLS1_RT_CRYPTO_CLIENT_RANDOM    (TLS1_RT_CRYPTO | 0x2)
-# define TLS1_RT_CRYPTO_SERVER_RANDOM    (TLS1_RT_CRYPTO | 0x3)
-# define TLS1_RT_CRYPTO_MASTER           (TLS1_RT_CRYPTO | 0x4)
-
-# define TLS1_RT_CRYPTO_READ             0x0000
-# define TLS1_RT_CRYPTO_WRITE            0x0100
-# define TLS1_RT_CRYPTO_MAC              (TLS1_RT_CRYPTO | 0x5)
-# define TLS1_RT_CRYPTO_KEY              (TLS1_RT_CRYPTO | 0x6)
-# define TLS1_RT_CRYPTO_IV               (TLS1_RT_CRYPTO | 0x7)
-# define TLS1_RT_CRYPTO_FIXED_IV         (TLS1_RT_CRYPTO | 0x8)
-
-/* Pseudo content type for SSL/TLS header info */
-# define SSL3_RT_HEADER                  0x100
-
-# define SSL3_AL_WARNING                 1
-# define SSL3_AL_FATAL                   2
-
-# define SSL3_AD_CLOSE_NOTIFY             0
-# define SSL3_AD_UNEXPECTED_MESSAGE      10/* fatal */
-# define SSL3_AD_BAD_RECORD_MAC          20/* fatal */
-# define SSL3_AD_DECOMPRESSION_FAILURE   30/* fatal */
-# define SSL3_AD_HANDSHAKE_FAILURE       40/* fatal */
-# define SSL3_AD_NO_CERTIFICATE          41
-# define SSL3_AD_BAD_CERTIFICATE         42
-# define SSL3_AD_UNSUPPORTED_CERTIFICATE 43
-# define SSL3_AD_CERTIFICATE_REVOKED     44
-# define SSL3_AD_CERTIFICATE_EXPIRED     45
-# define SSL3_AD_CERTIFICATE_UNKNOWN     46
-# define SSL3_AD_ILLEGAL_PARAMETER       47/* fatal */
-
-# define TLS1_HB_REQUEST         1
-# define TLS1_HB_RESPONSE        2
-
-# ifndef OPENSSL_NO_SSL_INTERN
-
-typedef struct ssl3_record_st {
-    /* type of record */
-    /*
-     * r
-     */ int type;
-    /* How many bytes available */
-    /*
-     * rw
-     */ unsigned int length;
-    /* read/write offset into 'buf' */
-    /*
-     * r
-     */ unsigned int off;
-    /* pointer to the record data */
-    /*
-     * rw
-     */ unsigned char *data;
-    /* where the decode bytes are */
-    /*
-     * rw
-     */ unsigned char *input;
-    /* only used with decompression - malloc()ed */
-    /*
-     * r
-     */ unsigned char *comp;
-    /* epoch number, needed by DTLS1 */
-    /*
-     * r
-     */ unsigned long epoch;
-    /* sequence number, needed by DTLS1 */
-    /*
-     * r
-     */ unsigned char seq_num[8];
-} SSL3_RECORD;
-
-typedef struct ssl3_buffer_st {
-    /* at least SSL3_RT_MAX_PACKET_SIZE bytes, see ssl3_setup_buffers() */
-    unsigned char *buf;
-    /* buffer size */
-    size_t len;
-    /* where to 'copy from' */
-    int offset;
-    /* how many bytes left */
-    int left;
-} SSL3_BUFFER;
-
-# endif
-
-# define SSL3_CT_RSA_SIGN                        1
-# define SSL3_CT_DSS_SIGN                        2
-# define SSL3_CT_RSA_FIXED_DH                    3
-# define SSL3_CT_DSS_FIXED_DH                    4
-# define SSL3_CT_RSA_EPHEMERAL_DH                5
-# define SSL3_CT_DSS_EPHEMERAL_DH                6
-# define SSL3_CT_FORTEZZA_DMS                    20
-/*
- * SSL3_CT_NUMBER is used to size arrays and it must be large enough to
- * contain all of the cert types defined either for SSLv3 and TLSv1.
- */
-# define SSL3_CT_NUMBER                  9
-
-# define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS       0x0001
-# define SSL3_FLAGS_DELAY_CLIENT_FINISHED        0x0002
-# define SSL3_FLAGS_POP_BUFFER                   0x0004
-# define TLS1_FLAGS_TLS_PADDING_BUG              0x0008
-# define TLS1_FLAGS_SKIP_CERT_VERIFY             0x0010
-# define TLS1_FLAGS_KEEP_HANDSHAKE               0x0020
-/*
- * Set when the handshake is ready to process peer's ChangeCipherSpec message.
- * Cleared after the message has been processed.
- */
-# define SSL3_FLAGS_CCS_OK                       0x0080
-
-/* SSL3_FLAGS_SGC_RESTART_DONE is no longer used */
-# define SSL3_FLAGS_SGC_RESTART_DONE             0x0040
-
-# ifndef OPENSSL_NO_SSL_INTERN
-
-typedef struct ssl3_state_st {
-    long flags;
-    int delay_buf_pop_ret;
-    unsigned char read_sequence[8];
-    int read_mac_secret_size;
-    unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
-    unsigned char write_sequence[8];
-    int write_mac_secret_size;
-    unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
-    unsigned char server_random[SSL3_RANDOM_SIZE];
-    unsigned char client_random[SSL3_RANDOM_SIZE];
-    /* flags for countermeasure against known-IV weakness */
-    int need_empty_fragments;
-    int empty_fragment_done;
-    /* The value of 'extra' when the buffers were initialized */
-    int init_extra;
-    SSL3_BUFFER rbuf;           /* read IO goes into here */
-    SSL3_BUFFER wbuf;           /* write IO goes into here */
-    SSL3_RECORD rrec;           /* each decoded record goes in here */
-    SSL3_RECORD wrec;           /* goes out from here */
-    /*
-     * storage for Alert/Handshake protocol data received but not yet
-     * processed by ssl3_read_bytes:
-     */
-    unsigned char alert_fragment[2];
-    unsigned int alert_fragment_len;
-    unsigned char handshake_fragment[4];
-    unsigned int handshake_fragment_len;
-    /* partial write - check the numbers match */
-    unsigned int wnum;          /* number of bytes sent so far */
-    int wpend_tot;              /* number bytes written */
-    int wpend_type;
-    int wpend_ret;              /* number of bytes submitted */
-    const unsigned char *wpend_buf;
-    /* used during startup, digest all incoming/outgoing packets */
-    BIO *handshake_buffer;
-    /*
-     * When set of handshake digests is determined, buffer is hashed and
-     * freed and MD_CTX-es for all required digests are stored in this array
-     */
-    EVP_MD_CTX **handshake_dgst;
-    /*
-     * Set whenever an expected ChangeCipherSpec message is processed.
-     * Unset when the peer's Finished message is received.
-     * Unexpected ChangeCipherSpec messages trigger a fatal alert.
-     */
-    int change_cipher_spec;
-    int warn_alert;
-    int fatal_alert;
-    /*
-     * we allow one fatal and one warning alert to be outstanding, send close
-     * alert via the warning alert
-     */
-    int alert_dispatch;
-    unsigned char send_alert[2];
-    /*
-     * This flag is set when we should renegotiate ASAP, basically when there
-     * is no more data in the read or write buffers
-     */
-    int renegotiate;
-    int total_renegotiations;
-    int num_renegotiations;
-    int in_read_app_data;
-    /*
-     * Opaque PRF input as used for the current handshake. These fields are
-     * used only if TLSEXT_TYPE_opaque_prf_input is defined (otherwise, they
-     * are merely present to improve binary compatibility)
-     */
-    void *client_opaque_prf_input;
-    size_t client_opaque_prf_input_len;
-    void *server_opaque_prf_input;
-    size_t server_opaque_prf_input_len;
-    struct {
-        /* actually only needs to be 16+20 */
-        unsigned char cert_verify_md[EVP_MAX_MD_SIZE * 2];
-        /* actually only need to be 16+20 for SSLv3 and 12 for TLS */
-        unsigned char finish_md[EVP_MAX_MD_SIZE * 2];
-        int finish_md_len;
-        unsigned char peer_finish_md[EVP_MAX_MD_SIZE * 2];
-        int peer_finish_md_len;
-        unsigned long message_size;
-        int message_type;
-        /* used to hold the new cipher we are going to use */
-        const SSL_CIPHER *new_cipher;
-#  ifndef OPENSSL_NO_DH
-        DH *dh;
-#  endif
-#  ifndef OPENSSL_NO_ECDH
-        EC_KEY *ecdh;           /* holds short lived ECDH key */
-#  endif
-        /* used when SSL_ST_FLUSH_DATA is entered */
-        int next_state;
-        int reuse_message;
-        /* used for certificate requests */
-        int cert_req;
-        int ctype_num;
-        char ctype[SSL3_CT_NUMBER];
-        STACK_OF(X509_NAME) *ca_names;
-        int use_rsa_tmp;
-        int key_block_length;
-        unsigned char *key_block;
-        const EVP_CIPHER *new_sym_enc;
-        const EVP_MD *new_hash;
-        int new_mac_pkey_type;
-        int new_mac_secret_size;
-#  ifndef OPENSSL_NO_COMP
-        const SSL_COMP *new_compression;
-#  else
-        char *new_compression;
-#  endif
-        int cert_request;
-    } tmp;
-
-    /* Connection binding to prevent renegotiation attacks */
-    unsigned char previous_client_finished[EVP_MAX_MD_SIZE];
-    unsigned char previous_client_finished_len;
-    unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
-    unsigned char previous_server_finished_len;
-    int send_connection_binding; /* TODOEKR */
-
-#  ifndef OPENSSL_NO_NEXTPROTONEG
-    /*
-     * Set if we saw the Next Protocol Negotiation extension from our peer.
-     */
-    int next_proto_neg_seen;
-#  endif
-
-#  ifndef OPENSSL_NO_TLSEXT
-#   ifndef OPENSSL_NO_EC
-    /*
-     * This is set to true if we believe that this is a version of Safari
-     * running on OS X 10.6 or newer. We wish to know this because Safari on
-     * 10.8 .. 10.8.3 has broken ECDHE-ECDSA support.
-     */
-    char is_probably_safari;
-#   endif                       /* !OPENSSL_NO_EC */
-
-    /*
-     * ALPN information (we are in the process of transitioning from NPN to
-     * ALPN.)
-     */
-
-    /*
-     * In a server these point to the selected ALPN protocol after the
-     * ClientHello has been processed. In a client these contain the protocol
-     * that the server selected once the ServerHello has been processed.
-     */
-    unsigned char *alpn_selected;
-    unsigned alpn_selected_len;
-#  endif                        /* OPENSSL_NO_TLSEXT */
-} SSL3_STATE;
-
-# endif
-
-/* SSLv3 */
-/*
- * client
- */
-/* extra state */
-# define SSL3_ST_CW_FLUSH                (0x100|SSL_ST_CONNECT)
-# ifndef OPENSSL_NO_SCTP
-#  define DTLS1_SCTP_ST_CW_WRITE_SOCK                     (0x310|SSL_ST_CONNECT)
-#  define DTLS1_SCTP_ST_CR_READ_SOCK                      (0x320|SSL_ST_CONNECT)
-# endif
-/* write to server */
-# define SSL3_ST_CW_CLNT_HELLO_A         (0x110|SSL_ST_CONNECT)
-# define SSL3_ST_CW_CLNT_HELLO_B         (0x111|SSL_ST_CONNECT)
-/* read from server */
-# define SSL3_ST_CR_SRVR_HELLO_A         (0x120|SSL_ST_CONNECT)
-# define SSL3_ST_CR_SRVR_HELLO_B         (0x121|SSL_ST_CONNECT)
-# define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A (0x126|SSL_ST_CONNECT)
-# define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B (0x127|SSL_ST_CONNECT)
-# define SSL3_ST_CR_CERT_A               (0x130|SSL_ST_CONNECT)
-# define SSL3_ST_CR_CERT_B               (0x131|SSL_ST_CONNECT)
-# define SSL3_ST_CR_KEY_EXCH_A           (0x140|SSL_ST_CONNECT)
-# define SSL3_ST_CR_KEY_EXCH_B           (0x141|SSL_ST_CONNECT)
-# define SSL3_ST_CR_CERT_REQ_A           (0x150|SSL_ST_CONNECT)
-# define SSL3_ST_CR_CERT_REQ_B           (0x151|SSL_ST_CONNECT)
-# define SSL3_ST_CR_SRVR_DONE_A          (0x160|SSL_ST_CONNECT)
-# define SSL3_ST_CR_SRVR_DONE_B          (0x161|SSL_ST_CONNECT)
-/* write to server */
-# define SSL3_ST_CW_CERT_A               (0x170|SSL_ST_CONNECT)
-# define SSL3_ST_CW_CERT_B               (0x171|SSL_ST_CONNECT)
-# define SSL3_ST_CW_CERT_C               (0x172|SSL_ST_CONNECT)
-# define SSL3_ST_CW_CERT_D               (0x173|SSL_ST_CONNECT)
-# define SSL3_ST_CW_KEY_EXCH_A           (0x180|SSL_ST_CONNECT)
-# define SSL3_ST_CW_KEY_EXCH_B           (0x181|SSL_ST_CONNECT)
-# define SSL3_ST_CW_CERT_VRFY_A          (0x190|SSL_ST_CONNECT)
-# define SSL3_ST_CW_CERT_VRFY_B          (0x191|SSL_ST_CONNECT)
-# define SSL3_ST_CW_CHANGE_A             (0x1A0|SSL_ST_CONNECT)
-# define SSL3_ST_CW_CHANGE_B             (0x1A1|SSL_ST_CONNECT)
-# ifndef OPENSSL_NO_NEXTPROTONEG
-#  define SSL3_ST_CW_NEXT_PROTO_A         (0x200|SSL_ST_CONNECT)
-#  define SSL3_ST_CW_NEXT_PROTO_B         (0x201|SSL_ST_CONNECT)
-# endif
-# define SSL3_ST_CW_FINISHED_A           (0x1B0|SSL_ST_CONNECT)
-# define SSL3_ST_CW_FINISHED_B           (0x1B1|SSL_ST_CONNECT)
-/* read from server */
-# define SSL3_ST_CR_CHANGE_A             (0x1C0|SSL_ST_CONNECT)
-# define SSL3_ST_CR_CHANGE_B             (0x1C1|SSL_ST_CONNECT)
-# define SSL3_ST_CR_FINISHED_A           (0x1D0|SSL_ST_CONNECT)
-# define SSL3_ST_CR_FINISHED_B           (0x1D1|SSL_ST_CONNECT)
-# define SSL3_ST_CR_SESSION_TICKET_A     (0x1E0|SSL_ST_CONNECT)
-# define SSL3_ST_CR_SESSION_TICKET_B     (0x1E1|SSL_ST_CONNECT)
-# define SSL3_ST_CR_CERT_STATUS_A        (0x1F0|SSL_ST_CONNECT)
-# define SSL3_ST_CR_CERT_STATUS_B        (0x1F1|SSL_ST_CONNECT)
-
-/* server */
-/* extra state */
-# define SSL3_ST_SW_FLUSH                (0x100|SSL_ST_ACCEPT)
-# ifndef OPENSSL_NO_SCTP
-#  define DTLS1_SCTP_ST_SW_WRITE_SOCK                     (0x310|SSL_ST_ACCEPT)
-#  define DTLS1_SCTP_ST_SR_READ_SOCK                      (0x320|SSL_ST_ACCEPT)
-# endif
-/* read from client */
-/* Do not change the number values, they do matter */
-# define SSL3_ST_SR_CLNT_HELLO_A         (0x110|SSL_ST_ACCEPT)
-# define SSL3_ST_SR_CLNT_HELLO_B         (0x111|SSL_ST_ACCEPT)
-# define SSL3_ST_SR_CLNT_HELLO_C         (0x112|SSL_ST_ACCEPT)
-# define SSL3_ST_SR_CLNT_HELLO_D         (0x115|SSL_ST_ACCEPT)
-/* write to client */
-# define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT)
-# define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT)
-# define SSL3_ST_SW_HELLO_REQ_A          (0x120|SSL_ST_ACCEPT)
-# define SSL3_ST_SW_HELLO_REQ_B          (0x121|SSL_ST_ACCEPT)
-# define SSL3_ST_SW_HELLO_REQ_C          (0x122|SSL_ST_ACCEPT)
-# define SSL3_ST_SW_SRVR_HELLO_A         (0x130|SSL_ST_ACCEPT)
-# define SSL3_ST_SW_SRVR_HELLO_B         (0x131|SSL_ST_ACCEPT)
-# define SSL3_ST_SW_CERT_A               (0x140|SSL_ST_ACCEPT)
-# define SSL3_ST_SW_CERT_B               (0x141|SSL_ST_ACCEPT)
-# define SSL3_ST_SW_KEY_EXCH_A           (0x150|SSL_ST_ACCEPT)
-# define SSL3_ST_SW_KEY_EXCH_B           (0x151|SSL_ST_ACCEPT)
-# define SSL3_ST_SW_CERT_REQ_A           (0x160|SSL_ST_ACCEPT)
-# define SSL3_ST_SW_CERT_REQ_B           (0x161|SSL_ST_ACCEPT)
-# define SSL3_ST_SW_SRVR_DONE_A          (0x170|SSL_ST_ACCEPT)
-# define SSL3_ST_SW_SRVR_DONE_B          (0x171|SSL_ST_ACCEPT)
-/* read from client */
-# define SSL3_ST_SR_CERT_A               (0x180|SSL_ST_ACCEPT)
-# define SSL3_ST_SR_CERT_B               (0x181|SSL_ST_ACCEPT)
-# define SSL3_ST_SR_KEY_EXCH_A           (0x190|SSL_ST_ACCEPT)
-# define SSL3_ST_SR_KEY_EXCH_B           (0x191|SSL_ST_ACCEPT)
-# define SSL3_ST_SR_CERT_VRFY_A          (0x1A0|SSL_ST_ACCEPT)
-# define SSL3_ST_SR_CERT_VRFY_B          (0x1A1|SSL_ST_ACCEPT)
-# define SSL3_ST_SR_CHANGE_A             (0x1B0|SSL_ST_ACCEPT)
-# define SSL3_ST_SR_CHANGE_B             (0x1B1|SSL_ST_ACCEPT)
-# ifndef OPENSSL_NO_NEXTPROTONEG
-#  define SSL3_ST_SR_NEXT_PROTO_A         (0x210|SSL_ST_ACCEPT)
-#  define SSL3_ST_SR_NEXT_PROTO_B         (0x211|SSL_ST_ACCEPT)
-# endif
-# define SSL3_ST_SR_FINISHED_A           (0x1C0|SSL_ST_ACCEPT)
-# define SSL3_ST_SR_FINISHED_B           (0x1C1|SSL_ST_ACCEPT)
-/* write to client */
-# define SSL3_ST_SW_CHANGE_A             (0x1D0|SSL_ST_ACCEPT)
-# define SSL3_ST_SW_CHANGE_B             (0x1D1|SSL_ST_ACCEPT)
-# define SSL3_ST_SW_FINISHED_A           (0x1E0|SSL_ST_ACCEPT)
-# define SSL3_ST_SW_FINISHED_B           (0x1E1|SSL_ST_ACCEPT)
-# define SSL3_ST_SW_SESSION_TICKET_A     (0x1F0|SSL_ST_ACCEPT)
-# define SSL3_ST_SW_SESSION_TICKET_B     (0x1F1|SSL_ST_ACCEPT)
-# define SSL3_ST_SW_CERT_STATUS_A        (0x200|SSL_ST_ACCEPT)
-# define SSL3_ST_SW_CERT_STATUS_B        (0x201|SSL_ST_ACCEPT)
-
-# define SSL3_MT_HELLO_REQUEST                   0
-# define SSL3_MT_CLIENT_HELLO                    1
-# define SSL3_MT_SERVER_HELLO                    2
-# define SSL3_MT_NEWSESSION_TICKET               4
-# define SSL3_MT_CERTIFICATE                     11
-# define SSL3_MT_SERVER_KEY_EXCHANGE             12
-# define SSL3_MT_CERTIFICATE_REQUEST             13
-# define SSL3_MT_SERVER_DONE                     14
-# define SSL3_MT_CERTIFICATE_VERIFY              15
-# define SSL3_MT_CLIENT_KEY_EXCHANGE             16
-# define SSL3_MT_FINISHED                        20
-# define SSL3_MT_CERTIFICATE_STATUS              22
-# ifndef OPENSSL_NO_NEXTPROTONEG
-#  define SSL3_MT_NEXT_PROTO                      67
-# endif
-# define DTLS1_MT_HELLO_VERIFY_REQUEST    3
-
-# define SSL3_MT_CCS                             1
-
-/* These are used when changing over to a new cipher */
-# define SSL3_CC_READ            0x01
-# define SSL3_CC_WRITE           0x02
-# define SSL3_CC_CLIENT          0x10
-# define SSL3_CC_SERVER          0x20
-# define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE)
-# define SSL3_CHANGE_CIPHER_SERVER_READ  (SSL3_CC_SERVER|SSL3_CC_READ)
-# define SSL3_CHANGE_CIPHER_CLIENT_READ  (SSL3_CC_CLIENT|SSL3_CC_READ)
-# define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE)
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/freebsd/crypto/openssl/ssl/ssl_algs.c b/freebsd/crypto/openssl/ssl/ssl_algs.c
deleted file mode 100644
index 12ede788..00000000
--- a/freebsd/crypto/openssl/ssl/ssl_algs.c
+++ /dev/null
@@ -1,157 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* ssl/ssl_algs.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/objects.h>
-#include <openssl/lhash.h>
-#include "ssl_locl.h"
-
-int SSL_library_init(void)
-{
-
-#ifndef OPENSSL_NO_DES
-    EVP_add_cipher(EVP_des_cbc());
-    EVP_add_cipher(EVP_des_ede3_cbc());
-#endif
-#ifndef OPENSSL_NO_IDEA
-    EVP_add_cipher(EVP_idea_cbc());
-#endif
-#ifndef OPENSSL_NO_RC4
-    EVP_add_cipher(EVP_rc4());
-# if !defined(OPENSSL_NO_MD5) && (defined(__x86_64) || defined(__x86_64__))
-    EVP_add_cipher(EVP_rc4_hmac_md5());
-# endif
-#endif
-#ifndef OPENSSL_NO_RC2
-    EVP_add_cipher(EVP_rc2_cbc());
-    /*
-     * Not actually used for SSL/TLS but this makes PKCS#12 work if an
-     * application only calls SSL_library_init().
-     */
-    EVP_add_cipher(EVP_rc2_40_cbc());
-#endif
-#ifndef OPENSSL_NO_AES
-    EVP_add_cipher(EVP_aes_128_cbc());
-    EVP_add_cipher(EVP_aes_192_cbc());
-    EVP_add_cipher(EVP_aes_256_cbc());
-    EVP_add_cipher(EVP_aes_128_gcm());
-    EVP_add_cipher(EVP_aes_256_gcm());
-# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
-    EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1());
-    EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1());
-# endif
-# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256)
-    EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256());
-    EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256());
-# endif
-
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
-    EVP_add_cipher(EVP_camellia_128_cbc());
-    EVP_add_cipher(EVP_camellia_256_cbc());
-#endif
-
-#ifndef OPENSSL_NO_SEED
-    EVP_add_cipher(EVP_seed_cbc());
-#endif
-
-#ifndef OPENSSL_NO_MD5
-    EVP_add_digest(EVP_md5());
-    EVP_add_digest_alias(SN_md5, "ssl2-md5");
-    EVP_add_digest_alias(SN_md5, "ssl3-md5");
-#endif
-#ifndef OPENSSL_NO_SHA
-    EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
-    EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
-    EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
-#endif
-#ifndef OPENSSL_NO_SHA256
-    EVP_add_digest(EVP_sha224());
-    EVP_add_digest(EVP_sha256());
-#endif
-#ifndef OPENSSL_NO_SHA512
-    EVP_add_digest(EVP_sha384());
-    EVP_add_digest(EVP_sha512());
-#endif
-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)
-    EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
-    EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2);
-    EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1");
-    EVP_add_digest_alias(SN_dsaWithSHA1, "dss1");
-#endif
-#ifndef OPENSSL_NO_ECDSA
-    EVP_add_digest(EVP_ecdsa());
-#endif
-    /* If you want support for phased out ciphers, add the following */
-#if 0
-    EVP_add_digest(EVP_sha());
-    EVP_add_digest(EVP_dss());
-#endif
-#ifndef OPENSSL_NO_COMP
-    /*
-     * This will initialise the built-in compression algorithms. The value
-     * returned is a STACK_OF(SSL_COMP), but that can be discarded safely
-     */
-    (void)SSL_COMP_get_compression_methods();
-#endif
-    /* initialize cipher/digest methods table */
-    ssl_load_ciphers();
-    return (1);
-}
diff --git a/freebsd/crypto/openssl/ssl/ssl_asn1.c b/freebsd/crypto/openssl/ssl/ssl_asn1.c
index fd2a8ae7..5bce4e65 100644
--- a/freebsd/crypto/openssl/ssl/ssl_asn1.c
+++ b/freebsd/crypto/openssl/ssl/ssl_asn1.c
@@ -1,641 +1,395 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* ssl/ssl_asn1.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright 2005 Nokia. All rights reserved.
  *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <stdlib.h>
 #include "ssl_locl.h"
-#include <openssl/asn1_mac.h>
-#include <openssl/objects.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509.h>
 
-typedef struct ssl_session_asn1_st {
-    ASN1_INTEGER version;
-    ASN1_INTEGER ssl_version;
-    ASN1_OCTET_STRING cipher;
-    ASN1_OCTET_STRING comp_id;
-    ASN1_OCTET_STRING master_key;
-    ASN1_OCTET_STRING session_id;
-    ASN1_OCTET_STRING session_id_context;
-    ASN1_OCTET_STRING key_arg;
-#ifndef OPENSSL_NO_KRB5
-    ASN1_OCTET_STRING krb5_princ;
-#endif                          /* OPENSSL_NO_KRB5 */
-    ASN1_INTEGER time;
-    ASN1_INTEGER timeout;
-    ASN1_INTEGER verify_result;
-#ifndef OPENSSL_NO_TLSEXT
-    ASN1_OCTET_STRING tlsext_hostname;
-    ASN1_INTEGER tlsext_tick_lifetime;
-    ASN1_OCTET_STRING tlsext_tick;
-#endif                          /* OPENSSL_NO_TLSEXT */
+typedef struct {
+    uint32_t version;
+    int32_t ssl_version;
+    ASN1_OCTET_STRING *cipher;
+    ASN1_OCTET_STRING *comp_id;
+    ASN1_OCTET_STRING *master_key;
+    ASN1_OCTET_STRING *session_id;
+    ASN1_OCTET_STRING *key_arg;
+    int64_t time;
+    int64_t timeout;
+    X509 *peer;
+    ASN1_OCTET_STRING *session_id_context;
+    int32_t verify_result;
+    ASN1_OCTET_STRING *tlsext_hostname;
+    uint64_t tlsext_tick_lifetime_hint;
+    uint32_t tlsext_tick_age_add;
+    ASN1_OCTET_STRING *tlsext_tick;
 #ifndef OPENSSL_NO_PSK
-    ASN1_OCTET_STRING psk_identity_hint;
-    ASN1_OCTET_STRING psk_identity;
-#endif                          /* OPENSSL_NO_PSK */
+    ASN1_OCTET_STRING *psk_identity_hint;
+    ASN1_OCTET_STRING *psk_identity;
+#endif
 #ifndef OPENSSL_NO_SRP
-    ASN1_OCTET_STRING srp_username;
-#endif                          /* OPENSSL_NO_SRP */
+    ASN1_OCTET_STRING *srp_username;
+#endif
+    uint64_t flags;
+    uint32_t max_early_data;
+    ASN1_OCTET_STRING *alpn_selected;
+    uint32_t tlsext_max_fragment_len_mode;
+    ASN1_OCTET_STRING *ticket_appdata;
 } SSL_SESSION_ASN1;
 
-int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
-{
-#define LSIZE2 (sizeof(long)*2)
-    int v1 = 0, v2 = 0, v3 = 0, v4 = 0, v5 = 0;
-    unsigned char buf[4], ibuf1[LSIZE2], ibuf2[LSIZE2];
-    unsigned char ibuf3[LSIZE2], ibuf4[LSIZE2], ibuf5[LSIZE2];
-#ifndef OPENSSL_NO_TLSEXT
-    int v6 = 0, v9 = 0, v10 = 0;
-    unsigned char ibuf6[LSIZE2];
-#endif
+ASN1_SEQUENCE(SSL_SESSION_ASN1) = {
+    ASN1_EMBED(SSL_SESSION_ASN1, version, UINT32),
+    ASN1_EMBED(SSL_SESSION_ASN1, ssl_version, INT32),
+    ASN1_SIMPLE(SSL_SESSION_ASN1, cipher, ASN1_OCTET_STRING),
+    ASN1_SIMPLE(SSL_SESSION_ASN1, session_id, ASN1_OCTET_STRING),
+    ASN1_SIMPLE(SSL_SESSION_ASN1, master_key, ASN1_OCTET_STRING),
+    ASN1_IMP_OPT(SSL_SESSION_ASN1, key_arg, ASN1_OCTET_STRING, 0),
+    ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, time, ZINT64, 1),
+    ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, timeout, ZINT64, 2),
+    ASN1_EXP_OPT(SSL_SESSION_ASN1, peer, X509, 3),
+    ASN1_EXP_OPT(SSL_SESSION_ASN1, session_id_context, ASN1_OCTET_STRING, 4),
+    ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, verify_result, ZINT32, 5),
+    ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_hostname, ASN1_OCTET_STRING, 6),
 #ifndef OPENSSL_NO_PSK
-    int v7 = 0, v8 = 0;
+    ASN1_EXP_OPT(SSL_SESSION_ASN1, psk_identity_hint, ASN1_OCTET_STRING, 7),
+    ASN1_EXP_OPT(SSL_SESSION_ASN1, psk_identity, ASN1_OCTET_STRING, 8),
 #endif
+    ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, tlsext_tick_lifetime_hint, ZUINT64, 9),
+    ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_tick, ASN1_OCTET_STRING, 10),
+    ASN1_EXP_OPT(SSL_SESSION_ASN1, comp_id, ASN1_OCTET_STRING, 11),
+#ifndef OPENSSL_NO_SRP
+    ASN1_EXP_OPT(SSL_SESSION_ASN1, srp_username, ASN1_OCTET_STRING, 12),
+#endif
+    ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, flags, ZUINT64, 13),
+    ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, tlsext_tick_age_add, ZUINT32, 14),
+    ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, max_early_data, ZUINT32, 15),
+    ASN1_EXP_OPT(SSL_SESSION_ASN1, alpn_selected, ASN1_OCTET_STRING, 16),
+    ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, tlsext_max_fragment_len_mode, ZUINT32, 17),
+    ASN1_EXP_OPT(SSL_SESSION_ASN1, ticket_appdata, ASN1_OCTET_STRING, 18)
+} static_ASN1_SEQUENCE_END(SSL_SESSION_ASN1)
+
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(SSL_SESSION_ASN1)
+
+/* Utility functions for i2d_SSL_SESSION */
+
+/* Initialise OCTET STRING from buffer and length */
+
+static void ssl_session_oinit(ASN1_OCTET_STRING **dest, ASN1_OCTET_STRING *os,
+                              unsigned char *data, size_t len)
+{
+    os->data = data;
+    os->length = (int)len;
+    os->flags = 0;
+    *dest = os;
+}
+
+/* Initialise OCTET STRING from string */
+static void ssl_session_sinit(ASN1_OCTET_STRING **dest, ASN1_OCTET_STRING *os,
+                              char *data)
+{
+    if (data != NULL)
+        ssl_session_oinit(dest, os, (unsigned char *)data, strlen(data));
+    else
+        *dest = NULL;
+}
+
+int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
+{
+
+    SSL_SESSION_ASN1 as;
+
+    ASN1_OCTET_STRING cipher;
+    unsigned char cipher_data[2];
+    ASN1_OCTET_STRING master_key, session_id, sid_ctx;
+
 #ifndef OPENSSL_NO_COMP
-    unsigned char cbuf;
-    int v11 = 0;
+    ASN1_OCTET_STRING comp_id;
+    unsigned char comp_id_data;
 #endif
+    ASN1_OCTET_STRING tlsext_hostname, tlsext_tick;
 #ifndef OPENSSL_NO_SRP
-    int v12 = 0;
+    ASN1_OCTET_STRING srp_username;
 #endif
+#ifndef OPENSSL_NO_PSK
+    ASN1_OCTET_STRING psk_identity, psk_identity_hint;
+#endif
+    ASN1_OCTET_STRING alpn_selected;
+    ASN1_OCTET_STRING ticket_appdata;
+
     long l;
-    SSL_SESSION_ASN1 a;
-    M_ASN1_I2D_vars(in);
 
     if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0)))
-        return (0);
-
-    /*
-     * Note that I cheat in the following 2 assignments.  I know that if the
-     * ASN1_INTEGER passed to ASN1_INTEGER_set is > sizeof(long)+1, the
-     * buffer will not be re-OPENSSL_malloc()ed. This is a bit evil but makes
-     * things simple, no dynamic allocation to clean up :-)
-     */
-    a.version.length = LSIZE2;
-    a.version.type = V_ASN1_INTEGER;
-    a.version.data = ibuf1;
-    ASN1_INTEGER_set(&(a.version), SSL_SESSION_ASN1_VERSION);
-
-    a.ssl_version.length = LSIZE2;
-    a.ssl_version.type = V_ASN1_INTEGER;
-    a.ssl_version.data = ibuf2;
-    ASN1_INTEGER_set(&(a.ssl_version), in->ssl_version);
-
-    a.cipher.type = V_ASN1_OCTET_STRING;
-    a.cipher.data = buf;
+        return 0;
+
+    memset(&as, 0, sizeof(as));
+
+    as.version = SSL_SESSION_ASN1_VERSION;
+    as.ssl_version = in->ssl_version;
 
     if (in->cipher == NULL)
         l = in->cipher_id;
     else
         l = in->cipher->id;
-    if (in->ssl_version == SSL2_VERSION) {
-        a.cipher.length = 3;
-        buf[0] = ((unsigned char)(l >> 16L)) & 0xff;
-        buf[1] = ((unsigned char)(l >> 8L)) & 0xff;
-        buf[2] = ((unsigned char)(l)) & 0xff;
-    } else {
-        a.cipher.length = 2;
-        buf[0] = ((unsigned char)(l >> 8L)) & 0xff;
-        buf[1] = ((unsigned char)(l)) & 0xff;
-    }
+    cipher_data[0] = ((unsigned char)(l >> 8L)) & 0xff;
+    cipher_data[1] = ((unsigned char)(l)) & 0xff;
+
+    ssl_session_oinit(&as.cipher, &cipher, cipher_data, 2);
 
 #ifndef OPENSSL_NO_COMP
     if (in->compress_meth) {
-        cbuf = (unsigned char)in->compress_meth;
-        a.comp_id.length = 1;
-        a.comp_id.type = V_ASN1_OCTET_STRING;
-        a.comp_id.data = &cbuf;
+        comp_id_data = (unsigned char)in->compress_meth;
+        ssl_session_oinit(&as.comp_id, &comp_id, &comp_id_data, 1);
     }
 #endif
 
-    a.master_key.length = in->master_key_length;
-    a.master_key.type = V_ASN1_OCTET_STRING;
-    a.master_key.data = in->master_key;
+    ssl_session_oinit(&as.master_key, &master_key,
+                      in->master_key, in->master_key_length);
 
-    a.session_id.length = in->session_id_length;
-    a.session_id.type = V_ASN1_OCTET_STRING;
-    a.session_id.data = in->session_id;
+    ssl_session_oinit(&as.session_id, &session_id,
+                      in->session_id, in->session_id_length);
 
-    a.session_id_context.length = in->sid_ctx_length;
-    a.session_id_context.type = V_ASN1_OCTET_STRING;
-    a.session_id_context.data = in->sid_ctx;
+    ssl_session_oinit(&as.session_id_context, &sid_ctx,
+                      in->sid_ctx, in->sid_ctx_length);
 
-    a.key_arg.length = in->key_arg_length;
-    a.key_arg.type = V_ASN1_OCTET_STRING;
-    a.key_arg.data = in->key_arg;
+    as.time = in->time;
+    as.timeout = in->timeout;
+    as.verify_result = in->verify_result;
 
-#ifndef OPENSSL_NO_KRB5
-    if (in->krb5_client_princ_len) {
-        a.krb5_princ.length = in->krb5_client_princ_len;
-        a.krb5_princ.type = V_ASN1_OCTET_STRING;
-        a.krb5_princ.data = in->krb5_client_princ;
-    }
-#endif                          /* OPENSSL_NO_KRB5 */
+    as.peer = in->peer;
 
-    if (in->time != 0L) {
-        a.time.length = LSIZE2;
-        a.time.type = V_ASN1_INTEGER;
-        a.time.data = ibuf3;
-        ASN1_INTEGER_set(&(a.time), in->time);
+    ssl_session_sinit(&as.tlsext_hostname, &tlsext_hostname,
+                      in->ext.hostname);
+    if (in->ext.tick) {
+        ssl_session_oinit(&as.tlsext_tick, &tlsext_tick,
+                          in->ext.tick, in->ext.ticklen);
     }
-
-    if (in->timeout != 0L) {
-        a.timeout.length = LSIZE2;
-        a.timeout.type = V_ASN1_INTEGER;
-        a.timeout.data = ibuf4;
-        ASN1_INTEGER_set(&(a.timeout), in->timeout);
-    }
-
-    if (in->verify_result != X509_V_OK) {
-        a.verify_result.length = LSIZE2;
-        a.verify_result.type = V_ASN1_INTEGER;
-        a.verify_result.data = ibuf5;
-        ASN1_INTEGER_set(&a.verify_result, in->verify_result);
-    }
-#ifndef OPENSSL_NO_TLSEXT
-    if (in->tlsext_hostname) {
-        a.tlsext_hostname.length = strlen(in->tlsext_hostname);
-        a.tlsext_hostname.type = V_ASN1_OCTET_STRING;
-        a.tlsext_hostname.data = (unsigned char *)in->tlsext_hostname;
-    }
-    if (in->tlsext_tick) {
-        a.tlsext_tick.length = in->tlsext_ticklen;
-        a.tlsext_tick.type = V_ASN1_OCTET_STRING;
-        a.tlsext_tick.data = (unsigned char *)in->tlsext_tick;
-    }
-    if (in->tlsext_tick_lifetime_hint > 0) {
-        a.tlsext_tick_lifetime.length = LSIZE2;
-        a.tlsext_tick_lifetime.type = V_ASN1_INTEGER;
-        a.tlsext_tick_lifetime.data = ibuf6;
-        ASN1_INTEGER_set(&a.tlsext_tick_lifetime,
-                         in->tlsext_tick_lifetime_hint);
-    }
-#endif                          /* OPENSSL_NO_TLSEXT */
+    if (in->ext.tick_lifetime_hint > 0)
+        as.tlsext_tick_lifetime_hint = in->ext.tick_lifetime_hint;
+    as.tlsext_tick_age_add = in->ext.tick_age_add;
 #ifndef OPENSSL_NO_PSK
-    if (in->psk_identity_hint) {
-        a.psk_identity_hint.length = strlen(in->psk_identity_hint);
-        a.psk_identity_hint.type = V_ASN1_OCTET_STRING;
-        a.psk_identity_hint.data = (unsigned char *)(in->psk_identity_hint);
-    }
-    if (in->psk_identity) {
-        a.psk_identity.length = strlen(in->psk_identity);
-        a.psk_identity.type = V_ASN1_OCTET_STRING;
-        a.psk_identity.data = (unsigned char *)(in->psk_identity);
-    }
+    ssl_session_sinit(&as.psk_identity_hint, &psk_identity_hint,
+                      in->psk_identity_hint);
+    ssl_session_sinit(&as.psk_identity, &psk_identity, in->psk_identity);
 #endif                          /* OPENSSL_NO_PSK */
 #ifndef OPENSSL_NO_SRP
-    if (in->srp_username) {
-        a.srp_username.length = strlen(in->srp_username);
-        a.srp_username.type = V_ASN1_OCTET_STRING;
-        a.srp_username.data = (unsigned char *)(in->srp_username);
-    }
+    ssl_session_sinit(&as.srp_username, &srp_username, in->srp_username);
 #endif                          /* OPENSSL_NO_SRP */
 
-    M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER);
-    M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER);
-    M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING);
-    M_ASN1_I2D_len(&(a.session_id), i2d_ASN1_OCTET_STRING);
-    M_ASN1_I2D_len(&(a.master_key), i2d_ASN1_OCTET_STRING);
-#ifndef OPENSSL_NO_KRB5
-    if (in->krb5_client_princ_len)
-        M_ASN1_I2D_len(&(a.krb5_princ), i2d_ASN1_OCTET_STRING);
-#endif                          /* OPENSSL_NO_KRB5 */
-    if (in->key_arg_length > 0)
-        M_ASN1_I2D_len_IMP_opt(&(a.key_arg), i2d_ASN1_OCTET_STRING);
-    if (in->time != 0L)
-        M_ASN1_I2D_len_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1);
-    if (in->timeout != 0L)
-        M_ASN1_I2D_len_EXP_opt(&(a.timeout), i2d_ASN1_INTEGER, 2, v2);
-    if (in->peer != NULL)
-        M_ASN1_I2D_len_EXP_opt(in->peer, i2d_X509, 3, v3);
-    M_ASN1_I2D_len_EXP_opt(&a.session_id_context, i2d_ASN1_OCTET_STRING, 4,
-                           v4);
-    if (in->verify_result != X509_V_OK)
-        M_ASN1_I2D_len_EXP_opt(&(a.verify_result), i2d_ASN1_INTEGER, 5, v5);
-
-#ifndef OPENSSL_NO_TLSEXT
-    if (in->tlsext_tick_lifetime_hint > 0)
-        M_ASN1_I2D_len_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER, 9,
-                               v9);
-    if (in->tlsext_tick)
-        M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING, 10,
-                               v10);
-    if (in->tlsext_hostname)
-        M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING, 6,
-                               v6);
-# ifndef OPENSSL_NO_COMP
-    if (in->compress_meth)
-        M_ASN1_I2D_len_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING, 11, v11);
-# endif
-#endif                          /* OPENSSL_NO_TLSEXT */
-#ifndef OPENSSL_NO_PSK
-    if (in->psk_identity_hint)
-        M_ASN1_I2D_len_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING,
-                               7, v7);
-    if (in->psk_identity)
-        M_ASN1_I2D_len_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING, 8,
-                               v8);
-#endif                          /* OPENSSL_NO_PSK */
-#ifndef OPENSSL_NO_SRP
-    if (in->srp_username)
-        M_ASN1_I2D_len_EXP_opt(&(a.srp_username), i2d_ASN1_OCTET_STRING, 12,
-                               v12);
-#endif                          /* OPENSSL_NO_SRP */
+    as.flags = in->flags;
+    as.max_early_data = in->ext.max_early_data;
 
-    M_ASN1_I2D_seq_total();
-
-    M_ASN1_I2D_put(&(a.version), i2d_ASN1_INTEGER);
-    M_ASN1_I2D_put(&(a.ssl_version), i2d_ASN1_INTEGER);
-    M_ASN1_I2D_put(&(a.cipher), i2d_ASN1_OCTET_STRING);
-    M_ASN1_I2D_put(&(a.session_id), i2d_ASN1_OCTET_STRING);
-    M_ASN1_I2D_put(&(a.master_key), i2d_ASN1_OCTET_STRING);
-#ifndef OPENSSL_NO_KRB5
-    if (in->krb5_client_princ_len)
-        M_ASN1_I2D_put(&(a.krb5_princ), i2d_ASN1_OCTET_STRING);
-#endif                          /* OPENSSL_NO_KRB5 */
-    if (in->key_arg_length > 0)
-        M_ASN1_I2D_put_IMP_opt(&(a.key_arg), i2d_ASN1_OCTET_STRING, 0);
-    if (in->time != 0L)
-        M_ASN1_I2D_put_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1);
-    if (in->timeout != 0L)
-        M_ASN1_I2D_put_EXP_opt(&(a.timeout), i2d_ASN1_INTEGER, 2, v2);
-    if (in->peer != NULL)
-        M_ASN1_I2D_put_EXP_opt(in->peer, i2d_X509, 3, v3);
-    M_ASN1_I2D_put_EXP_opt(&a.session_id_context, i2d_ASN1_OCTET_STRING, 4,
-                           v4);
-    if (in->verify_result != X509_V_OK)
-        M_ASN1_I2D_put_EXP_opt(&a.verify_result, i2d_ASN1_INTEGER, 5, v5);
-#ifndef OPENSSL_NO_TLSEXT
-    if (in->tlsext_hostname)
-        M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING, 6,
-                               v6);
-#endif                          /* OPENSSL_NO_TLSEXT */
-#ifndef OPENSSL_NO_PSK
-    if (in->psk_identity_hint)
-        M_ASN1_I2D_put_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING,
-                               7, v7);
-    if (in->psk_identity)
-        M_ASN1_I2D_put_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING, 8,
-                               v8);
-#endif                          /* OPENSSL_NO_PSK */
-#ifndef OPENSSL_NO_TLSEXT
-    if (in->tlsext_tick_lifetime_hint > 0)
-        M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER, 9,
-                               v9);
-    if (in->tlsext_tick)
-        M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING, 10,
-                               v10);
-#endif                          /* OPENSSL_NO_TLSEXT */
-#ifndef OPENSSL_NO_COMP
-    if (in->compress_meth)
-        M_ASN1_I2D_put_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING, 11, v11);
-#endif
-#ifndef OPENSSL_NO_SRP
-    if (in->srp_username)
-        M_ASN1_I2D_put_EXP_opt(&(a.srp_username), i2d_ASN1_OCTET_STRING, 12,
-                               v12);
-#endif                          /* OPENSSL_NO_SRP */
-    M_ASN1_I2D_finish();
+    if (in->ext.alpn_selected == NULL)
+        as.alpn_selected = NULL;
+    else
+        ssl_session_oinit(&as.alpn_selected, &alpn_selected,
+                          in->ext.alpn_selected, in->ext.alpn_selected_len);
+
+    as.tlsext_max_fragment_len_mode = in->ext.max_fragment_len_mode;
+
+    if (in->ticket_appdata == NULL)
+        as.ticket_appdata = NULL;
+    else
+        ssl_session_oinit(&as.ticket_appdata, &ticket_appdata,
+                          in->ticket_appdata, in->ticket_appdata_len);
+
+    return i2d_SSL_SESSION_ASN1(&as, pp);
+
+}
+
+/* Utility functions for d2i_SSL_SESSION */
+
+/* OPENSSL_strndup an OCTET STRING */
+
+static int ssl_session_strndup(char **pdst, ASN1_OCTET_STRING *src)
+{
+    OPENSSL_free(*pdst);
+    *pdst = NULL;
+    if (src == NULL)
+        return 1;
+    *pdst = OPENSSL_strndup((char *)src->data, src->length);
+    if (*pdst == NULL)
+        return 0;
+    return 1;
+}
+
+/* Copy an OCTET STRING, return error if it exceeds maximum length */
+
+static int ssl_session_memcpy(unsigned char *dst, size_t *pdstlen,
+                              ASN1_OCTET_STRING *src, size_t maxlen)
+{
+    if (src == NULL) {
+        *pdstlen = 0;
+        return 1;
+    }
+    if (src->length < 0 || src->length > (int)maxlen)
+        return 0;
+    memcpy(dst, src->data, src->length);
+    *pdstlen = src->length;
+    return 1;
 }
 
 SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
                              long length)
 {
-    int ssl_version = 0, i;
     long id;
-    ASN1_INTEGER ai, *aip;
-    ASN1_OCTET_STRING os, *osp;
-    M_ASN1_D2I_vars(a, SSL_SESSION *, SSL_SESSION_new);
-
-    aip = &ai;
-    osp = &os;
-
-    M_ASN1_D2I_Init();
-    M_ASN1_D2I_start_sequence();
-
-    ai.data = NULL;
-    ai.length = 0;
-    M_ASN1_D2I_get_x(ASN1_INTEGER, aip, d2i_ASN1_INTEGER);
-    if (ai.data != NULL) {
-        OPENSSL_free(ai.data);
-        ai.data = NULL;
-        ai.length = 0;
+    size_t tmpl;
+    const unsigned char *p = *pp;
+    SSL_SESSION_ASN1 *as = NULL;
+    SSL_SESSION *ret = NULL;
+
+    as = d2i_SSL_SESSION_ASN1(NULL, &p, length);
+    /* ASN.1 code returns suitable error */
+    if (as == NULL)
+        goto err;
+
+    if (!a || !*a) {
+        ret = SSL_SESSION_new();
+        if (ret == NULL)
+            goto err;
+    } else {
+        ret = *a;
+    }
+
+    if (as->version != SSL_SESSION_ASN1_VERSION) {
+        SSLerr(SSL_F_D2I_SSL_SESSION, SSL_R_UNKNOWN_SSL_VERSION);
+        goto err;
     }
 
-    /* we don't care about the version right now :-) */
-    M_ASN1_D2I_get_x(ASN1_INTEGER, aip, d2i_ASN1_INTEGER);
-    ssl_version = (int)ASN1_INTEGER_get(aip);
-    ret->ssl_version = ssl_version;
-    if (ai.data != NULL) {
-        OPENSSL_free(ai.data);
-        ai.data = NULL;
-        ai.length = 0;
+    if ((as->ssl_version >> 8) != SSL3_VERSION_MAJOR
+        && (as->ssl_version >> 8) != DTLS1_VERSION_MAJOR
+        && as->ssl_version != DTLS1_BAD_VER) {
+        SSLerr(SSL_F_D2I_SSL_SESSION, SSL_R_UNSUPPORTED_SSL_VERSION);
+        goto err;
     }
 
-    os.data = NULL;
-    os.length = 0;
-    M_ASN1_D2I_get_x(ASN1_OCTET_STRING, osp, d2i_ASN1_OCTET_STRING);
-    if (ssl_version == SSL2_VERSION) {
-        if (os.length != 3) {
-            c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH;
-            c.line = __LINE__;
-            goto err;
-        }
-        id = 0x02000000L |
-            ((unsigned long)os.data[0] << 16L) |
-            ((unsigned long)os.data[1] << 8L) | (unsigned long)os.data[2];
-    } else if ((ssl_version >> 8) == SSL3_VERSION_MAJOR
-        || (ssl_version >> 8) == DTLS1_VERSION_MAJOR
-        || ssl_version == DTLS1_BAD_VER) {
-        if (os.length != 2) {
-            c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH;
-            c.line = __LINE__;
-            goto err;
-        }
-        id = 0x03000000L |
-            ((unsigned long)os.data[0] << 8L) | (unsigned long)os.data[1];
-    } else {
-        c.error = SSL_R_UNKNOWN_SSL_VERSION;
-        c.line = __LINE__;
+    ret->ssl_version = (int)as->ssl_version;
+
+    if (as->cipher->length != 2) {
+        SSLerr(SSL_F_D2I_SSL_SESSION, SSL_R_CIPHER_CODE_WRONG_LENGTH);
         goto err;
     }
 
-    ret->cipher = NULL;
+    id = 0x03000000L | ((unsigned long)as->cipher->data[0] << 8L)
+                     | (unsigned long)as->cipher->data[1];
+
     ret->cipher_id = id;
+    ret->cipher = ssl3_get_cipher_by_id(id);
+    if (ret->cipher == NULL)
+        goto err;
 
-    M_ASN1_D2I_get_x(ASN1_OCTET_STRING, osp, d2i_ASN1_OCTET_STRING);
-    if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR)
-        i = SSL3_MAX_SSL_SESSION_ID_LENGTH;
-    else                        /* if (ssl_version>>8 == SSL2_VERSION_MAJOR) */
-        i = SSL2_MAX_SSL_SESSION_ID_LENGTH;
+    if (!ssl_session_memcpy(ret->session_id, &ret->session_id_length,
+                            as->session_id, SSL3_MAX_SSL_SESSION_ID_LENGTH))
+        goto err;
 
-    if (os.length > i)
-        os.length = i;
-    if (os.length > (int)sizeof(ret->session_id)) /* can't happen */
-        os.length = sizeof(ret->session_id);
+    if (!ssl_session_memcpy(ret->master_key, &tmpl,
+                            as->master_key, TLS13_MAX_RESUMPTION_PSK_LENGTH))
+        goto err;
 
-    ret->session_id_length = os.length;
-    OPENSSL_assert(os.length <= (int)sizeof(ret->session_id));
-    memcpy(ret->session_id, os.data, os.length);
+    ret->master_key_length = tmpl;
 
-    M_ASN1_D2I_get_x(ASN1_OCTET_STRING, osp, d2i_ASN1_OCTET_STRING);
-    if (os.length > SSL_MAX_MASTER_KEY_LENGTH)
-        ret->master_key_length = SSL_MAX_MASTER_KEY_LENGTH;
+    if (as->time != 0)
+        ret->time = (long)as->time;
     else
-        ret->master_key_length = os.length;
-    memcpy(ret->master_key, os.data, ret->master_key_length);
-
-    os.length = 0;
-
-#ifndef OPENSSL_NO_KRB5
-    os.length = 0;
-    M_ASN1_D2I_get_opt(osp, d2i_ASN1_OCTET_STRING, V_ASN1_OCTET_STRING);
-    if (os.data) {
-        if (os.length > SSL_MAX_KRB5_PRINCIPAL_LENGTH)
-            ret->krb5_client_princ_len = 0;
-        else
-            ret->krb5_client_princ_len = os.length;
-        memcpy(ret->krb5_client_princ, os.data, ret->krb5_client_princ_len);
-        OPENSSL_free(os.data);
-        os.data = NULL;
-        os.length = 0;
-    } else
-        ret->krb5_client_princ_len = 0;
-#endif                          /* OPENSSL_NO_KRB5 */
-
-    M_ASN1_D2I_get_IMP_opt(osp, d2i_ASN1_OCTET_STRING, 0,
-                           V_ASN1_OCTET_STRING);
-    if (os.length > SSL_MAX_KEY_ARG_LENGTH)
-        ret->key_arg_length = SSL_MAX_KEY_ARG_LENGTH;
+        ret->time = (long)time(NULL);
+
+    if (as->timeout != 0)
+        ret->timeout = (long)as->timeout;
     else
-        ret->key_arg_length = os.length;
-    memcpy(ret->key_arg, os.data, ret->key_arg_length);
-    if (os.data != NULL)
-        OPENSSL_free(os.data);
-
-    ai.length = 0;
-    M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 1);
-    if (ai.data != NULL) {
-        ret->time = ASN1_INTEGER_get(aip);
-        OPENSSL_free(ai.data);
-        ai.data = NULL;
-        ai.length = 0;
-    } else
-        ret->time = (unsigned long)time(NULL);
-
-    ai.length = 0;
-    M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 2);
-    if (ai.data != NULL) {
-        ret->timeout = ASN1_INTEGER_get(aip);
-        OPENSSL_free(ai.data);
-        ai.data = NULL;
-        ai.length = 0;
-    } else
         ret->timeout = 3;
 
-    if (ret->peer != NULL) {
-        X509_free(ret->peer);
-        ret->peer = NULL;
-    }
-    M_ASN1_D2I_get_EXP_opt(ret->peer, d2i_X509, 3);
-
-    os.length = 0;
-    os.data = NULL;
-    M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 4);
-
-    if (os.data != NULL) {
-        if (os.length > SSL_MAX_SID_CTX_LENGTH) {
-            c.error = SSL_R_BAD_LENGTH;
-            c.line = __LINE__;
-            OPENSSL_free(os.data);
-            os.data = NULL;
-            os.length = 0;
-            goto err;
-        } else {
-            ret->sid_ctx_length = os.length;
-            memcpy(ret->sid_ctx, os.data, os.length);
-        }
-        OPENSSL_free(os.data);
-        os.data = NULL;
-        os.length = 0;
-    } else
-        ret->sid_ctx_length = 0;
-
-    ai.length = 0;
-    M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 5);
-    if (ai.data != NULL) {
-        ret->verify_result = ASN1_INTEGER_get(aip);
-        OPENSSL_free(ai.data);
-        ai.data = NULL;
-        ai.length = 0;
-    } else
-        ret->verify_result = X509_V_OK;
-
-#ifndef OPENSSL_NO_TLSEXT
-    os.length = 0;
-    os.data = NULL;
-    M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 6);
-    if (os.data) {
-        ret->tlsext_hostname = BUF_strndup((char *)os.data, os.length);
-        OPENSSL_free(os.data);
-        os.data = NULL;
-        os.length = 0;
-    } else
-        ret->tlsext_hostname = NULL;
-#endif                          /* OPENSSL_NO_TLSEXT */
+    X509_free(ret->peer);
+    ret->peer = as->peer;
+    as->peer = NULL;
+
+    if (!ssl_session_memcpy(ret->sid_ctx, &ret->sid_ctx_length,
+                            as->session_id_context, SSL_MAX_SID_CTX_LENGTH))
+        goto err;
+
+    /* NB: this defaults to zero which is X509_V_OK */
+    ret->verify_result = as->verify_result;
+
+    if (!ssl_session_strndup(&ret->ext.hostname, as->tlsext_hostname))
+        goto err;
 
 #ifndef OPENSSL_NO_PSK
-    os.length = 0;
-    os.data = NULL;
-    M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 7);
-    if (os.data) {
-        ret->psk_identity_hint = BUF_strndup((char *)os.data, os.length);
-        OPENSSL_free(os.data);
-        os.data = NULL;
-        os.length = 0;
-    } else
-        ret->psk_identity_hint = NULL;
-
-    os.length = 0;
-    os.data = NULL;
-    M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 8);
-    if (os.data) {
-        ret->psk_identity = BUF_strndup((char *)os.data, os.length);
-        OPENSSL_free(os.data);
-        os.data = NULL;
-        os.length = 0;
-    } else
-        ret->psk_identity = NULL;
-#endif                          /* OPENSSL_NO_PSK */
+    if (!ssl_session_strndup(&ret->psk_identity_hint, as->psk_identity_hint))
+        goto err;
+    if (!ssl_session_strndup(&ret->psk_identity, as->psk_identity))
+        goto err;
+#endif
 
-#ifndef OPENSSL_NO_TLSEXT
-    ai.length = 0;
-    M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 9);
-    if (ai.data != NULL) {
-        ret->tlsext_tick_lifetime_hint = ASN1_INTEGER_get(aip);
-        OPENSSL_free(ai.data);
-        ai.data = NULL;
-        ai.length = 0;
-    } else if (ret->tlsext_ticklen && ret->session_id_length)
-        ret->tlsext_tick_lifetime_hint = -1;
-    else
-        ret->tlsext_tick_lifetime_hint = 0;
-    os.length = 0;
-    os.data = NULL;
-    M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 10);
-    if (os.data) {
-        ret->tlsext_tick = os.data;
-        ret->tlsext_ticklen = os.length;
-        os.data = NULL;
-        os.length = 0;
-    } else
-        ret->tlsext_tick = NULL;
-#endif                          /* OPENSSL_NO_TLSEXT */
+    ret->ext.tick_lifetime_hint = (unsigned long)as->tlsext_tick_lifetime_hint;
+    ret->ext.tick_age_add = as->tlsext_tick_age_add;
+    OPENSSL_free(ret->ext.tick);
+    if (as->tlsext_tick != NULL) {
+        ret->ext.tick = as->tlsext_tick->data;
+        ret->ext.ticklen = as->tlsext_tick->length;
+        as->tlsext_tick->data = NULL;
+    } else {
+        ret->ext.tick = NULL;
+    }
 #ifndef OPENSSL_NO_COMP
-    os.length = 0;
-    os.data = NULL;
-    M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 11);
-    if (os.data) {
-        ret->compress_meth = os.data[0];
-        OPENSSL_free(os.data);
-        os.data = NULL;
+    if (as->comp_id) {
+        if (as->comp_id->length != 1) {
+            SSLerr(SSL_F_D2I_SSL_SESSION, SSL_R_BAD_LENGTH);
+            goto err;
+        }
+        ret->compress_meth = as->comp_id->data[0];
+    } else {
+        ret->compress_meth = 0;
     }
 #endif
 
 #ifndef OPENSSL_NO_SRP
-    os.length = 0;
-    os.data = NULL;
-    M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 12);
-    if (os.data) {
-        ret->srp_username = BUF_strndup((char *)os.data, os.length);
-        OPENSSL_free(os.data);
-        os.data = NULL;
-        os.length = 0;
-    } else
-        ret->srp_username = NULL;
+    if (!ssl_session_strndup(&ret->srp_username, as->srp_username))
+        goto err;
 #endif                          /* OPENSSL_NO_SRP */
+    /* Flags defaults to zero which is fine */
+    ret->flags = (int32_t)as->flags;
+    ret->ext.max_early_data = as->max_early_data;
+
+    OPENSSL_free(ret->ext.alpn_selected);
+    if (as->alpn_selected != NULL) {
+        ret->ext.alpn_selected = as->alpn_selected->data;
+        ret->ext.alpn_selected_len = as->alpn_selected->length;
+        as->alpn_selected->data = NULL;
+    } else {
+        ret->ext.alpn_selected = NULL;
+        ret->ext.alpn_selected_len = 0;
+    }
+
+    ret->ext.max_fragment_len_mode = as->tlsext_max_fragment_len_mode;
+
+    OPENSSL_free(ret->ticket_appdata);
+    if (as->ticket_appdata != NULL) {
+        ret->ticket_appdata = as->ticket_appdata->data;
+        ret->ticket_appdata_len = as->ticket_appdata->length;
+        as->ticket_appdata->data = NULL;
+    } else {
+        ret->ticket_appdata = NULL;
+        ret->ticket_appdata_len = 0;
+    }
+
+    M_ASN1_free_of(as, SSL_SESSION_ASN1);
+
+    if ((a != NULL) && (*a == NULL))
+        *a = ret;
+    *pp = p;
+    return ret;
 
-    M_ASN1_D2I_Finish(a, SSL_SESSION_free, SSL_F_D2I_SSL_SESSION);
+ err:
+    M_ASN1_free_of(as, SSL_SESSION_ASN1);
+    if ((a == NULL) || (*a != ret))
+        SSL_SESSION_free(ret);
+    return NULL;
 }
diff --git a/freebsd/crypto/openssl/ssl/ssl_cert.c b/freebsd/crypto/openssl/ssl/ssl_cert.c
index 6becbd65..ab682bf8 100644
--- a/freebsd/crypto/openssl/ssl/ssl_cert.c
+++ b/freebsd/crypto/openssl/ssl/ssl_cert.c
@@ -1,292 +1,103 @@
 #include <machine/rtems-bsd-user-space.h>
 
 /*
- * ! \file ssl/ssl_cert.c
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
+#include <sys/types.h>
 
-#include "e_os.h"
-#ifndef NO_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-
-#include "o_dir.h"
-#include <openssl/objects.h>
+#include "internal/nelem.h"
+#include "internal/o_dir.h"
 #include <openssl/bio.h>
 #include <openssl/pem.h>
 #include <openssl/x509v3.h>
-#ifndef OPENSSL_NO_DH
-# include <openssl/dh.h>
-#endif
+#include <openssl/dh.h>
 #include <openssl/bn.h>
+#include <openssl/crypto.h>
+#include "internal/refcount.h"
 #include "ssl_locl.h"
+#include "ssl_cert_table.h"
+#include "internal/thread_once.h"
 
-int SSL_get_ex_data_X509_STORE_CTX_idx(void)
-{
-    static volatile int ssl_x509_store_ctx_idx = -1;
-    int got_write_lock = 0;
-
-    if (((size_t)&ssl_x509_store_ctx_idx &
-         (sizeof(ssl_x509_store_ctx_idx) - 1))
-        == 0) {                 /* check alignment, practically always true */
-        int ret;
-
-        if ((ret = ssl_x509_store_ctx_idx) < 0) {
-            CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
-            if ((ret = ssl_x509_store_ctx_idx) < 0) {
-                ret = ssl_x509_store_ctx_idx =
-                    X509_STORE_CTX_get_ex_new_index(0,
-                                                    "SSL for verify callback",
-                                                    NULL, NULL, NULL);
-            }
-            CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
-        }
+static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
+                                         int op, int bits, int nid, void *other,
+                                         void *ex);
 
-        return ret;
-    } else {                    /* commonly eliminated */
+static CRYPTO_ONCE ssl_x509_store_ctx_once = CRYPTO_ONCE_STATIC_INIT;
+static volatile int ssl_x509_store_ctx_idx = -1;
 
-        CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
-
-        if (ssl_x509_store_ctx_idx < 0) {
-            CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
-            CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
-            got_write_lock = 1;
-
-            if (ssl_x509_store_ctx_idx < 0) {
-                ssl_x509_store_ctx_idx =
-                    X509_STORE_CTX_get_ex_new_index(0,
-                                                    "SSL for verify callback",
-                                                    NULL, NULL, NULL);
-            }
-        }
-
-        if (got_write_lock)
-            CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
-        else
-            CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
-
-        return ssl_x509_store_ctx_idx;
-    }
+DEFINE_RUN_ONCE_STATIC(ssl_x509_store_ctx_init)
+{
+    ssl_x509_store_ctx_idx = X509_STORE_CTX_get_ex_new_index(0,
+                                                             "SSL for verify callback",
+                                                             NULL, NULL, NULL);
+    return ssl_x509_store_ctx_idx >= 0;
 }
 
-void ssl_cert_set_default_md(CERT *cert)
+int SSL_get_ex_data_X509_STORE_CTX_idx(void)
 {
-    /* Set digest values to defaults */
-#ifndef OPENSSL_NO_DSA
-    cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1();
-#endif
-#ifndef OPENSSL_NO_RSA
-    cert->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();
-    cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
-#endif
-#ifndef OPENSSL_NO_ECDSA
-    cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
-#endif
+
+    if (!RUN_ONCE(&ssl_x509_store_ctx_once, ssl_x509_store_ctx_init))
+        return -1;
+    return ssl_x509_store_ctx_idx;
 }
 
 CERT *ssl_cert_new(void)
 {
-    CERT *ret;
+    CERT *ret = OPENSSL_zalloc(sizeof(*ret));
 
-    ret = (CERT *)OPENSSL_malloc(sizeof(CERT));
     if (ret == NULL) {
         SSLerr(SSL_F_SSL_CERT_NEW, ERR_R_MALLOC_FAILURE);
-        return (NULL);
+        return NULL;
     }
-    memset(ret, 0, sizeof(CERT));
 
-    ret->key = &(ret->pkeys[SSL_PKEY_RSA_ENC]);
+    ret->key = &(ret->pkeys[SSL_PKEY_RSA]);
     ret->references = 1;
-    ssl_cert_set_default_md(ret);
-    return (ret);
+    ret->sec_cb = ssl_security_default_callback;
+    ret->sec_level = OPENSSL_TLS_SECURITY_LEVEL;
+    ret->sec_ex = NULL;
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        SSLerr(SSL_F_SSL_CERT_NEW, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+
+    return ret;
 }
 
 CERT *ssl_cert_dup(CERT *cert)
 {
-    CERT *ret;
+    CERT *ret = OPENSSL_zalloc(sizeof(*ret));
     int i;
 
-    ret = (CERT *)OPENSSL_malloc(sizeof(CERT));
     if (ret == NULL) {
         SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
-        return (NULL);
+        return NULL;
     }
 
-    memset(ret, 0, sizeof(CERT));
-
     ret->references = 1;
-    ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]];
-    /*
-     * or ret->key = ret->pkeys + (cert->key - cert->pkeys), if you find that
-     * more readable
-     */
-
-    ret->valid = cert->valid;
-    ret->mask_k = cert->mask_k;
-    ret->mask_a = cert->mask_a;
-    ret->export_mask_k = cert->export_mask_k;
-    ret->export_mask_a = cert->export_mask_a;
-
-#ifndef OPENSSL_NO_RSA
-    if (cert->rsa_tmp != NULL) {
-        RSA_up_ref(cert->rsa_tmp);
-        ret->rsa_tmp = cert->rsa_tmp;
+    ret->key = &ret->pkeys[cert->key - cert->pkeys];
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
     }
-    ret->rsa_tmp_cb = cert->rsa_tmp_cb;
-#endif
-
 #ifndef OPENSSL_NO_DH
     if (cert->dh_tmp != NULL) {
-        ret->dh_tmp = DHparams_dup(cert->dh_tmp);
-        if (ret->dh_tmp == NULL) {
-            SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_DH_LIB);
-            goto err;
-        }
-        if (cert->dh_tmp->priv_key) {
-            BIGNUM *b = BN_dup(cert->dh_tmp->priv_key);
-            if (!b) {
-                SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB);
-                goto err;
-            }
-            ret->dh_tmp->priv_key = b;
-        }
-        if (cert->dh_tmp->pub_key) {
-            BIGNUM *b = BN_dup(cert->dh_tmp->pub_key);
-            if (!b) {
-                SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB);
-                goto err;
-            }
-            ret->dh_tmp->pub_key = b;
-        }
+        ret->dh_tmp = cert->dh_tmp;
+        EVP_PKEY_up_ref(ret->dh_tmp);
     }
     ret->dh_tmp_cb = cert->dh_tmp_cb;
-#endif
-
-#ifndef OPENSSL_NO_ECDH
-    if (cert->ecdh_tmp) {
-        ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp);
-        if (ret->ecdh_tmp == NULL) {
-            SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_EC_LIB);
-            goto err;
-        }
-    }
-    ret->ecdh_tmp_cb = cert->ecdh_tmp_cb;
-    ret->ecdh_tmp_auto = cert->ecdh_tmp_auto;
+    ret->dh_tmp_auto = cert->dh_tmp_auto;
 #endif
 
     for (i = 0; i < SSL_PKEY_NUM; i++) {
@@ -294,12 +105,12 @@ CERT *ssl_cert_dup(CERT *cert)
         CERT_PKEY *rpk = ret->pkeys + i;
         if (cpk->x509 != NULL) {
             rpk->x509 = cpk->x509;
-            CRYPTO_add(&rpk->x509->references, 1, CRYPTO_LOCK_X509);
+            X509_up_ref(rpk->x509);
         }
 
         if (cpk->privatekey != NULL) {
             rpk->privatekey = cpk->privatekey;
-            CRYPTO_add(&cpk->privatekey->references, 1, CRYPTO_LOCK_EVP_PKEY);
+            EVP_PKEY_up_ref(cpk->privatekey);
         }
 
         if (cpk->chain) {
@@ -309,8 +120,6 @@ CERT *ssl_cert_dup(CERT *cert)
                 goto err;
             }
         }
-        rpk->valid_flags = 0;
-#ifndef OPENSSL_NO_TLSEXT
         if (cert->pkeys[i].serverinfo != NULL) {
             /* Just copy everything. */
             ret->pkeys[i].serverinfo =
@@ -319,52 +128,42 @@ CERT *ssl_cert_dup(CERT *cert)
                 SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
                 goto err;
             }
-            ret->pkeys[i].serverinfo_length =
-                cert->pkeys[i].serverinfo_length;
+            ret->pkeys[i].serverinfo_length = cert->pkeys[i].serverinfo_length;
             memcpy(ret->pkeys[i].serverinfo,
-                   cert->pkeys[i].serverinfo,
-                   cert->pkeys[i].serverinfo_length);
+                   cert->pkeys[i].serverinfo, cert->pkeys[i].serverinfo_length);
         }
-#endif
     }
 
-    /*
-     * Set digests to defaults. NB: we don't copy existing values as they
-     * will be set during handshake.
-     */
-    ssl_cert_set_default_md(ret);
-    /* Peer sigalgs set to NULL as we get these from handshake too */
-    ret->peer_sigalgs = NULL;
-    ret->peer_sigalgslen = 0;
-    /* Configured sigalgs however we copy across */
-
+    /* Configured sigalgs copied across */
     if (cert->conf_sigalgs) {
-        ret->conf_sigalgs = OPENSSL_malloc(cert->conf_sigalgslen);
-        if (!ret->conf_sigalgs)
+        ret->conf_sigalgs = OPENSSL_malloc(cert->conf_sigalgslen
+                                           * sizeof(*cert->conf_sigalgs));
+        if (ret->conf_sigalgs == NULL)
             goto err;
-        memcpy(ret->conf_sigalgs, cert->conf_sigalgs, cert->conf_sigalgslen);
+        memcpy(ret->conf_sigalgs, cert->conf_sigalgs,
+               cert->conf_sigalgslen * sizeof(*cert->conf_sigalgs));
         ret->conf_sigalgslen = cert->conf_sigalgslen;
     } else
         ret->conf_sigalgs = NULL;
 
     if (cert->client_sigalgs) {
-        ret->client_sigalgs = OPENSSL_malloc(cert->client_sigalgslen);
-        if (!ret->client_sigalgs)
+        ret->client_sigalgs = OPENSSL_malloc(cert->client_sigalgslen
+                                             * sizeof(*cert->client_sigalgs));
+        if (ret->client_sigalgs == NULL)
             goto err;
         memcpy(ret->client_sigalgs, cert->client_sigalgs,
-               cert->client_sigalgslen);
+               cert->client_sigalgslen * sizeof(*cert->client_sigalgs));
         ret->client_sigalgslen = cert->client_sigalgslen;
     } else
         ret->client_sigalgs = NULL;
     /* Shared sigalgs also NULL */
     ret->shared_sigalgs = NULL;
     /* Copy any custom client certificate types */
-    if (cert->ctypes) {
-        ret->ctypes = OPENSSL_malloc(cert->ctype_num);
-        if (!ret->ctypes)
+    if (cert->ctype) {
+        ret->ctype = OPENSSL_memdup(cert->ctype, cert->ctype_len);
+        if (ret->ctype == NULL)
             goto err;
-        memcpy(ret->ctypes, cert->ctypes, cert->ctype_num);
-        ret->ctype_num = cert->ctype_num;
+        ret->ctype_len = cert->ctype_len;
     }
 
     ret->cert_flags = cert->cert_flags;
@@ -373,48 +172,32 @@ CERT *ssl_cert_dup(CERT *cert)
     ret->cert_cb_arg = cert->cert_cb_arg;
 
     if (cert->verify_store) {
-        CRYPTO_add(&cert->verify_store->references, 1,
-                   CRYPTO_LOCK_X509_STORE);
+        X509_STORE_up_ref(cert->verify_store);
         ret->verify_store = cert->verify_store;
     }
 
     if (cert->chain_store) {
-        CRYPTO_add(&cert->chain_store->references, 1, CRYPTO_LOCK_X509_STORE);
+        X509_STORE_up_ref(cert->chain_store);
         ret->chain_store = cert->chain_store;
     }
 
-    ret->ciphers_raw = NULL;
+    ret->sec_cb = cert->sec_cb;
+    ret->sec_level = cert->sec_level;
+    ret->sec_ex = cert->sec_ex;
 
-#ifndef OPENSSL_NO_TLSEXT
-    if (!custom_exts_copy(&ret->cli_ext, &cert->cli_ext))
-        goto err;
-    if (!custom_exts_copy(&ret->srv_ext, &cert->srv_ext))
+    if (!custom_exts_copy(&ret->custext, &cert->custext))
         goto err;
+#ifndef OPENSSL_NO_PSK
+    if (cert->psk_identity_hint) {
+        ret->psk_identity_hint = OPENSSL_strdup(cert->psk_identity_hint);
+        if (ret->psk_identity_hint == NULL)
+            goto err;
+    }
 #endif
-
-    return (ret);
+    return ret;
 
  err:
-#ifndef OPENSSL_NO_RSA
-    if (ret->rsa_tmp != NULL)
-        RSA_free(ret->rsa_tmp);
-#endif
-#ifndef OPENSSL_NO_DH
-    if (ret->dh_tmp != NULL)
-        DH_free(ret->dh_tmp);
-#endif
-#ifndef OPENSSL_NO_ECDH
-    if (ret->ecdh_tmp != NULL)
-        EC_KEY_free(ret->ecdh_tmp);
-#endif
-
-#ifndef OPENSSL_NO_TLSEXT
-    custom_exts_free(&ret->cli_ext);
-    custom_exts_free(&ret->srv_ext);
-#endif
-
-    ssl_cert_clear_certs(ret);
-    OPENSSL_free(ret);
+    ssl_cert_free(ret);
 
     return NULL;
 }
@@ -428,27 +211,15 @@ void ssl_cert_clear_certs(CERT *c)
         return;
     for (i = 0; i < SSL_PKEY_NUM; i++) {
         CERT_PKEY *cpk = c->pkeys + i;
-        if (cpk->x509) {
-            X509_free(cpk->x509);
-            cpk->x509 = NULL;
-        }
-        if (cpk->privatekey) {
-            EVP_PKEY_free(cpk->privatekey);
-            cpk->privatekey = NULL;
-        }
-        if (cpk->chain) {
-            sk_X509_pop_free(cpk->chain, X509_free);
-            cpk->chain = NULL;
-        }
-#ifndef OPENSSL_NO_TLSEXT
-        if (cpk->serverinfo) {
-            OPENSSL_free(cpk->serverinfo);
-            cpk->serverinfo = NULL;
-            cpk->serverinfo_length = 0;
-        }
-#endif
-        /* Clear all flags apart from explicit sign */
-        cpk->valid_flags &= CERT_PKEY_EXPLICIT_SIGN;
+        X509_free(cpk->x509);
+        cpk->x509 = NULL;
+        EVP_PKEY_free(cpk->privatekey);
+        cpk->privatekey = NULL;
+        sk_X509_pop_free(cpk->chain, X509_free);
+        cpk->chain = NULL;
+        OPENSSL_free(cpk->serverinfo);
+        cpk->serverinfo = NULL;
+        cpk->serverinfo_length = 0;
     }
 }
 
@@ -458,115 +229,75 @@ void ssl_cert_free(CERT *c)
 
     if (c == NULL)
         return;
-
-    i = CRYPTO_add(&c->references, -1, CRYPTO_LOCK_SSL_CERT);
-#ifdef REF_PRINT
-    REF_PRINT("CERT", c);
-#endif
+    CRYPTO_DOWN_REF(&c->references, &i, c->lock);
+    REF_PRINT_COUNT("CERT", c);
     if (i > 0)
         return;
-#ifdef REF_CHECK
-    if (i < 0) {
-        fprintf(stderr, "ssl_cert_free, bad reference count\n");
-        abort();                /* ok */
-    }
-#endif
+    REF_ASSERT_ISNT(i < 0);
 
-#ifndef OPENSSL_NO_RSA
-    if (c->rsa_tmp)
-        RSA_free(c->rsa_tmp);
-#endif
 #ifndef OPENSSL_NO_DH
-    if (c->dh_tmp)
-        DH_free(c->dh_tmp);
-#endif
-#ifndef OPENSSL_NO_ECDH
-    if (c->ecdh_tmp)
-        EC_KEY_free(c->ecdh_tmp);
+    EVP_PKEY_free(c->dh_tmp);
 #endif
 
     ssl_cert_clear_certs(c);
-    if (c->peer_sigalgs)
-        OPENSSL_free(c->peer_sigalgs);
-    if (c->conf_sigalgs)
-        OPENSSL_free(c->conf_sigalgs);
-    if (c->client_sigalgs)
-        OPENSSL_free(c->client_sigalgs);
-    if (c->shared_sigalgs)
-        OPENSSL_free(c->shared_sigalgs);
-    if (c->ctypes)
-        OPENSSL_free(c->ctypes);
-    if (c->verify_store)
-        X509_STORE_free(c->verify_store);
-    if (c->chain_store)
-        X509_STORE_free(c->chain_store);
-    if (c->ciphers_raw)
-        OPENSSL_free(c->ciphers_raw);
-#ifndef OPENSSL_NO_TLSEXT
-    custom_exts_free(&c->cli_ext);
-    custom_exts_free(&c->srv_ext);
-    if (c->alpn_proposed)
-        OPENSSL_free(c->alpn_proposed);
+    OPENSSL_free(c->conf_sigalgs);
+    OPENSSL_free(c->client_sigalgs);
+    OPENSSL_free(c->shared_sigalgs);
+    OPENSSL_free(c->ctype);
+    X509_STORE_free(c->verify_store);
+    X509_STORE_free(c->chain_store);
+    custom_exts_free(&c->custext);
+#ifndef OPENSSL_NO_PSK
+    OPENSSL_free(c->psk_identity_hint);
 #endif
+    CRYPTO_THREAD_lock_free(c->lock);
     OPENSSL_free(c);
 }
 
-int ssl_cert_inst(CERT **o)
-{
-    /*
-     * Create a CERT if there isn't already one (which cannot really happen,
-     * as it is initially created in SSL_CTX_new; but the earlier code
-     * usually allows for that one being non-existant, so we follow that
-     * behaviour, as it might turn out that there actually is a reason for it
-     * -- but I'm not sure that *all* of the existing code could cope with
-     * s->cert being NULL, otherwise we could do without the initialization
-     * in SSL_CTX_new).
-     */
-
-    if (o == NULL) {
-        SSLerr(SSL_F_SSL_CERT_INST, ERR_R_PASSED_NULL_PARAMETER);
-        return (0);
-    }
-    if (*o == NULL) {
-        if ((*o = ssl_cert_new()) == NULL) {
-            SSLerr(SSL_F_SSL_CERT_INST, ERR_R_MALLOC_FAILURE);
-            return (0);
-        }
-    }
-    return (1);
-}
-
-int ssl_cert_set0_chain(CERT *c, STACK_OF(X509) *chain)
+int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain)
 {
-    CERT_PKEY *cpk = c->key;
+    int i, r;
+    CERT_PKEY *cpk = s ? s->cert->key : ctx->cert->key;
     if (!cpk)
         return 0;
-    if (cpk->chain)
-        sk_X509_pop_free(cpk->chain, X509_free);
+    for (i = 0; i < sk_X509_num(chain); i++) {
+        r = ssl_security_cert(s, ctx, sk_X509_value(chain, i), 0, 0);
+        if (r != 1) {
+            SSLerr(SSL_F_SSL_CERT_SET0_CHAIN, r);
+            return 0;
+        }
+    }
+    sk_X509_pop_free(cpk->chain, X509_free);
     cpk->chain = chain;
     return 1;
 }
 
-int ssl_cert_set1_chain(CERT *c, STACK_OF(X509) *chain)
+int ssl_cert_set1_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain)
 {
     STACK_OF(X509) *dchain;
     if (!chain)
-        return ssl_cert_set0_chain(c, NULL);
+        return ssl_cert_set0_chain(s, ctx, NULL);
     dchain = X509_chain_up_ref(chain);
     if (!dchain)
         return 0;
-    if (!ssl_cert_set0_chain(c, dchain)) {
+    if (!ssl_cert_set0_chain(s, ctx, dchain)) {
         sk_X509_pop_free(dchain, X509_free);
         return 0;
     }
     return 1;
 }
 
-int ssl_cert_add0_chain_cert(CERT *c, X509 *x)
+int ssl_cert_add0_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x)
 {
-    CERT_PKEY *cpk = c->key;
+    int r;
+    CERT_PKEY *cpk = s ? s->cert->key : ctx->cert->key;
     if (!cpk)
         return 0;
+    r = ssl_security_cert(s, ctx, x, 0, 0);
+    if (r != 1) {
+        SSLerr(SSL_F_SSL_CERT_ADD0_CHAIN_CERT, r);
+        return 0;
+    }
     if (!cpk->chain)
         cpk->chain = sk_X509_new_null();
     if (!cpk->chain || !sk_X509_push(cpk->chain, x))
@@ -574,11 +305,11 @@ int ssl_cert_add0_chain_cert(CERT *c, X509 *x)
     return 1;
 }
 
-int ssl_cert_add1_chain_cert(CERT *c, X509 *x)
+int ssl_cert_add1_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x)
 {
-    if (!ssl_cert_add0_chain_cert(c, x))
+    if (!ssl_cert_add0_chain_cert(s, ctx, x))
         return 0;
-    CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
+    X509_up_ref(x);
     return 1;
 }
 
@@ -634,107 +365,51 @@ void ssl_cert_set_cert_cb(CERT *c, int (*cb) (SSL *ssl, void *arg), void *arg)
     c->cert_cb_arg = arg;
 }
 
-SESS_CERT *ssl_sess_cert_new(void)
-{
-    SESS_CERT *ret;
-
-    ret = OPENSSL_malloc(sizeof(*ret));
-    if (ret == NULL) {
-        SSLerr(SSL_F_SSL_SESS_CERT_NEW, ERR_R_MALLOC_FAILURE);
-        return NULL;
-    }
-
-    memset(ret, 0, sizeof(*ret));
-    ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]);
-    ret->references = 1;
-
-    return ret;
-}
-
-void ssl_sess_cert_free(SESS_CERT *sc)
-{
-    int i;
-
-    if (sc == NULL)
-        return;
-
-    i = CRYPTO_add(&sc->references, -1, CRYPTO_LOCK_SSL_SESS_CERT);
-#ifdef REF_PRINT
-    REF_PRINT("SESS_CERT", sc);
-#endif
-    if (i > 0)
-        return;
-#ifdef REF_CHECK
-    if (i < 0) {
-        fprintf(stderr, "ssl_sess_cert_free, bad reference count\n");
-        abort();                /* ok */
-    }
-#endif
-
-    /* i == 0 */
-    if (sc->cert_chain != NULL)
-        sk_X509_pop_free(sc->cert_chain, X509_free);
-    for (i = 0; i < SSL_PKEY_NUM; i++) {
-        if (sc->peer_pkeys[i].x509 != NULL)
-            X509_free(sc->peer_pkeys[i].x509);
-#if 0                           /* We don't have the peer's private key.
-                                 * These lines are just * here as a reminder
-                                 * that we're still using a
-                                 * not-quite-appropriate * data structure. */
-        if (sc->peer_pkeys[i].privatekey != NULL)
-            EVP_PKEY_free(sc->peer_pkeys[i].privatekey);
-#endif
-    }
-
-#ifndef OPENSSL_NO_RSA
-    if (sc->peer_rsa_tmp != NULL)
-        RSA_free(sc->peer_rsa_tmp);
-#endif
-#ifndef OPENSSL_NO_DH
-    if (sc->peer_dh_tmp != NULL)
-        DH_free(sc->peer_dh_tmp);
-#endif
-#ifndef OPENSSL_NO_ECDH
-    if (sc->peer_ecdh_tmp != NULL)
-        EC_KEY_free(sc->peer_ecdh_tmp);
-#endif
-
-    OPENSSL_free(sc);
-}
-
-int ssl_set_peer_cert_type(SESS_CERT *sc, int type)
-{
-    sc->peer_cert_type = type;
-    return (1);
-}
-
 int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk)
 {
     X509 *x;
-    int i;
+    int i = 0;
     X509_STORE *verify_store;
-    X509_STORE_CTX ctx;
+    X509_STORE_CTX *ctx = NULL;
+    X509_VERIFY_PARAM *param;
+
+    if ((sk == NULL) || (sk_X509_num(sk) == 0))
+        return 0;
 
     if (s->cert->verify_store)
         verify_store = s->cert->verify_store;
     else
         verify_store = s->ctx->cert_store;
 
-    if ((sk == NULL) || (sk_X509_num(sk) == 0))
-        return (0);
+    ctx = X509_STORE_CTX_new();
+    if (ctx == NULL) {
+        SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
 
     x = sk_X509_value(sk, 0);
-    if (!X509_STORE_CTX_init(&ctx, verify_store, x, sk)) {
+    if (!X509_STORE_CTX_init(ctx, verify_store, x, sk)) {
         SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, ERR_R_X509_LIB);
-        return (0);
+        goto end;
     }
+    param = X509_STORE_CTX_get0_param(ctx);
+    /*
+     * XXX: Separate @AUTHSECLEVEL and @TLSSECLEVEL would be useful at some
+     * point, for now a single @SECLEVEL sets the same policy for TLS crypto
+     * and PKI authentication.
+     */
+    X509_VERIFY_PARAM_set_auth_level(param, SSL_get_security_level(s));
+
     /* Set suite B flags if needed */
-    X509_STORE_CTX_set_flags(&ctx, tls1_suiteb(s));
-#if 0
-    if (SSL_get_verify_depth(s) >= 0)
-        X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s));
-#endif
-    X509_STORE_CTX_set_ex_data(&ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s);
+    X509_STORE_CTX_set_flags(ctx, tls1_suiteb(s));
+    if (!X509_STORE_CTX_set_ex_data
+        (ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s)) {
+        goto end;
+    }
+
+    /* Verify via DANE if enabled */
+    if (DANETLS_ENABLED(&s->dane))
+        X509_STORE_CTX_set0_dane(ctx, &s->dane);
 
     /*
      * We need to inherit the verify parameters. These can be determined by
@@ -742,128 +417,194 @@ int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk)
      * vice versa.
      */
 
-    X509_STORE_CTX_set_default(&ctx, s->server ? "ssl_client" : "ssl_server");
+    X509_STORE_CTX_set_default(ctx, s->server ? "ssl_client" : "ssl_server");
     /*
-     * Anything non-default in "param" should overwrite anything in the ctx.
+     * Anything non-default in "s->param" should overwrite anything in the ctx.
      */
-    X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(&ctx), s->param);
+    X509_VERIFY_PARAM_set1(param, s->param);
 
     if (s->verify_callback)
-        X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback);
+        X509_STORE_CTX_set_verify_cb(ctx, s->verify_callback);
 
     if (s->ctx->app_verify_callback != NULL)
-#if 1                           /* new with OpenSSL 0.9.7 */
-        i = s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg);
-#else
-        i = s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */
-#endif
-    else {
-#ifndef OPENSSL_NO_X509_VERIFY
-        i = X509_verify_cert(&ctx);
-#else
-        i = 0;
-        ctx.error = X509_V_ERR_APPLICATION_VERIFICATION;
-        SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, SSL_R_NO_VERIFY_CALLBACK);
-#endif
+        i = s->ctx->app_verify_callback(ctx, s->ctx->app_verify_arg);
+    else
+        i = X509_verify_cert(ctx);
+
+    s->verify_result = X509_STORE_CTX_get_error(ctx);
+    sk_X509_pop_free(s->verified_chain, X509_free);
+    s->verified_chain = NULL;
+    if (X509_STORE_CTX_get0_chain(ctx) != NULL) {
+        s->verified_chain = X509_STORE_CTX_get1_chain(ctx);
+        if (s->verified_chain == NULL) {
+            SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, ERR_R_MALLOC_FAILURE);
+            i = 0;
+        }
     }
 
-    s->verify_result = ctx.error;
-    X509_STORE_CTX_cleanup(&ctx);
+    /* Move peername from the store context params to the SSL handle's */
+    X509_VERIFY_PARAM_move_peername(s->param, param);
 
-    return (i);
+ end:
+    X509_STORE_CTX_free(ctx);
+    return i;
 }
 
-static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,
-                               STACK_OF(X509_NAME) *name_list)
+static void set0_CA_list(STACK_OF(X509_NAME) **ca_list,
+                        STACK_OF(X509_NAME) *name_list)
 {
-    if (*ca_list != NULL)
-        sk_X509_NAME_pop_free(*ca_list, X509_NAME_free);
-
+    sk_X509_NAME_pop_free(*ca_list, X509_NAME_free);
     *ca_list = name_list;
 }
 
-STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
+STACK_OF(X509_NAME) *SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk)
 {
     int i;
+    const int num = sk_X509_NAME_num(sk);
     STACK_OF(X509_NAME) *ret;
     X509_NAME *name;
 
-    ret = sk_X509_NAME_new_null();
-    for (i = 0; i < sk_X509_NAME_num(sk); i++) {
+    ret = sk_X509_NAME_new_reserve(NULL, num);
+    if (ret == NULL) {
+        SSLerr(SSL_F_SSL_DUP_CA_LIST, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    for (i = 0; i < num; i++) {
         name = X509_NAME_dup(sk_X509_NAME_value(sk, i));
-        if ((name == NULL) || !sk_X509_NAME_push(ret, name)) {
+        if (name == NULL) {
+            SSLerr(SSL_F_SSL_DUP_CA_LIST, ERR_R_MALLOC_FAILURE);
             sk_X509_NAME_pop_free(ret, X509_NAME_free);
-            return (NULL);
+            return NULL;
         }
+        sk_X509_NAME_push(ret, name);   /* Cannot fail after reserve call */
     }
-    return (ret);
+    return ret;
 }
 
-void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list)
+void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list)
 {
-    set_client_CA_list(&(s->client_CA), name_list);
+    set0_CA_list(&s->ca_names, name_list);
+}
+
+void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list)
+{
+    set0_CA_list(&ctx->ca_names, name_list);
+}
+
+const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx)
+{
+    return ctx->ca_names;
+}
+
+const STACK_OF(X509_NAME) *SSL_get0_CA_list(const SSL *s)
+{
+    return s->ca_names != NULL ? s->ca_names : s->ctx->ca_names;
 }
 
 void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list)
 {
-    set_client_CA_list(&(ctx->client_CA), name_list);
+    SSL_CTX_set0_CA_list(ctx, name_list);
 }
 
 STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx)
 {
-    return (ctx->client_CA);
+    return ctx->ca_names;
+}
+
+void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list)
+{
+    SSL_set0_CA_list(s, name_list);
+}
+
+const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s)
+{
+    return s->s3 != NULL ? s->s3->tmp.peer_ca_names : NULL;
 }
 
 STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s)
 {
-    if (s->type == SSL_ST_CONNECT) { /* we are in the client */
-        if (((s->version >> 8) == SSL3_VERSION_MAJOR) && (s->s3 != NULL))
-            return (s->s3->tmp.ca_names);
-        else
-            return (NULL);
-    } else {
-        if (s->client_CA != NULL)
-            return (s->client_CA);
-        else
-            return (s->ctx->client_CA);
-    }
+    if (!s->server)
+        return s->s3 != NULL ?  s->s3->tmp.peer_ca_names : NULL;
+    return s->ca_names != NULL ?  s->ca_names : s->ctx->ca_names;
 }
 
-static int add_client_CA(STACK_OF(X509_NAME) **sk, X509 *x)
+static int add_ca_name(STACK_OF(X509_NAME) **sk, const X509 *x)
 {
     X509_NAME *name;
 
     if (x == NULL)
-        return (0);
-    if ((*sk == NULL) && ((*sk = sk_X509_NAME_new_null()) == NULL))
-        return (0);
+        return 0;
+    if (*sk == NULL && ((*sk = sk_X509_NAME_new_null()) == NULL))
+        return 0;
 
     if ((name = X509_NAME_dup(X509_get_subject_name(x))) == NULL)
-        return (0);
+        return 0;
 
     if (!sk_X509_NAME_push(*sk, name)) {
         X509_NAME_free(name);
-        return (0);
+        return 0;
     }
-    return (1);
+    return 1;
+}
+
+int SSL_add1_to_CA_list(SSL *ssl, const X509 *x)
+{
+    return add_ca_name(&ssl->ca_names, x);
 }
 
+int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x)
+{
+    return add_ca_name(&ctx->ca_names, x);
+}
+
+/*
+ * The following two are older names are to be replaced with
+ * SSL(_CTX)_add1_to_CA_list
+ */
 int SSL_add_client_CA(SSL *ssl, X509 *x)
 {
-    return (add_client_CA(&(ssl->client_CA), x));
+    return add_ca_name(&ssl->ca_names, x);
 }
 
 int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
 {
-    return (add_client_CA(&(ctx->client_CA), x));
+    return add_ca_name(&ctx->ca_names, x);
+}
+
+static int xname_cmp(const X509_NAME *a, const X509_NAME *b)
+{
+    unsigned char *abuf = NULL, *bbuf = NULL;
+    int alen, blen, ret;
+
+    /* X509_NAME_cmp() itself casts away constness in this way, so
+     * assume it's safe:
+     */
+    alen = i2d_X509_NAME((X509_NAME *)a, &abuf);
+    blen = i2d_X509_NAME((X509_NAME *)b, &bbuf);
+
+    if (alen < 0 || blen < 0)
+        ret = -2;
+    else if (alen != blen)
+        ret = alen - blen;
+    else /* alen == blen */
+        ret = memcmp(abuf, bbuf, alen);
+
+    OPENSSL_free(abuf);
+    OPENSSL_free(bbuf);
+
+    return ret;
+}
+
+static int xname_sk_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
+{
+    return xname_cmp(*a, *b);
 }
 
-static int xname_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
+static unsigned long xname_hash(const X509_NAME *a)
 {
-    return (X509_NAME_cmp(*a, *b));
+    return X509_NAME_hash((X509_NAME *)a);
 }
 
-#ifndef OPENSSL_NO_STDIO
 /**
  * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed;
  * it doesn't really have anything to do with clients (except that a common use
@@ -874,16 +615,13 @@ static int xname_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
  */
 STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
 {
-    BIO *in;
+    BIO *in = BIO_new(BIO_s_file());
     X509 *x = NULL;
     X509_NAME *xn = NULL;
-    STACK_OF(X509_NAME) *ret = NULL, *sk;
-
-    sk = sk_X509_NAME_new(xname_cmp);
-
-    in = BIO_new(BIO_s_file_internal());
+    STACK_OF(X509_NAME) *ret = NULL;
+    LHASH_OF(X509_NAME) *name_hash = lh_X509_NAME_new(xname_hash, xname_cmp);
 
-    if ((sk == NULL) || (in == NULL)) {
+    if ((name_hash == NULL) || (in == NULL)) {
         SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE, ERR_R_MALLOC_FAILURE);
         goto err;
     }
@@ -907,31 +645,30 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
         xn = X509_NAME_dup(xn);
         if (xn == NULL)
             goto err;
-        if (sk_X509_NAME_find(sk, xn) >= 0)
+        if (lh_X509_NAME_retrieve(name_hash, xn) != NULL) {
+            /* Duplicate. */
             X509_NAME_free(xn);
-        else {
-            sk_X509_NAME_push(sk, xn);
-            sk_X509_NAME_push(ret, xn);
+            xn = NULL;
+        } else {
+            lh_X509_NAME_insert(name_hash, xn);
+            if (!sk_X509_NAME_push(ret, xn))
+                goto err;
         }
     }
+    goto done;
 
-    if (0) {
  err:
-        if (ret != NULL)
-            sk_X509_NAME_pop_free(ret, X509_NAME_free);
-        ret = NULL;
-    }
-    if (sk != NULL)
-        sk_X509_NAME_free(sk);
-    if (in != NULL)
-        BIO_free(in);
-    if (x != NULL)
-        X509_free(x);
+    X509_NAME_free(xn);
+    sk_X509_NAME_pop_free(ret, X509_NAME_free);
+    ret = NULL;
+ done:
+    BIO_free(in);
+    X509_free(x);
+    lh_X509_NAME_free(name_hash);
     if (ret != NULL)
         ERR_clear_error();
-    return (ret);
+    return ret;
 }
-#endif
 
 /**
  * Add a file of certs to a stack.
@@ -951,13 +688,12 @@ int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
     int ret = 1;
     int (*oldcmp) (const X509_NAME *const *a, const X509_NAME *const *b);
 
-    oldcmp = sk_X509_NAME_set_cmp_func(stack, xname_cmp);
+    oldcmp = sk_X509_NAME_set_cmp_func(stack, xname_sk_cmp);
 
-    in = BIO_new(BIO_s_file_internal());
+    in = BIO_new(BIO_s_file());
 
     if (in == NULL) {
-        SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK,
-               ERR_R_MALLOC_FAILURE);
+        SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK, ERR_R_MALLOC_FAILURE);
         goto err;
     }
 
@@ -972,25 +708,24 @@ int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
         xn = X509_NAME_dup(xn);
         if (xn == NULL)
             goto err;
-        if (sk_X509_NAME_find(stack, xn) >= 0)
+        if (sk_X509_NAME_find(stack, xn) >= 0) {
+            /* Duplicate. */
             X509_NAME_free(xn);
-        else
-            sk_X509_NAME_push(stack, xn);
+        } else if (!sk_X509_NAME_push(stack, xn)) {
+            X509_NAME_free(xn);
+            goto err;
+        }
     }
 
     ERR_clear_error();
+    goto done;
 
-    if (0) {
  err:
-        ret = 0;
-    }
-    if (in != NULL)
-        BIO_free(in);
-    if (x != NULL)
-        X509_free(x);
-
+    ret = 0;
+ done:
+    BIO_free(in);
+    X509_free(x);
     (void)sk_X509_NAME_set_cmp_func(stack, oldcmp);
-
     return ret;
 }
 
@@ -1012,8 +747,6 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
     const char *filename;
     int ret = 0;
 
-    CRYPTO_w_lock(CRYPTO_LOCK_READDIR);
-
     /* Note that a side effect is that the CAs will be sorted by name */
 
     while ((filename = OPENSSL_DIR_read(&d, dir))) {
@@ -1048,117 +781,20 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
  err:
     if (d)
         OPENSSL_DIR_end(&d);
-    CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
-    return ret;
-}
-
-/* Add a certificate to a BUF_MEM structure */
-
-static int ssl_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
-{
-    int n;
-    unsigned char *p;
-
-    n = i2d_X509(x, NULL);
-    if (n < 0 || !BUF_MEM_grow_clean(buf, (int)(n + (*l) + 3))) {
-        SSLerr(SSL_F_SSL_ADD_CERT_TO_BUF, ERR_R_BUF_LIB);
-        return 0;
-    }
-    p = (unsigned char *)&(buf->data[*l]);
-    l2n3(n, p);
-    n = i2d_X509(x, &p);
-    if (n < 0) {
-        /* Shouldn't happen */
-        SSLerr(SSL_F_SSL_ADD_CERT_TO_BUF, ERR_R_BUF_LIB);
-        return 0;
-    }
-    *l += n + 3;
-
-    return 1;
-}
-
-/* Add certificate chain to internal SSL BUF_MEM strcuture */
-int ssl_add_cert_chain(SSL *s, CERT_PKEY *cpk, unsigned long *l)
-{
-    BUF_MEM *buf = s->init_buf;
-    int no_chain;
-    int i;
-
-    X509 *x;
-    STACK_OF(X509) *extra_certs;
-    X509_STORE *chain_store;
-
-    if (cpk)
-        x = cpk->x509;
-    else
-        x = NULL;
-
-    if (s->cert->chain_store)
-        chain_store = s->cert->chain_store;
-    else
-        chain_store = s->ctx->cert_store;
-
-    /*
-     * If we have a certificate specific chain use it, else use parent ctx.
-     */
-    if (cpk && cpk->chain)
-        extra_certs = cpk->chain;
-    else
-        extra_certs = s->ctx->extra_certs;
-
-    if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || extra_certs)
-        no_chain = 1;
-    else
-        no_chain = 0;
-
-    /* TLSv1 sends a chain with nothing in it, instead of an alert */
-    if (!BUF_MEM_grow_clean(buf, 10)) {
-        SSLerr(SSL_F_SSL_ADD_CERT_CHAIN, ERR_R_BUF_LIB);
-        return 0;
-    }
-    if (x != NULL) {
-        if (no_chain) {
-            if (!ssl_add_cert_to_buf(buf, l, x))
-                return 0;
-        } else {
-            X509_STORE_CTX xs_ctx;
-
-            if (!X509_STORE_CTX_init(&xs_ctx, chain_store, x, NULL)) {
-                SSLerr(SSL_F_SSL_ADD_CERT_CHAIN, ERR_R_X509_LIB);
-                return (0);
-            }
-            X509_verify_cert(&xs_ctx);
-            /* Don't leave errors in the queue */
-            ERR_clear_error();
-            for (i = 0; i < sk_X509_num(xs_ctx.chain); i++) {
-                x = sk_X509_value(xs_ctx.chain, i);
 
-                if (!ssl_add_cert_to_buf(buf, l, x)) {
-                    X509_STORE_CTX_cleanup(&xs_ctx);
-                    return 0;
-                }
-            }
-            X509_STORE_CTX_cleanup(&xs_ctx);
-        }
-    }
-    for (i = 0; i < sk_X509_num(extra_certs); i++) {
-        x = sk_X509_value(extra_certs, i);
-        if (!ssl_add_cert_to_buf(buf, l, x))
-            return 0;
-    }
-
-    return 1;
+    return ret;
 }
 
 /* Build a certificate chain for current certificate */
-int ssl_build_cert_chain(CERT *c, X509_STORE *chain_store, int flags)
+int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags)
 {
+    CERT *c = s ? s->cert : ctx->cert;
     CERT_PKEY *cpk = c->key;
-    X509_STORE_CTX xs_ctx;
+    X509_STORE *chain_store = NULL;
+    X509_STORE_CTX *xs_ctx = NULL;
     STACK_OF(X509) *chain = NULL, *untrusted = NULL;
     X509 *x;
     int i, rv = 0;
-    unsigned long error;
 
     if (!cpk->x509) {
         SSLerr(SSL_F_SSL_BUILD_CERT_CHAIN, SSL_R_NO_CERTIFICATE_SET);
@@ -1167,44 +803,42 @@ int ssl_build_cert_chain(CERT *c, X509_STORE *chain_store, int flags)
     /* Rearranging and check the chain: add everything to a store */
     if (flags & SSL_BUILD_CHAIN_FLAG_CHECK) {
         chain_store = X509_STORE_new();
-        if (!chain_store)
+        if (chain_store == NULL)
             goto err;
         for (i = 0; i < sk_X509_num(cpk->chain); i++) {
             x = sk_X509_value(cpk->chain, i);
-            if (!X509_STORE_add_cert(chain_store, x)) {
-                error = ERR_peek_last_error();
-                if (ERR_GET_LIB(error) != ERR_LIB_X509 ||
-                    ERR_GET_REASON(error) !=
-                    X509_R_CERT_ALREADY_IN_HASH_TABLE)
-                    goto err;
-                ERR_clear_error();
-            }
-        }
-        /* Add EE cert too: it might be self signed */
-        if (!X509_STORE_add_cert(chain_store, cpk->x509)) {
-            error = ERR_peek_last_error();
-            if (ERR_GET_LIB(error) != ERR_LIB_X509 ||
-                ERR_GET_REASON(error) != X509_R_CERT_ALREADY_IN_HASH_TABLE)
+            if (!X509_STORE_add_cert(chain_store, x))
                 goto err;
-            ERR_clear_error();
         }
+        /* Add EE cert too: it might be self signed */
+        if (!X509_STORE_add_cert(chain_store, cpk->x509))
+            goto err;
     } else {
         if (c->chain_store)
             chain_store = c->chain_store;
+        else if (s)
+            chain_store = s->ctx->cert_store;
+        else
+            chain_store = ctx->cert_store;
 
         if (flags & SSL_BUILD_CHAIN_FLAG_UNTRUSTED)
             untrusted = cpk->chain;
     }
 
-    if (!X509_STORE_CTX_init(&xs_ctx, chain_store, cpk->x509, untrusted)) {
+    xs_ctx = X509_STORE_CTX_new();
+    if (xs_ctx == NULL) {
+        SSLerr(SSL_F_SSL_BUILD_CERT_CHAIN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (!X509_STORE_CTX_init(xs_ctx, chain_store, cpk->x509, untrusted)) {
         SSLerr(SSL_F_SSL_BUILD_CERT_CHAIN, ERR_R_X509_LIB);
         goto err;
     }
     /* Set suite B flags if needed */
-    X509_STORE_CTX_set_flags(&xs_ctx,
+    X509_STORE_CTX_set_flags(xs_ctx,
                              c->cert_flags & SSL_CERT_FLAG_SUITEB_128_LOS);
 
-    i = X509_verify_cert(&xs_ctx);
+    i = X509_verify_cert(xs_ctx);
     if (i <= 0 && flags & SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR) {
         if (flags & SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR)
             ERR_clear_error();
@@ -1212,19 +846,15 @@ int ssl_build_cert_chain(CERT *c, X509_STORE *chain_store, int flags)
         rv = 2;
     }
     if (i > 0)
-        chain = X509_STORE_CTX_get1_chain(&xs_ctx);
+        chain = X509_STORE_CTX_get1_chain(xs_ctx);
     if (i <= 0) {
         SSLerr(SSL_F_SSL_BUILD_CERT_CHAIN, SSL_R_CERTIFICATE_VERIFY_FAILED);
-        i = X509_STORE_CTX_get_error(&xs_ctx);
+        i = X509_STORE_CTX_get_error(xs_ctx);
         ERR_add_error_data(2, "Verify error:",
                            X509_verify_cert_error_string(i));
 
-        X509_STORE_CTX_cleanup(&xs_ctx);
         goto err;
     }
-    X509_STORE_CTX_cleanup(&xs_ctx);
-    if (cpk->chain)
-        sk_X509_pop_free(cpk->chain, X509_free);
     /* Remove EE certificate from chain */
     x = sk_X509_shift(chain);
     X509_free(x);
@@ -1232,19 +862,34 @@ int ssl_build_cert_chain(CERT *c, X509_STORE *chain_store, int flags)
         if (sk_X509_num(chain) > 0) {
             /* See if last cert is self signed */
             x = sk_X509_value(chain, sk_X509_num(chain) - 1);
-            X509_check_purpose(x, -1, 0);
-            if (x->ex_flags & EXFLAG_SS) {
+            if (X509_get_extension_flags(x) & EXFLAG_SS) {
                 x = sk_X509_pop(chain);
                 X509_free(x);
             }
         }
     }
+    /*
+     * Check security level of all CA certificates: EE will have been checked
+     * already.
+     */
+    for (i = 0; i < sk_X509_num(chain); i++) {
+        x = sk_X509_value(chain, i);
+        rv = ssl_security_cert(s, ctx, x, 0, 0);
+        if (rv != 1) {
+            SSLerr(SSL_F_SSL_BUILD_CERT_CHAIN, rv);
+            sk_X509_pop_free(chain, X509_free);
+            rv = 0;
+            goto err;
+        }
+    }
+    sk_X509_pop_free(cpk->chain, X509_free);
     cpk->chain = chain;
     if (rv == 0)
         rv = 1;
  err:
     if (flags & SSL_BUILD_CHAIN_FLAG_CHECK)
         X509_STORE_free(chain_store);
+    X509_STORE_CTX_free(xs_ctx);
 
     return rv;
 }
@@ -1256,10 +901,141 @@ int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, int ref)
         pstore = &c->chain_store;
     else
         pstore = &c->verify_store;
-    if (*pstore)
-        X509_STORE_free(*pstore);
+    X509_STORE_free(*pstore);
     *pstore = store;
     if (ref && store)
-        CRYPTO_add(&store->references, 1, CRYPTO_LOCK_X509_STORE);
+        X509_STORE_up_ref(store);
+    return 1;
+}
+
+static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
+                                         int op, int bits, int nid, void *other,
+                                         void *ex)
+{
+    int level, minbits;
+    static const int minbits_table[5] = { 80, 112, 128, 192, 256 };
+    if (ctx)
+        level = SSL_CTX_get_security_level(ctx);
+    else
+        level = SSL_get_security_level(s);
+
+    if (level <= 0) {
+        /*
+         * No EDH keys weaker than 1024-bits even at level 0, otherwise,
+         * anything goes.
+         */
+        if (op == SSL_SECOP_TMP_DH && bits < 80)
+            return 0;
+        return 1;
+    }
+    if (level > 5)
+        level = 5;
+    minbits = minbits_table[level - 1];
+    switch (op) {
+    case SSL_SECOP_CIPHER_SUPPORTED:
+    case SSL_SECOP_CIPHER_SHARED:
+    case SSL_SECOP_CIPHER_CHECK:
+        {
+            const SSL_CIPHER *c = other;
+            /* No ciphers below security level */
+            if (bits < minbits)
+                return 0;
+            /* No unauthenticated ciphersuites */
+            if (c->algorithm_auth & SSL_aNULL)
+                return 0;
+            /* No MD5 mac ciphersuites */
+            if (c->algorithm_mac & SSL_MD5)
+                return 0;
+            /* SHA1 HMAC is 160 bits of security */
+            if (minbits > 160 && c->algorithm_mac & SSL_SHA1)
+                return 0;
+            /* Level 2: no RC4 */
+            if (level >= 2 && c->algorithm_enc == SSL_RC4)
+                return 0;
+            /* Level 3: forward secure ciphersuites only */
+            if (level >= 3 && (c->min_tls != TLS1_3_VERSION ||
+                               !(c->algorithm_mkey & (SSL_kEDH | SSL_kEECDH))))
+                return 0;
+            break;
+        }
+    case SSL_SECOP_VERSION:
+        if (!SSL_IS_DTLS(s)) {
+            /* SSLv3 not allowed at level 2 */
+            if (nid <= SSL3_VERSION && level >= 2)
+                return 0;
+            /* TLS v1.1 and above only for level 3 */
+            if (nid <= TLS1_VERSION && level >= 3)
+                return 0;
+            /* TLS v1.2 only for level 4 and above */
+            if (nid <= TLS1_1_VERSION && level >= 4)
+                return 0;
+        } else {
+            /* DTLS v1.2 only for level 4 and above */
+            if (DTLS_VERSION_LT(nid, DTLS1_2_VERSION) && level >= 4)
+                return 0;
+        }
+        break;
+
+    case SSL_SECOP_COMPRESSION:
+        if (level >= 2)
+            return 0;
+        break;
+    case SSL_SECOP_TICKET:
+        if (level >= 3)
+            return 0;
+        break;
+    default:
+        if (bits < minbits)
+            return 0;
+    }
     return 1;
 }
+
+int ssl_security(const SSL *s, int op, int bits, int nid, void *other)
+{
+    return s->cert->sec_cb(s, NULL, op, bits, nid, other, s->cert->sec_ex);
+}
+
+int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid, void *other)
+{
+    return ctx->cert->sec_cb(NULL, ctx, op, bits, nid, other,
+                             ctx->cert->sec_ex);
+}
+
+int ssl_cert_lookup_by_nid(int nid, size_t *pidx)
+{
+    size_t i;
+
+    for (i = 0; i < OSSL_NELEM(ssl_cert_info); i++) {
+        if (ssl_cert_info[i].nid == nid) {
+            *pidx = i;
+            return 1;
+        }
+    }
+
+    return 0;
+}
+
+const SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk, size_t *pidx)
+{
+    int nid = EVP_PKEY_id(pk);
+    size_t tmpidx;
+
+    if (nid == NID_undef)
+        return NULL;
+
+    if (!ssl_cert_lookup_by_nid(nid, &tmpidx))
+        return NULL;
+
+    if (pidx != NULL)
+        *pidx = tmpidx;
+
+    return &ssl_cert_info[tmpidx];
+}
+
+const SSL_CERT_LOOKUP *ssl_cert_lookup_by_idx(size_t idx)
+{
+    if (idx >= OSSL_NELEM(ssl_cert_info))
+        return NULL;
+    return &ssl_cert_info[idx];
+}
diff --git a/freebsd/crypto/openssl/ssl/ssl_cert_table.h b/freebsd/crypto/openssl/ssl/ssl_cert_table.h
new file mode 100644
index 00000000..0c47241c
--- /dev/null
+++ b/freebsd/crypto/openssl/ssl/ssl_cert_table.h
@@ -0,0 +1,23 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Certificate table information. NB: table entries must match SSL_PKEY indices
+ */
+static const SSL_CERT_LOOKUP ssl_cert_info [] = {
+    {EVP_PKEY_RSA, SSL_aRSA}, /* SSL_PKEY_RSA */
+    {EVP_PKEY_RSA_PSS, SSL_aRSA}, /* SSL_PKEY_RSA_PSS_SIGN */
+    {EVP_PKEY_DSA, SSL_aDSS}, /* SSL_PKEY_DSA_SIGN */
+    {EVP_PKEY_EC, SSL_aECDSA}, /* SSL_PKEY_ECC */
+    {NID_id_GostR3410_2001, SSL_aGOST01}, /* SSL_PKEY_GOST01 */
+    {NID_id_GostR3410_2012_256, SSL_aGOST12}, /* SSL_PKEY_GOST12_256 */
+    {NID_id_GostR3410_2012_512, SSL_aGOST12}, /* SSL_PKEY_GOST12_512 */
+    {EVP_PKEY_ED25519, SSL_aECDSA}, /* SSL_PKEY_ED25519 */
+    {EVP_PKEY_ED448, SSL_aECDSA} /* SSL_PKEY_ED448 */
+};
diff --git a/freebsd/crypto/openssl/ssl/ssl_ciph.c b/freebsd/crypto/openssl/ssl/ssl_ciph.c
index 2591b69b..65f92ead 100644
--- a/freebsd/crypto/openssl/ssl/ssl_ciph.c
+++ b/freebsd/crypto/openssl/ssl/ssl_ciph.c
@@ -1,156 +1,27 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* ssl/ssl_ciph.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-/* ====================================================================
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
+#include <ctype.h>
 #include <openssl/objects.h>
-#ifndef OPENSSL_NO_COMP
-# include <openssl/comp.h>
-#endif
-#ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
-#endif
+#include <openssl/comp.h>
+#include <openssl/engine.h>
+#include <openssl/crypto.h>
+#include <openssl/conf.h>
+#include "internal/nelem.h"
 #include "ssl_locl.h"
+#include "internal/thread_once.h"
+#include "internal/cryptlib.h"
 
 #define SSL_ENC_DES_IDX         0
 #define SSL_ENC_3DES_IDX        1
@@ -166,59 +37,156 @@
 #define SSL_ENC_SEED_IDX        11
 #define SSL_ENC_AES128GCM_IDX   12
 #define SSL_ENC_AES256GCM_IDX   13
-#define SSL_ENC_NUM_IDX         14
-
-static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = {
-    NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
-    NULL, NULL
+#define SSL_ENC_AES128CCM_IDX   14
+#define SSL_ENC_AES256CCM_IDX   15
+#define SSL_ENC_AES128CCM8_IDX  16
+#define SSL_ENC_AES256CCM8_IDX  17
+#define SSL_ENC_GOST8912_IDX    18
+#define SSL_ENC_CHACHA_IDX      19
+#define SSL_ENC_ARIA128GCM_IDX  20
+#define SSL_ENC_ARIA256GCM_IDX  21
+#define SSL_ENC_NUM_IDX         22
+
+/* NB: make sure indices in these tables match values above */
+
+typedef struct {
+    uint32_t mask;
+    int nid;
+} ssl_cipher_table;
+
+/* Table of NIDs for each cipher */
+static const ssl_cipher_table ssl_cipher_table_cipher[SSL_ENC_NUM_IDX] = {
+    {SSL_DES, NID_des_cbc},     /* SSL_ENC_DES_IDX 0 */
+    {SSL_3DES, NID_des_ede3_cbc}, /* SSL_ENC_3DES_IDX 1 */
+    {SSL_RC4, NID_rc4},         /* SSL_ENC_RC4_IDX 2 */
+    {SSL_RC2, NID_rc2_cbc},     /* SSL_ENC_RC2_IDX 3 */
+    {SSL_IDEA, NID_idea_cbc},   /* SSL_ENC_IDEA_IDX 4 */
+    {SSL_eNULL, NID_undef},     /* SSL_ENC_NULL_IDX 5 */
+    {SSL_AES128, NID_aes_128_cbc}, /* SSL_ENC_AES128_IDX 6 */
+    {SSL_AES256, NID_aes_256_cbc}, /* SSL_ENC_AES256_IDX 7 */
+    {SSL_CAMELLIA128, NID_camellia_128_cbc}, /* SSL_ENC_CAMELLIA128_IDX 8 */
+    {SSL_CAMELLIA256, NID_camellia_256_cbc}, /* SSL_ENC_CAMELLIA256_IDX 9 */
+    {SSL_eGOST2814789CNT, NID_gost89_cnt}, /* SSL_ENC_GOST89_IDX 10 */
+    {SSL_SEED, NID_seed_cbc},   /* SSL_ENC_SEED_IDX 11 */
+    {SSL_AES128GCM, NID_aes_128_gcm}, /* SSL_ENC_AES128GCM_IDX 12 */
+    {SSL_AES256GCM, NID_aes_256_gcm}, /* SSL_ENC_AES256GCM_IDX 13 */
+    {SSL_AES128CCM, NID_aes_128_ccm}, /* SSL_ENC_AES128CCM_IDX 14 */
+    {SSL_AES256CCM, NID_aes_256_ccm}, /* SSL_ENC_AES256CCM_IDX 15 */
+    {SSL_AES128CCM8, NID_aes_128_ccm}, /* SSL_ENC_AES128CCM8_IDX 16 */
+    {SSL_AES256CCM8, NID_aes_256_ccm}, /* SSL_ENC_AES256CCM8_IDX 17 */
+    {SSL_eGOST2814789CNT12, NID_gost89_cnt_12}, /* SSL_ENC_GOST8912_IDX 18 */
+    {SSL_CHACHA20POLY1305, NID_chacha20_poly1305}, /* SSL_ENC_CHACHA_IDX 19 */
+    {SSL_ARIA128GCM, NID_aria_128_gcm}, /* SSL_ENC_ARIA128GCM_IDX 20 */
+    {SSL_ARIA256GCM, NID_aria_256_gcm}, /* SSL_ENC_ARIA256GCM_IDX 21 */
 };
 
+static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX];
+
 #define SSL_COMP_NULL_IDX       0
 #define SSL_COMP_ZLIB_IDX       1
 #define SSL_COMP_NUM_IDX        2
 
 static STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
 
-#define SSL_MD_MD5_IDX  0
-#define SSL_MD_SHA1_IDX 1
-#define SSL_MD_GOST94_IDX 2
-#define SSL_MD_GOST89MAC_IDX 3
-#define SSL_MD_SHA256_IDX 4
-#define SSL_MD_SHA384_IDX 5
+#ifndef OPENSSL_NO_COMP
+static CRYPTO_ONCE ssl_load_builtin_comp_once = CRYPTO_ONCE_STATIC_INIT;
+#endif
+
 /*
  * Constant SSL_MAX_DIGEST equal to size of digests array should be defined
  * in the ssl_locl.h
  */
+
 #define SSL_MD_NUM_IDX  SSL_MAX_DIGEST
+
+/* NB: make sure indices in this table matches values above */
+static const ssl_cipher_table ssl_cipher_table_mac[SSL_MD_NUM_IDX] = {
+    {SSL_MD5, NID_md5},         /* SSL_MD_MD5_IDX 0 */
+    {SSL_SHA1, NID_sha1},       /* SSL_MD_SHA1_IDX 1 */
+    {SSL_GOST94, NID_id_GostR3411_94}, /* SSL_MD_GOST94_IDX 2 */
+    {SSL_GOST89MAC, NID_id_Gost28147_89_MAC}, /* SSL_MD_GOST89MAC_IDX 3 */
+    {SSL_SHA256, NID_sha256},   /* SSL_MD_SHA256_IDX 4 */
+    {SSL_SHA384, NID_sha384},   /* SSL_MD_SHA384_IDX 5 */
+    {SSL_GOST12_256, NID_id_GostR3411_2012_256}, /* SSL_MD_GOST12_256_IDX 6 */
+    {SSL_GOST89MAC12, NID_gost_mac_12}, /* SSL_MD_GOST89MAC12_IDX 7 */
+    {SSL_GOST12_512, NID_id_GostR3411_2012_512}, /* SSL_MD_GOST12_512_IDX 8 */
+    {0, NID_md5_sha1},          /* SSL_MD_MD5_SHA1_IDX 9 */
+    {0, NID_sha224},            /* SSL_MD_SHA224_IDX 10 */
+    {0, NID_sha512}             /* SSL_MD_SHA512_IDX 11 */
+};
+
 static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = {
-    NULL, NULL, NULL, NULL, NULL, NULL
+    NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
+};
+
+/* *INDENT-OFF* */
+static const ssl_cipher_table ssl_cipher_table_kx[] = {
+    {SSL_kRSA,      NID_kx_rsa},
+    {SSL_kECDHE,    NID_kx_ecdhe},
+    {SSL_kDHE,      NID_kx_dhe},
+    {SSL_kECDHEPSK, NID_kx_ecdhe_psk},
+    {SSL_kDHEPSK,   NID_kx_dhe_psk},
+    {SSL_kRSAPSK,   NID_kx_rsa_psk},
+    {SSL_kPSK,      NID_kx_psk},
+    {SSL_kSRP,      NID_kx_srp},
+    {SSL_kGOST,     NID_kx_gost},
+    {SSL_kANY,      NID_kx_any}
 };
 
+static const ssl_cipher_table ssl_cipher_table_auth[] = {
+    {SSL_aRSA,    NID_auth_rsa},
+    {SSL_aECDSA,  NID_auth_ecdsa},
+    {SSL_aPSK,    NID_auth_psk},
+    {SSL_aDSS,    NID_auth_dss},
+    {SSL_aGOST01, NID_auth_gost01},
+    {SSL_aGOST12, NID_auth_gost12},
+    {SSL_aSRP,    NID_auth_srp},
+    {SSL_aNULL,   NID_auth_null},
+    {SSL_aANY,    NID_auth_any}
+};
+/* *INDENT-ON* */
+
+/* Utility function for table lookup */
+static int ssl_cipher_info_find(const ssl_cipher_table * table,
+                                size_t table_cnt, uint32_t mask)
+{
+    size_t i;
+    for (i = 0; i < table_cnt; i++, table++) {
+        if (table->mask == mask)
+            return (int)i;
+    }
+    return -1;
+}
+
+#define ssl_cipher_info_lookup(table, x) \
+    ssl_cipher_info_find(table, OSSL_NELEM(table), x)
+
 /*
  * PKEY_TYPE for GOST89MAC is known in advance, but, because implementation
  * is engine-provided, we'll fill it only if corresponding EVP_PKEY_METHOD is
  * found
  */
 static int ssl_mac_pkey_id[SSL_MD_NUM_IDX] = {
+    /* MD5, SHA, GOST94, MAC89 */
     EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, NID_undef,
-    EVP_PKEY_HMAC, EVP_PKEY_HMAC
-};
-
-static int ssl_mac_secret_size[SSL_MD_NUM_IDX] = {
-    0, 0, 0, 0, 0, 0
+    /* SHA256, SHA384, GOST2012_256, MAC89-12 */
+    EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, NID_undef,
+    /* GOST2012_512 */
+    EVP_PKEY_HMAC,
 };
 
-static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX] = {
-    SSL_HANDSHAKE_MAC_MD5, SSL_HANDSHAKE_MAC_SHA,
-    SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256,
-    SSL_HANDSHAKE_MAC_SHA384
-};
+static size_t ssl_mac_secret_size[SSL_MD_NUM_IDX];
 
 #define CIPHER_ADD      1
 #define CIPHER_KILL     2
 #define CIPHER_DEL      3
 #define CIPHER_ORD      4
 #define CIPHER_SPECIAL  5
+/*
+ * Bump the ciphers to the top of the list.
+ * This rule isn't currently supported by the public cipherstring API.
+ */
+#define CIPHER_BUMP     6
 
 typedef struct cipher_order_st {
     const SSL_CIPHER *cipher;
@@ -229,141 +197,119 @@ typedef struct cipher_order_st {
 
 static const SSL_CIPHER cipher_aliases[] = {
     /* "ALL" doesn't include eNULL (must be specifically enabled) */
-    {0, SSL_TXT_ALL, 0, 0, 0, ~SSL_eNULL, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_ALL, NULL, 0, 0, 0, ~SSL_eNULL},
     /* "COMPLEMENTOFALL" */
-    {0, SSL_TXT_CMPALL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_CMPALL, NULL, 0, 0, 0, SSL_eNULL},
 
     /*
      * "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in
      * ALL!)
      */
-    {0, SSL_TXT_CMPDEF, 0, 0, 0, 0, 0, 0, SSL_NOT_DEFAULT, 0, 0, 0},
+    {0, SSL_TXT_CMPDEF, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_NOT_DEFAULT},
 
     /*
      * key exchange aliases (some of those using only a single bit here
-     * combine multiple key exchange algs according to the RFCs, e.g. kEDH
+     * combine multiple key exchange algs according to the RFCs, e.g. kDHE
      * combines DHE_DSS and DHE_RSA)
      */
-    {0, SSL_TXT_kRSA, 0, SSL_kRSA, 0, 0, 0, 0, 0, 0, 0, 0},
-
-    {0, SSL_TXT_kDHr, 0, SSL_kDHr, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_kDHd, 0, SSL_kDHd, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_kDH, 0, SSL_kDHr | SSL_kDHd, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_kEDH, 0, SSL_kEDH, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_kDHE, 0, SSL_kEDH, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_DH, 0, SSL_kDHr | SSL_kDHd | SSL_kEDH, 0, 0, 0, 0, 0, 0, 0,
-     0},
-
-    {0, SSL_TXT_kKRB5, 0, SSL_kKRB5, 0, 0, 0, 0, 0, 0, 0, 0},
-
-    {0, SSL_TXT_kECDHr, 0, SSL_kECDHr, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_kECDHe, 0, SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_kECDH, 0, SSL_kECDHr | SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_kEECDH, 0, SSL_kEECDH, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_kECDHE, 0, SSL_kEECDH, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_ECDH, 0, SSL_kECDHr | SSL_kECDHe | SSL_kEECDH, 0, 0, 0, 0, 0,
-     0, 0, 0},
-
-    {0, SSL_TXT_kPSK, 0, SSL_kPSK, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_kSRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_kGOST, 0, SSL_kGOST, 0, 0, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_kRSA, NULL, 0, SSL_kRSA},
+
+    {0, SSL_TXT_kEDH, NULL, 0, SSL_kDHE},
+    {0, SSL_TXT_kDHE, NULL, 0, SSL_kDHE},
+    {0, SSL_TXT_DH, NULL, 0, SSL_kDHE},
+
+    {0, SSL_TXT_kEECDH, NULL, 0, SSL_kECDHE},
+    {0, SSL_TXT_kECDHE, NULL, 0, SSL_kECDHE},
+    {0, SSL_TXT_ECDH, NULL, 0, SSL_kECDHE},
+
+    {0, SSL_TXT_kPSK, NULL, 0, SSL_kPSK},
+    {0, SSL_TXT_kRSAPSK, NULL, 0, SSL_kRSAPSK},
+    {0, SSL_TXT_kECDHEPSK, NULL, 0, SSL_kECDHEPSK},
+    {0, SSL_TXT_kDHEPSK, NULL, 0, SSL_kDHEPSK},
+    {0, SSL_TXT_kSRP, NULL, 0, SSL_kSRP},
+    {0, SSL_TXT_kGOST, NULL, 0, SSL_kGOST},
 
     /* server authentication aliases */
-    {0, SSL_TXT_aRSA, 0, 0, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_aDSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_DSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_aKRB5, 0, 0, SSL_aKRB5, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_aNULL, 0, 0, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
-    /* no such ciphersuites supported! */
-    {0, SSL_TXT_aDH, 0, 0, SSL_aDH, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_aECDH, 0, 0, SSL_aECDH, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_aECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_ECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_aPSK, 0, 0, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_aGOST94, 0, 0, SSL_aGOST94, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_aGOST01, 0, 0, SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_aGOST, 0, 0, SSL_aGOST94 | SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_aSRP, 0, 0, SSL_aSRP, 0, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_aRSA, NULL, 0, 0, SSL_aRSA},
+    {0, SSL_TXT_aDSS, NULL, 0, 0, SSL_aDSS},
+    {0, SSL_TXT_DSS, NULL, 0, 0, SSL_aDSS},
+    {0, SSL_TXT_aNULL, NULL, 0, 0, SSL_aNULL},
+    {0, SSL_TXT_aECDSA, NULL, 0, 0, SSL_aECDSA},
+    {0, SSL_TXT_ECDSA, NULL, 0, 0, SSL_aECDSA},
+    {0, SSL_TXT_aPSK, NULL, 0, 0, SSL_aPSK},
+    {0, SSL_TXT_aGOST01, NULL, 0, 0, SSL_aGOST01},
+    {0, SSL_TXT_aGOST12, NULL, 0, 0, SSL_aGOST12},
+    {0, SSL_TXT_aGOST, NULL, 0, 0, SSL_aGOST01 | SSL_aGOST12},
+    {0, SSL_TXT_aSRP, NULL, 0, 0, SSL_aSRP},
 
     /* aliases combining key exchange and server authentication */
-    {0, SSL_TXT_EDH, 0, SSL_kEDH, ~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_DHE, 0, SSL_kEDH, ~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_EECDH, 0, SSL_kEECDH, ~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_ECDHE, 0, SSL_kEECDH, ~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_NULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_KRB5, 0, SSL_kKRB5, SSL_aKRB5, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_RSA, 0, SSL_kRSA, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_ADH, 0, SSL_kEDH, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_AECDH, 0, SSL_kEECDH, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_PSK, 0, SSL_kPSK, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_SRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_EDH, NULL, 0, SSL_kDHE, ~SSL_aNULL},
+    {0, SSL_TXT_DHE, NULL, 0, SSL_kDHE, ~SSL_aNULL},
+    {0, SSL_TXT_EECDH, NULL, 0, SSL_kECDHE, ~SSL_aNULL},
+    {0, SSL_TXT_ECDHE, NULL, 0, SSL_kECDHE, ~SSL_aNULL},
+    {0, SSL_TXT_NULL, NULL, 0, 0, 0, SSL_eNULL},
+    {0, SSL_TXT_RSA, NULL, 0, SSL_kRSA, SSL_aRSA},
+    {0, SSL_TXT_ADH, NULL, 0, SSL_kDHE, SSL_aNULL},
+    {0, SSL_TXT_AECDH, NULL, 0, SSL_kECDHE, SSL_aNULL},
+    {0, SSL_TXT_PSK, NULL, 0, SSL_PSK},
+    {0, SSL_TXT_SRP, NULL, 0, SSL_kSRP},
 
     /* symmetric encryption aliases */
-    {0, SSL_TXT_DES, 0, 0, 0, SSL_DES, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_3DES, 0, 0, 0, SSL_3DES, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_RC4, 0, 0, 0, SSL_RC4, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_RC2, 0, 0, 0, SSL_RC2, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_IDEA, 0, 0, 0, SSL_IDEA, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_SEED, 0, 0, 0, SSL_SEED, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_eNULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_AES128, 0, 0, 0, SSL_AES128 | SSL_AES128GCM, 0, 0, 0, 0, 0,
-     0},
-    {0, SSL_TXT_AES256, 0, 0, 0, SSL_AES256 | SSL_AES256GCM, 0, 0, 0, 0, 0,
-     0},
-    {0, SSL_TXT_AES, 0, 0, 0, SSL_AES, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_AES_GCM, 0, 0, 0, SSL_AES128GCM | SSL_AES256GCM, 0, 0, 0, 0,
-     0, 0},
-    {0, SSL_TXT_CAMELLIA128, 0, 0, 0, SSL_CAMELLIA128, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_CAMELLIA256, 0, 0, 0, SSL_CAMELLIA256, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_CAMELLIA, 0, 0, 0, SSL_CAMELLIA128 | SSL_CAMELLIA256, 0, 0, 0,
-     0, 0, 0},
+    {0, SSL_TXT_3DES, NULL, 0, 0, 0, SSL_3DES},
+    {0, SSL_TXT_RC4, NULL, 0, 0, 0, SSL_RC4},
+    {0, SSL_TXT_RC2, NULL, 0, 0, 0, SSL_RC2},
+    {0, SSL_TXT_IDEA, NULL, 0, 0, 0, SSL_IDEA},
+    {0, SSL_TXT_SEED, NULL, 0, 0, 0, SSL_SEED},
+    {0, SSL_TXT_eNULL, NULL, 0, 0, 0, SSL_eNULL},
+    {0, SSL_TXT_GOST, NULL, 0, 0, 0, SSL_eGOST2814789CNT | SSL_eGOST2814789CNT12},
+    {0, SSL_TXT_AES128, NULL, 0, 0, 0,
+     SSL_AES128 | SSL_AES128GCM | SSL_AES128CCM | SSL_AES128CCM8},
+    {0, SSL_TXT_AES256, NULL, 0, 0, 0,
+     SSL_AES256 | SSL_AES256GCM | SSL_AES256CCM | SSL_AES256CCM8},
+    {0, SSL_TXT_AES, NULL, 0, 0, 0, SSL_AES},
+    {0, SSL_TXT_AES_GCM, NULL, 0, 0, 0, SSL_AES128GCM | SSL_AES256GCM},
+    {0, SSL_TXT_AES_CCM, NULL, 0, 0, 0,
+     SSL_AES128CCM | SSL_AES256CCM | SSL_AES128CCM8 | SSL_AES256CCM8},
+    {0, SSL_TXT_AES_CCM_8, NULL, 0, 0, 0, SSL_AES128CCM8 | SSL_AES256CCM8},
+    {0, SSL_TXT_CAMELLIA128, NULL, 0, 0, 0, SSL_CAMELLIA128},
+    {0, SSL_TXT_CAMELLIA256, NULL, 0, 0, 0, SSL_CAMELLIA256},
+    {0, SSL_TXT_CAMELLIA, NULL, 0, 0, 0, SSL_CAMELLIA},
+    {0, SSL_TXT_CHACHA20, NULL, 0, 0, 0, SSL_CHACHA20},
+
+    {0, SSL_TXT_ARIA, NULL, 0, 0, 0, SSL_ARIA},
+    {0, SSL_TXT_ARIA_GCM, NULL, 0, 0, 0, SSL_ARIA128GCM | SSL_ARIA256GCM},
+    {0, SSL_TXT_ARIA128, NULL, 0, 0, 0, SSL_ARIA128GCM},
+    {0, SSL_TXT_ARIA256, NULL, 0, 0, 0, SSL_ARIA256GCM},
 
     /* MAC aliases */
-    {0, SSL_TXT_MD5, 0, 0, 0, 0, SSL_MD5, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_SHA1, 0, 0, 0, 0, SSL_SHA1, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_SHA, 0, 0, 0, 0, SSL_SHA1, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_GOST94, 0, 0, 0, 0, SSL_GOST94, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_GOST89MAC, 0, 0, 0, 0, SSL_GOST89MAC, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_SHA256, 0, 0, 0, 0, SSL_SHA256, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_SHA384, 0, 0, 0, 0, SSL_SHA384, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_MD5, NULL, 0, 0, 0, 0, SSL_MD5},
+    {0, SSL_TXT_SHA1, NULL, 0, 0, 0, 0, SSL_SHA1},
+    {0, SSL_TXT_SHA, NULL, 0, 0, 0, 0, SSL_SHA1},
+    {0, SSL_TXT_GOST94, NULL, 0, 0, 0, 0, SSL_GOST94},
+    {0, SSL_TXT_GOST89MAC, NULL, 0, 0, 0, 0, SSL_GOST89MAC | SSL_GOST89MAC12},
+    {0, SSL_TXT_SHA256, NULL, 0, 0, 0, 0, SSL_SHA256},
+    {0, SSL_TXT_SHA384, NULL, 0, 0, 0, 0, SSL_SHA384},
+    {0, SSL_TXT_GOST12, NULL, 0, 0, 0, 0, SSL_GOST12_256},
 
     /* protocol version aliases */
-    {0, SSL_TXT_SSLV2, 0, 0, 0, 0, 0, SSL_SSLV2, 0, 0, 0, 0},
-    {0, SSL_TXT_SSLV3, 0, 0, 0, 0, 0, SSL_SSLV3, 0, 0, 0, 0},
-    {0, SSL_TXT_TLSV1, 0, 0, 0, 0, 0, SSL_TLSV1, 0, 0, 0, 0},
-    {0, SSL_TXT_TLSV1_2, 0, 0, 0, 0, 0, SSL_TLSV1_2, 0, 0, 0, 0},
-
-    /* export flag */
-    {0, SSL_TXT_EXP, 0, 0, 0, 0, 0, 0, SSL_EXPORT, 0, 0, 0},
-    {0, SSL_TXT_EXPORT, 0, 0, 0, 0, 0, 0, SSL_EXPORT, 0, 0, 0},
+    {0, SSL_TXT_SSLV3, NULL, 0, 0, 0, 0, 0, SSL3_VERSION},
+    {0, SSL_TXT_TLSV1, NULL, 0, 0, 0, 0, 0, TLS1_VERSION},
+    {0, "TLSv1.0", NULL, 0, 0, 0, 0, 0, TLS1_VERSION},
+    {0, SSL_TXT_TLSV1_2, NULL, 0, 0, 0, 0, 0, TLS1_2_VERSION},
 
     /* strength classes */
-    {0, SSL_TXT_EXP40, 0, 0, 0, 0, 0, 0, SSL_EXP40, 0, 0, 0},
-    {0, SSL_TXT_EXP56, 0, 0, 0, 0, 0, 0, SSL_EXP56, 0, 0, 0},
-    {0, SSL_TXT_LOW, 0, 0, 0, 0, 0, 0, SSL_LOW, 0, 0, 0},
-    {0, SSL_TXT_MEDIUM, 0, 0, 0, 0, 0, 0, SSL_MEDIUM, 0, 0, 0},
-    {0, SSL_TXT_HIGH, 0, 0, 0, 0, 0, 0, SSL_HIGH, 0, 0, 0},
+    {0, SSL_TXT_LOW, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_LOW},
+    {0, SSL_TXT_MEDIUM, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_MEDIUM},
+    {0, SSL_TXT_HIGH, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_HIGH},
     /* FIPS 140-2 approved ciphersuite */
-    {0, SSL_TXT_FIPS, 0, 0, 0, ~SSL_eNULL, 0, 0, SSL_FIPS, 0, 0, 0},
-    /* "DHE-" aliases to "EDH-" labels (for forward compatibility) */
-    {0, SSL3_TXT_DHE_DSS_DES_40_CBC_SHA, 0,
-     SSL_kDHE, SSL_aDSS, SSL_DES, SSL_SHA1, SSL_SSLV3, SSL_EXPORT | SSL_EXP40,
-     0, 0, 0,},
-    {0, SSL3_TXT_DHE_DSS_DES_64_CBC_SHA, 0,
-     SSL_kDHE, SSL_aDSS, SSL_DES, SSL_SHA1, SSL_SSLV3, SSL_NOT_EXP | SSL_LOW,
-     0, 0, 0,},
-    {0, SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA, 0,
-     SSL_kDHE, SSL_aDSS, SSL_3DES, SSL_SHA1, SSL_SSLV3,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 0, 0, 0,},
-    {0, SSL3_TXT_DHE_RSA_DES_40_CBC_SHA, 0,
-     SSL_kDHE, SSL_aRSA, SSL_DES, SSL_SHA1, SSL_SSLV3, SSL_EXPORT | SSL_EXP40,
-     0, 0, 0,},
-    {0, SSL3_TXT_DHE_RSA_DES_64_CBC_SHA, 0,
-     SSL_kDHE, SSL_aRSA, SSL_DES, SSL_SHA1, SSL_SSLV3, SSL_NOT_EXP | SSL_LOW,
-     0, 0, 0,},
-    {0, SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA, 0,
-     SSL_kDHE, SSL_aRSA, SSL_3DES, SSL_SHA1, SSL_SSLV3,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 0, 0, 0,},
+    {0, SSL_TXT_FIPS, NULL, 0, 0, 0, ~SSL_eNULL, 0, 0, 0, 0, 0, SSL_FIPS},
+
+    /* "EDH-" aliases to "DHE-" labels (for backward compatibility) */
+    {0, SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, NULL, 0,
+     SSL_kDHE, SSL_aDSS, SSL_3DES, SSL_SHA1, 0, 0, 0, 0, SSL_HIGH | SSL_FIPS},
+    {0, SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, NULL, 0,
+     SSL_kDHE, SSL_aRSA, SSL_3DES, SSL_SHA1, 0, 0, 0, 0, SSL_HIGH | SSL_FIPS},
+
 };
 
 /*
@@ -378,9 +324,8 @@ static int get_optional_pkey_id(const char *pkey_name)
     int pkey_id = 0;
     ameth = EVP_PKEY_asn1_find_str(NULL, pkey_name, -1);
     if (ameth && EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL,
-                                         ameth) > 0) {
+                                         ameth) > 0)
         return pkey_id;
-    }
     return 0;
 }
 
@@ -397,70 +342,110 @@ static int get_optional_pkey_id(const char *pkey_name)
                                     ameth) <= 0)
             pkey_id = 0;
     }
-    if (tmpeng)
-        ENGINE_finish(tmpeng);
+    ENGINE_finish(tmpeng);
     return pkey_id;
 }
 
 #endif
 
-void ssl_load_ciphers(void)
+/* masks of disabled algorithms */
+static uint32_t disabled_enc_mask;
+static uint32_t disabled_mac_mask;
+static uint32_t disabled_mkey_mask;
+static uint32_t disabled_auth_mask;
+
+int ssl_load_ciphers(void)
 {
-    ssl_cipher_methods[SSL_ENC_DES_IDX] = EVP_get_cipherbyname(SN_des_cbc);
-    ssl_cipher_methods[SSL_ENC_3DES_IDX] =
-        EVP_get_cipherbyname(SN_des_ede3_cbc);
-    ssl_cipher_methods[SSL_ENC_RC4_IDX] = EVP_get_cipherbyname(SN_rc4);
-    ssl_cipher_methods[SSL_ENC_RC2_IDX] = EVP_get_cipherbyname(SN_rc2_cbc);
-#ifndef OPENSSL_NO_IDEA
-    ssl_cipher_methods[SSL_ENC_IDEA_IDX] = EVP_get_cipherbyname(SN_idea_cbc);
-#else
-    ssl_cipher_methods[SSL_ENC_IDEA_IDX] = NULL;
-#endif
-    ssl_cipher_methods[SSL_ENC_AES128_IDX] =
-        EVP_get_cipherbyname(SN_aes_128_cbc);
-    ssl_cipher_methods[SSL_ENC_AES256_IDX] =
-        EVP_get_cipherbyname(SN_aes_256_cbc);
-    ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] =
-        EVP_get_cipherbyname(SN_camellia_128_cbc);
-    ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] =
-        EVP_get_cipherbyname(SN_camellia_256_cbc);
-    ssl_cipher_methods[SSL_ENC_GOST89_IDX] =
-        EVP_get_cipherbyname(SN_gost89_cnt);
-    ssl_cipher_methods[SSL_ENC_SEED_IDX] = EVP_get_cipherbyname(SN_seed_cbc);
-
-    ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] =
-        EVP_get_cipherbyname(SN_aes_128_gcm);
-    ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] =
-        EVP_get_cipherbyname(SN_aes_256_gcm);
-
-    ssl_digest_methods[SSL_MD_MD5_IDX] = EVP_get_digestbyname(SN_md5);
-    ssl_mac_secret_size[SSL_MD_MD5_IDX] =
-        EVP_MD_size(ssl_digest_methods[SSL_MD_MD5_IDX]);
-    OPENSSL_assert(ssl_mac_secret_size[SSL_MD_MD5_IDX] >= 0);
-    ssl_digest_methods[SSL_MD_SHA1_IDX] = EVP_get_digestbyname(SN_sha1);
-    ssl_mac_secret_size[SSL_MD_SHA1_IDX] =
-        EVP_MD_size(ssl_digest_methods[SSL_MD_SHA1_IDX]);
-    OPENSSL_assert(ssl_mac_secret_size[SSL_MD_SHA1_IDX] >= 0);
-    ssl_digest_methods[SSL_MD_GOST94_IDX] =
-        EVP_get_digestbyname(SN_id_GostR3411_94);
-    if (ssl_digest_methods[SSL_MD_GOST94_IDX]) {
-        ssl_mac_secret_size[SSL_MD_GOST94_IDX] =
-            EVP_MD_size(ssl_digest_methods[SSL_MD_GOST94_IDX]);
-        OPENSSL_assert(ssl_mac_secret_size[SSL_MD_GOST94_IDX] >= 0);
+    size_t i;
+    const ssl_cipher_table *t;
+
+    disabled_enc_mask = 0;
+    ssl_sort_cipher_list();
+    for (i = 0, t = ssl_cipher_table_cipher; i < SSL_ENC_NUM_IDX; i++, t++) {
+        if (t->nid == NID_undef) {
+            ssl_cipher_methods[i] = NULL;
+        } else {
+            const EVP_CIPHER *cipher = EVP_get_cipherbynid(t->nid);
+            ssl_cipher_methods[i] = cipher;
+            if (cipher == NULL)
+                disabled_enc_mask |= t->mask;
+        }
+    }
+    disabled_mac_mask = 0;
+    for (i = 0, t = ssl_cipher_table_mac; i < SSL_MD_NUM_IDX; i++, t++) {
+        const EVP_MD *md = EVP_get_digestbynid(t->nid);
+        ssl_digest_methods[i] = md;
+        if (md == NULL) {
+            disabled_mac_mask |= t->mask;
+        } else {
+            int tmpsize = EVP_MD_size(md);
+            if (!ossl_assert(tmpsize >= 0))
+                return 0;
+            ssl_mac_secret_size[i] = tmpsize;
+        }
     }
-    ssl_digest_methods[SSL_MD_GOST89MAC_IDX] =
-        EVP_get_digestbyname(SN_id_Gost28147_89_MAC);
+    /* Make sure we can access MD5 and SHA1 */
+    if (!ossl_assert(ssl_digest_methods[SSL_MD_MD5_IDX] != NULL))
+        return 0;
+    if (!ossl_assert(ssl_digest_methods[SSL_MD_SHA1_IDX] != NULL))
+        return 0;
+
+    disabled_mkey_mask = 0;
+    disabled_auth_mask = 0;
+
+#ifdef OPENSSL_NO_RSA
+    disabled_mkey_mask |= SSL_kRSA | SSL_kRSAPSK;
+    disabled_auth_mask |= SSL_aRSA;
+#endif
+#ifdef OPENSSL_NO_DSA
+    disabled_auth_mask |= SSL_aDSS;
+#endif
+#ifdef OPENSSL_NO_DH
+    disabled_mkey_mask |= SSL_kDHE | SSL_kDHEPSK;
+#endif
+#ifdef OPENSSL_NO_EC
+    disabled_mkey_mask |= SSL_kECDHE | SSL_kECDHEPSK;
+    disabled_auth_mask |= SSL_aECDSA;
+#endif
+#ifdef OPENSSL_NO_PSK
+    disabled_mkey_mask |= SSL_PSK;
+    disabled_auth_mask |= SSL_aPSK;
+#endif
+#ifdef OPENSSL_NO_SRP
+    disabled_mkey_mask |= SSL_kSRP;
+#endif
+
+    /*
+     * Check for presence of GOST 34.10 algorithms, and if they are not
+     * present, disable appropriate auth and key exchange
+     */
     ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac");
-    if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) {
+    if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX])
         ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX] = 32;
-    }
+    else
+        disabled_mac_mask |= SSL_GOST89MAC;
 
-    ssl_digest_methods[SSL_MD_SHA256_IDX] = EVP_get_digestbyname(SN_sha256);
-    ssl_mac_secret_size[SSL_MD_SHA256_IDX] =
-        EVP_MD_size(ssl_digest_methods[SSL_MD_SHA256_IDX]);
-    ssl_digest_methods[SSL_MD_SHA384_IDX] = EVP_get_digestbyname(SN_sha384);
-    ssl_mac_secret_size[SSL_MD_SHA384_IDX] =
-        EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]);
+    ssl_mac_pkey_id[SSL_MD_GOST89MAC12_IDX] =
+        get_optional_pkey_id("gost-mac-12");
+    if (ssl_mac_pkey_id[SSL_MD_GOST89MAC12_IDX])
+        ssl_mac_secret_size[SSL_MD_GOST89MAC12_IDX] = 32;
+    else
+        disabled_mac_mask |= SSL_GOST89MAC12;
+
+    if (!get_optional_pkey_id("gost2001"))
+        disabled_auth_mask |= SSL_aGOST01 | SSL_aGOST12;
+    if (!get_optional_pkey_id("gost2012_256"))
+        disabled_auth_mask |= SSL_aGOST12;
+    if (!get_optional_pkey_id("gost2012_512"))
+        disabled_auth_mask |= SSL_aGOST12;
+    /*
+     * Disable GOST key exchange if no GOST signature algs are available *
+     */
+    if ((disabled_auth_mask & (SSL_aGOST01 | SSL_aGOST12)) ==
+        (SSL_aGOST01 | SSL_aGOST12))
+        disabled_mkey_mask |= SSL_kGOST;
+
+    return 1;
 }
 
 #ifndef OPENSSL_NO_COMP
@@ -470,157 +455,81 @@ static int sk_comp_cmp(const SSL_COMP *const *a, const SSL_COMP *const *b)
     return ((*a)->id - (*b)->id);
 }
 
-static void load_builtin_compressions(void)
+DEFINE_RUN_ONCE_STATIC(do_load_builtin_compressions)
 {
-    int got_write_lock = 0;
-
-    CRYPTO_r_lock(CRYPTO_LOCK_SSL);
-    if (ssl_comp_methods == NULL) {
-        CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
-        CRYPTO_w_lock(CRYPTO_LOCK_SSL);
-        got_write_lock = 1;
-
-        if (ssl_comp_methods == NULL) {
-            SSL_COMP *comp = NULL;
-
-            MemCheck_off();
-            ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp);
-            if (ssl_comp_methods != NULL) {
-                comp = (SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
-                if (comp != NULL) {
-                    comp->method = COMP_zlib();
-                    if (comp->method && comp->method->type == NID_undef)
-                        OPENSSL_free(comp);
-                    else {
-                        comp->id = SSL_COMP_ZLIB_IDX;
-                        comp->name = comp->method->name;
-                        sk_SSL_COMP_push(ssl_comp_methods, comp);
-                    }
-                }
-                sk_SSL_COMP_sort(ssl_comp_methods);
-            }
-            MemCheck_on();
+    SSL_COMP *comp = NULL;
+    COMP_METHOD *method = COMP_zlib();
+
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+    ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp);
+
+    if (COMP_get_type(method) != NID_undef && ssl_comp_methods != NULL) {
+        comp = OPENSSL_malloc(sizeof(*comp));
+        if (comp != NULL) {
+            comp->method = method;
+            comp->id = SSL_COMP_ZLIB_IDX;
+            comp->name = COMP_get_name(method);
+            sk_SSL_COMP_push(ssl_comp_methods, comp);
+            sk_SSL_COMP_sort(ssl_comp_methods);
         }
     }
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+    return 1;
+}
 
-    if (got_write_lock)
-        CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
-    else
-        CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
+static int load_builtin_compressions(void)
+{
+    return RUN_ONCE(&ssl_load_builtin_comp_once, do_load_builtin_compressions);
 }
 #endif
 
 int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
                        const EVP_MD **md, int *mac_pkey_type,
-                       int *mac_secret_size, SSL_COMP **comp)
+                       size_t *mac_secret_size, SSL_COMP **comp, int use_etm)
 {
     int i;
     const SSL_CIPHER *c;
 
     c = s->cipher;
     if (c == NULL)
-        return (0);
+        return 0;
     if (comp != NULL) {
         SSL_COMP ctmp;
 #ifndef OPENSSL_NO_COMP
-        load_builtin_compressions();
+        if (!load_builtin_compressions()) {
+            /*
+             * Currently don't care, since a failure only means that
+             * ssl_comp_methods is NULL, which is perfectly OK
+             */
+        }
 #endif
-
         *comp = NULL;
         ctmp.id = s->compress_meth;
         if (ssl_comp_methods != NULL) {
             i = sk_SSL_COMP_find(ssl_comp_methods, &ctmp);
-            if (i >= 0)
-                *comp = sk_SSL_COMP_value(ssl_comp_methods, i);
-            else
-                *comp = NULL;
+            *comp = sk_SSL_COMP_value(ssl_comp_methods, i);
         }
+        /* If were only interested in comp then return success */
+        if ((enc == NULL) && (md == NULL))
+            return 1;
     }
 
     if ((enc == NULL) || (md == NULL))
-        return (0);
+        return 0;
 
-    switch (c->algorithm_enc) {
-    case SSL_DES:
-        i = SSL_ENC_DES_IDX;
-        break;
-    case SSL_3DES:
-        i = SSL_ENC_3DES_IDX;
-        break;
-    case SSL_RC4:
-        i = SSL_ENC_RC4_IDX;
-        break;
-    case SSL_RC2:
-        i = SSL_ENC_RC2_IDX;
-        break;
-    case SSL_IDEA:
-        i = SSL_ENC_IDEA_IDX;
-        break;
-    case SSL_eNULL:
-        i = SSL_ENC_NULL_IDX;
-        break;
-    case SSL_AES128:
-        i = SSL_ENC_AES128_IDX;
-        break;
-    case SSL_AES256:
-        i = SSL_ENC_AES256_IDX;
-        break;
-    case SSL_CAMELLIA128:
-        i = SSL_ENC_CAMELLIA128_IDX;
-        break;
-    case SSL_CAMELLIA256:
-        i = SSL_ENC_CAMELLIA256_IDX;
-        break;
-    case SSL_eGOST2814789CNT:
-        i = SSL_ENC_GOST89_IDX;
-        break;
-    case SSL_SEED:
-        i = SSL_ENC_SEED_IDX;
-        break;
-    case SSL_AES128GCM:
-        i = SSL_ENC_AES128GCM_IDX;
-        break;
-    case SSL_AES256GCM:
-        i = SSL_ENC_AES256GCM_IDX;
-        break;
-    default:
-        i = -1;
-        break;
-    }
+    i = ssl_cipher_info_lookup(ssl_cipher_table_cipher, c->algorithm_enc);
 
-    if ((i < 0) || (i >= SSL_ENC_NUM_IDX))
+    if (i == -1) {
         *enc = NULL;
-    else {
+    } else {
         if (i == SSL_ENC_NULL_IDX)
             *enc = EVP_enc_null();
         else
             *enc = ssl_cipher_methods[i];
     }
 
-    switch (c->algorithm_mac) {
-    case SSL_MD5:
-        i = SSL_MD_MD5_IDX;
-        break;
-    case SSL_SHA1:
-        i = SSL_MD_SHA1_IDX;
-        break;
-    case SSL_SHA256:
-        i = SSL_MD_SHA256_IDX;
-        break;
-    case SSL_SHA384:
-        i = SSL_MD_SHA384_IDX;
-        break;
-    case SSL_GOST94:
-        i = SSL_MD_GOST94_IDX;
-        break;
-    case SSL_GOST89MAC:
-        i = SSL_MD_GOST89MAC_IDX;
-        break;
-    default:
-        i = -1;
-        break;
-    }
-    if ((i < 0) || (i >= SSL_MD_NUM_IDX)) {
+    i = ssl_cipher_info_lookup(ssl_cipher_table_mac, c->algorithm_mac);
+    if (i == -1) {
         *md = NULL;
         if (mac_pkey_type != NULL)
             *mac_pkey_type = NID_undef;
@@ -641,14 +550,12 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
         && (!mac_pkey_type || *mac_pkey_type != NID_undef)) {
         const EVP_CIPHER *evp;
 
-        if (s->ssl_version >> 8 != TLS1_VERSION_MAJOR ||
-            s->ssl_version < TLS1_VERSION)
+        if (use_etm)
             return 1;
 
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode())
+        if (s->ssl_version >> 8 != TLS1_VERSION_MAJOR ||
+            s->ssl_version < TLS1_VERSION)
             return 1;
-#endif
 
         if (c->algorithm_enc == SSL_RC4 &&
             c->algorithm_mac == SSL_MD5 &&
@@ -670,22 +577,28 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
                  c->algorithm_mac == SSL_SHA256 &&
                  (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA256")))
             *enc = evp, *md = NULL;
-        return (1);
-    } else
-        return (0);
+        return 1;
+    } else {
+        return 0;
+    }
 }
 
-int ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md)
+const EVP_MD *ssl_md(int idx)
 {
-    if (idx < 0 || idx >= SSL_MD_NUM_IDX) {
-        return 0;
-    }
-    *mask = ssl_handshake_digest_flag[idx];
-    if (*mask)
-        *md = ssl_digest_methods[idx];
-    else
-        *md = NULL;
-    return 1;
+    idx &= SSL_HANDSHAKE_MAC_MASK;
+    if (idx < 0 || idx >= SSL_MD_NUM_IDX)
+        return NULL;
+    return ssl_digest_methods[idx];
+}
+
+const EVP_MD *ssl_handshake_md(SSL *s)
+{
+    return ssl_md(ssl_get_algorithm2(s));
+}
+
+const EVP_MD *ssl_prf_md(SSL *s)
+{
+    return ssl_md(ssl_get_algorithm2(s) >> TLS1_PRF_DGST_SHIFT);
 }
 
 #define ITEM_SEP(a) \
@@ -725,107 +638,12 @@ static void ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr,
     *head = curr;
 }
 
-static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth,
-                                    unsigned long *enc, unsigned long *mac,
-                                    unsigned long *ssl)
-{
-    *mkey = 0;
-    *auth = 0;
-    *enc = 0;
-    *mac = 0;
-    *ssl = 0;
-
-#ifdef OPENSSL_NO_RSA
-    *mkey |= SSL_kRSA;
-    *auth |= SSL_aRSA;
-#endif
-#ifdef OPENSSL_NO_DSA
-    *auth |= SSL_aDSS;
-#endif
-#ifdef OPENSSL_NO_DH
-    *mkey |= SSL_kDHr | SSL_kDHd | SSL_kEDH;
-    *auth |= SSL_aDH;
-#endif
-#ifdef OPENSSL_NO_KRB5
-    *mkey |= SSL_kKRB5;
-    *auth |= SSL_aKRB5;
-#endif
-#ifdef OPENSSL_NO_ECDSA
-    *auth |= SSL_aECDSA;
-#endif
-#ifdef OPENSSL_NO_ECDH
-    *mkey |= SSL_kECDHe | SSL_kECDHr;
-    *auth |= SSL_aECDH;
-#endif
-#ifdef OPENSSL_NO_PSK
-    *mkey |= SSL_kPSK;
-    *auth |= SSL_aPSK;
-#endif
-#ifdef OPENSSL_NO_SRP
-    *mkey |= SSL_kSRP;
-#endif
-    /*
-     * Check for presence of GOST 34.10 algorithms, and if they do not
-     * present, disable appropriate auth and key exchange
-     */
-    if (!get_optional_pkey_id("gost94")) {
-        *auth |= SSL_aGOST94;
-    }
-    if (!get_optional_pkey_id("gost2001")) {
-        *auth |= SSL_aGOST01;
-    }
-    /*
-     * Disable GOST key exchange if no GOST signature algs are available *
-     */
-    if ((*auth & (SSL_aGOST94 | SSL_aGOST01)) == (SSL_aGOST94 | SSL_aGOST01)) {
-        *mkey |= SSL_kGOST;
-    }
-#ifdef SSL_FORBID_ENULL
-    *enc |= SSL_eNULL;
-#endif
-
-    *enc |= (ssl_cipher_methods[SSL_ENC_DES_IDX] == NULL) ? SSL_DES : 0;
-    *enc |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES : 0;
-    *enc |= (ssl_cipher_methods[SSL_ENC_RC4_IDX] == NULL) ? SSL_RC4 : 0;
-    *enc |= (ssl_cipher_methods[SSL_ENC_RC2_IDX] == NULL) ? SSL_RC2 : 0;
-    *enc |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA : 0;
-    *enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128 : 0;
-    *enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256 : 0;
-    *enc |=
-        (ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] ==
-         NULL) ? SSL_AES128GCM : 0;
-    *enc |=
-        (ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] ==
-         NULL) ? SSL_AES256GCM : 0;
-    *enc |=
-        (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] ==
-         NULL) ? SSL_CAMELLIA128 : 0;
-    *enc |=
-        (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] ==
-         NULL) ? SSL_CAMELLIA256 : 0;
-    *enc |=
-        (ssl_cipher_methods[SSL_ENC_GOST89_IDX] ==
-         NULL) ? SSL_eGOST2814789CNT : 0;
-    *enc |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED : 0;
-
-    *mac |= (ssl_digest_methods[SSL_MD_MD5_IDX] == NULL) ? SSL_MD5 : 0;
-    *mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1 : 0;
-    *mac |= (ssl_digest_methods[SSL_MD_SHA256_IDX] == NULL) ? SSL_SHA256 : 0;
-    *mac |= (ssl_digest_methods[SSL_MD_SHA384_IDX] == NULL) ? SSL_SHA384 : 0;
-    *mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94 : 0;
-    *mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL
-             || ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] ==
-             NID_undef) ? SSL_GOST89MAC : 0;
-
-}
-
 static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
                                        int num_of_ciphers,
-                                       unsigned long disabled_mkey,
-                                       unsigned long disabled_auth,
-                                       unsigned long disabled_enc,
-                                       unsigned long disabled_mac,
-                                       unsigned long disabled_ssl,
+                                       uint32_t disabled_mkey,
+                                       uint32_t disabled_auth,
+                                       uint32_t disabled_enc,
+                                       uint32_t disabled_mac,
                                        CIPHER_ORDER *co_list,
                                        CIPHER_ORDER **head_p,
                                        CIPHER_ORDER **tail_p)
@@ -835,7 +653,7 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
 
     /*
      * We have num_of_ciphers descriptions compiled in, depending on the
-     * method selected (SSLv2 and/or SSLv3, TLSv1 etc).
+     * method selected (SSLv3, TLSv1 etc).
      * These will later be sorted in a linked list with at most num
      * entries.
      */
@@ -845,28 +663,25 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
     for (i = 0; i < num_of_ciphers; i++) {
         c = ssl_method->get_cipher(i);
         /* drop those that use any of that is not available */
-        if ((c != NULL) && c->valid &&
-#ifdef OPENSSL_FIPS
-            (!FIPS_mode() || (c->algo_strength & SSL_FIPS)) &&
-#endif
-            !(c->algorithm_mkey & disabled_mkey) &&
-            !(c->algorithm_auth & disabled_auth) &&
-            !(c->algorithm_enc & disabled_enc) &&
-            !(c->algorithm_mac & disabled_mac) &&
-            !(c->algorithm_ssl & disabled_ssl)) {
-            co_list[co_list_num].cipher = c;
-            co_list[co_list_num].next = NULL;
-            co_list[co_list_num].prev = NULL;
-            co_list[co_list_num].active = 0;
-            co_list_num++;
-#ifdef KSSL_DEBUG
-            fprintf(stderr, "\t%d: %s %lx %lx %lx\n", i, c->name, c->id,
-                    c->algorithm_mkey, c->algorithm_auth);
-#endif                          /* KSSL_DEBUG */
-            /*
-             * if (!sk_push(ca_list,(char *)c)) goto err;
-             */
-        }
+        if (c == NULL || !c->valid)
+            continue;
+        if ((c->algorithm_mkey & disabled_mkey) ||
+            (c->algorithm_auth & disabled_auth) ||
+            (c->algorithm_enc & disabled_enc) ||
+            (c->algorithm_mac & disabled_mac))
+            continue;
+        if (((ssl_method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) == 0) &&
+            c->min_tls == 0)
+            continue;
+        if (((ssl_method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) != 0) &&
+            c->min_dtls == 0)
+            continue;
+
+        co_list[co_list_num].cipher = c;
+        co_list[co_list_num].next = NULL;
+        co_list[co_list_num].prev = NULL;
+        co_list[co_list_num].active = 0;
+        co_list_num++;
     }
 
     /*
@@ -895,21 +710,19 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
 
 static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list,
                                        int num_of_group_aliases,
-                                       unsigned long disabled_mkey,
-                                       unsigned long disabled_auth,
-                                       unsigned long disabled_enc,
-                                       unsigned long disabled_mac,
-                                       unsigned long disabled_ssl,
+                                       uint32_t disabled_mkey,
+                                       uint32_t disabled_auth,
+                                       uint32_t disabled_enc,
+                                       uint32_t disabled_mac,
                                        CIPHER_ORDER *head)
 {
     CIPHER_ORDER *ciph_curr;
     const SSL_CIPHER **ca_curr;
     int i;
-    unsigned long mask_mkey = ~disabled_mkey;
-    unsigned long mask_auth = ~disabled_auth;
-    unsigned long mask_enc = ~disabled_enc;
-    unsigned long mask_mac = ~disabled_mac;
-    unsigned long mask_ssl = ~disabled_ssl;
+    uint32_t mask_mkey = ~disabled_mkey;
+    uint32_t mask_auth = ~disabled_auth;
+    uint32_t mask_enc = ~disabled_enc;
+    uint32_t mask_mac = ~disabled_mac;
 
     /*
      * First, add the real ciphers as already collected
@@ -929,11 +742,10 @@ static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list,
      * or represent a cipher strength value (will be added in any case because algorithms=0).
      */
     for (i = 0; i < num_of_group_aliases; i++) {
-        unsigned long algorithm_mkey = cipher_aliases[i].algorithm_mkey;
-        unsigned long algorithm_auth = cipher_aliases[i].algorithm_auth;
-        unsigned long algorithm_enc = cipher_aliases[i].algorithm_enc;
-        unsigned long algorithm_mac = cipher_aliases[i].algorithm_mac;
-        unsigned long algorithm_ssl = cipher_aliases[i].algorithm_ssl;
+        uint32_t algorithm_mkey = cipher_aliases[i].algorithm_mkey;
+        uint32_t algorithm_auth = cipher_aliases[i].algorithm_auth;
+        uint32_t algorithm_enc = cipher_aliases[i].algorithm_enc;
+        uint32_t algorithm_mac = cipher_aliases[i].algorithm_mac;
 
         if (algorithm_mkey)
             if ((algorithm_mkey & mask_mkey) == 0)
@@ -951,10 +763,6 @@ static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list,
             if ((algorithm_mac & mask_mac) == 0)
                 continue;
 
-        if (algorithm_ssl)
-            if ((algorithm_ssl & mask_ssl) == 0)
-                continue;
-
         *ca_curr = (SSL_CIPHER *)(cipher_aliases + i);
         ca_curr++;
     }
@@ -962,14 +770,11 @@ static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list,
     *ca_curr = NULL;            /* end of list */
 }
 
-static void ssl_cipher_apply_rule(unsigned long cipher_id,
-                                  unsigned long alg_mkey,
-                                  unsigned long alg_auth,
-                                  unsigned long alg_enc,
-                                  unsigned long alg_mac,
-                                  unsigned long alg_ssl,
-                                  unsigned long algo_strength, int rule,
-                                  int strength_bits, CIPHER_ORDER **head_p,
+static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
+                                  uint32_t alg_auth, uint32_t alg_enc,
+                                  uint32_t alg_mac, int min_tls,
+                                  uint32_t algo_strength, int rule,
+                                  int32_t strength_bits, CIPHER_ORDER **head_p,
                                   CIPHER_ORDER **tail_p)
 {
     CIPHER_ORDER *head, *tail, *curr, *next, *last;
@@ -978,14 +783,14 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
 
 #ifdef CIPHER_DEBUG
     fprintf(stderr,
-            "Applying rule %d with %08lx/%08lx/%08lx/%08lx/%08lx %08lx (%d)\n",
-            rule, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl,
+            "Applying rule %d with %08x/%08x/%08x/%08x/%08x %08x (%d)\n",
+            rule, alg_mkey, alg_auth, alg_enc, alg_mac, min_tls,
             algo_strength, strength_bits);
 #endif
 
-    if (rule == CIPHER_DEL)
-        reverse = 1;            /* needed to maintain sorting between
-                                 * currently deleted ciphers */
+    if (rule == CIPHER_DEL || rule == CIPHER_BUMP)
+        reverse = 1;            /* needed to maintain sorting between currently
+                                 * deleted ciphers */
 
     head = *head_p;
     tail = *tail_p;
@@ -1022,15 +827,13 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
         } else {
 #ifdef CIPHER_DEBUG
             fprintf(stderr,
-                    "\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n",
+                    "\nName: %s:\nAlgo = %08x/%08x/%08x/%08x/%08x Algo_strength = %08x\n",
                     cp->name, cp->algorithm_mkey, cp->algorithm_auth,
-                    cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl,
+                    cp->algorithm_enc, cp->algorithm_mac, cp->min_tls,
                     cp->algo_strength);
 #endif
-#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
-            if (cipher_id && cipher_id != cp->id)
+            if (cipher_id != 0 && (cipher_id != cp->id))
                 continue;
-#endif
             if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
                 continue;
             if (alg_auth && !(alg_auth & cp->algorithm_auth))
@@ -1039,16 +842,13 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
                 continue;
             if (alg_mac && !(alg_mac & cp->algorithm_mac))
                 continue;
-            if (alg_ssl && !(alg_ssl & cp->algorithm_ssl))
-                continue;
-            if ((algo_strength & SSL_EXP_MASK)
-                && !(algo_strength & SSL_EXP_MASK & cp->algo_strength))
+            if (min_tls && (min_tls != cp->min_tls))
                 continue;
             if ((algo_strength & SSL_STRONG_MASK)
                 && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength))
                 continue;
-            if ((algo_strength & SSL_NOT_DEFAULT)
-                && !(cp->algo_strength & SSL_NOT_DEFAULT))
+            if ((algo_strength & SSL_DEFAULT_MASK)
+                && !(algo_strength & SSL_DEFAULT_MASK & cp->algo_strength))
                 continue;
         }
 
@@ -1081,6 +881,9 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
                 ll_append_head(&head, curr, &tail);
                 curr->active = 0;
             }
+        } else if (rule == CIPHER_BUMP) {
+            if (curr->active)
+                ll_append_head(&head, curr, &tail);
         } else if (rule == CIPHER_KILL) {
             /* reverse == 0 */
             if (head == curr)
@@ -1106,7 +909,8 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
 static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
                                     CIPHER_ORDER **tail_p)
 {
-    int max_strength_bits, i, *number_uses;
+    int32_t max_strength_bits;
+    int i, *number_uses;
     CIPHER_ORDER *curr;
 
     /*
@@ -1122,12 +926,11 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
         curr = curr->next;
     }
 
-    number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int));
-    if (!number_uses) {
+    number_uses = OPENSSL_zalloc(sizeof(int) * (max_strength_bits + 1));
+    if (number_uses == NULL) {
         SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT, ERR_R_MALLOC_FAILURE);
-        return (0);
+        return 0;
     }
-    memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int));
 
     /*
      * Now find the strength_bits values actually used
@@ -1148,24 +951,24 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
                                   tail_p);
 
     OPENSSL_free(number_uses);
-    return (1);
+    return 1;
 }
 
 static int ssl_cipher_process_rulestr(const char *rule_str,
                                       CIPHER_ORDER **head_p,
                                       CIPHER_ORDER **tail_p,
-                                      const SSL_CIPHER **ca_list)
+                                      const SSL_CIPHER **ca_list, CERT *c)
 {
-    unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl,
-        algo_strength;
+    uint32_t alg_mkey, alg_auth, alg_enc, alg_mac, algo_strength;
+    int min_tls;
     const char *l, *buf;
     int j, multi, found, rule, retval, ok, buflen;
-    unsigned long cipher_id = 0;
+    uint32_t cipher_id = 0;
     char ch;
 
     retval = 1;
     l = rule_str;
-    for (;;) {
+    for ( ; ; ) {
         ch = *l;
 
         if (ch == '\0')
@@ -1195,7 +998,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
         alg_auth = 0;
         alg_enc = 0;
         alg_mac = 0;
-        alg_ssl = 0;
+        min_tls = 0;
         algo_strength = 0;
 
         for (;;) {
@@ -1205,9 +1008,11 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
 #ifndef CHARSET_EBCDIC
             while (((ch >= 'A') && (ch <= 'Z')) ||
                    ((ch >= '0') && (ch <= '9')) ||
-                   ((ch >= 'a') && (ch <= 'z')) || (ch == '-') || (ch == '.'))
+                   ((ch >= 'a') && (ch <= 'z')) ||
+                   (ch == '-') || (ch == '.') || (ch == '='))
 #else
-            while (isalnum((unsigned char)ch) || (ch == '-') || (ch == '.'))
+            while (isalnum((unsigned char)ch) || (ch == '-') || (ch == '.')
+                   || (ch == '='))
 #endif
             {
                 ch = *(++l);
@@ -1220,8 +1025,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
                  * it is no command or separator nor
                  * alphanumeric, so we call this an error.
                  */
-                SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
-                       SSL_R_INVALID_COMMAND);
+                SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, SSL_R_INVALID_COMMAND);
                 retval = found = 0;
                 l++;
                 break;
@@ -1236,8 +1040,9 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
             if (ch == '+') {
                 multi = 1;
                 l++;
-            } else
+            } else {
                 multi = 0;
+            }
 
             /*
              * Now search for the cipher alias in the ca_list. Be careful
@@ -1253,8 +1058,8 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
             j = found = 0;
             cipher_id = 0;
             while (ca_list[j]) {
-                if (!strncmp(buf, ca_list[j]->name, buflen) &&
-                    (ca_list[j]->name[buflen] == '\0')) {
+                if (strncmp(buf, ca_list[j]->name, buflen) == 0
+                    && (ca_list[j]->name[buflen] == '\0')) {
                     found = 1;
                     break;
                 } else
@@ -1271,8 +1076,9 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
                         found = 0;
                         break;
                     }
-                } else
+                } else {
                     alg_mkey = ca_list[j]->algorithm_mkey;
+                }
             }
 
             if (ca_list[j]->algorithm_auth) {
@@ -1282,8 +1088,9 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
                         found = 0;
                         break;
                     }
-                } else
+                } else {
                     alg_auth = ca_list[j]->algorithm_auth;
+                }
             }
 
             if (ca_list[j]->algorithm_enc) {
@@ -1293,8 +1100,9 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
                         found = 0;
                         break;
                     }
-                } else
+                } else {
                     alg_enc = ca_list[j]->algorithm_enc;
+                }
             }
 
             if (ca_list[j]->algorithm_mac) {
@@ -1304,21 +1112,9 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
                         found = 0;
                         break;
                     }
-                } else
+                } else {
                     alg_mac = ca_list[j]->algorithm_mac;
-            }
-
-            if (ca_list[j]->algo_strength & SSL_EXP_MASK) {
-                if (algo_strength & SSL_EXP_MASK) {
-                    algo_strength &=
-                        (ca_list[j]->algo_strength & SSL_EXP_MASK) |
-                        ~SSL_EXP_MASK;
-                    if (!(algo_strength & SSL_EXP_MASK)) {
-                        found = 0;
-                        break;
-                    }
-                } else
-                    algo_strength |= ca_list[j]->algo_strength & SSL_EXP_MASK;
+                }
             }
 
             if (ca_list[j]->algo_strength & SSL_STRONG_MASK) {
@@ -1330,13 +1126,24 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
                         found = 0;
                         break;
                     }
-                } else
-                    algo_strength |=
-                        ca_list[j]->algo_strength & SSL_STRONG_MASK;
+                } else {
+                    algo_strength = ca_list[j]->algo_strength & SSL_STRONG_MASK;
+                }
             }
 
-            if (ca_list[j]->algo_strength & SSL_NOT_DEFAULT) {
-                algo_strength |= SSL_NOT_DEFAULT;
+            if (ca_list[j]->algo_strength & SSL_DEFAULT_MASK) {
+                if (algo_strength & SSL_DEFAULT_MASK) {
+                    algo_strength &=
+                        (ca_list[j]->algo_strength & SSL_DEFAULT_MASK) |
+                        ~SSL_DEFAULT_MASK;
+                    if (!(algo_strength & SSL_DEFAULT_MASK)) {
+                        found = 0;
+                        break;
+                    }
+                } else {
+                    algo_strength |=
+                        ca_list[j]->algo_strength & SSL_DEFAULT_MASK;
+                }
             }
 
             if (ca_list[j]->valid) {
@@ -1352,15 +1159,13 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
                  * protocol version is considered part of the search pattern
                  */
 
-                if (ca_list[j]->algorithm_ssl) {
-                    if (alg_ssl) {
-                        alg_ssl &= ca_list[j]->algorithm_ssl;
-                        if (!alg_ssl) {
-                            found = 0;
-                            break;
-                        }
-                    } else
-                        alg_ssl = ca_list[j]->algorithm_ssl;
+                if (ca_list[j]->min_tls) {
+                    if (min_tls != 0 && min_tls != ca_list[j]->min_tls) {
+                        found = 0;
+                        break;
+                    } else {
+                        min_tls = ca_list[j]->min_tls;
+                    }
                 }
             }
 
@@ -1373,11 +1178,20 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
          */
         if (rule == CIPHER_SPECIAL) { /* special command */
             ok = 0;
-            if ((buflen == 8) && !strncmp(buf, "STRENGTH", 8))
+            if ((buflen == 8) && strncmp(buf, "STRENGTH", 8) == 0) {
                 ok = ssl_cipher_strength_sort(head_p, tail_p);
-            else
-                SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
-                       SSL_R_INVALID_COMMAND);
+            } else if (buflen == 10 && strncmp(buf, "SECLEVEL=", 9) == 0) {
+                int level = buf[9] - '0';
+                if (level < 0 || level > 5) {
+                    SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
+                           SSL_R_INVALID_COMMAND);
+                } else {
+                    c->sec_level = level;
+                    ok = 1;
+                }
+            } else {
+                SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, SSL_R_INVALID_COMMAND);
+            }
             if (ok == 0)
                 retval = 0;
             /*
@@ -1391,7 +1205,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
         } else if (found) {
             ssl_cipher_apply_rule(cipher_id,
                                   alg_mkey, alg_auth, alg_enc, alg_mac,
-                                  alg_ssl, algo_strength, rule, -1, head_p,
+                                  min_tls, algo_strength, rule, -1, head_p,
                                   tail_p);
         } else {
             while ((*l != '\0') && !ITEM_SEP(*l))
@@ -1401,7 +1215,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
             break;              /* done */
     }
 
-    return (retval);
+    return retval;
 }
 
 #ifndef OPENSSL_NO_EC
@@ -1423,23 +1237,20 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
     if (suiteb_flags) {
         c->cert_flags &= ~SSL_CERT_FLAG_SUITEB_128_LOS;
         c->cert_flags |= suiteb_flags;
-    } else
+    } else {
         suiteb_flags = c->cert_flags & SSL_CERT_FLAG_SUITEB_128_LOS;
+    }
 
     if (!suiteb_flags)
         return 1;
     /* Check version: if TLS 1.2 ciphers allowed we can use Suite B */
 
     if (!(meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS)) {
-        if (meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)
-            SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST,
-                   SSL_R_ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE);
-        else
-            SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST,
-                   SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE);
+        SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST,
+               SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE);
         return 0;
     }
-# ifndef OPENSSL_NO_ECDH
+# ifndef OPENSSL_NO_EC
     switch (suiteb_flags) {
     case SSL_CERT_FLAG_SUITEB_128_LOS:
         if (suiteb_comb2)
@@ -1455,26 +1266,149 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
         *prule_str = "ECDHE-ECDSA-AES256-GCM-SHA384";
         break;
     }
-    /* Set auto ECDH parameter determination */
-    c->ecdh_tmp_auto = 1;
     return 1;
 # else
-    SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST,
-           SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE);
+    SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST, SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE);
     return 0;
 # endif
 }
 #endif
 
-STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK_OF(SSL_CIPHER)
-                                             **cipher_list, STACK_OF(SSL_CIPHER)
-                                             **cipher_list_by_id,
-                                             const char *rule_str, CERT *c)
+static int ciphersuite_cb(const char *elem, int len, void *arg)
+{
+    STACK_OF(SSL_CIPHER) *ciphersuites = (STACK_OF(SSL_CIPHER) *)arg;
+    const SSL_CIPHER *cipher;
+    /* Arbitrary sized temp buffer for the cipher name. Should be big enough */
+    char name[80];
+
+    if (len > (int)(sizeof(name) - 1)) {
+        SSLerr(SSL_F_CIPHERSUITE_CB, SSL_R_NO_CIPHER_MATCH);
+        return 0;
+    }
+
+    memcpy(name, elem, len);
+    name[len] = '\0';
+
+    cipher = ssl3_get_cipher_by_std_name(name);
+    if (cipher == NULL) {
+        SSLerr(SSL_F_CIPHERSUITE_CB, SSL_R_NO_CIPHER_MATCH);
+        return 0;
+    }
+
+    if (!sk_SSL_CIPHER_push(ciphersuites, cipher)) {
+        SSLerr(SSL_F_CIPHERSUITE_CB, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    return 1;
+}
+
+int set_ciphersuites(STACK_OF(SSL_CIPHER) **currciphers, const char *str)
+{
+    STACK_OF(SSL_CIPHER) *newciphers = sk_SSL_CIPHER_new_null();
+
+    if (newciphers == NULL)
+        return 0;
+
+    /* Parse the list. We explicitly allow an empty list */
+    if (*str != '\0'
+            && !CONF_parse_list(str, ':', 1, ciphersuite_cb, newciphers)) {
+        sk_SSL_CIPHER_free(newciphers);
+        return 0;
+    }
+    sk_SSL_CIPHER_free(*currciphers);
+    *currciphers = newciphers;
+
+    return 1;
+}
+
+static int update_cipher_list_by_id(STACK_OF(SSL_CIPHER) **cipher_list_by_id,
+                                    STACK_OF(SSL_CIPHER) *cipherstack)
+{
+    STACK_OF(SSL_CIPHER) *tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack);
+
+    if (tmp_cipher_list == NULL) {
+        return 0;
+    }
+
+    sk_SSL_CIPHER_free(*cipher_list_by_id);
+    *cipher_list_by_id = tmp_cipher_list;
+
+    (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id, ssl_cipher_ptr_id_cmp);
+    sk_SSL_CIPHER_sort(*cipher_list_by_id);
+
+    return 1;
+}
+
+static int update_cipher_list(STACK_OF(SSL_CIPHER) **cipher_list,
+                              STACK_OF(SSL_CIPHER) **cipher_list_by_id,
+                              STACK_OF(SSL_CIPHER) *tls13_ciphersuites)
+{
+    int i;
+    STACK_OF(SSL_CIPHER) *tmp_cipher_list = sk_SSL_CIPHER_dup(*cipher_list);
+
+    if (tmp_cipher_list == NULL)
+        return 0;
+
+    /*
+     * Delete any existing TLSv1.3 ciphersuites. These are always first in the
+     * list.
+     */
+    while (sk_SSL_CIPHER_num(tmp_cipher_list) > 0
+           && sk_SSL_CIPHER_value(tmp_cipher_list, 0)->min_tls
+              == TLS1_3_VERSION)
+        sk_SSL_CIPHER_delete(tmp_cipher_list, 0);
+
+    /* Insert the new TLSv1.3 ciphersuites */
+    for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++)
+        sk_SSL_CIPHER_insert(tmp_cipher_list,
+                             sk_SSL_CIPHER_value(tls13_ciphersuites, i), i);
+
+    if (!update_cipher_list_by_id(cipher_list_by_id, tmp_cipher_list))
+        return 0;
+
+    sk_SSL_CIPHER_free(*cipher_list);
+    *cipher_list = tmp_cipher_list;
+
+    return 1;
+}
+
+int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str)
+{
+    int ret = set_ciphersuites(&(ctx->tls13_ciphersuites), str);
+
+    if (ret && ctx->cipher_list != NULL) {
+        /* We already have a cipher_list, so we need to update it */
+        return update_cipher_list(&ctx->cipher_list, &ctx->cipher_list_by_id,
+                                  ctx->tls13_ciphersuites);
+    }
+
+    return ret;
+}
+
+int SSL_set_ciphersuites(SSL *s, const char *str)
 {
-    int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
-    unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac,
-        disabled_ssl;
-    STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
+    int ret = set_ciphersuites(&(s->tls13_ciphersuites), str);
+
+    if (ret && s->cipher_list != NULL) {
+        /* We already have a cipher_list, so we need to update it */
+        return update_cipher_list(&s->cipher_list, &s->cipher_list_by_id,
+                                  s->tls13_ciphersuites);
+    }
+
+    return ret;
+}
+
+STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
+                                             STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
+                                             STACK_OF(SSL_CIPHER) **cipher_list,
+                                             STACK_OF(SSL_CIPHER) **cipher_list_by_id,
+                                             const char *rule_str,
+                                             CERT *c)
+{
+    int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases, i;
+    uint32_t disabled_mkey, disabled_auth, disabled_enc, disabled_mac;
+    STACK_OF(SSL_CIPHER) *cipherstack;
     const char *rule_p;
     CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
     const SSL_CIPHER **ca_list = NULL;
@@ -1493,8 +1427,11 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
      * To reduce the work to do we only want to process the compiled
      * in algorithms, so we first get the mask of disabled ciphers.
      */
-    ssl_cipher_get_disabled(&disabled_mkey, &disabled_auth, &disabled_enc,
-                            &disabled_mac, &disabled_ssl);
+
+    disabled_mkey = disabled_mkey_mask;
+    disabled_auth = disabled_auth_mask;
+    disabled_enc = disabled_enc_mask;
+    disabled_mac = disabled_mac_mask;
 
     /*
      * Now we have to collect the available ciphers from the compiled
@@ -1502,36 +1439,46 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
      * it is used for allocation.
      */
     num_of_ciphers = ssl_method->num_ciphers();
-#ifdef KSSL_DEBUG
-    fprintf(stderr, "ssl_create_cipher_list() for %d ciphers\n",
-            num_of_ciphers);
-#endif                          /* KSSL_DEBUG */
-    co_list =
-        (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
+
+    co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers);
     if (co_list == NULL) {
         SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
-        return (NULL);          /* Failure */
+        return NULL;          /* Failure */
     }
 
     ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
                                disabled_mkey, disabled_auth, disabled_enc,
-                               disabled_mac, disabled_ssl, co_list, &head,
-                               &tail);
+                               disabled_mac, co_list, &head, &tail);
 
-    /* Now arrange all ciphers by preference: */
+    /* Now arrange all ciphers by preference. */
 
     /*
      * Everything else being equal, prefer ephemeral ECDH over other key
-     * exchange mechanisms
+     * exchange mechanisms.
+     * For consistency, prefer ECDSA over RSA (though this only matters if the
+     * server has both certificates, and is using the DEFAULT, or a client
+     * preference).
      */
-    ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head,
+    ssl_cipher_apply_rule(0, SSL_kECDHE, SSL_aECDSA, 0, 0, 0, 0, CIPHER_ADD,
+                          -1, &head, &tail);
+    ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head,
                           &tail);
-    ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head,
+    ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head,
                           &tail);
 
-    /* AES is our preferred symmetric cipher */
-    ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head,
-                          &tail);
+    /* Within each strength group, we prefer GCM over CHACHA... */
+    ssl_cipher_apply_rule(0, 0, 0, SSL_AESGCM, 0, 0, 0, CIPHER_ADD, -1,
+                          &head, &tail);
+    ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20, 0, 0, 0, CIPHER_ADD, -1,
+                          &head, &tail);
+
+    /*
+     * ...and generally, our preferred cipher is AES.
+     * Note that AEADs will be bumped to take preference after sorting by
+     * strength.
+     */
+    ssl_cipher_apply_rule(0, 0, 0, SSL_AES ^ SSL_AESGCM, 0, 0, 0, CIPHER_ADD,
+                          -1, &head, &tail);
 
     /* Temporarily enable everything else for sorting */
     ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
@@ -1548,21 +1495,12 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
     ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
                           &tail);
 
-    /* Move ciphers without forward secrecy to the end */
-    ssl_cipher_apply_rule(0, 0, SSL_aECDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
-                          &tail);
-    /*
-     * ssl_cipher_apply_rule(0, 0, SSL_aDH, 0, 0, 0, 0, CIPHER_ORD, -1,
-     * &head, &tail);
-     */
     ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
                           &tail);
     ssl_cipher_apply_rule(0, SSL_kPSK, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
                           &tail);
-    ssl_cipher_apply_rule(0, SSL_kKRB5, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
-                          &tail);
 
-    /* RC4 is sort-of broken -- move the the end */
+    /* RC4 is sort-of broken -- move to the end */
     ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head,
                           &tail);
 
@@ -1575,6 +1513,33 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
         return NULL;
     }
 
+    /*
+     * Partially overrule strength sort to prefer TLS 1.2 ciphers/PRFs.
+     * TODO(openssl-team): is there an easier way to accomplish all this?
+     */
+    ssl_cipher_apply_rule(0, 0, 0, 0, 0, TLS1_2_VERSION, 0, CIPHER_BUMP, -1,
+                          &head, &tail);
+
+    /*
+     * Irrespective of strength, enforce the following order:
+     * (EC)DHE + AEAD > (EC)DHE > rest of AEAD > rest.
+     * Within each group, ciphers remain sorted by strength and previous
+     * preference, i.e.,
+     * 1) ECDHE > DHE
+     * 2) GCM > CHACHA
+     * 3) AES > rest
+     * 4) TLS 1.2 > legacy
+     *
+     * Because we now bump ciphers to the top of the list, we proceed in
+     * reverse order of preference.
+     */
+    ssl_cipher_apply_rule(0, 0, 0, 0, SSL_AEAD, 0, 0, CIPHER_BUMP, -1,
+                          &head, &tail);
+    ssl_cipher_apply_rule(0, SSL_kDHE | SSL_kECDHE, 0, 0, 0, 0, 0,
+                          CIPHER_BUMP, -1, &head, &tail);
+    ssl_cipher_apply_rule(0, SSL_kDHE | SSL_kECDHE, 0, 0, SSL_AEAD, 0, 0,
+                          CIPHER_BUMP, -1, &head, &tail);
+
     /* Now disable everything (maintaining the ordering!) */
     ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
 
@@ -1586,17 +1551,17 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
      * groups of cipher_aliases added together in one list (otherwise
      * we would be happy with just the cipher_aliases table).
      */
-    num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER);
+    num_of_group_aliases = OSSL_NELEM(cipher_aliases);
     num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
-    ca_list = OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
+    ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max);
     if (ca_list == NULL) {
         OPENSSL_free(co_list);
         SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
-        return (NULL);          /* Failure */
+        return NULL;          /* Failure */
     }
     ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
                                disabled_mkey, disabled_auth, disabled_enc,
-                               disabled_mac, disabled_ssl, head);
+                               disabled_mac, head);
 
     /*
      * If the rule_string begins with DEFAULT, apply the default rule
@@ -1606,20 +1571,20 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
     rule_p = rule_str;
     if (strncmp(rule_str, "DEFAULT", 7) == 0) {
         ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
-                                        &head, &tail, ca_list);
+                                        &head, &tail, ca_list, c);
         rule_p += 7;
         if (*rule_p == ':')
             rule_p++;
     }
 
     if (ok && (strlen(rule_p) > 0))
-        ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list);
+        ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list, c);
 
-    OPENSSL_free((void *)ca_list); /* Not needed anymore */
+    OPENSSL_free(ca_list);      /* Not needed anymore */
 
     if (!ok) {                  /* Rule processing failure */
         OPENSSL_free(co_list);
-        return (NULL);
+        return NULL;
     }
 
     /*
@@ -1628,7 +1593,16 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
      */
     if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) {
         OPENSSL_free(co_list);
-        return (NULL);
+        return NULL;
+    }
+
+    /* Add TLSv1.3 ciphers first - we always prefer those if possible */
+    for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) {
+        if (!sk_SSL_CIPHER_push(cipherstack,
+                                sk_SSL_CIPHER_value(tls13_ciphersuites, i))) {
+            sk_SSL_CIPHER_free(cipherstack);
+            return NULL;
+        }
     }
 
     /*
@@ -1636,14 +1610,12 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
      * to the resulting precedence to the STACK_OF(SSL_CIPHER).
      */
     for (curr = head; curr != NULL; curr = curr->next) {
-#ifdef OPENSSL_FIPS
-        if (curr->active
-            && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS))
-#else
-        if (curr->active)
-#endif
-        {
-            sk_SSL_CIPHER_push(cipherstack, curr->cipher);
+        if (curr->active) {
+            if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) {
+                OPENSSL_free(co_list);
+                sk_SSL_CIPHER_free(cipherstack);
+                return NULL;
+            }
 #ifdef CIPHER_DEBUG
             fprintf(stderr, "<%s>\n", curr->cipher->name);
 #endif
@@ -1651,94 +1623,71 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
     }
     OPENSSL_free(co_list);      /* Not needed any longer */
 
-    tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack);
-    if (tmp_cipher_list == NULL) {
+    if (!update_cipher_list_by_id(cipher_list_by_id, cipherstack)) {
         sk_SSL_CIPHER_free(cipherstack);
         return NULL;
     }
-    if (*cipher_list != NULL)
-        sk_SSL_CIPHER_free(*cipher_list);
+    sk_SSL_CIPHER_free(*cipher_list);
     *cipher_list = cipherstack;
-    if (*cipher_list_by_id != NULL)
-        sk_SSL_CIPHER_free(*cipher_list_by_id);
-    *cipher_list_by_id = tmp_cipher_list;
-    (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,
-                                     ssl_cipher_ptr_id_cmp);
 
-    sk_SSL_CIPHER_sort(*cipher_list_by_id);
-    return (cipherstack);
+    return cipherstack;
 }
 
 char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
 {
-    int is_export, pkl, kl;
-    const char *ver, *exp_str;
+    const char *ver;
     const char *kx, *au, *enc, *mac;
-    unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, alg2;
-#ifdef KSSL_DEBUG
-    static const char *format =
-        "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n";
-#else
-    static const char *format =
-        "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
-#endif                          /* KSSL_DEBUG */
+    uint32_t alg_mkey, alg_auth, alg_enc, alg_mac;
+    static const char *format = "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s\n";
+
+    if (buf == NULL) {
+        len = 128;
+        if ((buf = OPENSSL_malloc(len)) == NULL) {
+            SSLerr(SSL_F_SSL_CIPHER_DESCRIPTION, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+    } else if (len < 128) {
+        return NULL;
+    }
 
     alg_mkey = cipher->algorithm_mkey;
     alg_auth = cipher->algorithm_auth;
     alg_enc = cipher->algorithm_enc;
     alg_mac = cipher->algorithm_mac;
-    alg_ssl = cipher->algorithm_ssl;
-
-    alg2 = cipher->algorithm2;
 
-    is_export = SSL_C_IS_EXPORT(cipher);
-    pkl = SSL_C_EXPORT_PKEYLENGTH(cipher);
-    kl = SSL_C_EXPORT_KEYLENGTH(cipher);
-    exp_str = is_export ? " export" : "";
-
-    if (alg_ssl & SSL_SSLV2)
-        ver = "SSLv2";
-    else if (alg_ssl & SSL_SSLV3)
-        ver = "SSLv3";
-    else if (alg_ssl & SSL_TLSV1_2)
-        ver = "TLSv1.2";
-    else
-        ver = "unknown";
+    ver = ssl_protocol_to_string(cipher->min_tls);
 
     switch (alg_mkey) {
     case SSL_kRSA:
-        kx = is_export ? (pkl == 512 ? "RSA(512)" : "RSA(1024)") : "RSA";
-        break;
-    case SSL_kDHr:
-        kx = "DH/RSA";
+        kx = "RSA";
         break;
-    case SSL_kDHd:
-        kx = "DH/DSS";
+    case SSL_kDHE:
+        kx = "DH";
         break;
-    case SSL_kKRB5:
-        kx = "KRB5";
-        break;
-    case SSL_kEDH:
-        kx = is_export ? (pkl == 512 ? "DH(512)" : "DH(1024)") : "DH";
-        break;
-    case SSL_kECDHr:
-        kx = "ECDH/RSA";
-        break;
-    case SSL_kECDHe:
-        kx = "ECDH/ECDSA";
-        break;
-    case SSL_kEECDH:
+    case SSL_kECDHE:
         kx = "ECDH";
         break;
     case SSL_kPSK:
         kx = "PSK";
         break;
+    case SSL_kRSAPSK:
+        kx = "RSAPSK";
+        break;
+    case SSL_kECDHEPSK:
+        kx = "ECDHEPSK";
+        break;
+    case SSL_kDHEPSK:
+        kx = "DHEPSK";
+        break;
     case SSL_kSRP:
         kx = "SRP";
         break;
     case SSL_kGOST:
         kx = "GOST";
         break;
+    case SSL_kANY:
+        kx = "any";
+        break;
     default:
         kx = "unknown";
     }
@@ -1750,15 +1699,6 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
     case SSL_aDSS:
         au = "DSS";
         break;
-    case SSL_aDH:
-        au = "DH";
-        break;
-    case SSL_aKRB5:
-        au = "KRB5";
-        break;
-    case SSL_aECDH:
-        au = "ECDH";
-        break;
     case SSL_aNULL:
         au = "None";
         break;
@@ -1771,12 +1711,16 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
     case SSL_aSRP:
         au = "SRP";
         break;
-    case SSL_aGOST94:
-        au = "GOST94";
-        break;
     case SSL_aGOST01:
         au = "GOST01";
         break;
+    /* New GOST ciphersuites have both SSL_aGOST12 and SSL_aGOST01 bits */
+    case (SSL_aGOST12 | SSL_aGOST01):
+        au = "GOST12";
+        break;
+    case SSL_aANY:
+        au = "any";
+        break;
     default:
         au = "unknown";
         break;
@@ -1784,17 +1728,16 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
 
     switch (alg_enc) {
     case SSL_DES:
-        enc = (is_export && kl == 5) ? "DES(40)" : "DES(56)";
+        enc = "DES(56)";
         break;
     case SSL_3DES:
         enc = "3DES(168)";
         break;
     case SSL_RC4:
-        enc = is_export ? (kl == 5 ? "RC4(40)" : "RC4(56)")
-            : ((alg2 & SSL2_CF_8_BYTE_ENC) ? "RC4(64)" : "RC4(128)");
+        enc = "RC4(128)";
         break;
     case SSL_RC2:
-        enc = is_export ? (kl == 5 ? "RC2(40)" : "RC2(56)") : "RC2(128)";
+        enc = "RC2(128)";
         break;
     case SSL_IDEA:
         enc = "IDEA(128)";
@@ -1814,18 +1757,40 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
     case SSL_AES256GCM:
         enc = "AESGCM(256)";
         break;
+    case SSL_AES128CCM:
+        enc = "AESCCM(128)";
+        break;
+    case SSL_AES256CCM:
+        enc = "AESCCM(256)";
+        break;
+    case SSL_AES128CCM8:
+        enc = "AESCCM8(128)";
+        break;
+    case SSL_AES256CCM8:
+        enc = "AESCCM8(256)";
+        break;
     case SSL_CAMELLIA128:
         enc = "Camellia(128)";
         break;
     case SSL_CAMELLIA256:
         enc = "Camellia(256)";
         break;
+    case SSL_ARIA128GCM:
+        enc = "ARIAGCM(128)";
+        break;
+    case SSL_ARIA256GCM:
+        enc = "ARIAGCM(256)";
+        break;
     case SSL_SEED:
         enc = "SEED(128)";
         break;
     case SSL_eGOST2814789CNT:
+    case SSL_eGOST2814789CNT12:
         enc = "GOST89(256)";
         break;
+    case SSL_CHACHA20POLY1305:
+        enc = "CHACHA20/POLY1305(256)";
+        break;
     default:
         enc = "unknown";
         break;
@@ -1848,55 +1813,65 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
         mac = "AEAD";
         break;
     case SSL_GOST89MAC:
+    case SSL_GOST89MAC12:
         mac = "GOST89";
         break;
     case SSL_GOST94:
         mac = "GOST94";
         break;
+    case SSL_GOST12_256:
+    case SSL_GOST12_512:
+        mac = "GOST2012";
+        break;
     default:
         mac = "unknown";
         break;
     }
 
-    if (buf == NULL) {
-        len = 128;
-        buf = OPENSSL_malloc(len);
-        if (buf == NULL)
-            return ("OPENSSL_malloc Error");
-    } else if (len < 128)
-        return ("Buffer too small");
-
-#ifdef KSSL_DEBUG
-    BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac,
-                 exp_str, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl);
-#else
-    BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac,
-                 exp_str);
-#endif                          /* KSSL_DEBUG */
-    return (buf);
+    BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac);
+
+    return buf;
 }
 
-char *SSL_CIPHER_get_version(const SSL_CIPHER *c)
+const char *SSL_CIPHER_get_version(const SSL_CIPHER *c)
 {
-    int i;
-
     if (c == NULL)
-        return ("(NONE)");
-    i = (int)(c->id >> 24L);
-    if (i == 3)
-        return ("TLSv1/SSLv3");
-    else if (i == 2)
-        return ("SSLv2");
-    else
-        return ("unknown");
+        return "(NONE)";
+
+    /*
+     * Backwards-compatibility crutch.  In almost all contexts we report TLS
+     * 1.0 as "TLSv1", but for ciphers we report "TLSv1.0".
+     */
+    if (c->min_tls == TLS1_VERSION)
+        return "TLSv1.0";
+    return ssl_protocol_to_string(c->min_tls);
 }
 
 /* return the actual cipher being used */
 const char *SSL_CIPHER_get_name(const SSL_CIPHER *c)
 {
     if (c != NULL)
-        return (c->name);
-    return ("(NONE)");
+        return c->name;
+    return "(NONE)";
+}
+
+/* return the actual cipher being used in RFC standard name */
+const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c)
+{
+    if (c != NULL)
+        return c->stdname;
+    return "(NONE)";
+}
+
+/* return the OpenSSL name based on given RFC standard name */
+const char *OPENSSL_cipher_name(const char *stdname)
+{
+    const SSL_CIPHER *c;
+
+    if (stdname == NULL)
+        return "(NONE)";
+    c = ssl3_get_cipher_by_std_name(stdname);
+    return SSL_CIPHER_get_name(c);
 }
 
 /* number of bits for symmetric cipher */
@@ -1906,31 +1881,36 @@ int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits)
 
     if (c != NULL) {
         if (alg_bits != NULL)
-            *alg_bits = c->alg_bits;
-        ret = c->strength_bits;
+            *alg_bits = (int)c->alg_bits;
+        ret = (int)c->strength_bits;
     }
-    return (ret);
+    return ret;
 }
 
-unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c)
+uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c)
 {
     return c->id;
 }
 
+uint16_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c)
+{
+    return c->id & 0xFFFF;
+}
+
 SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
 {
     SSL_COMP *ctmp;
     int i, nn;
 
     if ((n == 0) || (sk == NULL))
-        return (NULL);
+        return NULL;
     nn = sk_SSL_COMP_num(sk);
     for (i = 0; i < nn; i++) {
         ctmp = sk_SSL_COMP_value(sk, i);
         if (ctmp->id == n)
-            return (ctmp);
+            return ctmp;
     }
-    return (NULL);
+    return NULL;
 }
 
 #ifdef OPENSSL_NO_COMP
@@ -1942,11 +1922,7 @@ STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
 STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP)
                                                       *meths)
 {
-    return NULL;
-}
-
-void SSL_COMP_free_compression_methods(void)
-{
+    return meths;
 }
 
 int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
@@ -1954,15 +1930,11 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
     return 1;
 }
 
-const char *SSL_COMP_get_name(const COMP_METHOD *comp)
-{
-    return NULL;
-}
 #else
 STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
 {
     load_builtin_compressions();
-    return (ssl_comp_methods);
+    return ssl_comp_methods;
 }
 
 STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP)
@@ -1978,7 +1950,7 @@ static void cmeth_free(SSL_COMP *cm)
     OPENSSL_free(cm);
 }
 
-void SSL_COMP_free_compression_methods(void)
+void ssl_comp_free_compression_methods_int(void)
 {
     STACK_OF(SSL_COMP) *old_meths = ssl_comp_methods;
     ssl_comp_methods = NULL;
@@ -1989,7 +1961,7 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
 {
     SSL_COMP *comp;
 
-    if (cm == NULL || cm->type == NID_undef)
+    if (cm == NULL || COMP_get_type(cm) == NID_undef)
         return 1;
 
     /*-
@@ -2006,85 +1978,68 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
         return 1;
     }
 
-    MemCheck_off();
-    comp = (SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+    comp = OPENSSL_malloc(sizeof(*comp));
     if (comp == NULL) {
-        MemCheck_on();
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
         SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE);
         return 1;
     }
+
     comp->id = id;
     comp->method = cm;
-    comp->name = cm->name;
     load_builtin_compressions();
     if (ssl_comp_methods && sk_SSL_COMP_find(ssl_comp_methods, comp) >= 0) {
         OPENSSL_free(comp);
-        MemCheck_on();
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
         SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,
                SSL_R_DUPLICATE_COMPRESSION_ID);
-        return (1);
-    } else if ((ssl_comp_methods == NULL)
-               || !sk_SSL_COMP_push(ssl_comp_methods, comp)) {
+        return 1;
+    }
+    if (ssl_comp_methods == NULL || !sk_SSL_COMP_push(ssl_comp_methods, comp)) {
         OPENSSL_free(comp);
-        MemCheck_on();
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
         SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE);
-        return (1);
-    } else {
-        MemCheck_on();
-        return (0);
+        return 1;
     }
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+    return 0;
 }
+#endif
 
 const char *SSL_COMP_get_name(const COMP_METHOD *comp)
 {
-    if (comp)
-        return comp->name;
+#ifndef OPENSSL_NO_COMP
+    return comp ? COMP_get_name(comp) : NULL;
+#else
     return NULL;
-}
 #endif
-/* For a cipher return the index corresponding to the certificate type */
-int ssl_cipher_get_cert_index(const SSL_CIPHER *c)
-{
-    unsigned long alg_k, alg_a;
+}
 
-    alg_k = c->algorithm_mkey;
-    alg_a = c->algorithm_auth;
+const char *SSL_COMP_get0_name(const SSL_COMP *comp)
+{
+#ifndef OPENSSL_NO_COMP
+    return comp->name;
+#else
+    return NULL;
+#endif
+}
 
-    if (alg_k & (SSL_kECDHr | SSL_kECDHe)) {
-        /*
-         * we don't need to look at SSL_kEECDH since no certificate is needed
-         * for anon ECDH and for authenticated EECDH, the check for the auth
-         * algorithm will set i correctly NOTE: For ECDH-RSA, we need an ECC
-         * not an RSA cert but for EECDH-RSA we need an RSA cert. Placing the
-         * checks for SSL_kECDH before RSA checks ensures the correct cert is
-         * chosen.
-         */
-        return SSL_PKEY_ECC;
-    } else if (alg_a & SSL_aECDSA)
-        return SSL_PKEY_ECC;
-    else if (alg_k & SSL_kDHr)
-        return SSL_PKEY_DH_RSA;
-    else if (alg_k & SSL_kDHd)
-        return SSL_PKEY_DH_DSA;
-    else if (alg_a & SSL_aDSS)
-        return SSL_PKEY_DSA_SIGN;
-    else if (alg_a & SSL_aRSA)
-        return SSL_PKEY_RSA_ENC;
-    else if (alg_a & SSL_aKRB5)
-        /* VRS something else here? */
-        return -1;
-    else if (alg_a & SSL_aGOST94)
-        return SSL_PKEY_GOST94;
-    else if (alg_a & SSL_aGOST01)
-        return SSL_PKEY_GOST01;
+int SSL_COMP_get_id(const SSL_COMP *comp)
+{
+#ifndef OPENSSL_NO_COMP
+    return comp->id;
+#else
     return -1;
+#endif
 }
 
-const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, const unsigned char *ptr)
+const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, const unsigned char *ptr,
+                                         int all)
 {
-    const SSL_CIPHER *c;
-    c = ssl->method->get_cipher_by_char(ptr);
-    if (c == NULL || c->valid == 0)
+    const SSL_CIPHER *c = ssl->method->get_cipher_by_char(ptr);
+
+    if (c == NULL || (!all && c->valid == 0))
         return NULL;
     return c;
 }
@@ -2093,3 +2048,116 @@ const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr)
 {
     return ssl->method->get_cipher_by_char(ptr);
 }
+
+int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c)
+{
+    int i;
+    if (c == NULL)
+        return NID_undef;
+    i = ssl_cipher_info_lookup(ssl_cipher_table_cipher, c->algorithm_enc);
+    if (i == -1)
+        return NID_undef;
+    return ssl_cipher_table_cipher[i].nid;
+}
+
+int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c)
+{
+    int i = ssl_cipher_info_lookup(ssl_cipher_table_mac, c->algorithm_mac);
+
+    if (i == -1)
+        return NID_undef;
+    return ssl_cipher_table_mac[i].nid;
+}
+
+int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c)
+{
+    int i = ssl_cipher_info_lookup(ssl_cipher_table_kx, c->algorithm_mkey);
+
+    if (i == -1)
+        return NID_undef;
+    return ssl_cipher_table_kx[i].nid;
+}
+
+int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c)
+{
+    int i = ssl_cipher_info_lookup(ssl_cipher_table_auth, c->algorithm_auth);
+
+    if (i == -1)
+        return NID_undef;
+    return ssl_cipher_table_auth[i].nid;
+}
+
+const EVP_MD *SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c)
+{
+    int idx = c->algorithm2 & SSL_HANDSHAKE_MAC_MASK;
+
+    if (idx < 0 || idx >= SSL_MD_NUM_IDX)
+        return NULL;
+    return ssl_digest_methods[idx];
+}
+
+int SSL_CIPHER_is_aead(const SSL_CIPHER *c)
+{
+    return (c->algorithm_mac & SSL_AEAD) ? 1 : 0;
+}
+
+int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead,
+                            size_t *int_overhead, size_t *blocksize,
+                            size_t *ext_overhead)
+{
+    size_t mac = 0, in = 0, blk = 0, out = 0;
+
+    /* Some hard-coded numbers for the CCM/Poly1305 MAC overhead
+     * because there are no handy #defines for those. */
+    if (c->algorithm_enc & (SSL_AESGCM | SSL_ARIAGCM)) {
+        out = EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
+    } else if (c->algorithm_enc & (SSL_AES128CCM | SSL_AES256CCM)) {
+        out = EVP_CCM_TLS_EXPLICIT_IV_LEN + 16;
+    } else if (c->algorithm_enc & (SSL_AES128CCM8 | SSL_AES256CCM8)) {
+        out = EVP_CCM_TLS_EXPLICIT_IV_LEN + 8;
+    } else if (c->algorithm_enc & SSL_CHACHA20POLY1305) {
+        out = 16;
+    } else if (c->algorithm_mac & SSL_AEAD) {
+        /* We're supposed to have handled all the AEAD modes above */
+        return 0;
+    } else {
+        /* Non-AEAD modes. Calculate MAC/cipher overhead separately */
+        int digest_nid = SSL_CIPHER_get_digest_nid(c);
+        const EVP_MD *e_md = EVP_get_digestbynid(digest_nid);
+
+        if (e_md == NULL)
+            return 0;
+
+        mac = EVP_MD_size(e_md);
+        if (c->algorithm_enc != SSL_eNULL) {
+            int cipher_nid = SSL_CIPHER_get_cipher_nid(c);
+            const EVP_CIPHER *e_ciph = EVP_get_cipherbynid(cipher_nid);
+
+            /* If it wasn't AEAD or SSL_eNULL, we expect it to be a
+               known CBC cipher. */
+            if (e_ciph == NULL ||
+                EVP_CIPHER_mode(e_ciph) != EVP_CIPH_CBC_MODE)
+                return 0;
+
+            in = 1; /* padding length byte */
+            out = EVP_CIPHER_iv_length(e_ciph);
+            blk = EVP_CIPHER_block_size(e_ciph);
+        }
+    }
+
+    *mac_overhead = mac;
+    *int_overhead = in;
+    *blocksize = blk;
+    *ext_overhead = out;
+
+    return 1;
+}
+
+int ssl_cert_is_disabled(size_t idx)
+{
+    const SSL_CERT_LOOKUP *cl = ssl_cert_lookup_by_idx(idx);
+
+    if (cl == NULL || (cl->amask & disabled_auth_mask) != 0)
+        return 1;
+    return 0;
+}
diff --git a/freebsd/crypto/openssl/ssl/ssl_conf.c b/freebsd/crypto/openssl/ssl/ssl_conf.c
index 6c017337..e73b4cdb 100644
--- a/freebsd/crypto/openssl/ssl/ssl_conf.c
+++ b/freebsd/crypto/openssl/ssl/ssl_conf.c
@@ -1,76 +1,24 @@
 #include <machine/rtems-bsd-user-space.h>
 
 /*
- * ! \file ssl/ssl_conf.c \brief SSL configuration functions
- */
-/* ====================================================================
- * Copyright (c) 2012 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#ifdef REF_CHECK
-# include <assert.h>
-#endif
 #include <stdio.h>
 #include "ssl_locl.h"
 #include <openssl/conf.h>
 #include <openssl/objects.h>
-#ifndef OPENSSL_NO_DH
-# include <openssl/dh.h>
-#endif
+#include <openssl/dh.h>
+#include "internal/nelem.h"
 
 /*
- * structure holding name tables. This is used for pemitted elements in lists
- * such as TLSv1 and single command line switches such as no_tls1
+ * structure holding name tables. This is used for permitted elements in lists
+ * such as TLSv1.
  */
 
 typedef struct {
@@ -80,10 +28,22 @@ typedef struct {
     unsigned long option_value;
 } ssl_flag_tbl;
 
+/* Switch table: use for single command line switches like no_tls2 */
+typedef struct {
+    unsigned long option_value;
+    unsigned int name_flags;
+} ssl_switch_tbl;
+
 /* Sense of name is inverted e.g. "TLSv1" will clear SSL_OP_NO_TLSv1 */
 #define SSL_TFLAG_INV   0x1
-/* Flags refers to cert_flags not options */
-#define SSL_TFLAG_CERT  0x2
+/* Mask for type of flag referred to */
+#define SSL_TFLAG_TYPE_MASK 0xf00
+/* Flag is for options */
+#define SSL_TFLAG_OPTION    0x000
+/* Flag is for cert_flags */
+#define SSL_TFLAG_CERT      0x100
+/* Flag is for verify mode */
+#define SSL_TFLAG_VFY       0x200
 /* Option can only be used for clients */
 #define SSL_TFLAG_CLIENT SSL_CONF_FLAG_CLIENT
 /* Option can only be used for servers */
@@ -103,6 +63,11 @@ typedef struct {
 #define SSL_FLAG_TBL_CERT(str, flag) \
         {str, (int)(sizeof(str) - 1), SSL_TFLAG_CERT|SSL_TFLAG_BOTH, flag}
 
+#define SSL_FLAG_VFY_CLI(str, flag) \
+        {str, (int)(sizeof(str) - 1), SSL_TFLAG_VFY | SSL_TFLAG_CLIENT, flag}
+#define SSL_FLAG_VFY_SRV(str, flag) \
+        {str, (int)(sizeof(str) - 1), SSL_TFLAG_VFY | SSL_TFLAG_SERVER, flag}
+
 /*
  * Opaque structure containing SSL configuration context.
  */
@@ -120,15 +85,57 @@ struct ssl_conf_ctx_st {
     SSL_CTX *ctx;
     SSL *ssl;
     /* Pointer to SSL or SSL_CTX options field or NULL if none */
-    unsigned long *poptions;
+    uint32_t *poptions;
+    /* Certificate filenames for each type */
+    char *cert_filename[SSL_PKEY_NUM];
     /* Pointer to SSL or SSL_CTX cert_flags or NULL if none */
-    unsigned int *pcert_flags;
+    uint32_t *pcert_flags;
+    /* Pointer to SSL or SSL_CTX verify_mode or NULL if none */
+    uint32_t *pvfy_flags;
+    /* Pointer to SSL or SSL_CTX min_version field or NULL if none */
+    int *min_version;
+    /* Pointer to SSL or SSL_CTX max_version field or NULL if none */
+    int *max_version;
     /* Current flag table being worked on */
     const ssl_flag_tbl *tbl;
     /* Size of table */
     size_t ntbl;
+    /* Client CA names */
+    STACK_OF(X509_NAME) *canames;
 };
 
+static void ssl_set_option(SSL_CONF_CTX *cctx, unsigned int name_flags,
+                           unsigned long option_value, int onoff)
+{
+    uint32_t *pflags;
+    if (cctx->poptions == NULL)
+        return;
+    if (name_flags & SSL_TFLAG_INV)
+        onoff ^= 1;
+    switch (name_flags & SSL_TFLAG_TYPE_MASK) {
+
+    case SSL_TFLAG_CERT:
+        pflags = cctx->pcert_flags;
+        break;
+
+    case SSL_TFLAG_VFY:
+        pflags = cctx->pvfy_flags;
+        break;
+
+    case SSL_TFLAG_OPTION:
+        pflags = cctx->poptions;
+        break;
+
+    default:
+        return;
+
+    }
+    if (onoff)
+        *pflags |= option_value;
+    else
+        *pflags &= ~option_value;
+}
+
 static int ssl_match_option(SSL_CONF_CTX *cctx, const ssl_flag_tbl *tbl,
                             const char *name, int namelen, int onoff)
 {
@@ -138,24 +145,9 @@ static int ssl_match_option(SSL_CONF_CTX *cctx, const ssl_flag_tbl *tbl,
     if (namelen == -1) {
         if (strcmp(tbl->name, name))
             return 0;
-    } else if (tbl->namelen != namelen
-               || strncasecmp(tbl->name, name, namelen))
+    } else if (tbl->namelen != namelen || strncasecmp(tbl->name, name, namelen))
         return 0;
-    if (cctx->poptions) {
-        if (tbl->name_flags & SSL_TFLAG_INV)
-            onoff ^= 1;
-        if (tbl->name_flags & SSL_TFLAG_CERT) {
-            if (onoff)
-                *cctx->pcert_flags |= tbl->option_value;
-            else
-                *cctx->pcert_flags &= ~tbl->option_value;
-        } else {
-            if (onoff)
-                *cctx->poptions |= tbl->option_value;
-            else
-                *cctx->poptions &= ~tbl->option_value;
-        }
-    }
+    ssl_set_option(cctx, tbl->name_flags, tbl->option_value, onoff);
     return 1;
 }
 
@@ -189,41 +181,6 @@ static int ssl_set_option_list(const char *elem, int len, void *usr)
     return 0;
 }
 
-/* Single command line switches with no argument e.g. -no_ssl3 */
-static int ctrl_str_option(SSL_CONF_CTX *cctx, const char *cmd)
-{
-    static const ssl_flag_tbl ssl_option_single[] = {
-        SSL_FLAG_TBL("no_ssl2", SSL_OP_NO_SSLv2),
-        SSL_FLAG_TBL("no_ssl3", SSL_OP_NO_SSLv3),
-        SSL_FLAG_TBL("no_tls1", SSL_OP_NO_TLSv1),
-        SSL_FLAG_TBL("no_tls1_1", SSL_OP_NO_TLSv1_1),
-        SSL_FLAG_TBL("no_tls1_2", SSL_OP_NO_TLSv1_2),
-        SSL_FLAG_TBL("bugs", SSL_OP_ALL),
-        SSL_FLAG_TBL("no_comp", SSL_OP_NO_COMPRESSION),
-        SSL_FLAG_TBL_SRV("ecdh_single", SSL_OP_SINGLE_ECDH_USE),
-#ifndef OPENSSL_NO_TLSEXT
-        SSL_FLAG_TBL("no_ticket", SSL_OP_NO_TICKET),
-#endif
-        SSL_FLAG_TBL_SRV("serverpref", SSL_OP_CIPHER_SERVER_PREFERENCE),
-        SSL_FLAG_TBL("legacy_renegotiation",
-                     SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION),
-        SSL_FLAG_TBL_SRV("legacy_server_connect",
-                         SSL_OP_LEGACY_SERVER_CONNECT),
-        SSL_FLAG_TBL_SRV("no_resumption_on_reneg",
-                         SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION),
-        SSL_FLAG_TBL_SRV_INV("no_legacy_server_connect",
-                             SSL_OP_LEGACY_SERVER_CONNECT),
-        SSL_FLAG_TBL_CERT("strict", SSL_CERT_FLAG_TLS_STRICT),
-#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
-        SSL_FLAG_TBL_CERT("debug_broken_protocol",
-                          SSL_CERT_FLAG_BROKEN_PROTOCOL),
-#endif
-    };
-    cctx->tbl = ssl_option_single;
-    cctx->ntbl = sizeof(ssl_option_single) / sizeof(ssl_flag_tbl);
-    return ssl_set_option_list(cmd, -1, cctx);
-}
-
 /* Set supported signature algorithms */
 static int cmd_SignatureAlgorithms(SSL_CONF_CTX *cctx, const char *value)
 {
@@ -237,8 +194,7 @@ static int cmd_SignatureAlgorithms(SSL_CONF_CTX *cctx, const char *value)
 }
 
 /* Set supported client signature algorithms */
-static int cmd_ClientSignatureAlgorithms(SSL_CONF_CTX *cctx,
-                                         const char *value)
+static int cmd_ClientSignatureAlgorithms(SSL_CONF_CTX *cctx, const char *value)
 {
     int rv;
     if (cctx->ssl)
@@ -249,65 +205,53 @@ static int cmd_ClientSignatureAlgorithms(SSL_CONF_CTX *cctx,
     return rv > 0;
 }
 
-static int cmd_Curves(SSL_CONF_CTX *cctx, const char *value)
+static int cmd_Groups(SSL_CONF_CTX *cctx, const char *value)
 {
     int rv;
     if (cctx->ssl)
-        rv = SSL_set1_curves_list(cctx->ssl, value);
+        rv = SSL_set1_groups_list(cctx->ssl, value);
     /* NB: ctx == NULL performs syntax checking only */
     else
-        rv = SSL_CTX_set1_curves_list(cctx->ctx, value);
+        rv = SSL_CTX_set1_groups_list(cctx->ctx, value);
     return rv > 0;
 }
 
-#ifndef OPENSSL_NO_ECDH
+/* This is the old name for cmd_Groups - retained for backwards compatibility */
+static int cmd_Curves(SSL_CONF_CTX *cctx, const char *value)
+{
+    return cmd_Groups(cctx, value);
+}
+
+#ifndef OPENSSL_NO_EC
 /* ECDH temporary parameters */
 static int cmd_ECDHParameters(SSL_CONF_CTX *cctx, const char *value)
 {
-    int onoff = -1, rv = 1;
-    if (!(cctx->flags & SSL_CONF_FLAG_SERVER))
-        return -2;
-    if (cctx->flags & SSL_CONF_FLAG_FILE) {
-        if (*value == '+') {
-            onoff = 1;
-            value++;
-        }
-        if (*value == '-') {
-            onoff = 0;
-            value++;
-        }
-        if (!strcasecmp(value, "automatic")) {
-            if (onoff == -1)
-                onoff = 1;
-        } else if (onoff != -1)
-            return 0;
-    } else if (cctx->flags & SSL_CONF_FLAG_CMDLINE) {
-        if (!strcmp(value, "auto"))
-            onoff = 1;
-    }
+    int rv = 1;
+    EC_KEY *ecdh;
+    int nid;
 
-    if (onoff != -1) {
-        if (cctx->ctx)
-            rv = SSL_CTX_set_ecdh_auto(cctx->ctx, onoff);
-        else if (cctx->ssl)
-            rv = SSL_set_ecdh_auto(cctx->ssl, onoff);
-    } else {
-        EC_KEY *ecdh;
-        int nid;
-        nid = EC_curve_nist2nid(value);
-        if (nid == NID_undef)
-            nid = OBJ_sn2nid(value);
-        if (nid == 0)
-            return 0;
-        ecdh = EC_KEY_new_by_curve_name(nid);
-        if (!ecdh)
-            return 0;
-        if (cctx->ctx)
-            rv = SSL_CTX_set_tmp_ecdh(cctx->ctx, ecdh);
-        else if (cctx->ssl)
-            rv = SSL_set_tmp_ecdh(cctx->ssl, ecdh);
-        EC_KEY_free(ecdh);
-    }
+    /* Ignore values supported by 1.0.2 for the automatic selection */
+    if ((cctx->flags & SSL_CONF_FLAG_FILE)
+            && (strcasecmp(value, "+automatic") == 0
+                || strcasecmp(value, "automatic") == 0))
+        return 1;
+    if ((cctx->flags & SSL_CONF_FLAG_CMDLINE) &&
+        strcmp(value, "auto") == 0)
+        return 1;
+
+    nid = EC_curve_nist2nid(value);
+    if (nid == NID_undef)
+        nid = OBJ_sn2nid(value);
+    if (nid == 0)
+        return 0;
+    ecdh = EC_KEY_new_by_curve_name(nid);
+    if (!ecdh)
+        return 0;
+    if (cctx->ctx)
+        rv = SSL_CTX_set_tmp_ecdh(cctx->ctx, ecdh);
+    else if (cctx->ssl)
+        rv = SSL_set_tmp_ecdh(cctx->ssl, ecdh);
+    EC_KEY_free(ecdh);
 
     return rv > 0;
 }
@@ -315,6 +259,7 @@ static int cmd_ECDHParameters(SSL_CONF_CTX *cctx, const char *value)
 static int cmd_CipherString(SSL_CONF_CTX *cctx, const char *value)
 {
     int rv = 1;
+
     if (cctx->ctx)
         rv = SSL_CTX_set_cipher_list(cctx->ctx, value);
     if (cctx->ssl)
@@ -322,6 +267,17 @@ static int cmd_CipherString(SSL_CONF_CTX *cctx, const char *value)
     return rv > 0;
 }
 
+static int cmd_Ciphersuites(SSL_CONF_CTX *cctx, const char *value)
+{
+    int rv = 1;
+
+    if (cctx->ctx)
+        rv = SSL_CTX_set_ciphersuites(cctx->ctx, value);
+    if (cctx->ssl)
+        rv = SSL_set_ciphersuites(cctx->ssl, value);
+    return rv > 0;
+}
+
 static int cmd_Protocol(SSL_CONF_CTX *cctx, const char *value)
 {
     static const ssl_flag_tbl ssl_protocol_list[] = {
@@ -330,21 +286,84 @@ static int cmd_Protocol(SSL_CONF_CTX *cctx, const char *value)
         SSL_FLAG_TBL_INV("SSLv3", SSL_OP_NO_SSLv3),
         SSL_FLAG_TBL_INV("TLSv1", SSL_OP_NO_TLSv1),
         SSL_FLAG_TBL_INV("TLSv1.1", SSL_OP_NO_TLSv1_1),
-        SSL_FLAG_TBL_INV("TLSv1.2", SSL_OP_NO_TLSv1_2)
+        SSL_FLAG_TBL_INV("TLSv1.2", SSL_OP_NO_TLSv1_2),
+        SSL_FLAG_TBL_INV("TLSv1.3", SSL_OP_NO_TLSv1_3),
+        SSL_FLAG_TBL_INV("DTLSv1", SSL_OP_NO_DTLSv1),
+        SSL_FLAG_TBL_INV("DTLSv1.2", SSL_OP_NO_DTLSv1_2)
     };
-    int ret;
-    int sslv2off;
-
-    if (!(cctx->flags & SSL_CONF_FLAG_FILE))
-        return -2;
     cctx->tbl = ssl_protocol_list;
-    cctx->ntbl = sizeof(ssl_protocol_list) / sizeof(ssl_flag_tbl);
+    cctx->ntbl = OSSL_NELEM(ssl_protocol_list);
+    return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx);
+}
 
-    sslv2off = *cctx->poptions & SSL_OP_NO_SSLv2;
-    ret = CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx);
-    /* Never turn on SSLv2 through configuration */
-    *cctx->poptions |= sslv2off;
-    return ret;
+/*
+ * protocol_from_string - converts a protocol version string to a number
+ *
+ * Returns -1 on failure or the version on success
+ */
+static int protocol_from_string(const char *value)
+{
+    struct protocol_versions {
+        const char *name;
+        int version;
+    };
+    static const struct protocol_versions versions[] = {
+        {"None", 0},
+        {"SSLv3", SSL3_VERSION},
+        {"TLSv1", TLS1_VERSION},
+        {"TLSv1.1", TLS1_1_VERSION},
+        {"TLSv1.2", TLS1_2_VERSION},
+        {"TLSv1.3", TLS1_3_VERSION},
+        {"DTLSv1", DTLS1_VERSION},
+        {"DTLSv1.2", DTLS1_2_VERSION}
+    };
+    size_t i;
+    size_t n = OSSL_NELEM(versions);
+
+    for (i = 0; i < n; i++)
+        if (strcmp(versions[i].name, value) == 0)
+            return versions[i].version;
+    return -1;
+}
+
+static int min_max_proto(SSL_CONF_CTX *cctx, const char *value, int *bound)
+{
+    int method_version;
+    int new_version;
+
+    if (cctx->ctx != NULL)
+        method_version = cctx->ctx->method->version;
+    else if (cctx->ssl != NULL)
+        method_version = cctx->ssl->ctx->method->version;
+    else
+        return 0;
+    if ((new_version = protocol_from_string(value)) < 0)
+        return 0;
+    return ssl_set_version_bound(method_version, new_version, bound);
+}
+
+/*
+ * cmd_MinProtocol - Set min protocol version
+ * @cctx: config structure to save settings in
+ * @value: The min protocol version in string form
+ *
+ * Returns 1 on success and 0 on failure.
+ */
+static int cmd_MinProtocol(SSL_CONF_CTX *cctx, const char *value)
+{
+    return min_max_proto(cctx, value, cctx->min_version);
+}
+
+/*
+ * cmd_MaxProtocol - Set max protocol version
+ * @cctx: config structure to save settings in
+ * @value: The max protocol version in string form
+ *
+ * Returns 1 on success and 0 on failure.
+ */
+static int cmd_MaxProtocol(SSL_CONF_CTX *cctx, const char *value)
+{
+    return min_max_proto(cctx, value, cctx->max_version);
 }
 
 static int cmd_Options(SSL_CONF_CTX *cctx, const char *value)
@@ -362,25 +381,61 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value)
         SSL_FLAG_TBL_SRV("ECDHSingle", SSL_OP_SINGLE_ECDH_USE),
         SSL_FLAG_TBL("UnsafeLegacyRenegotiation",
                      SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION),
+        SSL_FLAG_TBL_INV("EncryptThenMac", SSL_OP_NO_ENCRYPT_THEN_MAC),
+        SSL_FLAG_TBL("NoRenegotiation", SSL_OP_NO_RENEGOTIATION),
+        SSL_FLAG_TBL("AllowNoDHEKEX", SSL_OP_ALLOW_NO_DHE_KEX),
+        SSL_FLAG_TBL("PrioritizeChaCha", SSL_OP_PRIORITIZE_CHACHA),
+        SSL_FLAG_TBL("MiddleboxCompat", SSL_OP_ENABLE_MIDDLEBOX_COMPAT),
+        SSL_FLAG_TBL_INV("AntiReplay", SSL_OP_NO_ANTI_REPLAY)
     };
-    if (!(cctx->flags & SSL_CONF_FLAG_FILE))
-        return -2;
     if (value == NULL)
         return -3;
     cctx->tbl = ssl_option_list;
-    cctx->ntbl = sizeof(ssl_option_list) / sizeof(ssl_flag_tbl);
+    cctx->ntbl = OSSL_NELEM(ssl_option_list);
+    return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx);
+}
+
+static int cmd_VerifyMode(SSL_CONF_CTX *cctx, const char *value)
+{
+    static const ssl_flag_tbl ssl_vfy_list[] = {
+        SSL_FLAG_VFY_CLI("Peer", SSL_VERIFY_PEER),
+        SSL_FLAG_VFY_SRV("Request", SSL_VERIFY_PEER),
+        SSL_FLAG_VFY_SRV("Require",
+                         SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT),
+        SSL_FLAG_VFY_SRV("Once", SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE),
+        SSL_FLAG_VFY_SRV("RequestPostHandshake",
+                         SSL_VERIFY_PEER | SSL_VERIFY_POST_HANDSHAKE),
+        SSL_FLAG_VFY_SRV("RequirePostHandshake",
+                         SSL_VERIFY_PEER | SSL_VERIFY_POST_HANDSHAKE |
+                         SSL_VERIFY_FAIL_IF_NO_PEER_CERT),
+    };
+    if (value == NULL)
+        return -3;
+    cctx->tbl = ssl_vfy_list;
+    cctx->ntbl = OSSL_NELEM(ssl_vfy_list);
     return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx);
 }
 
 static int cmd_Certificate(SSL_CONF_CTX *cctx, const char *value)
 {
     int rv = 1;
-    if (!(cctx->flags & SSL_CONF_FLAG_CERTIFICATE))
-        return -2;
-    if (cctx->ctx)
+    CERT *c = NULL;
+    if (cctx->ctx) {
         rv = SSL_CTX_use_certificate_chain_file(cctx->ctx, value);
-    if (cctx->ssl)
-        rv = SSL_use_certificate_file(cctx->ssl, value, SSL_FILETYPE_PEM);
+        c = cctx->ctx->cert;
+    }
+    if (cctx->ssl) {
+        rv = SSL_use_certificate_chain_file(cctx->ssl, value);
+        c = cctx->ssl->cert;
+    }
+    if (rv > 0 && c && cctx->flags & SSL_CONF_FLAG_REQUIRE_PRIVATE) {
+        char **pfilename = &cctx->cert_filename[c->key - c->pkeys];
+        OPENSSL_free(*pfilename);
+        *pfilename = OPENSSL_strdup(value);
+        if (!*pfilename)
+            rv = 0;
+    }
+
     return rv > 0;
 }
 
@@ -399,31 +454,93 @@ static int cmd_PrivateKey(SSL_CONF_CTX *cctx, const char *value)
 static int cmd_ServerInfoFile(SSL_CONF_CTX *cctx, const char *value)
 {
     int rv = 1;
-    if (!(cctx->flags & SSL_CONF_FLAG_CERTIFICATE))
-        return -2;
-    if (!(cctx->flags & SSL_CONF_FLAG_SERVER))
-        return -2;
     if (cctx->ctx)
         rv = SSL_CTX_use_serverinfo_file(cctx->ctx, value);
     return rv > 0;
 }
 
+static int do_store(SSL_CONF_CTX *cctx,
+                    const char *CAfile, const char *CApath, int verify_store)
+{
+    CERT *cert;
+    X509_STORE **st;
+    if (cctx->ctx)
+        cert = cctx->ctx->cert;
+    else if (cctx->ssl)
+        cert = cctx->ssl->cert;
+    else
+        return 1;
+    st = verify_store ? &cert->verify_store : &cert->chain_store;
+    if (*st == NULL) {
+        *st = X509_STORE_new();
+        if (*st == NULL)
+            return 0;
+    }
+    return X509_STORE_load_locations(*st, CAfile, CApath) > 0;
+}
+
+static int cmd_ChainCAPath(SSL_CONF_CTX *cctx, const char *value)
+{
+    return do_store(cctx, NULL, value, 0);
+}
+
+static int cmd_ChainCAFile(SSL_CONF_CTX *cctx, const char *value)
+{
+    return do_store(cctx, value, NULL, 0);
+}
+
+static int cmd_VerifyCAPath(SSL_CONF_CTX *cctx, const char *value)
+{
+    return do_store(cctx, NULL, value, 1);
+}
+
+static int cmd_VerifyCAFile(SSL_CONF_CTX *cctx, const char *value)
+{
+    return do_store(cctx, value, NULL, 1);
+}
+
+static int cmd_RequestCAFile(SSL_CONF_CTX *cctx, const char *value)
+{
+    if (cctx->canames == NULL)
+        cctx->canames = sk_X509_NAME_new_null();
+    if (cctx->canames == NULL)
+        return 0;
+    return SSL_add_file_cert_subjects_to_stack(cctx->canames, value);
+}
+
+static int cmd_ClientCAFile(SSL_CONF_CTX *cctx, const char *value)
+{
+    return cmd_RequestCAFile(cctx, value);
+}
+
+static int cmd_RequestCAPath(SSL_CONF_CTX *cctx, const char *value)
+{
+    if (cctx->canames == NULL)
+        cctx->canames = sk_X509_NAME_new_null();
+    if (cctx->canames == NULL)
+        return 0;
+    return SSL_add_dir_cert_subjects_to_stack(cctx->canames, value);
+}
+
+static int cmd_ClientCAPath(SSL_CONF_CTX *cctx, const char *value)
+{
+    return cmd_RequestCAPath(cctx, value);
+}
+
 #ifndef OPENSSL_NO_DH
 static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value)
 {
     int rv = 0;
     DH *dh = NULL;
     BIO *in = NULL;
-    if (!(cctx->flags & SSL_CONF_FLAG_CERTIFICATE))
-        return -2;
     if (cctx->ctx || cctx->ssl) {
-        in = BIO_new(BIO_s_file_internal());
-        if (!in)
+        in = BIO_new(BIO_s_file());
+        if (in == NULL)
             goto end;
         if (BIO_read_filename(in, value) <= 0)
             goto end;
         dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
-        if (!dh)
+        if (dh == NULL)
             goto end;
     } else
         return 1;
@@ -432,44 +549,170 @@ static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value)
     if (cctx->ssl)
         rv = SSL_set_tmp_dh(cctx->ssl, dh);
  end:
-    if (dh)
-        DH_free(dh);
-    if (in)
-        BIO_free(in);
+    DH_free(dh);
+    BIO_free(in);
     return rv > 0;
 }
 #endif
+
+static int cmd_RecordPadding(SSL_CONF_CTX *cctx, const char *value)
+{
+    int rv = 0;
+    int block_size = atoi(value);
+
+    /*
+     * All we care about is a non-negative value,
+     * the setters check the range
+     */
+    if (block_size >= 0) {
+        if (cctx->ctx)
+            rv = SSL_CTX_set_block_padding(cctx->ctx, block_size);
+        if (cctx->ssl)
+            rv = SSL_set_block_padding(cctx->ssl, block_size);
+    }
+    return rv;
+}
+
+
+static int cmd_NumTickets(SSL_CONF_CTX *cctx, const char *value)
+{
+    int rv = 0;
+    int num_tickets = atoi(value);
+
+    if (num_tickets >= 0) {
+        if (cctx->ctx)
+            rv = SSL_CTX_set_num_tickets(cctx->ctx, num_tickets);
+        if (cctx->ssl)
+            rv = SSL_set_num_tickets(cctx->ssl, num_tickets);
+    }
+    return rv;
+}
+
 typedef struct {
     int (*cmd) (SSL_CONF_CTX *cctx, const char *value);
     const char *str_file;
     const char *str_cmdline;
-    unsigned int value_type;
+    unsigned short flags;
+    unsigned short value_type;
 } ssl_conf_cmd_tbl;
 
 /* Table of supported parameters */
 
-#define SSL_CONF_CMD(name, cmdopt, type) \
-        {cmd_##name, #name, cmdopt, type}
+#define SSL_CONF_CMD(name, cmdopt, flags, type) \
+        {cmd_##name, #name, cmdopt, flags, type}
 
-#define SSL_CONF_CMD_STRING(name, cmdopt) \
-        SSL_CONF_CMD(name, cmdopt, SSL_CONF_TYPE_STRING)
+#define SSL_CONF_CMD_STRING(name, cmdopt, flags) \
+        SSL_CONF_CMD(name, cmdopt, flags, SSL_CONF_TYPE_STRING)
 
+#define SSL_CONF_CMD_SWITCH(name, flags) \
+        {0, NULL, name, flags, SSL_CONF_TYPE_NONE}
+
+/* See apps/apps.h if you change this table. */
 static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {
-    SSL_CONF_CMD_STRING(SignatureAlgorithms, "sigalgs"),
-    SSL_CONF_CMD_STRING(ClientSignatureAlgorithms, "client_sigalgs"),
-    SSL_CONF_CMD_STRING(Curves, "curves"),
-#ifndef OPENSSL_NO_ECDH
-    SSL_CONF_CMD_STRING(ECDHParameters, "named_curve"),
+    SSL_CONF_CMD_SWITCH("no_ssl3", 0),
+    SSL_CONF_CMD_SWITCH("no_tls1", 0),
+    SSL_CONF_CMD_SWITCH("no_tls1_1", 0),
+    SSL_CONF_CMD_SWITCH("no_tls1_2", 0),
+    SSL_CONF_CMD_SWITCH("no_tls1_3", 0),
+    SSL_CONF_CMD_SWITCH("bugs", 0),
+    SSL_CONF_CMD_SWITCH("no_comp", 0),
+    SSL_CONF_CMD_SWITCH("comp", 0),
+    SSL_CONF_CMD_SWITCH("ecdh_single", SSL_CONF_FLAG_SERVER),
+    SSL_CONF_CMD_SWITCH("no_ticket", 0),
+    SSL_CONF_CMD_SWITCH("serverpref", SSL_CONF_FLAG_SERVER),
+    SSL_CONF_CMD_SWITCH("legacy_renegotiation", 0),
+    SSL_CONF_CMD_SWITCH("legacy_server_connect", SSL_CONF_FLAG_SERVER),
+    SSL_CONF_CMD_SWITCH("no_renegotiation", 0),
+    SSL_CONF_CMD_SWITCH("no_resumption_on_reneg", SSL_CONF_FLAG_SERVER),
+    SSL_CONF_CMD_SWITCH("no_legacy_server_connect", SSL_CONF_FLAG_SERVER),
+    SSL_CONF_CMD_SWITCH("allow_no_dhe_kex", 0),
+    SSL_CONF_CMD_SWITCH("prioritize_chacha", SSL_CONF_FLAG_SERVER),
+    SSL_CONF_CMD_SWITCH("strict", 0),
+    SSL_CONF_CMD_SWITCH("no_middlebox", 0),
+    SSL_CONF_CMD_SWITCH("anti_replay", SSL_CONF_FLAG_SERVER),
+    SSL_CONF_CMD_SWITCH("no_anti_replay", SSL_CONF_FLAG_SERVER),
+    SSL_CONF_CMD_STRING(SignatureAlgorithms, "sigalgs", 0),
+    SSL_CONF_CMD_STRING(ClientSignatureAlgorithms, "client_sigalgs", 0),
+    SSL_CONF_CMD_STRING(Curves, "curves", 0),
+    SSL_CONF_CMD_STRING(Groups, "groups", 0),
+#ifndef OPENSSL_NO_EC
+    SSL_CONF_CMD_STRING(ECDHParameters, "named_curve", SSL_CONF_FLAG_SERVER),
 #endif
-    SSL_CONF_CMD_STRING(CipherString, "cipher"),
-    SSL_CONF_CMD_STRING(Protocol, NULL),
-    SSL_CONF_CMD_STRING(Options, NULL),
-    SSL_CONF_CMD(Certificate, "cert", SSL_CONF_TYPE_FILE),
-    SSL_CONF_CMD(PrivateKey, "key", SSL_CONF_TYPE_FILE),
-    SSL_CONF_CMD(ServerInfoFile, NULL, SSL_CONF_TYPE_FILE),
+    SSL_CONF_CMD_STRING(CipherString, "cipher", 0),
+    SSL_CONF_CMD_STRING(Ciphersuites, "ciphersuites", 0),
+    SSL_CONF_CMD_STRING(Protocol, NULL, 0),
+    SSL_CONF_CMD_STRING(MinProtocol, "min_protocol", 0),
+    SSL_CONF_CMD_STRING(MaxProtocol, "max_protocol", 0),
+    SSL_CONF_CMD_STRING(Options, NULL, 0),
+    SSL_CONF_CMD_STRING(VerifyMode, NULL, 0),
+    SSL_CONF_CMD(Certificate, "cert", SSL_CONF_FLAG_CERTIFICATE,
+                 SSL_CONF_TYPE_FILE),
+    SSL_CONF_CMD(PrivateKey, "key", SSL_CONF_FLAG_CERTIFICATE,
+                 SSL_CONF_TYPE_FILE),
+    SSL_CONF_CMD(ServerInfoFile, NULL,
+                 SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE,
+                 SSL_CONF_TYPE_FILE),
+    SSL_CONF_CMD(ChainCAPath, "chainCApath", SSL_CONF_FLAG_CERTIFICATE,
+                 SSL_CONF_TYPE_DIR),
+    SSL_CONF_CMD(ChainCAFile, "chainCAfile", SSL_CONF_FLAG_CERTIFICATE,
+                 SSL_CONF_TYPE_FILE),
+    SSL_CONF_CMD(VerifyCAPath, "verifyCApath", SSL_CONF_FLAG_CERTIFICATE,
+                 SSL_CONF_TYPE_DIR),
+    SSL_CONF_CMD(VerifyCAFile, "verifyCAfile", SSL_CONF_FLAG_CERTIFICATE,
+                 SSL_CONF_TYPE_FILE),
+    SSL_CONF_CMD(RequestCAFile, "requestCAFile", SSL_CONF_FLAG_CERTIFICATE,
+                 SSL_CONF_TYPE_FILE),
+    SSL_CONF_CMD(ClientCAFile, NULL,
+                 SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE,
+                 SSL_CONF_TYPE_FILE),
+    SSL_CONF_CMD(RequestCAPath, NULL, SSL_CONF_FLAG_CERTIFICATE,
+                 SSL_CONF_TYPE_DIR),
+    SSL_CONF_CMD(ClientCAPath, NULL,
+                 SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE,
+                 SSL_CONF_TYPE_DIR),
 #ifndef OPENSSL_NO_DH
-    SSL_CONF_CMD(DHParameters, "dhparam", SSL_CONF_TYPE_FILE)
+    SSL_CONF_CMD(DHParameters, "dhparam",
+                 SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE,
+                 SSL_CONF_TYPE_FILE),
 #endif
+    SSL_CONF_CMD_STRING(RecordPadding, "record_padding", 0),
+    SSL_CONF_CMD_STRING(NumTickets, "num_tickets", SSL_CONF_FLAG_SERVER),
+};
+
+/* Supported switches: must match order of switches in ssl_conf_cmds */
+static const ssl_switch_tbl ssl_cmd_switches[] = {
+    {SSL_OP_NO_SSLv3, 0},       /* no_ssl3 */
+    {SSL_OP_NO_TLSv1, 0},       /* no_tls1 */
+    {SSL_OP_NO_TLSv1_1, 0},     /* no_tls1_1 */
+    {SSL_OP_NO_TLSv1_2, 0},     /* no_tls1_2 */
+    {SSL_OP_NO_TLSv1_3, 0},     /* no_tls1_3 */
+    {SSL_OP_ALL, 0},            /* bugs */
+    {SSL_OP_NO_COMPRESSION, 0}, /* no_comp */
+    {SSL_OP_NO_COMPRESSION, SSL_TFLAG_INV}, /* comp */
+    {SSL_OP_SINGLE_ECDH_USE, 0}, /* ecdh_single */
+    {SSL_OP_NO_TICKET, 0},      /* no_ticket */
+    {SSL_OP_CIPHER_SERVER_PREFERENCE, 0}, /* serverpref */
+    /* legacy_renegotiation */
+    {SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, 0},
+    /* legacy_server_connect */
+    {SSL_OP_LEGACY_SERVER_CONNECT, 0},
+    /* no_renegotiation */
+    {SSL_OP_NO_RENEGOTIATION, 0},
+    /* no_resumption_on_reneg */
+    {SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION, 0},
+    /* no_legacy_server_connect */
+    {SSL_OP_LEGACY_SERVER_CONNECT, SSL_TFLAG_INV},
+    /* allow_no_dhe_kex */
+    {SSL_OP_ALLOW_NO_DHE_KEX, 0},
+    /* chacha reprioritization */
+    {SSL_OP_PRIORITIZE_CHACHA, 0},
+    {SSL_CERT_FLAG_TLS_STRICT, SSL_TFLAG_CERT}, /* strict */
+    /* no_middlebox */
+    {SSL_OP_ENABLE_MIDDLEBOX_COMPAT, SSL_TFLAG_INV},
+    /* anti_replay */
+    {SSL_OP_NO_ANTI_REPLAY, SSL_TFLAG_INV},
+    /* no_anti_replay */
+    {SSL_OP_NO_ANTI_REPLAY, 0},
 };
 
 static int ssl_conf_cmd_skip_prefix(SSL_CONF_CTX *cctx, const char **pcmd)
@@ -495,6 +738,21 @@ static int ssl_conf_cmd_skip_prefix(SSL_CONF_CTX *cctx, const char **pcmd)
     return 1;
 }
 
+/* Determine if a command is allowed according to cctx flags */
+static int ssl_conf_cmd_allowed(SSL_CONF_CTX *cctx, const ssl_conf_cmd_tbl * t)
+{
+    unsigned int tfl = t->flags;
+    unsigned int cfl = cctx->flags;
+    if ((tfl & SSL_CONF_FLAG_SERVER) && !(cfl & SSL_CONF_FLAG_SERVER))
+        return 0;
+    if ((tfl & SSL_CONF_FLAG_CLIENT) && !(cfl & SSL_CONF_FLAG_CLIENT))
+        return 0;
+    if ((tfl & SSL_CONF_FLAG_CERTIFICATE)
+        && !(cfl & SSL_CONF_FLAG_CERTIFICATE))
+        return 0;
+    return 1;
+}
+
 static const ssl_conf_cmd_tbl *ssl_conf_cmd_lookup(SSL_CONF_CTX *cctx,
                                                    const char *cmd)
 {
@@ -504,20 +762,35 @@ static const ssl_conf_cmd_tbl *ssl_conf_cmd_lookup(SSL_CONF_CTX *cctx,
         return NULL;
 
     /* Look for matching parameter name in table */
-    for (i = 0, t = ssl_conf_cmds;
-         i < sizeof(ssl_conf_cmds) / sizeof(ssl_conf_cmd_tbl); i++, t++) {
-        if (cctx->flags & SSL_CONF_FLAG_CMDLINE) {
-            if (t->str_cmdline && !strcmp(t->str_cmdline, cmd))
-                return t;
-        }
-        if (cctx->flags & SSL_CONF_FLAG_FILE) {
-            if (t->str_file && !strcasecmp(t->str_file, cmd))
-                return t;
+    for (i = 0, t = ssl_conf_cmds; i < OSSL_NELEM(ssl_conf_cmds); i++, t++) {
+        if (ssl_conf_cmd_allowed(cctx, t)) {
+            if (cctx->flags & SSL_CONF_FLAG_CMDLINE) {
+                if (t->str_cmdline && strcmp(t->str_cmdline, cmd) == 0)
+                    return t;
+            }
+            if (cctx->flags & SSL_CONF_FLAG_FILE) {
+                if (t->str_file && strcasecmp(t->str_file, cmd) == 0)
+                    return t;
+            }
         }
     }
     return NULL;
 }
 
+static int ctrl_switch_option(SSL_CONF_CTX *cctx, const ssl_conf_cmd_tbl * cmd)
+{
+    /* Find index of command in table */
+    size_t idx = cmd - ssl_conf_cmds;
+    const ssl_switch_tbl *scmd;
+    /* Sanity check index */
+    if (idx >= OSSL_NELEM(ssl_cmd_switches))
+        return 0;
+    /* Obtain switches entry with same index */
+    scmd = ssl_cmd_switches + idx;
+    ssl_set_option(cctx, scmd->name_flags, scmd->option_value, 1);
+    return 1;
+}
+
 int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value)
 {
     const ssl_conf_cmd_tbl *runcmd;
@@ -533,6 +806,9 @@ int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value)
 
     if (runcmd) {
         int rv;
+        if (runcmd->value_type == SSL_CONF_TYPE_NONE) {
+            return ctrl_switch_option(cctx, runcmd);
+        }
         if (value == NULL)
             return -3;
         rv = runcmd->cmd(cctx, value);
@@ -547,11 +823,6 @@ int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value)
         return 0;
     }
 
-    if (cctx->flags & SSL_CONF_FLAG_CMDLINE) {
-        if (ctrl_str_option(cctx, cmd))
-            return 1;
-    }
-
     if (cctx->flags & SSL_CONF_FLAG_SHOW_ERRORS) {
         SSLerr(SSL_F_SSL_CONF_CMD, SSL_R_UNKNOWN_CMD_NAME);
         ERR_add_error_data(2, "cmd=", cmd);
@@ -606,32 +877,52 @@ int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd)
 
 SSL_CONF_CTX *SSL_CONF_CTX_new(void)
 {
-    SSL_CONF_CTX *ret;
-    ret = OPENSSL_malloc(sizeof(SSL_CONF_CTX));
-    if (ret) {
-        ret->flags = 0;
-        ret->prefix = NULL;
-        ret->prefixlen = 0;
-        ret->ssl = NULL;
-        ret->ctx = NULL;
-        ret->poptions = NULL;
-        ret->pcert_flags = NULL;
-        ret->tbl = NULL;
-        ret->ntbl = 0;
-    }
+    SSL_CONF_CTX *ret = OPENSSL_zalloc(sizeof(*ret));
+
     return ret;
 }
 
 int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx)
 {
+    /* See if any certificates are missing private keys */
+    size_t i;
+    CERT *c = NULL;
+    if (cctx->ctx)
+        c = cctx->ctx->cert;
+    else if (cctx->ssl)
+        c = cctx->ssl->cert;
+    if (c && cctx->flags & SSL_CONF_FLAG_REQUIRE_PRIVATE) {
+        for (i = 0; i < SSL_PKEY_NUM; i++) {
+            const char *p = cctx->cert_filename[i];
+            /*
+             * If missing private key try to load one from certificate file
+             */
+            if (p && !c->pkeys[i].privatekey) {
+                if (!cmd_PrivateKey(cctx, p))
+                    return 0;
+            }
+        }
+    }
+    if (cctx->canames) {
+        if (cctx->ssl)
+            SSL_set0_CA_list(cctx->ssl, cctx->canames);
+        else if (cctx->ctx)
+            SSL_CTX_set0_CA_list(cctx->ctx, cctx->canames);
+        else
+            sk_X509_NAME_pop_free(cctx->canames, X509_NAME_free);
+        cctx->canames = NULL;
+    }
     return 1;
 }
 
 void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx)
 {
     if (cctx) {
-        if (cctx->prefix)
-            OPENSSL_free(cctx->prefix);
+        size_t i;
+        for (i = 0; i < SSL_PKEY_NUM; i++)
+            OPENSSL_free(cctx->cert_filename[i]);
+        OPENSSL_free(cctx->prefix);
+        sk_X509_NAME_pop_free(cctx->canames, X509_NAME_free);
         OPENSSL_free(cctx);
     }
 }
@@ -652,12 +943,11 @@ int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *pre)
 {
     char *tmp = NULL;
     if (pre) {
-        tmp = BUF_strdup(pre);
+        tmp = OPENSSL_strdup(pre);
         if (tmp == NULL)
             return 0;
     }
-    if (cctx->prefix)
-        OPENSSL_free(cctx->prefix);
+    OPENSSL_free(cctx->prefix);
     cctx->prefix = tmp;
     if (tmp)
         cctx->prefixlen = strlen(tmp);
@@ -672,10 +962,16 @@ void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl)
     cctx->ctx = NULL;
     if (ssl) {
         cctx->poptions = &ssl->options;
+        cctx->min_version = &ssl->min_proto_version;
+        cctx->max_version = &ssl->max_proto_version;
         cctx->pcert_flags = &ssl->cert->cert_flags;
+        cctx->pvfy_flags = &ssl->verify_mode;
     } else {
         cctx->poptions = NULL;
+        cctx->min_version = NULL;
+        cctx->max_version = NULL;
         cctx->pcert_flags = NULL;
+        cctx->pvfy_flags = NULL;
     }
 }
 
@@ -685,9 +981,15 @@ void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx)
     cctx->ssl = NULL;
     if (ctx) {
         cctx->poptions = &ctx->options;
+        cctx->min_version = &ctx->min_proto_version;
+        cctx->max_version = &ctx->max_proto_version;
         cctx->pcert_flags = &ctx->cert->cert_flags;
+        cctx->pvfy_flags = &ctx->verify_mode;
     } else {
         cctx->poptions = NULL;
+        cctx->min_version = NULL;
+        cctx->max_version = NULL;
         cctx->pcert_flags = NULL;
+        cctx->pvfy_flags = NULL;
     }
 }
diff --git a/freebsd/crypto/openssl/ssl/ssl_err.c b/freebsd/crypto/openssl/ssl/ssl_err.c
index 6941bdea..265b1552 100644
--- a/freebsd/crypto/openssl/ssl/ssl_err.c
+++ b/freebsd/crypto/openssl/ssl/ssl_err.c
@@ -1,842 +1,1277 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* ssl/ssl_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2016 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
 /*
- * NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
-#include <openssl/ssl.h>
+#include <openssl/sslerr.h>
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_SSL,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_SSL,0,reason)
-
-static ERR_STRING_DATA SSL_str_functs[] = {
-    {ERR_FUNC(SSL_F_CHECK_SUITEB_CIPHER_LIST), "CHECK_SUITEB_CIPHER_LIST"},
-    {ERR_FUNC(SSL_F_CLIENT_CERTIFICATE), "CLIENT_CERTIFICATE"},
-    {ERR_FUNC(SSL_F_CLIENT_FINISHED), "CLIENT_FINISHED"},
-    {ERR_FUNC(SSL_F_CLIENT_HELLO), "CLIENT_HELLO"},
-    {ERR_FUNC(SSL_F_CLIENT_MASTER_KEY), "CLIENT_MASTER_KEY"},
-    {ERR_FUNC(SSL_F_D2I_SSL_SESSION), "d2i_SSL_SESSION"},
-    {ERR_FUNC(SSL_F_DO_DTLS1_WRITE), "do_dtls1_write"},
-    {ERR_FUNC(SSL_F_DO_SSL3_WRITE), "DO_SSL3_WRITE"},
-    {ERR_FUNC(SSL_F_DTLS1_ACCEPT), "dtls1_accept"},
-    {ERR_FUNC(SSL_F_DTLS1_ADD_CERT_TO_BUF), "DTLS1_ADD_CERT_TO_BUF"},
-    {ERR_FUNC(SSL_F_DTLS1_BUFFER_RECORD), "DTLS1_BUFFER_RECORD"},
-    {ERR_FUNC(SSL_F_DTLS1_CHECK_TIMEOUT_NUM), "dtls1_check_timeout_num"},
-    {ERR_FUNC(SSL_F_DTLS1_CLIENT_HELLO), "dtls1_client_hello"},
-    {ERR_FUNC(SSL_F_DTLS1_CONNECT), "dtls1_connect"},
-    {ERR_FUNC(SSL_F_DTLS1_GET_HELLO_VERIFY), "DTLS1_GET_HELLO_VERIFY"},
-    {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE), "dtls1_get_message"},
-    {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT),
-     "DTLS1_GET_MESSAGE_FRAGMENT"},
-    {ERR_FUNC(SSL_F_DTLS1_GET_RECORD), "dtls1_get_record"},
-    {ERR_FUNC(SSL_F_DTLS1_HANDLE_TIMEOUT), "dtls1_handle_timeout"},
-    {ERR_FUNC(SSL_F_DTLS1_HEARTBEAT), "dtls1_heartbeat"},
-    {ERR_FUNC(SSL_F_DTLS1_OUTPUT_CERT_CHAIN), "dtls1_output_cert_chain"},
-    {ERR_FUNC(SSL_F_DTLS1_PREPROCESS_FRAGMENT), "DTLS1_PREPROCESS_FRAGMENT"},
-    {ERR_FUNC(SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS),
-     "DTLS1_PROCESS_BUFFERED_RECORDS"},
-    {ERR_FUNC(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE),
-     "DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE"},
-    {ERR_FUNC(SSL_F_DTLS1_PROCESS_RECORD), "DTLS1_PROCESS_RECORD"},
-    {ERR_FUNC(SSL_F_DTLS1_READ_BYTES), "dtls1_read_bytes"},
-    {ERR_FUNC(SSL_F_DTLS1_READ_FAILED), "dtls1_read_failed"},
-    {ERR_FUNC(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST),
-     "dtls1_send_certificate_request"},
-    {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE),
-     "dtls1_send_client_certificate"},
-    {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE),
-     "dtls1_send_client_key_exchange"},
-    {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_VERIFY), "dtls1_send_client_verify"},
-    {ERR_FUNC(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST),
-     "DTLS1_SEND_HELLO_VERIFY_REQUEST"},
-    {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE),
-     "dtls1_send_server_certificate"},
-    {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_HELLO), "dtls1_send_server_hello"},
-    {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE),
-     "dtls1_send_server_key_exchange"},
-    {ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES),
+static const ERR_STRING_DATA SSL_str_functs[] = {
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_ADD_CLIENT_KEY_SHARE_EXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_ADD_KEY_SHARE, 0), "add_key_share"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_BYTES_TO_CIPHER_LIST, 0),
+     "bytes_to_cipher_list"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_CHECK_SUITEB_CIPHER_LIST, 0),
+     "check_suiteb_cipher_list"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_CIPHERSUITE_CB, 0), "ciphersuite_cb"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_CONSTRUCT_CA_NAMES, 0), "construct_ca_names"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_CONSTRUCT_KEY_EXCHANGE_TBS, 0),
+     "construct_key_exchange_tbs"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_CONSTRUCT_STATEFUL_TICKET, 0),
+     "construct_stateful_ticket"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_CONSTRUCT_STATELESS_TICKET, 0),
+     "construct_stateless_ticket"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_CREATE_SYNTHETIC_MESSAGE_HASH, 0),
+     "create_synthetic_message_hash"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_CREATE_TICKET_PREQUEL, 0),
+     "create_ticket_prequel"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_CT_MOVE_SCTS, 0), "ct_move_scts"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_CT_STRICT, 0), "ct_strict"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_CUSTOM_EXT_ADD, 0), "custom_ext_add"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_CUSTOM_EXT_PARSE, 0), "custom_ext_parse"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_D2I_SSL_SESSION, 0), "d2i_SSL_SESSION"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DANE_CTX_ENABLE, 0), "dane_ctx_enable"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DANE_MTYPE_SET, 0), "dane_mtype_set"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DANE_TLSA_ADD, 0), "dane_tlsa_add"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DERIVE_SECRET_KEY_AND_IV, 0),
+     "derive_secret_key_and_iv"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DO_DTLS1_WRITE, 0), "do_dtls1_write"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DO_SSL3_WRITE, 0), "do_ssl3_write"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_BUFFER_RECORD, 0),
+     "dtls1_buffer_record"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_CHECK_TIMEOUT_NUM, 0),
+     "dtls1_check_timeout_num"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_HEARTBEAT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_HM_FRAGMENT_NEW, 0),
+     "dtls1_hm_fragment_new"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_PREPROCESS_FRAGMENT, 0),
+     "dtls1_preprocess_fragment"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS, 0),
+     "dtls1_process_buffered_records"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_PROCESS_RECORD, 0),
+     "dtls1_process_record"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_READ_BYTES, 0), "dtls1_read_bytes"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_READ_FAILED, 0), "dtls1_read_failed"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_RETRANSMIT_MESSAGE, 0),
+     "dtls1_retransmit_message"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_WRITE_APP_DATA_BYTES, 0),
      "dtls1_write_app_data_bytes"},
-    {ERR_FUNC(SSL_F_GET_CLIENT_FINISHED), "GET_CLIENT_FINISHED"},
-    {ERR_FUNC(SSL_F_GET_CLIENT_HELLO), "GET_CLIENT_HELLO"},
-    {ERR_FUNC(SSL_F_GET_CLIENT_MASTER_KEY), "GET_CLIENT_MASTER_KEY"},
-    {ERR_FUNC(SSL_F_GET_SERVER_FINISHED), "GET_SERVER_FINISHED"},
-    {ERR_FUNC(SSL_F_GET_SERVER_HELLO), "GET_SERVER_HELLO"},
-    {ERR_FUNC(SSL_F_GET_SERVER_STATIC_DH_KEY), "GET_SERVER_STATIC_DH_KEY"},
-    {ERR_FUNC(SSL_F_GET_SERVER_VERIFY), "GET_SERVER_VERIFY"},
-    {ERR_FUNC(SSL_F_I2D_SSL_SESSION), "i2d_SSL_SESSION"},
-    {ERR_FUNC(SSL_F_READ_N), "READ_N"},
-    {ERR_FUNC(SSL_F_REQUEST_CERTIFICATE), "REQUEST_CERTIFICATE"},
-    {ERR_FUNC(SSL_F_SERVER_FINISH), "SERVER_FINISH"},
-    {ERR_FUNC(SSL_F_SERVER_HELLO), "SERVER_HELLO"},
-    {ERR_FUNC(SSL_F_SERVER_VERIFY), "SERVER_VERIFY"},
-    {ERR_FUNC(SSL_F_SSL23_ACCEPT), "ssl23_accept"},
-    {ERR_FUNC(SSL_F_SSL23_CLIENT_HELLO), "SSL23_CLIENT_HELLO"},
-    {ERR_FUNC(SSL_F_SSL23_CONNECT), "ssl23_connect"},
-    {ERR_FUNC(SSL_F_SSL23_GET_CLIENT_HELLO), "SSL23_GET_CLIENT_HELLO"},
-    {ERR_FUNC(SSL_F_SSL23_GET_SERVER_HELLO), "SSL23_GET_SERVER_HELLO"},
-    {ERR_FUNC(SSL_F_SSL23_PEEK), "ssl23_peek"},
-    {ERR_FUNC(SSL_F_SSL23_READ), "ssl23_read"},
-    {ERR_FUNC(SSL_F_SSL23_WRITE), "ssl23_write"},
-    {ERR_FUNC(SSL_F_SSL2_ACCEPT), "ssl2_accept"},
-    {ERR_FUNC(SSL_F_SSL2_CONNECT), "ssl2_connect"},
-    {ERR_FUNC(SSL_F_SSL2_ENC_INIT), "ssl2_enc_init"},
-    {ERR_FUNC(SSL_F_SSL2_GENERATE_KEY_MATERIAL),
-     "ssl2_generate_key_material"},
-    {ERR_FUNC(SSL_F_SSL2_PEEK), "ssl2_peek"},
-    {ERR_FUNC(SSL_F_SSL2_READ), "ssl2_read"},
-    {ERR_FUNC(SSL_F_SSL2_READ_INTERNAL), "SSL2_READ_INTERNAL"},
-    {ERR_FUNC(SSL_F_SSL2_SET_CERTIFICATE), "ssl2_set_certificate"},
-    {ERR_FUNC(SSL_F_SSL2_WRITE), "ssl2_write"},
-    {ERR_FUNC(SSL_F_SSL3_ACCEPT), "ssl3_accept"},
-    {ERR_FUNC(SSL_F_SSL3_ADD_CERT_TO_BUF), "SSL3_ADD_CERT_TO_BUF"},
-    {ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "ssl3_callback_ctrl"},
-    {ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE), "ssl3_change_cipher_state"},
-    {ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM),
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_WRITE_BYTES, 0), "dtls1_write_bytes"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLSV1_LISTEN, 0), "DTLSv1_listen"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC, 0),
+     "dtls_construct_change_cipher_spec"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST, 0),
+     "dtls_construct_hello_verify_request"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS_GET_REASSEMBLED_MESSAGE, 0),
+     "dtls_get_reassembled_message"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS_PROCESS_HELLO_VERIFY, 0),
+     "dtls_process_hello_verify"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS_RECORD_LAYER_NEW, 0),
+     "DTLS_RECORD_LAYER_new"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS_WAIT_FOR_DRY, 0), "dtls_wait_for_dry"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_EARLY_DATA_COUNT_OK, 0),
+     "early_data_count_ok"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_EARLY_DATA, 0), "final_early_data"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_EC_PT_FORMATS, 0),
+     "final_ec_pt_formats"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_EMS, 0), "final_ems"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_KEY_SHARE, 0), "final_key_share"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_MAXFRAGMENTLEN, 0),
+     "final_maxfragmentlen"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_RENEGOTIATE, 0), "final_renegotiate"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_SERVER_NAME, 0), "final_server_name"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_SIG_ALGS, 0), "final_sig_algs"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_GET_CERT_VERIFY_TBS_DATA, 0),
+     "get_cert_verify_tbs_data"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_NSS_KEYLOG_INT, 0), "nss_keylog_int"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_OPENSSL_INIT_SSL, 0), "OPENSSL_init_ssl"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_CLIENT13_READ_TRANSITION, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_CLIENT13_WRITE_TRANSITION, 0),
+     "ossl_statem_client13_write_transition"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_CLIENT_CONSTRUCT_MESSAGE, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_CLIENT_POST_PROCESS_MESSAGE, 0),
+     "ossl_statem_client_post_process_message"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_CLIENT_PROCESS_MESSAGE, 0),
+     "ossl_statem_client_process_message"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION, 0),
+     "ossl_statem_client_read_transition"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_CLIENT_WRITE_TRANSITION, 0),
+     "ossl_statem_client_write_transition"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER13_READ_TRANSITION, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER13_WRITE_TRANSITION, 0),
+     "ossl_statem_server13_write_transition"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER_POST_PROCESS_MESSAGE, 0),
+     "ossl_statem_server_post_process_message"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER_POST_WORK, 0),
+     "ossl_statem_server_post_work"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER_PROCESS_MESSAGE, 0),
+     "ossl_statem_server_process_message"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION, 0),
+     "ossl_statem_server_read_transition"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER_WRITE_TRANSITION, 0),
+     "ossl_statem_server_write_transition"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_PARSE_CA_NAMES, 0), "parse_ca_names"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_PITEM_NEW, 0), "pitem_new"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_PQUEUE_NEW, 0), "pqueue_new"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_PROCESS_KEY_SHARE_EXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_READ_STATE_MACHINE, 0), "read_state_machine"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SET_CLIENT_CIPHERSUITE, 0),
+     "set_client_ciphersuite"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET, 0),
+     "srp_generate_client_master_secret"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SRP_GENERATE_SERVER_MASTER_SECRET, 0),
+     "srp_generate_server_master_secret"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SRP_VERIFY_SERVER_PARAM, 0),
+     "srp_verify_server_param"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_CHANGE_CIPHER_STATE, 0),
+     "ssl3_change_cipher_state"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, 0),
      "ssl3_check_cert_and_algorithm"},
-    {ERR_FUNC(SSL_F_SSL3_CHECK_CLIENT_HELLO), "ssl3_check_client_hello"},
-    {ERR_FUNC(SSL_F_SSL3_CHECK_FINISHED), "SSL3_CHECK_FINISHED"},
-    {ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO), "ssl3_client_hello"},
-    {ERR_FUNC(SSL_F_SSL3_CONNECT), "ssl3_connect"},
-    {ERR_FUNC(SSL_F_SSL3_CTRL), "ssl3_ctrl"},
-    {ERR_FUNC(SSL_F_SSL3_CTX_CTRL), "ssl3_ctx_ctrl"},
-    {ERR_FUNC(SSL_F_SSL3_DIGEST_CACHED_RECORDS),
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_CTRL, 0), "ssl3_ctrl"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_CTX_CTRL, 0), "ssl3_ctx_ctrl"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_DIGEST_CACHED_RECORDS, 0),
      "ssl3_digest_cached_records"},
-    {ERR_FUNC(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC),
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, 0),
      "ssl3_do_change_cipher_spec"},
-    {ERR_FUNC(SSL_F_SSL3_ENC), "ssl3_enc"},
-    {ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"},
-    {ERR_FUNC(SSL_F_SSL3_GENERATE_MASTER_SECRET),
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_ENC, 0), "ssl3_enc"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_FINAL_FINISH_MAC, 0),
+     "ssl3_final_finish_mac"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_FINISH_MAC, 0), "ssl3_finish_mac"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_GENERATE_KEY_BLOCK, 0),
+     "ssl3_generate_key_block"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_GENERATE_MASTER_SECRET, 0),
      "ssl3_generate_master_secret"},
-    {ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST),
-     "ssl3_get_certificate_request"},
-    {ERR_FUNC(SSL_F_SSL3_GET_CERT_STATUS), "ssl3_get_cert_status"},
-    {ERR_FUNC(SSL_F_SSL3_GET_CERT_VERIFY), "ssl3_get_cert_verify"},
-    {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_CERTIFICATE),
-     "ssl3_get_client_certificate"},
-    {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_HELLO), "ssl3_get_client_hello"},
-    {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE),
-     "ssl3_get_client_key_exchange"},
-    {ERR_FUNC(SSL_F_SSL3_GET_FINISHED), "ssl3_get_finished"},
-    {ERR_FUNC(SSL_F_SSL3_GET_KEY_EXCHANGE), "ssl3_get_key_exchange"},
-    {ERR_FUNC(SSL_F_SSL3_GET_MESSAGE), "ssl3_get_message"},
-    {ERR_FUNC(SSL_F_SSL3_GET_NEW_SESSION_TICKET),
-     "ssl3_get_new_session_ticket"},
-    {ERR_FUNC(SSL_F_SSL3_GET_NEXT_PROTO), "ssl3_get_next_proto"},
-    {ERR_FUNC(SSL_F_SSL3_GET_RECORD), "SSL3_GET_RECORD"},
-    {ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE),
-     "ssl3_get_server_certificate"},
-    {ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE), "ssl3_get_server_done"},
-    {ERR_FUNC(SSL_F_SSL3_GET_SERVER_HELLO), "ssl3_get_server_hello"},
-    {ERR_FUNC(SSL_F_SSL3_HANDSHAKE_MAC), "ssl3_handshake_mac"},
-    {ERR_FUNC(SSL_F_SSL3_NEW_SESSION_TICKET), "SSL3_NEW_SESSION_TICKET"},
-    {ERR_FUNC(SSL_F_SSL3_OUTPUT_CERT_CHAIN), "ssl3_output_cert_chain"},
-    {ERR_FUNC(SSL_F_SSL3_PEEK), "ssl3_peek"},
-    {ERR_FUNC(SSL_F_SSL3_READ_BYTES), "ssl3_read_bytes"},
-    {ERR_FUNC(SSL_F_SSL3_READ_N), "ssl3_read_n"},
-    {ERR_FUNC(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST),
-     "ssl3_send_certificate_request"},
-    {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE),
-     "ssl3_send_client_certificate"},
-    {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE),
-     "ssl3_send_client_key_exchange"},
-    {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_VERIFY), "ssl3_send_client_verify"},
-    {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_CERTIFICATE),
-     "ssl3_send_server_certificate"},
-    {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_HELLO), "ssl3_send_server_hello"},
-    {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE),
-     "ssl3_send_server_key_exchange"},
-    {ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK), "ssl3_setup_key_block"},
-    {ERR_FUNC(SSL_F_SSL3_SETUP_READ_BUFFER), "ssl3_setup_read_buffer"},
-    {ERR_FUNC(SSL_F_SSL3_SETUP_WRITE_BUFFER), "ssl3_setup_write_buffer"},
-    {ERR_FUNC(SSL_F_SSL3_WRITE_BYTES), "ssl3_write_bytes"},
-    {ERR_FUNC(SSL_F_SSL3_WRITE_PENDING), "ssl3_write_pending"},
-    {ERR_FUNC(SSL_F_SSL_ADD_CERT_CHAIN), "ssl_add_cert_chain"},
-    {ERR_FUNC(SSL_F_SSL_ADD_CERT_TO_BUF), "SSL_ADD_CERT_TO_BUF"},
-    {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT),
-     "ssl_add_clienthello_renegotiate_ext"},
-    {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT),
-     "ssl_add_clienthello_tlsext"},
-    {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT),
-     "ssl_add_clienthello_use_srtp_ext"},
-    {ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK),
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_GET_RECORD, 0), "ssl3_get_record"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_INIT_FINISHED_MAC, 0),
+     "ssl3_init_finished_mac"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_OUTPUT_CERT_CHAIN, 0),
+     "ssl3_output_cert_chain"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_READ_BYTES, 0), "ssl3_read_bytes"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_READ_N, 0), "ssl3_read_n"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_SETUP_KEY_BLOCK, 0),
+     "ssl3_setup_key_block"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_SETUP_READ_BUFFER, 0),
+     "ssl3_setup_read_buffer"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_SETUP_WRITE_BUFFER, 0),
+     "ssl3_setup_write_buffer"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_WRITE_BYTES, 0), "ssl3_write_bytes"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_WRITE_PENDING, 0), "ssl3_write_pending"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_CERT_CHAIN, 0), "ssl_add_cert_chain"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_CERT_TO_BUF, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_CERT_TO_WPACKET, 0),
+     "ssl_add_cert_to_wpacket"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, 0),
      "SSL_add_dir_cert_subjects_to_stack"},
-    {ERR_FUNC(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK),
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK, 0),
      "SSL_add_file_cert_subjects_to_stack"},
-    {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT),
-     "ssl_add_serverhello_renegotiate_ext"},
-    {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT),
-     "ssl_add_serverhello_tlsext"},
-    {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT),
-     "ssl_add_serverhello_use_srtp_ext"},
-    {ERR_FUNC(SSL_F_SSL_BAD_METHOD), "ssl_bad_method"},
-    {ERR_FUNC(SSL_F_SSL_BUILD_CERT_CHAIN), "ssl_build_cert_chain"},
-    {ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST), "ssl_bytes_to_cipher_list"},
-    {ERR_FUNC(SSL_F_SSL_CERT_DUP), "ssl_cert_dup"},
-    {ERR_FUNC(SSL_F_SSL_CERT_INST), "ssl_cert_inst"},
-    {ERR_FUNC(SSL_F_SSL_CERT_INSTANTIATE), "SSL_CERT_INSTANTIATE"},
-    {ERR_FUNC(SSL_F_SSL_CERT_NEW), "ssl_cert_new"},
-    {ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY), "SSL_check_private_key"},
-    {ERR_FUNC(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT),
-     "SSL_CHECK_SERVERHELLO_TLSEXT"},
-    {ERR_FUNC(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG),
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_BAD_METHOD, 0), "ssl_bad_method"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_BUILD_CERT_CHAIN, 0),
+     "ssl_build_cert_chain"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_BYTES_TO_CIPHER_LIST, 0),
+     "SSL_bytes_to_cipher_list"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CACHE_CIPHERLIST, 0),
+     "ssl_cache_cipherlist"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CERT_ADD0_CHAIN_CERT, 0),
+     "ssl_cert_add0_chain_cert"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CERT_DUP, 0), "ssl_cert_dup"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CERT_NEW, 0), "ssl_cert_new"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CERT_SET0_CHAIN, 0),
+     "ssl_cert_set0_chain"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CHECK_PRIVATE_KEY, 0),
+     "SSL_check_private_key"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CHECK_SRP_EXT_CLIENTHELLO, 0),
+     "ssl_check_srp_ext_ClientHello"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, 0),
      "ssl_check_srvr_ecc_cert_and_alg"},
-    {ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR),
-     "SSL_CIPHER_PROCESS_RULESTR"},
-    {ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT), "SSL_CIPHER_STRENGTH_SORT"},
-    {ERR_FUNC(SSL_F_SSL_CLEAR), "SSL_clear"},
-    {ERR_FUNC(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD),
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CHOOSE_CLIENT_VERSION, 0),
+     "ssl_choose_client_version"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CIPHER_DESCRIPTION, 0),
+     "SSL_CIPHER_description"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CIPHER_LIST_TO_BYTES, 0),
+     "ssl_cipher_list_to_bytes"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CIPHER_PROCESS_RULESTR, 0),
+     "ssl_cipher_process_rulestr"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CIPHER_STRENGTH_SORT, 0),
+     "ssl_cipher_strength_sort"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CLEAR, 0), "SSL_clear"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CLIENT_HELLO_GET1_EXTENSIONS_PRESENT, 0),
+     "SSL_client_hello_get1_extensions_present"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, 0),
      "SSL_COMP_add_compression_method"},
-    {ERR_FUNC(SSL_F_SSL_CONF_CMD), "SSL_CONF_cmd"},
-    {ERR_FUNC(SSL_F_SSL_CREATE_CIPHER_LIST), "ssl_create_cipher_list"},
-    {ERR_FUNC(SSL_F_SSL_CTRL), "SSL_ctrl"},
-    {ERR_FUNC(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY), "SSL_CTX_check_private_key"},
-    {ERR_FUNC(SSL_F_SSL_CTX_MAKE_PROFILES), "SSL_CTX_MAKE_PROFILES"},
-    {ERR_FUNC(SSL_F_SSL_CTX_NEW), "SSL_CTX_new"},
-    {ERR_FUNC(SSL_F_SSL_CTX_SET_CIPHER_LIST), "SSL_CTX_set_cipher_list"},
-    {ERR_FUNC(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE),
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CONF_CMD, 0), "SSL_CONF_cmd"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CREATE_CIPHER_LIST, 0),
+     "ssl_create_cipher_list"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTRL, 0), "SSL_ctrl"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, 0),
+     "SSL_CTX_check_private_key"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_ENABLE_CT, 0), "SSL_CTX_enable_ct"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_MAKE_PROFILES, 0),
+     "ssl_ctx_make_profiles"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_NEW, 0), "SSL_CTX_new"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_SET_ALPN_PROTOS, 0),
+     "SSL_CTX_set_alpn_protos"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_SET_CIPHER_LIST, 0),
+     "SSL_CTX_set_cipher_list"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, 0),
      "SSL_CTX_set_client_cert_engine"},
-    {ERR_FUNC(SSL_F_SSL_CTX_SET_PURPOSE), "SSL_CTX_set_purpose"},
-    {ERR_FUNC(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT),
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK, 0),
+     "SSL_CTX_set_ct_validation_callback"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT, 0),
      "SSL_CTX_set_session_id_context"},
-    {ERR_FUNC(SSL_F_SSL_CTX_SET_SSL_VERSION), "SSL_CTX_set_ssl_version"},
-    {ERR_FUNC(SSL_F_SSL_CTX_SET_TRUST), "SSL_CTX_set_trust"},
-    {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE), "SSL_CTX_use_certificate"},
-    {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1),
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_SET_SSL_VERSION, 0),
+     "SSL_CTX_set_ssl_version"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_SET_TLSEXT_MAX_FRAGMENT_LENGTH, 0),
+     "SSL_CTX_set_tlsext_max_fragment_length"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_CERTIFICATE, 0),
+     "SSL_CTX_use_certificate"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1, 0),
      "SSL_CTX_use_certificate_ASN1"},
-    {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE),
-     "SSL_CTX_use_certificate_chain_file"},
-    {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE),
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, 0),
      "SSL_CTX_use_certificate_file"},
-    {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY), "SSL_CTX_use_PrivateKey"},
-    {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1),
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_PRIVATEKEY, 0),
+     "SSL_CTX_use_PrivateKey"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1, 0),
      "SSL_CTX_use_PrivateKey_ASN1"},
-    {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE),
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, 0),
      "SSL_CTX_use_PrivateKey_file"},
-    {ERR_FUNC(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT),
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, 0),
      "SSL_CTX_use_psk_identity_hint"},
-    {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY), "SSL_CTX_use_RSAPrivateKey"},
-    {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1),
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, 0),
+     "SSL_CTX_use_RSAPrivateKey"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1, 0),
      "SSL_CTX_use_RSAPrivateKey_ASN1"},
-    {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE),
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, 0),
      "SSL_CTX_use_RSAPrivateKey_file"},
-    {ERR_FUNC(SSL_F_SSL_CTX_USE_SERVERINFO), "SSL_CTX_use_serverinfo"},
-    {ERR_FUNC(SSL_F_SSL_CTX_USE_SERVERINFO_FILE),
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_SERVERINFO, 0),
+     "SSL_CTX_use_serverinfo"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_SERVERINFO_EX, 0),
+     "SSL_CTX_use_serverinfo_ex"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_SERVERINFO_FILE, 0),
      "SSL_CTX_use_serverinfo_file"},
-    {ERR_FUNC(SSL_F_SSL_DO_HANDSHAKE), "SSL_do_handshake"},
-    {ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION), "ssl_get_new_session"},
-    {ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION), "ssl_get_prev_session"},
-    {ERR_FUNC(SSL_F_SSL_GET_SERVER_CERT_INDEX), "SSL_GET_SERVER_CERT_INDEX"},
-    {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT), "SSL_GET_SERVER_SEND_CERT"},
-    {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_PKEY), "ssl_get_server_send_pkey"},
-    {ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY), "ssl_get_sign_pkey"},
-    {ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "ssl_init_wbio_buffer"},
-    {ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"},
-    {ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"},
-    {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT),
-     "ssl_parse_clienthello_renegotiate_ext"},
-    {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT),
-     "ssl_parse_clienthello_tlsext"},
-    {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT),
-     "ssl_parse_clienthello_use_srtp_ext"},
-    {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT),
-     "ssl_parse_serverhello_renegotiate_ext"},
-    {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT),
-     "ssl_parse_serverhello_tlsext"},
-    {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT),
-     "ssl_parse_serverhello_use_srtp_ext"},
-    {ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"},
-    {ERR_FUNC(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT),
-     "ssl_prepare_clienthello_tlsext"},
-    {ERR_FUNC(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT),
-     "ssl_prepare_serverhello_tlsext"},
-    {ERR_FUNC(SSL_F_SSL_READ), "SSL_read"},
-    {ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT), "SSL_RSA_PRIVATE_DECRYPT"},
-    {ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT), "SSL_RSA_PUBLIC_ENCRYPT"},
-    {ERR_FUNC(SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT),
-     "SSL_SCAN_CLIENTHELLO_TLSEXT"},
-    {ERR_FUNC(SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT),
-     "SSL_SCAN_SERVERHELLO_TLSEXT"},
-    {ERR_FUNC(SSL_F_SSL_SESSION_DUP), "ssl_session_dup"},
-    {ERR_FUNC(SSL_F_SSL_SESSION_NEW), "SSL_SESSION_new"},
-    {ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"},
-    {ERR_FUNC(SSL_F_SSL_SESSION_SET1_ID_CONTEXT),
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_DANE_DUP, 0), "ssl_dane_dup"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_DANE_ENABLE, 0), "SSL_dane_enable"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_DERIVE, 0), "ssl_derive"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_DO_CONFIG, 0), "ssl_do_config"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_DO_HANDSHAKE, 0), "SSL_do_handshake"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_DUP_CA_LIST, 0), "SSL_dup_CA_list"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ENABLE_CT, 0), "SSL_enable_ct"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_GENERATE_PKEY_GROUP, 0),
+     "ssl_generate_pkey_group"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_GENERATE_SESSION_ID, 0),
+     "ssl_generate_session_id"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_GET_NEW_SESSION, 0),
+     "ssl_get_new_session"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_GET_PREV_SESSION, 0),
+     "ssl_get_prev_session"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_GET_SERVER_CERT_INDEX, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_GET_SIGN_PKEY, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_HANDSHAKE_HASH, 0), "ssl_handshake_hash"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_INIT_WBIO_BUFFER, 0),
+     "ssl_init_wbio_buffer"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_KEY_UPDATE, 0), "SSL_key_update"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_LOAD_CLIENT_CA_FILE, 0),
+     "SSL_load_client_CA_file"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_LOG_MASTER_SECRET, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE, 0),
+     "ssl_log_rsa_client_key_exchange"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_MODULE_INIT, 0), "ssl_module_init"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_NEW, 0), "SSL_new"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_NEXT_PROTO_VALIDATE, 0),
+     "ssl_next_proto_validate"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PEEK, 0), "SSL_peek"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PEEK_EX, 0), "SSL_peek_ex"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PEEK_INTERNAL, 0), "ssl_peek_internal"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_READ, 0), "SSL_read"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_READ_EARLY_DATA, 0),
+     "SSL_read_early_data"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_READ_EX, 0), "SSL_read_ex"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_READ_INTERNAL, 0), "ssl_read_internal"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_RENEGOTIATE, 0), "SSL_renegotiate"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_RENEGOTIATE_ABBREVIATED, 0),
+     "SSL_renegotiate_abbreviated"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SESSION_DUP, 0), "ssl_session_dup"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SESSION_NEW, 0), "SSL_SESSION_new"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SESSION_PRINT_FP, 0),
+     "SSL_SESSION_print_fp"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SESSION_SET1_ID, 0),
+     "SSL_SESSION_set1_id"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SESSION_SET1_ID_CONTEXT, 0),
      "SSL_SESSION_set1_id_context"},
-    {ERR_FUNC(SSL_F_SSL_SESS_CERT_NEW), "ssl_sess_cert_new"},
-    {ERR_FUNC(SSL_F_SSL_SET_CERT), "SSL_SET_CERT"},
-    {ERR_FUNC(SSL_F_SSL_SET_CIPHER_LIST), "SSL_set_cipher_list"},
-    {ERR_FUNC(SSL_F_SSL_SET_FD), "SSL_set_fd"},
-    {ERR_FUNC(SSL_F_SSL_SET_PKEY), "SSL_SET_PKEY"},
-    {ERR_FUNC(SSL_F_SSL_SET_PURPOSE), "SSL_set_purpose"},
-    {ERR_FUNC(SSL_F_SSL_SET_RFD), "SSL_set_rfd"},
-    {ERR_FUNC(SSL_F_SSL_SET_SESSION), "SSL_set_session"},
-    {ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT),
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_ALPN_PROTOS, 0),
+     "SSL_set_alpn_protos"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_CERT, 0), "ssl_set_cert"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_CERT_AND_KEY, 0),
+     "ssl_set_cert_and_key"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_CIPHER_LIST, 0),
+     "SSL_set_cipher_list"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_CT_VALIDATION_CALLBACK, 0),
+     "SSL_set_ct_validation_callback"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_FD, 0), "SSL_set_fd"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_PKEY, 0), "ssl_set_pkey"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_RFD, 0), "SSL_set_rfd"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_SESSION, 0), "SSL_set_session"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_SESSION_ID_CONTEXT, 0),
      "SSL_set_session_id_context"},
-    {ERR_FUNC(SSL_F_SSL_SET_SESSION_TICKET_EXT),
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_SESSION_TICKET_EXT, 0),
      "SSL_set_session_ticket_ext"},
-    {ERR_FUNC(SSL_F_SSL_SET_TRUST), "SSL_set_trust"},
-    {ERR_FUNC(SSL_F_SSL_SET_WFD), "SSL_set_wfd"},
-    {ERR_FUNC(SSL_F_SSL_SHUTDOWN), "SSL_shutdown"},
-    {ERR_FUNC(SSL_F_SSL_SRP_CTX_INIT), "SSL_SRP_CTX_init"},
-    {ERR_FUNC(SSL_F_SSL_UNDEFINED_CONST_FUNCTION),
-     "ssl_undefined_const_function"},
-    {ERR_FUNC(SSL_F_SSL_UNDEFINED_FUNCTION), "ssl_undefined_function"},
-    {ERR_FUNC(SSL_F_SSL_UNDEFINED_VOID_FUNCTION),
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_TLSEXT_MAX_FRAGMENT_LENGTH, 0),
+     "SSL_set_tlsext_max_fragment_length"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_WFD, 0), "SSL_set_wfd"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SHUTDOWN, 0), "SSL_shutdown"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SRP_CTX_INIT, 0), "SSL_SRP_CTX_init"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_START_ASYNC_JOB, 0),
+     "ssl_start_async_job"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_UNDEFINED_FUNCTION, 0),
+     "ssl_undefined_function"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_UNDEFINED_VOID_FUNCTION, 0),
      "ssl_undefined_void_function"},
-    {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE), "SSL_use_certificate"},
-    {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_ASN1), "SSL_use_certificate_ASN1"},
-    {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_FILE), "SSL_use_certificate_file"},
-    {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY), "SSL_use_PrivateKey"},
-    {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_ASN1), "SSL_use_PrivateKey_ASN1"},
-    {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_FILE), "SSL_use_PrivateKey_file"},
-    {ERR_FUNC(SSL_F_SSL_USE_PSK_IDENTITY_HINT), "SSL_use_psk_identity_hint"},
-    {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY), "SSL_use_RSAPrivateKey"},
-    {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1),
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_CERTIFICATE, 0),
+     "SSL_use_certificate"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_CERTIFICATE_ASN1, 0),
+     "SSL_use_certificate_ASN1"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_CERTIFICATE_FILE, 0),
+     "SSL_use_certificate_file"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_PRIVATEKEY, 0), "SSL_use_PrivateKey"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_PRIVATEKEY_ASN1, 0),
+     "SSL_use_PrivateKey_ASN1"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_PRIVATEKEY_FILE, 0),
+     "SSL_use_PrivateKey_file"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_PSK_IDENTITY_HINT, 0),
+     "SSL_use_psk_identity_hint"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_RSAPRIVATEKEY, 0),
+     "SSL_use_RSAPrivateKey"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1, 0),
      "SSL_use_RSAPrivateKey_ASN1"},
-    {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE),
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, 0),
      "SSL_use_RSAPrivateKey_file"},
-    {ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN), "ssl_verify_cert_chain"},
-    {ERR_FUNC(SSL_F_SSL_WRITE), "SSL_write"},
-    {ERR_FUNC(SSL_F_TLS12_CHECK_PEER_SIGALG), "tls12_check_peer_sigalg"},
-    {ERR_FUNC(SSL_F_TLS1_CERT_VERIFY_MAC), "tls1_cert_verify_mac"},
-    {ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE), "tls1_change_cipher_state"},
-    {ERR_FUNC(SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT),
-     "TLS1_CHECK_SERVERHELLO_TLSEXT"},
-    {ERR_FUNC(SSL_F_TLS1_ENC), "tls1_enc"},
-    {ERR_FUNC(SSL_F_TLS1_EXPORT_KEYING_MATERIAL),
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_VALIDATE_CT, 0), "ssl_validate_ct"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_VERIFY_CERT_CHAIN, 0),
+     "ssl_verify_cert_chain"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, 0),
+     "SSL_verify_client_post_handshake"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_WRITE, 0), "SSL_write"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_WRITE_EARLY_DATA, 0),
+     "SSL_write_early_data"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_WRITE_EARLY_FINISH, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_WRITE_EX, 0), "SSL_write_ex"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_WRITE_INTERNAL, 0), "ssl_write_internal"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_STATE_MACHINE, 0), "state_machine"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS12_CHECK_PEER_SIGALG, 0),
+     "tls12_check_peer_sigalg"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS12_COPY_SIGALGS, 0), "tls12_copy_sigalgs"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS13_CHANGE_CIPHER_STATE, 0),
+     "tls13_change_cipher_state"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS13_ENC, 0), "tls13_enc"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS13_FINAL_FINISH_MAC, 0),
+     "tls13_final_finish_mac"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS13_GENERATE_SECRET, 0),
+     "tls13_generate_secret"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS13_HKDF_EXPAND, 0), "tls13_hkdf_expand"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS13_RESTORE_HANDSHAKE_DIGEST_FOR_PHA, 0),
+     "tls13_restore_handshake_digest_for_pha"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS13_SAVE_HANDSHAKE_DIGEST_FOR_PHA, 0),
+     "tls13_save_handshake_digest_for_pha"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS13_SETUP_KEY_BLOCK, 0),
+     "tls13_setup_key_block"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_CHANGE_CIPHER_STATE, 0),
+     "tls1_change_cipher_state"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_ENC, 0), "tls1_enc"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_EXPORT_KEYING_MATERIAL, 0),
      "tls1_export_keying_material"},
-    {ERR_FUNC(SSL_F_TLS1_GET_CURVELIST), "TLS1_GET_CURVELIST"},
-    {ERR_FUNC(SSL_F_TLS1_HEARTBEAT), "tls1_heartbeat"},
-    {ERR_FUNC(SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT),
-     "TLS1_PREPARE_CLIENTHELLO_TLSEXT"},
-    {ERR_FUNC(SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT),
-     "TLS1_PREPARE_SERVERHELLO_TLSEXT"},
-    {ERR_FUNC(SSL_F_TLS1_PRF), "tls1_prf"},
-    {ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "tls1_setup_key_block"},
-    {ERR_FUNC(SSL_F_TLS1_SET_SERVER_SIGALGS), "tls1_set_server_sigalgs"},
-    {ERR_FUNC(SSL_F_WRITE_PENDING), "WRITE_PENDING"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_GET_CURVELIST, 0), "tls1_get_curvelist"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_PRF, 0), "tls1_PRF"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_SAVE_U16, 0), "tls1_save_u16"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_SETUP_KEY_BLOCK, 0),
+     "tls1_setup_key_block"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_SET_GROUPS, 0), "tls1_set_groups"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_SET_RAW_SIGALGS, 0),
+     "tls1_set_raw_sigalgs"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_SET_SERVER_SIGALGS, 0),
+     "tls1_set_server_sigalgs"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_SET_SHARED_SIGALGS, 0),
+     "tls1_set_shared_sigalgs"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_SET_SIGALGS, 0), "tls1_set_sigalgs"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CHOOSE_SIGALG, 0), "tls_choose_sigalg"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK, 0),
+     "tls_client_key_exchange_post_work"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_COLLECT_EXTENSIONS, 0),
+     "tls_collect_extensions"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CERTIFICATE_AUTHORITIES, 0),
+     "tls_construct_certificate_authorities"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST, 0),
+     "tls_construct_certificate_request"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CERT_STATUS, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CERT_STATUS_BODY, 0),
+     "tls_construct_cert_status_body"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CERT_VERIFY, 0),
+     "tls_construct_cert_verify"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CHANGE_CIPHER_SPEC, 0),
+     "tls_construct_change_cipher_spec"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CKE_DHE, 0),
+     "tls_construct_cke_dhe"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CKE_ECDHE, 0),
+     "tls_construct_cke_ecdhe"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CKE_GOST, 0),
+     "tls_construct_cke_gost"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, 0),
+     "tls_construct_cke_psk_preamble"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CKE_RSA, 0),
+     "tls_construct_cke_rsa"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CKE_SRP, 0),
+     "tls_construct_cke_srp"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE, 0),
+     "tls_construct_client_certificate"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, 0),
+     "tls_construct_client_hello"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, 0),
+     "tls_construct_client_key_exchange"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_ALPN, 0),
+     "tls_construct_ctos_alpn"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_CERTIFICATE, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_COOKIE, 0),
+     "tls_construct_ctos_cookie"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA, 0),
+     "tls_construct_ctos_early_data"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_EC_PT_FORMATS, 0),
+     "tls_construct_ctos_ec_pt_formats"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_EMS, 0),
+     "tls_construct_ctos_ems"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_ETM, 0),
+     "tls_construct_ctos_etm"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_HELLO, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_KEY_EXCHANGE, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE, 0),
+     "tls_construct_ctos_key_share"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_MAXFRAGMENTLEN, 0),
+     "tls_construct_ctos_maxfragmentlen"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_NPN, 0),
+     "tls_construct_ctos_npn"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_PADDING, 0),
+     "tls_construct_ctos_padding"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_POST_HANDSHAKE_AUTH, 0),
+     "tls_construct_ctos_post_handshake_auth"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_PSK, 0),
+     "tls_construct_ctos_psk"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_PSK_KEX_MODES, 0),
+     "tls_construct_ctos_psk_kex_modes"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE, 0),
+     "tls_construct_ctos_renegotiate"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_SCT, 0),
+     "tls_construct_ctos_sct"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_SERVER_NAME, 0),
+     "tls_construct_ctos_server_name"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_SESSION_TICKET, 0),
+     "tls_construct_ctos_session_ticket"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_SIG_ALGS, 0),
+     "tls_construct_ctos_sig_algs"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_SRP, 0),
+     "tls_construct_ctos_srp"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST, 0),
+     "tls_construct_ctos_status_request"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS, 0),
+     "tls_construct_ctos_supported_groups"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS, 0),
+     "tls_construct_ctos_supported_versions"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_USE_SRTP, 0),
+     "tls_construct_ctos_use_srtp"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_VERIFY, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_ENCRYPTED_EXTENSIONS, 0),
+     "tls_construct_encrypted_extensions"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_END_OF_EARLY_DATA, 0),
+     "tls_construct_end_of_early_data"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_EXTENSIONS, 0),
+     "tls_construct_extensions"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_FINISHED, 0),
+     "tls_construct_finished"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_HELLO_REQUEST, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_HELLO_RETRY_REQUEST, 0),
+     "tls_construct_hello_retry_request"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_KEY_UPDATE, 0),
+     "tls_construct_key_update"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, 0),
+     "tls_construct_new_session_ticket"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_NEXT_PROTO, 0),
+     "tls_construct_next_proto"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE, 0),
+     "tls_construct_server_certificate"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_SERVER_HELLO, 0),
+     "tls_construct_server_hello"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, 0),
+     "tls_construct_server_key_exchange"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_ALPN, 0),
+     "tls_construct_stoc_alpn"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_CERTIFICATE, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_COOKIE, 0),
+     "tls_construct_stoc_cookie"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_CRYPTOPRO_BUG, 0),
+     "tls_construct_stoc_cryptopro_bug"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_DONE, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA, 0),
+     "tls_construct_stoc_early_data"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA_INFO, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_EC_PT_FORMATS, 0),
+     "tls_construct_stoc_ec_pt_formats"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_EMS, 0),
+     "tls_construct_stoc_ems"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_ETM, 0),
+     "tls_construct_stoc_etm"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_HELLO, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_KEY_EXCHANGE, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE, 0),
+     "tls_construct_stoc_key_share"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_MAXFRAGMENTLEN, 0),
+     "tls_construct_stoc_maxfragmentlen"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_NEXT_PROTO_NEG, 0),
+     "tls_construct_stoc_next_proto_neg"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_PSK, 0),
+     "tls_construct_stoc_psk"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_RENEGOTIATE, 0),
+     "tls_construct_stoc_renegotiate"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_SERVER_NAME, 0),
+     "tls_construct_stoc_server_name"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_SESSION_TICKET, 0),
+     "tls_construct_stoc_session_ticket"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_STATUS_REQUEST, 0),
+     "tls_construct_stoc_status_request"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS, 0),
+     "tls_construct_stoc_supported_groups"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS, 0),
+     "tls_construct_stoc_supported_versions"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_USE_SRTP, 0),
+     "tls_construct_stoc_use_srtp"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, 0),
+     "tls_early_post_process_client_hello"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_FINISH_HANDSHAKE, 0),
+     "tls_finish_handshake"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_GET_MESSAGE_BODY, 0),
+     "tls_get_message_body"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_GET_MESSAGE_HEADER, 0),
+     "tls_get_message_header"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_HANDLE_ALPN, 0), "tls_handle_alpn"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_HANDLE_STATUS_REQUEST, 0),
+     "tls_handle_status_request"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CERTIFICATE_AUTHORITIES, 0),
+     "tls_parse_certificate_authorities"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CLIENTHELLO_TLSEXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_ALPN, 0),
+     "tls_parse_ctos_alpn"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_COOKIE, 0),
+     "tls_parse_ctos_cookie"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_EARLY_DATA, 0),
+     "tls_parse_ctos_early_data"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_EC_PT_FORMATS, 0),
+     "tls_parse_ctos_ec_pt_formats"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_EMS, 0), "tls_parse_ctos_ems"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_KEY_SHARE, 0),
+     "tls_parse_ctos_key_share"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_MAXFRAGMENTLEN, 0),
+     "tls_parse_ctos_maxfragmentlen"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_POST_HANDSHAKE_AUTH, 0),
+     "tls_parse_ctos_post_handshake_auth"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_PSK, 0), "tls_parse_ctos_psk"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_PSK_KEX_MODES, 0),
+     "tls_parse_ctos_psk_kex_modes"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_RENEGOTIATE, 0),
+     "tls_parse_ctos_renegotiate"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_SERVER_NAME, 0),
+     "tls_parse_ctos_server_name"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_SESSION_TICKET, 0),
+     "tls_parse_ctos_session_ticket"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_SIG_ALGS, 0),
+     "tls_parse_ctos_sig_algs"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_SIG_ALGS_CERT, 0),
+     "tls_parse_ctos_sig_algs_cert"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_SRP, 0), "tls_parse_ctos_srp"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST, 0),
+     "tls_parse_ctos_status_request"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_SUPPORTED_GROUPS, 0),
+     "tls_parse_ctos_supported_groups"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_USE_SRTP, 0),
+     "tls_parse_ctos_use_srtp"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_ALPN, 0),
+     "tls_parse_stoc_alpn"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_COOKIE, 0),
+     "tls_parse_stoc_cookie"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_EARLY_DATA, 0),
+     "tls_parse_stoc_early_data"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS, 0),
+     "tls_parse_stoc_ec_pt_formats"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_KEY_SHARE, 0),
+     "tls_parse_stoc_key_share"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN, 0),
+     "tls_parse_stoc_maxfragmentlen"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_NPN, 0), "tls_parse_stoc_npn"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_PSK, 0), "tls_parse_stoc_psk"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_RENEGOTIATE, 0),
+     "tls_parse_stoc_renegotiate"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_SCT, 0), "tls_parse_stoc_sct"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_SERVER_NAME, 0),
+     "tls_parse_stoc_server_name"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_SESSION_TICKET, 0),
+     "tls_parse_stoc_session_ticket"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_STATUS_REQUEST, 0),
+     "tls_parse_stoc_status_request"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_SUPPORTED_VERSIONS, 0),
+     "tls_parse_stoc_supported_versions"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_USE_SRTP, 0),
+     "tls_parse_stoc_use_srtp"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_POST_PROCESS_CLIENT_HELLO, 0),
+     "tls_post_process_client_hello"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE, 0),
+     "tls_post_process_client_key_exchange"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE, 0),
+     "tls_prepare_client_certificate"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_AS_HELLO_RETRY_REQUEST, 0),
+     "tls_process_as_hello_retry_request"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, 0),
+     "tls_process_certificate_request"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CERT_STATUS, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CERT_STATUS_BODY, 0),
+     "tls_process_cert_status_body"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CERT_VERIFY, 0),
+     "tls_process_cert_verify"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC, 0),
+     "tls_process_change_cipher_spec"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CKE_DHE, 0),
+     "tls_process_cke_dhe"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CKE_ECDHE, 0),
+     "tls_process_cke_ecdhe"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CKE_GOST, 0),
+     "tls_process_cke_gost"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, 0),
+     "tls_process_cke_psk_preamble"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CKE_RSA, 0),
+     "tls_process_cke_rsa"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CKE_SRP, 0),
+     "tls_process_cke_srp"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, 0),
+     "tls_process_client_certificate"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CLIENT_HELLO, 0),
+     "tls_process_client_hello"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, 0),
+     "tls_process_client_key_exchange"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_ENCRYPTED_EXTENSIONS, 0),
+     "tls_process_encrypted_extensions"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_END_OF_EARLY_DATA, 0),
+     "tls_process_end_of_early_data"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_FINISHED, 0),
+     "tls_process_finished"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_HELLO_REQ, 0),
+     "tls_process_hello_req"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_HELLO_RETRY_REQUEST, 0),
+     "tls_process_hello_retry_request"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT, 0),
+     "tls_process_initial_server_flight"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_KEY_EXCHANGE, 0),
+     "tls_process_key_exchange"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_KEY_UPDATE, 0),
+     "tls_process_key_update"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, 0),
+     "tls_process_new_session_ticket"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_NEXT_PROTO, 0),
+     "tls_process_next_proto"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, 0),
+     "tls_process_server_certificate"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_SERVER_DONE, 0),
+     "tls_process_server_done"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_SERVER_HELLO, 0),
+     "tls_process_server_hello"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_SKE_DHE, 0),
+     "tls_process_ske_dhe"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_SKE_ECDHE, 0),
+     "tls_process_ske_ecdhe"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE, 0),
+     "tls_process_ske_psk_preamble"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_SKE_SRP, 0),
+     "tls_process_ske_srp"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PSK_DO_BINDER, 0), "tls_psk_do_binder"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_SCAN_CLIENTHELLO_TLSEXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_SETUP_HANDSHAKE, 0),
+     "tls_setup_handshake"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_USE_CERTIFICATE_CHAIN_FILE, 0),
+     "use_certificate_chain_file"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_WPACKET_INTERN_INIT_LEN, 0),
+     "wpacket_intern_init_len"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_WPACKET_START_SUB_PACKET_LEN__, 0),
+     "WPACKET_start_sub_packet_len__"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_WRITE_STATE_MACHINE, 0),
+     "write_state_machine"},
     {0, NULL}
 };
 
-static ERR_STRING_DATA SSL_str_reasons[] = {
-    {ERR_REASON(SSL_R_APP_DATA_IN_HANDSHAKE), "app data in handshake"},
-    {ERR_REASON(SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT),
-     "attempt to reuse session in different context"},
-    {ERR_REASON(SSL_R_BAD_ALERT_RECORD), "bad alert record"},
-    {ERR_REASON(SSL_R_BAD_AUTHENTICATION_TYPE), "bad authentication type"},
-    {ERR_REASON(SSL_R_BAD_CHANGE_CIPHER_SPEC), "bad change cipher spec"},
-    {ERR_REASON(SSL_R_BAD_CHECKSUM), "bad checksum"},
-    {ERR_REASON(SSL_R_BAD_DATA), "bad data"},
-    {ERR_REASON(SSL_R_BAD_DATA_RETURNED_BY_CALLBACK),
-     "bad data returned by callback"},
-    {ERR_REASON(SSL_R_BAD_DECOMPRESSION), "bad decompression"},
-    {ERR_REASON(SSL_R_BAD_DH_G_LENGTH), "bad dh g length"},
-    {ERR_REASON(SSL_R_BAD_DH_G_VALUE), "bad dh g value"},
-    {ERR_REASON(SSL_R_BAD_DH_PUB_KEY_LENGTH), "bad dh pub key length"},
-    {ERR_REASON(SSL_R_BAD_DH_PUB_KEY_VALUE), "bad dh pub key value"},
-    {ERR_REASON(SSL_R_BAD_DH_P_LENGTH), "bad dh p length"},
-    {ERR_REASON(SSL_R_BAD_DH_P_VALUE), "bad dh p value"},
-    {ERR_REASON(SSL_R_BAD_DIGEST_LENGTH), "bad digest length"},
-    {ERR_REASON(SSL_R_BAD_DSA_SIGNATURE), "bad dsa signature"},
-    {ERR_REASON(SSL_R_BAD_ECC_CERT), "bad ecc cert"},
-    {ERR_REASON(SSL_R_BAD_ECDSA_SIGNATURE), "bad ecdsa signature"},
-    {ERR_REASON(SSL_R_BAD_ECPOINT), "bad ecpoint"},
-    {ERR_REASON(SSL_R_BAD_HANDSHAKE_LENGTH), "bad handshake length"},
-    {ERR_REASON(SSL_R_BAD_HELLO_REQUEST), "bad hello request"},
-    {ERR_REASON(SSL_R_BAD_LENGTH), "bad length"},
-    {ERR_REASON(SSL_R_BAD_MAC_DECODE), "bad mac decode"},
-    {ERR_REASON(SSL_R_BAD_MAC_LENGTH), "bad mac length"},
-    {ERR_REASON(SSL_R_BAD_MESSAGE_TYPE), "bad message type"},
-    {ERR_REASON(SSL_R_BAD_PACKET_LENGTH), "bad packet length"},
-    {ERR_REASON(SSL_R_BAD_PROTOCOL_VERSION_NUMBER),
-     "bad protocol version number"},
-    {ERR_REASON(SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH),
-     "bad psk identity hint length"},
-    {ERR_REASON(SSL_R_BAD_RESPONSE_ARGUMENT), "bad response argument"},
-    {ERR_REASON(SSL_R_BAD_RSA_DECRYPT), "bad rsa decrypt"},
-    {ERR_REASON(SSL_R_BAD_RSA_ENCRYPT), "bad rsa encrypt"},
-    {ERR_REASON(SSL_R_BAD_RSA_E_LENGTH), "bad rsa e length"},
-    {ERR_REASON(SSL_R_BAD_RSA_MODULUS_LENGTH), "bad rsa modulus length"},
-    {ERR_REASON(SSL_R_BAD_RSA_SIGNATURE), "bad rsa signature"},
-    {ERR_REASON(SSL_R_BAD_SIGNATURE), "bad signature"},
-    {ERR_REASON(SSL_R_BAD_SRP_A_LENGTH), "bad srp a length"},
-    {ERR_REASON(SSL_R_BAD_SRP_B_LENGTH), "bad srp b length"},
-    {ERR_REASON(SSL_R_BAD_SRP_G_LENGTH), "bad srp g length"},
-    {ERR_REASON(SSL_R_BAD_SRP_N_LENGTH), "bad srp n length"},
-    {ERR_REASON(SSL_R_BAD_SRP_PARAMETERS), "bad srp parameters"},
-    {ERR_REASON(SSL_R_BAD_SRP_S_LENGTH), "bad srp s length"},
-    {ERR_REASON(SSL_R_BAD_SRTP_MKI_VALUE), "bad srtp mki value"},
-    {ERR_REASON(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST),
-     "bad srtp protection profile list"},
-    {ERR_REASON(SSL_R_BAD_SSL_FILETYPE), "bad ssl filetype"},
-    {ERR_REASON(SSL_R_BAD_SSL_SESSION_ID_LENGTH),
-     "bad ssl session id length"},
-    {ERR_REASON(SSL_R_BAD_STATE), "bad state"},
-    {ERR_REASON(SSL_R_BAD_VALUE), "bad value"},
-    {ERR_REASON(SSL_R_BAD_WRITE_RETRY), "bad write retry"},
-    {ERR_REASON(SSL_R_BIO_NOT_SET), "bio not set"},
-    {ERR_REASON(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG),
-     "block cipher pad is wrong"},
-    {ERR_REASON(SSL_R_BN_LIB), "bn lib"},
-    {ERR_REASON(SSL_R_CA_DN_LENGTH_MISMATCH), "ca dn length mismatch"},
-    {ERR_REASON(SSL_R_CA_DN_TOO_LONG), "ca dn too long"},
-    {ERR_REASON(SSL_R_CCS_RECEIVED_EARLY), "ccs received early"},
-    {ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED),
-     "certificate verify failed"},
-    {ERR_REASON(SSL_R_CERT_CB_ERROR), "cert cb error"},
-    {ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH), "cert length mismatch"},
-    {ERR_REASON(SSL_R_CHALLENGE_IS_DIFFERENT), "challenge is different"},
-    {ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH), "cipher code wrong length"},
-    {ERR_REASON(SSL_R_CIPHER_OR_HASH_UNAVAILABLE),
-     "cipher or hash unavailable"},
-    {ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR), "cipher table src error"},
-    {ERR_REASON(SSL_R_CLIENTHELLO_TLSEXT), "clienthello tlsext"},
-    {ERR_REASON(SSL_R_COMPRESSED_LENGTH_TOO_LONG),
-     "compressed length too long"},
-    {ERR_REASON(SSL_R_COMPRESSION_DISABLED), "compression disabled"},
-    {ERR_REASON(SSL_R_COMPRESSION_FAILURE), "compression failure"},
-    {ERR_REASON(SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE),
-     "compression id not within private range"},
-    {ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR),
-     "compression library error"},
-    {ERR_REASON(SSL_R_CONNECTION_ID_IS_DIFFERENT),
-     "connection id is different"},
-    {ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET), "connection type not set"},
-    {ERR_REASON(SSL_R_COOKIE_MISMATCH), "cookie mismatch"},
-    {ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED),
-     "data between ccs and finished"},
-    {ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG), "data length too long"},
-    {ERR_REASON(SSL_R_DECRYPTION_FAILED), "decryption failed"},
-    {ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC),
-     "decryption failed or bad record mac"},
-    {ERR_REASON(SSL_R_DH_KEY_TOO_SMALL), "dh key too small"},
-    {ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG),
-     "dh public value length is wrong"},
-    {ERR_REASON(SSL_R_DIGEST_CHECK_FAILED), "digest check failed"},
-    {ERR_REASON(SSL_R_DTLS_MESSAGE_TOO_BIG), "dtls message too big"},
-    {ERR_REASON(SSL_R_DUPLICATE_COMPRESSION_ID), "duplicate compression id"},
-    {ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT),
-     "ecc cert not for key agreement"},
-    {ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_SIGNING), "ecc cert not for signing"},
-    {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE),
-     "ecc cert should have rsa signature"},
-    {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE),
-     "ecc cert should have sha1 signature"},
-    {ERR_REASON(SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE),
-     "ecdh required for suiteb mode"},
-    {ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER),
-     "ecgroup too large for cipher"},
-    {ERR_REASON(SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST),
-     "empty srtp protection profile list"},
-    {ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG),
-     "encrypted length too long"},
-    {ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY),
-     "error generating tmp rsa key"},
-    {ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST),
-     "error in received cipher list"},
-    {ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE), "excessive message size"},
-    {ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE), "extra data in message"},
-    {ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS), "got a fin before a ccs"},
-    {ERR_REASON(SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS),
-     "got next proto before a ccs"},
-    {ERR_REASON(SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION),
-     "got next proto without seeing extension"},
-    {ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST), "https proxy request"},
-    {ERR_REASON(SSL_R_HTTP_REQUEST), "http request"},
-    {ERR_REASON(SSL_R_ILLEGAL_PADDING), "illegal padding"},
-    {ERR_REASON(SSL_R_ILLEGAL_SUITEB_DIGEST), "illegal Suite B digest"},
-    {ERR_REASON(SSL_R_INAPPROPRIATE_FALLBACK), "inappropriate fallback"},
-    {ERR_REASON(SSL_R_INCONSISTENT_COMPRESSION), "inconsistent compression"},
-    {ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH), "invalid challenge length"},
-    {ERR_REASON(SSL_R_INVALID_COMMAND), "invalid command"},
-    {ERR_REASON(SSL_R_INVALID_COMPRESSION_ALGORITHM),
-     "invalid compression algorithm"},
-    {ERR_REASON(SSL_R_INVALID_NULL_CMD_NAME), "invalid null cmd name"},
-    {ERR_REASON(SSL_R_INVALID_PURPOSE), "invalid purpose"},
-    {ERR_REASON(SSL_R_INVALID_SERVERINFO_DATA), "invalid serverinfo data"},
-    {ERR_REASON(SSL_R_INVALID_SRP_USERNAME), "invalid srp username"},
-    {ERR_REASON(SSL_R_INVALID_STATUS_RESPONSE), "invalid status response"},
-    {ERR_REASON(SSL_R_INVALID_TICKET_KEYS_LENGTH),
-     "invalid ticket keys length"},
-    {ERR_REASON(SSL_R_INVALID_TRUST), "invalid trust"},
-    {ERR_REASON(SSL_R_KEY_ARG_TOO_LONG), "key arg too long"},
-    {ERR_REASON(SSL_R_KRB5), "krb5"},
-    {ERR_REASON(SSL_R_KRB5_C_CC_PRINC), "krb5 client cc principal (no tkt?)"},
-    {ERR_REASON(SSL_R_KRB5_C_GET_CRED), "krb5 client get cred"},
-    {ERR_REASON(SSL_R_KRB5_C_INIT), "krb5 client init"},
-    {ERR_REASON(SSL_R_KRB5_C_MK_REQ), "krb5 client mk_req (expired tkt?)"},
-    {ERR_REASON(SSL_R_KRB5_S_BAD_TICKET), "krb5 server bad ticket"},
-    {ERR_REASON(SSL_R_KRB5_S_INIT), "krb5 server init"},
-    {ERR_REASON(SSL_R_KRB5_S_RD_REQ), "krb5 server rd_req (keytab perms?)"},
-    {ERR_REASON(SSL_R_KRB5_S_TKT_EXPIRED), "krb5 server tkt expired"},
-    {ERR_REASON(SSL_R_KRB5_S_TKT_NYV), "krb5 server tkt not yet valid"},
-    {ERR_REASON(SSL_R_KRB5_S_TKT_SKEW), "krb5 server tkt skew"},
-    {ERR_REASON(SSL_R_LENGTH_MISMATCH), "length mismatch"},
-    {ERR_REASON(SSL_R_LENGTH_TOO_SHORT), "length too short"},
-    {ERR_REASON(SSL_R_LIBRARY_BUG), "library bug"},
-    {ERR_REASON(SSL_R_LIBRARY_HAS_NO_CIPHERS), "library has no ciphers"},
-    {ERR_REASON(SSL_R_MESSAGE_TOO_LONG), "message too long"},
-    {ERR_REASON(SSL_R_MISSING_DH_DSA_CERT), "missing dh dsa cert"},
-    {ERR_REASON(SSL_R_MISSING_DH_KEY), "missing dh key"},
-    {ERR_REASON(SSL_R_MISSING_DH_RSA_CERT), "missing dh rsa cert"},
-    {ERR_REASON(SSL_R_MISSING_DSA_SIGNING_CERT), "missing dsa signing cert"},
-    {ERR_REASON(SSL_R_MISSING_ECDH_CERT), "missing ecdh cert"},
-    {ERR_REASON(SSL_R_MISSING_ECDSA_SIGNING_CERT),
-     "missing ecdsa signing cert"},
-    {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_DH_KEY),
-     "missing export tmp dh key"},
-    {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_RSA_KEY),
-     "missing export tmp rsa key"},
-    {ERR_REASON(SSL_R_MISSING_RSA_CERTIFICATE), "missing rsa certificate"},
-    {ERR_REASON(SSL_R_MISSING_RSA_ENCRYPTING_CERT),
-     "missing rsa encrypting cert"},
-    {ERR_REASON(SSL_R_MISSING_RSA_SIGNING_CERT), "missing rsa signing cert"},
-    {ERR_REASON(SSL_R_MISSING_SRP_PARAM), "can't find SRP server param"},
-    {ERR_REASON(SSL_R_MISSING_TMP_DH_KEY), "missing tmp dh key"},
-    {ERR_REASON(SSL_R_MISSING_TMP_ECDH_KEY), "missing tmp ecdh key"},
-    {ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY), "missing tmp rsa key"},
-    {ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY), "missing tmp rsa pkey"},
-    {ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE), "missing verify message"},
-    {ERR_REASON(SSL_R_MULTIPLE_SGC_RESTARTS), "multiple sgc restarts"},
-    {ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET), "non sslv2 initial packet"},
-    {ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED), "no certificates returned"},
-    {ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED), "no certificate assigned"},
-    {ERR_REASON(SSL_R_NO_CERTIFICATE_RETURNED), "no certificate returned"},
-    {ERR_REASON(SSL_R_NO_CERTIFICATE_SET), "no certificate set"},
-    {ERR_REASON(SSL_R_NO_CERTIFICATE_SPECIFIED), "no certificate specified"},
-    {ERR_REASON(SSL_R_NO_CIPHERS_AVAILABLE), "no ciphers available"},
-    {ERR_REASON(SSL_R_NO_CIPHERS_PASSED), "no ciphers passed"},
-    {ERR_REASON(SSL_R_NO_CIPHERS_SPECIFIED), "no ciphers specified"},
-    {ERR_REASON(SSL_R_NO_CIPHER_LIST), "no cipher list"},
-    {ERR_REASON(SSL_R_NO_CIPHER_MATCH), "no cipher match"},
-    {ERR_REASON(SSL_R_NO_CLIENT_CERT_METHOD), "no client cert method"},
-    {ERR_REASON(SSL_R_NO_CLIENT_CERT_RECEIVED), "no client cert received"},
-    {ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED), "no compression specified"},
-    {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER),
-     "Peer haven't sent GOST certificate, required for selected ciphersuite"},
-    {ERR_REASON(SSL_R_NO_METHOD_SPECIFIED), "no method specified"},
-    {ERR_REASON(SSL_R_NO_PEM_EXTENSIONS), "no pem extensions"},
-    {ERR_REASON(SSL_R_NO_PRIVATEKEY), "no privatekey"},
-    {ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED), "no private key assigned"},
-    {ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE), "no protocols available"},
-    {ERR_REASON(SSL_R_NO_PUBLICKEY), "no publickey"},
-    {ERR_REASON(SSL_R_NO_RENEGOTIATION), "no renegotiation"},
-    {ERR_REASON(SSL_R_NO_REQUIRED_DIGEST),
-     "digest requred for handshake isn't computed"},
-    {ERR_REASON(SSL_R_NO_SHARED_CIPHER), "no shared cipher"},
-    {ERR_REASON(SSL_R_NO_SHARED_SIGATURE_ALGORITHMS),
-     "no shared sigature algorithms"},
-    {ERR_REASON(SSL_R_NO_SRTP_PROFILES), "no srtp profiles"},
-    {ERR_REASON(SSL_R_NO_VERIFY_CALLBACK), "no verify callback"},
-    {ERR_REASON(SSL_R_NULL_SSL_CTX), "null ssl ctx"},
-    {ERR_REASON(SSL_R_NULL_SSL_METHOD_PASSED), "null ssl method passed"},
-    {ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),
-     "old session cipher not returned"},
-    {ERR_REASON(SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED),
-     "old session compression algorithm not returned"},
-    {ERR_REASON(SSL_R_ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE),
-     "only DTLS 1.2 allowed in Suite B mode"},
-    {ERR_REASON(SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE),
-     "only TLS 1.2 allowed in Suite B mode"},
-    {ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE),
-     "only tls allowed in fips mode"},
-    {ERR_REASON(SSL_R_OPAQUE_PRF_INPUT_TOO_LONG),
-     "opaque PRF input too long"},
-    {ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG), "packet length too long"},
-    {ERR_REASON(SSL_R_PARSE_TLSEXT), "parse tlsext"},
-    {ERR_REASON(SSL_R_PATH_TOO_LONG), "path too long"},
-    {ERR_REASON(SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE),
-     "peer did not return a certificate"},
-    {ERR_REASON(SSL_R_PEER_ERROR), "peer error"},
-    {ERR_REASON(SSL_R_PEER_ERROR_CERTIFICATE), "peer error certificate"},
-    {ERR_REASON(SSL_R_PEER_ERROR_NO_CERTIFICATE),
-     "peer error no certificate"},
-    {ERR_REASON(SSL_R_PEER_ERROR_NO_CIPHER), "peer error no cipher"},
-    {ERR_REASON(SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE),
-     "peer error unsupported certificate type"},
-    {ERR_REASON(SSL_R_PEM_NAME_BAD_PREFIX), "pem name bad prefix"},
-    {ERR_REASON(SSL_R_PEM_NAME_TOO_SHORT), "pem name too short"},
-    {ERR_REASON(SSL_R_PRE_MAC_LENGTH_TOO_LONG), "pre mac length too long"},
-    {ERR_REASON(SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS),
-     "problems mapping cipher functions"},
-    {ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN), "protocol is shutdown"},
-    {ERR_REASON(SSL_R_PSK_IDENTITY_NOT_FOUND), "psk identity not found"},
-    {ERR_REASON(SSL_R_PSK_NO_CLIENT_CB), "psk no client cb"},
-    {ERR_REASON(SSL_R_PSK_NO_SERVER_CB), "psk no server cb"},
-    {ERR_REASON(SSL_R_PUBLIC_KEY_ENCRYPT_ERROR), "public key encrypt error"},
-    {ERR_REASON(SSL_R_PUBLIC_KEY_IS_NOT_RSA), "public key is not rsa"},
-    {ERR_REASON(SSL_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"},
-    {ERR_REASON(SSL_R_READ_BIO_NOT_SET), "read bio not set"},
-    {ERR_REASON(SSL_R_READ_TIMEOUT_EXPIRED), "read timeout expired"},
-    {ERR_REASON(SSL_R_READ_WRONG_PACKET_TYPE), "read wrong packet type"},
-    {ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH), "record length mismatch"},
-    {ERR_REASON(SSL_R_RECORD_TOO_LARGE), "record too large"},
-    {ERR_REASON(SSL_R_RECORD_TOO_SMALL), "record too small"},
-    {ERR_REASON(SSL_R_RENEGOTIATE_EXT_TOO_LONG), "renegotiate ext too long"},
-    {ERR_REASON(SSL_R_RENEGOTIATION_ENCODING_ERR),
-     "renegotiation encoding err"},
-    {ERR_REASON(SSL_R_RENEGOTIATION_MISMATCH), "renegotiation mismatch"},
-    {ERR_REASON(SSL_R_REQUIRED_CIPHER_MISSING), "required cipher missing"},
-    {ERR_REASON(SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING),
-     "required compresssion algorithm missing"},
-    {ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO),
-     "reuse cert length not zero"},
-    {ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO), "reuse cert type not zero"},
-    {ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO),
-     "reuse cipher list not zero"},
-    {ERR_REASON(SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING),
-     "scsv received when renegotiating"},
-    {ERR_REASON(SSL_R_SERVERHELLO_TLSEXT), "serverhello tlsext"},
-    {ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),
-     "session id context uninitialized"},
-    {ERR_REASON(SSL_R_SHORT_READ), "short read"},
-    {ERR_REASON(SSL_R_SHUTDOWN_WHILE_IN_INIT), "shutdown while in init"},
-    {ERR_REASON(SSL_R_SIGNATURE_ALGORITHMS_ERROR),
-     "signature algorithms error"},
-    {ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE),
-     "signature for non signing certificate"},
-    {ERR_REASON(SSL_R_SRP_A_CALC), "error with the srp params"},
-    {ERR_REASON(SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES),
-     "srtp could not allocate profiles"},
-    {ERR_REASON(SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG),
-     "srtp protection profile list too long"},
-    {ERR_REASON(SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE),
-     "srtp unknown protection profile"},
-    {ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE),
-     "ssl23 doing session id reuse"},
-    {ERR_REASON(SSL_R_SSL2_CONNECTION_ID_TOO_LONG),
-     "ssl2 connection id too long"},
-    {ERR_REASON(SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT),
-     "ssl3 ext invalid ecpointformat"},
-    {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME),
-     "ssl3 ext invalid servername"},
-    {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE),
-     "ssl3 ext invalid servername type"},
-    {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG), "ssl3 session id too long"},
-    {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_SHORT),
-     "ssl3 session id too short"},
-    {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE),
-     "sslv3 alert bad certificate"},
-    {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_RECORD_MAC),
-     "sslv3 alert bad record mac"},
-    {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED),
-     "sslv3 alert certificate expired"},
-    {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED),
-     "sslv3 alert certificate revoked"},
-    {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN),
-     "sslv3 alert certificate unknown"},
-    {ERR_REASON(SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE),
-     "sslv3 alert decompression failure"},
-    {ERR_REASON(SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE),
-     "sslv3 alert handshake failure"},
-    {ERR_REASON(SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER),
-     "sslv3 alert illegal parameter"},
-    {ERR_REASON(SSL_R_SSLV3_ALERT_NO_CERTIFICATE),
-     "sslv3 alert no certificate"},
-    {ERR_REASON(SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE),
-     "sslv3 alert unexpected message"},
-    {ERR_REASON(SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE),
-     "sslv3 alert unsupported certificate"},
-    {ERR_REASON(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION),
-     "ssl ctx has no default ssl version"},
-    {ERR_REASON(SSL_R_SSL_HANDSHAKE_FAILURE), "ssl handshake failure"},
-    {ERR_REASON(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS),
-     "ssl library has no ciphers"},
-    {ERR_REASON(SSL_R_SSL_SESSION_ID_CALLBACK_FAILED),
-     "ssl session id callback failed"},
-    {ERR_REASON(SSL_R_SSL_SESSION_ID_CONFLICT), "ssl session id conflict"},
-    {ERR_REASON(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG),
-     "ssl session id context too long"},
-    {ERR_REASON(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH),
-     "ssl session id has bad length"},
-    {ERR_REASON(SSL_R_SSL_SESSION_ID_IS_DIFFERENT),
-     "ssl session id is different"},
-    {ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED),
-     "tlsv1 alert access denied"},
-    {ERR_REASON(SSL_R_TLSV1_ALERT_DECODE_ERROR), "tlsv1 alert decode error"},
-    {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED),
-     "tlsv1 alert decryption failed"},
-    {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR),
-     "tlsv1 alert decrypt error"},
-    {ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION),
-     "tlsv1 alert export restriction"},
-    {ERR_REASON(SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK),
-     "tlsv1 alert inappropriate fallback"},
-    {ERR_REASON(SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY),
-     "tlsv1 alert insufficient security"},
-    {ERR_REASON(SSL_R_TLSV1_ALERT_INTERNAL_ERROR),
-     "tlsv1 alert internal error"},
-    {ERR_REASON(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION),
-     "tlsv1 alert no renegotiation"},
-    {ERR_REASON(SSL_R_TLSV1_ALERT_PROTOCOL_VERSION),
-     "tlsv1 alert protocol version"},
-    {ERR_REASON(SSL_R_TLSV1_ALERT_RECORD_OVERFLOW),
-     "tlsv1 alert record overflow"},
-    {ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA), "tlsv1 alert unknown ca"},
-    {ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED),
-     "tlsv1 alert user cancelled"},
-    {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE),
-     "tlsv1 bad certificate hash value"},
-    {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE),
-     "tlsv1 bad certificate status response"},
-    {ERR_REASON(SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE),
-     "tlsv1 certificate unobtainable"},
-    {ERR_REASON(SSL_R_TLSV1_UNRECOGNIZED_NAME), "tlsv1 unrecognized name"},
-    {ERR_REASON(SSL_R_TLSV1_UNSUPPORTED_EXTENSION),
-     "tlsv1 unsupported extension"},
-    {ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER),
-     "tls client cert req with anon cipher"},
-    {ERR_REASON(SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT),
-     "peer does not accept heartbeats"},
-    {ERR_REASON(SSL_R_TLS_HEARTBEAT_PENDING),
-     "heartbeat request already pending"},
-    {ERR_REASON(SSL_R_TLS_ILLEGAL_EXPORTER_LABEL),
-     "tls illegal exporter label"},
-    {ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST),
-     "tls invalid ecpointformat list"},
-    {ERR_REASON(SSL_R_TOO_MANY_WARN_ALERTS), "too many warn alerts"},
-    {ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST),
-     "tls peer did not respond with certificate list"},
-    {ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG),
-     "tls rsa encrypted value length is wrong"},
-    {ERR_REASON(SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER),
-     "tried to use unsupported cipher"},
-    {ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS),
-     "unable to decode dh certs"},
-    {ERR_REASON(SSL_R_UNABLE_TO_DECODE_ECDH_CERTS),
-     "unable to decode ecdh certs"},
-    {ERR_REASON(SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY),
-     "unable to extract public key"},
-    {ERR_REASON(SSL_R_UNABLE_TO_FIND_DH_PARAMETERS),
-     "unable to find dh parameters"},
-    {ERR_REASON(SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS),
-     "unable to find ecdh parameters"},
-    {ERR_REASON(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS),
-     "unable to find public key parameters"},
-    {ERR_REASON(SSL_R_UNABLE_TO_FIND_SSL_METHOD),
-     "unable to find ssl method"},
-    {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES),
-     "unable to load ssl2 md5 routines"},
-    {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES),
-     "unable to load ssl3 md5 routines"},
-    {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES),
-     "unable to load ssl3 sha1 routines"},
-    {ERR_REASON(SSL_R_UNEXPECTED_MESSAGE), "unexpected message"},
-    {ERR_REASON(SSL_R_UNEXPECTED_RECORD), "unexpected record"},
-    {ERR_REASON(SSL_R_UNINITIALIZED), "uninitialized"},
-    {ERR_REASON(SSL_R_UNKNOWN_ALERT_TYPE), "unknown alert type"},
-    {ERR_REASON(SSL_R_UNKNOWN_CERTIFICATE_TYPE), "unknown certificate type"},
-    {ERR_REASON(SSL_R_UNKNOWN_CIPHER_RETURNED), "unknown cipher returned"},
-    {ERR_REASON(SSL_R_UNKNOWN_CIPHER_TYPE), "unknown cipher type"},
-    {ERR_REASON(SSL_R_UNKNOWN_CMD_NAME), "unknown cmd name"},
-    {ERR_REASON(SSL_R_UNKNOWN_DIGEST), "unknown digest"},
-    {ERR_REASON(SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE),
-     "unknown key exchange type"},
-    {ERR_REASON(SSL_R_UNKNOWN_PKEY_TYPE), "unknown pkey type"},
-    {ERR_REASON(SSL_R_UNKNOWN_PROTOCOL), "unknown protocol"},
-    {ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE),
-     "unknown remote error type"},
-    {ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION), "unknown ssl version"},
-    {ERR_REASON(SSL_R_UNKNOWN_STATE), "unknown state"},
-    {ERR_REASON(SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED),
-     "unsafe legacy renegotiation disabled"},
-    {ERR_REASON(SSL_R_UNSUPPORTED_CIPHER), "unsupported cipher"},
-    {ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM),
-     "unsupported compression algorithm"},
-    {ERR_REASON(SSL_R_UNSUPPORTED_DIGEST_TYPE), "unsupported digest type"},
-    {ERR_REASON(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE),
-     "unsupported elliptic curve"},
-    {ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL), "unsupported protocol"},
-    {ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION), "unsupported ssl version"},
-    {ERR_REASON(SSL_R_UNSUPPORTED_STATUS_TYPE), "unsupported status type"},
-    {ERR_REASON(SSL_R_USE_SRTP_NOT_NEGOTIATED), "use srtp not negotiated"},
-    {ERR_REASON(SSL_R_WRITE_BIO_NOT_SET), "write bio not set"},
-    {ERR_REASON(SSL_R_WRONG_CERTIFICATE_TYPE), "wrong certificate type"},
-    {ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED), "wrong cipher returned"},
-    {ERR_REASON(SSL_R_WRONG_CURVE), "wrong curve"},
-    {ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE), "wrong message type"},
-    {ERR_REASON(SSL_R_WRONG_NUMBER_OF_KEY_BITS), "wrong number of key bits"},
-    {ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH), "wrong signature length"},
-    {ERR_REASON(SSL_R_WRONG_SIGNATURE_SIZE), "wrong signature size"},
-    {ERR_REASON(SSL_R_WRONG_SIGNATURE_TYPE), "wrong signature type"},
-    {ERR_REASON(SSL_R_WRONG_SSL_VERSION), "wrong ssl version"},
-    {ERR_REASON(SSL_R_WRONG_VERSION_NUMBER), "wrong version number"},
-    {ERR_REASON(SSL_R_X509_LIB), "x509 lib"},
-    {ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS),
-     "x509 verification setup problems"},
+static const ERR_STRING_DATA SSL_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY),
+    "application data after close notify"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_APP_DATA_IN_HANDSHAKE),
+    "app data in handshake"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT),
+    "attempt to reuse session in different context"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE),
+    "at least TLS 1.0 needed in FIPS mode"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE),
+    "at least (D)TLS 1.2 needed in Suite B mode"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_CHANGE_CIPHER_SPEC),
+    "bad change cipher spec"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_CIPHER), "bad cipher"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DATA), "bad data"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DATA_RETURNED_BY_CALLBACK),
+    "bad data returned by callback"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DECOMPRESSION), "bad decompression"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DH_VALUE), "bad dh value"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DIGEST_LENGTH), "bad digest length"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_EARLY_DATA), "bad early data"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_ECC_CERT), "bad ecc cert"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_ECPOINT), "bad ecpoint"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_EXTENSION), "bad extension"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_HANDSHAKE_LENGTH),
+    "bad handshake length"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_HANDSHAKE_STATE),
+    "bad handshake state"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_HELLO_REQUEST), "bad hello request"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_HRR_VERSION), "bad hrr version"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_KEY_SHARE), "bad key share"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_KEY_UPDATE), "bad key update"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_LEGACY_VERSION), "bad legacy version"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_LENGTH), "bad length"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PACKET), "bad packet"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PACKET_LENGTH), "bad packet length"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PROTOCOL_VERSION_NUMBER),
+    "bad protocol version number"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PSK), "bad psk"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PSK_IDENTITY), "bad psk identity"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_RECORD_TYPE), "bad record type"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_RSA_ENCRYPT), "bad rsa encrypt"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SIGNATURE), "bad signature"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SRP_A_LENGTH), "bad srp a length"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SRP_PARAMETERS), "bad srp parameters"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SRTP_MKI_VALUE), "bad srtp mki value"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST),
+    "bad srtp protection profile list"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SSL_FILETYPE), "bad ssl filetype"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_VALUE), "bad value"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_WRITE_RETRY), "bad write retry"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BINDER_DOES_NOT_VERIFY),
+    "binder does not verify"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BIO_NOT_SET), "bio not set"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BLOCK_CIPHER_PAD_IS_WRONG),
+    "block cipher pad is wrong"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BN_LIB), "bn lib"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CALLBACK_FAILED), "callback failed"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CANNOT_CHANGE_CIPHER),
+    "cannot change cipher"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CA_DN_LENGTH_MISMATCH),
+    "ca dn length mismatch"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CA_KEY_TOO_SMALL), "ca key too small"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CA_MD_TOO_WEAK), "ca md too weak"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CCS_RECEIVED_EARLY), "ccs received early"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CERTIFICATE_VERIFY_FAILED),
+    "certificate verify failed"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CERT_CB_ERROR), "cert cb error"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CERT_LENGTH_MISMATCH),
+    "cert length mismatch"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED),
+    "ciphersuite digest has changed"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CIPHER_CODE_WRONG_LENGTH),
+    "cipher code wrong length"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CIPHER_OR_HASH_UNAVAILABLE),
+    "cipher or hash unavailable"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CLIENTHELLO_TLSEXT), "clienthello tlsext"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COMPRESSED_LENGTH_TOO_LONG),
+    "compressed length too long"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COMPRESSION_DISABLED),
+    "compression disabled"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COMPRESSION_FAILURE),
+    "compression failure"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE),
+    "compression id not within private range"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COMPRESSION_LIBRARY_ERROR),
+    "compression library error"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CONNECTION_TYPE_NOT_SET),
+    "connection type not set"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CONTEXT_NOT_DANE_ENABLED),
+    "context not dane enabled"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COOKIE_GEN_CALLBACK_FAILURE),
+    "cookie gen callback failure"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COOKIE_MISMATCH), "cookie mismatch"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED),
+    "custom ext handler already installed"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_ALREADY_ENABLED),
+    "dane already enabled"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL),
+    "dane cannot override mtype full"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_NOT_ENABLED), "dane not enabled"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_CERTIFICATE),
+    "dane tlsa bad certificate"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE),
+    "dane tlsa bad certificate usage"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_DATA_LENGTH),
+    "dane tlsa bad data length"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH),
+    "dane tlsa bad digest length"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_MATCHING_TYPE),
+    "dane tlsa bad matching type"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_PUBLIC_KEY),
+    "dane tlsa bad public key"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_SELECTOR),
+    "dane tlsa bad selector"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_NULL_DATA),
+    "dane tlsa null data"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DATA_BETWEEN_CCS_AND_FINISHED),
+    "data between ccs and finished"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DATA_LENGTH_TOO_LONG),
+    "data length too long"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DECRYPTION_FAILED), "decryption failed"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC),
+    "decryption failed or bad record mac"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DH_KEY_TOO_SMALL), "dh key too small"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG),
+    "dh public value length is wrong"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DIGEST_CHECK_FAILED),
+    "digest check failed"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DTLS_MESSAGE_TOO_BIG),
+    "dtls message too big"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DUPLICATE_COMPRESSION_ID),
+    "duplicate compression id"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ECC_CERT_NOT_FOR_SIGNING),
+    "ecc cert not for signing"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE),
+    "ecdh required for suiteb mode"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EE_KEY_TOO_SMALL), "ee key too small"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST),
+    "empty srtp protection profile list"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ENCRYPTED_LENGTH_TOO_LONG),
+    "encrypted length too long"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST),
+    "error in received cipher list"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN),
+    "error setting tlsa base domain"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE),
+    "exceeds max fragment size"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EXCESSIVE_MESSAGE_SIZE),
+    "excessive message size"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EXTENSION_NOT_RECEIVED),
+    "extension not received"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EXTRA_DATA_IN_MESSAGE),
+    "extra data in message"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EXT_LENGTH_MISMATCH),
+    "ext length mismatch"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_FAILED_TO_INIT_ASYNC),
+    "failed to init async"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_FRAGMENTED_CLIENT_HELLO),
+    "fragmented client hello"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_GOT_A_FIN_BEFORE_A_CCS),
+    "got a fin before a ccs"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_HTTPS_PROXY_REQUEST),
+    "https proxy request"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_HTTP_REQUEST), "http request"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ILLEGAL_POINT_COMPRESSION),
+    "illegal point compression"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ILLEGAL_SUITEB_DIGEST),
+    "illegal Suite B digest"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INAPPROPRIATE_FALLBACK),
+    "inappropriate fallback"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INCONSISTENT_COMPRESSION),
+    "inconsistent compression"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INCONSISTENT_EARLY_DATA_ALPN),
+    "inconsistent early data alpn"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INCONSISTENT_EARLY_DATA_SNI),
+    "inconsistent early data sni"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INCONSISTENT_EXTMS), "inconsistent extms"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INSUFFICIENT_SECURITY),
+    "insufficient security"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_ALERT), "invalid alert"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CCS_MESSAGE),
+    "invalid ccs message"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CERTIFICATE_OR_ALG),
+    "invalid certificate or alg"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_COMMAND), "invalid command"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_COMPRESSION_ALGORITHM),
+    "invalid compression algorithm"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CONFIG), "invalid config"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CONFIGURATION_NAME),
+    "invalid configuration name"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CONTEXT), "invalid context"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CT_VALIDATION_TYPE),
+    "invalid ct validation type"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_KEY_UPDATE_TYPE),
+    "invalid key update type"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_MAX_EARLY_DATA),
+    "invalid max early data"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_NULL_CMD_NAME),
+    "invalid null cmd name"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_SEQUENCE_NUMBER),
+    "invalid sequence number"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_SERVERINFO_DATA),
+    "invalid serverinfo data"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_SESSION_ID), "invalid session id"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_SRP_USERNAME),
+    "invalid srp username"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_STATUS_RESPONSE),
+    "invalid status response"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_TICKET_KEYS_LENGTH),
+    "invalid ticket keys length"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LENGTH_MISMATCH), "length mismatch"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LENGTH_TOO_LONG), "length too long"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LENGTH_TOO_SHORT), "length too short"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LIBRARY_BUG), "library bug"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LIBRARY_HAS_NO_CIPHERS),
+    "library has no ciphers"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_DSA_SIGNING_CERT),
+    "missing dsa signing cert"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_ECDSA_SIGNING_CERT),
+    "missing ecdsa signing cert"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_FATAL), "missing fatal"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_PARAMETERS), "missing parameters"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_RSA_CERTIFICATE),
+    "missing rsa certificate"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_RSA_ENCRYPTING_CERT),
+    "missing rsa encrypting cert"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_RSA_SIGNING_CERT),
+    "missing rsa signing cert"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_SIGALGS_EXTENSION),
+    "missing sigalgs extension"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_SIGNING_CERT),
+    "missing signing cert"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_SRP_PARAM),
+    "can't find SRP server param"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION),
+    "missing supported groups extension"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_TMP_DH_KEY), "missing tmp dh key"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_TMP_ECDH_KEY),
+    "missing tmp ecdh key"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NOT_ON_RECORD_BOUNDARY),
+    "not on record boundary"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NOT_REPLACING_CERTIFICATE),
+    "not replacing certificate"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NOT_SERVER), "not server"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_APPLICATION_PROTOCOL),
+    "no application protocol"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CERTIFICATES_RETURNED),
+    "no certificates returned"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CERTIFICATE_ASSIGNED),
+    "no certificate assigned"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CERTIFICATE_SET), "no certificate set"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CHANGE_FOLLOWING_HRR),
+    "no change following hrr"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CIPHERS_AVAILABLE),
+    "no ciphers available"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CIPHERS_SPECIFIED),
+    "no ciphers specified"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CIPHER_MATCH), "no cipher match"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CLIENT_CERT_METHOD),
+    "no client cert method"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_COMPRESSION_SPECIFIED),
+    "no compression specified"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_COOKIE_CALLBACK_SET),
+    "no cookie callback set"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER),
+    "Peer haven't sent GOST certificate, required for selected ciphersuite"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_METHOD_SPECIFIED),
+    "no method specified"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_PEM_EXTENSIONS), "no pem extensions"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_PRIVATE_KEY_ASSIGNED),
+    "no private key assigned"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_PROTOCOLS_AVAILABLE),
+    "no protocols available"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_RENEGOTIATION), "no renegotiation"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_REQUIRED_DIGEST), "no required digest"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SHARED_CIPHER), "no shared cipher"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SHARED_GROUPS), "no shared groups"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS),
+    "no shared signature algorithms"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SRTP_PROFILES), "no srtp profiles"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SUITABLE_KEY_SHARE),
+    "no suitable key share"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM),
+    "no suitable signature algorithm"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_VALID_SCTS), "no valid scts"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_VERIFY_COOKIE_CALLBACK),
+    "no verify cookie callback"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NULL_SSL_CTX), "null ssl ctx"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NULL_SSL_METHOD_PASSED),
+    "null ssl method passed"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),
+    "old session cipher not returned"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED),
+    "old session compression algorithm not returned"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OVERFLOW_ERROR), "overflow error"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PACKET_LENGTH_TOO_LONG),
+    "packet length too long"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PARSE_TLSEXT), "parse tlsext"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PATH_TOO_LONG), "path too long"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE),
+    "peer did not return a certificate"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PEM_NAME_BAD_PREFIX),
+    "pem name bad prefix"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PEM_NAME_TOO_SHORT), "pem name too short"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PIPELINE_FAILURE), "pipeline failure"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_POST_HANDSHAKE_AUTH_ENCODING_ERR),
+    "post handshake auth encoding err"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PRIVATE_KEY_MISMATCH),
+    "private key mismatch"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PROTOCOL_IS_SHUTDOWN),
+    "protocol is shutdown"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PSK_IDENTITY_NOT_FOUND),
+    "psk identity not found"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PSK_NO_CLIENT_CB), "psk no client cb"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PSK_NO_SERVER_CB), "psk no server cb"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_READ_BIO_NOT_SET), "read bio not set"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_READ_TIMEOUT_EXPIRED),
+    "read timeout expired"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_RECORD_LENGTH_MISMATCH),
+    "record length mismatch"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_RECORD_TOO_SMALL), "record too small"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_RENEGOTIATE_EXT_TOO_LONG),
+    "renegotiate ext too long"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_RENEGOTIATION_ENCODING_ERR),
+    "renegotiation encoding err"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_RENEGOTIATION_MISMATCH),
+    "renegotiation mismatch"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_REQUEST_PENDING), "request pending"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_REQUEST_SENT), "request sent"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_REQUIRED_CIPHER_MISSING),
+    "required cipher missing"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING),
+    "required compression algorithm missing"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING),
+    "scsv received when renegotiating"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SCT_VERIFICATION_FAILED),
+    "sct verification failed"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SERVERHELLO_TLSEXT), "serverhello tlsext"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),
+    "session id context uninitialized"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SHUTDOWN_WHILE_IN_INIT),
+    "shutdown while in init"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SIGNATURE_ALGORITHMS_ERROR),
+    "signature algorithms error"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE),
+    "signature for non signing certificate"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SRP_A_CALC), "error with the srp params"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES),
+    "srtp could not allocate profiles"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG),
+    "srtp protection profile list too long"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE),
+    "srtp unknown protection profile"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH),
+    "ssl3 ext invalid max fragment length"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_EXT_INVALID_SERVERNAME),
+    "ssl3 ext invalid servername"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE),
+    "ssl3 ext invalid servername type"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_SESSION_ID_TOO_LONG),
+    "ssl3 session id too long"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_BAD_CERTIFICATE),
+    "sslv3 alert bad certificate"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_BAD_RECORD_MAC),
+    "sslv3 alert bad record mac"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED),
+    "sslv3 alert certificate expired"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED),
+    "sslv3 alert certificate revoked"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN),
+    "sslv3 alert certificate unknown"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE),
+    "sslv3 alert decompression failure"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE),
+    "sslv3 alert handshake failure"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER),
+    "sslv3 alert illegal parameter"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_NO_CERTIFICATE),
+    "sslv3 alert no certificate"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE),
+    "sslv3 alert unexpected message"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE),
+    "sslv3 alert unsupported certificate"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_COMMAND_SECTION_EMPTY),
+    "ssl command section empty"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_COMMAND_SECTION_NOT_FOUND),
+    "ssl command section not found"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION),
+    "ssl ctx has no default ssl version"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_HANDSHAKE_FAILURE),
+    "ssl handshake failure"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS),
+    "ssl library has no ciphers"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_NEGATIVE_LENGTH),
+    "ssl negative length"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SECTION_EMPTY), "ssl section empty"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SECTION_NOT_FOUND),
+    "ssl section not found"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_ID_CALLBACK_FAILED),
+    "ssl session id callback failed"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_ID_CONFLICT),
+    "ssl session id conflict"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG),
+    "ssl session id context too long"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH),
+    "ssl session id has bad length"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_ID_TOO_LONG),
+    "ssl session id too long"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_VERSION_MISMATCH),
+    "ssl session version mismatch"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_STILL_IN_INIT), "still in init"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED),
+    "tlsv13 alert certificate required"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV13_ALERT_MISSING_EXTENSION),
+    "tlsv13 alert missing extension"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_ACCESS_DENIED),
+    "tlsv1 alert access denied"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_DECODE_ERROR),
+    "tlsv1 alert decode error"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_DECRYPTION_FAILED),
+    "tlsv1 alert decryption failed"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_DECRYPT_ERROR),
+    "tlsv1 alert decrypt error"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION),
+    "tlsv1 alert export restriction"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK),
+    "tlsv1 alert inappropriate fallback"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY),
+    "tlsv1 alert insufficient security"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_INTERNAL_ERROR),
+    "tlsv1 alert internal error"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_NO_RENEGOTIATION),
+    "tlsv1 alert no renegotiation"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_PROTOCOL_VERSION),
+    "tlsv1 alert protocol version"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_RECORD_OVERFLOW),
+    "tlsv1 alert record overflow"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_UNKNOWN_CA),
+    "tlsv1 alert unknown ca"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_USER_CANCELLED),
+    "tlsv1 alert user cancelled"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE),
+    "tlsv1 bad certificate hash value"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE),
+    "tlsv1 bad certificate status response"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE),
+    "tlsv1 certificate unobtainable"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_UNRECOGNIZED_NAME),
+    "tlsv1 unrecognized name"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_UNSUPPORTED_EXTENSION),
+    "tlsv1 unsupported extension"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT),
+    "peer does not accept heartbeats"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_HEARTBEAT_PENDING),
+    "heartbeat request already pending"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL),
+    "tls illegal exporter label"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST),
+    "tls invalid ecpointformat list"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TOO_MANY_KEY_UPDATES),
+    "too many key updates"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TOO_MANY_WARN_ALERTS),
+    "too many warn alerts"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TOO_MUCH_EARLY_DATA),
+    "too much early data"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS),
+    "unable to find ecdh parameters"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS),
+    "unable to find public key parameters"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES),
+    "unable to load ssl3 md5 routines"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES),
+    "unable to load ssl3 sha1 routines"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_CCS_MESSAGE),
+    "unexpected ccs message"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_END_OF_EARLY_DATA),
+    "unexpected end of early data"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_MESSAGE), "unexpected message"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_RECORD), "unexpected record"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_ALERT_TYPE), "unknown alert type"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_CERTIFICATE_TYPE),
+    "unknown certificate type"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_CIPHER_RETURNED),
+    "unknown cipher returned"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_CIPHER_TYPE),
+    "unknown cipher type"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_CMD_NAME), "unknown cmd name"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_COMMAND), "unknown command"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_DIGEST), "unknown digest"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE),
+    "unknown key exchange type"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_PKEY_TYPE), "unknown pkey type"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_PROTOCOL), "unknown protocol"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_SSL_VERSION),
+    "unknown ssl version"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_STATE), "unknown state"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED),
+    "unsafe legacy renegotiation disabled"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSOLICITED_EXTENSION),
+    "unsolicited extension"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM),
+    "unsupported compression algorithm"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSUPPORTED_ELLIPTIC_CURVE),
+    "unsupported elliptic curve"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSUPPORTED_PROTOCOL),
+    "unsupported protocol"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSUPPORTED_SSL_VERSION),
+    "unsupported ssl version"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSUPPORTED_STATUS_TYPE),
+    "unsupported status type"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_USE_SRTP_NOT_NEGOTIATED),
+    "use srtp not negotiated"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_VERSION_TOO_HIGH), "version too high"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_VERSION_TOO_LOW), "version too low"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_CERTIFICATE_TYPE),
+    "wrong certificate type"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_CIPHER_RETURNED),
+    "wrong cipher returned"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_CURVE), "wrong curve"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_SIGNATURE_LENGTH),
+    "wrong signature length"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_SIGNATURE_SIZE),
+    "wrong signature size"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_SIGNATURE_TYPE),
+    "wrong signature type"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_SSL_VERSION), "wrong ssl version"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_VERSION_NUMBER),
+    "wrong version number"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_X509_LIB), "x509 lib"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS),
+    "x509 verification setup problems"},
     {0, NULL}
 };
 
 #endif
 
-void ERR_load_SSL_strings(void)
+int ERR_load_SSL_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
-
     if (ERR_func_error_string(SSL_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, SSL_str_functs);
-        ERR_load_strings(0, SSL_str_reasons);
+        ERR_load_strings_const(SSL_str_functs);
+        ERR_load_strings_const(SSL_str_reasons);
     }
 #endif
+    return 1;
 }
diff --git a/freebsd/crypto/openssl/ssl/ssl_err2.c b/freebsd/crypto/openssl/ssl/ssl_err2.c
deleted file mode 100644
index 52174143..00000000
--- a/freebsd/crypto/openssl/ssl/ssl_err2.c
+++ /dev/null
@@ -1,71 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* ssl/ssl_err2.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/ssl.h>
-
-void SSL_load_error_strings(void)
-{
-#ifndef OPENSSL_NO_ERR
-    ERR_load_crypto_strings();
-    ERR_load_SSL_strings();
-#endif
-}
diff --git a/freebsd/crypto/openssl/ssl/ssl_init.c b/freebsd/crypto/openssl/ssl/ssl_init.c
new file mode 100644
index 00000000..cd1bfec8
--- /dev/null
+++ b/freebsd/crypto/openssl/ssl/ssl_init.c
@@ -0,0 +1,226 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+
+#include "internal/err.h"
+#include <openssl/crypto.h>
+#include <openssl/evp.h>
+#include "ssl_locl.h"
+#include "internal/thread_once.h"
+
+static int stopped;
+
+#ifndef __rtems__
+static void ssl_library_stop(void);
+#endif /* __rtems__ */
+
+static CRYPTO_ONCE ssl_base = CRYPTO_ONCE_STATIC_INIT;
+static int ssl_base_inited = 0;
+DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_base)
+{
+#ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: "
+            "Adding SSL ciphers and digests\n");
+#endif
+#ifndef OPENSSL_NO_DES
+    EVP_add_cipher(EVP_des_cbc());
+    EVP_add_cipher(EVP_des_ede3_cbc());
+#endif
+#ifndef OPENSSL_NO_IDEA
+    EVP_add_cipher(EVP_idea_cbc());
+#endif
+#ifndef OPENSSL_NO_RC4
+    EVP_add_cipher(EVP_rc4());
+# ifndef OPENSSL_NO_MD5
+    EVP_add_cipher(EVP_rc4_hmac_md5());
+# endif
+#endif
+#ifndef OPENSSL_NO_RC2
+    EVP_add_cipher(EVP_rc2_cbc());
+    /*
+     * Not actually used for SSL/TLS but this makes PKCS#12 work if an
+     * application only calls SSL_library_init().
+     */
+    EVP_add_cipher(EVP_rc2_40_cbc());
+#endif
+    EVP_add_cipher(EVP_aes_128_cbc());
+    EVP_add_cipher(EVP_aes_192_cbc());
+    EVP_add_cipher(EVP_aes_256_cbc());
+    EVP_add_cipher(EVP_aes_128_gcm());
+    EVP_add_cipher(EVP_aes_256_gcm());
+    EVP_add_cipher(EVP_aes_128_ccm());
+    EVP_add_cipher(EVP_aes_256_ccm());
+    EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1());
+    EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1());
+    EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256());
+    EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256());
+#ifndef OPENSSL_NO_ARIA
+    EVP_add_cipher(EVP_aria_128_gcm());
+    EVP_add_cipher(EVP_aria_256_gcm());
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+    EVP_add_cipher(EVP_camellia_128_cbc());
+    EVP_add_cipher(EVP_camellia_256_cbc());
+#endif
+#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
+    EVP_add_cipher(EVP_chacha20_poly1305());
+#endif
+
+#ifndef OPENSSL_NO_SEED
+    EVP_add_cipher(EVP_seed_cbc());
+#endif
+
+#ifndef OPENSSL_NO_MD5
+    EVP_add_digest(EVP_md5());
+    EVP_add_digest_alias(SN_md5, "ssl3-md5");
+    EVP_add_digest(EVP_md5_sha1());
+#endif
+    EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
+    EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
+    EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
+    EVP_add_digest(EVP_sha224());
+    EVP_add_digest(EVP_sha256());
+    EVP_add_digest(EVP_sha384());
+    EVP_add_digest(EVP_sha512());
+#ifndef OPENSSL_NO_COMP
+# ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: "
+            "SSL_COMP_get_compression_methods()\n");
+# endif
+    /*
+     * This will initialise the built-in compression algorithms. The value
+     * returned is a STACK_OF(SSL_COMP), but that can be discarded safely
+     */
+    SSL_COMP_get_compression_methods();
+#endif
+    /* initialize cipher/digest methods table */
+    if (!ssl_load_ciphers())
+        return 0;
+
+#ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: "
+            "SSL_add_ssl_module()\n");
+#endif
+#ifndef __rtems__
+    /*
+     * We ignore an error return here. Not much we can do - but not that bad
+     * either. We can still safely continue.
+     */
+    OPENSSL_atexit(ssl_library_stop);
+#endif /* __rtems__ */
+    ssl_base_inited = 1;
+    return 1;
+}
+
+static CRYPTO_ONCE ssl_strings = CRYPTO_ONCE_STATIC_INIT;
+static int ssl_strings_inited = 0;
+DEFINE_RUN_ONCE_STATIC(ossl_init_load_ssl_strings)
+{
+    /*
+     * OPENSSL_NO_AUTOERRINIT is provided here to prevent at compile time
+     * pulling in all the error strings during static linking
+     */
+#if !defined(OPENSSL_NO_ERR) && !defined(OPENSSL_NO_AUTOERRINIT)
+# ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_load_ssl_strings: "
+            "ERR_load_SSL_strings()\n");
+# endif
+    ERR_load_SSL_strings();
+    ssl_strings_inited = 1;
+#endif
+    return 1;
+}
+
+DEFINE_RUN_ONCE_STATIC(ossl_init_no_load_ssl_strings)
+{
+    /* Do nothing in this case */
+    return 1;
+}
+
+#ifndef __rtems__
+static void ssl_library_stop(void)
+{
+    /* Might be explicitly called and also by atexit */
+    if (stopped)
+        return;
+    stopped = 1;
+
+    if (ssl_base_inited) {
+#ifndef OPENSSL_NO_COMP
+# ifdef OPENSSL_INIT_DEBUG
+        fprintf(stderr, "OPENSSL_INIT: ssl_library_stop: "
+                "ssl_comp_free_compression_methods_int()\n");
+# endif
+        ssl_comp_free_compression_methods_int();
+#endif
+    }
+
+    if (ssl_strings_inited) {
+#ifdef OPENSSL_INIT_DEBUG
+        fprintf(stderr, "OPENSSL_INIT: ssl_library_stop: "
+                "err_free_strings_int()\n");
+#endif
+        /*
+         * If both crypto and ssl error strings are inited we will end up
+         * calling err_free_strings_int() twice - but that's ok. The second
+         * time will be a no-op. It's easier to do that than to try and track
+         * between the two libraries whether they have both been inited.
+         */
+        err_free_strings_int();
+    }
+}
+#endif /* __rtems__ */
+
+/*
+ * If this function is called with a non NULL settings value then it must be
+ * called prior to any threads making calls to any OpenSSL functions,
+ * i.e. passing a non-null settings value is assumed to be single-threaded.
+ */
+int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS * settings)
+{
+    static int stoperrset = 0;
+
+    if (stopped) {
+        if (!stoperrset) {
+            /*
+             * We only ever set this once to avoid getting into an infinite
+             * loop where the error system keeps trying to init and fails so
+             * sets an error etc
+             */
+            stoperrset = 1;
+            SSLerr(SSL_F_OPENSSL_INIT_SSL, ERR_R_INIT_FAIL);
+        }
+        return 0;
+    }
+
+    if (!OPENSSL_init_crypto(opts
+#ifndef OPENSSL_NO_AUTOLOAD_CONFIG
+                             | OPENSSL_INIT_LOAD_CONFIG
+#endif
+                             | OPENSSL_INIT_ADD_ALL_CIPHERS
+                             | OPENSSL_INIT_ADD_ALL_DIGESTS,
+                             settings))
+        return 0;
+
+    if (!RUN_ONCE(&ssl_base, ossl_init_ssl_base))
+        return 0;
+
+    if ((opts & OPENSSL_INIT_NO_LOAD_SSL_STRINGS)
+        && !RUN_ONCE(&ssl_strings, ossl_init_no_load_ssl_strings))
+        return 0;
+
+    if ((opts & OPENSSL_INIT_LOAD_SSL_STRINGS)
+        && !RUN_ONCE(&ssl_strings, ossl_init_load_ssl_strings))
+        return 0;
+
+    return 1;
+}
diff --git a/freebsd/crypto/openssl/ssl/ssl_lib.c b/freebsd/crypto/openssl/ssl/ssl_lib.c
index c7efc0ec..3a8c6b94 100644
--- a/freebsd/crypto/openssl/ssl/ssl_lib.c
+++ b/freebsd/crypto/openssl/ssl/ssl_lib.c
@@ -1,276 +1,652 @@
 #include <machine/rtems-bsd-user-space.h>
 
 /*
- * ! \file ssl/ssl_lib.c \brief Version independent SSL functions.
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2018 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-/* ====================================================================
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#ifdef REF_CHECK
-# include <assert.h>
-#endif
 #include <stdio.h>
 #include "ssl_locl.h"
-#include "kssl_lcl.h"
 #include <openssl/objects.h>
-#include <openssl/lhash.h>
 #include <openssl/x509v3.h>
 #include <openssl/rand.h>
+#include <openssl/rand_drbg.h>
 #include <openssl/ocsp.h>
-#ifndef OPENSSL_NO_DH
-# include <openssl/dh.h>
-#endif
-#ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
-#endif
+#include <openssl/dh.h>
+#include <openssl/engine.h>
+#include <openssl/async.h>
+#include <openssl/ct.h>
+#include "internal/cryptlib.h"
+#include "internal/refcount.h"
+
+const char SSL_version_str[] = OPENSSL_VERSION_TEXT;
+
+static int ssl_undefined_function_1(SSL *ssl, SSL3_RECORD *r, size_t s, int t)
+{
+    (void)r;
+    (void)s;
+    (void)t;
+    return ssl_undefined_function(ssl);
+}
+
+static int ssl_undefined_function_2(SSL *ssl, SSL3_RECORD *r, unsigned char *s,
+                                    int t)
+{
+    (void)r;
+    (void)s;
+    (void)t;
+    return ssl_undefined_function(ssl);
+}
 
-const char *SSL_version_str = OPENSSL_VERSION_TEXT;
+static int ssl_undefined_function_3(SSL *ssl, unsigned char *r,
+                                    unsigned char *s, size_t t, size_t *u)
+{
+    (void)r;
+    (void)s;
+    (void)t;
+    (void)u;
+    return ssl_undefined_function(ssl);
+}
+
+static int ssl_undefined_function_4(SSL *ssl, int r)
+{
+    (void)r;
+    return ssl_undefined_function(ssl);
+}
+
+static size_t ssl_undefined_function_5(SSL *ssl, const char *r, size_t s,
+                                       unsigned char *t)
+{
+    (void)r;
+    (void)s;
+    (void)t;
+    return ssl_undefined_function(ssl);
+}
+
+static int ssl_undefined_function_6(int r)
+{
+    (void)r;
+    return ssl_undefined_function(NULL);
+}
+
+static int ssl_undefined_function_7(SSL *ssl, unsigned char *r, size_t s,
+                                    const char *t, size_t u,
+                                    const unsigned char *v, size_t w, int x)
+{
+    (void)r;
+    (void)s;
+    (void)t;
+    (void)u;
+    (void)v;
+    (void)w;
+    (void)x;
+    return ssl_undefined_function(ssl);
+}
 
 SSL3_ENC_METHOD ssl3_undef_enc_method = {
-    /*
-     * evil casts, but these functions are only called if there's a library
-     * bug
-     */
-    (int (*)(SSL *, int))ssl_undefined_function,
-    (int (*)(SSL *, unsigned char *, int))ssl_undefined_function,
+    ssl_undefined_function_1,
+    ssl_undefined_function_2,
     ssl_undefined_function,
-    (int (*)(SSL *, unsigned char *, unsigned char *, int))
-        ssl_undefined_function,
-    (int (*)(SSL *, int))ssl_undefined_function,
-    (int (*)(SSL *, const char *, int, unsigned char *))
-        ssl_undefined_function,
-    0,                          /* finish_mac_length */
-    (int (*)(SSL *, int, unsigned char *))ssl_undefined_function,
+    ssl_undefined_function_3,
+    ssl_undefined_function_4,
+    ssl_undefined_function_5,
     NULL,                       /* client_finished_label */
     0,                          /* client_finished_label_len */
     NULL,                       /* server_finished_label */
     0,                          /* server_finished_label_len */
-    (int (*)(int))ssl_undefined_function,
-    (int (*)(SSL *, unsigned char *, size_t, const char *,
-             size_t, const unsigned char *, size_t,
-             int use_context))ssl_undefined_function,
+    ssl_undefined_function_6,
+    ssl_undefined_function_7,
 };
 
-int SSL_clear(SSL *s)
+struct ssl_async_args {
+    SSL *s;
+    void *buf;
+    size_t num;
+    enum { READFUNC, WRITEFUNC, OTHERFUNC } type;
+    union {
+        int (*func_read) (SSL *, void *, size_t, size_t *);
+        int (*func_write) (SSL *, const void *, size_t, size_t *);
+        int (*func_other) (SSL *);
+    } f;
+};
+
+static const struct {
+    uint8_t mtype;
+    uint8_t ord;
+    int nid;
+} dane_mds[] = {
+    {
+        DANETLS_MATCHING_FULL, 0, NID_undef
+    },
+    {
+        DANETLS_MATCHING_2256, 1, NID_sha256
+    },
+    {
+        DANETLS_MATCHING_2512, 2, NID_sha512
+    },
+};
+
+static int dane_ctx_enable(struct dane_ctx_st *dctx)
+{
+    const EVP_MD **mdevp;
+    uint8_t *mdord;
+    uint8_t mdmax = DANETLS_MATCHING_LAST;
+    int n = ((int)mdmax) + 1;   /* int to handle PrivMatch(255) */
+    size_t i;
+
+    if (dctx->mdevp != NULL)
+        return 1;
+
+    mdevp = OPENSSL_zalloc(n * sizeof(*mdevp));
+    mdord = OPENSSL_zalloc(n * sizeof(*mdord));
+
+    if (mdord == NULL || mdevp == NULL) {
+        OPENSSL_free(mdord);
+        OPENSSL_free(mdevp);
+        SSLerr(SSL_F_DANE_CTX_ENABLE, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    /* Install default entries */
+    for (i = 0; i < OSSL_NELEM(dane_mds); ++i) {
+        const EVP_MD *md;
+
+        if (dane_mds[i].nid == NID_undef ||
+            (md = EVP_get_digestbynid(dane_mds[i].nid)) == NULL)
+            continue;
+        mdevp[dane_mds[i].mtype] = md;
+        mdord[dane_mds[i].mtype] = dane_mds[i].ord;
+    }
+
+    dctx->mdevp = mdevp;
+    dctx->mdord = mdord;
+    dctx->mdmax = mdmax;
+
+    return 1;
+}
+
+static void dane_ctx_final(struct dane_ctx_st *dctx)
+{
+    OPENSSL_free(dctx->mdevp);
+    dctx->mdevp = NULL;
+
+    OPENSSL_free(dctx->mdord);
+    dctx->mdord = NULL;
+    dctx->mdmax = 0;
+}
+
+static void tlsa_free(danetls_record *t)
+{
+    if (t == NULL)
+        return;
+    OPENSSL_free(t->data);
+    EVP_PKEY_free(t->spki);
+    OPENSSL_free(t);
+}
+
+static void dane_final(SSL_DANE *dane)
+{
+    sk_danetls_record_pop_free(dane->trecs, tlsa_free);
+    dane->trecs = NULL;
+
+    sk_X509_pop_free(dane->certs, X509_free);
+    dane->certs = NULL;
+
+    X509_free(dane->mcert);
+    dane->mcert = NULL;
+    dane->mtlsa = NULL;
+    dane->mdpth = -1;
+    dane->pdpth = -1;
+}
+
+/*
+ * dane_copy - Copy dane configuration, sans verification state.
+ */
+static int ssl_dane_dup(SSL *to, SSL *from)
+{
+    int num;
+    int i;
+
+    if (!DANETLS_ENABLED(&from->dane))
+        return 1;
+
+    num = sk_danetls_record_num(from->dane.trecs);
+    dane_final(&to->dane);
+    to->dane.flags = from->dane.flags;
+    to->dane.dctx = &to->ctx->dane;
+    to->dane.trecs = sk_danetls_record_new_reserve(NULL, num);
+
+    if (to->dane.trecs == NULL) {
+        SSLerr(SSL_F_SSL_DANE_DUP, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    for (i = 0; i < num; ++i) {
+        danetls_record *t = sk_danetls_record_value(from->dane.trecs, i);
+
+        if (SSL_dane_tlsa_add(to, t->usage, t->selector, t->mtype,
+                              t->data, t->dlen) <= 0)
+            return 0;
+    }
+    return 1;
+}
+
+static int dane_mtype_set(struct dane_ctx_st *dctx,
+                          const EVP_MD *md, uint8_t mtype, uint8_t ord)
+{
+    int i;
+
+    if (mtype == DANETLS_MATCHING_FULL && md != NULL) {
+        SSLerr(SSL_F_DANE_MTYPE_SET, SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL);
+        return 0;
+    }
+
+    if (mtype > dctx->mdmax) {
+        const EVP_MD **mdevp;
+        uint8_t *mdord;
+        int n = ((int)mtype) + 1;
+
+        mdevp = OPENSSL_realloc(dctx->mdevp, n * sizeof(*mdevp));
+        if (mdevp == NULL) {
+            SSLerr(SSL_F_DANE_MTYPE_SET, ERR_R_MALLOC_FAILURE);
+            return -1;
+        }
+        dctx->mdevp = mdevp;
+
+        mdord = OPENSSL_realloc(dctx->mdord, n * sizeof(*mdord));
+        if (mdord == NULL) {
+            SSLerr(SSL_F_DANE_MTYPE_SET, ERR_R_MALLOC_FAILURE);
+            return -1;
+        }
+        dctx->mdord = mdord;
+
+        /* Zero-fill any gaps */
+        for (i = dctx->mdmax + 1; i < mtype; ++i) {
+            mdevp[i] = NULL;
+            mdord[i] = 0;
+        }
+
+        dctx->mdmax = mtype;
+    }
+
+    dctx->mdevp[mtype] = md;
+    /* Coerce ordinal of disabled matching types to 0 */
+    dctx->mdord[mtype] = (md == NULL) ? 0 : ord;
+
+    return 1;
+}
+
+static const EVP_MD *tlsa_md_get(SSL_DANE *dane, uint8_t mtype)
 {
+    if (mtype > dane->dctx->mdmax)
+        return NULL;
+    return dane->dctx->mdevp[mtype];
+}
+
+static int dane_tlsa_add(SSL_DANE *dane,
+                         uint8_t usage,
+                         uint8_t selector,
+                         uint8_t mtype, unsigned const char *data, size_t dlen)
+{
+    danetls_record *t;
+    const EVP_MD *md = NULL;
+    int ilen = (int)dlen;
+    int i;
+    int num;
+
+    if (dane->trecs == NULL) {
+        SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_NOT_ENABLED);
+        return -1;
+    }
+
+    if (ilen < 0 || dlen != (size_t)ilen) {
+        SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_DATA_LENGTH);
+        return 0;
+    }
+
+    if (usage > DANETLS_USAGE_LAST) {
+        SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE);
+        return 0;
+    }
+
+    if (selector > DANETLS_SELECTOR_LAST) {
+        SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_SELECTOR);
+        return 0;
+    }
+
+    if (mtype != DANETLS_MATCHING_FULL) {
+        md = tlsa_md_get(dane, mtype);
+        if (md == NULL) {
+            SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_MATCHING_TYPE);
+            return 0;
+        }
+    }
+
+    if (md != NULL && dlen != (size_t)EVP_MD_size(md)) {
+        SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH);
+        return 0;
+    }
+    if (!data) {
+        SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_NULL_DATA);
+        return 0;
+    }
+
+    if ((t = OPENSSL_zalloc(sizeof(*t))) == NULL) {
+        SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+
+    t->usage = usage;
+    t->selector = selector;
+    t->mtype = mtype;
+    t->data = OPENSSL_malloc(dlen);
+    if (t->data == NULL) {
+        tlsa_free(t);
+        SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+    memcpy(t->data, data, dlen);
+    t->dlen = dlen;
+
+    /* Validate and cache full certificate or public key */
+    if (mtype == DANETLS_MATCHING_FULL) {
+        const unsigned char *p = data;
+        X509 *cert = NULL;
+        EVP_PKEY *pkey = NULL;
+
+        switch (selector) {
+        case DANETLS_SELECTOR_CERT:
+            if (!d2i_X509(&cert, &p, ilen) || p < data ||
+                dlen != (size_t)(p - data)) {
+                tlsa_free(t);
+                SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE);
+                return 0;
+            }
+            if (X509_get0_pubkey(cert) == NULL) {
+                tlsa_free(t);
+                SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE);
+                return 0;
+            }
 
+            if ((DANETLS_USAGE_BIT(usage) & DANETLS_TA_MASK) == 0) {
+                X509_free(cert);
+                break;
+            }
+
+            /*
+             * For usage DANE-TA(2), we support authentication via "2 0 0" TLSA
+             * records that contain full certificates of trust-anchors that are
+             * not present in the wire chain.  For usage PKIX-TA(0), we augment
+             * the chain with untrusted Full(0) certificates from DNS, in case
+             * they are missing from the chain.
+             */
+            if ((dane->certs == NULL &&
+                 (dane->certs = sk_X509_new_null()) == NULL) ||
+                !sk_X509_push(dane->certs, cert)) {
+                SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
+                X509_free(cert);
+                tlsa_free(t);
+                return -1;
+            }
+            break;
+
+        case DANETLS_SELECTOR_SPKI:
+            if (!d2i_PUBKEY(&pkey, &p, ilen) || p < data ||
+                dlen != (size_t)(p - data)) {
+                tlsa_free(t);
+                SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_PUBLIC_KEY);
+                return 0;
+            }
+
+            /*
+             * For usage DANE-TA(2), we support authentication via "2 1 0" TLSA
+             * records that contain full bare keys of trust-anchors that are
+             * not present in the wire chain.
+             */
+            if (usage == DANETLS_USAGE_DANE_TA)
+                t->spki = pkey;
+            else
+                EVP_PKEY_free(pkey);
+            break;
+        }
+    }
+
+    /*-
+     * Find the right insertion point for the new record.
+     *
+     * See crypto/x509/x509_vfy.c.  We sort DANE-EE(3) records first, so that
+     * they can be processed first, as they require no chain building, and no
+     * expiration or hostname checks.  Because DANE-EE(3) is numerically
+     * largest, this is accomplished via descending sort by "usage".
+     *
+     * We also sort in descending order by matching ordinal to simplify
+     * the implementation of digest agility in the verification code.
+     *
+     * The choice of order for the selector is not significant, so we
+     * use the same descending order for consistency.
+     */
+    num = sk_danetls_record_num(dane->trecs);
+    for (i = 0; i < num; ++i) {
+        danetls_record *rec = sk_danetls_record_value(dane->trecs, i);
+
+        if (rec->usage > usage)
+            continue;
+        if (rec->usage < usage)
+            break;
+        if (rec->selector > selector)
+            continue;
+        if (rec->selector < selector)
+            break;
+        if (dane->dctx->mdord[rec->mtype] > dane->dctx->mdord[mtype])
+            continue;
+        break;
+    }
+
+    if (!sk_danetls_record_insert(dane->trecs, t, i)) {
+        tlsa_free(t);
+        SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+    dane->umask |= DANETLS_USAGE_BIT(usage);
+
+    return 1;
+}
+
+/*
+ * Return 0 if there is only one version configured and it was disabled
+ * at configure time.  Return 1 otherwise.
+ */
+static int ssl_check_allowed_versions(int min_version, int max_version)
+{
+    int minisdtls = 0, maxisdtls = 0;
+
+    /* Figure out if we're doing DTLS versions or TLS versions */
+    if (min_version == DTLS1_BAD_VER
+        || min_version >> 8 == DTLS1_VERSION_MAJOR)
+        minisdtls = 1;
+    if (max_version == DTLS1_BAD_VER
+        || max_version >> 8 == DTLS1_VERSION_MAJOR)
+        maxisdtls = 1;
+    /* A wildcard version of 0 could be DTLS or TLS. */
+    if ((minisdtls && !maxisdtls && max_version != 0)
+        || (maxisdtls && !minisdtls && min_version != 0)) {
+        /* Mixing DTLS and TLS versions will lead to sadness; deny it. */
+        return 0;
+    }
+
+    if (minisdtls || maxisdtls) {
+        /* Do DTLS version checks. */
+        if (min_version == 0)
+            /* Ignore DTLS1_BAD_VER */
+            min_version = DTLS1_VERSION;
+        if (max_version == 0)
+            max_version = DTLS1_2_VERSION;
+#ifdef OPENSSL_NO_DTLS1_2
+        if (max_version == DTLS1_2_VERSION)
+            max_version = DTLS1_VERSION;
+#endif
+#ifdef OPENSSL_NO_DTLS1
+        if (min_version == DTLS1_VERSION)
+            min_version = DTLS1_2_VERSION;
+#endif
+        /* Done massaging versions; do the check. */
+        if (0
+#ifdef OPENSSL_NO_DTLS1
+            || (DTLS_VERSION_GE(min_version, DTLS1_VERSION)
+                && DTLS_VERSION_GE(DTLS1_VERSION, max_version))
+#endif
+#ifdef OPENSSL_NO_DTLS1_2
+            || (DTLS_VERSION_GE(min_version, DTLS1_2_VERSION)
+                && DTLS_VERSION_GE(DTLS1_2_VERSION, max_version))
+#endif
+            )
+            return 0;
+    } else {
+        /* Regular TLS version checks. */
+        if (min_version == 0)
+            min_version = SSL3_VERSION;
+        if (max_version == 0)
+            max_version = TLS1_3_VERSION;
+#ifdef OPENSSL_NO_TLS1_3
+        if (max_version == TLS1_3_VERSION)
+            max_version = TLS1_2_VERSION;
+#endif
+#ifdef OPENSSL_NO_TLS1_2
+        if (max_version == TLS1_2_VERSION)
+            max_version = TLS1_1_VERSION;
+#endif
+#ifdef OPENSSL_NO_TLS1_1
+        if (max_version == TLS1_1_VERSION)
+            max_version = TLS1_VERSION;
+#endif
+#ifdef OPENSSL_NO_TLS1
+        if (max_version == TLS1_VERSION)
+            max_version = SSL3_VERSION;
+#endif
+#ifdef OPENSSL_NO_SSL3
+        if (min_version == SSL3_VERSION)
+            min_version = TLS1_VERSION;
+#endif
+#ifdef OPENSSL_NO_TLS1
+        if (min_version == TLS1_VERSION)
+            min_version = TLS1_1_VERSION;
+#endif
+#ifdef OPENSSL_NO_TLS1_1
+        if (min_version == TLS1_1_VERSION)
+            min_version = TLS1_2_VERSION;
+#endif
+#ifdef OPENSSL_NO_TLS1_2
+        if (min_version == TLS1_2_VERSION)
+            min_version = TLS1_3_VERSION;
+#endif
+        /* Done massaging versions; do the check. */
+        if (0
+#ifdef OPENSSL_NO_SSL3
+            || (min_version <= SSL3_VERSION && SSL3_VERSION <= max_version)
+#endif
+#ifdef OPENSSL_NO_TLS1
+            || (min_version <= TLS1_VERSION && TLS1_VERSION <= max_version)
+#endif
+#ifdef OPENSSL_NO_TLS1_1
+            || (min_version <= TLS1_1_VERSION && TLS1_1_VERSION <= max_version)
+#endif
+#ifdef OPENSSL_NO_TLS1_2
+            || (min_version <= TLS1_2_VERSION && TLS1_2_VERSION <= max_version)
+#endif
+#ifdef OPENSSL_NO_TLS1_3
+            || (min_version <= TLS1_3_VERSION && TLS1_3_VERSION <= max_version)
+#endif
+            )
+            return 0;
+    }
+    return 1;
+}
+
+static void clear_ciphers(SSL *s)
+{
+    /* clear the current cipher */
+    ssl_clear_cipher_ctx(s);
+    ssl_clear_hash_ctx(&s->read_hash);
+    ssl_clear_hash_ctx(&s->write_hash);
+}
+
+int SSL_clear(SSL *s)
+{
     if (s->method == NULL) {
         SSLerr(SSL_F_SSL_CLEAR, SSL_R_NO_METHOD_SPECIFIED);
-        return (0);
+        return 0;
     }
 
     if (ssl_clear_bad_session(s)) {
         SSL_SESSION_free(s->session);
         s->session = NULL;
     }
+    SSL_SESSION_free(s->psksession);
+    s->psksession = NULL;
+    OPENSSL_free(s->psksession_id);
+    s->psksession_id = NULL;
+    s->psksession_id_len = 0;
+    s->hello_retry_request = 0;
+    s->sent_tickets = 0;
 
     s->error = 0;
     s->hit = 0;
     s->shutdown = 0;
 
-#if 0
-    /*
-     * Disabled since version 1.10 of this file (early return not
-     * needed because SSL_clear is not called when doing renegotiation)
-     */
-    /*
-     * This is set if we are doing dynamic renegotiation so keep
-     * the old cipher.  It is sort of a SSL_clear_lite :-)
-     */
-    if (s->renegotiate)
-        return (1);
-#else
     if (s->renegotiate) {
         SSLerr(SSL_F_SSL_CLEAR, ERR_R_INTERNAL_ERROR);
         return 0;
     }
-#endif
-
-    s->type = 0;
 
-    s->state = SSL_ST_BEFORE | ((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT);
+    ossl_statem_clear(s);
 
     s->version = s->method->version;
     s->client_version = s->version;
     s->rwstate = SSL_NOTHING;
-    s->rstate = SSL_ST_READ_HEADER;
-#if 0
-    s->read_ahead = s->ctx->read_ahead;
-#endif
 
-    if (s->init_buf != NULL) {
-        BUF_MEM_free(s->init_buf);
-        s->init_buf = NULL;
-    }
+    BUF_MEM_free(s->init_buf);
+    s->init_buf = NULL;
+    clear_ciphers(s);
+    s->first_packet = 0;
 
-    ssl_clear_cipher_ctx(s);
-    ssl_clear_hash_ctx(&s->read_hash);
-    ssl_clear_hash_ctx(&s->write_hash);
+    s->key_update = SSL_KEY_UPDATE_NONE;
+
+    EVP_MD_CTX_free(s->pha_dgst);
+    s->pha_dgst = NULL;
+
+    /* Reset DANE verification result state */
+    s->dane.mdpth = -1;
+    s->dane.pdpth = -1;
+    X509_free(s->dane.mcert);
+    s->dane.mcert = NULL;
+    s->dane.mtlsa = NULL;
+
+    /* Clear the verification result peername */
+    X509_VERIFY_PARAM_move_peername(s->param, NULL);
 
-    s->first_packet = 0;
-#ifndef OPENSSL_NO_TLSEXT
-    if (s->cert != NULL) {
-        if (s->cert->alpn_proposed) {
-            OPENSSL_free(s->cert->alpn_proposed);
-            s->cert->alpn_proposed = NULL;
-        }
-        s->cert->alpn_proposed_len = 0;
-        s->cert->alpn_sent = 0;
-    }
-#endif
-#if 1
     /*
      * Check to see if we were changed into a different method, if so, revert
-     * back if we are not doing session-id reuse.
+     * back.
      */
-    if (!s->in_handshake && (s->session == NULL)
-        && (s->method != s->ctx->method)) {
+    if (s->method != s->ctx->method) {
         s->method->ssl_free(s);
         s->method = s->ctx->method;
         if (!s->method->ssl_new(s))
-            return (0);
-    } else
-#endif
-        s->method->ssl_clear(s);
-    return (1);
+            return 0;
+    } else {
+        if (!s->method->ssl_clear(s))
+            return 0;
+    }
+
+    RECORD_LAYER_clear(&s->rlayer);
+
+    return 1;
 }
 
 /** Used to change an SSL_CTXs default SSL method type */
@@ -280,17 +656,16 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
 
     ctx->method = meth;
 
-    sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list),
+    sk = ssl_create_cipher_list(ctx->method,
+                                ctx->tls13_ciphersuites,
+                                &(ctx->cipher_list),
                                 &(ctx->cipher_list_by_id),
-                                meth->version ==
-                                SSL2_VERSION ? "SSLv2" :
                                 SSL_DEFAULT_CIPHER_LIST, ctx->cert);
     if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
-        SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,
-               SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
-        return (0);
+        SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
+        return 0;
     }
-    return (1);
+    return 1;
 }
 
 SSL *SSL_new(SSL_CTX *ctx)
@@ -299,141 +674,192 @@ SSL *SSL_new(SSL_CTX *ctx)
 
     if (ctx == NULL) {
         SSLerr(SSL_F_SSL_NEW, SSL_R_NULL_SSL_CTX);
-        return (NULL);
+        return NULL;
     }
     if (ctx->method == NULL) {
         SSLerr(SSL_F_SSL_NEW, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
-        return (NULL);
+        return NULL;
     }
 
-    s = (SSL *)OPENSSL_malloc(sizeof(SSL));
+    s = OPENSSL_zalloc(sizeof(*s));
     if (s == NULL)
         goto err;
-    memset(s, 0, sizeof(SSL));
 
-#ifndef OPENSSL_NO_KRB5
-    s->kssl_ctx = kssl_ctx_new();
-#endif                          /* OPENSSL_NO_KRB5 */
+    s->references = 1;
+    s->lock = CRYPTO_THREAD_lock_new();
+    if (s->lock == NULL) {
+        OPENSSL_free(s);
+        s = NULL;
+        goto err;
+    }
+
+    RECORD_LAYER_init(&s->rlayer, s);
 
     s->options = ctx->options;
+    s->dane.flags = ctx->dane.flags;
+    s->min_proto_version = ctx->min_proto_version;
+    s->max_proto_version = ctx->max_proto_version;
     s->mode = ctx->mode;
     s->max_cert_list = ctx->max_cert_list;
-    s->references = 1;
-
-    if (ctx->cert != NULL) {
-        /*
-         * Earlier library versions used to copy the pointer to the CERT, not
-         * its contents; only when setting new parameters for the per-SSL
-         * copy, ssl_cert_new would be called (and the direct reference to
-         * the per-SSL_CTX settings would be lost, but those still were
-         * indirectly accessed for various purposes, and for that reason they
-         * used to be known as s->ctx->default_cert). Now we don't look at the
-         * SSL_CTX's CERT after having duplicated it once.
-         */
+    s->max_early_data = ctx->max_early_data;
+    s->recv_max_early_data = ctx->recv_max_early_data;
+    s->num_tickets = ctx->num_tickets;
+    s->pha_enabled = ctx->pha_enabled;
+
+    /* Shallow copy of the ciphersuites stack */
+    s->tls13_ciphersuites = sk_SSL_CIPHER_dup(ctx->tls13_ciphersuites);
+    if (s->tls13_ciphersuites == NULL)
+        goto err;
 
-        s->cert = ssl_cert_dup(ctx->cert);
-        if (s->cert == NULL)
-            goto err;
-    } else
-        s->cert = NULL;         /* Cannot really happen (see SSL_CTX_new) */
+    /*
+     * Earlier library versions used to copy the pointer to the CERT, not
+     * its contents; only when setting new parameters for the per-SSL
+     * copy, ssl_cert_new would be called (and the direct reference to
+     * the per-SSL_CTX settings would be lost, but those still were
+     * indirectly accessed for various purposes, and for that reason they
+     * used to be known as s->ctx->default_cert). Now we don't look at the
+     * SSL_CTX's CERT after having duplicated it once.
+     */
+    s->cert = ssl_cert_dup(ctx->cert);
+    if (s->cert == NULL)
+        goto err;
 
-    s->read_ahead = ctx->read_ahead;
+    RECORD_LAYER_set_read_ahead(&s->rlayer, ctx->read_ahead);
     s->msg_callback = ctx->msg_callback;
     s->msg_callback_arg = ctx->msg_callback_arg;
     s->verify_mode = ctx->verify_mode;
-#if 0
-    s->verify_depth = ctx->verify_depth;
-#endif
+    s->not_resumable_session_cb = ctx->not_resumable_session_cb;
+    s->record_padding_cb = ctx->record_padding_cb;
+    s->record_padding_arg = ctx->record_padding_arg;
+    s->block_padding = ctx->block_padding;
     s->sid_ctx_length = ctx->sid_ctx_length;
-    OPENSSL_assert(s->sid_ctx_length <= sizeof(s->sid_ctx));
+    if (!ossl_assert(s->sid_ctx_length <= sizeof(s->sid_ctx)))
+        goto err;
     memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx));
     s->verify_callback = ctx->default_verify_callback;
     s->generate_session_id = ctx->generate_session_id;
 
     s->param = X509_VERIFY_PARAM_new();
-    if (!s->param)
+    if (s->param == NULL)
         goto err;
     X509_VERIFY_PARAM_inherit(s->param, ctx->param);
-#if 0
-    s->purpose = ctx->purpose;
-    s->trust = ctx->trust;
-#endif
     s->quiet_shutdown = ctx->quiet_shutdown;
-    s->max_send_fragment = ctx->max_send_fragment;
 
-    CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
+    s->ext.max_fragment_len_mode = ctx->ext.max_fragment_len_mode;
+    s->max_send_fragment = ctx->max_send_fragment;
+    s->split_send_fragment = ctx->split_send_fragment;
+    s->max_pipelines = ctx->max_pipelines;
+    if (s->max_pipelines > 1)
+        RECORD_LAYER_set_read_ahead(&s->rlayer, 1);
+    if (ctx->default_read_buf_len > 0)
+        SSL_set_default_read_buffer_len(s, ctx->default_read_buf_len);
+
+    SSL_CTX_up_ref(ctx);
     s->ctx = ctx;
-#ifndef OPENSSL_NO_TLSEXT
-    s->tlsext_debug_cb = 0;
-    s->tlsext_debug_arg = NULL;
-    s->tlsext_ticket_expected = 0;
-    s->tlsext_status_type = -1;
-    s->tlsext_status_expected = 0;
-    s->tlsext_ocsp_ids = NULL;
-    s->tlsext_ocsp_exts = NULL;
-    s->tlsext_ocsp_resp = NULL;
-    s->tlsext_ocsp_resplen = -1;
-    CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
-    s->initial_ctx = ctx;
-# ifndef OPENSSL_NO_EC
-    if (ctx->tlsext_ecpointformatlist) {
-        s->tlsext_ecpointformatlist =
-            BUF_memdup(ctx->tlsext_ecpointformatlist,
-                       ctx->tlsext_ecpointformatlist_length);
-        if (!s->tlsext_ecpointformatlist)
+    s->ext.debug_cb = 0;
+    s->ext.debug_arg = NULL;
+    s->ext.ticket_expected = 0;
+    s->ext.status_type = ctx->ext.status_type;
+    s->ext.status_expected = 0;
+    s->ext.ocsp.ids = NULL;
+    s->ext.ocsp.exts = NULL;
+    s->ext.ocsp.resp = NULL;
+    s->ext.ocsp.resp_len = 0;
+    SSL_CTX_up_ref(ctx);
+    s->session_ctx = ctx;
+#ifndef OPENSSL_NO_EC
+    if (ctx->ext.ecpointformats) {
+        s->ext.ecpointformats =
+            OPENSSL_memdup(ctx->ext.ecpointformats,
+                           ctx->ext.ecpointformats_len);
+        if (!s->ext.ecpointformats)
             goto err;
-        s->tlsext_ecpointformatlist_length =
-            ctx->tlsext_ecpointformatlist_length;
-    }
-    if (ctx->tlsext_ellipticcurvelist) {
-        s->tlsext_ellipticcurvelist =
-            BUF_memdup(ctx->tlsext_ellipticcurvelist,
-                       ctx->tlsext_ellipticcurvelist_length);
-        if (!s->tlsext_ellipticcurvelist)
+        s->ext.ecpointformats_len =
+            ctx->ext.ecpointformats_len;
+    }
+    if (ctx->ext.supportedgroups) {
+        s->ext.supportedgroups =
+            OPENSSL_memdup(ctx->ext.supportedgroups,
+                           ctx->ext.supportedgroups_len
+                                * sizeof(*ctx->ext.supportedgroups));
+        if (!s->ext.supportedgroups)
             goto err;
-        s->tlsext_ellipticcurvelist_length =
-            ctx->tlsext_ellipticcurvelist_length;
+        s->ext.supportedgroups_len = ctx->ext.supportedgroups_len;
     }
-# endif
-# ifndef OPENSSL_NO_NEXTPROTONEG
-    s->next_proto_negotiated = NULL;
-# endif
+#endif
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    s->ext.npn = NULL;
+#endif
 
-    if (s->ctx->alpn_client_proto_list) {
-        s->alpn_client_proto_list =
-            OPENSSL_malloc(s->ctx->alpn_client_proto_list_len);
-        if (s->alpn_client_proto_list == NULL)
+    if (s->ctx->ext.alpn) {
+        s->ext.alpn = OPENSSL_malloc(s->ctx->ext.alpn_len);
+        if (s->ext.alpn == NULL)
             goto err;
-        memcpy(s->alpn_client_proto_list, s->ctx->alpn_client_proto_list,
-               s->ctx->alpn_client_proto_list_len);
-        s->alpn_client_proto_list_len = s->ctx->alpn_client_proto_list_len;
+        memcpy(s->ext.alpn, s->ctx->ext.alpn, s->ctx->ext.alpn_len);
+        s->ext.alpn_len = s->ctx->ext.alpn_len;
     }
-#endif
 
+    s->verified_chain = NULL;
     s->verify_result = X509_V_OK;
 
+    s->default_passwd_callback = ctx->default_passwd_callback;
+    s->default_passwd_callback_userdata = ctx->default_passwd_callback_userdata;
+
     s->method = ctx->method;
 
+    s->key_update = SSL_KEY_UPDATE_NONE;
+
+    s->allow_early_data_cb = ctx->allow_early_data_cb;
+    s->allow_early_data_cb_data = ctx->allow_early_data_cb_data;
+
     if (!s->method->ssl_new(s))
         goto err;
 
     s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1;
 
-    SSL_clear(s);
+    if (!SSL_clear(s))
+        goto err;
 
-    CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data))
+        goto err;
 
 #ifndef OPENSSL_NO_PSK
     s->psk_client_callback = ctx->psk_client_callback;
     s->psk_server_callback = ctx->psk_server_callback;
 #endif
+    s->psk_find_session_cb = ctx->psk_find_session_cb;
+    s->psk_use_session_cb = ctx->psk_use_session_cb;
+
+    s->job = NULL;
+
+#ifndef OPENSSL_NO_CT
+    if (!SSL_set_ct_validation_callback(s, ctx->ct_validation_callback,
+                                        ctx->ct_validation_callback_arg))
+        goto err;
+#endif
 
-    return (s);
+    return s;
  err:
-    if (s != NULL)
-        SSL_free(s);
+    SSL_free(s);
     SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
-    return (NULL);
+    return NULL;
+}
+
+int SSL_is_dtls(const SSL *s)
+{
+    return SSL_IS_DTLS(s) ? 1 : 0;
+}
+
+int SSL_up_ref(SSL *s)
+{
+    int i;
+
+    if (CRYPTO_UP_REF(&s->references, &i, s->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("SSL", s);
+    REF_ASSERT_ISNT(i < 2);
+    return ((i > 1) ? 1 : 0);
 }
 
 int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
@@ -466,17 +892,17 @@ int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
 
 int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
 {
-    CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
+    CRYPTO_THREAD_write_lock(ctx->lock);
     ctx->generate_session_id = cb;
-    CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
+    CRYPTO_THREAD_unlock(ctx->lock);
     return 1;
 }
 
 int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)
 {
-    CRYPTO_w_lock(CRYPTO_LOCK_SSL);
+    CRYPTO_THREAD_write_lock(ssl->lock);
     ssl->generate_session_id = cb;
-    CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
+    CRYPTO_THREAD_unlock(ssl->lock);
     return 1;
 }
 
@@ -485,7 +911,7 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
 {
     /*
      * A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how
-     * we can "construct" a session to give us the desired check - ie. to
+     * we can "construct" a session to give us the desired check - i.e. to
      * find if there's a session in the hash table that would conflict with
      * any new session built out of this id/id_len and the ssl_version in use
      * by this SSL.
@@ -498,21 +924,10 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
     r.ssl_version = ssl->version;
     r.session_id_length = id_len;
     memcpy(r.session_id, id, id_len);
-    /*
-     * NB: SSLv2 always uses a fixed 16-byte session ID, so even if a
-     * callback is calling us to check the uniqueness of a shorter ID, it
-     * must be compared as a padded-out ID because that is what it will be
-     * converted to when the callback has finished choosing it.
-     */
-    if ((r.ssl_version == SSL2_VERSION) &&
-        (id_len < SSL2_SSL_SESSION_ID_LENGTH)) {
-        memset(r.session_id + id_len, 0, SSL2_SSL_SESSION_ID_LENGTH - id_len);
-        r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH;
-    }
 
-    CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
-    p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r);
-    CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
+    CRYPTO_THREAD_read_lock(ssl->session_ctx->lock);
+    p = lh_SSL_SESSION_retrieve(ssl->session_ctx->sessions, &r);
+    CRYPTO_THREAD_unlock(ssl->session_ctx->lock);
     return (p != NULL);
 }
 
@@ -536,6 +951,160 @@ int SSL_set_trust(SSL *s, int trust)
     return X509_VERIFY_PARAM_set_trust(s->param, trust);
 }
 
+int SSL_set1_host(SSL *s, const char *hostname)
+{
+    return X509_VERIFY_PARAM_set1_host(s->param, hostname, 0);
+}
+
+int SSL_add1_host(SSL *s, const char *hostname)
+{
+    return X509_VERIFY_PARAM_add1_host(s->param, hostname, 0);
+}
+
+void SSL_set_hostflags(SSL *s, unsigned int flags)
+{
+    X509_VERIFY_PARAM_set_hostflags(s->param, flags);
+}
+
+const char *SSL_get0_peername(SSL *s)
+{
+    return X509_VERIFY_PARAM_get0_peername(s->param);
+}
+
+int SSL_CTX_dane_enable(SSL_CTX *ctx)
+{
+    return dane_ctx_enable(&ctx->dane);
+}
+
+unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags)
+{
+    unsigned long orig = ctx->dane.flags;
+
+    ctx->dane.flags |= flags;
+    return orig;
+}
+
+unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags)
+{
+    unsigned long orig = ctx->dane.flags;
+
+    ctx->dane.flags &= ~flags;
+    return orig;
+}
+
+int SSL_dane_enable(SSL *s, const char *basedomain)
+{
+    SSL_DANE *dane = &s->dane;
+
+    if (s->ctx->dane.mdmax == 0) {
+        SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_CONTEXT_NOT_DANE_ENABLED);
+        return 0;
+    }
+    if (dane->trecs != NULL) {
+        SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_DANE_ALREADY_ENABLED);
+        return 0;
+    }
+
+    /*
+     * Default SNI name.  This rejects empty names, while set1_host below
+     * accepts them and disables host name checks.  To avoid side-effects with
+     * invalid input, set the SNI name first.
+     */
+    if (s->ext.hostname == NULL) {
+        if (!SSL_set_tlsext_host_name(s, basedomain)) {
+            SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN);
+            return -1;
+        }
+    }
+
+    /* Primary RFC6125 reference identifier */
+    if (!X509_VERIFY_PARAM_set1_host(s->param, basedomain, 0)) {
+        SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN);
+        return -1;
+    }
+
+    dane->mdpth = -1;
+    dane->pdpth = -1;
+    dane->dctx = &s->ctx->dane;
+    dane->trecs = sk_danetls_record_new_null();
+
+    if (dane->trecs == NULL) {
+        SSLerr(SSL_F_SSL_DANE_ENABLE, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+    return 1;
+}
+
+unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags)
+{
+    unsigned long orig = ssl->dane.flags;
+
+    ssl->dane.flags |= flags;
+    return orig;
+}
+
+unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags)
+{
+    unsigned long orig = ssl->dane.flags;
+
+    ssl->dane.flags &= ~flags;
+    return orig;
+}
+
+int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki)
+{
+    SSL_DANE *dane = &s->dane;
+
+    if (!DANETLS_ENABLED(dane) || s->verify_result != X509_V_OK)
+        return -1;
+    if (dane->mtlsa) {
+        if (mcert)
+            *mcert = dane->mcert;
+        if (mspki)
+            *mspki = (dane->mcert == NULL) ? dane->mtlsa->spki : NULL;
+    }
+    return dane->mdpth;
+}
+
+int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector,
+                       uint8_t *mtype, unsigned const char **data, size_t *dlen)
+{
+    SSL_DANE *dane = &s->dane;
+
+    if (!DANETLS_ENABLED(dane) || s->verify_result != X509_V_OK)
+        return -1;
+    if (dane->mtlsa) {
+        if (usage)
+            *usage = dane->mtlsa->usage;
+        if (selector)
+            *selector = dane->mtlsa->selector;
+        if (mtype)
+            *mtype = dane->mtlsa->mtype;
+        if (data)
+            *data = dane->mtlsa->data;
+        if (dlen)
+            *dlen = dane->mtlsa->dlen;
+    }
+    return dane->mdpth;
+}
+
+SSL_DANE *SSL_get0_dane(SSL *s)
+{
+    return &s->dane;
+}
+
+int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector,
+                      uint8_t mtype, unsigned const char *data, size_t dlen)
+{
+    return dane_tlsa_add(&s->dane, usage, selector, mtype, data, dlen);
+}
+
+int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, uint8_t mtype,
+                           uint8_t ord)
+{
+    return dane_mtype_set(&ctx->dane, md, mtype, ord);
+}
+
 int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
 {
     return X509_VERIFY_PARAM_set1(ctx->param, vpm);
@@ -567,143 +1136,171 @@ void SSL_free(SSL *s)
 
     if (s == NULL)
         return;
-
-    i = CRYPTO_add(&s->references, -1, CRYPTO_LOCK_SSL);
-#ifdef REF_PRINT
-    REF_PRINT("SSL", s);
-#endif
+    CRYPTO_DOWN_REF(&s->references, &i, s->lock);
+    REF_PRINT_COUNT("SSL", s);
     if (i > 0)
         return;
-#ifdef REF_CHECK
-    if (i < 0) {
-        fprintf(stderr, "SSL_free, bad reference count\n");
-        abort();                /* ok */
-    }
-#endif
-
-    if (s->param)
-        X509_VERIFY_PARAM_free(s->param);
+    REF_ASSERT_ISNT(i < 0);
 
+    X509_VERIFY_PARAM_free(s->param);
+    dane_final(&s->dane);
     CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
 
-    if (s->bbio != NULL) {
-        /* If the buffering BIO is in place, pop it off */
-        if (s->bbio == s->wbio) {
-            s->wbio = BIO_pop(s->wbio);
-        }
-        BIO_free(s->bbio);
-        s->bbio = NULL;
-    }
-    if (s->rbio != NULL)
-        BIO_free_all(s->rbio);
-    if ((s->wbio != NULL) && (s->wbio != s->rbio))
-        BIO_free_all(s->wbio);
+    /* Ignore return value */
+    ssl_free_wbio_buffer(s);
 
-    if (s->init_buf != NULL)
-        BUF_MEM_free(s->init_buf);
+    BIO_free_all(s->wbio);
+    BIO_free_all(s->rbio);
+
+    BUF_MEM_free(s->init_buf);
 
     /* add extra stuff */
-    if (s->cipher_list != NULL)
-        sk_SSL_CIPHER_free(s->cipher_list);
-    if (s->cipher_list_by_id != NULL)
-        sk_SSL_CIPHER_free(s->cipher_list_by_id);
+    sk_SSL_CIPHER_free(s->cipher_list);
+    sk_SSL_CIPHER_free(s->cipher_list_by_id);
+    sk_SSL_CIPHER_free(s->tls13_ciphersuites);
 
     /* Make the next call work :-) */
     if (s->session != NULL) {
         ssl_clear_bad_session(s);
         SSL_SESSION_free(s->session);
     }
+    SSL_SESSION_free(s->psksession);
+    OPENSSL_free(s->psksession_id);
 
-    ssl_clear_cipher_ctx(s);
-    ssl_clear_hash_ctx(&s->read_hash);
-    ssl_clear_hash_ctx(&s->write_hash);
+    clear_ciphers(s);
 
-    if (s->cert != NULL)
-        ssl_cert_free(s->cert);
+    ssl_cert_free(s->cert);
     /* Free up if allocated */
 
-#ifndef OPENSSL_NO_TLSEXT
-    if (s->tlsext_hostname)
-        OPENSSL_free(s->tlsext_hostname);
-    if (s->initial_ctx)
-        SSL_CTX_free(s->initial_ctx);
-# ifndef OPENSSL_NO_EC
-    if (s->tlsext_ecpointformatlist)
-        OPENSSL_free(s->tlsext_ecpointformatlist);
-    if (s->tlsext_ellipticcurvelist)
-        OPENSSL_free(s->tlsext_ellipticcurvelist);
-# endif                         /* OPENSSL_NO_EC */
-    if (s->tlsext_opaque_prf_input)
-        OPENSSL_free(s->tlsext_opaque_prf_input);
-    if (s->tlsext_ocsp_exts)
-        sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, X509_EXTENSION_free);
-    if (s->tlsext_ocsp_ids)
-        sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
-    if (s->tlsext_ocsp_resp)
-        OPENSSL_free(s->tlsext_ocsp_resp);
-    if (s->alpn_client_proto_list)
-        OPENSSL_free(s->alpn_client_proto_list);
+    OPENSSL_free(s->ext.hostname);
+    SSL_CTX_free(s->session_ctx);
+#ifndef OPENSSL_NO_EC
+    OPENSSL_free(s->ext.ecpointformats);
+    OPENSSL_free(s->ext.supportedgroups);
+#endif                          /* OPENSSL_NO_EC */
+    sk_X509_EXTENSION_pop_free(s->ext.ocsp.exts, X509_EXTENSION_free);
+#ifndef OPENSSL_NO_OCSP
+    sk_OCSP_RESPID_pop_free(s->ext.ocsp.ids, OCSP_RESPID_free);
 #endif
+#ifndef OPENSSL_NO_CT
+    SCT_LIST_free(s->scts);
+    OPENSSL_free(s->ext.scts);
+#endif
+    OPENSSL_free(s->ext.ocsp.resp);
+    OPENSSL_free(s->ext.alpn);
+    OPENSSL_free(s->ext.tls13_cookie);
+    OPENSSL_free(s->clienthello);
+    OPENSSL_free(s->pha_context);
+    EVP_MD_CTX_free(s->pha_dgst);
+
+    sk_X509_NAME_pop_free(s->ca_names, X509_NAME_free);
 
-    if (s->client_CA != NULL)
-        sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free);
+    sk_X509_pop_free(s->verified_chain, X509_free);
 
     if (s->method != NULL)
         s->method->ssl_free(s);
 
-    if (s->ctx)
-        SSL_CTX_free(s->ctx);
+    RECORD_LAYER_release(&s->rlayer);
+
+    SSL_CTX_free(s->ctx);
 
-#ifndef OPENSSL_NO_KRB5
-    if (s->kssl_ctx != NULL)
-        kssl_ctx_free(s->kssl_ctx);
-#endif                          /* OPENSSL_NO_KRB5 */
+    ASYNC_WAIT_CTX_free(s->waitctx);
 
-#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
-    if (s->next_proto_negotiated)
-        OPENSSL_free(s->next_proto_negotiated);
+#if !defined(OPENSSL_NO_NEXTPROTONEG)
+    OPENSSL_free(s->ext.npn);
 #endif
 
 #ifndef OPENSSL_NO_SRTP
-    if (s->srtp_profiles)
-        sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
+    sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
 #endif
 
+    CRYPTO_THREAD_lock_free(s->lock);
+
     OPENSSL_free(s);
 }
 
-void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio)
+void SSL_set0_rbio(SSL *s, BIO *rbio)
+{
+    BIO_free_all(s->rbio);
+    s->rbio = rbio;
+}
+
+void SSL_set0_wbio(SSL *s, BIO *wbio)
 {
     /*
      * If the output buffering BIO is still in place, remove it
      */
-    if (s->bbio != NULL) {
-        if (s->wbio == s->bbio) {
-            s->wbio = s->wbio->next_bio;
-            s->bbio->next_bio = NULL;
-        }
-    }
-    if ((s->rbio != NULL) && (s->rbio != rbio))
-        BIO_free_all(s->rbio);
-    if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio))
-        BIO_free_all(s->wbio);
-    s->rbio = rbio;
+    if (s->bbio != NULL)
+        s->wbio = BIO_pop(s->wbio);
+
+    BIO_free_all(s->wbio);
     s->wbio = wbio;
+
+    /* Re-attach |bbio| to the new |wbio|. */
+    if (s->bbio != NULL)
+        s->wbio = BIO_push(s->bbio, s->wbio);
+}
+
+void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio)
+{
+    /*
+     * For historical reasons, this function has many different cases in
+     * ownership handling.
+     */
+
+    /* If nothing has changed, do nothing */
+    if (rbio == SSL_get_rbio(s) && wbio == SSL_get_wbio(s))
+        return;
+
+    /*
+     * If the two arguments are equal then one fewer reference is granted by the
+     * caller than we want to take
+     */
+    if (rbio != NULL && rbio == wbio)
+        BIO_up_ref(rbio);
+
+    /*
+     * If only the wbio is changed only adopt one reference.
+     */
+    if (rbio == SSL_get_rbio(s)) {
+        SSL_set0_wbio(s, wbio);
+        return;
+    }
+    /*
+     * There is an asymmetry here for historical reasons. If only the rbio is
+     * changed AND the rbio and wbio were originally different, then we only
+     * adopt one reference.
+     */
+    if (wbio == SSL_get_wbio(s) && SSL_get_rbio(s) != SSL_get_wbio(s)) {
+        SSL_set0_rbio(s, rbio);
+        return;
+    }
+
+    /* Otherwise, adopt both references. */
+    SSL_set0_rbio(s, rbio);
+    SSL_set0_wbio(s, wbio);
 }
 
 BIO *SSL_get_rbio(const SSL *s)
 {
-    return (s->rbio);
+    return s->rbio;
 }
 
 BIO *SSL_get_wbio(const SSL *s)
 {
-    return (s->wbio);
+    if (s->bbio != NULL) {
+        /*
+         * If |bbio| is active, the true caller-configured BIO is its
+         * |next_bio|.
+         */
+        return BIO_next(s->bbio);
+    }
+    return s->wbio;
 }
 
 int SSL_get_fd(const SSL *s)
 {
-    return (SSL_get_rfd(s));
+    return SSL_get_rfd(s);
 }
 
 int SSL_get_rfd(const SSL *s)
@@ -715,7 +1312,7 @@ int SSL_get_rfd(const SSL *s)
     r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
     if (r != NULL)
         BIO_get_fd(r, &ret);
-    return (ret);
+    return ret;
 }
 
 int SSL_get_wfd(const SSL *s)
@@ -727,7 +1324,7 @@ int SSL_get_wfd(const SSL *s)
     r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
     if (r != NULL)
         BIO_get_fd(r, &ret);
-    return (ret);
+    return ret;
 }
 
 #ifndef OPENSSL_NO_SOCK
@@ -746,51 +1343,50 @@ int SSL_set_fd(SSL *s, int fd)
     SSL_set_bio(s, bio, bio);
     ret = 1;
  err:
-    return (ret);
+    return ret;
 }
 
 int SSL_set_wfd(SSL *s, int fd)
 {
-    int ret = 0;
-    BIO *bio = NULL;
+    BIO *rbio = SSL_get_rbio(s);
 
-    if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET)
-        || ((int)BIO_get_fd(s->rbio, NULL) != fd)) {
-        bio = BIO_new(BIO_s_socket());
+    if (rbio == NULL || BIO_method_type(rbio) != BIO_TYPE_SOCKET
+        || (int)BIO_get_fd(rbio, NULL) != fd) {
+        BIO *bio = BIO_new(BIO_s_socket());
 
         if (bio == NULL) {
             SSLerr(SSL_F_SSL_SET_WFD, ERR_R_BUF_LIB);
-            goto err;
+            return 0;
         }
         BIO_set_fd(bio, fd, BIO_NOCLOSE);
-        SSL_set_bio(s, SSL_get_rbio(s), bio);
-    } else
-        SSL_set_bio(s, SSL_get_rbio(s), SSL_get_rbio(s));
-    ret = 1;
- err:
-    return (ret);
+        SSL_set0_wbio(s, bio);
+    } else {
+        BIO_up_ref(rbio);
+        SSL_set0_wbio(s, rbio);
+    }
+    return 1;
 }
 
 int SSL_set_rfd(SSL *s, int fd)
 {
-    int ret = 0;
-    BIO *bio = NULL;
+    BIO *wbio = SSL_get_wbio(s);
 
-    if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET)
-        || ((int)BIO_get_fd(s->wbio, NULL) != fd)) {
-        bio = BIO_new(BIO_s_socket());
+    if (wbio == NULL || BIO_method_type(wbio) != BIO_TYPE_SOCKET
+        || ((int)BIO_get_fd(wbio, NULL) != fd)) {
+        BIO *bio = BIO_new(BIO_s_socket());
 
         if (bio == NULL) {
             SSLerr(SSL_F_SSL_SET_RFD, ERR_R_BUF_LIB);
-            goto err;
+            return 0;
         }
         BIO_set_fd(bio, fd, BIO_NOCLOSE);
-        SSL_set_bio(s, bio, SSL_get_wbio(s));
-    } else
-        SSL_set_bio(s, SSL_get_wbio(s), SSL_get_wbio(s));
-    ret = 1;
- err:
-    return (ret);
+        SSL_set0_rbio(s, bio);
+    } else {
+        BIO_up_ref(wbio);
+        SSL_set0_rbio(s, wbio);
+    }
+
+    return 1;
 }
 #endif
 
@@ -824,7 +1420,7 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
 
 int SSL_get_verify_mode(const SSL *s)
 {
-    return (s->verify_mode);
+    return s->verify_mode;
 }
 
 int SSL_get_verify_depth(const SSL *s)
@@ -833,12 +1429,12 @@ int SSL_get_verify_depth(const SSL *s)
 }
 
 int (*SSL_get_verify_callback(const SSL *s)) (int, X509_STORE_CTX *) {
-    return (s->verify_callback);
+    return s->verify_callback;
 }
 
 int SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
 {
-    return (ctx->verify_mode);
+    return ctx->verify_mode;
 }
 
 int SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
@@ -847,7 +1443,7 @@ int SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
 }
 
 int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx)) (int, X509_STORE_CTX *) {
-    return (ctx->default_verify_callback);
+    return ctx->default_verify_callback;
 }
 
 void SSL_set_verify(SSL *s, int mode,
@@ -865,24 +1461,45 @@ void SSL_set_verify_depth(SSL *s, int depth)
 
 void SSL_set_read_ahead(SSL *s, int yes)
 {
-    s->read_ahead = yes;
+    RECORD_LAYER_set_read_ahead(&s->rlayer, yes);
 }
 
 int SSL_get_read_ahead(const SSL *s)
 {
-    return (s->read_ahead);
+    return RECORD_LAYER_get_read_ahead(&s->rlayer);
 }
 
 int SSL_pending(const SSL *s)
 {
+    size_t pending = s->method->ssl_pending(s);
+
     /*
      * SSL_pending cannot work properly if read-ahead is enabled
      * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), and it is
      * impossible to fix since SSL_pending cannot report errors that may be
      * observed while scanning the new data. (Note that SSL_pending() is
      * often used as a boolean value, so we'd better not return -1.)
+     *
+     * SSL_pending also cannot work properly if the value >INT_MAX. In that case
+     * we just return INT_MAX.
      */
-    return (s->method->ssl_pending(s));
+    return pending < INT_MAX ? (int)pending : INT_MAX;
+}
+
+int SSL_has_pending(const SSL *s)
+{
+    /*
+     * Similar to SSL_pending() but returns a 1 to indicate that we have
+     * unprocessed data available or 0 otherwise (as opposed to the number of
+     * bytes available). Unlike SSL_pending() this will take into account
+     * read_ahead data. A 1 return simply indicates that we have unprocessed
+     * data. That data may not result in any application data, or we may fail
+     * to parse the records for some reason.
+     */
+    if (RECORD_LAYER_processed_read_pending(&s->rlayer))
+        return 1;
+
+    return RECORD_LAYER_read_pending(&s->rlayer);
 }
 
 X509 *SSL_get_peer_certificate(const SSL *s)
@@ -895,78 +1512,75 @@ X509 *SSL_get_peer_certificate(const SSL *s)
         r = s->session->peer;
 
     if (r == NULL)
-        return (r);
+        return r;
 
-    CRYPTO_add(&r->references, 1, CRYPTO_LOCK_X509);
+    X509_up_ref(r);
 
-    return (r);
+    return r;
 }
 
 STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s)
 {
     STACK_OF(X509) *r;
 
-    if ((s == NULL) || (s->session == NULL)
-        || (s->session->sess_cert == NULL))
+    if ((s == NULL) || (s->session == NULL))
         r = NULL;
     else
-        r = s->session->sess_cert->cert_chain;
+        r = s->session->peer_chain;
 
     /*
      * If we are a client, cert_chain includes the peer's own certificate; if
      * we are a server, it does not.
      */
 
-    return (r);
+    return r;
 }
 
 /*
  * Now in theory, since the calling process own 't' it should be safe to
  * modify.  We need to be able to read f without being hassled
  */
-void SSL_copy_session_id(SSL *t, const SSL *f)
+int SSL_copy_session_id(SSL *t, const SSL *f)
 {
-    CERT *tmp;
-
+    int i;
     /* Do we need to to SSL locking? */
-    SSL_set_session(t, SSL_get_session(f));
+    if (!SSL_set_session(t, SSL_get_session(f))) {
+        return 0;
+    }
 
     /*
-     * what if we are setup as SSLv2 but want to talk SSLv3 or vice-versa
+     * what if we are setup for one protocol version but want to talk another
      */
     if (t->method != f->method) {
-        t->method->ssl_free(t); /* cleanup current */
-        t->method = f->method;  /* change method */
-        t->method->ssl_new(t);  /* setup new */
+        t->method->ssl_free(t);
+        t->method = f->method;
+        if (t->method->ssl_new(t) == 0)
+            return 0;
     }
 
-    tmp = t->cert;
-    if (f->cert != NULL) {
-        CRYPTO_add(&f->cert->references, 1, CRYPTO_LOCK_SSL_CERT);
-        t->cert = f->cert;
-    } else
-        t->cert = NULL;
-    if (tmp != NULL)
-        ssl_cert_free(tmp);
-    SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length);
+    CRYPTO_UP_REF(&f->cert->references, &i, f->cert->lock);
+    ssl_cert_free(t->cert);
+    t->cert = f->cert;
+    if (!SSL_set_session_id_context(t, f->sid_ctx, (int)f->sid_ctx_length)) {
+        return 0;
+    }
+
+    return 1;
 }
 
 /* Fix this so it checks all the valid key/cert options */
 int SSL_CTX_check_private_key(const SSL_CTX *ctx)
 {
-    if ((ctx == NULL) ||
-        (ctx->cert == NULL) || (ctx->cert->key->x509 == NULL)) {
-        SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,
-               SSL_R_NO_CERTIFICATE_ASSIGNED);
-        return (0);
+    if ((ctx == NULL) || (ctx->cert->key->x509 == NULL)) {
+        SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED);
+        return 0;
     }
     if (ctx->cert->key->privatekey == NULL) {
-        SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,
-               SSL_R_NO_PRIVATE_KEY_ASSIGNED);
-        return (0);
+        SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
+        return 0;
     }
-    return (X509_check_private_key
-            (ctx->cert->key->x509, ctx->cert->key->privatekey));
+    return X509_check_private_key
+            (ctx->cert->key->x509, ctx->cert->key->privatekey);
 }
 
 /* Fix this function so that it takes an optional type parameter */
@@ -974,87 +1588,460 @@ int SSL_check_private_key(const SSL *ssl)
 {
     if (ssl == NULL) {
         SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, ERR_R_PASSED_NULL_PARAMETER);
-        return (0);
-    }
-    if (ssl->cert == NULL) {
-        SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED);
         return 0;
     }
     if (ssl->cert->key->x509 == NULL) {
         SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED);
-        return (0);
+        return 0;
     }
     if (ssl->cert->key->privatekey == NULL) {
         SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
-        return (0);
+        return 0;
     }
-    return (X509_check_private_key(ssl->cert->key->x509,
-                                   ssl->cert->key->privatekey));
+    return X509_check_private_key(ssl->cert->key->x509,
+                                   ssl->cert->key->privatekey);
+}
+
+int SSL_waiting_for_async(SSL *s)
+{
+    if (s->job)
+        return 1;
+
+    return 0;
+}
+
+int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds)
+{
+    ASYNC_WAIT_CTX *ctx = s->waitctx;
+
+    if (ctx == NULL)
+        return 0;
+    return ASYNC_WAIT_CTX_get_all_fds(ctx, fds, numfds);
+}
+
+int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, size_t *numaddfds,
+                              OSSL_ASYNC_FD *delfd, size_t *numdelfds)
+{
+    ASYNC_WAIT_CTX *ctx = s->waitctx;
+
+    if (ctx == NULL)
+        return 0;
+    return ASYNC_WAIT_CTX_get_changed_fds(ctx, addfd, numaddfds, delfd,
+                                          numdelfds);
 }
 
 int SSL_accept(SSL *s)
 {
-    if (s->handshake_func == 0)
+    if (s->handshake_func == NULL) {
         /* Not properly initialized yet */
         SSL_set_accept_state(s);
+    }
 
-    return (s->method->ssl_accept(s));
+    return SSL_do_handshake(s);
 }
 
 int SSL_connect(SSL *s)
 {
-    if (s->handshake_func == 0)
+    if (s->handshake_func == NULL) {
         /* Not properly initialized yet */
         SSL_set_connect_state(s);
+    }
 
-    return (s->method->ssl_connect(s));
+    return SSL_do_handshake(s);
 }
 
 long SSL_get_default_timeout(const SSL *s)
 {
-    return (s->method->get_timeout());
+    return s->method->get_timeout();
 }
 
-int SSL_read(SSL *s, void *buf, int num)
+static int ssl_start_async_job(SSL *s, struct ssl_async_args *args,
+                               int (*func) (void *))
 {
-    if (s->handshake_func == 0) {
-        SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED);
+    int ret;
+    if (s->waitctx == NULL) {
+        s->waitctx = ASYNC_WAIT_CTX_new();
+        if (s->waitctx == NULL)
+            return -1;
+    }
+    switch (ASYNC_start_job(&s->job, s->waitctx, &ret, func, args,
+                            sizeof(struct ssl_async_args))) {
+    case ASYNC_ERR:
+        s->rwstate = SSL_NOTHING;
+        SSLerr(SSL_F_SSL_START_ASYNC_JOB, SSL_R_FAILED_TO_INIT_ASYNC);
+        return -1;
+    case ASYNC_PAUSE:
+        s->rwstate = SSL_ASYNC_PAUSED;
+        return -1;
+    case ASYNC_NO_JOBS:
+        s->rwstate = SSL_ASYNC_NO_JOBS;
+        return -1;
+    case ASYNC_FINISH:
+        s->job = NULL;
+        return ret;
+    default:
+        s->rwstate = SSL_NOTHING;
+        SSLerr(SSL_F_SSL_START_ASYNC_JOB, ERR_R_INTERNAL_ERROR);
+        /* Shouldn't happen */
+        return -1;
+    }
+}
+
+static int ssl_io_intern(void *vargs)
+{
+    struct ssl_async_args *args;
+    SSL *s;
+    void *buf;
+    size_t num;
+
+    args = (struct ssl_async_args *)vargs;
+    s = args->s;
+    buf = args->buf;
+    num = args->num;
+    switch (args->type) {
+    case READFUNC:
+        return args->f.func_read(s, buf, num, &s->asyncrw);
+    case WRITEFUNC:
+        return args->f.func_write(s, buf, num, &s->asyncrw);
+    case OTHERFUNC:
+        return args->f.func_other(s);
+    }
+    return -1;
+}
+
+int ssl_read_internal(SSL *s, void *buf, size_t num, size_t *readbytes)
+{
+    if (s->handshake_func == NULL) {
+        SSLerr(SSL_F_SSL_READ_INTERNAL, SSL_R_UNINITIALIZED);
         return -1;
     }
 
     if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
         s->rwstate = SSL_NOTHING;
-        return (0);
+        return 0;
+    }
+
+    if (s->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY
+                || s->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY) {
+        SSLerr(SSL_F_SSL_READ_INTERNAL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    /*
+     * If we are a client and haven't received the ServerHello etc then we
+     * better do that
+     */
+    ossl_statem_check_finish_init(s, 0);
+
+    if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
+        struct ssl_async_args args;
+        int ret;
+
+        args.s = s;
+        args.buf = buf;
+        args.num = num;
+        args.type = READFUNC;
+        args.f.func_read = s->method->ssl_read;
+
+        ret = ssl_start_async_job(s, &args, ssl_io_intern);
+        *readbytes = s->asyncrw;
+        return ret;
+    } else {
+        return s->method->ssl_read(s, buf, num, readbytes);
     }
-    return (s->method->ssl_read(s, buf, num));
 }
 
-int SSL_peek(SSL *s, void *buf, int num)
+int SSL_read(SSL *s, void *buf, int num)
+{
+    int ret;
+    size_t readbytes;
+
+    if (num < 0) {
+        SSLerr(SSL_F_SSL_READ, SSL_R_BAD_LENGTH);
+        return -1;
+    }
+
+    ret = ssl_read_internal(s, buf, (size_t)num, &readbytes);
+
+    /*
+     * The cast is safe here because ret should be <= INT_MAX because num is
+     * <= INT_MAX
+     */
+    if (ret > 0)
+        ret = (int)readbytes;
+
+    return ret;
+}
+
+int SSL_read_ex(SSL *s, void *buf, size_t num, size_t *readbytes)
+{
+    int ret = ssl_read_internal(s, buf, num, readbytes);
+
+    if (ret < 0)
+        ret = 0;
+    return ret;
+}
+
+int SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes)
+{
+    int ret;
+
+    if (!s->server) {
+        SSLerr(SSL_F_SSL_READ_EARLY_DATA, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return SSL_READ_EARLY_DATA_ERROR;
+    }
+
+    switch (s->early_data_state) {
+    case SSL_EARLY_DATA_NONE:
+        if (!SSL_in_before(s)) {
+            SSLerr(SSL_F_SSL_READ_EARLY_DATA,
+                   ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+            return SSL_READ_EARLY_DATA_ERROR;
+        }
+        /* fall through */
+
+    case SSL_EARLY_DATA_ACCEPT_RETRY:
+        s->early_data_state = SSL_EARLY_DATA_ACCEPTING;
+        ret = SSL_accept(s);
+        if (ret <= 0) {
+            /* NBIO or error */
+            s->early_data_state = SSL_EARLY_DATA_ACCEPT_RETRY;
+            return SSL_READ_EARLY_DATA_ERROR;
+        }
+        /* fall through */
+
+    case SSL_EARLY_DATA_READ_RETRY:
+        if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {
+            s->early_data_state = SSL_EARLY_DATA_READING;
+            ret = SSL_read_ex(s, buf, num, readbytes);
+            /*
+             * State machine will update early_data_state to
+             * SSL_EARLY_DATA_FINISHED_READING if we get an EndOfEarlyData
+             * message
+             */
+            if (ret > 0 || (ret <= 0 && s->early_data_state
+                                        != SSL_EARLY_DATA_FINISHED_READING)) {
+                s->early_data_state = SSL_EARLY_DATA_READ_RETRY;
+                return ret > 0 ? SSL_READ_EARLY_DATA_SUCCESS
+                               : SSL_READ_EARLY_DATA_ERROR;
+            }
+        } else {
+            s->early_data_state = SSL_EARLY_DATA_FINISHED_READING;
+        }
+        *readbytes = 0;
+        return SSL_READ_EARLY_DATA_FINISH;
+
+    default:
+        SSLerr(SSL_F_SSL_READ_EARLY_DATA, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return SSL_READ_EARLY_DATA_ERROR;
+    }
+}
+
+int SSL_get_early_data_status(const SSL *s)
 {
-    if (s->handshake_func == 0) {
-        SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED);
+    return s->ext.early_data;
+}
+
+static int ssl_peek_internal(SSL *s, void *buf, size_t num, size_t *readbytes)
+{
+    if (s->handshake_func == NULL) {
+        SSLerr(SSL_F_SSL_PEEK_INTERNAL, SSL_R_UNINITIALIZED);
         return -1;
     }
 
     if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
-        return (0);
+        return 0;
+    }
+    if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
+        struct ssl_async_args args;
+        int ret;
+
+        args.s = s;
+        args.buf = buf;
+        args.num = num;
+        args.type = READFUNC;
+        args.f.func_read = s->method->ssl_peek;
+
+        ret = ssl_start_async_job(s, &args, ssl_io_intern);
+        *readbytes = s->asyncrw;
+        return ret;
+    } else {
+        return s->method->ssl_peek(s, buf, num, readbytes);
     }
-    return (s->method->ssl_peek(s, buf, num));
 }
 
-int SSL_write(SSL *s, const void *buf, int num)
+int SSL_peek(SSL *s, void *buf, int num)
+{
+    int ret;
+    size_t readbytes;
+
+    if (num < 0) {
+        SSLerr(SSL_F_SSL_PEEK, SSL_R_BAD_LENGTH);
+        return -1;
+    }
+
+    ret = ssl_peek_internal(s, buf, (size_t)num, &readbytes);
+
+    /*
+     * The cast is safe here because ret should be <= INT_MAX because num is
+     * <= INT_MAX
+     */
+    if (ret > 0)
+        ret = (int)readbytes;
+
+    return ret;
+}
+
+
+int SSL_peek_ex(SSL *s, void *buf, size_t num, size_t *readbytes)
 {
-    if (s->handshake_func == 0) {
-        SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED);
+    int ret = ssl_peek_internal(s, buf, num, readbytes);
+
+    if (ret < 0)
+        ret = 0;
+    return ret;
+}
+
+int ssl_write_internal(SSL *s, const void *buf, size_t num, size_t *written)
+{
+    if (s->handshake_func == NULL) {
+        SSLerr(SSL_F_SSL_WRITE_INTERNAL, SSL_R_UNINITIALIZED);
         return -1;
     }
 
     if (s->shutdown & SSL_SENT_SHUTDOWN) {
         s->rwstate = SSL_NOTHING;
-        SSLerr(SSL_F_SSL_WRITE, SSL_R_PROTOCOL_IS_SHUTDOWN);
-        return (-1);
+        SSLerr(SSL_F_SSL_WRITE_INTERNAL, SSL_R_PROTOCOL_IS_SHUTDOWN);
+        return -1;
+    }
+
+    if (s->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY
+                || s->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY
+                || s->early_data_state == SSL_EARLY_DATA_READ_RETRY) {
+        SSLerr(SSL_F_SSL_WRITE_INTERNAL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    /* If we are a client and haven't sent the Finished we better do that */
+    ossl_statem_check_finish_init(s, 1);
+
+    if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
+        int ret;
+        struct ssl_async_args args;
+
+        args.s = s;
+        args.buf = (void *)buf;
+        args.num = num;
+        args.type = WRITEFUNC;
+        args.f.func_write = s->method->ssl_write;
+
+        ret = ssl_start_async_job(s, &args, ssl_io_intern);
+        *written = s->asyncrw;
+        return ret;
+    } else {
+        return s->method->ssl_write(s, buf, num, written);
+    }
+}
+
+int SSL_write(SSL *s, const void *buf, int num)
+{
+    int ret;
+    size_t written;
+
+    if (num < 0) {
+        SSLerr(SSL_F_SSL_WRITE, SSL_R_BAD_LENGTH);
+        return -1;
+    }
+
+    ret = ssl_write_internal(s, buf, (size_t)num, &written);
+
+    /*
+     * The cast is safe here because ret should be <= INT_MAX because num is
+     * <= INT_MAX
+     */
+    if (ret > 0)
+        ret = (int)written;
+
+    return ret;
+}
+
+int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written)
+{
+    int ret = ssl_write_internal(s, buf, num, written);
+
+    if (ret < 0)
+        ret = 0;
+    return ret;
+}
+
+int SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written)
+{
+    int ret, early_data_state;
+    size_t writtmp;
+    uint32_t partialwrite;
+
+    switch (s->early_data_state) {
+    case SSL_EARLY_DATA_NONE:
+        if (s->server
+                || !SSL_in_before(s)
+                || ((s->session == NULL || s->session->ext.max_early_data == 0)
+                     && (s->psk_use_session_cb == NULL))) {
+            SSLerr(SSL_F_SSL_WRITE_EARLY_DATA,
+                   ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+            return 0;
+        }
+        /* fall through */
+
+    case SSL_EARLY_DATA_CONNECT_RETRY:
+        s->early_data_state = SSL_EARLY_DATA_CONNECTING;
+        ret = SSL_connect(s);
+        if (ret <= 0) {
+            /* NBIO or error */
+            s->early_data_state = SSL_EARLY_DATA_CONNECT_RETRY;
+            return 0;
+        }
+        /* fall through */
+
+    case SSL_EARLY_DATA_WRITE_RETRY:
+        s->early_data_state = SSL_EARLY_DATA_WRITING;
+        /*
+         * We disable partial write for early data because we don't keep track
+         * of how many bytes we've written between the SSL_write_ex() call and
+         * the flush if the flush needs to be retried)
+         */
+        partialwrite = s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE;
+        s->mode &= ~SSL_MODE_ENABLE_PARTIAL_WRITE;
+        ret = SSL_write_ex(s, buf, num, &writtmp);
+        s->mode |= partialwrite;
+        if (!ret) {
+            s->early_data_state = SSL_EARLY_DATA_WRITE_RETRY;
+            return ret;
+        }
+        s->early_data_state = SSL_EARLY_DATA_WRITE_FLUSH;
+        /* fall through */
+
+    case SSL_EARLY_DATA_WRITE_FLUSH:
+        /* The buffering BIO is still in place so we need to flush it */
+        if (statem_flush(s) != 1)
+            return 0;
+        *written = num;
+        s->early_data_state = SSL_EARLY_DATA_WRITE_RETRY;
+        return 1;
+
+    case SSL_EARLY_DATA_FINISHED_READING:
+    case SSL_EARLY_DATA_READ_RETRY:
+        early_data_state = s->early_data_state;
+        /* We are a server writing to an unauthenticated client */
+        s->early_data_state = SSL_EARLY_DATA_UNAUTH_WRITING;
+        ret = SSL_write_ex(s, buf, num, written);
+        /* The buffering BIO is still in place */
+        if (ret)
+            (void)BIO_flush(s->wbio);
+        s->early_data_state = early_data_state;
+        return ret;
+
+    default:
+        SSLerr(SSL_F_SSL_WRITE_EARLY_DATA, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
     }
-    return (s->method->ssl_write(s, buf, num));
 }
 
 int SSL_shutdown(SSL *s)
@@ -1066,37 +2053,96 @@ int SSL_shutdown(SSL *s)
      * (see ssl3_shutdown).
      */
 
-    if (s->handshake_func == 0) {
+    if (s->handshake_func == NULL) {
         SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED);
         return -1;
     }
 
     if (!SSL_in_init(s)) {
-        return s->method->ssl_shutdown(s);
+        if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
+            struct ssl_async_args args;
+
+            args.s = s;
+            args.type = OTHERFUNC;
+            args.f.func_other = s->method->ssl_shutdown;
+
+            return ssl_start_async_job(s, &args, ssl_io_intern);
+        } else {
+            return s->method->ssl_shutdown(s);
+        }
     } else {
         SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_SHUTDOWN_WHILE_IN_INIT);
         return -1;
     }
 }
 
+int SSL_key_update(SSL *s, int updatetype)
+{
+    /*
+     * TODO(TLS1.3): How will applications know whether TLSv1.3 has been
+     * negotiated, and that it is appropriate to call SSL_key_update() instead
+     * of SSL_renegotiate().
+     */
+    if (!SSL_IS_TLS13(s)) {
+        SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_WRONG_SSL_VERSION);
+        return 0;
+    }
+
+    if (updatetype != SSL_KEY_UPDATE_NOT_REQUESTED
+            && updatetype != SSL_KEY_UPDATE_REQUESTED) {
+        SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_INVALID_KEY_UPDATE_TYPE);
+        return 0;
+    }
+
+    if (!SSL_is_init_finished(s)) {
+        SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_STILL_IN_INIT);
+        return 0;
+    }
+
+    ossl_statem_set_in_init(s, 1);
+    s->key_update = updatetype;
+    return 1;
+}
+
+int SSL_get_key_update_type(SSL *s)
+{
+    return s->key_update;
+}
+
 int SSL_renegotiate(SSL *s)
 {
-    if (s->renegotiate == 0)
-        s->renegotiate = 1;
+    if (SSL_IS_TLS13(s)) {
+        SSLerr(SSL_F_SSL_RENEGOTIATE, SSL_R_WRONG_SSL_VERSION);
+        return 0;
+    }
+
+    if ((s->options & SSL_OP_NO_RENEGOTIATION)) {
+        SSLerr(SSL_F_SSL_RENEGOTIATE, SSL_R_NO_RENEGOTIATION);
+        return 0;
+    }
 
+    s->renegotiate = 1;
     s->new_session = 1;
 
-    return (s->method->ssl_renegotiate(s));
+    return s->method->ssl_renegotiate(s);
 }
 
 int SSL_renegotiate_abbreviated(SSL *s)
 {
-    if (s->renegotiate == 0)
-        s->renegotiate = 1;
+    if (SSL_IS_TLS13(s)) {
+        SSLerr(SSL_F_SSL_RENEGOTIATE_ABBREVIATED, SSL_R_WRONG_SSL_VERSION);
+        return 0;
+    }
+
+    if ((s->options & SSL_OP_NO_RENEGOTIATION)) {
+        SSLerr(SSL_F_SSL_RENEGOTIATE_ABBREVIATED, SSL_R_NO_RENEGOTIATION);
+        return 0;
+    }
 
+    s->renegotiate = 1;
     s->new_session = 0;
 
-    return (s->method->ssl_renegotiate(s));
+    return s->method->ssl_renegotiate(s);
 }
 
 int SSL_renegotiate_pending(SSL *s)
@@ -1114,34 +2160,46 @@ long SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
 
     switch (cmd) {
     case SSL_CTRL_GET_READ_AHEAD:
-        return (s->read_ahead);
+        return RECORD_LAYER_get_read_ahead(&s->rlayer);
     case SSL_CTRL_SET_READ_AHEAD:
-        l = s->read_ahead;
-        s->read_ahead = larg;
-        return (l);
+        l = RECORD_LAYER_get_read_ahead(&s->rlayer);
+        RECORD_LAYER_set_read_ahead(&s->rlayer, larg);
+        return l;
 
     case SSL_CTRL_SET_MSG_CALLBACK_ARG:
         s->msg_callback_arg = parg;
         return 1;
 
-    case SSL_CTRL_OPTIONS:
-        return (s->options |= larg);
-    case SSL_CTRL_CLEAR_OPTIONS:
-        return (s->options &= ~larg);
     case SSL_CTRL_MODE:
         return (s->mode |= larg);
     case SSL_CTRL_CLEAR_MODE:
         return (s->mode &= ~larg);
     case SSL_CTRL_GET_MAX_CERT_LIST:
-        return (s->max_cert_list);
+        return (long)s->max_cert_list;
     case SSL_CTRL_SET_MAX_CERT_LIST:
-        l = s->max_cert_list;
-        s->max_cert_list = larg;
-        return (l);
+        if (larg < 0)
+            return 0;
+        l = (long)s->max_cert_list;
+        s->max_cert_list = (size_t)larg;
+        return l;
     case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
         if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
             return 0;
         s->max_send_fragment = larg;
+        if (s->max_send_fragment < s->split_send_fragment)
+            s->split_send_fragment = s->max_send_fragment;
+        return 1;
+    case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT:
+        if ((size_t)larg > s->max_send_fragment || larg == 0)
+            return 0;
+        s->split_send_fragment = larg;
+        return 1;
+    case SSL_CTRL_SET_MAX_PIPELINES:
+        if (larg < 1 || larg > SSL_MAX_PIPELINES)
+            return 0;
+        s->max_pipelines = larg;
+        if (larg > 1)
+            RECORD_LAYER_set_read_ahead(&s->rlayer, 1);
         return 1;
     case SSL_CTRL_GET_RI_SUPPORT:
         if (s->s3)
@@ -1155,14 +2213,34 @@ long SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
 
     case SSL_CTRL_GET_RAW_CIPHERLIST:
         if (parg) {
-            if (s->cert->ciphers_raw == NULL)
+            if (s->s3->tmp.ciphers_raw == NULL)
                 return 0;
-            *(unsigned char **)parg = s->cert->ciphers_raw;
-            return (int)s->cert->ciphers_rawlen;
-        } else
-            return ssl_put_cipher_by_char(s, NULL, NULL);
+            *(unsigned char **)parg = s->s3->tmp.ciphers_raw;
+            return (int)s->s3->tmp.ciphers_rawlen;
+        } else {
+            return TLS_CIPHER_LEN;
+        }
+    case SSL_CTRL_GET_EXTMS_SUPPORT:
+        if (!s->session || SSL_in_init(s) || ossl_statem_get_in_handshake(s))
+            return -1;
+        if (s->session->flags & SSL_SESS_FLAG_EXTMS)
+            return 1;
+        else
+            return 0;
+    case SSL_CTRL_SET_MIN_PROTO_VERSION:
+        return ssl_check_allowed_versions(larg, s->max_proto_version)
+               && ssl_set_version_bound(s->ctx->method->version, (int)larg,
+                                        &s->min_proto_version);
+    case SSL_CTRL_GET_MIN_PROTO_VERSION:
+        return s->min_proto_version;
+    case SSL_CTRL_SET_MAX_PROTO_VERSION:
+        return ssl_check_allowed_versions(s->min_proto_version, larg)
+               && ssl_set_version_bound(s->ctx->method->version, (int)larg,
+                                        &s->max_proto_version);
+    case SSL_CTRL_GET_MAX_PROTO_VERSION:
+        return s->max_proto_version;
     default:
-        return (s->method->ssl_ctrl(s, cmd, larg, parg));
+        return s->method->ssl_ctrl(s, cmd, larg, parg);
     }
 }
 
@@ -1177,7 +2255,7 @@ long SSL_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
         return 1;
 
     default:
-        return (s->method->ssl_callback_ctrl(s, cmd, fp));
+        return s->method->ssl_callback_ctrl(s, cmd, fp);
     }
 }
 
@@ -1193,8 +2271,8 @@ long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
     if (ctx == NULL) {
         switch (cmd) {
 #ifndef OPENSSL_NO_EC
-        case SSL_CTRL_SET_CURVES_LIST:
-            return tls1_set_curves_list(NULL, NULL, parg);
+        case SSL_CTRL_SET_GROUPS_LIST:
+            return tls1_set_groups_list(NULL, NULL, parg);
 #endif
         case SSL_CTRL_SET_SIGALGS_LIST:
         case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
@@ -1206,64 +2284,64 @@ long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
 
     switch (cmd) {
     case SSL_CTRL_GET_READ_AHEAD:
-        return (ctx->read_ahead);
+        return ctx->read_ahead;
     case SSL_CTRL_SET_READ_AHEAD:
         l = ctx->read_ahead;
         ctx->read_ahead = larg;
-        return (l);
+        return l;
 
     case SSL_CTRL_SET_MSG_CALLBACK_ARG:
         ctx->msg_callback_arg = parg;
         return 1;
 
     case SSL_CTRL_GET_MAX_CERT_LIST:
-        return (ctx->max_cert_list);
+        return (long)ctx->max_cert_list;
     case SSL_CTRL_SET_MAX_CERT_LIST:
-        l = ctx->max_cert_list;
-        ctx->max_cert_list = larg;
-        return (l);
+        if (larg < 0)
+            return 0;
+        l = (long)ctx->max_cert_list;
+        ctx->max_cert_list = (size_t)larg;
+        return l;
 
     case SSL_CTRL_SET_SESS_CACHE_SIZE:
-        l = ctx->session_cache_size;
-        ctx->session_cache_size = larg;
-        return (l);
+        if (larg < 0)
+            return 0;
+        l = (long)ctx->session_cache_size;
+        ctx->session_cache_size = (size_t)larg;
+        return l;
     case SSL_CTRL_GET_SESS_CACHE_SIZE:
-        return (ctx->session_cache_size);
+        return (long)ctx->session_cache_size;
     case SSL_CTRL_SET_SESS_CACHE_MODE:
         l = ctx->session_cache_mode;
         ctx->session_cache_mode = larg;
-        return (l);
+        return l;
     case SSL_CTRL_GET_SESS_CACHE_MODE:
-        return (ctx->session_cache_mode);
+        return ctx->session_cache_mode;
 
     case SSL_CTRL_SESS_NUMBER:
-        return (lh_SSL_SESSION_num_items(ctx->sessions));
+        return lh_SSL_SESSION_num_items(ctx->sessions);
     case SSL_CTRL_SESS_CONNECT:
-        return (ctx->stats.sess_connect);
+        return tsan_load(&ctx->stats.sess_connect);
     case SSL_CTRL_SESS_CONNECT_GOOD:
-        return (ctx->stats.sess_connect_good);
+        return tsan_load(&ctx->stats.sess_connect_good);
     case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
-        return (ctx->stats.sess_connect_renegotiate);
+        return tsan_load(&ctx->stats.sess_connect_renegotiate);
     case SSL_CTRL_SESS_ACCEPT:
-        return (ctx->stats.sess_accept);
+        return tsan_load(&ctx->stats.sess_accept);
     case SSL_CTRL_SESS_ACCEPT_GOOD:
-        return (ctx->stats.sess_accept_good);
+        return tsan_load(&ctx->stats.sess_accept_good);
     case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
-        return (ctx->stats.sess_accept_renegotiate);
+        return tsan_load(&ctx->stats.sess_accept_renegotiate);
     case SSL_CTRL_SESS_HIT:
-        return (ctx->stats.sess_hit);
+        return tsan_load(&ctx->stats.sess_hit);
     case SSL_CTRL_SESS_CB_HIT:
-        return (ctx->stats.sess_cb_hit);
+        return tsan_load(&ctx->stats.sess_cb_hit);
     case SSL_CTRL_SESS_MISSES:
-        return (ctx->stats.sess_miss);
+        return tsan_load(&ctx->stats.sess_miss);
     case SSL_CTRL_SESS_TIMEOUTS:
-        return (ctx->stats.sess_timeout);
+        return tsan_load(&ctx->stats.sess_timeout);
     case SSL_CTRL_SESS_CACHE_FULL:
-        return (ctx->stats.sess_cache_full);
-    case SSL_CTRL_OPTIONS:
-        return (ctx->options |= larg);
-    case SSL_CTRL_CLEAR_OPTIONS:
-        return (ctx->options &= ~larg);
+        return tsan_load(&ctx->stats.sess_cache_full);
     case SSL_CTRL_MODE:
         return (ctx->mode |= larg);
     case SSL_CTRL_CLEAR_MODE:
@@ -1272,13 +2350,37 @@ long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
         if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
             return 0;
         ctx->max_send_fragment = larg;
+        if (ctx->max_send_fragment < ctx->split_send_fragment)
+            ctx->split_send_fragment = ctx->max_send_fragment;
+        return 1;
+    case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT:
+        if ((size_t)larg > ctx->max_send_fragment || larg == 0)
+            return 0;
+        ctx->split_send_fragment = larg;
+        return 1;
+    case SSL_CTRL_SET_MAX_PIPELINES:
+        if (larg < 1 || larg > SSL_MAX_PIPELINES)
+            return 0;
+        ctx->max_pipelines = larg;
         return 1;
     case SSL_CTRL_CERT_FLAGS:
         return (ctx->cert->cert_flags |= larg);
     case SSL_CTRL_CLEAR_CERT_FLAGS:
         return (ctx->cert->cert_flags &= ~larg);
+    case SSL_CTRL_SET_MIN_PROTO_VERSION:
+        return ssl_check_allowed_versions(larg, ctx->max_proto_version)
+               && ssl_set_version_bound(ctx->method->version, (int)larg,
+                                        &ctx->min_proto_version);
+    case SSL_CTRL_GET_MIN_PROTO_VERSION:
+        return ctx->min_proto_version;
+    case SSL_CTRL_SET_MAX_PROTO_VERSION:
+        return ssl_check_allowed_versions(ctx->min_proto_version, larg)
+               && ssl_set_version_bound(ctx->method->version, (int)larg,
+                                        &ctx->max_proto_version);
+    case SSL_CTRL_GET_MAX_PROTO_VERSION:
+        return ctx->max_proto_version;
     default:
-        return (ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg));
+        return ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg);
     }
 }
 
@@ -1293,31 +2395,27 @@ long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
         return 1;
 
     default:
-        return (ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp));
+        return ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp);
     }
 }
 
 int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
 {
-    long l;
-
-    l = a->id - b->id;
-    if (l == 0L)
-        return (0);
-    else
-        return ((l > 0) ? 1 : -1);
+    if (a->id > b->id)
+        return 1;
+    if (a->id < b->id)
+        return -1;
+    return 0;
 }
 
 int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
                           const SSL_CIPHER *const *bp)
 {
-    long l;
-
-    l = (*ap)->id - (*bp)->id;
-    if (l == 0L)
-        return (0);
-    else
-        return ((l > 0) ? 1 : -1);
+    if ((*ap)->id > (*bp)->id)
+        return 1;
+    if ((*ap)->id < (*bp)->id)
+        return -1;
+    return 0;
 }
 
 /** return a STACK of the ciphers available for the SSL and in order of
@@ -1326,12 +2424,45 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
 {
     if (s != NULL) {
         if (s->cipher_list != NULL) {
-            return (s->cipher_list);
+            return s->cipher_list;
         } else if ((s->ctx != NULL) && (s->ctx->cipher_list != NULL)) {
-            return (s->ctx->cipher_list);
+            return s->ctx->cipher_list;
         }
     }
-    return (NULL);
+    return NULL;
+}
+
+STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s)
+{
+    if ((s == NULL) || (s->session == NULL) || !s->server)
+        return NULL;
+    return s->session->ciphers;
+}
+
+STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s)
+{
+    STACK_OF(SSL_CIPHER) *sk = NULL, *ciphers;
+    int i;
+
+    ciphers = SSL_get_ciphers(s);
+    if (!ciphers)
+        return NULL;
+    if (!ssl_set_client_disabled(s))
+        return NULL;
+    for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
+        const SSL_CIPHER *c = sk_SSL_CIPHER_value(ciphers, i);
+        if (!ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_SUPPORTED, 0)) {
+            if (!sk)
+                sk = sk_SSL_CIPHER_new_null();
+            if (!sk)
+                return NULL;
+            if (!sk_SSL_CIPHER_push(sk, c)) {
+                sk_SSL_CIPHER_free(sk);
+                return NULL;
+            }
+        }
+    }
+    return sk;
 }
 
 /** return a STACK of the ciphers available for the SSL and in order of
@@ -1340,29 +2471,38 @@ STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s)
 {
     if (s != NULL) {
         if (s->cipher_list_by_id != NULL) {
-            return (s->cipher_list_by_id);
+            return s->cipher_list_by_id;
         } else if ((s->ctx != NULL) && (s->ctx->cipher_list_by_id != NULL)) {
-            return (s->ctx->cipher_list_by_id);
+            return s->ctx->cipher_list_by_id;
         }
     }
-    return (NULL);
+    return NULL;
 }
 
 /** The old interface to get the same thing as SSL_get_ciphers() */
 const char *SSL_get_cipher_list(const SSL *s, int n)
 {
-    SSL_CIPHER *c;
+    const SSL_CIPHER *c;
     STACK_OF(SSL_CIPHER) *sk;
 
     if (s == NULL)
-        return (NULL);
+        return NULL;
     sk = SSL_get_ciphers(s);
     if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n))
-        return (NULL);
+        return NULL;
     c = sk_SSL_CIPHER_value(sk, n);
     if (c == NULL)
-        return (NULL);
-    return (c->name);
+        return NULL;
+    return c->name;
+}
+
+/** return a STACK of the ciphers available for the SSL_CTX and in order of
+ * preference */
+STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx)
+{
+    if (ctx != NULL)
+        return ctx->cipher_list;
+    return NULL;
 }
 
 /** specify the ciphers to be used by default by the SSL_CTX */
@@ -1370,8 +2510,9 @@ int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
 {
     STACK_OF(SSL_CIPHER) *sk;
 
-    sk = ssl_create_cipher_list(ctx->method, &ctx->cipher_list,
-                                &ctx->cipher_list_by_id, str, ctx->cert);
+    sk = ssl_create_cipher_list(ctx->method, ctx->tls13_ciphersuites,
+                                &ctx->cipher_list, &ctx->cipher_list_by_id, str,
+                                ctx->cert);
     /*
      * ssl_create_cipher_list may return an empty stack if it was unable to
      * find a cipher matching the given rule string (for example if the rule
@@ -1393,8 +2534,9 @@ int SSL_set_cipher_list(SSL *s, const char *str)
 {
     STACK_OF(SSL_CIPHER) *sk;
 
-    sk = ssl_create_cipher_list(s->ctx->method, &s->cipher_list,
-                                &s->cipher_list_by_id, str, s->cert);
+    sk = ssl_create_cipher_list(s->ctx->method, s->tls13_ciphersuites,
+                                &s->cipher_list, &s->cipher_list_by_id, str,
+                                s->cert);
     /* see comment in SSL_CTX_set_cipher_list */
     if (sk == NULL)
         return 0;
@@ -1405,12 +2547,11 @@ int SSL_set_cipher_list(SSL *s, const char *str)
     return 1;
 }
 
-/* works well for SSLv2, not so good for SSLv3 */
 char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size)
 {
     char *p;
     STACK_OF(SSL_CIPHER) *clntsk, *srvrsk;
-    SSL_CIPHER *c;
+    const SSL_CIPHER *c;
     int i;
 
     if (!s->server
@@ -1448,171 +2589,9 @@ char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size)
         size -= n + 1;
     }
     p[-1] = '\0';
-    return (buf);
+    return buf;
 }
 
-int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
-                             unsigned char *p,
-                             int (*put_cb) (const SSL_CIPHER *,
-                                            unsigned char *))
-{
-    int i, j = 0;
-    SSL_CIPHER *c;
-    CERT *ct = s->cert;
-    unsigned char *q;
-    int empty_reneg_info_scsv = !s->renegotiate;
-    /* Set disabled masks for this session */
-    ssl_set_client_disabled(s);
-
-    if (sk == NULL)
-        return (0);
-    q = p;
-    if (put_cb == NULL)
-        put_cb = s->method->put_cipher_by_char;
-
-    for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
-        c = sk_SSL_CIPHER_value(sk, i);
-        /* Skip disabled ciphers */
-        if (c->algorithm_ssl & ct->mask_ssl ||
-            c->algorithm_mkey & ct->mask_k || c->algorithm_auth & ct->mask_a)
-            continue;
-#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
-        if (c->id == SSL3_CK_SCSV) {
-            if (!empty_reneg_info_scsv)
-                continue;
-            else
-                empty_reneg_info_scsv = 0;
-        }
-#endif
-        j = put_cb(c, p);
-        p += j;
-    }
-    /*
-     * If p == q, no ciphers; caller indicates an error. Otherwise, add
-     * applicable SCSVs.
-     */
-    if (p != q) {
-        if (empty_reneg_info_scsv) {
-            static SSL_CIPHER scsv = {
-                0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
-            };
-            j = put_cb(&scsv, p);
-            p += j;
-#ifdef OPENSSL_RI_DEBUG
-            fprintf(stderr,
-                    "TLS_EMPTY_RENEGOTIATION_INFO_SCSV sent by client\n");
-#endif
-        }
-        if (s->mode & SSL_MODE_SEND_FALLBACK_SCSV) {
-            static SSL_CIPHER scsv = {
-                0, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
-            };
-            j = put_cb(&scsv, p);
-            p += j;
-        }
-    }
-
-    return (p - q);
-}
-
-STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p,
-                                               int num,
-                                               STACK_OF(SSL_CIPHER) **skp)
-{
-    const SSL_CIPHER *c;
-    STACK_OF(SSL_CIPHER) *sk;
-    int i, n;
-
-    if (s->s3)
-        s->s3->send_connection_binding = 0;
-
-    n = ssl_put_cipher_by_char(s, NULL, NULL);
-    if (n == 0 || (num % n) != 0) {
-        SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
-               SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
-        return (NULL);
-    }
-    if ((skp == NULL) || (*skp == NULL)) {
-        sk = sk_SSL_CIPHER_new_null(); /* change perhaps later */
-        if(sk == NULL) {
-            SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
-            return NULL;
-        }
-    } else {
-        sk = *skp;
-        sk_SSL_CIPHER_zero(sk);
-    }
-
-    if (s->cert->ciphers_raw)
-        OPENSSL_free(s->cert->ciphers_raw);
-    s->cert->ciphers_raw = BUF_memdup(p, num);
-    if (s->cert->ciphers_raw == NULL) {
-        SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-    s->cert->ciphers_rawlen = (size_t)num;
-
-    for (i = 0; i < num; i += n) {
-        /* Check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV */
-        if (s->s3 && (n != 3 || !p[0]) &&
-            (p[n - 2] == ((SSL3_CK_SCSV >> 8) & 0xff)) &&
-            (p[n - 1] == (SSL3_CK_SCSV & 0xff))) {
-            /* SCSV fatal if renegotiating */
-            if (s->renegotiate) {
-                SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
-                       SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
-                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
-                goto err;
-            }
-            s->s3->send_connection_binding = 1;
-            p += n;
-#ifdef OPENSSL_RI_DEBUG
-            fprintf(stderr, "SCSV received by server\n");
-#endif
-            continue;
-        }
-
-        /* Check for TLS_FALLBACK_SCSV */
-        if ((n != 3 || !p[0]) &&
-            (p[n - 2] == ((SSL3_CK_FALLBACK_SCSV >> 8) & 0xff)) &&
-            (p[n - 1] == (SSL3_CK_FALLBACK_SCSV & 0xff))) {
-            /*
-             * The SCSV indicates that the client previously tried a higher
-             * version. Fail if the current version is an unexpected
-             * downgrade.
-             */
-            if (!SSL_ctrl(s, SSL_CTRL_CHECK_PROTO_VERSION, 0, NULL)) {
-                SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
-                       SSL_R_INAPPROPRIATE_FALLBACK);
-                if (s->s3)
-                    ssl3_send_alert(s, SSL3_AL_FATAL,
-                                    SSL_AD_INAPPROPRIATE_FALLBACK);
-                goto err;
-            }
-            p += n;
-            continue;
-        }
-
-        c = ssl_get_cipher_by_char(s, p);
-        p += n;
-        if (c != NULL) {
-            if (!sk_SSL_CIPHER_push(sk, c)) {
-                SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
-                goto err;
-            }
-        }
-    }
-
-    if (skp != NULL)
-        *skp = sk;
-    return (sk);
- err:
-    if ((skp == NULL) || (*skp == NULL))
-        sk_SSL_CIPHER_free(sk);
-    return (NULL);
-}
-
-#ifndef OPENSSL_NO_TLSEXT
 /** return a servername extension value if provided in Client Hello, or NULL.
  * So far, only host_name types are defined (RFC 3546).
  */
@@ -1622,15 +2601,22 @@ const char *SSL_get_servername(const SSL *s, const int type)
     if (type != TLSEXT_NAMETYPE_host_name)
         return NULL;
 
-    return s->session && !s->tlsext_hostname ?
-        s->session->tlsext_hostname : s->tlsext_hostname;
+    /*
+     * SNI is not negotiated in pre-TLS-1.3 resumption flows, so fake up an
+     * SNI value to return if we are resuming/resumed.  N.B. that we still
+     * call the relevant callbacks for such resumption flows, and callbacks
+     * might error out if there is not a SNI value available.
+     */
+    if (s->hit)
+        return s->session->ext.hostname;
+    return s->ext.hostname;
 }
 
 int SSL_get_servername_type(const SSL *s)
 {
     if (s->session
-        && (!s->tlsext_hostname ? s->session->
-            tlsext_hostname : s->tlsext_hostname))
+        && (!s->ext.hostname ? s->session->
+            ext.hostname : s->ext.hostname))
         return TLSEXT_NAMETYPE_host_name;
     return -1;
 }
@@ -1646,7 +2632,7 @@ int SSL_get_servername_type(const SSL *s)
  * is indicated to the callback. In this case, the client application has to
  * abort the connection or have a default application level protocol. 2) If
  * the server supports NPN, but advertises an empty list then the client
- * selects the first protcol in its list, but indicates via the API that this
+ * selects the first protocol in its list, but indicates via the API that this
  * fallback case was enacted. 3) Otherwise, the client finds the first
  * protocol in the server's list that it supports and selects this protocol.
  * This is because it's assumed that the server has better information about
@@ -1658,8 +2644,7 @@ int SSL_get_servername_type(const SSL *s)
 int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
                           const unsigned char *server,
                           unsigned int server_len,
-                          const unsigned char *client,
-                          unsigned int client_len)
+                          const unsigned char *client, unsigned int client_len)
 {
     unsigned int i, j;
     const unsigned char *result;
@@ -1694,7 +2679,7 @@ int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
     return status;
 }
 
-# ifndef OPENSSL_NO_NEXTPROTONEG
+#ifndef OPENSSL_NO_NEXTPROTONEG
 /*
  * SSL_get0_next_proto_negotiated sets *data and *len to point to the
  * client's requested protocol for this connection and returns 0. If the
@@ -1706,16 +2691,16 @@ int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
 void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
                                     unsigned *len)
 {
-    *data = s->next_proto_negotiated;
+    *data = s->ext.npn;
     if (!*data) {
         *len = 0;
     } else {
-        *len = s->next_proto_negotiated_len;
+        *len = (unsigned int)s->ext.npn_len;
     }
 }
 
 /*
- * SSL_CTX_set_next_protos_advertised_cb sets a callback that is called when
+ * SSL_CTX_set_npn_advertised_cb sets a callback that is called when
  * a TLS server needs a list of supported protocols for Next Protocol
  * Negotiation. The returned list must be in wire format.  The list is
  * returned by setting |out| to point to it and |outlen| to its length. This
@@ -1724,15 +2709,12 @@ void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
  * wishes to advertise. Otherwise, no such extension will be included in the
  * ServerHello.
  */
-void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx,
-                                           int (*cb) (SSL *ssl,
-                                                      const unsigned char
-                                                      **out,
-                                                      unsigned int *outlen,
-                                                      void *arg), void *arg)
+void SSL_CTX_set_npn_advertised_cb(SSL_CTX *ctx,
+                                   SSL_CTX_npn_advertised_cb_func cb,
+                                   void *arg)
 {
-    ctx->next_protos_advertised_cb = cb;
-    ctx->next_protos_advertised_cb_arg = arg;
+    ctx->ext.npn_advertised_cb = cb;
+    ctx->ext.npn_advertised_cb_arg = arg;
 }
 
 /*
@@ -1745,17 +2727,14 @@ void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx,
  * select a protocol. It is fatal to the connection if this callback returns
  * a value other than SSL_TLSEXT_ERR_OK.
  */
-void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx,
-                                      int (*cb) (SSL *s, unsigned char **out,
-                                                 unsigned char *outlen,
-                                                 const unsigned char *in,
-                                                 unsigned int inlen,
-                                                 void *arg), void *arg)
+void SSL_CTX_set_npn_select_cb(SSL_CTX *ctx,
+                               SSL_CTX_npn_select_cb_func cb,
+                               void *arg)
 {
-    ctx->next_proto_select_cb = cb;
-    ctx->next_proto_select_cb_arg = arg;
+    ctx->ext.npn_select_cb = cb;
+    ctx->ext.npn_select_cb_arg = arg;
 }
-# endif
+#endif
 
 /*
  * SSL_CTX_set_alpn_protos sets the ALPN protocol list on |ctx| to |protos|.
@@ -1763,16 +2742,15 @@ void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx,
  * length-prefixed strings). Returns 0 on success.
  */
 int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
-                            unsigned protos_len)
+                            unsigned int protos_len)
 {
-    if (ctx->alpn_client_proto_list)
-        OPENSSL_free(ctx->alpn_client_proto_list);
-
-    ctx->alpn_client_proto_list = OPENSSL_malloc(protos_len);
-    if (!ctx->alpn_client_proto_list)
+    OPENSSL_free(ctx->ext.alpn);
+    ctx->ext.alpn = OPENSSL_memdup(protos, protos_len);
+    if (ctx->ext.alpn == NULL) {
+        SSLerr(SSL_F_SSL_CTX_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE);
         return 1;
-    memcpy(ctx->alpn_client_proto_list, protos, protos_len);
-    ctx->alpn_client_proto_list_len = protos_len;
+    }
+    ctx->ext.alpn_len = protos_len;
 
     return 0;
 }
@@ -1783,16 +2761,15 @@ int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
  * length-prefixed strings). Returns 0 on success.
  */
 int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
-                        unsigned protos_len)
+                        unsigned int protos_len)
 {
-    if (ssl->alpn_client_proto_list)
-        OPENSSL_free(ssl->alpn_client_proto_list);
-
-    ssl->alpn_client_proto_list = OPENSSL_malloc(protos_len);
-    if (!ssl->alpn_client_proto_list)
+    OPENSSL_free(ssl->ext.alpn);
+    ssl->ext.alpn = OPENSSL_memdup(protos, protos_len);
+    if (ssl->ext.alpn == NULL) {
+        SSLerr(SSL_F_SSL_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE);
         return 1;
-    memcpy(ssl->alpn_client_proto_list, protos, protos_len);
-    ssl->alpn_client_proto_list_len = protos_len;
+    }
+    ssl->ext.alpn_len = protos_len;
 
     return 0;
 }
@@ -1803,25 +2780,21 @@ int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
  * from the client's list of offered protocols.
  */
 void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
-                                int (*cb) (SSL *ssl,
-                                           const unsigned char **out,
-                                           unsigned char *outlen,
-                                           const unsigned char *in,
-                                           unsigned int inlen,
-                                           void *arg), void *arg)
+                                SSL_CTX_alpn_select_cb_func cb,
+                                void *arg)
 {
-    ctx->alpn_select_cb = cb;
-    ctx->alpn_select_cb_arg = arg;
+    ctx->ext.alpn_select_cb = cb;
+    ctx->ext.alpn_select_cb_arg = arg;
 }
 
 /*
- * SSL_get0_alpn_selected gets the selected ALPN protocol (if any) from
- * |ssl|. On return it sets |*data| to point to |*len| bytes of protocol name
+ * SSL_get0_alpn_selected gets the selected ALPN protocol (if any) from |ssl|.
+ * On return it sets |*data| to point to |*len| bytes of protocol name
  * (not including the leading length-prefix byte). If the server didn't
  * respond with a negotiated protocol then |*len| will be zero.
  */
 void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
-                            unsigned *len)
+                            unsigned int *len)
 {
     *data = NULL;
     if (ssl->s3)
@@ -1829,11 +2802,9 @@ void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
     if (*data == NULL)
         *len = 0;
     else
-        *len = ssl->s3->alpn_selected_len;
+        *len = (unsigned int)ssl->s3->alpn_selected_len;
 }
 
-#endif                          /* !OPENSSL_NO_TLSEXT */
-
 int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
                                const char *label, size_t llen,
                                const unsigned char *context, size_t contextlen,
@@ -1847,6 +2818,18 @@ int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
                                                        contextlen, use_context);
 }
 
+int SSL_export_keying_material_early(SSL *s, unsigned char *out, size_t olen,
+                                     const char *label, size_t llen,
+                                     const unsigned char *context,
+                                     size_t contextlen)
+{
+    if (s->version != TLS1_3_VERSION)
+        return 0;
+
+    return tls13_export_keying_material_early(s, out, olen, label, llen,
+                                              context, contextlen);
+}
+
 static unsigned long ssl_session_hash(const SSL_SESSION *a)
 {
     const unsigned char *session_id = a->session_id;
@@ -1864,7 +2847,7 @@ static unsigned long ssl_session_hash(const SSL_SESSION *a)
         ((unsigned long)session_id[1] << 8L) |
         ((unsigned long)session_id[2] << 16L) |
         ((unsigned long)session_id[3] << 24L);
-    return (l);
+    return l;
 }
 
 /*
@@ -1877,10 +2860,10 @@ static unsigned long ssl_session_hash(const SSL_SESSION *a)
 static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
 {
     if (a->ssl_version != b->ssl_version)
-        return (1);
+        return 1;
     if (a->session_id_length != b->session_id_length)
-        return (1);
-    return (memcmp(a->session_id, b->session_id, a->session_id_length));
+        return 1;
+    return memcmp(a->session_id, b->session_id, a->session_id_length);
 }
 
 /*
@@ -1889,8 +2872,6 @@ static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
  * variable. The reason is that the functions aren't static, they're exposed
  * via ssl.h.
  */
-static IMPLEMENT_LHASH_HASH_FN(ssl_session, SSL_SESSION)
-static IMPLEMENT_LHASH_COMP_FN(ssl_session, SSL_SESSION)
 
 SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
 {
@@ -1898,102 +2879,68 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
 
     if (meth == NULL) {
         SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_NULL_SSL_METHOD_PASSED);
-        return (NULL);
-    }
-#ifdef OPENSSL_FIPS
-    if (FIPS_mode() && (meth->version < TLS1_VERSION)) {
-        SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
         return NULL;
     }
-#endif
+
+    if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL))
+        return NULL;
 
     if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {
         SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
         goto err;
     }
-    ret = (SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX));
+    ret = OPENSSL_zalloc(sizeof(*ret));
     if (ret == NULL)
         goto err;
 
-    memset(ret, 0, sizeof(SSL_CTX));
-
     ret->method = meth;
-
-    ret->cert_store = NULL;
+    ret->min_proto_version = 0;
+    ret->max_proto_version = 0;
+    ret->mode = SSL_MODE_AUTO_RETRY;
     ret->session_cache_mode = SSL_SESS_CACHE_SERVER;
     ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
-    ret->session_cache_head = NULL;
-    ret->session_cache_tail = NULL;
-
-    /* We take the system default */
+    /* We take the system default. */
     ret->session_timeout = meth->get_timeout();
-
-    ret->new_session_cb = 0;
-    ret->remove_session_cb = 0;
-    ret->get_session_cb = 0;
-    ret->generate_session_id = 0;
-
-    memset((char *)&ret->stats, 0, sizeof(ret->stats));
-
     ret->references = 1;
-    ret->quiet_shutdown = 0;
-
-/*  ret->cipher=NULL;*/
-/*-
-    ret->s2->challenge=NULL;
-    ret->master_key=NULL;
-    ret->key_arg=NULL;
-    ret->s2->conn_id=NULL; */
-
-    ret->info_callback = NULL;
-
-    ret->app_verify_callback = 0;
-    ret->app_verify_arg = NULL;
-
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
     ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT;
-    ret->read_ahead = 0;
-    ret->msg_callback = 0;
-    ret->msg_callback_arg = NULL;
     ret->verify_mode = SSL_VERIFY_NONE;
-#if 0
-    ret->verify_depth = -1;     /* Don't impose a limit (but x509_lu.c does) */
-#endif
-    ret->sid_ctx_length = 0;
-    ret->default_verify_callback = NULL;
     if ((ret->cert = ssl_cert_new()) == NULL)
         goto err;
 
-    ret->default_passwd_callback = 0;
-    ret->default_passwd_callback_userdata = NULL;
-    ret->client_cert_cb = 0;
-    ret->app_gen_cookie_cb = 0;
-    ret->app_verify_cookie_cb = 0;
-
-    ret->sessions = lh_SSL_SESSION_new();
+    ret->sessions = lh_SSL_SESSION_new(ssl_session_hash, ssl_session_cmp);
     if (ret->sessions == NULL)
         goto err;
     ret->cert_store = X509_STORE_new();
     if (ret->cert_store == NULL)
         goto err;
+#ifndef OPENSSL_NO_CT
+    ret->ctlog_store = CTLOG_STORE_new();
+    if (ret->ctlog_store == NULL)
+        goto err;
+#endif
 
-    ssl_create_cipher_list(ret->method,
-                           &ret->cipher_list, &ret->cipher_list_by_id,
-                           meth->version ==
-                           SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST,
-                           ret->cert);
-    if (ret->cipher_list == NULL || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
+    if (!SSL_CTX_set_ciphersuites(ret, TLS_DEFAULT_CIPHERSUITES))
+        goto err;
+
+    if (!ssl_create_cipher_list(ret->method,
+                                ret->tls13_ciphersuites,
+                                &ret->cipher_list, &ret->cipher_list_by_id,
+                                SSL_DEFAULT_CIPHER_LIST, ret->cert)
+        || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
         SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
         goto err2;
     }
 
     ret->param = X509_VERIFY_PARAM_new();
-    if (!ret->param)
+    if (ret->param == NULL)
         goto err;
 
-    if ((ret->rsa_md5 = EVP_get_digestbyname("ssl2-md5")) == NULL) {
-        SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES);
-        goto err2;
-    }
     if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) {
         SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
         goto err2;
@@ -2003,60 +2950,40 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
         goto err2;
     }
 
-    if ((ret->client_CA = sk_X509_NAME_new_null()) == NULL)
+    if ((ret->ca_names = sk_X509_NAME_new_null()) == NULL)
         goto err;
 
-    CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data))
+        goto err;
+
+    if ((ret->ext.secure = OPENSSL_secure_zalloc(sizeof(*ret->ext.secure))) == NULL)
+        goto err;
 
-    ret->extra_certs = NULL;
     /* No compression for DTLS */
     if (!(meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS))
         ret->comp_methods = SSL_COMP_get_compression_methods();
 
     ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
-
-#ifndef OPENSSL_NO_TLSEXT
-    ret->tlsext_servername_callback = 0;
-    ret->tlsext_servername_arg = NULL;
-    /* Setup RFC4507 ticket keys */
-    if ((RAND_bytes(ret->tlsext_tick_key_name, 16) <= 0)
-        || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0)
-        || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0))
+    ret->split_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
+
+    /* Setup RFC5077 ticket keys */
+    if ((RAND_bytes(ret->ext.tick_key_name,
+                    sizeof(ret->ext.tick_key_name)) <= 0)
+        || (RAND_priv_bytes(ret->ext.secure->tick_hmac_key,
+                       sizeof(ret->ext.secure->tick_hmac_key)) <= 0)
+        || (RAND_priv_bytes(ret->ext.secure->tick_aes_key,
+                       sizeof(ret->ext.secure->tick_aes_key)) <= 0))
         ret->options |= SSL_OP_NO_TICKET;
 
-    ret->tlsext_status_cb = 0;
-    ret->tlsext_status_arg = NULL;
+    if (RAND_priv_bytes(ret->ext.cookie_hmac_key,
+                   sizeof(ret->ext.cookie_hmac_key)) <= 0)
+        goto err;
 
-# ifndef OPENSSL_NO_NEXTPROTONEG
-    ret->next_protos_advertised_cb = 0;
-    ret->next_proto_select_cb = 0;
-# endif
-#endif
-#ifndef OPENSSL_NO_PSK
-    ret->psk_identity_hint = NULL;
-    ret->psk_client_callback = NULL;
-    ret->psk_server_callback = NULL;
-#endif
 #ifndef OPENSSL_NO_SRP
-    SSL_CTX_SRP_CTX_init(ret);
-#endif
-#ifndef OPENSSL_NO_BUF_FREELISTS
-    ret->freelist_max_len = SSL_MAX_BUF_FREELIST_LEN_DEFAULT;
-    ret->rbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
-    if (!ret->rbuf_freelist)
+    if (!SSL_CTX_SRP_CTX_init(ret))
         goto err;
-    ret->rbuf_freelist->chunklen = 0;
-    ret->rbuf_freelist->len = 0;
-    ret->rbuf_freelist->head = NULL;
-    ret->wbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
-    if (!ret->wbuf_freelist)
-        goto err;
-    ret->wbuf_freelist->chunklen = 0;
-    ret->wbuf_freelist->len = 0;
-    ret->wbuf_freelist->head = NULL;
 #endif
 #ifndef OPENSSL_NO_ENGINE
-    ret->client_cert_engine = NULL;
 # ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
 #  define eng_strx(x)     #x
 #  define eng_str(x)      eng_strx(x)
@@ -2079,41 +3006,70 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
      * deployed might change this.
      */
     ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
+    /*
+     * Disable compression by default to prevent CRIME. Applications can
+     * re-enable compression by configuring
+     * SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION);
+     * or by using the SSL_CONF library. Similarly we also enable TLSv1.3
+     * middlebox compatibility by default. This may be disabled by default in
+     * a later OpenSSL version.
+     */
+    ret->options |= SSL_OP_NO_COMPRESSION | SSL_OP_ENABLE_MIDDLEBOX_COMPAT;
+
+    ret->ext.status_type = TLSEXT_STATUSTYPE_nothing;
+
+    /*
+     * We cannot usefully set a default max_early_data here (which gets
+     * propagated in SSL_new(), for the following reason: setting the
+     * SSL field causes tls_construct_stoc_early_data() to tell the
+     * client that early data will be accepted when constructing a TLS 1.3
+     * session ticket, and the client will accordingly send us early data
+     * when using that ticket (if the client has early data to send).
+     * However, in order for the early data to actually be consumed by
+     * the application, the application must also have calls to
+     * SSL_read_early_data(); otherwise we'll just skip past the early data
+     * and ignore it.  So, since the application must add calls to
+     * SSL_read_early_data(), we also require them to add
+     * calls to SSL_CTX_set_max_early_data() in order to use early data,
+     * eliminating the bandwidth-wasting early data in the case described
+     * above.
+     */
+    ret->max_early_data = 0;
 
     /*
-     * Disable SSLv2 by default, callers that want to enable SSLv2 will have to
-     * explicitly clear this option via either of SSL_CTX_clear_options() or
-     * SSL_clear_options().
+     * Default recv_max_early_data is a fully loaded single record. Could be
+     * split across multiple records in practice. We set this differently to
+     * max_early_data so that, in the default case, we do not advertise any
+     * support for early_data, but if a client were to send us some (e.g.
+     * because of an old, stale ticket) then we will tolerate it and skip over
+     * it.
      */
-    ret->options |= SSL_OP_NO_SSLv2;
+    ret->recv_max_early_data = SSL3_RT_MAX_PLAIN_LENGTH;
+
+    /* By default we send two session tickets automatically in TLSv1.3 */
+    ret->num_tickets = 2;
+
+    ssl_ctx_system_config(ret);
 
-    return (ret);
+    return ret;
  err:
     SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
  err2:
-    if (ret != NULL)
-        SSL_CTX_free(ret);
-    return (NULL);
+    SSL_CTX_free(ret);
+    return NULL;
 }
 
-#if 0
-static void SSL_COMP_free(SSL_COMP *comp)
+int SSL_CTX_up_ref(SSL_CTX *ctx)
 {
-    OPENSSL_free(comp);
-}
-#endif
+    int i;
 
-#ifndef OPENSSL_NO_BUF_FREELISTS
-static void ssl_buf_freelist_free(SSL3_BUF_FREELIST *list)
-{
-    SSL3_BUF_FREELIST_ENTRY *ent, *next;
-    for (ent = list->head; ent; ent = next) {
-        next = ent->next;
-        OPENSSL_free(ent);
-    }
-    OPENSSL_free(list);
+    if (CRYPTO_UP_REF(&ctx->references, &i, ctx->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("SSL_CTX", ctx);
+    REF_ASSERT_ISNT(i < 2);
+    return ((i > 1) ? 1 : 0);
 }
-#endif
 
 void SSL_CTX_free(SSL_CTX *a)
 {
@@ -2122,21 +3078,14 @@ void SSL_CTX_free(SSL_CTX *a)
     if (a == NULL)
         return;
 
-    i = CRYPTO_add(&a->references, -1, CRYPTO_LOCK_SSL_CTX);
-#ifdef REF_PRINT
-    REF_PRINT("SSL_CTX", a);
-#endif
+    CRYPTO_DOWN_REF(&a->references, &i, a->lock);
+    REF_PRINT_COUNT("SSL_CTX", a);
     if (i > 0)
         return;
-#ifdef REF_CHECK
-    if (i < 0) {
-        fprintf(stderr, "SSL_CTX_free, bad reference count\n");
-        abort();                /* ok */
-    }
-#endif
+    REF_ASSERT_ISNT(i < 0);
 
-    if (a->param)
-        X509_VERIFY_PARAM_free(a->param);
+    X509_VERIFY_PARAM_free(a->param);
+    dane_ctx_final(&a->dane);
 
     /*
      * Free internal session cache. However: the remove_cb() may reference
@@ -2151,63 +3100,36 @@ void SSL_CTX_free(SSL_CTX *a)
         SSL_CTX_flush_sessions(a, 0);
 
     CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
-
-    if (a->sessions != NULL)
-        lh_SSL_SESSION_free(a->sessions);
-
-    if (a->cert_store != NULL)
-        X509_STORE_free(a->cert_store);
-    if (a->cipher_list != NULL)
-        sk_SSL_CIPHER_free(a->cipher_list);
-    if (a->cipher_list_by_id != NULL)
-        sk_SSL_CIPHER_free(a->cipher_list_by_id);
-    if (a->cert != NULL)
-        ssl_cert_free(a->cert);
-    if (a->client_CA != NULL)
-        sk_X509_NAME_pop_free(a->client_CA, X509_NAME_free);
-    if (a->extra_certs != NULL)
-        sk_X509_pop_free(a->extra_certs, X509_free);
-#if 0                           /* This should never be done, since it
-                                 * removes a global database */
-    if (a->comp_methods != NULL)
-        sk_SSL_COMP_pop_free(a->comp_methods, SSL_COMP_free);
-#else
-    a->comp_methods = NULL;
+    lh_SSL_SESSION_free(a->sessions);
+    X509_STORE_free(a->cert_store);
+#ifndef OPENSSL_NO_CT
+    CTLOG_STORE_free(a->ctlog_store);
 #endif
-
+    sk_SSL_CIPHER_free(a->cipher_list);
+    sk_SSL_CIPHER_free(a->cipher_list_by_id);
+    sk_SSL_CIPHER_free(a->tls13_ciphersuites);
+    ssl_cert_free(a->cert);
+    sk_X509_NAME_pop_free(a->ca_names, X509_NAME_free);
+    sk_X509_pop_free(a->extra_certs, X509_free);
+    a->comp_methods = NULL;
 #ifndef OPENSSL_NO_SRTP
-    if (a->srtp_profiles)
-        sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
-#endif
-
-#ifndef OPENSSL_NO_PSK
-    if (a->psk_identity_hint)
-        OPENSSL_free(a->psk_identity_hint);
+    sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
 #endif
 #ifndef OPENSSL_NO_SRP
     SSL_CTX_SRP_CTX_free(a);
 #endif
 #ifndef OPENSSL_NO_ENGINE
-    if (a->client_cert_engine)
-        ENGINE_finish(a->client_cert_engine);
+    ENGINE_finish(a->client_cert_engine);
 #endif
 
-#ifndef OPENSSL_NO_BUF_FREELISTS
-    if (a->wbuf_freelist)
-        ssl_buf_freelist_free(a->wbuf_freelist);
-    if (a->rbuf_freelist)
-        ssl_buf_freelist_free(a->rbuf_freelist);
-#endif
-#ifndef OPENSSL_NO_TLSEXT
-# ifndef OPENSSL_NO_EC
-    if (a->tlsext_ecpointformatlist)
-        OPENSSL_free(a->tlsext_ecpointformatlist);
-    if (a->tlsext_ellipticcurvelist)
-        OPENSSL_free(a->tlsext_ellipticcurvelist);
-# endif                         /* OPENSSL_NO_EC */
-    if (a->alpn_client_proto_list != NULL)
-        OPENSSL_free(a->alpn_client_proto_list);
+#ifndef OPENSSL_NO_EC
+    OPENSSL_free(a->ext.ecpointformats);
+    OPENSSL_free(a->ext.supportedgroups);
 #endif
+    OPENSSL_free(a->ext.alpn);
+    OPENSSL_secure_free(a->ext.secure);
+
+    CRYPTO_THREAD_lock_free(a->lock);
 
     OPENSSL_free(a);
 }
@@ -2222,6 +3144,36 @@ void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u)
     ctx->default_passwd_callback_userdata = u;
 }
 
+pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx)
+{
+    return ctx->default_passwd_callback;
+}
+
+void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx)
+{
+    return ctx->default_passwd_callback_userdata;
+}
+
+void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb)
+{
+    s->default_passwd_callback = cb;
+}
+
+void SSL_set_default_passwd_cb_userdata(SSL *s, void *u)
+{
+    s->default_passwd_callback_userdata = u;
+}
+
+pem_password_cb *SSL_get_default_passwd_cb(SSL *s)
+{
+    return s->default_passwd_callback;
+}
+
+void *SSL_get_default_passwd_cb_userdata(SSL *s)
+{
+    return s->default_passwd_callback_userdata;
+}
+
 void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
                                       int (*cb) (X509_STORE_CTX *, void *),
                                       void *arg)
@@ -2242,8 +3194,7 @@ void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth)
     X509_VERIFY_PARAM_set_depth(ctx->param, depth);
 }
 
-void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg),
-                         void *arg)
+void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg), void *arg)
 {
     ssl_cert_set_cert_cb(c->cert, cb, arg);
 }
@@ -2253,140 +3204,74 @@ void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg)
     ssl_cert_set_cert_cb(s->cert, cb, arg);
 }
 
-void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
+void ssl_set_masks(SSL *s)
 {
-    CERT_PKEY *cpk;
-    int rsa_enc, rsa_tmp, rsa_sign, dh_tmp, dh_rsa, dh_dsa, dsa_sign;
-    int rsa_enc_export, dh_rsa_export, dh_dsa_export;
-    int rsa_tmp_export, dh_tmp_export, kl;
-    unsigned long mask_k, mask_a, emask_k, emask_a;
-#ifndef OPENSSL_NO_ECDSA
-    int have_ecc_cert, ecdsa_ok, ecc_pkey_size;
-#endif
-#ifndef OPENSSL_NO_ECDH
-    int have_ecdh_tmp, ecdh_ok;
-#endif
+    CERT *c = s->cert;
+    uint32_t *pvalid = s->s3->tmp.valid_flags;
+    int rsa_enc, rsa_sign, dh_tmp, dsa_sign;
+    unsigned long mask_k, mask_a;
 #ifndef OPENSSL_NO_EC
-    X509 *x = NULL;
-    EVP_PKEY *ecc_pkey = NULL;
-    int signature_nid = 0, pk_nid = 0, md_nid = 0;
+    int have_ecc_cert, ecdsa_ok;
 #endif
     if (c == NULL)
         return;
 
-    kl = SSL_C_EXPORT_PKEYLENGTH(cipher);
-
-#ifndef OPENSSL_NO_RSA
-    rsa_tmp = (c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL);
-    rsa_tmp_export = (c->rsa_tmp_cb != NULL ||
-                      (rsa_tmp && RSA_size(c->rsa_tmp) * 8 <= kl));
-#else
-    rsa_tmp = rsa_tmp_export = 0;
-#endif
 #ifndef OPENSSL_NO_DH
-    dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL);
-    dh_tmp_export = (c->dh_tmp_cb != NULL ||
-                     (dh_tmp && DH_size(c->dh_tmp) * 8 <= kl));
+    dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL || c->dh_tmp_auto);
 #else
-    dh_tmp = dh_tmp_export = 0;
+    dh_tmp = 0;
 #endif
 
-#ifndef OPENSSL_NO_ECDH
-    have_ecdh_tmp = (c->ecdh_tmp || c->ecdh_tmp_cb || c->ecdh_tmp_auto);
-#endif
-    cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]);
-    rsa_enc = cpk->valid_flags & CERT_PKEY_VALID;
-    rsa_enc_export = (rsa_enc && EVP_PKEY_size(cpk->privatekey) * 8 <= kl);
-    cpk = &(c->pkeys[SSL_PKEY_RSA_SIGN]);
-    rsa_sign = cpk->valid_flags & CERT_PKEY_SIGN;
-    cpk = &(c->pkeys[SSL_PKEY_DSA_SIGN]);
-    dsa_sign = cpk->valid_flags & CERT_PKEY_SIGN;
-    cpk = &(c->pkeys[SSL_PKEY_DH_RSA]);
-    dh_rsa = cpk->valid_flags & CERT_PKEY_VALID;
-    dh_rsa_export = (dh_rsa && EVP_PKEY_size(cpk->privatekey) * 8 <= kl);
-    cpk = &(c->pkeys[SSL_PKEY_DH_DSA]);
-/* FIX THIS EAY EAY EAY */
-    dh_dsa = cpk->valid_flags & CERT_PKEY_VALID;
-    dh_dsa_export = (dh_dsa && EVP_PKEY_size(cpk->privatekey) * 8 <= kl);
-    cpk = &(c->pkeys[SSL_PKEY_ECC]);
+    rsa_enc = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID;
+    rsa_sign = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID;
+    dsa_sign = pvalid[SSL_PKEY_DSA_SIGN] & CERT_PKEY_VALID;
 #ifndef OPENSSL_NO_EC
-    have_ecc_cert = cpk->valid_flags & CERT_PKEY_VALID;
+    have_ecc_cert = pvalid[SSL_PKEY_ECC] & CERT_PKEY_VALID;
 #endif
     mask_k = 0;
     mask_a = 0;
-    emask_k = 0;
-    emask_a = 0;
 
 #ifdef CIPHER_DEBUG
-    fprintf(stderr,
-            "rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",
-            rsa_tmp, rsa_tmp_export, dh_tmp, have_ecdh_tmp, rsa_enc,
-            rsa_enc_export, rsa_sign, dsa_sign, dh_rsa, dh_dsa);
+    fprintf(stderr, "dht=%d re=%d rs=%d ds=%d\n",
+            dh_tmp, rsa_enc, rsa_sign, dsa_sign);
 #endif
 
-    cpk = &(c->pkeys[SSL_PKEY_GOST01]);
-    if (cpk->x509 != NULL && cpk->privatekey != NULL) {
+#ifndef OPENSSL_NO_GOST
+    if (ssl_has_cert(s, SSL_PKEY_GOST12_512)) {
         mask_k |= SSL_kGOST;
-        mask_a |= SSL_aGOST01;
+        mask_a |= SSL_aGOST12;
     }
-    cpk = &(c->pkeys[SSL_PKEY_GOST94]);
-    if (cpk->x509 != NULL && cpk->privatekey != NULL) {
+    if (ssl_has_cert(s, SSL_PKEY_GOST12_256)) {
         mask_k |= SSL_kGOST;
-        mask_a |= SSL_aGOST94;
+        mask_a |= SSL_aGOST12;
+    }
+    if (ssl_has_cert(s, SSL_PKEY_GOST01)) {
+        mask_k |= SSL_kGOST;
+        mask_a |= SSL_aGOST01;
     }
-
-    if (rsa_enc || (rsa_tmp && rsa_sign))
-        mask_k |= SSL_kRSA;
-    if (rsa_enc_export || (rsa_tmp_export && (rsa_sign || rsa_enc)))
-        emask_k |= SSL_kRSA;
-
-#if 0
-    /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */
-    if ((dh_tmp || dh_rsa || dh_dsa) && (rsa_enc || rsa_sign || dsa_sign))
-        mask_k |= SSL_kEDH;
-    if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) &&
-        (rsa_enc || rsa_sign || dsa_sign))
-        emask_k |= SSL_kEDH;
 #endif
 
-    if (dh_tmp_export)
-        emask_k |= SSL_kEDH;
+    if (rsa_enc)
+        mask_k |= SSL_kRSA;
 
     if (dh_tmp)
-        mask_k |= SSL_kEDH;
-
-    if (dh_rsa)
-        mask_k |= SSL_kDHr;
-    if (dh_rsa_export)
-        emask_k |= SSL_kDHr;
-
-    if (dh_dsa)
-        mask_k |= SSL_kDHd;
-    if (dh_dsa_export)
-        emask_k |= SSL_kDHd;
+        mask_k |= SSL_kDHE;
 
-    if (mask_k & (SSL_kDHr | SSL_kDHd))
-        mask_a |= SSL_aDH;
+    /*
+     * If we only have an RSA-PSS certificate allow RSA authentication
+     * if TLS 1.2 and peer supports it.
+     */
 
-    if (rsa_enc || rsa_sign) {
+    if (rsa_enc || rsa_sign || (ssl_has_cert(s, SSL_PKEY_RSA_PSS_SIGN)
+                && pvalid[SSL_PKEY_RSA_PSS_SIGN] & CERT_PKEY_EXPLICIT_SIGN
+                && TLS1_get_version(s) == TLS1_2_VERSION))
         mask_a |= SSL_aRSA;
-        emask_a |= SSL_aRSA;
-    }
 
     if (dsa_sign) {
         mask_a |= SSL_aDSS;
-        emask_a |= SSL_aDSS;
     }
 
     mask_a |= SSL_aNULL;
-    emask_a |= SSL_aNULL;
-
-#ifndef OPENSSL_NO_KRB5
-    mask_k |= SSL_kKRB5;
-    mask_a |= SSL_aKRB5;
-    emask_k |= SSL_kKRB5;
-    emask_a |= SSL_aKRB5;
-#endif
 
     /*
      * An ECC certificate may be usable for ECDH and/or ECDSA cipher suites
@@ -2394,251 +3279,76 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
      */
 #ifndef OPENSSL_NO_EC
     if (have_ecc_cert) {
-        cpk = &c->pkeys[SSL_PKEY_ECC];
-        x = cpk->x509;
-        /* This call populates extension flags (ex_flags) */
-        X509_check_purpose(x, -1, 0);
-# ifndef OPENSSL_NO_ECDH
-        ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
-            (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1;
-# endif
-        ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
-            (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1;
-        if (!(cpk->valid_flags & CERT_PKEY_SIGN))
+        uint32_t ex_kusage;
+        ex_kusage = X509_get_key_usage(c->pkeys[SSL_PKEY_ECC].x509);
+        ecdsa_ok = ex_kusage & X509v3_KU_DIGITAL_SIGNATURE;
+        if (!(pvalid[SSL_PKEY_ECC] & CERT_PKEY_SIGN))
             ecdsa_ok = 0;
-        ecc_pkey = X509_get_pubkey(x);
-        ecc_pkey_size = (ecc_pkey != NULL) ? EVP_PKEY_bits(ecc_pkey) : 0;
-        EVP_PKEY_free(ecc_pkey);
-        if ((x->sig_alg) && (x->sig_alg->algorithm)) {
-            signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
-            OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
-        }
-# ifndef OPENSSL_NO_ECDH
-        if (ecdh_ok) {
-
-            if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) {
-                mask_k |= SSL_kECDHr;
-                mask_a |= SSL_aECDH;
-                if (ecc_pkey_size <= 163) {
-                    emask_k |= SSL_kECDHr;
-                    emask_a |= SSL_aECDH;
-                }
-            }
-
-            if (pk_nid == NID_X9_62_id_ecPublicKey) {
-                mask_k |= SSL_kECDHe;
-                mask_a |= SSL_aECDH;
-                if (ecc_pkey_size <= 163) {
-                    emask_k |= SSL_kECDHe;
-                    emask_a |= SSL_aECDH;
-                }
-            }
-        }
-# endif
-# ifndef OPENSSL_NO_ECDSA
-        if (ecdsa_ok) {
+        if (ecdsa_ok)
             mask_a |= SSL_aECDSA;
-            emask_a |= SSL_aECDSA;
-        }
-# endif
     }
+    /* Allow Ed25519 for TLS 1.2 if peer supports it */
+    if (!(mask_a & SSL_aECDSA) && ssl_has_cert(s, SSL_PKEY_ED25519)
+            && pvalid[SSL_PKEY_ED25519] & CERT_PKEY_EXPLICIT_SIGN
+            && TLS1_get_version(s) == TLS1_2_VERSION)
+            mask_a |= SSL_aECDSA;
+
+    /* Allow Ed448 for TLS 1.2 if peer supports it */
+    if (!(mask_a & SSL_aECDSA) && ssl_has_cert(s, SSL_PKEY_ED448)
+            && pvalid[SSL_PKEY_ED448] & CERT_PKEY_EXPLICIT_SIGN
+            && TLS1_get_version(s) == TLS1_2_VERSION)
+            mask_a |= SSL_aECDSA;
 #endif
 
-#ifndef OPENSSL_NO_ECDH
-    if (have_ecdh_tmp) {
-        mask_k |= SSL_kEECDH;
-        emask_k |= SSL_kEECDH;
-    }
+#ifndef OPENSSL_NO_EC
+    mask_k |= SSL_kECDHE;
 #endif
 
 #ifndef OPENSSL_NO_PSK
     mask_k |= SSL_kPSK;
     mask_a |= SSL_aPSK;
-    emask_k |= SSL_kPSK;
-    emask_a |= SSL_aPSK;
+    if (mask_k & SSL_kRSA)
+        mask_k |= SSL_kRSAPSK;
+    if (mask_k & SSL_kDHE)
+        mask_k |= SSL_kDHEPSK;
+    if (mask_k & SSL_kECDHE)
+        mask_k |= SSL_kECDHEPSK;
 #endif
 
-    c->mask_k = mask_k;
-    c->mask_a = mask_a;
-    c->export_mask_k = emask_k;
-    c->export_mask_a = emask_a;
-    c->valid = 1;
+    s->s3->tmp.mask_k = mask_k;
+    s->s3->tmp.mask_a = mask_a;
 }
 
-/* This handy macro borrowed from crypto/x509v3/v3_purp.c */
-#define ku_reject(x, usage) \
-        (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
-
 #ifndef OPENSSL_NO_EC
 
 int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
 {
-    unsigned long alg_k, alg_a;
-    EVP_PKEY *pkey = NULL;
-    int keysize = 0;
-    int signature_nid = 0, md_nid = 0, pk_nid = 0;
-    const SSL_CIPHER *cs = s->s3->tmp.new_cipher;
-
-    alg_k = cs->algorithm_mkey;
-    alg_a = cs->algorithm_auth;
-
-    if (SSL_C_IS_EXPORT(cs)) {
-        /* ECDH key length in export ciphers must be <= 163 bits */
-        pkey = X509_get_pubkey(x);
-        if (pkey == NULL)
-            return 0;
-        keysize = EVP_PKEY_bits(pkey);
-        EVP_PKEY_free(pkey);
-        if (keysize > 163)
-            return 0;
-    }
-
-    /* This call populates the ex_flags field correctly */
-    X509_check_purpose(x, -1, 0);
-    if ((x->sig_alg) && (x->sig_alg->algorithm)) {
-        signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
-        OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
-    }
-    if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr) {
-        /* key usage, if present, must allow key agreement */
-        if (ku_reject(x, X509v3_KU_KEY_AGREEMENT)) {
-            SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
-                   SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT);
-            return 0;
-        }
-        if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) < TLS1_2_VERSION) {
-            /* signature alg must be ECDSA */
-            if (pk_nid != NID_X9_62_id_ecPublicKey) {
-                SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
-                       SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE);
-                return 0;
-            }
-        }
-        if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) < TLS1_2_VERSION) {
-            /* signature alg must be RSA */
-
-            if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa) {
-                SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
-                       SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE);
-                return 0;
-            }
-        }
-    }
-    if (alg_a & SSL_aECDSA) {
+    if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aECDSA) {
         /* key usage, if present, must allow signing */
-        if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE)) {
+        if (!(X509_get_key_usage(x) & X509v3_KU_DIGITAL_SIGNATURE)) {
             SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
                    SSL_R_ECC_CERT_NOT_FOR_SIGNING);
             return 0;
         }
     }
-
     return 1;                   /* all checks are ok */
 }
 
 #endif
 
-static int ssl_get_server_cert_index(const SSL *s)
-{
-    int idx;
-    idx = ssl_cipher_get_cert_index(s->s3->tmp.new_cipher);
-    if (idx == SSL_PKEY_RSA_ENC && !s->cert->pkeys[SSL_PKEY_RSA_ENC].x509)
-        idx = SSL_PKEY_RSA_SIGN;
-    if (idx == -1)
-        SSLerr(SSL_F_SSL_GET_SERVER_CERT_INDEX, ERR_R_INTERNAL_ERROR);
-    return idx;
-}
-
-CERT_PKEY *ssl_get_server_send_pkey(const SSL *s)
-{
-    CERT *c;
-    int i;
-
-    c = s->cert;
-    if (!s->s3 || !s->s3->tmp.new_cipher)
-        return NULL;
-    ssl_set_cert_masks(c, s->s3->tmp.new_cipher);
-
-#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
-    /*
-     * Broken protocol test: return last used certificate: which may mismatch
-     * the one expected.
-     */
-    if (c->cert_flags & SSL_CERT_FLAG_BROKEN_PROTOCOL)
-        return c->key;
-#endif
-
-    i = ssl_get_server_cert_index(s);
-
-    /* This may or may not be an error. */
-    if (i < 0)
-        return NULL;
-
-    /* May be NULL. */
-    return &c->pkeys[i];
-}
-
-EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher,
-                            const EVP_MD **pmd)
-{
-    unsigned long alg_a;
-    CERT *c;
-    int idx = -1;
-
-    alg_a = cipher->algorithm_auth;
-    c = s->cert;
-
-#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
-    /*
-     * Broken protocol test: use last key: which may mismatch the one
-     * expected.
-     */
-    if (c->cert_flags & SSL_CERT_FLAG_BROKEN_PROTOCOL)
-        idx = c->key - c->pkeys;
-    else
-#endif
-
-    if ((alg_a & SSL_aDSS) &&
-            (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL))
-        idx = SSL_PKEY_DSA_SIGN;
-    else if (alg_a & SSL_aRSA) {
-        if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL)
-            idx = SSL_PKEY_RSA_SIGN;
-        else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL)
-            idx = SSL_PKEY_RSA_ENC;
-    } else if ((alg_a & SSL_aECDSA) &&
-               (c->pkeys[SSL_PKEY_ECC].privatekey != NULL))
-        idx = SSL_PKEY_ECC;
-    if (idx == -1) {
-        SSLerr(SSL_F_SSL_GET_SIGN_PKEY, ERR_R_INTERNAL_ERROR);
-        return (NULL);
-    }
-    if (pmd)
-        *pmd = c->pkeys[idx].digest;
-    return c->pkeys[idx].privatekey;
-}
-
-#ifndef OPENSSL_NO_TLSEXT
 int ssl_get_server_cert_serverinfo(SSL *s, const unsigned char **serverinfo,
                                    size_t *serverinfo_length)
 {
-    CERT *c = NULL;
-    int i = 0;
+    CERT_PKEY *cpk = s->s3->tmp.cert;
     *serverinfo_length = 0;
 
-    c = s->cert;
-    i = ssl_get_server_cert_index(s);
-
-    if (i == -1)
-        return 0;
-    if (c->pkeys[i].serverinfo == NULL)
+    if (cpk == NULL || cpk->serverinfo == NULL)
         return 0;
 
-    *serverinfo = c->pkeys[i].serverinfo;
-    *serverinfo_length = c->pkeys[i].serverinfo_length;
+    *serverinfo = cpk->serverinfo;
+    *serverinfo_length = cpk->serverinfo_length;
     return 1;
 }
-#endif
 
 void ssl_update_cache(SSL *s, int mode)
 {
@@ -2651,23 +3361,63 @@ void ssl_update_cache(SSL *s, int mode)
     if (s->session->session_id_length == 0)
         return;
 
+    /*
+     * If sid_ctx_length is 0 there is no specific application context
+     * associated with this session, so when we try to resume it and
+     * SSL_VERIFY_PEER is requested to verify the client identity, we have no
+     * indication that this is actually a session for the proper application
+     * context, and the *handshake* will fail, not just the resumption attempt.
+     * Do not cache (on the server) these sessions that are not resumable
+     * (clients can set SSL_VERIFY_PEER without needing a sid_ctx set).
+     */
+    if (s->server && s->session->sid_ctx_length == 0
+            && (s->verify_mode & SSL_VERIFY_PEER) != 0)
+        return;
+
     i = s->session_ctx->session_cache_mode;
-    if ((i & mode) && (!s->hit)
-        && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE)
-            || SSL_CTX_add_session(s->session_ctx, s->session))
-        && (s->session_ctx->new_session_cb != NULL)) {
-        CRYPTO_add(&s->session->references, 1, CRYPTO_LOCK_SSL_SESSION);
-        if (!s->session_ctx->new_session_cb(s, s->session))
-            SSL_SESSION_free(s->session);
+    if ((i & mode) != 0
+        && (!s->hit || SSL_IS_TLS13(s))) {
+        /*
+         * Add the session to the internal cache. In server side TLSv1.3 we
+         * normally don't do this because by default it's a full stateless ticket
+         * with only a dummy session id so there is no reason to cache it,
+         * unless:
+         * - we are doing early_data, in which case we cache so that we can
+         *   detect replays
+         * - the application has set a remove_session_cb so needs to know about
+         *   session timeout events
+         * - SSL_OP_NO_TICKET is set in which case it is a stateful ticket
+         */
+        if ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) == 0
+                && (!SSL_IS_TLS13(s)
+                    || !s->server
+                    || (s->max_early_data > 0
+                        && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0)
+                    || s->session_ctx->remove_session_cb != NULL
+                    || (s->options & SSL_OP_NO_TICKET) != 0))
+            SSL_CTX_add_session(s->session_ctx, s->session);
+
+        /*
+         * Add the session to the external cache. We do this even in server side
+         * TLSv1.3 without early data because some applications just want to
+         * know about the creation of a session and aren't doing a full cache.
+         */
+        if (s->session_ctx->new_session_cb != NULL) {
+            SSL_SESSION_up_ref(s->session);
+            if (!s->session_ctx->new_session_cb(s, s->session))
+                SSL_SESSION_free(s->session);
+        }
     }
 
     /* auto flush every 255 connections */
     if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && ((i & mode) == mode)) {
-        if ((((mode & SSL_SESS_CACHE_CLIENT)
-              ? s->session_ctx->stats.sess_connect_good
-              : s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) {
+        TSAN_QUALIFIER int *stat;
+        if (mode & SSL_SESS_CACHE_CLIENT)
+            stat = &s->session_ctx->stats.sess_connect_good;
+        else
+            stat = &s->session_ctx->stats.sess_accept_good;
+        if ((tsan_load(stat) & 0xff) == 0xff)
             SSL_CTX_flush_sessions(s->session_ctx, (unsigned long)time(NULL));
-        }
     }
 }
 
@@ -2678,32 +3428,31 @@ const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx)
 
 const SSL_METHOD *SSL_get_ssl_method(SSL *s)
 {
-    return (s->method);
+    return s->method;
 }
 
 int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth)
 {
-    int conn = -1;
     int ret = 1;
 
     if (s->method != meth) {
-        if (s->handshake_func != NULL)
-            conn = (s->handshake_func == s->method->ssl_connect);
+        const SSL_METHOD *sm = s->method;
+        int (*hf) (SSL *) = s->handshake_func;
 
-        if (s->method->version == meth->version)
+        if (sm->version == meth->version)
             s->method = meth;
         else {
-            s->method->ssl_free(s);
+            sm->ssl_free(s);
             s->method = meth;
             ret = s->method->ssl_new(s);
         }
 
-        if (conn == 1)
+        if (hf == sm->ssl_connect)
             s->handshake_func = meth->ssl_connect;
-        else if (conn == 0)
+        else if (hf == sm->ssl_accept)
             s->handshake_func = meth->ssl_accept;
     }
-    return (ret);
+    return ret;
 }
 
 int SSL_get_error(const SSL *s, int i)
@@ -2713,7 +3462,7 @@ int SSL_get_error(const SSL *s, int i)
     BIO *bio;
 
     if (i > 0)
-        return (SSL_ERROR_NONE);
+        return SSL_ERROR_NONE;
 
     /*
      * Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake etc,
@@ -2721,15 +3470,15 @@ int SSL_get_error(const SSL *s, int i)
      */
     if ((l = ERR_peek_error()) != 0) {
         if (ERR_GET_LIB(l) == ERR_LIB_SYS)
-            return (SSL_ERROR_SYSCALL);
+            return SSL_ERROR_SYSCALL;
         else
-            return (SSL_ERROR_SSL);
+            return SSL_ERROR_SSL;
     }
 
-    if ((i < 0) && SSL_want_read(s)) {
+    if (SSL_want_read(s)) {
         bio = SSL_get_rbio(s);
         if (BIO_should_read(bio))
-            return (SSL_ERROR_WANT_READ);
+            return SSL_ERROR_WANT_READ;
         else if (BIO_should_write(bio))
             /*
              * This one doesn't make too much sense ... We never try to write
@@ -2740,52 +3489,63 @@ int SSL_get_error(const SSL *s, int i)
              * wbio *are* the same, this test works around that bug; so it
              * might be safer to keep it.
              */
-            return (SSL_ERROR_WANT_WRITE);
+            return SSL_ERROR_WANT_WRITE;
         else if (BIO_should_io_special(bio)) {
             reason = BIO_get_retry_reason(bio);
             if (reason == BIO_RR_CONNECT)
-                return (SSL_ERROR_WANT_CONNECT);
+                return SSL_ERROR_WANT_CONNECT;
             else if (reason == BIO_RR_ACCEPT)
-                return (SSL_ERROR_WANT_ACCEPT);
+                return SSL_ERROR_WANT_ACCEPT;
             else
-                return (SSL_ERROR_SYSCALL); /* unknown */
+                return SSL_ERROR_SYSCALL; /* unknown */
         }
     }
 
-    if ((i < 0) && SSL_want_write(s)) {
-        bio = SSL_get_wbio(s);
+    if (SSL_want_write(s)) {
+        /* Access wbio directly - in order to use the buffered bio if present */
+        bio = s->wbio;
         if (BIO_should_write(bio))
-            return (SSL_ERROR_WANT_WRITE);
+            return SSL_ERROR_WANT_WRITE;
         else if (BIO_should_read(bio))
             /*
              * See above (SSL_want_read(s) with BIO_should_write(bio))
              */
-            return (SSL_ERROR_WANT_READ);
+            return SSL_ERROR_WANT_READ;
         else if (BIO_should_io_special(bio)) {
             reason = BIO_get_retry_reason(bio);
             if (reason == BIO_RR_CONNECT)
-                return (SSL_ERROR_WANT_CONNECT);
+                return SSL_ERROR_WANT_CONNECT;
             else if (reason == BIO_RR_ACCEPT)
-                return (SSL_ERROR_WANT_ACCEPT);
+                return SSL_ERROR_WANT_ACCEPT;
             else
-                return (SSL_ERROR_SYSCALL);
+                return SSL_ERROR_SYSCALL;
         }
     }
-    if ((i < 0) && SSL_want_x509_lookup(s)) {
-        return (SSL_ERROR_WANT_X509_LOOKUP);
-    }
+    if (SSL_want_x509_lookup(s))
+        return SSL_ERROR_WANT_X509_LOOKUP;
+    if (SSL_want_async(s))
+        return SSL_ERROR_WANT_ASYNC;
+    if (SSL_want_async_job(s))
+        return SSL_ERROR_WANT_ASYNC_JOB;
+    if (SSL_want_client_hello_cb(s))
+        return SSL_ERROR_WANT_CLIENT_HELLO_CB;
 
-    if (i == 0) {
-        if (s->version == SSL2_VERSION) {
-            /* assume it is the socket being closed */
-            return (SSL_ERROR_ZERO_RETURN);
-        } else {
-            if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
-                (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
-                return (SSL_ERROR_ZERO_RETURN);
-        }
-    }
-    return (SSL_ERROR_SYSCALL);
+    if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
+        (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
+        return SSL_ERROR_ZERO_RETURN;
+
+    return SSL_ERROR_SYSCALL;
+}
+
+static int ssl_do_handshake_intern(void *vargs)
+{
+    struct ssl_async_args *args;
+    SSL *s;
+
+    args = (struct ssl_async_args *)vargs;
+    s = args->s;
+
+    return s->handshake_func(s);
 }
 
 int SSL_do_handshake(SSL *s)
@@ -2794,91 +3554,105 @@ int SSL_do_handshake(SSL *s)
 
     if (s->handshake_func == NULL) {
         SSLerr(SSL_F_SSL_DO_HANDSHAKE, SSL_R_CONNECTION_TYPE_NOT_SET);
-        return (-1);
+        return -1;
     }
 
-    s->method->ssl_renegotiate_check(s);
+    ossl_statem_check_finish_init(s, -1);
+
+    s->method->ssl_renegotiate_check(s, 0);
 
     if (SSL_in_init(s) || SSL_in_before(s)) {
-        ret = s->handshake_func(s);
+        if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
+            struct ssl_async_args args;
+
+            args.s = s;
+
+            ret = ssl_start_async_job(s, &args, ssl_do_handshake_intern);
+        } else {
+            ret = s->handshake_func(s);
+        }
     }
-    return (ret);
+    return ret;
 }
 
-/*
- * For the next 2 functions, SSL_clear() sets shutdown and so one of these
- * calls will reset it
- */
 void SSL_set_accept_state(SSL *s)
 {
     s->server = 1;
     s->shutdown = 0;
-    s->state = SSL_ST_ACCEPT | SSL_ST_BEFORE;
+    ossl_statem_clear(s);
     s->handshake_func = s->method->ssl_accept;
-    /* clear the current cipher */
-    ssl_clear_cipher_ctx(s);
-    ssl_clear_hash_ctx(&s->read_hash);
-    ssl_clear_hash_ctx(&s->write_hash);
+    clear_ciphers(s);
 }
 
 void SSL_set_connect_state(SSL *s)
 {
     s->server = 0;
     s->shutdown = 0;
-    s->state = SSL_ST_CONNECT | SSL_ST_BEFORE;
+    ossl_statem_clear(s);
     s->handshake_func = s->method->ssl_connect;
-    /* clear the current cipher */
-    ssl_clear_cipher_ctx(s);
-    ssl_clear_hash_ctx(&s->read_hash);
-    ssl_clear_hash_ctx(&s->write_hash);
+    clear_ciphers(s);
 }
 
 int ssl_undefined_function(SSL *s)
 {
     SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-    return (0);
+    return 0;
 }
 
 int ssl_undefined_void_function(void)
 {
     SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION,
            ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-    return (0);
+    return 0;
 }
 
 int ssl_undefined_const_function(const SSL *s)
 {
-    SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION,
-           ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-    return (0);
+    return 0;
 }
 
-SSL_METHOD *ssl_bad_method(int ver)
+const SSL_METHOD *ssl_bad_method(int ver)
 {
     SSLerr(SSL_F_SSL_BAD_METHOD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-    return (NULL);
+    return NULL;
+}
+
+const char *ssl_protocol_to_string(int version)
+{
+    switch(version)
+    {
+    case TLS1_3_VERSION:
+        return "TLSv1.3";
+
+    case TLS1_2_VERSION:
+        return "TLSv1.2";
+
+    case TLS1_1_VERSION:
+        return "TLSv1.1";
+
+    case TLS1_VERSION:
+        return "TLSv1";
+
+    case SSL3_VERSION:
+        return "SSLv3";
+
+    case DTLS1_BAD_VER:
+        return "DTLSv0.9";
+
+    case DTLS1_VERSION:
+        return "DTLSv1";
+
+    case DTLS1_2_VERSION:
+        return "DTLSv1.2";
+
+    default:
+        return "unknown";
+    }
 }
 
 const char *SSL_get_version(const SSL *s)
 {
-    if (s->version == TLS1_2_VERSION)
-        return ("TLSv1.2");
-    else if (s->version == TLS1_1_VERSION)
-        return ("TLSv1.1");
-    else if (s->version == TLS1_VERSION)
-        return ("TLSv1");
-    else if (s->version == SSL3_VERSION)
-        return ("SSLv3");
-    else if (s->version == SSL2_VERSION)
-        return ("SSLv2");
-    else if (s->version == DTLS1_BAD_VER)
-        return ("DTLSv0.9");
-    else if (s->version == DTLS1_VERSION)
-        return ("DTLSv1");
-    else if (s->version == DTLS1_2_VERSION)
-        return ("DTLSv1.2");
-    else
-        return ("unknown");
+    return ssl_protocol_to_string(s->version);
 }
 
 SSL *SSL_dup(SSL *s)
@@ -2888,16 +3662,25 @@ SSL *SSL_dup(SSL *s)
     SSL *ret;
     int i;
 
-    if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL)
-        return (NULL);
+    /* If we're not quiescent, just up_ref! */
+    if (!SSL_in_init(s) || !SSL_in_before(s)) {
+        CRYPTO_UP_REF(&s->references, &i, s->lock);
+        return s;
+    }
 
-    ret->version = s->version;
-    ret->type = s->type;
-    ret->method = s->method;
+    /*
+     * Otherwise, copy configuration state, and session if set.
+     */
+    if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL)
+        return NULL;
 
     if (s->session != NULL) {
-        /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */
-        SSL_copy_session_id(ret, s);
+        /*
+         * Arranges to share the same session via up_ref.  This "copies"
+         * session-id, SSL_METHOD, sid_ctx, and 'cert'
+         */
+        if (!SSL_copy_session_id(ret, s))
+            goto err;
     } else {
         /*
          * No session has been established yet, so we have to expect that
@@ -2905,23 +3688,24 @@ SSL *SSL_dup(SSL *s)
          * point to the same object, and thus we can't use
          * SSL_copy_session_id.
          */
-
-        ret->method->ssl_free(ret);
-        ret->method = s->method;
-        ret->method->ssl_new(ret);
+        if (!SSL_set_ssl_method(ret, s->method))
+            goto err;
 
         if (s->cert != NULL) {
-            if (ret->cert != NULL) {
-                ssl_cert_free(ret->cert);
-            }
+            ssl_cert_free(ret->cert);
             ret->cert = ssl_cert_dup(s->cert);
             if (ret->cert == NULL)
                 goto err;
         }
 
-        SSL_set_session_id_context(ret, s->sid_ctx, s->sid_ctx_length);
+        if (!SSL_set_session_id_context(ret, s->sid_ctx,
+                                        (int)s->sid_ctx_length))
+            goto err;
     }
 
+    if (!ssl_dane_dup(ret, s))
+        goto err;
+    ret->version = s->version;
     ret->options = s->options;
     ret->mode = s->mode;
     SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s));
@@ -2934,8 +3718,6 @@ SSL *SSL_dup(SSL *s)
 
     SSL_set_info_callback(ret, SSL_get_info_callback(s));
 
-    ret->debug = s->debug;
-
     /* copy app data, a little dangerous perhaps */
     if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data))
         goto err;
@@ -2949,25 +3731,25 @@ SSL *SSL_dup(SSL *s)
         if (s->wbio != s->rbio) {
             if (!BIO_dup_state(s->wbio, (char *)&ret->wbio))
                 goto err;
-        } else
+        } else {
+            BIO_up_ref(ret->rbio);
             ret->wbio = ret->rbio;
+        }
     }
-    ret->rwstate = s->rwstate;
-    ret->in_handshake = s->in_handshake;
-    ret->handshake_func = s->handshake_func;
+
     ret->server = s->server;
-    ret->renegotiate = s->renegotiate;
-    ret->new_session = s->new_session;
-    ret->quiet_shutdown = s->quiet_shutdown;
+    if (s->handshake_func) {
+        if (s->server)
+            SSL_set_accept_state(ret);
+        else
+            SSL_set_connect_state(ret);
+    }
     ret->shutdown = s->shutdown;
-    ret->state = s->state;      /* SSL_dup does not really work at any state,
-                                 * though */
-    ret->rstate = s->rstate;
-    ret->init_num = 0;          /* would have to copy ret->init_buf,
-                                 * ret->init_msg, ret->init_num,
-                                 * ret->init_off */
     ret->hit = s->hit;
 
+    ret->default_passwd_callback = s->default_passwd_callback;
+    ret->default_passwd_callback_userdata = s->default_passwd_callback_userdata;
+
     X509_VERIFY_PARAM_inherit(ret->param, s->param);
 
     /* dup the cipher_list and cipher_list_by_id stacks */
@@ -2981,10 +3763,10 @@ SSL *SSL_dup(SSL *s)
             goto err;
 
     /* Dup the client_CA list */
-    if (s->client_CA != NULL) {
-        if ((sk = sk_X509_NAME_dup(s->client_CA)) == NULL)
+    if (s->ca_names != NULL) {
+        if ((sk = sk_X509_NAME_dup(s->ca_names)) == NULL)
             goto err;
-        ret->client_CA = sk;
+        ret->ca_names = sk;
         for (i = 0; i < sk_X509_NAME_num(sk); i++) {
             xn = sk_X509_NAME_value(sk, i);
             if (sk_X509_NAME_set(sk, i, X509_NAME_dup(xn)) == NULL) {
@@ -2993,54 +3775,45 @@ SSL *SSL_dup(SSL *s)
             }
         }
     }
+    return ret;
 
-    if (0) {
  err:
-        if (ret != NULL)
-            SSL_free(ret);
-        ret = NULL;
-    }
-    return (ret);
+    SSL_free(ret);
+    return NULL;
 }
 
 void ssl_clear_cipher_ctx(SSL *s)
 {
     if (s->enc_read_ctx != NULL) {
-        EVP_CIPHER_CTX_cleanup(s->enc_read_ctx);
-        OPENSSL_free(s->enc_read_ctx);
+        EVP_CIPHER_CTX_free(s->enc_read_ctx);
         s->enc_read_ctx = NULL;
     }
     if (s->enc_write_ctx != NULL) {
-        EVP_CIPHER_CTX_cleanup(s->enc_write_ctx);
-        OPENSSL_free(s->enc_write_ctx);
+        EVP_CIPHER_CTX_free(s->enc_write_ctx);
         s->enc_write_ctx = NULL;
     }
 #ifndef OPENSSL_NO_COMP
-    if (s->expand != NULL) {
-        COMP_CTX_free(s->expand);
-        s->expand = NULL;
-    }
-    if (s->compress != NULL) {
-        COMP_CTX_free(s->compress);
-        s->compress = NULL;
-    }
+    COMP_CTX_free(s->expand);
+    s->expand = NULL;
+    COMP_CTX_free(s->compress);
+    s->compress = NULL;
 #endif
 }
 
 X509 *SSL_get_certificate(const SSL *s)
 {
     if (s->cert != NULL)
-        return (s->cert->key->x509);
+        return s->cert->key->x509;
     else
-        return (NULL);
+        return NULL;
 }
 
 EVP_PKEY *SSL_get_privatekey(const SSL *s)
 {
     if (s->cert != NULL)
-        return (s->cert->key->privatekey);
+        return s->cert->key->privatekey;
     else
-        return (NULL);
+        return NULL;
 }
 
 X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx)
@@ -3062,82 +3835,65 @@ EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx)
 const SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
 {
     if ((s->session != NULL) && (s->session->cipher != NULL))
-        return (s->session->cipher);
-    return (NULL);
-}
-
-#ifdef OPENSSL_NO_COMP
-const COMP_METHOD *SSL_get_current_compression(SSL *s)
-{
+        return s->session->cipher;
     return NULL;
 }
 
-const COMP_METHOD *SSL_get_current_expansion(SSL *s)
+const SSL_CIPHER *SSL_get_pending_cipher(const SSL *s)
 {
-    return NULL;
+    return s->s3->tmp.new_cipher;
 }
-#else
 
 const COMP_METHOD *SSL_get_current_compression(SSL *s)
 {
-    if (s->compress != NULL)
-        return (s->compress->meth);
-    return (NULL);
+#ifndef OPENSSL_NO_COMP
+    return s->compress ? COMP_CTX_get_method(s->compress) : NULL;
+#else
+    return NULL;
+#endif
 }
 
 const COMP_METHOD *SSL_get_current_expansion(SSL *s)
 {
-    if (s->expand != NULL)
-        return (s->expand->meth);
-    return (NULL);
-}
+#ifndef OPENSSL_NO_COMP
+    return s->expand ? COMP_CTX_get_method(s->expand) : NULL;
+#else
+    return NULL;
 #endif
+}
 
-int ssl_init_wbio_buffer(SSL *s, int push)
+int ssl_init_wbio_buffer(SSL *s)
 {
     BIO *bbio;
 
-    if (s->bbio == NULL) {
-        bbio = BIO_new(BIO_f_buffer());
-        if (bbio == NULL)
-            return (0);
-        s->bbio = bbio;
-    } else {
-        bbio = s->bbio;
-        if (s->bbio == s->wbio)
-            s->wbio = BIO_pop(s->wbio);
+    if (s->bbio != NULL) {
+        /* Already buffered. */
+        return 1;
     }
-    (void)BIO_reset(bbio);
-/*      if (!BIO_set_write_buffer_size(bbio,16*1024)) */
-    if (!BIO_set_read_buffer_size(bbio, 1)) {
+
+    bbio = BIO_new(BIO_f_buffer());
+    if (bbio == NULL || !BIO_set_read_buffer_size(bbio, 1)) {
+        BIO_free(bbio);
         SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER, ERR_R_BUF_LIB);
-        return (0);
-    }
-    if (push) {
-        if (s->wbio != bbio)
-            s->wbio = BIO_push(bbio, s->wbio);
-    } else {
-        if (s->wbio == bbio)
-            s->wbio = BIO_pop(bbio);
+        return 0;
     }
-    return (1);
+    s->bbio = bbio;
+    s->wbio = BIO_push(bbio, s->wbio);
+
+    return 1;
 }
 
-void ssl_free_wbio_buffer(SSL *s)
+int ssl_free_wbio_buffer(SSL *s)
 {
+    /* callers ensure s is never null */
     if (s->bbio == NULL)
-        return;
+        return 1;
 
-    if (s->bbio == s->wbio) {
-        /* remove buffering */
-        s->wbio = BIO_pop(s->wbio);
-#ifdef REF_CHECK                /* not the usual REF_CHECK, but this avoids
-                                 * adding one more preprocessor symbol */
-        assert(s->wbio != NULL);
-#endif
-    }
+    s->wbio = BIO_pop(s->wbio);
     BIO_free(s->bbio);
     s->bbio = NULL;
+
+    return 1;
 }
 
 void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode)
@@ -3147,7 +3903,7 @@ void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode)
 
 int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx)
 {
-    return (ctx->quiet_shutdown);
+    return ctx->quiet_shutdown;
 }
 
 void SSL_set_quiet_shutdown(SSL *s, int mode)
@@ -3157,7 +3913,7 @@ void SSL_set_quiet_shutdown(SSL *s, int mode)
 
 int SSL_get_quiet_shutdown(const SSL *s)
 {
-    return (s->quiet_shutdown);
+    return s->quiet_shutdown;
 }
 
 void SSL_set_shutdown(SSL *s, int mode)
@@ -3167,60 +3923,50 @@ void SSL_set_shutdown(SSL *s, int mode)
 
 int SSL_get_shutdown(const SSL *s)
 {
-    return (s->shutdown);
+    return s->shutdown;
 }
 
 int SSL_version(const SSL *s)
 {
-    return (s->version);
+    return s->version;
+}
+
+int SSL_client_version(const SSL *s)
+{
+    return s->client_version;
 }
 
 SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl)
 {
-    return (ssl->ctx);
+    return ssl->ctx;
 }
 
 SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx)
 {
-    CERT *ocert = ssl->cert;
+    CERT *new_cert;
     if (ssl->ctx == ctx)
         return ssl->ctx;
-#ifndef OPENSSL_NO_TLSEXT
     if (ctx == NULL)
-        ctx = ssl->initial_ctx;
-#endif
-    ssl->cert = ssl_cert_dup(ctx->cert);
-    if (ocert) {
-        int i;
-        /* Preserve any already negotiated parameters */
-        if (ssl->server) {
-            ssl->cert->peer_sigalgs = ocert->peer_sigalgs;
-            ssl->cert->peer_sigalgslen = ocert->peer_sigalgslen;
-            ocert->peer_sigalgs = NULL;
-            ssl->cert->ciphers_raw = ocert->ciphers_raw;
-            ssl->cert->ciphers_rawlen = ocert->ciphers_rawlen;
-            ocert->ciphers_raw = NULL;
-        }
-        for (i = 0; i < SSL_PKEY_NUM; i++) {
-            ssl->cert->pkeys[i].digest = ocert->pkeys[i].digest;
-        }
-#ifndef OPENSSL_NO_TLSEXT
-        ssl->cert->alpn_proposed = ocert->alpn_proposed;
-        ssl->cert->alpn_proposed_len = ocert->alpn_proposed_len;
-        ocert->alpn_proposed = NULL;
-        ssl->cert->alpn_sent = ocert->alpn_sent;
-
-        if (!custom_exts_copy_flags(&ssl->cert->srv_ext, &ocert->srv_ext))
-            return NULL;
-#endif
-        ssl_cert_free(ocert);
+        ctx = ssl->session_ctx;
+    new_cert = ssl_cert_dup(ctx->cert);
+    if (new_cert == NULL) {
+        return NULL;
     }
 
+    if (!custom_exts_copy_flags(&new_cert->custext, &ssl->cert->custext)) {
+        ssl_cert_free(new_cert);
+        return NULL;
+    }
+
+    ssl_cert_free(ssl->cert);
+    ssl->cert = new_cert;
+
     /*
      * Program invariant: |sid_ctx| has fixed size (SSL_MAX_SID_CTX_LENGTH),
      * so setter APIs must prevent invalid lengths from entering the system.
      */
-    OPENSSL_assert(ssl->sid_ctx_length <= sizeof(ssl->sid_ctx));
+    if (!ossl_assert(ssl->sid_ctx_length <= sizeof(ssl->sid_ctx)))
+        return NULL;
 
     /*
      * If the session ID context matches that of the parent SSL_CTX,
@@ -3235,26 +3981,54 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx)
         memcpy(&ssl->sid_ctx, &ctx->sid_ctx, sizeof(ssl->sid_ctx));
     }
 
-    CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
-    if (ssl->ctx != NULL)
-        SSL_CTX_free(ssl->ctx); /* decrement reference count */
+    SSL_CTX_up_ref(ctx);
+    SSL_CTX_free(ssl->ctx);     /* decrement reference count */
     ssl->ctx = ctx;
 
-    return (ssl->ctx);
+    return ssl->ctx;
 }
 
-#ifndef OPENSSL_NO_STDIO
 int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
 {
-    return (X509_STORE_set_default_paths(ctx->cert_store));
+    return X509_STORE_set_default_paths(ctx->cert_store);
+}
+
+int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx)
+{
+    X509_LOOKUP *lookup;
+
+    lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_hash_dir());
+    if (lookup == NULL)
+        return 0;
+    X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
+
+    /* Clear any errors if the default directory does not exist */
+    ERR_clear_error();
+
+    return 1;
+}
+
+int SSL_CTX_set_default_verify_file(SSL_CTX *ctx)
+{
+    X509_LOOKUP *lookup;
+
+    lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_file());
+    if (lookup == NULL)
+        return 0;
+
+    X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
+
+    /* Clear any errors if the default file does not exist */
+    ERR_clear_error();
+
+    return 1;
 }
 
 int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
                                   const char *CApath)
 {
-    return (X509_STORE_load_locations(ctx->cert_store, CAfile, CApath));
+    return X509_STORE_load_locations(ctx->cert_store, CAfile, CApath);
 }
-#endif
 
 void SSL_set_info_callback(SSL *ssl,
                            void (*cb) (const SSL *ssl, int type, int val))
@@ -3272,120 +4046,101 @@ void (*SSL_get_info_callback(const SSL *ssl)) (const SSL * /* ssl */ ,
     return ssl->info_callback;
 }
 
-int SSL_state(const SSL *ssl)
+void SSL_set_verify_result(SSL *ssl, long arg)
 {
-    return (ssl->state);
+    ssl->verify_result = arg;
 }
 
-void SSL_set_state(SSL *ssl, int state)
+long SSL_get_verify_result(const SSL *ssl)
 {
-    ssl->state = state;
+    return ssl->verify_result;
 }
 
-void SSL_set_verify_result(SSL *ssl, long arg)
+size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen)
 {
-    ssl->verify_result = arg;
+    if (outlen == 0)
+        return sizeof(ssl->s3->client_random);
+    if (outlen > sizeof(ssl->s3->client_random))
+        outlen = sizeof(ssl->s3->client_random);
+    memcpy(out, ssl->s3->client_random, outlen);
+    return outlen;
 }
 
-long SSL_get_verify_result(const SSL *ssl)
+size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen)
 {
-    return (ssl->verify_result);
+    if (outlen == 0)
+        return sizeof(ssl->s3->server_random);
+    if (outlen > sizeof(ssl->s3->server_random))
+        outlen = sizeof(ssl->s3->server_random);
+    memcpy(out, ssl->s3->server_random, outlen);
+    return outlen;
 }
 
-int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-                         CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+size_t SSL_SESSION_get_master_key(const SSL_SESSION *session,
+                                  unsigned char *out, size_t outlen)
 {
-    return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp,
-                                   new_func, dup_func, free_func);
+    if (outlen == 0)
+        return session->master_key_length;
+    if (outlen > session->master_key_length)
+        outlen = session->master_key_length;
+    memcpy(out, session->master_key, outlen);
+    return outlen;
 }
 
-int SSL_set_ex_data(SSL *s, int idx, void *arg)
+int SSL_SESSION_set1_master_key(SSL_SESSION *sess, const unsigned char *in,
+                                size_t len)
 {
-    return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
+    if (len > sizeof(sess->master_key))
+        return 0;
+
+    memcpy(sess->master_key, in, len);
+    sess->master_key_length = len;
+    return 1;
 }
 
-void *SSL_get_ex_data(const SSL *s, int idx)
+
+int SSL_set_ex_data(SSL *s, int idx, void *arg)
 {
-    return (CRYPTO_get_ex_data(&s->ex_data, idx));
+    return CRYPTO_set_ex_data(&s->ex_data, idx, arg);
 }
 
-int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-                             CRYPTO_EX_dup *dup_func,
-                             CRYPTO_EX_free *free_func)
+void *SSL_get_ex_data(const SSL *s, int idx)
 {
-    return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp,
-                                   new_func, dup_func, free_func);
+    return CRYPTO_get_ex_data(&s->ex_data, idx);
 }
 
 int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg)
 {
-    return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
+    return CRYPTO_set_ex_data(&s->ex_data, idx, arg);
 }
 
 void *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx)
 {
-    return (CRYPTO_get_ex_data(&s->ex_data, idx));
-}
-
-int ssl_ok(SSL *s)
-{
-    return (1);
+    return CRYPTO_get_ex_data(&s->ex_data, idx);
 }
 
 X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx)
 {
-    return (ctx->cert_store);
+    return ctx->cert_store;
 }
 
 void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store)
 {
-    if (ctx->cert_store != NULL)
-        X509_STORE_free(ctx->cert_store);
+    X509_STORE_free(ctx->cert_store);
     ctx->cert_store = store;
 }
 
-int SSL_want(const SSL *s)
+void SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store)
 {
-    return (s->rwstate);
+    if (store != NULL)
+        X509_STORE_up_ref(store);
+    SSL_CTX_set_cert_store(ctx, store);
 }
 
-/**
- * \brief Set the callback for generating temporary RSA keys.
- * \param ctx the SSL context.
- * \param cb the callback
- */
-
-#ifndef OPENSSL_NO_RSA
-void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb) (SSL *ssl,
-                                                            int is_export,
-                                                            int keylength))
-{
-    SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_RSA_CB, (void (*)(void))cb);
-}
-
-void SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb) (SSL *ssl,
-                                                    int is_export,
-                                                    int keylength))
-{
-    SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_RSA_CB, (void (*)(void))cb);
-}
-#endif
-
-#ifdef DOXYGEN
-/**
- * \brief The RSA temporary key callback function.
- * \param ssl the SSL session.
- * \param is_export \c TRUE if the temp RSA key is for an export ciphersuite.
- * \param keylength if \c is_export is \c TRUE, then \c keylength is the size
- * of the required key in bits.
- * \return the temporary RSA key.
- * \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback
- */
-
-RSA *cb(SSL *ssl, int is_export, int keylength)
+int SSL_want(const SSL *s)
 {
+    return s->rwstate;
 }
-#endif
 
 /**
  * \brief Set the callback for generating temporary DH keys.
@@ -3408,39 +4163,20 @@ void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh) (SSL *ssl, int is_export,
 }
 #endif
 
-#ifndef OPENSSL_NO_ECDH
-void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,
-                                   EC_KEY *(*ecdh) (SSL *ssl, int is_export,
-                                                    int keylength))
-{
-    SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH_CB,
-                          (void (*)(void))ecdh);
-}
-
-void SSL_set_tmp_ecdh_callback(SSL *ssl,
-                               EC_KEY *(*ecdh) (SSL *ssl, int is_export,
-                                                int keylength))
-{
-    SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH_CB, (void (*)(void))ecdh);
-}
-#endif
-
 #ifndef OPENSSL_NO_PSK
 int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint)
 {
     if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
-        SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT,
-               SSL_R_DATA_LENGTH_TOO_LONG);
+        SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG);
         return 0;
     }
-    if (ctx->psk_identity_hint != NULL)
-        OPENSSL_free(ctx->psk_identity_hint);
+    OPENSSL_free(ctx->cert->psk_identity_hint);
     if (identity_hint != NULL) {
-        ctx->psk_identity_hint = BUF_strdup(identity_hint);
-        if (ctx->psk_identity_hint == NULL)
+        ctx->cert->psk_identity_hint = OPENSSL_strdup(identity_hint);
+        if (ctx->cert->psk_identity_hint == NULL)
             return 0;
     } else
-        ctx->psk_identity_hint = NULL;
+        ctx->cert->psk_identity_hint = NULL;
     return 1;
 }
 
@@ -3449,21 +4185,17 @@ int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint)
     if (s == NULL)
         return 0;
 
-    if (s->session == NULL)
-        return 1;               /* session not created yet, ignored */
-
     if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
         SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG);
         return 0;
     }
-    if (s->session->psk_identity_hint != NULL)
-        OPENSSL_free(s->session->psk_identity_hint);
+    OPENSSL_free(s->cert->psk_identity_hint);
     if (identity_hint != NULL) {
-        s->session->psk_identity_hint = BUF_strdup(identity_hint);
-        if (s->session->psk_identity_hint == NULL)
+        s->cert->psk_identity_hint = OPENSSL_strdup(identity_hint);
+        if (s->cert->psk_identity_hint == NULL)
             return 0;
     } else
-        s->session->psk_identity_hint = NULL;
+        s->cert->psk_identity_hint = NULL;
     return 1;
 }
 
@@ -3471,63 +4203,59 @@ const char *SSL_get_psk_identity_hint(const SSL *s)
 {
     if (s == NULL || s->session == NULL)
         return NULL;
-    return (s->session->psk_identity_hint);
+    return s->session->psk_identity_hint;
 }
 
 const char *SSL_get_psk_identity(const SSL *s)
 {
     if (s == NULL || s->session == NULL)
         return NULL;
-    return (s->session->psk_identity);
+    return s->session->psk_identity;
 }
 
-void SSL_set_psk_client_callback(SSL *s,
-                                 unsigned int (*cb) (SSL *ssl,
-                                                     const char *hint,
-                                                     char *identity,
-                                                     unsigned int
-                                                     max_identity_len,
-                                                     unsigned char *psk,
-                                                     unsigned int
-                                                     max_psk_len))
+void SSL_set_psk_client_callback(SSL *s, SSL_psk_client_cb_func cb)
 {
     s->psk_client_callback = cb;
 }
 
-void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx,
-                                     unsigned int (*cb) (SSL *ssl,
-                                                         const char *hint,
-                                                         char *identity,
-                                                         unsigned int
-                                                         max_identity_len,
-                                                         unsigned char *psk,
-                                                         unsigned int
-                                                         max_psk_len))
+void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb)
 {
     ctx->psk_client_callback = cb;
 }
 
-void SSL_set_psk_server_callback(SSL *s,
-                                 unsigned int (*cb) (SSL *ssl,
-                                                     const char *identity,
-                                                     unsigned char *psk,
-                                                     unsigned int
-                                                     max_psk_len))
+void SSL_set_psk_server_callback(SSL *s, SSL_psk_server_cb_func cb)
 {
     s->psk_server_callback = cb;
 }
 
-void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx,
-                                     unsigned int (*cb) (SSL *ssl,
-                                                         const char *identity,
-                                                         unsigned char *psk,
-                                                         unsigned int
-                                                         max_psk_len))
+void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb)
 {
     ctx->psk_server_callback = cb;
 }
 #endif
 
+void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb)
+{
+    s->psk_find_session_cb = cb;
+}
+
+void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx,
+                                           SSL_psk_find_session_cb_func cb)
+{
+    ctx->psk_find_session_cb = cb;
+}
+
+void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb)
+{
+    s->psk_use_session_cb = cb;
+}
+
+void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx,
+                                           SSL_psk_use_session_cb_func cb)
+{
+    ctx->psk_use_session_cb = cb;
+}
+
 void SSL_CTX_set_msg_callback(SSL_CTX *ctx,
                               void (*cb) (int write_p, int version,
                                           int content_type, const void *buf,
@@ -3544,19 +4272,118 @@ void SSL_set_msg_callback(SSL *ssl,
     SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
 }
 
+void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx,
+                                                int (*cb) (SSL *ssl,
+                                                           int
+                                                           is_forward_secure))
+{
+    SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB,
+                          (void (*)(void))cb);
+}
+
+void SSL_set_not_resumable_session_callback(SSL *ssl,
+                                            int (*cb) (SSL *ssl,
+                                                       int is_forward_secure))
+{
+    SSL_callback_ctrl(ssl, SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB,
+                      (void (*)(void))cb);
+}
+
+void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx,
+                                         size_t (*cb) (SSL *ssl, int type,
+                                                       size_t len, void *arg))
+{
+    ctx->record_padding_cb = cb;
+}
+
+void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg)
+{
+    ctx->record_padding_arg = arg;
+}
+
+void *SSL_CTX_get_record_padding_callback_arg(SSL_CTX *ctx)
+{
+    return ctx->record_padding_arg;
+}
+
+int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size)
+{
+    /* block size of 0 or 1 is basically no padding */
+    if (block_size == 1)
+        ctx->block_padding = 0;
+    else if (block_size <= SSL3_RT_MAX_PLAIN_LENGTH)
+        ctx->block_padding = block_size;
+    else
+        return 0;
+    return 1;
+}
+
+void SSL_set_record_padding_callback(SSL *ssl,
+                                     size_t (*cb) (SSL *ssl, int type,
+                                                   size_t len, void *arg))
+{
+    ssl->record_padding_cb = cb;
+}
+
+void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg)
+{
+    ssl->record_padding_arg = arg;
+}
+
+void *SSL_get_record_padding_callback_arg(SSL *ssl)
+{
+    return ssl->record_padding_arg;
+}
+
+int SSL_set_block_padding(SSL *ssl, size_t block_size)
+{
+    /* block size of 0 or 1 is basically no padding */
+    if (block_size == 1)
+        ssl->block_padding = 0;
+    else if (block_size <= SSL3_RT_MAX_PLAIN_LENGTH)
+        ssl->block_padding = block_size;
+    else
+        return 0;
+    return 1;
+}
+
+int SSL_set_num_tickets(SSL *s, size_t num_tickets)
+{
+    s->num_tickets = num_tickets;
+
+    return 1;
+}
+
+size_t SSL_get_num_tickets(SSL *s)
+{
+    return s->num_tickets;
+}
+
+int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets)
+{
+    ctx->num_tickets = num_tickets;
+
+    return 1;
+}
+
+size_t SSL_CTX_get_num_tickets(SSL_CTX *ctx)
+{
+    return ctx->num_tickets;
+}
+
 /*
  * Allocates new EVP_MD_CTX and sets pointer to it into given pointer
- * vairable, freeing EVP_MD_CTX previously stored in that variable, if any.
- * If EVP_MD pointer is passed, initializes ctx with this md Returns newly
- * allocated ctx;
+ * variable, freeing EVP_MD_CTX previously stored in that variable, if any.
+ * If EVP_MD pointer is passed, initializes ctx with this |md|.
+ * Returns the newly allocated ctx;
  */
 
 EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md)
 {
     ssl_clear_hash_ctx(hash);
-    *hash = EVP_MD_CTX_create();
+    *hash = EVP_MD_CTX_new();
     if (*hash == NULL || (md && EVP_DigestInit_ex(*hash, md, NULL) <= 0)) {
-        EVP_MD_CTX_destroy(*hash);
+        EVP_MD_CTX_free(*hash);
         *hash = NULL;
         return NULL;
     }
@@ -3566,30 +4393,1141 @@ EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md)
 void ssl_clear_hash_ctx(EVP_MD_CTX **hash)
 {
 
-    if (*hash)
-        EVP_MD_CTX_destroy(*hash);
+    EVP_MD_CTX_free(*hash);
     *hash = NULL;
 }
 
-void SSL_set_debug(SSL *s, int debug)
+/* Retrieve handshake hashes */
+int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen,
+                       size_t *hashlen)
 {
-    s->debug = debug;
+    EVP_MD_CTX *ctx = NULL;
+    EVP_MD_CTX *hdgst = s->s3->handshake_dgst;
+    int hashleni = EVP_MD_CTX_size(hdgst);
+    int ret = 0;
+
+    if (hashleni < 0 || (size_t)hashleni > outlen) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_HANDSHAKE_HASH,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    ctx = EVP_MD_CTX_new();
+    if (ctx == NULL)
+        goto err;
+
+    if (!EVP_MD_CTX_copy_ex(ctx, hdgst)
+        || EVP_DigestFinal_ex(ctx, out, NULL) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_HANDSHAKE_HASH,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    *hashlen = hashleni;
+
+    ret = 1;
+ err:
+    EVP_MD_CTX_free(ctx);
+    return ret;
 }
 
-int SSL_cache_hit(SSL *s)
+int SSL_session_reused(SSL *s)
 {
     return s->hit;
 }
 
-int SSL_is_server(SSL *s)
+int SSL_is_server(const SSL *s)
 {
     return s->server;
 }
 
-#if defined(_WINDLL) && defined(OPENSSL_SYS_WIN16)
-# include "../crypto/bio/bss_file.c"
+#if OPENSSL_API_COMPAT < 0x10100000L
+void SSL_set_debug(SSL *s, int debug)
+{
+    /* Old function was do-nothing anyway... */
+    (void)s;
+    (void)debug;
+}
 #endif
 
-IMPLEMENT_STACK_OF(SSL_CIPHER)
-IMPLEMENT_STACK_OF(SSL_COMP)
+void SSL_set_security_level(SSL *s, int level)
+{
+    s->cert->sec_level = level;
+}
+
+int SSL_get_security_level(const SSL *s)
+{
+    return s->cert->sec_level;
+}
+
+void SSL_set_security_callback(SSL *s,
+                               int (*cb) (const SSL *s, const SSL_CTX *ctx,
+                                          int op, int bits, int nid,
+                                          void *other, void *ex))
+{
+    s->cert->sec_cb = cb;
+}
+
+int (*SSL_get_security_callback(const SSL *s)) (const SSL *s,
+                                                const SSL_CTX *ctx, int op,
+                                                int bits, int nid, void *other,
+                                                void *ex) {
+    return s->cert->sec_cb;
+}
+
+void SSL_set0_security_ex_data(SSL *s, void *ex)
+{
+    s->cert->sec_ex = ex;
+}
+
+void *SSL_get0_security_ex_data(const SSL *s)
+{
+    return s->cert->sec_ex;
+}
+
+void SSL_CTX_set_security_level(SSL_CTX *ctx, int level)
+{
+    ctx->cert->sec_level = level;
+}
+
+int SSL_CTX_get_security_level(const SSL_CTX *ctx)
+{
+    return ctx->cert->sec_level;
+}
+
+void SSL_CTX_set_security_callback(SSL_CTX *ctx,
+                                   int (*cb) (const SSL *s, const SSL_CTX *ctx,
+                                              int op, int bits, int nid,
+                                              void *other, void *ex))
+{
+    ctx->cert->sec_cb = cb;
+}
+
+int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (const SSL *s,
+                                                          const SSL_CTX *ctx,
+                                                          int op, int bits,
+                                                          int nid,
+                                                          void *other,
+                                                          void *ex) {
+    return ctx->cert->sec_cb;
+}
+
+void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex)
+{
+    ctx->cert->sec_ex = ex;
+}
+
+void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx)
+{
+    return ctx->cert->sec_ex;
+}
+
+/*
+ * Get/Set/Clear options in SSL_CTX or SSL, formerly macros, now functions that
+ * can return unsigned long, instead of the generic long return value from the
+ * control interface.
+ */
+unsigned long SSL_CTX_get_options(const SSL_CTX *ctx)
+{
+    return ctx->options;
+}
+
+unsigned long SSL_get_options(const SSL *s)
+{
+    return s->options;
+}
+
+unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op)
+{
+    return ctx->options |= op;
+}
+
+unsigned long SSL_set_options(SSL *s, unsigned long op)
+{
+    return s->options |= op;
+}
+
+unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op)
+{
+    return ctx->options &= ~op;
+}
+
+unsigned long SSL_clear_options(SSL *s, unsigned long op)
+{
+    return s->options &= ~op;
+}
+
+STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s)
+{
+    return s->verified_chain;
+}
+
 IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
+
+#ifndef OPENSSL_NO_CT
+
+/*
+ * Moves SCTs from the |src| stack to the |dst| stack.
+ * The source of each SCT will be set to |origin|.
+ * If |dst| points to a NULL pointer, a new stack will be created and owned by
+ * the caller.
+ * Returns the number of SCTs moved, or a negative integer if an error occurs.
+ */
+static int ct_move_scts(STACK_OF(SCT) **dst, STACK_OF(SCT) *src,
+                        sct_source_t origin)
+{
+    int scts_moved = 0;
+    SCT *sct = NULL;
+
+    if (*dst == NULL) {
+        *dst = sk_SCT_new_null();
+        if (*dst == NULL) {
+            SSLerr(SSL_F_CT_MOVE_SCTS, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+
+    while ((sct = sk_SCT_pop(src)) != NULL) {
+        if (SCT_set_source(sct, origin) != 1)
+            goto err;
+
+        if (sk_SCT_push(*dst, sct) <= 0)
+            goto err;
+        scts_moved += 1;
+    }
+
+    return scts_moved;
+ err:
+    if (sct != NULL)
+        sk_SCT_push(src, sct);  /* Put the SCT back */
+    return -1;
+}
+
+/*
+ * Look for data collected during ServerHello and parse if found.
+ * Returns the number of SCTs extracted.
+ */
+static int ct_extract_tls_extension_scts(SSL *s)
+{
+    int scts_extracted = 0;
+
+    if (s->ext.scts != NULL) {
+        const unsigned char *p = s->ext.scts;
+        STACK_OF(SCT) *scts = o2i_SCT_LIST(NULL, &p, s->ext.scts_len);
+
+        scts_extracted = ct_move_scts(&s->scts, scts, SCT_SOURCE_TLS_EXTENSION);
+
+        SCT_LIST_free(scts);
+    }
+
+    return scts_extracted;
+}
+
+/*
+ * Checks for an OCSP response and then attempts to extract any SCTs found if it
+ * contains an SCT X509 extension. They will be stored in |s->scts|.
+ * Returns:
+ * - The number of SCTs extracted, assuming an OCSP response exists.
+ * - 0 if no OCSP response exists or it contains no SCTs.
+ * - A negative integer if an error occurs.
+ */
+static int ct_extract_ocsp_response_scts(SSL *s)
+{
+# ifndef OPENSSL_NO_OCSP
+    int scts_extracted = 0;
+    const unsigned char *p;
+    OCSP_BASICRESP *br = NULL;
+    OCSP_RESPONSE *rsp = NULL;
+    STACK_OF(SCT) *scts = NULL;
+    int i;
+
+    if (s->ext.ocsp.resp == NULL || s->ext.ocsp.resp_len == 0)
+        goto err;
+
+    p = s->ext.ocsp.resp;
+    rsp = d2i_OCSP_RESPONSE(NULL, &p, (int)s->ext.ocsp.resp_len);
+    if (rsp == NULL)
+        goto err;
+
+    br = OCSP_response_get1_basic(rsp);
+    if (br == NULL)
+        goto err;
+
+    for (i = 0; i < OCSP_resp_count(br); ++i) {
+        OCSP_SINGLERESP *single = OCSP_resp_get0(br, i);
+
+        if (single == NULL)
+            continue;
+
+        scts =
+            OCSP_SINGLERESP_get1_ext_d2i(single, NID_ct_cert_scts, NULL, NULL);
+        scts_extracted =
+            ct_move_scts(&s->scts, scts, SCT_SOURCE_OCSP_STAPLED_RESPONSE);
+        if (scts_extracted < 0)
+            goto err;
+    }
+ err:
+    SCT_LIST_free(scts);
+    OCSP_BASICRESP_free(br);
+    OCSP_RESPONSE_free(rsp);
+    return scts_extracted;
+# else
+    /* Behave as if no OCSP response exists */
+    return 0;
+# endif
+}
+
+/*
+ * Attempts to extract SCTs from the peer certificate.
+ * Return the number of SCTs extracted, or a negative integer if an error
+ * occurs.
+ */
+static int ct_extract_x509v3_extension_scts(SSL *s)
+{
+    int scts_extracted = 0;
+    X509 *cert = s->session != NULL ? s->session->peer : NULL;
+
+    if (cert != NULL) {
+        STACK_OF(SCT) *scts =
+            X509_get_ext_d2i(cert, NID_ct_precert_scts, NULL, NULL);
+
+        scts_extracted =
+            ct_move_scts(&s->scts, scts, SCT_SOURCE_X509V3_EXTENSION);
+
+        SCT_LIST_free(scts);
+    }
+
+    return scts_extracted;
+}
+
+/*
+ * Attempts to find all received SCTs by checking TLS extensions, the OCSP
+ * response (if it exists) and X509v3 extensions in the certificate.
+ * Returns NULL if an error occurs.
+ */
+const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s)
+{
+    if (!s->scts_parsed) {
+        if (ct_extract_tls_extension_scts(s) < 0 ||
+            ct_extract_ocsp_response_scts(s) < 0 ||
+            ct_extract_x509v3_extension_scts(s) < 0)
+            goto err;
+
+        s->scts_parsed = 1;
+    }
+    return s->scts;
+ err:
+    return NULL;
+}
+
+static int ct_permissive(const CT_POLICY_EVAL_CTX * ctx,
+                         const STACK_OF(SCT) *scts, void *unused_arg)
+{
+    return 1;
+}
+
+static int ct_strict(const CT_POLICY_EVAL_CTX * ctx,
+                     const STACK_OF(SCT) *scts, void *unused_arg)
+{
+    int count = scts != NULL ? sk_SCT_num(scts) : 0;
+    int i;
+
+    for (i = 0; i < count; ++i) {
+        SCT *sct = sk_SCT_value(scts, i);
+        int status = SCT_get_validation_status(sct);
+
+        if (status == SCT_VALIDATION_STATUS_VALID)
+            return 1;
+    }
+    SSLerr(SSL_F_CT_STRICT, SSL_R_NO_VALID_SCTS);
+    return 0;
+}
+
+int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback,
+                                   void *arg)
+{
+    /*
+     * Since code exists that uses the custom extension handler for CT, look
+     * for this and throw an error if they have already registered to use CT.
+     */
+    if (callback != NULL && SSL_CTX_has_client_custom_ext(s->ctx,
+                                                          TLSEXT_TYPE_signed_certificate_timestamp))
+    {
+        SSLerr(SSL_F_SSL_SET_CT_VALIDATION_CALLBACK,
+               SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED);
+        return 0;
+    }
+
+    if (callback != NULL) {
+        /*
+         * If we are validating CT, then we MUST accept SCTs served via OCSP
+         */
+        if (!SSL_set_tlsext_status_type(s, TLSEXT_STATUSTYPE_ocsp))
+            return 0;
+    }
+
+    s->ct_validation_callback = callback;
+    s->ct_validation_callback_arg = arg;
+
+    return 1;
+}
+
+int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx,
+                                       ssl_ct_validation_cb callback, void *arg)
+{
+    /*
+     * Since code exists that uses the custom extension handler for CT, look for
+     * this and throw an error if they have already registered to use CT.
+     */
+    if (callback != NULL && SSL_CTX_has_client_custom_ext(ctx,
+                                                          TLSEXT_TYPE_signed_certificate_timestamp))
+    {
+        SSLerr(SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK,
+               SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED);
+        return 0;
+    }
+
+    ctx->ct_validation_callback = callback;
+    ctx->ct_validation_callback_arg = arg;
+    return 1;
+}
+
+int SSL_ct_is_enabled(const SSL *s)
+{
+    return s->ct_validation_callback != NULL;
+}
+
+int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx)
+{
+    return ctx->ct_validation_callback != NULL;
+}
+
+int ssl_validate_ct(SSL *s)
+{
+    int ret = 0;
+    X509 *cert = s->session != NULL ? s->session->peer : NULL;
+    X509 *issuer;
+    SSL_DANE *dane = &s->dane;
+    CT_POLICY_EVAL_CTX *ctx = NULL;
+    const STACK_OF(SCT) *scts;
+
+    /*
+     * If no callback is set, the peer is anonymous, or its chain is invalid,
+     * skip SCT validation - just return success.  Applications that continue
+     * handshakes without certificates, with unverified chains, or pinned leaf
+     * certificates are outside the scope of the WebPKI and CT.
+     *
+     * The above exclusions notwithstanding the vast majority of peers will
+     * have rather ordinary certificate chains validated by typical
+     * applications that perform certificate verification and therefore will
+     * process SCTs when enabled.
+     */
+    if (s->ct_validation_callback == NULL || cert == NULL ||
+        s->verify_result != X509_V_OK ||
+        s->verified_chain == NULL || sk_X509_num(s->verified_chain) <= 1)
+        return 1;
+
+    /*
+     * CT not applicable for chains validated via DANE-TA(2) or DANE-EE(3)
+     * trust-anchors.  See https://tools.ietf.org/html/rfc7671#section-4.2
+     */
+    if (DANETLS_ENABLED(dane) && dane->mtlsa != NULL) {
+        switch (dane->mtlsa->usage) {
+        case DANETLS_USAGE_DANE_TA:
+        case DANETLS_USAGE_DANE_EE:
+            return 1;
+        }
+    }
+
+    ctx = CT_POLICY_EVAL_CTX_new();
+    if (ctx == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_VALIDATE_CT,
+                 ERR_R_MALLOC_FAILURE);
+        goto end;
+    }
+
+    issuer = sk_X509_value(s->verified_chain, 1);
+    CT_POLICY_EVAL_CTX_set1_cert(ctx, cert);
+    CT_POLICY_EVAL_CTX_set1_issuer(ctx, issuer);
+    CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(ctx, s->ctx->ctlog_store);
+    CT_POLICY_EVAL_CTX_set_time(
+            ctx, (uint64_t)SSL_SESSION_get_time(SSL_get0_session(s)) * 1000);
+
+    scts = SSL_get0_peer_scts(s);
+
+    /*
+     * This function returns success (> 0) only when all the SCTs are valid, 0
+     * when some are invalid, and < 0 on various internal errors (out of
+     * memory, etc.).  Having some, or even all, invalid SCTs is not sufficient
+     * reason to abort the handshake, that decision is up to the callback.
+     * Therefore, we error out only in the unexpected case that the return
+     * value is negative.
+     *
+     * XXX: One might well argue that the return value of this function is an
+     * unfortunate design choice.  Its job is only to determine the validation
+     * status of each of the provided SCTs.  So long as it correctly separates
+     * the wheat from the chaff it should return success.  Failure in this case
+     * ought to correspond to an inability to carry out its duties.
+     */
+    if (SCT_LIST_validate(scts, ctx) < 0) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_SSL_VALIDATE_CT,
+                 SSL_R_SCT_VERIFICATION_FAILED);
+        goto end;
+    }
+
+    ret = s->ct_validation_callback(ctx, scts, s->ct_validation_callback_arg);
+    if (ret < 0)
+        ret = 0;                /* This function returns 0 on failure */
+    if (!ret)
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_SSL_VALIDATE_CT,
+                 SSL_R_CALLBACK_FAILED);
+
+ end:
+    CT_POLICY_EVAL_CTX_free(ctx);
+    /*
+     * With SSL_VERIFY_NONE the session may be cached and re-used despite a
+     * failure return code here.  Also the application may wish the complete
+     * the handshake, and then disconnect cleanly at a higher layer, after
+     * checking the verification status of the completed connection.
+     *
+     * We therefore force a certificate verification failure which will be
+     * visible via SSL_get_verify_result() and cached as part of any resumed
+     * session.
+     *
+     * Note: the permissive callback is for information gathering only, always
+     * returns success, and does not affect verification status.  Only the
+     * strict callback or a custom application-specified callback can trigger
+     * connection failure or record a verification error.
+     */
+    if (ret <= 0)
+        s->verify_result = X509_V_ERR_NO_VALID_SCTS;
+    return ret;
+}
+
+int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode)
+{
+    switch (validation_mode) {
+    default:
+        SSLerr(SSL_F_SSL_CTX_ENABLE_CT, SSL_R_INVALID_CT_VALIDATION_TYPE);
+        return 0;
+    case SSL_CT_VALIDATION_PERMISSIVE:
+        return SSL_CTX_set_ct_validation_callback(ctx, ct_permissive, NULL);
+    case SSL_CT_VALIDATION_STRICT:
+        return SSL_CTX_set_ct_validation_callback(ctx, ct_strict, NULL);
+    }
+}
+
+int SSL_enable_ct(SSL *s, int validation_mode)
+{
+    switch (validation_mode) {
+    default:
+        SSLerr(SSL_F_SSL_ENABLE_CT, SSL_R_INVALID_CT_VALIDATION_TYPE);
+        return 0;
+    case SSL_CT_VALIDATION_PERMISSIVE:
+        return SSL_set_ct_validation_callback(s, ct_permissive, NULL);
+    case SSL_CT_VALIDATION_STRICT:
+        return SSL_set_ct_validation_callback(s, ct_strict, NULL);
+    }
+}
+
+int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx)
+{
+    return CTLOG_STORE_load_default_file(ctx->ctlog_store);
+}
+
+int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path)
+{
+    return CTLOG_STORE_load_file(ctx->ctlog_store, path);
+}
+
+void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE * logs)
+{
+    CTLOG_STORE_free(ctx->ctlog_store);
+    ctx->ctlog_store = logs;
+}
+
+const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx)
+{
+    return ctx->ctlog_store;
+}
+
+#endif  /* OPENSSL_NO_CT */
+
+void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn cb,
+                                 void *arg)
+{
+    c->client_hello_cb = cb;
+    c->client_hello_cb_arg = arg;
+}
+
+int SSL_client_hello_isv2(SSL *s)
+{
+    if (s->clienthello == NULL)
+        return 0;
+    return s->clienthello->isv2;
+}
+
+unsigned int SSL_client_hello_get0_legacy_version(SSL *s)
+{
+    if (s->clienthello == NULL)
+        return 0;
+    return s->clienthello->legacy_version;
+}
+
+size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out)
+{
+    if (s->clienthello == NULL)
+        return 0;
+    if (out != NULL)
+        *out = s->clienthello->random;
+    return SSL3_RANDOM_SIZE;
+}
+
+size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out)
+{
+    if (s->clienthello == NULL)
+        return 0;
+    if (out != NULL)
+        *out = s->clienthello->session_id;
+    return s->clienthello->session_id_len;
+}
+
+size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out)
+{
+    if (s->clienthello == NULL)
+        return 0;
+    if (out != NULL)
+        *out = PACKET_data(&s->clienthello->ciphersuites);
+    return PACKET_remaining(&s->clienthello->ciphersuites);
+}
+
+size_t SSL_client_hello_get0_compression_methods(SSL *s, const unsigned char **out)
+{
+    if (s->clienthello == NULL)
+        return 0;
+    if (out != NULL)
+        *out = s->clienthello->compressions;
+    return s->clienthello->compressions_len;
+}
+
+int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen)
+{
+    RAW_EXTENSION *ext;
+    int *present;
+    size_t num = 0, i;
+
+    if (s->clienthello == NULL || out == NULL || outlen == NULL)
+        return 0;
+    for (i = 0; i < s->clienthello->pre_proc_exts_len; i++) {
+        ext = s->clienthello->pre_proc_exts + i;
+        if (ext->present)
+            num++;
+    }
+    if ((present = OPENSSL_malloc(sizeof(*present) * num)) == NULL) {
+        SSLerr(SSL_F_SSL_CLIENT_HELLO_GET1_EXTENSIONS_PRESENT,
+               ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    for (i = 0; i < s->clienthello->pre_proc_exts_len; i++) {
+        ext = s->clienthello->pre_proc_exts + i;
+        if (ext->present) {
+            if (ext->received_order >= num)
+                goto err;
+            present[ext->received_order] = ext->type;
+        }
+    }
+    *out = present;
+    *outlen = num;
+    return 1;
+ err:
+    OPENSSL_free(present);
+    return 0;
+}
+
+int SSL_client_hello_get0_ext(SSL *s, unsigned int type, const unsigned char **out,
+                       size_t *outlen)
+{
+    size_t i;
+    RAW_EXTENSION *r;
+
+    if (s->clienthello == NULL)
+        return 0;
+    for (i = 0; i < s->clienthello->pre_proc_exts_len; ++i) {
+        r = s->clienthello->pre_proc_exts + i;
+        if (r->present && r->type == type) {
+            if (out != NULL)
+                *out = PACKET_data(&r->data);
+            if (outlen != NULL)
+                *outlen = PACKET_remaining(&r->data);
+            return 1;
+        }
+    }
+    return 0;
+}
+
+int SSL_free_buffers(SSL *ssl)
+{
+    RECORD_LAYER *rl = &ssl->rlayer;
+
+    if (RECORD_LAYER_read_pending(rl) || RECORD_LAYER_write_pending(rl))
+        return 0;
+
+    RECORD_LAYER_release(rl);
+    return 1;
+}
+
+int SSL_alloc_buffers(SSL *ssl)
+{
+    return ssl3_setup_buffers(ssl);
+}
+
+void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb)
+{
+    ctx->keylog_callback = cb;
+}
+
+SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx)
+{
+    return ctx->keylog_callback;
+}
+
+static int nss_keylog_int(const char *prefix,
+                          SSL *ssl,
+                          const uint8_t *parameter_1,
+                          size_t parameter_1_len,
+                          const uint8_t *parameter_2,
+                          size_t parameter_2_len)
+{
+    char *out = NULL;
+    char *cursor = NULL;
+    size_t out_len = 0;
+    size_t i;
+    size_t prefix_len;
+
+    if (ssl->ctx->keylog_callback == NULL) return 1;
+
+    /*
+     * Our output buffer will contain the following strings, rendered with
+     * space characters in between, terminated by a NULL character: first the
+     * prefix, then the first parameter, then the second parameter. The
+     * meaning of each parameter depends on the specific key material being
+     * logged. Note that the first and second parameters are encoded in
+     * hexadecimal, so we need a buffer that is twice their lengths.
+     */
+    prefix_len = strlen(prefix);
+    out_len = prefix_len + (2*parameter_1_len) + (2*parameter_2_len) + 3;
+    if ((out = cursor = OPENSSL_malloc(out_len)) == NULL) {
+        SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, SSL_F_NSS_KEYLOG_INT,
+                 ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    strcpy(cursor, prefix);
+    cursor += prefix_len;
+    *cursor++ = ' ';
+
+    for (i = 0; i < parameter_1_len; i++) {
+        sprintf(cursor, "%02x", parameter_1[i]);
+        cursor += 2;
+    }
+    *cursor++ = ' ';
+
+    for (i = 0; i < parameter_2_len; i++) {
+        sprintf(cursor, "%02x", parameter_2[i]);
+        cursor += 2;
+    }
+    *cursor = '\0';
+
+    ssl->ctx->keylog_callback(ssl, (const char *)out);
+    OPENSSL_free(out);
+    return 1;
+
+}
+
+int ssl_log_rsa_client_key_exchange(SSL *ssl,
+                                    const uint8_t *encrypted_premaster,
+                                    size_t encrypted_premaster_len,
+                                    const uint8_t *premaster,
+                                    size_t premaster_len)
+{
+    if (encrypted_premaster_len < 8) {
+        SSLfatal(ssl, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    /* We only want the first 8 bytes of the encrypted premaster as a tag. */
+    return nss_keylog_int("RSA",
+                          ssl,
+                          encrypted_premaster,
+                          8,
+                          premaster,
+                          premaster_len);
+}
+
+int ssl_log_secret(SSL *ssl,
+                   const char *label,
+                   const uint8_t *secret,
+                   size_t secret_len)
+{
+    return nss_keylog_int(label,
+                          ssl,
+                          ssl->s3->client_random,
+                          SSL3_RANDOM_SIZE,
+                          secret,
+                          secret_len);
+}
+
+#define SSLV2_CIPHER_LEN    3
+
+int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format)
+{
+    int n;
+
+    n = sslv2format ? SSLV2_CIPHER_LEN : TLS_CIPHER_LEN;
+
+    if (PACKET_remaining(cipher_suites) == 0) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SSL_CACHE_CIPHERLIST,
+                 SSL_R_NO_CIPHERS_SPECIFIED);
+        return 0;
+    }
+
+    if (PACKET_remaining(cipher_suites) % n != 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL_CACHE_CIPHERLIST,
+                 SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
+        return 0;
+    }
+
+    OPENSSL_free(s->s3->tmp.ciphers_raw);
+    s->s3->tmp.ciphers_raw = NULL;
+    s->s3->tmp.ciphers_rawlen = 0;
+
+    if (sslv2format) {
+        size_t numciphers = PACKET_remaining(cipher_suites) / n;
+        PACKET sslv2ciphers = *cipher_suites;
+        unsigned int leadbyte;
+        unsigned char *raw;
+
+        /*
+         * We store the raw ciphers list in SSLv3+ format so we need to do some
+         * preprocessing to convert the list first. If there are any SSLv2 only
+         * ciphersuites with a non-zero leading byte then we are going to
+         * slightly over allocate because we won't store those. But that isn't a
+         * problem.
+         */
+        raw = OPENSSL_malloc(numciphers * TLS_CIPHER_LEN);
+        s->s3->tmp.ciphers_raw = raw;
+        if (raw == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CACHE_CIPHERLIST,
+                     ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        for (s->s3->tmp.ciphers_rawlen = 0;
+             PACKET_remaining(&sslv2ciphers) > 0;
+             raw += TLS_CIPHER_LEN) {
+            if (!PACKET_get_1(&sslv2ciphers, &leadbyte)
+                    || (leadbyte == 0
+                        && !PACKET_copy_bytes(&sslv2ciphers, raw,
+                                              TLS_CIPHER_LEN))
+                    || (leadbyte != 0
+                        && !PACKET_forward(&sslv2ciphers, TLS_CIPHER_LEN))) {
+                SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL_CACHE_CIPHERLIST,
+                         SSL_R_BAD_PACKET);
+                OPENSSL_free(s->s3->tmp.ciphers_raw);
+                s->s3->tmp.ciphers_raw = NULL;
+                s->s3->tmp.ciphers_rawlen = 0;
+                return 0;
+            }
+            if (leadbyte == 0)
+                s->s3->tmp.ciphers_rawlen += TLS_CIPHER_LEN;
+        }
+    } else if (!PACKET_memdup(cipher_suites, &s->s3->tmp.ciphers_raw,
+                           &s->s3->tmp.ciphers_rawlen)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CACHE_CIPHERLIST,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    return 1;
+}
+
+int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len,
+                             int isv2format, STACK_OF(SSL_CIPHER) **sk,
+                             STACK_OF(SSL_CIPHER) **scsvs)
+{
+    PACKET pkt;
+
+    if (!PACKET_buf_init(&pkt, bytes, len))
+        return 0;
+    return bytes_to_cipher_list(s, &pkt, sk, scsvs, isv2format, 0);
+}
+
+int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
+                         STACK_OF(SSL_CIPHER) **skp,
+                         STACK_OF(SSL_CIPHER) **scsvs_out,
+                         int sslv2format, int fatal)
+{
+    const SSL_CIPHER *c;
+    STACK_OF(SSL_CIPHER) *sk = NULL;
+    STACK_OF(SSL_CIPHER) *scsvs = NULL;
+    int n;
+    /* 3 = SSLV2_CIPHER_LEN > TLS_CIPHER_LEN = 2. */
+    unsigned char cipher[SSLV2_CIPHER_LEN];
+
+    n = sslv2format ? SSLV2_CIPHER_LEN : TLS_CIPHER_LEN;
+
+    if (PACKET_remaining(cipher_suites) == 0) {
+        if (fatal)
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_BYTES_TO_CIPHER_LIST,
+                     SSL_R_NO_CIPHERS_SPECIFIED);
+        else
+            SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, SSL_R_NO_CIPHERS_SPECIFIED);
+        return 0;
+    }
+
+    if (PACKET_remaining(cipher_suites) % n != 0) {
+        if (fatal)
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_BYTES_TO_CIPHER_LIST,
+                     SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
+        else
+            SSLerr(SSL_F_BYTES_TO_CIPHER_LIST,
+                   SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
+        return 0;
+    }
+
+    sk = sk_SSL_CIPHER_new_null();
+    scsvs = sk_SSL_CIPHER_new_null();
+    if (sk == NULL || scsvs == NULL) {
+        if (fatal)
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_BYTES_TO_CIPHER_LIST,
+                     ERR_R_MALLOC_FAILURE);
+        else
+            SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    while (PACKET_copy_bytes(cipher_suites, cipher, n)) {
+        /*
+         * SSLv3 ciphers wrapped in an SSLv2-compatible ClientHello have the
+         * first byte set to zero, while true SSLv2 ciphers have a non-zero
+         * first byte. We don't support any true SSLv2 ciphers, so skip them.
+         */
+        if (sslv2format && cipher[0] != '\0')
+            continue;
+
+        /* For SSLv2-compat, ignore leading 0-byte. */
+        c = ssl_get_cipher_by_char(s, sslv2format ? &cipher[1] : cipher, 1);
+        if (c != NULL) {
+            if ((c->valid && !sk_SSL_CIPHER_push(sk, c)) ||
+                (!c->valid && !sk_SSL_CIPHER_push(scsvs, c))) {
+                if (fatal)
+                    SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                             SSL_F_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
+                else
+                    SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+        }
+    }
+    if (PACKET_remaining(cipher_suites) > 0) {
+        if (fatal)
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_BYTES_TO_CIPHER_LIST,
+                     SSL_R_BAD_LENGTH);
+        else
+            SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, SSL_R_BAD_LENGTH);
+        goto err;
+    }
+
+    if (skp != NULL)
+        *skp = sk;
+    else
+        sk_SSL_CIPHER_free(sk);
+    if (scsvs_out != NULL)
+        *scsvs_out = scsvs;
+    else
+        sk_SSL_CIPHER_free(scsvs);
+    return 1;
+ err:
+    sk_SSL_CIPHER_free(sk);
+    sk_SSL_CIPHER_free(scsvs);
+    return 0;
+}
+
+int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data)
+{
+    ctx->max_early_data = max_early_data;
+
+    return 1;
+}
+
+uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx)
+{
+    return ctx->max_early_data;
+}
+
+int SSL_set_max_early_data(SSL *s, uint32_t max_early_data)
+{
+    s->max_early_data = max_early_data;
+
+    return 1;
+}
+
+uint32_t SSL_get_max_early_data(const SSL *s)
+{
+    return s->max_early_data;
+}
+
+int SSL_CTX_set_recv_max_early_data(SSL_CTX *ctx, uint32_t recv_max_early_data)
+{
+    ctx->recv_max_early_data = recv_max_early_data;
+
+    return 1;
+}
+
+uint32_t SSL_CTX_get_recv_max_early_data(const SSL_CTX *ctx)
+{
+    return ctx->recv_max_early_data;
+}
+
+int SSL_set_recv_max_early_data(SSL *s, uint32_t recv_max_early_data)
+{
+    s->recv_max_early_data = recv_max_early_data;
+
+    return 1;
+}
+
+uint32_t SSL_get_recv_max_early_data(const SSL *s)
+{
+    return s->recv_max_early_data;
+}
+
+__owur unsigned int ssl_get_max_send_fragment(const SSL *ssl)
+{
+    /* Return any active Max Fragment Len extension */
+    if (ssl->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(ssl->session))
+        return GET_MAX_FRAGMENT_LENGTH(ssl->session);
+
+    /* return current SSL connection setting */
+    return ssl->max_send_fragment;
+}
+
+__owur unsigned int ssl_get_split_send_fragment(const SSL *ssl)
+{
+    /* Return a value regarding an active Max Fragment Len extension */
+    if (ssl->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(ssl->session)
+        && ssl->split_send_fragment > GET_MAX_FRAGMENT_LENGTH(ssl->session))
+        return GET_MAX_FRAGMENT_LENGTH(ssl->session);
+
+    /* else limit |split_send_fragment| to current |max_send_fragment| */
+    if (ssl->split_send_fragment > ssl->max_send_fragment)
+        return ssl->max_send_fragment;
+
+    /* return current SSL connection setting */
+    return ssl->split_send_fragment;
+}
+
+int SSL_stateless(SSL *s)
+{
+    int ret;
+
+    /* Ensure there is no state left over from a previous invocation */
+    if (!SSL_clear(s))
+        return 0;
+
+    ERR_clear_error();
+
+    s->s3->flags |= TLS1_FLAGS_STATELESS;
+    ret = SSL_accept(s);
+    s->s3->flags &= ~TLS1_FLAGS_STATELESS;
+
+    if (ret > 0 && s->ext.cookieok)
+        return 1;
+
+    if (s->hello_retry_request == SSL_HRR_PENDING && !ossl_statem_in_error(s))
+        return 0;
+
+    return -1;
+}
+
+void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val)
+{
+    ctx->pha_enabled = val;
+}
+
+void SSL_set_post_handshake_auth(SSL *ssl, int val)
+{
+    ssl->pha_enabled = val;
+}
+
+int SSL_verify_client_post_handshake(SSL *ssl)
+{
+    if (!SSL_IS_TLS13(ssl)) {
+        SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_WRONG_SSL_VERSION);
+        return 0;
+    }
+    if (!ssl->server) {
+        SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_NOT_SERVER);
+        return 0;
+    }
+
+    if (!SSL_is_init_finished(ssl)) {
+        SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_STILL_IN_INIT);
+        return 0;
+    }
+
+    switch (ssl->post_handshake_auth) {
+    case SSL_PHA_NONE:
+        SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_EXTENSION_NOT_RECEIVED);
+        return 0;
+    default:
+    case SSL_PHA_EXT_SENT:
+        SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, ERR_R_INTERNAL_ERROR);
+        return 0;
+    case SSL_PHA_EXT_RECEIVED:
+        break;
+    case SSL_PHA_REQUEST_PENDING:
+        SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_REQUEST_PENDING);
+        return 0;
+    case SSL_PHA_REQUESTED:
+        SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_REQUEST_SENT);
+        return 0;
+    }
+
+    ssl->post_handshake_auth = SSL_PHA_REQUEST_PENDING;
+
+    /* checks verify_mode and algorithm_auth */
+    if (!send_certificate_request(ssl)) {
+        ssl->post_handshake_auth = SSL_PHA_EXT_RECEIVED; /* restore on error */
+        SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_INVALID_CONFIG);
+        return 0;
+    }
+
+    ossl_statem_set_in_init(ssl, 1);
+    return 1;
+}
+
+int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx,
+                                  SSL_CTX_generate_session_ticket_fn gen_cb,
+                                  SSL_CTX_decrypt_session_ticket_fn dec_cb,
+                                  void *arg)
+{
+    ctx->generate_ticket_cb = gen_cb;
+    ctx->decrypt_ticket_cb = dec_cb;
+    ctx->ticket_cb_data = arg;
+    return 1;
+}
+
+void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx,
+                                     SSL_allow_early_data_cb_fn cb,
+                                     void *arg)
+{
+    ctx->allow_early_data_cb = cb;
+    ctx->allow_early_data_cb_data = arg;
+}
+
+void SSL_set_allow_early_data_cb(SSL *s,
+                                 SSL_allow_early_data_cb_fn cb,
+                                 void *arg)
+{
+    s->allow_early_data_cb = cb;
+    s->allow_early_data_cb_data = arg;
+}
diff --git a/freebsd/crypto/openssl/ssl/ssl_locl.h b/freebsd/crypto/openssl/ssl/ssl_locl.h
index 43789ad7..e8819e7a 100644
--- a/freebsd/crypto/openssl/ssl/ssl_locl.h
+++ b/freebsd/crypto/openssl/ssl/ssl_locl.h
@@ -1,177 +1,45 @@
-/* ssl/ssl_locl.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2018 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-/* ====================================================================
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #ifndef HEADER_SSL_LOCL_H
 # define HEADER_SSL_LOCL_H
+
+# include "e_os.h"              /* struct timeval for DTLS */
 # include <stdlib.h>
 # include <time.h>
 # include <string.h>
 # include <errno.h>
 
-# include "e_os.h"
-
 # include <openssl/buffer.h>
-# ifndef OPENSSL_NO_COMP
-#  include <openssl/comp.h>
-# endif
+# include <openssl/comp.h>
 # include <openssl/bio.h>
-# include <openssl/stack.h>
-# ifndef OPENSSL_NO_RSA
-#  include <openssl/rsa.h>
-# endif
-# ifndef OPENSSL_NO_DSA
-#  include <openssl/dsa.h>
-# endif
+# include <openssl/rsa.h>
+# include <openssl/dsa.h>
 # include <openssl/err.h>
 # include <openssl/ssl.h>
+# include <openssl/async.h>
 # include <openssl/symhacks.h>
+# include <openssl/ct.h>
+# include "record/record.h"
+# include "statem/statem.h"
+# include "packet_locl.h"
+# include "internal/dane.h"
+# include "internal/refcount.h"
+# include "internal/tsan_assist.h"
 
 # ifdef OPENSSL_BUILD_SHLIBSSL
 #  undef OPENSSL_EXTERN
 #  define OPENSSL_EXTERN OPENSSL_EXPORT
 # endif
 
-# undef PKCS1_CHECK
-
 # define c2l(c,l)        (l = ((unsigned long)(*((c)++)))     , \
                          l|=(((unsigned long)(*((c)++)))<< 8), \
                          l|=(((unsigned long)(*((c)++)))<<16), \
@@ -203,6 +71,16 @@
                          l|=((unsigned long)(*((c)++)))<< 8, \
                          l|=((unsigned long)(*((c)++))))
 
+# define n2l8(c,l)       (l =((uint64_t)(*((c)++)))<<56, \
+                         l|=((uint64_t)(*((c)++)))<<48, \
+                         l|=((uint64_t)(*((c)++)))<<40, \
+                         l|=((uint64_t)(*((c)++)))<<32, \
+                         l|=((uint64_t)(*((c)++)))<<24, \
+                         l|=((uint64_t)(*((c)++)))<<16, \
+                         l|=((uint64_t)(*((c)++)))<< 8, \
+                         l|=((uint64_t)(*((c)++))))
+
+
 # define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24)&0xff), \
                          *((c)++)=(unsigned char)(((l)>>16)&0xff), \
                          *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
@@ -224,13 +102,6 @@
                          *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
                          *((c)++)=(unsigned char)(((l)    )&0xff))
 
-# define n2l6(c,l)       (l =((BN_ULLONG)(*((c)++)))<<40, \
-                         l|=((BN_ULLONG)(*((c)++)))<<32, \
-                         l|=((BN_ULLONG)(*((c)++)))<<24, \
-                         l|=((BN_ULLONG)(*((c)++)))<<16, \
-                         l|=((BN_ULLONG)(*((c)++)))<< 8, \
-                         l|=((BN_ULLONG)(*((c)++))))
-
 /* NOTE - c is not incremented as per l2c */
 # define l2cn(l1,l2,c,n) { \
                         c+=n; \
@@ -246,34 +117,29 @@
                                 } \
                         }
 
-# define n2s(c,s)        ((s=(((unsigned int)(c[0]))<< 8)| \
-                            (((unsigned int)(c[1]))    )),c+=2)
-# define s2n(s,c)        ((c[0]=(unsigned char)(((s)>> 8)&0xff), \
-                          c[1]=(unsigned char)(((s)    )&0xff)),c+=2)
+# define n2s(c,s)        ((s=(((unsigned int)((c)[0]))<< 8)| \
+                             (((unsigned int)((c)[1]))    )),(c)+=2)
+# define s2n(s,c)        (((c)[0]=(unsigned char)(((s)>> 8)&0xff), \
+                           (c)[1]=(unsigned char)(((s)    )&0xff)),(c)+=2)
 
-# define n2l3(c,l)       ((l =(((unsigned long)(c[0]))<<16)| \
-                             (((unsigned long)(c[1]))<< 8)| \
-                             (((unsigned long)(c[2]))    )),c+=3)
+# define n2l3(c,l)       ((l =(((unsigned long)((c)[0]))<<16)| \
+                              (((unsigned long)((c)[1]))<< 8)| \
+                              (((unsigned long)((c)[2]))    )),(c)+=3)
 
-# define l2n3(l,c)       ((c[0]=(unsigned char)(((l)>>16)&0xff), \
-                          c[1]=(unsigned char)(((l)>> 8)&0xff), \
-                          c[2]=(unsigned char)(((l)    )&0xff)),c+=3)
+# define l2n3(l,c)       (((c)[0]=(unsigned char)(((l)>>16)&0xff), \
+                           (c)[1]=(unsigned char)(((l)>> 8)&0xff), \
+                           (c)[2]=(unsigned char)(((l)    )&0xff)),(c)+=3)
 
-# define SSL_MAX_2_BYTE_LEN     (0xffff)
-
-/* LOCAL STUFF */
-
-# define SSL_DECRYPT     0
-# define SSL_ENCRYPT     1
-
-# define TWO_BYTE_BIT    0x80
-# define SEC_ESC_BIT     0x40
-# define TWO_BYTE_MASK   0x7fff
-# define THREE_BYTE_MASK 0x3fff
+/*
+ * DTLS version numbers are strange because they're inverted. Except for
+ * DTLS1_BAD_VER, which should be considered "lower" than the rest.
+ */
+# define dtls_ver_ordinal(v1) (((v1) == DTLS1_BAD_VER) ? 0xff00 : (v1))
+# define DTLS_VERSION_GT(v1, v2) (dtls_ver_ordinal(v1) < dtls_ver_ordinal(v2))
+# define DTLS_VERSION_GE(v1, v2) (dtls_ver_ordinal(v1) <= dtls_ver_ordinal(v2))
+# define DTLS_VERSION_LT(v1, v2) (dtls_ver_ordinal(v1) > dtls_ver_ordinal(v2))
+# define DTLS_VERSION_LE(v1, v2) (dtls_ver_ordinal(v1) >= dtls_ver_ordinal(v2))
 
-# define INC32(a)        ((a)=((a)+1)&0xffffffffL)
-# define DEC32(a)        ((a)=((a)-1)&0xffffffffL)
-# define MAX_MAC_SIZE    20     /* up from 16 for SSLv3 */
 
 /*
  * Define the Bitmasks for SSL_CIPHER.algorithms.
@@ -291,186 +157,182 @@
 
 /* Bits for algorithm_mkey (key exchange algorithm) */
 /* RSA key exchange */
-# define SSL_kRSA                0x00000001L
-/* DH cert, RSA CA cert */
-# define SSL_kDHr                0x00000002L
-/* DH cert, DSA CA cert */
-# define SSL_kDHd                0x00000004L
+# define SSL_kRSA                0x00000001U
 /* tmp DH key no DH cert */
-# define SSL_kEDH                0x00000008L
-/* forward-compatible synonym */
-# define SSL_kDHE                SSL_kEDH
-/* Kerberos5 key exchange */
-# define SSL_kKRB5               0x00000010L
-/* ECDH cert, RSA CA cert */
-# define SSL_kECDHr              0x00000020L
-/* ECDH cert, ECDSA CA cert */
-# define SSL_kECDHe              0x00000040L
+# define SSL_kDHE                0x00000002U
+/* synonym */
+# define SSL_kEDH                SSL_kDHE
 /* ephemeral ECDH */
-# define SSL_kEECDH              0x00000080L
-/* forward-compatible synonym */
-# define SSL_kECDHE              SSL_kEECDH
+# define SSL_kECDHE              0x00000004U
+/* synonym */
+# define SSL_kEECDH              SSL_kECDHE
 /* PSK */
-# define SSL_kPSK                0x00000100L
+# define SSL_kPSK                0x00000008U
 /* GOST key exchange */
-# define SSL_kGOST       0x00000200L
+# define SSL_kGOST               0x00000010U
 /* SRP */
-# define SSL_kSRP        0x00000400L
+# define SSL_kSRP                0x00000020U
+
+# define SSL_kRSAPSK             0x00000040U
+# define SSL_kECDHEPSK           0x00000080U
+# define SSL_kDHEPSK             0x00000100U
+
+/* all PSK */
+
+# define SSL_PSK     (SSL_kPSK | SSL_kRSAPSK | SSL_kECDHEPSK | SSL_kDHEPSK)
+
+/* Any appropriate key exchange algorithm (for TLS 1.3 ciphersuites) */
+# define SSL_kANY                0x00000000U
 
 /* Bits for algorithm_auth (server authentication) */
 /* RSA auth */
-# define SSL_aRSA                0x00000001L
+# define SSL_aRSA                0x00000001U
 /* DSS auth */
-# define SSL_aDSS                0x00000002L
+# define SSL_aDSS                0x00000002U
 /* no auth (i.e. use ADH or AECDH) */
-# define SSL_aNULL               0x00000004L
-/* Fixed DH auth (kDHd or kDHr) */
-# define SSL_aDH                 0x00000008L
-/* Fixed ECDH auth (kECDHe or kECDHr) */
-# define SSL_aECDH               0x00000010L
-/* KRB5 auth */
-# define SSL_aKRB5               0x00000020L
+# define SSL_aNULL               0x00000004U
 /* ECDSA auth*/
-# define SSL_aECDSA              0x00000040L
+# define SSL_aECDSA              0x00000008U
 /* PSK auth */
-# define SSL_aPSK                0x00000080L
-/* GOST R 34.10-94 signature auth */
-# define SSL_aGOST94                             0x00000100L
+# define SSL_aPSK                0x00000010U
 /* GOST R 34.10-2001 signature auth */
-# define SSL_aGOST01                     0x00000200L
+# define SSL_aGOST01             0x00000020U
 /* SRP auth */
-# define SSL_aSRP                0x00000400L
+# define SSL_aSRP                0x00000040U
+/* GOST R 34.10-2012 signature auth */
+# define SSL_aGOST12             0x00000080U
+/* Any appropriate signature auth (for TLS 1.3 ciphersuites) */
+# define SSL_aANY                0x00000000U
+/* All bits requiring a certificate */
+#define SSL_aCERT \
+    (SSL_aRSA | SSL_aDSS | SSL_aECDSA | SSL_aGOST01 | SSL_aGOST12)
 
 /* Bits for algorithm_enc (symmetric encryption) */
-# define SSL_DES                 0x00000001L
-# define SSL_3DES                0x00000002L
-# define SSL_RC4                 0x00000004L
-# define SSL_RC2                 0x00000008L
-# define SSL_IDEA                0x00000010L
-# define SSL_eNULL               0x00000020L
-# define SSL_AES128              0x00000040L
-# define SSL_AES256              0x00000080L
-# define SSL_CAMELLIA128         0x00000100L
-# define SSL_CAMELLIA256         0x00000200L
-# define SSL_eGOST2814789CNT     0x00000400L
-# define SSL_SEED                0x00000800L
-# define SSL_AES128GCM           0x00001000L
-# define SSL_AES256GCM           0x00002000L
-
-# define SSL_AES                 (SSL_AES128|SSL_AES256|SSL_AES128GCM|SSL_AES256GCM)
+# define SSL_DES                 0x00000001U
+# define SSL_3DES                0x00000002U
+# define SSL_RC4                 0x00000004U
+# define SSL_RC2                 0x00000008U
+# define SSL_IDEA                0x00000010U
+# define SSL_eNULL               0x00000020U
+# define SSL_AES128              0x00000040U
+# define SSL_AES256              0x00000080U
+# define SSL_CAMELLIA128         0x00000100U
+# define SSL_CAMELLIA256         0x00000200U
+# define SSL_eGOST2814789CNT     0x00000400U
+# define SSL_SEED                0x00000800U
+# define SSL_AES128GCM           0x00001000U
+# define SSL_AES256GCM           0x00002000U
+# define SSL_AES128CCM           0x00004000U
+# define SSL_AES256CCM           0x00008000U
+# define SSL_AES128CCM8          0x00010000U
+# define SSL_AES256CCM8          0x00020000U
+# define SSL_eGOST2814789CNT12   0x00040000U
+# define SSL_CHACHA20POLY1305    0x00080000U
+# define SSL_ARIA128GCM          0x00100000U
+# define SSL_ARIA256GCM          0x00200000U
+
+# define SSL_AESGCM              (SSL_AES128GCM | SSL_AES256GCM)
+# define SSL_AESCCM              (SSL_AES128CCM | SSL_AES256CCM | SSL_AES128CCM8 | SSL_AES256CCM8)
+# define SSL_AES                 (SSL_AES128|SSL_AES256|SSL_AESGCM|SSL_AESCCM)
 # define SSL_CAMELLIA            (SSL_CAMELLIA128|SSL_CAMELLIA256)
+# define SSL_CHACHA20            (SSL_CHACHA20POLY1305)
+# define SSL_ARIAGCM             (SSL_ARIA128GCM | SSL_ARIA256GCM)
+# define SSL_ARIA                (SSL_ARIAGCM)
 
 /* Bits for algorithm_mac (symmetric authentication) */
 
-# define SSL_MD5                 0x00000001L
-# define SSL_SHA1                0x00000002L
-# define SSL_GOST94      0x00000004L
-# define SSL_GOST89MAC   0x00000008L
-# define SSL_SHA256              0x00000010L
-# define SSL_SHA384              0x00000020L
+# define SSL_MD5                 0x00000001U
+# define SSL_SHA1                0x00000002U
+# define SSL_GOST94      0x00000004U
+# define SSL_GOST89MAC   0x00000008U
+# define SSL_SHA256              0x00000010U
+# define SSL_SHA384              0x00000020U
 /* Not a real MAC, just an indication it is part of cipher */
-# define SSL_AEAD                0x00000040L
-
-/* Bits for algorithm_ssl (protocol version) */
-# define SSL_SSLV2               0x00000001UL
-# define SSL_SSLV3               0x00000002UL
-# define SSL_TLSV1               SSL_SSLV3/* for now */
-# define SSL_TLSV1_2             0x00000004UL
-
-/* Bits for algorithm2 (handshake digests and other extra flags) */
-
-# define SSL_HANDSHAKE_MAC_MD5 0x10
-# define SSL_HANDSHAKE_MAC_SHA 0x20
-# define SSL_HANDSHAKE_MAC_GOST94 0x40
-# define SSL_HANDSHAKE_MAC_SHA256 0x80
-# define SSL_HANDSHAKE_MAC_SHA384 0x100
-# define SSL_HANDSHAKE_MAC_DEFAULT (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA)
+# define SSL_AEAD                0x00000040U
+# define SSL_GOST12_256          0x00000080U
+# define SSL_GOST89MAC12         0x00000100U
+# define SSL_GOST12_512          0x00000200U
 
 /*
- * When adding new digest in the ssl_ciph.c and increment SSM_MD_NUM_IDX make
+ * When adding new digest in the ssl_ciph.c and increment SSL_MD_NUM_IDX make
  * sure to update this constant too
  */
-# define SSL_MAX_DIGEST 6
 
-# define TLS1_PRF_DGST_MASK      (0xff << TLS1_PRF_DGST_SHIFT)
+# define SSL_MD_MD5_IDX  0
+# define SSL_MD_SHA1_IDX 1
+# define SSL_MD_GOST94_IDX 2
+# define SSL_MD_GOST89MAC_IDX 3
+# define SSL_MD_SHA256_IDX 4
+# define SSL_MD_SHA384_IDX 5
+# define SSL_MD_GOST12_256_IDX  6
+# define SSL_MD_GOST89MAC12_IDX 7
+# define SSL_MD_GOST12_512_IDX  8
+# define SSL_MD_MD5_SHA1_IDX 9
+# define SSL_MD_SHA224_IDX 10
+# define SSL_MD_SHA512_IDX 11
+# define SSL_MAX_DIGEST 12
 
-# define TLS1_PRF_DGST_SHIFT 10
-# define TLS1_PRF_MD5 (SSL_HANDSHAKE_MAC_MD5 << TLS1_PRF_DGST_SHIFT)
-# define TLS1_PRF_SHA1 (SSL_HANDSHAKE_MAC_SHA << TLS1_PRF_DGST_SHIFT)
-# define TLS1_PRF_SHA256 (SSL_HANDSHAKE_MAC_SHA256 << TLS1_PRF_DGST_SHIFT)
-# define TLS1_PRF_SHA384 (SSL_HANDSHAKE_MAC_SHA384 << TLS1_PRF_DGST_SHIFT)
-# define TLS1_PRF_GOST94 (SSL_HANDSHAKE_MAC_GOST94 << TLS1_PRF_DGST_SHIFT)
-# define TLS1_PRF (TLS1_PRF_MD5 | TLS1_PRF_SHA1)
+/* Bits for algorithm2 (handshake digests and other extra flags) */
+
+/* Bits 0-7 are handshake MAC */
+# define SSL_HANDSHAKE_MAC_MASK  0xFF
+# define SSL_HANDSHAKE_MAC_MD5_SHA1 SSL_MD_MD5_SHA1_IDX
+# define SSL_HANDSHAKE_MAC_SHA256   SSL_MD_SHA256_IDX
+# define SSL_HANDSHAKE_MAC_SHA384   SSL_MD_SHA384_IDX
+# define SSL_HANDSHAKE_MAC_GOST94 SSL_MD_GOST94_IDX
+# define SSL_HANDSHAKE_MAC_GOST12_256 SSL_MD_GOST12_256_IDX
+# define SSL_HANDSHAKE_MAC_GOST12_512 SSL_MD_GOST12_512_IDX
+# define SSL_HANDSHAKE_MAC_DEFAULT  SSL_HANDSHAKE_MAC_MD5_SHA1
+
+/* Bits 8-15 bits are PRF */
+# define TLS1_PRF_DGST_SHIFT 8
+# define TLS1_PRF_SHA1_MD5 (SSL_MD_MD5_SHA1_IDX << TLS1_PRF_DGST_SHIFT)
+# define TLS1_PRF_SHA256 (SSL_MD_SHA256_IDX << TLS1_PRF_DGST_SHIFT)
+# define TLS1_PRF_SHA384 (SSL_MD_SHA384_IDX << TLS1_PRF_DGST_SHIFT)
+# define TLS1_PRF_GOST94 (SSL_MD_GOST94_IDX << TLS1_PRF_DGST_SHIFT)
+# define TLS1_PRF_GOST12_256 (SSL_MD_GOST12_256_IDX << TLS1_PRF_DGST_SHIFT)
+# define TLS1_PRF_GOST12_512 (SSL_MD_GOST12_512_IDX << TLS1_PRF_DGST_SHIFT)
+# define TLS1_PRF            (SSL_MD_MD5_SHA1_IDX << TLS1_PRF_DGST_SHIFT)
 
 /*
  * Stream MAC for GOST ciphersuites from cryptopro draft (currently this also
  * goes into algorithm2)
  */
-# define TLS1_STREAM_MAC 0x04
-
-/*
- * Export and cipher strength information. For each cipher we have to decide
- * whether it is exportable or not. This information is likely to change
- * over time, since the export control rules are no static technical issue.
- *
- * Independent of the export flag the cipher strength is sorted into classes.
- * SSL_EXP40 was denoting the 40bit US export limit of past times, which now
- * is at 56bit (SSL_EXP56). If the exportable cipher class is going to change
- * again (eg. to 64bit) the use of "SSL_EXP*" becomes blurred even more,
- * since SSL_EXP64 could be similar to SSL_LOW.
- * For this reason SSL_MICRO and SSL_MINI macros are included to widen the
- * namespace of SSL_LOW-SSL_HIGH to lower values. As development of speed
- * and ciphers goes, another extension to SSL_SUPER and/or SSL_ULTRA would
- * be possible.
- */
-# define SSL_EXP_MASK            0x00000003L
-# define SSL_STRONG_MASK         0x000001fcL
+# define TLS1_STREAM_MAC 0x10000
 
-# define SSL_NOT_EXP             0x00000001L
-# define SSL_EXPORT              0x00000002L
+# define SSL_STRONG_MASK         0x0000001FU
+# define SSL_DEFAULT_MASK        0X00000020U
 
-# define SSL_STRONG_NONE         0x00000004L
-# define SSL_EXP40               0x00000008L
-# define SSL_MICRO               (SSL_EXP40)
-# define SSL_EXP56               0x00000010L
-# define SSL_MINI                (SSL_EXP56)
-# define SSL_LOW                 0x00000020L
-# define SSL_MEDIUM              0x00000040L
-# define SSL_HIGH                0x00000080L
-# define SSL_FIPS                0x00000100L
-# define SSL_NOT_DEFAULT         0x00000200L
+# define SSL_STRONG_NONE         0x00000001U
+# define SSL_LOW                 0x00000002U
+# define SSL_MEDIUM              0x00000004U
+# define SSL_HIGH                0x00000008U
+# define SSL_FIPS                0x00000010U
+# define SSL_NOT_DEFAULT         0x00000020U
 
-/* we have used 000003ff - 22 bits left to go */
+/* we have used 0000003f - 26 bits left to go */
 
-/*-
- * Macros to check the export status and cipher strength for export ciphers.
- * Even though the macros for EXPORT and EXPORT40/56 have similar names,
- * their meaning is different:
- * *_EXPORT macros check the 'exportable' status.
- * *_EXPORT40/56 macros are used to check whether a certain cipher strength
- *          is given.
- * Since the SSL_IS_EXPORT* and SSL_EXPORT* macros depend on the correct
- * algorithm structure element to be passed (algorithms, algo_strength) and no
- * typechecking can be done as they are all of type unsigned long, their
- * direct usage is discouraged.
- * Use the SSL_C_* macros instead.
- */
-# define SSL_IS_EXPORT(a)        ((a)&SSL_EXPORT)
-# define SSL_IS_EXPORT56(a)      ((a)&SSL_EXP56)
-# define SSL_IS_EXPORT40(a)      ((a)&SSL_EXP40)
-# define SSL_C_IS_EXPORT(c)      SSL_IS_EXPORT((c)->algo_strength)
-# define SSL_C_IS_EXPORT56(c)    SSL_IS_EXPORT56((c)->algo_strength)
-# define SSL_C_IS_EXPORT40(c)    SSL_IS_EXPORT40((c)->algo_strength)
-
-# define SSL_EXPORT_KEYLENGTH(a,s)       (SSL_IS_EXPORT40(s) ? 5 : \
-                                 (a) == SSL_DES ? 8 : 7)
-# define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024)
-# define SSL_C_EXPORT_KEYLENGTH(c)       SSL_EXPORT_KEYLENGTH((c)->algorithm_enc, \
-                                (c)->algo_strength)
-# define SSL_C_EXPORT_PKEYLENGTH(c)      SSL_EXPORT_PKEYLENGTH((c)->algo_strength)
+/* Flag used on OpenSSL ciphersuite ids to indicate they are for SSLv3+ */
+# define SSL3_CK_CIPHERSUITE_FLAG                0x03000000
 
 /* Check if an SSL structure is using DTLS */
 # define SSL_IS_DTLS(s)  (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)
+
+/* Check if we are using TLSv1.3 */
+# define SSL_IS_TLS13(s) (!SSL_IS_DTLS(s) \
+                          && (s)->method->version >= TLS1_3_VERSION \
+                          && (s)->method->version != TLS_ANY_VERSION)
+
+# define SSL_TREAT_AS_TLS13(s) \
+    (SSL_IS_TLS13(s) || (s)->early_data_state == SSL_EARLY_DATA_CONNECTING \
+     || (s)->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY \
+     || (s)->early_data_state == SSL_EARLY_DATA_WRITING \
+     || (s)->early_data_state == SSL_EARLY_DATA_WRITE_RETRY \
+     || (s)->hello_retry_request == SSL_HRR_PENDING)
+
+# define SSL_IS_FIRST_HANDSHAKE(S) ((s)->s3->tmp.finish_md_len == 0 \
+                                    || (s)->s3->tmp.peer_finish_md_len == 0)
+
 /* See if we need explicit IV */
 # define SSL_USE_EXPLICIT_IV(s)  \
                 (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_EXPLICIT_IV)
@@ -491,8 +353,8 @@
  * flags because it may not be set to correct version yet.
  */
 # define SSL_CLIENT_USE_TLS1_2_CIPHERS(s)        \
-                ((SSL_IS_DTLS(s) && s->client_version <= DTLS1_2_VERSION) || \
-                (!SSL_IS_DTLS(s) && s->client_version >= TLS1_2_VERSION))
+    ((!SSL_IS_DTLS(s) && s->client_version >= TLS1_2_VERSION) || \
+     (SSL_IS_DTLS(s) && DTLS_VERSION_GE(s->client_version, DTLS1_2_VERSION)))
 /*
  * Determine if a client should send signature algorithms extension:
  * as with TLS1.2 cipher we can't rely on method flags.
@@ -500,22 +362,33 @@
 # define SSL_CLIENT_USE_SIGALGS(s)        \
     SSL_CLIENT_USE_TLS1_2_CIPHERS(s)
 
+# define IS_MAX_FRAGMENT_LENGTH_EXT_VALID(value) \
+    (((value) >= TLSEXT_max_fragment_length_512) && \
+     ((value) <= TLSEXT_max_fragment_length_4096))
+# define USE_MAX_FRAGMENT_LENGTH_EXT(session) \
+    IS_MAX_FRAGMENT_LENGTH_EXT_VALID(session->ext.max_fragment_len_mode)
+# define GET_MAX_FRAGMENT_LENGTH(session) \
+    (512U << (session->ext.max_fragment_len_mode - 1))
+
+# define SSL_READ_ETM(s) (s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC_READ)
+# define SSL_WRITE_ETM(s) (s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE)
+
 /* Mostly for SSLv3 */
-# define SSL_PKEY_RSA_ENC        0
-# define SSL_PKEY_RSA_SIGN       1
+# define SSL_PKEY_RSA            0
+# define SSL_PKEY_RSA_PSS_SIGN   1
 # define SSL_PKEY_DSA_SIGN       2
-# define SSL_PKEY_DH_RSA         3
-# define SSL_PKEY_DH_DSA         4
-# define SSL_PKEY_ECC            5
-# define SSL_PKEY_GOST94         6
-# define SSL_PKEY_GOST01         7
-# define SSL_PKEY_NUM            8
+# define SSL_PKEY_ECC            3
+# define SSL_PKEY_GOST01         4
+# define SSL_PKEY_GOST12_256     5
+# define SSL_PKEY_GOST12_512     6
+# define SSL_PKEY_ED25519        7
+# define SSL_PKEY_ED448          8
+# define SSL_PKEY_NUM            9
 
 /*-
- * SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
- *          <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)
+ * SSL_kRSA <- RSA_ENC
  * SSL_kDH  <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN)
- * SSL_kEDH <- RSA_ENC | RSA_SIGN | DSA_SIGN
+ * SSL_kDHE <- RSA_ENC | RSA_SIGN | DSA_SIGN
  * SSL_aRSA <- RSA_ENC | RSA_SIGN
  * SSL_aDSS <- DSA_SIGN
  */
@@ -526,6 +399,1386 @@
 #define CERT_PRIVATE_KEY        2
 */
 
+/* Post-Handshake Authentication state */
+typedef enum {
+    SSL_PHA_NONE = 0,
+    SSL_PHA_EXT_SENT,        /* client-side only: extension sent */
+    SSL_PHA_EXT_RECEIVED,    /* server-side only: extension received */
+    SSL_PHA_REQUEST_PENDING, /* server-side only: request pending */
+    SSL_PHA_REQUESTED        /* request received by client, or sent by server */
+} SSL_PHA_STATE;
+
+/* CipherSuite length. SSLv3 and all TLS versions. */
+# define TLS_CIPHER_LEN 2
+/* used to hold info on the particular ciphers used */
+struct ssl_cipher_st {
+    uint32_t valid;
+    const char *name;           /* text name */
+    const char *stdname;        /* RFC name */
+    uint32_t id;                /* id, 4 bytes, first is version */
+    /*
+     * changed in 1.0.0: these four used to be portions of a single value
+     * 'algorithms'
+     */
+    uint32_t algorithm_mkey;    /* key exchange algorithm */
+    uint32_t algorithm_auth;    /* server authentication */
+    uint32_t algorithm_enc;     /* symmetric encryption */
+    uint32_t algorithm_mac;     /* symmetric authentication */
+    int min_tls;                /* minimum SSL/TLS protocol version */
+    int max_tls;                /* maximum SSL/TLS protocol version */
+    int min_dtls;               /* minimum DTLS protocol version */
+    int max_dtls;               /* maximum DTLS protocol version */
+    uint32_t algo_strength;     /* strength and export flags */
+    uint32_t algorithm2;        /* Extra flags */
+    int32_t strength_bits;      /* Number of bits really used */
+    uint32_t alg_bits;          /* Number of bits for algorithm */
+};
+
+/* Used to hold SSL/TLS functions */
+struct ssl_method_st {
+    int version;
+    unsigned flags;
+    unsigned long mask;
+    int (*ssl_new) (SSL *s);
+    int (*ssl_clear) (SSL *s);
+    void (*ssl_free) (SSL *s);
+    int (*ssl_accept) (SSL *s);
+    int (*ssl_connect) (SSL *s);
+    int (*ssl_read) (SSL *s, void *buf, size_t len, size_t *readbytes);
+    int (*ssl_peek) (SSL *s, void *buf, size_t len, size_t *readbytes);
+    int (*ssl_write) (SSL *s, const void *buf, size_t len, size_t *written);
+    int (*ssl_shutdown) (SSL *s);
+    int (*ssl_renegotiate) (SSL *s);
+    int (*ssl_renegotiate_check) (SSL *s, int);
+    int (*ssl_read_bytes) (SSL *s, int type, int *recvd_type,
+                           unsigned char *buf, size_t len, int peek,
+                           size_t *readbytes);
+    int (*ssl_write_bytes) (SSL *s, int type, const void *buf_, size_t len,
+                            size_t *written);
+    int (*ssl_dispatch_alert) (SSL *s);
+    long (*ssl_ctrl) (SSL *s, int cmd, long larg, void *parg);
+    long (*ssl_ctx_ctrl) (SSL_CTX *ctx, int cmd, long larg, void *parg);
+    const SSL_CIPHER *(*get_cipher_by_char) (const unsigned char *ptr);
+    int (*put_cipher_by_char) (const SSL_CIPHER *cipher, WPACKET *pkt,
+                               size_t *len);
+    size_t (*ssl_pending) (const SSL *s);
+    int (*num_ciphers) (void);
+    const SSL_CIPHER *(*get_cipher) (unsigned ncipher);
+    long (*get_timeout) (void);
+    const struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
+    int (*ssl_version) (void);
+    long (*ssl_callback_ctrl) (SSL *s, int cb_id, void (*fp) (void));
+    long (*ssl_ctx_callback_ctrl) (SSL_CTX *s, int cb_id, void (*fp) (void));
+};
+
+# define TLS13_MAX_RESUMPTION_PSK_LENGTH      64
+
+/*-
+ * Lets make this into an ASN.1 type structure as follows
+ * SSL_SESSION_ID ::= SEQUENCE {
+ *      version                 INTEGER,        -- structure version number
+ *      SSLversion              INTEGER,        -- SSL version number
+ *      Cipher                  OCTET STRING,   -- the 3 byte cipher ID
+ *      Session_ID              OCTET STRING,   -- the Session ID
+ *      Master_key              OCTET STRING,   -- the master key
+ *      Key_Arg [ 0 ] IMPLICIT  OCTET STRING,   -- the optional Key argument
+ *      Time [ 1 ] EXPLICIT     INTEGER,        -- optional Start Time
+ *      Timeout [ 2 ] EXPLICIT  INTEGER,        -- optional Timeout ins seconds
+ *      Peer [ 3 ] EXPLICIT     X509,           -- optional Peer Certificate
+ *      Session_ID_context [ 4 ] EXPLICIT OCTET STRING,   -- the Session ID context
+ *      Verify_result [ 5 ] EXPLICIT INTEGER,   -- X509_V_... code for `Peer'
+ *      HostName [ 6 ] EXPLICIT OCTET STRING,   -- optional HostName from servername TLS extension
+ *      PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint
+ *      PSK_identity [ 8 ] EXPLICIT OCTET STRING,  -- optional PSK identity
+ *      Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket
+ *      Ticket [10]             EXPLICIT OCTET STRING, -- session ticket (clients only)
+ *      Compression_meth [11]   EXPLICIT OCTET STRING, -- optional compression method
+ *      SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username
+ *      flags [ 13 ] EXPLICIT INTEGER -- optional flags
+ *      }
+ * Look in ssl/ssl_asn1.c for more details
+ * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
+ */
+struct ssl_session_st {
+    int ssl_version;            /* what ssl version session info is being kept
+                                 * in here? */
+    size_t master_key_length;
+
+    /* TLSv1.3 early_secret used for external PSKs */
+    unsigned char early_secret[EVP_MAX_MD_SIZE];
+    /*
+     * For <=TLS1.2 this is the master_key. For TLS1.3 this is the resumption
+     * PSK
+     */
+    unsigned char master_key[TLS13_MAX_RESUMPTION_PSK_LENGTH];
+    /* session_id - valid? */
+    size_t session_id_length;
+    unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
+    /*
+     * this is used to determine whether the session is being reused in the
+     * appropriate context. It is up to the application to set this, via
+     * SSL_new
+     */
+    size_t sid_ctx_length;
+    unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
+# ifndef OPENSSL_NO_PSK
+    char *psk_identity_hint;
+    char *psk_identity;
+# endif
+    /*
+     * Used to indicate that session resumption is not allowed. Applications
+     * can also set this bit for a new session via not_resumable_session_cb
+     * to disable session caching and tickets.
+     */
+    int not_resumable;
+    /* This is the cert and type for the other end. */
+    X509 *peer;
+    int peer_type;
+    /* Certificate chain peer sent. */
+    STACK_OF(X509) *peer_chain;
+    /*
+     * when app_verify_callback accepts a session where the peer's
+     * certificate is not ok, we must remember the error for session reuse:
+     */
+    long verify_result;         /* only for servers */
+    CRYPTO_REF_COUNT references;
+    long timeout;
+    long time;
+    unsigned int compress_meth; /* Need to lookup the method */
+    const SSL_CIPHER *cipher;
+    unsigned long cipher_id;    /* when ASN.1 loaded, this needs to be used to
+                                 * load the 'cipher' structure */
+    STACK_OF(SSL_CIPHER) *ciphers; /* ciphers offered by the client */
+    CRYPTO_EX_DATA ex_data;     /* application specific data */
+    /*
+     * These are used to make removal of session-ids more efficient and to
+     * implement a maximum cache size.
+     */
+    struct ssl_session_st *prev, *next;
+
+    struct {
+        char *hostname;
+# ifndef OPENSSL_NO_EC
+        size_t ecpointformats_len;
+        unsigned char *ecpointformats; /* peer's list */
+# endif                         /* OPENSSL_NO_EC */
+        size_t supportedgroups_len;
+        uint16_t *supportedgroups; /* peer's list */
+    /* RFC4507 info */
+        unsigned char *tick; /* Session ticket */
+        size_t ticklen;      /* Session ticket length */
+        /* Session lifetime hint in seconds */
+        unsigned long tick_lifetime_hint;
+        uint32_t tick_age_add;
+        int tick_identity;
+        /* Max number of bytes that can be sent as early data */
+        uint32_t max_early_data;
+        /* The ALPN protocol selected for this session */
+        unsigned char *alpn_selected;
+        size_t alpn_selected_len;
+        /*
+         * Maximum Fragment Length as per RFC 4366.
+         * If this value does not contain RFC 4366 allowed values (1-4) then
+         * either the Maximum Fragment Length Negotiation failed or was not
+         * performed at all.
+         */
+        uint8_t max_fragment_len_mode;
+    } ext;
+# ifndef OPENSSL_NO_SRP
+    char *srp_username;
+# endif
+    unsigned char *ticket_appdata;
+    size_t ticket_appdata_len;
+    uint32_t flags;
+    CRYPTO_RWLOCK *lock;
+};
+
+/* Extended master secret support */
+# define SSL_SESS_FLAG_EXTMS             0x1
+
+# ifndef OPENSSL_NO_SRP
+
+typedef struct srp_ctx_st {
+    /* param for all the callbacks */
+    void *SRP_cb_arg;
+    /* set client Hello login callback */
+    int (*TLS_ext_srp_username_callback) (SSL *, int *, void *);
+    /* set SRP N/g param callback for verification */
+    int (*SRP_verify_param_callback) (SSL *, void *);
+    /* set SRP client passwd callback */
+    char *(*SRP_give_srp_client_pwd_callback) (SSL *, void *);
+    char *login;
+    BIGNUM *N, *g, *s, *B, *A;
+    BIGNUM *a, *b, *v;
+    char *info;
+    int strength;
+    unsigned long srp_Mask;
+} SRP_CTX;
+
+# endif
+
+typedef enum {
+    SSL_EARLY_DATA_NONE = 0,
+    SSL_EARLY_DATA_CONNECT_RETRY,
+    SSL_EARLY_DATA_CONNECTING,
+    SSL_EARLY_DATA_WRITE_RETRY,
+    SSL_EARLY_DATA_WRITING,
+    SSL_EARLY_DATA_WRITE_FLUSH,
+    SSL_EARLY_DATA_UNAUTH_WRITING,
+    SSL_EARLY_DATA_FINISHED_WRITING,
+    SSL_EARLY_DATA_ACCEPT_RETRY,
+    SSL_EARLY_DATA_ACCEPTING,
+    SSL_EARLY_DATA_READ_RETRY,
+    SSL_EARLY_DATA_READING,
+    SSL_EARLY_DATA_FINISHED_READING
+} SSL_EARLY_DATA_STATE;
+
+/*
+ * We check that the amount of unreadable early data doesn't exceed
+ * max_early_data. max_early_data is given in plaintext bytes. However if it is
+ * unreadable then we only know the number of ciphertext bytes. We also don't
+ * know how much the overhead should be because it depends on the ciphersuite.
+ * We make a small allowance. We assume 5 records of actual data plus the end
+ * of early data alert record. Each record has a tag and a content type byte.
+ * The longest tag length we know of is EVP_GCM_TLS_TAG_LEN. We don't count the
+ * content of the alert record either which is 2 bytes.
+ */
+# define EARLY_DATA_CIPHERTEXT_OVERHEAD ((6 * (EVP_GCM_TLS_TAG_LEN + 1)) + 2)
+
+/*
+ * The allowance we have between the client's calculated ticket age and our own.
+ * We allow for 10 seconds (units are in ms). If a ticket is presented and the
+ * client's age calculation is different by more than this than our own then we
+ * do not allow that ticket for early_data.
+ */
+# define TICKET_AGE_ALLOWANCE   (10 * 1000)
+
+#define MAX_COMPRESSIONS_SIZE   255
+
+struct ssl_comp_st {
+    int id;
+    const char *name;
+    COMP_METHOD *method;
+};
+
+typedef struct raw_extension_st {
+    /* Raw packet data for the extension */
+    PACKET data;
+    /* Set to 1 if the extension is present or 0 otherwise */
+    int present;
+    /* Set to 1 if we have already parsed the extension or 0 otherwise */
+    int parsed;
+    /* The type of this extension, i.e. a TLSEXT_TYPE_* value */
+    unsigned int type;
+    /* Track what order extensions are received in (0-based). */
+    size_t received_order;
+} RAW_EXTENSION;
+
+typedef struct {
+    unsigned int isv2;
+    unsigned int legacy_version;
+    unsigned char random[SSL3_RANDOM_SIZE];
+    size_t session_id_len;
+    unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
+    size_t dtls_cookie_len;
+    unsigned char dtls_cookie[DTLS1_COOKIE_LENGTH];
+    PACKET ciphersuites;
+    size_t compressions_len;
+    unsigned char compressions[MAX_COMPRESSIONS_SIZE];
+    PACKET extensions;
+    size_t pre_proc_exts_len;
+    RAW_EXTENSION *pre_proc_exts;
+} CLIENTHELLO_MSG;
+
+/*
+ * Extension index values NOTE: Any updates to these defines should be mirrored
+ * with equivalent updates to ext_defs in extensions.c
+ */
+typedef enum tlsext_index_en {
+    TLSEXT_IDX_renegotiate,
+    TLSEXT_IDX_server_name,
+    TLSEXT_IDX_max_fragment_length,
+    TLSEXT_IDX_srp,
+    TLSEXT_IDX_ec_point_formats,
+    TLSEXT_IDX_supported_groups,
+    TLSEXT_IDX_session_ticket,
+    TLSEXT_IDX_status_request,
+    TLSEXT_IDX_next_proto_neg,
+    TLSEXT_IDX_application_layer_protocol_negotiation,
+    TLSEXT_IDX_use_srtp,
+    TLSEXT_IDX_encrypt_then_mac,
+    TLSEXT_IDX_signed_certificate_timestamp,
+    TLSEXT_IDX_extended_master_secret,
+    TLSEXT_IDX_signature_algorithms_cert,
+    TLSEXT_IDX_post_handshake_auth,
+    TLSEXT_IDX_signature_algorithms,
+    TLSEXT_IDX_supported_versions,
+    TLSEXT_IDX_psk_kex_modes,
+    TLSEXT_IDX_key_share,
+    TLSEXT_IDX_cookie,
+    TLSEXT_IDX_cryptopro_bug,
+    TLSEXT_IDX_early_data,
+    TLSEXT_IDX_certificate_authorities,
+    TLSEXT_IDX_padding,
+    TLSEXT_IDX_psk,
+    /* Dummy index - must always be the last entry */
+    TLSEXT_IDX_num_builtins
+} TLSEXT_INDEX;
+
+DEFINE_LHASH_OF(SSL_SESSION);
+/* Needed in ssl_cert.c */
+DEFINE_LHASH_OF(X509_NAME);
+
+# define TLSEXT_KEYNAME_LENGTH  16
+# define TLSEXT_TICK_KEY_LENGTH 32
+
+typedef struct ssl_ctx_ext_secure_st {
+    unsigned char tick_hmac_key[TLSEXT_TICK_KEY_LENGTH];
+    unsigned char tick_aes_key[TLSEXT_TICK_KEY_LENGTH];
+} SSL_CTX_EXT_SECURE;
+
+struct ssl_ctx_st {
+    const SSL_METHOD *method;
+    STACK_OF(SSL_CIPHER) *cipher_list;
+    /* same as above but sorted for lookup */
+    STACK_OF(SSL_CIPHER) *cipher_list_by_id;
+    /* TLSv1.3 specific ciphersuites */
+    STACK_OF(SSL_CIPHER) *tls13_ciphersuites;
+    struct x509_store_st /* X509_STORE */ *cert_store;
+    LHASH_OF(SSL_SESSION) *sessions;
+    /*
+     * Most session-ids that will be cached, default is
+     * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited.
+     */
+    size_t session_cache_size;
+    struct ssl_session_st *session_cache_head;
+    struct ssl_session_st *session_cache_tail;
+    /*
+     * This can have one of 2 values, ored together, SSL_SESS_CACHE_CLIENT,
+     * SSL_SESS_CACHE_SERVER, Default is SSL_SESSION_CACHE_SERVER, which
+     * means only SSL_accept will cache SSL_SESSIONS.
+     */
+    uint32_t session_cache_mode;
+    /*
+     * If timeout is not 0, it is the default timeout value set when
+     * SSL_new() is called.  This has been put in to make life easier to set
+     * things up
+     */
+    long session_timeout;
+    /*
+     * If this callback is not null, it will be called each time a session id
+     * is added to the cache.  If this function returns 1, it means that the
+     * callback will do a SSL_SESSION_free() when it has finished using it.
+     * Otherwise, on 0, it means the callback has finished with it. If
+     * remove_session_cb is not null, it will be called when a session-id is
+     * removed from the cache.  After the call, OpenSSL will
+     * SSL_SESSION_free() it.
+     */
+    int (*new_session_cb) (struct ssl_st *ssl, SSL_SESSION *sess);
+    void (*remove_session_cb) (struct ssl_ctx_st *ctx, SSL_SESSION *sess);
+    SSL_SESSION *(*get_session_cb) (struct ssl_st *ssl,
+                                    const unsigned char *data, int len,
+                                    int *copy);
+    struct {
+        TSAN_QUALIFIER int sess_connect;       /* SSL new conn - started */
+        TSAN_QUALIFIER int sess_connect_renegotiate; /* SSL reneg - requested */
+        TSAN_QUALIFIER int sess_connect_good;  /* SSL new conne/reneg - finished */
+        TSAN_QUALIFIER int sess_accept;        /* SSL new accept - started */
+        TSAN_QUALIFIER int sess_accept_renegotiate; /* SSL reneg - requested */
+        TSAN_QUALIFIER int sess_accept_good;   /* SSL accept/reneg - finished */
+        TSAN_QUALIFIER int sess_miss;          /* session lookup misses */
+        TSAN_QUALIFIER int sess_timeout;       /* reuse attempt on timeouted session */
+        TSAN_QUALIFIER int sess_cache_full;    /* session removed due to full cache */
+        TSAN_QUALIFIER int sess_hit;           /* session reuse actually done */
+        TSAN_QUALIFIER int sess_cb_hit;        /* session-id that was not in
+                                                * the cache was passed back via
+                                                * the callback. This indicates
+                                                * that the application is
+                                                * supplying session-id's from
+                                                * other processes - spooky
+                                                * :-) */
+    } stats;
+
+    CRYPTO_REF_COUNT references;
+
+    /* if defined, these override the X509_verify_cert() calls */
+    int (*app_verify_callback) (X509_STORE_CTX *, void *);
+    void *app_verify_arg;
+    /*
+     * before OpenSSL 0.9.7, 'app_verify_arg' was ignored
+     * ('app_verify_callback' was called with just one argument)
+     */
+
+    /* Default password callback. */
+    pem_password_cb *default_passwd_callback;
+
+    /* Default password callback user data. */
+    void *default_passwd_callback_userdata;
+
+    /* get client cert callback */
+    int (*client_cert_cb) (SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+
+    /* cookie generate callback */
+    int (*app_gen_cookie_cb) (SSL *ssl, unsigned char *cookie,
+                              unsigned int *cookie_len);
+
+    /* verify cookie callback */
+    int (*app_verify_cookie_cb) (SSL *ssl, const unsigned char *cookie,
+                                 unsigned int cookie_len);
+
+    /* TLS1.3 app-controlled cookie generate callback */
+    int (*gen_stateless_cookie_cb) (SSL *ssl, unsigned char *cookie,
+                                    size_t *cookie_len);
+
+    /* TLS1.3 verify app-controlled cookie callback */
+    int (*verify_stateless_cookie_cb) (SSL *ssl, const unsigned char *cookie,
+                                       size_t cookie_len);
+
+    CRYPTO_EX_DATA ex_data;
+
+    const EVP_MD *md5;          /* For SSLv3/TLSv1 'ssl3-md5' */
+    const EVP_MD *sha1;         /* For SSLv3/TLSv1 'ssl3->sha1' */
+
+    STACK_OF(X509) *extra_certs;
+    STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */
+
+    /* Default values used when no per-SSL value is defined follow */
+
+    /* used if SSL's info_callback is NULL */
+    void (*info_callback) (const SSL *ssl, int type, int val);
+
+    /*
+     * What we put in certificate_authorities extension for TLS 1.3
+     * (ClientHello and CertificateRequest) or just client cert requests for
+     * earlier versions.
+     */
+    STACK_OF(X509_NAME) *ca_names;
+
+    /*
+     * Default values to use in SSL structures follow (these are copied by
+     * SSL_new)
+     */
+
+    uint32_t options;
+    uint32_t mode;
+    int min_proto_version;
+    int max_proto_version;
+    size_t max_cert_list;
+
+    struct cert_st /* CERT */ *cert;
+    int read_ahead;
+
+    /* callback that allows applications to peek at protocol messages */
+    void (*msg_callback) (int write_p, int version, int content_type,
+                          const void *buf, size_t len, SSL *ssl, void *arg);
+    void *msg_callback_arg;
+
+    uint32_t verify_mode;
+    size_t sid_ctx_length;
+    unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
+    /* called 'verify_callback' in the SSL */
+    int (*default_verify_callback) (int ok, X509_STORE_CTX *ctx);
+
+    /* Default generate session ID callback. */
+    GEN_SESSION_CB generate_session_id;
+
+    X509_VERIFY_PARAM *param;
+
+    int quiet_shutdown;
+
+# ifndef OPENSSL_NO_CT
+    CTLOG_STORE *ctlog_store;   /* CT Log Store */
+    /*
+     * Validates that the SCTs (Signed Certificate Timestamps) are sufficient.
+     * If they are not, the connection should be aborted.
+     */
+    ssl_ct_validation_cb ct_validation_callback;
+    void *ct_validation_callback_arg;
+# endif
+
+    /*
+     * If we're using more than one pipeline how should we divide the data
+     * up between the pipes?
+     */
+    size_t split_send_fragment;
+    /*
+     * Maximum amount of data to send in one fragment. actual record size can
+     * be more than this due to padding and MAC overheads.
+     */
+    size_t max_send_fragment;
+
+    /* Up to how many pipelines should we use? If 0 then 1 is assumed */
+    size_t max_pipelines;
+
+    /* The default read buffer length to use (0 means not set) */
+    size_t default_read_buf_len;
+
+# ifndef OPENSSL_NO_ENGINE
+    /*
+     * Engine to pass requests for client certs to
+     */
+    ENGINE *client_cert_engine;
+# endif
+
+    /* ClientHello callback.  Mostly for extensions, but not entirely. */
+    SSL_client_hello_cb_fn client_hello_cb;
+    void *client_hello_cb_arg;
+
+    /* TLS extensions. */
+    struct {
+        /* TLS extensions servername callback */
+        int (*servername_cb) (SSL *, int *, void *);
+        void *servername_arg;
+        /* RFC 4507 session ticket keys */
+        unsigned char tick_key_name[TLSEXT_KEYNAME_LENGTH];
+        SSL_CTX_EXT_SECURE *secure;
+        /* Callback to support customisation of ticket key setting */
+        int (*ticket_key_cb) (SSL *ssl,
+                              unsigned char *name, unsigned char *iv,
+                              EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc);
+
+        /* certificate status request info */
+        /* Callback for status request */
+        int (*status_cb) (SSL *ssl, void *arg);
+        void *status_arg;
+        /* ext status type used for CSR extension (OCSP Stapling) */
+        int status_type;
+        /* RFC 4366 Maximum Fragment Length Negotiation */
+        uint8_t max_fragment_len_mode;
+
+# ifndef OPENSSL_NO_EC
+        /* EC extension values inherited by SSL structure */
+        size_t ecpointformats_len;
+        unsigned char *ecpointformats;
+        size_t supportedgroups_len;
+        uint16_t *supportedgroups;
+# endif                         /* OPENSSL_NO_EC */
+
+        /*
+         * ALPN information (we are in the process of transitioning from NPN to
+         * ALPN.)
+         */
+
+        /*-
+         * For a server, this contains a callback function that allows the
+         * server to select the protocol for the connection.
+         *   out: on successful return, this must point to the raw protocol
+         *        name (without the length prefix).
+         *   outlen: on successful return, this contains the length of |*out|.
+         *   in: points to the client's list of supported protocols in
+         *       wire-format.
+         *   inlen: the length of |in|.
+         */
+        int (*alpn_select_cb) (SSL *s,
+                               const unsigned char **out,
+                               unsigned char *outlen,
+                               const unsigned char *in,
+                               unsigned int inlen, void *arg);
+        void *alpn_select_cb_arg;
+
+        /*
+         * For a client, this contains the list of supported protocols in wire
+         * format.
+         */
+        unsigned char *alpn;
+        size_t alpn_len;
+
+# ifndef OPENSSL_NO_NEXTPROTONEG
+        /* Next protocol negotiation information */
+
+        /*
+         * For a server, this contains a callback function by which the set of
+         * advertised protocols can be provided.
+         */
+        SSL_CTX_npn_advertised_cb_func npn_advertised_cb;
+        void *npn_advertised_cb_arg;
+        /*
+         * For a client, this contains a callback function that selects the next
+         * protocol from the list provided by the server.
+         */
+        SSL_CTX_npn_select_cb_func npn_select_cb;
+        void *npn_select_cb_arg;
+# endif
+
+        unsigned char cookie_hmac_key[SHA256_DIGEST_LENGTH];
+    } ext;
+
+# ifndef OPENSSL_NO_PSK
+    SSL_psk_client_cb_func psk_client_callback;
+    SSL_psk_server_cb_func psk_server_callback;
+# endif
+    SSL_psk_find_session_cb_func psk_find_session_cb;
+    SSL_psk_use_session_cb_func psk_use_session_cb;
+
+# ifndef OPENSSL_NO_SRP
+    SRP_CTX srp_ctx;            /* ctx for SRP authentication */
+# endif
+
+    /* Shared DANE context */
+    struct dane_ctx_st dane;
+
+# ifndef OPENSSL_NO_SRTP
+    /* SRTP profiles we are willing to do from RFC 5764 */
+    STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
+# endif
+    /*
+     * Callback for disabling session caching and ticket support on a session
+     * basis, depending on the chosen cipher.
+     */
+    int (*not_resumable_session_cb) (SSL *ssl, int is_forward_secure);
+
+    CRYPTO_RWLOCK *lock;
+
+    /*
+     * Callback for logging key material for use with debugging tools like
+     * Wireshark. The callback should log `line` followed by a newline.
+     */
+    SSL_CTX_keylog_cb_func keylog_callback;
+
+    /*
+     * The maximum number of bytes advertised in session tickets that can be
+     * sent as early data.
+     */
+    uint32_t max_early_data;
+
+    /*
+     * The maximum number of bytes of early data that a server will tolerate
+     * (which should be at least as much as max_early_data).
+     */
+    uint32_t recv_max_early_data;
+
+    /* TLS1.3 padding callback */
+    size_t (*record_padding_cb)(SSL *s, int type, size_t len, void *arg);
+    void *record_padding_arg;
+    size_t block_padding;
+
+    /* Session ticket appdata */
+    SSL_CTX_generate_session_ticket_fn generate_ticket_cb;
+    SSL_CTX_decrypt_session_ticket_fn decrypt_ticket_cb;
+    void *ticket_cb_data;
+
+    /* The number of TLS1.3 tickets to automatically send */
+    size_t num_tickets;
+
+    /* Callback to determine if early_data is acceptable or not */
+    SSL_allow_early_data_cb_fn allow_early_data_cb;
+    void *allow_early_data_cb_data;
+
+    /* Do we advertise Post-handshake auth support? */
+    int pha_enabled;
+};
+
+struct ssl_st {
+    /*
+     * protocol version (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION,
+     * DTLS1_VERSION)
+     */
+    int version;
+    /* SSLv3 */
+    const SSL_METHOD *method;
+    /*
+     * There are 2 BIO's even though they are normally both the same.  This
+     * is so data can be read and written to different handlers
+     */
+    /* used by SSL_read */
+    BIO *rbio;
+    /* used by SSL_write */
+    BIO *wbio;
+    /* used during session-id reuse to concatenate messages */
+    BIO *bbio;
+    /*
+     * This holds a variable that indicates what we were doing when a 0 or -1
+     * is returned.  This is needed for non-blocking IO so we know what
+     * request needs re-doing when in SSL_accept or SSL_connect
+     */
+    int rwstate;
+    int (*handshake_func) (SSL *);
+    /*
+     * Imagine that here's a boolean member "init" that is switched as soon
+     * as SSL_set_{accept/connect}_state is called for the first time, so
+     * that "state" and "handshake_func" are properly initialized.  But as
+     * handshake_func is == 0 until then, we use this test instead of an
+     * "init" member.
+     */
+    /* are we the server side? */
+    int server;
+    /*
+     * Generate a new session or reuse an old one.
+     * NB: For servers, the 'new' session may actually be a previously
+     * cached session or even the previous session unless
+     * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set
+     */
+    int new_session;
+    /* don't send shutdown packets */
+    int quiet_shutdown;
+    /* we have shut things down, 0x01 sent, 0x02 for received */
+    int shutdown;
+    /* where we are */
+    OSSL_STATEM statem;
+    SSL_EARLY_DATA_STATE early_data_state;
+    BUF_MEM *init_buf;          /* buffer used during init */
+    void *init_msg;             /* pointer to handshake message body, set by
+                                 * ssl3_get_message() */
+    size_t init_num;               /* amount read/written */
+    size_t init_off;               /* amount read/written */
+    struct ssl3_state_st *s3;   /* SSLv3 variables */
+    struct dtls1_state_st *d1;  /* DTLSv1 variables */
+    /* callback that allows applications to peek at protocol messages */
+    void (*msg_callback) (int write_p, int version, int content_type,
+                          const void *buf, size_t len, SSL *ssl, void *arg);
+    void *msg_callback_arg;
+    int hit;                    /* reusing a previous session */
+    X509_VERIFY_PARAM *param;
+    /* Per connection DANE state */
+    SSL_DANE dane;
+    /* crypto */
+    STACK_OF(SSL_CIPHER) *cipher_list;
+    STACK_OF(SSL_CIPHER) *cipher_list_by_id;
+    /* TLSv1.3 specific ciphersuites */
+    STACK_OF(SSL_CIPHER) *tls13_ciphersuites;
+    /*
+     * These are the ones being used, the ones in SSL_SESSION are the ones to
+     * be 'copied' into these ones
+     */
+    uint32_t mac_flags;
+    /*
+     * The TLS1.3 secrets.
+     */
+    unsigned char early_secret[EVP_MAX_MD_SIZE];
+    unsigned char handshake_secret[EVP_MAX_MD_SIZE];
+    unsigned char master_secret[EVP_MAX_MD_SIZE];
+    unsigned char resumption_master_secret[EVP_MAX_MD_SIZE];
+    unsigned char client_finished_secret[EVP_MAX_MD_SIZE];
+    unsigned char server_finished_secret[EVP_MAX_MD_SIZE];
+    unsigned char server_finished_hash[EVP_MAX_MD_SIZE];
+    unsigned char handshake_traffic_hash[EVP_MAX_MD_SIZE];
+    unsigned char client_app_traffic_secret[EVP_MAX_MD_SIZE];
+    unsigned char server_app_traffic_secret[EVP_MAX_MD_SIZE];
+    unsigned char exporter_master_secret[EVP_MAX_MD_SIZE];
+    unsigned char early_exporter_master_secret[EVP_MAX_MD_SIZE];
+    EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */
+    unsigned char read_iv[EVP_MAX_IV_LENGTH]; /* TLSv1.3 static read IV */
+    EVP_MD_CTX *read_hash;      /* used for mac generation */
+    COMP_CTX *compress;         /* compression */
+    COMP_CTX *expand;           /* uncompress */
+    EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
+    unsigned char write_iv[EVP_MAX_IV_LENGTH]; /* TLSv1.3 static write IV */
+    EVP_MD_CTX *write_hash;     /* used for mac generation */
+    /* Count of how many KeyUpdate messages we have received */
+    unsigned int key_update_count;
+    /* session info */
+    /* client cert? */
+    /* This is used to hold the server certificate used */
+    struct cert_st /* CERT */ *cert;
+
+    /*
+     * The hash of all messages prior to the CertificateVerify, and the length
+     * of that hash.
+     */
+    unsigned char cert_verify_hash[EVP_MAX_MD_SIZE];
+    size_t cert_verify_hash_len;
+
+    /* Flag to indicate whether we should send a HelloRetryRequest or not */
+    enum {SSL_HRR_NONE = 0, SSL_HRR_PENDING, SSL_HRR_COMPLETE}
+        hello_retry_request;
+
+    /*
+     * the session_id_context is used to ensure sessions are only reused in
+     * the appropriate context
+     */
+    size_t sid_ctx_length;
+    unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
+    /* This can also be in the session once a session is established */
+    SSL_SESSION *session;
+    /* TLSv1.3 PSK session */
+    SSL_SESSION *psksession;
+    unsigned char *psksession_id;
+    size_t psksession_id_len;
+    /* Default generate session ID callback. */
+    GEN_SESSION_CB generate_session_id;
+    /*
+     * The temporary TLSv1.3 session id. This isn't really a session id at all
+     * but is a random value sent in the legacy session id field.
+     */
+    unsigned char tmp_session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
+    size_t tmp_session_id_len;
+    /* Used in SSL3 */
+    /*
+     * 0 don't care about verify failure.
+     * 1 fail if verify fails
+     */
+    uint32_t verify_mode;
+    /* fail if callback returns 0 */
+    int (*verify_callback) (int ok, X509_STORE_CTX *ctx);
+    /* optional informational callback */
+    void (*info_callback) (const SSL *ssl, int type, int val);
+    /* error bytes to be written */
+    int error;
+    /* actual code */
+    int error_code;
+# ifndef OPENSSL_NO_PSK
+    SSL_psk_client_cb_func psk_client_callback;
+    SSL_psk_server_cb_func psk_server_callback;
+# endif
+    SSL_psk_find_session_cb_func psk_find_session_cb;
+    SSL_psk_use_session_cb_func psk_use_session_cb;
+
+    SSL_CTX *ctx;
+    /* Verified chain of peer */
+    STACK_OF(X509) *verified_chain;
+    long verify_result;
+    /* extra application data */
+    CRYPTO_EX_DATA ex_data;
+    /* for server side, keep the list of CA_dn we can use */
+    STACK_OF(X509_NAME) *ca_names;
+    CRYPTO_REF_COUNT references;
+    /* protocol behaviour */
+    uint32_t options;
+    /* API behaviour */
+    uint32_t mode;
+    int min_proto_version;
+    int max_proto_version;
+    size_t max_cert_list;
+    int first_packet;
+    /*
+     * What was passed in ClientHello.legacy_version. Used for RSA pre-master
+     * secret and SSLv3/TLS (<=1.2) rollback check
+     */
+    int client_version;
+    /*
+     * If we're using more than one pipeline how should we divide the data
+     * up between the pipes?
+     */
+    size_t split_send_fragment;
+    /*
+     * Maximum amount of data to send in one fragment. actual record size can
+     * be more than this due to padding and MAC overheads.
+     */
+    size_t max_send_fragment;
+    /* Up to how many pipelines should we use? If 0 then 1 is assumed */
+    size_t max_pipelines;
+
+    struct {
+        /* Built-in extension flags */
+        uint8_t extflags[TLSEXT_IDX_num_builtins];
+        /* TLS extension debug callback */
+        void (*debug_cb)(SSL *s, int client_server, int type,
+                         const unsigned char *data, int len, void *arg);
+        void *debug_arg;
+        char *hostname;
+        /* certificate status request info */
+        /* Status type or -1 if no status type */
+        int status_type;
+        /* Raw extension data, if seen */
+        unsigned char *scts;
+        /* Length of raw extension data, if seen */
+        uint16_t scts_len;
+        /* Expect OCSP CertificateStatus message */
+        int status_expected;
+
+        struct {
+            /* OCSP status request only */
+            STACK_OF(OCSP_RESPID) *ids;
+            X509_EXTENSIONS *exts;
+            /* OCSP response received or to be sent */
+            unsigned char *resp;
+            size_t resp_len;
+        } ocsp;
+
+        /* RFC4507 session ticket expected to be received or sent */
+        int ticket_expected;
+# ifndef OPENSSL_NO_EC
+        size_t ecpointformats_len;
+        /* our list */
+        unsigned char *ecpointformats;
+# endif                         /* OPENSSL_NO_EC */
+        size_t supportedgroups_len;
+        /* our list */
+        uint16_t *supportedgroups;
+        /* TLS Session Ticket extension override */
+        TLS_SESSION_TICKET_EXT *session_ticket;
+        /* TLS Session Ticket extension callback */
+        tls_session_ticket_ext_cb_fn session_ticket_cb;
+        void *session_ticket_cb_arg;
+        /* TLS pre-shared secret session resumption */
+        tls_session_secret_cb_fn session_secret_cb;
+        void *session_secret_cb_arg;
+        /*
+         * For a client, this contains the list of supported protocols in wire
+         * format.
+         */
+        unsigned char *alpn;
+        size_t alpn_len;
+        /*
+         * Next protocol negotiation. For the client, this is the protocol that
+         * we sent in NextProtocol and is set when handling ServerHello
+         * extensions. For a server, this is the client's selected_protocol from
+         * NextProtocol and is set when handling the NextProtocol message, before
+         * the Finished message.
+         */
+        unsigned char *npn;
+        size_t npn_len;
+
+        /* The available PSK key exchange modes */
+        int psk_kex_mode;
+
+        /* Set to one if we have negotiated ETM */
+        int use_etm;
+
+        /* Are we expecting to receive early data? */
+        int early_data;
+        /* Is the session suitable for early data? */
+        int early_data_ok;
+
+        /* May be sent by a server in HRR. Must be echoed back in ClientHello */
+        unsigned char *tls13_cookie;
+        size_t tls13_cookie_len;
+        /* Have we received a cookie from the client? */
+        int cookieok;
+
+        /*
+         * Maximum Fragment Length as per RFC 4366.
+         * If this member contains one of the allowed values (1-4)
+         * then we should include Maximum Fragment Length Negotiation
+         * extension in Client Hello.
+         * Please note that value of this member does not have direct
+         * effect. The actual (binding) value is stored in SSL_SESSION,
+         * as this extension is optional on server side.
+         */
+        uint8_t max_fragment_len_mode;
+    } ext;
+
+    /*
+     * Parsed form of the ClientHello, kept around across client_hello_cb
+     * calls.
+     */
+    CLIENTHELLO_MSG *clienthello;
+
+    /*-
+     * no further mod of servername
+     * 0 : call the servername extension callback.
+     * 1 : prepare 2, allow last ack just after in server callback.
+     * 2 : don't call servername callback, no ack in server hello
+     */
+    int servername_done;
+# ifndef OPENSSL_NO_CT
+    /*
+     * Validates that the SCTs (Signed Certificate Timestamps) are sufficient.
+     * If they are not, the connection should be aborted.
+     */
+    ssl_ct_validation_cb ct_validation_callback;
+    /* User-supplied argument that is passed to the ct_validation_callback */
+    void *ct_validation_callback_arg;
+    /*
+     * Consolidated stack of SCTs from all sources.
+     * Lazily populated by CT_get_peer_scts(SSL*)
+     */
+    STACK_OF(SCT) *scts;
+    /* Have we attempted to find/parse SCTs yet? */
+    int scts_parsed;
+# endif
+    SSL_CTX *session_ctx;       /* initial ctx, used to store sessions */
+# ifndef OPENSSL_NO_SRTP
+    /* What we'll do */
+    STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
+    /* What's been chosen */
+    SRTP_PROTECTION_PROFILE *srtp_profile;
+# endif
+    /*-
+     * 1 if we are renegotiating.
+     * 2 if we are a server and are inside a handshake
+     * (i.e. not just sending a HelloRequest)
+     */
+    int renegotiate;
+    /* If sending a KeyUpdate is pending */
+    int key_update;
+    /* Post-handshake authentication state */
+    SSL_PHA_STATE post_handshake_auth;
+    int pha_enabled;
+    uint8_t* pha_context;
+    size_t pha_context_len;
+    int certreqs_sent;
+    EVP_MD_CTX *pha_dgst; /* this is just the digest through ClientFinished */
+
+# ifndef OPENSSL_NO_SRP
+    /* ctx for SRP authentication */
+    SRP_CTX srp_ctx;
+# endif
+    /*
+     * Callback for disabling session caching and ticket support on a session
+     * basis, depending on the chosen cipher.
+     */
+    int (*not_resumable_session_cb) (SSL *ssl, int is_forward_secure);
+    RECORD_LAYER rlayer;
+    /* Default password callback. */
+    pem_password_cb *default_passwd_callback;
+    /* Default password callback user data. */
+    void *default_passwd_callback_userdata;
+    /* Async Job info */
+    ASYNC_JOB *job;
+    ASYNC_WAIT_CTX *waitctx;
+    size_t asyncrw;
+
+    /*
+     * The maximum number of bytes advertised in session tickets that can be
+     * sent as early data.
+     */
+    uint32_t max_early_data;
+    /*
+     * The maximum number of bytes of early data that a server will tolerate
+     * (which should be at least as much as max_early_data).
+     */
+    uint32_t recv_max_early_data;
+
+    /*
+     * The number of bytes of early data received so far. If we accepted early
+     * data then this is a count of the plaintext bytes. If we rejected it then
+     * this is a count of the ciphertext bytes.
+     */
+    uint32_t early_data_count;
+
+    /* TLS1.3 padding callback */
+    size_t (*record_padding_cb)(SSL *s, int type, size_t len, void *arg);
+    void *record_padding_arg;
+    size_t block_padding;
+
+    CRYPTO_RWLOCK *lock;
+    RAND_DRBG *drbg;
+
+    /* The number of TLS1.3 tickets to automatically send */
+    size_t num_tickets;
+    /* The number of TLS1.3 tickets actually sent so far */
+    size_t sent_tickets;
+    /* The next nonce value to use when we send a ticket on this connection */
+    uint64_t next_ticket_nonce;
+
+    /* Callback to determine if early_data is acceptable or not */
+    SSL_allow_early_data_cb_fn allow_early_data_cb;
+    void *allow_early_data_cb_data;
+};
+
+/*
+ * Structure containing table entry of values associated with the signature
+ * algorithms (signature scheme) extension
+*/
+typedef struct sigalg_lookup_st {
+    /* TLS 1.3 signature scheme name */
+    const char *name;
+    /* Raw value used in extension */
+    uint16_t sigalg;
+    /* NID of hash algorithm or NID_undef if no hash */
+    int hash;
+    /* Index of hash algorithm or -1 if no hash algorithm */
+    int hash_idx;
+    /* NID of signature algorithm */
+    int sig;
+    /* Index of signature algorithm */
+    int sig_idx;
+    /* Combined hash and signature NID, if any */
+    int sigandhash;
+    /* Required public key curve (ECDSA only) */
+    int curve;
+} SIGALG_LOOKUP;
+
+typedef struct tls_group_info_st {
+    int nid;                    /* Curve NID */
+    int secbits;                /* Bits of security (from SP800-57) */
+    uint16_t flags;             /* Flags: currently just group type */
+} TLS_GROUP_INFO;
+
+/* flags values */
+# define TLS_CURVE_TYPE          0x3 /* Mask for group type */
+# define TLS_CURVE_PRIME         0x0
+# define TLS_CURVE_CHAR2         0x1
+# define TLS_CURVE_CUSTOM        0x2
+
+typedef struct cert_pkey_st CERT_PKEY;
+
+/*
+ * Structure containing table entry of certificate info corresponding to
+ * CERT_PKEY entries
+ */
+typedef struct {
+    int nid; /* NID of pubic key algorithm */
+    uint32_t amask; /* authmask corresponding to key type */
+} SSL_CERT_LOOKUP;
+
+typedef struct ssl3_state_st {
+    long flags;
+    size_t read_mac_secret_size;
+    unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
+    size_t write_mac_secret_size;
+    unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
+    unsigned char server_random[SSL3_RANDOM_SIZE];
+    unsigned char client_random[SSL3_RANDOM_SIZE];
+    /* flags for countermeasure against known-IV weakness */
+    int need_empty_fragments;
+    int empty_fragment_done;
+    /* used during startup, digest all incoming/outgoing packets */
+    BIO *handshake_buffer;
+    /*
+     * When handshake digest is determined, buffer is hashed and
+     * freed and MD_CTX for the required digest is stored here.
+     */
+    EVP_MD_CTX *handshake_dgst;
+    /*
+     * Set whenever an expected ChangeCipherSpec message is processed.
+     * Unset when the peer's Finished message is received.
+     * Unexpected ChangeCipherSpec messages trigger a fatal alert.
+     */
+    int change_cipher_spec;
+    int warn_alert;
+    int fatal_alert;
+    /*
+     * we allow one fatal and one warning alert to be outstanding, send close
+     * alert via the warning alert
+     */
+    int alert_dispatch;
+    unsigned char send_alert[2];
+    /*
+     * This flag is set when we should renegotiate ASAP, basically when there
+     * is no more data in the read or write buffers
+     */
+    int renegotiate;
+    int total_renegotiations;
+    int num_renegotiations;
+    int in_read_app_data;
+    struct {
+        /* actually only need to be 16+20 for SSLv3 and 12 for TLS */
+        unsigned char finish_md[EVP_MAX_MD_SIZE * 2];
+        size_t finish_md_len;
+        unsigned char peer_finish_md[EVP_MAX_MD_SIZE * 2];
+        size_t peer_finish_md_len;
+        size_t message_size;
+        int message_type;
+        /* used to hold the new cipher we are going to use */
+        const SSL_CIPHER *new_cipher;
+# if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
+        EVP_PKEY *pkey;         /* holds short lived DH/ECDH key */
+# endif
+        /* used for certificate requests */
+        int cert_req;
+        /* Certificate types in certificate request message. */
+        uint8_t *ctype;
+        size_t ctype_len;
+        /* Certificate authorities list peer sent */
+        STACK_OF(X509_NAME) *peer_ca_names;
+        size_t key_block_length;
+        unsigned char *key_block;
+        const EVP_CIPHER *new_sym_enc;
+        const EVP_MD *new_hash;
+        int new_mac_pkey_type;
+        size_t new_mac_secret_size;
+# ifndef OPENSSL_NO_COMP
+        const SSL_COMP *new_compression;
+# else
+        char *new_compression;
+# endif
+        int cert_request;
+        /* Raw values of the cipher list from a client */
+        unsigned char *ciphers_raw;
+        size_t ciphers_rawlen;
+        /* Temporary storage for premaster secret */
+        unsigned char *pms;
+        size_t pmslen;
+# ifndef OPENSSL_NO_PSK
+        /* Temporary storage for PSK key */
+        unsigned char *psk;
+        size_t psklen;
+# endif
+        /* Signature algorithm we actually use */
+        const SIGALG_LOOKUP *sigalg;
+        /* Pointer to certificate we use */
+        CERT_PKEY *cert;
+        /*
+         * signature algorithms peer reports: e.g. supported signature
+         * algorithms extension for server or as part of a certificate
+         * request for client.
+         * Keep track of the algorithms for TLS and X.509 usage separately.
+         */
+        uint16_t *peer_sigalgs;
+        uint16_t *peer_cert_sigalgs;
+        /* Size of above arrays */
+        size_t peer_sigalgslen;
+        size_t peer_cert_sigalgslen;
+        /* Sigalg peer actually uses */
+        const SIGALG_LOOKUP *peer_sigalg;
+        /*
+         * Set if corresponding CERT_PKEY can be used with current
+         * SSL session: e.g. appropriate curve, signature algorithms etc.
+         * If zero it can't be used at all.
+         */
+        uint32_t valid_flags[SSL_PKEY_NUM];
+        /*
+         * For servers the following masks are for the key and auth algorithms
+         * that are supported by the certs below. For clients they are masks of
+         * *disabled* algorithms based on the current session.
+         */
+        uint32_t mask_k;
+        uint32_t mask_a;
+        /*
+         * The following are used by the client to see if a cipher is allowed or
+         * not.  It contains the minimum and maximum version the client's using
+         * based on what it knows so far.
+         */
+        int min_ver;
+        int max_ver;
+    } tmp;
+
+    /* Connection binding to prevent renegotiation attacks */
+    unsigned char previous_client_finished[EVP_MAX_MD_SIZE];
+    size_t previous_client_finished_len;
+    unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
+    size_t previous_server_finished_len;
+    int send_connection_binding; /* TODOEKR */
+
+# ifndef OPENSSL_NO_NEXTPROTONEG
+    /*
+     * Set if we saw the Next Protocol Negotiation extension from our peer.
+     */
+    int npn_seen;
+# endif
+
+    /*
+     * ALPN information (we are in the process of transitioning from NPN to
+     * ALPN.)
+     */
+
+    /*
+     * In a server these point to the selected ALPN protocol after the
+     * ClientHello has been processed. In a client these contain the protocol
+     * that the server selected once the ServerHello has been processed.
+     */
+    unsigned char *alpn_selected;
+    size_t alpn_selected_len;
+    /* used by the server to know what options were proposed */
+    unsigned char *alpn_proposed;
+    size_t alpn_proposed_len;
+    /* used by the client to know if it actually sent alpn */
+    int alpn_sent;
+
+# ifndef OPENSSL_NO_EC
+    /*
+     * This is set to true if we believe that this is a version of Safari
+     * running on OS X 10.6 or newer. We wish to know this because Safari on
+     * 10.8 .. 10.8.3 has broken ECDHE-ECDSA support.
+     */
+    char is_probably_safari;
+# endif                         /* !OPENSSL_NO_EC */
+
+    /* For clients: peer temporary key */
+# if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
+    /* The group_id for the DH/ECDH key */
+    uint16_t group_id;
+    EVP_PKEY *peer_tmp;
+# endif
+
+} SSL3_STATE;
+
+/* DTLS structures */
+
+# ifndef OPENSSL_NO_SCTP
+#  define DTLS1_SCTP_AUTH_LABEL   "EXPORTER_DTLS_OVER_SCTP"
+# endif
+
+/* Max MTU overhead we know about so far is 40 for IPv6 + 8 for UDP */
+# define DTLS1_MAX_MTU_OVERHEAD                   48
+
+/*
+ * Flag used in message reuse to indicate the buffer contains the record
+ * header as well as the handshake message header.
+ */
+# define DTLS1_SKIP_RECORD_HEADER                 2
+
+struct dtls1_retransmit_state {
+    EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
+    EVP_MD_CTX *write_hash;     /* used for mac generation */
+    COMP_CTX *compress;         /* compression */
+    SSL_SESSION *session;
+    unsigned short epoch;
+};
+
+struct hm_header_st {
+    unsigned char type;
+    size_t msg_len;
+    unsigned short seq;
+    size_t frag_off;
+    size_t frag_len;
+    unsigned int is_ccs;
+    struct dtls1_retransmit_state saved_retransmit_state;
+};
+
+struct dtls1_timeout_st {
+    /* Number of read timeouts so far */
+    unsigned int read_timeouts;
+    /* Number of write timeouts so far */
+    unsigned int write_timeouts;
+    /* Number of alerts received so far */
+    unsigned int num_alerts;
+};
+
+typedef struct hm_fragment_st {
+    struct hm_header_st msg_header;
+    unsigned char *fragment;
+    unsigned char *reassembly;
+} hm_fragment;
+
+typedef struct pqueue_st pqueue;
+typedef struct pitem_st pitem;
+
+struct pitem_st {
+    unsigned char priority[8];  /* 64-bit value in big-endian encoding */
+    void *data;
+    pitem *next;
+};
+
+typedef struct pitem_st *piterator;
+
+pitem *pitem_new(unsigned char *prio64be, void *data);
+void pitem_free(pitem *item);
+pqueue *pqueue_new(void);
+void pqueue_free(pqueue *pq);
+pitem *pqueue_insert(pqueue *pq, pitem *item);
+pitem *pqueue_peek(pqueue *pq);
+pitem *pqueue_pop(pqueue *pq);
+pitem *pqueue_find(pqueue *pq, unsigned char *prio64be);
+pitem *pqueue_iterator(pqueue *pq);
+pitem *pqueue_next(piterator *iter);
+size_t pqueue_size(pqueue *pq);
+
+typedef struct dtls1_state_st {
+    unsigned char cookie[DTLS1_COOKIE_LENGTH];
+    size_t cookie_len;
+    unsigned int cookie_verified;
+    /* handshake message numbers */
+    unsigned short handshake_write_seq;
+    unsigned short next_handshake_write_seq;
+    unsigned short handshake_read_seq;
+    /* Buffered handshake messages */
+    pqueue *buffered_messages;
+    /* Buffered (sent) handshake records */
+    pqueue *sent_messages;
+    size_t link_mtu;      /* max on-the-wire DTLS packet size */
+    size_t mtu;           /* max DTLS packet size */
+    struct hm_header_st w_msg_hdr;
+    struct hm_header_st r_msg_hdr;
+    struct dtls1_timeout_st timeout;
+    /*
+     * Indicates when the last handshake msg sent will timeout
+     */
+    struct timeval next_timeout;
+    /* Timeout duration */
+    unsigned int timeout_duration_us;
+
+    unsigned int retransmitting;
+# ifndef OPENSSL_NO_SCTP
+    int shutdown_received;
+# endif
+
+    DTLS_timer_cb timer_cb;
+
+} DTLS1_STATE;
+
 # ifndef OPENSSL_NO_EC
 /*
  * From ECC-TLS draft, used in encoding the curve type in ECParameters
@@ -535,14 +1788,11 @@
 #  define NAMED_CURVE_TYPE           3
 # endif                         /* OPENSSL_NO_EC */
 
-typedef struct cert_pkey_st {
+struct cert_pkey_st {
     X509 *x509;
     EVP_PKEY *privatekey;
-    /* Digest to use when signing */
-    const EVP_MD *digest;
     /* Chain for this certificate */
     STACK_OF(X509) *chain;
-# ifndef OPENSSL_NO_TLSEXT
     /*-
      * serverinfo data for this certificate.  The data is in TLS Extension
      * wire format, specifically it's a series of records like:
@@ -552,31 +1802,34 @@ typedef struct cert_pkey_st {
      */
     unsigned char *serverinfo;
     size_t serverinfo_length;
-# endif
-    /*
-     * Set if CERT_PKEY can be used with current SSL session: e.g.
-     * appropriate curve, signature algorithms etc. If zero it can't be used
-     * at all.
-     */
-    int valid_flags;
-} CERT_PKEY;
+};
 /* Retrieve Suite B flags */
 # define tls1_suiteb(s)  (s->cert->cert_flags & SSL_CERT_FLAG_SUITEB_128_LOS)
 /* Uses to check strict mode: suite B modes are always strict */
 # define SSL_CERT_FLAGS_CHECK_TLS_STRICT \
         (SSL_CERT_FLAG_SUITEB_128_LOS|SSL_CERT_FLAG_TLS_STRICT)
 
+typedef enum {
+    ENDPOINT_CLIENT = 0,
+    ENDPOINT_SERVER,
+    ENDPOINT_BOTH
+} ENDPOINT;
+
+
 typedef struct {
     unsigned short ext_type;
+    ENDPOINT role;
+    /* The context which this extension applies to */
+    unsigned int context;
     /*
      * Per-connection flags relating to this extension type: not used if
      * part of an SSL_CTX structure.
      */
-    unsigned short ext_flags;
-    custom_ext_add_cb add_cb;
-    custom_ext_free_cb free_cb;
+    uint32_t ext_flags;
+    SSL_custom_ext_add_cb_ex add_cb;
+    SSL_custom_ext_free_cb_ex free_cb;
     void *add_arg;
-    custom_ext_parse_cb parse_cb;
+    SSL_custom_ext_parse_cb_ex parse_cb;
     void *parse_arg;
 } custom_ext_method;
 
@@ -593,8 +1846,6 @@ typedef struct {
  */
 # define SSL_EXT_FLAG_SENT       0x2
 
-# define MAX_WARN_ALERT_COUNT    5
-
 typedef struct {
     custom_ext_method *meths;
     size_t meths_count;
@@ -608,73 +1859,40 @@ typedef struct cert_st {
      * an index, not a pointer.
      */
     CERT_PKEY *key;
-    /*
-     * For servers the following masks are for the key and auth algorithms
-     * that are supported by the certs below. For clients they are masks of
-     * *disabled* algorithms based on the current session.
-     */
-    int valid;
-    unsigned long mask_k;
-    unsigned long mask_a;
-    unsigned long export_mask_k;
-    unsigned long export_mask_a;
-    /* Client only */
-    unsigned long mask_ssl;
-# ifndef OPENSSL_NO_RSA
-    RSA *rsa_tmp;
-    RSA *(*rsa_tmp_cb) (SSL *ssl, int is_export, int keysize);
-# endif
 # ifndef OPENSSL_NO_DH
-    DH *dh_tmp;
+    EVP_PKEY *dh_tmp;
     DH *(*dh_tmp_cb) (SSL *ssl, int is_export, int keysize);
-# endif
-# ifndef OPENSSL_NO_ECDH
-    EC_KEY *ecdh_tmp;
-    /* Callback for generating ephemeral ECDH keys */
-    EC_KEY *(*ecdh_tmp_cb) (SSL *ssl, int is_export, int keysize);
-    /* Select ECDH parameters automatically */
-    int ecdh_tmp_auto;
+    int dh_tmp_auto;
 # endif
     /* Flags related to certificates */
-    unsigned int cert_flags;
+    uint32_t cert_flags;
     CERT_PKEY pkeys[SSL_PKEY_NUM];
+    /* Custom certificate types sent in certificate request message. */
+    uint8_t *ctype;
+    size_t ctype_len;
     /*
-     * Certificate types (received or sent) in certificate request message.
-     * On receive this is only set if number of certificate types exceeds
-     * SSL3_CT_NUMBER.
-     */
-    unsigned char *ctypes;
-    size_t ctype_num;
-    /*
-     * signature algorithms peer reports: e.g. supported signature algorithms
-     * extension for server or as part of a certificate request for client.
-     */
-    unsigned char *peer_sigalgs;
-    /* Size of above array */
-    size_t peer_sigalgslen;
-    /*
-     * suppported signature algorithms. When set on a client this is sent in
+     * supported signature algorithms. When set on a client this is sent in
      * the client hello as the supported signature algorithms extension. For
      * servers it represents the signature algorithms we are willing to use.
      */
-    unsigned char *conf_sigalgs;
+    uint16_t *conf_sigalgs;
     /* Size of above array */
     size_t conf_sigalgslen;
     /*
      * Client authentication signature algorithms, if not set then uses
      * conf_sigalgs. On servers these will be the signature algorithms sent
-     * to the client in a cerificate request for TLS 1.2. On a client this
-     * represents the signature algortithms we are willing to use for client
+     * to the client in a certificate request for TLS 1.2. On a client this
+     * represents the signature algorithms we are willing to use for client
      * authentication.
      */
-    unsigned char *client_sigalgs;
+    uint16_t *client_sigalgs;
     /* Size of above array */
     size_t client_sigalgslen;
     /*
      * Signature algorithms shared by client and server: cached because these
      * are used most often.
      */
-    TLS_SIGALGS *shared_sigalgs;
+    const SIGALG_LOOKUP **shared_sigalgs;
     size_t shared_sigalgslen;
     /*
      * Certificate setup callback: if set is called whenever a certificate
@@ -691,127 +1909,59 @@ typedef struct cert_st {
      */
     X509_STORE *chain_store;
     X509_STORE *verify_store;
-    /* Raw values of the cipher list from a client */
-    unsigned char *ciphers_raw;
-    size_t ciphers_rawlen;
-    /* Custom extension methods for server and client */
-    custom_ext_methods cli_ext;
-    custom_ext_methods srv_ext;
-    int references;             /* >1 only if SSL_copy_session_id is used */
-    /* non-optimal, but here due to compatibility */
-    unsigned char *alpn_proposed;   /* server */
-    unsigned int alpn_proposed_len;
-    int alpn_sent;                  /* client */
-    /* Count of the number of consecutive warning alerts received */
-    unsigned int alert_count;
-} CERT;
-
-typedef struct sess_cert_st {
-    STACK_OF(X509) *cert_chain; /* as received from peer (not for SSL2) */
-    /* The 'peer_...' members are used only by clients. */
-    int peer_cert_type;
-    CERT_PKEY *peer_key;        /* points to an element of peer_pkeys (never
-                                 * NULL!) */
-    CERT_PKEY peer_pkeys[SSL_PKEY_NUM];
-    /*
-     * Obviously we don't have the private keys of these, so maybe we
-     * shouldn't even use the CERT_PKEY type here.
-     */
-# ifndef OPENSSL_NO_RSA
-    RSA *peer_rsa_tmp;          /* not used for SSL 2 */
-# endif
-# ifndef OPENSSL_NO_DH
-    DH *peer_dh_tmp;            /* not used for SSL 2 */
+    /* Custom extensions */
+    custom_ext_methods custext;
+    /* Security callback */
+    int (*sec_cb) (const SSL *s, const SSL_CTX *ctx, int op, int bits, int nid,
+                   void *other, void *ex);
+    /* Security level */
+    int sec_level;
+    void *sec_ex;
+# ifndef OPENSSL_NO_PSK
+    /* If not NULL psk identity hint to use for servers */
+    char *psk_identity_hint;
 # endif
-# ifndef OPENSSL_NO_ECDH
-    EC_KEY *peer_ecdh_tmp;
-# endif
-    int references;             /* actually always 1 at the moment */
-} SESS_CERT;
-/* Structure containing decoded values of signature algorithms extension */
-struct tls_sigalgs_st {
-    /* NID of hash algorithm */
-    int hash_nid;
-    /* NID of signature algorithm */
-    int sign_nid;
-    /* Combined hash and signature NID */
-    int signandhash_nid;
-    /* Raw values used in extension */
-    unsigned char rsign;
-    unsigned char rhash;
-};
-
-/*
- * #define MAC_DEBUG
- */
-
-/*
- * #define ERR_DEBUG
- */
-/*
- * #define ABORT_DEBUG
- */
-/*
- * #define PKT_DEBUG 1
- */
-/*
- * #define DES_DEBUG
- */
-/*
- * #define DES_OFB_DEBUG
- */
-/*
- * #define SSL_DEBUG
- */
-/*
- * #define RSA_DEBUG
- */
-/*
- * #define IDEA_DEBUG
- */
+    CRYPTO_REF_COUNT references;             /* >1 only if SSL_copy_session_id is used */
+    CRYPTO_RWLOCK *lock;
+} CERT;
 
 # define FP_ICC  (int (*)(const void *,const void *))
-# define ssl_put_cipher_by_char(ssl,ciph,ptr) \
-                ((ssl)->method->put_cipher_by_char((ciph),(ptr)))
 
 /*
  * This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff It is a bit
  * of a mess of functions, but hell, think of it as an opaque structure :-)
  */
 typedef struct ssl3_enc_method {
-    int (*enc) (SSL *, int);
-    int (*mac) (SSL *, unsigned char *, int);
+    int (*enc) (SSL *, SSL3_RECORD *, size_t, int);
+    int (*mac) (SSL *, SSL3_RECORD *, unsigned char *, int);
     int (*setup_key_block) (SSL *);
     int (*generate_master_secret) (SSL *, unsigned char *, unsigned char *,
-                                   int);
+                                   size_t, size_t *);
     int (*change_cipher_state) (SSL *, int);
-    int (*final_finish_mac) (SSL *, const char *, int, unsigned char *);
-    int finish_mac_length;
-    int (*cert_verify_mac) (SSL *, int, unsigned char *);
+    size_t (*final_finish_mac) (SSL *, const char *, size_t, unsigned char *);
     const char *client_finished_label;
-    int client_finished_label_len;
+    size_t client_finished_label_len;
     const char *server_finished_label;
-    int server_finished_label_len;
+    size_t server_finished_label_len;
     int (*alert_value) (int);
     int (*export_keying_material) (SSL *, unsigned char *, size_t,
                                    const char *, size_t,
                                    const unsigned char *, size_t,
                                    int use_context);
     /* Various flags indicating protocol version requirements */
-    unsigned int enc_flags;
-    /* Handshake header length */
-    unsigned int hhlen;
+    uint32_t enc_flags;
     /* Set the handshake header */
-    void (*set_handshake_header) (SSL *s, int type, unsigned long len);
+    int (*set_handshake_header) (SSL *s, WPACKET *pkt, int type);
+    /* Close construction of the handshake message */
+    int (*close_construct_packet) (SSL *s, WPACKET *pkt, int htype);
     /* Write out handshake message */
     int (*do_write) (SSL *s);
 } SSL3_ENC_METHOD;
 
-# define SSL_HM_HEADER_LENGTH(s) s->method->ssl3_enc->hhlen
-# define ssl_handshake_start(s) \
-        (((unsigned char *)s->init_buf->data) + s->method->ssl3_enc->hhlen)
-# define ssl_set_handshake_header(s, htype, len) \
-        s->method->ssl3_enc->set_handshake_header(s, htype, len)
+# define ssl_set_handshake_header(s, pkt, htype) \
+        s->method->ssl3_enc->set_handshake_header((s), (pkt), (htype))
+# define ssl_close_construct_packet(s, pkt, htype) \
+        s->method->ssl3_enc->close_construct_packet((s), (pkt), (htype))
 # define ssl_do_write(s)  s->method->ssl3_enc->do_write(s)
 
 /* Values for enc_flags */
@@ -840,37 +1990,119 @@ typedef struct ssl3_comp_st {
 } SSL3_COMP;
 # endif
 
-# ifndef OPENSSL_NO_BUF_FREELISTS
-typedef struct ssl3_buf_freelist_st {
-    size_t chunklen;
-    unsigned int len;
-    struct ssl3_buf_freelist_entry_st *head;
-} SSL3_BUF_FREELIST;
+typedef enum downgrade_en {
+    DOWNGRADE_NONE,
+    DOWNGRADE_TO_1_2,
+    DOWNGRADE_TO_1_1
+} DOWNGRADE;
 
-typedef struct ssl3_buf_freelist_entry_st {
-    struct ssl3_buf_freelist_entry_st *next;
-} SSL3_BUF_FREELIST_ENTRY;
-# endif
+/*
+ * Dummy status type for the status_type extension. Indicates no status type
+ * set
+ */
+#define TLSEXT_STATUSTYPE_nothing  -1
+
+/* Sigalgs values */
+#define TLSEXT_SIGALG_ecdsa_secp256r1_sha256                    0x0403
+#define TLSEXT_SIGALG_ecdsa_secp384r1_sha384                    0x0503
+#define TLSEXT_SIGALG_ecdsa_secp521r1_sha512                    0x0603
+#define TLSEXT_SIGALG_ecdsa_sha224                              0x0303
+#define TLSEXT_SIGALG_ecdsa_sha1                                0x0203
+#define TLSEXT_SIGALG_rsa_pss_rsae_sha256                       0x0804
+#define TLSEXT_SIGALG_rsa_pss_rsae_sha384                       0x0805
+#define TLSEXT_SIGALG_rsa_pss_rsae_sha512                       0x0806
+#define TLSEXT_SIGALG_rsa_pss_pss_sha256                        0x0809
+#define TLSEXT_SIGALG_rsa_pss_pss_sha384                        0x080a
+#define TLSEXT_SIGALG_rsa_pss_pss_sha512                        0x080b
+#define TLSEXT_SIGALG_rsa_pkcs1_sha256                          0x0401
+#define TLSEXT_SIGALG_rsa_pkcs1_sha384                          0x0501
+#define TLSEXT_SIGALG_rsa_pkcs1_sha512                          0x0601
+#define TLSEXT_SIGALG_rsa_pkcs1_sha224                          0x0301
+#define TLSEXT_SIGALG_rsa_pkcs1_sha1                            0x0201
+#define TLSEXT_SIGALG_dsa_sha256                                0x0402
+#define TLSEXT_SIGALG_dsa_sha384                                0x0502
+#define TLSEXT_SIGALG_dsa_sha512                                0x0602
+#define TLSEXT_SIGALG_dsa_sha224                                0x0302
+#define TLSEXT_SIGALG_dsa_sha1                                  0x0202
+#define TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256       0xeeee
+#define TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512       0xefef
+#define TLSEXT_SIGALG_gostr34102001_gostr3411                   0xeded
+
+#define TLSEXT_SIGALG_ed25519                                   0x0807
+#define TLSEXT_SIGALG_ed448                                     0x0808
+
+/* Known PSK key exchange modes */
+#define TLSEXT_KEX_MODE_KE                                      0x00
+#define TLSEXT_KEX_MODE_KE_DHE                                  0x01
+
+/*
+ * Internal representations of key exchange modes
+ */
+#define TLSEXT_KEX_MODE_FLAG_NONE                               0
+#define TLSEXT_KEX_MODE_FLAG_KE                                 1
+#define TLSEXT_KEX_MODE_FLAG_KE_DHE                             2
+
+/* An invalid index into the TLSv1.3 PSK identities */
+#define TLSEXT_PSK_BAD_IDENTITY                                 -1
+
+#define SSL_USE_PSS(s) (s->s3->tmp.peer_sigalg != NULL && \
+                        s->s3->tmp.peer_sigalg->sig == EVP_PKEY_RSA_PSS)
+
+/* A dummy signature value not valid for TLSv1.2 signature algs */
+#define TLSEXT_signature_rsa_pss                                0x0101
+
+/* TLSv1.3 downgrade protection sentinel values */
+extern const unsigned char tls11downgrade[8];
+extern const unsigned char tls12downgrade[8];
 
 extern SSL3_ENC_METHOD ssl3_undef_enc_method;
-OPENSSL_EXTERN const SSL_CIPHER ssl2_ciphers[];
-OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[];
 
-SSL_METHOD *ssl_bad_method(int ver);
+__owur const SSL_METHOD *ssl_bad_method(int ver);
+__owur const SSL_METHOD *sslv3_method(void);
+__owur const SSL_METHOD *sslv3_server_method(void);
+__owur const SSL_METHOD *sslv3_client_method(void);
+__owur const SSL_METHOD *tlsv1_method(void);
+__owur const SSL_METHOD *tlsv1_server_method(void);
+__owur const SSL_METHOD *tlsv1_client_method(void);
+__owur const SSL_METHOD *tlsv1_1_method(void);
+__owur const SSL_METHOD *tlsv1_1_server_method(void);
+__owur const SSL_METHOD *tlsv1_1_client_method(void);
+__owur const SSL_METHOD *tlsv1_2_method(void);
+__owur const SSL_METHOD *tlsv1_2_server_method(void);
+__owur const SSL_METHOD *tlsv1_2_client_method(void);
+__owur const SSL_METHOD *tlsv1_3_method(void);
+__owur const SSL_METHOD *tlsv1_3_server_method(void);
+__owur const SSL_METHOD *tlsv1_3_client_method(void);
+__owur const SSL_METHOD *dtlsv1_method(void);
+__owur const SSL_METHOD *dtlsv1_server_method(void);
+__owur const SSL_METHOD *dtlsv1_client_method(void);
+__owur const SSL_METHOD *dtls_bad_ver_client_method(void);
+__owur const SSL_METHOD *dtlsv1_2_method(void);
+__owur const SSL_METHOD *dtlsv1_2_server_method(void);
+__owur const SSL_METHOD *dtlsv1_2_client_method(void);
+
+extern const SSL3_ENC_METHOD TLSv1_enc_data;
+extern const SSL3_ENC_METHOD TLSv1_1_enc_data;
+extern const SSL3_ENC_METHOD TLSv1_2_enc_data;
+extern const SSL3_ENC_METHOD TLSv1_3_enc_data;
+extern const SSL3_ENC_METHOD SSLv3_enc_data;
+extern const SSL3_ENC_METHOD DTLSv1_enc_data;
+extern const SSL3_ENC_METHOD DTLSv1_2_enc_data;
 
-extern SSL3_ENC_METHOD TLSv1_enc_data;
-extern SSL3_ENC_METHOD TLSv1_1_enc_data;
-extern SSL3_ENC_METHOD TLSv1_2_enc_data;
-extern SSL3_ENC_METHOD SSLv3_enc_data;
-extern SSL3_ENC_METHOD DTLSv1_enc_data;
-extern SSL3_ENC_METHOD DTLSv1_2_enc_data;
+/*
+ * Flags for SSL methods
+ */
+# define SSL_METHOD_NO_FIPS      (1U<<0)
+# define SSL_METHOD_NO_SUITEB    (1U<<1)
 
-# define IMPLEMENT_tls_meth_func(version, func_name, s_accept, s_connect, \
-                                s_get_meth, enc_data) \
+# define IMPLEMENT_tls_meth_func(version, flags, mask, func_name, s_accept, \
+                                 s_connect, enc_data) \
 const SSL_METHOD *func_name(void)  \
         { \
         static const SSL_METHOD func_name##_data= { \
                 version, \
+                flags, \
+                mask, \
                 tls1_new, \
                 tls1_clear, \
                 tls1_free, \
@@ -882,7 +2114,6 @@ const SSL_METHOD *func_name(void)  \
                 ssl3_shutdown, \
                 ssl3_renegotiate, \
                 ssl3_renegotiate_check, \
-                ssl3_get_message, \
                 ssl3_read_bytes, \
                 ssl3_write_bytes, \
                 ssl3_dispatch_alert, \
@@ -893,7 +2124,6 @@ const SSL_METHOD *func_name(void)  \
                 ssl3_pending, \
                 ssl3_num_ciphers, \
                 ssl3_get_cipher, \
-                s_get_meth, \
                 tls1_default_timeout, \
                 &enc_data, \
                 ssl_undefined_void_function, \
@@ -903,11 +2133,13 @@ const SSL_METHOD *func_name(void)  \
         return &func_name##_data; \
         }
 
-# define IMPLEMENT_ssl3_meth_func(func_name, s_accept, s_connect, s_get_meth) \
+# define IMPLEMENT_ssl3_meth_func(func_name, s_accept, s_connect) \
 const SSL_METHOD *func_name(void)  \
         { \
         static const SSL_METHOD func_name##_data= { \
                 SSL3_VERSION, \
+                SSL_METHOD_NO_FIPS | SSL_METHOD_NO_SUITEB, \
+                SSL_OP_NO_SSLv3, \
                 ssl3_new, \
                 ssl3_clear, \
                 ssl3_free, \
@@ -919,7 +2151,6 @@ const SSL_METHOD *func_name(void)  \
                 ssl3_shutdown, \
                 ssl3_renegotiate, \
                 ssl3_renegotiate_check, \
-                ssl3_get_message, \
                 ssl3_read_bytes, \
                 ssl3_write_bytes, \
                 ssl3_dispatch_alert, \
@@ -930,7 +2161,6 @@ const SSL_METHOD *func_name(void)  \
                 ssl3_pending, \
                 ssl3_num_ciphers, \
                 ssl3_get_cipher, \
-                s_get_meth, \
                 ssl3_default_timeout, \
                 &SSLv3_enc_data, \
                 ssl_undefined_void_function, \
@@ -940,86 +2170,14 @@ const SSL_METHOD *func_name(void)  \
         return &func_name##_data; \
         }
 
-# define IMPLEMENT_ssl23_meth_func(func_name, s_accept, s_connect, s_get_meth) \
-const SSL_METHOD *func_name(void)  \
-        { \
-        static const SSL_METHOD func_name##_data= { \
-        TLS1_2_VERSION, \
-        tls1_new, \
-        tls1_clear, \
-        tls1_free, \
-        s_accept, \
-        s_connect, \
-        ssl23_read, \
-        ssl23_peek, \
-        ssl23_write, \
-        ssl_undefined_function, \
-        ssl_undefined_function, \
-        ssl_ok, \
-        ssl3_get_message, \
-        ssl3_read_bytes, \
-        ssl3_write_bytes, \
-        ssl3_dispatch_alert, \
-        ssl3_ctrl, \
-        ssl3_ctx_ctrl, \
-        ssl23_get_cipher_by_char, \
-        ssl23_put_cipher_by_char, \
-        ssl_undefined_const_function, \
-        ssl23_num_ciphers, \
-        ssl23_get_cipher, \
-        s_get_meth, \
-        ssl23_default_timeout, \
-        &TLSv1_2_enc_data, \
-        ssl_undefined_void_function, \
-        ssl3_callback_ctrl, \
-        ssl3_ctx_callback_ctrl, \
-        }; \
-        return &func_name##_data; \
-        }
-
-# define IMPLEMENT_ssl2_meth_func(func_name, s_accept, s_connect, s_get_meth) \
-const SSL_METHOD *func_name(void)  \
-        { \
-        static const SSL_METHOD func_name##_data= { \
-                SSL2_VERSION, \
-                ssl2_new,       /* local */ \
-                ssl2_clear,     /* local */ \
-                ssl2_free,      /* local */ \
-                s_accept, \
-                s_connect, \
-                ssl2_read, \
-                ssl2_peek, \
-                ssl2_write, \
-                ssl2_shutdown, \
-                ssl_ok, /* NULL - renegotiate */ \
-                ssl_ok, /* NULL - check renegotiate */ \
-                NULL, /* NULL - ssl_get_message */ \
-                NULL, /* NULL - ssl_get_record */ \
-                NULL, /* NULL - ssl_write_bytes */ \
-                NULL, /* NULL - dispatch_alert */ \
-                ssl2_ctrl,      /* local */ \
-                ssl2_ctx_ctrl,  /* local */ \
-                ssl2_get_cipher_by_char, \
-                ssl2_put_cipher_by_char, \
-                ssl2_pending, \
-                ssl2_num_ciphers, \
-                ssl2_get_cipher, \
-                s_get_meth, \
-                ssl2_default_timeout, \
-                &ssl3_undef_enc_method, \
-                ssl_undefined_void_function, \
-                ssl2_callback_ctrl,     /* local */ \
-                ssl2_ctx_callback_ctrl, /* local */ \
-        }; \
-        return &func_name##_data; \
-        }
-
-# define IMPLEMENT_dtls1_meth_func(version, func_name, s_accept, s_connect, \
-                                        s_get_meth, enc_data) \
+# define IMPLEMENT_dtls1_meth_func(version, flags, mask, func_name, s_accept, \
+                                        s_connect, enc_data) \
 const SSL_METHOD *func_name(void)  \
         { \
         static const SSL_METHOD func_name##_data= { \
                 version, \
+                flags, \
+                mask, \
                 dtls1_new, \
                 dtls1_clear, \
                 dtls1_free, \
@@ -1031,7 +2189,6 @@ const SSL_METHOD *func_name(void)  \
                 dtls1_shutdown, \
                 ssl3_renegotiate, \
                 ssl3_renegotiate_check, \
-                dtls1_get_message, \
                 dtls1_read_bytes, \
                 dtls1_write_app_data_bytes, \
                 dtls1_dispatch_alert, \
@@ -1041,8 +2198,7 @@ const SSL_METHOD *func_name(void)  \
                 ssl3_put_cipher_by_char, \
                 ssl3_pending, \
                 ssl3_num_ciphers, \
-                dtls1_get_cipher, \
-                s_get_meth, \
+                ssl3_get_cipher, \
                 dtls1_default_timeout, \
                 &enc_data, \
                 ssl_undefined_void_function, \
@@ -1053,447 +2209,446 @@ const SSL_METHOD *func_name(void)  \
         }
 
 struct openssl_ssl_test_functions {
-    int (*p_ssl_init_wbio_buffer) (SSL *s, int push);
+    int (*p_ssl_init_wbio_buffer) (SSL *s);
     int (*p_ssl3_setup_buffers) (SSL *s);
-    int (*p_tls1_process_heartbeat) (SSL *s);
-    int (*p_dtls1_process_heartbeat) (SSL *s);
 };
 
+const char *ssl_protocol_to_string(int version);
+
+/* Returns true if certificate and private key for 'idx' are present */
+static ossl_inline int ssl_has_cert(const SSL *s, int idx)
+{
+    if (idx < 0 || idx >= SSL_PKEY_NUM)
+        return 0;
+    return s->cert->pkeys[idx].x509 != NULL
+        && s->cert->pkeys[idx].privatekey != NULL;
+}
+
+static ossl_inline void tls1_get_peer_groups(SSL *s, const uint16_t **pgroups,
+                                             size_t *pgroupslen)
+{
+    *pgroups = s->session->ext.supportedgroups;
+    *pgroupslen = s->session->ext.supportedgroups_len;
+}
+
 # ifndef OPENSSL_UNIT_TEST
 
+__owur int ssl_read_internal(SSL *s, void *buf, size_t num, size_t *readbytes);
+__owur int ssl_write_internal(SSL *s, const void *buf, size_t num, size_t *written);
 void ssl_clear_cipher_ctx(SSL *s);
 int ssl_clear_bad_session(SSL *s);
-CERT *ssl_cert_new(void);
-CERT *ssl_cert_dup(CERT *cert);
-void ssl_cert_set_default_md(CERT *cert);
-int ssl_cert_inst(CERT **o);
+__owur CERT *ssl_cert_new(void);
+__owur CERT *ssl_cert_dup(CERT *cert);
 void ssl_cert_clear_certs(CERT *c);
 void ssl_cert_free(CERT *c);
-SESS_CERT *ssl_sess_cert_new(void);
-void ssl_sess_cert_free(SESS_CERT *sc);
-int ssl_set_peer_cert_type(SESS_CERT *c, int type);
-int ssl_get_new_session(SSL *s, int session);
-int ssl_get_prev_session(SSL *s, unsigned char *session, int len,
-                         const unsigned char *limit);
-SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket);
-int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b);
+__owur int ssl_generate_session_id(SSL *s, SSL_SESSION *ss);
+__owur int ssl_get_new_session(SSL *s, int session);
+__owur SSL_SESSION *lookup_sess_in_cache(SSL *s, const unsigned char *sess_id,
+                                         size_t sess_id_len);
+__owur int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello);
+__owur SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket);
+__owur int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b);
 DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
-int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
-                          const SSL_CIPHER *const *bp);
-STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p,
-                                               int num,
-                                               STACK_OF(SSL_CIPHER) **skp);
-int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
-                             unsigned char *p,
-                             int (*put_cb) (const SSL_CIPHER *,
-                                            unsigned char *));
-STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
-                                             STACK_OF(SSL_CIPHER) **pref,
-                                             STACK_OF(SSL_CIPHER) **sorted,
-                                             const char *rule_str, CERT *c);
+__owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
+                                 const SSL_CIPHER *const *bp);
+__owur int set_ciphersuites(STACK_OF(SSL_CIPHER) **currciphers, const char *str);
+__owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
+                                                    STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
+                                                    STACK_OF(SSL_CIPHER) **cipher_list,
+                                                    STACK_OF(SSL_CIPHER) **cipher_list_by_id,
+                                                    const char *rule_str,
+                                                    CERT *c);
+__owur int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format);
+__owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
+                                STACK_OF(SSL_CIPHER) **skp,
+                                STACK_OF(SSL_CIPHER) **scsvs, int sslv2format,
+                                int fatal);
 void ssl_update_cache(SSL *s, int mode);
-int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
-                       const EVP_MD **md, int *mac_pkey_type,
-                       int *mac_secret_size, SSL_COMP **comp);
-int ssl_get_handshake_digest(int i, long *mask, const EVP_MD **md);
-int ssl_cipher_get_cert_index(const SSL_CIPHER *c);
-const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, const unsigned char *ptr);
-int ssl_cert_set0_chain(CERT *c, STACK_OF(X509) *chain);
-int ssl_cert_set1_chain(CERT *c, STACK_OF(X509) *chain);
-int ssl_cert_add0_chain_cert(CERT *c, X509 *x);
-int ssl_cert_add1_chain_cert(CERT *c, X509 *x);
-int ssl_cert_select_current(CERT *c, X509 *x);
-int ssl_cert_set_current(CERT *c, long arg);
-X509 *ssl_cert_get0_next_certificate(CERT *c, int first);
-void ssl_cert_set_cert_cb(CERT *c, int (*cb) (SSL *ssl, void *arg),
-                          void *arg);
-
-int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk);
-int ssl_add_cert_chain(SSL *s, CERT_PKEY *cpk, unsigned long *l);
-int ssl_build_cert_chain(CERT *c, X509_STORE *chain_store, int flags);
-int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, int ref);
+__owur int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
+                              const EVP_MD **md, int *mac_pkey_type,
+                              size_t *mac_secret_size, SSL_COMP **comp,
+                              int use_etm);
+__owur int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead,
+                                   size_t *int_overhead, size_t *blocksize,
+                                   size_t *ext_overhead);
+__owur int ssl_cert_is_disabled(size_t idx);
+__owur const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl,
+                                                const unsigned char *ptr,
+                                                int all);
+__owur int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain);
+__owur int ssl_cert_set1_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain);
+__owur int ssl_cert_add0_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x);
+__owur int ssl_cert_add1_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x);
+__owur int ssl_cert_select_current(CERT *c, X509 *x);
+__owur int ssl_cert_set_current(CERT *c, long arg);
+void ssl_cert_set_cert_cb(CERT *c, int (*cb) (SSL *ssl, void *arg), void *arg);
+
+__owur int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk);
+__owur int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags);
+__owur int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain,
+                                   int ref);
+
+__owur int ssl_security(const SSL *s, int op, int bits, int nid, void *other);
+__owur int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid,
+                            void *other);
+
+__owur int ssl_cert_lookup_by_nid(int nid, size_t *pidx);
+__owur const SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk,
+                                                      size_t *pidx);
+__owur const SSL_CERT_LOOKUP *ssl_cert_lookup_by_idx(size_t idx);
+
 int ssl_undefined_function(SSL *s);
-int ssl_undefined_void_function(void);
-int ssl_undefined_const_function(const SSL *s);
-CERT_PKEY *ssl_get_server_send_pkey(const SSL *s);
-#  ifndef OPENSSL_NO_TLSEXT
-int ssl_get_server_cert_serverinfo(SSL *s, const unsigned char **serverinfo,
-                                   size_t *serverinfo_length);
-#  endif
-EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *c, const EVP_MD **pmd);
-int ssl_cert_type(X509 *x, EVP_PKEY *pkey);
-void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher);
-STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
-int ssl_verify_alarm_type(long type);
-void ssl_load_ciphers(void);
-int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, int len);
-
-int ssl2_enc_init(SSL *s, int client);
-int ssl2_generate_key_material(SSL *s);
-int ssl2_enc(SSL *s, int send_data);
-void ssl2_mac(SSL *s, unsigned char *mac, int send_data);
-const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
-int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
-int ssl2_part_read(SSL *s, unsigned long f, int i);
-int ssl2_do_write(SSL *s);
-int ssl2_set_certificate(SSL *s, int type, int len,
-                         const unsigned char *data);
-void ssl2_return_error(SSL *s, int reason);
-void ssl2_write_error(SSL *s);
-int ssl2_num_ciphers(void);
-const SSL_CIPHER *ssl2_get_cipher(unsigned int u);
-int ssl2_new(SSL *s);
-void ssl2_free(SSL *s);
-int ssl2_accept(SSL *s);
-int ssl2_connect(SSL *s);
-int ssl2_read(SSL *s, void *buf, int len);
-int ssl2_peek(SSL *s, void *buf, int len);
-int ssl2_write(SSL *s, const void *buf, int len);
-int ssl2_shutdown(SSL *s);
-void ssl2_clear(SSL *s);
-long ssl2_ctrl(SSL *s, int cmd, long larg, void *parg);
-long ssl2_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg);
-long ssl2_callback_ctrl(SSL *s, int cmd, void (*fp) (void));
-long ssl2_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp) (void));
-int ssl2_pending(const SSL *s);
-long ssl2_default_timeout(void);
-
-const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
-int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
+__owur int ssl_undefined_void_function(void);
+__owur int ssl_undefined_const_function(const SSL *s);
+__owur int ssl_get_server_cert_serverinfo(SSL *s,
+                                          const unsigned char **serverinfo,
+                                          size_t *serverinfo_length);
+void ssl_set_masks(SSL *s);
+__owur STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
+__owur int ssl_x509err2alert(int type);
+void ssl_sort_cipher_list(void);
+int ssl_load_ciphers(void);
+__owur int ssl_fill_hello_random(SSL *s, int server, unsigned char *field,
+                                 size_t len, DOWNGRADE dgrd);
+__owur int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
+                                      int free_pms);
+__owur EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm);
+__owur int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey,
+                      int genmaster);
+__owur EVP_PKEY *ssl_dh_to_pkey(DH *dh);
+__owur unsigned int ssl_get_max_send_fragment(const SSL *ssl);
+__owur unsigned int ssl_get_split_send_fragment(const SSL *ssl);
+
+__owur const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id);
+__owur const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname);
+__owur const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
+__owur int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt,
+                                   size_t *len);
 int ssl3_init_finished_mac(SSL *s);
-int ssl3_send_server_certificate(SSL *s);
-int ssl3_send_newsession_ticket(SSL *s);
-int ssl3_send_cert_status(SSL *s);
-int ssl3_get_finished(SSL *s, int state_a, int state_b);
-int ssl3_setup_key_block(SSL *s);
-int ssl3_send_change_cipher_spec(SSL *s, int state_a, int state_b);
-int ssl3_change_cipher_state(SSL *s, int which);
+__owur int ssl3_setup_key_block(SSL *s);
+__owur int ssl3_change_cipher_state(SSL *s, int which);
 void ssl3_cleanup_key_block(SSL *s);
-int ssl3_do_write(SSL *s, int type);
+__owur int ssl3_do_write(SSL *s, int type);
 int ssl3_send_alert(SSL *s, int level, int desc);
-int ssl3_generate_master_secret(SSL *s, unsigned char *out,
-                                unsigned char *p, int len);
-int ssl3_get_req_cert_type(SSL *s, unsigned char *p);
-long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
-int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen);
-int ssl3_num_ciphers(void);
-const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
+__owur int ssl3_generate_master_secret(SSL *s, unsigned char *out,
+                                       unsigned char *p, size_t len,
+                                       size_t *secret_size);
+__owur int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt);
+__owur int ssl3_num_ciphers(void);
+__owur const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
 int ssl3_renegotiate(SSL *ssl);
-int ssl3_renegotiate_check(SSL *ssl);
-int ssl3_dispatch_alert(SSL *s);
-int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
-int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
-int ssl3_final_finish_mac(SSL *s, const char *sender, int slen,
-                          unsigned char *p);
-int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
-void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
-int ssl3_enc(SSL *s, int send_data);
-int n_ssl3_mac(SSL *ssl, unsigned char *md, int send_data);
+int ssl3_renegotiate_check(SSL *ssl, int initok);
+__owur int ssl3_dispatch_alert(SSL *s);
+__owur size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t slen,
+                                    unsigned char *p);
+__owur int ssl3_finish_mac(SSL *s, const unsigned char *buf, size_t len);
 void ssl3_free_digest_list(SSL *s);
-unsigned long ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk);
-SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, STACK_OF(SSL_CIPHER) *clnt,
-                               STACK_OF(SSL_CIPHER) *srvr);
-int ssl3_setup_buffers(SSL *s);
-int ssl3_setup_read_buffer(SSL *s);
-int ssl3_setup_write_buffer(SSL *s);
-int ssl3_release_read_buffer(SSL *s);
-int ssl3_release_write_buffer(SSL *s);
-int ssl3_digest_cached_records(SSL *s);
-int ssl3_new(SSL *s);
+__owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt,
+                                            CERT_PKEY *cpk);
+__owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,
+                                            STACK_OF(SSL_CIPHER) *clnt,
+                                            STACK_OF(SSL_CIPHER) *srvr);
+__owur int ssl3_digest_cached_records(SSL *s, int keep);
+__owur int ssl3_new(SSL *s);
 void ssl3_free(SSL *s);
-int ssl3_accept(SSL *s);
-int ssl3_connect(SSL *s);
-int ssl3_read(SSL *s, void *buf, int len);
-int ssl3_peek(SSL *s, void *buf, int len);
-int ssl3_write(SSL *s, const void *buf, int len);
-int ssl3_shutdown(SSL *s);
-void ssl3_clear(SSL *s);
-long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg);
-long ssl3_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg);
-long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void));
-long ssl3_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp) (void));
-int ssl3_pending(const SSL *s);
-
-void ssl3_record_sequence_update(unsigned char *seq);
-int ssl3_do_change_cipher_spec(SSL *ssl);
-long ssl3_default_timeout(void);
-
-void ssl3_set_handshake_header(SSL *s, int htype, unsigned long len);
-int ssl3_handshake_write(SSL *s);
-
-int ssl23_num_ciphers(void);
-const SSL_CIPHER *ssl23_get_cipher(unsigned int u);
-int ssl23_read(SSL *s, void *buf, int len);
-int ssl23_peek(SSL *s, void *buf, int len);
-int ssl23_write(SSL *s, const void *buf, int len);
-int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
-const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p);
-long ssl23_default_timeout(void);
-
-long tls1_default_timeout(void);
-int dtls1_do_write(SSL *s, int type);
-int ssl3_read_n(SSL *s, int n, int max, int extend);
-int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
-int ssl3_do_compress(SSL *ssl);
-int ssl3_do_uncompress(SSL *ssl);
-int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
-                       unsigned int len);
-unsigned char *dtls1_set_message_header(SSL *s,
-                                        unsigned char *p, unsigned char mt,
-                                        unsigned long len,
-                                        unsigned long frag_off,
-                                        unsigned long frag_len);
-
-int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len);
-int dtls1_write_bytes(SSL *s, int type, const void *buf, int len);
-
-int dtls1_send_change_cipher_spec(SSL *s, int a, int b);
-int dtls1_read_failed(SSL *s, int code);
-int dtls1_buffer_message(SSL *s, int ccs);
-int dtls1_retransmit_message(SSL *s, unsigned short seq,
-                             unsigned long frag_off, int *found);
-int dtls1_get_queue_priority(unsigned short seq, int is_ccs);
+__owur int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes);
+__owur int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes);
+__owur int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written);
+__owur int ssl3_shutdown(SSL *s);
+int ssl3_clear(SSL *s);
+__owur long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg);
+__owur long ssl3_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg);
+__owur long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void));
+__owur long ssl3_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp) (void));
+
+__owur int ssl3_do_change_cipher_spec(SSL *ssl);
+__owur long ssl3_default_timeout(void);
+
+__owur int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype);
+__owur int tls_close_construct_packet(SSL *s, WPACKET *pkt, int htype);
+__owur int tls_setup_handshake(SSL *s);
+__owur int dtls1_set_handshake_header(SSL *s, WPACKET *pkt, int htype);
+__owur int dtls1_close_construct_packet(SSL *s, WPACKET *pkt, int htype);
+__owur int ssl3_handshake_write(SSL *s);
+
+__owur int ssl_allow_compression(SSL *s);
+
+__owur int ssl_version_supported(const SSL *s, int version,
+                                 const SSL_METHOD **meth);
+
+__owur int ssl_set_client_hello_version(SSL *s);
+__owur int ssl_check_version_downgrade(SSL *s);
+__owur int ssl_set_version_bound(int method_version, int version, int *bound);
+__owur int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello,
+                                     DOWNGRADE *dgrd);
+__owur int ssl_choose_client_version(SSL *s, int version,
+                                     RAW_EXTENSION *extensions);
+__owur int ssl_get_min_max_version(const SSL *s, int *min_version,
+                                   int *max_version, int *real_max);
+
+__owur long tls1_default_timeout(void);
+__owur int dtls1_do_write(SSL *s, int type);
+void dtls1_set_message_header(SSL *s,
+                              unsigned char mt,
+                              size_t len,
+                              size_t frag_off, size_t frag_len);
+
+int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, size_t len,
+                               size_t *written);
+
+__owur int dtls1_read_failed(SSL *s, int code);
+__owur int dtls1_buffer_message(SSL *s, int ccs);
+__owur int dtls1_retransmit_message(SSL *s, unsigned short seq, int *found);
+__owur int dtls1_get_queue_priority(unsigned short seq, int is_ccs);
 int dtls1_retransmit_buffered_messages(SSL *s);
 void dtls1_clear_received_buffer(SSL *s);
 void dtls1_clear_sent_buffer(SSL *s);
 void dtls1_get_message_header(unsigned char *data,
                               struct hm_header_st *msg_hdr);
-void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr);
-void dtls1_reset_seq_numbers(SSL *s, int rw);
-long dtls1_default_timeout(void);
-struct timeval *dtls1_get_timeout(SSL *s, struct timeval *timeleft);
-int dtls1_check_timeout_num(SSL *s);
-int dtls1_handle_timeout(SSL *s);
-const SSL_CIPHER *dtls1_get_cipher(unsigned int u);
+__owur long dtls1_default_timeout(void);
+__owur struct timeval *dtls1_get_timeout(SSL *s, struct timeval *timeleft);
+__owur int dtls1_check_timeout_num(SSL *s);
+__owur int dtls1_handle_timeout(SSL *s);
 void dtls1_start_timer(SSL *s);
 void dtls1_stop_timer(SSL *s);
-int dtls1_is_timer_expired(SSL *s);
+__owur int dtls1_is_timer_expired(SSL *s);
 void dtls1_double_timeout(SSL *s);
-int dtls1_send_newsession_ticket(SSL *s);
-unsigned int dtls1_min_mtu(SSL *s);
-unsigned int dtls1_link_min_mtu(void);
+__owur int dtls_raw_hello_verify_request(WPACKET *pkt, unsigned char *cookie,
+                                         size_t cookie_len);
+__owur size_t dtls1_min_mtu(SSL *s);
 void dtls1_hm_fragment_free(hm_fragment *frag);
+__owur int dtls1_query_mtu(SSL *s);
 
-/* some client-only functions */
-int ssl3_client_hello(SSL *s);
-int ssl3_get_server_hello(SSL *s);
-int ssl3_get_certificate_request(SSL *s);
-int ssl3_get_new_session_ticket(SSL *s);
-int ssl3_get_cert_status(SSL *s);
-int ssl3_get_server_done(SSL *s);
-int ssl3_send_client_verify(SSL *s);
-int ssl3_send_client_certificate(SSL *s);
-int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey);
-int ssl3_send_client_key_exchange(SSL *s);
-int ssl3_get_key_exchange(SSL *s);
-int ssl3_get_server_certificate(SSL *s);
-int ssl3_check_cert_and_algorithm(SSL *s);
-#  ifndef OPENSSL_NO_TLSEXT
-#   ifndef OPENSSL_NO_NEXTPROTONEG
-int ssl3_send_next_proto(SSL *s);
-#   endif
-#  endif
-
-int dtls1_client_hello(SSL *s);
-
-/* some server-only functions */
-int ssl3_get_client_hello(SSL *s);
-int ssl3_send_server_hello(SSL *s);
-int ssl3_send_hello_request(SSL *s);
-int ssl3_send_server_key_exchange(SSL *s);
-int ssl3_send_certificate_request(SSL *s);
-int ssl3_send_server_done(SSL *s);
-int ssl3_get_client_certificate(SSL *s);
-int ssl3_get_client_key_exchange(SSL *s);
-int ssl3_get_cert_verify(SSL *s);
-#  ifndef OPENSSL_NO_NEXTPROTONEG
-int ssl3_get_next_proto(SSL *s);
-#  endif
-
-int ssl23_accept(SSL *s);
-int ssl23_connect(SSL *s);
-int ssl23_read_bytes(SSL *s, int n);
-int ssl23_write_bytes(SSL *s);
-
-int tls1_new(SSL *s);
+__owur int tls1_new(SSL *s);
 void tls1_free(SSL *s);
-void tls1_clear(SSL *s);
-long tls1_ctrl(SSL *s, int cmd, long larg, void *parg);
-long tls1_callback_ctrl(SSL *s, int cmd, void (*fp) (void));
+int tls1_clear(SSL *s);
 
-int dtls1_new(SSL *s);
-int dtls1_accept(SSL *s);
-int dtls1_connect(SSL *s);
+__owur int dtls1_new(SSL *s);
 void dtls1_free(SSL *s);
-void dtls1_clear(SSL *s);
+int dtls1_clear(SSL *s);
 long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg);
-int dtls1_shutdown(SSL *s);
-
-long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
-int dtls1_get_record(SSL *s);
-int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
-                   unsigned int len, int create_empty_fragement);
-int dtls1_dispatch_alert(SSL *s);
-
-int ssl_init_wbio_buffer(SSL *s, int push);
-void ssl_free_wbio_buffer(SSL *s);
-
-int tls1_change_cipher_state(SSL *s, int which);
-int tls1_setup_key_block(SSL *s);
-int tls1_enc(SSL *s, int snd);
-int tls1_final_finish_mac(SSL *s,
-                          const char *str, int slen, unsigned char *p);
-int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
-int tls1_mac(SSL *ssl, unsigned char *md, int snd);
-int tls1_generate_master_secret(SSL *s, unsigned char *out,
-                                unsigned char *p, int len);
-int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
-                                const char *label, size_t llen,
-                                const unsigned char *p, size_t plen,
-                                int use_context);
-int tls1_alert_code(int code);
-int ssl3_alert_code(int code);
-int ssl_ok(SSL *s);
-
-#  ifndef OPENSSL_NO_ECDH
-int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s);
+__owur int dtls1_shutdown(SSL *s);
+
+__owur int dtls1_dispatch_alert(SSL *s);
+
+__owur int ssl_init_wbio_buffer(SSL *s);
+int ssl_free_wbio_buffer(SSL *s);
+
+__owur int tls1_change_cipher_state(SSL *s, int which);
+__owur int tls1_setup_key_block(SSL *s);
+__owur size_t tls1_final_finish_mac(SSL *s, const char *str, size_t slen,
+                                    unsigned char *p);
+__owur int tls1_generate_master_secret(SSL *s, unsigned char *out,
+                                       unsigned char *p, size_t len,
+                                       size_t *secret_size);
+__owur int tls13_setup_key_block(SSL *s);
+__owur size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen,
+                                     unsigned char *p);
+__owur int tls13_change_cipher_state(SSL *s, int which);
+__owur int tls13_update_key(SSL *s, int send);
+__owur int tls13_hkdf_expand(SSL *s, const EVP_MD *md,
+                             const unsigned char *secret,
+                             const unsigned char *label, size_t labellen,
+                             const unsigned char *data, size_t datalen,
+                             unsigned char *out, size_t outlen);
+__owur int tls13_derive_key(SSL *s, const EVP_MD *md,
+                            const unsigned char *secret, unsigned char *key,
+                            size_t keylen);
+__owur int tls13_derive_iv(SSL *s, const EVP_MD *md,
+                           const unsigned char *secret, unsigned char *iv,
+                           size_t ivlen);
+__owur int tls13_derive_finishedkey(SSL *s, const EVP_MD *md,
+                                    const unsigned char *secret,
+                                    unsigned char *fin, size_t finlen);
+int tls13_generate_secret(SSL *s, const EVP_MD *md,
+                          const unsigned char *prevsecret,
+                          const unsigned char *insecret,
+                          size_t insecretlen,
+                          unsigned char *outsecret);
+__owur int tls13_generate_handshake_secret(SSL *s,
+                                           const unsigned char *insecret,
+                                           size_t insecretlen);
+__owur int tls13_generate_master_secret(SSL *s, unsigned char *out,
+                                        unsigned char *prev, size_t prevlen,
+                                        size_t *secret_size);
+__owur int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
+                                       const char *label, size_t llen,
+                                       const unsigned char *p, size_t plen,
+                                       int use_context);
+__owur int tls13_export_keying_material(SSL *s, unsigned char *out, size_t olen,
+                                        const char *label, size_t llen,
+                                        const unsigned char *context,
+                                        size_t contextlen, int use_context);
+__owur int tls13_export_keying_material_early(SSL *s, unsigned char *out,
+                                              size_t olen, const char *label,
+                                              size_t llen,
+                                              const unsigned char *context,
+                                              size_t contextlen);
+__owur int tls1_alert_code(int code);
+__owur int tls13_alert_code(int code);
+__owur int ssl3_alert_code(int code);
+
+#  ifndef OPENSSL_NO_EC
+__owur int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s);
 #  endif
 
 SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
 
 #  ifndef OPENSSL_NO_EC
-int tls1_ec_curve_id2nid(int curve_id);
-int tls1_ec_nid2curve_id(int nid);
-int tls1_check_curve(SSL *s, const unsigned char *p, size_t len);
-int tls1_shared_curve(SSL *s, int nmatch);
-int tls1_set_curves(unsigned char **pext, size_t *pextlen,
-                    int *curves, size_t ncurves);
-int tls1_set_curves_list(unsigned char **pext, size_t *pextlen,
-                         const char *str);
-#   ifndef OPENSSL_NO_ECDH
-int tls1_check_ec_tmp_key(SSL *s, unsigned long id);
-#   endif                       /* OPENSSL_NO_ECDH */
+
+__owur const TLS_GROUP_INFO *tls1_group_id_lookup(uint16_t curve_id);
+__owur int tls1_check_group_id(SSL *s, uint16_t group_id, int check_own_curves);
+__owur uint16_t tls1_shared_group(SSL *s, int nmatch);
+__owur int tls1_set_groups(uint16_t **pext, size_t *pextlen,
+                           int *curves, size_t ncurves);
+__owur int tls1_set_groups_list(uint16_t **pext, size_t *pextlen,
+                                const char *str);
+void tls1_get_formatlist(SSL *s, const unsigned char **pformats,
+                         size_t *num_formats);
+__owur int tls1_check_ec_tmp_key(SSL *s, unsigned long id);
+__owur EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id);
+__owur EVP_PKEY *ssl_generate_param_group(uint16_t id);
 #  endif                        /* OPENSSL_NO_EC */
 
-#  ifndef OPENSSL_NO_TLSEXT
-int tls1_shared_list(SSL *s,
-                     const unsigned char *l1, size_t l1len,
-                     const unsigned char *l2, size_t l2len, int nmatch);
-unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
-                                          unsigned char *limit, int *al);
-unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
-                                          unsigned char *limit, int *al);
-int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data,
-                                 unsigned char *limit);
-int tls1_set_server_sigalgs(SSL *s);
-int ssl_check_clienthello_tlsext_late(SSL *s, int *al);
-int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data,
-                                 unsigned char *d, int n);
-int ssl_prepare_clienthello_tlsext(SSL *s);
-int ssl_prepare_serverhello_tlsext(SSL *s);
-
-#   ifndef OPENSSL_NO_HEARTBEATS
-int tls1_heartbeat(SSL *s);
-int dtls1_heartbeat(SSL *s);
-int tls1_process_heartbeat(SSL *s);
-int dtls1_process_heartbeat(SSL *s);
-#   endif
-
-#   ifdef OPENSSL_NO_SHA256
-#    define tlsext_tick_md  EVP_sha1
-#   else
-#    define tlsext_tick_md  EVP_sha256
-#   endif
-int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
-                        const unsigned char *limit, SSL_SESSION **ret);
-
-int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk,
-                         const EVP_MD *md);
-int tls12_get_sigid(const EVP_PKEY *pk);
-const EVP_MD *tls12_get_hash(unsigned char hash_alg);
-
-int tls1_set_sigalgs_list(CERT *c, const char *str, int client);
-int tls1_set_sigalgs(CERT *c, const int *salg, size_t salglen, int client);
+__owur int tls_curve_allowed(SSL *s, uint16_t curve, int op);
+void tls1_get_supported_groups(SSL *s, const uint16_t **pgroups,
+                               size_t *pgroupslen);
+
+__owur int tls1_set_server_sigalgs(SSL *s);
+
+__owur SSL_TICKET_STATUS tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello,
+                                                    SSL_SESSION **ret);
+__owur SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick,
+                                            size_t eticklen,
+                                            const unsigned char *sess_id,
+                                            size_t sesslen, SSL_SESSION **psess);
+
+__owur int tls_use_ticket(SSL *s);
+
+void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op);
+
+__owur int tls1_set_sigalgs_list(CERT *c, const char *str, int client);
+__owur int tls1_set_raw_sigalgs(CERT *c, const uint16_t *psigs, size_t salglen,
+                                int client);
+__owur int tls1_set_sigalgs(CERT *c, const int *salg, size_t salglen,
+                            int client);
 int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
                      int idx);
 void tls1_set_cert_validity(SSL *s);
 
+#  ifndef OPENSSL_NO_CT
+__owur int ssl_validate_ct(SSL *s);
 #  endif
-EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md);
+
+#  ifndef OPENSSL_NO_DH
+__owur DH *ssl_get_auto_dh(SSL *s);
+#  endif
+
+__owur int ssl_security_cert(SSL *s, SSL_CTX *ctx, X509 *x, int vfy, int is_ee);
+__owur int ssl_security_cert_chain(SSL *s, STACK_OF(X509) *sk, X509 *ex,
+                                   int vfy);
+
+int tls_choose_sigalg(SSL *s, int fatalerrs);
+
+__owur EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md);
 void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
-int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
-                                        int maxlen);
-int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
-                                          int *al);
-int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
-                                        int maxlen);
-int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
-                                          int *al);
-long ssl_get_algorithm2(SSL *s);
-int tls1_save_sigalgs(SSL *s, const unsigned char *data, int dsize);
-int tls1_process_sigalgs(SSL *s);
-size_t tls12_get_psigalgs(SSL *s, int sent, const unsigned char **psigs);
-int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s,
-                            const unsigned char *sig, EVP_PKEY *pkey);
-void ssl_set_client_disabled(SSL *s);
-
-int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len,
-                                     int maxlen);
-int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,
-                                       int *al);
-int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len,
-                                     int maxlen);
-int ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len,
-                                       int *al);
+__owur long ssl_get_algorithm2(SSL *s);
+__owur int tls12_copy_sigalgs(SSL *s, WPACKET *pkt,
+                              const uint16_t *psig, size_t psiglen);
+__owur int tls1_save_u16(PACKET *pkt, uint16_t **pdest, size_t *pdestlen);
+__owur int tls1_save_sigalgs(SSL *s, PACKET *pkt, int cert);
+__owur int tls1_process_sigalgs(SSL *s);
+__owur int tls1_set_peer_legacy_sigalg(SSL *s, const EVP_PKEY *pkey);
+__owur int tls1_lookup_md(const SIGALG_LOOKUP *lu, const EVP_MD **pmd);
+__owur size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs);
+__owur int tls12_check_peer_sigalg(SSL *s, uint16_t, EVP_PKEY *pkey);
+__owur int ssl_set_client_disabled(SSL *s);
+__owur int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op, int echde);
+
+__owur int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen,
+                                 size_t *hashlen);
+__owur const EVP_MD *ssl_md(int idx);
+__owur const EVP_MD *ssl_handshake_md(SSL *s);
+__owur const EVP_MD *ssl_prf_md(SSL *s);
+
+/*
+ * ssl_log_rsa_client_key_exchange logs |premaster| to the SSL_CTX associated
+ * with |ssl|, if logging is enabled. It returns one on success and zero on
+ * failure. The entry is identified by the first 8 bytes of
+ * |encrypted_premaster|.
+ */
+__owur int ssl_log_rsa_client_key_exchange(SSL *ssl,
+                                           const uint8_t *encrypted_premaster,
+                                           size_t encrypted_premaster_len,
+                                           const uint8_t *premaster,
+                                           size_t premaster_len);
+
+/*
+ * ssl_log_secret logs |secret| to the SSL_CTX associated with |ssl|, if
+ * logging is available. It returns one on success and zero on failure. It tags
+ * the entry with |label|.
+ */
+__owur int ssl_log_secret(SSL *ssl, const char *label,
+                          const uint8_t *secret, size_t secret_len);
+
+#define MASTER_SECRET_LABEL "CLIENT_RANDOM"
+#define CLIENT_EARLY_LABEL "CLIENT_EARLY_TRAFFIC_SECRET"
+#define CLIENT_HANDSHAKE_LABEL "CLIENT_HANDSHAKE_TRAFFIC_SECRET"
+#define SERVER_HANDSHAKE_LABEL "SERVER_HANDSHAKE_TRAFFIC_SECRET"
+#define CLIENT_APPLICATION_LABEL "CLIENT_TRAFFIC_SECRET_0"
+#define SERVER_APPLICATION_LABEL "SERVER_TRAFFIC_SECRET_0"
+#define EARLY_EXPORTER_SECRET_LABEL "EARLY_EXPORTER_SECRET"
+#define EXPORTER_SECRET_LABEL "EXPORTER_SECRET"
 
 /* s3_cbc.c */
-void ssl3_cbc_copy_mac(unsigned char *out,
-                       const SSL3_RECORD *rec,
-                       unsigned md_size, unsigned orig_len);
-int ssl3_cbc_remove_padding(const SSL *s,
-                            SSL3_RECORD *rec,
-                            unsigned block_size, unsigned mac_size);
-int tls1_cbc_remove_padding(const SSL *s,
-                            SSL3_RECORD *rec,
-                            unsigned block_size, unsigned mac_size);
-char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
-int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
-                           unsigned char *md_out,
-                           size_t *md_out_size,
-                           const unsigned char header[13],
-                           const unsigned char *data,
-                           size_t data_plus_mac_size,
-                           size_t data_plus_mac_plus_padding_size,
-                           const unsigned char *mac_secret,
-                           unsigned mac_secret_length, char is_sslv3);
-
-void tls_fips_digest_extra(const EVP_CIPHER_CTX *cipher_ctx,
-                           EVP_MD_CTX *mac_ctx, const unsigned char *data,
-                           size_t data_len, size_t orig_len);
-
-int srp_verify_server_param(SSL *s, int *al);
-
-/* t1_ext.c */
+__owur char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
+__owur int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
+                                  unsigned char *md_out,
+                                  size_t *md_out_size,
+                                  const unsigned char header[13],
+                                  const unsigned char *data,
+                                  size_t data_plus_mac_size,
+                                  size_t data_plus_mac_plus_padding_size,
+                                  const unsigned char *mac_secret,
+                                  size_t mac_secret_length, char is_sslv3);
+
+__owur int srp_generate_server_master_secret(SSL *s);
+__owur int srp_generate_client_master_secret(SSL *s);
+__owur int srp_verify_server_param(SSL *s);
+
+/* statem/statem_srvr.c */
+
+__owur int send_certificate_request(SSL *s);
+
+/* statem/extensions_cust.c */
+
+custom_ext_method *custom_ext_find(const custom_ext_methods *exts,
+                                   ENDPOINT role, unsigned int ext_type,
+                                   size_t *idx);
 
 void custom_ext_init(custom_ext_methods *meths);
 
-int custom_ext_parse(SSL *s, int server,
-                     unsigned int ext_type,
-                     const unsigned char *ext_data, size_t ext_size, int *al);
-int custom_ext_add(SSL *s, int server,
-                   unsigned char **pret, unsigned char *limit, int *al);
+__owur int custom_ext_parse(SSL *s, unsigned int context, unsigned int ext_type,
+                            const unsigned char *ext_data, size_t ext_size,
+                            X509 *x, size_t chainidx);
+__owur int custom_ext_add(SSL *s, int context, WPACKET *pkt, X509 *x,
+                          size_t chainidx, int maxversion);
 
-int custom_exts_copy(custom_ext_methods *dst, const custom_ext_methods *src);
-int custom_exts_copy_flags(custom_ext_methods *dst,
-                           const custom_ext_methods *src);
+__owur int custom_exts_copy(custom_ext_methods *dst,
+                            const custom_ext_methods *src);
+__owur int custom_exts_copy_flags(custom_ext_methods *dst,
+                                  const custom_ext_methods *src);
 void custom_exts_free(custom_ext_methods *exts);
 
-# else
+void ssl_comp_free_compression_methods_int(void);
+
+/* ssl_mcnf.c */
+void ssl_ctx_system_config(SSL_CTX *ctx);
+
+# else /* OPENSSL_UNIT_TEST */
 
 #  define ssl_init_wbio_buffer SSL_test_functions()->p_ssl_init_wbio_buffer
 #  define ssl3_setup_buffers SSL_test_functions()->p_ssl3_setup_buffers
-#  define tls1_process_heartbeat SSL_test_functions()->p_tls1_process_heartbeat
-#  define dtls1_process_heartbeat SSL_test_functions()->p_dtls1_process_heartbeat
 
 # endif
 #endif
diff --git a/freebsd/crypto/openssl/ssl/ssl_mcnf.c b/freebsd/crypto/openssl/ssl/ssl_mcnf.c
new file mode 100644
index 00000000..310ced22
--- /dev/null
+++ b/freebsd/crypto/openssl/ssl/ssl_mcnf.c
@@ -0,0 +1,101 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/conf.h>
+#include <openssl/ssl.h>
+#include "ssl_locl.h"
+#include "internal/sslconf.h"
+
+/* SSL library configuration module. */
+
+void SSL_add_ssl_module(void)
+{
+    /* Do nothing. This will be added automatically by libcrypto */
+}
+
+static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name, int system)
+{
+    SSL_CONF_CTX *cctx = NULL;
+    size_t i, idx, cmd_count;
+    int rv = 0;
+    unsigned int flags;
+    const SSL_METHOD *meth;
+    const SSL_CONF_CMD *cmds;
+
+    if (s == NULL && ctx == NULL) {
+        SSLerr(SSL_F_SSL_DO_CONFIG, ERR_R_PASSED_NULL_PARAMETER);
+        goto err;
+    }
+
+    if (name == NULL && system)
+        name = "system_default";
+    if (!conf_ssl_name_find(name, &idx)) {
+        if (!system) {
+            SSLerr(SSL_F_SSL_DO_CONFIG, SSL_R_INVALID_CONFIGURATION_NAME);
+            ERR_add_error_data(2, "name=", name);
+        }
+        goto err;
+    }
+    cmds = conf_ssl_get(idx, &name, &cmd_count);
+    cctx = SSL_CONF_CTX_new();
+    if (cctx == NULL)
+        goto err;
+    flags = SSL_CONF_FLAG_FILE;
+    if (!system)
+        flags |= SSL_CONF_FLAG_CERTIFICATE | SSL_CONF_FLAG_REQUIRE_PRIVATE;
+    if (s != NULL) {
+        meth = s->method;
+        SSL_CONF_CTX_set_ssl(cctx, s);
+    } else {
+        meth = ctx->method;
+        SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
+    }
+    if (meth->ssl_accept != ssl_undefined_function)
+        flags |= SSL_CONF_FLAG_SERVER;
+    if (meth->ssl_connect != ssl_undefined_function)
+        flags |= SSL_CONF_FLAG_CLIENT;
+    SSL_CONF_CTX_set_flags(cctx, flags);
+    for (i = 0; i < cmd_count; i++) {
+        char *cmdstr, *arg;
+
+        conf_ssl_get_cmd(cmds, i, &cmdstr, &arg);
+        rv = SSL_CONF_cmd(cctx, cmdstr, arg);
+        if (rv <= 0) {
+            if (rv == -2)
+                SSLerr(SSL_F_SSL_DO_CONFIG, SSL_R_UNKNOWN_COMMAND);
+            else
+                SSLerr(SSL_F_SSL_DO_CONFIG, SSL_R_BAD_VALUE);
+            ERR_add_error_data(6, "section=", name, ", cmd=", cmdstr,
+                               ", arg=", arg);
+            goto err;
+        }
+    }
+    rv = SSL_CONF_CTX_finish(cctx);
+ err:
+    SSL_CONF_CTX_free(cctx);
+    return rv <= 0 ? 0 : 1;
+}
+
+int SSL_config(SSL *s, const char *name)
+{
+    return ssl_do_config(s, NULL, name, 0);
+}
+
+int SSL_CTX_config(SSL_CTX *ctx, const char *name)
+{
+    return ssl_do_config(NULL, ctx, name, 0);
+}
+
+void ssl_ctx_system_config(SSL_CTX *ctx)
+{
+    ssl_do_config(NULL, ctx, NULL, 1);
+}
diff --git a/freebsd/crypto/openssl/ssl/ssl_rsa.c b/freebsd/crypto/openssl/ssl/ssl_rsa.c
index e70579a8..b5048738 100644
--- a/freebsd/crypto/openssl/ssl/ssl_rsa.c
+++ b/freebsd/crypto/openssl/ssl/ssl_rsa.c
@@ -1,65 +1,17 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* ssl/ssl_rsa.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include "ssl_locl.h"
+#include "packet_locl.h"
 #include <openssl/bio.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
@@ -68,20 +20,28 @@
 
 static int ssl_set_cert(CERT *c, X509 *x509);
 static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
+
+#define  SYNTHV1CONTEXT     (SSL_EXT_TLS1_2_AND_BELOW_ONLY \
+                             | SSL_EXT_CLIENT_HELLO \
+                             | SSL_EXT_TLS1_2_SERVER_HELLO \
+                             | SSL_EXT_IGNORE_ON_RESUMPTION)
+
 int SSL_use_certificate(SSL *ssl, X509 *x)
 {
+    int rv;
     if (x == NULL) {
         SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
-        return (0);
+        return 0;
     }
-    if (!ssl_cert_inst(&ssl->cert)) {
-        SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE);
-        return (0);
+    rv = ssl_security_cert(ssl, NULL, x, 0, 1);
+    if (rv != 1) {
+        SSLerr(SSL_F_SSL_USE_CERTIFICATE, rv);
+        return 0;
     }
-    return (ssl_set_cert(ssl->cert, x));
+
+    return ssl_set_cert(ssl->cert, x);
 }
 
-#ifndef OPENSSL_NO_STDIO
 int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
 {
     int j;
@@ -89,7 +49,7 @@ int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
     int ret = 0;
     X509 *x = NULL;
 
-    in = BIO_new(BIO_s_file_internal());
+    in = BIO_new(BIO_s_file());
     if (in == NULL) {
         SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB);
         goto end;
@@ -104,8 +64,8 @@ int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
         x = d2i_X509_bio(in, NULL);
     } else if (type == SSL_FILETYPE_PEM) {
         j = ERR_R_PEM_LIB;
-        x = PEM_read_bio_X509(in, NULL, ssl->ctx->default_passwd_callback,
-                              ssl->ctx->default_passwd_callback_userdata);
+        x = PEM_read_bio_X509(in, NULL, ssl->default_passwd_callback,
+                              ssl->default_passwd_callback_userdata);
     } else {
         SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
         goto end;
@@ -118,13 +78,10 @@ int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
 
     ret = SSL_use_certificate(ssl, x);
  end:
-    if (x != NULL)
-        X509_free(x);
-    if (in != NULL)
-        BIO_free(in);
-    return (ret);
+    X509_free(x);
+    BIO_free(in);
+    return ret;
 }
-#endif
 
 int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len)
 {
@@ -134,12 +91,12 @@ int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len)
     x = d2i_X509(NULL, &d, (long)len);
     if (x == NULL) {
         SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB);
-        return (0);
+        return 0;
     }
 
     ret = SSL_use_certificate(ssl, x);
     X509_free(x);
-    return (ret);
+    return ret;
 }
 
 #ifndef OPENSSL_NO_RSA
@@ -150,59 +107,40 @@ int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
 
     if (rsa == NULL) {
         SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
-        return (0);
-    }
-    if (!ssl_cert_inst(&ssl->cert)) {
-        SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE);
-        return (0);
+        return 0;
     }
     if ((pkey = EVP_PKEY_new()) == NULL) {
         SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB);
-        return (0);
+        return 0;
     }
 
     RSA_up_ref(rsa);
     if (EVP_PKEY_assign_RSA(pkey, rsa) <= 0) {
         RSA_free(rsa);
+        EVP_PKEY_free(pkey);
         return 0;
     }
 
     ret = ssl_set_pkey(ssl->cert, pkey);
     EVP_PKEY_free(pkey);
-    return (ret);
+    return ret;
 }
 #endif
 
 static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
 {
-    int i;
-    /*
-     * Special case for DH: check two DH certificate types for a match. This
-     * means for DH certificates we must set the certificate first.
-     */
-    if (pkey->type == EVP_PKEY_DH) {
-        X509 *x;
-        i = -1;
-        x = c->pkeys[SSL_PKEY_DH_RSA].x509;
-        if (x && X509_check_private_key(x, pkey))
-            i = SSL_PKEY_DH_RSA;
-        x = c->pkeys[SSL_PKEY_DH_DSA].x509;
-        if (i == -1 && x && X509_check_private_key(x, pkey))
-            i = SSL_PKEY_DH_DSA;
-        ERR_clear_error();
-    } else
-        i = ssl_cert_type(NULL, pkey);
-    if (i < 0) {
+    size_t i;
+
+    if (ssl_cert_lookup_by_pkey(pkey, &i) == NULL) {
         SSLerr(SSL_F_SSL_SET_PKEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
-        return (0);
+        return 0;
     }
 
     if (c->pkeys[i].x509 != NULL) {
         EVP_PKEY *pktmp;
-        pktmp = X509_get_pubkey(c->pkeys[i].x509);
+        pktmp = X509_get0_pubkey(c->pkeys[i].x509);
         if (pktmp == NULL) {
             SSLerr(SSL_F_SSL_SET_PKEY, ERR_R_MALLOC_FAILURE);
-            EVP_PKEY_free(pktmp);
             return 0;
         }
         /*
@@ -210,7 +148,6 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
          * ignored. Some EVP_PKEY types cannot do this.
          */
         EVP_PKEY_copy_parameters(pktmp, pkey);
-        EVP_PKEY_free(pktmp);
         ERR_clear_error();
 
 #ifndef OPENSSL_NO_RSA
@@ -218,8 +155,8 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
          * Don't check the public/private key, this is mostly for smart
          * cards.
          */
-        if ((pkey->type == EVP_PKEY_RSA) &&
-            (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) ;
+        if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA
+            && RSA_flags(EVP_PKEY_get0_RSA(pkey)) & RSA_METHOD_FLAG_NO_CHECK) ;
         else
 #endif
         if (!X509_check_private_key(c->pkeys[i].x509, pkey)) {
@@ -229,25 +166,21 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
         }
     }
 
-    if (c->pkeys[i].privatekey != NULL)
-        EVP_PKEY_free(c->pkeys[i].privatekey);
-    CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
+    EVP_PKEY_free(c->pkeys[i].privatekey);
+    EVP_PKEY_up_ref(pkey);
     c->pkeys[i].privatekey = pkey;
-    c->key = &(c->pkeys[i]);
-
-    c->valid = 0;
-    return (1);
+    c->key = &c->pkeys[i];
+    return 1;
 }
 
 #ifndef OPENSSL_NO_RSA
-# ifndef OPENSSL_NO_STDIO
 int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
 {
     int j, ret = 0;
     BIO *in;
     RSA *rsa = NULL;
 
-    in = BIO_new(BIO_s_file_internal());
+    in = BIO_new(BIO_s_file());
     if (in == NULL) {
         SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB);
         goto end;
@@ -263,9 +196,8 @@ int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
     } else if (type == SSL_FILETYPE_PEM) {
         j = ERR_R_PEM_LIB;
         rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
-                                         ssl->ctx->default_passwd_callback,
-                                         ssl->
-                                         ctx->default_passwd_callback_userdata);
+                                         ssl->default_passwd_callback,
+                                         ssl->default_passwd_callback_userdata);
     } else {
         SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
         goto end;
@@ -277,13 +209,11 @@ int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
     ret = SSL_use_RSAPrivateKey(ssl, rsa);
     RSA_free(rsa);
  end:
-    if (in != NULL)
-        BIO_free(in);
-    return (ret);
+    BIO_free(in);
+    return ret;
 }
-# endif
 
-int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len)
+int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, long len)
 {
     int ret;
     const unsigned char *p;
@@ -292,12 +222,12 @@ int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len)
     p = d;
     if ((rsa = d2i_RSAPrivateKey(NULL, &p, (long)len)) == NULL) {
         SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
-        return (0);
+        return 0;
     }
 
     ret = SSL_use_RSAPrivateKey(ssl, rsa);
     RSA_free(rsa);
-    return (ret);
+    return ret;
 }
 #endif                          /* !OPENSSL_NO_RSA */
 
@@ -307,24 +237,19 @@ int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
 
     if (pkey == NULL) {
         SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
-        return (0);
-    }
-    if (!ssl_cert_inst(&ssl->cert)) {
-        SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE);
-        return (0);
+        return 0;
     }
     ret = ssl_set_pkey(ssl->cert, pkey);
-    return (ret);
+    return ret;
 }
 
-#ifndef OPENSSL_NO_STDIO
 int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
 {
     int j, ret = 0;
     BIO *in;
     EVP_PKEY *pkey = NULL;
 
-    in = BIO_new(BIO_s_file_internal());
+    in = BIO_new(BIO_s_file());
     if (in == NULL) {
         SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB);
         goto end;
@@ -337,9 +262,8 @@ int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
     if (type == SSL_FILETYPE_PEM) {
         j = ERR_R_PEM_LIB;
         pkey = PEM_read_bio_PrivateKey(in, NULL,
-                                       ssl->ctx->default_passwd_callback,
-                                       ssl->
-                                       ctx->default_passwd_callback_userdata);
+                                       ssl->default_passwd_callback,
+                                       ssl->default_passwd_callback_userdata);
     } else if (type == SSL_FILETYPE_ASN1) {
         j = ERR_R_ASN1_LIB;
         pkey = d2i_PrivateKey_bio(in, NULL);
@@ -354,11 +278,9 @@ int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
     ret = SSL_use_PrivateKey(ssl, pkey);
     EVP_PKEY_free(pkey);
  end:
-    if (in != NULL)
-        BIO_free(in);
-    return (ret);
+    BIO_free(in);
+    return ret;
 }
-#endif
 
 int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d,
                             long len)
@@ -370,45 +292,50 @@ int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d,
     p = d;
     if ((pkey = d2i_PrivateKey(type, NULL, &p, (long)len)) == NULL) {
         SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
-        return (0);
+        return 0;
     }
 
     ret = SSL_use_PrivateKey(ssl, pkey);
     EVP_PKEY_free(pkey);
-    return (ret);
+    return ret;
 }
 
 int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
 {
+    int rv;
     if (x == NULL) {
         SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
-        return (0);
+        return 0;
     }
-    if (!ssl_cert_inst(&ctx->cert)) {
-        SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE);
-        return (0);
+    rv = ssl_security_cert(NULL, ctx, x, 0, 1);
+    if (rv != 1) {
+        SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, rv);
+        return 0;
     }
-    return (ssl_set_cert(ctx->cert, x));
+    return ssl_set_cert(ctx->cert, x);
 }
 
 static int ssl_set_cert(CERT *c, X509 *x)
 {
     EVP_PKEY *pkey;
-    int i;
+    size_t i;
 
-    pkey = X509_get_pubkey(x);
+    pkey = X509_get0_pubkey(x);
     if (pkey == NULL) {
         SSLerr(SSL_F_SSL_SET_CERT, SSL_R_X509_LIB);
-        return (0);
+        return 0;
     }
 
-    i = ssl_cert_type(x, pkey);
-    if (i < 0) {
+    if (ssl_cert_lookup_by_pkey(pkey, &i) == NULL) {
         SSLerr(SSL_F_SSL_SET_CERT, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
-        EVP_PKEY_free(pkey);
-        return (0);
+        return 0;
     }
-
+#ifndef OPENSSL_NO_EC
+    if (i == SSL_PKEY_ECC && !EC_KEY_can_sign(EVP_PKEY_get0_EC_KEY(pkey))) {
+        SSLerr(SSL_F_SSL_SET_CERT, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
+        return 0;
+    }
+#endif
     if (c->pkeys[i].privatekey != NULL) {
         /*
          * The return code from EVP_PKEY_copy_parameters is deliberately
@@ -422,9 +349,9 @@ static int ssl_set_cert(CERT *c, X509 *x)
          * Don't check the public/private key, this is mostly for smart
          * cards.
          */
-        if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
-            (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) &
-             RSA_METHOD_FLAG_NO_CHECK)) ;
+        if (EVP_PKEY_id(c->pkeys[i].privatekey) == EVP_PKEY_RSA
+            && RSA_flags(EVP_PKEY_get0_RSA(c->pkeys[i].privatekey)) &
+            RSA_METHOD_FLAG_NO_CHECK) ;
         else
 #endif                          /* OPENSSL_NO_RSA */
         if (!X509_check_private_key(x, c->pkeys[i].privatekey)) {
@@ -440,19 +367,14 @@ static int ssl_set_cert(CERT *c, X509 *x)
         }
     }
 
-    EVP_PKEY_free(pkey);
-
-    if (c->pkeys[i].x509 != NULL)
-        X509_free(c->pkeys[i].x509);
-    CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
+    X509_free(c->pkeys[i].x509);
+    X509_up_ref(x);
     c->pkeys[i].x509 = x;
     c->key = &(c->pkeys[i]);
 
-    c->valid = 0;
-    return (1);
+    return 1;
 }
 
-#ifndef OPENSSL_NO_STDIO
 int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
 {
     int j;
@@ -460,7 +382,7 @@ int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
     int ret = 0;
     X509 *x = NULL;
 
-    in = BIO_new(BIO_s_file_internal());
+    in = BIO_new(BIO_s_file());
     if (in == NULL) {
         SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB);
         goto end;
@@ -489,16 +411,12 @@ int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
 
     ret = SSL_CTX_use_certificate(ctx, x);
  end:
-    if (x != NULL)
-        X509_free(x);
-    if (in != NULL)
-        BIO_free(in);
-    return (ret);
+    X509_free(x);
+    BIO_free(in);
+    return ret;
 }
-#endif
 
-int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len,
-                                 const unsigned char *d)
+int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d)
 {
     X509 *x;
     int ret;
@@ -506,12 +424,12 @@ int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len,
     x = d2i_X509(NULL, &d, (long)len);
     if (x == NULL) {
         SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB);
-        return (0);
+        return 0;
     }
 
     ret = SSL_CTX_use_certificate(ctx, x);
     X509_free(x);
-    return (ret);
+    return ret;
 }
 
 #ifndef OPENSSL_NO_RSA
@@ -522,36 +440,32 @@ int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
 
     if (rsa == NULL) {
         SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
-        return (0);
-    }
-    if (!ssl_cert_inst(&ctx->cert)) {
-        SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE);
-        return (0);
+        return 0;
     }
     if ((pkey = EVP_PKEY_new()) == NULL) {
         SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB);
-        return (0);
+        return 0;
     }
 
     RSA_up_ref(rsa);
     if (EVP_PKEY_assign_RSA(pkey, rsa) <= 0) {
         RSA_free(rsa);
+        EVP_PKEY_free(pkey);
         return 0;
     }
 
     ret = ssl_set_pkey(ctx->cert, pkey);
     EVP_PKEY_free(pkey);
-    return (ret);
+    return ret;
 }
 
-# ifndef OPENSSL_NO_STDIO
 int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
 {
     int j, ret = 0;
     BIO *in;
     RSA *rsa = NULL;
 
-    in = BIO_new(BIO_s_file_internal());
+    in = BIO_new(BIO_s_file());
     if (in == NULL) {
         SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB);
         goto end;
@@ -580,11 +494,9 @@ int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
     ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
     RSA_free(rsa);
  end:
-    if (in != NULL)
-        BIO_free(in);
-    return (ret);
+    BIO_free(in);
+    return ret;
 }
-# endif
 
 int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d,
                                    long len)
@@ -596,12 +508,12 @@ int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d,
     p = d;
     if ((rsa = d2i_RSAPrivateKey(NULL, &p, (long)len)) == NULL) {
         SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
-        return (0);
+        return 0;
     }
 
     ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
     RSA_free(rsa);
-    return (ret);
+    return ret;
 }
 #endif                          /* !OPENSSL_NO_RSA */
 
@@ -609,23 +521,18 @@ int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
 {
     if (pkey == NULL) {
         SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
-        return (0);
-    }
-    if (!ssl_cert_inst(&ctx->cert)) {
-        SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE);
-        return (0);
+        return 0;
     }
-    return (ssl_set_pkey(ctx->cert, pkey));
+    return ssl_set_pkey(ctx->cert, pkey);
 }
 
-#ifndef OPENSSL_NO_STDIO
 int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
 {
     int j, ret = 0;
     BIO *in;
     EVP_PKEY *pkey = NULL;
 
-    in = BIO_new(BIO_s_file_internal());
+    in = BIO_new(BIO_s_file());
     if (in == NULL) {
         SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB);
         goto end;
@@ -654,11 +561,9 @@ int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
     ret = SSL_CTX_use_PrivateKey(ctx, pkey);
     EVP_PKEY_free(pkey);
  end:
-    if (in != NULL)
-        BIO_free(in);
-    return (ret);
+    BIO_free(in);
+    return ret;
 }
-#endif
 
 int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx,
                                 const unsigned char *d, long len)
@@ -670,48 +575,60 @@ int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx,
     p = d;
     if ((pkey = d2i_PrivateKey(type, NULL, &p, (long)len)) == NULL) {
         SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
-        return (0);
+        return 0;
     }
 
     ret = SSL_CTX_use_PrivateKey(ctx, pkey);
     EVP_PKEY_free(pkey);
-    return (ret);
+    return ret;
 }
 
-#ifndef OPENSSL_NO_STDIO
 /*
  * Read a file that contains our certificate in "PEM" format, possibly
  * followed by a sequence of CA certificates that should be sent to the peer
  * in the Certificate message.
  */
-int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
+static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file)
 {
     BIO *in;
     int ret = 0;
     X509 *x = NULL;
+    pem_password_cb *passwd_callback;
+    void *passwd_callback_userdata;
 
     ERR_clear_error();          /* clear error stack for
                                  * SSL_CTX_use_certificate() */
 
-    in = BIO_new(BIO_s_file_internal());
+    if (ctx != NULL) {
+        passwd_callback = ctx->default_passwd_callback;
+        passwd_callback_userdata = ctx->default_passwd_callback_userdata;
+    } else {
+        passwd_callback = ssl->default_passwd_callback;
+        passwd_callback_userdata = ssl->default_passwd_callback_userdata;
+    }
+
+    in = BIO_new(BIO_s_file());
     if (in == NULL) {
-        SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB);
+        SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB);
         goto end;
     }
 
     if (BIO_read_filename(in, file) <= 0) {
-        SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_SYS_LIB);
+        SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_SYS_LIB);
         goto end;
     }
 
-    x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback,
-                              ctx->default_passwd_callback_userdata);
+    x = PEM_read_bio_X509_AUX(in, NULL, passwd_callback,
+                              passwd_callback_userdata);
     if (x == NULL) {
-        SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB);
+        SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB);
         goto end;
     }
 
-    ret = SSL_CTX_use_certificate(ctx, x);
+    if (ctx)
+        ret = SSL_CTX_use_certificate(ctx, x);
+    else
+        ret = SSL_use_certificate(ssl, x);
 
     if (ERR_peek_error() != 0)
         ret = 0;                /* Key/certificate mismatch doesn't imply
@@ -725,23 +642,33 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
         int r;
         unsigned long err;
 
-        SSL_CTX_clear_chain_certs(ctx);
+        if (ctx)
+            r = SSL_CTX_clear_chain_certs(ctx);
+        else
+            r = SSL_clear_chain_certs(ssl);
 
-        while ((ca = PEM_read_bio_X509(in, NULL,
-                                       ctx->default_passwd_callback,
-                                       ctx->default_passwd_callback_userdata))
+        if (r == 0) {
+            ret = 0;
+            goto end;
+        }
+
+        while ((ca = PEM_read_bio_X509(in, NULL, passwd_callback,
+                                       passwd_callback_userdata))
                != NULL) {
-            r = SSL_CTX_add0_chain_cert(ctx, ca);
+            if (ctx)
+                r = SSL_CTX_add0_chain_cert(ctx, ca);
+            else
+                r = SSL_add0_chain_cert(ssl, ca);
+            /*
+             * Note that we must not free ca if it was successfully added to
+             * the chain (while we must free the main certificate, since its
+             * reference count is increased by SSL_CTX_use_certificate).
+             */
             if (!r) {
                 X509_free(ca);
                 ret = 0;
                 goto end;
             }
-            /*
-             * Note that we must not free r if it was successfully added to
-             * the chain (while we must free the main certificate, since its
-             * reference count is increased by SSL_CTX_use_certificate).
-             */
         }
         /* When the while loop ends, it's usually just EOF. */
         err = ERR_peek_last_error();
@@ -753,65 +680,64 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
     }
 
  end:
-    if (x != NULL)
-        X509_free(x);
-    if (in != NULL)
-        BIO_free(in);
-    return (ret);
+    X509_free(x);
+    BIO_free(in);
+    return ret;
+}
+
+int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
+{
+    return use_certificate_chain_file(ctx, NULL, file);
+}
+
+int SSL_use_certificate_chain_file(SSL *ssl, const char *file)
+{
+    return use_certificate_chain_file(NULL, ssl, file);
 }
-#endif
 
-#ifndef OPENSSL_NO_TLSEXT
 static int serverinfo_find_extension(const unsigned char *serverinfo,
                                      size_t serverinfo_length,
                                      unsigned int extension_type,
                                      const unsigned char **extension_data,
                                      size_t *extension_length)
 {
+    PACKET pkt, data;
+
     *extension_data = NULL;
     *extension_length = 0;
     if (serverinfo == NULL || serverinfo_length == 0)
         return -1;
+
+    if (!PACKET_buf_init(&pkt, serverinfo, serverinfo_length))
+        return -1;
+
     for (;;) {
         unsigned int type = 0;
-        size_t len = 0;
+        unsigned long context = 0;
 
         /* end of serverinfo */
-        if (serverinfo_length == 0)
+        if (PACKET_remaining(&pkt) == 0)
             return 0;           /* Extension not found */
 
-        /* read 2-byte type field */
-        if (serverinfo_length < 2)
-            return -1;          /* Error */
-        type = (serverinfo[0] << 8) + serverinfo[1];
-        serverinfo += 2;
-        serverinfo_length -= 2;
-
-        /* read 2-byte len field */
-        if (serverinfo_length < 2)
-            return -1;          /* Error */
-        len = (serverinfo[0] << 8) + serverinfo[1];
-        serverinfo += 2;
-        serverinfo_length -= 2;
-
-        if (len > serverinfo_length)
-            return -1;          /* Error */
+        if (!PACKET_get_net_4(&pkt, &context)
+                || !PACKET_get_net_2(&pkt, &type)
+                || !PACKET_get_length_prefixed_2(&pkt, &data))
+            return -1;
 
         if (type == extension_type) {
-            *extension_data = serverinfo;
-            *extension_length = len;
+            *extension_data = PACKET_data(&data);
+            *extension_length = PACKET_remaining(&data);;
             return 1;           /* Success */
         }
-
-        serverinfo += len;
-        serverinfo_length -= len;
     }
-    return 0;                   /* Error */
+    /* Unreachable */
 }
 
-static int serverinfo_srv_parse_cb(SSL *s, unsigned int ext_type,
-                                   const unsigned char *in,
-                                   size_t inlen, int *al, void *arg)
+static int serverinfoex_srv_parse_cb(SSL *s, unsigned int ext_type,
+                                     unsigned int context,
+                                     const unsigned char *in,
+                                     size_t inlen, X509 *x, size_t chainidx,
+                                     int *al, void *arg)
 {
 
     if (inlen != 0) {
@@ -822,13 +748,27 @@ static int serverinfo_srv_parse_cb(SSL *s, unsigned int ext_type,
     return 1;
 }
 
-static int serverinfo_srv_add_cb(SSL *s, unsigned int ext_type,
-                                 const unsigned char **out, size_t *outlen,
-                                 int *al, void *arg)
+static int serverinfo_srv_parse_cb(SSL *s, unsigned int ext_type,
+                                   const unsigned char *in,
+                                   size_t inlen, int *al, void *arg)
+{
+    return serverinfoex_srv_parse_cb(s, ext_type, 0, in, inlen, NULL, 0, al,
+                                     arg);
+}
+
+static int serverinfoex_srv_add_cb(SSL *s, unsigned int ext_type,
+                                   unsigned int context,
+                                   const unsigned char **out,
+                                   size_t *outlen, X509 *x, size_t chainidx,
+                                   int *al, void *arg)
 {
     const unsigned char *serverinfo = NULL;
     size_t serverinfo_length = 0;
 
+    /* We only support extensions for the first Certificate */
+    if ((context & SSL_EXT_TLS1_3_CERTIFICATE) != 0 && chainidx > 0)
+        return 0;
+
     /* Is there serverinfo data for the chosen server cert? */
     if ((ssl_get_server_cert_serverinfo(s, &serverinfo,
                                         &serverinfo_length)) != 0) {
@@ -836,7 +776,7 @@ static int serverinfo_srv_add_cb(SSL *s, unsigned int ext_type,
         int retval = serverinfo_find_extension(serverinfo, serverinfo_length,
                                                ext_type, out, outlen);
         if (retval == -1) {
-            *al = SSL_AD_DECODE_ERROR;
+            *al = SSL_AD_INTERNAL_ERROR;
             return -1;          /* Error */
         }
         if (retval == 0)
@@ -847,95 +787,101 @@ static int serverinfo_srv_add_cb(SSL *s, unsigned int ext_type,
                                  * extension */
 }
 
+static int serverinfo_srv_add_cb(SSL *s, unsigned int ext_type,
+                                 const unsigned char **out, size_t *outlen,
+                                 int *al, void *arg)
+{
+    return serverinfoex_srv_add_cb(s, ext_type, 0, out, outlen, NULL, 0, al,
+                                   arg);
+}
+
 /*
  * With a NULL context, this function just checks that the serverinfo data
  * parses correctly.  With a non-NULL context, it registers callbacks for
  * the included extensions.
  */
-static int serverinfo_process_buffer(const unsigned char *serverinfo,
+static int serverinfo_process_buffer(unsigned int version,
+                                     const unsigned char *serverinfo,
                                      size_t serverinfo_length, SSL_CTX *ctx)
 {
+    PACKET pkt;
+
     if (serverinfo == NULL || serverinfo_length == 0)
         return 0;
-    for (;;) {
-        unsigned int ext_type = 0;
-        size_t len = 0;
 
-        /* end of serverinfo */
-        if (serverinfo_length == 0)
-            return 1;
-
-        /* read 2-byte type field */
-        if (serverinfo_length < 2)
-            return 0;
-        /* FIXME: check for types we understand explicitly? */
-
-        /* Register callbacks for extensions */
-        ext_type = (serverinfo[0] << 8) + serverinfo[1];
-        if (ctx) {
-            int have_ext_cbs = 0;
-            size_t i;
-            custom_ext_methods *exts = &ctx->cert->srv_ext;
-            custom_ext_method *meth = exts->meths;
-
-            for (i = 0; i < exts->meths_count; i++, meth++) {
-                if (ext_type == meth->ext_type) {
-                    have_ext_cbs = 1;
-                    break;
-                }
-            }
+    if (version != SSL_SERVERINFOV1 && version != SSL_SERVERINFOV2)
+        return 0;
 
-            if (!have_ext_cbs && !SSL_CTX_add_server_custom_ext(ctx, ext_type,
-                                                                serverinfo_srv_add_cb,
-                                                                NULL, NULL,
-                                                                serverinfo_srv_parse_cb,
-                                                                NULL))
-                return 0;
-        }
+    if (!PACKET_buf_init(&pkt, serverinfo, serverinfo_length))
+        return 0;
 
-        serverinfo += 2;
-        serverinfo_length -= 2;
+    while (PACKET_remaining(&pkt)) {
+        unsigned long context = 0;
+        unsigned int ext_type = 0;
+        PACKET data;
 
-        /* read 2-byte len field */
-        if (serverinfo_length < 2)
+        if ((version == SSL_SERVERINFOV2 && !PACKET_get_net_4(&pkt, &context))
+                || !PACKET_get_net_2(&pkt, &ext_type)
+                || !PACKET_get_length_prefixed_2(&pkt, &data))
             return 0;
-        len = (serverinfo[0] << 8) + serverinfo[1];
-        serverinfo += 2;
-        serverinfo_length -= 2;
 
-        if (len > serverinfo_length)
-            return 0;
+        if (ctx == NULL)
+            continue;
 
-        serverinfo += len;
-        serverinfo_length -= len;
+        /*
+         * The old style custom extensions API could be set separately for
+         * server/client, i.e. you could set one custom extension for a client,
+         * and *for the same extension in the same SSL_CTX* you could set a
+         * custom extension for the server as well. It seems quite weird to be
+         * setting a custom extension for both client and server in a single
+         * SSL_CTX - but theoretically possible. This isn't possible in the
+         * new API. Therefore, if we have V1 serverinfo we use the old API. We
+         * also use the old API even if we have V2 serverinfo but the context
+         * looks like an old style <= TLSv1.2 extension.
+         */
+        if (version == SSL_SERVERINFOV1 || context == SYNTHV1CONTEXT) {
+            if (!SSL_CTX_add_server_custom_ext(ctx, ext_type,
+                                               serverinfo_srv_add_cb,
+                                               NULL, NULL,
+                                               serverinfo_srv_parse_cb,
+                                               NULL))
+                return 0;
+        } else {
+            if (!SSL_CTX_add_custom_ext(ctx, ext_type, context,
+                                        serverinfoex_srv_add_cb,
+                                        NULL, NULL,
+                                        serverinfoex_srv_parse_cb,
+                                        NULL))
+                return 0;
+        }
     }
+
+    return 1;
 }
 
-int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo,
-                           size_t serverinfo_length)
+int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version,
+                              const unsigned char *serverinfo,
+                              size_t serverinfo_length)
 {
     unsigned char *new_serverinfo;
 
     if (ctx == NULL || serverinfo == NULL || serverinfo_length == 0) {
-        SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO, ERR_R_PASSED_NULL_PARAMETER);
+        SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_EX, ERR_R_PASSED_NULL_PARAMETER);
         return 0;
     }
-    if (!serverinfo_process_buffer(serverinfo, serverinfo_length, NULL)) {
-        SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO, SSL_R_INVALID_SERVERINFO_DATA);
-        return 0;
-    }
-    if (!ssl_cert_inst(&ctx->cert)) {
-        SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO, ERR_R_MALLOC_FAILURE);
+    if (!serverinfo_process_buffer(version, serverinfo, serverinfo_length,
+                                   NULL)) {
+        SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_EX, SSL_R_INVALID_SERVERINFO_DATA);
         return 0;
     }
     if (ctx->cert->key == NULL) {
-        SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO, ERR_R_INTERNAL_ERROR);
+        SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_EX, ERR_R_INTERNAL_ERROR);
         return 0;
     }
     new_serverinfo = OPENSSL_realloc(ctx->cert->key->serverinfo,
                                      serverinfo_length);
     if (new_serverinfo == NULL) {
-        SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO, ERR_R_MALLOC_FAILURE);
+        SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_EX, ERR_R_MALLOC_FAILURE);
         return 0;
     }
     ctx->cert->key->serverinfo = new_serverinfo;
@@ -946,35 +892,42 @@ int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo,
      * Now that the serverinfo is validated and stored, go ahead and
      * register callbacks.
      */
-    if (!serverinfo_process_buffer(serverinfo, serverinfo_length, ctx)) {
-        SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO, SSL_R_INVALID_SERVERINFO_DATA);
+    if (!serverinfo_process_buffer(version, serverinfo, serverinfo_length,
+                                   ctx)) {
+        SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_EX, SSL_R_INVALID_SERVERINFO_DATA);
         return 0;
     }
     return 1;
 }
 
-# ifndef OPENSSL_NO_STDIO
+int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo,
+                           size_t serverinfo_length)
+{
+    return SSL_CTX_use_serverinfo_ex(ctx, SSL_SERVERINFOV1, serverinfo,
+                                     serverinfo_length);
+}
+
 int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
 {
     unsigned char *serverinfo = NULL;
+    unsigned char *tmp;
     size_t serverinfo_length = 0;
     unsigned char *extension = 0;
     long extension_length = 0;
     char *name = NULL;
     char *header = NULL;
-    char namePrefix[] = "SERVERINFO FOR ";
+    char namePrefix1[] = "SERVERINFO FOR ";
+    char namePrefix2[] = "SERVERINFOV2 FOR ";
     int ret = 0;
     BIO *bin = NULL;
-    size_t num_extensions = 0;
-    unsigned char *new_serverinfo;
+    size_t num_extensions = 0, contextoff = 0;
 
     if (ctx == NULL || file == NULL) {
-        SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE,
-               ERR_R_PASSED_NULL_PARAMETER);
+        SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_PASSED_NULL_PARAMETER);
         goto end;
     }
 
-    bin = BIO_new(BIO_s_file_internal());
+    bin = BIO_new(BIO_s_file());
     if (bin == NULL) {
         SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_BUF_LIB);
         goto end;
@@ -985,6 +938,8 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
     }
 
     for (num_extensions = 0;; num_extensions++) {
+        unsigned int version;
+
         if (PEM_read_bio(bin, &name, &header, &extension, &extension_length)
             == 0) {
             /*
@@ -998,34 +953,70 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
                 break;
         }
         /* Check that PEM name starts with "BEGIN SERVERINFO FOR " */
-        if (strlen(name) < strlen(namePrefix)) {
-            SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE,
-                   SSL_R_PEM_NAME_TOO_SHORT);
+        if (strlen(name) < strlen(namePrefix1)) {
+            SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_PEM_NAME_TOO_SHORT);
             goto end;
         }
-        if (strncmp(name, namePrefix, strlen(namePrefix)) != 0) {
-            SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE,
-                   SSL_R_PEM_NAME_BAD_PREFIX);
-            goto end;
+        if (strncmp(name, namePrefix1, strlen(namePrefix1)) == 0) {
+            version = SSL_SERVERINFOV1;
+        } else {
+            if (strlen(name) < strlen(namePrefix2)) {
+                SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE,
+                       SSL_R_PEM_NAME_TOO_SHORT);
+                goto end;
+            }
+            if (strncmp(name, namePrefix2, strlen(namePrefix2)) != 0) {
+                SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE,
+                       SSL_R_PEM_NAME_BAD_PREFIX);
+                goto end;
+            }
+            version = SSL_SERVERINFOV2;
         }
         /*
          * Check that the decoded PEM data is plausible (valid length field)
          */
-        if (extension_length < 4
-            || (extension[2] << 8) + extension[3] != extension_length - 4) {
-            SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_BAD_DATA);
-            goto end;
+        if (version == SSL_SERVERINFOV1) {
+            /* 4 byte header: 2 bytes type, 2 bytes len */
+            if (extension_length < 4
+                    || (extension[2] << 8) + extension[3]
+                       != extension_length - 4) {
+                SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_BAD_DATA);
+                goto end;
+            }
+            /*
+             * File does not have a context value so we must take account of
+             * this later.
+             */
+            contextoff = 4;
+        } else {
+            /* 8 byte header: 4 bytes context, 2 bytes type, 2 bytes len */
+            if (extension_length < 8
+                    || (extension[6] << 8) + extension[7]
+                       != extension_length - 8) {
+                SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_BAD_DATA);
+                goto end;
+            }
         }
         /* Append the decoded extension to the serverinfo buffer */
-        new_serverinfo =
-            OPENSSL_realloc(serverinfo, serverinfo_length + extension_length);
-        if (new_serverinfo == NULL) {
+        tmp = OPENSSL_realloc(serverinfo, serverinfo_length + extension_length
+                                          + contextoff);
+        if (tmp == NULL) {
             SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_MALLOC_FAILURE);
             goto end;
         }
-        serverinfo = new_serverinfo;
-        memcpy(serverinfo + serverinfo_length, extension, extension_length);
-        serverinfo_length += extension_length;
+        serverinfo = tmp;
+        if (contextoff > 0) {
+            unsigned char *sinfo = serverinfo + serverinfo_length;
+
+            /* We know this only uses the last 2 bytes */
+            sinfo[0] = 0;
+            sinfo[1] = 0;
+            sinfo[2] = (SYNTHV1CONTEXT >> 8) & 0xff;
+            sinfo[3] = SYNTHV1CONTEXT & 0xff;
+        }
+        memcpy(serverinfo + serverinfo_length + contextoff,
+               extension, extension_length);
+        serverinfo_length += extension_length + contextoff;
 
         OPENSSL_free(name);
         name = NULL;
@@ -1035,16 +1026,125 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
         extension = NULL;
     }
 
-    ret = SSL_CTX_use_serverinfo(ctx, serverinfo, serverinfo_length);
+    ret = SSL_CTX_use_serverinfo_ex(ctx, SSL_SERVERINFOV2, serverinfo,
+                                    serverinfo_length);
  end:
     /* SSL_CTX_use_serverinfo makes a local copy of the serverinfo. */
     OPENSSL_free(name);
     OPENSSL_free(header);
     OPENSSL_free(extension);
     OPENSSL_free(serverinfo);
-    if (bin != NULL)
-        BIO_free(bin);
+    BIO_free(bin);
     return ret;
 }
-# endif                         /* OPENSSL_NO_STDIO */
-#endif                          /* OPENSSL_NO_TLSEXT */
+
+static int ssl_set_cert_and_key(SSL *ssl, SSL_CTX *ctx, X509 *x509, EVP_PKEY *privatekey,
+                                STACK_OF(X509) *chain, int override)
+{
+    int ret = 0;
+    size_t i;
+    int j;
+    int rv;
+    CERT *c = ssl != NULL ? ssl->cert : ctx->cert;
+    STACK_OF(X509) *dup_chain = NULL;
+    EVP_PKEY *pubkey = NULL;
+
+    /* Do all security checks before anything else */
+    rv = ssl_security_cert(ssl, ctx, x509, 0, 1);
+    if (rv != 1) {
+        SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, rv);
+        goto out;
+    }
+    for (j = 0; j < sk_X509_num(chain); j++) {
+        rv = ssl_security_cert(ssl, ctx, sk_X509_value(chain, j), 0, 0);
+        if (rv != 1) {
+            SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, rv);
+            goto out;
+        }
+    }
+
+    pubkey = X509_get_pubkey(x509); /* bumps reference */
+    if (pubkey == NULL)
+        goto out;
+    if (privatekey == NULL) {
+        privatekey = pubkey;
+    } else {
+        /* For RSA, which has no parameters, missing returns 0 */
+        if (EVP_PKEY_missing_parameters(privatekey)) {
+            if (EVP_PKEY_missing_parameters(pubkey)) {
+                /* nobody has parameters? - error */
+                SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, SSL_R_MISSING_PARAMETERS);
+                goto out;
+            } else {
+                /* copy to privatekey from pubkey */
+                EVP_PKEY_copy_parameters(privatekey, pubkey);
+            }
+        } else if (EVP_PKEY_missing_parameters(pubkey)) {
+            /* copy to pubkey from privatekey */
+            EVP_PKEY_copy_parameters(pubkey, privatekey);
+        } /* else both have parameters */
+
+        /* Copied from ssl_set_cert/pkey */
+#ifndef OPENSSL_NO_RSA
+        if ((EVP_PKEY_id(privatekey) == EVP_PKEY_RSA) &&
+            ((RSA_flags(EVP_PKEY_get0_RSA(privatekey)) & RSA_METHOD_FLAG_NO_CHECK)))
+            /* no-op */ ;
+        else
+#endif
+        /* check that key <-> cert match */
+        if (EVP_PKEY_cmp(pubkey, privatekey) != 1) {
+            SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, SSL_R_PRIVATE_KEY_MISMATCH);
+            goto out;
+        }
+    }
+    if (ssl_cert_lookup_by_pkey(pubkey, &i) == NULL) {
+        SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
+        goto out;
+    }
+
+    if (!override && (c->pkeys[i].x509 != NULL
+                      || c->pkeys[i].privatekey != NULL
+                      || c->pkeys[i].chain != NULL)) {
+        /* No override, and something already there */
+        SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, SSL_R_NOT_REPLACING_CERTIFICATE);
+        goto out;
+    }
+
+    if (chain != NULL) {
+        dup_chain = X509_chain_up_ref(chain);
+        if  (dup_chain == NULL) {
+            SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, ERR_R_MALLOC_FAILURE);
+            goto out;
+        }
+    }
+
+    sk_X509_pop_free(c->pkeys[i].chain, X509_free);
+    c->pkeys[i].chain = dup_chain;
+
+    X509_free(c->pkeys[i].x509);
+    X509_up_ref(x509);
+    c->pkeys[i].x509 = x509;
+
+    EVP_PKEY_free(c->pkeys[i].privatekey);
+    EVP_PKEY_up_ref(privatekey);
+    c->pkeys[i].privatekey = privatekey;
+
+    c->key = &(c->pkeys[i]);
+
+    ret = 1;
+ out:
+    EVP_PKEY_free(pubkey);
+    return ret;
+}
+
+int SSL_use_cert_and_key(SSL *ssl, X509 *x509, EVP_PKEY *privatekey,
+                         STACK_OF(X509) *chain, int override)
+{
+    return ssl_set_cert_and_key(ssl, NULL, x509, privatekey, chain, override);
+}
+
+int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x509, EVP_PKEY *privatekey,
+                             STACK_OF(X509) *chain, int override)
+{
+    return ssl_set_cert_and_key(NULL, ctx, x509, privatekey, chain, override);
+}
diff --git a/freebsd/crypto/openssl/ssl/ssl_sess.c b/freebsd/crypto/openssl/ssl/ssl_sess.c
index 66a3d253..9a5141ba 100644
--- a/freebsd/crypto/openssl/ssl/ssl_sess.c
+++ b/freebsd/crypto/openssl/ssl/ssl_sess.c
@@ -1,158 +1,40 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* ssl/ssl_sess.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright 2005 Nokia. All rights reserved.
  *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
-#include <openssl/lhash.h>
 #include <openssl/rand.h>
-#ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
-#endif
+#include <openssl/engine.h>
+#include "internal/refcount.h"
+#include "internal/cryptlib.h"
 #include "ssl_locl.h"
+#include "statem/statem_locl.h"
 
 static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
 static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s);
 static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck);
 
+/*
+ * SSL_get_session() and SSL_get1_session() are problematic in TLS1.3 because,
+ * unlike in earlier protocol versions, the session ticket may not have been
+ * sent yet even though a handshake has finished. The session ticket data could
+ * come in sometime later...or even change if multiple session ticket messages
+ * are sent from the server. The preferred way for applications to obtain
+ * a resumable session is to use SSL_CTX_sess_set_new_cb().
+ */
+
 SSL_SESSION *SSL_get_session(const SSL *ssl)
 /* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */
 {
-    return (ssl->session);
+    return ssl->session;
 }
 
 SSL_SESSION *SSL_get1_session(SSL *ssl)
@@ -164,69 +46,59 @@ SSL_SESSION *SSL_get1_session(SSL *ssl)
      * somebody doesn't free ssl->session between when we check it's non-null
      * and when we up the reference count.
      */
-    CRYPTO_w_lock(CRYPTO_LOCK_SSL_SESSION);
+    CRYPTO_THREAD_read_lock(ssl->lock);
     sess = ssl->session;
     if (sess)
-        sess->references++;
-    CRYPTO_w_unlock(CRYPTO_LOCK_SSL_SESSION);
-    return (sess);
-}
-
-int SSL_SESSION_get_ex_new_index(long argl, void *argp,
-                                 CRYPTO_EX_new *new_func,
-                                 CRYPTO_EX_dup *dup_func,
-                                 CRYPTO_EX_free *free_func)
-{
-    return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, argl, argp,
-                                   new_func, dup_func, free_func);
+        SSL_SESSION_up_ref(sess);
+    CRYPTO_THREAD_unlock(ssl->lock);
+    return sess;
 }
 
 int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg)
 {
-    return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
+    return CRYPTO_set_ex_data(&s->ex_data, idx, arg);
 }
 
 void *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx)
 {
-    return (CRYPTO_get_ex_data(&s->ex_data, idx));
+    return CRYPTO_get_ex_data(&s->ex_data, idx);
 }
 
 SSL_SESSION *SSL_SESSION_new(void)
 {
     SSL_SESSION *ss;
 
-    ss = (SSL_SESSION *)OPENSSL_malloc(sizeof(SSL_SESSION));
+    if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL))
+        return NULL;
+
+    ss = OPENSSL_zalloc(sizeof(*ss));
     if (ss == NULL) {
         SSLerr(SSL_F_SSL_SESSION_NEW, ERR_R_MALLOC_FAILURE);
-        return (0);
+        return NULL;
     }
-    memset(ss, 0, sizeof(SSL_SESSION));
 
     ss->verify_result = 1;      /* avoid 0 (= X509_V_OK) just in case */
     ss->references = 1;
     ss->timeout = 60 * 5 + 4;   /* 5 minute timeout by default */
     ss->time = (unsigned long)time(NULL);
-    ss->prev = NULL;
-    ss->next = NULL;
-    ss->compress_meth = 0;
-#ifndef OPENSSL_NO_TLSEXT
-    ss->tlsext_hostname = NULL;
-# ifndef OPENSSL_NO_EC
-    ss->tlsext_ecpointformatlist_length = 0;
-    ss->tlsext_ecpointformatlist = NULL;
-    ss->tlsext_ellipticcurvelist_length = 0;
-    ss->tlsext_ellipticcurvelist = NULL;
-# endif
-#endif
-    CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
-#ifndef OPENSSL_NO_PSK
-    ss->psk_identity_hint = NULL;
-    ss->psk_identity = NULL;
-#endif
-#ifndef OPENSSL_NO_SRP
-    ss->srp_username = NULL;
-#endif
-    return (ss);
+    ss->lock = CRYPTO_THREAD_lock_new();
+    if (ss->lock == NULL) {
+        SSLerr(SSL_F_SSL_SESSION_NEW, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ss);
+        return NULL;
+    }
+
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data)) {
+        CRYPTO_THREAD_lock_free(ss->lock);
+        OPENSSL_free(ss);
+        return NULL;
+    }
+    return ss;
+}
+
+SSL_SESSION *SSL_SESSION_dup(SSL_SESSION *src)
+{
+    return ssl_session_dup(src, 1);
 }
 
 /*
@@ -252,17 +124,20 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
     dest->psk_identity = NULL;
 #endif
     dest->ciphers = NULL;
-#ifndef OPENSSL_NO_TLSEXT
-    dest->tlsext_hostname = NULL;
-# ifndef OPENSSL_NO_EC
-    dest->tlsext_ecpointformatlist = NULL;
-    dest->tlsext_ellipticcurvelist = NULL;
-# endif
-    dest->tlsext_tick = NULL;
+    dest->ext.hostname = NULL;
+#ifndef OPENSSL_NO_EC
+    dest->ext.ecpointformats = NULL;
+    dest->ext.supportedgroups = NULL;
 #endif
+    dest->ext.tick = NULL;
+    dest->ext.alpn_selected = NULL;
 #ifndef OPENSSL_NO_SRP
     dest->srp_username = NULL;
 #endif
+    dest->peer_chain = NULL;
+    dest->peer = NULL;
+    dest->ticket_appdata = NULL;
+    memset(&dest->ex_data, 0, sizeof(dest->ex_data));
 
     /* We deliberately don't copy the prev and next pointers */
     dest->prev = NULL;
@@ -270,98 +145,127 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
 
     dest->references = 1;
 
-    if (src->sess_cert != NULL)
-        CRYPTO_add(&src->sess_cert->references, 1, CRYPTO_LOCK_SSL_SESS_CERT);
-
-    if (src->peer != NULL)
-        CRYPTO_add(&src->peer->references, 1, CRYPTO_LOCK_X509);
+    dest->lock = CRYPTO_THREAD_lock_new();
+    if (dest->lock == NULL)
+        goto err;
 
     if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, dest, &dest->ex_data))
         goto err;
 
+    if (src->peer != NULL) {
+        if (!X509_up_ref(src->peer))
+            goto err;
+        dest->peer = src->peer;
+    }
+
+    if (src->peer_chain != NULL) {
+        dest->peer_chain = X509_chain_up_ref(src->peer_chain);
+        if (dest->peer_chain == NULL)
+            goto err;
+    }
 #ifndef OPENSSL_NO_PSK
     if (src->psk_identity_hint) {
-        dest->psk_identity_hint = BUF_strdup(src->psk_identity_hint);
+        dest->psk_identity_hint = OPENSSL_strdup(src->psk_identity_hint);
         if (dest->psk_identity_hint == NULL) {
             goto err;
         }
     }
     if (src->psk_identity) {
-        dest->psk_identity = BUF_strdup(src->psk_identity);
+        dest->psk_identity = OPENSSL_strdup(src->psk_identity);
         if (dest->psk_identity == NULL) {
             goto err;
         }
     }
 #endif
 
-    if(src->ciphers != NULL) {
+    if (src->ciphers != NULL) {
         dest->ciphers = sk_SSL_CIPHER_dup(src->ciphers);
         if (dest->ciphers == NULL)
             goto err;
     }
 
     if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL_SESSION,
-                                            &dest->ex_data, &src->ex_data)) {
+                            &dest->ex_data, &src->ex_data)) {
         goto err;
     }
 
-#ifndef OPENSSL_NO_TLSEXT
-    if (src->tlsext_hostname) {
-        dest->tlsext_hostname = BUF_strdup(src->tlsext_hostname);
-        if (dest->tlsext_hostname == NULL) {
+    if (src->ext.hostname) {
+        dest->ext.hostname = OPENSSL_strdup(src->ext.hostname);
+        if (dest->ext.hostname == NULL) {
             goto err;
         }
     }
-# ifndef OPENSSL_NO_EC
-    if (src->tlsext_ecpointformatlist) {
-        dest->tlsext_ecpointformatlist =
-            BUF_memdup(src->tlsext_ecpointformatlist,
-                       src->tlsext_ecpointformatlist_length);
-        if (dest->tlsext_ecpointformatlist == NULL)
+#ifndef OPENSSL_NO_EC
+    if (src->ext.ecpointformats) {
+        dest->ext.ecpointformats =
+            OPENSSL_memdup(src->ext.ecpointformats,
+                           src->ext.ecpointformats_len);
+        if (dest->ext.ecpointformats == NULL)
             goto err;
     }
-    if (src->tlsext_ellipticcurvelist) {
-        dest->tlsext_ellipticcurvelist =
-            BUF_memdup(src->tlsext_ellipticcurvelist,
-                       src->tlsext_ellipticcurvelist_length);
-        if (dest->tlsext_ellipticcurvelist == NULL)
+    if (src->ext.supportedgroups) {
+        dest->ext.supportedgroups =
+            OPENSSL_memdup(src->ext.supportedgroups,
+                           src->ext.supportedgroups_len
+                                * sizeof(*src->ext.supportedgroups));
+        if (dest->ext.supportedgroups == NULL)
             goto err;
     }
-# endif
+#endif
 
-    if (ticket != 0 && src->tlsext_tick != NULL) {
-        dest->tlsext_tick = BUF_memdup(src->tlsext_tick, src->tlsext_ticklen);
-        if(dest->tlsext_tick == NULL)
+    if (ticket != 0 && src->ext.tick != NULL) {
+        dest->ext.tick =
+            OPENSSL_memdup(src->ext.tick, src->ext.ticklen);
+        if (dest->ext.tick == NULL)
             goto err;
     } else {
-        dest->tlsext_tick_lifetime_hint = 0;
-        dest->tlsext_ticklen = 0;
+        dest->ext.tick_lifetime_hint = 0;
+        dest->ext.ticklen = 0;
+    }
+
+    if (src->ext.alpn_selected != NULL) {
+        dest->ext.alpn_selected = OPENSSL_memdup(src->ext.alpn_selected,
+                                                 src->ext.alpn_selected_len);
+        if (dest->ext.alpn_selected == NULL)
+            goto err;
     }
-#endif
 
 #ifndef OPENSSL_NO_SRP
     if (src->srp_username) {
-        dest->srp_username = BUF_strdup(src->srp_username);
+        dest->srp_username = OPENSSL_strdup(src->srp_username);
         if (dest->srp_username == NULL) {
             goto err;
         }
     }
 #endif
 
+    if (src->ticket_appdata != NULL) {
+        dest->ticket_appdata =
+            OPENSSL_memdup(src->ticket_appdata, src->ticket_appdata_len);
+        if (dest->ticket_appdata == NULL)
+            goto err;
+    }
+
     return dest;
-err:
+ err:
     SSLerr(SSL_F_SSL_SESSION_DUP, ERR_R_MALLOC_FAILURE);
     SSL_SESSION_free(dest);
     return NULL;
 }
 
-const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
-                                        unsigned int *len)
+const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
 {
     if (len)
-        *len = s->session_id_length;
+        *len = (unsigned int)s->session_id_length;
     return s->session_id;
 }
+const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s,
+                                                unsigned int *len)
+{
+    if (len != NULL)
+        *len = (unsigned int)s->sid_ctx_length;
+    return s->sid_ctx;
+}
 
 unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s)
 {
@@ -369,19 +273,18 @@ unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s)
 }
 
 /*
- * Even with SSLv2, we have 16 bytes (128 bits) of session ID space.
- * SSLv3/TLSv1 has 32 bytes (256 bits). As such, filling the ID with random
- * gunk repeatedly until we have no conflict is going to complete in one
- * iteration pretty much "most" of the time (btw: understatement). So, if it
- * takes us 10 iterations and we still can't avoid a conflict - well that's a
- * reasonable point to call it quits. Either the RAND code is broken or
- * someone is trying to open roughly very close to 2^128 (or 2^256) SSL
- * sessions to our server. How you might store that many sessions is perhaps
- * a more interesting question ...
+ * SSLv3/TLSv1 has 32 bytes (256 bits) of session ID space. As such, filling
+ * the ID with random junk repeatedly until we have no conflict is going to
+ * complete in one iteration pretty much "most" of the time (btw:
+ * understatement). So, if it takes us 10 iterations and we still can't avoid
+ * a conflict - well that's a reasonable point to call it quits. Either the
+ * RAND code is broken or someone is trying to open roughly very close to
+ * 2^256 SSL sessions to our server. How you might store that many sessions
+ * is perhaps a more interesting question ...
  */
 
 #define MAX_SESS_ID_ATTEMPTS 10
-static int def_generate_session_id(const SSL *ssl, unsigned char *id,
+static int def_generate_session_id(SSL *ssl, unsigned char *id,
                                    unsigned int *id_len)
 {
     unsigned int retry = 0;
@@ -404,16 +307,99 @@ static int def_generate_session_id(const SSL *ssl, unsigned char *id,
     return 0;
 }
 
+int ssl_generate_session_id(SSL *s, SSL_SESSION *ss)
+{
+    unsigned int tmp;
+    GEN_SESSION_CB cb = def_generate_session_id;
+
+    switch (s->version) {
+    case SSL3_VERSION:
+    case TLS1_VERSION:
+    case TLS1_1_VERSION:
+    case TLS1_2_VERSION:
+    case TLS1_3_VERSION:
+    case DTLS1_BAD_VER:
+    case DTLS1_VERSION:
+    case DTLS1_2_VERSION:
+        ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
+        break;
+    default:
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_SESSION_ID,
+                 SSL_R_UNSUPPORTED_SSL_VERSION);
+        return 0;
+    }
+
+    /*-
+     * If RFC5077 ticket, use empty session ID (as server).
+     * Note that:
+     * (a) ssl_get_prev_session() does lookahead into the
+     *     ClientHello extensions to find the session ticket.
+     *     When ssl_get_prev_session() fails, statem_srvr.c calls
+     *     ssl_get_new_session() in tls_process_client_hello().
+     *     At that point, it has not yet parsed the extensions,
+     *     however, because of the lookahead, it already knows
+     *     whether a ticket is expected or not.
+     *
+     * (b) statem_clnt.c calls ssl_get_new_session() before parsing
+     *     ServerHello extensions, and before recording the session
+     *     ID received from the server, so this block is a noop.
+     */
+    if (s->ext.ticket_expected) {
+        ss->session_id_length = 0;
+        return 1;
+    }
+
+    /* Choose which callback will set the session ID */
+    CRYPTO_THREAD_read_lock(s->lock);
+    CRYPTO_THREAD_read_lock(s->session_ctx->lock);
+    if (s->generate_session_id)
+        cb = s->generate_session_id;
+    else if (s->session_ctx->generate_session_id)
+        cb = s->session_ctx->generate_session_id;
+    CRYPTO_THREAD_unlock(s->session_ctx->lock);
+    CRYPTO_THREAD_unlock(s->lock);
+    /* Choose a session ID */
+    memset(ss->session_id, 0, ss->session_id_length);
+    tmp = (int)ss->session_id_length;
+    if (!cb(s, ss->session_id, &tmp)) {
+        /* The callback failed */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_SESSION_ID,
+                 SSL_R_SSL_SESSION_ID_CALLBACK_FAILED);
+        return 0;
+    }
+    /*
+     * Don't allow the callback to set the session length to zero. nor
+     * set it higher than it was.
+     */
+    if (tmp == 0 || tmp > ss->session_id_length) {
+        /* The callback set an illegal length */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_SESSION_ID,
+                 SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH);
+        return 0;
+    }
+    ss->session_id_length = tmp;
+    /* Finally, check for a conflict */
+    if (SSL_has_matching_session_id(s, ss->session_id,
+                                    (unsigned int)ss->session_id_length)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_SESSION_ID,
+                 SSL_R_SSL_SESSION_ID_CONFLICT);
+        return 0;
+    }
+
+    return 1;
+}
+
 int ssl_get_new_session(SSL *s, int session)
 {
     /* This gets used by clients and servers. */
 
-    unsigned int tmp;
     SSL_SESSION *ss = NULL;
-    GEN_SESSION_CB cb = def_generate_session_id;
 
-    if ((ss = SSL_SESSION_new()) == NULL)
-        return (0);
+    if ((ss = SSL_SESSION_new()) == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GET_NEW_SESSION,
+                 ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
 
     /* If the context has a default timeout, use it */
     if (s->session_ctx->session_timeout == 0)
@@ -421,118 +407,29 @@ int ssl_get_new_session(SSL *s, int session)
     else
         ss->timeout = s->session_ctx->session_timeout;
 
-    if (s->session != NULL) {
-        SSL_SESSION_free(s->session);
-        s->session = NULL;
-    }
+    SSL_SESSION_free(s->session);
+    s->session = NULL;
 
     if (session) {
-        if (s->version == SSL2_VERSION) {
-            ss->ssl_version = SSL2_VERSION;
-            ss->session_id_length = SSL2_SSL_SESSION_ID_LENGTH;
-        } else if (s->version == SSL3_VERSION) {
-            ss->ssl_version = SSL3_VERSION;
-            ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
-        } else if (s->version == TLS1_VERSION) {
-            ss->ssl_version = TLS1_VERSION;
-            ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
-        } else if (s->version == TLS1_1_VERSION) {
-            ss->ssl_version = TLS1_1_VERSION;
-            ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
-        } else if (s->version == TLS1_2_VERSION) {
-            ss->ssl_version = TLS1_2_VERSION;
-            ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
-        } else if (s->version == DTLS1_BAD_VER) {
-            ss->ssl_version = DTLS1_BAD_VER;
-            ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
-        } else if (s->version == DTLS1_VERSION) {
-            ss->ssl_version = DTLS1_VERSION;
-            ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
-        } else if (s->version == DTLS1_2_VERSION) {
-            ss->ssl_version = DTLS1_2_VERSION;
-            ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
-        } else {
-            SSLerr(SSL_F_SSL_GET_NEW_SESSION, SSL_R_UNSUPPORTED_SSL_VERSION);
-            SSL_SESSION_free(ss);
-            return (0);
-        }
-#ifndef OPENSSL_NO_TLSEXT
-        /*-
-         * If RFC5077 ticket, use empty session ID (as server).
-         * Note that:
-         * (a) ssl_get_prev_session() does lookahead into the
-         *     ClientHello extensions to find the session ticket.
-         *     When ssl_get_prev_session() fails, s3_srvr.c calls
-         *     ssl_get_new_session() in ssl3_get_client_hello().
-         *     At that point, it has not yet parsed the extensions,
-         *     however, because of the lookahead, it already knows
-         *     whether a ticket is expected or not.
-         *
-         * (b) s3_clnt.c calls ssl_get_new_session() before parsing
-         *     ServerHello extensions, and before recording the session
-         *     ID received from the server, so this block is a noop.
-         */
-        if (s->tlsext_ticket_expected) {
+        if (SSL_IS_TLS13(s)) {
+            /*
+             * We generate the session id while constructing the
+             * NewSessionTicket in TLSv1.3.
+             */
             ss->session_id_length = 0;
-            goto sess_id_done;
-        }
-#endif
-        /* Choose which callback will set the session ID */
-        CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
-        if (s->generate_session_id)
-            cb = s->generate_session_id;
-        else if (s->session_ctx->generate_session_id)
-            cb = s->session_ctx->generate_session_id;
-        CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
-        /* Choose a session ID */
-        tmp = ss->session_id_length;
-        if (!cb(s, ss->session_id, &tmp)) {
-            /* The callback failed */
-            SSLerr(SSL_F_SSL_GET_NEW_SESSION,
-                   SSL_R_SSL_SESSION_ID_CALLBACK_FAILED);
-            SSL_SESSION_free(ss);
-            return (0);
-        }
-        /*
-         * Don't allow the callback to set the session length to zero. nor
-         * set it higher than it was.
-         */
-        if (!tmp || (tmp > ss->session_id_length)) {
-            /* The callback set an illegal length */
-            SSLerr(SSL_F_SSL_GET_NEW_SESSION,
-                   SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH);
+        } else if (!ssl_generate_session_id(s, ss)) {
+            /* SSLfatal() already called */
             SSL_SESSION_free(ss);
-            return (0);
-        }
-        /* If the session length was shrunk and we're SSLv2, pad it */
-        if ((tmp < ss->session_id_length) && (s->version == SSL2_VERSION))
-            memset(ss->session_id + tmp, 0, ss->session_id_length - tmp);
-        else
-            ss->session_id_length = tmp;
-        /* Finally, check for a conflict */
-        if (SSL_has_matching_session_id(s, ss->session_id,
-                                        ss->session_id_length)) {
-            SSLerr(SSL_F_SSL_GET_NEW_SESSION, SSL_R_SSL_SESSION_ID_CONFLICT);
-            SSL_SESSION_free(ss);
-            return (0);
-        }
-#ifndef OPENSSL_NO_TLSEXT
- sess_id_done:
-        if (s->tlsext_hostname) {
-            ss->tlsext_hostname = BUF_strdup(s->tlsext_hostname);
-            if (ss->tlsext_hostname == NULL) {
-                SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);
-                SSL_SESSION_free(ss);
-                return 0;
-            }
+            return 0;
         }
-#endif
+
     } else {
         ss->session_id_length = 0;
     }
 
     if (s->sid_ctx_length > sizeof(ss->sid_ctx)) {
-        SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GET_NEW_SESSION,
+                 ERR_R_INTERNAL_ERROR);
         SSL_SESSION_free(ss);
         return 0;
     }
@@ -542,95 +439,47 @@ int ssl_get_new_session(SSL *s, int session)
     ss->ssl_version = s->version;
     ss->verify_result = X509_V_OK;
 
-    return (1);
+    /* If client supports extended master secret set it in session */
+    if (s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS)
+        ss->flags |= SSL_SESS_FLAG_EXTMS;
+
+    return 1;
 }
 
-/*-
- * ssl_get_prev attempts to find an SSL_SESSION to be used to resume this
- * connection. It is only called by servers.
- *
- *   session_id: points at the session ID in the ClientHello. This code will
- *       read past the end of this in order to parse out the session ticket
- *       extension, if any.
- *   len: the length of the session ID.
- *   limit: a pointer to the first byte after the ClientHello.
- *
- * Returns:
- *   -1: error
- *    0: a session may have been found.
- *
- * Side effects:
- *   - If a session is found then s->session is pointed at it (after freeing an
- *     existing session if need be) and s->verify_result is set from the session.
- *   - Both for new and resumed sessions, s->tlsext_ticket_expected is set to 1
- *     if the server should issue a new session ticket (to 0 otherwise).
- */
-int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
-                         const unsigned char *limit)
+SSL_SESSION *lookup_sess_in_cache(SSL *s, const unsigned char *sess_id,
+                                  size_t sess_id_len)
 {
-    /* This is used only by servers. */
-
     SSL_SESSION *ret = NULL;
-    int fatal = 0;
-    int try_session_cache = 1;
-#ifndef OPENSSL_NO_TLSEXT
-    int r;
-#endif
 
-    if (limit - session_id < len) {
-        fatal = 1;
-        goto err;
-    }
+    if ((s->session_ctx->session_cache_mode
+         & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP) == 0) {
+        SSL_SESSION data;
 
-    if (len == 0)
-        try_session_cache = 0;
+        data.ssl_version = s->version;
+        if (!ossl_assert(sess_id_len <= SSL_MAX_SSL_SESSION_ID_LENGTH))
+            return NULL;
 
-#ifndef OPENSSL_NO_TLSEXT
-    /* sets s->tlsext_ticket_expected */
-    r = tls1_process_ticket(s, session_id, len, limit, &ret);
-    switch (r) {
-    case -1:                   /* Error during processing */
-        fatal = 1;
-        goto err;
-    case 0:                    /* No ticket found */
-    case 1:                    /* Zero length ticket found */
-        break;                  /* Ok to carry on processing session id. */
-    case 2:                    /* Ticket found but not decrypted. */
-    case 3:                    /* Ticket decrypted, *ret has been set. */
-        try_session_cache = 0;
-        break;
-    default:
-        abort();
-    }
-#endif
+        memcpy(data.session_id, sess_id, sess_id_len);
+        data.session_id_length = sess_id_len;
 
-    if (try_session_cache &&
-        ret == NULL &&
-        !(s->session_ctx->session_cache_mode &
-          SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) {
-        SSL_SESSION data;
-        data.ssl_version = s->version;
-        data.session_id_length = len;
-        if (len == 0)
-            return 0;
-        memcpy(data.session_id, session_id, len);
-        CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
+        CRYPTO_THREAD_read_lock(s->session_ctx->lock);
         ret = lh_SSL_SESSION_retrieve(s->session_ctx->sessions, &data);
         if (ret != NULL) {
             /* don't allow other threads to steal it: */
-            CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_SSL_SESSION);
+            SSL_SESSION_up_ref(ret);
         }
-        CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
+        CRYPTO_THREAD_unlock(s->session_ctx->lock);
         if (ret == NULL)
-            s->session_ctx->stats.sess_miss++;
+            tsan_counter(&s->session_ctx->stats.sess_miss);
     }
 
-    if (try_session_cache &&
-        ret == NULL && s->session_ctx->get_session_cb != NULL) {
+    if (ret == NULL && s->session_ctx->get_session_cb != NULL) {
         int copy = 1;
 
-        if ((ret = s->session_ctx->get_session_cb(s, session_id, len, &copy))) {
-            s->session_ctx->stats.sess_cb_hit++;
+        ret = s->session_ctx->get_session_cb(s, sess_id, sess_id_len, &copy);
+
+        if (ret != NULL) {
+            tsan_counter(&s->session_ctx->stats.sess_cb_hit);
 
             /*
              * Increment reference count now if the session callback asks us
@@ -640,20 +489,89 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
              * thread-safe).
              */
             if (copy)
-                CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_SSL_SESSION);
+                SSL_SESSION_up_ref(ret);
 
             /*
              * Add the externally cached session to the internal cache as
              * well if and only if we are supposed to.
              */
-            if (!
-                (s->session_ctx->session_cache_mode &
-                 SSL_SESS_CACHE_NO_INTERNAL_STORE))
+            if ((s->session_ctx->session_cache_mode &
+                 SSL_SESS_CACHE_NO_INTERNAL_STORE) == 0) {
                 /*
-                 * The following should not return 1, otherwise, things are
-                 * very strange
+                 * Either return value of SSL_CTX_add_session should not
+                 * interrupt the session resumption process. The return
+                 * value is intentionally ignored.
                  */
-                SSL_CTX_add_session(s->session_ctx, ret);
+                (void)SSL_CTX_add_session(s->session_ctx, ret);
+            }
+        }
+    }
+
+    return ret;
+}
+
+/*-
+ * ssl_get_prev attempts to find an SSL_SESSION to be used to resume this
+ * connection. It is only called by servers.
+ *
+ *   hello: The parsed ClientHello data
+ *
+ * Returns:
+ *   -1: fatal error
+ *    0: no session found
+ *    1: a session may have been found.
+ *
+ * Side effects:
+ *   - If a session is found then s->session is pointed at it (after freeing an
+ *     existing session if need be) and s->verify_result is set from the session.
+ *   - Both for new and resumed sessions, s->ext.ticket_expected is set to 1
+ *     if the server should issue a new session ticket (to 0 otherwise).
+ */
+int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello)
+{
+    /* This is used only by servers. */
+
+    SSL_SESSION *ret = NULL;
+    int fatal = 0;
+    int try_session_cache = 0;
+    SSL_TICKET_STATUS r;
+
+    if (SSL_IS_TLS13(s)) {
+        /*
+         * By default we will send a new ticket. This can be overridden in the
+         * ticket processing.
+         */
+        s->ext.ticket_expected = 1;
+        if (!tls_parse_extension(s, TLSEXT_IDX_psk_kex_modes,
+                                 SSL_EXT_CLIENT_HELLO, hello->pre_proc_exts,
+                                 NULL, 0)
+                || !tls_parse_extension(s, TLSEXT_IDX_psk, SSL_EXT_CLIENT_HELLO,
+                                        hello->pre_proc_exts, NULL, 0))
+            return -1;
+
+        ret = s->session;
+    } else {
+        /* sets s->ext.ticket_expected */
+        r = tls_get_ticket_from_client(s, hello, &ret);
+        switch (r) {
+        case SSL_TICKET_FATAL_ERR_MALLOC:
+        case SSL_TICKET_FATAL_ERR_OTHER:
+            fatal = 1;
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GET_PREV_SESSION,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        case SSL_TICKET_NONE:
+        case SSL_TICKET_EMPTY:
+            if (hello->session_id_len > 0) {
+                try_session_cache = 1;
+                ret = lookup_sess_in_cache(s, hello->session_id,
+                                           hello->session_id_len);
+            }
+            break;
+        case SSL_TICKET_NO_DECRYPT:
+        case SSL_TICKET_SUCCESS:
+        case SSL_TICKET_SUCCESS_RENEW:
+            break;
         }
     }
 
@@ -662,6 +580,10 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
 
     /* Now ret is non-NULL and we own one of its reference counts. */
 
+    /* Check TLS version consistency */
+    if (ret->ssl_version != s->version)
+        goto err;
+
     if (ret->sid_ctx_length != s->sid_ctx_length
         || memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) {
         /*
@@ -682,29 +604,14 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
          * noticing).
          */
 
-        SSLerr(SSL_F_SSL_GET_PREV_SESSION,
-               SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GET_PREV_SESSION,
+                 SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
         fatal = 1;
         goto err;
     }
 
-    if (ret->cipher == NULL) {
-        unsigned char buf[5], *p;
-        unsigned long l;
-
-        p = buf;
-        l = ret->cipher_id;
-        l2n(l, p);
-        if ((ret->ssl_version >> 8) >= SSL3_VERSION_MAJOR)
-            ret->cipher = ssl_get_cipher_by_char(s, &(buf[2]));
-        else
-            ret->cipher = ssl_get_cipher_by_char(s, &(buf[1]));
-        if (ret->cipher == NULL)
-            goto err;
-    }
-
     if (ret->timeout < (long)(time(NULL) - ret->time)) { /* timeout */
-        s->session_ctx->stats.sess_timeout++;
+        tsan_counter(&s->session_ctx->stats.sess_timeout);
         if (try_session_cache) {
             /* session was from the cache, so remove it */
             SSL_CTX_remove_session(s->session_ctx, ret);
@@ -712,31 +619,49 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
         goto err;
     }
 
-    s->session_ctx->stats.sess_hit++;
+    /* Check extended master secret extension consistency */
+    if (ret->flags & SSL_SESS_FLAG_EXTMS) {
+        /* If old session includes extms, but new does not: abort handshake */
+        if (!(s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS)) {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SSL_GET_PREV_SESSION,
+                     SSL_R_INCONSISTENT_EXTMS);
+            fatal = 1;
+            goto err;
+        }
+    } else if (s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) {
+        /* If new session includes extms, but old does not: do not resume */
+        goto err;
+    }
 
-    if (s->session != NULL)
+    if (!SSL_IS_TLS13(s)) {
+        /* We already did this for TLS1.3 */
         SSL_SESSION_free(s->session);
-    s->session = ret;
+        s->session = ret;
+    }
+
+    tsan_counter(&s->session_ctx->stats.sess_hit);
     s->verify_result = s->session->verify_result;
     return 1;
 
  err:
     if (ret != NULL) {
         SSL_SESSION_free(ret);
-#ifndef OPENSSL_NO_TLSEXT
+        /* In TLSv1.3 s->session was already set to ret, so we NULL it out */
+        if (SSL_IS_TLS13(s))
+            s->session = NULL;
+
         if (!try_session_cache) {
             /*
              * The session was from a ticket, so we should issue a ticket for
              * the new session
              */
-            s->tlsext_ticket_expected = 1;
+            s->ext.ticket_expected = 1;
         }
-#endif
     }
     if (fatal)
         return -1;
-    else
-        return 0;
+
+    return 0;
 }
 
 int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
@@ -749,12 +674,12 @@ int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
      * it has two ways of access: each session is in a doubly linked list and
      * an lhash
      */
-    CRYPTO_add(&c->references, 1, CRYPTO_LOCK_SSL_SESSION);
+    SSL_SESSION_up_ref(c);
     /*
      * if session c is in already in cache, we take back the increment later
      */
 
-    CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
+    CRYPTO_THREAD_write_lock(ctx->lock);
     s = lh_SSL_SESSION_insert(ctx->sessions, c);
 
     /*
@@ -804,17 +729,16 @@ int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
         ret = 1;
 
         if (SSL_CTX_sess_get_cache_size(ctx) > 0) {
-            while (SSL_CTX_sess_number(ctx) >
-                   SSL_CTX_sess_get_cache_size(ctx)) {
+            while (SSL_CTX_sess_number(ctx) > SSL_CTX_sess_get_cache_size(ctx)) {
                 if (!remove_session_lock(ctx, ctx->session_cache_tail, 0))
                     break;
                 else
-                    ctx->stats.sess_cache_full++;
+                    tsan_counter(&ctx->stats.sess_cache_full);
             }
         }
     }
-    CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
-    return (ret);
+    CRYPTO_THREAD_unlock(ctx->lock);
+    return ret;
 }
 
 int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c)
@@ -829,25 +753,25 @@ static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck)
 
     if ((c != NULL) && (c->session_id_length != 0)) {
         if (lck)
-            CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
-        if ((r = lh_SSL_SESSION_retrieve(ctx->sessions, c)) == c) {
+            CRYPTO_THREAD_write_lock(ctx->lock);
+        if ((r = lh_SSL_SESSION_retrieve(ctx->sessions, c)) != NULL) {
             ret = 1;
-            r = lh_SSL_SESSION_delete(ctx->sessions, c);
-            SSL_SESSION_list_remove(ctx, c);
+            r = lh_SSL_SESSION_delete(ctx->sessions, r);
+            SSL_SESSION_list_remove(ctx, r);
         }
+        c->not_resumable = 1;
 
         if (lck)
-            CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
+            CRYPTO_THREAD_unlock(ctx->lock);
+
+        if (ctx->remove_session_cb != NULL)
+            ctx->remove_session_cb(ctx, c);
 
-        if (ret) {
-            r->not_resumable = 1;
-            if (ctx->remove_session_cb != NULL)
-                ctx->remove_session_cb(ctx, r);
+        if (ret)
             SSL_SESSION_free(r);
-        }
     } else
         ret = 0;
-    return (ret);
+    return ret;
 }
 
 void SSL_SESSION_free(SSL_SESSION *ss)
@@ -856,144 +780,210 @@ void SSL_SESSION_free(SSL_SESSION *ss)
 
     if (ss == NULL)
         return;
-
-    i = CRYPTO_add(&ss->references, -1, CRYPTO_LOCK_SSL_SESSION);
-#ifdef REF_PRINT
-    REF_PRINT("SSL_SESSION", ss);
-#endif
+    CRYPTO_DOWN_REF(&ss->references, &i, ss->lock);
+    REF_PRINT_COUNT("SSL_SESSION", ss);
     if (i > 0)
         return;
-#ifdef REF_CHECK
-    if (i < 0) {
-        fprintf(stderr, "SSL_SESSION_free, bad reference count\n");
-        abort();                /* ok */
-    }
-#endif
+    REF_ASSERT_ISNT(i < 0);
 
     CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
 
-    OPENSSL_cleanse(ss->key_arg, sizeof(ss->key_arg));
     OPENSSL_cleanse(ss->master_key, sizeof(ss->master_key));
     OPENSSL_cleanse(ss->session_id, sizeof(ss->session_id));
-    if (ss->sess_cert != NULL)
-        ssl_sess_cert_free(ss->sess_cert);
-    if (ss->peer != NULL)
-        X509_free(ss->peer);
-    if (ss->ciphers != NULL)
-        sk_SSL_CIPHER_free(ss->ciphers);
-#ifndef OPENSSL_NO_TLSEXT
-    if (ss->tlsext_hostname != NULL)
-        OPENSSL_free(ss->tlsext_hostname);
-    if (ss->tlsext_tick != NULL)
-        OPENSSL_free(ss->tlsext_tick);
-# ifndef OPENSSL_NO_EC
-    ss->tlsext_ecpointformatlist_length = 0;
-    if (ss->tlsext_ecpointformatlist != NULL)
-        OPENSSL_free(ss->tlsext_ecpointformatlist);
-    ss->tlsext_ellipticcurvelist_length = 0;
-    if (ss->tlsext_ellipticcurvelist != NULL)
-        OPENSSL_free(ss->tlsext_ellipticcurvelist);
-# endif                         /* OPENSSL_NO_EC */
-#endif
+    X509_free(ss->peer);
+    sk_X509_pop_free(ss->peer_chain, X509_free);
+    sk_SSL_CIPHER_free(ss->ciphers);
+    OPENSSL_free(ss->ext.hostname);
+    OPENSSL_free(ss->ext.tick);
+#ifndef OPENSSL_NO_EC
+    OPENSSL_free(ss->ext.ecpointformats);
+    ss->ext.ecpointformats = NULL;
+    ss->ext.ecpointformats_len = 0;
+    OPENSSL_free(ss->ext.supportedgroups);
+    ss->ext.supportedgroups = NULL;
+    ss->ext.supportedgroups_len = 0;
+#endif                          /* OPENSSL_NO_EC */
 #ifndef OPENSSL_NO_PSK
-    if (ss->psk_identity_hint != NULL)
-        OPENSSL_free(ss->psk_identity_hint);
-    if (ss->psk_identity != NULL)
-        OPENSSL_free(ss->psk_identity);
+    OPENSSL_free(ss->psk_identity_hint);
+    OPENSSL_free(ss->psk_identity);
 #endif
 #ifndef OPENSSL_NO_SRP
-    if (ss->srp_username != NULL)
-        OPENSSL_free(ss->srp_username);
+    OPENSSL_free(ss->srp_username);
 #endif
-    OPENSSL_cleanse(ss, sizeof(*ss));
-    OPENSSL_free(ss);
+    OPENSSL_free(ss->ext.alpn_selected);
+    OPENSSL_free(ss->ticket_appdata);
+    CRYPTO_THREAD_lock_free(ss->lock);
+    OPENSSL_clear_free(ss, sizeof(*ss));
+}
+
+int SSL_SESSION_up_ref(SSL_SESSION *ss)
+{
+    int i;
+
+    if (CRYPTO_UP_REF(&ss->references, &i, ss->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("SSL_SESSION", ss);
+    REF_ASSERT_ISNT(i < 2);
+    return ((i > 1) ? 1 : 0);
 }
 
 int SSL_set_session(SSL *s, SSL_SESSION *session)
 {
-    int ret = 0;
-    const SSL_METHOD *meth;
+    ssl_clear_bad_session(s);
+    if (s->ctx->method != s->method) {
+        if (!SSL_set_ssl_method(s, s->ctx->method))
+            return 0;
+    }
 
     if (session != NULL) {
-        meth = s->ctx->method->get_ssl_method(session->ssl_version);
-        if (meth == NULL)
-            meth = s->method->get_ssl_method(session->ssl_version);
-        if (meth == NULL) {
-            SSLerr(SSL_F_SSL_SET_SESSION, SSL_R_UNABLE_TO_FIND_SSL_METHOD);
-            return (0);
-        }
+        SSL_SESSION_up_ref(session);
+        s->verify_result = session->verify_result;
+    }
+    SSL_SESSION_free(s->session);
+    s->session = session;
 
-        if (meth != s->method) {
-            if (!SSL_set_ssl_method(s, meth))
-                return (0);
-        }
-#ifndef OPENSSL_NO_KRB5
-        if (s->kssl_ctx && !s->kssl_ctx->client_princ &&
-            session->krb5_client_princ_len > 0) {
-            s->kssl_ctx->client_princ =
-                (char *)OPENSSL_malloc(session->krb5_client_princ_len + 1);
-            if (s->kssl_ctx->client_princ == NULL) {
-                SSLerr(SSL_F_SSL_SET_SESSION, ERR_R_MALLOC_FAILURE);
-                return 0;
-            }
-            memcpy(s->kssl_ctx->client_princ, session->krb5_client_princ,
-                   session->krb5_client_princ_len);
-            s->kssl_ctx->client_princ[session->krb5_client_princ_len] = '\0';
-        }
-#endif                          /* OPENSSL_NO_KRB5 */
-
-        /* CRYPTO_w_lock(CRYPTO_LOCK_SSL); */
-        CRYPTO_add(&session->references, 1, CRYPTO_LOCK_SSL_SESSION);
-        if (s->session != NULL)
-            SSL_SESSION_free(s->session);
-        s->session = session;
-        s->verify_result = s->session->verify_result;
-        /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL); */
-        ret = 1;
-    } else {
-        if (s->session != NULL) {
-            SSL_SESSION_free(s->session);
-            s->session = NULL;
-        }
+    return 1;
+}
 
-        meth = s->ctx->method;
-        if (meth != s->method) {
-            if (!SSL_set_ssl_method(s, meth))
-                return (0);
-        }
-        ret = 1;
+int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid,
+                        unsigned int sid_len)
+{
+    if (sid_len > SSL_MAX_SSL_SESSION_ID_LENGTH) {
+      SSLerr(SSL_F_SSL_SESSION_SET1_ID,
+             SSL_R_SSL_SESSION_ID_TOO_LONG);
+      return 0;
     }
-    return (ret);
+    s->session_id_length = sid_len;
+    if (sid != s->session_id)
+        memcpy(s->session_id, sid, sid_len);
+    return 1;
 }
 
 long SSL_SESSION_set_timeout(SSL_SESSION *s, long t)
 {
     if (s == NULL)
-        return (0);
+        return 0;
     s->timeout = t;
-    return (1);
+    return 1;
 }
 
 long SSL_SESSION_get_timeout(const SSL_SESSION *s)
 {
     if (s == NULL)
-        return (0);
-    return (s->timeout);
+        return 0;
+    return s->timeout;
 }
 
 long SSL_SESSION_get_time(const SSL_SESSION *s)
 {
     if (s == NULL)
-        return (0);
-    return (s->time);
+        return 0;
+    return s->time;
 }
 
 long SSL_SESSION_set_time(SSL_SESSION *s, long t)
 {
     if (s == NULL)
-        return (0);
+        return 0;
     s->time = t;
-    return (t);
+    return t;
+}
+
+int SSL_SESSION_get_protocol_version(const SSL_SESSION *s)
+{
+    return s->ssl_version;
+}
+
+int SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version)
+{
+    s->ssl_version = version;
+    return 1;
+}
+
+const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s)
+{
+    return s->cipher;
+}
+
+int SSL_SESSION_set_cipher(SSL_SESSION *s, const SSL_CIPHER *cipher)
+{
+    s->cipher = cipher;
+    return 1;
+}
+
+const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s)
+{
+    return s->ext.hostname;
+}
+
+int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname)
+{
+    OPENSSL_free(s->ext.hostname);
+    if (hostname == NULL) {
+        s->ext.hostname = NULL;
+        return 1;
+    }
+    s->ext.hostname = OPENSSL_strdup(hostname);
+
+    return s->ext.hostname != NULL;
+}
+
+int SSL_SESSION_has_ticket(const SSL_SESSION *s)
+{
+    return (s->ext.ticklen > 0) ? 1 : 0;
+}
+
+unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s)
+{
+    return s->ext.tick_lifetime_hint;
+}
+
+void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick,
+                             size_t *len)
+{
+    *len = s->ext.ticklen;
+    if (tick != NULL)
+        *tick = s->ext.tick;
+}
+
+uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *s)
+{
+    return s->ext.max_early_data;
+}
+
+int SSL_SESSION_set_max_early_data(SSL_SESSION *s, uint32_t max_early_data)
+{
+    s->ext.max_early_data = max_early_data;
+
+    return 1;
+}
+
+void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s,
+                                    const unsigned char **alpn,
+                                    size_t *len)
+{
+    *alpn = s->ext.alpn_selected;
+    *len = s->ext.alpn_selected_len;
+}
+
+int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, const unsigned char *alpn,
+                                   size_t len)
+{
+    OPENSSL_free(s->ext.alpn_selected);
+    if (alpn == NULL || len == 0) {
+        s->ext.alpn_selected = NULL;
+        s->ext.alpn_selected_len = 0;
+        return 1;
+    }
+    s->ext.alpn_selected = OPENSSL_memdup(alpn, len);
+    if (s->ext.alpn_selected == NULL) {
+        s->ext.alpn_selected_len = 0;
+        return 0;
+    }
+    s->ext.alpn_selected_len = len;
+
+    return 1;
 }
 
 X509 *SSL_SESSION_get0_peer(SSL_SESSION *s)
@@ -1010,80 +1000,79 @@ int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
         return 0;
     }
     s->sid_ctx_length = sid_ctx_len;
-    if (s->sid_ctx != sid_ctx)
+    if (sid_ctx != s->sid_ctx)
         memcpy(s->sid_ctx, sid_ctx, sid_ctx_len);
 
     return 1;
 }
 
+int SSL_SESSION_is_resumable(const SSL_SESSION *s)
+{
+    /*
+     * In the case of EAP-FAST, we can have a pre-shared "ticket" without a
+     * session ID.
+     */
+    return !s->not_resumable
+           && (s->session_id_length > 0 || s->ext.ticklen > 0);
+}
+
 long SSL_CTX_set_timeout(SSL_CTX *s, long t)
 {
     long l;
     if (s == NULL)
-        return (0);
+        return 0;
     l = s->session_timeout;
     s->session_timeout = t;
-    return (l);
+    return l;
 }
 
 long SSL_CTX_get_timeout(const SSL_CTX *s)
 {
     if (s == NULL)
-        return (0);
-    return (s->session_timeout);
+        return 0;
+    return s->session_timeout;
 }
 
-#ifndef OPENSSL_NO_TLSEXT
 int SSL_set_session_secret_cb(SSL *s,
-                              int (*tls_session_secret_cb) (SSL *s,
-                                                            void *secret,
-                                                            int *secret_len,
-                                                            STACK_OF(SSL_CIPHER)
-                                                            *peer_ciphers,
-                                                            SSL_CIPHER
-                                                            **cipher,
-                                                            void *arg),
+                              tls_session_secret_cb_fn tls_session_secret_cb,
                               void *arg)
 {
     if (s == NULL)
-        return (0);
-    s->tls_session_secret_cb = tls_session_secret_cb;
-    s->tls_session_secret_cb_arg = arg;
-    return (1);
+        return 0;
+    s->ext.session_secret_cb = tls_session_secret_cb;
+    s->ext.session_secret_cb_arg = arg;
+    return 1;
 }
 
 int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
                                   void *arg)
 {
     if (s == NULL)
-        return (0);
-    s->tls_session_ticket_ext_cb = cb;
-    s->tls_session_ticket_ext_cb_arg = arg;
-    return (1);
+        return 0;
+    s->ext.session_ticket_cb = cb;
+    s->ext.session_ticket_cb_arg = arg;
+    return 1;
 }
 
 int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len)
 {
     if (s->version >= TLS1_VERSION) {
-        if (s->tlsext_session_ticket) {
-            OPENSSL_free(s->tlsext_session_ticket);
-            s->tlsext_session_ticket = NULL;
-        }
-
-        s->tlsext_session_ticket =
+        OPENSSL_free(s->ext.session_ticket);
+        s->ext.session_ticket = NULL;
+        s->ext.session_ticket =
             OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len);
-        if (!s->tlsext_session_ticket) {
+        if (s->ext.session_ticket == NULL) {
             SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT, ERR_R_MALLOC_FAILURE);
             return 0;
         }
 
-        if (ext_data) {
-            s->tlsext_session_ticket->length = ext_len;
-            s->tlsext_session_ticket->data = s->tlsext_session_ticket + 1;
-            memcpy(s->tlsext_session_ticket->data, ext_data, ext_len);
+        if (ext_data != NULL) {
+            s->ext.session_ticket->length = ext_len;
+            s->ext.session_ticket->data = s->ext.session_ticket + 1;
+            memcpy(s->ext.session_ticket->data, ext_data, ext_len);
         } else {
-            s->tlsext_session_ticket->length = 0;
-            s->tlsext_session_ticket->data = NULL;
+            s->ext.session_ticket->length = 0;
+            s->ext.session_ticket->data = NULL;
         }
 
         return 1;
@@ -1091,7 +1080,6 @@ int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len)
 
     return 0;
 }
-#endif                          /* OPENSSL_NO_TLSEXT */
 
 typedef struct timeout_param_st {
     SSL_CTX *ctx;
@@ -1099,7 +1087,7 @@ typedef struct timeout_param_st {
     LHASH_OF(SSL_SESSION) *cache;
 } TIMEOUT_PARAM;
 
-static void timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p)
+static void timeout_cb(SSL_SESSION *s, TIMEOUT_PARAM *p)
 {
     if ((p->time == 0) || (p->time > (s->time + s->timeout))) { /* timeout */
         /*
@@ -1115,7 +1103,7 @@ static void timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p)
     }
 }
 
-static IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION, TIMEOUT_PARAM)
+IMPLEMENT_LHASH_DOALL_ARG(SSL_SESSION, TIMEOUT_PARAM);
 
 void SSL_CTX_flush_sessions(SSL_CTX *s, long t)
 {
@@ -1127,13 +1115,12 @@ void SSL_CTX_flush_sessions(SSL_CTX *s, long t)
     if (tp.cache == NULL)
         return;
     tp.time = t;
-    CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
-    i = CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load;
-    CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load = 0;
-    lh_SSL_SESSION_doall_arg(tp.cache, LHASH_DOALL_ARG_FN(timeout),
-                             TIMEOUT_PARAM, &tp);
-    CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load = i;
-    CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
+    CRYPTO_THREAD_write_lock(s->lock);
+    i = lh_SSL_SESSION_get_down_load(s->sessions);
+    lh_SSL_SESSION_set_down_load(s->sessions, 0);
+    lh_SSL_SESSION_doall_TIMEOUT_PARAM(tp.cache, timeout_cb, &tp);
+    lh_SSL_SESSION_set_down_load(s->sessions, i);
+    CRYPTO_THREAD_unlock(s->lock);
 }
 
 int ssl_clear_bad_session(SSL *s)
@@ -1142,9 +1129,9 @@ int ssl_clear_bad_session(SSL *s)
         !(s->shutdown & SSL_SENT_SHUTDOWN) &&
         !(SSL_in_init(s) || SSL_in_before(s))) {
         SSL_CTX_remove_session(s->session_ctx, s->session);
-        return (1);
+        return 1;
     } else
-        return (0);
+        return 0;
 }
 
 /* locked by SSL_CTX in the calling function */
@@ -1196,8 +1183,7 @@ static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s)
 }
 
 void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
-                             int (*cb) (struct ssl_st *ssl,
-                                        SSL_SESSION *sess))
+                             int (*cb) (struct ssl_st *ssl, SSL_SESSION *sess))
 {
     ctx->new_session_cb = cb;
 }
@@ -1219,15 +1205,16 @@ void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (SSL_CTX *ctx,
 
 void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
                              SSL_SESSION *(*cb) (struct ssl_st *ssl,
-                                                 unsigned char *data, int len,
-                                                 int *copy))
+                                                 const unsigned char *data,
+                                                 int len, int *copy))
 {
     ctx->get_session_cb = cb;
 }
 
 SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (SSL *ssl,
-                                                       unsigned char *data,
-                                                       int len, int *copy) {
+                                                       const unsigned char
+                                                       *data, int len,
+                                                       int *copy) {
     return ctx->get_session_cb;
 }
 
@@ -1281,11 +1268,52 @@ void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
 }
 
 void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
-                                  int (*cb) (SSL *ssl, unsigned char *cookie,
+                                  int (*cb) (SSL *ssl,
+                                             const unsigned char *cookie,
                                              unsigned int cookie_len))
 {
     ctx->app_verify_cookie_cb = cb;
 }
 
-IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION,
-                 SSL_SESSION)
+int SSL_SESSION_set1_ticket_appdata(SSL_SESSION *ss, const void *data, size_t len)
+{
+    OPENSSL_free(ss->ticket_appdata);
+    ss->ticket_appdata_len = 0;
+    if (data == NULL || len == 0) {
+        ss->ticket_appdata = NULL;
+        return 1;
+    }
+    ss->ticket_appdata = OPENSSL_memdup(data, len);
+    if (ss->ticket_appdata != NULL) {
+        ss->ticket_appdata_len = len;
+        return 1;
+    }
+    return 0;
+}
+
+int SSL_SESSION_get0_ticket_appdata(SSL_SESSION *ss, void **data, size_t *len)
+{
+    *data = ss->ticket_appdata;
+    *len = ss->ticket_appdata_len;
+    return 1;
+}
+
+void SSL_CTX_set_stateless_cookie_generate_cb(
+    SSL_CTX *ctx,
+    int (*cb) (SSL *ssl,
+               unsigned char *cookie,
+               size_t *cookie_len))
+{
+    ctx->gen_stateless_cookie_cb = cb;
+}
+
+void SSL_CTX_set_stateless_cookie_verify_cb(
+    SSL_CTX *ctx,
+    int (*cb) (SSL *ssl,
+               const unsigned char *cookie,
+               size_t cookie_len))
+{
+    ctx->verify_stateless_cookie_cb = cb;
+}
+
+IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION)
diff --git a/freebsd/crypto/openssl/ssl/ssl_stat.c b/freebsd/crypto/openssl/ssl/ssl_stat.c
index 29f7bf47..66d4361d 100644
--- a/freebsd/crypto/openssl/ssl/ssl_stat.c
+++ b/freebsd/crypto/openssl/ssl/ssl_stat.c
@@ -1,87 +1,13 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* ssl/ssl_stat.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright 2005 Nokia. All rights reserved.
  *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
@@ -89,992 +15,376 @@
 
 const char *SSL_state_string_long(const SSL *s)
 {
-    const char *str;
-
-    switch (s->state) {
-    case SSL_ST_BEFORE:
-        str = "before SSL initialization";
-        break;
-    case SSL_ST_ACCEPT:
-        str = "before accept initialization";
-        break;
-    case SSL_ST_CONNECT:
-        str = "before connect initialization";
-        break;
-    case SSL_ST_OK:
-        str = "SSL negotiation finished successfully";
-        break;
-    case SSL_ST_RENEGOTIATE:
-        str = "SSL renegotiate ciphers";
-        break;
-    case SSL_ST_BEFORE | SSL_ST_CONNECT:
-        str = "before/connect initialization";
-        break;
-    case SSL_ST_OK | SSL_ST_CONNECT:
-        str = "ok/connect SSL initialization";
-        break;
-    case SSL_ST_BEFORE | SSL_ST_ACCEPT:
-        str = "before/accept initialization";
-        break;
-    case SSL_ST_OK | SSL_ST_ACCEPT:
-        str = "ok/accept SSL initialization";
-        break;
-    case SSL_ST_ERR:
-        str = "error";
-        break;
-#ifndef OPENSSL_NO_SSL2
-    case SSL2_ST_CLIENT_START_ENCRYPTION:
-        str = "SSLv2 client start encryption";
-        break;
-    case SSL2_ST_SERVER_START_ENCRYPTION:
-        str = "SSLv2 server start encryption";
-        break;
-    case SSL2_ST_SEND_CLIENT_HELLO_A:
-        str = "SSLv2 write client hello A";
-        break;
-    case SSL2_ST_SEND_CLIENT_HELLO_B:
-        str = "SSLv2 write client hello B";
-        break;
-    case SSL2_ST_GET_SERVER_HELLO_A:
-        str = "SSLv2 read server hello A";
-        break;
-    case SSL2_ST_GET_SERVER_HELLO_B:
-        str = "SSLv2 read server hello B";
-        break;
-    case SSL2_ST_SEND_CLIENT_MASTER_KEY_A:
-        str = "SSLv2 write client master key A";
-        break;
-    case SSL2_ST_SEND_CLIENT_MASTER_KEY_B:
-        str = "SSLv2 write client master key B";
-        break;
-    case SSL2_ST_SEND_CLIENT_FINISHED_A:
-        str = "SSLv2 write client finished A";
-        break;
-    case SSL2_ST_SEND_CLIENT_FINISHED_B:
-        str = "SSLv2 write client finished B";
-        break;
-    case SSL2_ST_SEND_CLIENT_CERTIFICATE_A:
-        str = "SSLv2 write client certificate A";
-        break;
-    case SSL2_ST_SEND_CLIENT_CERTIFICATE_B:
-        str = "SSLv2 write client certificate B";
-        break;
-    case SSL2_ST_SEND_CLIENT_CERTIFICATE_C:
-        str = "SSLv2 write client certificate C";
-        break;
-    case SSL2_ST_SEND_CLIENT_CERTIFICATE_D:
-        str = "SSLv2 write client certificate D";
-        break;
-    case SSL2_ST_GET_SERVER_VERIFY_A:
-        str = "SSLv2 read server verify A";
-        break;
-    case SSL2_ST_GET_SERVER_VERIFY_B:
-        str = "SSLv2 read server verify B";
-        break;
-    case SSL2_ST_GET_SERVER_FINISHED_A:
-        str = "SSLv2 read server finished A";
-        break;
-    case SSL2_ST_GET_SERVER_FINISHED_B:
-        str = "SSLv2 read server finished B";
-        break;
-    case SSL2_ST_GET_CLIENT_HELLO_A:
-        str = "SSLv2 read client hello A";
-        break;
-    case SSL2_ST_GET_CLIENT_HELLO_B:
-        str = "SSLv2 read client hello B";
-        break;
-    case SSL2_ST_GET_CLIENT_HELLO_C:
-        str = "SSLv2 read client hello C";
-        break;
-    case SSL2_ST_SEND_SERVER_HELLO_A:
-        str = "SSLv2 write server hello A";
-        break;
-    case SSL2_ST_SEND_SERVER_HELLO_B:
-        str = "SSLv2 write server hello B";
-        break;
-    case SSL2_ST_GET_CLIENT_MASTER_KEY_A:
-        str = "SSLv2 read client master key A";
-        break;
-    case SSL2_ST_GET_CLIENT_MASTER_KEY_B:
-        str = "SSLv2 read client master key B";
-        break;
-    case SSL2_ST_SEND_SERVER_VERIFY_A:
-        str = "SSLv2 write server verify A";
-        break;
-    case SSL2_ST_SEND_SERVER_VERIFY_B:
-        str = "SSLv2 write server verify B";
-        break;
-    case SSL2_ST_SEND_SERVER_VERIFY_C:
-        str = "SSLv2 write server verify C";
-        break;
-    case SSL2_ST_GET_CLIENT_FINISHED_A:
-        str = "SSLv2 read client finished A";
-        break;
-    case SSL2_ST_GET_CLIENT_FINISHED_B:
-        str = "SSLv2 read client finished B";
-        break;
-    case SSL2_ST_SEND_SERVER_FINISHED_A:
-        str = "SSLv2 write server finished A";
-        break;
-    case SSL2_ST_SEND_SERVER_FINISHED_B:
-        str = "SSLv2 write server finished B";
-        break;
-    case SSL2_ST_SEND_REQUEST_CERTIFICATE_A:
-        str = "SSLv2 write request certificate A";
-        break;
-    case SSL2_ST_SEND_REQUEST_CERTIFICATE_B:
-        str = "SSLv2 write request certificate B";
-        break;
-    case SSL2_ST_SEND_REQUEST_CERTIFICATE_C:
-        str = "SSLv2 write request certificate C";
-        break;
-    case SSL2_ST_SEND_REQUEST_CERTIFICATE_D:
-        str = "SSLv2 write request certificate D";
-        break;
-    case SSL2_ST_X509_GET_SERVER_CERTIFICATE:
-        str = "SSLv2 X509 read server certificate";
-        break;
-    case SSL2_ST_X509_GET_CLIENT_CERTIFICATE:
-        str = "SSLv2 X509 read client certificate";
-        break;
-#endif
-
-#ifndef OPENSSL_NO_SSL3
-/* SSLv3 additions */
-    case SSL3_ST_CW_CLNT_HELLO_A:
-        str = "SSLv3 write client hello A";
-        break;
-    case SSL3_ST_CW_CLNT_HELLO_B:
-        str = "SSLv3 write client hello B";
-        break;
-    case SSL3_ST_CR_SRVR_HELLO_A:
-        str = "SSLv3 read server hello A";
-        break;
-    case SSL3_ST_CR_SRVR_HELLO_B:
-        str = "SSLv3 read server hello B";
-        break;
-    case SSL3_ST_CR_CERT_A:
-        str = "SSLv3 read server certificate A";
-        break;
-    case SSL3_ST_CR_CERT_B:
-        str = "SSLv3 read server certificate B";
-        break;
-    case SSL3_ST_CR_KEY_EXCH_A:
-        str = "SSLv3 read server key exchange A";
-        break;
-    case SSL3_ST_CR_KEY_EXCH_B:
-        str = "SSLv3 read server key exchange B";
-        break;
-    case SSL3_ST_CR_CERT_REQ_A:
-        str = "SSLv3 read server certificate request A";
-        break;
-    case SSL3_ST_CR_CERT_REQ_B:
-        str = "SSLv3 read server certificate request B";
-        break;
-    case SSL3_ST_CR_SESSION_TICKET_A:
-        str = "SSLv3 read server session ticket A";
-        break;
-    case SSL3_ST_CR_SESSION_TICKET_B:
-        str = "SSLv3 read server session ticket B";
-        break;
-    case SSL3_ST_CR_SRVR_DONE_A:
-        str = "SSLv3 read server done A";
-        break;
-    case SSL3_ST_CR_SRVR_DONE_B:
-        str = "SSLv3 read server done B";
-        break;
-    case SSL3_ST_CW_CERT_A:
-        str = "SSLv3 write client certificate A";
-        break;
-    case SSL3_ST_CW_CERT_B:
-        str = "SSLv3 write client certificate B";
-        break;
-    case SSL3_ST_CW_CERT_C:
-        str = "SSLv3 write client certificate C";
-        break;
-    case SSL3_ST_CW_CERT_D:
-        str = "SSLv3 write client certificate D";
-        break;
-    case SSL3_ST_CW_KEY_EXCH_A:
-        str = "SSLv3 write client key exchange A";
-        break;
-    case SSL3_ST_CW_KEY_EXCH_B:
-        str = "SSLv3 write client key exchange B";
-        break;
-    case SSL3_ST_CW_CERT_VRFY_A:
-        str = "SSLv3 write certificate verify A";
-        break;
-    case SSL3_ST_CW_CERT_VRFY_B:
-        str = "SSLv3 write certificate verify B";
-        break;
-
-    case SSL3_ST_CW_CHANGE_A:
-    case SSL3_ST_SW_CHANGE_A:
-        str = "SSLv3 write change cipher spec A";
-        break;
-    case SSL3_ST_CW_CHANGE_B:
-    case SSL3_ST_SW_CHANGE_B:
-        str = "SSLv3 write change cipher spec B";
-        break;
-    case SSL3_ST_CW_FINISHED_A:
-    case SSL3_ST_SW_FINISHED_A:
-        str = "SSLv3 write finished A";
-        break;
-    case SSL3_ST_CW_FINISHED_B:
-    case SSL3_ST_SW_FINISHED_B:
-        str = "SSLv3 write finished B";
-        break;
-    case SSL3_ST_CR_CHANGE_A:
-    case SSL3_ST_SR_CHANGE_A:
-        str = "SSLv3 read change cipher spec A";
-        break;
-    case SSL3_ST_CR_CHANGE_B:
-    case SSL3_ST_SR_CHANGE_B:
-        str = "SSLv3 read change cipher spec B";
-        break;
-    case SSL3_ST_CR_FINISHED_A:
-    case SSL3_ST_SR_FINISHED_A:
-        str = "SSLv3 read finished A";
-        break;
-    case SSL3_ST_CR_FINISHED_B:
-    case SSL3_ST_SR_FINISHED_B:
-        str = "SSLv3 read finished B";
-        break;
-
-    case SSL3_ST_CW_FLUSH:
-    case SSL3_ST_SW_FLUSH:
-        str = "SSLv3 flush data";
-        break;
-
-    case SSL3_ST_SR_CLNT_HELLO_A:
-        str = "SSLv3 read client hello A";
-        break;
-    case SSL3_ST_SR_CLNT_HELLO_B:
-        str = "SSLv3 read client hello B";
-        break;
-    case SSL3_ST_SR_CLNT_HELLO_C:
-        str = "SSLv3 read client hello C";
-        break;
-    case SSL3_ST_SW_HELLO_REQ_A:
-        str = "SSLv3 write hello request A";
-        break;
-    case SSL3_ST_SW_HELLO_REQ_B:
-        str = "SSLv3 write hello request B";
-        break;
-    case SSL3_ST_SW_HELLO_REQ_C:
-        str = "SSLv3 write hello request C";
-        break;
-    case SSL3_ST_SW_SRVR_HELLO_A:
-        str = "SSLv3 write server hello A";
-        break;
-    case SSL3_ST_SW_SRVR_HELLO_B:
-        str = "SSLv3 write server hello B";
-        break;
-    case SSL3_ST_SW_CERT_A:
-        str = "SSLv3 write certificate A";
-        break;
-    case SSL3_ST_SW_CERT_B:
-        str = "SSLv3 write certificate B";
-        break;
-    case SSL3_ST_SW_KEY_EXCH_A:
-        str = "SSLv3 write key exchange A";
-        break;
-    case SSL3_ST_SW_KEY_EXCH_B:
-        str = "SSLv3 write key exchange B";
-        break;
-    case SSL3_ST_SW_CERT_REQ_A:
-        str = "SSLv3 write certificate request A";
-        break;
-    case SSL3_ST_SW_CERT_REQ_B:
-        str = "SSLv3 write certificate request B";
-        break;
-    case SSL3_ST_SW_SESSION_TICKET_A:
-        str = "SSLv3 write session ticket A";
-        break;
-    case SSL3_ST_SW_SESSION_TICKET_B:
-        str = "SSLv3 write session ticket B";
-        break;
-    case SSL3_ST_SW_SRVR_DONE_A:
-        str = "SSLv3 write server done A";
-        break;
-    case SSL3_ST_SW_SRVR_DONE_B:
-        str = "SSLv3 write server done B";
-        break;
-    case SSL3_ST_SR_CERT_A:
-        str = "SSLv3 read client certificate A";
-        break;
-    case SSL3_ST_SR_CERT_B:
-        str = "SSLv3 read client certificate B";
-        break;
-    case SSL3_ST_SR_KEY_EXCH_A:
-        str = "SSLv3 read client key exchange A";
-        break;
-    case SSL3_ST_SR_KEY_EXCH_B:
-        str = "SSLv3 read client key exchange B";
-        break;
-    case SSL3_ST_SR_CERT_VRFY_A:
-        str = "SSLv3 read certificate verify A";
-        break;
-    case SSL3_ST_SR_CERT_VRFY_B:
-        str = "SSLv3 read certificate verify B";
-        break;
-#endif
-
-/* SSLv2/v3 compatibility states */
-/* client */
-    case SSL23_ST_CW_CLNT_HELLO_A:
-        str = "SSLv2/v3 write client hello A";
-        break;
-    case SSL23_ST_CW_CLNT_HELLO_B:
-        str = "SSLv2/v3 write client hello B";
-        break;
-    case SSL23_ST_CR_SRVR_HELLO_A:
-        str = "SSLv2/v3 read server hello A";
-        break;
-    case SSL23_ST_CR_SRVR_HELLO_B:
-        str = "SSLv2/v3 read server hello B";
-        break;
-/* server */
-    case SSL23_ST_SR_CLNT_HELLO_A:
-        str = "SSLv2/v3 read client hello A";
-        break;
-    case SSL23_ST_SR_CLNT_HELLO_B:
-        str = "SSLv2/v3 read client hello B";
-        break;
-
-/* DTLS */
-    case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
-        str = "DTLS1 read hello verify request A";
-        break;
-    case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B:
-        str = "DTLS1 read hello verify request B";
-        break;
-    case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
-        str = "DTLS1 write hello verify request A";
-        break;
-    case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
-        str = "DTLS1 write hello verify request B";
-        break;
-
-    default:
-        str = "unknown state";
-        break;
-    }
-    return (str);
-}
-
-const char *SSL_rstate_string_long(const SSL *s)
-{
-    const char *str;
+    if (ossl_statem_in_error(s))
+        return "error";
 
-    switch (s->rstate) {
-    case SSL_ST_READ_HEADER:
-        str = "read header";
-        break;
-    case SSL_ST_READ_BODY:
-        str = "read body";
-        break;
-    case SSL_ST_READ_DONE:
-        str = "read done";
-        break;
+    switch (SSL_get_state(s)) {
+    case TLS_ST_CR_CERT_STATUS:
+        return "SSLv3/TLS read certificate status";
+    case TLS_ST_CW_NEXT_PROTO:
+        return "SSLv3/TLS write next proto";
+    case TLS_ST_SR_NEXT_PROTO:
+        return "SSLv3/TLS read next proto";
+    case TLS_ST_SW_CERT_STATUS:
+        return "SSLv3/TLS write certificate status";
+    case TLS_ST_BEFORE:
+        return "before SSL initialization";
+    case TLS_ST_OK:
+        return "SSL negotiation finished successfully";
+    case TLS_ST_CW_CLNT_HELLO:
+        return "SSLv3/TLS write client hello";
+    case TLS_ST_CR_SRVR_HELLO:
+        return "SSLv3/TLS read server hello";
+    case TLS_ST_CR_CERT:
+        return "SSLv3/TLS read server certificate";
+    case TLS_ST_CR_KEY_EXCH:
+        return "SSLv3/TLS read server key exchange";
+    case TLS_ST_CR_CERT_REQ:
+        return "SSLv3/TLS read server certificate request";
+    case TLS_ST_CR_SESSION_TICKET:
+        return "SSLv3/TLS read server session ticket";
+    case TLS_ST_CR_SRVR_DONE:
+        return "SSLv3/TLS read server done";
+    case TLS_ST_CW_CERT:
+        return "SSLv3/TLS write client certificate";
+    case TLS_ST_CW_KEY_EXCH:
+        return "SSLv3/TLS write client key exchange";
+    case TLS_ST_CW_CERT_VRFY:
+        return "SSLv3/TLS write certificate verify";
+    case TLS_ST_CW_CHANGE:
+    case TLS_ST_SW_CHANGE:
+        return "SSLv3/TLS write change cipher spec";
+    case TLS_ST_CW_FINISHED:
+    case TLS_ST_SW_FINISHED:
+        return "SSLv3/TLS write finished";
+    case TLS_ST_CR_CHANGE:
+    case TLS_ST_SR_CHANGE:
+        return "SSLv3/TLS read change cipher spec";
+    case TLS_ST_CR_FINISHED:
+    case TLS_ST_SR_FINISHED:
+        return "SSLv3/TLS read finished";
+    case TLS_ST_SR_CLNT_HELLO:
+        return "SSLv3/TLS read client hello";
+    case TLS_ST_SW_HELLO_REQ:
+        return "SSLv3/TLS write hello request";
+    case TLS_ST_SW_SRVR_HELLO:
+        return "SSLv3/TLS write server hello";
+    case TLS_ST_SW_CERT:
+        return "SSLv3/TLS write certificate";
+    case TLS_ST_SW_KEY_EXCH:
+        return "SSLv3/TLS write key exchange";
+    case TLS_ST_SW_CERT_REQ:
+        return "SSLv3/TLS write certificate request";
+    case TLS_ST_SW_SESSION_TICKET:
+        return "SSLv3/TLS write session ticket";
+    case TLS_ST_SW_SRVR_DONE:
+        return "SSLv3/TLS write server done";
+    case TLS_ST_SR_CERT:
+        return "SSLv3/TLS read client certificate";
+    case TLS_ST_SR_KEY_EXCH:
+        return "SSLv3/TLS read client key exchange";
+    case TLS_ST_SR_CERT_VRFY:
+        return "SSLv3/TLS read certificate verify";
+    case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
+        return "DTLS1 read hello verify request";
+    case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
+        return "DTLS1 write hello verify request";
+    case TLS_ST_SW_ENCRYPTED_EXTENSIONS:
+        return "TLSv1.3 write encrypted extensions";
+    case TLS_ST_CR_ENCRYPTED_EXTENSIONS:
+        return "TLSv1.3 read encrypted extensions";
+    case TLS_ST_CR_CERT_VRFY:
+        return "TLSv1.3 read server certificate verify";
+    case TLS_ST_SW_CERT_VRFY:
+        return "TLSv1.3 write server certificate verify";
+    case TLS_ST_CR_HELLO_REQ:
+        return "SSLv3/TLS read hello request";
+    case TLS_ST_SW_KEY_UPDATE:
+        return "TLSv1.3 write server key update";
+    case TLS_ST_CW_KEY_UPDATE:
+        return "TLSv1.3 write client key update";
+    case TLS_ST_SR_KEY_UPDATE:
+        return "TLSv1.3 read client key update";
+    case TLS_ST_CR_KEY_UPDATE:
+        return "TLSv1.3 read server key update";
+    case TLS_ST_EARLY_DATA:
+        return "TLSv1.3 early data";
+    case TLS_ST_PENDING_EARLY_DATA_END:
+        return "TLSv1.3 pending early data end";
+    case TLS_ST_CW_END_OF_EARLY_DATA:
+        return "TLSv1.3 write end of early data";
+    case TLS_ST_SR_END_OF_EARLY_DATA:
+        return "TLSv1.3 read end of early data";
     default:
-        str = "unknown";
-        break;
+        return "unknown state";
     }
-    return (str);
 }
 
 const char *SSL_state_string(const SSL *s)
 {
-    const char *str;
-
-    switch (s->state) {
-    case SSL_ST_BEFORE:
-        str = "PINIT ";
-        break;
-    case SSL_ST_ACCEPT:
-        str = "AINIT ";
-        break;
-    case SSL_ST_CONNECT:
-        str = "CINIT ";
-        break;
-    case SSL_ST_OK:
-        str = "SSLOK ";
-        break;
-    case SSL_ST_ERR:
-        str = "SSLERR";
-        break;
-#ifndef OPENSSL_NO_SSL2
-    case SSL2_ST_CLIENT_START_ENCRYPTION:
-        str = "2CSENC";
-        break;
-    case SSL2_ST_SERVER_START_ENCRYPTION:
-        str = "2SSENC";
-        break;
-    case SSL2_ST_SEND_CLIENT_HELLO_A:
-        str = "2SCH_A";
-        break;
-    case SSL2_ST_SEND_CLIENT_HELLO_B:
-        str = "2SCH_B";
-        break;
-    case SSL2_ST_GET_SERVER_HELLO_A:
-        str = "2GSH_A";
-        break;
-    case SSL2_ST_GET_SERVER_HELLO_B:
-        str = "2GSH_B";
-        break;
-    case SSL2_ST_SEND_CLIENT_MASTER_KEY_A:
-        str = "2SCMKA";
-        break;
-    case SSL2_ST_SEND_CLIENT_MASTER_KEY_B:
-        str = "2SCMKB";
-        break;
-    case SSL2_ST_SEND_CLIENT_FINISHED_A:
-        str = "2SCF_A";
-        break;
-    case SSL2_ST_SEND_CLIENT_FINISHED_B:
-        str = "2SCF_B";
-        break;
-    case SSL2_ST_SEND_CLIENT_CERTIFICATE_A:
-        str = "2SCC_A";
-        break;
-    case SSL2_ST_SEND_CLIENT_CERTIFICATE_B:
-        str = "2SCC_B";
-        break;
-    case SSL2_ST_SEND_CLIENT_CERTIFICATE_C:
-        str = "2SCC_C";
-        break;
-    case SSL2_ST_SEND_CLIENT_CERTIFICATE_D:
-        str = "2SCC_D";
-        break;
-    case SSL2_ST_GET_SERVER_VERIFY_A:
-        str = "2GSV_A";
-        break;
-    case SSL2_ST_GET_SERVER_VERIFY_B:
-        str = "2GSV_B";
-        break;
-    case SSL2_ST_GET_SERVER_FINISHED_A:
-        str = "2GSF_A";
-        break;
-    case SSL2_ST_GET_SERVER_FINISHED_B:
-        str = "2GSF_B";
-        break;
-    case SSL2_ST_GET_CLIENT_HELLO_A:
-        str = "2GCH_A";
-        break;
-    case SSL2_ST_GET_CLIENT_HELLO_B:
-        str = "2GCH_B";
-        break;
-    case SSL2_ST_GET_CLIENT_HELLO_C:
-        str = "2GCH_C";
-        break;
-    case SSL2_ST_SEND_SERVER_HELLO_A:
-        str = "2SSH_A";
-        break;
-    case SSL2_ST_SEND_SERVER_HELLO_B:
-        str = "2SSH_B";
-        break;
-    case SSL2_ST_GET_CLIENT_MASTER_KEY_A:
-        str = "2GCMKA";
-        break;
-    case SSL2_ST_GET_CLIENT_MASTER_KEY_B:
-        str = "2GCMKA";
-        break;
-    case SSL2_ST_SEND_SERVER_VERIFY_A:
-        str = "2SSV_A";
-        break;
-    case SSL2_ST_SEND_SERVER_VERIFY_B:
-        str = "2SSV_B";
-        break;
-    case SSL2_ST_SEND_SERVER_VERIFY_C:
-        str = "2SSV_C";
-        break;
-    case SSL2_ST_GET_CLIENT_FINISHED_A:
-        str = "2GCF_A";
-        break;
-    case SSL2_ST_GET_CLIENT_FINISHED_B:
-        str = "2GCF_B";
-        break;
-    case SSL2_ST_SEND_SERVER_FINISHED_A:
-        str = "2SSF_A";
-        break;
-    case SSL2_ST_SEND_SERVER_FINISHED_B:
-        str = "2SSF_B";
-        break;
-    case SSL2_ST_SEND_REQUEST_CERTIFICATE_A:
-        str = "2SRC_A";
-        break;
-    case SSL2_ST_SEND_REQUEST_CERTIFICATE_B:
-        str = "2SRC_B";
-        break;
-    case SSL2_ST_SEND_REQUEST_CERTIFICATE_C:
-        str = "2SRC_C";
-        break;
-    case SSL2_ST_SEND_REQUEST_CERTIFICATE_D:
-        str = "2SRC_D";
-        break;
-    case SSL2_ST_X509_GET_SERVER_CERTIFICATE:
-        str = "2X9GSC";
-        break;
-    case SSL2_ST_X509_GET_CLIENT_CERTIFICATE:
-        str = "2X9GCC";
-        break;
-#endif
-
-#ifndef OPENSSL_NO_SSL3
-/* SSLv3 additions */
-    case SSL3_ST_SW_FLUSH:
-    case SSL3_ST_CW_FLUSH:
-        str = "3FLUSH";
-        break;
-    case SSL3_ST_CW_CLNT_HELLO_A:
-        str = "3WCH_A";
-        break;
-    case SSL3_ST_CW_CLNT_HELLO_B:
-        str = "3WCH_B";
-        break;
-    case SSL3_ST_CR_SRVR_HELLO_A:
-        str = "3RSH_A";
-        break;
-    case SSL3_ST_CR_SRVR_HELLO_B:
-        str = "3RSH_B";
-        break;
-    case SSL3_ST_CR_CERT_A:
-        str = "3RSC_A";
-        break;
-    case SSL3_ST_CR_CERT_B:
-        str = "3RSC_B";
-        break;
-    case SSL3_ST_CR_KEY_EXCH_A:
-        str = "3RSKEA";
-        break;
-    case SSL3_ST_CR_KEY_EXCH_B:
-        str = "3RSKEB";
-        break;
-    case SSL3_ST_CR_CERT_REQ_A:
-        str = "3RCR_A";
-        break;
-    case SSL3_ST_CR_CERT_REQ_B:
-        str = "3RCR_B";
-        break;
-    case SSL3_ST_CR_SRVR_DONE_A:
-        str = "3RSD_A";
-        break;
-    case SSL3_ST_CR_SRVR_DONE_B:
-        str = "3RSD_B";
-        break;
-    case SSL3_ST_CW_CERT_A:
-        str = "3WCC_A";
-        break;
-    case SSL3_ST_CW_CERT_B:
-        str = "3WCC_B";
-        break;
-    case SSL3_ST_CW_CERT_C:
-        str = "3WCC_C";
-        break;
-    case SSL3_ST_CW_CERT_D:
-        str = "3WCC_D";
-        break;
-    case SSL3_ST_CW_KEY_EXCH_A:
-        str = "3WCKEA";
-        break;
-    case SSL3_ST_CW_KEY_EXCH_B:
-        str = "3WCKEB";
-        break;
-    case SSL3_ST_CW_CERT_VRFY_A:
-        str = "3WCV_A";
-        break;
-    case SSL3_ST_CW_CERT_VRFY_B:
-        str = "3WCV_B";
-        break;
-
-    case SSL3_ST_SW_CHANGE_A:
-    case SSL3_ST_CW_CHANGE_A:
-        str = "3WCCSA";
-        break;
-    case SSL3_ST_SW_CHANGE_B:
-    case SSL3_ST_CW_CHANGE_B:
-        str = "3WCCSB";
-        break;
-    case SSL3_ST_SW_FINISHED_A:
-    case SSL3_ST_CW_FINISHED_A:
-        str = "3WFINA";
-        break;
-    case SSL3_ST_SW_FINISHED_B:
-    case SSL3_ST_CW_FINISHED_B:
-        str = "3WFINB";
-        break;
-    case SSL3_ST_SR_CHANGE_A:
-    case SSL3_ST_CR_CHANGE_A:
-        str = "3RCCSA";
-        break;
-    case SSL3_ST_SR_CHANGE_B:
-    case SSL3_ST_CR_CHANGE_B:
-        str = "3RCCSB";
-        break;
-    case SSL3_ST_SR_FINISHED_A:
-    case SSL3_ST_CR_FINISHED_A:
-        str = "3RFINA";
-        break;
-    case SSL3_ST_SR_FINISHED_B:
-    case SSL3_ST_CR_FINISHED_B:
-        str = "3RFINB";
-        break;
-
-    case SSL3_ST_SW_HELLO_REQ_A:
-        str = "3WHR_A";
-        break;
-    case SSL3_ST_SW_HELLO_REQ_B:
-        str = "3WHR_B";
-        break;
-    case SSL3_ST_SW_HELLO_REQ_C:
-        str = "3WHR_C";
-        break;
-    case SSL3_ST_SR_CLNT_HELLO_A:
-        str = "3RCH_A";
-        break;
-    case SSL3_ST_SR_CLNT_HELLO_B:
-        str = "3RCH_B";
-        break;
-    case SSL3_ST_SR_CLNT_HELLO_C:
-        str = "3RCH_C";
-        break;
-    case SSL3_ST_SW_SRVR_HELLO_A:
-        str = "3WSH_A";
-        break;
-    case SSL3_ST_SW_SRVR_HELLO_B:
-        str = "3WSH_B";
-        break;
-    case SSL3_ST_SW_CERT_A:
-        str = "3WSC_A";
-        break;
-    case SSL3_ST_SW_CERT_B:
-        str = "3WSC_B";
-        break;
-    case SSL3_ST_SW_KEY_EXCH_A:
-        str = "3WSKEA";
-        break;
-    case SSL3_ST_SW_KEY_EXCH_B:
-        str = "3WSKEB";
-        break;
-    case SSL3_ST_SW_CERT_REQ_A:
-        str = "3WCR_A";
-        break;
-    case SSL3_ST_SW_CERT_REQ_B:
-        str = "3WCR_B";
-        break;
-    case SSL3_ST_SW_SRVR_DONE_A:
-        str = "3WSD_A";
-        break;
-    case SSL3_ST_SW_SRVR_DONE_B:
-        str = "3WSD_B";
-        break;
-    case SSL3_ST_SR_CERT_A:
-        str = "3RCC_A";
-        break;
-    case SSL3_ST_SR_CERT_B:
-        str = "3RCC_B";
-        break;
-    case SSL3_ST_SR_KEY_EXCH_A:
-        str = "3RCKEA";
-        break;
-    case SSL3_ST_SR_KEY_EXCH_B:
-        str = "3RCKEB";
-        break;
-    case SSL3_ST_SR_CERT_VRFY_A:
-        str = "3RCV_A";
-        break;
-    case SSL3_ST_SR_CERT_VRFY_B:
-        str = "3RCV_B";
-        break;
-#endif
-
-/* SSLv2/v3 compatibility states */
-/* client */
-    case SSL23_ST_CW_CLNT_HELLO_A:
-        str = "23WCHA";
-        break;
-    case SSL23_ST_CW_CLNT_HELLO_B:
-        str = "23WCHB";
-        break;
-    case SSL23_ST_CR_SRVR_HELLO_A:
-        str = "23RSHA";
-        break;
-    case SSL23_ST_CR_SRVR_HELLO_B:
-        str = "23RSHA";
-        break;
-/* server */
-    case SSL23_ST_SR_CLNT_HELLO_A:
-        str = "23RCHA";
-        break;
-    case SSL23_ST_SR_CLNT_HELLO_B:
-        str = "23RCHB";
-        break;
-
-/* DTLS */
-    case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
-        str = "DRCHVA";
-        break;
-    case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B:
-        str = "DRCHVB";
-        break;
-    case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
-        str = "DWCHVA";
-        break;
-    case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
-        str = "DWCHVB";
-        break;
+    if (ossl_statem_in_error(s))
+        return "SSLERR";
 
+    switch (SSL_get_state(s)) {
+    case TLS_ST_SR_NEXT_PROTO:
+        return "TRNP";
+    case TLS_ST_SW_SESSION_TICKET:
+        return "TWST";
+    case TLS_ST_SW_CERT_STATUS:
+        return "TWCS";
+    case TLS_ST_CR_CERT_STATUS:
+        return "TRCS";
+    case TLS_ST_CR_SESSION_TICKET:
+        return "TRST";
+    case TLS_ST_CW_NEXT_PROTO:
+        return "TWNP";
+    case TLS_ST_BEFORE:
+        return "PINIT ";
+    case TLS_ST_OK:
+        return "SSLOK ";
+    case TLS_ST_CW_CLNT_HELLO:
+        return "TWCH";
+    case TLS_ST_CR_SRVR_HELLO:
+        return "TRSH";
+    case TLS_ST_CR_CERT:
+        return "TRSC";
+    case TLS_ST_CR_KEY_EXCH:
+        return "TRSKE";
+    case TLS_ST_CR_CERT_REQ:
+        return "TRCR";
+    case TLS_ST_CR_SRVR_DONE:
+        return "TRSD";
+    case TLS_ST_CW_CERT:
+        return "TWCC";
+    case TLS_ST_CW_KEY_EXCH:
+        return "TWCKE";
+    case TLS_ST_CW_CERT_VRFY:
+        return "TWCV";
+    case TLS_ST_SW_CHANGE:
+    case TLS_ST_CW_CHANGE:
+        return "TWCCS";
+    case TLS_ST_SW_FINISHED:
+    case TLS_ST_CW_FINISHED:
+        return "TWFIN";
+    case TLS_ST_SR_CHANGE:
+    case TLS_ST_CR_CHANGE:
+        return "TRCCS";
+    case TLS_ST_SR_FINISHED:
+    case TLS_ST_CR_FINISHED:
+        return "TRFIN";
+    case TLS_ST_SW_HELLO_REQ:
+        return "TWHR";
+    case TLS_ST_SR_CLNT_HELLO:
+        return "TRCH";
+    case TLS_ST_SW_SRVR_HELLO:
+        return "TWSH";
+    case TLS_ST_SW_CERT:
+        return "TWSC";
+    case TLS_ST_SW_KEY_EXCH:
+        return "TWSKE";
+    case TLS_ST_SW_CERT_REQ:
+        return "TWCR";
+    case TLS_ST_SW_SRVR_DONE:
+        return "TWSD";
+    case TLS_ST_SR_CERT:
+        return "TRCC";
+    case TLS_ST_SR_KEY_EXCH:
+        return "TRCKE";
+    case TLS_ST_SR_CERT_VRFY:
+        return "TRCV";
+    case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
+        return "DRCHV";
+    case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
+        return "DWCHV";
+    case TLS_ST_SW_ENCRYPTED_EXTENSIONS:
+        return "TWEE";
+    case TLS_ST_CR_ENCRYPTED_EXTENSIONS:
+        return "TREE";
+    case TLS_ST_CR_CERT_VRFY:
+        return "TRSCV";
+    case TLS_ST_SW_CERT_VRFY:
+        return "TRSCV";
+    case TLS_ST_CR_HELLO_REQ:
+        return "TRHR";
+    case TLS_ST_SW_KEY_UPDATE:
+        return "TWSKU";
+    case TLS_ST_CW_KEY_UPDATE:
+        return "TWCKU";
+    case TLS_ST_SR_KEY_UPDATE:
+        return "TRCKU";
+    case TLS_ST_CR_KEY_UPDATE:
+        return "TRSKU";
+    case TLS_ST_EARLY_DATA:
+        return "TED";
+    case TLS_ST_PENDING_EARLY_DATA_END:
+        return "TPEDE";
+    case TLS_ST_CW_END_OF_EARLY_DATA:
+        return "TWEOED";
+    case TLS_ST_SR_END_OF_EARLY_DATA:
+        return "TWEOED";
     default:
-        str = "UNKWN ";
-        break;
+        return "UNKWN ";
     }
-    return (str);
 }
 
 const char *SSL_alert_type_string_long(int value)
 {
-    value >>= 8;
-    if (value == SSL3_AL_WARNING)
-        return ("warning");
-    else if (value == SSL3_AL_FATAL)
-        return ("fatal");
-    else
-        return ("unknown");
+    switch (value >> 8) {
+    case SSL3_AL_WARNING:
+        return "warning";
+    case SSL3_AL_FATAL:
+        return "fatal";
+    default:
+        return "unknown";
+    }
 }
 
 const char *SSL_alert_type_string(int value)
 {
-    value >>= 8;
-    if (value == SSL3_AL_WARNING)
-        return ("W");
-    else if (value == SSL3_AL_FATAL)
-        return ("F");
-    else
-        return ("U");
+    switch (value >> 8) {
+    case SSL3_AL_WARNING:
+        return "W";
+    case SSL3_AL_FATAL:
+        return "F";
+    default:
+        return "U";
+    }
 }
 
 const char *SSL_alert_desc_string(int value)
 {
-    const char *str;
-
     switch (value & 0xff) {
     case SSL3_AD_CLOSE_NOTIFY:
-        str = "CN";
-        break;
+        return "CN";
     case SSL3_AD_UNEXPECTED_MESSAGE:
-        str = "UM";
-        break;
+        return "UM";
     case SSL3_AD_BAD_RECORD_MAC:
-        str = "BM";
-        break;
+        return "BM";
     case SSL3_AD_DECOMPRESSION_FAILURE:
-        str = "DF";
-        break;
+        return "DF";
     case SSL3_AD_HANDSHAKE_FAILURE:
-        str = "HF";
-        break;
+        return "HF";
     case SSL3_AD_NO_CERTIFICATE:
-        str = "NC";
-        break;
+        return "NC";
     case SSL3_AD_BAD_CERTIFICATE:
-        str = "BC";
-        break;
+        return "BC";
     case SSL3_AD_UNSUPPORTED_CERTIFICATE:
-        str = "UC";
-        break;
+        return "UC";
     case SSL3_AD_CERTIFICATE_REVOKED:
-        str = "CR";
-        break;
+        return "CR";
     case SSL3_AD_CERTIFICATE_EXPIRED:
-        str = "CE";
-        break;
+        return "CE";
     case SSL3_AD_CERTIFICATE_UNKNOWN:
-        str = "CU";
-        break;
+        return "CU";
     case SSL3_AD_ILLEGAL_PARAMETER:
-        str = "IP";
-        break;
+        return "IP";
     case TLS1_AD_DECRYPTION_FAILED:
-        str = "DC";
-        break;
+        return "DC";
     case TLS1_AD_RECORD_OVERFLOW:
-        str = "RO";
-        break;
+        return "RO";
     case TLS1_AD_UNKNOWN_CA:
-        str = "CA";
-        break;
+        return "CA";
     case TLS1_AD_ACCESS_DENIED:
-        str = "AD";
-        break;
+        return "AD";
     case TLS1_AD_DECODE_ERROR:
-        str = "DE";
-        break;
+        return "DE";
     case TLS1_AD_DECRYPT_ERROR:
-        str = "CY";
-        break;
+        return "CY";
     case TLS1_AD_EXPORT_RESTRICTION:
-        str = "ER";
-        break;
+        return "ER";
     case TLS1_AD_PROTOCOL_VERSION:
-        str = "PV";
-        break;
+        return "PV";
     case TLS1_AD_INSUFFICIENT_SECURITY:
-        str = "IS";
-        break;
+        return "IS";
     case TLS1_AD_INTERNAL_ERROR:
-        str = "IE";
-        break;
+        return "IE";
     case TLS1_AD_USER_CANCELLED:
-        str = "US";
-        break;
+        return "US";
     case TLS1_AD_NO_RENEGOTIATION:
-        str = "NR";
-        break;
+        return "NR";
     case TLS1_AD_UNSUPPORTED_EXTENSION:
-        str = "UE";
-        break;
+        return "UE";
     case TLS1_AD_CERTIFICATE_UNOBTAINABLE:
-        str = "CO";
-        break;
+        return "CO";
     case TLS1_AD_UNRECOGNIZED_NAME:
-        str = "UN";
-        break;
+        return "UN";
     case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
-        str = "BR";
-        break;
+        return "BR";
     case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE:
-        str = "BH";
-        break;
+        return "BH";
     case TLS1_AD_UNKNOWN_PSK_IDENTITY:
-        str = "UP";
-        break;
+        return "UP";
     default:
-        str = "UK";
-        break;
+        return "UK";
     }
-    return (str);
 }
 
 const char *SSL_alert_desc_string_long(int value)
 {
-    const char *str;
-
     switch (value & 0xff) {
     case SSL3_AD_CLOSE_NOTIFY:
-        str = "close notify";
-        break;
+        return "close notify";
     case SSL3_AD_UNEXPECTED_MESSAGE:
-        str = "unexpected_message";
-        break;
+        return "unexpected_message";
     case SSL3_AD_BAD_RECORD_MAC:
-        str = "bad record mac";
-        break;
+        return "bad record mac";
     case SSL3_AD_DECOMPRESSION_FAILURE:
-        str = "decompression failure";
-        break;
+        return "decompression failure";
     case SSL3_AD_HANDSHAKE_FAILURE:
-        str = "handshake failure";
-        break;
+        return "handshake failure";
     case SSL3_AD_NO_CERTIFICATE:
-        str = "no certificate";
-        break;
+        return "no certificate";
     case SSL3_AD_BAD_CERTIFICATE:
-        str = "bad certificate";
-        break;
+        return "bad certificate";
     case SSL3_AD_UNSUPPORTED_CERTIFICATE:
-        str = "unsupported certificate";
-        break;
+        return "unsupported certificate";
     case SSL3_AD_CERTIFICATE_REVOKED:
-        str = "certificate revoked";
-        break;
+        return "certificate revoked";
     case SSL3_AD_CERTIFICATE_EXPIRED:
-        str = "certificate expired";
-        break;
+        return "certificate expired";
     case SSL3_AD_CERTIFICATE_UNKNOWN:
-        str = "certificate unknown";
-        break;
+        return "certificate unknown";
     case SSL3_AD_ILLEGAL_PARAMETER:
-        str = "illegal parameter";
-        break;
+        return "illegal parameter";
     case TLS1_AD_DECRYPTION_FAILED:
-        str = "decryption failed";
-        break;
+        return "decryption failed";
     case TLS1_AD_RECORD_OVERFLOW:
-        str = "record overflow";
-        break;
+        return "record overflow";
     case TLS1_AD_UNKNOWN_CA:
-        str = "unknown CA";
-        break;
+        return "unknown CA";
     case TLS1_AD_ACCESS_DENIED:
-        str = "access denied";
-        break;
+        return "access denied";
     case TLS1_AD_DECODE_ERROR:
-        str = "decode error";
-        break;
+        return "decode error";
     case TLS1_AD_DECRYPT_ERROR:
-        str = "decrypt error";
-        break;
+        return "decrypt error";
     case TLS1_AD_EXPORT_RESTRICTION:
-        str = "export restriction";
-        break;
+        return "export restriction";
     case TLS1_AD_PROTOCOL_VERSION:
-        str = "protocol version";
-        break;
+        return "protocol version";
     case TLS1_AD_INSUFFICIENT_SECURITY:
-        str = "insufficient security";
-        break;
+        return "insufficient security";
     case TLS1_AD_INTERNAL_ERROR:
-        str = "internal error";
-        break;
+        return "internal error";
     case TLS1_AD_USER_CANCELLED:
-        str = "user canceled";
-        break;
+        return "user canceled";
     case TLS1_AD_NO_RENEGOTIATION:
-        str = "no renegotiation";
-        break;
+        return "no renegotiation";
     case TLS1_AD_UNSUPPORTED_EXTENSION:
-        str = "unsupported extension";
-        break;
+        return "unsupported extension";
     case TLS1_AD_CERTIFICATE_UNOBTAINABLE:
-        str = "certificate unobtainable";
-        break;
+        return "certificate unobtainable";
     case TLS1_AD_UNRECOGNIZED_NAME:
-        str = "unrecognized name";
-        break;
+        return "unrecognized name";
     case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
-        str = "bad certificate status response";
-        break;
+        return "bad certificate status response";
     case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE:
-        str = "bad certificate hash value";
-        break;
+        return "bad certificate hash value";
     case TLS1_AD_UNKNOWN_PSK_IDENTITY:
-        str = "unknown PSK identity";
-        break;
-    default:
-        str = "unknown";
-        break;
-    }
-    return (str);
-}
-
-const char *SSL_rstate_string(const SSL *s)
-{
-    const char *str;
-
-    switch (s->rstate) {
-    case SSL_ST_READ_HEADER:
-        str = "RH";
-        break;
-    case SSL_ST_READ_BODY:
-        str = "RB";
-        break;
-    case SSL_ST_READ_DONE:
-        str = "RD";
-        break;
+        return "unknown PSK identity";
+    case TLS1_AD_NO_APPLICATION_PROTOCOL:
+        return "no application protocol";
     default:
-        str = "unknown";
-        break;
+        return "unknown";
     }
-    return (str);
 }
diff --git a/freebsd/crypto/openssl/ssl/ssl_txt.c b/freebsd/crypto/openssl/ssl/ssl_txt.c
index a9492f17..232a724b 100644
--- a/freebsd/crypto/openssl/ssl/ssl_txt.c
+++ b/freebsd/crypto/openssl/ssl/ssl_txt.c
@@ -1,154 +1,65 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* ssl/ssl_txt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright 2005 Nokia. All rights reserved.
  *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <openssl/buffer.h>
 #include "ssl_locl.h"
 
-#ifndef OPENSSL_NO_FP_API
+#ifndef OPENSSL_NO_STDIO
 int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x)
 {
     BIO *b;
     int ret;
 
-    if ((b = BIO_new(BIO_s_file_internal())) == NULL) {
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
         SSLerr(SSL_F_SSL_SESSION_PRINT_FP, ERR_R_BUF_LIB);
-        return (0);
+        return 0;
     }
     BIO_set_fp(b, fp, BIO_NOCLOSE);
     ret = SSL_SESSION_print(b, x);
     BIO_free(b);
-    return (ret);
+    return ret;
 }
 #endif
 
 int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
 {
-    unsigned int i;
+    size_t i;
     const char *s;
+    int istls13;
 
     if (x == NULL)
         goto err;
+    istls13 = (x->ssl_version == TLS1_3_VERSION);
     if (BIO_puts(bp, "SSL-Session:\n") <= 0)
         goto err;
-    if (x->ssl_version == SSL2_VERSION)
-        s = "SSLv2";
-    else if (x->ssl_version == SSL3_VERSION)
-        s = "SSLv3";
-    else if (x->ssl_version == TLS1_2_VERSION)
-        s = "TLSv1.2";
-    else if (x->ssl_version == TLS1_1_VERSION)
-        s = "TLSv1.1";
-    else if (x->ssl_version == TLS1_VERSION)
-        s = "TLSv1";
-    else if (x->ssl_version == DTLS1_VERSION)
-        s = "DTLSv1";
-    else if (x->ssl_version == DTLS1_2_VERSION)
-        s = "DTLSv1.2";
-    else if (x->ssl_version == DTLS1_BAD_VER)
-        s = "DTLSv1-bad";
-    else
-        s = "unknown";
+    s = ssl_protocol_to_string(x->ssl_version);
     if (BIO_printf(bp, "    Protocol  : %s\n", s) <= 0)
         goto err;
 
     if (x->cipher == NULL) {
         if (((x->cipher_id) & 0xff000000) == 0x02000000) {
-            if (BIO_printf
-                (bp, "    Cipher    : %06lX\n", x->cipher_id & 0xffffff) <= 0)
+            if (BIO_printf(bp, "    Cipher    : %06lX\n",
+                           x->cipher_id & 0xffffff) <= 0)
                 goto err;
         } else {
-            if (BIO_printf
-                (bp, "    Cipher    : %04lX\n", x->cipher_id & 0xffff) <= 0)
+            if (BIO_printf(bp, "    Cipher    : %04lX\n",
+                           x->cipher_id & 0xffff) <= 0)
                 goto err;
         }
     } else {
-        if (BIO_printf
-            (bp, "    Cipher    : %s\n",
-             ((x->cipher == NULL) ? "unknown" : x->cipher->name)) <= 0)
+        if (BIO_printf(bp, "    Cipher    : %s\n",
+                       ((x->cipher->name == NULL) ? "unknown"
+                                                  : x->cipher->name)) <= 0)
             goto err;
     }
     if (BIO_puts(bp, "    Session-ID: ") <= 0)
@@ -163,34 +74,15 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
         if (BIO_printf(bp, "%02X", x->sid_ctx[i]) <= 0)
             goto err;
     }
-    if (BIO_puts(bp, "\n    Master-Key: ") <= 0)
+    if (istls13) {
+        if (BIO_puts(bp, "\n    Resumption PSK: ") <= 0)
+            goto err;
+    } else if (BIO_puts(bp, "\n    Master-Key: ") <= 0)
         goto err;
-    for (i = 0; i < (unsigned int)x->master_key_length; i++) {
+    for (i = 0; i < x->master_key_length; i++) {
         if (BIO_printf(bp, "%02X", x->master_key[i]) <= 0)
             goto err;
     }
-    if (BIO_puts(bp, "\n    Key-Arg   : ") <= 0)
-        goto err;
-    if (x->key_arg_length == 0) {
-        if (BIO_puts(bp, "None") <= 0)
-            goto err;
-    } else
-        for (i = 0; i < x->key_arg_length; i++) {
-            if (BIO_printf(bp, "%02X", x->key_arg[i]) <= 0)
-                goto err;
-        }
-#ifndef OPENSSL_NO_KRB5
-    if (BIO_puts(bp, "\n    Krb5 Principal: ") <= 0)
-        goto err;
-    if (x->krb5_client_princ_len == 0) {
-        if (BIO_puts(bp, "None") <= 0)
-            goto err;
-    } else
-        for (i = 0; i < x->krb5_client_princ_len; i++) {
-            if (BIO_printf(bp, "%02X", x->krb5_client_princ[i]) <= 0)
-                goto err;
-        }
-#endif                          /* OPENSSL_NO_KRB5 */
 #ifndef OPENSSL_NO_PSK
     if (BIO_puts(bp, "\n    PSK identity: ") <= 0)
         goto err;
@@ -208,35 +100,33 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
     if (BIO_printf(bp, "%s", x->srp_username ? x->srp_username : "None") <= 0)
         goto err;
 #endif
-#ifndef OPENSSL_NO_TLSEXT
-    if (x->tlsext_tick_lifetime_hint) {
+    if (x->ext.tick_lifetime_hint) {
         if (BIO_printf(bp,
                        "\n    TLS session ticket lifetime hint: %ld (seconds)",
-                       x->tlsext_tick_lifetime_hint) <= 0)
+                       x->ext.tick_lifetime_hint) <= 0)
             goto err;
     }
-    if (x->tlsext_tick) {
+    if (x->ext.tick) {
         if (BIO_puts(bp, "\n    TLS session ticket:\n") <= 0)
             goto err;
-        if (BIO_dump_indent(bp, (char *)x->tlsext_tick, x->tlsext_ticklen, 4)
+        /* TODO(size_t): Convert this call */
+        if (BIO_dump_indent
+            (bp, (const char *)x->ext.tick, (int)x->ext.ticklen, 4)
             <= 0)
             goto err;
     }
-#endif
-
 #ifndef OPENSSL_NO_COMP
     if (x->compress_meth != 0) {
         SSL_COMP *comp = NULL;
 
-        ssl_cipher_get_evp(x, NULL, NULL, NULL, NULL, &comp);
+        if (!ssl_cipher_get_evp(x, NULL, NULL, NULL, NULL, &comp, 0))
+            goto err;
         if (comp == NULL) {
-            if (BIO_printf(bp, "\n    Compression: %d", x->compress_meth) <=
-                0)
+            if (BIO_printf(bp, "\n    Compression: %d", x->compress_meth) <= 0)
                 goto err;
         } else {
-            if (BIO_printf
-                (bp, "\n    Compression: %d (%s)", comp->id,
-                 comp->method->name) <= 0)
+            if (BIO_printf(bp, "\n    Compression: %d (%s)", comp->id,
+                           comp->name) <= 0)
                 goto err;
         }
     }
@@ -258,7 +148,58 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
                    X509_verify_cert_error_string(x->verify_result)) <= 0)
         goto err;
 
-    return (1);
+    if (BIO_printf(bp, "    Extended master secret: %s\n",
+                   x->flags & SSL_SESS_FLAG_EXTMS ? "yes" : "no") <= 0)
+        goto err;
+
+    if (istls13) {
+        if (BIO_printf(bp, "    Max Early Data: %u\n",
+                       x->ext.max_early_data) <= 0)
+            goto err;
+    }
+
+    return 1;
+ err:
+    return 0;
+}
+
+/*
+ * print session id and master key in NSS keylog format (RSA
+ * Session-ID:<session id> Master-Key:<master key>)
+ */
+int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x)
+{
+    size_t i;
+
+    if (x == NULL)
+        goto err;
+    if (x->session_id_length == 0 || x->master_key_length == 0)
+        goto err;
+
+    /*
+     * the RSA prefix is required by the format's definition although there's
+     * nothing RSA-specific in the output, therefore, we don't have to check if
+     * the cipher suite is based on RSA
+     */
+    if (BIO_puts(bp, "RSA ") <= 0)
+        goto err;
+
+    if (BIO_puts(bp, "Session-ID:") <= 0)
+        goto err;
+    for (i = 0; i < x->session_id_length; i++) {
+        if (BIO_printf(bp, "%02X", x->session_id[i]) <= 0)
+            goto err;
+    }
+    if (BIO_puts(bp, " Master-Key:") <= 0)
+        goto err;
+    for (i = 0; i < x->master_key_length; i++) {
+        if (BIO_printf(bp, "%02X", x->master_key[i]) <= 0)
+            goto err;
+    }
+    if (BIO_puts(bp, "\n") <= 0)
+        goto err;
+
+    return 1;
  err:
-    return (0);
+    return 0;
 }
diff --git a/freebsd/crypto/openssl/ssl/ssl_utst.c b/freebsd/crypto/openssl/ssl/ssl_utst.c
index 27801ae7..9da2e297 100644
--- a/freebsd/crypto/openssl/ssl/ssl_utst.c
+++ b/freebsd/crypto/openssl/ssl/ssl_utst.c
@@ -1,58 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* ssl_utst.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2014 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include "ssl_locl.h"
@@ -62,8 +16,6 @@
 static const struct openssl_ssl_test_functions ssl_test_functions = {
     ssl_init_wbio_buffer,
     ssl3_setup_buffers,
-    tls1_process_heartbeat,
-    dtls1_process_heartbeat
 };
 
 const struct openssl_ssl_test_functions *SSL_test_functions(void)
diff --git a/freebsd/crypto/openssl/ssl/ssltest.c b/freebsd/crypto/openssl/ssl/ssltest.c
deleted file mode 100644
index 352dbedc..00000000
--- a/freebsd/crypto/openssl/ssl/ssltest.c
+++ /dev/null
@@ -1,3372 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* ssl/ssltest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
-
-/* Or gethostname won't be declared properly on Linux and GNU platforms. */
-#define _BSD_SOURCE 1
-#define _DEFAULT_SOURCE 1
-
-#include <assert.h>
-#include <errno.h>
-#include <limits.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-
-#define USE_SOCKETS
-#include "e_os.h"
-
-#ifdef OPENSSL_SYS_VMS
-/*
- * Or isascii won't be declared properly on VMS (at least with DECompHP C).
- */
-# define _XOPEN_SOURCE 500
-#endif
-
-#include <ctype.h>
-
-#include <openssl/bio.h>
-#include <openssl/crypto.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/ssl.h>
-#ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
-#endif
-#include <openssl/err.h>
-#include <openssl/rand.h>
-#ifndef OPENSSL_NO_RSA
-# include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-# include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-# include <openssl/dh.h>
-#endif
-#ifndef OPENSSL_NO_SRP
-# include <openssl/srp.h>
-#endif
-#include <openssl/bn.h>
-
-/*
- * Or gethostname won't be declared properly
- * on Compaq platforms (at least with DEC C).
- * Do not try to put it earlier, or IPv6 includes
- * get screwed...
- */
-#define _XOPEN_SOURCE_EXTENDED  1
-
-#ifdef OPENSSL_SYS_WINDOWS
-# include <winsock.h>
-#else
-# include OPENSSL_UNISTD
-#endif
-
-#ifdef OPENSSL_SYS_VMS
-# define TEST_SERVER_CERT "SYS$DISK:[-.APPS]SERVER.PEM"
-# define TEST_CLIENT_CERT "SYS$DISK:[-.APPS]CLIENT.PEM"
-#elif defined(OPENSSL_SYS_WINCE)
-# define TEST_SERVER_CERT "\\OpenSSL\\server.pem"
-# define TEST_CLIENT_CERT "\\OpenSSL\\client.pem"
-#elif defined(OPENSSL_SYS_NETWARE)
-# define TEST_SERVER_CERT "\\openssl\\apps\\server.pem"
-# define TEST_CLIENT_CERT "\\openssl\\apps\\client.pem"
-#else
-# define TEST_SERVER_CERT "../apps/server.pem"
-# define TEST_CLIENT_CERT "../apps/client.pem"
-#endif
-
-static SSL_CTX *s_ctx = NULL;
-static SSL_CTX *s_ctx2 = NULL;
-
-/*
- * There is really no standard for this, so let's assign some tentative
- * numbers.  In any case, these numbers are only for this test
- */
-#define COMP_RLE        255
-#define COMP_ZLIB       1
-
-static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
-#ifndef OPENSSL_NO_RSA
-static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength);
-static void free_tmp_rsa(void);
-#endif
-static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg);
-#define APP_CALLBACK_STRING "Test Callback Argument"
-struct app_verify_arg {
-    char *string;
-    int app_verify;
-    int allow_proxy_certs;
-    char *proxy_auth;
-    char *proxy_cond;
-};
-
-#ifndef OPENSSL_NO_DH
-static DH *get_dh512(void);
-static DH *get_dh1024(void);
-static DH *get_dh1024dsa(void);
-#endif
-
-static char *psk_key = NULL;    /* by default PSK is not used */
-#ifndef OPENSSL_NO_PSK
-static unsigned int psk_client_callback(SSL *ssl, const char *hint,
-                                        char *identity,
-                                        unsigned int max_identity_len,
-                                        unsigned char *psk,
-                                        unsigned int max_psk_len);
-static unsigned int psk_server_callback(SSL *ssl, const char *identity,
-                                        unsigned char *psk,
-                                        unsigned int max_psk_len);
-#endif
-
-#ifndef OPENSSL_NO_SRP
-/* SRP client */
-/* This is a context that we pass to all callbacks */
-typedef struct srp_client_arg_st {
-    char *srppassin;
-    char *srplogin;
-} SRP_CLIENT_ARG;
-
-# define PWD_STRLEN 1024
-
-static char *MS_CALLBACK ssl_give_srp_client_pwd_cb(SSL *s, void *arg)
-{
-    SRP_CLIENT_ARG *srp_client_arg = (SRP_CLIENT_ARG *)arg;
-    return BUF_strdup((char *)srp_client_arg->srppassin);
-}
-
-/* SRP server */
-/* This is a context that we pass to SRP server callbacks */
-typedef struct srp_server_arg_st {
-    char *expected_user;
-    char *pass;
-} SRP_SERVER_ARG;
-
-static int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
-{
-    SRP_SERVER_ARG *p = (SRP_SERVER_ARG *)arg;
-
-    if (strcmp(p->expected_user, SSL_get_srp_username(s)) != 0) {
-        fprintf(stderr, "User %s doesn't exist\n", SSL_get_srp_username(s));
-        return SSL3_AL_FATAL;
-    }
-    if (SSL_set_srp_server_param_pw(s, p->expected_user, p->pass, "1024") < 0) {
-        *ad = SSL_AD_INTERNAL_ERROR;
-        return SSL3_AL_FATAL;
-    }
-    return SSL_ERROR_NONE;
-}
-#endif
-
-static BIO *bio_err = NULL;
-static BIO *bio_stdout = NULL;
-
-static const char *alpn_client;
-static char *alpn_server;
-static char *alpn_server2;
-static const char *alpn_expected;
-static unsigned char *alpn_selected;
-static const char *sn_client;
-static const char *sn_server1;
-static const char *sn_server2;
-static int sn_expect = 0;
-static int s_ticket1 = 0;
-static int s_ticket2 = 0;
-static int c_ticket = 0;
-static int ticket_expect = -1;
-static int sni_in_cert_cb = 0;
-static const char *client_sigalgs = NULL;
-static const char *server_digest_expect = NULL;
-
-static int servername_cb(SSL *s, int *ad, void *arg)
-{
-    const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
-    if (sn_server2 == NULL) {
-        BIO_printf(bio_stdout, "Servername 2 is NULL\n");
-        return SSL_TLSEXT_ERR_NOACK;
-    }
-
-    if (servername != NULL) {
-        if (s_ctx2 != NULL && sn_server2 != NULL &&
-            !strcasecmp(servername, sn_server2)) {
-            BIO_printf(bio_stdout, "Switching server context.\n");
-            SSL_set_SSL_CTX(s, s_ctx2);
-            /* Copy over all the SSL_CTX options */
-            SSL_clear_options(s, 0xFFFFFFFFL);
-            SSL_set_options(s, SSL_CTX_get_options(s_ctx2));
-        }
-    }
-    return SSL_TLSEXT_ERR_OK;
-}
-static int verify_servername(SSL *client, SSL *server)
-{
-    /* just need to see if sn_context is what we expect */
-    SSL_CTX* ctx = SSL_get_SSL_CTX(server);
-    if (sn_expect == 0)
-        return 0;
-    if (sn_expect == 1 && ctx == s_ctx)
-        return 0;
-    if (sn_expect == 2 && ctx == s_ctx2)
-        return 0;
-    BIO_printf(bio_stdout, "Servername: expected context %d\n", sn_expect);
-    if (ctx == s_ctx2)
-        BIO_printf(bio_stdout, "Servername: context is 2\n");
-    else if (ctx == s_ctx)
-        BIO_printf(bio_stdout, "Servername: context is 1\n");
-    else
-        BIO_printf(bio_stdout, "Servername: context is unknown\n");
-    return -1;
-}
-static int cert_cb(SSL *ssl, void *arg)
-{
-    int unused;
-    return servername_cb(ssl, &unused, NULL) != SSL_TLSEXT_ERR_ALERT_FATAL;
-}
-
-static int verify_ticket(SSL* ssl)
-{
-    if (ticket_expect == -1)
-        return 0;
-    if (ticket_expect == 0 &&
-        (ssl->session->tlsext_tick == NULL ||
-         ssl->session->tlsext_ticklen == 0))
-        return 1;
-    if (ticket_expect == 1 &&
-        (ssl->session->tlsext_tick != NULL &&
-         ssl->session->tlsext_ticklen != 0))
-        return 1;
-    return -1;
-}
-
-static int verify_server_digest(SSL* ssl)
-{
-    int nid = NID_undef;
-
-    if (server_digest_expect == NULL)
-        return 0;
-    SSL_get_peer_signature_nid(ssl, &nid);
-    if (strcmp(server_digest_expect, OBJ_nid2sn(nid)) == 0)
-        return 1;
-    BIO_printf(bio_stdout, "Expected server digest %s, got %s.\n",
-               server_digest_expect, OBJ_nid2sn(nid));
-    return -1;
-}
-
-/*-
- * next_protos_parse parses a comma separated list of strings into a string
- * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
- *   outlen: (output) set to the length of the resulting buffer on success.
- *   err: (maybe NULL) on failure, an error message line is written to this BIO.
- *   in: a NUL terminated string like "abc,def,ghi"
- *
- *   returns: a malloced buffer or NULL on failure.
- */
-static unsigned char *next_protos_parse(unsigned short *outlen,
-                                        const char *in)
-{
-    size_t len;
-    unsigned char *out;
-    size_t i, start = 0;
-
-    len = strlen(in);
-    if (len >= 65535)
-        return NULL;
-
-    out = OPENSSL_malloc(strlen(in) + 1);
-    if (!out)
-        return NULL;
-
-    for (i = 0; i <= len; ++i) {
-        if (i == len || in[i] == ',') {
-            if (i - start > 255) {
-                OPENSSL_free(out);
-                return NULL;
-            }
-            out[start] = (unsigned char)(i - start);
-            start = i + 1;
-        } else
-            out[i + 1] = in[i];
-    }
-
-    *outlen = (unsigned char)(len + 1);
-    return out;
-}
-
-static int cb_server_alpn(SSL *s, const unsigned char **out,
-                          unsigned char *outlen, const unsigned char *in,
-                          unsigned int inlen, void *arg)
-{
-    unsigned char *protos;
-    unsigned short protos_len;
-    char* alpn_str = arg;
-
-    protos = next_protos_parse(&protos_len, alpn_str);
-    if (protos == NULL) {
-        fprintf(stderr, "failed to parser ALPN server protocol string: %s\n",
-                alpn_str);
-        abort();
-    }
-
-    if (SSL_select_next_proto
-        ((unsigned char **)out, outlen, protos, protos_len, in,
-         inlen) != OPENSSL_NPN_NEGOTIATED) {
-        OPENSSL_free(protos);
-        return SSL_TLSEXT_ERR_NOACK;
-    }
-
-    /*
-     * Make a copy of the selected protocol which will be freed in
-     * verify_alpn.
-     */
-    alpn_selected = OPENSSL_malloc(*outlen);
-    memcpy(alpn_selected, *out, *outlen);
-    *out = alpn_selected;
-
-    OPENSSL_free(protos);
-    return SSL_TLSEXT_ERR_OK;
-}
-
-static int verify_alpn(SSL *client, SSL *server)
-{
-    const unsigned char *client_proto, *server_proto;
-    unsigned int client_proto_len = 0, server_proto_len = 0;
-    SSL_get0_alpn_selected(client, &client_proto, &client_proto_len);
-    SSL_get0_alpn_selected(server, &server_proto, &server_proto_len);
-
-    if (alpn_selected != NULL) {
-        OPENSSL_free(alpn_selected);
-        alpn_selected = NULL;
-    }
-
-    if (client_proto_len != server_proto_len ||
-        memcmp(client_proto, server_proto, client_proto_len) != 0) {
-        BIO_printf(bio_stdout, "ALPN selected protocols differ!\n");
-        goto err;
-    }
-
-    if (client_proto_len > 0 && alpn_expected == NULL) {
-        BIO_printf(bio_stdout, "ALPN unexpectedly negotiated\n");
-        goto err;
-    }
-
-    if (alpn_expected != NULL &&
-        (client_proto_len != strlen(alpn_expected) ||
-         memcmp(client_proto, alpn_expected, client_proto_len) != 0)) {
-        BIO_printf(bio_stdout,
-                   "ALPN selected protocols not equal to expected protocol: %s\n",
-                   alpn_expected);
-        goto err;
-    }
-
-    return 0;
-
- err:
-    BIO_printf(bio_stdout, "ALPN results: client: '");
-    BIO_write(bio_stdout, client_proto, client_proto_len);
-    BIO_printf(bio_stdout, "', server: '");
-    BIO_write(bio_stdout, server_proto, server_proto_len);
-    BIO_printf(bio_stdout, "'\n");
-    BIO_printf(bio_stdout, "ALPN configured: client: '%s', server: ",
-                   alpn_client);
-    if (SSL_get_SSL_CTX(server) == s_ctx2) {
-        BIO_printf(bio_stdout, "'%s'\n",
-                   alpn_server2);
-    } else if (SSL_get_SSL_CTX(server) == s_ctx){
-        BIO_printf(bio_stdout, "'%s'\n",
-                   alpn_server);
-    } else {
-        BIO_printf(bio_stdout, "unknown\n");
-    }
-    return -1;
-}
-
-#ifndef OPENSSL_NO_TLSEXT
-
-static int cb_ticket0(SSL* s, unsigned char* key_name, unsigned char *iv, EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc)
-{
-    return 0;
-}
-
-static int cb_ticket1(SSL* s, unsigned char* key_name, unsigned char *iv, EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc)
-{
-    static unsigned char key[] = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 };
-    static char name[] = "ticket11ticket11";
-    if (SSL_get_options(s) & SSL_OP_NO_TICKET)
-        return 0;
-    if (enc) {
-        RAND_pseudo_bytes(iv, EVP_MAX_IV_LENGTH);
-        EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
-        HMAC_Init_ex(hctx, key, sizeof(key), EVP_sha1(), NULL);
-        memcpy(key_name, name, 16);
-        return 1;
-    } else {
-        if (memcmp(key_name, name, 16) == 0) {
-            EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
-            HMAC_Init_ex(hctx, key, sizeof(key), EVP_sha1(), NULL);
-            return 1;
-        }
-    }
-    return 0;
-}
-
-static int cb_ticket2(SSL* s, unsigned char* key_name, unsigned char *iv, EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc)
-{
-    fprintf(stderr, "ticket callback for SNI context should never be called\n");
-    EXIT(1);
-    return 0;
-}
-#endif
-
-#define SCT_EXT_TYPE 18
-
-/*
- * WARNING : below extension types are *NOT* IETF assigned, and could
- * conflict if these types are reassigned and handled specially by OpenSSL
- * in the future
- */
-#define TACK_EXT_TYPE 62208
-#define CUSTOM_EXT_TYPE_0 1000
-#define CUSTOM_EXT_TYPE_1 1001
-#define CUSTOM_EXT_TYPE_2 1002
-#define CUSTOM_EXT_TYPE_3 1003
-
-const char custom_ext_cli_string[] = "abc";
-const char custom_ext_srv_string[] = "defg";
-
-/* These set from cmdline */
-char *serverinfo_file = NULL;
-int serverinfo_sct = 0;
-int serverinfo_tack = 0;
-
-/* These set based on extension callbacks */
-int serverinfo_sct_seen = 0;
-int serverinfo_tack_seen = 0;
-int serverinfo_other_seen = 0;
-
-/* This set from cmdline */
-int custom_ext = 0;
-
-/* This set based on extension callbacks */
-int custom_ext_error = 0;
-
-static int serverinfo_cli_parse_cb(SSL *s, unsigned int ext_type,
-                                   const unsigned char *in, size_t inlen,
-                                   int *al, void *arg)
-{
-    if (ext_type == SCT_EXT_TYPE)
-        serverinfo_sct_seen++;
-    else if (ext_type == TACK_EXT_TYPE)
-        serverinfo_tack_seen++;
-    else
-        serverinfo_other_seen++;
-    return 1;
-}
-
-static int verify_serverinfo()
-{
-    if (serverinfo_sct != serverinfo_sct_seen)
-        return -1;
-    if (serverinfo_tack != serverinfo_tack_seen)
-        return -1;
-    if (serverinfo_other_seen)
-        return -1;
-    return 0;
-}
-
-/*-
- * Four test cases for custom extensions:
- * 0 - no ClientHello extension or ServerHello response
- * 1 - ClientHello with "abc", no response
- * 2 - ClientHello with "abc", empty response
- * 3 - ClientHello with "abc", "defg" response
- */
-
-static int custom_ext_0_cli_add_cb(SSL *s, unsigned int ext_type,
-                                   const unsigned char **out,
-                                   size_t *outlen, int *al, void *arg)
-{
-    if (ext_type != CUSTOM_EXT_TYPE_0)
-        custom_ext_error = 1;
-    return 0;                   /* Don't send an extension */
-}
-
-static int custom_ext_0_cli_parse_cb(SSL *s, unsigned int ext_type,
-                                     const unsigned char *in,
-                                     size_t inlen, int *al, void *arg)
-{
-    return 1;
-}
-
-static int custom_ext_1_cli_add_cb(SSL *s, unsigned int ext_type,
-                                   const unsigned char **out,
-                                   size_t *outlen, int *al, void *arg)
-{
-    if (ext_type != CUSTOM_EXT_TYPE_1)
-        custom_ext_error = 1;
-    *out = (const unsigned char *)custom_ext_cli_string;
-    *outlen = strlen(custom_ext_cli_string);
-    return 1;                   /* Send "abc" */
-}
-
-static int custom_ext_1_cli_parse_cb(SSL *s, unsigned int ext_type,
-                                     const unsigned char *in,
-                                     size_t inlen, int *al, void *arg)
-{
-    return 1;
-}
-
-static int custom_ext_2_cli_add_cb(SSL *s, unsigned int ext_type,
-                                   const unsigned char **out,
-                                   size_t *outlen, int *al, void *arg)
-{
-    if (ext_type != CUSTOM_EXT_TYPE_2)
-        custom_ext_error = 1;
-    *out = (const unsigned char *)custom_ext_cli_string;
-    *outlen = strlen(custom_ext_cli_string);
-    return 1;                   /* Send "abc" */
-}
-
-static int custom_ext_2_cli_parse_cb(SSL *s, unsigned int ext_type,
-                                     const unsigned char *in,
-                                     size_t inlen, int *al, void *arg)
-{
-    if (ext_type != CUSTOM_EXT_TYPE_2)
-        custom_ext_error = 1;
-    if (inlen != 0)
-        custom_ext_error = 1;   /* Should be empty response */
-    return 1;
-}
-
-static int custom_ext_3_cli_add_cb(SSL *s, unsigned int ext_type,
-                                   const unsigned char **out,
-                                   size_t *outlen, int *al, void *arg)
-{
-    if (ext_type != CUSTOM_EXT_TYPE_3)
-        custom_ext_error = 1;
-    *out = (const unsigned char *)custom_ext_cli_string;
-    *outlen = strlen(custom_ext_cli_string);
-    return 1;                   /* Send "abc" */
-}
-
-static int custom_ext_3_cli_parse_cb(SSL *s, unsigned int ext_type,
-                                     const unsigned char *in,
-                                     size_t inlen, int *al, void *arg)
-{
-    if (ext_type != CUSTOM_EXT_TYPE_3)
-        custom_ext_error = 1;
-    if (inlen != strlen(custom_ext_srv_string))
-        custom_ext_error = 1;
-    if (memcmp(custom_ext_srv_string, in, inlen) != 0)
-        custom_ext_error = 1;   /* Check for "defg" */
-    return 1;
-}
-
-/*
- * custom_ext_0_cli_add_cb returns 0 - the server won't receive a callback
- * for this extension
- */
-static int custom_ext_0_srv_parse_cb(SSL *s, unsigned int ext_type,
-                                     const unsigned char *in,
-                                     size_t inlen, int *al, void *arg)
-{
-    custom_ext_error = 1;
-    return 1;
-}
-
-/* 'add' callbacks are only called if the 'parse' callback is called */
-static int custom_ext_0_srv_add_cb(SSL *s, unsigned int ext_type,
-                                   const unsigned char **out,
-                                   size_t *outlen, int *al, void *arg)
-{
-    /* Error: should not have been called */
-    custom_ext_error = 1;
-    return 0;                   /* Don't send an extension */
-}
-
-static int custom_ext_1_srv_parse_cb(SSL *s, unsigned int ext_type,
-                                     const unsigned char *in,
-                                     size_t inlen, int *al, void *arg)
-{
-    if (ext_type != CUSTOM_EXT_TYPE_1)
-        custom_ext_error = 1;
-    /* Check for "abc" */
-    if (inlen != strlen(custom_ext_cli_string))
-        custom_ext_error = 1;
-    if (memcmp(in, custom_ext_cli_string, inlen) != 0)
-        custom_ext_error = 1;
-    return 1;
-}
-
-static int custom_ext_1_srv_add_cb(SSL *s, unsigned int ext_type,
-                                   const unsigned char **out,
-                                   size_t *outlen, int *al, void *arg)
-{
-    return 0;                   /* Don't send an extension */
-}
-
-static int custom_ext_2_srv_parse_cb(SSL *s, unsigned int ext_type,
-                                     const unsigned char *in,
-                                     size_t inlen, int *al, void *arg)
-{
-    if (ext_type != CUSTOM_EXT_TYPE_2)
-        custom_ext_error = 1;
-    /* Check for "abc" */
-    if (inlen != strlen(custom_ext_cli_string))
-        custom_ext_error = 1;
-    if (memcmp(in, custom_ext_cli_string, inlen) != 0)
-        custom_ext_error = 1;
-    return 1;
-}
-
-static int custom_ext_2_srv_add_cb(SSL *s, unsigned int ext_type,
-                                   const unsigned char **out,
-                                   size_t *outlen, int *al, void *arg)
-{
-    *out = NULL;
-    *outlen = 0;
-    return 1;                   /* Send empty extension */
-}
-
-static int custom_ext_3_srv_parse_cb(SSL *s, unsigned int ext_type,
-                                     const unsigned char *in,
-                                     size_t inlen, int *al, void *arg)
-{
-    if (ext_type != CUSTOM_EXT_TYPE_3)
-        custom_ext_error = 1;
-    /* Check for "abc" */
-    if (inlen != strlen(custom_ext_cli_string))
-        custom_ext_error = 1;
-    if (memcmp(in, custom_ext_cli_string, inlen) != 0)
-        custom_ext_error = 1;
-    return 1;
-}
-
-static int custom_ext_3_srv_add_cb(SSL *s, unsigned int ext_type,
-                                   const unsigned char **out,
-                                   size_t *outlen, int *al, void *arg)
-{
-    *out = (const unsigned char *)custom_ext_srv_string;
-    *outlen = strlen(custom_ext_srv_string);
-    return 1;                   /* Send "defg" */
-}
-
-static char *cipher = NULL;
-static int verbose = 0;
-static int debug = 0;
-#if 0
-/* Not used yet. */
-# ifdef FIONBIO
-static int s_nbio = 0;
-# endif
-#endif
-
-static const char rnd_seed[] =
-    "string to make the random number generator think it has entropy";
-
-int doit_biopair(SSL *s_ssl, SSL *c_ssl, long bytes, clock_t *s_time,
-                 clock_t *c_time);
-int doit(SSL *s_ssl, SSL *c_ssl, long bytes);
-static int do_test_cipherlist(void);
-static void sv_usage(void)
-{
-    fprintf(stderr, "usage: ssltest [args ...]\n");
-    fprintf(stderr, "\n");
-#ifdef OPENSSL_FIPS
-    fprintf(stderr, "-F             - run test in FIPS mode\n");
-#endif
-    fprintf(stderr, " -server_auth  - check server certificate\n");
-    fprintf(stderr, " -client_auth  - do client authentication\n");
-    fprintf(stderr, " -proxy        - allow proxy certificates\n");
-    fprintf(stderr, " -proxy_auth <val> - set proxy policy rights\n");
-    fprintf(stderr,
-            " -proxy_cond <val> - expression to test proxy policy rights\n");
-    fprintf(stderr, " -v            - more output\n");
-    fprintf(stderr, " -d            - debug output\n");
-    fprintf(stderr, " -reuse        - use session-id reuse\n");
-    fprintf(stderr, " -num <val>    - number of connections to perform\n");
-    fprintf(stderr,
-            " -bytes <val>  - number of bytes to swap between client/server\n");
-#ifndef OPENSSL_NO_DH
-    fprintf(stderr,
-            " -dhe512       - use 512 bit key for DHE (to test failure)\n");
-    fprintf(stderr,
-            " -dhe1024      - use 1024 bit key (safe prime) for DHE (default, no-op)\n");
-    fprintf(stderr,
-            " -dhe1024dsa   - use 1024 bit key (with 160-bit subprime) for DHE\n");
-    fprintf(stderr, " -no_dhe       - disable DHE\n");
-#endif
-#ifndef OPENSSL_NO_ECDH
-    fprintf(stderr, " -no_ecdhe     - disable ECDHE\n");
-#endif
-#ifndef OPENSSL_NO_PSK
-    fprintf(stderr, " -psk arg      - PSK in hex (without 0x)\n");
-#endif
-#ifndef OPENSSL_NO_SRP
-    fprintf(stderr, " -srpuser user  - SRP username to use\n");
-    fprintf(stderr, " -srppass arg   - password for 'user'\n");
-#endif
-#ifndef OPENSSL_NO_SSL2
-    fprintf(stderr, " -ssl2         - use SSLv2\n");
-#endif
-#ifndef OPENSSL_NO_SSL3_METHOD
-    fprintf(stderr, " -ssl3         - use SSLv3\n");
-#endif
-#ifndef OPENSSL_NO_TLS1
-    fprintf(stderr, " -tls1         - use TLSv1\n");
-    fprintf(stderr, " -tls12        - use TLSv1.2\n");
-#endif
-#ifndef OPENSSL_NO_DTLS
-    fprintf(stderr, " -dtls1        - use DTLSv1\n");
-    fprintf(stderr, " -dtls12       - use DTLSv1.2\n");
-#endif
-    fprintf(stderr, " -CApath arg   - PEM format directory of CA's\n");
-    fprintf(stderr, " -CAfile arg   - PEM format file of CA's\n");
-    fprintf(stderr, " -cert arg     - Server certificate file\n");
-    fprintf(stderr,
-            " -key arg      - Server key file (default: same as -cert)\n");
-    fprintf(stderr, " -c_cert arg   - Client certificate file\n");
-    fprintf(stderr,
-            " -c_key arg    - Client key file (default: same as -c_cert)\n");
-    fprintf(stderr, " -cipher arg   - The cipher list\n");
-    fprintf(stderr, " -bio_pair     - Use BIO pairs\n");
-    fprintf(stderr, " -f            - Test even cases that can't work\n");
-    fprintf(stderr,
-            " -time         - measure processor time used by client and server\n");
-    fprintf(stderr, " -zlib         - use zlib compression\n");
-    fprintf(stderr, " -rle          - use rle compression\n");
-#ifndef OPENSSL_NO_ECDH
-    fprintf(stderr,
-            " -named_curve arg  - Elliptic curve name to use for ephemeral ECDH keys.\n"
-            "                 Use \"openssl ecparam -list_curves\" for all names\n"
-            "                 (default is sect163r2).\n");
-#endif
-    fprintf(stderr,
-            " -test_cipherlist - Verifies the order of the ssl cipher lists.\n"
-            "                    When this option is requested, the cipherlist\n"
-            "                    tests are run instead of handshake tests.\n");
-    fprintf(stderr, " -serverinfo_file file - have server use this file\n");
-    fprintf(stderr, " -serverinfo_sct  - have client offer and expect SCT\n");
-    fprintf(stderr,
-            " -serverinfo_tack - have client offer and expect TACK\n");
-    fprintf(stderr,
-            " -custom_ext - try various custom extension callbacks\n");
-    fprintf(stderr, " -alpn_client <string> - have client side offer ALPN\n");
-    fprintf(stderr, " -alpn_server <string> - have server side offer ALPN\n");
-    fprintf(stderr, " -alpn_server1 <string> - alias for -alpn_server\n");
-    fprintf(stderr, " -alpn_server2 <string> - have server side context 2 offer ALPN\n");
-    fprintf(stderr,
-            " -alpn_expected <string> - the ALPN protocol that should be negotiated\n");
-    fprintf(stderr, " -sn_client <string>  - have client request this servername\n");
-    fprintf(stderr, " -sn_server1 <string> - have server context 1 respond to this servername\n");
-    fprintf(stderr, " -sn_server2 <string> - have server context 2 respond to this servername\n");
-    fprintf(stderr, " -sn_expect1          - expected server 1\n");
-    fprintf(stderr, " -sn_expect2          - expected server 2\n");
-#ifndef OPENSSL_NO_TLSEXT
-    fprintf(stderr, " -s_ticket1 <yes|no|broken> - enable/disable session tickets on context 1\n");
-    fprintf(stderr, " -s_ticket2 <yes|no>        - enable/disable session tickets on context 2\n");
-    fprintf(stderr, " -c_ticket <yes|no>         - enable/disable session tickets on the client\n");
-    fprintf(stderr, " -ticket_expect <yes|no>    - indicate that the client should (or should not) have a ticket\n");
-#endif
-    fprintf(stderr, " -sni_in_cert_cb           - have the server handle SNI in the certificate callback\n");
-    fprintf(stderr, " -client_sigalgs arg       - the signature algorithms to configure on the client\n");
-    fprintf(stderr, " -server_digest_expect arg - the expected server signing digest\n");
-}
-
-static void print_details(SSL *c_ssl, const char *prefix)
-{
-    const SSL_CIPHER *ciph;
-    X509 *cert;
-
-    ciph = SSL_get_current_cipher(c_ssl);
-    BIO_printf(bio_stdout, "%s%s, cipher %s %s",
-               prefix,
-               SSL_get_version(c_ssl),
-               SSL_CIPHER_get_version(ciph), SSL_CIPHER_get_name(ciph));
-    cert = SSL_get_peer_certificate(c_ssl);
-    if (cert != NULL) {
-        EVP_PKEY *pkey = X509_get_pubkey(cert);
-        if (pkey != NULL) {
-            if (0) ;
-#ifndef OPENSSL_NO_RSA
-            else if (pkey->type == EVP_PKEY_RSA && pkey->pkey.rsa != NULL
-                     && pkey->pkey.rsa->n != NULL) {
-                BIO_printf(bio_stdout, ", %d bit RSA",
-                           BN_num_bits(pkey->pkey.rsa->n));
-            }
-#endif
-#ifndef OPENSSL_NO_DSA
-            else if (pkey->type == EVP_PKEY_DSA && pkey->pkey.dsa != NULL
-                     && pkey->pkey.dsa->p != NULL) {
-                BIO_printf(bio_stdout, ", %d bit DSA",
-                           BN_num_bits(pkey->pkey.dsa->p));
-            }
-#endif
-            EVP_PKEY_free(pkey);
-        }
-        X509_free(cert);
-    }
-    /*
-     * The SSL API does not allow us to look at temporary RSA/DH keys,
-     * otherwise we should print their lengths too
-     */
-    BIO_printf(bio_stdout, "\n");
-}
-
-static void lock_dbg_cb(int mode, int type, const char *file, int line)
-{
-    static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
-    const char *errstr = NULL;
-    int rw;
-
-    rw = mode & (CRYPTO_READ | CRYPTO_WRITE);
-    if (!((rw == CRYPTO_READ) || (rw == CRYPTO_WRITE))) {
-        errstr = "invalid mode";
-        goto err;
-    }
-
-    if (type < 0 || type >= CRYPTO_NUM_LOCKS) {
-        errstr = "type out of bounds";
-        goto err;
-    }
-
-    if (mode & CRYPTO_LOCK) {
-        if (modes[type]) {
-            errstr = "already locked";
-            /*
-             * must not happen in a single-threaded program (would deadlock)
-             */
-            goto err;
-        }
-
-        modes[type] = rw;
-    } else if (mode & CRYPTO_UNLOCK) {
-        if (!modes[type]) {
-            errstr = "not locked";
-            goto err;
-        }
-
-        if (modes[type] != rw) {
-            errstr = (rw == CRYPTO_READ) ?
-                "CRYPTO_r_unlock on write lock" :
-                "CRYPTO_w_unlock on read lock";
-        }
-
-        modes[type] = 0;
-    } else {
-        errstr = "invalid mode";
-        goto err;
-    }
-
- err:
-    if (errstr) {
-        /* we cannot use bio_err here */
-        fprintf(stderr,
-                "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n",
-                errstr, mode, type, file, line);
-    }
-}
-
-#ifdef TLSEXT_TYPE_opaque_prf_input
-struct cb_info_st {
-    void *input;
-    size_t len;
-    int ret;
-};
-struct cb_info_st co1 = { "C", 1, 1 }; /* try to negotiate oqaque PRF input */
-struct cb_info_st co2 = { "C", 1, 2 }; /* insist on oqaque PRF input */
-struct cb_info_st so1 = { "S", 1, 1 }; /* try to negotiate oqaque PRF input */
-struct cb_info_st so2 = { "S", 1, 2 }; /* insist on oqaque PRF input */
-
-int opaque_prf_input_cb(SSL *ssl, void *peerinput, size_t len, void *arg_)
-{
-    struct cb_info_st *arg = arg_;
-
-    if (arg == NULL)
-        return 1;
-
-    if (!SSL_set_tlsext_opaque_prf_input(ssl, arg->input, arg->len))
-        return 0;
-    return arg->ret;
-}
-#endif
-
-int main(int argc, char *argv[])
-{
-    char *CApath = NULL, *CAfile = NULL;
-    int badop = 0;
-    int bio_pair = 0;
-    int force = 0;
-    int dtls1 = 0, dtls12 = 0, tls1 = 0, tls12 = 0, ssl2 = 0, ssl3 = 0, ret = 1;
-    int client_auth = 0;
-    int server_auth = 0, i;
-    struct app_verify_arg app_verify_arg =
-        { APP_CALLBACK_STRING, 0, 0, NULL, NULL };
-    char *server_cert = TEST_SERVER_CERT;
-    char *server_key = NULL;
-    char *client_cert = TEST_CLIENT_CERT;
-    char *client_key = NULL;
-#ifndef OPENSSL_NO_ECDH
-    char *named_curve = NULL;
-#endif
-    SSL_CTX *c_ctx = NULL;
-    const SSL_METHOD *meth = NULL;
-    SSL *c_ssl, *s_ssl;
-    int number = 1, reuse = 0;
-    long bytes = 256L;
-#ifndef OPENSSL_NO_DH
-    DH *dh;
-    int dhe512 = 0, dhe1024dsa = 0;
-#endif
-#ifndef OPENSSL_NO_ECDH
-    EC_KEY *ecdh = NULL;
-#endif
-#ifndef OPENSSL_NO_SRP
-    /* client */
-    SRP_CLIENT_ARG srp_client_arg = { NULL, NULL };
-    /* server */
-    SRP_SERVER_ARG srp_server_arg = { NULL, NULL };
-#endif
-    int no_dhe = 0;
-    int no_ecdhe = 0;
-    int no_psk = 0;
-    int print_time = 0;
-    clock_t s_time = 0, c_time = 0;
-#ifndef OPENSSL_NO_COMP
-    int comp = 0;
-    COMP_METHOD *cm = NULL;
-    STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
-#endif
-    int test_cipherlist = 0;
-#ifdef OPENSSL_FIPS
-    int fips_mode = 0;
-#endif
-    int no_protocol = 0;
-
-    verbose = 0;
-    debug = 0;
-    cipher = 0;
-
-    bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
-
-    CRYPTO_set_locking_callback(lock_dbg_cb);
-
-    /* enable memory leak checking unless explicitly disabled */
-    if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL)
-          && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))) {
-        CRYPTO_malloc_debug_init();
-        CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
-    } else {
-        /* OPENSSL_DEBUG_MEMORY=off */
-        CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
-    }
-    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
-    RAND_seed(rnd_seed, sizeof(rnd_seed));
-
-    bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE | BIO_FP_TEXT);
-
-    argc--;
-    argv++;
-
-    while (argc >= 1) {
-        if (!strcmp(*argv, "-F")) {
-#ifdef OPENSSL_FIPS
-            fips_mode = 1;
-#else
-            fprintf(stderr,
-                    "not compiled with FIPS support, so exiting without running.\n");
-            EXIT(0);
-#endif
-        } else if (strcmp(*argv, "-server_auth") == 0)
-            server_auth = 1;
-        else if (strcmp(*argv, "-client_auth") == 0)
-            client_auth = 1;
-        else if (strcmp(*argv, "-proxy_auth") == 0) {
-            if (--argc < 1)
-                goto bad;
-            app_verify_arg.proxy_auth = *(++argv);
-        } else if (strcmp(*argv, "-proxy_cond") == 0) {
-            if (--argc < 1)
-                goto bad;
-            app_verify_arg.proxy_cond = *(++argv);
-        } else if (strcmp(*argv, "-v") == 0)
-            verbose = 1;
-        else if (strcmp(*argv, "-d") == 0)
-            debug = 1;
-        else if (strcmp(*argv, "-reuse") == 0)
-            reuse = 1;
-        else if (strcmp(*argv, "-dhe512") == 0) {
-#ifndef OPENSSL_NO_DH
-            dhe512 = 1;
-#else
-            fprintf(stderr,
-                    "ignoring -dhe512, since I'm compiled without DH\n");
-#endif
-        } else if (strcmp(*argv, "-dhe1024dsa") == 0) {
-#ifndef OPENSSL_NO_DH
-            dhe1024dsa = 1;
-#else
-            fprintf(stderr,
-                    "ignoring -dhe1024dsa, since I'm compiled without DH\n");
-#endif
-        } else if (strcmp(*argv, "-no_dhe") == 0)
-            no_dhe = 1;
-        else if (strcmp(*argv, "-no_ecdhe") == 0)
-            no_ecdhe = 1;
-        else if (strcmp(*argv, "-psk") == 0) {
-            if (--argc < 1)
-                goto bad;
-            psk_key = *(++argv);
-#ifndef OPENSSL_NO_PSK
-            if (strspn(psk_key, "abcdefABCDEF1234567890") != strlen(psk_key)) {
-                BIO_printf(bio_err, "Not a hex number '%s'\n", *argv);
-                goto bad;
-            }
-#else
-            no_psk = 1;
-#endif
-        }
-#ifndef OPENSSL_NO_SRP
-        else if (strcmp(*argv, "-srpuser") == 0) {
-            if (--argc < 1)
-                goto bad;
-            srp_server_arg.expected_user = srp_client_arg.srplogin =
-                *(++argv);
-            tls1 = 1;
-        } else if (strcmp(*argv, "-srppass") == 0) {
-            if (--argc < 1)
-                goto bad;
-            srp_server_arg.pass = srp_client_arg.srppassin = *(++argv);
-            tls1 = 1;
-        }
-#endif
-        else if (strcmp(*argv, "-ssl2") == 0) {
-#ifdef OPENSSL_NO_SSL2
-            no_protocol = 1;
-#endif
-            ssl2 = 1;
-        } else if (strcmp(*argv, "-tls1") == 0) {
-#ifdef OPENSSL_NO_TLS1
-            no_protocol = 1;
-#endif
-            tls1 = 1;
-        } else if (strcmp(*argv, "-tls12") == 0) {
-#ifdef OPENSSL_NO_TLS1
-            no_protocol = 1;
-#endif
-            tls12 = 1;
-        } else if (strcmp(*argv, "-ssl3") == 0) {
-#ifdef OPENSSL_NO_SSL3_METHOD
-            no_protocol = 1;
-#endif
-            ssl3 = 1;
-        } else if (strcmp(*argv, "-dtls1") == 0) {
-#ifdef OPENSSL_NO_DTLS
-            no_protocol = 1;
-#endif
-            dtls1 = 1;
-        } else if (strcmp(*argv, "-dtls12") == 0) {
-#ifdef OPENSSL_NO_DTLS
-            no_protocol = 1;
-#endif
-            dtls12 = 1;
-        } else if (strncmp(*argv, "-num", 4) == 0) {
-            if (--argc < 1)
-                goto bad;
-            number = atoi(*(++argv));
-            if (number == 0)
-                number = 1;
-        } else if (strcmp(*argv, "-bytes") == 0) {
-            if (--argc < 1)
-                goto bad;
-            bytes = atol(*(++argv));
-            if (bytes == 0L)
-                bytes = 1L;
-            i = strlen(argv[0]);
-            if (argv[0][i - 1] == 'k')
-                bytes *= 1024L;
-            if (argv[0][i - 1] == 'm')
-                bytes *= 1024L * 1024L;
-        } else if (strcmp(*argv, "-cert") == 0) {
-            if (--argc < 1)
-                goto bad;
-            server_cert = *(++argv);
-        } else if (strcmp(*argv, "-s_cert") == 0) {
-            if (--argc < 1)
-                goto bad;
-            server_cert = *(++argv);
-        } else if (strcmp(*argv, "-key") == 0) {
-            if (--argc < 1)
-                goto bad;
-            server_key = *(++argv);
-        } else if (strcmp(*argv, "-s_key") == 0) {
-            if (--argc < 1)
-                goto bad;
-            server_key = *(++argv);
-        } else if (strcmp(*argv, "-c_cert") == 0) {
-            if (--argc < 1)
-                goto bad;
-            client_cert = *(++argv);
-        } else if (strcmp(*argv, "-c_key") == 0) {
-            if (--argc < 1)
-                goto bad;
-            client_key = *(++argv);
-        } else if (strcmp(*argv, "-cipher") == 0) {
-            if (--argc < 1)
-                goto bad;
-            cipher = *(++argv);
-        } else if (strcmp(*argv, "-CApath") == 0) {
-            if (--argc < 1)
-                goto bad;
-            CApath = *(++argv);
-        } else if (strcmp(*argv, "-CAfile") == 0) {
-            if (--argc < 1)
-                goto bad;
-            CAfile = *(++argv);
-        } else if (strcmp(*argv, "-bio_pair") == 0) {
-            bio_pair = 1;
-        } else if (strcmp(*argv, "-f") == 0) {
-            force = 1;
-        } else if (strcmp(*argv, "-time") == 0) {
-            print_time = 1;
-        }
-        else if (strcmp(*argv, "-zlib") == 0) {
-#ifndef OPENSSL_NO_COMP
-            comp = COMP_ZLIB;
-#else
-            fprintf(stderr,
-                    "ignoring -zlib, since I'm compiled without COMP\n");
-#endif
-        } else if (strcmp(*argv, "-rle") == 0) {
-#ifndef OPENSSL_NO_COMP
-            comp = COMP_RLE;
-#else
-            fprintf(stderr,
-                    "ignoring -rle, since I'm compiled without COMP\n");
-#endif
-        }
-        else if (strcmp(*argv, "-named_curve") == 0) {
-            if (--argc < 1)
-                goto bad;
-#ifndef OPENSSL_NO_ECDH
-            named_curve = *(++argv);
-#else
-            fprintf(stderr,
-                    "ignoring -named_curve, since I'm compiled without ECDH\n");
-            ++argv;
-#endif
-        } else if (strcmp(*argv, "-app_verify") == 0) {
-            app_verify_arg.app_verify = 1;
-        } else if (strcmp(*argv, "-proxy") == 0) {
-            app_verify_arg.allow_proxy_certs = 1;
-        } else if (strcmp(*argv, "-test_cipherlist") == 0) {
-            test_cipherlist = 1;
-        } else if (strcmp(*argv, "-serverinfo_sct") == 0) {
-            serverinfo_sct = 1;
-        } else if (strcmp(*argv, "-serverinfo_tack") == 0) {
-            serverinfo_tack = 1;
-        } else if (strcmp(*argv, "-serverinfo_file") == 0) {
-            if (--argc < 1)
-                goto bad;
-            serverinfo_file = *(++argv);
-        } else if (strcmp(*argv, "-custom_ext") == 0) {
-            custom_ext = 1;
-        } else if (strcmp(*argv, "-alpn_client") == 0) {
-            if (--argc < 1)
-                goto bad;
-            alpn_client = *(++argv);
-        } else if (strcmp(*argv, "-alpn_server") == 0 ||
-                   strcmp(*argv, "-alpn_server1") == 0) {
-            if (--argc < 1)
-                goto bad;
-            alpn_server = *(++argv);
-        } else if (strcmp(*argv, "-alpn_server2") == 0) {
-            if (--argc < 1)
-                goto bad;
-            alpn_server2 = *(++argv);
-        } else if (strcmp(*argv, "-alpn_expected") == 0) {
-            if (--argc < 1)
-                goto bad;
-            alpn_expected = *(++argv);
-        } else if (strcmp(*argv, "-sn_client") == 0) {
-            if (--argc < 1)
-                goto bad;
-            sn_client = *(++argv);
-        } else if (strcmp(*argv, "-sn_server1") == 0) {
-            if (--argc < 1)
-                goto bad;
-            sn_server1 = *(++argv);
-        } else if (strcmp(*argv, "-sn_server2") == 0) {
-            if (--argc < 1)
-                goto bad;
-            sn_server2 = *(++argv);
-        } else if (strcmp(*argv, "-sn_expect1") == 0) {
-            sn_expect = 1;
-        } else if (strcmp(*argv, "-sn_expect2") == 0) {
-            sn_expect = 2;
-#ifndef OPENSSL_NO_TLSEXT
-        } else if (strcmp(*argv, "-s_ticket1") == 0) {
-            if (--argc < 1)
-                goto bad;
-            argv++;
-            if (strcmp(*argv, "yes") == 0)
-                s_ticket1 = 1;
-            if (strcmp(*argv, "broken") == 0)
-                s_ticket1 = 2;
-        } else if (strcmp(*argv, "-s_ticket2") == 0) {
-            if (--argc < 1)
-                goto bad;
-            argv++;
-            if (strcmp(*argv, "yes") == 0)
-                s_ticket2 = 1;
-        } else if (strcmp(*argv, "-c_ticket") == 0) {
-            if (--argc < 1)
-                goto bad;
-            argv++;
-            if (strcmp(*argv, "yes") == 0)
-                c_ticket = 1;
-        } else if (strcmp(*argv, "-ticket_expect") == 0) {
-            if (--argc < 1)
-                goto bad;
-            argv++;
-            if (strcmp(*argv, "yes") == 0)
-                ticket_expect = 1;
-            else if (strcmp(*argv, "no") == 0)
-                ticket_expect = 0;
-#endif
-        } else if (strcmp(*argv, "-sni_in_cert_cb") == 0) {
-            sni_in_cert_cb = 1;
-        } else if (strcmp(*argv, "-client_sigalgs") == 0) {
-            if (--argc < 1)
-                goto bad;
-            client_sigalgs = *(++argv);
-        } else if (strcmp(*argv, "-server_digest_expect") == 0) {
-            if (--argc < 1)
-                goto bad;
-            server_digest_expect = *(++argv);
-        } else {
-            fprintf(stderr, "unknown option %s\n", *argv);
-            badop = 1;
-            break;
-        }
-        argc--;
-        argv++;
-    }
-    if (badop) {
- bad:
-        sv_usage();
-        goto end;
-    }
-
-    /*
-     * test_cipherlist prevails over protocol switch: we test the cipherlist
-     * for all enabled protocols.
-     */
-    if (test_cipherlist == 1) {
-        /*
-         * ensure that the cipher list are correctly sorted and exit
-         */
-        fprintf(stdout, "Testing cipherlist order only. Ignoring all "
-                "other options.\n");
-        if (do_test_cipherlist() == 0)
-            EXIT(1);
-        ret = 0;
-        goto end;
-    }
-
-    if (ssl2 + ssl3 + tls1 + tls12 + dtls1 + dtls12 > 1) {
-        fprintf(stderr, "At most one of -ssl2, -ssl3, -tls1, -tls12, -dtls1 or "
-                "-dtls12 should be requested.\n");
-        EXIT(1);
-    }
-
-    /*
-     * Testing was requested for a compiled-out protocol (e.g. SSLv2).
-     * Ideally, we would error out, but the generic test wrapper can't know
-     * when to expect failure. So we do nothing and return success.
-     */
-    if (no_protocol) {
-        fprintf(stderr, "Testing was requested for a disabled protocol. "
-                "Skipping tests.\n");
-        ret = 0;
-        goto end;
-    }
-
-    if (!ssl2 && !ssl3 && !tls1 && !tls12 && !dtls1 && !dtls12 && number > 1
-            && !reuse && !force) {
-        fprintf(stderr, "This case cannot work.  Use -f to perform "
-                "the test anyway (and\n-d to see what happens), "
-                "or add one of ssl2, -ssl3, -tls1, -tls12, -dtls1, -dtls12, -reuse\n"
-                "to avoid protocol mismatch.\n");
-        EXIT(1);
-    }
-#ifdef OPENSSL_FIPS
-    if (fips_mode) {
-        if (!FIPS_mode_set(1)) {
-            ERR_load_crypto_strings();
-            ERR_print_errors(BIO_new_fp(stderr, BIO_NOCLOSE));
-            EXIT(1);
-        } else
-            fprintf(stderr, "*** IN FIPS MODE ***\n");
-    }
-#endif
-
-    if (print_time) {
-        if (!bio_pair) {
-            fprintf(stderr, "Using BIO pair (-bio_pair)\n");
-            bio_pair = 1;
-        }
-        if (number < 50 && !force)
-            fprintf(stderr,
-                    "Warning: For accurate timings, use more connections (e.g. -num 1000)\n");
-    }
-
-/*      if (cipher == NULL) cipher=getenv("SSL_CIPHER"); */
-
-    SSL_library_init();
-    SSL_load_error_strings();
-
-#ifndef OPENSSL_NO_COMP
-    if (comp == COMP_ZLIB)
-        cm = COMP_zlib();
-    if (comp == COMP_RLE)
-        cm = COMP_rle();
-    if (cm != NULL) {
-        if (cm->type != NID_undef) {
-            if (SSL_COMP_add_compression_method(comp, cm) != 0) {
-                fprintf(stderr, "Failed to add compression method\n");
-                ERR_print_errors_fp(stderr);
-            }
-        } else {
-            fprintf(stderr,
-                    "Warning: %s compression not supported\n",
-                    (comp == COMP_RLE ? "rle" :
-                     (comp == COMP_ZLIB ? "zlib" : "unknown")));
-            ERR_print_errors_fp(stderr);
-        }
-    }
-    ssl_comp_methods = SSL_COMP_get_compression_methods();
-    fprintf(stderr, "Available compression methods:\n");
-    {
-        int j, n = sk_SSL_COMP_num(ssl_comp_methods);
-        if (n == 0)
-            fprintf(stderr, "  NONE\n");
-        else
-            for (j = 0; j < n; j++) {
-                SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j);
-                fprintf(stderr, "  %d: %s\n", c->id, c->name);
-            }
-    }
-#endif
-
-    /*
-     * At this point, ssl2/ssl3/tls1/tls12 is only set if the protocol is
-     * available. (Otherwise we exit early.) However the compiler doesn't
-     * know this, so we ifdef.
-     */
-#ifndef OPENSSL_NO_SSL2
-    if (ssl2)
-        meth = SSLv2_method();
-    else
-#endif
-#ifndef OPENSSL_NO_SSL3
-    if (ssl3)
-        meth = SSLv3_method();
-    else
-#endif
-#ifndef OPENSSL_NO_DTLS
-    if (dtls1)
-        meth = DTLSv1_method();
-    else if (dtls12)
-        meth = DTLSv1_2_method();
-    else
-#endif
-#ifndef OPENSSL_NO_TLS1
-    if (tls1)
-        meth = TLSv1_method();
-    else if (tls12)
-        meth = TLSv1_2_method();
-    else
-#endif
-        meth = SSLv23_method();
-
-    c_ctx = SSL_CTX_new(meth);
-    s_ctx = SSL_CTX_new(meth);
-    s_ctx2 = SSL_CTX_new(meth); /* no SSL_CTX_dup! */
-    if ((c_ctx == NULL) || (s_ctx == NULL) || (s_ctx2 == NULL)) {
-        ERR_print_errors(bio_err);
-        goto end;
-    }
-
-    if (cipher != NULL) {
-        SSL_CTX_set_cipher_list(c_ctx, cipher);
-        SSL_CTX_set_cipher_list(s_ctx, cipher);
-        SSL_CTX_set_cipher_list(s_ctx2, cipher);
-    }
-
-#ifndef OPENSSL_NO_DH
-    if (!no_dhe) {
-        if (dhe1024dsa) {
-            /*
-             * use SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks
-             */
-            SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
-            SSL_CTX_set_options(s_ctx2, SSL_OP_SINGLE_DH_USE);
-            dh = get_dh1024dsa();
-        } else if (dhe512)
-            dh = get_dh512();
-        else
-            dh = get_dh1024();
-        SSL_CTX_set_tmp_dh(s_ctx, dh);
-        SSL_CTX_set_tmp_dh(s_ctx2, dh);
-        DH_free(dh);
-    }
-#else
-    (void)no_dhe;
-#endif
-
-#ifndef OPENSSL_NO_ECDH
-    if (!no_ecdhe) {
-        int nid;
-
-        if (named_curve != NULL) {
-            nid = OBJ_sn2nid(named_curve);
-            if (nid == 0) {
-                BIO_printf(bio_err, "unknown curve name (%s)\n", named_curve);
-                goto end;
-            }
-        } else {
-            nid = NID_X9_62_prime256v1;
-        }
-
-        ecdh = EC_KEY_new_by_curve_name(nid);
-        if (ecdh == NULL) {
-            BIO_printf(bio_err, "unable to create curve\n");
-            goto end;
-        }
-
-        SSL_CTX_set_tmp_ecdh(s_ctx, ecdh);
-        SSL_CTX_set_tmp_ecdh(s_ctx2, ecdh);
-        SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_ECDH_USE);
-        SSL_CTX_set_options(s_ctx2, SSL_OP_SINGLE_ECDH_USE);
-        EC_KEY_free(ecdh);
-    }
-#else
-    (void)no_ecdhe;
-#endif
-
-#ifndef OPENSSL_NO_RSA
-    SSL_CTX_set_tmp_rsa_callback(s_ctx, tmp_rsa_cb);
-    SSL_CTX_set_tmp_rsa_callback(s_ctx2, tmp_rsa_cb);
-#endif
-
-#ifdef TLSEXT_TYPE_opaque_prf_input
-    SSL_CTX_set_tlsext_opaque_prf_input_callback(c_ctx, opaque_prf_input_cb);
-    SSL_CTX_set_tlsext_opaque_prf_input_callback(s_ctx, opaque_prf_input_cb);
-    SSL_CTX_set_tlsext_opaque_prf_input_callback(s_ctx2, opaque_prf_input_cb);
-    /* or &co2 or NULL */
-    SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(c_ctx, &co1);
-    /* or &so2 or NULL */
-    SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(s_ctx, &so1);
-    SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(s_ctx2, &so1);
-#endif
-
-    if (!SSL_CTX_use_certificate_file(s_ctx, server_cert, SSL_FILETYPE_PEM)) {
-        ERR_print_errors(bio_err);
-    } else if (!SSL_CTX_use_PrivateKey_file(s_ctx,
-                                            (server_key ? server_key :
-                                             server_cert),
-                                            SSL_FILETYPE_PEM)) {
-        ERR_print_errors(bio_err);
-        goto end;
-    }
-
-    if (!SSL_CTX_use_certificate_file(s_ctx2, server_cert, SSL_FILETYPE_PEM)) {
-        ERR_print_errors(bio_err);
-    } else if (!SSL_CTX_use_PrivateKey_file(s_ctx2,
-                                            (server_key ? server_key :
-                                             server_cert),
-                                            SSL_FILETYPE_PEM)) {
-        ERR_print_errors(bio_err);
-        goto end;
-    }
-
-    if (client_auth) {
-        SSL_CTX_use_certificate_file(c_ctx, client_cert, SSL_FILETYPE_PEM);
-        SSL_CTX_use_PrivateKey_file(c_ctx,
-                                    (client_key ? client_key : client_cert),
-                                    SSL_FILETYPE_PEM);
-    }
-
-    if ((!SSL_CTX_load_verify_locations(s_ctx, CAfile, CApath)) ||
-        (!SSL_CTX_set_default_verify_paths(s_ctx)) ||
-        (!SSL_CTX_load_verify_locations(s_ctx2, CAfile, CApath)) ||
-        (!SSL_CTX_set_default_verify_paths(s_ctx2)) ||
-        (!SSL_CTX_load_verify_locations(c_ctx, CAfile, CApath)) ||
-        (!SSL_CTX_set_default_verify_paths(c_ctx))) {
-        /* fprintf(stderr,"SSL_load_verify_locations\n"); */
-        ERR_print_errors(bio_err);
-        /* goto end; */
-    }
-
-    if (client_auth) {
-        BIO_printf(bio_err, "client authentication\n");
-        SSL_CTX_set_verify(s_ctx,
-                           SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
-                           verify_callback);
-        SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback,
-                                         &app_verify_arg);
-        SSL_CTX_set_verify(s_ctx2,
-                           SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
-                           verify_callback);
-        SSL_CTX_set_cert_verify_callback(s_ctx2, app_verify_callback,
-                                         &app_verify_arg);
-    }
-    if (server_auth) {
-        BIO_printf(bio_err, "server authentication\n");
-        SSL_CTX_set_verify(c_ctx, SSL_VERIFY_PEER, verify_callback);
-        SSL_CTX_set_cert_verify_callback(c_ctx, app_verify_callback,
-                                         &app_verify_arg);
-    }
-
-    {
-        int session_id_context = 0;
-        SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context,
-                                       sizeof(session_id_context));
-        SSL_CTX_set_session_id_context(s_ctx2, (void *)&session_id_context,
-                                       sizeof(session_id_context));
-    }
-
-    /* Use PSK only if PSK key is given */
-    if (psk_key != NULL) {
-        /*
-         * no_psk is used to avoid putting psk command to openssl tool
-         */
-        if (no_psk) {
-            /*
-             * if PSK is not compiled in and psk key is given, do nothing and
-             * exit successfully
-             */
-            ret = 0;
-            goto end;
-        }
-#ifndef OPENSSL_NO_PSK
-        SSL_CTX_set_psk_client_callback(c_ctx, psk_client_callback);
-        SSL_CTX_set_psk_server_callback(s_ctx, psk_server_callback);
-        SSL_CTX_set_psk_server_callback(s_ctx2, psk_server_callback);
-        if (debug)
-            BIO_printf(bio_err, "setting PSK identity hint to s_ctx\n");
-        if (!SSL_CTX_use_psk_identity_hint(s_ctx, "ctx server identity_hint")) {
-            BIO_printf(bio_err, "error setting PSK identity hint to s_ctx\n");
-            ERR_print_errors(bio_err);
-            goto end;
-        }
-        if (!SSL_CTX_use_psk_identity_hint(s_ctx2, "ctx server identity_hint")) {
-            BIO_printf(bio_err, "error setting PSK identity hint to s_ctx2\n");
-            ERR_print_errors(bio_err);
-            goto end;
-        }
-#endif
-    }
-#ifndef OPENSSL_NO_SRP
-    if (srp_client_arg.srplogin) {
-        if (!SSL_CTX_set_srp_username(c_ctx, srp_client_arg.srplogin)) {
-            BIO_printf(bio_err, "Unable to set SRP username\n");
-            goto end;
-        }
-        SSL_CTX_set_srp_cb_arg(c_ctx, &srp_client_arg);
-        SSL_CTX_set_srp_client_pwd_callback(c_ctx,
-                                            ssl_give_srp_client_pwd_cb);
-        /*
-         * SSL_CTX_set_srp_strength(c_ctx, srp_client_arg.strength);
-         */
-    }
-
-    if (srp_server_arg.expected_user != NULL) {
-        SSL_CTX_set_verify(s_ctx, SSL_VERIFY_NONE, verify_callback);
-        SSL_CTX_set_verify(s_ctx2, SSL_VERIFY_NONE, verify_callback);
-        SSL_CTX_set_srp_cb_arg(s_ctx, &srp_server_arg);
-        SSL_CTX_set_srp_cb_arg(s_ctx2, &srp_server_arg);
-        SSL_CTX_set_srp_username_callback(s_ctx, ssl_srp_server_param_cb);
-        SSL_CTX_set_srp_username_callback(s_ctx2, ssl_srp_server_param_cb);
-    }
-#endif
-
-    if (serverinfo_sct)
-        SSL_CTX_add_client_custom_ext(c_ctx, SCT_EXT_TYPE,
-                                      NULL, NULL, NULL,
-                                      serverinfo_cli_parse_cb, NULL);
-    if (serverinfo_tack)
-        SSL_CTX_add_client_custom_ext(c_ctx, TACK_EXT_TYPE,
-                                      NULL, NULL, NULL,
-                                      serverinfo_cli_parse_cb, NULL);
-
-    if (serverinfo_file) {
-        if (!SSL_CTX_use_serverinfo_file(s_ctx, serverinfo_file)) {
-            BIO_printf(bio_err, "missing serverinfo file\n");
-            goto end;
-        }
-        if (!SSL_CTX_use_serverinfo_file(s_ctx2, serverinfo_file)) {
-            BIO_printf(bio_err, "missing serverinfo file\n");
-            goto end;
-        }
-    }
-
-    if (custom_ext) {
-        SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_0,
-                                      custom_ext_0_cli_add_cb,
-                                      NULL, NULL,
-                                      custom_ext_0_cli_parse_cb, NULL);
-        SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_1,
-                                      custom_ext_1_cli_add_cb,
-                                      NULL, NULL,
-                                      custom_ext_1_cli_parse_cb, NULL);
-        SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_2,
-                                      custom_ext_2_cli_add_cb,
-                                      NULL, NULL,
-                                      custom_ext_2_cli_parse_cb, NULL);
-        SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_3,
-                                      custom_ext_3_cli_add_cb,
-                                      NULL, NULL,
-                                      custom_ext_3_cli_parse_cb, NULL);
-
-        SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_0,
-                                      custom_ext_0_srv_add_cb,
-                                      NULL, NULL,
-                                      custom_ext_0_srv_parse_cb, NULL);
-        SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_1,
-                                      custom_ext_1_srv_add_cb,
-                                      NULL, NULL,
-                                      custom_ext_1_srv_parse_cb, NULL);
-        SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_2,
-                                      custom_ext_2_srv_add_cb,
-                                      NULL, NULL,
-                                      custom_ext_2_srv_parse_cb, NULL);
-        SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_3,
-                                      custom_ext_3_srv_add_cb,
-                                      NULL, NULL,
-                                      custom_ext_3_srv_parse_cb, NULL);
-
-        SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_0,
-                                      custom_ext_0_srv_add_cb,
-                                      NULL, NULL,
-                                      custom_ext_0_srv_parse_cb, NULL);
-        SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_1,
-                                      custom_ext_1_srv_add_cb,
-                                      NULL, NULL,
-                                      custom_ext_1_srv_parse_cb, NULL);
-        SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_2,
-                                      custom_ext_2_srv_add_cb,
-                                      NULL, NULL,
-                                      custom_ext_2_srv_parse_cb, NULL);
-        SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_3,
-                                      custom_ext_3_srv_add_cb,
-                                      NULL, NULL,
-                                      custom_ext_3_srv_parse_cb, NULL);
-    }
-
-    if (alpn_server)
-        SSL_CTX_set_alpn_select_cb(s_ctx, cb_server_alpn, alpn_server);
-    if (alpn_server2)
-        SSL_CTX_set_alpn_select_cb(s_ctx2, cb_server_alpn, alpn_server2);
-
-    if (alpn_client) {
-        unsigned short alpn_len;
-        unsigned char *alpn = next_protos_parse(&alpn_len, alpn_client);
-
-        if (alpn == NULL) {
-            BIO_printf(bio_err, "Error parsing -alpn_client argument\n");
-            goto end;
-        }
-        SSL_CTX_set_alpn_protos(c_ctx, alpn, alpn_len);
-        OPENSSL_free(alpn);
-    }
-
-    if (sn_server1 || sn_server2) {
-        if (sni_in_cert_cb)
-            SSL_CTX_set_cert_cb(s_ctx, cert_cb, NULL);
-        else
-            SSL_CTX_set_tlsext_servername_callback(s_ctx, servername_cb);
-    }
-
-#ifndef OPENSSL_NO_TLSEXT
-    if (s_ticket1 == 0)
-        SSL_CTX_set_options(s_ctx, SSL_OP_NO_TICKET);
-    /* always set the callback */
-    if (s_ticket1 == 2)
-        SSL_CTX_set_tlsext_ticket_key_cb(s_ctx, cb_ticket0);
-    else
-        SSL_CTX_set_tlsext_ticket_key_cb(s_ctx, cb_ticket1);
-
-    if (!s_ticket2)
-        SSL_CTX_set_options(s_ctx2, SSL_OP_NO_TICKET);
-    /* always set the callback - this should never be called */
-    SSL_CTX_set_tlsext_ticket_key_cb(s_ctx2, cb_ticket2);
-
-    if (!c_ticket)
-        SSL_CTX_set_options(c_ctx, SSL_OP_NO_TICKET);
-#endif
-
-    if (client_sigalgs != NULL)
-        SSL_CTX_set1_sigalgs_list(c_ctx, client_sigalgs);
-
-    c_ssl = SSL_new(c_ctx);
-    s_ssl = SSL_new(s_ctx);
-
-    if (sn_client)
-        SSL_set_tlsext_host_name(c_ssl, sn_client);
-
-#ifndef OPENSSL_NO_KRB5
-    if (c_ssl && c_ssl->kssl_ctx) {
-        char localhost[MAXHOSTNAMELEN + 2];
-
-        if (gethostname(localhost, sizeof(localhost) - 1) == 0) {
-            localhost[sizeof(localhost) - 1] = '\0';
-            if (strlen(localhost) == sizeof(localhost) - 1) {
-                BIO_printf(bio_err, "localhost name too long\n");
-                goto end;
-            }
-            kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER, localhost);
-        }
-    }
-#endif                          /* OPENSSL_NO_KRB5 */
-
-    for (i = 0; i < number; i++) {
-        if (!reuse)
-            SSL_set_session(c_ssl, NULL);
-        if (bio_pair)
-            ret = doit_biopair(s_ssl, c_ssl, bytes, &s_time, &c_time);
-        else
-            ret = doit(s_ssl, c_ssl, bytes);
-    }
-
-    if (!verbose) {
-        print_details(c_ssl, "");
-    }
-    if ((number > 1) || (bytes > 1L))
-        BIO_printf(bio_stdout, "%d handshakes of %ld bytes done\n", number,
-                   bytes);
-    if (print_time) {
-#ifdef CLOCKS_PER_SEC
-        /*
-         * "To determine the time in seconds, the value returned by the clock
-         * function should be divided by the value of the macro
-         * CLOCKS_PER_SEC." -- ISO/IEC 9899
-         */
-        BIO_printf(bio_stdout, "Approximate total server time: %6.2f s\n"
-                   "Approximate total client time: %6.2f s\n",
-                   (double)s_time / CLOCKS_PER_SEC,
-                   (double)c_time / CLOCKS_PER_SEC);
-#else
-        /*
-         * "`CLOCKS_PER_SEC' undeclared (first use this function)" -- cc on
-         * NeXTstep/OpenStep
-         */
-        BIO_printf(bio_stdout,
-                   "Approximate total server time: %6.2f units\n"
-                   "Approximate total client time: %6.2f units\n",
-                   (double)s_time, (double)c_time);
-#endif
-    }
-
-    if (verify_alpn(c_ssl, s_ssl) < 0)
-        ret = 1;
-    if (verify_servername(c_ssl, s_ssl) < 0)
-        ret = 1;
-    if (verify_ticket(c_ssl) < 0)
-        ret = 1;
-    if (verify_server_digest(c_ssl) < 0)
-        ret = 1;
-
-    SSL_free(s_ssl);
-    SSL_free(c_ssl);
-
- end:
-    if (s_ctx != NULL)
-        SSL_CTX_free(s_ctx);
-    if (s_ctx2 != NULL)
-        SSL_CTX_free(s_ctx2);
-    if (c_ctx != NULL)
-        SSL_CTX_free(c_ctx);
-
-    if (bio_stdout != NULL)
-        BIO_free(bio_stdout);
-
-#ifndef OPENSSL_NO_RSA
-    free_tmp_rsa();
-#endif
-#ifndef OPENSSL_NO_ENGINE
-    ENGINE_cleanup();
-#endif
-    CRYPTO_cleanup_all_ex_data();
-    ERR_free_strings();
-    ERR_remove_thread_state(NULL);
-    EVP_cleanup();
-    CRYPTO_mem_leaks(bio_err);
-    if (bio_err != NULL)
-        BIO_free(bio_err);
-    EXIT(ret);
-    return ret;
-}
-
-int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
-                 clock_t *s_time, clock_t *c_time)
-{
-    long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
-    BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
-    BIO *server = NULL, *server_io = NULL, *client = NULL, *client_io = NULL;
-    int ret = 1;
-
-    size_t bufsiz = 256;        /* small buffer for testing */
-
-    if (!BIO_new_bio_pair(&server, bufsiz, &server_io, bufsiz))
-        goto err;
-    if (!BIO_new_bio_pair(&client, bufsiz, &client_io, bufsiz))
-        goto err;
-
-    s_ssl_bio = BIO_new(BIO_f_ssl());
-    if (!s_ssl_bio)
-        goto err;
-
-    c_ssl_bio = BIO_new(BIO_f_ssl());
-    if (!c_ssl_bio)
-        goto err;
-
-    SSL_set_connect_state(c_ssl);
-    SSL_set_bio(c_ssl, client, client);
-    (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
-
-    SSL_set_accept_state(s_ssl);
-    SSL_set_bio(s_ssl, server, server);
-    (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
-
-    do {
-        /*-
-         * c_ssl_bio:          SSL filter BIO
-         *
-         * client:             pseudo-I/O for SSL library
-         *
-         * client_io:          client's SSL communication; usually to be
-         *                     relayed over some I/O facility, but in this
-         *                     test program, we're the server, too:
-         *
-         * server_io:          server's SSL communication
-         *
-         * server:             pseudo-I/O for SSL library
-         *
-         * s_ssl_bio:          SSL filter BIO
-         *
-         * The client and the server each employ a "BIO pair":
-         * client + client_io, server + server_io.
-         * BIO pairs are symmetric.  A BIO pair behaves similar
-         * to a non-blocking socketpair (but both endpoints must
-         * be handled by the same thread).
-         * [Here we could connect client and server to the ends
-         * of a single BIO pair, but then this code would be less
-         * suitable as an example for BIO pairs in general.]
-         *
-         * Useful functions for querying the state of BIO pair endpoints:
-         *
-         * BIO_ctrl_pending(bio)              number of bytes we can read now
-         * BIO_ctrl_get_read_request(bio)     number of bytes needed to fulfil
-         *                                      other side's read attempt
-         * BIO_ctrl_get_write_guarantee(bio)   number of bytes we can write now
-         *
-         * ..._read_request is never more than ..._write_guarantee;
-         * it depends on the application which one you should use.
-         */
-
-        /*
-         * We have non-blocking behaviour throughout this test program, but
-         * can be sure that there is *some* progress in each iteration; so we
-         * don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE --
-         * we just try everything in each iteration
-         */
-
-        {
-            /* CLIENT */
-
-            MS_STATIC char cbuf[1024 * 8];
-            int i, r;
-            clock_t c_clock = clock();
-
-            memset(cbuf, 0, sizeof(cbuf));
-
-            if (debug)
-                if (SSL_in_init(c_ssl))
-                    printf("client waiting in SSL_connect - %s\n",
-                           SSL_state_string_long(c_ssl));
-
-            if (cw_num > 0) {
-                /* Write to server. */
-
-                if (cw_num > (long)sizeof(cbuf))
-                    i = sizeof(cbuf);
-                else
-                    i = (int)cw_num;
-                r = BIO_write(c_ssl_bio, cbuf, i);
-                if (r < 0) {
-                    if (!BIO_should_retry(c_ssl_bio)) {
-                        fprintf(stderr, "ERROR in CLIENT\n");
-                        goto err;
-                    }
-                    /*
-                     * BIO_should_retry(...) can just be ignored here. The
-                     * library expects us to call BIO_write with the same
-                     * arguments again, and that's what we will do in the
-                     * next iteration.
-                     */
-                } else if (r == 0) {
-                    fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
-                    goto err;
-                } else {
-                    if (debug)
-                        printf("client wrote %d\n", r);
-                    cw_num -= r;
-                }
-            }
-
-            if (cr_num > 0) {
-                /* Read from server. */
-
-                r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
-                if (r < 0) {
-                    if (!BIO_should_retry(c_ssl_bio)) {
-                        fprintf(stderr, "ERROR in CLIENT\n");
-                        goto err;
-                    }
-                    /*
-                     * Again, "BIO_should_retry" can be ignored.
-                     */
-                } else if (r == 0) {
-                    fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
-                    goto err;
-                } else {
-                    if (debug)
-                        printf("client read %d\n", r);
-                    cr_num -= r;
-                }
-            }
-
-            /*
-             * c_time and s_time increments will typically be very small
-             * (depending on machine speed and clock tick intervals), but
-             * sampling over a large number of connections should result in
-             * fairly accurate figures.  We cannot guarantee a lot, however
-             * -- if each connection lasts for exactly one clock tick, it
-             * will be counted only for the client or only for the server or
-             * even not at all.
-             */
-            *c_time += (clock() - c_clock);
-        }
-
-        {
-            /* SERVER */
-
-            MS_STATIC char sbuf[1024 * 8];
-            int i, r;
-            clock_t s_clock = clock();
-
-            memset(sbuf, 0, sizeof(sbuf));
-
-            if (debug)
-                if (SSL_in_init(s_ssl))
-                    printf("server waiting in SSL_accept - %s\n",
-                           SSL_state_string_long(s_ssl));
-
-            if (sw_num > 0) {
-                /* Write to client. */
-
-                if (sw_num > (long)sizeof(sbuf))
-                    i = sizeof(sbuf);
-                else
-                    i = (int)sw_num;
-                r = BIO_write(s_ssl_bio, sbuf, i);
-                if (r < 0) {
-                    if (!BIO_should_retry(s_ssl_bio)) {
-                        fprintf(stderr, "ERROR in SERVER\n");
-                        goto err;
-                    }
-                    /* Ignore "BIO_should_retry". */
-                } else if (r == 0) {
-                    fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
-                    goto err;
-                } else {
-                    if (debug)
-                        printf("server wrote %d\n", r);
-                    sw_num -= r;
-                }
-            }
-
-            if (sr_num > 0) {
-                /* Read from client. */
-
-                r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
-                if (r < 0) {
-                    if (!BIO_should_retry(s_ssl_bio)) {
-                        fprintf(stderr, "ERROR in SERVER\n");
-                        goto err;
-                    }
-                    /* blah, blah */
-                } else if (r == 0) {
-                    fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
-                    goto err;
-                } else {
-                    if (debug)
-                        printf("server read %d\n", r);
-                    sr_num -= r;
-                }
-            }
-
-            *s_time += (clock() - s_clock);
-        }
-
-        {
-            /* "I/O" BETWEEN CLIENT AND SERVER. */
-
-            size_t r1, r2;
-            BIO *io1 = server_io, *io2 = client_io;
-            /*
-             * we use the non-copying interface for io1 and the standard
-             * BIO_write/BIO_read interface for io2
-             */
-
-            static int prev_progress = 1;
-            int progress = 0;
-
-            /* io1 to io2 */
-            do {
-                size_t num;
-                int r;
-
-                r1 = BIO_ctrl_pending(io1);
-                r2 = BIO_ctrl_get_write_guarantee(io2);
-
-                num = r1;
-                if (r2 < num)
-                    num = r2;
-                if (num) {
-                    char *dataptr;
-
-                    if (INT_MAX < num) /* yeah, right */
-                        num = INT_MAX;
-
-                    r = BIO_nread(io1, &dataptr, (int)num);
-                    assert(r > 0);
-                    assert(r <= (int)num);
-                    /*
-                     * possibly r < num (non-contiguous data)
-                     */
-                    num = r;
-                    r = BIO_write(io2, dataptr, (int)num);
-                    if (r != (int)num) { /* can't happen */
-                        fprintf(stderr, "ERROR: BIO_write could not write "
-                                "BIO_ctrl_get_write_guarantee() bytes");
-                        goto err;
-                    }
-                    progress = 1;
-
-                    if (debug)
-                        printf((io1 == client_io) ?
-                               "C->S relaying: %d bytes\n" :
-                               "S->C relaying: %d bytes\n", (int)num);
-                }
-            }
-            while (r1 && r2);
-
-            /* io2 to io1 */
-            {
-                size_t num;
-                int r;
-
-                r1 = BIO_ctrl_pending(io2);
-                r2 = BIO_ctrl_get_read_request(io1);
-                /*
-                 * here we could use ..._get_write_guarantee instead of
-                 * ..._get_read_request, but by using the latter we test
-                 * restartability of the SSL implementation more thoroughly
-                 */
-                num = r1;
-                if (r2 < num)
-                    num = r2;
-                if (num) {
-                    char *dataptr;
-
-                    if (INT_MAX < num)
-                        num = INT_MAX;
-
-                    if (num > 1)
-                        --num;  /* test restartability even more thoroughly */
-
-                    r = BIO_nwrite0(io1, &dataptr);
-                    assert(r > 0);
-                    if (r < (int)num)
-                        num = r;
-                    r = BIO_read(io2, dataptr, (int)num);
-                    if (r != (int)num) { /* can't happen */
-                        fprintf(stderr, "ERROR: BIO_read could not read "
-                                "BIO_ctrl_pending() bytes");
-                        goto err;
-                    }
-                    progress = 1;
-                    r = BIO_nwrite(io1, &dataptr, (int)num);
-                    if (r != (int)num) { /* can't happen */
-                        fprintf(stderr, "ERROR: BIO_nwrite() did not accept "
-                                "BIO_nwrite0() bytes");
-                        goto err;
-                    }
-
-                    if (debug)
-                        printf((io2 == client_io) ?
-                               "C->S relaying: %d bytes\n" :
-                               "S->C relaying: %d bytes\n", (int)num);
-                }
-            }                   /* no loop, BIO_ctrl_get_read_request now
-                                 * returns 0 anyway */
-
-            if (!progress && !prev_progress)
-                if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0) {
-                    fprintf(stderr, "ERROR: got stuck\n");
-                    if (strcmp("SSLv2", SSL_get_version(c_ssl)) == 0) {
-                        fprintf(stderr, "This can happen for SSL2 because "
-                                "CLIENT-FINISHED and SERVER-VERIFY are written \n"
-                                "concurrently ...");
-                        if (strncmp("2SCF", SSL_state_string(c_ssl), 4) == 0
-                            && strncmp("2SSV", SSL_state_string(s_ssl),
-                                       4) == 0) {
-                            fprintf(stderr, " ok.\n");
-                            goto end;
-                        }
-                    }
-                    fprintf(stderr, " ERROR.\n");
-                    goto err;
-                }
-            prev_progress = progress;
-        }
-    }
-    while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
-
-    if (verbose)
-        print_details(c_ssl, "DONE via BIO pair: ");
-
-    if (verify_serverinfo() < 0) {
-        ret = 1;
-        goto err;
-    }
-
-    if (custom_ext_error) {
-        ret = 1;
-        goto err;
-    }
-
- end:
-    ret = 0;
-
- err:
-    ERR_print_errors(bio_err);
-
-    if (server)
-        BIO_free(server);
-    if (server_io)
-        BIO_free(server_io);
-    if (client)
-        BIO_free(client);
-    if (client_io)
-        BIO_free(client_io);
-    if (s_ssl_bio)
-        BIO_free(s_ssl_bio);
-    if (c_ssl_bio)
-        BIO_free(c_ssl_bio);
-
-    return ret;
-}
-
-#define W_READ  1
-#define W_WRITE 2
-#define C_DONE  1
-#define S_DONE  2
-
-int doit(SSL *s_ssl, SSL *c_ssl, long count)
-{
-    char *cbuf = NULL, *sbuf = NULL;
-    long bufsiz;
-    long cw_num = count, cr_num = count;
-    long sw_num = count, sr_num = count;
-    int ret = 1;
-    BIO *c_to_s = NULL;
-    BIO *s_to_c = NULL;
-    BIO *c_bio = NULL;
-    BIO *s_bio = NULL;
-    int c_r, c_w, s_r, s_w;
-    int i, j;
-    int done = 0;
-    int c_write, s_write;
-    int do_server = 0, do_client = 0;
-    int max_frag = 5 * 1024;
-
-    bufsiz = count > 40 * 1024 ? 40 * 1024 : count;
-
-    if ((cbuf = OPENSSL_malloc(bufsiz)) == NULL)
-        goto err;
-    if ((sbuf = OPENSSL_malloc(bufsiz)) == NULL)
-        goto err;
-
-    memset(cbuf, 0, bufsiz);
-    memset(sbuf, 0, bufsiz);
-
-    c_to_s = BIO_new(BIO_s_mem());
-    s_to_c = BIO_new(BIO_s_mem());
-    if ((s_to_c == NULL) || (c_to_s == NULL)) {
-        ERR_print_errors(bio_err);
-        goto err;
-    }
-
-    c_bio = BIO_new(BIO_f_ssl());
-    s_bio = BIO_new(BIO_f_ssl());
-    if ((c_bio == NULL) || (s_bio == NULL)) {
-        ERR_print_errors(bio_err);
-        goto err;
-    }
-
-    SSL_set_connect_state(c_ssl);
-    SSL_set_bio(c_ssl, s_to_c, c_to_s);
-    SSL_set_max_send_fragment(c_ssl, max_frag);
-    BIO_set_ssl(c_bio, c_ssl, BIO_NOCLOSE);
-
-    SSL_set_accept_state(s_ssl);
-    SSL_set_bio(s_ssl, c_to_s, s_to_c);
-    SSL_set_max_send_fragment(s_ssl, max_frag);
-    BIO_set_ssl(s_bio, s_ssl, BIO_NOCLOSE);
-
-    c_r = 0;
-    s_r = 1;
-    c_w = 1;
-    s_w = 0;
-    c_write = 1, s_write = 0;
-
-    /* We can always do writes */
-    for (;;) {
-        do_server = 0;
-        do_client = 0;
-
-        i = (int)BIO_pending(s_bio);
-        if ((i && s_r) || s_w)
-            do_server = 1;
-
-        i = (int)BIO_pending(c_bio);
-        if ((i && c_r) || c_w)
-            do_client = 1;
-
-        if (do_server && debug) {
-            if (SSL_in_init(s_ssl))
-                printf("server waiting in SSL_accept - %s\n",
-                       SSL_state_string_long(s_ssl));
-/*-
-            else if (s_write)
-                printf("server:SSL_write()\n");
-            else
-                printf("server:SSL_read()\n"); */
-        }
-
-        if (do_client && debug) {
-            if (SSL_in_init(c_ssl))
-                printf("client waiting in SSL_connect - %s\n",
-                       SSL_state_string_long(c_ssl));
-/*-
-            else if (c_write)
-                printf("client:SSL_write()\n");
-            else
-                printf("client:SSL_read()\n"); */
-        }
-
-        if (!do_client && !do_server) {
-            fprintf(stdout, "ERROR IN STARTUP\n");
-            ERR_print_errors(bio_err);
-            goto err;
-        }
-        if (do_client && !(done & C_DONE)) {
-            if (c_write) {
-                j = (cw_num > bufsiz) ? (int)bufsiz : (int)cw_num;
-                i = BIO_write(c_bio, cbuf, j);
-                if (i < 0) {
-                    c_r = 0;
-                    c_w = 0;
-                    if (BIO_should_retry(c_bio)) {
-                        if (BIO_should_read(c_bio))
-                            c_r = 1;
-                        if (BIO_should_write(c_bio))
-                            c_w = 1;
-                    } else {
-                        fprintf(stderr, "ERROR in CLIENT\n");
-                        ERR_print_errors(bio_err);
-                        goto err;
-                    }
-                } else if (i == 0) {
-                    fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
-                    goto err;
-                } else {
-                    if (debug)
-                        printf("client wrote %d\n", i);
-                    /* ok */
-                    s_r = 1;
-                    c_write = 0;
-                    cw_num -= i;
-                    if (max_frag > 1029)
-                        SSL_set_max_send_fragment(c_ssl, max_frag -= 5);
-                }
-            } else {
-                i = BIO_read(c_bio, cbuf, bufsiz);
-                if (i < 0) {
-                    c_r = 0;
-                    c_w = 0;
-                    if (BIO_should_retry(c_bio)) {
-                        if (BIO_should_read(c_bio))
-                            c_r = 1;
-                        if (BIO_should_write(c_bio))
-                            c_w = 1;
-                    } else {
-                        fprintf(stderr, "ERROR in CLIENT\n");
-                        ERR_print_errors(bio_err);
-                        goto err;
-                    }
-                } else if (i == 0) {
-                    fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
-                    goto err;
-                } else {
-                    if (debug)
-                        printf("client read %d\n", i);
-                    cr_num -= i;
-                    if (sw_num > 0) {
-                        s_write = 1;
-                        s_w = 1;
-                    }
-                    if (cr_num <= 0) {
-                        s_write = 1;
-                        s_w = 1;
-                        done = S_DONE | C_DONE;
-                    }
-                }
-            }
-        }
-
-        if (do_server && !(done & S_DONE)) {
-            if (!s_write) {
-                i = BIO_read(s_bio, sbuf, bufsiz);
-                if (i < 0) {
-                    s_r = 0;
-                    s_w = 0;
-                    if (BIO_should_retry(s_bio)) {
-                        if (BIO_should_read(s_bio))
-                            s_r = 1;
-                        if (BIO_should_write(s_bio))
-                            s_w = 1;
-                    } else {
-                        fprintf(stderr, "ERROR in SERVER\n");
-                        ERR_print_errors(bio_err);
-                        goto err;
-                    }
-                } else if (i == 0) {
-                    ERR_print_errors(bio_err);
-                    fprintf(stderr,
-                            "SSL SERVER STARTUP FAILED in SSL_read\n");
-                    goto err;
-                } else {
-                    if (debug)
-                        printf("server read %d\n", i);
-                    sr_num -= i;
-                    if (cw_num > 0) {
-                        c_write = 1;
-                        c_w = 1;
-                    }
-                    if (sr_num <= 0) {
-                        s_write = 1;
-                        s_w = 1;
-                        c_write = 0;
-                    }
-                }
-            } else {
-                j = (sw_num > bufsiz) ? (int)bufsiz : (int)sw_num;
-                i = BIO_write(s_bio, sbuf, j);
-                if (i < 0) {
-                    s_r = 0;
-                    s_w = 0;
-                    if (BIO_should_retry(s_bio)) {
-                        if (BIO_should_read(s_bio))
-                            s_r = 1;
-                        if (BIO_should_write(s_bio))
-                            s_w = 1;
-                    } else {
-                        fprintf(stderr, "ERROR in SERVER\n");
-                        ERR_print_errors(bio_err);
-                        goto err;
-                    }
-                } else if (i == 0) {
-                    ERR_print_errors(bio_err);
-                    fprintf(stderr,
-                            "SSL SERVER STARTUP FAILED in SSL_write\n");
-                    goto err;
-                } else {
-                    if (debug)
-                        printf("server wrote %d\n", i);
-                    sw_num -= i;
-                    s_write = 0;
-                    c_r = 1;
-                    if (sw_num <= 0)
-                        done |= S_DONE;
-                    if (max_frag > 1029)
-                        SSL_set_max_send_fragment(s_ssl, max_frag -= 5);
-                }
-            }
-        }
-
-        if ((done & S_DONE) && (done & C_DONE))
-            break;
-    }
-
-    if (verbose)
-        print_details(c_ssl, "DONE: ");
-    if (verify_serverinfo() < 0) {
-        ret = 1;
-        goto err;
-    }
-    if (custom_ext_error) {
-        ret = 1;
-        goto err;
-    }
-    ret = 0;
- err:
-    /*
-     * We have to set the BIO's to NULL otherwise they will be
-     * OPENSSL_free()ed twice.  Once when th s_ssl is SSL_free()ed and again
-     * when c_ssl is SSL_free()ed. This is a hack required because s_ssl and
-     * c_ssl are sharing the same BIO structure and SSL_set_bio() and
-     * SSL_free() automatically BIO_free non NULL entries. You should not
-     * normally do this or be required to do this
-     */
-    if (s_ssl != NULL) {
-        s_ssl->rbio = NULL;
-        s_ssl->wbio = NULL;
-    }
-    if (c_ssl != NULL) {
-        c_ssl->rbio = NULL;
-        c_ssl->wbio = NULL;
-    }
-
-    if (c_to_s != NULL)
-        BIO_free(c_to_s);
-    if (s_to_c != NULL)
-        BIO_free(s_to_c);
-    if (c_bio != NULL)
-        BIO_free_all(c_bio);
-    if (s_bio != NULL)
-        BIO_free_all(s_bio);
-
-    if (cbuf)
-        OPENSSL_free(cbuf);
-    if (sbuf)
-        OPENSSL_free(sbuf);
-
-    return (ret);
-}
-
-static int get_proxy_auth_ex_data_idx(void)
-{
-    static volatile int idx = -1;
-    if (idx < 0) {
-        CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
-        if (idx < 0) {
-            idx = X509_STORE_CTX_get_ex_new_index(0,
-                                                  "SSLtest for verify callback",
-                                                  NULL, NULL, NULL);
-        }
-        CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
-    }
-    return idx;
-}
-
-static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
-{
-    char *s, buf[256];
-
-    s = X509_NAME_oneline(X509_get_subject_name(ctx->current_cert), buf,
-                          sizeof(buf));
-    if (s != NULL) {
-        if (ok)
-            fprintf(stderr, "depth=%d %s\n", ctx->error_depth, buf);
-        else {
-            fprintf(stderr, "depth=%d error=%d %s\n",
-                    ctx->error_depth, ctx->error, buf);
-        }
-    }
-
-    if (ok == 0) {
-        fprintf(stderr, "Error string: %s\n",
-                X509_verify_cert_error_string(ctx->error));
-        switch (ctx->error) {
-        case X509_V_ERR_CERT_NOT_YET_VALID:
-        case X509_V_ERR_CERT_HAS_EXPIRED:
-        case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
-            fprintf(stderr, "  ... ignored.\n");
-            ok = 1;
-        }
-    }
-
-    if (ok == 1) {
-        X509 *xs = ctx->current_cert;
-#if 0
-        X509 *xi = ctx->current_issuer;
-#endif
-
-        if (xs->ex_flags & EXFLAG_PROXY) {
-            unsigned int *letters = X509_STORE_CTX_get_ex_data(ctx,
-                                                               get_proxy_auth_ex_data_idx
-                                                               ());
-
-            if (letters) {
-                int found_any = 0;
-                int i;
-                PROXY_CERT_INFO_EXTENSION *pci =
-                    X509_get_ext_d2i(xs, NID_proxyCertInfo,
-                                     NULL, NULL);
-
-                switch (OBJ_obj2nid(pci->proxyPolicy->policyLanguage)) {
-                case NID_Independent:
-                    /*
-                     * Completely meaningless in this program, as there's no
-                     * way to grant explicit rights to a specific PrC.
-                     * Basically, using id-ppl-Independent is the perfect way
-                     * to grant no rights at all.
-                     */
-                    fprintf(stderr, "  Independent proxy certificate");
-                    for (i = 0; i < 26; i++)
-                        letters[i] = 0;
-                    break;
-                case NID_id_ppl_inheritAll:
-                    /*
-                     * This is basically a NOP, we simply let the current
-                     * rights stand as they are.
-                     */
-                    fprintf(stderr, "  Proxy certificate inherits all");
-                    break;
-                default:
-                    s = (char *)
-                        pci->proxyPolicy->policy->data;
-                    i = pci->proxyPolicy->policy->length;
-
-                    /*
-                     * The algorithm works as follows: it is assumed that
-                     * previous iterations or the initial granted rights has
-                     * already set some elements of `letters'.  What we need
-                     * to do is to clear those that weren't granted by the
-                     * current PrC as well.  The easiest way to do this is to
-                     * add 1 to all the elements whose letters are given with
-                     * the current policy. That way, all elements that are
-                     * set by the current policy and were already set by
-                     * earlier policies and through the original grant of
-                     * rights will get the value 2 or higher. The last thing
-                     * to do is to sweep through `letters' and keep the
-                     * elements having the value 2 as set, and clear all the
-                     * others.
-                     */
-
-                    fprintf(stderr, "  Certificate proxy rights = %*.*s", i,
-                            i, s);
-                    while (i-- > 0) {
-                        int c = *s++;
-                        if (isascii(c) && isalpha(c)) {
-                            if (islower(c))
-                                c = toupper(c);
-                            letters[c - 'A']++;
-                        }
-                    }
-                    for (i = 0; i < 26; i++)
-                        if (letters[i] < 2)
-                            letters[i] = 0;
-                        else
-                            letters[i] = 1;
-                }
-
-                found_any = 0;
-                fprintf(stderr, ", resulting proxy rights = ");
-                for (i = 0; i < 26; i++)
-                    if (letters[i]) {
-                        fprintf(stderr, "%c", i + 'A');
-                        found_any = 1;
-                    }
-                if (!found_any)
-                    fprintf(stderr, "none");
-                fprintf(stderr, "\n");
-
-                PROXY_CERT_INFO_EXTENSION_free(pci);
-            }
-        }
-    }
-
-    return (ok);
-}
-
-static void process_proxy_debug(int indent, const char *format, ...)
-{
-    /* That's 80 > */
-    static const char indentation[] =
-        ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"
-        ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>";
-    char my_format[256];
-    va_list args;
-
-    BIO_snprintf(my_format, sizeof(my_format), "%*.*s %s",
-                 indent, indent, indentation, format);
-
-    va_start(args, format);
-    vfprintf(stderr, my_format, args);
-    va_end(args);
-}
-
-/*-
- * Priority levels:
- *  0   [!]var, ()
- *  1   & ^
- *  2   |
- */
-static int process_proxy_cond_adders(unsigned int letters[26],
-                                     const char *cond, const char **cond_end,
-                                     int *pos, int indent);
-static int process_proxy_cond_val(unsigned int letters[26], const char *cond,
-                                  const char **cond_end, int *pos, int indent)
-{
-    int c;
-    int ok = 1;
-    int negate = 0;
-
-    while (isspace((int)*cond)) {
-        cond++;
-        (*pos)++;
-    }
-    c = *cond;
-
-    if (debug)
-        process_proxy_debug(indent,
-                            "Start process_proxy_cond_val at position %d: %s\n",
-                            *pos, cond);
-
-    while (c == '!') {
-        negate = !negate;
-        cond++;
-        (*pos)++;
-        while (isspace((int)*cond)) {
-            cond++;
-            (*pos)++;
-        }
-        c = *cond;
-    }
-
-    if (c == '(') {
-        cond++;
-        (*pos)++;
-        ok = process_proxy_cond_adders(letters, cond, cond_end, pos,
-                                       indent + 1);
-        cond = *cond_end;
-        if (ok < 0)
-            goto end;
-        while (isspace((int)*cond)) {
-            cond++;
-            (*pos)++;
-        }
-        c = *cond;
-        if (c != ')') {
-            fprintf(stderr,
-                    "Weird condition character in position %d: "
-                    "%c\n", *pos, c);
-            ok = -1;
-            goto end;
-        }
-        cond++;
-        (*pos)++;
-    } else if (isascii(c) && isalpha(c)) {
-        if (islower(c))
-            c = toupper(c);
-        ok = letters[c - 'A'];
-        cond++;
-        (*pos)++;
-    } else {
-        fprintf(stderr,
-                "Weird condition character in position %d: " "%c\n", *pos, c);
-        ok = -1;
-        goto end;
-    }
- end:
-    *cond_end = cond;
-    if (ok >= 0 && negate)
-        ok = !ok;
-
-    if (debug)
-        process_proxy_debug(indent,
-                            "End process_proxy_cond_val at position %d: %s, returning %d\n",
-                            *pos, cond, ok);
-
-    return ok;
-}
-
-static int process_proxy_cond_multipliers(unsigned int letters[26],
-                                          const char *cond,
-                                          const char **cond_end, int *pos,
-                                          int indent)
-{
-    int ok;
-    char c;
-
-    if (debug)
-        process_proxy_debug(indent,
-                            "Start process_proxy_cond_multipliers at position %d: %s\n",
-                            *pos, cond);
-
-    ok = process_proxy_cond_val(letters, cond, cond_end, pos, indent + 1);
-    cond = *cond_end;
-    if (ok < 0)
-        goto end;
-
-    while (ok >= 0) {
-        while (isspace((int)*cond)) {
-            cond++;
-            (*pos)++;
-        }
-        c = *cond;
-
-        switch (c) {
-        case '&':
-        case '^':
-            {
-                int save_ok = ok;
-
-                cond++;
-                (*pos)++;
-                ok = process_proxy_cond_val(letters,
-                                            cond, cond_end, pos, indent + 1);
-                cond = *cond_end;
-                if (ok < 0)
-                    break;
-
-                switch (c) {
-                case '&':
-                    ok &= save_ok;
-                    break;
-                case '^':
-                    ok ^= save_ok;
-                    break;
-                default:
-                    fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!"
-                            " STOPPING\n");
-                    EXIT(1);
-                }
-            }
-            break;
-        default:
-            goto end;
-        }
-    }
- end:
-    if (debug)
-        process_proxy_debug(indent,
-                            "End process_proxy_cond_multipliers at position %d: %s, returning %d\n",
-                            *pos, cond, ok);
-
-    *cond_end = cond;
-    return ok;
-}
-
-static int process_proxy_cond_adders(unsigned int letters[26],
-                                     const char *cond, const char **cond_end,
-                                     int *pos, int indent)
-{
-    int ok;
-    char c;
-
-    if (debug)
-        process_proxy_debug(indent,
-                            "Start process_proxy_cond_adders at position %d: %s\n",
-                            *pos, cond);
-
-    ok = process_proxy_cond_multipliers(letters, cond, cond_end, pos,
-                                        indent + 1);
-    cond = *cond_end;
-    if (ok < 0)
-        goto end;
-
-    while (ok >= 0) {
-        while (isspace((int)*cond)) {
-            cond++;
-            (*pos)++;
-        }
-        c = *cond;
-
-        switch (c) {
-        case '|':
-            {
-                int save_ok = ok;
-
-                cond++;
-                (*pos)++;
-                ok = process_proxy_cond_multipliers(letters,
-                                                    cond, cond_end, pos,
-                                                    indent + 1);
-                cond = *cond_end;
-                if (ok < 0)
-                    break;
-
-                switch (c) {
-                case '|':
-                    ok |= save_ok;
-                    break;
-                default:
-                    fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!"
-                            " STOPPING\n");
-                    EXIT(1);
-                }
-            }
-            break;
-        default:
-            goto end;
-        }
-    }
- end:
-    if (debug)
-        process_proxy_debug(indent,
-                            "End process_proxy_cond_adders at position %d: %s, returning %d\n",
-                            *pos, cond, ok);
-
-    *cond_end = cond;
-    return ok;
-}
-
-static int process_proxy_cond(unsigned int letters[26],
-                              const char *cond, const char **cond_end)
-{
-    int pos = 1;
-    return process_proxy_cond_adders(letters, cond, cond_end, &pos, 1);
-}
-
-static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg)
-{
-    int ok = 1;
-    struct app_verify_arg *cb_arg = arg;
-    unsigned int letters[26];   /* only used with proxy_auth */
-
-    if (cb_arg->app_verify) {
-        char *s = NULL, buf[256];
-
-        fprintf(stderr, "In app_verify_callback, allowing cert. ");
-        fprintf(stderr, "Arg is: %s\n", cb_arg->string);
-        fprintf(stderr,
-                "Finished printing do we have a context? 0x%p a cert? 0x%p\n",
-                (void *)ctx, (void *)ctx->cert);
-        if (ctx->cert)
-            s = X509_NAME_oneline(X509_get_subject_name(ctx->cert), buf, 256);
-        if (s != NULL) {
-            fprintf(stderr, "cert depth=%d %s\n", ctx->error_depth, buf);
-        }
-        return (1);
-    }
-    if (cb_arg->proxy_auth) {
-        int found_any = 0, i;
-        char *sp;
-
-        for (i = 0; i < 26; i++)
-            letters[i] = 0;
-        for (sp = cb_arg->proxy_auth; *sp; sp++) {
-            int c = *sp;
-            if (isascii(c) && isalpha(c)) {
-                if (islower(c))
-                    c = toupper(c);
-                letters[c - 'A'] = 1;
-            }
-        }
-
-        fprintf(stderr, "  Initial proxy rights = ");
-        for (i = 0; i < 26; i++)
-            if (letters[i]) {
-                fprintf(stderr, "%c", i + 'A');
-                found_any = 1;
-            }
-        if (!found_any)
-            fprintf(stderr, "none");
-        fprintf(stderr, "\n");
-
-        X509_STORE_CTX_set_ex_data(ctx,
-                                   get_proxy_auth_ex_data_idx(), letters);
-    }
-    if (cb_arg->allow_proxy_certs) {
-        X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS);
-    }
-#ifndef OPENSSL_NO_X509_VERIFY
-    ok = X509_verify_cert(ctx);
-#endif
-
-    if (cb_arg->proxy_auth) {
-        if (ok > 0) {
-            const char *cond_end = NULL;
-
-            ok = process_proxy_cond(letters, cb_arg->proxy_cond, &cond_end);
-
-            if (ok < 0)
-                EXIT(3);
-            if (*cond_end) {
-                fprintf(stderr,
-                        "Stopped processing condition before it's end.\n");
-                ok = 0;
-            }
-            if (!ok)
-                fprintf(stderr,
-                        "Proxy rights check with condition '%s' proved invalid\n",
-                        cb_arg->proxy_cond);
-            else
-                fprintf(stderr,
-                        "Proxy rights check with condition '%s' proved valid\n",
-                        cb_arg->proxy_cond);
-        }
-    }
-    return (ok);
-}
-
-#ifndef OPENSSL_NO_RSA
-static RSA *rsa_tmp = NULL;
-
-static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
-{
-    BIGNUM *bn = NULL;
-    if (rsa_tmp == NULL) {
-        bn = BN_new();
-        rsa_tmp = RSA_new();
-        if (!bn || !rsa_tmp || !BN_set_word(bn, RSA_F4)) {
-            BIO_printf(bio_err, "Memory error...");
-            goto end;
-        }
-        BIO_printf(bio_err, "Generating temp (%d bit) RSA key...", keylength);
-        (void)BIO_flush(bio_err);
-        if (!RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL)) {
-            BIO_printf(bio_err, "Error generating key.");
-            RSA_free(rsa_tmp);
-            rsa_tmp = NULL;
-        }
- end:
-        BIO_printf(bio_err, "\n");
-        (void)BIO_flush(bio_err);
-    }
-    if (bn)
-        BN_free(bn);
-    return (rsa_tmp);
-}
-
-static void free_tmp_rsa(void)
-{
-    if (rsa_tmp != NULL) {
-        RSA_free(rsa_tmp);
-        rsa_tmp = NULL;
-    }
-}
-#endif
-
-#ifndef OPENSSL_NO_DH
-/*-
- * These DH parameters have been generated as follows:
- *    $ openssl dhparam -C -noout 512
- *    $ openssl dhparam -C -noout 1024
- *    $ openssl dhparam -C -noout -dsaparam 1024
- * (The third function has been renamed to avoid name conflicts.)
- */
-static DH *get_dh512()
-{
-    static unsigned char dh512_p[] = {
-        0xCB, 0xC8, 0xE1, 0x86, 0xD0, 0x1F, 0x94, 0x17, 0xA6, 0x99, 0xF0,
-        0xC6,
-        0x1F, 0x0D, 0xAC, 0xB6, 0x25, 0x3E, 0x06, 0x39, 0xCA, 0x72, 0x04,
-        0xB0,
-        0x6E, 0xDA, 0xC0, 0x61, 0xE6, 0x7A, 0x77, 0x25, 0xE8, 0x3B, 0xB9,
-        0x5F,
-        0x9A, 0xB6, 0xB5, 0xFE, 0x99, 0x0B, 0xA1, 0x93, 0x4E, 0x35, 0x33,
-        0xB8,
-        0xE1, 0xF1, 0x13, 0x4F, 0x59, 0x1A, 0xD2, 0x57, 0xC0, 0x26, 0x21,
-        0x33,
-        0x02, 0xC5, 0xAE, 0x23,
-    };
-    static unsigned char dh512_g[] = {
-        0x02,
-    };
-    DH *dh;
-
-    if ((dh = DH_new()) == NULL)
-        return (NULL);
-    dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
-    dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
-    if ((dh->p == NULL) || (dh->g == NULL)) {
-        DH_free(dh);
-        return (NULL);
-    }
-    return (dh);
-}
-
-static DH *get_dh1024()
-{
-    static unsigned char dh1024_p[] = {
-        0xF8, 0x81, 0x89, 0x7D, 0x14, 0x24, 0xC5, 0xD1, 0xE6, 0xF7, 0xBF,
-        0x3A,
-        0xE4, 0x90, 0xF4, 0xFC, 0x73, 0xFB, 0x34, 0xB5, 0xFA, 0x4C, 0x56,
-        0xA2,
-        0xEA, 0xA7, 0xE9, 0xC0, 0xC0, 0xCE, 0x89, 0xE1, 0xFA, 0x63, 0x3F,
-        0xB0,
-        0x6B, 0x32, 0x66, 0xF1, 0xD1, 0x7B, 0xB0, 0x00, 0x8F, 0xCA, 0x87,
-        0xC2,
-        0xAE, 0x98, 0x89, 0x26, 0x17, 0xC2, 0x05, 0xD2, 0xEC, 0x08, 0xD0,
-        0x8C,
-        0xFF, 0x17, 0x52, 0x8C, 0xC5, 0x07, 0x93, 0x03, 0xB1, 0xF6, 0x2F,
-        0xB8,
-        0x1C, 0x52, 0x47, 0x27, 0x1B, 0xDB, 0xD1, 0x8D, 0x9D, 0x69, 0x1D,
-        0x52,
-        0x4B, 0x32, 0x81, 0xAA, 0x7F, 0x00, 0xC8, 0xDC, 0xE6, 0xD9, 0xCC,
-        0xC1,
-        0x11, 0x2D, 0x37, 0x34, 0x6C, 0xEA, 0x02, 0x97, 0x4B, 0x0E, 0xBB,
-        0xB1,
-        0x71, 0x33, 0x09, 0x15, 0xFD, 0xDD, 0x23, 0x87, 0x07, 0x5E, 0x89,
-        0xAB,
-        0x6B, 0x7C, 0x5F, 0xEC, 0xA6, 0x24, 0xDC, 0x53,
-    };
-    static unsigned char dh1024_g[] = {
-        0x02,
-    };
-    DH *dh;
-
-    if ((dh = DH_new()) == NULL)
-        return (NULL);
-    dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
-    dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
-    if ((dh->p == NULL) || (dh->g == NULL)) {
-        DH_free(dh);
-        return (NULL);
-    }
-    return (dh);
-}
-
-static DH *get_dh1024dsa()
-{
-    static unsigned char dh1024_p[] = {
-        0xC8, 0x00, 0xF7, 0x08, 0x07, 0x89, 0x4D, 0x90, 0x53, 0xF3, 0xD5,
-        0x00,
-        0x21, 0x1B, 0xF7, 0x31, 0xA6, 0xA2, 0xDA, 0x23, 0x9A, 0xC7, 0x87,
-        0x19,
-        0x3B, 0x47, 0xB6, 0x8C, 0x04, 0x6F, 0xFF, 0xC6, 0x9B, 0xB8, 0x65,
-        0xD2,
-        0xC2, 0x5F, 0x31, 0x83, 0x4A, 0xA7, 0x5F, 0x2F, 0x88, 0x38, 0xB6,
-        0x55,
-        0xCF, 0xD9, 0x87, 0x6D, 0x6F, 0x9F, 0xDA, 0xAC, 0xA6, 0x48, 0xAF,
-        0xFC,
-        0x33, 0x84, 0x37, 0x5B, 0x82, 0x4A, 0x31, 0x5D, 0xE7, 0xBD, 0x52,
-        0x97,
-        0xA1, 0x77, 0xBF, 0x10, 0x9E, 0x37, 0xEA, 0x64, 0xFA, 0xCA, 0x28,
-        0x8D,
-        0x9D, 0x3B, 0xD2, 0x6E, 0x09, 0x5C, 0x68, 0xC7, 0x45, 0x90, 0xFD,
-        0xBB,
-        0x70, 0xC9, 0x3A, 0xBB, 0xDF, 0xD4, 0x21, 0x0F, 0xC4, 0x6A, 0x3C,
-        0xF6,
-        0x61, 0xCF, 0x3F, 0xD6, 0x13, 0xF1, 0x5F, 0xBC, 0xCF, 0xBC, 0x26,
-        0x9E,
-        0xBC, 0x0B, 0xBD, 0xAB, 0x5D, 0xC9, 0x54, 0x39,
-    };
-    static unsigned char dh1024_g[] = {
-        0x3B, 0x40, 0x86, 0xE7, 0xF3, 0x6C, 0xDE, 0x67, 0x1C, 0xCC, 0x80,
-        0x05,
-        0x5A, 0xDF, 0xFE, 0xBD, 0x20, 0x27, 0x74, 0x6C, 0x24, 0xC9, 0x03,
-        0xF3,
-        0xE1, 0x8D, 0xC3, 0x7D, 0x98, 0x27, 0x40, 0x08, 0xB8, 0x8C, 0x6A,
-        0xE9,
-        0xBB, 0x1A, 0x3A, 0xD6, 0x86, 0x83, 0x5E, 0x72, 0x41, 0xCE, 0x85,
-        0x3C,
-        0xD2, 0xB3, 0xFC, 0x13, 0xCE, 0x37, 0x81, 0x9E, 0x4C, 0x1C, 0x7B,
-        0x65,
-        0xD3, 0xE6, 0xA6, 0x00, 0xF5, 0x5A, 0x95, 0x43, 0x5E, 0x81, 0xCF,
-        0x60,
-        0xA2, 0x23, 0xFC, 0x36, 0xA7, 0x5D, 0x7A, 0x4C, 0x06, 0x91, 0x6E,
-        0xF6,
-        0x57, 0xEE, 0x36, 0xCB, 0x06, 0xEA, 0xF5, 0x3D, 0x95, 0x49, 0xCB,
-        0xA7,
-        0xDD, 0x81, 0xDF, 0x80, 0x09, 0x4A, 0x97, 0x4D, 0xA8, 0x22, 0x72,
-        0xA1,
-        0x7F, 0xC4, 0x70, 0x56, 0x70, 0xE8, 0x20, 0x10, 0x18, 0x8F, 0x2E,
-        0x60,
-        0x07, 0xE7, 0x68, 0x1A, 0x82, 0x5D, 0x32, 0xA2,
-    };
-    DH *dh;
-
-    if ((dh = DH_new()) == NULL)
-        return (NULL);
-    dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
-    dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
-    if ((dh->p == NULL) || (dh->g == NULL)) {
-        DH_free(dh);
-        return (NULL);
-    }
-    dh->length = 160;
-    return (dh);
-}
-#endif
-
-#ifndef OPENSSL_NO_PSK
-/* convert the PSK key (psk_key) in ascii to binary (psk) */
-static int psk_key2bn(const char *pskkey, unsigned char *psk,
-                      unsigned int max_psk_len)
-{
-    int ret;
-    BIGNUM *bn = NULL;
-
-    ret = BN_hex2bn(&bn, pskkey);
-    if (!ret) {
-        BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n",
-                   pskkey);
-        if (bn)
-            BN_free(bn);
-        return 0;
-    }
-    if (BN_num_bytes(bn) > (int)max_psk_len) {
-        BIO_printf(bio_err,
-                   "psk buffer of callback is too small (%d) for key (%d)\n",
-                   max_psk_len, BN_num_bytes(bn));
-        BN_free(bn);
-        return 0;
-    }
-    ret = BN_bn2bin(bn, psk);
-    BN_free(bn);
-    return ret;
-}
-
-static unsigned int psk_client_callback(SSL *ssl, const char *hint,
-                                        char *identity,
-                                        unsigned int max_identity_len,
-                                        unsigned char *psk,
-                                        unsigned int max_psk_len)
-{
-    int ret;
-    unsigned int psk_len = 0;
-
-    ret = BIO_snprintf(identity, max_identity_len, "Client_identity");
-    if (ret < 0)
-        goto out_err;
-    if (debug)
-        fprintf(stderr, "client: created identity '%s' len=%d\n", identity,
-                ret);
-    ret = psk_key2bn(psk_key, psk, max_psk_len);
-    if (ret < 0)
-        goto out_err;
-    psk_len = ret;
- out_err:
-    return psk_len;
-}
-
-static unsigned int psk_server_callback(SSL *ssl, const char *identity,
-                                        unsigned char *psk,
-                                        unsigned int max_psk_len)
-{
-    unsigned int psk_len = 0;
-
-    if (strcmp(identity, "Client_identity") != 0) {
-        BIO_printf(bio_err, "server: PSK error: client identity not found\n");
-        return 0;
-    }
-    psk_len = psk_key2bn(psk_key, psk, max_psk_len);
-    return psk_len;
-}
-#endif
-
-static int do_test_cipherlist(void)
-{
-#if !defined(OPENSSL_NO_SSL2) || !defined(OPENSSL_NO_SSL3) || \
-    !defined(OPENSSL_NO_TLS1)
-    int i = 0;
-    const SSL_METHOD *meth;
-    const SSL_CIPHER *ci, *tci = NULL;
-#endif
-
-#ifndef OPENSSL_NO_SSL2
-    fprintf(stderr, "testing SSLv2 cipher list order: ");
-    meth = SSLv2_method();
-    while ((ci = meth->get_cipher(i++)) != NULL) {
-        if (tci != NULL)
-            if (ci->id >= tci->id) {
-                fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
-                return 0;
-            }
-        tci = ci;
-    }
-    fprintf(stderr, "ok\n");
-#endif
-#ifndef OPENSSL_NO_SSL3
-    fprintf(stderr, "testing SSLv3 cipher list order: ");
-    meth = SSLv3_method();
-    tci = NULL;
-    while ((ci = meth->get_cipher(i++)) != NULL) {
-        if (tci != NULL)
-            if (ci->id >= tci->id) {
-                fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
-                return 0;
-            }
-        tci = ci;
-    }
-    fprintf(stderr, "ok\n");
-#endif
-#ifndef OPENSSL_NO_TLS1
-    fprintf(stderr, "testing TLSv1 cipher list order: ");
-    meth = TLSv1_method();
-    tci = NULL;
-    while ((ci = meth->get_cipher(i++)) != NULL) {
-        if (tci != NULL)
-            if (ci->id >= tci->id) {
-                fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
-                return 0;
-            }
-        tci = ci;
-    }
-    fprintf(stderr, "ok\n");
-#endif
-
-    return 1;
-}
diff --git a/freebsd/crypto/openssl/ssl/sslv2conftest.c b/freebsd/crypto/openssl/ssl/sslv2conftest.c
deleted file mode 100644
index f22d6a7e..00000000
--- a/freebsd/crypto/openssl/ssl/sslv2conftest.c
+++ /dev/null
@@ -1,233 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* Written by Matt Caswell for the OpenSSL Project */
-/* ====================================================================
- * Copyright (c) 2016 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdlib.h>
-#include <openssl/bio.h>
-#include <openssl/ssl.h>
-#include <openssl/err.h>
-
-
-#define TOTAL_NUM_TESTS                         2
-#define TEST_SSL_CTX                            0
-
-#define SSLV2ON                                 1
-#define SSLV2OFF                                0
-
-SSL_CONF_CTX *confctx;
-SSL_CTX *ctx;
-SSL *ssl;
-
-static int checksslv2(int test, int sslv2)
-{
-    int options;
-    if (test == TEST_SSL_CTX) {
-        options = SSL_CTX_get_options(ctx);
-    } else {
-        options = SSL_get_options(ssl);
-    }
-    return ((options & SSL_OP_NO_SSLv2) == 0) ^ (sslv2 == SSLV2OFF);
-}
-
-int main(int argc, char *argv[])
-{
-    BIO *err;
-    int testresult = 0;
-    int currtest = 0;
-
-    SSL_library_init();
-    SSL_load_error_strings();
-
-    err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
-
-    CRYPTO_malloc_debug_init();
-    CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
-    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
-
-    confctx = SSL_CONF_CTX_new();
-    ctx = SSL_CTX_new(SSLv23_method());
-    ssl = SSL_new(ctx);
-    if (confctx == NULL || ctx == NULL)
-        goto end;
-
-    SSL_CONF_CTX_set_flags(confctx, SSL_CONF_FLAG_FILE
-                                    | SSL_CONF_FLAG_CLIENT
-                                    | SSL_CONF_FLAG_SERVER);
-
-    /*
-     * For each test set up an SSL_CTX and SSL and see whether SSLv2 is enabled
-     * as expected after various SSL_CONF_cmd("Protocol", ...) calls.
-     */
-    for (currtest = 0; currtest < TOTAL_NUM_TESTS; currtest++) {
-        BIO_printf(err, "SSLv2 CONF Test number %d\n", currtest);
-        if (currtest == TEST_SSL_CTX)
-            SSL_CONF_CTX_set_ssl_ctx(confctx, ctx);
-        else
-            SSL_CONF_CTX_set_ssl(confctx, ssl);
-
-        /* SSLv2 should be off by default */
-        if (!checksslv2(currtest, SSLV2OFF)) {
-            BIO_printf(err, "SSLv2 CONF Test: Off by default test FAIL\n");
-            goto end;
-        }
-
-        if (SSL_CONF_cmd(confctx, "Protocol", "ALL") != 2
-                || !SSL_CONF_CTX_finish(confctx)) {
-            BIO_printf(err, "SSLv2 CONF Test: SSL_CONF command FAIL\n");
-            goto end;
-        }
-
-        /* Should still be off even after ALL Protocols on */
-        if (!checksslv2(currtest, SSLV2OFF)) {
-            BIO_printf(err, "SSLv2 CONF Test: Off after config #1 FAIL\n");
-            goto end;
-        }
-
-        if (SSL_CONF_cmd(confctx, "Protocol", "SSLv2") != 2
-                || !SSL_CONF_CTX_finish(confctx)) {
-            BIO_printf(err, "SSLv2 CONF Test: SSL_CONF command FAIL\n");
-            goto end;
-        }
-
-        /* Should still be off even if explicitly asked for */
-        if (!checksslv2(currtest, SSLV2OFF)) {
-            BIO_printf(err, "SSLv2 CONF Test: Off after config #2 FAIL\n");
-            goto end;
-        }
-
-        if (SSL_CONF_cmd(confctx, "Protocol", "-SSLv2") != 2
-                || !SSL_CONF_CTX_finish(confctx)) {
-            BIO_printf(err, "SSLv2 CONF Test: SSL_CONF command FAIL\n");;
-            goto end;
-        }
-
-        if (!checksslv2(currtest, SSLV2OFF)) {
-            BIO_printf(err, "SSLv2 CONF Test: Off after config #3 FAIL\n");
-            goto end;
-        }
-
-        if (currtest == TEST_SSL_CTX)
-            SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2);
-        else
-            SSL_clear_options(ssl, SSL_OP_NO_SSLv2);
-
-        if (!checksslv2(currtest, SSLV2ON)) {
-            BIO_printf(err, "SSLv2 CONF Test: On after clear FAIL\n");
-            goto end;
-        }
-
-        if (SSL_CONF_cmd(confctx, "Protocol", "ALL") != 2
-                || !SSL_CONF_CTX_finish(confctx)) {
-            BIO_printf(err, "SSLv2 CONF Test: SSL_CONF command FAIL\n");
-            goto end;
-        }
-
-        /* Option has been cleared and config says have SSLv2 so should be on */
-        if (!checksslv2(currtest, SSLV2ON)) {
-            BIO_printf(err, "SSLv2 CONF Test: On after config #1 FAIL\n");
-            goto end;
-        }
-
-        if (SSL_CONF_cmd(confctx, "Protocol", "SSLv2") != 2
-                || !SSL_CONF_CTX_finish(confctx)) {
-            BIO_printf(err, "SSLv2 CONF Test: SSL_CONF command FAIL\n");
-            goto end;
-        }
-
-        /* Option has been cleared and config says have SSLv2 so should be on */
-        if (!checksslv2(currtest, SSLV2ON)) {
-            BIO_printf(err, "SSLv2 CONF Test: On after config #2 FAIL\n");
-            goto end;
-        }
-
-        if (SSL_CONF_cmd(confctx, "Protocol", "-SSLv2") != 2
-                || !SSL_CONF_CTX_finish(confctx)) {
-            BIO_printf(err, "SSLv2 CONF Test: SSL_CONF command FAIL\n");
-            goto end;
-        }
-
-        /* Option has been cleared but config says no SSLv2 so should be off */
-        if (!checksslv2(currtest, SSLV2OFF)) {
-            BIO_printf(err, "SSLv2 CONF Test: Off after config #4 FAIL\n");
-            goto end;
-        }
-
-    }
-
-    testresult = 1;
-
- end:
-    SSL_free(ssl);
-    SSL_CTX_free(ctx);
-    SSL_CONF_CTX_free(confctx);
-
-    if (!testresult) {
-        printf("SSLv2 CONF test: FAILED (Test %d)\n", currtest);
-        ERR_print_errors(err);
-    } else {
-        printf("SSLv2 CONF test: PASSED\n");
-    }
-
-    ERR_free_strings();
-    ERR_remove_thread_state(NULL);
-    EVP_cleanup();
-    CRYPTO_cleanup_all_ex_data();
-    CRYPTO_mem_leaks(err);
-    BIO_free(err);
-
-    return testresult ? EXIT_SUCCESS : EXIT_FAILURE;
-}
diff --git a/freebsd/crypto/openssl/ssl/statem/extensions.c b/freebsd/crypto/openssl/ssl/statem/extensions.c
new file mode 100644
index 00000000..a6491c3d
--- /dev/null
+++ b/freebsd/crypto/openssl/ssl/statem/extensions.c
@@ -0,0 +1,1693 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include "internal/nelem.h"
+#include "internal/cryptlib.h"
+#include "../ssl_locl.h"
+#include "statem_locl.h"
+#include "internal/cryptlib.h"
+
+static int final_renegotiate(SSL *s, unsigned int context, int sent);
+static int init_server_name(SSL *s, unsigned int context);
+static int final_server_name(SSL *s, unsigned int context, int sent);
+#ifndef OPENSSL_NO_EC
+static int final_ec_pt_formats(SSL *s, unsigned int context, int sent);
+#endif
+static int init_session_ticket(SSL *s, unsigned int context);
+#ifndef OPENSSL_NO_OCSP
+static int init_status_request(SSL *s, unsigned int context);
+#endif
+#ifndef OPENSSL_NO_NEXTPROTONEG
+static int init_npn(SSL *s, unsigned int context);
+#endif
+static int init_alpn(SSL *s, unsigned int context);
+static int final_alpn(SSL *s, unsigned int context, int sent);
+static int init_sig_algs_cert(SSL *s, unsigned int context);
+static int init_sig_algs(SSL *s, unsigned int context);
+static int init_certificate_authorities(SSL *s, unsigned int context);
+static EXT_RETURN tls_construct_certificate_authorities(SSL *s, WPACKET *pkt,
+                                                        unsigned int context,
+                                                        X509 *x,
+                                                        size_t chainidx);
+static int tls_parse_certificate_authorities(SSL *s, PACKET *pkt,
+                                             unsigned int context, X509 *x,
+                                             size_t chainidx);
+#ifndef OPENSSL_NO_SRP
+static int init_srp(SSL *s, unsigned int context);
+#endif
+static int init_etm(SSL *s, unsigned int context);
+static int init_ems(SSL *s, unsigned int context);
+static int final_ems(SSL *s, unsigned int context, int sent);
+static int init_psk_kex_modes(SSL *s, unsigned int context);
+#ifndef OPENSSL_NO_EC
+static int final_key_share(SSL *s, unsigned int context, int sent);
+#endif
+#ifndef OPENSSL_NO_SRTP
+static int init_srtp(SSL *s, unsigned int context);
+#endif
+static int final_sig_algs(SSL *s, unsigned int context, int sent);
+static int final_early_data(SSL *s, unsigned int context, int sent);
+static int final_maxfragmentlen(SSL *s, unsigned int context, int sent);
+static int init_post_handshake_auth(SSL *s, unsigned int context);
+
+/* Structure to define a built-in extension */
+typedef struct extensions_definition_st {
+    /* The defined type for the extension */
+    unsigned int type;
+    /*
+     * The context that this extension applies to, e.g. what messages and
+     * protocol versions
+     */
+    unsigned int context;
+    /*
+     * Initialise extension before parsing. Always called for relevant contexts
+     * even if extension not present
+     */
+    int (*init)(SSL *s, unsigned int context);
+    /* Parse extension sent from client to server */
+    int (*parse_ctos)(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                      size_t chainidx);
+    /* Parse extension send from server to client */
+    int (*parse_stoc)(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                      size_t chainidx);
+    /* Construct extension sent from server to client */
+    EXT_RETURN (*construct_stoc)(SSL *s, WPACKET *pkt, unsigned int context,
+                                 X509 *x, size_t chainidx);
+    /* Construct extension sent from client to server */
+    EXT_RETURN (*construct_ctos)(SSL *s, WPACKET *pkt, unsigned int context,
+                                 X509 *x, size_t chainidx);
+    /*
+     * Finalise extension after parsing. Always called where an extensions was
+     * initialised even if the extension was not present. |sent| is set to 1 if
+     * the extension was seen, or 0 otherwise.
+     */
+    int (*final)(SSL *s, unsigned int context, int sent);
+} EXTENSION_DEFINITION;
+
+/*
+ * Definitions of all built-in extensions. NOTE: Changes in the number or order
+ * of these extensions should be mirrored with equivalent changes to the
+ * indexes ( TLSEXT_IDX_* ) defined in ssl_locl.h.
+ * Each extension has an initialiser, a client and
+ * server side parser and a finaliser. The initialiser is called (if the
+ * extension is relevant to the given context) even if we did not see the
+ * extension in the message that we received. The parser functions are only
+ * called if we see the extension in the message. The finalisers are always
+ * called if the initialiser was called.
+ * There are also server and client side constructor functions which are always
+ * called during message construction if the extension is relevant for the
+ * given context.
+ * The initialisation, parsing, finalisation and construction functions are
+ * always called in the order defined in this list. Some extensions may depend
+ * on others having been processed first, so the order of this list is
+ * significant.
+ * The extension context is defined by a series of flags which specify which
+ * messages the extension is relevant to. These flags also specify whether the
+ * extension is relevant to a particular protocol or protocol version.
+ *
+ * TODO(TLS1.3): Make sure we have a test to check the consistency of these
+ *
+ * NOTE: WebSphere Application Server 7+ cannot handle empty extensions at
+ * the end, keep these extensions before signature_algorithm.
+ */
+#define INVALID_EXTENSION { 0x10000, 0, NULL, NULL, NULL, NULL, NULL, NULL }
+static const EXTENSION_DEFINITION ext_defs[] = {
+    {
+        TLSEXT_TYPE_renegotiate,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
+        | SSL_EXT_SSL3_ALLOWED | SSL_EXT_TLS1_2_AND_BELOW_ONLY,
+        NULL, tls_parse_ctos_renegotiate, tls_parse_stoc_renegotiate,
+        tls_construct_stoc_renegotiate, tls_construct_ctos_renegotiate,
+        final_renegotiate
+    },
+    {
+        TLSEXT_TYPE_server_name,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
+        | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS,
+        init_server_name,
+        tls_parse_ctos_server_name, tls_parse_stoc_server_name,
+        tls_construct_stoc_server_name, tls_construct_ctos_server_name,
+        final_server_name
+    },
+    {
+        TLSEXT_TYPE_max_fragment_length,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
+        | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS,
+        NULL, tls_parse_ctos_maxfragmentlen, tls_parse_stoc_maxfragmentlen,
+        tls_construct_stoc_maxfragmentlen, tls_construct_ctos_maxfragmentlen,
+        final_maxfragmentlen
+    },
+#ifndef OPENSSL_NO_SRP
+    {
+        TLSEXT_TYPE_srp,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_AND_BELOW_ONLY,
+        init_srp, tls_parse_ctos_srp, NULL, NULL, tls_construct_ctos_srp, NULL
+    },
+#else
+    INVALID_EXTENSION,
+#endif
+#ifndef OPENSSL_NO_EC
+    {
+        TLSEXT_TYPE_ec_point_formats,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
+        | SSL_EXT_TLS1_2_AND_BELOW_ONLY,
+        NULL, tls_parse_ctos_ec_pt_formats, tls_parse_stoc_ec_pt_formats,
+        tls_construct_stoc_ec_pt_formats, tls_construct_ctos_ec_pt_formats,
+        final_ec_pt_formats
+    },
+    {
+        /*
+         * "supported_groups" is spread across several specifications.
+         * It was originally specified as "elliptic_curves" in RFC 4492,
+         * and broadened to include named FFDH groups by RFC 7919.
+         * Both RFCs 4492 and 7919 do not include a provision for the server
+         * to indicate to the client the complete list of groups supported
+         * by the server, with the server instead just indicating the
+         * selected group for this connection in the ServerKeyExchange
+         * message.  TLS 1.3 adds a scheme for the server to indicate
+         * to the client its list of supported groups in the
+         * EncryptedExtensions message, but none of the relevant
+         * specifications permit sending supported_groups in the ServerHello.
+         * Nonetheless (possibly due to the close proximity to the
+         * "ec_point_formats" extension, which is allowed in the ServerHello),
+         * there are several servers that send this extension in the
+         * ServerHello anyway.  Up to and including the 1.1.0 release,
+         * we did not check for the presence of nonpermitted extensions,
+         * so to avoid a regression, we must permit this extension in the
+         * TLS 1.2 ServerHello as well.
+         *
+         * Note that there is no tls_parse_stoc_supported_groups function,
+         * so we do not perform any additional parsing, validation, or
+         * processing on the server's group list -- this is just a minimal
+         * change to preserve compatibility with these misbehaving servers.
+         */
+        TLSEXT_TYPE_supported_groups,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS
+        | SSL_EXT_TLS1_2_SERVER_HELLO,
+        NULL, tls_parse_ctos_supported_groups, NULL,
+        tls_construct_stoc_supported_groups,
+        tls_construct_ctos_supported_groups, NULL
+    },
+#else
+    INVALID_EXTENSION,
+    INVALID_EXTENSION,
+#endif
+    {
+        TLSEXT_TYPE_session_ticket,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
+        | SSL_EXT_TLS1_2_AND_BELOW_ONLY,
+        init_session_ticket, tls_parse_ctos_session_ticket,
+        tls_parse_stoc_session_ticket, tls_construct_stoc_session_ticket,
+        tls_construct_ctos_session_ticket, NULL
+    },
+#ifndef OPENSSL_NO_OCSP
+    {
+        TLSEXT_TYPE_status_request,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
+        | SSL_EXT_TLS1_3_CERTIFICATE | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST,
+        init_status_request, tls_parse_ctos_status_request,
+        tls_parse_stoc_status_request, tls_construct_stoc_status_request,
+        tls_construct_ctos_status_request, NULL
+    },
+#else
+    INVALID_EXTENSION,
+#endif
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    {
+        TLSEXT_TYPE_next_proto_neg,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
+        | SSL_EXT_TLS1_2_AND_BELOW_ONLY,
+        init_npn, tls_parse_ctos_npn, tls_parse_stoc_npn,
+        tls_construct_stoc_next_proto_neg, tls_construct_ctos_npn, NULL
+    },
+#else
+    INVALID_EXTENSION,
+#endif
+    {
+        /*
+         * Must appear in this list after server_name so that finalisation
+         * happens after server_name callbacks
+         */
+        TLSEXT_TYPE_application_layer_protocol_negotiation,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
+        | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS,
+        init_alpn, tls_parse_ctos_alpn, tls_parse_stoc_alpn,
+        tls_construct_stoc_alpn, tls_construct_ctos_alpn, final_alpn
+    },
+#ifndef OPENSSL_NO_SRTP
+    {
+        TLSEXT_TYPE_use_srtp,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
+        | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS | SSL_EXT_DTLS_ONLY,
+        init_srtp, tls_parse_ctos_use_srtp, tls_parse_stoc_use_srtp,
+        tls_construct_stoc_use_srtp, tls_construct_ctos_use_srtp, NULL
+    },
+#else
+    INVALID_EXTENSION,
+#endif
+    {
+        TLSEXT_TYPE_encrypt_then_mac,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
+        | SSL_EXT_TLS1_2_AND_BELOW_ONLY,
+        init_etm, tls_parse_ctos_etm, tls_parse_stoc_etm,
+        tls_construct_stoc_etm, tls_construct_ctos_etm, NULL
+    },
+#ifndef OPENSSL_NO_CT
+    {
+        TLSEXT_TYPE_signed_certificate_timestamp,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
+        | SSL_EXT_TLS1_3_CERTIFICATE | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST,
+        NULL,
+        /*
+         * No server side support for this, but can be provided by a custom
+         * extension. This is an exception to the rule that custom extensions
+         * cannot override built in ones.
+         */
+        NULL, tls_parse_stoc_sct, NULL, tls_construct_ctos_sct,  NULL
+    },
+#else
+    INVALID_EXTENSION,
+#endif
+    {
+        TLSEXT_TYPE_extended_master_secret,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
+        | SSL_EXT_TLS1_2_AND_BELOW_ONLY,
+        init_ems, tls_parse_ctos_ems, tls_parse_stoc_ems,
+        tls_construct_stoc_ems, tls_construct_ctos_ems, final_ems
+    },
+    {
+        TLSEXT_TYPE_signature_algorithms_cert,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST,
+        init_sig_algs_cert, tls_parse_ctos_sig_algs_cert,
+        tls_parse_ctos_sig_algs_cert,
+        /* We do not generate signature_algorithms_cert at present. */
+        NULL, NULL, NULL
+    },
+    {
+        TLSEXT_TYPE_post_handshake_auth,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_ONLY,
+        init_post_handshake_auth,
+        tls_parse_ctos_post_handshake_auth, NULL,
+        NULL, tls_construct_ctos_post_handshake_auth,
+        NULL,
+    },
+    {
+        TLSEXT_TYPE_signature_algorithms,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST,
+        init_sig_algs, tls_parse_ctos_sig_algs,
+        tls_parse_ctos_sig_algs, tls_construct_ctos_sig_algs,
+        tls_construct_ctos_sig_algs, final_sig_algs
+    },
+    {
+        TLSEXT_TYPE_supported_versions,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_SERVER_HELLO
+        | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST | SSL_EXT_TLS_IMPLEMENTATION_ONLY,
+        NULL,
+        /* Processed inline as part of version selection */
+        NULL, tls_parse_stoc_supported_versions,
+        tls_construct_stoc_supported_versions,
+        tls_construct_ctos_supported_versions, NULL
+    },
+    {
+        TLSEXT_TYPE_psk_kex_modes,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS_IMPLEMENTATION_ONLY
+        | SSL_EXT_TLS1_3_ONLY,
+        init_psk_kex_modes, tls_parse_ctos_psk_kex_modes, NULL, NULL,
+        tls_construct_ctos_psk_kex_modes, NULL
+    },
+#ifndef OPENSSL_NO_EC
+    {
+        /*
+         * Must be in this list after supported_groups. We need that to have
+         * been parsed before we do this one.
+         */
+        TLSEXT_TYPE_key_share,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_SERVER_HELLO
+        | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST | SSL_EXT_TLS_IMPLEMENTATION_ONLY
+        | SSL_EXT_TLS1_3_ONLY,
+        NULL, tls_parse_ctos_key_share, tls_parse_stoc_key_share,
+        tls_construct_stoc_key_share, tls_construct_ctos_key_share,
+        final_key_share
+    },
+#endif
+    {
+        /* Must be after key_share */
+        TLSEXT_TYPE_cookie,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST
+        | SSL_EXT_TLS_IMPLEMENTATION_ONLY | SSL_EXT_TLS1_3_ONLY,
+        NULL, tls_parse_ctos_cookie, tls_parse_stoc_cookie,
+        tls_construct_stoc_cookie, tls_construct_ctos_cookie, NULL
+    },
+    {
+        /*
+         * Special unsolicited ServerHello extension only used when
+         * SSL_OP_CRYPTOPRO_TLSEXT_BUG is set
+         */
+        TLSEXT_TYPE_cryptopro_bug,
+        SSL_EXT_TLS1_2_SERVER_HELLO | SSL_EXT_TLS1_2_AND_BELOW_ONLY,
+        NULL, NULL, NULL, tls_construct_stoc_cryptopro_bug, NULL, NULL
+    },
+    {
+        TLSEXT_TYPE_early_data,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS
+        | SSL_EXT_TLS1_3_NEW_SESSION_TICKET | SSL_EXT_TLS1_3_ONLY,
+        NULL, tls_parse_ctos_early_data, tls_parse_stoc_early_data,
+        tls_construct_stoc_early_data, tls_construct_ctos_early_data,
+        final_early_data
+    },
+    {
+        TLSEXT_TYPE_certificate_authorities,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST
+        | SSL_EXT_TLS1_3_ONLY,
+        init_certificate_authorities,
+        tls_parse_certificate_authorities, tls_parse_certificate_authorities,
+        tls_construct_certificate_authorities,
+        tls_construct_certificate_authorities, NULL,
+    },
+    {
+        /* Must be immediately before pre_shared_key */
+        TLSEXT_TYPE_padding,
+        SSL_EXT_CLIENT_HELLO,
+        NULL,
+        /* We send this, but don't read it */
+        NULL, NULL, NULL, tls_construct_ctos_padding, NULL
+    },
+    {
+        /* Required by the TLSv1.3 spec to always be the last extension */
+        TLSEXT_TYPE_psk,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_SERVER_HELLO
+        | SSL_EXT_TLS_IMPLEMENTATION_ONLY | SSL_EXT_TLS1_3_ONLY,
+        NULL, tls_parse_ctos_psk, tls_parse_stoc_psk, tls_construct_stoc_psk,
+        tls_construct_ctos_psk, NULL
+    }
+};
+
+/* Check whether an extension's context matches the current context */
+static int validate_context(SSL *s, unsigned int extctx, unsigned int thisctx)
+{
+    /* Check we're allowed to use this extension in this context */
+    if ((thisctx & extctx) == 0)
+        return 0;
+
+    if (SSL_IS_DTLS(s)) {
+        if ((extctx & SSL_EXT_TLS_ONLY) != 0)
+            return 0;
+    } else if ((extctx & SSL_EXT_DTLS_ONLY) != 0) {
+        return 0;
+    }
+
+    return 1;
+}
+
+int tls_validate_all_contexts(SSL *s, unsigned int thisctx, RAW_EXTENSION *exts)
+{
+    size_t i, num_exts, builtin_num = OSSL_NELEM(ext_defs), offset;
+    RAW_EXTENSION *thisext;
+    unsigned int context;
+    ENDPOINT role = ENDPOINT_BOTH;
+
+    if ((thisctx & SSL_EXT_CLIENT_HELLO) != 0)
+        role = ENDPOINT_SERVER;
+    else if ((thisctx & SSL_EXT_TLS1_2_SERVER_HELLO) != 0)
+        role = ENDPOINT_CLIENT;
+
+    /* Calculate the number of extensions in the extensions list */
+    num_exts = builtin_num + s->cert->custext.meths_count;
+
+    for (thisext = exts, i = 0; i < num_exts; i++, thisext++) {
+        if (!thisext->present)
+            continue;
+
+        if (i < builtin_num) {
+            context = ext_defs[i].context;
+        } else {
+            custom_ext_method *meth = NULL;
+
+            meth = custom_ext_find(&s->cert->custext, role, thisext->type,
+                                   &offset);
+            if (!ossl_assert(meth != NULL))
+                return 0;
+            context = meth->context;
+        }
+
+        if (!validate_context(s, context, thisctx))
+            return 0;
+    }
+
+    return 1;
+}
+
+/*
+ * Verify whether we are allowed to use the extension |type| in the current
+ * |context|. Returns 1 to indicate the extension is allowed or unknown or 0 to
+ * indicate the extension is not allowed. If returning 1 then |*found| is set to
+ * the definition for the extension we found.
+ */
+static int verify_extension(SSL *s, unsigned int context, unsigned int type,
+                            custom_ext_methods *meths, RAW_EXTENSION *rawexlist,
+                            RAW_EXTENSION **found)
+{
+    size_t i;
+    size_t builtin_num = OSSL_NELEM(ext_defs);
+    const EXTENSION_DEFINITION *thisext;
+
+    for (i = 0, thisext = ext_defs; i < builtin_num; i++, thisext++) {
+        if (type == thisext->type) {
+            if (!validate_context(s, thisext->context, context))
+                return 0;
+
+            *found = &rawexlist[i];
+            return 1;
+        }
+    }
+
+    /* Check the custom extensions */
+    if (meths != NULL) {
+        size_t offset = 0;
+        ENDPOINT role = ENDPOINT_BOTH;
+        custom_ext_method *meth = NULL;
+
+        if ((context & SSL_EXT_CLIENT_HELLO) != 0)
+            role = ENDPOINT_SERVER;
+        else if ((context & SSL_EXT_TLS1_2_SERVER_HELLO) != 0)
+            role = ENDPOINT_CLIENT;
+
+        meth = custom_ext_find(meths, role, type, &offset);
+        if (meth != NULL) {
+            if (!validate_context(s, meth->context, context))
+                return 0;
+            *found = &rawexlist[offset + builtin_num];
+            return 1;
+        }
+    }
+
+    /* Unknown extension. We allow it */
+    *found = NULL;
+    return 1;
+}
+
+/*
+ * Check whether the context defined for an extension |extctx| means whether
+ * the extension is relevant for the current context |thisctx| or not. Returns
+ * 1 if the extension is relevant for this context, and 0 otherwise
+ */
+int extension_is_relevant(SSL *s, unsigned int extctx, unsigned int thisctx)
+{
+    int is_tls13;
+
+    /*
+     * For HRR we haven't selected the version yet but we know it will be
+     * TLSv1.3
+     */
+    if ((thisctx & SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST) != 0)
+        is_tls13 = 1;
+    else
+        is_tls13 = SSL_IS_TLS13(s);
+
+    if ((SSL_IS_DTLS(s)
+                && (extctx & SSL_EXT_TLS_IMPLEMENTATION_ONLY) != 0)
+            || (s->version == SSL3_VERSION
+                    && (extctx & SSL_EXT_SSL3_ALLOWED) == 0)
+            /*
+             * Note that SSL_IS_TLS13() means "TLS 1.3 has been negotiated",
+             * which is never true when generating the ClientHello.
+             * However, version negotiation *has* occurred by the time the
+             * ClientHello extensions are being parsed.
+             * Be careful to allow TLS 1.3-only extensions when generating
+             * the ClientHello.
+             */
+            || (is_tls13 && (extctx & SSL_EXT_TLS1_2_AND_BELOW_ONLY) != 0)
+            || (!is_tls13 && (extctx & SSL_EXT_TLS1_3_ONLY) != 0
+                && (thisctx & SSL_EXT_CLIENT_HELLO) == 0)
+            || (s->server && !is_tls13 && (extctx & SSL_EXT_TLS1_3_ONLY) != 0)
+            || (s->hit && (extctx & SSL_EXT_IGNORE_ON_RESUMPTION) != 0))
+        return 0;
+    return 1;
+}
+
+/*
+ * Gather a list of all the extensions from the data in |packet]. |context|
+ * tells us which message this extension is for. The raw extension data is
+ * stored in |*res| on success. We don't actually process the content of the
+ * extensions yet, except to check their types. This function also runs the
+ * initialiser functions for all known extensions if |init| is nonzero (whether
+ * we have collected them or not). If successful the caller is responsible for
+ * freeing the contents of |*res|.
+ *
+ * Per http://tools.ietf.org/html/rfc5246#section-7.4.1.4, there may not be
+ * more than one extension of the same type in a ClientHello or ServerHello.
+ * This function returns 1 if all extensions are unique and we have parsed their
+ * types, and 0 if the extensions contain duplicates, could not be successfully
+ * found, or an internal error occurred. We only check duplicates for
+ * extensions that we know about. We ignore others.
+ */
+int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context,
+                           RAW_EXTENSION **res, size_t *len, int init)
+{
+    PACKET extensions = *packet;
+    size_t i = 0;
+    size_t num_exts;
+    custom_ext_methods *exts = &s->cert->custext;
+    RAW_EXTENSION *raw_extensions = NULL;
+    const EXTENSION_DEFINITION *thisexd;
+
+    *res = NULL;
+
+    /*
+     * Initialise server side custom extensions. Client side is done during
+     * construction of extensions for the ClientHello.
+     */
+    if ((context & SSL_EXT_CLIENT_HELLO) != 0)
+        custom_ext_init(&s->cert->custext);
+
+    num_exts = OSSL_NELEM(ext_defs) + (exts != NULL ? exts->meths_count : 0);
+    raw_extensions = OPENSSL_zalloc(num_exts * sizeof(*raw_extensions));
+    if (raw_extensions == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_COLLECT_EXTENSIONS,
+                 ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    i = 0;
+    while (PACKET_remaining(&extensions) > 0) {
+        unsigned int type, idx;
+        PACKET extension;
+        RAW_EXTENSION *thisex;
+
+        if (!PACKET_get_net_2(&extensions, &type) ||
+            !PACKET_get_length_prefixed_2(&extensions, &extension)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_COLLECT_EXTENSIONS,
+                     SSL_R_BAD_EXTENSION);
+            goto err;
+        }
+        /*
+         * Verify this extension is allowed. We only check duplicates for
+         * extensions that we recognise. We also have a special case for the
+         * PSK extension, which must be the last one in the ClientHello.
+         */
+        if (!verify_extension(s, context, type, exts, raw_extensions, &thisex)
+                || (thisex != NULL && thisex->present == 1)
+                || (type == TLSEXT_TYPE_psk
+                    && (context & SSL_EXT_CLIENT_HELLO) != 0
+                    && PACKET_remaining(&extensions) != 0)) {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_COLLECT_EXTENSIONS,
+                     SSL_R_BAD_EXTENSION);
+            goto err;
+        }
+        idx = thisex - raw_extensions;
+        /*-
+         * Check that we requested this extension (if appropriate). Requests can
+         * be sent in the ClientHello and CertificateRequest. Unsolicited
+         * extensions can be sent in the NewSessionTicket. We only do this for
+         * the built-in extensions. Custom extensions have a different but
+         * similar check elsewhere.
+         * Special cases:
+         * - The HRR cookie extension is unsolicited
+         * - The renegotiate extension is unsolicited (the client signals
+         *   support via an SCSV)
+         * - The signed_certificate_timestamp extension can be provided by a
+         * custom extension or by the built-in version. We let the extension
+         * itself handle unsolicited response checks.
+         */
+        if (idx < OSSL_NELEM(ext_defs)
+                && (context & (SSL_EXT_CLIENT_HELLO
+                               | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST
+                               | SSL_EXT_TLS1_3_NEW_SESSION_TICKET)) == 0
+                && type != TLSEXT_TYPE_cookie
+                && type != TLSEXT_TYPE_renegotiate
+                && type != TLSEXT_TYPE_signed_certificate_timestamp
+                && (s->ext.extflags[idx] & SSL_EXT_FLAG_SENT) == 0) {
+            SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION,
+                     SSL_F_TLS_COLLECT_EXTENSIONS, SSL_R_UNSOLICITED_EXTENSION);
+            goto err;
+        }
+        if (thisex != NULL) {
+            thisex->data = extension;
+            thisex->present = 1;
+            thisex->type = type;
+            thisex->received_order = i++;
+            if (s->ext.debug_cb)
+                s->ext.debug_cb(s, !s->server, thisex->type,
+                                PACKET_data(&thisex->data),
+                                PACKET_remaining(&thisex->data),
+                                s->ext.debug_arg);
+        }
+    }
+
+    if (init) {
+        /*
+         * Initialise all known extensions relevant to this context,
+         * whether we have found them or not
+         */
+        for (thisexd = ext_defs, i = 0; i < OSSL_NELEM(ext_defs);
+             i++, thisexd++) {
+            if (thisexd->init != NULL && (thisexd->context & context) != 0
+                && extension_is_relevant(s, thisexd->context, context)
+                && !thisexd->init(s, context)) {
+                /* SSLfatal() already called */
+                goto err;
+            }
+        }
+    }
+
+    *res = raw_extensions;
+    if (len != NULL)
+        *len = num_exts;
+    return 1;
+
+ err:
+    OPENSSL_free(raw_extensions);
+    return 0;
+}
+
+/*
+ * Runs the parser for a given extension with index |idx|. |exts| contains the
+ * list of all parsed extensions previously collected by
+ * tls_collect_extensions(). The parser is only run if it is applicable for the
+ * given |context| and the parser has not already been run. If this is for a
+ * Certificate message, then we also provide the parser with the relevant
+ * Certificate |x| and its position in the |chainidx| with 0 being the first
+ * Certificate. Returns 1 on success or 0 on failure. If an extension is not
+ * present this counted as success.
+ */
+int tls_parse_extension(SSL *s, TLSEXT_INDEX idx, int context,
+                        RAW_EXTENSION *exts, X509 *x, size_t chainidx)
+{
+    RAW_EXTENSION *currext = &exts[idx];
+    int (*parser)(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                  size_t chainidx) = NULL;
+
+    /* Skip if the extension is not present */
+    if (!currext->present)
+        return 1;
+
+    /* Skip if we've already parsed this extension */
+    if (currext->parsed)
+        return 1;
+
+    currext->parsed = 1;
+
+    if (idx < OSSL_NELEM(ext_defs)) {
+        /* We are handling a built-in extension */
+        const EXTENSION_DEFINITION *extdef = &ext_defs[idx];
+
+        /* Check if extension is defined for our protocol. If not, skip */
+        if (!extension_is_relevant(s, extdef->context, context))
+            return 1;
+
+        parser = s->server ? extdef->parse_ctos : extdef->parse_stoc;
+
+        if (parser != NULL)
+            return parser(s, &currext->data, context, x, chainidx);
+
+        /*
+         * If the parser is NULL we fall through to the custom extension
+         * processing
+         */
+    }
+
+    /* Parse custom extensions */
+    return custom_ext_parse(s, context, currext->type,
+                            PACKET_data(&currext->data),
+                            PACKET_remaining(&currext->data),
+                            x, chainidx);
+}
+
+/*
+ * Parse all remaining extensions that have not yet been parsed. Also calls the
+ * finalisation for all extensions at the end if |fin| is nonzero, whether we
+ * collected them or not. Returns 1 for success or 0 for failure. If we are
+ * working on a Certificate message then we also pass the Certificate |x| and
+ * its position in the |chainidx|, with 0 being the first certificate.
+ */
+int tls_parse_all_extensions(SSL *s, int context, RAW_EXTENSION *exts, X509 *x,
+                             size_t chainidx, int fin)
+{
+    size_t i, numexts = OSSL_NELEM(ext_defs);
+    const EXTENSION_DEFINITION *thisexd;
+
+    /* Calculate the number of extensions in the extensions list */
+    numexts += s->cert->custext.meths_count;
+
+    /* Parse each extension in turn */
+    for (i = 0; i < numexts; i++) {
+        if (!tls_parse_extension(s, i, context, exts, x, chainidx)) {
+            /* SSLfatal() already called */
+            return 0;
+        }
+    }
+
+    if (fin) {
+        /*
+         * Finalise all known extensions relevant to this context,
+         * whether we have found them or not
+         */
+        for (i = 0, thisexd = ext_defs; i < OSSL_NELEM(ext_defs);
+             i++, thisexd++) {
+            if (thisexd->final != NULL && (thisexd->context & context) != 0
+                && !thisexd->final(s, context, exts[i].present)) {
+                /* SSLfatal() already called */
+                return 0;
+            }
+        }
+    }
+
+    return 1;
+}
+
+int should_add_extension(SSL *s, unsigned int extctx, unsigned int thisctx,
+                         int max_version)
+{
+    /* Skip if not relevant for our context */
+    if ((extctx & thisctx) == 0)
+        return 0;
+
+    /* Check if this extension is defined for our protocol. If not, skip */
+    if (!extension_is_relevant(s, extctx, thisctx)
+            || ((extctx & SSL_EXT_TLS1_3_ONLY) != 0
+                && (thisctx & SSL_EXT_CLIENT_HELLO) != 0
+                && (SSL_IS_DTLS(s) || max_version < TLS1_3_VERSION)))
+        return 0;
+
+    return 1;
+}
+
+/*
+ * Construct all the extensions relevant to the current |context| and write
+ * them to |pkt|. If this is an extension for a Certificate in a Certificate
+ * message, then |x| will be set to the Certificate we are handling, and
+ * |chainidx| will indicate the position in the chainidx we are processing (with
+ * 0 being the first in the chain). Returns 1 on success or 0 on failure. On a
+ * failure construction stops at the first extension to fail to construct.
+ */
+int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context,
+                             X509 *x, size_t chainidx)
+{
+    size_t i;
+    int min_version, max_version = 0, reason;
+    const EXTENSION_DEFINITION *thisexd;
+
+    if (!WPACKET_start_sub_packet_u16(pkt)
+               /*
+                * If extensions are of zero length then we don't even add the
+                * extensions length bytes to a ClientHello/ServerHello
+                * (for non-TLSv1.3).
+                */
+            || ((context &
+                 (SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO)) != 0
+                && !WPACKET_set_flags(pkt,
+                                     WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH))) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_EXTENSIONS,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    if ((context & SSL_EXT_CLIENT_HELLO) != 0) {
+        reason = ssl_get_min_max_version(s, &min_version, &max_version, NULL);
+        if (reason != 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_EXTENSIONS,
+                     reason);
+            return 0;
+        }
+    }
+
+    /* Add custom extensions first */
+    if ((context & SSL_EXT_CLIENT_HELLO) != 0) {
+        /* On the server side with initialise during ClientHello parsing */
+        custom_ext_init(&s->cert->custext);
+    }
+    if (!custom_ext_add(s, context, pkt, x, chainidx, max_version)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    for (i = 0, thisexd = ext_defs; i < OSSL_NELEM(ext_defs); i++, thisexd++) {
+        EXT_RETURN (*construct)(SSL *s, WPACKET *pkt, unsigned int context,
+                                X509 *x, size_t chainidx);
+        EXT_RETURN ret;
+
+        /* Skip if not relevant for our context */
+        if (!should_add_extension(s, thisexd->context, context, max_version))
+            continue;
+
+        construct = s->server ? thisexd->construct_stoc
+                              : thisexd->construct_ctos;
+
+        if (construct == NULL)
+            continue;
+
+        ret = construct(s, pkt, context, x, chainidx);
+        if (ret == EXT_RETURN_FAIL) {
+            /* SSLfatal() already called */
+            return 0;
+        }
+        if (ret == EXT_RETURN_SENT
+                && (context & (SSL_EXT_CLIENT_HELLO
+                               | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST
+                               | SSL_EXT_TLS1_3_NEW_SESSION_TICKET)) != 0)
+            s->ext.extflags[i] |= SSL_EXT_FLAG_SENT;
+    }
+
+    if (!WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_EXTENSIONS,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    return 1;
+}
+
+/*
+ * Built in extension finalisation and initialisation functions. All initialise
+ * or finalise the associated extension type for the given |context|. For
+ * finalisers |sent| is set to 1 if we saw the extension during parsing, and 0
+ * otherwise. These functions return 1 on success or 0 on failure.
+ */
+
+static int final_renegotiate(SSL *s, unsigned int context, int sent)
+{
+    if (!s->server) {
+        /*
+         * Check if we can connect to a server that doesn't support safe
+         * renegotiation
+         */
+        if (!(s->options & SSL_OP_LEGACY_SERVER_CONNECT)
+                && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)
+                && !sent) {
+            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_FINAL_RENEGOTIATE,
+                     SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
+            return 0;
+        }
+
+        return 1;
+    }
+
+    /* Need RI if renegotiating */
+    if (s->renegotiate
+            && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)
+            && !sent) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_FINAL_RENEGOTIATE,
+                 SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
+        return 0;
+    }
+
+
+    return 1;
+}
+
+static int init_server_name(SSL *s, unsigned int context)
+{
+    if (s->server) {
+        s->servername_done = 0;
+
+        OPENSSL_free(s->ext.hostname);
+        s->ext.hostname = NULL;
+    }
+
+    return 1;
+}
+
+static int final_server_name(SSL *s, unsigned int context, int sent)
+{
+    int ret = SSL_TLSEXT_ERR_NOACK;
+    int altmp = SSL_AD_UNRECOGNIZED_NAME;
+    int was_ticket = (SSL_get_options(s) & SSL_OP_NO_TICKET) == 0;
+
+    if (!ossl_assert(s->ctx != NULL) || !ossl_assert(s->session_ctx != NULL)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_FINAL_SERVER_NAME,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    if (s->ctx->ext.servername_cb != NULL)
+        ret = s->ctx->ext.servername_cb(s, &altmp,
+                                        s->ctx->ext.servername_arg);
+    else if (s->session_ctx->ext.servername_cb != NULL)
+        ret = s->session_ctx->ext.servername_cb(s, &altmp,
+                                       s->session_ctx->ext.servername_arg);
+
+    /*
+     * For servers, propagate the SNI hostname from the temporary
+     * storage in the SSL to the persistent SSL_SESSION, now that we
+     * know we accepted it.
+     * Clients make this copy when parsing the server's response to
+     * the extension, which is when they find out that the negotiation
+     * was successful.
+     */
+    if (s->server) {
+        /* TODO(OpenSSL1.2) revisit !sent case */
+        if (sent && ret == SSL_TLSEXT_ERR_OK && (!s->hit || SSL_IS_TLS13(s))) {
+            /* Only store the hostname in the session if we accepted it. */
+            OPENSSL_free(s->session->ext.hostname);
+            s->session->ext.hostname = OPENSSL_strdup(s->ext.hostname);
+            if (s->session->ext.hostname == NULL && s->ext.hostname != NULL) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_FINAL_SERVER_NAME,
+                         ERR_R_INTERNAL_ERROR);
+            }
+        }
+    }
+
+    /*
+     * If we switched contexts (whether here or in the client_hello callback),
+     * move the sess_accept increment from the session_ctx to the new
+     * context, to avoid the confusing situation of having sess_accept_good
+     * exceed sess_accept (zero) for the new context.
+     */
+    if (SSL_IS_FIRST_HANDSHAKE(s) && s->ctx != s->session_ctx) {
+        tsan_counter(&s->ctx->stats.sess_accept);
+        tsan_counter(&s->session_ctx->stats.sess_accept);
+    }
+
+    /*
+     * If we're expecting to send a ticket, and tickets were previously enabled,
+     * and now tickets are disabled, then turn off expected ticket.
+     * Also, if this is not a resumption, create a new session ID
+     */
+    if (ret == SSL_TLSEXT_ERR_OK && s->ext.ticket_expected
+            && was_ticket && (SSL_get_options(s) & SSL_OP_NO_TICKET) != 0) {
+        s->ext.ticket_expected = 0;
+        if (!s->hit) {
+            SSL_SESSION* ss = SSL_get_session(s);
+
+            if (ss != NULL) {
+                OPENSSL_free(ss->ext.tick);
+                ss->ext.tick = NULL;
+                ss->ext.ticklen = 0;
+                ss->ext.tick_lifetime_hint = 0;
+                ss->ext.tick_age_add = 0;
+                ss->ext.tick_identity = 0;
+                if (!ssl_generate_session_id(s, ss)) {
+                    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_FINAL_SERVER_NAME,
+                             ERR_R_INTERNAL_ERROR);
+                    return 0;
+                }
+            } else {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_FINAL_SERVER_NAME,
+                         ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+        }
+    }
+
+    switch (ret) {
+    case SSL_TLSEXT_ERR_ALERT_FATAL:
+        SSLfatal(s, altmp, SSL_F_FINAL_SERVER_NAME, SSL_R_CALLBACK_FAILED);
+        return 0;
+
+    case SSL_TLSEXT_ERR_ALERT_WARNING:
+        /* TLSv1.3 doesn't have warning alerts so we suppress this */
+        if (!SSL_IS_TLS13(s))
+            ssl3_send_alert(s, SSL3_AL_WARNING, altmp);
+        return 1;
+
+    case SSL_TLSEXT_ERR_NOACK:
+        s->servername_done = 0;
+        return 1;
+
+    default:
+        return 1;
+    }
+}
+
+#ifndef OPENSSL_NO_EC
+static int final_ec_pt_formats(SSL *s, unsigned int context, int sent)
+{
+    unsigned long alg_k, alg_a;
+
+    if (s->server)
+        return 1;
+
+    alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+    alg_a = s->s3->tmp.new_cipher->algorithm_auth;
+
+    /*
+     * If we are client and using an elliptic curve cryptography cipher
+     * suite, then if server returns an EC point formats lists extension it
+     * must contain uncompressed.
+     */
+    if (s->ext.ecpointformats != NULL
+            && s->ext.ecpointformats_len > 0
+            && s->session->ext.ecpointformats != NULL
+            && s->session->ext.ecpointformats_len > 0
+            && ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA))) {
+        /* we are using an ECC cipher */
+        size_t i;
+        unsigned char *list = s->session->ext.ecpointformats;
+
+        for (i = 0; i < s->session->ext.ecpointformats_len; i++) {
+            if (*list++ == TLSEXT_ECPOINTFORMAT_uncompressed)
+                break;
+        }
+        if (i == s->session->ext.ecpointformats_len) {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_FINAL_EC_PT_FORMATS,
+                     SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST);
+            return 0;
+        }
+    }
+
+    return 1;
+}
+#endif
+
+static int init_session_ticket(SSL *s, unsigned int context)
+{
+    if (!s->server)
+        s->ext.ticket_expected = 0;
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_OCSP
+static int init_status_request(SSL *s, unsigned int context)
+{
+    if (s->server) {
+        s->ext.status_type = TLSEXT_STATUSTYPE_nothing;
+    } else {
+        /*
+         * Ensure we get sensible values passed to tlsext_status_cb in the event
+         * that we don't receive a status message
+         */
+        OPENSSL_free(s->ext.ocsp.resp);
+        s->ext.ocsp.resp = NULL;
+        s->ext.ocsp.resp_len = 0;
+    }
+
+    return 1;
+}
+#endif
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+static int init_npn(SSL *s, unsigned int context)
+{
+    s->s3->npn_seen = 0;
+
+    return 1;
+}
+#endif
+
+static int init_alpn(SSL *s, unsigned int context)
+{
+    OPENSSL_free(s->s3->alpn_selected);
+    s->s3->alpn_selected = NULL;
+    s->s3->alpn_selected_len = 0;
+    if (s->server) {
+        OPENSSL_free(s->s3->alpn_proposed);
+        s->s3->alpn_proposed = NULL;
+        s->s3->alpn_proposed_len = 0;
+    }
+    return 1;
+}
+
+static int final_alpn(SSL *s, unsigned int context, int sent)
+{
+    if (!s->server && !sent && s->session->ext.alpn_selected != NULL)
+            s->ext.early_data_ok = 0;
+
+    if (!s->server || !SSL_IS_TLS13(s))
+        return 1;
+
+    /*
+     * Call alpn_select callback if needed.  Has to be done after SNI and
+     * cipher negotiation (HTTP/2 restricts permitted ciphers). In TLSv1.3
+     * we also have to do this before we decide whether to accept early_data.
+     * In TLSv1.3 we've already negotiated our cipher so we do this call now.
+     * For < TLSv1.3 we defer it until after cipher negotiation.
+     *
+     * On failure SSLfatal() already called.
+     */
+    return tls_handle_alpn(s);
+}
+
+static int init_sig_algs(SSL *s, unsigned int context)
+{
+    /* Clear any signature algorithms extension received */
+    OPENSSL_free(s->s3->tmp.peer_sigalgs);
+    s->s3->tmp.peer_sigalgs = NULL;
+
+    return 1;
+}
+
+static int init_sig_algs_cert(SSL *s, unsigned int context)
+{
+    /* Clear any signature algorithms extension received */
+    OPENSSL_free(s->s3->tmp.peer_cert_sigalgs);
+    s->s3->tmp.peer_cert_sigalgs = NULL;
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_SRP
+static int init_srp(SSL *s, unsigned int context)
+{
+    OPENSSL_free(s->srp_ctx.login);
+    s->srp_ctx.login = NULL;
+
+    return 1;
+}
+#endif
+
+static int init_etm(SSL *s, unsigned int context)
+{
+    s->ext.use_etm = 0;
+
+    return 1;
+}
+
+static int init_ems(SSL *s, unsigned int context)
+{
+    if (!s->server)
+        s->s3->flags &= ~TLS1_FLAGS_RECEIVED_EXTMS;
+
+    return 1;
+}
+
+static int final_ems(SSL *s, unsigned int context, int sent)
+{
+    if (!s->server && s->hit) {
+        /*
+         * Check extended master secret extension is consistent with
+         * original session.
+         */
+        if (!(s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) !=
+            !(s->session->flags & SSL_SESS_FLAG_EXTMS)) {
+            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_FINAL_EMS,
+                     SSL_R_INCONSISTENT_EXTMS);
+            return 0;
+        }
+    }
+
+    return 1;
+}
+
+static int init_certificate_authorities(SSL *s, unsigned int context)
+{
+    sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
+    s->s3->tmp.peer_ca_names = NULL;
+    return 1;
+}
+
+static EXT_RETURN tls_construct_certificate_authorities(SSL *s, WPACKET *pkt,
+                                                        unsigned int context,
+                                                        X509 *x,
+                                                        size_t chainidx)
+{
+    const STACK_OF(X509_NAME) *ca_sk = SSL_get0_CA_list(s);
+
+    if (ca_sk == NULL || sk_X509_NAME_num(ca_sk) == 0)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_certificate_authorities)
+        || !WPACKET_start_sub_packet_u16(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CERTIFICATE_AUTHORITIES,
+               ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    if (!construct_ca_names(s, pkt)) {
+        /* SSLfatal() already called */
+        return EXT_RETURN_FAIL;
+    }
+
+    if (!WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CERTIFICATE_AUTHORITIES,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+static int tls_parse_certificate_authorities(SSL *s, PACKET *pkt,
+                                             unsigned int context, X509 *x,
+                                             size_t chainidx)
+{
+    if (!parse_ca_names(s, pkt))
+        return 0;
+    if (PACKET_remaining(pkt) != 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_PARSE_CERTIFICATE_AUTHORITIES, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+    return 1;
+}
+
+#ifndef OPENSSL_NO_SRTP
+static int init_srtp(SSL *s, unsigned int context)
+{
+    if (s->server)
+        s->srtp_profile = NULL;
+
+    return 1;
+}
+#endif
+
+static int final_sig_algs(SSL *s, unsigned int context, int sent)
+{
+    if (!sent && SSL_IS_TLS13(s) && !s->hit) {
+        SSLfatal(s, TLS13_AD_MISSING_EXTENSION, SSL_F_FINAL_SIG_ALGS,
+                 SSL_R_MISSING_SIGALGS_EXTENSION);
+        return 0;
+    }
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_EC
+static int final_key_share(SSL *s, unsigned int context, int sent)
+{
+    if (!SSL_IS_TLS13(s))
+        return 1;
+
+    /* Nothing to do for key_share in an HRR */
+    if ((context & SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST) != 0)
+        return 1;
+
+    /*
+     * If
+     *     we are a client
+     *     AND
+     *     we have no key_share
+     *     AND
+     *     (we are not resuming
+     *      OR the kex_mode doesn't allow non key_share resumes)
+     * THEN
+     *     fail;
+     */
+    if (!s->server
+            && !sent
+            && (!s->hit
+                || (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE) == 0)) {
+        /* Nothing left we can do - just fail */
+        SSLfatal(s, SSL_AD_MISSING_EXTENSION, SSL_F_FINAL_KEY_SHARE,
+                 SSL_R_NO_SUITABLE_KEY_SHARE);
+        return 0;
+    }
+    /*
+     * IF
+     *     we are a server
+     * THEN
+     *     IF
+     *         we have a suitable key_share
+     *     THEN
+     *         IF
+     *             we are stateless AND we have no cookie
+     *         THEN
+     *             send a HelloRetryRequest
+     *     ELSE
+     *         IF
+     *             we didn't already send a HelloRetryRequest
+     *             AND
+     *             the client sent a key_share extension
+     *             AND
+     *             (we are not resuming
+     *              OR the kex_mode allows key_share resumes)
+     *             AND
+     *             a shared group exists
+     *         THEN
+     *             send a HelloRetryRequest
+     *         ELSE IF
+     *             we are not resuming
+     *             OR
+     *             the kex_mode doesn't allow non key_share resumes
+     *         THEN
+     *             fail
+     *         ELSE IF
+     *             we are stateless AND we have no cookie
+     *         THEN
+     *             send a HelloRetryRequest
+     */
+    if (s->server) {
+        if (s->s3->peer_tmp != NULL) {
+            /* We have a suitable key_share */
+            if ((s->s3->flags & TLS1_FLAGS_STATELESS) != 0
+                    && !s->ext.cookieok) {
+                if (!ossl_assert(s->hello_retry_request == SSL_HRR_NONE)) {
+                    /*
+                     * If we are stateless then we wouldn't know about any
+                     * previously sent HRR - so how can this be anything other
+                     * than 0?
+                     */
+                    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_FINAL_KEY_SHARE,
+                             ERR_R_INTERNAL_ERROR);
+                    return 0;
+                }
+                s->hello_retry_request = SSL_HRR_PENDING;
+                return 1;
+            }
+        } else {
+            /* No suitable key_share */
+            if (s->hello_retry_request == SSL_HRR_NONE && sent
+                    && (!s->hit
+                        || (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE_DHE)
+                           != 0)) {
+                const uint16_t *pgroups, *clntgroups;
+                size_t num_groups, clnt_num_groups, i;
+                unsigned int group_id = 0;
+
+                /* Check if a shared group exists */
+
+                /* Get the clients list of supported groups. */
+                tls1_get_peer_groups(s, &clntgroups, &clnt_num_groups);
+                tls1_get_supported_groups(s, &pgroups, &num_groups);
+
+                /*
+                 * Find the first group we allow that is also in client's list
+                 */
+                for (i = 0; i < num_groups; i++) {
+                    group_id = pgroups[i];
+
+                    if (check_in_list(s, group_id, clntgroups, clnt_num_groups,
+                                      1))
+                        break;
+                }
+
+                if (i < num_groups) {
+                    /* A shared group exists so send a HelloRetryRequest */
+                    s->s3->group_id = group_id;
+                    s->hello_retry_request = SSL_HRR_PENDING;
+                    return 1;
+                }
+            }
+            if (!s->hit
+                    || (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE) == 0) {
+                /* Nothing left we can do - just fail */
+                SSLfatal(s, sent ? SSL_AD_HANDSHAKE_FAILURE
+                                 : SSL_AD_MISSING_EXTENSION,
+                         SSL_F_FINAL_KEY_SHARE, SSL_R_NO_SUITABLE_KEY_SHARE);
+                return 0;
+            }
+
+            if ((s->s3->flags & TLS1_FLAGS_STATELESS) != 0
+                    && !s->ext.cookieok) {
+                if (!ossl_assert(s->hello_retry_request == SSL_HRR_NONE)) {
+                    /*
+                     * If we are stateless then we wouldn't know about any
+                     * previously sent HRR - so how can this be anything other
+                     * than 0?
+                     */
+                    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_FINAL_KEY_SHARE,
+                             ERR_R_INTERNAL_ERROR);
+                    return 0;
+                }
+                s->hello_retry_request = SSL_HRR_PENDING;
+                return 1;
+            }
+        }
+
+        /*
+         * We have a key_share so don't send any more HelloRetryRequest
+         * messages
+         */
+        if (s->hello_retry_request == SSL_HRR_PENDING)
+            s->hello_retry_request = SSL_HRR_COMPLETE;
+    } else {
+        /*
+         * For a client side resumption with no key_share we need to generate
+         * the handshake secret (otherwise this is done during key_share
+         * processing).
+         */
+        if (!sent && !tls13_generate_handshake_secret(s, NULL, 0)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_FINAL_KEY_SHARE,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+    }
+
+    return 1;
+}
+#endif
+
+static int init_psk_kex_modes(SSL *s, unsigned int context)
+{
+    s->ext.psk_kex_mode = TLSEXT_KEX_MODE_FLAG_NONE;
+    return 1;
+}
+
+int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart,
+                      size_t binderoffset, const unsigned char *binderin,
+                      unsigned char *binderout, SSL_SESSION *sess, int sign,
+                      int external)
+{
+    EVP_PKEY *mackey = NULL;
+    EVP_MD_CTX *mctx = NULL;
+    unsigned char hash[EVP_MAX_MD_SIZE], binderkey[EVP_MAX_MD_SIZE];
+    unsigned char finishedkey[EVP_MAX_MD_SIZE], tmpbinder[EVP_MAX_MD_SIZE];
+    unsigned char *early_secret;
+    static const unsigned char resumption_label[] = "res binder";
+    static const unsigned char external_label[] = "ext binder";
+    const unsigned char *label;
+    size_t bindersize, labelsize, hashsize;
+    int hashsizei = EVP_MD_size(md);
+    int ret = -1;
+    int usepskfored = 0;
+
+    /* Ensure cast to size_t is safe */
+    if (!ossl_assert(hashsizei >= 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    hashsize = (size_t)hashsizei;
+
+    if (external
+            && s->early_data_state == SSL_EARLY_DATA_CONNECTING
+            && s->session->ext.max_early_data == 0
+            && sess->ext.max_early_data > 0)
+        usepskfored = 1;
+
+    if (external) {
+        label = external_label;
+        labelsize = sizeof(external_label) - 1;
+    } else {
+        label = resumption_label;
+        labelsize = sizeof(resumption_label) - 1;
+    }
+
+    /*
+     * Generate the early_secret. On the server side we've selected a PSK to
+     * resume with (internal or external) so we always do this. On the client
+     * side we do this for a non-external (i.e. resumption) PSK or external PSK
+     * that will be used for early_data so that it is in place for sending early
+     * data. For client side external PSK not being used for early_data we
+     * generate it but store it away for later use.
+     */
+    if (s->server || !external || usepskfored)
+        early_secret = (unsigned char *)s->early_secret;
+    else
+        early_secret = (unsigned char *)sess->early_secret;
+
+    if (!tls13_generate_secret(s, md, NULL, sess->master_key,
+                               sess->master_key_length, early_secret)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    /*
+     * Create the handshake hash for the binder key...the messages so far are
+     * empty!
+     */
+    mctx = EVP_MD_CTX_new();
+    if (mctx == NULL
+            || EVP_DigestInit_ex(mctx, md, NULL) <= 0
+            || EVP_DigestFinal_ex(mctx, hash, NULL) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    /* Generate the binder key */
+    if (!tls13_hkdf_expand(s, md, early_secret, label, labelsize, hash,
+                           hashsize, binderkey, hashsize)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    /* Generate the finished key */
+    if (!tls13_derive_finishedkey(s, md, binderkey, finishedkey, hashsize)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    if (EVP_DigestInit_ex(mctx, md, NULL) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    /*
+     * Get a hash of the ClientHello up to the start of the binders. If we are
+     * following a HelloRetryRequest then this includes the hash of the first
+     * ClientHello and the HelloRetryRequest itself.
+     */
+    if (s->hello_retry_request == SSL_HRR_PENDING) {
+        size_t hdatalen;
+        void *hdata;
+
+        hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
+        if (hdatalen <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
+                     SSL_R_BAD_HANDSHAKE_LENGTH);
+            goto err;
+        }
+
+        /*
+         * For servers the handshake buffer data will include the second
+         * ClientHello - which we don't want - so we need to take that bit off.
+         */
+        if (s->server) {
+            PACKET hashprefix, msg;
+
+            /* Find how many bytes are left after the first two messages */
+            if (!PACKET_buf_init(&hashprefix, hdata, hdatalen)
+                    || !PACKET_forward(&hashprefix, 1)
+                    || !PACKET_get_length_prefixed_3(&hashprefix, &msg)
+                    || !PACKET_forward(&hashprefix, 1)
+                    || !PACKET_get_length_prefixed_3(&hashprefix, &msg)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
+                         ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            hdatalen -= PACKET_remaining(&hashprefix);
+        }
+
+        if (EVP_DigestUpdate(mctx, hdata, hdatalen) <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+    }
+
+    if (EVP_DigestUpdate(mctx, msgstart, binderoffset) <= 0
+            || EVP_DigestFinal_ex(mctx, hash, NULL) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    mackey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, finishedkey,
+                                          hashsize);
+    if (mackey == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    if (!sign)
+        binderout = tmpbinder;
+
+    bindersize = hashsize;
+    if (EVP_DigestSignInit(mctx, NULL, md, NULL, mackey) <= 0
+            || EVP_DigestSignUpdate(mctx, hash, hashsize) <= 0
+            || EVP_DigestSignFinal(mctx, binderout, &bindersize) <= 0
+            || bindersize != hashsize) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    if (sign) {
+        ret = 1;
+    } else {
+        /* HMAC keys can't do EVP_DigestVerify* - use CRYPTO_memcmp instead */
+        ret = (CRYPTO_memcmp(binderin, binderout, hashsize) == 0);
+        if (!ret)
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PSK_DO_BINDER,
+                     SSL_R_BINDER_DOES_NOT_VERIFY);
+    }
+
+ err:
+    OPENSSL_cleanse(binderkey, sizeof(binderkey));
+    OPENSSL_cleanse(finishedkey, sizeof(finishedkey));
+    EVP_PKEY_free(mackey);
+    EVP_MD_CTX_free(mctx);
+
+    return ret;
+}
+
+static int final_early_data(SSL *s, unsigned int context, int sent)
+{
+    if (!sent)
+        return 1;
+
+    if (!s->server) {
+        if (context == SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS
+                && sent
+                && !s->ext.early_data_ok) {
+            /*
+             * If we get here then the server accepted our early_data but we
+             * later realised that it shouldn't have done (e.g. inconsistent
+             * ALPN)
+             */
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_FINAL_EARLY_DATA,
+                     SSL_R_BAD_EARLY_DATA);
+            return 0;
+        }
+
+        return 1;
+    }
+
+    if (s->max_early_data == 0
+            || !s->hit
+            || s->session->ext.tick_identity != 0
+            || s->early_data_state != SSL_EARLY_DATA_ACCEPTING
+            || !s->ext.early_data_ok
+            || s->hello_retry_request != SSL_HRR_NONE
+            || (s->ctx->allow_early_data_cb != NULL
+                && !s->ctx->allow_early_data_cb(s,
+                                         s->ctx->allow_early_data_cb_data))) {
+        s->ext.early_data = SSL_EARLY_DATA_REJECTED;
+    } else {
+        s->ext.early_data = SSL_EARLY_DATA_ACCEPTED;
+
+        if (!tls13_change_cipher_state(s,
+                    SSL3_CC_EARLY | SSL3_CHANGE_CIPHER_SERVER_READ)) {
+            /* SSLfatal() already called */
+            return 0;
+        }
+    }
+
+    return 1;
+}
+
+static int final_maxfragmentlen(SSL *s, unsigned int context, int sent)
+{
+    /*
+     * Session resumption on server-side with MFL extension active
+     *  BUT MFL extension packet was not resent (i.e. sent == 0)
+     */
+    if (s->server && s->hit && USE_MAX_FRAGMENT_LENGTH_EXT(s->session)
+            && !sent ) {
+        SSLfatal(s, SSL_AD_MISSING_EXTENSION, SSL_F_FINAL_MAXFRAGMENTLEN,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    /* Current SSL buffer is lower than requested MFL */
+    if (s->session && USE_MAX_FRAGMENT_LENGTH_EXT(s->session)
+            && s->max_send_fragment < GET_MAX_FRAGMENT_LENGTH(s->session))
+        /* trigger a larger buffer reallocation */
+        if (!ssl3_setup_buffers(s)) {
+            /* SSLfatal() already called */
+            return 0;
+        }
+
+    return 1;
+}
+
+static int init_post_handshake_auth(SSL *s, unsigned int context)
+{
+    s->post_handshake_auth = SSL_PHA_NONE;
+
+    return 1;
+}
diff --git a/freebsd/crypto/openssl/ssl/statem/extensions_clnt.c b/freebsd/crypto/openssl/ssl/statem/extensions_clnt.c
new file mode 100644
index 00000000..d58ae79b
--- /dev/null
+++ b/freebsd/crypto/openssl/ssl/statem/extensions_clnt.c
@@ -0,0 +1,1990 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/ocsp.h>
+#include "../ssl_locl.h"
+#include "internal/cryptlib.h"
+#include "statem_locl.h"
+
+EXT_RETURN tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt,
+                                          unsigned int context, X509 *x,
+                                          size_t chainidx)
+{
+    /* Add RI if renegotiating */
+    if (!s->renegotiate)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_renegotiate)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_sub_memcpy_u8(pkt, s->s3->previous_client_finished,
+                               s->s3->previous_client_finished_len)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+EXT_RETURN tls_construct_ctos_server_name(SSL *s, WPACKET *pkt,
+                                          unsigned int context, X509 *x,
+                                          size_t chainidx)
+{
+    if (s->ext.hostname == NULL)
+        return EXT_RETURN_NOT_SENT;
+
+    /* Add TLS extension servername to the Client Hello message */
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_server_name)
+               /* Sub-packet for server_name extension */
+            || !WPACKET_start_sub_packet_u16(pkt)
+               /* Sub-packet for servername list (always 1 hostname)*/
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_put_bytes_u8(pkt, TLSEXT_NAMETYPE_host_name)
+            || !WPACKET_sub_memcpy_u16(pkt, s->ext.hostname,
+                                       strlen(s->ext.hostname))
+            || !WPACKET_close(pkt)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_SERVER_NAME,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+/* Push a Max Fragment Len extension into ClientHello */
+EXT_RETURN tls_construct_ctos_maxfragmentlen(SSL *s, WPACKET *pkt,
+                                             unsigned int context, X509 *x,
+                                             size_t chainidx)
+{
+    if (s->ext.max_fragment_len_mode == TLSEXT_max_fragment_length_DISABLED)
+        return EXT_RETURN_NOT_SENT;
+
+    /* Add Max Fragment Length extension if client enabled it. */
+    /*-
+     * 4 bytes for this extension type and extension length
+     * 1 byte for the Max Fragment Length code value.
+     */
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_max_fragment_length)
+            /* Sub-packet for Max Fragment Length extension (1 byte) */
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_put_bytes_u8(pkt, s->ext.max_fragment_len_mode)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CTOS_MAXFRAGMENTLEN, ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+#ifndef OPENSSL_NO_SRP
+EXT_RETURN tls_construct_ctos_srp(SSL *s, WPACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx)
+{
+    /* Add SRP username if there is one */
+    if (s->srp_ctx.login == NULL)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_srp)
+               /* Sub-packet for SRP extension */
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_start_sub_packet_u8(pkt)
+               /* login must not be zero...internal error if so */
+            || !WPACKET_set_flags(pkt, WPACKET_FLAGS_NON_ZERO_LENGTH)
+            || !WPACKET_memcpy(pkt, s->srp_ctx.login,
+                               strlen(s->srp_ctx.login))
+            || !WPACKET_close(pkt)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_SRP,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+#endif
+
+#ifndef OPENSSL_NO_EC
+static int use_ecc(SSL *s)
+{
+    int i, end;
+    unsigned long alg_k, alg_a;
+    STACK_OF(SSL_CIPHER) *cipher_stack = NULL;
+
+    /* See if we support any ECC ciphersuites */
+    if (s->version == SSL3_VERSION)
+        return 0;
+
+    cipher_stack = SSL_get_ciphers(s);
+    end = sk_SSL_CIPHER_num(cipher_stack);
+    for (i = 0; i < end; i++) {
+        const SSL_CIPHER *c = sk_SSL_CIPHER_value(cipher_stack, i);
+
+        alg_k = c->algorithm_mkey;
+        alg_a = c->algorithm_auth;
+        if ((alg_k & (SSL_kECDHE | SSL_kECDHEPSK))
+                || (alg_a & SSL_aECDSA)
+                || c->min_tls >= TLS1_3_VERSION)
+            return 1;
+    }
+
+    return 0;
+}
+
+EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt,
+                                            unsigned int context, X509 *x,
+                                            size_t chainidx)
+{
+    const unsigned char *pformats;
+    size_t num_formats;
+
+    if (!use_ecc(s))
+        return EXT_RETURN_NOT_SENT;
+
+    /* Add TLS extension ECPointFormats to the ClientHello message */
+    tls1_get_formatlist(s, &pformats, &num_formats);
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_ec_point_formats)
+               /* Sub-packet for formats extension */
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_sub_memcpy_u8(pkt, pformats, num_formats)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CTOS_EC_PT_FORMATS, ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt,
+                                               unsigned int context, X509 *x,
+                                               size_t chainidx)
+{
+    const uint16_t *pgroups = NULL;
+    size_t num_groups = 0, i;
+
+    if (!use_ecc(s))
+        return EXT_RETURN_NOT_SENT;
+
+    /*
+     * Add TLS extension supported_groups to the ClientHello message
+     */
+    /* TODO(TLS1.3): Add support for DHE groups */
+    tls1_get_supported_groups(s, &pgroups, &num_groups);
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_groups)
+               /* Sub-packet for supported_groups extension */
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_start_sub_packet_u16(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+    /* Copy curve ID if supported */
+    for (i = 0; i < num_groups; i++) {
+        uint16_t ctmp = pgroups[i];
+
+        if (tls_curve_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED)) {
+            if (!WPACKET_put_bytes_u16(pkt, ctmp)) {
+                    SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                             SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS,
+                             ERR_R_INTERNAL_ERROR);
+                    return EXT_RETURN_FAIL;
+                }
+        }
+    }
+    if (!WPACKET_close(pkt) || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+#endif
+
+EXT_RETURN tls_construct_ctos_session_ticket(SSL *s, WPACKET *pkt,
+                                             unsigned int context, X509 *x,
+                                             size_t chainidx)
+{
+    size_t ticklen;
+
+    if (!tls_use_ticket(s))
+        return EXT_RETURN_NOT_SENT;
+
+    if (!s->new_session && s->session != NULL
+            && s->session->ext.tick != NULL
+            && s->session->ssl_version != TLS1_3_VERSION) {
+        ticklen = s->session->ext.ticklen;
+    } else if (s->session && s->ext.session_ticket != NULL
+               && s->ext.session_ticket->data != NULL) {
+        ticklen = s->ext.session_ticket->length;
+        s->session->ext.tick = OPENSSL_malloc(ticklen);
+        if (s->session->ext.tick == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_CTOS_SESSION_TICKET,
+                     ERR_R_INTERNAL_ERROR);
+            return EXT_RETURN_FAIL;
+        }
+        memcpy(s->session->ext.tick,
+               s->ext.session_ticket->data, ticklen);
+        s->session->ext.ticklen = ticklen;
+    } else {
+        ticklen = 0;
+    }
+
+    if (ticklen == 0 && s->ext.session_ticket != NULL &&
+            s->ext.session_ticket->data == NULL)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_session_ticket)
+            || !WPACKET_sub_memcpy_u16(pkt, s->session->ext.tick, ticklen)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CTOS_SESSION_TICKET, ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+EXT_RETURN tls_construct_ctos_sig_algs(SSL *s, WPACKET *pkt,
+                                       unsigned int context, X509 *x,
+                                       size_t chainidx)
+{
+    size_t salglen;
+    const uint16_t *salg;
+
+    if (!SSL_CLIENT_USE_SIGALGS(s))
+        return EXT_RETURN_NOT_SENT;
+
+    salglen = tls12_get_psigalgs(s, 1, &salg);
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_signature_algorithms)
+               /* Sub-packet for sig-algs extension */
+            || !WPACKET_start_sub_packet_u16(pkt)
+               /* Sub-packet for the actual list */
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !tls12_copy_sigalgs(s, pkt, salg, salglen)
+            || !WPACKET_close(pkt)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_SIG_ALGS,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+#ifndef OPENSSL_NO_OCSP
+EXT_RETURN tls_construct_ctos_status_request(SSL *s, WPACKET *pkt,
+                                             unsigned int context, X509 *x,
+                                             size_t chainidx)
+{
+    int i;
+
+    /* This extension isn't defined for client Certificates */
+    if (x != NULL)
+        return EXT_RETURN_NOT_SENT;
+
+    if (s->ext.status_type != TLSEXT_STATUSTYPE_ocsp)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_status_request)
+               /* Sub-packet for status request extension */
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_put_bytes_u8(pkt, TLSEXT_STATUSTYPE_ocsp)
+               /* Sub-packet for the ids */
+            || !WPACKET_start_sub_packet_u16(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST, ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+    for (i = 0; i < sk_OCSP_RESPID_num(s->ext.ocsp.ids); i++) {
+        unsigned char *idbytes;
+        OCSP_RESPID *id = sk_OCSP_RESPID_value(s->ext.ocsp.ids, i);
+        int idlen = i2d_OCSP_RESPID(id, NULL);
+
+        if (idlen <= 0
+                   /* Sub-packet for an individual id */
+                || !WPACKET_sub_allocate_bytes_u16(pkt, idlen, &idbytes)
+                || i2d_OCSP_RESPID(id, &idbytes) != idlen) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST,
+                     ERR_R_INTERNAL_ERROR);
+            return EXT_RETURN_FAIL;
+        }
+    }
+    if (!WPACKET_close(pkt)
+            || !WPACKET_start_sub_packet_u16(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST, ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+    if (s->ext.ocsp.exts) {
+        unsigned char *extbytes;
+        int extlen = i2d_X509_EXTENSIONS(s->ext.ocsp.exts, NULL);
+
+        if (extlen < 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST,
+                     ERR_R_INTERNAL_ERROR);
+            return EXT_RETURN_FAIL;
+        }
+        if (!WPACKET_allocate_bytes(pkt, extlen, &extbytes)
+                || i2d_X509_EXTENSIONS(s->ext.ocsp.exts, &extbytes)
+                   != extlen) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST,
+                     ERR_R_INTERNAL_ERROR);
+            return EXT_RETURN_FAIL;
+       }
+    }
+    if (!WPACKET_close(pkt) || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST, ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+#endif
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+EXT_RETURN tls_construct_ctos_npn(SSL *s, WPACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx)
+{
+    if (s->ctx->ext.npn_select_cb == NULL || !SSL_IS_FIRST_HANDSHAKE(s))
+        return EXT_RETURN_NOT_SENT;
+
+    /*
+     * The client advertises an empty extension to indicate its support
+     * for Next Protocol Negotiation
+     */
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_next_proto_neg)
+            || !WPACKET_put_bytes_u16(pkt, 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_NPN,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+#endif
+
+EXT_RETURN tls_construct_ctos_alpn(SSL *s, WPACKET *pkt, unsigned int context,
+                                   X509 *x, size_t chainidx)
+{
+    s->s3->alpn_sent = 0;
+
+    if (s->ext.alpn == NULL || !SSL_IS_FIRST_HANDSHAKE(s))
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt,
+                TLSEXT_TYPE_application_layer_protocol_negotiation)
+               /* Sub-packet ALPN extension */
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_sub_memcpy_u16(pkt, s->ext.alpn, s->ext.alpn_len)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_ALPN,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+    s->s3->alpn_sent = 1;
+
+    return EXT_RETURN_SENT;
+}
+
+
+#ifndef OPENSSL_NO_SRTP
+EXT_RETURN tls_construct_ctos_use_srtp(SSL *s, WPACKET *pkt,
+                                       unsigned int context, X509 *x,
+                                       size_t chainidx)
+{
+    STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = SSL_get_srtp_profiles(s);
+    int i, end;
+
+    if (clnt == NULL)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_use_srtp)
+               /* Sub-packet for SRTP extension */
+            || !WPACKET_start_sub_packet_u16(pkt)
+               /* Sub-packet for the protection profile list */
+            || !WPACKET_start_sub_packet_u16(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_USE_SRTP,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    end = sk_SRTP_PROTECTION_PROFILE_num(clnt);
+    for (i = 0; i < end; i++) {
+        const SRTP_PROTECTION_PROFILE *prof =
+            sk_SRTP_PROTECTION_PROFILE_value(clnt, i);
+
+        if (prof == NULL || !WPACKET_put_bytes_u16(pkt, prof->id)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_CTOS_USE_SRTP, ERR_R_INTERNAL_ERROR);
+            return EXT_RETURN_FAIL;
+        }
+    }
+    if (!WPACKET_close(pkt)
+               /* Add an empty use_mki value */
+            || !WPACKET_put_bytes_u8(pkt, 0)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_USE_SRTP,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+#endif
+
+EXT_RETURN tls_construct_ctos_etm(SSL *s, WPACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx)
+{
+    if (s->options & SSL_OP_NO_ENCRYPT_THEN_MAC)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_encrypt_then_mac)
+            || !WPACKET_put_bytes_u16(pkt, 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_ETM,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+#ifndef OPENSSL_NO_CT
+EXT_RETURN tls_construct_ctos_sct(SSL *s, WPACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx)
+{
+    if (s->ct_validation_callback == NULL)
+        return EXT_RETURN_NOT_SENT;
+
+    /* Not defined for client Certificates */
+    if (x != NULL)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_signed_certificate_timestamp)
+            || !WPACKET_put_bytes_u16(pkt, 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_SCT,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+#endif
+
+EXT_RETURN tls_construct_ctos_ems(SSL *s, WPACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx)
+{
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_extended_master_secret)
+            || !WPACKET_put_bytes_u16(pkt, 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_EMS,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt,
+                                                 unsigned int context, X509 *x,
+                                                 size_t chainidx)
+{
+    int currv, min_version, max_version, reason;
+
+    reason = ssl_get_min_max_version(s, &min_version, &max_version, NULL);
+    if (reason != 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS, reason);
+        return EXT_RETURN_FAIL;
+    }
+
+    /*
+     * Don't include this if we can't negotiate TLSv1.3. We can do a straight
+     * comparison here because we will never be called in DTLS.
+     */
+    if (max_version < TLS1_3_VERSION)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_versions)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_start_sub_packet_u8(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    for (currv = max_version; currv >= min_version; currv--) {
+        if (!WPACKET_put_bytes_u16(pkt, currv)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS,
+                     ERR_R_INTERNAL_ERROR);
+            return EXT_RETURN_FAIL;
+        }
+    }
+    if (!WPACKET_close(pkt) || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+/*
+ * Construct a psk_kex_modes extension.
+ */
+EXT_RETURN tls_construct_ctos_psk_kex_modes(SSL *s, WPACKET *pkt,
+                                            unsigned int context, X509 *x,
+                                            size_t chainidx)
+{
+#ifndef OPENSSL_NO_TLS1_3
+    int nodhe = s->options & SSL_OP_ALLOW_NO_DHE_KEX;
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_psk_kex_modes)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_start_sub_packet_u8(pkt)
+            || !WPACKET_put_bytes_u8(pkt, TLSEXT_KEX_MODE_KE_DHE)
+            || (nodhe && !WPACKET_put_bytes_u8(pkt, TLSEXT_KEX_MODE_KE))
+            || !WPACKET_close(pkt)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CTOS_PSK_KEX_MODES, ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    s->ext.psk_kex_mode = TLSEXT_KEX_MODE_FLAG_KE_DHE;
+    if (nodhe)
+        s->ext.psk_kex_mode |= TLSEXT_KEX_MODE_FLAG_KE;
+#endif
+
+    return EXT_RETURN_SENT;
+}
+
+#ifndef OPENSSL_NO_TLS1_3
+static int add_key_share(SSL *s, WPACKET *pkt, unsigned int curve_id)
+{
+    unsigned char *encoded_point = NULL;
+    EVP_PKEY *key_share_key = NULL;
+    size_t encodedlen;
+
+    if (s->s3->tmp.pkey != NULL) {
+        if (!ossl_assert(s->hello_retry_request == SSL_HRR_PENDING)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_ADD_KEY_SHARE,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+        /*
+         * Could happen if we got an HRR that wasn't requesting a new key_share
+         */
+        key_share_key = s->s3->tmp.pkey;
+    } else {
+        key_share_key = ssl_generate_pkey_group(s, curve_id);
+        if (key_share_key == NULL) {
+            /* SSLfatal() already called */
+            return 0;
+        }
+    }
+
+    /* Encode the public key. */
+    encodedlen = EVP_PKEY_get1_tls_encodedpoint(key_share_key,
+                                                &encoded_point);
+    if (encodedlen == 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_ADD_KEY_SHARE, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    /* Create KeyShareEntry */
+    if (!WPACKET_put_bytes_u16(pkt, curve_id)
+            || !WPACKET_sub_memcpy_u16(pkt, encoded_point, encodedlen)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_ADD_KEY_SHARE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    /*
+     * TODO(TLS1.3): When changing to send more than one key_share we're
+     * going to need to be able to save more than one EVP_PKEY. For now
+     * we reuse the existing tmp.pkey
+     */
+    s->s3->tmp.pkey = key_share_key;
+    s->s3->group_id = curve_id;
+    OPENSSL_free(encoded_point);
+
+    return 1;
+ err:
+    if (s->s3->tmp.pkey == NULL)
+        EVP_PKEY_free(key_share_key);
+    OPENSSL_free(encoded_point);
+    return 0;
+}
+#endif
+
+EXT_RETURN tls_construct_ctos_key_share(SSL *s, WPACKET *pkt,
+                                        unsigned int context, X509 *x,
+                                        size_t chainidx)
+{
+#ifndef OPENSSL_NO_TLS1_3
+    size_t i, num_groups = 0;
+    const uint16_t *pgroups = NULL;
+    uint16_t curve_id = 0;
+
+    /* key_share extension */
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_key_share)
+               /* Extension data sub-packet */
+            || !WPACKET_start_sub_packet_u16(pkt)
+               /* KeyShare list sub-packet */
+            || !WPACKET_start_sub_packet_u16(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    tls1_get_supported_groups(s, &pgroups, &num_groups);
+
+    /*
+     * TODO(TLS1.3): Make the number of key_shares sent configurable. For
+     * now, just send one
+     */
+    if (s->s3->group_id != 0) {
+        curve_id = s->s3->group_id;
+    } else {
+        for (i = 0; i < num_groups; i++) {
+
+            if (!tls_curve_allowed(s, pgroups[i], SSL_SECOP_CURVE_SUPPORTED))
+                continue;
+
+            curve_id = pgroups[i];
+            break;
+        }
+    }
+
+    if (curve_id == 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE,
+                 SSL_R_NO_SUITABLE_KEY_SHARE);
+        return EXT_RETURN_FAIL;
+    }
+
+    if (!add_key_share(s, pkt, curve_id)) {
+        /* SSLfatal() already called */
+        return EXT_RETURN_FAIL;
+    }
+
+    if (!WPACKET_close(pkt) || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+    return EXT_RETURN_SENT;
+#else
+    return EXT_RETURN_NOT_SENT;
+#endif
+}
+
+EXT_RETURN tls_construct_ctos_cookie(SSL *s, WPACKET *pkt, unsigned int context,
+                                     X509 *x, size_t chainidx)
+{
+    EXT_RETURN ret = EXT_RETURN_FAIL;
+
+    /* Should only be set if we've had an HRR */
+    if (s->ext.tls13_cookie_len == 0)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_cookie)
+               /* Extension data sub-packet */
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_sub_memcpy_u16(pkt, s->ext.tls13_cookie,
+                                       s->ext.tls13_cookie_len)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_COOKIE,
+                 ERR_R_INTERNAL_ERROR);
+        goto end;
+    }
+
+    ret = EXT_RETURN_SENT;
+ end:
+    OPENSSL_free(s->ext.tls13_cookie);
+    s->ext.tls13_cookie = NULL;
+    s->ext.tls13_cookie_len = 0;
+
+    return ret;
+}
+
+EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt,
+                                         unsigned int context, X509 *x,
+                                         size_t chainidx)
+{
+#ifndef OPENSSL_NO_PSK
+    char identity[PSK_MAX_IDENTITY_LEN + 1];
+#endif  /* OPENSSL_NO_PSK */
+    const unsigned char *id = NULL;
+    size_t idlen = 0;
+    SSL_SESSION *psksess = NULL;
+    SSL_SESSION *edsess = NULL;
+    const EVP_MD *handmd = NULL;
+
+    if (s->hello_retry_request == SSL_HRR_PENDING)
+        handmd = ssl_handshake_md(s);
+
+    if (s->psk_use_session_cb != NULL
+            && (!s->psk_use_session_cb(s, handmd, &id, &idlen, &psksess)
+                || (psksess != NULL
+                    && psksess->ssl_version != TLS1_3_VERSION))) {
+        SSL_SESSION_free(psksess);
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA,
+                 SSL_R_BAD_PSK);
+        return EXT_RETURN_FAIL;
+    }
+
+#ifndef OPENSSL_NO_PSK
+    if (psksess == NULL && s->psk_client_callback != NULL) {
+        unsigned char psk[PSK_MAX_PSK_LEN];
+        size_t psklen = 0;
+
+        memset(identity, 0, sizeof(identity));
+        psklen = s->psk_client_callback(s, NULL, identity, sizeof(identity) - 1,
+                                        psk, sizeof(psk));
+
+        if (psklen > PSK_MAX_PSK_LEN) {
+            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                     SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA, ERR_R_INTERNAL_ERROR);
+            return EXT_RETURN_FAIL;
+        } else if (psklen > 0) {
+            const unsigned char tls13_aes128gcmsha256_id[] = { 0x13, 0x01 };
+            const SSL_CIPHER *cipher;
+
+            idlen = strlen(identity);
+            if (idlen > PSK_MAX_IDENTITY_LEN) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA,
+                         ERR_R_INTERNAL_ERROR);
+                return EXT_RETURN_FAIL;
+            }
+            id = (unsigned char *)identity;
+
+            /*
+             * We found a PSK using an old style callback. We don't know
+             * the digest so we default to SHA256 as per the TLSv1.3 spec
+             */
+            cipher = SSL_CIPHER_find(s, tls13_aes128gcmsha256_id);
+            if (cipher == NULL) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA,
+                         ERR_R_INTERNAL_ERROR);
+                return EXT_RETURN_FAIL;
+            }
+
+            psksess = SSL_SESSION_new();
+            if (psksess == NULL
+                    || !SSL_SESSION_set1_master_key(psksess, psk, psklen)
+                    || !SSL_SESSION_set_cipher(psksess, cipher)
+                    || !SSL_SESSION_set_protocol_version(psksess, TLS1_3_VERSION)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA,
+                         ERR_R_INTERNAL_ERROR);
+                OPENSSL_cleanse(psk, psklen);
+                return EXT_RETURN_FAIL;
+            }
+            OPENSSL_cleanse(psk, psklen);
+        }
+    }
+#endif  /* OPENSSL_NO_PSK */
+
+    SSL_SESSION_free(s->psksession);
+    s->psksession = psksess;
+    if (psksess != NULL) {
+        OPENSSL_free(s->psksession_id);
+        s->psksession_id = OPENSSL_memdup(id, idlen);
+        if (s->psksession_id == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA, ERR_R_INTERNAL_ERROR);
+            return EXT_RETURN_FAIL;
+        }
+        s->psksession_id_len = idlen;
+    }
+
+    if (s->early_data_state != SSL_EARLY_DATA_CONNECTING
+            || (s->session->ext.max_early_data == 0
+                && (psksess == NULL || psksess->ext.max_early_data == 0))) {
+        s->max_early_data = 0;
+        return EXT_RETURN_NOT_SENT;
+    }
+    edsess = s->session->ext.max_early_data != 0 ? s->session : psksess;
+    s->max_early_data = edsess->ext.max_early_data;
+
+    if (edsess->ext.hostname != NULL) {
+        if (s->ext.hostname == NULL
+                || (s->ext.hostname != NULL
+                    && strcmp(s->ext.hostname, edsess->ext.hostname) != 0)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA,
+                     SSL_R_INCONSISTENT_EARLY_DATA_SNI);
+            return EXT_RETURN_FAIL;
+        }
+    }
+
+    if ((s->ext.alpn == NULL && edsess->ext.alpn_selected != NULL)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA,
+                 SSL_R_INCONSISTENT_EARLY_DATA_ALPN);
+        return EXT_RETURN_FAIL;
+    }
+
+    /*
+     * Verify that we are offering an ALPN protocol consistent with the early
+     * data.
+     */
+    if (edsess->ext.alpn_selected != NULL) {
+        PACKET prots, alpnpkt;
+        int found = 0;
+
+        if (!PACKET_buf_init(&prots, s->ext.alpn, s->ext.alpn_len)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA, ERR_R_INTERNAL_ERROR);
+            return EXT_RETURN_FAIL;
+        }
+        while (PACKET_get_length_prefixed_1(&prots, &alpnpkt)) {
+            if (PACKET_equal(&alpnpkt, edsess->ext.alpn_selected,
+                             edsess->ext.alpn_selected_len)) {
+                found = 1;
+                break;
+            }
+        }
+        if (!found) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA,
+                     SSL_R_INCONSISTENT_EARLY_DATA_ALPN);
+            return EXT_RETURN_FAIL;
+        }
+    }
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_early_data)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    /*
+     * We set this to rejected here. Later, if the server acknowledges the
+     * extension, we set it to accepted.
+     */
+    s->ext.early_data = SSL_EARLY_DATA_REJECTED;
+    s->ext.early_data_ok = 1;
+
+    return EXT_RETURN_SENT;
+}
+
+#define F5_WORKAROUND_MIN_MSG_LEN   0xff
+#define F5_WORKAROUND_MAX_MSG_LEN   0x200
+
+/*
+ * PSK pre binder overhead =
+ *  2 bytes for TLSEXT_TYPE_psk
+ *  2 bytes for extension length
+ *  2 bytes for identities list length
+ *  2 bytes for identity length
+ *  4 bytes for obfuscated_ticket_age
+ *  2 bytes for binder list length
+ *  1 byte for binder length
+ * The above excludes the number of bytes for the identity itself and the
+ * subsequent binder bytes
+ */
+#define PSK_PRE_BINDER_OVERHEAD (2 + 2 + 2 + 2 + 4 + 2 + 1)
+
+EXT_RETURN tls_construct_ctos_padding(SSL *s, WPACKET *pkt,
+                                      unsigned int context, X509 *x,
+                                      size_t chainidx)
+{
+    unsigned char *padbytes;
+    size_t hlen;
+
+    if ((s->options & SSL_OP_TLSEXT_PADDING) == 0)
+        return EXT_RETURN_NOT_SENT;
+
+    /*
+     * Add padding to workaround bugs in F5 terminators. See RFC7685.
+     * This code calculates the length of all extensions added so far but
+     * excludes the PSK extension (because that MUST be written last). Therefore
+     * this extension MUST always appear second to last.
+     */
+    if (!WPACKET_get_total_written(pkt, &hlen)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_PADDING,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    /*
+     * If we're going to send a PSK then that will be written out after this
+     * extension, so we need to calculate how long it is going to be.
+     */
+    if (s->session->ssl_version == TLS1_3_VERSION
+            && s->session->ext.ticklen != 0
+            && s->session->cipher != NULL) {
+        const EVP_MD *md = ssl_md(s->session->cipher->algorithm2);
+
+        if (md != NULL) {
+            /*
+             * Add the fixed PSK overhead, the identity length and the binder
+             * length.
+             */
+            hlen +=  PSK_PRE_BINDER_OVERHEAD + s->session->ext.ticklen
+                     + EVP_MD_size(md);
+        }
+    }
+
+    if (hlen > F5_WORKAROUND_MIN_MSG_LEN && hlen < F5_WORKAROUND_MAX_MSG_LEN) {
+        /* Calculate the amount of padding we need to add */
+        hlen = F5_WORKAROUND_MAX_MSG_LEN - hlen;
+
+        /*
+         * Take off the size of extension header itself (2 bytes for type and
+         * 2 bytes for length bytes), but ensure that the extension is at least
+         * 1 byte long so as not to have an empty extension last (WebSphere 7.x,
+         * 8.x are intolerant of that condition)
+         */
+        if (hlen > 4)
+            hlen -= 4;
+        else
+            hlen = 1;
+
+        if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_padding)
+                || !WPACKET_sub_allocate_bytes_u16(pkt, hlen, &padbytes)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_PADDING,
+                     ERR_R_INTERNAL_ERROR);
+            return EXT_RETURN_FAIL;
+        }
+        memset(padbytes, 0, hlen);
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+/*
+ * Construct the pre_shared_key extension
+ */
+EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx)
+{
+#ifndef OPENSSL_NO_TLS1_3
+    uint32_t now, agesec, agems = 0;
+    size_t reshashsize = 0, pskhashsize = 0, binderoffset, msglen;
+    unsigned char *resbinder = NULL, *pskbinder = NULL, *msgstart = NULL;
+    const EVP_MD *handmd = NULL, *mdres = NULL, *mdpsk = NULL;
+    int dores = 0;
+
+    s->session->ext.tick_identity = TLSEXT_PSK_BAD_IDENTITY;
+
+    /*
+     * Note: At this stage of the code we only support adding a single
+     * resumption PSK. If we add support for multiple PSKs then the length
+     * calculations in the padding extension will need to be adjusted.
+     */
+
+    /*
+     * If this is an incompatible or new session then we have nothing to resume
+     * so don't add this extension.
+     */
+    if (s->session->ssl_version != TLS1_3_VERSION
+            || (s->session->ext.ticklen == 0 && s->psksession == NULL))
+        return EXT_RETURN_NOT_SENT;
+
+    if (s->hello_retry_request == SSL_HRR_PENDING)
+        handmd = ssl_handshake_md(s);
+
+    if (s->session->ext.ticklen != 0) {
+        /* Get the digest associated with the ciphersuite in the session */
+        if (s->session->cipher == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_PSK,
+                     ERR_R_INTERNAL_ERROR);
+            return EXT_RETURN_FAIL;
+        }
+        mdres = ssl_md(s->session->cipher->algorithm2);
+        if (mdres == NULL) {
+            /*
+             * Don't recognize this cipher so we can't use the session.
+             * Ignore it
+             */
+            goto dopsksess;
+        }
+
+        if (s->hello_retry_request == SSL_HRR_PENDING && mdres != handmd) {
+            /*
+             * Selected ciphersuite hash does not match the hash for the session
+             * so we can't use it.
+             */
+            goto dopsksess;
+        }
+
+        /*
+         * Technically the C standard just says time() returns a time_t and says
+         * nothing about the encoding of that type. In practice most
+         * implementations follow POSIX which holds it as an integral type in
+         * seconds since epoch. We've already made the assumption that we can do
+         * this in multiple places in the code, so portability shouldn't be an
+         * issue.
+         */
+        now = (uint32_t)time(NULL);
+        agesec = now - (uint32_t)s->session->time;
+        /*
+         * We calculate the age in seconds but the server may work in ms. Due to
+         * rounding errors we could overestimate the age by up to 1s. It is
+         * better to underestimate it. Otherwise, if the RTT is very short, when
+         * the server calculates the age reported by the client it could be
+         * bigger than the age calculated on the server - which should never
+         * happen.
+         */
+        if (agesec > 0)
+            agesec--;
+
+        if (s->session->ext.tick_lifetime_hint < agesec) {
+            /* Ticket is too old. Ignore it. */
+            goto dopsksess;
+        }
+
+        /*
+         * Calculate age in ms. We're just doing it to nearest second. Should be
+         * good enough.
+         */
+        agems = agesec * (uint32_t)1000;
+
+        if (agesec != 0 && agems / (uint32_t)1000 != agesec) {
+            /*
+             * Overflow. Shouldn't happen unless this is a *really* old session.
+             * If so we just ignore it.
+             */
+            goto dopsksess;
+        }
+
+        /*
+         * Obfuscate the age. Overflow here is fine, this addition is supposed
+         * to be mod 2^32.
+         */
+        agems += s->session->ext.tick_age_add;
+
+        reshashsize = EVP_MD_size(mdres);
+        dores = 1;
+    }
+
+ dopsksess:
+    if (!dores && s->psksession == NULL)
+        return EXT_RETURN_NOT_SENT;
+
+    if (s->psksession != NULL) {
+        mdpsk = ssl_md(s->psksession->cipher->algorithm2);
+        if (mdpsk == NULL) {
+            /*
+             * Don't recognize this cipher so we can't use the session.
+             * If this happens it's an application bug.
+             */
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_PSK,
+                     SSL_R_BAD_PSK);
+            return EXT_RETURN_FAIL;
+        }
+
+        if (s->hello_retry_request == SSL_HRR_PENDING && mdpsk != handmd) {
+            /*
+             * Selected ciphersuite hash does not match the hash for the PSK
+             * session. This is an application bug.
+             */
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_PSK,
+                     SSL_R_BAD_PSK);
+            return EXT_RETURN_FAIL;
+        }
+
+        pskhashsize = EVP_MD_size(mdpsk);
+    }
+
+    /* Create the extension, but skip over the binder for now */
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_psk)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_start_sub_packet_u16(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_PSK,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    if (dores) {
+        if (!WPACKET_sub_memcpy_u16(pkt, s->session->ext.tick,
+                                           s->session->ext.ticklen)
+                || !WPACKET_put_bytes_u32(pkt, agems)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_PSK,
+                     ERR_R_INTERNAL_ERROR);
+            return EXT_RETURN_FAIL;
+        }
+    }
+
+    if (s->psksession != NULL) {
+        if (!WPACKET_sub_memcpy_u16(pkt, s->psksession_id,
+                                    s->psksession_id_len)
+                || !WPACKET_put_bytes_u32(pkt, 0)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_PSK,
+                     ERR_R_INTERNAL_ERROR);
+            return EXT_RETURN_FAIL;
+        }
+    }
+
+    if (!WPACKET_close(pkt)
+            || !WPACKET_get_total_written(pkt, &binderoffset)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || (dores
+                && !WPACKET_sub_allocate_bytes_u8(pkt, reshashsize, &resbinder))
+            || (s->psksession != NULL
+                && !WPACKET_sub_allocate_bytes_u8(pkt, pskhashsize, &pskbinder))
+            || !WPACKET_close(pkt)
+            || !WPACKET_close(pkt)
+            || !WPACKET_get_total_written(pkt, &msglen)
+               /*
+                * We need to fill in all the sub-packet lengths now so we can
+                * calculate the HMAC of the message up to the binders
+                */
+            || !WPACKET_fill_lengths(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_PSK,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    msgstart = WPACKET_get_curr(pkt) - msglen;
+
+    if (dores
+            && tls_psk_do_binder(s, mdres, msgstart, binderoffset, NULL,
+                                 resbinder, s->session, 1, 0) != 1) {
+        /* SSLfatal() already called */
+        return EXT_RETURN_FAIL;
+    }
+
+    if (s->psksession != NULL
+            && tls_psk_do_binder(s, mdpsk, msgstart, binderoffset, NULL,
+                                 pskbinder, s->psksession, 1, 1) != 1) {
+        /* SSLfatal() already called */
+        return EXT_RETURN_FAIL;
+    }
+
+    if (dores)
+        s->session->ext.tick_identity = 0;
+    if (s->psksession != NULL)
+        s->psksession->ext.tick_identity = (dores ? 1 : 0);
+
+    return EXT_RETURN_SENT;
+#else
+    return EXT_RETURN_NOT_SENT;
+#endif
+}
+
+EXT_RETURN tls_construct_ctos_post_handshake_auth(SSL *s, WPACKET *pkt,
+                                                  unsigned int context,
+                                                  X509 *x, size_t chainidx)
+{
+#ifndef OPENSSL_NO_TLS1_3
+    if (!s->pha_enabled)
+        return EXT_RETURN_NOT_SENT;
+
+    /* construct extension - 0 length, no contents */
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_post_handshake_auth)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CTOS_POST_HANDSHAKE_AUTH,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    s->post_handshake_auth = SSL_PHA_EXT_SENT;
+
+    return EXT_RETURN_SENT;
+#else
+    return EXT_RETURN_NOT_SENT;
+#endif
+}
+
+
+/*
+ * Parse the server's renegotiation binding and abort if it's not right
+ */
+int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, unsigned int context,
+                               X509 *x, size_t chainidx)
+{
+    size_t expected_len = s->s3->previous_client_finished_len
+        + s->s3->previous_server_finished_len;
+    size_t ilen;
+    const unsigned char *data;
+
+    /* Check for logic errors */
+    if (!ossl_assert(expected_len == 0
+                     || s->s3->previous_client_finished_len != 0)
+        || !ossl_assert(expected_len == 0
+                        || s->s3->previous_server_finished_len != 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_RENEGOTIATE,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    /* Parse the length byte */
+    if (!PACKET_get_1_len(pkt, &ilen)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_RENEGOTIATE,
+                 SSL_R_RENEGOTIATION_ENCODING_ERR);
+        return 0;
+    }
+
+    /* Consistency check */
+    if (PACKET_remaining(pkt) != ilen) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_RENEGOTIATE,
+                 SSL_R_RENEGOTIATION_ENCODING_ERR);
+        return 0;
+    }
+
+    /* Check that the extension matches */
+    if (ilen != expected_len) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_RENEGOTIATE,
+                 SSL_R_RENEGOTIATION_MISMATCH);
+        return 0;
+    }
+
+    if (!PACKET_get_bytes(pkt, &data, s->s3->previous_client_finished_len)
+        || memcmp(data, s->s3->previous_client_finished,
+                  s->s3->previous_client_finished_len) != 0) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_RENEGOTIATE,
+                 SSL_R_RENEGOTIATION_MISMATCH);
+        return 0;
+    }
+
+    if (!PACKET_get_bytes(pkt, &data, s->s3->previous_server_finished_len)
+        || memcmp(data, s->s3->previous_server_finished,
+                  s->s3->previous_server_finished_len) != 0) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_RENEGOTIATE,
+                 SSL_R_RENEGOTIATION_MISMATCH);
+        return 0;
+    }
+    s->s3->send_connection_binding = 1;
+
+    return 1;
+}
+
+/* Parse the server's max fragment len extension packet */
+int tls_parse_stoc_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx)
+{
+    unsigned int value;
+
+    if (PACKET_remaining(pkt) != 1 || !PACKET_get_1(pkt, &value)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    /* |value| should contains a valid max-fragment-length code. */
+    if (!IS_MAX_FRAGMENT_LENGTH_EXT_VALID(value)) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                 SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN,
+                 SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH);
+        return 0;
+    }
+
+    /* Must be the same value as client-configured one who was sent to server */
+    /*-
+     * RFC 6066: if a client receives a maximum fragment length negotiation
+     * response that differs from the length it requested, ...
+     * It must abort with SSL_AD_ILLEGAL_PARAMETER alert
+     */
+    if (value != s->ext.max_fragment_len_mode) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                 SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN,
+                 SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH);
+        return 0;
+    }
+
+    /*
+     * Maximum Fragment Length Negotiation succeeded.
+     * The negotiated Maximum Fragment Length is binding now.
+     */
+    s->session->ext.max_fragment_len_mode = value;
+
+    return 1;
+}
+
+int tls_parse_stoc_server_name(SSL *s, PACKET *pkt, unsigned int context,
+                               X509 *x, size_t chainidx)
+{
+    if (s->ext.hostname == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_SERVER_NAME,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    if (PACKET_remaining(pkt) > 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_SERVER_NAME,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    if (!s->hit) {
+        if (s->session->ext.hostname != NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_SERVER_NAME,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+        s->session->ext.hostname = OPENSSL_strdup(s->ext.hostname);
+        if (s->session->ext.hostname == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_SERVER_NAME,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+    }
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_EC
+int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context,
+                                 X509 *x, size_t chainidx)
+{
+    size_t ecpointformats_len;
+    PACKET ecptformatlist;
+
+    if (!PACKET_as_length_prefixed_1(pkt, &ecptformatlist)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+    if (!s->hit) {
+        ecpointformats_len = PACKET_remaining(&ecptformatlist);
+        if (ecpointformats_len == 0) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS, SSL_R_BAD_LENGTH);
+            return 0;
+        }
+
+        s->session->ext.ecpointformats_len = 0;
+        OPENSSL_free(s->session->ext.ecpointformats);
+        s->session->ext.ecpointformats = OPENSSL_malloc(ecpointformats_len);
+        if (s->session->ext.ecpointformats == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS, ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+
+        s->session->ext.ecpointformats_len = ecpointformats_len;
+
+        if (!PACKET_copy_bytes(&ecptformatlist,
+                               s->session->ext.ecpointformats,
+                               ecpointformats_len)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS, ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+    }
+
+    return 1;
+}
+#endif
+
+int tls_parse_stoc_session_ticket(SSL *s, PACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx)
+{
+    if (s->ext.session_ticket_cb != NULL &&
+        !s->ext.session_ticket_cb(s, PACKET_data(pkt),
+                              PACKET_remaining(pkt),
+                              s->ext.session_ticket_cb_arg)) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                 SSL_F_TLS_PARSE_STOC_SESSION_TICKET, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    if (!tls_use_ticket(s)) {
+        SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION,
+                 SSL_F_TLS_PARSE_STOC_SESSION_TICKET, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+    if (PACKET_remaining(pkt) > 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_PARSE_STOC_SESSION_TICKET, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    s->ext.ticket_expected = 1;
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_OCSP
+int tls_parse_stoc_status_request(SSL *s, PACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx)
+{
+    if (context == SSL_EXT_TLS1_3_CERTIFICATE_REQUEST) {
+        /* We ignore this if the server sends a CertificateRequest */
+        /* TODO(TLS1.3): Add support for this */
+        return 1;
+    }
+
+    /*
+     * MUST only be sent if we've requested a status
+     * request message. In TLS <= 1.2 it must also be empty.
+     */
+    if (s->ext.status_type != TLSEXT_STATUSTYPE_ocsp) {
+        SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION,
+                 SSL_F_TLS_PARSE_STOC_STATUS_REQUEST, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+    if (!SSL_IS_TLS13(s) && PACKET_remaining(pkt) > 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_PARSE_STOC_STATUS_REQUEST, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    if (SSL_IS_TLS13(s)) {
+        /* We only know how to handle this if it's for the first Certificate in
+         * the chain. We ignore any other responses.
+         */
+        if (chainidx != 0)
+            return 1;
+
+        /* SSLfatal() already called */
+        return tls_process_cert_status_body(s, pkt);
+    }
+
+    /* Set flag to expect CertificateStatus message */
+    s->ext.status_expected = 1;
+
+    return 1;
+}
+#endif
+
+
+#ifndef OPENSSL_NO_CT
+int tls_parse_stoc_sct(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx)
+{
+    if (context == SSL_EXT_TLS1_3_CERTIFICATE_REQUEST) {
+        /* We ignore this if the server sends it in a CertificateRequest */
+        /* TODO(TLS1.3): Add support for this */
+        return 1;
+    }
+
+    /*
+     * Only take it if we asked for it - i.e if there is no CT validation
+     * callback set, then a custom extension MAY be processing it, so we
+     * need to let control continue to flow to that.
+     */
+    if (s->ct_validation_callback != NULL) {
+        size_t size = PACKET_remaining(pkt);
+
+        /* Simply copy it off for later processing */
+        OPENSSL_free(s->ext.scts);
+        s->ext.scts = NULL;
+
+        s->ext.scts_len = (uint16_t)size;
+        if (size > 0) {
+            s->ext.scts = OPENSSL_malloc(size);
+            if (s->ext.scts == NULL
+                    || !PACKET_copy_bytes(pkt, s->ext.scts, size)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_SCT,
+                         ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+        }
+    } else {
+        ENDPOINT role = (context & SSL_EXT_TLS1_2_SERVER_HELLO) != 0
+                        ? ENDPOINT_CLIENT : ENDPOINT_BOTH;
+
+        /*
+         * If we didn't ask for it then there must be a custom extension,
+         * otherwise this is unsolicited.
+         */
+        if (custom_ext_find(&s->cert->custext, role,
+                            TLSEXT_TYPE_signed_certificate_timestamp,
+                            NULL) == NULL) {
+            SSLfatal(s, TLS1_AD_UNSUPPORTED_EXTENSION, SSL_F_TLS_PARSE_STOC_SCT,
+                     SSL_R_BAD_EXTENSION);
+            return 0;
+        }
+
+        if (!custom_ext_parse(s, context,
+                             TLSEXT_TYPE_signed_certificate_timestamp,
+                             PACKET_data(pkt), PACKET_remaining(pkt),
+                             x, chainidx)) {
+            /* SSLfatal already called */
+            return 0;
+        }
+    }
+
+    return 1;
+}
+#endif
+
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+/*
+ * ssl_next_proto_validate validates a Next Protocol Negotiation block. No
+ * elements of zero length are allowed and the set of elements must exactly
+ * fill the length of the block. Returns 1 on success or 0 on failure.
+ */
+static int ssl_next_proto_validate(SSL *s, PACKET *pkt)
+{
+    PACKET tmp_protocol;
+
+    while (PACKET_remaining(pkt)) {
+        if (!PACKET_get_length_prefixed_1(pkt, &tmp_protocol)
+            || PACKET_remaining(&tmp_protocol) == 0) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL_NEXT_PROTO_VALIDATE,
+                     SSL_R_BAD_EXTENSION);
+            return 0;
+        }
+    }
+
+    return 1;
+}
+
+int tls_parse_stoc_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx)
+{
+    unsigned char *selected;
+    unsigned char selected_len;
+    PACKET tmppkt;
+
+    /* Check if we are in a renegotiation. If so ignore this extension */
+    if (!SSL_IS_FIRST_HANDSHAKE(s))
+        return 1;
+
+    /* We must have requested it. */
+    if (s->ctx->ext.npn_select_cb == NULL) {
+        SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION, SSL_F_TLS_PARSE_STOC_NPN,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    /* The data must be valid */
+    tmppkt = *pkt;
+    if (!ssl_next_proto_validate(s, &tmppkt)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+    if (s->ctx->ext.npn_select_cb(s, &selected, &selected_len,
+                                  PACKET_data(pkt),
+                                  PACKET_remaining(pkt),
+                                  s->ctx->ext.npn_select_cb_arg) !=
+             SSL_TLSEXT_ERR_OK) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PARSE_STOC_NPN,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    /*
+     * Could be non-NULL if server has sent multiple NPN extensions in
+     * a single Serverhello
+     */
+    OPENSSL_free(s->ext.npn);
+    s->ext.npn = OPENSSL_malloc(selected_len);
+    if (s->ext.npn == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_NPN,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    memcpy(s->ext.npn, selected, selected_len);
+    s->ext.npn_len = selected_len;
+    s->s3->npn_seen = 1;
+
+    return 1;
+}
+#endif
+
+int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                        size_t chainidx)
+{
+    size_t len;
+
+    /* We must have requested it. */
+    if (!s->s3->alpn_sent) {
+        SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION, SSL_F_TLS_PARSE_STOC_ALPN,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+    /*-
+     * The extension data consists of:
+     *   uint16 list_length
+     *   uint8 proto_length;
+     *   uint8 proto[proto_length];
+     */
+    if (!PACKET_get_net_2_len(pkt, &len)
+        || PACKET_remaining(pkt) != len || !PACKET_get_1_len(pkt, &len)
+        || PACKET_remaining(pkt) != len) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_ALPN,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+    OPENSSL_free(s->s3->alpn_selected);
+    s->s3->alpn_selected = OPENSSL_malloc(len);
+    if (s->s3->alpn_selected == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    if (!PACKET_copy_bytes(pkt, s->s3->alpn_selected, len)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_ALPN,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+    s->s3->alpn_selected_len = len;
+
+    if (s->session->ext.alpn_selected == NULL
+            || s->session->ext.alpn_selected_len != len
+            || memcmp(s->session->ext.alpn_selected, s->s3->alpn_selected, len)
+               != 0) {
+        /* ALPN not consistent with the old session so cannot use early_data */
+        s->ext.early_data_ok = 0;
+    }
+    if (!s->hit) {
+        /*
+         * This is a new session and so alpn_selected should have been
+         * initialised to NULL. We should update it with the selected ALPN.
+         */
+        if (!ossl_assert(s->session->ext.alpn_selected == NULL)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+        s->session->ext.alpn_selected =
+            OPENSSL_memdup(s->s3->alpn_selected, s->s3->alpn_selected_len);
+        if (s->session->ext.alpn_selected == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+        s->session->ext.alpn_selected_len = s->s3->alpn_selected_len;
+    }
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_SRTP
+int tls_parse_stoc_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                            size_t chainidx)
+{
+    unsigned int id, ct, mki;
+    int i;
+    STACK_OF(SRTP_PROTECTION_PROFILE) *clnt;
+    SRTP_PROTECTION_PROFILE *prof;
+
+    if (!PACKET_get_net_2(pkt, &ct) || ct != 2
+            || !PACKET_get_net_2(pkt, &id)
+            || !PACKET_get_1(pkt, &mki)
+            || PACKET_remaining(pkt) != 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_USE_SRTP,
+                 SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
+        return 0;
+    }
+
+    if (mki != 0) {
+        /* Must be no MKI, since we never offer one */
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_USE_SRTP,
+                 SSL_R_BAD_SRTP_MKI_VALUE);
+        return 0;
+    }
+
+    /* Throw an error if the server gave us an unsolicited extension */
+    clnt = SSL_get_srtp_profiles(s);
+    if (clnt == NULL) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_USE_SRTP,
+                 SSL_R_NO_SRTP_PROFILES);
+        return 0;
+    }
+
+    /*
+     * Check to see if the server gave us something we support (and
+     * presumably offered)
+     */
+    for (i = 0; i < sk_SRTP_PROTECTION_PROFILE_num(clnt); i++) {
+        prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i);
+
+        if (prof->id == id) {
+            s->srtp_profile = prof;
+            return 1;
+        }
+    }
+
+    SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_USE_SRTP,
+             SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
+    return 0;
+}
+#endif
+
+int tls_parse_stoc_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx)
+{
+    /* Ignore if inappropriate ciphersuite */
+    if (!(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC)
+            && s->s3->tmp.new_cipher->algorithm_mac != SSL_AEAD
+            && s->s3->tmp.new_cipher->algorithm_enc != SSL_RC4)
+        s->ext.use_etm = 1;
+
+    return 1;
+}
+
+int tls_parse_stoc_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx)
+{
+    s->s3->flags |= TLS1_FLAGS_RECEIVED_EXTMS;
+    if (!s->hit)
+        s->session->flags |= SSL_SESS_FLAG_EXTMS;
+
+    return 1;
+}
+
+int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context,
+                                      X509 *x, size_t chainidx)
+{
+    unsigned int version;
+
+    if (!PACKET_get_net_2(pkt, &version)
+            || PACKET_remaining(pkt) != 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_PARSE_STOC_SUPPORTED_VERSIONS,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+
+    /*
+     * The only protocol version we support which is valid in this extension in
+     * a ServerHello is TLSv1.3 therefore we shouldn't be getting anything else.
+     */
+    if (version != TLS1_3_VERSION) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                 SSL_F_TLS_PARSE_STOC_SUPPORTED_VERSIONS,
+                 SSL_R_BAD_PROTOCOL_VERSION_NUMBER);
+        return 0;
+    }
+
+    /* We ignore this extension for HRRs except to sanity check it */
+    if (context == SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST)
+        return 1;
+
+    /* We just set it here. We validate it in ssl_choose_client_version */
+    s->version = version;
+
+    return 1;
+}
+
+int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                             size_t chainidx)
+{
+#ifndef OPENSSL_NO_TLS1_3
+    unsigned int group_id;
+    PACKET encoded_pt;
+    EVP_PKEY *ckey = s->s3->tmp.pkey, *skey = NULL;
+
+    /* Sanity check */
+    if (ckey == NULL || s->s3->peer_tmp != NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_KEY_SHARE,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    if (!PACKET_get_net_2(pkt, &group_id)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_KEY_SHARE,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+
+    if ((context & SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST) != 0) {
+        const uint16_t *pgroups = NULL;
+        size_t i, num_groups;
+
+        if (PACKET_remaining(pkt) != 0) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_KEY_SHARE,
+                     SSL_R_LENGTH_MISMATCH);
+            return 0;
+        }
+
+        /*
+         * It is an error if the HelloRetryRequest wants a key_share that we
+         * already sent in the first ClientHello
+         */
+        if (group_id == s->s3->group_id) {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                     SSL_F_TLS_PARSE_STOC_KEY_SHARE, SSL_R_BAD_KEY_SHARE);
+            return 0;
+        }
+
+        /* Validate the selected group is one we support */
+        tls1_get_supported_groups(s, &pgroups, &num_groups);
+        for (i = 0; i < num_groups; i++) {
+            if (group_id == pgroups[i])
+                break;
+        }
+        if (i >= num_groups
+                || !tls_curve_allowed(s, group_id, SSL_SECOP_CURVE_SUPPORTED)) {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                     SSL_F_TLS_PARSE_STOC_KEY_SHARE, SSL_R_BAD_KEY_SHARE);
+            return 0;
+        }
+
+        s->s3->group_id = group_id;
+        EVP_PKEY_free(s->s3->tmp.pkey);
+        s->s3->tmp.pkey = NULL;
+        return 1;
+    }
+
+    if (group_id != s->s3->group_id) {
+        /*
+         * This isn't for the group that we sent in the original
+         * key_share!
+         */
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_KEY_SHARE,
+                 SSL_R_BAD_KEY_SHARE);
+        return 0;
+    }
+
+    if (!PACKET_as_length_prefixed_2(pkt, &encoded_pt)
+            || PACKET_remaining(&encoded_pt) == 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_KEY_SHARE,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+
+    skey = ssl_generate_pkey(ckey);
+    if (skey == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_KEY_SHARE,
+                 ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    if (!EVP_PKEY_set1_tls_encodedpoint(skey, PACKET_data(&encoded_pt),
+                                        PACKET_remaining(&encoded_pt))) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_KEY_SHARE,
+                 SSL_R_BAD_ECPOINT);
+        EVP_PKEY_free(skey);
+        return 0;
+    }
+
+    if (ssl_derive(s, ckey, skey, 1) == 0) {
+        /* SSLfatal() already called */
+        EVP_PKEY_free(skey);
+        return 0;
+    }
+    s->s3->peer_tmp = skey;
+#endif
+
+    return 1;
+}
+
+int tls_parse_stoc_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx)
+{
+    PACKET cookie;
+
+    if (!PACKET_as_length_prefixed_2(pkt, &cookie)
+            || !PACKET_memdup(&cookie, &s->ext.tls13_cookie,
+                              &s->ext.tls13_cookie_len)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_COOKIE,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+
+    return 1;
+}
+
+int tls_parse_stoc_early_data(SSL *s, PACKET *pkt, unsigned int context,
+                              X509 *x, size_t chainidx)
+{
+    if (context == SSL_EXT_TLS1_3_NEW_SESSION_TICKET) {
+        unsigned long max_early_data;
+
+        if (!PACKET_get_net_4(pkt, &max_early_data)
+                || PACKET_remaining(pkt) != 0) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_EARLY_DATA,
+                     SSL_R_INVALID_MAX_EARLY_DATA);
+            return 0;
+        }
+
+        s->session->ext.max_early_data = max_early_data;
+
+        return 1;
+    }
+
+    if (PACKET_remaining(pkt) != 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_EARLY_DATA,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    if (!s->ext.early_data_ok
+            || !s->hit
+            || s->session->ext.tick_identity != 0) {
+        /*
+         * If we get here then we didn't send early data, or we didn't resume
+         * using the first identity, or the SNI/ALPN is not consistent so the
+         * server should not be accepting it.
+         */
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_EARLY_DATA,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    s->ext.early_data = SSL_EARLY_DATA_ACCEPTED;
+
+    return 1;
+}
+
+int tls_parse_stoc_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx)
+{
+#ifndef OPENSSL_NO_TLS1_3
+    unsigned int identity;
+
+    if (!PACKET_get_net_2(pkt, &identity) || PACKET_remaining(pkt) != 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_PSK,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+
+    if (s->session->ext.tick_identity == (int)identity) {
+        s->hit = 1;
+        SSL_SESSION_free(s->psksession);
+        s->psksession = NULL;
+        return 1;
+    }
+
+    if (s->psksession == NULL
+            || s->psksession->ext.tick_identity != (int)identity) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_PSK,
+                 SSL_R_BAD_PSK_IDENTITY);
+        return 0;
+    }
+
+    /*
+     * If we used the external PSK for sending early_data then s->early_secret
+     * is already set up, so don't overwrite it. Otherwise we copy the
+     * early_secret across that we generated earlier.
+     */
+    if ((s->early_data_state != SSL_EARLY_DATA_WRITE_RETRY
+                && s->early_data_state != SSL_EARLY_DATA_FINISHED_WRITING)
+            || s->session->ext.max_early_data > 0
+            || s->psksession->ext.max_early_data == 0)
+        memcpy(s->early_secret, s->psksession->early_secret, EVP_MAX_MD_SIZE);
+
+    SSL_SESSION_free(s->session);
+    s->session = s->psksession;
+    s->psksession = NULL;
+    s->hit = 1;
+#endif
+
+    return 1;
+}
diff --git a/freebsd/crypto/openssl/ssl/statem/extensions_cust.c b/freebsd/crypto/openssl/ssl/statem/extensions_cust.c
new file mode 100644
index 00000000..392a7edf
--- /dev/null
+++ b/freebsd/crypto/openssl/ssl/statem/extensions_cust.c
@@ -0,0 +1,535 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Custom extension utility functions */
+
+#include <openssl/ct.h>
+#include "../ssl_locl.h"
+#include "internal/cryptlib.h"
+#include "statem_locl.h"
+
+typedef struct {
+    void *add_arg;
+    custom_ext_add_cb add_cb;
+    custom_ext_free_cb free_cb;
+} custom_ext_add_cb_wrap;
+
+typedef struct {
+    void *parse_arg;
+    custom_ext_parse_cb parse_cb;
+} custom_ext_parse_cb_wrap;
+
+/*
+ * Provide thin wrapper callbacks which convert new style arguments to old style
+ */
+static int custom_ext_add_old_cb_wrap(SSL *s, unsigned int ext_type,
+                                      unsigned int context,
+                                      const unsigned char **out,
+                                      size_t *outlen, X509 *x, size_t chainidx,
+                                      int *al, void *add_arg)
+{
+    custom_ext_add_cb_wrap *add_cb_wrap = (custom_ext_add_cb_wrap *)add_arg;
+
+    if (add_cb_wrap->add_cb == NULL)
+        return 1;
+
+    return add_cb_wrap->add_cb(s, ext_type, out, outlen, al,
+                               add_cb_wrap->add_arg);
+}
+
+static void custom_ext_free_old_cb_wrap(SSL *s, unsigned int ext_type,
+                                        unsigned int context,
+                                        const unsigned char *out, void *add_arg)
+{
+    custom_ext_add_cb_wrap *add_cb_wrap = (custom_ext_add_cb_wrap *)add_arg;
+
+    if (add_cb_wrap->free_cb == NULL)
+        return;
+
+    add_cb_wrap->free_cb(s, ext_type, out, add_cb_wrap->add_arg);
+}
+
+static int custom_ext_parse_old_cb_wrap(SSL *s, unsigned int ext_type,
+                                        unsigned int context,
+                                        const unsigned char *in,
+                                        size_t inlen, X509 *x, size_t chainidx,
+                                        int *al, void *parse_arg)
+{
+    custom_ext_parse_cb_wrap *parse_cb_wrap =
+        (custom_ext_parse_cb_wrap *)parse_arg;
+
+    if (parse_cb_wrap->parse_cb == NULL)
+        return 1;
+
+    return parse_cb_wrap->parse_cb(s, ext_type, in, inlen, al,
+                                   parse_cb_wrap->parse_arg);
+}
+
+/*
+ * Find a custom extension from the list. The |role| param is there to
+ * support the legacy API where custom extensions for client and server could
+ * be set independently on the same SSL_CTX. It is set to ENDPOINT_SERVER if we
+ * are trying to find a method relevant to the server, ENDPOINT_CLIENT for the
+ * client, or ENDPOINT_BOTH for either
+ */
+custom_ext_method *custom_ext_find(const custom_ext_methods *exts,
+                                   ENDPOINT role, unsigned int ext_type,
+                                   size_t *idx)
+{
+    size_t i;
+    custom_ext_method *meth = exts->meths;
+
+    for (i = 0; i < exts->meths_count; i++, meth++) {
+        if (ext_type == meth->ext_type
+                && (role == ENDPOINT_BOTH || role == meth->role
+                    || meth->role == ENDPOINT_BOTH)) {
+            if (idx != NULL)
+                *idx = i;
+            return meth;
+        }
+    }
+    return NULL;
+}
+
+/*
+ * Initialise custom extensions flags to indicate neither sent nor received.
+ */
+void custom_ext_init(custom_ext_methods *exts)
+{
+    size_t i;
+    custom_ext_method *meth = exts->meths;
+
+    for (i = 0; i < exts->meths_count; i++, meth++)
+        meth->ext_flags = 0;
+}
+
+/* Pass received custom extension data to the application for parsing. */
+int custom_ext_parse(SSL *s, unsigned int context, unsigned int ext_type,
+                     const unsigned char *ext_data, size_t ext_size, X509 *x,
+                     size_t chainidx)
+{
+    int al;
+    custom_ext_methods *exts = &s->cert->custext;
+    custom_ext_method *meth;
+    ENDPOINT role = ENDPOINT_BOTH;
+
+    if ((context & (SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO)) != 0)
+        role = s->server ? ENDPOINT_SERVER : ENDPOINT_CLIENT;
+
+    meth = custom_ext_find(exts, role, ext_type, NULL);
+    /* If not found return success */
+    if (!meth)
+        return 1;
+
+    /* Check if extension is defined for our protocol. If not, skip */
+    if (!extension_is_relevant(s, meth->context, context))
+        return 1;
+
+    if ((context & (SSL_EXT_TLS1_2_SERVER_HELLO
+                    | SSL_EXT_TLS1_3_SERVER_HELLO
+                    | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS)) != 0) {
+        /*
+         * If it's ServerHello or EncryptedExtensions we can't have any
+         * extensions not sent in ClientHello.
+         */
+        if ((meth->ext_flags & SSL_EXT_FLAG_SENT) == 0) {
+            SSLfatal(s, TLS1_AD_UNSUPPORTED_EXTENSION, SSL_F_CUSTOM_EXT_PARSE,
+                     SSL_R_BAD_EXTENSION);
+            return 0;
+        }
+    }
+
+    /*
+     * Extensions received in the ClientHello are marked with the
+     * SSL_EXT_FLAG_RECEIVED. This is so we know to add the equivalent
+     * extensions in the ServerHello/EncryptedExtensions message
+     */
+    if ((context & SSL_EXT_CLIENT_HELLO) != 0)
+        meth->ext_flags |= SSL_EXT_FLAG_RECEIVED;
+
+    /* If no parse function set return success */
+    if (!meth->parse_cb)
+        return 1;
+
+    if (meth->parse_cb(s, ext_type, context, ext_data, ext_size, x, chainidx,
+                       &al, meth->parse_arg) <= 0) {
+        SSLfatal(s, al, SSL_F_CUSTOM_EXT_PARSE, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    return 1;
+}
+
+/*
+ * Request custom extension data from the application and add to the return
+ * buffer.
+ */
+int custom_ext_add(SSL *s, int context, WPACKET *pkt, X509 *x, size_t chainidx,
+                   int maxversion)
+{
+    custom_ext_methods *exts = &s->cert->custext;
+    custom_ext_method *meth;
+    size_t i;
+    int al;
+
+    for (i = 0; i < exts->meths_count; i++) {
+        const unsigned char *out = NULL;
+        size_t outlen = 0;
+
+        meth = exts->meths + i;
+
+        if (!should_add_extension(s, meth->context, context, maxversion))
+            continue;
+
+        if ((context & (SSL_EXT_TLS1_2_SERVER_HELLO
+                        | SSL_EXT_TLS1_3_SERVER_HELLO
+                        | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS
+                        | SSL_EXT_TLS1_3_CERTIFICATE
+                        | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST)) != 0) {
+            /* Only send extensions present in ClientHello. */
+            if (!(meth->ext_flags & SSL_EXT_FLAG_RECEIVED))
+                continue;
+        }
+        /*
+         * We skip it if the callback is absent - except for a ClientHello where
+         * we add an empty extension.
+         */
+        if ((context & SSL_EXT_CLIENT_HELLO) == 0 && meth->add_cb == NULL)
+            continue;
+
+        if (meth->add_cb != NULL) {
+            int cb_retval = meth->add_cb(s, meth->ext_type, context, &out,
+                                         &outlen, x, chainidx, &al,
+                                         meth->add_arg);
+
+            if (cb_retval < 0) {
+                SSLfatal(s, al, SSL_F_CUSTOM_EXT_ADD, SSL_R_CALLBACK_FAILED);
+                return 0;       /* error */
+            }
+            if (cb_retval == 0)
+                continue;       /* skip this extension */
+        }
+
+        if (!WPACKET_put_bytes_u16(pkt, meth->ext_type)
+                || !WPACKET_start_sub_packet_u16(pkt)
+                || (outlen > 0 && !WPACKET_memcpy(pkt, out, outlen))
+                || !WPACKET_close(pkt)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CUSTOM_EXT_ADD,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+        if ((context & SSL_EXT_CLIENT_HELLO) != 0) {
+            /*
+             * We can't send duplicates: code logic should prevent this.
+             */
+            if (!ossl_assert((meth->ext_flags & SSL_EXT_FLAG_SENT) == 0)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CUSTOM_EXT_ADD,
+                         ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+            /*
+             * Indicate extension has been sent: this is both a sanity check to
+             * ensure we don't send duplicate extensions and indicates that it
+             * is not an error if the extension is present in ServerHello.
+             */
+            meth->ext_flags |= SSL_EXT_FLAG_SENT;
+        }
+        if (meth->free_cb != NULL)
+            meth->free_cb(s, meth->ext_type, context, out, meth->add_arg);
+    }
+    return 1;
+}
+
+/* Copy the flags from src to dst for any extensions that exist in both */
+int custom_exts_copy_flags(custom_ext_methods *dst,
+                           const custom_ext_methods *src)
+{
+    size_t i;
+    custom_ext_method *methsrc = src->meths;
+
+    for (i = 0; i < src->meths_count; i++, methsrc++) {
+        custom_ext_method *methdst = custom_ext_find(dst, methsrc->role,
+                                                     methsrc->ext_type, NULL);
+
+        if (methdst == NULL)
+            continue;
+
+        methdst->ext_flags = methsrc->ext_flags;
+    }
+
+    return 1;
+}
+
+/* Copy table of custom extensions */
+int custom_exts_copy(custom_ext_methods *dst, const custom_ext_methods *src)
+{
+    size_t i;
+    int err = 0;
+
+    if (src->meths_count > 0) {
+        dst->meths =
+            OPENSSL_memdup(src->meths,
+                           sizeof(*src->meths) * src->meths_count);
+        if (dst->meths == NULL)
+            return 0;
+        dst->meths_count = src->meths_count;
+
+        for (i = 0; i < src->meths_count; i++) {
+            custom_ext_method *methsrc = src->meths + i;
+            custom_ext_method *methdst = dst->meths + i;
+
+            if (methsrc->add_cb != custom_ext_add_old_cb_wrap)
+                continue;
+
+            /*
+             * We have found an old style API wrapper. We need to copy the
+             * arguments too.
+             */
+
+            if (err) {
+                methdst->add_arg = NULL;
+                methdst->parse_arg = NULL;
+                continue;
+            }
+
+            methdst->add_arg = OPENSSL_memdup(methsrc->add_arg,
+                                              sizeof(custom_ext_add_cb_wrap));
+            methdst->parse_arg = OPENSSL_memdup(methsrc->parse_arg,
+                                            sizeof(custom_ext_parse_cb_wrap));
+
+            if (methdst->add_arg == NULL || methdst->parse_arg == NULL)
+                err = 1;
+        }
+    }
+
+    if (err) {
+        custom_exts_free(dst);
+        return 0;
+    }
+
+    return 1;
+}
+
+void custom_exts_free(custom_ext_methods *exts)
+{
+    size_t i;
+    custom_ext_method *meth;
+
+    for (i = 0, meth = exts->meths; i < exts->meths_count; i++, meth++) {
+        if (meth->add_cb != custom_ext_add_old_cb_wrap)
+            continue;
+
+        /* Old style API wrapper. Need to free the arguments too */
+        OPENSSL_free(meth->add_arg);
+        OPENSSL_free(meth->parse_arg);
+    }
+    OPENSSL_free(exts->meths);
+}
+
+/* Return true if a client custom extension exists, false otherwise */
+int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx, unsigned int ext_type)
+{
+    return custom_ext_find(&ctx->cert->custext, ENDPOINT_CLIENT, ext_type,
+                           NULL) != NULL;
+}
+
+static int add_custom_ext_intern(SSL_CTX *ctx, ENDPOINT role,
+                                 unsigned int ext_type,
+                                 unsigned int context,
+                                 SSL_custom_ext_add_cb_ex add_cb,
+                                 SSL_custom_ext_free_cb_ex free_cb,
+                                 void *add_arg,
+                                 SSL_custom_ext_parse_cb_ex parse_cb,
+                                 void *parse_arg)
+{
+    custom_ext_methods *exts = &ctx->cert->custext;
+    custom_ext_method *meth, *tmp;
+
+    /*
+     * Check application error: if add_cb is not set free_cb will never be
+     * called.
+     */
+    if (add_cb == NULL && free_cb != NULL)
+        return 0;
+
+#ifndef OPENSSL_NO_CT
+    /*
+     * We don't want applications registering callbacks for SCT extensions
+     * whilst simultaneously using the built-in SCT validation features, as
+     * these two things may not play well together.
+     */
+    if (ext_type == TLSEXT_TYPE_signed_certificate_timestamp
+            && (context & SSL_EXT_CLIENT_HELLO) != 0
+            && SSL_CTX_ct_is_enabled(ctx))
+        return 0;
+#endif
+
+    /*
+     * Don't add if extension supported internally, but make exception
+     * for extension types that previously were not supported, but now are.
+     */
+    if (SSL_extension_supported(ext_type)
+            && ext_type != TLSEXT_TYPE_signed_certificate_timestamp)
+        return 0;
+
+    /* Extension type must fit in 16 bits */
+    if (ext_type > 0xffff)
+        return 0;
+    /* Search for duplicate */
+    if (custom_ext_find(exts, role, ext_type, NULL))
+        return 0;
+    tmp = OPENSSL_realloc(exts->meths,
+                          (exts->meths_count + 1) * sizeof(custom_ext_method));
+    if (tmp == NULL)
+        return 0;
+
+    exts->meths = tmp;
+    meth = exts->meths + exts->meths_count;
+    memset(meth, 0, sizeof(*meth));
+    meth->role = role;
+    meth->context = context;
+    meth->parse_cb = parse_cb;
+    meth->add_cb = add_cb;
+    meth->free_cb = free_cb;
+    meth->ext_type = ext_type;
+    meth->add_arg = add_arg;
+    meth->parse_arg = parse_arg;
+    exts->meths_count++;
+    return 1;
+}
+
+static int add_old_custom_ext(SSL_CTX *ctx, ENDPOINT role,
+                              unsigned int ext_type,
+                              unsigned int context,
+                              custom_ext_add_cb add_cb,
+                              custom_ext_free_cb free_cb,
+                              void *add_arg,
+                              custom_ext_parse_cb parse_cb, void *parse_arg)
+{
+    custom_ext_add_cb_wrap *add_cb_wrap
+        = OPENSSL_malloc(sizeof(*add_cb_wrap));
+    custom_ext_parse_cb_wrap *parse_cb_wrap
+        = OPENSSL_malloc(sizeof(*parse_cb_wrap));
+    int ret;
+
+    if (add_cb_wrap == NULL || parse_cb_wrap == NULL) {
+        OPENSSL_free(add_cb_wrap);
+        OPENSSL_free(parse_cb_wrap);
+        return 0;
+    }
+
+    add_cb_wrap->add_arg = add_arg;
+    add_cb_wrap->add_cb = add_cb;
+    add_cb_wrap->free_cb = free_cb;
+    parse_cb_wrap->parse_arg = parse_arg;
+    parse_cb_wrap->parse_cb = parse_cb;
+
+    ret = add_custom_ext_intern(ctx, role, ext_type,
+                                context,
+                                custom_ext_add_old_cb_wrap,
+                                custom_ext_free_old_cb_wrap,
+                                add_cb_wrap,
+                                custom_ext_parse_old_cb_wrap,
+                                parse_cb_wrap);
+
+    if (!ret) {
+        OPENSSL_free(add_cb_wrap);
+        OPENSSL_free(parse_cb_wrap);
+    }
+
+    return ret;
+}
+
+/* Application level functions to add the old custom extension callbacks */
+int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
+                                  custom_ext_add_cb add_cb,
+                                  custom_ext_free_cb free_cb,
+                                  void *add_arg,
+                                  custom_ext_parse_cb parse_cb, void *parse_arg)
+{
+    return add_old_custom_ext(ctx, ENDPOINT_CLIENT, ext_type,
+                              SSL_EXT_TLS1_2_AND_BELOW_ONLY
+                              | SSL_EXT_CLIENT_HELLO
+                              | SSL_EXT_TLS1_2_SERVER_HELLO
+                              | SSL_EXT_IGNORE_ON_RESUMPTION,
+                              add_cb, free_cb, add_arg, parse_cb, parse_arg);
+}
+
+int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
+                                  custom_ext_add_cb add_cb,
+                                  custom_ext_free_cb free_cb,
+                                  void *add_arg,
+                                  custom_ext_parse_cb parse_cb, void *parse_arg)
+{
+    return add_old_custom_ext(ctx, ENDPOINT_SERVER, ext_type,
+                              SSL_EXT_TLS1_2_AND_BELOW_ONLY
+                              | SSL_EXT_CLIENT_HELLO
+                              | SSL_EXT_TLS1_2_SERVER_HELLO
+                              | SSL_EXT_IGNORE_ON_RESUMPTION,
+                              add_cb, free_cb, add_arg, parse_cb, parse_arg);
+}
+
+int SSL_CTX_add_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
+                           unsigned int context,
+                           SSL_custom_ext_add_cb_ex add_cb,
+                           SSL_custom_ext_free_cb_ex free_cb,
+                           void *add_arg,
+                           SSL_custom_ext_parse_cb_ex parse_cb, void *parse_arg)
+{
+    return add_custom_ext_intern(ctx, ENDPOINT_BOTH, ext_type, context, add_cb,
+                                 free_cb, add_arg, parse_cb, parse_arg);
+}
+
+int SSL_extension_supported(unsigned int ext_type)
+{
+    switch (ext_type) {
+        /* Internally supported extensions. */
+    case TLSEXT_TYPE_application_layer_protocol_negotiation:
+#ifndef OPENSSL_NO_EC
+    case TLSEXT_TYPE_ec_point_formats:
+    case TLSEXT_TYPE_supported_groups:
+    case TLSEXT_TYPE_key_share:
+#endif
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    case TLSEXT_TYPE_next_proto_neg:
+#endif
+    case TLSEXT_TYPE_padding:
+    case TLSEXT_TYPE_renegotiate:
+    case TLSEXT_TYPE_max_fragment_length:
+    case TLSEXT_TYPE_server_name:
+    case TLSEXT_TYPE_session_ticket:
+    case TLSEXT_TYPE_signature_algorithms:
+#ifndef OPENSSL_NO_SRP
+    case TLSEXT_TYPE_srp:
+#endif
+#ifndef OPENSSL_NO_OCSP
+    case TLSEXT_TYPE_status_request:
+#endif
+#ifndef OPENSSL_NO_CT
+    case TLSEXT_TYPE_signed_certificate_timestamp:
+#endif
+#ifndef OPENSSL_NO_SRTP
+    case TLSEXT_TYPE_use_srtp:
+#endif
+    case TLSEXT_TYPE_encrypt_then_mac:
+    case TLSEXT_TYPE_supported_versions:
+    case TLSEXT_TYPE_extended_master_secret:
+    case TLSEXT_TYPE_psk_kex_modes:
+    case TLSEXT_TYPE_cookie:
+    case TLSEXT_TYPE_early_data:
+    case TLSEXT_TYPE_certificate_authorities:
+    case TLSEXT_TYPE_psk:
+    case TLSEXT_TYPE_post_handshake_auth:
+        return 1;
+    default:
+        return 0;
+    }
+}
diff --git a/freebsd/crypto/openssl/ssl/statem/extensions_srvr.c b/freebsd/crypto/openssl/ssl/statem/extensions_srvr.c
new file mode 100644
index 00000000..d6907198
--- /dev/null
+++ b/freebsd/crypto/openssl/ssl/statem/extensions_srvr.c
@@ -0,0 +1,1961 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/ocsp.h>
+#include "../ssl_locl.h"
+#include "statem_locl.h"
+#include "internal/cryptlib.h"
+
+#define COOKIE_STATE_FORMAT_VERSION     0
+
+/*
+ * 2 bytes for packet length, 2 bytes for format version, 2 bytes for
+ * protocol version, 2 bytes for group id, 2 bytes for cipher id, 1 byte for
+ * key_share present flag, 4 bytes for timestamp, 2 bytes for the hashlen,
+ * EVP_MAX_MD_SIZE for transcript hash, 1 byte for app cookie length, app cookie
+ * length bytes, SHA256_DIGEST_LENGTH bytes for the HMAC of the whole thing.
+ */
+#define MAX_COOKIE_SIZE (2 + 2 + 2 + 2 + 2 + 1 + 4 + 2 + EVP_MAX_MD_SIZE + 1 \
+                         + SSL_COOKIE_LENGTH + SHA256_DIGEST_LENGTH)
+
+/*
+ * Message header + 2 bytes for protocol version + number of random bytes +
+ * + 1 byte for legacy session id length + number of bytes in legacy session id
+ * + 2 bytes for ciphersuite + 1 byte for legacy compression
+ * + 2 bytes for extension block length + 6 bytes for key_share extension
+ * + 4 bytes for cookie extension header + the number of bytes in the cookie
+ */
+#define MAX_HRR_SIZE    (SSL3_HM_HEADER_LENGTH + 2 + SSL3_RANDOM_SIZE + 1 \
+                         + SSL_MAX_SSL_SESSION_ID_LENGTH + 2 + 1 + 2 + 6 + 4 \
+                         + MAX_COOKIE_SIZE)
+
+/*
+ * Parse the client's renegotiation binding and abort if it's not right
+ */
+int tls_parse_ctos_renegotiate(SSL *s, PACKET *pkt, unsigned int context,
+                               X509 *x, size_t chainidx)
+{
+    unsigned int ilen;
+    const unsigned char *data;
+
+    /* Parse the length byte */
+    if (!PACKET_get_1(pkt, &ilen)
+        || !PACKET_get_bytes(pkt, &data, ilen)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_RENEGOTIATE,
+                 SSL_R_RENEGOTIATION_ENCODING_ERR);
+        return 0;
+    }
+
+    /* Check that the extension matches */
+    if (ilen != s->s3->previous_client_finished_len) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PARSE_CTOS_RENEGOTIATE,
+                 SSL_R_RENEGOTIATION_MISMATCH);
+        return 0;
+    }
+
+    if (memcmp(data, s->s3->previous_client_finished,
+               s->s3->previous_client_finished_len)) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PARSE_CTOS_RENEGOTIATE,
+                 SSL_R_RENEGOTIATION_MISMATCH);
+        return 0;
+    }
+
+    s->s3->send_connection_binding = 1;
+
+    return 1;
+}
+
+/*-
+ * The servername extension is treated as follows:
+ *
+ * - Only the hostname type is supported with a maximum length of 255.
+ * - The servername is rejected if too long or if it contains zeros,
+ *   in which case an fatal alert is generated.
+ * - The servername field is maintained together with the session cache.
+ * - When a session is resumed, the servername call back invoked in order
+ *   to allow the application to position itself to the right context.
+ * - The servername is acknowledged if it is new for a session or when
+ *   it is identical to a previously used for the same session.
+ *   Applications can control the behaviour.  They can at any time
+ *   set a 'desirable' servername for a new SSL object. This can be the
+ *   case for example with HTTPS when a Host: header field is received and
+ *   a renegotiation is requested. In this case, a possible servername
+ *   presented in the new client hello is only acknowledged if it matches
+ *   the value of the Host: field.
+ * - Applications must  use SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
+ *   if they provide for changing an explicit servername context for the
+ *   session, i.e. when the session has been established with a servername
+ *   extension.
+ * - On session reconnect, the servername extension may be absent.
+ */
+int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, unsigned int context,
+                               X509 *x, size_t chainidx)
+{
+    unsigned int servname_type;
+    PACKET sni, hostname;
+
+    if (!PACKET_as_length_prefixed_2(pkt, &sni)
+        /* ServerNameList must be at least 1 byte long. */
+        || PACKET_remaining(&sni) == 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_SERVER_NAME,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    /*
+     * Although the intent was for server_name to be extensible, RFC 4366
+     * was not clear about it; and so OpenSSL among other implementations,
+     * always and only allows a 'host_name' name types.
+     * RFC 6066 corrected the mistake but adding new name types
+     * is nevertheless no longer feasible, so act as if no other
+     * SNI types can exist, to simplify parsing.
+     *
+     * Also note that the RFC permits only one SNI value per type,
+     * i.e., we can only have a single hostname.
+     */
+    if (!PACKET_get_1(&sni, &servname_type)
+        || servname_type != TLSEXT_NAMETYPE_host_name
+        || !PACKET_as_length_prefixed_2(&sni, &hostname)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_SERVER_NAME,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    if (!s->hit || SSL_IS_TLS13(s)) {
+        if (PACKET_remaining(&hostname) > TLSEXT_MAXLEN_host_name) {
+            SSLfatal(s, SSL_AD_UNRECOGNIZED_NAME,
+                     SSL_F_TLS_PARSE_CTOS_SERVER_NAME,
+                     SSL_R_BAD_EXTENSION);
+            return 0;
+        }
+
+        if (PACKET_contains_zero_byte(&hostname)) {
+            SSLfatal(s, SSL_AD_UNRECOGNIZED_NAME,
+                     SSL_F_TLS_PARSE_CTOS_SERVER_NAME,
+                     SSL_R_BAD_EXTENSION);
+            return 0;
+        }
+
+        /*
+         * Store the requested SNI in the SSL as temporary storage.
+         * If we accept it, it will get stored in the SSL_SESSION as well.
+         */
+        OPENSSL_free(s->ext.hostname);
+        s->ext.hostname = NULL;
+        if (!PACKET_strndup(&hostname, &s->ext.hostname)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_SERVER_NAME,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+
+        s->servername_done = 1;
+    }
+    if (s->hit) {
+        /*
+         * TODO(openssl-team): if the SNI doesn't match, we MUST
+         * fall back to a full handshake.
+         */
+        s->servername_done = (s->session->ext.hostname != NULL)
+            && PACKET_equal(&hostname, s->session->ext.hostname,
+                            strlen(s->session->ext.hostname));
+
+        if (!s->servername_done && s->session->ext.hostname != NULL)
+            s->ext.early_data_ok = 0;
+    }
+
+    return 1;
+}
+
+int tls_parse_ctos_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx)
+{
+    unsigned int value;
+
+    if (PACKET_remaining(pkt) != 1 || !PACKET_get_1(pkt, &value)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_MAXFRAGMENTLEN,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    /* Received |value| should be a valid max-fragment-length code. */
+    if (!IS_MAX_FRAGMENT_LENGTH_EXT_VALID(value)) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                 SSL_F_TLS_PARSE_CTOS_MAXFRAGMENTLEN,
+                 SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH);
+        return 0;
+    }
+
+    /*
+     * RFC 6066:  The negotiated length applies for the duration of the session
+     * including session resumptions.
+     * We should receive the same code as in resumed session !
+     */
+    if (s->hit && s->session->ext.max_fragment_len_mode != value) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                 SSL_F_TLS_PARSE_CTOS_MAXFRAGMENTLEN,
+                 SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH);
+        return 0;
+    }
+
+    /*
+     * Store it in session, so it'll become binding for us
+     * and we'll include it in a next Server Hello.
+     */
+    s->session->ext.max_fragment_len_mode = value;
+    return 1;
+}
+
+#ifndef OPENSSL_NO_SRP
+int tls_parse_ctos_srp(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx)
+{
+    PACKET srp_I;
+
+    if (!PACKET_as_length_prefixed_1(pkt, &srp_I)
+            || PACKET_contains_zero_byte(&srp_I)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_PARSE_CTOS_SRP,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    /*
+     * TODO(openssl-team): currently, we re-authenticate the user
+     * upon resumption. Instead, we MUST ignore the login.
+     */
+    if (!PACKET_strndup(&srp_I, &s->srp_ctx.login)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_SRP,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    return 1;
+}
+#endif
+
+#ifndef OPENSSL_NO_EC
+int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context,
+                                 X509 *x, size_t chainidx)
+{
+    PACKET ec_point_format_list;
+
+    if (!PACKET_as_length_prefixed_1(pkt, &ec_point_format_list)
+        || PACKET_remaining(&ec_point_format_list) == 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_EC_PT_FORMATS,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    if (!s->hit) {
+        if (!PACKET_memdup(&ec_point_format_list,
+                           &s->session->ext.ecpointformats,
+                           &s->session->ext.ecpointformats_len)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_PARSE_CTOS_EC_PT_FORMATS, ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+    }
+
+    return 1;
+}
+#endif                          /* OPENSSL_NO_EC */
+
+int tls_parse_ctos_session_ticket(SSL *s, PACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx)
+{
+    if (s->ext.session_ticket_cb &&
+            !s->ext.session_ticket_cb(s, PACKET_data(pkt),
+                                  PACKET_remaining(pkt),
+                                  s->ext.session_ticket_cb_arg)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_PARSE_CTOS_SESSION_TICKET, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    return 1;
+}
+
+int tls_parse_ctos_sig_algs_cert(SSL *s, PACKET *pkt, unsigned int context,
+                                 X509 *x, size_t chainidx)
+{
+    PACKET supported_sig_algs;
+
+    if (!PACKET_as_length_prefixed_2(pkt, &supported_sig_algs)
+            || PACKET_remaining(&supported_sig_algs) == 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_PARSE_CTOS_SIG_ALGS_CERT, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    if (!s->hit && !tls1_save_sigalgs(s, &supported_sig_algs, 1)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_PARSE_CTOS_SIG_ALGS_CERT, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    return 1;
+}
+
+int tls_parse_ctos_sig_algs(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                            size_t chainidx)
+{
+    PACKET supported_sig_algs;
+
+    if (!PACKET_as_length_prefixed_2(pkt, &supported_sig_algs)
+            || PACKET_remaining(&supported_sig_algs) == 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_PARSE_CTOS_SIG_ALGS, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    if (!s->hit && !tls1_save_sigalgs(s, &supported_sig_algs, 0)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_PARSE_CTOS_SIG_ALGS, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_OCSP
+int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx)
+{
+    PACKET responder_id_list, exts;
+
+    /* We ignore this in a resumption handshake */
+    if (s->hit)
+        return 1;
+
+    /* Not defined if we get one of these in a client Certificate */
+    if (x != NULL)
+        return 1;
+
+    if (!PACKET_get_1(pkt, (unsigned int *)&s->ext.status_type)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    if (s->ext.status_type != TLSEXT_STATUSTYPE_ocsp) {
+        /*
+         * We don't know what to do with any other type so ignore it.
+         */
+        s->ext.status_type = TLSEXT_STATUSTYPE_nothing;
+        return 1;
+    }
+
+    if (!PACKET_get_length_prefixed_2 (pkt, &responder_id_list)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    /*
+     * We remove any OCSP_RESPIDs from a previous handshake
+     * to prevent unbounded memory growth - CVE-2016-6304
+     */
+    sk_OCSP_RESPID_pop_free(s->ext.ocsp.ids, OCSP_RESPID_free);
+    if (PACKET_remaining(&responder_id_list) > 0) {
+        s->ext.ocsp.ids = sk_OCSP_RESPID_new_null();
+        if (s->ext.ocsp.ids == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+    } else {
+        s->ext.ocsp.ids = NULL;
+    }
+
+    while (PACKET_remaining(&responder_id_list) > 0) {
+        OCSP_RESPID *id;
+        PACKET responder_id;
+        const unsigned char *id_data;
+
+        if (!PACKET_get_length_prefixed_2(&responder_id_list, &responder_id)
+                || PACKET_remaining(&responder_id) == 0) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST, SSL_R_BAD_EXTENSION);
+            return 0;
+        }
+
+        id_data = PACKET_data(&responder_id);
+        /* TODO(size_t): Convert d2i_* to size_t */
+        id = d2i_OCSP_RESPID(NULL, &id_data,
+                             (int)PACKET_remaining(&responder_id));
+        if (id == NULL) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST, SSL_R_BAD_EXTENSION);
+            return 0;
+        }
+
+        if (id_data != PACKET_end(&responder_id)) {
+            OCSP_RESPID_free(id);
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST, SSL_R_BAD_EXTENSION);
+
+            return 0;
+        }
+
+        if (!sk_OCSP_RESPID_push(s->ext.ocsp.ids, id)) {
+            OCSP_RESPID_free(id);
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST, ERR_R_INTERNAL_ERROR);
+
+            return 0;
+        }
+    }
+
+    /* Read in request_extensions */
+    if (!PACKET_as_length_prefixed_2(pkt, &exts)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    if (PACKET_remaining(&exts) > 0) {
+        const unsigned char *ext_data = PACKET_data(&exts);
+
+        sk_X509_EXTENSION_pop_free(s->ext.ocsp.exts,
+                                   X509_EXTENSION_free);
+        s->ext.ocsp.exts =
+            d2i_X509_EXTENSIONS(NULL, &ext_data, (int)PACKET_remaining(&exts));
+        if (s->ext.ocsp.exts == NULL || ext_data != PACKET_end(&exts)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST, SSL_R_BAD_EXTENSION);
+            return 0;
+        }
+    }
+
+    return 1;
+}
+#endif
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+int tls_parse_ctos_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx)
+{
+    /*
+     * We shouldn't accept this extension on a
+     * renegotiation.
+     */
+    if (SSL_IS_FIRST_HANDSHAKE(s))
+        s->s3->npn_seen = 1;
+
+    return 1;
+}
+#endif
+
+/*
+ * Save the ALPN extension in a ClientHello.|pkt| holds the contents of the ALPN
+ * extension, not including type and length. Returns: 1 on success, 0 on error.
+ */
+int tls_parse_ctos_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                        size_t chainidx)
+{
+    PACKET protocol_list, save_protocol_list, protocol;
+
+    if (!SSL_IS_FIRST_HANDSHAKE(s))
+        return 1;
+
+    if (!PACKET_as_length_prefixed_2(pkt, &protocol_list)
+        || PACKET_remaining(&protocol_list) < 2) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_ALPN,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    save_protocol_list = protocol_list;
+    do {
+        /* Protocol names can't be empty. */
+        if (!PACKET_get_length_prefixed_1(&protocol_list, &protocol)
+                || PACKET_remaining(&protocol) == 0) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_ALPN,
+                     SSL_R_BAD_EXTENSION);
+            return 0;
+        }
+    } while (PACKET_remaining(&protocol_list) != 0);
+
+    OPENSSL_free(s->s3->alpn_proposed);
+    s->s3->alpn_proposed = NULL;
+    s->s3->alpn_proposed_len = 0;
+    if (!PACKET_memdup(&save_protocol_list,
+                       &s->s3->alpn_proposed, &s->s3->alpn_proposed_len)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_ALPN,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_SRTP
+int tls_parse_ctos_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                            size_t chainidx)
+{
+    STACK_OF(SRTP_PROTECTION_PROFILE) *srvr;
+    unsigned int ct, mki_len, id;
+    int i, srtp_pref;
+    PACKET subpkt;
+
+    /* Ignore this if we have no SRTP profiles */
+    if (SSL_get_srtp_profiles(s) == NULL)
+        return 1;
+
+    /* Pull off the length of the cipher suite list  and check it is even */
+    if (!PACKET_get_net_2(pkt, &ct) || (ct & 1) != 0
+            || !PACKET_get_sub_packet(pkt, &subpkt, ct)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_USE_SRTP,
+               SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
+        return 0;
+    }
+
+    srvr = SSL_get_srtp_profiles(s);
+    s->srtp_profile = NULL;
+    /* Search all profiles for a match initially */
+    srtp_pref = sk_SRTP_PROTECTION_PROFILE_num(srvr);
+
+    while (PACKET_remaining(&subpkt)) {
+        if (!PACKET_get_net_2(&subpkt, &id)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_USE_SRTP,
+                     SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
+            return 0;
+        }
+
+        /*
+         * Only look for match in profiles of higher preference than
+         * current match.
+         * If no profiles have been have been configured then this
+         * does nothing.
+         */
+        for (i = 0; i < srtp_pref; i++) {
+            SRTP_PROTECTION_PROFILE *sprof =
+                sk_SRTP_PROTECTION_PROFILE_value(srvr, i);
+
+            if (sprof->id == id) {
+                s->srtp_profile = sprof;
+                srtp_pref = i;
+                break;
+            }
+        }
+    }
+
+    /* Now extract the MKI value as a sanity check, but discard it for now */
+    if (!PACKET_get_1(pkt, &mki_len)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_USE_SRTP,
+                 SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
+        return 0;
+    }
+
+    if (!PACKET_forward(pkt, mki_len)
+        || PACKET_remaining(pkt)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_USE_SRTP,
+                 SSL_R_BAD_SRTP_MKI_VALUE);
+        return 0;
+    }
+
+    return 1;
+}
+#endif
+
+int tls_parse_ctos_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx)
+{
+    if (!(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC))
+        s->ext.use_etm = 1;
+
+    return 1;
+}
+
+/*
+ * Process a psk_kex_modes extension received in the ClientHello. |pkt| contains
+ * the raw PACKET data for the extension. Returns 1 on success or 0 on failure.
+ */
+int tls_parse_ctos_psk_kex_modes(SSL *s, PACKET *pkt, unsigned int context,
+                                 X509 *x, size_t chainidx)
+{
+#ifndef OPENSSL_NO_TLS1_3
+    PACKET psk_kex_modes;
+    unsigned int mode;
+
+    if (!PACKET_as_length_prefixed_1(pkt, &psk_kex_modes)
+            || PACKET_remaining(&psk_kex_modes) == 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_PSK_KEX_MODES,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    while (PACKET_get_1(&psk_kex_modes, &mode)) {
+        if (mode == TLSEXT_KEX_MODE_KE_DHE)
+            s->ext.psk_kex_mode |= TLSEXT_KEX_MODE_FLAG_KE_DHE;
+        else if (mode == TLSEXT_KEX_MODE_KE
+                && (s->options & SSL_OP_ALLOW_NO_DHE_KEX) != 0)
+            s->ext.psk_kex_mode |= TLSEXT_KEX_MODE_FLAG_KE;
+    }
+#endif
+
+    return 1;
+}
+
+/*
+ * Process a key_share extension received in the ClientHello. |pkt| contains
+ * the raw PACKET data for the extension. Returns 1 on success or 0 on failure.
+ */
+int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                             size_t chainidx)
+{
+#ifndef OPENSSL_NO_TLS1_3
+    unsigned int group_id;
+    PACKET key_share_list, encoded_pt;
+    const uint16_t *clntgroups, *srvrgroups;
+    size_t clnt_num_groups, srvr_num_groups;
+    int found = 0;
+
+    if (s->hit && (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE_DHE) == 0)
+        return 1;
+
+    /* Sanity check */
+    if (s->s3->peer_tmp != NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_KEY_SHARE,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    if (!PACKET_as_length_prefixed_2(pkt, &key_share_list)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_KEY_SHARE,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+
+    /* Get our list of supported groups */
+    tls1_get_supported_groups(s, &srvrgroups, &srvr_num_groups);
+    /* Get the clients list of supported groups. */
+    tls1_get_peer_groups(s, &clntgroups, &clnt_num_groups);
+    if (clnt_num_groups == 0) {
+        /*
+         * This can only happen if the supported_groups extension was not sent,
+         * because we verify that the length is non-zero when we process that
+         * extension.
+         */
+        SSLfatal(s, SSL_AD_MISSING_EXTENSION, SSL_F_TLS_PARSE_CTOS_KEY_SHARE,
+                 SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION);
+        return 0;
+    }
+
+    if (s->s3->group_id != 0 && PACKET_remaining(&key_share_list) == 0) {
+        /*
+         * If we set a group_id already, then we must have sent an HRR
+         * requesting a new key_share. If we haven't got one then that is an
+         * error
+         */
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_CTOS_KEY_SHARE,
+                 SSL_R_BAD_KEY_SHARE);
+        return 0;
+    }
+
+    while (PACKET_remaining(&key_share_list) > 0) {
+        if (!PACKET_get_net_2(&key_share_list, &group_id)
+                || !PACKET_get_length_prefixed_2(&key_share_list, &encoded_pt)
+                || PACKET_remaining(&encoded_pt) == 0) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_KEY_SHARE,
+                     SSL_R_LENGTH_MISMATCH);
+            return 0;
+        }
+
+        /*
+         * If we already found a suitable key_share we loop through the
+         * rest to verify the structure, but don't process them.
+         */
+        if (found)
+            continue;
+
+        /*
+         * If we sent an HRR then the key_share sent back MUST be for the group
+         * we requested, and must be the only key_share sent.
+         */
+        if (s->s3->group_id != 0
+                && (group_id != s->s3->group_id
+                    || PACKET_remaining(&key_share_list) != 0)) {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                     SSL_F_TLS_PARSE_CTOS_KEY_SHARE, SSL_R_BAD_KEY_SHARE);
+            return 0;
+        }
+
+        /* Check if this share is in supported_groups sent from client */
+        if (!check_in_list(s, group_id, clntgroups, clnt_num_groups, 0)) {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                     SSL_F_TLS_PARSE_CTOS_KEY_SHARE, SSL_R_BAD_KEY_SHARE);
+            return 0;
+        }
+
+        /* Check if this share is for a group we can use */
+        if (!check_in_list(s, group_id, srvrgroups, srvr_num_groups, 1)) {
+            /* Share not suitable */
+            continue;
+        }
+
+        if ((s->s3->peer_tmp = ssl_generate_param_group(group_id)) == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_KEY_SHARE,
+                   SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
+            return 0;
+        }
+
+        s->s3->group_id = group_id;
+
+        if (!EVP_PKEY_set1_tls_encodedpoint(s->s3->peer_tmp,
+                PACKET_data(&encoded_pt),
+                PACKET_remaining(&encoded_pt))) {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                     SSL_F_TLS_PARSE_CTOS_KEY_SHARE, SSL_R_BAD_ECPOINT);
+            return 0;
+        }
+
+        found = 1;
+    }
+#endif
+
+    return 1;
+}
+
+int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                          size_t chainidx)
+{
+#ifndef OPENSSL_NO_TLS1_3
+    unsigned int format, version, key_share, group_id;
+    EVP_MD_CTX *hctx;
+    EVP_PKEY *pkey;
+    PACKET cookie, raw, chhash, appcookie;
+    WPACKET hrrpkt;
+    const unsigned char *data, *mdin, *ciphdata;
+    unsigned char hmac[SHA256_DIGEST_LENGTH];
+    unsigned char hrr[MAX_HRR_SIZE];
+    size_t rawlen, hmaclen, hrrlen, ciphlen;
+    unsigned long tm, now;
+
+    /* Ignore any cookie if we're not set up to verify it */
+    if (s->ctx->verify_stateless_cookie_cb == NULL
+            || (s->s3->flags & TLS1_FLAGS_STATELESS) == 0)
+        return 1;
+
+    if (!PACKET_as_length_prefixed_2(pkt, &cookie)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+
+    raw = cookie;
+    data = PACKET_data(&raw);
+    rawlen = PACKET_remaining(&raw);
+    if (rawlen < SHA256_DIGEST_LENGTH
+            || !PACKET_forward(&raw, rawlen - SHA256_DIGEST_LENGTH)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+    mdin = PACKET_data(&raw);
+
+    /* Verify the HMAC of the cookie */
+    hctx = EVP_MD_CTX_create();
+    pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL,
+                                        s->session_ctx->ext.cookie_hmac_key,
+                                        sizeof(s->session_ctx->ext
+                                               .cookie_hmac_key));
+    if (hctx == NULL || pkey == NULL) {
+        EVP_MD_CTX_free(hctx);
+        EVP_PKEY_free(pkey);
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                 ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    hmaclen = SHA256_DIGEST_LENGTH;
+    if (EVP_DigestSignInit(hctx, NULL, EVP_sha256(), NULL, pkey) <= 0
+            || EVP_DigestSign(hctx, hmac, &hmaclen, data,
+                              rawlen - SHA256_DIGEST_LENGTH) <= 0
+            || hmaclen != SHA256_DIGEST_LENGTH) {
+        EVP_MD_CTX_free(hctx);
+        EVP_PKEY_free(pkey);
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    EVP_MD_CTX_free(hctx);
+    EVP_PKEY_free(pkey);
+
+    if (CRYPTO_memcmp(hmac, mdin, SHA256_DIGEST_LENGTH) != 0) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                 SSL_R_COOKIE_MISMATCH);
+        return 0;
+    }
+
+    if (!PACKET_get_net_2(&cookie, &format)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+    /* Check the cookie format is something we recognise. Ignore it if not */
+    if (format != COOKIE_STATE_FORMAT_VERSION)
+        return 1;
+
+    /*
+     * The rest of these checks really shouldn't fail since we have verified the
+     * HMAC above.
+     */
+
+    /* Check the version number is sane */
+    if (!PACKET_get_net_2(&cookie, &version)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+    if (version != TLS1_3_VERSION) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                 SSL_R_BAD_PROTOCOL_VERSION_NUMBER);
+        return 0;
+    }
+
+    if (!PACKET_get_net_2(&cookie, &group_id)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+
+    ciphdata = PACKET_data(&cookie);
+    if (!PACKET_forward(&cookie, 2)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+    if (group_id != s->s3->group_id
+            || s->s3->tmp.new_cipher
+               != ssl_get_cipher_by_char(s, ciphdata, 0)) {
+        /*
+         * We chose a different cipher or group id this time around to what is
+         * in the cookie. Something must have changed.
+         */
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                 SSL_R_BAD_CIPHER);
+        return 0;
+    }
+
+    if (!PACKET_get_1(&cookie, &key_share)
+            || !PACKET_get_net_4(&cookie, &tm)
+            || !PACKET_get_length_prefixed_2(&cookie, &chhash)
+            || !PACKET_get_length_prefixed_1(&cookie, &appcookie)
+            || PACKET_remaining(&cookie) != SHA256_DIGEST_LENGTH) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+
+    /* We tolerate a cookie age of up to 10 minutes (= 60 * 10 seconds) */
+    now = (unsigned long)time(NULL);
+    if (tm > now || (now - tm) > 600) {
+        /* Cookie is stale. Ignore it */
+        return 1;
+    }
+
+    /* Verify the app cookie */
+    if (s->ctx->verify_stateless_cookie_cb(s, PACKET_data(&appcookie),
+                                     PACKET_remaining(&appcookie)) == 0) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                 SSL_R_COOKIE_MISMATCH);
+        return 0;
+    }
+
+    /*
+     * Reconstruct the HRR that we would have sent in response to the original
+     * ClientHello so we can add it to the transcript hash.
+     * Note: This won't work with custom HRR extensions
+     */
+    if (!WPACKET_init_static_len(&hrrpkt, hrr, sizeof(hrr), 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    if (!WPACKET_put_bytes_u8(&hrrpkt, SSL3_MT_SERVER_HELLO)
+            || !WPACKET_start_sub_packet_u24(&hrrpkt)
+            || !WPACKET_put_bytes_u16(&hrrpkt, TLS1_2_VERSION)
+            || !WPACKET_memcpy(&hrrpkt, hrrrandom, SSL3_RANDOM_SIZE)
+            || !WPACKET_sub_memcpy_u8(&hrrpkt, s->tmp_session_id,
+                                      s->tmp_session_id_len)
+            || !s->method->put_cipher_by_char(s->s3->tmp.new_cipher, &hrrpkt,
+                                              &ciphlen)
+            || !WPACKET_put_bytes_u8(&hrrpkt, 0)
+            || !WPACKET_start_sub_packet_u16(&hrrpkt)) {
+        WPACKET_cleanup(&hrrpkt);
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    if (!WPACKET_put_bytes_u16(&hrrpkt, TLSEXT_TYPE_supported_versions)
+            || !WPACKET_start_sub_packet_u16(&hrrpkt)
+            || !WPACKET_put_bytes_u16(&hrrpkt, s->version)
+            || !WPACKET_close(&hrrpkt)) {
+        WPACKET_cleanup(&hrrpkt);
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    if (key_share) {
+        if (!WPACKET_put_bytes_u16(&hrrpkt, TLSEXT_TYPE_key_share)
+                || !WPACKET_start_sub_packet_u16(&hrrpkt)
+                || !WPACKET_put_bytes_u16(&hrrpkt, s->s3->group_id)
+                || !WPACKET_close(&hrrpkt)) {
+            WPACKET_cleanup(&hrrpkt);
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+    }
+    if (!WPACKET_put_bytes_u16(&hrrpkt, TLSEXT_TYPE_cookie)
+            || !WPACKET_start_sub_packet_u16(&hrrpkt)
+            || !WPACKET_sub_memcpy_u16(&hrrpkt, data, rawlen)
+            || !WPACKET_close(&hrrpkt) /* cookie extension */
+            || !WPACKET_close(&hrrpkt) /* extension block */
+            || !WPACKET_close(&hrrpkt) /* message */
+            || !WPACKET_get_total_written(&hrrpkt, &hrrlen)
+            || !WPACKET_finish(&hrrpkt)) {
+        WPACKET_cleanup(&hrrpkt);
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    /* Reconstruct the transcript hash */
+    if (!create_synthetic_message_hash(s, PACKET_data(&chhash),
+                                       PACKET_remaining(&chhash), hrr,
+                                       hrrlen)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    /* Act as if this ClientHello came after a HelloRetryRequest */
+    s->hello_retry_request = 1;
+
+    s->ext.cookieok = 1;
+#endif
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_EC
+int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, unsigned int context,
+                                    X509 *x, size_t chainidx)
+{
+    PACKET supported_groups_list;
+
+    /* Each group is 2 bytes and we must have at least 1. */
+    if (!PACKET_as_length_prefixed_2(pkt, &supported_groups_list)
+            || PACKET_remaining(&supported_groups_list) == 0
+            || (PACKET_remaining(&supported_groups_list) % 2) != 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_PARSE_CTOS_SUPPORTED_GROUPS, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    if (!s->hit || SSL_IS_TLS13(s)) {
+        OPENSSL_free(s->session->ext.supportedgroups);
+        s->session->ext.supportedgroups = NULL;
+        s->session->ext.supportedgroups_len = 0;
+        if (!tls1_save_u16(&supported_groups_list,
+                           &s->session->ext.supportedgroups,
+                           &s->session->ext.supportedgroups_len)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_PARSE_CTOS_SUPPORTED_GROUPS,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+    }
+
+    return 1;
+}
+#endif
+
+int tls_parse_ctos_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx)
+{
+    /* The extension must always be empty */
+    if (PACKET_remaining(pkt) != 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_PARSE_CTOS_EMS, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    s->s3->flags |= TLS1_FLAGS_RECEIVED_EXTMS;
+
+    return 1;
+}
+
+
+int tls_parse_ctos_early_data(SSL *s, PACKET *pkt, unsigned int context,
+                              X509 *x, size_t chainidx)
+{
+    if (PACKET_remaining(pkt) != 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_PARSE_CTOS_EARLY_DATA, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    if (s->hello_retry_request != SSL_HRR_NONE) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                 SSL_F_TLS_PARSE_CTOS_EARLY_DATA, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    return 1;
+}
+
+static SSL_TICKET_STATUS tls_get_stateful_ticket(SSL *s, PACKET *tick,
+                                                 SSL_SESSION **sess)
+{
+    SSL_SESSION *tmpsess = NULL;
+
+    s->ext.ticket_expected = 1;
+
+    switch (PACKET_remaining(tick)) {
+        case 0:
+            return SSL_TICKET_EMPTY;
+
+        case SSL_MAX_SSL_SESSION_ID_LENGTH:
+            break;
+
+        default:
+            return SSL_TICKET_NO_DECRYPT;
+    }
+
+    tmpsess = lookup_sess_in_cache(s, PACKET_data(tick),
+                                   SSL_MAX_SSL_SESSION_ID_LENGTH);
+
+    if (tmpsess == NULL)
+        return SSL_TICKET_NO_DECRYPT;
+
+    *sess = tmpsess;
+    return SSL_TICKET_SUCCESS;
+}
+
+int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx)
+{
+    PACKET identities, binders, binder;
+    size_t binderoffset, hashsize;
+    SSL_SESSION *sess = NULL;
+    unsigned int id, i, ext = 0;
+    const EVP_MD *md = NULL;
+
+    /*
+     * If we have no PSK kex mode that we recognise then we can't resume so
+     * ignore this extension
+     */
+    if ((s->ext.psk_kex_mode
+            & (TLSEXT_KEX_MODE_FLAG_KE | TLSEXT_KEX_MODE_FLAG_KE_DHE)) == 0)
+        return 1;
+
+    if (!PACKET_get_length_prefixed_2(pkt, &identities)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_PARSE_CTOS_PSK, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    s->ext.ticket_expected = 0;
+    for (id = 0; PACKET_remaining(&identities) != 0; id++) {
+        PACKET identity;
+        unsigned long ticket_agel;
+        size_t idlen;
+
+        if (!PACKET_get_length_prefixed_2(&identities, &identity)
+                || !PACKET_get_net_4(&identities, &ticket_agel)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PARSE_CTOS_PSK, SSL_R_BAD_EXTENSION);
+            return 0;
+        }
+
+        idlen = PACKET_remaining(&identity);
+        if (s->psk_find_session_cb != NULL
+                && !s->psk_find_session_cb(s, PACKET_data(&identity), idlen,
+                                           &sess)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_PARSE_CTOS_PSK, SSL_R_BAD_EXTENSION);
+            return 0;
+        }
+
+#ifndef OPENSSL_NO_PSK
+        if(sess == NULL
+                && s->psk_server_callback != NULL
+                && idlen <= PSK_MAX_IDENTITY_LEN) {
+            char *pskid = NULL;
+            unsigned char pskdata[PSK_MAX_PSK_LEN];
+            unsigned int pskdatalen;
+
+            if (!PACKET_strndup(&identity, &pskid)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_PSK,
+                         ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+            pskdatalen = s->psk_server_callback(s, pskid, pskdata,
+                                                sizeof(pskdata));
+            OPENSSL_free(pskid);
+            if (pskdatalen > PSK_MAX_PSK_LEN) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_PSK,
+                         ERR_R_INTERNAL_ERROR);
+                return 0;
+            } else if (pskdatalen > 0) {
+                const SSL_CIPHER *cipher;
+                const unsigned char tls13_aes128gcmsha256_id[] = { 0x13, 0x01 };
+
+                /*
+                 * We found a PSK using an old style callback. We don't know
+                 * the digest so we default to SHA256 as per the TLSv1.3 spec
+                 */
+                cipher = SSL_CIPHER_find(s, tls13_aes128gcmsha256_id);
+                if (cipher == NULL) {
+                    OPENSSL_cleanse(pskdata, pskdatalen);
+                    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_PSK,
+                             ERR_R_INTERNAL_ERROR);
+                    return 0;
+                }
+
+                sess = SSL_SESSION_new();
+                if (sess == NULL
+                        || !SSL_SESSION_set1_master_key(sess, pskdata,
+                                                        pskdatalen)
+                        || !SSL_SESSION_set_cipher(sess, cipher)
+                        || !SSL_SESSION_set_protocol_version(sess,
+                                                             TLS1_3_VERSION)) {
+                    OPENSSL_cleanse(pskdata, pskdatalen);
+                    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_PSK,
+                             ERR_R_INTERNAL_ERROR);
+                    goto err;
+                }
+                OPENSSL_cleanse(pskdata, pskdatalen);
+            }
+        }
+#endif /* OPENSSL_NO_PSK */
+
+        if (sess != NULL) {
+            /* We found a PSK */
+            SSL_SESSION *sesstmp = ssl_session_dup(sess, 0);
+
+            if (sesstmp == NULL) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_PARSE_CTOS_PSK, ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+            SSL_SESSION_free(sess);
+            sess = sesstmp;
+
+            /*
+             * We've just been told to use this session for this context so
+             * make sure the sid_ctx matches up.
+             */
+            memcpy(sess->sid_ctx, s->sid_ctx, s->sid_ctx_length);
+            sess->sid_ctx_length = s->sid_ctx_length;
+            ext = 1;
+            if (id == 0)
+                s->ext.early_data_ok = 1;
+            s->ext.ticket_expected = 1;
+        } else {
+            uint32_t ticket_age = 0, now, agesec, agems;
+            int ret;
+
+            /*
+             * If we are using anti-replay protection then we behave as if
+             * SSL_OP_NO_TICKET is set - we are caching tickets anyway so there
+             * is no point in using full stateless tickets.
+             */
+            if ((s->options & SSL_OP_NO_TICKET) != 0
+                    || (s->max_early_data > 0
+                        && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0))
+                ret = tls_get_stateful_ticket(s, &identity, &sess);
+            else
+                ret = tls_decrypt_ticket(s, PACKET_data(&identity),
+                                         PACKET_remaining(&identity), NULL, 0,
+                                         &sess);
+
+            if (ret == SSL_TICKET_EMPTY) {
+                SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_PSK,
+                         SSL_R_BAD_EXTENSION);
+                return 0;
+            }
+
+            if (ret == SSL_TICKET_FATAL_ERR_MALLOC
+                    || ret == SSL_TICKET_FATAL_ERR_OTHER) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_PARSE_CTOS_PSK, ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+            if (ret == SSL_TICKET_NONE || ret == SSL_TICKET_NO_DECRYPT)
+                continue;
+
+            /* Check for replay */
+            if (s->max_early_data > 0
+                    && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0
+                    && !SSL_CTX_remove_session(s->session_ctx, sess)) {
+                SSL_SESSION_free(sess);
+                sess = NULL;
+                continue;
+            }
+
+            ticket_age = (uint32_t)ticket_agel;
+            now = (uint32_t)time(NULL);
+            agesec = now - (uint32_t)sess->time;
+            agems = agesec * (uint32_t)1000;
+            ticket_age -= sess->ext.tick_age_add;
+
+            /*
+             * For simplicity we do our age calculations in seconds. If the
+             * client does it in ms then it could appear that their ticket age
+             * is longer than ours (our ticket age calculation should always be
+             * slightly longer than the client's due to the network latency).
+             * Therefore we add 1000ms to our age calculation to adjust for
+             * rounding errors.
+             */
+            if (id == 0
+                    && sess->timeout >= (long)agesec
+                    && agems / (uint32_t)1000 == agesec
+                    && ticket_age <= agems + 1000
+                    && ticket_age + TICKET_AGE_ALLOWANCE >= agems + 1000) {
+                /*
+                 * Ticket age is within tolerance and not expired. We allow it
+                 * for early data
+                 */
+                s->ext.early_data_ok = 1;
+            }
+        }
+
+        md = ssl_md(sess->cipher->algorithm2);
+        if (md != ssl_md(s->s3->tmp.new_cipher->algorithm2)) {
+            /* The ciphersuite is not compatible with this session. */
+            SSL_SESSION_free(sess);
+            sess = NULL;
+            s->ext.early_data_ok = 0;
+            s->ext.ticket_expected = 0;
+            continue;
+        }
+        break;
+    }
+
+    if (sess == NULL)
+        return 1;
+
+    binderoffset = PACKET_data(pkt) - (const unsigned char *)s->init_buf->data;
+    hashsize = EVP_MD_size(md);
+
+    if (!PACKET_get_length_prefixed_2(pkt, &binders)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_PSK,
+                 SSL_R_BAD_EXTENSION);
+        goto err;
+    }
+
+    for (i = 0; i <= id; i++) {
+        if (!PACKET_get_length_prefixed_1(&binders, &binder)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_PSK,
+                     SSL_R_BAD_EXTENSION);
+            goto err;
+        }
+    }
+
+    if (PACKET_remaining(&binder) != hashsize) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_PSK,
+                 SSL_R_BAD_EXTENSION);
+        goto err;
+    }
+    if (tls_psk_do_binder(s, md, (const unsigned char *)s->init_buf->data,
+                          binderoffset, PACKET_data(&binder), NULL, sess, 0,
+                          ext) != 1) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    sess->ext.tick_identity = id;
+
+    SSL_SESSION_free(s->session);
+    s->session = sess;
+    return 1;
+err:
+    SSL_SESSION_free(sess);
+    return 0;
+}
+
+int tls_parse_ctos_post_handshake_auth(SSL *s, PACKET *pkt, unsigned int context,
+                                       X509 *x, size_t chainidx)
+{
+    if (PACKET_remaining(pkt) != 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_POST_HANDSHAKE_AUTH,
+                 SSL_R_POST_HANDSHAKE_AUTH_ENCODING_ERR);
+        return 0;
+    }
+
+    s->post_handshake_auth = SSL_PHA_EXT_RECEIVED;
+
+    return 1;
+}
+
+/*
+ * Add the server's renegotiation binding
+ */
+EXT_RETURN tls_construct_stoc_renegotiate(SSL *s, WPACKET *pkt,
+                                          unsigned int context, X509 *x,
+                                          size_t chainidx)
+{
+    if (!s->s3->send_connection_binding)
+        return EXT_RETURN_NOT_SENT;
+
+    /* Still add this even if SSL_OP_NO_RENEGOTIATION is set */
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_renegotiate)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_start_sub_packet_u8(pkt)
+            || !WPACKET_memcpy(pkt, s->s3->previous_client_finished,
+                               s->s3->previous_client_finished_len)
+            || !WPACKET_memcpy(pkt, s->s3->previous_server_finished,
+                               s->s3->previous_server_finished_len)
+            || !WPACKET_close(pkt)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_RENEGOTIATE,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+EXT_RETURN tls_construct_stoc_server_name(SSL *s, WPACKET *pkt,
+                                          unsigned int context, X509 *x,
+                                          size_t chainidx)
+{
+    if (s->hit || s->servername_done != 1
+            || s->ext.hostname == NULL)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_server_name)
+            || !WPACKET_put_bytes_u16(pkt, 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_SERVER_NAME,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+/* Add/include the server's max fragment len extension into ServerHello */
+EXT_RETURN tls_construct_stoc_maxfragmentlen(SSL *s, WPACKET *pkt,
+                                             unsigned int context, X509 *x,
+                                             size_t chainidx)
+{
+    if (!USE_MAX_FRAGMENT_LENGTH_EXT(s->session))
+        return EXT_RETURN_NOT_SENT;
+
+    /*-
+     * 4 bytes for this extension type and extension length
+     * 1 byte for the Max Fragment Length code value.
+     */
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_max_fragment_length)
+        || !WPACKET_start_sub_packet_u16(pkt)
+        || !WPACKET_put_bytes_u8(pkt, s->session->ext.max_fragment_len_mode)
+        || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_STOC_MAXFRAGMENTLEN, ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+#ifndef OPENSSL_NO_EC
+EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt,
+                                            unsigned int context, X509 *x,
+                                            size_t chainidx)
+{
+    unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+    unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
+    int using_ecc = ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA))
+                    && (s->session->ext.ecpointformats != NULL);
+    const unsigned char *plist;
+    size_t plistlen;
+
+    if (!using_ecc)
+        return EXT_RETURN_NOT_SENT;
+
+    tls1_get_formatlist(s, &plist, &plistlen);
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_ec_point_formats)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_sub_memcpy_u8(pkt, plist, plistlen)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_STOC_EC_PT_FORMATS, ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+#endif
+
+#ifndef OPENSSL_NO_EC
+EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt,
+                                               unsigned int context, X509 *x,
+                                               size_t chainidx)
+{
+    const uint16_t *groups;
+    size_t numgroups, i, first = 1;
+
+    /* s->s3->group_id is non zero if we accepted a key_share */
+    if (s->s3->group_id == 0)
+        return EXT_RETURN_NOT_SENT;
+
+    /* Get our list of supported groups */
+    tls1_get_supported_groups(s, &groups, &numgroups);
+    if (numgroups == 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS, ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    /* Copy group ID if supported */
+    for (i = 0; i < numgroups; i++) {
+        uint16_t group = groups[i];
+
+        if (tls_curve_allowed(s, group, SSL_SECOP_CURVE_SUPPORTED)) {
+            if (first) {
+                /*
+                 * Check if the client is already using our preferred group. If
+                 * so we don't need to add this extension
+                 */
+                if (s->s3->group_id == group)
+                    return EXT_RETURN_NOT_SENT;
+
+                /* Add extension header */
+                if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_groups)
+                           /* Sub-packet for supported_groups extension */
+                        || !WPACKET_start_sub_packet_u16(pkt)
+                        || !WPACKET_start_sub_packet_u16(pkt)) {
+                    SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                             SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS,
+                             ERR_R_INTERNAL_ERROR);
+                    return EXT_RETURN_FAIL;
+                }
+
+                first = 0;
+            }
+            if (!WPACKET_put_bytes_u16(pkt, group)) {
+                    SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                             SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS,
+                             ERR_R_INTERNAL_ERROR);
+                    return EXT_RETURN_FAIL;
+                }
+        }
+    }
+
+    if (!WPACKET_close(pkt) || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+#endif
+
+EXT_RETURN tls_construct_stoc_session_ticket(SSL *s, WPACKET *pkt,
+                                             unsigned int context, X509 *x,
+                                             size_t chainidx)
+{
+    if (!s->ext.ticket_expected || !tls_use_ticket(s)) {
+        s->ext.ticket_expected = 0;
+        return EXT_RETURN_NOT_SENT;
+    }
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_session_ticket)
+            || !WPACKET_put_bytes_u16(pkt, 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_STOC_SESSION_TICKET, ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+#ifndef OPENSSL_NO_OCSP
+EXT_RETURN tls_construct_stoc_status_request(SSL *s, WPACKET *pkt,
+                                             unsigned int context, X509 *x,
+                                             size_t chainidx)
+{
+    if (!s->ext.status_expected)
+        return EXT_RETURN_NOT_SENT;
+
+    if (SSL_IS_TLS13(s) && chainidx != 0)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_status_request)
+            || !WPACKET_start_sub_packet_u16(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_STOC_STATUS_REQUEST, ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    /*
+     * In TLSv1.3 we include the certificate status itself. In <= TLSv1.2 we
+     * send back an empty extension, with the certificate status appearing as a
+     * separate message
+     */
+    if (SSL_IS_TLS13(s) && !tls_construct_cert_status_body(s, pkt)) {
+       /* SSLfatal() already called */
+       return EXT_RETURN_FAIL;
+    }
+    if (!WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_STOC_STATUS_REQUEST, ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+#endif
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+EXT_RETURN tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt,
+                                             unsigned int context, X509 *x,
+                                             size_t chainidx)
+{
+    const unsigned char *npa;
+    unsigned int npalen;
+    int ret;
+    int npn_seen = s->s3->npn_seen;
+
+    s->s3->npn_seen = 0;
+    if (!npn_seen || s->ctx->ext.npn_advertised_cb == NULL)
+        return EXT_RETURN_NOT_SENT;
+
+    ret = s->ctx->ext.npn_advertised_cb(s, &npa, &npalen,
+                                        s->ctx->ext.npn_advertised_cb_arg);
+    if (ret == SSL_TLSEXT_ERR_OK) {
+        if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_next_proto_neg)
+                || !WPACKET_sub_memcpy_u16(pkt, npa, npalen)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_STOC_NEXT_PROTO_NEG,
+                     ERR_R_INTERNAL_ERROR);
+            return EXT_RETURN_FAIL;
+        }
+        s->s3->npn_seen = 1;
+    }
+
+    return EXT_RETURN_SENT;
+}
+#endif
+
+EXT_RETURN tls_construct_stoc_alpn(SSL *s, WPACKET *pkt, unsigned int context,
+                                   X509 *x, size_t chainidx)
+{
+    if (s->s3->alpn_selected == NULL)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt,
+                TLSEXT_TYPE_application_layer_protocol_negotiation)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_sub_memcpy_u8(pkt, s->s3->alpn_selected,
+                                      s->s3->alpn_selected_len)
+            || !WPACKET_close(pkt)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_STOC_ALPN, ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+#ifndef OPENSSL_NO_SRTP
+EXT_RETURN tls_construct_stoc_use_srtp(SSL *s, WPACKET *pkt,
+                                       unsigned int context, X509 *x,
+                                       size_t chainidx)
+{
+    if (s->srtp_profile == NULL)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_use_srtp)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_put_bytes_u16(pkt, 2)
+            || !WPACKET_put_bytes_u16(pkt, s->srtp_profile->id)
+            || !WPACKET_put_bytes_u8(pkt, 0)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_USE_SRTP,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+#endif
+
+EXT_RETURN tls_construct_stoc_etm(SSL *s, WPACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx)
+{
+    if (!s->ext.use_etm)
+        return EXT_RETURN_NOT_SENT;
+
+    /*
+     * Don't use encrypt_then_mac if AEAD or RC4 might want to disable
+     * for other cases too.
+     */
+    if (s->s3->tmp.new_cipher->algorithm_mac == SSL_AEAD
+        || s->s3->tmp.new_cipher->algorithm_enc == SSL_RC4
+        || s->s3->tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT
+        || s->s3->tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT12) {
+        s->ext.use_etm = 0;
+        return EXT_RETURN_NOT_SENT;
+    }
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_encrypt_then_mac)
+            || !WPACKET_put_bytes_u16(pkt, 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_ETM,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+EXT_RETURN tls_construct_stoc_ems(SSL *s, WPACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx)
+{
+    if ((s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) == 0)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_extended_master_secret)
+            || !WPACKET_put_bytes_u16(pkt, 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_EMS,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+EXT_RETURN tls_construct_stoc_supported_versions(SSL *s, WPACKET *pkt,
+                                                 unsigned int context, X509 *x,
+                                                 size_t chainidx)
+{
+    if (!ossl_assert(SSL_IS_TLS13(s))) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_versions)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_put_bytes_u16(pkt, s->version)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt,
+                                        unsigned int context, X509 *x,
+                                        size_t chainidx)
+{
+#ifndef OPENSSL_NO_TLS1_3
+    unsigned char *encodedPoint;
+    size_t encoded_pt_len = 0;
+    EVP_PKEY *ckey = s->s3->peer_tmp, *skey = NULL;
+
+    if (s->hello_retry_request == SSL_HRR_PENDING) {
+        if (ckey != NULL) {
+            /* Original key_share was acceptable so don't ask for another one */
+            return EXT_RETURN_NOT_SENT;
+        }
+        if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_key_share)
+                || !WPACKET_start_sub_packet_u16(pkt)
+                || !WPACKET_put_bytes_u16(pkt, s->s3->group_id)
+                || !WPACKET_close(pkt)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE,
+                     ERR_R_INTERNAL_ERROR);
+            return EXT_RETURN_FAIL;
+        }
+
+        return EXT_RETURN_SENT;
+    }
+
+    if (ckey == NULL) {
+        /* No key_share received from client - must be resuming */
+        if (!s->hit || !tls13_generate_handshake_secret(s, NULL, 0)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE, ERR_R_INTERNAL_ERROR);
+            return EXT_RETURN_FAIL;
+        }
+        return EXT_RETURN_NOT_SENT;
+    }
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_key_share)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_put_bytes_u16(pkt, s->s3->group_id)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE, ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    skey = ssl_generate_pkey(ckey);
+    if (skey == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE,
+                 ERR_R_MALLOC_FAILURE);
+        return EXT_RETURN_FAIL;
+    }
+
+    /* Generate encoding of server key */
+    encoded_pt_len = EVP_PKEY_get1_tls_encodedpoint(skey, &encodedPoint);
+    if (encoded_pt_len == 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE,
+                 ERR_R_EC_LIB);
+        EVP_PKEY_free(skey);
+        return EXT_RETURN_FAIL;
+    }
+
+    if (!WPACKET_sub_memcpy_u16(pkt, encodedPoint, encoded_pt_len)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE,
+                 ERR_R_INTERNAL_ERROR);
+        EVP_PKEY_free(skey);
+        OPENSSL_free(encodedPoint);
+        return EXT_RETURN_FAIL;
+    }
+    OPENSSL_free(encodedPoint);
+
+    /* This causes the crypto state to be updated based on the derived keys */
+    s->s3->tmp.pkey = skey;
+    if (ssl_derive(s, skey, ckey, 1) == 0) {
+        /* SSLfatal() already called */
+        return EXT_RETURN_FAIL;
+    }
+    return EXT_RETURN_SENT;
+#else
+    return EXT_RETURN_FAIL;
+#endif
+}
+
+EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context,
+                                     X509 *x, size_t chainidx)
+{
+#ifndef OPENSSL_NO_TLS1_3
+    unsigned char *hashval1, *hashval2, *appcookie1, *appcookie2, *cookie;
+    unsigned char *hmac, *hmac2;
+    size_t startlen, ciphlen, totcookielen, hashlen, hmaclen, appcookielen;
+    EVP_MD_CTX *hctx;
+    EVP_PKEY *pkey;
+    int ret = EXT_RETURN_FAIL;
+
+    if ((s->s3->flags & TLS1_FLAGS_STATELESS) == 0)
+        return EXT_RETURN_NOT_SENT;
+
+    if (s->ctx->gen_stateless_cookie_cb == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE,
+                 SSL_R_NO_COOKIE_CALLBACK_SET);
+        return EXT_RETURN_FAIL;
+    }
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_cookie)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_get_total_written(pkt, &startlen)
+            || !WPACKET_reserve_bytes(pkt, MAX_COOKIE_SIZE, &cookie)
+            || !WPACKET_put_bytes_u16(pkt, COOKIE_STATE_FORMAT_VERSION)
+            || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION)
+            || !WPACKET_put_bytes_u16(pkt, s->s3->group_id)
+            || !s->method->put_cipher_by_char(s->s3->tmp.new_cipher, pkt,
+                                              &ciphlen)
+               /* Is there a key_share extension present in this HRR? */
+            || !WPACKET_put_bytes_u8(pkt, s->s3->peer_tmp == NULL)
+            || !WPACKET_put_bytes_u32(pkt, (unsigned int)time(NULL))
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_reserve_bytes(pkt, EVP_MAX_MD_SIZE, &hashval1)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    /*
+     * Get the hash of the initial ClientHello. ssl_handshake_hash() operates
+     * on raw buffers, so we first reserve sufficient bytes (above) and then
+     * subsequently allocate them (below)
+     */
+    if (!ssl3_digest_cached_records(s, 0)
+            || !ssl_handshake_hash(s, hashval1, EVP_MAX_MD_SIZE, &hashlen)) {
+        /* SSLfatal() already called */
+        return EXT_RETURN_FAIL;
+    }
+
+    if (!WPACKET_allocate_bytes(pkt, hashlen, &hashval2)
+            || !ossl_assert(hashval1 == hashval2)
+            || !WPACKET_close(pkt)
+            || !WPACKET_start_sub_packet_u8(pkt)
+            || !WPACKET_reserve_bytes(pkt, SSL_COOKIE_LENGTH, &appcookie1)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    /* Generate the application cookie */
+    if (s->ctx->gen_stateless_cookie_cb(s, appcookie1, &appcookielen) == 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE,
+                 SSL_R_COOKIE_GEN_CALLBACK_FAILURE);
+        return EXT_RETURN_FAIL;
+    }
+
+    if (!WPACKET_allocate_bytes(pkt, appcookielen, &appcookie2)
+            || !ossl_assert(appcookie1 == appcookie2)
+            || !WPACKET_close(pkt)
+            || !WPACKET_get_total_written(pkt, &totcookielen)
+            || !WPACKET_reserve_bytes(pkt, SHA256_DIGEST_LENGTH, &hmac)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+    hmaclen = SHA256_DIGEST_LENGTH;
+
+    totcookielen -= startlen;
+    if (!ossl_assert(totcookielen <= MAX_COOKIE_SIZE - SHA256_DIGEST_LENGTH)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    /* HMAC the cookie */
+    hctx = EVP_MD_CTX_create();
+    pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL,
+                                        s->session_ctx->ext.cookie_hmac_key,
+                                        sizeof(s->session_ctx->ext
+                                               .cookie_hmac_key));
+    if (hctx == NULL || pkey == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE,
+                 ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (EVP_DigestSignInit(hctx, NULL, EVP_sha256(), NULL, pkey) <= 0
+            || EVP_DigestSign(hctx, hmac, &hmaclen, cookie,
+                              totcookielen) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    if (!ossl_assert(totcookielen + hmaclen <= MAX_COOKIE_SIZE)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    if (!WPACKET_allocate_bytes(pkt, hmaclen, &hmac2)
+            || !ossl_assert(hmac == hmac2)
+            || !ossl_assert(cookie == hmac - totcookielen)
+            || !WPACKET_close(pkt)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    ret = EXT_RETURN_SENT;
+
+ err:
+    EVP_MD_CTX_free(hctx);
+    EVP_PKEY_free(pkey);
+    return ret;
+#else
+    return EXT_RETURN_FAIL;
+#endif
+}
+
+EXT_RETURN tls_construct_stoc_cryptopro_bug(SSL *s, WPACKET *pkt,
+                                            unsigned int context, X509 *x,
+                                            size_t chainidx)
+{
+    const unsigned char cryptopro_ext[36] = {
+        0xfd, 0xe8,         /* 65000 */
+        0x00, 0x20,         /* 32 bytes length */
+        0x30, 0x1e, 0x30, 0x08, 0x06, 0x06, 0x2a, 0x85,
+        0x03, 0x02, 0x02, 0x09, 0x30, 0x08, 0x06, 0x06,
+        0x2a, 0x85, 0x03, 0x02, 0x02, 0x16, 0x30, 0x08,
+        0x06, 0x06, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x17
+    };
+
+    if (((s->s3->tmp.new_cipher->id & 0xFFFF) != 0x80
+         && (s->s3->tmp.new_cipher->id & 0xFFFF) != 0x81)
+            || (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG) == 0)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_memcpy(pkt, cryptopro_ext, sizeof(cryptopro_ext))) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_STOC_CRYPTOPRO_BUG, ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+EXT_RETURN tls_construct_stoc_early_data(SSL *s, WPACKET *pkt,
+                                         unsigned int context, X509 *x,
+                                         size_t chainidx)
+{
+    if (context == SSL_EXT_TLS1_3_NEW_SESSION_TICKET) {
+        if (s->max_early_data == 0)
+            return EXT_RETURN_NOT_SENT;
+
+        if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_early_data)
+                || !WPACKET_start_sub_packet_u16(pkt)
+                || !WPACKET_put_bytes_u32(pkt, s->max_early_data)
+                || !WPACKET_close(pkt)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA, ERR_R_INTERNAL_ERROR);
+            return EXT_RETURN_FAIL;
+        }
+
+        return EXT_RETURN_SENT;
+    }
+
+    if (s->ext.early_data != SSL_EARLY_DATA_ACCEPTED)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_early_data)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+EXT_RETURN tls_construct_stoc_psk(SSL *s, WPACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx)
+{
+    if (!s->hit)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_psk)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_put_bytes_u16(pkt, s->session->ext.tick_identity)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_STOC_PSK, ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
diff --git a/freebsd/crypto/openssl/ssl/statem/statem.c b/freebsd/crypto/openssl/ssl/statem/statem.c
new file mode 100644
index 00000000..32e87690
--- /dev/null
+++ b/freebsd/crypto/openssl/ssl/statem/statem.c
@@ -0,0 +1,971 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/rand.h>
+#include "../ssl_locl.h"
+#include "statem_locl.h"
+#include <assert.h>
+
+/*
+ * This file implements the SSL/TLS/DTLS state machines.
+ *
+ * There are two primary state machines:
+ *
+ * 1) Message flow state machine
+ * 2) Handshake state machine
+ *
+ * The Message flow state machine controls the reading and sending of messages
+ * including handling of non-blocking IO events, flushing of the underlying
+ * write BIO, handling unexpected messages, etc. It is itself broken into two
+ * separate sub-state machines which control reading and writing respectively.
+ *
+ * The Handshake state machine keeps track of the current SSL/TLS handshake
+ * state. Transitions of the handshake state are the result of events that
+ * occur within the Message flow state machine.
+ *
+ * Overall it looks like this:
+ *
+ * ---------------------------------------------            -------------------
+ * |                                           |            |                 |
+ * | Message flow state machine                |            |                 |
+ * |                                           |            |                 |
+ * | -------------------- -------------------- | Transition | Handshake state |
+ * | | MSG_FLOW_READING | | MSG_FLOW_WRITING | | Event      | machine         |
+ * | | sub-state        | | sub-state        | |----------->|                 |
+ * | | machine for      | | machine for      | |            |                 |
+ * | | reading messages | | writing messages | |            |                 |
+ * | -------------------- -------------------- |            |                 |
+ * |                                           |            |                 |
+ * ---------------------------------------------            -------------------
+ *
+ */
+
+/* Sub state machine return values */
+typedef enum {
+    /* Something bad happened or NBIO */
+    SUB_STATE_ERROR,
+    /* Sub state finished go to the next sub state */
+    SUB_STATE_FINISHED,
+    /* Sub state finished and handshake was completed */
+    SUB_STATE_END_HANDSHAKE
+} SUB_STATE_RETURN;
+
+static int state_machine(SSL *s, int server);
+static void init_read_state_machine(SSL *s);
+static SUB_STATE_RETURN read_state_machine(SSL *s);
+static void init_write_state_machine(SSL *s);
+static SUB_STATE_RETURN write_state_machine(SSL *s);
+
+OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl)
+{
+    return ssl->statem.hand_state;
+}
+
+int SSL_in_init(const SSL *s)
+{
+    return s->statem.in_init;
+}
+
+int SSL_is_init_finished(const SSL *s)
+{
+    return !(s->statem.in_init) && (s->statem.hand_state == TLS_ST_OK);
+}
+
+int SSL_in_before(const SSL *s)
+{
+    /*
+     * Historically being "in before" meant before anything had happened. In the
+     * current code though we remain in the "before" state for a while after we
+     * have started the handshake process (e.g. as a server waiting for the
+     * first message to arrive). There "in before" is taken to mean "in before"
+     * and not started any handshake process yet.
+     */
+    return (s->statem.hand_state == TLS_ST_BEFORE)
+        && (s->statem.state == MSG_FLOW_UNINITED);
+}
+
+/*
+ * Clear the state machine state and reset back to MSG_FLOW_UNINITED
+ */
+void ossl_statem_clear(SSL *s)
+{
+    s->statem.state = MSG_FLOW_UNINITED;
+    s->statem.hand_state = TLS_ST_BEFORE;
+    s->statem.in_init = 1;
+    s->statem.no_cert_verify = 0;
+}
+
+/*
+ * Set the state machine up ready for a renegotiation handshake
+ */
+void ossl_statem_set_renegotiate(SSL *s)
+{
+    s->statem.in_init = 1;
+    s->statem.request_state = TLS_ST_SW_HELLO_REQ;
+}
+
+/*
+ * Put the state machine into an error state and send an alert if appropriate.
+ * This is a permanent error for the current connection.
+ */
+void ossl_statem_fatal(SSL *s, int al, int func, int reason, const char *file,
+                       int line)
+{
+    /* We shouldn't call SSLfatal() twice. Once is enough */
+    assert(s->statem.state != MSG_FLOW_ERROR);
+    s->statem.in_init = 1;
+    s->statem.state = MSG_FLOW_ERROR;
+    ERR_put_error(ERR_LIB_SSL, func, reason, file, line);
+    if (al != SSL_AD_NO_ALERT
+            && s->statem.enc_write_state != ENC_WRITE_STATE_INVALID)
+        ssl3_send_alert(s, SSL3_AL_FATAL, al);
+}
+
+/*
+ * This macro should only be called if we are already expecting to be in
+ * a fatal error state. We verify that we are, and set it if not (this would
+ * indicate a bug).
+ */
+#define check_fatal(s, f) \
+    do { \
+        if (!ossl_assert((s)->statem.in_init \
+                         && (s)->statem.state == MSG_FLOW_ERROR)) \
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, (f), \
+                     SSL_R_MISSING_FATAL); \
+    } while (0)
+
+/*
+ * Discover whether the current connection is in the error state.
+ *
+ * Valid return values are:
+ *   1: Yes
+ *   0: No
+ */
+int ossl_statem_in_error(const SSL *s)
+{
+    if (s->statem.state == MSG_FLOW_ERROR)
+        return 1;
+
+    return 0;
+}
+
+void ossl_statem_set_in_init(SSL *s, int init)
+{
+    s->statem.in_init = init;
+}
+
+int ossl_statem_get_in_handshake(SSL *s)
+{
+    return s->statem.in_handshake;
+}
+
+void ossl_statem_set_in_handshake(SSL *s, int inhand)
+{
+    if (inhand)
+        s->statem.in_handshake++;
+    else
+        s->statem.in_handshake--;
+}
+
+/* Are we in a sensible state to skip over unreadable early data? */
+int ossl_statem_skip_early_data(SSL *s)
+{
+    if (s->ext.early_data != SSL_EARLY_DATA_REJECTED)
+        return 0;
+
+    if (!s->server
+            || s->statem.hand_state != TLS_ST_EARLY_DATA
+            || s->hello_retry_request == SSL_HRR_COMPLETE)
+        return 0;
+
+    return 1;
+}
+
+/*
+ * Called when we are in SSL_read*(), SSL_write*(), or SSL_accept()
+ * /SSL_connect()/SSL_do_handshake(). Used to test whether we are in an early
+ * data state and whether we should attempt to move the handshake on if so.
+ * |sending| is 1 if we are attempting to send data (SSL_write*()), 0 if we are
+ * attempting to read data (SSL_read*()), or -1 if we are in SSL_do_handshake()
+ * or similar.
+ */
+void ossl_statem_check_finish_init(SSL *s, int sending)
+{
+    if (sending == -1) {
+        if (s->statem.hand_state == TLS_ST_PENDING_EARLY_DATA_END
+                || s->statem.hand_state == TLS_ST_EARLY_DATA) {
+            ossl_statem_set_in_init(s, 1);
+            if (s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY) {
+                /*
+                 * SSL_connect() or SSL_do_handshake() has been called directly.
+                 * We don't allow any more writing of early data.
+                 */
+                s->early_data_state = SSL_EARLY_DATA_FINISHED_WRITING;
+            }
+        }
+    } else if (!s->server) {
+        if ((sending && (s->statem.hand_state == TLS_ST_PENDING_EARLY_DATA_END
+                      || s->statem.hand_state == TLS_ST_EARLY_DATA)
+                  && s->early_data_state != SSL_EARLY_DATA_WRITING)
+                || (!sending && s->statem.hand_state == TLS_ST_EARLY_DATA)) {
+            ossl_statem_set_in_init(s, 1);
+            /*
+             * SSL_write() has been called directly. We don't allow any more
+             * writing of early data.
+             */
+            if (sending && s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY)
+                s->early_data_state = SSL_EARLY_DATA_FINISHED_WRITING;
+        }
+    } else {
+        if (s->early_data_state == SSL_EARLY_DATA_FINISHED_READING
+                && s->statem.hand_state == TLS_ST_EARLY_DATA)
+            ossl_statem_set_in_init(s, 1);
+    }
+}
+
+void ossl_statem_set_hello_verify_done(SSL *s)
+{
+    s->statem.state = MSG_FLOW_UNINITED;
+    s->statem.in_init = 1;
+    /*
+     * This will get reset (briefly) back to TLS_ST_BEFORE when we enter
+     * state_machine() because |state| is MSG_FLOW_UNINITED, but until then any
+     * calls to SSL_in_before() will return false. Also calls to
+     * SSL_state_string() and SSL_state_string_long() will return something
+     * sensible.
+     */
+    s->statem.hand_state = TLS_ST_SR_CLNT_HELLO;
+}
+
+int ossl_statem_connect(SSL *s)
+{
+    return state_machine(s, 0);
+}
+
+int ossl_statem_accept(SSL *s)
+{
+    return state_machine(s, 1);
+}
+
+typedef void (*info_cb) (const SSL *, int, int);
+
+static info_cb get_callback(SSL *s)
+{
+    if (s->info_callback != NULL)
+        return s->info_callback;
+    else if (s->ctx->info_callback != NULL)
+        return s->ctx->info_callback;
+
+    return NULL;
+}
+
+/*
+ * The main message flow state machine. We start in the MSG_FLOW_UNINITED or
+ * MSG_FLOW_FINISHED state and finish in MSG_FLOW_FINISHED. Valid states and
+ * transitions are as follows:
+ *
+ * MSG_FLOW_UNINITED     MSG_FLOW_FINISHED
+ *        |                       |
+ *        +-----------------------+
+ *        v
+ * MSG_FLOW_WRITING <---> MSG_FLOW_READING
+ *        |
+ *        V
+ * MSG_FLOW_FINISHED
+ *        |
+ *        V
+ *    [SUCCESS]
+ *
+ * We may exit at any point due to an error or NBIO event. If an NBIO event
+ * occurs then we restart at the point we left off when we are recalled.
+ * MSG_FLOW_WRITING and MSG_FLOW_READING have sub-state machines associated with them.
+ *
+ * In addition to the above there is also the MSG_FLOW_ERROR state. We can move
+ * into that state at any point in the event that an irrecoverable error occurs.
+ *
+ * Valid return values are:
+ *   1: Success
+ * <=0: NBIO or error
+ */
+static int state_machine(SSL *s, int server)
+{
+    BUF_MEM *buf = NULL;
+    void (*cb) (const SSL *ssl, int type, int val) = NULL;
+    OSSL_STATEM *st = &s->statem;
+    int ret = -1;
+    int ssret;
+
+    if (st->state == MSG_FLOW_ERROR) {
+        /* Shouldn't have been called if we're already in the error state */
+        return -1;
+    }
+
+    ERR_clear_error();
+    clear_sys_error();
+
+    cb = get_callback(s);
+
+    st->in_handshake++;
+    if (!SSL_in_init(s) || SSL_in_before(s)) {
+        /*
+         * If we are stateless then we already called SSL_clear() - don't do
+         * it again and clear the STATELESS flag itself.
+         */
+        if ((s->s3->flags & TLS1_FLAGS_STATELESS) == 0 && !SSL_clear(s))
+            return -1;
+    }
+#ifndef OPENSSL_NO_SCTP
+    if (SSL_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(s))) {
+        /*
+         * Notify SCTP BIO socket to enter handshake mode and prevent stream
+         * identifier other than 0.
+         */
+        BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
+                 st->in_handshake, NULL);
+    }
+#endif
+
+    /* Initialise state machine */
+    if (st->state == MSG_FLOW_UNINITED
+            || st->state == MSG_FLOW_FINISHED) {
+        if (st->state == MSG_FLOW_UNINITED) {
+            st->hand_state = TLS_ST_BEFORE;
+            st->request_state = TLS_ST_BEFORE;
+        }
+
+        s->server = server;
+        if (cb != NULL)
+            cb(s, SSL_CB_HANDSHAKE_START, 1);
+
+        /*
+         * Fatal errors in this block don't send an alert because we have
+         * failed to even initialise properly. Sending an alert is probably
+         * doomed to failure.
+         */
+
+        if (SSL_IS_DTLS(s)) {
+            if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00) &&
+                (server || (s->version & 0xff00) != (DTLS1_BAD_VER & 0xff00))) {
+                SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_STATE_MACHINE,
+                         ERR_R_INTERNAL_ERROR);
+                goto end;
+            }
+        } else {
+            if ((s->version >> 8) != SSL3_VERSION_MAJOR) {
+                SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_STATE_MACHINE,
+                         ERR_R_INTERNAL_ERROR);
+                goto end;
+            }
+        }
+
+        if (!ssl_security(s, SSL_SECOP_VERSION, 0, s->version, NULL)) {
+            SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_STATE_MACHINE,
+                     ERR_R_INTERNAL_ERROR);
+            goto end;
+        }
+
+        if (s->init_buf == NULL) {
+            if ((buf = BUF_MEM_new()) == NULL) {
+                SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_STATE_MACHINE,
+                         ERR_R_INTERNAL_ERROR);
+                goto end;
+            }
+            if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
+                SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_STATE_MACHINE,
+                         ERR_R_INTERNAL_ERROR);
+                goto end;
+            }
+            s->init_buf = buf;
+            buf = NULL;
+        }
+
+        if (!ssl3_setup_buffers(s)) {
+            SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_STATE_MACHINE,
+                     ERR_R_INTERNAL_ERROR);
+            goto end;
+        }
+        s->init_num = 0;
+
+        /*
+         * Should have been reset by tls_process_finished, too.
+         */
+        s->s3->change_cipher_spec = 0;
+
+        /*
+         * Ok, we now need to push on a buffering BIO ...but not with
+         * SCTP
+         */
+#ifndef OPENSSL_NO_SCTP
+        if (!SSL_IS_DTLS(s) || !BIO_dgram_is_sctp(SSL_get_wbio(s)))
+#endif
+            if (!ssl_init_wbio_buffer(s)) {
+                SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_STATE_MACHINE,
+                         ERR_R_INTERNAL_ERROR);
+                goto end;
+            }
+
+        if ((SSL_in_before(s))
+                || s->renegotiate) {
+            if (!tls_setup_handshake(s)) {
+                /* SSLfatal() already called */
+                goto end;
+            }
+
+            if (SSL_IS_FIRST_HANDSHAKE(s))
+                st->read_state_first_init = 1;
+        }
+
+        st->state = MSG_FLOW_WRITING;
+        init_write_state_machine(s);
+    }
+
+    while (st->state != MSG_FLOW_FINISHED) {
+        if (st->state == MSG_FLOW_READING) {
+            ssret = read_state_machine(s);
+            if (ssret == SUB_STATE_FINISHED) {
+                st->state = MSG_FLOW_WRITING;
+                init_write_state_machine(s);
+            } else {
+                /* NBIO or error */
+                goto end;
+            }
+        } else if (st->state == MSG_FLOW_WRITING) {
+            ssret = write_state_machine(s);
+            if (ssret == SUB_STATE_FINISHED) {
+                st->state = MSG_FLOW_READING;
+                init_read_state_machine(s);
+            } else if (ssret == SUB_STATE_END_HANDSHAKE) {
+                st->state = MSG_FLOW_FINISHED;
+            } else {
+                /* NBIO or error */
+                goto end;
+            }
+        } else {
+            /* Error */
+            check_fatal(s, SSL_F_STATE_MACHINE);
+            SSLerr(SSL_F_STATE_MACHINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+            goto end;
+        }
+    }
+
+    ret = 1;
+
+ end:
+    st->in_handshake--;
+
+#ifndef OPENSSL_NO_SCTP
+    if (SSL_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(s))) {
+        /*
+         * Notify SCTP BIO socket to leave handshake mode and allow stream
+         * identifier other than 0.
+         */
+        BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
+                 st->in_handshake, NULL);
+    }
+#endif
+
+    BUF_MEM_free(buf);
+    if (cb != NULL) {
+        if (server)
+            cb(s, SSL_CB_ACCEPT_EXIT, ret);
+        else
+            cb(s, SSL_CB_CONNECT_EXIT, ret);
+    }
+    return ret;
+}
+
+/*
+ * Initialise the MSG_FLOW_READING sub-state machine
+ */
+static void init_read_state_machine(SSL *s)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    st->read_state = READ_STATE_HEADER;
+}
+
+static int grow_init_buf(SSL *s, size_t size) {
+
+    size_t msg_offset = (char *)s->init_msg - s->init_buf->data;
+
+    if (!BUF_MEM_grow_clean(s->init_buf, (int)size))
+        return 0;
+
+    if (size < msg_offset)
+        return 0;
+
+    s->init_msg = s->init_buf->data + msg_offset;
+
+    return 1;
+}
+
+/*
+ * This function implements the sub-state machine when the message flow is in
+ * MSG_FLOW_READING. The valid sub-states and transitions are:
+ *
+ * READ_STATE_HEADER <--+<-------------+
+ *        |             |              |
+ *        v             |              |
+ * READ_STATE_BODY -----+-->READ_STATE_POST_PROCESS
+ *        |                            |
+ *        +----------------------------+
+ *        v
+ * [SUB_STATE_FINISHED]
+ *
+ * READ_STATE_HEADER has the responsibility for reading in the message header
+ * and transitioning the state of the handshake state machine.
+ *
+ * READ_STATE_BODY reads in the rest of the message and then subsequently
+ * processes it.
+ *
+ * READ_STATE_POST_PROCESS is an optional step that may occur if some post
+ * processing activity performed on the message may block.
+ *
+ * Any of the above states could result in an NBIO event occurring in which case
+ * control returns to the calling application. When this function is recalled we
+ * will resume in the same state where we left off.
+ */
+static SUB_STATE_RETURN read_state_machine(SSL *s)
+{
+    OSSL_STATEM *st = &s->statem;
+    int ret, mt;
+    size_t len = 0;
+    int (*transition) (SSL *s, int mt);
+    PACKET pkt;
+    MSG_PROCESS_RETURN(*process_message) (SSL *s, PACKET *pkt);
+    WORK_STATE(*post_process_message) (SSL *s, WORK_STATE wst);
+    size_t (*max_message_size) (SSL *s);
+    void (*cb) (const SSL *ssl, int type, int val) = NULL;
+
+    cb = get_callback(s);
+
+    if (s->server) {
+        transition = ossl_statem_server_read_transition;
+        process_message = ossl_statem_server_process_message;
+        max_message_size = ossl_statem_server_max_message_size;
+        post_process_message = ossl_statem_server_post_process_message;
+    } else {
+        transition = ossl_statem_client_read_transition;
+        process_message = ossl_statem_client_process_message;
+        max_message_size = ossl_statem_client_max_message_size;
+        post_process_message = ossl_statem_client_post_process_message;
+    }
+
+    if (st->read_state_first_init) {
+        s->first_packet = 1;
+        st->read_state_first_init = 0;
+    }
+
+    while (1) {
+        switch (st->read_state) {
+        case READ_STATE_HEADER:
+            /* Get the state the peer wants to move to */
+            if (SSL_IS_DTLS(s)) {
+                /*
+                 * In DTLS we get the whole message in one go - header and body
+                 */
+                ret = dtls_get_message(s, &mt, &len);
+            } else {
+                ret = tls_get_message_header(s, &mt);
+            }
+
+            if (ret == 0) {
+                /* Could be non-blocking IO */
+                return SUB_STATE_ERROR;
+            }
+
+            if (cb != NULL) {
+                /* Notify callback of an impending state change */
+                if (s->server)
+                    cb(s, SSL_CB_ACCEPT_LOOP, 1);
+                else
+                    cb(s, SSL_CB_CONNECT_LOOP, 1);
+            }
+            /*
+             * Validate that we are allowed to move to the new state and move
+             * to that state if so
+             */
+            if (!transition(s, mt))
+                return SUB_STATE_ERROR;
+
+            if (s->s3->tmp.message_size > max_message_size(s)) {
+                SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_READ_STATE_MACHINE,
+                         SSL_R_EXCESSIVE_MESSAGE_SIZE);
+                return SUB_STATE_ERROR;
+            }
+
+            /* dtls_get_message already did this */
+            if (!SSL_IS_DTLS(s)
+                    && s->s3->tmp.message_size > 0
+                    && !grow_init_buf(s, s->s3->tmp.message_size
+                                         + SSL3_HM_HEADER_LENGTH)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_READ_STATE_MACHINE,
+                         ERR_R_BUF_LIB);
+                return SUB_STATE_ERROR;
+            }
+
+            st->read_state = READ_STATE_BODY;
+            /* Fall through */
+
+        case READ_STATE_BODY:
+            if (!SSL_IS_DTLS(s)) {
+                /* We already got this above for DTLS */
+                ret = tls_get_message_body(s, &len);
+                if (ret == 0) {
+                    /* Could be non-blocking IO */
+                    return SUB_STATE_ERROR;
+                }
+            }
+
+            s->first_packet = 0;
+            if (!PACKET_buf_init(&pkt, s->init_msg, len)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_READ_STATE_MACHINE,
+                         ERR_R_INTERNAL_ERROR);
+                return SUB_STATE_ERROR;
+            }
+            ret = process_message(s, &pkt);
+
+            /* Discard the packet data */
+            s->init_num = 0;
+
+            switch (ret) {
+            case MSG_PROCESS_ERROR:
+                check_fatal(s, SSL_F_READ_STATE_MACHINE);
+                return SUB_STATE_ERROR;
+
+            case MSG_PROCESS_FINISHED_READING:
+                if (SSL_IS_DTLS(s)) {
+                    dtls1_stop_timer(s);
+                }
+                return SUB_STATE_FINISHED;
+
+            case MSG_PROCESS_CONTINUE_PROCESSING:
+                st->read_state = READ_STATE_POST_PROCESS;
+                st->read_state_work = WORK_MORE_A;
+                break;
+
+            default:
+                st->read_state = READ_STATE_HEADER;
+                break;
+            }
+            break;
+
+        case READ_STATE_POST_PROCESS:
+            st->read_state_work = post_process_message(s, st->read_state_work);
+            switch (st->read_state_work) {
+            case WORK_ERROR:
+                check_fatal(s, SSL_F_READ_STATE_MACHINE);
+                /* Fall through */
+            case WORK_MORE_A:
+            case WORK_MORE_B:
+            case WORK_MORE_C:
+                return SUB_STATE_ERROR;
+
+            case WORK_FINISHED_CONTINUE:
+                st->read_state = READ_STATE_HEADER;
+                break;
+
+            case WORK_FINISHED_STOP:
+                if (SSL_IS_DTLS(s)) {
+                    dtls1_stop_timer(s);
+                }
+                return SUB_STATE_FINISHED;
+            }
+            break;
+
+        default:
+            /* Shouldn't happen */
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_READ_STATE_MACHINE,
+                     ERR_R_INTERNAL_ERROR);
+            return SUB_STATE_ERROR;
+        }
+    }
+}
+
+/*
+ * Send a previously constructed message to the peer.
+ */
+static int statem_do_write(SSL *s)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    if (st->hand_state == TLS_ST_CW_CHANGE
+        || st->hand_state == TLS_ST_SW_CHANGE) {
+        if (SSL_IS_DTLS(s))
+            return dtls1_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC);
+        else
+            return ssl3_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC);
+    } else {
+        return ssl_do_write(s);
+    }
+}
+
+/*
+ * Initialise the MSG_FLOW_WRITING sub-state machine
+ */
+static void init_write_state_machine(SSL *s)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    st->write_state = WRITE_STATE_TRANSITION;
+}
+
+/*
+ * This function implements the sub-state machine when the message flow is in
+ * MSG_FLOW_WRITING. The valid sub-states and transitions are:
+ *
+ * +-> WRITE_STATE_TRANSITION ------> [SUB_STATE_FINISHED]
+ * |             |
+ * |             v
+ * |      WRITE_STATE_PRE_WORK -----> [SUB_STATE_END_HANDSHAKE]
+ * |             |
+ * |             v
+ * |       WRITE_STATE_SEND
+ * |             |
+ * |             v
+ * |     WRITE_STATE_POST_WORK
+ * |             |
+ * +-------------+
+ *
+ * WRITE_STATE_TRANSITION transitions the state of the handshake state machine
+
+ * WRITE_STATE_PRE_WORK performs any work necessary to prepare the later
+ * sending of the message. This could result in an NBIO event occurring in
+ * which case control returns to the calling application. When this function
+ * is recalled we will resume in the same state where we left off.
+ *
+ * WRITE_STATE_SEND sends the message and performs any work to be done after
+ * sending.
+ *
+ * WRITE_STATE_POST_WORK performs any work necessary after the sending of the
+ * message has been completed. As for WRITE_STATE_PRE_WORK this could also
+ * result in an NBIO event.
+ */
+static SUB_STATE_RETURN write_state_machine(SSL *s)
+{
+    OSSL_STATEM *st = &s->statem;
+    int ret;
+    WRITE_TRAN(*transition) (SSL *s);
+    WORK_STATE(*pre_work) (SSL *s, WORK_STATE wst);
+    WORK_STATE(*post_work) (SSL *s, WORK_STATE wst);
+    int (*get_construct_message_f) (SSL *s, WPACKET *pkt,
+                                    int (**confunc) (SSL *s, WPACKET *pkt),
+                                    int *mt);
+    void (*cb) (const SSL *ssl, int type, int val) = NULL;
+    int (*confunc) (SSL *s, WPACKET *pkt);
+    int mt;
+    WPACKET pkt;
+
+    cb = get_callback(s);
+
+    if (s->server) {
+        transition = ossl_statem_server_write_transition;
+        pre_work = ossl_statem_server_pre_work;
+        post_work = ossl_statem_server_post_work;
+        get_construct_message_f = ossl_statem_server_construct_message;
+    } else {
+        transition = ossl_statem_client_write_transition;
+        pre_work = ossl_statem_client_pre_work;
+        post_work = ossl_statem_client_post_work;
+        get_construct_message_f = ossl_statem_client_construct_message;
+    }
+
+    while (1) {
+        switch (st->write_state) {
+        case WRITE_STATE_TRANSITION:
+            if (cb != NULL) {
+                /* Notify callback of an impending state change */
+                if (s->server)
+                    cb(s, SSL_CB_ACCEPT_LOOP, 1);
+                else
+                    cb(s, SSL_CB_CONNECT_LOOP, 1);
+            }
+            switch (transition(s)) {
+            case WRITE_TRAN_CONTINUE:
+                st->write_state = WRITE_STATE_PRE_WORK;
+                st->write_state_work = WORK_MORE_A;
+                break;
+
+            case WRITE_TRAN_FINISHED:
+                return SUB_STATE_FINISHED;
+                break;
+
+            case WRITE_TRAN_ERROR:
+                check_fatal(s, SSL_F_WRITE_STATE_MACHINE);
+                return SUB_STATE_ERROR;
+            }
+            break;
+
+        case WRITE_STATE_PRE_WORK:
+            switch (st->write_state_work = pre_work(s, st->write_state_work)) {
+            case WORK_ERROR:
+                check_fatal(s, SSL_F_WRITE_STATE_MACHINE);
+                /* Fall through */
+            case WORK_MORE_A:
+            case WORK_MORE_B:
+            case WORK_MORE_C:
+                return SUB_STATE_ERROR;
+
+            case WORK_FINISHED_CONTINUE:
+                st->write_state = WRITE_STATE_SEND;
+                break;
+
+            case WORK_FINISHED_STOP:
+                return SUB_STATE_END_HANDSHAKE;
+            }
+            if (!get_construct_message_f(s, &pkt, &confunc, &mt)) {
+                /* SSLfatal() already called */
+                return SUB_STATE_ERROR;
+            }
+            if (mt == SSL3_MT_DUMMY) {
+                /* Skip construction and sending. This isn't a "real" state */
+                st->write_state = WRITE_STATE_POST_WORK;
+                st->write_state_work = WORK_MORE_A;
+                break;
+            }
+            if (!WPACKET_init(&pkt, s->init_buf)
+                    || !ssl_set_handshake_header(s, &pkt, mt)) {
+                WPACKET_cleanup(&pkt);
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_WRITE_STATE_MACHINE,
+                         ERR_R_INTERNAL_ERROR);
+                return SUB_STATE_ERROR;
+            }
+            if (confunc != NULL && !confunc(s, &pkt)) {
+                WPACKET_cleanup(&pkt);
+                check_fatal(s, SSL_F_WRITE_STATE_MACHINE);
+                return SUB_STATE_ERROR;
+            }
+            if (!ssl_close_construct_packet(s, &pkt, mt)
+                    || !WPACKET_finish(&pkt)) {
+                WPACKET_cleanup(&pkt);
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_WRITE_STATE_MACHINE,
+                         ERR_R_INTERNAL_ERROR);
+                return SUB_STATE_ERROR;
+            }
+
+            /* Fall through */
+
+        case WRITE_STATE_SEND:
+            if (SSL_IS_DTLS(s) && st->use_timer) {
+                dtls1_start_timer(s);
+            }
+            ret = statem_do_write(s);
+            if (ret <= 0) {
+                return SUB_STATE_ERROR;
+            }
+            st->write_state = WRITE_STATE_POST_WORK;
+            st->write_state_work = WORK_MORE_A;
+            /* Fall through */
+
+        case WRITE_STATE_POST_WORK:
+            switch (st->write_state_work = post_work(s, st->write_state_work)) {
+            case WORK_ERROR:
+                check_fatal(s, SSL_F_WRITE_STATE_MACHINE);
+                /* Fall through */
+            case WORK_MORE_A:
+            case WORK_MORE_B:
+            case WORK_MORE_C:
+                return SUB_STATE_ERROR;
+
+            case WORK_FINISHED_CONTINUE:
+                st->write_state = WRITE_STATE_TRANSITION;
+                break;
+
+            case WORK_FINISHED_STOP:
+                return SUB_STATE_END_HANDSHAKE;
+            }
+            break;
+
+        default:
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_WRITE_STATE_MACHINE,
+                     ERR_R_INTERNAL_ERROR);
+            return SUB_STATE_ERROR;
+        }
+    }
+}
+
+/*
+ * Flush the write BIO
+ */
+int statem_flush(SSL *s)
+{
+    s->rwstate = SSL_WRITING;
+    if (BIO_flush(s->wbio) <= 0) {
+        return 0;
+    }
+    s->rwstate = SSL_NOTHING;
+
+    return 1;
+}
+
+/*
+ * Called by the record layer to determine whether application data is
+ * allowed to be received in the current handshake state or not.
+ *
+ * Return values are:
+ *   1: Yes (application data allowed)
+ *   0: No (application data not allowed)
+ */
+int ossl_statem_app_data_allowed(SSL *s)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    if (st->state == MSG_FLOW_UNINITED)
+        return 0;
+
+    if (!s->s3->in_read_app_data || (s->s3->total_renegotiations == 0))
+        return 0;
+
+    if (s->server) {
+        /*
+         * If we're a server and we haven't got as far as writing our
+         * ServerHello yet then we allow app data
+         */
+        if (st->hand_state == TLS_ST_BEFORE
+            || st->hand_state == TLS_ST_SR_CLNT_HELLO)
+            return 1;
+    } else {
+        /*
+         * If we're a client and we haven't read the ServerHello yet then we
+         * allow app data
+         */
+        if (st->hand_state == TLS_ST_CW_CLNT_HELLO)
+            return 1;
+    }
+
+    return 0;
+}
+
+/*
+ * This function returns 1 if TLS exporter is ready to export keying
+ * material, or 0 if otherwise.
+ */
+int ossl_statem_export_allowed(SSL *s)
+{
+    return s->s3->previous_server_finished_len != 0
+           && s->statem.hand_state != TLS_ST_SW_FINISHED;
+}
+
+/*
+ * Return 1 if early TLS exporter is ready to export keying material,
+ * or 0 if otherwise.
+ */
+int ossl_statem_export_early_allowed(SSL *s)
+{
+    /*
+     * The early exporter secret is only present on the server if we
+     * have accepted early_data. It is present on the client as long
+     * as we have sent early_data.
+     */
+    return s->ext.early_data == SSL_EARLY_DATA_ACCEPTED
+           || (!s->server && s->ext.early_data != SSL_EARLY_DATA_NOT_SENT);
+}
diff --git a/freebsd/crypto/openssl/ssl/statem/statem.h b/freebsd/crypto/openssl/ssl/statem/statem.h
new file mode 100644
index 00000000..144d930f
--- /dev/null
+++ b/freebsd/crypto/openssl/ssl/statem/statem.h
@@ -0,0 +1,157 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*****************************************************************************
+ *                                                                           *
+ * These enums should be considered PRIVATE to the state machine. No         *
+ * non-state machine code should need to use these                           *
+ *                                                                           *
+ *****************************************************************************/
+/*
+ * Valid return codes used for functions performing work prior to or after
+ * sending or receiving a message
+ */
+typedef enum {
+    /* Something went wrong */
+    WORK_ERROR,
+    /* We're done working and there shouldn't be anything else to do after */
+    WORK_FINISHED_STOP,
+    /* We're done working move onto the next thing */
+    WORK_FINISHED_CONTINUE,
+    /* We're working on phase A */
+    WORK_MORE_A,
+    /* We're working on phase B */
+    WORK_MORE_B,
+    /* We're working on phase C */
+    WORK_MORE_C
+} WORK_STATE;
+
+/* Write transition return codes */
+typedef enum {
+    /* Something went wrong */
+    WRITE_TRAN_ERROR,
+    /* A transition was successfully completed and we should continue */
+    WRITE_TRAN_CONTINUE,
+    /* There is no more write work to be done */
+    WRITE_TRAN_FINISHED
+} WRITE_TRAN;
+
+/* Message flow states */
+typedef enum {
+    /* No handshake in progress */
+    MSG_FLOW_UNINITED,
+    /* A permanent error with this connection */
+    MSG_FLOW_ERROR,
+    /* We are reading messages */
+    MSG_FLOW_READING,
+    /* We are writing messages */
+    MSG_FLOW_WRITING,
+    /* Handshake has finished */
+    MSG_FLOW_FINISHED
+} MSG_FLOW_STATE;
+
+/* Read states */
+typedef enum {
+    READ_STATE_HEADER,
+    READ_STATE_BODY,
+    READ_STATE_POST_PROCESS
+} READ_STATE;
+
+/* Write states */
+typedef enum {
+    WRITE_STATE_TRANSITION,
+    WRITE_STATE_PRE_WORK,
+    WRITE_STATE_SEND,
+    WRITE_STATE_POST_WORK
+} WRITE_STATE;
+
+typedef enum {
+    /* The enc_write_ctx can be used normally */
+    ENC_WRITE_STATE_VALID,
+    /* The enc_write_ctx cannot be used */
+    ENC_WRITE_STATE_INVALID,
+    /* Write alerts in plaintext, but otherwise use the enc_write_ctx */
+    ENC_WRITE_STATE_WRITE_PLAIN_ALERTS
+} ENC_WRITE_STATES;
+
+typedef enum {
+    /* The enc_read_ctx can be used normally */
+    ENC_READ_STATE_VALID,
+    /* We may receive encrypted or plaintext alerts */
+    ENC_READ_STATE_ALLOW_PLAIN_ALERTS
+} ENC_READ_STATES;
+
+/*****************************************************************************
+ *                                                                           *
+ * This structure should be considered "opaque" to anything outside of the   *
+ * state machine. No non-state machine code should be accessing the members  *
+ * of this structure.                                                        *
+ *                                                                           *
+ *****************************************************************************/
+
+struct ossl_statem_st {
+    MSG_FLOW_STATE state;
+    WRITE_STATE write_state;
+    WORK_STATE write_state_work;
+    READ_STATE read_state;
+    WORK_STATE read_state_work;
+    OSSL_HANDSHAKE_STATE hand_state;
+    /* The handshake state requested by an API call (e.g. HelloRequest) */
+    OSSL_HANDSHAKE_STATE request_state;
+    int in_init;
+    int read_state_first_init;
+    /* true when we are actually in SSL_accept() or SSL_connect() */
+    int in_handshake;
+    /*
+     * True when are processing a "real" handshake that needs cleaning up (not
+     * just a HelloRequest or similar).
+     */
+    int cleanuphand;
+    /* Should we skip the CertificateVerify message? */
+    unsigned int no_cert_verify;
+    int use_timer;
+    ENC_WRITE_STATES enc_write_state;
+    ENC_READ_STATES enc_read_state;
+};
+typedef struct ossl_statem_st OSSL_STATEM;
+
+/*****************************************************************************
+ *                                                                           *
+ * The following macros/functions represent the libssl internal API to the   *
+ * state machine. Any libssl code may call these functions/macros            *
+ *                                                                           *
+ *****************************************************************************/
+
+__owur int ossl_statem_accept(SSL *s);
+__owur int ossl_statem_connect(SSL *s);
+void ossl_statem_clear(SSL *s);
+void ossl_statem_set_renegotiate(SSL *s);
+void ossl_statem_fatal(SSL *s, int al, int func, int reason, const char *file,
+                       int line);
+# define SSL_AD_NO_ALERT    -1
+# ifndef OPENSSL_NO_ERR
+#  define SSLfatal(s, al, f, r)  ossl_statem_fatal((s), (al), (f), (r), \
+                                                   OPENSSL_FILE, OPENSSL_LINE)
+# else
+#  define SSLfatal(s, al, f, r)  ossl_statem_fatal((s), (al), (f), (r), NULL, 0)
+# endif
+
+int ossl_statem_in_error(const SSL *s);
+void ossl_statem_set_in_init(SSL *s, int init);
+int ossl_statem_get_in_handshake(SSL *s);
+void ossl_statem_set_in_handshake(SSL *s, int inhand);
+__owur int ossl_statem_skip_early_data(SSL *s);
+void ossl_statem_check_finish_init(SSL *s, int send);
+void ossl_statem_set_hello_verify_done(SSL *s);
+__owur int ossl_statem_app_data_allowed(SSL *s);
+__owur int ossl_statem_export_allowed(SSL *s);
+__owur int ossl_statem_export_early_allowed(SSL *s);
+
+/* Flush the write BIO */
+int statem_flush(SSL *s);
diff --git a/freebsd/crypto/openssl/ssl/statem/statem_clnt.c b/freebsd/crypto/openssl/ssl/statem/statem_clnt.c
new file mode 100644
index 00000000..574ec01e
--- /dev/null
+++ b/freebsd/crypto/openssl/ssl/statem/statem_clnt.c
@@ -0,0 +1,3835 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include <assert.h>
+#include "../ssl_locl.h"
+#include "statem_locl.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/md5.h>
+#include <openssl/dh.h>
+#include <openssl/bn.h>
+#include <openssl/engine.h>
+#include <internal/cryptlib.h>
+
+static MSG_PROCESS_RETURN tls_process_as_hello_retry_request(SSL *s, PACKET *pkt);
+static MSG_PROCESS_RETURN tls_process_encrypted_extensions(SSL *s, PACKET *pkt);
+
+static ossl_inline int cert_req_allowed(SSL *s);
+static int key_exchange_expected(SSL *s);
+static int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
+                                    WPACKET *pkt);
+
+/*
+ * Is a CertificateRequest message allowed at the moment or not?
+ *
+ *  Return values are:
+ *  1: Yes
+ *  0: No
+ */
+static ossl_inline int cert_req_allowed(SSL *s)
+{
+    /* TLS does not like anon-DH with client cert */
+    if ((s->version > SSL3_VERSION
+         && (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL))
+        || (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aSRP | SSL_aPSK)))
+        return 0;
+
+    return 1;
+}
+
+/*
+ * Should we expect the ServerKeyExchange message or not?
+ *
+ *  Return values are:
+ *  1: Yes
+ *  0: No
+ */
+static int key_exchange_expected(SSL *s)
+{
+    long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+
+    /*
+     * Can't skip server key exchange if this is an ephemeral
+     * ciphersuite or for SRP
+     */
+    if (alg_k & (SSL_kDHE | SSL_kECDHE | SSL_kDHEPSK | SSL_kECDHEPSK
+                 | SSL_kSRP)) {
+        return 1;
+    }
+
+    return 0;
+}
+
+/*
+ * ossl_statem_client_read_transition() encapsulates the logic for the allowed
+ * handshake state transitions when a TLS1.3 client is reading messages from the
+ * server. The message type that the server has sent is provided in |mt|. The
+ * current state is in |s->statem.hand_state|.
+ *
+ * Return values are 1 for success (transition allowed) and  0 on error
+ * (transition not allowed)
+ */
+static int ossl_statem_client13_read_transition(SSL *s, int mt)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    /*
+     * Note: There is no case for TLS_ST_CW_CLNT_HELLO, because we haven't
+     * yet negotiated TLSv1.3 at that point so that is handled by
+     * ossl_statem_client_read_transition()
+     */
+
+    switch (st->hand_state) {
+    default:
+        break;
+
+    case TLS_ST_CW_CLNT_HELLO:
+        /*
+         * This must a ClientHello following a HelloRetryRequest, so the only
+         * thing we can get now is a ServerHello.
+         */
+        if (mt == SSL3_MT_SERVER_HELLO) {
+            st->hand_state = TLS_ST_CR_SRVR_HELLO;
+            return 1;
+        }
+        break;
+
+    case TLS_ST_CR_SRVR_HELLO:
+        if (mt == SSL3_MT_ENCRYPTED_EXTENSIONS) {
+            st->hand_state = TLS_ST_CR_ENCRYPTED_EXTENSIONS;
+            return 1;
+        }
+        break;
+
+    case TLS_ST_CR_ENCRYPTED_EXTENSIONS:
+        if (s->hit) {
+            if (mt == SSL3_MT_FINISHED) {
+                st->hand_state = TLS_ST_CR_FINISHED;
+                return 1;
+            }
+        } else {
+            if (mt == SSL3_MT_CERTIFICATE_REQUEST) {
+                st->hand_state = TLS_ST_CR_CERT_REQ;
+                return 1;
+            }
+            if (mt == SSL3_MT_CERTIFICATE) {
+                st->hand_state = TLS_ST_CR_CERT;
+                return 1;
+            }
+        }
+        break;
+
+    case TLS_ST_CR_CERT_REQ:
+        if (mt == SSL3_MT_CERTIFICATE) {
+            st->hand_state = TLS_ST_CR_CERT;
+            return 1;
+        }
+        break;
+
+    case TLS_ST_CR_CERT:
+        if (mt == SSL3_MT_CERTIFICATE_VERIFY) {
+            st->hand_state = TLS_ST_CR_CERT_VRFY;
+            return 1;
+        }
+        break;
+
+    case TLS_ST_CR_CERT_VRFY:
+        if (mt == SSL3_MT_FINISHED) {
+            st->hand_state = TLS_ST_CR_FINISHED;
+            return 1;
+        }
+        break;
+
+    case TLS_ST_OK:
+        if (mt == SSL3_MT_NEWSESSION_TICKET) {
+            st->hand_state = TLS_ST_CR_SESSION_TICKET;
+            return 1;
+        }
+        if (mt == SSL3_MT_KEY_UPDATE) {
+            st->hand_state = TLS_ST_CR_KEY_UPDATE;
+            return 1;
+        }
+        if (mt == SSL3_MT_CERTIFICATE_REQUEST) {
+#if DTLS_MAX_VERSION != DTLS1_2_VERSION
+# error TODO(DTLS1.3): Restore digest for PHA before adding message.
+#endif
+            if (!SSL_IS_DTLS(s) && s->post_handshake_auth == SSL_PHA_EXT_SENT) {
+                s->post_handshake_auth = SSL_PHA_REQUESTED;
+                /*
+                 * In TLS, this is called before the message is added to the
+                 * digest. In DTLS, this is expected to be called after adding
+                 * to the digest. Either move the digest restore, or add the
+                 * message here after the swap, or do it after the clientFinished?
+                 */
+                if (!tls13_restore_handshake_digest_for_pha(s)) {
+                    /* SSLfatal() already called */
+                    return 0;
+                }
+                st->hand_state = TLS_ST_CR_CERT_REQ;
+                return 1;
+            }
+        }
+        break;
+    }
+
+    /* No valid transition found */
+    return 0;
+}
+
+/*
+ * ossl_statem_client_read_transition() encapsulates the logic for the allowed
+ * handshake state transitions when the client is reading messages from the
+ * server. The message type that the server has sent is provided in |mt|. The
+ * current state is in |s->statem.hand_state|.
+ *
+ * Return values are 1 for success (transition allowed) and  0 on error
+ * (transition not allowed)
+ */
+int ossl_statem_client_read_transition(SSL *s, int mt)
+{
+    OSSL_STATEM *st = &s->statem;
+    int ske_expected;
+
+    /*
+     * Note that after writing the first ClientHello we don't know what version
+     * we are going to negotiate yet, so we don't take this branch until later.
+     */
+    if (SSL_IS_TLS13(s)) {
+        if (!ossl_statem_client13_read_transition(s, mt))
+            goto err;
+        return 1;
+    }
+
+    switch (st->hand_state) {
+    default:
+        break;
+
+    case TLS_ST_CW_CLNT_HELLO:
+        if (mt == SSL3_MT_SERVER_HELLO) {
+            st->hand_state = TLS_ST_CR_SRVR_HELLO;
+            return 1;
+        }
+
+        if (SSL_IS_DTLS(s)) {
+            if (mt == DTLS1_MT_HELLO_VERIFY_REQUEST) {
+                st->hand_state = DTLS_ST_CR_HELLO_VERIFY_REQUEST;
+                return 1;
+            }
+        }
+        break;
+
+    case TLS_ST_EARLY_DATA:
+        /*
+         * We've not actually selected TLSv1.3 yet, but we have sent early
+         * data. The only thing allowed now is a ServerHello or a
+         * HelloRetryRequest.
+         */
+        if (mt == SSL3_MT_SERVER_HELLO) {
+            st->hand_state = TLS_ST_CR_SRVR_HELLO;
+            return 1;
+        }
+        break;
+
+    case TLS_ST_CR_SRVR_HELLO:
+        if (s->hit) {
+            if (s->ext.ticket_expected) {
+                if (mt == SSL3_MT_NEWSESSION_TICKET) {
+                    st->hand_state = TLS_ST_CR_SESSION_TICKET;
+                    return 1;
+                }
+            } else if (mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
+                st->hand_state = TLS_ST_CR_CHANGE;
+                return 1;
+            }
+        } else {
+            if (SSL_IS_DTLS(s) && mt == DTLS1_MT_HELLO_VERIFY_REQUEST) {
+                st->hand_state = DTLS_ST_CR_HELLO_VERIFY_REQUEST;
+                return 1;
+            } else if (s->version >= TLS1_VERSION
+                       && s->ext.session_secret_cb != NULL
+                       && s->session->ext.tick != NULL
+                       && mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
+                /*
+                 * Normally, we can tell if the server is resuming the session
+                 * from the session ID. EAP-FAST (RFC 4851), however, relies on
+                 * the next server message after the ServerHello to determine if
+                 * the server is resuming.
+                 */
+                s->hit = 1;
+                st->hand_state = TLS_ST_CR_CHANGE;
+                return 1;
+            } else if (!(s->s3->tmp.new_cipher->algorithm_auth
+                         & (SSL_aNULL | SSL_aSRP | SSL_aPSK))) {
+                if (mt == SSL3_MT_CERTIFICATE) {
+                    st->hand_state = TLS_ST_CR_CERT;
+                    return 1;
+                }
+            } else {
+                ske_expected = key_exchange_expected(s);
+                /* SKE is optional for some PSK ciphersuites */
+                if (ske_expected
+                    || ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK)
+                        && mt == SSL3_MT_SERVER_KEY_EXCHANGE)) {
+                    if (mt == SSL3_MT_SERVER_KEY_EXCHANGE) {
+                        st->hand_state = TLS_ST_CR_KEY_EXCH;
+                        return 1;
+                    }
+                } else if (mt == SSL3_MT_CERTIFICATE_REQUEST
+                           && cert_req_allowed(s)) {
+                    st->hand_state = TLS_ST_CR_CERT_REQ;
+                    return 1;
+                } else if (mt == SSL3_MT_SERVER_DONE) {
+                    st->hand_state = TLS_ST_CR_SRVR_DONE;
+                    return 1;
+                }
+            }
+        }
+        break;
+
+    case TLS_ST_CR_CERT:
+        /*
+         * The CertificateStatus message is optional even if
+         * |ext.status_expected| is set
+         */
+        if (s->ext.status_expected && mt == SSL3_MT_CERTIFICATE_STATUS) {
+            st->hand_state = TLS_ST_CR_CERT_STATUS;
+            return 1;
+        }
+        /* Fall through */
+
+    case TLS_ST_CR_CERT_STATUS:
+        ske_expected = key_exchange_expected(s);
+        /* SKE is optional for some PSK ciphersuites */
+        if (ske_expected || ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK)
+                             && mt == SSL3_MT_SERVER_KEY_EXCHANGE)) {
+            if (mt == SSL3_MT_SERVER_KEY_EXCHANGE) {
+                st->hand_state = TLS_ST_CR_KEY_EXCH;
+                return 1;
+            }
+            goto err;
+        }
+        /* Fall through */
+
+    case TLS_ST_CR_KEY_EXCH:
+        if (mt == SSL3_MT_CERTIFICATE_REQUEST) {
+            if (cert_req_allowed(s)) {
+                st->hand_state = TLS_ST_CR_CERT_REQ;
+                return 1;
+            }
+            goto err;
+        }
+        /* Fall through */
+
+    case TLS_ST_CR_CERT_REQ:
+        if (mt == SSL3_MT_SERVER_DONE) {
+            st->hand_state = TLS_ST_CR_SRVR_DONE;
+            return 1;
+        }
+        break;
+
+    case TLS_ST_CW_FINISHED:
+        if (s->ext.ticket_expected) {
+            if (mt == SSL3_MT_NEWSESSION_TICKET) {
+                st->hand_state = TLS_ST_CR_SESSION_TICKET;
+                return 1;
+            }
+        } else if (mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
+            st->hand_state = TLS_ST_CR_CHANGE;
+            return 1;
+        }
+        break;
+
+    case TLS_ST_CR_SESSION_TICKET:
+        if (mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
+            st->hand_state = TLS_ST_CR_CHANGE;
+            return 1;
+        }
+        break;
+
+    case TLS_ST_CR_CHANGE:
+        if (mt == SSL3_MT_FINISHED) {
+            st->hand_state = TLS_ST_CR_FINISHED;
+            return 1;
+        }
+        break;
+
+    case TLS_ST_OK:
+        if (mt == SSL3_MT_HELLO_REQUEST) {
+            st->hand_state = TLS_ST_CR_HELLO_REQ;
+            return 1;
+        }
+        break;
+    }
+
+ err:
+    /* No valid transition found */
+    if (SSL_IS_DTLS(s) && mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
+        BIO *rbio;
+
+        /*
+         * CCS messages don't have a message sequence number so this is probably
+         * because of an out-of-order CCS. We'll just drop it.
+         */
+        s->init_num = 0;
+        s->rwstate = SSL_READING;
+        rbio = SSL_get_rbio(s);
+        BIO_clear_retry_flags(rbio);
+        BIO_set_retry_read(rbio);
+        return 0;
+    }
+    SSLfatal(s, SSL3_AD_UNEXPECTED_MESSAGE,
+             SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION,
+             SSL_R_UNEXPECTED_MESSAGE);
+    return 0;
+}
+
+/*
+ * ossl_statem_client13_write_transition() works out what handshake state to
+ * move to next when the TLSv1.3 client is writing messages to be sent to the
+ * server.
+ */
+static WRITE_TRAN ossl_statem_client13_write_transition(SSL *s)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    /*
+     * Note: There are no cases for TLS_ST_BEFORE because we haven't negotiated
+     * TLSv1.3 yet at that point. They are handled by
+     * ossl_statem_client_write_transition().
+     */
+    switch (st->hand_state) {
+    default:
+        /* Shouldn't happen */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_OSSL_STATEM_CLIENT13_WRITE_TRANSITION,
+                 ERR_R_INTERNAL_ERROR);
+        return WRITE_TRAN_ERROR;
+
+    case TLS_ST_CR_CERT_REQ:
+        if (s->post_handshake_auth == SSL_PHA_REQUESTED) {
+            st->hand_state = TLS_ST_CW_CERT;
+            return WRITE_TRAN_CONTINUE;
+        }
+        /*
+         * We should only get here if we received a CertificateRequest after
+         * we already sent close_notify
+         */
+        if (!ossl_assert((s->shutdown & SSL_SENT_SHUTDOWN) != 0)) {
+            /* Shouldn't happen - same as default case */
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_OSSL_STATEM_CLIENT13_WRITE_TRANSITION,
+                     ERR_R_INTERNAL_ERROR);
+            return WRITE_TRAN_ERROR;
+        }
+        st->hand_state = TLS_ST_OK;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_CR_FINISHED:
+        if (s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY
+                || s->early_data_state == SSL_EARLY_DATA_FINISHED_WRITING)
+            st->hand_state = TLS_ST_PENDING_EARLY_DATA_END;
+        else if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0
+                 && s->hello_retry_request == SSL_HRR_NONE)
+            st->hand_state = TLS_ST_CW_CHANGE;
+        else
+            st->hand_state = (s->s3->tmp.cert_req != 0) ? TLS_ST_CW_CERT
+                                                        : TLS_ST_CW_FINISHED;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_PENDING_EARLY_DATA_END:
+        if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {
+            st->hand_state = TLS_ST_CW_END_OF_EARLY_DATA;
+            return WRITE_TRAN_CONTINUE;
+        }
+        /* Fall through */
+
+    case TLS_ST_CW_END_OF_EARLY_DATA:
+    case TLS_ST_CW_CHANGE:
+        st->hand_state = (s->s3->tmp.cert_req != 0) ? TLS_ST_CW_CERT
+                                                    : TLS_ST_CW_FINISHED;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_CW_CERT:
+        /* If a non-empty Certificate we also send CertificateVerify */
+        st->hand_state = (s->s3->tmp.cert_req == 1) ? TLS_ST_CW_CERT_VRFY
+                                                    : TLS_ST_CW_FINISHED;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_CW_CERT_VRFY:
+        st->hand_state = TLS_ST_CW_FINISHED;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_CR_KEY_UPDATE:
+        if (s->key_update != SSL_KEY_UPDATE_NONE) {
+            st->hand_state = TLS_ST_CW_KEY_UPDATE;
+            return WRITE_TRAN_CONTINUE;
+        }
+        /* Fall through */
+
+    case TLS_ST_CW_KEY_UPDATE:
+    case TLS_ST_CR_SESSION_TICKET:
+    case TLS_ST_CW_FINISHED:
+        st->hand_state = TLS_ST_OK;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_OK:
+        if (s->key_update != SSL_KEY_UPDATE_NONE) {
+            st->hand_state = TLS_ST_CW_KEY_UPDATE;
+            return WRITE_TRAN_CONTINUE;
+        }
+
+        /* Try to read from the server instead */
+        return WRITE_TRAN_FINISHED;
+    }
+}
+
+/*
+ * ossl_statem_client_write_transition() works out what handshake state to
+ * move to next when the client is writing messages to be sent to the server.
+ */
+WRITE_TRAN ossl_statem_client_write_transition(SSL *s)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    /*
+     * Note that immediately before/after a ClientHello we don't know what
+     * version we are going to negotiate yet, so we don't take this branch until
+     * later
+     */
+    if (SSL_IS_TLS13(s))
+        return ossl_statem_client13_write_transition(s);
+
+    switch (st->hand_state) {
+    default:
+        /* Shouldn't happen */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_OSSL_STATEM_CLIENT_WRITE_TRANSITION,
+                 ERR_R_INTERNAL_ERROR);
+        return WRITE_TRAN_ERROR;
+
+    case TLS_ST_OK:
+        if (!s->renegotiate) {
+            /*
+             * We haven't requested a renegotiation ourselves so we must have
+             * received a message from the server. Better read it.
+             */
+            return WRITE_TRAN_FINISHED;
+        }
+        /* Renegotiation */
+        /* fall thru */
+    case TLS_ST_BEFORE:
+        st->hand_state = TLS_ST_CW_CLNT_HELLO;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_CW_CLNT_HELLO:
+        if (s->early_data_state == SSL_EARLY_DATA_CONNECTING) {
+            /*
+             * We are assuming this is a TLSv1.3 connection, although we haven't
+             * actually selected a version yet.
+             */
+            if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0)
+                st->hand_state = TLS_ST_CW_CHANGE;
+            else
+                st->hand_state = TLS_ST_EARLY_DATA;
+            return WRITE_TRAN_CONTINUE;
+        }
+        /*
+         * No transition at the end of writing because we don't know what
+         * we will be sent
+         */
+        return WRITE_TRAN_FINISHED;
+
+    case TLS_ST_CR_SRVR_HELLO:
+        /*
+         * We only get here in TLSv1.3. We just received an HRR, so issue a
+         * CCS unless middlebox compat mode is off, or we already issued one
+         * because we did early data.
+         */
+        if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0
+                && s->early_data_state != SSL_EARLY_DATA_FINISHED_WRITING)
+            st->hand_state = TLS_ST_CW_CHANGE;
+        else
+            st->hand_state = TLS_ST_CW_CLNT_HELLO;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_EARLY_DATA:
+        return WRITE_TRAN_FINISHED;
+
+    case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
+        st->hand_state = TLS_ST_CW_CLNT_HELLO;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_CR_SRVR_DONE:
+        if (s->s3->tmp.cert_req)
+            st->hand_state = TLS_ST_CW_CERT;
+        else
+            st->hand_state = TLS_ST_CW_KEY_EXCH;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_CW_CERT:
+        st->hand_state = TLS_ST_CW_KEY_EXCH;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_CW_KEY_EXCH:
+        /*
+         * For TLS, cert_req is set to 2, so a cert chain of nothing is
+         * sent, but no verify packet is sent
+         */
+        /*
+         * XXX: For now, we do not support client authentication in ECDH
+         * cipher suites with ECDH (rather than ECDSA) certificates. We
+         * need to skip the certificate verify message when client's
+         * ECDH public key is sent inside the client certificate.
+         */
+        if (s->s3->tmp.cert_req == 1) {
+            st->hand_state = TLS_ST_CW_CERT_VRFY;
+        } else {
+            st->hand_state = TLS_ST_CW_CHANGE;
+        }
+        if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) {
+            st->hand_state = TLS_ST_CW_CHANGE;
+        }
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_CW_CERT_VRFY:
+        st->hand_state = TLS_ST_CW_CHANGE;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_CW_CHANGE:
+        if (s->hello_retry_request == SSL_HRR_PENDING) {
+            st->hand_state = TLS_ST_CW_CLNT_HELLO;
+        } else if (s->early_data_state == SSL_EARLY_DATA_CONNECTING) {
+            st->hand_state = TLS_ST_EARLY_DATA;
+        } else {
+#if defined(OPENSSL_NO_NEXTPROTONEG)
+            st->hand_state = TLS_ST_CW_FINISHED;
+#else
+            if (!SSL_IS_DTLS(s) && s->s3->npn_seen)
+                st->hand_state = TLS_ST_CW_NEXT_PROTO;
+            else
+                st->hand_state = TLS_ST_CW_FINISHED;
+#endif
+        }
+        return WRITE_TRAN_CONTINUE;
+
+#if !defined(OPENSSL_NO_NEXTPROTONEG)
+    case TLS_ST_CW_NEXT_PROTO:
+        st->hand_state = TLS_ST_CW_FINISHED;
+        return WRITE_TRAN_CONTINUE;
+#endif
+
+    case TLS_ST_CW_FINISHED:
+        if (s->hit) {
+            st->hand_state = TLS_ST_OK;
+            return WRITE_TRAN_CONTINUE;
+        } else {
+            return WRITE_TRAN_FINISHED;
+        }
+
+    case TLS_ST_CR_FINISHED:
+        if (s->hit) {
+            st->hand_state = TLS_ST_CW_CHANGE;
+            return WRITE_TRAN_CONTINUE;
+        } else {
+            st->hand_state = TLS_ST_OK;
+            return WRITE_TRAN_CONTINUE;
+        }
+
+    case TLS_ST_CR_HELLO_REQ:
+        /*
+         * If we can renegotiate now then do so, otherwise wait for a more
+         * convenient time.
+         */
+        if (ssl3_renegotiate_check(s, 1)) {
+            if (!tls_setup_handshake(s)) {
+                /* SSLfatal() already called */
+                return WRITE_TRAN_ERROR;
+            }
+            st->hand_state = TLS_ST_CW_CLNT_HELLO;
+            return WRITE_TRAN_CONTINUE;
+        }
+        st->hand_state = TLS_ST_OK;
+        return WRITE_TRAN_CONTINUE;
+    }
+}
+
+/*
+ * Perform any pre work that needs to be done prior to sending a message from
+ * the client to the server.
+ */
+WORK_STATE ossl_statem_client_pre_work(SSL *s, WORK_STATE wst)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    switch (st->hand_state) {
+    default:
+        /* No pre work to be done */
+        break;
+
+    case TLS_ST_CW_CLNT_HELLO:
+        s->shutdown = 0;
+        if (SSL_IS_DTLS(s)) {
+            /* every DTLS ClientHello resets Finished MAC */
+            if (!ssl3_init_finished_mac(s)) {
+                /* SSLfatal() already called */
+                return WORK_ERROR;
+            }
+        }
+        break;
+
+    case TLS_ST_CW_CHANGE:
+        if (SSL_IS_DTLS(s)) {
+            if (s->hit) {
+                /*
+                 * We're into the last flight so we don't retransmit these
+                 * messages unless we need to.
+                 */
+                st->use_timer = 0;
+            }
+#ifndef OPENSSL_NO_SCTP
+            if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
+                /* Calls SSLfatal() as required */
+                return dtls_wait_for_dry(s);
+            }
+#endif
+        }
+        break;
+
+    case TLS_ST_PENDING_EARLY_DATA_END:
+        /*
+         * If we've been called by SSL_do_handshake()/SSL_write(), or we did not
+         * attempt to write early data before calling SSL_read() then we press
+         * on with the handshake. Otherwise we pause here.
+         */
+        if (s->early_data_state == SSL_EARLY_DATA_FINISHED_WRITING
+                || s->early_data_state == SSL_EARLY_DATA_NONE)
+            return WORK_FINISHED_CONTINUE;
+        /* Fall through */
+
+    case TLS_ST_EARLY_DATA:
+        return tls_finish_handshake(s, wst, 0, 1);
+
+    case TLS_ST_OK:
+        /* Calls SSLfatal() as required */
+        return tls_finish_handshake(s, wst, 1, 1);
+    }
+
+    return WORK_FINISHED_CONTINUE;
+}
+
+/*
+ * Perform any work that needs to be done after sending a message from the
+ * client to the server.
+ */
+WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    s->init_num = 0;
+
+    switch (st->hand_state) {
+    default:
+        /* No post work to be done */
+        break;
+
+    case TLS_ST_CW_CLNT_HELLO:
+        if (s->early_data_state == SSL_EARLY_DATA_CONNECTING
+                && s->max_early_data > 0) {
+            /*
+             * We haven't selected TLSv1.3 yet so we don't call the change
+             * cipher state function associated with the SSL_METHOD. Instead
+             * we call tls13_change_cipher_state() directly.
+             */
+            if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) == 0) {
+                if (!tls13_change_cipher_state(s,
+                            SSL3_CC_EARLY | SSL3_CHANGE_CIPHER_CLIENT_WRITE)) {
+                    /* SSLfatal() already called */
+                    return WORK_ERROR;
+                }
+            }
+            /* else we're in compat mode so we delay flushing until after CCS */
+        } else if (!statem_flush(s)) {
+            return WORK_MORE_A;
+        }
+
+        if (SSL_IS_DTLS(s)) {
+            /* Treat the next message as the first packet */
+            s->first_packet = 1;
+        }
+        break;
+
+    case TLS_ST_CW_END_OF_EARLY_DATA:
+        /*
+         * We set the enc_write_ctx back to NULL because we may end up writing
+         * in cleartext again if we get a HelloRetryRequest from the server.
+         */
+        EVP_CIPHER_CTX_free(s->enc_write_ctx);
+        s->enc_write_ctx = NULL;
+        break;
+
+    case TLS_ST_CW_KEY_EXCH:
+        if (tls_client_key_exchange_post_work(s) == 0) {
+            /* SSLfatal() already called */
+            return WORK_ERROR;
+        }
+        break;
+
+    case TLS_ST_CW_CHANGE:
+        if (SSL_IS_TLS13(s) || s->hello_retry_request == SSL_HRR_PENDING)
+            break;
+        if (s->early_data_state == SSL_EARLY_DATA_CONNECTING
+                    && s->max_early_data > 0) {
+            /*
+             * We haven't selected TLSv1.3 yet so we don't call the change
+             * cipher state function associated with the SSL_METHOD. Instead
+             * we call tls13_change_cipher_state() directly.
+             */
+            if (!tls13_change_cipher_state(s,
+                        SSL3_CC_EARLY | SSL3_CHANGE_CIPHER_CLIENT_WRITE))
+                return WORK_ERROR;
+            break;
+        }
+        s->session->cipher = s->s3->tmp.new_cipher;
+#ifdef OPENSSL_NO_COMP
+        s->session->compress_meth = 0;
+#else
+        if (s->s3->tmp.new_compression == NULL)
+            s->session->compress_meth = 0;
+        else
+            s->session->compress_meth = s->s3->tmp.new_compression->id;
+#endif
+        if (!s->method->ssl3_enc->setup_key_block(s)) {
+            /* SSLfatal() already called */
+            return WORK_ERROR;
+        }
+
+        if (!s->method->ssl3_enc->change_cipher_state(s,
+                                          SSL3_CHANGE_CIPHER_CLIENT_WRITE)) {
+            /* SSLfatal() already called */
+            return WORK_ERROR;
+        }
+
+        if (SSL_IS_DTLS(s)) {
+#ifndef OPENSSL_NO_SCTP
+            if (s->hit) {
+                /*
+                 * Change to new shared key of SCTP-Auth, will be ignored if
+                 * no SCTP used.
+                 */
+                BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY,
+                         0, NULL);
+            }
+#endif
+
+            dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
+        }
+        break;
+
+    case TLS_ST_CW_FINISHED:
+#ifndef OPENSSL_NO_SCTP
+        if (wst == WORK_MORE_A && SSL_IS_DTLS(s) && s->hit == 0) {
+            /*
+             * Change to new shared key of SCTP-Auth, will be ignored if
+             * no SCTP used.
+             */
+            BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY,
+                     0, NULL);
+        }
+#endif
+        if (statem_flush(s) != 1)
+            return WORK_MORE_B;
+
+        if (SSL_IS_TLS13(s)) {
+            if (!tls13_save_handshake_digest_for_pha(s)) {
+                /* SSLfatal() already called */
+                return WORK_ERROR;
+            }
+            if (s->post_handshake_auth != SSL_PHA_REQUESTED) {
+                if (!s->method->ssl3_enc->change_cipher_state(s,
+                        SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_CLIENT_WRITE)) {
+                    /* SSLfatal() already called */
+                    return WORK_ERROR;
+                }
+            }
+        }
+        break;
+
+    case TLS_ST_CW_KEY_UPDATE:
+        if (statem_flush(s) != 1)
+            return WORK_MORE_A;
+        if (!tls13_update_key(s, 1)) {
+            /* SSLfatal() already called */
+            return WORK_ERROR;
+        }
+        break;
+    }
+
+    return WORK_FINISHED_CONTINUE;
+}
+
+/*
+ * Get the message construction function and message type for sending from the
+ * client
+ *
+ * Valid return values are:
+ *   1: Success
+ *   0: Error
+ */
+int ossl_statem_client_construct_message(SSL *s, WPACKET *pkt,
+                                         confunc_f *confunc, int *mt)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    switch (st->hand_state) {
+    default:
+        /* Shouldn't happen */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_OSSL_STATEM_CLIENT_CONSTRUCT_MESSAGE,
+                 SSL_R_BAD_HANDSHAKE_STATE);
+        return 0;
+
+    case TLS_ST_CW_CHANGE:
+        if (SSL_IS_DTLS(s))
+            *confunc = dtls_construct_change_cipher_spec;
+        else
+            *confunc = tls_construct_change_cipher_spec;
+        *mt = SSL3_MT_CHANGE_CIPHER_SPEC;
+        break;
+
+    case TLS_ST_CW_CLNT_HELLO:
+        *confunc = tls_construct_client_hello;
+        *mt = SSL3_MT_CLIENT_HELLO;
+        break;
+
+    case TLS_ST_CW_END_OF_EARLY_DATA:
+        *confunc = tls_construct_end_of_early_data;
+        *mt = SSL3_MT_END_OF_EARLY_DATA;
+        break;
+
+    case TLS_ST_PENDING_EARLY_DATA_END:
+        *confunc = NULL;
+        *mt = SSL3_MT_DUMMY;
+        break;
+
+    case TLS_ST_CW_CERT:
+        *confunc = tls_construct_client_certificate;
+        *mt = SSL3_MT_CERTIFICATE;
+        break;
+
+    case TLS_ST_CW_KEY_EXCH:
+        *confunc = tls_construct_client_key_exchange;
+        *mt = SSL3_MT_CLIENT_KEY_EXCHANGE;
+        break;
+
+    case TLS_ST_CW_CERT_VRFY:
+        *confunc = tls_construct_cert_verify;
+        *mt = SSL3_MT_CERTIFICATE_VERIFY;
+        break;
+
+#if !defined(OPENSSL_NO_NEXTPROTONEG)
+    case TLS_ST_CW_NEXT_PROTO:
+        *confunc = tls_construct_next_proto;
+        *mt = SSL3_MT_NEXT_PROTO;
+        break;
+#endif
+    case TLS_ST_CW_FINISHED:
+        *confunc = tls_construct_finished;
+        *mt = SSL3_MT_FINISHED;
+        break;
+
+    case TLS_ST_CW_KEY_UPDATE:
+        *confunc = tls_construct_key_update;
+        *mt = SSL3_MT_KEY_UPDATE;
+        break;
+    }
+
+    return 1;
+}
+
+/*
+ * Returns the maximum allowed length for the current message that we are
+ * reading. Excludes the message header.
+ */
+size_t ossl_statem_client_max_message_size(SSL *s)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    switch (st->hand_state) {
+    default:
+        /* Shouldn't happen */
+        return 0;
+
+    case TLS_ST_CR_SRVR_HELLO:
+        return SERVER_HELLO_MAX_LENGTH;
+
+    case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
+        return HELLO_VERIFY_REQUEST_MAX_LENGTH;
+
+    case TLS_ST_CR_CERT:
+        return s->max_cert_list;
+
+    case TLS_ST_CR_CERT_VRFY:
+        return SSL3_RT_MAX_PLAIN_LENGTH;
+
+    case TLS_ST_CR_CERT_STATUS:
+        return SSL3_RT_MAX_PLAIN_LENGTH;
+
+    case TLS_ST_CR_KEY_EXCH:
+        return SERVER_KEY_EXCH_MAX_LENGTH;
+
+    case TLS_ST_CR_CERT_REQ:
+        /*
+         * Set to s->max_cert_list for compatibility with previous releases. In
+         * practice these messages can get quite long if servers are configured
+         * to provide a long list of acceptable CAs
+         */
+        return s->max_cert_list;
+
+    case TLS_ST_CR_SRVR_DONE:
+        return SERVER_HELLO_DONE_MAX_LENGTH;
+
+    case TLS_ST_CR_CHANGE:
+        if (s->version == DTLS1_BAD_VER)
+            return 3;
+        return CCS_MAX_LENGTH;
+
+    case TLS_ST_CR_SESSION_TICKET:
+        return SSL3_RT_MAX_PLAIN_LENGTH;
+
+    case TLS_ST_CR_FINISHED:
+        return FINISHED_MAX_LENGTH;
+
+    case TLS_ST_CR_ENCRYPTED_EXTENSIONS:
+        return ENCRYPTED_EXTENSIONS_MAX_LENGTH;
+
+    case TLS_ST_CR_KEY_UPDATE:
+        return KEY_UPDATE_MAX_LENGTH;
+    }
+}
+
+/*
+ * Process a message that the client has been received from the server.
+ */
+MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL *s, PACKET *pkt)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    switch (st->hand_state) {
+    default:
+        /* Shouldn't happen */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_OSSL_STATEM_CLIENT_PROCESS_MESSAGE,
+                 ERR_R_INTERNAL_ERROR);
+        return MSG_PROCESS_ERROR;
+
+    case TLS_ST_CR_SRVR_HELLO:
+        return tls_process_server_hello(s, pkt);
+
+    case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
+        return dtls_process_hello_verify(s, pkt);
+
+    case TLS_ST_CR_CERT:
+        return tls_process_server_certificate(s, pkt);
+
+    case TLS_ST_CR_CERT_VRFY:
+        return tls_process_cert_verify(s, pkt);
+
+    case TLS_ST_CR_CERT_STATUS:
+        return tls_process_cert_status(s, pkt);
+
+    case TLS_ST_CR_KEY_EXCH:
+        return tls_process_key_exchange(s, pkt);
+
+    case TLS_ST_CR_CERT_REQ:
+        return tls_process_certificate_request(s, pkt);
+
+    case TLS_ST_CR_SRVR_DONE:
+        return tls_process_server_done(s, pkt);
+
+    case TLS_ST_CR_CHANGE:
+        return tls_process_change_cipher_spec(s, pkt);
+
+    case TLS_ST_CR_SESSION_TICKET:
+        return tls_process_new_session_ticket(s, pkt);
+
+    case TLS_ST_CR_FINISHED:
+        return tls_process_finished(s, pkt);
+
+    case TLS_ST_CR_HELLO_REQ:
+        return tls_process_hello_req(s, pkt);
+
+    case TLS_ST_CR_ENCRYPTED_EXTENSIONS:
+        return tls_process_encrypted_extensions(s, pkt);
+
+    case TLS_ST_CR_KEY_UPDATE:
+        return tls_process_key_update(s, pkt);
+    }
+}
+
+/*
+ * Perform any further processing required following the receipt of a message
+ * from the server
+ */
+WORK_STATE ossl_statem_client_post_process_message(SSL *s, WORK_STATE wst)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    switch (st->hand_state) {
+    default:
+        /* Shouldn't happen */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_OSSL_STATEM_CLIENT_POST_PROCESS_MESSAGE,
+                 ERR_R_INTERNAL_ERROR);
+        return WORK_ERROR;
+
+    case TLS_ST_CR_CERT_REQ:
+        return tls_prepare_client_certificate(s, wst);
+    }
+}
+
+int tls_construct_client_hello(SSL *s, WPACKET *pkt)
+{
+    unsigned char *p;
+    size_t sess_id_len;
+    int i, protverr;
+#ifndef OPENSSL_NO_COMP
+    SSL_COMP *comp;
+#endif
+    SSL_SESSION *sess = s->session;
+    unsigned char *session_id;
+
+    if (!WPACKET_set_max_size(pkt, SSL3_RT_MAX_PLAIN_LENGTH)) {
+        /* Should not happen */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    /* Work out what SSL/TLS/DTLS version to use */
+    protverr = ssl_set_client_hello_version(s);
+    if (protverr != 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO,
+                 protverr);
+        return 0;
+    }
+
+    if (sess == NULL
+            || !ssl_version_supported(s, sess->ssl_version, NULL)
+            || !SSL_SESSION_is_resumable(sess)) {
+        if (s->hello_retry_request == SSL_HRR_NONE
+                && !ssl_get_new_session(s, 0)) {
+            /* SSLfatal() already called */
+            return 0;
+        }
+    }
+    /* else use the pre-loaded session */
+
+    p = s->s3->client_random;
+
+    /*
+     * for DTLS if client_random is initialized, reuse it, we are
+     * required to use same upon reply to HelloVerify
+     */
+    if (SSL_IS_DTLS(s)) {
+        size_t idx;
+        i = 1;
+        for (idx = 0; idx < sizeof(s->s3->client_random); idx++) {
+            if (p[idx]) {
+                i = 0;
+                break;
+            }
+        }
+    } else {
+        i = (s->hello_retry_request == SSL_HRR_NONE);
+    }
+
+    if (i && ssl_fill_hello_random(s, 0, p, sizeof(s->s3->client_random),
+                                   DOWNGRADE_NONE) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    /*-
+     * version indicates the negotiated version: for example from
+     * an SSLv2/v3 compatible client hello). The client_version
+     * field is the maximum version we permit and it is also
+     * used in RSA encrypted premaster secrets. Some servers can
+     * choke if we initially report a higher version then
+     * renegotiate to a lower one in the premaster secret. This
+     * didn't happen with TLS 1.0 as most servers supported it
+     * but it can with TLS 1.1 or later if the server only supports
+     * 1.0.
+     *
+     * Possible scenario with previous logic:
+     *      1. Client hello indicates TLS 1.2
+     *      2. Server hello says TLS 1.0
+     *      3. RSA encrypted premaster secret uses 1.2.
+     *      4. Handshake proceeds using TLS 1.0.
+     *      5. Server sends hello request to renegotiate.
+     *      6. Client hello indicates TLS v1.0 as we now
+     *         know that is maximum server supports.
+     *      7. Server chokes on RSA encrypted premaster secret
+     *         containing version 1.0.
+     *
+     * For interoperability it should be OK to always use the
+     * maximum version we support in client hello and then rely
+     * on the checking of version to ensure the servers isn't
+     * being inconsistent: for example initially negotiating with
+     * TLS 1.0 and renegotiating with TLS 1.2. We do this by using
+     * client_version in client hello and not resetting it to
+     * the negotiated version.
+     *
+     * For TLS 1.3 we always set the ClientHello version to 1.2 and rely on the
+     * supported_versions extension for the real supported versions.
+     */
+    if (!WPACKET_put_bytes_u16(pkt, s->client_version)
+            || !WPACKET_memcpy(pkt, s->s3->client_random, SSL3_RANDOM_SIZE)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    /* Session ID */
+    session_id = s->session->session_id;
+    if (s->new_session || s->session->ssl_version == TLS1_3_VERSION) {
+        if (s->version == TLS1_3_VERSION
+                && (s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0) {
+            sess_id_len = sizeof(s->tmp_session_id);
+            s->tmp_session_id_len = sess_id_len;
+            session_id = s->tmp_session_id;
+            if (s->hello_retry_request == SSL_HRR_NONE
+                    && RAND_bytes(s->tmp_session_id, sess_id_len) <= 0) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_CONSTRUCT_CLIENT_HELLO,
+                         ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+        } else {
+            sess_id_len = 0;
+        }
+    } else {
+        assert(s->session->session_id_length <= sizeof(s->session->session_id));
+        sess_id_len = s->session->session_id_length;
+        if (s->version == TLS1_3_VERSION) {
+            s->tmp_session_id_len = sess_id_len;
+            memcpy(s->tmp_session_id, s->session->session_id, sess_id_len);
+        }
+    }
+    if (!WPACKET_start_sub_packet_u8(pkt)
+            || (sess_id_len != 0 && !WPACKET_memcpy(pkt, session_id,
+                                                    sess_id_len))
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    /* cookie stuff for DTLS */
+    if (SSL_IS_DTLS(s)) {
+        if (s->d1->cookie_len > sizeof(s->d1->cookie)
+                || !WPACKET_sub_memcpy_u8(pkt, s->d1->cookie,
+                                          s->d1->cookie_len)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+    }
+
+    /* Ciphers supported */
+    if (!WPACKET_start_sub_packet_u16(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    if (!ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), pkt)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+    if (!WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    /* COMPRESSION */
+    if (!WPACKET_start_sub_packet_u8(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+#ifndef OPENSSL_NO_COMP
+    if (ssl_allow_compression(s)
+            && s->ctx->comp_methods
+            && (SSL_IS_DTLS(s) || s->s3->tmp.max_ver < TLS1_3_VERSION)) {
+        int compnum = sk_SSL_COMP_num(s->ctx->comp_methods);
+        for (i = 0; i < compnum; i++) {
+            comp = sk_SSL_COMP_value(s->ctx->comp_methods, i);
+            if (!WPACKET_put_bytes_u8(pkt, comp->id)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_CONSTRUCT_CLIENT_HELLO,
+                         ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+        }
+    }
+#endif
+    /* Add the NULL method */
+    if (!WPACKET_put_bytes_u8(pkt, 0) || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    /* TLS extensions */
+    if (!tls_construct_extensions(s, pkt, SSL_EXT_CLIENT_HELLO, NULL, 0)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    return 1;
+}
+
+MSG_PROCESS_RETURN dtls_process_hello_verify(SSL *s, PACKET *pkt)
+{
+    size_t cookie_len;
+    PACKET cookiepkt;
+
+    if (!PACKET_forward(pkt, 2)
+        || !PACKET_get_length_prefixed_1(pkt, &cookiepkt)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_DTLS_PROCESS_HELLO_VERIFY,
+                 SSL_R_LENGTH_MISMATCH);
+        return MSG_PROCESS_ERROR;
+    }
+
+    cookie_len = PACKET_remaining(&cookiepkt);
+    if (cookie_len > sizeof(s->d1->cookie)) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_DTLS_PROCESS_HELLO_VERIFY,
+                 SSL_R_LENGTH_TOO_LONG);
+        return MSG_PROCESS_ERROR;
+    }
+
+    if (!PACKET_copy_bytes(&cookiepkt, s->d1->cookie, cookie_len)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_DTLS_PROCESS_HELLO_VERIFY,
+                 SSL_R_LENGTH_MISMATCH);
+        return MSG_PROCESS_ERROR;
+    }
+    s->d1->cookie_len = cookie_len;
+
+    return MSG_PROCESS_FINISHED_READING;
+}
+
+static int set_client_ciphersuite(SSL *s, const unsigned char *cipherchars)
+{
+    STACK_OF(SSL_CIPHER) *sk;
+    const SSL_CIPHER *c;
+    int i;
+
+    c = ssl_get_cipher_by_char(s, cipherchars, 0);
+    if (c == NULL) {
+        /* unknown cipher */
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SET_CLIENT_CIPHERSUITE,
+                 SSL_R_UNKNOWN_CIPHER_RETURNED);
+        return 0;
+    }
+    /*
+     * If it is a disabled cipher we either didn't send it in client hello,
+     * or it's not allowed for the selected protocol. So we return an error.
+     */
+    if (ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_CHECK, 1)) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SET_CLIENT_CIPHERSUITE,
+                 SSL_R_WRONG_CIPHER_RETURNED);
+        return 0;
+    }
+
+    sk = ssl_get_ciphers_by_id(s);
+    i = sk_SSL_CIPHER_find(sk, c);
+    if (i < 0) {
+        /* we did not say we would use this cipher */
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SET_CLIENT_CIPHERSUITE,
+                 SSL_R_WRONG_CIPHER_RETURNED);
+        return 0;
+    }
+
+    if (SSL_IS_TLS13(s) && s->s3->tmp.new_cipher != NULL
+            && s->s3->tmp.new_cipher->id != c->id) {
+        /* ServerHello selected a different ciphersuite to that in the HRR */
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SET_CLIENT_CIPHERSUITE,
+                 SSL_R_WRONG_CIPHER_RETURNED);
+        return 0;
+    }
+
+    /*
+     * Depending on the session caching (internal/external), the cipher
+     * and/or cipher_id values may not be set. Make sure that cipher_id is
+     * set and use it for comparison.
+     */
+    if (s->session->cipher != NULL)
+        s->session->cipher_id = s->session->cipher->id;
+    if (s->hit && (s->session->cipher_id != c->id)) {
+        if (SSL_IS_TLS13(s)) {
+            /*
+             * In TLSv1.3 it is valid for the server to select a different
+             * ciphersuite as long as the hash is the same.
+             */
+            if (ssl_md(c->algorithm2)
+                    != ssl_md(s->session->cipher->algorithm2)) {
+                SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                         SSL_F_SET_CLIENT_CIPHERSUITE,
+                         SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED);
+                return 0;
+            }
+        } else {
+            /*
+             * Prior to TLSv1.3 resuming a session always meant using the same
+             * ciphersuite.
+             */
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SET_CLIENT_CIPHERSUITE,
+                     SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
+            return 0;
+        }
+    }
+    s->s3->tmp.new_cipher = c;
+
+    return 1;
+}
+
+MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt)
+{
+    PACKET session_id, extpkt;
+    size_t session_id_len;
+    const unsigned char *cipherchars;
+    int hrr = 0;
+    unsigned int compression;
+    unsigned int sversion;
+    unsigned int context;
+    RAW_EXTENSION *extensions = NULL;
+#ifndef OPENSSL_NO_COMP
+    SSL_COMP *comp;
+#endif
+
+    if (!PACKET_get_net_2(pkt, &sversion)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO,
+                 SSL_R_LENGTH_MISMATCH);
+        goto err;
+    }
+
+    /* load the server random */
+    if (s->version == TLS1_3_VERSION
+            && sversion == TLS1_2_VERSION
+            && PACKET_remaining(pkt) >= SSL3_RANDOM_SIZE
+            && memcmp(hrrrandom, PACKET_data(pkt), SSL3_RANDOM_SIZE) == 0) {
+        s->hello_retry_request = SSL_HRR_PENDING;
+        hrr = 1;
+        if (!PACKET_forward(pkt, SSL3_RANDOM_SIZE)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO,
+                     SSL_R_LENGTH_MISMATCH);
+            goto err;
+        }
+    } else {
+        if (!PACKET_copy_bytes(pkt, s->s3->server_random, SSL3_RANDOM_SIZE)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO,
+                     SSL_R_LENGTH_MISMATCH);
+            goto err;
+        }
+    }
+
+    /* Get the session-id. */
+    if (!PACKET_get_length_prefixed_1(pkt, &session_id)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO,
+                 SSL_R_LENGTH_MISMATCH);
+        goto err;
+    }
+    session_id_len = PACKET_remaining(&session_id);
+    if (session_id_len > sizeof(s->session->session_id)
+        || session_id_len > SSL3_SESSION_ID_SIZE) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SERVER_HELLO,
+                 SSL_R_SSL3_SESSION_ID_TOO_LONG);
+        goto err;
+    }
+
+    if (!PACKET_get_bytes(pkt, &cipherchars, TLS_CIPHER_LEN)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO,
+                 SSL_R_LENGTH_MISMATCH);
+        goto err;
+    }
+
+    if (!PACKET_get_1(pkt, &compression)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO,
+                 SSL_R_LENGTH_MISMATCH);
+        goto err;
+    }
+
+    /* TLS extensions */
+    if (PACKET_remaining(pkt) == 0 && !hrr) {
+        PACKET_null_init(&extpkt);
+    } else if (!PACKET_as_length_prefixed_2(pkt, &extpkt)
+               || PACKET_remaining(pkt) != 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO,
+                 SSL_R_BAD_LENGTH);
+        goto err;
+    }
+
+    if (!hrr) {
+        if (!tls_collect_extensions(s, &extpkt,
+                                    SSL_EXT_TLS1_2_SERVER_HELLO
+                                    | SSL_EXT_TLS1_3_SERVER_HELLO,
+                                    &extensions, NULL, 1)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+
+        if (!ssl_choose_client_version(s, sversion, extensions)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    }
+
+    if (SSL_IS_TLS13(s) || hrr) {
+        if (compression != 0) {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                     SSL_F_TLS_PROCESS_SERVER_HELLO,
+                     SSL_R_INVALID_COMPRESSION_ALGORITHM);
+            goto err;
+        }
+
+        if (session_id_len != s->tmp_session_id_len
+                || memcmp(PACKET_data(&session_id), s->tmp_session_id,
+                          session_id_len) != 0) {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                     SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_INVALID_SESSION_ID);
+            goto err;
+        }
+    }
+
+    if (hrr) {
+        if (!set_client_ciphersuite(s, cipherchars)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+
+        return tls_process_as_hello_retry_request(s, &extpkt);
+    }
+
+    /*
+     * Now we have chosen the version we need to check again that the extensions
+     * are appropriate for this version.
+     */
+    context = SSL_IS_TLS13(s) ? SSL_EXT_TLS1_3_SERVER_HELLO
+                              : SSL_EXT_TLS1_2_SERVER_HELLO;
+    if (!tls_validate_all_contexts(s, context, extensions)) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SERVER_HELLO,
+                 SSL_R_BAD_EXTENSION);
+        goto err;
+    }
+
+    s->hit = 0;
+
+    if (SSL_IS_TLS13(s)) {
+        /*
+         * In TLSv1.3 a ServerHello message signals a key change so the end of
+         * the message must be on a record boundary.
+         */
+        if (RECORD_LAYER_processed_read_pending(&s->rlayer)) {
+            SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
+                     SSL_F_TLS_PROCESS_SERVER_HELLO,
+                     SSL_R_NOT_ON_RECORD_BOUNDARY);
+            goto err;
+        }
+
+        /* This will set s->hit if we are resuming */
+        if (!tls_parse_extension(s, TLSEXT_IDX_psk,
+                                 SSL_EXT_TLS1_3_SERVER_HELLO,
+                                 extensions, NULL, 0)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    } else {
+        /*
+         * Check if we can resume the session based on external pre-shared
+         * secret. EAP-FAST (RFC 4851) supports two types of session resumption.
+         * Resumption based on server-side state works with session IDs.
+         * Resumption based on pre-shared Protected Access Credentials (PACs)
+         * works by overriding the SessionTicket extension at the application
+         * layer, and does not send a session ID. (We do not know whether
+         * EAP-FAST servers would honour the session ID.) Therefore, the session
+         * ID alone is not a reliable indicator of session resumption, so we
+         * first check if we can resume, and later peek at the next handshake
+         * message to see if the server wants to resume.
+         */
+        if (s->version >= TLS1_VERSION
+                && s->ext.session_secret_cb != NULL && s->session->ext.tick) {
+            const SSL_CIPHER *pref_cipher = NULL;
+            /*
+             * s->session->master_key_length is a size_t, but this is an int for
+             * backwards compat reasons
+             */
+            int master_key_length;
+            master_key_length = sizeof(s->session->master_key);
+            if (s->ext.session_secret_cb(s, s->session->master_key,
+                                         &master_key_length,
+                                         NULL, &pref_cipher,
+                                         s->ext.session_secret_cb_arg)
+                     && master_key_length > 0) {
+                s->session->master_key_length = master_key_length;
+                s->session->cipher = pref_cipher ?
+                    pref_cipher : ssl_get_cipher_by_char(s, cipherchars, 0);
+            } else {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_PROCESS_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+        }
+
+        if (session_id_len != 0
+                && session_id_len == s->session->session_id_length
+                && memcmp(PACKET_data(&session_id), s->session->session_id,
+                          session_id_len) == 0)
+            s->hit = 1;
+    }
+
+    if (s->hit) {
+        if (s->sid_ctx_length != s->session->sid_ctx_length
+                || memcmp(s->session->sid_ctx, s->sid_ctx, s->sid_ctx_length)) {
+            /* actually a client application bug */
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                     SSL_F_TLS_PROCESS_SERVER_HELLO,
+                     SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
+            goto err;
+        }
+    } else {
+        /*
+         * If we were trying for session-id reuse but the server
+         * didn't resume, make a new SSL_SESSION.
+         * In the case of EAP-FAST and PAC, we do not send a session ID,
+         * so the PAC-based session secret is always preserved. It'll be
+         * overwritten if the server refuses resumption.
+         */
+        if (s->session->session_id_length > 0
+                || (SSL_IS_TLS13(s)
+                    && s->session->ext.tick_identity
+                       != TLSEXT_PSK_BAD_IDENTITY)) {
+            tsan_counter(&s->session_ctx->stats.sess_miss);
+            if (!ssl_get_new_session(s, 0)) {
+                /* SSLfatal() already called */
+                goto err;
+            }
+        }
+
+        s->session->ssl_version = s->version;
+        /*
+         * In TLSv1.2 and below we save the session id we were sent so we can
+         * resume it later. In TLSv1.3 the session id we were sent is just an
+         * echo of what we originally sent in the ClientHello and should not be
+         * used for resumption.
+         */
+        if (!SSL_IS_TLS13(s)) {
+            s->session->session_id_length = session_id_len;
+            /* session_id_len could be 0 */
+            if (session_id_len > 0)
+                memcpy(s->session->session_id, PACKET_data(&session_id),
+                       session_id_len);
+        }
+    }
+
+    /* Session version and negotiated protocol version should match */
+    if (s->version != s->session->ssl_version) {
+        SSLfatal(s, SSL_AD_PROTOCOL_VERSION, SSL_F_TLS_PROCESS_SERVER_HELLO,
+                 SSL_R_SSL_SESSION_VERSION_MISMATCH);
+        goto err;
+    }
+    /*
+     * Now that we know the version, update the check to see if it's an allowed
+     * version.
+     */
+    s->s3->tmp.min_ver = s->version;
+    s->s3->tmp.max_ver = s->version;
+
+    if (!set_client_ciphersuite(s, cipherchars)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+#ifdef OPENSSL_NO_COMP
+    if (compression != 0) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SERVER_HELLO,
+                 SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
+        goto err;
+    }
+    /*
+     * If compression is disabled we'd better not try to resume a session
+     * using compression.
+     */
+    if (s->session->compress_meth != 0) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PROCESS_SERVER_HELLO,
+                 SSL_R_INCONSISTENT_COMPRESSION);
+        goto err;
+    }
+#else
+    if (s->hit && compression != s->session->compress_meth) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SERVER_HELLO,
+                 SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED);
+        goto err;
+    }
+    if (compression == 0)
+        comp = NULL;
+    else if (!ssl_allow_compression(s)) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SERVER_HELLO,
+                 SSL_R_COMPRESSION_DISABLED);
+        goto err;
+    } else {
+        comp = ssl3_comp_find(s->ctx->comp_methods, compression);
+    }
+
+    if (compression != 0 && comp == NULL) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SERVER_HELLO,
+                 SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
+        goto err;
+    } else {
+        s->s3->tmp.new_compression = comp;
+    }
+#endif
+
+    if (!tls_parse_all_extensions(s, context, extensions, NULL, 0, 1)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+#ifndef OPENSSL_NO_SCTP
+    if (SSL_IS_DTLS(s) && s->hit) {
+        unsigned char sctpauthkey[64];
+        char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
+
+        /*
+         * Add new shared key for SCTP-Auth, will be ignored if
+         * no SCTP used.
+         */
+        memcpy(labelbuffer, DTLS1_SCTP_AUTH_LABEL,
+               sizeof(DTLS1_SCTP_AUTH_LABEL));
+
+        if (SSL_export_keying_material(s, sctpauthkey,
+                                       sizeof(sctpauthkey),
+                                       labelbuffer,
+                                       sizeof(labelbuffer), NULL, 0, 0) <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        BIO_ctrl(SSL_get_wbio(s),
+                 BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
+                 sizeof(sctpauthkey), sctpauthkey);
+    }
+#endif
+
+    /*
+     * In TLSv1.3 we have some post-processing to change cipher state, otherwise
+     * we're done with this message
+     */
+    if (SSL_IS_TLS13(s)
+            && (!s->method->ssl3_enc->setup_key_block(s)
+                || !s->method->ssl3_enc->change_cipher_state(s,
+                    SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_READ))) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    OPENSSL_free(extensions);
+    return MSG_PROCESS_CONTINUE_READING;
+ err:
+    OPENSSL_free(extensions);
+    return MSG_PROCESS_ERROR;
+}
+
+static MSG_PROCESS_RETURN tls_process_as_hello_retry_request(SSL *s,
+                                                             PACKET *extpkt)
+{
+    RAW_EXTENSION *extensions = NULL;
+
+    /*
+     * If we were sending early_data then the enc_write_ctx is now invalid and
+     * should not be used.
+     */
+    EVP_CIPHER_CTX_free(s->enc_write_ctx);
+    s->enc_write_ctx = NULL;
+
+    if (!tls_collect_extensions(s, extpkt, SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST,
+                                &extensions, NULL, 1)
+            || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST,
+                                         extensions, NULL, 0, 1)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    OPENSSL_free(extensions);
+    extensions = NULL;
+
+    if (s->ext.tls13_cookie_len == 0
+#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
+        && s->s3->tmp.pkey != NULL
+#endif
+        ) {
+        /*
+         * We didn't receive a cookie or a new key_share so the next
+         * ClientHello will not change
+         */
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                 SSL_F_TLS_PROCESS_AS_HELLO_RETRY_REQUEST,
+                 SSL_R_NO_CHANGE_FOLLOWING_HRR);
+        goto err;
+    }
+
+    /*
+     * Re-initialise the Transcript Hash. We're going to prepopulate it with
+     * a synthetic message_hash in place of ClientHello1.
+     */
+    if (!create_synthetic_message_hash(s, NULL, 0, NULL, 0)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    /*
+     * Add this message to the Transcript Hash. Normally this is done
+     * automatically prior to the message processing stage. However due to the
+     * need to create the synthetic message hash, we defer that step until now
+     * for HRR messages.
+     */
+    if (!ssl3_finish_mac(s, (unsigned char *)s->init_buf->data,
+                                s->init_num + SSL3_HM_HEADER_LENGTH)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    return MSG_PROCESS_FINISHED_READING;
+ err:
+    OPENSSL_free(extensions);
+    return MSG_PROCESS_ERROR;
+}
+
+MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt)
+{
+    int i;
+    MSG_PROCESS_RETURN ret = MSG_PROCESS_ERROR;
+    unsigned long cert_list_len, cert_len;
+    X509 *x = NULL;
+    const unsigned char *certstart, *certbytes;
+    STACK_OF(X509) *sk = NULL;
+    EVP_PKEY *pkey = NULL;
+    size_t chainidx, certidx;
+    unsigned int context = 0;
+    const SSL_CERT_LOOKUP *clu;
+
+    if ((sk = sk_X509_new_null()) == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,
+                 ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if ((SSL_IS_TLS13(s) && !PACKET_get_1(pkt, &context))
+            || context != 0
+            || !PACKET_get_net_3(pkt, &cert_list_len)
+            || PACKET_remaining(pkt) != cert_list_len
+            || PACKET_remaining(pkt) == 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,
+                 SSL_R_LENGTH_MISMATCH);
+        goto err;
+    }
+    for (chainidx = 0; PACKET_remaining(pkt); chainidx++) {
+        if (!PACKET_get_net_3(pkt, &cert_len)
+            || !PACKET_get_bytes(pkt, &certbytes, cert_len)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,
+                     SSL_R_CERT_LENGTH_MISMATCH);
+            goto err;
+        }
+
+        certstart = certbytes;
+        x = d2i_X509(NULL, (const unsigned char **)&certbytes, cert_len);
+        if (x == NULL) {
+            SSLfatal(s, SSL_AD_BAD_CERTIFICATE,
+                     SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, ERR_R_ASN1_LIB);
+            goto err;
+        }
+        if (certbytes != (certstart + cert_len)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,
+                     SSL_R_CERT_LENGTH_MISMATCH);
+            goto err;
+        }
+
+        if (SSL_IS_TLS13(s)) {
+            RAW_EXTENSION *rawexts = NULL;
+            PACKET extensions;
+
+            if (!PACKET_get_length_prefixed_2(pkt, &extensions)) {
+                SSLfatal(s, SSL_AD_DECODE_ERROR,
+                         SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,
+                         SSL_R_BAD_LENGTH);
+                goto err;
+            }
+            if (!tls_collect_extensions(s, &extensions,
+                                        SSL_EXT_TLS1_3_CERTIFICATE, &rawexts,
+                                        NULL, chainidx == 0)
+                || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_CERTIFICATE,
+                                             rawexts, x, chainidx,
+                                             PACKET_remaining(pkt) == 0)) {
+                OPENSSL_free(rawexts);
+                /* SSLfatal already called */
+                goto err;
+            }
+            OPENSSL_free(rawexts);
+        }
+
+        if (!sk_X509_push(sk, x)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,
+                     ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        x = NULL;
+    }
+
+    i = ssl_verify_cert_chain(s, sk);
+    /*
+     * The documented interface is that SSL_VERIFY_PEER should be set in order
+     * for client side verification of the server certificate to take place.
+     * However, historically the code has only checked that *any* flag is set
+     * to cause server verification to take place. Use of the other flags makes
+     * no sense in client mode. An attempt to clean up the semantics was
+     * reverted because at least one application *only* set
+     * SSL_VERIFY_FAIL_IF_NO_PEER_CERT. Prior to the clean up this still caused
+     * server verification to take place, after the clean up it silently did
+     * nothing. SSL_CTX_set_verify()/SSL_set_verify() cannot validate the flags
+     * sent to them because they are void functions. Therefore, we now use the
+     * (less clean) historic behaviour of performing validation if any flag is
+     * set. The *documented* interface remains the same.
+     */
+    if (s->verify_mode != SSL_VERIFY_NONE && i <= 0) {
+        SSLfatal(s, ssl_x509err2alert(s->verify_result),
+                 SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,
+                 SSL_R_CERTIFICATE_VERIFY_FAILED);
+        goto err;
+    }
+    ERR_clear_error();          /* but we keep s->verify_result */
+    if (i > 1) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                 SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, i);
+        goto err;
+    }
+
+    s->session->peer_chain = sk;
+    /*
+     * Inconsistency alert: cert_chain does include the peer's certificate,
+     * which we don't include in statem_srvr.c
+     */
+    x = sk_X509_value(sk, 0);
+    sk = NULL;
+
+    pkey = X509_get0_pubkey(x);
+
+    if (pkey == NULL || EVP_PKEY_missing_parameters(pkey)) {
+        x = NULL;
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,
+                 SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
+        goto err;
+    }
+
+    if ((clu = ssl_cert_lookup_by_pkey(pkey, &certidx)) == NULL) {
+        x = NULL;
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                 SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,
+                 SSL_R_UNKNOWN_CERTIFICATE_TYPE);
+        goto err;
+    }
+    /*
+     * Check certificate type is consistent with ciphersuite. For TLS 1.3
+     * skip check since TLS 1.3 ciphersuites can be used with any certificate
+     * type.
+     */
+    if (!SSL_IS_TLS13(s)) {
+        if ((clu->amask & s->s3->tmp.new_cipher->algorithm_auth) == 0) {
+            x = NULL;
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                     SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,
+                     SSL_R_WRONG_CERTIFICATE_TYPE);
+            goto err;
+        }
+    }
+    s->session->peer_type = certidx;
+
+    X509_free(s->session->peer);
+    X509_up_ref(x);
+    s->session->peer = x;
+    s->session->verify_result = s->verify_result;
+    x = NULL;
+
+    /* Save the current hash state for when we receive the CertificateVerify */
+    if (SSL_IS_TLS13(s)
+            && !ssl_handshake_hash(s, s->cert_verify_hash,
+                                   sizeof(s->cert_verify_hash),
+                                   &s->cert_verify_hash_len)) {
+        /* SSLfatal() already called */;
+        goto err;
+    }
+
+    ret = MSG_PROCESS_CONTINUE_READING;
+
+ err:
+    X509_free(x);
+    sk_X509_pop_free(sk, X509_free);
+    return ret;
+}
+
+static int tls_process_ske_psk_preamble(SSL *s, PACKET *pkt)
+{
+#ifndef OPENSSL_NO_PSK
+    PACKET psk_identity_hint;
+
+    /* PSK ciphersuites are preceded by an identity hint */
+
+    if (!PACKET_get_length_prefixed_2(pkt, &psk_identity_hint)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+
+    /*
+     * Store PSK identity hint for later use, hint is used in
+     * tls_construct_client_key_exchange.  Assume that the maximum length of
+     * a PSK identity hint can be as long as the maximum length of a PSK
+     * identity.
+     */
+    if (PACKET_remaining(&psk_identity_hint) > PSK_MAX_IDENTITY_LEN) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                 SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE,
+                 SSL_R_DATA_LENGTH_TOO_LONG);
+        return 0;
+    }
+
+    if (PACKET_remaining(&psk_identity_hint) == 0) {
+        OPENSSL_free(s->session->psk_identity_hint);
+        s->session->psk_identity_hint = NULL;
+    } else if (!PACKET_strndup(&psk_identity_hint,
+                               &s->session->psk_identity_hint)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    return 1;
+#else
+    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE,
+             ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+static int tls_process_ske_srp(SSL *s, PACKET *pkt, EVP_PKEY **pkey)
+{
+#ifndef OPENSSL_NO_SRP
+    PACKET prime, generator, salt, server_pub;
+
+    if (!PACKET_get_length_prefixed_2(pkt, &prime)
+        || !PACKET_get_length_prefixed_2(pkt, &generator)
+        || !PACKET_get_length_prefixed_1(pkt, &salt)
+        || !PACKET_get_length_prefixed_2(pkt, &server_pub)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SKE_SRP,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+
+    /* TODO(size_t): Convert BN_bin2bn() calls */
+    if ((s->srp_ctx.N =
+         BN_bin2bn(PACKET_data(&prime),
+                   (int)PACKET_remaining(&prime), NULL)) == NULL
+        || (s->srp_ctx.g =
+            BN_bin2bn(PACKET_data(&generator),
+                      (int)PACKET_remaining(&generator), NULL)) == NULL
+        || (s->srp_ctx.s =
+            BN_bin2bn(PACKET_data(&salt),
+                      (int)PACKET_remaining(&salt), NULL)) == NULL
+        || (s->srp_ctx.B =
+            BN_bin2bn(PACKET_data(&server_pub),
+                      (int)PACKET_remaining(&server_pub), NULL)) == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_SRP,
+                 ERR_R_BN_LIB);
+        return 0;
+    }
+
+    if (!srp_verify_server_param(s)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    /* We must check if there is a certificate */
+    if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aRSA | SSL_aDSS))
+        *pkey = X509_get0_pubkey(s->session->peer);
+
+    return 1;
+#else
+    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_SRP,
+             ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey)
+{
+#ifndef OPENSSL_NO_DH
+    PACKET prime, generator, pub_key;
+    EVP_PKEY *peer_tmp = NULL;
+
+    DH *dh = NULL;
+    BIGNUM *p = NULL, *g = NULL, *bnpub_key = NULL;
+
+    int check_bits = 0;
+
+    if (!PACKET_get_length_prefixed_2(pkt, &prime)
+        || !PACKET_get_length_prefixed_2(pkt, &generator)
+        || !PACKET_get_length_prefixed_2(pkt, &pub_key)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SKE_DHE,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+
+    peer_tmp = EVP_PKEY_new();
+    dh = DH_new();
+
+    if (peer_tmp == NULL || dh == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_DHE,
+                 ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* TODO(size_t): Convert these calls */
+    p = BN_bin2bn(PACKET_data(&prime), (int)PACKET_remaining(&prime), NULL);
+    g = BN_bin2bn(PACKET_data(&generator), (int)PACKET_remaining(&generator),
+                  NULL);
+    bnpub_key = BN_bin2bn(PACKET_data(&pub_key),
+                          (int)PACKET_remaining(&pub_key), NULL);
+    if (p == NULL || g == NULL || bnpub_key == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_DHE,
+                 ERR_R_BN_LIB);
+        goto err;
+    }
+
+    /* test non-zero pubkey */
+    if (BN_is_zero(bnpub_key)) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SKE_DHE,
+                 SSL_R_BAD_DH_VALUE);
+        goto err;
+    }
+
+    if (!DH_set0_pqg(dh, p, NULL, g)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_DHE,
+                 ERR_R_BN_LIB);
+        goto err;
+    }
+    p = g = NULL;
+
+    if (DH_check_params(dh, &check_bits) == 0 || check_bits != 0) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SKE_DHE,
+                 SSL_R_BAD_DH_VALUE);
+        goto err;
+    }
+
+    if (!DH_set0_key(dh, bnpub_key, NULL)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_DHE,
+                 ERR_R_BN_LIB);
+        goto err;
+    }
+    bnpub_key = NULL;
+
+    if (!ssl_security(s, SSL_SECOP_TMP_DH, DH_security_bits(dh), 0, dh)) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PROCESS_SKE_DHE,
+                 SSL_R_DH_KEY_TOO_SMALL);
+        goto err;
+    }
+
+    if (EVP_PKEY_assign_DH(peer_tmp, dh) == 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_DHE,
+                 ERR_R_EVP_LIB);
+        goto err;
+    }
+
+    s->s3->peer_tmp = peer_tmp;
+
+    /*
+     * FIXME: This makes assumptions about which ciphersuites come with
+     * public keys. We should have a less ad-hoc way of doing this
+     */
+    if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aRSA | SSL_aDSS))
+        *pkey = X509_get0_pubkey(s->session->peer);
+    /* else anonymous DH, so no certificate or pkey. */
+
+    return 1;
+
+ err:
+    BN_free(p);
+    BN_free(g);
+    BN_free(bnpub_key);
+    DH_free(dh);
+    EVP_PKEY_free(peer_tmp);
+
+    return 0;
+#else
+    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_DHE,
+             ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey)
+{
+#ifndef OPENSSL_NO_EC
+    PACKET encoded_pt;
+    unsigned int curve_type, curve_id;
+
+    /*
+     * Extract elliptic curve parameters and the server's ephemeral ECDH
+     * public key. We only support named (not generic) curves and
+     * ECParameters in this case is just three bytes.
+     */
+    if (!PACKET_get_1(pkt, &curve_type) || !PACKET_get_net_2(pkt, &curve_id)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SKE_ECDHE,
+                 SSL_R_LENGTH_TOO_SHORT);
+        return 0;
+    }
+    /*
+     * Check curve is named curve type and one of our preferences, if not
+     * server has sent an invalid curve.
+     */
+    if (curve_type != NAMED_CURVE_TYPE
+            || !tls1_check_group_id(s, curve_id, 1)) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SKE_ECDHE,
+                 SSL_R_WRONG_CURVE);
+        return 0;
+    }
+
+    if ((s->s3->peer_tmp = ssl_generate_param_group(curve_id)) == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_ECDHE,
+                 SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
+        return 0;
+    }
+
+    if (!PACKET_get_length_prefixed_1(pkt, &encoded_pt)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SKE_ECDHE,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+
+    if (!EVP_PKEY_set1_tls_encodedpoint(s->s3->peer_tmp,
+                                        PACKET_data(&encoded_pt),
+                                        PACKET_remaining(&encoded_pt))) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SKE_ECDHE,
+                 SSL_R_BAD_ECPOINT);
+        return 0;
+    }
+
+    /*
+     * The ECC/TLS specification does not mention the use of DSA to sign
+     * ECParameters in the server key exchange message. We do support RSA
+     * and ECDSA.
+     */
+    if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aECDSA)
+        *pkey = X509_get0_pubkey(s->session->peer);
+    else if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aRSA)
+        *pkey = X509_get0_pubkey(s->session->peer);
+    /* else anonymous ECDH, so no certificate or pkey. */
+
+    return 1;
+#else
+    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_ECDHE,
+             ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
+{
+    long alg_k;
+    EVP_PKEY *pkey = NULL;
+    EVP_MD_CTX *md_ctx = NULL;
+    EVP_PKEY_CTX *pctx = NULL;
+    PACKET save_param_start, signature;
+
+    alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+
+    save_param_start = *pkt;
+
+#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
+    EVP_PKEY_free(s->s3->peer_tmp);
+    s->s3->peer_tmp = NULL;
+#endif
+
+    if (alg_k & SSL_PSK) {
+        if (!tls_process_ske_psk_preamble(s, pkt)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    }
+
+    /* Nothing else to do for plain PSK or RSAPSK */
+    if (alg_k & (SSL_kPSK | SSL_kRSAPSK)) {
+    } else if (alg_k & SSL_kSRP) {
+        if (!tls_process_ske_srp(s, pkt, &pkey)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    } else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
+        if (!tls_process_ske_dhe(s, pkt, &pkey)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    } else if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) {
+        if (!tls_process_ske_ecdhe(s, pkt, &pkey)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    } else if (alg_k) {
+        SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_TLS_PROCESS_KEY_EXCHANGE,
+                 SSL_R_UNEXPECTED_MESSAGE);
+        goto err;
+    }
+
+    /* if it was signed, check the signature */
+    if (pkey != NULL) {
+        PACKET params;
+        int maxsig;
+        const EVP_MD *md = NULL;
+        unsigned char *tbs;
+        size_t tbslen;
+        int rv;
+
+        /*
+         * |pkt| now points to the beginning of the signature, so the difference
+         * equals the length of the parameters.
+         */
+        if (!PACKET_get_sub_packet(&save_param_start, &params,
+                                   PACKET_remaining(&save_param_start) -
+                                   PACKET_remaining(pkt))) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        if (SSL_USE_SIGALGS(s)) {
+            unsigned int sigalg;
+
+            if (!PACKET_get_net_2(pkt, &sigalg)) {
+                SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,
+                         SSL_R_LENGTH_TOO_SHORT);
+                goto err;
+            }
+            if (tls12_check_peer_sigalg(s, sigalg, pkey) <=0) {
+                /* SSLfatal() already called */
+                goto err;
+            }
+        } else if (!tls1_set_peer_legacy_sigalg(s, pkey)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        if (!tls1_lookup_md(s->s3->tmp.peer_sigalg, &md)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+#ifdef SSL_DEBUG
+        if (SSL_USE_SIGALGS(s))
+            fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
+#endif
+
+        if (!PACKET_get_length_prefixed_2(pkt, &signature)
+            || PACKET_remaining(pkt) != 0) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,
+                     SSL_R_LENGTH_MISMATCH);
+            goto err;
+        }
+        maxsig = EVP_PKEY_size(pkey);
+        if (maxsig < 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        /*
+         * Check signature length
+         */
+        if (PACKET_remaining(&signature) > (size_t)maxsig) {
+            /* wrong packet length */
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,
+                   SSL_R_WRONG_SIGNATURE_LENGTH);
+            goto err;
+        }
+
+        md_ctx = EVP_MD_CTX_new();
+        if (md_ctx == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,
+                     ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        if (EVP_DigestVerifyInit(md_ctx, &pctx, md, NULL, pkey) <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,
+                     ERR_R_EVP_LIB);
+            goto err;
+        }
+        if (SSL_USE_PSS(s)) {
+            if (EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) <= 0
+                || EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx,
+                                                RSA_PSS_SALTLEN_DIGEST) <= 0) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_EVP_LIB);
+                goto err;
+            }
+        }
+        tbslen = construct_key_exchange_tbs(s, &tbs, PACKET_data(&params),
+                                            PACKET_remaining(&params));
+        if (tbslen == 0) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+
+        rv = EVP_DigestVerify(md_ctx, PACKET_data(&signature),
+                              PACKET_remaining(&signature), tbs, tbslen);
+        OPENSSL_free(tbs);
+        if (rv <= 0) {
+            SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,
+                     SSL_R_BAD_SIGNATURE);
+            goto err;
+        }
+        EVP_MD_CTX_free(md_ctx);
+        md_ctx = NULL;
+    } else {
+        /* aNULL, aSRP or PSK do not need public keys */
+        if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
+            && !(alg_k & SSL_PSK)) {
+            /* Might be wrong key type, check it */
+            if (ssl3_check_cert_and_algorithm(s)) {
+                SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,
+                         SSL_R_BAD_DATA);
+            }
+            /* else this shouldn't happen, SSLfatal() already called */
+            goto err;
+        }
+        /* still data left over */
+        if (PACKET_remaining(pkt) != 0) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,
+                     SSL_R_EXTRA_DATA_IN_MESSAGE);
+            goto err;
+        }
+    }
+
+    return MSG_PROCESS_CONTINUE_READING;
+ err:
+    EVP_MD_CTX_free(md_ctx);
+    return MSG_PROCESS_ERROR;
+}
+
+MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt)
+{
+    size_t i;
+
+    /* Clear certificate validity flags */
+    for (i = 0; i < SSL_PKEY_NUM; i++)
+        s->s3->tmp.valid_flags[i] = 0;
+
+    if (SSL_IS_TLS13(s)) {
+        PACKET reqctx, extensions;
+        RAW_EXTENSION *rawexts = NULL;
+
+        if ((s->shutdown & SSL_SENT_SHUTDOWN) != 0) {
+            /*
+             * We already sent close_notify. This can only happen in TLSv1.3
+             * post-handshake messages. We can't reasonably respond to this, so
+             * we just ignore it
+             */
+            return MSG_PROCESS_FINISHED_READING;
+        }
+
+        /* Free and zero certificate types: it is not present in TLS 1.3 */
+        OPENSSL_free(s->s3->tmp.ctype);
+        s->s3->tmp.ctype = NULL;
+        s->s3->tmp.ctype_len = 0;
+        OPENSSL_free(s->pha_context);
+        s->pha_context = NULL;
+
+        if (!PACKET_get_length_prefixed_1(pkt, &reqctx) ||
+            !PACKET_memdup(&reqctx, &s->pha_context, &s->pha_context_len)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST,
+                     SSL_R_LENGTH_MISMATCH);
+            return MSG_PROCESS_ERROR;
+        }
+
+        if (!PACKET_get_length_prefixed_2(pkt, &extensions)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST,
+                     SSL_R_BAD_LENGTH);
+            return MSG_PROCESS_ERROR;
+        }
+        if (!tls_collect_extensions(s, &extensions,
+                                    SSL_EXT_TLS1_3_CERTIFICATE_REQUEST,
+                                    &rawexts, NULL, 1)
+            || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_CERTIFICATE_REQUEST,
+                                         rawexts, NULL, 0, 1)) {
+            /* SSLfatal() already called */
+            OPENSSL_free(rawexts);
+            return MSG_PROCESS_ERROR;
+        }
+        OPENSSL_free(rawexts);
+        if (!tls1_process_sigalgs(s)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST,
+                     SSL_R_BAD_LENGTH);
+            return MSG_PROCESS_ERROR;
+        }
+    } else {
+        PACKET ctypes;
+
+        /* get the certificate types */
+        if (!PACKET_get_length_prefixed_1(pkt, &ctypes)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST,
+                     SSL_R_LENGTH_MISMATCH);
+            return MSG_PROCESS_ERROR;
+        }
+
+        if (!PACKET_memdup(&ctypes, &s->s3->tmp.ctype, &s->s3->tmp.ctype_len)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST,
+                     ERR_R_INTERNAL_ERROR);
+            return MSG_PROCESS_ERROR;
+        }
+
+        if (SSL_USE_SIGALGS(s)) {
+            PACKET sigalgs;
+
+            if (!PACKET_get_length_prefixed_2(pkt, &sigalgs)) {
+                SSLfatal(s, SSL_AD_DECODE_ERROR,
+                         SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST,
+                         SSL_R_LENGTH_MISMATCH);
+                return MSG_PROCESS_ERROR;
+            }
+
+            /*
+             * Despite this being for certificates, preserve compatibility
+             * with pre-TLS 1.3 and use the regular sigalgs field.
+             */
+            if (!tls1_save_sigalgs(s, &sigalgs, 0)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST,
+                         SSL_R_SIGNATURE_ALGORITHMS_ERROR);
+                return MSG_PROCESS_ERROR;
+            }
+            if (!tls1_process_sigalgs(s)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST,
+                         ERR_R_MALLOC_FAILURE);
+                return MSG_PROCESS_ERROR;
+            }
+        }
+
+        /* get the CA RDNs */
+        if (!parse_ca_names(s, pkt)) {
+            /* SSLfatal() already called */
+            return MSG_PROCESS_ERROR;
+        }
+    }
+
+    if (PACKET_remaining(pkt) != 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST,
+                 SSL_R_LENGTH_MISMATCH);
+        return MSG_PROCESS_ERROR;
+    }
+
+    /* we should setup a certificate to return.... */
+    s->s3->tmp.cert_req = 1;
+
+    return MSG_PROCESS_CONTINUE_PROCESSING;
+}
+
+MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt)
+{
+    unsigned int ticklen;
+    unsigned long ticket_lifetime_hint, age_add = 0;
+    unsigned int sess_len;
+    RAW_EXTENSION *exts = NULL;
+    PACKET nonce;
+
+    PACKET_null_init(&nonce);
+
+    if (!PACKET_get_net_4(pkt, &ticket_lifetime_hint)
+        || (SSL_IS_TLS13(s)
+            && (!PACKET_get_net_4(pkt, &age_add)
+                || !PACKET_get_length_prefixed_1(pkt, &nonce)))
+        || !PACKET_get_net_2(pkt, &ticklen)
+        || (SSL_IS_TLS13(s) ? (ticklen == 0 || PACKET_remaining(pkt) < ticklen)
+                            : PACKET_remaining(pkt) != ticklen)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_NEW_SESSION_TICKET,
+                 SSL_R_LENGTH_MISMATCH);
+        goto err;
+    }
+
+    /*
+     * Server is allowed to change its mind (in <=TLSv1.2) and send an empty
+     * ticket. We already checked this TLSv1.3 case above, so it should never
+     * be 0 here in that instance
+     */
+    if (ticklen == 0)
+        return MSG_PROCESS_CONTINUE_READING;
+
+    /*
+     * Sessions must be immutable once they go into the session cache. Otherwise
+     * we can get multi-thread problems. Therefore we don't "update" sessions,
+     * we replace them with a duplicate. In TLSv1.3 we need to do this every
+     * time a NewSessionTicket arrives because those messages arrive
+     * post-handshake and the session may have already gone into the session
+     * cache.
+     */
+    if (SSL_IS_TLS13(s) || s->session->session_id_length > 0) {
+        SSL_SESSION *new_sess;
+
+        /*
+         * We reused an existing session, so we need to replace it with a new
+         * one
+         */
+        if ((new_sess = ssl_session_dup(s->session, 0)) == 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_PROCESS_NEW_SESSION_TICKET,
+                     ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        if ((s->session_ctx->session_cache_mode & SSL_SESS_CACHE_CLIENT) != 0
+                && !SSL_IS_TLS13(s)) {
+            /*
+             * In TLSv1.2 and below the arrival of a new tickets signals that
+             * any old ticket we were using is now out of date, so we remove the
+             * old session from the cache. We carry on if this fails
+             */
+            SSL_CTX_remove_session(s->session_ctx, s->session);
+        }
+
+        SSL_SESSION_free(s->session);
+        s->session = new_sess;
+    }
+
+    /*
+     * Technically the cast to long here is not guaranteed by the C standard -
+     * but we use it elsewhere, so this should be ok.
+     */
+    s->session->time = (long)time(NULL);
+
+    OPENSSL_free(s->session->ext.tick);
+    s->session->ext.tick = NULL;
+    s->session->ext.ticklen = 0;
+
+    s->session->ext.tick = OPENSSL_malloc(ticklen);
+    if (s->session->ext.tick == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_NEW_SESSION_TICKET,
+                 ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (!PACKET_copy_bytes(pkt, s->session->ext.tick, ticklen)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_NEW_SESSION_TICKET,
+                 SSL_R_LENGTH_MISMATCH);
+        goto err;
+    }
+
+    s->session->ext.tick_lifetime_hint = ticket_lifetime_hint;
+    s->session->ext.tick_age_add = age_add;
+    s->session->ext.ticklen = ticklen;
+
+    if (SSL_IS_TLS13(s)) {
+        PACKET extpkt;
+
+        if (!PACKET_as_length_prefixed_2(pkt, &extpkt)
+                || PACKET_remaining(pkt) != 0) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PROCESS_NEW_SESSION_TICKET,
+                     SSL_R_LENGTH_MISMATCH);
+            goto err;
+        }
+
+        if (!tls_collect_extensions(s, &extpkt,
+                                    SSL_EXT_TLS1_3_NEW_SESSION_TICKET, &exts,
+                                    NULL, 1)
+                || !tls_parse_all_extensions(s,
+                                             SSL_EXT_TLS1_3_NEW_SESSION_TICKET,
+                                             exts, NULL, 0, 1)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    }
+
+    /*
+     * There are two ways to detect a resumed ticket session. One is to set
+     * an appropriate session ID and then the server must return a match in
+     * ServerHello. This allows the normal client session ID matching to work
+     * and we know much earlier that the ticket has been accepted. The
+     * other way is to set zero length session ID when the ticket is
+     * presented and rely on the handshake to determine session resumption.
+     * We choose the former approach because this fits in with assumptions
+     * elsewhere in OpenSSL. The session ID is set to the SHA256 (or SHA1 is
+     * SHA256 is disabled) hash of the ticket.
+     */
+    /*
+     * TODO(size_t): we use sess_len here because EVP_Digest expects an int
+     * but s->session->session_id_length is a size_t
+     */
+    if (!EVP_Digest(s->session->ext.tick, ticklen,
+                    s->session->session_id, &sess_len,
+                    EVP_sha256(), NULL)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_NEW_SESSION_TICKET,
+                 ERR_R_EVP_LIB);
+        goto err;
+    }
+    s->session->session_id_length = sess_len;
+    s->session->not_resumable = 0;
+
+    /* This is a standalone message in TLSv1.3, so there is no more to read */
+    if (SSL_IS_TLS13(s)) {
+        const EVP_MD *md = ssl_handshake_md(s);
+        int hashleni = EVP_MD_size(md);
+        size_t hashlen;
+        static const unsigned char nonce_label[] = "resumption";
+
+        /* Ensure cast to size_t is safe */
+        if (!ossl_assert(hashleni >= 0)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_PROCESS_NEW_SESSION_TICKET,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        hashlen = (size_t)hashleni;
+
+        if (!tls13_hkdf_expand(s, md, s->resumption_master_secret,
+                               nonce_label,
+                               sizeof(nonce_label) - 1,
+                               PACKET_data(&nonce),
+                               PACKET_remaining(&nonce),
+                               s->session->master_key,
+                               hashlen)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+        s->session->master_key_length = hashlen;
+
+        OPENSSL_free(exts);
+        ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
+        return MSG_PROCESS_FINISHED_READING;
+    }
+
+    return MSG_PROCESS_CONTINUE_READING;
+ err:
+    OPENSSL_free(exts);
+    return MSG_PROCESS_ERROR;
+}
+
+/*
+ * In TLSv1.3 this is called from the extensions code, otherwise it is used to
+ * parse a separate message. Returns 1 on success or 0 on failure
+ */
+int tls_process_cert_status_body(SSL *s, PACKET *pkt)
+{
+    size_t resplen;
+    unsigned int type;
+
+    if (!PACKET_get_1(pkt, &type)
+        || type != TLSEXT_STATUSTYPE_ocsp) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CERT_STATUS_BODY,
+                 SSL_R_UNSUPPORTED_STATUS_TYPE);
+        return 0;
+    }
+    if (!PACKET_get_net_3_len(pkt, &resplen)
+        || PACKET_remaining(pkt) != resplen) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CERT_STATUS_BODY,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+    s->ext.ocsp.resp = OPENSSL_malloc(resplen);
+    if (s->ext.ocsp.resp == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_STATUS_BODY,
+                 ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    if (!PACKET_copy_bytes(pkt, s->ext.ocsp.resp, resplen)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CERT_STATUS_BODY,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+    s->ext.ocsp.resp_len = resplen;
+
+    return 1;
+}
+
+
+MSG_PROCESS_RETURN tls_process_cert_status(SSL *s, PACKET *pkt)
+{
+    if (!tls_process_cert_status_body(s, pkt)) {
+        /* SSLfatal() already called */
+        return MSG_PROCESS_ERROR;
+    }
+
+    return MSG_PROCESS_CONTINUE_READING;
+}
+
+/*
+ * Perform miscellaneous checks and processing after we have received the
+ * server's initial flight. In TLS1.3 this is after the Server Finished message.
+ * In <=TLS1.2 this is after the ServerDone message. Returns 1 on success or 0
+ * on failure.
+ */
+int tls_process_initial_server_flight(SSL *s)
+{
+    /*
+     * at this point we check that we have the required stuff from
+     * the server
+     */
+    if (!ssl3_check_cert_and_algorithm(s)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    /*
+     * Call the ocsp status callback if needed. The |ext.ocsp.resp| and
+     * |ext.ocsp.resp_len| values will be set if we actually received a status
+     * message, or NULL and -1 otherwise
+     */
+    if (s->ext.status_type != TLSEXT_STATUSTYPE_nothing
+            && s->ctx->ext.status_cb != NULL) {
+        int ret = s->ctx->ext.status_cb(s, s->ctx->ext.status_arg);
+
+        if (ret == 0) {
+            SSLfatal(s, SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE,
+                     SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT,
+                     SSL_R_INVALID_STATUS_RESPONSE);
+            return 0;
+        }
+        if (ret < 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT,
+                     ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+    }
+#ifndef OPENSSL_NO_CT
+    if (s->ct_validation_callback != NULL) {
+        /* Note we validate the SCTs whether or not we abort on error */
+        if (!ssl_validate_ct(s) && (s->verify_mode & SSL_VERIFY_PEER)) {
+            /* SSLfatal() already called */
+            return 0;
+        }
+    }
+#endif
+
+    return 1;
+}
+
+MSG_PROCESS_RETURN tls_process_server_done(SSL *s, PACKET *pkt)
+{
+    if (PACKET_remaining(pkt) > 0) {
+        /* should contain no data */
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_DONE,
+                 SSL_R_LENGTH_MISMATCH);
+        return MSG_PROCESS_ERROR;
+    }
+#ifndef OPENSSL_NO_SRP
+    if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) {
+        if (SRP_Calc_A_param(s) <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SERVER_DONE,
+                     SSL_R_SRP_A_CALC);
+            return MSG_PROCESS_ERROR;
+        }
+    }
+#endif
+
+    if (!tls_process_initial_server_flight(s)) {
+        /* SSLfatal() already called */
+        return MSG_PROCESS_ERROR;
+    }
+
+    return MSG_PROCESS_FINISHED_READING;
+}
+
+static int tls_construct_cke_psk_preamble(SSL *s, WPACKET *pkt)
+{
+#ifndef OPENSSL_NO_PSK
+    int ret = 0;
+    /*
+     * The callback needs PSK_MAX_IDENTITY_LEN + 1 bytes to return a
+     * \0-terminated identity. The last byte is for us for simulating
+     * strnlen.
+     */
+    char identity[PSK_MAX_IDENTITY_LEN + 1];
+    size_t identitylen = 0;
+    unsigned char psk[PSK_MAX_PSK_LEN];
+    unsigned char *tmppsk = NULL;
+    char *tmpidentity = NULL;
+    size_t psklen = 0;
+
+    if (s->psk_client_callback == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE,
+                 SSL_R_PSK_NO_CLIENT_CB);
+        goto err;
+    }
+
+    memset(identity, 0, sizeof(identity));
+
+    psklen = s->psk_client_callback(s, s->session->psk_identity_hint,
+                                    identity, sizeof(identity) - 1,
+                                    psk, sizeof(psk));
+
+    if (psklen > PSK_MAX_PSK_LEN) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                 SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, ERR_R_INTERNAL_ERROR);
+        goto err;
+    } else if (psklen == 0) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                 SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE,
+                 SSL_R_PSK_IDENTITY_NOT_FOUND);
+        goto err;
+    }
+
+    identitylen = strlen(identity);
+    if (identitylen > PSK_MAX_IDENTITY_LEN) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    tmppsk = OPENSSL_memdup(psk, psklen);
+    tmpidentity = OPENSSL_strdup(identity);
+    if (tmppsk == NULL || tmpidentity == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE,
+                 ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    OPENSSL_free(s->s3->tmp.psk);
+    s->s3->tmp.psk = tmppsk;
+    s->s3->tmp.psklen = psklen;
+    tmppsk = NULL;
+    OPENSSL_free(s->session->psk_identity);
+    s->session->psk_identity = tmpidentity;
+    tmpidentity = NULL;
+
+    if (!WPACKET_sub_memcpy_u16(pkt, identity, identitylen))  {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    ret = 1;
+
+ err:
+    OPENSSL_cleanse(psk, psklen);
+    OPENSSL_cleanse(identity, sizeof(identity));
+    OPENSSL_clear_free(tmppsk, psklen);
+    OPENSSL_clear_free(tmpidentity, identitylen);
+
+    return ret;
+#else
+    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE,
+             ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+static int tls_construct_cke_rsa(SSL *s, WPACKET *pkt)
+{
+#ifndef OPENSSL_NO_RSA
+    unsigned char *encdata = NULL;
+    EVP_PKEY *pkey = NULL;
+    EVP_PKEY_CTX *pctx = NULL;
+    size_t enclen;
+    unsigned char *pms = NULL;
+    size_t pmslen = 0;
+
+    if (s->session->peer == NULL) {
+        /*
+         * We should always have a server certificate with SSL_kRSA.
+         */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    pkey = X509_get0_pubkey(s->session->peer);
+    if (EVP_PKEY_get0_RSA(pkey) == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    pmslen = SSL_MAX_MASTER_KEY_LENGTH;
+    pms = OPENSSL_malloc(pmslen);
+    if (pms == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA,
+                 ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    pms[0] = s->client_version >> 8;
+    pms[1] = s->client_version & 0xff;
+    /* TODO(size_t): Convert this function */
+    if (RAND_bytes(pms + 2, (int)(pmslen - 2)) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA,
+                 ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* Fix buf for TLS and beyond */
+    if (s->version > SSL3_VERSION && !WPACKET_start_sub_packet_u16(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    pctx = EVP_PKEY_CTX_new(pkey, NULL);
+    if (pctx == NULL || EVP_PKEY_encrypt_init(pctx) <= 0
+        || EVP_PKEY_encrypt(pctx, NULL, &enclen, pms, pmslen) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA,
+                 ERR_R_EVP_LIB);
+        goto err;
+    }
+    if (!WPACKET_allocate_bytes(pkt, enclen, &encdata)
+            || EVP_PKEY_encrypt(pctx, encdata, &enclen, pms, pmslen) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA,
+                 SSL_R_BAD_RSA_ENCRYPT);
+        goto err;
+    }
+    EVP_PKEY_CTX_free(pctx);
+    pctx = NULL;
+
+    /* Fix buf for TLS and beyond */
+    if (s->version > SSL3_VERSION && !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    /* Log the premaster secret, if logging is enabled. */
+    if (!ssl_log_rsa_client_key_exchange(s, encdata, enclen, pms, pmslen)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    s->s3->tmp.pms = pms;
+    s->s3->tmp.pmslen = pmslen;
+
+    return 1;
+ err:
+    OPENSSL_clear_free(pms, pmslen);
+    EVP_PKEY_CTX_free(pctx);
+
+    return 0;
+#else
+    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA,
+             ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+static int tls_construct_cke_dhe(SSL *s, WPACKET *pkt)
+{
+#ifndef OPENSSL_NO_DH
+    DH *dh_clnt = NULL;
+    const BIGNUM *pub_key;
+    EVP_PKEY *ckey = NULL, *skey = NULL;
+    unsigned char *keybytes = NULL;
+
+    skey = s->s3->peer_tmp;
+    if (skey == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_DHE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    ckey = ssl_generate_pkey(skey);
+    if (ckey == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_DHE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    dh_clnt = EVP_PKEY_get0_DH(ckey);
+
+    if (dh_clnt == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_DHE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    if (ssl_derive(s, ckey, skey, 0) == 0) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    /* send off the data */
+    DH_get0_key(dh_clnt, &pub_key, NULL);
+    if (!WPACKET_sub_allocate_bytes_u16(pkt, BN_num_bytes(pub_key),
+                                        &keybytes)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_DHE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    BN_bn2bin(pub_key, keybytes);
+    EVP_PKEY_free(ckey);
+
+    return 1;
+ err:
+    EVP_PKEY_free(ckey);
+    return 0;
+#else
+    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_DHE,
+             ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+static int tls_construct_cke_ecdhe(SSL *s, WPACKET *pkt)
+{
+#ifndef OPENSSL_NO_EC
+    unsigned char *encodedPoint = NULL;
+    size_t encoded_pt_len = 0;
+    EVP_PKEY *ckey = NULL, *skey = NULL;
+    int ret = 0;
+
+    skey = s->s3->peer_tmp;
+    if (skey == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_ECDHE,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    ckey = ssl_generate_pkey(skey);
+    if (ckey == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_ECDHE,
+                 ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (ssl_derive(s, ckey, skey, 0) == 0) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    /* Generate encoding of client key */
+    encoded_pt_len = EVP_PKEY_get1_tls_encodedpoint(ckey, &encodedPoint);
+
+    if (encoded_pt_len == 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_ECDHE,
+                 ERR_R_EC_LIB);
+        goto err;
+    }
+
+    if (!WPACKET_sub_memcpy_u8(pkt, encodedPoint, encoded_pt_len)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_ECDHE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    ret = 1;
+ err:
+    OPENSSL_free(encodedPoint);
+    EVP_PKEY_free(ckey);
+    return ret;
+#else
+    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_ECDHE,
+             ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+static int tls_construct_cke_gost(SSL *s, WPACKET *pkt)
+{
+#ifndef OPENSSL_NO_GOST
+    /* GOST key exchange message creation */
+    EVP_PKEY_CTX *pkey_ctx = NULL;
+    X509 *peer_cert;
+    size_t msglen;
+    unsigned int md_len;
+    unsigned char shared_ukm[32], tmp[256];
+    EVP_MD_CTX *ukm_hash = NULL;
+    int dgst_nid = NID_id_GostR3411_94;
+    unsigned char *pms = NULL;
+    size_t pmslen = 0;
+
+    if ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aGOST12) != 0)
+        dgst_nid = NID_id_GostR3411_2012_256;
+
+    /*
+     * Get server certificate PKEY and create ctx from it
+     */
+    peer_cert = s->session->peer;
+    if (!peer_cert) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_CONSTRUCT_CKE_GOST,
+               SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
+        return 0;
+    }
+
+    pkey_ctx = EVP_PKEY_CTX_new(X509_get0_pubkey(peer_cert), NULL);
+    if (pkey_ctx == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST,
+                 ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    /*
+     * If we have send a certificate, and certificate key
+     * parameters match those of server certificate, use
+     * certificate key for key exchange
+     */
+
+    /* Otherwise, generate ephemeral key pair */
+    pmslen = 32;
+    pms = OPENSSL_malloc(pmslen);
+    if (pms == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST,
+                 ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (EVP_PKEY_encrypt_init(pkey_ctx) <= 0
+        /* Generate session key
+         * TODO(size_t): Convert this function
+         */
+        || RAND_bytes(pms, (int)pmslen) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    };
+    /*
+     * Compute shared IV and store it in algorithm-specific context
+     * data
+     */
+    ukm_hash = EVP_MD_CTX_new();
+    if (ukm_hash == NULL
+        || EVP_DigestInit(ukm_hash, EVP_get_digestbynid(dgst_nid)) <= 0
+        || EVP_DigestUpdate(ukm_hash, s->s3->client_random,
+                            SSL3_RANDOM_SIZE) <= 0
+        || EVP_DigestUpdate(ukm_hash, s->s3->server_random,
+                            SSL3_RANDOM_SIZE) <= 0
+        || EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    EVP_MD_CTX_free(ukm_hash);
+    ukm_hash = NULL;
+    if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT,
+                          EVP_PKEY_CTRL_SET_IV, 8, shared_ukm) < 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST,
+                 SSL_R_LIBRARY_BUG);
+        goto err;
+    }
+    /* Make GOST keytransport blob message */
+    /*
+     * Encapsulate it into sequence
+     */
+    msglen = 255;
+    if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, pms, pmslen) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST,
+                 SSL_R_LIBRARY_BUG);
+        goto err;
+    }
+
+    if (!WPACKET_put_bytes_u8(pkt, V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED)
+            || (msglen >= 0x80 && !WPACKET_put_bytes_u8(pkt, 0x81))
+            || !WPACKET_sub_memcpy_u8(pkt, tmp, msglen)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    EVP_PKEY_CTX_free(pkey_ctx);
+    s->s3->tmp.pms = pms;
+    s->s3->tmp.pmslen = pmslen;
+
+    return 1;
+ err:
+    EVP_PKEY_CTX_free(pkey_ctx);
+    OPENSSL_clear_free(pms, pmslen);
+    EVP_MD_CTX_free(ukm_hash);
+    return 0;
+#else
+    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST,
+             ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+static int tls_construct_cke_srp(SSL *s, WPACKET *pkt)
+{
+#ifndef OPENSSL_NO_SRP
+    unsigned char *abytes = NULL;
+
+    if (s->srp_ctx.A == NULL
+            || !WPACKET_sub_allocate_bytes_u16(pkt, BN_num_bytes(s->srp_ctx.A),
+                                               &abytes)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_SRP,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    BN_bn2bin(s->srp_ctx.A, abytes);
+
+    OPENSSL_free(s->session->srp_username);
+    s->session->srp_username = OPENSSL_strdup(s->srp_ctx.login);
+    if (s->session->srp_username == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_SRP,
+                 ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    return 1;
+#else
+    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_SRP,
+             ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+int tls_construct_client_key_exchange(SSL *s, WPACKET *pkt)
+{
+    unsigned long alg_k;
+
+    alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+
+    /*
+     * All of the construct functions below call SSLfatal() if necessary so
+     * no need to do so here.
+     */
+    if ((alg_k & SSL_PSK)
+        && !tls_construct_cke_psk_preamble(s, pkt))
+        goto err;
+
+    if (alg_k & (SSL_kRSA | SSL_kRSAPSK)) {
+        if (!tls_construct_cke_rsa(s, pkt))
+            goto err;
+    } else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
+        if (!tls_construct_cke_dhe(s, pkt))
+            goto err;
+    } else if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) {
+        if (!tls_construct_cke_ecdhe(s, pkt))
+            goto err;
+    } else if (alg_k & SSL_kGOST) {
+        if (!tls_construct_cke_gost(s, pkt))
+            goto err;
+    } else if (alg_k & SSL_kSRP) {
+        if (!tls_construct_cke_srp(s, pkt))
+            goto err;
+    } else if (!(alg_k & SSL_kPSK)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    return 1;
+ err:
+    OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
+    s->s3->tmp.pms = NULL;
+#ifndef OPENSSL_NO_PSK
+    OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen);
+    s->s3->tmp.psk = NULL;
+#endif
+    return 0;
+}
+
+int tls_client_key_exchange_post_work(SSL *s)
+{
+    unsigned char *pms = NULL;
+    size_t pmslen = 0;
+
+    pms = s->s3->tmp.pms;
+    pmslen = s->s3->tmp.pmslen;
+
+#ifndef OPENSSL_NO_SRP
+    /* Check for SRP */
+    if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) {
+        if (!srp_generate_client_master_secret(s)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+        return 1;
+    }
+#endif
+
+    if (pms == NULL && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (!ssl_generate_master_secret(s, pms, pmslen, 1)) {
+        /* SSLfatal() already called */
+        /* ssl_generate_master_secret frees the pms even on error */
+        pms = NULL;
+        pmslen = 0;
+        goto err;
+    }
+    pms = NULL;
+    pmslen = 0;
+
+#ifndef OPENSSL_NO_SCTP
+    if (SSL_IS_DTLS(s)) {
+        unsigned char sctpauthkey[64];
+        char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
+
+        /*
+         * Add new shared key for SCTP-Auth, will be ignored if no SCTP
+         * used.
+         */
+        memcpy(labelbuffer, DTLS1_SCTP_AUTH_LABEL,
+               sizeof(DTLS1_SCTP_AUTH_LABEL));
+
+        if (SSL_export_keying_material(s, sctpauthkey,
+                                       sizeof(sctpauthkey), labelbuffer,
+                                       sizeof(labelbuffer), NULL, 0, 0) <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
+                 sizeof(sctpauthkey), sctpauthkey);
+    }
+#endif
+
+    return 1;
+ err:
+    OPENSSL_clear_free(pms, pmslen);
+    s->s3->tmp.pms = NULL;
+    return 0;
+}
+
+/*
+ * Check a certificate can be used for client authentication. Currently check
+ * cert exists, if we have a suitable digest for TLS 1.2 if static DH client
+ * certificates can be used and optionally checks suitability for Suite B.
+ */
+static int ssl3_check_client_certificate(SSL *s)
+{
+    /* If no suitable signature algorithm can't use certificate */
+    if (!tls_choose_sigalg(s, 0) || s->s3->tmp.sigalg == NULL)
+        return 0;
+    /*
+     * If strict mode check suitability of chain before using it. This also
+     * adjusts suite B digest if necessary.
+     */
+    if (s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT &&
+        !tls1_check_chain(s, NULL, NULL, NULL, -2))
+        return 0;
+    return 1;
+}
+
+WORK_STATE tls_prepare_client_certificate(SSL *s, WORK_STATE wst)
+{
+    X509 *x509 = NULL;
+    EVP_PKEY *pkey = NULL;
+    int i;
+
+    if (wst == WORK_MORE_A) {
+        /* Let cert callback update client certificates if required */
+        if (s->cert->cert_cb) {
+            i = s->cert->cert_cb(s, s->cert->cert_cb_arg);
+            if (i < 0) {
+                s->rwstate = SSL_X509_LOOKUP;
+                return WORK_MORE_A;
+            }
+            if (i == 0) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE,
+                         SSL_R_CALLBACK_FAILED);
+                return WORK_ERROR;
+            }
+            s->rwstate = SSL_NOTHING;
+        }
+        if (ssl3_check_client_certificate(s)) {
+            if (s->post_handshake_auth == SSL_PHA_REQUESTED) {
+                return WORK_FINISHED_STOP;
+            }
+            return WORK_FINISHED_CONTINUE;
+        }
+
+        /* Fall through to WORK_MORE_B */
+        wst = WORK_MORE_B;
+    }
+
+    /* We need to get a client cert */
+    if (wst == WORK_MORE_B) {
+        /*
+         * If we get an error, we need to ssl->rwstate=SSL_X509_LOOKUP;
+         * return(-1); We then get retied later
+         */
+        i = ssl_do_client_cert_cb(s, &x509, &pkey);
+        if (i < 0) {
+            s->rwstate = SSL_X509_LOOKUP;
+            return WORK_MORE_B;
+        }
+        s->rwstate = SSL_NOTHING;
+        if ((i == 1) && (pkey != NULL) && (x509 != NULL)) {
+            if (!SSL_use_certificate(s, x509) || !SSL_use_PrivateKey(s, pkey))
+                i = 0;
+        } else if (i == 1) {
+            i = 0;
+            SSLerr(SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE,
+                   SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
+        }
+
+        X509_free(x509);
+        EVP_PKEY_free(pkey);
+        if (i && !ssl3_check_client_certificate(s))
+            i = 0;
+        if (i == 0) {
+            if (s->version == SSL3_VERSION) {
+                s->s3->tmp.cert_req = 0;
+                ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_CERTIFICATE);
+                return WORK_FINISHED_CONTINUE;
+            } else {
+                s->s3->tmp.cert_req = 2;
+                if (!ssl3_digest_cached_records(s, 0)) {
+                    /* SSLfatal() already called */
+                    return WORK_ERROR;
+                }
+            }
+        }
+
+        if (s->post_handshake_auth == SSL_PHA_REQUESTED)
+            return WORK_FINISHED_STOP;
+        return WORK_FINISHED_CONTINUE;
+    }
+
+    /* Shouldn't ever get here */
+    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE,
+             ERR_R_INTERNAL_ERROR);
+    return WORK_ERROR;
+}
+
+int tls_construct_client_certificate(SSL *s, WPACKET *pkt)
+{
+    if (SSL_IS_TLS13(s)) {
+        if (s->pha_context == NULL) {
+            /* no context available, add 0-length context */
+            if (!WPACKET_put_bytes_u8(pkt, 0)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE, ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+        } else if (!WPACKET_sub_memcpy_u8(pkt, s->pha_context, s->pha_context_len)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE, ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+    }
+    if (!ssl3_output_cert_chain(s, pkt,
+                                (s->s3->tmp.cert_req == 2) ? NULL
+                                                           : s->cert->key)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    if (SSL_IS_TLS13(s)
+            && SSL_IS_FIRST_HANDSHAKE(s)
+            && (!s->method->ssl3_enc->change_cipher_state(s,
+                    SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_WRITE))) {
+        /*
+         * This is a fatal error, which leaves enc_write_ctx in an inconsistent
+         * state and thus ssl3_send_alert may crash.
+         */
+        SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE,
+                 SSL_R_CANNOT_CHANGE_CIPHER);
+        return 0;
+    }
+
+    return 1;
+}
+
+int ssl3_check_cert_and_algorithm(SSL *s)
+{
+    const SSL_CERT_LOOKUP *clu;
+    size_t idx;
+    long alg_k, alg_a;
+
+    alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+    alg_a = s->s3->tmp.new_cipher->algorithm_auth;
+
+    /* we don't have a certificate */
+    if (!(alg_a & SSL_aCERT))
+        return 1;
+
+    /* This is the passed certificate */
+    clu = ssl_cert_lookup_by_pkey(X509_get0_pubkey(s->session->peer), &idx);
+
+    /* Check certificate is recognised and suitable for cipher */
+    if (clu == NULL || (alg_a & clu->amask) == 0) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                 SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
+                 SSL_R_MISSING_SIGNING_CERT);
+        return 0;
+    }
+
+#ifndef OPENSSL_NO_EC
+    if (clu->amask & SSL_aECDSA) {
+        if (ssl_check_srvr_ecc_cert_and_alg(s->session->peer, s))
+            return 1;
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                 SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_BAD_ECC_CERT);
+        return 0;
+    }
+#endif
+#ifndef OPENSSL_NO_RSA
+    if (alg_k & (SSL_kRSA | SSL_kRSAPSK) && idx != SSL_PKEY_RSA) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                 SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
+                 SSL_R_MISSING_RSA_ENCRYPTING_CERT);
+        return 0;
+    }
+#endif
+#ifndef OPENSSL_NO_DH
+    if ((alg_k & SSL_kDHE) && (s->s3->peer_tmp == NULL)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+#endif
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+int tls_construct_next_proto(SSL *s, WPACKET *pkt)
+{
+    size_t len, padding_len;
+    unsigned char *padding = NULL;
+
+    len = s->ext.npn_len;
+    padding_len = 32 - ((len + 2) % 32);
+
+    if (!WPACKET_sub_memcpy_u8(pkt, s->ext.npn, len)
+            || !WPACKET_sub_allocate_bytes_u8(pkt, padding_len, &padding)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_NEXT_PROTO,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    memset(padding, 0, padding_len);
+
+    return 1;
+}
+#endif
+
+MSG_PROCESS_RETURN tls_process_hello_req(SSL *s, PACKET *pkt)
+{
+    if (PACKET_remaining(pkt) > 0) {
+        /* should contain no data */
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_HELLO_REQ,
+                 SSL_R_LENGTH_MISMATCH);
+        return MSG_PROCESS_ERROR;
+    }
+
+    if ((s->options & SSL_OP_NO_RENEGOTIATION)) {
+        ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
+        return MSG_PROCESS_FINISHED_READING;
+    }
+
+    /*
+     * This is a historical discrepancy (not in the RFC) maintained for
+     * compatibility reasons. If a TLS client receives a HelloRequest it will
+     * attempt an abbreviated handshake. However if a DTLS client receives a
+     * HelloRequest it will do a full handshake. Either behaviour is reasonable
+     * but doing one for TLS and another for DTLS is odd.
+     */
+    if (SSL_IS_DTLS(s))
+        SSL_renegotiate(s);
+    else
+        SSL_renegotiate_abbreviated(s);
+
+    return MSG_PROCESS_FINISHED_READING;
+}
+
+static MSG_PROCESS_RETURN tls_process_encrypted_extensions(SSL *s, PACKET *pkt)
+{
+    PACKET extensions;
+    RAW_EXTENSION *rawexts = NULL;
+
+    if (!PACKET_as_length_prefixed_2(pkt, &extensions)
+            || PACKET_remaining(pkt) != 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_ENCRYPTED_EXTENSIONS,
+                 SSL_R_LENGTH_MISMATCH);
+        goto err;
+    }
+
+    if (!tls_collect_extensions(s, &extensions,
+                                SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, &rawexts,
+                                NULL, 1)
+            || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS,
+                                         rawexts, NULL, 0, 1)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    OPENSSL_free(rawexts);
+    return MSG_PROCESS_CONTINUE_READING;
+
+ err:
+    OPENSSL_free(rawexts);
+    return MSG_PROCESS_ERROR;
+}
+
+int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
+{
+    int i = 0;
+#ifndef OPENSSL_NO_ENGINE
+    if (s->ctx->client_cert_engine) {
+        i = ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s,
+                                        SSL_get_client_CA_list(s),
+                                        px509, ppkey, NULL, NULL, NULL);
+        if (i != 0)
+            return i;
+    }
+#endif
+    if (s->ctx->client_cert_cb)
+        i = s->ctx->client_cert_cb(s, px509, ppkey);
+    return i;
+}
+
+int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, WPACKET *pkt)
+{
+    int i;
+    size_t totlen = 0, len, maxlen, maxverok = 0;
+    int empty_reneg_info_scsv = !s->renegotiate;
+
+    /* Set disabled masks for this session */
+    if (!ssl_set_client_disabled(s)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CIPHER_LIST_TO_BYTES,
+                 SSL_R_NO_PROTOCOLS_AVAILABLE);
+        return 0;
+    }
+
+    if (sk == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CIPHER_LIST_TO_BYTES,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH
+# if OPENSSL_MAX_TLS1_2_CIPHER_LENGTH < 6
+#  error Max cipher length too short
+# endif
+    /*
+     * Some servers hang if client hello > 256 bytes as hack workaround
+     * chop number of supported ciphers to keep it well below this if we
+     * use TLS v1.2
+     */
+    if (TLS1_get_version(s) >= TLS1_2_VERSION)
+        maxlen = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1;
+    else
+#endif
+        /* Maximum length that can be stored in 2 bytes. Length must be even */
+        maxlen = 0xfffe;
+
+    if (empty_reneg_info_scsv)
+        maxlen -= 2;
+    if (s->mode & SSL_MODE_SEND_FALLBACK_SCSV)
+        maxlen -= 2;
+
+    for (i = 0; i < sk_SSL_CIPHER_num(sk) && totlen < maxlen; i++) {
+        const SSL_CIPHER *c;
+
+        c = sk_SSL_CIPHER_value(sk, i);
+        /* Skip disabled ciphers */
+        if (ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_SUPPORTED, 0))
+            continue;
+
+        if (!s->method->put_cipher_by_char(c, pkt, &len)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CIPHER_LIST_TO_BYTES,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+
+        /* Sanity check that the maximum version we offer has ciphers enabled */
+        if (!maxverok) {
+            if (SSL_IS_DTLS(s)) {
+                if (DTLS_VERSION_GE(c->max_dtls, s->s3->tmp.max_ver)
+                        && DTLS_VERSION_LE(c->min_dtls, s->s3->tmp.max_ver))
+                    maxverok = 1;
+            } else {
+                if (c->max_tls >= s->s3->tmp.max_ver
+                        && c->min_tls <= s->s3->tmp.max_ver)
+                    maxverok = 1;
+            }
+        }
+
+        totlen += len;
+    }
+
+    if (totlen == 0 || !maxverok) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CIPHER_LIST_TO_BYTES,
+                 SSL_R_NO_CIPHERS_AVAILABLE);
+
+        if (!maxverok)
+            ERR_add_error_data(1, "No ciphers enabled for max supported "
+                                  "SSL/TLS version");
+
+        return 0;
+    }
+
+    if (totlen != 0) {
+        if (empty_reneg_info_scsv) {
+            static SSL_CIPHER scsv = {
+                0, NULL, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
+            };
+            if (!s->method->put_cipher_by_char(&scsv, pkt, &len)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_SSL_CIPHER_LIST_TO_BYTES, ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+        }
+        if (s->mode & SSL_MODE_SEND_FALLBACK_SCSV) {
+            static SSL_CIPHER scsv = {
+                0, NULL, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
+            };
+            if (!s->method->put_cipher_by_char(&scsv, pkt, &len)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_SSL_CIPHER_LIST_TO_BYTES, ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+        }
+    }
+
+    return 1;
+}
+
+int tls_construct_end_of_early_data(SSL *s, WPACKET *pkt)
+{
+    if (s->early_data_state != SSL_EARLY_DATA_WRITE_RETRY
+            && s->early_data_state != SSL_EARLY_DATA_FINISHED_WRITING) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_END_OF_EARLY_DATA,
+                 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+
+    s->early_data_state = SSL_EARLY_DATA_FINISHED_WRITING;
+    return 1;
+}
diff --git a/freebsd/crypto/openssl/ssl/d1_both.c b/freebsd/crypto/openssl/ssl/statem/statem_dtls.c
index 58d71aef..75c21962 100644
--- a/freebsd/crypto/openssl/ssl/d1_both.c
+++ b/freebsd/crypto/openssl/ssl/statem/statem_dtls.c
@@ -1,126 +1,21 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* ssl/d1_both.c */
 /*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1998-2018 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <limits.h>
 #include <string.h>
 #include <stdio.h>
-#include "ssl_locl.h"
+#include "../ssl_locl.h"
+#include "statem_locl.h"
+#include "internal/cryptlib.h"
 #include <openssl/buffer.h>
-#include <openssl/rand.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
@@ -140,53 +35,40 @@
 
 #define RSMBLY_BITMASK_IS_COMPLETE(bitmask, msg_len, is_complete) { \
                         long ii; \
-                        OPENSSL_assert((msg_len) > 0); \
                         is_complete = 1; \
                         if (bitmask[(((msg_len) - 1) >> 3)] != bitmask_end_values[((msg_len) & 7)]) is_complete = 0; \
                         if (is_complete) for (ii = (((msg_len) - 1) >> 3) - 1; ii >= 0 ; ii--) \
                                 if (bitmask[ii] != 0xff) { is_complete = 0; break; } }
 
-#if 0
-# define RSMBLY_BITMASK_PRINT(bitmask, msg_len) { \
-                        long ii; \
-                        printf("bitmask: "); for (ii = 0; ii < (msg_len); ii++) \
-                        printf("%d ", (bitmask[ii >> 3] & (1 << (ii & 7))) >> (ii & 7)); \
-                        printf("\n"); }
-#endif
-
 static unsigned char bitmask_start_values[] =
     { 0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80 };
 static unsigned char bitmask_end_values[] =
     { 0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f };
 
-/* XDTLS:  figure out the right values */
-static const unsigned int g_probable_mtu[] = { 1500, 512, 256 };
-
-static void dtls1_fix_message_header(SSL *s, unsigned long frag_off,
-                                     unsigned long frag_len);
+static void dtls1_fix_message_header(SSL *s, size_t frag_off,
+                                     size_t frag_len);
 static unsigned char *dtls1_write_message_header(SSL *s, unsigned char *p);
 static void dtls1_set_message_header_int(SSL *s, unsigned char mt,
-                                         unsigned long len,
+                                         size_t len,
                                          unsigned short seq_num,
-                                         unsigned long frag_off,
-                                         unsigned long frag_len);
-static long dtls1_get_message_fragment(SSL *s, int st1, int stn, long max,
-                                       int *ok);
+                                         size_t frag_off,
+                                         size_t frag_len);
+static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len);
 
-static hm_fragment *dtls1_hm_fragment_new(unsigned long frag_len,
-                                          int reassembly)
+static hm_fragment *dtls1_hm_fragment_new(size_t frag_len, int reassembly)
 {
     hm_fragment *frag = NULL;
     unsigned char *buf = NULL;
     unsigned char *bitmask = NULL;
 
-    frag = (hm_fragment *)OPENSSL_malloc(sizeof(hm_fragment));
-    if (frag == NULL)
+    if ((frag = OPENSSL_malloc(sizeof(*frag))) == NULL) {
+        SSLerr(SSL_F_DTLS1_HM_FRAGMENT_NEW, ERR_R_MALLOC_FAILURE);
         return NULL;
+    }
 
     if (frag_len) {
-        buf = (unsigned char *)OPENSSL_malloc(frag_len);
-        if (buf == NULL) {
+        if ((buf = OPENSSL_malloc(frag_len)) == NULL) {
+            SSLerr(SSL_F_DTLS1_HM_FRAGMENT_NEW, ERR_R_MALLOC_FAILURE);
             OPENSSL_free(frag);
             return NULL;
         }
@@ -197,15 +79,13 @@ static hm_fragment *dtls1_hm_fragment_new(unsigned long frag_len,
 
     /* Initialize reassembly bitmask if necessary */
     if (reassembly) {
-        bitmask =
-            (unsigned char *)OPENSSL_malloc(RSMBLY_BITMASK_SIZE(frag_len));
+        bitmask = OPENSSL_zalloc(RSMBLY_BITMASK_SIZE(frag_len));
         if (bitmask == NULL) {
-            if (buf != NULL)
-                OPENSSL_free(buf);
+            SSLerr(SSL_F_DTLS1_HM_FRAGMENT_NEW, ERR_R_MALLOC_FAILURE);
+            OPENSSL_free(buf);
             OPENSSL_free(frag);
             return NULL;
         }
-        memset(bitmask, 0, RSMBLY_BITMASK_SIZE(frag_len));
     }
 
     frag->reassembly = bitmask;
@@ -215,50 +95,18 @@ static hm_fragment *dtls1_hm_fragment_new(unsigned long frag_len,
 
 void dtls1_hm_fragment_free(hm_fragment *frag)
 {
-
+    if (!frag)
+        return;
     if (frag->msg_header.is_ccs) {
         EVP_CIPHER_CTX_free(frag->msg_header.
                             saved_retransmit_state.enc_write_ctx);
-        EVP_MD_CTX_destroy(frag->msg_header.
-                           saved_retransmit_state.write_hash);
+        EVP_MD_CTX_free(frag->msg_header.saved_retransmit_state.write_hash);
     }
-    if (frag->fragment)
-        OPENSSL_free(frag->fragment);
-    if (frag->reassembly)
-        OPENSSL_free(frag->reassembly);
+    OPENSSL_free(frag->fragment);
+    OPENSSL_free(frag->reassembly);
     OPENSSL_free(frag);
 }
 
-static int dtls1_query_mtu(SSL *s)
-{
-    if (s->d1->link_mtu) {
-        s->d1->mtu =
-            s->d1->link_mtu - BIO_dgram_get_mtu_overhead(SSL_get_wbio(s));
-        s->d1->link_mtu = 0;
-    }
-
-    /* AHA!  Figure out the MTU, and stick to the right size */
-    if (s->d1->mtu < dtls1_min_mtu(s)) {
-        if (!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
-            s->d1->mtu =
-                BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
-
-            /*
-             * I've seen the kernel return bogus numbers when it doesn't know
-             * (initial write), so just make sure we have a reasonable number
-             */
-            if (s->d1->mtu < dtls1_min_mtu(s)) {
-                /* Set to min mtu */
-                s->d1->mtu = dtls1_min_mtu(s);
-                BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU,
-                         s->d1->mtu, NULL);
-            }
-        } else
-            return 0;
-    }
-    return 1;
-}
-
 /*
  * send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or
  * SSL3_RT_CHANGE_CIPHER_SPEC)
@@ -266,24 +114,28 @@ static int dtls1_query_mtu(SSL *s)
 int dtls1_do_write(SSL *s, int type)
 {
     int ret;
-    unsigned int curr_mtu;
+    size_t written;
+    size_t curr_mtu;
     int retry = 1;
-    unsigned int len, frag_off, mac_size, blocksize, used_len;
+    size_t len, frag_off, mac_size, blocksize, used_len;
 
     if (!dtls1_query_mtu(s))
         return -1;
 
-    OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu(s)); /* should have something
-                                                     * reasonable now */
+    if (s->d1->mtu < dtls1_min_mtu(s))
+        /* should have something reasonable now */
+        return -1;
 
-    if (s->init_off == 0 && type == SSL3_RT_HANDSHAKE)
-        OPENSSL_assert(s->init_num ==
-                       (int)s->d1->w_msg_hdr.msg_len +
-                       DTLS1_HM_HEADER_LENGTH);
+    if (s->init_off == 0 && type == SSL3_RT_HANDSHAKE) {
+        if (!ossl_assert(s->init_num ==
+                         s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH))
+            return -1;
+    }
 
     if (s->write_hash) {
         if (s->enc_write_ctx
-            && EVP_CIPHER_CTX_mode(s->enc_write_ctx) == EVP_CIPH_GCM_MODE)
+            && (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_write_ctx)) &
+                EVP_CIPH_FLAG_AEAD_CIPHER) != 0)
             mac_size = 0;
         else
             mac_size = EVP_MD_CTX_size(s->write_hash);
@@ -292,7 +144,7 @@ int dtls1_do_write(SSL *s, int type)
 
     if (s->enc_write_ctx &&
         (EVP_CIPHER_CTX_mode(s->enc_write_ctx) == EVP_CIPH_CBC_MODE))
-        blocksize = 2 * EVP_CIPHER_block_size(s->enc_write_ctx->cipher);
+        blocksize = 2 * EVP_CIPHER_CTX_block_size(s->enc_write_ctx);
     else
         blocksize = 0;
 
@@ -335,7 +187,7 @@ int dtls1_do_write(SSL *s, int type)
             }
         }
 
-        used_len = BIO_wpending(SSL_get_wbio(s)) + DTLS1_RT_HEADER_LENGTH
+        used_len = BIO_wpending(s->wbio) + DTLS1_RT_HEADER_LENGTH
             + mac_size + blocksize;
         if (s->d1->mtu > used_len)
             curr_mtu = s->d1->mtu - used_len;
@@ -346,7 +198,7 @@ int dtls1_do_write(SSL *s, int type)
             /*
              * grr.. we could get an error if MTU picked was wrong
              */
-            ret = BIO_flush(SSL_get_wbio(s));
+            ret = BIO_flush(s->wbio);
             if (ret <= 0) {
                 s->rwstate = SSL_WRITING;
                 return ret;
@@ -368,9 +220,8 @@ int dtls1_do_write(SSL *s, int type)
         else
             len = s->init_num;
 
-        /* Shouldn't ever happen */
-        if (len > INT_MAX)
-            len = INT_MAX;
+        if (len > s->max_send_fragment)
+            len = s->max_send_fragment;
 
         /*
          * XDTLS: this function is too long.  split out the CCS part
@@ -383,16 +234,15 @@ int dtls1_do_write(SSL *s, int type)
                  */
                 return -1;
             }
-            dtls1_fix_message_header(s, frag_off,
-                                     len - DTLS1_HM_HEADER_LENGTH);
+            dtls1_fix_message_header(s, frag_off, len - DTLS1_HM_HEADER_LENGTH);
 
             dtls1_write_message_header(s,
                                        (unsigned char *)&s->init_buf->
                                        data[s->init_off]);
         }
 
-        ret = dtls1_write_bytes(s, type, &s->init_buf->data[s->init_off],
-                                len);
+        ret = dtls1_write_bytes(s, type, &s->init_buf->data[s->init_off], len,
+                                &written);
         if (ret < 0) {
             /*
              * might need to update MTU here, but we don't know which
@@ -410,7 +260,7 @@ int dtls1_do_write(SSL *s, int type)
                 } else
                     return -1;
             } else {
-                return (-1);
+                return -1;
             }
         } else {
 
@@ -418,7 +268,8 @@ int dtls1_do_write(SSL *s, int type)
              * bad if this assert fails, only part of the handshake message
              * got sent.  but why would this happen?
              */
-            OPENSSL_assert(len == (unsigned int)ret);
+            if (!ossl_assert(len == written))
+                return -1;
 
             if (type == SSL3_RT_HANDSHAKE && !s->d1->retransmitting) {
                 /*
@@ -428,7 +279,7 @@ int dtls1_do_write(SSL *s, int type)
                 unsigned char *p =
                     (unsigned char *)&s->init_buf->data[s->init_off];
                 const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
-                int xlen;
+                size_t xlen;
 
                 if (frag_off == 0 && s->version != DTLS1_BAD_VER) {
                     /*
@@ -441,16 +292,17 @@ int dtls1_do_write(SSL *s, int type)
                     l2n3(0, p);
                     l2n3(msg_hdr->msg_len, p);
                     p -= DTLS1_HM_HEADER_LENGTH;
-                    xlen = ret;
+                    xlen = written;
                 } else {
                     p += DTLS1_HM_HEADER_LENGTH;
-                    xlen = ret - DTLS1_HM_HEADER_LENGTH;
+                    xlen = written - DTLS1_HM_HEADER_LENGTH;
                 }
 
-                ssl3_finish_mac(s, p, xlen);
+                if (!ssl3_finish_mac(s, p, xlen))
+                    return -1;
             }
 
-            if (ret == s->init_num) {
+            if (written == s->init_num) {
                 if (s->msg_callback)
                     s->msg_callback(1, s->version, type, s->init_buf->data,
                                     (size_t)(s->init_off + s->init_num), s,
@@ -459,12 +311,12 @@ int dtls1_do_write(SSL *s, int type)
                 s->init_off = 0; /* done writing this message */
                 s->init_num = 0;
 
-                return (1);
+                return 1;
             }
-            s->init_off += ret;
-            s->init_num -= ret;
-            ret -= DTLS1_HM_HEADER_LENGTH;
-            frag_off += ret;
+            s->init_off += written;
+            s->init_num -= written;
+            written -= DTLS1_HM_HEADER_LENGTH;
+            frag_off += written;
 
             /*
              * We save the fragment offset for the next fragment so we have it
@@ -475,68 +327,46 @@ int dtls1_do_write(SSL *s, int type)
             dtls1_fix_message_header(s, frag_off, 0);
         }
     }
-    return (0);
+    return 0;
 }
 
-/*
- * Obtain handshake message of message type 'mt' (any if mt == -1), maximum
- * acceptable body length 'max'. Read an entire handshake message.  Handshake
- * messages arrive in fragments.
- */
-long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
+int dtls_get_message(SSL *s, int *mt, size_t *len)
 {
-    int i, al;
     struct hm_header_st *msg_hdr;
     unsigned char *p;
-    unsigned long msg_len;
-
-    /*
-     * s3->tmp is used to store messages that are unexpected, caused by the
-     * absence of an optional handshake message
-     */
-    if (s->s3->tmp.reuse_message) {
-        s->s3->tmp.reuse_message = 0;
-        if ((mt >= 0) && (s->s3->tmp.message_type != mt)) {
-            al = SSL_AD_UNEXPECTED_MESSAGE;
-            SSLerr(SSL_F_DTLS1_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
-            goto f_err;
-        }
-        *ok = 1;
-        s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
-        s->init_num = (int)s->s3->tmp.message_size;
-        return s->init_num;
-    }
+    size_t msg_len;
+    size_t tmplen;
+    int errtype;
 
     msg_hdr = &s->d1->r_msg_hdr;
-    memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
+    memset(msg_hdr, 0, sizeof(*msg_hdr));
 
  again:
-    i = dtls1_get_message_fragment(s, st1, stn, max, ok);
-    if (i == DTLS1_HM_BAD_FRAGMENT || i == DTLS1_HM_FRAGMENT_RETRY) {
-        /* bad fragment received */
-        goto again;
-    } else if (i <= 0 && !*ok) {
-        return i;
+    if (!dtls_get_reassembled_message(s, &errtype, &tmplen)) {
+        if (errtype == DTLS1_HM_BAD_FRAGMENT
+                || errtype == DTLS1_HM_FRAGMENT_RETRY) {
+            /* bad fragment received */
+            goto again;
+        }
+        return 0;
     }
 
-    /*
-     * Don't change the *message* read sequence number while listening. For
-     * the *record* write sequence we reflect the ClientHello sequence number
-     * when listening.
-     */
-    if (s->d1->listen)
-        memcpy(s->s3->write_sequence, s->s3->read_sequence,
-               sizeof(s->s3->write_sequence));
-    else
-        s->d1->handshake_read_seq++;
+    *mt = s->s3->tmp.message_type;
 
-    if (mt >= 0 && s->s3->tmp.message_type != mt) {
-        al = SSL_AD_UNEXPECTED_MESSAGE;
-        SSLerr(SSL_F_DTLS1_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
-        goto f_err;
+    p = (unsigned char *)s->init_buf->data;
+    *len = s->init_num;
+
+    if (*mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
+        if (s->msg_callback) {
+            s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC,
+                            p, 1, s, s->msg_callback_arg);
+        }
+        /*
+         * This isn't a real handshake message so skip the processing below.
+         */
+        return 1;
     }
 
-    p = (unsigned char *)s->init_buf->data;
     msg_len = msg_hdr->msg_len;
 
     /* reconstruct message header */
@@ -550,24 +380,44 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
         msg_len += DTLS1_HM_HEADER_LENGTH;
     }
 
-    ssl3_finish_mac(s, p, msg_len);
+    /*
+     * If receiving Finished, record MAC of prior handshake messages for
+     * Finished verification.
+     */
+    if (*mt == SSL3_MT_FINISHED && !ssl3_take_mac(s)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    if (!ssl3_finish_mac(s, p, msg_len))
+        return 0;
     if (s->msg_callback)
         s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
                         p, msg_len, s, s->msg_callback_arg);
 
-    memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
+    memset(msg_hdr, 0, sizeof(*msg_hdr));
+
+    s->d1->handshake_read_seq++;
 
     s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
-    return s->init_num;
 
- f_err:
-    ssl3_send_alert(s, SSL3_AL_FATAL, al);
-    *ok = 0;
-    return -1;
+    return 1;
+}
+
+/*
+ * dtls1_max_handshake_message_len returns the maximum number of bytes
+ * permitted in a DTLS handshake message for |s|. The minimum is 16KB, but
+ * may be greater if the maximum certificate list size requires it.
+ */
+static size_t dtls1_max_handshake_message_len(const SSL *s)
+{
+    size_t max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH;
+    if (max_len < s->max_cert_list)
+        return s->max_cert_list;
+    return max_len;
 }
 
-static int dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr,
-                                     int max)
+static int dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr)
 {
     size_t frag_off, frag_len, msg_len;
 
@@ -576,28 +426,22 @@ static int dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr,
     frag_len = msg_hdr->frag_len;
 
     /* sanity checking */
-    if ((frag_off + frag_len) > msg_len) {
-        SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, SSL_R_EXCESSIVE_MESSAGE_SIZE);
-        return SSL_AD_ILLEGAL_PARAMETER;
-    }
-
-    if ((frag_off + frag_len) > (unsigned long)max) {
-        SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, SSL_R_EXCESSIVE_MESSAGE_SIZE);
-        return SSL_AD_ILLEGAL_PARAMETER;
+    if ((frag_off + frag_len) > msg_len
+            || msg_len > dtls1_max_handshake_message_len(s)) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_DTLS1_PREPROCESS_FRAGMENT,
+                 SSL_R_EXCESSIVE_MESSAGE_SIZE);
+        return 0;
     }
 
     if (s->d1->r_msg_hdr.frag_off == 0) { /* first fragment */
         /*
-         * msg_len is limited to 2^24, but is effectively checked against max
-         * above
-         *
-         * Make buffer slightly larger than message length as a precaution
-         * against small OOB reads e.g. CVE-2016-6306
+         * msg_len is limited to 2^24, but is effectively checked against
+         * dtls_max_handshake_message_len(s) above
          */
-        if (!BUF_MEM_grow_clean
-            (s->init_buf, msg_len + DTLS1_HM_HEADER_LENGTH + 16)) {
-            SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, ERR_R_BUF_LIB);
-            return SSL_AD_INTERNAL_ERROR;
+        if (!BUF_MEM_grow_clean(s->init_buf, msg_len + DTLS1_HM_HEADER_LENGTH)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_PREPROCESS_FRAGMENT,
+                     ERR_R_BUF_LIB);
+            return 0;
         }
 
         s->s3->tmp.message_size = msg_len;
@@ -610,14 +454,19 @@ static int dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr,
          * They must be playing with us! BTW, failure to enforce upper limit
          * would open possibility for buffer overrun.
          */
-        SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, SSL_R_EXCESSIVE_MESSAGE_SIZE);
-        return SSL_AD_ILLEGAL_PARAMETER;
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_DTLS1_PREPROCESS_FRAGMENT,
+                 SSL_R_EXCESSIVE_MESSAGE_SIZE);
+        return 0;
     }
 
-    return 0;                   /* no error */
+    return 1;
 }
 
-static int dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
+/*
+ * Returns 1 if there is a buffered fragment available, 0 if not, or -1 on a
+ * fatal error.
+ */
+static int dtls1_retrieve_buffered_fragment(SSL *s, size_t *len)
 {
     /*-
      * (0) check whether the desired fragment is available
@@ -627,9 +476,8 @@ static int dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
      */
     pitem *item;
     hm_fragment *frag;
-    int al;
+    int ret;
 
-    *ok = 0;
     do {
         item = pqueue_peek(s->d1->buffered_messages);
         if (item == NULL)
@@ -647,19 +495,18 @@ static int dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
         }
     } while (item == NULL);
 
-
     /* Don't return if reassembly still in progress */
     if (frag->reassembly != NULL)
         return 0;
 
     if (s->d1->handshake_read_seq == frag->msg_header.seq) {
-        unsigned long frag_len = frag->msg_header.frag_len;
+        size_t frag_len = frag->msg_header.frag_len;
         pqueue_pop(s->d1->buffered_messages);
 
-        al = dtls1_preprocess_fragment(s, &frag->msg_header, max);
+        /* Calls SSLfatal() as required */
+        ret = dtls1_preprocess_fragment(s, &frag->msg_header);
 
-        /* al will be 0 if no alert */
-        if (al == 0  && frag->msg_header.frag_len > 0) {
+        if (ret && frag->msg_header.frag_len > 0) {
             unsigned char *p =
                 (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
             memcpy(&p[frag->msg_header.frag_off], frag->fragment,
@@ -669,48 +516,36 @@ static int dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
         dtls1_hm_fragment_free(frag);
         pitem_free(item);
 
-        if (al == 0) {
-            *ok = 1;
-            return frag_len;
+        if (ret) {
+            *len = frag_len;
+            return 1;
         }
 
-        ssl3_send_alert(s, SSL3_AL_FATAL, al);
+        /* Fatal error */
         s->init_num = 0;
-        *ok = 0;
         return -1;
-    } else
+    } else {
         return 0;
-}
-
-/*
- * dtls1_max_handshake_message_len returns the maximum number of bytes
- * permitted in a DTLS handshake message for |s|. The minimum is 16KB, but
- * may be greater if the maximum certificate list size requires it.
- */
-static unsigned long dtls1_max_handshake_message_len(const SSL *s)
-{
-    unsigned long max_len =
-        DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH;
-    if (max_len < (unsigned long)s->max_cert_list)
-        return s->max_cert_list;
-    return max_len;
+    }
 }
 
 static int
-dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr, int *ok)
+dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr)
 {
     hm_fragment *frag = NULL;
     pitem *item = NULL;
     int i = -1, is_complete;
     unsigned char seq64be[8];
-    unsigned long frag_len = msg_hdr->frag_len;
+    size_t frag_len = msg_hdr->frag_len;
+    size_t readbytes;
 
     if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len ||
         msg_hdr->msg_len > dtls1_max_handshake_message_len(s))
         goto err;
 
-    if (frag_len == 0)
+    if (frag_len == 0) {
         return DTLS1_HM_FRAGMENT_RETRY;
+    }
 
     /* Try to find item in queue */
     memset(seq64be, 0, sizeof(seq64be));
@@ -743,23 +578,23 @@ dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr, int *ok)
         unsigned char devnull[256];
 
         while (frag_len) {
-            i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
+            i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
                                           devnull,
                                           frag_len >
                                           sizeof(devnull) ? sizeof(devnull) :
-                                          frag_len, 0);
+                                          frag_len, 0, &readbytes);
             if (i <= 0)
                 goto err;
-            frag_len -= i;
+            frag_len -= readbytes;
         }
         return DTLS1_HM_FRAGMENT_RETRY;
     }
 
     /* read the body of the fragment (header has already been read */
-    i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
+    i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
                                   frag->fragment + msg_hdr->frag_off,
-                                  frag_len, 0);
-    if ((unsigned long)i != frag_len)
+                                  frag_len, 0, &readbytes);
+    if (i <= 0 || readbytes != frag_len)
         i = -1;
     if (i <= 0)
         goto err;
@@ -767,6 +602,8 @@ dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr, int *ok)
     RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off,
                         (long)(msg_hdr->frag_off + frag_len));
 
+    if (!ossl_assert(msg_hdr->msg_len > 0))
+        goto err;
     RSMBLY_BITMASK_IS_COMPLETE(frag->reassembly, (long)msg_hdr->msg_len,
                                is_complete);
 
@@ -789,27 +626,27 @@ dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr, int *ok)
          * would have returned it and control would never have reached this
          * branch.
          */
-        OPENSSL_assert(item != NULL);
+        if (!ossl_assert(item != NULL))
+            goto err;
     }
 
     return DTLS1_HM_FRAGMENT_RETRY;
 
  err:
-    if (frag != NULL && item == NULL)
+    if (item == NULL)
         dtls1_hm_fragment_free(frag);
-    *ok = 0;
-    return i;
+    return -1;
 }
 
 static int
-dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr,
-                                 int *ok)
+dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr)
 {
     int i = -1;
     hm_fragment *frag = NULL;
     pitem *item = NULL;
     unsigned char seq64be[8];
-    unsigned long frag_len = msg_hdr->frag_len;
+    size_t frag_len = msg_hdr->frag_len;
+    size_t readbytes;
 
     if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len)
         goto err;
@@ -834,23 +671,23 @@ dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr,
      */
     if (msg_hdr->seq <= s->d1->handshake_read_seq ||
         msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL ||
-        (s->d1->handshake_read_seq == 0 && msg_hdr->type == SSL3_MT_FINISHED))
-    {
+        (s->d1->handshake_read_seq == 0 && msg_hdr->type == SSL3_MT_FINISHED)) {
         unsigned char devnull[256];
 
         while (frag_len) {
-            i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
+            i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
                                           devnull,
                                           frag_len >
                                           sizeof(devnull) ? sizeof(devnull) :
-                                          frag_len, 0);
+                                          frag_len, 0, &readbytes);
             if (i <= 0)
                 goto err;
-            frag_len -= i;
+            frag_len -= readbytes;
         }
     } else {
-        if (frag_len != msg_hdr->msg_len)
-            return dtls1_reassemble_fragment(s, msg_hdr, ok);
+        if (frag_len != msg_hdr->msg_len) {
+            return dtls1_reassemble_fragment(s, msg_hdr);
+        }
 
         if (frag_len > dtls1_max_handshake_message_len(s))
             goto err;
@@ -865,9 +702,10 @@ dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr,
             /*
              * read the body of the fragment (header has already been read
              */
-            i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
-                                          frag->fragment, frag_len, 0);
-            if ((unsigned long)i != frag_len)
+            i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
+                                          frag->fragment, frag_len, 0,
+                                          &readbytes);
+            if (i<=0 || readbytes != frag_len)
                 i = -1;
             if (i <= 0)
                 goto err;
@@ -886,53 +724,77 @@ dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr,
          * have been processed with |dtls1_reassemble_fragment|, above, or
          * the record will have been discarded.
          */
-        OPENSSL_assert(item != NULL);
+        if (!ossl_assert(item != NULL))
+            goto err;
     }
 
     return DTLS1_HM_FRAGMENT_RETRY;
 
  err:
-    if (frag != NULL && item == NULL)
+    if (item == NULL)
         dtls1_hm_fragment_free(frag);
-    *ok = 0;
-    return i;
+    return 0;
 }
 
-static long
-dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
+static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len)
 {
     unsigned char wire[DTLS1_HM_HEADER_LENGTH];
-    unsigned long len, frag_off, frag_len;
-    int i, al;
+    size_t mlen, frag_off, frag_len;
+    int i, ret, recvd_type;
     struct hm_header_st msg_hdr;
+    size_t readbytes;
+
+    *errtype = 0;
 
  redo:
     /* see if we have the required fragment already */
-    if ((frag_len = dtls1_retrieve_buffered_fragment(s, max, ok)) || *ok) {
-        if (*ok)
-            s->init_num = frag_len;
-        return frag_len;
+    ret = dtls1_retrieve_buffered_fragment(s, &frag_len);
+    if (ret < 0) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+    if (ret > 0) {
+        s->init_num = frag_len;
+        *len = frag_len;
+        return 1;
     }
 
     /* read handshake message header */
-    i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, wire,
-                                  DTLS1_HM_HEADER_LENGTH, 0);
+    i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &recvd_type, wire,
+                                  DTLS1_HM_HEADER_LENGTH, 0, &readbytes);
     if (i <= 0) {               /* nbio, or an error */
         s->rwstate = SSL_READING;
-        *ok = 0;
-        return i;
+        *len = 0;
+        return 0;
     }
+    if (recvd_type == SSL3_RT_CHANGE_CIPHER_SPEC) {
+        if (wire[0] != SSL3_MT_CCS) {
+            SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
+                     SSL_F_DTLS_GET_REASSEMBLED_MESSAGE,
+                     SSL_R_BAD_CHANGE_CIPHER_SPEC);
+            goto f_err;
+        }
+
+        memcpy(s->init_buf->data, wire, readbytes);
+        s->init_num = readbytes - 1;
+        s->init_msg = s->init_buf->data + 1;
+        s->s3->tmp.message_type = SSL3_MT_CHANGE_CIPHER_SPEC;
+        s->s3->tmp.message_size = readbytes - 1;
+        *len = readbytes - 1;
+        return 1;
+    }
+
     /* Handshake fails if message header is incomplete */
-    if (i != DTLS1_HM_HEADER_LENGTH) {
-        al = SSL_AD_UNEXPECTED_MESSAGE;
-        SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT, SSL_R_UNEXPECTED_MESSAGE);
+    if (readbytes != DTLS1_HM_HEADER_LENGTH) {
+        SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
+                 SSL_F_DTLS_GET_REASSEMBLED_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
         goto f_err;
     }
 
     /* parse the message fragment header */
     dtls1_get_message_header(wire, &msg_hdr);
 
-    len = msg_hdr.msg_len;
+    mlen = msg_hdr.msg_len;
     frag_off = msg_hdr.frag_off;
     frag_len = msg_hdr.frag_len;
 
@@ -940,9 +802,9 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
      * We must have at least frag_len bytes left in the record to be read.
      * Fragments must not span records.
      */
-    if (frag_len > s->s3->rrec.length) {
-        al = SSL3_AD_ILLEGAL_PARAMETER;
-        SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT, SSL_R_BAD_LENGTH);
+    if (frag_len > RECORD_LAYER_get_rrec_length(&s->rlayer)) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                 SSL_F_DTLS_GET_REASSEMBLED_MESSAGE, SSL_R_BAD_LENGTH);
         goto f_err;
     }
 
@@ -952,15 +814,20 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
      * While listening, we accept seq 1 (ClientHello with cookie)
      * although we're still expecting seq 0 (ClientHello)
      */
-    if (msg_hdr.seq != s->d1->handshake_read_seq
-        && !(s->d1->listen && msg_hdr.seq == 1))
-        return dtls1_process_out_of_seq_message(s, &msg_hdr, ok);
+    if (msg_hdr.seq != s->d1->handshake_read_seq) {
+        *errtype = dtls1_process_out_of_seq_message(s, &msg_hdr);
+        return 0;
+    }
 
-    if (frag_len && frag_len < len)
-        return dtls1_reassemble_fragment(s, &msg_hdr, ok);
+    if (frag_len && frag_len < mlen) {
+        *errtype = dtls1_reassemble_fragment(s, &msg_hdr);
+        return 0;
+    }
 
-    if (!s->server && s->d1->r_msg_hdr.frag_off == 0 &&
-        wire[0] == SSL3_MT_HELLO_REQUEST) {
+    if (!s->server
+            && s->d1->r_msg_hdr.frag_off == 0
+            && s->statem.hand_state != TLS_ST_OK
+            && wire[0] == SSL3_MT_HELLO_REQUEST) {
         /*
          * The server may always send 'Hello Request' messages -- we are
          * doing a handshake anyway now, so ignore them if their format is
@@ -974,24 +841,26 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
 
             s->init_num = 0;
             goto redo;
-        } else {                /* Incorrectly formated Hello request */
+        } else {                /* Incorrectly formatted Hello request */
 
-            al = SSL_AD_UNEXPECTED_MESSAGE;
-            SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,
-                   SSL_R_UNEXPECTED_MESSAGE);
+            SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
+                     SSL_F_DTLS_GET_REASSEMBLED_MESSAGE,
+                     SSL_R_UNEXPECTED_MESSAGE);
             goto f_err;
         }
     }
 
-    if ((al = dtls1_preprocess_fragment(s, &msg_hdr, max)))
+    if (!dtls1_preprocess_fragment(s, &msg_hdr)) {
+        /* SSLfatal() already called */
         goto f_err;
+    }
 
     if (frag_len > 0) {
         unsigned char *p =
             (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
 
-        i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
-                                      &p[frag_off], frag_len, 0);
+        i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
+                                      &p[frag_off], frag_len, 0, &readbytes);
 
         /*
          * This shouldn't ever fail due to NBIO because we already checked
@@ -999,123 +868,126 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
          */
         if (i <= 0) {
             s->rwstate = SSL_READING;
-            *ok = 0;
-            return i;
+            *len = 0;
+            return 0;
         }
-    } else
-        i = 0;
+    } else {
+        readbytes = 0;
+    }
 
     /*
      * XDTLS: an incorrectly formatted fragment should cause the handshake
      * to fail
      */
-    if (i != (int)frag_len) {
-        al = SSL3_AD_ILLEGAL_PARAMETER;
-        SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT, SSL3_AD_ILLEGAL_PARAMETER);
+    if (readbytes != frag_len) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                 SSL_F_DTLS_GET_REASSEMBLED_MESSAGE, SSL_R_BAD_LENGTH);
         goto f_err;
     }
 
-    *ok = 1;
-    s->state = stn;
-
     /*
      * Note that s->init_num is *not* used as current offset in
      * s->init_buf->data, but as a counter summing up fragments' lengths: as
      * soon as they sum up to handshake packet length, we assume we have got
      * all the fragments.
      */
-    s->init_num = frag_len;
-    return frag_len;
+    *len = s->init_num = frag_len;
+    return 1;
 
  f_err:
-    ssl3_send_alert(s, SSL3_AL_FATAL, al);
     s->init_num = 0;
-
-    *ok = 0;
-    return (-1);
+    *len = 0;
+    return 0;
 }
 
 /*-
  * for these 2 messages, we need to
  * ssl->enc_read_ctx                    re-init
- * ssl->s3->read_sequence               zero
+ * ssl->rlayer.read_sequence            zero
  * ssl->s3->read_mac_secret             re-init
  * ssl->session->read_sym_enc           assign
  * ssl->session->read_compression       assign
  * ssl->session->read_hash              assign
  */
-int dtls1_send_change_cipher_spec(SSL *s, int a, int b)
+int dtls_construct_change_cipher_spec(SSL *s, WPACKET *pkt)
 {
-    unsigned char *p;
-
-    if (s->state == a) {
-        p = (unsigned char *)s->init_buf->data;
-        *p++ = SSL3_MT_CCS;
-        s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
-        s->init_num = DTLS1_CCS_HEADER_LENGTH;
+    if (s->version == DTLS1_BAD_VER) {
+        s->d1->next_handshake_write_seq++;
 
-        if (s->version == DTLS1_BAD_VER) {
-            s->d1->next_handshake_write_seq++;
-            s2n(s->d1->handshake_write_seq, p);
-            s->init_num += 2;
+        if (!WPACKET_put_bytes_u16(pkt, s->d1->handshake_write_seq)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
         }
+    }
 
-        s->init_off = 0;
+    return 1;
+}
 
-        dtls1_set_message_header_int(s, SSL3_MT_CCS, 0,
-                                     s->d1->handshake_write_seq, 0, 0);
+#ifndef OPENSSL_NO_SCTP
+/*
+ * Wait for a dry event. Should only be called at a point in the handshake
+ * where we are not expecting any data from the peer except an alert.
+ */
+WORK_STATE dtls_wait_for_dry(SSL *s)
+{
+    int ret, errtype;
+    size_t len;
+
+    /* read app data until dry event */
+    ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s));
+    if (ret < 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS_WAIT_FOR_DRY,
+                 ERR_R_INTERNAL_ERROR);
+        return WORK_ERROR;
+    }
 
-        /* buffer the message to handle re-xmits */
-        dtls1_buffer_message(s, 1);
+    if (ret == 0) {
+        /*
+         * We're not expecting any more messages from the peer at this point -
+         * but we could get an alert. If an alert is waiting then we will never
+         * return successfully. Therefore we attempt to read a message. This
+         * should never succeed but will process any waiting alerts.
+         */
+        if (dtls_get_reassembled_message(s, &errtype, &len)) {
+            /* The call succeeded! This should never happen */
+            SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_DTLS_WAIT_FOR_DRY,
+                     SSL_R_UNEXPECTED_MESSAGE);
+            return WORK_ERROR;
+        }
 
-        s->state = b;
+        s->s3->in_read_app_data = 2;
+        s->rwstate = SSL_READING;
+        BIO_clear_retry_flags(SSL_get_rbio(s));
+        BIO_set_retry_read(SSL_get_rbio(s));
+        return WORK_MORE_A;
     }
-
-    /* SSL3_ST_CW_CHANGE_B */
-    return (dtls1_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC));
+    return WORK_FINISHED_CONTINUE;
 }
+#endif
 
 int dtls1_read_failed(SSL *s, int code)
 {
     if (code > 0) {
-#ifdef TLS_DEBUG
-        fprintf(stderr, "invalid state reached %s:%d", __FILE__, __LINE__);
-#endif
-        return 1;
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_DTLS1_READ_FAILED, ERR_R_INTERNAL_ERROR);
+        return 0;
     }
 
-    if (!dtls1_is_timer_expired(s)) {
+    if (!dtls1_is_timer_expired(s) || ossl_statem_in_error(s)) {
         /*
          * not a timeout, none of our business, let higher layers handle
          * this.  in fact it's probably an error
          */
         return code;
     }
-#ifndef OPENSSL_NO_HEARTBEATS
-    /* done, no need to send a retransmit */
-    if (!SSL_in_init(s) && !s->tlsext_hb_pending)
-#else
     /* done, no need to send a retransmit */
     if (!SSL_in_init(s))
-#endif
     {
         BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ);
         return code;
     }
-#if 0                           /* for now, each alert contains only one
-                                 * record number */
-    item = pqueue_peek(state->rcvd_records);
-    if (item) {
-        /* send an alert immediately for all the missing records */
-    } else
-#endif
-
-#if 0                           /* no more alert sending, just retransmit the
-                                 * last set of messages */
-    if (state->timeout.read_timeouts >= DTLS1_TMO_READ_COUNT)
-        ssl3_send_alert(s, SSL3_AL_WARNING,
-                        DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
-#endif
 
     return dtls1_handle_timeout(s);
 }
@@ -1137,7 +1009,7 @@ int dtls1_get_queue_priority(unsigned short seq, int is_ccs)
 
 int dtls1_retransmit_buffered_messages(SSL *s)
 {
-    pqueue sent = s->d1->sent_messages;
+    pqueue *sent = s->d1->sent_messages;
     piterator iter;
     pitem *item;
     hm_fragment *frag;
@@ -1150,13 +1022,8 @@ int dtls1_retransmit_buffered_messages(SSL *s)
         if (dtls1_retransmit_message(s, (unsigned short)
                                      dtls1_get_queue_priority
                                      (frag->msg_header.seq,
-                                      frag->msg_header.is_ccs), 0,
-                                     &found) <= 0 && found) {
-#ifdef TLS_DEBUG
-            fprintf(stderr, "dtls1_retransmit_message() failed\n");
-#endif
+                                      frag->msg_header.is_ccs), &found) <= 0)
             return -1;
-        }
     }
 
     return 1;
@@ -1172,22 +1039,26 @@ int dtls1_buffer_message(SSL *s, int is_ccs)
      * this function is called immediately after a message has been
      * serialized
      */
-    OPENSSL_assert(s->init_off == 0);
+    if (!ossl_assert(s->init_off == 0))
+        return 0;
 
     frag = dtls1_hm_fragment_new(s->init_num, 0);
-    if (!frag)
+    if (frag == NULL)
         return 0;
 
     memcpy(frag->fragment, s->init_buf->data, s->init_num);
 
     if (is_ccs) {
         /* For DTLS1_BAD_VER the header length is non-standard */
-        OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
-                       ((s->version==DTLS1_BAD_VER)?3:DTLS1_CCS_HEADER_LENGTH)
-                       == (unsigned int)s->init_num);
+        if (!ossl_assert(s->d1->w_msg_hdr.msg_len +
+                         ((s->version ==
+                           DTLS1_BAD_VER) ? 3 : DTLS1_CCS_HEADER_LENGTH)
+                         == (unsigned int)s->init_num))
+            return 0;
     } else {
-        OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
-                       DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num);
+        if (!ossl_assert(s->d1->w_msg_hdr.msg_len +
+                         DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num))
+            return 0;
     }
 
     frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len;
@@ -1202,7 +1073,8 @@ int dtls1_buffer_message(SSL *s, int is_ccs)
     frag->msg_header.saved_retransmit_state.write_hash = s->write_hash;
     frag->msg_header.saved_retransmit_state.compress = s->compress;
     frag->msg_header.saved_retransmit_state.session = s->session;
-    frag->msg_header.saved_retransmit_state.epoch = s->d1->w_epoch;
+    frag->msg_header.saved_retransmit_state.epoch =
+        DTLS_RECORD_LAYER_get_w_epoch(&s->rlayer);
 
     memset(seq64be, 0, sizeof(seq64be));
     seq64be[6] =
@@ -1219,19 +1091,12 @@ int dtls1_buffer_message(SSL *s, int is_ccs)
         dtls1_hm_fragment_free(frag);
         return 0;
     }
-#if 0
-    fprintf(stderr, "buffered messge: \ttype = %xx\n", msg_buf->type);
-    fprintf(stderr, "\t\t\t\t\tlen = %d\n", msg_buf->len);
-    fprintf(stderr, "\t\t\t\t\tseq_num = %d\n", msg_buf->seq_num);
-#endif
 
     pqueue_insert(s->d1->sent_messages, item);
     return 1;
 }
 
-int
-dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
-                         int *found)
+int dtls1_retransmit_message(SSL *s, unsigned short seq, int *found)
 {
     int ret;
     /* XDTLS: for now assuming that read/writes are blocking */
@@ -1240,12 +1105,6 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
     unsigned long header_length;
     unsigned char seq64be[8];
     struct dtls1_retransmit_state saved_state;
-    unsigned char save_write_sequence[8] = {0, 0, 0, 0, 0, 0, 0, 0};
-
-    /*-
-      OPENSSL_assert(s->init_num == 0);
-      OPENSSL_assert(s->init_off == 0);
-     */
 
     /* XDTLS:  the requested message ought to be found, otherwise error */
     memset(seq64be, 0, sizeof(seq64be));
@@ -1254,9 +1113,8 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
 
     item = pqueue_find(s->d1->sent_messages, seq64be);
     if (item == NULL) {
-#ifdef TLS_DEBUG
-        fprintf(stderr, "retransmit:  message %d non-existant\n", seq);
-#endif
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_RETRANSMIT_MESSAGE,
+                 ERR_R_INTERNAL_ERROR);
         *found = 0;
         return 0;
     }
@@ -1283,8 +1141,7 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
     saved_state.write_hash = s->write_hash;
     saved_state.compress = s->compress;
     saved_state.session = s->session;
-    saved_state.epoch = s->d1->w_epoch;
-    saved_state.epoch = s->d1->w_epoch;
+    saved_state.epoch = DTLS_RECORD_LAYER_get_w_epoch(&s->rlayer);
 
     s->d1->retransmitting = 1;
 
@@ -1293,15 +1150,9 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
     s->write_hash = frag->msg_header.saved_retransmit_state.write_hash;
     s->compress = frag->msg_header.saved_retransmit_state.compress;
     s->session = frag->msg_header.saved_retransmit_state.session;
-    s->d1->w_epoch = frag->msg_header.saved_retransmit_state.epoch;
-
-    if (frag->msg_header.saved_retransmit_state.epoch ==
-        saved_state.epoch - 1) {
-        memcpy(save_write_sequence, s->s3->write_sequence,
-               sizeof(s->s3->write_sequence));
-        memcpy(s->s3->write_sequence, s->d1->last_write_sequence,
-               sizeof(s->s3->write_sequence));
-    }
+    DTLS_RECORD_LAYER_set_saved_w_epoch(&s->rlayer,
+                                        frag->msg_header.
+                                        saved_retransmit_state.epoch);
 
     ret = dtls1_do_write(s, frag->msg_header.is_ccs ?
                          SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE);
@@ -1311,44 +1162,32 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
     s->write_hash = saved_state.write_hash;
     s->compress = saved_state.compress;
     s->session = saved_state.session;
-    s->d1->w_epoch = saved_state.epoch;
-
-    if (frag->msg_header.saved_retransmit_state.epoch ==
-        saved_state.epoch - 1) {
-        memcpy(s->d1->last_write_sequence, s->s3->write_sequence,
-               sizeof(s->s3->write_sequence));
-        memcpy(s->s3->write_sequence, save_write_sequence,
-               sizeof(s->s3->write_sequence));
-    }
+    DTLS_RECORD_LAYER_set_saved_w_epoch(&s->rlayer, saved_state.epoch);
 
     s->d1->retransmitting = 0;
 
-    (void)BIO_flush(SSL_get_wbio(s));
+    (void)BIO_flush(s->wbio);
     return ret;
 }
 
-unsigned char *dtls1_set_message_header(SSL *s, unsigned char *p,
-                                        unsigned char mt, unsigned long len,
-                                        unsigned long frag_off,
-                                        unsigned long frag_len)
+void dtls1_set_message_header(SSL *s,
+                              unsigned char mt, size_t len,
+                              size_t frag_off, size_t frag_len)
 {
-    /* Don't change sequence numbers while listening */
-    if (frag_off == 0 && !s->d1->listen) {
+    if (frag_off == 0) {
         s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
         s->d1->next_handshake_write_seq++;
     }
 
     dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq,
                                  frag_off, frag_len);
-
-    return p += DTLS1_HM_HEADER_LENGTH;
 }
 
 /* don't actually do the writing, wait till the MTU has been retrieved */
 static void
 dtls1_set_message_header_int(SSL *s, unsigned char mt,
-                             unsigned long len, unsigned short seq_num,
-                             unsigned long frag_off, unsigned long frag_len)
+                             size_t len, unsigned short seq_num,
+                             size_t frag_off, size_t frag_len)
 {
     struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
 
@@ -1360,8 +1199,7 @@ dtls1_set_message_header_int(SSL *s, unsigned char mt,
 }
 
 static void
-dtls1_fix_message_header(SSL *s, unsigned long frag_off,
-                         unsigned long frag_len)
+dtls1_fix_message_header(SSL *s, size_t frag_off, size_t frag_len)
 {
     struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
 
@@ -1383,21 +1221,9 @@ static unsigned char *dtls1_write_message_header(SSL *s, unsigned char *p)
     return p;
 }
 
-unsigned int dtls1_link_min_mtu(void)
-{
-    return (g_probable_mtu[(sizeof(g_probable_mtu) /
-                            sizeof(g_probable_mtu[0])) - 1]);
-}
-
-unsigned int dtls1_min_mtu(SSL *s)
+void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr)
 {
-    return dtls1_link_min_mtu() - BIO_dgram_get_mtu_overhead(SSL_get_wbio(s));
-}
-
-void
-dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr)
-{
-    memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
+    memset(msg_hdr, 0, sizeof(*msg_hdr));
     msg_hdr->type = *(data++);
     n2l3(data, msg_hdr->msg_len);
 
@@ -1406,196 +1232,52 @@ dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr)
     n2l3(data, msg_hdr->frag_len);
 }
 
-void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr)
-{
-    memset(ccs_hdr, 0x00, sizeof(struct ccs_header_st));
-
-    ccs_hdr->type = *(data++);
-}
-
-int dtls1_shutdown(SSL *s)
+int dtls1_set_handshake_header(SSL *s, WPACKET *pkt, int htype)
 {
-    int ret;
-#ifndef OPENSSL_NO_SCTP
-    BIO *wbio;
-
-    wbio = SSL_get_wbio(s);
-    if (wbio != NULL && BIO_dgram_is_sctp(wbio) &&
-        !(s->shutdown & SSL_SENT_SHUTDOWN)) {
-        ret = BIO_dgram_sctp_wait_for_dry(wbio);
-        if (ret < 0)
-            return -1;
+    unsigned char *header;
 
-        if (ret == 0)
-            BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 1,
-                     NULL);
-    }
-#endif
-    ret = ssl3_shutdown(s);
-#ifndef OPENSSL_NO_SCTP
-    BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 0, NULL);
-#endif
-    return ret;
-}
-
-#ifndef OPENSSL_NO_HEARTBEATS
-int dtls1_process_heartbeat(SSL *s)
-{
-    unsigned char *p = &s->s3->rrec.data[0], *pl;
-    unsigned short hbtype;
-    unsigned int payload;
-    unsigned int padding = 16;  /* Use minimum padding */
-
-    if (s->msg_callback)
-        s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
-                        &s->s3->rrec.data[0], s->s3->rrec.length,
-                        s, s->msg_callback_arg);
-
-    /* Read type and payload length first */
-    if (1 + 2 + 16 > s->s3->rrec.length)
-        return 0;               /* silently discard */
-    if (s->s3->rrec.length > SSL3_RT_MAX_PLAIN_LENGTH)
-        return 0;               /* silently discard per RFC 6520 sec. 4 */
-
-    hbtype = *p++;
-    n2s(p, payload);
-    if (1 + 2 + payload + 16 > s->s3->rrec.length)
-        return 0;               /* silently discard per RFC 6520 sec. 4 */
-    pl = p;
-
-    if (hbtype == TLS1_HB_REQUEST) {
-        unsigned char *buffer, *bp;
-        unsigned int write_length = 1 /* heartbeat type */  +
-            2 /* heartbeat length */  +
-            payload + padding;
-        int r;
-
-        if (write_length > SSL3_RT_MAX_PLAIN_LENGTH)
+    if (htype == SSL3_MT_CHANGE_CIPHER_SPEC) {
+        s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
+        dtls1_set_message_header_int(s, SSL3_MT_CCS, 0,
+                                     s->d1->handshake_write_seq, 0, 0);
+        if (!WPACKET_put_bytes_u8(pkt, SSL3_MT_CCS))
             return 0;
-
-        /*
-         * Allocate memory for the response, size is 1 byte message type,
-         * plus 2 bytes payload length, plus payload, plus padding
-         */
-        buffer = OPENSSL_malloc(write_length);
-        if (buffer == NULL)
-            return -1;
-        bp = buffer;
-
-        /* Enter response type, length and copy payload */
-        *bp++ = TLS1_HB_RESPONSE;
-        s2n(payload, bp);
-        memcpy(bp, pl, payload);
-        bp += payload;
-        /* Random padding */
-        if (RAND_bytes(bp, padding) <= 0) {
-            OPENSSL_free(buffer);
-            return -1;
-        }
-
-        r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length);
-
-        if (r >= 0 && s->msg_callback)
-            s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
-                            buffer, write_length, s, s->msg_callback_arg);
-
-        OPENSSL_free(buffer);
-
-        if (r < 0)
-            return r;
-    } else if (hbtype == TLS1_HB_RESPONSE) {
-        unsigned int seq;
-
+    } else {
+        dtls1_set_message_header(s, htype, 0, 0, 0);
         /*
-         * We only send sequence numbers (2 bytes unsigned int), and 16
-         * random bytes, so we just try to read the sequence number
+         * We allocate space at the start for the message header. This gets
+         * filled in later
          */
-        n2s(pl, seq);
-
-        if (payload == 18 && seq == s->tlsext_hb_seq) {
-            dtls1_stop_timer(s);
-            s->tlsext_hb_seq++;
-            s->tlsext_hb_pending = 0;
-        }
+        if (!WPACKET_allocate_bytes(pkt, DTLS1_HM_HEADER_LENGTH, &header)
+                || !WPACKET_start_sub_packet(pkt))
+            return 0;
     }
 
-    return 0;
+    return 1;
 }
 
-int dtls1_heartbeat(SSL *s)
+int dtls1_close_construct_packet(SSL *s, WPACKET *pkt, int htype)
 {
-    unsigned char *buf, *p;
-    int ret = -1;
-    unsigned int payload = 18;  /* Sequence number + random bytes */
-    unsigned int padding = 16;  /* Use minimum padding */
-
-    /* Only send if peer supports and accepts HB requests... */
-    if (!(s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED) ||
-        s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS) {
-        SSLerr(SSL_F_DTLS1_HEARTBEAT, SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT);
-        return -1;
-    }
+    size_t msglen;
 
-    /* ...and there is none in flight yet... */
-    if (s->tlsext_hb_pending) {
-        SSLerr(SSL_F_DTLS1_HEARTBEAT, SSL_R_TLS_HEARTBEAT_PENDING);
-        return -1;
-    }
+    if ((htype != SSL3_MT_CHANGE_CIPHER_SPEC && !WPACKET_close(pkt))
+            || !WPACKET_get_length(pkt, &msglen)
+            || msglen > INT_MAX)
+        return 0;
 
-    /* ...and no handshake in progress. */
-    if (SSL_in_init(s) || s->in_handshake) {
-        SSLerr(SSL_F_DTLS1_HEARTBEAT, SSL_R_UNEXPECTED_MESSAGE);
-        return -1;
+    if (htype != SSL3_MT_CHANGE_CIPHER_SPEC) {
+        s->d1->w_msg_hdr.msg_len = msglen - DTLS1_HM_HEADER_LENGTH;
+        s->d1->w_msg_hdr.frag_len = msglen - DTLS1_HM_HEADER_LENGTH;
     }
+    s->init_num = (int)msglen;
+    s->init_off = 0;
 
-    /*
-     * Check if padding is too long, payload and padding must not exceed 2^14
-     * - 3 = 16381 bytes in total.
-     */
-    OPENSSL_assert(payload + padding <= 16381);
-
-    /*-
-     * Create HeartBeat message, we just use a sequence number
-     * as payload to distuingish different messages and add
-     * some random stuff.
-     *  - Message Type, 1 byte
-     *  - Payload Length, 2 bytes (unsigned int)
-     *  - Payload, the sequence number (2 bytes uint)
-     *  - Payload, random bytes (16 bytes uint)
-     *  - Padding
-     */
-    buf = OPENSSL_malloc(1 + 2 + payload + padding);
-    if (buf == NULL)
-        goto err;
-    p = buf;
-    /* Message Type */
-    *p++ = TLS1_HB_REQUEST;
-    /* Payload length (18 bytes here) */
-    s2n(payload, p);
-    /* Sequence number */
-    s2n(s->tlsext_hb_seq, p);
-    /* 16 random bytes */
-    if (RAND_bytes(p, 16) <= 0)
-        goto err;
-    p += 16;
-    /* Random padding */
-    if (RAND_bytes(p, padding) <= 0)
-        goto err;
-
-    ret = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3 + payload + padding);
-    if (ret >= 0) {
-        if (s->msg_callback)
-            s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
-                            buf, 3 + payload + padding,
-                            s, s->msg_callback_arg);
-
-        dtls1_start_timer(s);
-        s->tlsext_hb_pending = 1;
+    if (htype != DTLS1_MT_HELLO_VERIFY_REQUEST) {
+        /* Buffer the message to handle re-xmits */
+        if (!dtls1_buffer_message(s, htype == SSL3_MT_CHANGE_CIPHER_SPEC
+                                     ? 1 : 0))
+            return 0;
     }
 
-err:
-    OPENSSL_free(buf);
-
-    return ret;
+    return 1;
 }
-#endif
diff --git a/freebsd/crypto/openssl/ssl/statem/statem_lib.c b/freebsd/crypto/openssl/ssl/statem/statem_lib.c
new file mode 100644
index 00000000..1ea719c7
--- /dev/null
+++ b/freebsd/crypto/openssl/ssl/statem/statem_lib.c
@@ -0,0 +1,2376 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <limits.h>
+#include <string.h>
+#include <stdio.h>
+#include "../ssl_locl.h"
+#include "statem_locl.h"
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+
+/*
+ * Map error codes to TLS/SSL alart types.
+ */
+typedef struct x509err2alert_st {
+    int x509err;
+    int alert;
+} X509ERR2ALERT;
+
+/* Fixed value used in the ServerHello random field to identify an HRR */
+const unsigned char hrrrandom[] = {
+    0xcf, 0x21, 0xad, 0x74, 0xe5, 0x9a, 0x61, 0x11, 0xbe, 0x1d, 0x8c, 0x02,
+    0x1e, 0x65, 0xb8, 0x91, 0xc2, 0xa2, 0x11, 0x16, 0x7a, 0xbb, 0x8c, 0x5e,
+    0x07, 0x9e, 0x09, 0xe2, 0xc8, 0xa8, 0x33, 0x9c
+};
+
+/*
+ * send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or
+ * SSL3_RT_CHANGE_CIPHER_SPEC)
+ */
+int ssl3_do_write(SSL *s, int type)
+{
+    int ret;
+    size_t written = 0;
+
+    ret = ssl3_write_bytes(s, type, &s->init_buf->data[s->init_off],
+                           s->init_num, &written);
+    if (ret < 0)
+        return -1;
+    if (type == SSL3_RT_HANDSHAKE)
+        /*
+         * should not be done for 'Hello Request's, but in that case we'll
+         * ignore the result anyway
+         * TLS1.3 KeyUpdate and NewSessionTicket do not need to be added
+         */
+        if (!SSL_IS_TLS13(s) || (s->statem.hand_state != TLS_ST_SW_SESSION_TICKET
+                                 && s->statem.hand_state != TLS_ST_CW_KEY_UPDATE
+                                 && s->statem.hand_state != TLS_ST_SW_KEY_UPDATE))
+            if (!ssl3_finish_mac(s,
+                                 (unsigned char *)&s->init_buf->data[s->init_off],
+                                 written))
+                return -1;
+    if (written == s->init_num) {
+        if (s->msg_callback)
+            s->msg_callback(1, s->version, type, s->init_buf->data,
+                            (size_t)(s->init_off + s->init_num), s,
+                            s->msg_callback_arg);
+        return 1;
+    }
+    s->init_off += written;
+    s->init_num -= written;
+    return 0;
+}
+
+int tls_close_construct_packet(SSL *s, WPACKET *pkt, int htype)
+{
+    size_t msglen;
+
+    if ((htype != SSL3_MT_CHANGE_CIPHER_SPEC && !WPACKET_close(pkt))
+            || !WPACKET_get_length(pkt, &msglen)
+            || msglen > INT_MAX)
+        return 0;
+    s->init_num = (int)msglen;
+    s->init_off = 0;
+
+    return 1;
+}
+
+int tls_setup_handshake(SSL *s)
+{
+    if (!ssl3_init_finished_mac(s)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    /* Reset any extension flags */
+    memset(s->ext.extflags, 0, sizeof(s->ext.extflags));
+
+    if (s->server) {
+        STACK_OF(SSL_CIPHER) *ciphers = SSL_get_ciphers(s);
+        int i, ver_min, ver_max, ok = 0;
+
+        /*
+         * Sanity check that the maximum version we accept has ciphers
+         * enabled. For clients we do this check during construction of the
+         * ClientHello.
+         */
+        if (ssl_get_min_max_version(s, &ver_min, &ver_max, NULL) != 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_SETUP_HANDSHAKE,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+        for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
+            const SSL_CIPHER *c = sk_SSL_CIPHER_value(ciphers, i);
+
+            if (SSL_IS_DTLS(s)) {
+                if (DTLS_VERSION_GE(ver_max, c->min_dtls) &&
+                        DTLS_VERSION_LE(ver_max, c->max_dtls))
+                    ok = 1;
+            } else if (ver_max >= c->min_tls && ver_max <= c->max_tls) {
+                ok = 1;
+            }
+            if (ok)
+                break;
+        }
+        if (!ok) {
+            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_SETUP_HANDSHAKE,
+                     SSL_R_NO_CIPHERS_AVAILABLE);
+            ERR_add_error_data(1, "No ciphers enabled for max supported "
+                                  "SSL/TLS version");
+            return 0;
+        }
+        if (SSL_IS_FIRST_HANDSHAKE(s)) {
+            /* N.B. s->session_ctx == s->ctx here */
+            tsan_counter(&s->session_ctx->stats.sess_accept);
+        } else {
+            /* N.B. s->ctx may not equal s->session_ctx */
+            tsan_counter(&s->ctx->stats.sess_accept_renegotiate);
+
+            s->s3->tmp.cert_request = 0;
+        }
+    } else {
+        if (SSL_IS_FIRST_HANDSHAKE(s))
+            tsan_counter(&s->session_ctx->stats.sess_connect);
+        else
+            tsan_counter(&s->session_ctx->stats.sess_connect_renegotiate);
+
+        /* mark client_random uninitialized */
+        memset(s->s3->client_random, 0, sizeof(s->s3->client_random));
+        s->hit = 0;
+
+        s->s3->tmp.cert_req = 0;
+
+        if (SSL_IS_DTLS(s))
+            s->statem.use_timer = 1;
+    }
+
+    return 1;
+}
+
+/*
+ * Size of the to-be-signed TLS13 data, without the hash size itself:
+ * 64 bytes of value 32, 33 context bytes, 1 byte separator
+ */
+#define TLS13_TBS_START_SIZE            64
+#define TLS13_TBS_PREAMBLE_SIZE         (TLS13_TBS_START_SIZE + 33 + 1)
+
+static int get_cert_verify_tbs_data(SSL *s, unsigned char *tls13tbs,
+                                    void **hdata, size_t *hdatalen)
+{
+    static const char *servercontext = "TLS 1.3, server CertificateVerify";
+    static const char *clientcontext = "TLS 1.3, client CertificateVerify";
+
+    if (SSL_IS_TLS13(s)) {
+        size_t hashlen;
+
+        /* Set the first 64 bytes of to-be-signed data to octet 32 */
+        memset(tls13tbs, 32, TLS13_TBS_START_SIZE);
+        /* This copies the 33 bytes of context plus the 0 separator byte */
+        if (s->statem.hand_state == TLS_ST_CR_CERT_VRFY
+                 || s->statem.hand_state == TLS_ST_SW_CERT_VRFY)
+            strcpy((char *)tls13tbs + TLS13_TBS_START_SIZE, servercontext);
+        else
+            strcpy((char *)tls13tbs + TLS13_TBS_START_SIZE, clientcontext);
+
+        /*
+         * If we're currently reading then we need to use the saved handshake
+         * hash value. We can't use the current handshake hash state because
+         * that includes the CertVerify itself.
+         */
+        if (s->statem.hand_state == TLS_ST_CR_CERT_VRFY
+                || s->statem.hand_state == TLS_ST_SR_CERT_VRFY) {
+            memcpy(tls13tbs + TLS13_TBS_PREAMBLE_SIZE, s->cert_verify_hash,
+                   s->cert_verify_hash_len);
+            hashlen = s->cert_verify_hash_len;
+        } else if (!ssl_handshake_hash(s, tls13tbs + TLS13_TBS_PREAMBLE_SIZE,
+                                       EVP_MAX_MD_SIZE, &hashlen)) {
+            /* SSLfatal() already called */
+            return 0;
+        }
+
+        *hdata = tls13tbs;
+        *hdatalen = TLS13_TBS_PREAMBLE_SIZE + hashlen;
+    } else {
+        size_t retlen;
+
+        retlen = BIO_get_mem_data(s->s3->handshake_buffer, hdata);
+        if (retlen <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_GET_CERT_VERIFY_TBS_DATA,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+        *hdatalen = retlen;
+    }
+
+    return 1;
+}
+
+int tls_construct_cert_verify(SSL *s, WPACKET *pkt)
+{
+    EVP_PKEY *pkey = NULL;
+    const EVP_MD *md = NULL;
+    EVP_MD_CTX *mctx = NULL;
+    EVP_PKEY_CTX *pctx = NULL;
+    size_t hdatalen = 0, siglen = 0;
+    void *hdata;
+    unsigned char *sig = NULL;
+    unsigned char tls13tbs[TLS13_TBS_PREAMBLE_SIZE + EVP_MAX_MD_SIZE];
+    const SIGALG_LOOKUP *lu = s->s3->tmp.sigalg;
+
+    if (lu == NULL || s->s3->tmp.cert == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    pkey = s->s3->tmp.cert->privatekey;
+
+    if (pkey == NULL || !tls1_lookup_md(lu, &md)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    mctx = EVP_MD_CTX_new();
+    if (mctx == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY,
+                 ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* Get the data to be signed */
+    if (!get_cert_verify_tbs_data(s, tls13tbs, &hdata, &hdatalen)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    if (SSL_USE_SIGALGS(s) && !WPACKET_put_bytes_u16(pkt, lu->sigalg)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    siglen = EVP_PKEY_size(pkey);
+    sig = OPENSSL_malloc(siglen);
+    if (sig == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY,
+                 ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (EVP_DigestSignInit(mctx, &pctx, md, NULL, pkey) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY,
+                 ERR_R_EVP_LIB);
+        goto err;
+    }
+
+    if (lu->sig == EVP_PKEY_RSA_PSS) {
+        if (EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) <= 0
+            || EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx,
+                                                RSA_PSS_SALTLEN_DIGEST) <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY,
+                     ERR_R_EVP_LIB);
+            goto err;
+        }
+    }
+    if (s->version == SSL3_VERSION) {
+        if (EVP_DigestSignUpdate(mctx, hdata, hdatalen) <= 0
+            || !EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET,
+                                (int)s->session->master_key_length,
+                                s->session->master_key)
+            || EVP_DigestSignFinal(mctx, sig, &siglen) <= 0) {
+
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY,
+                     ERR_R_EVP_LIB);
+            goto err;
+        }
+    } else if (EVP_DigestSign(mctx, sig, &siglen, hdata, hdatalen) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY,
+                 ERR_R_EVP_LIB);
+        goto err;
+    }
+
+#ifndef OPENSSL_NO_GOST
+    {
+        int pktype = lu->sig;
+
+        if (pktype == NID_id_GostR3410_2001
+            || pktype == NID_id_GostR3410_2012_256
+            || pktype == NID_id_GostR3410_2012_512)
+            BUF_reverse(sig, NULL, siglen);
+    }
+#endif
+
+    if (!WPACKET_sub_memcpy_u16(pkt, sig, siglen)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    /* Digest cached records and discard handshake buffer */
+    if (!ssl3_digest_cached_records(s, 0)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    OPENSSL_free(sig);
+    EVP_MD_CTX_free(mctx);
+    return 1;
+ err:
+    OPENSSL_free(sig);
+    EVP_MD_CTX_free(mctx);
+    return 0;
+}
+
+MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
+{
+    EVP_PKEY *pkey = NULL;
+    const unsigned char *data;
+#ifndef OPENSSL_NO_GOST
+    unsigned char *gost_data = NULL;
+#endif
+    MSG_PROCESS_RETURN ret = MSG_PROCESS_ERROR;
+    int j;
+    unsigned int len;
+    X509 *peer;
+    const EVP_MD *md = NULL;
+    size_t hdatalen = 0;
+    void *hdata;
+    unsigned char tls13tbs[TLS13_TBS_PREAMBLE_SIZE + EVP_MAX_MD_SIZE];
+    EVP_MD_CTX *mctx = EVP_MD_CTX_new();
+    EVP_PKEY_CTX *pctx = NULL;
+
+    if (mctx == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY,
+                 ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    peer = s->session->peer;
+    pkey = X509_get0_pubkey(peer);
+    if (pkey == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    if (ssl_cert_lookup_by_pkey(pkey, NULL) == NULL) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_CERT_VERIFY,
+                 SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE);
+        goto err;
+    }
+
+    if (SSL_USE_SIGALGS(s)) {
+        unsigned int sigalg;
+
+        if (!PACKET_get_net_2(pkt, &sigalg)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY,
+                     SSL_R_BAD_PACKET);
+            goto err;
+        }
+        if (tls12_check_peer_sigalg(s, sigalg, pkey) <= 0) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    } else if (!tls1_set_peer_legacy_sigalg(s, pkey)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+    }
+
+    if (!tls1_lookup_md(s->s3->tmp.peer_sigalg, &md)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+#ifdef SSL_DEBUG
+    if (SSL_USE_SIGALGS(s))
+        fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
+#endif
+
+    /* Check for broken implementations of GOST ciphersuites */
+    /*
+     * If key is GOST and len is exactly 64 or 128, it is signature without
+     * length field (CryptoPro implementations at least till TLS 1.2)
+     */
+#ifndef OPENSSL_NO_GOST
+    if (!SSL_USE_SIGALGS(s)
+        && ((PACKET_remaining(pkt) == 64
+             && (EVP_PKEY_id(pkey) == NID_id_GostR3410_2001
+                 || EVP_PKEY_id(pkey) == NID_id_GostR3410_2012_256))
+            || (PACKET_remaining(pkt) == 128
+                && EVP_PKEY_id(pkey) == NID_id_GostR3410_2012_512))) {
+        len = PACKET_remaining(pkt);
+    } else
+#endif
+    if (!PACKET_get_net_2(pkt, &len)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY,
+                 SSL_R_LENGTH_MISMATCH);
+        goto err;
+    }
+
+    j = EVP_PKEY_size(pkey);
+    if (((int)len > j) || ((int)PACKET_remaining(pkt) > j)
+        || (PACKET_remaining(pkt) == 0)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY,
+                 SSL_R_WRONG_SIGNATURE_SIZE);
+        goto err;
+    }
+    if (!PACKET_get_bytes(pkt, &data, len)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY,
+                 SSL_R_LENGTH_MISMATCH);
+        goto err;
+    }
+
+    if (!get_cert_verify_tbs_data(s, tls13tbs, &hdata, &hdatalen)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+#ifdef SSL_DEBUG
+    fprintf(stderr, "Using client verify alg %s\n", EVP_MD_name(md));
+#endif
+    if (EVP_DigestVerifyInit(mctx, &pctx, md, NULL, pkey) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY,
+                 ERR_R_EVP_LIB);
+        goto err;
+    }
+#ifndef OPENSSL_NO_GOST
+    {
+        int pktype = EVP_PKEY_id(pkey);
+        if (pktype == NID_id_GostR3410_2001
+            || pktype == NID_id_GostR3410_2012_256
+            || pktype == NID_id_GostR3410_2012_512) {
+            if ((gost_data = OPENSSL_malloc(len)) == NULL) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_PROCESS_CERT_VERIFY, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            BUF_reverse(gost_data, data, len);
+            data = gost_data;
+        }
+    }
+#endif
+
+    if (SSL_USE_PSS(s)) {
+        if (EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) <= 0
+            || EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx,
+                                                RSA_PSS_SALTLEN_DIGEST) <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY,
+                     ERR_R_EVP_LIB);
+            goto err;
+        }
+    }
+    if (s->version == SSL3_VERSION) {
+        if (EVP_DigestVerifyUpdate(mctx, hdata, hdatalen) <= 0
+                || !EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET,
+                                    (int)s->session->master_key_length,
+                                    s->session->master_key)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY,
+                     ERR_R_EVP_LIB);
+            goto err;
+        }
+        if (EVP_DigestVerifyFinal(mctx, data, len) <= 0) {
+            SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY,
+                     SSL_R_BAD_SIGNATURE);
+            goto err;
+        }
+    } else {
+        j = EVP_DigestVerify(mctx, data, len, hdata, hdatalen);
+        if (j <= 0) {
+            SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY,
+                     SSL_R_BAD_SIGNATURE);
+            goto err;
+        }
+    }
+
+    ret = MSG_PROCESS_CONTINUE_READING;
+ err:
+    BIO_free(s->s3->handshake_buffer);
+    s->s3->handshake_buffer = NULL;
+    EVP_MD_CTX_free(mctx);
+#ifndef OPENSSL_NO_GOST
+    OPENSSL_free(gost_data);
+#endif
+    return ret;
+}
+
+int tls_construct_finished(SSL *s, WPACKET *pkt)
+{
+    size_t finish_md_len;
+    const char *sender;
+    size_t slen;
+
+    /* This is a real handshake so make sure we clean it up at the end */
+    if (!s->server && s->post_handshake_auth != SSL_PHA_REQUESTED)
+        s->statem.cleanuphand = 1;
+
+    /*
+     * We only change the keys if we didn't already do this when we sent the
+     * client certificate
+     */
+    if (SSL_IS_TLS13(s)
+            && !s->server
+            && s->s3->tmp.cert_req == 0
+            && (!s->method->ssl3_enc->change_cipher_state(s,
+                    SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_WRITE))) {;
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    if (s->server) {
+        sender = s->method->ssl3_enc->server_finished_label;
+        slen = s->method->ssl3_enc->server_finished_label_len;
+    } else {
+        sender = s->method->ssl3_enc->client_finished_label;
+        slen = s->method->ssl3_enc->client_finished_label_len;
+    }
+
+    finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
+                                                          sender, slen,
+                                                          s->s3->tmp.finish_md);
+    if (finish_md_len == 0) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    s->s3->tmp.finish_md_len = finish_md_len;
+
+    if (!WPACKET_memcpy(pkt, s->s3->tmp.finish_md, finish_md_len)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_FINISHED,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    /*
+     * Log the master secret, if logging is enabled. We don't log it for
+     * TLSv1.3: there's a different key schedule for that.
+     */
+    if (!SSL_IS_TLS13(s) && !ssl_log_secret(s, MASTER_SECRET_LABEL,
+                                            s->session->master_key,
+                                            s->session->master_key_length)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    /*
+     * Copy the finished so we can use it for renegotiation checks
+     */
+    if (!ossl_assert(finish_md_len <= EVP_MAX_MD_SIZE)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_FINISHED,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    if (!s->server) {
+        memcpy(s->s3->previous_client_finished, s->s3->tmp.finish_md,
+               finish_md_len);
+        s->s3->previous_client_finished_len = finish_md_len;
+    } else {
+        memcpy(s->s3->previous_server_finished, s->s3->tmp.finish_md,
+               finish_md_len);
+        s->s3->previous_server_finished_len = finish_md_len;
+    }
+
+    return 1;
+}
+
+int tls_construct_key_update(SSL *s, WPACKET *pkt)
+{
+    if (!WPACKET_put_bytes_u8(pkt, s->key_update)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_KEY_UPDATE,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    s->key_update = SSL_KEY_UPDATE_NONE;
+    return 1;
+}
+
+MSG_PROCESS_RETURN tls_process_key_update(SSL *s, PACKET *pkt)
+{
+    unsigned int updatetype;
+
+    s->key_update_count++;
+    if (s->key_update_count > MAX_KEY_UPDATE_MESSAGES) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_KEY_UPDATE,
+                 SSL_R_TOO_MANY_KEY_UPDATES);
+        return MSG_PROCESS_ERROR;
+    }
+
+    /*
+     * A KeyUpdate message signals a key change so the end of the message must
+     * be on a record boundary.
+     */
+    if (RECORD_LAYER_processed_read_pending(&s->rlayer)) {
+        SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_TLS_PROCESS_KEY_UPDATE,
+                 SSL_R_NOT_ON_RECORD_BOUNDARY);
+        return MSG_PROCESS_ERROR;
+    }
+
+    if (!PACKET_get_1(pkt, &updatetype)
+            || PACKET_remaining(pkt) != 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_KEY_UPDATE,
+                 SSL_R_BAD_KEY_UPDATE);
+        return MSG_PROCESS_ERROR;
+    }
+
+    /*
+     * There are only two defined key update types. Fail if we get a value we
+     * didn't recognise.
+     */
+    if (updatetype != SSL_KEY_UPDATE_NOT_REQUESTED
+            && updatetype != SSL_KEY_UPDATE_REQUESTED) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_KEY_UPDATE,
+                 SSL_R_BAD_KEY_UPDATE);
+        return MSG_PROCESS_ERROR;
+    }
+
+    /*
+     * If we get a request for us to update our sending keys too then, we need
+     * to additionally send a KeyUpdate message. However that message should
+     * not also request an update (otherwise we get into an infinite loop). We
+     * ignore a request for us to update our sending keys too if we already
+     * sent close_notify.
+     */
+    if (updatetype == SSL_KEY_UPDATE_REQUESTED
+            && (s->shutdown & SSL_SENT_SHUTDOWN) == 0)
+        s->key_update = SSL_KEY_UPDATE_NOT_REQUESTED;
+
+    if (!tls13_update_key(s, 0)) {
+        /* SSLfatal() already called */
+        return MSG_PROCESS_ERROR;
+    }
+
+    return MSG_PROCESS_FINISHED_READING;
+}
+
+/*
+ * ssl3_take_mac calculates the Finished MAC for the handshakes messages seen
+ * to far.
+ */
+int ssl3_take_mac(SSL *s)
+{
+    const char *sender;
+    size_t slen;
+
+    if (!s->server) {
+        sender = s->method->ssl3_enc->server_finished_label;
+        slen = s->method->ssl3_enc->server_finished_label_len;
+    } else {
+        sender = s->method->ssl3_enc->client_finished_label;
+        slen = s->method->ssl3_enc->client_finished_label_len;
+    }
+
+    s->s3->tmp.peer_finish_md_len =
+        s->method->ssl3_enc->final_finish_mac(s, sender, slen,
+                                              s->s3->tmp.peer_finish_md);
+
+    if (s->s3->tmp.peer_finish_md_len == 0) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    return 1;
+}
+
+MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt)
+{
+    size_t remain;
+
+    remain = PACKET_remaining(pkt);
+    /*
+     * 'Change Cipher Spec' is just a single byte, which should already have
+     * been consumed by ssl_get_message() so there should be no bytes left,
+     * unless we're using DTLS1_BAD_VER, which has an extra 2 bytes
+     */
+    if (SSL_IS_DTLS(s)) {
+        if ((s->version == DTLS1_BAD_VER
+             && remain != DTLS1_CCS_HEADER_LENGTH + 1)
+            || (s->version != DTLS1_BAD_VER
+                && remain != DTLS1_CCS_HEADER_LENGTH - 1)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC,
+                    SSL_R_BAD_CHANGE_CIPHER_SPEC);
+            return MSG_PROCESS_ERROR;
+        }
+    } else {
+        if (remain != 0) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC,
+                     SSL_R_BAD_CHANGE_CIPHER_SPEC);
+            return MSG_PROCESS_ERROR;
+        }
+    }
+
+    /* Check we have a cipher to change to */
+    if (s->s3->tmp.new_cipher == NULL) {
+        SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
+                 SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC, SSL_R_CCS_RECEIVED_EARLY);
+        return MSG_PROCESS_ERROR;
+    }
+
+    s->s3->change_cipher_spec = 1;
+    if (!ssl3_do_change_cipher_spec(s)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC,
+                 ERR_R_INTERNAL_ERROR);
+        return MSG_PROCESS_ERROR;
+    }
+
+    if (SSL_IS_DTLS(s)) {
+        dtls1_reset_seq_numbers(s, SSL3_CC_READ);
+
+        if (s->version == DTLS1_BAD_VER)
+            s->d1->handshake_read_seq++;
+
+#ifndef OPENSSL_NO_SCTP
+        /*
+         * Remember that a CCS has been received, so that an old key of
+         * SCTP-Auth can be deleted when a CCS is sent. Will be ignored if no
+         * SCTP is used
+         */
+        BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD, 1, NULL);
+#endif
+    }
+
+    return MSG_PROCESS_CONTINUE_READING;
+}
+
+MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt)
+{
+    size_t md_len;
+
+
+    /* This is a real handshake so make sure we clean it up at the end */
+    if (s->server) {
+        /*
+        * To get this far we must have read encrypted data from the client. We
+        * no longer tolerate unencrypted alerts. This value is ignored if less
+        * than TLSv1.3
+        */
+        s->statem.enc_read_state = ENC_READ_STATE_VALID;
+        if (s->post_handshake_auth != SSL_PHA_REQUESTED)
+            s->statem.cleanuphand = 1;
+        if (SSL_IS_TLS13(s) && !tls13_save_handshake_digest_for_pha(s)) {
+                /* SSLfatal() already called */
+                return MSG_PROCESS_ERROR;
+        }
+    }
+
+    /*
+     * In TLSv1.3 a Finished message signals a key change so the end of the
+     * message must be on a record boundary.
+     */
+    if (SSL_IS_TLS13(s) && RECORD_LAYER_processed_read_pending(&s->rlayer)) {
+        SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_TLS_PROCESS_FINISHED,
+                 SSL_R_NOT_ON_RECORD_BOUNDARY);
+        return MSG_PROCESS_ERROR;
+    }
+
+    /* If this occurs, we have missed a message */
+    if (!SSL_IS_TLS13(s) && !s->s3->change_cipher_spec) {
+        SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_TLS_PROCESS_FINISHED,
+                 SSL_R_GOT_A_FIN_BEFORE_A_CCS);
+        return MSG_PROCESS_ERROR;
+    }
+    s->s3->change_cipher_spec = 0;
+
+    md_len = s->s3->tmp.peer_finish_md_len;
+
+    if (md_len != PACKET_remaining(pkt)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_FINISHED,
+                 SSL_R_BAD_DIGEST_LENGTH);
+        return MSG_PROCESS_ERROR;
+    }
+
+    if (CRYPTO_memcmp(PACKET_data(pkt), s->s3->tmp.peer_finish_md,
+                      md_len) != 0) {
+        SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_F_TLS_PROCESS_FINISHED,
+                 SSL_R_DIGEST_CHECK_FAILED);
+        return MSG_PROCESS_ERROR;
+    }
+
+    /*
+     * Copy the finished so we can use it for renegotiation checks
+     */
+    if (!ossl_assert(md_len <= EVP_MAX_MD_SIZE)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_FINISHED,
+                 ERR_R_INTERNAL_ERROR);
+        return MSG_PROCESS_ERROR;
+    }
+    if (s->server) {
+        memcpy(s->s3->previous_client_finished, s->s3->tmp.peer_finish_md,
+               md_len);
+        s->s3->previous_client_finished_len = md_len;
+    } else {
+        memcpy(s->s3->previous_server_finished, s->s3->tmp.peer_finish_md,
+               md_len);
+        s->s3->previous_server_finished_len = md_len;
+    }
+
+    /*
+     * In TLS1.3 we also have to change cipher state and do any final processing
+     * of the initial server flight (if we are a client)
+     */
+    if (SSL_IS_TLS13(s)) {
+        if (s->server) {
+            if (s->post_handshake_auth != SSL_PHA_REQUESTED &&
+                    !s->method->ssl3_enc->change_cipher_state(s,
+                    SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_SERVER_READ)) {
+                /* SSLfatal() already called */
+                return MSG_PROCESS_ERROR;
+            }
+        } else {
+            if (!s->method->ssl3_enc->generate_master_secret(s,
+                    s->master_secret, s->handshake_secret, 0,
+                    &s->session->master_key_length)) {
+                /* SSLfatal() already called */
+                return MSG_PROCESS_ERROR;
+            }
+            if (!s->method->ssl3_enc->change_cipher_state(s,
+                    SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_CLIENT_READ)) {
+                /* SSLfatal() already called */
+                return MSG_PROCESS_ERROR;
+            }
+            if (!tls_process_initial_server_flight(s)) {
+                /* SSLfatal() already called */
+                return MSG_PROCESS_ERROR;
+            }
+        }
+    }
+
+    return MSG_PROCESS_FINISHED_READING;
+}
+
+int tls_construct_change_cipher_spec(SSL *s, WPACKET *pkt)
+{
+    if (!WPACKET_put_bytes_u8(pkt, SSL3_MT_CCS)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    return 1;
+}
+
+/* Add a certificate to the WPACKET */
+static int ssl_add_cert_to_wpacket(SSL *s, WPACKET *pkt, X509 *x, int chain)
+{
+    int len;
+    unsigned char *outbytes;
+
+    len = i2d_X509(x, NULL);
+    if (len < 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_ADD_CERT_TO_WPACKET,
+                 ERR_R_BUF_LIB);
+        return 0;
+    }
+    if (!WPACKET_sub_allocate_bytes_u24(pkt, len, &outbytes)
+            || i2d_X509(x, &outbytes) != len) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_ADD_CERT_TO_WPACKET,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    if (SSL_IS_TLS13(s)
+            && !tls_construct_extensions(s, pkt, SSL_EXT_TLS1_3_CERTIFICATE, x,
+                                         chain)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    return 1;
+}
+
+/* Add certificate chain to provided WPACKET */
+static int ssl_add_cert_chain(SSL *s, WPACKET *pkt, CERT_PKEY *cpk)
+{
+    int i, chain_count;
+    X509 *x;
+    STACK_OF(X509) *extra_certs;
+    STACK_OF(X509) *chain = NULL;
+    X509_STORE *chain_store;
+
+    if (cpk == NULL || cpk->x509 == NULL)
+        return 1;
+
+    x = cpk->x509;
+
+    /*
+     * If we have a certificate specific chain use it, else use parent ctx.
+     */
+    if (cpk->chain != NULL)
+        extra_certs = cpk->chain;
+    else
+        extra_certs = s->ctx->extra_certs;
+
+    if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || extra_certs)
+        chain_store = NULL;
+    else if (s->cert->chain_store)
+        chain_store = s->cert->chain_store;
+    else
+        chain_store = s->ctx->cert_store;
+
+    if (chain_store != NULL) {
+        X509_STORE_CTX *xs_ctx = X509_STORE_CTX_new();
+
+        if (xs_ctx == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_ADD_CERT_CHAIN,
+                     ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        if (!X509_STORE_CTX_init(xs_ctx, chain_store, x, NULL)) {
+            X509_STORE_CTX_free(xs_ctx);
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_ADD_CERT_CHAIN,
+                     ERR_R_X509_LIB);
+            return 0;
+        }
+        /*
+         * It is valid for the chain not to be complete (because normally we
+         * don't include the root cert in the chain). Therefore we deliberately
+         * ignore the error return from this call. We're not actually verifying
+         * the cert - we're just building as much of the chain as we can
+         */
+        (void)X509_verify_cert(xs_ctx);
+        /* Don't leave errors in the queue */
+        ERR_clear_error();
+        chain = X509_STORE_CTX_get0_chain(xs_ctx);
+        i = ssl_security_cert_chain(s, chain, NULL, 0);
+        if (i != 1) {
+#if 0
+            /* Dummy error calls so mkerr generates them */
+            SSLerr(SSL_F_SSL_ADD_CERT_CHAIN, SSL_R_EE_KEY_TOO_SMALL);
+            SSLerr(SSL_F_SSL_ADD_CERT_CHAIN, SSL_R_CA_KEY_TOO_SMALL);
+            SSLerr(SSL_F_SSL_ADD_CERT_CHAIN, SSL_R_CA_MD_TOO_WEAK);
+#endif
+            X509_STORE_CTX_free(xs_ctx);
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_ADD_CERT_CHAIN, i);
+            return 0;
+        }
+        chain_count = sk_X509_num(chain);
+        for (i = 0; i < chain_count; i++) {
+            x = sk_X509_value(chain, i);
+
+            if (!ssl_add_cert_to_wpacket(s, pkt, x, i)) {
+                /* SSLfatal() already called */
+                X509_STORE_CTX_free(xs_ctx);
+                return 0;
+            }
+        }
+        X509_STORE_CTX_free(xs_ctx);
+    } else {
+        i = ssl_security_cert_chain(s, extra_certs, x, 0);
+        if (i != 1) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_ADD_CERT_CHAIN, i);
+            return 0;
+        }
+        if (!ssl_add_cert_to_wpacket(s, pkt, x, 0)) {
+            /* SSLfatal() already called */
+            return 0;
+        }
+        for (i = 0; i < sk_X509_num(extra_certs); i++) {
+            x = sk_X509_value(extra_certs, i);
+            if (!ssl_add_cert_to_wpacket(s, pkt, x, i + 1)) {
+                /* SSLfatal() already called */
+                return 0;
+            }
+        }
+    }
+    return 1;
+}
+
+unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt, CERT_PKEY *cpk)
+{
+    if (!WPACKET_start_sub_packet_u24(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_OUTPUT_CERT_CHAIN,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    if (!ssl_add_cert_chain(s, pkt, cpk))
+        return 0;
+
+    if (!WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_OUTPUT_CERT_CHAIN,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    return 1;
+}
+
+/*
+ * Tidy up after the end of a handshake. In the case of SCTP this may result
+ * in NBIO events. If |clearbufs| is set then init_buf and the wbio buffer is
+ * freed up as well.
+ */
+WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs, int stop)
+{
+    void (*cb) (const SSL *ssl, int type, int val) = NULL;
+
+    if (clearbufs) {
+        if (!SSL_IS_DTLS(s)) {
+            /*
+             * We don't do this in DTLS because we may still need the init_buf
+             * in case there are any unexpected retransmits
+             */
+            BUF_MEM_free(s->init_buf);
+            s->init_buf = NULL;
+        }
+        if (!ssl_free_wbio_buffer(s)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_FINISH_HANDSHAKE,
+                     ERR_R_INTERNAL_ERROR);
+            return WORK_ERROR;
+        }
+        s->init_num = 0;
+    }
+
+    if (SSL_IS_TLS13(s) && !s->server
+            && s->post_handshake_auth == SSL_PHA_REQUESTED)
+        s->post_handshake_auth = SSL_PHA_EXT_SENT;
+
+    /*
+     * Only set if there was a Finished message and this isn't after a TLSv1.3
+     * post handshake exchange
+     */
+    if (s->statem.cleanuphand) {
+        /* skipped if we just sent a HelloRequest */
+        s->renegotiate = 0;
+        s->new_session = 0;
+        s->statem.cleanuphand = 0;
+        s->ext.ticket_expected = 0;
+
+        ssl3_cleanup_key_block(s);
+
+        if (s->server) {
+            /*
+             * In TLSv1.3 we update the cache as part of constructing the
+             * NewSessionTicket
+             */
+            if (!SSL_IS_TLS13(s))
+                ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
+
+            /* N.B. s->ctx may not equal s->session_ctx */
+            tsan_counter(&s->ctx->stats.sess_accept_good);
+            s->handshake_func = ossl_statem_accept;
+
+            if (SSL_IS_DTLS(s) && !s->hit) {
+                /*
+                 * We are finishing after the client. We start the timer going
+                 * in case there are any retransmits of our final flight
+                 * required.
+                 */
+                dtls1_start_timer(s);
+            }
+        } else {
+            if (SSL_IS_TLS13(s)) {
+                /*
+                 * We encourage applications to only use TLSv1.3 tickets once,
+                 * so we remove this one from the cache.
+                 */
+                if ((s->session_ctx->session_cache_mode
+                     & SSL_SESS_CACHE_CLIENT) != 0)
+                    SSL_CTX_remove_session(s->session_ctx, s->session);
+            } else {
+                /*
+                 * In TLSv1.3 we update the cache as part of processing the
+                 * NewSessionTicket
+                 */
+                ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
+            }
+            if (s->hit)
+                tsan_counter(&s->session_ctx->stats.sess_hit);
+
+            s->handshake_func = ossl_statem_connect;
+            tsan_counter(&s->session_ctx->stats.sess_connect_good);
+
+            if (SSL_IS_DTLS(s) && s->hit) {
+                /*
+                 * We are finishing after the server. We start the timer going
+                 * in case there are any retransmits of our final flight
+                 * required.
+                 */
+                dtls1_start_timer(s);
+            }
+        }
+
+        if (SSL_IS_DTLS(s)) {
+            /* done with handshaking */
+            s->d1->handshake_read_seq = 0;
+            s->d1->handshake_write_seq = 0;
+            s->d1->next_handshake_write_seq = 0;
+            dtls1_clear_received_buffer(s);
+        }
+    }
+
+    if (s->info_callback != NULL)
+        cb = s->info_callback;
+    else if (s->ctx->info_callback != NULL)
+        cb = s->ctx->info_callback;
+
+    /* The callback may expect us to not be in init at handshake done */
+    ossl_statem_set_in_init(s, 0);
+
+    if (cb != NULL)
+        cb(s, SSL_CB_HANDSHAKE_DONE, 1);
+
+    if (!stop) {
+        /* If we've got more work to do we go back into init */
+        ossl_statem_set_in_init(s, 1);
+        return WORK_FINISHED_CONTINUE;
+    }
+
+    return WORK_FINISHED_STOP;
+}
+
+int tls_get_message_header(SSL *s, int *mt)
+{
+    /* s->init_num < SSL3_HM_HEADER_LENGTH */
+    int skip_message, i, recvd_type;
+    unsigned char *p;
+    size_t l, readbytes;
+
+    p = (unsigned char *)s->init_buf->data;
+
+    do {
+        while (s->init_num < SSL3_HM_HEADER_LENGTH) {
+            i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &recvd_type,
+                                          &p[s->init_num],
+                                          SSL3_HM_HEADER_LENGTH - s->init_num,
+                                          0, &readbytes);
+            if (i <= 0) {
+                s->rwstate = SSL_READING;
+                return 0;
+            }
+            if (recvd_type == SSL3_RT_CHANGE_CIPHER_SPEC) {
+                /*
+                 * A ChangeCipherSpec must be a single byte and may not occur
+                 * in the middle of a handshake message.
+                 */
+                if (s->init_num != 0 || readbytes != 1 || p[0] != SSL3_MT_CCS) {
+                    SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
+                             SSL_F_TLS_GET_MESSAGE_HEADER,
+                             SSL_R_BAD_CHANGE_CIPHER_SPEC);
+                    return 0;
+                }
+                if (s->statem.hand_state == TLS_ST_BEFORE
+                        && (s->s3->flags & TLS1_FLAGS_STATELESS) != 0) {
+                    /*
+                     * We are stateless and we received a CCS. Probably this is
+                     * from a client between the first and second ClientHellos.
+                     * We should ignore this, but return an error because we do
+                     * not return success until we see the second ClientHello
+                     * with a valid cookie.
+                     */
+                    return 0;
+                }
+                s->s3->tmp.message_type = *mt = SSL3_MT_CHANGE_CIPHER_SPEC;
+                s->init_num = readbytes - 1;
+                s->init_msg = s->init_buf->data;
+                s->s3->tmp.message_size = readbytes;
+                return 1;
+            } else if (recvd_type != SSL3_RT_HANDSHAKE) {
+                SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
+                         SSL_F_TLS_GET_MESSAGE_HEADER,
+                         SSL_R_CCS_RECEIVED_EARLY);
+                return 0;
+            }
+            s->init_num += readbytes;
+        }
+
+        skip_message = 0;
+        if (!s->server)
+            if (s->statem.hand_state != TLS_ST_OK
+                    && p[0] == SSL3_MT_HELLO_REQUEST)
+                /*
+                 * The server may always send 'Hello Request' messages --
+                 * we are doing a handshake anyway now, so ignore them if
+                 * their format is correct. Does not count for 'Finished'
+                 * MAC.
+                 */
+                if (p[1] == 0 && p[2] == 0 && p[3] == 0) {
+                    s->init_num = 0;
+                    skip_message = 1;
+
+                    if (s->msg_callback)
+                        s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
+                                        p, SSL3_HM_HEADER_LENGTH, s,
+                                        s->msg_callback_arg);
+                }
+    } while (skip_message);
+    /* s->init_num == SSL3_HM_HEADER_LENGTH */
+
+    *mt = *p;
+    s->s3->tmp.message_type = *(p++);
+
+    if (RECORD_LAYER_is_sslv2_record(&s->rlayer)) {
+        /*
+         * Only happens with SSLv3+ in an SSLv2 backward compatible
+         * ClientHello
+         *
+         * Total message size is the remaining record bytes to read
+         * plus the SSL3_HM_HEADER_LENGTH bytes that we already read
+         */
+        l = RECORD_LAYER_get_rrec_length(&s->rlayer)
+            + SSL3_HM_HEADER_LENGTH;
+        s->s3->tmp.message_size = l;
+
+        s->init_msg = s->init_buf->data;
+        s->init_num = SSL3_HM_HEADER_LENGTH;
+    } else {
+        n2l3(p, l);
+        /* BUF_MEM_grow takes an 'int' parameter */
+        if (l > (INT_MAX - SSL3_HM_HEADER_LENGTH)) {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_GET_MESSAGE_HEADER,
+                     SSL_R_EXCESSIVE_MESSAGE_SIZE);
+            return 0;
+        }
+        s->s3->tmp.message_size = l;
+
+        s->init_msg = s->init_buf->data + SSL3_HM_HEADER_LENGTH;
+        s->init_num = 0;
+    }
+
+    return 1;
+}
+
+int tls_get_message_body(SSL *s, size_t *len)
+{
+    size_t n, readbytes;
+    unsigned char *p;
+    int i;
+
+    if (s->s3->tmp.message_type == SSL3_MT_CHANGE_CIPHER_SPEC) {
+        /* We've already read everything in */
+        *len = (unsigned long)s->init_num;
+        return 1;
+    }
+
+    p = s->init_msg;
+    n = s->s3->tmp.message_size - s->init_num;
+    while (n > 0) {
+        i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
+                                      &p[s->init_num], n, 0, &readbytes);
+        if (i <= 0) {
+            s->rwstate = SSL_READING;
+            *len = 0;
+            return 0;
+        }
+        s->init_num += readbytes;
+        n -= readbytes;
+    }
+
+    /*
+     * If receiving Finished, record MAC of prior handshake messages for
+     * Finished verification.
+     */
+    if (*(s->init_buf->data) == SSL3_MT_FINISHED && !ssl3_take_mac(s)) {
+        /* SSLfatal() already called */
+        *len = 0;
+        return 0;
+    }
+
+    /* Feed this message into MAC computation. */
+    if (RECORD_LAYER_is_sslv2_record(&s->rlayer)) {
+        if (!ssl3_finish_mac(s, (unsigned char *)s->init_buf->data,
+                             s->init_num)) {
+            /* SSLfatal() already called */
+            *len = 0;
+            return 0;
+        }
+        if (s->msg_callback)
+            s->msg_callback(0, SSL2_VERSION, 0, s->init_buf->data,
+                            (size_t)s->init_num, s, s->msg_callback_arg);
+    } else {
+        /*
+         * We defer feeding in the HRR until later. We'll do it as part of
+         * processing the message
+         * The TLsv1.3 handshake transcript stops at the ClientFinished
+         * message.
+         */
+#define SERVER_HELLO_RANDOM_OFFSET  (SSL3_HM_HEADER_LENGTH + 2)
+        /* KeyUpdate and NewSessionTicket do not need to be added */
+        if (!SSL_IS_TLS13(s) || (s->s3->tmp.message_type != SSL3_MT_NEWSESSION_TICKET
+                                 && s->s3->tmp.message_type != SSL3_MT_KEY_UPDATE)) {
+            if (s->s3->tmp.message_type != SSL3_MT_SERVER_HELLO
+                    || s->init_num < SERVER_HELLO_RANDOM_OFFSET + SSL3_RANDOM_SIZE
+                    || memcmp(hrrrandom,
+                              s->init_buf->data + SERVER_HELLO_RANDOM_OFFSET,
+                              SSL3_RANDOM_SIZE) != 0) {
+                if (!ssl3_finish_mac(s, (unsigned char *)s->init_buf->data,
+                                     s->init_num + SSL3_HM_HEADER_LENGTH)) {
+                    /* SSLfatal() already called */
+                    *len = 0;
+                    return 0;
+                }
+            }
+        }
+        if (s->msg_callback)
+            s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data,
+                            (size_t)s->init_num + SSL3_HM_HEADER_LENGTH, s,
+                            s->msg_callback_arg);
+    }
+
+    *len = s->init_num;
+    return 1;
+}
+
+static const X509ERR2ALERT x509table[] = {
+    {X509_V_ERR_APPLICATION_VERIFICATION, SSL_AD_HANDSHAKE_FAILURE},
+    {X509_V_ERR_CA_KEY_TOO_SMALL, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_CA_MD_TOO_WEAK, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_CERT_CHAIN_TOO_LONG, SSL_AD_UNKNOWN_CA},
+    {X509_V_ERR_CERT_HAS_EXPIRED, SSL_AD_CERTIFICATE_EXPIRED},
+    {X509_V_ERR_CERT_NOT_YET_VALID, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_CERT_REJECTED, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_CERT_REVOKED, SSL_AD_CERTIFICATE_REVOKED},
+    {X509_V_ERR_CERT_SIGNATURE_FAILURE, SSL_AD_DECRYPT_ERROR},
+    {X509_V_ERR_CERT_UNTRUSTED, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_CRL_HAS_EXPIRED, SSL_AD_CERTIFICATE_EXPIRED},
+    {X509_V_ERR_CRL_NOT_YET_VALID, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_CRL_SIGNATURE_FAILURE, SSL_AD_DECRYPT_ERROR},
+    {X509_V_ERR_DANE_NO_MATCH, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT, SSL_AD_UNKNOWN_CA},
+    {X509_V_ERR_EE_KEY_TOO_SMALL, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_EMAIL_MISMATCH, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_HOSTNAME_MISMATCH, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_INVALID_CA, SSL_AD_UNKNOWN_CA},
+    {X509_V_ERR_INVALID_CALL, SSL_AD_INTERNAL_ERROR},
+    {X509_V_ERR_INVALID_PURPOSE, SSL_AD_UNSUPPORTED_CERTIFICATE},
+    {X509_V_ERR_IP_ADDRESS_MISMATCH, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_OUT_OF_MEM, SSL_AD_INTERNAL_ERROR},
+    {X509_V_ERR_PATH_LENGTH_EXCEEDED, SSL_AD_UNKNOWN_CA},
+    {X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN, SSL_AD_UNKNOWN_CA},
+    {X509_V_ERR_STORE_LOOKUP, SSL_AD_INTERNAL_ERROR},
+    {X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_UNABLE_TO_GET_CRL, SSL_AD_UNKNOWN_CA},
+    {X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER, SSL_AD_UNKNOWN_CA},
+    {X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT, SSL_AD_UNKNOWN_CA},
+    {X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, SSL_AD_UNKNOWN_CA},
+    {X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE, SSL_AD_UNKNOWN_CA},
+    {X509_V_ERR_UNSPECIFIED, SSL_AD_INTERNAL_ERROR},
+
+    /* Last entry; return this if we don't find the value above. */
+    {X509_V_OK, SSL_AD_CERTIFICATE_UNKNOWN}
+};
+
+int ssl_x509err2alert(int x509err)
+{
+    const X509ERR2ALERT *tp;
+
+    for (tp = x509table; tp->x509err != X509_V_OK; ++tp)
+        if (tp->x509err == x509err)
+            break;
+    return tp->alert;
+}
+
+int ssl_allow_compression(SSL *s)
+{
+    if (s->options & SSL_OP_NO_COMPRESSION)
+        return 0;
+    return ssl_security(s, SSL_SECOP_COMPRESSION, 0, 0, NULL);
+}
+
+static int version_cmp(const SSL *s, int a, int b)
+{
+    int dtls = SSL_IS_DTLS(s);
+
+    if (a == b)
+        return 0;
+    if (!dtls)
+        return a < b ? -1 : 1;
+    return DTLS_VERSION_LT(a, b) ? -1 : 1;
+}
+
+typedef struct {
+    int version;
+    const SSL_METHOD *(*cmeth) (void);
+    const SSL_METHOD *(*smeth) (void);
+} version_info;
+
+#if TLS_MAX_VERSION != TLS1_3_VERSION
+# error Code needs update for TLS_method() support beyond TLS1_3_VERSION.
+#endif
+
+/* Must be in order high to low */
+static const version_info tls_version_table[] = {
+#ifndef OPENSSL_NO_TLS1_3
+    {TLS1_3_VERSION, tlsv1_3_client_method, tlsv1_3_server_method},
+#else
+    {TLS1_3_VERSION, NULL, NULL},
+#endif
+#ifndef OPENSSL_NO_TLS1_2
+    {TLS1_2_VERSION, tlsv1_2_client_method, tlsv1_2_server_method},
+#else
+    {TLS1_2_VERSION, NULL, NULL},
+#endif
+#ifndef OPENSSL_NO_TLS1_1
+    {TLS1_1_VERSION, tlsv1_1_client_method, tlsv1_1_server_method},
+#else
+    {TLS1_1_VERSION, NULL, NULL},
+#endif
+#ifndef OPENSSL_NO_TLS1
+    {TLS1_VERSION, tlsv1_client_method, tlsv1_server_method},
+#else
+    {TLS1_VERSION, NULL, NULL},
+#endif
+#ifndef OPENSSL_NO_SSL3
+    {SSL3_VERSION, sslv3_client_method, sslv3_server_method},
+#else
+    {SSL3_VERSION, NULL, NULL},
+#endif
+    {0, NULL, NULL},
+};
+
+#if DTLS_MAX_VERSION != DTLS1_2_VERSION
+# error Code needs update for DTLS_method() support beyond DTLS1_2_VERSION.
+#endif
+
+/* Must be in order high to low */
+static const version_info dtls_version_table[] = {
+#ifndef OPENSSL_NO_DTLS1_2
+    {DTLS1_2_VERSION, dtlsv1_2_client_method, dtlsv1_2_server_method},
+#else
+    {DTLS1_2_VERSION, NULL, NULL},
+#endif
+#ifndef OPENSSL_NO_DTLS1
+    {DTLS1_VERSION, dtlsv1_client_method, dtlsv1_server_method},
+    {DTLS1_BAD_VER, dtls_bad_ver_client_method, NULL},
+#else
+    {DTLS1_VERSION, NULL, NULL},
+    {DTLS1_BAD_VER, NULL, NULL},
+#endif
+    {0, NULL, NULL},
+};
+
+/*
+ * ssl_method_error - Check whether an SSL_METHOD is enabled.
+ *
+ * @s: The SSL handle for the candidate method
+ * @method: the intended method.
+ *
+ * Returns 0 on success, or an SSL error reason on failure.
+ */
+static int ssl_method_error(const SSL *s, const SSL_METHOD *method)
+{
+    int version = method->version;
+
+    if ((s->min_proto_version != 0 &&
+         version_cmp(s, version, s->min_proto_version) < 0) ||
+        ssl_security(s, SSL_SECOP_VERSION, 0, version, NULL) == 0)
+        return SSL_R_VERSION_TOO_LOW;
+
+    if (s->max_proto_version != 0 &&
+        version_cmp(s, version, s->max_proto_version) > 0)
+        return SSL_R_VERSION_TOO_HIGH;
+
+    if ((s->options & method->mask) != 0)
+        return SSL_R_UNSUPPORTED_PROTOCOL;
+    if ((method->flags & SSL_METHOD_NO_SUITEB) != 0 && tls1_suiteb(s))
+        return SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE;
+
+    return 0;
+}
+
+/*
+ * Only called by servers. Returns 1 if the server has a TLSv1.3 capable
+ * certificate type, or has PSK or a certificate callback configured. Otherwise
+ * returns 0.
+ */
+static int is_tls13_capable(const SSL *s)
+{
+    int i;
+
+#ifndef OPENSSL_NO_PSK
+    if (s->psk_server_callback != NULL)
+        return 1;
+#endif
+
+    if (s->psk_find_session_cb != NULL || s->cert->cert_cb != NULL)
+        return 1;
+
+    for (i = 0; i < SSL_PKEY_NUM; i++) {
+        /* Skip over certs disallowed for TLSv1.3 */
+        switch (i) {
+        case SSL_PKEY_DSA_SIGN:
+        case SSL_PKEY_GOST01:
+        case SSL_PKEY_GOST12_256:
+        case SSL_PKEY_GOST12_512:
+            continue;
+        default:
+            break;
+        }
+        if (ssl_has_cert(s, i))
+            return 1;
+    }
+
+    return 0;
+}
+
+/*
+ * ssl_version_supported - Check that the specified `version` is supported by
+ * `SSL *` instance
+ *
+ * @s: The SSL handle for the candidate method
+ * @version: Protocol version to test against
+ *
+ * Returns 1 when supported, otherwise 0
+ */
+int ssl_version_supported(const SSL *s, int version, const SSL_METHOD **meth)
+{
+    const version_info *vent;
+    const version_info *table;
+
+    switch (s->method->version) {
+    default:
+        /* Version should match method version for non-ANY method */
+        return version_cmp(s, version, s->version) == 0;
+    case TLS_ANY_VERSION:
+        table = tls_version_table;
+        break;
+    case DTLS_ANY_VERSION:
+        table = dtls_version_table;
+        break;
+    }
+
+    for (vent = table;
+         vent->version != 0 && version_cmp(s, version, vent->version) <= 0;
+         ++vent) {
+        if (vent->cmeth != NULL
+                && version_cmp(s, version, vent->version) == 0
+                && ssl_method_error(s, vent->cmeth()) == 0
+                && (!s->server
+                    || version != TLS1_3_VERSION
+                    || is_tls13_capable(s))) {
+            if (meth != NULL)
+                *meth = vent->cmeth();
+            return 1;
+        }
+    }
+    return 0;
+}
+
+/*
+ * ssl_check_version_downgrade - In response to RFC7507 SCSV version
+ * fallback indication from a client check whether we're using the highest
+ * supported protocol version.
+ *
+ * @s server SSL handle.
+ *
+ * Returns 1 when using the highest enabled version, 0 otherwise.
+ */
+int ssl_check_version_downgrade(SSL *s)
+{
+    const version_info *vent;
+    const version_info *table;
+
+    /*
+     * Check that the current protocol is the highest enabled version
+     * (according to s->ctx->method, as version negotiation may have changed
+     * s->method).
+     */
+    if (s->version == s->ctx->method->version)
+        return 1;
+
+    /*
+     * Apparently we're using a version-flexible SSL_METHOD (not at its
+     * highest protocol version).
+     */
+    if (s->ctx->method->version == TLS_method()->version)
+        table = tls_version_table;
+    else if (s->ctx->method->version == DTLS_method()->version)
+        table = dtls_version_table;
+    else {
+        /* Unexpected state; fail closed. */
+        return 0;
+    }
+
+    for (vent = table; vent->version != 0; ++vent) {
+        if (vent->smeth != NULL && ssl_method_error(s, vent->smeth()) == 0)
+            return s->version == vent->version;
+    }
+    return 0;
+}
+
+/*
+ * ssl_set_version_bound - set an upper or lower bound on the supported (D)TLS
+ * protocols, provided the initial (D)TLS method is version-flexible.  This
+ * function sanity-checks the proposed value and makes sure the method is
+ * version-flexible, then sets the limit if all is well.
+ *
+ * @method_version: The version of the current SSL_METHOD.
+ * @version: the intended limit.
+ * @bound: pointer to limit to be updated.
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int ssl_set_version_bound(int method_version, int version, int *bound)
+{
+    if (version == 0) {
+        *bound = version;
+        return 1;
+    }
+
+    /*-
+     * Restrict TLS methods to TLS protocol versions.
+     * Restrict DTLS methods to DTLS protocol versions.
+     * Note, DTLS version numbers are decreasing, use comparison macros.
+     *
+     * Note that for both lower-bounds we use explicit versions, not
+     * (D)TLS_MIN_VERSION.  This is because we don't want to break user
+     * configurations.  If the MIN (supported) version ever rises, the user's
+     * "floor" remains valid even if no longer available.  We don't expect the
+     * MAX ceiling to ever get lower, so making that variable makes sense.
+     */
+    switch (method_version) {
+    default:
+        /*
+         * XXX For fixed version methods, should we always fail and not set any
+         * bounds, always succeed and not set any bounds, or set the bounds and
+         * arrange to fail later if they are not met?  At present fixed-version
+         * methods are not subject to controls that disable individual protocol
+         * versions.
+         */
+        return 0;
+
+    case TLS_ANY_VERSION:
+        if (version < SSL3_VERSION || version > TLS_MAX_VERSION)
+            return 0;
+        break;
+
+    case DTLS_ANY_VERSION:
+        if (DTLS_VERSION_GT(version, DTLS_MAX_VERSION) ||
+            DTLS_VERSION_LT(version, DTLS1_BAD_VER))
+            return 0;
+        break;
+    }
+
+    *bound = version;
+    return 1;
+}
+
+static void check_for_downgrade(SSL *s, int vers, DOWNGRADE *dgrd)
+{
+    if (vers == TLS1_2_VERSION
+            && ssl_version_supported(s, TLS1_3_VERSION, NULL)) {
+        *dgrd = DOWNGRADE_TO_1_2;
+    } else if (!SSL_IS_DTLS(s)
+            && vers < TLS1_2_VERSION
+               /*
+                * We need to ensure that a server that disables TLSv1.2
+                * (creating a hole between TLSv1.3 and TLSv1.1) can still
+                * complete handshakes with clients that support TLSv1.2 and
+                * below. Therefore we do not enable the sentinel if TLSv1.3 is
+                * enabled and TLSv1.2 is not.
+                */
+            && ssl_version_supported(s, TLS1_2_VERSION, NULL)) {
+        *dgrd = DOWNGRADE_TO_1_1;
+    } else {
+        *dgrd = DOWNGRADE_NONE;
+    }
+}
+
+/*
+ * ssl_choose_server_version - Choose server (D)TLS version.  Called when the
+ * client HELLO is received to select the final server protocol version and
+ * the version specific method.
+ *
+ * @s: server SSL handle.
+ *
+ * Returns 0 on success or an SSL error reason number on failure.
+ */
+int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
+{
+    /*-
+     * With version-flexible methods we have an initial state with:
+     *
+     *   s->method->version == (D)TLS_ANY_VERSION,
+     *   s->version == (D)TLS_MAX_VERSION.
+     *
+     * So we detect version-flexible methods via the method version, not the
+     * handle version.
+     */
+    int server_version = s->method->version;
+    int client_version = hello->legacy_version;
+    const version_info *vent;
+    const version_info *table;
+    int disabled = 0;
+    RAW_EXTENSION *suppversions;
+
+    s->client_version = client_version;
+
+    switch (server_version) {
+    default:
+        if (!SSL_IS_TLS13(s)) {
+            if (version_cmp(s, client_version, s->version) < 0)
+                return SSL_R_WRONG_SSL_VERSION;
+            *dgrd = DOWNGRADE_NONE;
+            /*
+             * If this SSL handle is not from a version flexible method we don't
+             * (and never did) check min/max FIPS or Suite B constraints.  Hope
+             * that's OK.  It is up to the caller to not choose fixed protocol
+             * versions they don't want.  If not, then easy to fix, just return
+             * ssl_method_error(s, s->method)
+             */
+            return 0;
+        }
+        /*
+         * Fall through if we are TLSv1.3 already (this means we must be after
+         * a HelloRetryRequest
+         */
+        /* fall thru */
+    case TLS_ANY_VERSION:
+        table = tls_version_table;
+        break;
+    case DTLS_ANY_VERSION:
+        table = dtls_version_table;
+        break;
+    }
+
+    suppversions = &hello->pre_proc_exts[TLSEXT_IDX_supported_versions];
+
+    /* If we did an HRR then supported versions is mandatory */
+    if (!suppversions->present && s->hello_retry_request != SSL_HRR_NONE)
+        return SSL_R_UNSUPPORTED_PROTOCOL;
+
+    if (suppversions->present && !SSL_IS_DTLS(s)) {
+        unsigned int candidate_vers = 0;
+        unsigned int best_vers = 0;
+        const SSL_METHOD *best_method = NULL;
+        PACKET versionslist;
+
+        suppversions->parsed = 1;
+
+        if (!PACKET_as_length_prefixed_1(&suppversions->data, &versionslist)) {
+            /* Trailing or invalid data? */
+            return SSL_R_LENGTH_MISMATCH;
+        }
+
+        /*
+         * The TLSv1.3 spec says the client MUST set this to TLS1_2_VERSION.
+         * The spec only requires servers to check that it isn't SSLv3:
+         * "Any endpoint receiving a Hello message with
+         * ClientHello.legacy_version or ServerHello.legacy_version set to
+         * 0x0300 MUST abort the handshake with a "protocol_version" alert."
+         * We are slightly stricter and require that it isn't SSLv3 or lower.
+         * We tolerate TLSv1 and TLSv1.1.
+         */
+        if (client_version <= SSL3_VERSION)
+            return SSL_R_BAD_LEGACY_VERSION;
+
+        while (PACKET_get_net_2(&versionslist, &candidate_vers)) {
+            if (version_cmp(s, candidate_vers, best_vers) <= 0)
+                continue;
+            if (ssl_version_supported(s, candidate_vers, &best_method))
+                best_vers = candidate_vers;
+        }
+        if (PACKET_remaining(&versionslist) != 0) {
+            /* Trailing data? */
+            return SSL_R_LENGTH_MISMATCH;
+        }
+
+        if (best_vers > 0) {
+            if (s->hello_retry_request != SSL_HRR_NONE) {
+                /*
+                 * This is after a HelloRetryRequest so we better check that we
+                 * negotiated TLSv1.3
+                 */
+                if (best_vers != TLS1_3_VERSION)
+                    return SSL_R_UNSUPPORTED_PROTOCOL;
+                return 0;
+            }
+            check_for_downgrade(s, best_vers, dgrd);
+            s->version = best_vers;
+            s->method = best_method;
+            return 0;
+        }
+        return SSL_R_UNSUPPORTED_PROTOCOL;
+    }
+
+    /*
+     * If the supported versions extension isn't present, then the highest
+     * version we can negotiate is TLSv1.2
+     */
+    if (version_cmp(s, client_version, TLS1_3_VERSION) >= 0)
+        client_version = TLS1_2_VERSION;
+
+    /*
+     * No supported versions extension, so we just use the version supplied in
+     * the ClientHello.
+     */
+    for (vent = table; vent->version != 0; ++vent) {
+        const SSL_METHOD *method;
+
+        if (vent->smeth == NULL ||
+            version_cmp(s, client_version, vent->version) < 0)
+            continue;
+        method = vent->smeth();
+        if (ssl_method_error(s, method) == 0) {
+            check_for_downgrade(s, vent->version, dgrd);
+            s->version = vent->version;
+            s->method = method;
+            return 0;
+        }
+        disabled = 1;
+    }
+    return disabled ? SSL_R_UNSUPPORTED_PROTOCOL : SSL_R_VERSION_TOO_LOW;
+}
+
+/*
+ * ssl_choose_client_version - Choose client (D)TLS version.  Called when the
+ * server HELLO is received to select the final client protocol version and
+ * the version specific method.
+ *
+ * @s: client SSL handle.
+ * @version: The proposed version from the server's HELLO.
+ * @extensions: The extensions received
+ *
+ * Returns 1 on success or 0 on error.
+ */
+int ssl_choose_client_version(SSL *s, int version, RAW_EXTENSION *extensions)
+{
+    const version_info *vent;
+    const version_info *table;
+    int ret, ver_min, ver_max, real_max, origv;
+
+    origv = s->version;
+    s->version = version;
+
+    /* This will overwrite s->version if the extension is present */
+    if (!tls_parse_extension(s, TLSEXT_IDX_supported_versions,
+                             SSL_EXT_TLS1_2_SERVER_HELLO
+                             | SSL_EXT_TLS1_3_SERVER_HELLO, extensions,
+                             NULL, 0)) {
+        s->version = origv;
+        return 0;
+    }
+
+    if (s->hello_retry_request != SSL_HRR_NONE
+            && s->version != TLS1_3_VERSION) {
+        s->version = origv;
+        SSLfatal(s, SSL_AD_PROTOCOL_VERSION, SSL_F_SSL_CHOOSE_CLIENT_VERSION,
+                 SSL_R_WRONG_SSL_VERSION);
+        return 0;
+    }
+
+    switch (s->method->version) {
+    default:
+        if (s->version != s->method->version) {
+            s->version = origv;
+            SSLfatal(s, SSL_AD_PROTOCOL_VERSION,
+                     SSL_F_SSL_CHOOSE_CLIENT_VERSION,
+                     SSL_R_WRONG_SSL_VERSION);
+            return 0;
+        }
+        /*
+         * If this SSL handle is not from a version flexible method we don't
+         * (and never did) check min/max, FIPS or Suite B constraints.  Hope
+         * that's OK.  It is up to the caller to not choose fixed protocol
+         * versions they don't want.  If not, then easy to fix, just return
+         * ssl_method_error(s, s->method)
+         */
+        return 1;
+    case TLS_ANY_VERSION:
+        table = tls_version_table;
+        break;
+    case DTLS_ANY_VERSION:
+        table = dtls_version_table;
+        break;
+    }
+
+    ret = ssl_get_min_max_version(s, &ver_min, &ver_max, &real_max);
+    if (ret != 0) {
+        s->version = origv;
+        SSLfatal(s, SSL_AD_PROTOCOL_VERSION,
+                 SSL_F_SSL_CHOOSE_CLIENT_VERSION, ret);
+        return 0;
+    }
+    if (SSL_IS_DTLS(s) ? DTLS_VERSION_LT(s->version, ver_min)
+                       : s->version < ver_min) {
+        s->version = origv;
+        SSLfatal(s, SSL_AD_PROTOCOL_VERSION,
+                 SSL_F_SSL_CHOOSE_CLIENT_VERSION, SSL_R_UNSUPPORTED_PROTOCOL);
+        return 0;
+    } else if (SSL_IS_DTLS(s) ? DTLS_VERSION_GT(s->version, ver_max)
+                              : s->version > ver_max) {
+        s->version = origv;
+        SSLfatal(s, SSL_AD_PROTOCOL_VERSION,
+                 SSL_F_SSL_CHOOSE_CLIENT_VERSION, SSL_R_UNSUPPORTED_PROTOCOL);
+        return 0;
+    }
+
+    if ((s->mode & SSL_MODE_SEND_FALLBACK_SCSV) == 0)
+        real_max = ver_max;
+
+    /* Check for downgrades */
+    if (s->version == TLS1_2_VERSION && real_max > s->version) {
+        if (memcmp(tls12downgrade,
+                   s->s3->server_random + SSL3_RANDOM_SIZE
+                                        - sizeof(tls12downgrade),
+                   sizeof(tls12downgrade)) == 0) {
+            s->version = origv;
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                     SSL_F_SSL_CHOOSE_CLIENT_VERSION,
+                     SSL_R_INAPPROPRIATE_FALLBACK);
+            return 0;
+        }
+    } else if (!SSL_IS_DTLS(s)
+               && s->version < TLS1_2_VERSION
+               && real_max > s->version) {
+        if (memcmp(tls11downgrade,
+                   s->s3->server_random + SSL3_RANDOM_SIZE
+                                        - sizeof(tls11downgrade),
+                   sizeof(tls11downgrade)) == 0) {
+            s->version = origv;
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                     SSL_F_SSL_CHOOSE_CLIENT_VERSION,
+                     SSL_R_INAPPROPRIATE_FALLBACK);
+            return 0;
+        }
+    }
+
+    for (vent = table; vent->version != 0; ++vent) {
+        if (vent->cmeth == NULL || s->version != vent->version)
+            continue;
+
+        s->method = vent->cmeth();
+        return 1;
+    }
+
+    s->version = origv;
+    SSLfatal(s, SSL_AD_PROTOCOL_VERSION, SSL_F_SSL_CHOOSE_CLIENT_VERSION,
+             SSL_R_UNSUPPORTED_PROTOCOL);
+    return 0;
+}
+
+/*
+ * ssl_get_min_max_version - get minimum and maximum protocol version
+ * @s: The SSL connection
+ * @min_version: The minimum supported version
+ * @max_version: The maximum supported version
+ * @real_max:    The highest version below the lowest compile time version hole
+ *               where that hole lies above at least one run-time enabled
+ *               protocol.
+ *
+ * Work out what version we should be using for the initial ClientHello if the
+ * version is initially (D)TLS_ANY_VERSION.  We apply any explicit SSL_OP_NO_xxx
+ * options, the MinProtocol and MaxProtocol configuration commands, any Suite B
+ * constraints and any floor imposed by the security level here,
+ * so we don't advertise the wrong protocol version to only reject the outcome later.
+ *
+ * Computing the right floor matters.  If, e.g., TLS 1.0 and 1.2 are enabled,
+ * TLS 1.1 is disabled, but the security level, Suite-B  and/or MinProtocol
+ * only allow TLS 1.2, we want to advertise TLS1.2, *not* TLS1.
+ *
+ * Returns 0 on success or an SSL error reason number on failure.  On failure
+ * min_version and max_version will also be set to 0.
+ */
+int ssl_get_min_max_version(const SSL *s, int *min_version, int *max_version,
+                            int *real_max)
+{
+    int version, tmp_real_max;
+    int hole;
+    const SSL_METHOD *single = NULL;
+    const SSL_METHOD *method;
+    const version_info *table;
+    const version_info *vent;
+
+    switch (s->method->version) {
+    default:
+        /*
+         * If this SSL handle is not from a version flexible method we don't
+         * (and never did) check min/max FIPS or Suite B constraints.  Hope
+         * that's OK.  It is up to the caller to not choose fixed protocol
+         * versions they don't want.  If not, then easy to fix, just return
+         * ssl_method_error(s, s->method)
+         */
+        *min_version = *max_version = s->version;
+        /*
+         * Providing a real_max only makes sense where we're using a version
+         * flexible method.
+         */
+        if (!ossl_assert(real_max == NULL))
+            return ERR_R_INTERNAL_ERROR;
+        return 0;
+    case TLS_ANY_VERSION:
+        table = tls_version_table;
+        break;
+    case DTLS_ANY_VERSION:
+        table = dtls_version_table;
+        break;
+    }
+
+    /*
+     * SSL_OP_NO_X disables all protocols above X *if* there are some protocols
+     * below X enabled. This is required in order to maintain the "version
+     * capability" vector contiguous. Any versions with a NULL client method
+     * (protocol version client is disabled at compile-time) is also a "hole".
+     *
+     * Our initial state is hole == 1, version == 0.  That is, versions above
+     * the first version in the method table are disabled (a "hole" above
+     * the valid protocol entries) and we don't have a selected version yet.
+     *
+     * Whenever "hole == 1", and we hit an enabled method, its version becomes
+     * the selected version, and the method becomes a candidate "single"
+     * method.  We're no longer in a hole, so "hole" becomes 0.
+     *
+     * If "hole == 0" and we hit an enabled method, then "single" is cleared,
+     * as we support a contiguous range of at least two methods.  If we hit
+     * a disabled method, then hole becomes true again, but nothing else
+     * changes yet, because all the remaining methods may be disabled too.
+     * If we again hit an enabled method after the new hole, it becomes
+     * selected, as we start from scratch.
+     */
+    *min_version = version = 0;
+    hole = 1;
+    if (real_max != NULL)
+        *real_max = 0;
+    tmp_real_max = 0;
+    for (vent = table; vent->version != 0; ++vent) {
+        /*
+         * A table entry with a NULL client method is still a hole in the
+         * "version capability" vector.
+         */
+        if (vent->cmeth == NULL) {
+            hole = 1;
+            tmp_real_max = 0;
+            continue;
+        }
+        method = vent->cmeth();
+
+        if (hole == 1 && tmp_real_max == 0)
+            tmp_real_max = vent->version;
+
+        if (ssl_method_error(s, method) != 0) {
+            hole = 1;
+        } else if (!hole) {
+            single = NULL;
+            *min_version = method->version;
+        } else {
+            if (real_max != NULL && tmp_real_max != 0)
+                *real_max = tmp_real_max;
+            version = (single = method)->version;
+            *min_version = version;
+            hole = 0;
+        }
+    }
+
+    *max_version = version;
+
+    /* Fail if everything is disabled */
+    if (version == 0)
+        return SSL_R_NO_PROTOCOLS_AVAILABLE;
+
+    return 0;
+}
+
+/*
+ * ssl_set_client_hello_version - Work out what version we should be using for
+ * the initial ClientHello.legacy_version field.
+ *
+ * @s: client SSL handle.
+ *
+ * Returns 0 on success or an SSL error reason number on failure.
+ */
+int ssl_set_client_hello_version(SSL *s)
+{
+    int ver_min, ver_max, ret;
+
+    /*
+     * In a renegotiation we always send the same client_version that we sent
+     * last time, regardless of which version we eventually negotiated.
+     */
+    if (!SSL_IS_FIRST_HANDSHAKE(s))
+        return 0;
+
+    ret = ssl_get_min_max_version(s, &ver_min, &ver_max, NULL);
+
+    if (ret != 0)
+        return ret;
+
+    s->version = ver_max;
+
+    /* TLS1.3 always uses TLS1.2 in the legacy_version field */
+    if (!SSL_IS_DTLS(s) && ver_max > TLS1_2_VERSION)
+        ver_max = TLS1_2_VERSION;
+
+    s->client_version = ver_max;
+    return 0;
+}
+
+/*
+ * Checks a list of |groups| to determine if the |group_id| is in it. If it is
+ * and |checkallow| is 1 then additionally check if the group is allowed to be
+ * used. Returns 1 if the group is in the list (and allowed if |checkallow| is
+ * 1) or 0 otherwise.
+ */
+#ifndef OPENSSL_NO_EC
+int check_in_list(SSL *s, uint16_t group_id, const uint16_t *groups,
+                  size_t num_groups, int checkallow)
+{
+    size_t i;
+
+    if (groups == NULL || num_groups == 0)
+        return 0;
+
+    for (i = 0; i < num_groups; i++) {
+        uint16_t group = groups[i];
+
+        if (group_id == group
+                && (!checkallow
+                    || tls_curve_allowed(s, group, SSL_SECOP_CURVE_CHECK))) {
+            return 1;
+        }
+    }
+
+    return 0;
+}
+#endif
+
+/* Replace ClientHello1 in the transcript hash with a synthetic message */
+int create_synthetic_message_hash(SSL *s, const unsigned char *hashval,
+                                  size_t hashlen, const unsigned char *hrr,
+                                  size_t hrrlen)
+{
+    unsigned char hashvaltmp[EVP_MAX_MD_SIZE];
+    unsigned char msghdr[SSL3_HM_HEADER_LENGTH];
+
+    memset(msghdr, 0, sizeof(msghdr));
+
+    if (hashval == NULL) {
+        hashval = hashvaltmp;
+        hashlen = 0;
+        /* Get the hash of the initial ClientHello */
+        if (!ssl3_digest_cached_records(s, 0)
+                || !ssl_handshake_hash(s, hashvaltmp, sizeof(hashvaltmp),
+                                       &hashlen)) {
+            /* SSLfatal() already called */
+            return 0;
+        }
+    }
+
+    /* Reinitialise the transcript hash */
+    if (!ssl3_init_finished_mac(s)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    /* Inject the synthetic message_hash message */
+    msghdr[0] = SSL3_MT_MESSAGE_HASH;
+    msghdr[SSL3_HM_HEADER_LENGTH - 1] = (unsigned char)hashlen;
+    if (!ssl3_finish_mac(s, msghdr, SSL3_HM_HEADER_LENGTH)
+            || !ssl3_finish_mac(s, hashval, hashlen)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    /*
+     * Now re-inject the HRR and current message if appropriate (we just deleted
+     * it when we reinitialised the transcript hash above). Only necessary after
+     * receiving a ClientHello2 with a cookie.
+     */
+    if (hrr != NULL
+            && (!ssl3_finish_mac(s, hrr, hrrlen)
+                || !ssl3_finish_mac(s, (unsigned char *)s->init_buf->data,
+                                    s->s3->tmp.message_size
+                                    + SSL3_HM_HEADER_LENGTH))) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    return 1;
+}
+
+static int ca_dn_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
+{
+    return X509_NAME_cmp(*a, *b);
+}
+
+int parse_ca_names(SSL *s, PACKET *pkt)
+{
+    STACK_OF(X509_NAME) *ca_sk = sk_X509_NAME_new(ca_dn_cmp);
+    X509_NAME *xn = NULL;
+    PACKET cadns;
+
+    if (ca_sk == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_PARSE_CA_NAMES,
+                 ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    /* get the CA RDNs */
+    if (!PACKET_get_length_prefixed_2(pkt, &cadns)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,SSL_F_PARSE_CA_NAMES,
+                 SSL_R_LENGTH_MISMATCH);
+        goto err;
+    }
+
+    while (PACKET_remaining(&cadns)) {
+        const unsigned char *namestart, *namebytes;
+        unsigned int name_len;
+
+        if (!PACKET_get_net_2(&cadns, &name_len)
+            || !PACKET_get_bytes(&cadns, &namebytes, name_len)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_PARSE_CA_NAMES,
+                     SSL_R_LENGTH_MISMATCH);
+            goto err;
+        }
+
+        namestart = namebytes;
+        if ((xn = d2i_X509_NAME(NULL, &namebytes, name_len)) == NULL) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_PARSE_CA_NAMES,
+                     ERR_R_ASN1_LIB);
+            goto err;
+        }
+        if (namebytes != (namestart + name_len)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_PARSE_CA_NAMES,
+                     SSL_R_CA_DN_LENGTH_MISMATCH);
+            goto err;
+        }
+
+        if (!sk_X509_NAME_push(ca_sk, xn)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_PARSE_CA_NAMES,
+                     ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        xn = NULL;
+    }
+
+    sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
+    s->s3->tmp.peer_ca_names = ca_sk;
+
+    return 1;
+
+ err:
+    sk_X509_NAME_pop_free(ca_sk, X509_NAME_free);
+    X509_NAME_free(xn);
+    return 0;
+}
+
+int construct_ca_names(SSL *s, WPACKET *pkt)
+{
+    const STACK_OF(X509_NAME) *ca_sk = SSL_get0_CA_list(s);
+
+    /* Start sub-packet for client CA list */
+    if (!WPACKET_start_sub_packet_u16(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_CA_NAMES,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    if (ca_sk != NULL) {
+        int i;
+
+        for (i = 0; i < sk_X509_NAME_num(ca_sk); i++) {
+            unsigned char *namebytes;
+            X509_NAME *name = sk_X509_NAME_value(ca_sk, i);
+            int namelen;
+
+            if (name == NULL
+                    || (namelen = i2d_X509_NAME(name, NULL)) < 0
+                    || !WPACKET_sub_allocate_bytes_u16(pkt, namelen,
+                                                       &namebytes)
+                    || i2d_X509_NAME(name, &namebytes) != namelen) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_CA_NAMES,
+                         ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+        }
+    }
+
+    if (!WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_CA_NAMES,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    return 1;
+}
+
+/* Create a buffer containing data to be signed for server key exchange */
+size_t construct_key_exchange_tbs(SSL *s, unsigned char **ptbs,
+                                  const void *param, size_t paramlen)
+{
+    size_t tbslen = 2 * SSL3_RANDOM_SIZE + paramlen;
+    unsigned char *tbs = OPENSSL_malloc(tbslen);
+
+    if (tbs == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_KEY_EXCHANGE_TBS,
+                 ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    memcpy(tbs, s->s3->client_random, SSL3_RANDOM_SIZE);
+    memcpy(tbs + SSL3_RANDOM_SIZE, s->s3->server_random, SSL3_RANDOM_SIZE);
+
+    memcpy(tbs + SSL3_RANDOM_SIZE * 2, param, paramlen);
+
+    *ptbs = tbs;
+    return tbslen;
+}
+
+/*
+ * Saves the current handshake digest for Post-Handshake Auth,
+ * Done after ClientFinished is processed, done exactly once
+ */
+int tls13_save_handshake_digest_for_pha(SSL *s)
+{
+    if (s->pha_dgst == NULL) {
+        if (!ssl3_digest_cached_records(s, 1))
+            /* SSLfatal() already called */
+            return 0;
+
+        s->pha_dgst = EVP_MD_CTX_new();
+        if (s->pha_dgst == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS13_SAVE_HANDSHAKE_DIGEST_FOR_PHA,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+        if (!EVP_MD_CTX_copy_ex(s->pha_dgst,
+                                s->s3->handshake_dgst)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS13_SAVE_HANDSHAKE_DIGEST_FOR_PHA,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+    }
+    return 1;
+}
+
+/*
+ * Restores the Post-Handshake Auth handshake digest
+ * Done just before sending/processing the Cert Request
+ */
+int tls13_restore_handshake_digest_for_pha(SSL *s)
+{
+    if (s->pha_dgst == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS13_RESTORE_HANDSHAKE_DIGEST_FOR_PHA,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    if (!EVP_MD_CTX_copy_ex(s->s3->handshake_dgst,
+                            s->pha_dgst)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS13_RESTORE_HANDSHAKE_DIGEST_FOR_PHA,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    return 1;
+}
diff --git a/freebsd/crypto/openssl/ssl/statem/statem_locl.h b/freebsd/crypto/openssl/ssl/statem/statem_locl.h
new file mode 100644
index 00000000..25e56e4e
--- /dev/null
+++ b/freebsd/crypto/openssl/ssl/statem/statem_locl.h
@@ -0,0 +1,422 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*****************************************************************************
+ *                                                                           *
+ * The following definitions are PRIVATE to the state machine. They should   *
+ * NOT be used outside of the state machine.                                 *
+ *                                                                           *
+ *****************************************************************************/
+
+/* Max message length definitions */
+
+/* The spec allows for a longer length than this, but we limit it */
+#define HELLO_VERIFY_REQUEST_MAX_LENGTH 258
+#define END_OF_EARLY_DATA_MAX_LENGTH    0
+#define SERVER_HELLO_MAX_LENGTH         20000
+#define HELLO_RETRY_REQUEST_MAX_LENGTH  20000
+#define ENCRYPTED_EXTENSIONS_MAX_LENGTH 20000
+#define SERVER_KEY_EXCH_MAX_LENGTH      102400
+#define SERVER_HELLO_DONE_MAX_LENGTH    0
+#define KEY_UPDATE_MAX_LENGTH           1
+#define CCS_MAX_LENGTH                  1
+/* Max should actually be 36 but we are generous */
+#define FINISHED_MAX_LENGTH             64
+
+/* The maximum number of incoming KeyUpdate messages we will accept */
+#define MAX_KEY_UPDATE_MESSAGES     32
+
+/* Dummy message type */
+#define SSL3_MT_DUMMY   -1
+
+extern const unsigned char hrrrandom[];
+
+/* Message processing return codes */
+typedef enum {
+    /* Something bad happened */
+    MSG_PROCESS_ERROR,
+    /* We've finished reading - swap to writing */
+    MSG_PROCESS_FINISHED_READING,
+    /*
+     * We've completed the main processing of this message but there is some
+     * post processing to be done.
+     */
+    MSG_PROCESS_CONTINUE_PROCESSING,
+    /* We've finished this message - read the next message */
+    MSG_PROCESS_CONTINUE_READING
+} MSG_PROCESS_RETURN;
+
+typedef int (*confunc_f) (SSL *s, WPACKET *pkt);
+
+int ssl3_take_mac(SSL *s);
+int check_in_list(SSL *s, uint16_t group_id, const uint16_t *groups,
+                  size_t num_groups, int checkallow);
+int create_synthetic_message_hash(SSL *s, const unsigned char *hashval,
+                                  size_t hashlen, const unsigned char *hrr,
+                                  size_t hrrlen);
+int parse_ca_names(SSL *s, PACKET *pkt);
+int construct_ca_names(SSL *s, WPACKET *pkt);
+size_t construct_key_exchange_tbs(SSL *s, unsigned char **ptbs,
+                                  const void *param, size_t paramlen);
+
+/*
+ * TLS/DTLS client state machine functions
+ */
+int ossl_statem_client_read_transition(SSL *s, int mt);
+WRITE_TRAN ossl_statem_client_write_transition(SSL *s);
+WORK_STATE ossl_statem_client_pre_work(SSL *s, WORK_STATE wst);
+WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst);
+int ossl_statem_client_construct_message(SSL *s, WPACKET *pkt,
+                                         confunc_f *confunc, int *mt);
+size_t ossl_statem_client_max_message_size(SSL *s);
+MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL *s, PACKET *pkt);
+WORK_STATE ossl_statem_client_post_process_message(SSL *s, WORK_STATE wst);
+
+/*
+ * TLS/DTLS server state machine functions
+ */
+int ossl_statem_server_read_transition(SSL *s, int mt);
+WRITE_TRAN ossl_statem_server_write_transition(SSL *s);
+WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst);
+WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst);
+int ossl_statem_server_construct_message(SSL *s, WPACKET *pkt,
+                                         confunc_f *confunc,int *mt);
+size_t ossl_statem_server_max_message_size(SSL *s);
+MSG_PROCESS_RETURN ossl_statem_server_process_message(SSL *s, PACKET *pkt);
+WORK_STATE ossl_statem_server_post_process_message(SSL *s, WORK_STATE wst);
+
+/* Functions for getting new message data */
+__owur int tls_get_message_header(SSL *s, int *mt);
+__owur int tls_get_message_body(SSL *s, size_t *len);
+__owur int dtls_get_message(SSL *s, int *mt, size_t *len);
+
+/* Message construction and processing functions */
+__owur int tls_process_initial_server_flight(SSL *s);
+__owur MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt);
+__owur MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt);
+__owur int tls_construct_change_cipher_spec(SSL *s, WPACKET *pkt);
+__owur int dtls_construct_change_cipher_spec(SSL *s, WPACKET *pkt);
+
+__owur int tls_construct_finished(SSL *s, WPACKET *pkt);
+__owur int tls_construct_key_update(SSL *s, WPACKET *pkt);
+__owur MSG_PROCESS_RETURN tls_process_key_update(SSL *s, PACKET *pkt);
+__owur WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs,
+                                       int stop);
+__owur WORK_STATE dtls_wait_for_dry(SSL *s);
+
+/* some client-only functions */
+__owur int tls_construct_client_hello(SSL *s, WPACKET *pkt);
+__owur MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt);
+__owur MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt);
+__owur MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt);
+__owur int tls_process_cert_status_body(SSL *s, PACKET *pkt);
+__owur MSG_PROCESS_RETURN tls_process_cert_status(SSL *s, PACKET *pkt);
+__owur MSG_PROCESS_RETURN tls_process_server_done(SSL *s, PACKET *pkt);
+__owur int tls_construct_cert_verify(SSL *s, WPACKET *pkt);
+__owur WORK_STATE tls_prepare_client_certificate(SSL *s, WORK_STATE wst);
+__owur int tls_construct_client_certificate(SSL *s, WPACKET *pkt);
+__owur int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey);
+__owur int tls_construct_client_key_exchange(SSL *s, WPACKET *pkt);
+__owur int tls_client_key_exchange_post_work(SSL *s);
+__owur int tls_construct_cert_status_body(SSL *s, WPACKET *pkt);
+__owur int tls_construct_cert_status(SSL *s, WPACKET *pkt);
+__owur MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt);
+__owur MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt);
+__owur int ssl3_check_cert_and_algorithm(SSL *s);
+#ifndef OPENSSL_NO_NEXTPROTONEG
+__owur int tls_construct_next_proto(SSL *s, WPACKET *pkt);
+#endif
+__owur MSG_PROCESS_RETURN tls_process_hello_req(SSL *s, PACKET *pkt);
+__owur MSG_PROCESS_RETURN dtls_process_hello_verify(SSL *s, PACKET *pkt);
+__owur int tls_construct_end_of_early_data(SSL *s, WPACKET *pkt);
+
+/* some server-only functions */
+__owur MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt);
+__owur WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst);
+__owur int tls_construct_server_hello(SSL *s, WPACKET *pkt);
+__owur int dtls_construct_hello_verify_request(SSL *s, WPACKET *pkt);
+__owur int tls_construct_server_certificate(SSL *s, WPACKET *pkt);
+__owur int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt);
+__owur int tls_construct_certificate_request(SSL *s, WPACKET *pkt);
+__owur int tls_construct_server_done(SSL *s, WPACKET *pkt);
+__owur MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt);
+__owur MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt);
+__owur WORK_STATE tls_post_process_client_key_exchange(SSL *s, WORK_STATE wst);
+__owur MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt);
+#ifndef OPENSSL_NO_NEXTPROTONEG
+__owur MSG_PROCESS_RETURN tls_process_next_proto(SSL *s, PACKET *pkt);
+#endif
+__owur int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt);
+MSG_PROCESS_RETURN tls_process_end_of_early_data(SSL *s, PACKET *pkt);
+
+
+/* Extension processing */
+
+typedef enum ext_return_en {
+    EXT_RETURN_FAIL,
+    EXT_RETURN_SENT,
+    EXT_RETURN_NOT_SENT
+} EXT_RETURN;
+
+__owur int tls_validate_all_contexts(SSL *s, unsigned int thisctx,
+                                     RAW_EXTENSION *exts);
+__owur int extension_is_relevant(SSL *s, unsigned int extctx,
+                                 unsigned int thisctx);
+__owur int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context,
+                                  RAW_EXTENSION **res, size_t *len, int init);
+__owur int tls_parse_extension(SSL *s, TLSEXT_INDEX idx, int context,
+                               RAW_EXTENSION *exts,  X509 *x, size_t chainidx);
+__owur int tls_parse_all_extensions(SSL *s, int context, RAW_EXTENSION *exts,
+                                    X509 *x, size_t chainidx, int fin);
+__owur int should_add_extension(SSL *s, unsigned int extctx,
+                                unsigned int thisctx, int max_version);
+__owur int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context,
+                                    X509 *x, size_t chainidx);
+
+__owur int tls_psk_do_binder(SSL *s, const EVP_MD *md,
+                             const unsigned char *msgstart,
+                             size_t binderoffset, const unsigned char *binderin,
+                             unsigned char *binderout,
+                             SSL_SESSION *sess, int sign, int external);
+
+/* Server Extension processing */
+int tls_parse_ctos_renegotiate(SSL *s, PACKET *pkt, unsigned int context,
+                               X509 *x, size_t chainidx);
+int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, unsigned int context,
+                               X509 *x, size_t chainidx);
+int tls_parse_ctos_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx);
+#ifndef OPENSSL_NO_SRP
+int tls_parse_ctos_srp(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx);
+#endif
+int tls_parse_ctos_early_data(SSL *s, PACKET *pkt, unsigned int context,
+                              X509 *x, size_t chainidx);
+#ifndef OPENSSL_NO_EC
+int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context,
+                                 X509 *x, size_t chainidx);
+int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, unsigned int context,
+                                    X509 *x, size_t chainidxl);
+#endif
+int tls_parse_ctos_session_ticket(SSL *s, PACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx);
+int tls_parse_ctos_sig_algs_cert(SSL *s, PACKET *pkt, unsigned int context,
+                                 X509 *x, size_t chainidx);
+int tls_parse_ctos_sig_algs(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                            size_t chainidx);
+#ifndef OPENSSL_NO_OCSP
+int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx);
+#endif
+#ifndef OPENSSL_NO_NEXTPROTONEG
+int tls_parse_ctos_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx);
+#endif
+int tls_parse_ctos_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                        size_t chainidx);
+#ifndef OPENSSL_NO_SRTP
+int tls_parse_ctos_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                            size_t chainidx);
+#endif
+int tls_parse_ctos_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx);
+int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                             size_t chainidx);
+int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                          size_t chainidx);
+int tls_parse_ctos_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx);
+int tls_parse_ctos_psk_kex_modes(SSL *s, PACKET *pkt, unsigned int context,
+                                 X509 *x, size_t chainidx);
+int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx);
+int tls_parse_ctos_post_handshake_auth(SSL *, PACKET *pkt, unsigned int context,
+                                       X509 *x, size_t chainidx);
+
+EXT_RETURN tls_construct_stoc_renegotiate(SSL *s, WPACKET *pkt,
+                                          unsigned int context, X509 *x,
+                                          size_t chainidx);
+EXT_RETURN tls_construct_stoc_server_name(SSL *s, WPACKET *pkt,
+                                          unsigned int context, X509 *x,
+                                          size_t chainidx);
+EXT_RETURN tls_construct_stoc_early_data(SSL *s, WPACKET *pkt,
+                                         unsigned int context, X509 *x,
+                                         size_t chainidx);
+EXT_RETURN tls_construct_stoc_maxfragmentlen(SSL *s, WPACKET *pkt,
+                                             unsigned int context, X509 *x,
+                                             size_t chainidx);
+#ifndef OPENSSL_NO_EC
+EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt,
+                                            unsigned int context, X509 *x,
+                                            size_t chainidx);
+#endif
+EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt,
+                                               unsigned int context, X509 *x,
+                                               size_t chainidx);
+EXT_RETURN tls_construct_stoc_session_ticket(SSL *s, WPACKET *pkt,
+                                             unsigned int context, X509 *x,
+                                             size_t chainidx);
+#ifndef OPENSSL_NO_OCSP
+EXT_RETURN tls_construct_stoc_status_request(SSL *s, WPACKET *pkt,
+                                             unsigned int context, X509 *x,
+                                             size_t chainidx);
+#endif
+#ifndef OPENSSL_NO_NEXTPROTONEG
+EXT_RETURN tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt,
+                                             unsigned int context, X509 *x,
+                                             size_t chainidx);
+#endif
+EXT_RETURN tls_construct_stoc_alpn(SSL *s, WPACKET *pkt, unsigned int context,
+                                   X509 *x, size_t chainidx);
+#ifndef OPENSSL_NO_SRTP
+EXT_RETURN tls_construct_stoc_use_srtp(SSL *s, WPACKET *pkt, unsigned int context,
+                                X509 *x, size_t chainidx);
+#endif
+EXT_RETURN tls_construct_stoc_etm(SSL *s, WPACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx);
+EXT_RETURN tls_construct_stoc_ems(SSL *s, WPACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx);
+EXT_RETURN tls_construct_stoc_supported_versions(SSL *s, WPACKET *pkt,
+                                                 unsigned int context, X509 *x,
+                                                 size_t chainidx);
+EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt,
+                                        unsigned int context, X509 *x,
+                                        size_t chainidx);
+EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context,
+                                     X509 *x, size_t chainidx);
+/*
+ * Not in public headers as this is not an official extension. Only used when
+ * SSL_OP_CRYPTOPRO_TLSEXT_BUG is set.
+ */
+#define TLSEXT_TYPE_cryptopro_bug      0xfde8
+EXT_RETURN tls_construct_stoc_cryptopro_bug(SSL *s, WPACKET *pkt,
+                                            unsigned int context, X509 *x,
+                                            size_t chainidx);
+EXT_RETURN tls_construct_stoc_psk(SSL *s, WPACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx);
+
+/* Client Extension processing */
+EXT_RETURN tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt, unsigned int context,
+                                   X509 *x, size_t chainidx);
+EXT_RETURN tls_construct_ctos_server_name(SSL *s, WPACKET *pkt, unsigned int context,
+                                   X509 *x, size_t chainidx);
+EXT_RETURN tls_construct_ctos_maxfragmentlen(SSL *s, WPACKET *pkt, unsigned int context,
+                                             X509 *x, size_t chainidx);
+#ifndef OPENSSL_NO_SRP
+EXT_RETURN tls_construct_ctos_srp(SSL *s, WPACKET *pkt, unsigned int context, X509 *x,
+                           size_t chainidx);
+#endif
+#ifndef OPENSSL_NO_EC
+EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt,
+                                            unsigned int context, X509 *x,
+                                            size_t chainidx);
+EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt,
+                                               unsigned int context, X509 *x,
+                                               size_t chainidx);
+#endif
+EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt,
+                                         unsigned int context, X509 *x,
+                                         size_t chainidx);
+EXT_RETURN tls_construct_ctos_session_ticket(SSL *s, WPACKET *pkt,
+                                             unsigned int context, X509 *x,
+                                             size_t chainidx);
+EXT_RETURN tls_construct_ctos_sig_algs(SSL *s, WPACKET *pkt,
+                                       unsigned int context, X509 *x,
+                                       size_t chainidx);
+#ifndef OPENSSL_NO_OCSP
+EXT_RETURN tls_construct_ctos_status_request(SSL *s, WPACKET *pkt,
+                                             unsigned int context, X509 *x,
+                                             size_t chainidx);
+#endif
+#ifndef OPENSSL_NO_NEXTPROTONEG
+EXT_RETURN tls_construct_ctos_npn(SSL *s, WPACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx);
+#endif
+EXT_RETURN tls_construct_ctos_alpn(SSL *s, WPACKET *pkt, unsigned int context,
+                                   X509 *x, size_t chainidx);
+#ifndef OPENSSL_NO_SRTP
+EXT_RETURN tls_construct_ctos_use_srtp(SSL *s, WPACKET *pkt, unsigned int context,
+                                       X509 *x, size_t chainidx);
+#endif
+EXT_RETURN tls_construct_ctos_etm(SSL *s, WPACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx);
+#ifndef OPENSSL_NO_CT
+EXT_RETURN tls_construct_ctos_sct(SSL *s, WPACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx);
+#endif
+EXT_RETURN tls_construct_ctos_ems(SSL *s, WPACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx);
+EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt,
+                                                 unsigned int context, X509 *x,
+                                                 size_t chainidx);
+EXT_RETURN tls_construct_ctos_key_share(SSL *s, WPACKET *pkt,
+                                        unsigned int context, X509 *x,
+                                        size_t chainidx);
+EXT_RETURN tls_construct_ctos_psk_kex_modes(SSL *s, WPACKET *pkt,
+                                            unsigned int context, X509 *x,
+                                            size_t chainidx);
+EXT_RETURN tls_construct_ctos_cookie(SSL *s, WPACKET *pkt, unsigned int context,
+                                     X509 *x, size_t chainidx);
+EXT_RETURN tls_construct_ctos_padding(SSL *s, WPACKET *pkt,
+                                      unsigned int context, X509 *x,
+                                      size_t chainidx);
+EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx);
+EXT_RETURN tls_construct_ctos_post_handshake_auth(SSL *s, WPACKET *pkt, unsigned int context,
+                                                  X509 *x, size_t chainidx);
+
+int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, unsigned int context,
+                               X509 *x, size_t chainidx);
+int tls_parse_stoc_server_name(SSL *s, PACKET *pkt, unsigned int context,
+                               X509 *x, size_t chainidx);
+int tls_parse_stoc_early_data(SSL *s, PACKET *pkt, unsigned int context,
+                              X509 *x, size_t chainidx);
+int tls_parse_stoc_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx);
+#ifndef OPENSSL_NO_EC
+int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context,
+                                 X509 *x, size_t chainidx);
+#endif
+int tls_parse_stoc_session_ticket(SSL *s, PACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx);
+#ifndef OPENSSL_NO_OCSP
+int tls_parse_stoc_status_request(SSL *s, PACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx);
+#endif
+#ifndef OPENSSL_NO_CT
+int tls_parse_stoc_sct(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx);
+#endif
+#ifndef OPENSSL_NO_NEXTPROTONEG
+int tls_parse_stoc_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx);
+#endif
+int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                        size_t chainidx);
+#ifndef OPENSSL_NO_SRTP
+int tls_parse_stoc_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                            size_t chainidx);
+#endif
+int tls_parse_stoc_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx);
+int tls_parse_stoc_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx);
+int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context,
+                                      X509 *x, size_t chainidx);
+int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                             size_t chainidx);
+int tls_parse_stoc_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx);
+int tls_parse_stoc_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx);
+
+int tls_handle_alpn(SSL *s);
+
+int tls13_save_handshake_digest_for_pha(SSL *s);
+int tls13_restore_handshake_digest_for_pha(SSL *s);
diff --git a/freebsd/crypto/openssl/ssl/statem/statem_srvr.c b/freebsd/crypto/openssl/ssl/statem/statem_srvr.c
new file mode 100644
index 00000000..f9c06aaf
--- /dev/null
+++ b/freebsd/crypto/openssl/ssl/statem/statem_srvr.c
@@ -0,0 +1,4271 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "../ssl_locl.h"
+#include "statem_locl.h"
+#include "internal/constant_time_locl.h"
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/x509.h>
+#include <openssl/dh.h>
+#include <openssl/bn.h>
+#include <openssl/md5.h>
+
+#define TICKET_NONCE_SIZE       8
+
+static int tls_construct_encrypted_extensions(SSL *s, WPACKET *pkt);
+
+/*
+ * ossl_statem_server13_read_transition() encapsulates the logic for the allowed
+ * handshake state transitions when a TLSv1.3 server is reading messages from
+ * the client. The message type that the client has sent is provided in |mt|.
+ * The current state is in |s->statem.hand_state|.
+ *
+ * Return values are 1 for success (transition allowed) and  0 on error
+ * (transition not allowed)
+ */
+static int ossl_statem_server13_read_transition(SSL *s, int mt)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    /*
+     * Note: There is no case for TLS_ST_BEFORE because at that stage we have
+     * not negotiated TLSv1.3 yet, so that case is handled by
+     * ossl_statem_server_read_transition()
+     */
+    switch (st->hand_state) {
+    default:
+        break;
+
+    case TLS_ST_EARLY_DATA:
+        if (s->hello_retry_request == SSL_HRR_PENDING) {
+            if (mt == SSL3_MT_CLIENT_HELLO) {
+                st->hand_state = TLS_ST_SR_CLNT_HELLO;
+                return 1;
+            }
+            break;
+        } else if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {
+            if (mt == SSL3_MT_END_OF_EARLY_DATA) {
+                st->hand_state = TLS_ST_SR_END_OF_EARLY_DATA;
+                return 1;
+            }
+            break;
+        }
+        /* Fall through */
+
+    case TLS_ST_SR_END_OF_EARLY_DATA:
+    case TLS_ST_SW_FINISHED:
+        if (s->s3->tmp.cert_request) {
+            if (mt == SSL3_MT_CERTIFICATE) {
+                st->hand_state = TLS_ST_SR_CERT;
+                return 1;
+            }
+        } else {
+            if (mt == SSL3_MT_FINISHED) {
+                st->hand_state = TLS_ST_SR_FINISHED;
+                return 1;
+            }
+        }
+        break;
+
+    case TLS_ST_SR_CERT:
+        if (s->session->peer == NULL) {
+            if (mt == SSL3_MT_FINISHED) {
+                st->hand_state = TLS_ST_SR_FINISHED;
+                return 1;
+            }
+        } else {
+            if (mt == SSL3_MT_CERTIFICATE_VERIFY) {
+                st->hand_state = TLS_ST_SR_CERT_VRFY;
+                return 1;
+            }
+        }
+        break;
+
+    case TLS_ST_SR_CERT_VRFY:
+        if (mt == SSL3_MT_FINISHED) {
+            st->hand_state = TLS_ST_SR_FINISHED;
+            return 1;
+        }
+        break;
+
+    case TLS_ST_OK:
+        /*
+         * Its never ok to start processing handshake messages in the middle of
+         * early data (i.e. before we've received the end of early data alert)
+         */
+        if (s->early_data_state == SSL_EARLY_DATA_READING)
+            break;
+
+        if (mt == SSL3_MT_CERTIFICATE
+                && s->post_handshake_auth == SSL_PHA_REQUESTED) {
+            st->hand_state = TLS_ST_SR_CERT;
+            return 1;
+        }
+
+        if (mt == SSL3_MT_KEY_UPDATE) {
+            st->hand_state = TLS_ST_SR_KEY_UPDATE;
+            return 1;
+        }
+        break;
+    }
+
+    /* No valid transition found */
+    return 0;
+}
+
+/*
+ * ossl_statem_server_read_transition() encapsulates the logic for the allowed
+ * handshake state transitions when the server is reading messages from the
+ * client. The message type that the client has sent is provided in |mt|. The
+ * current state is in |s->statem.hand_state|.
+ *
+ * Return values are 1 for success (transition allowed) and  0 on error
+ * (transition not allowed)
+ */
+int ossl_statem_server_read_transition(SSL *s, int mt)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    if (SSL_IS_TLS13(s)) {
+        if (!ossl_statem_server13_read_transition(s, mt))
+            goto err;
+        return 1;
+    }
+
+    switch (st->hand_state) {
+    default:
+        break;
+
+    case TLS_ST_BEFORE:
+    case TLS_ST_OK:
+    case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
+        if (mt == SSL3_MT_CLIENT_HELLO) {
+            st->hand_state = TLS_ST_SR_CLNT_HELLO;
+            return 1;
+        }
+        break;
+
+    case TLS_ST_SW_SRVR_DONE:
+        /*
+         * If we get a CKE message after a ServerDone then either
+         * 1) We didn't request a Certificate
+         * OR
+         * 2) If we did request one then
+         *      a) We allow no Certificate to be returned
+         *      AND
+         *      b) We are running SSL3 (in TLS1.0+ the client must return a 0
+         *         list if we requested a certificate)
+         */
+        if (mt == SSL3_MT_CLIENT_KEY_EXCHANGE) {
+            if (s->s3->tmp.cert_request) {
+                if (s->version == SSL3_VERSION) {
+                    if ((s->verify_mode & SSL_VERIFY_PEER)
+                        && (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
+                        /*
+                         * This isn't an unexpected message as such - we're just
+                         * not going to accept it because we require a client
+                         * cert.
+                         */
+                        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                                 SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION,
+                                 SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
+                        return 0;
+                    }
+                    st->hand_state = TLS_ST_SR_KEY_EXCH;
+                    return 1;
+                }
+            } else {
+                st->hand_state = TLS_ST_SR_KEY_EXCH;
+                return 1;
+            }
+        } else if (s->s3->tmp.cert_request) {
+            if (mt == SSL3_MT_CERTIFICATE) {
+                st->hand_state = TLS_ST_SR_CERT;
+                return 1;
+            }
+        }
+        break;
+
+    case TLS_ST_SR_CERT:
+        if (mt == SSL3_MT_CLIENT_KEY_EXCHANGE) {
+            st->hand_state = TLS_ST_SR_KEY_EXCH;
+            return 1;
+        }
+        break;
+
+    case TLS_ST_SR_KEY_EXCH:
+        /*
+         * We should only process a CertificateVerify message if we have
+         * received a Certificate from the client. If so then |s->session->peer|
+         * will be non NULL. In some instances a CertificateVerify message is
+         * not required even if the peer has sent a Certificate (e.g. such as in
+         * the case of static DH). In that case |st->no_cert_verify| should be
+         * set.
+         */
+        if (s->session->peer == NULL || st->no_cert_verify) {
+            if (mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
+                /*
+                 * For the ECDH ciphersuites when the client sends its ECDH
+                 * pub key in a certificate, the CertificateVerify message is
+                 * not sent. Also for GOST ciphersuites when the client uses
+                 * its key from the certificate for key exchange.
+                 */
+                st->hand_state = TLS_ST_SR_CHANGE;
+                return 1;
+            }
+        } else {
+            if (mt == SSL3_MT_CERTIFICATE_VERIFY) {
+                st->hand_state = TLS_ST_SR_CERT_VRFY;
+                return 1;
+            }
+        }
+        break;
+
+    case TLS_ST_SR_CERT_VRFY:
+        if (mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
+            st->hand_state = TLS_ST_SR_CHANGE;
+            return 1;
+        }
+        break;
+
+    case TLS_ST_SR_CHANGE:
+#ifndef OPENSSL_NO_NEXTPROTONEG
+        if (s->s3->npn_seen) {
+            if (mt == SSL3_MT_NEXT_PROTO) {
+                st->hand_state = TLS_ST_SR_NEXT_PROTO;
+                return 1;
+            }
+        } else {
+#endif
+            if (mt == SSL3_MT_FINISHED) {
+                st->hand_state = TLS_ST_SR_FINISHED;
+                return 1;
+            }
+#ifndef OPENSSL_NO_NEXTPROTONEG
+        }
+#endif
+        break;
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    case TLS_ST_SR_NEXT_PROTO:
+        if (mt == SSL3_MT_FINISHED) {
+            st->hand_state = TLS_ST_SR_FINISHED;
+            return 1;
+        }
+        break;
+#endif
+
+    case TLS_ST_SW_FINISHED:
+        if (mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
+            st->hand_state = TLS_ST_SR_CHANGE;
+            return 1;
+        }
+        break;
+    }
+
+ err:
+    /* No valid transition found */
+    if (SSL_IS_DTLS(s) && mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
+        BIO *rbio;
+
+        /*
+         * CCS messages don't have a message sequence number so this is probably
+         * because of an out-of-order CCS. We'll just drop it.
+         */
+        s->init_num = 0;
+        s->rwstate = SSL_READING;
+        rbio = SSL_get_rbio(s);
+        BIO_clear_retry_flags(rbio);
+        BIO_set_retry_read(rbio);
+        return 0;
+    }
+    SSLfatal(s, SSL3_AD_UNEXPECTED_MESSAGE,
+             SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION,
+             SSL_R_UNEXPECTED_MESSAGE);
+    return 0;
+}
+
+/*
+ * Should we send a ServerKeyExchange message?
+ *
+ * Valid return values are:
+ *   1: Yes
+ *   0: No
+ */
+static int send_server_key_exchange(SSL *s)
+{
+    unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+
+    /*
+     * only send a ServerKeyExchange if DH or fortezza but we have a
+     * sign only certificate PSK: may send PSK identity hints For
+     * ECC ciphersuites, we send a serverKeyExchange message only if
+     * the cipher suite is either ECDH-anon or ECDHE. In other cases,
+     * the server certificate contains the server's public key for
+     * key exchange.
+     */
+    if (alg_k & (SSL_kDHE | SSL_kECDHE)
+        /*
+         * PSK: send ServerKeyExchange if PSK identity hint if
+         * provided
+         */
+#ifndef OPENSSL_NO_PSK
+        /* Only send SKE if we have identity hint for plain PSK */
+        || ((alg_k & (SSL_kPSK | SSL_kRSAPSK))
+            && s->cert->psk_identity_hint)
+        /* For other PSK always send SKE */
+        || (alg_k & (SSL_PSK & (SSL_kDHEPSK | SSL_kECDHEPSK)))
+#endif
+#ifndef OPENSSL_NO_SRP
+        /* SRP: send ServerKeyExchange */
+        || (alg_k & SSL_kSRP)
+#endif
+        ) {
+        return 1;
+    }
+
+    return 0;
+}
+
+/*
+ * Should we send a CertificateRequest message?
+ *
+ * Valid return values are:
+ *   1: Yes
+ *   0: No
+ */
+int send_certificate_request(SSL *s)
+{
+    if (
+           /* don't request cert unless asked for it: */
+           s->verify_mode & SSL_VERIFY_PEER
+           /*
+            * don't request if post-handshake-only unless doing
+            * post-handshake in TLSv1.3:
+            */
+           && (!SSL_IS_TLS13(s) || !(s->verify_mode & SSL_VERIFY_POST_HANDSHAKE)
+               || s->post_handshake_auth == SSL_PHA_REQUEST_PENDING)
+           /*
+            * if SSL_VERIFY_CLIENT_ONCE is set, don't request cert
+            * a second time:
+            */
+           && (s->certreqs_sent < 1 ||
+               !(s->verify_mode & SSL_VERIFY_CLIENT_ONCE))
+           /*
+            * never request cert in anonymous ciphersuites (see
+            * section "Certificate request" in SSL 3 drafts and in
+            * RFC 2246):
+            */
+           && (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
+               /*
+                * ... except when the application insists on
+                * verification (against the specs, but statem_clnt.c accepts
+                * this for SSL 3)
+                */
+               || (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))
+           /* don't request certificate for SRP auth */
+           && !(s->s3->tmp.new_cipher->algorithm_auth & SSL_aSRP)
+           /*
+            * With normal PSK Certificates and Certificate Requests
+            * are omitted
+            */
+           && !(s->s3->tmp.new_cipher->algorithm_auth & SSL_aPSK)) {
+        return 1;
+    }
+
+    return 0;
+}
+
+/*
+ * ossl_statem_server13_write_transition() works out what handshake state to
+ * move to next when a TLSv1.3 server is writing messages to be sent to the
+ * client.
+ */
+static WRITE_TRAN ossl_statem_server13_write_transition(SSL *s)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    /*
+     * No case for TLS_ST_BEFORE, because at that stage we have not negotiated
+     * TLSv1.3 yet, so that is handled by ossl_statem_server_write_transition()
+     */
+
+    switch (st->hand_state) {
+    default:
+        /* Shouldn't happen */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_OSSL_STATEM_SERVER13_WRITE_TRANSITION,
+                 ERR_R_INTERNAL_ERROR);
+        return WRITE_TRAN_ERROR;
+
+    case TLS_ST_OK:
+        if (s->key_update != SSL_KEY_UPDATE_NONE) {
+            st->hand_state = TLS_ST_SW_KEY_UPDATE;
+            return WRITE_TRAN_CONTINUE;
+        }
+        if (s->post_handshake_auth == SSL_PHA_REQUEST_PENDING) {
+            st->hand_state = TLS_ST_SW_CERT_REQ;
+            return WRITE_TRAN_CONTINUE;
+        }
+        /* Try to read from the client instead */
+        return WRITE_TRAN_FINISHED;
+
+    case TLS_ST_SR_CLNT_HELLO:
+        st->hand_state = TLS_ST_SW_SRVR_HELLO;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_SW_SRVR_HELLO:
+        if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0
+                && s->hello_retry_request != SSL_HRR_COMPLETE)
+            st->hand_state = TLS_ST_SW_CHANGE;
+        else if (s->hello_retry_request == SSL_HRR_PENDING)
+            st->hand_state = TLS_ST_EARLY_DATA;
+        else
+            st->hand_state = TLS_ST_SW_ENCRYPTED_EXTENSIONS;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_SW_CHANGE:
+        if (s->hello_retry_request == SSL_HRR_PENDING)
+            st->hand_state = TLS_ST_EARLY_DATA;
+        else
+            st->hand_state = TLS_ST_SW_ENCRYPTED_EXTENSIONS;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_SW_ENCRYPTED_EXTENSIONS:
+        if (s->hit)
+            st->hand_state = TLS_ST_SW_FINISHED;
+        else if (send_certificate_request(s))
+            st->hand_state = TLS_ST_SW_CERT_REQ;
+        else
+            st->hand_state = TLS_ST_SW_CERT;
+
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_SW_CERT_REQ:
+        if (s->post_handshake_auth == SSL_PHA_REQUEST_PENDING) {
+            s->post_handshake_auth = SSL_PHA_REQUESTED;
+            st->hand_state = TLS_ST_OK;
+        } else {
+            st->hand_state = TLS_ST_SW_CERT;
+        }
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_SW_CERT:
+        st->hand_state = TLS_ST_SW_CERT_VRFY;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_SW_CERT_VRFY:
+        st->hand_state = TLS_ST_SW_FINISHED;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_SW_FINISHED:
+        st->hand_state = TLS_ST_EARLY_DATA;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_EARLY_DATA:
+        return WRITE_TRAN_FINISHED;
+
+    case TLS_ST_SR_FINISHED:
+        /*
+         * Technically we have finished the handshake at this point, but we're
+         * going to remain "in_init" for now and write out any session tickets
+         * immediately.
+         */
+        if (s->post_handshake_auth == SSL_PHA_REQUESTED) {
+            s->post_handshake_auth = SSL_PHA_EXT_RECEIVED;
+        } else if (!s->ext.ticket_expected) {
+            /*
+             * If we're not going to renew the ticket then we just finish the
+             * handshake at this point.
+             */
+            st->hand_state = TLS_ST_OK;
+            return WRITE_TRAN_CONTINUE;
+        }
+        if (s->num_tickets > s->sent_tickets)
+            st->hand_state = TLS_ST_SW_SESSION_TICKET;
+        else
+            st->hand_state = TLS_ST_OK;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_SR_KEY_UPDATE:
+        if (s->key_update != SSL_KEY_UPDATE_NONE) {
+            st->hand_state = TLS_ST_SW_KEY_UPDATE;
+            return WRITE_TRAN_CONTINUE;
+        }
+        /* Fall through */
+
+    case TLS_ST_SW_KEY_UPDATE:
+        st->hand_state = TLS_ST_OK;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_SW_SESSION_TICKET:
+        /* In a resumption we only ever send a maximum of one new ticket.
+         * Following an initial handshake we send the number of tickets we have
+         * been configured for.
+         */
+        if (s->hit || s->num_tickets <= s->sent_tickets) {
+            /* We've written enough tickets out. */
+            st->hand_state = TLS_ST_OK;
+        }
+        return WRITE_TRAN_CONTINUE;
+    }
+}
+
+/*
+ * ossl_statem_server_write_transition() works out what handshake state to move
+ * to next when the server is writing messages to be sent to the client.
+ */
+WRITE_TRAN ossl_statem_server_write_transition(SSL *s)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    /*
+     * Note that before the ClientHello we don't know what version we are going
+     * to negotiate yet, so we don't take this branch until later
+     */
+
+    if (SSL_IS_TLS13(s))
+        return ossl_statem_server13_write_transition(s);
+
+    switch (st->hand_state) {
+    default:
+        /* Shouldn't happen */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_OSSL_STATEM_SERVER_WRITE_TRANSITION,
+                 ERR_R_INTERNAL_ERROR);
+        return WRITE_TRAN_ERROR;
+
+    case TLS_ST_OK:
+        if (st->request_state == TLS_ST_SW_HELLO_REQ) {
+            /* We must be trying to renegotiate */
+            st->hand_state = TLS_ST_SW_HELLO_REQ;
+            st->request_state = TLS_ST_BEFORE;
+            return WRITE_TRAN_CONTINUE;
+        }
+        /* Must be an incoming ClientHello */
+        if (!tls_setup_handshake(s)) {
+            /* SSLfatal() already called */
+            return WRITE_TRAN_ERROR;
+        }
+        /* Fall through */
+
+    case TLS_ST_BEFORE:
+        /* Just go straight to trying to read from the client */
+        return WRITE_TRAN_FINISHED;
+
+    case TLS_ST_SW_HELLO_REQ:
+        st->hand_state = TLS_ST_OK;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_SR_CLNT_HELLO:
+        if (SSL_IS_DTLS(s) && !s->d1->cookie_verified
+            && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE)) {
+            st->hand_state = DTLS_ST_SW_HELLO_VERIFY_REQUEST;
+        } else if (s->renegotiate == 0 && !SSL_IS_FIRST_HANDSHAKE(s)) {
+            /* We must have rejected the renegotiation */
+            st->hand_state = TLS_ST_OK;
+            return WRITE_TRAN_CONTINUE;
+        } else {
+            st->hand_state = TLS_ST_SW_SRVR_HELLO;
+        }
+        return WRITE_TRAN_CONTINUE;
+
+    case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
+        return WRITE_TRAN_FINISHED;
+
+    case TLS_ST_SW_SRVR_HELLO:
+        if (s->hit) {
+            if (s->ext.ticket_expected)
+                st->hand_state = TLS_ST_SW_SESSION_TICKET;
+            else
+                st->hand_state = TLS_ST_SW_CHANGE;
+        } else {
+            /* Check if it is anon DH or anon ECDH, */
+            /* normal PSK or SRP */
+            if (!(s->s3->tmp.new_cipher->algorithm_auth &
+                  (SSL_aNULL | SSL_aSRP | SSL_aPSK))) {
+                st->hand_state = TLS_ST_SW_CERT;
+            } else if (send_server_key_exchange(s)) {
+                st->hand_state = TLS_ST_SW_KEY_EXCH;
+            } else if (send_certificate_request(s)) {
+                st->hand_state = TLS_ST_SW_CERT_REQ;
+            } else {
+                st->hand_state = TLS_ST_SW_SRVR_DONE;
+            }
+        }
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_SW_CERT:
+        if (s->ext.status_expected) {
+            st->hand_state = TLS_ST_SW_CERT_STATUS;
+            return WRITE_TRAN_CONTINUE;
+        }
+        /* Fall through */
+
+    case TLS_ST_SW_CERT_STATUS:
+        if (send_server_key_exchange(s)) {
+            st->hand_state = TLS_ST_SW_KEY_EXCH;
+            return WRITE_TRAN_CONTINUE;
+        }
+        /* Fall through */
+
+    case TLS_ST_SW_KEY_EXCH:
+        if (send_certificate_request(s)) {
+            st->hand_state = TLS_ST_SW_CERT_REQ;
+            return WRITE_TRAN_CONTINUE;
+        }
+        /* Fall through */
+
+    case TLS_ST_SW_CERT_REQ:
+        st->hand_state = TLS_ST_SW_SRVR_DONE;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_SW_SRVR_DONE:
+        return WRITE_TRAN_FINISHED;
+
+    case TLS_ST_SR_FINISHED:
+        if (s->hit) {
+            st->hand_state = TLS_ST_OK;
+            return WRITE_TRAN_CONTINUE;
+        } else if (s->ext.ticket_expected) {
+            st->hand_state = TLS_ST_SW_SESSION_TICKET;
+        } else {
+            st->hand_state = TLS_ST_SW_CHANGE;
+        }
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_SW_SESSION_TICKET:
+        st->hand_state = TLS_ST_SW_CHANGE;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_SW_CHANGE:
+        st->hand_state = TLS_ST_SW_FINISHED;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_SW_FINISHED:
+        if (s->hit) {
+            return WRITE_TRAN_FINISHED;
+        }
+        st->hand_state = TLS_ST_OK;
+        return WRITE_TRAN_CONTINUE;
+    }
+}
+
+/*
+ * Perform any pre work that needs to be done prior to sending a message from
+ * the server to the client.
+ */
+WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    switch (st->hand_state) {
+    default:
+        /* No pre work to be done */
+        break;
+
+    case TLS_ST_SW_HELLO_REQ:
+        s->shutdown = 0;
+        if (SSL_IS_DTLS(s))
+            dtls1_clear_sent_buffer(s);
+        break;
+
+    case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
+        s->shutdown = 0;
+        if (SSL_IS_DTLS(s)) {
+            dtls1_clear_sent_buffer(s);
+            /* We don't buffer this message so don't use the timer */
+            st->use_timer = 0;
+        }
+        break;
+
+    case TLS_ST_SW_SRVR_HELLO:
+        if (SSL_IS_DTLS(s)) {
+            /*
+             * Messages we write from now on should be buffered and
+             * retransmitted if necessary, so we need to use the timer now
+             */
+            st->use_timer = 1;
+        }
+        break;
+
+    case TLS_ST_SW_SRVR_DONE:
+#ifndef OPENSSL_NO_SCTP
+        if (SSL_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(s))) {
+            /* Calls SSLfatal() as required */
+            return dtls_wait_for_dry(s);
+        }
+#endif
+        return WORK_FINISHED_CONTINUE;
+
+    case TLS_ST_SW_SESSION_TICKET:
+        if (SSL_IS_TLS13(s) && s->sent_tickets == 0) {
+            /*
+             * Actually this is the end of the handshake, but we're going
+             * straight into writing the session ticket out. So we finish off
+             * the handshake, but keep the various buffers active.
+             *
+             * Calls SSLfatal as required.
+             */
+            return tls_finish_handshake(s, wst, 0, 0);
+        } if (SSL_IS_DTLS(s)) {
+            /*
+             * We're into the last flight. We don't retransmit the last flight
+             * unless we need to, so we don't use the timer
+             */
+            st->use_timer = 0;
+        }
+        break;
+
+    case TLS_ST_SW_CHANGE:
+        if (SSL_IS_TLS13(s))
+            break;
+        s->session->cipher = s->s3->tmp.new_cipher;
+        if (!s->method->ssl3_enc->setup_key_block(s)) {
+            /* SSLfatal() already called */
+            return WORK_ERROR;
+        }
+        if (SSL_IS_DTLS(s)) {
+            /*
+             * We're into the last flight. We don't retransmit the last flight
+             * unless we need to, so we don't use the timer. This might have
+             * already been set to 0 if we sent a NewSessionTicket message,
+             * but we'll set it again here in case we didn't.
+             */
+            st->use_timer = 0;
+        }
+        return WORK_FINISHED_CONTINUE;
+
+    case TLS_ST_EARLY_DATA:
+        if (s->early_data_state != SSL_EARLY_DATA_ACCEPTING
+                && (s->s3->flags & TLS1_FLAGS_STATELESS) == 0)
+            return WORK_FINISHED_CONTINUE;
+        /* Fall through */
+
+    case TLS_ST_OK:
+        /* Calls SSLfatal() as required */
+        return tls_finish_handshake(s, wst, 1, 1);
+    }
+
+    return WORK_FINISHED_CONTINUE;
+}
+
+static ossl_inline int conn_is_closed(void)
+{
+    switch (get_last_sys_error()) {
+#if defined(EPIPE)
+    case EPIPE:
+        return 1;
+#endif
+#if defined(ECONNRESET)
+    case ECONNRESET:
+        return 1;
+#endif
+    default:
+        return 0;
+    }
+}
+
+/*
+ * Perform any work that needs to be done after sending a message from the
+ * server to the client.
+ */
+WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    s->init_num = 0;
+
+    switch (st->hand_state) {
+    default:
+        /* No post work to be done */
+        break;
+
+    case TLS_ST_SW_HELLO_REQ:
+        if (statem_flush(s) != 1)
+            return WORK_MORE_A;
+        if (!ssl3_init_finished_mac(s)) {
+            /* SSLfatal() already called */
+            return WORK_ERROR;
+        }
+        break;
+
+    case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
+        if (statem_flush(s) != 1)
+            return WORK_MORE_A;
+        /* HelloVerifyRequest resets Finished MAC */
+        if (s->version != DTLS1_BAD_VER && !ssl3_init_finished_mac(s)) {
+            /* SSLfatal() already called */
+            return WORK_ERROR;
+        }
+        /*
+         * The next message should be another ClientHello which we need to
+         * treat like it was the first packet
+         */
+        s->first_packet = 1;
+        break;
+
+    case TLS_ST_SW_SRVR_HELLO:
+        if (SSL_IS_TLS13(s) && s->hello_retry_request == SSL_HRR_PENDING) {
+            if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) == 0
+                    && statem_flush(s) != 1)
+                return WORK_MORE_A;
+            break;
+        }
+#ifndef OPENSSL_NO_SCTP
+        if (SSL_IS_DTLS(s) && s->hit) {
+            unsigned char sctpauthkey[64];
+            char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
+
+            /*
+             * Add new shared key for SCTP-Auth, will be ignored if no
+             * SCTP used.
+             */
+            memcpy(labelbuffer, DTLS1_SCTP_AUTH_LABEL,
+                   sizeof(DTLS1_SCTP_AUTH_LABEL));
+
+            if (SSL_export_keying_material(s, sctpauthkey,
+                                           sizeof(sctpauthkey), labelbuffer,
+                                           sizeof(labelbuffer), NULL, 0,
+                                           0) <= 0) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_OSSL_STATEM_SERVER_POST_WORK,
+                         ERR_R_INTERNAL_ERROR);
+                return WORK_ERROR;
+            }
+
+            BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
+                     sizeof(sctpauthkey), sctpauthkey);
+        }
+#endif
+        if (!SSL_IS_TLS13(s)
+                || ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0
+                    && s->hello_retry_request != SSL_HRR_COMPLETE))
+            break;
+        /* Fall through */
+
+    case TLS_ST_SW_CHANGE:
+        if (s->hello_retry_request == SSL_HRR_PENDING) {
+            if (!statem_flush(s))
+                return WORK_MORE_A;
+            break;
+        }
+
+        if (SSL_IS_TLS13(s)) {
+            if (!s->method->ssl3_enc->setup_key_block(s)
+                || !s->method->ssl3_enc->change_cipher_state(s,
+                        SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_SERVER_WRITE)) {
+                /* SSLfatal() already called */
+                return WORK_ERROR;
+            }
+
+            if (s->ext.early_data != SSL_EARLY_DATA_ACCEPTED
+                && !s->method->ssl3_enc->change_cipher_state(s,
+                        SSL3_CC_HANDSHAKE |SSL3_CHANGE_CIPHER_SERVER_READ)) {
+                /* SSLfatal() already called */
+                return WORK_ERROR;
+            }
+            /*
+             * We don't yet know whether the next record we are going to receive
+             * is an unencrypted alert, an encrypted alert, or an encrypted
+             * handshake message. We temporarily tolerate unencrypted alerts.
+             */
+            s->statem.enc_read_state = ENC_READ_STATE_ALLOW_PLAIN_ALERTS;
+            break;
+        }
+
+#ifndef OPENSSL_NO_SCTP
+        if (SSL_IS_DTLS(s) && !s->hit) {
+            /*
+             * Change to new shared key of SCTP-Auth, will be ignored if
+             * no SCTP used.
+             */
+            BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY,
+                     0, NULL);
+        }
+#endif
+        if (!s->method->ssl3_enc->change_cipher_state(s,
+                                                      SSL3_CHANGE_CIPHER_SERVER_WRITE))
+        {
+            /* SSLfatal() already called */
+            return WORK_ERROR;
+        }
+
+        if (SSL_IS_DTLS(s))
+            dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
+        break;
+
+    case TLS_ST_SW_SRVR_DONE:
+        if (statem_flush(s) != 1)
+            return WORK_MORE_A;
+        break;
+
+    case TLS_ST_SW_FINISHED:
+        if (statem_flush(s) != 1)
+            return WORK_MORE_A;
+#ifndef OPENSSL_NO_SCTP
+        if (SSL_IS_DTLS(s) && s->hit) {
+            /*
+             * Change to new shared key of SCTP-Auth, will be ignored if
+             * no SCTP used.
+             */
+            BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY,
+                     0, NULL);
+        }
+#endif
+        if (SSL_IS_TLS13(s)) {
+            if (!s->method->ssl3_enc->generate_master_secret(s,
+                        s->master_secret, s->handshake_secret, 0,
+                        &s->session->master_key_length)
+                || !s->method->ssl3_enc->change_cipher_state(s,
+                        SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_SERVER_WRITE))
+            /* SSLfatal() already called */
+            return WORK_ERROR;
+        }
+        break;
+
+    case TLS_ST_SW_CERT_REQ:
+        if (s->post_handshake_auth == SSL_PHA_REQUEST_PENDING) {
+            if (statem_flush(s) != 1)
+                return WORK_MORE_A;
+        }
+        break;
+
+    case TLS_ST_SW_KEY_UPDATE:
+        if (statem_flush(s) != 1)
+            return WORK_MORE_A;
+        if (!tls13_update_key(s, 1)) {
+            /* SSLfatal() already called */
+            return WORK_ERROR;
+        }
+        break;
+
+    case TLS_ST_SW_SESSION_TICKET:
+        clear_sys_error();
+        if (SSL_IS_TLS13(s) && statem_flush(s) != 1) {
+            if (SSL_get_error(s, 0) == SSL_ERROR_SYSCALL
+                    && conn_is_closed()) {
+                /*
+                 * We ignore connection closed errors in TLSv1.3 when sending a
+                 * NewSessionTicket and behave as if we were successful. This is
+                 * so that we are still able to read data sent to us by a client
+                 * that closes soon after the end of the handshake without
+                 * waiting to read our post-handshake NewSessionTickets.
+                 */
+                s->rwstate = SSL_NOTHING;
+                break;
+            }
+
+            return WORK_MORE_A;
+        }
+        break;
+    }
+
+    return WORK_FINISHED_CONTINUE;
+}
+
+/*
+ * Get the message construction function and message type for sending from the
+ * server
+ *
+ * Valid return values are:
+ *   1: Success
+ *   0: Error
+ */
+int ossl_statem_server_construct_message(SSL *s, WPACKET *pkt,
+                                         confunc_f *confunc, int *mt)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    switch (st->hand_state) {
+    default:
+        /* Shouldn't happen */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE,
+                 SSL_R_BAD_HANDSHAKE_STATE);
+        return 0;
+
+    case TLS_ST_SW_CHANGE:
+        if (SSL_IS_DTLS(s))
+            *confunc = dtls_construct_change_cipher_spec;
+        else
+            *confunc = tls_construct_change_cipher_spec;
+        *mt = SSL3_MT_CHANGE_CIPHER_SPEC;
+        break;
+
+    case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
+        *confunc = dtls_construct_hello_verify_request;
+        *mt = DTLS1_MT_HELLO_VERIFY_REQUEST;
+        break;
+
+    case TLS_ST_SW_HELLO_REQ:
+        /* No construction function needed */
+        *confunc = NULL;
+        *mt = SSL3_MT_HELLO_REQUEST;
+        break;
+
+    case TLS_ST_SW_SRVR_HELLO:
+        *confunc = tls_construct_server_hello;
+        *mt = SSL3_MT_SERVER_HELLO;
+        break;
+
+    case TLS_ST_SW_CERT:
+        *confunc = tls_construct_server_certificate;
+        *mt = SSL3_MT_CERTIFICATE;
+        break;
+
+    case TLS_ST_SW_CERT_VRFY:
+        *confunc = tls_construct_cert_verify;
+        *mt = SSL3_MT_CERTIFICATE_VERIFY;
+        break;
+
+
+    case TLS_ST_SW_KEY_EXCH:
+        *confunc = tls_construct_server_key_exchange;
+        *mt = SSL3_MT_SERVER_KEY_EXCHANGE;
+        break;
+
+    case TLS_ST_SW_CERT_REQ:
+        *confunc = tls_construct_certificate_request;
+        *mt = SSL3_MT_CERTIFICATE_REQUEST;
+        break;
+
+    case TLS_ST_SW_SRVR_DONE:
+        *confunc = tls_construct_server_done;
+        *mt = SSL3_MT_SERVER_DONE;
+        break;
+
+    case TLS_ST_SW_SESSION_TICKET:
+        *confunc = tls_construct_new_session_ticket;
+        *mt = SSL3_MT_NEWSESSION_TICKET;
+        break;
+
+    case TLS_ST_SW_CERT_STATUS:
+        *confunc = tls_construct_cert_status;
+        *mt = SSL3_MT_CERTIFICATE_STATUS;
+        break;
+
+    case TLS_ST_SW_FINISHED:
+        *confunc = tls_construct_finished;
+        *mt = SSL3_MT_FINISHED;
+        break;
+
+    case TLS_ST_EARLY_DATA:
+        *confunc = NULL;
+        *mt = SSL3_MT_DUMMY;
+        break;
+
+    case TLS_ST_SW_ENCRYPTED_EXTENSIONS:
+        *confunc = tls_construct_encrypted_extensions;
+        *mt = SSL3_MT_ENCRYPTED_EXTENSIONS;
+        break;
+
+    case TLS_ST_SW_KEY_UPDATE:
+        *confunc = tls_construct_key_update;
+        *mt = SSL3_MT_KEY_UPDATE;
+        break;
+    }
+
+    return 1;
+}
+
+/*
+ * Maximum size (excluding the Handshake header) of a ClientHello message,
+ * calculated as follows:
+ *
+ *  2 + # client_version
+ *  32 + # only valid length for random
+ *  1 + # length of session_id
+ *  32 + # maximum size for session_id
+ *  2 + # length of cipher suites
+ *  2^16-2 + # maximum length of cipher suites array
+ *  1 + # length of compression_methods
+ *  2^8-1 + # maximum length of compression methods
+ *  2 + # length of extensions
+ *  2^16-1 # maximum length of extensions
+ */
+#define CLIENT_HELLO_MAX_LENGTH         131396
+
+#define CLIENT_KEY_EXCH_MAX_LENGTH      2048
+#define NEXT_PROTO_MAX_LENGTH           514
+
+/*
+ * Returns the maximum allowed length for the current message that we are
+ * reading. Excludes the message header.
+ */
+size_t ossl_statem_server_max_message_size(SSL *s)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    switch (st->hand_state) {
+    default:
+        /* Shouldn't happen */
+        return 0;
+
+    case TLS_ST_SR_CLNT_HELLO:
+        return CLIENT_HELLO_MAX_LENGTH;
+
+    case TLS_ST_SR_END_OF_EARLY_DATA:
+        return END_OF_EARLY_DATA_MAX_LENGTH;
+
+    case TLS_ST_SR_CERT:
+        return s->max_cert_list;
+
+    case TLS_ST_SR_KEY_EXCH:
+        return CLIENT_KEY_EXCH_MAX_LENGTH;
+
+    case TLS_ST_SR_CERT_VRFY:
+        return SSL3_RT_MAX_PLAIN_LENGTH;
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    case TLS_ST_SR_NEXT_PROTO:
+        return NEXT_PROTO_MAX_LENGTH;
+#endif
+
+    case TLS_ST_SR_CHANGE:
+        return CCS_MAX_LENGTH;
+
+    case TLS_ST_SR_FINISHED:
+        return FINISHED_MAX_LENGTH;
+
+    case TLS_ST_SR_KEY_UPDATE:
+        return KEY_UPDATE_MAX_LENGTH;
+    }
+}
+
+/*
+ * Process a message that the server has received from the client.
+ */
+MSG_PROCESS_RETURN ossl_statem_server_process_message(SSL *s, PACKET *pkt)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    switch (st->hand_state) {
+    default:
+        /* Shouldn't happen */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_OSSL_STATEM_SERVER_PROCESS_MESSAGE,
+                 ERR_R_INTERNAL_ERROR);
+        return MSG_PROCESS_ERROR;
+
+    case TLS_ST_SR_CLNT_HELLO:
+        return tls_process_client_hello(s, pkt);
+
+    case TLS_ST_SR_END_OF_EARLY_DATA:
+        return tls_process_end_of_early_data(s, pkt);
+
+    case TLS_ST_SR_CERT:
+        return tls_process_client_certificate(s, pkt);
+
+    case TLS_ST_SR_KEY_EXCH:
+        return tls_process_client_key_exchange(s, pkt);
+
+    case TLS_ST_SR_CERT_VRFY:
+        return tls_process_cert_verify(s, pkt);
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    case TLS_ST_SR_NEXT_PROTO:
+        return tls_process_next_proto(s, pkt);
+#endif
+
+    case TLS_ST_SR_CHANGE:
+        return tls_process_change_cipher_spec(s, pkt);
+
+    case TLS_ST_SR_FINISHED:
+        return tls_process_finished(s, pkt);
+
+    case TLS_ST_SR_KEY_UPDATE:
+        return tls_process_key_update(s, pkt);
+
+    }
+}
+
+/*
+ * Perform any further processing required following the receipt of a message
+ * from the client
+ */
+WORK_STATE ossl_statem_server_post_process_message(SSL *s, WORK_STATE wst)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    switch (st->hand_state) {
+    default:
+        /* Shouldn't happen */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_OSSL_STATEM_SERVER_POST_PROCESS_MESSAGE,
+                 ERR_R_INTERNAL_ERROR);
+        return WORK_ERROR;
+
+    case TLS_ST_SR_CLNT_HELLO:
+        return tls_post_process_client_hello(s, wst);
+
+    case TLS_ST_SR_KEY_EXCH:
+        return tls_post_process_client_key_exchange(s, wst);
+    }
+}
+
+#ifndef OPENSSL_NO_SRP
+/* Returns 1 on success, 0 for retryable error, -1 for fatal error */
+static int ssl_check_srp_ext_ClientHello(SSL *s)
+{
+    int ret;
+    int al = SSL_AD_UNRECOGNIZED_NAME;
+
+    if ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) &&
+        (s->srp_ctx.TLS_ext_srp_username_callback != NULL)) {
+        if (s->srp_ctx.login == NULL) {
+            /*
+             * RFC 5054 says SHOULD reject, we do so if There is no srp
+             * login name
+             */
+            SSLfatal(s, SSL_AD_UNKNOWN_PSK_IDENTITY,
+                     SSL_F_SSL_CHECK_SRP_EXT_CLIENTHELLO,
+                     SSL_R_PSK_IDENTITY_NOT_FOUND);
+            return -1;
+        } else {
+            ret = SSL_srp_server_param_with_username(s, &al);
+            if (ret < 0)
+                return 0;
+            if (ret == SSL3_AL_FATAL) {
+                SSLfatal(s, al, SSL_F_SSL_CHECK_SRP_EXT_CLIENTHELLO,
+                         al == SSL_AD_UNKNOWN_PSK_IDENTITY
+                         ? SSL_R_PSK_IDENTITY_NOT_FOUND
+                         : SSL_R_CLIENTHELLO_TLSEXT);
+                return -1;
+            }
+        }
+    }
+    return 1;
+}
+#endif
+
+int dtls_raw_hello_verify_request(WPACKET *pkt, unsigned char *cookie,
+                                  size_t cookie_len)
+{
+    /* Always use DTLS 1.0 version: see RFC 6347 */
+    if (!WPACKET_put_bytes_u16(pkt, DTLS1_VERSION)
+            || !WPACKET_sub_memcpy_u8(pkt, cookie, cookie_len))
+        return 0;
+
+    return 1;
+}
+
+int dtls_construct_hello_verify_request(SSL *s, WPACKET *pkt)
+{
+    unsigned int cookie_leni;
+    if (s->ctx->app_gen_cookie_cb == NULL ||
+        s->ctx->app_gen_cookie_cb(s, s->d1->cookie,
+                                  &cookie_leni) == 0 ||
+        cookie_leni > 255) {
+        SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST,
+                 SSL_R_COOKIE_GEN_CALLBACK_FAILURE);
+        return 0;
+    }
+    s->d1->cookie_len = cookie_leni;
+
+    if (!dtls_raw_hello_verify_request(pkt, s->d1->cookie,
+                                              s->d1->cookie_len)) {
+        SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_EC
+/*-
+ * ssl_check_for_safari attempts to fingerprint Safari using OS X
+ * SecureTransport using the TLS extension block in |hello|.
+ * Safari, since 10.6, sends exactly these extensions, in this order:
+ *   SNI,
+ *   elliptic_curves
+ *   ec_point_formats
+ *   signature_algorithms (for TLSv1.2 only)
+ *
+ * We wish to fingerprint Safari because they broke ECDHE-ECDSA support in 10.8,
+ * but they advertise support. So enabling ECDHE-ECDSA ciphers breaks them.
+ * Sadly we cannot differentiate 10.6, 10.7 and 10.8.4 (which work), from
+ * 10.8..10.8.3 (which don't work).
+ */
+static void ssl_check_for_safari(SSL *s, const CLIENTHELLO_MSG *hello)
+{
+    static const unsigned char kSafariExtensionsBlock[] = {
+        0x00, 0x0a,             /* elliptic_curves extension */
+        0x00, 0x08,             /* 8 bytes */
+        0x00, 0x06,             /* 6 bytes of curve ids */
+        0x00, 0x17,             /* P-256 */
+        0x00, 0x18,             /* P-384 */
+        0x00, 0x19,             /* P-521 */
+
+        0x00, 0x0b,             /* ec_point_formats */
+        0x00, 0x02,             /* 2 bytes */
+        0x01,                   /* 1 point format */
+        0x00,                   /* uncompressed */
+        /* The following is only present in TLS 1.2 */
+        0x00, 0x0d,             /* signature_algorithms */
+        0x00, 0x0c,             /* 12 bytes */
+        0x00, 0x0a,             /* 10 bytes */
+        0x05, 0x01,             /* SHA-384/RSA */
+        0x04, 0x01,             /* SHA-256/RSA */
+        0x02, 0x01,             /* SHA-1/RSA */
+        0x04, 0x03,             /* SHA-256/ECDSA */
+        0x02, 0x03,             /* SHA-1/ECDSA */
+    };
+    /* Length of the common prefix (first two extensions). */
+    static const size_t kSafariCommonExtensionsLength = 18;
+    unsigned int type;
+    PACKET sni, tmppkt;
+    size_t ext_len;
+
+    tmppkt = hello->extensions;
+
+    if (!PACKET_forward(&tmppkt, 2)
+        || !PACKET_get_net_2(&tmppkt, &type)
+        || !PACKET_get_length_prefixed_2(&tmppkt, &sni)) {
+        return;
+    }
+
+    if (type != TLSEXT_TYPE_server_name)
+        return;
+
+    ext_len = TLS1_get_client_version(s) >= TLS1_2_VERSION ?
+        sizeof(kSafariExtensionsBlock) : kSafariCommonExtensionsLength;
+
+    s->s3->is_probably_safari = PACKET_equal(&tmppkt, kSafariExtensionsBlock,
+                                             ext_len);
+}
+#endif                          /* !OPENSSL_NO_EC */
+
+MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
+{
+    /* |cookie| will only be initialized for DTLS. */
+    PACKET session_id, compression, extensions, cookie;
+    static const unsigned char null_compression = 0;
+    CLIENTHELLO_MSG *clienthello = NULL;
+
+    /* Check if this is actually an unexpected renegotiation ClientHello */
+    if (s->renegotiate == 0 && !SSL_IS_FIRST_HANDSHAKE(s)) {
+        if (!ossl_assert(!SSL_IS_TLS13(s))) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        if ((s->options & SSL_OP_NO_RENEGOTIATION) != 0
+                || (!s->s3->send_connection_binding
+                    && (s->options
+                        & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) == 0)) {
+            ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
+            return MSG_PROCESS_FINISHED_READING;
+        }
+        s->renegotiate = 1;
+        s->new_session = 1;
+    }
+
+    clienthello = OPENSSL_zalloc(sizeof(*clienthello));
+    if (clienthello == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    /*
+     * First, parse the raw ClientHello data into the CLIENTHELLO_MSG structure.
+     */
+    clienthello->isv2 = RECORD_LAYER_is_sslv2_record(&s->rlayer);
+    PACKET_null_init(&cookie);
+
+    if (clienthello->isv2) {
+        unsigned int mt;
+
+        if (!SSL_IS_FIRST_HANDSHAKE(s)
+                || s->hello_retry_request != SSL_HRR_NONE) {
+            SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
+                     SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_UNEXPECTED_MESSAGE);
+            goto err;
+        }
+
+        /*-
+         * An SSLv3/TLSv1 backwards-compatible CLIENT-HELLO in an SSLv2
+         * header is sent directly on the wire, not wrapped as a TLS
+         * record. Our record layer just processes the message length and passes
+         * the rest right through. Its format is:
+         * Byte  Content
+         * 0-1   msg_length - decoded by the record layer
+         * 2     msg_type - s->init_msg points here
+         * 3-4   version
+         * 5-6   cipher_spec_length
+         * 7-8   session_id_length
+         * 9-10  challenge_length
+         * ...   ...
+         */
+
+        if (!PACKET_get_1(pkt, &mt)
+            || mt != SSL2_MT_CLIENT_HELLO) {
+            /*
+             * Should never happen. We should have tested this in the record
+             * layer in order to have determined that this is a SSLv2 record
+             * in the first place
+             */
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+    }
+
+    if (!PACKET_get_net_2(pkt, &clienthello->legacy_version)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,
+                 SSL_R_LENGTH_TOO_SHORT);
+        goto err;
+    }
+
+    /* Parse the message and load client random. */
+    if (clienthello->isv2) {
+        /*
+         * Handle an SSLv2 backwards compatible ClientHello
+         * Note, this is only for SSLv3+ using the backward compatible format.
+         * Real SSLv2 is not supported, and is rejected below.
+         */
+        unsigned int ciphersuite_len, session_id_len, challenge_len;
+        PACKET challenge;
+
+        if (!PACKET_get_net_2(pkt, &ciphersuite_len)
+            || !PACKET_get_net_2(pkt, &session_id_len)
+            || !PACKET_get_net_2(pkt, &challenge_len)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,
+                     SSL_R_RECORD_LENGTH_MISMATCH);
+            goto err;
+        }
+
+        if (session_id_len > SSL_MAX_SSL_SESSION_ID_LENGTH) {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                     SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
+            goto err;
+        }
+
+        if (!PACKET_get_sub_packet(pkt, &clienthello->ciphersuites,
+                                   ciphersuite_len)
+            || !PACKET_copy_bytes(pkt, clienthello->session_id, session_id_len)
+            || !PACKET_get_sub_packet(pkt, &challenge, challenge_len)
+            /* No extensions. */
+            || PACKET_remaining(pkt) != 0) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,
+                     SSL_R_RECORD_LENGTH_MISMATCH);
+            goto err;
+        }
+        clienthello->session_id_len = session_id_len;
+
+        /* Load the client random and compression list. We use SSL3_RANDOM_SIZE
+         * here rather than sizeof(clienthello->random) because that is the limit
+         * for SSLv3 and it is fixed. It won't change even if
+         * sizeof(clienthello->random) does.
+         */
+        challenge_len = challenge_len > SSL3_RANDOM_SIZE
+                        ? SSL3_RANDOM_SIZE : challenge_len;
+        memset(clienthello->random, 0, SSL3_RANDOM_SIZE);
+        if (!PACKET_copy_bytes(&challenge,
+                               clienthello->random + SSL3_RANDOM_SIZE -
+                               challenge_len, challenge_len)
+            /* Advertise only null compression. */
+            || !PACKET_buf_init(&compression, &null_compression, 1)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        PACKET_null_init(&clienthello->extensions);
+    } else {
+        /* Regular ClientHello. */
+        if (!PACKET_copy_bytes(pkt, clienthello->random, SSL3_RANDOM_SIZE)
+            || !PACKET_get_length_prefixed_1(pkt, &session_id)
+            || !PACKET_copy_all(&session_id, clienthello->session_id,
+                    SSL_MAX_SSL_SESSION_ID_LENGTH,
+                    &clienthello->session_id_len)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,
+                     SSL_R_LENGTH_MISMATCH);
+            goto err;
+        }
+
+        if (SSL_IS_DTLS(s)) {
+            if (!PACKET_get_length_prefixed_1(pkt, &cookie)) {
+                SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,
+                         SSL_R_LENGTH_MISMATCH);
+                goto err;
+            }
+            if (!PACKET_copy_all(&cookie, clienthello->dtls_cookie,
+                                 DTLS1_COOKIE_LENGTH,
+                                 &clienthello->dtls_cookie_len)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_PROCESS_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            /*
+             * If we require cookies and this ClientHello doesn't contain one,
+             * just return since we do not want to allocate any memory yet.
+             * So check cookie length...
+             */
+            if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) {
+                if (clienthello->dtls_cookie_len == 0)
+                    return MSG_PROCESS_FINISHED_READING;
+            }
+        }
+
+        if (!PACKET_get_length_prefixed_2(pkt, &clienthello->ciphersuites)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,
+                     SSL_R_LENGTH_MISMATCH);
+            goto err;
+        }
+
+        if (!PACKET_get_length_prefixed_1(pkt, &compression)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,
+                     SSL_R_LENGTH_MISMATCH);
+            goto err;
+        }
+
+        /* Could be empty. */
+        if (PACKET_remaining(pkt) == 0) {
+            PACKET_null_init(&clienthello->extensions);
+        } else {
+            if (!PACKET_get_length_prefixed_2(pkt, &clienthello->extensions)
+                    || PACKET_remaining(pkt) != 0) {
+                SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,
+                         SSL_R_LENGTH_MISMATCH);
+                goto err;
+            }
+        }
+    }
+
+    if (!PACKET_copy_all(&compression, clienthello->compressions,
+                         MAX_COMPRESSIONS_SIZE,
+                         &clienthello->compressions_len)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    /* Preserve the raw extensions PACKET for later use */
+    extensions = clienthello->extensions;
+    if (!tls_collect_extensions(s, &extensions, SSL_EXT_CLIENT_HELLO,
+                                &clienthello->pre_proc_exts,
+                                &clienthello->pre_proc_exts_len, 1)) {
+        /* SSLfatal already been called */
+        goto err;
+    }
+    s->clienthello = clienthello;
+
+    return MSG_PROCESS_CONTINUE_PROCESSING;
+
+ err:
+    if (clienthello != NULL)
+        OPENSSL_free(clienthello->pre_proc_exts);
+    OPENSSL_free(clienthello);
+
+    return MSG_PROCESS_ERROR;
+}
+
+static int tls_early_post_process_client_hello(SSL *s)
+{
+    unsigned int j;
+    int i, al = SSL_AD_INTERNAL_ERROR;
+    int protverr;
+    size_t loop;
+    unsigned long id;
+#ifndef OPENSSL_NO_COMP
+    SSL_COMP *comp = NULL;
+#endif
+    const SSL_CIPHER *c;
+    STACK_OF(SSL_CIPHER) *ciphers = NULL;
+    STACK_OF(SSL_CIPHER) *scsvs = NULL;
+    CLIENTHELLO_MSG *clienthello = s->clienthello;
+    DOWNGRADE dgrd = DOWNGRADE_NONE;
+
+    /* Finished parsing the ClientHello, now we can start processing it */
+    /* Give the ClientHello callback a crack at things */
+    if (s->ctx->client_hello_cb != NULL) {
+        /* A failure in the ClientHello callback terminates the connection. */
+        switch (s->ctx->client_hello_cb(s, &al, s->ctx->client_hello_cb_arg)) {
+        case SSL_CLIENT_HELLO_SUCCESS:
+            break;
+        case SSL_CLIENT_HELLO_RETRY:
+            s->rwstate = SSL_CLIENT_HELLO_CB;
+            return -1;
+        case SSL_CLIENT_HELLO_ERROR:
+        default:
+            SSLfatal(s, al,
+                     SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                     SSL_R_CALLBACK_FAILED);
+            goto err;
+        }
+    }
+
+    /* Set up the client_random */
+    memcpy(s->s3->client_random, clienthello->random, SSL3_RANDOM_SIZE);
+
+    /* Choose the version */
+
+    if (clienthello->isv2) {
+        if (clienthello->legacy_version == SSL2_VERSION
+                || (clienthello->legacy_version & 0xff00)
+                   != (SSL3_VERSION_MAJOR << 8)) {
+            /*
+             * This is real SSLv2 or something completely unknown. We don't
+             * support it.
+             */
+            SSLfatal(s, SSL_AD_PROTOCOL_VERSION,
+                     SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                     SSL_R_UNKNOWN_PROTOCOL);
+            goto err;
+        }
+        /* SSLv3/TLS */
+        s->client_version = clienthello->legacy_version;
+    }
+    /*
+     * Do SSL/TLS version negotiation if applicable. For DTLS we just check
+     * versions are potentially compatible. Version negotiation comes later.
+     */
+    if (!SSL_IS_DTLS(s)) {
+        protverr = ssl_choose_server_version(s, clienthello, &dgrd);
+    } else if (s->method->version != DTLS_ANY_VERSION &&
+               DTLS_VERSION_LT((int)clienthello->legacy_version, s->version)) {
+        protverr = SSL_R_VERSION_TOO_LOW;
+    } else {
+        protverr = 0;
+    }
+
+    if (protverr) {
+        if (SSL_IS_FIRST_HANDSHAKE(s)) {
+            /* like ssl3_get_record, send alert using remote version number */
+            s->version = s->client_version = clienthello->legacy_version;
+        }
+        SSLfatal(s, SSL_AD_PROTOCOL_VERSION,
+                 SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, protverr);
+        goto err;
+    }
+
+    /* TLSv1.3 specifies that a ClientHello must end on a record boundary */
+    if (SSL_IS_TLS13(s) && RECORD_LAYER_processed_read_pending(&s->rlayer)) {
+        SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
+                 SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                 SSL_R_NOT_ON_RECORD_BOUNDARY);
+        goto err;
+    }
+
+    if (SSL_IS_DTLS(s)) {
+        /* Empty cookie was already handled above by returning early. */
+        if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) {
+            if (s->ctx->app_verify_cookie_cb != NULL) {
+                if (s->ctx->app_verify_cookie_cb(s, clienthello->dtls_cookie,
+                        clienthello->dtls_cookie_len) == 0) {
+                    SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                             SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                             SSL_R_COOKIE_MISMATCH);
+                    goto err;
+                    /* else cookie verification succeeded */
+                }
+                /* default verification */
+            } else if (s->d1->cookie_len != clienthello->dtls_cookie_len
+                    || memcmp(clienthello->dtls_cookie, s->d1->cookie,
+                              s->d1->cookie_len) != 0) {
+                SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                         SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                         SSL_R_COOKIE_MISMATCH);
+                goto err;
+            }
+            s->d1->cookie_verified = 1;
+        }
+        if (s->method->version == DTLS_ANY_VERSION) {
+            protverr = ssl_choose_server_version(s, clienthello, &dgrd);
+            if (protverr != 0) {
+                s->version = s->client_version;
+                SSLfatal(s, SSL_AD_PROTOCOL_VERSION,
+                         SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, protverr);
+                goto err;
+            }
+        }
+    }
+
+    s->hit = 0;
+
+    if (!ssl_cache_cipherlist(s, &clienthello->ciphersuites,
+                              clienthello->isv2) ||
+        !bytes_to_cipher_list(s, &clienthello->ciphersuites, &ciphers, &scsvs,
+                              clienthello->isv2, 1)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    s->s3->send_connection_binding = 0;
+    /* Check what signalling cipher-suite values were received. */
+    if (scsvs != NULL) {
+        for(i = 0; i < sk_SSL_CIPHER_num(scsvs); i++) {
+            c = sk_SSL_CIPHER_value(scsvs, i);
+            if (SSL_CIPHER_get_id(c) == SSL3_CK_SCSV) {
+                if (s->renegotiate) {
+                    /* SCSV is fatal if renegotiating */
+                    SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                             SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                             SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
+                    goto err;
+                }
+                s->s3->send_connection_binding = 1;
+            } else if (SSL_CIPHER_get_id(c) == SSL3_CK_FALLBACK_SCSV &&
+                       !ssl_check_version_downgrade(s)) {
+                /*
+                 * This SCSV indicates that the client previously tried
+                 * a higher version.  We should fail if the current version
+                 * is an unexpected downgrade, as that indicates that the first
+                 * connection may have been tampered with in order to trigger
+                 * an insecure downgrade.
+                 */
+                SSLfatal(s, SSL_AD_INAPPROPRIATE_FALLBACK,
+                         SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                         SSL_R_INAPPROPRIATE_FALLBACK);
+                goto err;
+            }
+        }
+    }
+
+    /* For TLSv1.3 we must select the ciphersuite *before* session resumption */
+    if (SSL_IS_TLS13(s)) {
+        const SSL_CIPHER *cipher =
+            ssl3_choose_cipher(s, ciphers, SSL_get_ciphers(s));
+
+        if (cipher == NULL) {
+            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                     SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                     SSL_R_NO_SHARED_CIPHER);
+            goto err;
+        }
+        if (s->hello_retry_request == SSL_HRR_PENDING
+                && (s->s3->tmp.new_cipher == NULL
+                    || s->s3->tmp.new_cipher->id != cipher->id)) {
+            /*
+             * A previous HRR picked a different ciphersuite to the one we
+             * just selected. Something must have changed.
+             */
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                     SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                     SSL_R_BAD_CIPHER);
+            goto err;
+        }
+        s->s3->tmp.new_cipher = cipher;
+    }
+
+    /* We need to do this before getting the session */
+    if (!tls_parse_extension(s, TLSEXT_IDX_extended_master_secret,
+                             SSL_EXT_CLIENT_HELLO,
+                             clienthello->pre_proc_exts, NULL, 0)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    /*
+     * We don't allow resumption in a backwards compatible ClientHello.
+     * TODO(openssl-team): in TLS1.1+, session_id MUST be empty.
+     *
+     * Versions before 0.9.7 always allow clients to resume sessions in
+     * renegotiation. 0.9.7 and later allow this by default, but optionally
+     * ignore resumption requests with flag
+     * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION (it's a new flag rather
+     * than a change to default behavior so that applications relying on
+     * this for security won't even compile against older library versions).
+     * 1.0.1 and later also have a function SSL_renegotiate_abbreviated() to
+     * request renegotiation but not a new session (s->new_session remains
+     * unset): for servers, this essentially just means that the
+     * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION setting will be
+     * ignored.
+     */
+    if (clienthello->isv2 ||
+        (s->new_session &&
+         (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION))) {
+        if (!ssl_get_new_session(s, 1)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    } else {
+        i = ssl_get_prev_session(s, clienthello);
+        if (i == 1) {
+            /* previous session */
+            s->hit = 1;
+        } else if (i == -1) {
+            /* SSLfatal() already called */
+            goto err;
+        } else {
+            /* i == 0 */
+            if (!ssl_get_new_session(s, 1)) {
+                /* SSLfatal() already called */
+                goto err;
+            }
+        }
+    }
+
+    if (SSL_IS_TLS13(s)) {
+        memcpy(s->tmp_session_id, s->clienthello->session_id,
+               s->clienthello->session_id_len);
+        s->tmp_session_id_len = s->clienthello->session_id_len;
+    }
+
+    /*
+     * If it is a hit, check that the cipher is in the list. In TLSv1.3 we check
+     * ciphersuite compatibility with the session as part of resumption.
+     */
+    if (!SSL_IS_TLS13(s) && s->hit) {
+        j = 0;
+        id = s->session->cipher->id;
+
+#ifdef CIPHER_DEBUG
+        fprintf(stderr, "client sent %d ciphers\n", sk_SSL_CIPHER_num(ciphers));
+#endif
+        for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
+            c = sk_SSL_CIPHER_value(ciphers, i);
+#ifdef CIPHER_DEBUG
+            fprintf(stderr, "client [%2d of %2d]:%s\n",
+                    i, sk_SSL_CIPHER_num(ciphers), SSL_CIPHER_get_name(c));
+#endif
+            if (c->id == id) {
+                j = 1;
+                break;
+            }
+        }
+        if (j == 0) {
+            /*
+             * we need to have the cipher in the cipher list if we are asked
+             * to reuse it
+             */
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                     SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                     SSL_R_REQUIRED_CIPHER_MISSING);
+            goto err;
+        }
+    }
+
+    for (loop = 0; loop < clienthello->compressions_len; loop++) {
+        if (clienthello->compressions[loop] == 0)
+            break;
+    }
+
+    if (loop >= clienthello->compressions_len) {
+        /* no compress */
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                 SSL_R_NO_COMPRESSION_SPECIFIED);
+        goto err;
+    }
+
+#ifndef OPENSSL_NO_EC
+    if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
+        ssl_check_for_safari(s, clienthello);
+#endif                          /* !OPENSSL_NO_EC */
+
+    /* TLS extensions */
+    if (!tls_parse_all_extensions(s, SSL_EXT_CLIENT_HELLO,
+                                  clienthello->pre_proc_exts, NULL, 0, 1)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    /*
+     * Check if we want to use external pre-shared secret for this handshake
+     * for not reused session only. We need to generate server_random before
+     * calling tls_session_secret_cb in order to allow SessionTicket
+     * processing to use it in key derivation.
+     */
+    {
+        unsigned char *pos;
+        pos = s->s3->server_random;
+        if (ssl_fill_hello_random(s, 1, pos, SSL3_RANDOM_SIZE, dgrd) <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+    }
+
+    if (!s->hit
+            && s->version >= TLS1_VERSION
+            && !SSL_IS_TLS13(s)
+            && !SSL_IS_DTLS(s)
+            && s->ext.session_secret_cb) {
+        const SSL_CIPHER *pref_cipher = NULL;
+        /*
+         * s->session->master_key_length is a size_t, but this is an int for
+         * backwards compat reasons
+         */
+        int master_key_length;
+
+        master_key_length = sizeof(s->session->master_key);
+        if (s->ext.session_secret_cb(s, s->session->master_key,
+                                     &master_key_length, ciphers,
+                                     &pref_cipher,
+                                     s->ext.session_secret_cb_arg)
+                && master_key_length > 0) {
+            s->session->master_key_length = master_key_length;
+            s->hit = 1;
+            s->session->ciphers = ciphers;
+            s->session->verify_result = X509_V_OK;
+
+            ciphers = NULL;
+
+            /* check if some cipher was preferred by call back */
+            if (pref_cipher == NULL)
+                pref_cipher = ssl3_choose_cipher(s, s->session->ciphers,
+                                                 SSL_get_ciphers(s));
+            if (pref_cipher == NULL) {
+                SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                         SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                         SSL_R_NO_SHARED_CIPHER);
+                goto err;
+            }
+
+            s->session->cipher = pref_cipher;
+            sk_SSL_CIPHER_free(s->cipher_list);
+            s->cipher_list = sk_SSL_CIPHER_dup(s->session->ciphers);
+            sk_SSL_CIPHER_free(s->cipher_list_by_id);
+            s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->session->ciphers);
+        }
+    }
+
+    /*
+     * Worst case, we will use the NULL compression, but if we have other
+     * options, we will now look for them.  We have complen-1 compression
+     * algorithms from the client, starting at q.
+     */
+    s->s3->tmp.new_compression = NULL;
+    if (SSL_IS_TLS13(s)) {
+        /*
+         * We already checked above that the NULL compression method appears in
+         * the list. Now we check there aren't any others (which is illegal in
+         * a TLSv1.3 ClientHello.
+         */
+        if (clienthello->compressions_len != 1) {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                     SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                     SSL_R_INVALID_COMPRESSION_ALGORITHM);
+            goto err;
+        }
+    }
+#ifndef OPENSSL_NO_COMP
+    /* This only happens if we have a cache hit */
+    else if (s->session->compress_meth != 0) {
+        int m, comp_id = s->session->compress_meth;
+        unsigned int k;
+        /* Perform sanity checks on resumed compression algorithm */
+        /* Can't disable compression */
+        if (!ssl_allow_compression(s)) {
+            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                     SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                     SSL_R_INCONSISTENT_COMPRESSION);
+            goto err;
+        }
+        /* Look for resumed compression method */
+        for (m = 0; m < sk_SSL_COMP_num(s->ctx->comp_methods); m++) {
+            comp = sk_SSL_COMP_value(s->ctx->comp_methods, m);
+            if (comp_id == comp->id) {
+                s->s3->tmp.new_compression = comp;
+                break;
+            }
+        }
+        if (s->s3->tmp.new_compression == NULL) {
+            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                     SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                     SSL_R_INVALID_COMPRESSION_ALGORITHM);
+            goto err;
+        }
+        /* Look for resumed method in compression list */
+        for (k = 0; k < clienthello->compressions_len; k++) {
+            if (clienthello->compressions[k] == comp_id)
+                break;
+        }
+        if (k >= clienthello->compressions_len) {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                     SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                     SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING);
+            goto err;
+        }
+    } else if (s->hit) {
+        comp = NULL;
+    } else if (ssl_allow_compression(s) && s->ctx->comp_methods) {
+        /* See if we have a match */
+        int m, nn, v, done = 0;
+        unsigned int o;
+
+        nn = sk_SSL_COMP_num(s->ctx->comp_methods);
+        for (m = 0; m < nn; m++) {
+            comp = sk_SSL_COMP_value(s->ctx->comp_methods, m);
+            v = comp->id;
+            for (o = 0; o < clienthello->compressions_len; o++) {
+                if (v == clienthello->compressions[o]) {
+                    done = 1;
+                    break;
+                }
+            }
+            if (done)
+                break;
+        }
+        if (done)
+            s->s3->tmp.new_compression = comp;
+        else
+            comp = NULL;
+    }
+#else
+    /*
+     * If compression is disabled we'd better not try to resume a session
+     * using compression.
+     */
+    if (s->session->compress_meth != 0) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                 SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                 SSL_R_INCONSISTENT_COMPRESSION);
+        goto err;
+    }
+#endif
+
+    /*
+     * Given s->session->ciphers and SSL_get_ciphers, we must pick a cipher
+     */
+
+    if (!s->hit || SSL_IS_TLS13(s)) {
+        sk_SSL_CIPHER_free(s->session->ciphers);
+        s->session->ciphers = ciphers;
+        if (ciphers == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        ciphers = NULL;
+    }
+
+    if (!s->hit) {
+#ifdef OPENSSL_NO_COMP
+        s->session->compress_meth = 0;
+#else
+        s->session->compress_meth = (comp == NULL) ? 0 : comp->id;
+#endif
+        if (!tls1_set_server_sigalgs(s)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    }
+
+    sk_SSL_CIPHER_free(ciphers);
+    sk_SSL_CIPHER_free(scsvs);
+    OPENSSL_free(clienthello->pre_proc_exts);
+    OPENSSL_free(s->clienthello);
+    s->clienthello = NULL;
+    return 1;
+ err:
+    sk_SSL_CIPHER_free(ciphers);
+    sk_SSL_CIPHER_free(scsvs);
+    OPENSSL_free(clienthello->pre_proc_exts);
+    OPENSSL_free(s->clienthello);
+    s->clienthello = NULL;
+
+    return 0;
+}
+
+/*
+ * Call the status request callback if needed. Upon success, returns 1.
+ * Upon failure, returns 0.
+ */
+static int tls_handle_status_request(SSL *s)
+{
+    s->ext.status_expected = 0;
+
+    /*
+     * If status request then ask callback what to do. Note: this must be
+     * called after servername callbacks in case the certificate has changed,
+     * and must be called after the cipher has been chosen because this may
+     * influence which certificate is sent
+     */
+    if (s->ext.status_type != TLSEXT_STATUSTYPE_nothing && s->ctx != NULL
+            && s->ctx->ext.status_cb != NULL) {
+        int ret;
+
+        /* If no certificate can't return certificate status */
+        if (s->s3->tmp.cert != NULL) {
+            /*
+             * Set current certificate to one we will use so SSL_get_certificate
+             * et al can pick it up.
+             */
+            s->cert->key = s->s3->tmp.cert;
+            ret = s->ctx->ext.status_cb(s, s->ctx->ext.status_arg);
+            switch (ret) {
+                /* We don't want to send a status request response */
+            case SSL_TLSEXT_ERR_NOACK:
+                s->ext.status_expected = 0;
+                break;
+                /* status request response should be sent */
+            case SSL_TLSEXT_ERR_OK:
+                if (s->ext.ocsp.resp)
+                    s->ext.status_expected = 1;
+                break;
+                /* something bad happened */
+            case SSL_TLSEXT_ERR_ALERT_FATAL:
+            default:
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_HANDLE_STATUS_REQUEST,
+                         SSL_R_CLIENTHELLO_TLSEXT);
+                return 0;
+            }
+        }
+    }
+
+    return 1;
+}
+
+/*
+ * Call the alpn_select callback if needed. Upon success, returns 1.
+ * Upon failure, returns 0.
+ */
+int tls_handle_alpn(SSL *s)
+{
+    const unsigned char *selected = NULL;
+    unsigned char selected_len = 0;
+
+    if (s->ctx->ext.alpn_select_cb != NULL && s->s3->alpn_proposed != NULL) {
+        int r = s->ctx->ext.alpn_select_cb(s, &selected, &selected_len,
+                                           s->s3->alpn_proposed,
+                                           (unsigned int)s->s3->alpn_proposed_len,
+                                           s->ctx->ext.alpn_select_cb_arg);
+
+        if (r == SSL_TLSEXT_ERR_OK) {
+            OPENSSL_free(s->s3->alpn_selected);
+            s->s3->alpn_selected = OPENSSL_memdup(selected, selected_len);
+            if (s->s3->alpn_selected == NULL) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_HANDLE_ALPN,
+                         ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+            s->s3->alpn_selected_len = selected_len;
+#ifndef OPENSSL_NO_NEXTPROTONEG
+            /* ALPN takes precedence over NPN. */
+            s->s3->npn_seen = 0;
+#endif
+
+            /* Check ALPN is consistent with session */
+            if (s->session->ext.alpn_selected == NULL
+                        || selected_len != s->session->ext.alpn_selected_len
+                        || memcmp(selected, s->session->ext.alpn_selected,
+                                  selected_len) != 0) {
+                /* Not consistent so can't be used for early_data */
+                s->ext.early_data_ok = 0;
+
+                if (!s->hit) {
+                    /*
+                     * This is a new session and so alpn_selected should have
+                     * been initialised to NULL. We should update it with the
+                     * selected ALPN.
+                     */
+                    if (!ossl_assert(s->session->ext.alpn_selected == NULL)) {
+                        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                                 SSL_F_TLS_HANDLE_ALPN,
+                                 ERR_R_INTERNAL_ERROR);
+                        return 0;
+                    }
+                    s->session->ext.alpn_selected = OPENSSL_memdup(selected,
+                                                                   selected_len);
+                    if (s->session->ext.alpn_selected == NULL) {
+                        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                                 SSL_F_TLS_HANDLE_ALPN,
+                                 ERR_R_INTERNAL_ERROR);
+                        return 0;
+                    }
+                    s->session->ext.alpn_selected_len = selected_len;
+                }
+            }
+
+            return 1;
+        } else if (r != SSL_TLSEXT_ERR_NOACK) {
+            SSLfatal(s, SSL_AD_NO_APPLICATION_PROTOCOL, SSL_F_TLS_HANDLE_ALPN,
+                     SSL_R_NO_APPLICATION_PROTOCOL);
+            return 0;
+        }
+        /*
+         * If r == SSL_TLSEXT_ERR_NOACK then behave as if no callback was
+         * present.
+         */
+    }
+
+    /* Check ALPN is consistent with session */
+    if (s->session->ext.alpn_selected != NULL) {
+        /* Not consistent so can't be used for early_data */
+        s->ext.early_data_ok = 0;
+    }
+
+    return 1;
+}
+
+WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
+{
+    const SSL_CIPHER *cipher;
+
+    if (wst == WORK_MORE_A) {
+        int rv = tls_early_post_process_client_hello(s);
+        if (rv == 0) {
+            /* SSLfatal() was already called */
+            goto err;
+        }
+        if (rv < 0)
+            return WORK_MORE_A;
+        wst = WORK_MORE_B;
+    }
+    if (wst == WORK_MORE_B) {
+        if (!s->hit || SSL_IS_TLS13(s)) {
+            /* Let cert callback update server certificates if required */
+            if (!s->hit && s->cert->cert_cb != NULL) {
+                int rv = s->cert->cert_cb(s, s->cert->cert_cb_arg);
+                if (rv == 0) {
+                    SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                             SSL_F_TLS_POST_PROCESS_CLIENT_HELLO,
+                             SSL_R_CERT_CB_ERROR);
+                    goto err;
+                }
+                if (rv < 0) {
+                    s->rwstate = SSL_X509_LOOKUP;
+                    return WORK_MORE_B;
+                }
+                s->rwstate = SSL_NOTHING;
+            }
+
+            /* In TLSv1.3 we selected the ciphersuite before resumption */
+            if (!SSL_IS_TLS13(s)) {
+                cipher =
+                    ssl3_choose_cipher(s, s->session->ciphers, SSL_get_ciphers(s));
+
+                if (cipher == NULL) {
+                    SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                             SSL_F_TLS_POST_PROCESS_CLIENT_HELLO,
+                             SSL_R_NO_SHARED_CIPHER);
+                    goto err;
+                }
+                s->s3->tmp.new_cipher = cipher;
+            }
+            if (!s->hit) {
+                if (!tls_choose_sigalg(s, 1)) {
+                    /* SSLfatal already called */
+                    goto err;
+                }
+                /* check whether we should disable session resumption */
+                if (s->not_resumable_session_cb != NULL)
+                    s->session->not_resumable =
+                        s->not_resumable_session_cb(s,
+                            ((s->s3->tmp.new_cipher->algorithm_mkey
+                              & (SSL_kDHE | SSL_kECDHE)) != 0));
+                if (s->session->not_resumable)
+                    /* do not send a session ticket */
+                    s->ext.ticket_expected = 0;
+            }
+        } else {
+            /* Session-id reuse */
+            s->s3->tmp.new_cipher = s->session->cipher;
+        }
+
+        /*-
+         * we now have the following setup.
+         * client_random
+         * cipher_list          - our preferred list of ciphers
+         * ciphers              - the clients preferred list of ciphers
+         * compression          - basically ignored right now
+         * ssl version is set   - sslv3
+         * s->session           - The ssl session has been setup.
+         * s->hit               - session reuse flag
+         * s->s3->tmp.new_cipher- the new cipher to use.
+         */
+
+        /*
+         * Call status_request callback if needed. Has to be done after the
+         * certificate callbacks etc above.
+         */
+        if (!tls_handle_status_request(s)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+        /*
+         * Call alpn_select callback if needed.  Has to be done after SNI and
+         * cipher negotiation (HTTP/2 restricts permitted ciphers). In TLSv1.3
+         * we already did this because cipher negotiation happens earlier, and
+         * we must handle ALPN before we decide whether to accept early_data.
+         */
+        if (!SSL_IS_TLS13(s) && !tls_handle_alpn(s)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+
+        wst = WORK_MORE_C;
+    }
+#ifndef OPENSSL_NO_SRP
+    if (wst == WORK_MORE_C) {
+        int ret;
+        if ((ret = ssl_check_srp_ext_ClientHello(s)) == 0) {
+            /*
+             * callback indicates further work to be done
+             */
+            s->rwstate = SSL_X509_LOOKUP;
+            return WORK_MORE_C;
+        }
+        if (ret < 0) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    }
+#endif
+
+    return WORK_FINISHED_STOP;
+ err:
+    return WORK_ERROR;
+}
+
+int tls_construct_server_hello(SSL *s, WPACKET *pkt)
+{
+    int compm;
+    size_t sl, len;
+    int version;
+    unsigned char *session_id;
+    int usetls13 = SSL_IS_TLS13(s) || s->hello_retry_request == SSL_HRR_PENDING;
+
+    version = usetls13 ? TLS1_2_VERSION : s->version;
+    if (!WPACKET_put_bytes_u16(pkt, version)
+               /*
+                * Random stuff. Filling of the server_random takes place in
+                * tls_process_client_hello()
+                */
+            || !WPACKET_memcpy(pkt,
+                               s->hello_retry_request == SSL_HRR_PENDING
+                                   ? hrrrandom : s->s3->server_random,
+                               SSL3_RANDOM_SIZE)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_SERVER_HELLO,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    /*-
+     * There are several cases for the session ID to send
+     * back in the server hello:
+     * - For session reuse from the session cache,
+     *   we send back the old session ID.
+     * - If stateless session reuse (using a session ticket)
+     *   is successful, we send back the client's "session ID"
+     *   (which doesn't actually identify the session).
+     * - If it is a new session, we send back the new
+     *   session ID.
+     * - However, if we want the new session to be single-use,
+     *   we send back a 0-length session ID.
+     * - In TLSv1.3 we echo back the session id sent to us by the client
+     *   regardless
+     * s->hit is non-zero in either case of session reuse,
+     * so the following won't overwrite an ID that we're supposed
+     * to send back.
+     */
+    if (s->session->not_resumable ||
+        (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)
+         && !s->hit))
+        s->session->session_id_length = 0;
+
+    if (usetls13) {
+        sl = s->tmp_session_id_len;
+        session_id = s->tmp_session_id;
+    } else {
+        sl = s->session->session_id_length;
+        session_id = s->session->session_id;
+    }
+
+    if (sl > sizeof(s->session->session_id)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_SERVER_HELLO,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    /* set up the compression method */
+#ifdef OPENSSL_NO_COMP
+    compm = 0;
+#else
+    if (usetls13 || s->s3->tmp.new_compression == NULL)
+        compm = 0;
+    else
+        compm = s->s3->tmp.new_compression->id;
+#endif
+
+    if (!WPACKET_sub_memcpy_u8(pkt, session_id, sl)
+            || !s->method->put_cipher_by_char(s->s3->tmp.new_cipher, pkt, &len)
+            || !WPACKET_put_bytes_u8(pkt, compm)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_SERVER_HELLO,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    if (!tls_construct_extensions(s, pkt,
+                                  s->hello_retry_request == SSL_HRR_PENDING
+                                      ? SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST
+                                      : (SSL_IS_TLS13(s)
+                                          ? SSL_EXT_TLS1_3_SERVER_HELLO
+                                          : SSL_EXT_TLS1_2_SERVER_HELLO),
+                                  NULL, 0)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    if (s->hello_retry_request == SSL_HRR_PENDING) {
+        /* Ditch the session. We'll create a new one next time around */
+        SSL_SESSION_free(s->session);
+        s->session = NULL;
+        s->hit = 0;
+
+        /*
+         * Re-initialise the Transcript Hash. We're going to prepopulate it with
+         * a synthetic message_hash in place of ClientHello1.
+         */
+        if (!create_synthetic_message_hash(s, NULL, 0, NULL, 0)) {
+            /* SSLfatal() already called */
+            return 0;
+        }
+    } else if (!(s->verify_mode & SSL_VERIFY_PEER)
+                && !ssl3_digest_cached_records(s, 0)) {
+        /* SSLfatal() already called */;
+        return 0;
+    }
+
+    return 1;
+}
+
+int tls_construct_server_done(SSL *s, WPACKET *pkt)
+{
+    if (!s->s3->tmp.cert_request) {
+        if (!ssl3_digest_cached_records(s, 0)) {
+            /* SSLfatal() already called */
+            return 0;
+        }
+    }
+    return 1;
+}
+
+int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt)
+{
+#ifndef OPENSSL_NO_DH
+    EVP_PKEY *pkdh = NULL;
+#endif
+#ifndef OPENSSL_NO_EC
+    unsigned char *encodedPoint = NULL;
+    size_t encodedlen = 0;
+    int curve_id = 0;
+#endif
+    const SIGALG_LOOKUP *lu = s->s3->tmp.sigalg;
+    int i;
+    unsigned long type;
+    const BIGNUM *r[4];
+    EVP_MD_CTX *md_ctx = EVP_MD_CTX_new();
+    EVP_PKEY_CTX *pctx = NULL;
+    size_t paramlen, paramoffset;
+
+    if (!WPACKET_get_total_written(pkt, &paramoffset)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    if (md_ctx == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    type = s->s3->tmp.new_cipher->algorithm_mkey;
+
+    r[0] = r[1] = r[2] = r[3] = NULL;
+#ifndef OPENSSL_NO_PSK
+    /* Plain PSK or RSAPSK nothing to do */
+    if (type & (SSL_kPSK | SSL_kRSAPSK)) {
+    } else
+#endif                          /* !OPENSSL_NO_PSK */
+#ifndef OPENSSL_NO_DH
+    if (type & (SSL_kDHE | SSL_kDHEPSK)) {
+        CERT *cert = s->cert;
+
+        EVP_PKEY *pkdhp = NULL;
+        DH *dh;
+
+        if (s->cert->dh_tmp_auto) {
+            DH *dhp = ssl_get_auto_dh(s);
+            pkdh = EVP_PKEY_new();
+            if (pkdh == NULL || dhp == NULL) {
+                DH_free(dhp);
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                         ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            EVP_PKEY_assign_DH(pkdh, dhp);
+            pkdhp = pkdh;
+        } else {
+            pkdhp = cert->dh_tmp;
+        }
+        if ((pkdhp == NULL) && (s->cert->dh_tmp_cb != NULL)) {
+            DH *dhp = s->cert->dh_tmp_cb(s, 0, 1024);
+            pkdh = ssl_dh_to_pkey(dhp);
+            if (pkdh == NULL) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                         ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            pkdhp = pkdh;
+        }
+        if (pkdhp == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                     SSL_R_MISSING_TMP_DH_KEY);
+            goto err;
+        }
+        if (!ssl_security(s, SSL_SECOP_TMP_DH,
+                          EVP_PKEY_security_bits(pkdhp), 0, pkdhp)) {
+            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                     SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                     SSL_R_DH_KEY_TOO_SMALL);
+            goto err;
+        }
+        if (s->s3->tmp.pkey != NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        s->s3->tmp.pkey = ssl_generate_pkey(pkdhp);
+        if (s->s3->tmp.pkey == NULL) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+
+        dh = EVP_PKEY_get0_DH(s->s3->tmp.pkey);
+        if (dh == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        EVP_PKEY_free(pkdh);
+        pkdh = NULL;
+
+        DH_get0_pqg(dh, &r[0], NULL, &r[1]);
+        DH_get0_key(dh, &r[2], NULL);
+    } else
+#endif
+#ifndef OPENSSL_NO_EC
+    if (type & (SSL_kECDHE | SSL_kECDHEPSK)) {
+
+        if (s->s3->tmp.pkey != NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        /* Get NID of appropriate shared curve */
+        curve_id = tls1_shared_group(s, -2);
+        if (curve_id == 0) {
+            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                     SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                     SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
+            goto err;
+        }
+        s->s3->tmp.pkey = ssl_generate_pkey_group(s, curve_id);
+        /* Generate a new key for this curve */
+        if (s->s3->tmp.pkey == NULL) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+
+        /* Encode the public key. */
+        encodedlen = EVP_PKEY_get1_tls_encodedpoint(s->s3->tmp.pkey,
+                                                    &encodedPoint);
+        if (encodedlen == 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_EC_LIB);
+            goto err;
+        }
+
+        /*
+         * We'll generate the serverKeyExchange message explicitly so we
+         * can set these to NULLs
+         */
+        r[0] = NULL;
+        r[1] = NULL;
+        r[2] = NULL;
+        r[3] = NULL;
+    } else
+#endif                          /* !OPENSSL_NO_EC */
+#ifndef OPENSSL_NO_SRP
+    if (type & SSL_kSRP) {
+        if ((s->srp_ctx.N == NULL) ||
+            (s->srp_ctx.g == NULL) ||
+            (s->srp_ctx.s == NULL) || (s->srp_ctx.B == NULL)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                     SSL_R_MISSING_SRP_PARAM);
+            goto err;
+        }
+        r[0] = s->srp_ctx.N;
+        r[1] = s->srp_ctx.g;
+        r[2] = s->srp_ctx.s;
+        r[3] = s->srp_ctx.B;
+    } else
+#endif
+    {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                 SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
+        goto err;
+    }
+
+    if (((s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP)) != 0)
+        || ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK)) != 0) {
+        lu = NULL;
+    } else if (lu == NULL) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+#ifndef OPENSSL_NO_PSK
+    if (type & SSL_PSK) {
+        size_t len = (s->cert->psk_identity_hint == NULL)
+                        ? 0 : strlen(s->cert->psk_identity_hint);
+
+        /*
+         * It should not happen that len > PSK_MAX_IDENTITY_LEN - we already
+         * checked this when we set the identity hint - but just in case
+         */
+        if (len > PSK_MAX_IDENTITY_LEN
+                || !WPACKET_sub_memcpy_u16(pkt, s->cert->psk_identity_hint,
+                                           len)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+    }
+#endif
+
+    for (i = 0; i < 4 && r[i] != NULL; i++) {
+        unsigned char *binval;
+        int res;
+
+#ifndef OPENSSL_NO_SRP
+        if ((i == 2) && (type & SSL_kSRP)) {
+            res = WPACKET_start_sub_packet_u8(pkt);
+        } else
+#endif
+            res = WPACKET_start_sub_packet_u16(pkt);
+
+        if (!res) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+#ifndef OPENSSL_NO_DH
+        /*-
+         * for interoperability with some versions of the Microsoft TLS
+         * stack, we need to zero pad the DHE pub key to the same length
+         * as the prime
+         */
+        if ((i == 2) && (type & (SSL_kDHE | SSL_kDHEPSK))) {
+            size_t len = BN_num_bytes(r[0]) - BN_num_bytes(r[2]);
+
+            if (len > 0) {
+                if (!WPACKET_allocate_bytes(pkt, len, &binval)) {
+                    SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                             SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                             ERR_R_INTERNAL_ERROR);
+                    goto err;
+                }
+                memset(binval, 0, len);
+            }
+        }
+#endif
+        if (!WPACKET_allocate_bytes(pkt, BN_num_bytes(r[i]), &binval)
+                || !WPACKET_close(pkt)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        BN_bn2bin(r[i], binval);
+    }
+
+#ifndef OPENSSL_NO_EC
+    if (type & (SSL_kECDHE | SSL_kECDHEPSK)) {
+        /*
+         * We only support named (not generic) curves. In this situation, the
+         * ServerKeyExchange message has: [1 byte CurveType], [2 byte CurveName]
+         * [1 byte length of encoded point], followed by the actual encoded
+         * point itself
+         */
+        if (!WPACKET_put_bytes_u8(pkt, NAMED_CURVE_TYPE)
+                || !WPACKET_put_bytes_u8(pkt, 0)
+                || !WPACKET_put_bytes_u8(pkt, curve_id)
+                || !WPACKET_sub_memcpy_u8(pkt, encodedPoint, encodedlen)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        OPENSSL_free(encodedPoint);
+        encodedPoint = NULL;
+    }
+#endif
+
+    /* not anonymous */
+    if (lu != NULL) {
+        EVP_PKEY *pkey = s->s3->tmp.cert->privatekey;
+        const EVP_MD *md;
+        unsigned char *sigbytes1, *sigbytes2, *tbs;
+        size_t siglen, tbslen;
+        int rv;
+
+        if (pkey == NULL || !tls1_lookup_md(lu, &md)) {
+            /* Should never happen */
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        /* Get length of the parameters we have written above */
+        if (!WPACKET_get_length(pkt, &paramlen)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        /* send signature algorithm */
+        if (SSL_USE_SIGALGS(s) && !WPACKET_put_bytes_u16(pkt, lu->sigalg)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        /*
+         * Create the signature. We don't know the actual length of the sig
+         * until after we've created it, so we reserve enough bytes for it
+         * up front, and then properly allocate them in the WPACKET
+         * afterwards.
+         */
+        siglen = EVP_PKEY_size(pkey);
+        if (!WPACKET_sub_reserve_bytes_u16(pkt, siglen, &sigbytes1)
+            || EVP_DigestSignInit(md_ctx, &pctx, md, NULL, pkey) <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        if (lu->sig == EVP_PKEY_RSA_PSS) {
+            if (EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) <= 0
+                || EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, RSA_PSS_SALTLEN_DIGEST) <= 0) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                        ERR_R_EVP_LIB);
+                goto err;
+            }
+        }
+        tbslen = construct_key_exchange_tbs(s, &tbs,
+                                            s->init_buf->data + paramoffset,
+                                            paramlen);
+        if (tbslen == 0) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+        rv = EVP_DigestSign(md_ctx, sigbytes1, &siglen, tbs, tbslen);
+        OPENSSL_free(tbs);
+        if (rv <= 0 || !WPACKET_sub_allocate_bytes_u16(pkt, siglen, &sigbytes2)
+            || sigbytes1 != sigbytes2) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+    }
+
+    EVP_MD_CTX_free(md_ctx);
+    return 1;
+ err:
+#ifndef OPENSSL_NO_DH
+    EVP_PKEY_free(pkdh);
+#endif
+#ifndef OPENSSL_NO_EC
+    OPENSSL_free(encodedPoint);
+#endif
+    EVP_MD_CTX_free(md_ctx);
+    return 0;
+}
+
+int tls_construct_certificate_request(SSL *s, WPACKET *pkt)
+{
+    if (SSL_IS_TLS13(s)) {
+        /* Send random context when doing post-handshake auth */
+        if (s->post_handshake_auth == SSL_PHA_REQUEST_PENDING) {
+            OPENSSL_free(s->pha_context);
+            s->pha_context_len = 32;
+            if ((s->pha_context = OPENSSL_malloc(s->pha_context_len)) == NULL
+                    || RAND_bytes(s->pha_context, s->pha_context_len) <= 0
+                    || !WPACKET_sub_memcpy_u8(pkt, s->pha_context, s->pha_context_len)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST,
+                         ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+            /* reset the handshake hash back to just after the ClientFinished */
+            if (!tls13_restore_handshake_digest_for_pha(s)) {
+                /* SSLfatal() already called */
+                return 0;
+            }
+        } else {
+            if (!WPACKET_put_bytes_u8(pkt, 0)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST,
+                         ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+        }
+
+        if (!tls_construct_extensions(s, pkt,
+                                      SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, NULL,
+                                      0)) {
+            /* SSLfatal() already called */
+            return 0;
+        }
+        goto done;
+    }
+
+    /* get the list of acceptable cert types */
+    if (!WPACKET_start_sub_packet_u8(pkt)
+        || !ssl3_get_req_cert_type(s, pkt) || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    if (SSL_USE_SIGALGS(s)) {
+        const uint16_t *psigs;
+        size_t nl = tls12_get_psigalgs(s, 1, &psigs);
+
+        if (!WPACKET_start_sub_packet_u16(pkt)
+                || !WPACKET_set_flags(pkt, WPACKET_FLAGS_NON_ZERO_LENGTH)
+                || !tls12_copy_sigalgs(s, pkt, psigs, nl)
+                || !WPACKET_close(pkt)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+    }
+
+    if (!construct_ca_names(s, pkt)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+ done:
+    s->certreqs_sent++;
+    s->s3->tmp.cert_request = 1;
+    return 1;
+}
+
+static int tls_process_cke_psk_preamble(SSL *s, PACKET *pkt)
+{
+#ifndef OPENSSL_NO_PSK
+    unsigned char psk[PSK_MAX_PSK_LEN];
+    size_t psklen;
+    PACKET psk_identity;
+
+    if (!PACKET_get_length_prefixed_2(pkt, &psk_identity)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+    if (PACKET_remaining(&psk_identity) > PSK_MAX_IDENTITY_LEN) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE,
+                 SSL_R_DATA_LENGTH_TOO_LONG);
+        return 0;
+    }
+    if (s->psk_server_callback == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE,
+                 SSL_R_PSK_NO_SERVER_CB);
+        return 0;
+    }
+
+    if (!PACKET_strndup(&psk_identity, &s->session->psk_identity)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    psklen = s->psk_server_callback(s, s->session->psk_identity,
+                                    psk, sizeof(psk));
+
+    if (psklen > PSK_MAX_PSK_LEN) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    } else if (psklen == 0) {
+        /*
+         * PSK related to the given identity not found
+         */
+        SSLfatal(s, SSL_AD_UNKNOWN_PSK_IDENTITY,
+                 SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE,
+                 SSL_R_PSK_IDENTITY_NOT_FOUND);
+        return 0;
+    }
+
+    OPENSSL_free(s->s3->tmp.psk);
+    s->s3->tmp.psk = OPENSSL_memdup(psk, psklen);
+    OPENSSL_cleanse(psk, psklen);
+
+    if (s->s3->tmp.psk == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    s->s3->tmp.psklen = psklen;
+
+    return 1;
+#else
+    /* Should never happen */
+    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE,
+             ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+static int tls_process_cke_rsa(SSL *s, PACKET *pkt)
+{
+#ifndef OPENSSL_NO_RSA
+    unsigned char rand_premaster_secret[SSL_MAX_MASTER_KEY_LENGTH];
+    int decrypt_len;
+    unsigned char decrypt_good, version_good;
+    size_t j, padding_len;
+    PACKET enc_premaster;
+    RSA *rsa = NULL;
+    unsigned char *rsa_decrypt = NULL;
+    int ret = 0;
+
+    rsa = EVP_PKEY_get0_RSA(s->cert->pkeys[SSL_PKEY_RSA].privatekey);
+    if (rsa == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_RSA,
+                 SSL_R_MISSING_RSA_CERTIFICATE);
+        return 0;
+    }
+
+    /* SSLv3 and pre-standard DTLS omit the length bytes. */
+    if (s->version == SSL3_VERSION || s->version == DTLS1_BAD_VER) {
+        enc_premaster = *pkt;
+    } else {
+        if (!PACKET_get_length_prefixed_2(pkt, &enc_premaster)
+            || PACKET_remaining(pkt) != 0) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_RSA,
+                     SSL_R_LENGTH_MISMATCH);
+            return 0;
+        }
+    }
+
+    /*
+     * We want to be sure that the plaintext buffer size makes it safe to
+     * iterate over the entire size of a premaster secret
+     * (SSL_MAX_MASTER_KEY_LENGTH). Reject overly short RSA keys because
+     * their ciphertext cannot accommodate a premaster secret anyway.
+     */
+    if (RSA_size(rsa) < SSL_MAX_MASTER_KEY_LENGTH) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_RSA,
+                 RSA_R_KEY_SIZE_TOO_SMALL);
+        return 0;
+    }
+
+    rsa_decrypt = OPENSSL_malloc(RSA_size(rsa));
+    if (rsa_decrypt == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_RSA,
+                 ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    /*
+     * We must not leak whether a decryption failure occurs because of
+     * Bleichenbacher's attack on PKCS #1 v1.5 RSA padding (see RFC 2246,
+     * section 7.4.7.1). The code follows that advice of the TLS RFC and
+     * generates a random premaster secret for the case that the decrypt
+     * fails. See https://tools.ietf.org/html/rfc5246#section-7.4.7.1
+     */
+
+    if (RAND_priv_bytes(rand_premaster_secret,
+                      sizeof(rand_premaster_secret)) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_RSA,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    /*
+     * Decrypt with no padding. PKCS#1 padding will be removed as part of
+     * the timing-sensitive code below.
+     */
+     /* TODO(size_t): Convert this function */
+    decrypt_len = (int)RSA_private_decrypt((int)PACKET_remaining(&enc_premaster),
+                                           PACKET_data(&enc_premaster),
+                                           rsa_decrypt, rsa, RSA_NO_PADDING);
+    if (decrypt_len < 0) {
+        SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_F_TLS_PROCESS_CKE_RSA,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    /* Check the padding. See RFC 3447, section 7.2.2. */
+
+    /*
+     * The smallest padded premaster is 11 bytes of overhead. Small keys
+     * are publicly invalid, so this may return immediately. This ensures
+     * PS is at least 8 bytes.
+     */
+    if (decrypt_len < 11 + SSL_MAX_MASTER_KEY_LENGTH) {
+        SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_F_TLS_PROCESS_CKE_RSA,
+                 SSL_R_DECRYPTION_FAILED);
+        goto err;
+    }
+
+    padding_len = decrypt_len - SSL_MAX_MASTER_KEY_LENGTH;
+    decrypt_good = constant_time_eq_int_8(rsa_decrypt[0], 0) &
+        constant_time_eq_int_8(rsa_decrypt[1], 2);
+    for (j = 2; j < padding_len - 1; j++) {
+        decrypt_good &= ~constant_time_is_zero_8(rsa_decrypt[j]);
+    }
+    decrypt_good &= constant_time_is_zero_8(rsa_decrypt[padding_len - 1]);
+
+    /*
+     * If the version in the decrypted pre-master secret is correct then
+     * version_good will be 0xff, otherwise it'll be zero. The
+     * Klima-Pokorny-Rosa extension of Bleichenbacher's attack
+     * (http://eprint.iacr.org/2003/052/) exploits the version number
+     * check as a "bad version oracle". Thus version checks are done in
+     * constant time and are treated like any other decryption error.
+     */
+    version_good =
+        constant_time_eq_8(rsa_decrypt[padding_len],
+                           (unsigned)(s->client_version >> 8));
+    version_good &=
+        constant_time_eq_8(rsa_decrypt[padding_len + 1],
+                           (unsigned)(s->client_version & 0xff));
+
+    /*
+     * The premaster secret must contain the same version number as the
+     * ClientHello to detect version rollback attacks (strangely, the
+     * protocol does not offer such protection for DH ciphersuites).
+     * However, buggy clients exist that send the negotiated protocol
+     * version instead if the server does not support the requested
+     * protocol version. If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such
+     * clients.
+     */
+    if (s->options & SSL_OP_TLS_ROLLBACK_BUG) {
+        unsigned char workaround_good;
+        workaround_good = constant_time_eq_8(rsa_decrypt[padding_len],
+                                             (unsigned)(s->version >> 8));
+        workaround_good &=
+            constant_time_eq_8(rsa_decrypt[padding_len + 1],
+                               (unsigned)(s->version & 0xff));
+        version_good |= workaround_good;
+    }
+
+    /*
+     * Both decryption and version must be good for decrypt_good to
+     * remain non-zero (0xff).
+     */
+    decrypt_good &= version_good;
+
+    /*
+     * Now copy rand_premaster_secret over from p using
+     * decrypt_good_mask. If decryption failed, then p does not
+     * contain valid plaintext, however, a check above guarantees
+     * it is still sufficiently large to read from.
+     */
+    for (j = 0; j < sizeof(rand_premaster_secret); j++) {
+        rsa_decrypt[padding_len + j] =
+            constant_time_select_8(decrypt_good,
+                                   rsa_decrypt[padding_len + j],
+                                   rand_premaster_secret[j]);
+    }
+
+    if (!ssl_generate_master_secret(s, rsa_decrypt + padding_len,
+                                    sizeof(rand_premaster_secret), 0)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    ret = 1;
+ err:
+    OPENSSL_free(rsa_decrypt);
+    return ret;
+#else
+    /* Should never happen */
+    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_RSA,
+             ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+static int tls_process_cke_dhe(SSL *s, PACKET *pkt)
+{
+#ifndef OPENSSL_NO_DH
+    EVP_PKEY *skey = NULL;
+    DH *cdh;
+    unsigned int i;
+    BIGNUM *pub_key;
+    const unsigned char *data;
+    EVP_PKEY *ckey = NULL;
+    int ret = 0;
+
+    if (!PACKET_get_net_2(pkt, &i) || PACKET_remaining(pkt) != i) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_DHE,
+               SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
+        goto err;
+    }
+    skey = s->s3->tmp.pkey;
+    if (skey == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_DHE,
+                 SSL_R_MISSING_TMP_DH_KEY);
+        goto err;
+    }
+
+    if (PACKET_remaining(pkt) == 0L) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_DHE,
+                 SSL_R_MISSING_TMP_DH_KEY);
+        goto err;
+    }
+    if (!PACKET_get_bytes(pkt, &data, i)) {
+        /* We already checked we have enough data */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_DHE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    ckey = EVP_PKEY_new();
+    if (ckey == NULL || EVP_PKEY_copy_parameters(ckey, skey) == 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_DHE,
+                 SSL_R_BN_LIB);
+        goto err;
+    }
+
+    cdh = EVP_PKEY_get0_DH(ckey);
+    pub_key = BN_bin2bn(data, i, NULL);
+    if (pub_key == NULL || cdh == NULL || !DH_set0_key(cdh, pub_key, NULL)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_DHE,
+                 ERR_R_INTERNAL_ERROR);
+        BN_free(pub_key);
+        goto err;
+    }
+
+    if (ssl_derive(s, skey, ckey, 1) == 0) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    ret = 1;
+    EVP_PKEY_free(s->s3->tmp.pkey);
+    s->s3->tmp.pkey = NULL;
+ err:
+    EVP_PKEY_free(ckey);
+    return ret;
+#else
+    /* Should never happen */
+    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_DHE,
+             ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+static int tls_process_cke_ecdhe(SSL *s, PACKET *pkt)
+{
+#ifndef OPENSSL_NO_EC
+    EVP_PKEY *skey = s->s3->tmp.pkey;
+    EVP_PKEY *ckey = NULL;
+    int ret = 0;
+
+    if (PACKET_remaining(pkt) == 0L) {
+        /* We don't support ECDH client auth */
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PROCESS_CKE_ECDHE,
+                 SSL_R_MISSING_TMP_ECDH_KEY);
+        goto err;
+    } else {
+        unsigned int i;
+        const unsigned char *data;
+
+        /*
+         * Get client's public key from encoded point in the
+         * ClientKeyExchange message.
+         */
+
+        /* Get encoded point length */
+        if (!PACKET_get_1(pkt, &i) || !PACKET_get_bytes(pkt, &data, i)
+            || PACKET_remaining(pkt) != 0) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_ECDHE,
+                     SSL_R_LENGTH_MISMATCH);
+            goto err;
+        }
+        ckey = EVP_PKEY_new();
+        if (ckey == NULL || EVP_PKEY_copy_parameters(ckey, skey) <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_ECDHE,
+                     ERR_R_EVP_LIB);
+            goto err;
+        }
+        if (EVP_PKEY_set1_tls_encodedpoint(ckey, data, i) == 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_ECDHE,
+                     ERR_R_EC_LIB);
+            goto err;
+        }
+    }
+
+    if (ssl_derive(s, skey, ckey, 1) == 0) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    ret = 1;
+    EVP_PKEY_free(s->s3->tmp.pkey);
+    s->s3->tmp.pkey = NULL;
+ err:
+    EVP_PKEY_free(ckey);
+
+    return ret;
+#else
+    /* Should never happen */
+    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_ECDHE,
+             ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+static int tls_process_cke_srp(SSL *s, PACKET *pkt)
+{
+#ifndef OPENSSL_NO_SRP
+    unsigned int i;
+    const unsigned char *data;
+
+    if (!PACKET_get_net_2(pkt, &i)
+        || !PACKET_get_bytes(pkt, &data, i)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_SRP,
+                 SSL_R_BAD_SRP_A_LENGTH);
+        return 0;
+    }
+    if ((s->srp_ctx.A = BN_bin2bn(data, i, NULL)) == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_SRP,
+                 ERR_R_BN_LIB);
+        return 0;
+    }
+    if (BN_ucmp(s->srp_ctx.A, s->srp_ctx.N) >= 0 || BN_is_zero(s->srp_ctx.A)) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_CKE_SRP,
+                 SSL_R_BAD_SRP_PARAMETERS);
+        return 0;
+    }
+    OPENSSL_free(s->session->srp_username);
+    s->session->srp_username = OPENSSL_strdup(s->srp_ctx.login);
+    if (s->session->srp_username == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_SRP,
+                 ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    if (!srp_generate_server_master_secret(s)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    return 1;
+#else
+    /* Should never happen */
+    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_SRP,
+             ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+static int tls_process_cke_gost(SSL *s, PACKET *pkt)
+{
+#ifndef OPENSSL_NO_GOST
+    EVP_PKEY_CTX *pkey_ctx;
+    EVP_PKEY *client_pub_pkey = NULL, *pk = NULL;
+    unsigned char premaster_secret[32];
+    const unsigned char *start;
+    size_t outlen = 32, inlen;
+    unsigned long alg_a;
+    unsigned int asn1id, asn1len;
+    int ret = 0;
+    PACKET encdata;
+
+    /* Get our certificate private key */
+    alg_a = s->s3->tmp.new_cipher->algorithm_auth;
+    if (alg_a & SSL_aGOST12) {
+        /*
+         * New GOST ciphersuites have SSL_aGOST01 bit too
+         */
+        pk = s->cert->pkeys[SSL_PKEY_GOST12_512].privatekey;
+        if (pk == NULL) {
+            pk = s->cert->pkeys[SSL_PKEY_GOST12_256].privatekey;
+        }
+        if (pk == NULL) {
+            pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
+        }
+    } else if (alg_a & SSL_aGOST01) {
+        pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
+    }
+
+    pkey_ctx = EVP_PKEY_CTX_new(pk, NULL);
+    if (pkey_ctx == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,
+                 ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    if (EVP_PKEY_decrypt_init(pkey_ctx) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    /*
+     * If client certificate is present and is of the same type, maybe
+     * use it for key exchange.  Don't mind errors from
+     * EVP_PKEY_derive_set_peer, because it is completely valid to use a
+     * client certificate for authorization only.
+     */
+    client_pub_pkey = X509_get0_pubkey(s->session->peer);
+    if (client_pub_pkey) {
+        if (EVP_PKEY_derive_set_peer(pkey_ctx, client_pub_pkey) <= 0)
+            ERR_clear_error();
+    }
+    /* Decrypt session key */
+    if (!PACKET_get_1(pkt, &asn1id)
+            || asn1id != (V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED)
+            || !PACKET_peek_1(pkt, &asn1len)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,
+                 SSL_R_DECRYPTION_FAILED);
+        goto err;
+    }
+    if (asn1len == 0x81) {
+        /*
+         * Long form length. Should only be one byte of length. Anything else
+         * isn't supported.
+         * We did a successful peek before so this shouldn't fail
+         */
+        if (!PACKET_forward(pkt, 1)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,
+                     SSL_R_DECRYPTION_FAILED);
+            goto err;
+        }
+    } else  if (asn1len >= 0x80) {
+        /*
+         * Indefinite length, or more than one long form length bytes. We don't
+         * support it
+         */
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,
+                 SSL_R_DECRYPTION_FAILED);
+        goto err;
+    } /* else short form length */
+
+    if (!PACKET_as_length_prefixed_1(pkt, &encdata)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,
+                 SSL_R_DECRYPTION_FAILED);
+        goto err;
+    }
+    inlen = PACKET_remaining(&encdata);
+    start = PACKET_data(&encdata);
+
+    if (EVP_PKEY_decrypt(pkey_ctx, premaster_secret, &outlen, start,
+                         inlen) <= 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,
+                 SSL_R_DECRYPTION_FAILED);
+        goto err;
+    }
+    /* Generate master secret */
+    if (!ssl_generate_master_secret(s, premaster_secret,
+                                    sizeof(premaster_secret), 0)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+    /* Check if pubkey from client certificate was used */
+    if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2,
+                          NULL) > 0)
+        s->statem.no_cert_verify = 1;
+
+    ret = 1;
+ err:
+    EVP_PKEY_CTX_free(pkey_ctx);
+    return ret;
+#else
+    /* Should never happen */
+    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,
+             ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
+{
+    unsigned long alg_k;
+
+    alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+
+    /* For PSK parse and retrieve identity, obtain PSK key */
+    if ((alg_k & SSL_PSK) && !tls_process_cke_psk_preamble(s, pkt)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    if (alg_k & SSL_kPSK) {
+        /* Identity extracted earlier: should be nothing left */
+        if (PACKET_remaining(pkt) != 0) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
+                     SSL_R_LENGTH_MISMATCH);
+            goto err;
+        }
+        /* PSK handled by ssl_generate_master_secret */
+        if (!ssl_generate_master_secret(s, NULL, 0, 0)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    } else if (alg_k & (SSL_kRSA | SSL_kRSAPSK)) {
+        if (!tls_process_cke_rsa(s, pkt)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    } else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
+        if (!tls_process_cke_dhe(s, pkt)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    } else if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) {
+        if (!tls_process_cke_ecdhe(s, pkt)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    } else if (alg_k & SSL_kSRP) {
+        if (!tls_process_cke_srp(s, pkt)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    } else if (alg_k & SSL_kGOST) {
+        if (!tls_process_cke_gost(s, pkt)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    } else {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
+                 SSL_R_UNKNOWN_CIPHER_TYPE);
+        goto err;
+    }
+
+    return MSG_PROCESS_CONTINUE_PROCESSING;
+ err:
+#ifndef OPENSSL_NO_PSK
+    OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen);
+    s->s3->tmp.psk = NULL;
+#endif
+    return MSG_PROCESS_ERROR;
+}
+
+WORK_STATE tls_post_process_client_key_exchange(SSL *s, WORK_STATE wst)
+{
+#ifndef OPENSSL_NO_SCTP
+    if (wst == WORK_MORE_A) {
+        if (SSL_IS_DTLS(s)) {
+            unsigned char sctpauthkey[64];
+            char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
+            /*
+             * Add new shared key for SCTP-Auth, will be ignored if no SCTP
+             * used.
+             */
+            memcpy(labelbuffer, DTLS1_SCTP_AUTH_LABEL,
+                   sizeof(DTLS1_SCTP_AUTH_LABEL));
+
+            if (SSL_export_keying_material(s, sctpauthkey,
+                                           sizeof(sctpauthkey), labelbuffer,
+                                           sizeof(labelbuffer), NULL, 0,
+                                           0) <= 0) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE,
+                         ERR_R_INTERNAL_ERROR);
+                return WORK_ERROR;
+            }
+
+            BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
+                     sizeof(sctpauthkey), sctpauthkey);
+        }
+    }
+#endif
+
+    if (s->statem.no_cert_verify || !s->session->peer) {
+        /*
+         * No certificate verify or no peer certificate so we no longer need
+         * the handshake_buffer
+         */
+        if (!ssl3_digest_cached_records(s, 0)) {
+            /* SSLfatal() already called */
+            return WORK_ERROR;
+        }
+        return WORK_FINISHED_CONTINUE;
+    } else {
+        if (!s->s3->handshake_buffer) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE,
+                     ERR_R_INTERNAL_ERROR);
+            return WORK_ERROR;
+        }
+        /*
+         * For sigalgs freeze the handshake buffer. If we support
+         * extms we've done this already so this is a no-op
+         */
+        if (!ssl3_digest_cached_records(s, 1)) {
+            /* SSLfatal() already called */
+            return WORK_ERROR;
+        }
+    }
+
+    return WORK_FINISHED_CONTINUE;
+}
+
+MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt)
+{
+    int i;
+    MSG_PROCESS_RETURN ret = MSG_PROCESS_ERROR;
+    X509 *x = NULL;
+    unsigned long l;
+    const unsigned char *certstart, *certbytes;
+    STACK_OF(X509) *sk = NULL;
+    PACKET spkt, context;
+    size_t chainidx;
+    SSL_SESSION *new_sess = NULL;
+
+    /*
+     * To get this far we must have read encrypted data from the client. We no
+     * longer tolerate unencrypted alerts. This value is ignored if less than
+     * TLSv1.3
+     */
+    s->statem.enc_read_state = ENC_READ_STATE_VALID;
+
+    if ((sk = sk_X509_new_null()) == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+                 ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (SSL_IS_TLS13(s) && (!PACKET_get_length_prefixed_1(pkt, &context)
+                            || (s->pha_context == NULL && PACKET_remaining(&context) != 0)
+                            || (s->pha_context != NULL &&
+                                !PACKET_equal(&context, s->pha_context, s->pha_context_len)))) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+                 SSL_R_INVALID_CONTEXT);
+        goto err;
+    }
+
+    if (!PACKET_get_length_prefixed_3(pkt, &spkt)
+            || PACKET_remaining(pkt) != 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+                 SSL_R_LENGTH_MISMATCH);
+        goto err;
+    }
+
+    for (chainidx = 0; PACKET_remaining(&spkt) > 0; chainidx++) {
+        if (!PACKET_get_net_3(&spkt, &l)
+            || !PACKET_get_bytes(&spkt, &certbytes, l)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+                     SSL_R_CERT_LENGTH_MISMATCH);
+            goto err;
+        }
+
+        certstart = certbytes;
+        x = d2i_X509(NULL, (const unsigned char **)&certbytes, l);
+        if (x == NULL) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, ERR_R_ASN1_LIB);
+            goto err;
+        }
+        if (certbytes != (certstart + l)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+                     SSL_R_CERT_LENGTH_MISMATCH);
+            goto err;
+        }
+
+        if (SSL_IS_TLS13(s)) {
+            RAW_EXTENSION *rawexts = NULL;
+            PACKET extensions;
+
+            if (!PACKET_get_length_prefixed_2(&spkt, &extensions)) {
+                SSLfatal(s, SSL_AD_DECODE_ERROR,
+                         SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+                         SSL_R_BAD_LENGTH);
+                goto err;
+            }
+            if (!tls_collect_extensions(s, &extensions,
+                                        SSL_EXT_TLS1_3_CERTIFICATE, &rawexts,
+                                        NULL, chainidx == 0)
+                || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_CERTIFICATE,
+                                             rawexts, x, chainidx,
+                                             PACKET_remaining(&spkt) == 0)) {
+                OPENSSL_free(rawexts);
+                goto err;
+            }
+            OPENSSL_free(rawexts);
+        }
+
+        if (!sk_X509_push(sk, x)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+                     ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        x = NULL;
+    }
+
+    if (sk_X509_num(sk) <= 0) {
+        /* TLS does not mind 0 certs returned */
+        if (s->version == SSL3_VERSION) {
+            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                     SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+                     SSL_R_NO_CERTIFICATES_RETURNED);
+            goto err;
+        }
+        /* Fail for TLS only if we required a certificate */
+        else if ((s->verify_mode & SSL_VERIFY_PEER) &&
+                 (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
+            SSLfatal(s, SSL_AD_CERTIFICATE_REQUIRED,
+                     SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+                     SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
+            goto err;
+        }
+        /* No client certificate so digest cached records */
+        if (s->s3->handshake_buffer && !ssl3_digest_cached_records(s, 0)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    } else {
+        EVP_PKEY *pkey;
+        i = ssl_verify_cert_chain(s, sk);
+        if (i <= 0) {
+            SSLfatal(s, ssl_x509err2alert(s->verify_result),
+                     SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+                     SSL_R_CERTIFICATE_VERIFY_FAILED);
+            goto err;
+        }
+        if (i > 1) {
+            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                     SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, i);
+            goto err;
+        }
+        pkey = X509_get0_pubkey(sk_X509_value(sk, 0));
+        if (pkey == NULL) {
+            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                     SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+                     SSL_R_UNKNOWN_CERTIFICATE_TYPE);
+            goto err;
+        }
+    }
+
+    /*
+     * Sessions must be immutable once they go into the session cache. Otherwise
+     * we can get multi-thread problems. Therefore we don't "update" sessions,
+     * we replace them with a duplicate. Here, we need to do this every time
+     * a new certificate is received via post-handshake authentication, as the
+     * session may have already gone into the session cache.
+     */
+
+    if (s->post_handshake_auth == SSL_PHA_REQUESTED) {
+        if ((new_sess = ssl_session_dup(s->session, 0)) == 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+                     ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        SSL_SESSION_free(s->session);
+        s->session = new_sess;
+    }
+
+    X509_free(s->session->peer);
+    s->session->peer = sk_X509_shift(sk);
+    s->session->verify_result = s->verify_result;
+
+    sk_X509_pop_free(s->session->peer_chain, X509_free);
+    s->session->peer_chain = sk;
+
+    /*
+     * Freeze the handshake buffer. For <TLS1.3 we do this after the CKE
+     * message
+     */
+    if (SSL_IS_TLS13(s) && !ssl3_digest_cached_records(s, 1)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    /*
+     * Inconsistency alert: cert_chain does *not* include the peer's own
+     * certificate, while we do include it in statem_clnt.c
+     */
+    sk = NULL;
+
+    /* Save the current hash state for when we receive the CertificateVerify */
+    if (SSL_IS_TLS13(s)) {
+        if (!ssl_handshake_hash(s, s->cert_verify_hash,
+                                sizeof(s->cert_verify_hash),
+                                &s->cert_verify_hash_len)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+
+        /* Resend session tickets */
+        s->sent_tickets = 0;
+    }
+
+    ret = MSG_PROCESS_CONTINUE_READING;
+
+ err:
+    X509_free(x);
+    sk_X509_pop_free(sk, X509_free);
+    return ret;
+}
+
+int tls_construct_server_certificate(SSL *s, WPACKET *pkt)
+{
+    CERT_PKEY *cpk = s->s3->tmp.cert;
+
+    if (cpk == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    /*
+     * In TLSv1.3 the certificate chain is always preceded by a 0 length context
+     * for the server Certificate message
+     */
+    if (SSL_IS_TLS13(s) && !WPACKET_put_bytes_u8(pkt, 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    if (!ssl3_output_cert_chain(s, pkt, cpk)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    return 1;
+}
+
+static int create_ticket_prequel(SSL *s, WPACKET *pkt, uint32_t age_add,
+                                 unsigned char *tick_nonce)
+{
+    /*
+     * Ticket lifetime hint: For TLSv1.2 this is advisory only and we leave this
+     * unspecified for resumed session (for simplicity).
+     * In TLSv1.3 we reset the "time" field above, and always specify the
+     * timeout.
+     */
+    if (!WPACKET_put_bytes_u32(pkt,
+                               (s->hit && !SSL_IS_TLS13(s))
+                               ? 0 : s->session->timeout)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CREATE_TICKET_PREQUEL,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    if (SSL_IS_TLS13(s)) {
+        if (!WPACKET_put_bytes_u32(pkt, age_add)
+                || !WPACKET_sub_memcpy_u8(pkt, tick_nonce, TICKET_NONCE_SIZE)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CREATE_TICKET_PREQUEL,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+    }
+
+    /* Start the sub-packet for the actual ticket data */
+    if (!WPACKET_start_sub_packet_u16(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CREATE_TICKET_PREQUEL,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    return 1;
+}
+
+static int construct_stateless_ticket(SSL *s, WPACKET *pkt, uint32_t age_add,
+                                      unsigned char *tick_nonce)
+{
+    unsigned char *senc = NULL;
+    EVP_CIPHER_CTX *ctx = NULL;
+    HMAC_CTX *hctx = NULL;
+    unsigned char *p, *encdata1, *encdata2, *macdata1, *macdata2;
+    const unsigned char *const_p;
+    int len, slen_full, slen, lenfinal;
+    SSL_SESSION *sess;
+    unsigned int hlen;
+    SSL_CTX *tctx = s->session_ctx;
+    unsigned char iv[EVP_MAX_IV_LENGTH];
+    unsigned char key_name[TLSEXT_KEYNAME_LENGTH];
+    int iv_len, ok = 0;
+    size_t macoffset, macendoffset;
+
+    /* get session encoding length */
+    slen_full = i2d_SSL_SESSION(s->session, NULL);
+    /*
+     * Some length values are 16 bits, so forget it if session is too
+     * long
+     */
+    if (slen_full == 0 || slen_full > 0xFF00) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    senc = OPENSSL_malloc(slen_full);
+    if (senc == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_CONSTRUCT_STATELESS_TICKET, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    ctx = EVP_CIPHER_CTX_new();
+    hctx = HMAC_CTX_new();
+    if (ctx == NULL || hctx == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET,
+                 ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    p = senc;
+    if (!i2d_SSL_SESSION(s->session, &p)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    /*
+     * create a fresh copy (not shared with other threads) to clean up
+     */
+    const_p = senc;
+    sess = d2i_SSL_SESSION(NULL, &const_p, slen_full);
+    if (sess == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    slen = i2d_SSL_SESSION(sess, NULL);
+    if (slen == 0 || slen > slen_full) {
+        /* shouldn't ever happen */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET,
+                 ERR_R_INTERNAL_ERROR);
+        SSL_SESSION_free(sess);
+        goto err;
+    }
+    p = senc;
+    if (!i2d_SSL_SESSION(sess, &p)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET,
+                 ERR_R_INTERNAL_ERROR);
+        SSL_SESSION_free(sess);
+        goto err;
+    }
+    SSL_SESSION_free(sess);
+
+    /*
+     * Initialize HMAC and cipher contexts. If callback present it does
+     * all the work otherwise use generated values from parent ctx.
+     */
+    if (tctx->ext.ticket_key_cb) {
+        /* if 0 is returned, write an empty ticket */
+        int ret = tctx->ext.ticket_key_cb(s, key_name, iv, ctx,
+                                             hctx, 1);
+
+        if (ret == 0) {
+
+            /* Put timeout and length */
+            if (!WPACKET_put_bytes_u32(pkt, 0)
+                    || !WPACKET_put_bytes_u16(pkt, 0)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_CONSTRUCT_STATELESS_TICKET,
+                         ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            OPENSSL_free(senc);
+            EVP_CIPHER_CTX_free(ctx);
+            HMAC_CTX_free(hctx);
+            return 1;
+        }
+        if (ret < 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET,
+                     SSL_R_CALLBACK_FAILED);
+            goto err;
+        }
+        iv_len = EVP_CIPHER_CTX_iv_length(ctx);
+    } else {
+        const EVP_CIPHER *cipher = EVP_aes_256_cbc();
+
+        iv_len = EVP_CIPHER_iv_length(cipher);
+        if (RAND_bytes(iv, iv_len) <= 0
+                || !EVP_EncryptInit_ex(ctx, cipher, NULL,
+                                       tctx->ext.secure->tick_aes_key, iv)
+                || !HMAC_Init_ex(hctx, tctx->ext.secure->tick_hmac_key,
+                                 sizeof(tctx->ext.secure->tick_hmac_key),
+                                 EVP_sha256(), NULL)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        memcpy(key_name, tctx->ext.tick_key_name,
+               sizeof(tctx->ext.tick_key_name));
+    }
+
+    if (!create_ticket_prequel(s, pkt, age_add, tick_nonce)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    if (!WPACKET_get_total_written(pkt, &macoffset)
+               /* Output key name */
+            || !WPACKET_memcpy(pkt, key_name, sizeof(key_name))
+               /* output IV */
+            || !WPACKET_memcpy(pkt, iv, iv_len)
+            || !WPACKET_reserve_bytes(pkt, slen + EVP_MAX_BLOCK_LENGTH,
+                                      &encdata1)
+               /* Encrypt session data */
+            || !EVP_EncryptUpdate(ctx, encdata1, &len, senc, slen)
+            || !WPACKET_allocate_bytes(pkt, len, &encdata2)
+            || encdata1 != encdata2
+            || !EVP_EncryptFinal(ctx, encdata1 + len, &lenfinal)
+            || !WPACKET_allocate_bytes(pkt, lenfinal, &encdata2)
+            || encdata1 + len != encdata2
+            || len + lenfinal > slen + EVP_MAX_BLOCK_LENGTH
+            || !WPACKET_get_total_written(pkt, &macendoffset)
+            || !HMAC_Update(hctx,
+                            (unsigned char *)s->init_buf->data + macoffset,
+                            macendoffset - macoffset)
+            || !WPACKET_reserve_bytes(pkt, EVP_MAX_MD_SIZE, &macdata1)
+            || !HMAC_Final(hctx, macdata1, &hlen)
+            || hlen > EVP_MAX_MD_SIZE
+            || !WPACKET_allocate_bytes(pkt, hlen, &macdata2)
+            || macdata1 != macdata2) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_CONSTRUCT_STATELESS_TICKET, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    /* Close the sub-packet created by create_ticket_prequel() */
+    if (!WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    ok = 1;
+ err:
+    OPENSSL_free(senc);
+    EVP_CIPHER_CTX_free(ctx);
+    HMAC_CTX_free(hctx);
+    return ok;
+}
+
+static int construct_stateful_ticket(SSL *s, WPACKET *pkt, uint32_t age_add,
+                                     unsigned char *tick_nonce)
+{
+    if (!create_ticket_prequel(s, pkt, age_add, tick_nonce)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    if (!WPACKET_memcpy(pkt, s->session->session_id,
+                        s->session->session_id_length)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATEFUL_TICKET,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    return 1;
+}
+
+int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt)
+{
+    SSL_CTX *tctx = s->session_ctx;
+    unsigned char tick_nonce[TICKET_NONCE_SIZE];
+    union {
+        unsigned char age_add_c[sizeof(uint32_t)];
+        uint32_t age_add;
+    } age_add_u;
+
+    age_add_u.age_add = 0;
+
+    if (SSL_IS_TLS13(s)) {
+        size_t i, hashlen;
+        uint64_t nonce;
+        static const unsigned char nonce_label[] = "resumption";
+        const EVP_MD *md = ssl_handshake_md(s);
+        void (*cb) (const SSL *ssl, int type, int val) = NULL;
+        int hashleni = EVP_MD_size(md);
+
+        /* Ensure cast to size_t is safe */
+        if (!ossl_assert(hashleni >= 0)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        hashlen = (size_t)hashleni;
+
+        if (s->info_callback != NULL)
+            cb = s->info_callback;
+        else if (s->ctx->info_callback != NULL)
+            cb = s->ctx->info_callback;
+
+        if (cb != NULL) {
+            /*
+             * We don't start and stop the handshake in between each ticket when
+             * sending more than one - but it should appear that way to the info
+             * callback.
+             */
+            if (s->sent_tickets != 0) {
+                ossl_statem_set_in_init(s, 0);
+                cb(s, SSL_CB_HANDSHAKE_DONE, 1);
+                ossl_statem_set_in_init(s, 1);
+            }
+            cb(s, SSL_CB_HANDSHAKE_START, 1);
+        }
+        /*
+         * If we already sent one NewSessionTicket, or we resumed then
+         * s->session may already be in a cache and so we must not modify it.
+         * Instead we need to take a copy of it and modify that.
+         */
+        if (s->sent_tickets != 0 || s->hit) {
+            SSL_SESSION *new_sess = ssl_session_dup(s->session, 0);
+
+            if (new_sess == NULL) {
+                /* SSLfatal already called */
+                goto err;
+            }
+
+            SSL_SESSION_free(s->session);
+            s->session = new_sess;
+        }
+
+        if (!ssl_generate_session_id(s, s->session)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+        if (RAND_bytes(age_add_u.age_add_c, sizeof(age_add_u)) <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        s->session->ext.tick_age_add = age_add_u.age_add;
+
+        nonce = s->next_ticket_nonce;
+        for (i = TICKET_NONCE_SIZE; i > 0; i--) {
+            tick_nonce[i - 1] = (unsigned char)(nonce & 0xff);
+            nonce >>= 8;
+        }
+
+        if (!tls13_hkdf_expand(s, md, s->resumption_master_secret,
+                               nonce_label,
+                               sizeof(nonce_label) - 1,
+                               tick_nonce,
+                               TICKET_NONCE_SIZE,
+                               s->session->master_key,
+                               hashlen)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+        s->session->master_key_length = hashlen;
+
+        s->session->time = (long)time(NULL);
+        if (s->s3->alpn_selected != NULL) {
+            OPENSSL_free(s->session->ext.alpn_selected);
+            s->session->ext.alpn_selected =
+                OPENSSL_memdup(s->s3->alpn_selected, s->s3->alpn_selected_len);
+            if (s->session->ext.alpn_selected == NULL) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET,
+                         ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            s->session->ext.alpn_selected_len = s->s3->alpn_selected_len;
+        }
+        s->session->ext.max_early_data = s->max_early_data;
+    }
+
+    if (tctx->generate_ticket_cb != NULL &&
+        tctx->generate_ticket_cb(s, tctx->ticket_cb_data) == 0)
+        goto err;
+
+    /*
+     * If we are using anti-replay protection then we behave as if
+     * SSL_OP_NO_TICKET is set - we are caching tickets anyway so there
+     * is no point in using full stateless tickets.
+     */
+    if (SSL_IS_TLS13(s)
+            && ((s->options & SSL_OP_NO_TICKET) != 0
+                || (s->max_early_data > 0
+                    && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0))) {
+        if (!construct_stateful_ticket(s, pkt, age_add_u.age_add, tick_nonce)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    } else if (!construct_stateless_ticket(s, pkt, age_add_u.age_add,
+                                           tick_nonce)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    if (SSL_IS_TLS13(s)) {
+        if (!tls_construct_extensions(s, pkt,
+                                      SSL_EXT_TLS1_3_NEW_SESSION_TICKET,
+                                      NULL, 0)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+        /*
+         * Increment both |sent_tickets| and |next_ticket_nonce|. |sent_tickets|
+         * gets reset to 0 if we send more tickets following a post-handshake
+         * auth, but |next_ticket_nonce| does not.
+         */
+        s->sent_tickets++;
+        s->next_ticket_nonce++;
+        ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
+    }
+
+    return 1;
+ err:
+    return 0;
+}
+
+/*
+ * In TLSv1.3 this is called from the extensions code, otherwise it is used to
+ * create a separate message. Returns 1 on success or 0 on failure.
+ */
+int tls_construct_cert_status_body(SSL *s, WPACKET *pkt)
+{
+    if (!WPACKET_put_bytes_u8(pkt, s->ext.status_type)
+            || !WPACKET_sub_memcpy_u24(pkt, s->ext.ocsp.resp,
+                                       s->ext.ocsp.resp_len)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_STATUS_BODY,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    return 1;
+}
+
+int tls_construct_cert_status(SSL *s, WPACKET *pkt)
+{
+    if (!tls_construct_cert_status_body(s, pkt)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+/*
+ * tls_process_next_proto reads a Next Protocol Negotiation handshake message.
+ * It sets the next_proto member in s if found
+ */
+MSG_PROCESS_RETURN tls_process_next_proto(SSL *s, PACKET *pkt)
+{
+    PACKET next_proto, padding;
+    size_t next_proto_len;
+
+    /*-
+     * The payload looks like:
+     *   uint8 proto_len;
+     *   uint8 proto[proto_len];
+     *   uint8 padding_len;
+     *   uint8 padding[padding_len];
+     */
+    if (!PACKET_get_length_prefixed_1(pkt, &next_proto)
+        || !PACKET_get_length_prefixed_1(pkt, &padding)
+        || PACKET_remaining(pkt) > 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_NEXT_PROTO,
+                 SSL_R_LENGTH_MISMATCH);
+        return MSG_PROCESS_ERROR;
+    }
+
+    if (!PACKET_memdup(&next_proto, &s->ext.npn, &next_proto_len)) {
+        s->ext.npn_len = 0;
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_NEXT_PROTO,
+                 ERR_R_INTERNAL_ERROR);
+        return MSG_PROCESS_ERROR;
+    }
+
+    s->ext.npn_len = (unsigned char)next_proto_len;
+
+    return MSG_PROCESS_CONTINUE_READING;
+}
+#endif
+
+static int tls_construct_encrypted_extensions(SSL *s, WPACKET *pkt)
+{
+    if (!tls_construct_extensions(s, pkt, SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS,
+                                  NULL, 0)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    return 1;
+}
+
+MSG_PROCESS_RETURN tls_process_end_of_early_data(SSL *s, PACKET *pkt)
+{
+    if (PACKET_remaining(pkt) != 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_END_OF_EARLY_DATA,
+                 SSL_R_LENGTH_MISMATCH);
+        return MSG_PROCESS_ERROR;
+    }
+
+    if (s->early_data_state != SSL_EARLY_DATA_READING
+            && s->early_data_state != SSL_EARLY_DATA_READ_RETRY) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_END_OF_EARLY_DATA,
+                 ERR_R_INTERNAL_ERROR);
+        return MSG_PROCESS_ERROR;
+    }
+
+    /*
+     * EndOfEarlyData signals a key change so the end of the message must be on
+     * a record boundary.
+     */
+    if (RECORD_LAYER_processed_read_pending(&s->rlayer)) {
+        SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
+                 SSL_F_TLS_PROCESS_END_OF_EARLY_DATA,
+                 SSL_R_NOT_ON_RECORD_BOUNDARY);
+        return MSG_PROCESS_ERROR;
+    }
+
+    s->early_data_state = SSL_EARLY_DATA_FINISHED_READING;
+    if (!s->method->ssl3_enc->change_cipher_state(s,
+                SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_SERVER_READ)) {
+        /* SSLfatal() already called */
+        return MSG_PROCESS_ERROR;
+    }
+
+    return MSG_PROCESS_CONTINUE_READING;
+}
diff --git a/freebsd/crypto/openssl/ssl/t1_clnt.c b/freebsd/crypto/openssl/ssl/t1_clnt.c
deleted file mode 100644
index b381eabe..00000000
--- a/freebsd/crypto/openssl/ssl/t1_clnt.c
+++ /dev/null
@@ -1,92 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* ssl/t1_clnt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-
-static const SSL_METHOD *tls1_get_client_method(int ver);
-static const SSL_METHOD *tls1_get_client_method(int ver)
-{
-    if (ver == TLS1_2_VERSION)
-        return TLSv1_2_client_method();
-    if (ver == TLS1_1_VERSION)
-        return TLSv1_1_client_method();
-    if (ver == TLS1_VERSION)
-        return TLSv1_client_method();
-    return NULL;
-}
-
-IMPLEMENT_tls_meth_func(TLS1_2_VERSION, TLSv1_2_client_method,
-                        ssl_undefined_function,
-                        ssl3_connect,
-                        tls1_get_client_method, TLSv1_2_enc_data)
-
-    IMPLEMENT_tls_meth_func(TLS1_1_VERSION, TLSv1_1_client_method,
-                        ssl_undefined_function,
-                        ssl3_connect,
-                        tls1_get_client_method, TLSv1_1_enc_data)
-
-    IMPLEMENT_tls_meth_func(TLS1_VERSION, TLSv1_client_method,
-                        ssl_undefined_function,
-                        ssl3_connect, tls1_get_client_method, TLSv1_enc_data)
diff --git a/freebsd/crypto/openssl/ssl/t1_enc.c b/freebsd/crypto/openssl/ssl/t1_enc.c
index 662c4989..0fab8eb0 100644
--- a/freebsd/crypto/openssl/ssl/t1_enc.c
+++ b/freebsd/crypto/openssl/ssl/t1_enc.c
@@ -1,334 +1,93 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* ssl/t1_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright 2005 Nokia. All rights reserved.
  *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include "ssl_locl.h"
-#ifndef OPENSSL_NO_COMP
-# include <openssl/comp.h>
-#endif
+#include <openssl/comp.h>
 #include <openssl/evp.h>
-#include <openssl/hmac.h>
-#include <openssl/md5.h>
+#include <openssl/kdf.h>
 #include <openssl/rand.h>
-#ifdef KSSL_DEBUG
-# include <openssl/des.h>
-#endif
-
-/* seed1 through seed5 are virtually concatenated */
-static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
-                       int sec_len,
-                       const void *seed1, int seed1_len,
-                       const void *seed2, int seed2_len,
-                       const void *seed3, int seed3_len,
-                       const void *seed4, int seed4_len,
-                       const void *seed5, int seed5_len,
-                       unsigned char *out, int olen)
-{
-    int chunk;
-    size_t j;
-    EVP_MD_CTX ctx, ctx_tmp, ctx_init;
-    EVP_PKEY *mac_key;
-    unsigned char A1[EVP_MAX_MD_SIZE];
-    size_t A1_len;
-    int ret = 0;
-
-    chunk = EVP_MD_size(md);
-    OPENSSL_assert(chunk >= 0);
-
-    EVP_MD_CTX_init(&ctx);
-    EVP_MD_CTX_init(&ctx_tmp);
-    EVP_MD_CTX_init(&ctx_init);
-    EVP_MD_CTX_set_flags(&ctx_init, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-    mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, sec, sec_len);
-    if (!mac_key)
-        goto err;
-    if (!EVP_DigestSignInit(&ctx_init, NULL, md, NULL, mac_key))
-        goto err;
-    if (!EVP_MD_CTX_copy_ex(&ctx, &ctx_init))
-        goto err;
-    if (seed1 && !EVP_DigestSignUpdate(&ctx, seed1, seed1_len))
-        goto err;
-    if (seed2 && !EVP_DigestSignUpdate(&ctx, seed2, seed2_len))
-        goto err;
-    if (seed3 && !EVP_DigestSignUpdate(&ctx, seed3, seed3_len))
-        goto err;
-    if (seed4 && !EVP_DigestSignUpdate(&ctx, seed4, seed4_len))
-        goto err;
-    if (seed5 && !EVP_DigestSignUpdate(&ctx, seed5, seed5_len))
-        goto err;
-    if (!EVP_DigestSignFinal(&ctx, A1, &A1_len))
-        goto err;
 
-    for (;;) {
-        /* Reinit mac contexts */
-        if (!EVP_MD_CTX_copy_ex(&ctx, &ctx_init))
-            goto err;
-        if (!EVP_DigestSignUpdate(&ctx, A1, A1_len))
-            goto err;
-        if (olen > chunk && !EVP_MD_CTX_copy_ex(&ctx_tmp, &ctx))
-            goto err;
-        if (seed1 && !EVP_DigestSignUpdate(&ctx, seed1, seed1_len))
-            goto err;
-        if (seed2 && !EVP_DigestSignUpdate(&ctx, seed2, seed2_len))
-            goto err;
-        if (seed3 && !EVP_DigestSignUpdate(&ctx, seed3, seed3_len))
-            goto err;
-        if (seed4 && !EVP_DigestSignUpdate(&ctx, seed4, seed4_len))
-            goto err;
-        if (seed5 && !EVP_DigestSignUpdate(&ctx, seed5, seed5_len))
-            goto err;
-
-        if (olen > chunk) {
-            if (!EVP_DigestSignFinal(&ctx, out, &j))
-                goto err;
-            out += j;
-            olen -= j;
-            /* calc the next A1 value */
-            if (!EVP_DigestSignFinal(&ctx_tmp, A1, &A1_len))
-                goto err;
-        } else {                /* last one */
-
-            if (!EVP_DigestSignFinal(&ctx, A1, &A1_len))
-                goto err;
-            memcpy(out, A1, olen);
-            break;
-        }
-    }
-    ret = 1;
- err:
-    EVP_PKEY_free(mac_key);
-    EVP_MD_CTX_cleanup(&ctx);
-    EVP_MD_CTX_cleanup(&ctx_tmp);
-    EVP_MD_CTX_cleanup(&ctx_init);
-    OPENSSL_cleanse(A1, sizeof(A1));
-    return ret;
-}
-
-/* seed1 through seed5 are virtually concatenated */
-static int tls1_PRF(long digest_mask,
-                    const void *seed1, int seed1_len,
-                    const void *seed2, int seed2_len,
-                    const void *seed3, int seed3_len,
-                    const void *seed4, int seed4_len,
-                    const void *seed5, int seed5_len,
-                    const unsigned char *sec, int slen,
-                    unsigned char *out1, unsigned char *out2, int olen)
+/* seed1 through seed5 are concatenated */
+static int tls1_PRF(SSL *s,
+                    const void *seed1, size_t seed1_len,
+                    const void *seed2, size_t seed2_len,
+                    const void *seed3, size_t seed3_len,
+                    const void *seed4, size_t seed4_len,
+                    const void *seed5, size_t seed5_len,
+                    const unsigned char *sec, size_t slen,
+                    unsigned char *out, size_t olen, int fatal)
 {
-    int len, i, idx, count;
-    const unsigned char *S1;
-    long m;
-    const EVP_MD *md;
+    const EVP_MD *md = ssl_prf_md(s);
+    EVP_PKEY_CTX *pctx = NULL;
     int ret = 0;
 
-    /* Count number of digests and partition sec evenly */
-    count = 0;
-    for (idx = 0; ssl_get_handshake_digest(idx, &m, &md); idx++) {
-        if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask)
-            count++;
-    }
-    if (!count) {
+    if (md == NULL) {
         /* Should never happen */
-        SSLerr(SSL_F_TLS1_PRF, ERR_R_INTERNAL_ERROR);
-        goto err;
+        if (fatal)
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_PRF,
+                     ERR_R_INTERNAL_ERROR);
+        else
+            SSLerr(SSL_F_TLS1_PRF, ERR_R_INTERNAL_ERROR);
+        return 0;
     }
-    len = slen / count;
-    if (count == 1)
-        slen = 0;
-    S1 = sec;
-    memset(out1, 0, olen);
-    for (idx = 0; ssl_get_handshake_digest(idx, &m, &md); idx++) {
-        if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask) {
-            if (!md) {
-                SSLerr(SSL_F_TLS1_PRF, SSL_R_UNSUPPORTED_DIGEST_TYPE);
-                goto err;
-            }
-            if (!tls1_P_hash(md, S1, len + (slen & 1),
-                             seed1, seed1_len, seed2, seed2_len, seed3,
-                             seed3_len, seed4, seed4_len, seed5, seed5_len,
-                             out2, olen))
-                goto err;
-            S1 += len;
-            for (i = 0; i < olen; i++) {
-                out1[i] ^= out2[i];
-            }
-        }
+    pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL);
+    if (pctx == NULL || EVP_PKEY_derive_init(pctx) <= 0
+        || EVP_PKEY_CTX_set_tls1_prf_md(pctx, md) <= 0
+        || EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, sec, (int)slen) <= 0
+        || EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed1, (int)seed1_len) <= 0
+        || EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed2, (int)seed2_len) <= 0
+        || EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed3, (int)seed3_len) <= 0
+        || EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed4, (int)seed4_len) <= 0
+        || EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed5, (int)seed5_len) <= 0
+        || EVP_PKEY_derive(pctx, out, &olen) <= 0) {
+        if (fatal)
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_PRF,
+                     ERR_R_INTERNAL_ERROR);
+        else
+            SSLerr(SSL_F_TLS1_PRF, ERR_R_INTERNAL_ERROR);
+        goto err;
     }
+
     ret = 1;
+
  err:
+    EVP_PKEY_CTX_free(pctx);
     return ret;
 }
 
-static int tls1_generate_key_block(SSL *s, unsigned char *km,
-                                   unsigned char *tmp, int num)
+static int tls1_generate_key_block(SSL *s, unsigned char *km, size_t num)
 {
     int ret;
-    ret = tls1_PRF(ssl_get_algorithm2(s),
+
+    /* Calls SSLfatal() as required */
+    ret = tls1_PRF(s,
                    TLS_MD_KEY_EXPANSION_CONST,
                    TLS_MD_KEY_EXPANSION_CONST_SIZE, s->s3->server_random,
                    SSL3_RANDOM_SIZE, s->s3->client_random, SSL3_RANDOM_SIZE,
                    NULL, 0, NULL, 0, s->session->master_key,
-                   s->session->master_key_length, km, tmp, num);
-#ifdef KSSL_DEBUG
-    fprintf(stderr, "tls1_generate_key_block() ==> %d byte master_key =\n\t",
-            s->session->master_key_length);
-    {
-        int i;
-        for (i = 0; i < s->session->master_key_length; i++) {
-            fprintf(stderr, "%02X", s->session->master_key[i]);
-        }
-        fprintf(stderr, "\n");
-    }
-#endif                          /* KSSL_DEBUG */
+                   s->session->master_key_length, km, num, 1);
+
     return ret;
 }
 
 int tls1_change_cipher_state(SSL *s, int which)
 {
-    static const unsigned char empty[] = "";
     unsigned char *p, *mac_secret;
-    unsigned char *exp_label;
     unsigned char tmp1[EVP_MAX_KEY_LENGTH];
     unsigned char tmp2[EVP_MAX_KEY_LENGTH];
     unsigned char iv1[EVP_MAX_IV_LENGTH * 2];
     unsigned char iv2[EVP_MAX_IV_LENGTH * 2];
     unsigned char *ms, *key, *iv;
-    int client_write;
     EVP_CIPHER_CTX *dd;
     const EVP_CIPHER *c;
 #ifndef OPENSSL_NO_COMP
@@ -336,13 +95,12 @@ int tls1_change_cipher_state(SSL *s, int which)
 #endif
     const EVP_MD *m;
     int mac_type;
-    int *mac_secret_size;
+    size_t *mac_secret_size;
     EVP_MD_CTX *mac_ctx;
     EVP_PKEY *mac_key;
-    int is_export, n, i, j, k, exp_label_len, cl;
+    size_t n, i, j, k, cl;
     int reuse_dd = 0;
 
-    is_export = SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
     c = s->s3->tmp.new_sym_enc;
     m = s->s3->tmp.new_hash;
     mac_type = s->s3->tmp.new_mac_pkey_type;
@@ -350,101 +108,100 @@ int tls1_change_cipher_state(SSL *s, int which)
     comp = s->s3->tmp.new_compression;
 #endif
 
-#ifdef KSSL_DEBUG
-    fprintf(stderr, "tls1_change_cipher_state(which= %d) w/\n", which);
-    fprintf(stderr, "\talg= %ld/%ld, comp= %p\n",
-            s->s3->tmp.new_cipher->algorithm_mkey,
-            s->s3->tmp.new_cipher->algorithm_auth, comp);
-    fprintf(stderr, "\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", c);
-    fprintf(stderr, "\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n",
-            c->nid, c->block_size, c->key_len, c->iv_len);
-    fprintf(stderr, "\tkey_block: len= %d, data= ",
-            s->s3->tmp.key_block_length);
-    {
-        int i;
-        for (i = 0; i < s->s3->tmp.key_block_length; i++)
-            fprintf(stderr, "%02x", s->s3->tmp.key_block[i]);
-        fprintf(stderr, "\n");
-    }
-#endif                          /* KSSL_DEBUG */
-
     if (which & SSL3_CC_READ) {
+        if (s->ext.use_etm)
+            s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC_READ;
+        else
+            s->s3->flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC_READ;
+
         if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
             s->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM;
         else
             s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM;
 
-        if (s->enc_read_ctx != NULL)
+        if (s->enc_read_ctx != NULL) {
             reuse_dd = 1;
-        else if ((s->enc_read_ctx =
-                  OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
+        } else if ((s->enc_read_ctx = EVP_CIPHER_CTX_new()) == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE,
+                     ERR_R_MALLOC_FAILURE);
             goto err;
-        else
+        } else {
             /*
-             * make sure it's intialized in case we exit later with an error
+             * make sure it's initialised in case we exit later with an error
              */
-            EVP_CIPHER_CTX_init(s->enc_read_ctx);
+            EVP_CIPHER_CTX_reset(s->enc_read_ctx);
+        }
         dd = s->enc_read_ctx;
         mac_ctx = ssl_replace_hash(&s->read_hash, NULL);
         if (mac_ctx == NULL)
             goto err;
 #ifndef OPENSSL_NO_COMP
-        if (s->expand != NULL) {
-            COMP_CTX_free(s->expand);
-            s->expand = NULL;
-        }
+        COMP_CTX_free(s->expand);
+        s->expand = NULL;
         if (comp != NULL) {
             s->expand = COMP_CTX_new(comp->method);
             if (s->expand == NULL) {
-                SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,
-                       SSL_R_COMPRESSION_LIBRARY_ERROR);
-                goto err2;
-            }
-            if (s->s3->rrec.comp == NULL)
-                s->s3->rrec.comp = (unsigned char *)
-                    OPENSSL_malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);
-            if (s->s3->rrec.comp == NULL)
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS1_CHANGE_CIPHER_STATE,
+                         SSL_R_COMPRESSION_LIBRARY_ERROR);
                 goto err;
+            }
         }
 #endif
         /*
          * this is done by dtls1_reset_seq_numbers for DTLS
          */
         if (!SSL_IS_DTLS(s))
-            memset(&(s->s3->read_sequence[0]), 0, 8);
+            RECORD_LAYER_reset_read_sequence(&s->rlayer);
         mac_secret = &(s->s3->read_mac_secret[0]);
         mac_secret_size = &(s->s3->read_mac_secret_size);
     } else {
+        s->statem.enc_write_state = ENC_WRITE_STATE_INVALID;
+        if (s->ext.use_etm)
+            s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE;
+        else
+            s->s3->flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE;
+
         if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
             s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
         else
             s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;
-        if (s->enc_write_ctx != NULL && !SSL_IS_DTLS(s))
+        if (s->enc_write_ctx != NULL && !SSL_IS_DTLS(s)) {
             reuse_dd = 1;
-        else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL)
+        } else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE,
+                     ERR_R_MALLOC_FAILURE);
             goto err;
+        }
         dd = s->enc_write_ctx;
         if (SSL_IS_DTLS(s)) {
-            mac_ctx = EVP_MD_CTX_create();
-            if (mac_ctx == NULL)
+            mac_ctx = EVP_MD_CTX_new();
+            if (mac_ctx == NULL) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS1_CHANGE_CIPHER_STATE,
+                         ERR_R_MALLOC_FAILURE);
                 goto err;
+            }
             s->write_hash = mac_ctx;
         } else {
             mac_ctx = ssl_replace_hash(&s->write_hash, NULL);
-            if (mac_ctx == NULL)
+            if (mac_ctx == NULL) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS1_CHANGE_CIPHER_STATE,
+                         ERR_R_MALLOC_FAILURE);
                 goto err;
+            }
         }
 #ifndef OPENSSL_NO_COMP
-        if (s->compress != NULL) {
-            COMP_CTX_free(s->compress);
-            s->compress = NULL;
-        }
+        COMP_CTX_free(s->compress);
+        s->compress = NULL;
         if (comp != NULL) {
             s->compress = COMP_CTX_new(comp->method);
             if (s->compress == NULL) {
-                SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,
-                       SSL_R_COMPRESSION_LIBRARY_ERROR);
-                goto err2;
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS1_CHANGE_CIPHER_STATE,
+                        SSL_R_COMPRESSION_LIBRARY_ERROR);
+                goto err;
             }
         }
 #endif
@@ -452,24 +209,26 @@ int tls1_change_cipher_state(SSL *s, int which)
          * this is done by dtls1_reset_seq_numbers for DTLS
          */
         if (!SSL_IS_DTLS(s))
-            memset(&(s->s3->write_sequence[0]), 0, 8);
+            RECORD_LAYER_reset_write_sequence(&s->rlayer);
         mac_secret = &(s->s3->write_mac_secret[0]);
         mac_secret_size = &(s->s3->write_mac_secret_size);
     }
 
     if (reuse_dd)
-        EVP_CIPHER_CTX_cleanup(dd);
+        EVP_CIPHER_CTX_reset(dd);
 
     p = s->s3->tmp.key_block;
     i = *mac_secret_size = s->s3->tmp.new_mac_secret_size;
 
+    /* TODO(size_t): convert me */
     cl = EVP_CIPHER_key_length(c);
-    j = is_export ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
-                     cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
+    j = cl;
     /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
-    /* If GCM mode only part of IV comes from PRF */
+    /* If GCM/CCM mode only part of IV comes from PRF */
     if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE)
         k = EVP_GCM_TLS_FIXED_IV_LEN;
+    else if (EVP_CIPHER_mode(c) == EVP_CIPH_CCM_MODE)
+        k = EVP_CCM_TLS_FIXED_IV_LEN;
     else
         k = EVP_CIPHER_iv_length(c);
     if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
@@ -480,9 +239,6 @@ int tls1_change_cipher_state(SSL *s, int which)
         n += j + j;
         iv = &(p[n]);
         n += k + k;
-        exp_label = (unsigned char *)TLS_MD_CLIENT_WRITE_KEY_CONST;
-        exp_label_len = TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE;
-        client_write = 1;
     } else {
         n = i;
         ms = &(p[n]);
@@ -491,121 +247,80 @@ int tls1_change_cipher_state(SSL *s, int which)
         n += j + k;
         iv = &(p[n]);
         n += k;
-        exp_label = (unsigned char *)TLS_MD_SERVER_WRITE_KEY_CONST;
-        exp_label_len = TLS_MD_SERVER_WRITE_KEY_CONST_SIZE;
-        client_write = 0;
     }
 
     if (n > s->s3->tmp.key_block_length) {
-        SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
-        goto err2;
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
     }
 
     memcpy(mac_secret, ms, i);
 
     if (!(EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER)) {
-        mac_key = EVP_PKEY_new_mac_key(mac_type, NULL,
-                                       mac_secret, *mac_secret_size);
+        /* TODO(size_t): Convert this function */
+        mac_key = EVP_PKEY_new_mac_key(mac_type, NULL, mac_secret,
+                                               (int)*mac_secret_size);
         if (mac_key == NULL
-                || EVP_DigestSignInit(mac_ctx, NULL, m, NULL, mac_key) <= 0) {
+            || EVP_DigestSignInit(mac_ctx, NULL, m, NULL, mac_key) <= 0) {
             EVP_PKEY_free(mac_key);
-            SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
-            goto err2;
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
         }
         EVP_PKEY_free(mac_key);
     }
-#ifdef TLS_DEBUG
+#ifdef SSL_DEBUG
     printf("which = %04X\nmac key=", which);
     {
-        int z;
+        size_t z;
         for (z = 0; z < i; z++)
             printf("%02X%c", ms[z], ((z + 1) % 16) ? ' ' : '\n');
     }
 #endif
-    if (is_export) {
-        /*
-         * In here I set both the read and write key/iv to the same value
-         * since only the correct one will be used :-).
-         */
-        if (!tls1_PRF(ssl_get_algorithm2(s),
-                      exp_label, exp_label_len,
-                      s->s3->client_random, SSL3_RANDOM_SIZE,
-                      s->s3->server_random, SSL3_RANDOM_SIZE,
-                      NULL, 0, NULL, 0,
-                      key, j, tmp1, tmp2, EVP_CIPHER_key_length(c)))
-            goto err2;
-        key = tmp1;
-
-        if (k > 0) {
-            if (!tls1_PRF(ssl_get_algorithm2(s),
-                          TLS_MD_IV_BLOCK_CONST, TLS_MD_IV_BLOCK_CONST_SIZE,
-                          s->s3->client_random, SSL3_RANDOM_SIZE,
-                          s->s3->server_random, SSL3_RANDOM_SIZE,
-                          NULL, 0, NULL, 0, empty, 0, iv1, iv2, k * 2))
-                goto err2;
-            if (client_write)
-                iv = iv1;
-            else
-                iv = &(iv1[k]);
-        }
-    }
-
-    s->session->key_arg_length = 0;
-#ifdef KSSL_DEBUG
-    {
-        int i;
-        fprintf(stderr, "EVP_CipherInit_ex(dd,c,key=,iv=,which)\n");
-        fprintf(stderr, "\tkey= ");
-        for (i = 0; i < c->key_len; i++)
-            fprintf(stderr, "%02x", key[i]);
-        fprintf(stderr, "\n");
-        fprintf(stderr, "\t iv= ");
-        for (i = 0; i < c->iv_len; i++)
-            fprintf(stderr, "%02x", iv[i]);
-        fprintf(stderr, "\n");
-    }
-#endif                          /* KSSL_DEBUG */
 
     if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE) {
         if (!EVP_CipherInit_ex(dd, c, NULL, key, NULL, (which & SSL3_CC_WRITE))
-            || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GCM_SET_IV_FIXED, k, iv)) {
-            SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
-            goto err2;
+            || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GCM_SET_IV_FIXED, (int)k,
+                                    iv)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+    } else if (EVP_CIPHER_mode(c) == EVP_CIPH_CCM_MODE) {
+        int taglen;
+        if (s->s3->tmp.
+            new_cipher->algorithm_enc & (SSL_AES128CCM8 | SSL_AES256CCM8))
+            taglen = EVP_CCM8_TLS_TAG_LEN;
+        else
+            taglen = EVP_CCM_TLS_TAG_LEN;
+        if (!EVP_CipherInit_ex(dd, c, NULL, NULL, NULL, (which & SSL3_CC_WRITE))
+            || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_IVLEN, 12, NULL)
+            || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_TAG, taglen, NULL)
+            || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_CCM_SET_IV_FIXED, (int)k, iv)
+            || !EVP_CipherInit_ex(dd, NULL, NULL, key, NULL, -1)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
         }
     } else {
         if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE))) {
-            SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
-            goto err2;
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
         }
     }
     /* Needed for "composite" AEADs, such as RC4-HMAC-MD5 */
     if ((EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER) && *mac_secret_size
         && !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_MAC_KEY,
-                                *mac_secret_size, mac_secret)) {
-        SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
-        goto err2;
-    }
-#ifdef OPENSSL_SSL_TRACE_CRYPTO
-    if (s->msg_callback) {
-        int wh = which & SSL3_CC_WRITE ? TLS1_RT_CRYPTO_WRITE : 0;
-        if (*mac_secret_size)
-            s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_MAC,
-                            mac_secret, *mac_secret_size,
-                            s, s->msg_callback_arg);
-        if (c->key_len)
-            s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_KEY,
-                            key, c->key_len, s, s->msg_callback_arg);
-        if (k) {
-            if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE)
-                wh |= TLS1_RT_CRYPTO_FIXED_IV;
-            else
-                wh |= TLS1_RT_CRYPTO_IV;
-            s->msg_callback(2, s->version, wh, iv, k, s, s->msg_callback_arg);
-        }
+                                (int)*mac_secret_size, mac_secret)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
     }
-#endif
+    s->statem.enc_write_state = ENC_WRITE_STATE_VALID;
 
-#ifdef TLS_DEBUG
+#ifdef SSL_DEBUG
     printf("which = %04X\nkey=", which);
     {
         int z;
@@ -614,7 +329,7 @@ int tls1_change_cipher_state(SSL *s, int which)
     }
     printf("\niv=");
     {
-        int z;
+        size_t z;
         for (z = 0; z < k; z++)
             printf("%02X%c", iv[z], ((z + 1) % 16) ? ' ' : '\n');
     }
@@ -625,59 +340,54 @@ int tls1_change_cipher_state(SSL *s, int which)
     OPENSSL_cleanse(tmp2, sizeof(tmp1));
     OPENSSL_cleanse(iv1, sizeof(iv1));
     OPENSSL_cleanse(iv2, sizeof(iv2));
-    return (1);
+    return 1;
  err:
-    SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE);
- err2:
-    return (0);
+    OPENSSL_cleanse(tmp1, sizeof(tmp1));
+    OPENSSL_cleanse(tmp2, sizeof(tmp1));
+    OPENSSL_cleanse(iv1, sizeof(iv1));
+    OPENSSL_cleanse(iv2, sizeof(iv2));
+    return 0;
 }
 
 int tls1_setup_key_block(SSL *s)
 {
-    unsigned char *p1, *p2 = NULL;
+    unsigned char *p;
     const EVP_CIPHER *c;
     const EVP_MD *hash;
-    int num;
     SSL_COMP *comp;
-    int mac_type = NID_undef, mac_secret_size = 0;
+    int mac_type = NID_undef;
+    size_t num, mac_secret_size = 0;
     int ret = 0;
 
-#ifdef KSSL_DEBUG
-    fprintf(stderr, "tls1_setup_key_block()\n");
-#endif                          /* KSSL_DEBUG */
-
     if (s->s3->tmp.key_block_length != 0)
-        return (1);
+        return 1;
 
-    if (!ssl_cipher_get_evp
-        (s->session, &c, &hash, &mac_type, &mac_secret_size, &comp)) {
-        SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
-        return (0);
+    if (!ssl_cipher_get_evp(s->session, &c, &hash, &mac_type, &mac_secret_size,
+                            &comp, s->ext.use_etm)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_SETUP_KEY_BLOCK,
+                 SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
+        return 0;
     }
 
     s->s3->tmp.new_sym_enc = c;
     s->s3->tmp.new_hash = hash;
     s->s3->tmp.new_mac_pkey_type = mac_type;
     s->s3->tmp.new_mac_secret_size = mac_secret_size;
-    num =
-        EVP_CIPHER_key_length(c) + mac_secret_size + EVP_CIPHER_iv_length(c);
+    num = EVP_CIPHER_key_length(c) + mac_secret_size + EVP_CIPHER_iv_length(c);
     num *= 2;
 
     ssl3_cleanup_key_block(s);
 
-    if ((p1 = (unsigned char *)OPENSSL_malloc(num)) == NULL) {
-        SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE);
+    if ((p = OPENSSL_malloc(num)) == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_SETUP_KEY_BLOCK,
+                 ERR_R_MALLOC_FAILURE);
         goto err;
     }
 
     s->s3->tmp.key_block_length = num;
-    s->s3->tmp.key_block = p1;
+    s->s3->tmp.key_block = p;
 
-    if ((p2 = (unsigned char *)OPENSSL_malloc(num)) == NULL) {
-        SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-#ifdef TLS_DEBUG
+#ifdef SSL_DEBUG
     printf("client random\n");
     {
         int z;
@@ -692,22 +402,24 @@ int tls1_setup_key_block(SSL *s)
             printf("%02X%c", s->s3->server_random[z],
                    ((z + 1) % 16) ? ' ' : '\n');
     }
-    printf("pre-master\n");
+    printf("master key\n");
     {
-        int z;
+        size_t z;
         for (z = 0; z < s->session->master_key_length; z++)
             printf("%02X%c", s->session->master_key[z],
                    ((z + 1) % 16) ? ' ' : '\n');
     }
 #endif
-    if (!tls1_generate_key_block(s, p1, p2, num))
+    if (!tls1_generate_key_block(s, p, num)) {
+        /* SSLfatal() already called */
         goto err;
-#ifdef TLS_DEBUG
+    }
+#ifdef SSL_DEBUG
     printf("\nkey block\n");
     {
-        int z;
+        size_t z;
         for (z = 0; z < num; z++)
-            printf("%02X%c", p1[z], ((z + 1) % 16) ? ' ' : '\n');
+            printf("%02X%c", p[z], ((z + 1) % 16) ? ' ' : '\n');
     }
 #endif
 
@@ -732,443 +444,80 @@ int tls1_setup_key_block(SSL *s)
 
     ret = 1;
  err:
-    if (p2) {
-        OPENSSL_cleanse(p2, num);
-        OPENSSL_free(p2);
-    }
-    return (ret);
-}
-
-/*-
- * tls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
- *
- * Returns:
- *   0: (in non-constant time) if the record is publically invalid (i.e. too
- *       short etc).
- *   1: if the record's padding is valid / the encryption was successful.
- *   -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
- *       an internal error occured.
- */
-int tls1_enc(SSL *s, int send)
-{
-    SSL3_RECORD *rec;
-    EVP_CIPHER_CTX *ds;
-    unsigned long l;
-    int bs, i, j, k, pad = 0, ret, mac_size = 0;
-    const EVP_CIPHER *enc;
-
-    if (send) {
-        if (EVP_MD_CTX_md(s->write_hash)) {
-            int n = EVP_MD_CTX_size(s->write_hash);
-            OPENSSL_assert(n >= 0);
-        }
-        ds = s->enc_write_ctx;
-        rec = &(s->s3->wrec);
-        if (s->enc_write_ctx == NULL)
-            enc = NULL;
-        else {
-            int ivlen;
-            enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
-            /* For TLSv1.1 and later explicit IV */
-            if (SSL_USE_EXPLICIT_IV(s)
-                && EVP_CIPHER_mode(enc) == EVP_CIPH_CBC_MODE)
-                ivlen = EVP_CIPHER_iv_length(enc);
-            else
-                ivlen = 0;
-            if (ivlen > 1) {
-                if (rec->data != rec->input)
-                    /*
-                     * we can't write into the input stream: Can this ever
-                     * happen?? (steve)
-                     */
-                    fprintf(stderr,
-                            "%s:%d: rec->data != rec->input\n",
-                            __FILE__, __LINE__);
-                else if (RAND_bytes(rec->input, ivlen) <= 0)
-                    return -1;
-            }
-        }
-    } else {
-        if (EVP_MD_CTX_md(s->read_hash)) {
-            int n = EVP_MD_CTX_size(s->read_hash);
-            OPENSSL_assert(n >= 0);
-        }
-        ds = s->enc_read_ctx;
-        rec = &(s->s3->rrec);
-        if (s->enc_read_ctx == NULL)
-            enc = NULL;
-        else
-            enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
-    }
-
-#ifdef KSSL_DEBUG
-    fprintf(stderr, "tls1_enc(%d)\n", send);
-#endif                          /* KSSL_DEBUG */
-
-    if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) {
-        memmove(rec->data, rec->input, rec->length);
-        rec->input = rec->data;
-        ret = 1;
-    } else {
-        l = rec->length;
-        bs = EVP_CIPHER_block_size(ds->cipher);
-
-        if (EVP_CIPHER_flags(ds->cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
-            unsigned char buf[EVP_AEAD_TLS1_AAD_LEN], *seq;
-
-            seq = send ? s->s3->write_sequence : s->s3->read_sequence;
-
-            if (SSL_IS_DTLS(s)) {
-                unsigned char dtlsseq[9], *p = dtlsseq;
-
-                s2n(send ? s->d1->w_epoch : s->d1->r_epoch, p);
-                memcpy(p, &seq[2], 6);
-                memcpy(buf, dtlsseq, 8);
-            } else {
-                memcpy(buf, seq, 8);
-                for (i = 7; i >= 0; i--) { /* increment */
-                    ++seq[i];
-                    if (seq[i] != 0)
-                        break;
-                }
-            }
-
-            buf[8] = rec->type;
-            buf[9] = (unsigned char)(s->version >> 8);
-            buf[10] = (unsigned char)(s->version);
-            buf[11] = rec->length >> 8;
-            buf[12] = rec->length & 0xff;
-            pad = EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_AEAD_TLS1_AAD,
-                                      EVP_AEAD_TLS1_AAD_LEN, buf);
-            if (pad <= 0)
-                return -1;
-            if (send) {
-                l += pad;
-                rec->length += pad;
-            }
-        } else if ((bs != 1) && send) {
-            i = bs - ((int)l % bs);
-
-            /* Add weird padding of upto 256 bytes */
-
-            /* we need to add 'i' padding bytes of value j */
-            j = i - 1;
-            if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) {
-                if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
-                    j++;
-            }
-            for (k = (int)l; k < (int)(l + i); k++)
-                rec->input[k] = j;
-            l += i;
-            rec->length += i;
-        }
-#ifdef KSSL_DEBUG
-        {
-            unsigned long ui;
-            fprintf(stderr,
-                    "EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
-                    ds, rec->data, rec->input, l);
-            fprintf(stderr,
-                    "\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%lu %lu], %d iv_len\n",
-                    ds->buf_len, ds->cipher->key_len, DES_KEY_SZ,
-                    DES_SCHEDULE_SZ, ds->cipher->iv_len);
-            fprintf(stderr, "\t\tIV: ");
-            for (i = 0; i < ds->cipher->iv_len; i++)
-                fprintf(stderr, "%02X", ds->iv[i]);
-            fprintf(stderr, "\n");
-            fprintf(stderr, "\trec->input=");
-            for (ui = 0; ui < l; ui++)
-                fprintf(stderr, " %02x", rec->input[ui]);
-            fprintf(stderr, "\n");
-        }
-#endif                          /* KSSL_DEBUG */
-
-        if (!send) {
-            if (l == 0 || l % bs != 0)
-                return 0;
-        }
-
-        i = EVP_Cipher(ds, rec->data, rec->input, l);
-        if ((EVP_CIPHER_flags(ds->cipher) & EVP_CIPH_FLAG_CUSTOM_CIPHER)
-            ? (i < 0)
-            : (i == 0))
-            return -1;          /* AEAD can fail to verify MAC */
-        if (EVP_CIPHER_mode(enc) == EVP_CIPH_GCM_MODE && !send) {
-            rec->data += EVP_GCM_TLS_EXPLICIT_IV_LEN;
-            rec->input += EVP_GCM_TLS_EXPLICIT_IV_LEN;
-            rec->length -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
-        }
-#ifdef KSSL_DEBUG
-        {
-            unsigned long i;
-            fprintf(stderr, "\trec->data=");
-            for (i = 0; i < l; i++)
-                fprintf(stderr, " %02x", rec->data[i]);
-            fprintf(stderr, "\n");
-        }
-#endif                          /* KSSL_DEBUG */
-
-        ret = 1;
-        if (EVP_MD_CTX_md(s->read_hash) != NULL)
-            mac_size = EVP_MD_CTX_size(s->read_hash);
-        if ((bs != 1) && !send)
-            ret = tls1_cbc_remove_padding(s, rec, bs, mac_size);
-        if (pad && !send)
-            rec->length -= pad;
-    }
     return ret;
 }
 
-int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out)
+size_t tls1_final_finish_mac(SSL *s, const char *str, size_t slen,
+                             unsigned char *out)
 {
-    unsigned int ret;
-    EVP_MD_CTX ctx, *d = NULL;
-    int i;
-
-    if (s->s3->handshake_buffer)
-        if (!ssl3_digest_cached_records(s))
-            return 0;
+    size_t hashlen;
+    unsigned char hash[EVP_MAX_MD_SIZE];
 
-    for (i = 0; i < SSL_MAX_DIGEST; i++) {
-        if (s->s3->handshake_dgst[i]
-            && EVP_MD_CTX_type(s->s3->handshake_dgst[i]) == md_nid) {
-            d = s->s3->handshake_dgst[i];
-            break;
-        }
-    }
-    if (!d) {
-        SSLerr(SSL_F_TLS1_CERT_VERIFY_MAC, SSL_R_NO_REQUIRED_DIGEST);
+    if (!ssl3_digest_cached_records(s, 0)) {
+        /* SSLfatal() already called */
         return 0;
     }
 
-    EVP_MD_CTX_init(&ctx);
-    if (EVP_MD_CTX_copy_ex(&ctx, d) <=0
-            || EVP_DigestFinal_ex(&ctx, out, &ret) <= 0)
-        ret = 0;
-    EVP_MD_CTX_cleanup(&ctx);
-    return ((int)ret);
-}
-
-int tls1_final_finish_mac(SSL *s,
-                          const char *str, int slen, unsigned char *out)
-{
-    unsigned int i;
-    EVP_MD_CTX ctx;
-    unsigned char buf[2 * EVP_MAX_MD_SIZE];
-    unsigned char *q, buf2[12];
-    int idx;
-    long mask;
-    int err = 0;
-    const EVP_MD *md;
-
-    q = buf;
-
-    if (s->s3->handshake_buffer)
-        if (!ssl3_digest_cached_records(s))
-            return 0;
-
-    EVP_MD_CTX_init(&ctx);
-
-    for (idx = 0; ssl_get_handshake_digest(idx, &mask, &md); idx++) {
-        if (mask & ssl_get_algorithm2(s)) {
-            int hashsize = EVP_MD_size(md);
-            EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx];
-            if (!hdgst || hashsize < 0
-                || hashsize > (int)(sizeof(buf) - (size_t)(q - buf))) {
-                /*
-                 * internal error: 'buf' is too small for this cipersuite!
-                 */
-                err = 1;
-            } else {
-                if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) ||
-                    !EVP_DigestFinal_ex(&ctx, q, &i) ||
-                    (i != (unsigned int)hashsize))
-                    err = 1;
-                q += hashsize;
-            }
-        }
+    if (!ssl_handshake_hash(s, hash, sizeof(hash), &hashlen)) {
+        /* SSLfatal() already called */
+        return 0;
     }
 
-    if (!tls1_PRF(ssl_get_algorithm2(s),
-                  str, slen, buf, (int)(q - buf), NULL, 0, NULL, 0, NULL, 0,
+    if (!tls1_PRF(s, str, slen, hash, hashlen, NULL, 0, NULL, 0, NULL, 0,
                   s->session->master_key, s->session->master_key_length,
-                  out, buf2, sizeof(buf2)))
-        err = 1;
-    EVP_MD_CTX_cleanup(&ctx);
-
-    OPENSSL_cleanse(buf, (int)(q - buf));
-    OPENSSL_cleanse(buf2, sizeof(buf2));
-    if (err)
+                  out, TLS1_FINISH_MAC_LENGTH, 1)) {
+        /* SSLfatal() already called */
         return 0;
-    else
-        return sizeof(buf2);
+    }
+    OPENSSL_cleanse(hash, hashlen);
+    return TLS1_FINISH_MAC_LENGTH;
 }
 
-int tls1_mac(SSL *ssl, unsigned char *md, int send)
+int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
+                                size_t len, size_t *secret_size)
 {
-    SSL3_RECORD *rec;
-    unsigned char *seq;
-    EVP_MD_CTX *hash;
-    size_t md_size, orig_len;
-    int i;
-    EVP_MD_CTX hmac, *mac_ctx;
-    unsigned char header[13];
-    int stream_mac = (send ? (ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM)
-                      : (ssl->mac_flags & SSL_MAC_FLAG_READ_MAC_STREAM));
-    int t;
-
-    if (send) {
-        rec = &(ssl->s3->wrec);
-        seq = &(ssl->s3->write_sequence[0]);
-        hash = ssl->write_hash;
-    } else {
-        rec = &(ssl->s3->rrec);
-        seq = &(ssl->s3->read_sequence[0]);
-        hash = ssl->read_hash;
-    }
-
-    t = EVP_MD_CTX_size(hash);
-    OPENSSL_assert(t >= 0);
-    md_size = t;
-
-    /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */
-    if (stream_mac) {
-        mac_ctx = hash;
-    } else {
-        if (!EVP_MD_CTX_copy(&hmac, hash))
-            return -1;
-        mac_ctx = &hmac;
-    }
-
-    if (SSL_IS_DTLS(ssl)) {
-        unsigned char dtlsseq[8], *p = dtlsseq;
-
-        s2n(send ? ssl->d1->w_epoch : ssl->d1->r_epoch, p);
-        memcpy(p, &seq[2], 6);
-
-        memcpy(header, dtlsseq, 8);
-    } else
-        memcpy(header, seq, 8);
-
-    /*
-     * kludge: tls1_cbc_remove_padding passes padding length in rec->type
-     */
-    orig_len = rec->length + md_size + ((unsigned int)rec->type >> 8);
-    rec->type &= 0xff;
-
-    header[8] = rec->type;
-    header[9] = (unsigned char)(ssl->version >> 8);
-    header[10] = (unsigned char)(ssl->version);
-    header[11] = (rec->length) >> 8;
-    header[12] = (rec->length) & 0xff;
-
-    if (!send &&
-        EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
-        ssl3_cbc_record_digest_supported(mac_ctx)) {
+    if (s->session->flags & SSL_SESS_FLAG_EXTMS) {
+        unsigned char hash[EVP_MAX_MD_SIZE * 2];
+        size_t hashlen;
         /*
-         * This is a CBC-encrypted record. We must avoid leaking any
-         * timing-side channel information about how many blocks of data we
-         * are hashing because that gives an attacker a timing-oracle.
+         * Digest cached records keeping record buffer (if present): this wont
+         * affect client auth because we're freezing the buffer at the same
+         * point (after client key exchange and before certificate verify)
          */
-        /* Final param == not SSLv3 */
-        if (ssl3_cbc_digest_record(mac_ctx,
-                                   md, &md_size,
-                                   header, rec->input,
-                                   rec->length + md_size, orig_len,
-                                   ssl->s3->read_mac_secret,
-                                   ssl->s3->read_mac_secret_size, 0) <= 0) {
-            if (!stream_mac)
-                EVP_MD_CTX_cleanup(&hmac);
-            return -1;
-        }
-    } else {
-        if (EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)) <= 0
-                || EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length) <= 0
-                || EVP_DigestSignFinal(mac_ctx, md, &md_size) <= 0) {
-            if (!stream_mac)
-                EVP_MD_CTX_cleanup(&hmac);
-            return -1;
+        if (!ssl3_digest_cached_records(s, 1)
+                || !ssl_handshake_hash(s, hash, sizeof(hash), &hashlen)) {
+            /* SSLfatal() already called */
+            return 0;
         }
-#ifdef OPENSSL_FIPS
-        if (!send && FIPS_mode())
-            tls_fips_digest_extra(ssl->enc_read_ctx,
-                                  mac_ctx, rec->input, rec->length, orig_len);
-#endif
-    }
-
-    if (!stream_mac)
-        EVP_MD_CTX_cleanup(&hmac);
-#ifdef TLS_DEBUG
-    fprintf(stderr, "seq=");
-    {
-        int z;
-        for (z = 0; z < 8; z++)
-            fprintf(stderr, "%02X ", seq[z]);
-        fprintf(stderr, "\n");
-    }
-    fprintf(stderr, "rec=");
-    {
-        unsigned int z;
-        for (z = 0; z < rec->length; z++)
-            fprintf(stderr, "%02X ", rec->data[z]);
-        fprintf(stderr, "\n");
-    }
+#ifdef SSL_DEBUG
+        fprintf(stderr, "Handshake hashes:\n");
+        BIO_dump_fp(stderr, (char *)hash, hashlen);
 #endif
-
-    if (!SSL_IS_DTLS(ssl)) {
-        for (i = 7; i >= 0; i--) {
-            ++seq[i];
-            if (seq[i] != 0)
-                break;
+        if (!tls1_PRF(s,
+                      TLS_MD_EXTENDED_MASTER_SECRET_CONST,
+                      TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE,
+                      hash, hashlen,
+                      NULL, 0,
+                      NULL, 0,
+                      NULL, 0, p, len, out,
+                      SSL3_MASTER_SECRET_SIZE, 1)) {
+            /* SSLfatal() already called */
+            return 0;
+        }
+        OPENSSL_cleanse(hash, hashlen);
+    } else {
+        if (!tls1_PRF(s,
+                      TLS_MD_MASTER_SECRET_CONST,
+                      TLS_MD_MASTER_SECRET_CONST_SIZE,
+                      s->s3->client_random, SSL3_RANDOM_SIZE,
+                      NULL, 0,
+                      s->s3->server_random, SSL3_RANDOM_SIZE,
+                      NULL, 0, p, len, out,
+                      SSL3_MASTER_SECRET_SIZE, 1)) {
+           /* SSLfatal() already called */
+            return 0;
         }
     }
-#ifdef TLS_DEBUG
-    {
-        unsigned int z;
-        for (z = 0; z < md_size; z++)
-            fprintf(stderr, "%02X ", md[z]);
-        fprintf(stderr, "\n");
-    }
-#endif
-    return (md_size);
-}
-
-int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
-                                int len)
-{
-    unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH];
-    const void *co = NULL, *so = NULL;
-    int col = 0, sol = 0;
-
-#ifdef KSSL_DEBUG
-    fprintf(stderr, "tls1_generate_master_secret(%p,%p, %p, %d)\n", s, out, p,
-            len);
-#endif                          /* KSSL_DEBUG */
-
-#ifdef TLSEXT_TYPE_opaque_prf_input
-    if (s->s3->client_opaque_prf_input != NULL
-        && s->s3->server_opaque_prf_input != NULL
-        && s->s3->client_opaque_prf_input_len > 0
-        && s->s3->client_opaque_prf_input_len ==
-        s->s3->server_opaque_prf_input_len) {
-        co = s->s3->client_opaque_prf_input;
-        col = s->s3->server_opaque_prf_input_len;
-        so = s->s3->server_opaque_prf_input;
-        /*
-         * must be same as col (see
-         * draft-rescorla-tls-opaque-prf-input-00.txt, section 3.1)
-         */
-        sol = s->s3->client_opaque_prf_input_len;
-    }
-#endif
-
-    tls1_PRF(ssl_get_algorithm2(s),
-             TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE,
-             s->s3->client_random, SSL3_RANDOM_SIZE,
-             co, col,
-             s->s3->server_random, SSL3_RANDOM_SIZE,
-             so, sol, p, len, s->session->master_key, buff, sizeof(buff));
-    OPENSSL_cleanse(buff, sizeof(buff));
 #ifdef SSL_DEBUG
     fprintf(stderr, "Premaster Secret:\n");
     BIO_dump_fp(stderr, (char *)p, len);
@@ -1181,26 +530,8 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
                 SSL3_MASTER_SECRET_SIZE);
 #endif
 
-#ifdef OPENSSL_SSL_TRACE_CRYPTO
-    if (s->msg_callback) {
-        s->msg_callback(2, s->version, TLS1_RT_CRYPTO_PREMASTER,
-                        p, len, s, s->msg_callback_arg);
-        s->msg_callback(2, s->version, TLS1_RT_CRYPTO_CLIENT_RANDOM,
-                        s->s3->client_random, SSL3_RANDOM_SIZE,
-                        s, s->msg_callback_arg);
-        s->msg_callback(2, s->version, TLS1_RT_CRYPTO_SERVER_RANDOM,
-                        s->s3->server_random, SSL3_RANDOM_SIZE,
-                        s, s->msg_callback_arg);
-        s->msg_callback(2, s->version, TLS1_RT_CRYPTO_MASTER,
-                        s->session->master_key,
-                        SSL3_MASTER_SECRET_SIZE, s, s->msg_callback_arg);
-    }
-#endif
-
-#ifdef KSSL_DEBUG
-    fprintf(stderr, "tls1_generate_master_secret() complete\n");
-#endif                          /* KSSL_DEBUG */
-    return (SSL3_MASTER_SECRET_SIZE);
+    *secret_size = SSL3_MASTER_SECRET_SIZE;
+    return 1;
 }
 
 int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
@@ -1208,20 +539,10 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
                                 const unsigned char *context,
                                 size_t contextlen, int use_context)
 {
-    unsigned char *buff;
     unsigned char *val = NULL;
-    size_t vallen, currentvalpos;
+    size_t vallen = 0, currentvalpos;
     int rv;
 
-#ifdef KSSL_DEBUG
-    fprintf(stderr, "tls1_export_keying_material(%p,%p,%lu,%s,%lu,%p,%lu)\n",
-            s, out, olen, label, llen, context, contextlen);
-#endif                          /* KSSL_DEBUG */
-
-    buff = OPENSSL_malloc(olen);
-    if (buff == NULL)
-        goto err2;
-
     /*
      * construct PRF arguments we construct the PRF argument ourself rather
      * than passing separate values into the TLS PRF to ensure that the
@@ -1267,112 +588,105 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
     if (memcmp(val, TLS_MD_MASTER_SECRET_CONST,
                TLS_MD_MASTER_SECRET_CONST_SIZE) == 0)
         goto err1;
+    if (memcmp(val, TLS_MD_EXTENDED_MASTER_SECRET_CONST,
+               TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE) == 0)
+        goto err1;
     if (memcmp(val, TLS_MD_KEY_EXPANSION_CONST,
                TLS_MD_KEY_EXPANSION_CONST_SIZE) == 0)
         goto err1;
 
-    rv = tls1_PRF(ssl_get_algorithm2(s),
+    rv = tls1_PRF(s,
                   val, vallen,
                   NULL, 0,
                   NULL, 0,
                   NULL, 0,
                   NULL, 0,
                   s->session->master_key, s->session->master_key_length,
-                  out, buff, olen);
-    OPENSSL_cleanse(val, vallen);
-    OPENSSL_cleanse(buff, olen);
+                  out, olen, 0);
 
-#ifdef KSSL_DEBUG
-    fprintf(stderr, "tls1_export_keying_material() complete\n");
-#endif                          /* KSSL_DEBUG */
     goto ret;
  err1:
-    SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL,
-           SSL_R_TLS_ILLEGAL_EXPORTER_LABEL);
+    SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL);
     rv = 0;
     goto ret;
  err2:
     SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, ERR_R_MALLOC_FAILURE);
     rv = 0;
  ret:
-    if (buff != NULL)
-        OPENSSL_free(buff);
-    if (val != NULL)
-        OPENSSL_free(val);
-    return (rv);
+    OPENSSL_clear_free(val, vallen);
+    return rv;
 }
 
 int tls1_alert_code(int code)
 {
     switch (code) {
     case SSL_AD_CLOSE_NOTIFY:
-        return (SSL3_AD_CLOSE_NOTIFY);
+        return SSL3_AD_CLOSE_NOTIFY;
     case SSL_AD_UNEXPECTED_MESSAGE:
-        return (SSL3_AD_UNEXPECTED_MESSAGE);
+        return SSL3_AD_UNEXPECTED_MESSAGE;
     case SSL_AD_BAD_RECORD_MAC:
-        return (SSL3_AD_BAD_RECORD_MAC);
+        return SSL3_AD_BAD_RECORD_MAC;
     case SSL_AD_DECRYPTION_FAILED:
-        return (TLS1_AD_DECRYPTION_FAILED);
+        return TLS1_AD_DECRYPTION_FAILED;
     case SSL_AD_RECORD_OVERFLOW:
-        return (TLS1_AD_RECORD_OVERFLOW);
+        return TLS1_AD_RECORD_OVERFLOW;
     case SSL_AD_DECOMPRESSION_FAILURE:
-        return (SSL3_AD_DECOMPRESSION_FAILURE);
+        return SSL3_AD_DECOMPRESSION_FAILURE;
     case SSL_AD_HANDSHAKE_FAILURE:
-        return (SSL3_AD_HANDSHAKE_FAILURE);
+        return SSL3_AD_HANDSHAKE_FAILURE;
     case SSL_AD_NO_CERTIFICATE:
-        return (-1);
+        return -1;
     case SSL_AD_BAD_CERTIFICATE:
-        return (SSL3_AD_BAD_CERTIFICATE);
+        return SSL3_AD_BAD_CERTIFICATE;
     case SSL_AD_UNSUPPORTED_CERTIFICATE:
-        return (SSL3_AD_UNSUPPORTED_CERTIFICATE);
+        return SSL3_AD_UNSUPPORTED_CERTIFICATE;
     case SSL_AD_CERTIFICATE_REVOKED:
-        return (SSL3_AD_CERTIFICATE_REVOKED);
+        return SSL3_AD_CERTIFICATE_REVOKED;
     case SSL_AD_CERTIFICATE_EXPIRED:
-        return (SSL3_AD_CERTIFICATE_EXPIRED);
+        return SSL3_AD_CERTIFICATE_EXPIRED;
     case SSL_AD_CERTIFICATE_UNKNOWN:
-        return (SSL3_AD_CERTIFICATE_UNKNOWN);
+        return SSL3_AD_CERTIFICATE_UNKNOWN;
     case SSL_AD_ILLEGAL_PARAMETER:
-        return (SSL3_AD_ILLEGAL_PARAMETER);
+        return SSL3_AD_ILLEGAL_PARAMETER;
     case SSL_AD_UNKNOWN_CA:
-        return (TLS1_AD_UNKNOWN_CA);
+        return TLS1_AD_UNKNOWN_CA;
     case SSL_AD_ACCESS_DENIED:
-        return (TLS1_AD_ACCESS_DENIED);
+        return TLS1_AD_ACCESS_DENIED;
     case SSL_AD_DECODE_ERROR:
-        return (TLS1_AD_DECODE_ERROR);
+        return TLS1_AD_DECODE_ERROR;
     case SSL_AD_DECRYPT_ERROR:
-        return (TLS1_AD_DECRYPT_ERROR);
+        return TLS1_AD_DECRYPT_ERROR;
     case SSL_AD_EXPORT_RESTRICTION:
-        return (TLS1_AD_EXPORT_RESTRICTION);
+        return TLS1_AD_EXPORT_RESTRICTION;
     case SSL_AD_PROTOCOL_VERSION:
-        return (TLS1_AD_PROTOCOL_VERSION);
+        return TLS1_AD_PROTOCOL_VERSION;
     case SSL_AD_INSUFFICIENT_SECURITY:
-        return (TLS1_AD_INSUFFICIENT_SECURITY);
+        return TLS1_AD_INSUFFICIENT_SECURITY;
     case SSL_AD_INTERNAL_ERROR:
-        return (TLS1_AD_INTERNAL_ERROR);
+        return TLS1_AD_INTERNAL_ERROR;
     case SSL_AD_USER_CANCELLED:
-        return (TLS1_AD_USER_CANCELLED);
+        return TLS1_AD_USER_CANCELLED;
     case SSL_AD_NO_RENEGOTIATION:
-        return (TLS1_AD_NO_RENEGOTIATION);
+        return TLS1_AD_NO_RENEGOTIATION;
     case SSL_AD_UNSUPPORTED_EXTENSION:
-        return (TLS1_AD_UNSUPPORTED_EXTENSION);
+        return TLS1_AD_UNSUPPORTED_EXTENSION;
     case SSL_AD_CERTIFICATE_UNOBTAINABLE:
-        return (TLS1_AD_CERTIFICATE_UNOBTAINABLE);
+        return TLS1_AD_CERTIFICATE_UNOBTAINABLE;
     case SSL_AD_UNRECOGNIZED_NAME:
-        return (TLS1_AD_UNRECOGNIZED_NAME);
+        return TLS1_AD_UNRECOGNIZED_NAME;
     case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
-        return (TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE);
+        return TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
     case SSL_AD_BAD_CERTIFICATE_HASH_VALUE:
-        return (TLS1_AD_BAD_CERTIFICATE_HASH_VALUE);
+        return TLS1_AD_BAD_CERTIFICATE_HASH_VALUE;
     case SSL_AD_UNKNOWN_PSK_IDENTITY:
-        return (TLS1_AD_UNKNOWN_PSK_IDENTITY);
+        return TLS1_AD_UNKNOWN_PSK_IDENTITY;
     case SSL_AD_INAPPROPRIATE_FALLBACK:
-        return (TLS1_AD_INAPPROPRIATE_FALLBACK);
-#if 0
-        /* not appropriate for TLS, not used for DTLS */
-    case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE:
-        return (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
-#endif
+        return TLS1_AD_INAPPROPRIATE_FALLBACK;
+    case SSL_AD_NO_APPLICATION_PROTOCOL:
+        return TLS1_AD_NO_APPLICATION_PROTOCOL;
+    case SSL_AD_CERTIFICATE_REQUIRED:
+        return SSL_AD_HANDSHAKE_FAILURE;
     default:
-        return (-1);
+        return -1;
     }
 }
diff --git a/freebsd/crypto/openssl/ssl/t1_ext.c b/freebsd/crypto/openssl/ssl/t1_ext.c
deleted file mode 100644
index 5f616d88..00000000
--- a/freebsd/crypto/openssl/ssl/t1_ext.c
+++ /dev/null
@@ -1,319 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* ssl/t1_ext.c */
-/* ====================================================================
- * Copyright (c) 2014 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* Custom extension utility functions */
-
-#include "ssl_locl.h"
-
-#ifndef OPENSSL_NO_TLSEXT
-
-/* Find a custom extension from the list. */
-static custom_ext_method *custom_ext_find(custom_ext_methods *exts,
-                                          unsigned int ext_type)
-{
-    size_t i;
-    custom_ext_method *meth = exts->meths;
-    for (i = 0; i < exts->meths_count; i++, meth++) {
-        if (ext_type == meth->ext_type)
-            return meth;
-    }
-    return NULL;
-}
-
-/*
- * Initialise custom extensions flags to indicate neither sent nor received.
- */
-void custom_ext_init(custom_ext_methods *exts)
-{
-    size_t i;
-    custom_ext_method *meth = exts->meths;
-    for (i = 0; i < exts->meths_count; i++, meth++)
-        meth->ext_flags = 0;
-}
-
-/* Pass received custom extension data to the application for parsing. */
-int custom_ext_parse(SSL *s, int server,
-                     unsigned int ext_type,
-                     const unsigned char *ext_data, size_t ext_size, int *al)
-{
-    custom_ext_methods *exts = server ? &s->cert->srv_ext : &s->cert->cli_ext;
-    custom_ext_method *meth;
-    meth = custom_ext_find(exts, ext_type);
-    /* If not found return success */
-    if (!meth)
-        return 1;
-    if (!server) {
-        /*
-         * If it's ServerHello we can't have any extensions not sent in
-         * ClientHello.
-         */
-        if (!(meth->ext_flags & SSL_EXT_FLAG_SENT)) {
-            *al = TLS1_AD_UNSUPPORTED_EXTENSION;
-            return 0;
-        }
-    }
-    /* If already present it's a duplicate */
-    if (meth->ext_flags & SSL_EXT_FLAG_RECEIVED) {
-        *al = TLS1_AD_DECODE_ERROR;
-        return 0;
-    }
-    meth->ext_flags |= SSL_EXT_FLAG_RECEIVED;
-    /* If no parse function set return success */
-    if (!meth->parse_cb)
-        return 1;
-
-    return meth->parse_cb(s, ext_type, ext_data, ext_size, al,
-                          meth->parse_arg);
-}
-
-/*
- * Request custom extension data from the application and add to the return
- * buffer.
- */
-int custom_ext_add(SSL *s, int server,
-                   unsigned char **pret, unsigned char *limit, int *al)
-{
-    custom_ext_methods *exts = server ? &s->cert->srv_ext : &s->cert->cli_ext;
-    custom_ext_method *meth;
-    unsigned char *ret = *pret;
-    size_t i;
-
-    for (i = 0; i < exts->meths_count; i++) {
-        const unsigned char *out = NULL;
-        size_t outlen = 0;
-        meth = exts->meths + i;
-
-        if (server) {
-            /*
-             * For ServerHello only send extensions present in ClientHello.
-             */
-            if (!(meth->ext_flags & SSL_EXT_FLAG_RECEIVED))
-                continue;
-            /* If callback absent for server skip it */
-            if (!meth->add_cb)
-                continue;
-        }
-        if (meth->add_cb) {
-            int cb_retval = 0;
-            cb_retval = meth->add_cb(s, meth->ext_type,
-                                     &out, &outlen, al, meth->add_arg);
-            if (cb_retval < 0)
-                return 0;       /* error */
-            if (cb_retval == 0)
-                continue;       /* skip this extension */
-        }
-        if (4 > limit - ret || outlen > (size_t)(limit - ret - 4))
-            return 0;
-        s2n(meth->ext_type, ret);
-        s2n(outlen, ret);
-        if (outlen) {
-            memcpy(ret, out, outlen);
-            ret += outlen;
-        }
-        /*
-         * We can't send duplicates: code logic should prevent this.
-         */
-        OPENSSL_assert(!(meth->ext_flags & SSL_EXT_FLAG_SENT));
-        /*
-         * Indicate extension has been sent: this is both a sanity check to
-         * ensure we don't send duplicate extensions and indicates that it is
-         * not an error if the extension is present in ServerHello.
-         */
-        meth->ext_flags |= SSL_EXT_FLAG_SENT;
-        if (meth->free_cb)
-            meth->free_cb(s, meth->ext_type, out, meth->add_arg);
-    }
-    *pret = ret;
-    return 1;
-}
-
-/* Copy the flags from src to dst for any extensions that exist in both */
-int custom_exts_copy_flags(custom_ext_methods *dst,
-                           const custom_ext_methods *src)
-{
-    size_t i;
-    custom_ext_method *methsrc = src->meths;
-
-    for (i = 0; i < src->meths_count; i++, methsrc++) {
-        custom_ext_method *methdst = custom_ext_find(dst, methsrc->ext_type);
-
-        if (methdst == NULL)
-            continue;
-
-        methdst->ext_flags = methsrc->ext_flags;
-    }
-
-    return 1;
-}
-
-/* Copy table of custom extensions */
-int custom_exts_copy(custom_ext_methods *dst, const custom_ext_methods *src)
-{
-    if (src->meths_count) {
-        dst->meths =
-            BUF_memdup(src->meths,
-                       sizeof(custom_ext_method) * src->meths_count);
-        if (dst->meths == NULL)
-            return 0;
-        dst->meths_count = src->meths_count;
-    }
-    return 1;
-}
-
-void custom_exts_free(custom_ext_methods *exts)
-{
-    if (exts->meths)
-        OPENSSL_free(exts->meths);
-}
-
-/* Set callbacks for a custom extension. */
-static int custom_ext_meth_add(custom_ext_methods *exts,
-                               unsigned int ext_type,
-                               custom_ext_add_cb add_cb,
-                               custom_ext_free_cb free_cb,
-                               void *add_arg,
-                               custom_ext_parse_cb parse_cb, void *parse_arg)
-{
-    custom_ext_method *meth;
-    /*
-     * Check application error: if add_cb is not set free_cb will never be
-     * called.
-     */
-    if (!add_cb && free_cb)
-        return 0;
-    /* Don't add if extension supported internally. */
-    if (SSL_extension_supported(ext_type))
-        return 0;
-    /* Extension type must fit in 16 bits */
-    if (ext_type > 0xffff)
-        return 0;
-    /* Search for duplicate */
-    if (custom_ext_find(exts, ext_type))
-        return 0;
-    meth = OPENSSL_realloc(exts->meths,
-                           (exts->meths_count + 1)
-                           * sizeof(custom_ext_method));
-    if (meth == NULL)
-        return 0;
-
-    exts->meths = meth;
-    meth += exts->meths_count;
-    memset(meth, 0, sizeof(custom_ext_method));
-    meth->parse_cb = parse_cb;
-    meth->add_cb = add_cb;
-    meth->free_cb = free_cb;
-    meth->ext_type = ext_type;
-    meth->add_arg = add_arg;
-    meth->parse_arg = parse_arg;
-    exts->meths_count++;
-    return 1;
-}
-
-/* Application level functions to add custom extension callbacks */
-int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
-                                  custom_ext_add_cb add_cb,
-                                  custom_ext_free_cb free_cb,
-                                  void *add_arg,
-                                  custom_ext_parse_cb parse_cb,
-                                  void *parse_arg)
-{
-    return custom_ext_meth_add(&ctx->cert->cli_ext, ext_type,
-                               add_cb, free_cb, add_arg, parse_cb, parse_arg);
-}
-
-int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
-                                  custom_ext_add_cb add_cb,
-                                  custom_ext_free_cb free_cb,
-                                  void *add_arg,
-                                  custom_ext_parse_cb parse_cb,
-                                  void *parse_arg)
-{
-    return custom_ext_meth_add(&ctx->cert->srv_ext, ext_type,
-                               add_cb, free_cb, add_arg, parse_cb, parse_arg);
-}
-
-int SSL_extension_supported(unsigned int ext_type)
-{
-    switch (ext_type) {
-        /* Internally supported extensions. */
-    case TLSEXT_TYPE_application_layer_protocol_negotiation:
-    case TLSEXT_TYPE_ec_point_formats:
-    case TLSEXT_TYPE_elliptic_curves:
-    case TLSEXT_TYPE_heartbeat:
-# ifndef OPENSSL_NO_NEXTPROTONEG
-    case TLSEXT_TYPE_next_proto_neg:
-# endif
-    case TLSEXT_TYPE_padding:
-    case TLSEXT_TYPE_renegotiate:
-    case TLSEXT_TYPE_server_name:
-    case TLSEXT_TYPE_session_ticket:
-    case TLSEXT_TYPE_signature_algorithms:
-    case TLSEXT_TYPE_srp:
-    case TLSEXT_TYPE_status_request:
-    case TLSEXT_TYPE_use_srtp:
-# ifdef TLSEXT_TYPE_opaque_prf_input
-    case TLSEXT_TYPE_opaque_prf_input:
-# endif
-# ifdef TLSEXT_TYPE_encrypt_then_mac
-    case TLSEXT_TYPE_encrypt_then_mac:
-# endif
-        return 1;
-    default:
-        return 0;
-    }
-}
-#endif
diff --git a/freebsd/crypto/openssl/ssl/t1_lib.c b/freebsd/crypto/openssl/ssl/t1_lib.c
index 6af6c5a9..923b501f 100644
--- a/freebsd/crypto/openssl/ssl/t1_lib.c
+++ b/freebsd/crypto/openssl/ssl/t1_lib.c
@@ -1,197 +1,94 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* ssl/t1_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2018 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
+#include <stdlib.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
-#ifndef OPENSSL_NO_EC
-#ifdef OPENSSL_NO_EC2M
-# include <openssl/ec.h>
-#endif
-#endif
 #include <openssl/ocsp.h>
-#include <openssl/rand.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+#include <openssl/dh.h>
+#include <openssl/bn.h>
+#include "internal/nelem.h"
 #include "ssl_locl.h"
+#include <openssl/ct.h>
 
-const char tls1_version_str[] = "TLSv1" OPENSSL_VERSION_PTEXT;
-
-#ifndef OPENSSL_NO_TLSEXT
-static int tls_decrypt_ticket(SSL *s, const unsigned char *tick, int ticklen,
-                              const unsigned char *sess_id, int sesslen,
-                              SSL_SESSION **psess);
-static int ssl_check_clienthello_tlsext_early(SSL *s);
-int ssl_check_serverhello_tlsext(SSL *s);
-#endif
-
-#define CHECKLEN(curr, val, limit) \
-    (((curr) >= (limit)) || (size_t)((limit) - (curr)) < (size_t)(val))
-
-SSL3_ENC_METHOD TLSv1_enc_data = {
+SSL3_ENC_METHOD const TLSv1_enc_data = {
     tls1_enc,
     tls1_mac,
     tls1_setup_key_block,
     tls1_generate_master_secret,
     tls1_change_cipher_state,
     tls1_final_finish_mac,
-    TLS1_FINISH_MAC_LENGTH,
-    tls1_cert_verify_mac,
     TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
     TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
     tls1_alert_code,
     tls1_export_keying_material,
     0,
-    SSL3_HM_HEADER_LENGTH,
     ssl3_set_handshake_header,
+    tls_close_construct_packet,
     ssl3_handshake_write
 };
 
-SSL3_ENC_METHOD TLSv1_1_enc_data = {
+SSL3_ENC_METHOD const TLSv1_1_enc_data = {
     tls1_enc,
     tls1_mac,
     tls1_setup_key_block,
     tls1_generate_master_secret,
     tls1_change_cipher_state,
     tls1_final_finish_mac,
-    TLS1_FINISH_MAC_LENGTH,
-    tls1_cert_verify_mac,
     TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
     TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
     tls1_alert_code,
     tls1_export_keying_material,
     SSL_ENC_FLAG_EXPLICIT_IV,
-    SSL3_HM_HEADER_LENGTH,
     ssl3_set_handshake_header,
+    tls_close_construct_packet,
     ssl3_handshake_write
 };
 
-SSL3_ENC_METHOD TLSv1_2_enc_data = {
+SSL3_ENC_METHOD const TLSv1_2_enc_data = {
     tls1_enc,
     tls1_mac,
     tls1_setup_key_block,
     tls1_generate_master_secret,
     tls1_change_cipher_state,
     tls1_final_finish_mac,
-    TLS1_FINISH_MAC_LENGTH,
-    tls1_cert_verify_mac,
     TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
     TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
     tls1_alert_code,
     tls1_export_keying_material,
     SSL_ENC_FLAG_EXPLICIT_IV | SSL_ENC_FLAG_SIGALGS | SSL_ENC_FLAG_SHA256_PRF
         | SSL_ENC_FLAG_TLS1_2_CIPHERS,
-    SSL3_HM_HEADER_LENGTH,
     ssl3_set_handshake_header,
+    tls_close_construct_packet,
+    ssl3_handshake_write
+};
+
+SSL3_ENC_METHOD const TLSv1_3_enc_data = {
+    tls13_enc,
+    tls1_mac,
+    tls13_setup_key_block,
+    tls13_generate_master_secret,
+    tls13_change_cipher_state,
+    tls13_final_finish_mac,
+    TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
+    TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
+    tls13_alert_code,
+    tls13_export_keying_material,
+    SSL_ENC_FLAG_SIGALGS | SSL_ENC_FLAG_SHA256_PRF,
+    ssl3_set_handshake_header,
+    tls_close_construct_packet,
     ssl3_handshake_write
 };
 
@@ -207,58 +104,70 @@ long tls1_default_timeout(void)
 int tls1_new(SSL *s)
 {
     if (!ssl3_new(s))
-        return (0);
-    s->method->ssl_clear(s);
-    return (1);
+        return 0;
+    if (!s->method->ssl_clear(s))
+        return 0;
+
+    return 1;
 }
 
 void tls1_free(SSL *s)
 {
-#ifndef OPENSSL_NO_TLSEXT
-    if (s->tlsext_session_ticket) {
-        OPENSSL_free(s->tlsext_session_ticket);
-    }
-#endif                          /* OPENSSL_NO_TLSEXT */
+    OPENSSL_free(s->ext.session_ticket);
     ssl3_free(s);
 }
 
-void tls1_clear(SSL *s)
+int tls1_clear(SSL *s)
 {
-    ssl3_clear(s);
-    s->version = s->method->version;
+    if (!ssl3_clear(s))
+        return 0;
+
+    if (s->method->version == TLS_ANY_VERSION)
+        s->version = TLS_MAX_VERSION;
+    else
+        s->version = s->method->version;
+
+    return 1;
 }
 
 #ifndef OPENSSL_NO_EC
 
-static int nid_list[] = {
-    NID_sect163k1,              /* sect163k1 (1) */
-    NID_sect163r1,              /* sect163r1 (2) */
-    NID_sect163r2,              /* sect163r2 (3) */
-    NID_sect193r1,              /* sect193r1 (4) */
-    NID_sect193r2,              /* sect193r2 (5) */
-    NID_sect233k1,              /* sect233k1 (6) */
-    NID_sect233r1,              /* sect233r1 (7) */
-    NID_sect239k1,              /* sect239k1 (8) */
-    NID_sect283k1,              /* sect283k1 (9) */
-    NID_sect283r1,              /* sect283r1 (10) */
-    NID_sect409k1,              /* sect409k1 (11) */
-    NID_sect409r1,              /* sect409r1 (12) */
-    NID_sect571k1,              /* sect571k1 (13) */
-    NID_sect571r1,              /* sect571r1 (14) */
-    NID_secp160k1,              /* secp160k1 (15) */
-    NID_secp160r1,              /* secp160r1 (16) */
-    NID_secp160r2,              /* secp160r2 (17) */
-    NID_secp192k1,              /* secp192k1 (18) */
-    NID_X9_62_prime192v1,       /* secp192r1 (19) */
-    NID_secp224k1,              /* secp224k1 (20) */
-    NID_secp224r1,              /* secp224r1 (21) */
-    NID_secp256k1,              /* secp256k1 (22) */
-    NID_X9_62_prime256v1,       /* secp256r1 (23) */
-    NID_secp384r1,              /* secp384r1 (24) */
-    NID_secp521r1,              /* secp521r1 (25) */
-    NID_brainpoolP256r1,        /* brainpoolP256r1 (26) */
-    NID_brainpoolP384r1,        /* brainpoolP384r1 (27) */
-    NID_brainpoolP512r1         /* brainpool512r1 (28) */
+/*
+ * Table of curve information.
+ * Do not delete entries or reorder this array! It is used as a lookup
+ * table: the index of each entry is one less than the TLS curve id.
+ */
+static const TLS_GROUP_INFO nid_list[] = {
+    {NID_sect163k1, 80, TLS_CURVE_CHAR2}, /* sect163k1 (1) */
+    {NID_sect163r1, 80, TLS_CURVE_CHAR2}, /* sect163r1 (2) */
+    {NID_sect163r2, 80, TLS_CURVE_CHAR2}, /* sect163r2 (3) */
+    {NID_sect193r1, 80, TLS_CURVE_CHAR2}, /* sect193r1 (4) */
+    {NID_sect193r2, 80, TLS_CURVE_CHAR2}, /* sect193r2 (5) */
+    {NID_sect233k1, 112, TLS_CURVE_CHAR2}, /* sect233k1 (6) */
+    {NID_sect233r1, 112, TLS_CURVE_CHAR2}, /* sect233r1 (7) */
+    {NID_sect239k1, 112, TLS_CURVE_CHAR2}, /* sect239k1 (8) */
+    {NID_sect283k1, 128, TLS_CURVE_CHAR2}, /* sect283k1 (9) */
+    {NID_sect283r1, 128, TLS_CURVE_CHAR2}, /* sect283r1 (10) */
+    {NID_sect409k1, 192, TLS_CURVE_CHAR2}, /* sect409k1 (11) */
+    {NID_sect409r1, 192, TLS_CURVE_CHAR2}, /* sect409r1 (12) */
+    {NID_sect571k1, 256, TLS_CURVE_CHAR2}, /* sect571k1 (13) */
+    {NID_sect571r1, 256, TLS_CURVE_CHAR2}, /* sect571r1 (14) */
+    {NID_secp160k1, 80, TLS_CURVE_PRIME}, /* secp160k1 (15) */
+    {NID_secp160r1, 80, TLS_CURVE_PRIME}, /* secp160r1 (16) */
+    {NID_secp160r2, 80, TLS_CURVE_PRIME}, /* secp160r2 (17) */
+    {NID_secp192k1, 80, TLS_CURVE_PRIME}, /* secp192k1 (18) */
+    {NID_X9_62_prime192v1, 80, TLS_CURVE_PRIME}, /* secp192r1 (19) */
+    {NID_secp224k1, 112, TLS_CURVE_PRIME}, /* secp224k1 (20) */
+    {NID_secp224r1, 112, TLS_CURVE_PRIME}, /* secp224r1 (21) */
+    {NID_secp256k1, 128, TLS_CURVE_PRIME}, /* secp256k1 (22) */
+    {NID_X9_62_prime256v1, 128, TLS_CURVE_PRIME}, /* secp256r1 (23) */
+    {NID_secp384r1, 192, TLS_CURVE_PRIME}, /* secp384r1 (24) */
+    {NID_secp521r1, 256, TLS_CURVE_PRIME}, /* secp521r1 (25) */
+    {NID_brainpoolP256r1, 128, TLS_CURVE_PRIME}, /* brainpoolP256r1 (26) */
+    {NID_brainpoolP384r1, 192, TLS_CURVE_PRIME}, /* brainpoolP384r1 (27) */
+    {NID_brainpoolP512r1, 256, TLS_CURVE_PRIME}, /* brainpool512r1 (28) */
+    {EVP_PKEY_X25519, 128, TLS_CURVE_CUSTOM}, /* X25519 (29) */
+    {EVP_PKEY_X448, 224, TLS_CURVE_CUSTOM}, /* X448 (30) */
 };
 
 static const unsigned char ecformats_default[] = {
@@ -267,307 +176,118 @@ static const unsigned char ecformats_default[] = {
     TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2
 };
 
-/* The client's default curves / the server's 'auto' curves. */
-static const unsigned char eccurves_auto[] = {
-    /* Prefer P-256 which has the fastest and most secure implementations. */
-    0, 23,                      /* secp256r1 (23) */
-    /* Other >= 256-bit prime curves. */
-    0, 25,                      /* secp521r1 (25) */
-    0, 28,                      /* brainpool512r1 (28) */
-    0, 27,                      /* brainpoolP384r1 (27) */
-    0, 24,                      /* secp384r1 (24) */
-    0, 26,                      /* brainpoolP256r1 (26) */
-    0, 22,                      /* secp256k1 (22) */
-# ifndef OPENSSL_NO_EC2M
-    /* >= 256-bit binary curves. */
-    0, 14,                      /* sect571r1 (14) */
-    0, 13,                      /* sect571k1 (13) */
-    0, 11,                      /* sect409k1 (11) */
-    0, 12,                      /* sect409r1 (12) */
-    0, 9,                       /* sect283k1 (9) */
-    0, 10,                      /* sect283r1 (10) */
-# endif
-};
-
-static const unsigned char eccurves_all[] = {
-    /* Prefer P-256 which has the fastest and most secure implementations. */
-    0, 23,                      /* secp256r1 (23) */
-    /* Other >= 256-bit prime curves. */
-    0, 25,                      /* secp521r1 (25) */
-    0, 28,                      /* brainpool512r1 (28) */
-    0, 27,                      /* brainpoolP384r1 (27) */
-    0, 24,                      /* secp384r1 (24) */
-    0, 26,                      /* brainpoolP256r1 (26) */
-    0, 22,                      /* secp256k1 (22) */
-# ifndef OPENSSL_NO_EC2M
-    /* >= 256-bit binary curves. */
-    0, 14,                      /* sect571r1 (14) */
-    0, 13,                      /* sect571k1 (13) */
-    0, 11,                      /* sect409k1 (11) */
-    0, 12,                      /* sect409r1 (12) */
-    0, 9,                       /* sect283k1 (9) */
-    0, 10,                      /* sect283r1 (10) */
-# endif
-    /*
-     * Remaining curves disabled by default but still permitted if set
-     * via an explicit callback or parameters.
-     */
-    0, 20,                      /* secp224k1 (20) */
-    0, 21,                      /* secp224r1 (21) */
-    0, 18,                      /* secp192k1 (18) */
-    0, 19,                      /* secp192r1 (19) */
-    0, 15,                      /* secp160k1 (15) */
-    0, 16,                      /* secp160r1 (16) */
-    0, 17,                      /* secp160r2 (17) */
-# ifndef OPENSSL_NO_EC2M
-    0, 8,                       /* sect239k1 (8) */
-    0, 6,                       /* sect233k1 (6) */
-    0, 7,                       /* sect233r1 (7) */
-    0, 4,                       /* sect193r1 (4) */
-    0, 5,                       /* sect193r2 (5) */
-    0, 1,                       /* sect163k1 (1) */
-    0, 2,                       /* sect163r1 (2) */
-    0, 3,                       /* sect163r2 (3) */
-# endif
-};
-
-static const unsigned char suiteb_curves[] = {
-    0, TLSEXT_curve_P_256,
-    0, TLSEXT_curve_P_384
+/* The default curves */
+static const uint16_t eccurves_default[] = {
+    29,                      /* X25519 (29) */
+    23,                      /* secp256r1 (23) */
+    30,                      /* X448 (30) */
+    25,                      /* secp521r1 (25) */
+    24,                      /* secp384r1 (24) */
 };
 
-# ifdef OPENSSL_FIPS
-/* Brainpool not allowed in FIPS mode */
-static const unsigned char fips_curves_default[] = {
-#  ifndef OPENSSL_NO_EC2M
-    0, 14,                      /* sect571r1 (14) */
-    0, 13,                      /* sect571k1 (13) */
-#  endif
-    0, 25,                      /* secp521r1 (25) */
-#  ifndef OPENSSL_NO_EC2M
-    0, 11,                      /* sect409k1 (11) */
-    0, 12,                      /* sect409r1 (12) */
-#  endif
-    0, 24,                      /* secp384r1 (24) */
-#  ifndef OPENSSL_NO_EC2M
-    0, 9,                       /* sect283k1 (9) */
-    0, 10,                      /* sect283r1 (10) */
-#  endif
-    0, 22,                      /* secp256k1 (22) */
-    0, 23,                      /* secp256r1 (23) */
-#  ifndef OPENSSL_NO_EC2M
-    0, 8,                       /* sect239k1 (8) */
-    0, 6,                       /* sect233k1 (6) */
-    0, 7,                       /* sect233r1 (7) */
-#  endif
-    0, 20,                      /* secp224k1 (20) */
-    0, 21,                      /* secp224r1 (21) */
-#  ifndef OPENSSL_NO_EC2M
-    0, 4,                       /* sect193r1 (4) */
-    0, 5,                       /* sect193r2 (5) */
-#  endif
-    0, 18,                      /* secp192k1 (18) */
-    0, 19,                      /* secp192r1 (19) */
-#  ifndef OPENSSL_NO_EC2M
-    0, 1,                       /* sect163k1 (1) */
-    0, 2,                       /* sect163r1 (2) */
-    0, 3,                       /* sect163r2 (3) */
-#  endif
-    0, 15,                      /* secp160k1 (15) */
-    0, 16,                      /* secp160r1 (16) */
-    0, 17,                      /* secp160r2 (17) */
+static const uint16_t suiteb_curves[] = {
+    TLSEXT_curve_P_256,
+    TLSEXT_curve_P_384
 };
-# endif
 
-int tls1_ec_curve_id2nid(int curve_id)
+const TLS_GROUP_INFO *tls1_group_id_lookup(uint16_t group_id)
 {
     /* ECC curves from RFC 4492 and RFC 7027 */
-    if ((curve_id < 1) || ((unsigned int)curve_id >
-                           sizeof(nid_list) / sizeof(nid_list[0])))
-        return 0;
-    return nid_list[curve_id - 1];
+    if (group_id < 1 || group_id > OSSL_NELEM(nid_list))
+        return NULL;
+    return &nid_list[group_id - 1];
 }
 
-int tls1_ec_nid2curve_id(int nid)
+static uint16_t tls1_nid2group_id(int nid)
 {
-    /* ECC curves from RFC 4492 and RFC 7027 */
-    switch (nid) {
-    case NID_sect163k1:        /* sect163k1 (1) */
-        return 1;
-    case NID_sect163r1:        /* sect163r1 (2) */
-        return 2;
-    case NID_sect163r2:        /* sect163r2 (3) */
-        return 3;
-    case NID_sect193r1:        /* sect193r1 (4) */
-        return 4;
-    case NID_sect193r2:        /* sect193r2 (5) */
-        return 5;
-    case NID_sect233k1:        /* sect233k1 (6) */
-        return 6;
-    case NID_sect233r1:        /* sect233r1 (7) */
-        return 7;
-    case NID_sect239k1:        /* sect239k1 (8) */
-        return 8;
-    case NID_sect283k1:        /* sect283k1 (9) */
-        return 9;
-    case NID_sect283r1:        /* sect283r1 (10) */
-        return 10;
-    case NID_sect409k1:        /* sect409k1 (11) */
-        return 11;
-    case NID_sect409r1:        /* sect409r1 (12) */
-        return 12;
-    case NID_sect571k1:        /* sect571k1 (13) */
-        return 13;
-    case NID_sect571r1:        /* sect571r1 (14) */
-        return 14;
-    case NID_secp160k1:        /* secp160k1 (15) */
-        return 15;
-    case NID_secp160r1:        /* secp160r1 (16) */
-        return 16;
-    case NID_secp160r2:        /* secp160r2 (17) */
-        return 17;
-    case NID_secp192k1:        /* secp192k1 (18) */
-        return 18;
-    case NID_X9_62_prime192v1: /* secp192r1 (19) */
-        return 19;
-    case NID_secp224k1:        /* secp224k1 (20) */
-        return 20;
-    case NID_secp224r1:        /* secp224r1 (21) */
-        return 21;
-    case NID_secp256k1:        /* secp256k1 (22) */
-        return 22;
-    case NID_X9_62_prime256v1: /* secp256r1 (23) */
-        return 23;
-    case NID_secp384r1:        /* secp384r1 (24) */
-        return 24;
-    case NID_secp521r1:        /* secp521r1 (25) */
-        return 25;
-    case NID_brainpoolP256r1:  /* brainpoolP256r1 (26) */
-        return 26;
-    case NID_brainpoolP384r1:  /* brainpoolP384r1 (27) */
-        return 27;
-    case NID_brainpoolP512r1:  /* brainpool512r1 (28) */
-        return 28;
-    default:
-        return 0;
+    size_t i;
+    for (i = 0; i < OSSL_NELEM(nid_list); i++) {
+        if (nid_list[i].nid == nid)
+            return (uint16_t)(i + 1);
     }
+    return 0;
 }
 
 /*
- * Get curves list, if "sess" is set return client curves otherwise
- * preferred list.
- * Sets |num_curves| to the number of curves in the list, i.e.,
- * the length of |pcurves| is 2 * num_curves.
- * Returns 1 on success and 0 if the client curves list has invalid format.
- * The latter indicates an internal error: we should not be accepting such
- * lists in the first place.
- * TODO(emilia): we should really be storing the curves list in explicitly
- * parsed form instead. (However, this would affect binary compatibility
- * so cannot happen in the 1.0.x series.)
+ * Set *pgroups to the supported groups list and *pgroupslen to
+ * the number of groups supported.
  */
-static int tls1_get_curvelist(SSL *s, int sess,
-                              const unsigned char **pcurves,
-                              size_t *num_curves)
+void tls1_get_supported_groups(SSL *s, const uint16_t **pgroups,
+                               size_t *pgroupslen)
 {
-    size_t pcurveslen = 0;
-    if (sess) {
-        *pcurves = s->session->tlsext_ellipticcurvelist;
-        pcurveslen = s->session->tlsext_ellipticcurvelist_length;
-    } else {
-        /* For Suite B mode only include P-256, P-384 */
-        switch (tls1_suiteb(s)) {
-        case SSL_CERT_FLAG_SUITEB_128_LOS:
-            *pcurves = suiteb_curves;
-            pcurveslen = sizeof(suiteb_curves);
-            break;
 
-        case SSL_CERT_FLAG_SUITEB_128_LOS_ONLY:
-            *pcurves = suiteb_curves;
-            pcurveslen = 2;
-            break;
+    /* For Suite B mode only include P-256, P-384 */
+    switch (tls1_suiteb(s)) {
+    case SSL_CERT_FLAG_SUITEB_128_LOS:
+        *pgroups = suiteb_curves;
+        *pgroupslen = OSSL_NELEM(suiteb_curves);
+        break;
 
-        case SSL_CERT_FLAG_SUITEB_192_LOS:
-            *pcurves = suiteb_curves + 2;
-            pcurveslen = 2;
-            break;
-        default:
-            *pcurves = s->tlsext_ellipticcurvelist;
-            pcurveslen = s->tlsext_ellipticcurvelist_length;
-        }
-        if (!*pcurves) {
-# ifdef OPENSSL_FIPS
-            if (FIPS_mode()) {
-                *pcurves = fips_curves_default;
-                pcurveslen = sizeof(fips_curves_default);
-            } else
-# endif
-            {
-                if (!s->server || s->cert->ecdh_tmp_auto) {
-                    *pcurves = eccurves_auto;
-                    pcurveslen = sizeof(eccurves_auto);
-                } else {
-                    *pcurves = eccurves_all;
-                    pcurveslen = sizeof(eccurves_all);
-                }
-            }
+    case SSL_CERT_FLAG_SUITEB_128_LOS_ONLY:
+        *pgroups = suiteb_curves;
+        *pgroupslen = 1;
+        break;
+
+    case SSL_CERT_FLAG_SUITEB_192_LOS:
+        *pgroups = suiteb_curves + 1;
+        *pgroupslen = 1;
+        break;
+
+    default:
+        if (s->ext.supportedgroups == NULL) {
+            *pgroups = eccurves_default;
+            *pgroupslen = OSSL_NELEM(eccurves_default);
+        } else {
+            *pgroups = s->ext.supportedgroups;
+            *pgroupslen = s->ext.supportedgroups_len;
         }
-    }
-    /* We do not allow odd length arrays to enter the system. */
-    if (pcurveslen & 1) {
-        SSLerr(SSL_F_TLS1_GET_CURVELIST, ERR_R_INTERNAL_ERROR);
-        *num_curves = 0;
-        return 0;
-    } else {
-        *num_curves = pcurveslen / 2;
-        return 1;
+        break;
     }
 }
 
-/* Check a curve is one of our preferences */
-int tls1_check_curve(SSL *s, const unsigned char *p, size_t len)
+/* See if curve is allowed by security callback */
+int tls_curve_allowed(SSL *s, uint16_t curve, int op)
 {
-    const unsigned char *curves;
-    size_t num_curves, i;
-    unsigned int suiteb_flags = tls1_suiteb(s);
-    if (len != 3 || p[0] != NAMED_CURVE_TYPE)
+    const TLS_GROUP_INFO *cinfo = tls1_group_id_lookup(curve);
+    unsigned char ctmp[2];
+
+    if (cinfo == NULL)
         return 0;
-    /* Check curve matches Suite B preferences */
-    if (suiteb_flags) {
-        unsigned long cid = s->s3->tmp.new_cipher->id;
-        if (p[1])
-            return 0;
-        if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) {
-            if (p[2] != TLSEXT_curve_P_256)
-                return 0;
-        } else if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) {
-            if (p[2] != TLSEXT_curve_P_384)
-                return 0;
-        } else                  /* Should never happen */
-            return 0;
-    }
-    if (!tls1_get_curvelist(s, 0, &curves, &num_curves))
+# ifdef OPENSSL_NO_EC2M
+    if (cinfo->flags & TLS_CURVE_CHAR2)
         return 0;
-    for (i = 0; i < num_curves; i++, curves += 2) {
-        if (p[1] == curves[0] && p[2] == curves[1])
+# endif
+    ctmp[0] = curve >> 8;
+    ctmp[1] = curve & 0xff;
+    return ssl_security(s, op, cinfo->secbits, cinfo->nid, (void *)ctmp);
+}
+
+/* Return 1 if "id" is in "list" */
+static int tls1_in_list(uint16_t id, const uint16_t *list, size_t listlen)
+{
+    size_t i;
+    for (i = 0; i < listlen; i++)
+        if (list[i] == id)
             return 1;
-    }
     return 0;
 }
 
 /*-
- * Return |nmatch|th shared curve or NID_undef if there is no match.
- * For nmatch == -1, return number of  matches
- * For nmatch == -2, return the NID of the curve to use for
- * an EC tmp key, or NID_undef if there is no match.
+ * For nmatch >= 0, return the id of the |nmatch|th shared group or 0
+ * if there is no match.
+ * For nmatch == -1, return number of matches
+ * For nmatch == -2, return the id of the group to use for
+ * a tmp key, or 0 if there is no match.
  */
-int tls1_shared_curve(SSL *s, int nmatch)
+uint16_t tls1_shared_group(SSL *s, int nmatch)
 {
-    const unsigned char *pref, *supp;
-    size_t num_pref, num_supp, i, j;
+    const uint16_t *pref, *supp;
+    size_t num_pref, num_supp, i;
     int k;
+
     /* Can't do anything on client side */
     if (s->server == 0)
-        return -1;
+        return 0;
     if (nmatch == -2) {
         if (tls1_suiteb(s)) {
             /*
@@ -575,117 +295,80 @@ int tls1_shared_curve(SSL *s, int nmatch)
              * these are acceptable due to previous checks.
              */
             unsigned long cid = s->s3->tmp.new_cipher->id;
+
             if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
-                return NID_X9_62_prime256v1; /* P-256 */
+                return TLSEXT_curve_P_256;
             if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384)
-                return NID_secp384r1; /* P-384 */
+                return TLSEXT_curve_P_384;
             /* Should never happen */
-            return NID_undef;
+            return 0;
         }
         /* If not Suite B just return first preference shared curve */
         nmatch = 0;
     }
     /*
-     * Avoid truncation. tls1_get_curvelist takes an int
-     * but s->options is a long...
-     */
-    if (!tls1_get_curvelist
-        (s, (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) != 0, &supp,
-         &num_supp))
-        /* In practice, NID_undef == 0 but let's be precise. */
-        return nmatch == -1 ? 0 : NID_undef;
-    if (!tls1_get_curvelist
-        (s, !(s->options & SSL_OP_CIPHER_SERVER_PREFERENCE), &pref,
-         &num_pref))
-        return nmatch == -1 ? 0 : NID_undef;
-
-    /*
-     * If the client didn't send the elliptic_curves extension all of them
-     * are allowed.
+     * If server preference set, our groups are the preference order
+     * otherwise peer decides.
      */
-    if (num_supp == 0 && (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) != 0) {
-        supp = eccurves_all;
-        num_supp = sizeof(eccurves_all) / 2;
-    } else if (num_pref == 0 &&
-        (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) == 0) {
-        pref = eccurves_all;
-        num_pref = sizeof(eccurves_all) / 2;
+    if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
+        tls1_get_supported_groups(s, &pref, &num_pref);
+        tls1_get_peer_groups(s, &supp, &num_supp);
+    } else {
+        tls1_get_peer_groups(s, &pref, &num_pref);
+        tls1_get_supported_groups(s, &supp, &num_supp);
     }
 
-    k = 0;
-    for (i = 0; i < num_pref; i++, pref += 2) {
-        const unsigned char *tsupp = supp;
-        for (j = 0; j < num_supp; j++, tsupp += 2) {
-            if (pref[0] == tsupp[0] && pref[1] == tsupp[1]) {
-                if (nmatch == k) {
-                    int id = (pref[0] << 8) | pref[1];
-                    return tls1_ec_curve_id2nid(id);
-                }
-                k++;
-            }
-        }
+    for (k = 0, i = 0; i < num_pref; i++) {
+        uint16_t id = pref[i];
+
+        if (!tls1_in_list(id, supp, num_supp)
+            || !tls_curve_allowed(s, id, SSL_SECOP_CURVE_SHARED))
+                    continue;
+        if (nmatch == k)
+            return id;
+         k++;
     }
     if (nmatch == -1)
         return k;
     /* Out of range (nmatch > k). */
-    return NID_undef;
+    return 0;
 }
 
-int tls1_set_curves(unsigned char **pext, size_t *pextlen,
-                    int *curves, size_t ncurves)
+int tls1_set_groups(uint16_t **pext, size_t *pextlen,
+                    int *groups, size_t ngroups)
 {
-    unsigned char *clist, *p;
+    uint16_t *glist;
     size_t i;
     /*
-     * Bitmap of curves included to detect duplicates: only works while curve
+     * Bitmap of groups included to detect duplicates: only works while group
      * ids < 32
      */
     unsigned long dup_list = 0;
-# ifdef OPENSSL_NO_EC2M
-    EC_GROUP *curve;
-# endif
 
-    clist = OPENSSL_malloc(ncurves * 2);
-    if (!clist)
+    if ((glist = OPENSSL_malloc(ngroups * sizeof(*glist))) == NULL) {
+        SSLerr(SSL_F_TLS1_SET_GROUPS, ERR_R_MALLOC_FAILURE);
         return 0;
-    for (i = 0, p = clist; i < ncurves; i++) {
+    }
+    for (i = 0; i < ngroups; i++) {
         unsigned long idmask;
-        int id;
-        id = tls1_ec_nid2curve_id(curves[i]);
-# ifdef OPENSSL_FIPS
-        /* NB: 25 is last curve ID supported by FIPS module */
-        if (FIPS_mode() && id > 25) {
-            OPENSSL_free(clist);
-            return 0;
-        }
-# endif
-# ifdef OPENSSL_NO_EC2M
-        curve = EC_GROUP_new_by_curve_name(curves[i]);
-        if (!curve || EC_METHOD_get_field_type(EC_GROUP_method_of(curve))
-            == NID_X9_62_characteristic_two_field) {
-            if (curve)
-                EC_GROUP_free(curve);
-            OPENSSL_free(clist);
-            return 0;
-        } else
-            EC_GROUP_free(curve);
-# endif
+        uint16_t id;
+        /* TODO(TLS1.3): Convert for DH groups */
+        id = tls1_nid2group_id(groups[i]);
         idmask = 1L << id;
         if (!id || (dup_list & idmask)) {
-            OPENSSL_free(clist);
+            OPENSSL_free(glist);
             return 0;
         }
         dup_list |= idmask;
-        s2n(id, p);
+        glist[i] = id;
     }
-    if (*pext)
-        OPENSSL_free(*pext);
-    *pext = clist;
-    *pextlen = ncurves * 2;
+    OPENSSL_free(*pext);
+    *pext = glist;
+    *pextlen = ngroups;
     return 1;
 }
 
-# define MAX_CURVELIST   28
+# define MAX_CURVELIST   OSSL_NELEM(nid_list)
 
 typedef struct {
     size_t nidcnt;
@@ -720,9 +403,8 @@ static int nid_cb(const char *elem, int len, void *arg)
     return 1;
 }
 
-/* Set curves based on a colon separate list */
-int tls1_set_curves_list(unsigned char **pext, size_t *pextlen,
-                         const char *str)
+/* Set groups based on a colon separate list */
+int tls1_set_groups_list(uint16_t **pext, size_t *pextlen, const char *str)
 {
     nid_cb_st ncb;
     ncb.nidcnt = 0;
@@ -730,116 +412,129 @@ int tls1_set_curves_list(unsigned char **pext, size_t *pextlen,
         return 0;
     if (pext == NULL)
         return 1;
-    return tls1_set_curves(pext, pextlen, ncb.nid_arr, ncb.nidcnt);
+    return tls1_set_groups(pext, pextlen, ncb.nid_arr, ncb.nidcnt);
 }
-
-/* For an EC key set TLS id and required compression based on parameters */
-static int tls1_set_ec_id(unsigned char *curve_id, unsigned char *comp_id,
-                          EC_KEY *ec)
+/* Return group id of a key */
+static uint16_t tls1_get_group_id(EVP_PKEY *pkey)
 {
-    int is_prime, id;
+    EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
     const EC_GROUP *grp;
-    const EC_METHOD *meth;
-    if (!ec)
+
+    if (ec == NULL)
         return 0;
-    /* Determine if it is a prime field */
     grp = EC_KEY_get0_group(ec);
-    if (!grp)
-        return 0;
-    meth = EC_GROUP_method_of(grp);
-    if (!meth)
-        return 0;
-    if (EC_METHOD_get_field_type(meth) == NID_X9_62_prime_field)
-        is_prime = 1;
-    else
-        is_prime = 0;
-    /* Determine curve ID */
-    id = EC_GROUP_get_curve_name(grp);
-    id = tls1_ec_nid2curve_id(id);
-    /* If we have an ID set it, otherwise set arbitrary explicit curve */
-    if (id) {
-        curve_id[0] = 0;
-        curve_id[1] = (unsigned char)id;
+    return tls1_nid2group_id(EC_GROUP_get_curve_name(grp));
+}
+
+/* Check a key is compatible with compression extension */
+static int tls1_check_pkey_comp(SSL *s, EVP_PKEY *pkey)
+{
+    const EC_KEY *ec;
+    const EC_GROUP *grp;
+    unsigned char comp_id;
+    size_t i;
+
+    /* If not an EC key nothing to check */
+    if (EVP_PKEY_id(pkey) != EVP_PKEY_EC)
+        return 1;
+    ec = EVP_PKEY_get0_EC_KEY(pkey);
+    grp = EC_KEY_get0_group(ec);
+
+    /* Get required compression id */
+    if (EC_KEY_get_conv_form(ec) == POINT_CONVERSION_UNCOMPRESSED) {
+            comp_id = TLSEXT_ECPOINTFORMAT_uncompressed;
+    } else if (SSL_IS_TLS13(s)) {
+            /*
+             * ec_point_formats extension is not used in TLSv1.3 so we ignore
+             * this check.
+             */
+            return 1;
     } else {
-        curve_id[0] = 0xff;
-        if (is_prime)
-            curve_id[1] = 0x01;
+        int field_type = EC_METHOD_get_field_type(EC_GROUP_method_of(grp));
+
+        if (field_type == NID_X9_62_prime_field)
+            comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
+        else if (field_type == NID_X9_62_characteristic_two_field)
+            comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
         else
-            curve_id[1] = 0x02;
-    }
-    if (comp_id) {
-        if (EC_KEY_get0_public_key(ec) == NULL)
             return 0;
-        if (EC_KEY_get_conv_form(ec) == POINT_CONVERSION_COMPRESSED) {
-            if (is_prime)
-                *comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
-            else
-                *comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
-        } else
-            *comp_id = TLSEXT_ECPOINTFORMAT_uncompressed;
     }
-    return 1;
-}
-
-/* Check an EC key is compatible with extensions */
-static int tls1_check_ec_key(SSL *s,
-                             unsigned char *curve_id, unsigned char *comp_id)
-{
-    const unsigned char *pformats, *pcurves;
-    size_t num_formats, num_curves, i;
-    int j;
     /*
      * If point formats extension present check it, otherwise everything is
      * supported (see RFC4492).
      */
-    if (comp_id && s->session->tlsext_ecpointformatlist) {
-        pformats = s->session->tlsext_ecpointformatlist;
-        num_formats = s->session->tlsext_ecpointformatlist_length;
-        for (i = 0; i < num_formats; i++, pformats++) {
-            if (*comp_id == *pformats)
-                break;
-        }
-        if (i == num_formats)
-            return 0;
-    }
-    if (!curve_id)
+    if (s->session->ext.ecpointformats == NULL)
         return 1;
-    /* Check curve is consistent with client and server preferences */
-    for (j = 0; j <= 1; j++) {
-        if (!tls1_get_curvelist(s, j, &pcurves, &num_curves))
+
+    for (i = 0; i < s->session->ext.ecpointformats_len; i++) {
+        if (s->session->ext.ecpointformats[i] == comp_id)
+            return 1;
+    }
+    return 0;
+}
+
+/* Check a group id matches preferences */
+int tls1_check_group_id(SSL *s, uint16_t group_id, int check_own_groups)
+    {
+    const uint16_t *groups;
+    size_t groups_len;
+
+    if (group_id == 0)
+        return 0;
+
+    /* Check for Suite B compliance */
+    if (tls1_suiteb(s) && s->s3->tmp.new_cipher != NULL) {
+        unsigned long cid = s->s3->tmp.new_cipher->id;
+
+        if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) {
+            if (group_id != TLSEXT_curve_P_256)
+                return 0;
+        } else if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) {
+            if (group_id != TLSEXT_curve_P_384)
+                return 0;
+        } else {
+            /* Should never happen */
             return 0;
-        if (j == 1 && num_curves == 0) {
-            /*
-             * If we've not received any curves then skip this check.
-             * RFC 4492 does not require the supported elliptic curves extension
-             * so if it is not sent we can just choose any curve.
-             * It is invalid to send an empty list in the elliptic curves
-             * extension, so num_curves == 0 always means no extension.
-             */
-            break;
-        }
-        for (i = 0; i < num_curves; i++, pcurves += 2) {
-            if (pcurves[0] == curve_id[0] && pcurves[1] == curve_id[1])
-                break;
         }
-        if (i == num_curves)
+    }
+
+    if (check_own_groups) {
+        /* Check group is one of our preferences */
+        tls1_get_supported_groups(s, &groups, &groups_len);
+        if (!tls1_in_list(group_id, groups, groups_len))
             return 0;
-        /* For clients can only check sent curve list */
-        if (!s->server)
-            return 1;
     }
-    return 1;
+
+    if (!tls_curve_allowed(s, group_id, SSL_SECOP_CURVE_CHECK))
+        return 0;
+
+    /* For clients, nothing more to check */
+    if (!s->server)
+        return 1;
+
+    /* Check group is one of peers preferences */
+    tls1_get_peer_groups(s, &groups, &groups_len);
+
+    /*
+     * RFC 4492 does not require the supported elliptic curves extension
+     * so if it is not sent we can just choose any curve.
+     * It is invalid to send an empty list in the supported groups
+     * extension, so groups_len == 0 always means no extension.
+     */
+    if (groups_len == 0)
+            return 1;
+    return tls1_in_list(group_id, groups, groups_len);
 }
 
-static void tls1_get_formatlist(SSL *s, const unsigned char **pformats,
-                                size_t *num_formats)
+void tls1_get_formatlist(SSL *s, const unsigned char **pformats,
+                         size_t *num_formats)
 {
     /*
      * If we have a custom point format list use it otherwise use default
      */
-    if (s->tlsext_ecpointformatlist) {
-        *pformats = s->tlsext_ecpointformatlist;
-        *num_formats = s->tlsext_ecpointformatlist_length;
+    if (s->ext.ecpointformats) {
+        *pformats = s->ext.ecpointformats;
+        *num_formats = s->ext.ecpointformats_len;
     } else {
         *pformats = ecformats_default;
         /* For Suite B we don't support char2 fields */
@@ -854,128 +549,77 @@ static void tls1_get_formatlist(SSL *s, const unsigned char **pformats,
  * Check cert parameters compatible with extensions: currently just checks EC
  * certificates have compatible curves and compression.
  */
-static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md)
+static int tls1_check_cert_param(SSL *s, X509 *x, int check_ee_md)
 {
-    unsigned char comp_id, curve_id[2];
+    uint16_t group_id;
     EVP_PKEY *pkey;
-    int rv;
-    pkey = X509_get_pubkey(x);
-    if (!pkey)
+    pkey = X509_get0_pubkey(x);
+    if (pkey == NULL)
         return 0;
     /* If not EC nothing to do */
-    if (pkey->type != EVP_PKEY_EC) {
-        EVP_PKEY_free(pkey);
+    if (EVP_PKEY_id(pkey) != EVP_PKEY_EC)
         return 1;
-    }
-    rv = tls1_set_ec_id(curve_id, &comp_id, pkey->pkey.ec);
-    EVP_PKEY_free(pkey);
-    if (!rv)
+    /* Check compression */
+    if (!tls1_check_pkey_comp(s, pkey))
         return 0;
+    group_id = tls1_get_group_id(pkey);
     /*
-     * Can't check curve_id for client certs as we don't have a supported
-     * curves extension.
+     * For a server we allow the certificate to not be in our list of supported
+     * groups.
      */
-    rv = tls1_check_ec_key(s, s->server ? curve_id : NULL, &comp_id);
-    if (!rv)
+    if (!tls1_check_group_id(s, group_id, !s->server))
         return 0;
     /*
      * Special case for suite B. We *MUST* sign using SHA256+P-256 or
-     * SHA384+P-384, adjust digest if necessary.
+     * SHA384+P-384.
      */
-    if (set_ee_md && tls1_suiteb(s)) {
+    if (check_ee_md && tls1_suiteb(s)) {
         int check_md;
         size_t i;
         CERT *c = s->cert;
-        if (curve_id[0])
-            return 0;
+
         /* Check to see we have necessary signing algorithm */
-        if (curve_id[1] == TLSEXT_curve_P_256)
+        if (group_id == TLSEXT_curve_P_256)
             check_md = NID_ecdsa_with_SHA256;
-        else if (curve_id[1] == TLSEXT_curve_P_384)
+        else if (group_id == TLSEXT_curve_P_384)
             check_md = NID_ecdsa_with_SHA384;
         else
             return 0;           /* Should never happen */
-        for (i = 0; i < c->shared_sigalgslen; i++)
-            if (check_md == c->shared_sigalgs[i].signandhash_nid)
-                break;
-        if (i == c->shared_sigalgslen)
-            return 0;
-        if (set_ee_md == 2) {
-            if (check_md == NID_ecdsa_with_SHA256)
-                c->pkeys[SSL_PKEY_ECC].digest = EVP_sha256();
-            else
-                c->pkeys[SSL_PKEY_ECC].digest = EVP_sha384();
+        for (i = 0; i < c->shared_sigalgslen; i++) {
+            if (check_md == c->shared_sigalgs[i]->sigandhash)
+                return 1;;
         }
+        return 0;
     }
-    return rv;
+    return 1;
 }
 
-# ifndef OPENSSL_NO_ECDH
-/* Check EC temporary key is compatible with client extensions */
+/*
+ * tls1_check_ec_tmp_key - Check EC temporary key compatibility
+ * @s: SSL connection
+ * @cid: Cipher ID we're considering using
+ *
+ * Checks that the kECDHE cipher suite we're considering using
+ * is compatible with the client extensions.
+ *
+ * Returns 0 when the cipher can't be used or 1 when it can.
+ */
 int tls1_check_ec_tmp_key(SSL *s, unsigned long cid)
 {
-    unsigned char curve_id[2];
-    EC_KEY *ec = s->cert->ecdh_tmp;
-#  ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
-    /* Allow any curve: not just those peer supports */
-    if (s->cert->cert_flags & SSL_CERT_FLAG_BROKEN_PROTOCOL)
-        return 1;
-#  endif
+    /* If not Suite B just need a shared group */
+    if (!tls1_suiteb(s))
+        return tls1_shared_group(s, 0) != 0;
     /*
      * If Suite B, AES128 MUST use P-256 and AES256 MUST use P-384, no other
      * curves permitted.
      */
-    if (tls1_suiteb(s)) {
-        /* Curve to check determined by ciphersuite */
-        if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
-            curve_id[1] = TLSEXT_curve_P_256;
-        else if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384)
-            curve_id[1] = TLSEXT_curve_P_384;
-        else
-            return 0;
-        curve_id[0] = 0;
-        /* Check this curve is acceptable */
-        if (!tls1_check_ec_key(s, curve_id, NULL))
-            return 0;
-        /* If auto or setting curve from callback assume OK */
-        if (s->cert->ecdh_tmp_auto || s->cert->ecdh_tmp_cb)
-            return 1;
-        /* Otherwise check curve is acceptable */
-        else {
-            unsigned char curve_tmp[2];
-            if (!ec)
-                return 0;
-            if (!tls1_set_ec_id(curve_tmp, NULL, ec))
-                return 0;
-            if (!curve_tmp[0] || curve_tmp[1] == curve_id[1])
-                return 1;
-            return 0;
-        }
+    if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
+        return tls1_check_group_id(s, TLSEXT_curve_P_256, 1);
+    if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384)
+        return tls1_check_group_id(s, TLSEXT_curve_P_384, 1);
 
-    }
-    if (s->cert->ecdh_tmp_auto) {
-        /* Need a shared curve */
-        if (tls1_shared_curve(s, 0))
-            return 1;
-        else
-            return 0;
-    }
-    if (!ec) {
-        if (s->cert->ecdh_tmp_cb)
-            return 1;
-        else
-            return 0;
-    }
-    if (!tls1_set_ec_id(curve_id, NULL, ec))
-        return 0;
-/* Set this to allow use of invalid curves for testing */
-#  if 0
-    return 1;
-#  else
-    return tls1_check_ec_key(s, curve_id, NULL);
-#  endif
+    return 0;
 }
-# endif                         /* OPENSSL_NO_ECDH */
 
 #else
 
@@ -986,2612 +630,781 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md)
 
 #endif                          /* OPENSSL_NO_EC */
 
-#ifndef OPENSSL_NO_TLSEXT
-
-/*
- * List of supported signature algorithms and hashes. Should make this
- * customisable at some point, for now include everything we support.
- */
+/* Default sigalg schemes */
+static const uint16_t tls12_sigalgs[] = {
+#ifndef OPENSSL_NO_EC
+    TLSEXT_SIGALG_ecdsa_secp256r1_sha256,
+    TLSEXT_SIGALG_ecdsa_secp384r1_sha384,
+    TLSEXT_SIGALG_ecdsa_secp521r1_sha512,
+    TLSEXT_SIGALG_ed25519,
+    TLSEXT_SIGALG_ed448,
+#endif
 
-# ifdef OPENSSL_NO_RSA
-#  define tlsext_sigalg_rsa(md) /* */
-# else
-#  define tlsext_sigalg_rsa(md) md, TLSEXT_signature_rsa,
-# endif
+    TLSEXT_SIGALG_rsa_pss_pss_sha256,
+    TLSEXT_SIGALG_rsa_pss_pss_sha384,
+    TLSEXT_SIGALG_rsa_pss_pss_sha512,
+    TLSEXT_SIGALG_rsa_pss_rsae_sha256,
+    TLSEXT_SIGALG_rsa_pss_rsae_sha384,
+    TLSEXT_SIGALG_rsa_pss_rsae_sha512,
 
-# ifdef OPENSSL_NO_DSA
-#  define tlsext_sigalg_dsa(md) /* */
-# else
-#  define tlsext_sigalg_dsa(md) md, TLSEXT_signature_dsa,
-# endif
+    TLSEXT_SIGALG_rsa_pkcs1_sha256,
+    TLSEXT_SIGALG_rsa_pkcs1_sha384,
+    TLSEXT_SIGALG_rsa_pkcs1_sha512,
 
-# ifdef OPENSSL_NO_ECDSA
-#  define tlsext_sigalg_ecdsa(md)
-                                /* */
-# else
-#  define tlsext_sigalg_ecdsa(md) md, TLSEXT_signature_ecdsa,
-# endif
+#ifndef OPENSSL_NO_EC
+    TLSEXT_SIGALG_ecdsa_sha224,
+    TLSEXT_SIGALG_ecdsa_sha1,
+#endif
+    TLSEXT_SIGALG_rsa_pkcs1_sha224,
+    TLSEXT_SIGALG_rsa_pkcs1_sha1,
+#ifndef OPENSSL_NO_DSA
+    TLSEXT_SIGALG_dsa_sha224,
+    TLSEXT_SIGALG_dsa_sha1,
+
+    TLSEXT_SIGALG_dsa_sha256,
+    TLSEXT_SIGALG_dsa_sha384,
+    TLSEXT_SIGALG_dsa_sha512,
+#endif
+#ifndef OPENSSL_NO_GOST
+    TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256,
+    TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512,
+    TLSEXT_SIGALG_gostr34102001_gostr3411,
+#endif
+};
 
-# define tlsext_sigalg(md) \
-                tlsext_sigalg_rsa(md) \
-                tlsext_sigalg_dsa(md) \
-                tlsext_sigalg_ecdsa(md)
+#ifndef OPENSSL_NO_EC
+static const uint16_t suiteb_sigalgs[] = {
+    TLSEXT_SIGALG_ecdsa_secp256r1_sha256,
+    TLSEXT_SIGALG_ecdsa_secp384r1_sha384
+};
+#endif
 
-static unsigned char tls12_sigalgs[] = {
-# ifndef OPENSSL_NO_SHA512
-    tlsext_sigalg(TLSEXT_hash_sha512)
-        tlsext_sigalg(TLSEXT_hash_sha384)
-# endif
-# ifndef OPENSSL_NO_SHA256
-        tlsext_sigalg(TLSEXT_hash_sha256)
-        tlsext_sigalg(TLSEXT_hash_sha224)
-# endif
-# ifndef OPENSSL_NO_SHA
-        tlsext_sigalg(TLSEXT_hash_sha1)
-# endif
+static const SIGALG_LOOKUP sigalg_lookup_tbl[] = {
+#ifndef OPENSSL_NO_EC
+    {"ecdsa_secp256r1_sha256", TLSEXT_SIGALG_ecdsa_secp256r1_sha256,
+     NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_EC, SSL_PKEY_ECC,
+     NID_ecdsa_with_SHA256, NID_X9_62_prime256v1},
+    {"ecdsa_secp384r1_sha384", TLSEXT_SIGALG_ecdsa_secp384r1_sha384,
+     NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_EC, SSL_PKEY_ECC,
+     NID_ecdsa_with_SHA384, NID_secp384r1},
+    {"ecdsa_secp521r1_sha512", TLSEXT_SIGALG_ecdsa_secp521r1_sha512,
+     NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_EC, SSL_PKEY_ECC,
+     NID_ecdsa_with_SHA512, NID_secp521r1},
+    {"ed25519", TLSEXT_SIGALG_ed25519,
+     NID_undef, -1, EVP_PKEY_ED25519, SSL_PKEY_ED25519,
+     NID_undef, NID_undef},
+    {"ed448", TLSEXT_SIGALG_ed448,
+     NID_undef, -1, EVP_PKEY_ED448, SSL_PKEY_ED448,
+     NID_undef, NID_undef},
+    {NULL, TLSEXT_SIGALG_ecdsa_sha224,
+     NID_sha224, SSL_MD_SHA224_IDX, EVP_PKEY_EC, SSL_PKEY_ECC,
+     NID_ecdsa_with_SHA224, NID_undef},
+    {NULL, TLSEXT_SIGALG_ecdsa_sha1,
+     NID_sha1, SSL_MD_SHA1_IDX, EVP_PKEY_EC, SSL_PKEY_ECC,
+     NID_ecdsa_with_SHA1, NID_undef},
+#endif
+    {"rsa_pss_rsae_sha256", TLSEXT_SIGALG_rsa_pss_rsae_sha256,
+     NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA,
+     NID_undef, NID_undef},
+    {"rsa_pss_rsae_sha384", TLSEXT_SIGALG_rsa_pss_rsae_sha384,
+     NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA,
+     NID_undef, NID_undef},
+    {"rsa_pss_rsae_sha512", TLSEXT_SIGALG_rsa_pss_rsae_sha512,
+     NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA,
+     NID_undef, NID_undef},
+    {"rsa_pss_pss_sha256", TLSEXT_SIGALG_rsa_pss_pss_sha256,
+     NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA_PSS_SIGN,
+     NID_undef, NID_undef},
+    {"rsa_pss_pss_sha384", TLSEXT_SIGALG_rsa_pss_pss_sha384,
+     NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA_PSS_SIGN,
+     NID_undef, NID_undef},
+    {"rsa_pss_pss_sha512", TLSEXT_SIGALG_rsa_pss_pss_sha512,
+     NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA_PSS_SIGN,
+     NID_undef, NID_undef},
+    {"rsa_pkcs1_sha256", TLSEXT_SIGALG_rsa_pkcs1_sha256,
+     NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA,
+     NID_sha256WithRSAEncryption, NID_undef},
+    {"rsa_pkcs1_sha384", TLSEXT_SIGALG_rsa_pkcs1_sha384,
+     NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA,
+     NID_sha384WithRSAEncryption, NID_undef},
+    {"rsa_pkcs1_sha512", TLSEXT_SIGALG_rsa_pkcs1_sha512,
+     NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA,
+     NID_sha512WithRSAEncryption, NID_undef},
+    {"rsa_pkcs1_sha224", TLSEXT_SIGALG_rsa_pkcs1_sha224,
+     NID_sha224, SSL_MD_SHA224_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA,
+     NID_sha224WithRSAEncryption, NID_undef},
+    {"rsa_pkcs1_sha1", TLSEXT_SIGALG_rsa_pkcs1_sha1,
+     NID_sha1, SSL_MD_SHA1_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA,
+     NID_sha1WithRSAEncryption, NID_undef},
+#ifndef OPENSSL_NO_DSA
+    {NULL, TLSEXT_SIGALG_dsa_sha256,
+     NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN,
+     NID_dsa_with_SHA256, NID_undef},
+    {NULL, TLSEXT_SIGALG_dsa_sha384,
+     NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN,
+     NID_undef, NID_undef},
+    {NULL, TLSEXT_SIGALG_dsa_sha512,
+     NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN,
+     NID_undef, NID_undef},
+    {NULL, TLSEXT_SIGALG_dsa_sha224,
+     NID_sha224, SSL_MD_SHA224_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN,
+     NID_undef, NID_undef},
+    {NULL, TLSEXT_SIGALG_dsa_sha1,
+     NID_sha1, SSL_MD_SHA1_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN,
+     NID_dsaWithSHA1, NID_undef},
+#endif
+#ifndef OPENSSL_NO_GOST
+    {NULL, TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256,
+     NID_id_GostR3411_2012_256, SSL_MD_GOST12_256_IDX,
+     NID_id_GostR3410_2012_256, SSL_PKEY_GOST12_256,
+     NID_undef, NID_undef},
+    {NULL, TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512,
+     NID_id_GostR3411_2012_512, SSL_MD_GOST12_512_IDX,
+     NID_id_GostR3410_2012_512, SSL_PKEY_GOST12_512,
+     NID_undef, NID_undef},
+    {NULL, TLSEXT_SIGALG_gostr34102001_gostr3411,
+     NID_id_GostR3411_94, SSL_MD_GOST94_IDX,
+     NID_id_GostR3410_2001, SSL_PKEY_GOST01,
+     NID_undef, NID_undef}
+#endif
+};
+/* Legacy sigalgs for TLS < 1.2 RSA TLS signatures */
+static const SIGALG_LOOKUP legacy_rsa_sigalg = {
+    "rsa_pkcs1_md5_sha1", 0,
+     NID_md5_sha1, SSL_MD_MD5_SHA1_IDX,
+     EVP_PKEY_RSA, SSL_PKEY_RSA,
+     NID_undef, NID_undef
 };
 
-# ifndef OPENSSL_NO_ECDSA
-static unsigned char suiteb_sigalgs[] = {
-    tlsext_sigalg_ecdsa(TLSEXT_hash_sha256)
-        tlsext_sigalg_ecdsa(TLSEXT_hash_sha384)
+/*
+ * Default signature algorithm values used if signature algorithms not present.
+ * From RFC5246. Note: order must match certificate index order.
+ */
+static const uint16_t tls_default_sigalg[] = {
+    TLSEXT_SIGALG_rsa_pkcs1_sha1, /* SSL_PKEY_RSA */
+    0, /* SSL_PKEY_RSA_PSS_SIGN */
+    TLSEXT_SIGALG_dsa_sha1, /* SSL_PKEY_DSA_SIGN */
+    TLSEXT_SIGALG_ecdsa_sha1, /* SSL_PKEY_ECC */
+    TLSEXT_SIGALG_gostr34102001_gostr3411, /* SSL_PKEY_GOST01 */
+    TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256, /* SSL_PKEY_GOST12_256 */
+    TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512, /* SSL_PKEY_GOST12_512 */
+    0, /* SSL_PKEY_ED25519 */
+    0, /* SSL_PKEY_ED448 */
 };
-# endif
-size_t tls12_get_psigalgs(SSL *s, int sent, const unsigned char **psigs)
-{
-    /*
-     * If Suite B mode use Suite B sigalgs only, ignore any other
-     * preferences.
-     */
-# ifndef OPENSSL_NO_EC
-    switch (tls1_suiteb(s)) {
-    case SSL_CERT_FLAG_SUITEB_128_LOS:
-        *psigs = suiteb_sigalgs;
-        return sizeof(suiteb_sigalgs);
 
-    case SSL_CERT_FLAG_SUITEB_128_LOS_ONLY:
-        *psigs = suiteb_sigalgs;
-        return 2;
+/* Lookup TLS signature algorithm */
+static const SIGALG_LOOKUP *tls1_lookup_sigalg(uint16_t sigalg)
+{
+    size_t i;
+    const SIGALG_LOOKUP *s;
 
-    case SSL_CERT_FLAG_SUITEB_192_LOS:
-        *psigs = suiteb_sigalgs + 2;
-        return 2;
+    for (i = 0, s = sigalg_lookup_tbl; i < OSSL_NELEM(sigalg_lookup_tbl);
+         i++, s++) {
+        if (s->sigalg == sigalg)
+            return s;
     }
-# endif
-    /* If server use client authentication sigalgs if not NULL */
-    if (s->server == sent && s->cert->client_sigalgs) {
-        *psigs = s->cert->client_sigalgs;
-        return s->cert->client_sigalgslen;
-    } else if (s->cert->conf_sigalgs) {
-        *psigs = s->cert->conf_sigalgs;
-        return s->cert->conf_sigalgslen;
+    return NULL;
+}
+/* Lookup hash: return 0 if invalid or not enabled */
+int tls1_lookup_md(const SIGALG_LOOKUP *lu, const EVP_MD **pmd)
+{
+    const EVP_MD *md;
+    if (lu == NULL)
+        return 0;
+    /* lu->hash == NID_undef means no associated digest */
+    if (lu->hash == NID_undef) {
+        md = NULL;
     } else {
-        *psigs = tls12_sigalgs;
-        return sizeof(tls12_sigalgs);
+        md = ssl_md(lu->hash_idx);
+        if (md == NULL)
+            return 0;
     }
+    if (pmd)
+        *pmd = md;
+    return 1;
 }
 
 /*
- * Check signature algorithm is consistent with sent supported signature
- * algorithms and if so return relevant digest.
+ * Check if key is large enough to generate RSA-PSS signature.
+ *
+ * The key must greater than or equal to 2 * hash length + 2.
+ * SHA512 has a hash length of 64 bytes, which is incompatible
+ * with a 128 byte (1024 bit) key.
  */
-int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s,
-                            const unsigned char *sig, EVP_PKEY *pkey)
+#define RSA_PSS_MINIMUM_KEY_SIZE(md) (2 * EVP_MD_size(md) + 2)
+static int rsa_pss_check_min_key_size(const RSA *rsa, const SIGALG_LOOKUP *lu)
 {
-    const unsigned char *sent_sigs;
-    size_t sent_sigslen, i;
-    int sigalg = tls12_get_sigid(pkey);
-    /* Should never happen */
-    if (sigalg == -1)
-        return -1;
-    /* Check key type is consistent with signature */
-    if (sigalg != (int)sig[1]) {
-        SSLerr(SSL_F_TLS12_CHECK_PEER_SIGALG, SSL_R_WRONG_SIGNATURE_TYPE);
-        return 0;
-    }
-# ifndef OPENSSL_NO_EC
-    if (pkey->type == EVP_PKEY_EC) {
-        unsigned char curve_id[2], comp_id;
-        /* Check compression and curve matches extensions */
-        if (!tls1_set_ec_id(curve_id, &comp_id, pkey->pkey.ec))
-            return 0;
-        if (!s->server && !tls1_check_ec_key(s, curve_id, &comp_id)) {
-            SSLerr(SSL_F_TLS12_CHECK_PEER_SIGALG, SSL_R_WRONG_CURVE);
-            return 0;
-        }
-        /* If Suite B only P-384+SHA384 or P-256+SHA-256 allowed */
-        if (tls1_suiteb(s)) {
-            if (curve_id[0])
-                return 0;
-            if (curve_id[1] == TLSEXT_curve_P_256) {
-                if (sig[0] != TLSEXT_hash_sha256) {
-                    SSLerr(SSL_F_TLS12_CHECK_PEER_SIGALG,
-                           SSL_R_ILLEGAL_SUITEB_DIGEST);
-                    return 0;
-                }
-            } else if (curve_id[1] == TLSEXT_curve_P_384) {
-                if (sig[0] != TLSEXT_hash_sha384) {
-                    SSLerr(SSL_F_TLS12_CHECK_PEER_SIGALG,
-                           SSL_R_ILLEGAL_SUITEB_DIGEST);
-                    return 0;
-                }
-            } else
-                return 0;
-        }
-    } else if (tls1_suiteb(s))
-        return 0;
-# endif
+    const EVP_MD *md;
 
-    /* Check signature matches a type we sent */
-    sent_sigslen = tls12_get_psigalgs(s, 1, &sent_sigs);
-    for (i = 0; i < sent_sigslen; i += 2, sent_sigs += 2) {
-        if (sig[0] == sent_sigs[0] && sig[1] == sent_sigs[1])
-            break;
-    }
-    /* Allow fallback to SHA1 if not strict mode */
-    if (i == sent_sigslen
-        && (sig[0] != TLSEXT_hash_sha1
-            || s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT)) {
-        SSLerr(SSL_F_TLS12_CHECK_PEER_SIGALG, SSL_R_WRONG_SIGNATURE_TYPE);
+    if (rsa == NULL)
         return 0;
-    }
-    *pmd = tls12_get_hash(sig[0]);
-    if (*pmd == NULL) {
-        SSLerr(SSL_F_TLS12_CHECK_PEER_SIGALG, SSL_R_UNKNOWN_DIGEST);
+    if (!tls1_lookup_md(lu, &md) || md == NULL)
+        return 0;
+    if (RSA_size(rsa) < RSA_PSS_MINIMUM_KEY_SIZE(md))
         return 0;
-    }
-    /*
-     * Store the digest used so applications can retrieve it if they wish.
-     */
-    if (s->session && s->session->sess_cert)
-        s->session->sess_cert->peer_key->digest = *pmd;
     return 1;
 }
 
 /*
- * Get a mask of disabled algorithms: an algorithm is disabled if it isn't
- * supported or doesn't appear in supported signature algorithms. Unlike
- * ssl_cipher_get_disabled this applies to a specific session and not global
- * settings.
+ * Return a signature algorithm for TLS < 1.2 where the signature type
+ * is fixed by the certificate type.
  */
-void ssl_set_client_disabled(SSL *s)
+static const SIGALG_LOOKUP *tls1_get_legacy_sigalg(const SSL *s, int idx)
 {
-    CERT *c = s->cert;
-    const unsigned char *sigalgs;
-    size_t i, sigalgslen;
-    int have_rsa = 0, have_dsa = 0, have_ecdsa = 0;
-    c->mask_a = 0;
-    c->mask_k = 0;
-    /* Don't allow TLS 1.2 only ciphers if we don't suppport them */
-    if (!SSL_CLIENT_USE_TLS1_2_CIPHERS(s))
-        c->mask_ssl = SSL_TLSV1_2;
-    else
-        c->mask_ssl = 0;
-    /*
-     * Now go through all signature algorithms seeing if we support any for
-     * RSA, DSA, ECDSA. Do this for all versions not just TLS 1.2.
-     */
-    sigalgslen = tls12_get_psigalgs(s, 1, &sigalgs);
-    for (i = 0; i < sigalgslen; i += 2, sigalgs += 2) {
-        switch (sigalgs[1]) {
-# ifndef OPENSSL_NO_RSA
-        case TLSEXT_signature_rsa:
-            have_rsa = 1;
-            break;
-# endif
-# ifndef OPENSSL_NO_DSA
-        case TLSEXT_signature_dsa:
-            have_dsa = 1;
-            break;
-# endif
-# ifndef OPENSSL_NO_ECDSA
-        case TLSEXT_signature_ecdsa:
-            have_ecdsa = 1;
-            break;
-# endif
-        }
-    }
-    /*
-     * Disable auth and static DH if we don't include any appropriate
-     * signature algorithms.
-     */
-    if (!have_rsa) {
-        c->mask_a |= SSL_aRSA;
-        c->mask_k |= SSL_kDHr | SSL_kECDHr;
-    }
-    if (!have_dsa) {
-        c->mask_a |= SSL_aDSS;
-        c->mask_k |= SSL_kDHd;
-    }
-    if (!have_ecdsa) {
-        c->mask_a |= SSL_aECDSA;
-        c->mask_k |= SSL_kECDHe;
-    }
-# ifndef OPENSSL_NO_KRB5
-    if (!kssl_tgt_is_available(s->kssl_ctx)) {
-        c->mask_a |= SSL_aKRB5;
-        c->mask_k |= SSL_kKRB5;
-    }
-# endif
-# ifndef OPENSSL_NO_PSK
-    /* with PSK there must be client callback set */
-    if (!s->psk_client_callback) {
-        c->mask_a |= SSL_aPSK;
-        c->mask_k |= SSL_kPSK;
-    }
-# endif                         /* OPENSSL_NO_PSK */
-# ifndef OPENSSL_NO_SRP
-    if (!(s->srp_ctx.srp_Mask & SSL_kSRP)) {
-        c->mask_a |= SSL_aSRP;
-        c->mask_k |= SSL_kSRP;
-    }
-# endif
-    c->valid = 1;
-}
-
-unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
-                                          unsigned char *limit, int *al)
-{
-    int extdatalen = 0;
-    unsigned char *orig = buf;
-    unsigned char *ret = buf;
-# ifndef OPENSSL_NO_EC
-    /* See if we support any ECC ciphersuites */
-    int using_ecc = 0;
-    if (s->version >= TLS1_VERSION || SSL_IS_DTLS(s)) {
-        int i;
-        unsigned long alg_k, alg_a;
-        STACK_OF(SSL_CIPHER) *cipher_stack = SSL_get_ciphers(s);
-
-        for (i = 0; i < sk_SSL_CIPHER_num(cipher_stack); i++) {
-            SSL_CIPHER *c = sk_SSL_CIPHER_value(cipher_stack, i);
-
-            alg_k = c->algorithm_mkey;
-            alg_a = c->algorithm_auth;
-            if ((alg_k & (SSL_kEECDH | SSL_kECDHr | SSL_kECDHe)
-                 || (alg_a & SSL_aECDSA))) {
-                using_ecc = 1;
-                break;
-            }
-        }
-    }
-# endif
-
-    /* don't add extensions for SSLv3 unless doing secure renegotiation */
-    if (s->client_version == SSL3_VERSION && !s->s3->send_connection_binding)
-        return orig;
-
-    ret += 2;
-
-    if (ret >= limit)
-        return NULL;            /* this really never occurs, but ... */
-
-    if (s->tlsext_hostname != NULL) {
-        /* Add TLS extension servername to the Client Hello message */
-        size_t size_str;
-
-        /*-
-         * check for enough space.
-         * 4 for the servername type and entension length
-         * 2 for servernamelist length
-         * 1 for the hostname type
-         * 2 for hostname length
-         * + hostname length
-         */
-        size_str = strlen(s->tlsext_hostname);
-        if (CHECKLEN(ret, 9 + size_str, limit))
-            return NULL;
-
-        /* extension type and length */
-        s2n(TLSEXT_TYPE_server_name, ret);
-        s2n(size_str + 5, ret);
-
-        /* length of servername list */
-        s2n(size_str + 3, ret);
-
-        /* hostname type, length and hostname */
-        *(ret++) = (unsigned char)TLSEXT_NAMETYPE_host_name;
-        s2n(size_str, ret);
-        memcpy(ret, s->tlsext_hostname, size_str);
-        ret += size_str;
-    }
-
-    /* Add RI if renegotiating */
-    if (s->renegotiate) {
-        int el;
-
-        if (!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0)) {
-            SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
-            return NULL;
-        }
-
-        if ((limit - ret - 4 - el) < 0)
-            return NULL;
-
-        s2n(TLSEXT_TYPE_renegotiate, ret);
-        s2n(el, ret);
-
-        if (!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el)) {
-            SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
-            return NULL;
-        }
+    if (idx == -1) {
+        if (s->server) {
+            size_t i;
 
-        ret += el;
-    }
-# ifndef OPENSSL_NO_SRP
-    /* Add SRP username if there is one */
-    if (s->srp_ctx.login != NULL) { /* Add TLS extension SRP username to the
-                                     * Client Hello message */
-
-        size_t login_len = strlen(s->srp_ctx.login);
-        if (login_len > 255 || login_len == 0) {
-            SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
-            return NULL;
-        }
-
-        /*-
-         * check for enough space.
-         * 4 for the srp type type and entension length
-         * 1 for the srp user identity
-         * + srp user identity length
-         */
-        if (CHECKLEN(ret, 5 + login_len, limit))
-            return NULL;
-
-        /* fill in the extension */
-        s2n(TLSEXT_TYPE_srp, ret);
-        s2n(login_len + 1, ret);
-        (*ret++) = (unsigned char)login_len;
-        memcpy(ret, s->srp_ctx.login, login_len);
-        ret += login_len;
-    }
-# endif
-
-# ifndef OPENSSL_NO_EC
-    if (using_ecc) {
-        /*
-         * Add TLS extension ECPointFormats to the ClientHello message
-         */
-        const unsigned char *pcurves, *pformats;
-        size_t num_curves, num_formats, curves_list_len;
-
-        tls1_get_formatlist(s, &pformats, &num_formats);
-
-        if (num_formats > 255) {
-            SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
-            return NULL;
-        }
-        /*-
-         * check for enough space.
-         * 4 bytes for the ec point formats type and extension length
-         * 1 byte for the length of the formats
-         * + formats length
-         */
-        if (CHECKLEN(ret, 5 + num_formats, limit))
-            return NULL;
-
-        s2n(TLSEXT_TYPE_ec_point_formats, ret);
-        /* The point format list has 1-byte length. */
-        s2n(num_formats + 1, ret);
-        *(ret++) = (unsigned char)num_formats;
-        memcpy(ret, pformats, num_formats);
-        ret += num_formats;
-
-        /*
-         * Add TLS extension EllipticCurves to the ClientHello message
-         */
-        pcurves = s->tlsext_ellipticcurvelist;
-        if (!tls1_get_curvelist(s, 0, &pcurves, &num_curves))
-            return NULL;
-
-        if (num_curves > 65532 / 2) {
-            SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
-            return NULL;
-        }
-        curves_list_len = 2 * num_curves;
-        /*-
-         * check for enough space.
-         * 4 bytes for the ec curves type and extension length
-         * 2 bytes for the curve list length
-         * + curve list length
-         */
-        if (CHECKLEN(ret, 6 + curves_list_len, limit))
-            return NULL;
-
-        s2n(TLSEXT_TYPE_elliptic_curves, ret);
-        s2n(curves_list_len + 2, ret);
-        s2n(curves_list_len, ret);
-        memcpy(ret, pcurves, curves_list_len);
-        ret += curves_list_len;
-    }
-# endif                         /* OPENSSL_NO_EC */
-
-    if (!(SSL_get_options(s) & SSL_OP_NO_TICKET)) {
-        size_t ticklen;
-        if (!s->new_session && s->session && s->session->tlsext_tick)
-            ticklen = s->session->tlsext_ticklen;
-        else if (s->session && s->tlsext_session_ticket &&
-                 s->tlsext_session_ticket->data) {
-            ticklen = s->tlsext_session_ticket->length;
-            s->session->tlsext_tick = OPENSSL_malloc(ticklen);
-            if (!s->session->tlsext_tick)
-                return NULL;
-            memcpy(s->session->tlsext_tick,
-                   s->tlsext_session_ticket->data, ticklen);
-            s->session->tlsext_ticklen = ticklen;
-        } else
-            ticklen = 0;
-        if (ticklen == 0 && s->tlsext_session_ticket &&
-            s->tlsext_session_ticket->data == NULL)
-            goto skip_ext;
-        /*
-         * Check for enough room 2 for extension type, 2 for len rest for
-         * ticket
-         */
-        if (CHECKLEN(ret, 4 + ticklen, limit))
-            return NULL;
-        s2n(TLSEXT_TYPE_session_ticket, ret);
-        s2n(ticklen, ret);
-        if (ticklen > 0) {
-            memcpy(ret, s->session->tlsext_tick, ticklen);
-            ret += ticklen;
-        }
-    }
- skip_ext:
-
-    if (SSL_CLIENT_USE_SIGALGS(s)) {
-        size_t salglen;
-        const unsigned char *salg;
-        salglen = tls12_get_psigalgs(s, 1, &salg);
-
-        /*-
-         * check for enough space.
-         * 4 bytes for the sigalgs type and extension length
-         * 2 bytes for the sigalg list length
-         * + sigalg list length
-         */
-        if (CHECKLEN(ret, salglen + 6, limit))
-            return NULL;
-        s2n(TLSEXT_TYPE_signature_algorithms, ret);
-        s2n(salglen + 2, ret);
-        s2n(salglen, ret);
-        memcpy(ret, salg, salglen);
-        ret += salglen;
-    }
-# ifdef TLSEXT_TYPE_opaque_prf_input
-    if (s->s3->client_opaque_prf_input != NULL) {
-        size_t col = s->s3->client_opaque_prf_input_len;
-
-        if ((long)(limit - ret - 6 - col < 0))
-            return NULL;
-        if (col > 0xFFFD)       /* can't happen */
-            return NULL;
-
-        s2n(TLSEXT_TYPE_opaque_prf_input, ret);
-        s2n(col + 2, ret);
-        s2n(col, ret);
-        memcpy(ret, s->s3->client_opaque_prf_input, col);
-        ret += col;
-    }
-# endif
-
-    if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) {
-        int i;
-        size_t extlen, idlen;
-        int lentmp;
-        OCSP_RESPID *id;
-
-        idlen = 0;
-        for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++) {
-            id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i);
-            lentmp = i2d_OCSP_RESPID(id, NULL);
-            if (lentmp <= 0)
-                return NULL;
-            idlen += (size_t)lentmp + 2;
-        }
-
-        if (s->tlsext_ocsp_exts) {
-            lentmp = i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, NULL);
-            if (lentmp < 0)
-                return NULL;
-            extlen = (size_t)lentmp;
-        } else
-            extlen = 0;
+            /* Work out index corresponding to ciphersuite */
+            for (i = 0; i < SSL_PKEY_NUM; i++) {
+                const SSL_CERT_LOOKUP *clu = ssl_cert_lookup_by_idx(i);
 
-        if (extlen + idlen > 0xFFF0)
-            return NULL;
-        /*
-         * 2 bytes for status request type
-         * 2 bytes for status request len
-         * 1 byte for OCSP request type
-         * 2 bytes for length of ids
-         * 2 bytes for length of extensions
-         * + length of ids
-         * + length of extensions
-         */
-        if (CHECKLEN(ret, 9 + idlen + extlen, limit))
-            return NULL;
+                if (clu->amask & s->s3->tmp.new_cipher->algorithm_auth) {
+                    idx = i;
+                    break;
+                }
+            }
 
-        s2n(TLSEXT_TYPE_status_request, ret);
-        s2n(extlen + idlen + 5, ret);
-        *(ret++) = TLSEXT_STATUSTYPE_ocsp;
-        s2n(idlen, ret);
-        for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++) {
-            /* save position of id len */
-            unsigned char *q = ret;
-            id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i);
-            /* skip over id len */
-            ret += 2;
-            lentmp = i2d_OCSP_RESPID(id, &ret);
-            /* write id len */
-            s2n(lentmp, q);
+            /*
+             * Some GOST ciphersuites allow more than one signature algorithms
+             * */
+            if (idx == SSL_PKEY_GOST01 && s->s3->tmp.new_cipher->algorithm_auth != SSL_aGOST01) {
+                int real_idx;
+
+                for (real_idx = SSL_PKEY_GOST12_512; real_idx >= SSL_PKEY_GOST01;
+                     real_idx--) {
+                    if (s->cert->pkeys[real_idx].privatekey != NULL) {
+                        idx = real_idx;
+                        break;
+                    }
+                }
+            }
+        } else {
+            idx = s->cert->key - s->cert->pkeys;
         }
-        s2n(extlen, ret);
-        if (extlen > 0)
-            i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret);
     }
-# ifndef OPENSSL_NO_HEARTBEATS
-    /* Add Heartbeat extension */
-
-    /*-
-     * check for enough space.
-     * 4 bytes for the heartbeat ext type and extension length
-     * 1 byte for the mode
-     */
-    if (CHECKLEN(ret, 5, limit))
+    if (idx < 0 || idx >= (int)OSSL_NELEM(tls_default_sigalg))
         return NULL;
+    if (SSL_USE_SIGALGS(s) || idx != SSL_PKEY_RSA) {
+        const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(tls_default_sigalg[idx]);
 
-    s2n(TLSEXT_TYPE_heartbeat, ret);
-    s2n(1, ret);
-    /*-
-     * Set mode:
-     * 1: peer may send requests
-     * 2: peer not allowed to send requests
-     */
-    if (s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_RECV_REQUESTS)
-        *(ret++) = SSL_TLSEXT_HB_DONT_SEND_REQUESTS;
-    else
-        *(ret++) = SSL_TLSEXT_HB_ENABLED;
-# endif
-
-# ifndef OPENSSL_NO_NEXTPROTONEG
-    if (s->ctx->next_proto_select_cb && !s->s3->tmp.finish_md_len) {
-        /*
-         * The client advertises an emtpy extension to indicate its support
-         * for Next Protocol Negotiation
-         */
-
-        /*-
-         * check for enough space.
-         * 4 bytes for the NPN ext type and extension length
-         */
-        if (CHECKLEN(ret, 4, limit))
-            return NULL;
-        s2n(TLSEXT_TYPE_next_proto_neg, ret);
-        s2n(0, ret);
-    }
-# endif
-
-    if (s->alpn_client_proto_list && !s->s3->tmp.finish_md_len) {
-        /*-
-         * check for enough space.
-         * 4 bytes for the ALPN type and extension length
-         * 2 bytes for the ALPN protocol list length
-         * + ALPN protocol list length
-         */
-        if (CHECKLEN(ret, 6 + s->alpn_client_proto_list_len, limit))
+        if (!tls1_lookup_md(lu, NULL))
             return NULL;
-        s2n(TLSEXT_TYPE_application_layer_protocol_negotiation, ret);
-        s2n(2 + s->alpn_client_proto_list_len, ret);
-        s2n(s->alpn_client_proto_list_len, ret);
-        memcpy(ret, s->alpn_client_proto_list, s->alpn_client_proto_list_len);
-        ret += s->alpn_client_proto_list_len;
-        s->cert->alpn_sent = 1;
+        return lu;
     }
-# ifndef OPENSSL_NO_SRTP
-    if (SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s)) {
-        int el;
-
-        ssl_add_clienthello_use_srtp_ext(s, 0, &el, 0);
-
-        /*-
-         * check for enough space.
-         * 4 bytes for the SRTP type and extension length
-         * + SRTP profiles length
-         */
-        if (CHECKLEN(ret, 4 + el, limit))
-            return NULL;
-
-        s2n(TLSEXT_TYPE_use_srtp, ret);
-        s2n(el, ret);
-
-        if (ssl_add_clienthello_use_srtp_ext(s, ret, &el, el)) {
-            SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
-            return NULL;
-        }
-        ret += el;
-    }
-# endif
-    custom_ext_init(&s->cert->cli_ext);
-    /* Add custom TLS Extensions to ClientHello */
-    if (!custom_ext_add(s, 0, &ret, limit, al))
-        return NULL;
-
-    /*
-     * Add padding to workaround bugs in F5 terminators. See
-     * https://tools.ietf.org/html/draft-agl-tls-padding-03 NB: because this
-     * code works out the length of all existing extensions it MUST always
-     * appear last.
-     */
-    if (s->options & SSL_OP_TLSEXT_PADDING) {
-        int hlen = ret - (unsigned char *)s->init_buf->data;
-        /*
-         * The code in s23_clnt.c to build ClientHello messages includes the
-         * 5-byte record header in the buffer, while the code in s3_clnt.c
-         * does not.
-         */
-        if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
-            hlen -= 5;
-        if (hlen > 0xff && hlen < 0x200) {
-            hlen = 0x200 - hlen;
-            if (hlen >= 4)
-                hlen -= 4;
-            else
-                hlen = 0;
-
-            /*-
-             * check for enough space. Strictly speaking we know we've already
-             * got enough space because to get here the message size is < 0x200,
-             * but we know that we've allocated far more than that in the buffer
-             * - but for consistency and robustness we're going to check anyway.
-             *
-             * 4 bytes for the padding type and extension length
-             * + padding length
-             */
-            if (CHECKLEN(ret, 4 + hlen, limit))
-                return NULL;
-            s2n(TLSEXT_TYPE_padding, ret);
-            s2n(hlen, ret);
-            memset(ret, 0, hlen);
-            ret += hlen;
-        }
-    }
-
-    if ((extdatalen = ret - orig - 2) == 0)
-        return orig;
+    return &legacy_rsa_sigalg;
+}
+/* Set peer sigalg based key type */
+int tls1_set_peer_legacy_sigalg(SSL *s, const EVP_PKEY *pkey)
+{
+    size_t idx;
+    const SIGALG_LOOKUP *lu;
 
-    s2n(extdatalen, orig);
-    return ret;
+    if (ssl_cert_lookup_by_pkey(pkey, &idx) == NULL)
+        return 0;
+    lu = tls1_get_legacy_sigalg(s, idx);
+    if (lu == NULL)
+        return 0;
+    s->s3->tmp.peer_sigalg = lu;
+    return 1;
 }
 
-unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
-                                          unsigned char *limit, int *al)
+size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs)
 {
-    int extdatalen = 0;
-    unsigned char *orig = buf;
-    unsigned char *ret = buf;
-# ifndef OPENSSL_NO_NEXTPROTONEG
-    int next_proto_neg_seen;
-# endif
-# ifndef OPENSSL_NO_EC
-    unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
-    unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
-    int using_ecc = (alg_k & (SSL_kEECDH | SSL_kECDHr | SSL_kECDHe))
-        || (alg_a & SSL_aECDSA);
-    using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL);
-# endif
     /*
-     * don't add extensions for SSLv3, unless doing secure renegotiation
+     * If Suite B mode use Suite B sigalgs only, ignore any other
+     * preferences.
      */
-    if (s->version == SSL3_VERSION && !s->s3->send_connection_binding)
-        return orig;
-
-    ret += 2;
-    if (ret >= limit)
-        return NULL;            /* this really never occurs, but ... */
-
-    if (!s->hit && s->servername_done == 1
-        && s->session->tlsext_hostname != NULL) {
-        if ((long)(limit - ret - 4) < 0)
-            return NULL;
-
-        s2n(TLSEXT_TYPE_server_name, ret);
-        s2n(0, ret);
-    }
-
-    if (s->s3->send_connection_binding) {
-        int el;
-
-        if (!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0)) {
-            SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
-            return NULL;
-        }
-
-        /*-
-         * check for enough space.
-         * 4 bytes for the reneg type and extension length
-         * + reneg data length
-         */
-        if (CHECKLEN(ret, 4 + el, limit))
-            return NULL;
-
-        s2n(TLSEXT_TYPE_renegotiate, ret);
-        s2n(el, ret);
-
-        if (!ssl_add_serverhello_renegotiate_ext(s, ret, &el, el)) {
-            SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
-            return NULL;
-        }
-
-        ret += el;
-    }
-# ifndef OPENSSL_NO_EC
-    if (using_ecc) {
-        const unsigned char *plist;
-        size_t plistlen;
-        /*
-         * Add TLS extension ECPointFormats to the ServerHello message
-         */
-
-        tls1_get_formatlist(s, &plist, &plistlen);
-
-        if (plistlen > 255) {
-            SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
-            return NULL;
-        }
-
-        /*-
-         * check for enough space.
-         * 4 bytes for the ec points format type and extension length
-         * 1 byte for the points format list length
-         * + length of points format list
-         */
-        if (CHECKLEN(ret, 5 + plistlen, limit))
-            return NULL;
+#ifndef OPENSSL_NO_EC
+    switch (tls1_suiteb(s)) {
+    case SSL_CERT_FLAG_SUITEB_128_LOS:
+        *psigs = suiteb_sigalgs;
+        return OSSL_NELEM(suiteb_sigalgs);
 
-        s2n(TLSEXT_TYPE_ec_point_formats, ret);
-        s2n(plistlen + 1, ret);
-        *(ret++) = (unsigned char)plistlen;
-        memcpy(ret, plist, plistlen);
-        ret += plistlen;
+    case SSL_CERT_FLAG_SUITEB_128_LOS_ONLY:
+        *psigs = suiteb_sigalgs;
+        return 1;
 
+    case SSL_CERT_FLAG_SUITEB_192_LOS:
+        *psigs = suiteb_sigalgs + 1;
+        return 1;
     }
+#endif
     /*
-     * Currently the server should not respond with a SupportedCurves
-     * extension
+     *  We use client_sigalgs (if not NULL) if we're a server
+     *  and sending a certificate request or if we're a client and
+     *  determining which shared algorithm to use.
      */
-# endif                         /* OPENSSL_NO_EC */
-
-    if (s->tlsext_ticket_expected && !(SSL_get_options(s) & SSL_OP_NO_TICKET)) {
-        /*-
-         * check for enough space.
-         * 4 bytes for the Ticket type and extension length
-         */
-        if (CHECKLEN(ret, 4, limit))
-            return NULL;
-        s2n(TLSEXT_TYPE_session_ticket, ret);
-        s2n(0, ret);
-    } else {
-        /* if we don't add the above TLSEXT, we can't add a session ticket later */
-        s->tlsext_ticket_expected = 0;
-    }
-
-    if (s->tlsext_status_expected) {
-        /*-
-         * check for enough space.
-         * 4 bytes for the Status request type and extension length
-         */
-        if (CHECKLEN(ret, 4, limit))
-            return NULL;
-        s2n(TLSEXT_TYPE_status_request, ret);
-        s2n(0, ret);
-    }
-# ifdef TLSEXT_TYPE_opaque_prf_input
-    if (s->s3->server_opaque_prf_input != NULL) {
-        size_t sol = s->s3->server_opaque_prf_input_len;
-
-        if ((long)(limit - ret - 6 - sol) < 0)
-            return NULL;
-        if (sol > 0xFFFD)       /* can't happen */
-            return NULL;
-
-        s2n(TLSEXT_TYPE_opaque_prf_input, ret);
-        s2n(sol + 2, ret);
-        s2n(sol, ret);
-        memcpy(ret, s->s3->server_opaque_prf_input, sol);
-        ret += sol;
-    }
-# endif
-
-# ifndef OPENSSL_NO_SRTP
-    if (SSL_IS_DTLS(s) && s->srtp_profile) {
-        int el;
-
-        ssl_add_serverhello_use_srtp_ext(s, 0, &el, 0);
-
-        /*-
-         * check for enough space.
-         * 4 bytes for the SRTP profiles type and extension length
-         * + length of the SRTP profiles list
-         */
-        if (CHECKLEN(ret, 4 + el, limit))
-            return NULL;
-
-        s2n(TLSEXT_TYPE_use_srtp, ret);
-        s2n(el, ret);
-
-        if (ssl_add_serverhello_use_srtp_ext(s, ret, &el, el)) {
-            SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
-            return NULL;
-        }
-        ret += el;
-    }
-# endif
-
-    if (((s->s3->tmp.new_cipher->id & 0xFFFF) == 0x80
-         || (s->s3->tmp.new_cipher->id & 0xFFFF) == 0x81)
-        && (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG)) {
-        const unsigned char cryptopro_ext[36] = {
-            0xfd, 0xe8,         /* 65000 */
-            0x00, 0x20,         /* 32 bytes length */
-            0x30, 0x1e, 0x30, 0x08, 0x06, 0x06, 0x2a, 0x85,
-            0x03, 0x02, 0x02, 0x09, 0x30, 0x08, 0x06, 0x06,
-            0x2a, 0x85, 0x03, 0x02, 0x02, 0x16, 0x30, 0x08,
-            0x06, 0x06, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x17
-        };
-
-        /* check for enough space. */
-        if (CHECKLEN(ret, sizeof(cryptopro_ext), limit))
-            return NULL;
-        memcpy(ret, cryptopro_ext, sizeof(cryptopro_ext));
-        ret += sizeof(cryptopro_ext);
-
-    }
-# ifndef OPENSSL_NO_HEARTBEATS
-    /* Add Heartbeat extension if we've received one */
-    if (s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED) {
-        /*-
-         * check for enough space.
-         * 4 bytes for the Heartbeat type and extension length
-         * 1 byte for the mode
-         */
-        if (CHECKLEN(ret, 5, limit))
-            return NULL;
-        s2n(TLSEXT_TYPE_heartbeat, ret);
-        s2n(1, ret);
-        /*-
-         * Set mode:
-         * 1: peer may send requests
-         * 2: peer not allowed to send requests
-         */
-        if (s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_RECV_REQUESTS)
-            *(ret++) = SSL_TLSEXT_HB_DONT_SEND_REQUESTS;
-        else
-            *(ret++) = SSL_TLSEXT_HB_ENABLED;
-
-    }
-# endif
-
-# ifndef OPENSSL_NO_NEXTPROTONEG
-    next_proto_neg_seen = s->s3->next_proto_neg_seen;
-    s->s3->next_proto_neg_seen = 0;
-    if (next_proto_neg_seen && s->ctx->next_protos_advertised_cb) {
-        const unsigned char *npa;
-        unsigned int npalen;
-        int r;
-
-        r = s->ctx->next_protos_advertised_cb(s, &npa, &npalen,
-                                              s->
-                                              ctx->next_protos_advertised_cb_arg);
-        if (r == SSL_TLSEXT_ERR_OK) {
-            /*-
-             * check for enough space.
-             * 4 bytes for the NPN type and extension length
-             * + length of protocols list
-             */
-            if (CHECKLEN(ret, 4 + npalen, limit))
-                return NULL;
-            s2n(TLSEXT_TYPE_next_proto_neg, ret);
-            s2n(npalen, ret);
-            memcpy(ret, npa, npalen);
-            ret += npalen;
-            s->s3->next_proto_neg_seen = 1;
-        }
-    }
-# endif
-    if (!custom_ext_add(s, 1, &ret, limit, al))
-        return NULL;
-
-    if (s->s3->alpn_selected) {
-        const unsigned char *selected = s->s3->alpn_selected;
-        size_t len = s->s3->alpn_selected_len;
-
-        /*-
-         * check for enough space.
-         * 4 bytes for the ALPN type and extension length
-         * 2 bytes for ALPN data length
-         * 1 byte for selected protocol length
-         * + length of the selected protocol
-         */
-        if (CHECKLEN(ret, 7 + len, limit))
-            return NULL;
-        s2n(TLSEXT_TYPE_application_layer_protocol_negotiation, ret);
-        s2n(3 + len, ret);
-        s2n(1 + len, ret);
-        *ret++ = (unsigned char)len;
-        memcpy(ret, selected, len);
-        ret += len;
-    }
-
-    if ((extdatalen = ret - orig - 2) == 0)
-        return orig;
-
-    s2n(extdatalen, orig);
-    return ret;
-}
-
-# ifndef OPENSSL_NO_EC
-/*-
- * ssl_check_for_safari attempts to fingerprint Safari using OS X
- * SecureTransport using the TLS extension block in |d|, of length |n|.
- * Safari, since 10.6, sends exactly these extensions, in this order:
- *   SNI,
- *   elliptic_curves
- *   ec_point_formats
- *
- * We wish to fingerprint Safari because they broke ECDHE-ECDSA support in 10.8,
- * but they advertise support. So enabling ECDHE-ECDSA ciphers breaks them.
- * Sadly we cannot differentiate 10.6, 10.7 and 10.8.4 (which work), from
- * 10.8..10.8.3 (which don't work).
- */
-static void ssl_check_for_safari(SSL *s, const unsigned char *data,
-                                 const unsigned char *limit)
-{
-    unsigned short type, size;
-    static const unsigned char kSafariExtensionsBlock[] = {
-        0x00, 0x0a,             /* elliptic_curves extension */
-        0x00, 0x08,             /* 8 bytes */
-        0x00, 0x06,             /* 6 bytes of curve ids */
-        0x00, 0x17,             /* P-256 */
-        0x00, 0x18,             /* P-384 */
-        0x00, 0x19,             /* P-521 */
-
-        0x00, 0x0b,             /* ec_point_formats */
-        0x00, 0x02,             /* 2 bytes */
-        0x01,                   /* 1 point format */
-        0x00,                   /* uncompressed */
-    };
-
-    /* The following is only present in TLS 1.2 */
-    static const unsigned char kSafariTLS12ExtensionsBlock[] = {
-        0x00, 0x0d,             /* signature_algorithms */
-        0x00, 0x0c,             /* 12 bytes */
-        0x00, 0x0a,             /* 10 bytes */
-        0x05, 0x01,             /* SHA-384/RSA */
-        0x04, 0x01,             /* SHA-256/RSA */
-        0x02, 0x01,             /* SHA-1/RSA */
-        0x04, 0x03,             /* SHA-256/ECDSA */
-        0x02, 0x03,             /* SHA-1/ECDSA */
-    };
-
-    if (limit - data <= 2)
-        return;
-    data += 2;
-
-    if (limit - data < 4)
-        return;
-    n2s(data, type);
-    n2s(data, size);
-
-    if (type != TLSEXT_TYPE_server_name)
-        return;
-
-    if (limit - data < size)
-        return;
-    data += size;
-
-    if (TLS1_get_client_version(s) >= TLS1_2_VERSION) {
-        const size_t len1 = sizeof(kSafariExtensionsBlock);
-        const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock);
-
-        if (limit - data != (int)(len1 + len2))
-            return;
-        if (memcmp(data, kSafariExtensionsBlock, len1) != 0)
-            return;
-        if (memcmp(data + len1, kSafariTLS12ExtensionsBlock, len2) != 0)
-            return;
+    if ((s->server == sent) && s->cert->client_sigalgs != NULL) {
+        *psigs = s->cert->client_sigalgs;
+        return s->cert->client_sigalgslen;
+    } else if (s->cert->conf_sigalgs) {
+        *psigs = s->cert->conf_sigalgs;
+        return s->cert->conf_sigalgslen;
     } else {
-        const size_t len = sizeof(kSafariExtensionsBlock);
-
-        if (limit - data != (int)(len))
-            return;
-        if (memcmp(data, kSafariExtensionsBlock, len) != 0)
-            return;
+        *psigs = tls12_sigalgs;
+        return OSSL_NELEM(tls12_sigalgs);
     }
-
-    s->s3->is_probably_safari = 1;
 }
-# endif                         /* !OPENSSL_NO_EC */
 
 /*
- * tls1_alpn_handle_client_hello is called to save the ALPN extension in a
- * ClientHello.  data: the contents of the extension, not including the type
- * and length.  data_len: the number of bytes in |data| al: a pointer to the
- * alert value to send in the event of a non-zero return.  returns: 0 on
- * success.
+ * Check signature algorithm is consistent with sent supported signature
+ * algorithms and if so set relevant digest and signature scheme in
+ * s.
  */
-static int tls1_alpn_handle_client_hello(SSL *s, const unsigned char *data,
-                                         unsigned data_len, int *al)
+int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
 {
-    unsigned i;
-    unsigned proto_len;
-
-    if (data_len < 2)
-        goto parse_error;
-
-    /*
-     * data should contain a uint16 length followed by a series of 8-bit,
-     * length-prefixed strings.
-     */
-    i = ((unsigned)data[0]) << 8 | ((unsigned)data[1]);
-    data_len -= 2;
-    data += 2;
-    if (data_len != i)
-        goto parse_error;
-
-    if (data_len < 2)
-        goto parse_error;
-
-    for (i = 0; i < data_len;) {
-        proto_len = data[i];
-        i++;
-
-        if (proto_len == 0)
-            goto parse_error;
-
-        if (i + proto_len < i || i + proto_len > data_len)
-            goto parse_error;
+    const uint16_t *sent_sigs;
+    const EVP_MD *md = NULL;
+    char sigalgstr[2];
+    size_t sent_sigslen, i, cidx;
+    int pkeyid = EVP_PKEY_id(pkey);
+    const SIGALG_LOOKUP *lu;
 
-        i += proto_len;
-    }
-
-    if (s->cert->alpn_proposed != NULL)
-        OPENSSL_free(s->cert->alpn_proposed);
-    s->cert->alpn_proposed = OPENSSL_malloc(data_len);
-    if (s->cert->alpn_proposed == NULL) {
-        *al = SSL_AD_INTERNAL_ERROR;
+    /* Should never happen */
+    if (pkeyid == -1)
         return -1;
-    }
-    memcpy(s->cert->alpn_proposed, data, data_len);
-    s->cert->alpn_proposed_len = data_len;
-    return 0;
-
- parse_error:
-    *al = SSL_AD_DECODE_ERROR;
-    return -1;
-}
-
-/*
- * Process the ALPN extension in a ClientHello.
- * al: a pointer to the alert value to send in the event of a failure.
- * returns 1 on success, 0 on failure: al set only on failure
- */
-static int tls1_alpn_handle_client_hello_late(SSL *s, int *al)
-{
-    const unsigned char *selected = NULL;
-    unsigned char selected_len = 0;
-
-    if (s->ctx->alpn_select_cb != NULL && s->cert->alpn_proposed != NULL) {
-        int r = s->ctx->alpn_select_cb(s, &selected, &selected_len,
-                                       s->cert->alpn_proposed,
-                                       s->cert->alpn_proposed_len,
-                                       s->ctx->alpn_select_cb_arg);
-
-        if (r == SSL_TLSEXT_ERR_OK) {
-            OPENSSL_free(s->s3->alpn_selected);
-            s->s3->alpn_selected = OPENSSL_malloc(selected_len);
-            if (s->s3->alpn_selected == NULL) {
-                *al = SSL_AD_INTERNAL_ERROR;
-                return 0;
-            }
-            memcpy(s->s3->alpn_selected, selected, selected_len);
-            s->s3->alpn_selected_len = selected_len;
-# ifndef OPENSSL_NO_NEXTPROTONEG
-            /* ALPN takes precedence over NPN. */
-            s->s3->next_proto_neg_seen = 0;
-# endif
+    if (SSL_IS_TLS13(s)) {
+        /* Disallow DSA for TLS 1.3 */
+        if (pkeyid == EVP_PKEY_DSA) {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS12_CHECK_PEER_SIGALG,
+                     SSL_R_WRONG_SIGNATURE_TYPE);
+            return 0;
         }
+        /* Only allow PSS for TLS 1.3 */
+        if (pkeyid == EVP_PKEY_RSA)
+            pkeyid = EVP_PKEY_RSA_PSS;
     }
-
-    return 1;
-}
-
-static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
-                                       unsigned char *limit, int *al)
-{
-    unsigned short type;
-    unsigned short size;
-    unsigned short len;
-    unsigned char *data = *p;
-    int renegotiate_seen = 0;
-
-    s->servername_done = 0;
-    s->tlsext_status_type = -1;
-# ifndef OPENSSL_NO_NEXTPROTONEG
-    s->s3->next_proto_neg_seen = 0;
-# endif
-
-    if (s->s3->alpn_selected) {
-        OPENSSL_free(s->s3->alpn_selected);
-        s->s3->alpn_selected = NULL;
-    }
-    s->s3->alpn_selected_len = 0;
-    if (s->cert->alpn_proposed) {
-        OPENSSL_free(s->cert->alpn_proposed);
-        s->cert->alpn_proposed = NULL;
-    }
-    s->cert->alpn_proposed_len = 0;
-# ifndef OPENSSL_NO_HEARTBEATS
-    s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED |
-                             SSL_TLSEXT_HB_DONT_SEND_REQUESTS);
-# endif
-
-# ifndef OPENSSL_NO_EC
-    if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
-        ssl_check_for_safari(s, data, limit);
-# endif                         /* !OPENSSL_NO_EC */
-
-    /* Clear any signature algorithms extension received */
-    if (s->cert->peer_sigalgs) {
-        OPENSSL_free(s->cert->peer_sigalgs);
-        s->cert->peer_sigalgs = NULL;
+    lu = tls1_lookup_sigalg(sig);
+    /*
+     * Check sigalgs is known. Disallow SHA1/SHA224 with TLS 1.3. Check key type
+     * is consistent with signature: RSA keys can be used for RSA-PSS
+     */
+    if (lu == NULL
+        || (SSL_IS_TLS13(s) && (lu->hash == NID_sha1 || lu->hash == NID_sha224))
+        || (pkeyid != lu->sig
+        && (lu->sig != EVP_PKEY_RSA_PSS || pkeyid != EVP_PKEY_RSA))) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS12_CHECK_PEER_SIGALG,
+                 SSL_R_WRONG_SIGNATURE_TYPE);
+        return 0;
     }
-# ifndef OPENSSL_NO_SRP
-    if (s->srp_ctx.login != NULL) {
-        OPENSSL_free(s->srp_ctx.login);
-        s->srp_ctx.login = NULL;
+    /* Check the sigalg is consistent with the key OID */
+    if (!ssl_cert_lookup_by_nid(EVP_PKEY_id(pkey), &cidx)
+            || lu->sig_idx != (int)cidx) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS12_CHECK_PEER_SIGALG,
+                 SSL_R_WRONG_SIGNATURE_TYPE);
+        return 0;
     }
-# endif
-
-    s->srtp_profile = NULL;
-
-    if (data == limit)
-        goto ri_check;
 
-    if (limit - data < 2)
-        goto err;
-
-    n2s(data, len);
-
-    if (limit - data != len)
-        goto err;
-
-    while (limit - data >= 4) {
-        n2s(data, type);
-        n2s(data, size);
-
-        if (limit - data < size)
-            goto err;
-# if 0
-        fprintf(stderr, "Received extension type %d size %d\n", type, size);
-# endif
-        if (s->tlsext_debug_cb)
-            s->tlsext_debug_cb(s, 0, type, data, size, s->tlsext_debug_arg);
-/*-
- * The servername extension is treated as follows:
- *
- * - Only the hostname type is supported with a maximum length of 255.
- * - The servername is rejected if too long or if it contains zeros,
- *   in which case an fatal alert is generated.
- * - The servername field is maintained together with the session cache.
- * - When a session is resumed, the servername call back invoked in order
- *   to allow the application to position itself to the right context.
- * - The servername is acknowledged if it is new for a session or when
- *   it is identical to a previously used for the same session.
- *   Applications can control the behaviour.  They can at any time
- *   set a 'desirable' servername for a new SSL object. This can be the
- *   case for example with HTTPS when a Host: header field is received and
- *   a renegotiation is requested. In this case, a possible servername
- *   presented in the new client hello is only acknowledged if it matches
- *   the value of the Host: field.
- * - Applications must  use SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
- *   if they provide for changing an explicit servername context for the
- *   session, i.e. when the session has been established with a servername
- *   extension.
- * - On session reconnect, the servername extension may be absent.
- *
- */
-
-        if (type == TLSEXT_TYPE_server_name) {
-            unsigned char *sdata;
-            int servname_type;
-            int dsize;
-
-            if (size < 2)
-                goto err;
-            n2s(data, dsize);
-            size -= 2;
-            if (dsize > size)
-                goto err;
-
-            sdata = data;
-            while (dsize > 3) {
-                servname_type = *(sdata++);
-                n2s(sdata, len);
-                dsize -= 3;
-
-                if (len > dsize)
-                    goto err;
-
-                if (s->servername_done == 0)
-                    switch (servname_type) {
-                    case TLSEXT_NAMETYPE_host_name:
-                        if (!s->hit) {
-                            if (s->session->tlsext_hostname)
-                                goto err;
-
-                            if (len > TLSEXT_MAXLEN_host_name) {
-                                *al = TLS1_AD_UNRECOGNIZED_NAME;
-                                return 0;
-                            }
-                            if ((s->session->tlsext_hostname =
-                                 OPENSSL_malloc(len + 1)) == NULL) {
-                                *al = TLS1_AD_INTERNAL_ERROR;
-                                return 0;
-                            }
-                            memcpy(s->session->tlsext_hostname, sdata, len);
-                            s->session->tlsext_hostname[len] = '\0';
-                            if (strlen(s->session->tlsext_hostname) != len) {
-                                OPENSSL_free(s->session->tlsext_hostname);
-                                s->session->tlsext_hostname = NULL;
-                                *al = TLS1_AD_UNRECOGNIZED_NAME;
-                                return 0;
-                            }
-                            s->servername_done = 1;
-
-                        } else
-                            s->servername_done = s->session->tlsext_hostname
-                                && strlen(s->session->tlsext_hostname) == len
-                                && strncmp(s->session->tlsext_hostname,
-                                           (char *)sdata, len) == 0;
-
-                        break;
-
-                    default:
-                        break;
-                    }
-
-                dsize -= len;
-            }
-            if (dsize != 0)
-                goto err;
-
-        }
-# ifndef OPENSSL_NO_SRP
-        else if (type == TLSEXT_TYPE_srp) {
-            if (size == 0 || ((len = data[0])) != (size - 1))
-                goto err;
-            if (s->srp_ctx.login != NULL)
-                goto err;
-            if ((s->srp_ctx.login = OPENSSL_malloc(len + 1)) == NULL)
-                return -1;
-            memcpy(s->srp_ctx.login, &data[1], len);
-            s->srp_ctx.login[len] = '\0';
-
-            if (strlen(s->srp_ctx.login) != len)
-                goto err;
-        }
-# endif
+#ifndef OPENSSL_NO_EC
+    if (pkeyid == EVP_PKEY_EC) {
 
-# ifndef OPENSSL_NO_EC
-        else if (type == TLSEXT_TYPE_ec_point_formats) {
-            unsigned char *sdata = data;
-            int ecpointformatlist_length;
-
-            if (size == 0)
-                goto err;
-
-            ecpointformatlist_length = *(sdata++);
-            if (ecpointformatlist_length != size - 1 ||
-                ecpointformatlist_length < 1)
-                goto err;
-            if (!s->hit) {
-                if (s->session->tlsext_ecpointformatlist) {
-                    OPENSSL_free(s->session->tlsext_ecpointformatlist);
-                    s->session->tlsext_ecpointformatlist = NULL;
-                }
-                s->session->tlsext_ecpointformatlist_length = 0;
-                if ((s->session->tlsext_ecpointformatlist =
-                     OPENSSL_malloc(ecpointformatlist_length)) == NULL) {
-                    *al = TLS1_AD_INTERNAL_ERROR;
-                    return 0;
-                }
-                s->session->tlsext_ecpointformatlist_length =
-                    ecpointformatlist_length;
-                memcpy(s->session->tlsext_ecpointformatlist, sdata,
-                       ecpointformatlist_length);
-            }
-#  if 0
-            fprintf(stderr,
-                    "ssl_parse_clienthello_tlsext s->session->tlsext_ecpointformatlist (length=%i) ",
-                    s->session->tlsext_ecpointformatlist_length);
-            sdata = s->session->tlsext_ecpointformatlist;
-            for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++)
-                fprintf(stderr, "%i ", *(sdata++));
-            fprintf(stderr, "\n");
-#  endif
-        } else if (type == TLSEXT_TYPE_elliptic_curves) {
-            unsigned char *sdata = data;
-            int ellipticcurvelist_length = (*(sdata++) << 8);
-            ellipticcurvelist_length += (*(sdata++));
-
-            if (ellipticcurvelist_length != size - 2 ||
-                ellipticcurvelist_length < 1 ||
-                /* Each NamedCurve is 2 bytes. */
-                ellipticcurvelist_length & 1)
-                    goto err;
-
-            if (!s->hit) {
-                if (s->session->tlsext_ellipticcurvelist)
-                    goto err;
-
-                s->session->tlsext_ellipticcurvelist_length = 0;
-                if ((s->session->tlsext_ellipticcurvelist =
-                     OPENSSL_malloc(ellipticcurvelist_length)) == NULL) {
-                    *al = TLS1_AD_INTERNAL_ERROR;
-                    return 0;
-                }
-                s->session->tlsext_ellipticcurvelist_length =
-                    ellipticcurvelist_length;
-                memcpy(s->session->tlsext_ellipticcurvelist, sdata,
-                       ellipticcurvelist_length);
-            }
-#  if 0
-            fprintf(stderr,
-                    "ssl_parse_clienthello_tlsext s->session->tlsext_ellipticcurvelist (length=%i) ",
-                    s->session->tlsext_ellipticcurvelist_length);
-            sdata = s->session->tlsext_ellipticcurvelist;
-            for (i = 0; i < s->session->tlsext_ellipticcurvelist_length; i++)
-                fprintf(stderr, "%i ", *(sdata++));
-            fprintf(stderr, "\n");
-#  endif
+        /* Check point compression is permitted */
+        if (!tls1_check_pkey_comp(s, pkey)) {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                     SSL_F_TLS12_CHECK_PEER_SIGALG,
+                     SSL_R_ILLEGAL_POINT_COMPRESSION);
+            return 0;
         }
-# endif                         /* OPENSSL_NO_EC */
-# ifdef TLSEXT_TYPE_opaque_prf_input
-        else if (type == TLSEXT_TYPE_opaque_prf_input) {
-            unsigned char *sdata = data;
 
-            if (size < 2) {
-                *al = SSL_AD_DECODE_ERROR;
-                return 0;
-            }
-            n2s(sdata, s->s3->client_opaque_prf_input_len);
-            if (s->s3->client_opaque_prf_input_len != size - 2) {
-                *al = SSL_AD_DECODE_ERROR;
-                return 0;
-            }
-
-            if (s->s3->client_opaque_prf_input != NULL) {
-                /* shouldn't really happen */
-                OPENSSL_free(s->s3->client_opaque_prf_input);
-            }
+        /* For TLS 1.3 or Suite B check curve matches signature algorithm */
+        if (SSL_IS_TLS13(s) || tls1_suiteb(s)) {
+            EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
+            int curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
 
-            /* dummy byte just to get non-NULL */
-            if (s->s3->client_opaque_prf_input_len == 0)
-                s->s3->client_opaque_prf_input = OPENSSL_malloc(1);
-            else
-                s->s3->client_opaque_prf_input =
-                    BUF_memdup(sdata, s->s3->client_opaque_prf_input_len);
-            if (s->s3->client_opaque_prf_input == NULL) {
-                *al = TLS1_AD_INTERNAL_ERROR;
+            if (lu->curve != NID_undef && curve != lu->curve) {
+                SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                         SSL_F_TLS12_CHECK_PEER_SIGALG, SSL_R_WRONG_CURVE);
                 return 0;
             }
         }
-# endif
-        else if (type == TLSEXT_TYPE_session_ticket) {
-            if (s->tls_session_ticket_ext_cb &&
-                !s->tls_session_ticket_ext_cb(s, data, size,
-                                              s->tls_session_ticket_ext_cb_arg))
-            {
-                *al = TLS1_AD_INTERNAL_ERROR;
+        if (!SSL_IS_TLS13(s)) {
+            /* Check curve matches extensions */
+            if (!tls1_check_group_id(s, tls1_get_group_id(pkey), 1)) {
+                SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                         SSL_F_TLS12_CHECK_PEER_SIGALG, SSL_R_WRONG_CURVE);
                 return 0;
             }
-        } else if (type == TLSEXT_TYPE_renegotiate) {
-            if (!ssl_parse_clienthello_renegotiate_ext(s, data, size, al))
-                return 0;
-            renegotiate_seen = 1;
-        } else if (type == TLSEXT_TYPE_signature_algorithms) {
-            int dsize;
-            if (s->cert->peer_sigalgs || size < 2)
-                goto err;
-            n2s(data, dsize);
-            size -= 2;
-            if (dsize != size || dsize & 1 || !dsize)
-                goto err;
-            if (!tls1_save_sigalgs(s, data, dsize))
-                goto err;
-        } else if (type == TLSEXT_TYPE_status_request && !s->hit) {
-            if (size < 5)
-                goto err;
-
-            s->tlsext_status_type = *data++;
-            size--;
-            if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) {
-                const unsigned char *sdata;
-                int dsize;
-                /* Read in responder_id_list */
-                n2s(data, dsize);
-                size -= 2;
-                if (dsize > size)
-                    goto err;
-
-                /*
-                 * We remove any OCSP_RESPIDs from a previous handshake
-                 * to prevent unbounded memory growth - CVE-2016-6304
-                 */
-                sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids,
-                                        OCSP_RESPID_free);
-                if (dsize > 0) {
-                    s->tlsext_ocsp_ids = sk_OCSP_RESPID_new_null();
-                    if (s->tlsext_ocsp_ids == NULL) {
-                        *al = SSL_AD_INTERNAL_ERROR;
-                        return 0;
-                    }
-                } else {
-                    s->tlsext_ocsp_ids = NULL;
-                }
-
-                while (dsize > 0) {
-                    OCSP_RESPID *id;
-                    int idsize;
-                    if (dsize < 4)
-                        goto err;
-                    n2s(data, idsize);
-                    dsize -= 2 + idsize;
-                    size -= 2 + idsize;
-                    if (dsize < 0)
-                        goto err;
-                    sdata = data;
-                    data += idsize;
-                    id = d2i_OCSP_RESPID(NULL, &sdata, idsize);
-                    if (!id)
-                        goto err;
-                    if (data != sdata) {
-                        OCSP_RESPID_free(id);
-                        goto err;
-                    }
-                    if (!sk_OCSP_RESPID_push(s->tlsext_ocsp_ids, id)) {
-                        OCSP_RESPID_free(id);
-                        *al = SSL_AD_INTERNAL_ERROR;
-                        return 0;
-                    }
-                }
-
-                /* Read in request_extensions */
-                if (size < 2)
-                    goto err;
-                n2s(data, dsize);
-                size -= 2;
-                if (dsize != size)
-                    goto err;
-                sdata = data;
-                if (dsize > 0) {
-                    if (s->tlsext_ocsp_exts) {
-                        sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
-                                                   X509_EXTENSION_free);
-                    }
-
-                    s->tlsext_ocsp_exts =
-                        d2i_X509_EXTENSIONS(NULL, &sdata, dsize);
-                    if (!s->tlsext_ocsp_exts || (data + dsize != sdata))
-                        goto err;
+            if (tls1_suiteb(s)) {
+                /* Check sigalg matches a permissible Suite B value */
+                if (sig != TLSEXT_SIGALG_ecdsa_secp256r1_sha256
+                    && sig != TLSEXT_SIGALG_ecdsa_secp384r1_sha384) {
+                    SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                             SSL_F_TLS12_CHECK_PEER_SIGALG,
+                             SSL_R_WRONG_SIGNATURE_TYPE);
+                    return 0;
                 }
             }
-            /*
-             * We don't know what to do with any other type * so ignore it.
-             */
-            else
-                s->tlsext_status_type = -1;
         }
-# ifndef OPENSSL_NO_HEARTBEATS
-        else if (type == TLSEXT_TYPE_heartbeat) {
-            switch (data[0]) {
-            case 0x01:         /* Client allows us to send HB requests */
-                s->tlsext_heartbeat |= SSL_TLSEXT_HB_ENABLED;
-                break;
-            case 0x02:         /* Client doesn't accept HB requests */
-                s->tlsext_heartbeat |= SSL_TLSEXT_HB_ENABLED;
-                s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_SEND_REQUESTS;
-                break;
-            default:
-                *al = SSL_AD_ILLEGAL_PARAMETER;
-                return 0;
-            }
-        }
-# endif
-# ifndef OPENSSL_NO_NEXTPROTONEG
-        else if (type == TLSEXT_TYPE_next_proto_neg &&
-                 s->s3->tmp.finish_md_len == 0) {
-            /*-
-             * We shouldn't accept this extension on a
-             * renegotiation.
-             *
-             * s->new_session will be set on renegotiation, but we
-             * probably shouldn't rely that it couldn't be set on
-             * the initial renegotation too in certain cases (when
-             * there's some other reason to disallow resuming an
-             * earlier session -- the current code won't be doing
-             * anything like that, but this might change).
-             *
-             * A valid sign that there's been a previous handshake
-             * in this connection is if s->s3->tmp.finish_md_len >
-             * 0.  (We are talking about a check that will happen
-             * in the Hello protocol round, well before a new
-             * Finished message could have been computed.)
-             */
-            s->s3->next_proto_neg_seen = 1;
-        }
-# endif
-
-        else if (type == TLSEXT_TYPE_application_layer_protocol_negotiation &&
-                 s->s3->tmp.finish_md_len == 0) {
-            if (tls1_alpn_handle_client_hello(s, data, size, al) != 0)
-                return 0;
-        }
-
-        /* session ticket processed earlier */
-# ifndef OPENSSL_NO_SRTP
-        else if (SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s)
-                 && type == TLSEXT_TYPE_use_srtp) {
-            if (ssl_parse_clienthello_use_srtp_ext(s, data, size, al))
-                return 0;
-        }
-# endif
-
-        data += size;
-    }
-
-    /* Spurious data on the end */
-    if (data != limit)
-        goto err;
-
-    *p = data;
-
- ri_check:
-
-    /* Need RI if renegotiating */
-
-    if (!renegotiate_seen && s->renegotiate &&
-        !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
-        *al = SSL_AD_HANDSHAKE_FAILURE;
-        SSLerr(SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT,
-               SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
-        return 0;
-    }
-
-    return 1;
-err:
-    *al = SSL_AD_DECODE_ERROR;
-    return 0;
-}
-
-/*
- * Parse any custom extensions found.  "data" is the start of the extension data
- * and "limit" is the end of the record. TODO: add strict syntax checking.
- */
-
-static int ssl_scan_clienthello_custom_tlsext(SSL *s,
-                                              const unsigned char *data,
-                                              const unsigned char *limit,
-                                              int *al)
-{
-    unsigned short type, size, len;
-    /* If resumed session or no custom extensions nothing to do */
-    if (s->hit || s->cert->srv_ext.meths_count == 0)
-        return 1;
-
-    if (limit - data <= 2)
-        return 1;
-    n2s(data, len);
-
-    if (limit - data < len)
-        return 1;
-
-    while (limit - data >= 4) {
-        n2s(data, type);
-        n2s(data, size);
-
-        if (limit - data < size)
-            return 1;
-        if (custom_ext_parse(s, 1 /* server */ , type, data, size, al) <= 0)
-            return 0;
-
-        data += size;
-    }
-
-    return 1;
-}
-
-int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p,
-                                 unsigned char *limit)
-{
-    int al = -1;
-    unsigned char *ptmp = *p;
-    /*
-     * Internally supported extensions are parsed first so SNI can be handled
-     * before custom extensions. An application processing SNI will typically
-     * switch the parent context using SSL_set_SSL_CTX and custom extensions
-     * need to be handled by the new SSL_CTX structure.
-     */
-    if (ssl_scan_clienthello_tlsext(s, p, limit, &al) <= 0) {
-        ssl3_send_alert(s, SSL3_AL_FATAL, al);
+    } else if (tls1_suiteb(s)) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS12_CHECK_PEER_SIGALG,
+                 SSL_R_WRONG_SIGNATURE_TYPE);
         return 0;
     }
+#endif
 
-    if (ssl_check_clienthello_tlsext_early(s) <= 0) {
-        SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT, SSL_R_CLIENTHELLO_TLSEXT);
-        return 0;
+    /* Check signature matches a type we sent */
+    sent_sigslen = tls12_get_psigalgs(s, 1, &sent_sigs);
+    for (i = 0; i < sent_sigslen; i++, sent_sigs++) {
+        if (sig == *sent_sigs)
+            break;
     }
-
-    custom_ext_init(&s->cert->srv_ext);
-    if (ssl_scan_clienthello_custom_tlsext(s, ptmp, limit, &al) <= 0) {
-        ssl3_send_alert(s, SSL3_AL_FATAL, al);
+    /* Allow fallback to SHA1 if not strict mode */
+    if (i == sent_sigslen && (lu->hash != NID_sha1
+        || s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT)) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS12_CHECK_PEER_SIGALG,
+                 SSL_R_WRONG_SIGNATURE_TYPE);
         return 0;
     }
-
-    return 1;
-}
-
-# ifndef OPENSSL_NO_NEXTPROTONEG
-/*
- * ssl_next_proto_validate validates a Next Protocol Negotiation block. No
- * elements of zero length are allowed and the set of elements must exactly
- * fill the length of the block.
- */
-static char ssl_next_proto_validate(unsigned char *d, unsigned len)
-{
-    unsigned int off = 0;
-
-    while (off < len) {
-        if (d[off] == 0)
-            return 0;
-        off += d[off];
-        off++;
-    }
-
-    return off == len;
-}
-# endif
-
-static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p,
-                                       unsigned char *d, int n, int *al)
-{
-    unsigned short length;
-    unsigned short type;
-    unsigned short size;
-    unsigned char *data = *p;
-    int tlsext_servername = 0;
-    int renegotiate_seen = 0;
-
-# ifndef OPENSSL_NO_NEXTPROTONEG
-    s->s3->next_proto_neg_seen = 0;
-# endif
-    s->tlsext_ticket_expected = 0;
-
-    if (s->s3->alpn_selected) {
-        OPENSSL_free(s->s3->alpn_selected);
-        s->s3->alpn_selected = NULL;
-    }
-# ifndef OPENSSL_NO_HEARTBEATS
-    s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED |
-                             SSL_TLSEXT_HB_DONT_SEND_REQUESTS);
-# endif
-
-    if ((d + n) - data <= 2)
-        goto ri_check;
-
-    n2s(data, length);
-    if ((d + n) - data != length) {
-        *al = SSL_AD_DECODE_ERROR;
+    if (!tls1_lookup_md(lu, &md)) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS12_CHECK_PEER_SIGALG,
+                 SSL_R_UNKNOWN_DIGEST);
         return 0;
     }
-
-    while ((d + n) - data >= 4) {
-        n2s(data, type);
-        n2s(data, size);
-
-        if ((d + n) - data < size)
-            goto ri_check;
-
-        if (s->tlsext_debug_cb)
-            s->tlsext_debug_cb(s, 1, type, data, size, s->tlsext_debug_arg);
-
-        if (type == TLSEXT_TYPE_server_name) {
-            if (s->tlsext_hostname == NULL || size > 0) {
-                *al = TLS1_AD_UNRECOGNIZED_NAME;
-                return 0;
-            }
-            tlsext_servername = 1;
-        }
-# ifndef OPENSSL_NO_EC
-        else if (type == TLSEXT_TYPE_ec_point_formats) {
-            unsigned char *sdata = data;
-            int ecpointformatlist_length;
-
-            if (size == 0) {
-                *al = TLS1_AD_DECODE_ERROR;
-                return 0;
-            }
-
-            ecpointformatlist_length = *(sdata++);
-            if (ecpointformatlist_length != size - 1) {
-                *al = TLS1_AD_DECODE_ERROR;
-                return 0;
-            }
-            if (!s->hit) {
-                s->session->tlsext_ecpointformatlist_length = 0;
-                if (s->session->tlsext_ecpointformatlist != NULL)
-                    OPENSSL_free(s->session->tlsext_ecpointformatlist);
-                if ((s->session->tlsext_ecpointformatlist =
-                     OPENSSL_malloc(ecpointformatlist_length)) == NULL) {
-                    *al = TLS1_AD_INTERNAL_ERROR;
-                    return 0;
-                }
-                s->session->tlsext_ecpointformatlist_length =
-                    ecpointformatlist_length;
-                memcpy(s->session->tlsext_ecpointformatlist, sdata,
-                       ecpointformatlist_length);
-            }
-#  if 0
-            fprintf(stderr,
-                    "ssl_parse_serverhello_tlsext s->session->tlsext_ecpointformatlist ");
-            sdata = s->session->tlsext_ecpointformatlist;
-            for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++)
-                fprintf(stderr, "%i ", *(sdata++));
-            fprintf(stderr, "\n");
-#  endif
-        }
-# endif                         /* OPENSSL_NO_EC */
-
-        else if (type == TLSEXT_TYPE_session_ticket) {
-            if (s->tls_session_ticket_ext_cb &&
-                !s->tls_session_ticket_ext_cb(s, data, size,
-                                              s->tls_session_ticket_ext_cb_arg))
-            {
-                *al = TLS1_AD_INTERNAL_ERROR;
-                return 0;
-            }
-            if ((SSL_get_options(s) & SSL_OP_NO_TICKET)
-                || (size > 0)) {
-                *al = TLS1_AD_UNSUPPORTED_EXTENSION;
-                return 0;
-            }
-            s->tlsext_ticket_expected = 1;
-        }
-# ifdef TLSEXT_TYPE_opaque_prf_input
-        else if (type == TLSEXT_TYPE_opaque_prf_input) {
-            unsigned char *sdata = data;
-
-            if (size < 2) {
-                *al = SSL_AD_DECODE_ERROR;
-                return 0;
-            }
-            n2s(sdata, s->s3->server_opaque_prf_input_len);
-            if (s->s3->server_opaque_prf_input_len != size - 2) {
-                *al = SSL_AD_DECODE_ERROR;
-                return 0;
-            }
-
-            if (s->s3->server_opaque_prf_input != NULL) {
-                /* shouldn't really happen */
-                OPENSSL_free(s->s3->server_opaque_prf_input);
-            }
-            if (s->s3->server_opaque_prf_input_len == 0) {
-                /* dummy byte just to get non-NULL */
-                s->s3->server_opaque_prf_input = OPENSSL_malloc(1);
-            } else {
-                s->s3->server_opaque_prf_input =
-                    BUF_memdup(sdata, s->s3->server_opaque_prf_input_len);
-            }
-
-            if (s->s3->server_opaque_prf_input == NULL) {
-                *al = TLS1_AD_INTERNAL_ERROR;
-                return 0;
-            }
-        }
-# endif
-        else if (type == TLSEXT_TYPE_status_request) {
-            /*
-             * MUST be empty and only sent if we've requested a status
-             * request message.
-             */
-            if ((s->tlsext_status_type == -1) || (size > 0)) {
-                *al = TLS1_AD_UNSUPPORTED_EXTENSION;
-                return 0;
-            }
-            /* Set flag to expect CertificateStatus message */
-            s->tlsext_status_expected = 1;
-        }
-# ifndef OPENSSL_NO_NEXTPROTONEG
-        else if (type == TLSEXT_TYPE_next_proto_neg &&
-                 s->s3->tmp.finish_md_len == 0) {
-            unsigned char *selected;
-            unsigned char selected_len;
-
-            /* We must have requested it. */
-            if (s->ctx->next_proto_select_cb == NULL) {
-                *al = TLS1_AD_UNSUPPORTED_EXTENSION;
-                return 0;
-            }
-            /* The data must be valid */
-            if (!ssl_next_proto_validate(data, size)) {
-                *al = TLS1_AD_DECODE_ERROR;
-                return 0;
-            }
-            if (s->
-                ctx->next_proto_select_cb(s, &selected, &selected_len, data,
-                                          size,
-                                          s->ctx->next_proto_select_cb_arg) !=
-                SSL_TLSEXT_ERR_OK) {
-                *al = TLS1_AD_INTERNAL_ERROR;
-                return 0;
-            }
-            /*
-             * Could be non-NULL if server has sent multiple NPN extensions in
-             * a single Serverhello
-             */
-            OPENSSL_free(s->next_proto_negotiated);
-            s->next_proto_negotiated = OPENSSL_malloc(selected_len);
-            if (!s->next_proto_negotiated) {
-                *al = TLS1_AD_INTERNAL_ERROR;
-                return 0;
-            }
-            memcpy(s->next_proto_negotiated, selected, selected_len);
-            s->next_proto_negotiated_len = selected_len;
-            s->s3->next_proto_neg_seen = 1;
-        }
-# endif
-
-        else if (type == TLSEXT_TYPE_application_layer_protocol_negotiation) {
-            unsigned len;
-
-            /* We must have requested it. */
-            if (!s->cert->alpn_sent) {
-                *al = TLS1_AD_UNSUPPORTED_EXTENSION;
-                return 0;
-            }
-            if (size < 4) {
-                *al = TLS1_AD_DECODE_ERROR;
-                return 0;
-            }
-            /*-
-             * The extension data consists of:
-             *   uint16 list_length
-             *   uint8 proto_length;
-             *   uint8 proto[proto_length];
-             */
-            len = data[0];
-            len <<= 8;
-            len |= data[1];
-            if (len != (unsigned)size - 2) {
-                *al = TLS1_AD_DECODE_ERROR;
-                return 0;
-            }
-            len = data[2];
-            if (len != (unsigned)size - 3) {
-                *al = TLS1_AD_DECODE_ERROR;
-                return 0;
-            }
-            if (s->s3->alpn_selected)
-                OPENSSL_free(s->s3->alpn_selected);
-            s->s3->alpn_selected = OPENSSL_malloc(len);
-            if (!s->s3->alpn_selected) {
-                *al = TLS1_AD_INTERNAL_ERROR;
-                return 0;
-            }
-            memcpy(s->s3->alpn_selected, data + 3, len);
-            s->s3->alpn_selected_len = len;
-        }
-
-        else if (type == TLSEXT_TYPE_renegotiate) {
-            if (!ssl_parse_serverhello_renegotiate_ext(s, data, size, al))
-                return 0;
-            renegotiate_seen = 1;
-        }
-# ifndef OPENSSL_NO_HEARTBEATS
-        else if (type == TLSEXT_TYPE_heartbeat) {
-            switch (data[0]) {
-            case 0x01:         /* Server allows us to send HB requests */
-                s->tlsext_heartbeat |= SSL_TLSEXT_HB_ENABLED;
-                break;
-            case 0x02:         /* Server doesn't accept HB requests */
-                s->tlsext_heartbeat |= SSL_TLSEXT_HB_ENABLED;
-                s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_SEND_REQUESTS;
-                break;
-            default:
-                *al = SSL_AD_ILLEGAL_PARAMETER;
-                return 0;
-            }
-        }
-# endif
-# ifndef OPENSSL_NO_SRTP
-        else if (SSL_IS_DTLS(s) && type == TLSEXT_TYPE_use_srtp) {
-            if (ssl_parse_serverhello_use_srtp_ext(s, data, size, al))
-                return 0;
-        }
-# endif
+    if (md != NULL) {
         /*
-         * If this extension type was not otherwise handled, but matches a
-         * custom_cli_ext_record, then send it to the c callback
+         * Make sure security callback allows algorithm. For historical
+         * reasons we have to pass the sigalg as a two byte char array.
          */
-        else if (custom_ext_parse(s, 0, type, data, size, al) <= 0)
+        sigalgstr[0] = (sig >> 8) & 0xff;
+        sigalgstr[1] = sig & 0xff;
+        if (!ssl_security(s, SSL_SECOP_SIGALG_CHECK,
+                    EVP_MD_size(md) * 4, EVP_MD_type(md),
+                    (void *)sigalgstr)) {
+            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS12_CHECK_PEER_SIGALG,
+                     SSL_R_WRONG_SIGNATURE_TYPE);
             return 0;
-
-        data += size;
-    }
-
-    if (data != d + n) {
-        *al = SSL_AD_DECODE_ERROR;
-        return 0;
-    }
-
-    if (!s->hit && tlsext_servername == 1) {
-        if (s->tlsext_hostname) {
-            if (s->session->tlsext_hostname == NULL) {
-                s->session->tlsext_hostname = BUF_strdup(s->tlsext_hostname);
-                if (!s->session->tlsext_hostname) {
-                    *al = SSL_AD_UNRECOGNIZED_NAME;
-                    return 0;
-                }
-            } else {
-                *al = SSL_AD_DECODE_ERROR;
-                return 0;
-            }
         }
     }
-
-    *p = data;
-
- ri_check:
-
-    /*
-     * Determine if we need to see RI. Strictly speaking if we want to avoid
-     * an attack we should *always* see RI even on initial server hello
-     * because the client doesn't see any renegotiation during an attack.
-     * However this would mean we could not connect to any server which
-     * doesn't support RI so for the immediate future tolerate RI absence on
-     * initial connect only.
-     */
-    if (!renegotiate_seen && !(s->options & SSL_OP_LEGACY_SERVER_CONNECT)
-        && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
-        *al = SSL_AD_HANDSHAKE_FAILURE;
-        SSLerr(SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT,
-               SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
-        return 0;
-    }
-
+    /* Store the sigalg the peer uses */
+    s->s3->tmp.peer_sigalg = lu;
     return 1;
 }
 
-int ssl_prepare_clienthello_tlsext(SSL *s)
+int SSL_get_peer_signature_type_nid(const SSL *s, int *pnid)
 {
-
-# ifdef TLSEXT_TYPE_opaque_prf_input
-    {
-        int r = 1;
-
-        if (s->ctx->tlsext_opaque_prf_input_callback != 0) {
-            r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0,
-                                                         s->
-                                                         ctx->tlsext_opaque_prf_input_callback_arg);
-            if (!r)
-                return -1;
-        }
-
-        if (s->tlsext_opaque_prf_input != NULL) {
-            if (s->s3->client_opaque_prf_input != NULL) {
-                /* shouldn't really happen */
-                OPENSSL_free(s->s3->client_opaque_prf_input);
-            }
-
-            if (s->tlsext_opaque_prf_input_len == 0) {
-                /* dummy byte just to get non-NULL */
-                s->s3->client_opaque_prf_input = OPENSSL_malloc(1);
-            } else {
-                s->s3->client_opaque_prf_input =
-                    BUF_memdup(s->tlsext_opaque_prf_input,
-                               s->tlsext_opaque_prf_input_len);
-            }
-            if (s->s3->client_opaque_prf_input == NULL) {
-                SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,
-                       ERR_R_MALLOC_FAILURE);
-                return -1;
-            }
-            s->s3->client_opaque_prf_input_len =
-                s->tlsext_opaque_prf_input_len;
-        }
-
-        if (r == 2)
-            /*
-             * at callback's request, insist on receiving an appropriate
-             * server opaque PRF input
-             */
-            s->s3->server_opaque_prf_input_len =
-                s->tlsext_opaque_prf_input_len;
-    }
-# endif
-
-    s->cert->alpn_sent = 0;
+    if (s->s3->tmp.peer_sigalg == NULL)
+        return 0;
+    *pnid = s->s3->tmp.peer_sigalg->sig;
     return 1;
 }
 
-int ssl_prepare_serverhello_tlsext(SSL *s)
+/*
+ * Set a mask of disabled algorithms: an algorithm is disabled if it isn't
+ * supported, doesn't appear in supported signature algorithms, isn't supported
+ * by the enabled protocol versions or by the security level.
+ *
+ * This function should only be used for checking which ciphers are supported
+ * by the client.
+ *
+ * Call ssl_cipher_disabled() to check that it's enabled or not.
+ */
+int ssl_set_client_disabled(SSL *s)
 {
+    s->s3->tmp.mask_a = 0;
+    s->s3->tmp.mask_k = 0;
+    ssl_set_sig_mask(&s->s3->tmp.mask_a, s, SSL_SECOP_SIGALG_MASK);
+    if (ssl_get_min_max_version(s, &s->s3->tmp.min_ver,
+                                &s->s3->tmp.max_ver, NULL) != 0)
+        return 0;
+#ifndef OPENSSL_NO_PSK
+    /* with PSK there must be client callback set */
+    if (!s->psk_client_callback) {
+        s->s3->tmp.mask_a |= SSL_aPSK;
+        s->s3->tmp.mask_k |= SSL_PSK;
+    }
+#endif                          /* OPENSSL_NO_PSK */
+#ifndef OPENSSL_NO_SRP
+    if (!(s->srp_ctx.srp_Mask & SSL_kSRP)) {
+        s->s3->tmp.mask_a |= SSL_aSRP;
+        s->s3->tmp.mask_k |= SSL_kSRP;
+    }
+#endif
     return 1;
 }
 
-static int ssl_check_clienthello_tlsext_early(SSL *s)
+/*
+ * ssl_cipher_disabled - check that a cipher is disabled or not
+ * @s: SSL connection that you want to use the cipher on
+ * @c: cipher to check
+ * @op: Security check that you want to do
+ * @ecdhe: If set to 1 then TLSv1 ECDHE ciphers are also allowed in SSLv3
+ *
+ * Returns 1 when it's disabled, 0 when enabled.
+ */
+int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op, int ecdhe)
 {
-    int ret = SSL_TLSEXT_ERR_NOACK;
-    int al = SSL_AD_UNRECOGNIZED_NAME;
-
-# ifndef OPENSSL_NO_EC
-    /*
-     * The handling of the ECPointFormats extension is done elsewhere, namely
-     * in ssl3_choose_cipher in s3_lib.c.
-     */
-    /*
-     * The handling of the EllipticCurves extension is done elsewhere, namely
-     * in ssl3_choose_cipher in s3_lib.c.
-     */
-# endif
+    if (c->algorithm_mkey & s->s3->tmp.mask_k
+        || c->algorithm_auth & s->s3->tmp.mask_a)
+        return 1;
+    if (s->s3->tmp.max_ver == 0)
+        return 1;
+    if (!SSL_IS_DTLS(s)) {
+        int min_tls = c->min_tls;
 
-    if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0)
-        ret =
-            s->ctx->tlsext_servername_callback(s, &al,
-                                               s->ctx->tlsext_servername_arg);
-    else if (s->initial_ctx != NULL
-             && s->initial_ctx->tlsext_servername_callback != 0)
-        ret =
-            s->initial_ctx->tlsext_servername_callback(s, &al,
-                                                       s->
-                                                       initial_ctx->tlsext_servername_arg);
-
-# ifdef TLSEXT_TYPE_opaque_prf_input
-    {
         /*
-         * This sort of belongs into ssl_prepare_serverhello_tlsext(), but we
-         * might be sending an alert in response to the client hello, so this
-         * has to happen here in ssl_check_clienthello_tlsext_early().
+         * For historical reasons we will allow ECHDE to be selected by a server
+         * in SSLv3 if we are a client
          */
+        if (min_tls == TLS1_VERSION && ecdhe
+                && (c->algorithm_mkey & (SSL_kECDHE | SSL_kECDHEPSK)) != 0)
+            min_tls = SSL3_VERSION;
 
-        int r = 1;
-
-        if (s->ctx->tlsext_opaque_prf_input_callback != 0) {
-            r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0,
-                                                         s->
-                                                         ctx->tlsext_opaque_prf_input_callback_arg);
-            if (!r) {
-                ret = SSL_TLSEXT_ERR_ALERT_FATAL;
-                al = SSL_AD_INTERNAL_ERROR;
-                goto err;
-            }
-        }
-
-        if (s->s3->server_opaque_prf_input != NULL) {
-            /* shouldn't really happen */
-            OPENSSL_free(s->s3->server_opaque_prf_input);
-        }
-        s->s3->server_opaque_prf_input = NULL;
-
-        if (s->tlsext_opaque_prf_input != NULL) {
-            if (s->s3->client_opaque_prf_input != NULL &&
-                s->s3->client_opaque_prf_input_len ==
-                s->tlsext_opaque_prf_input_len) {
-                /*
-                 * can only use this extension if we have a server opaque PRF
-                 * input of the same length as the client opaque PRF input!
-                 */
-
-                if (s->tlsext_opaque_prf_input_len == 0) {
-                    /* dummy byte just to get non-NULL */
-                    s->s3->server_opaque_prf_input = OPENSSL_malloc(1);
-                } else {
-                    s->s3->server_opaque_prf_input =
-                        BUF_memdup(s->tlsext_opaque_prf_input,
-                                   s->tlsext_opaque_prf_input_len);
-                }
-                if (s->s3->server_opaque_prf_input == NULL) {
-                    ret = SSL_TLSEXT_ERR_ALERT_FATAL;
-                    al = SSL_AD_INTERNAL_ERROR;
-                    goto err;
-                }
-                s->s3->server_opaque_prf_input_len =
-                    s->tlsext_opaque_prf_input_len;
-            }
-        }
-
-        if (r == 2 && s->s3->server_opaque_prf_input == NULL) {
-            /*
-             * The callback wants to enforce use of the extension, but we
-             * can't do that with the client opaque PRF input; abort the
-             * handshake.
-             */
-            ret = SSL_TLSEXT_ERR_ALERT_FATAL;
-            al = SSL_AD_HANDSHAKE_FAILURE;
-        }
+        if ((min_tls > s->s3->tmp.max_ver) || (c->max_tls < s->s3->tmp.min_ver))
+            return 1;
     }
-
- err:
-# endif
-    switch (ret) {
-    case SSL_TLSEXT_ERR_ALERT_FATAL:
-        ssl3_send_alert(s, SSL3_AL_FATAL, al);
-        return -1;
-
-    case SSL_TLSEXT_ERR_ALERT_WARNING:
-        ssl3_send_alert(s, SSL3_AL_WARNING, al);
-        return 1;
-
-    case SSL_TLSEXT_ERR_NOACK:
-        s->servername_done = 0;
-    default:
+    if (SSL_IS_DTLS(s) && (DTLS_VERSION_GT(c->min_dtls, s->s3->tmp.max_ver)
+                           || DTLS_VERSION_LT(c->max_dtls, s->s3->tmp.min_ver)))
         return 1;
-    }
-}
 
-int tls1_set_server_sigalgs(SSL *s)
-{
-    int al;
-    size_t i;
-    /* Clear any shared sigtnature algorithms */
-    if (s->cert->shared_sigalgs) {
-        OPENSSL_free(s->cert->shared_sigalgs);
-        s->cert->shared_sigalgs = NULL;
-        s->cert->shared_sigalgslen = 0;
-    }
-    /* Clear certificate digests and validity flags */
-    for (i = 0; i < SSL_PKEY_NUM; i++) {
-        s->cert->pkeys[i].digest = NULL;
-        s->cert->pkeys[i].valid_flags = 0;
-    }
-
-    /* If sigalgs received process it. */
-    if (s->cert->peer_sigalgs) {
-        if (!tls1_process_sigalgs(s)) {
-            SSLerr(SSL_F_TLS1_SET_SERVER_SIGALGS, ERR_R_MALLOC_FAILURE);
-            al = SSL_AD_INTERNAL_ERROR;
-            goto err;
-        }
-        /* Fatal error is no shared signature algorithms */
-        if (!s->cert->shared_sigalgs) {
-            SSLerr(SSL_F_TLS1_SET_SERVER_SIGALGS,
-                   SSL_R_NO_SHARED_SIGATURE_ALGORITHMS);
-            al = SSL_AD_HANDSHAKE_FAILURE;
-            goto err;
-        }
-    } else
-        ssl_cert_set_default_md(s->cert);
-    return 1;
- err:
-    ssl3_send_alert(s, SSL3_AL_FATAL, al);
-    return 0;
+    return !ssl_security(s, op, c->strength_bits, 0, (void *)c);
 }
 
-/*
- * Upon success, returns 1.
- * Upon failure, returns 0 and sets |al| to the appropriate fatal alert.
- */
-int ssl_check_clienthello_tlsext_late(SSL *s, int *al)
+int tls_use_ticket(SSL *s)
 {
-
-    /*
-     * If status request then ask callback what to do. Note: this must be
-     * called after servername callbacks in case the certificate has changed,
-     * and must be called after the cipher has been chosen because this may
-     * influence which certificate is sent
-     */
-    if ((s->tlsext_status_type != -1) && s->ctx && s->ctx->tlsext_status_cb) {
-        int ret;
-        CERT_PKEY *certpkey;
-        certpkey = ssl_get_server_send_pkey(s);
-        /* If no certificate can't return certificate status */
-        if (certpkey != NULL) {
-            /*
-             * Set current certificate to one we will use so SSL_get_certificate
-             * et al can pick it up.
-             */
-            s->cert->key = certpkey;
-            ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
-            switch (ret) {
-                /* We don't want to send a status request response */
-            case SSL_TLSEXT_ERR_NOACK:
-                s->tlsext_status_expected = 0;
-                break;
-                /* status request response should be sent */
-            case SSL_TLSEXT_ERR_OK:
-                if (s->tlsext_ocsp_resp)
-                    s->tlsext_status_expected = 1;
-                break;
-                /* something bad happened */
-            case SSL_TLSEXT_ERR_ALERT_FATAL:
-            default:
-                *al = SSL_AD_INTERNAL_ERROR;
-                return 0;
-            }
-        }
-    }
-
-    if (!tls1_alpn_handle_client_hello_late(s, al)) {
+    if ((s->options & SSL_OP_NO_TICKET))
         return 0;
-    }
-
-    return 1;
+    return ssl_security(s, SSL_SECOP_TICKET, 0, 0, NULL);
 }
 
-int ssl_check_serverhello_tlsext(SSL *s)
+int tls1_set_server_sigalgs(SSL *s)
 {
-    int ret = SSL_TLSEXT_ERR_NOACK;
-    int al = SSL_AD_UNRECOGNIZED_NAME;
+    size_t i;
 
-# ifndef OPENSSL_NO_EC
+    /* Clear any shared signature algorithms */
+    OPENSSL_free(s->cert->shared_sigalgs);
+    s->cert->shared_sigalgs = NULL;
+    s->cert->shared_sigalgslen = 0;
+    /* Clear certificate validity flags */
+    for (i = 0; i < SSL_PKEY_NUM; i++)
+        s->s3->tmp.valid_flags[i] = 0;
     /*
-     * If we are client and using an elliptic curve cryptography cipher
-     * suite, then if server returns an EC point formats lists extension it
-     * must contain uncompressed.
+     * If peer sent no signature algorithms check to see if we support
+     * the default algorithm for each certificate type
      */
-    unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
-    unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
-    if ((s->tlsext_ecpointformatlist != NULL)
-        && (s->tlsext_ecpointformatlist_length > 0)
-        && (s->session->tlsext_ecpointformatlist != NULL)
-        && (s->session->tlsext_ecpointformatlist_length > 0)
-        && ((alg_k & (SSL_kEECDH | SSL_kECDHr | SSL_kECDHe))
-            || (alg_a & SSL_aECDSA))) {
-        /* we are using an ECC cipher */
-        size_t i;
-        unsigned char *list;
-        int found_uncompressed = 0;
-        list = s->session->tlsext_ecpointformatlist;
-        for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++) {
-            if (*(list++) == TLSEXT_ECPOINTFORMAT_uncompressed) {
-                found_uncompressed = 1;
-                break;
-            }
-        }
-        if (!found_uncompressed) {
-            SSLerr(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT,
-                   SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST);
-            return -1;
-        }
-    }
-    ret = SSL_TLSEXT_ERR_OK;
-# endif                         /* OPENSSL_NO_EC */
-
-    if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0)
-        ret =
-            s->ctx->tlsext_servername_callback(s, &al,
-                                               s->ctx->tlsext_servername_arg);
-    else if (s->initial_ctx != NULL
-             && s->initial_ctx->tlsext_servername_callback != 0)
-        ret =
-            s->initial_ctx->tlsext_servername_callback(s, &al,
-                                                       s->
-                                                       initial_ctx->tlsext_servername_arg);
-
-# ifdef TLSEXT_TYPE_opaque_prf_input
-    if (s->s3->server_opaque_prf_input_len > 0) {
-        /*
-         * This case may indicate that we, as a client, want to insist on
-         * using opaque PRF inputs. So first verify that we really have a
-         * value from the server too.
-         */
+    if (s->s3->tmp.peer_cert_sigalgs == NULL
+            && s->s3->tmp.peer_sigalgs == NULL) {
+        const uint16_t *sent_sigs;
+        size_t sent_sigslen = tls12_get_psigalgs(s, 1, &sent_sigs);
 
-        if (s->s3->server_opaque_prf_input == NULL) {
-            ret = SSL_TLSEXT_ERR_ALERT_FATAL;
-            al = SSL_AD_HANDSHAKE_FAILURE;
-        }
-
-        /*
-         * Anytime the server *has* sent an opaque PRF input, we need to
-         * check that we have a client opaque PRF input of the same size.
-         */
-        if (s->s3->client_opaque_prf_input == NULL ||
-            s->s3->client_opaque_prf_input_len !=
-            s->s3->server_opaque_prf_input_len) {
-            ret = SSL_TLSEXT_ERR_ALERT_FATAL;
-            al = SSL_AD_ILLEGAL_PARAMETER;
-        }
-    }
-# endif
+        for (i = 0; i < SSL_PKEY_NUM; i++) {
+            const SIGALG_LOOKUP *lu = tls1_get_legacy_sigalg(s, i);
+            size_t j;
 
-    OPENSSL_free(s->tlsext_ocsp_resp);
-    s->tlsext_ocsp_resp = NULL;
-    s->tlsext_ocsp_resplen = -1;
-    /*
-     * If we've requested certificate status and we wont get one tell the
-     * callback
-     */
-    if ((s->tlsext_status_type != -1) && !(s->tlsext_status_expected)
-        && !(s->hit) && s->ctx && s->ctx->tlsext_status_cb) {
-        int r;
-        /*
-         * Call callback with resp == NULL and resplen == -1 so callback
-         * knows there is no response
-         */
-        r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
-        if (r == 0) {
-            al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
-            ret = SSL_TLSEXT_ERR_ALERT_FATAL;
-        }
-        if (r < 0) {
-            al = SSL_AD_INTERNAL_ERROR;
-            ret = SSL_TLSEXT_ERR_ALERT_FATAL;
+            if (lu == NULL)
+                continue;
+            /* Check default matches a type we sent */
+            for (j = 0; j < sent_sigslen; j++) {
+                if (lu->sigalg == sent_sigs[j]) {
+                        s->s3->tmp.valid_flags[i] = CERT_PKEY_SIGN;
+                        break;
+                }
+            }
         }
-    }
-
-    switch (ret) {
-    case SSL_TLSEXT_ERR_ALERT_FATAL:
-        ssl3_send_alert(s, SSL3_AL_FATAL, al);
-        return -1;
-
-    case SSL_TLSEXT_ERR_ALERT_WARNING:
-        ssl3_send_alert(s, SSL3_AL_WARNING, al);
-        return 1;
-
-    case SSL_TLSEXT_ERR_NOACK:
-        s->servername_done = 0;
-    default:
         return 1;
     }
-}
 
-int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
-                                 int n)
-{
-    int al = -1;
-    if (s->version < SSL3_VERSION)
-        return 1;
-    if (ssl_scan_serverhello_tlsext(s, p, d, n, &al) <= 0) {
-        ssl3_send_alert(s, SSL3_AL_FATAL, al);
+    if (!tls1_process_sigalgs(s)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS1_SET_SERVER_SIGALGS, ERR_R_INTERNAL_ERROR);
         return 0;
     }
+    if (s->cert->shared_sigalgs != NULL)
+        return 1;
 
-    if (ssl_check_serverhello_tlsext(s) <= 0) {
-        SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT, SSL_R_SERVERHELLO_TLSEXT);
-        return 0;
-    }
-    return 1;
+    /* Fatal error if no shared signature algorithms */
+    SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS1_SET_SERVER_SIGALGS,
+             SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS);
+    return 0;
 }
 
 /*-
- * Since the server cache lookup is done early on in the processing of the
- * ClientHello, and other operations depend on the result, we need to handle
- * any TLS session ticket extension at the same time.
+ * Gets the ticket information supplied by the client if any.
  *
- *   session_id: points at the session ID in the ClientHello. This code will
- *       read past the end of this in order to parse out the session ticket
- *       extension, if any.
- *   len: the length of the session ID.
- *   limit: a pointer to the first byte after the ClientHello.
+ *   hello: The parsed ClientHello data
  *   ret: (output) on return, if a ticket was decrypted, then this is set to
  *       point to the resulting session.
- *
- * If s->tls_session_secret_cb is set then we are expecting a pre-shared key
- * ciphersuite, in which case we have no use for session tickets and one will
- * never be decrypted, nor will s->tlsext_ticket_expected be set to 1.
- *
- * Returns:
- *   -1: fatal error, either from parsing or decrypting the ticket.
- *    0: no ticket was found (or was ignored, based on settings).
- *    1: a zero length extension was found, indicating that the client supports
- *       session tickets but doesn't currently have one to offer.
- *    2: either s->tls_session_secret_cb was set, or a ticket was offered but
- *       couldn't be decrypted because of a non-fatal error.
- *    3: a ticket was successfully decrypted and *ret was set.
- *
- * Side effects:
- *   Sets s->tlsext_ticket_expected to 1 if the server will have to issue
- *   a new session ticket to the client because the client indicated support
- *   (and s->tls_session_secret_cb is NULL) but the client either doesn't have
- *   a session ticket or we couldn't use the one it gave us, or if
- *   s->ctx->tlsext_ticket_key_cb asked to renew the client's ticket.
- *   Otherwise, s->tlsext_ticket_expected is set to 0.
  */
-int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
-                        const unsigned char *limit, SSL_SESSION **ret)
+SSL_TICKET_STATUS tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello,
+                                             SSL_SESSION **ret)
 {
-    /* Point after session ID in client hello */
-    const unsigned char *p = session_id + len;
-    unsigned short i;
+    size_t size;
+    RAW_EXTENSION *ticketext;
 
     *ret = NULL;
-    s->tlsext_ticket_expected = 0;
+    s->ext.ticket_expected = 0;
 
     /*
-     * If tickets disabled behave as if no ticket present to permit stateful
+     * If tickets disabled or not supported by the protocol version
+     * (e.g. TLSv1.3) behave as if no ticket present to permit stateful
      * resumption.
      */
-    if (SSL_get_options(s) & SSL_OP_NO_TICKET)
-        return 0;
-    if ((s->version <= SSL3_VERSION) || !limit)
-        return 0;
-    if (p >= limit)
-        return -1;
-    /* Skip past DTLS cookie */
-    if (SSL_IS_DTLS(s)) {
-        i = *(p++);
-
-        if (limit - p <= i)
-            return -1;
+    if (s->version <= SSL3_VERSION || !tls_use_ticket(s))
+        return SSL_TICKET_NONE;
 
-        p += i;
-    }
-    /* Skip past cipher list */
-    n2s(p, i);
-    if (limit - p <= i)
-        return -1;
-    p += i;
+    ticketext = &hello->pre_proc_exts[TLSEXT_IDX_session_ticket];
+    if (!ticketext->present)
+        return SSL_TICKET_NONE;
 
-    /* Skip past compression algorithm list */
-    i = *(p++);
-    if (limit - p < i)
-        return -1;
-    p += i;
+    size = PACKET_remaining(&ticketext->data);
 
-    /* Now at start of extensions */
-    if (limit - p <= 2)
-        return 0;
-    n2s(p, i);
-    while (limit - p >= 4) {
-        unsigned short type, size;
-        n2s(p, type);
-        n2s(p, size);
-        if (limit - p < size)
-            return 0;
-        if (type == TLSEXT_TYPE_session_ticket) {
-            int r;
-            if (size == 0) {
-                /*
-                 * The client will accept a ticket but doesn't currently have
-                 * one.
-                 */
-                s->tlsext_ticket_expected = 1;
-                return 1;
-            }
-            if (s->tls_session_secret_cb) {
-                /*
-                 * Indicate that the ticket couldn't be decrypted rather than
-                 * generating the session from ticket now, trigger
-                 * abbreviated handshake based on external mechanism to
-                 * calculate the master secret later.
-                 */
-                return 2;
-            }
-            r = tls_decrypt_ticket(s, p, size, session_id, len, ret);
-            switch (r) {
-            case 2:            /* ticket couldn't be decrypted */
-                s->tlsext_ticket_expected = 1;
-                return 2;
-            case 3:            /* ticket was decrypted */
-                return r;
-            case 4:            /* ticket decrypted but need to renew */
-                s->tlsext_ticket_expected = 1;
-                return 3;
-            default:           /* fatal error */
-                return -1;
-            }
-        }
-        p += size;
-    }
-    return 0;
+    return tls_decrypt_ticket(s, PACKET_data(&ticketext->data), size,
+                              hello->session_id, hello->session_id_len, ret);
 }
 
 /*-
  * tls_decrypt_ticket attempts to decrypt a session ticket.
  *
+ * If s->tls_session_secret_cb is set and we're not doing TLSv1.3 then we are
+ * expecting a pre-shared key ciphersuite, in which case we have no use for
+ * session tickets and one will never be decrypted, nor will
+ * s->ext.ticket_expected be set to 1.
+ *
+ * Side effects:
+ *   Sets s->ext.ticket_expected to 1 if the server will have to issue
+ *   a new session ticket to the client because the client indicated support
+ *   (and s->tls_session_secret_cb is NULL) but the client either doesn't have
+ *   a session ticket or we couldn't use the one it gave us, or if
+ *   s->ctx->ext.ticket_key_cb asked to renew the client's ticket.
+ *   Otherwise, s->ext.ticket_expected is set to 0.
+ *
  *   etick: points to the body of the session ticket extension.
- *   eticklen: the length of the session tickets extenion.
+ *   eticklen: the length of the session tickets extension.
  *   sess_id: points at the session ID.
  *   sesslen: the length of the session ID.
  *   psess: (output) on return, if a ticket was decrypted, then this is set to
  *       point to the resulting session.
- *
- * Returns:
- *   -1: fatal error, either from parsing or decrypting the ticket.
- *    2: the ticket couldn't be decrypted.
- *    3: a ticket was successfully decrypted and *psess was set.
- *    4: same as 3, but the ticket needs to be renewed.
  */
-static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
-                              int eticklen, const unsigned char *sess_id,
-                              int sesslen, SSL_SESSION **psess)
+SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick,
+                                     size_t eticklen, const unsigned char *sess_id,
+                                     size_t sesslen, SSL_SESSION **psess)
 {
-    SSL_SESSION *sess;
+    SSL_SESSION *sess = NULL;
     unsigned char *sdec;
     const unsigned char *p;
-    int slen, mlen, renew_ticket = 0;
+    int slen, renew_ticket = 0, declen;
+    SSL_TICKET_STATUS ret = SSL_TICKET_FATAL_ERR_OTHER;
+    size_t mlen;
     unsigned char tick_hmac[EVP_MAX_MD_SIZE];
-    HMAC_CTX hctx;
-    EVP_CIPHER_CTX ctx;
-    SSL_CTX *tctx = s->initial_ctx;
+    HMAC_CTX *hctx = NULL;
+    EVP_CIPHER_CTX *ctx = NULL;
+    SSL_CTX *tctx = s->session_ctx;
+
+    if (eticklen == 0) {
+        /*
+         * The client will accept a ticket but doesn't currently have
+         * one (TLSv1.2 and below), or treated as a fatal error in TLSv1.3
+         */
+        ret = SSL_TICKET_EMPTY;
+        goto end;
+    }
+    if (!SSL_IS_TLS13(s) && s->ext.session_secret_cb) {
+        /*
+         * Indicate that the ticket couldn't be decrypted rather than
+         * generating the session from ticket now, trigger
+         * abbreviated handshake based on external mechanism to
+         * calculate the master secret later.
+         */
+        ret = SSL_TICKET_NO_DECRYPT;
+        goto end;
+    }
 
     /* Need at least keyname + iv */
-    if (eticklen < 16 + EVP_MAX_IV_LENGTH)
-        return 2;
+    if (eticklen < TLSEXT_KEYNAME_LENGTH + EVP_MAX_IV_LENGTH) {
+        ret = SSL_TICKET_NO_DECRYPT;
+        goto end;
+    }
 
     /* Initialize session ticket encryption and HMAC contexts */
-    HMAC_CTX_init(&hctx);
-    EVP_CIPHER_CTX_init(&ctx);
-    if (tctx->tlsext_ticket_key_cb) {
+    hctx = HMAC_CTX_new();
+    if (hctx == NULL) {
+        ret = SSL_TICKET_FATAL_ERR_MALLOC;
+        goto end;
+    }
+    ctx = EVP_CIPHER_CTX_new();
+    if (ctx == NULL) {
+        ret = SSL_TICKET_FATAL_ERR_MALLOC;
+        goto end;
+    }
+    if (tctx->ext.ticket_key_cb) {
         unsigned char *nctick = (unsigned char *)etick;
-        int rv = tctx->tlsext_ticket_key_cb(s, nctick, nctick + 16,
-                                            &ctx, &hctx, 0);
-        if (rv < 0)
-            goto err;
+        int rv = tctx->ext.ticket_key_cb(s, nctick,
+                                         nctick + TLSEXT_KEYNAME_LENGTH,
+                                         ctx, hctx, 0);
+        if (rv < 0) {
+            ret = SSL_TICKET_FATAL_ERR_OTHER;
+            goto end;
+        }
         if (rv == 0) {
-            HMAC_CTX_cleanup(&hctx);
-            EVP_CIPHER_CTX_cleanup(&ctx);
-            return 2;
+            ret = SSL_TICKET_NO_DECRYPT;
+            goto end;
         }
         if (rv == 2)
             renew_ticket = 1;
     } else {
         /* Check key name matches */
-        if (memcmp(etick, tctx->tlsext_tick_key_name, 16))
-            return 2;
-        if (HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
-                         tlsext_tick_md(), NULL) <= 0
-                || EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
-                                      tctx->tlsext_tick_aes_key,
-                                      etick + 16) <= 0) {
-            goto err;
-       }
+        if (memcmp(etick, tctx->ext.tick_key_name,
+                   TLSEXT_KEYNAME_LENGTH) != 0) {
+            ret = SSL_TICKET_NO_DECRYPT;
+            goto end;
+        }
+        if (HMAC_Init_ex(hctx, tctx->ext.secure->tick_hmac_key,
+                         sizeof(tctx->ext.secure->tick_hmac_key),
+                         EVP_sha256(), NULL) <= 0
+            || EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL,
+                                  tctx->ext.secure->tick_aes_key,
+                                  etick + TLSEXT_KEYNAME_LENGTH) <= 0) {
+            ret = SSL_TICKET_FATAL_ERR_OTHER;
+            goto end;
+        }
+        if (SSL_IS_TLS13(s))
+            renew_ticket = 1;
     }
     /*
      * Attempt to process session ticket, first conduct sanity and integrity
      * checks on ticket.
      */
-    mlen = HMAC_size(&hctx);
-    if (mlen < 0) {
-        goto err;
+    mlen = HMAC_size(hctx);
+    if (mlen == 0) {
+        ret = SSL_TICKET_FATAL_ERR_OTHER;
+        goto end;
     }
+
     /* Sanity check ticket length: must exceed keyname + IV + HMAC */
-    if (eticklen <= 16 + EVP_CIPHER_CTX_iv_length(&ctx) + mlen) {
-        HMAC_CTX_cleanup(&hctx);
-        EVP_CIPHER_CTX_cleanup(&ctx);
-        return 2;
+    if (eticklen <=
+        TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_iv_length(ctx) + mlen) {
+        ret = SSL_TICKET_NO_DECRYPT;
+        goto end;
     }
-
     eticklen -= mlen;
     /* Check HMAC of encrypted ticket */
-    if (HMAC_Update(&hctx, etick, eticklen) <= 0
-            || HMAC_Final(&hctx, tick_hmac, NULL) <= 0) {
-        goto err;
+    if (HMAC_Update(hctx, etick, eticklen) <= 0
+        || HMAC_Final(hctx, tick_hmac, NULL) <= 0) {
+        ret = SSL_TICKET_FATAL_ERR_OTHER;
+        goto end;
     }
-    HMAC_CTX_cleanup(&hctx);
+
     if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen)) {
-        EVP_CIPHER_CTX_cleanup(&ctx);
-        return 2;
+        ret = SSL_TICKET_NO_DECRYPT;
+        goto end;
     }
     /* Attempt to decrypt session data */
     /* Move p after IV to start of encrypted ticket, update length */
-    p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx);
-    eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx);
+    p = etick + TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_iv_length(ctx);
+    eticklen -= TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_iv_length(ctx);
     sdec = OPENSSL_malloc(eticklen);
-    if (sdec == NULL
-            || EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen) <= 0) {
-        EVP_CIPHER_CTX_cleanup(&ctx);
+    if (sdec == NULL || EVP_DecryptUpdate(ctx, sdec, &slen, p,
+                                          (int)eticklen) <= 0) {
         OPENSSL_free(sdec);
-        return -1;
+        ret = SSL_TICKET_FATAL_ERR_OTHER;
+        goto end;
     }
-    if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0) {
-        EVP_CIPHER_CTX_cleanup(&ctx);
+    if (EVP_DecryptFinal(ctx, sdec + slen, &declen) <= 0) {
         OPENSSL_free(sdec);
-        return 2;
+        ret = SSL_TICKET_NO_DECRYPT;
+        goto end;
     }
-    slen += mlen;
-    EVP_CIPHER_CTX_cleanup(&ctx);
+    slen += declen;
     p = sdec;
 
     sess = d2i_SSL_SESSION(NULL, &p, slen);
@@ -3599,9 +1412,11 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
     OPENSSL_free(sdec);
     if (sess) {
         /* Some additional consistency checks */
-        if (slen != 0 || sess->session_id_length != 0) {
+        if (slen != 0) {
             SSL_SESSION_free(sess);
-            return 2;
+            sess = NULL;
+            ret = SSL_TICKET_NO_DECRYPT;
+            goto end;
         }
         /*
          * The session ID, if non-empty, is used by some clients to detect
@@ -3609,198 +1424,246 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
          * structure. If it is empty set length to zero as required by
          * standard.
          */
-        if (sesslen)
+        if (sesslen) {
             memcpy(sess->session_id, sess_id, sesslen);
-        sess->session_id_length = sesslen;
-        *psess = sess;
+            sess->session_id_length = sesslen;
+        }
         if (renew_ticket)
-            return 4;
+            ret = SSL_TICKET_SUCCESS_RENEW;
         else
-            return 3;
+            ret = SSL_TICKET_SUCCESS;
+        goto end;
     }
     ERR_clear_error();
     /*
      * For session parse failure, indicate that we need to send a new ticket.
      */
-    return 2;
-err:
-    EVP_CIPHER_CTX_cleanup(&ctx);
-    HMAC_CTX_cleanup(&hctx);
-    return -1;
-}
+    ret = SSL_TICKET_NO_DECRYPT;
 
-/* Tables to translate from NIDs to TLS v1.2 ids */
+ end:
+    EVP_CIPHER_CTX_free(ctx);
+    HMAC_CTX_free(hctx);
 
-typedef struct {
-    int nid;
-    int id;
-} tls12_lookup;
-
-static tls12_lookup tls12_md[] = {
-    {NID_md5, TLSEXT_hash_md5},
-    {NID_sha1, TLSEXT_hash_sha1},
-    {NID_sha224, TLSEXT_hash_sha224},
-    {NID_sha256, TLSEXT_hash_sha256},
-    {NID_sha384, TLSEXT_hash_sha384},
-    {NID_sha512, TLSEXT_hash_sha512}
-};
+    /*
+     * If set, the decrypt_ticket_cb() is called unless a fatal error was
+     * detected above. The callback is responsible for checking |ret| before it
+     * performs any action
+     */
+    if (s->session_ctx->decrypt_ticket_cb != NULL
+            && (ret == SSL_TICKET_EMPTY
+                || ret == SSL_TICKET_NO_DECRYPT
+                || ret == SSL_TICKET_SUCCESS
+                || ret == SSL_TICKET_SUCCESS_RENEW)) {
+        size_t keyname_len = eticklen;
+        int retcb;
+
+        if (keyname_len > TLSEXT_KEYNAME_LENGTH)
+            keyname_len = TLSEXT_KEYNAME_LENGTH;
+        retcb = s->session_ctx->decrypt_ticket_cb(s, sess, etick, keyname_len,
+                                                  ret,
+                                                  s->session_ctx->ticket_cb_data);
+        switch (retcb) {
+        case SSL_TICKET_RETURN_ABORT:
+            ret = SSL_TICKET_FATAL_ERR_OTHER;
+            break;
 
-static tls12_lookup tls12_sig[] = {
-    {EVP_PKEY_RSA, TLSEXT_signature_rsa},
-    {EVP_PKEY_DSA, TLSEXT_signature_dsa},
-    {EVP_PKEY_EC, TLSEXT_signature_ecdsa}
-};
+        case SSL_TICKET_RETURN_IGNORE:
+            ret = SSL_TICKET_NONE;
+            SSL_SESSION_free(sess);
+            sess = NULL;
+            break;
 
-static int tls12_find_id(int nid, tls12_lookup *table, size_t tlen)
-{
-    size_t i;
-    for (i = 0; i < tlen; i++) {
-        if (table[i].nid == nid)
-            return table[i].id;
+        case SSL_TICKET_RETURN_IGNORE_RENEW:
+            if (ret != SSL_TICKET_EMPTY && ret != SSL_TICKET_NO_DECRYPT)
+                ret = SSL_TICKET_NO_DECRYPT;
+            /* else the value of |ret| will already do the right thing */
+            SSL_SESSION_free(sess);
+            sess = NULL;
+            break;
+
+        case SSL_TICKET_RETURN_USE:
+        case SSL_TICKET_RETURN_USE_RENEW:
+            if (ret != SSL_TICKET_SUCCESS
+                    && ret != SSL_TICKET_SUCCESS_RENEW)
+                ret = SSL_TICKET_FATAL_ERR_OTHER;
+            else if (retcb == SSL_TICKET_RETURN_USE)
+                ret = SSL_TICKET_SUCCESS;
+            else
+                ret = SSL_TICKET_SUCCESS_RENEW;
+            break;
+
+        default:
+            ret = SSL_TICKET_FATAL_ERR_OTHER;
+        }
     }
-    return -1;
-}
 
-static int tls12_find_nid(int id, tls12_lookup *table, size_t tlen)
-{
-    size_t i;
-    for (i = 0; i < tlen; i++) {
-        if ((table[i].id) == id)
-            return table[i].nid;
+    if (s->ext.session_secret_cb == NULL || SSL_IS_TLS13(s)) {
+        switch (ret) {
+        case SSL_TICKET_NO_DECRYPT:
+        case SSL_TICKET_SUCCESS_RENEW:
+        case SSL_TICKET_EMPTY:
+            s->ext.ticket_expected = 1;
+        }
     }
-    return NID_undef;
+
+    *psess = sess;
+
+    return ret;
 }
 
-int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk,
-                         const EVP_MD *md)
+/* Check to see if a signature algorithm is allowed */
+static int tls12_sigalg_allowed(SSL *s, int op, const SIGALG_LOOKUP *lu)
 {
-    int sig_id, md_id;
-    if (!md)
+    unsigned char sigalgstr[2];
+    int secbits;
+
+    /* See if sigalgs is recognised and if hash is enabled */
+    if (!tls1_lookup_md(lu, NULL))
         return 0;
-    md_id = tls12_find_id(EVP_MD_type(md), tls12_md,
-                          sizeof(tls12_md) / sizeof(tls12_lookup));
-    if (md_id == -1)
+    /* DSA is not allowed in TLS 1.3 */
+    if (SSL_IS_TLS13(s) && lu->sig == EVP_PKEY_DSA)
         return 0;
-    sig_id = tls12_get_sigid(pk);
-    if (sig_id == -1)
+    /* TODO(OpenSSL1.2) fully axe DSA/etc. in ClientHello per TLS 1.3 spec */
+    if (!s->server && !SSL_IS_DTLS(s) && s->s3->tmp.min_ver >= TLS1_3_VERSION
+        && (lu->sig == EVP_PKEY_DSA || lu->hash_idx == SSL_MD_SHA1_IDX
+            || lu->hash_idx == SSL_MD_MD5_IDX
+            || lu->hash_idx == SSL_MD_SHA224_IDX))
         return 0;
-    p[0] = (unsigned char)md_id;
-    p[1] = (unsigned char)sig_id;
-    return 1;
-}
 
-int tls12_get_sigid(const EVP_PKEY *pk)
-{
-    return tls12_find_id(pk->type, tls12_sig,
-                         sizeof(tls12_sig) / sizeof(tls12_lookup));
-}
+    /* See if public key algorithm allowed */
+    if (ssl_cert_is_disabled(lu->sig_idx))
+        return 0;
 
-const EVP_MD *tls12_get_hash(unsigned char hash_alg)
-{
-    switch (hash_alg) {
-# ifndef OPENSSL_NO_MD5
-    case TLSEXT_hash_md5:
-#  ifdef OPENSSL_FIPS
-        if (FIPS_mode())
-            return NULL;
-#  endif
-        return EVP_md5();
-# endif
-# ifndef OPENSSL_NO_SHA
-    case TLSEXT_hash_sha1:
-        return EVP_sha1();
-# endif
-# ifndef OPENSSL_NO_SHA256
-    case TLSEXT_hash_sha224:
-        return EVP_sha224();
+    if (lu->sig == NID_id_GostR3410_2012_256
+            || lu->sig == NID_id_GostR3410_2012_512
+            || lu->sig == NID_id_GostR3410_2001) {
+        /* We never allow GOST sig algs on the server with TLSv1.3 */
+        if (s->server && SSL_IS_TLS13(s))
+            return 0;
+        if (!s->server
+                && s->method->version == TLS_ANY_VERSION
+                && s->s3->tmp.max_ver >= TLS1_3_VERSION) {
+            int i, num;
+            STACK_OF(SSL_CIPHER) *sk;
 
-    case TLSEXT_hash_sha256:
-        return EVP_sha256();
-# endif
-# ifndef OPENSSL_NO_SHA512
-    case TLSEXT_hash_sha384:
-        return EVP_sha384();
+            /*
+             * We're a client that could negotiate TLSv1.3. We only allow GOST
+             * sig algs if we could negotiate TLSv1.2 or below and we have GOST
+             * ciphersuites enabled.
+             */
 
-    case TLSEXT_hash_sha512:
-        return EVP_sha512();
-# endif
-    default:
-        return NULL;
+            if (s->s3->tmp.min_ver >= TLS1_3_VERSION)
+                return 0;
+
+            sk = SSL_get_ciphers(s);
+            num = sk != NULL ? sk_SSL_CIPHER_num(sk) : 0;
+            for (i = 0; i < num; i++) {
+                const SSL_CIPHER *c;
+
+                c = sk_SSL_CIPHER_value(sk, i);
+                /* Skip disabled ciphers */
+                if (ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_SUPPORTED, 0))
+                    continue;
 
+                if ((c->algorithm_mkey & SSL_kGOST) != 0)
+                    break;
+            }
+            if (i == num)
+                return 0;
+        }
     }
+
+    if (lu->hash == NID_undef)
+        return 1;
+    /* Security bits: half digest bits */
+    secbits = EVP_MD_size(ssl_md(lu->hash_idx)) * 4;
+    /* Finally see if security callback allows it */
+    sigalgstr[0] = (lu->sigalg >> 8) & 0xff;
+    sigalgstr[1] = lu->sigalg & 0xff;
+    return ssl_security(s, op, secbits, lu->hash, (void *)sigalgstr);
 }
 
-static int tls12_get_pkey_idx(unsigned char sig_alg)
+/*
+ * Get a mask of disabled public key algorithms based on supported signature
+ * algorithms. For example if no signature algorithm supports RSA then RSA is
+ * disabled.
+ */
+
+void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op)
 {
-    switch (sig_alg) {
-# ifndef OPENSSL_NO_RSA
-    case TLSEXT_signature_rsa:
-        return SSL_PKEY_RSA_SIGN;
-# endif
-# ifndef OPENSSL_NO_DSA
-    case TLSEXT_signature_dsa:
-        return SSL_PKEY_DSA_SIGN;
-# endif
-# ifndef OPENSSL_NO_ECDSA
-    case TLSEXT_signature_ecdsa:
-        return SSL_PKEY_ECC;
-# endif
+    const uint16_t *sigalgs;
+    size_t i, sigalgslen;
+    uint32_t disabled_mask = SSL_aRSA | SSL_aDSS | SSL_aECDSA;
+    /*
+     * Go through all signature algorithms seeing if we support any
+     * in disabled_mask.
+     */
+    sigalgslen = tls12_get_psigalgs(s, 1, &sigalgs);
+    for (i = 0; i < sigalgslen; i++, sigalgs++) {
+        const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(*sigalgs);
+        const SSL_CERT_LOOKUP *clu;
+
+        if (lu == NULL)
+            continue;
+
+        clu = ssl_cert_lookup_by_idx(lu->sig_idx);
+	if (clu == NULL)
+		continue;
+
+        /* If algorithm is disabled see if we can enable it */
+        if ((clu->amask & disabled_mask) != 0
+                && tls12_sigalg_allowed(s, op, lu))
+            disabled_mask &= ~clu->amask;
     }
-    return -1;
+    *pmask_a |= disabled_mask;
 }
 
-/* Convert TLS 1.2 signature algorithm extension values into NIDs */
-static void tls1_lookup_sigalg(int *phash_nid, int *psign_nid,
-                               int *psignhash_nid, const unsigned char *data)
+int tls12_copy_sigalgs(SSL *s, WPACKET *pkt,
+                       const uint16_t *psig, size_t psiglen)
 {
-    int sign_nid = NID_undef, hash_nid = NID_undef;
-    if (!phash_nid && !psign_nid && !psignhash_nid)
-        return;
-    if (phash_nid || psignhash_nid) {
-        hash_nid = tls12_find_nid(data[0], tls12_md,
-                                  sizeof(tls12_md) / sizeof(tls12_lookup));
-        if (phash_nid)
-            *phash_nid = hash_nid;
-    }
-    if (psign_nid || psignhash_nid) {
-        sign_nid = tls12_find_nid(data[1], tls12_sig,
-                                  sizeof(tls12_sig) / sizeof(tls12_lookup));
-        if (psign_nid)
-            *psign_nid = sign_nid;
-    }
-    if (psignhash_nid) {
-        if (sign_nid == NID_undef || hash_nid == NID_undef
-                || OBJ_find_sigid_by_algs(psignhash_nid, hash_nid,
-                                          sign_nid) <= 0)
-            *psignhash_nid = NID_undef;
-    }
+    size_t i;
+    int rv = 0;
+
+    for (i = 0; i < psiglen; i++, psig++) {
+        const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(*psig);
+
+        if (!tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SUPPORTED, lu))
+            continue;
+        if (!WPACKET_put_bytes_u16(pkt, *psig))
+            return 0;
+        /*
+         * If TLS 1.3 must have at least one valid TLS 1.3 message
+         * signing algorithm: i.e. neither RSA nor SHA1/SHA224
+         */
+        if (rv == 0 && (!SSL_IS_TLS13(s)
+            || (lu->sig != EVP_PKEY_RSA
+                && lu->hash != NID_sha1
+                && lu->hash != NID_sha224)))
+            rv = 1;
+    }
+    if (rv == 0)
+        SSLerr(SSL_F_TLS12_COPY_SIGALGS, SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM);
+    return rv;
 }
 
 /* Given preference and allowed sigalgs set shared sigalgs */
-static int tls12_do_shared_sigalgs(TLS_SIGALGS *shsig,
-                                   const unsigned char *pref, size_t preflen,
-                                   const unsigned char *allow,
-                                   size_t allowlen)
+static size_t tls12_shared_sigalgs(SSL *s, const SIGALG_LOOKUP **shsig,
+                                   const uint16_t *pref, size_t preflen,
+                                   const uint16_t *allow, size_t allowlen)
 {
-    const unsigned char *ptmp, *atmp;
+    const uint16_t *ptmp, *atmp;
     size_t i, j, nmatch = 0;
-    for (i = 0, ptmp = pref; i < preflen; i += 2, ptmp += 2) {
+    for (i = 0, ptmp = pref; i < preflen; i++, ptmp++) {
+        const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(*ptmp);
+
         /* Skip disabled hashes or signature algorithms */
-        if (tls12_get_hash(ptmp[0]) == NULL)
-            continue;
-        if (tls12_get_pkey_idx(ptmp[1]) == -1)
+        if (!tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SHARED, lu))
             continue;
-        for (j = 0, atmp = allow; j < allowlen; j += 2, atmp += 2) {
-            if (ptmp[0] == atmp[0] && ptmp[1] == atmp[1]) {
+        for (j = 0, atmp = allow; j < allowlen; j++, atmp++) {
+            if (*ptmp == *atmp) {
                 nmatch++;
-                if (shsig) {
-                    shsig->rhash = ptmp[0];
-                    shsig->rsign = ptmp[1];
-                    tls1_lookup_sigalg(&shsig->hash_nid,
-                                       &shsig->sign_nid,
-                                       &shsig->signandhash_nid, ptmp);
-                    shsig++;
-                }
+                if (shsig)
+                    *shsig++ = lu;
                 break;
             }
         }
@@ -3811,17 +1674,16 @@ static int tls12_do_shared_sigalgs(TLS_SIGALGS *shsig,
 /* Set shared signature algorithms for SSL structures */
 static int tls1_set_shared_sigalgs(SSL *s)
 {
-    const unsigned char *pref, *allow, *conf;
+    const uint16_t *pref, *allow, *conf;
     size_t preflen, allowlen, conflen;
     size_t nmatch;
-    TLS_SIGALGS *salgs = NULL;
+    const SIGALG_LOOKUP **salgs = NULL;
     CERT *c = s->cert;
     unsigned int is_suiteb = tls1_suiteb(s);
-    if (c->shared_sigalgs) {
-        OPENSSL_free(c->shared_sigalgs);
-        c->shared_sigalgs = NULL;
-        c->shared_sigalgslen = 0;
-    }
+
+    OPENSSL_free(c->shared_sigalgs);
+    c->shared_sigalgs = NULL;
+    c->shared_sigalgslen = 0;
     /* If client use client signature algorithms if not NULL */
     if (!s->server && c->client_sigalgs && !is_suiteb) {
         conf = c->client_sigalgs;
@@ -3834,20 +1696,21 @@ static int tls1_set_shared_sigalgs(SSL *s)
     if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || is_suiteb) {
         pref = conf;
         preflen = conflen;
-        allow = c->peer_sigalgs;
-        allowlen = c->peer_sigalgslen;
+        allow = s->s3->tmp.peer_sigalgs;
+        allowlen = s->s3->tmp.peer_sigalgslen;
     } else {
         allow = conf;
         allowlen = conflen;
-        pref = c->peer_sigalgs;
-        preflen = c->peer_sigalgslen;
+        pref = s->s3->tmp.peer_sigalgs;
+        preflen = s->s3->tmp.peer_sigalgslen;
     }
-    nmatch = tls12_do_shared_sigalgs(NULL, pref, preflen, allow, allowlen);
+    nmatch = tls12_shared_sigalgs(s, NULL, pref, preflen, allow, allowlen);
     if (nmatch) {
-        salgs = OPENSSL_malloc(nmatch * sizeof(TLS_SIGALGS));
-        if (!salgs)
+        if ((salgs = OPENSSL_malloc(nmatch * sizeof(*salgs))) == NULL) {
+            SSLerr(SSL_F_TLS1_SET_SHARED_SIGALGS, ERR_R_MALLOC_FAILURE);
             return 0;
-        nmatch = tls12_do_shared_sigalgs(salgs, pref, preflen, allow, allowlen);
+        }
+        nmatch = tls12_shared_sigalgs(s, salgs, pref, preflen, allow, allowlen);
     } else {
         salgs = NULL;
     }
@@ -3856,101 +1719,81 @@ static int tls1_set_shared_sigalgs(SSL *s)
     return 1;
 }
 
-/* Set preferred digest for each key type */
+int tls1_save_u16(PACKET *pkt, uint16_t **pdest, size_t *pdestlen)
+{
+    unsigned int stmp;
+    size_t size, i;
+    uint16_t *buf;
+
+    size = PACKET_remaining(pkt);
+
+    /* Invalid data length */
+    if (size == 0 || (size & 1) != 0)
+        return 0;
+
+    size >>= 1;
+
+    if ((buf = OPENSSL_malloc(size * sizeof(*buf))) == NULL)  {
+        SSLerr(SSL_F_TLS1_SAVE_U16, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    for (i = 0; i < size && PACKET_get_net_2(pkt, &stmp); i++)
+        buf[i] = stmp;
+
+    if (i != size) {
+        OPENSSL_free(buf);
+        return 0;
+    }
+
+    OPENSSL_free(*pdest);
+    *pdest = buf;
+    *pdestlen = size;
+
+    return 1;
+}
 
-int tls1_save_sigalgs(SSL *s, const unsigned char *data, int dsize)
+int tls1_save_sigalgs(SSL *s, PACKET *pkt, int cert)
 {
-    CERT *c = s->cert;
     /* Extension ignored for inappropriate versions */
     if (!SSL_USE_SIGALGS(s))
         return 1;
     /* Should never happen */
-    if (!c)
+    if (s->cert == NULL)
         return 0;
 
-    if (c->peer_sigalgs)
-        OPENSSL_free(c->peer_sigalgs);
-    c->peer_sigalgs = OPENSSL_malloc(dsize);
-    if (!c->peer_sigalgs)
-        return 0;
-    c->peer_sigalgslen = dsize;
-    memcpy(c->peer_sigalgs, data, dsize);
-    return 1;
+    if (cert)
+        return tls1_save_u16(pkt, &s->s3->tmp.peer_cert_sigalgs,
+                             &s->s3->tmp.peer_cert_sigalgslen);
+    else
+        return tls1_save_u16(pkt, &s->s3->tmp.peer_sigalgs,
+                             &s->s3->tmp.peer_sigalgslen);
+
 }
 
+/* Set preferred digest for each key type */
+
 int tls1_process_sigalgs(SSL *s)
 {
-    int idx;
     size_t i;
-    const EVP_MD *md;
+    uint32_t *pvalid = s->s3->tmp.valid_flags;
     CERT *c = s->cert;
-    TLS_SIGALGS *sigptr;
+
     if (!tls1_set_shared_sigalgs(s))
         return 0;
 
-# ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
-    if (s->cert->cert_flags & SSL_CERT_FLAG_BROKEN_PROTOCOL) {
-        /*
-         * Use first set signature preference to force message digest,
-         * ignoring any peer preferences.
-         */
-        const unsigned char *sigs = NULL;
-        if (s->server)
-            sigs = c->conf_sigalgs;
-        else
-            sigs = c->client_sigalgs;
-        if (sigs) {
-            idx = tls12_get_pkey_idx(sigs[1]);
-            md = tls12_get_hash(sigs[0]);
-            c->pkeys[idx].digest = md;
-            c->pkeys[idx].valid_flags = CERT_PKEY_EXPLICIT_SIGN;
-            if (idx == SSL_PKEY_RSA_SIGN) {
-                c->pkeys[SSL_PKEY_RSA_ENC].valid_flags =
-                    CERT_PKEY_EXPLICIT_SIGN;
-                c->pkeys[SSL_PKEY_RSA_ENC].digest = md;
-            }
-        }
-    }
-# endif
+    for (i = 0; i < SSL_PKEY_NUM; i++)
+        pvalid[i] = 0;
 
-    for (i = 0, sigptr = c->shared_sigalgs;
-         i < c->shared_sigalgslen; i++, sigptr++) {
-        idx = tls12_get_pkey_idx(sigptr->rsign);
-        if (idx > 0 && c->pkeys[idx].digest == NULL) {
-            md = tls12_get_hash(sigptr->rhash);
-            c->pkeys[idx].digest = md;
-            c->pkeys[idx].valid_flags = CERT_PKEY_EXPLICIT_SIGN;
-            if (idx == SSL_PKEY_RSA_SIGN) {
-                c->pkeys[SSL_PKEY_RSA_ENC].valid_flags =
-                    CERT_PKEY_EXPLICIT_SIGN;
-                c->pkeys[SSL_PKEY_RSA_ENC].digest = md;
-            }
-        }
+    for (i = 0; i < c->shared_sigalgslen; i++) {
+        const SIGALG_LOOKUP *sigptr = c->shared_sigalgs[i];
+        int idx = sigptr->sig_idx;
 
-    }
-    /*
-     * In strict mode leave unset digests as NULL to indicate we can't use
-     * the certificate for signing.
-     */
-    if (!(s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT)) {
-        /*
-         * Set any remaining keys to default values. NOTE: if alg is not
-         * supported it stays as NULL.
-         */
-# ifndef OPENSSL_NO_DSA
-        if (!c->pkeys[SSL_PKEY_DSA_SIGN].digest)
-            c->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1();
-# endif
-# ifndef OPENSSL_NO_RSA
-        if (!c->pkeys[SSL_PKEY_RSA_SIGN].digest) {
-            c->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();
-            c->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
-        }
-# endif
-# ifndef OPENSSL_NO_ECDSA
-        if (!c->pkeys[SSL_PKEY_ECC].digest)
-            c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
-# endif
+        /* Ignore PKCS1 based sig algs in TLSv1.3 */
+        if (SSL_IS_TLS13(s) && sigptr->sig == EVP_PKEY_RSA)
+            continue;
+        /* If not disabled indicate we can explicitly sign */
+        if (pvalid[idx] == 0 && !ssl_cert_is_disabled(idx))
+            pvalid[idx] = CERT_PKEY_EXPLICIT_SIGN | CERT_PKEY_SIGN;
     }
     return 1;
 }
@@ -3959,256 +1802,150 @@ int SSL_get_sigalgs(SSL *s, int idx,
                     int *psign, int *phash, int *psignhash,
                     unsigned char *rsig, unsigned char *rhash)
 {
-    const unsigned char *psig = s->cert->peer_sigalgs;
-    if (psig == NULL)
+    uint16_t *psig = s->s3->tmp.peer_sigalgs;
+    size_t numsigalgs = s->s3->tmp.peer_sigalgslen;
+    if (psig == NULL || numsigalgs > INT_MAX)
         return 0;
     if (idx >= 0) {
-        idx <<= 1;
-        if (idx >= (int)s->cert->peer_sigalgslen)
+        const SIGALG_LOOKUP *lu;
+
+        if (idx >= (int)numsigalgs)
             return 0;
         psig += idx;
-        if (rhash)
-            *rhash = psig[0];
-        if (rsig)
-            *rsig = psig[1];
-        tls1_lookup_sigalg(phash, psign, psignhash, psig);
-    }
-    return s->cert->peer_sigalgslen / 2;
+        if (rhash != NULL)
+            *rhash = (unsigned char)((*psig >> 8) & 0xff);
+        if (rsig != NULL)
+            *rsig = (unsigned char)(*psig & 0xff);
+        lu = tls1_lookup_sigalg(*psig);
+        if (psign != NULL)
+            *psign = lu != NULL ? lu->sig : NID_undef;
+        if (phash != NULL)
+            *phash = lu != NULL ? lu->hash : NID_undef;
+        if (psignhash != NULL)
+            *psignhash = lu != NULL ? lu->sigandhash : NID_undef;
+    }
+    return (int)numsigalgs;
 }
 
 int SSL_get_shared_sigalgs(SSL *s, int idx,
                            int *psign, int *phash, int *psignhash,
                            unsigned char *rsig, unsigned char *rhash)
 {
-    TLS_SIGALGS *shsigalgs = s->cert->shared_sigalgs;
-    if (!shsigalgs || idx >= (int)s->cert->shared_sigalgslen)
+    const SIGALG_LOOKUP *shsigalgs;
+    if (s->cert->shared_sigalgs == NULL
+        || idx < 0
+        || idx >= (int)s->cert->shared_sigalgslen
+        || s->cert->shared_sigalgslen > INT_MAX)
         return 0;
-    shsigalgs += idx;
-    if (phash)
-        *phash = shsigalgs->hash_nid;
-    if (psign)
-        *psign = shsigalgs->sign_nid;
-    if (psignhash)
-        *psignhash = shsigalgs->signandhash_nid;
-    if (rsig)
-        *rsig = shsigalgs->rsign;
-    if (rhash)
-        *rhash = shsigalgs->rhash;
-    return s->cert->shared_sigalgslen;
+    shsigalgs = s->cert->shared_sigalgs[idx];
+    if (phash != NULL)
+        *phash = shsigalgs->hash;
+    if (psign != NULL)
+        *psign = shsigalgs->sig;
+    if (psignhash != NULL)
+        *psignhash = shsigalgs->sigandhash;
+    if (rsig != NULL)
+        *rsig = (unsigned char)(shsigalgs->sigalg & 0xff);
+    if (rhash != NULL)
+        *rhash = (unsigned char)((shsigalgs->sigalg >> 8) & 0xff);
+    return (int)s->cert->shared_sigalgslen;
 }
 
-# ifndef OPENSSL_NO_HEARTBEATS
-int tls1_process_heartbeat(SSL *s)
-{
-    unsigned char *p = &s->s3->rrec.data[0], *pl;
-    unsigned short hbtype;
-    unsigned int payload;
-    unsigned int padding = 16;  /* Use minimum padding */
-
-    if (s->msg_callback)
-        s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
-                        &s->s3->rrec.data[0], s->s3->rrec.length,
-                        s, s->msg_callback_arg);
-
-    /* Read type and payload length first */
-    if (1 + 2 + 16 > s->s3->rrec.length)
-        return 0;               /* silently discard */
-    hbtype = *p++;
-    n2s(p, payload);
-    if (1 + 2 + payload + 16 > s->s3->rrec.length)
-        return 0;               /* silently discard per RFC 6520 sec. 4 */
-    pl = p;
-
-    if (hbtype == TLS1_HB_REQUEST) {
-        unsigned char *buffer, *bp;
-        int r;
-
-        /*
-         * Allocate memory for the response, size is 1 bytes message type,
-         * plus 2 bytes payload length, plus payload, plus padding
-         */
-        buffer = OPENSSL_malloc(1 + 2 + payload + padding);
-        if (buffer == NULL)
-            return -1;
-        bp = buffer;
-
-        /* Enter response type, length and copy payload */
-        *bp++ = TLS1_HB_RESPONSE;
-        s2n(payload, bp);
-        memcpy(bp, pl, payload);
-        bp += payload;
-        /* Random padding */
-        if (RAND_bytes(bp, padding) <= 0) {
-            OPENSSL_free(buffer);
-            return -1;
-        }
-
-        r = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, buffer,
-                             3 + payload + padding);
-
-        if (r >= 0 && s->msg_callback)
-            s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
-                            buffer, 3 + payload + padding,
-                            s, s->msg_callback_arg);
-
-        OPENSSL_free(buffer);
-
-        if (r < 0)
-            return r;
-    } else if (hbtype == TLS1_HB_RESPONSE) {
-        unsigned int seq;
-
-        /*
-         * We only send sequence numbers (2 bytes unsigned int), and 16
-         * random bytes, so we just try to read the sequence number
-         */
-        n2s(pl, seq);
-
-        if (payload == 18 && seq == s->tlsext_hb_seq) {
-            s->tlsext_hb_seq++;
-            s->tlsext_hb_pending = 0;
-        }
-    }
+/* Maximum possible number of unique entries in sigalgs array */
+#define TLS_MAX_SIGALGCNT (OSSL_NELEM(sigalg_lookup_tbl) * 2)
 
-    return 0;
-}
+typedef struct {
+    size_t sigalgcnt;
+    /* TLSEXT_SIGALG_XXX values */
+    uint16_t sigalgs[TLS_MAX_SIGALGCNT];
+} sig_cb_st;
 
-int tls1_heartbeat(SSL *s)
+static void get_sigorhash(int *psig, int *phash, const char *str)
 {
-    unsigned char *buf, *p;
-    int ret = -1;
-    unsigned int payload = 18;  /* Sequence number + random bytes */
-    unsigned int padding = 16;  /* Use minimum padding */
-
-    /* Only send if peer supports and accepts HB requests... */
-    if (!(s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED) ||
-        s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS) {
-        SSLerr(SSL_F_TLS1_HEARTBEAT, SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT);
-        return -1;
-    }
-
-    /* ...and there is none in flight yet... */
-    if (s->tlsext_hb_pending) {
-        SSLerr(SSL_F_TLS1_HEARTBEAT, SSL_R_TLS_HEARTBEAT_PENDING);
-        return -1;
-    }
-
-    /* ...and no handshake in progress. */
-    if (SSL_in_init(s) || s->in_handshake) {
-        SSLerr(SSL_F_TLS1_HEARTBEAT, SSL_R_UNEXPECTED_MESSAGE);
-        return -1;
-    }
-
-    /*
-     * Check if padding is too long, payload and padding must not exceed 2^14
-     * - 3 = 16381 bytes in total.
-     */
-    OPENSSL_assert(payload + padding <= 16381);
-
-    /*-
-     * Create HeartBeat message, we just use a sequence number
-     * as payload to distuingish different messages and add
-     * some random stuff.
-     *  - Message Type, 1 byte
-     *  - Payload Length, 2 bytes (unsigned int)
-     *  - Payload, the sequence number (2 bytes uint)
-     *  - Payload, random bytes (16 bytes uint)
-     *  - Padding
-     */
-    buf = OPENSSL_malloc(1 + 2 + payload + padding);
-    if (buf == NULL)
-        return -1;
-    p = buf;
-    /* Message Type */
-    *p++ = TLS1_HB_REQUEST;
-    /* Payload length (18 bytes here) */
-    s2n(payload, p);
-    /* Sequence number */
-    s2n(s->tlsext_hb_seq, p);
-    /* 16 random bytes */
-    if (RAND_bytes(p, 16) <= 0) {
-        SSLerr(SSL_F_TLS1_HEARTBEAT, ERR_R_INTERNAL_ERROR);
-        goto err;
-    }
-    p += 16;
-    /* Random padding */
-    if (RAND_bytes(p, padding) <= 0) {
-        SSLerr(SSL_F_TLS1_HEARTBEAT, ERR_R_INTERNAL_ERROR);
-        goto err;
-    }
-
-    ret = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3 + payload + padding);
-    if (ret >= 0) {
-        if (s->msg_callback)
-            s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
-                            buf, 3 + payload + padding,
-                            s, s->msg_callback_arg);
-
-        s->tlsext_hb_pending = 1;
+    if (strcmp(str, "RSA") == 0) {
+        *psig = EVP_PKEY_RSA;
+    } else if (strcmp(str, "RSA-PSS") == 0 || strcmp(str, "PSS") == 0) {
+        *psig = EVP_PKEY_RSA_PSS;
+    } else if (strcmp(str, "DSA") == 0) {
+        *psig = EVP_PKEY_DSA;
+    } else if (strcmp(str, "ECDSA") == 0) {
+        *psig = EVP_PKEY_EC;
+    } else {
+        *phash = OBJ_sn2nid(str);
+        if (*phash == NID_undef)
+            *phash = OBJ_ln2nid(str);
     }
-
-err:
-    OPENSSL_free(buf);
-
-    return ret;
 }
-# endif
-
-# define MAX_SIGALGLEN   (TLSEXT_hash_num * TLSEXT_signature_num * 2)
-
-typedef struct {
-    size_t sigalgcnt;
-    int sigalgs[MAX_SIGALGLEN];
-} sig_cb_st;
+/* Maximum length of a signature algorithm string component */
+#define TLS_MAX_SIGSTRING_LEN   40
 
 static int sig_cb(const char *elem, int len, void *arg)
 {
     sig_cb_st *sarg = arg;
     size_t i;
-    char etmp[20], *p;
-    int sig_alg, hash_alg;
+    const SIGALG_LOOKUP *s;
+    char etmp[TLS_MAX_SIGSTRING_LEN], *p;
+    int sig_alg = NID_undef, hash_alg = NID_undef;
     if (elem == NULL)
         return 0;
-    if (sarg->sigalgcnt == MAX_SIGALGLEN)
+    if (sarg->sigalgcnt == TLS_MAX_SIGALGCNT)
         return 0;
     if (len > (int)(sizeof(etmp) - 1))
         return 0;
     memcpy(etmp, elem, len);
     etmp[len] = 0;
     p = strchr(etmp, '+');
-    if (!p)
-        return 0;
-    *p = 0;
-    p++;
-    if (!*p)
-        return 0;
-
-    if (!strcmp(etmp, "RSA"))
-        sig_alg = EVP_PKEY_RSA;
-    else if (!strcmp(etmp, "DSA"))
-        sig_alg = EVP_PKEY_DSA;
-    else if (!strcmp(etmp, "ECDSA"))
-        sig_alg = EVP_PKEY_EC;
-    else
-        return 0;
-
-    hash_alg = OBJ_sn2nid(p);
-    if (hash_alg == NID_undef)
-        hash_alg = OBJ_ln2nid(p);
-    if (hash_alg == NID_undef)
-        return 0;
+    /*
+     * We only allow SignatureSchemes listed in the sigalg_lookup_tbl;
+     * if there's no '+' in the provided name, look for the new-style combined
+     * name.  If not, match both sig+hash to find the needed SIGALG_LOOKUP.
+     * Just sig+hash is not unique since TLS 1.3 adds rsa_pss_pss_* and
+     * rsa_pss_rsae_* that differ only by public key OID; in such cases
+     * we will pick the _rsae_ variant, by virtue of them appearing earlier
+     * in the table.
+     */
+    if (p == NULL) {
+        for (i = 0, s = sigalg_lookup_tbl; i < OSSL_NELEM(sigalg_lookup_tbl);
+             i++, s++) {
+            if (s->name != NULL && strcmp(etmp, s->name) == 0) {
+                sarg->sigalgs[sarg->sigalgcnt++] = s->sigalg;
+                break;
+            }
+        }
+        if (i == OSSL_NELEM(sigalg_lookup_tbl))
+            return 0;
+    } else {
+        *p = 0;
+        p++;
+        if (*p == 0)
+            return 0;
+        get_sigorhash(&sig_alg, &hash_alg, etmp);
+        get_sigorhash(&sig_alg, &hash_alg, p);
+        if (sig_alg == NID_undef || hash_alg == NID_undef)
+            return 0;
+        for (i = 0, s = sigalg_lookup_tbl; i < OSSL_NELEM(sigalg_lookup_tbl);
+             i++, s++) {
+            if (s->hash == hash_alg && s->sig == sig_alg) {
+                sarg->sigalgs[sarg->sigalgcnt++] = s->sigalg;
+                break;
+            }
+        }
+        if (i == OSSL_NELEM(sigalg_lookup_tbl))
+            return 0;
+    }
 
-    for (i = 0; i < sarg->sigalgcnt; i += 2) {
-        if (sarg->sigalgs[i] == sig_alg && sarg->sigalgs[i + 1] == hash_alg)
+    /* Reject duplicates */
+    for (i = 0; i < sarg->sigalgcnt - 1; i++) {
+        if (sarg->sigalgs[i] == sarg->sigalgs[sarg->sigalgcnt - 1]) {
+            sarg->sigalgcnt--;
             return 0;
+        }
     }
-    sarg->sigalgs[sarg->sigalgcnt++] = hash_alg;
-    sarg->sigalgs[sarg->sigalgcnt++] = sig_alg;
     return 1;
 }
 
 /*
- * Set suppored signature algorithms based on a colon separated list of the
+ * Set supported signature algorithms based on a colon separated list of the
  * form sig+hash e.g. RSA+SHA512:DSA+SHA512
  */
 int tls1_set_sigalgs_list(CERT *c, const char *str, int client)
@@ -4219,42 +1956,70 @@ int tls1_set_sigalgs_list(CERT *c, const char *str, int client)
         return 0;
     if (c == NULL)
         return 1;
-    return tls1_set_sigalgs(c, sig.sigalgs, sig.sigalgcnt, client);
+    return tls1_set_raw_sigalgs(c, sig.sigalgs, sig.sigalgcnt, client);
 }
 
-int tls1_set_sigalgs(CERT *c, const int *psig_nids, size_t salglen,
+int tls1_set_raw_sigalgs(CERT *c, const uint16_t *psigs, size_t salglen,
                      int client)
 {
-    unsigned char *sigalgs, *sptr;
-    int rhash, rsign;
+    uint16_t *sigalgs;
+
+    if ((sigalgs = OPENSSL_malloc(salglen * sizeof(*sigalgs))) == NULL) {
+        SSLerr(SSL_F_TLS1_SET_RAW_SIGALGS, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    memcpy(sigalgs, psigs, salglen * sizeof(*sigalgs));
+
+    if (client) {
+        OPENSSL_free(c->client_sigalgs);
+        c->client_sigalgs = sigalgs;
+        c->client_sigalgslen = salglen;
+    } else {
+        OPENSSL_free(c->conf_sigalgs);
+        c->conf_sigalgs = sigalgs;
+        c->conf_sigalgslen = salglen;
+    }
+
+    return 1;
+}
+
+int tls1_set_sigalgs(CERT *c, const int *psig_nids, size_t salglen, int client)
+{
+    uint16_t *sigalgs, *sptr;
     size_t i;
+
     if (salglen & 1)
         return 0;
-    sigalgs = OPENSSL_malloc(salglen);
-    if (sigalgs == NULL)
+    if ((sigalgs = OPENSSL_malloc((salglen / 2) * sizeof(*sigalgs))) == NULL) {
+        SSLerr(SSL_F_TLS1_SET_SIGALGS, ERR_R_MALLOC_FAILURE);
         return 0;
+    }
     for (i = 0, sptr = sigalgs; i < salglen; i += 2) {
-        rhash = tls12_find_id(*psig_nids++, tls12_md,
-                              sizeof(tls12_md) / sizeof(tls12_lookup));
-        rsign = tls12_find_id(*psig_nids++, tls12_sig,
-                              sizeof(tls12_sig) / sizeof(tls12_lookup));
+        size_t j;
+        const SIGALG_LOOKUP *curr;
+        int md_id = *psig_nids++;
+        int sig_id = *psig_nids++;
+
+        for (j = 0, curr = sigalg_lookup_tbl; j < OSSL_NELEM(sigalg_lookup_tbl);
+             j++, curr++) {
+            if (curr->hash == md_id && curr->sig == sig_id) {
+                *sptr++ = curr->sigalg;
+                break;
+            }
+        }
 
-        if (rhash == -1 || rsign == -1)
+        if (j == OSSL_NELEM(sigalg_lookup_tbl))
             goto err;
-        *sptr++ = rhash;
-        *sptr++ = rsign;
     }
 
     if (client) {
-        if (c->client_sigalgs)
-            OPENSSL_free(c->client_sigalgs);
+        OPENSSL_free(c->client_sigalgs);
         c->client_sigalgs = sigalgs;
-        c->client_sigalgslen = salglen;
+        c->client_sigalgslen = salglen / 2;
     } else {
-        if (c->conf_sigalgs)
-            OPENSSL_free(c->conf_sigalgs);
+        OPENSSL_free(c->conf_sigalgs);
         c->conf_sigalgs = sigalgs;
-        c->conf_sigalgslen = salglen;
+        c->conf_sigalgslen = salglen / 2;
     }
 
     return 1;
@@ -4274,7 +2039,7 @@ static int tls1_check_sig_alg(CERT *c, X509 *x, int default_nid)
     if (default_nid)
         return sig_nid == default_nid ? 1 : 0;
     for (i = 0; i < c->shared_sigalgslen; i++)
-        if (sig_nid == c->shared_sigalgs[i].signandhash_nid)
+        if (sig_nid == c->shared_sigalgs[i]->sigandhash)
             return 1;
     return 0;
 }
@@ -4299,12 +2064,12 @@ static int ssl_check_ca_name(STACK_OF(X509_NAME) *names, X509 *x)
  * attempting to use them.
  */
 
-/* Flags which need to be set for a certificate when stict mode not set */
+/* Flags which need to be set for a certificate when strict mode not set */
 
-# define CERT_PKEY_VALID_FLAGS \
+#define CERT_PKEY_VALID_FLAGS \
         (CERT_PKEY_EE_SIGNATURE|CERT_PKEY_EE_PARAM)
 /* Strict mode flags */
-# define CERT_PKEY_STRICT_FLAGS \
+#define CERT_PKEY_STRICT_FLAGS \
          (CERT_PKEY_VALID_FLAGS|CERT_PKEY_CA_SIGNATURE|CERT_PKEY_CA_PARAM \
          | CERT_PKEY_ISSUER_NAME|CERT_PKEY_CERT_TYPE)
 
@@ -4316,15 +2081,17 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
     int check_flags = 0, strict_mode;
     CERT_PKEY *cpk = NULL;
     CERT *c = s->cert;
+    uint32_t *pvalid;
     unsigned int suiteb_flags = tls1_suiteb(s);
     /* idx == -1 means checking server chains */
     if (idx != -1) {
         /* idx == -2 means checking client certificate chains */
         if (idx == -2) {
             cpk = c->key;
-            idx = cpk - c->pkeys;
+            idx = (int)(cpk - c->pkeys);
         } else
             cpk = c->pkeys + idx;
+        pvalid = s->s3->tmp.valid_flags + idx;
         x = cpk->x509;
         pk = cpk->privatekey;
         chain = cpk->chain;
@@ -4332,22 +2099,17 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
         /* If no cert or key, forget it */
         if (!x || !pk)
             goto end;
-# ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
-        /* Allow any certificate to pass test */
-        if (s->cert->cert_flags & SSL_CERT_FLAG_BROKEN_PROTOCOL) {
-            rv = CERT_PKEY_STRICT_FLAGS | CERT_PKEY_EXPLICIT_SIGN |
-                CERT_PKEY_VALID | CERT_PKEY_SIGN;
-            cpk->valid_flags = rv;
-            return rv;
-        }
-# endif
     } else {
+        size_t certidx;
+
         if (!x || !pk)
             return 0;
-        idx = ssl_cert_type(x, pk);
-        if (idx == -1)
+
+        if (ssl_cert_lookup_by_pkey(pk, &certidx) == NULL)
             return 0;
-        cpk = c->pkeys + idx;
+        idx = certidx;
+        pvalid = s->s3->tmp.valid_flags + idx;
+
         if (c->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT)
             check_flags = CERT_PKEY_STRICT_FLAGS;
         else
@@ -4372,30 +2134,43 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
      */
     if (TLS1_get_version(s) >= TLS1_2_VERSION && strict_mode) {
         int default_nid;
-        unsigned char rsign = 0;
-        if (c->peer_sigalgs)
+        int rsign = 0;
+        if (s->s3->tmp.peer_cert_sigalgs != NULL
+                || s->s3->tmp.peer_sigalgs != NULL) {
             default_nid = 0;
         /* If no sigalgs extension use defaults from RFC5246 */
-        else {
+        } else {
             switch (idx) {
-            case SSL_PKEY_RSA_ENC:
-            case SSL_PKEY_RSA_SIGN:
-            case SSL_PKEY_DH_RSA:
-                rsign = TLSEXT_signature_rsa;
+            case SSL_PKEY_RSA:
+                rsign = EVP_PKEY_RSA;
                 default_nid = NID_sha1WithRSAEncryption;
                 break;
 
             case SSL_PKEY_DSA_SIGN:
-            case SSL_PKEY_DH_DSA:
-                rsign = TLSEXT_signature_dsa;
+                rsign = EVP_PKEY_DSA;
                 default_nid = NID_dsaWithSHA1;
                 break;
 
             case SSL_PKEY_ECC:
-                rsign = TLSEXT_signature_ecdsa;
+                rsign = EVP_PKEY_EC;
                 default_nid = NID_ecdsa_with_SHA1;
                 break;
 
+            case SSL_PKEY_GOST01:
+                rsign = NID_id_GostR3410_2001;
+                default_nid = NID_id_GostR3411_94_with_GostR3410_2001;
+                break;
+
+            case SSL_PKEY_GOST12_256:
+                rsign = NID_id_GostR3410_2012_256;
+                default_nid = NID_id_tc26_signwithdigest_gost3410_2012_256;
+                break;
+
+            case SSL_PKEY_GOST12_512:
+                rsign = NID_id_GostR3410_2012_512;
+                default_nid = NID_id_tc26_signwithdigest_gost3410_2012_512;
+                break;
+
             default:
                 default_nid = -1;
                 break;
@@ -4407,9 +2182,11 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
          */
         if (default_nid > 0 && c->conf_sigalgs) {
             size_t j;
-            const unsigned char *p = c->conf_sigalgs;
-            for (j = 0; j < c->conf_sigalgslen; j += 2, p += 2) {
-                if (p[0] == TLSEXT_hash_sha1 && p[1] == rsign)
+            const uint16_t *p = c->conf_sigalgs;
+            for (j = 0; j < c->conf_sigalgslen; j++, p++) {
+                const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(*p);
+
+                if (lu != NULL && lu->hash == NID_sha1 && lu->sig == rsign)
                     break;
             }
             if (j == c->conf_sigalgslen) {
@@ -4441,7 +2218,7 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
         rv |= CERT_PKEY_EE_SIGNATURE | CERT_PKEY_CA_SIGNATURE;
  skip_sigs:
     /* Check cert parameters are consistent */
-    if (tls1_check_cert_param(s, x, check_flags ? 1 : 2))
+    if (tls1_check_cert_param(s, x, 1))
         rv |= CERT_PKEY_EE_PARAM;
     else if (!check_flags)
         goto end;
@@ -4464,7 +2241,7 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
     if (!s->server && strict_mode) {
         STACK_OF(X509_NAME) *ca_dn;
         int check_type = 0;
-        switch (pk->type) {
+        switch (EVP_PKEY_id(pk)) {
         case EVP_PKEY_RSA:
             check_type = TLS_CT_RSA_SIGN;
             break;
@@ -4474,38 +2251,24 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
         case EVP_PKEY_EC:
             check_type = TLS_CT_ECDSA_SIGN;
             break;
-        case EVP_PKEY_DH:
-        case EVP_PKEY_DHX:
-            {
-                int cert_type = X509_certificate_type(x, pk);
-                if (cert_type & EVP_PKS_RSA)
-                    check_type = TLS_CT_RSA_FIXED_DH;
-                if (cert_type & EVP_PKS_DSA)
-                    check_type = TLS_CT_DSS_FIXED_DH;
-            }
         }
         if (check_type) {
-            const unsigned char *ctypes;
-            int ctypelen;
-            if (c->ctypes) {
-                ctypes = c->ctypes;
-                ctypelen = (int)c->ctype_num;
-            } else {
-                ctypes = (unsigned char *)s->s3->tmp.ctype;
-                ctypelen = s->s3->tmp.ctype_num;
-            }
-            for (i = 0; i < ctypelen; i++) {
-                if (ctypes[i] == check_type) {
+            const uint8_t *ctypes = s->s3->tmp.ctype;
+            size_t j;
+
+            for (j = 0; j < s->s3->tmp.ctype_len; j++, ctypes++) {
+                if (*ctypes == check_type) {
                     rv |= CERT_PKEY_CERT_TYPE;
                     break;
                 }
             }
             if (!(rv & CERT_PKEY_CERT_TYPE) && !check_flags)
                 goto end;
-        } else
+        } else {
             rv |= CERT_PKEY_CERT_TYPE;
+        }
 
-        ca_dn = s->s3->tmp.ca_names;
+        ca_dn = s->s3->tmp.peer_ca_names;
 
         if (!sk_X509_NAME_num(ca_dn))
             rv |= CERT_PKEY_ISSUER_NAME;
@@ -4533,12 +2296,9 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
 
  end:
 
-    if (TLS1_get_version(s) >= TLS1_2_VERSION) {
-        if (cpk->valid_flags & CERT_PKEY_EXPLICIT_SIGN)
-            rv |= CERT_PKEY_EXPLICIT_SIGN | CERT_PKEY_SIGN;
-        else if (cpk->digest)
-            rv |= CERT_PKEY_SIGN;
-    } else
+    if (TLS1_get_version(s) >= TLS1_2_VERSION)
+        rv |= *pvalid & (CERT_PKEY_EXPLICIT_SIGN | CERT_PKEY_SIGN);
+    else
         rv |= CERT_PKEY_SIGN | CERT_PKEY_EXPLICIT_SIGN;
 
     /*
@@ -4546,11 +2306,11 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
      * chain is invalid.
      */
     if (!check_flags) {
-        if (rv & CERT_PKEY_VALID)
-            cpk->valid_flags = rv;
-        else {
-            /* Preserve explicit sign flag, clear rest */
-            cpk->valid_flags &= CERT_PKEY_EXPLICIT_SIGN;
+        if (rv & CERT_PKEY_VALID) {
+            *pvalid = rv;
+        } else {
+            /* Preserve sign and explicit sign flag, clear rest */
+            *pvalid &= CERT_PKEY_EXPLICIT_SIGN | CERT_PKEY_SIGN;
             return 0;
         }
     }
@@ -4560,18 +2320,415 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
 /* Set validity of certificates in an SSL structure */
 void tls1_set_cert_validity(SSL *s)
 {
-    tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_RSA_ENC);
-    tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_RSA_SIGN);
+    tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_RSA);
+    tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_RSA_PSS_SIGN);
     tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_DSA_SIGN);
-    tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_DH_RSA);
-    tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_DH_DSA);
     tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_ECC);
+    tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_GOST01);
+    tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_GOST12_256);
+    tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_GOST12_512);
+    tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_ED25519);
+    tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_ED448);
 }
 
-/* User level utiity function to check a chain is suitable */
+/* User level utility function to check a chain is suitable */
 int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain)
 {
     return tls1_check_chain(s, x, pk, chain, -1);
 }
 
+#ifndef OPENSSL_NO_DH
+DH *ssl_get_auto_dh(SSL *s)
+{
+    int dh_secbits = 80;
+    if (s->cert->dh_tmp_auto == 2)
+        return DH_get_1024_160();
+    if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aPSK)) {
+        if (s->s3->tmp.new_cipher->strength_bits == 256)
+            dh_secbits = 128;
+        else
+            dh_secbits = 80;
+    } else {
+        if (s->s3->tmp.cert == NULL)
+            return NULL;
+        dh_secbits = EVP_PKEY_security_bits(s->s3->tmp.cert->privatekey);
+    }
+
+    if (dh_secbits >= 128) {
+        DH *dhp = DH_new();
+        BIGNUM *p, *g;
+        if (dhp == NULL)
+            return NULL;
+        g = BN_new();
+        if (g == NULL || !BN_set_word(g, 2)) {
+            DH_free(dhp);
+            BN_free(g);
+            return NULL;
+        }
+        if (dh_secbits >= 192)
+            p = BN_get_rfc3526_prime_8192(NULL);
+        else
+            p = BN_get_rfc3526_prime_3072(NULL);
+        if (p == NULL || !DH_set0_pqg(dhp, p, NULL, g)) {
+            DH_free(dhp);
+            BN_free(p);
+            BN_free(g);
+            return NULL;
+        }
+        return dhp;
+    }
+    if (dh_secbits >= 112)
+        return DH_get_2048_224();
+    return DH_get_1024_160();
+}
+#endif
+
+static int ssl_security_cert_key(SSL *s, SSL_CTX *ctx, X509 *x, int op)
+{
+    int secbits = -1;
+    EVP_PKEY *pkey = X509_get0_pubkey(x);
+    if (pkey) {
+        /*
+         * If no parameters this will return -1 and fail using the default
+         * security callback for any non-zero security level. This will
+         * reject keys which omit parameters but this only affects DSA and
+         * omission of parameters is never (?) done in practice.
+         */
+        secbits = EVP_PKEY_security_bits(pkey);
+    }
+    if (s)
+        return ssl_security(s, op, secbits, 0, x);
+    else
+        return ssl_ctx_security(ctx, op, secbits, 0, x);
+}
+
+static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op)
+{
+    /* Lookup signature algorithm digest */
+    int secbits, nid, pknid;
+    /* Don't check signature if self signed */
+    if ((X509_get_extension_flags(x) & EXFLAG_SS) != 0)
+        return 1;
+    if (!X509_get_signature_info(x, &nid, &pknid, &secbits, NULL))
+        secbits = -1;
+    /* If digest NID not defined use signature NID */
+    if (nid == NID_undef)
+        nid = pknid;
+    if (s)
+        return ssl_security(s, op, secbits, nid, x);
+    else
+        return ssl_ctx_security(ctx, op, secbits, nid, x);
+}
+
+int ssl_security_cert(SSL *s, SSL_CTX *ctx, X509 *x, int vfy, int is_ee)
+{
+    if (vfy)
+        vfy = SSL_SECOP_PEER;
+    if (is_ee) {
+        if (!ssl_security_cert_key(s, ctx, x, SSL_SECOP_EE_KEY | vfy))
+            return SSL_R_EE_KEY_TOO_SMALL;
+    } else {
+        if (!ssl_security_cert_key(s, ctx, x, SSL_SECOP_CA_KEY | vfy))
+            return SSL_R_CA_KEY_TOO_SMALL;
+    }
+    if (!ssl_security_cert_sig(s, ctx, x, SSL_SECOP_CA_MD | vfy))
+        return SSL_R_CA_MD_TOO_WEAK;
+    return 1;
+}
+
+/*
+ * Check security of a chain, if |sk| includes the end entity certificate then
+ * |x| is NULL. If |vfy| is 1 then we are verifying a peer chain and not sending
+ * one to the peer. Return values: 1 if ok otherwise error code to use
+ */
+
+int ssl_security_cert_chain(SSL *s, STACK_OF(X509) *sk, X509 *x, int vfy)
+{
+    int rv, start_idx, i;
+    if (x == NULL) {
+        x = sk_X509_value(sk, 0);
+        start_idx = 1;
+    } else
+        start_idx = 0;
+
+    rv = ssl_security_cert(s, NULL, x, vfy, 1);
+    if (rv != 1)
+        return rv;
+
+    for (i = start_idx; i < sk_X509_num(sk); i++) {
+        x = sk_X509_value(sk, i);
+        rv = ssl_security_cert(s, NULL, x, vfy, 0);
+        if (rv != 1)
+            return rv;
+    }
+    return 1;
+}
+
+/*
+ * For TLS 1.2 servers check if we have a certificate which can be used
+ * with the signature algorithm "lu" and return index of certificate.
+ */
+
+static int tls12_get_cert_sigalg_idx(const SSL *s, const SIGALG_LOOKUP *lu)
+{
+    int sig_idx = lu->sig_idx;
+    const SSL_CERT_LOOKUP *clu = ssl_cert_lookup_by_idx(sig_idx);
+
+    /* If not recognised or not supported by cipher mask it is not suitable */
+    if (clu == NULL
+            || (clu->amask & s->s3->tmp.new_cipher->algorithm_auth) == 0
+            || (clu->nid == EVP_PKEY_RSA_PSS
+                && (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kRSA) != 0))
+        return -1;
+
+    return s->s3->tmp.valid_flags[sig_idx] & CERT_PKEY_VALID ? sig_idx : -1;
+}
+
+/*
+ * Returns true if |s| has a usable certificate configured for use
+ * with signature scheme |sig|.
+ * "Usable" includes a check for presence as well as applying
+ * the signature_algorithm_cert restrictions sent by the peer (if any).
+ * Returns false if no usable certificate is found.
+ */
+static int has_usable_cert(SSL *s, const SIGALG_LOOKUP *sig, int idx)
+{
+    const SIGALG_LOOKUP *lu;
+    int mdnid, pknid;
+    size_t i;
+
+    /* TLS 1.2 callers can override lu->sig_idx, but not TLS 1.3 callers. */
+    if (idx == -1)
+        idx = sig->sig_idx;
+    if (!ssl_has_cert(s, idx))
+        return 0;
+    if (s->s3->tmp.peer_cert_sigalgs != NULL) {
+        for (i = 0; i < s->s3->tmp.peer_cert_sigalgslen; i++) {
+            lu = tls1_lookup_sigalg(s->s3->tmp.peer_cert_sigalgs[i]);
+            if (lu == NULL
+                || !X509_get_signature_info(s->cert->pkeys[idx].x509, &mdnid,
+                                            &pknid, NULL, NULL))
+                continue;
+            /*
+             * TODO this does not differentiate between the
+             * rsa_pss_pss_* and rsa_pss_rsae_* schemes since we do not
+             * have a chain here that lets us look at the key OID in the
+             * signing certificate.
+             */
+            if (mdnid == lu->hash && pknid == lu->sig)
+                return 1;
+        }
+        return 0;
+    }
+    return 1;
+}
+
+/*
+ * Choose an appropriate signature algorithm based on available certificates
+ * Sets chosen certificate and signature algorithm.
+ *
+ * For servers if we fail to find a required certificate it is a fatal error,
+ * an appropriate error code is set and a TLS alert is sent.
+ *
+ * For clients fatalerrs is set to 0. If a certificate is not suitable it is not
+ * a fatal error: we will either try another certificate or not present one
+ * to the server. In this case no error is set.
+ */
+int tls_choose_sigalg(SSL *s, int fatalerrs)
+{
+    const SIGALG_LOOKUP *lu = NULL;
+    int sig_idx = -1;
+
+    s->s3->tmp.cert = NULL;
+    s->s3->tmp.sigalg = NULL;
+
+    if (SSL_IS_TLS13(s)) {
+        size_t i;
+#ifndef OPENSSL_NO_EC
+        int curve = -1;
+#endif
+
+        /* Look for a certificate matching shared sigalgs */
+        for (i = 0; i < s->cert->shared_sigalgslen; i++) {
+            lu = s->cert->shared_sigalgs[i];
+            sig_idx = -1;
+
+            /* Skip SHA1, SHA224, DSA and RSA if not PSS */
+            if (lu->hash == NID_sha1
+                || lu->hash == NID_sha224
+                || lu->sig == EVP_PKEY_DSA
+                || lu->sig == EVP_PKEY_RSA)
+                continue;
+            /* Check that we have a cert, and signature_algorithms_cert */
+            if (!tls1_lookup_md(lu, NULL) || !has_usable_cert(s, lu, -1))
+                continue;
+            if (lu->sig == EVP_PKEY_EC) {
+#ifndef OPENSSL_NO_EC
+                if (curve == -1) {
+                    EC_KEY *ec = EVP_PKEY_get0_EC_KEY(s->cert->pkeys[SSL_PKEY_ECC].privatekey);
+
+                    curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
+                }
+                if (lu->curve != NID_undef && curve != lu->curve)
+                    continue;
+#else
+                continue;
+#endif
+            } else if (lu->sig == EVP_PKEY_RSA_PSS) {
+                /* validate that key is large enough for the signature algorithm */
+                EVP_PKEY *pkey;
+
+                pkey = s->cert->pkeys[lu->sig_idx].privatekey;
+                if (!rsa_pss_check_min_key_size(EVP_PKEY_get0(pkey), lu))
+                    continue;
+            }
+            break;
+        }
+        if (i == s->cert->shared_sigalgslen) {
+            if (!fatalerrs)
+                return 1;
+            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_CHOOSE_SIGALG,
+                     SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM);
+            return 0;
+        }
+    } else {
+        /* If ciphersuite doesn't require a cert nothing to do */
+        if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aCERT))
+            return 1;
+        if (!s->server && !ssl_has_cert(s, s->cert->key - s->cert->pkeys))
+                return 1;
+
+        if (SSL_USE_SIGALGS(s)) {
+            size_t i;
+            if (s->s3->tmp.peer_sigalgs != NULL) {
+#ifndef OPENSSL_NO_EC
+                int curve;
+
+                /* For Suite B need to match signature algorithm to curve */
+                if (tls1_suiteb(s)) {
+                    EC_KEY *ec = EVP_PKEY_get0_EC_KEY(s->cert->pkeys[SSL_PKEY_ECC].privatekey);
+                    curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
+                } else {
+                    curve = -1;
+                }
 #endif
+
+                /*
+                 * Find highest preference signature algorithm matching
+                 * cert type
+                 */
+                for (i = 0; i < s->cert->shared_sigalgslen; i++) {
+                    lu = s->cert->shared_sigalgs[i];
+
+                    if (s->server) {
+                        if ((sig_idx = tls12_get_cert_sigalg_idx(s, lu)) == -1)
+                            continue;
+                    } else {
+                        int cc_idx = s->cert->key - s->cert->pkeys;
+
+                        sig_idx = lu->sig_idx;
+                        if (cc_idx != sig_idx)
+                            continue;
+                    }
+                    /* Check that we have a cert, and sig_algs_cert */
+                    if (!has_usable_cert(s, lu, sig_idx))
+                        continue;
+                    if (lu->sig == EVP_PKEY_RSA_PSS) {
+                        /* validate that key is large enough for the signature algorithm */
+                        EVP_PKEY *pkey = s->cert->pkeys[sig_idx].privatekey;
+
+                        if (!rsa_pss_check_min_key_size(EVP_PKEY_get0(pkey), lu))
+                            continue;
+                    }
+#ifndef OPENSSL_NO_EC
+                    if (curve == -1 || lu->curve == curve)
+#endif
+                        break;
+                }
+                if (i == s->cert->shared_sigalgslen) {
+                    if (!fatalerrs)
+                        return 1;
+                    SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                             SSL_F_TLS_CHOOSE_SIGALG,
+                             SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM);
+                    return 0;
+                }
+            } else {
+                /*
+                 * If we have no sigalg use defaults
+                 */
+                const uint16_t *sent_sigs;
+                size_t sent_sigslen;
+
+                if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) {
+                    if (!fatalerrs)
+                        return 1;
+                    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CHOOSE_SIGALG,
+                             ERR_R_INTERNAL_ERROR);
+                    return 0;
+                }
+
+                /* Check signature matches a type we sent */
+                sent_sigslen = tls12_get_psigalgs(s, 1, &sent_sigs);
+                for (i = 0; i < sent_sigslen; i++, sent_sigs++) {
+                    if (lu->sigalg == *sent_sigs
+                            && has_usable_cert(s, lu, lu->sig_idx))
+                        break;
+                }
+                if (i == sent_sigslen) {
+                    if (!fatalerrs)
+                        return 1;
+                    SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                             SSL_F_TLS_CHOOSE_SIGALG,
+                             SSL_R_WRONG_SIGNATURE_TYPE);
+                    return 0;
+                }
+            }
+        } else {
+            if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) {
+                if (!fatalerrs)
+                    return 1;
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CHOOSE_SIGALG,
+                         ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+        }
+    }
+    if (sig_idx == -1)
+        sig_idx = lu->sig_idx;
+    s->s3->tmp.cert = &s->cert->pkeys[sig_idx];
+    s->cert->key = s->s3->tmp.cert;
+    s->s3->tmp.sigalg = lu;
+    return 1;
+}
+
+int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode)
+{
+    if (mode != TLSEXT_max_fragment_length_DISABLED
+            && !IS_MAX_FRAGMENT_LENGTH_EXT_VALID(mode)) {
+        SSLerr(SSL_F_SSL_CTX_SET_TLSEXT_MAX_FRAGMENT_LENGTH,
+               SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH);
+        return 0;
+    }
+
+    ctx->ext.max_fragment_len_mode = mode;
+    return 1;
+}
+
+int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode)
+{
+    if (mode != TLSEXT_max_fragment_length_DISABLED
+            && !IS_MAX_FRAGMENT_LENGTH_EXT_VALID(mode)) {
+        SSLerr(SSL_F_SSL_SET_TLSEXT_MAX_FRAGMENT_LENGTH,
+               SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH);
+        return 0;
+    }
+
+    ssl->ext.max_fragment_len_mode = mode;
+    return 1;
+}
+
+uint8_t SSL_SESSION_get_max_fragment_length(const SSL_SESSION *session)
+{
+    return session->ext.max_fragment_len_mode;
+}
diff --git a/freebsd/crypto/openssl/ssl/t1_meth.c b/freebsd/crypto/openssl/ssl/t1_meth.c
deleted file mode 100644
index f25450b2..00000000
--- a/freebsd/crypto/openssl/ssl/t1_meth.c
+++ /dev/null
@@ -1,86 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* ssl/t1_meth.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/objects.h>
-#include "ssl_locl.h"
-
-static const SSL_METHOD *tls1_get_method(int ver)
-{
-    if (ver == TLS1_2_VERSION)
-        return TLSv1_2_method();
-    if (ver == TLS1_1_VERSION)
-        return TLSv1_1_method();
-    if (ver == TLS1_VERSION)
-        return TLSv1_method();
-    return NULL;
-}
-
-IMPLEMENT_tls_meth_func(TLS1_2_VERSION, TLSv1_2_method,
-                        ssl3_accept,
-                        ssl3_connect, tls1_get_method, TLSv1_2_enc_data)
-
-    IMPLEMENT_tls_meth_func(TLS1_1_VERSION, TLSv1_1_method,
-                        ssl3_accept,
-                        ssl3_connect, tls1_get_method, TLSv1_1_enc_data)
-
-    IMPLEMENT_tls_meth_func(TLS1_VERSION, TLSv1_method,
-                        ssl3_accept,
-                        ssl3_connect, tls1_get_method, TLSv1_enc_data)
diff --git a/freebsd/crypto/openssl/ssl/t1_reneg.c b/freebsd/crypto/openssl/ssl/t1_reneg.c
deleted file mode 100644
index 5d7820cd..00000000
--- a/freebsd/crypto/openssl/ssl/t1_reneg.c
+++ /dev/null
@@ -1,294 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* ssl/t1_reneg.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2009 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include <stdio.h>
-#include <openssl/objects.h>
-#include "ssl_locl.h"
-
-/* Add the client's renegotiation binding */
-int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
-                                        int maxlen)
-{
-    if (p) {
-        if ((s->s3->previous_client_finished_len + 1) > maxlen) {
-            SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT,
-                   SSL_R_RENEGOTIATE_EXT_TOO_LONG);
-            return 0;
-        }
-
-        /* Length byte */
-        *p = s->s3->previous_client_finished_len;
-        p++;
-
-        memcpy(p, s->s3->previous_client_finished,
-               s->s3->previous_client_finished_len);
-#ifdef OPENSSL_RI_DEBUG
-        fprintf(stderr, "%s RI extension sent by client\n",
-                s->s3->previous_client_finished_len ? "Non-empty" : "Empty");
-#endif
-    }
-
-    *len = s->s3->previous_client_finished_len + 1;
-
-    return 1;
-}
-
-/*
- * Parse the client's renegotiation binding and abort if it's not right
- */
-int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
-                                          int *al)
-{
-    int ilen;
-
-    /* Parse the length byte */
-    if (len < 1) {
-        SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
-               SSL_R_RENEGOTIATION_ENCODING_ERR);
-        *al = SSL_AD_ILLEGAL_PARAMETER;
-        return 0;
-    }
-    ilen = *d;
-    d++;
-
-    /* Consistency check */
-    if ((ilen + 1) != len) {
-        SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
-               SSL_R_RENEGOTIATION_ENCODING_ERR);
-        *al = SSL_AD_ILLEGAL_PARAMETER;
-        return 0;
-    }
-
-    /* Check that the extension matches */
-    if (ilen != s->s3->previous_client_finished_len) {
-        SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
-               SSL_R_RENEGOTIATION_MISMATCH);
-        *al = SSL_AD_HANDSHAKE_FAILURE;
-        return 0;
-    }
-
-    if (memcmp(d, s->s3->previous_client_finished,
-               s->s3->previous_client_finished_len)) {
-        SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
-               SSL_R_RENEGOTIATION_MISMATCH);
-        *al = SSL_AD_HANDSHAKE_FAILURE;
-        return 0;
-    }
-#ifdef OPENSSL_RI_DEBUG
-    fprintf(stderr, "%s RI extension received by server\n",
-            ilen ? "Non-empty" : "Empty");
-#endif
-
-    s->s3->send_connection_binding = 1;
-
-    return 1;
-}
-
-/* Add the server's renegotiation binding */
-int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
-                                        int maxlen)
-{
-    if (p) {
-        if ((s->s3->previous_client_finished_len +
-             s->s3->previous_server_finished_len + 1) > maxlen) {
-            SSLerr(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT,
-                   SSL_R_RENEGOTIATE_EXT_TOO_LONG);
-            return 0;
-        }
-
-        /* Length byte */
-        *p = s->s3->previous_client_finished_len +
-            s->s3->previous_server_finished_len;
-        p++;
-
-        memcpy(p, s->s3->previous_client_finished,
-               s->s3->previous_client_finished_len);
-        p += s->s3->previous_client_finished_len;
-
-        memcpy(p, s->s3->previous_server_finished,
-               s->s3->previous_server_finished_len);
-#ifdef OPENSSL_RI_DEBUG
-        fprintf(stderr, "%s RI extension sent by server\n",
-                s->s3->previous_client_finished_len ? "Non-empty" : "Empty");
-#endif
-    }
-
-    *len = s->s3->previous_client_finished_len
-        + s->s3->previous_server_finished_len + 1;
-
-    return 1;
-}
-
-/*
- * Parse the server's renegotiation binding and abort if it's not right
- */
-int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
-                                          int *al)
-{
-    int expected_len = s->s3->previous_client_finished_len
-        + s->s3->previous_server_finished_len;
-    int ilen;
-
-    /* Check for logic errors */
-    OPENSSL_assert(!expected_len || s->s3->previous_client_finished_len);
-    OPENSSL_assert(!expected_len || s->s3->previous_server_finished_len);
-
-    /* Parse the length byte */
-    if (len < 1) {
-        SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
-               SSL_R_RENEGOTIATION_ENCODING_ERR);
-        *al = SSL_AD_ILLEGAL_PARAMETER;
-        return 0;
-    }
-    ilen = *d;
-    d++;
-
-    /* Consistency check */
-    if (ilen + 1 != len) {
-        SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
-               SSL_R_RENEGOTIATION_ENCODING_ERR);
-        *al = SSL_AD_ILLEGAL_PARAMETER;
-        return 0;
-    }
-
-    /* Check that the extension matches */
-    if (ilen != expected_len) {
-        SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
-               SSL_R_RENEGOTIATION_MISMATCH);
-        *al = SSL_AD_HANDSHAKE_FAILURE;
-        return 0;
-    }
-
-    if (memcmp(d, s->s3->previous_client_finished,
-               s->s3->previous_client_finished_len)) {
-        SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
-               SSL_R_RENEGOTIATION_MISMATCH);
-        *al = SSL_AD_HANDSHAKE_FAILURE;
-        return 0;
-    }
-    d += s->s3->previous_client_finished_len;
-
-    if (memcmp(d, s->s3->previous_server_finished,
-               s->s3->previous_server_finished_len)) {
-        SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
-               SSL_R_RENEGOTIATION_MISMATCH);
-        *al = SSL_AD_ILLEGAL_PARAMETER;
-        return 0;
-    }
-#ifdef OPENSSL_RI_DEBUG
-    fprintf(stderr, "%s RI extension received by client\n",
-            ilen ? "Non-empty" : "Empty");
-#endif
-    s->s3->send_connection_binding = 1;
-
-    return 1;
-}
diff --git a/freebsd/crypto/openssl/ssl/t1_srvr.c b/freebsd/crypto/openssl/ssl/t1_srvr.c
deleted file mode 100644
index 6dea3210..00000000
--- a/freebsd/crypto/openssl/ssl/t1_srvr.c
+++ /dev/null
@@ -1,94 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* ssl/t1_srvr.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-
-static const SSL_METHOD *tls1_get_server_method(int ver);
-static const SSL_METHOD *tls1_get_server_method(int ver)
-{
-    if (ver == TLS1_2_VERSION)
-        return TLSv1_2_server_method();
-    if (ver == TLS1_1_VERSION)
-        return TLSv1_1_server_method();
-    if (ver == TLS1_VERSION)
-        return TLSv1_server_method();
-    return NULL;
-}
-
-IMPLEMENT_tls_meth_func(TLS1_2_VERSION, TLSv1_2_server_method,
-                        ssl3_accept,
-                        ssl_undefined_function,
-                        tls1_get_server_method, TLSv1_2_enc_data)
-
-    IMPLEMENT_tls_meth_func(TLS1_1_VERSION, TLSv1_1_server_method,
-                        ssl3_accept,
-                        ssl_undefined_function,
-                        tls1_get_server_method, TLSv1_1_enc_data)
-
-    IMPLEMENT_tls_meth_func(TLS1_VERSION, TLSv1_server_method,
-                        ssl3_accept,
-                        ssl_undefined_function,
-                        tls1_get_server_method, TLSv1_enc_data)
diff --git a/freebsd/crypto/openssl/ssl/t1_trce.c b/freebsd/crypto/openssl/ssl/t1_trce.c
index c7cdc294..bd980651 100644
--- a/freebsd/crypto/openssl/ssl/t1_trce.c
+++ b/freebsd/crypto/openssl/ssl/t1_trce.c
@@ -1,58 +1,12 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* ssl/t1_trce.c */
 /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2012-2018 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include "ssl_locl.h"
@@ -67,15 +21,17 @@ typedef struct {
 } ssl_trace_tbl;
 
 # define ssl_trace_str(val, tbl) \
-        do_ssl_trace_str(val, tbl, sizeof(tbl)/sizeof(ssl_trace_tbl))
+    do_ssl_trace_str(val, tbl, OSSL_NELEM(tbl))
 
 # define ssl_trace_list(bio, indent, msg, msglen, value, table) \
-        do_ssl_trace_list(bio, indent, msg, msglen, value, \
-         table, sizeof(table)/sizeof(ssl_trace_tbl))
+    do_ssl_trace_list(bio, indent, msg, msglen, value, \
+                      table, OSSL_NELEM(table))
 
-static const char *do_ssl_trace_str(int val, ssl_trace_tbl *tbl, size_t ntbl)
+static const char *do_ssl_trace_str(int val, const ssl_trace_tbl *tbl,
+                                    size_t ntbl)
 {
     size_t i;
+
     for (i = 0; i < ntbl; i++, tbl++) {
         if (tbl->num == val)
             return tbl->name;
@@ -85,9 +41,10 @@ static const char *do_ssl_trace_str(int val, ssl_trace_tbl *tbl, size_t ntbl)
 
 static int do_ssl_trace_list(BIO *bio, int indent,
                              const unsigned char *msg, size_t msglen,
-                             size_t vlen, ssl_trace_tbl *tbl, size_t ntbl)
+                             size_t vlen, const ssl_trace_tbl *tbl, size_t ntbl)
 {
     int val;
+
     if (msglen % vlen)
         return 0;
     while (msglen) {
@@ -104,74 +61,80 @@ static int do_ssl_trace_list(BIO *bio, int indent,
 
 /* Version number */
 
-static ssl_trace_tbl ssl_version_tbl[] = {
-    {SSL2_VERSION, "SSL 2.0"},
+static const ssl_trace_tbl ssl_version_tbl[] = {
     {SSL3_VERSION, "SSL 3.0"},
     {TLS1_VERSION, "TLS 1.0"},
     {TLS1_1_VERSION, "TLS 1.1"},
     {TLS1_2_VERSION, "TLS 1.2"},
+    {TLS1_3_VERSION, "TLS 1.3"},
     {DTLS1_VERSION, "DTLS 1.0"},
     {DTLS1_2_VERSION, "DTLS 1.2"},
     {DTLS1_BAD_VER, "DTLS 1.0 (bad)"}
 };
 
-static ssl_trace_tbl ssl_content_tbl[] = {
+static const ssl_trace_tbl ssl_content_tbl[] = {
     {SSL3_RT_CHANGE_CIPHER_SPEC, "ChangeCipherSpec"},
     {SSL3_RT_ALERT, "Alert"},
     {SSL3_RT_HANDSHAKE, "Handshake"},
     {SSL3_RT_APPLICATION_DATA, "ApplicationData"},
-    {TLS1_RT_HEARTBEAT, "HeartBeat"}
 };
 
-/* Handshake types */
-static ssl_trace_tbl ssl_handshake_tbl[] = {
+/* Handshake types, sorted by ascending id  */
+static const ssl_trace_tbl ssl_handshake_tbl[] = {
     {SSL3_MT_HELLO_REQUEST, "HelloRequest"},
     {SSL3_MT_CLIENT_HELLO, "ClientHello"},
     {SSL3_MT_SERVER_HELLO, "ServerHello"},
     {DTLS1_MT_HELLO_VERIFY_REQUEST, "HelloVerifyRequest"},
     {SSL3_MT_NEWSESSION_TICKET, "NewSessionTicket"},
+    {SSL3_MT_END_OF_EARLY_DATA, "EndOfEarlyData"},
+    {SSL3_MT_ENCRYPTED_EXTENSIONS, "EncryptedExtensions"},
     {SSL3_MT_CERTIFICATE, "Certificate"},
     {SSL3_MT_SERVER_KEY_EXCHANGE, "ServerKeyExchange"},
     {SSL3_MT_CERTIFICATE_REQUEST, "CertificateRequest"},
-    {SSL3_MT_CLIENT_KEY_EXCHANGE, "ClientKeyExchange"},
-    {SSL3_MT_CERTIFICATE_STATUS, "CertificateStatus"},
     {SSL3_MT_SERVER_DONE, "ServerHelloDone"},
     {SSL3_MT_CERTIFICATE_VERIFY, "CertificateVerify"},
     {SSL3_MT_CLIENT_KEY_EXCHANGE, "ClientKeyExchange"},
     {SSL3_MT_FINISHED, "Finished"},
-    {SSL3_MT_CERTIFICATE_STATUS, "CertificateStatus"}
+    {SSL3_MT_CERTIFICATE_URL, "CertificateUrl"},
+    {SSL3_MT_CERTIFICATE_STATUS, "CertificateStatus"},
+    {SSL3_MT_SUPPLEMENTAL_DATA, "SupplementalData"},
+    {SSL3_MT_KEY_UPDATE, "KeyUpdate"},
+# ifndef OPENSSL_NO_NEXTPROTONEG
+    {SSL3_MT_NEXT_PROTO, "NextProto"},
+# endif
+    {SSL3_MT_MESSAGE_HASH, "MessageHash"}
 };
 
 /* Cipher suites */
-static ssl_trace_tbl ssl_ciphers_tbl[] = {
-    {0x0000, "SSL_NULL_WITH_NULL_NULL"},
-    {0x0001, "SSL_RSA_WITH_NULL_MD5"},
-    {0x0002, "SSL_RSA_WITH_NULL_SHA"},
-    {0x0003, "SSL_RSA_EXPORT_WITH_RC4_40_MD5"},
-    {0x0004, "SSL_RSA_WITH_RC4_128_MD5"},
-    {0x0005, "SSL_RSA_WITH_RC4_128_SHA"},
-    {0x0006, "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5"},
-    {0x0007, "SSL_RSA_WITH_IDEA_CBC_SHA"},
-    {0x0008, "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA"},
-    {0x0009, "SSL_RSA_WITH_DES_CBC_SHA"},
-    {0x000A, "SSL_RSA_WITH_3DES_EDE_CBC_SHA"},
-    {0x000B, "SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"},
-    {0x000C, "SSL_DH_DSS_WITH_DES_CBC_SHA"},
-    {0x000D, "SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA"},
-    {0x000E, "SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"},
-    {0x000F, "SSL_DH_RSA_WITH_DES_CBC_SHA"},
-    {0x0010, "SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA"},
-    {0x0011, "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"},
-    {0x0012, "SSL_DHE_DSS_WITH_DES_CBC_SHA"},
-    {0x0013, "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"},
-    {0x0014, "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"},
-    {0x0015, "SSL_DHE_RSA_WITH_DES_CBC_SHA"},
-    {0x0016, "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA"},
-    {0x0017, "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5"},
-    {0x0018, "SSL_DH_anon_WITH_RC4_128_MD5"},
-    {0x0019, "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA"},
-    {0x001A, "SSL_DH_anon_WITH_DES_CBC_SHA"},
-    {0x001B, "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA"},
+static const ssl_trace_tbl ssl_ciphers_tbl[] = {
+    {0x0000, "TLS_NULL_WITH_NULL_NULL"},
+    {0x0001, "TLS_RSA_WITH_NULL_MD5"},
+    {0x0002, "TLS_RSA_WITH_NULL_SHA"},
+    {0x0003, "TLS_RSA_EXPORT_WITH_RC4_40_MD5"},
+    {0x0004, "TLS_RSA_WITH_RC4_128_MD5"},
+    {0x0005, "TLS_RSA_WITH_RC4_128_SHA"},
+    {0x0006, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5"},
+    {0x0007, "TLS_RSA_WITH_IDEA_CBC_SHA"},
+    {0x0008, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA"},
+    {0x0009, "TLS_RSA_WITH_DES_CBC_SHA"},
+    {0x000A, "TLS_RSA_WITH_3DES_EDE_CBC_SHA"},
+    {0x000B, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"},
+    {0x000C, "TLS_DH_DSS_WITH_DES_CBC_SHA"},
+    {0x000D, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA"},
+    {0x000E, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"},
+    {0x000F, "TLS_DH_RSA_WITH_DES_CBC_SHA"},
+    {0x0010, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA"},
+    {0x0011, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"},
+    {0x0012, "TLS_DHE_DSS_WITH_DES_CBC_SHA"},
+    {0x0013, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA"},
+    {0x0014, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"},
+    {0x0015, "TLS_DHE_RSA_WITH_DES_CBC_SHA"},
+    {0x0016, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA"},
+    {0x0017, "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5"},
+    {0x0018, "TLS_DH_anon_WITH_RC4_128_MD5"},
+    {0x0019, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA"},
+    {0x001A, "TLS_DH_anon_WITH_DES_CBC_SHA"},
+    {0x001B, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA"},
     {0x001D, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA"},
     {0x001E, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA"},
     {0x001F, "TLS_KRB5_WITH_3DES_EDE_CBC_SHA"},
@@ -187,6 +150,9 @@ static ssl_trace_tbl ssl_ciphers_tbl[] = {
     {0x0029, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5"},
     {0x002A, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5"},
     {0x002B, "TLS_KRB5_EXPORT_WITH_RC4_40_MD5"},
+    {0x002C, "TLS_PSK_WITH_NULL_SHA"},
+    {0x002D, "TLS_DHE_PSK_WITH_NULL_SHA"},
+    {0x002E, "TLS_RSA_PSK_WITH_NULL_SHA"},
     {0x002F, "TLS_RSA_WITH_AES_128_CBC_SHA"},
     {0x0030, "TLS_DH_DSS_WITH_AES_128_CBC_SHA"},
     {0x0031, "TLS_DH_RSA_WITH_AES_128_CBC_SHA"},
@@ -218,6 +184,8 @@ static ssl_trace_tbl ssl_ciphers_tbl[] = {
     {0x006B, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"},
     {0x006C, "TLS_DH_anon_WITH_AES_128_CBC_SHA256"},
     {0x006D, "TLS_DH_anon_WITH_AES_256_CBC_SHA256"},
+    {0x0081, "TLS_GOSTR341001_WITH_28147_CNT_IMIT"},
+    {0x0083, "TLS_GOSTR341001_WITH_NULL_GOSTR3411"},
     {0x0084, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA"},
     {0x0085, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA"},
     {0x0086, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA"},
@@ -285,6 +253,7 @@ static ssl_trace_tbl ssl_ciphers_tbl[] = {
     {0x00C4, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256"},
     {0x00C5, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256"},
     {0x00FF, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"},
+    {0x5600, "TLS_FALLBACK_SCSV"},
     {0xC001, "TLS_ECDH_ECDSA_WITH_NULL_SHA"},
     {0xC002, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA"},
     {0xC003, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"},
@@ -335,18 +304,157 @@ static ssl_trace_tbl ssl_ciphers_tbl[] = {
     {0xC030, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"},
     {0xC031, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"},
     {0xC032, "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384"},
+    {0xC033, "TLS_ECDHE_PSK_WITH_RC4_128_SHA"},
+    {0xC034, "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA"},
+    {0xC035, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"},
+    {0xC036, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA"},
+    {0xC037, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256"},
+    {0xC038, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384"},
+    {0xC039, "TLS_ECDHE_PSK_WITH_NULL_SHA"},
+    {0xC03A, "TLS_ECDHE_PSK_WITH_NULL_SHA256"},
+    {0xC03B, "TLS_ECDHE_PSK_WITH_NULL_SHA384"},
+    {0xC03C, "TLS_RSA_WITH_ARIA_128_CBC_SHA256"},
+    {0xC03D, "TLS_RSA_WITH_ARIA_256_CBC_SHA384"},
+    {0xC03E, "TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256"},
+    {0xC03F, "TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384"},
+    {0xC040, "TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256"},
+    {0xC041, "TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384"},
+    {0xC042, "TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256"},
+    {0xC043, "TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384"},
+    {0xC044, "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256"},
+    {0xC045, "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384"},
+    {0xC046, "TLS_DH_anon_WITH_ARIA_128_CBC_SHA256"},
+    {0xC047, "TLS_DH_anon_WITH_ARIA_256_CBC_SHA384"},
+    {0xC048, "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256"},
+    {0xC049, "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384"},
+    {0xC04A, "TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256"},
+    {0xC04B, "TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384"},
+    {0xC04C, "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256"},
+    {0xC04D, "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384"},
+    {0xC04E, "TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256"},
+    {0xC04F, "TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384"},
+    {0xC050, "TLS_RSA_WITH_ARIA_128_GCM_SHA256"},
+    {0xC051, "TLS_RSA_WITH_ARIA_256_GCM_SHA384"},
+    {0xC052, "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256"},
+    {0xC053, "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384"},
+    {0xC054, "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256"},
+    {0xC055, "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384"},
+    {0xC056, "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256"},
+    {0xC057, "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384"},
+    {0xC058, "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256"},
+    {0xC059, "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384"},
+    {0xC05A, "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256"},
+    {0xC05B, "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384"},
+    {0xC05C, "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256"},
+    {0xC05D, "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384"},
+    {0xC05E, "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256"},
+    {0xC05F, "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384"},
+    {0xC060, "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256"},
+    {0xC061, "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384"},
+    {0xC062, "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256"},
+    {0xC063, "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384"},
+    {0xC064, "TLS_PSK_WITH_ARIA_128_CBC_SHA256"},
+    {0xC065, "TLS_PSK_WITH_ARIA_256_CBC_SHA384"},
+    {0xC066, "TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256"},
+    {0xC067, "TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384"},
+    {0xC068, "TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256"},
+    {0xC069, "TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384"},
+    {0xC06A, "TLS_PSK_WITH_ARIA_128_GCM_SHA256"},
+    {0xC06B, "TLS_PSK_WITH_ARIA_256_GCM_SHA384"},
+    {0xC06C, "TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256"},
+    {0xC06D, "TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384"},
+    {0xC06E, "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256"},
+    {0xC06F, "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384"},
+    {0xC070, "TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256"},
+    {0xC071, "TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384"},
+    {0xC072, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0xC073, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384"},
+    {0xC074, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0xC075, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384"},
+    {0xC076, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0xC077, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384"},
+    {0xC078, "TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0xC079, "TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384"},
+    {0xC07A, "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC07B, "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC07C, "TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC07D, "TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC07E, "TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC07F, "TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC080, "TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC081, "TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC082, "TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC083, "TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC084, "TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC085, "TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC086, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC087, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC088, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC089, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC08A, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC08B, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC08C, "TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC08D, "TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC08E, "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC08F, "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC090, "TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC091, "TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC092, "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC093, "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC094, "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0xC095, "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384"},
+    {0xC096, "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0xC097, "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"},
+    {0xC098, "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0xC099, "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384"},
+    {0xC09A, "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0xC09B, "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"},
+    {0xC09C, "TLS_RSA_WITH_AES_128_CCM"},
+    {0xC09D, "TLS_RSA_WITH_AES_256_CCM"},
+    {0xC09E, "TLS_DHE_RSA_WITH_AES_128_CCM"},
+    {0xC09F, "TLS_DHE_RSA_WITH_AES_256_CCM"},
+    {0xC0A0, "TLS_RSA_WITH_AES_128_CCM_8"},
+    {0xC0A1, "TLS_RSA_WITH_AES_256_CCM_8"},
+    {0xC0A2, "TLS_DHE_RSA_WITH_AES_128_CCM_8"},
+    {0xC0A3, "TLS_DHE_RSA_WITH_AES_256_CCM_8"},
+    {0xC0A4, "TLS_PSK_WITH_AES_128_CCM"},
+    {0xC0A5, "TLS_PSK_WITH_AES_256_CCM"},
+    {0xC0A6, "TLS_DHE_PSK_WITH_AES_128_CCM"},
+    {0xC0A7, "TLS_DHE_PSK_WITH_AES_256_CCM"},
+    {0xC0A8, "TLS_PSK_WITH_AES_128_CCM_8"},
+    {0xC0A9, "TLS_PSK_WITH_AES_256_CCM_8"},
+    {0xC0AA, "TLS_PSK_DHE_WITH_AES_128_CCM_8"},
+    {0xC0AB, "TLS_PSK_DHE_WITH_AES_256_CCM_8"},
+    {0xC0AC, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM"},
+    {0xC0AD, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM"},
+    {0xC0AE, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8"},
+    {0xC0AF, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8"},
+    {0xCCA8, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"},
+    {0xCCA9, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"},
+    {0xCCAA, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"},
+    {0xCCAB, "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256"},
+    {0xCCAC, "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256"},
+    {0xCCAD, "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256"},
+    {0xCCAE, "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256"},
+    {0x1301, "TLS_AES_128_GCM_SHA256"},
+    {0x1302, "TLS_AES_256_GCM_SHA384"},
+    {0x1303, "TLS_CHACHA20_POLY1305_SHA256"},
+    {0x1304, "TLS_AES_128_CCM_SHA256"},
+    {0x1305, "TLS_AES_128_CCM_8_SHA256"},
     {0xFEFE, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
     {0xFEFF, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"},
+    {0xFF85, "GOST2012-GOST8912-GOST8912"},
+    {0xFF87, "GOST2012-NULL-GOST12"},
 };
 
 /* Compression methods */
-static ssl_trace_tbl ssl_comp_tbl[] = {
+static const ssl_trace_tbl ssl_comp_tbl[] = {
     {0x0000, "No Compression"},
     {0x0001, "Zlib Compression"}
 };
 
-/* Extensions */
-static ssl_trace_tbl ssl_exts_tbl[] = {
+/* Extensions sorted by ascending id */
+static const ssl_trace_tbl ssl_exts_tbl[] = {
     {TLSEXT_TYPE_server_name, "server_name"},
     {TLSEXT_TYPE_max_fragment_length, "max_fragment_length"},
     {TLSEXT_TYPE_client_certificate_url, "client_certificate_url"},
@@ -357,22 +465,35 @@ static ssl_trace_tbl ssl_exts_tbl[] = {
     {TLSEXT_TYPE_client_authz, "client_authz"},
     {TLSEXT_TYPE_server_authz, "server_authz"},
     {TLSEXT_TYPE_cert_type, "cert_type"},
-    {TLSEXT_TYPE_elliptic_curves, "elliptic_curves"},
+    {TLSEXT_TYPE_supported_groups, "supported_groups"},
     {TLSEXT_TYPE_ec_point_formats, "ec_point_formats"},
     {TLSEXT_TYPE_srp, "srp"},
     {TLSEXT_TYPE_signature_algorithms, "signature_algorithms"},
     {TLSEXT_TYPE_use_srtp, "use_srtp"},
-    {TLSEXT_TYPE_heartbeat, "heartbeat"},
+    {TLSEXT_TYPE_heartbeat, "tls_heartbeat"},
+    {TLSEXT_TYPE_application_layer_protocol_negotiation,
+     "application_layer_protocol_negotiation"},
+    {TLSEXT_TYPE_signed_certificate_timestamp, "signed_certificate_timestamps"},
+    {TLSEXT_TYPE_padding, "padding"},
+    {TLSEXT_TYPE_encrypt_then_mac, "encrypt_then_mac"},
+    {TLSEXT_TYPE_extended_master_secret, "extended_master_secret"},
     {TLSEXT_TYPE_session_ticket, "session_ticket"},
-# ifdef TLSEXT_TYPE_opaque_prf_input
-    {TLSEXT_TYPE_opaque_prf_input, "opaque_prf_input"},
-# endif
+    {TLSEXT_TYPE_psk, "psk"},
+    {TLSEXT_TYPE_early_data, "early_data"},
+    {TLSEXT_TYPE_supported_versions, "supported_versions"},
+    {TLSEXT_TYPE_cookie, "cookie_ext"},
+    {TLSEXT_TYPE_psk_kex_modes, "psk_key_exchange_modes"},
+    {TLSEXT_TYPE_certificate_authorities, "certificate_authorities"},
+    {TLSEXT_TYPE_post_handshake_auth, "post_handshake_auth"},
+    {TLSEXT_TYPE_signature_algorithms_cert, "signature_algorithms_cert"},
+    {TLSEXT_TYPE_key_share, "key_share"},
     {TLSEXT_TYPE_renegotiate, "renegotiate"},
+# ifndef OPENSSL_NO_NEXTPROTONEG
     {TLSEXT_TYPE_next_proto_neg, "next_proto_neg"},
-    {TLSEXT_TYPE_padding, "padding"}
+# endif
 };
 
-static ssl_trace_tbl ssl_curve_tbl[] = {
+static const ssl_trace_tbl ssl_groups_tbl[] = {
     {1, "sect163k1 (K-163)"},
     {2, "sect163r1"},
     {3, "sect163r2 (B-163)"},
@@ -401,44 +522,61 @@ static ssl_trace_tbl ssl_curve_tbl[] = {
     {26, "brainpoolP256r1"},
     {27, "brainpoolP384r1"},
     {28, "brainpoolP512r1"},
+    {29, "ecdh_x25519"},
+    {30, "ecdh_x448"},
+    {256, "ffdhe2048"},
+    {257, "ffdhe3072"},
+    {258, "ffdhe4096"},
+    {259, "ffdhe6144"},
+    {260, "ffdhe8192"},
     {0xFF01, "arbitrary_explicit_prime_curves"},
     {0xFF02, "arbitrary_explicit_char2_curves"}
 };
 
-static ssl_trace_tbl ssl_point_tbl[] = {
+static const ssl_trace_tbl ssl_point_tbl[] = {
     {0, "uncompressed"},
     {1, "ansiX962_compressed_prime"},
     {2, "ansiX962_compressed_char2"}
 };
 
-static ssl_trace_tbl ssl_md_tbl[] = {
-    {0, "none"},
-    {1, "md5"},
-    {2, "sha1"},
-    {3, "sha224"},
-    {4, "sha256"},
-    {5, "sha384"},
-    {6, "sha512"}
-};
-
-static ssl_trace_tbl ssl_sig_tbl[] = {
-    {0, "anonymous"},
-    {1, "rsa"},
-    {2, "dsa"},
-    {3, "ecdsa"}
+static const ssl_trace_tbl ssl_mfl_tbl[] = {
+    {0, "disabled"},
+    {1, "max_fragment_length := 2^9 (512 bytes)"},
+    {2, "max_fragment_length := 2^10 (1024 bytes)"},
+    {3, "max_fragment_length := 2^11 (2048 bytes)"},
+    {4, "max_fragment_length := 2^12 (4096 bytes)"}
 };
 
-static ssl_trace_tbl ssl_hb_tbl[] = {
-    {1, "peer_allowed_to_send"},
-    {2, "peer_not_allowed_to_send"}
+static const ssl_trace_tbl ssl_sigalg_tbl[] = {
+    {TLSEXT_SIGALG_ecdsa_secp256r1_sha256, "ecdsa_secp256r1_sha256"},
+    {TLSEXT_SIGALG_ecdsa_secp384r1_sha384, "ecdsa_secp384r1_sha384"},
+    {TLSEXT_SIGALG_ecdsa_secp521r1_sha512, "ecdsa_secp521r1_sha512"},
+    {TLSEXT_SIGALG_ecdsa_sha224, "ecdsa_sha224"},
+    {TLSEXT_SIGALG_ed25519, "ed25519"},
+    {TLSEXT_SIGALG_ed448, "ed448"},
+    {TLSEXT_SIGALG_ecdsa_sha1, "ecdsa_sha1"},
+    {TLSEXT_SIGALG_rsa_pss_rsae_sha256, "rsa_pss_rsae_sha256"},
+    {TLSEXT_SIGALG_rsa_pss_rsae_sha384, "rsa_pss_rsae_sha384"},
+    {TLSEXT_SIGALG_rsa_pss_rsae_sha512, "rsa_pss_rsae_sha512"},
+    {TLSEXT_SIGALG_rsa_pss_pss_sha256, "rsa_pss_pss_sha256"},
+    {TLSEXT_SIGALG_rsa_pss_pss_sha384, "rsa_pss_pss_sha384"},
+    {TLSEXT_SIGALG_rsa_pss_pss_sha512, "rsa_pss_pss_sha512"},
+    {TLSEXT_SIGALG_rsa_pkcs1_sha256, "rsa_pkcs1_sha256"},
+    {TLSEXT_SIGALG_rsa_pkcs1_sha384, "rsa_pkcs1_sha384"},
+    {TLSEXT_SIGALG_rsa_pkcs1_sha512, "rsa_pkcs1_sha512"},
+    {TLSEXT_SIGALG_rsa_pkcs1_sha224, "rsa_pkcs1_sha224"},
+    {TLSEXT_SIGALG_rsa_pkcs1_sha1, "rsa_pkcs1_sha1"},
+    {TLSEXT_SIGALG_dsa_sha256, "dsa_sha256"},
+    {TLSEXT_SIGALG_dsa_sha384, "dsa_sha384"},
+    {TLSEXT_SIGALG_dsa_sha512, "dsa_sha512"},
+    {TLSEXT_SIGALG_dsa_sha224, "dsa_sha224"},
+    {TLSEXT_SIGALG_dsa_sha1, "dsa_sha1"},
+    {TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256, "gost2012_256"},
+    {TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512, "gost2012_512"},
+    {TLSEXT_SIGALG_gostr34102001_gostr3411, "gost2001_gost94"},
 };
 
-static ssl_trace_tbl ssl_hb_type_tbl[] = {
-    {1, "heartbeat_request"},
-    {2, "heartbeat_response"}
-};
-
-static ssl_trace_tbl ssl_ctype_tbl[] = {
+static const ssl_trace_tbl ssl_ctype_tbl[] = {
     {1, "rsa_sign"},
     {2, "dss_sign"},
     {3, "rsa_fixed_dh"},
@@ -451,25 +589,21 @@ static ssl_trace_tbl ssl_ctype_tbl[] = {
     {66, "ecdsa_fixed_ecdh"}
 };
 
-static ssl_trace_tbl ssl_crypto_tbl[] = {
-    {TLS1_RT_CRYPTO_PREMASTER, "Premaster Secret"},
-    {TLS1_RT_CRYPTO_CLIENT_RANDOM, "Client Random"},
-    {TLS1_RT_CRYPTO_SERVER_RANDOM, "Server Random"},
-    {TLS1_RT_CRYPTO_MASTER, "Master Secret"},
-    {TLS1_RT_CRYPTO_MAC | TLS1_RT_CRYPTO_WRITE, "Write Mac Secret"},
-    {TLS1_RT_CRYPTO_MAC | TLS1_RT_CRYPTO_READ, "Read Mac Secret"},
-    {TLS1_RT_CRYPTO_KEY | TLS1_RT_CRYPTO_WRITE, "Write Key"},
-    {TLS1_RT_CRYPTO_KEY | TLS1_RT_CRYPTO_READ, "Read Key"},
-    {TLS1_RT_CRYPTO_IV | TLS1_RT_CRYPTO_WRITE, "Write IV"},
-    {TLS1_RT_CRYPTO_IV | TLS1_RT_CRYPTO_READ, "Read IV"},
-    {TLS1_RT_CRYPTO_FIXED_IV | TLS1_RT_CRYPTO_WRITE, "Write IV (fixed part)"},
-    {TLS1_RT_CRYPTO_FIXED_IV | TLS1_RT_CRYPTO_READ, "Read IV (fixed part)"}
+static const ssl_trace_tbl ssl_psk_kex_modes_tbl[] = {
+    {TLSEXT_KEX_MODE_KE, "psk_ke"},
+    {TLSEXT_KEX_MODE_KE_DHE, "psk_dhe_ke"}
+};
+
+static const ssl_trace_tbl ssl_key_update_tbl[] = {
+    {SSL_KEY_UPDATE_NOT_REQUESTED, "update_not_requested"},
+    {SSL_KEY_UPDATE_REQUESTED, "update_requested"}
 };
 
 static void ssl_print_hex(BIO *bio, int indent, const char *name,
                           const unsigned char *msg, size_t msglen)
 {
     size_t i;
+
     BIO_indent(bio, indent, 80);
     BIO_printf(bio, "%s (len=%d): ", name, (int)msglen);
     for (i = 0; i < msglen; i++)
@@ -477,12 +611,12 @@ static void ssl_print_hex(BIO *bio, int indent, const char *name,
     BIO_puts(bio, "\n");
 }
 
-static int ssl_print_hexbuf(BIO *bio, int indent,
-                            const char *name, size_t nlen,
+static int ssl_print_hexbuf(BIO *bio, int indent, const char *name, size_t nlen,
                             const unsigned char **pmsg, size_t *pmsglen)
 {
     size_t blen;
     const unsigned char *p = *pmsg;
+
     if (*pmsglen < nlen)
         return 0;
     blen = p[0];
@@ -498,12 +632,16 @@ static int ssl_print_hexbuf(BIO *bio, int indent,
 }
 
 static int ssl_print_version(BIO *bio, int indent, const char *name,
-                             const unsigned char **pmsg, size_t *pmsglen)
+                             const unsigned char **pmsg, size_t *pmsglen,
+                             unsigned int *version)
 {
     int vers;
+
     if (*pmsglen < 2)
         return 0;
     vers = ((*pmsg)[0] << 8) | (*pmsg)[1];
+    if (version != NULL)
+        *version = vers;
     BIO_indent(bio, indent, 80);
     BIO_printf(bio, "%s=0x%x (%s)\n",
                name, vers, ssl_trace_str(vers, ssl_version_tbl));
@@ -517,6 +655,7 @@ static int ssl_print_random(BIO *bio, int indent,
 {
     unsigned int tm;
     const unsigned char *p = *pmsg;
+
     if (*pmsglen < 32)
         return 0;
     tm = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
@@ -531,48 +670,76 @@ static int ssl_print_random(BIO *bio, int indent,
     return 1;
 }
 
-static int ssl_print_signature(BIO *bio, int indent, SSL *s,
+static int ssl_print_signature(BIO *bio, int indent, const SSL *ssl,
                                const unsigned char **pmsg, size_t *pmsglen)
 {
     if (*pmsglen < 2)
         return 0;
-    if (SSL_USE_SIGALGS(s)) {
+    if (SSL_USE_SIGALGS(ssl)) {
         const unsigned char *p = *pmsg;
+        unsigned int sigalg = (p[0] << 8) | p[1];
+
         BIO_indent(bio, indent, 80);
-        BIO_printf(bio, "Signature Algorithm %s+%s (%d+%d)\n",
-                   ssl_trace_str(p[0], ssl_md_tbl),
-                   ssl_trace_str(p[1], ssl_sig_tbl), p[0], p[1]);
+        BIO_printf(bio, "Signature Algorithm: %s (0x%04x)\n",
+                   ssl_trace_str(sigalg, ssl_sigalg_tbl), sigalg);
         *pmsg += 2;
         *pmsglen -= 2;
     }
     return ssl_print_hexbuf(bio, indent, "Signature", 2, pmsg, pmsglen);
 }
 
-static int ssl_print_extension(BIO *bio, int indent, int server, int extype,
+static int ssl_print_extension(BIO *bio, int indent, int server,
+                               unsigned char mt, int extype,
                                const unsigned char *ext, size_t extlen)
 {
-    size_t xlen;
+    size_t xlen, share_len;
+    unsigned int sigalg;
+    uint32_t max_early_data;
+
     BIO_indent(bio, indent, 80);
     BIO_printf(bio, "extension_type=%s(%d), length=%d\n",
                ssl_trace_str(extype, ssl_exts_tbl), extype, (int)extlen);
     switch (extype) {
+    case TLSEXT_TYPE_max_fragment_length:
+        if (extlen < 1)
+            return 0;
+        xlen = extlen;
+        return ssl_trace_list(bio, indent + 2, ext, xlen, 1, ssl_mfl_tbl);
+
     case TLSEXT_TYPE_ec_point_formats:
         if (extlen < 1)
             return 0;
         xlen = ext[0];
         if (extlen != xlen + 1)
             return 0;
-        return ssl_trace_list(bio, indent + 2,
-                              ext + 1, xlen, 1, ssl_point_tbl);
+        return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 1, ssl_point_tbl);
 
-    case TLSEXT_TYPE_elliptic_curves:
+    case TLSEXT_TYPE_supported_groups:
         if (extlen < 2)
             return 0;
         xlen = (ext[0] << 8) | ext[1];
         if (extlen != xlen + 2)
             return 0;
-        return ssl_trace_list(bio, indent + 2,
-                              ext + 2, xlen, 2, ssl_curve_tbl);
+        return ssl_trace_list(bio, indent + 2, ext + 2, xlen, 2, ssl_groups_tbl);
+    case TLSEXT_TYPE_application_layer_protocol_negotiation:
+        if (extlen < 2)
+            return 0;
+        xlen = (ext[0] << 8) | ext[1];
+        if (extlen != xlen + 2)
+            return 0;
+        ext += 2;
+        while (xlen > 0) {
+            size_t plen = *ext++;
+
+            if (plen + 1 > xlen)
+                return 0;
+            BIO_indent(bio, indent + 2, 80);
+            BIO_write(bio, ext, plen);
+            BIO_puts(bio, "\n");
+            ext += plen;
+            xlen -= plen + 1;
+        }
+        return 1;
 
     case TLSEXT_TYPE_signature_algorithms:
 
@@ -586,9 +753,9 @@ static int ssl_print_extension(BIO *bio, int indent, int server, int extype,
         ext += 2;
         while (xlen > 0) {
             BIO_indent(bio, indent + 2, 80);
-            BIO_printf(bio, "%s+%s (%d+%d)\n",
-                       ssl_trace_str(ext[0], ssl_md_tbl),
-                       ssl_trace_str(ext[1], ssl_sig_tbl), ext[0], ext[1]);
+            sigalg = (ext[0] << 8) | ext[1];
+            BIO_printf(bio, "%s (0x%04x)\n",
+                       ssl_trace_str(sigalg, ssl_sigalg_tbl), sigalg);
             xlen -= 2;
             ext += 2;
         }
@@ -610,8 +777,7 @@ static int ssl_print_extension(BIO *bio, int indent, int server, int extype,
             ssl_print_hex(bio, indent + 4, "client_verify_data", ext, xlen);
             if (server) {
                 ext += xlen;
-                ssl_print_hex(bio, indent + 4,
-                              "server_verify_data", ext, xlen);
+                ssl_print_hex(bio, indent + 4, "server_verify_data", ext, xlen);
             }
         } else {
             BIO_indent(bio, indent + 4, 80);
@@ -620,66 +786,158 @@ static int ssl_print_extension(BIO *bio, int indent, int server, int extype,
         break;
 
     case TLSEXT_TYPE_heartbeat:
-        if (extlen != 1)
-            return 0;
-        BIO_indent(bio, indent + 2, 80);
-        BIO_printf(bio, "HeartbeatMode: %s\n",
-                   ssl_trace_str(ext[0], ssl_hb_tbl));
-        break;
+        return 0;
 
     case TLSEXT_TYPE_session_ticket:
         if (extlen != 0)
             ssl_print_hex(bio, indent + 4, "ticket", ext, extlen);
         break;
 
+    case TLSEXT_TYPE_key_share:
+        if (server && extlen == 2) {
+            int group_id;
+
+            /* We assume this is an HRR, otherwise this is an invalid key_share */
+            group_id = (ext[0] << 8) | ext[1];
+            BIO_indent(bio, indent + 4, 80);
+            BIO_printf(bio, "NamedGroup: %s (%d)\n",
+                       ssl_trace_str(group_id, ssl_groups_tbl), group_id);
+            break;
+        }
+        if (extlen < 2)
+            return 0;
+        if (server) {
+            xlen = extlen;
+        } else {
+            xlen = (ext[0] << 8) | ext[1];
+            if (extlen != xlen + 2)
+                return 0;
+            ext += 2;
+        }
+        for (; xlen > 0; ext += share_len, xlen -= share_len) {
+            int group_id;
+
+            if (xlen < 4)
+                return 0;
+            group_id = (ext[0] << 8) | ext[1];
+            share_len = (ext[2] << 8) | ext[3];
+            ext += 4;
+            xlen -= 4;
+            if (xlen < share_len)
+                return 0;
+            BIO_indent(bio, indent + 4, 80);
+            BIO_printf(bio, "NamedGroup: %s (%d)\n",
+                       ssl_trace_str(group_id, ssl_groups_tbl), group_id);
+            ssl_print_hex(bio, indent + 4, "key_exchange: ", ext, share_len);
+        }
+        break;
+
+    case TLSEXT_TYPE_supported_versions:
+        if (server) {
+            int version;
+
+            if (extlen != 2)
+                return 0;
+            version = (ext[0] << 8) | ext[1];
+            BIO_indent(bio, indent + 4, 80);
+            BIO_printf(bio, "%s (%d)\n",
+                       ssl_trace_str(version, ssl_version_tbl), version);
+            break;
+        }
+        if (extlen < 1)
+            return 0;
+        xlen = ext[0];
+        if (extlen != xlen + 1)
+            return 0;
+        return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 2,
+                              ssl_version_tbl);
+
+    case TLSEXT_TYPE_psk_kex_modes:
+        if (extlen < 1)
+            return 0;
+        xlen = ext[0];
+        if (extlen != xlen + 1)
+            return 0;
+        return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 1,
+                              ssl_psk_kex_modes_tbl);
+
+    case TLSEXT_TYPE_early_data:
+        if (mt != SSL3_MT_NEWSESSION_TICKET)
+            break;
+        if (extlen != 4)
+            return 0;
+        max_early_data = (ext[0] << 24) | (ext[1] << 16) | (ext[2] << 8)
+                         | ext[3];
+        BIO_indent(bio, indent + 2, 80);
+        BIO_printf(bio, "max_early_data=%u\n", max_early_data);
+        break;
+
     default:
-        BIO_dump_indent(bio, (char *)ext, extlen, indent + 2);
+        BIO_dump_indent(bio, (const char *)ext, extlen, indent + 2);
     }
     return 1;
 }
 
 static int ssl_print_extensions(BIO *bio, int indent, int server,
-                                const unsigned char *msg, size_t msglen)
+                                unsigned char mt, const unsigned char **msgin,
+                                size_t *msginlen)
 {
-    size_t extslen;
+    size_t extslen, msglen = *msginlen;
+    const unsigned char *msg = *msgin;
+
     BIO_indent(bio, indent, 80);
     if (msglen == 0) {
-        BIO_puts(bio, "No Extensions\n");
+        BIO_puts(bio, "No extensions\n");
         return 1;
     }
     if (msglen < 2)
         return 0;
     extslen = (msg[0] << 8) | msg[1];
-    if (extslen != msglen - 2)
-        return 0;
+    msglen -= 2;
     msg += 2;
-    msglen = extslen;
-    BIO_printf(bio, "extensions, length = %d\n", (int)msglen);
-    while (msglen > 0) {
+    if (extslen == 0) {
+        BIO_puts(bio, "No extensions\n");
+        *msgin = msg;
+        *msginlen = msglen;
+        return 1;
+    }
+    if (extslen > msglen)
+        return 0;
+    BIO_printf(bio, "extensions, length = %d\n", (int)extslen);
+    msglen -= extslen;
+    while (extslen > 0) {
         int extype;
         size_t extlen;
-        if (msglen < 4)
+        if (extslen < 4)
             return 0;
         extype = (msg[0] << 8) | msg[1];
         extlen = (msg[2] << 8) | msg[3];
-        if (msglen < extlen + 4)
+        if (extslen < extlen + 4) {
+            BIO_printf(bio, "extensions, extype = %d, extlen = %d\n", extype,
+                       (int)extlen);
+            BIO_dump_indent(bio, (const char *)msg, extslen, indent + 2);
             return 0;
+        }
         msg += 4;
-        if (!ssl_print_extension(bio, indent + 2, server,
-                                 extype, msg, extlen))
+        if (!ssl_print_extension(bio, indent + 2, server, mt, extype, msg,
+                                 extlen))
             return 0;
         msg += extlen;
-        msglen -= extlen + 4;
+        extslen -= extlen + 4;
     }
+
+    *msgin = msg;
+    *msginlen = msglen;
     return 1;
 }
 
-static int ssl_print_client_hello(BIO *bio, SSL *ssl, int indent,
+static int ssl_print_client_hello(BIO *bio, const SSL *ssl, int indent,
                                   const unsigned char *msg, size_t msglen)
 {
     size_t len;
     unsigned int cs;
-    if (!ssl_print_version(bio, indent, "client_version", &msg, &msglen))
+
+    if (!ssl_print_version(bio, indent, "client_version", &msg, &msglen, NULL))
         return 0;
     if (!ssl_print_random(bio, indent, &msg, &msglen))
         return 0;
@@ -724,16 +982,16 @@ static int ssl_print_client_hello(BIO *bio, SSL *ssl, int indent,
         msglen--;
         len--;
     }
-    if (!ssl_print_extensions(bio, indent, 0, msg, msglen))
+    if (!ssl_print_extensions(bio, indent, 0, SSL3_MT_CLIENT_HELLO, &msg,
+                              &msglen))
         return 0;
     return 1;
 }
 
 static int dtls_print_hello_vfyrequest(BIO *bio, int indent,
-                                       const unsigned char *msg,
-                                       size_t msglen)
+                                       const unsigned char *msg, size_t msglen)
 {
-    if (!ssl_print_version(bio, indent, "server_version", &msg, &msglen))
+    if (!ssl_print_version(bio, indent, "server_version", &msg, &msglen, NULL))
         return 0;
     if (!ssl_print_hexbuf(bio, indent, "cookie", 1, &msg, &msglen))
         return 0;
@@ -744,11 +1002,14 @@ static int ssl_print_server_hello(BIO *bio, int indent,
                                   const unsigned char *msg, size_t msglen)
 {
     unsigned int cs;
-    if (!ssl_print_version(bio, indent, "server_version", &msg, &msglen))
+    unsigned int vers;
+
+    if (!ssl_print_version(bio, indent, "server_version", &msg, &msglen, &vers))
         return 0;
     if (!ssl_print_random(bio, indent, &msg, &msglen))
         return 0;
-    if (!ssl_print_hexbuf(bio, indent, "session_id", 1, &msg, &msglen))
+    if (vers != TLS1_3_VERSION
+            && !ssl_print_hexbuf(bio, indent, "session_id", 1, &msg, &msglen))
         return 0;
     if (msglen < 2)
         return 0;
@@ -758,57 +1019,53 @@ static int ssl_print_server_hello(BIO *bio, int indent,
                msg[0], msg[1], ssl_trace_str(cs, ssl_ciphers_tbl));
     msg += 2;
     msglen -= 2;
-    if (msglen < 1)
-        return 0;
-    BIO_indent(bio, indent, 80);
-    BIO_printf(bio, "compression_method: %s (0x%02X)\n",
-               ssl_trace_str(msg[0], ssl_comp_tbl), msg[0]);
-    msg++;
-    msglen--;
-    if (!ssl_print_extensions(bio, indent, 1, msg, msglen))
+    if (vers != TLS1_3_VERSION) {
+        if (msglen < 1)
+            return 0;
+        BIO_indent(bio, indent, 80);
+        BIO_printf(bio, "compression_method: %s (0x%02X)\n",
+                   ssl_trace_str(msg[0], ssl_comp_tbl), msg[0]);
+        msg++;
+        msglen--;
+    }
+    if (!ssl_print_extensions(bio, indent, 1, SSL3_MT_SERVER_HELLO, &msg,
+                              &msglen))
         return 0;
     return 1;
 }
 
-static int ssl_get_keyex(const char **pname, SSL *ssl)
+static int ssl_get_keyex(const char **pname, const SSL *ssl)
 {
     unsigned long alg_k = ssl->s3->tmp.new_cipher->algorithm_mkey;
+
     if (alg_k & SSL_kRSA) {
         *pname = "rsa";
         return SSL_kRSA;
     }
-    if (alg_k & SSL_kDHr) {
-        *pname = "dh_rsa";
-        return SSL_kDHr;
-    }
-    if (alg_k & SSL_kDHd) {
-        *pname = "dh_dss";
-        return SSL_kDHd;
-    }
-    if (alg_k & SSL_kKRB5) {
-        *pname = "krb5";
-        return SSL_kKRB5;
+    if (alg_k & SSL_kDHE) {
+        *pname = "DHE";
+        return SSL_kDHE;
     }
-    if (alg_k & SSL_kEDH) {
-        *pname = "edh";
-        return SSL_kEDH;
-    }
-    if (alg_k & SSL_kEECDH) {
-        *pname = "EECDH";
-        return SSL_kEECDH;
-    }
-    if (alg_k & SSL_kECDHr) {
-        *pname = "ECDH RSA";
-        return SSL_kECDHr;
-    }
-    if (alg_k & SSL_kECDHe) {
-        *pname = "ECDH ECDSA";
-        return SSL_kECDHe;
+    if (alg_k & SSL_kECDHE) {
+        *pname = "ECDHE";
+        return SSL_kECDHE;
     }
     if (alg_k & SSL_kPSK) {
         *pname = "PSK";
         return SSL_kPSK;
     }
+    if (alg_k & SSL_kRSAPSK) {
+        *pname = "RSAPSK";
+        return SSL_kRSAPSK;
+    }
+    if (alg_k & SSL_kDHEPSK) {
+        *pname = "DHEPSK";
+        return SSL_kDHEPSK;
+    }
+    if (alg_k & SSL_kECDHEPSK) {
+        *pname = "ECDHEPSK";
+        return SSL_kECDHEPSK;
+    }
     if (alg_k & SSL_kSRP) {
         *pname = "SRP";
         return SSL_kSRP;
@@ -821,86 +1078,75 @@ static int ssl_get_keyex(const char **pname, SSL *ssl)
     return 0;
 }
 
-static int ssl_print_client_keyex(BIO *bio, int indent, SSL *ssl,
+static int ssl_print_client_keyex(BIO *bio, int indent, const SSL *ssl,
                                   const unsigned char *msg, size_t msglen)
 {
     const char *algname;
-    int id;
-    id = ssl_get_keyex(&algname, ssl);
+    int id = ssl_get_keyex(&algname, ssl);
+
     BIO_indent(bio, indent, 80);
     BIO_printf(bio, "KeyExchangeAlgorithm=%s\n", algname);
+    if (id & SSL_PSK) {
+        if (!ssl_print_hexbuf(bio, indent + 2,
+                              "psk_identity", 2, &msg, &msglen))
+            return 0;
+    }
     switch (id) {
 
     case SSL_kRSA:
+    case SSL_kRSAPSK:
         if (TLS1_get_version(ssl) == SSL3_VERSION) {
             ssl_print_hex(bio, indent + 2,
-                          "EncyptedPreMasterSecret", msg, msglen);
+                          "EncryptedPreMasterSecret", msg, msglen);
         } else {
             if (!ssl_print_hexbuf(bio, indent + 2,
-                                  "EncyptedPreMasterSecret", 2,
-                                  &msg, &msglen))
+                                  "EncryptedPreMasterSecret", 2, &msg, &msglen))
                 return 0;
         }
         break;
 
-        /* Implicit parameters only allowed for static DH */
-    case SSL_kDHd:
-    case SSL_kDHr:
-        if (msglen == 0) {
-            BIO_indent(bio, indent + 2, 80);
-            BIO_puts(bio, "implicit\n");
-            break;
-        }
-    case SSL_kEDH:
+    case SSL_kDHE:
+    case SSL_kDHEPSK:
         if (!ssl_print_hexbuf(bio, indent + 2, "dh_Yc", 2, &msg, &msglen))
             return 0;
         break;
 
-    case SSL_kECDHr:
-    case SSL_kECDHe:
-        if (msglen == 0) {
-            BIO_indent(bio, indent + 2, 80);
-            BIO_puts(bio, "implicit\n");
-            break;
-        }
-    case SSL_kEECDH:
+    case SSL_kECDHE:
+    case SSL_kECDHEPSK:
         if (!ssl_print_hexbuf(bio, indent + 2, "ecdh_Yc", 1, &msg, &msglen))
             return 0;
         break;
+
     }
 
-    return 1;
+    return !msglen;
 }
 
-static int ssl_print_server_keyex(BIO *bio, int indent, SSL *ssl,
+static int ssl_print_server_keyex(BIO *bio, int indent, const SSL *ssl,
                                   const unsigned char *msg, size_t msglen)
 {
     const char *algname;
-    int id;
-    id = ssl_get_keyex(&algname, ssl);
+    int id = ssl_get_keyex(&algname, ssl);
+
     BIO_indent(bio, indent, 80);
     BIO_printf(bio, "KeyExchangeAlgorithm=%s\n", algname);
+    if (id & SSL_PSK) {
+        if (!ssl_print_hexbuf(bio, indent + 2,
+                              "psk_identity_hint", 2, &msg, &msglen))
+            return 0;
+    }
     switch (id) {
-        /* Should never happen */
-    case SSL_kDHd:
-    case SSL_kDHr:
-    case SSL_kECDHr:
-    case SSL_kECDHe:
-        BIO_indent(bio, indent + 2, 80);
-        BIO_printf(bio, "Unexpected Message\n");
-        break;
-
     case SSL_kRSA:
 
-        if (!ssl_print_hexbuf(bio, indent + 2, "rsa_modulus", 2,
-                              &msg, &msglen))
+        if (!ssl_print_hexbuf(bio, indent + 2, "rsa_modulus", 2, &msg, &msglen))
             return 0;
         if (!ssl_print_hexbuf(bio, indent + 2, "rsa_exponent", 2,
                               &msg, &msglen))
             return 0;
         break;
 
-    case SSL_kEDH:
+    case SSL_kDHE:
+    case SSL_kDHEPSK:
         if (!ssl_print_hexbuf(bio, indent + 2, "dh_p", 2, &msg, &msglen))
             return 0;
         if (!ssl_print_hexbuf(bio, indent + 2, "dh_g", 2, &msg, &msglen))
@@ -909,7 +1155,9 @@ static int ssl_print_server_keyex(BIO *bio, int indent, SSL *ssl,
             return 0;
         break;
 
-    case SSL_kEECDH:
+# ifndef OPENSSL_NO_EC
+    case SSL_kECDHE:
+    case SSL_kECDHEPSK:
         if (msglen < 1)
             return 0;
         BIO_indent(bio, indent + 2, 80);
@@ -923,15 +1171,25 @@ static int ssl_print_server_keyex(BIO *bio, int indent, SSL *ssl,
                 return 0;
             curve = (msg[1] << 8) | msg[2];
             BIO_printf(bio, "named_curve: %s (%d)\n",
-                       ssl_trace_str(curve, ssl_curve_tbl), curve);
+                       ssl_trace_str(curve, ssl_groups_tbl), curve);
             msg += 3;
             msglen -= 3;
             if (!ssl_print_hexbuf(bio, indent + 2, "point", 1, &msg, &msglen))
                 return 0;
+        } else {
+            BIO_printf(bio, "UNKNOWN CURVE PARAMETER TYPE %d\n", msg[0]);
+            return 0;
         }
         break;
+# endif
+
+    case SSL_kPSK:
+    case SSL_kRSAPSK:
+        break;
     }
-    return ssl_print_signature(bio, indent, ssl, &msg, &msglen);
+    if (!(id & SSL_PSK))
+        ssl_print_signature(bio, indent, ssl, &msg, &msglen);
+    return !msglen;
 }
 
 static int ssl_print_certificate(BIO *bio, int indent,
@@ -941,6 +1199,7 @@ static int ssl_print_certificate(BIO *bio, int indent,
     size_t clen;
     X509 *x;
     const unsigned char *p = *pmsg, *q;
+
     if (msglen < 3)
         return 0;
     clen = (p[0] << 16) | (p[1] << 8) | p[2];
@@ -968,10 +1227,16 @@ static int ssl_print_certificate(BIO *bio, int indent,
     return 1;
 }
 
-static int ssl_print_certificates(BIO *bio, int indent,
-                                  const unsigned char *msg, size_t msglen)
+static int ssl_print_certificates(BIO *bio, const SSL *ssl, int server,
+                                  int indent, const unsigned char *msg,
+                                  size_t msglen)
 {
     size_t clen;
+
+    if (SSL_IS_TLS13(ssl)
+            && !ssl_print_hexbuf(bio, indent, "context", 1, &msg, &msglen))
+        return 0;
+
     if (msglen < 3)
         return 0;
     clen = (msg[0] << 16) | (msg[1] << 8) | msg[2];
@@ -983,48 +1248,62 @@ static int ssl_print_certificates(BIO *bio, int indent,
     while (clen > 0) {
         if (!ssl_print_certificate(bio, indent + 2, &msg, &clen))
             return 0;
+        if (!ssl_print_extensions(bio, indent + 2, server, SSL3_MT_CERTIFICATE,
+                                  &msg, &clen))
+            return 0;
+
     }
     return 1;
 }
 
-static int ssl_print_cert_request(BIO *bio, int indent, SSL *s,
+static int ssl_print_cert_request(BIO *bio, int indent, const SSL *ssl,
                                   const unsigned char *msg, size_t msglen)
 {
     size_t xlen;
-    if (msglen < 1)
-        return 0;
-    xlen = msg[0];
-    if (msglen < xlen + 1)
-        return 0;
-    msg++;
-    BIO_indent(bio, indent, 80);
-    BIO_printf(bio, "certificate_types (len=%d)\n", (int)xlen);
-    if (!ssl_trace_list(bio, indent + 2, msg, xlen, 1, ssl_ctype_tbl))
-        return 0;
-    msg += xlen;
-    msglen -= xlen + 1;
-    if (!SSL_USE_SIGALGS(s))
-        goto skip_sig;
-    if (msglen < 2)
-        return 0;
-    xlen = (msg[0] << 8) | msg[1];
-    if (msglen < xlen + 2 || (xlen & 1))
-        return 0;
-    msg += 2;
-    BIO_indent(bio, indent, 80);
-    BIO_printf(bio, "signature_algorithms (len=%d)\n", (int)xlen);
-    while (xlen > 0) {
-        BIO_indent(bio, indent + 2, 80);
-        BIO_printf(bio, "%s+%s (%d+%d)\n",
-                   ssl_trace_str(msg[0], ssl_md_tbl),
-                   ssl_trace_str(msg[1], ssl_sig_tbl), msg[0], msg[1]);
-        xlen -= 2;
+    unsigned int sigalg;
+
+    if (SSL_IS_TLS13(ssl)) {
+        if (!ssl_print_hexbuf(bio, indent, "request_context", 1, &msg, &msglen))
+            return 0;
+        if (!ssl_print_extensions(bio, indent, 1,
+                                  SSL3_MT_CERTIFICATE_REQUEST, &msg, &msglen))
+            return 0;
+        return 1;
+    } else {
+        if (msglen < 1)
+            return 0;
+        xlen = msg[0];
+        if (msglen < xlen + 1)
+            return 0;
+        msg++;
+        BIO_indent(bio, indent, 80);
+        BIO_printf(bio, "certificate_types (len=%d)\n", (int)xlen);
+        if (!ssl_trace_list(bio, indent + 2, msg, xlen, 1, ssl_ctype_tbl))
+            return 0;
+        msg += xlen;
+        msglen -= xlen + 1;
+    }
+    if (SSL_USE_SIGALGS(ssl)) {
+        if (msglen < 2)
+            return 0;
+        xlen = (msg[0] << 8) | msg[1];
+        if (msglen < xlen + 2 || (xlen & 1))
+            return 0;
         msg += 2;
+        msglen -= xlen + 2;
+        BIO_indent(bio, indent, 80);
+        BIO_printf(bio, "signature_algorithms (len=%d)\n", (int)xlen);
+        while (xlen > 0) {
+            BIO_indent(bio, indent + 2, 80);
+            sigalg = (msg[0] << 8) | msg[1];
+            BIO_printf(bio, "%s (0x%04x)\n",
+                       ssl_trace_str(sigalg, ssl_sigalg_tbl), sigalg);
+            xlen -= 2;
+            msg += 2;
+        }
+        msg += xlen;
     }
-    msg += xlen;
-    msglen -= xlen + 2;
 
- skip_sig:
     if (msglen < 2)
         return 0;
     xlen = (msg[0] << 8) | msg[1];
@@ -1032,7 +1311,7 @@ static int ssl_print_cert_request(BIO *bio, int indent, SSL *s,
     if (msglen < xlen + 2)
         return 0;
     msg += 2;
-    msglen -= 2;
+    msglen -= 2 + xlen;
     BIO_printf(bio, "certificate_authorities (len=%d)\n", (int)xlen);
     while (xlen > 0) {
         size_t dlen;
@@ -1058,13 +1337,19 @@ static int ssl_print_cert_request(BIO *bio, int indent, SSL *s,
         xlen -= dlen + 2;
         msg += dlen;
     }
-    return 1;
+    if (SSL_IS_TLS13(ssl)) {
+        if (!ssl_print_hexbuf(bio, indent, "request_extensions", 2,
+                              &msg, &msglen))
+            return 0;
+    }
+    return msglen == 0;
 }
 
-static int ssl_print_ticket(BIO *bio, int indent,
+static int ssl_print_ticket(BIO *bio, int indent, const SSL *ssl,
                             const unsigned char *msg, size_t msglen)
 {
     unsigned int tick_life;
+
     if (msglen == 0) {
         BIO_indent(bio, indent + 2, 80);
         BIO_puts(bio, "No Ticket\n");
@@ -1077,19 +1362,39 @@ static int ssl_print_ticket(BIO *bio, int indent,
     msg += 4;
     BIO_indent(bio, indent + 2, 80);
     BIO_printf(bio, "ticket_lifetime_hint=%u\n", tick_life);
+    if (SSL_IS_TLS13(ssl)) {
+        unsigned int ticket_age_add;
+
+        if (msglen < 4)
+            return 0;
+        ticket_age_add =
+            (msg[0] << 24) | (msg[1] << 16) | (msg[2] << 8) | msg[3];
+        msglen -= 4;
+        msg += 4;
+        BIO_indent(bio, indent + 2, 80);
+        BIO_printf(bio, "ticket_age_add=%u\n", ticket_age_add);
+        if (!ssl_print_hexbuf(bio, indent + 2, "ticket_nonce", 1, &msg,
+                              &msglen))
+            return 0;
+    }
     if (!ssl_print_hexbuf(bio, indent + 2, "ticket", 2, &msg, &msglen))
         return 0;
+    if (SSL_IS_TLS13(ssl)
+            && !ssl_print_extensions(bio, indent + 2, 0,
+                                     SSL3_MT_NEWSESSION_TICKET, &msg, &msglen))
+        return 0;
     if (msglen)
         return 0;
     return 1;
 }
 
-static int ssl_print_handshake(BIO *bio, SSL *ssl,
+static int ssl_print_handshake(BIO *bio, const SSL *ssl, int server,
                                const unsigned char *msg, size_t msglen,
                                int indent)
 {
     size_t hlen;
     unsigned char htype;
+
     if (msglen < 4)
         return 0;
     htype = msg[0];
@@ -1140,7 +1445,7 @@ static int ssl_print_handshake(BIO *bio, SSL *ssl,
         break;
 
     case SSL3_MT_CERTIFICATE:
-        if (!ssl_print_certificates(bio, indent + 2, msg, msglen))
+        if (!ssl_print_certificates(bio, ssl, server, indent + 2, msg, msglen))
             return 0;
         break;
 
@@ -1164,65 +1469,52 @@ static int ssl_print_handshake(BIO *bio, SSL *ssl,
         break;
 
     case SSL3_MT_NEWSESSION_TICKET:
-        if (!ssl_print_ticket(bio, indent + 2, msg, msglen))
+        if (!ssl_print_ticket(bio, indent + 2, ssl, msg, msglen))
+            return 0;
+        break;
+
+    case SSL3_MT_ENCRYPTED_EXTENSIONS:
+        if (!ssl_print_extensions(bio, indent + 2, 1,
+                                  SSL3_MT_ENCRYPTED_EXTENSIONS, &msg, &msglen))
+            return 0;
+        break;
+
+    case SSL3_MT_KEY_UPDATE:
+        if (msglen != 1) {
+            ssl_print_hex(bio, indent + 2, "unexpected value", msg, msglen);
+            return 0;
+        }
+        if (!ssl_trace_list(bio, indent + 2, msg, msglen, 1,
+                            ssl_key_update_tbl))
             return 0;
         break;
 
     default:
         BIO_indent(bio, indent + 2, 80);
         BIO_puts(bio, "Unsupported, hex dump follows:\n");
-        BIO_dump_indent(bio, (char *)msg, msglen, indent + 4);
+        BIO_dump_indent(bio, (const char *)msg, msglen, indent + 4);
     }
     return 1;
 }
 
-static int ssl_print_heartbeat(BIO *bio, int indent,
-                               const unsigned char *msg, size_t msglen)
-{
-    if (msglen < 3)
-        return 0;
-    BIO_indent(bio, indent, 80);
-    BIO_printf(bio, "HeartBeatMessageType: %s\n",
-               ssl_trace_str(msg[0], ssl_hb_type_tbl));
-    msg++;
-    msglen--;
-    if (!ssl_print_hexbuf(bio, indent, "payload", 2, &msg, &msglen))
-        return 0;
-    ssl_print_hex(bio, indent, "padding", msg, msglen);
-    return 1;
-}
-
-const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c)
-{
-    if (c->algorithm_ssl & SSL_SSLV2)
-        return NULL;
-    return ssl_trace_str(c->id & 0xFFFF, ssl_ciphers_tbl);
-}
-
 void SSL_trace(int write_p, int version, int content_type,
                const void *buf, size_t msglen, SSL *ssl, void *arg)
 {
     const unsigned char *msg = buf;
     BIO *bio = arg;
 
-    if (write_p == 2) {
-        BIO_puts(bio, "Session ");
-        ssl_print_hex(bio, 0,
-                      ssl_trace_str(content_type, ssl_crypto_tbl),
-                      msg, msglen);
-        return;
-    }
     switch (content_type) {
     case SSL3_RT_HEADER:
         {
             int hvers;
 
             /* avoid overlapping with length at the end of buffer */
-            if (msglen < (SSL_IS_DTLS(ssl) ? 13 : 5)) {
-                        BIO_puts(bio, write_p ? "Sent" : "Received");
-                        ssl_print_hex(bio, 0, " too short message", msg, msglen);
-                        break;
-                    }
+            if (msglen < (size_t)(SSL_IS_DTLS(ssl) ?
+                     DTLS1_RT_HEADER_LENGTH : SSL3_RT_HEADER_LENGTH)) {
+                BIO_puts(bio, write_p ? "Sent" : "Received");
+                ssl_print_hex(bio, 0, " too short message", msg, msglen);
+                break;
+            }
             hvers = msg[1] << 8 | msg[2];
             BIO_puts(bio, write_p ? "Sent" : "Received");
             BIO_printf(bio, " Record\nHeader:\n  Version = %s (0x%x)\n",
@@ -1233,14 +1525,6 @@ void SSL_trace(int write_p, int version, int content_type,
                            (msg[3] << 8 | msg[4]),
                            (msg[5] << 8 | msg[6]),
                            (msg[7] << 8 | msg[8]), (msg[9] << 8 | msg[10]));
-# if 0
-                /*
-                 * Just print handshake type so we can see what is going on
-                 * during fragmentation.
-                 */
-                BIO_printf(bio, "(%s)\n",
-                           ssl_trace_str(msg[msglen], ssl_handshake_tbl));
-# endif
             }
 
             BIO_printf(bio, "  Content Type = %s (%d)\n  Length = %d",
@@ -1248,8 +1532,15 @@ void SSL_trace(int write_p, int version, int content_type,
                        msg[msglen - 2] << 8 | msg[msglen - 1]);
         }
         break;
+
+    case SSL3_RT_INNER_CONTENT_TYPE:
+        BIO_printf(bio, "  Inner Content Type = %s (%d)",
+                   ssl_trace_str(msg[0], ssl_content_tbl), msg[0]);
+        break;
+
     case SSL3_RT_HANDSHAKE:
-        if (!ssl_print_handshake(bio, ssl, msg, msglen, 4))
+        if (!ssl_print_handshake(bio, ssl, ssl->server ? write_p : !write_p,
+                                 msg, msglen, 4))
             BIO_printf(bio, "Message length parse error!\n");
         break;
 
@@ -1261,18 +1552,13 @@ void SSL_trace(int write_p, int version, int content_type,
         break;
 
     case SSL3_RT_ALERT:
-        if (msglen != 2) {
+        if (msglen != 2)
             BIO_puts(bio, "    Illegal Alert Length\n");
-        } else {
+        else {
             BIO_printf(bio, "    Level=%s(%d), description=%s(%d)\n",
                        SSL_alert_type_string_long(msg[0] << 8),
                        msg[0], SSL_alert_desc_string_long(msg[1]), msg[1]);
         }
-        break;
-
-    case TLS1_RT_HEARTBEAT:
-        ssl_print_heartbeat(bio, 4, msg, msglen);
-        break;
 
     }
 
diff --git a/freebsd/crypto/openssl/ssl/tls1.h b/freebsd/crypto/openssl/ssl/tls1.h
deleted file mode 100644
index dd1d8c10..00000000
--- a/freebsd/crypto/openssl/ssl/tls1.h
+++ /dev/null
@@ -1,810 +0,0 @@
-/* ssl/tls1.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * ECC cipher suite support in OpenSSL originally written by
- * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
- *
- */
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
-
-#ifndef HEADER_TLS1_H
-# define HEADER_TLS1_H
-
-# include <openssl/buffer.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-# define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES    0
-
-# define TLS1_VERSION                    0x0301
-# define TLS1_1_VERSION                  0x0302
-# define TLS1_2_VERSION                  0x0303
-# define TLS_MAX_VERSION                 TLS1_2_VERSION
-
-# define TLS1_VERSION_MAJOR              0x03
-# define TLS1_VERSION_MINOR              0x01
-
-# define TLS1_1_VERSION_MAJOR            0x03
-# define TLS1_1_VERSION_MINOR            0x02
-
-# define TLS1_2_VERSION_MAJOR            0x03
-# define TLS1_2_VERSION_MINOR            0x03
-
-# define TLS1_get_version(s) \
-                ((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0)
-
-# define TLS1_get_client_version(s) \
-                ((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0)
-
-# define TLS1_AD_DECRYPTION_FAILED       21
-# define TLS1_AD_RECORD_OVERFLOW         22
-# define TLS1_AD_UNKNOWN_CA              48/* fatal */
-# define TLS1_AD_ACCESS_DENIED           49/* fatal */
-# define TLS1_AD_DECODE_ERROR            50/* fatal */
-# define TLS1_AD_DECRYPT_ERROR           51
-# define TLS1_AD_EXPORT_RESTRICTION      60/* fatal */
-# define TLS1_AD_PROTOCOL_VERSION        70/* fatal */
-# define TLS1_AD_INSUFFICIENT_SECURITY   71/* fatal */
-# define TLS1_AD_INTERNAL_ERROR          80/* fatal */
-# define TLS1_AD_INAPPROPRIATE_FALLBACK  86/* fatal */
-# define TLS1_AD_USER_CANCELLED          90
-# define TLS1_AD_NO_RENEGOTIATION        100
-/* codes 110-114 are from RFC3546 */
-# define TLS1_AD_UNSUPPORTED_EXTENSION   110
-# define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111
-# define TLS1_AD_UNRECOGNIZED_NAME       112
-# define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113
-# define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114
-# define TLS1_AD_UNKNOWN_PSK_IDENTITY    115/* fatal */
-
-/* ExtensionType values from RFC3546 / RFC4366 / RFC6066 */
-# define TLSEXT_TYPE_server_name                 0
-# define TLSEXT_TYPE_max_fragment_length         1
-# define TLSEXT_TYPE_client_certificate_url      2
-# define TLSEXT_TYPE_trusted_ca_keys             3
-# define TLSEXT_TYPE_truncated_hmac              4
-# define TLSEXT_TYPE_status_request              5
-/* ExtensionType values from RFC4681 */
-# define TLSEXT_TYPE_user_mapping                6
-/* ExtensionType values from RFC5878 */
-# define TLSEXT_TYPE_client_authz                7
-# define TLSEXT_TYPE_server_authz                8
-/* ExtensionType values from RFC6091 */
-# define TLSEXT_TYPE_cert_type           9
-
-/* ExtensionType values from RFC4492 */
-# define TLSEXT_TYPE_elliptic_curves             10
-# define TLSEXT_TYPE_ec_point_formats            11
-
-/* ExtensionType value from RFC5054 */
-# define TLSEXT_TYPE_srp                         12
-
-/* ExtensionType values from RFC5246 */
-# define TLSEXT_TYPE_signature_algorithms        13
-
-/* ExtensionType value from RFC5764 */
-# define TLSEXT_TYPE_use_srtp    14
-
-/* ExtensionType value from RFC5620 */
-# define TLSEXT_TYPE_heartbeat   15
-
-/* ExtensionType value from RFC7301 */
-# define TLSEXT_TYPE_application_layer_protocol_negotiation 16
-
-/*
- * ExtensionType value for TLS padding extension.
- * http://tools.ietf.org/html/draft-agl-tls-padding
- */
-# define TLSEXT_TYPE_padding     21
-
-/* ExtensionType value from RFC4507 */
-# define TLSEXT_TYPE_session_ticket              35
-
-/* ExtensionType value from draft-rescorla-tls-opaque-prf-input-00.txt */
-# if 0
-/*
- * will have to be provided externally for now ,
- * i.e. build with -DTLSEXT_TYPE_opaque_prf_input=38183
- * using whatever extension number you'd like to try
- */
-#  define TLSEXT_TYPE_opaque_prf_input           ??
-# endif
-
-/* Temporary extension type */
-# define TLSEXT_TYPE_renegotiate                 0xff01
-
-# ifndef OPENSSL_NO_NEXTPROTONEG
-/* This is not an IANA defined extension number */
-#  define TLSEXT_TYPE_next_proto_neg              13172
-# endif
-
-/* NameType value from RFC3546 */
-# define TLSEXT_NAMETYPE_host_name 0
-/* status request value from RFC3546 */
-# define TLSEXT_STATUSTYPE_ocsp 1
-
-/* ECPointFormat values from RFC4492 */
-# define TLSEXT_ECPOINTFORMAT_first                      0
-# define TLSEXT_ECPOINTFORMAT_uncompressed               0
-# define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime  1
-# define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2  2
-# define TLSEXT_ECPOINTFORMAT_last                       2
-
-/* Signature and hash algorithms from RFC5246 */
-# define TLSEXT_signature_anonymous                      0
-# define TLSEXT_signature_rsa                            1
-# define TLSEXT_signature_dsa                            2
-# define TLSEXT_signature_ecdsa                          3
-
-/* Total number of different signature algorithms */
-# define TLSEXT_signature_num                            4
-
-# define TLSEXT_hash_none                                0
-# define TLSEXT_hash_md5                                 1
-# define TLSEXT_hash_sha1                                2
-# define TLSEXT_hash_sha224                              3
-# define TLSEXT_hash_sha256                              4
-# define TLSEXT_hash_sha384                              5
-# define TLSEXT_hash_sha512                              6
-
-/* Total number of different digest algorithms */
-
-# define TLSEXT_hash_num                                 7
-
-/* Flag set for unrecognised algorithms */
-# define TLSEXT_nid_unknown                              0x1000000
-
-/* ECC curves */
-
-# define TLSEXT_curve_P_256                              23
-# define TLSEXT_curve_P_384                              24
-
-# ifndef OPENSSL_NO_TLSEXT
-
-#  define TLSEXT_MAXLEN_host_name 255
-
-const char *SSL_get_servername(const SSL *s, const int type);
-int SSL_get_servername_type(const SSL *s);
-/*
- * SSL_export_keying_material exports a value derived from the master secret,
- * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and
- * optional context. (Since a zero length context is allowed, the |use_context|
- * flag controls whether a context is included.) It returns 1 on success and
- * zero otherwise.
- */
-int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
-                               const char *label, size_t llen,
-                               const unsigned char *context, size_t contextlen,
-                               int use_context);
-
-int SSL_get_sigalgs(SSL *s, int idx,
-                    int *psign, int *phash, int *psignandhash,
-                    unsigned char *rsig, unsigned char *rhash);
-
-int SSL_get_shared_sigalgs(SSL *s, int idx,
-                           int *psign, int *phash, int *psignandhash,
-                           unsigned char *rsig, unsigned char *rhash);
-
-int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain);
-
-#  define SSL_set_tlsext_host_name(s,name) \
-SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name)
-
-#  define SSL_set_tlsext_debug_callback(ssl, cb) \
-SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,(void (*)(void))cb)
-
-#  define SSL_set_tlsext_debug_arg(ssl, arg) \
-SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)arg)
-
-#  define SSL_set_tlsext_status_type(ssl, type) \
-SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type, NULL)
-
-#  define SSL_get_tlsext_status_exts(ssl, arg) \
-SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg)
-
-#  define SSL_set_tlsext_status_exts(ssl, arg) \
-SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg)
-
-#  define SSL_get_tlsext_status_ids(ssl, arg) \
-SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg)
-
-#  define SSL_set_tlsext_status_ids(ssl, arg) \
-SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg)
-
-#  define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \
-SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0, (void *)arg)
-
-#  define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \
-SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen, (void *)arg)
-
-#  define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \
-SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb)
-
-#  define SSL_TLSEXT_ERR_OK 0
-#  define SSL_TLSEXT_ERR_ALERT_WARNING 1
-#  define SSL_TLSEXT_ERR_ALERT_FATAL 2
-#  define SSL_TLSEXT_ERR_NOACK 3
-
-#  define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \
-SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg)
-
-#  define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \
-        SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLSEXT_TICKET_KEYS,(keylen),(keys))
-#  define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \
-        SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS,(keylen),(keys))
-
-#  define SSL_CTX_set_tlsext_status_cb(ssl, cb) \
-SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb)
-
-#  define SSL_CTX_set_tlsext_status_arg(ssl, arg) \
-SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg)
-
-#  define SSL_set_tlsext_opaque_prf_input(s, src, len) \
-SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT, len, src)
-#  define SSL_CTX_set_tlsext_opaque_prf_input_callback(ctx, cb) \
-SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB, (void (*)(void))cb)
-#  define SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(ctx, arg) \
-SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG, 0, arg)
-
-#  define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
-SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
-
-#  ifndef OPENSSL_NO_HEARTBEATS
-#   define SSL_TLSEXT_HB_ENABLED                           0x01
-#   define SSL_TLSEXT_HB_DONT_SEND_REQUESTS        0x02
-#   define SSL_TLSEXT_HB_DONT_RECV_REQUESTS        0x04
-
-#   define SSL_get_tlsext_heartbeat_pending(ssl) \
-        SSL_ctrl((ssl),SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING,0,NULL)
-#   define SSL_set_tlsext_heartbeat_no_requests(ssl, arg) \
-        SSL_ctrl((ssl),SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS,arg,NULL)
-#  endif
-# endif
-
-/* PSK ciphersuites from 4279 */
-# define TLS1_CK_PSK_WITH_RC4_128_SHA                    0x0300008A
-# define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA               0x0300008B
-# define TLS1_CK_PSK_WITH_AES_128_CBC_SHA                0x0300008C
-# define TLS1_CK_PSK_WITH_AES_256_CBC_SHA                0x0300008D
-
-/*
- * Additional TLS ciphersuites from expired Internet Draft
- * draft-ietf-tls-56-bit-ciphersuites-01.txt (available if
- * TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see s3_lib.c).  We
- * actually treat them like SSL 3.0 ciphers, which we probably shouldn't.
- * Note that the first two are actually not in the IDs.
- */
-# define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5          0x03000060/* not in
-                                                                    * ID */
-# define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5      0x03000061/* not in
-                                                                    * ID */
-# define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA         0x03000062
-# define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA     0x03000063
-# define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA          0x03000064
-# define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA      0x03000065
-# define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA                0x03000066
-
-/* AES ciphersuites from RFC3268 */
-# define TLS1_CK_RSA_WITH_AES_128_SHA                    0x0300002F
-# define TLS1_CK_DH_DSS_WITH_AES_128_SHA                 0x03000030
-# define TLS1_CK_DH_RSA_WITH_AES_128_SHA                 0x03000031
-# define TLS1_CK_DHE_DSS_WITH_AES_128_SHA                0x03000032
-# define TLS1_CK_DHE_RSA_WITH_AES_128_SHA                0x03000033
-# define TLS1_CK_ADH_WITH_AES_128_SHA                    0x03000034
-
-# define TLS1_CK_RSA_WITH_AES_256_SHA                    0x03000035
-# define TLS1_CK_DH_DSS_WITH_AES_256_SHA                 0x03000036
-# define TLS1_CK_DH_RSA_WITH_AES_256_SHA                 0x03000037
-# define TLS1_CK_DHE_DSS_WITH_AES_256_SHA                0x03000038
-# define TLS1_CK_DHE_RSA_WITH_AES_256_SHA                0x03000039
-# define TLS1_CK_ADH_WITH_AES_256_SHA                    0x0300003A
-
-/* TLS v1.2 ciphersuites */
-# define TLS1_CK_RSA_WITH_NULL_SHA256                    0x0300003B
-# define TLS1_CK_RSA_WITH_AES_128_SHA256                 0x0300003C
-# define TLS1_CK_RSA_WITH_AES_256_SHA256                 0x0300003D
-# define TLS1_CK_DH_DSS_WITH_AES_128_SHA256              0x0300003E
-# define TLS1_CK_DH_RSA_WITH_AES_128_SHA256              0x0300003F
-# define TLS1_CK_DHE_DSS_WITH_AES_128_SHA256             0x03000040
-
-/* Camellia ciphersuites from RFC4132 */
-# define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA           0x03000041
-# define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA        0x03000042
-# define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA        0x03000043
-# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA       0x03000044
-# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA       0x03000045
-# define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA           0x03000046
-
-/* TLS v1.2 ciphersuites */
-# define TLS1_CK_DHE_RSA_WITH_AES_128_SHA256             0x03000067
-# define TLS1_CK_DH_DSS_WITH_AES_256_SHA256              0x03000068
-# define TLS1_CK_DH_RSA_WITH_AES_256_SHA256              0x03000069
-# define TLS1_CK_DHE_DSS_WITH_AES_256_SHA256             0x0300006A
-# define TLS1_CK_DHE_RSA_WITH_AES_256_SHA256             0x0300006B
-# define TLS1_CK_ADH_WITH_AES_128_SHA256                 0x0300006C
-# define TLS1_CK_ADH_WITH_AES_256_SHA256                 0x0300006D
-
-/* Camellia ciphersuites from RFC4132 */
-# define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA           0x03000084
-# define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA        0x03000085
-# define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA        0x03000086
-# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA       0x03000087
-# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA       0x03000088
-# define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA           0x03000089
-
-/* SEED ciphersuites from RFC4162 */
-# define TLS1_CK_RSA_WITH_SEED_SHA                       0x03000096
-# define TLS1_CK_DH_DSS_WITH_SEED_SHA                    0x03000097
-# define TLS1_CK_DH_RSA_WITH_SEED_SHA                    0x03000098
-# define TLS1_CK_DHE_DSS_WITH_SEED_SHA                   0x03000099
-# define TLS1_CK_DHE_RSA_WITH_SEED_SHA                   0x0300009A
-# define TLS1_CK_ADH_WITH_SEED_SHA                       0x0300009B
-
-/* TLS v1.2 GCM ciphersuites from RFC5288 */
-# define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256             0x0300009C
-# define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384             0x0300009D
-# define TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256         0x0300009E
-# define TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384         0x0300009F
-# define TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256          0x030000A0
-# define TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384          0x030000A1
-# define TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256         0x030000A2
-# define TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384         0x030000A3
-# define TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256          0x030000A4
-# define TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384          0x030000A5
-# define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256             0x030000A6
-# define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384             0x030000A7
-
-/*
- * ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in
- * draft 13
- */
-# define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA                0x0300C001
-# define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA             0x0300C002
-# define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA        0x0300C003
-# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA         0x0300C004
-# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA         0x0300C005
-
-# define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA               0x0300C006
-# define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA            0x0300C007
-# define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA       0x0300C008
-# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA        0x0300C009
-# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA        0x0300C00A
-
-# define TLS1_CK_ECDH_RSA_WITH_NULL_SHA                  0x0300C00B
-# define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA               0x0300C00C
-# define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA          0x0300C00D
-# define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA           0x0300C00E
-# define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA           0x0300C00F
-
-# define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA                 0x0300C010
-# define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA              0x0300C011
-# define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA         0x0300C012
-# define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA          0x0300C013
-# define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA          0x0300C014
-
-# define TLS1_CK_ECDH_anon_WITH_NULL_SHA                 0x0300C015
-# define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA              0x0300C016
-# define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA         0x0300C017
-# define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA          0x0300C018
-# define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA          0x0300C019
-
-/* SRP ciphersuites from RFC 5054 */
-# define TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA           0x0300C01A
-# define TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA       0x0300C01B
-# define TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA       0x0300C01C
-# define TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA            0x0300C01D
-# define TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA        0x0300C01E
-# define TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA        0x0300C01F
-# define TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA            0x0300C020
-# define TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA        0x0300C021
-# define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA        0x0300C022
-
-/* ECDH HMAC based ciphersuites from RFC5289 */
-
-# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256         0x0300C023
-# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384         0x0300C024
-# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256          0x0300C025
-# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384          0x0300C026
-# define TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256           0x0300C027
-# define TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384           0x0300C028
-# define TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256            0x0300C029
-# define TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384            0x0300C02A
-
-/* ECDH GCM based ciphersuites from RFC5289 */
-# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256     0x0300C02B
-# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384     0x0300C02C
-# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256      0x0300C02D
-# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384      0x0300C02E
-# define TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256       0x0300C02F
-# define TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384       0x0300C030
-# define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256        0x0300C031
-# define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384        0x0300C032
-
-/*
- * XXX * Backward compatibility alert: + * Older versions of OpenSSL gave
- * some DHE ciphers names with "EDH" + * instead of "DHE".  Going forward, we
- * should be using DHE + * everywhere, though we may indefinitely maintain
- * aliases for users + * or configurations that used "EDH" +
- */
-# define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5         "EXP1024-RC4-MD5"
-# define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5     "EXP1024-RC2-CBC-MD5"
-# define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA        "EXP1024-DES-CBC-SHA"
-# define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA    "EXP1024-DHE-DSS-DES-CBC-SHA"
-# define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA         "EXP1024-RC4-SHA"
-# define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA     "EXP1024-DHE-DSS-RC4-SHA"
-# define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA               "DHE-DSS-RC4-SHA"
-
-/* AES ciphersuites from RFC3268 */
-# define TLS1_TXT_RSA_WITH_AES_128_SHA                   "AES128-SHA"
-# define TLS1_TXT_DH_DSS_WITH_AES_128_SHA                "DH-DSS-AES128-SHA"
-# define TLS1_TXT_DH_RSA_WITH_AES_128_SHA                "DH-RSA-AES128-SHA"
-# define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA               "DHE-DSS-AES128-SHA"
-# define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA               "DHE-RSA-AES128-SHA"
-# define TLS1_TXT_ADH_WITH_AES_128_SHA                   "ADH-AES128-SHA"
-
-# define TLS1_TXT_RSA_WITH_AES_256_SHA                   "AES256-SHA"
-# define TLS1_TXT_DH_DSS_WITH_AES_256_SHA                "DH-DSS-AES256-SHA"
-# define TLS1_TXT_DH_RSA_WITH_AES_256_SHA                "DH-RSA-AES256-SHA"
-# define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA               "DHE-DSS-AES256-SHA"
-# define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA               "DHE-RSA-AES256-SHA"
-# define TLS1_TXT_ADH_WITH_AES_256_SHA                   "ADH-AES256-SHA"
-
-/* ECC ciphersuites from RFC4492 */
-# define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA               "ECDH-ECDSA-NULL-SHA"
-# define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA            "ECDH-ECDSA-RC4-SHA"
-# define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA       "ECDH-ECDSA-DES-CBC3-SHA"
-# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA        "ECDH-ECDSA-AES128-SHA"
-# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA        "ECDH-ECDSA-AES256-SHA"
-
-# define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA              "ECDHE-ECDSA-NULL-SHA"
-# define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA           "ECDHE-ECDSA-RC4-SHA"
-# define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA      "ECDHE-ECDSA-DES-CBC3-SHA"
-# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA       "ECDHE-ECDSA-AES128-SHA"
-# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA       "ECDHE-ECDSA-AES256-SHA"
-
-# define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA                 "ECDH-RSA-NULL-SHA"
-# define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA              "ECDH-RSA-RC4-SHA"
-# define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA         "ECDH-RSA-DES-CBC3-SHA"
-# define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA          "ECDH-RSA-AES128-SHA"
-# define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA          "ECDH-RSA-AES256-SHA"
-
-# define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA                "ECDHE-RSA-NULL-SHA"
-# define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA             "ECDHE-RSA-RC4-SHA"
-# define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA        "ECDHE-RSA-DES-CBC3-SHA"
-# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA         "ECDHE-RSA-AES128-SHA"
-# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA         "ECDHE-RSA-AES256-SHA"
-
-# define TLS1_TXT_ECDH_anon_WITH_NULL_SHA                "AECDH-NULL-SHA"
-# define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA             "AECDH-RC4-SHA"
-# define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA        "AECDH-DES-CBC3-SHA"
-# define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA         "AECDH-AES128-SHA"
-# define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA         "AECDH-AES256-SHA"
-
-/* PSK ciphersuites from RFC 4279 */
-# define TLS1_TXT_PSK_WITH_RC4_128_SHA                   "PSK-RC4-SHA"
-# define TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA              "PSK-3DES-EDE-CBC-SHA"
-# define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA               "PSK-AES128-CBC-SHA"
-# define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA               "PSK-AES256-CBC-SHA"
-
-/* SRP ciphersuite from RFC 5054 */
-# define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA          "SRP-3DES-EDE-CBC-SHA"
-# define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA      "SRP-RSA-3DES-EDE-CBC-SHA"
-# define TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA      "SRP-DSS-3DES-EDE-CBC-SHA"
-# define TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA           "SRP-AES-128-CBC-SHA"
-# define TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA       "SRP-RSA-AES-128-CBC-SHA"
-# define TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA       "SRP-DSS-AES-128-CBC-SHA"
-# define TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA           "SRP-AES-256-CBC-SHA"
-# define TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA       "SRP-RSA-AES-256-CBC-SHA"
-# define TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA       "SRP-DSS-AES-256-CBC-SHA"
-
-/* Camellia ciphersuites from RFC4132 */
-# define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA          "CAMELLIA128-SHA"
-# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA       "DH-DSS-CAMELLIA128-SHA"
-# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA       "DH-RSA-CAMELLIA128-SHA"
-# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA      "DHE-DSS-CAMELLIA128-SHA"
-# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA      "DHE-RSA-CAMELLIA128-SHA"
-# define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA          "ADH-CAMELLIA128-SHA"
-
-# define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA          "CAMELLIA256-SHA"
-# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA       "DH-DSS-CAMELLIA256-SHA"
-# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA       "DH-RSA-CAMELLIA256-SHA"
-# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA      "DHE-DSS-CAMELLIA256-SHA"
-# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA      "DHE-RSA-CAMELLIA256-SHA"
-# define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA          "ADH-CAMELLIA256-SHA"
-
-/* SEED ciphersuites from RFC4162 */
-# define TLS1_TXT_RSA_WITH_SEED_SHA                      "SEED-SHA"
-# define TLS1_TXT_DH_DSS_WITH_SEED_SHA                   "DH-DSS-SEED-SHA"
-# define TLS1_TXT_DH_RSA_WITH_SEED_SHA                   "DH-RSA-SEED-SHA"
-# define TLS1_TXT_DHE_DSS_WITH_SEED_SHA                  "DHE-DSS-SEED-SHA"
-# define TLS1_TXT_DHE_RSA_WITH_SEED_SHA                  "DHE-RSA-SEED-SHA"
-# define TLS1_TXT_ADH_WITH_SEED_SHA                      "ADH-SEED-SHA"
-
-/* TLS v1.2 ciphersuites */
-# define TLS1_TXT_RSA_WITH_NULL_SHA256                   "NULL-SHA256"
-# define TLS1_TXT_RSA_WITH_AES_128_SHA256                "AES128-SHA256"
-# define TLS1_TXT_RSA_WITH_AES_256_SHA256                "AES256-SHA256"
-# define TLS1_TXT_DH_DSS_WITH_AES_128_SHA256             "DH-DSS-AES128-SHA256"
-# define TLS1_TXT_DH_RSA_WITH_AES_128_SHA256             "DH-RSA-AES128-SHA256"
-# define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256            "DHE-DSS-AES128-SHA256"
-# define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256            "DHE-RSA-AES128-SHA256"
-# define TLS1_TXT_DH_DSS_WITH_AES_256_SHA256             "DH-DSS-AES256-SHA256"
-# define TLS1_TXT_DH_RSA_WITH_AES_256_SHA256             "DH-RSA-AES256-SHA256"
-# define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256            "DHE-DSS-AES256-SHA256"
-# define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256            "DHE-RSA-AES256-SHA256"
-# define TLS1_TXT_ADH_WITH_AES_128_SHA256                "ADH-AES128-SHA256"
-# define TLS1_TXT_ADH_WITH_AES_256_SHA256                "ADH-AES256-SHA256"
-
-/* TLS v1.2 GCM ciphersuites from RFC5288 */
-# define TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256            "AES128-GCM-SHA256"
-# define TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384            "AES256-GCM-SHA384"
-# define TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256        "DHE-RSA-AES128-GCM-SHA256"
-# define TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384        "DHE-RSA-AES256-GCM-SHA384"
-# define TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256         "DH-RSA-AES128-GCM-SHA256"
-# define TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384         "DH-RSA-AES256-GCM-SHA384"
-# define TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256        "DHE-DSS-AES128-GCM-SHA256"
-# define TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384        "DHE-DSS-AES256-GCM-SHA384"
-# define TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256         "DH-DSS-AES128-GCM-SHA256"
-# define TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384         "DH-DSS-AES256-GCM-SHA384"
-# define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256            "ADH-AES128-GCM-SHA256"
-# define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384            "ADH-AES256-GCM-SHA384"
-
-/* ECDH HMAC based ciphersuites from RFC5289 */
-
-# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256    "ECDHE-ECDSA-AES128-SHA256"
-# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384    "ECDHE-ECDSA-AES256-SHA384"
-# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256     "ECDH-ECDSA-AES128-SHA256"
-# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384     "ECDH-ECDSA-AES256-SHA384"
-# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256      "ECDHE-RSA-AES128-SHA256"
-# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384      "ECDHE-RSA-AES256-SHA384"
-# define TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256       "ECDH-RSA-AES128-SHA256"
-# define TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384       "ECDH-RSA-AES256-SHA384"
-
-/* ECDH GCM based ciphersuites from RFC5289 */
-# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256    "ECDHE-ECDSA-AES128-GCM-SHA256"
-# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384    "ECDHE-ECDSA-AES256-GCM-SHA384"
-# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256     "ECDH-ECDSA-AES128-GCM-SHA256"
-# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384     "ECDH-ECDSA-AES256-GCM-SHA384"
-# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256      "ECDHE-RSA-AES128-GCM-SHA256"
-# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384      "ECDHE-RSA-AES256-GCM-SHA384"
-# define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256       "ECDH-RSA-AES128-GCM-SHA256"
-# define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384       "ECDH-RSA-AES256-GCM-SHA384"
-
-# define TLS_CT_RSA_SIGN                 1
-# define TLS_CT_DSS_SIGN                 2
-# define TLS_CT_RSA_FIXED_DH             3
-# define TLS_CT_DSS_FIXED_DH             4
-# define TLS_CT_ECDSA_SIGN               64
-# define TLS_CT_RSA_FIXED_ECDH           65
-# define TLS_CT_ECDSA_FIXED_ECDH         66
-# define TLS_CT_GOST94_SIGN              21
-# define TLS_CT_GOST01_SIGN              22
-/*
- * when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see
- * comment there)
- */
-# define TLS_CT_NUMBER                   9
-
-# define TLS1_FINISH_MAC_LENGTH          12
-
-# define TLS_MD_MAX_CONST_SIZE                   20
-# define TLS_MD_CLIENT_FINISH_CONST              "client finished"
-# define TLS_MD_CLIENT_FINISH_CONST_SIZE         15
-# define TLS_MD_SERVER_FINISH_CONST              "server finished"
-# define TLS_MD_SERVER_FINISH_CONST_SIZE         15
-# define TLS_MD_SERVER_WRITE_KEY_CONST           "server write key"
-# define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE      16
-# define TLS_MD_KEY_EXPANSION_CONST              "key expansion"
-# define TLS_MD_KEY_EXPANSION_CONST_SIZE         13
-# define TLS_MD_CLIENT_WRITE_KEY_CONST           "client write key"
-# define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE      16
-# define TLS_MD_SERVER_WRITE_KEY_CONST           "server write key"
-# define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE      16
-# define TLS_MD_IV_BLOCK_CONST                   "IV block"
-# define TLS_MD_IV_BLOCK_CONST_SIZE              8
-# define TLS_MD_MASTER_SECRET_CONST              "master secret"
-# define TLS_MD_MASTER_SECRET_CONST_SIZE         13
-
-# ifdef CHARSET_EBCDIC
-#  undef TLS_MD_CLIENT_FINISH_CONST
-/*
- * client finished
- */
-#  define TLS_MD_CLIENT_FINISH_CONST    "\x63\x6c\x69\x65\x6e\x74\x20\x66\x69\x6e\x69\x73\x68\x65\x64"
-
-#  undef TLS_MD_SERVER_FINISH_CONST
-/*
- * server finished
- */
-#  define TLS_MD_SERVER_FINISH_CONST    "\x73\x65\x72\x76\x65\x72\x20\x66\x69\x6e\x69\x73\x68\x65\x64"
-
-#  undef TLS_MD_SERVER_WRITE_KEY_CONST
-/*
- * server write key
- */
-#  define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"
-
-#  undef TLS_MD_KEY_EXPANSION_CONST
-/*
- * key expansion
- */
-#  define TLS_MD_KEY_EXPANSION_CONST    "\x6b\x65\x79\x20\x65\x78\x70\x61\x6e\x73\x69\x6f\x6e"
-
-#  undef TLS_MD_CLIENT_WRITE_KEY_CONST
-/*
- * client write key
- */
-#  define TLS_MD_CLIENT_WRITE_KEY_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"
-
-#  undef TLS_MD_SERVER_WRITE_KEY_CONST
-/*
- * server write key
- */
-#  define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"
-
-#  undef TLS_MD_IV_BLOCK_CONST
-/*
- * IV block
- */
-#  define TLS_MD_IV_BLOCK_CONST         "\x49\x56\x20\x62\x6c\x6f\x63\x6b"
-
-#  undef TLS_MD_MASTER_SECRET_CONST
-/*
- * master secret
- */
-#  define TLS_MD_MASTER_SECRET_CONST    "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74"
-# endif
-
-/* TLS Session Ticket extension struct */
-struct tls_session_ticket_ext_st {
-    unsigned short length;
-    void *data;
-};
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/freebsd/crypto/openssl/ssl/tls13_enc.c b/freebsd/crypto/openssl/ssl/tls13_enc.c
new file mode 100644
index 00000000..cd100126
--- /dev/null
+++ b/freebsd/crypto/openssl/ssl/tls13_enc.c
@@ -0,0 +1,812 @@
+#include <machine/rtems-bsd-user-space.h>
+
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdlib.h>
+#include "ssl_locl.h"
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/kdf.h>
+
+#define TLS13_MAX_LABEL_LEN     246
+
+/* Always filled with zeros */
+static const unsigned char default_zeros[EVP_MAX_MD_SIZE];
+
+/*
+ * Given a |secret|; a |label| of length |labellen|; and |data| of length
+ * |datalen| (e.g. typically a hash of the handshake messages), derive a new
+ * secret |outlen| bytes long and store it in the location pointed to be |out|.
+ * The |data| value may be zero length. Returns 1 on success  0 on failure.
+ */
+int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret,
+                             const unsigned char *label, size_t labellen,
+                             const unsigned char *data, size_t datalen,
+                             unsigned char *out, size_t outlen)
+{
+    const unsigned char label_prefix[] = "tls13 ";
+    EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
+    int ret;
+    size_t hkdflabellen;
+    size_t hashlen;
+    /*
+     * 2 bytes for length of whole HkdfLabel + 1 byte for length of combined
+     * prefix and label + bytes for the label itself + bytes for the hash
+     */
+    unsigned char hkdflabel[sizeof(uint16_t) + sizeof(uint8_t) +
+                            + sizeof(label_prefix) + TLS13_MAX_LABEL_LEN
+                            + EVP_MAX_MD_SIZE];
+    WPACKET pkt;
+
+    if (pctx == NULL)
+        return 0;
+
+    hashlen = EVP_MD_size(md);
+
+    if (!WPACKET_init_static_len(&pkt, hkdflabel, sizeof(hkdflabel), 0)
+            || !WPACKET_put_bytes_u16(&pkt, outlen)
+            || !WPACKET_start_sub_packet_u8(&pkt)
+            || !WPACKET_memcpy(&pkt, label_prefix, sizeof(label_prefix) - 1)
+            || !WPACKET_memcpy(&pkt, label, labellen)
+            || !WPACKET_close(&pkt)
+            || !WPACKET_sub_memcpy_u8(&pkt, data, (data == NULL) ? 0 : datalen)
+            || !WPACKET_get_total_written(&pkt, &hkdflabellen)
+            || !WPACKET_finish(&pkt)) {
+        EVP_PKEY_CTX_free(pctx);
+        WPACKET_cleanup(&pkt);
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_HKDF_EXPAND,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    ret = EVP_PKEY_derive_init(pctx) <= 0
+            || EVP_PKEY_CTX_hkdf_mode(pctx, EVP_PKEY_HKDEF_MODE_EXPAND_ONLY)
+               <= 0
+            || EVP_PKEY_CTX_set_hkdf_md(pctx, md) <= 0
+            || EVP_PKEY_CTX_set1_hkdf_key(pctx, secret, hashlen) <= 0
+            || EVP_PKEY_CTX_add1_hkdf_info(pctx, hkdflabel, hkdflabellen) <= 0
+            || EVP_PKEY_derive(pctx, out, &outlen) <= 0;
+
+    EVP_PKEY_CTX_free(pctx);
+
+    if (ret != 0)
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_HKDF_EXPAND,
+                 ERR_R_INTERNAL_ERROR);
+
+    return ret == 0;
+}
+
+/*
+ * Given a |secret| generate a |key| of length |keylen| bytes. Returns 1 on
+ * success  0 on failure.
+ */
+int tls13_derive_key(SSL *s, const EVP_MD *md, const unsigned char *secret,
+                     unsigned char *key, size_t keylen)
+{
+    static const unsigned char keylabel[] = "key";
+
+    return tls13_hkdf_expand(s, md, secret, keylabel, sizeof(keylabel) - 1,
+                             NULL, 0, key, keylen);
+}
+
+/*
+ * Given a |secret| generate an |iv| of length |ivlen| bytes. Returns 1 on
+ * success  0 on failure.
+ */
+int tls13_derive_iv(SSL *s, const EVP_MD *md, const unsigned char *secret,
+                    unsigned char *iv, size_t ivlen)
+{
+    static const unsigned char ivlabel[] = "iv";
+
+    return tls13_hkdf_expand(s, md, secret, ivlabel, sizeof(ivlabel) - 1,
+                             NULL, 0, iv, ivlen);
+}
+
+int tls13_derive_finishedkey(SSL *s, const EVP_MD *md,
+                             const unsigned char *secret,
+                             unsigned char *fin, size_t finlen)
+{
+    static const unsigned char finishedlabel[] = "finished";
+
+    return tls13_hkdf_expand(s, md, secret, finishedlabel,
+                             sizeof(finishedlabel) - 1, NULL, 0, fin, finlen);
+}
+
+/*
+ * Given the previous secret |prevsecret| and a new input secret |insecret| of
+ * length |insecretlen|, generate a new secret and store it in the location
+ * pointed to by |outsecret|. Returns 1 on success  0 on failure.
+ */
+int tls13_generate_secret(SSL *s, const EVP_MD *md,
+                          const unsigned char *prevsecret,
+                          const unsigned char *insecret,
+                          size_t insecretlen,
+                          unsigned char *outsecret)
+{
+    size_t mdlen, prevsecretlen;
+    int mdleni;
+    int ret;
+    EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
+    static const char derived_secret_label[] = "derived";
+    unsigned char preextractsec[EVP_MAX_MD_SIZE];
+
+    if (pctx == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_GENERATE_SECRET,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    mdleni = EVP_MD_size(md);
+    /* Ensure cast to size_t is safe */
+    if (!ossl_assert(mdleni >= 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_GENERATE_SECRET,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    mdlen = (size_t)mdleni;
+
+    if (insecret == NULL) {
+        insecret = default_zeros;
+        insecretlen = mdlen;
+    }
+    if (prevsecret == NULL) {
+        prevsecret = default_zeros;
+        prevsecretlen = 0;
+    } else {
+        EVP_MD_CTX *mctx = EVP_MD_CTX_new();
+        unsigned char hash[EVP_MAX_MD_SIZE];
+
+        /* The pre-extract derive step uses a hash of no messages */
+        if (mctx == NULL
+                || EVP_DigestInit_ex(mctx, md, NULL) <= 0
+                || EVP_DigestFinal_ex(mctx, hash, NULL) <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_GENERATE_SECRET,
+                     ERR_R_INTERNAL_ERROR);
+            EVP_MD_CTX_free(mctx);
+            EVP_PKEY_CTX_free(pctx);
+            return 0;
+        }
+        EVP_MD_CTX_free(mctx);
+
+        /* Generate the pre-extract secret */
+        if (!tls13_hkdf_expand(s, md, prevsecret,
+                               (unsigned char *)derived_secret_label,
+                               sizeof(derived_secret_label) - 1, hash, mdlen,
+                               preextractsec, mdlen)) {
+            /* SSLfatal() already called */
+            EVP_PKEY_CTX_free(pctx);
+            return 0;
+        }
+
+        prevsecret = preextractsec;
+        prevsecretlen = mdlen;
+    }
+
+    ret = EVP_PKEY_derive_init(pctx) <= 0
+            || EVP_PKEY_CTX_hkdf_mode(pctx, EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY)
+               <= 0
+            || EVP_PKEY_CTX_set_hkdf_md(pctx, md) <= 0
+            || EVP_PKEY_CTX_set1_hkdf_key(pctx, insecret, insecretlen) <= 0
+            || EVP_PKEY_CTX_set1_hkdf_salt(pctx, prevsecret, prevsecretlen)
+               <= 0
+            || EVP_PKEY_derive(pctx, outsecret, &mdlen)
+               <= 0;
+
+    if (ret != 0)
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_GENERATE_SECRET,
+                 ERR_R_INTERNAL_ERROR);
+
+    EVP_PKEY_CTX_free(pctx);
+    if (prevsecret == preextractsec)
+        OPENSSL_cleanse(preextractsec, mdlen);
+    return ret == 0;
+}
+
+/*
+ * Given an input secret |insecret| of length |insecretlen| generate the
+ * handshake secret. This requires the early secret to already have been
+ * generated. Returns 1 on success  0 on failure.
+ */
+int tls13_generate_handshake_secret(SSL *s, const unsigned char *insecret,
+                                size_t insecretlen)
+{
+    /* Calls SSLfatal() if required */
+    return tls13_generate_secret(s, ssl_handshake_md(s), s->early_secret,
+                                 insecret, insecretlen,
+                                 (unsigned char *)&s->handshake_secret);
+}
+
+/*
+ * Given the handshake secret |prev| of length |prevlen| generate the master
+ * secret and store its length in |*secret_size|. Returns 1 on success  0 on
+ * failure.
+ */
+int tls13_generate_master_secret(SSL *s, unsigned char *out,
+                                 unsigned char *prev, size_t prevlen,
+                                 size_t *secret_size)
+{
+    const EVP_MD *md = ssl_handshake_md(s);
+
+    *secret_size = EVP_MD_size(md);
+    /* Calls SSLfatal() if required */
+    return tls13_generate_secret(s, md, prev, NULL, 0, out);
+}
+
+/*
+ * Generates the mac for the Finished message. Returns the length of the MAC or
+ * 0 on error.
+ */
+size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen,
+                             unsigned char *out)
+{
+    const EVP_MD *md = ssl_handshake_md(s);
+    unsigned char hash[EVP_MAX_MD_SIZE];
+    size_t hashlen, ret = 0;
+    EVP_PKEY *key = NULL;
+    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+
+    if (!ssl_handshake_hash(s, hash, sizeof(hash), &hashlen)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    if (str == s->method->ssl3_enc->server_finished_label) {
+        key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL,
+                                           s->server_finished_secret, hashlen);
+    } else if (SSL_IS_FIRST_HANDSHAKE(s)) {
+        key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL,
+                                           s->client_finished_secret, hashlen);
+    } else {
+        unsigned char finsecret[EVP_MAX_MD_SIZE];
+
+        if (!tls13_derive_finishedkey(s, ssl_handshake_md(s),
+                                      s->client_app_traffic_secret,
+                                      finsecret, hashlen))
+            goto err;
+
+        key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, finsecret,
+                                           hashlen);
+        OPENSSL_cleanse(finsecret, sizeof(finsecret));
+    }
+
+    if (key == NULL
+            || ctx == NULL
+            || EVP_DigestSignInit(ctx, NULL, md, NULL, key) <= 0
+            || EVP_DigestSignUpdate(ctx, hash, hashlen) <= 0
+            || EVP_DigestSignFinal(ctx, out, &hashlen) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_FINAL_FINISH_MAC,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    ret = hashlen;
+ err:
+    EVP_PKEY_free(key);
+    EVP_MD_CTX_free(ctx);
+    return ret;
+}
+
+/*
+ * There isn't really a key block in TLSv1.3, but we still need this function
+ * for initialising the cipher and hash. Returns 1 on success or 0 on failure.
+ */
+int tls13_setup_key_block(SSL *s)
+{
+    const EVP_CIPHER *c;
+    const EVP_MD *hash;
+    int mac_type = NID_undef;
+
+    s->session->cipher = s->s3->tmp.new_cipher;
+    if (!ssl_cipher_get_evp
+        (s->session, &c, &hash, &mac_type, NULL, NULL, 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_SETUP_KEY_BLOCK,
+                 SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
+        return 0;
+    }
+
+    s->s3->tmp.new_sym_enc = c;
+    s->s3->tmp.new_hash = hash;
+
+    return 1;
+}
+
+static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md,
+                                    const EVP_CIPHER *ciph,
+                                    const unsigned char *insecret,
+                                    const unsigned char *hash,
+                                    const unsigned char *label,
+                                    size_t labellen, unsigned char *secret,
+                                    unsigned char *iv, EVP_CIPHER_CTX *ciph_ctx)
+{
+    unsigned char key[EVP_MAX_KEY_LENGTH];
+    size_t ivlen, keylen, taglen;
+    int hashleni = EVP_MD_size(md);
+    size_t hashlen;
+
+    /* Ensure cast to size_t is safe */
+    if (!ossl_assert(hashleni >= 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DERIVE_SECRET_KEY_AND_IV,
+                 ERR_R_EVP_LIB);
+        goto err;
+    }
+    hashlen = (size_t)hashleni;
+
+    if (!tls13_hkdf_expand(s, md, insecret, label, labellen, hash, hashlen,
+                           secret, hashlen)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    /* TODO(size_t): convert me */
+    keylen = EVP_CIPHER_key_length(ciph);
+    if (EVP_CIPHER_mode(ciph) == EVP_CIPH_CCM_MODE) {
+        uint32_t algenc;
+
+        ivlen = EVP_CCM_TLS_IV_LEN;
+        if (s->s3->tmp.new_cipher == NULL) {
+            /* We've not selected a cipher yet - we must be doing early data */
+            algenc = s->session->cipher->algorithm_enc;
+        } else {
+            algenc = s->s3->tmp.new_cipher->algorithm_enc;
+        }
+        if (algenc & (SSL_AES128CCM8 | SSL_AES256CCM8))
+            taglen = EVP_CCM8_TLS_TAG_LEN;
+         else
+            taglen = EVP_CCM_TLS_TAG_LEN;
+    } else {
+        ivlen = EVP_CIPHER_iv_length(ciph);
+        taglen = 0;
+    }
+
+    if (!tls13_derive_key(s, md, secret, key, keylen)
+            || !tls13_derive_iv(s, md, secret, iv, ivlen)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    if (EVP_CipherInit_ex(ciph_ctx, ciph, NULL, NULL, NULL, sending) <= 0
+        || !EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)
+        || (taglen != 0 && !EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_TAG,
+                                                taglen, NULL))
+        || EVP_CipherInit_ex(ciph_ctx, NULL, NULL, key, NULL, -1) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DERIVE_SECRET_KEY_AND_IV,
+                 ERR_R_EVP_LIB);
+        goto err;
+    }
+
+    return 1;
+ err:
+    OPENSSL_cleanse(key, sizeof(key));
+    return 0;
+}
+
+int tls13_change_cipher_state(SSL *s, int which)
+{
+    static const unsigned char client_early_traffic[] = "c e traffic";
+    static const unsigned char client_handshake_traffic[] = "c hs traffic";
+    static const unsigned char client_application_traffic[] = "c ap traffic";
+    static const unsigned char server_handshake_traffic[] = "s hs traffic";
+    static const unsigned char server_application_traffic[] = "s ap traffic";
+    static const unsigned char exporter_master_secret[] = "exp master";
+    static const unsigned char resumption_master_secret[] = "res master";
+    static const unsigned char early_exporter_master_secret[] = "e exp master";
+    unsigned char *iv;
+    unsigned char secret[EVP_MAX_MD_SIZE];
+    unsigned char hashval[EVP_MAX_MD_SIZE];
+    unsigned char *hash = hashval;
+    unsigned char *insecret;
+    unsigned char *finsecret = NULL;
+    const char *log_label = NULL;
+    EVP_CIPHER_CTX *ciph_ctx;
+    size_t finsecretlen = 0;
+    const unsigned char *label;
+    size_t labellen, hashlen = 0;
+    int ret = 0;
+    const EVP_MD *md = NULL;
+    const EVP_CIPHER *cipher = NULL;
+
+    if (which & SSL3_CC_READ) {
+        if (s->enc_read_ctx != NULL) {
+            EVP_CIPHER_CTX_reset(s->enc_read_ctx);
+        } else {
+            s->enc_read_ctx = EVP_CIPHER_CTX_new();
+            if (s->enc_read_ctx == NULL) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS13_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+        }
+        ciph_ctx = s->enc_read_ctx;
+        iv = s->read_iv;
+
+        RECORD_LAYER_reset_read_sequence(&s->rlayer);
+    } else {
+        s->statem.enc_write_state = ENC_WRITE_STATE_INVALID;
+        if (s->enc_write_ctx != NULL) {
+            EVP_CIPHER_CTX_reset(s->enc_write_ctx);
+        } else {
+            s->enc_write_ctx = EVP_CIPHER_CTX_new();
+            if (s->enc_write_ctx == NULL) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS13_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+        }
+        ciph_ctx = s->enc_write_ctx;
+        iv = s->write_iv;
+
+        RECORD_LAYER_reset_write_sequence(&s->rlayer);
+    }
+
+    if (((which & SSL3_CC_CLIENT) && (which & SSL3_CC_WRITE))
+            || ((which & SSL3_CC_SERVER) && (which & SSL3_CC_READ))) {
+        if (which & SSL3_CC_EARLY) {
+            EVP_MD_CTX *mdctx = NULL;
+            long handlen;
+            void *hdata;
+            unsigned int hashlenui;
+            const SSL_CIPHER *sslcipher = SSL_SESSION_get0_cipher(s->session);
+
+            insecret = s->early_secret;
+            label = client_early_traffic;
+            labellen = sizeof(client_early_traffic) - 1;
+            log_label = CLIENT_EARLY_LABEL;
+
+            handlen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
+            if (handlen <= 0) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS13_CHANGE_CIPHER_STATE,
+                         SSL_R_BAD_HANDSHAKE_LENGTH);
+                goto err;
+            }
+
+            if (s->early_data_state == SSL_EARLY_DATA_CONNECTING
+                    && s->max_early_data > 0
+                    && s->session->ext.max_early_data == 0) {
+                /*
+                 * If we are attempting to send early data, and we've decided to
+                 * actually do it but max_early_data in s->session is 0 then we
+                 * must be using an external PSK.
+                 */
+                if (!ossl_assert(s->psksession != NULL
+                        && s->max_early_data ==
+                           s->psksession->ext.max_early_data)) {
+                    SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                             SSL_F_TLS13_CHANGE_CIPHER_STATE,
+                             ERR_R_INTERNAL_ERROR);
+                    goto err;
+                }
+                sslcipher = SSL_SESSION_get0_cipher(s->psksession);
+            }
+            if (sslcipher == NULL) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS13_CHANGE_CIPHER_STATE, SSL_R_BAD_PSK);
+                goto err;
+            }
+
+            /*
+             * We need to calculate the handshake digest using the digest from
+             * the session. We haven't yet selected our ciphersuite so we can't
+             * use ssl_handshake_md().
+             */
+            mdctx = EVP_MD_CTX_new();
+            if (mdctx == NULL) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS13_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            cipher = EVP_get_cipherbynid(SSL_CIPHER_get_cipher_nid(sslcipher));
+            md = ssl_md(sslcipher->algorithm2);
+            if (md == NULL || !EVP_DigestInit_ex(mdctx, md, NULL)
+                    || !EVP_DigestUpdate(mdctx, hdata, handlen)
+                    || !EVP_DigestFinal_ex(mdctx, hashval, &hashlenui)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS13_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
+                EVP_MD_CTX_free(mdctx);
+                goto err;
+            }
+            hashlen = hashlenui;
+            EVP_MD_CTX_free(mdctx);
+
+            if (!tls13_hkdf_expand(s, md, insecret,
+                                   early_exporter_master_secret,
+                                   sizeof(early_exporter_master_secret) - 1,
+                                   hashval, hashlen,
+                                   s->early_exporter_master_secret, hashlen)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS13_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+
+            if (!ssl_log_secret(s, EARLY_EXPORTER_SECRET_LABEL,
+                                s->early_exporter_master_secret, hashlen)) {
+                /* SSLfatal() already called */
+                goto err;
+            }
+        } else if (which & SSL3_CC_HANDSHAKE) {
+            insecret = s->handshake_secret;
+            finsecret = s->client_finished_secret;
+            finsecretlen = EVP_MD_size(ssl_handshake_md(s));
+            label = client_handshake_traffic;
+            labellen = sizeof(client_handshake_traffic) - 1;
+            log_label = CLIENT_HANDSHAKE_LABEL;
+            /*
+             * The handshake hash used for the server read/client write handshake
+             * traffic secret is the same as the hash for the server
+             * write/client read handshake traffic secret. However, if we
+             * processed early data then we delay changing the server
+             * read/client write cipher state until later, and the handshake
+             * hashes have moved on. Therefore we use the value saved earlier
+             * when we did the server write/client read change cipher state.
+             */
+            hash = s->handshake_traffic_hash;
+        } else {
+            insecret = s->master_secret;
+            label = client_application_traffic;
+            labellen = sizeof(client_application_traffic) - 1;
+            log_label = CLIENT_APPLICATION_LABEL;
+            /*
+             * For this we only use the handshake hashes up until the server
+             * Finished hash. We do not include the client's Finished, which is
+             * what ssl_handshake_hash() would give us. Instead we use the
+             * previously saved value.
+             */
+            hash = s->server_finished_hash;
+        }
+    } else {
+        /* Early data never applies to client-read/server-write */
+        if (which & SSL3_CC_HANDSHAKE) {
+            insecret = s->handshake_secret;
+            finsecret = s->server_finished_secret;
+            finsecretlen = EVP_MD_size(ssl_handshake_md(s));
+            label = server_handshake_traffic;
+            labellen = sizeof(server_handshake_traffic) - 1;
+            log_label = SERVER_HANDSHAKE_LABEL;
+        } else {
+            insecret = s->master_secret;
+            label = server_application_traffic;
+            labellen = sizeof(server_application_traffic) - 1;
+            log_label = SERVER_APPLICATION_LABEL;
+        }
+    }
+
+    if (!(which & SSL3_CC_EARLY)) {
+        md = ssl_handshake_md(s);
+        cipher = s->s3->tmp.new_sym_enc;
+        if (!ssl3_digest_cached_records(s, 1)
+                || !ssl_handshake_hash(s, hashval, sizeof(hashval), &hashlen)) {
+            /* SSLfatal() already called */;
+            goto err;
+        }
+    }
+
+    /*
+     * Save the hash of handshakes up to now for use when we calculate the
+     * client application traffic secret
+     */
+    if (label == server_application_traffic)
+        memcpy(s->server_finished_hash, hashval, hashlen);
+
+    if (label == server_handshake_traffic)
+        memcpy(s->handshake_traffic_hash, hashval, hashlen);
+
+    if (label == client_application_traffic) {
+        /*
+         * We also create the resumption master secret, but this time use the
+         * hash for the whole handshake including the Client Finished
+         */
+        if (!tls13_hkdf_expand(s, ssl_handshake_md(s), insecret,
+                               resumption_master_secret,
+                               sizeof(resumption_master_secret) - 1,
+                               hashval, hashlen, s->resumption_master_secret,
+                               hashlen)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    }
+
+    if (!derive_secret_key_and_iv(s, which & SSL3_CC_WRITE, md, cipher,
+                                  insecret, hash, label, labellen, secret, iv,
+                                  ciph_ctx)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    if (label == server_application_traffic) {
+        memcpy(s->server_app_traffic_secret, secret, hashlen);
+        /* Now we create the exporter master secret */
+        if (!tls13_hkdf_expand(s, ssl_handshake_md(s), insecret,
+                               exporter_master_secret,
+                               sizeof(exporter_master_secret) - 1,
+                               hash, hashlen, s->exporter_master_secret,
+                               hashlen)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+
+        if (!ssl_log_secret(s, EXPORTER_SECRET_LABEL, s->exporter_master_secret,
+                            hashlen)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    } else if (label == client_application_traffic)
+        memcpy(s->client_app_traffic_secret, secret, hashlen);
+
+    if (!ssl_log_secret(s, log_label, secret, hashlen)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    if (finsecret != NULL
+            && !tls13_derive_finishedkey(s, ssl_handshake_md(s), secret,
+                                         finsecret, finsecretlen)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    if (!s->server && label == client_early_traffic)
+        s->statem.enc_write_state = ENC_WRITE_STATE_WRITE_PLAIN_ALERTS;
+    else
+        s->statem.enc_write_state = ENC_WRITE_STATE_VALID;
+    ret = 1;
+ err:
+    OPENSSL_cleanse(secret, sizeof(secret));
+    return ret;
+}
+
+int tls13_update_key(SSL *s, int sending)
+{
+    static const unsigned char application_traffic[] = "traffic upd";
+    const EVP_MD *md = ssl_handshake_md(s);
+    size_t hashlen = EVP_MD_size(md);
+    unsigned char *insecret, *iv;
+    unsigned char secret[EVP_MAX_MD_SIZE];
+    EVP_CIPHER_CTX *ciph_ctx;
+    int ret = 0;
+
+    if (s->server == sending)
+        insecret = s->server_app_traffic_secret;
+    else
+        insecret = s->client_app_traffic_secret;
+
+    if (sending) {
+        s->statem.enc_write_state = ENC_WRITE_STATE_INVALID;
+        iv = s->write_iv;
+        ciph_ctx = s->enc_write_ctx;
+        RECORD_LAYER_reset_write_sequence(&s->rlayer);
+    } else {
+        iv = s->read_iv;
+        ciph_ctx = s->enc_read_ctx;
+        RECORD_LAYER_reset_read_sequence(&s->rlayer);
+    }
+
+    if (!derive_secret_key_and_iv(s, sending, ssl_handshake_md(s),
+                                  s->s3->tmp.new_sym_enc, insecret, NULL,
+                                  application_traffic,
+                                  sizeof(application_traffic) - 1, secret, iv,
+                                  ciph_ctx)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    memcpy(insecret, secret, hashlen);
+
+    s->statem.enc_write_state = ENC_WRITE_STATE_VALID;
+    ret = 1;
+ err:
+    OPENSSL_cleanse(secret, sizeof(secret));
+    return ret;
+}
+
+int tls13_alert_code(int code)
+{
+    /* There are 2 additional alerts in TLSv1.3 compared to TLSv1.2 */
+    if (code == SSL_AD_MISSING_EXTENSION || code == SSL_AD_CERTIFICATE_REQUIRED)
+        return code;
+
+    return tls1_alert_code(code);
+}
+
+int tls13_export_keying_material(SSL *s, unsigned char *out, size_t olen,
+                                 const char *label, size_t llen,
+                                 const unsigned char *context,
+                                 size_t contextlen, int use_context)
+{
+    unsigned char exportsecret[EVP_MAX_MD_SIZE];
+    static const unsigned char exporterlabel[] = "exporter";
+    unsigned char hash[EVP_MAX_MD_SIZE], data[EVP_MAX_MD_SIZE];
+    const EVP_MD *md = ssl_handshake_md(s);
+    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+    unsigned int hashsize, datalen;
+    int ret = 0;
+
+    if (ctx == NULL || !ossl_statem_export_allowed(s))
+        goto err;
+
+    if (!use_context)
+        contextlen = 0;
+
+    if (EVP_DigestInit_ex(ctx, md, NULL) <= 0
+            || EVP_DigestUpdate(ctx, context, contextlen) <= 0
+            || EVP_DigestFinal_ex(ctx, hash, &hashsize) <= 0
+            || EVP_DigestInit_ex(ctx, md, NULL) <= 0
+            || EVP_DigestFinal_ex(ctx, data, &datalen) <= 0
+            || !tls13_hkdf_expand(s, md, s->exporter_master_secret,
+                                  (const unsigned char *)label, llen,
+                                  data, datalen, exportsecret, hashsize)
+            || !tls13_hkdf_expand(s, md, exportsecret, exporterlabel,
+                                  sizeof(exporterlabel) - 1, hash, hashsize,
+                                  out, olen))
+        goto err;
+
+    ret = 1;
+ err:
+    EVP_MD_CTX_free(ctx);
+    return ret;
+}
+
+int tls13_export_keying_material_early(SSL *s, unsigned char *out, size_t olen,
+                                       const char *label, size_t llen,
+                                       const unsigned char *context,
+                                       size_t contextlen)
+{
+    static const unsigned char exporterlabel[] = "exporter";
+    unsigned char exportsecret[EVP_MAX_MD_SIZE];
+    unsigned char hash[EVP_MAX_MD_SIZE], data[EVP_MAX_MD_SIZE];
+    const EVP_MD *md;
+    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+    unsigned int hashsize, datalen;
+    int ret = 0;
+    const SSL_CIPHER *sslcipher;
+
+    if (ctx == NULL || !ossl_statem_export_early_allowed(s))
+        goto err;
+
+    if (!s->server && s->max_early_data > 0
+            && s->session->ext.max_early_data == 0)
+        sslcipher = SSL_SESSION_get0_cipher(s->psksession);
+    else
+        sslcipher = SSL_SESSION_get0_cipher(s->session);
+
+    md = ssl_md(sslcipher->algorithm2);
+
+    /*
+     * Calculate the hash value and store it in |data|. The reason why
+     * the empty string is used is that the definition of TLS-Exporter
+     * is like so:
+     *
+     * TLS-Exporter(label, context_value, key_length) =
+     *     HKDF-Expand-Label(Derive-Secret(Secret, label, ""),
+     *                       "exporter", Hash(context_value), key_length)
+     *
+     * Derive-Secret(Secret, Label, Messages) =
+     *       HKDF-Expand-Label(Secret, Label,
+     *                         Transcript-Hash(Messages), Hash.length)
+     *
+     * Here Transcript-Hash is the cipher suite hash algorithm.
+     */
+    if (EVP_DigestInit_ex(ctx, md, NULL) <= 0
+            || EVP_DigestUpdate(ctx, context, contextlen) <= 0
+            || EVP_DigestFinal_ex(ctx, hash, &hashsize) <= 0
+            || EVP_DigestInit_ex(ctx, md, NULL) <= 0
+            || EVP_DigestFinal_ex(ctx, data, &datalen) <= 0
+            || !tls13_hkdf_expand(s, md, s->early_exporter_master_secret,
+                                  (const unsigned char *)label, llen,
+                                  data, datalen, exportsecret, hashsize)
+            || !tls13_hkdf_expand(s, md, exportsecret, exporterlabel,
+                                  sizeof(exporterlabel) - 1, hash, hashsize,
+                                  out, olen))
+        goto err;
+
+    ret = 1;
+ err:
+    EVP_MD_CTX_free(ctx);
+    return ret;
+}
diff --git a/freebsd/crypto/openssl/ssl/tls_srp.c b/freebsd/crypto/openssl/ssl/tls_srp.c
index f64c1293..aaa39862 100644
--- a/freebsd/crypto/openssl/ssl/tls_srp.c
+++ b/freebsd/crypto/openssl/ssl/tls_srp.c
@@ -1,76 +1,32 @@
 #include <machine/rtems-bsd-user-space.h>
 
-/* ssl/tls_srp.c */
 /*
- * Written by Christophe Renou (christophe.renou@edelweb.fr) with the
- * precious help of Peter Sylvester (peter.sylvester@edelweb.fr) for the
- * EdelKey project and contributed to the OpenSSL project 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004-2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
+ * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2004, EdelKey Project. All Rights Reserved.
  *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  *
+ * Originally written by Christophe Renou and Peter Sylvester,
+ * for the EdelKey project.
  */
+
+#include <openssl/crypto.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
 #include "ssl_locl.h"
-#ifndef OPENSSL_NO_SRP
 
-# include <openssl/rand.h>
+#ifndef OPENSSL_NO_SRP
 # include <openssl/srp.h>
-# include <openssl/err.h>
 
 int SSL_CTX_SRP_CTX_free(struct ssl_ctx_st *ctx)
 {
     if (ctx == NULL)
         return 0;
     OPENSSL_free(ctx->srp_ctx.login);
+    OPENSSL_free(ctx->srp_ctx.info);
     BN_free(ctx->srp_ctx.N);
     BN_free(ctx->srp_ctx.g);
     BN_free(ctx->srp_ctx.s);
@@ -79,23 +35,9 @@ int SSL_CTX_SRP_CTX_free(struct ssl_ctx_st *ctx)
     BN_free(ctx->srp_ctx.a);
     BN_free(ctx->srp_ctx.b);
     BN_free(ctx->srp_ctx.v);
-    ctx->srp_ctx.TLS_ext_srp_username_callback = NULL;
-    ctx->srp_ctx.SRP_cb_arg = NULL;
-    ctx->srp_ctx.SRP_verify_param_callback = NULL;
-    ctx->srp_ctx.SRP_give_srp_client_pwd_callback = NULL;
-    ctx->srp_ctx.N = NULL;
-    ctx->srp_ctx.g = NULL;
-    ctx->srp_ctx.s = NULL;
-    ctx->srp_ctx.B = NULL;
-    ctx->srp_ctx.A = NULL;
-    ctx->srp_ctx.a = NULL;
-    ctx->srp_ctx.b = NULL;
-    ctx->srp_ctx.v = NULL;
-    ctx->srp_ctx.login = NULL;
-    ctx->srp_ctx.info = NULL;
+    memset(&ctx->srp_ctx, 0, sizeof(ctx->srp_ctx));
     ctx->srp_ctx.strength = SRP_MINIMAL_N;
-    ctx->srp_ctx.srp_Mask = 0;
-    return (1);
+    return 1;
 }
 
 int SSL_SRP_CTX_free(struct ssl_st *s)
@@ -103,6 +45,7 @@ int SSL_SRP_CTX_free(struct ssl_st *s)
     if (s == NULL)
         return 0;
     OPENSSL_free(s->srp_ctx.login);
+    OPENSSL_free(s->srp_ctx.info);
     BN_free(s->srp_ctx.N);
     BN_free(s->srp_ctx.g);
     BN_free(s->srp_ctx.s);
@@ -111,23 +54,9 @@ int SSL_SRP_CTX_free(struct ssl_st *s)
     BN_free(s->srp_ctx.a);
     BN_free(s->srp_ctx.b);
     BN_free(s->srp_ctx.v);
-    s->srp_ctx.TLS_ext_srp_username_callback = NULL;
-    s->srp_ctx.SRP_cb_arg = NULL;
-    s->srp_ctx.SRP_verify_param_callback = NULL;
-    s->srp_ctx.SRP_give_srp_client_pwd_callback = NULL;
-    s->srp_ctx.N = NULL;
-    s->srp_ctx.g = NULL;
-    s->srp_ctx.s = NULL;
-    s->srp_ctx.B = NULL;
-    s->srp_ctx.A = NULL;
-    s->srp_ctx.a = NULL;
-    s->srp_ctx.b = NULL;
-    s->srp_ctx.v = NULL;
-    s->srp_ctx.login = NULL;
-    s->srp_ctx.info = NULL;
+    memset(&s->srp_ctx, 0, sizeof(s->srp_ctx));
     s->srp_ctx.strength = SRP_MINIMAL_N;
-    s->srp_ctx.srp_Mask = 0;
-    return (1);
+    return 1;
 }
 
 int SSL_SRP_CTX_init(struct ssl_st *s)
@@ -136,6 +65,9 @@ int SSL_SRP_CTX_init(struct ssl_st *s)
 
     if ((s == NULL) || ((ctx = s->ctx) == NULL))
         return 0;
+
+    memset(&s->srp_ctx, 0, sizeof(s->srp_ctx));
+
     s->srp_ctx.SRP_cb_arg = ctx->srp_ctx.SRP_cb_arg;
     /* set client Hello login callback */
     s->srp_ctx.TLS_ext_srp_username_callback =
@@ -147,16 +79,6 @@ int SSL_SRP_CTX_init(struct ssl_st *s)
     s->srp_ctx.SRP_give_srp_client_pwd_callback =
         ctx->srp_ctx.SRP_give_srp_client_pwd_callback;
 
-    s->srp_ctx.N = NULL;
-    s->srp_ctx.g = NULL;
-    s->srp_ctx.s = NULL;
-    s->srp_ctx.B = NULL;
-    s->srp_ctx.A = NULL;
-    s->srp_ctx.a = NULL;
-    s->srp_ctx.b = NULL;
-    s->srp_ctx.v = NULL;
-    s->srp_ctx.login = NULL;
-    s->srp_ctx.info = ctx->srp_ctx.info;
     s->srp_ctx.strength = ctx->srp_ctx.strength;
 
     if (((ctx->srp_ctx.N != NULL) &&
@@ -179,15 +101,21 @@ int SSL_SRP_CTX_init(struct ssl_st *s)
         goto err;
     }
     if ((ctx->srp_ctx.login != NULL) &&
-        ((s->srp_ctx.login = BUF_strdup(ctx->srp_ctx.login)) == NULL)) {
+        ((s->srp_ctx.login = OPENSSL_strdup(ctx->srp_ctx.login)) == NULL)) {
+        SSLerr(SSL_F_SSL_SRP_CTX_INIT, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    if ((ctx->srp_ctx.info != NULL) &&
+        ((s->srp_ctx.info = BUF_strdup(ctx->srp_ctx.info)) == NULL)) {
         SSLerr(SSL_F_SSL_SRP_CTX_INIT, ERR_R_INTERNAL_ERROR);
         goto err;
     }
     s->srp_ctx.srp_Mask = ctx->srp_ctx.srp_Mask;
 
-    return (1);
+    return 1;
  err:
     OPENSSL_free(s->srp_ctx.login);
+    OPENSSL_free(s->srp_ctx.info);
     BN_free(s->srp_ctx.N);
     BN_free(s->srp_ctx.g);
     BN_free(s->srp_ctx.s);
@@ -196,7 +124,8 @@ int SSL_SRP_CTX_init(struct ssl_st *s)
     BN_free(s->srp_ctx.a);
     BN_free(s->srp_ctx.b);
     BN_free(s->srp_ctx.v);
-    return (0);
+    memset(&s->srp_ctx, 0, sizeof(s->srp_ctx));
+    return 0;
 }
 
 int SSL_CTX_SRP_CTX_init(struct ssl_ctx_st *ctx)
@@ -204,28 +133,10 @@ int SSL_CTX_SRP_CTX_init(struct ssl_ctx_st *ctx)
     if (ctx == NULL)
         return 0;
 
-    ctx->srp_ctx.SRP_cb_arg = NULL;
-    /* set client Hello login callback */
-    ctx->srp_ctx.TLS_ext_srp_username_callback = NULL;
-    /* set SRP N/g param callback for verification */
-    ctx->srp_ctx.SRP_verify_param_callback = NULL;
-    /* set SRP client passwd callback */
-    ctx->srp_ctx.SRP_give_srp_client_pwd_callback = NULL;
-
-    ctx->srp_ctx.N = NULL;
-    ctx->srp_ctx.g = NULL;
-    ctx->srp_ctx.s = NULL;
-    ctx->srp_ctx.B = NULL;
-    ctx->srp_ctx.A = NULL;
-    ctx->srp_ctx.a = NULL;
-    ctx->srp_ctx.b = NULL;
-    ctx->srp_ctx.v = NULL;
-    ctx->srp_ctx.login = NULL;
-    ctx->srp_ctx.srp_Mask = 0;
-    ctx->srp_ctx.info = NULL;
+    memset(&ctx->srp_ctx, 0, sizeof(ctx->srp_ctx));
     ctx->srp_ctx.strength = SRP_MINIMAL_N;
 
-    return (1);
+    return 1;
 }
 
 /* server side */
@@ -248,7 +159,7 @@ int SSL_srp_server_param_with_username(SSL *s, int *ad)
         (s->srp_ctx.s == NULL) || (s->srp_ctx.v == NULL))
         return SSL3_AL_FATAL;
 
-    if (RAND_bytes(b, sizeof(b)) <= 0)
+    if (RAND_priv_bytes(b, sizeof(b)) <= 0)
         return SSL3_AL_FATAL;
     s->srp_ctx.b = BN_bin2bn(b, sizeof(b), NULL);
     OPENSSL_cleanse(b, sizeof(b));
@@ -273,14 +184,10 @@ int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass,
         return -1;
     s->srp_ctx.N = BN_dup(GN->N);
     s->srp_ctx.g = BN_dup(GN->g);
-    if (s->srp_ctx.v != NULL) {
-        BN_clear_free(s->srp_ctx.v);
-        s->srp_ctx.v = NULL;
-    }
-    if (s->srp_ctx.s != NULL) {
-        BN_clear_free(s->srp_ctx.s);
-        s->srp_ctx.s = NULL;
-    }
+    BN_clear_free(s->srp_ctx.v);
+    s->srp_ctx.v = NULL;
+    BN_clear_free(s->srp_ctx.s);
+    s->srp_ctx.s = NULL;
     if (!SRP_create_verifier_BN
         (user, pass, &s->srp_ctx.s, &s->srp_ctx.v, GN->N, GN->g))
         return -1;
@@ -327,7 +234,12 @@ int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g,
         } else
             s->srp_ctx.v = BN_dup(v);
     }
-    s->srp_ctx.info = info;
+    if (info != NULL) {
+        if (s->srp_ctx.info)
+            OPENSSL_free(s->srp_ctx.info);
+        if ((s->srp_ctx.info = BUF_strdup(info)) == NULL)
+            return -1;
+    }
 
     if (!(s->srp_ctx.N) ||
         !(s->srp_ctx.g) || !(s->srp_ctx.s) || !(s->srp_ctx.v))
@@ -336,92 +248,90 @@ int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g,
     return 1;
 }
 
-int SRP_generate_server_master_secret(SSL *s, unsigned char *master_key)
+int srp_generate_server_master_secret(SSL *s)
 {
     BIGNUM *K = NULL, *u = NULL;
-    int ret = -1, tmp_len;
+    int ret = -1, tmp_len = 0;
     unsigned char *tmp = NULL;
 
     if (!SRP_Verify_A_mod_N(s->srp_ctx.A, s->srp_ctx.N))
         goto err;
-    if (!(u = SRP_Calc_u(s->srp_ctx.A, s->srp_ctx.B, s->srp_ctx.N)))
+    if ((u = SRP_Calc_u(s->srp_ctx.A, s->srp_ctx.B, s->srp_ctx.N)) == NULL)
         goto err;
-    if (!
-        (K =
-         SRP_Calc_server_key(s->srp_ctx.A, s->srp_ctx.v, u, s->srp_ctx.b,
-                             s->srp_ctx.N)))
+    if ((K = SRP_Calc_server_key(s->srp_ctx.A, s->srp_ctx.v, u, s->srp_ctx.b,
+                                 s->srp_ctx.N)) == NULL)
         goto err;
 
     tmp_len = BN_num_bytes(K);
-    if ((tmp = OPENSSL_malloc(tmp_len)) == NULL)
+    if ((tmp = OPENSSL_malloc(tmp_len)) == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_SRP_GENERATE_SERVER_MASTER_SECRET, ERR_R_MALLOC_FAILURE);
         goto err;
+    }
     BN_bn2bin(K, tmp);
-    ret =
-        s->method->ssl3_enc->generate_master_secret(s, master_key, tmp,
-                                                    tmp_len);
+    /* Calls SSLfatal() as required */
+    ret = ssl_generate_master_secret(s, tmp, tmp_len, 1);
  err:
-    if (tmp) {
-        OPENSSL_cleanse(tmp, tmp_len);
-        OPENSSL_free(tmp);
-    }
     BN_clear_free(K);
     BN_clear_free(u);
     return ret;
 }
 
 /* client side */
-int SRP_generate_client_master_secret(SSL *s, unsigned char *master_key)
+int srp_generate_client_master_secret(SSL *s)
 {
     BIGNUM *x = NULL, *u = NULL, *K = NULL;
-    int ret = -1, tmp_len;
+    int ret = -1, tmp_len = 0;
     char *passwd = NULL;
     unsigned char *tmp = NULL;
 
     /*
      * Checks if b % n == 0
      */
-    if (SRP_Verify_B_mod_N(s->srp_ctx.B, s->srp_ctx.N) == 0)
-        goto err;
-    if (!(u = SRP_Calc_u(s->srp_ctx.A, s->srp_ctx.B, s->srp_ctx.N)))
+    if (SRP_Verify_B_mod_N(s->srp_ctx.B, s->srp_ctx.N) == 0
+            || (u = SRP_Calc_u(s->srp_ctx.A, s->srp_ctx.B, s->srp_ctx.N))
+               == NULL
+            || s->srp_ctx.SRP_give_srp_client_pwd_callback == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET, ERR_R_INTERNAL_ERROR);
         goto err;
-    if (s->srp_ctx.SRP_give_srp_client_pwd_callback == NULL)
-        goto err;
-    if (!
-        (passwd =
-         s->srp_ctx.SRP_give_srp_client_pwd_callback(s,
-                                                     s->srp_ctx.SRP_cb_arg)))
-        goto err;
-    if (!(x = SRP_Calc_x(s->srp_ctx.s, s->srp_ctx.login, passwd)))
+    }
+    if ((passwd = s->srp_ctx.SRP_give_srp_client_pwd_callback(s,
+                                                      s->srp_ctx.SRP_cb_arg))
+            == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET,
+                 SSL_R_CALLBACK_FAILED);
         goto err;
-    if (!
-        (K =
-         SRP_Calc_client_key(s->srp_ctx.N, s->srp_ctx.B, s->srp_ctx.g, x,
-                             s->srp_ctx.a, u)))
+    }
+    if ((x = SRP_Calc_x(s->srp_ctx.s, s->srp_ctx.login, passwd)) == NULL
+            || (K = SRP_Calc_client_key(s->srp_ctx.N, s->srp_ctx.B,
+                                        s->srp_ctx.g, x,
+                                        s->srp_ctx.a, u)) == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET, ERR_R_INTERNAL_ERROR);
         goto err;
+    }
 
     tmp_len = BN_num_bytes(K);
-    if ((tmp = OPENSSL_malloc(tmp_len)) == NULL)
+    if ((tmp = OPENSSL_malloc(tmp_len)) == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET, ERR_R_MALLOC_FAILURE);
         goto err;
+    }
     BN_bn2bin(K, tmp);
-    ret =
-        s->method->ssl3_enc->generate_master_secret(s, master_key, tmp,
-                                                    tmp_len);
+    /* Calls SSLfatal() as required */
+    ret = ssl_generate_master_secret(s, tmp, tmp_len, 1);
  err:
-    if (tmp) {
-        OPENSSL_cleanse(tmp, tmp_len);
-        OPENSSL_free(tmp);
-    }
     BN_clear_free(K);
     BN_clear_free(x);
-    if (passwd) {
-        OPENSSL_cleanse(passwd, strlen(passwd));
-        OPENSSL_free(passwd);
-    }
+    if (passwd != NULL)
+        OPENSSL_clear_free(passwd, strlen(passwd));
     BN_clear_free(u);
     return ret;
 }
 
-int srp_verify_server_param(SSL *s, int *al)
+int srp_verify_server_param(SSL *s)
 {
     SRP_CTX *srp = &s->srp_ctx;
     /*
@@ -430,22 +340,27 @@ int srp_verify_server_param(SSL *s, int *al)
      */
     if (BN_ucmp(srp->g, srp->N) >= 0 || BN_ucmp(srp->B, srp->N) >= 0
         || BN_is_zero(srp->B)) {
-        *al = SSL3_AD_ILLEGAL_PARAMETER;
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SRP_VERIFY_SERVER_PARAM,
+                 SSL_R_BAD_DATA);
         return 0;
     }
 
     if (BN_num_bits(srp->N) < srp->strength) {
-        *al = TLS1_AD_INSUFFICIENT_SECURITY;
+        SSLfatal(s, SSL_AD_INSUFFICIENT_SECURITY, SSL_F_SRP_VERIFY_SERVER_PARAM,
+                 SSL_R_INSUFFICIENT_SECURITY);
         return 0;
     }
 
     if (srp->SRP_verify_param_callback) {
         if (srp->SRP_verify_param_callback(s, srp->SRP_cb_arg) <= 0) {
-            *al = TLS1_AD_INSUFFICIENT_SECURITY;
+            SSLfatal(s, SSL_AD_INSUFFICIENT_SECURITY,
+                     SSL_F_SRP_VERIFY_SERVER_PARAM,
+                     SSL_R_CALLBACK_FAILED);
             return 0;
         }
     } else if (!SRP_check_known_gN_param(srp->g, srp->N)) {
-        *al = TLS1_AD_INSUFFICIENT_SECURITY;
+        SSLfatal(s, SSL_AD_INSUFFICIENT_SECURITY, SSL_F_SRP_VERIFY_SERVER_PARAM,
+                 SSL_R_INSUFFICIENT_SECURITY);
         return 0;
     }
 
@@ -456,14 +371,13 @@ int SRP_Calc_A_param(SSL *s)
 {
     unsigned char rnd[SSL_MAX_MASTER_KEY_LENGTH];
 
-    if (RAND_bytes(rnd, sizeof(rnd)) <= 0)
-        return -1;
+    if (RAND_priv_bytes(rnd, sizeof(rnd)) <= 0)
+        return 0;
     s->srp_ctx.a = BN_bin2bn(rnd, sizeof(rnd), s->srp_ctx.a);
     OPENSSL_cleanse(rnd, sizeof(rnd));
 
-    if (!
-        (s->srp_ctx.A = SRP_Calc_A(s->srp_ctx.a, s->srp_ctx.N, s->srp_ctx.g)))
-        return -1;
+    if (!(s->srp_ctx.A = SRP_Calc_A(s->srp_ctx.a, s->srp_ctx.N, s->srp_ctx.g)))
+        return 0;
 
     return 1;
 }
diff --git a/freebsd/lib/libc/net/nsdispatch.c b/freebsd/lib/libc/net/nsdispatch.c
index 4b74407c..1c7612f1 100644
--- a/freebsd/lib/libc/net/nsdispatch.c
+++ b/freebsd/lib/libc/net/nsdispatch.c
@@ -505,9 +505,19 @@ nss_load_module(const char *source, nss_module_register_fn reg_fn)
 		 */
 		mod.handle = nss_builtin_handle;
 		fn = reg_fn;
-	} else if (!is_dynamic())
+	} else if (!is_dynamic()) {
 		goto fin;
-	else {
+	} else if (strcmp(source, NSSRC_CACHE) == 0 ||
+	    strcmp(source, NSSRC_COMPAT) == 0 ||
+	    strcmp(source, NSSRC_DB) == 0 ||
+	    strcmp(source, NSSRC_DNS) == 0 ||
+	    strcmp(source, NSSRC_FILES) == 0 ||
+	    strcmp(source, NSSRC_NIS) == 0) {
+		/*
+		 * Avoid calling dlopen(3) for built-in modules.
+		 */
+		goto fin;
+	} else {
 		if (snprintf(buf, sizeof(buf), "nss_%s.so.%d", mod.name,
 		    NSS_MODULE_INTERFACE_VERSION) >= (int)sizeof(buf))
 			goto fin;
diff --git a/freebsd/lib/libc/net/nslexer.l b/freebsd/lib/libc/net/nslexer.l
index 17cfef8a..946aace3 100644
--- a/freebsd/lib/libc/net/nslexer.l
+++ b/freebsd/lib/libc/net/nslexer.l
@@ -50,6 +50,7 @@ static char *rcsid =
 
 %}
 
+%option never-interactive
 %option noinput
 %option nounput
 %option yylineno
diff --git a/freebsd/lib/libmemstat/memstat_malloc.c b/freebsd/lib/libmemstat/memstat_malloc.c
index b252a2d4..3d7daaac 100644
--- a/freebsd/lib/libmemstat/memstat_malloc.c
+++ b/freebsd/lib/libmemstat/memstat_malloc.c
@@ -282,15 +282,28 @@ kread_symbol(kvm_t *kvm, int index, void *address, size_t size,
 	return (0);
 }
 
+static int
+kread_zpcpu(kvm_t *kvm, u_long base, void *buf, size_t size, int cpu)
+{
+	ssize_t ret;
+
+	ret = kvm_read_zpcpu(kvm, base, buf, size, cpu);
+	if (ret < 0)
+		return (MEMSTAT_ERROR_KVM);
+	if ((size_t)ret != size)
+		return (MEMSTAT_ERROR_KVM_SHORTREAD);
+	return (0);
+}
+
 int
 memstat_kvm_malloc(struct memory_type_list *list, void *kvm_handle)
 {
 	struct memory_type *mtp;
 	void *kmemstatistics;
-	int hint_dontsearch, j, mp_maxcpus, ret;
+	int hint_dontsearch, j, mp_maxcpus, mp_ncpus, ret;
 	char name[MEMTYPE_MAXNAME];
-	struct malloc_type_stats *mts, *mtsp;
-	struct malloc_type_internal *mtip;
+	struct malloc_type_stats mts;
+	struct malloc_type_internal mti, *mtip;
 	struct malloc_type type, *typep;
 	kvm_t *kvm;
 
@@ -323,17 +336,12 @@ memstat_kvm_malloc(struct memory_type_list *list, void *kvm_handle)
 		return (-1);
 	}
 
-	mts = malloc(sizeof(struct malloc_type_stats) * mp_maxcpus);
-	if (mts == NULL) {
-		list->mtl_error = MEMSTAT_ERROR_NOMEMORY;
-		return (-1);
-	}
+	mp_ncpus = kvm_getncpus(kvm);
 
 	for (typep = kmemstatistics; typep != NULL; typep = type.ks_next) {
 		ret = kread(kvm, typep, &type, sizeof(type), 0);
 		if (ret != 0) {
 			_memstat_mtl_empty(list);
-			free(mts);
 			list->mtl_error = ret;
 			return (-1);
 		}
@@ -341,7 +349,6 @@ memstat_kvm_malloc(struct memory_type_list *list, void *kvm_handle)
 		    MEMTYPE_MAXNAME);
 		if (ret != 0) {
 			_memstat_mtl_empty(list);
-			free(mts);
 			list->mtl_error = ret;
 			return (-1);
 		}
@@ -351,11 +358,9 @@ memstat_kvm_malloc(struct memory_type_list *list, void *kvm_handle)
 		 * kernel's, we populate our own array.
 		 */
 		mtip = type.ks_handle;
-		ret = kread(kvm, mtip->mti_stats, mts, mp_maxcpus *
-		    sizeof(struct malloc_type_stats), 0);
+		ret = kread(kvm, mtip, &mti, sizeof(mti), 0);
 		if (ret != 0) {
 			_memstat_mtl_empty(list);
-			free(mts);
 			list->mtl_error = ret;
 			return (-1);
 		}
@@ -369,7 +374,6 @@ memstat_kvm_malloc(struct memory_type_list *list, void *kvm_handle)
 			    name, mp_maxcpus);
 		if (mtp == NULL) {
 			_memstat_mtl_empty(list);
-			free(mts);
 			list->mtl_error = MEMSTAT_ERROR_NOMEMORY;
 			return (-1);
 		}
@@ -379,24 +383,34 @@ memstat_kvm_malloc(struct memory_type_list *list, void *kvm_handle)
 		 * be kept in sync.
 		 */
 		_memstat_mt_reset_stats(mtp, mp_maxcpus);
-		for (j = 0; j < mp_maxcpus; j++) {
-			mtsp = &mts[j];
-			mtp->mt_memalloced += mtsp->mts_memalloced;
-			mtp->mt_memfreed += mtsp->mts_memfreed;
-			mtp->mt_numallocs += mtsp->mts_numallocs;
-			mtp->mt_numfrees += mtsp->mts_numfrees;
-			mtp->mt_sizemask |= mtsp->mts_size;
+		for (j = 0; j < mp_ncpus; j++) {
+			ret = kread_zpcpu(kvm, (u_long)mti.mti_stats, &mts,
+			    sizeof(mts), j);
+			if (ret != 0) {
+				_memstat_mtl_empty(list);
+				list->mtl_error = ret;
+				return (-1);
+			}
+			mtp->mt_memalloced += mts.mts_memalloced;
+			mtp->mt_memfreed += mts.mts_memfreed;
+			mtp->mt_numallocs += mts.mts_numallocs;
+			mtp->mt_numfrees += mts.mts_numfrees;
+			mtp->mt_sizemask |= mts.mts_size;
 
 			mtp->mt_percpu_alloc[j].mtp_memalloced =
-			    mtsp->mts_memalloced;
+			    mts.mts_memalloced;
 			mtp->mt_percpu_alloc[j].mtp_memfreed =
-			    mtsp->mts_memfreed;
+			    mts.mts_memfreed;
 			mtp->mt_percpu_alloc[j].mtp_numallocs =
-			    mtsp->mts_numallocs;
+			    mts.mts_numallocs;
 			mtp->mt_percpu_alloc[j].mtp_numfrees =
-			    mtsp->mts_numfrees;
+			    mts.mts_numfrees;
 			mtp->mt_percpu_alloc[j].mtp_sizemask =
-			    mtsp->mts_size;
+			    mts.mts_size;
+		}
+		for (; j < mp_maxcpus; j++) {
+			bzero(&mtp->mt_percpu_alloc[j],
+			    sizeof(mtp->mt_percpu_alloc[0]));
 		}
 
 		mtp->mt_bytes = mtp->mt_memalloced - mtp->mt_memfreed;
diff --git a/freebsd/sbin/ifconfig/ifconfig.c b/freebsd/sbin/ifconfig/ifconfig.c
index 14eea367..1e79e0cd 100644
--- a/freebsd/sbin/ifconfig/ifconfig.c
+++ b/freebsd/sbin/ifconfig/ifconfig.c
@@ -585,6 +585,18 @@ main(int argc, char *argv[])
 			}
 #endif
 			errx(1, "interface %s does not exist", ifname);
+		} else {
+			/*
+			 * Do not allow use `create` command as hostname if
+			 * address family is not specified.
+			 */
+			if (argc > 0 && (strcmp(argv[0], "create") == 0 ||
+			    strcmp(argv[0], "plumb") == 0)) {
+				if (argc == 1)
+					errx(1, "interface %s already exists",
+					    ifname);
+				argc--, argv++;
+			}
 		}
 	}
 
diff --git a/freebsd/sbin/pfctl/parse.y b/freebsd/sbin/pfctl/parse.y
index a321be70..adb6e1c9 100644
--- a/freebsd/sbin/pfctl/parse.y
+++ b/freebsd/sbin/pfctl/parse.y
@@ -4426,7 +4426,7 @@ route_host	: STRING			{
 			$$ = calloc(1, sizeof(struct node_host));
 			if ($$ == NULL)
 				err(1, "route_host: calloc");
-			$$->ifname = $1;
+			$$->ifname = strdup($1);
 			set_ipmask($$, 128);
 			$$->next = NULL;
 			$$->tail = $$;
@@ -4436,7 +4436,7 @@ route_host	: STRING			{
 
 			$$ = $3;
 			for (n = $3; n != NULL; n = n->next)
-				n->ifname = $2;
+				n->ifname = strdup($2);
 		}
 		;
 
@@ -5786,8 +5786,10 @@ top:
 					return (0);
 				if (next == quotec || c == ' ' || c == '\t')
 					c = next;
-				else if (next == '\n')
+				else if (next == '\n') {
+					file->lineno++;
 					continue;
+				}
 				else
 					lungetc(next);
 			} else if (c == quotec) {
diff --git a/freebsd/sys/contrib/ck/src/ck_epoch.c b/freebsd/sys/contrib/ck/src/ck_epoch.c
index be0f201d..53b1f7dd 100644
--- a/freebsd/sys/contrib/ck/src/ck_epoch.c
+++ b/freebsd/sys/contrib/ck/src/ck_epoch.c
@@ -129,6 +129,14 @@
  */
 #define CK_EPOCH_GRACE 3U
 
+/*
+ * CK_EPOCH_LENGTH must be a power-of-2 (because (CK_EPOCH_LENGTH - 1) is used
+ * as a mask, and it must be at least 3 (see comments above).
+ */
+#if (CK_EPOCH_LENGTH < 3 || (CK_EPOCH_LENGTH & (CK_EPOCH_LENGTH - 1)) != 0)
+#error "CK_EPOCH_LENGTH must be a power of 2 and >= 3"
+#endif
+
 enum {
 	CK_EPOCH_STATE_USED = 0,
 	CK_EPOCH_STATE_FREE = 1
@@ -350,7 +358,7 @@ ck_epoch_scan(struct ck_epoch *global,
 	return NULL;
 }
 
-static void
+static unsigned int
 ck_epoch_dispatch(struct ck_epoch_record *record, unsigned int e, ck_stack_t *deferred)
 {
 	unsigned int epoch = e & (CK_EPOCH_LENGTH - 1);
@@ -368,6 +376,7 @@ ck_epoch_dispatch(struct ck_epoch_record *record, unsigned int e, ck_stack_t *de
 			ck_stack_push_spnc(deferred, &entry->stack_entry);
 		else
 			entry->function(entry);
+
 		i++;
 	}
 
@@ -383,7 +392,7 @@ ck_epoch_dispatch(struct ck_epoch_record *record, unsigned int e, ck_stack_t *de
 		ck_pr_sub_uint(&record->n_pending, i);
 	}
 
-	return;
+	return i;
 }
 
 /*
@@ -562,16 +571,28 @@ ck_epoch_poll_deferred(struct ck_epoch_record *record, ck_stack_t *deferred)
 	unsigned int epoch;
 	struct ck_epoch_record *cr = NULL;
 	struct ck_epoch *global = record->global;
+	unsigned int n_dispatch;
 
 	epoch = ck_pr_load_uint(&global->epoch);
 
 	/* Serialize epoch snapshots with respect to global epoch. */
 	ck_pr_fence_memory();
+
+	/*
+	 * At this point, epoch is the current global epoch value.
+	 * There may or may not be active threads which observed epoch - 1.
+	 * (ck_epoch_scan() will tell us that). However, there should be
+	 * no active threads which observed epoch - 2.
+	 *
+	 * Note that checking epoch - 2 is necessary, as race conditions can
+	 * allow another thread to increment the global epoch before this
+	 * thread runs.
+	 */
+	n_dispatch = ck_epoch_dispatch(record, epoch - 2, deferred);
+
 	cr = ck_epoch_scan(global, cr, epoch, &active);
-	if (cr != NULL) {
-		record->epoch = epoch;
-		return false;
-	}
+	if (cr != NULL)
+		return (n_dispatch > 0);
 
 	/* We are at a grace period if all threads are inactive. */
 	if (active == false) {
@@ -582,10 +603,17 @@ ck_epoch_poll_deferred(struct ck_epoch_record *record, ck_stack_t *deferred)
 		return true;
 	}
 
-	/* If an active thread exists, rely on epoch observation. */
+	/*
+	 * If an active thread exists, rely on epoch observation.
+	 *
+	 * All the active threads entered the epoch section during
+	 * the current epoch. Therefore, we can now run the handlers
+	 * for the immediately preceding epoch and attempt to
+	 * advance the epoch if it hasn't been already.
+	 */
 	(void)ck_pr_cas_uint(&global->epoch, epoch, epoch + 1);
 
-	ck_epoch_dispatch(record, epoch + 1, deferred);
+	ck_epoch_dispatch(record, epoch - 1, deferred);
 	return true;
 }
 
diff --git a/freebsd/sys/crypto/chacha20/_chacha.h b/freebsd/sys/crypto/chacha20/_chacha.h
new file mode 100644
index 00000000..20f8bb9a
--- /dev/null
+++ b/freebsd/sys/crypto/chacha20/_chacha.h
@@ -0,0 +1,15 @@
+/* $FreeBSD$ */
+/*
+ * Public domain.
+ */
+
+#ifndef _CHACHA_H
+#define _CHACHA_H
+
+#include <sys/types.h>
+
+struct chacha_ctx {
+	u_int input[16];
+};
+
+#endif
diff --git a/freebsd/sys/crypto/chacha20/chacha.c b/freebsd/sys/crypto/chacha20/chacha.c
index 3ce5310a..154726c2 100644
--- a/freebsd/sys/crypto/chacha20/chacha.c
+++ b/freebsd/sys/crypto/chacha20/chacha.c
@@ -130,8 +130,10 @@ chacha_encrypt_bytes(chacha_ctx *x,const u8 *m,u8 *c,u_int bytes)
 
   for (;;) {
     if (bytes < 64) {
+#ifndef KEYSTREAM_ONLY
       for (i = 0;i < bytes;++i) tmp[i] = m[i];
       m = tmp;
+#endif
       ctarget = c;
       c = tmp;
     }
diff --git a/freebsd/sys/crypto/chacha20/chacha.h b/freebsd/sys/crypto/chacha20/chacha.h
index e67cc812..73548331 100644
--- a/freebsd/sys/crypto/chacha20/chacha.h
+++ b/freebsd/sys/crypto/chacha20/chacha.h
@@ -12,10 +12,7 @@ Public domain.
 #define CHACHA_H
 
 #include <sys/types.h>
-
-struct chacha_ctx {
-	u_int input[16];
-};
+#include <crypto/chacha20/_chacha.h>
 
 #define CHACHA_MINKEYLEN 	16
 #define CHACHA_NONCELEN		8
@@ -23,10 +20,10 @@ struct chacha_ctx {
 #define CHACHA_STATELEN		(CHACHA_NONCELEN+CHACHA_CTRLEN)
 #define CHACHA_BLOCKLEN		64
 
-#ifdef _KERNEL
-#define LOCAL
-#else
+#ifdef CHACHA_EMBED
 #define LOCAL static
+#else
+#define LOCAL
 #endif
 
 LOCAL void chacha_keysetup(struct chacha_ctx *x, const u_char *k, u_int kbits);
diff --git a/freebsd/sys/dev/bce/if_bce.c b/freebsd/sys/dev/bce/if_bce.c
index 61c9708d..765b6877 100644
--- a/freebsd/sys/dev/bce/if_bce.c
+++ b/freebsd/sys/dev/bce/if_bce.c
@@ -532,7 +532,7 @@ MODULE_DEPEND(bce, miibus, 1, 1, 1);
 DRIVER_MODULE(bce, pci, bce_driver, bce_devclass, NULL, NULL);
 DRIVER_MODULE(miibus, bce, miibus_driver, miibus_devclass, NULL, NULL);
 MODULE_PNP_INFO("U16:vendor;U16:device;U16:#;U16:#;D:#", pci, bce,
-    bce_devs, sizeof(bce_devs[0]), nitems(bce_devs) - 1);
+    bce_devs, nitems(bce_devs) - 1);
 
 /****************************************************************************/
 /* Tunable device values                                                    */
diff --git a/freebsd/sys/dev/bfe/if_bfe.c b/freebsd/sys/dev/bfe/if_bfe.c
index f1586d59..c02f4ac1 100644
--- a/freebsd/sys/dev/bfe/if_bfe.c
+++ b/freebsd/sys/dev/bfe/if_bfe.c
@@ -160,7 +160,7 @@ static devclass_t bfe_devclass;
 
 DRIVER_MODULE(bfe, pci, bfe_driver, bfe_devclass, 0, 0);
 MODULE_PNP_INFO("U16:vendor;U16:device;D:#", pci, bfe, bfe_devs,
-    sizeof(bfe_devs[0]), nitems(bfe_devs) - 1);
+    nitems(bfe_devs) - 1);
 DRIVER_MODULE(miibus, bfe, miibus_driver, miibus_devclass, 0, 0);
 
 /*
diff --git a/freebsd/sys/dev/bge/if_bge.c b/freebsd/sys/dev/bge/if_bge.c
index 260c6c23..a4a937b2 100644
--- a/freebsd/sys/dev/bge/if_bge.c
+++ b/freebsd/sys/dev/bge/if_bge.c
@@ -550,7 +550,7 @@ static devclass_t bge_devclass;
 
 DRIVER_MODULE(bge, pci, bge_driver, bge_devclass, 0, 0);
 MODULE_PNP_INFO("U16:vendor;U16:device", pci, bge, bge_devs,
-    sizeof(bge_devs[0]), nitems(bge_devs) - 1);
+    nitems(bge_devs) - 1);
 DRIVER_MODULE(miibus, bge, miibus_driver, miibus_devclass, 0, 0);
 
 static int bge_allow_asf = 1;
diff --git a/freebsd/sys/dev/dc/if_dc.c b/freebsd/sys/dev/dc/if_dc.c
index 14023e54..7fc0ef54 100644
--- a/freebsd/sys/dev/dc/if_dc.c
+++ b/freebsd/sys/dev/dc/if_dc.c
@@ -362,7 +362,7 @@ static devclass_t dc_devclass;
 DRIVER_MODULE_ORDERED(dc, pci, dc_driver, dc_devclass, NULL, NULL,
     SI_ORDER_ANY);
 MODULE_PNP_INFO("W32:vendor/device;U8:revision;D:#", pci, dc, dc_devs,
-    sizeof(dc_devs[0]), nitems(dc_devs) - 1);
+    nitems(dc_devs) - 1);
 DRIVER_MODULE(miibus, dc, miibus_driver, miibus_devclass, NULL, NULL);
 
 #define	DC_SETBIT(sc, reg, x)				\
diff --git a/freebsd/sys/dev/e1000/em_txrx.c b/freebsd/sys/dev/e1000/em_txrx.c
index 8157c9ce..3ceada31 100644
--- a/freebsd/sys/dev/e1000/em_txrx.c
+++ b/freebsd/sys/dev/e1000/em_txrx.c
@@ -448,8 +448,13 @@ em_isc_txd_credits_update(void *arg, uint16_t txqid, bool clear)
 	status = txr->tx_base[cur].upper.fields.status;
 	updated = !!(status & E1000_TXD_STAT_DD);
 
-	if (clear == false || updated == 0)
-		return (updated);
+	if (!updated)
+		return (0);
+
+	/* If clear is false just let caller know that there
+	 * are descriptors to reclaim */
+	if (!clear)
+		return (1);
 
 	prev = txr->tx_cidx_processed;
 	ntxd = scctx->isc_ntxd[0];
@@ -555,22 +560,14 @@ lem_isc_rxd_available(void *arg, uint16_t rxqid, qidx_t idx, qidx_t budget)
 	u32 staterr = 0;
 	int cnt, i;
 
-	if (budget == 1) {
-		rxd = (struct e1000_rx_desc *)&rxr->rx_base[idx];
-		staterr = rxd->status;
-		return (staterr & E1000_RXD_STAT_DD);
-	}
-
 	for (cnt = 0, i = idx; cnt < scctx->isc_nrxd[0] && cnt <= budget;) {
 		rxd = (struct e1000_rx_desc *)&rxr->rx_base[i];
 		staterr = rxd->status;
 
 		if ((staterr & E1000_RXD_STAT_DD) == 0)
 			break;
-
 		if (++i == scctx->isc_nrxd[0])
 			i = 0;
-
 		if (staterr & E1000_RXD_STAT_EOP)
 			cnt++;
 	}
@@ -588,26 +585,16 @@ em_isc_rxd_available(void *arg, uint16_t rxqid, qidx_t idx, qidx_t budget)
 	u32 staterr = 0;
 	int cnt, i;
 
-	if (budget == 1) {
-		rxd = &rxr->rx_base[idx];
-		staterr = le32toh(rxd->wb.upper.status_error);
-		return (staterr & E1000_RXD_STAT_DD);
-	}
-
 	for (cnt = 0, i = idx; cnt < scctx->isc_nrxd[0] && cnt <= budget;) {
 		rxd = &rxr->rx_base[i];
 		staterr = le32toh(rxd->wb.upper.status_error);
 
 		if ((staterr & E1000_RXD_STAT_DD) == 0)
 			break;
-		
-		if (++i == scctx->isc_nrxd[0]) {
+		if (++i == scctx->isc_nrxd[0])
 			i = 0;
-		}
-
 		if (staterr & E1000_RXD_STAT_EOP)
 			cnt++;
-
 	}
 	return (cnt);
 }
diff --git a/freebsd/sys/dev/e1000/if_em.c b/freebsd/sys/dev/e1000/if_em.c
index 4fe66dfc..803b68ec 100644
--- a/freebsd/sys/dev/e1000/if_em.c
+++ b/freebsd/sys/dev/e1000/if_em.c
@@ -711,7 +711,8 @@ em_set_num_queues(if_ctx_t ctx)
 #define	IGB_CAPS							\
     IFCAP_HWCSUM | IFCAP_VLAN_MTU | IFCAP_VLAN_HWTAGGING |		\
     IFCAP_VLAN_HWCSUM | IFCAP_WOL | IFCAP_VLAN_HWFILTER | IFCAP_TSO4 |	\
-    IFCAP_LRO | IFCAP_VLAN_HWTSO | IFCAP_JUMBO_MTU | IFCAP_HWCSUM_IPV6;
+    IFCAP_LRO | IFCAP_VLAN_HWTSO | IFCAP_JUMBO_MTU | IFCAP_HWCSUM_IPV6 |\
+    IFCAP_TSO6
 
 /*********************************************************************
  *  Device initialization routine
@@ -1805,13 +1806,11 @@ em_if_update_admin_status(if_ctx_t ctx)
 		}
 		iflib_link_state_change(ctx, LINK_STATE_UP,
 		    IF_Mbps(adapter->link_speed));
-		printf("Link state changed to up\n");
 	} else if (!link_check && (adapter->link_active == 1)) {
 		adapter->link_speed = 0;
 		adapter->link_duplex = 0;
 		adapter->link_active = 0;
 		iflib_link_state_change(ctx, LINK_STATE_DOWN, 0);
-		printf("Link state changed to down\n");
 	}
 	em_update_stats_counters(adapter);
 
diff --git a/freebsd/sys/dev/e1000/if_em.h b/freebsd/sys/dev/e1000/if_em.h
index 26bdcb2e..d573107b 100644
--- a/freebsd/sys/dev/e1000/if_em.h
+++ b/freebsd/sys/dev/e1000/if_em.h
@@ -341,8 +341,11 @@
 #define EM_MSIX_LINK		0x01000000 /* For 82574 use */
 #define ETH_ZLEN		60
 #define ETH_ADDR_LEN		6
-#define EM_CSUM_OFFLOAD		7	/* Offload bits in mbuf flag */
-#define IGB_CSUM_OFFLOAD	0x0E0F	/* Offload bits in mbuf flag */
+#define EM_CSUM_OFFLOAD		(CSUM_IP | CSUM_IP_UDP | CSUM_IP_TCP) /* Offload bits in mbuf flag */
+#define IGB_CSUM_OFFLOAD	(CSUM_IP | CSUM_IP_UDP | CSUM_IP_TCP | \
+				 CSUM_IP_SCTP | CSUM_IP6_UDP | CSUM_IP6_TCP | \
+				 CSUM_IP6_SCTP)	/* Offload bits in mbuf flag */
+
 
 #define IGB_PKTTYPE_MASK	0x0000FFF0
 #define IGB_DMCTLX_DCFLUSH_DIS	0x80000000  /* Disable DMA Coalesce Flush */
diff --git a/freebsd/sys/dev/e1000/igb_txrx.c b/freebsd/sys/dev/e1000/igb_txrx.c
index 3a56a496..32bab4bf 100644
--- a/freebsd/sys/dev/e1000/igb_txrx.c
+++ b/freebsd/sys/dev/e1000/igb_txrx.c
@@ -154,7 +154,6 @@ igb_tx_ctx_setup(struct tx_ring *txr, if_pkt_info_t pi, u32 *cmd_type_len, u32 *
 	u32 vlan_macip_lens, type_tucmd_mlhl;
 	u32 mss_l4len_idx;
 	mss_l4len_idx = vlan_macip_lens = type_tucmd_mlhl = 0;
-	int offload = TRUE; 
 
 	/* First check if TSO is to be used */
 	if (pi->ipi_csum_flags & CSUM_TSO)
@@ -188,7 +187,6 @@ igb_tx_ctx_setup(struct tx_ring *txr, if_pkt_info_t pi, u32 *cmd_type_len, u32 *
 		type_tucmd_mlhl |= E1000_ADVTXD_TUCMD_IPV6;
 		break;
 	default:
-		offload = FALSE;
 		break;
 	}
 
@@ -197,25 +195,27 @@ igb_tx_ctx_setup(struct tx_ring *txr, if_pkt_info_t pi, u32 *cmd_type_len, u32 *
 
 	switch (pi->ipi_ipproto) {
 	case IPPROTO_TCP:
-		if (pi->ipi_csum_flags & (CSUM_IP_TCP | CSUM_IP6_TCP))
+		if (pi->ipi_csum_flags & (CSUM_IP_TCP | CSUM_IP6_TCP)) {
 			type_tucmd_mlhl |= E1000_ADVTXD_TUCMD_L4T_TCP;
+			*olinfo_status |= E1000_TXD_POPTS_TXSM << 8;
+		}
 		break;
 	case IPPROTO_UDP:
-		if (pi->ipi_csum_flags & (CSUM_IP_UDP | CSUM_IP6_UDP))
+		if (pi->ipi_csum_flags & (CSUM_IP_UDP | CSUM_IP6_UDP)) {
 			type_tucmd_mlhl |= E1000_ADVTXD_TUCMD_L4T_UDP;
+			*olinfo_status |= E1000_TXD_POPTS_TXSM << 8;
+		}
 		break;
 	case IPPROTO_SCTP:
-		if (pi->ipi_csum_flags & (CSUM_IP_SCTP | CSUM_IP6_SCTP))
+		if (pi->ipi_csum_flags & (CSUM_IP_SCTP | CSUM_IP6_SCTP)) {
 			type_tucmd_mlhl |= E1000_ADVTXD_TUCMD_L4T_SCTP;
+			*olinfo_status |= E1000_TXD_POPTS_TXSM << 8;
+		}
 		break;
 	default:
-		offload = FALSE;
 		break;
 	}
 
-	if (offload) /* For the TX descriptor setup */
-		*olinfo_status |= E1000_TXD_POPTS_TXSM << 8;
-
 	/* 82575 needs the queue index added */
 	if (adapter->hw.mac.type == e1000_82575)
 		mss_l4len_idx = txr->me << 4;
@@ -323,8 +323,13 @@ igb_isc_txd_credits_update(void *arg, uint16_t txqid, bool clear)
 	status = ((union e1000_adv_tx_desc *)&txr->tx_base[cur])->wb.status;
 	updated = !!(status & E1000_TXD_STAT_DD);
 
-	if (!clear || !updated)
-		return (updated);
+	if (!updated)
+		return (0);
+
+	/* If clear is false just let caller know that there
+	 * are descriptors to reclaim */
+	if (!clear)
+		return (1);
 
 	prev = txr->tx_cidx_processed;
 	ntxd = scctx->isc_ntxd[0];
@@ -394,28 +399,18 @@ igb_isc_rxd_available(void *arg, uint16_t rxqid, qidx_t idx, qidx_t budget)
 	struct rx_ring *rxr = &que->rxr;
 	union e1000_adv_rx_desc *rxd;
 	u32 staterr = 0;
-	int cnt, i, iter;
+	int cnt, i;
 
-	if (budget == 1) {
-		rxd = (union e1000_adv_rx_desc *)&rxr->rx_base[idx];
-		staterr = le32toh(rxd->wb.upper.status_error);
-		return (staterr & E1000_RXD_STAT_DD);
-	}
-
-	for (iter = cnt = 0, i = idx; iter < scctx->isc_nrxd[0] && iter <= budget;) {
+	for (cnt = 0, i = idx; cnt < scctx->isc_nrxd[0] && cnt <= budget;) {
 		rxd = (union e1000_adv_rx_desc *)&rxr->rx_base[i];
 		staterr = le32toh(rxd->wb.upper.status_error);
 
 		if ((staterr & E1000_RXD_STAT_DD) == 0)
 			break;
-
-		if (++i == scctx->isc_nrxd[0]) {
+		if (++i == scctx->isc_nrxd[0])
 			i = 0;
-		}
-
 		if (staterr & E1000_RXD_STAT_EOP)
 			cnt++;
-		iter++;
 	}
 	return (cnt);
 }
diff --git a/freebsd/sys/dev/ffec/if_ffec.c b/freebsd/sys/dev/ffec/if_ffec.c
index 03dca1a9..aee2aa64 100644
--- a/freebsd/sys/dev/ffec/if_ffec.c
+++ b/freebsd/sys/dev/ffec/if_ffec.c
@@ -887,12 +887,14 @@ ffec_alloc_mbufcl(struct ffec_softc *sc)
 	struct mbuf *m;
 
 	m = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR);
-	if (m == NULL)
-		return (m);
-
-	m->m_pkthdr.len = m->m_len = m->m_ext.ext_size;
+	if (m != NULL)
 #ifdef __rtems__
-	rtems_cache_invalidate_multiple_data_lines(m->m_data, m->m_len);
+	{
+#endif /* __rtems__ */
+		m->m_pkthdr.len = m->m_len = m->m_ext.ext_size;
+#ifdef __rtems__
+		rtems_cache_invalidate_multiple_data_lines(m->m_data, m->m_len);
+	}
 #endif /* __rtems__ */
 
 	return (m);
diff --git a/freebsd/sys/dev/fxp/if_fxp.c b/freebsd/sys/dev/fxp/if_fxp.c
index 032246d8..e9c8721e 100644
--- a/freebsd/sys/dev/fxp/if_fxp.c
+++ b/freebsd/sys/dev/fxp/if_fxp.c
@@ -310,7 +310,7 @@ static devclass_t fxp_devclass;
 DRIVER_MODULE_ORDERED(fxp, pci, fxp_driver, fxp_devclass, NULL, NULL,
     SI_ORDER_ANY);
 MODULE_PNP_INFO("U16:vendor;U16:device", pci, fxp, fxp_ident_table,
-    sizeof(fxp_ident_table[0]), nitems(fxp_ident_table) - 1);
+    nitems(fxp_ident_table) - 1);
 DRIVER_MODULE(miibus, fxp, miibus_driver, miibus_devclass, NULL, NULL);
 
 static struct resource_spec fxp_res_spec_mem[] = {
diff --git a/freebsd/sys/dev/ofw/ofw_bus_subr.h b/freebsd/sys/dev/ofw/ofw_bus_subr.h
index 7bf66a10..468fdc39 100644
--- a/freebsd/sys/dev/ofw/ofw_bus_subr.h
+++ b/freebsd/sys/dev/ofw/ofw_bus_subr.h
@@ -67,7 +67,7 @@ struct intr_map_data_fdt {
 
 #define SIMPLEBUS_PNP_DESCR "Z:compat;P:#;"
 #define SIMPLEBUS_PNP_INFO(t) \
-	MODULE_PNP_INFO(SIMPLEBUS_PNP_DESCR, simplebus, t, t, sizeof(t[0]), sizeof(t) / sizeof(t[0]));
+	MODULE_PNP_INFO(SIMPLEBUS_PNP_DESCR, simplebus, t, t, sizeof(t) / sizeof(t[0]));
 
 /* Generic implementation of ofw_bus_if.m methods and helper routines */
 int	ofw_bus_gen_setup_devinfo(struct ofw_bus_devinfo *, phandle_t);
diff --git a/freebsd/sys/dev/pci/pci_user.c b/freebsd/sys/dev/pci/pci_user.c
index b3a2e9e2..27fb3475 100644
--- a/freebsd/sys/dev/pci/pci_user.c
+++ b/freebsd/sys/dev/pci/pci_user.c
@@ -68,6 +68,49 @@ __FBSDID("$FreeBSD$");
 #include <rtems/bsd/local/pcib_if.h>
 #include <rtems/bsd/local/pci_if.h>
 
+#ifdef COMPAT_FREEBSD32
+struct pci_conf32 {
+	struct pcisel	pc_sel;		/* domain+bus+slot+function */
+	u_int8_t	pc_hdr;		/* PCI header type */
+	u_int16_t	pc_subvendor;	/* card vendor ID */
+	u_int16_t	pc_subdevice;	/* card device ID, assigned by
+					   card vendor */
+	u_int16_t	pc_vendor;	/* chip vendor ID */
+	u_int16_t	pc_device;	/* chip device ID, assigned by
+					   chip vendor */
+	u_int8_t	pc_class;	/* chip PCI class */
+	u_int8_t	pc_subclass;	/* chip PCI subclass */
+	u_int8_t	pc_progif;	/* chip PCI programming interface */
+	u_int8_t	pc_revid;	/* chip revision ID */
+	char		pd_name[PCI_MAXNAMELEN + 1];  /* device name */
+	u_int32_t	pd_unit;	/* device unit number */
+};
+
+struct pci_match_conf32 {
+	struct pcisel		pc_sel;		/* domain+bus+slot+function */
+	char			pd_name[PCI_MAXNAMELEN + 1];  /* device name */
+	u_int32_t		pd_unit;	/* Unit number */
+	u_int16_t		pc_vendor;	/* PCI Vendor ID */
+	u_int16_t		pc_device;	/* PCI Device ID */
+	u_int8_t		pc_class;	/* PCI class */
+	u_int32_t		flags;		/* Matching expression */
+};
+
+struct pci_conf_io32 {
+	u_int32_t		pat_buf_len;	/* pattern buffer length */
+	u_int32_t		num_patterns;	/* number of patterns */
+	u_int32_t		patterns;	/* struct pci_match_conf ptr */
+	u_int32_t		match_buf_len;	/* match buffer length */
+	u_int32_t		num_matches;	/* number of matches returned */
+	u_int32_t		matches;	/* struct pci_conf ptr */
+	u_int32_t		offset;		/* offset into device list */
+	u_int32_t		generation;	/* device list generation */
+	u_int32_t		status;		/* request status */
+};
+
+#define	PCIOCGETCONF32	_IOC_NEWTYPE(PCIOCGETCONF, struct pci_conf_io32)
+#endif
+
 /*
  * This is the user interface to PCI configuration space.
  */
@@ -177,6 +220,73 @@ pci_conf_match_native(struct pci_match_conf *matches, int num_matches,
 	return(1);
 }
 
+#ifdef COMPAT_FREEBSD32
+static int
+pci_conf_match32(struct pci_match_conf32 *matches, int num_matches,
+	       struct pci_conf *match_buf)
+{
+	int i;
+
+	if ((matches == NULL) || (match_buf == NULL) || (num_matches <= 0))
+		return(1);
+
+	for (i = 0; i < num_matches; i++) {
+		/*
+		 * I'm not sure why someone would do this...but...
+		 */
+		if (matches[i].flags == PCI_GETCONF_NO_MATCH)
+			continue;
+
+		/*
+		 * Look at each of the match flags.  If it's set, do the
+		 * comparison.  If the comparison fails, we don't have a
+		 * match, go on to the next item if there is one.
+		 */
+		if (((matches[i].flags & PCI_GETCONF_MATCH_DOMAIN) != 0)
+		 && (match_buf->pc_sel.pc_domain !=
+		 matches[i].pc_sel.pc_domain))
+			continue;
+
+		if (((matches[i].flags & PCI_GETCONF_MATCH_BUS) != 0)
+		 && (match_buf->pc_sel.pc_bus != matches[i].pc_sel.pc_bus))
+			continue;
+
+		if (((matches[i].flags & PCI_GETCONF_MATCH_DEV) != 0)
+		 && (match_buf->pc_sel.pc_dev != matches[i].pc_sel.pc_dev))
+			continue;
+
+		if (((matches[i].flags & PCI_GETCONF_MATCH_FUNC) != 0)
+		 && (match_buf->pc_sel.pc_func != matches[i].pc_sel.pc_func))
+			continue;
+
+		if (((matches[i].flags & PCI_GETCONF_MATCH_VENDOR) != 0)
+		 && (match_buf->pc_vendor != matches[i].pc_vendor))
+			continue;
+
+		if (((matches[i].flags & PCI_GETCONF_MATCH_DEVICE) != 0)
+		 && (match_buf->pc_device != matches[i].pc_device))
+			continue;
+
+		if (((matches[i].flags & PCI_GETCONF_MATCH_CLASS) != 0)
+		 && (match_buf->pc_class != matches[i].pc_class))
+			continue;
+
+		if (((matches[i].flags & PCI_GETCONF_MATCH_UNIT) != 0)
+		 && (match_buf->pd_unit != matches[i].pd_unit))
+			continue;
+
+		if (((matches[i].flags & PCI_GETCONF_MATCH_NAME) != 0)
+		 && (strncmp(matches[i].pd_name, match_buf->pd_name,
+			     sizeof(match_buf->pd_name)) != 0))
+			continue;
+
+		return(0);
+	}
+
+	return(1);
+}
+#endif	/* COMPAT_FREEBSD32 */
+
 #if defined(COMPAT_FREEBSD4) || defined(COMPAT_FREEBSD5) || \
     defined(COMPAT_FREEBSD6)
 #define PRE7_COMPAT
@@ -261,20 +371,6 @@ struct pci_match_conf_old32 {
 	pci_getconf_flags_old flags;	/* Matching expression */
 };
 
-struct pci_conf_io32 {
-	uint32_t	pat_buf_len;	/* pattern buffer length */
-	uint32_t	num_patterns;	/* number of patterns */
-	uint32_t	patterns;	/* pattern buffer
-					   (struct pci_match_conf_old32 *) */
-	uint32_t	match_buf_len;	/* match buffer length */
-	uint32_t	num_matches;	/* number of matches returned */
-	uint32_t	matches;	/* match buffer
-					   (struct pci_conf_old32 *) */
-	uint32_t	offset;		/* offset into device list */
-	uint32_t	generation;	/* device list generation */
-	pci_getconf_status status;	/* request status */
-};
-
 #define	PCIOCGETCONF_OLD32	_IOWR('p', 1, struct pci_conf_io32)
 #endif	/* COMPAT_FREEBSD32 */
 
@@ -413,6 +509,9 @@ pci_conf_match_old32(struct pci_match_conf_old32 *matches, int num_matches,
 
 union pci_conf_union {
 	struct pci_conf		pc;
+#ifdef COMPAT_FREEBSD32
+	struct pci_conf32	pc32;
+#endif
 #ifdef PRE7_COMPAT
 	struct pci_conf_old	pco;
 #ifdef COMPAT_FREEBSD32
@@ -430,6 +529,11 @@ pci_conf_match(u_long cmd, struct pci_match_conf *matches, int num_matches,
 	case PCIOCGETCONF:
 		return (pci_conf_match_native(
 		    (struct pci_match_conf *)matches, num_matches, match_buf));
+#ifdef COMPAT_FREEBSD32
+	case PCIOCGETCONF32:
+		return (pci_conf_match32((struct pci_match_conf32 *)matches,
+		    num_matches, match_buf));
+#endif
 #ifdef PRE7_COMPAT
 	case PCIOCGETCONF_OLD:
 		return (pci_conf_match_old(
@@ -546,6 +650,10 @@ pci_match_conf_size(u_long cmd)
 	switch (cmd) {
 	case PCIOCGETCONF:
 		return (sizeof(struct pci_match_conf));
+#ifdef COMPAT_FREEBSD32
+	case PCIOCGETCONF32:
+		return (sizeof(struct pci_match_conf32));
+#endif
 #ifdef PRE7_COMPAT
 	case PCIOCGETCONF_OLD:
 		return (sizeof(struct pci_match_conf_old));
@@ -567,6 +675,10 @@ pci_conf_size(u_long cmd)
 	switch (cmd) {
 	case PCIOCGETCONF:
 		return (sizeof(struct pci_conf));
+#ifdef COMPAT_FREEBSD32
+	case PCIOCGETCONF32:
+		return (sizeof(struct pci_conf32));
+#endif
 #ifdef PRE7_COMPAT
 	case PCIOCGETCONF_OLD:
 		return (sizeof(struct pci_conf_old));
@@ -584,7 +696,7 @@ pci_conf_size(u_long cmd)
 static void
 pci_conf_io_init(struct pci_conf_io *cio, caddr_t data, u_long cmd)
 {
-#if defined(PRE7_COMPAT) && defined(COMPAT_FREEBSD32)
+#if defined(COMPAT_FREEBSD32)
 	struct pci_conf_io32 *cio32;
 #endif
 
@@ -596,8 +708,11 @@ pci_conf_io_init(struct pci_conf_io *cio, caddr_t data, u_long cmd)
 		*cio = *(struct pci_conf_io *)data;
 		return;
 
-#if defined(PRE7_COMPAT) && defined(COMPAT_FREEBSD32)
+#ifdef COMPAT_FREEBSD32
+	case PCIOCGETCONF32:
+#ifdef PRE7_COMPAT
 	case PCIOCGETCONF_OLD32:
+#endif
                cio32 = (struct pci_conf_io32 *)data;
                cio->pat_buf_len = cio32->pat_buf_len;
                cio->num_patterns = cio32->num_patterns;
@@ -622,7 +737,7 @@ pci_conf_io_update_data(const struct pci_conf_io *cio, caddr_t data,
     u_long cmd)
 {
 	struct pci_conf_io *d_cio;
-#if defined(PRE7_COMPAT) && defined(COMPAT_FREEBSD32)
+#if defined(COMPAT_FREEBSD32)
 	struct pci_conf_io32 *cio32;
 #endif
 
@@ -638,8 +753,11 @@ pci_conf_io_update_data(const struct pci_conf_io *cio, caddr_t data,
 		d_cio->num_matches = cio->num_matches;
 		return;
 
-#if defined(PRE7_COMPAT) && defined(COMPAT_FREEBSD32)
+#ifdef COMPAT_FREEBSD32
+	case PCIOCGETCONF32:
+#ifdef PRE7_COMPAT
 	case PCIOCGETCONF_OLD32:
+#endif
 		cio32 = (struct pci_conf_io32 *)data;
 
 		cio32->status = cio->status;
@@ -667,6 +785,24 @@ pci_conf_for_copyout(const struct pci_conf *pcp, union pci_conf_union *pcup,
 		pcup->pc = *pcp;
 		return;
 
+#ifdef COMPAT_FREEBSD32
+	case PCIOCGETCONF32:
+		pcup->pc32.pc_sel = pcp->pc_sel;
+		pcup->pc32.pc_hdr = pcp->pc_hdr;
+		pcup->pc32.pc_subvendor = pcp->pc_subvendor;
+		pcup->pc32.pc_subdevice = pcp->pc_subdevice;
+		pcup->pc32.pc_vendor = pcp->pc_vendor;
+		pcup->pc32.pc_device = pcp->pc_device;
+		pcup->pc32.pc_class = pcp->pc_class;
+		pcup->pc32.pc_subclass = pcp->pc_subclass;
+		pcup->pc32.pc_progif = pcp->pc_progif;
+		pcup->pc32.pc_revid = pcp->pc_revid;
+		strlcpy(pcup->pc32.pd_name, pcp->pd_name,
+		    sizeof(pcup->pc32.pd_name));
+		pcup->pc32.pd_unit = (uint32_t)pcp->pd_unit;
+		return;
+#endif
+
 #ifdef PRE7_COMPAT
 #ifdef COMPAT_FREEBSD32
 	case PCIOCGETCONF_OLD32:
diff --git a/freebsd/sys/dev/pci/pcireg.h b/freebsd/sys/dev/pci/pcireg.h
index 00589c4b..edec95c8 100644
--- a/freebsd/sys/dev/pci/pcireg.h
+++ b/freebsd/sys/dev/pci/pcireg.h
@@ -122,6 +122,9 @@
 #define	PCIM_MFDEV		0x80
 #define	PCIR_BIST	0x0f
 
+/* PCI Spec rev 2.2: 0FFFFh is an invalid value for Vendor ID. */
+#define	PCIV_INVALID	0xffff 
+
 /* Capability Register Offsets */
 
 #define	PCICAP_ID	0x0
diff --git a/freebsd/sys/dev/pci/pcivar.h b/freebsd/sys/dev/pci/pcivar.h
index 21d9bd03..8fd0d9f7 100644
--- a/freebsd/sys/dev/pci/pcivar.h
+++ b/freebsd/sys/dev/pci/pcivar.h
@@ -311,7 +311,7 @@ struct pci_device_table {
 	"M16:mask;U16:vendor;U16:device;U16:subvendor;U16:subdevice;"	\
 	"U16:class;U16:subclass;U16:revid;"
 #define PCI_PNP_INFO(table)						\
-	MODULE_PNP_INFO(PCI_PNP_STR, pci, table, table, sizeof(table[0]), \
+	MODULE_PNP_INFO(PCI_PNP_STR, pci, table, table,			\
 	    sizeof(table) / sizeof(table[0]))
 
 const struct pci_device_table *pci_match_device(device_t child,
diff --git a/freebsd/sys/dev/usb/controller/dwc_otg.c b/freebsd/sys/dev/usb/controller/dwc_otg.c
index abc23ac6..1332b485 100644
--- a/freebsd/sys/dev/usb/controller/dwc_otg.c
+++ b/freebsd/sys/dev/usb/controller/dwc_otg.c
@@ -1460,6 +1460,8 @@ dwc_otg_host_data_rx(struct dwc_otg_softc *sc, struct dwc_otg_td *td)
 				/* check if we are complete */
 				if (td->tt_xactpos == HCSPLT_XACTPOS_BEGIN) {
 					goto complete;
+				} else if (td->hcsplt != 0) {
+					goto receive_pkt;
 				} else {
 					/* get more packets */
 					goto busy;
@@ -1518,8 +1520,10 @@ receive_pkt:
   	if (td->hcsplt != 0) {
 		delta = td->tt_complete_slot - sc->sc_last_frame_num - 1;
 		if (td->tt_scheduled == 0 || delta < DWC_OTG_TT_SLOT_MAX) {
-			td->state = DWC_CHAN_ST_WAIT_C_PKT;
-			goto busy;
+			if (td->ep_type != UE_ISOCHRONOUS) {
+				td->state = DWC_CHAN_ST_WAIT_C_PKT;
+				goto busy;
+			}
 		}
 		delta = sc->sc_last_frame_num - td->tt_start_slot;
 		if (delta > DWC_OTG_TT_SLOT_MAX) {
@@ -1565,12 +1569,23 @@ receive_pkt:
 		hcchar = td->hcchar;
 		hcchar |= HCCHAR_EPDIR_IN;
 
-		/* receive complete split ASAP */
-		if ((sc->sc_last_frame_num & 1) != 0 &&
-		    td->ep_type == UE_ISOCHRONOUS)
-			hcchar |= HCCHAR_ODDFRM;
-		else
+		if (td->ep_type == UE_ISOCHRONOUS) {
+			if (td->hcsplt != 0) {
+				/* continously buffer */
+				if (sc->sc_last_frame_num & 1)
+					hcchar &= ~HCCHAR_ODDFRM;
+				else
+					hcchar |= HCCHAR_ODDFRM;
+			} else {
+				/* multi buffer, if any */
+				if (sc->sc_last_frame_num & 1)
+					hcchar |= HCCHAR_ODDFRM;
+				else
+					hcchar &= ~HCCHAR_ODDFRM;
+			}
+		} else {
 			hcchar &= ~HCCHAR_ODDFRM;
+		}
 
 		/* must enable channel before data can be received */
 		DWC_OTG_WRITE_4(sc, DOTG_HCCHAR(channel), hcchar);
diff --git a/freebsd/sys/dev/usb/net/if_ure.c b/freebsd/sys/dev/usb/net/if_ure.c
index bcae02cb..136b61f9 100644
--- a/freebsd/sys/dev/usb/net/if_ure.c
+++ b/freebsd/sys/dev/usb/net/if_ure.c
@@ -70,6 +70,8 @@ SYSCTL_INT(_hw_usb_ure, OID_AUTO, debug, CTLFLAG_RWTUN, &ure_debug, 0,
 static const STRUCT_USB_HOST_ID ure_devs[] = {
 #define	URE_DEV(v,p,i)	{ USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, i) }
 	URE_DEV(LENOVO, RTL8153, 0),
+	URE_DEV(LENOVO, TBT3LAN, 0),
+	URE_DEV(LENOVO, USBCLAN, 0),
 	URE_DEV(NVIDIA, RTL8153, 0),
 	URE_DEV(REALTEK, RTL8152, URE_FLAG_8152),
 	URE_DEV(REALTEK, RTL8153, 0),
@@ -171,6 +173,7 @@ MODULE_DEPEND(ure, usb, 1, 1, 1);
 MODULE_DEPEND(ure, ether, 1, 1, 1);
 MODULE_DEPEND(ure, miibus, 1, 1, 1);
 MODULE_VERSION(ure, 1);
+USB_PNP_HOST_INFO(ure_devs);
 
 static const struct usb_ether_methods ure_ue_methods = {
 	.ue_attach_post = ure_attach_post,
diff --git a/freebsd/sys/dev/usb/serial/uplcom.c b/freebsd/sys/dev/usb/serial/uplcom.c
index 2b90e4d6..a58ba3ce 100644
--- a/freebsd/sys/dev/usb/serial/uplcom.c
+++ b/freebsd/sys/dev/usb/serial/uplcom.c
@@ -136,11 +136,19 @@ SYSCTL_INT(_hw_usb_uplcom, OID_AUTO, debug, CTLFLAG_RWTUN,
 #define	UPLCOM_SET_CRTSCTS		0x41
 #define	UPLCOM_SET_CRTSCTS_PL2303X	0x61
 #define	RSAQ_STATUS_CTS			0x80
+#define	RSAQ_STATUS_OVERRUN_ERROR	0x40
+#define	RSAQ_STATUS_PARITY_ERROR	0x20 
+#define	RSAQ_STATUS_FRAME_ERROR	0x10
+#define	RSAQ_STATUS_RING		0x08
+#define	RSAQ_STATUS_BREAK_ERROR	0x04
 #define	RSAQ_STATUS_DSR			0x02
 #define	RSAQ_STATUS_DCD			0x01
 
 #define	TYPE_PL2303			0
 #define	TYPE_PL2303HX			1
+#define	TYPE_PL2303HXD			2
+
+#define	UPLCOM_STATE_INDEX		8
 
 enum {
 	UPLCOM_BULK_DT_WR,
@@ -371,18 +379,49 @@ uplcom_attach(device_t dev)
 
 	sc->sc_udev = uaa->device;
 
-	/* Determine the chip type.  This algorithm is taken from Linux. */
 	dd = usbd_get_device_descriptor(sc->sc_udev);
-	if (dd->bDeviceClass == 0x02)
-		sc->sc_chiptype = TYPE_PL2303;
-	else if (dd->bMaxPacketSize == 0x40)
+
+	switch (UGETW(dd->bcdDevice)) {
+	case 0x0300:
 		sc->sc_chiptype = TYPE_PL2303HX;
-	else
-		sc->sc_chiptype = TYPE_PL2303;
+		/* or TA, that is HX with external crystal */
+		break;
+	case 0x0400:
+		sc->sc_chiptype = TYPE_PL2303HXD;
+		/* or EA, that is HXD with ESD protection */
+		/* or RA, that has internal voltage level converter that works only up to 1Mbaud (!) */
+		break;
+	case 0x0500:
+		sc->sc_chiptype = TYPE_PL2303HXD;
+		/* in fact it's TB, that is HXD with external crystal */
+		break;
+	default:
+		/* NOTE: I have no info about the bcdDevice for the base PL2303 (up to 1.2Mbaud,
+		   only fixed rates) and for PL2303SA (8-pin chip, up to 115200 baud */
+		/* Determine the chip type.  This algorithm is taken from Linux. */
+		if (dd->bDeviceClass == 0x02)
+			sc->sc_chiptype = TYPE_PL2303;
+		else if (dd->bMaxPacketSize == 0x40)
+			sc->sc_chiptype = TYPE_PL2303HX;
+		else
+			sc->sc_chiptype = TYPE_PL2303;
+		break;
+	}
 
-	DPRINTF("chiptype: %s\n",
-	    (sc->sc_chiptype == TYPE_PL2303HX) ?
-	    "2303X" : "2303");
+	switch (sc->sc_chiptype) {
+	case TYPE_PL2303:
+		DPRINTF("chiptype: 2303\n");
+		break;
+	case TYPE_PL2303HX:
+		DPRINTF("chiptype: 2303HX/TA\n");
+		break;
+	case TYPE_PL2303HXD:
+		DPRINTF("chiptype: 2303HXD/TB/RA/EA\n");
+		break;
+	default:
+		DPRINTF("chiptype: unknown %d\n", sc->sc_chiptype);
+		break;
+	}
 
 	/*
 	 * USB-RSAQ1 has two interface
@@ -431,13 +470,14 @@ uplcom_attach(device_t dev)
 		goto detach;
 	}
 
-	if (sc->sc_chiptype != TYPE_PL2303HX) {
+	if (sc->sc_chiptype == TYPE_PL2303) {
 		/* HX variants seem to lock up after a clear stall request. */
 		mtx_lock(&sc->sc_mtx);
 		usbd_xfer_set_stall(sc->sc_xfer[UPLCOM_BULK_DT_WR]);
 		usbd_xfer_set_stall(sc->sc_xfer[UPLCOM_BULK_DT_RD]);
 		mtx_unlock(&sc->sc_mtx);
 	} else {
+		/* reset upstream data pipes */
 		if (uplcom_pl2303_do(sc->sc_udev, UT_WRITE_VENDOR_DEVICE,
 		    UPLCOM_SET_REQUEST, 8, 0, 0) ||
 		    uplcom_pl2303_do(sc->sc_udev, UT_WRITE_VENDOR_DEVICE,
@@ -556,7 +596,7 @@ uplcom_pl2303_init(struct usb_device *udev, uint8_t chiptype)
 	    || uplcom_pl2303_do(udev, UT_WRITE_VENDOR_DEVICE, UPLCOM_SET_REQUEST, 1, 0, 0))
 		return (EIO);
 
-	if (chiptype == TYPE_PL2303HX)
+	if (chiptype != TYPE_PL2303)
 		err = uplcom_pl2303_do(udev, UT_WRITE_VENDOR_DEVICE, UPLCOM_SET_REQUEST, 2, 0x44, 0);
 	else
 		err = uplcom_pl2303_do(udev, UT_WRITE_VENDOR_DEVICE, UPLCOM_SET_REQUEST, 2, 0x24, 0);
@@ -636,23 +676,52 @@ uplcom_cfg_set_break(struct ucom_softc *ucom, uint8_t onoff)
 	    &req, NULL, 0, 1000);
 }
 
+/*
+ * NOTE: These baud rates are officially supported, they can be written
+ * directly into dwDTERate register.
+ *
+ * Free baudrate setting is not supported by the base PL2303, and on
+ * other models it requires writing a divisor value to dwDTERate instead
+ * of the raw baudrate. The formula for divisor calculation is not published
+ * by the vendor, so it is speculative, though the official product homepage
+ * refers to the Linux module source as a reference implementation.
+ */
 static const uint32_t uplcom_rates[] = {
-	75, 150, 300, 600, 1200, 1800, 2400, 3600, 4800, 7200, 9600, 14400,
-	19200, 28800, 38400, 57600, 115200,
 	/*
-	 * Higher speeds are probably possible. PL2303X supports up to
-	 * 6Mb and can set any rate
+	 * Basic 'standard' speed rates, supported by all models
+	 * NOTE: 900 and 56000 actually works as well
 	 */
-	230400, 460800, 614400, 921600, 1228800
+	75, 150, 300, 600, 900, 1200, 1800, 2400, 3600, 4800, 7200, 9600, 14400,
+	19200, 28800, 38400, 56000, 57600, 115200,
+	/*
+	 * Advanced speed rates up to 6Mbs, supported by HX/TA and HXD/TB/EA/RA
+     * NOTE: regardless of the spec, 256000 does not work
+	 */
+	128000, 134400, 161280, 201600, 230400, 268800, 403200, 460800, 614400,
+	806400, 921600, 1228800, 2457600, 3000000, 6000000,
+	/*
+	 * Advanced speed rates up to 12, supported by HXD/TB/EA/RA
+	 */
+	12000000
 };
 
 #define	N_UPLCOM_RATES	nitems(uplcom_rates)
 
 static int
+uplcom_baud_supported(unsigned int speed)
+{
+	int i;
+	for (i = 0; i < N_UPLCOM_RATES; i++) {
+		if (uplcom_rates[i] == speed)
+			return 1;
+	}
+	return 0;
+}
+
+static int
 uplcom_pre_param(struct ucom_softc *ucom, struct termios *t)
 {
 	struct uplcom_softc *sc = ucom->sc_parent;
-	uint8_t i;
 
 	DPRINTF("\n");
 
@@ -660,26 +729,75 @@ uplcom_pre_param(struct ucom_softc *ucom, struct termios *t)
 	 * Check requested baud rate.
 	 *
 	 * The PL2303 can only set specific baud rates, up to 1228800 baud.
-	 * The PL2303X can set any baud rate up to 6Mb.
+	 * The PL2303HX can set any baud rate up to 6Mb.
 	 * The PL2303HX rev. D can set any baud rate up to 12Mb.
 	 *
-	 * XXX: We currently cannot identify the PL2303HX rev. D, so treat
-	 *      it the same as the PL2303X.
 	 */
-	if (sc->sc_chiptype != TYPE_PL2303HX) {
-		for (i = 0; i < N_UPLCOM_RATES; i++) {
-			if (uplcom_rates[i] == t->c_ospeed)
+
+	/* accept raw divisor data, if someone wants to do the math in user domain */
+	if (t->c_ospeed & 0x80000000)
+		return 0;
+	switch (sc->sc_chiptype) {
+		case TYPE_PL2303HXD:
+			if (t->c_ospeed <= 12000000)
 				return (0);
-		}
- 	} else {
-		if (t->c_ospeed <= 6000000)
-			return (0);
+			break;
+		case TYPE_PL2303HX:
+			if (t->c_ospeed <= 6000000)
+				return (0);
+			break;
+		default:
+			if (uplcom_baud_supported(t->c_ospeed))
+				return (0);
+			break;
 	}
 
 	DPRINTF("uplcom_param: bad baud rate (%d)\n", t->c_ospeed);
 	return (EIO);
 }
 
+static unsigned int
+uplcom_encode_baud_rate_divisor(uint8_t *buf, unsigned int baud)
+{
+	unsigned int baseline, mantissa, exponent;
+
+	/* Determine the baud rate divisor. This algorithm is taken from Linux. */
+	/*
+	 * Apparently the formula is:
+	 *   baudrate = baseline / (mantissa * 4^exponent)
+	 * where
+	 *   mantissa = buf[8:0]
+	 *   exponent = buf[11:9]
+	 */
+	if (baud == 0)
+		baud = 1;
+	baseline = 383385600;
+	mantissa = baseline / baud;
+	if (mantissa == 0)
+		mantissa = 1;
+	exponent = 0;
+	while (mantissa >= 512) {
+		if (exponent < 7) {
+			mantissa >>= 2;	/* divide by 4 */
+			exponent++;
+		} else {
+			/* Exponent is maxed. Trim mantissa and leave. This gives approx. 45.8 baud */
+			mantissa = 511;
+			break;
+		}
+	}
+
+	buf[3] = 0x80;
+	buf[2] = 0;
+	buf[1] = exponent << 1 | mantissa >> 8;
+	buf[0] = mantissa & 0xff;
+
+	/* Calculate and return the exact baud rate. */
+	baud = (baseline / mantissa) >> (exponent << 1);
+	DPRINTF("real baud rate will be %u\n", baud);
+
+	return baud;
+}
 static void
 uplcom_cfg_param(struct ucom_softc *ucom, struct termios *t)
 {
@@ -691,10 +809,24 @@ uplcom_cfg_param(struct ucom_softc *ucom, struct termios *t)
 
 	memset(&ls, 0, sizeof(ls));
 
-	USETDW(ls.dwDTERate, t->c_ospeed);
+	/*
+	 * NOTE: If unsupported baud rates are set directly, the PL2303* uses 9600 baud.
+	 */
+	if ((t->c_ospeed & 0x80000000) || uplcom_baud_supported(t->c_ospeed))
+		USETDW(ls.dwDTERate, t->c_ospeed);
+	else
+		t->c_ospeed = uplcom_encode_baud_rate_divisor((uint8_t*)&ls.dwDTERate, t->c_ospeed);
 
 	if (t->c_cflag & CSTOPB) {
-		ls.bCharFormat = UCDC_STOP_BIT_2;
+		if ((t->c_cflag & CSIZE) == CS5) {
+			/*
+			 * NOTE: Comply with "real" UARTs / RS232:
+			 *       use 1.5 instead of 2 stop bits with 5 data bits
+			 */
+			ls.bCharFormat = UCDC_STOP_BIT_1_5;
+		} else {
+			ls.bCharFormat = UCDC_STOP_BIT_2;
+		}
 	} else {
 		ls.bCharFormat = UCDC_STOP_BIT_1;
 	}
@@ -724,7 +856,7 @@ uplcom_cfg_param(struct ucom_softc *ucom, struct termios *t)
 		break;
 	}
 
-	DPRINTF("rate=%d fmt=%d parity=%d bits=%d\n",
+	DPRINTF("rate=0x%08x fmt=%d parity=%d bits=%d\n",
 	    UGETDW(ls.dwDTERate), ls.bCharFormat,
 	    ls.bParityType, ls.bDataBits);
 
@@ -745,7 +877,7 @@ uplcom_cfg_param(struct ucom_softc *ucom, struct termios *t)
 		req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
 		req.bRequest = UPLCOM_SET_REQUEST;
 		USETW(req.wValue, 0);
-		if (sc->sc_chiptype == TYPE_PL2303HX)
+		if (sc->sc_chiptype != TYPE_PL2303)
 			USETW(req.wIndex, UPLCOM_SET_CRTSCTS_PL2303X);
 		else
 			USETW(req.wIndex, UPLCOM_SET_CRTSCTS);
@@ -811,7 +943,6 @@ uplcom_cfg_get_status(struct ucom_softc *ucom, uint8_t *lsr, uint8_t *msr)
 
 	DPRINTF("\n");
 
-	/* XXX Note: sc_lsr is always zero */
 	*lsr = sc->sc_lsr;
 	*msr = sc->sc_msr;
 }
@@ -836,18 +967,33 @@ uplcom_intr_callback(struct usb_xfer *xfer, usb_error_t error)
 			pc = usbd_xfer_get_frame(xfer, 0);
 			usbd_copy_out(pc, 0, buf, sizeof(buf));
 
-			DPRINTF("status = 0x%02x\n", buf[8]);
+			DPRINTF("status = 0x%02x\n", buf[UPLCOM_STATE_INDEX]);
 
 			sc->sc_lsr = 0;
 			sc->sc_msr = 0;
 
-			if (buf[8] & RSAQ_STATUS_CTS) {
+			if (buf[UPLCOM_STATE_INDEX] & RSAQ_STATUS_CTS) {
 				sc->sc_msr |= SER_CTS;
 			}
-			if (buf[8] & RSAQ_STATUS_DSR) {
+			if (buf[UPLCOM_STATE_INDEX] & RSAQ_STATUS_OVERRUN_ERROR) {
+				sc->sc_lsr |= ULSR_OE;
+			}
+			if (buf[UPLCOM_STATE_INDEX] & RSAQ_STATUS_PARITY_ERROR) {
+				sc->sc_lsr |= ULSR_PE;
+			}
+			if (buf[UPLCOM_STATE_INDEX] & RSAQ_STATUS_FRAME_ERROR) {
+				sc->sc_lsr |= ULSR_FE;
+			}
+			if (buf[UPLCOM_STATE_INDEX] & RSAQ_STATUS_RING) {
+				sc->sc_msr |= SER_RI;
+			}
+			if (buf[UPLCOM_STATE_INDEX] & RSAQ_STATUS_BREAK_ERROR) {
+				sc->sc_lsr |= ULSR_BI;
+			}
+			if (buf[UPLCOM_STATE_INDEX] & RSAQ_STATUS_DSR) {
 				sc->sc_msr |= SER_DSR;
 			}
-			if (buf[8] & RSAQ_STATUS_DCD) {
+			if (buf[UPLCOM_STATE_INDEX] & RSAQ_STATUS_DCD) {
 				sc->sc_msr |= SER_DCD;
 			}
 			ucom_status_change(&sc->sc_ucom);
diff --git a/freebsd/sys/dev/usb/usbdi.h b/freebsd/sys/dev/usb/usbdi.h
index 147b5d5e..d5648c03 100644
--- a/freebsd/sys/dev/usb/usbdi.h
+++ b/freebsd/sys/dev/usb/usbdi.h
@@ -342,13 +342,13 @@ struct usb_device_id {
 #define USB_STD_PNP_HOST_INFO USB_STD_PNP_INFO "T:mode=host;"
 #define USB_STD_PNP_DEVICE_INFO USB_STD_PNP_INFO "T:mode=device;"
 #define USB_PNP_HOST_INFO(table)					\
-	MODULE_PNP_INFO(USB_STD_PNP_HOST_INFO, uhub, table, table, sizeof(table[0]), \
+	MODULE_PNP_INFO(USB_STD_PNP_HOST_INFO, uhub, table, table,	\
 	    sizeof(table) / sizeof(table[0]))
 #define USB_PNP_DEVICE_INFO(table)					\
-	MODULE_PNP_INFO(USB_STD_PNP_DEVICE_INFO, uhub, table, table, sizeof(table[0]), \
+	MODULE_PNP_INFO(USB_STD_PNP_DEVICE_INFO, uhub, table, table,	\
 	    sizeof(table) / sizeof(table[0]))
 #define USB_PNP_DUAL_INFO(table)					\
-	MODULE_PNP_INFO(USB_STD_PNP_INFO, uhub, table, table, sizeof(table[0]), \
+	MODULE_PNP_INFO(USB_STD_PNP_INFO, uhub, table, table,		\
 	    sizeof(table) / sizeof(table[0]))
 
 /* check that the size of the structure above is correct */
diff --git a/freebsd/sys/isa/isavar.h b/freebsd/sys/isa/isavar.h
index 30fd1f8d..55e33ef2 100644
--- a/freebsd/sys/isa/isavar.h
+++ b/freebsd/sys/isa/isavar.h
@@ -144,7 +144,7 @@ enum isa_device_ivars {
 
 #define	ISA_PNP_DESCR "E:pnpid;D:#"
 #define ISA_PNP_INFO(t) \
-	MODULE_PNP_INFO(ISA_PNP_DESCR, isa, t, t, sizeof(t[0]), nitems(t) - 1); \
+	MODULE_PNP_INFO(ISA_PNP_DESCR, isa, t, t, nitems(t) - 1); \
 
 /*
  * Simplified accessors for isa devices
diff --git a/freebsd/sys/kern/kern_conf.c b/freebsd/sys/kern/kern_conf.c
index 8605cc43..92237d9d 100644
--- a/freebsd/sys/kern/kern_conf.c
+++ b/freebsd/sys/kern/kern_conf.c
@@ -210,7 +210,8 @@ dev_refthread(struct cdev *dev, int *ref)
 			csw = NULL;
 	}
 	dev_unlock();
-	*ref = 1;
+	if (csw != NULL)
+		*ref = 1;
 	return (csw);
 }
 
diff --git a/freebsd/sys/kern/kern_linker.c b/freebsd/sys/kern/kern_linker.c
index 197ee5bb..49aee591 100644
--- a/freebsd/sys/kern/kern_linker.c
+++ b/freebsd/sys/kern/kern_linker.c
@@ -1037,17 +1037,35 @@ linker_ddb_search_symbol_name(caddr_t value, char *buf, u_int buflen,
  * obey locking protocols, and offer a significantly less complex interface.
  */
 int
-linker_search_symbol_name(caddr_t value, char *buf, u_int buflen,
-    long *offset)
+linker_search_symbol_name_flags(caddr_t value, char *buf, u_int buflen,
+    long *offset, int flags)
 {
 	int error;
 
-	sx_slock(&kld_sx);
+	KASSERT((flags & (M_NOWAIT | M_WAITOK)) != 0 &&
+	    (flags & (M_NOWAIT | M_WAITOK)) != (M_NOWAIT | M_WAITOK),
+	    ("%s: bad flags: 0x%x", __func__, flags));
+
+	if (flags & M_NOWAIT) {
+		if (!sx_try_slock(&kld_sx))
+			return (EWOULDBLOCK);
+	} else
+		sx_slock(&kld_sx);
+
 	error = linker_debug_search_symbol_name(value, buf, buflen, offset);
 	sx_sunlock(&kld_sx);
 	return (error);
 }
 
+int
+linker_search_symbol_name(caddr_t value, char *buf, u_int buflen,
+    long *offset)
+{
+
+	return (linker_search_symbol_name_flags(value, buf, buflen, offset,
+	    M_WAITOK));
+}
+
 /*
  * Syscalls.
  */
@@ -2139,7 +2157,7 @@ linker_load_dependencies(linker_file_t lf)
 	const struct mod_depend *verinfo;
 	modlist_t mod;
 	const char *modname, *nmodname;
-	int ver, error = 0, count;
+	int ver, error = 0;
 
 	/*
 	 * All files are dependent on /kernel.
@@ -2152,7 +2170,7 @@ linker_load_dependencies(linker_file_t lf)
 			return (error);
 	}
 	if (linker_file_lookup_set(lf, MDT_SETNAME, &start, &stop,
-	    &count) != 0)
+	    NULL) != 0)
 		return (0);
 	for (mdp = start; mdp < stop; mdp++) {
 		mp = *mdp;
diff --git a/freebsd/sys/kern/kern_mbuf.c b/freebsd/sys/kern/kern_mbuf.c
index 13467dfe..09cae9b2 100644
--- a/freebsd/sys/kern/kern_mbuf.c
+++ b/freebsd/sys/kern/kern_mbuf.c
@@ -35,8 +35,8 @@ __FBSDID("$FreeBSD$");
 #include <rtems/bsd/local/opt_param.h>
 
 #include <sys/param.h>
+#include <sys/conf.h>
 #include <sys/malloc.h>
-#include <sys/types.h>
 #include <sys/systm.h>
 #include <sys/mbuf.h>
 #include <sys/domain.h>
@@ -423,6 +423,8 @@ nd_buf_import(void *arg, void **store, int count, int domain __unused,
 	struct mbuf *m;
 	int i;
 
+	KASSERT(!dumping, ("%s: ran out of pre-allocated mbufs", __func__));
+
 	q = arg;
 
 	for (i = 0; i < count; i++) {
@@ -458,6 +460,8 @@ nd_pack_import(void *arg __unused, void **store, int count, int domain __unused,
 	void *clust;
 	int i;
 
+	KASSERT(!dumping, ("%s: ran out of pre-allocated mbufs", __func__));
+
 	for (i = 0; i < count; i++) {
 		m = m_get(MT_DATA, M_NOWAIT);
 		if (m == NULL)
diff --git a/freebsd/sys/kern/subr_prf.c b/freebsd/sys/kern/subr_prf.c
index 6e719897..2b45c13e 100644
--- a/freebsd/sys/kern/subr_prf.c
+++ b/freebsd/sys/kern/subr_prf.c
@@ -273,27 +273,6 @@ vtprintf(struct proc *p, int pri, const char *fmt, va_list ap)
 	msgbuftrigger = 1;
 }
 
-/*
- * Ttyprintf displays a message on a tty; it should be used only by
- * the tty driver, or anything that knows the underlying tty will not
- * be revoke(2)'d away.  Other callers should use tprintf.
- */
-int
-ttyprintf(struct tty *tp, const char *fmt, ...)
-{
-	va_list ap;
-	struct putchar_arg pca;
-	int retval;
-
-	va_start(ap, fmt);
-	pca.tty = tp;
-	pca.flags = TOTTY;
-	pca.p_bufr = NULL;
-	retval = kvprintf(fmt, putchar, &pca, 10, ap);
-	va_end(ap);
-	return (retval);
-}
-
 static int
 _vprintf(int level, int flags, const char *fmt, va_list ap)
 {
@@ -1089,11 +1068,6 @@ msgbufinit(void *ptr, int size)
 	oldp = msgbufp;
 }
 
-static int unprivileged_read_msgbuf = 1;
-SYSCTL_INT(_security_bsd, OID_AUTO, unprivileged_read_msgbuf,
-    CTLFLAG_RW, &unprivileged_read_msgbuf, 0,
-    "Unprivileged processes may read the kernel message buffer");
-
 /* Sysctls for accessing/clearing the msgbuf */
 static int
 sysctl_kern_msgbuf(SYSCTL_HANDLER_ARGS)
@@ -1102,11 +1076,9 @@ sysctl_kern_msgbuf(SYSCTL_HANDLER_ARGS)
 	u_int seq;
 	int error, len;
 
-	if (!unprivileged_read_msgbuf) {
-		error = priv_check(req->td, PRIV_MSGBUF);
-		if (error)
-			return (error);
-	}
+	error = priv_check(req->td, PRIV_MSGBUF);
+	if (error)
+		return (error);
 
 	/* Read the whole buffer, one chunk at a time. */
 	mtx_lock(&msgbuf_lock);
diff --git a/freebsd/sys/kern/sys_generic.c b/freebsd/sys/kern/sys_generic.c
index 9e41f0f6..273cb730 100644
--- a/freebsd/sys/kern/sys_generic.c
+++ b/freebsd/sys/kern/sys_generic.c
@@ -1053,8 +1053,9 @@ kern_select(struct thread *td, int nd, fd_set *fd_in, fd_set *fd_ou,
 			error = copyin(name, ibits[x], ncpubytes);	\
 			if (error != 0)					\
 				goto done;				\
-			bzero((char *)ibits[x] + ncpubytes,		\
-			    ncpbytes - ncpubytes);			\
+			if (ncpbytes != ncpubytes)			\
+				bzero((char *)ibits[x] + ncpubytes,	\
+				    ncpbytes - ncpubytes);		\
 		}							\
 	} while (0)
 	getbits(fd_in, 0);
diff --git a/freebsd/sys/kern/tty_ttydisc.c b/freebsd/sys/kern/tty_ttydisc.c
index b94080fb..36d541e3 100644
--- a/freebsd/sys/kern/tty_ttydisc.c
+++ b/freebsd/sys/kern/tty_ttydisc.c
@@ -1255,17 +1255,27 @@ ttydisc_getc_poll(struct tty *tp)
  */
 
 int
-tty_putchar(struct tty *tp, char c)
+tty_putstrn(struct tty *tp, const char *p, size_t n)
 {
+	size_t i;
+
 	tty_lock_assert(tp, MA_OWNED);
 
 	if (tty_gone(tp))
 		return (-1);
 
-	ttydisc_echo_force(tp, c, 0);
+	for (i = 0; i < n; i++)
+		ttydisc_echo_force(tp, p[i], 0);
+
 	tp->t_writepos = tp->t_column;
 	ttyinq_reprintpos_set(&tp->t_inq);
 
 	ttydevsw_outwakeup(tp);
 	return (0);
 }
+
+int
+tty_putchar(struct tty *tp, char c)
+{
+	return (tty_putstrn(tp, &c, 1));
+}
diff --git a/freebsd/sys/kern/uipc_socket.c b/freebsd/sys/kern/uipc_socket.c
index 3143a392..aa045cd9 100644
--- a/freebsd/sys/kern/uipc_socket.c
+++ b/freebsd/sys/kern/uipc_socket.c
@@ -942,12 +942,13 @@ solisten_dequeue(struct socket *head, struct socket **ret, int flags)
 	if (head->so_error) {
 		error = head->so_error;
 		head->so_error = 0;
+	} else if ((head->so_state & SS_NBIO) && TAILQ_EMPTY(&head->sol_comp))
+		error = EWOULDBLOCK;
+	else
+		error = 0;
+	if (error) {
 		SOLISTEN_UNLOCK(head);
 		return (error);
-        }
-	if ((head->so_state & SS_NBIO) && TAILQ_EMPTY(&head->sol_comp)) {
-		SOLISTEN_UNLOCK(head);
-		return (EWOULDBLOCK);
 	}
 	so = TAILQ_FIRST(&head->sol_comp);
 	SOCK_LOCK(so);
@@ -1050,6 +1051,9 @@ sofree(struct socket *so)
 		so->so_error = ECONNABORTED;
 	SOCK_UNLOCK(so);
 
+	if (so->so_dtor != NULL)
+		so->so_dtor(so);
+
 	VNET_SO_ASSERT(so);
 	if (pr->pr_flags & PR_RIGHTS && pr->pr_domain->dom_dispose != NULL)
 		(*pr->pr_domain->dom_dispose)(so);
@@ -1126,8 +1130,6 @@ soclose(struct socket *so)
 drop:
 	if (so->so_proto->pr_usrreqs->pru_close != NULL)
 		(*so->so_proto->pr_usrreqs->pru_close)(so);
-	if (so->so_dtor != NULL)
-		so->so_dtor(so);
 
 	SOCK_LOCK(so);
 	if ((listening = (so->so_options & SO_ACCEPTCONN))) {
@@ -2620,11 +2622,20 @@ soshutdown(struct socket *so, int how)
 		 * both backward-compatibility and POSIX requirements by forcing
 		 * ENOTCONN but still asking protocol to perform pru_shutdown().
 		 */
-		if (so->so_type != SOCK_DGRAM)
+		if (so->so_type != SOCK_DGRAM && !SOLISTENING(so))
 			return (ENOTCONN);
 		soerror_enotconn = 1;
 	}
 
+	if (SOLISTENING(so)) {
+		if (how != SHUT_WR) {
+			SOLISTEN_LOCK(so);
+			so->so_error = ECONNABORTED;
+			solisten_wakeup(so);	/* unlocks so */
+		}
+		goto done;
+	}
+
 	CURVNET_SET(so->so_vnet);
 	if (pr->pr_usrreqs->pru_flush != NULL)
 		(*pr->pr_usrreqs->pru_flush)(so, how);
@@ -2639,6 +2650,7 @@ soshutdown(struct socket *so, int how)
 	wakeup(&so->so_timeo);
 	CURVNET_RESTORE();
 
+done:
 	return (soerror_enotconn ? ENOTCONN : 0);
 }
 
@@ -3324,6 +3336,8 @@ sopoll_generic(struct socket *so, int events, struct ucred *active_cred,
 			revents = 0;
 		else if (!TAILQ_EMPTY(&so->sol_comp))
 			revents = events & (POLLIN | POLLRDNORM);
+		else if ((events & POLLINIGNEOF) == 0 && so->so_error)
+			revents = (events & (POLLIN | POLLRDNORM)) | POLLHUP;
 		else {
 			selrecord(td, &so->so_rdsel);
 			revents = 0;
@@ -3609,6 +3623,11 @@ filt_soread(struct knote *kn, long hint)
 	if (SOLISTENING(so)) {
 		SOCK_LOCK_ASSERT(so);
 		kn->kn_data = so->sol_qlen;
+		if (so->so_error) {
+			kn->kn_flags |= EV_EOF;
+			kn->kn_fflags = so->so_error;
+			return (1);
+		}
 		return (!TAILQ_EMPTY(&so->sol_comp));
 	}
 
diff --git a/freebsd/sys/net/if.c b/freebsd/sys/net/if.c
index 4d3c303c..7721af11 100644
--- a/freebsd/sys/net/if.c
+++ b/freebsd/sys/net/if.c
@@ -271,7 +271,6 @@ static int	if_setflag(struct ifnet *, int, int, int *, int);
 static int	if_transmit(struct ifnet *ifp, struct mbuf *m);
 static void	if_unroute(struct ifnet *, int flag, int fam);
 static void	link_rtrequest(int, struct rtentry *, struct rt_addrinfo *);
-static int	ifhwioctl(u_long, struct ifnet *, caddr_t, struct thread *);
 static int	if_delmulti_locked(struct ifnet *, struct ifmultiaddr *, int);
 static void	do_link_state_change(void *, int);
 static int	if_getgroup(struct ifgroupreq *, struct ifnet *);
@@ -974,12 +973,18 @@ if_attachdomain1(struct ifnet *ifp)
 void
 if_purgeaddrs(struct ifnet *ifp)
 {
-	struct ifaddr *ifa, *next;
+	struct ifaddr *ifa;
 
-	NET_EPOCH_ENTER();
-	CK_STAILQ_FOREACH_SAFE(ifa, &ifp->if_addrhead, ifa_link, next) {
-		if (ifa->ifa_addr->sa_family == AF_LINK)
-			continue;
+	while (1) {
+		NET_EPOCH_ENTER();
+		CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
+			if (ifa->ifa_addr->sa_family != AF_LINK)
+				break;
+		}
+		NET_EPOCH_EXIT();
+
+		if (ifa == NULL)
+			break;
 #ifdef INET
 		/* XXX: Ugly!! ad hoc just for INET */
 		if (ifa->ifa_addr->sa_family == AF_INET) {
@@ -1006,7 +1011,6 @@ if_purgeaddrs(struct ifnet *ifp)
 		IF_ADDR_WUNLOCK(ifp);
 		ifa_free(ifa);
 	}
-	NET_EPOCH_EXIT();
 }
 
 /*
@@ -2521,7 +2525,7 @@ ifr_data_get_ptr(void *ifrp)
 /*
  * Hardware specific interface ioctls.
  */
-static int
+int
 ifhwioctl(u_long cmd, struct ifnet *ifp, caddr_t data, struct thread *td)
 {
 	struct ifreq *ifr;
diff --git a/freebsd/sys/net/if_gif.c b/freebsd/sys/net/if_gif.c
index 5a67e7ff..3a50316f 100644
--- a/freebsd/sys/net/if_gif.c
+++ b/freebsd/sys/net/if_gif.c
@@ -278,6 +278,7 @@ gif_transmit(struct ifnet *ifp, struct mbuf *m)
 	uint8_t proto, ecn;
 	int error;
 
+	GIF_RLOCK();
 #ifdef MAC
 	error = mac_ifnet_check_transmit(ifp, m);
 	if (error) {
@@ -286,10 +287,10 @@ gif_transmit(struct ifnet *ifp, struct mbuf *m)
 	}
 #endif
 	error = ENETDOWN;
-	GIF_RLOCK();
 	sc = ifp->if_softc;
 	if ((ifp->if_flags & IFF_MONITOR) != 0 ||
 	    (ifp->if_flags & IFF_UP) == 0 ||
+	    (ifp->if_drv_flags & IFF_DRV_RUNNING) == 0 ||
 	    sc->gif_family == 0 ||
 	    (error = if_tunnel_check_nesting(ifp, m, MTAG_GIF,
 		V_max_gif_nesting)) != 0) {
@@ -680,7 +681,6 @@ gif_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
 		    cmd == SIOCSIFPHYADDR_IN6 ||
 #endif
 		    0) {
-			ifp->if_drv_flags |= IFF_DRV_RUNNING;
 			if_link_state_change(ifp, LINK_STATE_UP);
 		}
 	}
@@ -695,6 +695,7 @@ gif_delete_tunnel(struct gif_softc *sc)
 
 	sx_assert(&gif_ioctl_sx, SA_XLOCKED);
 	if (sc->gif_family != 0) {
+		CK_LIST_REMOVE(sc, srchash);
 		CK_LIST_REMOVE(sc, chain);
 		/* Wait until it become safe to free gif_hdr */
 		GIF_WAIT();
diff --git a/freebsd/sys/net/if_gif.h b/freebsd/sys/net/if_gif.h
index 501a4e5d..264fe7b3 100644
--- a/freebsd/sys/net/if_gif.h
+++ b/freebsd/sys/net/if_gif.h
@@ -63,6 +63,7 @@ struct gif_softc {
 	} gif_uhdr;
 
 	CK_LIST_ENTRY(gif_softc) chain;
+	CK_LIST_ENTRY(gif_softc) srchash;
 };
 CK_LIST_HEAD(gif_list, gif_softc);
 MALLOC_DECLARE(M_GIF);
diff --git a/freebsd/sys/net/if_gre.c b/freebsd/sys/net/if_gre.c
index 5ff41259..4fbc105e 100644
--- a/freebsd/sys/net/if_gre.c
+++ b/freebsd/sys/net/if_gre.c
@@ -332,7 +332,6 @@ gre_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
 		    cmd == SIOCSIFPHYADDR_IN6 ||
 #endif
 		    0) {
-			ifp->if_drv_flags |= IFF_DRV_RUNNING;
 			if_link_state_change(ifp, LINK_STATE_UP);
 		}
 	}
@@ -348,6 +347,7 @@ gre_delete_tunnel(struct gre_softc *sc)
 	sx_assert(&gre_ioctl_sx, SA_XLOCKED);
 	if (sc->gre_family != 0) {
 		CK_LIST_REMOVE(sc, chain);
+		CK_LIST_REMOVE(sc, srchash);
 		GRE_WAIT();
 		free(sc->gre_hdr, M_GRE);
 		sc->gre_family = 0;
@@ -549,6 +549,7 @@ gre_setseqn(struct grehdr *gh, uint32_t seq)
 static int
 gre_transmit(struct ifnet *ifp, struct mbuf *m)
 {
+	GRE_RLOCK_TRACKER;
 	struct gre_softc *sc;
 	struct grehdr *gh;
 	uint32_t af;
@@ -556,6 +557,7 @@ gre_transmit(struct ifnet *ifp, struct mbuf *m)
 	uint16_t proto;
 
 	len = 0;
+	GRE_RLOCK();
 #ifdef MAC
 	error = mac_ifnet_check_transmit(ifp, m);
 	if (error) {
@@ -564,10 +566,10 @@ gre_transmit(struct ifnet *ifp, struct mbuf *m)
 	}
 #endif
 	error = ENETDOWN;
-	GRE_RLOCK();
 	sc = ifp->if_softc;
 	if ((ifp->if_flags & IFF_MONITOR) != 0 ||
 	    (ifp->if_flags & IFF_UP) == 0 ||
+	    (ifp->if_drv_flags & IFF_DRV_RUNNING) == 0 ||
 	    sc->gre_family == 0 ||
 	    (error = if_tunnel_check_nesting(ifp, m, MTAG_GRE,
 		V_max_gre_nesting)) != 0) {
@@ -575,6 +577,8 @@ gre_transmit(struct ifnet *ifp, struct mbuf *m)
 		goto drop;
 	}
 	af = m->m_pkthdr.csum_data;
+	BPF_MTAP2(ifp, &af, sizeof(af), m);
+	m->m_flags &= ~(M_BCAST|M_MCAST);
 	M_SETFIB(m, sc->gre_fibnum);
 	M_PREPEND(m, sc->gre_hlen, M_NOWAIT);
 	if (m == NULL) {
diff --git a/freebsd/sys/net/if_gre.h b/freebsd/sys/net/if_gre.h
index cc8b08f9..4b93321a 100644
--- a/freebsd/sys/net/if_gre.h
+++ b/freebsd/sys/net/if_gre.h
@@ -82,6 +82,7 @@ struct gre_softc {
 	} gre_uhdr;
 
 	CK_LIST_ENTRY(gre_softc) chain;
+	CK_LIST_ENTRY(gre_softc) srchash;
 };
 CK_LIST_HEAD(gre_list, gre_softc);
 MALLOC_DECLARE(M_GRE);
@@ -91,7 +92,8 @@ MALLOC_DECLARE(M_GRE);
 #endif
 
 #define	GRE2IFP(sc)		((sc)->gre_ifp)
-#define	GRE_RLOCK()		struct epoch_tracker gre_et; epoch_enter_preempt(net_epoch_preempt, &gre_et)
+#define	GRE_RLOCK_TRACKER	struct epoch_tracker gre_et
+#define	GRE_RLOCK()		epoch_enter_preempt(net_epoch_preempt, &gre_et)
 #define	GRE_RUNLOCK()		epoch_exit_preempt(net_epoch_preempt, &gre_et)
 #define	GRE_WAIT()		epoch_wait_preempt(net_epoch_preempt)
 
diff --git a/freebsd/sys/net/if_ipsec.c b/freebsd/sys/net/if_ipsec.c
index 5b1d5e82..08465911 100644
--- a/freebsd/sys/net/if_ipsec.c
+++ b/freebsd/sys/net/if_ipsec.c
@@ -1,8 +1,8 @@
 #include <machine/rtems-bsd-kernel-space.h>
 
 /*-
- * Copyright (c) 2016 Yandex LLC
- * Copyright (c) 2016 Andrey V. Elsukov <ae@FreeBSD.org>
+ * Copyright (c) 2016-2018 Yandex LLC
+ * Copyright (c) 2016-2018 Andrey V. Elsukov <ae@FreeBSD.org>
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -42,7 +42,6 @@ __FBSDID("$FreeBSD$");
 #include <sys/malloc.h>
 #include <sys/mbuf.h>
 #include <sys/module.h>
-#include <sys/rmlock.h>
 #include <sys/socket.h>
 #include <sys/sockio.h>
 #include <sys/sx.h>
@@ -63,6 +62,7 @@ __FBSDID("$FreeBSD$");
 #include <netinet/in.h>
 #include <netinet/in_var.h>
 #include <netinet/ip.h>
+#include <netinet/ip_encap.h>
 
 #include <netinet/ip6.h>
 #include <netinet6/in6_var.h>
@@ -89,57 +89,71 @@ static const char ipsecname[] = "ipsec";
 
 struct ipsec_softc {
 	struct ifnet		*ifp;
-
-	struct rmlock		lock;
 	struct secpolicy	*sp[IPSEC_SPCOUNT];
-
 	uint32_t		reqid;
 	u_int			family;
 	u_int			fibnum;
-	LIST_ENTRY(ipsec_softc)	chain;
-	LIST_ENTRY(ipsec_softc) hash;
+
+	CK_LIST_ENTRY(ipsec_softc) idhash;
+	CK_LIST_ENTRY(ipsec_softc) srchash;
 };
 
-#define	IPSEC_LOCK_INIT(sc)	rm_init(&(sc)->lock, "if_ipsec softc")
-#define	IPSEC_LOCK_DESTROY(sc)	rm_destroy(&(sc)->lock)
-#define	IPSEC_RLOCK_TRACKER	struct rm_priotracker ipsec_tracker
-#define	IPSEC_RLOCK(sc)		rm_rlock(&(sc)->lock, &ipsec_tracker)
-#define	IPSEC_RUNLOCK(sc)	rm_runlock(&(sc)->lock, &ipsec_tracker)
-#define	IPSEC_RLOCK_ASSERT(sc)	rm_assert(&(sc)->lock, RA_RLOCKED)
-#define	IPSEC_WLOCK(sc)		rm_wlock(&(sc)->lock)
-#define	IPSEC_WUNLOCK(sc)	rm_wunlock(&(sc)->lock)
-#define	IPSEC_WLOCK_ASSERT(sc)	rm_assert(&(sc)->lock, RA_WLOCKED)
-
-static struct rmlock ipsec_sc_lock;
-RM_SYSINIT(ipsec_sc_lock, &ipsec_sc_lock, "if_ipsec softc list");
-
-#define	IPSEC_SC_RLOCK_TRACKER	struct rm_priotracker ipsec_sc_tracker
-#define	IPSEC_SC_RLOCK()	rm_rlock(&ipsec_sc_lock, &ipsec_sc_tracker)
-#define	IPSEC_SC_RUNLOCK()	rm_runlock(&ipsec_sc_lock, &ipsec_sc_tracker)
-#define	IPSEC_SC_RLOCK_ASSERT()	rm_assert(&ipsec_sc_lock, RA_RLOCKED)
-#define	IPSEC_SC_WLOCK()	rm_wlock(&ipsec_sc_lock)
-#define	IPSEC_SC_WUNLOCK()	rm_wunlock(&ipsec_sc_lock)
-#define	IPSEC_SC_WLOCK_ASSERT()	rm_assert(&ipsec_sc_lock, RA_WLOCKED)
-
-LIST_HEAD(ipsec_iflist, ipsec_softc);
-VNET_DEFINE_STATIC(struct ipsec_iflist, ipsec_sc_list);
-VNET_DEFINE_STATIC(struct ipsec_iflist *, ipsec_sc_htbl);
-VNET_DEFINE_STATIC(u_long, ipsec_sc_hmask);
-#define	V_ipsec_sc_list		VNET(ipsec_sc_list)
-#define	V_ipsec_sc_htbl		VNET(ipsec_sc_htbl)
-#define	V_ipsec_sc_hmask	VNET(ipsec_sc_hmask)
-
-static uint32_t
-ipsec_hash(uint32_t id)
+#define	IPSEC_RLOCK_TRACKER	struct epoch_tracker ipsec_et
+#define	IPSEC_RLOCK()	epoch_enter_preempt(net_epoch_preempt, &ipsec_et)
+#define	IPSEC_RUNLOCK()	epoch_exit_preempt(net_epoch_preempt, &ipsec_et)
+#define	IPSEC_WAIT()	epoch_wait_preempt(net_epoch_preempt)
+
+#ifndef IPSEC_HASH_SIZE
+#define	IPSEC_HASH_SIZE	(1 << 5)
+#endif
+
+CK_LIST_HEAD(ipsec_iflist, ipsec_softc);
+VNET_DEFINE_STATIC(struct ipsec_iflist *, ipsec_idhtbl) = NULL;
+#define	V_ipsec_idhtbl		VNET(ipsec_idhtbl)
+
+#ifdef INET
+VNET_DEFINE_STATIC(struct ipsec_iflist *, ipsec4_srchtbl) = NULL;
+#define	V_ipsec4_srchtbl	VNET(ipsec4_srchtbl)
+static const struct srcaddrtab *ipsec4_srctab = NULL;
+#endif
+
+#ifdef INET6
+VNET_DEFINE_STATIC(struct ipsec_iflist *, ipsec6_srchtbl) = NULL;
+#define	V_ipsec6_srchtbl	VNET(ipsec6_srchtbl)
+static const struct srcaddrtab *ipsec6_srctab = NULL;
+#endif
+
+static struct ipsec_iflist *
+ipsec_idhash(uint32_t id)
 {
 
-	return (fnv_32_buf(&id, sizeof(id), FNV1_32_INIT));
+	return (&V_ipsec_idhtbl[fnv_32_buf(&id, sizeof(id),
+	    FNV1_32_INIT) & (IPSEC_HASH_SIZE - 1)]);
 }
 
-#define	SCHASH_NHASH_LOG2	5
-#define	SCHASH_NHASH		(1 << SCHASH_NHASH_LOG2)
-#define	SCHASH_HASHVAL(id)	(ipsec_hash((id)) & V_ipsec_sc_hmask)
-#define	SCHASH_HASH(id)		&V_ipsec_sc_htbl[SCHASH_HASHVAL(id)]
+static struct ipsec_iflist *
+ipsec_srchash(const struct sockaddr *sa)
+{
+	uint32_t hval;
+
+	switch (sa->sa_family) {
+#ifdef INET
+	case AF_INET:
+		hval = fnv_32_buf(
+		    &((const struct sockaddr_in *)sa)->sin_addr.s_addr,
+		    sizeof(in_addr_t), FNV1_32_INIT);
+		return (&V_ipsec4_srchtbl[hval & (IPSEC_HASH_SIZE - 1)]);
+#endif
+#ifdef INET6
+	case AF_INET6:
+		hval = fnv_32_buf(
+		    &((const struct sockaddr_in6 *)sa)->sin6_addr,
+		    sizeof(struct in6_addr), FNV1_32_INIT);
+		return (&V_ipsec6_srchtbl[hval & (IPSEC_HASH_SIZE - 1)]);
+#endif
+	}
+	return (NULL);
+}
 
 /*
  * ipsec_ioctl_sx protects from concurrent ioctls.
@@ -150,12 +164,14 @@ SX_SYSINIT(ipsec_ioctl_sx, &ipsec_ioctl_sx, "ipsec_ioctl");
 static int	ipsec_init_reqid(struct ipsec_softc *);
 static int	ipsec_set_tunnel(struct ipsec_softc *, struct sockaddr *,
     struct sockaddr *, uint32_t);
-static void	ipsec_delete_tunnel(struct ifnet *, int);
+static void	ipsec_delete_tunnel(struct ipsec_softc *);
 
 static int	ipsec_set_addresses(struct ifnet *, struct sockaddr *,
     struct sockaddr *);
-static int	ipsec_set_reqid(struct ifnet *, uint32_t);
+static int	ipsec_set_reqid(struct ipsec_softc *, uint32_t);
+static void	ipsec_set_running(struct ipsec_softc *);
 
+static void	ipsec_srcaddr(void *, const struct sockaddr *, int);
 static int	ipsec_ioctl(struct ifnet *, u_long, caddr_t);
 static int	ipsec_transmit(struct ifnet *, struct mbuf *);
 static int	ipsec_output(struct ifnet *, struct mbuf *,
@@ -180,7 +196,6 @@ ipsec_clone_create(struct if_clone *ifc, int unit, caddr_t params)
 	sc->fibnum = BSD_DEFAULT_FIB;
 #endif /* __rtems__ */
 	sc->ifp = ifp = if_alloc(IFT_TUNNEL);
-	IPSEC_LOCK_INIT(sc);
 	ifp->if_softc = sc;
 	if_initname(ifp, ipsecname, unit);
 
@@ -194,9 +209,6 @@ ipsec_clone_create(struct if_clone *ifc, int unit, caddr_t params)
 	if_attach(ifp);
 	bpfattach(ifp, DLT_NULL, sizeof(uint32_t));
 
-	IPSEC_SC_WLOCK();
-	LIST_INSERT_HEAD(&V_ipsec_sc_list, sc, chain);
-	IPSEC_SC_WUNLOCK();
 	return (0);
 }
 
@@ -207,28 +219,48 @@ ipsec_clone_destroy(struct ifnet *ifp)
 
 	sx_xlock(&ipsec_ioctl_sx);
 	sc = ifp->if_softc;
-
-	IPSEC_SC_WLOCK();
-	ipsec_delete_tunnel(ifp, 1);
-	LIST_REMOVE(sc, chain);
-	IPSEC_SC_WUNLOCK();
-
+	ipsec_delete_tunnel(sc);
 	bpfdetach(ifp);
 	if_detach(ifp);
 	ifp->if_softc = NULL;
 	sx_xunlock(&ipsec_ioctl_sx);
 
+	IPSEC_WAIT();
 	if_free(ifp);
-	IPSEC_LOCK_DESTROY(sc);
 	free(sc, M_IPSEC);
 }
 
+static struct ipsec_iflist *
+ipsec_hashinit(void)
+{
+	struct ipsec_iflist *hash;
+	int i;
+
+	hash = malloc(sizeof(struct ipsec_iflist) * IPSEC_HASH_SIZE,
+	    M_IPSEC, M_WAITOK);
+	for (i = 0; i < IPSEC_HASH_SIZE; i++)
+		CK_LIST_INIT(&hash[i]);
+
+	return (hash);
+}
+
 static void
 vnet_ipsec_init(const void *unused __unused)
 {
 
-	LIST_INIT(&V_ipsec_sc_list);
-	V_ipsec_sc_htbl = hashinit(SCHASH_NHASH, M_IPSEC, &V_ipsec_sc_hmask);
+	V_ipsec_idhtbl = ipsec_hashinit();
+#ifdef INET
+	V_ipsec4_srchtbl = ipsec_hashinit();
+	if (IS_DEFAULT_VNET(curvnet))
+		ipsec4_srctab = ip_encap_register_srcaddr(ipsec_srcaddr,
+		    NULL, M_WAITOK);
+#endif
+#ifdef INET6
+	V_ipsec6_srchtbl = ipsec_hashinit();
+	if (IS_DEFAULT_VNET(curvnet))
+		ipsec6_srctab = ip6_encap_register_srcaddr(ipsec_srcaddr,
+		    NULL, M_WAITOK);
+#endif
 	V_ipsec_cloner = if_clone_simple(ipsecname, ipsec_clone_create,
 	    ipsec_clone_destroy, 0);
 }
@@ -240,7 +272,17 @@ vnet_ipsec_uninit(const void *unused __unused)
 {
 
 	if_clone_detach(V_ipsec_cloner);
-	hashdestroy(V_ipsec_sc_htbl, M_IPSEC, V_ipsec_sc_hmask);
+	free(V_ipsec_idhtbl, M_IPSEC);
+#ifdef INET
+	if (IS_DEFAULT_VNET(curvnet))
+		ip_encap_unregister_srcaddr(ipsec4_srctab);
+	free(V_ipsec4_srchtbl, M_IPSEC);
+#endif
+#ifdef INET6
+	if (IS_DEFAULT_VNET(curvnet))
+		ip6_encap_unregister_srcaddr(ipsec6_srctab);
+	free(V_ipsec6_srchtbl, M_IPSEC);
+#endif
 }
 VNET_SYSUNINIT(vnet_ipsec_uninit, SI_SUB_PROTO_IFATTACHDOMAIN, SI_ORDER_ANY,
     vnet_ipsec_uninit, NULL);
@@ -287,6 +329,7 @@ ipsec_transmit(struct ifnet *ifp, struct mbuf *m)
 	uint32_t af;
 	int error;
 
+	IPSEC_RLOCK();
 #ifdef MAC
 	error = mac_ifnet_check_transmit(ifp, m);
 	if (error) {
@@ -298,7 +341,7 @@ ipsec_transmit(struct ifnet *ifp, struct mbuf *m)
 	sc = ifp->if_softc;
 	if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0 ||
 	    (ifp->if_flags & IFF_MONITOR) != 0 ||
-	    (ifp->if_flags & IFF_UP) == 0) {
+	    (ifp->if_flags & IFF_UP) == 0 || sc->family == 0) {
 		m_freem(m);
 		goto err;
 	}
@@ -333,16 +376,9 @@ ipsec_transmit(struct ifnet *ifp, struct mbuf *m)
 		goto err;
 	}
 
-	IPSEC_RLOCK(sc);
-	if (sc->family == 0) {
-		IPSEC_RUNLOCK(sc);
-		m_freem(m);
-		goto err;
-	}
 	sp = ipsec_getpolicy(sc, IPSEC_DIR_OUTBOUND, af);
 	key_addref(sp);
 	M_SETFIB(m, sc->fibnum);
-	IPSEC_RUNLOCK(sc);
 
 	BPF_MTAP2(ifp, &af, sizeof(af), m);
 	if_inc_counter(ifp, IFCOUNTER_OPACKETS, 1);
@@ -365,6 +401,7 @@ ipsec_transmit(struct ifnet *ifp, struct mbuf *m)
 err:
 	if (error != 0)
 		if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
+	IPSEC_RUNLOCK();
 	return (error);
 }
 
@@ -385,7 +422,7 @@ ipsec_output(struct ifnet *ifp, struct mbuf *m, const struct sockaddr *dst,
 int
 ipsec_if_input(struct mbuf *m, struct secasvar *sav, uint32_t af)
 {
-	IPSEC_SC_RLOCK_TRACKER;
+	IPSEC_RLOCK_TRACKER;
 	struct secasindex *saidx;
 	struct ipsec_softc *sc;
 	struct ifnet *ifp;
@@ -400,13 +437,10 @@ ipsec_if_input(struct mbuf *m, struct secasvar *sav, uint32_t af)
 	    sav->sah->saidx.proto != IPPROTO_ESP)
 		return (0);
 
-	IPSEC_SC_RLOCK();
-	/*
-	 * We only acquire SC_RLOCK() while we are doing search in
-	 * ipsec_sc_htbl. It is safe, because removing softc or changing
-	 * of reqid/addresses requires removing from hash table.
-	 */
-	LIST_FOREACH(sc, SCHASH_HASH(sav->sah->saidx.reqid), hash) {
+	IPSEC_RLOCK();
+	CK_LIST_FOREACH(sc, ipsec_idhash(sav->sah->saidx.reqid), idhash) {
+		if (sc->family == 0)
+			continue;
 		saidx = ipsec_getsaidx(sc, IPSEC_DIR_INBOUND,
 		    sav->sah->saidx.src.sa.sa_family);
 		/* SA's reqid should match reqid in SP */
@@ -422,14 +456,14 @@ ipsec_if_input(struct mbuf *m, struct secasvar *sav, uint32_t af)
 			break;
 	}
 	if (sc == NULL) {
-		IPSEC_SC_RUNLOCK();
+		IPSEC_RUNLOCK();
 		/* Tunnel was not found. Nothing to do. */
 		return (0);
 	}
 	ifp = sc->ifp;
 	if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0 ||
 	    (ifp->if_flags & IFF_UP) == 0) {
-		IPSEC_SC_RUNLOCK();
+		IPSEC_RUNLOCK();
 		m_freem(m);
 		return (ENETDOWN);
 	}
@@ -438,7 +472,6 @@ ipsec_if_input(struct mbuf *m, struct secasvar *sav, uint32_t af)
 	 * Set its ifnet as receiving interface.
 	 */
 	m->m_pkthdr.rcvif = ifp;
-	IPSEC_SC_RUNLOCK();
 
 	m_clrprotoflags(m);
 	M_SETFIB(m, ifp->if_fib);
@@ -446,17 +479,17 @@ ipsec_if_input(struct mbuf *m, struct secasvar *sav, uint32_t af)
 	if_inc_counter(ifp, IFCOUNTER_IPACKETS, 1);
 	if_inc_counter(ifp, IFCOUNTER_IBYTES, m->m_pkthdr.len);
 	if ((ifp->if_flags & IFF_MONITOR) != 0) {
+		IPSEC_RUNLOCK();
 		m_freem(m);
 		return (ENETDOWN);
 	}
+	IPSEC_RUNLOCK();
 	return (0);
 }
 
-/* XXX how should we handle IPv6 scope on SIOC[GS]IFPHYADDR? */
-int
+static int
 ipsec_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
 {
-	IPSEC_RLOCK_TRACKER;
 	struct ifreq *ifr = (struct ifreq*)data;
 	struct sockaddr *dst, *src;
 	struct ipsec_softc *sc;
@@ -570,9 +603,10 @@ ipsec_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
 #endif
 #ifdef INET6
 		case AF_INET6:
-			if (IN6_IS_ADDR_UNSPECIFIED(&satosin6(src)->sin6_addr)
-			    ||
-			    IN6_IS_ADDR_UNSPECIFIED(&satosin6(dst)->sin6_addr))
+			if (IN6_IS_ADDR_UNSPECIFIED(
+			    &satosin6(src)->sin6_addr) ||
+			    IN6_IS_ADDR_UNSPECIFIED(
+			    &satosin6(dst)->sin6_addr))
 				goto bad;
 			/*
 			 * Check validity of the scope zone ID of the
@@ -590,7 +624,7 @@ ipsec_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
 		error = ipsec_set_addresses(ifp, src, dst);
 		break;
 	case SIOCDIFPHYADDR:
-		ipsec_delete_tunnel(ifp, 0);
+		ipsec_delete_tunnel(sc);
 		break;
 	case SIOCGIFPSRCADDR:
 	case SIOCGIFPDSTADDR:
@@ -598,9 +632,7 @@ ipsec_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
 	case SIOCGIFPSRCADDR_IN6:
 	case SIOCGIFPDSTADDR_IN6:
 #endif
-		IPSEC_RLOCK(sc);
 		if (sc->family == 0) {
-			IPSEC_RUNLOCK(sc);
 			error = EADDRNOTAVAIL;
 			break;
 		}
@@ -656,7 +688,6 @@ ipsec_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
 #endif
 			}
 		}
-		IPSEC_RUNLOCK(sc);
 		if (error != 0)
 			break;
 		switch (cmd) {
@@ -702,7 +733,7 @@ ipsec_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
 		error = copyin(ifr_data_get_ptr(ifr), &reqid, sizeof(reqid));
 		if (error != 0)
 			break;
-		error = ipsec_set_reqid(ifp, reqid);
+		error = ipsec_set_reqid(sc, reqid);
 		break;
 	default:
 		error = EINVAL;
@@ -714,6 +745,59 @@ bad:
 }
 
 /*
+ * Check that ingress address belongs to local host.
+ */
+static void
+ipsec_set_running(struct ipsec_softc *sc)
+{
+	struct secasindex *saidx;
+	int localip;
+
+	saidx = ipsec_getsaidx(sc, IPSEC_DIR_OUTBOUND, sc->family);
+	localip = 0;
+	switch (sc->family) {
+#ifdef INET
+	case AF_INET:
+		localip = in_localip(saidx->src.sin.sin_addr);
+		break;
+#endif
+#ifdef INET6
+	case AF_INET6:
+		localip = in6_localip(&saidx->src.sin6.sin6_addr);
+		break;
+#endif
+	}
+	if (localip != 0)
+		sc->ifp->if_drv_flags |= IFF_DRV_RUNNING;
+	else
+		sc->ifp->if_drv_flags &= ~IFF_DRV_RUNNING;
+}
+
+/*
+ * ifaddr_event handler.
+ * Clear IFF_DRV_RUNNING flag when ingress address disappears to prevent
+ * source address spoofing.
+ */
+static void
+ipsec_srcaddr(void *arg __unused, const struct sockaddr *sa,
+    int event __unused)
+{
+	struct ipsec_softc *sc;
+	struct secasindex *saidx;
+
+	MPASS(in_epoch(net_epoch_preempt));
+	CK_LIST_FOREACH(sc, ipsec_srchash(sa), srchash) {
+		if (sc->family == 0)
+			continue;
+		saidx = ipsec_getsaidx(sc, IPSEC_DIR_OUTBOUND, sa->sa_family);
+		if (saidx == NULL ||
+		    key_sockaddrcmp(&saidx->src.sa, sa, 0) != 0)
+			continue;
+		ipsec_set_running(sc);
+	}
+}
+
+/*
  * Allocate new private security policies for tunneling interface.
  * Each tunneling interface has following security policies for
  * both AF:
@@ -785,8 +869,8 @@ ipsec_check_reqid(uint32_t reqid)
 {
 	struct ipsec_softc *sc;
 
-	IPSEC_SC_RLOCK_ASSERT();
-	LIST_FOREACH(sc, &V_ipsec_sc_list, chain) {
+	sx_assert(&ipsec_ioctl_sx, SA_XLOCKED);
+	CK_LIST_FOREACH(sc, ipsec_idhash(reqid), idhash) {
 		if (sc->reqid == reqid)
 			return (EEXIST);
 	}
@@ -806,8 +890,7 @@ ipsec_init_reqid(struct ipsec_softc *sc)
 	uint32_t reqid;
 	int trycount;
 
-	IPSEC_SC_RLOCK_ASSERT();
-
+	sx_assert(&ipsec_ioctl_sx, SA_XLOCKED);
 	if (sc->reqid != 0) /* already initialized */
 		return (0);
 
@@ -820,6 +903,7 @@ ipsec_init_reqid(struct ipsec_softc *sc)
 	if (trycount == 0)
 		return (EEXIST);
 	sc->reqid = reqid;
+	CK_LIST_INSERT_HEAD(ipsec_idhash(reqid), sc, idhash);
 	return (0);
 }
 
@@ -830,34 +914,30 @@ ipsec_init_reqid(struct ipsec_softc *sc)
  * Also softc would not disappear while we hold ioctl_sx lock.
  */
 static int
-ipsec_set_reqid(struct ifnet *ifp, uint32_t reqid)
+ipsec_set_reqid(struct ipsec_softc *sc, uint32_t reqid)
 {
-	IPSEC_SC_RLOCK_TRACKER;
-	struct ipsec_softc *sc;
 	struct secasindex *saidx;
 
 	sx_assert(&ipsec_ioctl_sx, SA_XLOCKED);
 
-	sc = ifp->if_softc;
 	if (sc->reqid == reqid && reqid != 0)
 		return (0);
 
-	IPSEC_SC_RLOCK();
 	if (reqid != 0) {
 		/* Check that specified reqid doesn't exist */
-		if (ipsec_check_reqid(reqid) != 0) {
-			IPSEC_SC_RUNLOCK();
+		if (ipsec_check_reqid(reqid) != 0)
 			return (EEXIST);
+		if (sc->reqid != 0) {
+			CK_LIST_REMOVE(sc, idhash);
+			IPSEC_WAIT();
 		}
 		sc->reqid = reqid;
+		CK_LIST_INSERT_HEAD(ipsec_idhash(reqid), sc, idhash);
 	} else {
 		/* Generate new reqid */
-		if (ipsec_init_reqid(sc) != 0) {
-			IPSEC_SC_RUNLOCK();
+		if (ipsec_init_reqid(sc) != 0)
 			return (EEXIST);
-		}
 	}
-	IPSEC_SC_RUNLOCK();
 
 	/* Tunnel isn't fully configured, just return. */
 	if (sc->family == 0)
@@ -877,7 +957,6 @@ static int
 ipsec_set_addresses(struct ifnet *ifp, struct sockaddr *src,
     struct sockaddr *dst)
 {
-	IPSEC_SC_RLOCK_TRACKER;
 	struct ipsec_softc *sc, *tsc;
 	struct secasindex *saidx;
 
@@ -893,43 +972,21 @@ ipsec_set_addresses(struct ifnet *ifp, struct sockaddr *src,
 			return (0); /* Nothing has been changed. */
 
 	}
-	/*
-	 * We cannot service IPsec tunnel when source address is
-	 * not our own.
-	 */
-#ifdef INET
-	if (src->sa_family == AF_INET &&
-	    in_localip(satosin(src)->sin_addr) == 0)
-		return (EADDRNOTAVAIL);
-#endif
-#ifdef INET6
-	/*
-	 * NOTE: IPv6 addresses are in kernel internal form with
-	 * embedded scope zone id.
-	 */
-	if (src->sa_family == AF_INET6 &&
-	    in6_localip(&satosin6(src)->sin6_addr) == 0)
-		return (EADDRNOTAVAIL);
-#endif
 	/* Check that given addresses aren't already configured */
-	IPSEC_SC_RLOCK();
-	LIST_FOREACH(tsc, &V_ipsec_sc_list, chain) {
-		if (tsc == sc || tsc->family != src->sa_family)
+	CK_LIST_FOREACH(tsc, ipsec_srchash(src), srchash) {
+		if (tsc == sc)
 			continue;
+		MPASS(tsc->family == src->sa_family);
 		saidx = ipsec_getsaidx(tsc, IPSEC_DIR_OUTBOUND, tsc->family);
 		if (key_sockaddrcmp(&saidx->src.sa, src, 0) == 0 &&
 		    key_sockaddrcmp(&saidx->dst.sa, dst, 0) == 0) {
 			/* We already have tunnel with such addresses */
-			IPSEC_SC_RUNLOCK();
 			return (EADDRNOTAVAIL);
 		}
 	}
 	/* If reqid is not set, generate new one. */
-	if (ipsec_init_reqid(sc) != 0) {
-		IPSEC_SC_RUNLOCK();
+	if (ipsec_init_reqid(sc) != 0)
 		return (EEXIST);
-	}
-	IPSEC_SC_RUNLOCK();
 	return (ipsec_set_tunnel(sc, src, dst, sc->reqid));
 }
 
@@ -938,8 +995,7 @@ ipsec_set_tunnel(struct ipsec_softc *sc, struct sockaddr *src,
     struct sockaddr *dst, uint32_t reqid)
 {
 	struct secpolicy *sp[IPSEC_SPCOUNT];
-	struct secpolicy *oldsp[IPSEC_SPCOUNT];
-	int i, f;
+	int i;
 
 	sx_assert(&ipsec_ioctl_sx, SA_XLOCKED);
 
@@ -951,58 +1007,41 @@ ipsec_set_tunnel(struct ipsec_softc *sc, struct sockaddr *src,
 				key_freesp(&sp[i]);
 			return (EAGAIN);
 		}
-		IPSEC_SC_WLOCK();
-		if ((f = sc->family) != 0)
-			LIST_REMOVE(sc, hash);
-		IPSEC_WLOCK(sc);
-		for (i = 0; i < IPSEC_SPCOUNT; i++) {
-			oldsp[i] = sc->sp[i];
+		if (sc->family != 0)
+			ipsec_delete_tunnel(sc);
+		for (i = 0; i < IPSEC_SPCOUNT; i++)
 			sc->sp[i] = sp[i];
-		}
 		sc->family = src->sa_family;
-		IPSEC_WUNLOCK(sc);
-		LIST_INSERT_HEAD(SCHASH_HASH(sc->reqid), sc, hash);
-		IPSEC_SC_WUNLOCK();
+		CK_LIST_INSERT_HEAD(ipsec_srchash(src), sc, srchash);
 	} else {
 		sc->ifp->if_drv_flags &= ~IFF_DRV_RUNNING;
 		return (ENOMEM);
 	}
-
-	sc->ifp->if_drv_flags |= IFF_DRV_RUNNING;
-	if (f != 0) {
-		key_unregister_ifnet(oldsp, IPSEC_SPCOUNT);
-		for (i = 0; i < IPSEC_SPCOUNT; i++)
-			key_freesp(&oldsp[i]);
-	}
+	ipsec_set_running(sc);
 	return (0);
 }
 
 static void
-ipsec_delete_tunnel(struct ifnet *ifp, int locked)
+ipsec_delete_tunnel(struct ipsec_softc *sc)
 {
-	struct ipsec_softc *sc = ifp->if_softc;
-	struct secpolicy *oldsp[IPSEC_SPCOUNT];
 	int i;
 
 	sx_assert(&ipsec_ioctl_sx, SA_XLOCKED);
 
-	ifp->if_drv_flags &= ~IFF_DRV_RUNNING;
+	sc->ifp->if_drv_flags &= ~IFF_DRV_RUNNING;
 	if (sc->family != 0) {
-		if (!locked)
-			IPSEC_SC_WLOCK();
-		/* Remove from hash table */
-		LIST_REMOVE(sc, hash);
-		IPSEC_WLOCK(sc);
-		for (i = 0; i < IPSEC_SPCOUNT; i++) {
-			oldsp[i] = sc->sp[i];
-			sc->sp[i] = NULL;
-		}
+		CK_LIST_REMOVE(sc, srchash);
+		IPSEC_WAIT();
+
+		/*
+		 * Make sure that ipsec_if_input() will not do access
+		 * to softc's policies.
+		 */
 		sc->family = 0;
-		IPSEC_WUNLOCK(sc);
-		if (!locked)
-			IPSEC_SC_WUNLOCK();
-		key_unregister_ifnet(oldsp, IPSEC_SPCOUNT);
+		IPSEC_WAIT();
+
+		key_unregister_ifnet(sc->sp, IPSEC_SPCOUNT);
 		for (i = 0; i < IPSEC_SPCOUNT; i++)
-			key_freesp(&oldsp[i]);
+			key_freesp(&sc->sp[i]);
 	}
 }
diff --git a/freebsd/sys/net/if_lagg.c b/freebsd/sys/net/if_lagg.c
index 4d5aaa29..632ea744 100644
--- a/freebsd/sys/net/if_lagg.c
+++ b/freebsd/sys/net/if_lagg.c
@@ -2035,15 +2035,18 @@ lagg_lb_porttable(struct lagg_softc *sc, struct lagg_port *lp)
 {
 	struct lagg_lb *lb = (struct lagg_lb *)sc->sc_psc;
 	struct lagg_port *lp_next;
-	int i = 0;
+	int i = 0, rv;
 
+	rv = 0;
 	bzero(&lb->lb_ports, sizeof(lb->lb_ports));
 	LAGG_RLOCK();
 	CK_SLIST_FOREACH(lp_next, &sc->sc_ports, lp_entries) {
 		if (lp_next == lp)
 			continue;
-		if (i >= LAGG_MAX_PORTS)
-			return (EINVAL);
+		if (i >= LAGG_MAX_PORTS) {
+			rv = EINVAL;
+			break;
+		}
 		if (sc->sc_ifflags & IFF_DEBUG)
 			printf("%s: port %s at index %d\n",
 			    sc->sc_ifname, lp_next->lp_ifp->if_xname, i);
@@ -2051,7 +2054,7 @@ lagg_lb_porttable(struct lagg_softc *sc, struct lagg_port *lp)
 	}
 	LAGG_RUNLOCK();
 
-	return (0);
+	return (rv);
 }
 
 static int
diff --git a/freebsd/sys/net/if_tap.c b/freebsd/sys/net/if_tap.c
index c918a14e..a540a59a 100644
--- a/freebsd/sys/net/if_tap.c
+++ b/freebsd/sys/net/if_tap.c
@@ -729,10 +729,12 @@ tapifstart(struct ifnet *ifp)
 static int
 tapioctl(struct cdev *dev, u_long cmd, caddr_t data, int flag, struct thread *td)
 {
+	struct ifreq		 ifr;
 	struct tap_softc	*tp = dev->si_drv1;
 	struct ifnet		*ifp = tp->tap_ifp;
 	struct tapinfo		*tapp = NULL;
 	int			 f;
+	int			 error;
 #if defined(COMPAT_FREEBSD6) || defined(COMPAT_FREEBSD5) || \
     defined(COMPAT_FREEBSD4)
 	int			 ival;
@@ -744,7 +746,18 @@ tapioctl(struct cdev *dev, u_long cmd, caddr_t data, int flag, struct thread *td
 			if (ifp->if_type != tapp->type)
 				return (EPROTOTYPE);
 			mtx_lock(&tp->tap_mtx);
-			ifp->if_mtu = tapp->mtu;
+			if (ifp->if_mtu != tapp->mtu) {
+				strlcpy(ifr.ifr_name, if_name(ifp), IFNAMSIZ);
+				ifr.ifr_mtu = tapp->mtu;
+				CURVNET_SET(ifp->if_vnet);
+				error = ifhwioctl(SIOCSIFMTU, ifp,
+				    (caddr_t)&ifr, td);
+				CURVNET_RESTORE();
+				if (error) {
+					mtx_unlock(&tp->tap_mtx);
+					return (error);
+				}
+			}
 			ifp->if_baudrate = tapp->baudrate;
 			mtx_unlock(&tp->tap_mtx);
 			break;
diff --git a/freebsd/sys/net/if_tun.c b/freebsd/sys/net/if_tun.c
index 14a75645..328b1963 100644
--- a/freebsd/sys/net/if_tun.c
+++ b/freebsd/sys/net/if_tun.c
@@ -672,24 +672,29 @@ static	int
 tunioctl(struct cdev *dev, u_long cmd, caddr_t data, int flag,
     struct thread *td)
 {
-	int		error;
+	struct ifreq ifr;
 	struct tun_softc *tp = dev->si_drv1;
 	struct tuninfo *tunp;
+	int error;
 
 	switch (cmd) {
 	case TUNSIFINFO:
 		tunp = (struct tuninfo *)data;
-		if (tunp->mtu < IF_MINMTU)
-			return (EINVAL);
-		if (TUN2IFP(tp)->if_mtu != tunp->mtu) {
-			error = priv_check(td, PRIV_NET_SETIFMTU);
-			if (error)
-				return (error);
-		}
 		if (TUN2IFP(tp)->if_type != tunp->type)
 			return (EPROTOTYPE);
 		mtx_lock(&tp->tun_mtx);
-		TUN2IFP(tp)->if_mtu = tunp->mtu;
+		if (TUN2IFP(tp)->if_mtu != tunp->mtu) {
+			strlcpy(ifr.ifr_name, if_name(TUN2IFP(tp)), IFNAMSIZ);
+			ifr.ifr_mtu = tunp->mtu;
+			CURVNET_SET(TUN2IFP(tp)->if_vnet);
+			error = ifhwioctl(SIOCSIFMTU, TUN2IFP(tp),
+			    (caddr_t)&ifr, td);
+			CURVNET_RESTORE();
+			if (error) {
+				mtx_unlock(&tp->tun_mtx);
+				return (error);
+			}
+		}
 		TUN2IFP(tp)->if_baudrate = tunp->baudrate;
 		mtx_unlock(&tp->tun_mtx);
 		break;
diff --git a/freebsd/sys/net/if_var.h b/freebsd/sys/net/if_var.h
index 00fcbebd..6504837b 100644
--- a/freebsd/sys/net/if_var.h
+++ b/freebsd/sys/net/if_var.h
@@ -434,6 +434,7 @@ struct rtems_ifinputreq {
 #define	NET_EPOCH_ENTER_ET(et) epoch_enter_preempt(net_epoch_preempt, &(et))
 #define	NET_EPOCH_EXIT() epoch_exit_preempt(net_epoch_preempt, &nep_et)
 #define	NET_EPOCH_EXIT_ET(et) epoch_exit_preempt(net_epoch_preempt, &(et))
+#define	NET_EPOCH_WAIT() epoch_wait_preempt(net_epoch_preempt)
 
 
 /*
@@ -454,6 +455,11 @@ EVENTHANDLER_DECLARE(iflladdr_event, iflladdr_event_handler_t);
 /* interface address change event */
 typedef void (*ifaddr_event_handler_t)(void *, struct ifnet *);
 EVENTHANDLER_DECLARE(ifaddr_event, ifaddr_event_handler_t);
+typedef void (*ifaddr_event_ext_handler_t)(void *, struct ifnet *,
+    struct ifaddr *, int);
+EVENTHANDLER_DECLARE(ifaddr_event_ext, ifaddr_event_ext_handler_t);
+#define	IFADDR_EVENT_ADD	0
+#define	IFADDR_EVENT_DEL	1
 /* new interface arrival event */
 typedef void (*ifnet_arrival_event_handler_t)(void *, struct ifnet *);
 EVENTHANDLER_DECLARE(ifnet_arrival_event, ifnet_arrival_event_handler_t);
@@ -782,6 +788,8 @@ int if_hw_tsomax_update(if_t ifp, struct ifnet_hw_tsomax *);
 /* accessors for struct ifreq */
 void *ifr_data_get_ptr(void *ifrp);
 
+int ifhwioctl(u_long, struct ifnet *, caddr_t, struct thread *);
+
 #ifdef DEVICE_POLLING
 enum poll_cmd { POLL_ONLY, POLL_AND_CHECK_STATUS };
 
diff --git a/freebsd/sys/net/if_vlan.c b/freebsd/sys/net/if_vlan.c
index 22061dc4..6f07b4b4 100644
--- a/freebsd/sys/net/if_vlan.c
+++ b/freebsd/sys/net/if_vlan.c
@@ -89,11 +89,11 @@ __FBSDID("$FreeBSD$");
 #define	UP_AND_RUNNING(ifp) \
     ((ifp)->if_flags & IFF_UP && (ifp)->if_drv_flags & IFF_DRV_RUNNING)
 
-LIST_HEAD(ifvlanhead, ifvlan);
+CK_SLIST_HEAD(ifvlanhead, ifvlan);
 
 struct ifvlantrunk {
 	struct	ifnet   *parent;	/* parent interface of this trunk */
-	struct	rmlock	lock;
+	struct	mtx	lock;
 #ifdef VLAN_ARRAY
 #define	VLAN_ARRAY_SIZE	(EVL_VLID_MASK + 1)
 	struct	ifvlan	*vlans[VLAN_ARRAY_SIZE]; /* static table */
@@ -119,7 +119,7 @@ struct ifvlantrunk {
 	struct ifvlan *_next; \
 	size_t _i; \
 	for (_i = 0; _i < (1 << (_trunk)->hwidth); _i++) \
-		LIST_FOREACH_SAFE((_ifv), &(_trunk)->hash[_i], ifv_list, _next)
+		CK_SLIST_FOREACH_SAFE((_ifv), &(_trunk)->hash[_i], ifv_list, _next)
 #endif /* VLAN_ARRAY */
 
 /*
@@ -148,13 +148,14 @@ struct ifvlantrunk {
 	for (_i = 0; \
 	    !(_cond) && _i < (1 << (_trunk)->hwidth); \
 	    _i = (_touch && ((_trunk) != NULL) ? 0 : _i + 1), _touch = false) \
-		if (((_ifv) = LIST_FIRST(&(_trunk)->hash[_i])) != NULL && \
+		if (((_ifv) = CK_SLIST_FIRST(&(_trunk)->hash[_i])) != NULL && \
 		    (_touch = true))
 #endif /* VLAN_ARRAY */
 
 struct vlan_mc_entry {
 	struct sockaddr_dl		mc_addr;
-	SLIST_ENTRY(vlan_mc_entry)	mc_entries;
+	CK_SLIST_ENTRY(vlan_mc_entry)	mc_entries;
+	struct epoch_context		mc_epoch_ctx;
 };
 
 struct	ifvlan {
@@ -175,9 +176,9 @@ struct	ifvlan {
 		uint8_t	ifvm_pcp;	/* Priority Code Point (PCP). */
 	}	ifv_mib;
 	struct task lladdr_task;
-	SLIST_HEAD(, vlan_mc_entry) vlan_mc_listhead;
+	CK_SLIST_HEAD(, vlan_mc_entry) vlan_mc_listhead;
 #ifndef VLAN_ARRAY
-	LIST_ENTRY(ifvlan) ifv_list;
+	CK_SLIST_ENTRY(ifvlan) ifv_list;
 #endif
 };
 #define	ifv_proto	ifv_mib.ifvm_proto
@@ -207,55 +208,36 @@ static eventhandler_tag ifdetach_tag;
 static eventhandler_tag iflladdr_tag;
 
 /*
- * if_vlan uses two module-level locks to allow concurrent modification of vlan
- * interfaces and (mostly) allow for vlans to be destroyed while they are being
- * used for tx/rx. To accomplish this in a way that has acceptable performance
- * and cooperation with other parts of the network stack there is a
- * non-sleepable rmlock(9) and an sx(9). Both locks are exclusively acquired
- * when destroying a vlan interface, i.e. when the if_vlantrunk field of struct
- * ifnet is de-allocated and NULL'd. Thus a reader holding either lock has a
- * guarantee that the struct ifvlantrunk references a valid vlan trunk.
+ * if_vlan uses two module-level synchronizations primitives to allow concurrent 
+ * modification of vlan interfaces and (mostly) allow for vlans to be destroyed 
+ * while they are being used for tx/rx. To accomplish this in a way that has 
+ * acceptable performance and cooperation with other parts of the network stack
+ * there is a non-sleepable epoch(9) and an sx(9).
  *
- * The performance-sensitive paths that warrant using the rmlock(9) are
+ * The performance-sensitive paths that warrant using the epoch(9) are
  * vlan_transmit and vlan_input. Both have to check for the vlan interface's
  * existence using if_vlantrunk, and being in the network tx/rx paths the use
- * of an rmlock(9) gives a measureable improvement in performance.
+ * of an epoch(9) gives a measureable improvement in performance.
  *
  * The reason for having an sx(9) is mostly because there are still areas that
  * must be sleepable and also have safe concurrent access to a vlan interface.
  * Since the sx(9) exists, it is used by default in most paths unless sleeping
  * is not permitted, or if it is not clear whether sleeping is permitted.
  *
- * Note that despite these protections, there is still an inherent race in the
- * destruction of vlans since there's no guarantee that the ifnet hasn't been
- * freed/reused when the tx/rx functions are called by the stack. This can only
- * be fixed by addressing ifnet's lifetime issues.
  */
-#define _VLAN_RM_ID ifv_rm_lock
 #define _VLAN_SX_ID ifv_sx
 
-static struct rmlock _VLAN_RM_ID;
 static struct sx _VLAN_SX_ID;
 
 #define VLAN_LOCKING_INIT() \
-	rm_init(&_VLAN_RM_ID, "vlan_rm"); \
 	sx_init(&_VLAN_SX_ID, "vlan_sx")
 
 #define VLAN_LOCKING_DESTROY() \
-	rm_destroy(&_VLAN_RM_ID); \
 	sx_destroy(&_VLAN_SX_ID)
 
-#define	_VLAN_RM_TRACKER		_vlan_rm_tracker
-#define	VLAN_RLOCK()			rm_rlock(&_VLAN_RM_ID, \
-					    &_VLAN_RM_TRACKER)
-#define	VLAN_RUNLOCK()			rm_runlock(&_VLAN_RM_ID, \
-					    &_VLAN_RM_TRACKER)
-#define	VLAN_WLOCK()			rm_wlock(&_VLAN_RM_ID)
-#define	VLAN_WUNLOCK()			rm_wunlock(&_VLAN_RM_ID)
-#define	VLAN_RLOCK_ASSERT()		rm_assert(&_VLAN_RM_ID, RA_RLOCKED)
-#define	VLAN_WLOCK_ASSERT()		rm_assert(&_VLAN_RM_ID, RA_WLOCKED)
-#define	VLAN_RWLOCK_ASSERT()		rm_assert(&_VLAN_RM_ID, RA_LOCKED)
-#define	VLAN_LOCK_READER		struct rm_priotracker _VLAN_RM_TRACKER
+#define	VLAN_RLOCK()			NET_EPOCH_ENTER();
+#define	VLAN_RUNLOCK()			NET_EPOCH_EXIT();
+#define	VLAN_RLOCK_ASSERT()		MPASS(in_epoch(net_epoch_preempt))
 
 #define	VLAN_SLOCK()			sx_slock(&_VLAN_SX_ID)
 #define	VLAN_SUNLOCK()			sx_sunlock(&_VLAN_SX_ID)
@@ -267,25 +249,18 @@ static struct sx _VLAN_SX_ID;
 
 
 /*
- * We also have a per-trunk rmlock(9), that is locked shared on packet
- * processing and exclusive when configuration is changed. Note: This should
- * only be acquired while there is a shared lock on either of the global locks
- * via VLAN_SLOCK or VLAN_RLOCK. Thus, an exclusive lock on the global locks
- * makes a call to TRUNK_RLOCK/TRUNK_WLOCK technically superfluous.
+ * We also have a per-trunk mutex that should be acquired when changing
+ * its state.
  */
-#define	_TRUNK_RM_TRACKER		_trunk_rm_tracker
-#define	TRUNK_LOCK_INIT(trunk)		rm_init(&(trunk)->lock, vlanname)
-#define	TRUNK_LOCK_DESTROY(trunk)	rm_destroy(&(trunk)->lock)
-#define	TRUNK_RLOCK(trunk)		rm_rlock(&(trunk)->lock, \
-    &_TRUNK_RM_TRACKER)
-#define	TRUNK_WLOCK(trunk)		rm_wlock(&(trunk)->lock)
-#define	TRUNK_RUNLOCK(trunk)		rm_runlock(&(trunk)->lock, \
-    &_TRUNK_RM_TRACKER)
-#define	TRUNK_WUNLOCK(trunk)		rm_wunlock(&(trunk)->lock)
-#define	TRUNK_RLOCK_ASSERT(trunk)	rm_assert(&(trunk)->lock, RA_RLOCKED)
-#define	TRUNK_LOCK_ASSERT(trunk)	rm_assert(&(trunk)->lock, RA_LOCKED)
-#define	TRUNK_WLOCK_ASSERT(trunk)	rm_assert(&(trunk)->lock, RA_WLOCKED)
-#define	TRUNK_LOCK_READER		struct rm_priotracker _TRUNK_RM_TRACKER
+#define	TRUNK_LOCK_INIT(trunk)		mtx_init(&(trunk)->lock, vlanname, NULL, MTX_DEF)
+#define	TRUNK_LOCK_DESTROY(trunk)	mtx_destroy(&(trunk)->lock)
+#define	TRUNK_RLOCK(trunk)		NET_EPOCH_ENTER()
+#define	TRUNK_WLOCK(trunk)		mtx_lock(&(trunk)->lock)
+#define	TRUNK_RUNLOCK(trunk)		NET_EPOCH_EXIT();
+#define	TRUNK_WUNLOCK(trunk)		mtx_unlock(&(trunk)->lock)
+#define	TRUNK_RLOCK_ASSERT(trunk)	MPASS(in_epoch(net_epoch_preempt))
+#define	TRUNK_LOCK_ASSERT(trunk)	MPASS(in_epoch(net_epoch_preempt) || mtx_owned(&(trunk)->lock))
+#define	TRUNK_WLOCK_ASSERT(trunk)	mtx_assert(&(trunk)->lock, MA_OWNED);
 
 /*
  * The VLAN_ARRAY substitutes the dynamic hash with a static array
@@ -345,6 +320,13 @@ VNET_DEFINE_STATIC(struct if_clone *, vlan_cloner);
 #define HASH(n, m)	((((n) >> 8) ^ ((n) >> 4) ^ (n)) & (m))
 
 static void
+vlan_mc_free(struct epoch_context *ctx)
+{
+	struct vlan_mc_entry *mc = __containerof(ctx, struct vlan_mc_entry, mc_epoch_ctx);
+	free(mc, M_VLAN);
+}
+
+static void
 vlan_inithash(struct ifvlantrunk *trunk)
 {
 	int i, n;
@@ -363,7 +345,7 @@ vlan_inithash(struct ifvlantrunk *trunk)
 	trunk->hmask = n - 1;
 	trunk->hash = malloc(sizeof(struct ifvlanhead) * n, M_VLAN, M_WAITOK);
 	for (i = 0; i < n; i++)
-		LIST_INIT(&trunk->hash[i]);
+		CK_SLIST_INIT(&trunk->hash[i]);
 }
 
 static void
@@ -374,7 +356,7 @@ vlan_freehash(struct ifvlantrunk *trunk)
 
 	KASSERT(trunk->hwidth > 0, ("%s: hwidth not positive", __func__));
 	for (i = 0; i < (1 << trunk->hwidth); i++)
-		KASSERT(LIST_EMPTY(&trunk->hash[i]),
+		KASSERT(CK_SLIST_EMPTY(&trunk->hash[i]),
 		    ("%s: hash table not empty", __func__));
 #endif
 	free(trunk->hash, M_VLAN);
@@ -388,12 +370,12 @@ vlan_inshash(struct ifvlantrunk *trunk, struct ifvlan *ifv)
 	int i, b;
 	struct ifvlan *ifv2;
 
-	TRUNK_WLOCK_ASSERT(trunk);
+	VLAN_XLOCK_ASSERT();
 	KASSERT(trunk->hwidth > 0, ("%s: hwidth not positive", __func__));
 
 	b = 1 << trunk->hwidth;
 	i = HASH(ifv->ifv_vid, trunk->hmask);
-	LIST_FOREACH(ifv2, &trunk->hash[i], ifv_list)
+	CK_SLIST_FOREACH(ifv2, &trunk->hash[i], ifv_list)
 		if (ifv->ifv_vid == ifv2->ifv_vid)
 			return (EEXIST);
 
@@ -406,7 +388,7 @@ vlan_inshash(struct ifvlantrunk *trunk, struct ifvlan *ifv)
 		vlan_growhash(trunk, 1);
 		i = HASH(ifv->ifv_vid, trunk->hmask);
 	}
-	LIST_INSERT_HEAD(&trunk->hash[i], ifv, ifv_list);
+	CK_SLIST_INSERT_HEAD(&trunk->hash[i], ifv, ifv_list);
 	trunk->refcnt++;
 
 	return (0);
@@ -418,15 +400,15 @@ vlan_remhash(struct ifvlantrunk *trunk, struct ifvlan *ifv)
 	int i, b;
 	struct ifvlan *ifv2;
 
-	TRUNK_WLOCK_ASSERT(trunk);
+	VLAN_XLOCK_ASSERT();
 	KASSERT(trunk->hwidth > 0, ("%s: hwidth not positive", __func__));
 	
 	b = 1 << trunk->hwidth;
 	i = HASH(ifv->ifv_vid, trunk->hmask);
-	LIST_FOREACH(ifv2, &trunk->hash[i], ifv_list)
+	CK_SLIST_FOREACH(ifv2, &trunk->hash[i], ifv_list)
 		if (ifv2 == ifv) {
 			trunk->refcnt--;
-			LIST_REMOVE(ifv2, ifv_list);
+			CK_SLIST_REMOVE(&trunk->hash[i], ifv2, ifvlan, ifv_list);
 			if (trunk->refcnt < (b * b) / 2)
 				vlan_growhash(trunk, -1);
 			return (0);
@@ -446,7 +428,7 @@ vlan_growhash(struct ifvlantrunk *trunk, int howmuch)
 	struct ifvlanhead *hash2;
 	int hwidth2, i, j, n, n2;
 
-	TRUNK_WLOCK_ASSERT(trunk);
+	VLAN_XLOCK_ASSERT();
 	KASSERT(trunk->hwidth > 0, ("%s: hwidth not positive", __func__));
 
 	if (howmuch == 0) {
@@ -462,21 +444,21 @@ vlan_growhash(struct ifvlantrunk *trunk, int howmuch)
 	if (hwidth2 < VLAN_DEF_HWIDTH)
 		return;
 
-	/* M_NOWAIT because we're called with trunk mutex held */
-	hash2 = malloc(sizeof(struct ifvlanhead) * n2, M_VLAN, M_NOWAIT);
+	hash2 = malloc(sizeof(struct ifvlanhead) * n2, M_VLAN, M_WAITOK);
 	if (hash2 == NULL) {
 		printf("%s: out of memory -- hash size not changed\n",
 		    __func__);
 		return;		/* We can live with the old hash table */
 	}
 	for (j = 0; j < n2; j++)
-		LIST_INIT(&hash2[j]);
+		CK_SLIST_INIT(&hash2[j]);
 	for (i = 0; i < n; i++)
-		while ((ifv = LIST_FIRST(&trunk->hash[i])) != NULL) {
-			LIST_REMOVE(ifv, ifv_list);
+		while ((ifv = CK_SLIST_FIRST(&trunk->hash[i])) != NULL) {
+			CK_SLIST_REMOVE(&trunk->hash[i], ifv, ifvlan, ifv_list);
 			j = HASH(ifv->ifv_vid, n2 - 1);
-			LIST_INSERT_HEAD(&hash2[j], ifv, ifv_list);
+			CK_SLIST_INSERT_HEAD(&hash2[j], ifv, ifv_list);
 		}
+	NET_EPOCH_WAIT();
 	free(trunk->hash, M_VLAN);
 	trunk->hash = hash2;
 	trunk->hwidth = hwidth2;
@@ -494,7 +476,7 @@ vlan_gethash(struct ifvlantrunk *trunk, uint16_t vid)
 
 	TRUNK_RLOCK_ASSERT(trunk);
 
-	LIST_FOREACH(ifv, &trunk->hash[HASH(vid, trunk->hmask)], ifv_list)
+	CK_SLIST_FOREACH(ifv, &trunk->hash[HASH(vid, trunk->hmask)], ifv_list)
 		if (ifv->ifv_vid == vid)
 			return (ifv);
 	return (NULL);
@@ -510,7 +492,7 @@ vlan_dumphash(struct ifvlantrunk *trunk)
 
 	for (i = 0; i < (1 << trunk->hwidth); i++) {
 		printf("%d: ", i);
-		LIST_FOREACH(ifv, &trunk->hash[i], ifv_list)
+		CK_SLIST_FOREACH(ifv, &trunk->hash[i], ifv_list)
 			printf("%s ", ifv->ifv_ifp->if_xname);
 		printf("\n");
 	}
@@ -563,7 +545,6 @@ static void
 trunk_destroy(struct ifvlantrunk *trunk)
 {
 	VLAN_XLOCK_ASSERT();
-	VLAN_WLOCK_ASSERT();
 
 	vlan_freehash(trunk);
 	trunk->parent->if_vlantrunk = NULL;
@@ -589,24 +570,19 @@ vlan_setmulti(struct ifnet *ifp)
 	struct vlan_mc_entry	*mc;
 	int			error;
 
-	/*
-	 * XXX This stupidly needs the rmlock to avoid sleeping while holding
-	 * the in6_multi_mtx (see in6_mc_join_locked).
-	 */
-	VLAN_RWLOCK_ASSERT();
+	VLAN_XLOCK_ASSERT();
 
 	/* Find the parent. */
 	sc = ifp->if_softc;
-	TRUNK_WLOCK_ASSERT(TRUNK(sc));
 	ifp_p = PARENT(sc);
 
 	CURVNET_SET_QUIET(ifp_p->if_vnet);
 
 	/* First, remove any existing filter entries. */
-	while ((mc = SLIST_FIRST(&sc->vlan_mc_listhead)) != NULL) {
-		SLIST_REMOVE_HEAD(&sc->vlan_mc_listhead, mc_entries);
+	while ((mc = CK_SLIST_FIRST(&sc->vlan_mc_listhead)) != NULL) {
+		CK_SLIST_REMOVE_HEAD(&sc->vlan_mc_listhead, mc_entries);
 		(void)if_delmulti(ifp_p, (struct sockaddr *)&mc->mc_addr);
-		free(mc, M_VLAN);
+		epoch_call(net_epoch_preempt, &mc->mc_epoch_ctx, vlan_mc_free);
 	}
 
 	/* Now program new ones. */
@@ -621,10 +597,10 @@ vlan_setmulti(struct ifnet *ifp)
 		}
 		bcopy(ifma->ifma_addr, &mc->mc_addr, ifma->ifma_addr->sa_len);
 		mc->mc_addr.sdl_index = ifp_p->if_index;
-		SLIST_INSERT_HEAD(&sc->vlan_mc_listhead, mc, mc_entries);
+		CK_SLIST_INSERT_HEAD(&sc->vlan_mc_listhead, mc, mc_entries);
 	}
 	IF_ADDR_WUNLOCK(ifp);
-	SLIST_FOREACH (mc, &sc->vlan_mc_listhead, mc_entries) {
+	CK_SLIST_FOREACH (mc, &sc->vlan_mc_listhead, mc_entries) {
 		error = if_addmulti(ifp_p, (struct sockaddr *)&mc->mc_addr,
 		    NULL);
 		if (error)
@@ -647,7 +623,6 @@ vlan_iflladdr(void *arg __unused, struct ifnet *ifp)
 	struct ifnet *ifv_ifp;
 	struct ifvlantrunk *trunk;
 	struct sockaddr_dl *sdl;
-	VLAN_LOCK_READER;
 
 	/* Need the rmlock since this is run on taskqueue_swi. */
 	VLAN_RLOCK();
@@ -726,12 +701,10 @@ static struct ifnet  *
 vlan_trunkdev(struct ifnet *ifp)
 {
 	struct ifvlan *ifv;
-	VLAN_LOCK_READER;
 
 	if (ifp->if_type != IFT_L2VLAN)
 		return (NULL);
 
-	/* Not clear if callers are sleepable, so acquire the rmlock. */
 	VLAN_RLOCK();
 	ifv = ifp->if_softc;
 	ifp = NULL;
@@ -811,10 +784,7 @@ vlan_devat(struct ifnet *ifp, uint16_t vid)
 {
 	struct ifvlantrunk *trunk;
 	struct ifvlan *ifv;
-	VLAN_LOCK_READER;
-	TRUNK_LOCK_READER;
 
-	/* Not clear if callers are sleepable, so acquire the rmlock. */
 	VLAN_RLOCK();
 	trunk = ifp->if_vlantrunk;
 	if (trunk == NULL) {
@@ -822,11 +792,9 @@ vlan_devat(struct ifnet *ifp, uint16_t vid)
 		return (NULL);
 	}
 	ifp = NULL;
-	TRUNK_RLOCK(trunk);
 	ifv = vlan_gethash(trunk, vid);
 	if (ifv)
 		ifp = ifv->ifv_ifp;
-	TRUNK_RUNLOCK(trunk);
 	VLAN_RUNLOCK();
 	return (ifp);
 }
@@ -1078,7 +1046,7 @@ vlan_clone_create(struct if_clone *ifc, char *name, size_t len, caddr_t params)
 			if_rele(p);
 		return (ENOSPC);
 	}
-	SLIST_INIT(&ifv->vlan_mc_listhead);
+	CK_SLIST_INIT(&ifv->vlan_mc_listhead);
 	ifp->if_softc = ifv;
 	/*
 	 * Set the name manually rather than using if_initname because
@@ -1145,6 +1113,7 @@ vlan_clone_destroy(struct if_clone *ifc, struct ifnet *ifp)
 	 * ifvlan.
 	 */
 	taskqueue_drain(taskqueue_thread, &ifv->lladdr_task);
+	NET_EPOCH_WAIT();
 	if_free(ifp);
 	free(ifv, M_VLAN);
 	ifc_free_unit(ifc, unit);
@@ -1169,7 +1138,6 @@ vlan_transmit(struct ifnet *ifp, struct mbuf *m)
 	struct ifvlan *ifv;
 	struct ifnet *p;
 	int error, len, mcast;
-	VLAN_LOCK_READER;
 
 	VLAN_RLOCK();
 	ifv = ifp->if_softc;
@@ -1229,8 +1197,6 @@ vlan_input(struct ifnet *ifp, struct mbuf *m)
 {
 	struct ifvlantrunk *trunk;
 	struct ifvlan *ifv;
-	VLAN_LOCK_READER;
-	TRUNK_LOCK_READER;
 	struct m_tag *mtag;
 	uint16_t vid, tag;
 
@@ -1291,16 +1257,13 @@ vlan_input(struct ifnet *ifp, struct mbuf *m)
 
 	vid = EVL_VLANOFTAG(tag);
 
-	TRUNK_RLOCK(trunk);
 	ifv = vlan_gethash(trunk, vid);
 	if (ifv == NULL || !UP_AND_RUNNING(ifv->ifv_ifp)) {
-		TRUNK_RUNLOCK(trunk);
-		if_inc_counter(ifp, IFCOUNTER_NOPROTO, 1);
 		VLAN_RUNLOCK();
+		if_inc_counter(ifp, IFCOUNTER_NOPROTO, 1);
 		m_freem(m);
 		return;
 	}
-	TRUNK_RUNLOCK(trunk);
 
 	if (vlan_mtag_pcp) {
 		/*
@@ -1341,8 +1304,13 @@ vlan_lladdr_fn(void *arg, int pending __unused)
 
 	ifv = (struct ifvlan *)arg;
 	ifp = ifv->ifv_ifp;
+
+	CURVNET_SET(ifp->if_vnet);
+
 	/* The ifv_ifp already has the lladdr copied in. */
 	if_setlladdr(ifp, IF_LLADDR(ifp), ifp->if_addrlen);
+
+	CURVNET_RESTORE();
 }
 
 static int
@@ -1371,22 +1339,19 @@ vlan_config(struct ifvlan *ifv, struct ifnet *p, uint16_t vid)
 	if (ifv->ifv_trunk)
 		return (EBUSY);
 
-	/* Acquire rmlock after the branch so we can M_WAITOK. */
 	VLAN_XLOCK();
 	if (p->if_vlantrunk == NULL) {
 		trunk = malloc(sizeof(struct ifvlantrunk),
 		    M_VLAN, M_WAITOK | M_ZERO);
 		vlan_inithash(trunk);
 		TRUNK_LOCK_INIT(trunk);
-		VLAN_WLOCK();
 		TRUNK_WLOCK(trunk);
 		p->if_vlantrunk = trunk;
 		trunk->parent = p;
 		if_ref(trunk->parent);
+		TRUNK_WUNLOCK(trunk);
 	} else {
-		VLAN_WLOCK();
 		trunk = p->if_vlantrunk;
-		TRUNK_WLOCK(trunk);
 	}
 
 	ifv->ifv_vid = vid;	/* must set this before vlan_inshash() */
@@ -1450,7 +1415,9 @@ vlan_config(struct ifvlan *ifv, struct ifnet *p, uint16_t vid)
 
 	ifp->if_link_state = p->if_link_state;
 
+	TRUNK_RLOCK(TRUNK(ifv));
 	vlan_capabilities(ifv);
+	TRUNK_RUNLOCK(TRUNK(ifv));
 
 	/*
 	 * Set up our interface address to reflect the underlying
@@ -1460,12 +1427,6 @@ vlan_config(struct ifvlan *ifv, struct ifnet *p, uint16_t vid)
 	((struct sockaddr_dl *)ifp->if_addr->ifa_addr)->sdl_alen =
 	    p->if_addrlen;
 
-	/*
-	 * Configure multicast addresses that may already be
-	 * joined on the vlan device.
-	 */
-	(void)vlan_setmulti(ifp);
-
 	TASK_INIT(&ifv->lladdr_task, 0, vlan_lladdr_fn, ifv);
 
 	/* We are ready for operation now. */
@@ -1473,13 +1434,14 @@ vlan_config(struct ifvlan *ifv, struct ifnet *p, uint16_t vid)
 
 	/* Update flags on the parent, if necessary. */
 	vlan_setflags(ifp, 1);
-done:
+
 	/*
-	 * We need to drop the non-sleepable rmlock so that the underlying
-	 * devices can sleep in their vlan_config hooks.
+	 * Configure multicast addresses that may already be
+	 * joined on the vlan device.
 	 */
-	TRUNK_WUNLOCK(trunk);
-	VLAN_WUNLOCK();
+	(void)vlan_setmulti(ifp);
+
+done:
 	if (error == 0)
 		EVENTHANDLER_INVOKE(vlan_config, p, ifv->ifv_vid);
 	VLAN_XUNLOCK();
@@ -1512,13 +1474,6 @@ vlan_unconfig_locked(struct ifnet *ifp, int departing)
 	parent = NULL;
 
 	if (trunk != NULL) {
-		/*
-		 * Both vlan_transmit and vlan_input rely on the trunk fields
-		 * being NULL to determine whether to bail, so we need to get
-		 * an exclusive lock here to prevent them from using bad
-		 * ifvlans.
-		 */
-		VLAN_WLOCK();
 		parent = trunk->parent;
 
 		/*
@@ -1526,7 +1481,7 @@ vlan_unconfig_locked(struct ifnet *ifp, int departing)
 		 * empty the list of multicast groups that we may have joined
 		 * while we were alive from the parent's list.
 		 */
-		while ((mc = SLIST_FIRST(&ifv->vlan_mc_listhead)) != NULL) {
+		while ((mc = CK_SLIST_FIRST(&ifv->vlan_mc_listhead)) != NULL) {
 			/*
 			 * If the parent interface is being detached,
 			 * all its multicast addresses have already
@@ -1543,19 +1498,13 @@ vlan_unconfig_locked(struct ifnet *ifp, int departing)
 		    "Failed to delete multicast address from parent: %d\n",
 					    error);
 			}
-			SLIST_REMOVE_HEAD(&ifv->vlan_mc_listhead, mc_entries);
-			free(mc, M_VLAN);
+			CK_SLIST_REMOVE_HEAD(&ifv->vlan_mc_listhead, mc_entries);
+			epoch_call(net_epoch_preempt, &mc->mc_epoch_ctx, vlan_mc_free);
 		}
 
 		vlan_setflags(ifp, 0); /* clear special flags on parent */
 
-		/*
-		 * The trunk lock isn't actually required here, but
-		 * vlan_remhash expects it.
-		 */
-		TRUNK_WLOCK(trunk);
 		vlan_remhash(trunk, ifv);
-		TRUNK_WUNLOCK(trunk);
 		ifv->ifv_trunk = NULL;
 
 		/*
@@ -1563,9 +1512,9 @@ vlan_unconfig_locked(struct ifnet *ifp, int departing)
 		 */
 		if (trunk->refcnt == 0) {
 			parent->if_vlantrunk = NULL;
+			NET_EPOCH_WAIT();
 			trunk_destroy(trunk);
 		}
-		VLAN_WUNLOCK();
 	}
 
 	/* Disconnect from parent. */
@@ -1642,7 +1591,6 @@ vlan_link_state(struct ifnet *ifp)
 {
 	struct ifvlantrunk *trunk;
 	struct ifvlan *ifv;
-	VLAN_LOCK_READER;
 
 	/* Called from a taskqueue_swi task, so we cannot sleep. */
 	VLAN_RLOCK();
@@ -1672,7 +1620,7 @@ vlan_capabilities(struct ifvlan *ifv)
 	u_long hwa = 0;
 
 	VLAN_SXLOCK_ASSERT();
-	TRUNK_WLOCK_ASSERT(TRUNK(ifv));
+	TRUNK_RLOCK_ASSERT(TRUNK(ifv));
 	p = PARENT(ifv);
 	ifp = ifv->ifv_ifp;
 
@@ -1773,11 +1721,11 @@ vlan_trunk_capabilities(struct ifnet *ifp)
 		VLAN_SUNLOCK();
 		return;
 	}
-	TRUNK_WLOCK(trunk);
+	TRUNK_RLOCK(trunk);
 	VLAN_FOREACH(ifv, trunk) {
 		vlan_capabilities(ifv);
 	}
-	TRUNK_WUNLOCK(trunk);
+	TRUNK_RUNLOCK(trunk);
 	VLAN_SUNLOCK();
 }
 
@@ -1791,7 +1739,6 @@ vlan_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
 	struct ifvlantrunk *trunk;
 	struct vlanreq vlr;
 	int error = 0;
-	VLAN_LOCK_READER;
 
 	ifr = (struct ifreq *)data;
 	ifa = (struct ifaddr *) data;
@@ -1927,16 +1874,13 @@ vlan_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
 		 * XXX We need the rmlock here to avoid sleeping while
 		 * holding in6_multi_mtx.
 		 */
-		VLAN_RLOCK();
+		VLAN_XLOCK();
 		trunk = TRUNK(ifv);
-		if (trunk != NULL) {
-			TRUNK_WLOCK(trunk);
+		if (trunk != NULL)
 			error = vlan_setmulti(ifp);
-			TRUNK_WUNLOCK(trunk);
-		}
-		VLAN_RUNLOCK();
-		break;
+		VLAN_XUNLOCK();
 
+		break;
 	case SIOCGVLANPCP:
 #ifdef VIMAGE
 		if (ifp->if_vnet != ifp->if_home_vnet) {
@@ -1973,9 +1917,9 @@ vlan_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
 		ifv->ifv_capenable = ifr->ifr_reqcap;
 		trunk = TRUNK(ifv);
 		if (trunk != NULL) {
-			TRUNK_WLOCK(trunk);
+			TRUNK_RLOCK(trunk);
 			vlan_capabilities(ifv);
-			TRUNK_WUNLOCK(trunk);
+			TRUNK_RUNLOCK(trunk);
 		}
 		VLAN_SUNLOCK();
 		break;
diff --git a/freebsd/sys/net/iflib.h b/freebsd/sys/net/iflib.h
index 6e1eee63..8c2be41b 100644
--- a/freebsd/sys/net/iflib.h
+++ b/freebsd/sys/net/iflib.h
@@ -173,7 +173,7 @@ typedef struct pci_vendor_info {
 #define IFLIB_PNP_DESCR "U32:vendor;U32:device;U32:subvendor;U32:subdevice;" \
     "U32:revision;U32:class;D:#"
 #define IFLIB_PNP_INFO(b, u, t) \
-    MODULE_PNP_INFO(IFLIB_PNP_DESCR, b, u, t, sizeof(t[0]), nitems(t) - 1)
+    MODULE_PNP_INFO(IFLIB_PNP_DESCR, b, u, t, nitems(t) - 1)
 
 typedef struct if_txrx {
 	int (*ift_txd_encap) (void *, if_pkt_info_t);
@@ -246,7 +246,7 @@ struct if_shared_ctx {
 	/* fields necessary for probe */
 	pci_vendor_info_t *isc_vendor_info;
 	char *isc_driver_version;
-/* optional function to transform the read values to match the table*/
+	/* optional function to transform the read values to match the table*/
 	void (*isc_parse_devinfo) (uint16_t *device_id, uint16_t *subvendor_id,
 				   uint16_t *subdevice_id, uint16_t *rev_id);
 	int isc_nrxd_min[8];
@@ -375,6 +375,8 @@ if_softc_ctx_t iflib_get_softc_ctx(if_ctx_t ctx);
 if_shared_ctx_t iflib_get_sctx(if_ctx_t ctx);
 
 void iflib_set_mac(if_ctx_t ctx, uint8_t mac[ETHER_ADDR_LEN]);
+void iflib_request_reset(if_ctx_t ctx);
+uint8_t iflib_in_detach(if_ctx_t ctx);
 
 /*
  * If the driver can plug cleanly in to newbus use these
diff --git a/freebsd/sys/netinet/in.c b/freebsd/sys/netinet/in.c
index 78fd00c0..db1ebda0 100644
--- a/freebsd/sys/netinet/in.c
+++ b/freebsd/sys/netinet/in.c
@@ -524,7 +524,12 @@ in_aifaddr_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp, struct thread *td)
 			&ii->ii_allhosts);
 	}
 
-	EVENTHANDLER_INVOKE(ifaddr_event, ifp);
+	/*
+	 * Note: we don't need extra reference for ifa, since we called
+	 * with sx lock held, and ifaddr can not be deleted in concurrent
+	 * thread.
+	 */
+	EVENTHANDLER_INVOKE(ifaddr_event_ext, ifp, ifa, IFADDR_EVENT_ADD);
 
 	return (error);
 
@@ -647,7 +652,8 @@ in_difaddr_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp, struct thread *td)
 	}
 	IF_ADDR_WUNLOCK(ifp);
 
-	EVENTHANDLER_INVOKE(ifaddr_event, ifp);
+	EVENTHANDLER_INVOKE(ifaddr_event_ext, ifp, &ia->ia_ifa,
+	    IFADDR_EVENT_DEL);
 	ifa_free(&ia->ia_ifa);		/* in_ifaddrhead */
 
 	return (0);
diff --git a/freebsd/sys/netinet/in_gif.c b/freebsd/sys/netinet/in_gif.c
index 03aaaf08..b8732a33 100644
--- a/freebsd/sys/netinet/in_gif.c
+++ b/freebsd/sys/netinet/in_gif.c
@@ -84,12 +84,16 @@ SYSCTL_INT(_net_inet_ip, IPCTL_GIF_TTL, gifttl, CTLFLAG_VNET | CTLFLAG_RW,
  * Interfaces with GIF_IGNORE_SOURCE flag are linked into plain list.
  */
 VNET_DEFINE_STATIC(struct gif_list *, ipv4_hashtbl) = NULL;
+VNET_DEFINE_STATIC(struct gif_list *, ipv4_srchashtbl) = NULL;
 VNET_DEFINE_STATIC(struct gif_list, ipv4_list) = CK_LIST_HEAD_INITIALIZER();
 #define	V_ipv4_hashtbl		VNET(ipv4_hashtbl)
+#define	V_ipv4_srchashtbl	VNET(ipv4_srchashtbl)
 #define	V_ipv4_list		VNET(ipv4_list)
 
 #define	GIF_HASH(src, dst)	(V_ipv4_hashtbl[\
     in_gif_hashval((src), (dst)) & (GIF_HASH_SIZE - 1)])
+#define	GIF_SRCHASH(src)	(V_ipv4_srchashtbl[\
+    fnv_32_buf(&(src), sizeof(src), FNV1_32_INIT) & (GIF_HASH_SIZE - 1)])
 #define	GIF_HASH_SC(sc)		GIF_HASH((sc)->gif_iphdr->ip_src.s_addr,\
     (sc)->gif_iphdr->ip_dst.s_addr)
 static uint32_t
@@ -121,6 +125,43 @@ in_gif_checkdup(const struct gif_softc *sc, in_addr_t src, in_addr_t dst)
 	return (0);
 }
 
+/*
+ * Check that ingress address belongs to local host.
+ */
+static void
+in_gif_set_running(struct gif_softc *sc)
+{
+
+	if (in_localip(sc->gif_iphdr->ip_src))
+		GIF2IFP(sc)->if_drv_flags |= IFF_DRV_RUNNING;
+	else
+		GIF2IFP(sc)->if_drv_flags &= ~IFF_DRV_RUNNING;
+}
+
+/*
+ * ifaddr_event handler.
+ * Clear IFF_DRV_RUNNING flag when ingress address disappears to prevent
+ * source address spoofing.
+ */
+static void
+in_gif_srcaddr(void *arg __unused, const struct sockaddr *sa,
+    int event __unused)
+{
+	const struct sockaddr_in *sin;
+	struct gif_softc *sc;
+
+	if (V_ipv4_srchashtbl == NULL)
+		return;
+
+	MPASS(in_epoch(net_epoch_preempt));
+	sin = (const struct sockaddr_in *)sa;
+	CK_LIST_FOREACH(sc, &GIF_SRCHASH(sin->sin_addr.s_addr), srchash) {
+		if (sc->gif_iphdr->ip_src.s_addr != sin->sin_addr.s_addr)
+			continue;
+		in_gif_set_running(sc);
+	}
+}
+
 static void
 in_gif_attach(struct gif_softc *sc)
 {
@@ -129,6 +170,9 @@ in_gif_attach(struct gif_softc *sc)
 		CK_LIST_INSERT_HEAD(&V_ipv4_list, sc, chain);
 	else
 		CK_LIST_INSERT_HEAD(&GIF_HASH_SC(sc), sc, chain);
+
+	CK_LIST_INSERT_HEAD(&GIF_SRCHASH(sc->gif_iphdr->ip_src.s_addr),
+	    sc, srchash);
 }
 
 int
@@ -141,6 +185,7 @@ in_gif_setopts(struct gif_softc *sc, u_int options)
 
 	if ((options & GIF_IGNORE_SOURCE) !=
 	    (sc->gif_options & GIF_IGNORE_SOURCE)) {
+		CK_LIST_REMOVE(sc, srchash);
 		CK_LIST_REMOVE(sc, chain);
 		sc->gif_options = options;
 		in_gif_attach(sc);
@@ -174,8 +219,10 @@ in_gif_ioctl(struct gif_softc *sc, u_long cmd, caddr_t data)
 			error = EADDRNOTAVAIL;
 			break;
 		}
-		if (V_ipv4_hashtbl == NULL)
+		if (V_ipv4_hashtbl == NULL) {
 			V_ipv4_hashtbl = gif_hashinit();
+			V_ipv4_srchashtbl = gif_hashinit();
+		}
 		error = in_gif_checkdup(sc, src->sin_addr.s_addr,
 		    dst->sin_addr.s_addr);
 		if (error == EADDRNOTAVAIL)
@@ -190,6 +237,7 @@ in_gif_ioctl(struct gif_softc *sc, u_long cmd, caddr_t data)
 		ip->ip_dst.s_addr = dst->sin_addr.s_addr;
 		if (sc->gif_family != 0) {
 			/* Detach existing tunnel first */
+			CK_LIST_REMOVE(sc, srchash);
 			CK_LIST_REMOVE(sc, chain);
 			GIF_WAIT();
 			free(sc->gif_hdr, M_GIF);
@@ -198,6 +246,7 @@ in_gif_ioctl(struct gif_softc *sc, u_long cmd, caddr_t data)
 		sc->gif_family = AF_INET;
 		sc->gif_iphdr = ip;
 		in_gif_attach(sc);
+		in_gif_set_running(sc);
 		break;
 	case SIOCGIFPSRCADDR:
 	case SIOCGIFPDSTADDR:
@@ -344,6 +393,7 @@ done:
 	return (ret);
 }
 
+static const struct srcaddrtab *ipv4_srcaddrtab;
 static struct {
 	const struct encap_config encap;
 	const struct encaptab *cookie;
@@ -389,6 +439,9 @@ in_gif_init(void)
 
 	if (!IS_DEFAULT_VNET(curvnet))
 		return;
+
+	ipv4_srcaddrtab = ip_encap_register_srcaddr(in_gif_srcaddr,
+	    NULL, M_WAITOK);
 	for (i = 0; i < nitems(ipv4_encap_cfg); i++)
 		ipv4_encap_cfg[i].cookie = ip_encap_attach(
 		    &ipv4_encap_cfg[i].encap, NULL, M_WAITOK);
@@ -402,8 +455,11 @@ in_gif_uninit(void)
 	if (IS_DEFAULT_VNET(curvnet)) {
 		for (i = 0; i < nitems(ipv4_encap_cfg); i++)
 			ip_encap_detach(ipv4_encap_cfg[i].cookie);
+		ip_encap_unregister_srcaddr(ipv4_srcaddrtab);
 	}
-	if (V_ipv4_hashtbl != NULL)
+	if (V_ipv4_hashtbl != NULL) {
 		gif_hashdestroy(V_ipv4_hashtbl);
+		gif_hashdestroy(V_ipv4_srchashtbl);
+	}
 }
 
diff --git a/freebsd/sys/netinet/in_pcb.h b/freebsd/sys/netinet/in_pcb.h
index 86c9705c..6d2c86d5 100644
--- a/freebsd/sys/netinet/in_pcb.h
+++ b/freebsd/sys/netinet/in_pcb.h
@@ -642,6 +642,8 @@ int	inp_so_options(const struct inpcb *inp);
 #define	INP_INFO_LOCK_ASSERT(ipi)	MPASS(in_epoch(net_epoch_preempt) || mtx_owned(&(ipi)->ipi_lock))
 #define INP_INFO_RLOCK_ASSERT(ipi)	MPASS(in_epoch(net_epoch_preempt))
 #define INP_INFO_WLOCK_ASSERT(ipi)	mtx_assert(&(ipi)->ipi_lock, MA_OWNED)
+#define INP_INFO_WUNLOCK_ASSERT(ipi)	\
+	mtx_assert(&(ipi)->ipi_lock, MA_NOTOWNED)
 #define INP_INFO_UNLOCK_ASSERT(ipi)	MPASS(!in_epoch(net_epoch_preempt) && !mtx_owned(&(ipi)->ipi_lock))
 
 #define INP_LIST_LOCK_INIT(ipi, d) \
diff --git a/freebsd/sys/netinet/ip_encap.c b/freebsd/sys/netinet/ip_encap.c
index 1e794f73..adc5a41d 100644
--- a/freebsd/sys/netinet/ip_encap.c
+++ b/freebsd/sys/netinet/ip_encap.c
@@ -68,6 +68,7 @@ __FBSDID("$FreeBSD$");
 
 #include <sys/param.h>
 #include <sys/systm.h>
+#include <sys/eventhandler.h>
 #include <sys/kernel.h>
 #include <sys/lock.h>
 #include <sys/malloc.h>
@@ -102,22 +103,139 @@ struct encaptab {
 	encap_input_t	input;
 };
 
+struct srcaddrtab {
+	CK_LIST_ENTRY(srcaddrtab) chain;
+
+	encap_srcaddr_t	srcaddr;
+	void		*arg;
+};
+
 CK_LIST_HEAD(encaptab_head, encaptab);
+CK_LIST_HEAD(srcaddrtab_head, srcaddrtab);
 #ifdef INET
 static struct encaptab_head ipv4_encaptab = CK_LIST_HEAD_INITIALIZER();
+static struct srcaddrtab_head ipv4_srcaddrtab = CK_LIST_HEAD_INITIALIZER();
 #endif
 #ifdef INET6
 static struct encaptab_head ipv6_encaptab = CK_LIST_HEAD_INITIALIZER();
+static struct srcaddrtab_head ipv6_srcaddrtab = CK_LIST_HEAD_INITIALIZER();
 #endif
 
-static struct mtx encapmtx;
+static struct mtx encapmtx, srcaddrmtx;
 MTX_SYSINIT(encapmtx, &encapmtx, "encapmtx", MTX_DEF);
+MTX_SYSINIT(srcaddrmtx, &srcaddrmtx, "srcaddrmtx", MTX_DEF);
 #define	ENCAP_WLOCK()		mtx_lock(&encapmtx)
 #define	ENCAP_WUNLOCK()		mtx_unlock(&encapmtx)
-#define	ENCAP_RLOCK()		struct epoch_tracker encap_et; epoch_enter_preempt(net_epoch_preempt, &encap_et)
-#define	ENCAP_RUNLOCK()		epoch_exit_preempt(net_epoch_preempt, &encap_et)
+#define	ENCAP_RLOCK_TRACKER	struct epoch_tracker encap_et
+#define	ENCAP_RLOCK()		\
+    epoch_enter_preempt(net_epoch_preempt, &encap_et)
+#define	ENCAP_RUNLOCK()		\
+    epoch_exit_preempt(net_epoch_preempt, &encap_et)
 #define	ENCAP_WAIT()		epoch_wait_preempt(net_epoch_preempt)
 
+#define	SRCADDR_WLOCK()		mtx_lock(&srcaddrmtx)
+#define	SRCADDR_WUNLOCK()	mtx_unlock(&srcaddrmtx)
+#define	SRCADDR_RLOCK_TRACKER	struct epoch_tracker srcaddr_et
+#define	SRCADDR_RLOCK()		\
+    epoch_enter_preempt(net_epoch_preempt, &srcaddr_et)
+#define	SRCADDR_RUNLOCK()	\
+    epoch_exit_preempt(net_epoch_preempt, &srcaddr_et)
+#define	SRCADDR_WAIT()		epoch_wait_preempt(net_epoch_preempt)
+
+/*
+ * ifaddr_event_ext handler.
+ *
+ * Tunnelling interfaces may request the kernel to notify when
+ * some interface addresses appears or disappears. Usually tunnelling
+ * interface must use an address configured on the local machine as
+ * ingress address to be able receive datagramms and do not send
+ * spoofed packets.
+ */
+static void
+srcaddr_change_event(void *arg __unused, struct ifnet *ifp,
+    struct ifaddr *ifa, int event)
+{
+	SRCADDR_RLOCK_TRACKER;
+	struct srcaddrtab_head *head;
+	struct srcaddrtab *p;
+
+	/* Support for old ifaddr_event. */
+	EVENTHANDLER_INVOKE(ifaddr_event, ifp);
+
+	switch (ifa->ifa_addr->sa_family) {
+#ifdef INET
+	case AF_INET:
+		head = &ipv4_srcaddrtab;
+		break;
+#endif
+#ifdef INET6
+	case AF_INET6:
+		head = &ipv6_srcaddrtab;
+		break;
+#endif
+	default:
+		/* ignore event */
+		return;
+	}
+
+	SRCADDR_RLOCK();
+	CK_LIST_FOREACH(p, head, chain) {
+		(*p->srcaddr)(p->arg, ifa->ifa_addr, event);
+	}
+	SRCADDR_RUNLOCK();
+}
+EVENTHANDLER_DEFINE(ifaddr_event_ext, srcaddr_change_event, NULL, 0);
+
+static struct srcaddrtab *
+encap_register_srcaddr(struct srcaddrtab_head *head, encap_srcaddr_t func,
+    void *arg, int mflags)
+{
+	struct srcaddrtab *p, *tmp;
+
+	if (func == NULL)
+		return (NULL);
+	p = malloc(sizeof(*p), M_NETADDR, mflags);
+	if (p == NULL)
+		return (NULL);
+	p->srcaddr = func;
+	p->arg = arg;
+
+	SRCADDR_WLOCK();
+	CK_LIST_FOREACH(tmp, head, chain) {
+		if (func == tmp->srcaddr && arg == tmp->arg)
+			break;
+	}
+	if (tmp == NULL)
+		CK_LIST_INSERT_HEAD(head, p, chain);
+	SRCADDR_WUNLOCK();
+
+	if (tmp != NULL) {
+		free(p, M_NETADDR);
+		p = tmp;
+	}
+	return (p);
+}
+
+static int
+encap_unregister_srcaddr(struct srcaddrtab_head *head,
+    const struct srcaddrtab *cookie)
+{
+	struct srcaddrtab *p;
+
+	SRCADDR_WLOCK();
+	CK_LIST_FOREACH(p, head, chain) {
+		if (p == cookie) {
+			CK_LIST_REMOVE(p, chain);
+			SRCADDR_WUNLOCK();
+			SRCADDR_WAIT();
+			free(p, M_NETADDR);
+			return (0);
+		}
+	}
+	SRCADDR_WUNLOCK();
+	return (EINVAL);
+}
+
 static struct encaptab *
 encap_attach(struct encaptab_head *head, const struct encap_config *cfg,
     void *arg, int mflags)
@@ -177,6 +295,7 @@ encap_detach(struct encaptab_head *head, const struct encaptab *cookie)
 static int
 encap_input(struct encaptab_head *head, struct mbuf *m, int off, int proto)
 {
+	ENCAP_RLOCK_TRACKER;
 	struct encaptab *ep, *match;
 	void *arg;
 	int matchprio, ret;
@@ -222,6 +341,20 @@ encap_input(struct encaptab_head *head, struct mbuf *m, int off, int proto)
 }
 
 #ifdef INET
+const struct srcaddrtab *
+ip_encap_register_srcaddr(encap_srcaddr_t func, void *arg, int mflags)
+{
+
+	return (encap_register_srcaddr(&ipv4_srcaddrtab, func, arg, mflags));
+}
+
+int
+ip_encap_unregister_srcaddr(const struct srcaddrtab *cookie)
+{
+
+	return (encap_unregister_srcaddr(&ipv4_srcaddrtab, cookie));
+}
+
 const struct encaptab *
 ip_encap_attach(const struct encap_config *cfg, void *arg, int mflags)
 {
@@ -247,6 +380,20 @@ encap4_input(struct mbuf **mp, int *offp, int proto)
 #endif /* INET */
 
 #ifdef INET6
+const struct srcaddrtab *
+ip6_encap_register_srcaddr(encap_srcaddr_t func, void *arg, int mflags)
+{
+
+	return (encap_register_srcaddr(&ipv6_srcaddrtab, func, arg, mflags));
+}
+
+int
+ip6_encap_unregister_srcaddr(const struct srcaddrtab *cookie)
+{
+
+	return (encap_unregister_srcaddr(&ipv6_srcaddrtab, cookie));
+}
+
 const struct encaptab *
 ip6_encap_attach(const struct encap_config *cfg, void *arg, int mflags)
 {
diff --git a/freebsd/sys/netinet/ip_encap.h b/freebsd/sys/netinet/ip_encap.h
index f3d1d3af..898114c2 100644
--- a/freebsd/sys/netinet/ip_encap.h
+++ b/freebsd/sys/netinet/ip_encap.h
@@ -43,26 +43,38 @@ int	encap6_input(struct mbuf **, int *, int);
 
 typedef int (*encap_lookup_t)(const struct mbuf *, int, int, void **);
 typedef int (*encap_check_t)(const struct mbuf *, int, int, void *);
-typedef int (*encap_input_t)(struct mbuf *, int , int, void *);
+typedef int (*encap_input_t)(struct mbuf *, int, int, void *);
+typedef void (*encap_srcaddr_t)(void *, const struct sockaddr *, int);
 
 struct encap_config {
 	int		proto;		/* protocol */
 	int		min_length;	/* minimum packet length */
+	int		max_hdrsize;	/* maximum header size */
 	int		exact_match;	/* a packet is exactly matched */
 #define	ENCAP_DRV_LOOKUP	0x7fffffff
 
 	encap_lookup_t	lookup;
 	encap_check_t	check;
 	encap_input_t	input;
+
+	void		*pad[3];
 };
 
 struct encaptab;
+struct srcaddrtab;
 
 const struct encaptab *ip_encap_attach(const struct encap_config *,
     void *arg, int mflags);
 const struct encaptab *ip6_encap_attach(const struct encap_config *,
     void *arg, int mflags);
 
+const struct srcaddrtab *ip_encap_register_srcaddr(encap_srcaddr_t,
+    void *arg, int mflags);
+const struct srcaddrtab *ip6_encap_register_srcaddr(encap_srcaddr_t,
+    void *arg, int mflags);
+
+int ip_encap_unregister_srcaddr(const struct srcaddrtab *);
+int ip6_encap_unregister_srcaddr(const struct srcaddrtab *);
 int ip_encap_detach(const struct encaptab *);
 int ip6_encap_detach(const struct encaptab *);
 #endif
diff --git a/freebsd/sys/netinet/ip_fw.h b/freebsd/sys/netinet/ip_fw.h
index a7bf5b4d..cfcdaa29 100644
--- a/freebsd/sys/netinet/ip_fw.h
+++ b/freebsd/sys/netinet/ip_fw.h
@@ -615,6 +615,7 @@ struct ip_fw_rule {
 	ipfw_insn	cmd[1];		/* storage for commands		*/
 };
 #define	IPFW_RULE_NOOPT		0x01	/* Has no options in body	*/
+#define	IPFW_RULE_JUSTOPTS	0x02	/* new format of rule body	*/
 
 /* Unaligned version */
 
diff --git a/freebsd/sys/netinet/ip_gre.c b/freebsd/sys/netinet/ip_gre.c
index 65ab0ab9..6a88f37f 100644
--- a/freebsd/sys/netinet/ip_gre.c
+++ b/freebsd/sys/netinet/ip_gre.c
@@ -77,9 +77,13 @@ SYSCTL_INT(_net_inet_ip, OID_AUTO, grettl, CTLFLAG_VNET | CTLFLAG_RW,
     &VNET_NAME(ip_gre_ttl), 0, "Default TTL value for encapsulated packets");
 
 VNET_DEFINE_STATIC(struct gre_list *, ipv4_hashtbl) = NULL;
+VNET_DEFINE_STATIC(struct gre_list *, ipv4_srchashtbl) = NULL;
 #define	V_ipv4_hashtbl		VNET(ipv4_hashtbl)
+#define	V_ipv4_srchashtbl	VNET(ipv4_srchashtbl)
 #define	GRE_HASH(src, dst)	(V_ipv4_hashtbl[\
     in_gre_hashval((src), (dst)) & (GRE_HASH_SIZE - 1)])
+#define	GRE_SRCHASH(src)	(V_ipv4_srchashtbl[\
+    fnv_32_buf(&(src), sizeof(src), FNV1_32_INIT) & (GRE_HASH_SIZE - 1)])
 #define	GRE_HASH_SC(sc)		GRE_HASH((sc)->gre_oip.ip_src.s_addr,\
     (sc)->gre_oip.ip_dst.s_addr)
 
@@ -140,6 +144,43 @@ in_gre_lookup(const struct mbuf *m, int off, int proto, void **arg)
 	return (0);
 }
 
+/*
+ * Check that ingress address belongs to local host.
+ */
+static void
+in_gre_set_running(struct gre_softc *sc)
+{
+
+	if (in_localip(sc->gre_oip.ip_src))
+		GRE2IFP(sc)->if_drv_flags |= IFF_DRV_RUNNING;
+	else
+		GRE2IFP(sc)->if_drv_flags &= ~IFF_DRV_RUNNING;
+}
+
+/*
+ * ifaddr_event handler.
+ * Clear IFF_DRV_RUNNING flag when ingress address disappears to prevent
+ * source address spoofing.
+ */
+static void
+in_gre_srcaddr(void *arg __unused, const struct sockaddr *sa,
+    int event __unused)
+{
+	const struct sockaddr_in *sin;
+	struct gre_softc *sc;
+
+	if (V_ipv4_srchashtbl == NULL)
+		return;
+
+	MPASS(in_epoch(net_epoch_preempt));
+	sin = (const struct sockaddr_in *)sa;
+	CK_LIST_FOREACH(sc, &GRE_SRCHASH(sin->sin_addr.s_addr), srchash) {
+		if (sc->gre_oip.ip_src.s_addr != sin->sin_addr.s_addr)
+			continue;
+		in_gre_set_running(sc);
+	}
+}
+
 static void
 in_gre_attach(struct gre_softc *sc)
 {
@@ -150,6 +191,8 @@ in_gre_attach(struct gre_softc *sc)
 	sc->gre_oip.ip_p = IPPROTO_GRE;
 	gre_updatehdr(sc, &sc->gre_gihdr->gi_gre);
 	CK_LIST_INSERT_HEAD(&GRE_HASH_SC(sc), sc, chain);
+	CK_LIST_INSERT_HEAD(&GRE_SRCHASH(sc->gre_oip.ip_src.s_addr),
+	    sc, srchash);
 }
 
 void
@@ -161,6 +204,7 @@ in_gre_setopts(struct gre_softc *sc, u_long cmd, uint32_t value)
 	/* NOTE: we are protected with gre_ioctl_sx lock */
 	MPASS(sc->gre_family == AF_INET);
 	CK_LIST_REMOVE(sc, chain);
+	CK_LIST_REMOVE(sc, srchash);
 	GRE_WAIT();
 	if (cmd == GRESKEY)
 		sc->gre_key = value;
@@ -195,8 +239,10 @@ in_gre_ioctl(struct gre_softc *sc, u_long cmd, caddr_t data)
 			error = EADDRNOTAVAIL;
 			break;
 		}
-		if (V_ipv4_hashtbl == NULL)
+		if (V_ipv4_hashtbl == NULL) {
 			V_ipv4_hashtbl = gre_hashinit();
+			V_ipv4_srchashtbl = gre_hashinit();
+		}
 		error = in_gre_checkdup(sc, src->sin_addr.s_addr,
 		    dst->sin_addr.s_addr);
 		if (error == EADDRNOTAVAIL)
@@ -213,6 +259,7 @@ in_gre_ioctl(struct gre_softc *sc, u_long cmd, caddr_t data)
 		if (sc->gre_family != 0) {
 			/* Detach existing tunnel first */
 			CK_LIST_REMOVE(sc, chain);
+			CK_LIST_REMOVE(sc, srchash);
 			GRE_WAIT();
 			free(sc->gre_hdr, M_GRE);
 			/* XXX: should we notify about link state change? */
@@ -222,6 +269,7 @@ in_gre_ioctl(struct gre_softc *sc, u_long cmd, caddr_t data)
 		sc->gre_oseq = 0;
 		sc->gre_iseq = UINT32_MAX;
 		in_gre_attach(sc);
+		in_gre_set_running(sc);
 		break;
 	case SIOCGIFPSRCADDR:
 	case SIOCGIFPDSTADDR:
@@ -273,6 +321,7 @@ in_gre_output(struct mbuf *m, int af, int hlen)
 	return (ip_output(m, NULL, NULL, IP_FORWARDING, NULL, NULL));
 }
 
+static const struct srcaddrtab *ipv4_srcaddrtab = NULL;
 static const struct encaptab *ecookie = NULL;
 static const struct encap_config ipv4_encap_cfg = {
 	.proto = IPPROTO_GRE,
@@ -288,6 +337,8 @@ in_gre_init(void)
 
 	if (!IS_DEFAULT_VNET(curvnet))
 		return;
+	ipv4_srcaddrtab = ip_encap_register_srcaddr(in_gre_srcaddr,
+	    NULL, M_WAITOK);
 	ecookie = ip_encap_attach(&ipv4_encap_cfg, NULL, M_WAITOK);
 }
 
@@ -295,8 +346,12 @@ void
 in_gre_uninit(void)
 {
 
-	if (IS_DEFAULT_VNET(curvnet))
+	if (IS_DEFAULT_VNET(curvnet)) {
 		ip_encap_detach(ecookie);
-	if (V_ipv4_hashtbl != NULL)
+		ip_encap_unregister_srcaddr(ipv4_srcaddrtab);
+	}
+	if (V_ipv4_hashtbl != NULL) {
 		gre_hashdestroy(V_ipv4_hashtbl);
+		gre_hashdestroy(V_ipv4_srchashtbl);
+	}
 }
diff --git a/freebsd/sys/netinet/ip_icmp.c b/freebsd/sys/netinet/ip_icmp.c
index 414e3812..2f8b6fd1 100644
--- a/freebsd/sys/netinet/ip_icmp.c
+++ b/freebsd/sys/netinet/ip_icmp.c
@@ -160,6 +160,12 @@ SYSCTL_INT(_net_inet_icmp, OID_AUTO, tstamprepl, CTLFLAG_RW,
 	&VNET_NAME(icmptstamprepl), 0,
 	"Respond to ICMP Timestamp packets");
 
+VNET_DEFINE_STATIC(int, error_keeptags) = 0;
+#define	V_error_keeptags		VNET(error_keeptags)
+SYSCTL_INT(_net_inet_icmp, OID_AUTO, error_keeptags, CTLFLAG_VNET | CTLFLAG_RW,
+	&VNET_NAME(error_keeptags), 0,
+	"ICMP error response keeps copy of mbuf_tags of original packet");
+
 #ifdef ICMPPRINTFS
 int	icmpprintfs = 0;
 #endif
@@ -369,6 +375,10 @@ stdreply:	icmpelen = max(8, min(V_icmp_quotelen, ntohs(oip->ip_len) -
 	nip->ip_p = IPPROTO_ICMP;
 	nip->ip_tos = 0;
 	nip->ip_off = 0;
+
+	if (V_error_keeptags)
+		m_tag_copy_chain(m, n, M_NOWAIT);
+
 	icmp_reflect(m);
 
 freeit:
diff --git a/freebsd/sys/netinet/ip_options.c b/freebsd/sys/netinet/ip_options.c
index 7c189bdb..c90077ea 100644
--- a/freebsd/sys/netinet/ip_options.c
+++ b/freebsd/sys/netinet/ip_options.c
@@ -112,16 +112,16 @@ ip_dooptions(struct mbuf *m, int pass)
 	struct nhop4_extended nh_ext;
 	struct	sockaddr_in ipaddr = { sizeof(ipaddr), AF_INET };
 
-	NET_EPOCH_ENTER();
 	/* Ignore or reject packets with IP options. */
 	if (V_ip_doopts == 0)
 		return 0;
 	else if (V_ip_doopts == 2) {
 		type = ICMP_UNREACH;
 		code = ICMP_UNREACH_FILTER_PROHIB;
-		goto bad;
+		goto bad_unlocked;
 	}
 
+	NET_EPOCH_ENTER();
 	dst = ip->ip_dst;
 	cp = (u_char *)(ip + 1);
 	cnt = (ip->ip_hl << 2) - sizeof (struct ip);
@@ -390,6 +390,7 @@ dropit:
 	return (0);
 bad:
 	NET_EPOCH_EXIT();
+bad_unlocked:
 	icmp_error(m, type, code, 0, 0);
 	IPSTAT_INC(ips_badoptions);
 	return (1);
diff --git a/freebsd/sys/netinet/ip_output.c b/freebsd/sys/netinet/ip_output.c
index 5f643746..477388d7 100644
--- a/freebsd/sys/netinet/ip_output.c
+++ b/freebsd/sys/netinet/ip_output.c
@@ -264,11 +264,12 @@ ip_output(struct mbuf *m, struct mbuf *opt, struct route *ro, int flags,
 		ip->ip_v = IPVERSION;
 		ip->ip_hl = hlen >> 2;
 		ip_fillid(ip);
-		IPSTAT_INC(ips_localout);
 	} else {
 		/* Header already set, fetch hlen from there */
 		hlen = ip->ip_hl << 2;
 	}
+	if ((flags & IP_FORWARDING) == 0)
+		IPSTAT_INC(ips_localout);
 
 	/*
 	 * dst/gw handling:
@@ -934,10 +935,11 @@ in_delayed_cksum(struct mbuf *m)
 
 	if (m->m_pkthdr.csum_flags & CSUM_UDP) {
 		/* if udp header is not in the first mbuf copy udplen */
-		if (offset + sizeof(struct udphdr) > m->m_len)
+		if (offset + sizeof(struct udphdr) > m->m_len) {
 			m_copydata(m, offset + offsetof(struct udphdr,
 			    uh_ulen), sizeof(cklen), (caddr_t)&cklen);
-		else {
+			cklen = ntohs(cklen);
+		} else {
 			uh = (struct udphdr *)mtodo(m, offset);
 			cklen = ntohs(uh->uh_ulen);
 		}
diff --git a/freebsd/sys/netinet/sctp_asconf.c b/freebsd/sys/netinet/sctp_asconf.c
index c21e3251..2c66f65c 100644
--- a/freebsd/sys/netinet/sctp_asconf.c
+++ b/freebsd/sys/netinet/sctp_asconf.c
@@ -672,6 +672,7 @@ sctp_handle_asconf(struct mbuf *m, unsigned int offset,
 		SCTPDBG(SCTP_DEBUG_ASCONF1,
 		    "handle_asconf: couldn't get lookup addr!\n");
 		/* respond with a missing/invalid mandatory parameter error */
+		sctp_m_freem(m_ack);
 		return;
 	}
 	/* param_length is already validated in process_control... */
diff --git a/freebsd/sys/netinet/sctp_auth.c b/freebsd/sys/netinet/sctp_auth.c
index 0fc076e1..8301a98f 100644
--- a/freebsd/sys/netinet/sctp_auth.c
+++ b/freebsd/sys/netinet/sctp_auth.c
@@ -1062,40 +1062,6 @@ sctp_hmac_m(uint16_t hmac_algo, uint8_t *key, uint32_t keylen,
 	return (digestlen);
 }
 
-/*-
- * verify the HMAC digest using the desired hash key, text, and HMAC
- * algorithm.
- * Returns -1 on error, 0 on success.
- */
-int
-sctp_verify_hmac(uint16_t hmac_algo, uint8_t *key, uint32_t keylen,
-    uint8_t *text, uint32_t textlen,
-    uint8_t *digest, uint32_t digestlen)
-{
-	uint32_t len;
-	uint8_t temp[SCTP_AUTH_DIGEST_LEN_MAX];
-
-	/* sanity check the material and length */
-	if ((key == NULL) || (keylen == 0) ||
-	    (text == NULL) || (textlen == 0) || (digest == NULL)) {
-		/* can't do HMAC with empty key or text or digest */
-		return (-1);
-	}
-	len = sctp_get_hmac_digest_len(hmac_algo);
-	if ((len == 0) || (digestlen != len))
-		return (-1);
-
-	/* compute the expected hash */
-	if (sctp_hmac(hmac_algo, key, keylen, text, textlen, temp) != len)
-		return (-1);
-
-	if (memcmp(digest, temp, digestlen) != 0)
-		return (-1);
-	else
-		return (0);
-}
-
-
 /*
  * computes the requested HMAC using a key struct (which may be modified if
  * the keylen exceeds the HMAC block len).
@@ -1742,7 +1708,7 @@ sctp_handle_auth(struct sctp_tcb *stcb, struct sctp_auth_chunk *auth,
 	    m, offset, computed_digest);
 
 	/* compare the computed digest with the one in the AUTH chunk */
-	if (memcmp(digest, computed_digest, digestlen) != 0) {
+	if (timingsafe_bcmp(digest, computed_digest, digestlen) != 0) {
 		SCTP_STAT_INCR(sctps_recvauthfailed);
 		SCTPDBG(SCTP_DEBUG_AUTH1,
 		    "SCTP Auth: HMAC digest check failed\n");
diff --git a/freebsd/sys/netinet/sctp_auth.h b/freebsd/sys/netinet/sctp_auth.h
index 44126e3e..5c22cc74 100644
--- a/freebsd/sys/netinet/sctp_auth.h
+++ b/freebsd/sys/netinet/sctp_auth.h
@@ -178,9 +178,6 @@ extern uint32_t sctp_get_hmac_digest_len(uint16_t hmac_algo);
 extern uint32_t
 sctp_hmac(uint16_t hmac_algo, uint8_t *key, uint32_t keylen,
     uint8_t *text, uint32_t textlen, uint8_t *digest);
-extern int
-sctp_verify_hmac(uint16_t hmac_algo, uint8_t *key, uint32_t keylen,
-    uint8_t *text, uint32_t textlen, uint8_t *digest, uint32_t digestlen);
 extern uint32_t
 sctp_compute_hmac(uint16_t hmac_algo, sctp_key_t *key,
     uint8_t *text, uint32_t textlen, uint8_t *digest);
diff --git a/freebsd/sys/netinet/sctp_input.c b/freebsd/sys/netinet/sctp_input.c
index c7e86e78..5386aae4 100644
--- a/freebsd/sys/netinet/sctp_input.c
+++ b/freebsd/sys/netinet/sctp_input.c
@@ -2556,7 +2556,7 @@ sctp_handle_cookie_echo(struct mbuf *m, int iphlen, int offset,
 		return (NULL);
 	}
 	/* compare the received digest with the computed digest */
-	if (memcmp(calc_sig, sig, SCTP_SIGNATURE_SIZE) != 0) {
+	if (timingsafe_bcmp(calc_sig, sig, SCTP_SIGNATURE_SIZE) != 0) {
 		/* try the old cookie? */
 		if ((cookie->time_entered.tv_sec == (long)ep->time_of_secret_change) &&
 		    (ep->current_secret_number != ep->last_secret_number)) {
@@ -2565,7 +2565,7 @@ sctp_handle_cookie_echo(struct mbuf *m, int iphlen, int offset,
 			    (uint8_t *)ep->secret_key[(int)ep->last_secret_number],
 			    SCTP_SECRET_SIZE, m, cookie_offset, calc_sig, 0);
 			/* compare */
-			if (memcmp(calc_sig, sig, SCTP_SIGNATURE_SIZE) == 0)
+			if (timingsafe_bcmp(calc_sig, sig, SCTP_SIGNATURE_SIZE) == 0)
 				cookie_ok = 1;
 		}
 	} else {
@@ -5671,7 +5671,6 @@ sctp_common_input_processing(struct mbuf **mm, int iphlen, int offset, int lengt
 			    vrf_id, port);
 			goto out;
 		}
-
 	}
 	if (IS_SCTP_CONTROL(ch)) {
 		/* process the control portion of the SCTP packet */
diff --git a/freebsd/sys/netinet/sctp_output.c b/freebsd/sys/netinet/sctp_output.c
index 8f0c8aa4..9493882c 100644
--- a/freebsd/sys/netinet/sctp_output.c
+++ b/freebsd/sys/netinet/sctp_output.c
@@ -3574,7 +3574,6 @@ static int
 sctp_process_cmsgs_for_init(struct sctp_tcb *stcb, struct mbuf *control, int *error)
 {
 	struct cmsghdr cmh;
-	int tlen, at;
 	struct sctp_initmsg initmsg;
 #ifdef INET
 	struct sockaddr_in sin;
@@ -3582,34 +3581,37 @@ sctp_process_cmsgs_for_init(struct sctp_tcb *stcb, struct mbuf *control, int *er
 #ifdef INET6
 	struct sockaddr_in6 sin6;
 #endif
+	int tot_len, rem_len, cmsg_data_len, cmsg_data_off, off;
 
-	tlen = SCTP_BUF_LEN(control);
-	at = 0;
-	while (at < tlen) {
-		if ((tlen - at) < (int)CMSG_ALIGN(sizeof(cmh))) {
+	tot_len = SCTP_BUF_LEN(control);
+	for (off = 0; off < tot_len; off += CMSG_ALIGN(cmh.cmsg_len)) {
+		rem_len = tot_len - off;
+		if (rem_len < (int)CMSG_ALIGN(sizeof(cmh))) {
 			/* There is not enough room for one more. */
 			*error = EINVAL;
 			return (1);
 		}
-		m_copydata(control, at, sizeof(cmh), (caddr_t)&cmh);
+		m_copydata(control, off, sizeof(cmh), (caddr_t)&cmh);
 		if (cmh.cmsg_len < CMSG_ALIGN(sizeof(cmh))) {
 			/* We dont't have a complete CMSG header. */
 			*error = EINVAL;
 			return (1);
 		}
-		if (((int)cmh.cmsg_len + at) > tlen) {
+		if ((cmh.cmsg_len > INT_MAX) || ((int)cmh.cmsg_len > rem_len)) {
 			/* We don't have the complete CMSG. */
 			*error = EINVAL;
 			return (1);
 		}
+		cmsg_data_len = (int)cmh.cmsg_len - CMSG_ALIGN(sizeof(cmh));
+		cmsg_data_off = off + CMSG_ALIGN(sizeof(cmh));
 		if (cmh.cmsg_level == IPPROTO_SCTP) {
 			switch (cmh.cmsg_type) {
 			case SCTP_INIT:
-				if ((size_t)(cmh.cmsg_len - CMSG_ALIGN(sizeof(cmh))) < sizeof(struct sctp_initmsg)) {
+				if (cmsg_data_len < (int)sizeof(struct sctp_initmsg)) {
 					*error = EINVAL;
 					return (1);
 				}
-				m_copydata(control, at + CMSG_ALIGN(sizeof(cmh)), sizeof(struct sctp_initmsg), (caddr_t)&initmsg);
+				m_copydata(control, cmsg_data_off, sizeof(struct sctp_initmsg), (caddr_t)&initmsg);
 				if (initmsg.sinit_max_attempts)
 					stcb->asoc.max_init_times = initmsg.sinit_max_attempts;
 				if (initmsg.sinit_num_ostreams)
@@ -3664,7 +3666,7 @@ sctp_process_cmsgs_for_init(struct sctp_tcb *stcb, struct mbuf *control, int *er
 				break;
 #ifdef INET
 			case SCTP_DSTADDRV4:
-				if ((size_t)(cmh.cmsg_len - CMSG_ALIGN(sizeof(cmh))) < sizeof(struct in_addr)) {
+				if (cmsg_data_len < (int)sizeof(struct in_addr)) {
 					*error = EINVAL;
 					return (1);
 				}
@@ -3672,7 +3674,7 @@ sctp_process_cmsgs_for_init(struct sctp_tcb *stcb, struct mbuf *control, int *er
 				sin.sin_family = AF_INET;
 				sin.sin_len = sizeof(struct sockaddr_in);
 				sin.sin_port = stcb->rport;
-				m_copydata(control, at + CMSG_ALIGN(sizeof(cmh)), sizeof(struct in_addr), (caddr_t)&sin.sin_addr);
+				m_copydata(control, cmsg_data_off, sizeof(struct in_addr), (caddr_t)&sin.sin_addr);
 				if ((sin.sin_addr.s_addr == INADDR_ANY) ||
 				    (sin.sin_addr.s_addr == INADDR_BROADCAST) ||
 				    IN_MULTICAST(ntohl(sin.sin_addr.s_addr))) {
@@ -3688,7 +3690,7 @@ sctp_process_cmsgs_for_init(struct sctp_tcb *stcb, struct mbuf *control, int *er
 #endif
 #ifdef INET6
 			case SCTP_DSTADDRV6:
-				if ((size_t)(cmh.cmsg_len - CMSG_ALIGN(sizeof(cmh))) < sizeof(struct in6_addr)) {
+				if (cmsg_data_len < (int)sizeof(struct in6_addr)) {
 					*error = EINVAL;
 					return (1);
 				}
@@ -3696,7 +3698,7 @@ sctp_process_cmsgs_for_init(struct sctp_tcb *stcb, struct mbuf *control, int *er
 				sin6.sin6_family = AF_INET6;
 				sin6.sin6_len = sizeof(struct sockaddr_in6);
 				sin6.sin6_port = stcb->rport;
-				m_copydata(control, at + CMSG_ALIGN(sizeof(cmh)), sizeof(struct in6_addr), (caddr_t)&sin6.sin6_addr);
+				m_copydata(control, cmsg_data_off, sizeof(struct in6_addr), (caddr_t)&sin6.sin6_addr);
 				if (IN6_IS_ADDR_UNSPECIFIED(&sin6.sin6_addr) ||
 				    IN6_IS_ADDR_MULTICAST(&sin6.sin6_addr)) {
 					*error = EINVAL;
@@ -3729,7 +3731,6 @@ sctp_process_cmsgs_for_init(struct sctp_tcb *stcb, struct mbuf *control, int *er
 				break;
 			}
 		}
-		at += CMSG_ALIGN(cmh.cmsg_len);
 	}
 	return (0);
 }
@@ -3742,7 +3743,6 @@ sctp_findassociation_cmsgs(struct sctp_inpcb **inp_p,
     int *error)
 {
 	struct cmsghdr cmh;
-	int tlen, at;
 	struct sctp_tcb *stcb;
 	struct sockaddr *addr;
 #ifdef INET
@@ -3751,31 +3751,34 @@ sctp_findassociation_cmsgs(struct sctp_inpcb **inp_p,
 #ifdef INET6
 	struct sockaddr_in6 sin6;
 #endif
+	int tot_len, rem_len, cmsg_data_len, cmsg_data_off, off;
 
-	tlen = SCTP_BUF_LEN(control);
-	at = 0;
-	while (at < tlen) {
-		if ((tlen - at) < (int)CMSG_ALIGN(sizeof(cmh))) {
+	tot_len = SCTP_BUF_LEN(control);
+	for (off = 0; off < tot_len; off += CMSG_ALIGN(cmh.cmsg_len)) {
+		rem_len = tot_len - off;
+		if (rem_len < (int)CMSG_ALIGN(sizeof(cmh))) {
 			/* There is not enough room for one more. */
 			*error = EINVAL;
 			return (NULL);
 		}
-		m_copydata(control, at, sizeof(cmh), (caddr_t)&cmh);
+		m_copydata(control, off, sizeof(cmh), (caddr_t)&cmh);
 		if (cmh.cmsg_len < CMSG_ALIGN(sizeof(cmh))) {
 			/* We dont't have a complete CMSG header. */
 			*error = EINVAL;
 			return (NULL);
 		}
-		if (((int)cmh.cmsg_len + at) > tlen) {
+		if ((cmh.cmsg_len > INT_MAX) || ((int)cmh.cmsg_len > rem_len)) {
 			/* We don't have the complete CMSG. */
 			*error = EINVAL;
 			return (NULL);
 		}
+		cmsg_data_len = (int)cmh.cmsg_len - CMSG_ALIGN(sizeof(cmh));
+		cmsg_data_off = off + CMSG_ALIGN(sizeof(cmh));
 		if (cmh.cmsg_level == IPPROTO_SCTP) {
 			switch (cmh.cmsg_type) {
 #ifdef INET
 			case SCTP_DSTADDRV4:
-				if ((size_t)(cmh.cmsg_len - CMSG_ALIGN(sizeof(cmh))) < sizeof(struct in_addr)) {
+				if (cmsg_data_len < (int)sizeof(struct in_addr)) {
 					*error = EINVAL;
 					return (NULL);
 				}
@@ -3783,13 +3786,13 @@ sctp_findassociation_cmsgs(struct sctp_inpcb **inp_p,
 				sin.sin_family = AF_INET;
 				sin.sin_len = sizeof(struct sockaddr_in);
 				sin.sin_port = port;
-				m_copydata(control, at + CMSG_ALIGN(sizeof(cmh)), sizeof(struct in_addr), (caddr_t)&sin.sin_addr);
+				m_copydata(control, cmsg_data_off, sizeof(struct in_addr), (caddr_t)&sin.sin_addr);
 				addr = (struct sockaddr *)&sin;
 				break;
 #endif
 #ifdef INET6
 			case SCTP_DSTADDRV6:
-				if ((size_t)(cmh.cmsg_len - CMSG_ALIGN(sizeof(cmh))) < sizeof(struct in6_addr)) {
+				if (cmsg_data_len < (int)sizeof(struct in6_addr)) {
 					*error = EINVAL;
 					return (NULL);
 				}
@@ -3797,7 +3800,7 @@ sctp_findassociation_cmsgs(struct sctp_inpcb **inp_p,
 				sin6.sin6_family = AF_INET6;
 				sin6.sin6_len = sizeof(struct sockaddr_in6);
 				sin6.sin6_port = port;
-				m_copydata(control, at + CMSG_ALIGN(sizeof(cmh)), sizeof(struct in6_addr), (caddr_t)&sin6.sin6_addr);
+				m_copydata(control, cmsg_data_off, sizeof(struct in6_addr), (caddr_t)&sin6.sin6_addr);
 #ifdef INET
 				if (IN6_IS_ADDR_V4MAPPED(&sin6.sin6_addr)) {
 					in6_sin6_2_sin(&sin, &sin6);
@@ -3818,7 +3821,6 @@ sctp_findassociation_cmsgs(struct sctp_inpcb **inp_p,
 				}
 			}
 		}
-		at += CMSG_ALIGN(cmh.cmsg_len);
 	}
 	return (NULL);
 }
@@ -4265,6 +4267,9 @@ sctp_lowlevel_chunk_output(struct sctp_inpcb *inp,
 				atomic_subtract_int(&stcb->asoc.refcnt, 1);
 			}
 #endif
+			if (port) {
+				UDPSTAT_INC(udps_opackets);
+			}
 			SCTP_STAT_INCR(sctps_sendpackets);
 			SCTP_STAT_INCR_COUNTER64(sctps_outpackets);
 			if (ret)
@@ -4364,6 +4369,7 @@ sctp_lowlevel_chunk_output(struct sctp_inpcb *inp,
 			/* KAME hack: embed scopeid */
 			if (sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone)) != 0) {
 				SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL);
+				sctp_m_freem(m);
 				return (EINVAL);
 			}
 			if (net == NULL) {
@@ -4428,6 +4434,7 @@ sctp_lowlevel_chunk_output(struct sctp_inpcb *inp,
 					/* KAME hack: embed scopeid */
 					if (sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone)) != 0) {
 						SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL);
+						sctp_m_freem(m);
 						return (EINVAL);
 					}
 					/* Cache the source address */
@@ -4454,6 +4461,7 @@ sctp_lowlevel_chunk_output(struct sctp_inpcb *inp,
 				/* KAME hack: embed scopeid */
 				if (sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone)) != 0) {
 					SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL);
+					sctp_m_freem(m);
 					return (EINVAL);
 				}
 				if (over_addr == NULL) {
@@ -4605,6 +4613,9 @@ sctp_lowlevel_chunk_output(struct sctp_inpcb *inp,
 				sin6->sin6_port = prev_port;
 			}
 			SCTPDBG(SCTP_DEBUG_OUTPUT3, "return from send is %d\n", ret);
+			if (port) {
+				UDPSTAT_INC(udps_opackets);
+			}
 			SCTP_STAT_INCR(sctps_sendpackets);
 			SCTP_STAT_INCR_COUNTER64(sctps_outpackets);
 			if (ret) {
@@ -4974,7 +4985,6 @@ sctp_arethere_unrecognized_parameters(struct mbuf *in_initpkt,
 	struct sctp_paramhdr *phdr, params;
 
 	struct mbuf *mat, *op_err;
-	char tempbuf[SCTP_PARAM_BUFFER_SIZE];
 	int at, limit, pad_needed;
 	uint16_t ptype, plen, padded_size;
 	int err_at;
@@ -5114,15 +5124,13 @@ sctp_arethere_unrecognized_parameters(struct mbuf *in_initpkt,
 					l_len = SCTP_MIN_V4_OVERHEAD;
 #endif
 					l_len += sizeof(struct sctp_chunkhdr);
-					l_len += plen;
-					l_len += sizeof(struct sctp_paramhdr);
+					l_len += sizeof(struct sctp_gen_error_cause);
 					op_err = sctp_get_mbuf_for_msg(l_len, 0, M_NOWAIT, 1, MT_DATA);
 					if (op_err) {
 						SCTP_BUF_LEN(op_err) = 0;
 						/*
-						 * pre-reserve space for ip
-						 * and sctp header  and
-						 * chunk hdr
+						 * Pre-reserve space for IP,
+						 * SCTP, and chunk header.
 						 */
 #ifdef INET6
 						SCTP_BUF_RESV_UF(op_err, sizeof(struct ip6_hdr));
@@ -5135,7 +5143,7 @@ sctp_arethere_unrecognized_parameters(struct mbuf *in_initpkt,
 				}
 				if (op_err) {
 					/* If we have space */
-					struct sctp_paramhdr s;
+					struct sctp_gen_error_cause cause;
 
 					if (err_at % 4) {
 						uint32_t cpthis = 0;
@@ -5144,26 +5152,15 @@ sctp_arethere_unrecognized_parameters(struct mbuf *in_initpkt,
 						m_copyback(op_err, err_at, pad_needed, (caddr_t)&cpthis);
 						err_at += pad_needed;
 					}
-					s.param_type = htons(SCTP_CAUSE_UNRESOLVABLE_ADDR);
-					s.param_length = htons(sizeof(s) + plen);
-					m_copyback(op_err, err_at, sizeof(s), (caddr_t)&s);
-					err_at += sizeof(s);
-					if (plen > sizeof(tempbuf)) {
-						plen = sizeof(tempbuf);
-					}
-					phdr = sctp_get_next_param(mat, at, (struct sctp_paramhdr *)tempbuf, plen);
-					if (phdr == NULL) {
+					cause.code = htons(SCTP_CAUSE_UNRESOLVABLE_ADDR);
+					cause.length = htons((uint16_t)(sizeof(struct sctp_gen_error_cause) + plen));
+					m_copyback(op_err, err_at, sizeof(struct sctp_gen_error_cause), (caddr_t)&cause);
+					err_at += sizeof(struct sctp_gen_error_cause);
+					SCTP_BUF_NEXT(op_err) = SCTP_M_COPYM(mat, at, plen, M_NOWAIT);
+					if (SCTP_BUF_NEXT(op_err) == NULL) {
 						sctp_m_freem(op_err);
-						/*
-						 * we are out of memory but
-						 * we still need to have a
-						 * look at what to do (the
-						 * system is in trouble
-						 * though).
-						 */
 						return (NULL);
 					}
-					m_copyback(op_err, err_at, plen, (caddr_t)phdr);
 				}
 				return (op_err);
 				break;
@@ -5187,7 +5184,6 @@ sctp_arethere_unrecognized_parameters(struct mbuf *in_initpkt,
 					l_len = SCTP_MIN_V4_OVERHEAD;
 #endif
 					l_len += sizeof(struct sctp_chunkhdr);
-					l_len += plen;
 					l_len += sizeof(struct sctp_paramhdr);
 					op_err = sctp_get_mbuf_for_msg(l_len, 0, M_NOWAIT, 1, MT_DATA);
 					if (op_err) {
@@ -5213,14 +5209,11 @@ sctp_arethere_unrecognized_parameters(struct mbuf *in_initpkt,
 						err_at += pad_needed;
 					}
 					s.param_type = htons(SCTP_UNRECOG_PARAM);
-					s.param_length = htons(sizeof(s) + plen);
-					m_copyback(op_err, err_at, sizeof(s), (caddr_t)&s);
-					err_at += sizeof(s);
-					if (plen > sizeof(tempbuf)) {
-						plen = sizeof(tempbuf);
-					}
-					phdr = sctp_get_next_param(mat, at, (struct sctp_paramhdr *)tempbuf, plen);
-					if (phdr == NULL) {
+					s.param_length = htons((uint16_t)sizeof(struct sctp_paramhdr) + plen);
+					m_copyback(op_err, err_at, sizeof(struct sctp_paramhdr), (caddr_t)&s);
+					err_at += sizeof(struct sctp_paramhdr);
+					SCTP_BUF_NEXT(op_err) = SCTP_M_COPYM(mat, at, plen, M_NOWAIT);
+					if (SCTP_BUF_NEXT(op_err) == NULL) {
 						sctp_m_freem(op_err);
 						/*
 						 * we are out of memory but
@@ -5232,7 +5225,6 @@ sctp_arethere_unrecognized_parameters(struct mbuf *in_initpkt,
 						op_err = NULL;
 						goto more_processing;
 					}
-					m_copyback(op_err, err_at, plen, (caddr_t)phdr);
 					err_at += plen;
 				}
 			}
@@ -7212,7 +7204,7 @@ one_more_time:
 	if ((sp->msg_is_complete) && (sp->length == 0)) {
 		if (sp->sender_all_done) {
 			/*
-			 * We are doing differed cleanup. Last time through
+			 * We are doing deferred cleanup. Last time through
 			 * when we took all the data the sender_all_done was
 			 * not set.
 			 */
@@ -8966,14 +8958,15 @@ sctp_queue_op_err(struct sctp_tcb *stcb, struct mbuf *op_err)
 		return;
 	}
 	chk->copy_by_ref = 0;
+	chk->rec.chunk_id.id = SCTP_OPERATION_ERROR;
+	chk->rec.chunk_id.can_take_data = 0;
+	chk->flags = 0;
 	chk->send_size = (uint16_t)chunk_length;
 	chk->sent = SCTP_DATAGRAM_UNSENT;
 	chk->snd_count = 0;
 	chk->asoc = &stcb->asoc;
 	chk->data = op_err;
 	chk->whoTo = NULL;
-	chk->rec.chunk_id.id = SCTP_OPERATION_ERROR;
-	chk->rec.chunk_id.can_take_data = 0;
 	hdr = mtod(op_err, struct sctp_chunkhdr *);
 	hdr->chunk_type = SCTP_OPERATION_ERROR;
 	hdr->chunk_flags = 0;
@@ -9195,7 +9188,6 @@ sctp_send_shutdown_ack(struct sctp_tcb *stcb, struct sctp_nets *net)
 	chk->send_size = sizeof(struct sctp_chunkhdr);
 	chk->sent = SCTP_DATAGRAM_UNSENT;
 	chk->snd_count = 0;
-	chk->flags = 0;
 	chk->asoc = &stcb->asoc;
 	chk->data = m_shutdown_ack;
 	chk->whoTo = net;
@@ -9250,7 +9242,6 @@ sctp_send_shutdown(struct sctp_tcb *stcb, struct sctp_nets *net)
 		chk->send_size = sizeof(struct sctp_shutdown_chunk);
 		chk->sent = SCTP_DATAGRAM_UNSENT;
 		chk->snd_count = 0;
-		chk->flags = 0;
 		chk->asoc = &stcb->asoc;
 		chk->data = m_shutdown;
 		chk->whoTo = net;
@@ -11292,6 +11283,9 @@ sctp_send_resp_msg(struct sockaddr *src, struct sockaddr *dst,
 		return;
 	}
 	SCTPDBG(SCTP_DEBUG_OUTPUT3, "return from send is %d\n", ret);
+	if (port) {
+		UDPSTAT_INC(udps_opackets);
+	}
 	SCTP_STAT_INCR(sctps_sendpackets);
 	SCTP_STAT_INCR_COUNTER64(sctps_outpackets);
 	SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks);
@@ -12156,7 +12150,6 @@ sctp_send_str_reset_req(struct sctp_tcb *stcb,
 	chk->book_size = sizeof(struct sctp_chunkhdr);
 	chk->send_size = SCTP_SIZE32(chk->book_size);
 	chk->book_size_scale = 0;
-
 	chk->data = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_NOWAIT, 1, MT_DATA);
 	if (chk->data == NULL) {
 		sctp_free_a_chunk(stcb, chk, SCTP_SO_LOCKED);
diff --git a/freebsd/sys/netinet/sctputil.c b/freebsd/sys/netinet/sctputil.c
index c3cb115e..ddf136ef 100644
--- a/freebsd/sys/netinet/sctputil.c
+++ b/freebsd/sys/netinet/sctputil.c
@@ -3702,7 +3702,7 @@ sctp_ulp_notify(uint32_t notification, struct sctp_tcb *stcb,
 		return;
 	}
 	if ((SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_WAIT) ||
-	    (SCTP_GET_STATE(stcb) ==  SCTP_STATE_COOKIE_ECHOED)) {
+	    (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED)) {
 		if ((notification == SCTP_NOTIFY_INTERFACE_DOWN) ||
 		    (notification == SCTP_NOTIFY_INTERFACE_UP) ||
 		    (notification == SCTP_NOTIFY_INTERFACE_CONFIRMED)) {
@@ -7393,8 +7393,8 @@ sctp_set_state(struct sctp_tcb *stcb, int new_state)
 #endif
 
 	KASSERT((new_state & ~SCTP_STATE_MASK) == 0,
-	        ("sctp_set_state: Can't set substate (new_state = %x)",
-	        new_state));
+	    ("sctp_set_state: Can't set substate (new_state = %x)",
+	    new_state));
 	stcb->asoc.state = (stcb->asoc.state & ~SCTP_STATE_MASK) | new_state;
 	if ((new_state == SCTP_STATE_SHUTDOWN_RECEIVED) ||
 	    (new_state == SCTP_STATE_SHUTDOWN_SENT) ||
@@ -7404,7 +7404,7 @@ sctp_set_state(struct sctp_tcb *stcb, int new_state)
 #if defined(KDTRACE_HOOKS)
 	if (((old_state & SCTP_STATE_MASK) != new_state) &&
 	    !(((old_state & SCTP_STATE_MASK) == SCTP_STATE_EMPTY) &&
-	      (new_state == SCTP_STATE_INUSE))) {
+	    (new_state == SCTP_STATE_INUSE))) {
 		SCTP_PROBE6(state__change, NULL, stcb, NULL, stcb, NULL, old_state);
 	}
 #endif
@@ -7418,14 +7418,14 @@ sctp_add_substate(struct sctp_tcb *stcb, int substate)
 #endif
 
 	KASSERT((substate & SCTP_STATE_MASK) == 0,
-	        ("sctp_add_substate: Can't set state (substate = %x)",
-	        substate));
+	    ("sctp_add_substate: Can't set state (substate = %x)",
+	    substate));
 	stcb->asoc.state |= substate;
 #if defined(KDTRACE_HOOKS)
 	if (((substate & SCTP_STATE_ABOUT_TO_BE_FREED) &&
-	     ((old_state & SCTP_STATE_ABOUT_TO_BE_FREED) == 0)) ||
+	    ((old_state & SCTP_STATE_ABOUT_TO_BE_FREED) == 0)) ||
 	    ((substate & SCTP_STATE_SHUTDOWN_PENDING) &&
-	     ((old_state & SCTP_STATE_SHUTDOWN_PENDING) == 0))) {
+	    ((old_state & SCTP_STATE_SHUTDOWN_PENDING) == 0))) {
 		SCTP_PROBE6(state__change, NULL, stcb, NULL, stcb, NULL, old_state);
 	}
 #endif
diff --git a/freebsd/sys/netinet/tcp_input.c b/freebsd/sys/netinet/tcp_input.c
index 2c6c3048..d00504dc 100644
--- a/freebsd/sys/netinet/tcp_input.c
+++ b/freebsd/sys/netinet/tcp_input.c
@@ -802,7 +802,7 @@ findpcb:
 	if (ti_locked == TI_RLOCKED) {
 		INP_INFO_RLOCK_ASSERT(&V_tcbinfo);
 	} else {
-		INP_INFO_UNLOCK_ASSERT(&V_tcbinfo);
+		INP_INFO_WUNLOCK_ASSERT(&V_tcbinfo);
 	}
 #endif
 #ifdef INET6
@@ -1167,7 +1167,7 @@ tfo_socket_result:
 		 * causes.
 		 */
 		if (thflags & TH_RST) {
-			syncache_chkrst(&inc, th);
+			syncache_chkrst(&inc, th, m);
 			goto dropunlock;
 		}
 		/*
@@ -1360,7 +1360,7 @@ tfo_socket_result:
 			INP_INFO_RUNLOCK_ET(&V_tcbinfo, et);
 			ti_locked = TI_UNLOCKED;
 		}
-		INP_INFO_UNLOCK_ASSERT(&V_tcbinfo);
+		INP_INFO_WUNLOCK_ASSERT(&V_tcbinfo);
 		return (IPPROTO_DONE);
 	} else if (tp->t_state == TCPS_LISTEN) {
 		/*
@@ -1407,7 +1407,7 @@ dropwithreset:
 	else {
 		KASSERT(ti_locked == TI_UNLOCKED, ("%s: dropwithreset "
 		    "ti_locked: %d", __func__, ti_locked));
-		INP_INFO_UNLOCK_ASSERT(&V_tcbinfo);
+		INP_INFO_WUNLOCK_ASSERT(&V_tcbinfo);
 	}
 #endif
 
@@ -1431,7 +1431,7 @@ dropunlock:
 	else {
 		KASSERT(ti_locked == TI_UNLOCKED, ("%s: dropunlock "
 		    "ti_locked: %d", __func__, ti_locked));
-		INP_INFO_UNLOCK_ASSERT(&V_tcbinfo);
+		INP_INFO_WUNLOCK_ASSERT(&V_tcbinfo);
 	}
 #endif
 
@@ -1439,7 +1439,7 @@ dropunlock:
 		INP_WUNLOCK(inp);
 
 drop:
-	INP_INFO_UNLOCK_ASSERT(&V_tcbinfo);
+	INP_INFO_WUNLOCK_ASSERT(&V_tcbinfo);
 	if (s != NULL)
 		free(s, M_TCPLOG);
 	if (m != NULL)
diff --git a/freebsd/sys/netinet/tcp_output.c b/freebsd/sys/netinet/tcp_output.c
index 8f83440d..60276348 100644
--- a/freebsd/sys/netinet/tcp_output.c
+++ b/freebsd/sys/netinet/tcp_output.c
@@ -897,6 +897,7 @@ send:
 					len = max_len;
 				}
 			}
+
 			/*
 			 * Prevent the last segment from being
 			 * fractional unless the send sockbuf can be
diff --git a/freebsd/sys/netinet/tcp_reass.c b/freebsd/sys/netinet/tcp_reass.c
index 4776a808..fea3b716 100644
--- a/freebsd/sys/netinet/tcp_reass.c
+++ b/freebsd/sys/netinet/tcp_reass.c
@@ -530,7 +530,6 @@ tcp_reass(struct tcpcb *tp, struct tcphdr *th, tcp_seq *seq_start,
 	struct tseg_qent *p = NULL;
 	struct tseg_qent *nq = NULL;
 	struct tseg_qent *te = NULL;
-	struct tseg_qent tqs;
 	struct mbuf *mlast = NULL;
 	struct sockbuf *sb;
 	struct socket *so = tp->t_inpcb->inp_socket;
@@ -1055,8 +1054,7 @@ present:
 		KASSERT(tp->t_segqmbuflen >= q->tqe_mbuf_cnt,
 			("tp:%p seg queue goes negative", tp));
 		tp->t_segqmbuflen -= q->tqe_mbuf_cnt;
-		if (q != &tqs) 
-			uma_zfree(tcp_reass_zone, q);
+		uma_zfree(tcp_reass_zone, q);
 		tp->t_segqlen--;
 		q = nq;
 	} while (q && q->tqe_start == tp->rcv_nxt);
diff --git a/freebsd/sys/netinet/tcp_syncache.c b/freebsd/sys/netinet/tcp_syncache.c
index 6fdd859d..a913f5b6 100644
--- a/freebsd/sys/netinet/tcp_syncache.c
+++ b/freebsd/sys/netinet/tcp_syncache.c
@@ -132,8 +132,8 @@ SYSCTL_INT(_net_inet_tcp, OID_AUTO, functions_inherit_listen_socket_stack,
 static void	 syncache_drop(struct syncache *, struct syncache_head *);
 static void	 syncache_free(struct syncache *);
 static void	 syncache_insert(struct syncache *, struct syncache_head *);
-static int	 syncache_respond(struct syncache *, struct syncache_head *, int,
-		    const struct mbuf *);
+static int	 syncache_respond(struct syncache *, struct syncache_head *,
+		    const struct mbuf *, int);
 static struct	 socket *syncache_socket(struct syncache *, struct socket *,
 		    struct mbuf *m);
 static void	 syncache_timeout(struct syncache *sc, struct syncache_head *sch,
@@ -491,7 +491,7 @@ syncache_timer(void *xsch)
 			free(s, M_TCPLOG);
 		}
 
-		syncache_respond(sc, sch, 1, NULL);
+		syncache_respond(sc, sch, NULL, TH_SYN|TH_ACK);
 		TCPSTAT_INC(tcps_sc_retransmitted);
 		syncache_timeout(sc, sch, 0);
 	}
@@ -539,9 +539,10 @@ syncache_lookup(struct in_conninfo *inc, struct syncache_head **schp)
  * This function is called when we get a RST for a
  * non-existent connection, so that we can see if the
  * connection is in the syn cache.  If it is, zap it.
+ * If required send a challenge ACK.
  */
 void
-syncache_chkrst(struct in_conninfo *inc, struct tcphdr *th)
+syncache_chkrst(struct in_conninfo *inc, struct tcphdr *th, struct mbuf *m)
 {
 	struct syncache *sc;
 	struct syncache_head *sch;
@@ -592,19 +593,36 @@ syncache_chkrst(struct in_conninfo *inc, struct tcphdr *th)
 	 *   send a reset with the sequence number at the rightmost edge
 	 *   of our receive window, and we have to handle this case.
 	 */
-	if (SEQ_GEQ(th->th_seq, sc->sc_irs) &&
-	    SEQ_LEQ(th->th_seq, sc->sc_irs + sc->sc_wnd)) {
-		syncache_drop(sc, sch);
-		if ((s = tcp_log_addrs(inc, th, NULL, NULL)))
-			log(LOG_DEBUG, "%s; %s: Our SYN|ACK was rejected, "
-			    "connection attempt aborted by remote endpoint\n",
-			    s, __func__);
-		TCPSTAT_INC(tcps_sc_reset);
+	if ((SEQ_GEQ(th->th_seq, sc->sc_irs + 1) &&
+	    SEQ_LT(th->th_seq, sc->sc_irs + 1 + sc->sc_wnd)) ||
+	    (sc->sc_wnd == 0 && th->th_seq == sc->sc_irs + 1)) {
+		if (V_tcp_insecure_rst ||
+		    th->th_seq == sc->sc_irs + 1) {
+			syncache_drop(sc, sch);
+			if ((s = tcp_log_addrs(inc, th, NULL, NULL)))
+				log(LOG_DEBUG,
+				    "%s; %s: Our SYN|ACK was rejected, "
+				    "connection attempt aborted by remote "
+				    "endpoint\n",
+				    s, __func__);
+			TCPSTAT_INC(tcps_sc_reset);
+		} else {
+			TCPSTAT_INC(tcps_badrst);
+			/* Send challenge ACK. */
+			if ((s = tcp_log_addrs(inc, th, NULL, NULL)))
+				log(LOG_DEBUG, "%s; %s: RST with invalid "
+				    " SEQ %u != NXT %u (+WND %u), "
+				    "sending challenge ACK\n",
+				    s, __func__,
+				    th->th_seq, sc->sc_irs + 1, sc->sc_wnd);
+			syncache_respond(sc, sch, m, TH_ACK);
+		}
 	} else {
 		if ((s = tcp_log_addrs(inc, th, NULL, NULL)))
 			log(LOG_DEBUG, "%s; %s: RST with invalid SEQ %u != "
-			    "IRS %u (+WND %u), segment ignored\n",
-			    s, __func__, th->th_seq, sc->sc_irs, sc->sc_wnd);
+			    "NXT %u (+WND %u), segment ignored\n",
+			    s, __func__,
+			    th->th_seq, sc->sc_irs + 1, sc->sc_wnd);
 		TCPSTAT_INC(tcps_badrst);
 	}
 
@@ -1423,7 +1441,7 @@ syncache_add(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th,
 			    s, __func__);
 			free(s, M_TCPLOG);
 		}
-		if (syncache_respond(sc, sch, 1, m) == 0) {
+		if (syncache_respond(sc, sch, m, TH_SYN|TH_ACK) == 0) {
 			sc->sc_rxmits = 0;
 			syncache_timeout(sc, sch, 1);
 			TCPSTAT_INC(tcps_sndacks);
@@ -1587,7 +1605,7 @@ skip_alloc:
 	/*
 	 * Do a standard 3-way handshake.
 	 */
-	if (syncache_respond(sc, sch, 0, m) == 0) {
+	if (syncache_respond(sc, sch, m, TH_SYN|TH_ACK) == 0) {
 		if (V_tcp_syncookies && V_tcp_syncookiesonly && sc != &scs)
 			syncache_free(sc);
 		else if (sc != &scs)
@@ -1628,12 +1646,12 @@ tfo_expanded:
 }
 
 /*
- * Send SYN|ACK to the peer.  Either in response to the peer's SYN,
+ * Send SYN|ACK or ACK to the peer.  Either in response to a peer's segment,
  * i.e. m0 != NULL, or upon 3WHS ACK timeout, i.e. m0 == NULL.
  */
 static int
-syncache_respond(struct syncache *sc, struct syncache_head *sch, int locked,
-    const struct mbuf *m0)
+syncache_respond(struct syncache *sc, struct syncache_head *sch,
+    const struct mbuf *m0, int flags)
 {
 	struct ip *ip = NULL;
 	struct mbuf *m;
@@ -1719,15 +1737,18 @@ syncache_respond(struct syncache *sc, struct syncache_head *sch, int locked,
 	th->th_sport = sc->sc_inc.inc_lport;
 	th->th_dport = sc->sc_inc.inc_fport;
 
-	th->th_seq = htonl(sc->sc_iss);
+	if (flags & TH_SYN)
+		th->th_seq = htonl(sc->sc_iss);
+	else
+		th->th_seq = htonl(sc->sc_iss + 1);
 	th->th_ack = htonl(sc->sc_irs + 1);
 	th->th_off = sizeof(struct tcphdr) >> 2;
 	th->th_x2 = 0;
-	th->th_flags = TH_SYN|TH_ACK;
+	th->th_flags = flags;
 	th->th_win = htons(sc->sc_wnd);
 	th->th_urp = 0;
 
-	if (sc->sc_flags & SCF_ECN) {
+	if ((flags & TH_SYN) && (sc->sc_flags & SCF_ECN)) {
 		th->th_flags |= TH_ECE;
 		TCPSTAT_INC(tcps_ecn_shs);
 	}
@@ -1736,30 +1757,32 @@ syncache_respond(struct syncache *sc, struct syncache_head *sch, int locked,
 	if ((sc->sc_flags & SCF_NOOPT) == 0) {
 		to.to_flags = 0;
 
-		to.to_mss = mssopt;
-		to.to_flags = TOF_MSS;
-		if (sc->sc_flags & SCF_WINSCALE) {
-			to.to_wscale = sc->sc_requested_r_scale;
-			to.to_flags |= TOF_SCALE;
+		if (flags & TH_SYN) {
+			to.to_mss = mssopt;
+			to.to_flags = TOF_MSS;
+			if (sc->sc_flags & SCF_WINSCALE) {
+				to.to_wscale = sc->sc_requested_r_scale;
+				to.to_flags |= TOF_SCALE;
+			}
+			if (sc->sc_flags & SCF_SACK)
+				to.to_flags |= TOF_SACKPERM;
+#if defined(IPSEC_SUPPORT) || defined(TCP_SIGNATURE)
+			if (sc->sc_flags & SCF_SIGNATURE)
+				to.to_flags |= TOF_SIGNATURE;
+#endif
+			if (sc->sc_tfo_cookie) {
+				to.to_flags |= TOF_FASTOPEN;
+				to.to_tfo_len = TCP_FASTOPEN_COOKIE_LEN;
+				to.to_tfo_cookie = sc->sc_tfo_cookie;
+				/* don't send cookie again when retransmitting response */
+				sc->sc_tfo_cookie = NULL;
+			}
 		}
 		if (sc->sc_flags & SCF_TIMESTAMP) {
 			to.to_tsval = sc->sc_tsoff + tcp_ts_getticks();
 			to.to_tsecr = sc->sc_tsreflect;
 			to.to_flags |= TOF_TS;
 		}
-		if (sc->sc_flags & SCF_SACK)
-			to.to_flags |= TOF_SACKPERM;
-#if defined(IPSEC_SUPPORT) || defined(TCP_SIGNATURE)
-		if (sc->sc_flags & SCF_SIGNATURE)
-			to.to_flags |= TOF_SIGNATURE;
-#endif
-		if (sc->sc_tfo_cookie) {
-			to.to_flags |= TOF_FASTOPEN;
-			to.to_tfo_len = TCP_FASTOPEN_COOKIE_LEN;
-			to.to_tfo_cookie = sc->sc_tfo_cookie;
-			/* don't send cookie again when retransmitting response */
-			sc->sc_tfo_cookie = NULL;
-		}
 		optlen = tcp_addoptions(&to, (u_char *)(th + 1));
 
 		/* Adjust headers by option size. */
diff --git a/freebsd/sys/netinet/tcp_syncache.h b/freebsd/sys/netinet/tcp_syncache.h
index 0104e528..3067b7ef 100644
--- a/freebsd/sys/netinet/tcp_syncache.h
+++ b/freebsd/sys/netinet/tcp_syncache.h
@@ -46,7 +46,7 @@ int	 syncache_expand(struct in_conninfo *, struct tcpopt *,
 int	 syncache_add(struct in_conninfo *, struct tcpopt *,
 	     struct tcphdr *, struct inpcb *, struct socket **, struct mbuf *,
 	     void *, void *);
-void	 syncache_chkrst(struct in_conninfo *, struct tcphdr *);
+void	 syncache_chkrst(struct in_conninfo *, struct tcphdr *, struct mbuf *);
 void	 syncache_badack(struct in_conninfo *);
 int	 syncache_pcblist(struct sysctl_req *req, int max_pcbs, int *pcbs_exported);
 
diff --git a/freebsd/sys/netinet/udp_usrreq.c b/freebsd/sys/netinet/udp_usrreq.c
index 9557c154..ca4fecc0 100644
--- a/freebsd/sys/netinet/udp_usrreq.c
+++ b/freebsd/sys/netinet/udp_usrreq.c
@@ -534,7 +534,6 @@ udp_input(struct mbuf **mp, int *offp, int proto)
 	    in_broadcast(ip->ip_dst, ifp)) {
 		struct inpcb *last;
 		struct inpcbhead *pcblist;
-		struct ip_moptions *imo;
 
 		INP_INFO_RLOCK_ET(pcbinfo, et);
 		pcblist = udp_get_pcblist(proto);
@@ -558,6 +557,11 @@ udp_input(struct mbuf **mp, int *offp, int proto)
 
 			INP_RLOCK(inp);
 
+			if (__predict_false(inp->inp_flags2 & INP_FREED)) {
+				INP_RUNLOCK(inp);
+				continue;
+			}
+
 			/*
 			 * XXXRW: Because we weren't holding either the inpcb
 			 * or the hash lock when we checked for a match
@@ -569,10 +573,12 @@ udp_input(struct mbuf **mp, int *offp, int proto)
 			 * Handle socket delivery policy for any-source
 			 * and source-specific multicast. [RFC3678]
 			 */
-			imo = inp->inp_moptions;
 			if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) {
+				struct ip_moptions	*imo;
 				struct sockaddr_in	 group;
 				int			 blocked;
+
+				imo = inp->inp_moptions;
 				if (imo == NULL) {
 					INP_RUNLOCK(inp);
 					continue;
@@ -762,13 +768,7 @@ struct inpcb *
 udp_notify(struct inpcb *inp, int errno)
 {
 
-	/*
-	 * While udp_ctlinput() always calls udp_notify() with a read lock
-	 * when invoking it directly, in_pcbnotifyall() currently uses write
-	 * locks due to sharing code with TCP.  For now, accept either a read
-	 * or a write lock, but a read lock is sufficient.
-	 */
-	INP_LOCK_ASSERT(inp);
+	INP_WLOCK_ASSERT(inp);
 	if ((errno == EHOSTUNREACH || errno == ENETUNREACH ||
 	     errno == EHOSTDOWN) && inp->inp_route.ro_rt) {
 		RTFREE(inp->inp_route.ro_rt);
@@ -814,13 +814,13 @@ udp_common_ctlinput(int cmd, struct sockaddr *sa, void *vip,
 	if (ip != NULL) {
 		uh = (struct udphdr *)((caddr_t)ip + (ip->ip_hl << 2));
 		inp = in_pcblookup(pcbinfo, faddr, uh->uh_dport,
-		    ip->ip_src, uh->uh_sport, INPLOOKUP_RLOCKPCB, NULL);
+		    ip->ip_src, uh->uh_sport, INPLOOKUP_WLOCKPCB, NULL);
 		if (inp != NULL) {
-			INP_RLOCK_ASSERT(inp);
+			INP_WLOCK_ASSERT(inp);
 			if (inp->inp_socket != NULL) {
 				udp_notify(inp, inetctlerrmap[cmd]);
 			}
-			INP_RUNLOCK(inp);
+			INP_WUNLOCK(inp);
 		} else {
 			inp = in_pcblookup(pcbinfo, faddr, uh->uh_dport,
 					   ip->ip_src, uh->uh_sport,
diff --git a/freebsd/sys/netinet6/icmp6.c b/freebsd/sys/netinet6/icmp6.c
index 2b080169..6dd25e98 100644
--- a/freebsd/sys/netinet6/icmp6.c
+++ b/freebsd/sys/netinet6/icmp6.c
@@ -1950,6 +1950,10 @@ icmp6_rip6_input(struct mbuf **mp, int off)
 		   !IN6_ARE_ADDR_EQUAL(&in6p->in6p_faddr, &ip6->ip6_src))
 			continue;
 		INP_RLOCK(in6p);
+		if (__predict_false(in6p->inp_flags2 & INP_FREED)) {
+			INP_RUNLOCK(in6p);
+			continue;
+		}
 		if (ICMP6_FILTER_WILLBLOCK(icmp6->icmp6_type,
 		    in6p->in6p_icmp6filt)) {
 			INP_RUNLOCK(in6p);
diff --git a/freebsd/sys/netinet6/in6.c b/freebsd/sys/netinet6/in6.c
index c415cf78..ef59203e 100644
--- a/freebsd/sys/netinet6/in6.c
+++ b/freebsd/sys/netinet6/in6.c
@@ -716,7 +716,8 @@ aifaddr_out:
 			ND6_WUNLOCK();
 			nd6_prefix_del(pr);
 		}
-		EVENTHANDLER_INVOKE(ifaddr_event, ifp);
+		EVENTHANDLER_INVOKE(ifaddr_event_ext, ifp, &ia->ia_ifa,
+		    IFADDR_EVENT_DEL);
 		break;
 	}
 
@@ -1460,7 +1461,10 @@ done:
 	WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
 	    "Invoking IPv6 network device address event may sleep");
 
-	EVENTHANDLER_INVOKE(ifaddr_event, ifp);
+	ifa_ref(&ia->ia_ifa);
+	EVENTHANDLER_INVOKE(ifaddr_event_ext, ifp, &ia->ia_ifa,
+	    IFADDR_EVENT_ADD);
+	ifa_free(&ia->ia_ifa);
 
 	return (error);
 }
diff --git a/freebsd/sys/netinet6/in6_gif.c b/freebsd/sys/netinet6/in6_gif.c
index 66b4c63a..66c2cfb4 100644
--- a/freebsd/sys/netinet6/in6_gif.c
+++ b/freebsd/sys/netinet6/in6_gif.c
@@ -89,12 +89,16 @@ SYSCTL_INT(_net_inet6_ip6, IPV6CTL_GIF_HLIM, gifhlim,
  * Interfaces with GIF_IGNORE_SOURCE flag are linked into plain list.
  */
 VNET_DEFINE_STATIC(struct gif_list *, ipv6_hashtbl) = NULL;
+VNET_DEFINE_STATIC(struct gif_list *, ipv6_srchashtbl) = NULL;
 VNET_DEFINE_STATIC(struct gif_list, ipv6_list) = CK_LIST_HEAD_INITIALIZER();
 #define	V_ipv6_hashtbl		VNET(ipv6_hashtbl)
+#define	V_ipv6_srchashtbl	VNET(ipv6_srchashtbl)
 #define	V_ipv6_list		VNET(ipv6_list)
 
 #define	GIF_HASH(src, dst)	(V_ipv6_hashtbl[\
     in6_gif_hashval((src), (dst)) & (GIF_HASH_SIZE - 1)])
+#define	GIF_SRCHASH(src)	(V_ipv6_srchashtbl[\
+    fnv_32_buf((src), sizeof(*src), FNV1_32_INIT) & (GIF_HASH_SIZE - 1)])
 #define	GIF_HASH_SC(sc)		GIF_HASH(&(sc)->gif_ip6hdr->ip6_src,\
     &(sc)->gif_ip6hdr->ip6_dst)
 static uint32_t
@@ -127,6 +131,43 @@ in6_gif_checkdup(const struct gif_softc *sc, const struct in6_addr *src,
 	return (0);
 }
 
+/*
+ * Check that ingress address belongs to local host.
+ */
+static void
+in6_gif_set_running(struct gif_softc *sc)
+{
+
+	if (in6_localip(&sc->gif_ip6hdr->ip6_src))
+		GIF2IFP(sc)->if_drv_flags |= IFF_DRV_RUNNING;
+	else
+		GIF2IFP(sc)->if_drv_flags &= ~IFF_DRV_RUNNING;
+}
+
+/*
+ * ifaddr_event handler.
+ * Clear IFF_DRV_RUNNING flag when ingress address disappears to prevent
+ * source address spoofing.
+ */
+static void
+in6_gif_srcaddr(void *arg __unused, const struct sockaddr *sa, int event)
+{
+	const struct sockaddr_in6 *sin;
+	struct gif_softc *sc;
+
+	if (V_ipv6_srchashtbl == NULL)
+		return;
+
+	MPASS(in_epoch(net_epoch_preempt));
+	sin = (const struct sockaddr_in6 *)sa;
+	CK_LIST_FOREACH(sc, &GIF_SRCHASH(&sin->sin6_addr), srchash) {
+		if (IN6_ARE_ADDR_EQUAL(&sc->gif_ip6hdr->ip6_src,
+		    &sin->sin6_addr) == 0)
+			continue;
+		in6_gif_set_running(sc);
+	}
+}
+
 static void
 in6_gif_attach(struct gif_softc *sc)
 {
@@ -135,6 +176,9 @@ in6_gif_attach(struct gif_softc *sc)
 		CK_LIST_INSERT_HEAD(&V_ipv6_list, sc, chain);
 	else
 		CK_LIST_INSERT_HEAD(&GIF_HASH_SC(sc), sc, chain);
+
+	CK_LIST_INSERT_HEAD(&GIF_SRCHASH(&sc->gif_ip6hdr->ip6_src),
+	    sc, srchash);
 }
 
 int
@@ -147,6 +191,7 @@ in6_gif_setopts(struct gif_softc *sc, u_int options)
 
 	if ((options & GIF_IGNORE_SOURCE) !=
 	    (sc->gif_options & GIF_IGNORE_SOURCE)) {
+		CK_LIST_REMOVE(sc, srchash);
 		CK_LIST_REMOVE(sc, chain);
 		sc->gif_options = options;
 		in6_gif_attach(sc);
@@ -189,8 +234,10 @@ in6_gif_ioctl(struct gif_softc *sc, u_long cmd, caddr_t data)
 		    (error = sa6_embedscope(dst, 0)) != 0)
 			break;
 
-		if (V_ipv6_hashtbl == NULL)
+		if (V_ipv6_hashtbl == NULL) {
 			V_ipv6_hashtbl = gif_hashinit();
+			V_ipv6_srchashtbl = gif_hashinit();
+		}
 		error = in6_gif_checkdup(sc, &src->sin6_addr,
 		    &dst->sin6_addr);
 		if (error == EADDRNOTAVAIL)
@@ -206,6 +253,7 @@ in6_gif_ioctl(struct gif_softc *sc, u_long cmd, caddr_t data)
 		ip6->ip6_vfc = IPV6_VERSION;
 		if (sc->gif_family != 0) {
 			/* Detach existing tunnel first */
+			CK_LIST_REMOVE(sc, srchash);
 			CK_LIST_REMOVE(sc, chain);
 			GIF_WAIT();
 			free(sc->gif_hdr, M_GIF);
@@ -214,6 +262,7 @@ in6_gif_ioctl(struct gif_softc *sc, u_long cmd, caddr_t data)
 		sc->gif_family = AF_INET6;
 		sc->gif_ip6hdr = ip6;
 		in6_gif_attach(sc);
+		in6_gif_set_running(sc);
 		break;
 	case SIOCGIFPSRCADDR_IN6:
 	case SIOCGIFPDSTADDR_IN6:
@@ -367,6 +416,7 @@ done:
 	return (ret);
 }
 
+static const struct srcaddrtab *ipv6_srcaddrtab;
 static struct {
 	const struct encap_config encap;
 	const struct encaptab *cookie;
@@ -412,6 +462,9 @@ in6_gif_init(void)
 
 	if (!IS_DEFAULT_VNET(curvnet))
 		return;
+
+	ipv6_srcaddrtab = ip6_encap_register_srcaddr(in6_gif_srcaddr,
+	    NULL, M_WAITOK);
 	for (i = 0; i < nitems(ipv6_encap_cfg); i++)
 		ipv6_encap_cfg[i].cookie = ip6_encap_attach(
 		    &ipv6_encap_cfg[i].encap, NULL, M_WAITOK);
@@ -425,7 +478,10 @@ in6_gif_uninit(void)
 	if (IS_DEFAULT_VNET(curvnet)) {
 		for (i = 0; i < nitems(ipv6_encap_cfg); i++)
 			ip6_encap_detach(ipv6_encap_cfg[i].cookie);
+		ip6_encap_unregister_srcaddr(ipv6_srcaddrtab);
 	}
-	if (V_ipv6_hashtbl != NULL)
+	if (V_ipv6_hashtbl != NULL) {
 		gif_hashdestroy(V_ipv6_hashtbl);
+		gif_hashdestroy(V_ipv6_srchashtbl);
+	}
 }
diff --git a/freebsd/sys/netinet6/in6_pcb.c b/freebsd/sys/netinet6/in6_pcb.c
index a30cb98b..53102764 100644
--- a/freebsd/sys/netinet6/in6_pcb.c
+++ b/freebsd/sys/netinet6/in6_pcb.c
@@ -823,6 +823,10 @@ in6_pcbpurgeif0(struct inpcbinfo *pcbinfo, struct ifnet *ifp)
 	INP_INFO_WLOCK(pcbinfo);
 	CK_LIST_FOREACH(in6p, pcbinfo->ipi_listhead, inp_list) {
 		INP_WLOCK(in6p);
+		if (__predict_false(in6p->inp_flags2 & INP_FREED)) {
+			INP_WUNLOCK(in6p);
+			continue;
+		}
 		im6o = in6p->in6p_moptions;
 		if ((in6p->inp_vflag & INP_IPV6) && im6o != NULL) {
 			/*
@@ -883,10 +887,9 @@ in6_pcblookup_lbgroup(const struct inpcbinfo *pcbinfo,
     const struct in6_addr *laddr, uint16_t lport, const struct in6_addr *faddr,
     uint16_t fport, int lookupflags)
 {
-	struct inpcb *local_wild = NULL;
+	struct inpcb *local_wild;
 	const struct inpcblbgrouphead *hdr;
 	struct inpcblbgroup *grp;
-	struct inpcblbgroup *grp_local_wild;
 	uint32_t idx;
 
 	INP_HASH_LOCK_ASSERT(pcbinfo);
@@ -903,33 +906,24 @@ in6_pcblookup_lbgroup(const struct inpcbinfo *pcbinfo,
 	 * - Load balanced group does not contain jailed sockets.
 	 * - Load balanced does not contain IPv4 mapped INET6 wild sockets.
 	 */
+	local_wild = NULL;
 	CK_LIST_FOREACH(grp, hdr, il_list) {
 #ifdef INET
 		if (!(grp->il_vflag & INP_IPV6))
 			continue;
 #endif
-		if (grp->il_lport == lport) {
-			idx = 0;
-			int pkt_hash = INP_PCBLBGROUP_PKTHASH(
-			    INP6_PCBHASHKEY(faddr), lport, fport);
-
-			idx = pkt_hash % grp->il_inpcnt;
+		if (grp->il_lport != lport)
+			continue;
 
-			if (IN6_ARE_ADDR_EQUAL(&grp->il6_laddr, laddr)) {
-				return (grp->il_inp[idx]);
-			} else {
-				if (IN6_IS_ADDR_UNSPECIFIED(&grp->il6_laddr) &&
-				    (lookupflags & INPLOOKUP_WILDCARD)) {
-					local_wild = grp->il_inp[idx];
-					grp_local_wild = grp;
-				}
-			}
-		}
+		idx = INP_PCBLBGROUP_PKTHASH(INP6_PCBHASHKEY(faddr), lport,
+		    fport) % grp->il_inpcnt;
+		if (IN6_ARE_ADDR_EQUAL(&grp->il6_laddr, laddr))
+			return (grp->il_inp[idx]);
+		if (IN6_IS_ADDR_UNSPECIFIED(&grp->il6_laddr) &&
+		    (lookupflags & INPLOOKUP_WILDCARD) != 0)
+			local_wild = grp->il_inp[idx];
 	}
-	if (local_wild != NULL) {
-		return (local_wild);
-	}
-	return (NULL);
+	return (local_wild);
 }
 
 #ifdef PCBGROUP
diff --git a/freebsd/sys/netinet6/udp6_usrreq.c b/freebsd/sys/netinet6/udp6_usrreq.c
index 67ed0e35..e0fcd06d 100644
--- a/freebsd/sys/netinet6/udp6_usrreq.c
+++ b/freebsd/sys/netinet6/udp6_usrreq.c
@@ -436,8 +436,8 @@ udp6_input(struct mbuf **mp, int *offp, int proto)
 				INP_RUNLOCK(last);
 		} else
 			INP_RUNLOCK(last);
-		INP_INFO_RUNLOCK_ET(pcbinfo, et);
 	inp_lost:
+		INP_INFO_RUNLOCK_ET(pcbinfo, et);
 		return (IPPROTO_DONE);
 	}
 	/*
@@ -700,7 +700,7 @@ udp6_output(struct socket *so, int flags_arg, struct mbuf *m,
 	u_int32_t ulen, plen;
 	uint16_t cscov;
 	u_short fport;
-	uint8_t nxt, unlock_udbinfo;
+	uint8_t nxt, unlock_inp, unlock_udbinfo;
 
 	/* addr6 has been validated in udp6_send(). */
 	sin6 = (struct sockaddr_in6 *)addr6;
@@ -736,7 +736,22 @@ udp6_output(struct socket *so, int flags_arg, struct mbuf *m,
 
 	inp = sotoinpcb(so);
 	KASSERT(inp != NULL, ("%s: inp == NULL", __func__));
-	INP_RLOCK(inp);
+	/*
+	 * In the following cases we want a write lock on the inp for either
+	 * local operations or for possible route cache updates in the IPv6
+	 * output path:
+	 * - on connected sockets (sin6 is NULL) for route cache updates,
+	 * - when we are not bound to an address and source port (it is
+	 *   in6_pcbsetport() which will require the write lock).
+	 */
+	if (sin6 == NULL || (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr) &&
+	    inp->inp_lport == 0)) {
+		INP_WLOCK(inp);
+		unlock_inp = UH_WLOCKED;
+	} else {
+		INP_RLOCK(inp);
+		unlock_inp = UH_RLOCKED;
+	}
 	nxt = (inp->inp_socket->so_proto->pr_protocol == IPPROTO_UDP) ?
 	    IPPROTO_UDP : IPPROTO_UDPLITE;
 
@@ -760,7 +775,10 @@ udp6_output(struct socket *so, int flags_arg, struct mbuf *m,
 			 * potential race in which the factors causing us to
 			 * select the UDPv4 output routine are invalidated?
 			 */
-			INP_RUNLOCK(inp);
+			if (unlock_inp == UH_WLOCKED)
+				INP_WUNLOCK(inp);
+			else
+				INP_RUNLOCK(inp);
 			if (sin6)
 				in6_sin6_2_sin_in_sock((struct sockaddr *)sin6);
 			pru = inetsw[ip_protox[nxt]].pr_usrreqs;
@@ -768,13 +786,28 @@ udp6_output(struct socket *so, int flags_arg, struct mbuf *m,
 			return ((*pru->pru_send)(so, flags_arg, m,
 			    (struct sockaddr *)sin6, control, td));
 		}
-	}
+	} else
 #endif
+	if (sin6 && IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) {
+		/*
+		 * Given this is either an IPv6-only socket or no INET is
+		 * supported we will fail the send if the given destination
+		 * address is a v4mapped address.
+		 */
+		if (unlock_inp == UH_WLOCKED)
+			INP_WUNLOCK(inp);
+		else
+			INP_RUNLOCK(inp);
+		return (EINVAL);
+	}
 
 	if (control) {
 		if ((error = ip6_setpktopts(control, &opt,
 		    inp->in6p_outputopts, td->td_ucred, nxt)) != 0) {
-			INP_RUNLOCK(inp);
+			if (unlock_inp == UH_WLOCKED)
+				INP_WUNLOCK(inp);
+			else
+				INP_RUNLOCK(inp);
 			ip6_clearpktopts(&opt, -1);
 			if (control)
 				m_freem(control);
@@ -788,12 +821,6 @@ udp6_output(struct socket *so, int flags_arg, struct mbuf *m,
 	pcbinfo = udp_get_inpcbinfo(so->so_proto->pr_protocol);
 	if (sin6 != NULL &&
 	    IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr) && inp->inp_lport == 0) {
-		INP_RUNLOCK(inp);
-		/*
-		 * XXX there is a short window here which could lead to a race;
-		 * should we re-check that what got us here is still valid?
-		 */
-		INP_WLOCK(inp);
 		INP_HASH_WLOCK(pcbinfo);
 		unlock_udbinfo = UH_WLOCKED;
 	} else if (sin6 != NULL &&
@@ -974,9 +1001,10 @@ udp6_output(struct socket *so, int flags_arg, struct mbuf *m,
 		UDPLITE_PROBE(send, NULL, inp, ip6, inp, udp6);
 	else
 		UDP_PROBE(send, NULL, inp, ip6, inp, udp6);
-	error = ip6_output(m, optp, &inp->inp_route6, flags,
+	error = ip6_output(m, optp,
+	    (unlock_inp == UH_WLOCKED) ? &inp->inp_route6 : NULL, flags,
 	    inp->in6p_moptions, NULL, inp);
-	if (unlock_udbinfo == UH_WLOCKED)
+	if (unlock_inp == UH_WLOCKED)
 		INP_WUNLOCK(inp);
 	else
 		INP_RUNLOCK(inp);
@@ -989,12 +1017,20 @@ udp6_output(struct socket *so, int flags_arg, struct mbuf *m,
 
 release:
 	if (unlock_udbinfo == UH_WLOCKED) {
+		KASSERT(unlock_inp == UH_WLOCKED, ("%s: excl udbinfo lock, "
+		    "non-excl inp lock: pcbinfo %p %#x inp %p %#x",
+		    __func__, pcbinfo, unlock_udbinfo, inp, unlock_inp));
 		INP_HASH_WUNLOCK(pcbinfo);
 		INP_WUNLOCK(inp);
 	} else if (unlock_udbinfo == UH_RLOCKED) {
+		KASSERT(unlock_inp == UH_RLOCKED, ("%s: non-excl udbinfo lock, "
+		    "excl inp lock: pcbinfo %p %#x inp %p %#x",
+		    __func__, pcbinfo, unlock_udbinfo, inp, unlock_inp));
 		INP_HASH_RUNLOCK_ET(pcbinfo, et);
 		INP_RUNLOCK(inp);
-	} else
+	} else if (unlock_inp == UH_WLOCKED)
+		INP_WUNLOCK(inp);
+	else
 		INP_RUNLOCK(inp);
 	if (control) {
 		ip6_clearpktopts(&opt, -1);
diff --git a/freebsd/sys/netipsec/key.c b/freebsd/sys/netipsec/key.c
index 9bd3f234..4b79f881 100644
--- a/freebsd/sys/netipsec/key.c
+++ b/freebsd/sys/netipsec/key.c
@@ -536,14 +536,6 @@ MALLOC_DEFINE(M_IPSEC_SPDCACHE, "ipsec-spdcache", "ipsec SPD cache");
 VNET_DEFINE_STATIC(uma_zone_t, key_lft_zone);
 #define	V_key_lft_zone		VNET(key_lft_zone)
 
-static LIST_HEAD(xforms_list, xformsw) xforms = LIST_HEAD_INITIALIZER();
-static struct mtx xforms_lock;
-#define	XFORMS_LOCK_INIT()	\
-    mtx_init(&xforms_lock, "xforms_list", "IPsec transforms list", MTX_DEF)
-#define	XFORMS_LOCK_DESTROY()	mtx_destroy(&xforms_lock)
-#define	XFORMS_LOCK()		mtx_lock(&xforms_lock)
-#define	XFORMS_UNLOCK()		mtx_unlock(&xforms_lock)
-
 /*
  * set parameters into secpolicyindex buffer.
  * Must allocate secpolicyindex buffer passed to this function.
@@ -719,7 +711,6 @@ static int key_delete(struct socket *, struct mbuf *,
 	const struct sadb_msghdr *);
 static int key_delete_all(struct socket *, struct mbuf *,
 	const struct sadb_msghdr *, struct secasindex *);
-static void key_delete_xform(const struct xformsw *);
 static int key_get(struct socket *, struct mbuf *,
 	const struct sadb_msghdr *);
 
@@ -752,7 +743,6 @@ static int key_validate_ext(const struct sadb_ext *, int);
 static int key_align(struct mbuf *, struct sadb_msghdr *);
 static struct mbuf *key_setlifetime(struct seclifetime *, uint16_t);
 static struct mbuf *key_setkey(struct seckey *, uint16_t);
-static int xform_init(struct secasvar *, u_short);
 
 static void spdcache_init(void);
 static void spdcache_clear(void);
@@ -6169,7 +6159,7 @@ key_delete_all(struct socket *so, struct mbuf *m,
  * Larval SAs have not initialized tdb_xform, so it is safe to leave them
  * here when xform disappears.
  */
-static void
+void
 key_delete_xform(const struct xformsw *xsp)
 {
 	struct secasvar_queue drainq;
@@ -6697,7 +6687,9 @@ key_acquire(const struct secasindex *saidx, struct secpolicy *sp)
 
 	/* XXX proxy address (optional) */
 
-	/* set sadb_x_policy */
+	/*
+	 * Set sadb_x_policy. This is KAME extension to RFC2367.
+	 */
 	if (sp != NULL) {
 		m = key_setsadbxpolicy(sp->policy, sp->spidx.dir, sp->id,
 		    sp->priority);
@@ -6708,6 +6700,18 @@ key_acquire(const struct secasindex *saidx, struct secpolicy *sp)
 		m_cat(result, m);
 	}
 
+	/*
+	 * Set sadb_x_sa2 extension if saidx->reqid is not zero.
+	 * This is FreeBSD extension to RFC2367.
+	 */
+	if (saidx->reqid != 0) {
+		m = key_setsadbxsa2(saidx->mode, 0, saidx->reqid);
+		if (m == NULL) {
+			error = ENOBUFS;
+			goto fail;
+		}
+		m_cat(result, m);
+	}
 	/* XXX identity (optional) */
 #if 0
 	if (idexttype && fqdn) {
@@ -8337,7 +8341,6 @@ key_init(void)
 	if (!IS_DEFAULT_VNET(curvnet))
 		return;
 
-	XFORMS_LOCK_INIT();
 	SPTREE_LOCK_INIT();
 	REGTREE_LOCK_INIT();
 	SAHTREE_LOCK_INIT();
@@ -8460,7 +8463,6 @@ key_destroy(void)
 #ifndef IPSEC_DEBUG2
 	callout_drain(&key_timer);
 #endif
-	XFORMS_LOCK_DESTROY();
 	SPTREE_LOCK_DESTROY();
 	REGTREE_LOCK_DESTROY();
 	SAHTREE_LOCK_DESTROY();
@@ -8619,70 +8621,3 @@ comp_algorithm_lookup(int alg)
 	return (NULL);
 }
 
-/*
- * Register a transform.
- */
-static int
-xform_register(struct xformsw* xsp)
-{
-	struct xformsw *entry;
-
-	XFORMS_LOCK();
-	LIST_FOREACH(entry, &xforms, chain) {
-		if (entry->xf_type == xsp->xf_type) {
-			XFORMS_UNLOCK();
-			return (EEXIST);
-		}
-	}
-	LIST_INSERT_HEAD(&xforms, xsp, chain);
-	XFORMS_UNLOCK();
-	return (0);
-}
-
-void
-xform_attach(void *data)
-{
-	struct xformsw *xsp = (struct xformsw *)data;
-
-	if (xform_register(xsp) != 0)
-		printf("%s: failed to register %s xform\n", __func__,
-		    xsp->xf_name);
-}
-
-void
-xform_detach(void *data)
-{
-	struct xformsw *xsp = (struct xformsw *)data;
-
-	XFORMS_LOCK();
-	LIST_REMOVE(xsp, chain);
-	XFORMS_UNLOCK();
-
-	/* Delete all SAs related to this xform. */
-	key_delete_xform(xsp);
-}
-
-/*
- * Initialize transform support in an sav.
- */
-static int
-xform_init(struct secasvar *sav, u_short xftype)
-{
-	struct xformsw *entry;
-	int ret;
-
-	IPSEC_ASSERT(sav->tdb_xform == NULL,
-	    ("tdb_xform is already initialized"));
-
-	ret = EINVAL;
-	XFORMS_LOCK();
-	LIST_FOREACH(entry, &xforms, chain) {
-	    if (entry->xf_type == xftype) {
-		    ret = (*entry->xf_init)(sav, entry);
-		    break;
-	    }
-	}
-	XFORMS_UNLOCK();
-	return (ret);
-}
-
diff --git a/freebsd/sys/netipsec/key.h b/freebsd/sys/netipsec/key.h
index 6c3e05c0..7d7ae69f 100644
--- a/freebsd/sys/netipsec/key.h
+++ b/freebsd/sys/netipsec/key.h
@@ -46,6 +46,7 @@ struct sadb_msg;
 struct sadb_x_policy;
 struct secasindex;
 union sockaddr_union;
+struct xformsw;
 
 struct secpolicy *key_newsp(void);
 struct secpolicy *key_allocsp(struct secpolicyindex *, u_int);
@@ -74,6 +75,8 @@ int key_sockaddrcmp_withmask(const struct sockaddr *, const struct sockaddr *,
 int key_register_ifnet(struct secpolicy **, u_int);
 void key_unregister_ifnet(struct secpolicy **, u_int);
 
+void key_delete_xform(const struct xformsw *);
+
 extern u_long key_random(void);
 extern void key_randomfill(void *, size_t);
 extern void key_freereg(struct socket *);
diff --git a/freebsd/sys/netipsec/subr_ipsec.c b/freebsd/sys/netipsec/subr_ipsec.c
index 1ddae59b..58c98e32 100644
--- a/freebsd/sys/netipsec/subr_ipsec.c
+++ b/freebsd/sys/netipsec/subr_ipsec.c
@@ -56,6 +56,7 @@ __FBSDID("$FreeBSD$");
 #include <netipsec/ipsec6.h>
 #include <netipsec/key.h>
 #include <netipsec/key_debug.h>
+#include <netipsec/xform.h>
 
 #include <machine/atomic.h>
 /*
@@ -126,14 +127,6 @@ ipsec6_setsockaddrs(const struct mbuf *m, union sockaddr_union *src,
 }
 #endif
 
-#ifdef IPSEC_SUPPORT
-/*
- * IPSEC_SUPPORT - loading of ipsec.ko and tcpmd5.ko is supported.
- * IPSEC + IPSEC_SUPPORT - loading tcpmd5.ko is supported.
- * IPSEC + TCP_SIGNATURE - all is build in the kernel, do not build
- *   IPSEC_SUPPORT.
- */
-#if !defined(IPSEC) || !defined(TCP_SIGNATURE)
 #define	IPSEC_MODULE_INCR	2
 static int
 ipsec_kmod_enter(volatile u_int *cntr)
@@ -173,6 +166,83 @@ ipsec_kmod_drain(volatile u_int *cntr)
 		pause("ipsecd", hz/2);
 }
 
+static LIST_HEAD(xforms_list, xformsw) xforms = LIST_HEAD_INITIALIZER();
+static struct mtx xforms_lock;
+MTX_SYSINIT(xfroms_list, &xforms_lock, "IPsec transforms list", MTX_DEF);
+#define	XFORMS_LOCK()		mtx_lock(&xforms_lock)
+#define	XFORMS_UNLOCK()		mtx_unlock(&xforms_lock)
+
+void
+xform_attach(void *data)
+{
+	struct xformsw *xsp, *entry;
+
+	xsp = (struct xformsw *)data;
+	XFORMS_LOCK();
+	LIST_FOREACH(entry, &xforms, chain) {
+		if (entry->xf_type == xsp->xf_type) {
+			XFORMS_UNLOCK();
+			printf("%s: failed to register %s xform\n",
+			    __func__, xsp->xf_name);
+			return;
+		}
+	}
+	LIST_INSERT_HEAD(&xforms, xsp, chain);
+	xsp->xf_cntr = IPSEC_MODULE_ENABLED;
+	XFORMS_UNLOCK();
+}
+
+void
+xform_detach(void *data)
+{
+	struct xformsw *xsp = (struct xformsw *)data;
+
+	XFORMS_LOCK();
+	LIST_REMOVE(xsp, chain);
+	XFORMS_UNLOCK();
+
+	/* Delete all SAs related to this xform. */
+	key_delete_xform(xsp);
+	if (xsp->xf_cntr & IPSEC_MODULE_ENABLED)
+		ipsec_kmod_drain(&xsp->xf_cntr);
+}
+
+/*
+ * Initialize transform support in an sav.
+ */
+int
+xform_init(struct secasvar *sav, u_short xftype)
+{
+	struct xformsw *entry;
+	int ret;
+
+	IPSEC_ASSERT(sav->tdb_xform == NULL,
+	    ("tdb_xform is already initialized"));
+
+	XFORMS_LOCK();
+	LIST_FOREACH(entry, &xforms, chain) {
+		if (entry->xf_type == xftype) {
+			ret = ipsec_kmod_enter(&entry->xf_cntr);
+			XFORMS_UNLOCK();
+			if (ret != 0)
+				return (ret);
+			ret = (*entry->xf_init)(sav, entry);
+			ipsec_kmod_exit(&entry->xf_cntr);
+			return (ret);
+		}
+	}
+	XFORMS_UNLOCK();
+	return (EINVAL);
+}
+
+#ifdef IPSEC_SUPPORT
+/*
+ * IPSEC_SUPPORT - loading of ipsec.ko and tcpmd5.ko is supported.
+ * IPSEC + IPSEC_SUPPORT - loading tcpmd5.ko is supported.
+ * IPSEC + TCP_SIGNATURE - all is build in the kernel, do not build
+ *   IPSEC_SUPPORT.
+ */
+#if !defined(IPSEC) || !defined(TCP_SIGNATURE)
 #define	METHOD_DECL(...)	__VA_ARGS__
 #define	METHOD_ARGS(...)	__VA_ARGS__
 #define	IPSEC_KMOD_METHOD(type, name, sc, method, decl, args)		\
diff --git a/freebsd/sys/netipsec/xform.h b/freebsd/sys/netipsec/xform.h
index 389d0b66..910a88a7 100644
--- a/freebsd/sys/netipsec/xform.h
+++ b/freebsd/sys/netipsec/xform.h
@@ -86,14 +86,16 @@ struct xform_data {
 #define	XF_IPCOMP	6	/* IPCOMP */
 
 struct xformsw {
-	u_short	xf_type;		/* xform ID */
-	char	*xf_name;		/* human-readable name */
+	u_short			xf_type;	/* xform ID */
+	const char		*xf_name;	/* human-readable name */
 	int	(*xf_init)(struct secasvar*, struct xformsw*);	/* setup */
 	int	(*xf_zeroize)(struct secasvar*);		/* cleanup */
 	int	(*xf_input)(struct mbuf*, struct secasvar*,	/* input */
 			int, int);
 	int	(*xf_output)(struct mbuf*,			/* output */
 	    struct secpolicy *, struct secasvar *, u_int, int, int);
+
+	volatile u_int		xf_cntr;
 	LIST_ENTRY(xformsw)	chain;
 };
 
@@ -103,6 +105,7 @@ const struct comp_algo * comp_algorithm_lookup(int);
 
 void xform_attach(void *);
 void xform_detach(void *);
+int xform_init(struct secasvar *, u_short);
 
 struct cryptoini;
 /* XF_AH */
diff --git a/freebsd/sys/netpfil/pf/pf.c b/freebsd/sys/netpfil/pf/pf.c
index f765350d..5fa7a8fe 100644
--- a/freebsd/sys/netpfil/pf/pf.c
+++ b/freebsd/sys/netpfil/pf/pf.c
@@ -4413,7 +4413,7 @@ pf_test_state_tcp(struct pf_state **state, int direction, struct pfi_kif *kif,
 			    TH_SYN|TH_ACK, 0, (*state)->src.mss, 0, 1, 0, NULL);
 			REASON_SET(reason, PFRES_SYNPROXY);
 			return (PF_SYNPROXY_DROP);
-		} else if (!(th->th_flags & TH_ACK) ||
+		} else if ((th->th_flags & (TH_ACK|TH_RST|TH_FIN)) != TH_ACK ||
 		    (ntohl(th->th_ack) != (*state)->src.seqhi + 1) ||
 		    (ntohl(th->th_seq) != (*state)->src.seqlo + 1)) {
 			REASON_SET(reason, PFRES_SYNPROXY);
diff --git a/freebsd/sys/opencrypto/cryptosoft.c b/freebsd/sys/opencrypto/cryptosoft.c
index 8dff61c1..81c5bde8 100644
--- a/freebsd/sys/opencrypto/cryptosoft.c
+++ b/freebsd/sys/opencrypto/cryptosoft.c
@@ -47,6 +47,7 @@ __FBSDID("$FreeBSD$");
 #include <sys/rwlock.h>
 #include <sys/endian.h>
 #include <sys/limits.h>
+#include <sys/mutex.h>
 
 #include <crypto/blowfish/blowfish.h>
 #include <crypto/sha1.h>
@@ -767,6 +768,7 @@ swcr_newsession(device_t dev, crypto_session_t cses, struct cryptoini *cri)
 		return EINVAL;
 
 	ses = crypto_get_driver_session(cses);
+	mtx_init(&ses->swcr_lock, "swcr session lock", NULL, MTX_DEF);
 
 	for (i = 0; cri != NULL && i < nitems(ses->swcr_algorithms); i++) {
 		swd = &ses->swcr_algorithms[i];
@@ -1024,6 +1026,7 @@ swcr_freesession(device_t dev, crypto_session_t cses)
 
 	ses = crypto_get_driver_session(cses);
 
+	mtx_destroy(&ses->swcr_lock);
 	for (i = 0; i < nitems(ses->swcr_algorithms); i++) {
 		swd = &ses->swcr_algorithms[i];
 
@@ -1111,7 +1114,7 @@ swcr_freesession(device_t dev, crypto_session_t cses)
 static int
 swcr_process(device_t dev, struct cryptop *crp, int hint)
 {
-	struct swcr_session *ses;
+	struct swcr_session *ses = NULL;
 	struct cryptodesc *crd;
 	struct swcr_data *sw;
 	size_t i;
@@ -1126,6 +1129,7 @@ swcr_process(device_t dev, struct cryptop *crp, int hint)
 	}
 
 	ses = crypto_get_driver_session(crp->crp_session);
+	mtx_lock(&ses->swcr_lock);
 
 	/* Go through crypto descriptors, processing as we go */
 	for (crd = crp->crp_desc; crd; crd = crd->crd_next) {
@@ -1215,6 +1219,8 @@ swcr_process(device_t dev, struct cryptop *crp, int hint)
 	}
 
 done:
+	if (ses)
+		mtx_unlock(&ses->swcr_lock);
 	crypto_done(crp);
 	return 0;
 }
diff --git a/freebsd/sys/opencrypto/cryptosoft.h b/freebsd/sys/opencrypto/cryptosoft.h
index d88b09d4..d787dc24 100644
--- a/freebsd/sys/opencrypto/cryptosoft.h
+++ b/freebsd/sys/opencrypto/cryptosoft.h
@@ -58,6 +58,7 @@ struct swcr_data {
 };
 
 struct swcr_session {
+	struct mtx	swcr_lock;
 	struct swcr_data swcr_algorithms[2];
 	unsigned swcr_nalgs;
 };
diff --git a/freebsd/sys/powerpc/include/machine/spr.h b/freebsd/sys/powerpc/include/machine/spr.h
index fba367cb..8fa828e1 100644
--- a/freebsd/sys/powerpc/include/machine/spr.h
+++ b/freebsd/sys/powerpc/include/machine/spr.h
@@ -245,6 +245,33 @@
 
 #define	SPR_PTCR		0x1d0	/* Partition Table Control Register */
 #define	SPR_SPEFSCR		0x200	/* ..8 Signal Processing Engine FSCR. */
+#define	  SPEFSCR_SOVH		  0x80000000
+#define	  SPEFSCR_OVH		  0x40000000
+#define	  SPEFSCR_FGH		  0x20000000
+#define	  SPEFSCR_FXH		  0x10000000
+#define	  SPEFSCR_FINVH		  0x08000000
+#define	  SPEFSCR_FDBZH		  0x04000000
+#define	  SPEFSCR_FUNFH		  0x02000000
+#define	  SPEFSCR_FOVFH		  0x01000000
+#define	  SPEFSCR_FINXS		  0x00200000
+#define	  SPEFSCR_FINVS		  0x00100000
+#define	  SPEFSCR_FDBZS		  0x00080000
+#define	  SPEFSCR_FUNFS		  0x00040000
+#define	  SPEFSCR_FOVFS		  0x00020000
+#define	  SPEFSCR_SOV		  0x00008000
+#define	  SPEFSCR_OV		  0x00004000
+#define	  SPEFSCR_FG		  0x00002000
+#define	  SPEFSCR_FX		  0x00001000
+#define	  SPEFSCR_FINV		  0x00000800
+#define	  SPEFSCR_FDBZ		  0x00000400
+#define	  SPEFSCR_FUNF		  0x00000200
+#define	  SPEFSCR_FOVF		  0x00000100
+#define	  SPEFSCR_FINXE		  0x00000040
+#define	  SPEFSCR_FINVE		  0x00000020
+#define	  SPEFSCR_FDBZE		  0x00000010
+#define	  SPEFSCR_FUNFE		  0x00000008
+#define	  SPEFSCR_FOVFE		  0x00000004
+#define	  SPEFSCR_FRMC_M	  0x00000003
 #define	SPR_IBAT0U		0x210	/* .6. Instruction BAT Reg 0 Upper */
 #define	SPR_IBAT0L		0x211	/* .6. Instruction BAT Reg 0 Lower */
 #define	SPR_IBAT1U		0x212	/* .6. Instruction BAT Reg 1 Upper */
diff --git a/freebsd/sys/security/audit/audit.h b/freebsd/sys/security/audit/audit.h
index 055194d3..f24bc1e5 100644
--- a/freebsd/sys/security/audit/audit.h
+++ b/freebsd/sys/security/audit/audit.h
@@ -2,7 +2,7 @@
  * SPDX-License-Identifier: BSD-3-Clause
  *
  * Copyright (c) 1999-2005 Apple Inc.
- * Copyright (c) 2016-2017 Robert N. M. Watson
+ * Copyright (c) 2016-2018 Robert N. M. Watson
  * All rights reserved.
  *
  * This software was developed by BAE Systems, the University of Cambridge
@@ -55,14 +55,23 @@
 #include <sys/sysctl.h>
 
 /*
- * Audit subsystem condition flags.  The audit_enabled flag is set and
+ * Audit subsystem condition flags.  The audit_trail_enabled flag is set and
  * removed automatically as a result of configuring log files, and can be
  * observed but should not be directly manipulated.  The audit suspension
  * flag permits audit to be temporarily disabled without reconfiguring the
  * audit target.
+ *
+ * As DTrace can also request system-call auditing, a further
+ * audit_syscalls_enabled flag tracks whether newly entering system calls
+ * should be considered for auditing or not.
+ *
+ * XXXRW: Move trail flags to audit_private.h, as they no longer need to be
+ * visible outside the audit code...?
  */
-extern int	audit_enabled;
-extern int	audit_suspended;
+extern u_int	audit_dtrace_enabled;
+extern int	audit_trail_enabled;
+extern int	audit_trail_suspended;
+extern int	audit_syscalls_enabled;
 
 void	 audit_syscall_enter(unsigned short code, struct thread *td);
 void	 audit_syscall_exit(int error, struct thread *td);
@@ -139,7 +148,7 @@ void	 audit_thread_free(struct thread *td);
 
 /*
  * Define macros to wrap the audit_arg_* calls by checking the global
- * audit_enabled flag before performing the actual call.
+ * audit_syscalls_enabled flag before performing the actual call.
  */
 #define	AUDITING_TD(td)		((td)->td_pflags & TDP_AUDITREC)
 
@@ -369,7 +378,7 @@ void	 audit_thread_free(struct thread *td);
 } while (0)
 
 #define	AUDIT_SYSCALL_ENTER(code, td)	do {				\
-	if (audit_enabled) {						\
+	if (audit_syscalls_enabled) {					\
 		audit_syscall_enter(code, td);				\
 	}								\
 } while (0)
@@ -377,7 +386,7 @@ void	 audit_thread_free(struct thread *td);
 /*
  * Wrap the audit_syscall_exit() function so that it is called only when
  * we have a audit record on the thread.  Audit records can persist after
- * auditing is disabled, so we don't just check audit_enabled here.
+ * auditing is disabled, so we don't just check audit_syscalls_enabled here.
  */
 #define	AUDIT_SYSCALL_EXIT(error, td)	do {				\
 	if (td->td_pflags & TDP_AUDITREC)				\
diff --git a/freebsd/sys/sys/_domainset.h b/freebsd/sys/sys/_domainset.h
index 30d8501c..34d8f61c 100644
--- a/freebsd/sys/sys/_domainset.h
+++ b/freebsd/sys/sys/_domainset.h
@@ -54,7 +54,7 @@ typedef struct _domainset domainset_t;
 struct domainset;
 struct domainset_ref {
 	struct domainset * volatile	dr_policy;
-	int				dr_iterator;
+	unsigned int			dr_iterator;
 };
 
 #endif /* !_SYS__DOMAINSET_H_ */
diff --git a/freebsd/sys/sys/capsicum.h b/freebsd/sys/sys/capsicum.h
index bf97d0b2..d40b8572 100644
--- a/freebsd/sys/sys/capsicum.h
+++ b/freebsd/sys/sys/capsicum.h
@@ -471,7 +471,13 @@ u_char	cap_rights_to_vmprot(const cap_rights_t *havep);
 /*
  * For the purposes of procstat(1) and similar tools, allow kern_descrip.c to
  * extract the rights from a capability.
+ *
+ * Dereferencing fdep requires filedesc.h, but including it would cause
+ * significant pollution. Instead add a macro for consumers which want it,
+ * most notably kern_descrip.c.
  */
+#define cap_rights_fde_inline(fdep)	(&(fdep)->fde_rights)
+
 const cap_rights_t	*cap_rights_fde(const struct filedescent *fde);
 const cap_rights_t	*cap_rights(struct filedesc *fdp, int fd);
 
diff --git a/freebsd/sys/sys/cons.h b/freebsd/sys/sys/cons.h
index 04784646..432631d4 100644
--- a/freebsd/sys/sys/cons.h
+++ b/freebsd/sys/sys/cons.h
@@ -137,6 +137,7 @@ int	cngetc(void);
 void	cngets(char *, size_t, int);
 void	cnputc(int);
 void	cnputs(char *);
+void	cnputsn(const char *, size_t);
 int	cnunavailable(void);
 void	constty_set(struct tty *tp);
 void	constty_clear(void);
diff --git a/freebsd/sys/sys/domainset.h b/freebsd/sys/sys/domainset.h
index 81375ed0..32b35ac5 100644
--- a/freebsd/sys/sys/domainset.h
+++ b/freebsd/sys/sys/domainset.h
@@ -32,8 +32,8 @@
 #define	_SYS_DOMAINSET_H_
 
 #include <sys/_domainset.h>
-
 #include <sys/bitset.h>
+#include <sys/queue.h>
 
 #define	_NDOMAINSETBITS			_BITSET_BITS
 #define	_NDOMAINSETWORDS		__bitset_words(DOMAINSET_SETSIZE)
@@ -96,6 +96,12 @@ struct domainset {
 	domainid_t	ds_order[MAXMEMDOM];  /* nth domain table. */
 };
 
+extern struct domainset domainset_prefer[MAXMEMDOM];
+#define	DOMAINSET_PREF(domain)	(&domainset_prefer[(domain)])
+extern struct domainset domainset_roundrobin;
+#define	DOMAINSET_RR()		(&domainset_roundrobin)
+
+void domainset_init(void);
 void domainset_zero(void);
 
 /*
diff --git a/freebsd/sys/sys/jail.h b/freebsd/sys/sys/jail.h
index 6f8c9aa5..c9f24bdd 100644
--- a/freebsd/sys/sys/jail.h
+++ b/freebsd/sys/sys/jail.h
@@ -228,9 +228,10 @@ struct prison_racct {
 #define	PR_ALLOW_QUOTAS			0x00000020
 #define	PR_ALLOW_SOCKET_AF		0x00000040
 #define	PR_ALLOW_MLOCK			0x00000080
+#define	PR_ALLOW_READ_MSGBUF		0x00000100
 #define	PR_ALLOW_RESERVED_PORTS		0x00008000
 #define	PR_ALLOW_KMEM_ACCESS		0x00010000	/* reserved, not used yet */
-#define	PR_ALLOW_ALL_STATIC		0x000180ff
+#define	PR_ALLOW_ALL_STATIC		0x000181ff
 
 /*
  * OSD methods
diff --git a/freebsd/sys/sys/linker.h b/freebsd/sys/sys/linker.h
index 8aae31d9..a03ea88c 100644
--- a/freebsd/sys/sys/linker.h
+++ b/freebsd/sys/sys/linker.h
@@ -183,6 +183,8 @@ int linker_ddb_search_symbol_name(caddr_t value, char *buf, u_int buflen,
 /*
  * stack(9) helper for situations where kernel locking is required.
  */
+int linker_search_symbol_name_flags(caddr_t value, char *buf, u_int buflen,
+    long *offset, int flags);
 int linker_search_symbol_name(caddr_t value, char *buf, u_int buflen,
     long *offset);
 
diff --git a/freebsd/sys/sys/malloc.h b/freebsd/sys/sys/malloc.h
index 33e1aab9..4e7a8df3 100644
--- a/freebsd/sys/sys/malloc.h
+++ b/freebsd/sys/sys/malloc.h
@@ -101,7 +101,7 @@ struct malloc_type_internal {
 	uint32_t	mti_probes[DTMALLOC_PROBE_MAX];
 					/* DTrace probe ID array. */
 	u_char		mti_zone;
-	struct malloc_type_stats	mti_stats[MAXCPU];
+	struct malloc_type_stats	*mti_stats;
 };
 
 /*
diff --git a/freebsd/sys/sys/module.h b/freebsd/sys/sys/module.h
index b40870d3..89377df4 100644
--- a/freebsd/sys/sys/module.h
+++ b/freebsd/sys/sys/module.h
@@ -178,12 +178,12 @@ struct mod_pnp_match_info
  * to allow external tools to parse their internal device tables
  * to make an informed guess about what driver(s) to load.
  */
-#define	MODULE_PNP_INFO(d, b, unique, t, l, n)				\
+#define	MODULE_PNP_INFO(d, b, unique, t, n)				\
 	static const struct mod_pnp_match_info _module_pnp_##b##_##unique = {	\
 		.descr = d,						\
 		.bus = #b,						\
 		.table = t,						\
-		.entry_len = l,						\
+		.entry_len = sizeof((t)[0]),				\
 		.num_entry = n						\
 	};								\
 	MODULE_METADATA(_md_##b##_pnpinfo_##unique, MDT_PNP_INFO,	\
diff --git a/freebsd/sys/sys/mouse.h b/freebsd/sys/sys/mouse.h
index 882d59c9..3bb65d5c 100644
--- a/freebsd/sys/sys/mouse.h
+++ b/freebsd/sys/sys/mouse.h
@@ -141,8 +141,8 @@ typedef struct synapticshw {
 /* iftype */
 #define MOUSE_IF_UNKNOWN	(-1)
 #define MOUSE_IF_SERIAL		0
-#define MOUSE_IF_BUS		1
-#define MOUSE_IF_INPORT		2
+/* 1 was bus */
+/* 2 was inport */
 #define MOUSE_IF_PS2		3
 #define MOUSE_IF_SYSMOUSE	4
 #define MOUSE_IF_USB		5
@@ -200,8 +200,8 @@ typedef struct mousemode {
 #define MOUSE_PROTO_LOGI	2	/* Logitech, 3 bytes */
 #define MOUSE_PROTO_MM		3	/* MM series, 3 bytes */
 #define MOUSE_PROTO_LOGIMOUSEMAN 4	/* Logitech MouseMan 3/4 bytes */
-#define MOUSE_PROTO_BUS		5	/* MS/Logitech bus mouse */
-#define MOUSE_PROTO_INPORT	6	/* MS/ATI InPort mouse */
+/* 5 was bus mouse */
+/* 6 was inport mosue */
 #define MOUSE_PROTO_PS2		7	/* PS/2 mouse, 3 bytes */
 #define MOUSE_PROTO_HITTAB	8	/* Hitachi Tablet 3 bytes */
 #define MOUSE_PROTO_GLIDEPOINT	9	/* ALPS GlidePoint, 3/4 bytes */
diff --git a/freebsd/sys/sys/racct.h b/freebsd/sys/sys/racct.h
index ec3322bd..84de705f 100644
--- a/freebsd/sys/sys/racct.h
+++ b/freebsd/sys/sys/racct.h
@@ -164,6 +164,15 @@ extern struct mtx racct_lock;
 #define RACCT_UNLOCK()		mtx_unlock(&racct_lock)
 #define RACCT_LOCK_ASSERT()	mtx_assert(&racct_lock, MA_OWNED)
 
+#define	RACCT_PROC_LOCK(p)	do {		\
+	if (__predict_false(racct_enable))	\
+		PROC_LOCK(p);			\
+} while (0)
+#define	RACCT_PROC_UNLOCK(p)	do {		\
+	if (__predict_false(racct_enable))	\
+		PROC_UNLOCK(p);			\
+} while (0)
+
 int	racct_add(struct proc *p, int resource, uint64_t amount);
 void	racct_add_cred(struct ucred *cred, int resource, uint64_t amount);
 void	racct_add_force(struct proc *p, int resource, uint64_t amount);
@@ -189,6 +198,9 @@ void	racct_proc_throttle(struct proc *p, int timeout);
 
 #else
 
+#define	RACCT_PROC_LOCK(p)	do { } while (0)
+#define	RACCT_PROC_UNLOCK(p)	do { } while (0)
+
 static inline int
 racct_add(struct proc *p, int resource, uint64_t amount)
 {
diff --git a/freebsd/sys/sys/random.h b/freebsd/sys/sys/random.h
index f32d3f66..2543bfec 100644
--- a/freebsd/sys/sys/random.h
+++ b/freebsd/sys/sys/random.h
@@ -67,9 +67,6 @@ read_random(void *ptr, u_int n)
  * Note: if you add or remove members of random_entropy_source, remember to
  * also update the strings in the static array random_source_descr[] in
  * random_harvestq.c.
- *
- * NOTE: complain loudly to markm@ or on the lists if this enum gets more than 32
- * distinct values (0-31)! ENTROPYSOURCE may be == 32, but not > 32.
  */
 enum random_entropy_source {
 	RANDOM_START = 0,
@@ -102,6 +99,8 @@ enum random_entropy_source {
 	RANDOM_PURE_DARN,
 	ENTROPYSOURCE
 };
+_Static_assert(ENTROPYSOURCE <= 32,
+    "hardcoded assumption that values fit in a typical word-sized bitset");
 
 #define RANDOM_HARVEST_EVERYTHING_MASK ((1 << (RANDOM_ENVIRONMENTAL_END + 1)) - 1)
 #define RANDOM_HARVEST_PURE_MASK (((1 << ENTROPYSOURCE) - 1) & (-1UL << RANDOM_PURE_START))
diff --git a/freebsd/sys/sys/refcount.h b/freebsd/sys/sys/refcount.h
index 040584ff..41713147 100644
--- a/freebsd/sys/sys/refcount.h
+++ b/freebsd/sys/sys/refcount.h
@@ -62,7 +62,7 @@ refcount_release(volatile u_int *count)
 
 	atomic_thread_fence_rel();
 	old = atomic_fetchadd_int((volatile int *)count, -1);
-	KASSERT(old > 0, ("negative refcount %p", count));
+	KASSERT(old > 0, ("refcount %p is zero", count));
 	if (old > 1)
 		return (0);
 
@@ -77,15 +77,19 @@ refcount_release(volatile u_int *count)
 }
 
 /*
+ * This functions returns non-zero if the refcount was
+ * incremented. Else zero is returned.
+ *
  * A temporary hack until refcount_* APIs are sorted out.
  */
-static __inline int
+static __inline __result_use_check int
 refcount_acquire_if_not_zero(volatile u_int *count)
 {
 	u_int old;
 
 	old = *count;
 	for (;;) {
+		KASSERT(old < UINT_MAX, ("refcount %p overflowed", count));
 		if (old == 0)
 			return (0);
 		if (atomic_fcmpset_int(count, &old, old + 1))
@@ -93,13 +97,14 @@ refcount_acquire_if_not_zero(volatile u_int *count)
 	}
 }
 
-static __inline int
+static __inline __result_use_check int
 refcount_release_if_not_last(volatile u_int *count)
 {
 	u_int old;
 
 	old = *count;
 	for (;;) {
+		KASSERT(old > 0, ("refcount %p is zero", count));
 		if (old == 1)
 			return (0);
 		if (atomic_fcmpset_int(count, &old, old - 1))
diff --git a/freebsd/sys/sys/resourcevar.h b/freebsd/sys/sys/resourcevar.h
index 9301c3e0..7c7e8458 100644
--- a/freebsd/sys/sys/resourcevar.h
+++ b/freebsd/sys/sys/resourcevar.h
@@ -93,12 +93,10 @@ struct racct;
  * (a) Constant from inception
  * (b) Lockless, updated using atomics
  * (c) Locked by global uihashtbl_lock
- * (d) Locked by the ui_vmsize_mtx
  */
 struct uidinfo {
 	LIST_ENTRY(uidinfo) ui_hash;	/* (c) hash chain of uidinfos */
-	struct mtx ui_vmsize_mtx;
-	vm_ooffset_t ui_vmsize;		/* (d) swap reservation by uid */
+	u_long ui_vmsize;	/* (b) pages of swap reservation by uid */
 	long	ui_sbsize;		/* (b) socket buffer space consumed */
 	long	ui_proccnt;		/* (b) number of processes */
 	long	ui_ptscnt;		/* (b) number of pseudo-terminals */
diff --git a/freebsd/sys/sys/signalvar.h b/freebsd/sys/sys/signalvar.h
index 8735e3a0..0a1413b5 100644
--- a/freebsd/sys/sys/signalvar.h
+++ b/freebsd/sys/sys/signalvar.h
@@ -350,7 +350,7 @@ static inline int
 sigdeferstop(int mode)
 {
 
-	if (mode == SIGDEFERSTOP_NOP)
+	if (__predict_true(mode == SIGDEFERSTOP_NOP))
 		return (SIGDEFERSTOP_VAL_NCHG);
 	return (sigdeferstop_impl(mode));
 }
@@ -359,7 +359,7 @@ static inline void
 sigallowstop(int prev)
 {
 
-	if (prev == SIGDEFERSTOP_VAL_NCHG)
+	if (__predict_true(prev == SIGDEFERSTOP_VAL_NCHG))
 		return;
 	sigallowstop_impl(prev);
 }
diff --git a/freebsd/sys/sys/sockbuf.h b/freebsd/sys/sys/sockbuf.h
index 915fee0b..fc287023 100644
--- a/freebsd/sys/sys/sockbuf.h
+++ b/freebsd/sys/sys/sockbuf.h
@@ -167,10 +167,9 @@ int	sbreserve_locked(struct sockbuf *sb, u_long cc, struct socket *so,
 	    struct thread *td);
 struct mbuf *
 	sbsndptr(struct sockbuf *sb, u_int off, u_int len, u_int *moff);
+void	sbsndptr_adv(struct sockbuf *sb, struct mbuf *mb, u_int len);
 struct mbuf *
 	sbsndptr_noadv(struct sockbuf *sb, u_int off, u_int *moff);
-void
-	sbsndptr_adv(struct sockbuf *sb, struct mbuf *mb, u_int len);
 struct mbuf *
 	sbsndmbuf(struct sockbuf *sb, u_int off, u_int *moff);
 int	sbwait(struct sockbuf *sb);
diff --git a/freebsd/sys/sys/sysproto.h b/freebsd/sys/sys/sysproto.h
index 89467f3b..8317e586 100644
--- a/freebsd/sys/sys/sysproto.h
+++ b/freebsd/sys/sys/sysproto.h
@@ -141,23 +141,23 @@ struct recvfrom_args {
 	char buf_l_[PADL_(caddr_t)]; caddr_t buf; char buf_r_[PADR_(caddr_t)];
 	char len_l_[PADL_(size_t)]; size_t len; char len_r_[PADR_(size_t)];
 	char flags_l_[PADL_(int)]; int flags; char flags_r_[PADR_(int)];
-	char from_l_[PADL_(struct sockaddr *__restrict)]; struct sockaddr *__restrict from; char from_r_[PADR_(struct sockaddr *__restrict)];
-	char fromlenaddr_l_[PADL_(__socklen_t *__restrict)]; __socklen_t *__restrict fromlenaddr; char fromlenaddr_r_[PADR_(__socklen_t *__restrict)];
+	char from_l_[PADL_(struct sockaddr *)]; struct sockaddr * from; char from_r_[PADR_(struct sockaddr *)];
+	char fromlenaddr_l_[PADL_(__socklen_t *)]; __socklen_t * fromlenaddr; char fromlenaddr_r_[PADR_(__socklen_t *)];
 };
 struct accept_args {
 	char s_l_[PADL_(int)]; int s; char s_r_[PADR_(int)];
-	char name_l_[PADL_(struct sockaddr *__restrict)]; struct sockaddr *__restrict name; char name_r_[PADR_(struct sockaddr *__restrict)];
-	char anamelen_l_[PADL_(__socklen_t *__restrict)]; __socklen_t *__restrict anamelen; char anamelen_r_[PADR_(__socklen_t *__restrict)];
+	char name_l_[PADL_(struct sockaddr *)]; struct sockaddr * name; char name_r_[PADR_(struct sockaddr *)];
+	char anamelen_l_[PADL_(__socklen_t *)]; __socklen_t * anamelen; char anamelen_r_[PADR_(__socklen_t *)];
 };
 struct getpeername_args {
 	char fdes_l_[PADL_(int)]; int fdes; char fdes_r_[PADR_(int)];
-	char asa_l_[PADL_(struct sockaddr *__restrict)]; struct sockaddr *__restrict asa; char asa_r_[PADR_(struct sockaddr *__restrict)];
-	char alen_l_[PADL_(__socklen_t *__restrict)]; __socklen_t *__restrict alen; char alen_r_[PADR_(__socklen_t *__restrict)];
+	char asa_l_[PADL_(struct sockaddr *)]; struct sockaddr * asa; char asa_r_[PADR_(struct sockaddr *)];
+	char alen_l_[PADL_(__socklen_t *)]; __socklen_t * alen; char alen_r_[PADR_(__socklen_t *)];
 };
 struct getsockname_args {
 	char fdes_l_[PADL_(int)]; int fdes; char fdes_r_[PADR_(int)];
-	char asa_l_[PADL_(struct sockaddr *__restrict)]; struct sockaddr *__restrict asa; char asa_r_[PADR_(struct sockaddr *__restrict)];
-	char alen_l_[PADL_(__socklen_t *__restrict)]; __socklen_t *__restrict alen; char alen_r_[PADR_(__socklen_t *__restrict)];
+	char asa_l_[PADL_(struct sockaddr *)]; struct sockaddr * asa; char asa_r_[PADR_(struct sockaddr *)];
+	char alen_l_[PADL_(__socklen_t *)]; __socklen_t * alen; char alen_r_[PADR_(__socklen_t *)];
 };
 #ifndef __rtems__
 struct access_args {
@@ -1703,8 +1703,8 @@ struct chflagsat_args {
 };
 struct accept4_args {
 	char s_l_[PADL_(int)]; int s; char s_r_[PADR_(int)];
-	char name_l_[PADL_(struct sockaddr *__restrict)]; struct sockaddr *__restrict name; char name_r_[PADR_(struct sockaddr *__restrict)];
-	char anamelen_l_[PADL_(__socklen_t *__restrict)]; __socklen_t *__restrict anamelen; char anamelen_r_[PADR_(__socklen_t *__restrict)];
+	char name_l_[PADL_(struct sockaddr *)]; struct sockaddr * name; char name_r_[PADR_(struct sockaddr *)];
+	char anamelen_l_[PADL_(__socklen_t *)]; __socklen_t * anamelen; char anamelen_r_[PADR_(__socklen_t *)];
 	char flags_l_[PADL_(int)]; int flags; char flags_r_[PADR_(int)];
 };
 struct pipe2_args {
diff --git a/freebsd/sys/sys/systm.h b/freebsd/sys/sys/systm.h
index 4145be2c..9f9b00bd 100644
--- a/freebsd/sys/sys/systm.h
+++ b/freebsd/sys/sys/systm.h
@@ -331,7 +331,6 @@ int	vasprintf(char **ret, struct malloc_type *mtp, const char *format,
 int	vsnprintf(char *, size_t, const char *, __va_list) __printflike(3, 0);
 int	vsnrprintf(char *, size_t, int, const char *, __va_list) __printflike(4, 0);
 int	vsprintf(char *buf, const char *, __va_list) __printflike(2, 0);
-int	ttyprintf(struct tty *, const char *, ...) __printflike(2, 3);
 int	sscanf(const char *, char const * _Nonnull, ...) __scanflike(2, 3);
 int	vsscanf(const char * _Nonnull, char const * _Nonnull, __va_list)  __scanflike(2, 0);
 long	strtol(const char *, char **, int);
@@ -384,6 +383,12 @@ void	*memmove(void * _Nonnull dest, const void * _Nonnull src, size_t n);
 int	memcmp(const void *b1, const void *b2, size_t len);
 #define memcmp(b1, b2, len) __builtin_memcmp((b1), (b2), (len))
 
+void	*memset_early(void * _Nonnull buf, int c, size_t len);
+#define bzero_early(buf, len) memset_early((buf), 0, (len))
+void	*memcpy_early(void * _Nonnull to, const void * _Nonnull from, size_t len);
+void	*memmove_early(void * _Nonnull dest, const void * _Nonnull src, size_t n);
+#define bcopy_early(from, to, len) memmove_early((to), (from), (len))
+
 #ifndef __rtems__
 int	copystr(const void * _Nonnull __restrict kfaddr,
 	    void * _Nonnull __restrict kdaddr, size_t len,
diff --git a/freebsd/sys/sys/tty.h b/freebsd/sys/sys/tty.h
index 92ad89a6..c85ca559 100644
--- a/freebsd/sys/sys/tty.h
+++ b/freebsd/sys/sys/tty.h
@@ -132,6 +132,13 @@ struct tty {
 	void		*t_devswsoftc;	/* (c) Soft config, for drivers. */
 	void		*t_hooksoftc;	/* (t) Soft config, for hooks. */
 	struct cdev	*t_dev;		/* (c) Primary character device. */
+
+#ifndef PRINTF_BUFR_SIZE
+#define TTY_PRINTF_SIZE 256
+#else
+#define TTY_PRINTF_SIZE PRINTF_BUFR_SIZE
+#endif
+	char		t_prbuf[TTY_PRINTF_SIZE]; /* (t) */
 };
 
 /*
@@ -194,6 +201,7 @@ void	tty_wakeup(struct tty *tp, int flags);
 /* System messages. */
 int	tty_checkoutq(struct tty *tp);
 int	tty_putchar(struct tty *tp, char c);
+int	tty_putstrn(struct tty *tp, const char *p, size_t n);
 
 int	tty_ioctl(struct tty *tp, u_long cmd, void *data, int fflag,
     struct thread *td);
diff --git a/freebsd/sys/sys/user.h b/freebsd/sys/sys/user.h
index f6aa2b3f..1218deec 100644
--- a/freebsd/sys/sys/user.h
+++ b/freebsd/sys/sys/user.h
@@ -349,85 +349,96 @@ struct kinfo_file {
 	int64_t		kf_offset;		/* Seek location. */
 	union {
 		struct {
-			/* Sendq size */
-			uint32_t	kf_sock_sendq;
-			/* Socket domain. */
-			int		kf_sock_domain0;
-			/* Socket type. */
-			int		kf_sock_type0;
-			/* Socket protocol. */
-			int		kf_sock_protocol0;
-			/* Socket address. */
+			/* API compatiblity with FreeBSD < 12. */
+			int		kf_vnode_type;
+			int		kf_sock_domain;
+			int		kf_sock_type;
+			int		kf_sock_protocol;
 			struct sockaddr_storage kf_sa_local;
-			/* Peer address. */
 			struct sockaddr_storage	kf_sa_peer;
-			/* Address of so_pcb. */
-			uint64_t	kf_sock_pcb;
-			/* Address of inp_ppcb. */
-			uint64_t	kf_sock_inpcb;
-			/* Address of unp_conn. */
-			uint64_t	kf_sock_unpconn;
-			/* Send buffer state. */
-			uint16_t	kf_sock_snd_sb_state;
-			/* Receive buffer state. */
-			uint16_t	kf_sock_rcv_sb_state;
-			/* Recvq size. */
-			uint32_t	kf_sock_recvq;
-		} kf_sock;
-		struct {
-			/* Vnode type. */
-			int		kf_file_type;
-			/* Space for future use */
-			int		kf_spareint[3];
-			uint64_t	kf_spareint64[30];
-			/* Vnode filesystem id. */
-			uint64_t	kf_file_fsid;
-			/* File device. */
-			uint64_t	kf_file_rdev;
-			/* Global file id. */
-			uint64_t	kf_file_fileid;
-			/* File size. */
-			uint64_t	kf_file_size;
-			/* Vnode filesystem id, FreeBSD 11 compat. */
-			uint32_t	kf_file_fsid_freebsd11;
-			/* File device, FreeBSD 11 compat. */
-			uint32_t	kf_file_rdev_freebsd11;
-			/* File mode. */
-			uint16_t	kf_file_mode;
-			/* Round to 64 bit alignment. */
-			uint16_t	kf_file_pad0;
-			uint32_t	kf_file_pad1;
-		} kf_file;
-		struct {
-			uint32_t	kf_spareint[4];
-			uint64_t	kf_spareint64[32];
-			uint32_t	kf_sem_value;
-			uint16_t	kf_sem_mode;
-		} kf_sem;
-		struct {
-			uint32_t	kf_spareint[4];
-			uint64_t	kf_spareint64[32];
-			uint64_t	kf_pipe_addr;
-			uint64_t	kf_pipe_peer;
-			uint32_t	kf_pipe_buffer_cnt;
-			/* Round to 64 bit alignment. */
-			uint32_t	kf_pipe_pad0[3];
-		} kf_pipe;
-		struct {
-			uint32_t	kf_spareint[4];
-			uint64_t	kf_spareint64[32];
-			uint32_t	kf_pts_dev_freebsd11;
-			uint32_t	kf_pts_pad0;
-			uint64_t	kf_pts_dev;
-			/* Round to 64 bit alignment. */
-			uint32_t	kf_pts_pad1[4];
-		} kf_pts;
-		struct {
-			uint32_t	kf_spareint[4];
-			uint64_t	kf_spareint64[32];
-			pid_t		kf_pid;
-		} kf_proc;
-	} kf_un;
+		};
+		union {
+			struct {
+				/* Sendq size */
+				uint32_t	kf_sock_sendq;
+				/* Socket domain. */
+				int		kf_sock_domain0;
+				/* Socket type. */
+				int		kf_sock_type0;
+				/* Socket protocol. */
+				int		kf_sock_protocol0;
+				/* Socket address. */
+				struct sockaddr_storage kf_sa_local;
+				/* Peer address. */
+				struct sockaddr_storage	kf_sa_peer;
+				/* Address of so_pcb. */
+				uint64_t	kf_sock_pcb;
+				/* Address of inp_ppcb. */
+				uint64_t	kf_sock_inpcb;
+				/* Address of unp_conn. */
+				uint64_t	kf_sock_unpconn;
+				/* Send buffer state. */
+				uint16_t	kf_sock_snd_sb_state;
+				/* Receive buffer state. */
+				uint16_t	kf_sock_rcv_sb_state;
+				/* Recvq size. */
+				uint32_t	kf_sock_recvq;
+			} kf_sock;
+			struct {
+				/* Vnode type. */
+				int		kf_file_type;
+				/* Space for future use */
+				int		kf_spareint[3];
+				uint64_t	kf_spareint64[30];
+				/* Vnode filesystem id. */
+				uint64_t	kf_file_fsid;
+				/* File device. */
+				uint64_t	kf_file_rdev;
+				/* Global file id. */
+				uint64_t	kf_file_fileid;
+				/* File size. */
+				uint64_t	kf_file_size;
+				/* Vnode filesystem id, FreeBSD 11 compat. */
+				uint32_t	kf_file_fsid_freebsd11;
+				/* File device, FreeBSD 11 compat. */
+				uint32_t	kf_file_rdev_freebsd11;
+				/* File mode. */
+				uint16_t	kf_file_mode;
+				/* Round to 64 bit alignment. */
+				uint16_t	kf_file_pad0;
+				uint32_t	kf_file_pad1;
+			} kf_file;
+			struct {
+				uint32_t	kf_spareint[4];
+				uint64_t	kf_spareint64[32];
+				uint32_t	kf_sem_value;
+				uint16_t	kf_sem_mode;
+			} kf_sem;
+			struct {
+				uint32_t	kf_spareint[4];
+				uint64_t	kf_spareint64[32];
+				uint64_t	kf_pipe_addr;
+				uint64_t	kf_pipe_peer;
+				uint32_t	kf_pipe_buffer_cnt;
+				/* Round to 64 bit alignment. */
+				uint32_t	kf_pipe_pad0[3];
+			} kf_pipe;
+			struct {
+				uint32_t	kf_spareint[4];
+				uint64_t	kf_spareint64[32];
+				uint32_t	kf_pts_dev_freebsd11;
+				uint32_t	kf_pts_pad0;
+				uint64_t	kf_pts_dev;
+				/* Round to 64 bit alignment. */
+				uint32_t	kf_pts_pad1[4];
+			} kf_pts;
+			struct {
+				uint32_t	kf_spareint[4];
+				uint64_t	kf_spareint64[32];
+				pid_t		kf_pid;
+			} kf_proc;
+		} kf_un;
+	};
 	uint16_t	kf_status;		/* Status flags. */
 	uint16_t	kf_pad1;		/* Round to 32 bit alignment. */
 	int		_kf_ispare0;		/* Space for more stuff. */
@@ -439,12 +450,6 @@ struct kinfo_file {
 	int		kf_dummy;
 #endif /* __rtems__ */
 };
-#ifndef _KERNEL
-#define	kf_vnode_type	kf_un.kf_file.kf_file_type
-#define	kf_sock_domain	kf_un.kf_sock.kf_sock_domain0
-#define	kf_sock_type	kf_un.kf_sock.kf_sock_type0
-#define	kf_sock_protocol	kf_un.kf_sock.kf_sock_protocol0
-#endif
 
 /*
  * The KERN_PROC_VMMAP sysctl allows a process to dump the VM layout of
diff --git a/freebsd/sys/sys/vmmeter.h b/freebsd/sys/sys/vmmeter.h
index c41b151f..579d1675 100644
--- a/freebsd/sys/sys/vmmeter.h
+++ b/freebsd/sys/sys/vmmeter.h
@@ -145,6 +145,7 @@ struct vmmeter {
 #include <sys/domainset.h>
 
 extern struct vmmeter vm_cnt;
+extern domainset_t all_domains;
 extern domainset_t vm_min_domains;
 extern domainset_t vm_severe_domains;
 
@@ -177,7 +178,7 @@ vm_wire_count(void)
 /*
  * Return TRUE if we are under our severe low-free-pages threshold
  *
- * This routine is typically used at the user<->system interface to determine
+ * These routines are typically used at the user<->system interface to determine
  * whether we need to block in order to avoid a low memory deadlock.
  */
 static inline int
@@ -188,7 +189,14 @@ vm_page_count_severe(void)
 }
 
 static inline int
-vm_page_count_severe_set(domainset_t *mask)
+vm_page_count_severe_domain(int domain)
+{
+
+	return (DOMAINSET_ISSET(domain, &vm_severe_domains));
+}
+
+static inline int
+vm_page_count_severe_set(const domainset_t *mask)
 {
 
 	return (DOMAINSET_SUBSET(&vm_severe_domains, mask));
@@ -197,7 +205,7 @@ vm_page_count_severe_set(domainset_t *mask)
 /*
  * Return TRUE if we are under our minimum low-free-pages threshold.
  *
- * This routine is typically used within the system to determine whether
+ * These routines are typically used within the system to determine whether
  * we can execute potentially very expensive code in terms of memory.  It
  * is also used by the pageout daemon to calculate when to sleep, when
  * to wake waiters up, and when (after making a pass) to become more
@@ -210,5 +218,19 @@ vm_page_count_min(void)
 	return (!DOMAINSET_EMPTY(&vm_min_domains));
 }
 
+static inline int
+vm_page_count_min_domain(int domain)
+{
+
+	return (DOMAINSET_ISSET(domain, &vm_min_domains));
+}
+
+static inline int
+vm_page_count_min_set(const domainset_t *mask)
+{
+
+	return (DOMAINSET_SUBSET(&vm_min_domains, mask));
+}
+
 #endif	/* _KERNEL */
 #endif	/* _SYS_VMMETER_H_ */
diff --git a/freebsd/sys/vm/uma_core.c b/freebsd/sys/vm/uma_core.c
index 2a1e1b07..f1ea87e8 100644
--- a/freebsd/sys/vm/uma_core.c
+++ b/freebsd/sys/vm/uma_core.c
@@ -86,6 +86,7 @@ __FBSDID("$FreeBSD$");
 #include <vm/vm_pageout.h>
 #include <vm/vm_param.h>
 #include <vm/vm_phys.h>
+#include <vm/vm_pagequeue.h>
 #include <vm/vm_map.h>
 #include <vm/vm_kern.h>
 #include <vm/vm_extern.h>
@@ -2550,6 +2551,7 @@ uma_zalloc_arg(uma_zone_t zone, void *udata, int flags)
 	 * the current cache; when we re-acquire the critical section, we
 	 * must detect and handle migration if it has occurred.
 	 */
+zalloc_restart:
 	critical_enter();
 	cpu = curcpu;
 	cache = &zone->uz_cpu[cpu];
@@ -2611,9 +2613,11 @@ zalloc_start:
 		bucket_free(zone, bucket, udata);
 
 #ifndef __rtems__
-	if (zone->uz_flags & UMA_ZONE_NUMA)
+	if (zone->uz_flags & UMA_ZONE_NUMA) {
 		domain = PCPU_GET(domain);
-	else
+		if (VM_DOMAIN_EMPTY(domain))
+			domain = UMA_ANYDOMAIN;
+	} else
 #endif /* __rtems__ */
 		domain = UMA_ANYDOMAIN;
 
@@ -2692,15 +2696,21 @@ zalloc_start:
 		 * the memory directly.
 		 */
 #ifndef __rtems__
-		if (cache->uc_allocbucket != NULL ||
-		    (zone->uz_flags & UMA_ZONE_NUMA &&
-		    domain != PCPU_GET(domain)))
+		if (cache->uc_allocbucket == NULL &&
+		    ((zone->uz_flags & UMA_ZONE_NUMA) == 0 ||
+		    domain == PCPU_GET(domain))) {
 #else /* __rtems__ */
-		if (cache->uc_allocbucket != NULL)
+		if (cache->uc_allocbucket == NULL) {
 #endif /* __rtems__ */
-			LIST_INSERT_HEAD(&zdom->uzd_buckets, bucket, ub_link);
-		else
 			cache->uc_allocbucket = bucket;
+		} else if ((zone->uz_flags & UMA_ZONE_NOBUCKETCACHE) != 0) {
+			critical_exit();
+			ZONE_UNLOCK(zone);
+			bucket_drain(zone, bucket);
+			bucket_free(zone, bucket, udata);
+			goto zalloc_restart;
+		} else
+			LIST_INSERT_HEAD(&zdom->uzd_buckets, bucket, ub_link);
 		ZONE_UNLOCK(zone);
 		goto zalloc_start;
 	}
@@ -2765,8 +2775,10 @@ keg_first_slab(uma_keg_t keg, int domain, int rr)
 			LIST_INSERT_HEAD(&dom->ud_part_slab, slab, us_link);
 			return (slab);
 		}
+#ifndef __rtems__
 		if (rr)
 			domain = (domain + 1) % vm_ndomains;
+#endif /* __rtems__ */
 	} while (domain != start);
 
 	return (NULL);
@@ -2790,17 +2802,26 @@ keg_fetch_slab(uma_keg_t keg, uma_zone_t zone, int rdomain, int flags)
 	 * Round-robin for non first-touch zones when there is more than one
 	 * domain.
 	 */
+#ifndef __rtems__
 	if (vm_ndomains == 1)
 		rdomain = 0;
 	rr = rdomain == UMA_ANYDOMAIN;
 	if (rr) {
-		keg->uk_cursor = (keg->uk_cursor + 1) % vm_ndomains;
+		start = keg->uk_cursor;
+		do {
+			keg->uk_cursor = (keg->uk_cursor + 1) % vm_ndomains;
+			domain = keg->uk_cursor;
+		} while (VM_DOMAIN_EMPTY(domain) && domain != start);
 		domain = start = keg->uk_cursor;
 		/* Only block on the second pass. */
 		if ((flags & (M_WAITOK | M_NOVM)) == M_WAITOK)
 			allocflags = (allocflags & ~M_WAITOK) | M_NOWAIT;
 	} else
 		domain = start = rdomain;
+#else /* __rtems__ */
+	rr = 1;
+	domain = start = keg->uk_cursor;
+#endif /* __rtems__ */
 
 again:
 	do {
@@ -2845,10 +2866,13 @@ again:
 			LIST_INSERT_HEAD(&dom->ud_part_slab, slab, us_link);
 			return (slab);
 		}
+#ifndef __rtems__
 		if (rr) {
-			keg->uk_cursor = (keg->uk_cursor + 1) % vm_ndomains;
-			domain = keg->uk_cursor;
+			do {
+				domain = (domain + 1) % vm_ndomains;
+			} while (VM_DOMAIN_EMPTY(domain) && domain != start);
 		}
+#endif /* __rtems__ */
 	} while (domain != start);
 
 	/* Retry domain scan with blocking. */
@@ -3054,6 +3078,8 @@ zone_alloc_bucket(uma_zone_t zone, void *udata, int domain, int flags)
 	uma_bucket_t bucket;
 	int max;
 
+	CTR1(KTR_UMA, "zone_alloc:_bucket domain %d)", domain);
+
 	/* Don't wait for buckets, preserve caller's NOVM setting. */
 	bucket = bucket_alloc(zone, udata, M_NOWAIT | (flags & M_NOVM));
 	if (bucket == NULL)
@@ -3121,6 +3147,13 @@ zone_alloc_item(uma_zone_t zone, void *udata, int domain, int flags)
 
 	item = NULL;
 
+#ifndef __rtems__
+	if (domain != UMA_ANYDOMAIN) {
+		/* avoid allocs targeting empty domains */
+		if (VM_DOMAIN_EMPTY(domain))
+			domain = UMA_ANYDOMAIN;
+	}
+#endif /* __rtems__ */
 	if (zone->uz_import(zone->uz_arg, &item, 1, domain, flags) != 1)
 		goto fail;
 	atomic_add_long(&zone->uz_allocs, 1);
@@ -3297,9 +3330,11 @@ zfree_start:
 	critical_exit();
 
 #ifndef __rtems__
-	if ((zone->uz_flags & UMA_ZONE_NUMA) != 0)
+	if ((zone->uz_flags & UMA_ZONE_NUMA) != 0) {
 		domain = PCPU_GET(domain);
-	else 
+		if (VM_DOMAIN_EMPTY(domain))
+			domain = UMA_ANYDOMAIN;
+	} else
 		domain = 0;
 #endif /* __rtems__ */
 	zdom = &zone->uz_domain[0];
@@ -3761,7 +3796,9 @@ uma_prealloc(uma_zone_t zone, int items)
 		dom = &keg->uk_domain[slab->us_domain];
 		LIST_INSERT_HEAD(&dom->ud_free_slab, slab, us_link);
 		slabs--;
-		domain = (domain + 1) % vm_ndomains;
+		do {
+			domain = (domain + 1) % vm_ndomains;
+		} while (VM_DOMAIN_EMPTY(domain));
 	}
 	KEG_UNLOCK(keg);
 }
@@ -3857,6 +3894,11 @@ uma_large_malloc_domain(vm_size_t size, int domain, int wait)
 	vm_offset_t addr;
 	uma_slab_t slab;
 
+	if (domain != UMA_ANYDOMAIN) {
+		/* avoid allocs targeting empty domains */
+		if (VM_DOMAIN_EMPTY(domain))
+			domain = UMA_ANYDOMAIN;
+	}
 	slab = zone_alloc_item(slabzone, NULL, domain, wait);
 	if (slab == NULL)
 		return (NULL);
diff --git a/ipsec-tools/src/config.h b/ipsec-tools/src/config.h
index cd831ccc..826d827e 100644
--- a/ipsec-tools/src/config.h
+++ b/ipsec-tools/src/config.h
@@ -208,7 +208,7 @@
 #define HAVE_VPRINTF 1
 
 /* Support IPv6 */
-#define INET6 /**/
+#define INET6 1
 
 /* Use advanced IPv6 API */
 #define INET6_ADVAPI /**/
diff --git a/ipsec-tools/src/racoon/crypto_openssl.c b/ipsec-tools/src/racoon/crypto_openssl.c
index 2d140fdf..e4a4a902 100644
--- a/ipsec-tools/src/racoon/crypto_openssl.c
+++ b/ipsec-tools/src/racoon/crypto_openssl.c
@@ -98,7 +98,12 @@
 #define SHA384_Init _bsd_SHA384_Init
 #define SHA384_Update _bsd_SHA384_Update
 #define SHA384_Final _bsd_SHA384_Final
-#include <openssl/sha2/sha384.h>
+#include <crypto/sha2/sha384.h>
+#include <crypto/rsa/rsa_locl.h>
+#include <crypto/evp/evp_locl.h>
+#include <crypto/dh/dh_locl.h>
+#include <crypto/include/internal/evp_int.h>
+#include <crypto/include/internal/x509_int.h>
 #endif /* __rtems__ */
 #endif
 #endif
@@ -530,13 +535,13 @@ eay_get_x509asn1subjectname(cert)
 		goto error;
 
 	/* get the length of the name */
-	len = i2d_X509_NAME(x509->cert_info->subject, NULL);
+	len = i2d_X509_NAME(x509->cert_info.subject, NULL);
 	name = vmalloc(len);
 	if (!name)
 		goto error;
 	/* get the name */
 	bp = (unsigned char *) name->v;
-	len = i2d_X509_NAME(x509->cert_info->subject, &bp);
+	len = i2d_X509_NAME(x509->cert_info.subject, &bp);
 
 	X509_free(x509);
 
@@ -675,14 +680,14 @@ eay_get_x509asn1issuername(cert)
 		goto error;
 
 	/* get the length of the name */
-	len = i2d_X509_NAME(x509->cert_info->issuer, NULL);
+	len = i2d_X509_NAME(x509->cert_info.issuer, NULL);
 	name = vmalloc(len);
 	if (name == NULL)
 		goto error;
 
 	/* get the name */
 	bp = (unsigned char *) name->v;
-	len = i2d_X509_NAME(x509->cert_info->issuer, &bp);
+	len = i2d_X509_NAME(x509->cert_info.issuer, &bp);
 
 	X509_free(x509);
 
@@ -1124,6 +1129,7 @@ evp_crypt(vchar_t *data, vchar_t *key, vchar_t *iv, const EVP_CIPHER *e, int enc
 	if ((res = vmalloc(data->l)) == NULL)
 		return NULL;
 
+	memset(&ctx, 0, sizeof(ctx));
 	EVP_CIPHER_CTX_init(&ctx);
 
 	switch(EVP_CIPHER_nid(e)){
@@ -1693,7 +1699,7 @@ eay_hmac_init(key, md)
 	vchar_t *key;
 	const EVP_MD *md;
 {
-	HMAC_CTX *c = racoon_malloc(sizeof(*c));
+	HMAC_CTX *c = HMAC_CTX_new();
 
 	HMAC_Init(c, key->v, key->l, md);
 
@@ -1744,14 +1750,14 @@ vchar_t *
 eay_hmacsha2_512_one(key, data)
 	vchar_t *key, *data;
 {
-	return eay_hmac_one(key, data, EVP_sha2_512());
+	return eay_hmac_one(key, data, EVP_sha512());
 }
 
 caddr_t
 eay_hmacsha2_512_init(key)
 	vchar_t *key;
 {
-	return eay_hmac_init(key, EVP_sha2_512());
+	return eay_hmac_init(key, EVP_sha512());
 }
 
 void
@@ -1774,8 +1780,7 @@ eay_hmacsha2_512_final(c)
 
 	HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
 	res->l = l;
-	HMAC_cleanup((HMAC_CTX *)c);
-	(void)racoon_free(c);
+	HMAC_CTX_free((HMAC_CTX *)c);
 
 	if (SHA512_DIGEST_LENGTH != res->l) {
 		plog(LLV_ERROR, LOCATION, NULL,
@@ -1794,14 +1799,14 @@ vchar_t *
 eay_hmacsha2_384_one(key, data)
 	vchar_t *key, *data;
 {
-	return eay_hmac_one(key, data, EVP_sha2_384());
+	return eay_hmac_one(key, data, EVP_sha384());
 }
 
 caddr_t
 eay_hmacsha2_384_init(key)
 	vchar_t *key;
 {
-	return eay_hmac_init(key, EVP_sha2_384());
+	return eay_hmac_init(key, EVP_sha384());
 }
 
 void
@@ -1824,8 +1829,7 @@ eay_hmacsha2_384_final(c)
 
 	HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
 	res->l = l;
-	HMAC_cleanup((HMAC_CTX *)c);
-	(void)racoon_free(c);
+	HMAC_CTX_free((HMAC_CTX *)c);
 
 	if (SHA384_DIGEST_LENGTH != res->l) {
 		plog(LLV_ERROR, LOCATION, NULL,
@@ -1844,14 +1848,14 @@ vchar_t *
 eay_hmacsha2_256_one(key, data)
 	vchar_t *key, *data;
 {
-	return eay_hmac_one(key, data, EVP_sha2_256());
+	return eay_hmac_one(key, data, EVP_sha256());
 }
 
 caddr_t
 eay_hmacsha2_256_init(key)
 	vchar_t *key;
 {
-	return eay_hmac_init(key, EVP_sha2_256());
+	return eay_hmac_init(key, EVP_sha256());
 }
 
 void
@@ -1874,8 +1878,7 @@ eay_hmacsha2_256_final(c)
 
 	HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
 	res->l = l;
-	HMAC_cleanup((HMAC_CTX *)c);
-	(void)racoon_free(c);
+	HMAC_CTX_free((HMAC_CTX *)c);
 
 	if (SHA256_DIGEST_LENGTH != res->l) {
 		plog(LLV_ERROR, LOCATION, NULL,
@@ -1925,8 +1928,7 @@ eay_hmacsha1_final(c)
 
 	HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
 	res->l = l;
-	HMAC_cleanup((HMAC_CTX *)c);
-	(void)racoon_free(c);
+	HMAC_CTX_free((HMAC_CTX *)c);
 
 	if (SHA_DIGEST_LENGTH != res->l) {
 		plog(LLV_ERROR, LOCATION, NULL,
@@ -1975,8 +1977,7 @@ eay_hmacmd5_final(c)
 
 	HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
 	res->l = l;
-	HMAC_cleanup((HMAC_CTX *)c);
-	(void)racoon_free(c);
+	HMAC_CTX_free((HMAC_CTX *)c);
 
 	if (MD5_DIGEST_LENGTH != res->l) {
 		plog(LLV_ERROR, LOCATION, NULL,
@@ -2084,7 +2085,7 @@ vchar_t *
 eay_sha2_384_one(data)
 	vchar_t *data;
 {
-	return eay_digest_one(data, EVP_sha2_384());
+	return eay_digest_one(data, EVP_sha384());
 }
 
 int
@@ -2137,7 +2138,7 @@ vchar_t *
 eay_sha2_256_one(data)
 	vchar_t *data;
 {
-	return eay_digest_one(data, EVP_sha2_256());
+	return eay_digest_one(data, EVP_sha256());
 }
 
 int
diff --git a/ipsec-tools/src/racoon/missing/crypto/sha2/sha2.c b/ipsec-tools/src/racoon/missing/crypto/sha2/sha2.c
deleted file mode 100644
index fca879c6..00000000
--- a/ipsec-tools/src/racoon/missing/crypto/sha2/sha2.c
+++ /dev/null
@@ -1,1226 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-#ifdef __rtems__
-#include <machine/rtems-bsd-program.h>
-#include "../../../rtems-bsd-racoon-namespace.h"
-#endif /* __rtems__ */
-
-/*	$NetBSD: sha2.c,v 1.4.40.1 2012/12/24 08:48:08 tteras Exp $	*/
-
-/* Id: sha2.c,v 1.6 2004/09/21 14:35:25 ludvigm Exp */
-
-/*
- * sha2.c
- *
- * Version 1.0.0beta1
- *
- * Written by Aaron D. Gifford <me@aarongifford.com>
- *
- * Copyright 2000 Aaron D. Gifford.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the copyright holder nor the names of contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) AND CONTRIBUTOR(S) ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR(S) OR CONTRIBUTOR(S) BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- */
-
-#include "config.h"
-
-#include <sys/types.h>
-#include <sys/time.h>
-#ifndef __linux__
-#include <machine/endian.h>
-#endif
-#ifndef __rtems__
-#include <crypto/sha2/sha2.h>
-#else /* __rtems__ */
-#define SHA256_Init _bsd_SHA256_Init
-#define SHA256_Update _bsd_SHA256_Update
-#define SHA256_Final _bsd_SHA256_Final
-#include <crypto/sha2/sha256.h>
-#define SHA384_Init _bsd_SHA384_Init
-#define SHA384_Update _bsd_SHA384_Update
-#define SHA384_Final _bsd_SHA384_Final
-#include <crypto/sha2/sha384.h>
-#define SHA512_Init _bsd_SHA512_Init
-#define SHA512_Update _bsd_SHA512_Update
-#define SHA512_Final _bsd_SHA512_Final
-#include <crypto/sha2/sha512.h>
-#endif /* __rtems__ */
-#include <openssl/evp.h>
-
-/* get openssl/ssleay version number */
-#include <openssl/opensslv.h>
-
-#include <err.h>
-#include <string.h>
-#define bcopy(a, b, c) memcpy((b), (a), (c))
-#define bzero(a, b) memset((a), 0, (b))
-#define panic(a) err(1, (a))
-
-#define HAVE_EVP_097
-
-#ifndef __rtems__
-/*
- * ASSERT NOTE:
- * Some sanity checking code is included using assert().  On my FreeBSD
- * system, this additional code can be removed by compiling with NDEBUG
- * defined.  Check your own systems manpage on assert() to see how to
- * compile WITHOUT the sanity checking code on your system.
- *
- * UNROLLED TRANSFORM LOOP NOTE:
- * You can define SHA2_UNROLL_TRANSFORM to use the unrolled transform
- * loop version for the hash transform rounds (defined using macros
- * later in this file).  Either define on the command line, for example:
- *
- *   cc -DSHA2_UNROLL_TRANSFORM -o sha2 sha2.c sha2prog.c
- *
- * or define below:
- *
- *   #define SHA2_UNROLL_TRANSFORM
- *
- */
-
-#define assert(x)
-
-
-/*** SHA-256/384/512 Machine Architecture Definitions *****************/
-/*
- * BYTE_ORDER NOTE:
- *
- * Please make sure that your system defines BYTE_ORDER.  If your
- * architecture is little-endian, make sure it also defines
- * LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are
- * equivilent.
- *
- * If your system does not define the above, then you can do so by
- * hand like this:
- *
- *   #define LITTLE_ENDIAN 1234
- *   #define BIG_ENDIAN    4321
- *
- * And for little-endian machines, add:
- *
- *   #define BYTE_ORDER LITTLE_ENDIAN 
- *
- * Or for big-endian machines:
- *
- *   #define BYTE_ORDER BIG_ENDIAN
- *
- * The FreeBSD machine this was written on defines BYTE_ORDER
- * appropriately by including <sys/types.h> (which in turn includes
- * <machine/endian.h> where the appropriate definitions are actually
- * made).
- */
-#if !defined(BYTE_ORDER) || (BYTE_ORDER != LITTLE_ENDIAN && BYTE_ORDER != BIG_ENDIAN)
-#error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN
-#endif
-
-/*
- * Define the followingsha2_* types to types of the correct length on
- * the native archtecture.   Most BSD systems and Linux define u_intXX_t
- * types.  Machines with very recent ANSI C headers, can use the
- * uintXX_t definintions from inttypes.h by defining SHA2_USE_INTTYPES_H
- * during compile or in the sha.h header file.
- *
- * Machines that support neither u_intXX_t nor inttypes.h's uintXX_t
- * will need to define these three typedefs below (and the appropriate
- * ones in sha.h too) by hand according to their system architecture.
- *
- * Thank you, Jun-ichiro itojun Hagino, for suggesting using u_intXX_t
- * types and pointing out recent ANSI C support for uintXX_t in inttypes.h.
- */
-#if 0 /*def SHA2_USE_INTTYPES_H*/
-
-typedef uint8_t  sha2_byte;	/* Exactly 1 byte */
-typedef uint32_t sha2_word32;	/* Exactly 4 bytes */
-typedef uint64_t sha2_word64;	/* Exactly 8 bytes */
-
-#else /* SHA2_USE_INTTYPES_H */
-
-typedef u_int8_t  sha2_byte;	/* Exactly 1 byte */
-typedef u_int32_t sha2_word32;	/* Exactly 4 bytes */
-typedef u_int64_t sha2_word64;	/* Exactly 8 bytes */
-
-#endif /* SHA2_USE_INTTYPES_H */
-
-
-/*** SHA-256/384/512 Various Length Definitions ***********************/
-/* NOTE: Most of these are in sha2.h */
-#define SHA256_SHORT_BLOCK_LENGTH	(SHA256_BLOCK_LENGTH - 8)
-#define SHA384_SHORT_BLOCK_LENGTH	(SHA384_BLOCK_LENGTH - 16)
-#define SHA512_SHORT_BLOCK_LENGTH	(SHA512_BLOCK_LENGTH - 16)
-
-
-/*** ENDIAN REVERSAL MACROS *******************************************/
-#if BYTE_ORDER == LITTLE_ENDIAN
-#define REVERSE32(w,x)	{ \
-	sha2_word32 tmp = (w); \
-	tmp = (tmp >> 16) | (tmp << 16); \
-	(x) = ((tmp & 0xff00ff00UL) >> 8) | ((tmp & 0x00ff00ffUL) << 8); \
-}
-#define REVERSE64(w,x)	{ \
-	sha2_word64 tmp = (w); \
-	tmp = (tmp >> 32) | (tmp << 32); \
-	tmp = ((tmp & 0xff00ff00ff00ff00ULL) >> 8) | \
-	      ((tmp & 0x00ff00ff00ff00ffULL) << 8); \
-	(x) = ((tmp & 0xffff0000ffff0000ULL) >> 16) | \
-	      ((tmp & 0x0000ffff0000ffffULL) << 16); \
-}
-#endif /* BYTE_ORDER == LITTLE_ENDIAN */
-
-/*
- * Macro for incrementally adding the unsigned 64-bit integer n to the
- * unsigned 128-bit integer (represented using a two-element array of
- * 64-bit words):
- */
-#define ADDINC128(w,n)	{ \
-	(w)[0] += (sha2_word64)(n); \
-	if ((w)[0] < (n)) { \
-		(w)[1]++; \
-	} \
-}
-
-/*** THE SIX LOGICAL FUNCTIONS ****************************************/
-/*
- * Bit shifting and rotation (used by the six SHA-XYZ logical functions:
- *
- *   NOTE:  The naming of R and S appears backwards here (R is a SHIFT and
- *   S is a ROTATION) because the SHA-256/384/512 description document
- *   (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this
- *   same "backwards" definition.
- */
-/* Shift-right (used in SHA-256, SHA-384, and SHA-512): */
-#define R(b,x) 		((x) >> (b))
-/* 32-bit Rotate-right (used in SHA-256): */
-#define S32(b,x)	(((x) >> (b)) | ((x) << (32 - (b))))
-/* 64-bit Rotate-right (used in SHA-384 and SHA-512): */
-#define S64(b,x)	(((x) >> (b)) | ((x) << (64 - (b))))
-
-/* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */
-#define Ch(x,y,z)	(((x) & (y)) ^ ((~(x)) & (z)))
-#define Maj(x,y,z)	(((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
-
-/* Four of six logical functions used in SHA-256: */
-#define Sigma0_256(x)	(S32(2,  (x)) ^ S32(13, (x)) ^ S32(22, (x)))
-#define Sigma1_256(x)	(S32(6,  (x)) ^ S32(11, (x)) ^ S32(25, (x)))
-#define sigma0_256(x)	(S32(7,  (x)) ^ S32(18, (x)) ^ R(3 ,   (x)))
-#define sigma1_256(x)	(S32(17, (x)) ^ S32(19, (x)) ^ R(10,   (x)))
-
-/* Four of six logical functions used in SHA-384 and SHA-512: */
-#define Sigma0_512(x)	(S64(28, (x)) ^ S64(34, (x)) ^ S64(39, (x)))
-#define Sigma1_512(x)	(S64(14, (x)) ^ S64(18, (x)) ^ S64(41, (x)))
-#define sigma0_512(x)	(S64( 1, (x)) ^ S64( 8, (x)) ^ R( 7,   (x)))
-#define sigma1_512(x)	(S64(19, (x)) ^ S64(61, (x)) ^ R( 6,   (x)))
-
-/*** INTERNAL FUNCTION PROTOTYPES *************************************/
-/* NOTE: These should not be accessed directly from outside this
- * library -- they are intended for private internal visibility/use
- * only.
- */
-void SHA512_Last(SHA512_CTX*);
-void SHA256_Transform(SHA256_CTX*, const sha2_word32*);
-void SHA512_Transform(SHA512_CTX*, const sha2_word64*);
-
-
-/*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/
-/* Hash constant words K for SHA-256: */
-const static sha2_word32 K256[64] = {
-	0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
-	0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
-	0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL,
-	0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL,
-	0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
-	0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL,
-	0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL,
-	0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL,
-	0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL,
-	0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
-	0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL,
-	0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL,
-	0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL,
-	0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL,
-	0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
-	0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
-};
-
-/* Initial hash value H for SHA-256: */
-const static sha2_word32 sha256_initial_hash_value[8] = {
-	0x6a09e667UL,
-	0xbb67ae85UL,
-	0x3c6ef372UL,
-	0xa54ff53aUL,
-	0x510e527fUL,
-	0x9b05688cUL,
-	0x1f83d9abUL,
-	0x5be0cd19UL
-};
-
-/* Hash constant words K for SHA-384 and SHA-512: */
-const static sha2_word64 K512[80] = {
-	0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL,
-	0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL,
-	0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
-	0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL,
-	0xd807aa98a3030242ULL, 0x12835b0145706fbeULL,
-	0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
-	0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL,
-	0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL,
-	0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
-	0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL,
-	0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL,
-	0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
-	0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL,
-	0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL,
-	0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
-	0x06ca6351e003826fULL, 0x142929670a0e6e70ULL,
-	0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL,
-	0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
-	0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL,
-	0x81c2c92e47edaee6ULL, 0x92722c851482353bULL,
-	0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
-	0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL,
-	0xd192e819d6ef5218ULL, 0xd69906245565a910ULL,
-	0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
-	0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL,
-	0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL,
-	0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
-	0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL,
-	0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL,
-	0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
-	0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL,
-	0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL,
-	0xca273eceea26619cULL, 0xd186b8c721c0c207ULL,
-	0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL,
-	0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL,
-	0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
-	0x28db77f523047d84ULL, 0x32caab7b40c72493ULL,
-	0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL,
-	0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
-	0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL
-};
-
-/* Initial hash value H for SHA-384 */
-const static sha2_word64 sha384_initial_hash_value[8] = {
-	0xcbbb9d5dc1059ed8ULL,
-	0x629a292a367cd507ULL,
-	0x9159015a3070dd17ULL,
-	0x152fecd8f70e5939ULL,
-	0x67332667ffc00b31ULL,
-	0x8eb44a8768581511ULL,
-	0xdb0c2e0d64f98fa7ULL,
-	0x47b5481dbefa4fa4ULL
-};
-
-/* Initial hash value H for SHA-512 */
-const static sha2_word64 sha512_initial_hash_value[8] = {
-	0x6a09e667f3bcc908ULL,
-	0xbb67ae8584caa73bULL,
-	0x3c6ef372fe94f82bULL,
-	0xa54ff53a5f1d36f1ULL,
-	0x510e527fade682d1ULL,
-	0x9b05688c2b3e6c1fULL,
-	0x1f83d9abfb41bd6bULL,
-	0x5be0cd19137e2179ULL
-};
-
-/*
- * Constant used by SHA256/384/512_End() functions for converting the
- * digest to a readable hexadecimal character string:
- */
-static const char *sha2_hex_digits = "0123456789abcdef";
-
-
-/*** SHA-256: *********************************************************/
-void SHA256_Init(SHA256_CTX* context) {
-	if (context == (SHA256_CTX*)0) {
-		return;
-	}
-	bcopy(sha256_initial_hash_value, context->state, SHA256_DIGEST_LENGTH);
-	bzero(context->buffer, SHA256_BLOCK_LENGTH);
-	context->bitcount = 0;
-}
-
-#ifdef SHA2_UNROLL_TRANSFORM
-
-/* Unrolled SHA-256 round macros: */
-
-#if BYTE_ORDER == LITTLE_ENDIAN
-
-#define ROUND256_0_TO_15(a,b,c,d,e,f,g,h)	\
-	REVERSE32(*data++, W256[j]); \
-	T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \
-             K256[j] + W256[j]; \
-	(d) += T1; \
-	(h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
-	j++
-
-
-#else /* BYTE_ORDER == LITTLE_ENDIAN */
-
-#define ROUND256_0_TO_15(a,b,c,d,e,f,g,h)	\
-	T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \
-	     K256[j] + (W256[j] = *data++); \
-	(d) += T1; \
-	(h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
-	j++
-
-#endif /* BYTE_ORDER == LITTLE_ENDIAN */
-
-#define ROUND256(a,b,c,d,e,f,g,h)	\
-	s0 = W256[(j+1)&0x0f]; \
-	s0 = sigma0_256(s0); \
-	s1 = W256[(j+14)&0x0f]; \
-	s1 = sigma1_256(s1); \
-	T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + K256[j] + \
-	     (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); \
-	(d) += T1; \
-	(h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
-	j++
-
-void SHA256_Transform(SHA256_CTX* context, const sha2_word32* data) {
-	sha2_word32	a, b, c, d, e, f, g, h, s0, s1;
-	sha2_word32	T1, *W256;
-	int		j;
-
-	W256 = (sha2_word32*)context->buffer;
-
-	/* Initialize registers with the prev. intermediate value */
-	a = context->state[0];
-	b = context->state[1];
-	c = context->state[2];
-	d = context->state[3];
-	e = context->state[4];
-	f = context->state[5];
-	g = context->state[6];
-	h = context->state[7];
-
-	j = 0;
-	do {
-		/* Rounds 0 to 15 (unrolled): */
-		ROUND256_0_TO_15(a,b,c,d,e,f,g,h);
-		ROUND256_0_TO_15(h,a,b,c,d,e,f,g);
-		ROUND256_0_TO_15(g,h,a,b,c,d,e,f);
-		ROUND256_0_TO_15(f,g,h,a,b,c,d,e);
-		ROUND256_0_TO_15(e,f,g,h,a,b,c,d);
-		ROUND256_0_TO_15(d,e,f,g,h,a,b,c);
-		ROUND256_0_TO_15(c,d,e,f,g,h,a,b);
-		ROUND256_0_TO_15(b,c,d,e,f,g,h,a);
-	} while (j < 16);
-
-	/* Now for the remaining rounds to 64: */
-	do {
-		ROUND256(a,b,c,d,e,f,g,h);
-		ROUND256(h,a,b,c,d,e,f,g);
-		ROUND256(g,h,a,b,c,d,e,f);
-		ROUND256(f,g,h,a,b,c,d,e);
-		ROUND256(e,f,g,h,a,b,c,d);
-		ROUND256(d,e,f,g,h,a,b,c);
-		ROUND256(c,d,e,f,g,h,a,b);
-		ROUND256(b,c,d,e,f,g,h,a);
-	} while (j < 64);
-
-	/* Compute the current intermediate hash value */
-	context->state[0] += a;
-	context->state[1] += b;
-	context->state[2] += c;
-	context->state[3] += d;
-	context->state[4] += e;
-	context->state[5] += f;
-	context->state[6] += g;
-	context->state[7] += h;
-
-	/* Clean up */
-	a = b = c = d = e = f = g = h = T1 = 0;
-}
-
-#else /* SHA2_UNROLL_TRANSFORM */
-
-void SHA256_Transform(SHA256_CTX* context, const sha2_word32* data) {
-	sha2_word32	a, b, c, d, e, f, g, h, s0, s1;
-	sha2_word32	T1, T2, *W256;
-	int		j;
-
-	W256 = (sha2_word32*)context->buffer;
-
-	/* Initialize registers with the prev. intermediate value */
-	a = context->state[0];
-	b = context->state[1];
-	c = context->state[2];
-	d = context->state[3];
-	e = context->state[4];
-	f = context->state[5];
-	g = context->state[6];
-	h = context->state[7];
-
-	j = 0;
-	do {
-#if BYTE_ORDER == LITTLE_ENDIAN
-		/* Copy data while converting to host byte order */
-		REVERSE32(*data++,W256[j]);
-		/* Apply the SHA-256 compression function to update a..h */
-		T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + W256[j];
-#else /* BYTE_ORDER == LITTLE_ENDIAN */
-		/* Apply the SHA-256 compression function to update a..h with copy */
-		T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + (W256[j] = *data++);
-#endif /* BYTE_ORDER == LITTLE_ENDIAN */
-		T2 = Sigma0_256(a) + Maj(a, b, c);
-		h = g;
-		g = f;
-		f = e;
-		e = d + T1;
-		d = c;
-		c = b;
-		b = a;
-		a = T1 + T2;
-
-		j++;
-	} while (j < 16);
-
-	do {
-		/* Part of the message block expansion: */
-		s0 = W256[(j+1)&0x0f];
-		s0 = sigma0_256(s0);
-		s1 = W256[(j+14)&0x0f];	
-		s1 = sigma1_256(s1);
-
-		/* Apply the SHA-256 compression function to update a..h */
-		T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + 
-		     (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0);
-		T2 = Sigma0_256(a) + Maj(a, b, c);
-		h = g;
-		g = f;
-		f = e;
-		e = d + T1;
-		d = c;
-		c = b;
-		b = a;
-		a = T1 + T2;
-
-		j++;
-	} while (j < 64);
-
-	/* Compute the current intermediate hash value */
-	context->state[0] += a;
-	context->state[1] += b;
-	context->state[2] += c;
-	context->state[3] += d;
-	context->state[4] += e;
-	context->state[5] += f;
-	context->state[6] += g;
-	context->state[7] += h;
-
-	/* Clean up */
-	a = b = c = d = e = f = g = h = T1 = T2 = 0;
-}
-
-#endif /* SHA2_UNROLL_TRANSFORM */
-
-void SHA256_Update(SHA256_CTX* context, const sha2_byte *data, size_t len) {
-	unsigned int	freespace, usedspace;
-
-	if (len == 0) {
-		/* Calling with no data is valid - we do nothing */
-		return;
-	}
-
-	/* Sanity check: */
-	assert(context != (SHA256_CTX*)0 && data != (sha2_byte*)0);
-
-	usedspace = (context->bitcount >> 3) % SHA256_BLOCK_LENGTH;
-	if (usedspace > 0) {
-		/* Calculate how much free space is available in the buffer */
-		freespace = SHA256_BLOCK_LENGTH - usedspace;
-
-		if (len >= freespace) {
-			/* Fill the buffer completely and process it */
-			bcopy(data, &context->buffer[usedspace], freespace);
-			context->bitcount += freespace << 3;
-			len -= freespace;
-			data += freespace;
-			SHA256_Transform(context, (sha2_word32*)context->buffer);
-		} else {
-			/* The buffer is not yet full */
-			bcopy(data, &context->buffer[usedspace], len);
-			context->bitcount += len << 3;
-			/* Clean up: */
-			usedspace = freespace = 0;
-			return;
-		}
-	}
-	while (len >= SHA256_BLOCK_LENGTH) {
-		/* Process as many complete blocks as we can */
-		SHA256_Transform(context, (const sha2_word32*)data);
-		context->bitcount += SHA256_BLOCK_LENGTH << 3;
-		len -= SHA256_BLOCK_LENGTH;
-		data += SHA256_BLOCK_LENGTH;
-	}
-	if (len > 0) {
-		/* There's left-overs, so save 'em */
-		bcopy(data, context->buffer, len);
-		context->bitcount += len << 3;
-	}
-	/* Clean up: */
-	usedspace = freespace = 0;
-}
-
-void SHA256_Final(sha2_byte digest[], SHA256_CTX* context) {
-	sha2_word32	*d = (sha2_word32*)digest;
-	unsigned int	usedspace;
-
-	/* Sanity check: */
-	assert(context != (SHA256_CTX*)0);
-
-	/* If no digest buffer is passed, we don't bother doing this: */
-	if (digest != (sha2_byte*)0) {
-		usedspace = (context->bitcount >> 3) % SHA256_BLOCK_LENGTH;
-#if BYTE_ORDER == LITTLE_ENDIAN
-		/* Convert FROM host byte order */
-		REVERSE64(context->bitcount,context->bitcount);
-#endif
-		if (usedspace > 0) {
-			/* Begin padding with a 1 bit: */
-			context->buffer[usedspace++] = 0x80;
-
-			if (usedspace <= SHA256_SHORT_BLOCK_LENGTH) {
-				/* Set-up for the last transform: */
-				bzero(&context->buffer[usedspace], SHA256_SHORT_BLOCK_LENGTH - usedspace);
-			} else {
-				if (usedspace < SHA256_BLOCK_LENGTH) {
-					bzero(&context->buffer[usedspace], SHA256_BLOCK_LENGTH - usedspace);
-				}
-				/* Do second-to-last transform: */
-				SHA256_Transform(context, (sha2_word32*)context->buffer);
-
-				/* And set-up for the last transform: */
-				bzero(context->buffer, SHA256_SHORT_BLOCK_LENGTH);
-			}
-		} else {
-			/* Set-up for the last transform: */
-			bzero(context->buffer, SHA256_SHORT_BLOCK_LENGTH);
-
-			/* Begin padding with a 1 bit: */
-			*context->buffer = 0x80;
-		}
-		/* Set the bit count: */
-		*(sha2_word64*)&context->buffer[SHA256_SHORT_BLOCK_LENGTH] = context->bitcount;
-
-		/* Final transform: */
-		SHA256_Transform(context, (sha2_word32*)context->buffer);
-
-#if BYTE_ORDER == LITTLE_ENDIAN
-		{
-			/* Convert TO host byte order */
-			int	j;
-			for (j = 0; j < 8; j++) {
-				REVERSE32(context->state[j],context->state[j]);
-				*d++ = context->state[j];
-			}
-		}
-#else
-		bcopy(context->state, d, SHA256_DIGEST_LENGTH);
-#endif
-	}
-
-	/* Clean up state data: */
-	bzero(context, sizeof(*context));
-	usedspace = 0;
-}
-
-char *SHA256_End(SHA256_CTX* context, char buffer[]) {
-	sha2_byte	digest[SHA256_DIGEST_LENGTH], *d = digest;
-	int		i;
-
-	/* Sanity check: */
-	assert(context != (SHA256_CTX*)0);
-
-	if (buffer != (char*)0) {
-		SHA256_Final(digest, context);
-
-		for (i = 0; i < SHA256_DIGEST_LENGTH; i++) {
-			*buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
-			*buffer++ = sha2_hex_digits[*d & 0x0f];
-			d++;
-		}
-		*buffer = (char)0;
-	} else {
-		bzero(context, sizeof(*context));
-	}
-	bzero(digest, SHA256_DIGEST_LENGTH);
-	return buffer;
-}
-
-char* SHA256_Data(const sha2_byte* data, size_t len, char digest[SHA256_DIGEST_STRING_LENGTH]) {
-	SHA256_CTX	context;
-
-	SHA256_Init(&context);
-	SHA256_Update(&context, data, len);
-	return SHA256_End(&context, digest);
-}
-
-
-/*** SHA-512: *********************************************************/
-void SHA512_Init(SHA512_CTX* context) {
-	if (context == (SHA512_CTX*)0) {
-		return;
-	}
-	bcopy(sha512_initial_hash_value, context->state, SHA512_DIGEST_LENGTH);
-	bzero(context->buffer, SHA512_BLOCK_LENGTH);
-	context->bitcount[0] = context->bitcount[1] =  0;
-}
-
-#ifdef SHA2_UNROLL_TRANSFORM
-
-/* Unrolled SHA-512 round macros: */
-#if BYTE_ORDER == LITTLE_ENDIAN
-
-#define ROUND512_0_TO_15(a,b,c,d,e,f,g,h)	\
-	REVERSE64(*data++, W512[j]); \
-	T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \
-             K512[j] + W512[j]; \
-	(d) += T1, \
-	(h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)), \
-	j++
-
-
-#else /* BYTE_ORDER == LITTLE_ENDIAN */
-
-#define ROUND512_0_TO_15(a,b,c,d,e,f,g,h)	\
-	T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \
-             K512[j] + (W512[j] = *data++); \
-	(d) += T1; \
-	(h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \
-	j++
-
-#endif /* BYTE_ORDER == LITTLE_ENDIAN */
-
-#define ROUND512(a,b,c,d,e,f,g,h)	\
-	s0 = W512[(j+1)&0x0f]; \
-	s0 = sigma0_512(s0); \
-	s1 = W512[(j+14)&0x0f]; \
-	s1 = sigma1_512(s1); \
-	T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + K512[j] + \
-             (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); \
-	(d) += T1; \
-	(h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \
-	j++
-
-void SHA512_Transform(SHA512_CTX* context, const sha2_word64* data) {
-	sha2_word64	a, b, c, d, e, f, g, h, s0, s1;
-	sha2_word64	T1, *W512 = (sha2_word64*)context->buffer;
-	int		j;
-
-	/* Initialize registers with the prev. intermediate value */
-	a = context->state[0];
-	b = context->state[1];
-	c = context->state[2];
-	d = context->state[3];
-	e = context->state[4];
-	f = context->state[5];
-	g = context->state[6];
-	h = context->state[7];
-
-	j = 0;
-	do {
-		ROUND512_0_TO_15(a,b,c,d,e,f,g,h);
-		ROUND512_0_TO_15(h,a,b,c,d,e,f,g);
-		ROUND512_0_TO_15(g,h,a,b,c,d,e,f);
-		ROUND512_0_TO_15(f,g,h,a,b,c,d,e);
-		ROUND512_0_TO_15(e,f,g,h,a,b,c,d);
-		ROUND512_0_TO_15(d,e,f,g,h,a,b,c);
-		ROUND512_0_TO_15(c,d,e,f,g,h,a,b);
-		ROUND512_0_TO_15(b,c,d,e,f,g,h,a);
-	} while (j < 16);
-
-	/* Now for the remaining rounds up to 79: */
-	do {
-		ROUND512(a,b,c,d,e,f,g,h);
-		ROUND512(h,a,b,c,d,e,f,g);
-		ROUND512(g,h,a,b,c,d,e,f);
-		ROUND512(f,g,h,a,b,c,d,e);
-		ROUND512(e,f,g,h,a,b,c,d);
-		ROUND512(d,e,f,g,h,a,b,c);
-		ROUND512(c,d,e,f,g,h,a,b);
-		ROUND512(b,c,d,e,f,g,h,a);
-	} while (j < 80);
-
-	/* Compute the current intermediate hash value */
-	context->state[0] += a;
-	context->state[1] += b;
-	context->state[2] += c;
-	context->state[3] += d;
-	context->state[4] += e;
-	context->state[5] += f;
-	context->state[6] += g;
-	context->state[7] += h;
-
-	/* Clean up */
-	a = b = c = d = e = f = g = h = T1 = 0;
-}
-
-#else /* SHA2_UNROLL_TRANSFORM */
-
-void SHA512_Transform(SHA512_CTX* context, const sha2_word64* data) {
-	sha2_word64	a, b, c, d, e, f, g, h, s0, s1;
-	sha2_word64	T1, T2, *W512 = (sha2_word64*)context->buffer;
-	int		j;
-
-	/* Initialize registers with the prev. intermediate value */
-	a = context->state[0];
-	b = context->state[1];
-	c = context->state[2];
-	d = context->state[3];
-	e = context->state[4];
-	f = context->state[5];
-	g = context->state[6];
-	h = context->state[7];
-
-	j = 0;
-	do {
-#if BYTE_ORDER == LITTLE_ENDIAN
-		/* Convert TO host byte order */
-		REVERSE64(*data++, W512[j]);
-		/* Apply the SHA-512 compression function to update a..h */
-		T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + W512[j];
-#else /* BYTE_ORDER == LITTLE_ENDIAN */
-		/* Apply the SHA-512 compression function to update a..h with copy */
-		T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + (W512[j] = *data++);
-#endif /* BYTE_ORDER == LITTLE_ENDIAN */
-		T2 = Sigma0_512(a) + Maj(a, b, c);
-		h = g;
-		g = f;
-		f = e;
-		e = d + T1;
-		d = c;
-		c = b;
-		b = a;
-		a = T1 + T2;
-
-		j++;
-	} while (j < 16);
-
-	do {
-		/* Part of the message block expansion: */
-		s0 = W512[(j+1)&0x0f];
-		s0 = sigma0_512(s0);
-		s1 = W512[(j+14)&0x0f];
-		s1 =  sigma1_512(s1);
-
-		/* Apply the SHA-512 compression function to update a..h */
-		T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] +
-		     (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0);
-		T2 = Sigma0_512(a) + Maj(a, b, c);
-		h = g;
-		g = f;
-		f = e;
-		e = d + T1;
-		d = c;
-		c = b;
-		b = a;
-		a = T1 + T2;
-
-		j++;
-	} while (j < 80);
-
-	/* Compute the current intermediate hash value */
-	context->state[0] += a;
-	context->state[1] += b;
-	context->state[2] += c;
-	context->state[3] += d;
-	context->state[4] += e;
-	context->state[5] += f;
-	context->state[6] += g;
-	context->state[7] += h;
-
-	/* Clean up */
-	a = b = c = d = e = f = g = h = T1 = T2 = 0;
-}
-
-#endif /* SHA2_UNROLL_TRANSFORM */
-
-void SHA512_Update(SHA512_CTX* context, const sha2_byte *data, size_t len) {
-	unsigned int	freespace, usedspace;
-
-	if (len == 0) {
-		/* Calling with no data is valid - we do nothing */
-		return;
-	}
-
-	/* Sanity check: */
-	assert(context != (SHA512_CTX*)0 && data != (sha2_byte*)0);
-
-	usedspace = (context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH;
-	if (usedspace > 0) {
-		/* Calculate how much free space is available in the buffer */
-		freespace = SHA512_BLOCK_LENGTH - usedspace;
-
-		if (len >= freespace) {
-			/* Fill the buffer completely and process it */
-			bcopy(data, &context->buffer[usedspace], freespace);
-			ADDINC128(context->bitcount, freespace << 3);
-			len -= freespace;
-			data += freespace;
-			SHA512_Transform(context, (sha2_word64*)context->buffer);
-		} else {
-			/* The buffer is not yet full */
-			bcopy(data, &context->buffer[usedspace], len);
-			ADDINC128(context->bitcount, len << 3);
-			/* Clean up: */
-			usedspace = freespace = 0;
-			return;
-		}
-	}
-	while (len >= SHA512_BLOCK_LENGTH) {
-		/* Process as many complete blocks as we can */
-		SHA512_Transform(context, (const sha2_word64*)data);
-		ADDINC128(context->bitcount, SHA512_BLOCK_LENGTH << 3);
-		len -= SHA512_BLOCK_LENGTH;
-		data += SHA512_BLOCK_LENGTH;
-	}
-	if (len > 0) {
-		/* There's left-overs, so save 'em */
-		bcopy(data, context->buffer, len);
-		ADDINC128(context->bitcount, len << 3);
-	}
-	/* Clean up: */
-	usedspace = freespace = 0;
-}
-
-void SHA512_Last(SHA512_CTX* context) {
-	unsigned int	usedspace;
-
-	usedspace = (context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH;
-#if BYTE_ORDER == LITTLE_ENDIAN
-	/* Convert FROM host byte order */
-	REVERSE64(context->bitcount[0],context->bitcount[0]);
-	REVERSE64(context->bitcount[1],context->bitcount[1]);
-#endif
-	if (usedspace > 0) {
-		/* Begin padding with a 1 bit: */
-		context->buffer[usedspace++] = 0x80;
-
-		if (usedspace <= SHA512_SHORT_BLOCK_LENGTH) {
-			/* Set-up for the last transform: */
-			bzero(&context->buffer[usedspace], SHA512_SHORT_BLOCK_LENGTH - usedspace);
-		} else {
-			if (usedspace < SHA512_BLOCK_LENGTH) {
-				bzero(&context->buffer[usedspace], SHA512_BLOCK_LENGTH - usedspace);
-			}
-			/* Do second-to-last transform: */
-			SHA512_Transform(context, (sha2_word64*)context->buffer);
-
-			/* And set-up for the last transform: */
-			bzero(context->buffer, SHA512_BLOCK_LENGTH - 2);
-		}
-	} else {
-		/* Prepare for final transform: */
-		bzero(context->buffer, SHA512_SHORT_BLOCK_LENGTH);
-
-		/* Begin padding with a 1 bit: */
-		*context->buffer = 0x80;
-	}
-	/* Store the length of input data (in bits): */
-	*(sha2_word64*)&context->buffer[SHA512_SHORT_BLOCK_LENGTH] = context->bitcount[1];
-	*(sha2_word64*)&context->buffer[SHA512_SHORT_BLOCK_LENGTH+8] = context->bitcount[0];
-
-	/* Final transform: */
-	SHA512_Transform(context, (sha2_word64*)context->buffer);
-}
-
-void SHA512_Final(sha2_byte digest[], SHA512_CTX* context) {
-	sha2_word64	*d = (sha2_word64*)digest;
-
-	/* Sanity check: */
-	assert(context != (SHA512_CTX*)0);
-
-	/* If no digest buffer is passed, we don't bother doing this: */
-	if (digest != (sha2_byte*)0) {
-		SHA512_Last(context);
-
-		/* Save the hash data for output: */
-#if BYTE_ORDER == LITTLE_ENDIAN
-		{
-			/* Convert TO host byte order */
-			int	j;
-			for (j = 0; j < 8; j++) {
-				REVERSE64(context->state[j],context->state[j]);
-				*d++ = context->state[j];
-			}
-		}
-#else
-		bcopy(context->state, d, SHA512_DIGEST_LENGTH);
-#endif
-	}
-
-	/* Zero out state data */
-	bzero(context, sizeof(*context));
-}
-
-char *SHA512_End(SHA512_CTX* context, char buffer[]) {
-	sha2_byte	digest[SHA512_DIGEST_LENGTH], *d = digest;
-	int		i;
-
-	/* Sanity check: */
-	assert(context != (SHA512_CTX*)0);
-
-	if (buffer != (char*)0) {
-		SHA512_Final(digest, context);
-
-		for (i = 0; i < SHA512_DIGEST_LENGTH; i++) {
-			*buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
-			*buffer++ = sha2_hex_digits[*d & 0x0f];
-			d++;
-		}
-		*buffer = (char)0;
-	} else {
-		bzero(context, sizeof(*context));
-	}
-	bzero(digest, SHA512_DIGEST_LENGTH);
-	return buffer;
-}
-
-char* SHA512_Data(const sha2_byte* data, size_t len, char digest[SHA512_DIGEST_STRING_LENGTH]) {
-	SHA512_CTX	context;
-
-	SHA512_Init(&context);
-	SHA512_Update(&context, data, len);
-	return SHA512_End(&context, digest);
-}
-
-/*** SHA-384: *********************************************************/
-void SHA384_Init(SHA384_CTX* context) {
-	if (context == (SHA384_CTX*)0) {
-		return;
-	}
-	bcopy(sha384_initial_hash_value, context->state, SHA512_DIGEST_LENGTH);
-	bzero(context->buffer, SHA384_BLOCK_LENGTH);
-	context->bitcount[0] = context->bitcount[1] = 0;
-}
-
-void SHA384_Update(SHA384_CTX* context, const sha2_byte* data, size_t len) {
-	SHA512_Update((SHA512_CTX*)context, data, len);
-}
-
-void SHA384_Final(sha2_byte digest[], SHA384_CTX* context) {
-	sha2_word64	*d = (sha2_word64*)digest;
-
-	/* Sanity check: */
-	assert(context != (SHA384_CTX*)0);
-
-	/* If no digest buffer is passed, we don't bother doing this: */
-	if (digest != (sha2_byte*)0) {
-		SHA512_Last((SHA512_CTX*)context);
-
-		/* Save the hash data for output: */
-#if BYTE_ORDER == LITTLE_ENDIAN
-		{
-			/* Convert TO host byte order */
-			int	j;
-			for (j = 0; j < 6; j++) {
-				REVERSE64(context->state[j],context->state[j]);
-				*d++ = context->state[j];
-			}
-		}
-#else
-		bcopy(context->state, d, SHA384_DIGEST_LENGTH);
-#endif
-	}
-
-	/* Zero out state data */
-	bzero(context, sizeof(*context));
-}
-
-char *SHA384_End(SHA384_CTX* context, char buffer[]) {
-	sha2_byte	digest[SHA384_DIGEST_LENGTH], *d = digest;
-	int		i;
-
-	/* Sanity check: */
-	assert(context != (SHA384_CTX*)0);
-
-	if (buffer != (char*)0) {
-		SHA384_Final(digest, context);
-
-		for (i = 0; i < SHA384_DIGEST_LENGTH; i++) {
-			*buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
-			*buffer++ = sha2_hex_digits[*d & 0x0f];
-			d++;
-		}
-		*buffer = (char)0;
-	} else {
-		bzero(context, sizeof(*context));
-	}
-	bzero(digest, SHA384_DIGEST_LENGTH);
-	return buffer;
-}
-
-char* SHA384_Data(const sha2_byte* data, size_t len, char digest[SHA384_DIGEST_STRING_LENGTH]) {
-	SHA384_CTX	context;
-
-	SHA384_Init(&context);
-	SHA384_Update(&context, data, len);
-	return SHA384_End(&context, digest);
-}
-
-#endif /* __rtems__ */
-
-/*glue*/
-#ifdef HAVE_EVP_097
-
-/* SHA256 */
-#define data(ctx) ((SHA256_CTX *)(ctx)->md_data)
-static int sha256_init(EVP_MD_CTX *ctx)
-{
-  SHA256_Init(data(ctx));
-  return 1;
-}
-static int sha256_update(EVP_MD_CTX *ctx, const void *data, unsigned long count)
-{
-  SHA256_Update(data(ctx), data, count);
-  return 1;
-}
-static int sha256_final(EVP_MD_CTX *ctx, unsigned char *md)
-{
-  SHA256_Final(md, data(ctx));
-  return 1;
-}
-#undef data
-
-/* SHA384 */
-#define data(ctx) ((SHA384_CTX *)(ctx)->md_data)
-static int sha384_init(EVP_MD_CTX *ctx)
-{
-  SHA384_Init(data(ctx));
-  return 1;
-}
-static int sha384_update(EVP_MD_CTX *ctx, const void *data, unsigned long count)
-{
-  SHA384_Update(data(ctx), data, count);
-  return 1;
-}
-static int sha384_final(EVP_MD_CTX *ctx, unsigned char *md)
-{
-  SHA384_Final(md, data(ctx));
-  return 1;
-}
-#undef data
-
-/* SHA512 */
-#define data(ctx) ((SHA512_CTX *)(ctx)->md_data)
-static int sha512_init(EVP_MD_CTX *ctx)
-{
-  SHA512_Init(data(ctx));
-  return 1;
-}
-static int sha512_update(EVP_MD_CTX *ctx, const void *data, unsigned long count)
-{
-  SHA512_Update(data(ctx), data, count);
-  return 1;
-}
-static int sha512_final(EVP_MD_CTX *ctx, unsigned char *md)
-{
-  SHA512_Final(md, data(ctx));
-  return 1;
-}
-#undef data
-#endif
-
-static struct env_md_st sha2_256_md = {
-	0, /*NID_sha1*/
-	0, /*NID_sha1WithRSAEncryption*/
-	SHA256_DIGEST_LENGTH,
-#ifdef HAVE_EVP_097
-	0,			/* flags */
-	sha256_init,
-	sha256_update,
-	sha256_final,
-	NULL,			/* copy */
-	NULL,			/* cleanup */
-#else
-	SHA256_Init,
-	SHA256_Update,
-	SHA256_Final,
-#endif
-	NULL, NULL, {0, 0, 0, 0},
-	SHA256_BLOCK_LENGTH,
-	sizeof(struct env_md_st *) + sizeof(SHA256_CTX),
-};
-
-struct env_md_st *EVP_sha2_256(void)
-{
-	return(&sha2_256_md);
-}
-
-static struct env_md_st sha2_384_md = {
-	0, /*NID_sha1*/
-	0, /*NID_sha1WithRSAEncryption*/
-	SHA384_DIGEST_LENGTH,
-#ifdef HAVE_EVP_097
-	0,			/* flags */
-	sha384_init,
-	sha384_update,
-	sha384_final,
-	NULL,			/* copy */
-	NULL,			/* cleanup */
-#else
-	SHA384_Init,
-	SHA384_Update,
-	SHA384_Final,
-#endif
-	NULL, NULL, {0, 0, 0, 0},
-	SHA384_BLOCK_LENGTH,
-	sizeof(struct env_md_st *) + sizeof(SHA384_CTX),
-};
-
-struct env_md_st *EVP_sha2_384(void)
-{
-	return(&sha2_384_md);
-}
-
-static struct env_md_st sha2_512_md = {
-	0, /*NID_sha1*/
-	0, /*NID_sha1WithRSAEncryption*/
-	SHA512_DIGEST_LENGTH,
-#ifdef HAVE_EVP_097
-	0,			/* flags */
-	sha512_init,
-	sha512_update,
-	sha512_final,
-	NULL,			/* copy */
-	NULL,			/* cleanup */
-#else
-	SHA512_Init,
-	SHA512_Update,
-	SHA512_Final,
-#endif
-	NULL, NULL, {0, 0, 0, 0}, /*EVP_PKEY_RSA_method*/
-	SHA512_BLOCK_LENGTH,
-	sizeof(struct env_md_st *) + sizeof(SHA512_CTX),
-};
-
-struct env_md_st *EVP_sha2_512(void)
-{
-	return(&sha2_512_md);
-}
-
-#ifdef __rtems__
-#include "../../../rtems-bsd-racoon-main-data.h"
-#endif /* __rtems__ */
diff --git a/ipsec-tools/src/racoon/prsa_par_wrapper.c b/ipsec-tools/src/racoon/prsa_par_wrapper.c
index 321fe36e..cdb88609 100644
--- a/ipsec-tools/src/racoon/prsa_par_wrapper.c
+++ b/ipsec-tools/src/racoon/prsa_par_wrapper.c
@@ -1,5 +1,7 @@
 #include <machine/rtems-bsd-user-space.h>
 #include <machine/rtems-bsd-program.h>
 #include "rtems-bsd-racoon-namespace.h"
+#include <openssl/rsa.h>
+#include <crypto/rsa/rsa_locl.h>
 #include "prsa_par.c"
 #include "rtems-bsd-racoon-prsa_par_wrapper-data.h"
diff --git a/ipsec-tools/src/racoon/rsalist.c b/ipsec-tools/src/racoon/rsalist.c
index 703b6587..db4cf136 100644
--- a/ipsec-tools/src/racoon/rsalist.c
+++ b/ipsec-tools/src/racoon/rsalist.c
@@ -50,6 +50,9 @@
 
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
+#ifdef __rtems__
+#include <crypto/rsa/rsa_locl.h>
+#endif /* __rtems__ */
 
 #include "misc.h"
 #include "plog.h"
diff --git a/ipsec-tools/src/racoon/rtems-bsd-racoon-algorithm-data.h b/ipsec-tools/src/racoon/rtems-bsd-racoon-algorithm-data.h
index 5c3d43e2..f6e4ab5d 100644
--- a/ipsec-tools/src/racoon/rtems-bsd-racoon-algorithm-data.h
+++ b/ipsec-tools/src/racoon/rtems-bsd-racoon-algorithm-data.h
@@ -2,11 +2,11 @@
 #include <rtems/linkersets.h>
 #include "rtems-bsd-racoon-data.h"
 /* algorithm.c */
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct hash_algorithm oakley_hashdef[]);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct hmac_algorithm oakley_hmacdef[]);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct enc_algorithm oakley_encdef[]);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct dh_algorithm oakley_dhdef[]);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct enc_algorithm ipsec_encdef[]);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct enc_algorithm oakley_encdef[]);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct hash_algorithm oakley_hashdef[]);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct hmac_algorithm ipsec_hmacdef[]);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct hmac_algorithm oakley_hmacdef[]);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct misc_algorithm ipsec_compdef[]);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct misc_algorithm oakley_authdef[]);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct dh_algorithm oakley_dhdef[]);
diff --git a/ipsec-tools/src/racoon/rtems-bsd-racoon-cfparse_wrapper-data.h b/ipsec-tools/src/racoon/rtems-bsd-racoon-cfparse_wrapper-data.h
index b5a5e554..1ac7ec1b 100644
--- a/ipsec-tools/src/racoon/rtems-bsd-racoon-cfparse_wrapper-data.h
+++ b/ipsec-tools/src/racoon/rtems-bsd-racoon-cfparse_wrapper-data.h
@@ -2,10 +2,10 @@
 #include <rtems/linkersets.h>
 #include "rtems-bsd-racoon-data.h"
 /* cfparse_wrapper.c */
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static YYSTACKDATA yystack);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static int cur_algclass);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static int num2dhgroup[]);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct remoteconf *cur_rmconf);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static int oldloglevel);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static int tmpalgtype[]);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct remoteconf *cur_rmconf);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct sainfo *cur_sainfo);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static int cur_algclass);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static int oldloglevel);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static YYSTACKDATA yystack);
diff --git a/ipsec-tools/src/racoon/rtems-bsd-racoon-cftoken_wrapper-data.h b/ipsec-tools/src/racoon/rtems-bsd-racoon-cftoken_wrapper-data.h
index 42c6d646..b1a1c1b7 100644
--- a/ipsec-tools/src/racoon/rtems-bsd-racoon-cftoken_wrapper-data.h
+++ b/ipsec-tools/src/racoon/rtems-bsd-racoon-cftoken_wrapper-data.h
@@ -2,20 +2,20 @@
 #include <rtems/linkersets.h>
 #include "rtems-bsd-racoon-data.h"
 /* cftoken_wrapper.c */
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static size_t yy_buffer_stack_top);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static size_t yy_buffer_stack_max);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static YY_BUFFER_STATE *yy_buffer_stack);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static char yy_hold_char);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static yy_size_t yy_n_chars);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, extern yy_size_t racoonyyleng);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static YY_BUFFER_STATE *yy_buffer_stack);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static char *yy_c_buf_p);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static int yy_init);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static int yy_start);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static int yy_did_buffer_switch_on_eof);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static yy_state_type yy_last_accepting_state);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static char *yy_last_accepting_cpos);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static char yy_hold_char);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static int incstackp);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static int yy_did_buffer_switch_on_eof);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static int yy_first_time);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static int yy_init);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static int yy_more_flag);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static int yy_more_len);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static int yy_start);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static size_t yy_buffer_stack_max);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static size_t yy_buffer_stack_top);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct include_stack incstack[]);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static int incstackp);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static int yy_first_time);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static yy_size_t yy_n_chars);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static yy_state_type yy_last_accepting_state);
diff --git a/ipsec-tools/src/racoon/rtems-bsd-racoon-data.h b/ipsec-tools/src/racoon/rtems-bsd-racoon-data.h
index 3aaf0b3f..7f1e9247 100644
--- a/ipsec-tools/src/racoon/rtems-bsd-racoon-data.h
+++ b/ipsec-tools/src/racoon/rtems-bsd-racoon-data.h
@@ -4,16 +4,16 @@
 /* algorithm.c */
 /* backupsa.c */
 /* cfparse_wrapper.c */
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, extern int racoonyychar);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, extern int racoonyydebug);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, extern int racoonyynerrs);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, extern int racoonyyerrflag);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, extern int racoonyychar);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, extern int racoonyynerrs);
 /* cftoken_wrapper.c */
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, extern FILE *racoonyyin);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, extern FILE *racoonyyout);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, extern int racoonyylineno);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, extern int racoonyy_flex_debug);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, extern char *racoonyytext);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, extern int racoonyy_flex_debug);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, extern int racoonyylineno);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, extern int yyerrorcount);
 /* crypto_openssl.c */
 /* dnssec.c */
@@ -41,41 +41,40 @@ RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, extern int dump_config);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, extern int f_local);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, extern int vflag);
 /* misc.c */
-/* sha2.c */
 /* nattraversal.c */
 /* oakley.c */
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, extern struct dhgroup dh_modp768);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, extern struct dhgroup dh_modp1024);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, extern struct dhgroup dh_modp1536);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, extern struct dhgroup dh_modp2048);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, extern struct dhgroup dh_modp3072);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, extern struct dhgroup dh_modp4096);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, extern struct dhgroup dh_modp6144);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, extern struct dhgroup dh_modp768);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, extern struct dhgroup dh_modp8192);
 /* pfkey.c */
 /* plog.c */
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, extern char *pname);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, extern u_int32_t loglevel);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, extern int f_foreground);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, extern int print_location);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, extern u_int32_t loglevel);
 /* policy.c */
 /* privsep.c */
 /* proposal.c */
 /* prsa_par_wrapper.c */
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, extern int prsa_cur_lineno);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, extern char *prsa_cur_fname);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, extern struct genlist *prsa_cur_list);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, extern enum rsa_key_type prsa_cur_type);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, extern int prsa_cur_lineno);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, extern int racoonprsachar);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, extern int racoonprsadebug);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, extern int racoonprsanerrs);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, extern int racoonprsaerrflag);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, extern int racoonprsachar);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, extern int racoonprsanerrs);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, extern struct genlist *prsa_cur_list);
 /* prsa_tok_wrapper.c */
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, extern FILE *racoonprsain);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, extern FILE *racoonprsaout);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, extern int racoonprsalineno);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, extern int racoonprsa_flex_debug);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, extern char *racoonprsatext);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, extern int racoonprsa_flex_debug);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, extern int racoonprsalineno);
 /* remoteconf.c */
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, extern char *script_names[]);
 /* rsalist.c */
diff --git a/ipsec-tools/src/racoon/rtems-bsd-racoon-handler-data.h b/ipsec-tools/src/racoon/rtems-bsd-racoon-handler-data.h
index c9a2c87f..b92b41e6 100644
--- a/ipsec-tools/src/racoon/rtems-bsd-racoon-handler-data.h
+++ b/ipsec-tools/src/racoon/rtems-bsd-racoon-handler-data.h
@@ -2,8 +2,8 @@
 #include <rtems/linkersets.h>
 #include "rtems-bsd-racoon-data.h"
 /* handler.c */
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct _ctdtree_ ctdtree);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct _ph1tree_ ph1tree);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct _ph2tree_ ph2tree);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct _ctdtree_ ctdtree);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct _rcptree_ rcptree);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct sched sc_sweep);
diff --git a/ipsec-tools/src/racoon/rtems-bsd-racoon-ipsec_doi-data.h b/ipsec-tools/src/racoon/rtems-bsd-racoon-ipsec_doi-data.h
index a3bf167d..bd20cabc 100644
--- a/ipsec-tools/src/racoon/rtems-bsd-racoon-ipsec_doi-data.h
+++ b/ipsec-tools/src/racoon/rtems-bsd-racoon-ipsec_doi-data.h
@@ -2,7 +2,7 @@
 #include <rtems/linkersets.h>
 #include "rtems-bsd-racoon-data.h"
 /* ipsec_doi.c */
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static int (*check_attributes[])(struct isakmp_pl_t *));
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static int (*check_protocol[])(int ));
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static int (*check_transform[])(int ));
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static int (*check_attributes[])(struct isakmp_pl_t *));
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static int rm_idtype2doi[]);
diff --git a/ipsec-tools/src/racoon/rtems-bsd-racoon-localconf-data.h b/ipsec-tools/src/racoon/rtems-bsd-racoon-localconf-data.h
index 224c3f85..0d482845 100644
--- a/ipsec-tools/src/racoon/rtems-bsd-racoon-localconf-data.h
+++ b/ipsec-tools/src/racoon/rtems-bsd-racoon-localconf-data.h
@@ -2,5 +2,5 @@
 #include <rtems/linkersets.h>
 #include "rtems-bsd-racoon-data.h"
 /* localconf.c */
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static int lc_sittype2doi[]);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static int lc_doitype2doi[]);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static int lc_sittype2doi[]);
diff --git a/ipsec-tools/src/racoon/rtems-bsd-racoon-main-data.h b/ipsec-tools/src/racoon/rtems-bsd-racoon-main-data.h
index a6d31dbf..8fe145ef 100644
--- a/ipsec-tools/src/racoon/rtems-bsd-racoon-main-data.h
+++ b/ipsec-tools/src/racoon/rtems-bsd-racoon-main-data.h
@@ -2,5 +2,5 @@
 #include <rtems/linkersets.h>
 #include "rtems-bsd-racoon-data.h"
 /* main.c */
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static int loading_sa);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static char version[]);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static int loading_sa);
diff --git a/ipsec-tools/src/racoon/rtems-bsd-racoon-namespace.h b/ipsec-tools/src/racoon/rtems-bsd-racoon-namespace.h
index 521f9497..63c009c6 100644
--- a/ipsec-tools/src/racoon/rtems-bsd-racoon-namespace.h
+++ b/ipsec-tools/src/racoon/rtems-bsd-racoon-namespace.h
@@ -1,763 +1,759 @@
 /* generated by userspace-header-gen.py */
 /* admin.c */
 /* algorithm.c */
-#define algclass2doi _bsd_racoon_algclass2doi
-#define algtype2doi _bsd_racoon_algtype2doi
-#define check_keylen _bsd_racoon_check_keylen
-#define default_keylen _bsd_racoon_default_keylen
-#define alg_oakley_authdef_name _bsd_racoon_alg_oakley_authdef_name
+#define alg_ipsec_compdef_doi _bsd_racoon_alg_ipsec_compdef_doi
+#define alg_ipsec_encdef_doi _bsd_racoon_alg_ipsec_encdef_doi
+#define alg_ipsec_encdef_keylen _bsd_racoon_alg_ipsec_encdef_keylen
+#define alg_ipsec_hmacdef_doi _bsd_racoon_alg_ipsec_hmacdef_doi
+#define alg_ipsec_hmacdef_hashlen _bsd_racoon_alg_ipsec_hmacdef_hashlen
 #define alg_oakley_authdef_doi _bsd_racoon_alg_oakley_authdef_doi
-#define alg_oakley_dhdef_name _bsd_racoon_alg_oakley_dhdef_name
-#define alg_oakley_dhdef_group _bsd_racoon_alg_oakley_dhdef_group
+#define alg_oakley_authdef_name _bsd_racoon_alg_oakley_authdef_name
 #define alg_oakley_dhdef_doi _bsd_racoon_alg_oakley_dhdef_doi
+#define alg_oakley_dhdef_group _bsd_racoon_alg_oakley_dhdef_group
+#define alg_oakley_dhdef_name _bsd_racoon_alg_oakley_dhdef_name
 #define alg_oakley_dhdef_ok _bsd_racoon_alg_oakley_dhdef_ok
-#define alg_ipsec_compdef_doi _bsd_racoon_alg_ipsec_compdef_doi
-#define alg_ipsec_hmacdef_hashlen _bsd_racoon_alg_ipsec_hmacdef_hashlen
-#define alg_ipsec_hmacdef_doi _bsd_racoon_alg_ipsec_hmacdef_doi
-#define alg_ipsec_encdef_keylen _bsd_racoon_alg_ipsec_encdef_keylen
-#define alg_ipsec_encdef_doi _bsd_racoon_alg_ipsec_encdef_doi
-#define alg_oakley_encdef_encrypt _bsd_racoon_alg_oakley_encdef_encrypt
-#define alg_oakley_encdef_decrypt _bsd_racoon_alg_oakley_encdef_decrypt
-#define alg_oakley_encdef_name _bsd_racoon_alg_oakley_encdef_name
 #define alg_oakley_encdef_blocklen _bsd_racoon_alg_oakley_encdef_blocklen
-#define alg_oakley_encdef_keylen _bsd_racoon_alg_oakley_encdef_keylen
+#define alg_oakley_encdef_decrypt _bsd_racoon_alg_oakley_encdef_decrypt
 #define alg_oakley_encdef_doi _bsd_racoon_alg_oakley_encdef_doi
+#define alg_oakley_encdef_encrypt _bsd_racoon_alg_oakley_encdef_encrypt
+#define alg_oakley_encdef_keylen _bsd_racoon_alg_oakley_encdef_keylen
+#define alg_oakley_encdef_name _bsd_racoon_alg_oakley_encdef_name
 #define alg_oakley_encdef_ok _bsd_racoon_alg_oakley_encdef_ok
-#define alg_oakley_hmacdef_one _bsd_racoon_alg_oakley_hmacdef_one
-#define alg_oakley_hmacdef_doi _bsd_racoon_alg_oakley_hmacdef_doi
-#define alg_oakley_hashdef_one _bsd_racoon_alg_oakley_hashdef_one
-#define alg_oakley_hashdef_name _bsd_racoon_alg_oakley_hashdef_name
-#define alg_oakley_hashdef_hashlen _bsd_racoon_alg_oakley_hashdef_hashlen
 #define alg_oakley_hashdef_doi _bsd_racoon_alg_oakley_hashdef_doi
+#define alg_oakley_hashdef_hashlen _bsd_racoon_alg_oakley_hashdef_hashlen
+#define alg_oakley_hashdef_name _bsd_racoon_alg_oakley_hashdef_name
 #define alg_oakley_hashdef_ok _bsd_racoon_alg_oakley_hashdef_ok
+#define alg_oakley_hashdef_one _bsd_racoon_alg_oakley_hashdef_one
+#define alg_oakley_hmacdef_doi _bsd_racoon_alg_oakley_hmacdef_doi
+#define alg_oakley_hmacdef_one _bsd_racoon_alg_oakley_hmacdef_one
+#define algclass2doi _bsd_racoon_algclass2doi
+#define algtype2doi _bsd_racoon_algtype2doi
+#define check_keylen _bsd_racoon_check_keylen
+#define default_keylen _bsd_racoon_default_keylen
 /* backupsa.c */
 #define backupsa_clean _bsd_racoon_backupsa_clean
 #define backupsa_from_file _bsd_racoon_backupsa_from_file
 #define backupsa_to_file _bsd_racoon_backupsa_to_file
 /* cfparse_wrapper.c */
+#define cfparse _bsd_racoon_cfparse
+#define cfreparse _bsd_racoon_cfreparse
+#define dupspspec_list _bsd_racoon_dupspspec_list
+#define flushspspec _bsd_racoon_flushspspec
+#define racoonyychar _bsd_racoon_racoonyychar
 #define racoonyydebug _bsd_racoon_racoonyydebug
-#define racoonyynerrs _bsd_racoon_racoonyynerrs
 #define racoonyyerrflag _bsd_racoon_racoonyyerrflag
-#define racoonyychar _bsd_racoon_racoonyychar
-#define racoonyyval _bsd_racoon_racoonyyval
 #define racoonyylval _bsd_racoon_racoonyylval
+#define racoonyynerrs _bsd_racoon_racoonyynerrs
 #define racoonyyparse _bsd_racoon_racoonyyparse
-#define cfreparse _bsd_racoon_cfreparse
-#define cfparse _bsd_racoon_cfparse
-#define flushspspec _bsd_racoon_flushspspec
-#define dupspspec_list _bsd_racoon_dupspspec_list
+#define racoonyyval _bsd_racoon_racoonyyval
 /* cftoken_wrapper.c */
-#define racoonyyleng _bsd_racoon_racoonyyleng
-#define racoonyyin _bsd_racoon_racoonyyin
-#define racoonyyout _bsd_racoon_racoonyyout
-#define racoonyylineno _bsd_racoon_racoonyylineno
+#define racoonyy_create_buffer _bsd_racoon_racoonyy_create_buffer
+#define racoonyy_delete_buffer _bsd_racoon_racoonyy_delete_buffer
 #define racoonyy_flex_debug _bsd_racoon_racoonyy_flex_debug
-#define racoonyytext _bsd_racoon_racoonyytext
-#define yyerrorcount _bsd_racoon_yyerrorcount
-#define yycf_clean_buffer _bsd_racoon_yycf_clean_buffer
-#define yycf_init_buffer _bsd_racoon_yycf_init_buffer
-#define yycf_set_buffer _bsd_racoon_yycf_set_buffer
-#define yycf_switch_buffer _bsd_racoon_yycf_switch_buffer
-#define yywarn _bsd_racoon_yywarn
+#define racoonyy_flush_buffer _bsd_racoon_racoonyy_flush_buffer
+#define racoonyy_scan_buffer _bsd_racoon_racoonyy_scan_buffer
+#define racoonyy_scan_bytes _bsd_racoon_racoonyy_scan_bytes
+#define racoonyy_scan_string _bsd_racoon_racoonyy_scan_string
+#define racoonyy_switch_to_buffer _bsd_racoon_racoonyy_switch_to_buffer
+#define racoonyyalloc _bsd_racoon_racoonyyalloc
 #define racoonyyerror _bsd_racoon_racoonyyerror
 #define racoonyyfree _bsd_racoon_racoonyyfree
-#define racoonyyrealloc _bsd_racoon_racoonyyrealloc
-#define racoonyyalloc _bsd_racoon_racoonyyalloc
-#define racoonyylex_destroy _bsd_racoon_racoonyylex_destroy
-#define racoonyyset_debug _bsd_racoon_racoonyyset_debug
 #define racoonyyget_debug _bsd_racoon_racoonyyget_debug
-#define racoonyyset_out _bsd_racoon_racoonyyset_out
-#define racoonyyset_in _bsd_racoon_racoonyyset_in
-#define racoonyyset_lineno _bsd_racoon_racoonyyset_lineno
-#define racoonyyget_text _bsd_racoon_racoonyyget_text
-#define racoonyyget_leng _bsd_racoon_racoonyyget_leng
-#define racoonyyget_out _bsd_racoon_racoonyyget_out
 #define racoonyyget_in _bsd_racoon_racoonyyget_in
+#define racoonyyget_leng _bsd_racoon_racoonyyget_leng
 #define racoonyyget_lineno _bsd_racoon_racoonyyget_lineno
-#define racoonyy_scan_bytes _bsd_racoon_racoonyy_scan_bytes
-#define racoonyy_scan_string _bsd_racoon_racoonyy_scan_string
-#define racoonyy_scan_buffer _bsd_racoon_racoonyy_scan_buffer
+#define racoonyyget_out _bsd_racoon_racoonyyget_out
+#define racoonyyget_text _bsd_racoon_racoonyyget_text
+#define racoonyyin _bsd_racoon_racoonyyin
+#define racoonyyleng _bsd_racoon_racoonyyleng
+#define racoonyylex _bsd_racoon_racoonyylex
+#define racoonyylex_destroy _bsd_racoon_racoonyylex_destroy
+#define racoonyylineno _bsd_racoon_racoonyylineno
+#define racoonyyout _bsd_racoon_racoonyyout
 #define racoonyypop_buffer_state _bsd_racoon_racoonyypop_buffer_state
 #define racoonyypush_buffer_state _bsd_racoon_racoonyypush_buffer_state
-#define racoonyy_flush_buffer _bsd_racoon_racoonyy_flush_buffer
-#define racoonyy_delete_buffer _bsd_racoon_racoonyy_delete_buffer
-#define racoonyy_create_buffer _bsd_racoon_racoonyy_create_buffer
-#define racoonyy_switch_to_buffer _bsd_racoon_racoonyy_switch_to_buffer
+#define racoonyyrealloc _bsd_racoon_racoonyyrealloc
 #define racoonyyrestart _bsd_racoon_racoonyyrestart
-#define racoonyylex _bsd_racoon_racoonyylex
+#define racoonyyset_debug _bsd_racoon_racoonyyset_debug
+#define racoonyyset_in _bsd_racoon_racoonyyset_in
+#define racoonyyset_lineno _bsd_racoon_racoonyyset_lineno
+#define racoonyyset_out _bsd_racoon_racoonyyset_out
+#define racoonyytext _bsd_racoon_racoonyytext
+#define yycf_clean_buffer _bsd_racoon_yycf_clean_buffer
+#define yycf_init_buffer _bsd_racoon_yycf_init_buffer
+#define yycf_set_buffer _bsd_racoon_yycf_set_buffer
+#define yycf_switch_buffer _bsd_racoon_yycf_switch_buffer
+#define yyerrorcount _bsd_racoon_yyerrorcount
+#define yywarn _bsd_racoon_yywarn
 /* crypto_openssl.c */
-#define eay_version _bsd_racoon_eay_version
-#define eay_random _bsd_racoon_eay_random
-#define bignum_pubkey2rsa _bsd_racoon_bignum_pubkey2rsa
-#define base64_pubkey2rsa _bsd_racoon_base64_pubkey2rsa
-#define base64_encode _bsd_racoon_base64_encode
 #define base64_decode _bsd_racoon_base64_decode
-#define eay_init _bsd_racoon_eay_init
+#define base64_encode _bsd_racoon_base64_encode
+#define base64_pubkey2rsa _bsd_racoon_base64_pubkey2rsa
+#define bignum_pubkey2rsa _bsd_racoon_bignum_pubkey2rsa
+#define eay_3des_decrypt _bsd_racoon_eay_3des_decrypt
+#define eay_3des_encrypt _bsd_racoon_eay_3des_encrypt
+#define eay_3des_keylen _bsd_racoon_eay_3des_keylen
+#define eay_3des_weakkey _bsd_racoon_eay_3des_weakkey
+#define eay_aes_decrypt _bsd_racoon_eay_aes_decrypt
+#define eay_aes_encrypt _bsd_racoon_eay_aes_encrypt
+#define eay_aes_keylen _bsd_racoon_eay_aes_keylen
+#define eay_aes_weakkey _bsd_racoon_eay_aes_weakkey
+#define eay_bf_decrypt _bsd_racoon_eay_bf_decrypt
+#define eay_bf_encrypt _bsd_racoon_eay_bf_encrypt
+#define eay_bf_keylen _bsd_racoon_eay_bf_keylen
+#define eay_bf_weakkey _bsd_racoon_eay_bf_weakkey
 #define eay_bn2v _bsd_racoon_eay_bn2v
-#define eay_v2bn _bsd_racoon_eay_v2bn
+#define eay_camellia_decrypt _bsd_racoon_eay_camellia_decrypt
+#define eay_camellia_encrypt _bsd_racoon_eay_camellia_encrypt
+#define eay_camellia_keylen _bsd_racoon_eay_camellia_keylen
+#define eay_camellia_weakkey _bsd_racoon_eay_camellia_weakkey
+#define eay_cast_decrypt _bsd_racoon_eay_cast_decrypt
+#define eay_cast_encrypt _bsd_racoon_eay_cast_encrypt
+#define eay_cast_keylen _bsd_racoon_eay_cast_keylen
+#define eay_cast_weakkey _bsd_racoon_eay_cast_weakkey
+#define eay_check_rsasign _bsd_racoon_eay_check_rsasign
+#define eay_check_x509cert _bsd_racoon_eay_check_x509cert
+#define eay_check_x509sign _bsd_racoon_eay_check_x509sign
+#define eay_cmp_asn1dn _bsd_racoon_eay_cmp_asn1dn
+#define eay_des_decrypt _bsd_racoon_eay_des_decrypt
+#define eay_des_encrypt _bsd_racoon_eay_des_encrypt
+#define eay_des_keylen _bsd_racoon_eay_des_keylen
+#define eay_des_weakkey _bsd_racoon_eay_des_weakkey
 #define eay_dh_compute _bsd_racoon_eay_dh_compute
 #define eay_dh_generate _bsd_racoon_eay_dh_generate
-#define eay_set_random _bsd_racoon_eay_set_random
-#define eay_md5_hashlen _bsd_racoon_eay_md5_hashlen
-#define eay_md5_one _bsd_racoon_eay_md5_one
-#define eay_md5_final _bsd_racoon_eay_md5_final
-#define eay_md5_update _bsd_racoon_eay_md5_update
-#define eay_md5_init _bsd_racoon_eay_md5_init
-#define eay_sha1_hashlen _bsd_racoon_eay_sha1_hashlen
-#define eay_sha1_one _bsd_racoon_eay_sha1_one
-#define eay_sha1_final _bsd_racoon_eay_sha1_final
-#define eay_sha1_update _bsd_racoon_eay_sha1_update
-#define eay_sha1_init _bsd_racoon_eay_sha1_init
-#define eay_sha2_256_hashlen _bsd_racoon_eay_sha2_256_hashlen
-#define eay_sha2_256_one _bsd_racoon_eay_sha2_256_one
-#define eay_sha2_256_final _bsd_racoon_eay_sha2_256_final
-#define eay_sha2_256_update _bsd_racoon_eay_sha2_256_update
-#define eay_sha2_256_init _bsd_racoon_eay_sha2_256_init
-#define eay_sha2_384_hashlen _bsd_racoon_eay_sha2_384_hashlen
-#define eay_sha2_384_one _bsd_racoon_eay_sha2_384_one
-#define eay_sha2_384_final _bsd_racoon_eay_sha2_384_final
-#define eay_sha2_384_update _bsd_racoon_eay_sha2_384_update
-#define eay_sha2_384_init _bsd_racoon_eay_sha2_384_init
-#define eay_sha2_512_hashlen _bsd_racoon_eay_sha2_512_hashlen
-#define eay_sha2_512_one _bsd_racoon_eay_sha2_512_one
-#define eay_sha2_512_final _bsd_racoon_eay_sha2_512_final
-#define eay_sha2_512_update _bsd_racoon_eay_sha2_512_update
-#define eay_sha2_512_init _bsd_racoon_eay_sha2_512_init
+#define eay_get_pkcs1privkey _bsd_racoon_eay_get_pkcs1privkey
+#define eay_get_pkcs1pubkey _bsd_racoon_eay_get_pkcs1pubkey
+#define eay_get_rsasign _bsd_racoon_eay_get_rsasign
+#define eay_get_x509asn1issuername _bsd_racoon_eay_get_x509asn1issuername
+#define eay_get_x509asn1subjectname _bsd_racoon_eay_get_x509asn1subjectname
+#define eay_get_x509cert _bsd_racoon_eay_get_x509cert
+#define eay_get_x509sign _bsd_racoon_eay_get_x509sign
+#define eay_get_x509subjectaltname _bsd_racoon_eay_get_x509subjectaltname
+#define eay_get_x509text _bsd_racoon_eay_get_x509text
+#define eay_hex2asn1dn _bsd_racoon_eay_hex2asn1dn
 #define eay_hmacmd5_final _bsd_racoon_eay_hmacmd5_final
-#define eay_hmacmd5_update _bsd_racoon_eay_hmacmd5_update
 #define eay_hmacmd5_init _bsd_racoon_eay_hmacmd5_init
 #define eay_hmacmd5_one _bsd_racoon_eay_hmacmd5_one
+#define eay_hmacmd5_update _bsd_racoon_eay_hmacmd5_update
 #define eay_hmacsha1_final _bsd_racoon_eay_hmacsha1_final
-#define eay_hmacsha1_update _bsd_racoon_eay_hmacsha1_update
 #define eay_hmacsha1_init _bsd_racoon_eay_hmacsha1_init
 #define eay_hmacsha1_one _bsd_racoon_eay_hmacsha1_one
+#define eay_hmacsha1_update _bsd_racoon_eay_hmacsha1_update
 #define eay_hmacsha2_256_final _bsd_racoon_eay_hmacsha2_256_final
-#define eay_hmacsha2_256_update _bsd_racoon_eay_hmacsha2_256_update
 #define eay_hmacsha2_256_init _bsd_racoon_eay_hmacsha2_256_init
 #define eay_hmacsha2_256_one _bsd_racoon_eay_hmacsha2_256_one
+#define eay_hmacsha2_256_update _bsd_racoon_eay_hmacsha2_256_update
 #define eay_hmacsha2_384_final _bsd_racoon_eay_hmacsha2_384_final
-#define eay_hmacsha2_384_update _bsd_racoon_eay_hmacsha2_384_update
 #define eay_hmacsha2_384_init _bsd_racoon_eay_hmacsha2_384_init
 #define eay_hmacsha2_384_one _bsd_racoon_eay_hmacsha2_384_one
+#define eay_hmacsha2_384_update _bsd_racoon_eay_hmacsha2_384_update
 #define eay_hmacsha2_512_final _bsd_racoon_eay_hmacsha2_512_final
-#define eay_hmacsha2_512_update _bsd_racoon_eay_hmacsha2_512_update
 #define eay_hmacsha2_512_init _bsd_racoon_eay_hmacsha2_512_init
 #define eay_hmacsha2_512_one _bsd_racoon_eay_hmacsha2_512_one
-#define eay_null_keylen _bsd_racoon_eay_null_keylen
-#define eay_twofish_keylen _bsd_racoon_eay_twofish_keylen
-#define eay_kpdk_hashlen _bsd_racoon_eay_kpdk_hashlen
-#define eay_null_hashlen _bsd_racoon_eay_null_hashlen
-#define eay_camellia_keylen _bsd_racoon_eay_camellia_keylen
-#define eay_camellia_weakkey _bsd_racoon_eay_camellia_weakkey
-#define eay_camellia_decrypt _bsd_racoon_eay_camellia_decrypt
-#define eay_camellia_encrypt _bsd_racoon_eay_camellia_encrypt
-#define eay_aes_keylen _bsd_racoon_eay_aes_keylen
-#define eay_aes_weakkey _bsd_racoon_eay_aes_weakkey
-#define eay_aes_decrypt _bsd_racoon_eay_aes_decrypt
-#define eay_aes_encrypt _bsd_racoon_eay_aes_encrypt
-#define eay_cast_keylen _bsd_racoon_eay_cast_keylen
-#define eay_cast_weakkey _bsd_racoon_eay_cast_weakkey
-#define eay_cast_decrypt _bsd_racoon_eay_cast_decrypt
-#define eay_cast_encrypt _bsd_racoon_eay_cast_encrypt
-#define eay_3des_keylen _bsd_racoon_eay_3des_keylen
-#define eay_3des_weakkey _bsd_racoon_eay_3des_weakkey
-#define eay_3des_decrypt _bsd_racoon_eay_3des_decrypt
-#define eay_3des_encrypt _bsd_racoon_eay_3des_encrypt
-#define eay_bf_keylen _bsd_racoon_eay_bf_keylen
-#define eay_bf_weakkey _bsd_racoon_eay_bf_weakkey
-#define eay_bf_decrypt _bsd_racoon_eay_bf_decrypt
-#define eay_bf_encrypt _bsd_racoon_eay_bf_encrypt
-#define eay_idea_keylen _bsd_racoon_eay_idea_keylen
-#define eay_idea_weakkey _bsd_racoon_eay_idea_weakkey
+#define eay_hmacsha2_512_update _bsd_racoon_eay_hmacsha2_512_update
 #define eay_idea_decrypt _bsd_racoon_eay_idea_decrypt
 #define eay_idea_encrypt _bsd_racoon_eay_idea_encrypt
-#define eay_des_keylen _bsd_racoon_eay_des_keylen
-#define eay_des_weakkey _bsd_racoon_eay_des_weakkey
-#define eay_des_decrypt _bsd_racoon_eay_des_decrypt
-#define eay_des_encrypt _bsd_racoon_eay_des_encrypt
-#define evp_keylen _bsd_racoon_evp_keylen
-#define evp_weakkey _bsd_racoon_evp_weakkey
-#define evp_crypt _bsd_racoon_evp_crypt
-#define eay_strerror _bsd_racoon_eay_strerror
-#define eay_rsa_verify _bsd_racoon_eay_rsa_verify
+#define eay_idea_keylen _bsd_racoon_eay_idea_keylen
+#define eay_idea_weakkey _bsd_racoon_eay_idea_weakkey
+#define eay_init _bsd_racoon_eay_init
+#define eay_kpdk_hashlen _bsd_racoon_eay_kpdk_hashlen
+#define eay_md5_final _bsd_racoon_eay_md5_final
+#define eay_md5_hashlen _bsd_racoon_eay_md5_hashlen
+#define eay_md5_init _bsd_racoon_eay_md5_init
+#define eay_md5_one _bsd_racoon_eay_md5_one
+#define eay_md5_update _bsd_racoon_eay_md5_update
+#define eay_null_hashlen _bsd_racoon_eay_null_hashlen
+#define eay_null_keylen _bsd_racoon_eay_null_keylen
+#define eay_random _bsd_racoon_eay_random
 #define eay_rsa_sign _bsd_racoon_eay_rsa_sign
-#define eay_get_rsasign _bsd_racoon_eay_get_rsasign
-#define eay_get_x509sign _bsd_racoon_eay_get_x509sign
-#define eay_get_pkcs1pubkey _bsd_racoon_eay_get_pkcs1pubkey
-#define eay_get_pkcs1privkey _bsd_racoon_eay_get_pkcs1privkey
-#define eay_check_rsasign _bsd_racoon_eay_check_rsasign
-#define eay_check_x509sign _bsd_racoon_eay_check_x509sign
-#define eay_get_x509cert _bsd_racoon_eay_get_x509cert
-#define eay_get_x509text _bsd_racoon_eay_get_x509text
-#define eay_get_x509asn1issuername _bsd_racoon_eay_get_x509asn1issuername
-#define eay_get_x509subjectaltname _bsd_racoon_eay_get_x509subjectaltname
-#define eay_get_x509asn1subjectname _bsd_racoon_eay_get_x509asn1subjectname
-#define eay_check_x509cert _bsd_racoon_eay_check_x509cert
-#define eay_cmp_asn1dn _bsd_racoon_eay_cmp_asn1dn
-#define eay_hex2asn1dn _bsd_racoon_eay_hex2asn1dn
+#define eay_rsa_verify _bsd_racoon_eay_rsa_verify
+#define eay_set_random _bsd_racoon_eay_set_random
+#define eay_sha1_final _bsd_racoon_eay_sha1_final
+#define eay_sha1_hashlen _bsd_racoon_eay_sha1_hashlen
+#define eay_sha1_init _bsd_racoon_eay_sha1_init
+#define eay_sha1_one _bsd_racoon_eay_sha1_one
+#define eay_sha1_update _bsd_racoon_eay_sha1_update
+#define eay_sha2_256_final _bsd_racoon_eay_sha2_256_final
+#define eay_sha2_256_hashlen _bsd_racoon_eay_sha2_256_hashlen
+#define eay_sha2_256_init _bsd_racoon_eay_sha2_256_init
+#define eay_sha2_256_one _bsd_racoon_eay_sha2_256_one
+#define eay_sha2_256_update _bsd_racoon_eay_sha2_256_update
+#define eay_sha2_384_final _bsd_racoon_eay_sha2_384_final
+#define eay_sha2_384_hashlen _bsd_racoon_eay_sha2_384_hashlen
+#define eay_sha2_384_init _bsd_racoon_eay_sha2_384_init
+#define eay_sha2_384_one _bsd_racoon_eay_sha2_384_one
+#define eay_sha2_384_update _bsd_racoon_eay_sha2_384_update
+#define eay_sha2_512_final _bsd_racoon_eay_sha2_512_final
+#define eay_sha2_512_hashlen _bsd_racoon_eay_sha2_512_hashlen
+#define eay_sha2_512_init _bsd_racoon_eay_sha2_512_init
+#define eay_sha2_512_one _bsd_racoon_eay_sha2_512_one
+#define eay_sha2_512_update _bsd_racoon_eay_sha2_512_update
 #define eay_str2asn1dn _bsd_racoon_eay_str2asn1dn
+#define eay_strerror _bsd_racoon_eay_strerror
+#define eay_twofish_keylen _bsd_racoon_eay_twofish_keylen
+#define eay_v2bn _bsd_racoon_eay_v2bn
+#define eay_version _bsd_racoon_eay_version
+#define evp_crypt _bsd_racoon_evp_crypt
+#define evp_keylen _bsd_racoon_evp_keylen
+#define evp_weakkey _bsd_racoon_evp_weakkey
 /* dnssec.c */
 #define dnssec_getcert _bsd_racoon_dnssec_getcert
 /* evt.c */
 /* genlist.c */
-#define genlist_free _bsd_racoon_genlist_free
-#define genlist_next _bsd_racoon_genlist_next
-#define genlist_foreach _bsd_racoon_genlist_foreach
 #define genlist_append _bsd_racoon_genlist_append
-#define genlist_insert _bsd_racoon_genlist_insert
+#define genlist_foreach _bsd_racoon_genlist_foreach
+#define genlist_free _bsd_racoon_genlist_free
 #define genlist_init _bsd_racoon_genlist_init
+#define genlist_insert _bsd_racoon_genlist_insert
+#define genlist_next _bsd_racoon_genlist_next
 /* getcertsbyname.c */
-#define getcertsbyname _bsd_racoon_getcertsbyname
 #define freecertinfo _bsd_racoon_freecertinfo
+#define getcertsbyname _bsd_racoon_getcertsbyname
 /* grabmyaddr.c */
 #define myaddr_close _bsd_racoon_myaddr_close
+#define myaddr_flush _bsd_racoon_myaddr_flush
+#define myaddr_getfd _bsd_racoon_myaddr_getfd
+#define myaddr_getsport _bsd_racoon_myaddr_getsport
 #define myaddr_init _bsd_racoon_myaddr_init
 #define myaddr_init_lists _bsd_racoon_myaddr_init_lists
-#define myaddr_getsport _bsd_racoon_myaddr_getsport
-#define myaddr_getfd _bsd_racoon_myaddr_getfd
-#define myaddr_sync _bsd_racoon_myaddr_sync
 #define myaddr_listen _bsd_racoon_myaddr_listen
-#define myaddr_flush _bsd_racoon_myaddr_flush
+#define myaddr_sync _bsd_racoon_myaddr_sync
 /* gssapi.c */
 #define __gssapi_dUmMy _bsd_racoon___gssapi_dUmMy
 /* handler.c */
-#define revalidate_ph12 _bsd_racoon_revalidate_ph12
-#define init_recvdpkt _bsd_racoon_init_recvdpkt
 #define add_recvdpkt _bsd_racoon_add_recvdpkt
-#define check_recvdpkt _bsd_racoon_check_recvdpkt
-#define initctdtree _bsd_racoon_initctdtree
-#define remcontacted _bsd_racoon_remcontacted
-#define inscontacted _bsd_racoon_inscontacted
-#define getcontacted _bsd_racoon_getcontacted
-#define unbindph12 _bsd_racoon_unbindph12
 #define bindph12 _bsd_racoon_bindph12
+#define check_recvdpkt _bsd_racoon_check_recvdpkt
 #define deleteallph2 _bsd_racoon_deleteallph2
-#define flushph2 _bsd_racoon_flushph2
-#define initph2tree _bsd_racoon_initph2tree
-#define remph2 _bsd_racoon_remph2
-#define insph2 _bsd_racoon_insph2
+#define delph1 _bsd_racoon_delph1
 #define delph2 _bsd_racoon_delph2
-#define initph2 _bsd_racoon_initph2
-#define newph2 _bsd_racoon_newph2
-#define getph2bysaidx _bsd_racoon_getph2bysaidx
-#define getph2bysaddr _bsd_racoon_getph2bysaddr
+#define dumpph1 _bsd_racoon_dumpph1
+#define enumph1 _bsd_racoon_enumph1
+#define enumph2 _bsd_racoon_enumph2
+#define flushph1 _bsd_racoon_flushph1
+#define flushph2 _bsd_racoon_flushph2
+#define getcontacted _bsd_racoon_getcontacted
+#define getph1 _bsd_racoon_getph1
+#define getph1byindex _bsd_racoon_getph1byindex
+#define getph1byindex0 _bsd_racoon_getph1byindex0
 #define getph2byid _bsd_racoon_getph2byid
 #define getph2bymsgid _bsd_racoon_getph2bymsgid
+#define getph2bysaddr _bsd_racoon_getph2bysaddr
+#define getph2bysaidx _bsd_racoon_getph2bysaidx
 #define getph2byseq _bsd_racoon_getph2byseq
-#define enumph2 _bsd_racoon_enumph2
-#define ph1_rekey_enabled _bsd_racoon_ph1_rekey_enabled
+#define init_recvdpkt _bsd_racoon_init_recvdpkt
+#define initctdtree _bsd_racoon_initctdtree
 #define initph1tree _bsd_racoon_initph1tree
-#define flushph1 _bsd_racoon_flushph1
-#define remph1 _bsd_racoon_remph1
+#define initph2 _bsd_racoon_initph2
+#define initph2tree _bsd_racoon_initph2tree
+#define inscontacted _bsd_racoon_inscontacted
 #define insph1 _bsd_racoon_insph1
-#define delph1 _bsd_racoon_delph1
-#define newph1 _bsd_racoon_newph1
-#define dumpph1 _bsd_racoon_dumpph1
+#define insph2 _bsd_racoon_insph2
 #define migrate_dying_ph12 _bsd_racoon_migrate_dying_ph12
 #define migrate_ph12 _bsd_racoon_migrate_ph12
+#define newph1 _bsd_racoon_newph1
+#define newph2 _bsd_racoon_newph2
+#define ph1_rekey_enabled _bsd_racoon_ph1_rekey_enabled
+#define remcontacted _bsd_racoon_remcontacted
+#define remph1 _bsd_racoon_remph1
+#define remph2 _bsd_racoon_remph2
 #define resolveph1rmconf _bsd_racoon_resolveph1rmconf
-#define getph1 _bsd_racoon_getph1
-#define getph1byindex0 _bsd_racoon_getph1byindex0
-#define getph1byindex _bsd_racoon_getph1byindex
-#define enumph1 _bsd_racoon_enumph1
+#define revalidate_ph12 _bsd_racoon_revalidate_ph12
+#define unbindph12 _bsd_racoon_unbindph12
 /* ipsec_doi.c */
 #define doi2idtype _bsd_racoon_doi2idtype
+#define doi2ipproto _bsd_racoon_doi2ipproto
+#define free_proppair _bsd_racoon_free_proppair
+#define get_proppair _bsd_racoon_get_proppair
+#define get_sabyproppair _bsd_racoon_get_sabyproppair
+#define get_sabysaprop _bsd_racoon_get_sabysaprop
 #define idtype2doi _bsd_racoon_idtype2doi
+#define ipproto2doi _bsd_racoon_ipproto2doi
 #define ipsecdoi_authalg2trnsid _bsd_racoon_ipsecdoi_authalg2trnsid
-#define ipsecdoi_t2satrns _bsd_racoon_ipsecdoi_t2satrns
-#define ipsecdoi_id2str _bsd_racoon_ipsecdoi_id2str
-#define ipsecdoi_id2sockaddr _bsd_racoon_ipsecdoi_id2sockaddr
-#define ipsecdoi_sockrange2id _bsd_racoon_ipsecdoi_sockrange2id
-#define ipsecdoi_sockaddr2id _bsd_racoon_ipsecdoi_sockaddr2id
-#define ipsecdoi_setid2 _bsd_racoon_ipsecdoi_setid2
-#define set_identifier_qual _bsd_racoon_set_identifier_qual
-#define set_identifier _bsd_racoon_set_identifier
-#define ipsecdoi_setid1 _bsd_racoon_ipsecdoi_setid1
+#define ipsecdoi_checkalgtypes _bsd_racoon_ipsecdoi_checkalgtypes
 #define ipsecdoi_checkid1 _bsd_racoon_ipsecdoi_checkid1
+#define ipsecdoi_checkph1proposal _bsd_racoon_ipsecdoi_checkph1proposal
+#define ipsecdoi_checkph2proposal _bsd_racoon_ipsecdoi_checkph2proposal
 #define ipsecdoi_chkcmpids _bsd_racoon_ipsecdoi_chkcmpids
-#define ipsecdoi_subnetisaddr_v6 _bsd_racoon_ipsecdoi_subnetisaddr_v6
-#define ipsecdoi_subnetisaddr_v4 _bsd_racoon_ipsecdoi_subnetisaddr_v4
-#define doi2ipproto _bsd_racoon_doi2ipproto
-#define ipproto2doi _bsd_racoon_ipproto2doi
-#define ipsecdoi_checkalgtypes _bsd_racoon_ipsecdoi_checkalgtypes
 #define ipsecdoi_get_defaultlifetime _bsd_racoon_ipsecdoi_get_defaultlifetime
-#define ipsecdoi_transportmode _bsd_racoon_ipsecdoi_transportmode
-#define ipsecdoi_setph2proposal _bsd_racoon_ipsecdoi_setph2proposal
-#define ipsecdoi_setph1proposal _bsd_racoon_ipsecdoi_setph1proposal
+#define ipsecdoi_id2sockaddr _bsd_racoon_ipsecdoi_id2sockaddr
+#define ipsecdoi_id2str _bsd_racoon_ipsecdoi_id2str
 #define ipsecdoi_parse_responder_lifetime _bsd_racoon_ipsecdoi_parse_responder_lifetime
-#define get_sabysaprop _bsd_racoon_get_sabysaprop
-#define ipsecdoi_updatespi _bsd_racoon_ipsecdoi_updatespi
-#define get_sabyproppair _bsd_racoon_get_sabyproppair
-#define get_proppair _bsd_racoon_get_proppair
-#define free_proppair _bsd_racoon_free_proppair
-#define ipsecdoi_checkph2proposal _bsd_racoon_ipsecdoi_checkph2proposal
 #define ipsecdoi_selectph2proposal _bsd_racoon_ipsecdoi_selectph2proposal
-#define ipsecdoi_checkph1proposal _bsd_racoon_ipsecdoi_checkph1proposal
+#define ipsecdoi_setid1 _bsd_racoon_ipsecdoi_setid1
+#define ipsecdoi_setid2 _bsd_racoon_ipsecdoi_setid2
+#define ipsecdoi_setph1proposal _bsd_racoon_ipsecdoi_setph1proposal
+#define ipsecdoi_setph2proposal _bsd_racoon_ipsecdoi_setph2proposal
+#define ipsecdoi_sockaddr2id _bsd_racoon_ipsecdoi_sockaddr2id
+#define ipsecdoi_sockrange2id _bsd_racoon_ipsecdoi_sockrange2id
+#define ipsecdoi_subnetisaddr_v4 _bsd_racoon_ipsecdoi_subnetisaddr_v4
+#define ipsecdoi_subnetisaddr_v6 _bsd_racoon_ipsecdoi_subnetisaddr_v6
+#define ipsecdoi_t2satrns _bsd_racoon_ipsecdoi_t2satrns
+#define ipsecdoi_transportmode _bsd_racoon_ipsecdoi_transportmode
+#define ipsecdoi_updatespi _bsd_racoon_ipsecdoi_updatespi
+#define set_identifier _bsd_racoon_set_identifier
+#define set_identifier_qual _bsd_racoon_set_identifier_qual
 /* isakmp_agg.c */
-#define agg_r2send _bsd_racoon_agg_r2send
-#define agg_r2recv _bsd_racoon_agg_r2recv
-#define agg_r1send _bsd_racoon_agg_r1send
-#define agg_r1recv _bsd_racoon_agg_r1recv
-#define agg_i2send _bsd_racoon_agg_i2send
-#define agg_i2recv _bsd_racoon_agg_i2recv
 #define agg_i1send _bsd_racoon_agg_i1send
+#define agg_i2recv _bsd_racoon_agg_i2recv
+#define agg_i2send _bsd_racoon_agg_i2send
+#define agg_r1recv _bsd_racoon_agg_r1recv
+#define agg_r1send _bsd_racoon_agg_r1send
+#define agg_r2recv _bsd_racoon_agg_r2recv
+#define agg_r2send _bsd_racoon_agg_r2send
 /* isakmp_base.c */
-#define base_r2send _bsd_racoon_base_r2send
-#define base_r2recv _bsd_racoon_base_r2recv
-#define base_r1send _bsd_racoon_base_r1send
-#define base_r1recv _bsd_racoon_base_r1recv
-#define base_i3send _bsd_racoon_base_i3send
-#define base_i3recv _bsd_racoon_base_i3recv
-#define base_i2send _bsd_racoon_base_i2send
-#define base_i2recv _bsd_racoon_base_i2recv
 #define base_i1send _bsd_racoon_base_i1send
+#define base_i2recv _bsd_racoon_base_i2recv
+#define base_i2send _bsd_racoon_base_i2send
+#define base_i3recv _bsd_racoon_base_i3recv
+#define base_i3send _bsd_racoon_base_i3send
+#define base_r1recv _bsd_racoon_base_r1recv
+#define base_r1send _bsd_racoon_base_r1send
+#define base_r2recv _bsd_racoon_base_r2recv
+#define base_r2send _bsd_racoon_base_r2send
 /* isakmp.c */
-#define setscopeid _bsd_racoon_setscopeid
-#define delete_spd _bsd_racoon_delete_spd
-#define purge_remote _bsd_racoon_purge_remote
-#define script_exec _bsd_racoon_script_exec
-#define script_env_append _bsd_racoon_script_env_append
-#define script_hook _bsd_racoon_script_hook
-#define isakmp_plist_set_all _bsd_racoon_isakmp_plist_set_all
-#define isakmp_plist_append_full _bsd_racoon_isakmp_plist_append_full
-#define log_ph1established _bsd_racoon_log_ph1established
 #define copy_ph1addresses _bsd_racoon_copy_ph1addresses
-#define set_isakmp_payload _bsd_racoon_set_isakmp_payload
-#define set_isakmp_header2 _bsd_racoon_set_isakmp_header2
-#define set_isakmp_header1 _bsd_racoon_set_isakmp_header1
-#define isakmp_newmsgid2 _bsd_racoon_isakmp_newmsgid2
-#define isakmp_p2ph _bsd_racoon_isakmp_p2ph
-#define isakmp_newcookie _bsd_racoon_isakmp_newcookie
+#define delete_spd _bsd_racoon_delete_spd
 #define isakmp_add_attr_l _bsd_racoon_isakmp_add_attr_l
 #define isakmp_add_attr_v _bsd_racoon_isakmp_add_attr_v
-#define isakmp_set_attr_l _bsd_racoon_isakmp_set_attr_l
-#define isakmp_set_attr_v _bsd_racoon_isakmp_set_attr_v
 #define isakmp_chkph1there _bsd_racoon_isakmp_chkph1there
 #define isakmp_chkph1there_stub _bsd_racoon_isakmp_chkph1there_stub
-#define isakmp_post_getspi _bsd_racoon_isakmp_post_getspi
+#define isakmp_close _bsd_racoon_isakmp_close
 #define isakmp_get_sainfo _bsd_racoon_isakmp_get_sainfo
-#define isakmp_post_acquire _bsd_racoon_isakmp_post_acquire
-#define isakmp_ph2delete _bsd_racoon_isakmp_ph2delete
-#define isakmp_ph2delete_stub _bsd_racoon_isakmp_ph2delete_stub
-#define isakmp_ph2expire _bsd_racoon_isakmp_ph2expire
-#define isakmp_ph2expire_stub _bsd_racoon_isakmp_ph2expire_stub
+#define isakmp_init _bsd_racoon_isakmp_init
+#define isakmp_newcookie _bsd_racoon_isakmp_newcookie
+#define isakmp_newmsgid2 _bsd_racoon_isakmp_newmsgid2
+#define isakmp_open _bsd_racoon_isakmp_open
+#define isakmp_p2ph _bsd_racoon_isakmp_p2ph
+#define isakmp_parse _bsd_racoon_isakmp_parse
+#define isakmp_parsewoh _bsd_racoon_isakmp_parsewoh
+#define isakmp_ph1begin_i _bsd_racoon_isakmp_ph1begin_i
 #define isakmp_ph1delete _bsd_racoon_isakmp_ph1delete
 #define isakmp_ph1delete_stub _bsd_racoon_isakmp_ph1delete_stub
-#define isakmp_ph1expire _bsd_racoon_isakmp_ph1expire
-#define isakmp_ph1expire_stub _bsd_racoon_isakmp_ph1expire_stub
 #define isakmp_ph1dying _bsd_racoon_isakmp_ph1dying
 #define isakmp_ph1dying_stub _bsd_racoon_isakmp_ph1dying_stub
-#define isakmp_ph2send _bsd_racoon_isakmp_ph2send
+#define isakmp_ph1expire _bsd_racoon_isakmp_ph1expire
+#define isakmp_ph1expire_stub _bsd_racoon_isakmp_ph1expire_stub
 #define isakmp_ph1send _bsd_racoon_isakmp_ph1send
-#define isakmp_send _bsd_racoon_isakmp_send
-#define isakmp_close _bsd_racoon_isakmp_close
-#define isakmp_open _bsd_racoon_isakmp_open
+#define isakmp_ph2delete _bsd_racoon_isakmp_ph2delete
+#define isakmp_ph2delete_stub _bsd_racoon_isakmp_ph2delete_stub
+#define isakmp_ph2expire _bsd_racoon_isakmp_ph2expire
+#define isakmp_ph2expire_stub _bsd_racoon_isakmp_ph2expire_stub
+#define isakmp_ph2send _bsd_racoon_isakmp_ph2send
 #define isakmp_pindex _bsd_racoon_isakmp_pindex
-#define isakmp_init _bsd_racoon_isakmp_init
-#define isakmp_parse _bsd_racoon_isakmp_parse
-#define isakmp_parsewoh _bsd_racoon_isakmp_parsewoh
-#define isakmp_ph1begin_i _bsd_racoon_isakmp_ph1begin_i
+#define isakmp_plist_append_full _bsd_racoon_isakmp_plist_append_full
+#define isakmp_plist_set_all _bsd_racoon_isakmp_plist_set_all
+#define isakmp_post_acquire _bsd_racoon_isakmp_post_acquire
+#define isakmp_post_getspi _bsd_racoon_isakmp_post_getspi
+#define isakmp_send _bsd_racoon_isakmp_send
+#define isakmp_set_attr_l _bsd_racoon_isakmp_set_attr_l
+#define isakmp_set_attr_v _bsd_racoon_isakmp_set_attr_v
+#define log_ph1established _bsd_racoon_log_ph1established
+#define purge_remote _bsd_racoon_purge_remote
+#define script_env_append _bsd_racoon_script_env_append
+#define script_exec _bsd_racoon_script_exec
+#define script_hook _bsd_racoon_script_hook
+#define set_isakmp_header1 _bsd_racoon_set_isakmp_header1
+#define set_isakmp_header2 _bsd_racoon_set_isakmp_header2
+#define set_isakmp_payload _bsd_racoon_set_isakmp_payload
+#define setscopeid _bsd_racoon_setscopeid
 /* isakmp_frag.c */
 #define isakmp_frag_addcap _bsd_racoon_isakmp_frag_addcap
-#define isakmp_frag_reassembly _bsd_racoon_isakmp_frag_reassembly
 #define isakmp_frag_extract _bsd_racoon_isakmp_frag_extract
-#define vendorid_frag_cap _bsd_racoon_vendorid_frag_cap
+#define isakmp_frag_reassembly _bsd_racoon_isakmp_frag_reassembly
 #define isakmp_sendfrags _bsd_racoon_isakmp_sendfrags
+#define vendorid_frag_cap _bsd_racoon_vendorid_frag_cap
 /* isakmp_ident.c */
-#define ident_r3send _bsd_racoon_ident_r3send
-#define ident_r3recv _bsd_racoon_ident_r3recv
-#define ident_r2send _bsd_racoon_ident_r2send
-#define ident_r2recv _bsd_racoon_ident_r2recv
-#define ident_r1send _bsd_racoon_ident_r1send
-#define ident_r1recv _bsd_racoon_ident_r1recv
-#define ident_i4send _bsd_racoon_ident_i4send
-#define ident_i4recv _bsd_racoon_ident_i4recv
-#define ident_i3send _bsd_racoon_ident_i3send
-#define ident_i3recv _bsd_racoon_ident_i3recv
-#define ident_i2send _bsd_racoon_ident_i2send
-#define ident_i2recv _bsd_racoon_ident_i2recv
 #define ident_i1send _bsd_racoon_ident_i1send
+#define ident_i2recv _bsd_racoon_ident_i2recv
+#define ident_i2send _bsd_racoon_ident_i2send
+#define ident_i3recv _bsd_racoon_ident_i3recv
+#define ident_i3send _bsd_racoon_ident_i3send
+#define ident_i4recv _bsd_racoon_ident_i4recv
+#define ident_i4send _bsd_racoon_ident_i4send
+#define ident_r1recv _bsd_racoon_ident_r1recv
+#define ident_r1send _bsd_racoon_ident_r1send
+#define ident_r2recv _bsd_racoon_ident_r2recv
+#define ident_r2send _bsd_racoon_ident_r2send
+#define ident_r3recv _bsd_racoon_ident_r3recv
+#define ident_r3send _bsd_racoon_ident_r3send
 /* isakmp_inf.c */
-#define isakmp_sched_r_u _bsd_racoon_isakmp_sched_r_u
-#define isakmp_info_recv_initialcontact _bsd_racoon_isakmp_info_recv_initialcontact
-#define purge_ipsec_spi _bsd_racoon_purge_ipsec_spi
 #define isakmp_add_pl_n _bsd_racoon_isakmp_add_pl_n
+#define isakmp_info_recv _bsd_racoon_isakmp_info_recv
+#define isakmp_info_recv_initialcontact _bsd_racoon_isakmp_info_recv_initialcontact
 #define isakmp_info_send_common _bsd_racoon_isakmp_info_send_common
-#define isakmp_info_send_n2 _bsd_racoon_isakmp_info_send_n2
+#define isakmp_info_send_d1 _bsd_racoon_isakmp_info_send_d1
+#define isakmp_info_send_d2 _bsd_racoon_isakmp_info_send_d2
 #define isakmp_info_send_n1 _bsd_racoon_isakmp_info_send_n1
+#define isakmp_info_send_n2 _bsd_racoon_isakmp_info_send_n2
 #define isakmp_info_send_nx _bsd_racoon_isakmp_info_send_nx
-#define isakmp_info_send_d2 _bsd_racoon_isakmp_info_send_d2
-#define isakmp_info_send_d1 _bsd_racoon_isakmp_info_send_d1
 #define isakmp_log_notify _bsd_racoon_isakmp_log_notify
-#define isakmp_info_recv _bsd_racoon_isakmp_info_recv
+#define isakmp_sched_r_u _bsd_racoon_isakmp_sched_r_u
+#define purge_ipsec_spi _bsd_racoon_purge_ipsec_spi
 /* isakmp_newg.c */
 #define isakmp_newgroup_r _bsd_racoon_isakmp_newgroup_r
 /* isakmp_quick.c */
-#define quick_r3prep _bsd_racoon_quick_r3prep
-#define tunnel_mode_prop _bsd_racoon_tunnel_mode_prop
-#define quick_r3send _bsd_racoon_quick_r3send
-#define quick_r3recv _bsd_racoon_quick_r3recv
-#define quick_r2send _bsd_racoon_quick_r2send
+#define quick_i1prep _bsd_racoon_quick_i1prep
+#define quick_i1send _bsd_racoon_quick_i1send
+#define quick_i2recv _bsd_racoon_quick_i2recv
+#define quick_i2send _bsd_racoon_quick_i2send
+#define quick_i3recv _bsd_racoon_quick_i3recv
 #define quick_r1prep _bsd_racoon_quick_r1prep
 #define quick_r1recv _bsd_racoon_quick_r1recv
-#define quick_i3recv _bsd_racoon_quick_i3recv
-#define quick_i2send _bsd_racoon_quick_i2send
-#define quick_i2recv _bsd_racoon_quick_i2recv
-#define quick_i1send _bsd_racoon_quick_i1send
-#define quick_i1prep _bsd_racoon_quick_i1prep
+#define quick_r2send _bsd_racoon_quick_r2send
+#define quick_r3prep _bsd_racoon_quick_r3prep
+#define quick_r3recv _bsd_racoon_quick_r3recv
+#define quick_r3send _bsd_racoon_quick_r3send
+#define tunnel_mode_prop _bsd_racoon_tunnel_mode_prop
 /* localconf.c */
-#define lcconf _bsd_racoon_lcconf
-#define save_params _bsd_racoon_save_params
-#define restore_params _bsd_racoon_restore_params
 #define doitype2doi _bsd_racoon_doitype2doi
-#define sittype2doi _bsd_racoon_sittype2doi
+#define flushlcconf _bsd_racoon_flushlcconf
 #define getpathname _bsd_racoon_getpathname
 #define getpsk _bsd_racoon_getpsk
 #define getpskbyaddr _bsd_racoon_getpskbyaddr
 #define getpskbyname _bsd_racoon_getpskbyname
-#define flushlcconf _bsd_racoon_flushlcconf
 #define initlcconf _bsd_racoon_initlcconf
+#define lcconf _bsd_racoon_lcconf
+#define restore_params _bsd_racoon_restore_params
+#define save_params _bsd_racoon_save_params
+#define sittype2doi _bsd_racoon_sittype2doi
 /* logger.c */
-#define log_free _bsd_racoon_log_free
+#define log_add _bsd_racoon_log_add
 #define log_close _bsd_racoon_log_close
+#define log_free _bsd_racoon_log_free
+#define log_open _bsd_racoon_log_open
+#define log_print _bsd_racoon_log_print
 #define log_vaprint _bsd_racoon_log_vaprint
 #define log_vprint _bsd_racoon_log_vprint
-#define log_print _bsd_racoon_log_print
-#define log_add _bsd_racoon_log_add
-#define log_open _bsd_racoon_log_open
 /* main.c */
 #define dump_config _bsd_racoon_dump_config
 #define f_local _bsd_racoon_f_local
 #define vflag _bsd_racoon_vflag
 /* misc.c */
-#define timedelta _bsd_racoon_timedelta
+#define bit2str _bsd_racoon_bit2str
 #define close_on_exec _bsd_racoon_close_on_exec
-#define getfsize _bsd_racoon_getfsize
 #define debug_location _bsd_racoon_debug_location
-#define bit2str _bsd_racoon_bit2str
+#define getfsize _bsd_racoon_getfsize
 #define racoon_hexdump _bsd_racoon_racoon_hexdump
-/* sha2.c */
-#define EVP_sha2_512 _bsd_racoon_EVP_sha2_512
-#define EVP_sha2_384 _bsd_racoon_EVP_sha2_384
-#define EVP_sha2_256 _bsd_racoon_EVP_sha2_256
+#define timedelta _bsd_racoon_timedelta
 /* nattraversal.c */
 #define isakmp_plist_append_natt_vids _bsd_racoon_isakmp_plist_append_natt_vids
+#define natt_compare_addr_hash _bsd_racoon_natt_compare_addr_hash
 #define natt_enabled_in_rmconf _bsd_racoon_natt_enabled_in_rmconf
-#define natt_keepalive_remove _bsd_racoon_natt_keepalive_remove
-#define natt_keepalive_add_ph1 _bsd_racoon_natt_keepalive_add_ph1
+#define natt_fill_options _bsd_racoon_natt_fill_options
+#define natt_float_ports _bsd_racoon_natt_float_ports
+#define natt_handle_vendorid _bsd_racoon_natt_handle_vendorid
+#define natt_hash_addr _bsd_racoon_natt_hash_addr
 #define natt_keepalive_add _bsd_racoon_natt_keepalive_add
+#define natt_keepalive_add_ph1 _bsd_racoon_natt_keepalive_add_ph1
 #define natt_keepalive_init _bsd_racoon_natt_keepalive_init
-#define natt_handle_vendorid _bsd_racoon_natt_handle_vendorid
-#define natt_float_ports _bsd_racoon_natt_float_ports
-#define natt_fill_options _bsd_racoon_natt_fill_options
+#define natt_keepalive_remove _bsd_racoon_natt_keepalive_remove
 #define natt_udp_encap _bsd_racoon_natt_udp_encap
-#define natt_compare_addr_hash _bsd_racoon_natt_compare_addr_hash
-#define natt_hash_addr _bsd_racoon_natt_hash_addr
 #define natt_vendorid _bsd_racoon_natt_vendorid
 /* oakley.c */
-#define dh_modp768 _bsd_racoon_dh_modp768
 #define dh_modp1024 _bsd_racoon_dh_modp1024
 #define dh_modp1536 _bsd_racoon_dh_modp1536
 #define dh_modp2048 _bsd_racoon_dh_modp2048
 #define dh_modp3072 _bsd_racoon_dh_modp3072
 #define dh_modp4096 _bsd_racoon_dh_modp4096
 #define dh_modp6144 _bsd_racoon_dh_modp6144
+#define dh_modp768 _bsd_racoon_dh_modp768
 #define dh_modp8192 _bsd_racoon_dh_modp8192
-#define oakley_do_encrypt _bsd_racoon_oakley_do_encrypt
-#define oakley_do_decrypt _bsd_racoon_oakley_do_decrypt
-#define oakley_delivm _bsd_racoon_oakley_delivm
-#define oakley_newiv2 _bsd_racoon_oakley_newiv2
-#define oakley_newiv _bsd_racoon_oakley_newiv
-#define oakley_compute_enckey _bsd_racoon_oakley_compute_enckey
-#define oakley_skeyid_dae _bsd_racoon_oakley_skeyid_dae
-#define oakley_skeyid _bsd_racoon_oakley_skeyid
-#define oakley_needcr _bsd_racoon_oakley_needcr
-#define oakley_checkcr _bsd_racoon_oakley_checkcr
 #define oakley_append_cr _bsd_racoon_oakley_append_cr
-#define oakley_savecr _bsd_racoon_oakley_savecr
-#define oakley_savecert _bsd_racoon_oakley_savecert
-#define oakley_getsign _bsd_racoon_oakley_getsign
-#define oakley_getmycert _bsd_racoon_oakley_getmycert
-#define oakley_validate_auth _bsd_racoon_oakley_validate_auth
-#define oakley_ph1hash_base_r _bsd_racoon_oakley_ph1hash_base_r
-#define oakley_ph1hash_base_i _bsd_racoon_oakley_ph1hash_base_i
-#define oakley_ph1hash_common _bsd_racoon_oakley_ph1hash_common
+#define oakley_checkcr _bsd_racoon_oakley_checkcr
+#define oakley_compute_enckey _bsd_racoon_oakley_compute_enckey
 #define oakley_compute_hash1 _bsd_racoon_oakley_compute_hash1
 #define oakley_compute_hash3 _bsd_racoon_oakley_compute_hash3
 #define oakley_compute_keymat _bsd_racoon_oakley_compute_keymat
-#define oakley_hash _bsd_racoon_oakley_hash
-#define oakley_prf _bsd_racoon_oakley_prf
-#define oakley_setdhgroup _bsd_racoon_oakley_setdhgroup
-#define oakley_dh_generate _bsd_racoon_oakley_dh_generate
+#define oakley_delivm _bsd_racoon_oakley_delivm
 #define oakley_dh_compute _bsd_racoon_oakley_dh_compute
+#define oakley_dh_generate _bsd_racoon_oakley_dh_generate
 #define oakley_dhgrp_free _bsd_racoon_oakley_dhgrp_free
 #define oakley_dhinit _bsd_racoon_oakley_dhinit
-#define oakley_get_defaultlifetime _bsd_racoon_oakley_get_defaultlifetime
+#define oakley_do_decrypt _bsd_racoon_oakley_do_decrypt
+#define oakley_do_encrypt _bsd_racoon_oakley_do_encrypt
 #define oakley_get_certtype _bsd_racoon_oakley_get_certtype
+#define oakley_get_defaultlifetime _bsd_racoon_oakley_get_defaultlifetime
+#define oakley_getmycert _bsd_racoon_oakley_getmycert
+#define oakley_getsign _bsd_racoon_oakley_getsign
+#define oakley_hash _bsd_racoon_oakley_hash
+#define oakley_needcr _bsd_racoon_oakley_needcr
+#define oakley_newiv _bsd_racoon_oakley_newiv
+#define oakley_newiv2 _bsd_racoon_oakley_newiv2
+#define oakley_ph1hash_base_i _bsd_racoon_oakley_ph1hash_base_i
+#define oakley_ph1hash_base_r _bsd_racoon_oakley_ph1hash_base_r
+#define oakley_ph1hash_common _bsd_racoon_oakley_ph1hash_common
+#define oakley_prf _bsd_racoon_oakley_prf
+#define oakley_savecert _bsd_racoon_oakley_savecert
+#define oakley_savecr _bsd_racoon_oakley_savecr
+#define oakley_setdhgroup _bsd_racoon_oakley_setdhgroup
+#define oakley_skeyid _bsd_racoon_oakley_skeyid
+#define oakley_skeyid_dae _bsd_racoon_oakley_skeyid_dae
+#define oakley_validate_auth _bsd_racoon_oakley_validate_auth
 /* pfkey.c */
-#define sadbsecas2str _bsd_racoon_sadbsecas2str
-#define pk_getseq _bsd_racoon_pk_getseq
+#define ipsecdoi2pfkey_mode _bsd_racoon_ipsecdoi2pfkey_mode
+#define ipsecdoi2pfkey_proto _bsd_racoon_ipsecdoi2pfkey_proto
+#define pfkey2ipsecdoi_mode _bsd_racoon_pfkey2ipsecdoi_mode
+#define pfkey2ipsecdoi_proto _bsd_racoon_pfkey2ipsecdoi_proto
+#define pfkey_convertfromipsecdoi _bsd_racoon_pfkey_convertfromipsecdoi
+#define pfkey_dump_sadb _bsd_racoon_pfkey_dump_sadb
+#define pfkey_init _bsd_racoon_pfkey_init
+#define pfkey_reload _bsd_racoon_pfkey_reload
 #define pk_checkalg _bsd_racoon_pk_checkalg
+#define pk_fixup_sa_addresses _bsd_racoon_pk_fixup_sa_addresses
+#define pk_getseq _bsd_racoon_pk_getseq
+#define pk_sendadd _bsd_racoon_pk_sendadd
 #define pk_sendeacquire _bsd_racoon_pk_sendeacquire
-#define pk_sendspddelete _bsd_racoon_pk_sendspddelete
+#define pk_sendgetspi _bsd_racoon_pk_sendgetspi
 #define pk_sendspdadd2 _bsd_racoon_pk_sendspdadd2
+#define pk_sendspddelete _bsd_racoon_pk_sendspddelete
 #define pk_sendspdupdate2 _bsd_racoon_pk_sendspdupdate2
-#define pk_sendadd _bsd_racoon_pk_sendadd
 #define pk_sendupdate _bsd_racoon_pk_sendupdate
-#define pk_sendgetspi _bsd_racoon_pk_sendgetspi
-#define pfkey_convertfromipsecdoi _bsd_racoon_pfkey_convertfromipsecdoi
-#define pk_fixup_sa_addresses _bsd_racoon_pk_fixup_sa_addresses
-#define pfkey2ipsecdoi_mode _bsd_racoon_pfkey2ipsecdoi_mode
-#define ipsecdoi2pfkey_mode _bsd_racoon_ipsecdoi2pfkey_mode
-#define pfkey2ipsecdoi_proto _bsd_racoon_pfkey2ipsecdoi_proto
-#define ipsecdoi2pfkey_proto _bsd_racoon_ipsecdoi2pfkey_proto
-#define pfkey_reload _bsd_racoon_pfkey_reload
-#define pfkey_init _bsd_racoon_pfkey_init
-#define pfkey_dump_sadb _bsd_racoon_pfkey_dump_sadb
+#define sadbsecas2str _bsd_racoon_sadbsecas2str
 /* plog.c */
-#define pname _bsd_racoon_pname
-#define loglevel _bsd_racoon_loglevel
-#define f_foreground _bsd_racoon_f_foreground
-#define print_location _bsd_racoon_print_location
+#define _plog _bsd_racoon__plog
 #define binsanitize _bsd_racoon_binsanitize
-#define plogset _bsd_racoon_plogset
-#define ploginit _bsd_racoon_ploginit
+#define f_foreground _bsd_racoon_f_foreground
+#define loglevel _bsd_racoon_loglevel
 #define plogdump _bsd_racoon_plogdump
+#define ploginit _bsd_racoon_ploginit
+#define plogset _bsd_racoon_plogset
 #define plogv _bsd_racoon_plogv
-#define _plog _bsd_racoon__plog
+#define pname _bsd_racoon_pname
+#define print_location _bsd_racoon_print_location
 /* policy.c */
-#define spidx2str _bsd_racoon_spidx2str
-#define newipsecreq _bsd_racoon_newipsecreq
-#define initsp _bsd_racoon_initsp
+#define cmpspidxstrict _bsd_racoon_cmpspidxstrict
+#define cmpspidxwild _bsd_racoon_cmpspidxwild
+#define delsp _bsd_racoon_delsp
+#define delsp_bothdir _bsd_racoon_delsp_bothdir
 #define flushsp _bsd_racoon_flushsp
-#define remsp _bsd_racoon_remsp
+#define getsp _bsd_racoon_getsp
+#define getsp_r _bsd_racoon_getsp_r
+#define getspbyspid _bsd_racoon_getspbyspid
+#define initsp _bsd_racoon_initsp
 #define inssp _bsd_racoon_inssp
-#define delsp_bothdir _bsd_racoon_delsp_bothdir
-#define delsp _bsd_racoon_delsp
+#define newipsecreq _bsd_racoon_newipsecreq
 #define newsp _bsd_racoon_newsp
-#define cmpspidxwild _bsd_racoon_cmpspidxwild
-#define cmpspidxstrict _bsd_racoon_cmpspidxstrict
-#define getspbyspid _bsd_racoon_getspbyspid
-#define getsp_r _bsd_racoon_getsp_r
-#define getsp _bsd_racoon_getsp
+#define remsp _bsd_racoon_remsp
+#define spidx2str _bsd_racoon_spidx2str
 /* privsep.c */
-#define privsep_setsockopt _bsd_racoon_privsep_setsockopt
 #define privsep_bind _bsd_racoon_privsep_bind
-#define privsep_socket _bsd_racoon_privsep_socket
-#define privsep_getpsk _bsd_racoon_privsep_getpsk
-#define privsep_script_exec _bsd_racoon_privsep_script_exec
 #define privsep_eay_get_pkcs1privkey _bsd_racoon_privsep_eay_get_pkcs1privkey
+#define privsep_getpsk _bsd_racoon_privsep_getpsk
 #define privsep_init _bsd_racoon_privsep_init
+#define privsep_script_exec _bsd_racoon_privsep_script_exec
+#define privsep_setsockopt _bsd_racoon_privsep_setsockopt
+#define privsep_socket _bsd_racoon_privsep_socket
 /* proposal.c */
-#define set_proposal_from_proposal _bsd_racoon_set_proposal_from_proposal
-#define set_proposal_from_policy _bsd_racoon_set_proposal_from_policy
-#define print_proppair _bsd_racoon_print_proppair
-#define print_proppair0 _bsd_racoon_print_proppair0
-#define printsatrns _bsd_racoon_printsatrns
-#define printsaproto _bsd_racoon_printsaproto
-#define printsaprop0 _bsd_racoon_printsaprop0
-#define printsaprop _bsd_racoon_printsaprop
-#define flushsatrns _bsd_racoon_flushsatrns
-#define flushsaproto _bsd_racoon_flushsaproto
-#define flushsaprop _bsd_racoon_flushsaprop
 #define aproppair2saprop _bsd_racoon_aproppair2saprop
-#define set_satrnsbysainfo _bsd_racoon_set_satrnsbysainfo
-#define cmpsatrns _bsd_racoon_cmpsatrns
 #define cmpsaprop _bsd_racoon_cmpsaprop
 #define cmpsaprop_alloc _bsd_racoon_cmpsaprop_alloc
-#define inssatrns _bsd_racoon_inssatrns
-#define newsatrns _bsd_racoon_newsatrns
-#define inssaprotorev _bsd_racoon_inssaprotorev
-#define inssaproto _bsd_racoon_inssaproto
+#define cmpsatrns _bsd_racoon_cmpsatrns
+#define flushsaprop _bsd_racoon_flushsaprop
+#define flushsaproto _bsd_racoon_flushsaproto
+#define flushsatrns _bsd_racoon_flushsatrns
 #define inssaprop _bsd_racoon_inssaprop
-#define newsaproto _bsd_racoon_newsaproto
+#define inssaproto _bsd_racoon_inssaproto
+#define inssaprotorev _bsd_racoon_inssaprotorev
+#define inssatrns _bsd_racoon_inssatrns
 #define newsaprop _bsd_racoon_newsaprop
+#define newsaproto _bsd_racoon_newsaproto
+#define newsatrns _bsd_racoon_newsatrns
+#define print_proppair _bsd_racoon_print_proppair
+#define print_proppair0 _bsd_racoon_print_proppair0
+#define printsaprop _bsd_racoon_printsaprop
+#define printsaprop0 _bsd_racoon_printsaprop0
+#define printsaproto _bsd_racoon_printsaproto
+#define printsatrns _bsd_racoon_printsatrns
+#define set_proposal_from_policy _bsd_racoon_set_proposal_from_policy
+#define set_proposal_from_proposal _bsd_racoon_set_proposal_from_proposal
+#define set_satrnsbysainfo _bsd_racoon_set_satrnsbysainfo
 /* prsa_par_wrapper.c */
-#define prsa_cur_lineno _bsd_racoon_prsa_cur_lineno
 #define prsa_cur_fname _bsd_racoon_prsa_cur_fname
+#define prsa_cur_lineno _bsd_racoon_prsa_cur_lineno
 #define prsa_cur_list _bsd_racoon_prsa_cur_list
 #define prsa_cur_type _bsd_racoon_prsa_cur_type
+#define prsa_parse_file _bsd_racoon_prsa_parse_file
+#define prsawarning _bsd_racoon_prsawarning
+#define racoonprsachar _bsd_racoon_racoonprsachar
 #define racoonprsadebug _bsd_racoon_racoonprsadebug
-#define racoonprsanerrs _bsd_racoon_racoonprsanerrs
 #define racoonprsaerrflag _bsd_racoon_racoonprsaerrflag
-#define racoonprsachar _bsd_racoon_racoonprsachar
-#define racoonprsaval _bsd_racoon_racoonprsaval
+#define racoonprsaerror _bsd_racoon_racoonprsaerror
 #define racoonprsalval _bsd_racoon_racoonprsalval
+#define racoonprsanerrs _bsd_racoon_racoonprsanerrs
 #define racoonprsaparse _bsd_racoon_racoonprsaparse
-#define prsa_parse_file _bsd_racoon_prsa_parse_file
+#define racoonprsaval _bsd_racoon_racoonprsaval
 #define racoonprsawrap _bsd_racoon_racoonprsawrap
-#define prsawarning _bsd_racoon_prsawarning
-#define racoonprsaerror _bsd_racoon_racoonprsaerror
 /* prsa_tok_wrapper.c */
-#define racoonprsaleng _bsd_racoon_racoonprsaleng
-#define racoonprsain _bsd_racoon_racoonprsain
-#define racoonprsaout _bsd_racoon_racoonprsaout
-#define racoonprsalineno _bsd_racoon_racoonprsalineno
+#define racoonprsa_create_buffer _bsd_racoon_racoonprsa_create_buffer
+#define racoonprsa_delete_buffer _bsd_racoon_racoonprsa_delete_buffer
 #define racoonprsa_flex_debug _bsd_racoon_racoonprsa_flex_debug
-#define racoonprsatext _bsd_racoon_racoonprsatext
-#define racoonprsafree _bsd_racoon_racoonprsafree
-#define racoonprsarealloc _bsd_racoon_racoonprsarealloc
+#define racoonprsa_flush_buffer _bsd_racoon_racoonprsa_flush_buffer
+#define racoonprsa_scan_buffer _bsd_racoon_racoonprsa_scan_buffer
+#define racoonprsa_scan_bytes _bsd_racoon_racoonprsa_scan_bytes
+#define racoonprsa_scan_string _bsd_racoon_racoonprsa_scan_string
+#define racoonprsa_switch_to_buffer _bsd_racoon_racoonprsa_switch_to_buffer
 #define racoonprsaalloc _bsd_racoon_racoonprsaalloc
-#define racoonprsalex_destroy _bsd_racoon_racoonprsalex_destroy
-#define racoonprsaset_debug _bsd_racoon_racoonprsaset_debug
+#define racoonprsafree _bsd_racoon_racoonprsafree
 #define racoonprsaget_debug _bsd_racoon_racoonprsaget_debug
-#define racoonprsaset_out _bsd_racoon_racoonprsaset_out
-#define racoonprsaset_in _bsd_racoon_racoonprsaset_in
-#define racoonprsaset_lineno _bsd_racoon_racoonprsaset_lineno
-#define racoonprsaget_text _bsd_racoon_racoonprsaget_text
-#define racoonprsaget_leng _bsd_racoon_racoonprsaget_leng
-#define racoonprsaget_out _bsd_racoon_racoonprsaget_out
 #define racoonprsaget_in _bsd_racoon_racoonprsaget_in
+#define racoonprsaget_leng _bsd_racoon_racoonprsaget_leng
 #define racoonprsaget_lineno _bsd_racoon_racoonprsaget_lineno
-#define racoonprsa_scan_bytes _bsd_racoon_racoonprsa_scan_bytes
-#define racoonprsa_scan_string _bsd_racoon_racoonprsa_scan_string
-#define racoonprsa_scan_buffer _bsd_racoon_racoonprsa_scan_buffer
+#define racoonprsaget_out _bsd_racoon_racoonprsaget_out
+#define racoonprsaget_text _bsd_racoon_racoonprsaget_text
+#define racoonprsain _bsd_racoon_racoonprsain
+#define racoonprsaleng _bsd_racoon_racoonprsaleng
+#define racoonprsalex _bsd_racoon_racoonprsalex
+#define racoonprsalex_destroy _bsd_racoon_racoonprsalex_destroy
+#define racoonprsalineno _bsd_racoon_racoonprsalineno
+#define racoonprsaout _bsd_racoon_racoonprsaout
 #define racoonprsapop_buffer_state _bsd_racoon_racoonprsapop_buffer_state
 #define racoonprsapush_buffer_state _bsd_racoon_racoonprsapush_buffer_state
-#define racoonprsa_flush_buffer _bsd_racoon_racoonprsa_flush_buffer
-#define racoonprsa_delete_buffer _bsd_racoon_racoonprsa_delete_buffer
-#define racoonprsa_create_buffer _bsd_racoon_racoonprsa_create_buffer
-#define racoonprsa_switch_to_buffer _bsd_racoon_racoonprsa_switch_to_buffer
+#define racoonprsarealloc _bsd_racoon_racoonprsarealloc
 #define racoonprsarestart _bsd_racoon_racoonprsarestart
-#define racoonprsalex _bsd_racoon_racoonprsalex
+#define racoonprsaset_debug _bsd_racoon_racoonprsaset_debug
+#define racoonprsaset_in _bsd_racoon_racoonprsaset_in
+#define racoonprsaset_lineno _bsd_racoon_racoonprsaset_lineno
+#define racoonprsaset_out _bsd_racoon_racoonprsaset_out
+#define racoonprsatext _bsd_racoon_racoonprsatext
 /* remoteconf.c */
-#define script_names _bsd_racoon_script_names
-#define checkisakmpsa _bsd_racoon_checkisakmpsa
-#define dupisakmpsa _bsd_racoon_dupisakmpsa
-#define script_path_add _bsd_racoon_script_path_add
-#define newidspec _bsd_racoon_newidspec
-#define dumprmconf _bsd_racoon_dumprmconf
-#define insisakmpsa _bsd_racoon_insisakmpsa
-#define newisakmpsa _bsd_racoon_newisakmpsa
 #define check_etypeok _bsd_racoon_check_etypeok
-#define rmconf_finish_reload _bsd_racoon_rmconf_finish_reload
-#define rmconf_start_reload _bsd_racoon_rmconf_start_reload
-#define initrmconf _bsd_racoon_initrmconf
-#define flushrmconf _bsd_racoon_flushrmconf
-#define remrmconf _bsd_racoon_remrmconf
-#define insrmconf _bsd_racoon_insrmconf
+#define checkisakmpsa _bsd_racoon_checkisakmpsa
 #define deletypes _bsd_racoon_deletypes
-#define dupetypes _bsd_racoon_dupetypes
 #define delisakmpsa _bsd_racoon_delisakmpsa
 #define delrmconf _bsd_racoon_delrmconf
+#define dumprmconf _bsd_racoon_dumprmconf
+#define dupetypes _bsd_racoon_dupetypes
+#define dupidvl _bsd_racoon_dupidvl
+#define dupisakmpsa _bsd_racoon_dupisakmpsa
 #define duprmconf_finish _bsd_racoon_duprmconf_finish
 #define duprmconf_shallow _bsd_racoon_duprmconf_shallow
 #define duprsa _bsd_racoon_duprsa
-#define dupidvl _bsd_racoon_dupidvl
-#define newrmconf _bsd_racoon_newrmconf
+#define enumrmconf _bsd_racoon_enumrmconf
+#define flushrmconf _bsd_racoon_flushrmconf
+#define getrmconf _bsd_racoon_getrmconf
 #define getrmconf_by_name _bsd_racoon_getrmconf_by_name
 #define getrmconf_by_ph1 _bsd_racoon_getrmconf_by_ph1
-#define getrmconf _bsd_racoon_getrmconf
-#define enumrmconf _bsd_racoon_enumrmconf
-#define rmconf_selector_from_ph1 _bsd_racoon_rmconf_selector_from_ph1
+#define initrmconf _bsd_racoon_initrmconf
+#define insisakmpsa _bsd_racoon_insisakmpsa
+#define insrmconf _bsd_racoon_insrmconf
+#define newidspec _bsd_racoon_newidspec
+#define newisakmpsa _bsd_racoon_newisakmpsa
+#define newrmconf _bsd_racoon_newrmconf
+#define remrmconf _bsd_racoon_remrmconf
+#define rmconf_finish_reload _bsd_racoon_rmconf_finish_reload
 #define rmconf_match_identity _bsd_racoon_rmconf_match_identity
+#define rmconf_selector_from_ph1 _bsd_racoon_rmconf_selector_from_ph1
+#define rmconf_start_reload _bsd_racoon_rmconf_start_reload
+#define script_names _bsd_racoon_script_names
+#define script_path_add _bsd_racoon_script_path_add
 /* rsalist.c */
-#define rsa_try_check_rsasign _bsd_racoon_rsa_try_check_rsasign
-#define rsa_parse_file _bsd_racoon_rsa_parse_file
-#define rsa_lookup_keys _bsd_racoon_rsa_lookup_keys
-#define rsa_list_count _bsd_racoon_rsa_list_count
 #define rsa_key_dump _bsd_racoon_rsa_key_dump
-#define rsa_key_free _bsd_racoon_rsa_key_free
 #define rsa_key_dup _bsd_racoon_rsa_key_dup
+#define rsa_key_free _bsd_racoon_rsa_key_free
 #define rsa_key_insert _bsd_racoon_rsa_key_insert
+#define rsa_list_count _bsd_racoon_rsa_list_count
+#define rsa_lookup_keys _bsd_racoon_rsa_lookup_keys
+#define rsa_parse_file _bsd_racoon_rsa_parse_file
+#define rsa_try_check_rsasign _bsd_racoon_rsa_try_check_rsasign
 /* safefile.c */
 #define safefile _bsd_racoon_safefile
 /* sainfo.c */
-#define save_sainfotree_restore _bsd_racoon_save_sainfotree_restore
-#define sainfo_finish_reload _bsd_racoon_sainfo_finish_reload
-#define sainfo_start_reload _bsd_racoon_sainfo_start_reload
-#define sainfo2str _bsd_racoon_sainfo2str
-#define inssainfoalg _bsd_racoon_inssainfoalg
+#define delsainfo _bsd_racoon_delsainfo
 #define delsainfoalg _bsd_racoon_delsainfoalg
-#define newsainfoalg _bsd_racoon_newsainfoalg
-#define initsainfo _bsd_racoon_initsainfo
 #define flushsainfo _bsd_racoon_flushsainfo
-#define remsainfo _bsd_racoon_remsainfo
+#define getsainfo _bsd_racoon_getsainfo
+#define initsainfo _bsd_racoon_initsainfo
 #define inssainfo _bsd_racoon_inssainfo
-#define prisainfo _bsd_racoon_prisainfo
-#define delsainfo _bsd_racoon_delsainfo
+#define inssainfoalg _bsd_racoon_inssainfoalg
 #define newsainfo _bsd_racoon_newsainfo
-#define getsainfo _bsd_racoon_getsainfo
+#define newsainfoalg _bsd_racoon_newsainfoalg
+#define prisainfo _bsd_racoon_prisainfo
+#define remsainfo _bsd_racoon_remsainfo
+#define sainfo2str _bsd_racoon_sainfo2str
+#define sainfo_finish_reload _bsd_racoon_sainfo_finish_reload
+#define sainfo_start_reload _bsd_racoon_sainfo_start_reload
+#define save_sainfotree_restore _bsd_racoon_save_sainfotree_restore
 /* schedule.c */
-#define sched_init _bsd_racoon_sched_init
-#define sched_dump _bsd_racoon_sched_dump
 #define sched_cancel _bsd_racoon_sched_cancel
+#define sched_dump _bsd_racoon_sched_dump
+#define sched_get_monotonic_time _bsd_racoon_sched_get_monotonic_time
+#define sched_init _bsd_racoon_sched_init
+#define sched_monotonic_to_time_t _bsd_racoon_sched_monotonic_to_time_t
 #define sched_schedule _bsd_racoon_sched_schedule
 #define schedular _bsd_racoon_schedular
-#define sched_monotonic_to_time_t _bsd_racoon_sched_monotonic_to_time_t
-#define sched_get_monotonic_time _bsd_racoon_sched_get_monotonic_time
 /* session.c */
-#define signal_handler _bsd_racoon_signal_handler
+#define monitor_fd _bsd_racoon_monitor_fd
 #define session _bsd_racoon_session
+#define signal_handler _bsd_racoon_signal_handler
 #define unmonitor_fd _bsd_racoon_unmonitor_fd
-#define monitor_fd _bsd_racoon_monitor_fd
 /* sockmisc.c */
-#define set_port _bsd_racoon_set_port
-#define get_port_ptr _bsd_racoon_get_port_ptr
+#define cmpsaddr _bsd_racoon_cmpsaddr
+#define dupsaddr _bsd_racoon_dupsaddr
 #define extract_port _bsd_racoon_extract_port
-#define naddr_score _bsd_racoon_naddr_score
+#define get_port_ptr _bsd_racoon_get_port_ptr
+#define getlocaladdr _bsd_racoon_getlocaladdr
 #define mask_sockaddr _bsd_racoon_mask_sockaddr
-#define str2saddr _bsd_racoon_str2saddr
-#define saddr2str_fromto _bsd_racoon_saddr2str_fromto
-#define naddrwop2str_fromto _bsd_racoon_naddrwop2str_fromto
+#define naddr_score _bsd_racoon_naddr_score
 #define naddrwop2str _bsd_racoon_naddrwop2str
-#define saddrwop2str _bsd_racoon_saddrwop2str
-#define saddr2str _bsd_racoon_saddr2str
-#define dupsaddr _bsd_racoon_dupsaddr
+#define naddrwop2str_fromto _bsd_racoon_naddrwop2str_fromto
 #define newsaddr _bsd_racoon_newsaddr
-#define setsockopt_bypass _bsd_racoon_setsockopt_bypass
-#define sendfromto _bsd_racoon_sendfromto
 #define recvfromto _bsd_racoon_recvfromto
-#define getlocaladdr _bsd_racoon_getlocaladdr
-#define cmpsaddr _bsd_racoon_cmpsaddr
+#define saddr2str _bsd_racoon_saddr2str
+#define saddr2str_fromto _bsd_racoon_saddr2str_fromto
+#define saddrwop2str _bsd_racoon_saddrwop2str
+#define sendfromto _bsd_racoon_sendfromto
+#define set_port _bsd_racoon_set_port
+#define setsockopt_bypass _bsd_racoon_setsockopt_bypass
+#define str2saddr _bsd_racoon_str2saddr
 /* str2val.c */
 #define str2val _bsd_racoon_str2val
 #define val2str _bsd_racoon_val2str
 /* strnames.c */
-#define s_switch _bsd_racoon_s_switch
-#define s_idtype _bsd_racoon_s_idtype
-#define s_etype _bsd_racoon_s_etype
-#define s_doi _bsd_racoon_s_doi
-#define s_proto _bsd_racoon_s_proto
-#define s_direction _bsd_racoon_s_direction
-#define s_pfkey_satype _bsd_racoon_s_pfkey_satype
-#define s_pfkey_type _bsd_racoon_s_pfkey_type
-#define s_algtype _bsd_racoon_s_algtype
+#define num2str _bsd_racoon_num2str
 #define s_algclass _bsd_racoon_s_algclass
-#define s_ipsec_level _bsd_racoon_s_ipsec_level
-#define s_oakley_attr_v _bsd_racoon_s_oakley_attr_v
-#define s_attr_isakmp_ltype _bsd_racoon_s_attr_isakmp_ltype
-#define s_attr_isakmp_group _bsd_racoon_s_attr_isakmp_group
+#define s_algtype _bsd_racoon_s_algtype
 #define s_attr_isakmp_desc _bsd_racoon_s_attr_isakmp_desc
-#define s_oakley_attr_method _bsd_racoon_s_oakley_attr_method
-#define s_attr_isakmp_hash _bsd_racoon_s_attr_isakmp_hash
 #define s_attr_isakmp_enc _bsd_racoon_s_attr_isakmp_enc
-#define s_oakley_attr _bsd_racoon_s_oakley_attr
-#define s_ipsecdoi_ident _bsd_racoon_s_ipsecdoi_ident
+#define s_attr_isakmp_group _bsd_racoon_s_attr_isakmp_group
+#define s_attr_isakmp_hash _bsd_racoon_s_attr_isakmp_hash
+#define s_attr_isakmp_ltype _bsd_racoon_s_attr_isakmp_ltype
+#define s_direction _bsd_racoon_s_direction
+#define s_doi _bsd_racoon_s_doi
+#define s_etype _bsd_racoon_s_etype
+#define s_idtype _bsd_racoon_s_idtype
+#define s_ipsec_level _bsd_racoon_s_ipsec_level
+#define s_ipsecdoi_attr _bsd_racoon_s_ipsecdoi_attr
 #define s_ipsecdoi_attr_v _bsd_racoon_s_ipsecdoi_attr_v
 #define s_ipsecdoi_auth _bsd_racoon_s_ipsecdoi_auth
 #define s_ipsecdoi_encmode _bsd_racoon_s_ipsecdoi_encmode
+#define s_ipsecdoi_ident _bsd_racoon_s_ipsecdoi_ident
 #define s_ipsecdoi_ltype _bsd_racoon_s_ipsecdoi_ltype
-#define s_ipsecdoi_attr _bsd_racoon_s_ipsecdoi_attr
+#define s_ipsecdoi_proto _bsd_racoon_s_ipsecdoi_proto
 #define s_ipsecdoi_trns _bsd_racoon_s_ipsecdoi_trns
-#define s_ipsecdoi_trns_ipcomp _bsd_racoon_s_ipsecdoi_trns_ipcomp
-#define s_ipsecdoi_trns_esp _bsd_racoon_s_ipsecdoi_trns_esp
 #define s_ipsecdoi_trns_ah _bsd_racoon_s_ipsecdoi_trns_ah
+#define s_ipsecdoi_trns_esp _bsd_racoon_s_ipsecdoi_trns_esp
+#define s_ipsecdoi_trns_ipcomp _bsd_racoon_s_ipsecdoi_trns_ipcomp
 #define s_ipsecdoi_trns_isakmp _bsd_racoon_s_ipsecdoi_trns_isakmp
-#define s_ipsecdoi_proto _bsd_racoon_s_ipsecdoi_proto
-#define s_isakmp_nptype _bsd_racoon_s_isakmp_nptype
-#define s_isakmp_notify_msg _bsd_racoon_s_isakmp_notify_msg
-#define s_isakmp_etype _bsd_racoon_s_isakmp_etype
 #define s_isakmp_certtype _bsd_racoon_s_isakmp_certtype
+#define s_isakmp_etype _bsd_racoon_s_isakmp_etype
+#define s_isakmp_notify_msg _bsd_racoon_s_isakmp_notify_msg
+#define s_isakmp_nptype _bsd_racoon_s_isakmp_nptype
 #define s_isakmp_state _bsd_racoon_s_isakmp_state
-#define num2str _bsd_racoon_num2str
+#define s_oakley_attr _bsd_racoon_s_oakley_attr
+#define s_oakley_attr_method _bsd_racoon_s_oakley_attr_method
+#define s_oakley_attr_v _bsd_racoon_s_oakley_attr_v
+#define s_pfkey_satype _bsd_racoon_s_pfkey_satype
+#define s_pfkey_type _bsd_racoon_s_pfkey_type
+#define s_proto _bsd_racoon_s_proto
+#define s_switch _bsd_racoon_s_switch
 /* vendorid.c */
+#define compute_vendorids _bsd_racoon_compute_vendorids
 #define handle_vendorid _bsd_racoon_handle_vendorid
 #define set_vendorid _bsd_racoon_set_vendorid
-#define compute_vendorids _bsd_racoon_compute_vendorids
 #define vid_string_by_id _bsd_racoon_vid_string_by_id
 /* vmbuf.c */
 #define vdup _bsd_racoon_vdup
 #define vfree _bsd_racoon_vfree
-#define vrealloc _bsd_racoon_vrealloc
 #define vmalloc _bsd_racoon_vmalloc
+#define vrealloc _bsd_racoon_vrealloc
diff --git a/ipsec-tools/src/racoon/rtems-bsd-racoon-plog-data.h b/ipsec-tools/src/racoon/rtems-bsd-racoon-plog-data.h
index cebd3ae4..33c300f8 100644
--- a/ipsec-tools/src/racoon/rtems-bsd-racoon-plog-data.h
+++ b/ipsec-tools/src/racoon/rtems-bsd-racoon-plog-data.h
@@ -2,6 +2,6 @@
 #include <rtems/linkersets.h>
 #include "rtems-bsd-racoon-data.h"
 /* plog.c */
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct log *logp);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static char *logfile);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct log *logp);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct plogtags ptab[]);
diff --git a/ipsec-tools/src/racoon/rtems-bsd-racoon-prsa_tok_wrapper-data.h b/ipsec-tools/src/racoon/rtems-bsd-racoon-prsa_tok_wrapper-data.h
index e40f4cf4..2ddd9823 100644
--- a/ipsec-tools/src/racoon/rtems-bsd-racoon-prsa_tok_wrapper-data.h
+++ b/ipsec-tools/src/racoon/rtems-bsd-racoon-prsa_tok_wrapper-data.h
@@ -2,15 +2,15 @@
 #include <rtems/linkersets.h>
 #include "rtems-bsd-racoon-data.h"
 /* prsa_tok_wrapper.c */
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static size_t yy_buffer_stack_top);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static size_t yy_buffer_stack_max);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static YY_BUFFER_STATE *yy_buffer_stack);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static char yy_hold_char);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static yy_size_t yy_n_chars);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, extern yy_size_t racoonprsaleng);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static YY_BUFFER_STATE *yy_buffer_stack);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static char *yy_c_buf_p);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static char *yy_last_accepting_cpos);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static char yy_hold_char);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static int yy_did_buffer_switch_on_eof);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static int yy_init);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static int yy_start);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static int yy_did_buffer_switch_on_eof);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static size_t yy_buffer_stack_max);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static size_t yy_buffer_stack_top);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static yy_size_t yy_n_chars);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static yy_state_type yy_last_accepting_state);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static char *yy_last_accepting_cpos);
diff --git a/ipsec-tools/src/racoon/rtems-bsd-racoon-session-data.h b/ipsec-tools/src/racoon/rtems-bsd-racoon-session-data.h
index 44f60e2f..9a1b03f1 100644
--- a/ipsec-tools/src/racoon/rtems-bsd-racoon-session-data.h
+++ b/ipsec-tools/src/racoon/rtems-bsd-racoon-session-data.h
@@ -2,11 +2,11 @@
 #include <rtems/linkersets.h>
 #include "rtems-bsd-racoon-data.h"
 /* session.c */
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static _types_fd_set preset_mask);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static _types_fd_set active_mask);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct fd_monitor fd_monitors[]);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct fd_monitor_list fd_monitor_tree[]);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static _types_fd_set preset_mask);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static int nfds);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static int signals[]);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static sig_atomic_t volatile volatile sigreq[]);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct fd_monitor fd_monitors[]);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct fd_monitor_list fd_monitor_tree[]);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct sched scflushsa);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static int signals[]);
diff --git a/ipsec-tools/src/racoon/rtems-bsd-racoon-strnames-data.h b/ipsec-tools/src/racoon/rtems-bsd-racoon-strnames-data.h
index cdd5b3df..92d672e3 100644
--- a/ipsec-tools/src/racoon/rtems-bsd-racoon-strnames-data.h
+++ b/ipsec-tools/src/racoon/rtems-bsd-racoon-strnames-data.h
@@ -2,29 +2,29 @@
 #include <rtems/linkersets.h>
 #include "rtems-bsd-racoon-data.h"
 /* strnames.c */
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct ksmap name_isakmp_certtype[]);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct ksmap name_isakmp_etype[]);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct ksmap name_isakmp_notify_msg[]);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct ksmap name_isakmp_nptype[]);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct ksmap name_ipsecdoi_proto[]);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct ksmap name_ipsecdoi_trns_isakmp[]);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct ksmap name_ipsecdoi_trns_ah[]);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct ksmap name_ipsecdoi_trns_esp[]);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct ksmap name_ipsecdoi_trns_ipcomp[]);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct ksmap name_algclass[]);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct ksmap name_attr_ipsec[]);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct ksmap name_attr_ipsec_ltype[]);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct ksmap name_attr_ipsec_encmode[]);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct ksmap name_attr_ipsec_auth[]);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct ksmap name_ipsecdoi_ident[]);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct ksmap name_oakley_attr[]);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct ksmap name_attr_isakmp_enc[]);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct ksmap name_attr_isakmp_hash[]);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct ksmap name_attr_isakmp_method[]);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct ksmap name_attr_ipsec_encmode[]);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct ksmap name_attr_ipsec_ltype[]);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct ksmap name_attr_isakmp_desc[]);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct ksmap name_attr_isakmp_enc[]);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct ksmap name_attr_isakmp_group[]);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct ksmap name_attr_isakmp_hash[]);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct ksmap name_attr_isakmp_ltype[]);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct ksmap name_attr_isakmp_method[]);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct ksmap name_direction[]);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct ksmap name_ipsec_level[]);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct ksmap name_algclass[]);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct ksmap name_pfkey_type[]);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct ksmap name_ipsecdoi_ident[]);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct ksmap name_ipsecdoi_proto[]);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct ksmap name_ipsecdoi_trns_ah[]);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct ksmap name_ipsecdoi_trns_esp[]);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct ksmap name_ipsecdoi_trns_ipcomp[]);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct ksmap name_ipsecdoi_trns_isakmp[]);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct ksmap name_isakmp_certtype[]);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct ksmap name_isakmp_etype[]);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct ksmap name_isakmp_notify_msg[]);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct ksmap name_isakmp_nptype[]);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct ksmap name_oakley_attr[]);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct ksmap name_pfkey_satype[]);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct ksmap name_direction[]);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_racoon, static struct ksmap name_pfkey_type[]);
diff --git a/ipsec-tools/src/setkey/rtems-bsd-setkey-data.h b/ipsec-tools/src/setkey/rtems-bsd-setkey-data.h
index adf04e39..19b9f49b 100644
--- a/ipsec-tools/src/setkey/rtems-bsd-setkey-data.h
+++ b/ipsec-tools/src/setkey/rtems-bsd-setkey-data.h
@@ -1,34 +1,34 @@
 /* generated by userspace-header-gen.py */
 #include <rtems/linkersets.h>
 /* parse_wrapper.c */
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, extern int setkeyyychar);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, extern int setkeyyydebug);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, extern int setkeyyynerrs);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, extern int setkeyyyerrflag);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, extern int setkeyyychar);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, extern int setkeyyynerrs);
 /* setkey.c */
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, extern int f_rfcmode);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, extern int lineno);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, extern int last_msg_type);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, extern u_int32_t last_priority);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, extern int exit_now);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, extern u_char m_buf[]);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, extern u_int m_len);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, extern int f_all);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, extern int f_cmddump);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, extern int f_debug);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, extern int so);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, extern int f_forever);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, extern int f_all);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, extern int f_verbose);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, extern int f_hexdump);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, extern int f_mode);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, extern int f_cmddump);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, extern int f_notreally);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, extern int f_policy);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, extern int f_hexdump);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, extern int f_rfcmode);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, extern int f_rkwarn);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, extern int f_tflag);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, extern int f_notreally);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, extern int f_verbose);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, extern int f_withports);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, extern int f_rkwarn);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, extern int last_msg_type);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, extern int lineno);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, extern int so);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, extern u_char m_buf[]);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, extern u_int m_len);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, extern u_int32_t last_priority);
 /* token_wrapper.c */
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, extern FILE *setkeyyyin);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, extern FILE *setkeyyyout);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, extern int setkeyyylineno);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, extern int setkeyyy_flex_debug);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, extern char *setkeyyytext);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, extern int setkeyyy_flex_debug);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, extern int setkeyyylineno);
diff --git a/ipsec-tools/src/setkey/rtems-bsd-setkey-namespace.h b/ipsec-tools/src/setkey/rtems-bsd-setkey-namespace.h
index 7d71da7e..818726c7 100644
--- a/ipsec-tools/src/setkey/rtems-bsd-setkey-namespace.h
+++ b/ipsec-tools/src/setkey/rtems-bsd-setkey-namespace.h
@@ -1,81 +1,81 @@
 /* generated by userspace-header-gen.py */
 /* parse_wrapper.c */
+#define free_buffer _bsd_setkey_free_buffer
+#define parse_init _bsd_setkey_parse_init
+#define setkeymsg0 _bsd_setkey_setkeymsg0
+#define setkeyyychar _bsd_setkey_setkeyyychar
 #define setkeyyydebug _bsd_setkey_setkeyyydebug
-#define setkeyyynerrs _bsd_setkey_setkeyyynerrs
 #define setkeyyyerrflag _bsd_setkey_setkeyyyerrflag
-#define setkeyyychar _bsd_setkey_setkeyyychar
-#define setkeyyyval _bsd_setkey_setkeyyyval
 #define setkeyyylval _bsd_setkey_setkeyyylval
+#define setkeyyynerrs _bsd_setkey_setkeyyynerrs
 #define setkeyyyparse _bsd_setkey_setkeyyyparse
-#define free_buffer _bsd_setkey_free_buffer
-#define parse_init _bsd_setkey_parse_init
-#define setkeymsg0 _bsd_setkey_setkeymsg0
+#define setkeyyyval _bsd_setkey_setkeyyyval
 /* setkey.c */
-#define f_rfcmode _bsd_setkey_f_rfcmode
-#define lineno _bsd_setkey_lineno
-#define last_msg_type _bsd_setkey_last_msg_type
-#define last_priority _bsd_setkey_last_priority
 #define exit_now _bsd_setkey_exit_now
-#define m_buf _bsd_setkey_m_buf
-#define m_len _bsd_setkey_m_len
+#define f_all _bsd_setkey_f_all
+#define f_cmddump _bsd_setkey_f_cmddump
 #define f_debug _bsd_setkey_f_debug
-#define so _bsd_setkey_so
 #define f_forever _bsd_setkey_f_forever
-#define f_all _bsd_setkey_f_all
-#define f_verbose _bsd_setkey_f_verbose
+#define f_hexdump _bsd_setkey_f_hexdump
 #define f_mode _bsd_setkey_f_mode
-#define f_cmddump _bsd_setkey_f_cmddump
+#define f_notreally _bsd_setkey_f_notreally
 #define f_policy _bsd_setkey_f_policy
-#define f_hexdump _bsd_setkey_f_hexdump
+#define f_rfcmode _bsd_setkey_f_rfcmode
+#define f_rkwarn _bsd_setkey_f_rkwarn
 #define f_tflag _bsd_setkey_f_tflag
-#define f_notreally _bsd_setkey_f_notreally
+#define f_verbose _bsd_setkey_f_verbose
 #define f_withports _bsd_setkey_f_withports
-#define f_rkwarn _bsd_setkey_f_rkwarn
-#define shortdump _bsd_setkey_shortdump
-#define shortdump_hdr _bsd_setkey_shortdump_hdr
-#define numstr _bsd_setkey_numstr
 #define fileproc _bsd_setkey_fileproc
+#define get_supported _bsd_setkey_get_supported
+#define last_msg_type _bsd_setkey_last_msg_type
+#define last_priority _bsd_setkey_last_priority
+#define lineno _bsd_setkey_lineno
+#define m_buf _bsd_setkey_m_buf
+#define m_len _bsd_setkey_m_len
+#define numstr _bsd_setkey_numstr
 #define postproc _bsd_setkey_postproc
+#define promisc _bsd_setkey_promisc
 #define sendkeymsg _bsd_setkey_sendkeymsg
 #define sendkeymsg_spigrep _bsd_setkey_sendkeymsg_spigrep
-#define promisc _bsd_setkey_promisc
 #define sendkeyshort _bsd_setkey_sendkeyshort
+#define shortdump _bsd_setkey_shortdump
+#define shortdump_hdr _bsd_setkey_shortdump_hdr
+#define so _bsd_setkey_so
 #define stdin_loop _bsd_setkey_stdin_loop
-#define get_supported _bsd_setkey_get_supported
 #define usage _bsd_setkey_usage
 /* token_wrapper.c */
-#define setkeyyyleng _bsd_setkey_setkeyyyleng
-#define setkeyyyin _bsd_setkey_setkeyyyin
-#define setkeyyyout _bsd_setkey_setkeyyyout
-#define setkeyyylineno _bsd_setkey_setkeyyylineno
-#define setkeyyy_flex_debug _bsd_setkey_setkeyyy_flex_debug
-#define setkeyyytext _bsd_setkey_setkeyyytext
-#define parse_string _bsd_setkey_parse_string
 #define parse _bsd_setkey_parse
-#define yyerror _bsd_setkey_yyerror
-#define yyfatal _bsd_setkey_yyfatal
-#define setkeyyyfree _bsd_setkey_setkeyyyfree
-#define setkeyyyrealloc _bsd_setkey_setkeyyyrealloc
+#define parse_string _bsd_setkey_parse_string
+#define setkeyyy_create_buffer _bsd_setkey_setkeyyy_create_buffer
+#define setkeyyy_delete_buffer _bsd_setkey_setkeyyy_delete_buffer
+#define setkeyyy_flex_debug _bsd_setkey_setkeyyy_flex_debug
+#define setkeyyy_flush_buffer _bsd_setkey_setkeyyy_flush_buffer
+#define setkeyyy_scan_buffer _bsd_setkey_setkeyyy_scan_buffer
+#define setkeyyy_scan_bytes _bsd_setkey_setkeyyy_scan_bytes
+#define setkeyyy_scan_string _bsd_setkey_setkeyyy_scan_string
+#define setkeyyy_switch_to_buffer _bsd_setkey_setkeyyy_switch_to_buffer
 #define setkeyyyalloc _bsd_setkey_setkeyyyalloc
-#define setkeyyylex_destroy _bsd_setkey_setkeyyylex_destroy
-#define setkeyyyset_debug _bsd_setkey_setkeyyyset_debug
+#define setkeyyyfree _bsd_setkey_setkeyyyfree
 #define setkeyyyget_debug _bsd_setkey_setkeyyyget_debug
-#define setkeyyyset_out _bsd_setkey_setkeyyyset_out
-#define setkeyyyset_in _bsd_setkey_setkeyyyset_in
-#define setkeyyyset_lineno _bsd_setkey_setkeyyyset_lineno
-#define setkeyyyget_text _bsd_setkey_setkeyyyget_text
-#define setkeyyyget_leng _bsd_setkey_setkeyyyget_leng
-#define setkeyyyget_out _bsd_setkey_setkeyyyget_out
 #define setkeyyyget_in _bsd_setkey_setkeyyyget_in
+#define setkeyyyget_leng _bsd_setkey_setkeyyyget_leng
 #define setkeyyyget_lineno _bsd_setkey_setkeyyyget_lineno
-#define setkeyyy_scan_bytes _bsd_setkey_setkeyyy_scan_bytes
-#define setkeyyy_scan_string _bsd_setkey_setkeyyy_scan_string
-#define setkeyyy_scan_buffer _bsd_setkey_setkeyyy_scan_buffer
+#define setkeyyyget_out _bsd_setkey_setkeyyyget_out
+#define setkeyyyget_text _bsd_setkey_setkeyyyget_text
+#define setkeyyyin _bsd_setkey_setkeyyyin
+#define setkeyyyleng _bsd_setkey_setkeyyyleng
+#define setkeyyylex _bsd_setkey_setkeyyylex
+#define setkeyyylex_destroy _bsd_setkey_setkeyyylex_destroy
+#define setkeyyylineno _bsd_setkey_setkeyyylineno
+#define setkeyyyout _bsd_setkey_setkeyyyout
 #define setkeyyypop_buffer_state _bsd_setkey_setkeyyypop_buffer_state
 #define setkeyyypush_buffer_state _bsd_setkey_setkeyyypush_buffer_state
-#define setkeyyy_flush_buffer _bsd_setkey_setkeyyy_flush_buffer
-#define setkeyyy_delete_buffer _bsd_setkey_setkeyyy_delete_buffer
-#define setkeyyy_create_buffer _bsd_setkey_setkeyyy_create_buffer
-#define setkeyyy_switch_to_buffer _bsd_setkey_setkeyyy_switch_to_buffer
+#define setkeyyyrealloc _bsd_setkey_setkeyyyrealloc
 #define setkeyyyrestart _bsd_setkey_setkeyyyrestart
-#define setkeyyylex _bsd_setkey_setkeyyylex
+#define setkeyyyset_debug _bsd_setkey_setkeyyyset_debug
+#define setkeyyyset_in _bsd_setkey_setkeyyyset_in
+#define setkeyyyset_lineno _bsd_setkey_setkeyyyset_lineno
+#define setkeyyyset_out _bsd_setkey_setkeyyyset_out
+#define setkeyyytext _bsd_setkey_setkeyyytext
+#define yyerror _bsd_setkey_yyerror
+#define yyfatal _bsd_setkey_yyfatal
diff --git a/ipsec-tools/src/setkey/rtems-bsd-setkey-parse_wrapper-data.h b/ipsec-tools/src/setkey/rtems-bsd-setkey-parse_wrapper-data.h
index 050924fb..4fb423e6 100644
--- a/ipsec-tools/src/setkey/rtems-bsd-setkey-parse_wrapper-data.h
+++ b/ipsec-tools/src/setkey/rtems-bsd-setkey-parse_wrapper-data.h
@@ -2,24 +2,24 @@
 #include <rtems/linkersets.h>
 #include "rtems-bsd-setkey-data.h"
 /* parse_wrapper.c */
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static u_int32_t p_spi);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static u_int p_ext);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static u_int p_alg_enc);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static u_int p_alg_auth);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static u_int p_replay);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static u_int p_mode);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static u_int32_t p_reqid);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static u_int p_key_enc_len);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static u_int p_key_auth_len);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static char const *p_key_enc);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static YYSTACKDATA yystack);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static char const *p_key_auth);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static time_t p_lt_hard);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static time_t p_lt_soft);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static char const *p_key_enc);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static int p_aifamily);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static int p_aiflags);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static size_t p_lb_hard);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static size_t p_lb_soft);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static struct addrinfo *p_natt_oa);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static struct security_ctx sec_ctx);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static time_t p_lt_hard);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static time_t p_lt_soft);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static u_int p_alg_auth);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static u_int p_alg_enc);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static u_int p_ext);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static u_int p_key_auth_len);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static u_int p_key_enc_len);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static u_int p_mode);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static u_int p_natt_type);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static struct addrinfo *p_natt_oa);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static int p_aiflags);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static int p_aifamily);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static YYSTACKDATA yystack);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static u_int p_replay);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static u_int32_t p_reqid);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static u_int32_t p_spi);
diff --git a/ipsec-tools/src/setkey/rtems-bsd-setkey-setkey-data.h b/ipsec-tools/src/setkey/rtems-bsd-setkey-setkey-data.h
index b0aa4803..11d75502 100644
--- a/ipsec-tools/src/setkey/rtems-bsd-setkey-setkey-data.h
+++ b/ipsec-tools/src/setkey/rtems-bsd-setkey-setkey-data.h
@@ -2,7 +2,7 @@
 #include <rtems/linkersets.h>
 #include "rtems-bsd-setkey-data.h"
 /* setkey.c */
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static time_t thiszone);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static char const *satype[]);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static char const *sastate[]);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static char const *ipproto[]);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static char const *sastate[]);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static char const *satype[]);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static time_t thiszone);
diff --git a/ipsec-tools/src/setkey/rtems-bsd-setkey-token_wrapper-data.h b/ipsec-tools/src/setkey/rtems-bsd-setkey-token_wrapper-data.h
index 41691d79..908f38dc 100644
--- a/ipsec-tools/src/setkey/rtems-bsd-setkey-token_wrapper-data.h
+++ b/ipsec-tools/src/setkey/rtems-bsd-setkey-token_wrapper-data.h
@@ -2,17 +2,17 @@
 #include <rtems/linkersets.h>
 #include "rtems-bsd-setkey-data.h"
 /* token_wrapper.c */
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static size_t yy_buffer_stack_top);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static size_t yy_buffer_stack_max);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static YY_BUFFER_STATE *yy_buffer_stack);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static char yy_hold_char);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static yy_size_t yy_n_chars);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, extern yy_size_t setkeyyyleng);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static YY_BUFFER_STATE *yy_buffer_stack);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static char *yy_c_buf_p);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static int yy_init);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static int yy_start);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static int yy_did_buffer_switch_on_eof);
-RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static yy_state_type yy_last_accepting_state);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static char *yy_last_accepting_cpos);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static char yy_hold_char);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static int yy_did_buffer_switch_on_eof);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static int yy_init);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static int yy_more_flag);
 RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static int yy_more_len);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static int yy_start);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static size_t yy_buffer_stack_max);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static size_t yy_buffer_stack_top);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static yy_size_t yy_n_chars);
+RTEMS_LINKER_RWSET_CONTENT(bsd_prog_setkey, static yy_state_type yy_last_accepting_state);
diff --git a/libbsd.py b/libbsd.py
index 6c2fc28b..dce2c8d3 100644
--- a/libbsd.py
+++ b/libbsd.py
@@ -63,6 +63,7 @@ _defaults = {
                       'freebsd/sys/contrib/libsodium/src/libsodium/include/sodium',
                       'freebsd/sys/contrib/pf',
                       'freebsd/crypto',
+                      'freebsd/crypto/openssl/include',
                       'freebsd/sys/net',
                       'freebsd/include',
                       'freebsd/lib',
@@ -113,7 +114,6 @@ _defaults = {
      ('freebsd/sys/bsm',                        '**/*.h',                          'bsm'),
      ('freebsd/sys/cam',                        '**/*.h',                          'cam'),
      ('freebsd/sys/contrib/ck/include',         '**/*.h',                          ''),
-     ('freebsd/sys/crypto',                     '*/*.h',                           'openssl'),
      ('freebsd/sys/net',                        '**/*.h',                          'net'),
      ('freebsd/sys/net80211',                   '**/*.h',                          'net80211'),
      ('freebsd/sys/netinet',                    '**/*.h',                          'netinet'),
@@ -121,64 +121,7 @@ _defaults = {
      ('freebsd/sys/netipsec',                   '**/*.h',                          'netipsec'),
      ('freebsd/contrib/libpcap',                '*.h',                             ''),
      ('freebsd/contrib/libpcap/pcap',           '*.h',                             'pcap'),
-     ('freebsd/crypto/openssl',                 '*.h',                             'openssl'),
-     ('freebsd/crypto/openssl/crypto',          '*.h',                             'openssl'),
-     ('freebsd/crypto/openssl/ssl',             '(ssl|kssl|ssl2).h',               'openssl'),
-     ('freebsd/crypto/openssl/crypto/aes',      'aes.h',                           'openssl'),
-     ('freebsd/crypto/openssl/crypto/err',      'err.h',                           'openssl'),
-     ('freebsd/crypto/openssl/crypto/bio',      '*.h',                             'openssl'),
-     ('freebsd/crypto/openssl/crypto/dsa',      '*.h',                             'openssl'),
-     ('freebsd/crypto/openssl/ssl',             '*.h',                             'openssl'),
-     ('freebsd/crypto/openssl/crypto/bn',       'bn.h',                            'openssl'),
-     ('freebsd/crypto/openssl/crypto/x509',     'x509.h',                          'openssl'),
-     ('freebsd/crypto/openssl/crypto/cast',     'cast.h',                          'openssl'),
-     ('freebsd/crypto/openssl/crypto/lhash',    'lhash.h',                         'openssl'),
-     ('freebsd/crypto/openssl/crypto/ecdh',     'ecdh.h',                          'openssl'),
-     ('freebsd/crypto/openssl/crypto/ecdsa',    'ecdsa.h',                         'openssl'),
-     ('freebsd/crypto/openssl/crypto/idea',     'idea.h',                          'openssl'),
-     ('freebsd/crypto/openssl/crypto/mdc2',     'mdc2.h',                          'openssl'),
-     ('freebsd/crypto/openssl/crypto/md4',      'md4.h',                           'openssl'),
-     ('freebsd/crypto/openssl/crypto/md5',      'md5.h',                           'openssl'),
-     ('freebsd/crypto/openssl/crypto/rc2',      'rc2.h',                           'openssl'),
-     ('freebsd/crypto/openssl/crypto/rc4',      'rc4.h',                           'openssl'),
-     ('freebsd/crypto/openssl/crypto/ripemd',   'ripemd.h',                        'openssl'),
-     ('freebsd/crypto/openssl/crypto/seed',     'seed.h',                          'openssl'),
-     ('freebsd/crypto/openssl/crypto/sha',      'sha.h',                           'openssl'),
-     ('freebsd/crypto/openssl/crypto/x509v3',   'x509v3.h',                        'openssl'),
-     ('freebsd/crypto/openssl/crypto/x509',     'x509_vfy.h',                      'openssl'),
-     ('freebsd/crypto/openssl/crypto/buffer',   'buffer.h',                        'openssl'),
-     ('freebsd/crypto/openssl/crypto/comp',     'comp.h',                          'openssl'),
-     ('freebsd/crypto/openssl/crypto/asn1',     'asn1_mac.h',                      'openssl'),
-     ('freebsd/crypto/openssl/crypto/pem',      '(pem|pem2).h',                    'openssl'),
-     ('freebsd/crypto/openssl/crypto/rsa',      'rsa.h',                           'openssl'),
-     ('freebsd/crypto/openssl/crypto/evp',      'evp.h',                           'openssl'),
-     ('freebsd/crypto/openssl/crypto/ec',       'ec.h',                            'openssl'),
-     ('freebsd/crypto/openssl/crypto/engine',   'engine.h',                        'openssl'),
-     ('freebsd/crypto/openssl/crypto/pkcs7',    'pkcs7.h',                         'openssl'),
-     ('freebsd/crypto/openssl/crypto/hmac',     'hmac.h',                          'openssl'),
-     ('freebsd/crypto/openssl/crypto/pqueue',   'pqueue.h',                        'openssl'),
-     ('freebsd/crypto/openssl/crypto/ocsp',     'ocsp.h',                          'openssl'),
-     ('freebsd/crypto/openssl/crypto/rand',     'rand.h',                          'openssl'),
-     ('freebsd/crypto/openssl/crypto/srp',      'srp.h',                           'openssl'),
-     ('freebsd/crypto/openssl/crypto/dh',       'dh.h',                            'openssl'),
-     ('freebsd/crypto/openssl/crypto/dso',      'dso.h',                           'openssl'),
-     ('freebsd/crypto/openssl/crypto/krb5',     'krb5_asn.h',                      'openssl'),
-     ('freebsd/crypto/openssl/crypto/cms',      'cms.h',                           'openssl'),
-     ('freebsd/crypto/openssl/crypto/txt_db',   'txt_db.h',                        'openssl'),
-     ('freebsd/crypto/openssl/crypto/ts',       'ts.h',                            'openssl'),
-     ('freebsd/crypto/openssl/crypto/modes',    'modes.h',                         'openssl'),
-     ('freebsd/crypto/openssl/crypto/pkcs12',   'pkcs12.h',                        'openssl'),
-     ('freebsd/crypto/openssl/crypto/bf',       'blowfish.h',                      'openssl'),
-     ('freebsd/crypto/openssl/crypto/cmac',     'cmac.h',                          'openssl'),
-     ('freebsd/crypto/openssl/crypto/asn1',     '(asn1|asn1t).h',                  'openssl'),
-     ('freebsd/crypto/openssl/crypto/camellia', 'camellia.h',                      'openssl'),
-     ('freebsd/crypto/openssl/crypto/objects',  '(objects|obj_mac).h',             'openssl'),
-     ('freebsd/crypto/openssl/crypto/conf',     '(conf|conf_api).h',               'openssl'),
-     ('freebsd/crypto/openssl/crypto/des',      '(des|des_old).h',                 'openssl'),
-     ('freebsd/crypto/openssl/crypto/ui',       '(ui_compat|ui).h',                'openssl'),
-     ('freebsd/crypto/openssl/crypto/whrlpool', 'whrlpool.h',                      'openssl'),
-     ('freebsd/crypto/openssl/crypto/stack',    '(stack|safestack).h',             'openssl'),
-     ('freebsd/crypto/openssl/crypto',          '(opensslconf|opensslv|crypto).h', 'openssl'),
+     ('freebsd/crypto/openssl/include/openssl', '**/*.h',                          'openssl'),
      ('freebsd/sys/rpc',                        '**/*.h',                          'rpc'),
      ('freebsd/sys/sys',                        '**/*.h',                          'sys'),
      ('freebsd/sys/vm',                         '**/*.h',                          'vm'),
@@ -2125,7 +2068,6 @@ class netipsec(builder.Module):
                 'ipsec-tools/src/racoon/logger.c',
                 'ipsec-tools/src/racoon/main.c',
                 'ipsec-tools/src/racoon/misc.c',
-                'ipsec-tools/src/racoon/missing/crypto/sha2/sha2.c',
                 'ipsec-tools/src/racoon/nattraversal.c',
                 'ipsec-tools/src/racoon/oakley.c',
                 'ipsec-tools/src/racoon/pfkey.c',
@@ -2147,7 +2089,8 @@ class netipsec(builder.Module):
                 'ipsec-tools/src/racoon/vendorid.c',
                 'ipsec-tools/src/racoon/vmbuf.c',
             ],
-            mm.generator['source'](racoon_cflags)
+            mm.generator['source'](racoon_cflags,
+                                   ['freebsd/crypto/openssl'])
         )
         self.addFile(mm.generator['file']('ipsec-tools/src/racoon/cftoken.l',
                                           mm.generator['path'](),
@@ -2420,6 +2363,7 @@ class crypto(builder.Module):
                 'sys/crypto/blowfish/bf_pi.h',
                 'sys/crypto/blowfish/blowfish.h',
                 'sys/crypto/camellia/camellia.h',
+                'sys/crypto/chacha20/_chacha.h',
                 'sys/crypto/chacha20/chacha.h',
                 'sys/crypto/des/des.h',
                 'sys/crypto/des/des_locl.h',
@@ -3035,917 +2979,937 @@ class crypto_openssl(builder.Module):
         mm = self.manager
         self.addUserSpaceHeaderFiles(
             [
-                'crypto/openssl/crypto/aes/aes.h',
                 'crypto/openssl/crypto/aes/aes_locl.h',
                 'crypto/openssl/crypto/arm_arch.h',
-                'crypto/openssl/crypto/asn1/asn1.h',
-                'crypto/openssl/crypto/asn1/asn1_int.h',
+                'crypto/openssl/crypto/asn1/asn1_item_list.h',
                 'crypto/openssl/crypto/asn1/asn1_locl.h',
-                'crypto/openssl/crypto/asn1/asn1_mac.h',
-                'crypto/openssl/crypto/asn1/asn1t.h',
                 'crypto/openssl/crypto/asn1/charmap.h',
+                'crypto/openssl/crypto/asn1/standard_methods.h',
+                'crypto/openssl/crypto/asn1/tbl_standard.h',
+                'crypto/openssl/crypto/async/arch/async_null.h',
+                'crypto/openssl/crypto/async/arch/async_posix.h',
+                'crypto/openssl/crypto/async/arch/async_win.h',
+                'crypto/openssl/crypto/async/async_locl.h',
                 'crypto/openssl/crypto/bf/bf_locl.h',
                 'crypto/openssl/crypto/bf/bf_pi.h',
-                'crypto/openssl/crypto/bf/blowfish.h',
-                'crypto/openssl/crypto/bio/bio.h',
                 'crypto/openssl/crypto/bio/bio_lcl.h',
-                'crypto/openssl/crypto/bn/bn.h',
+                'crypto/openssl/crypto/blake2/blake2_impl.h',
+                'crypto/openssl/crypto/blake2/blake2_locl.h',
                 'crypto/openssl/crypto/bn/bn_lcl.h',
                 'crypto/openssl/crypto/bn/bn_prime.h',
-                'crypto/openssl/crypto/bn_int.h',
                 'crypto/openssl/crypto/bn/rsaz_exp.h',
-                'crypto/openssl/crypto/buffer/buffer.h',
-                'crypto/openssl/crypto/camellia/camellia.h',
                 'crypto/openssl/crypto/camellia/cmll_locl.h',
-                'crypto/openssl/crypto/cast/cast.h',
                 'crypto/openssl/crypto/cast/cast_lcl.h',
                 'crypto/openssl/crypto/cast/cast_s.h',
-                'crypto/openssl/crypto/cmac/cmac.h',
-                'crypto/openssl/crypto/cms/cms.h',
                 'crypto/openssl/crypto/cms/cms_lcl.h',
-                'crypto/openssl/crypto/comp/comp.h',
-                'crypto/openssl/crypto/conf/conf_api.h',
+                'crypto/openssl/crypto/comp/comp_lcl.h',
                 'crypto/openssl/crypto/conf/conf_def.h',
-                'crypto/openssl/crypto/conf/conf.h',
-                'crypto/openssl/crypto/constant_time_locl.h',
-                'crypto/openssl/crypto/cryptlib.h',
-                'crypto/openssl/crypto/crypto.h',
-                'crypto/openssl/crypto/des/des.h',
+                'crypto/openssl/crypto/conf/conf_lcl.h',
+                'crypto/openssl/crypto/ct/ct_locl.h',
                 'crypto/openssl/crypto/des/des_locl.h',
-                'crypto/openssl/crypto/des/des_old.h',
-                'crypto/openssl/crypto/des/des_ver.h',
-                'crypto/openssl/crypto/des/rpc_des.h',
                 'crypto/openssl/crypto/des/spr.h',
-                'crypto/openssl/crypto/dh/dh.h',
-                'crypto/openssl/crypto/dsa/dsa.h',
+                'crypto/openssl/crypto/dh/dh_locl.h',
                 'crypto/openssl/crypto/dsa/dsa_locl.h',
-                'crypto/openssl/crypto/dso/dso.h',
-                'crypto/openssl/crypto/ebcdic.h',
-                'crypto/openssl/crypto/ecdh/ecdh.h',
-                'crypto/openssl/crypto/ecdh/ech_locl.h',
-                'crypto/openssl/crypto/ecdsa/ecdsa.h',
-                'crypto/openssl/crypto/ecdsa/ecs_locl.h',
-                'crypto/openssl/crypto/ec/ec.h',
+                'crypto/openssl/crypto/dso/dso_locl.h',
+                'crypto/openssl/crypto/ec/curve448/arch_32/arch_intrinsics.h',
+                'crypto/openssl/crypto/ec/curve448/arch_32/f_impl.h',
+                'crypto/openssl/crypto/ec/curve448/curve448_lcl.h',
+                'crypto/openssl/crypto/ec/curve448/curve448utils.h',
+                'crypto/openssl/crypto/ec/curve448/ed448.h',
+                'crypto/openssl/crypto/ec/curve448/field.h',
+                'crypto/openssl/crypto/ec/curve448/point_448.h',
+                'crypto/openssl/crypto/ec/curve448/word.h',
                 'crypto/openssl/crypto/ec/ec_lcl.h',
-                'crypto/openssl/crypto/engine/engine.h',
                 'crypto/openssl/crypto/engine/eng_int.h',
-                'crypto/openssl/crypto/err/err.h',
-                'crypto/openssl/crypto/evp/evp.h',
                 'crypto/openssl/crypto/evp/evp_locl.h',
-                'crypto/openssl/crypto/fips_err.h',
-                'crypto/openssl/crypto/hmac/hmac.h',
-                'crypto/openssl/crypto/idea/idea.h',
+                'crypto/openssl/crypto/hmac/hmac_lcl.h',
                 'crypto/openssl/crypto/idea/idea_lcl.h',
-                'crypto/openssl/crypto/krb5/krb5_asn.h',
-                'crypto/openssl/crypto/lhash/lhash.h',
-                'crypto/openssl/crypto/md32_common.h',
-                'crypto/openssl/crypto/md4/md4.h',
+                'crypto/openssl/crypto/include/internal/aria.h',
+                'crypto/openssl/crypto/include/internal/asn1_int.h',
+                'crypto/openssl/crypto/include/internal/async.h',
+                'crypto/openssl/crypto/include/internal/bn_conf.h',
+                'crypto/openssl/crypto/include/internal/bn_dh.h',
+                'crypto/openssl/crypto/include/internal/bn_int.h',
+                'crypto/openssl/crypto/include/internal/bn_srp.h',
+                'crypto/openssl/crypto/include/internal/chacha.h',
+                'crypto/openssl/crypto/include/internal/cryptlib_int.h',
+                'crypto/openssl/crypto/include/internal/ctype.h',
+                'crypto/openssl/crypto/include/internal/dso_conf.h',
+                'crypto/openssl/crypto/include/internal/ec_int.h',
+                'crypto/openssl/crypto/include/internal/engine.h',
+                'crypto/openssl/crypto/include/internal/err_int.h',
+                'crypto/openssl/crypto/include/internal/evp_int.h',
+                'crypto/openssl/crypto/include/internal/lhash.h',
+                'crypto/openssl/crypto/include/internal/md32_common.h',
+                'crypto/openssl/crypto/include/internal/objects.h',
+                'crypto/openssl/crypto/include/internal/poly1305.h',
+                'crypto/openssl/crypto/include/internal/rand_int.h',
+                'crypto/openssl/crypto/include/internal/sha.h',
+                'crypto/openssl/crypto/include/internal/siphash.h',
+                'crypto/openssl/crypto/include/internal/sm2err.h',
+                'crypto/openssl/crypto/include/internal/sm2.h',
+                'crypto/openssl/crypto/include/internal/sm3.h',
+                'crypto/openssl/crypto/include/internal/sm4.h',
+                'crypto/openssl/crypto/include/internal/store.h',
+                'crypto/openssl/crypto/include/internal/store_int.h',
+                'crypto/openssl/crypto/include/internal/x509_int.h',
+                'crypto/openssl/crypto/lhash/lhash_lcl.h',
                 'crypto/openssl/crypto/md4/md4_locl.h',
-                'crypto/openssl/crypto/md5/md5.h',
                 'crypto/openssl/crypto/md5/md5_locl.h',
-                'crypto/openssl/crypto/mdc2/mdc2.h',
-                'crypto/openssl/crypto/modes/modes.h',
+                'crypto/openssl/crypto/mips_arch.h',
                 'crypto/openssl/crypto/modes/modes_lcl.h',
                 'crypto/openssl/crypto/objects/obj_dat.h',
-                'crypto/openssl/crypto/objects/objects.h',
-                'crypto/openssl/crypto/objects/obj_mac.h',
+                'crypto/openssl/crypto/objects/obj_lcl.h',
                 'crypto/openssl/crypto/objects/obj_xref.h',
-                'crypto/openssl/crypto/ocsp/ocsp.h',
-                'crypto/openssl/crypto/o_dir.h',
-                'crypto/openssl/crypto/opensslconf.h',
-                'crypto/openssl/crypto/opensslv.h',
-                'crypto/openssl/crypto/ossl_typ.h',
-                'crypto/openssl/crypto/o_str.h',
-                'crypto/openssl/crypto/o_time.h',
-                'crypto/openssl/crypto/pem/pem2.h',
-                'crypto/openssl/crypto/pem/pem.h',
-                'crypto/openssl/crypto/pkcs12/pkcs12.h',
-                'crypto/openssl/crypto/pkcs7/pkcs7.h',
+                'crypto/openssl/crypto/ocsp/ocsp_lcl.h',
+                'crypto/openssl/crypto/pkcs12/p12_lcl.h',
+                'crypto/openssl/crypto/poly1305/poly1305_local.h',
                 'crypto/openssl/crypto/ppc_arch.h',
-                'crypto/openssl/crypto/pqueue/pqueue.h',
-                'crypto/openssl/crypto/rand/rand.h',
                 'crypto/openssl/crypto/rand/rand_lcl.h',
-                'crypto/openssl/crypto/rc2/rc2.h',
                 'crypto/openssl/crypto/rc2/rc2_locl.h',
-                'crypto/openssl/crypto/rc4/rc4.h',
                 'crypto/openssl/crypto/rc4/rc4_locl.h',
-                'crypto/openssl/crypto/ripemd/ripemd.h',
                 'crypto/openssl/crypto/ripemd/rmdconst.h',
                 'crypto/openssl/crypto/ripemd/rmd_locl.h',
-                'crypto/openssl/crypto/rsa/rsa.h',
                 'crypto/openssl/crypto/rsa/rsa_locl.h',
-                'crypto/openssl/crypto/seed/seed.h',
+                'crypto/openssl/crypto/s390x_arch.h',
                 'crypto/openssl/crypto/seed/seed_locl.h',
-                'crypto/openssl/crypto/sha/sha.h',
                 'crypto/openssl/crypto/sha/sha_locl.h',
+                'crypto/openssl/crypto/siphash/siphash_local.h',
+                'crypto/openssl/crypto/sm3/sm3_locl.h',
                 'crypto/openssl/crypto/sparc_arch.h',
-                'crypto/openssl/crypto/srp/srp_grps.h',
-                'crypto/openssl/crypto/srp/srp.h',
-                'crypto/openssl/crypto/srp/srp_lcl.h',
-                'crypto/openssl/crypto/stack/safestack.h',
-                'crypto/openssl/crypto/stack/stack.h',
-                'crypto/openssl/crypto/symhacks.h',
-                'crypto/openssl/crypto/ts/ts.h',
-                'crypto/openssl/crypto/txt_db/txt_db.h',
-                'crypto/openssl/crypto/ui/ui_compat.h',
-                'crypto/openssl/crypto/ui/ui.h',
+                'crypto/openssl/crypto/store/store_locl.h',
+                'crypto/openssl/crypto/ts/ts_lcl.h',
                 'crypto/openssl/crypto/ui/ui_locl.h',
                 'crypto/openssl/crypto/vms_rms.h',
-                'crypto/openssl/crypto/whrlpool/whrlpool.h',
                 'crypto/openssl/crypto/whrlpool/wp_locl.h',
                 'crypto/openssl/crypto/x509v3/ext_dat.h',
                 'crypto/openssl/crypto/x509v3/pcy_int.h',
-                'crypto/openssl/crypto/x509v3/x509v3.h',
-                'crypto/openssl/crypto/x509/vpm_int.h',
-                'crypto/openssl/crypto/x509/x509.h',
-                'crypto/openssl/crypto/x509/x509_vfy.h',
-                'crypto/openssl/engines/ccgost/e_gost_err.h',
-                'crypto/openssl/engines/ccgost/gost2001_keyx.h',
-                'crypto/openssl/engines/ccgost/gost89.h',
-                'crypto/openssl/engines/ccgost/gosthash.h',
-                'crypto/openssl/engines/ccgost/gost_keywrap.h',
-                'crypto/openssl/engines/ccgost/gost_lcl.h',
-                'crypto/openssl/engines/ccgost/gost_params.h',
-                'crypto/openssl/engines/e_4758cca_err.h',
-                'crypto/openssl/engines/e_aep_err.h',
-                'crypto/openssl/engines/e_atalla_err.h',
+                'crypto/openssl/crypto/x509v3/standard_exts.h',
+                'crypto/openssl/crypto/x509v3/v3_admis.h',
+                'crypto/openssl/crypto/x509/x509_lcl.h',
+                'crypto/openssl/engines/e_afalg_err.h',
+                'crypto/openssl/engines/e_afalg.h',
                 'crypto/openssl/engines/e_capi_err.h',
-                'crypto/openssl/engines/e_chil_err.h',
-                'crypto/openssl/engines/e_cswift_err.h',
-                'crypto/openssl/engines/e_gmp_err.h',
-                'crypto/openssl/engines/e_nuron_err.h',
-                'crypto/openssl/engines/e_sureware_err.h',
-                'crypto/openssl/engines/e_ubsec_err.h',
-                'crypto/openssl/engines/vendor_defns/aep.h',
-                'crypto/openssl/engines/vendor_defns/atalla.h',
-                'crypto/openssl/engines/vendor_defns/cswift.h',
-                'crypto/openssl/engines/vendor_defns/hw_4758_cca.h',
-                'crypto/openssl/engines/vendor_defns/hwcryptohook.h',
-                'crypto/openssl/engines/vendor_defns/hw_ubsec.h',
-                'crypto/openssl/engines/vendor_defns/sureware.h',
-                'crypto/openssl/e_os2.h',
+                'crypto/openssl/engines/e_dasync_err.h',
+                'crypto/openssl/engines/e_ossltest_err.h',
                 'crypto/openssl/e_os.h',
-                'crypto/openssl/ssl/dtls1.h',
-                'crypto/openssl/ssl/kssl.h',
-                'crypto/openssl/ssl/kssl_lcl.h',
-                'crypto/openssl/ssl/srtp.h',
-                'crypto/openssl/ssl/ssl23.h',
-                'crypto/openssl/ssl/ssl2.h',
-                'crypto/openssl/ssl/ssl3.h',
-                'crypto/openssl/ssl/ssl.h',
+                'crypto/openssl/include/internal/bio.h',
+                'crypto/openssl/include/internal/comp.h',
+                'crypto/openssl/include/internal/conf.h',
+                'crypto/openssl/include/internal/constant_time_locl.h',
+                'crypto/openssl/include/internal/cryptlib.h',
+                'crypto/openssl/include/internal/dane.h',
+                'crypto/openssl/include/internal/dsoerr.h',
+                'crypto/openssl/include/internal/dso.h',
+                'crypto/openssl/include/internal/err.h',
+                'crypto/openssl/include/internal/nelem.h',
+                'crypto/openssl/include/internal/numbers.h',
+                'crypto/openssl/include/internal/o_dir.h',
+                'crypto/openssl/include/internal/o_str.h',
+                'crypto/openssl/include/internal/refcount.h',
+                'crypto/openssl/include/internal/sockets.h',
+                'crypto/openssl/include/internal/sslconf.h',
+                'crypto/openssl/include/internal/thread_once.h',
+                'crypto/openssl/include/internal/tsan_assist.h',
+                'crypto/openssl/include/openssl/aes.h',
+                'crypto/openssl/include/openssl/asn1err.h',
+                'crypto/openssl/include/openssl/asn1.h',
+                'crypto/openssl/include/openssl/asn1_mac.h',
+                'crypto/openssl/include/openssl/asn1t.h',
+                'crypto/openssl/include/openssl/asyncerr.h',
+                'crypto/openssl/include/openssl/async.h',
+                'crypto/openssl/include/openssl/bioerr.h',
+                'crypto/openssl/include/openssl/bio.h',
+                'crypto/openssl/include/openssl/blowfish.h',
+                'crypto/openssl/include/openssl/bnerr.h',
+                'crypto/openssl/include/openssl/bn.h',
+                'crypto/openssl/include/openssl/buffererr.h',
+                'crypto/openssl/include/openssl/buffer.h',
+                'crypto/openssl/include/openssl/camellia.h',
+                'crypto/openssl/include/openssl/cast.h',
+                'crypto/openssl/include/openssl/cmac.h',
+                'crypto/openssl/include/openssl/cmserr.h',
+                'crypto/openssl/include/openssl/cms.h',
+                'crypto/openssl/include/openssl/comperr.h',
+                'crypto/openssl/include/openssl/comp.h',
+                'crypto/openssl/include/openssl/conf_api.h',
+                'crypto/openssl/include/openssl/conferr.h',
+                'crypto/openssl/include/openssl/conf.h',
+                'crypto/openssl/include/openssl/cryptoerr.h',
+                'crypto/openssl/include/openssl/crypto.h',
+                'crypto/openssl/include/openssl/cterr.h',
+                'crypto/openssl/include/openssl/ct.h',
+                'crypto/openssl/include/openssl/des.h',
+                'crypto/openssl/include/openssl/dherr.h',
+                'crypto/openssl/include/openssl/dh.h',
+                'crypto/openssl/include/openssl/dsaerr.h',
+                'crypto/openssl/include/openssl/dsa.h',
+                'crypto/openssl/include/openssl/dtls1.h',
+                'crypto/openssl/include/openssl/ebcdic.h',
+                'crypto/openssl/include/openssl/ecdh.h',
+                'crypto/openssl/include/openssl/ecdsa.h',
+                'crypto/openssl/include/openssl/ecerr.h',
+                'crypto/openssl/include/openssl/ec.h',
+                'crypto/openssl/include/openssl/engineerr.h',
+                'crypto/openssl/include/openssl/engine.h',
+                'crypto/openssl/include/openssl/e_os2.h',
+                'crypto/openssl/include/openssl/err.h',
+                'crypto/openssl/include/openssl/evperr.h',
+                'crypto/openssl/include/openssl/evp.h',
+                'crypto/openssl/include/openssl/hmac.h',
+                'crypto/openssl/include/openssl/idea.h',
+                'crypto/openssl/include/openssl/kdferr.h',
+                'crypto/openssl/include/openssl/kdf.h',
+                'crypto/openssl/include/openssl/lhash.h',
+                'crypto/openssl/include/openssl/md2.h',
+                'crypto/openssl/include/openssl/md4.h',
+                'crypto/openssl/include/openssl/md5.h',
+                'crypto/openssl/include/openssl/mdc2.h',
+                'crypto/openssl/include/openssl/modes.h',
+                'crypto/openssl/include/openssl/objectserr.h',
+                'crypto/openssl/include/openssl/objects.h',
+                'crypto/openssl/include/openssl/obj_mac.h',
+                'crypto/openssl/include/openssl/ocsperr.h',
+                'crypto/openssl/include/openssl/ocsp.h',
+                'crypto/openssl/include/openssl/opensslv.h',
+                'crypto/openssl/include/openssl/ossl_typ.h',
+                'crypto/openssl/include/openssl/pem2.h',
+                'crypto/openssl/include/openssl/pemerr.h',
+                'crypto/openssl/include/openssl/pem.h',
+                'crypto/openssl/include/openssl/pkcs12err.h',
+                'crypto/openssl/include/openssl/pkcs12.h',
+                'crypto/openssl/include/openssl/pkcs7err.h',
+                'crypto/openssl/include/openssl/pkcs7.h',
+                'crypto/openssl/include/openssl/rand_drbg.h',
+                'crypto/openssl/include/openssl/randerr.h',
+                'crypto/openssl/include/openssl/rand.h',
+                'crypto/openssl/include/openssl/rc2.h',
+                'crypto/openssl/include/openssl/rc4.h',
+                'crypto/openssl/include/openssl/rc5.h',
+                'crypto/openssl/include/openssl/ripemd.h',
+                'crypto/openssl/include/openssl/rsaerr.h',
+                'crypto/openssl/include/openssl/rsa.h',
+                'crypto/openssl/include/openssl/safestack.h',
+                'crypto/openssl/include/openssl/seed.h',
+                'crypto/openssl/include/openssl/sha.h',
+                'crypto/openssl/include/openssl/srp.h',
+                'crypto/openssl/include/openssl/srtp.h',
+                'crypto/openssl/include/openssl/ssl2.h',
+                'crypto/openssl/include/openssl/ssl3.h',
+                'crypto/openssl/include/openssl/sslerr.h',
+                'crypto/openssl/include/openssl/ssl.h',
+                'crypto/openssl/include/openssl/stack.h',
+                'crypto/openssl/include/openssl/storeerr.h',
+                'crypto/openssl/include/openssl/store.h',
+                'crypto/openssl/include/openssl/symhacks.h',
+                'crypto/openssl/include/openssl/tls1.h',
+                'crypto/openssl/include/openssl/tserr.h',
+                'crypto/openssl/include/openssl/ts.h',
+                'crypto/openssl/include/openssl/txt_db.h',
+                'crypto/openssl/include/openssl/uierr.h',
+                'crypto/openssl/include/openssl/ui.h',
+                'crypto/openssl/include/openssl/whrlpool.h',
+                'crypto/openssl/include/openssl/x509err.h',
+                'crypto/openssl/include/openssl/x509.h',
+                'crypto/openssl/include/openssl/x509v3err.h',
+                'crypto/openssl/include/openssl/x509v3.h',
+                'crypto/openssl/include/openssl/x509_vfy.h',
+                'crypto/openssl/ssl/packet_locl.h',
+                'crypto/openssl/ssl/record/record.h',
+                'crypto/openssl/ssl/record/record_locl.h',
+                'crypto/openssl/ssl/ssl_cert_table.h',
                 'crypto/openssl/ssl/ssl_locl.h',
-                'crypto/openssl/ssl/tls1.h',
+                'crypto/openssl/ssl/statem/statem.h',
+                'crypto/openssl/ssl/statem/statem_locl.h',
             ]
         )
         self.addUserSpaceSourceFiles(
             [
-                'crypto/openssl/engines/ccgost/e_gost_err.c',
-                'crypto/openssl/engines/ccgost/gost_sign.c',
-                'crypto/openssl/engines/ccgost/gost_params.c',
-                'crypto/openssl/engines/ccgost/gost_md.c',
-                'crypto/openssl/engines/ccgost/gost2001_keyx.c',
-                'crypto/openssl/engines/ccgost/gostsum.c',
-                'crypto/openssl/engines/ccgost/gost_eng.c',
-                'crypto/openssl/engines/ccgost/gost_asn1.c',
-                'crypto/openssl/engines/ccgost/gost_ameth.c',
-                'crypto/openssl/engines/ccgost/gost_keywrap.c',
-                'crypto/openssl/engines/ccgost/gost_pmeth.c',
-                'crypto/openssl/engines/ccgost/gost2001.c',
-                'crypto/openssl/engines/ccgost/gost94_keyx.c',
-                'crypto/openssl/engines/ccgost/gost89.c',
-                'crypto/openssl/engines/ccgost/gost_crypt.c',
-                'crypto/openssl/engines/ccgost/gosthash.c',
-                'crypto/openssl/engines/ccgost/gost_ctl.c',
-                'crypto/openssl/engines/e_4758cca_err.c',
-                'crypto/openssl/engines/e_gmp.c',
-                'crypto/openssl/engines/e_sureware_err.c',
-                'crypto/openssl/engines/e_ubsec.c',
-                'crypto/openssl/engines/e_gmp_err.c',
-                'crypto/openssl/engines/e_ubsec_err.c',
-                'crypto/openssl/engines/e_cswift_err.c',
-                'crypto/openssl/engines/e_chil_err.c',
-                'crypto/openssl/engines/e_aep_err.c',
-                'crypto/openssl/engines/e_4758cca.c',
-                'crypto/openssl/engines/e_chil.c',
-                'crypto/openssl/engines/e_nuron.c',
-                'crypto/openssl/engines/e_aep.c',
-                'crypto/openssl/engines/e_cswift.c',
-                'crypto/openssl/engines/e_atalla_err.c',
-                'crypto/openssl/engines/e_capi.c',
-                'crypto/openssl/engines/e_nuron_err.c',
-                'crypto/openssl/engines/e_atalla.c',
-                'crypto/openssl/engines/e_capi_err.c',
-                'crypto/openssl/engines/e_padlock.c',
-                'crypto/openssl/engines/e_sureware.c',
-                'crypto/openssl/ssl/ssl_utst.c',
-                'crypto/openssl/ssl/t1_ext.c',
-                'crypto/openssl/ssl/ssltest.c',
-                'crypto/openssl/ssl/s2_pkt.c',
-                'crypto/openssl/ssl/s23_pkt.c',
-                'crypto/openssl/ssl/t1_enc.c',
-                'crypto/openssl/ssl/s23_lib.c',
-                'crypto/openssl/ssl/s23_clnt.c',
-                'crypto/openssl/ssl/s23_meth.c',
-                'crypto/openssl/ssl/ssl_stat.c',
-                'crypto/openssl/ssl/s3_srvr.c',
-                'crypto/openssl/ssl/s2_clnt.c',
-                'crypto/openssl/ssl/t1_reneg.c',
-                'crypto/openssl/ssl/s3_pkt.c',
-                'crypto/openssl/ssl/s3_cbc.c',
-                'crypto/openssl/ssl/t1_clnt.c',
-                'crypto/openssl/ssl/kssl.c',
-                'crypto/openssl/ssl/s3_both.c',
-                'crypto/openssl/ssl/t1_meth.c',
-                'crypto/openssl/ssl/s3_enc.c',
-                'crypto/openssl/ssl/tls_srp.c',
-                'crypto/openssl/ssl/d1_srvr.c',
-                'crypto/openssl/ssl/ssl_cert.c',
-                'crypto/openssl/ssl/ssl_rsa.c',
-                'crypto/openssl/ssl/ssl_lib.c',
-                'crypto/openssl/ssl/s2_lib.c',
-                'crypto/openssl/ssl/clienthellotest.c',
-                'crypto/openssl/ssl/ssl_err2.c',
-                'crypto/openssl/ssl/ssl_asn1.c',
-                'crypto/openssl/ssl/d1_pkt.c',
-                'crypto/openssl/ssl/t1_srvr.c',
-                'crypto/openssl/ssl/s2_enc.c',
-                'crypto/openssl/ssl/ssl_conf.c',
-                'crypto/openssl/ssl/s3_lib.c',
-                'crypto/openssl/ssl/sslv2conftest.c',
-                'crypto/openssl/ssl/d1_meth.c',
-                'crypto/openssl/ssl/ssl_algs.c',
-                'crypto/openssl/ssl/t1_lib.c',
-                'crypto/openssl/ssl/ssl_err.c',
-                'crypto/openssl/ssl/d1_clnt.c',
-                'crypto/openssl/ssl/t1_trce.c',
-                'crypto/openssl/ssl/s3_meth.c',
-                'crypto/openssl/ssl/d1_lib.c',
-                'crypto/openssl/ssl/ssl_ciph.c',
-                'crypto/openssl/ssl/ssl_sess.c',
-                'crypto/openssl/ssl/ssl_txt.c',
-                'crypto/openssl/ssl/bio_ssl.c',
-                'crypto/openssl/ssl/s2_srvr.c',
-                'crypto/openssl/ssl/s3_clnt.c',
-                'crypto/openssl/ssl/s23_srvr.c',
-                'crypto/openssl/ssl/d1_srtp.c',
-                'crypto/openssl/ssl/d1_both.c',
-                'crypto/openssl/ssl/s2_meth.c',
-                'crypto/openssl/ssl/bad_dtls_test.c',
-                'crypto/openssl/crypto/bio/bss_bio.c',
-                'crypto/openssl/crypto/bio/bf_lbuf.c',
+                'crypto/openssl/crypto/aes/aes_cbc.c',
+                'crypto/openssl/crypto/aes/aes_cfb.c',
+                'crypto/openssl/crypto/aes/aes_core.c',
+                'crypto/openssl/crypto/aes/aes_ecb.c',
+                'crypto/openssl/crypto/aes/aes_ige.c',
+                'crypto/openssl/crypto/aes/aes_misc.c',
+                'crypto/openssl/crypto/aes/aes_ofb.c',
+                'crypto/openssl/crypto/aes/aes_wrap.c',
+                'crypto/openssl/crypto/aria/aria.c',
+                'crypto/openssl/crypto/asn1/a_bitstr.c',
+                'crypto/openssl/crypto/asn1/a_d2i_fp.c',
+                'crypto/openssl/crypto/asn1/a_digest.c',
+                'crypto/openssl/crypto/asn1/a_dup.c',
+                'crypto/openssl/crypto/asn1/a_gentm.c',
+                'crypto/openssl/crypto/asn1/a_i2d_fp.c',
+                'crypto/openssl/crypto/asn1/a_int.c',
+                'crypto/openssl/crypto/asn1/a_mbstr.c',
+                'crypto/openssl/crypto/asn1/ameth_lib.c',
+                'crypto/openssl/crypto/asn1/a_object.c',
+                'crypto/openssl/crypto/asn1/a_octet.c',
+                'crypto/openssl/crypto/asn1/a_print.c',
+                'crypto/openssl/crypto/asn1/a_sign.c',
+                'crypto/openssl/crypto/asn1/asn1_err.c',
+                'crypto/openssl/crypto/asn1/asn1_gen.c',
+                'crypto/openssl/crypto/asn1/asn1_item_list.c',
+                'crypto/openssl/crypto/asn1/asn1_lib.c',
+                'crypto/openssl/crypto/asn1/asn1_par.c',
+                'crypto/openssl/crypto/asn1/asn_mime.c',
+                'crypto/openssl/crypto/asn1/asn_moid.c',
+                'crypto/openssl/crypto/asn1/asn_mstbl.c',
+                'crypto/openssl/crypto/asn1/asn_pack.c',
+                'crypto/openssl/crypto/asn1/a_strex.c',
+                'crypto/openssl/crypto/asn1/a_strnid.c',
+                'crypto/openssl/crypto/asn1/a_time.c',
+                'crypto/openssl/crypto/asn1/a_type.c',
+                'crypto/openssl/crypto/asn1/a_utctm.c',
+                'crypto/openssl/crypto/asn1/a_utf8.c',
+                'crypto/openssl/crypto/asn1/a_verify.c',
+                'crypto/openssl/crypto/asn1/bio_asn1.c',
+                'crypto/openssl/crypto/asn1/bio_ndef.c',
+                'crypto/openssl/crypto/asn1/d2i_pr.c',
+                'crypto/openssl/crypto/asn1/d2i_pu.c',
+                'crypto/openssl/crypto/asn1/evp_asn1.c',
+                'crypto/openssl/crypto/asn1/f_int.c',
+                'crypto/openssl/crypto/asn1/f_string.c',
+                'crypto/openssl/crypto/asn1/i2d_pr.c',
+                'crypto/openssl/crypto/asn1/i2d_pu.c',
+                'crypto/openssl/crypto/asn1/n_pkey.c',
+                'crypto/openssl/crypto/asn1/nsseq.c',
+                'crypto/openssl/crypto/asn1/p5_pbe.c',
+                'crypto/openssl/crypto/asn1/p5_pbev2.c',
+                'crypto/openssl/crypto/asn1/p5_scrypt.c',
+                'crypto/openssl/crypto/asn1/p8_pkey.c',
+                'crypto/openssl/crypto/asn1/tasn_dec.c',
+                'crypto/openssl/crypto/asn1/tasn_enc.c',
+                'crypto/openssl/crypto/asn1/tasn_fre.c',
+                'crypto/openssl/crypto/asn1/tasn_new.c',
+                'crypto/openssl/crypto/asn1/tasn_prn.c',
+                'crypto/openssl/crypto/asn1/tasn_scn.c',
+                'crypto/openssl/crypto/asn1/tasn_typ.c',
+                'crypto/openssl/crypto/asn1/tasn_utl.c',
+                'crypto/openssl/crypto/asn1/t_bitst.c',
+                'crypto/openssl/crypto/asn1/t_pkey.c',
+                'crypto/openssl/crypto/asn1/t_spki.c',
+                'crypto/openssl/crypto/asn1/x_algor.c',
+                'crypto/openssl/crypto/asn1/x_bignum.c',
+                'crypto/openssl/crypto/asn1/x_info.c',
+                'crypto/openssl/crypto/asn1/x_int64.c',
+                'crypto/openssl/crypto/asn1/x_long.c',
+                'crypto/openssl/crypto/asn1/x_pkey.c',
+                'crypto/openssl/crypto/asn1/x_sig.c',
+                'crypto/openssl/crypto/asn1/x_spki.c',
+                'crypto/openssl/crypto/asn1/x_val.c',
+                'crypto/openssl/crypto/async/arch/async_null.c',
+                'crypto/openssl/crypto/async/arch/async_posix.c',
+                'crypto/openssl/crypto/async/async.c',
+                'crypto/openssl/crypto/async/async_err.c',
+                'crypto/openssl/crypto/async/async_wait.c',
+                'crypto/openssl/crypto/bf/bf_cfb64.c',
+                'crypto/openssl/crypto/bf/bf_ecb.c',
+                'crypto/openssl/crypto/bf/bf_enc.c',
+                'crypto/openssl/crypto/bf/bf_ofb64.c',
+                'crypto/openssl/crypto/bf/bf_skey.c',
+                'crypto/openssl/crypto/bio/b_addr.c',
                 'crypto/openssl/crypto/bio/b_dump.c',
                 'crypto/openssl/crypto/bio/bf_buff.c',
+                'crypto/openssl/crypto/bio/bf_lbuf.c',
                 'crypto/openssl/crypto/bio/bf_nbio.c',
-                'crypto/openssl/crypto/bio/bss_file.c',
-                'crypto/openssl/crypto/bio/bss_acpt.c',
                 'crypto/openssl/crypto/bio/bf_null.c',
-                'crypto/openssl/crypto/bio/bss_dgram.c',
-                'crypto/openssl/crypto/bio/bss_fd.c',
-                'crypto/openssl/crypto/bio/bss_sock.c',
+                'crypto/openssl/crypto/bio/bio_cb.c',
+                'crypto/openssl/crypto/bio/bio_err.c',
                 'crypto/openssl/crypto/bio/bio_lib.c',
+                'crypto/openssl/crypto/bio/bio_meth.c',
+                'crypto/openssl/crypto/bio/b_print.c',
+                'crypto/openssl/crypto/bio/b_sock2.c',
                 'crypto/openssl/crypto/bio/b_sock.c',
-                'crypto/openssl/crypto/bio/bio_err.c',
-                'crypto/openssl/crypto/bio/bio_cb.c',
-                'crypto/openssl/crypto/bio/bss_mem.c',
+                'crypto/openssl/crypto/bio/bss_acpt.c',
+                'crypto/openssl/crypto/bio/bss_bio.c',
                 'crypto/openssl/crypto/bio/bss_conn.c',
+                'crypto/openssl/crypto/bio/bss_dgram.c',
+                'crypto/openssl/crypto/bio/bss_fd.c',
+                'crypto/openssl/crypto/bio/bss_file.c',
                 'crypto/openssl/crypto/bio/bss_log.c',
-                'crypto/openssl/crypto/bio/b_print.c',
+                'crypto/openssl/crypto/bio/bss_mem.c',
                 'crypto/openssl/crypto/bio/bss_null.c',
-                'crypto/openssl/crypto/modes/cbc128.c',
-                'crypto/openssl/crypto/modes/ccm128.c',
-                'crypto/openssl/crypto/modes/wrap128.c',
-                'crypto/openssl/crypto/modes/cts128.c',
-                'crypto/openssl/crypto/modes/xts128.c',
-                'crypto/openssl/crypto/modes/ctr128.c',
-                'crypto/openssl/crypto/modes/gcm128.c',
-                'crypto/openssl/crypto/modes/ofb128.c',
-                'crypto/openssl/crypto/modes/cfb128.c',
-                'crypto/openssl/crypto/fips_ers.c',
-                'crypto/openssl/crypto/o_time.c',
-                'crypto/openssl/crypto/cms/cms_sd.c',
-                'crypto/openssl/crypto/cms/cms_enc.c',
-                'crypto/openssl/crypto/cms/cms_att.c',
-                'crypto/openssl/crypto/cms/cms_env.c',
-                'crypto/openssl/crypto/cms/cms_ess.c',
-                'crypto/openssl/crypto/cms/cms_kari.c',
-                'crypto/openssl/crypto/cms/cms_cd.c',
-                'crypto/openssl/crypto/cms/cms_dd.c',
-                'crypto/openssl/crypto/cms/cms_io.c',
-                'crypto/openssl/crypto/cms/cms_lib.c',
-                'crypto/openssl/crypto/cms/cms_err.c',
-                'crypto/openssl/crypto/cms/cms_pwri.c',
-                'crypto/openssl/crypto/cms/cms_smime.c',
-                'crypto/openssl/crypto/cms/cms_asn1.c',
-                'crypto/openssl/crypto/uid.c',
-                'crypto/openssl/crypto/bn/bn_word.c',
-                'crypto/openssl/crypto/bn/bn_mul.c',
-                'crypto/openssl/crypto/bn/bn_gf2m.c',
-                'crypto/openssl/crypto/bn/bn_gcd.c',
-                'crypto/openssl/crypto/bn/bn_exp2.c',
-                'crypto/openssl/crypto/bn/expspeed.c',
-                'crypto/openssl/crypto/bn/bn_print.c',
+                'crypto/openssl/crypto/bio/bss_sock.c',
+                'crypto/openssl/crypto/blake2/blake2b.c',
+                'crypto/openssl/crypto/blake2/blake2s.c',
+                'crypto/openssl/crypto/blake2/m_blake2b.c',
+                'crypto/openssl/crypto/blake2/m_blake2s.c',
                 'crypto/openssl/crypto/bn/bn_add.c',
-                'crypto/openssl/crypto/bn/bn_mpi.c',
-                'crypto/openssl/crypto/bn/exptest.c',
-                'crypto/openssl/crypto/bn/bn_prime.c',
-                'crypto/openssl/crypto/bn/rsaz_exp.c',
-                'crypto/openssl/crypto/bn/bn_lib.c',
-                'crypto/openssl/crypto/bn/bn_exp.c',
-                'crypto/openssl/crypto/bn/bn_kron.c',
+                'crypto/openssl/crypto/bn/bn_asm.c',
+                'crypto/openssl/crypto/bn/bn_blind.c',
                 'crypto/openssl/crypto/bn/bn_const.c',
-                'crypto/openssl/crypto/bn/bnspeed.c',
-                'crypto/openssl/crypto/bn/bn_recp.c',
-                'crypto/openssl/crypto/bn/bn_rand.c',
+                'crypto/openssl/crypto/bn/bn_ctx.c',
+                'crypto/openssl/crypto/bn/bn_depr.c',
+                'crypto/openssl/crypto/bn/bn_dh.c',
                 'crypto/openssl/crypto/bn/bn_div.c',
+                'crypto/openssl/crypto/bn/bn_err.c',
+                'crypto/openssl/crypto/bn/bn_exp2.c',
+                'crypto/openssl/crypto/bn/bn_exp.c',
+                'crypto/openssl/crypto/bn/bn_gcd.c',
+                'crypto/openssl/crypto/bn/bn_gf2m.c',
+                'crypto/openssl/crypto/bn/bn_intern.c',
+                'crypto/openssl/crypto/bn/bn_kron.c',
+                'crypto/openssl/crypto/bn/bn_lib.c',
                 'crypto/openssl/crypto/bn/bn_mod.c',
-                'crypto/openssl/crypto/bn/bn_sqr.c',
-                'crypto/openssl/crypto/bn/bn_depr.c',
-                'crypto/openssl/crypto/bn/bn_shift.c',
-                'crypto/openssl/crypto/bn/bn_ctx.c',
                 'crypto/openssl/crypto/bn/bn_mont.c',
-                'crypto/openssl/crypto/bn/divtest.c',
+                'crypto/openssl/crypto/bn/bn_mpi.c',
+                'crypto/openssl/crypto/bn/bn_mul.c',
                 'crypto/openssl/crypto/bn/bn_nist.c',
+                'crypto/openssl/crypto/bn/bn_prime.c',
+                'crypto/openssl/crypto/bn/bn_print.c',
+                'crypto/openssl/crypto/bn/bn_rand.c',
+                'crypto/openssl/crypto/bn/bn_recp.c',
+                'crypto/openssl/crypto/bn/bn_shift.c',
+                'crypto/openssl/crypto/bn/bn_sqr.c',
                 'crypto/openssl/crypto/bn/bn_sqrt.c',
-                'crypto/openssl/crypto/bn/bn_err.c',
+                'crypto/openssl/crypto/bn/bn_srp.c',
+                'crypto/openssl/crypto/bn/bn_word.c',
                 'crypto/openssl/crypto/bn/bn_x931p.c',
-                'crypto/openssl/crypto/bn/bn_asm.c',
-                'crypto/openssl/crypto/bn/bntest.c',
-                'crypto/openssl/crypto/bn/bn_blind.c',
-                'crypto/openssl/crypto/mem.c',
-                'crypto/openssl/crypto/ecdh/ech_err.c',
-                'crypto/openssl/crypto/ecdh/ecdhtest.c',
-                'crypto/openssl/crypto/ecdh/ech_ossl.c',
-                'crypto/openssl/crypto/ecdh/ech_kdf.c',
-                'crypto/openssl/crypto/ecdh/ech_key.c',
-                'crypto/openssl/crypto/ecdh/ech_lib.c',
-                'crypto/openssl/crypto/dh/dh_rfc5114.c',
-                'crypto/openssl/crypto/dh/dh_lib.c',
-                'crypto/openssl/crypto/dh/p192.c',
-                'crypto/openssl/crypto/dh/p512.c',
-                'crypto/openssl/crypto/dh/dh_key.c',
-                'crypto/openssl/crypto/dh/p1024.c',
-                'crypto/openssl/crypto/dh/dh_kdf.c',
-                'crypto/openssl/crypto/dh/dh_gen.c',
+                'crypto/openssl/crypto/bn/rsaz_exp.c',
+                'crypto/openssl/crypto/buffer/buf_err.c',
+                'crypto/openssl/crypto/buffer/buffer.c',
+                'crypto/openssl/crypto/camellia/camellia.c',
+                'crypto/openssl/crypto/camellia/cmll_cbc.c',
+                'crypto/openssl/crypto/camellia/cmll_cfb.c',
+                'crypto/openssl/crypto/camellia/cmll_ctr.c',
+                'crypto/openssl/crypto/camellia/cmll_ecb.c',
+                'crypto/openssl/crypto/camellia/cmll_misc.c',
+                'crypto/openssl/crypto/camellia/cmll_ofb.c',
+                'crypto/openssl/crypto/cast/c_cfb64.c',
+                'crypto/openssl/crypto/cast/c_ecb.c',
+                'crypto/openssl/crypto/cast/c_enc.c',
+                'crypto/openssl/crypto/cast/c_ofb64.c',
+                'crypto/openssl/crypto/cast/c_skey.c',
+                'crypto/openssl/crypto/chacha/chacha_enc.c',
+                'crypto/openssl/crypto/cmac/cmac.c',
+                'crypto/openssl/crypto/cmac/cm_ameth.c',
+                'crypto/openssl/crypto/cmac/cm_pmeth.c',
+                'crypto/openssl/crypto/cms/cms_asn1.c',
+                'crypto/openssl/crypto/cms/cms_att.c',
+                'crypto/openssl/crypto/cms/cms_cd.c',
+                'crypto/openssl/crypto/cms/cms_dd.c',
+                'crypto/openssl/crypto/cms/cms_enc.c',
+                'crypto/openssl/crypto/cms/cms_env.c',
+                'crypto/openssl/crypto/cms/cms_err.c',
+                'crypto/openssl/crypto/cms/cms_ess.c',
+                'crypto/openssl/crypto/cms/cms_io.c',
+                'crypto/openssl/crypto/cms/cms_kari.c',
+                'crypto/openssl/crypto/cms/cms_lib.c',
+                'crypto/openssl/crypto/cms/cms_pwri.c',
+                'crypto/openssl/crypto/cms/cms_sd.c',
+                'crypto/openssl/crypto/cms/cms_smime.c',
+                'crypto/openssl/crypto/comp/comp_err.c',
+                'crypto/openssl/crypto/comp/comp_lib.c',
+                'crypto/openssl/crypto/comp/c_zlib.c',
+                'crypto/openssl/crypto/conf/conf_api.c',
+                'crypto/openssl/crypto/conf/conf_def.c',
+                'crypto/openssl/crypto/conf/conf_err.c',
+                'crypto/openssl/crypto/conf/conf_lib.c',
+                'crypto/openssl/crypto/conf/conf_mall.c',
+                'crypto/openssl/crypto/conf/conf_mod.c',
+                'crypto/openssl/crypto/conf/conf_sap.c',
+                'crypto/openssl/crypto/conf/conf_ssl.c',
+                'crypto/openssl/crypto/cpt_err.c',
+                'crypto/openssl/crypto/cryptlib.c',
+                'crypto/openssl/crypto/ct/ct_b64.c',
+                'crypto/openssl/crypto/ct/ct_err.c',
+                'crypto/openssl/crypto/ct/ct_log.c',
+                'crypto/openssl/crypto/ct/ct_oct.c',
+                'crypto/openssl/crypto/ct/ct_policy.c',
+                'crypto/openssl/crypto/ct/ct_prn.c',
+                'crypto/openssl/crypto/ct/ct_sct.c',
+                'crypto/openssl/crypto/ct/ct_sct_ctx.c',
+                'crypto/openssl/crypto/ct/ct_vfy.c',
+                'crypto/openssl/crypto/ct/ct_x509v3.c',
+                'crypto/openssl/crypto/ctype.c',
+                'crypto/openssl/crypto/cversion.c',
+                'crypto/openssl/crypto/des/cbc_cksm.c',
+                'crypto/openssl/crypto/des/cbc_enc.c',
+                'crypto/openssl/crypto/des/cfb64ede.c',
+                'crypto/openssl/crypto/des/cfb64enc.c',
+                'crypto/openssl/crypto/des/cfb_enc.c',
+                'crypto/openssl/crypto/des/des_enc.c',
+                'crypto/openssl/crypto/des/ecb3_enc.c',
+                'crypto/openssl/crypto/des/ecb_enc.c',
+                'crypto/openssl/crypto/des/fcrypt_b.c',
+                'crypto/openssl/crypto/des/fcrypt.c',
+                'crypto/openssl/crypto/des/ncbc_enc.c',
+                'crypto/openssl/crypto/des/ofb64ede.c',
+                'crypto/openssl/crypto/des/ofb64enc.c',
+                'crypto/openssl/crypto/des/ofb_enc.c',
+                'crypto/openssl/crypto/des/pcbc_enc.c',
+                'crypto/openssl/crypto/des/qud_cksm.c',
+                'crypto/openssl/crypto/des/rand_key.c',
+                'crypto/openssl/crypto/des/set_key.c',
+                'crypto/openssl/crypto/des/str2key.c',
+                'crypto/openssl/crypto/des/xcbc_enc.c',
                 'crypto/openssl/crypto/dh/dh_ameth.c',
-                'crypto/openssl/crypto/dh/dh_prn.c',
+                'crypto/openssl/crypto/dh/dh_asn1.c',
+                'crypto/openssl/crypto/dh/dh_check.c',
                 'crypto/openssl/crypto/dh/dh_depr.c',
                 'crypto/openssl/crypto/dh/dh_err.c',
+                'crypto/openssl/crypto/dh/dh_gen.c',
+                'crypto/openssl/crypto/dh/dh_kdf.c',
+                'crypto/openssl/crypto/dh/dh_key.c',
+                'crypto/openssl/crypto/dh/dh_lib.c',
+                'crypto/openssl/crypto/dh/dh_meth.c',
                 'crypto/openssl/crypto/dh/dh_pmeth.c',
-                'crypto/openssl/crypto/dh/dh_asn1.c',
-                'crypto/openssl/crypto/dh/dh_check.c',
-                'crypto/openssl/crypto/dh/dhtest.c',
-                'crypto/openssl/crypto/ripemd/rmd_one.c',
-                'crypto/openssl/crypto/ripemd/rmd_dgst.c',
-                'crypto/openssl/crypto/ripemd/rmdtest.c',
-                'crypto/openssl/crypto/ripemd/rmd160.c',
-                'crypto/openssl/crypto/hmac/hm_pmeth.c',
-                'crypto/openssl/crypto/hmac/hm_ameth.c',
-                'crypto/openssl/crypto/hmac/hmactest.c',
-                'crypto/openssl/crypto/hmac/hmac.c',
-                'crypto/openssl/crypto/rand/md_rand.c',
-                'crypto/openssl/crypto/rand/rand_egd.c',
-                'crypto/openssl/crypto/rand/randfile.c',
-                'crypto/openssl/crypto/rand/rand_err.c',
-                'crypto/openssl/crypto/rand/rand_unix.c',
-                'crypto/openssl/crypto/rand/randtest.c',
-                'crypto/openssl/crypto/rand/rand_lib.c',
-                'crypto/openssl/crypto/stack/stack.c',
-                'crypto/openssl/crypto/pem/pem_oth.c',
-                'crypto/openssl/crypto/pem/pem_all.c',
-                'crypto/openssl/crypto/pem/pem_info.c',
-                'crypto/openssl/crypto/pem/pem_pk8.c',
-                'crypto/openssl/crypto/pem/pem_err.c',
-                'crypto/openssl/crypto/pem/pem_sign.c',
-                'crypto/openssl/crypto/pem/pem_lib.c',
-                'crypto/openssl/crypto/pem/pem_x509.c',
-                'crypto/openssl/crypto/pem/pem_seal.c',
-                'crypto/openssl/crypto/pem/pvkfmt.c',
-                'crypto/openssl/crypto/pem/pem_pkey.c',
-                'crypto/openssl/crypto/pem/pem_xaux.c',
-                'crypto/openssl/crypto/evp/e_camellia.c',
-                'crypto/openssl/crypto/evp/p_enc.c',
-                'crypto/openssl/crypto/evp/m_sha.c',
-                'crypto/openssl/crypto/evp/e_rc2.c',
-                'crypto/openssl/crypto/evp/e_old.c',
-                'crypto/openssl/crypto/evp/e_xcbc_d.c',
-                'crypto/openssl/crypto/evp/e_des3.c',
-                'crypto/openssl/crypto/evp/evp_err.c',
-                'crypto/openssl/crypto/evp/p_lib.c',
-                'crypto/openssl/crypto/evp/digest.c',
-                'crypto/openssl/crypto/evp/m_wp.c',
-                'crypto/openssl/crypto/evp/p_seal.c',
-                'crypto/openssl/crypto/evp/e_null.c',
-                'crypto/openssl/crypto/evp/e_aes.c',
-                'crypto/openssl/crypto/evp/m_md2.c',
-                'crypto/openssl/crypto/evp/p_dec.c',
-                'crypto/openssl/crypto/evp/e_idea.c',
-                'crypto/openssl/crypto/evp/evp_pkey.c',
-                'crypto/openssl/crypto/evp/p_open.c',
+                'crypto/openssl/crypto/dh/dh_prn.c',
+                'crypto/openssl/crypto/dh/dh_rfc5114.c',
+                'crypto/openssl/crypto/dh/dh_rfc7919.c',
+                'crypto/openssl/crypto/dllmain.c',
+                'crypto/openssl/crypto/dsa/dsa_ameth.c',
+                'crypto/openssl/crypto/dsa/dsa_asn1.c',
+                'crypto/openssl/crypto/dsa/dsa_depr.c',
+                'crypto/openssl/crypto/dsa/dsa_err.c',
+                'crypto/openssl/crypto/dsa/dsa_gen.c',
+                'crypto/openssl/crypto/dsa/dsa_key.c',
+                'crypto/openssl/crypto/dsa/dsa_lib.c',
+                'crypto/openssl/crypto/dsa/dsa_meth.c',
+                'crypto/openssl/crypto/dsa/dsa_ossl.c',
+                'crypto/openssl/crypto/dsa/dsa_pmeth.c',
+                'crypto/openssl/crypto/dsa/dsa_prn.c',
+                'crypto/openssl/crypto/dsa/dsa_sign.c',
+                'crypto/openssl/crypto/dsa/dsa_vrf.c',
+                'crypto/openssl/crypto/ebcdic.c',
+                'crypto/openssl/crypto/ec/curve25519.c',
+                'crypto/openssl/crypto/ec/curve448/arch_32/f_impl.c',
+                'crypto/openssl/crypto/ec/curve448/curve448.c',
+                'crypto/openssl/crypto/ec/curve448/curve448_tables.c',
+                'crypto/openssl/crypto/ec/curve448/eddsa.c',
+                'crypto/openssl/crypto/ec/curve448/f_generic.c',
+                'crypto/openssl/crypto/ec/curve448/scalar.c',
+                'crypto/openssl/crypto/ec/ec2_oct.c',
+                'crypto/openssl/crypto/ec/ec2_smpl.c',
+                'crypto/openssl/crypto/ec/ec_ameth.c',
+                'crypto/openssl/crypto/ec/ec_asn1.c',
+                'crypto/openssl/crypto/ec/ec_check.c',
+                'crypto/openssl/crypto/ec/ec_curve.c',
+                'crypto/openssl/crypto/ec/ec_cvt.c',
+                'crypto/openssl/crypto/ec/ecdh_kdf.c',
+                'crypto/openssl/crypto/ec/ecdh_ossl.c',
+                'crypto/openssl/crypto/ec/ecdsa_ossl.c',
+                'crypto/openssl/crypto/ec/ecdsa_sign.c',
+                'crypto/openssl/crypto/ec/ecdsa_vrf.c',
+                'crypto/openssl/crypto/ec/ec_err.c',
+                'crypto/openssl/crypto/ec/ec_key.c',
+                'crypto/openssl/crypto/ec/ec_kmeth.c',
+                'crypto/openssl/crypto/ec/eck_prn.c',
+                'crypto/openssl/crypto/ec/ec_lib.c',
+                'crypto/openssl/crypto/ec/ec_mult.c',
+                'crypto/openssl/crypto/ec/ec_oct.c',
+                'crypto/openssl/crypto/ec/ec_pmeth.c',
+                'crypto/openssl/crypto/ec/ecp_mont.c',
+                'crypto/openssl/crypto/ec/ecp_nist.c',
+                'crypto/openssl/crypto/ec/ecp_nistp224.c',
+                'crypto/openssl/crypto/ec/ecp_nistp256.c',
+                'crypto/openssl/crypto/ec/ecp_nistp521.c',
+                'crypto/openssl/crypto/ec/ecp_nistputil.c',
+                'crypto/openssl/crypto/ec/ecp_nistz256.c',
+                'crypto/openssl/crypto/ec/ecp_oct.c',
+                'crypto/openssl/crypto/ec/ec_print.c',
+                'crypto/openssl/crypto/ec/ecp_smpl.c',
+                'crypto/openssl/crypto/ec/ecx_meth.c',
+                'crypto/openssl/crypto/engine/eng_all.c',
+                'crypto/openssl/crypto/engine/eng_cnf.c',
+                'crypto/openssl/crypto/engine/eng_ctrl.c',
+                'crypto/openssl/crypto/engine/eng_devcrypto.c',
+                'crypto/openssl/crypto/engine/eng_err.c',
+                'crypto/openssl/crypto/engine/eng_fat.c',
+                'crypto/openssl/crypto/engine/eng_init.c',
+                'crypto/openssl/crypto/engine/eng_lib.c',
+                'crypto/openssl/crypto/engine/eng_list.c',
+                'crypto/openssl/crypto/engine/eng_openssl.c',
+                'crypto/openssl/crypto/engine/eng_pkey.c',
+                'crypto/openssl/crypto/engine/eng_rdrand.c',
+                'crypto/openssl/crypto/engine/eng_table.c',
+                'crypto/openssl/crypto/engine/tb_asnmth.c',
+                'crypto/openssl/crypto/engine/tb_cipher.c',
+                'crypto/openssl/crypto/engine/tb_dh.c',
+                'crypto/openssl/crypto/engine/tb_digest.c',
+                'crypto/openssl/crypto/engine/tb_dsa.c',
+                'crypto/openssl/crypto/engine/tb_eckey.c',
+                'crypto/openssl/crypto/engine/tb_pkmeth.c',
+                'crypto/openssl/crypto/engine/tb_rand.c',
+                'crypto/openssl/crypto/engine/tb_rsa.c',
+                'crypto/openssl/crypto/err/err_all.c',
+                'crypto/openssl/crypto/err/err.c',
+                'crypto/openssl/crypto/err/err_prn.c',
+                'crypto/openssl/crypto/evp/bio_b64.c',
+                'crypto/openssl/crypto/evp/bio_enc.c',
+                'crypto/openssl/crypto/evp/bio_md.c',
+                'crypto/openssl/crypto/evp/bio_ok.c',
                 'crypto/openssl/crypto/evp/c_allc.c',
-                'crypto/openssl/crypto/evp/m_mdc2.c',
-                'crypto/openssl/crypto/evp/evp_pbe.c',
-                'crypto/openssl/crypto/evp/pmeth_lib.c',
                 'crypto/openssl/crypto/evp/c_alld.c',
+                'crypto/openssl/crypto/evp/cmeth_lib.c',
+                'crypto/openssl/crypto/evp/digest.c',
+                'crypto/openssl/crypto/evp/e_aes.c',
                 'crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c',
-                'crypto/openssl/crypto/evp/openbsd_hw.c',
-                'crypto/openssl/crypto/evp/p_verify.c',
-                'crypto/openssl/crypto/evp/evp_acnf.c',
-                'crypto/openssl/crypto/evp/evp_enc.c',
-                'crypto/openssl/crypto/evp/m_md5.c',
-                'crypto/openssl/crypto/evp/evp_extra_test.c',
-                'crypto/openssl/crypto/evp/m_ripemd.c',
-                'crypto/openssl/crypto/evp/p_sign.c',
-                'crypto/openssl/crypto/evp/bio_ok.c',
-                'crypto/openssl/crypto/evp/e_rc5.c',
-                'crypto/openssl/crypto/evp/e_des.c',
-                'crypto/openssl/crypto/evp/evp_cnf.c',
                 'crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha256.c',
+                'crypto/openssl/crypto/evp/e_aria.c',
+                'crypto/openssl/crypto/evp/e_bf.c',
+                'crypto/openssl/crypto/evp/e_camellia.c',
                 'crypto/openssl/crypto/evp/e_cast.c',
-                'crypto/openssl/crypto/evp/bio_enc.c',
-                'crypto/openssl/crypto/evp/m_md4.c',
-                'crypto/openssl/crypto/evp/p5_crpt.c',
-                'crypto/openssl/crypto/evp/evp_lib.c',
-                'crypto/openssl/crypto/evp/bio_b64.c',
-                'crypto/openssl/crypto/evp/evp_test.c',
-                'crypto/openssl/crypto/evp/c_all.c',
-                'crypto/openssl/crypto/evp/m_null.c',
+                'crypto/openssl/crypto/evp/e_chacha20_poly1305.c',
+                'crypto/openssl/crypto/evp/e_des3.c',
+                'crypto/openssl/crypto/evp/e_des.c',
+                'crypto/openssl/crypto/evp/e_idea.c',
+                'crypto/openssl/crypto/evp/encode.c',
+                'crypto/openssl/crypto/evp/e_null.c',
+                'crypto/openssl/crypto/evp/e_old.c',
+                'crypto/openssl/crypto/evp/e_rc2.c',
                 'crypto/openssl/crypto/evp/e_rc4.c',
-                'crypto/openssl/crypto/evp/m_sigver.c',
-                'crypto/openssl/crypto/evp/m_sha1.c',
+                'crypto/openssl/crypto/evp/e_rc4_hmac_md5.c',
                 'crypto/openssl/crypto/evp/e_seed.c',
+                'crypto/openssl/crypto/evp/e_sm4.c',
+                'crypto/openssl/crypto/evp/evp_cnf.c',
+                'crypto/openssl/crypto/evp/evp_enc.c',
+                'crypto/openssl/crypto/evp/evp_err.c',
                 'crypto/openssl/crypto/evp/evp_key.c',
-                'crypto/openssl/crypto/evp/e_rc4_hmac_md5.c',
-                'crypto/openssl/crypto/evp/e_bf.c',
+                'crypto/openssl/crypto/evp/evp_lib.c',
+                'crypto/openssl/crypto/evp/evp_pbe.c',
+                'crypto/openssl/crypto/evp/evp_pkey.c',
+                'crypto/openssl/crypto/evp/e_xcbc_d.c',
+                'crypto/openssl/crypto/evp/m_md4.c',
+                'crypto/openssl/crypto/evp/m_md5.c',
+                'crypto/openssl/crypto/evp/m_md5_sha1.c',
+                'crypto/openssl/crypto/evp/m_mdc2.c',
+                'crypto/openssl/crypto/evp/m_null.c',
+                'crypto/openssl/crypto/evp/m_ripemd.c',
+                'crypto/openssl/crypto/evp/m_sha1.c',
+                'crypto/openssl/crypto/evp/m_sha3.c',
+                'crypto/openssl/crypto/evp/m_sigver.c',
+                'crypto/openssl/crypto/evp/m_wp.c',
+                'crypto/openssl/crypto/evp/names.c',
+                'crypto/openssl/crypto/evp/p5_crpt2.c',
+                'crypto/openssl/crypto/evp/p5_crpt.c',
+                'crypto/openssl/crypto/evp/pbe_scrypt.c',
+                'crypto/openssl/crypto/evp/p_dec.c',
+                'crypto/openssl/crypto/evp/p_enc.c',
+                'crypto/openssl/crypto/evp/p_lib.c',
                 'crypto/openssl/crypto/evp/pmeth_fn.c',
-                'crypto/openssl/crypto/evp/m_ecdsa.c',
                 'crypto/openssl/crypto/evp/pmeth_gn.c',
-                'crypto/openssl/crypto/evp/p5_crpt2.c',
-                'crypto/openssl/crypto/evp/bio_md.c',
-                'crypto/openssl/crypto/evp/names.c',
-                'crypto/openssl/crypto/evp/encode.c',
-                'crypto/openssl/crypto/evp/m_dss.c',
-                'crypto/openssl/crypto/evp/m_dss1.c',
-                'crypto/openssl/crypto/ppccap.c',
-                'crypto/openssl/crypto/txt_db/txt_db.c',
-                'crypto/openssl/crypto/s390xcap.c',
-                'crypto/openssl/crypto/cmac/cm_pmeth.c',
-                'crypto/openssl/crypto/cmac/cmac.c',
-                'crypto/openssl/crypto/cmac/cm_ameth.c',
-                'crypto/openssl/crypto/dsa/dsa_key.c',
-                'crypto/openssl/crypto/dsa/dsa_err.c',
-                'crypto/openssl/crypto/dsa/dsa_gen.c',
-                'crypto/openssl/crypto/dsa/dsa_ossl.c',
-                'crypto/openssl/crypto/dsa/dsa_lib.c',
-                'crypto/openssl/crypto/dsa/dsa_vrf.c',
-                'crypto/openssl/crypto/dsa/dsa_sign.c',
-                'crypto/openssl/crypto/dsa/dsagen.c',
-                'crypto/openssl/crypto/dsa/dsa_ameth.c',
-                'crypto/openssl/crypto/dsa/dsa_pmeth.c',
-                'crypto/openssl/crypto/dsa/dsa_depr.c',
-                'crypto/openssl/crypto/dsa/dsa_asn1.c',
-                'crypto/openssl/crypto/dsa/dsa_prn.c',
-                'crypto/openssl/crypto/dsa/dsatest.c',
-                'crypto/openssl/crypto/md4/md4test.c',
-                'crypto/openssl/crypto/md4/md4_dgst.c',
-                'crypto/openssl/crypto/md4/md4.c',
-                'crypto/openssl/crypto/md4/md4_one.c',
-                'crypto/openssl/crypto/sha/shatest.c',
-                'crypto/openssl/crypto/sha/sha1.c',
-                'crypto/openssl/crypto/sha/sha1test.c',
-                'crypto/openssl/crypto/sha/sha_dgst.c',
-                'crypto/openssl/crypto/sha/sha512.c',
-                'crypto/openssl/crypto/sha/sha_one.c',
-                'crypto/openssl/crypto/sha/sha256.c',
-                'crypto/openssl/crypto/sha/sha1dgst.c',
-                'crypto/openssl/crypto/sha/sha1_one.c',
-                'crypto/openssl/crypto/sha/sha.c',
-                'crypto/openssl/crypto/sha/sha256t.c',
-                'crypto/openssl/crypto/sha/sha512t.c',
-                'crypto/openssl/crypto/ui/ui_openssl.c',
-                'crypto/openssl/crypto/ui/ui_compat.c',
-                'crypto/openssl/crypto/ui/ui_lib.c',
-                'crypto/openssl/crypto/ui/ui_err.c',
-                'crypto/openssl/crypto/ui/ui_util.c',
-                'crypto/openssl/crypto/pkcs7/pkcs7err.c',
-                'crypto/openssl/crypto/pkcs7/pk7_dgst.c',
-                'crypto/openssl/crypto/pkcs7/pk7_lib.c',
-                'crypto/openssl/crypto/pkcs7/pk7_smime.c',
-                'crypto/openssl/crypto/pkcs7/pk7_mime.c',
-                'crypto/openssl/crypto/pkcs7/bio_pk7.c',
-                'crypto/openssl/crypto/pkcs7/pk7_asn1.c',
-                'crypto/openssl/crypto/pkcs7/pk7_attr.c',
-                'crypto/openssl/crypto/pkcs7/pk7_doit.c',
-                'crypto/openssl/crypto/err/err_all.c',
-                'crypto/openssl/crypto/err/err.c',
-                'crypto/openssl/crypto/err/err_prn.c',
+                'crypto/openssl/crypto/evp/pmeth_lib.c',
+                'crypto/openssl/crypto/evp/p_open.c',
+                'crypto/openssl/crypto/evp/p_seal.c',
+                'crypto/openssl/crypto/evp/p_sign.c',
+                'crypto/openssl/crypto/evp/p_verify.c',
                 'crypto/openssl/crypto/ex_data.c',
-                'crypto/openssl/crypto/dso/dso_openssl.c',
-                'crypto/openssl/crypto/dso/dso_dl.c',
-                'crypto/openssl/crypto/dso/dso_beos.c',
-                'crypto/openssl/crypto/dso/dso_dlfcn.c',
-                'crypto/openssl/crypto/dso/dso_err.c',
-                'crypto/openssl/crypto/dso/dso_null.c',
-                'crypto/openssl/crypto/dso/dso_lib.c',
-                'crypto/openssl/crypto/idea/i_ecb.c',
+                'crypto/openssl/crypto/hmac/hmac.c',
+                'crypto/openssl/crypto/hmac/hm_ameth.c',
+                'crypto/openssl/crypto/hmac/hm_pmeth.c',
+                'crypto/openssl/crypto/idea/i_cbc.c',
                 'crypto/openssl/crypto/idea/i_cfb64.c',
+                'crypto/openssl/crypto/idea/i_ecb.c',
                 'crypto/openssl/crypto/idea/i_ofb64.c',
-                'crypto/openssl/crypto/idea/ideatest.c',
-                'crypto/openssl/crypto/idea/i_cbc.c',
                 'crypto/openssl/crypto/idea/i_skey.c',
-                'crypto/openssl/crypto/idea/idea_spd.c',
-                'crypto/openssl/crypto/armcap.c',
-                'crypto/openssl/crypto/engine/tb_asnmth.c',
-                'crypto/openssl/crypto/engine/eng_dyn.c',
-                'crypto/openssl/crypto/engine/eng_openssl.c',
-                'crypto/openssl/crypto/engine/eng_all.c',
-                'crypto/openssl/crypto/engine/tb_ecdsa.c',
-                'crypto/openssl/crypto/engine/eng_lib.c',
-                'crypto/openssl/crypto/engine/eng_err.c',
-                'crypto/openssl/crypto/engine/tb_store.c',
-                'crypto/openssl/crypto/engine/eng_init.c',
-                'crypto/openssl/crypto/engine/tb_dsa.c',
-                'crypto/openssl/crypto/engine/eng_pkey.c',
-                'crypto/openssl/crypto/engine/eng_cnf.c',
-                'crypto/openssl/crypto/engine/eng_ctrl.c',
-                'crypto/openssl/crypto/engine/eng_list.c',
-                'crypto/openssl/crypto/engine/tb_cipher.c',
-                'crypto/openssl/crypto/engine/tb_dh.c',
-                'crypto/openssl/crypto/engine/eng_rdrand.c',
-                'crypto/openssl/crypto/engine/tb_rsa.c',
-                'crypto/openssl/crypto/engine/tb_pkmeth.c',
-                'crypto/openssl/crypto/engine/eng_cryptodev.c',
-                'crypto/openssl/crypto/engine/tb_digest.c',
-                'crypto/openssl/crypto/engine/tb_ecdh.c',
-                'crypto/openssl/crypto/engine/enginetest.c',
-                'crypto/openssl/crypto/engine/eng_fat.c',
-                'crypto/openssl/crypto/engine/tb_rand.c',
-                'crypto/openssl/crypto/engine/eng_table.c',
-                'crypto/openssl/crypto/cryptlib.c',
-                'crypto/openssl/crypto/comp/comp_lib.c',
-                'crypto/openssl/crypto/comp/c_rle.c',
-                'crypto/openssl/crypto/comp/c_zlib.c',
-                'crypto/openssl/crypto/comp/comp_err.c',
-                'crypto/openssl/crypto/ecdsa/ecs_sign.c',
-                'crypto/openssl/crypto/ecdsa/ecs_vrf.c',
-                'crypto/openssl/crypto/ecdsa/ecdsatest.c',
-                'crypto/openssl/crypto/ecdsa/ecs_ossl.c',
-                'crypto/openssl/crypto/ecdsa/ecs_asn1.c',
-                'crypto/openssl/crypto/ecdsa/ecs_err.c',
-                'crypto/openssl/crypto/ecdsa/ecs_lib.c',
-                'crypto/openssl/crypto/pkcs12/p12_key.c',
-                'crypto/openssl/crypto/pkcs12/pk12err.c',
+                'crypto/openssl/crypto/init.c',
+                'crypto/openssl/crypto/kdf/hkdf.c',
+                'crypto/openssl/crypto/kdf/kdf_err.c',
+                'crypto/openssl/crypto/kdf/scrypt.c',
+                'crypto/openssl/crypto/kdf/tls1_prf.c',
+                'crypto/openssl/crypto/lhash/lhash.c',
+                'crypto/openssl/crypto/lhash/lh_stats.c',
+                'crypto/openssl/crypto/md4/md4_dgst.c',
+                'crypto/openssl/crypto/md4/md4_one.c',
+                'crypto/openssl/crypto/md5/md5_dgst.c',
+                'crypto/openssl/crypto/md5/md5_one.c',
+                'crypto/openssl/crypto/mdc2/mdc2dgst.c',
+                'crypto/openssl/crypto/mdc2/mdc2_one.c',
+                'crypto/openssl/crypto/mem.c',
+                'crypto/openssl/crypto/mem_clr.c',
+                'crypto/openssl/crypto/mem_dbg.c',
+                'crypto/openssl/crypto/mem_sec.c',
+                'crypto/openssl/crypto/modes/cbc128.c',
+                'crypto/openssl/crypto/modes/ccm128.c',
+                'crypto/openssl/crypto/modes/cfb128.c',
+                'crypto/openssl/crypto/modes/ctr128.c',
+                'crypto/openssl/crypto/modes/cts128.c',
+                'crypto/openssl/crypto/modes/gcm128.c',
+                'crypto/openssl/crypto/modes/ocb128.c',
+                'crypto/openssl/crypto/modes/ofb128.c',
+                'crypto/openssl/crypto/modes/wrap128.c',
+                'crypto/openssl/crypto/modes/xts128.c',
+                'crypto/openssl/crypto/objects/obj_dat.c',
+                'crypto/openssl/crypto/objects/obj_err.c',
+                'crypto/openssl/crypto/objects/obj_lib.c',
+                'crypto/openssl/crypto/objects/obj_xref.c',
+                'crypto/openssl/crypto/objects/o_names.c',
+                'crypto/openssl/crypto/ocsp/ocsp_asn.c',
+                'crypto/openssl/crypto/ocsp/ocsp_cl.c',
+                'crypto/openssl/crypto/ocsp/ocsp_err.c',
+                'crypto/openssl/crypto/ocsp/ocsp_ext.c',
+                'crypto/openssl/crypto/ocsp/ocsp_ht.c',
+                'crypto/openssl/crypto/ocsp/ocsp_lib.c',
+                'crypto/openssl/crypto/ocsp/ocsp_prn.c',
+                'crypto/openssl/crypto/ocsp/ocsp_srv.c',
+                'crypto/openssl/crypto/ocsp/ocsp_vfy.c',
+                'crypto/openssl/crypto/ocsp/v3_ocsp.c',
+                'crypto/openssl/crypto/o_dir.c',
+                'crypto/openssl/crypto/o_fips.c',
+                'crypto/openssl/crypto/o_fopen.c',
+                'crypto/openssl/crypto/o_init.c',
+                'crypto/openssl/crypto/o_str.c',
+                'crypto/openssl/crypto/o_time.c',
+                'crypto/openssl/crypto/pem/pem_all.c',
+                'crypto/openssl/crypto/pem/pem_err.c',
+                'crypto/openssl/crypto/pem/pem_info.c',
+                'crypto/openssl/crypto/pem/pem_lib.c',
+                'crypto/openssl/crypto/pem/pem_oth.c',
+                'crypto/openssl/crypto/pem/pem_pk8.c',
+                'crypto/openssl/crypto/pem/pem_pkey.c',
+                'crypto/openssl/crypto/pem/pem_sign.c',
+                'crypto/openssl/crypto/pem/pem_x509.c',
+                'crypto/openssl/crypto/pem/pem_xaux.c',
+                'crypto/openssl/crypto/pem/pvkfmt.c',
+                'crypto/openssl/crypto/pkcs12/p12_add.c',
                 'crypto/openssl/crypto/pkcs12/p12_asn.c',
+                'crypto/openssl/crypto/pkcs12/p12_attr.c',
                 'crypto/openssl/crypto/pkcs12/p12_crpt.c',
+                'crypto/openssl/crypto/pkcs12/p12_crt.c',
+                'crypto/openssl/crypto/pkcs12/p12_decr.c',
                 'crypto/openssl/crypto/pkcs12/p12_init.c',
-                'crypto/openssl/crypto/pkcs12/p12_p8e.c',
-                'crypto/openssl/crypto/pkcs12/p12_p8d.c',
-                'crypto/openssl/crypto/pkcs12/p12_mutl.c',
-                'crypto/openssl/crypto/pkcs12/p12_utl.c',
+                'crypto/openssl/crypto/pkcs12/p12_key.c',
                 'crypto/openssl/crypto/pkcs12/p12_kiss.c',
-                'crypto/openssl/crypto/pkcs12/p12_decr.c',
-                'crypto/openssl/crypto/pkcs12/p12_crt.c',
-                'crypto/openssl/crypto/pkcs12/p12_add.c',
+                'crypto/openssl/crypto/pkcs12/p12_mutl.c',
                 'crypto/openssl/crypto/pkcs12/p12_npas.c',
-                'crypto/openssl/crypto/pkcs12/p12_attr.c',
+                'crypto/openssl/crypto/pkcs12/p12_p8d.c',
+                'crypto/openssl/crypto/pkcs12/p12_p8e.c',
+                'crypto/openssl/crypto/pkcs12/p12_sbag.c',
+                'crypto/openssl/crypto/pkcs12/p12_utl.c',
+                'crypto/openssl/crypto/pkcs12/pk12err.c',
+                'crypto/openssl/crypto/pkcs7/bio_pk7.c',
+                'crypto/openssl/crypto/pkcs7/pk7_asn1.c',
+                'crypto/openssl/crypto/pkcs7/pk7_attr.c',
+                'crypto/openssl/crypto/pkcs7/pk7_doit.c',
+                'crypto/openssl/crypto/pkcs7/pk7_lib.c',
+                'crypto/openssl/crypto/pkcs7/pk7_mime.c',
+                'crypto/openssl/crypto/pkcs7/pk7_smime.c',
+                'crypto/openssl/crypto/pkcs7/pkcs7err.c',
+                'crypto/openssl/crypto/poly1305/poly1305_ameth.c',
+                'crypto/openssl/crypto/poly1305/poly1305.c',
+                'crypto/openssl/crypto/poly1305/poly1305_pmeth.c',
+                'crypto/openssl/crypto/rand/drbg_ctr.c',
+                'crypto/openssl/crypto/rand/drbg_lib.c',
+                'crypto/openssl/crypto/rand/rand_egd.c',
+                'crypto/openssl/crypto/rand/rand_err.c',
+                'crypto/openssl/crypto/rand/randfile.c',
+                'crypto/openssl/crypto/rand/rand_lib.c',
+                'crypto/openssl/crypto/rand/rand_unix.c',
+                'crypto/openssl/crypto/rc2/rc2_cbc.c',
+                'crypto/openssl/crypto/rc2/rc2cfb64.c',
+                'crypto/openssl/crypto/rc2/rc2_ecb.c',
+                'crypto/openssl/crypto/rc2/rc2ofb64.c',
+                'crypto/openssl/crypto/rc2/rc2_skey.c',
+                'crypto/openssl/crypto/rc4/rc4_enc.c',
+                'crypto/openssl/crypto/rc4/rc4_skey.c',
+                'crypto/openssl/crypto/ripemd/rmd_dgst.c',
+                'crypto/openssl/crypto/ripemd/rmd_one.c',
+                'crypto/openssl/crypto/rsa/rsa_ameth.c',
+                'crypto/openssl/crypto/rsa/rsa_asn1.c',
+                'crypto/openssl/crypto/rsa/rsa_chk.c',
+                'crypto/openssl/crypto/rsa/rsa_crpt.c',
+                'crypto/openssl/crypto/rsa/rsa_depr.c',
+                'crypto/openssl/crypto/rsa/rsa_err.c',
+                'crypto/openssl/crypto/rsa/rsa_gen.c',
+                'crypto/openssl/crypto/rsa/rsa_lib.c',
+                'crypto/openssl/crypto/rsa/rsa_meth.c',
+                'crypto/openssl/crypto/rsa/rsa_mp.c',
+                'crypto/openssl/crypto/rsa/rsa_none.c',
+                'crypto/openssl/crypto/rsa/rsa_oaep.c',
+                'crypto/openssl/crypto/rsa/rsa_ossl.c',
+                'crypto/openssl/crypto/rsa/rsa_pk1.c',
+                'crypto/openssl/crypto/rsa/rsa_pmeth.c',
+                'crypto/openssl/crypto/rsa/rsa_prn.c',
+                'crypto/openssl/crypto/rsa/rsa_pss.c',
+                'crypto/openssl/crypto/rsa/rsa_saos.c',
+                'crypto/openssl/crypto/rsa/rsa_sign.c',
+                'crypto/openssl/crypto/rsa/rsa_ssl.c',
+                'crypto/openssl/crypto/rsa/rsa_x931.c',
+                'crypto/openssl/crypto/rsa/rsa_x931g.c',
+                'crypto/openssl/crypto/seed/seed.c',
+                'crypto/openssl/crypto/seed/seed_cbc.c',
+                'crypto/openssl/crypto/seed/seed_cfb.c',
+                'crypto/openssl/crypto/seed/seed_ecb.c',
+                'crypto/openssl/crypto/seed/seed_ofb.c',
+                'crypto/openssl/crypto/sha/keccak1600.c',
+                'crypto/openssl/crypto/sha/sha1dgst.c',
+                'crypto/openssl/crypto/sha/sha1_one.c',
+                'crypto/openssl/crypto/sha/sha256.c',
+                'crypto/openssl/crypto/sha/sha512.c',
+                'crypto/openssl/crypto/siphash/siphash_ameth.c',
+                'crypto/openssl/crypto/siphash/siphash.c',
+                'crypto/openssl/crypto/siphash/siphash_pmeth.c',
+                'crypto/openssl/crypto/sm2/sm2_crypt.c',
+                'crypto/openssl/crypto/sm2/sm2_err.c',
+                'crypto/openssl/crypto/sm2/sm2_pmeth.c',
+                'crypto/openssl/crypto/sm2/sm2_sign.c',
+                'crypto/openssl/crypto/sm3/m_sm3.c',
+                'crypto/openssl/crypto/sm3/sm3.c',
+                'crypto/openssl/crypto/sm4/sm4.c',
                 'crypto/openssl/crypto/srp/srp_lib.c',
                 'crypto/openssl/crypto/srp/srp_vfy.c',
-                'crypto/openssl/crypto/srp/srptest.c',
+                'crypto/openssl/crypto/stack/stack.c',
+                'crypto/openssl/crypto/store/loader_file.c',
+                'crypto/openssl/crypto/store/store_err.c',
+                'crypto/openssl/crypto/store/store_init.c',
+                'crypto/openssl/crypto/store/store_lib.c',
+                'crypto/openssl/crypto/store/store_register.c',
+                'crypto/openssl/crypto/store/store_strings.c',
+                'crypto/openssl/crypto/threads_none.c',
+                'crypto/openssl/crypto/threads_pthread.c',
+                'crypto/openssl/crypto/ts/ts_asn1.c',
+                'crypto/openssl/crypto/ts/ts_conf.c',
+                'crypto/openssl/crypto/ts/ts_err.c',
+                'crypto/openssl/crypto/ts/ts_lib.c',
+                'crypto/openssl/crypto/ts/ts_req_print.c',
+                'crypto/openssl/crypto/ts/ts_req_utils.c',
+                'crypto/openssl/crypto/ts/ts_rsp_print.c',
+                'crypto/openssl/crypto/ts/ts_rsp_sign.c',
+                'crypto/openssl/crypto/ts/ts_rsp_utils.c',
+                'crypto/openssl/crypto/ts/ts_rsp_verify.c',
+                'crypto/openssl/crypto/ts/ts_verify_ctx.c',
+                'crypto/openssl/crypto/txt_db/txt_db.c',
+                'crypto/openssl/crypto/uid.c',
+                'crypto/openssl/crypto/ui/ui_err.c',
+                'crypto/openssl/crypto/ui/ui_lib.c',
+                'crypto/openssl/crypto/ui/ui_null.c',
+                'crypto/openssl/crypto/ui/ui_openssl.c',
+                'crypto/openssl/crypto/ui/ui_util.c',
+                'crypto/openssl/crypto/whrlpool/wp_block.c',
+                'crypto/openssl/crypto/whrlpool/wp_dgst.c',
+                'crypto/openssl/crypto/x509/by_dir.c',
+                'crypto/openssl/crypto/x509/by_file.c',
+                'crypto/openssl/crypto/x509/t_crl.c',
+                'crypto/openssl/crypto/x509/t_req.c',
+                'crypto/openssl/crypto/x509/t_x509.c',
+                'crypto/openssl/crypto/x509v3/pcy_cache.c',
+                'crypto/openssl/crypto/x509v3/pcy_data.c',
                 'crypto/openssl/crypto/x509v3/pcy_lib.c',
-                'crypto/openssl/crypto/x509v3/v3_pmaps.c',
+                'crypto/openssl/crypto/x509v3/pcy_map.c',
+                'crypto/openssl/crypto/x509v3/pcy_node.c',
+                'crypto/openssl/crypto/x509v3/pcy_tree.c',
+                'crypto/openssl/crypto/x509v3/v3_addr.c',
+                'crypto/openssl/crypto/x509v3/v3_admis.c',
                 'crypto/openssl/crypto/x509v3/v3_akeya.c',
-                'crypto/openssl/crypto/x509v3/pcy_cache.c',
-                'crypto/openssl/crypto/x509v3/v3_extku.c',
+                'crypto/openssl/crypto/x509v3/v3_akey.c',
+                'crypto/openssl/crypto/x509v3/v3_alt.c',
+                'crypto/openssl/crypto/x509v3/v3_asid.c',
                 'crypto/openssl/crypto/x509v3/v3_bcons.c',
-                'crypto/openssl/crypto/x509v3/v3_scts.c',
-                'crypto/openssl/crypto/x509v3/v3_utl.c',
-                'crypto/openssl/crypto/x509v3/v3_ia5.c',
-                'crypto/openssl/crypto/x509v3/v3nametest.c',
-                'crypto/openssl/crypto/x509v3/v3_pci.c',
-                'crypto/openssl/crypto/x509v3/v3_int.c',
-                'crypto/openssl/crypto/x509v3/v3_crld.c',
                 'crypto/openssl/crypto/x509v3/v3_bitst.c',
+                'crypto/openssl/crypto/x509v3/v3_conf.c',
                 'crypto/openssl/crypto/x509v3/v3_cpols.c',
-                'crypto/openssl/crypto/x509v3/v3_sxnet.c',
-                'crypto/openssl/crypto/x509v3/v3_alt.c',
-                'crypto/openssl/crypto/x509v3/pcy_node.c',
-                'crypto/openssl/crypto/x509v3/tabtest.c',
-                'crypto/openssl/crypto/x509v3/v3_pcia.c',
-                'crypto/openssl/crypto/x509v3/v3_pku.c',
-                'crypto/openssl/crypto/x509v3/v3_info.c',
-                'crypto/openssl/crypto/x509v3/v3_genn.c',
-                'crypto/openssl/crypto/x509v3/pcy_data.c',
+                'crypto/openssl/crypto/x509v3/v3_crld.c',
                 'crypto/openssl/crypto/x509v3/v3_enum.c',
                 'crypto/openssl/crypto/x509v3/v3err.c',
+                'crypto/openssl/crypto/x509v3/v3_extku.c',
+                'crypto/openssl/crypto/x509v3/v3_genn.c',
+                'crypto/openssl/crypto/x509v3/v3_ia5.c',
+                'crypto/openssl/crypto/x509v3/v3_info.c',
+                'crypto/openssl/crypto/x509v3/v3_int.c',
                 'crypto/openssl/crypto/x509v3/v3_lib.c',
-                'crypto/openssl/crypto/x509v3/v3_pcons.c',
-                'crypto/openssl/crypto/x509v3/pcy_tree.c',
-                'crypto/openssl/crypto/x509v3/v3_conf.c',
-                'crypto/openssl/crypto/x509v3/v3_asid.c',
-                'crypto/openssl/crypto/x509v3/v3_akey.c',
-                'crypto/openssl/crypto/x509v3/v3_addr.c',
-                'crypto/openssl/crypto/x509v3/pcy_map.c',
-                'crypto/openssl/crypto/x509v3/v3_ocsp.c',
-                'crypto/openssl/crypto/x509v3/v3prin.c',
-                'crypto/openssl/crypto/x509v3/v3_skey.c',
-                'crypto/openssl/crypto/x509v3/v3_purp.c',
                 'crypto/openssl/crypto/x509v3/v3_ncons.c',
+                'crypto/openssl/crypto/x509v3/v3_pcia.c',
+                'crypto/openssl/crypto/x509v3/v3_pci.c',
+                'crypto/openssl/crypto/x509v3/v3_pcons.c',
+                'crypto/openssl/crypto/x509v3/v3_pku.c',
+                'crypto/openssl/crypto/x509v3/v3_pmaps.c',
                 'crypto/openssl/crypto/x509v3/v3_prn.c',
-                'crypto/openssl/crypto/aes/aes_core.c',
-                'crypto/openssl/crypto/aes/aes_ige.c',
-                'crypto/openssl/crypto/aes/aes_ofb.c',
-                'crypto/openssl/crypto/aes/aes_cfb.c',
-                'crypto/openssl/crypto/aes/aes_cbc.c',
-                'crypto/openssl/crypto/aes/aes_ctr.c',
-                'crypto/openssl/crypto/aes/aes_misc.c',
-                'crypto/openssl/crypto/aes/aes_ecb.c',
-                'crypto/openssl/crypto/aes/aes_wrap.c',
-                'crypto/openssl/crypto/o_dir.c',
-                'crypto/openssl/crypto/bf/bf_opts.c',
-                'crypto/openssl/crypto/bf/bf_ofb64.c',
-                'crypto/openssl/crypto/bf/bf_skey.c',
-                'crypto/openssl/crypto/bf/bftest.c',
-                'crypto/openssl/crypto/bf/bf_enc.c',
-                'crypto/openssl/crypto/bf/bfspeed.c',
-                'crypto/openssl/crypto/bf/bf_cfb64.c',
-                'crypto/openssl/crypto/bf/bf_ecb.c',
-                'crypto/openssl/crypto/rc4/rc4_utl.c',
-                'crypto/openssl/crypto/rc4/rc4_enc.c',
-                'crypto/openssl/crypto/rc4/rc4speed.c',
-                'crypto/openssl/crypto/rc4/rc4_skey.c',
-                'crypto/openssl/crypto/rc4/rc4test.c',
-                'crypto/openssl/crypto/ocsp/ocsp_err.c',
-                'crypto/openssl/crypto/ocsp/ocsp_prn.c',
-                'crypto/openssl/crypto/ocsp/ocsp_cl.c',
-                'crypto/openssl/crypto/ocsp/ocsp_vfy.c',
-                'crypto/openssl/crypto/ocsp/ocsp_lib.c',
-                'crypto/openssl/crypto/ocsp/ocsp_srv.c',
-                'crypto/openssl/crypto/ocsp/ocsp_asn.c',
-                'crypto/openssl/crypto/ocsp/ocsp_ht.c',
-                'crypto/openssl/crypto/ocsp/ocsp_ext.c',
-                'crypto/openssl/crypto/rc2/rc2speed.c',
-                'crypto/openssl/crypto/rc2/rc2_skey.c',
-                'crypto/openssl/crypto/rc2/rc2_ecb.c',
-                'crypto/openssl/crypto/rc2/rc2ofb64.c',
-                'crypto/openssl/crypto/rc2/rc2test.c',
-                'crypto/openssl/crypto/rc2/tab.c',
-                'crypto/openssl/crypto/rc2/rc2cfb64.c',
-                'crypto/openssl/crypto/rc2/rc2_cbc.c',
-                'crypto/openssl/crypto/md5/md5_one.c',
-                'crypto/openssl/crypto/md5/md5test.c',
-                'crypto/openssl/crypto/md5/md5_dgst.c',
-                'crypto/openssl/crypto/md5/md5.c',
-                'crypto/openssl/crypto/des/rpw.c',
-                'crypto/openssl/crypto/des/cbc_cksm.c',
-                'crypto/openssl/crypto/des/speed.c',
-                'crypto/openssl/crypto/des/str2key.c',
-                'crypto/openssl/crypto/des/rpc_enc.c',
-                'crypto/openssl/crypto/des/ecb_enc.c',
-                'crypto/openssl/crypto/des/cfb64enc.c',
-                'crypto/openssl/crypto/des/des_old2.c',
-                'crypto/openssl/crypto/des/fcrypt_b.c',
-                'crypto/openssl/crypto/des/cfb_enc.c',
-                'crypto/openssl/crypto/des/ofb64ede.c',
-                'crypto/openssl/crypto/des/cbc_enc.c',
-                'crypto/openssl/crypto/des/set_key.c',
-                'crypto/openssl/crypto/des/enc_read.c',
-                'crypto/openssl/crypto/des/cbc3_enc.c',
-                'crypto/openssl/crypto/des/ncbc_enc.c',
-                'crypto/openssl/crypto/des/ofb64enc.c',
-                'crypto/openssl/crypto/des/qud_cksm.c',
-                'crypto/openssl/crypto/des/read_pwd.c',
-                'crypto/openssl/crypto/des/cfb64ede.c',
-                'crypto/openssl/crypto/des/des.c',
-                'crypto/openssl/crypto/des/fcrypt.c',
-                'crypto/openssl/crypto/des/ofb_enc.c',
-                'crypto/openssl/crypto/des/rand_key.c',
-                'crypto/openssl/crypto/des/enc_writ.c',
-                'crypto/openssl/crypto/des/xcbc_enc.c',
-                'crypto/openssl/crypto/des/ede_cbcm_enc.c',
-                'crypto/openssl/crypto/des/read2pwd.c',
-                'crypto/openssl/crypto/des/pcbc_enc.c',
-                'crypto/openssl/crypto/des/des_enc.c',
-                'crypto/openssl/crypto/des/ecb3_enc.c',
-                'crypto/openssl/crypto/cpt_err.c',
-                'crypto/openssl/crypto/o_init.c',
-                'crypto/openssl/crypto/krb5/krb5_asn.c',
-                'crypto/openssl/crypto/mem_dbg.c',
-                'crypto/openssl/crypto/constant_time_test.c',
-                'crypto/openssl/crypto/ebcdic.c',
-                'crypto/openssl/crypto/camellia/camellia.c',
-                'crypto/openssl/crypto/camellia/cmll_misc.c',
-                'crypto/openssl/crypto/camellia/cmll_cbc.c',
-                'crypto/openssl/crypto/camellia/cmll_utl.c',
-                'crypto/openssl/crypto/camellia/cmll_ofb.c',
-                'crypto/openssl/crypto/camellia/cmll_ecb.c',
-                'crypto/openssl/crypto/camellia/cmll_ctr.c',
-                'crypto/openssl/crypto/camellia/cmll_cfb.c',
-                'crypto/openssl/crypto/x509/x509_r2x.c',
-                'crypto/openssl/crypto/x509/x509type.c',
-                'crypto/openssl/crypto/x509/x509_vfy.c',
-                'crypto/openssl/crypto/x509/x509_set.c',
-                'crypto/openssl/crypto/x509/x509_lu.c',
-                'crypto/openssl/crypto/x509/x509_trs.c',
-                'crypto/openssl/crypto/x509/verify_extra_test.c',
-                'crypto/openssl/crypto/x509/x509rset.c',
-                'crypto/openssl/crypto/x509/x509_ext.c',
-                'crypto/openssl/crypto/x509/x_all.c',
-                'crypto/openssl/crypto/x509/x509_vpm.c',
-                'crypto/openssl/crypto/x509/x509_v3.c',
-                'crypto/openssl/crypto/x509/x509_err.c',
-                'crypto/openssl/crypto/x509/by_file.c',
-                'crypto/openssl/crypto/x509/x509_txt.c',
-                'crypto/openssl/crypto/x509/x509_obj.c',
+                'crypto/openssl/crypto/x509v3/v3_purp.c',
+                'crypto/openssl/crypto/x509v3/v3_skey.c',
+                'crypto/openssl/crypto/x509v3/v3_sxnet.c',
+                'crypto/openssl/crypto/x509v3/v3_tlsf.c',
+                'crypto/openssl/crypto/x509v3/v3_utl.c',
                 'crypto/openssl/crypto/x509/x509_att.c',
-                'crypto/openssl/crypto/x509/by_dir.c',
                 'crypto/openssl/crypto/x509/x509_cmp.c',
-                'crypto/openssl/crypto/x509/x509spki.c',
-                'crypto/openssl/crypto/x509/x509_def.c',
-                'crypto/openssl/crypto/x509/x509_d2.c',
-                'crypto/openssl/crypto/x509/x509_req.c',
                 'crypto/openssl/crypto/x509/x509cset.c',
+                'crypto/openssl/crypto/x509/x509_d2.c',
+                'crypto/openssl/crypto/x509/x509_def.c',
+                'crypto/openssl/crypto/x509/x509_err.c',
+                'crypto/openssl/crypto/x509/x509_ext.c',
+                'crypto/openssl/crypto/x509/x509_lu.c',
+                'crypto/openssl/crypto/x509/x509_meth.c',
                 'crypto/openssl/crypto/x509/x509name.c',
-                'crypto/openssl/crypto/threads/th-lock.c',
-                'crypto/openssl/crypto/threads/mttest.c',
-                'crypto/openssl/crypto/seed/seed_cfb.c',
-                'crypto/openssl/crypto/seed/seed_cbc.c',
-                'crypto/openssl/crypto/seed/seed.c',
-                'crypto/openssl/crypto/seed/seed_ecb.c',
-                'crypto/openssl/crypto/seed/seed_ofb.c',
-                'crypto/openssl/crypto/objects/obj_err.c',
-                'crypto/openssl/crypto/objects/o_names.c',
-                'crypto/openssl/crypto/objects/obj_dat.c',
-                'crypto/openssl/crypto/objects/obj_xref.c',
-                'crypto/openssl/crypto/objects/obj_lib.c',
-                'crypto/openssl/crypto/ts/ts_asn1.c',
-                'crypto/openssl/crypto/ts/ts_req_print.c',
-                'crypto/openssl/crypto/ts/ts_rsp_print.c',
-                'crypto/openssl/crypto/ts/ts_rsp_sign.c',
-                'crypto/openssl/crypto/ts/ts_conf.c',
-                'crypto/openssl/crypto/ts/ts_rsp_verify.c',
-                'crypto/openssl/crypto/ts/ts_req_utils.c',
-                'crypto/openssl/crypto/ts/ts_rsp_utils.c',
-                'crypto/openssl/crypto/ts/ts_err.c',
-                'crypto/openssl/crypto/ts/ts_verify_ctx.c',
-                'crypto/openssl/crypto/ts/ts_lib.c',
-                'crypto/openssl/crypto/mdc2/mdc2dgst.c',
-                'crypto/openssl/crypto/mdc2/mdc2_one.c',
-                'crypto/openssl/crypto/mdc2/mdc2test.c',
-                'crypto/openssl/crypto/pqueue/pqueue.c',
-                'crypto/openssl/crypto/pqueue/pq_test.c',
-                'crypto/openssl/crypto/buffer/buf_str.c',
-                'crypto/openssl/crypto/buffer/buffer.c',
-                'crypto/openssl/crypto/buffer/buf_err.c',
-                'crypto/openssl/crypto/o_fips.c',
-                'crypto/openssl/crypto/mem_clr.c',
-                'crypto/openssl/crypto/cast/c_skey.c',
-                'crypto/openssl/crypto/cast/c_ecb.c',
-                'crypto/openssl/crypto/cast/cast_spd.c',
-                'crypto/openssl/crypto/cast/c_ofb64.c',
-                'crypto/openssl/crypto/cast/c_cfb64.c',
-                'crypto/openssl/crypto/cast/c_enc.c',
-                'crypto/openssl/crypto/cast/castopts.c',
-                'crypto/openssl/crypto/cast/casttest.c',
-                'crypto/openssl/crypto/rsa/rsa_gen.c',
-                'crypto/openssl/crypto/rsa/rsa_none.c',
-                'crypto/openssl/crypto/rsa/rsa_ameth.c',
-                'crypto/openssl/crypto/rsa/rsa_crpt.c',
-                'crypto/openssl/crypto/rsa/rsa_pss.c',
-                'crypto/openssl/crypto/rsa/rsa_pmeth.c',
-                'crypto/openssl/crypto/rsa/rsa_sign.c',
-                'crypto/openssl/crypto/rsa/rsa_eay.c',
-                'crypto/openssl/crypto/rsa/rsa_oaep.c',
-                'crypto/openssl/crypto/rsa/rsa_saos.c',
-                'crypto/openssl/crypto/rsa/rsa_pk1.c',
-                'crypto/openssl/crypto/rsa/rsa_asn1.c',
-                'crypto/openssl/crypto/rsa/rsa_depr.c',
-                'crypto/openssl/crypto/rsa/rsa_err.c',
-                'crypto/openssl/crypto/rsa/rsa_prn.c',
-                'crypto/openssl/crypto/rsa/rsa_test.c',
-                'crypto/openssl/crypto/rsa/rsa_lib.c',
-                'crypto/openssl/crypto/rsa/rsa_chk.c',
-                'crypto/openssl/crypto/rsa/rsa_x931.c',
-                'crypto/openssl/crypto/rsa/rsa_null.c',
-                'crypto/openssl/crypto/rsa/rsa_ssl.c',
-                'crypto/openssl/crypto/o_dir_test.c',
-                'crypto/openssl/crypto/sparcv9cap.c',
-                'crypto/openssl/crypto/whrlpool/wp_dgst.c',
-                'crypto/openssl/crypto/whrlpool/wp_block.c',
-                'crypto/openssl/crypto/whrlpool/wp_test.c',
-                'crypto/openssl/crypto/asn1/f_string.c',
-                'crypto/openssl/crypto/asn1/t_req.c',
-                'crypto/openssl/crypto/asn1/x_long.c',
-                'crypto/openssl/crypto/asn1/tasn_utl.c',
-                'crypto/openssl/crypto/asn1/p5_pbev2.c',
-                'crypto/openssl/crypto/asn1/a_time.c',
-                'crypto/openssl/crypto/asn1/t_crl.c',
-                'crypto/openssl/crypto/asn1/p5_pbe.c',
-                'crypto/openssl/crypto/asn1/asn1_gen.c',
-                'crypto/openssl/crypto/asn1/t_x509.c',
-                'crypto/openssl/crypto/asn1/x_bignum.c',
-                'crypto/openssl/crypto/asn1/x_attrib.c',
-                'crypto/openssl/crypto/asn1/x_x509.c',
-                'crypto/openssl/crypto/asn1/x_spki.c',
-                'crypto/openssl/crypto/asn1/x_nx509.c',
-                'crypto/openssl/crypto/asn1/tasn_prn.c',
-                'crypto/openssl/crypto/asn1/x_pkey.c',
-                'crypto/openssl/crypto/asn1/x_algor.c',
-                'crypto/openssl/crypto/asn1/x_sig.c',
-                'crypto/openssl/crypto/asn1/a_i2d_fp.c',
-                'crypto/openssl/crypto/asn1/x_exten.c',
-                'crypto/openssl/crypto/asn1/bio_asn1.c',
-                'crypto/openssl/crypto/asn1/n_pkey.c',
-                'crypto/openssl/crypto/asn1/asn1_par.c',
-                'crypto/openssl/crypto/asn1/p8_pkey.c',
-                'crypto/openssl/crypto/asn1/t_x509a.c',
-                'crypto/openssl/crypto/asn1/x_x509a.c',
-                'crypto/openssl/crypto/asn1/bio_ndef.c',
-                'crypto/openssl/crypto/asn1/a_strnid.c',
-                'crypto/openssl/crypto/asn1/x_pubkey.c',
-                'crypto/openssl/crypto/asn1/x_name.c',
-                'crypto/openssl/crypto/asn1/tasn_dec.c',
-                'crypto/openssl/crypto/asn1/f_enum.c',
-                'crypto/openssl/crypto/asn1/t_spki.c',
-                'crypto/openssl/crypto/asn1/d2i_pu.c',
-                'crypto/openssl/crypto/asn1/a_sign.c',
-                'crypto/openssl/crypto/asn1/a_bitstr.c',
-                'crypto/openssl/crypto/asn1/a_set.c',
-                'crypto/openssl/crypto/asn1/a_mbstr.c',
-                'crypto/openssl/crypto/asn1/x_info.c',
-                'crypto/openssl/crypto/asn1/asn_moid.c',
-                'crypto/openssl/crypto/asn1/tasn_typ.c',
-                'crypto/openssl/crypto/asn1/a_octet.c',
-                'crypto/openssl/crypto/asn1/a_digest.c',
-                'crypto/openssl/crypto/asn1/t_pkey.c',
-                'crypto/openssl/crypto/asn1/x_crl.c',
-                'crypto/openssl/crypto/asn1/i2d_pr.c',
-                'crypto/openssl/crypto/asn1/a_gentm.c',
-                'crypto/openssl/crypto/asn1/x_req.c',
-                'crypto/openssl/crypto/asn1/d2i_pr.c',
-                'crypto/openssl/crypto/asn1/nsseq.c',
-                'crypto/openssl/crypto/asn1/a_enum.c',
-                'crypto/openssl/crypto/asn1/a_bool.c',
-                'crypto/openssl/crypto/asn1/a_d2i_fp.c',
-                'crypto/openssl/crypto/asn1/tasn_enc.c',
-                'crypto/openssl/crypto/asn1/a_type.c',
-                'crypto/openssl/crypto/asn1/t_bitst.c',
-                'crypto/openssl/crypto/asn1/asn1_lib.c',
-                'crypto/openssl/crypto/asn1/a_dup.c',
-                'crypto/openssl/crypto/asn1/a_int.c',
-                'crypto/openssl/crypto/asn1/a_object.c',
-                'crypto/openssl/crypto/asn1/i2d_pu.c',
-                'crypto/openssl/crypto/asn1/a_print.c',
-                'crypto/openssl/crypto/asn1/x_val.c',
-                'crypto/openssl/crypto/asn1/a_utctm.c',
-                'crypto/openssl/crypto/asn1/a_utf8.c',
-                'crypto/openssl/crypto/asn1/f_int.c',
-                'crypto/openssl/crypto/asn1/ameth_lib.c',
-                'crypto/openssl/crypto/asn1/asn_pack.c',
-                'crypto/openssl/crypto/asn1/a_bytes.c',
-                'crypto/openssl/crypto/asn1/asn_mime.c',
-                'crypto/openssl/crypto/asn1/a_verify.c',
-                'crypto/openssl/crypto/asn1/evp_asn1.c',
-                'crypto/openssl/crypto/asn1/a_strex.c',
-                'crypto/openssl/crypto/asn1/tasn_new.c',
-                'crypto/openssl/crypto/asn1/asn1_err.c',
-                'crypto/openssl/crypto/asn1/tasn_fre.c',
-                'crypto/openssl/crypto/ec/ecp_smpl.c',
-                'crypto/openssl/crypto/ec/ec2_mult.c',
-                'crypto/openssl/crypto/ec/ecp_nistz256.c',
-                'crypto/openssl/crypto/ec/ecp_nistp521.c',
-                'crypto/openssl/crypto/ec/ec2_smpl.c',
-                'crypto/openssl/crypto/ec/ec_key.c',
-                'crypto/openssl/crypto/ec/ec_cvt.c',
-                'crypto/openssl/crypto/ec/ecp_nist.c',
-                'crypto/openssl/crypto/ec/ec2_oct.c',
-                'crypto/openssl/crypto/ec/ec_ameth.c',
-                'crypto/openssl/crypto/ec/ec_pmeth.c',
-                'crypto/openssl/crypto/ec/ec_oct.c',
-                'crypto/openssl/crypto/ec/ec_err.c',
-                'crypto/openssl/crypto/ec/ec_print.c',
-                'crypto/openssl/crypto/ec/ecp_oct.c',
-                'crypto/openssl/crypto/ec/ec_check.c',
-                'crypto/openssl/crypto/ec/ecp_nistp224.c',
-                'crypto/openssl/crypto/ec/eck_prn.c',
-                'crypto/openssl/crypto/ec/ec_mult.c',
-                'crypto/openssl/crypto/ec/ecp_mont.c',
-                'crypto/openssl/crypto/ec/ec_curve.c',
-                'crypto/openssl/crypto/ec/ecp_nistputil.c',
-                'crypto/openssl/crypto/ec/ectest.c',
-                'crypto/openssl/crypto/ec/ec_asn1.c',
-                'crypto/openssl/crypto/ec/ecp_nistp256.c',
-                'crypto/openssl/crypto/ec/ec_lib.c',
-                'crypto/openssl/crypto/conf/conf_sap.c',
-                'crypto/openssl/crypto/conf/conf_api.c',
-                'crypto/openssl/crypto/conf/conf_err.c',
-                'crypto/openssl/crypto/conf/conf_mall.c',
-                'crypto/openssl/crypto/conf/conf_lib.c',
-                'crypto/openssl/crypto/conf/conf_def.c',
-                'crypto/openssl/crypto/conf/conf_mod.c',
-                'crypto/openssl/crypto/lhash/lhash.c',
-                'crypto/openssl/crypto/cversion.c',
-                'crypto/openssl/crypto/o_str.c',
+                'crypto/openssl/crypto/x509/x509_obj.c',
+                'crypto/openssl/crypto/x509/x509_r2x.c',
+                'crypto/openssl/crypto/x509/x509_req.c',
+                'crypto/openssl/crypto/x509/x509rset.c',
+                'crypto/openssl/crypto/x509/x509_set.c',
+                'crypto/openssl/crypto/x509/x509spki.c',
+                'crypto/openssl/crypto/x509/x509_trs.c',
+                'crypto/openssl/crypto/x509/x509_txt.c',
+                'crypto/openssl/crypto/x509/x509type.c',
+                'crypto/openssl/crypto/x509/x509_v3.c',
+                'crypto/openssl/crypto/x509/x509_vfy.c',
+                'crypto/openssl/crypto/x509/x509_vpm.c',
+                'crypto/openssl/crypto/x509/x_all.c',
+                'crypto/openssl/crypto/x509/x_attrib.c',
+                'crypto/openssl/crypto/x509/x_crl.c',
+                'crypto/openssl/crypto/x509/x_exten.c',
+                'crypto/openssl/crypto/x509/x_name.c',
+                'crypto/openssl/crypto/x509/x_pubkey.c',
+                'crypto/openssl/crypto/x509/x_req.c',
+                'crypto/openssl/crypto/x509/x_x509a.c',
+                'crypto/openssl/crypto/x509/x_x509.c',
+                'crypto/openssl/engines/e_afalg_err.c',
+                'crypto/openssl/engines/e_capi.c',
+                'crypto/openssl/engines/e_capi_err.c',
+                'crypto/openssl/engines/e_dasync.c',
+                'crypto/openssl/engines/e_dasync_err.c',
+                'crypto/openssl/engines/e_ossltest.c',
+                'crypto/openssl/engines/e_ossltest_err.c',
+                'crypto/openssl/engines/e_padlock.c',
+                'crypto/openssl/ssl/bio_ssl.c',
+                'crypto/openssl/ssl/d1_lib.c',
+                'crypto/openssl/ssl/d1_msg.c',
+                'crypto/openssl/ssl/d1_srtp.c',
+                'crypto/openssl/ssl/methods.c',
+                'crypto/openssl/ssl/packet.c',
+                'crypto/openssl/ssl/pqueue.c',
+                'crypto/openssl/ssl/record/dtls1_bitmap.c',
+                'crypto/openssl/ssl/record/rec_layer_d1.c',
+                'crypto/openssl/ssl/record/rec_layer_s3.c',
+                'crypto/openssl/ssl/record/ssl3_buffer.c',
+                'crypto/openssl/ssl/record/ssl3_record.c',
+                'crypto/openssl/ssl/record/ssl3_record_tls13.c',
+                'crypto/openssl/ssl/s3_cbc.c',
+                'crypto/openssl/ssl/s3_enc.c',
+                'crypto/openssl/ssl/s3_lib.c',
+                'crypto/openssl/ssl/s3_msg.c',
+                'crypto/openssl/ssl/ssl_asn1.c',
+                'crypto/openssl/ssl/ssl_cert.c',
+                'crypto/openssl/ssl/ssl_ciph.c',
+                'crypto/openssl/ssl/ssl_conf.c',
+                'crypto/openssl/ssl/ssl_err.c',
+                'crypto/openssl/ssl/ssl_init.c',
+                'crypto/openssl/ssl/ssl_lib.c',
+                'crypto/openssl/ssl/ssl_mcnf.c',
+                'crypto/openssl/ssl/ssl_rsa.c',
+                'crypto/openssl/ssl/ssl_sess.c',
+                'crypto/openssl/ssl/ssl_stat.c',
+                'crypto/openssl/ssl/ssl_txt.c',
+                'crypto/openssl/ssl/ssl_utst.c',
+                'crypto/openssl/ssl/statem/extensions.c',
+                'crypto/openssl/ssl/statem/extensions_clnt.c',
+                'crypto/openssl/ssl/statem/extensions_cust.c',
+                'crypto/openssl/ssl/statem/extensions_srvr.c',
+                'crypto/openssl/ssl/statem/statem.c',
+                'crypto/openssl/ssl/statem/statem_clnt.c',
+                'crypto/openssl/ssl/statem/statem_dtls.c',
+                'crypto/openssl/ssl/statem/statem_lib.c',
+                'crypto/openssl/ssl/statem/statem_srvr.c',
+                'crypto/openssl/ssl/t1_enc.c',
+                'crypto/openssl/ssl/t1_lib.c',
+                'crypto/openssl/ssl/t1_trce.c',
+                'crypto/openssl/ssl/tls13_enc.c',
+                'crypto/openssl/ssl/tls_srp.c',
             ],
-            mm.generator['source'](['-DOPENSSL_NO_EC_NISTP_64_GCC_128=1',
+            mm.generator['source'](['-DNO_WINDOWS_BRAINDEATH=1',
+                                    '-DOPENSSLDIR="\\"/etc/ssl\\""',
+                                    '-DOPENSSL_DISABLE_OLD_DES_SUPPORT=1',
+                                    '-DOPENSSL_NO_DSO=1',
+                                    '-DOPENSSL_NO_EC_NISTP_64_GCC_128=1',
                                     '-DOPENSSL_NO_GMP=1',
                                     '-DOPENSSL_NO_JPAKE=1',
                                     '-DOPENSSL_NO_LIBUNBOUND=1',
@@ -3953,19 +3917,17 @@ class crypto_openssl(builder.Module):
                                     '-DOPENSSL_NO_RC5=1',
                                     '-DOPENSSL_NO_RFC3779=1',
                                     '-DOPENSSL_NO_SCTP=1',
-                                    '-DOPENSSL_NO_SSL_TRACE=1',
                                     '-DOPENSSL_NO_SSL2=1',
+                                    '-DOPENSSL_NO_SSL_TRACE=1',
                                     '-DOPENSSL_NO_STORE=1',
                                     '-DOPENSSL_NO_UNIT_TEST=1',
-                                    '-DOPENSSL_NO_WEAK_SSL_CIPHERS=1',
-                                    '-DNO_WINDOWS_BRAINDEATH=1',
-                                    '-DOPENSSL_DISABLE_OLD_DES_SUPPORT=1'],
-                                   ['freebsd/crypto',
-                                    'freebsd/crypto/openssl',
-                                    'freebsd/crypto/openssl/crypto',
-                                    'freebsd/crypto/openssl/crypto/evp',
-                                    'freebsd/crypto/openssl/crypto/asn1',
-                                    'freebsd/crypto/openssl/crypto/modes'])
+                                    '-DOPENSSL_NO_WEAK_SSL_CIPHERS=1'],
+                                   ['freebsd/crypto/openssl',
+                                    'freebsd/crypto/openssl/crypto/modes',
+                                    'freebsd/crypto/openssl/include',
+                                    'freebsd/crypto/openssl/crypto/include',
+                                    'freebsd/crypto/openssl/crypto/ec/curve448',
+                                    'freebsd/crypto/openssl/crypto/ec/curve448/arch_32'])
         )
         self.addFile(mm.generator['file']('crypto/openssl/crypto/LPdir_unix.c',
                                           mm.generator['freebsd-path'](),
diff --git a/rtemsbsd/include/rtems/bsd/local/usbdevs.h b/rtemsbsd/include/rtems/bsd/local/usbdevs.h
index ce48f040..355aff78 100644
--- a/rtemsbsd/include/rtems/bsd/local/usbdevs.h
+++ b/rtemsbsd/include/rtems/bsd/local/usbdevs.h
@@ -2767,6 +2767,8 @@
 #define	USB_PRODUCT_LENOVO_GIGALAN	0x304b		/* USB 3.0 Ethernet */
 #define	USB_PRODUCT_LENOVO_ETHERNET	0x7203		/* USB 2.0 Ethernet */
 #define	USB_PRODUCT_LENOVO_RTL8153	0x7205		/* USB 3.0 Ethernet */
+#define	USB_PRODUCT_LENOVO_TBT3LAN	0x3069		/* LAN port in Thinkpad TB3 dock */
+#define	USB_PRODUCT_LENOVO_USBCLAN	0x3062		/* LAN port in Thinkpad USB-C dock */
 
 /* Lexar products */
 #define	USB_PRODUCT_LEXAR_JUMPSHOT	0x0001		/* jumpSHOT CompactFlash Reader */
diff --git a/rtemsbsd/include/rtems/bsd/local/usbdevs_data.h b/rtemsbsd/include/rtems/bsd/local/usbdevs_data.h
index 6317c2d1..bd86ed5c 100644
--- a/rtemsbsd/include/rtems/bsd/local/usbdevs_data.h
+++ b/rtemsbsd/include/rtems/bsd/local/usbdevs_data.h
@@ -8762,6 +8762,18 @@ const struct usb_knowndev usb_knowndevs[] = {
 	    "USB 3.0 Ethernet",
 	},
 	{
+	    USB_VENDOR_LENOVO, USB_PRODUCT_LENOVO_TBT3LAN,
+	    0,
+	    "Lenovo",
+	    "LAN port in Thinkpad TB3 dock",
+	},
+	{
+	    USB_VENDOR_LENOVO, USB_PRODUCT_LENOVO_USBCLAN,
+	    0,
+	    "Lenovo",
+	    "LAN port in Thinkpad USB-C dock",
+	},
+	{
 	    USB_VENDOR_LEXAR, USB_PRODUCT_LEXAR_JUMPSHOT,
 	    0,
 	    "Lexar Media",
diff --git a/rtemsbsd/include/vm/vm_pagequeue.h b/rtemsbsd/include/vm/vm_pagequeue.h
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/rtemsbsd/include/vm/vm_pagequeue.h